A vulnerability was discovered in Samba, where the flaw allows SMB clients to
truncate files, even with read-only permissions when the Samba VFS module
"acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB
protocol allows opening files when the client requests read-only access but
then implicitly truncates the opened file to 0 bytes if the client specifies
a separate OVERWRITE create disposition request. The issue arises in configurations
that bypass kernel file system permissions checks, relying solely on Samba's permissions.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4091
Fix is patched to the function call smbd_check_access_rights_fsp() of open_file(),
But in samba_4.14.14 smbd_check_access_rights() is used, from samba_4.15.0 onwards
smbd_check_access_rights() was replaced with smbd_check_access_rights_fsp() and
samba_4.14.14 is still vulnerable through smbd_check_access_rights().
Ref:
https://github.com/samba-team/samba/commit/3f61369d153419158c0f223e6f81c0bb07275833https://github.com/samba-team/samba/commit/26dc10bdb2cff3eece4a2874931b4058f9f87d68
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1b332f2ef)
Backport: Adapted modified recipes to the ones generating warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
A flaw was found in open-vm-tools. This flaw allows a malicious actor that
has been granted Guest Operation Privileges in a target virtual machine to
elevate their privileges if that target virtual machine has been assigned
a more privileged Guest Alias.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-34058
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
[minor fixup]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites
* Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH
* Includes aesce compilation fixes
Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
The extra patch fixes x86 32-bit builds.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
As mbedtls installs this rather generically-named /usr/bin/hello binary,
it conflicts with the one provided by lmbench, hence set it up as an
alternative to avoid conflicts when both are installed to rootfs or SDK.
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add two patches from Debian, pull requests proposed upstream as 2894 and 2895
to make it start only when board is online, and to fix dynamic websockets link failure
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
A fully compromised ESXi host can force VMware Tools to
fail to authenticate host-to-guest operations, impacting
the confidentiality and integrity of the guest virtual machine.
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol,
Samba discloses the server-side absolute path of shares, files, and directories in the
results for search queries. This flaw allows a malicious client or an attacker with a
targeted RPC request to view the information that is part of the disclosed path.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
==========
Source code:
----------------
Fix spaces before tabs in indentation.
Updated printers:
-----------------
LSP ping: Fix "Unused value" warnings from Coverity.
CVE-2023-1801: Fix an out-of-bounds write in the SMB printer.
DNS: sync resource types with IANA.
ICMPv6: Update the output to show a RPL DAO field name.
Geneve: Fix the Geneve UDP port test.
Building and testing:
----------------------
Require at least autoconf 2.69.
Don't check for strftime(), as it's in C90 and beyond.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Documentation:
-------------
man: Document TCP flag names better.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2e782260d0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
==========
Updated printers:
PTP: Use the proper values for the control field and print un-allocated
values for the message field as "Reserved" instead of "none".
Source code:
smbutil.c: Replace obsolete function call (asctime)
Building and testing:
cmake: Update the minimum required version to 2.8.12 (except Windows).
CI: Introduce and use TCPDUMP_CMAKE_TAINTED.
Makefile.in: Add the releasecheck target.
Makefile.in: Add "make -s install" in the releasecheck target.
Cirrus CI: Run the "make releasecheck" command in the Linux task.
Makefile.in: Add the whitespacecheck target.
Cirrus CI: Run the "make whitespacecheck" command in the Linux task.
Address all shellcheck warnings in update-test.sh.
Makefile.in: Get rid of a remain of gnuc.h.
Documentation:
Reformat the installation notes (INSTALL.txt) in Markdown.
Convert CONTRIBUTING to Markdown.
CONTRIBUTING.md: Document the use of "protocol: " in a commit summary.
Add a README file for NetBSD.
Fix CMake build to set man page section numbers in tcpdump.1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dab75037cc)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
==========
Updated printers:
-----------------
BGP: Update cease notification decoding to RFC 9003.
BGP: decode BGP link-bandwidth extended community properly.
BGP: Fix parsing the AIGP attribute
BGP: make sure the path attributes don't go past the end of the packet.
BGP: Shutdown message can be up to 255 bytes length according to rfc9003
DSA: correctly determine VID.
EAP: fix some length checks and output issues.
802.11: Fix the misleading comment regarding "From DS", "To DS" Frame Control Flags.
802.11: Fetch the CF and TIM IEs a field at a time.
802.15.4, BGP, LISP: fix some length checks, compiler warnings,
and undefined behavior warnings.
