ni · chaitu236 · Jan 16, 2025 · Oct 18, 2024 · Oct 16, 2024 · Oct 18, 2024
diff --git a/...me/recipes-gnome/libgsf/libgsf_1.14.52.bb → ...me/recipes-gnome/libgsf/libgsf_1.14.53.bb b/...me/recipes-gnome/libgsf/libgsf_1.14.52.bb → ...me/recipes-gnome/libgsf/libgsf_1.14.53.bb
@@ -9,8 +9,8 @@ DEPENDS= "libxml2 bzip2 glib-2.0 zlib"
 GNOMEBASEBUILDCLASS = "autotools"
 inherit gnomebase gobject-introspection gettext gtk-doc
 
-SRC_URI[archive.sha256sum] = "9181c914b9fac0e05d6bcaa34c7b552fe5fc0961d3c9f8c01ccc381fb084bcf0"
-SRC_URI += "file://0001-configure.ac-drop-a-copy-paste-of-introspection.m4-m.patch"
+SRC_URI[archive.sha256sum] = "0eb59a86e0c50f97ac9cfe4d8cc1969f623f2ae8c5296f2414571ff0a9e8bcba"
+SRC_URI += " file://0001-configure.ac-drop-a-copy-paste-of-introspection.m4-m.patch"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[gdk-pixbuf] = "--with-gdk-pixbuf,--without-gdk-pixbuf,gdk-pixbuf"

diff --git a/meta-multimedia/recipes-multimedia/pipewire/pipewire_1.0.5.bb b/meta-multimedia/recipes-multimedia/pipewire/pipewire_1.0.5.bb
@@ -96,7 +96,7 @@ PACKAGECONFIG:class-target ??= " \
 # as being in conflict.
 PACKAGECONFIG[alsa] = "-Dalsa=enabled,-Dalsa=disabled,alsa-lib udev,,pipewire-alsa pipewire-alsa-card-profile"
 PACKAGECONFIG[avahi] = "-Davahi=enabled,-Davahi=disabled,avahi"
-PACKAGECONFIG[bluez] = "-Dbluez5=enabled,-Dbluez5=disabled,bluez5 sbc"
+PACKAGECONFIG[bluez] = "-Dbluez5=enabled,-Dbluez5=disabled,bluez5 sbc glib-2.0-native"
 PACKAGECONFIG[bluez-aac] = "-Dbluez5-codec-aac=enabled,-Dbluez5-codec-aac=disabled,fdk-aac"
 PACKAGECONFIG[bluez-opus] = "-Dbluez5-codec-opus=enabled,-Dbluez5-codec-opus=disabled,libopus"
 PACKAGECONFIG[bluez-lc3] = "-Dbluez5-codec-lc3=enabled,-Dbluez5-codec-lc3=disabled,liblc3"

diff --git a/...nnectivity/freeradius/freeradius_3.2.3.bb → ...nnectivity/freeradius/freeradius_3.2.5.bb b/...nnectivity/freeradius/freeradius_3.2.3.bb → ...nnectivity/freeradius/freeradius_3.2.5.bb
@@ -39,7 +39,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0
 
 raddbdir = "${sysconfdir}/${MLPREFIX}raddb"
 
-SRCREV = "db3d1924d9a2e8d37c43872932621f69cfdbb099"
+SRCREV = "a7acce80f5ba2271d9aeb737a4a91a5bf8317f31"
 
 UPSTREAM_CHECK_GITTAGREGEX = "release_(?P<pver>\d+(\_\d+)+)"
 

diff --git a/...pes-connectivity/mbedtls/mbedtls_3.6.1.bb → ...pes-connectivity/mbedtls/mbedtls_3.6.2.bb b/...pes-connectivity/mbedtls/mbedtls_3.6.1.bb → ...pes-connectivity/mbedtls/mbedtls_3.6.2.bb
@@ -27,7 +27,7 @@ SRC_URI = "git://github.com/Mbed-TLS/mbedtls.git;protocol=https;branch=mbedtls-3
 	git://github.com/Mbed-TLS/mbedtls-framework.git;protocol=https;branch=main;destsuffix=git/framework;name=framework \
 	file://run-ptest"
 
