meta-openembedded

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00

Files

T

Archana Polampalli ad3dc46c87 samba: fix CVE-2023-4091

A vulnerability was discovered in Samba, where the flaw allows SMB clients to
truncate files, even with read-only permissions when the Samba VFS module
"acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB
protocol allows opening files when the client requests read-only access but
then implicitly truncates the opened file to 0 bytes if the client specifies
a separate OVERWRITE create disposition request. The issue arises in configurations
that bypass kernel file system permissions checks, relying solely on Samba's permissions.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4091

Fix is patched to the function call smbd_check_access_rights_fsp() of open_file(),
But in samba_4.14.14 smbd_check_access_rights() is used, from samba_4.15.0 onwards
smbd_check_access_rights() was replaced with smbd_check_access_rights_fsp() and
samba_4.14.14 is still vulnerable through smbd_check_access_rights().

Ref:
https://github.com/samba-team/samba/commit/3f61369d153419158c0f223e6f81c0bb07275833
https://github.com/samba-team/samba/commit/26dc10bdb2cff3eece4a2874931b4058f9f87d68

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2023-12-13 13:35:51 -05:00

classes

kernel_add_regdb: Change the task order

2023-01-19 08:28:48 -05:00

conf

layers: Bump to use kirkstone

2022-02-21 18:12:04 -08:00

files/waf-cross-answers

samba: upgrade 4.14.12 -> 4.14.13

2022-04-13 19:21:41 -07:00

licenses

meta-networking/licenses/netperf: remove unused license

2023-05-08 08:04:20 -04:00

recipes-connectivity

samba: fix CVE-2023-4091

2023-12-13 13:35:51 -05:00

recipes-core

All layers: Follow oe-core's variable name changes

2022-02-24 08:35:24 -08:00

recipes-daemons

Fix groupname gid change warning

2023-08-03 16:50:52 -04:00

recipes-devtools/python

meta-*: remove obsolete PYPA_WHEEL and PIP_INSTALL_PACKAGE assignments

2022-03-11 11:20:55 -08:00

recipes-extended

tgt: move from meta-openstack

2022-04-18 10:13:16 -07:00

recipes-filter

nftables: Fix missing leading whitespace with ':append'

2023-01-29 11:22:13 -05:00

recipes-irc

weechat: Define LIBDIR

2022-03-21 08:25:11 -07:00

recipes-kernel/wireguard

wireguard-tools: Add a new package for wg-quick

2022-09-15 08:23:14 -04:00

recipes-netkit

recipes: Use renamed SKIP_RECIPE varFlag

2022-02-21 18:12:04 -08:00

recipes-protocols

frr: Fix for multiple CVE's

2023-12-13 13:35:51 -05:00

recipes-support

meta-networking: Drop broken BBCLASSEXTEND variants

2023-11-17 10:48:54 -05:00

COPYING.MIT

meta-networking: add layer

2012-08-27 14:16:45 +02:00

MAINTAINERS

meta-openemnedded: Add myself as kirkstone maintainer

2022-04-23 17:14:31 -07:00

README

meta-openemnedded: Add myself as kirkstone maintainer

2022-04-23 17:14:31 -07:00

README

meta-networking
===============

This layer is intended to be a central point for networking-related
packages and configuration.  It should be useful directly on top of
oe-core and compliments meta-openembedded.  It should be primarily useful
to the following groups:

      - Anyone building a small networking device (eg. a home router /
        bridge / switch).

      - Anyone wanting to add network services to their device (eg.
        anything that might benefit from a small ftp/tftp server)

Dependencies
------------

This layer depends on:

URI: git://git.openembedded.org/openembedded-core
branch: kirkstone

For some recipes, the meta-oe layer is required:

URI: git://git.openembedded.org/meta-openembedded
subdirectory: meta-oe
branch: kirkstone

URI: git://git.openembedded.org/meta-openembedded
subdirectory: meta-python
branch: kirkstone

Maintenance
-----------
Layer maintainers: Armin Kuster <akuster808@gmail.com>


Please see the MAINTAINERS file for information on contacting the
maintainers of this layer, as well as instructions for submitting patches.