Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
This commit is contained in:
Jiri Popelka
parent
bad89d2bfa
commit
2f1515e529
16
dhcp-4.2.1-P1-CVE-2011-0997.patch
Normal file
16
dhcp-4.2.1-P1-CVE-2011-0997.patch
Normal file
@ -0,0 +1,16 @@
|
||||
diff -up dhcp-4.2.1-P1/client/dhclient.c.CVE-2011-0997 dhcp-4.2.1-P1/client/dhclient.c
|
||||
--- dhcp-4.2.1-P1/client/dhclient.c.CVE-2011-0997 2011-04-06 20:21:43.000000000 +0200
|
||||
+++ dhcp-4.2.1-P1/client/dhclient.c 2011-04-06 20:22:31.000000000 +0200
|
||||
@@ -4545,11 +4545,11 @@ static int check_option_values(struct un
|
||||
if ((universe == NULL) || (universe == &dhcp_universe)) {
|
||||
switch(opt) {
|
||||
case DHO_HOST_NAME:
|
||||
- case DHO_DOMAIN_NAME:
|
||||
case DHO_NIS_DOMAIN:
|
||||
case DHO_NETBIOS_SCOPE:
|
||||
return check_domain_name(ptr, len, 0);
|
||||
break;
|
||||
+ case DHO_DOMAIN_NAME: /* accept a list for compatibiliy */
|
||||
case DHO_DOMAIN_SEARCH:
|
||||
return check_domain_name_list(ptr, len, 0);
|
||||
break;
|
||||
@ -16,7 +16,7 @@
|
||||
Summary: Dynamic host configuration protocol software
|
||||
Name: dhcp
|
||||
Version: 4.2.1
|
||||
Release: 4.%{patchver}%{?dist}
|
||||
Release: 5.%{patchver}%{?dist}
|
||||
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
|
||||
# dcantrell maintaining the package) made incorrect use of the epoch and
|
||||
# that's why it is at 12 now. It should have never been used, but it was.
|
||||
@ -68,6 +68,7 @@ Patch28: dhcp-4.2.0-noprefixavail.patch
|
||||
Patch29: dhcp420-rh637017.patch
|
||||
Patch30: dhcp420-sharedlib.patch
|
||||
Patch31: dhcp-4.2.0-PPP.patch
|
||||
Patch32: dhcp-4.2.1-P1-CVE-2011-0997.patch
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
@ -297,6 +298,9 @@ rm bind/bind.tar.gz
|
||||
# DHCPv6 over PPP support (#626514)
|
||||
%patch31 -p1 -b .PPP
|
||||
|
||||
# Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
|
||||
%patch32 -p1 -b .CVE-2011-0997
|
||||
|
||||
# Copy in the Fedora/RHEL dhclient script
|
||||
%{__install} -p -m 0755 %{SOURCE4} client/scripts/linux
|
||||
%{__install} -p -m 0644 %{SOURCE5} .
|
||||
@ -630,6 +634,9 @@ fi
|
||||
%attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
|
||||
|
||||
%changelog
|
||||
* Wed Apr 06 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.1-5.P1
|
||||
- Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
|
||||
|
||||
* Wed Apr 06 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.1-4.P1
|
||||
- 4.2.1-P1: fix for CVE-2011-0997 (#694005)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user