Fix for CVE-2021-25217

Rename old patch to sync with github/fedora Resolves: #1963809
2021-07-08 05:49:38 +02:00 · 2021-07-08 05:49:38 +02:00 · 74c305e713
commit 74c305e713
parent c4b56457fe
3 changed files with 57 additions and 12 deletions
--- a/0028-Fix-for-CVE-2021-25217.patch
+++ b/0028-Fix-for-CVE-2021-25217.patch
@ -0,0 +1,34 @@
+From 02b4ae1953d39f1b6c3f0e63aefb72114039ab50 Mon Sep 17 00:00:00 2001
+From: Pavel Zhukov <pzhukov@redhat.com>
+Date: Tue, 22 Jun 2021 06:56:29 +0200
+Subject: [PATCH 28/29] Fix for  CVE-2021-25217
+Cc: pzhukov@redhat.com
+
+---
+ common/parse.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/common/parse.c b/common/parse.c
+index f17bc0b..4e8b408 100644
+--- a/common/parse.c
+++ b/common/parse.c
+@@ -5587,13 +5587,14 @@ int parse_X (cfile, buf, max)
+ 				skip_to_semi (cfile);
+ 				return 0;
+ 			}
+-			convert_num (cfile, &buf [len], val, 16, 8);
+-			if (len++ > max) {
+			if (len >= max) {
+ 				parse_warn (cfile,
+ 					    "hexadecimal constant too long.");
+ 				skip_to_semi (cfile);
+ 				return 0;
+ 			}
+			convert_num (cfile, &buf [len], val, 16, 8);
+			len++;
+ 			token = peek_token (&val, (unsigned *)0, cfile);
+ 			if (token == COLON)
+ 				token = next_token (&val,
+-- 
+2.26.3
+
--- a/0029-Use-system-getaddrinfo-for-dhcp.patch
+++ b/0029-Use-system-getaddrinfo-for-dhcp.patch
@ -1,11 +1,22 @@
-diff --git a/lib/irs/include/irs/netdb.h.in b/lib/irs/include/irs/netdb.h.in
-index 299928b..4f11cea 100644
+From 019021caa791c254a319c71b4f634142dc14b37d Mon Sep 17 00:00:00 2001
+From: Pavel Zhukov <pzhukov@redhat.com>
+Date: Tue, 22 Jun 2021 06:58:40 +0200
+Subject: [PATCH 29/29] Use system getaddrinfo for dhcp
+Cc: pzhukov@redhat.com
+
+---
+ bind/bind/lib/irs/include/irs/netdb.h.in | 94 ++++++++++++++++++++++++
+ 1 file changed, 94 insertions(+)
+
+diff --git a/bind/bind/lib/irs/include/irs/netdb.h.in b/bind/bind/lib/irs/include/irs/netdb.h.in
+index 23dcd37..f36113d 100644
 --- a/bind/bind/lib/irs/include/irs/netdb.h.in
 +++ b/bind/bind/lib/irs/include/irs/netdb.h.in
-@@ -158,6 +158,100 @@ struct addrinfo {
+@@ -149,6 +149,100 @@ struct addrinfo {
+ #define	NI_NUMERICSERV	0x00000008
 #define	NI_DGRAM	0x00000010
 
- /*
+/*
 + * Define to map into irs_ namespace.
 + */
 +
@ -99,10 +110,9 @@ index 299928b..4f11cea 100644
 +
 +#endif
 +
-+/*
+ /*
  * Tell Emacs to use C mode on this file.
  * Local variables:
-  * mode: c
 -- 
-2.9.5
+2.26.3

--- a/dhcp.spec
+++ b/dhcp.spec
@ -15,7 +15,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.4.2
-Release:  13.b1%{?dist}
+Release:  14.b1%{?dist}

 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
@ -60,10 +60,8 @@ Patch24 : 0024-Detect-system-time-changes.patch
 Patch25 : 0025-bind-Detect-system-time-changes.patch
 Patch26 : 0026-Add-dhclient-5-B-option-description.patch
 Patch27:  0027-Add-missed-sd-notify-patch-to-manage-dhcpd-with-syst.patch
-
-
-Patch100: bind99-rh1205168.patch
-
+Patch28:  0028-Fix-for-CVE-2021-25217.patch
+Patch29:  0029-Use-system-getaddrinfo-for-dhcp.patch


 BuildRequires: autoconf
@ -514,6 +512,9 @@ done
 %endif

 %changelog
+* Thu Jul  8 2021 Pavel Zhukov <pzhukov@redhat.com> - 12:4.4.2-14.b1
+- Fix for CVE-2021-25217
+
 * Mon Jun 14 2021 Pavel Zhukov <pzhukov@redhat.com> - 12:4.4.2-13.b1
 - Do not export getaddrinfo from irs libs (#1969858)