aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJonas Gorski <jonas.gorski@bisdn.de>2023-05-10 13:34:27 +0200
committerArmin Kuster <akuster808@gmail.com>2023-05-24 10:50:40 -0400
commit1116780c46f7223a9d022f6abfb6deb3c9d5ffe5 (patch)
tree755a678b3c5b1d7234c0b99c5b486c9558ac1f55
parentcbbaa82238cd60f08c9b9cb58dde59d5f9318c7b (diff)
downloadmeta-openembedded-contrib-stable/langdale-nut.tar.gz
frr: upgrade 8.3.1 -> 8.3.2stable/langdale-nut
Upgrade FRR 8.3 to latest maintenance tag 8.3.2 to include fixes for CVEs CVE-2022-40302, CVE-2022-40318 and CVE-2022-43681. Dropped 0001-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch as it is already included in the tag. References: https://cyberriskleaders.com/new-vulnerabilities-disclosed-in-frrouting-software/ Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat
-rw-r--r--meta-networking/recipes-protocols/frr/frr/0001-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch43
-rw-r--r--meta-networking/recipes-protocols/frr/frr_8.3.2.bb (renamed from meta-networking/recipes-protocols/frr/frr_8.3.1.bb)3
2 files changed, 1 insertions, 45 deletions
diff --git a/meta-networking/recipes-protocols/frr/frr/0001-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch b/meta-networking/recipes-protocols/frr/frr/0001-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch
deleted file mode 100644
index 52b39c1e86..0000000000
--- a/meta-networking/recipes-protocols/frr/frr/0001-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 066770ac1c69ee5b484bb82581b22ad0423b004d Mon Sep 17 00:00:00 2001
-From: Donald Sharp <sharpd@nvidia.com>
-Date: Thu, 21 Jul 2022 08:11:58 -0400
-Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is
- expected
-
-Ensure that if the capability length specified is enough data.
-
-Signed-off-by: Donald Sharp <sharpd@nvidia.com>
-(cherry picked from commit ff6db1027f8f36df657ff2e5ea167773752537ed)
-
-CVE: CVE-2022-37032
-
-Upstream-Status: Backport
-[https://github.com/FRRouting/frr/commit/066770ac1c69ee5b484bb82581b22ad0423b004d]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- bgpd/bgp_packet.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
-index 7613ccc7d..a5f065a15 100644
---- a/bgpd/bgp_packet.c
-+++ b/bgpd/bgp_packet.c
-@@ -2621,6 +2621,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
- "%s CAPABILITY has action: %d, code: %u, length %u",
- peer->host, action, hdr->code, hdr->length);
-
-+ if (hdr->length < sizeof(struct capability_mp_data)) {
-+ zlog_info(
-+ "%pBP Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d",
-+ peer, sizeof(struct capability_mp_data),
-+ hdr->length);
-+ return BGP_Stop;
-+ }
-+
- /* Capability length check. */
- if ((pnt + hdr->length + 3) > end) {
- zlog_info("%s Capability length error", peer->host);
---
-2.25.1
-
diff --git a/meta-networking/recipes-protocols/frr/frr_8.3.1.bb b/meta-networking/recipes-protocols/frr/frr_8.3.2.bb
index 1abea6345a..b8b645ec75 100644
--- a/meta-networking/recipes-protocols/frr/frr_8.3.1.bb
+++ b/meta-networking/recipes-protocols/frr/frr_8.3.2.bb
@@ -13,11 +13,10 @@ SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.3 \
file://0001-configure-Check-for-readline-function-instead-of-mai.patch \
file://0001-ospfd-Adding-SUPPORT_OSPF_API-define-in-ospf_spf.c.patch \
file://0001-bgpd-avoid-notify-race-between-io-and-main-pthreads.patch \
- file://0001-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch \
file://frr.pam \
"
-SRCREV = "a74f7a9ad9623e6f9654fe4a7177e5da0b194828"
+SRCREV = "e5bda76eb9d595e99f6c21ed0820a5eaf0ad584b"
S = "${WORKDIR}/git"
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-27 11:45:25 +0000