diff --git a/0028-Fix-for-CVE-2021-25217.patch b/0028-Fix-for-CVE-2021-25217.patch new file mode 100644 index 0000000..7f9dad9 --- /dev/null +++ b/0028-Fix-for-CVE-2021-25217.patch @@ -0,0 +1,34 @@ +From 02b4ae1953d39f1b6c3f0e63aefb72114039ab50 Mon Sep 17 00:00:00 2001 +From: Pavel Zhukov +Date: Tue, 22 Jun 2021 06:56:29 +0200 +Subject: [PATCH 28/29] Fix for CVE-2021-25217 +Cc: pzhukov@redhat.com + +--- + common/parse.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/common/parse.c b/common/parse.c +index f17bc0b..4e8b408 100644 +--- a/common/parse.c ++++ b/common/parse.c +@@ -5587,13 +5587,14 @@ int parse_X (cfile, buf, max) + skip_to_semi (cfile); + return 0; + } +- convert_num (cfile, &buf [len], val, 16, 8); +- if (len++ > max) { ++ if (len >= max) { + parse_warn (cfile, + "hexadecimal constant too long."); + skip_to_semi (cfile); + return 0; + } ++ convert_num (cfile, &buf [len], val, 16, 8); ++ len++; + token = peek_token (&val, (unsigned *)0, cfile); + if (token == COLON) + token = next_token (&val, +-- +2.26.3 + diff --git a/bind99-rh1205168.patch b/0029-Use-system-getaddrinfo-for-dhcp.patch similarity index 79% rename from bind99-rh1205168.patch rename to 0029-Use-system-getaddrinfo-for-dhcp.patch index d397ce2..24cbb6b 100644 --- a/bind99-rh1205168.patch +++ b/0029-Use-system-getaddrinfo-for-dhcp.patch @@ -1,11 +1,22 @@ -diff --git a/lib/irs/include/irs/netdb.h.in b/lib/irs/include/irs/netdb.h.in -index 299928b..4f11cea 100644 +From 019021caa791c254a319c71b4f634142dc14b37d Mon Sep 17 00:00:00 2001 +From: Pavel Zhukov +Date: Tue, 22 Jun 2021 06:58:40 +0200 +Subject: [PATCH 29/29] Use system getaddrinfo for dhcp +Cc: pzhukov@redhat.com + +--- + bind/bind/lib/irs/include/irs/netdb.h.in | 94 ++++++++++++++++++++++++ + 1 file changed, 94 insertions(+) + +diff --git a/bind/bind/lib/irs/include/irs/netdb.h.in b/bind/bind/lib/irs/include/irs/netdb.h.in +index 23dcd37..f36113d 100644 --- a/bind/bind/lib/irs/include/irs/netdb.h.in +++ b/bind/bind/lib/irs/include/irs/netdb.h.in -@@ -158,6 +158,100 @@ struct addrinfo { +@@ -149,6 +149,100 @@ struct addrinfo { + #define NI_NUMERICSERV 0x00000008 #define NI_DGRAM 0x00000010 - /* ++/* + * Define to map into irs_ namespace. + */ + @@ -99,10 +110,9 @@ index 299928b..4f11cea 100644 + +#endif + -+/* + /* * Tell Emacs to use C mode on this file. * Local variables: - * mode: c -- -2.9.5 +2.26.3 diff --git a/dhcp.spec b/dhcp.spec index cc88ef7..9b28ab3 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -15,7 +15,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.4.2 -Release: 13.b1%{?dist} +Release: 14.b1%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and @@ -60,10 +60,8 @@ Patch24 : 0024-Detect-system-time-changes.patch Patch25 : 0025-bind-Detect-system-time-changes.patch Patch26 : 0026-Add-dhclient-5-B-option-description.patch Patch27: 0027-Add-missed-sd-notify-patch-to-manage-dhcpd-with-syst.patch - - -Patch100: bind99-rh1205168.patch - +Patch28: 0028-Fix-for-CVE-2021-25217.patch +Patch29: 0029-Use-system-getaddrinfo-for-dhcp.patch BuildRequires: autoconf @@ -514,6 +512,9 @@ done %endif %changelog +* Thu Jul 8 2021 Pavel Zhukov - 12:4.4.2-14.b1 +- Fix for CVE-2021-25217 + * Mon Jun 14 2021 Pavel Zhukov - 12:4.4.2-13.b1 - Do not export getaddrinfo from irs libs (#1969858)