new file mode 100644
@@ -0,0 +1,36 @@
+From 5216a05b32390a64efeb598051411e1776042624 Mon Sep 17 00:00:00 2001
+From: Marius Tomaschewski <mt@suse.com>
+Date: Fri, 11 Nov 2022 12:26:04 +0100
+Subject: [PATCH] tools: remove backslash from declare check regex
+
+The backslash in `grep -q '^declare \-a'` is not needed and
+causes `grep: warning: stray \ before -` warning in grep-3.8.
+
+Signed-off-by: Marius Tomaschewski <mt@suse.com>
+
+CVE: CVE-2022-42917
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/5216a05b32390a64efeb598051411e1776042624]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ tools/frrcommon.sh.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in
+index 61f1abb37..3c16c27c6 100755
+--- a/tools/frrcommon.sh.in
++++ b/tools/frrcommon.sh.in
+@@ -335,7 +335,7 @@ if [ -z "$FRR_PATHSPACE" ]; then
+ load_old_config "/etc/sysconfig/frr"
+ fi
+
+-if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare \-a'; then
++if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare -a'; then
+ log_warning_msg "watchfrr_options contains a bash array value." \
+ "The configured value is intentionally ignored since it is likely wrong." \
+ "Please remove or fix the setting."
+--
+2.25.1
+
@@ -1,10 +1,11 @@
#
-# The PAM configuration file for the quagga `vtysh' service
+# The PAM configuration file for the frr `vtysh' service
#
# This allows root to change user infomation without being
# prompted for a password
auth sufficient pam_rootok.so
+account sufficient pam_rootok.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \
file://CVE-2022-37035.patch \
file://CVE-2022-37032.patch \
+ file://CVE-2022-42917.patch \
file://frr.pam \
"
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-42917 https://www.suse.com/de-de/security/cve/CVE-2022-42917.html https://bugzilla.suse.com/show_bug.cgi?id=1204124 Patch from: [1] https://github.com/FRRouting/frr/commit/5216a05b32390a64efeb598051411e1776042624 [2] https://github.com/FRRouting/frr/commit/6031b8a3224cde14fd1df6e60855310f97942ff9 Per [2], update frr.pam to eliminate the warning issued by pam: vtysh[485]: pam_warn(frr:account): function=[pam_sm_acct_mgmt] flags=0 service=[frr] terminal=[<unknown>] user=[root] ruser=[<unknown>] rhost=[<unknown>] Signed-off-by: Yi Zhao <yi.zhao@windriver.com> --- .../frr/frr/CVE-2022-42917.patch | 36 +++++++++++++++++++ .../recipes-protocols/frr/frr/frr.pam | 3 +- .../recipes-protocols/frr/frr_8.2.2.bb | 1 + 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch