diff options
Diffstat (limited to 'meta-oe/recipes-connectivity/zabbix')
7 files changed, 1012 insertions, 0 deletions
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29449.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29449.patch new file mode 100644 index 0000000000..675d9e0f35 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29449.patch @@ -0,0 +1,247 @@ +From 240754ccee1b6b35ac47862be56dacec11e65b32 Mon Sep 17 00:00:00 2001 +From: Dmitrijs Goloscapovs <dmitrijs.goloscapovs@zabbix.com> +Date: Thu, 27 Jul 2023 11:23:54 +0000 +Subject: [PATCH] .......PS. [DEV-2387] added new limits for JS objects + +Merge in ZBX/zabbix from feature/DEV-2387-6.0 to release/6.0 + +* commit '16e5f15a70cfbf00c646cb92d1fcb8a362900285': + .......PS. [DEV-2387] removed logsize check based on json buffer + .......PS. [DEV-2387] removed logsize check based on json buffer + .......PS. [DEV-2387] fixed pr comments + .......PS. [DEV-2387] removed useless include + .......PS. [DEV-2387] added limits for logging and adding httprequest headers + .......PS. [DEV-2387] limited initialization of new HttpRequest objects + +CVE: CVE-2023-29449 + +Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/240754ccee1] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/libs/zbxembed/console.c | 23 ++++++++++++----------- + src/libs/zbxembed/embed.c | 1 + + src/libs/zbxembed/embed.h | 3 +++ + src/libs/zbxembed/httprequest.c | 28 ++++++++++++++++++++++++++++ + src/libs/zbxembed/zabbix.c | 23 ++++++++++++----------- + 5 files changed, 56 insertions(+), 22 deletions(-) + +diff --git a/src/libs/zbxembed/console.c b/src/libs/zbxembed/console.c +index c733487..60c48fc 100644 +--- a/src/libs/zbxembed/console.c ++++ b/src/libs/zbxembed/console.c +@@ -90,27 +90,28 @@ static duk_ret_t es_log_message(duk_context *ctx, int level) + else + msg_output = zbx_strdup(msg_output, "undefined"); + +- zabbix_log(level, "%s", msg_output); +- + duk_get_memory_functions(ctx, &out_funcs); + env = (zbx_es_env_t *)out_funcs.udata; + +- if (NULL == env->json) +- goto out; +- +- if (ZBX_ES_LOG_MEMORY_LIMIT < env->json->buffer_size) /* approximate limit */ ++ if (ZBX_ES_LOG_MEMORY_LIMIT < env->log_size) + { + err_index = duk_push_error_object(ctx, DUK_RET_EVAL_ERROR, "log exceeds the maximum size of " + ZBX_FS_UI64 " bytes.", ZBX_ES_LOG_MEMORY_LIMIT); + goto out; + } + +- zbx_json_addobject(env->json, NULL); +- zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level); +- zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time)); +- zbx_json_addstring(env->json, "message", msg_output, ZBX_JSON_TYPE_STRING); +- zbx_json_close(env->json); ++ zabbix_log(level, "%s", msg_output); ++ ++ if (NULL != env->json) ++ { ++ zbx_json_addobject(env->json, NULL); ++ zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level); ++ zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time)); ++ zbx_json_addstring(env->json, "message", msg_output, ZBX_JSON_TYPE_STRING); ++ zbx_json_close(env->json); ++ } + out: ++ env->log_size += strlen(msg_output); + zbx_free(msg_output); + + if (-1 != err_index) +diff --git a/src/libs/zbxembed/embed.c b/src/libs/zbxembed/embed.c +index 34d8d18..cc80925 100644 +--- a/src/libs/zbxembed/embed.c ++++ b/src/libs/zbxembed/embed.c +@@ -444,6 +444,7 @@ int zbx_es_execute(zbx_es_t *es, const char *script, const char *code, int size, + zabbix_log(LOG_LEVEL_DEBUG, "In %s() param:%s", __func__, param); + + zbx_timespec(&es->env->start_time); ++ es->env->http_req_objects = 0; + + if (NULL != es->env->json) + { +diff --git a/src/libs/zbxembed/embed.h b/src/libs/zbxembed/embed.h +index a0a360c..2b954a8 100644 +--- a/src/libs/zbxembed/embed.h ++++ b/src/libs/zbxembed/embed.h +@@ -48,6 +48,9 @@ struct zbx_es_env + struct zbx_json *json; + + jmp_buf loc; ++ ++ int http_req_objects; ++ size_t log_size; + }; + + zbx_es_env_t *zbx_es_get_env(duk_context *ctx); +diff --git a/src/libs/zbxembed/httprequest.c b/src/libs/zbxembed/httprequest.c +index 8c2839c..7f0eed9 100644 +--- a/src/libs/zbxembed/httprequest.c ++++ b/src/libs/zbxembed/httprequest.c +@@ -52,6 +52,7 @@ typedef struct + size_t headers_in_alloc; + size_t headers_in_offset; + unsigned char custom_header; ++ size_t headers_sz; + } + zbx_es_httprequest_t; + +@@ -145,13 +146,21 @@ static duk_ret_t es_httprequest_dtor(duk_context *ctx) + ******************************************************************************/ + static duk_ret_t es_httprequest_ctor(duk_context *ctx) + { ++#define MAX_HTTPREQUEST_OBJECT_COUNT 10 + zbx_es_httprequest_t *request; + CURLcode err; ++ zbx_es_env_t *env; + int err_index = -1; + + if (!duk_is_constructor_call(ctx)) + return DUK_RET_TYPE_ERROR; + ++ if (NULL == (env = zbx_es_get_env(ctx))) ++ return duk_error(ctx, DUK_RET_TYPE_ERROR, "cannot access internal environment"); ++ ++ if (MAX_HTTPREQUEST_OBJECT_COUNT == env->http_req_objects) ++ return duk_error(ctx, DUK_RET_EVAL_ERROR, "maximum count of HttpRequest objects was reached"); ++ + duk_push_this(ctx); + + request = (zbx_es_httprequest_t *)zbx_malloc(NULL, sizeof(zbx_es_httprequest_t)); +@@ -189,7 +198,10 @@ out: + return duk_throw(ctx); + } + ++ env->http_req_objects++; ++ + return 0; ++#undef MAX_HTTPREQUEST_OBJECT_COUNT + } + + /****************************************************************************** +@@ -201,10 +213,12 @@ out: + ******************************************************************************/ + static duk_ret_t es_httprequest_add_header(duk_context *ctx) + { ++#define ZBX_ES_MAX_HEADERS_SIZE ZBX_KIBIBYTE * 128 + zbx_es_httprequest_t *request; + CURLcode err; + char *utf8 = NULL; + int err_index = -1; ++ size_t header_sz; + + if (NULL == (request = es_httprequest(ctx))) + return duk_error(ctx, DUK_RET_EVAL_ERROR, "internal scripting error: null object"); +@@ -215,9 +229,20 @@ static duk_ret_t es_httprequest_add_header(duk_context *ctx) + goto out; + } + ++ header_sz = strlen(utf8); ++ ++ if (ZBX_ES_MAX_HEADERS_SIZE < request->headers_sz + header_sz) ++ { ++ err_index = duk_push_error_object(ctx, DUK_RET_TYPE_ERROR, "headers exceeded maximum size of " ++ ZBX_FS_UI64 " bytes.", ZBX_ES_MAX_HEADERS_SIZE); ++ ++ goto out; ++ } ++ + request->headers = curl_slist_append(request->headers, utf8); + ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_HTTPHEADER, request->headers, err); + request->custom_header = 1; ++ request->headers_sz += header_sz + 1; + out: + zbx_free(utf8); + +@@ -225,6 +250,7 @@ out: + return duk_throw(ctx); + + return 0; ++#undef ZBX_ES_MAX_HEADERS_SIZE + } + + /****************************************************************************** +@@ -244,6 +270,7 @@ static duk_ret_t es_httprequest_clear_header(duk_context *ctx) + curl_slist_free_all(request->headers); + request->headers = NULL; + request->custom_header = 0; ++ request->headers_sz = 0; + + return 0; + } +@@ -311,6 +338,7 @@ static duk_ret_t es_httprequest_query(duk_context *ctx, const char *http_request + { + curl_slist_free_all(request->headers); + request->headers = NULL; ++ request->headers_sz = 0; + } + + if (NULL != contents) +diff --git a/src/libs/zbxembed/zabbix.c b/src/libs/zbxembed/zabbix.c +index 820768f..0ecde86 100644 +--- a/src/libs/zbxembed/zabbix.c ++++ b/src/libs/zbxembed/zabbix.c +@@ -81,27 +81,28 @@ static duk_ret_t es_zabbix_log(duk_context *ctx) + zbx_replace_invalid_utf8(message); + } + +- zabbix_log(level, "%s", message); +- + duk_get_memory_functions(ctx, &out_funcs); + env = (zbx_es_env_t *)out_funcs.udata; + +- if (NULL == env->json) +- goto out; +- +- if (ZBX_ES_LOG_MEMORY_LIMIT < env->json->buffer_size) /* approximate limit */ ++ if (ZBX_ES_LOG_MEMORY_LIMIT < env->log_size) + { + err_index = duk_push_error_object(ctx, DUK_RET_EVAL_ERROR, "log exceeds the maximum size of " + ZBX_FS_UI64 " bytes.", ZBX_ES_LOG_MEMORY_LIMIT); + goto out; + } + +- zbx_json_addobject(env->json, NULL); +- zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level); +- zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time)); +- zbx_json_addstring(env->json, "message", message, ZBX_JSON_TYPE_STRING); +- zbx_json_close(env->json); ++ zabbix_log(level, "%s", message); ++ ++ if (NULL != env->json) ++ { ++ zbx_json_addobject(env->json, NULL); ++ zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level); ++ zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time)); ++ zbx_json_addstring(env->json, "message", message, ZBX_JSON_TYPE_STRING); ++ zbx_json_close(env->json); ++ } + out: ++ env->log_size += strlen(message); + zbx_free(message); + + if (-1 != err_index) +-- +2.35.5 diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch new file mode 100644 index 0000000000..ea790f0a93 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch @@ -0,0 +1,241 @@ +From 76f6a80cb3d6131e9c3e98918305c1bf1805fa2a Mon Sep 17 00:00:00 2001 +From: Vladislavs Sokurenko <vladislavs.sokurenko@zabbix.com> +Date: Thu, 27 Jul 2023 12:43:02 +0000 +Subject: [PATCH] ...G...PS. [DEV-2429] fixed unauthorised file system access + when using cURL + +Merge in ZBX/zabbix from feature/DEV-2429-6.0 to release/6.0 + +* commit 'abf345230ee185d61cc0bd70d432fa4b093b8a53': + ...G...PS. [DEV-2429] fixed unautorized file system access when using curl + .......PS. [DEV-2429] fixed unautorized file system access in JS preprocessing + +CVE: CVE-2023-29450 + +Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/76f6a80cb3d] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/libs/zbxembed/httprequest.c | 4 +++ + src/libs/zbxhistory/history_elastic.c | 30 ++++++++++++++++++++++ + src/libs/zbxhttp/http.c | 9 +++++++ + src/libs/zbxmedia/email.c | 6 +++++ + src/libs/zbxsysinfo/common/http.c | 9 +++++++ + src/libs/zbxsysinfo/simple/simple.c | 11 ++++++++ + src/zabbix_server/httppoller/httptest.c | 9 +++++++ + src/zabbix_server/reporter/report_writer.c | 10 ++++++++ + src/zabbix_server/vmware/vmware.c | 9 +++++++ + 9 files changed, 97 insertions(+) + +diff --git a/src/libs/zbxembed/httprequest.c b/src/libs/zbxembed/httprequest.c +index 7f0eed9..871b925 100644 +--- a/src/libs/zbxembed/httprequest.c ++++ b/src/libs/zbxembed/httprequest.c +@@ -354,6 +354,10 @@ static duk_ret_t es_httprequest_query(duk_context *ctx, const char *http_request + ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_CUSTOMREQUEST, http_request, err); + ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_TIMEOUT_MS, timeout_ms - elapsed_ms, err); + ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_POSTFIELDS, ZBX_NULL2EMPTY_STR(contents), err); ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS, err); ++#endif + + request->data_offset = 0; + request->headers_in_offset = 0; +diff --git a/src/libs/zbxhistory/history_elastic.c b/src/libs/zbxhistory/history_elastic.c +index 8b3ea84..fc881da 100644 +--- a/src/libs/zbxhistory/history_elastic.c ++++ b/src/libs/zbxhistory/history_elastic.c +@@ -406,6 +406,16 @@ static void elastic_writer_add_iface(zbx_history_iface_t *hist) + goto out; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PROTOCOLS, ++ CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ zabbix_log(LOG_LEVEL_ERR, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err)); ++ goto out; ++ } ++#endif ++ + *page_w[hist->value_type].errbuf = '\0'; + + if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PRIVATE, &page_w[hist->value_type]))) +@@ -722,6 +732,16 @@ static int elastic_get_values(zbx_history_iface_t *hist, zbx_uint64_t itemid, in + goto out; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PROTOCOLS, ++ CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ zabbix_log(LOG_LEVEL_ERR, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err)); ++ goto out; ++ } ++#endif ++ + zabbix_log(LOG_LEVEL_DEBUG, "sending query to %s; post data: %s", data->post_url, query.buffer); + + page_r.offset = 0; +@@ -1065,6 +1085,16 @@ void zbx_elastic_version_extract(struct zbx_json *json) + goto clean; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(handle, opt = CURLOPT_PROTOCOLS, ++ CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ zabbix_log(LOG_LEVEL_WARNING, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err)); ++ goto clean; ++ } ++#endif ++ + *errbuf = '\0'; + + if (CURLE_OK != (err = curl_easy_perform(handle))) +diff --git a/src/libs/zbxhttp/http.c b/src/libs/zbxhttp/http.c +index c10922c..36774cc 100644 +--- a/src/libs/zbxhttp/http.c ++++ b/src/libs/zbxhttp/http.c +@@ -333,6 +333,15 @@ int zbx_http_get(const char *url, const char *header, long timeout, char **out, + goto clean; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ *error = zbx_dsprintf(NULL, "Cannot set allowed protocols: %s", curl_easy_strerror(err)); ++ goto clean; ++ } ++#endif ++ + if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_URL, url))) + { + *error = zbx_dsprintf(NULL, "Cannot specify URL: %s", curl_easy_strerror(err)); +diff --git a/src/libs/zbxmedia/email.c b/src/libs/zbxmedia/email.c +index 3b987d9..d3af744 100644 +--- a/src/libs/zbxmedia/email.c ++++ b/src/libs/zbxmedia/email.c +@@ -661,6 +661,12 @@ static int send_email_curl(const char *smtp_server, unsigned short smtp_port, co + if ('\0' != *smtp_helo) + zbx_snprintf(url + url_offset, sizeof(url) - url_offset, "/%s", smtp_helo); + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_SMTPS | CURLPROTO_SMTP))) ++ goto error; ++#endif ++ + if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_URL, url))) + goto