forked from sonic-net/sonic-buildimage
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[202305] Support FIPS for armhf (sonic-net#18283)
* [Security] Fix the krb5 vulnerability issue (sonic-net#17914) ### Why I did it Fix the krb5 vulnerable issue CVE-2021-36222 allows remote attackers to cause a NULL pointer dereference and daemon crash CVE-2021-37750 NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field DSA 5286-1 remote code execution ##### Work item tracking - Microsoft ADO **(number only)**: 26577929 #### How I did it Upgrade the krb5 version to 1.18.3-6+deb11u14+fips. * [Build] Fix krb5 package not found issue (sonic-net#17926) Why I did it Fix the build issue caused by the wrong version specified. See the build error logs: Try 4: /usr/bin/wget --retry-connrefused failed to get: -O --2024-01-26 11:38:23-- https://sonicstorage.blob.core.windows.net/public/fips/bullseye/0.10/amd64/libk5crypto3_1.18.3-6+deb11u14+fips_amd64.deb Resolving sonicstorage.blob.core.windows.net (sonicstorage.blob.core.windows.net)... 20.60.59.131 Connecting to sonicstorage.blob.core.windows.net (sonicstorage.blob.core.windows.net)|20.60.59.131|:443... connected. HTTP request sent, awaiting response... 404 The specified blob does not exist. 2024-01-26 11:38:23 ERROR 404: The specified blob does not exist.. Try 5: /usr/bin/wget --retry-connrefused failed to get: -O make[1]: *** [Makefile:12: /sonic/target/debs/bullseye/symcrypt-openssl_0.10_amd64.deb] Error 8 make[1]: Leaving directory '/sonic/src/sonic-fips' Work item tracking Microsoft ADO (number only): 26577929 The package not installed but PR passed issue is traced in another issue sonic-net#17927 How I did it Add the libkrb5-dev and the depended packages to fix docker-sonic-vs build failure. The package libzmq3-dev has dependency on the libkrb5-dev. * [202305] Support FIPS for armhf * Remove no use mirror * Fix fips options issue
- Loading branch information
Showing
5 changed files
with
27 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters