diff --git a/0001-libndp-fix-CVE-2024-5564.patch b/0001-libndp-fix-CVE-2024-5564.patch new file mode 100644 index 0000000000000000000000000000000000000000..01b44a990ffc51c3e3b6d74e9fe2ff2bd96b73eb --- /dev/null +++ b/0001-libndp-fix-CVE-2024-5564.patch @@ -0,0 +1,34 @@ +From 48f78cbbfa6e7cebec49c3003877c27e81722bf3 Mon Sep 17 00:00:00 2001 +From: dashnfschina +Date: Fri, 5 Jul 2024 03:03:29 -0400 +Subject: [PATCH] 2 + +--- + libndp/libndp.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/libndp/libndp.c b/libndp/libndp.c +index 6314717..72ec92e 100644 +--- a/libndp/libndp.c ++++ b/libndp/libndp.c +@@ -1231,6 +1231,17 @@ static bool ndp_msg_opt_route_check_valid(void *opt_data) + */ + if (((ri->nd_opt_ri_prf_reserved >> 3) & 3) == 2) + return false; ++ ++ /* The Length field is 1, 2, or 3 depending on the Prefix Length. ++ * If Prefix Length is greater than 64, then Length must be 3. ++ * If Prefix Length is greater than 0, then Length must be 2 or 3. ++ * If Prefix Length is zero, then Length must be 1, 2, or 3. ++ */ ++ if (ri->nd_opt_ri_len > 3 || ++ (ri->nd_opt_ri_prefix_len > 64 && ri->nd_opt_ri_len != 3) || ++ (ri->nd_opt_ri_prefix_len > 0 && ri->nd_opt_ri_len == 1)) ++ return false; ++ + return true; + } + +-- +2.18.2 + diff --git a/libndp.spec b/libndp.spec index 9fb348f156ebae158f89651e77b62ffdccb8838d..04c82837c5e9993775490bec8c9c6937d7257ebe 100644 --- a/libndp.spec +++ b/libndp.spec @@ -1,4 +1,4 @@ -%define anolis_release 2 +%define anolis_release 3 Name: libndp Version: 1.8 Release: %{anolis_release}%{?dist} @@ -7,6 +7,8 @@ License: LGPLv2+ URL: http://www.libndp.org/ Source: http://www.libndp.org/files/libndp-%{version}.tar.gz +Patch0: 0001-libndp-fix-CVE-2024-5564.patch + BuildRequires: gcc BuildRequires: make %description @@ -24,6 +26,7 @@ necessary for developing programs using libndp. %prep %setup -q +%patch0 -p1 %build %configure --disable-static @@ -52,6 +55,9 @@ find $RPM_BUILD_ROOT -name \*.la -delete %{_libdir}/pkgconfig/*.pc %changelog +* Fri Jul 05 2024 dash - 1.8-3 +- fix CVE-2024-5564 + * Mon Oct 24 2022 mgb01105731 - 1.8-2 - optimise spec file