PFLOG: handle LINKTYPE_PFLOG/DLT_PFLOG files from all OSes on all OSes.
RRCP: support more Realtek protocols than just RRCP.
MPLS: show the EXP field as TC, as per RFC 5462.
ICMP: redo MPLS Extension code as general ICMP Extension code.
VQP: Do not print unknown error codes twice.
Juniper: Add some bounds checks.
Juniper: Don't treat known DLT_ types as "Unknown".
lwres: Fix a length check, update a variable type.
EAP: Fix some undefined behaviors at runtime.
Ethernet: Rework the length checks, add a length check.
IPX: Add two length checks.
Zephyr: Avoid printing non-ASCII characters.
VRRP: Print the protocol name before any GET_().
DCCP: Get rid of trailing commas in lists.
Juniper: Report invalid packets as invalid, not truncated.
IPv6: Remove an obsolete code in an always-false #if wrapper.
ISAKMP: Use GET_U_1() to replace a direct dereference.
RADIUS: Use GET_U_1() to replace a direct dereference.
TCP: Fix an invalid check.
RESP: Fix an invalid check.
RESP: Remove an unnecessary test.
Arista: Refine the output format and print HwInfo.
sFlow: add support for IPv6 agent, add a length check.
VRRP: add support for IPv6.
OSPF: Update to match the Router Properties registry.
OSPF: Remove two unnecessary dereferences.
OSPF: Add support bit Nt RFC3101.
OSPFv3: Remove two unnecessary dereferences.
ICMPv6: Fix output for Router Renumbering messages.
ICMPv6: Fix the Node Information flags.
ICMPv6: Remove an unused macro and extra blank lines.
ICMPv6: Add a length check in the rpl_dio_print() function.
ICMPv6: Use GET_IP6ADDR_STRING() in the rpl_dio_print() function.
IPv6: Add some checks for the Hop-by-Hop Options header
IPv6: Add a check for the Jumbo Payload Hop-by-Hop option.
NFS: Fix the format for printing an unsigned int
PTP: fix printing of the correction fields
PTP: Use ND_LCHECK_U for checking invalid length.
WHOIS: Add its own printer source file and printer function
MPTCP: print length before subtype inside MPTCP options
ESP: Add a workaround to a "use-of-uninitialized-value".
PPP: Add tests to avoid incorrectly re-entering ppp_hdlc().
PPP: Don't process further if protocol is unknown (-e option).
PPP: Change the pointer to packet data.
ZEP: Add three length checks.
Add some const qualifiers.
Building and testing:
----------------------
Update config.guess and config.sub.
Use AS_HELP_STRING macro instead of AC_HELP_STRING.
Handle some Autoconf/make errors better.
Fix an error when cross-compiling.
Use "git archive" for the "make releasetar" process.
Remove the release candidate rcX targets.
Mend "make check" on Solaris 9 with Autoconf.
Address assorted compiler warnings.
Fix auto-enabling of Capsicum on FreeBSD with Autoconf.
Treat "msys" as Windows for test exit statuses.
Clean up some help messages in configure.
Use unified diff by default.
Remove awk code from mkdep.
Fix configure test errors with Clang 15
CMake: Prevent stripping of the RPATH on installation.
AppVeyor CI: update Npcap site, update to 1.12 SDK.
Cirrus CI: Use the same configuration as for the main branch.
CI: Add back running tcpdump -J/-L and capture, now with Cirrus VMs.
Remove four test files (They are now in the libpcap tests directory).
On Solaris, for 64-bit builds, use the 64-bit pcap-config.
Tell CMake not to check for a C++ compiler.
CMake: Add a way to request -Werror and equivalents.
configure: Special-case macOS /usr/bin/pcap-config as we do in CMake.
configure: Use pcap-config --static-pcap-only if available.
configure: Use ac_c_werror_flag to force unknown compiler flags to fail.
configure: Use AC_COMPILE_IFELSE() and AC_LANG_SOURCE() for testing flags.
Run the test that fails on OpenBSD only if we're not on OpenBSD.
Source code:
-------------
Fix some snapend-changing routines to protect against pointer underflow.
Use __func__ from C99 in some function calls.
Memory allocator: Update nd_add_alloc_list() to a static function.
addrtoname.c: Fix two invalid tests.
Use more S_SUCCESS and S_ERR_HOST_PROGRAM in main().
Add some comments about "don't use GET_IP6ADDR_STRING()".
Assign ndo->ndo_packetp in pretty_print_packet().