error; + +diff --git a/src/libs/zbxsysinfo/common/http.c b/src/libs/zbxsysinfo/common/http.c +index acd77e1..8dc4793 100644 +--- a/src/libs/zbxsysinfo/common/http.c ++++ b/src/libs/zbxsysinfo/common/http.c +@@ -176,6 +176,15 @@ static int curl_page_get(char *url, char **buffer, char **error) + goto out; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ *error = zbx_dsprintf(*error, "Cannot set allowed protocols: %s", curl_easy_strerror(err)); ++ goto out; ++ } ++#endif ++ + if (CURLE_OK == (err = curl_easy_perform(easyhandle))) + { + if (NULL != buffer) +diff --git a/src/libs/zbxsysinfo/simple/simple.c b/src/libs/zbxsysinfo/simple/simple.c +index be1b9f9..80c5eac 100644 +--- a/src/libs/zbxsysinfo/simple/simple.c ++++ b/src/libs/zbxsysinfo/simple/simple.c +@@ -189,6 +189,17 @@ static int check_https(const char *host, unsigned short port, int timeout, int * + goto clean; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_PROTOCOLS, ++ CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ zabbix_log(LOG_LEVEL_DEBUG, "%s: could not set cURL option [%d]: %s", ++ __func__, (int)opt, curl_easy_strerror(err)); ++ goto clean; ++ } ++#endif ++ + if (NULL != CONFIG_SOURCE_IP) + { + if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_INTERFACE, CONFIG_SOURCE_IP))) +diff --git a/src/zabbix_server/httppoller/httptest.c b/src/zabbix_server/httppoller/httptest.c +index 0ff70ef..0201442 100644 +--- a/src/zabbix_server/httppoller/httptest.c ++++ b/src/zabbix_server/httppoller/httptest.c +@@ -696,6 +696,15 @@ static void process_httptest(DC_HOST *host, zbx_httptest_t *httptest) + goto clean; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ err_str = zbx_strdup(err_str, curl_easy_strerror(err)); ++ goto clean; ++ } ++#endif ++ + if (SUCCEED != zbx_http_prepare_ssl(easyhandle, httptest->httptest.ssl_cert_file, + httptest->httptest.ssl_key_file, httptest->httptest.ssl_key_password, + httptest->httptest.verify_peer, httptest->httptest.verify_host, &err_str)) +diff --git a/src/zabbix_server/reporter/report_writer.c b/src/zabbix_server/reporter/report_writer.c +index 87d1364..7530ed0 100644 +--- a/src/zabbix_server/reporter/report_writer.c ++++ b/src/zabbix_server/reporter/report_writer.c +@@ -162,6 +162,16 @@ static int rw_get_report(const char *url, const char *cookie, int width, int hei + goto out; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(curl, opt = CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ *error = zbx_dsprintf(*error, "Cannot set cURL option %d: %s.", (int)opt, ++ (curl_error = rw_curl_error(err))); ++ goto out; ++ } ++#endif ++ + if (NULL != CONFIG_TLS_CA_FILE && '\0' != *CONFIG_TLS_CA_FILE) + { + if (CURLE_OK != (err = curl_easy_setopt(curl, opt = CURLOPT_CAINFO, CONFIG_TLS_CA_FILE)) || +diff --git a/src/zabbix_server/vmware/vmware.c b/src/zabbix_server/vmware/vmware.c +index b02c8c7..718d519 100644 +--- a/src/zabbix_server/vmware/vmware.c ++++ b/src/zabbix_server/vmware/vmware.c +@@ -2045,6 +2045,15 @@ static int vmware_service_authenticate(zbx_vmware_service_t *service, CURL *easy + goto out; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ *error = zbx_dsprintf(*error, "Cannot set cURL option %d: %s.", (int)opt, curl_easy_strerror(err)); ++ goto out; ++ } ++#endif ++ + if (NULL != CONFIG_SOURCE_IP) + { + if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_INTERFACE, CONFIG_SOURCE_IP))) +-- +2.35.5 diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch new file mode 100644 index 0000000000..453f67a920 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch @@ -0,0 +1,116 @@ +From 90274a56b2505997cd1677f0bd6a8b89b21df163 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Wed, 26 Apr 2023 15:00:07 +0800 +Subject: [PATCH] Fix CVE-2023-29451 + +.......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character + +Merge in ZBX/zabbix from feature/DEV-2450-6.0 to release/6.0 + +* commit '97efb4ed5069d4febe825671e2c3d106478d082d': + .......PS. [DEV-2450] added mock test + .......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character + .......