From 6b289fd5615acc3b5a4eaa00bbf4caaa9b6600c3 Mon Sep 17 00:00:00 2001 From: Pavel Zhukov Date: Jun 22 2021 05:01:54 +0000 Subject: Refactor patches --- diff --git a/0028-Fix-for-CVE-2021-25217.patch b/0028-Fix-for-CVE-2021-25217.patch new file mode 100644 index 0000000..7f9dad9 --- /dev/null +++ b/0028-Fix-for-CVE-2021-25217.patch @@ -0,0 +1,34 @@ +From 02b4ae1953d39f1b6c3f0e63aefb72114039ab50 Mon Sep 17 00:00:00 2001 +From: Pavel Zhukov +Date: Tue, 22 Jun 2021 06:56:29 +0200 +Subject: [PATCH 28/29] Fix for CVE-2021-25217 +Cc: pzhukov@redhat.com + +--- + common/parse.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/common/parse.c b/common/parse.c +index f17bc0b..4e8b408 100644 +--- a/common/parse.c ++++ b/common/parse.c +@@ -5587,13 +5587,14 @@ int parse_X (cfile, buf, max) + skip_to_semi (cfile); + return 0; + } +- convert_num (cfile, &buf [len], val, 16, 8); +- if (len++ > max) { ++ if (len >= max) { + parse_warn (cfile, + "hexadecimal constant too long."); + skip_to_semi (cfile); + return 0; + } ++ convert_num (cfile, &buf [len], val, 16, 8); ++ len++; + token = peek_token (&val, (unsigned *)0, cfile); + if (token == COLON) + token = next_token (&val, +-- +2.26.3 + diff --git a/0029-Use-system-getaddrinfo-for-dhcp.patch b/0029-Use-system-getaddrinfo-for-dhcp.patch new file mode 100644 index 0000000..24cbb6b --- /dev/null +++ b/0029-Use-system-getaddrinfo-for-dhcp.patch @@ -0,0 +1,118 @@ +From 019021caa791c254a319c71b4f634142dc14b37d Mon Sep 17 00:00:00 2001 +From: Pavel Zhukov +Date: Tue, 22 Jun 2021 06:58:40 +0200 +Subject: [PATCH 29/29] Use system getaddrinfo for dhcp +Cc: pzhukov@redhat.com + +--- + bind/bind/lib/irs/include/irs/netdb.h.in | 94 ++++++++++++++++++++++++ + 1 file changed, 94 insertions(+) + +diff --git a/bind/bind/lib/irs/include/irs/netdb.h.in b/bind/bind/lib/irs/include/irs/netdb.h.in +index 23dcd37..f36113d 100644 +--- a/bind/bind/lib/irs/include/irs/netdb.h.in ++++ b/bind/bind/lib/irs/include/irs/netdb.h.in +@@ -149,6 +149,100 @@ struct addrinfo { + #define NI_NUMERICSERV 0x00000008 + #define NI_DGRAM 0x00000010 + ++/* ++ * Define to map into irs_ namespace. ++ */ ++ ++#define IRS_NAMESPACE ++ ++#ifdef IRS_NAMESPACE ++ ++/* ++ * Use our versions not the ones from the C library. ++ */ ++ ++#ifdef getnameinfo ++#undef getnameinfo ++#endif ++#define getnameinfo irs_getnameinfo ++ ++#ifdef getaddrinfo ++#undef getaddrinfo ++#endif ++#define getaddrinfo irs_getaddrinfo ++ ++#ifdef freeaddrinfo ++#undef freeaddrinfo ++#endif ++#define freeaddrinfo irs_freeaddrinfo ++ ++#ifdef gai_strerror ++#undef gai_strerror ++#endif ++#define gai_strerror irs_gai_strerror ++ ++#endif ++ ++extern int getaddrinfo (const char *name, ++ const char *service, ++ const struct addrinfo *req, ++ struct addrinfo **pai); ++extern int getnameinfo (const struct sockaddr *sa, ++ socklen_t salen, char *host, ++ socklen_t hostlen, char *serv, ++ socklen_t servlen, int flags); ++extern void freeaddrinfo (struct addrinfo *ai); ++extern const char *gai_strerror (int ecode); ++ ++/* ++ * Define to map into irs_ namespace. ++ */ ++ ++#define IRS_NAMESPACE ++ ++#ifdef IRS_NAMESPACE ++ ++/* ++ * Use our versions not the ones from the C library. ++ */ ++ ++#ifdef getnameinfo ++#undef getnameinfo ++#endif ++#define getnameinfo irs_getnameinfo ++ ++#ifdef getaddrinfo ++#undef getaddrinfo ++#endif ++#define getaddrinfo irs_getaddrinfo ++ ++#ifdef freeaddrinfo ++#undef freeaddrinfo ++#endif ++#define freeaddrinfo irs_freeaddrinfo ++ ++#ifdef gai_strerror ++#undef gai_strerror ++#endif ++#define gai_strerror irs_gai_strerror ++ ++int ++getaddrinfo(const char *hostname, const char *servname, ++ const struct addrinfo *hints, struct addrinfo **res); ++ ++int ++getnameinfo(const struct sockaddr *sa, IRS_GETNAMEINFO_SOCKLEN_T salen, ++ char *host, IRS_GETNAMEINFO_BUFLEN_T hostlen, ++ char *serv, IRS_GETNAMEINFO_BUFLEN_T servlen, ++ IRS_GETNAMEINFO_FLAGS_T flags); ++ ++void freeaddrinfo (struct addrinfo *ai); ++ ++IRS_GAISTRERROR_RETURN_T ++gai_strerror(int ecode); ++ ++#endif ++ + /* + * Tell Emacs to use C mode on this file. + * Local variables: +-- +2.26.3 + diff --git a/bind99-rh1205168.patch