Do not drop bounding set twice

2023-04-12 09:45:06 +02:00 · 2023-04-12 09:45:06 +02:00 · 681a8734bb
parent 9f9dbecbe3
commit 681a8734bb
3 changed files with 21 additions and 1 deletions
--- a/.dhcp.metadata
+++ b/.dhcp.metadata
@ -0,0 +1 @@
+e4338f80bd2118ba1578e4bd3c2c154ec9c12ce0 dhcp-4.4.2b1.tar.gz
--- a/dhcp.spec
+++ b/dhcp.spec
@ -15,7 +15,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.4.2
-Release:  18.b1%{?dist}
+Release:  19.b1%{?dist}

 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
@ -67,6 +67,7 @@ Patch30: CVE-2021-25220.patch
 Patch31: omshell-hmac-sha512-support.patch
 Patch32: CVE-2022-2928.patch
 Patch33: CVE-2022-2929.patch
+Patch34: dont-drop-bounds-twice.patch


 BuildRequires: autoconf
@ -508,6 +509,9 @@ done
 %endif

 %changelog
+* Wed Apr 12 2023 Martin Osvald <mosvald@redhat.com> - 12:4.4.2-19.b1
+- Do not drop bounding set twice (#2184965)
+
 * Mon Oct 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.4.2-18.b1
 - Fix for CVE-2022-2928
 - Fix for CVE-2022-2929
--- a/dont-drop-bounds-twice.patch
+++ b/dont-drop-bounds-twice.patch
@ -0,0 +1,15 @@
+diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
+index c4ee5ba..1c6531a 100644
+--- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
+@@ -843,8 +843,8 @@ main(int argc, char **argv) {
+ #ifdef HAVE_LIBCAP_NG
+ 	/* Drop all capabilities */
+ 	if (!keep_capabilities) {
+-		capng_clear(CAPNG_SELECT_BOTH);
+-		capng_apply(CAPNG_SELECT_BOTH);
+		capng_clear(CAPNG_SELECT_CAPS);
+		capng_apply(CAPNG_SELECT_CAPS);
+ 		log_info ("Dropped all capabilities.");
+ 	}
+ #endif
				`@ -0,0 +1 @@`
				`e4338f80bd2118ba1578e4bd3c2c154ec9c12ce0 dhcp-4.4.2b1.tar.gz`