mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

frr: Security fix for CVE-2022-42917

Browse Source 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-42917
https://www.suse.com/de-de/security/cve/CVE-2022-42917.html
https://bugzilla.suse.com/show_bug.cgi?id=1204124

Patch from:
[1] https://github.com/FRRouting/frr/commit/5216a05b32390a64efeb598051411e1776042624
[2] https://github.com/FRRouting/frr/commit/6031b8a3224cde14fd1df6e60855310f97942ff9

Per [2], update frr.pam to eliminate the warning issued by pam:
vtysh[485]: pam_warn(frr:account): function=[pam_sm_acct_mgmt] flags=0
service=[frr] terminal=[<unknown>] user=[root] ruser=[<unknown>] rhost=[<unknown>]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Yi Zhao
2023-02-09 12:02:21 +08:00
committed by Armin Kuster
parent 5fdd2edebe
commit b19d7a311a
3 changed files with 39 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch
+36
View File
@@ -0,0 +1,36 @@
From 5216a05b32390a64efeb598051411e1776042624 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.com>
Date: Fri, 11 Nov 2022 12:26:04 +0100
Subject: [PATCH] tools: remove backslash from declare check regex
The backslash in `grep -q '^declare \-a'` is not needed and
causes `grep: warning: stray \ before -` warning in grep-3.8.
Signed-off-by: Marius Tomaschewski <mt@suse.com>
CVE: CVE-2022-42917
Upstream-Status: Backport
[https://github.com/FRRouting/frr/commit/5216a05b32390a64efeb598051411e1776042624]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
tools/frrcommon.sh.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in
index 61f1abb37..3c16c27c6 100755
--- a/tools/frrcommon.sh.in
+++ b/tools/frrcommon.sh.in
@@ -335,7 +335,7 @@ if [ -z "$FRR_PATHSPACE" ]; then
load_old_config "/etc/sysconfig/frr"
fi
-if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare \-a'; then
+if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare -a'; then
log_warning_msg "watchfrr_options contains a bash array value." \
"The configured value is intentionally ignored since it is likely wrong." \
"Please remove or fix the setting."
--
2.25.1
meta-networking/recipes-protocols/frr/frr/frr.pam
+2 -1
View File
@@ -1,10 +1,11 @@
#
# The PAM configuration file for the quagga `vtysh' service
# The PAM configuration file for the frr `vtysh' service
#
# This allows root to change user infomation without being
# prompted for a password
auth sufficient pam_rootok.so
account sufficient pam_rootok.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
meta-networking/recipes-protocols/frr/frr_8.2.2.bb
+1
View File
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \
file://CVE-2022-37035.patch \
file://CVE-2022-37032.patch \
file://CVE-2022-42917.patch \
file://frr.pam \
"