From d49e4696113e16bf21882f3274f6109b4eaed09f Mon Sep 17 00:00:00 2001 From: anolis-bot Date: Tue, 16 May 2023 18:45:24 +0800 Subject: [PATCH 1/3] update to dhcp-4.3.6-49.el8 Signed-off-by: anolis-bot --- 0001-dhcp-anolis-rebrand.patch | 25 ------------------------- dhcp-CVE-2022-2928.patch | 32 ++++++++++++++++++++++++++++++++ dhcp-CVE-2022-2929.patch | 25 +++++++++++++++++++++++++ dhcp.spec | 34 ++++++++++++++++------------------ dist | 2 +- 5 files changed, 74 insertions(+), 44 deletions(-) delete mode 100644 0001-dhcp-anolis-rebrand.patch create mode 100644 dhcp-CVE-2022-2928.patch create mode 100644 dhcp-CVE-2022-2929.patch diff --git a/0001-dhcp-anolis-rebrand.patch b/0001-dhcp-anolis-rebrand.patch deleted file mode 100644 index 2a14960..0000000 --- a/0001-dhcp-anolis-rebrand.patch +++ /dev/null @@ -1,25 +0,0 @@ -From d319974cc9cf532adccfea235d2a1c3e80d47fe9 Mon Sep 17 00:00:00 2001 -From: yangxiaoxuan -Date: Mon, 25 Jan 2021 22:10:36 +0800 -Subject: [PATCH] dhcp anolis rebrand - ---- - omapip/errwarn.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/omapip/errwarn.c b/omapip/errwarn.c -index f1f6fcd..be425e5 100644 ---- a/omapip/errwarn.c -+++ b/omapip/errwarn.c -@@ -57,7 +57,7 @@ char * bug_report_url(void) { - size_t url_len = 256; - - url = (char *) malloc(url_len * sizeof(char)); -- strcpy(url, "https://bugzilla.redhat.com/"); -+ strcpy(url, "https://bugzilla.openanolis.cn/"); - - if (!file) - return url; --- -2.18.2 - diff --git a/dhcp-CVE-2022-2928.patch b/dhcp-CVE-2022-2928.patch new file mode 100644 index 0000000..485b1d8 --- /dev/null +++ b/dhcp-CVE-2022-2928.patch @@ -0,0 +1,32 @@ +diff --git a/common/options.c b/common/options.c +index ed8ac38..addc65a 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -4397,6 +4397,8 @@ add_option(struct option_state *options, + if (!option_cache_allocate(&oc, MDL)) { + log_error("No memory for option cache adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + return 0; + } + +@@ -4408,6 +4410,8 @@ add_option(struct option_state *options, + MDL)) { + log_error("No memory for constant data adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + option_cache_dereference(&oc, MDL); + return 0; + } +@@ -4416,6 +4420,9 @@ add_option(struct option_state *options, + save_option(&dhcp_universe, options, oc); + option_cache_dereference(&oc, MDL); + ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); ++ + return 1; + } + diff --git a/dhcp-CVE-2022-2929.patch b/dhcp-CVE-2022-2929.patch new file mode 100644 index 0000000..d719bf6 --- /dev/null +++ b/dhcp-CVE-2022-2929.patch @@ -0,0 +1,25 @@ +diff --git a/common/options.c b/common/options.c +index addc65a..3e6383a 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -435,16 +435,16 @@ int fqdn_universe_decode (struct option_state *options, + while (s < &bp -> data[0] + length + 2) { + len = *s; + if (len > 63) { +- log_info ("fancy bits in fqdn option"); +- return 0; ++ log_info ("label length exceeds 63 in fqdn option"); ++ goto bad; + } + if (len == 0) { + terminated = 1; + break; + } + if (s + len > &bp -> data [0] + length + 3) { +- log_info ("fqdn tag longer than buffer"); +- return 0; ++ log_info ("fqdn label longer than buffer"); ++ goto bad; + } + + if (first_len == 0) { diff --git a/dhcp.spec b/dhcp.spec index 4a84244..2c1428d 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -1,7 +1,6 @@ # SystemTap support is disabled by default %{!?sdt:%global sdt 0} -%define anolis_release .0.1 #http://lists.fedoraproject.org/pipermail/devel/2011-August/155358.html %global _hardened_build 1 @@ -17,7 +16,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.3.6 -Release: 48%{anolis_release}%{?dist}.1 +Release: 49%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -86,12 +85,9 @@ Patch49: dhcp-detect-system-time-jumps.patch Patch50: dhcp-key_algorithm.patch Patch51: dhcp-statement_parser.patch Patch52: dhcp-omshell-hmac-sha512-support.patch -Patch53: dhcp-dhcp6-vendor-opts.patch - -#Add by anolis -Patch1001: 0001-dhcp-anolis-rebrand.patch - -#end +Patch53: dhcp-CVE-2022-2928.patch +Patch54: dhcp-CVE-2022-2929.patch +Patch55: dhcp-dhcp6-vendor-opts.patch BuildRequires: autoconf BuildRequires: automake @@ -376,9 +372,15 @@ rm bind/bind.tar.gz # https://bugzilla.redhat.com/show_bug.cgi?id=2016248 %patch52 -p1 -# https://bugzilla.redhat.com/show_bug.cgi?id=2142025 +# https://bugzilla.redhat.com/show_bug.cgi?id=2132248 %patch53 -p1 +# https://bugzilla.redhat.com/show_bug.cgi?id=2132245 +%patch54 -p1 + +# https://bugzilla.redhat.com/show_bug.cgi?id=2142024 +%patch55 -p1 + # Update paths in all man pages for page in client/dhclient.conf.5 client/dhclient.leases.5 \ client/dhclient-script.8 client/dhclient.8 ; do @@ -395,15 +397,13 @@ for page in server/dhcpd.conf.5 server/dhcpd.leases.5 server/dhcpd.8 ; do -e 's|ETCDIR|%{dhcpconfdir}|g' $page done -%patch1001 -p1 - sed -i -e 's|/var/db/|%{_localstatedir}/lib/dhcpd/|g' contrib/dhcp-lease-list.pl %build #libtoolize --copy --force autoreconf --verbose --force --install -CFLAGS="%{optflags} -fno-strict-aliasing -fcommon" \ +CFLAGS="%{optflags} -fno-strict-aliasing" \ %configure \ --with-srv-lease-file=%{_localstatedir}/lib/dhcpd/dhcpd.leases \ --with-srv6-lease-file=%{_localstatedir}/lib/dhcpd/dhcpd6.leases \ @@ -714,12 +714,10 @@ done %endif %changelog -* Mon Jan 30 2023 yangxiaoxuan - 12:4.3.6-48.0.1.1 -- Rebrand for Anolis OS -- Fix gcc10 -fno-common compile issue for compatible with gcc10 build - -* Sun Nov 20 2022 Martin Osvald - 12:4.3.6-48.1 -- send back dhcp6.vendor-opts again (#2142025) +* Tue Oct 11 2022 Martin Osvald - 12:4.3.6-49 +- Fix for CVE-2022-2928 +- Fix for CVE-2022-2929 +- send back dhcp6.vendor-opts again (#2142024) * Tue May 10 2022 Martin Osvald - 12:4.3.6-48 - omshell: add support for hmac-sha512 algorithm (#2016248) diff --git a/dist b/dist index 535c690..9c0e36e 100644 --- a/dist +++ b/dist @@ -1 +1 @@ -an8_7 +an8 -- Gitee From 2def3bae922fc8677b81b033fd1868d1541c564c Mon Sep 17 00:00:00 2001 From: yangxiaoxuan Date: Mon, 25 Jan 2021 23:09:37 +0800 Subject: [PATCH 2/3] rebrand: rebrand for anolis Signed-off-by: yangxiaoxuan Change-Id: Ibdb49ddee2e62f880cc2b33c237cd76ec4757ec6 --- 0001-dhcp-anolis-rebrand.patch | 25 +++++++++++++++++++++++++ dhcp.spec | 13 ++++++++++++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 0001-dhcp-anolis-rebrand.patch diff --git a/0001-dhcp-anolis-rebrand.patch b/0001-dhcp-anolis-rebrand.patch new file mode 100644 index 0000000..2a14960 --- /dev/null +++ b/0001-dhcp-anolis-rebrand.patch @@ -0,0 +1,25 @@ +From d319974cc9cf532adccfea235d2a1c3e80d47fe9 Mon Sep 17 00:00:00 2001 +From: yangxiaoxuan +Date: Mon, 25 Jan 2021 22:10:36 +0800 +Subject: [PATCH] dhcp anolis rebrand + +--- + omapip/errwarn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/omapip/errwarn.c b/omapip/errwarn.c +index f1f6fcd..be425e5 100644 +--- a/omapip/errwarn.c ++++ b/omapip/errwarn.c +@@ -57,7 +57,7 @@ char * bug_report_url(void) { + size_t url_len = 256; + + url = (char *) malloc(url_len * sizeof(char)); +- strcpy(url, "https://bugzilla.redhat.com/"); ++ strcpy(url, "https://bugzilla.openanolis.cn/"); + + if (!file) + return url; +-- +2.18.2 + diff --git a/dhcp.spec b/dhcp.spec index 2c1428d..c95bf74 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -1,6 +1,7 @@ # SystemTap support is disabled by default %{!?sdt:%global sdt 0} +%define anolis_release .0.1 #http://lists.fedoraproject.org/pipermail/devel/2011-August/155358.html %global _hardened_build 1 @@ -16,7 +17,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.3.6 -Release: 49%{?dist} +Release: 49%{anolis_release}%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -89,6 +90,11 @@ Patch53: dhcp-CVE-2022-2928.patch Patch54: dhcp-CVE-2022-2929.patch Patch55: dhcp-dhcp6-vendor-opts.patch +#Add by anolis +Patch1001: 0001-dhcp-anolis-rebrand.patch + +#end + BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -397,6 +403,8 @@ for page in server/dhcpd.conf.5 server/dhcpd.leases.5 server/dhcpd.8 ; do -e 's|ETCDIR|%{dhcpconfdir}|g' $page done +%patch1001 -p1 + sed -i -e 's|/var/db/|%{_localstatedir}/lib/dhcpd/|g' contrib/dhcp-lease-list.pl %build @@ -714,6 +722,9 @@ done %endif %changelog +* Fri May 26 2023 yangxiaoxuan - 12:4.3.6-49.0.1 +- Rebrand for Anolis OS + * Tue Oct 11 2022 Martin Osvald - 12:4.3.6-49 - Fix for CVE-2022-2928 - Fix for CVE-2022-2929 -- Gitee From 761afccc21285c97a953a775b1e94960442413d9 Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Fri, 25 Sep 2020 15:00:40 +0800 Subject: [PATCH 3/3] spec: [gcc10] Fix gcc10 -fno-common compile issue until upstream fixes this change has given better compatible with gcc10 toolchain, should be maintained util upstream fixes 'multiple definition ...' warnings Fix gcc10 -fno-common compile issue for compatible with gcc10 build Signed-off-by: weitao zhou --- dhcp.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dhcp.spec b/dhcp.spec index c95bf74..4c882f4 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -411,7 +411,7 @@ sed -i -e 's|/var/db/|%{_localstatedir}/lib/dhcpd/|g' contrib/dhcp-lease-list.pl #libtoolize --copy --force autoreconf --verbose --force --install -CFLAGS="%{optflags} -fno-strict-aliasing" \ +CFLAGS="%{optflags} -fno-strict-aliasing -fcommon" \ %configure \ --with-srv-lease-file=%{_localstatedir}/lib/dhcpd/dhcpd.leases \ --with-srv6-lease-file=%{_localstatedir}/lib/dhcpd/dhcpd6.leases \ @@ -724,6 +724,7 @@ done %changelog * Fri May 26 2023 yangxiaoxuan - 12:4.3.6-49.0.1 - Rebrand for Anolis OS +- Fix gcc10 -fno-common compile issue for compatible with gcc10 build * Tue Oct 11 2022 Martin Osvald - 12:4.3.6-49 - Fix for CVE-2022-2928 -- Gitee