Add ND_LCHECKMSG_U, ND_LCHECK_U, ND_LCHECKMSG_ZU and ND_LCHECK_ZU macros.
Update tok2strbuf() to a static function.
netdissect.h: Keep the link-layer dissectors names sorted.
setsignal(): Set SA_RESTART on non-lethal signals (REQ_INFO, FLUSH_PCAP)
to avoid corrupting binary pcap output.
Use __builtin_unreachable().
Fail if nd_push_buffer() or nd_push_snaplen() fails.
Improve code style and fix many typos.
Documentation:
---------------
Some man page cleanups.
Update the print interface for the packet count to stdout.
Note that we require compilers to support at least some of C99.
Update AIX and Solaris-related specifics.
INSTALL.txt: Add doc/README.*, delete the deleted win32 directory.
Update README.md and README.Win32.md.
Update some comments with new RFC numbers.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 68db0a3880)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The usage of nobranch=1 in SRC_URI allows using unprotected branches.
This change updates the real branch name in place of nobranch=1 for these components.
Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
spice depends on spice-protocol, when IMAGE_INSTALL contains spice,
do_populate_sdk fails with the following error:
Error:
Problem: package libspice-server-dev-0.14.2+git0+7cbd70b931_4fc4c2db36-r0.core2_64 requires spice-protocol-dev, but none of the providers can be installed
- conflicting requests
- nothing provides spice-protocol = 0.14.4-r0 needed by spice-protocol-dev-0.14.4-r0.core2_64
(try to add '--skip-broken' to skip uninstallable packages)
For spice-protocol, it's a development package and all things are in
the dev package, so set ALLOW_EMPTY to fix the above error.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This patch fixes warnings when useradd-staticids.bbclass is used and
USERADD_PARAM is used to add the user to a group that has not been
explicitly created yet. By adding the GROUPADD_PARAM for the new group
being used the warnings for changing the gid from GID-OLD to GID-NEW
is eliminated.
Warnings fixed:
cyrus-sasl: Changing groupname mail's gid from (WXYZ) to (JKLM), verify configuration files!
radvd: Changing groupname nogroup's gid from (WXYZ) to (JKLM), verify configuration files!
Signed-off-by: JD Schroeder <sweng5080@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
For anyone else that wants to use the newer v3, there is
PREFERRED_VERSION.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Version 3.4.0 adds a lot of improvements and fixes (a notable one
being initial support for PKCS7 CMS), but since this is a pretty
big jump, let's keep both versions for a while, so the v2.x users
can upgrade to 3.x in a timely manner if needed.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This release contains bug fixes only.
The following CVEs have been addressed:
CVE-2023-27783
CVE-2023-27784
CVE-2023-27785
CVE-2023-27786
CVE-2023-27787
CVE-2023-27788
CVE-2023-27789
Changelog:
=========
dlt_jnpr_ether_cleanup: check subctx before cleanup by @Marsman1996 in #781
Bug #780 assert tcpedit dlt cleanup by @fklassen in #800
Fix bugs caused by strtok_r by @Marsman1996 in #783
Bug #782#784#785#786#787#788 strtok r isuses by @fklassen in #801
Update en10mb.c by @david-guti in #793
PR #793 ip6 unicast flood by @fklassen in #802
Bug #719 fix overflow check for parse_mpls() by @fklassen in #804
PR #793 - update tests for corrected IPv6 MAC by @fklassen in #805
PR #793 - update tests for vlandel by @fklassen in #806
Feature #773 gh actions ci by @fklassen in #807
Feature #759: Upgrade autogen/libopts to 5.18.16 by @fklassen in #760
Bug #751 don't exit after send error by @fklassen in #761
Bug #750: configure: libpcap version robustness by @fklassen in #764
Bug #749 flow stats: avoid overstating flow packet count by @fklassen in #765
Bug #750 more libpcap version updates by @fklassen in #766
Bug #767 tests: support for out-of-tree tests by @fklassen in #768
Bug #750 - fix macOS test failure by @fklassen in #770
4.4.3 by @fklassen in #769 and #771
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Archana Polampalli
vkumbhar
Narpat Mali
Richard Purdie
Beniamin Sandu
Yi Zhao
Denys Dmytriyenko
Martin Jansa
Gianfranco Costamagna
Wang Mingyu
Meenali Gupta
Armin Kuster
Hitendra Prajapati
Sourav Kumar Pramanik
Chen Qi
J.D. Schroeder
Peter Marko
Jonas Gorski