-SRCREV = "71c569d44bf3a8bd53d874c81ee8ac644dd6e9e3"
+SRCREV = "107ea89daaefb9867ea9121002fbbdf926780e98"
 SRCREV_framework = "94599c0e3b5036e086446a51a3f79640f70f22f6"
 SRCREV_FORMAT .= "_framework"
 

diff --git a/meta-networking/recipes-connectivity/mosquitto/files/1571.patch b/meta-networking/recipes-connectivity/mosquitto/files/1571.patch
diff --git a/meta-networking/recipes-connectivity/mosquitto/files/2894.patch b/meta-networking/recipes-connectivity/mosquitto/files/2894.patch
diff --git a/...onnectivity/mosquitto/mosquitto_2.0.18.bb → ...onnectivity/mosquitto/mosquitto_2.0.20.bb b/...onnectivity/mosquitto/mosquitto_2.0.18.bb → ...onnectivity/mosquitto/mosquitto_2.0.20.bb
@@ -16,12 +16,10 @@ DEPENDS = "uthash cjson"
 
 SRC_URI = "http://mosquitto.org/files/source/mosquitto-${PV}.tar.gz \
            file://mosquitto.init \
-           file://1571.patch \
-           file://2894.patch \
            file://2895.patch \
 "
 
-SRC_URI[sha256sum] = "d665fe7d0032881b1371a47f34169ee4edab67903b2cd2b4c083822823f4448a"
+SRC_URI[sha256sum] = "ebd07d89d2a446a7f74100ad51272e4a8bf300b61634a7812e19f068f2759de8"
 
 inherit systemd update-rc.d useradd cmake pkgconfig
 

diff --git a/meta-networking/recipes-daemons/squid/squid_6.9.bb b/meta-networking/recipes-daemons/squid/squid_6.9.bb
@@ -147,3 +147,9 @@ FILES:${PN}-networkmanager = "${libdir}/NetworkManager/dispatcher.d"
 
 RDEPENDS:${PN} += "perl ${PN}-conf"
 RDEPENDS:${PN}-ptest += "perl make bash"
+
+python() {
+    # Only ESI feature is vulnerable
+    if not bb.utils.filter('PACKAGECONFIG', 'esi', d):
+        d.setVarFlag("CVE_STATUS", "CVE-2024-45802", "not-applicable-config: esi is disabled")
+}
diff --git a/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb b/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb
@@ -1,7 +1,7 @@
 require wireguard.inc
 
 SRCREV = "3ba6527130c502144e7388b900138bca6260f4e8"
-SRC_URI = "git://git.zx2c4.com/wireguard-tools;branch=master"
+SRC_URI = "git://github.com/WireGuard/wireguard-tools.git;branch=master;protocol=https"
 
