new file mode 100644
@@ -0,0 +1,44 @@
+From 7977fec0be89ae6fe87405b3f8da2f0b5e415e3d Mon Sep 17 00:00:00 2001
+From: Vincent Bernat <vincent@bernat.ch>
+Date: Tue, 23 Nov 2021 06:50:59 +0100
+Subject: [PATCH] dbus: fix policy to not be overly broad
+
+The DBus policy did not restrict the message destination, allowing any
+user to inspect and manipulate any property.
+
+Signed-off-by: Vincent Bernat <vincent@bernat.ch>
+
+CVE: CVE-2021-44225
+
+Upstream-Status: Backport [https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d]
+
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+---
+ keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf
+index 2b78a575c..b5ced6085 100644
+--- a/keepalived/dbus/org.keepalived.Vrrp1.conf
++++ b/keepalived/dbus/org.keepalived.Vrrp1.conf
+@@ -3,12 +3,15 @@
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+ <busconfig>
+ <policy user="root">
+- <allow own="org.keepalived.Vrrp1"/>
+- <allow send_destination="org.keepalived.Vrrp1"/>
++ <allow own="org.keepalived.Vrrp1" />
++ <allow send_destination="org.keepalived.Vrrp1" />
+ </policy>
+ <policy context="default">
+- <allow send_interface="org.freedesktop.DBus.Introspectable" />
+- <allow send_interface="org.freedesktop.DBus.Peer" />
+- <allow send_interface="org.freedesktop.DBus.Properties" />
++ <allow send_destination="org.keepalived.Vrrp1"
++ send_interface="org.freedesktop.DBus.Introspectable" />
++ <allow send_destination="org.keepalived.Vrrp1"
++ send_interface="org.freedesktop.DBus.Peer" />
++ <allow send_destination="org.keepalived.Vrrp1"
++ send_interface="org.freedesktop.DBus.Properties" />
+ </policy>
+ </busconfig>
@@ -10,8 +10,11 @@ HOMEPAGE = "http://www.keepalived.org/"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+PR = "r1"
+
SRC_URI = "http://www.keepalived.org/software/${BP}.tar.gz \
file://0001-layer4-Change-order-of-include-files.patch \
+ file://CVE-2021-44225.patch \
"
SRC_URI[sha256sum] = "103692bd5345a4ed9f4581632ea636214fdf53e45682e200aab122c4fa674ece"
UPSTREAM_CHECK_URI = "https://github.com/acassen/keepalived/releases"
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property. References: https://nvd.nist.gov/vuln/detail/CVE-2021-44225 https://github.com/acassen/keepalived/pull/2063 Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> --- Since both kirkstone and mickledore use 2.2.2, and their recipes are identical, the patch applies to both. Only build and runtested on kirkstone though. .../keepalived/CVE-2021-44225.patch | 44 +++++++++++++++++++ .../keepalived/keepalived_2.2.2.bb | 3 ++ 2 files changed, 47 insertions(+) create mode 100644 meta-networking/recipes-daemons/keepalived/keepalived/CVE-2021-44225.patch