1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-16 03:47:03 +00:00
Commit Graph

4 Commits

Author SHA1 Message Date
Ross Burton 0451adb82e inetutils: remove obsolete cruft from do_configure
glob/ doesn't exist and the other files are copied by autotools.bbclass

(From OE-Core rev: edfd456dee40dcd6a65545c60a6ace50aa52f65f)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f11fac5430c1308347f673c6e1fb6c5b2c7ff9c0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-10-04 05:21:28 -10:00
Ross Burton c559b2cc36 inetutils: don't guess target paths
inetutils guesses a lot of target paths in cross builds, and warns that
some of them are known to be wrong (for example, whether /proc/net/dev
exists is guessed as 'no').

Add a post-configure function to check for these warnings, and pass
--with-path-* as appropriate to set the paths explicitly.

This means we can remove the patch which was setting PATH_PROCNET_DEV,
and the autoconf cache value inetutils_cv_path_login.

The downside is that these --with-path-* options are not real autoconf
options, so the "unknown options" warning is emitted.  Losing those is
an acceptable compromise, so disable it.

Musl doesn't implement utmp and has stub defines for _PATH_UTMP but not
_PATH_UTMPX, so we need to set the X variants explicitly.

(From OE-Core rev: 86b88aaec534c3da74de6127198c57521977bd10)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91179f89db127063dbdf998e15d63e04d6be53f7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-10-04 05:21:28 -10:00
Yogita Urade cccf6723f3 inetutils: fix CVE-2023-40303
GNU inetutils through 2.4 may allow privilege escalation because
of unchecked return values of set*id() family functions in ftpd,
rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant
if the setuid system call fails when a process is trying to drop
privileges before letting an ordinary user control the activities
of the process.

Refernces:
https://nvd.nist.gov/vuln/detail/CVE-2023-40303

(From OE-Core rev: b8e2dad0650b8a80e3d85e6d87fda1a0e2fb195f)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-09-04 04:13:24 -10:00
Wang Mingyu f42c3d428d inetutils: upgrade 2.3 -> 2.4
CVE-2022-39028.patch
removed since it's included in 2.4

Changelog:
==========
ifconfig
------------
Support specifying prefix netmask lengths in -A.
Hurd: tell pfinet translator interfaces to configure

ftp
----------
Avoid crash caused by signed integer overflow resulting in out-of-bounds buffer access.
Avoid crash caused by heap buffer overflow.
Avoid crash caused by NULL pointer dereference.
Avoid crash caused by infinite macro recursion.

telnetd
-----------
Avoid crash on 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL).  CVE-2022-39028

telnet
-----------
Fix a buffer overflow problem.  CVE-2019-0053

tftp
-----------
Avoid crashing when given unexpected or invalid commands from tty.
Various bugs fixes, internal improvements and clean ups.

(From OE-Core rev: fec6ec179b97b768d32fbd782338450edc1a5344)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-07 14:32:42 +00:00