Rebase to lldpd-1.0.17

Fixes CVE-2020-27827 by including upstream commit a8d3c90feca5 ("lldp: avoid memory leak from bad packets"). Fixes CVE-2021-43612 by including upstream commit 73d42680fce8 ("sonmp: fix heap overflow when reading SONMP packets"). Fixes CVE-2023-41910 by including upstream commit a9aeabdf879c ("daemon: fix read overflow when parsing CDP addresses"). CVE: CVE-2020-27827 CVE: CVE-2021-43612 CVE: CVE-2023-41910 Resolves: RHEL-5791 Resolves: RHEL-5796 Resolves: RHEL-2211 Signed-off-by: Hangbin Liu <haliu@redhat.com>
2023-11-06 16:01:13 +08:00 · 2023-11-06 16:01:13 +08:00 · 7e958ca617
parent 48e0a9a3ad
commit 7e958ca617
3 changed files with 8 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,5 @@
 /lldpd-0.9.8.tar.gz
 /lldpd-1.0.1.tar.gz
 /lldpd-1.0.4-free.tar.gz
+/lldpd-1.0.17.tar.gz
+/lldpd-1.0.17-free.tar.gz
--- a/lldpd.spec
+++ b/lldpd.spec
@ -9,8 +9,8 @@
 %global gh_owner vincentbernat

 Name:     lldpd
-Version:  1.0.4
-Release:  10%{?dist}
+Version:  1.0.17
+Release:  1%{?dist}
 Summary:  ISC-licensed implementation of LLDP

 License:  ISC
@ -176,6 +176,9 @@ fi


 %changelog
+* Mon Nov 06 2023 Hangbin Liu <haliu@redhat.com> - 1.0.17-1
+- Rebased to 1.0.17 [RHEL-2211, RHEL-5791, RHEL-5796]
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.4-10
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (lldpd-1.0.4-free.tar.gz) = ae72f6e9dd6c3ea86c3eae8ff03ccc4a1271dce324504fb7ca42b718014062a27e94fb46d2fc8ff653c9c6731a052b5be4459f8d7bb19cb26f2bb044eda6da5c
+SHA512 (lldpd-1.0.17-free.tar.gz) = 30497474d5707674ce402f0c1cedcdfef1f86c96ae75df4fd96454f560dc2dd816736f694c385ec15a7fab4ac6341285c86a7be1a8770e08917fd3432b4a6f39