 inherit bash-completion systemd pkgconfig
 

diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2024-31948.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2024-31948.patch
@@ -0,0 +1,130 @@
+From a11446687169c679b5e51b57f151a6f6c119656c Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Wed, 27 Mar 2024 18:42:56 +0200
+Subject: [PATCH 1/2] bgpd: Fix error handling when receiving BGP Prefix SID
+ attribute
+
+Without this patch, we always set the BGP Prefix SID attribute flag without
+checking if it's malformed or not. RFC8669 says that this attribute MUST be discarded.
+
+Also, this fixes the bgpd crash when a malformed Prefix SID attribute is received,
+with malformed transitive flags and/or TLVs.
+
+Reported-by: Iggy Frankovic <iggyfran@amazon.com>
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2024-31948
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ bgpd/bgp_attr.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 56e77eb3a..2639ff864 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -1390,6 +1390,7 @@ bgp_attr_malformed(struct bgp_attr_parser_args *args, uint8_t subcode,
+ 	case BGP_ATTR_AS4_AGGREGATOR:
+ 	case BGP_ATTR_AGGREGATOR:
+ 	case BGP_ATTR_ATOMIC_AGGREGATE:
++	case BGP_ATTR_PREFIX_SID:
+ 		return BGP_ATTR_PARSE_PROCEED;
+
+ 	/* Core attributes, particularly ones which may influence route
+@@ -3144,8 +3145,6 @@ enum bgp_attr_parse_ret bgp_attr_prefix_sid(struct bgp_attr_parser_args *args)
+ 	struct attr *const attr = args->attr;
+ 	enum bgp_attr_parse_ret ret;
+
+-	attr->flag |= ATTR_FLAG_BIT(BGP_ATTR_PREFIX_SID);
+-
+ 	uint8_t type;
+ 	uint16_t length;
+ 	size_t headersz = sizeof(type) + sizeof(length);
+@@ -3195,6 +3194,8 @@ enum bgp_attr_parse_ret bgp_attr_prefix_sid(struct bgp_attr_parser_args *args)
+ 		}
+ 	}
+
++	SET_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_PREFIX_SID));
++
+ 	return BGP_ATTR_PARSE_PROCEED;
+ }
+
+-- 
+2.34.1
+
+From 70555e1c0927b84f3aae9406379b00c976b2fa0c Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Wed, 27 Mar 2024 19:08:38 +0200
+Subject: [PATCH 2/2] bgpd: Prevent from one more CVE triggering this place
+
+If we receive an attribute that is handled by bgp_attr_malformed(), use
+treat-as-withdraw behavior for unknown (or missing to add - if new) attributes.
+
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+CVE: CVE-2024-31948
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ bgpd/bgp_attr.c | 33 ++++++++++++++++++++++-----------
+ 1 file changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 2639ff864..797f05d60 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -1381,6 +1381,15 @@ bgp_attr_malformed(struct bgp_attr_parser_args *args, uint8_t subcode,
+ 			(args->startp - STREAM_DATA(BGP_INPUT(peer)))
+ 				+ args->total);
+
++	/* Partial optional attributes that are malformed should not cause
++	 * the whole session to be reset. Instead treat it as a withdrawal
++	 * of the routes, if possible.
++	 */
++	if (CHECK_FLAG(flags, BGP_ATTR_FLAG_TRANS) &&
++	    CHECK_FLAG(flags, BGP_ATTR_FLAG_OPTIONAL) &&
++	    CHECK_FLAG(flags, BGP_ATTR_FLAG_PARTIAL))
++		return BGP_ATTR_PARSE_WITHDRAW;
++
+ 	switch (args->type) {
+ 	/* where an attribute is relatively inconsequential, e.g. it does not
+ 	 * affect route selection, and can be safely ignored, then any such
+@@ -1418,19 +1427,21 @@ bgp_attr_malformed(struct bgp_attr_parser_args *args, uint8_t subcode,
+ 					  BGP_NOTIFY_UPDATE_ERR, subcode,
+ 					  notify_datap, length);
+ 		return BGP_ATTR_PARSE_ERROR;
++	default:
++		/* Unknown attributes, that are handled by this function
++		 * should be treated as withdraw, to prevent one more CVE
++		 * from being introduced.
++		 * RFC 7606 says:
++		 * The "treat-as-withdraw" approach is generally preferred
++		 * and the "session reset" approach is discouraged.
++		 */
++		flog_err(EC_BGP_ATTR_FLAG,
++			 "%s(%u) attribute received, while it is not known how to handle it, treating as withdraw",
++			 lookup_msg(attr_str, args->type, NULL), args->type);
++		break;
+ 	}
+
+-	/* Partial optional attributes that are malformed should not cause
+-	 * the whole session to be reset. Instead treat it as a withdrawal
+-	 * of the routes, if possible.
+-	 */
+-	if (CHECK_FLAG(flags, BGP_ATTR_FLAG_TRANS)
+-	    && CHECK_FLAG(flags, BGP_ATTR_FLAG_OPTIONAL)
+-	    && CHECK_FLAG(flags, BGP_ATTR_FLAG_PARTIAL))
+-		return BGP_ATTR_PARSE_WITHDRAW;
+-
+-	/* default to reset */
+-	return BGP_ATTR_PARSE_ERROR_NOTIFYPLS;
++	return BGP_ATTR_PARSE_WITHDRAW;
+ }
+
+ /* Find out what is wrong with the path attribute flag bits and log the error.
+-- 
+2.34.1
+