aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-protocols/quagga/files/CVE-2021-44038.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-networking/recipes-protocols/quagga/files/CVE-2021-44038.patch')
-rw-r--r--meta-networking/recipes-protocols/quagga/files/CVE-2021-44038.patch117
1 files changed, 117 insertions, 0 deletions
diff --git a/meta-networking/recipes-protocols/quagga/files/CVE-2021-44038.patch b/meta-networking/recipes-protocols/quagga/files/CVE-2021-44038.patch
new file mode 100644
index 0000000000..bdb48a3993
--- /dev/null
+++ b/meta-networking/recipes-protocols/quagga/files/CVE-2021-44038.patch
@@ -0,0 +1,117 @@
+From b2484f4df6414a6b3dd68b4069b79279c746cc27 Mon Sep 17 00:00:00 2001
+From: Marius Tomaschewski <mt@suse.com>
+Date: Fri Nov 11 09:07:22 UTC 2022
+Subject: [PATCH] quagga: unsafe chown/chmod operations may lead to privileges escalation
+
+Reference: https://bugzilla.suse.com/show_bug.cgi?id=1191890
+
+Patch taken from https://build.opensuse.org/package/view_file/network/quagga/remove-chown-chmod.service.patch
+
+CVE: CVE-2021-44038
+Signed-off-by: Marius Tomaschewski <mt@suse.com>
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ redhat/bgpd.service | 2 --
+ redhat/isisd.service | 2 --
+ redhat/ospf6d.service | 2 --
+ redhat/ospfd.service | 2 --
+ redhat/ripd.service | 2 --
+ redhat/ripngd.service | 2 --
+ redhat/zebra.service | 3 ---
+ 7 files changed, 15 deletions(-)
+
+diff --git a/redhat/bgpd.service b/redhat/bgpd.service
+index a50bfff..6f46a97 100644
+--- a/redhat/bgpd.service
++++ b/redhat/bgpd.service
+@@ -10,8 +10,6 @@ Documentation=man:bgpd
+ [Service]
+ Type=forking
+ EnvironmentFile=/etc/sysconfig/quagga
+-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/bgpd.conf
+-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/bgpd.conf
+ ExecStart=/usr/sbin/bgpd -d $BGPD_OPTS -f /etc/quagga/bgpd.conf
+ Restart=on-abort
+
+diff --git a/redhat/isisd.service b/redhat/isisd.service
+index 93663aa..c1464c0 100644
+--- a/redhat/isisd.service
++++ b/redhat/isisd.service
+@@ -10,8 +10,6 @@ Documentation=man:isisd
+ [Service]
+ Type=forking
+ EnvironmentFile=/etc/sysconfig/quagga
+-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/isisd.conf
+-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/isisd.conf
+ ExecStart=/usr/sbin/isisd -d $ISISD_OPTS -f /etc/quagga/isisd.conf
+ Restart=on-abort
+
+diff --git a/redhat/ospf6d.service b/redhat/ospf6d.service
+index 3c1c978..d493429 100644
+--- a/redhat/ospf6d.service
++++ b/redhat/ospf6d.service
+@@ -10,8 +10,6 @@ Documentation=man:ospf6d
+ [Service]
+ Type=forking
+ EnvironmentFile=/etc/sysconfig/quagga
+-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ospf6d.conf
+-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/ospf6d.conf
+ ExecStart=/usr/sbin/ospf6d -d $OSPF6D_OPTS -f /etc/quagga/ospf6d.conf
+ Restart=on-abort
+
+diff --git a/redhat/ospfd.service b/redhat/ospfd.service
+index 0084b6c..6c84580 100644
+--- a/redhat/ospfd.service
++++ b/redhat/ospfd.service
+@@ -10,8 +10,6 @@ Documentation=man:ospfd
+ [Service]
+ Type=forking
+ EnvironmentFile=/etc/sysconfig/quagga
+-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ospfd.conf
+-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/ospfd.conf
+ ExecStart=/usr/sbin/ospfd -d $OSPFD_OPTS -f /etc/quagga/ospfd.conf
+ Restart=on-abort
+
+diff --git a/redhat/ripd.service b/redhat/ripd.service
+index 103b5a9..be0f75c 100644
+--- a/redhat/ripd.service
++++ b/redhat/ripd.service
+@@ -10,8 +10,6 @@ Documentation=man:ripd
+ [Service]
+ Type=forking
+ EnvironmentFile=/etc/sysconfig/quagga
+-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ripd.conf
+-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/ripd.conf
+ ExecStart=/usr/sbin/ripd -d $RIPD_OPTS -f /etc/quagga/ripd.conf
+ Restart=on-abort
+
+diff --git a/redhat/ripngd.service b/redhat/ripngd.service
+index 6fe6ba8..23447da 100644
+--- a/redhat/ripngd.service
++++ b/redhat/ripngd.service
+@@ -10,8 +10,6 @@ Documentation=man:ripngd
+ [Service]
+ Type=forking
+ EnvironmentFile=/etc/sysconfig/quagga
+-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ripngd.conf
+-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/ripngd.conf
+ ExecStart=/usr/sbin/ripngd -d $RIPNGD_OPTS -f /etc/quagga/ripngd.conf
+ Restart=on-abort
+
+diff --git a/redhat/zebra.service b/redhat/zebra.service
+index fa5a004..e3cf0ab 100644
+--- a/redhat/zebra.service
++++ b/redhat/zebra.service
+@@ -10,9 +10,6 @@ Documentation=man:zebra
+ Type=forking
+ EnvironmentFile=-/etc/sysconfig/quagga
+ ExecStartPre=/sbin/ip route flush proto zebra
+-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/vtysh.conf /etc/quagga/zebra.conf
+-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /run/quagga /etc/quagga/zebra.conf
+-ExecStartPre=-/bin/chown -f ${QUAGGA_USER}${VTY_GROUP:+":$VTY_GROUP"} quaggavty /etc/quagga/vtysh.conf
+ ExecStart=/usr/sbin/zebra -d $ZEBRA_OPTS -f /etc/quagga/zebra.conf
+ Restart=on-abort
+
+--
+2.25.1
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-30 23:22:39 +0000