1 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/CVE-2020-13529.patch b/meta/recipes-core/systemd/systemd/CVE-2020-13529.patch
new file mode 100644
index 0000000000..6b499efbd8
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/CVE-2020-13529.patch
@@ -0,0 +1,42 @@
+From 38e980a6a5a3442c2f48b1f827284388096d8ca5 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 24 Jun 2021 01:22:07 +0900
+Subject: [PATCH] sd-dhcp-client: tentatively ignore FORCERENEW command
+This makes DHCP client ignore FORCERENEW requests, as unauthenticated
+FORCERENEW requests causes a security issue (TALOS-2020-1142, CVE-2020-13529).
+Let's re-enable this after RFC3118 (Authentication for DHCP Messages)
+and/or RFC6704 (Forcerenew Nonce Authentication) are implemented.
+Fixes #16774.
+Upstream-Status: Backport [https://github.com/systemd/systemd/commit/38e980a6a5a3442c2f48b1f827284388096d8ca5]
+CVE: CVE-2020-13529
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+---
+ src/libsystemd-network/sd-dhcp-client.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+--- a/src/libsystemd-network/sd-dhcp-client.c
+++ b/src/libsystemd-network/sd-dhcp-client.c
+@@ -1392,9 +1392,17 @@ static int client_handle_forcerenew(sd_dhcp_client *client, DHCPMessage *force,
+         if (r != DHCP_FORCERENEW)
+                 return -ENOMSG;
+#if 0
+         log_dhcp_client(client, "FORCERENEW");
+         return 0;
+#else
+        /* FIXME: Ignore FORCERENEW requests until we implement RFC3118 (Authentication for DHCP
+         * Messages) and/or RFC6704 (Forcerenew Nonce Authentication), as unauthenticated FORCERENEW
+         * requests causes a security issue (TALOS-2020-1142, CVE-2020-13529). */
+        log_dhcp_client(client, "Received FORCERENEW, ignoring.");
+        return -ENOMSG;
+#endif
+ }
+ static bool lease_equal(const sd_dhcp_lease *a, const sd_dhcp_lease *b) {

diff --git a/meta/recipes-core/systemd/systemd/CVE-2020-13529.patch b/meta/recipes-core/systemd/systemd/CVE-2020-13529.patch new file mode 100644 index 0000000000..6b499efbd8 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2020-13529.patch
@@ -0,0 +1,42 @@
	1	From 38e980a6a5a3442c2f48b1f827284388096d8ca5 Mon Sep 17 00:00:00 2001
	2	From: Yu Watanabe <watanabe.yu+github@gmail.com>
	3	Date: Thu, 24 Jun 2021 01:22:07 +0900
	4	Subject: [PATCH] sd-dhcp-client: tentatively ignore FORCERENEW command
	5
	6	This makes DHCP client ignore FORCERENEW requests, as unauthenticated
	7	FORCERENEW requests causes a security issue (TALOS-2020-1142, CVE-2020-13529).
	8
	9	Let's re-enable this after RFC3118 (Authentication for DHCP Messages)
	10	and/or RFC6704 (Forcerenew Nonce Authentication) are implemented.
	11
	12	Fixes #16774.
	13
	14	Upstream-Status: Backport [https://github.com/systemd/systemd/commit/38e980a6a5a3442c2f48b1f827284388096d8ca5]
	15	CVE: CVE-2020-13529
	16
	17	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
	18
	19	---
	20	src/libsystemd-network/sd-dhcp-client.c \| 8 ++++++++
	21	1 file changed, 8 insertions(+)
	22
	23	--- a/src/libsystemd-network/sd-dhcp-client.c
	24	+++ b/src/libsystemd-network/sd-dhcp-client.c
	25	@@ -1392,9 +1392,17 @@ static int client_handle_forcerenew(sd_dhcp_client client, DHCPMessage force,
	26	if (r != DHCP_FORCERENEW)
	27	return -ENOMSG;
	28
	29	+#if 0
	30	log_dhcp_client(client, "FORCERENEW");
	31
	32	return 0;
	33	+#else
	34	+ /* FIXME: Ignore FORCERENEW requests until we implement RFC3118 (Authentication for DHCP
	35	+ * Messages) and/or RFC6704 (Forcerenew Nonce Authentication), as unauthenticated FORCERENEW
	36	+ * requests causes a security issue (TALOS-2020-1142, CVE-2020-13529). */
	37	+ log_dhcp_client(client, "Received FORCERENEW, ignoring.");
	38	+ return -ENOMSG;
	39	+#endif
	40	}
	41
	42	static bool lease_equal(const sd_dhcp_lease a, const sd_dhcp_lease b) {