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character + +Upstream-Status: Backport +[https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b6a8c84612a67daaf89879226349420104bff24] +CVE: CVE-2023-29451 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + src/libs/zbxdiag/diag.c | 3 ++- + src/libs/zbxjson/json.c | 2 +- + src/libs/zbxjson/json.h | 1 + + src/libs/zbxjson/json_parser.c | 15 +++++---------- + src/zabbix_server/reporter/report_protocol.c | 3 ++- + 5 files changed, 11 insertions(+), 13 deletions(-) + +diff --git a/src/libs/zbxdiag/diag.c b/src/libs/zbxdiag/diag.c +index 6fc5509..dc47407 100644 +--- a/src/libs/zbxdiag/diag.c ++++ b/src/libs/zbxdiag/diag.c +@@ -673,7 +673,8 @@ static void diag_get_simple_values(const struct zbx_json_parse *jp, char **msg) + { + if (FAIL == zbx_json_brackets_open(pnext, &jp_value)) + { +- zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, &type); ++ if (NULL == zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, &type)) ++ type = ZBX_JSON_TYPE_NULL; + + if (0 != msg_offset) + zbx_chrcpy_alloc(msg, &msg_alloc, &msg_offset, ' '); +diff --git a/src/libs/zbxjson/json.c b/src/libs/zbxjson/json.c +index 4161ef0..c043d7e 100644 +--- a/src/libs/zbxjson/json.c ++++ b/src/libs/zbxjson/json.c +@@ -764,7 +764,7 @@ static unsigned int zbx_hex2num(char c) + * 0 on error (invalid escape sequence) * + * * + ******************************************************************************/ +-static unsigned int zbx_json_decode_character(const char **p, unsigned char *bytes) ++unsigned int zbx_json_decode_character(const char **p, unsigned char *bytes) + { + bytes[0] = '\0'; + +diff --git a/src/libs/zbxjson/json.h b/src/libs/zbxjson/json.h +index c59646a..4008411 100644 +--- a/src/libs/zbxjson/json.h ++++ b/src/libs/zbxjson/json.h +@@ -29,5 +29,6 @@ + SKIP_WHITESPACE(src) + + void zbx_set_json_strerror(const char *fmt, ...) __zbx_attr_format_printf(1, 2); ++unsigned int zbx_json_decode_character(const char **p, unsigned char *bytes); + + #endif +diff --git a/src/libs/zbxjson/json_parser.c b/src/libs/zbxjson/json_parser.c +index c8dcee4..64d24cf 100644 +--- a/src/libs/zbxjson/json_parser.c ++++ b/src/libs/zbxjson/json_parser.c +@@ -88,7 +88,7 @@ static zbx_int64_t json_parse_string(const char *start, char **error) + if ('\\' == *ptr) + { + const char *escape_start = ptr; +- int i; ++ unsigned char uc[4]; /* decoded Unicode character takes 1-4 bytes in UTF-8 */ + + /* unexpected end of string data, failing */ + if ('\0' == *(++ptr)) +@@ -107,16 +107,11 @@ static zbx_int64_t json_parse_string(const char *start, char **error) + break; + case 'u': + /* check if the \u is followed with 4 hex digits */ +- for (i = 0; i < 4; i++) +- { +- if (0 == isxdigit((unsigned char)*(++ptr))) +- { +- return json_error("invalid escape sequence in string", +- escape_start, error); +- } ++ if (0 == zbx_json_decode_character(&ptr, uc)) { ++ return json_error("invalid escape sequence in string", ++ escape_start, error); + } +- +- break; ++ continue; + default: + return json_error("invalid escape sequence in string data", + escape_start, error); +diff --git a/src/zabbix_server/reporter/report_protocol.c b/src/zabbix_server/reporter/report_protocol.c +index 5f55f51..ee0e02e 100644 +--- a/src/zabbix_server/reporter/report_protocol.c ++++ b/src/zabbix_server/reporter/report_protocol.c +@@ -421,7 +421,8 @@ void zbx_report_test(const struct zbx_json_parse *jp, zbx_uint64_t userid, struc + size_t value_alloc = 0; + zbx_ptr_pair_t pair; + +- zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, NULL); ++ if (NULL == zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, NULL)) ++ continue; + pair.first = zbx_strdup(NULL, key); + pair.second = value; + zbx_vector_ptr_pair_append(¶ms, pair); +-- +2.25.1 + diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32726.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32726.patch new file mode 100644 index 0000000000..b9c37bc045 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32726.patch @@ -0,0 +1,160 @@ +From 53ef2b7119f57f4140e6bd9c5cd2d3c6af228179 Mon Sep 17 00:00:00 2001 +From: Armands Arseniuss Skolmeisters <armands.skolmeisters@zabbix.com> +Date: Thu, 11 Jan 2024 12:00:24 +0000 +Subject: [PATCH] ...G...... [DEV-2702] fixed buffer overread in DNS response + +* commit '893902999ab7f0b15cce91e8555cb251b32b6df4': + ...G...... [DEV-2702] fixed DNS record data length check + ...G...... [DEV-2702] improved DNS error messages + ...G...... [DEV-2702] fixed DNS error messages + ...G...... [DEV-2702] improved DNS error messages + ...G...... [DEV-2702] fixed buffer overread in DNS response + +CVE: CVE-2023-32726 +Upstream-Status: Backport [https://github.com/zabbix/zabbix/commit/53ef2b7119f57f4140e6bd9c5cd2d3c6af228179] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/libs/zbxsysinfo/common/dns.c | 65 +++++++++++++++++++++++++++----- + 1 file changed, 56 insertions(+), 9 deletions(-) + +diff --git a/src/libs/zbxsysinfo/common/dns.c b/src/libs/zbxsysinfo/common/dns.c +index e8938d8..bf456f2 100644 +--- a/src/libs/zbxsysinfo/common/dns.c ++++ b/src/libs/zbxsysinfo/common/dns.c +@@ -638,7 +638,8 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + { + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, ++ "Cannot decode DNS response: cannot expand domain name.")); + ret = SYSINFO_RET_FAIL; + goto clean; + } +@@ -651,6 +652,13 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + GETSHORT(q_len, msg_ptr); + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %-8s", decode_type(q_type)); + ++ if (msg_ptr + q_len > msg_end) ++ { ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response: record overflow.")); ++ ret = SYSINFO_RET_FAIL; ++ goto clean; ++ } ++ + switch (q_type) + { + case T_A: +@@ -695,8 +703,40 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + case T_PTR: + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++#define ERR_MSG_PREFIX "Cannot decode DNS response: cannot expand " ++ const char *err_msg = NULL; ++ ++ switch (q_type) ++ { ++ case T_NS: ++ err_msg = ERR_MSG_PREFIX "name server name."; ++ break; ++ case T_CNAME: ++ err_msg = ERR_MSG_PREFIX "canonical name."; ++ break; ++ case T_MB: ++ err_msg = ERR_MSG_PREFIX "mailbox name."; ++ break; ++ case T_MD: ++ err_msg = ERR_MSG_PREFIX "mail destination name."; ++ break; ++ case T_MF: ++ err_msg = ERR_MSG_PREFIX "mail forwarder name."; ++ break; ++ case T_MG: ++ err_msg = ERR_MSG_PREFIX "mail group name."; ++ break; ++ case T_MR: ++ err_msg = ERR_MSG_PREFIX "renamed mailbox name."; ++ break; ++ case T_PTR: ++ err_msg = ERR_MSG_PREFIX "PTR name."; ++ break; ++ } ++ ++ SET_MSG_RESULT(result, zbx_strdup(NULL, err_msg)); + return SYSINFO_RET_FAIL; ++#undef ERR_MSG_PREFIX + } + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name); + break; +@@ -706,7 +746,8 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) /* exchange */ + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:" ++ " cannot expand mail exchange name.")); + return SYSINFO_RET_FAIL; + } + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name); +@@ -715,14 +756,16 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + case T_SOA: + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) /* source host */ + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:" ++ " cannot expand source nameserver name.")); + return SYSINFO_RET_FAIL; + } + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name); + + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) /* administrator */ + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:" ++ " cannot expand administrator mailbox name.")); + return SYSINFO_RET_FAIL; + } + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name); +@@ -750,7 +793,8 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + case T_WKS: + if (INT32SZ + 1 > q_len) + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:" ++ " malformed WKS resource record.")); + return SYSINFO_RET_FAIL; + } + +@@ -816,14 +860,16 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + case T_MINFO: + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) /* mailbox responsible for mailing lists */ + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:" ++ " cannot expand mailbox responsible for mailing lists.")); + return SYSINFO_RET_FAIL; + } + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name); + + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) /* mailbox for error messages */ + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:" ++ " cannot expand mailbox for error messages.")); + return SYSINFO_RET_FAIL; + } + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name); +@@ -854,7 +900,8 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) /* target */ + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:" ++ " cannot expand service target hostname.")); + return SYSINFO_RET_FAIL; + } + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name); +-- +2.40.0 diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0001.