Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
This commit is contained in:
Jiri Popelka
parent
bad89d2bfa
commit
2f1515e529
16
dhcp-4.2.1-P1-CVE-2011-0997.patch
Normal file
16
dhcp-4.2.1-P1-CVE-2011-0997.patch
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
diff -up dhcp-4.2.1-P1/client/dhclient.c.CVE-2011-0997 dhcp-4.2.1-P1/client/dhclient.c
|
||||||
|
--- dhcp-4.2.1-P1/client/dhclient.c.CVE-2011-0997 2011-04-06 20:21:43.000000000 +0200
|
||||||
|
+++ dhcp-4.2.1-P1/client/dhclient.c 2011-04-06 20:22:31.000000000 +0200
|
||||||
|
@@ -4545,11 +4545,11 @@ static int check_option_values(struct un
|
||||||
|
if ((universe == NULL) || (universe == &dhcp_universe)) {
|
||||||
|
switch(opt) {
|
||||||
|
case DHO_HOST_NAME:
|
||||||
|
- case DHO_DOMAIN_NAME:
|
||||||
|
case DHO_NIS_DOMAIN:
|
||||||
|
case DHO_NETBIOS_SCOPE:
|
||||||
|
return check_domain_name(ptr, len, 0);
|
||||||
|
break;
|
||||||
|
+ case DHO_DOMAIN_NAME: /* accept a list for compatibiliy */
|
||||||
|
case DHO_DOMAIN_SEARCH:
|
||||||
|
return check_domain_name_list(ptr, len, 0);
|
||||||
|
break;
|
||||||
@ -16,7 +16,7 @@
|
|||||||
Summary: Dynamic host configuration protocol software
|
Summary: Dynamic host configuration protocol software
|
||||||
Name: dhcp
|
Name: dhcp
|
||||||
Version: 4.2.1
|
Version: 4.2.1
|
||||||
Release: 4.%{patchver}%{?dist}
|
Release: 5.%{patchver}%{?dist}
|
||||||
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
|
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
|
||||||
# dcantrell maintaining the package) made incorrect use of the epoch and
|
# dcantrell maintaining the package) made incorrect use of the epoch and
|
||||||
# that's why it is at 12 now. It should have never been used, but it was.
|
# that's why it is at 12 now. It should have never been used, but it was.
|
||||||
@ -68,6 +68,7 @@ Patch28: dhcp-4.2.0-noprefixavail.patch
|
|||||||
Patch29: dhcp420-rh637017.patch
|
Patch29: dhcp420-rh637017.patch
|
||||||
Patch30: dhcp420-sharedlib.patch
|
Patch30: dhcp420-sharedlib.patch
|
||||||
Patch31: dhcp-4.2.0-PPP.patch
|
Patch31: dhcp-4.2.0-PPP.patch
|
||||||
|
Patch32: dhcp-4.2.1-P1-CVE-2011-0997.patch
|
||||||
|
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
@ -297,6 +298,9 @@ rm bind/bind.tar.gz
|
|||||||
# DHCPv6 over PPP support (#626514)
|
# DHCPv6 over PPP support (#626514)
|
||||||
%patch31 -p1 -b .PPP
|
%patch31 -p1 -b .PPP
|
||||||
|
|
||||||
|
# Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
|
||||||
|
%patch32 -p1 -b .CVE-2011-0997
|
||||||
|
|
||||||
# Copy in the Fedora/RHEL dhclient script
|
# Copy in the Fedora/RHEL dhclient script
|
||||||
%{__install} -p -m 0755 %{SOURCE4} client/scripts/linux
|
%{__install} -p -m 0755 %{SOURCE4} client/scripts/linux
|
||||||
%{__install} -p -m 0644 %{SOURCE5} .
|
%{__install} -p -m 0644 %{SOURCE5} .
|
||||||
@ -630,6 +634,9 @@ fi
|
|||||||
%attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
|
%attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Apr 06 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.1-5.P1
|
||||||
|
- Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
|
||||||
|
|
||||||
* Wed Apr 06 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.1-4.P1
|
* Wed Apr 06 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.1-4.P1
|
||||||
- 4.2.1-P1: fix for CVE-2011-0997 (#694005)
|
- 4.2.1-P1: fix for CVE-2011-0997 (#694005)
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user