From 729276ccdcecfdaa5212649ab048d38464713cd2424b647b8ba5aef04f5c17ae Mon Sep 17 00:00:00 2001 From: Martin Hauke Date: Tue, 15 Nov 2022 14:31:19 +0000 Subject: [PATCH] Accepting request 1035289 from home:mtomaschewski:branches:network - Migration to /usr/etc: Conditionally moved /etc/logrotate.d/frr file to vendor specific directory /usr/etc/logrotate.d and added saving of user changed configuration files in /etc and restoring them while an RPM update. - Declare root as sufficient also in the pam account verification; without vtysh use causes to log a pam frr:account warnings (https://github.com/FRRouting/frr/pull/12308) [+ 0005-root-ok-in-account-frr.pam.patch] - Applied fix removing a not needed backslash causing to log a warning (https://github.com/FRRouting/frr/pull/12307) [+ 0004-tools-remove-backslash-from-declare-check-regex.patch] - Applied upstream fixes for frrinit.sh to avoid a privilege escalation from frr to root in frr config creation (bsc#1204124,CVE-2022-42917, https://github.com/FRRouting/frr/pull/12157). [+ 0003-tools-Run-as-FRR_USER-install-chown-commands-to-avoi.patch] - Removed obsolete patches provided in the 8.4 source archive: [- 0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch, - 0004-babeld-fix-10502-10503-by-repairing-the-checks-on-le.patch, - 0005-isisd-fix-router-capability-TLV-parsing-issues.patch, - 0006-isisd-fix-10505-using-base64-encoding.patch, - 0007-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch, - 0008-isisd-Ensure-rcap-is-freed-in-error-case.patch] - Update to version 8.4, see https://frrouting.org/release/8.4/ * New BGP command (neighbor PEER soo) to configure SoO to prevent routing loops and suboptimal routing on dual-homed sites. * Command debug bgp allow-martian replaced to bgp allow-martian-nexthop because previously we allowed using martian next-hops when debug is turned on. * Implement BGP Prefix Origin Validation State Extended Community rfc8097 * Implement Route Leak Prevention and Detection Using Roles in UPDATE OBS-URL: https://build.opensuse.org/request/show/1035289 OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=43 --- ...7-by-adding-a-check-on-packet-length.patch | 52 -- ..._USER-install-chown-commands-to-avoi.patch | 93 ++++ ...-10503-by-repairing-the-checks-on-le.patch | 95 ---- ...e-backslash-from-declare-check-regex.patch | 29 ++ ...router-capability-TLV-parsing-issues.patch | 208 -------- 0005-root-ok-in-account-frr.pam.patch | 33 ++ ...sisd-fix-10505-using-base64-encoding.patch | 456 ------------------ ...dr-length-is-at-a-minimum-of-what-is.patch | 34 -- ...d-Ensure-rcap-is-freed-in-error-case.patch | 41 -- frr-8.1.tar.gz | 3 - frr-8.4.tar.gz | 3 + frr.changes | 59 +++ frr.spec | 42 +- 13 files changed, 246 insertions(+), 902 deletions(-) delete mode 100644 0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch create mode 100644 0003-tools-Run-as-FRR_USER-install-chown-commands-to-avoi.patch delete mode 100644 0004-babeld-fix-10502-10503-by-repairing-the-checks-on-le.patch create mode 100644 0004-tools-remove-backslash-from-declare-check-regex.patch delete mode 100644 0005-isisd-fix-router-capability-TLV-parsing-issues.patch create mode 100644 0005-root-ok-in-account-frr.pam.patch delete mode 100644 0006-isisd-fix-10505-using-base64-encoding.patch delete mode 100644 0007-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch delete mode 100644 0008-isisd-Ensure-rcap-is-freed-in-error-case.patch delete mode 100644 frr-8.1.tar.gz create mode 100644 frr-8.4.tar.gz diff --git a/0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch b/0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch deleted file mode 100644 index 6582dc5..0000000 --- a/0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 50044ec7fe129e0a74d3a679dd29fe17ce30e6bf Mon Sep 17 00:00:00 2001 -From: whichbug -Date: Thu, 3 Feb 2022 12:01:31 -0500 -Upstream: yes -References: bsc#1196503,CVE-2022-26127 -Subject: [PATCH] babeld: fix #10487 by adding a check on packet length - -The body length of a packet should satisfy the condition: -packetlen >= bodylen + 4. Otherwise, heap overflows may happen. - -Signed-off-by: whichbug - -diff --git a/babeld/message.c b/babeld/message.c -index 5c2e29d8b..3a29b6a60 100644 ---- a/babeld/message.c -+++ b/babeld/message.c -@@ -288,13 +288,18 @@ channels_len(unsigned char *channels) - static int - babel_packet_examin(const unsigned char *packet, int packetlen) - { -- unsigned i = 0, bodylen; -+ int i = 0, bodylen; - const unsigned char *message; - unsigned char type, len; - - if(packetlen < 4 || packet[0] != 42 || packet[1] != 2) - return 1; - DO_NTOHS(bodylen, packet + 2); -+ if(bodylen + 4 > packetlen) { -+ debugf(BABEL_DEBUG_COMMON, "Received truncated packet (%d + 4 > %d).", -+ bodylen, packetlen); -+ return 1; -+ } - while (i < bodylen){ - message = packet + 4 + i; - type = message[0]; -@@ -366,12 +371,6 @@ parse_packet(const unsigned char *from, struct interface *ifp, - - DO_NTOHS(bodylen, packet + 2); - -- if(bodylen + 4 > packetlen) { -- flog_err(EC_BABEL_PACKET, "Received truncated packet (%d + 4 > %d).", -- bodylen, packetlen); -- bodylen = packetlen - 4; -- } -- - i = 0; - while(i < bodylen) { - message = packet + 4 + i; --- -2.34.1 - diff --git a/0003-tools-Run-as-FRR_USER-install-chown-commands-to-avoi.patch b/0003-tools-Run-as-FRR_USER-install-chown-commands-to-avoi.patch new file mode 100644 index 0000000..7279f97 --- /dev/null +++ b/0003-tools-Run-as-FRR_USER-install-chown-commands-to-avoi.patch @@ -0,0 +1,93 @@ +From 401053f3ccc7be3a6a976f6f7f1674bdeb3c983e Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis +Date: Thu, 20 Oct 2022 09:10:22 +0300 +References: bsc#1204124,CVE-2022-42917,https://github.com/FRRouting/frr/pull/12157 +Upstream: submitted +Subject: [PATCH] tools: Run as FRR_USER `install/chown` commands to avoid race + conditions + +This is due to CVE-2022-42917: https://bugzilla.suse.com/show_bug.cgi?id=1204124 + +install/chown is in most cases (as I tested) is enough, but still, can be racy. + +Tested on Linux/OpenBSD/NetBSD/FreeBSD, seems a unified way to do this. + +For Linux `runuser` can be used, but *BSD do not have this command. + +Proof of concept: + +``` +% sudo su - frr +[sudo] password for donatas: +su: warning: cannot change directory to /nonexistent: No such file or directory +frr@donatas-laptop:/home/donatas$ cd /etc/frr/ +frr@donatas-laptop:/etc/frr$ rm -f zebra.conf; inotifywait -e CREATE .; rm -f zebra.conf; ln -s /etc/shadow zebra.conf +Setting up watches. +Watches established. +./ CREATE zebra.conf +frr@donatas-laptop:/etc/frr$ ls -la zebra.conf +lrwxrwxrwx 1 frr frr 11 spal. 20 09:25 zebra.conf -> /etc/shadow +frr@donatas-laptop:/etc/frr$ cat zebra.conf +cat: zebra.conf: Permission denied +frr@donatas-laptop:/etc/frr$ +``` + +On the other terminal do: + +``` +/usr/lib/frr/frrinit.sh restart +``` + +Signed-off-by: Donatas Abraitis + +diff --git a/tools/frr.in b/tools/frr.in +index e9f1122834..5f3f425a1e 100755 +--- a/tools/frr.in ++++ b/tools/frr.in +@@ -96,10 +96,10 @@ check_daemon() + # check for config file + if [ -n "$2" ]; then + if [ ! -r "$C_PATH/$1-$2.conf" ]; then +- install -g "$FRR_GROUP" -o "$FRR_USER" -m "$FRR_CONFIG_MODE" /dev/null "$C_PATH/$1-$2.conf" ++ su - "${FRR_USER}" -c "install -g \"$FRR_GROUP\" -o \"$FRR_USER\" -m \"$FRR_CONFIG_MODE\" /dev/null \"$C_PATH/$1-$2.conf\"" + fi + elif [ ! -r "$C_PATH/$1.conf" ]; then +- install -g "$FRR_GROUP" -o "$FRR_USER" -m "$FRR_CONFIG_MODE" /dev/null "$C_PATH/$1.conf" ++ su - "${FRR_USER}" -c "install -g \"$FRR_GROUP\" -o \"$FRR_USER\" -m \"$FRR_CONFIG_MODE\" /dev/null \"$C_PATH/$1.conf\"" + fi + fi + return 0 +@@ -524,7 +524,7 @@ convert_daemon_prios + + if [ ! -d $V_PATH ]; then + echo "Creating $V_PATH" +- install -g "$FRR_GROUP" -o "$FRR_USER" -m "$FRR_CONFIG_MODE" -d "$V_PATH" ++ su - "${FRR_USER}" -c "install -g \"$FRR_GROUP\" -o \"$FRR_USER\" -m \"$FRR_CONFIG_MODE\" -d \"$V_PATH\"" + chmod gu+x "${V_PATH}" + fi + +diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in +index 61f1abb378..4d5d688d57 100755 +--- a/tools/frrcommon.sh.in ++++ b/tools/frrcommon.sh.in +@@ -143,7 +143,7 @@ daemon_prep() { + + cfg="$C_PATH/$daemon${inst:+-$inst}.conf" + if [ ! -r "$cfg" ]; then +- install -g "$FRR_GROUP" -o "$FRR_USER" -m "$FRR_CONFIG_MODE" /dev/null "$cfg" ++ su - "${FRR_USER}" -c "install -g \"$FRR_GROUP\" -o \"$FRR_USER\" -m \"$FRR_CONFIG_MODE\" /dev/null \"$cfg\"" + fi + return 0 + } +@@ -161,7 +161,7 @@ daemon_start() { + [ "$MAX_FDS" != "" ] && ulimit -n "$MAX_FDS" > /dev/null 2> /dev/null + daemon_prep "$daemon" "$inst" || return 1 + if test ! -d "$V_PATH"; then +- install -g "$FRR_GROUP" -o "$FRR_USER" -m "$FRR_CONFIG_MODE" -d "$V_PATH" ++ su - "${FRR_USER}" -c "install -g \"$FRR_GROUP\" -o \"$FRR_USER\" -m \"$FRR_CONFIG_MODE\" -d \"$V_PATH\"" + chmod gu+x "${V_PATH}" + fi + +-- +2.35.3 + diff --git a/0004-babeld-fix-10502-10503-by-repairing-the-checks-on-le.patch b/0004-babeld-fix-10502-10503-by-repairing-the-checks-on-le.patch deleted file mode 100644 index b93d284..0000000 --- a/0004-babeld-fix-10502-10503-by-repairing-the-checks-on-le.patch +++ /dev/null @@ -1,95 +0,0 @@ -From c3793352a8d76d2eee1edc38a9a16c1c8a6573f4 Mon Sep 17 00:00:00 2001 -From: qingkaishi -Date: Fri, 4 Feb 2022 16:41:11 -0500 -Upstream: yes -References: bsc#1196504,bsc#1196507,CVE-2022-26128,CVE-2022-26129 -Subject: [PATCH] babeld: fix #10502 #10503 by repairing the checks on length - -This patch repairs the checking conditions on length in four functions: -babel_packet_examin, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv - -Signed-off-by: qingkaishi - -diff --git a/babeld/message.c b/babeld/message.c -index 5c2e29d8b..053538700 100644 ---- a/babeld/message.c -+++ b/babeld/message.c -@@ -140,12 +140,12 @@ parse_update_subtlv(const unsigned char *a, int alen, - continue; - } - -- if(i + 1 > alen) { -+ if(i + 1 >= alen) { - flog_err(EC_BABEL_PACKET, "Received truncated attributes."); - return; - } - len = a[i + 1]; -- if(i + len > alen) { -+ if(i + len + 2 > alen) { - flog_err(EC_BABEL_PACKET, "Received truncated attributes."); - return; - } -@@ -182,19 +182,19 @@ parse_hello_subtlv(const unsigned char *a, int alen, - int type, len, i = 0, ret = 0; - - while(i < alen) { -- type = a[0]; -+ type = a[i]; - if(type == SUBTLV_PAD1) { - i++; - continue; - } - -- if(i + 1 > alen) { -+ if(i + 1 >= alen) { - flog_err(EC_BABEL_PACKET, - "Received truncated sub-TLV on Hello message."); - return -1; - } - len = a[i + 1]; -- if(i + len > alen) { -+ if(i + len + 2 > alen) { - flog_err(EC_BABEL_PACKET, - "Received truncated sub-TLV on Hello message."); - return -1; -@@ -228,19 +228,19 @@ parse_ihu_subtlv(const unsigned char *a, int alen, - int type, len, i = 0, ret = 0; - - while(i < alen) { -- type = a[0]; -+ type = a[i]; - if(type == SUBTLV_PAD1) { - i++; - continue; - } - -- if(i + 1 > alen) { -+ if(i + 1 >= alen) { - flog_err(EC_BABEL_PACKET, - "Received truncated sub-TLV on IHU message."); - return -1; - } - len = a[i + 1]; -- if(i + len > alen) { -+ if(i + len + 2 > alen) { - flog_err(EC_BABEL_PACKET, - "Received truncated sub-TLV on IHU message."); - return -1; -@@ -302,12 +302,12 @@ babel_packet_examin(const unsigned char *packet, int packetlen) - i++; - continue; - } -- if(i + 1 > bodylen) { -+ if(i + 2 > bodylen) { - debugf(BABEL_DEBUG_COMMON,"Received truncated message."); - return 1; - } - len = message[1]; -- if(i + len > bodylen) { -+ if(i + len + 2 > bodylen) { - debugf(BABEL_DEBUG_COMMON,"Received truncated message."); - return 1; - } --- -2.34.1 - diff --git a/0004-tools-remove-backslash-from-declare-check-regex.patch b/0004-tools-remove-backslash-from-declare-check-regex.patch new file mode 100644 index 0000000..3ec363d --- /dev/null +++ b/0004-tools-remove-backslash-from-declare-check-regex.patch @@ -0,0 +1,29 @@ +From 3474b220e036497e6bbe23428645217c275f9f87 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Fri, 11 Nov 2022 12:26:04 +0100 +References: https://github.com/FRRouting/frr/pull/12307 +Upstream: submitted +Subject: [PATCH] tools: remove backslash from declare check regex + +The backslash in `grep -q '^declare \-a'` is not needed and +causes `grep: warning: stray \ before -` warning in grep-3.8. +--- + tools/frrcommon.sh.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in +index 61f1abb378..3c16c27c6d 100755 +--- a/tools/frrcommon.sh.in ++++ b/tools/frrcommon.sh.in +@@ -335,7 +335,7 @@ if [ -z "$FRR_PATHSPACE" ]; then + load_old_config "/etc/sysconfig/frr" + fi + +-if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare \-a'; then ++if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare -a'; then + log_warning_msg "watchfrr_options contains a bash array value." \ + "The configured value is intentionally ignored since it is likely wrong." \ + "Please remove or fix the setting." +-- +2.35.3 + diff --git a/0005-isisd-fix-router-capability-TLV-parsing-issues.patch b/0005-isisd-fix-router-capability-TLV-parsing-issues.patch deleted file mode 100644 index acc1650..0000000 --- a/0005-isisd-fix-router-capability-TLV-parsing-issues.patch +++ /dev/null @@ -1,208 +0,0 @@ -From 9ba865f54d331c550629304cb25e77ac81455803 Mon Sep 17 00:00:00 2001 -From: Juraj Vijtiuk -Date: Wed, 13 Oct 2021 18:32:53 +0200 -Upstream: yes -References: bsc#1196505, CVE-2022-26125 -Subject: [PATCH] isisd: fix router capability TLV parsing issues - -isis_tlvs.c would fail at multiple places if incorrect TLVs were -received causing stream assertion violations. -This patch fixes the issues by adding missing length checks, missing -consumed length updates and handling malformed Segment Routing subTLVs. - -Signed-off-by: Juraj Vijtiuk - -Small adjustments by Igor Ryzhov: -- fix incorrect replacement of srgb by srlb on lines 3052 and 3054 -- add length check for ISIS_SUBTLV_ALGORITHM -- fix conflict in fuzzing data during rebase - -Signed-off-by: Igor Ryzhov - -diff --git a/isisd/isis_tlvs.c b/isisd/isis_tlvs.c -index 9a442e037..f1aae7caf 100644 ---- a/isisd/isis_tlvs.c -+++ b/isisd/isis_tlvs.c -@@ -3007,28 +3007,55 @@ static int unpack_tlv_router_cap(enum isis_tlv_context context, - - type = stream_getc(s); - length = stream_getc(s); -+ -+ if (length > STREAM_READABLE(s) || length > subtlv_len - 2) { -+ sbuf_push( -+ log, indent, -+ "WARNING: Router Capability subTLV length too large compared to expected size\n"); -+ stream_forward_getp(s, STREAM_READABLE(s)); -+ -+ return 0; -+ } -+ - switch (type) { - case ISIS_SUBTLV_SID_LABEL_RANGE: - /* Check that SRGB is correctly formated */ - if (length < SUBTLV_RANGE_LABEL_SIZE - || length > SUBTLV_RANGE_INDEX_SIZE) { - stream_forward_getp(s, length); -- continue; -+ break; - } - /* Only one SRGB is supported. Skip subsequent one */ - if (rcap->srgb.range_size != 0) { - stream_forward_getp(s, length); -- continue; -+ break; - } - rcap->srgb.flags = stream_getc(s); - rcap->srgb.range_size = stream_get3(s); - /* Skip Type and get Length of SID Label */ - stream_getc(s); - size = stream_getc(s); -- if (size == ISIS_SUBTLV_SID_LABEL_SIZE) -+ -+ if (size == ISIS_SUBTLV_SID_LABEL_SIZE -+ && length != SUBTLV_RANGE_LABEL_SIZE) { -+ stream_forward_getp(s, length - 6); -+ break; -+ } -+ -+ if (size == ISIS_SUBTLV_SID_INDEX_SIZE -+ && length != SUBTLV_RANGE_INDEX_SIZE) { -+ stream_forward_getp(s, length - 6); -+ break; -+ } -+ -+ if (size == ISIS_SUBTLV_SID_LABEL_SIZE) { - rcap->srgb.lower_bound = stream_get3(s); -- else -+ } else if (size == ISIS_SUBTLV_SID_INDEX_SIZE) { - rcap->srgb.lower_bound = stream_getl(s); -+ } else { -+ stream_forward_getp(s, length - 6); -+ break; -+ } - - /* SRGB sanity checks. */ - if (rcap->srgb.range_size == 0 -@@ -3042,9 +3069,12 @@ static int unpack_tlv_router_cap(enum isis_tlv_context context, - /* Only one range is supported. Skip subsequent one */ - size = length - (size + SUBTLV_SR_BLOCK_SIZE); - if (size > 0) -- stream_forward_getp(s, length); -+ stream_forward_getp(s, size); -+ - break; - case ISIS_SUBTLV_ALGORITHM: -+ if (length == 0) -+ break; - /* Only 2 algorithms are supported: SPF & Strict SPF */ - stream_get(&rcap->algo, s, - length > SR_ALGORITHM_COUNT -@@ -3059,12 +3089,12 @@ static int unpack_tlv_router_cap(enum isis_tlv_context context, - if (length < SUBTLV_RANGE_LABEL_SIZE - || length > SUBTLV_RANGE_INDEX_SIZE) { - stream_forward_getp(s, length); -- continue; -+ break; - } - /* RFC 8667 section #3.3: Only one SRLB is authorized */ - if (rcap->srlb.range_size != 0) { - stream_forward_getp(s, length); -- continue; -+ break; - } - /* Ignore Flags which are not defined */ - stream_getc(s); -@@ -3072,10 +3102,27 @@ static int unpack_tlv_router_cap(enum isis_tlv_context context, - /* Skip Type and get Length of SID Label */ - stream_getc(s); - size = stream_getc(s); -- if (size == ISIS_SUBTLV_SID_LABEL_SIZE) -+ -+ if (size == ISIS_SUBTLV_SID_LABEL_SIZE -+ && length != SUBTLV_RANGE_LABEL_SIZE) { -+ stream_forward_getp(s, length - 6); -+ break; -+ } -+ -+ if (size == ISIS_SUBTLV_SID_INDEX_SIZE -+ && length != SUBTLV_RANGE_INDEX_SIZE) { -+ stream_forward_getp(s, length - 6); -+ break; -+ } -+ -+ if (size == ISIS_SUBTLV_SID_LABEL_SIZE) { - rcap->srlb.lower_bound = stream_get3(s); -- else -+ } else if (size == ISIS_SUBTLV_SID_INDEX_SIZE) { - rcap->srlb.lower_bound = stream_getl(s); -+ } else { -+ stream_forward_getp(s, length - 6); -+ break; -+ } - - /* SRLB sanity checks. */ - if (rcap->srlb.range_size == 0 -@@ -3089,13 +3136,14 @@ static int unpack_tlv_router_cap(enum isis_tlv_context context, - /* Only one range is supported. Skip subsequent one */ - size = length - (size + SUBTLV_SR_BLOCK_SIZE); - if (size > 0) -- stream_forward_getp(s, length); -+ stream_forward_getp(s, size); -+ - break; - case ISIS_SUBTLV_NODE_MSD: - /* Check that MSD is correctly formated */ - if (length < MSD_TLV_SIZE) { - stream_forward_getp(s, length); -- continue; -+ break; - } - msd_type = stream_getc(s); - rcap->msd = stream_getc(s); -diff --git a/isisd/isis_tlvs.h b/isisd/isis_tlvs.h -index 38470ef85..0c6ed11cb 100644 ---- a/isisd/isis_tlvs.h -+++ b/isisd/isis_tlvs.h -@@ -447,6 +447,7 @@ enum ext_subtlv_size { - - /* RFC 8667 sections #2 & #3 */ - ISIS_SUBTLV_SID_LABEL_SIZE = 3, -+ ISIS_SUBTLV_SID_INDEX_SIZE = 4, - ISIS_SUBTLV_SID_LABEL_RANGE_SIZE = 9, - ISIS_SUBTLV_ALGORITHM_SIZE = 4, - ISIS_SUBTLV_ADJ_SID_SIZE = 5, -# -# Extracted: -# diff --git a/tests/isisd/test_fuzz_isis_tlv_tests.h.gz b/tests/isisd/test_fuzz_isis_tlv_tests.h.gz -# index accc906bf25853bd417cff25840b233f98d1221e..20b1dc33f9593661b8310dc0c205e68d022de480 100644 -# GIT binary patch -# literal 222652 -# ---- a/tests/isisd/test_fuzz_isis_tlv_tests.h -+++ b/tests/isisd/test_fuzz_isis_tlv_tests.h -@@ -1139,9 +1139,9 @@ - { - .input = "\xc1\x0d\x49\x10\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf2\x0c\xfd\xd4\x80\xf2\xff\xfc\x7f\x08\xf5\xeb\x0d\xee\x97\x01\xa1\xa5\x65\x80\xf2\xf0\xe7\x21\x04\x7f\xff\x08\xf5\x54\x54\xcc\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x64\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x34\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\xcc\x54\x54\x54\x54\x54\x54\x43\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x00\x00\x00\x00\x00\x00\x38\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xff\xff\xf6\x00\x00\x00\x00\x00\x00\x00\x80\xff\xff\xff\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x00\x00\x00\x80\xff\xff\xff\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2c\x30\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd8\xd8\xd8\xd8\xd8\xd8\x05\xff\xff\x05\xd8\xd8\xd8\xd8\xd8\xd8\xd8\xd8\xd8\xd8\xd8\xd8\xd8\xd8\xd8\xd8\xd8\xd8\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xf2\x00\x00\x10\xde\xff\xff\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12", - .input_len = 564, -- .output = "\x43\x6f\x75\x6c\x64\x20\x6e\x6f\x74\x20\x75\x6e\x70\x61\x63\x6b\x20\x54\x4c\x56\x73\x3a\x0a\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x35\x36\x34\x20\x62\x79\x74\x65\x73\x20\x6f\x66\x20\x54\x4c\x56\x73\x2e\x2e\x2e\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x31\x39\x33\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x31\x33\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x31\x39\x33\x20\x28\x31\x33\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x32\x34\x32\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x31\x32\x2e\x0a\x20\x20\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x52\x6f\x75\x74\x65\x72\x20\x43\x61\x70\x61\x62\x69\x6c\x69\x74\x79\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x20\x64\x61\x74\x61\x20\x31\x20\x74\x6f\x6f\x20\x73\x68\x6f\x72\x74\x20\x74\x6f\x20\x63\x6f\x6e\x74\x61\x69\x6e\x20\x61\x20\x54\x4c\x56\x20\x68\x65\x61\x64\x65\x72\x2e\x0a\x0a", -- .output_len = 1415, -- .ret = 2 -+ .output = "\x55\x6e\x70\x61\x63\x6b\x20\x6c\x6f\x67\x3a\x0a\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x35\x36\x34\x20\x62\x79\x74\x65\x73\x20\x6f\x66\x20\x54\x4c\x56\x73\x2e\x2e\x2e\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x31\x39\x33\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x31\x33\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x31\x39\x33\x20\x28\x31\x33\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x32\x34\x32\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x31\x32\x2e\x0a\x20\x20\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x52\x6f\x75\x74\x65\x72\x20\x43\x61\x70\x61\x62\x69\x6c\x69\x74\x79\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x57\x41\x52\x4e\x49\x4e\x47\x3a\x20\x52\x6f\x75\x74\x65\x72\x20\x43\x61\x70\x61\x62\x69\x6c\x69\x74\x79\x20\x73\x75\x62\x54\x4c\x56\x20\x6c\x65\x6e\x67\x74\x68\x20\x74\x6f\x6f\x20\x6c\x61\x72\x67\x65\x20\x63\x6f\x6d\x70\x61\x72\x65\x64\x20\x74\x6f\x20\x65\x78\x70\x65\x63\x74\x65\x64\x20\x73\x69\x7a\x65\x0a\x55\x6e\x70\x61\x63\x6b\x65\x64\x20\x54\x4c\x56\x73\x3a\x0a", -+ .output_len = 514, -+ .ret = 0 - }, - - { -@@ -1227,9 +1227,9 @@ - { - .input = "\x81\x0d\x49\x10\xff\xff\xff\x65\x0a\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x54\x54\x08\xf5\xeb\x0d\x97\x80\xf2\x0c\xfd\xd4\x80\xf2\xff\xfc\x7f\x08\xf5\xeb\x0d\xee\x97\x01\xa1\xa7\x65\x80\xf2\xf0\xf5\x21\x04\x7f\xff\x08\xf5\x54\x54\xcc\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x00\xfd\x0a\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x54\x54\x6b\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\xcc\x54\x54\x54\x54\x54\x54\x41\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x54\x00\x00\x00\x00\x00\x00\x00\x00\x00\x54\x00\x00\x00\x00\x00\x2c\x2c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf6\x00\x0b\x00\x00\x00\x05\xff\xff\x05\x00\x00\x00\x00\x00\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x36\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x54\x54\x54\x54\x54\x00\x00\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xef\x00\x00\x00\x00\x00\x00\x00\x52\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xfb\x00\x00\x04\x00\x00\x00\x00\x00\xff\x00\x00\xff\xf2\x00\x00\x00\xde\xff\xff\x00\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf9\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\x00\x00\x00\x00\x00\x12", - .input_len = 403, -- .output = "\x43\x6f\x75\x6c\x64\x20\x6e\x6f\x74\x20\x75\x6e\x70\x61\x63\x6b\x20\x54\x4c\x56\x73\x3a\x0a\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x34\x30\x33\x20\x62\x79\x74\x65\x73\x20\x6f\x66\x20\x54\x4c\x56\x73\x2e\x2e\x2e\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x31\x32\x39\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x31\x33\x2e\x0a\x20\x20\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x50\x72\x6f\x74\x6f\x63\x6f\x6c\x73\x20\x53\x75\x70\x70\x6f\x72\x74\x65\x64\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x20\x20\x50\x72\x6f\x74\x6f\x63\x6f\x6c\x73\x20\x53\x75\x70\x70\x6f\x72\x74\x65\x64\x3a\x20\x37\x33\x2c\x20\x31\x36\x2c\x20\x32\x35\x35\x2c\x20\x32\x35\x35\x2c\x20\x32\x35\x35\x2c\x20\x31\x30\x31\x2c\x20\x31\x30\x2c\x20\x31\x31\x2c\x20\x31\x31\x2c\x20\x31\x31\x2c\x20\x31\x31\x2c\x20\x31\x31\x2c\x20\x31\x31\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x31\x31\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x31\x31\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x31\x31\x20\x28\x31\x31\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x32\x34\x32\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x31\x32\x2e\x0a\x20\x20\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x52\x6f\x75\x74\x65\x72\x20\x43\x61\x70\x61\x62\x69\x6c\x69\x74\x79\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x30\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x30\x20\x28\x30\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x30\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x32\x35\x35\x2e\x0a\x20\x20\x20\x20\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x20\x64\x61\x74\x61\x20\x39\x31\x20\x74\x6f\x6f\x20\x73\x68\x6f\x72\x74\x20\x66\x6f\x72\x20\x63\x6c\x61\x69\x6d\x65\x64\x20\x54\x4c\x56\x20\x6c\x65\x6e\x20\x32\x35\x35\x2e\x0a\x0a", -- .output_len = 1176, -- .ret = 2 -+ .output = "\x55\x6e\x70\x61\x63\x6b\x20\x6c\x6f\x67\x3a\x0a\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x34\x30\x33\x20\x62\x79\x74\x65\x73\x20\x6f\x66\x20\x54\x4c\x56\x73\x2e\x2e\x2e\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x31\x32\x39\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x31\x33\x2e\x0a\x20\x20\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x50\x72\x6f\x74\x6f\x63\x6f\x6c\x73\x20\x53\x75\x70\x70\x6f\x72\x74\x65\x64\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x20\x20\x50\x72\x6f\x74\x6f\x63\x6f\x6c\x73\x20\x53\x75\x70\x70\x6f\x72\x74\x65\x64\x3a\x20\x37\x33\x2c\x20\x31\x36\x2c\x20\x32\x35\x35\x2c\x20\x32\x35\x35\x2c\x20\x32\x35\x35\x2c\x20\x31\x30\x31\x2c\x20\x31\x30\x2c\x20\x31\x31\x2c\x20\x31\x31\x2c\x20\x31\x31\x2c\x20\x31\x31\x2c\x20\x31\x31\x2c\x20\x31\x31\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x31\x31\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x31\x31\x2e\x0a\x20\x20\x20\x20\x53\x6b\x69\x70\x70\x69\x6e\x67\x20\x75\x6e\x6b\x6e\x6f\x77\x6e\x20\x54\x4c\x56\x20\x31\x31\x20\x28\x31\x31\x20\x62\x79\x74\x65\x73\x29\x0a\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x46\x6f\x75\x6e\x64\x20\x54\x4c\x56\x20\x6f\x66\x20\x74\x79\x70\x65\x20\x32\x34\x32\x20\x61\x6e\x64\x20\x6c\x65\x6e\x20\x31\x32\x2e\x0a\x20\x20\x20\x20\x55\x6e\x70\x61\x63\x6b\x69\x6e\x67\x20\x52\x6f\x75\x74\x65\x72\x20\x43\x61\x70\x61\x62\x69\x6c\x69\x74\x79\x20\x54\x4c\x56\x2e\x2e\x2e\x0a\x20\x20\x20\x20\x57\x41\x52\x4e\x49\x4e\x47\x3a\x20\x52\x6f\x75\x74\x65\x72\x20\x43\x61\x70\x61\x62\x69\x6c\x69\x74\x79\x20\x73\x75\x62\x54\x4c\x56\x20\x6c\x65\x6e\x67\x74\x68\x20\x74\x6f\x6f\x20\x6c\x61\x72\x67\x65\x20\x63\x6f\x6d\x70\x61\x72\x65\x64\x20\x74\x6f\x20\x65\x78\x70\x65\x63\x74\x65\x64\x20\x73\x69\x7a\x65\x0a\x55\x6e\x70\x61\x63\x6b\x65\x64\x20\x54\x4c\x56\x73\x3a\x0a\x50\x72\x6f\x74\x6f\x63\x6f\x6c\x73\x20\x53\x75\x70\x70\x6f\x72\x74\x65\x64\x3a\x20\x37\x33\x2c\x20\x31\x36\x2c\x20\x32\x35\x35\x2c\x20\x32\x35\x35\x2c\x20\x32\x35\x35\x2c\x20\x31\x30\x31\x2c\x20\x31\x30\x2c\x20\x31\x31\x2c\x20\x31\x31\x2c\x20\x31\x31\x2c\x20\x31\x31\x2c\x20\x31\x31\x2c\x20\x31\x31\x0a", -+ .output_len = 586, -+ .ret = 0 - }, - - { diff --git a/0005-root-ok-in-account-frr.pam.patch b/0005-root-ok-in-account-frr.pam.patch new file mode 100644 index 0000000..a051878 --- /dev/null +++ b/0005-root-ok-in-account-frr.pam.patch @@ -0,0 +1,33 @@ +From cb467471b31cd653e758bc3f82fffe7c44654796 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Fri, 11 Nov 2022 14:50:12 +0100 +References: https://github.com/FRRouting/frr/pull/12308 +Upstream: submitted +Subject: [PATCH] pam: declare root as sufficient frr pam account + +https://github.com/FRRouting/frr/pull/11465 enabled account verification, +but the pam config declares rootok as sufficient in authentication only +and not in account verification, what causes warning in the log: + +vtysh[3747]: pam_warn(frr:account): function=[pam_sm_acct_mgmt] + flags=0 service=[frr] terminal=[] user=[root] + ruser=[] rhost=[] +--- + redhat/frr.pam | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/redhat/frr.pam b/redhat/frr.pam +index 5cef5d9d74..17a62f1999 100644 +--- a/redhat/frr.pam ++++ b/redhat/frr.pam +@@ -5,6 +5,7 @@ + # Only allow root (and possibly wheel) to use this because enable access + # is unrestricted. + auth sufficient pam_rootok.so ++account sufficient pam_rootok.so + + # Uncomment the following line to implicitly trust users in the "wheel" group. + #auth sufficient pam_wheel.so trust use_uid +-- +2.35.3 + diff --git a/0006-isisd-fix-10505-using-base64-encoding.patch b/0006-isisd-fix-10505-using-base64-encoding.patch deleted file mode 100644 index b6d64b0..0000000 --- a/0006-isisd-fix-10505-using-base64-encoding.patch +++ /dev/null @@ -1,456 +0,0 @@ -From ac3133450de12ba86c051265fc0f1b12bc57b40c Mon Sep 17 00:00:00 2001 -From: whichbug -Date: Thu, 10 Feb 2022 22:49:41 -0500 -Upstream: yes -References: bsc#1196506,CVE-2022-26126 -Subject: [PATCH] isisd: fix #10505 using base64 encoding - -Using base64 instead of the raw string to encode -the binary data. - -Signed-off-by: whichbug - -diff --git a/isisd/isis_nb_notifications.c b/isisd/isis_nb_notifications.c -index f219632ac..fd7b1b315 100644 ---- a/isisd/isis_nb_notifications.c -+++ b/isisd/isis_nb_notifications.c -@@ -245,7 +245,7 @@ void isis_notif_max_area_addr_mismatch(const struct isis_circuit *circuit, - data = yang_data_new_uint8(xpath_arg, max_area_addrs); - listnode_add(arguments, data); - snprintf(xpath_arg, sizeof(xpath_arg), "%s/raw-pdu", xpath); -- data = yang_data_new(xpath_arg, raw_pdu); -+ data = yang_data_new_binary(xpath_arg, raw_pdu, raw_pdu_len); - listnode_add(arguments, data); - - hook_call(isis_hook_max_area_addr_mismatch, circuit, max_area_addrs, -@@ -270,7 +270,7 @@ void isis_notif_authentication_type_failure(const struct isis_circuit *circuit, - notif_prep_instance_hdr(xpath, area, "default", arguments); - notif_prepr_iface_hdr(xpath, circuit, arguments); - snprintf(xpath_arg, sizeof(xpath_arg), "%s/raw-pdu", xpath); -- data = yang_data_new(xpath_arg, raw_pdu); -+ data = yang_data_new_binary(xpath_arg, raw_pdu, raw_pdu_len); - listnode_add(arguments, data); - - hook_call(isis_hook_authentication_type_failure, circuit, raw_pdu, -@@ -294,7 +294,7 @@ void isis_notif_authentication_failure(const struct isis_circuit *circuit, - notif_prep_instance_hdr(xpath, area, "default", arguments); - notif_prepr_iface_hdr(xpath, circuit, arguments); - snprintf(xpath_arg, sizeof(xpath_arg), "%s/raw-pdu", xpath); -- data = yang_data_new(xpath_arg, raw_pdu); -+ data = yang_data_new_binary(xpath_arg, raw_pdu, raw_pdu_len); - listnode_add(arguments, data); - - hook_call(isis_hook_authentication_failure, circuit, raw_pdu, -@@ -361,7 +361,7 @@ void isis_notif_reject_adjacency(const struct isis_circuit *circuit, - data = yang_data_new_string(xpath_arg, reason); - listnode_add(arguments, data); - snprintf(xpath_arg, sizeof(xpath_arg), "%s/raw-pdu", xpath); -- data = yang_data_new(xpath_arg, raw_pdu); -+ data = yang_data_new_binary(xpath_arg, raw_pdu, raw_pdu_len); - listnode_add(arguments, data); - - hook_call(isis_hook_reject_adjacency, circuit, raw_pdu, raw_pdu_len); -@@ -384,7 +384,7 @@ void isis_notif_area_mismatch(const struct isis_circuit *circuit, - notif_prep_instance_hdr(xpath, area, "default", arguments); - notif_prepr_iface_hdr(xpath, circuit, arguments); - snprintf(xpath_arg, sizeof(xpath_arg), "%s/raw-pdu", xpath); -- data = yang_data_new(xpath_arg, raw_pdu); -+ data = yang_data_new_binary(xpath_arg, raw_pdu, raw_pdu_len); - listnode_add(arguments, data); - - hook_call(isis_hook_area_mismatch, circuit, raw_pdu, raw_pdu_len); -@@ -467,7 +467,7 @@ void isis_notif_id_len_mismatch(const struct isis_circuit *circuit, - data = yang_data_new_uint8(xpath_arg, rcv_id_len); - listnode_add(arguments, data); - snprintf(xpath_arg, sizeof(xpath_arg), "%s/raw-pdu", xpath); -- data = yang_data_new(xpath_arg, raw_pdu); -+ data = yang_data_new_binary(xpath_arg, raw_pdu, raw_pdu_len); - listnode_add(arguments, data); - - hook_call(isis_hook_id_len_mismatch, circuit, rcv_id_len, raw_pdu, -@@ -495,7 +495,7 @@ void isis_notif_version_skew(const struct isis_circuit *circuit, - data = yang_data_new_uint8(xpath_arg, version); - listnode_add(arguments, data); - snprintf(xpath_arg, sizeof(xpath_arg), "%s/raw-pdu", xpath); -- data = yang_data_new(xpath_arg, raw_pdu); -+ data = yang_data_new_binary(xpath_arg, raw_pdu, raw_pdu_len); - listnode_add(arguments, data); - - hook_call(isis_hook_version_skew, circuit, version, raw_pdu, -@@ -525,7 +525,7 @@ void isis_notif_lsp_error(const struct isis_circuit *circuit, - data = yang_data_new_string(xpath_arg, rawlspid_print(lsp_id)); - listnode_add(arguments, data); - snprintf(xpath_arg, sizeof(xpath_arg), "%s/raw-pdu", xpath); -- data = yang_data_new(xpath_arg, raw_pdu); -+ data = yang_data_new_binary(xpath_arg, raw_pdu, raw_pdu_len); - listnode_add(arguments, data); - /* ignore offset and tlv_type which cannot be set properly */ - -diff --git a/lib/base64.c b/lib/base64.c -new file mode 100644 -index 000000000..e3f238969 ---- /dev/null -+++ b/lib/base64.c -@@ -0,0 +1,193 @@ -+/* -+ * This is part of the libb64 project, and has been placed in the public domain. -+ * For details, see http://sourceforge.net/projects/libb64 -+ */ -+ -+#include "base64.h" -+ -+static const int CHARS_PER_LINE = 72; -+static const char *ENCODING = -+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -+ -+void base64_init_encodestate(struct base64_encodestate *state_in) -+{ -+ state_in->step = step_A; -+ state_in->result = 0; -+ state_in->stepcount = 0; -+} -+ -+char base64_encode_value(char value_in) -+{ -+ if (value_in > 63) -+ return '='; -+ return ENCODING[(int)value_in]; -+} -+ -+int base64_encode_block(const char *plaintext_in, int length_in, char *code_out, -+ struct base64_encodestate *state_in) -+{ -+ const char *plainchar = plaintext_in; -+ const char *const plaintextend = plaintext_in + length_in; -+ char *codechar = code_out; -+ char result; -+ char fragment; -+ -+ result = state_in->result; -+ -+ switch (state_in->step) { -+ while (1) { -+ case step_A: -+ if (plainchar == plaintextend) { -+ state_in->result = result; -+ state_in->step = step_A; -+ return codechar - code_out; -+ } -+ fragment = *plainchar++; -+ result = (fragment & 0x0fc) >> 2; -+ *codechar++ = base64_encode_value(result); -+ result = (fragment & 0x003) << 4; -+ /* fall through */ -+ case step_B: -+ if (plainchar == plaintextend) { -+ state_in->result = result; -+ state_in->step = step_B; -+ return codechar - code_out; -+ } -+ fragment = *plainchar++; -+ result |= (fragment & 0x0f0) >> 4; -+ *codechar++ = base64_encode_value(result); -+ result = (fragment & 0x00f) << 2; -+ /* fall through */ -+ case step_C: -+ if (plainchar == plaintextend) { -+ state_in->result = result; -+ state_in->step = step_C; -+ return codechar - code_out; -+ } -+ fragment = *plainchar++; -+ result |= (fragment & 0x0c0) >> 6; -+ *codechar++ = base64_encode_value(result); -+ result = (fragment & 0x03f) >> 0; -+ *codechar++ = base64_encode_value(result); -+ -+ ++(state_in->stepcount); -+ if (state_in->stepcount == CHARS_PER_LINE/4) { -+ *codechar++ = '\n'; -+ state_in->stepcount = 0; -+ } -+ } -+ } -+ /* control should not reach here */ -+ return codechar - code_out; -+} -+ -+int base64_encode_blockend(char *code_out, struct base64_encodestate *state_in) -+{ -+ char *codechar = code_out; -+ -+ switch (state_in->step) { -+ case step_B: -+ *codechar++ = base64_encode_value(state_in->result); -+ *codechar++ = '='; -+ *codechar++ = '='; -+ break; -+ case step_C: -+ *codechar++ = base64_encode_value(state_in->result); -+ *codechar++ = '='; -+ break; -+ case step_A: -+ break; -+ } -+ *codechar++ = '\n'; -+ -+ return codechar - code_out; -+} -+ -+ -+signed char base64_decode_value(signed char value_in) -+{ -+ static const signed char decoding[] = { -+ 62, -1, -1, -1, 63, 52, 53, 54, -+ 55, 56, 57, 58, 59, 60, 61, -1, -+ -1, -1, -2, -1, -1, -1, 0, 1, -+ 2, 3, 4, 5, 6, 7, 8, 9, -+ 10, 11, 12, 13, 14, 15, 16, 17, -+ 18, 19, 20, 21, 22, 23, 24, 25, -+ -1, -1, -1, -1, -1, -1, 26, 27, -+ 28, 29, 30, 31, 32, 33, 34, 35, -+ 36, 37, 38, 39, 40, 41, 42, 43, -+ 44, 45, 46, 47, 48, 49, 50, 51 -+ }; -+ value_in -= 43; -+ if (value_in < 0 || value_in >= 80) -+ return -1; -+ return decoding[(int)value_in]; -+} -+ -+void base64_init_decodestate(struct base64_decodestate *state_in) -+{ -+ state_in->step = step_a; -+ state_in->plainchar = 0; -+} -+ -+int base64_decode_block(const char *code_in, int length_in, char *plaintext_out, -+ struct base64_decodestate *state_in) -+{ -+ const char *codec = code_in; -+ char *plainc = plaintext_out; -+ signed char fragmt; -+ -+ *plainc = state_in->plainchar; -+ -+ switch (state_in->step) { -+ while (1) { -+ case step_a: -+ do { -+ if (codec == code_in+length_in) { -+ state_in->step = step_a; -+ state_in->plainchar = *plainc; -+ return plainc - plaintext_out; -+ } -+ fragmt = base64_decode_value(*codec++); -+ } while (fragmt < 0); -+ *plainc = (fragmt & 0x03f) << 2; -+ /* fall through */ -+ case step_b: -+ do { -+ if (codec == code_in+length_in) { -+ state_in->step = step_b; -+ state_in->plainchar = *plainc; -+ return plainc - plaintext_out; -+ } -+ fragmt = base64_decode_value(*codec++); -+ } while (fragmt < 0); -+ *plainc++ |= (fragmt & 0x030) >> 4; -+ *plainc = (fragmt & 0x00f) << 4; -+ /* fall through */ -+ case step_c: -+ do { -+ if (codec == code_in+length_in) { -+ state_in->step = step_c; -+ state_in->plainchar = *plainc; -+ return plainc - plaintext_out; -+ } -+ fragmt = base64_decode_value(*codec++); -+ } while (fragmt < 0); -+ *plainc++ |= (fragmt & 0x03c) >> 2; -+ *plainc = (fragmt & 0x003) << 6; -+ /* fall through */ -+ case step_d: -+ do { -+ if (codec == code_in+length_in) { -+ state_in->step = step_d; -+ state_in->plainchar = *plainc; -+ return plainc - plaintext_out; -+ } -+ fragmt = base64_decode_value(*codec++); -+ } while (fragmt < 0); -+ *plainc++ |= (fragmt & 0x03f); -+ } -+ } -+ /* control should not reach here */ -+ return plainc - plaintext_out; -+} -diff --git a/lib/base64.h b/lib/base64.h -new file mode 100644 -index 000000000..3dc1559aa ---- /dev/null -+++ b/lib/base64.h -@@ -0,0 +1,45 @@ -+/* -+ * This is part of the libb64 project, and has been placed in the public domain. -+ * For details, see http://sourceforge.net/projects/libb64 -+ */ -+ -+#ifndef _BASE64_H_ -+#define _BASE64_H_ -+ -+enum base64_encodestep { -+ step_A, step_B, step_C -+}; -+ -+struct base64_encodestate { -+ enum base64_encodestep step; -+ char result; -+ int stepcount; -+}; -+ -+void base64_init_encodestate(struct base64_encodestate *state_in); -+ -+char base64_encode_value(char value_in); -+ -+int base64_encode_block(const char *plaintext_in, int length_in, char *code_out, -+ struct base64_encodestate *state_in); -+ -+int base64_encode_blockend(char *code_out, struct base64_encodestate *state_in); -+ -+ -+enum base64_decodestep { -+ step_a, step_b, step_c, step_d -+}; -+ -+struct base64_decodestate { -+ enum base64_decodestep step; -+ char plainchar; -+}; -+ -+void base64_init_decodestate(struct base64_decodestate *state_in); -+ -+signed char base64_decode_value(signed char value_in); -+ -+int base64_decode_block(const char *code_in, int length_in, char *plaintext_out, -+ struct base64_decodestate *state_in); -+ -+#endif /* _BASE64_H_ */ -diff --git a/lib/subdir.am b/lib/subdir.am -index 648ab7f14..f8f82f276 100644 ---- a/lib/subdir.am -+++ b/lib/subdir.am -@@ -8,6 +8,7 @@ lib_libfrr_la_LIBADD = $(LIBCAP) $(UNWIND_LIBS) $(LIBYANG_LIBS) $(LUA_LIB) $(UST - lib_libfrr_la_SOURCES = \ - lib/agg_table.c \ - lib/atomlist.c \ -+ lib/base64.c \ - lib/bfd.c \ - lib/buffer.c \ - lib/checksum.c \ -@@ -177,6 +178,7 @@ clippy_scan += \ - pkginclude_HEADERS += \ - lib/agg_table.h \ - lib/atomlist.h \ -+ lib/base64.h \ - lib/bfd.h \ - lib/bitfield.h \ - lib/buffer.h \ -diff --git a/lib/yang_wrappers.c b/lib/yang_wrappers.c -index 85aa003db..bee76c6e0 100644 ---- a/lib/yang_wrappers.c -+++ b/lib/yang_wrappers.c -@@ -19,6 +19,7 @@ - - #include - -+#include "base64.h" - #include "log.h" - #include "lib_errors.h" - #include "northbound.h" -@@ -676,6 +677,64 @@ void yang_get_default_string_buf(char *buf, size_t size, const char *xpath_fmt, - xpath); - } - -+/* -+ * Primitive type: binary. -+ */ -+struct yang_data *yang_data_new_binary(const char *xpath, const char *value, -+ size_t len) -+{ -+ char *value_str; -+ struct base64_encodestate s; -+ int cnt; -+ char *c; -+ struct yang_data *data; -+ -+ value_str = (char *)malloc(len * 2); -+ base64_init_encodestate(&s); -+ cnt = base64_encode_block(value, len, value_str, &s); -+ c = value_str + cnt; -+ cnt = base64_encode_blockend(c, &s); -+ c += cnt; -+ *c = 0; -+ data = yang_data_new(xpath, value_str); -+ free(value_str); -+ return data; -+} -+ -+size_t yang_dnode_get_binary_buf(char *buf, size_t size, -+ const struct lyd_node *dnode, -+ const char *xpath_fmt, ...) -+{ -+ const char *canon; -+ size_t cannon_len; -+ size_t decode_len; -+ size_t ret_len; -+ size_t cnt; -+ char *value_str; -+ struct base64_decodestate s; -+ -+ canon = YANG_DNODE_XPATH_GET_CANON(dnode, xpath_fmt); -+ cannon_len = strlen(canon); -+ decode_len = cannon_len; -+ value_str = (char *)malloc(decode_len); -+ base64_init_decodestate(&s); -+ cnt = base64_decode_block(canon, cannon_len, value_str, &s); -+ -+ ret_len = size > cnt ? cnt : size; -+ memcpy(buf, value_str, ret_len); -+ if (size < cnt) { -+ char xpath[XPATH_MAXLEN]; -+ -+ yang_dnode_get_path(dnode, xpath, sizeof(xpath)); -+ flog_warn(EC_LIB_YANG_DATA_TRUNCATED, -+ "%s: value was truncated [xpath %s]", __func__, -+ xpath); -+ } -+ free(value_str); -+ return ret_len; -+} -+ -+ - /* - * Primitive type: empty. - */ -diff --git a/lib/yang_wrappers.h b/lib/yang_wrappers.h -index d781dfb1e..56b314876 100644 ---- a/lib/yang_wrappers.h -+++ b/lib/yang_wrappers.h -@@ -118,6 +118,13 @@ extern const char *yang_get_default_string(const char *xpath_fmt, ...); - extern void yang_get_default_string_buf(char *buf, size_t size, - const char *xpath_fmt, ...); - -+/* binary */ -+extern struct yang_data *yang_data_new_binary(const char *xpath, -+ const char *value, size_t len); -+extern size_t yang_dnode_get_binary_buf(char *buf, size_t size, -+ const struct lyd_node *dnode, -+ const char *xpath_fmt, ...); -+ - /* empty */ - extern struct yang_data *yang_data_new_empty(const char *xpath); - extern bool yang_dnode_get_empty(const struct lyd_node *dnode, --- -2.34.1 - diff --git a/0007-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch b/0007-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch deleted file mode 100644 index fc7fdb9..0000000 --- a/0007-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch +++ /dev/null @@ -1,34 +0,0 @@ -From ff6db1027f8f36df657ff2e5ea167773752537ed Mon Sep 17 00:00:00 2001 -From: Donald Sharp -Date: Thu, 21 Jul 2022 08:11:58 -0400 -Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is - expected -References: bsc#1202023,CVE-2022-37032 -Upstream: yes - -Ensure that if the capability length specified is enough data. - -Signed-off-by: Donald Sharp - -diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c -index dbf6c0b2e9..45752a8ab6 100644 ---- a/bgpd/bgp_packet.c -+++ b/bgpd/bgp_packet.c -@@ -2620,6 +2620,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt, - "%s CAPABILITY has action: %d, code: %u, length %u", - peer->host, action, hdr->code, hdr->length); - -+ if (hdr->length < sizeof(struct capability_mp_data)) { -+ zlog_info( -+ "%pBP Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d", -+ peer, sizeof(struct capability_mp_data), -+ hdr->length); -+ return BGP_Stop; -+ } -+ - /* Capability length check. */ - if ((pnt + hdr->length + 3) > end) { - zlog_info("%s Capability length error", peer->host); --- -2.35.3 - diff --git a/0008-isisd-Ensure-rcap-is-freed-in-error-case.patch b/0008-isisd-Ensure-rcap-is-freed-in-error-case.patch deleted file mode 100644 index 486313c..0000000 --- a/0008-isisd-Ensure-rcap-is-freed-in-error-case.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 49efc80d342d8e8373c8af040580bd7940808730 Mon Sep 17 00:00:00 2001 -From: Donald Sharp -Date: Wed, 20 Jul 2022 16:49:09 -0400 -Subject: [PATCH] isisd: Ensure rcap is freed in error case -References: bsc#1202022 -Upstream: yes - -unpack_tlv_router_cap allocates memory that in the error -case is not being freed. - -Signed-off-by: Donald Sharp - -diff --git a/isisd/isis_tlvs.c b/isisd/isis_tlvs.c -index 11be3c3a71..b3c3fd4b0b 100644 ---- a/isisd/isis_tlvs.c -+++ b/isisd/isis_tlvs.c -@@ -3580,9 +3580,9 @@ static int pack_tlv_router_cap(const struct isis_router_cap *router_cap, - } - - static int unpack_tlv_router_cap(enum isis_tlv_context context, -- uint8_t tlv_type, uint8_t tlv_len, -- struct stream *s, struct sbuf *log, -- void *dest, int indent) -+ uint8_t tlv_type, uint8_t tlv_len, -+ struct stream *s, struct sbuf *log, void *dest, -+ int indent) - { - struct isis_tlvs *tlvs = dest; - struct isis_router_cap *rcap; -@@ -3627,7 +3627,7 @@ static int unpack_tlv_router_cap(enum isis_tlv_context context, - log, indent, - "WARNING: Router Capability subTLV length too large compared to expected size\n"); - stream_forward_getp(s, STREAM_READABLE(s)); -- -+ XFREE(MTYPE_ISIS_TLV, rcap); - return 0; - } - --- -2.35.3 - diff --git a/frr-8.1.tar.gz b/frr-8.1.tar.gz deleted file mode 100644 index 2a270c3..0000000 --- a/frr-8.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9d82c11b304ab89a30627fcbb4150f51e639f473f8563976e14101e796240599 -size 8514995 diff --git a/frr-8.4.tar.gz b/frr-8.4.tar.gz new file mode 100644 index 0000000..cdfba41 --- /dev/null +++ b/frr-8.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4fe5dccf6d41218c3012c2b09c85c4cd65a96299ab400e487191515232f0ee8a +size 9883194 diff --git a/frr.changes b/frr.changes index d03eea6..d8b5bd9 100644 --- a/frr.changes +++ b/frr.changes @@ -1,3 +1,62 @@ +------------------------------------------------------------------- +Fri Nov 11 13:04:52 UTC 2022 - Marius Tomaschewski + +- Migration to /usr/etc: Conditionally moved /etc/logrotate.d/frr + file to vendor specific directory /usr/etc/logrotate.d and added + saving of user changed configuration files in /etc and restoring + them while an RPM update. +- Declare root as sufficient also in the pam account verification; + without vtysh use causes to log a pam frr:account warnings + (https://github.com/FRRouting/frr/pull/12308) + [+ 0005-root-ok-in-account-frr.pam.patch] +- Applied fix removing a not needed backslash causing to log a warning + (https://github.com/FRRouting/frr/pull/12307) + [+ 0004-tools-remove-backslash-from-declare-check-regex.patch] +- Applied upstream fixes for frrinit.sh to avoid a privilege escalation + from frr to root in frr config creation (bsc#1204124,CVE-2022-42917, + https://github.com/FRRouting/frr/pull/12157). + [+ 0003-tools-Run-as-FRR_USER-install-chown-commands-to-avoi.patch] +- Removed obsolete patches provided in the 8.4 source archive: + [- 0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch, + - 0004-babeld-fix-10502-10503-by-repairing-the-checks-on-le.patch, + - 0005-isisd-fix-router-capability-TLV-parsing-issues.patch, + - 0006-isisd-fix-10505-using-base64-encoding.patch, + - 0007-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch, + - 0008-isisd-Ensure-rcap-is-freed-in-error-case.patch] +- Update to version 8.4, see https://frrouting.org/release/8.4/ + * New BGP command (neighbor PEER soo) to configure SoO to prevent + routing loops and suboptimal routing on dual-homed sites. + * Command debug bgp allow-martian replaced to bgp allow-martian-nexthop + because previously we allowed using martian next-hops when debug is + turned on. + * Implement BGP Prefix Origin Validation State Extended Community rfc8097 + * Implement Route Leak Prevention and Detection Using Roles in UPDATE + and OPEN Messages rfc9234 + * BMP L3VPN support + * PIMv6 support + * MLD support + * New command to enable using reserved IPv4 ranges as normal addresses + for BGP next-hops, interface addresses, etc. + * As usual, lots of bugs and memory leaks were fixed \m/ + such as a fix for a possible use-after-free due to a race + condition related to bgp_notify_send_with_data() and + bgp_process_packet() in bgp_packet.c. This could lead to + Remote Code Execution or Information Disclosure by sending + crafted BGP packets (CVE-2022-37035,bsc#1202085). +- Update to version 8.3, see https://frrouting.org/release/8.3/ + * Notification Message support for BGP Graceful Restart + * BGP Cease Notification Subcode For BFD + * Send Hold Timer for BGP + * RFC5424 syslog support + * PIM passive command +- Update to version 8.2.2, see https://frrouting.org/release/8.2.2/ + * BGP Long-lived graceful restart capability + * BGP Extended Optional Parameters Length for BGP OPEN Message + * BGP Extended BGP Administrative Shutdown Communication + * IS-IS Link State Traffic Engineering support + * OSPFv3 Support for NSSA Type-7 address ranges + * PBR VLAN actions support + ------------------------------------------------------------------- Mon Sep 5 11:48:25 UTC 2022 - Marius Tomaschewski diff --git a/frr.spec b/frr.spec index fb07578..4e01755 100644 --- a/frr.spec +++ b/frr.spec @@ -30,23 +30,20 @@ %define frr_daemondir %{_prefix}/lib/frr Name: frr -Version: 8.1 +Version: 8.4 Release: 0 Summary: FRRouting Routing daemon License: GPL-2.0-or-later AND LGPL-2.1-or-later Group: Productivity/Networking/System URL: https://www.frrouting.org #Git-Clone: https://github.com/FRRouting/frr.git -Source: https://github.com/FRRouting/frr/archive/%{name}-%{version}.tar.gz +Source: https://github.com/FRRouting/frr/archive/refs/tags/%{name}-%{version}.tar.gz Source1: %{name}-tmpfiles.d Patch1: 0001-disable-zmq-test.patch Patch2: harden_frr.service.patch -Patch3: 0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch -Patch4: 0004-babeld-fix-10502-10503-by-repairing-the-checks-on-le.patch -Patch5: 0005-isisd-fix-router-capability-TLV-parsing-issues.patch -Patch6: 0006-isisd-fix-10505-using-base64-encoding.patch -Patch7: 0007-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch -Patch8: 0008-isisd-Ensure-rcap-is-freed-in-error-case.patch +Patch3: 0003-tools-Run-as-FRR_USER-install-chown-commands-to-avoi.patch +Patch4: 0004-tools-remove-backslash-from-declare-check-regex.patch +Patch5: 0005-root-ok-in-account-frr.pam.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bison >= 2.7 @@ -189,12 +186,7 @@ developing OSPF-API and frr applications. %patch2 -p1 %patch3 -p1 %patch4 -p1 -gzip -d tests/isisd/test_fuzz_isis_tlv_tests.h.gz %patch5 -p1 -gzip -9 tests/isisd/test_fuzz_isis_tlv_tests.h -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 %build # GCC LTO objects must be "fat" to avoid assembly errors @@ -284,7 +276,11 @@ install -D -m 0644 tools%{_sysconfdir}/frr/daemons %{buildroot}%{_sysconfdir}/fr sed -i -e 's/^\(bgpd_options=\)\(.*\)\(".*\)/\1\2 -M rpki\3/' %{buildroot}%{_sysconfdir}/frr/daemons install -D -m 0644 redhat/frr.pam %{buildroot}%{_sysconfdir}/pam.d/frr +%if 0%{?suse_version} > 1500 +install -D -m 0644 redhat/frr.logrotate %{buildroot}%{_distconfdir}/logrotate.d/frr +%else install -D -m 0644 redhat/frr.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/frr +%endif install -d -m 0750 %{buildroot}%{rundir} install -d -m 0750 %{buildroot}%{_localstatedir}/log/frr @@ -317,6 +313,20 @@ getent group %{frrvty_group} >/dev/null || groupadd -r %{frrvty_group} getent passwd %{frr_user} >/dev/null || useradd -r -g %{frr_group} -G %{frrvty_group} -d %{frr_home} -s /sbin/nologin -c "FRRouting suite" %{frr_user} %service_add_pre %{name}.service +%if 0%{?suse_version} > 1500 +# Prepare for migration to /usr/etc; save any old .rpmsave +for i in logrotate.d/frr ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done +%endif + +%posttrans +%if 0%{?suse_version} > 1500 +# Migration to /usr/etc, restore just created .rpmsave +for i in logrotate.d/frr ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done +%endif %post %service_add_post %{name}.service @@ -366,7 +376,11 @@ getent passwd %{frr_user} >/dev/null || useradd -r -g %{frr_group} -G %{frrvty_g %config(noreplace) %attr(640,%{frr_user},%{frrvty_group}) %{_sysconfdir}/%{name}/vtysh.conf %config(noreplace) %%attr(640,%{frr_user},%{frr_group}) %{_sysconfdir}/%{name}/daemons %config(noreplace) %{_sysconfdir}/pam.d/frr +%if 0%{?suse_version} > 1500 +%{_distconfdir}/logrotate.d/frr +%else %config(noreplace) %{_sysconfdir}/logrotate.d/frr +%endif %{_infodir}/frr.info%{?ext_info} %{_mandir}/man?/* %{_docdir}/%{name}/html @@ -389,11 +403,13 @@ getent passwd %{frr_user} >/dev/null || useradd -r -g %{frr_group} -G %{frrvty_g %{frr_daemondir}/frr %{frr_daemondir}/frr-reload %{frr_daemondir}/frr-reload.py +%{frr_daemondir}/frr_babeltrace.py %{frr_daemondir}/frrcommon.sh %{frr_daemondir}/frrinit.sh %{frr_daemondir}/isisd %{frr_daemondir}/ldpd %{frr_daemondir}/nhrpd +%{frr_daemondir}/ospfclient.py %{frr_daemondir}/ospf6d %{frr_daemondir}/ospfd %{frr_daemondir}/pathd