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0001.patch new file mode 100644 index 0000000000..5c1e0c5af6 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0001.patch @@ -0,0 +1,193 @@ +From 93e090592fc6de7ec5d3d42c1bb9074ad1f3ba34 Mon Sep 17 00:00:00 2001 +From: Andris Zeila <andris.zeila@zabbix.com> +Date: Fri, 12 Jan 2024 05:48:31 +0000 +Subject: [PATCH] .......PS. [DEV-2695] changed fping tests to read address + from file + +Merge in ZBX/zabbix from feature/DEV-2695-6.0 to release/6.0 + +* commit '6603893ff94620e28fc543d5d0d4c86b9be3342e': + .......PS. [DEV-2695] fixed signal blocking + .......PS. [DEV-2695] added target hostname/ip validation in fping feature tests + .......PS. [DEV-2695] added error messages when failed to prepare temporary file for fping tests + .......PS. [DEV-2695] changed fping tests to read address from file + +CVE: CVE-2023-32727 +Upstream-Status: BAckport [https://github.com/zabbix/zabbix/commit/93e090592fc6de7ec5d3d42c1bb9074ad1f3ba34] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/libs/zbxicmpping/icmpping.c | 125 ++++++++++++++++++++++++++++---- + 1 file changed, 112 insertions(+), 13 deletions(-) + +diff --git a/src/libs/zbxicmpping/icmpping.c b/src/libs/zbxicmpping/icmpping.c +index 72f7e86..9a751b7 100644 +--- a/src/libs/zbxicmpping/icmpping.c ++++ b/src/libs/zbxicmpping/icmpping.c +@@ -59,6 +59,8 @@ static void get_source_ip_option(const char *fping, const char **option, unsigne + + zbx_snprintf(tmp, sizeof(tmp), "%s -h 2>&1", fping); + ++ zabbix_log(LOG_LEVEL_DEBUG, "executing %s", tmp); ++ + if (NULL == (f = popen(tmp, "r"))) + return; + +@@ -85,6 +87,110 @@ static void get_source_ip_option(const char *fping, const char **option, unsigne + *checked = 1; + } + ++/****************************************************************************** ++ * * ++ * Purpose: execute external program and return stdout and stderr values * ++ * * ++ * Parameters: fping - [IN] location of fping program * ++ * out - [OUT] stdout and stderr values * ++ * error - [OUT] error string if function fails * ++ * max_error_len - [IN] length of error buffer * ++ * * ++ * Return value: SUCCEED if processed successfully or FAIL otherwise * ++ * * ++ ******************************************************************************/ ++static int get_fping_out(const char *fping, const char *address, char **out, char *error, size_t max_error_len) ++{ ++ FILE *f; ++ size_t buf_size = 0, offset = 0, len; ++ ssize_t n; ++ char tmp[MAX_STRING_LEN], *buffer = NULL; ++ int ret = FAIL, fd; ++ sigset_t mask, orig_mask; ++ char filename[MAX_STRING_LEN]; ++ ++ if (FAIL == zbx_validate_hostname(address) && FAIL == is_supported_ip(address)) ++ { ++ zbx_strlcpy(error, "Invalid host name or IP address", max_error_len); ++ return FAIL; ++ } ++ ++ zbx_snprintf(filename, sizeof(filename), "%s/%s_XXXXXX", CONFIG_TMPDIR, progname); ++ if (-1 == (fd = mkstemp(filename))) ++ { ++ zbx_snprintf(error, max_error_len, "Cannot create temporary file \"%s\": %s", filename, ++ zbx_strerror(errno)); ++ ++ return FAIL; ++ } ++ ++ sigemptyset(&mask); ++ sigaddset(&mask, SIGINT); ++ sigaddset(&mask, SIGQUIT); ++ ++ len = strlen(address); ++ if (-1 == (n = write(fd, address, len))) ++ { ++ zbx_snprintf(error, max_error_len, "Cannot write address into temporary file: %s", zbx_strerror(errno)); ++ (void)close(fd); ++ goto out; ++ } ++ ++ if (n != (ssize_t)len) ++ { ++ zbx_strlcpy(error, "Cannot write full address into temporary file", max_error_len); ++ (void)close(fd); ++ goto out; ++ } ++ ++ if (-1 == close(fd)) ++ { ++ zbx_snprintf(error, max_error_len, "Cannot close temporary file: %s", zbx_strerror(errno)); ++ goto out; ++ } ++ ++ zbx_snprintf(tmp, sizeof(tmp), "%s 2>&1 < %s", fping, filename); ++ ++ if (0 > sigprocmask(SIG_BLOCK, &mask, &orig_mask)) ++ zbx_error("cannot set sigprocmask to block the user signal"); ++ ++ zabbix_log(LOG_LEVEL_DEBUG, "executing %s", tmp); ++ ++ if (NULL == (f = popen(tmp, "r"))) ++ { ++ zbx_strlcpy(error, zbx_strerror(errno), max_error_len); ++ goto out; ++ } ++ ++ while (NULL != zbx_fgets(tmp, sizeof(tmp), f)) ++ { ++ len = strlen(tmp); ++ ++ if (MAX_EXECUTE_OUTPUT_LEN < offset + len) ++ break; ++ ++ zbx_strncpy_alloc(&buffer, &buf_size, &offset, tmp, len); ++ } ++ ++ pclose(f); ++ ++ if (NULL == buffer) ++ { ++ zbx_strlcpy(error, "Cannot obtain the program output", max_error_len); ++ goto out; ++ } ++ ++ *out = buffer; ++ ret = SUCCEED; ++out: ++ unlink(filename); ++ ++ if (0 > sigprocmask(SIG_SETMASK, &orig_mask, NULL)) ++ zbx_error("cannot restore sigprocmask"); ++ ++ return ret; ++} ++ + /****************************************************************************** + * * + * Function: get_interval_option * +@@ -137,19 +243,12 @@ static int get_interval_option(const char *fping, ZBX_FPING_HOST *hosts, int hos + + zabbix_log(LOG_LEVEL_DEBUG, "testing fping interval %u ms", intervals[j]); + +- zbx_snprintf(tmp, sizeof(tmp), "%s -c1 -t50 -i%u %s", fping, intervals[j], dst); ++ zbx_snprintf(tmp, sizeof(tmp), "%s -c1 -t50 -i%u", fping, intervals[j]); + + zbx_free(out); + + /* call fping, ignore its exit code but mind execution failures */ +- if (TIMEOUT_ERROR == (ret_exec = zbx_execute(tmp, &out, err, sizeof(err), 1, +- ZBX_EXIT_CODE_CHECKS_DISABLED, NULL))) +- { +- zbx_snprintf(error, max_error_len, "Timeout while executing \"%s\"", tmp); +- goto out; +- } +- +- if (FAIL == ret_exec) ++ if (SUCCEED != (ret_exec = get_fping_out(tmp, dst, &out, err, sizeof(err)))) + { + zbx_snprintf(error, max_error_len, "Cannot execute \"%s\": %s", tmp, err); + goto out; +@@ -251,10 +350,10 @@ static int get_ipv6_support(const char * fping, const char *dst) + int ret; + char tmp[MAX_STRING_LEN], error[255], *out = NULL; + +- zbx_snprintf(tmp, sizeof(tmp), "%s -6 -c1 -t50 %s", fping, dst); ++ zbx_snprintf(tmp, sizeof(tmp), "%s -6 -c1 -t50", fping); + +- if ((SUCCEED == (ret = zbx_execute(tmp, &out, error, sizeof(error), 1, ZBX_EXIT_CODE_CHECKS_DISABLED, NULL)) && +- ZBX_KIBIBYTE > strlen(out) && NULL != strstr(out, dst)) || TIMEOUT_ERROR == ret) ++ if (SUCCEED == (ret = get_fping_out(tmp, dst, &out, error, sizeof(error)) && ++ ZBX_KIBIBYTE > strlen(out) && NULL != strstr(out, dst))) + { + ret = SUCCEED; + } +@@ -538,7 +637,7 @@ static int process_ping(ZBX_FPING_HOST *hosts, int hosts_count, int count, int i + + fclose(f); + +- zabbix_log(LOG_LEVEL_DEBUG, "%s", tmp); ++ zabbix_log(LOG_LEVEL_DEBUG, "executing %s", tmp); + + sigemptyset(&mask); + sigaddset(&mask, SIGINT); +-- +2.40.0 diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0002.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0002.patch new file mode 100644 index 0000000000..aabc675b6a --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0002.patch @@ -0,0 +1,49 @@ +From 610f9fdbb86667f4094972547deb936c6cdfc6d5 Mon Sep 17 00:00:00 2001 +From: Andris Zeila <andris.zeila@zabbix.com> +Date: Fri, 12 Jan 2024 06:06:02 +0000 +Subject: [PATCH] .......PS. [DEV-2695] removed group/all access flags for + fping temporary files + +Merge in ZBX/zabbix from feature/DEV-2695-6.5 to master + +* commit 'cf07db1d5c2b8fe4a9de85fed22cf05035e08914': + .......PS. [DEV-2695] remove group/all access flags when creating fping input file for testing fping features + +(cherry picked from commit cd12f0a2d89c3ef05f0e9f50dcb73fdaf3a7e8a9) + +CVE: CVE-2023-32727 +Upstream_Status: Backport [https://github.com/zabbix/zabbix/commit/610f9fdbb86667f4094972547deb936c6cdfc6d5] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/libs/zbxicmpping/icmpping.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/libs/zbxicmpping/icmpping.c b/src/libs/zbxicmpping/icmpping.c +index 9a751b7..bab3d09 100644 +--- a/src/libs/zbxicmpping/icmpping.c ++++ b/src/libs/zbxicmpping/icmpping.c +@@ -108,6 +108,7 @@ static int get_fping_out(const char *fping, const char *address, char **out, cha + int ret = FAIL, fd; + sigset_t mask, orig_mask; + char filename[MAX_STRING_LEN]; ++ mode_t mode; + + if (FAIL == zbx_validate_hostname(address) && FAIL == is_supported_ip(address)) + { +@@ -116,7 +117,12 @@ static int get_fping_out(const char *fping, const char *address, char **out, cha + } + + zbx_snprintf(filename, sizeof(filename), "%s/%s_XXXXXX", CONFIG_TMPDIR, progname); +- if (-1 == (fd = mkstemp(filename))) ++ ++ mode = umask(077); ++ fd = mkstemp(filename); ++ umask(mode); ++ ++ if (-1 == fd) + { + zbx_snprintf(error, max_error_len, "Cannot create temporary file \"%s\": %s", filename, + zbx_strerror(errno)); +-- +2.40.0 diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb index d72d3b1122..2793f0ca5f 100644 --- a/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb +++ b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb @@ -28,6 +28,12 @@ SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.4/${BPN}-${PV}.tar.gz file://zabbix-agent.service \ file://CVE-2022-43515.patch \ file://CVE-2022-46768.patch \ + file://CVE-2023-29451.patch \ + file://CVE-2023-29449.patch \ + file://CVE-2023-29450.patch \ + file://CVE-2023-32726.patch \ + file://CVE-2023-32727_0001.patch \ + file://CVE-2023-32727_0002.patch \ " SRC_URI[md5sum] = "f295fd2df86143d72f6ff26e47d9e39e" |