diff --git a/SOURCES/dhcp-CVE-2022-2928.patch b/SOURCES/dhcp-CVE-2022-2928.patch new file mode 100644 index 0000000..485b1d8 --- /dev/null +++ b/SOURCES/dhcp-CVE-2022-2928.patch @@ -0,0 +1,32 @@ +diff --git a/common/options.c b/common/options.c +index ed8ac38..addc65a 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -4397,6 +4397,8 @@ add_option(struct option_state *options, + if (!option_cache_allocate(&oc, MDL)) { + log_error("No memory for option cache adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + return 0; + } + +@@ -4408,6 +4410,8 @@ add_option(struct option_state *options, + MDL)) { + log_error("No memory for constant data adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + option_cache_dereference(&oc, MDL); + return 0; + } +@@ -4416,6 +4420,9 @@ add_option(struct option_state *options, + save_option(&dhcp_universe, options, oc); + option_cache_dereference(&oc, MDL); + ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); ++ + return 1; + } + diff --git a/SOURCES/dhcp-CVE-2022-2929.patch b/SOURCES/dhcp-CVE-2022-2929.patch new file mode 100644 index 0000000..d719bf6 --- /dev/null +++ b/SOURCES/dhcp-CVE-2022-2929.patch @@ -0,0 +1,25 @@ +diff --git a/common/options.c b/common/options.c +index addc65a..3e6383a 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -435,16 +435,16 @@ int fqdn_universe_decode (struct option_state *options, + while (s < &bp -> data[0] + length + 2) { + len = *s; + if (len > 63) { +- log_info ("fancy bits in fqdn option"); +- return 0; ++ log_info ("label length exceeds 63 in fqdn option"); ++ goto bad; + } + if (len == 0) { + terminated = 1; + break; + } + if (s + len > &bp -> data [0] + length + 3) { +- log_info ("fqdn tag longer than buffer"); +- return 0; ++ log_info ("fqdn label longer than buffer"); ++ goto bad; + } + + if (first_len == 0) { diff --git a/SOURCES/dhcp-dhcp6-vendor-opts.patch b/SOURCES/dhcp-dhcp6-vendor-opts.patch new file mode 100644 index 0000000..4bd685e --- /dev/null +++ b/SOURCES/dhcp-dhcp6-vendor-opts.patch @@ -0,0 +1,12 @@ +diff --git a/common/options.c b/common/options.c +index 3e6383a..9216ae4 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -1122,7 +1122,6 @@ store_options6(char *buf, int buflen, + */ + if (code == vsio_option_code) { + vsio_wanted = 1; +- continue; + } + + /* diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec index 710225b..2c1428d 100644 --- a/SPECS/dhcp.spec +++ b/SPECS/dhcp.spec @@ -16,7 +16,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.3.6 -Release: 48%{?dist} +Release: 49%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -85,6 +85,9 @@ Patch49: dhcp-detect-system-time-jumps.patch Patch50: dhcp-key_algorithm.patch Patch51: dhcp-statement_parser.patch Patch52: dhcp-omshell-hmac-sha512-support.patch +Patch53: dhcp-CVE-2022-2928.patch +Patch54: dhcp-CVE-2022-2929.patch +Patch55: dhcp-dhcp6-vendor-opts.patch BuildRequires: autoconf BuildRequires: automake @@ -369,6 +372,15 @@ rm bind/bind.tar.gz # https://bugzilla.redhat.com/show_bug.cgi?id=2016248 %patch52 -p1 +# https://bugzilla.redhat.com/show_bug.cgi?id=2132248 +%patch53 -p1 + +# https://bugzilla.redhat.com/show_bug.cgi?id=2132245 +%patch54 -p1 + +# https://bugzilla.redhat.com/show_bug.cgi?id=2142024 +%patch55 -p1 + # Update paths in all man pages for page in client/dhclient.conf.5 client/dhclient.leases.5 \ client/dhclient-script.8 client/dhclient.8 ; do @@ -702,6 +714,11 @@ done %endif %changelog +* Tue Oct 11 2022 Martin Osvald - 12:4.3.6-49 +- Fix for CVE-2022-2928 +- Fix for CVE-2022-2929 +- send back dhcp6.vendor-opts again (#2142024) + * Tue May 10 2022 Martin Osvald - 12:4.3.6-48 - omshell: add support for hmac-sha512 algorithm (#2016248)