diff --git a/dhcp-4.2.0-P2-CVE-2011-0413.patch b/dhcp-4.2.0-P2-CVE-2011-0413.patch new file mode 100644 index 0000000..f054d1f --- /dev/null +++ b/dhcp-4.2.0-P2-CVE-2011-0413.patch @@ -0,0 +1,47 @@ +diff -up dhcp-4.2.0-P2/server/mdb6.c.CVE-2011-0413 dhcp-4.2.0-P2/server/mdb6.c +--- dhcp-4.2.0-P2/server/mdb6.c.CVE-2011-0413 2010-02-17 21:33:56.000000000 +0100 ++++ dhcp-4.2.0-P2/server/mdb6.c 2011-01-27 17:32:39.000000000 +0100 +@@ -1010,7 +1010,7 @@ move_lease_to_active(struct ipv6_pool *p + * Renew an lease in the pool. + * + * To do this, first set the new hard_lifetime_end_time for the resource, +- * and then invoke renew_lease() on it. ++ * and then invoke renew_lease6() on it. + * + * WARNING: lease times must only be extended, never reduced!!! + */ +@@ -1020,12 +1020,24 @@ renew_lease6(struct ipv6_pool *pool, str + * If we're already active, then we can just move our expiration + * time down the heap. + * ++ * If we're abandoned then we are already on the active list ++ * but we need to retag the lease and move our expiration ++ * from infinite to the current value ++ * + * Otherwise, we have to move from the inactive heap to the + * active heap. + */ + if (lease->state == FTS_ACTIVE) { + isc_heap_decreased(pool->active_timeouts, lease->heap_index); + return ISC_R_SUCCESS; ++ } else if (lease->state == FTS_ABANDONED) { ++ char tmp_addr[INET6_ADDRSTRLEN]; ++ lease->state = FTS_ACTIVE; ++ isc_heap_increased(pool->active_timeouts, lease->heap_index); ++ log_info("Reclaiming previously abandoned address %s", ++ inet_ntop(AF_INET6, &(lease->addr), tmp_addr, ++ sizeof(tmp_addr))); ++ return ISC_R_SUCCESS; + } else { + return move_lease_to_active(pool, lease); + } +@@ -1115,7 +1127,8 @@ isc_result_t + decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease) { + isc_result_t result; + +- if (lease->state != FTS_ACTIVE) { ++ if ((lease->state != FTS_ACTIVE) && ++ (lease->state != FTS_ABANDONED)) { + result = move_lease_to_active(pool, lease); + if (result != ISC_R_SUCCESS) { + return result; diff --git a/dhcp.spec b/dhcp.spec index a5ef00f..ceeefd6 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -12,7 +12,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.2.0 -Release: 18.%{patchver}%{?dist} +Release: 19.%{patchver}%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -65,6 +65,7 @@ Patch31: dhcp-4.2.0-noprefixavail.patch Patch32: dhcp-4.2.0-PPP.patch Patch33: dhcp-4.2.0-P2-omapi.patch Patch34: dhcp-4.2.0-P2-ldap-configuration.patch +Patch35: dhcp-4.2.0-P2-CVE-2011-0413.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: autoconf @@ -269,6 +270,9 @@ libdhcpctl and libomapi static libraries are also included in this package. # Fix loading of configuration when LDAP is used (#668276) %patch34 -p1 -b .ldap-configuration +# CVE-2011-0413: Unexpected abort caused by a DHCPv6 decline message (#672996) +%patch35 -p1 -b .CVE-2011-0413 + # Copy in the Fedora/RHEL dhclient script %{__install} -p -m 0755 %{SOURCE4} client/scripts/linux %{__install} -p -m 0644 %{SOURCE5} . @@ -550,6 +554,9 @@ fi %attr(0644,root,root) %{_mandir}/man3/omapi.3.gz %changelog +* Thu Jan 27 2011 Jiri Popelka - 12:4.2.0-19.P2 +- CVE-2011-0413: Unexpected abort caused by a DHCPv6 decline message (#672996) + * Thu Jan 13 2011 Jiri Popelka - 12:4.2.0-18.P2 - Fix loading of configuration when LDAP is used (#668276)