From 7e958ca617cab8b4b48038d3019f73266490fd9a Mon Sep 17 00:00:00 2001 From: Hangbin Liu Date: Mon, 6 Nov 2023 16:01:13 +0800 Subject: [PATCH] Rebase to lldpd-1.0.17 Fixes CVE-2020-27827 by including upstream commit a8d3c90feca5 ("lldp: avoid memory leak from bad packets"). Fixes CVE-2021-43612 by including upstream commit 73d42680fce8 ("sonmp: fix heap overflow when reading SONMP packets"). Fixes CVE-2023-41910 by including upstream commit a9aeabdf879c ("daemon: fix read overflow when parsing CDP addresses"). CVE: CVE-2020-27827 CVE: CVE-2021-43612 CVE: CVE-2023-41910 Resolves: RHEL-5791 Resolves: RHEL-5796 Resolves: RHEL-2211 Signed-off-by: Hangbin Liu --- .gitignore | 2 ++ lldpd.spec | 7 +++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index fc1c13d..91252bf 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,5 @@ /lldpd-0.9.8.tar.gz /lldpd-1.0.1.tar.gz /lldpd-1.0.4-free.tar.gz +/lldpd-1.0.17.tar.gz +/lldpd-1.0.17-free.tar.gz diff --git a/lldpd.spec b/lldpd.spec index 35a88f9..d871fd9 100644 --- a/lldpd.spec +++ b/lldpd.spec @@ -9,8 +9,8 @@ %global gh_owner vincentbernat Name: lldpd -Version: 1.0.4 -Release: 10%{?dist} +Version: 1.0.17 +Release: 1%{?dist} Summary: ISC-licensed implementation of LLDP License: ISC @@ -176,6 +176,9 @@ fi %changelog +* Mon Nov 06 2023 Hangbin Liu - 1.0.17-1 +- Rebased to 1.0.17 [RHEL-2211, RHEL-5791, RHEL-5796] + * Mon Aug 09 2021 Mohan Boddu - 1.0.4-10 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 diff --git a/sources b/sources index bfe9266..082c742 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (lldpd-1.0.4-free.tar.gz) = ae72f6e9dd6c3ea86c3eae8ff03ccc4a1271dce324504fb7ca42b718014062a27e94fb46d2fc8ff653c9c6731a052b5be4459f8d7bb19cb26f2bb044eda6da5c +SHA512 (lldpd-1.0.17-free.tar.gz) = 30497474d5707674ce402f0c1cedcdfef1f86c96ae75df4fd96454f560dc2dd816736f694c385ec15a7fab4ac6341285c86a7be1a8770e08917fd3432b4a6f39