rpms/dhcp/F-10 dhcp-4.0.0-CVE-2009-0692.patch, NONE, 1.1 dhcp-4.0.0-CVE-2009-1892.patch, NONE, 1.1 dhcp.spec, 1.233, 1.234
David Cantrell
dcantrel at fedoraproject.org
Wed Aug 5 22:33:29 UTC 2009
Author: dcantrel
Update of /cvs/pkgs/rpms/dhcp/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21847
Modified Files:
dhcp.spec
Added Files:
dhcp-4.0.0-CVE-2009-0692.patch dhcp-4.0.0-CVE-2009-1892.patch
Log Message:
* Wed Aug 05 2009 David Cantrell <dcantrell at redhat.com> - 12:4.0.0-37
- Fix for CVE-2009-0692
- Fix for CVE-2009-1892 (#511834)
dhcp-4.0.0-CVE-2009-0692.patch:
dhclient.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- NEW FILE dhcp-4.0.0-CVE-2009-0692.patch ---
diff -up dhcp-4.0.0/client/dhclient.c.CVE-2009-0692 dhcp-4.0.0/client/dhclient.c
--- dhcp-4.0.0/client/dhclient.c.CVE-2009-0692 2007-11-30 11:51:42.000000000 -1000
+++ dhcp-4.0.0/client/dhclient.c 2009-08-05 12:10:19.000000000 -1000
@@ -2813,8 +2813,15 @@ void script_write_params (client, prefix
if (data.len > 3) {
struct iaddr netmask, subnet, broadcast;
- memcpy (netmask.iabuf, data.data, data.len);
- netmask.len = data.len;
+ /*
+ * No matter the length of the subnet-mask option,
+ * use only the first four octets. Note that
+ * subnet-mask options longer than 4 octets are not
+ * in conformance with RFC 2132, but servers with this
+ * flaw do exist.
+ */
+ memcpy(netmask.iabuf, data.data, 4);
+ netmask.len = 4;
data_string_forget (&data, MDL);
subnet = subnet_number (lease -> address, netmask);
dhcp-4.0.0-CVE-2009-1892.patch:
dhcp.c | 2 ++
1 file changed, 2 insertions(+)
--- NEW FILE dhcp-4.0.0-CVE-2009-1892.patch ---
diff -up dhcp-4.0.0/server/dhcp.c.CVE-2009-1892 dhcp-4.0.0/server/dhcp.c
--- dhcp-4.0.0/server/dhcp.c.CVE-2009-1892 2007-11-02 12:09:02.000000000 -1000
+++ dhcp-4.0.0/server/dhcp.c 2009-08-05 12:11:26.000000000 -1000
@@ -1725,6 +1725,8 @@ void ack_lease (packet, lease, offer, wh
host_reference (&host, h, MDL);
}
if (!host) {
+ if (hp)
+ host_dereference (&hp, MDL);
find_hosts_by_haddr (&hp,
packet -> raw -> htype,
packet -> raw -> chaddr,
Index: dhcp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dhcp/F-10/dhcp.spec,v
retrieving revision 1.233
retrieving revision 1.234
diff -u -p -r1.233 -r1.234
--- dhcp.spec 27 Jun 2009 02:34:43 -0000 1.233
+++ dhcp.spec 5 Aug 2009 22:33:29 -0000 1.234
@@ -4,7 +4,7 @@
Summary: DHCP (Dynamic Host Configuration Protocol) server and relay agent
Name: dhcp
Version: 4.0.0
-Release: 36%{?dist}
+Release: 37%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
@@ -49,6 +49,8 @@ Patch19: %{name}-4.0.0-inherit-leases.p
Patch20: %{name}-4.0.0-garbage-chars.patch
Patch21: %{name}-4.0.0-port-validation.patch
Patch22: %{name}-4.0.0-invalid-dhclient-conf.patch
+Patch23: %{name}-4.0.0-CVE-2009-0692.patch
+Patch24: %{name}-4.0.0-CVE-2009-1892.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf
@@ -212,6 +214,14 @@ client library.
# The sample dhclient.conf should say 'supersede domain-search' (#467955)
%patch22 -p1
+# Fix for CVE-2009-0692 (patch from Mandriva SRPM)
+# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
+%patch23 -p1
+
+# Fix for CVE-2009-1892 (patch from Mandriva SRPM)
+# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1892
+%patch24 -p1
+
# Copy in documentation and example scripts for LDAP patch to dhcpd
%{__install} -p -m 0644 %{SOURCE5} .
%{__install} -p -m 0644 %{SOURCE6} doc/
@@ -449,6 +459,10 @@ fi
%{_libdir}/libdhcp4client.so
%changelog
+* Wed Aug 05 2009 David Cantrell <dcantrell at redhat.com> - 12:4.0.0-37
+- Fix for CVE-2009-0692
+- Fix for CVE-2009-1892 (#511834)
+
* Fri Jun 26 2009 David Cantrell <dcantrell at redhat.com> - 12:4.0.0-36
- Fix SELinux denials in dhclient-script when the script makes backup
configuration files and restores them later (#483747)
More information about the fedora-extras-commits
mailing list