b/bind99-rh1205168.patch deleted file mode 100644 index d397ce2..0000000 --- a/bind99-rh1205168.patch +++ /dev/null @@ -1,108 +0,0 @@ -diff --git a/lib/irs/include/irs/netdb.h.in b/lib/irs/include/irs/netdb.h.in -index 299928b..4f11cea 100644 ---- a/bind/bind/lib/irs/include/irs/netdb.h.in -+++ b/bind/bind/lib/irs/include/irs/netdb.h.in -@@ -158,6 +158,100 @@ struct addrinfo { - #define NI_DGRAM 0x00000010 - - /* -+ * Define to map into irs_ namespace. -+ */ -+ -+#define IRS_NAMESPACE -+ -+#ifdef IRS_NAMESPACE -+ -+/* -+ * Use our versions not the ones from the C library. -+ */ -+ -+#ifdef getnameinfo -+#undef getnameinfo -+#endif -+#define getnameinfo irs_getnameinfo -+ -+#ifdef getaddrinfo -+#undef getaddrinfo -+#endif -+#define getaddrinfo irs_getaddrinfo -+ -+#ifdef freeaddrinfo -+#undef freeaddrinfo -+#endif -+#define freeaddrinfo irs_freeaddrinfo -+ -+#ifdef gai_strerror -+#undef gai_strerror -+#endif -+#define gai_strerror irs_gai_strerror -+ -+#endif -+ -+extern int getaddrinfo (const char *name, -+ const char *service, -+ const struct addrinfo *req, -+ struct addrinfo **pai); -+extern int getnameinfo (const struct sockaddr *sa, -+ socklen_t salen, char *host, -+ socklen_t hostlen, char *serv, -+ socklen_t servlen, int flags); -+extern void freeaddrinfo (struct addrinfo *ai); -+extern const char *gai_strerror (int ecode); -+ -+/* -+ * Define to map into irs_ namespace. -+ */ -+ -+#define IRS_NAMESPACE -+ -+#ifdef IRS_NAMESPACE -+ -+/* -+ * Use our versions not the ones from the C library. -+ */ -+ -+#ifdef getnameinfo -+#undef getnameinfo -+#endif -+#define getnameinfo irs_getnameinfo -+ -+#ifdef getaddrinfo -+#undef getaddrinfo -+#endif -+#define getaddrinfo irs_getaddrinfo -+ -+#ifdef freeaddrinfo -+#undef freeaddrinfo -+#endif -+#define freeaddrinfo irs_freeaddrinfo -+ -+#ifdef gai_strerror -+#undef gai_strerror -+#endif -+#define gai_strerror irs_gai_strerror -+ -+int -+getaddrinfo(const char *hostname, const char *servname, -+ const struct addrinfo *hints, struct addrinfo **res); -+ -+int -+getnameinfo(const struct sockaddr *sa, IRS_GETNAMEINFO_SOCKLEN_T salen, -+ char *host, IRS_GETNAMEINFO_BUFLEN_T hostlen, -+ char *serv, IRS_GETNAMEINFO_BUFLEN_T servlen, -+ IRS_GETNAMEINFO_FLAGS_T flags); -+ -+void freeaddrinfo (struct addrinfo *ai); -+ -+IRS_GAISTRERROR_RETURN_T -+gai_strerror(int ecode); -+ -+#endif -+ -+/* - * Tell Emacs to use C mode on this file. - * Local variables: - * mode: c --- -2.9.5 - diff --git a/dhcp-statement_parser.patch b/dhcp-statement_parser.patch deleted file mode 100644 index 8e02a6f..0000000 --- a/dhcp-statement_parser.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff --git a/common/parse.c b/common/parse.c -index 386a6321..fc7b39c6 100644 ---- a/common/parse.c -+++ b/common/parse.c -@@ -3,7 +3,7 @@ - Common parser code for dhcpd and dhclient. */ - - /* -- * Copyright (c) 2004-2019 by Internet Systems Consortium, Inc. ("ISC") -+ * Copyright (c) 2004-2021 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1995-2003 by Internet Software Consortium - * - * This Source Code Form is subject to the terms of the Mozilla Public -@@ -5556,13 +5556,14 @@ int parse_X (cfile, buf, max) - skip_to_semi (cfile); - return 0; - } -- convert_num (cfile, &buf [len], val, 16, 8); -- if (len++ > max) { -+ if (len >= max) { - parse_warn (cfile, - "hexadecimal constant too long."); - skip_to_semi (cfile); - return 0; - } -+ convert_num (cfile, &buf [len], val, 16, 8); -+ len++; - token = peek_token (&val, (unsigned *)0, cfile); - if (token == COLON) - token = next_token (&val, diff --git a/dhcp.spec b/dhcp.spec index 02cf5a7..c3f45cf 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -60,10 +60,8 @@ Patch24 : 0024-Detect-system-time-changes.patch Patch25 : 0025-bind-Detect-system-time-changes.patch Patch26 : 0026-Add-dhclient-5-B-option-description.patch Patch27: 0027-Add-missed-sd-notify-patch-to-manage-dhcpd-with-syst.patch - -Patch100: dhcp-statement_parser.patch -Patch101: bind99-rh1205168.patch - +Patch28: 0028-Fix-for-CVE-2021-25217.patch +Patch29: 0029-Use-system-getaddrinfo-for-dhcp.patch BuildRequires: autoconf BuildRequires: automake