rpms/dhcp/F-11 dhcp-4.1.0p1-CVE-2010-2156.patch, NONE, 1.1 dhcp.spec, 1.265, 1.266

Jiří Popelka jpopelka at fedoraproject.org
Fri Jun 18 12:09:35 UTC 2010 

Author: jpopelka

Update of /cvs/pkgs/rpms/dhcp/F-11
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv27201

Modified Files:
	dhcp.spec 
Added Files:
	dhcp-4.1.0p1-CVE-2010-2156.patch 
Log Message:
* Fri Jun 18 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.0p1-6
- Fix for CVE-2010-2156


dhcp-4.1.0p1-CVE-2010-2156.patch:
 hash.c |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

--- NEW FILE dhcp-4.1.0p1-CVE-2010-2156.patch ---
diff -up dhcp-4.1.0p1/omapip/hash.c.CVE-2010-2156 dhcp-4.1.0p1/omapip/hash.c
--- dhcp-4.1.0p1/omapip/hash.c.CVE-2010-2156	2007-11-07 20:42:18.000000000 +0100
+++ dhcp-4.1.0p1/omapip/hash.c	2010-06-18 14:02:22.000000000 +0200
@@ -49,8 +49,14 @@ find_length(const void *key,
 	if (do_hash == do_ip4_hash)
 		return 4;
 
-	log_fatal("Impossible condition at %s:%d.", MDL);
-	return 0; /* Silence compiler warnings. */
+	log_debug("Unexpected hash function at %s:%d.", MDL);
+	/*
+	 * If we get a hash function we don't specifically expect
+	 * return a length of 0, this covers the case where a client
+	 * id has a length of 0.
+	 */
+	return 0;
+	
 }
 
 int new_hash_table (tp, count, file, line)


Index: dhcp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dhcp/F-11/dhcp.spec,v
retrieving revision 1.265
retrieving revision 1.266
diff -u -p -r1.265 -r1.266
--- dhcp.spec	13 Oct 2009 10:27:04 -0000	1.265
+++ dhcp.spec	18 Jun 2010 12:09:34 -0000	1.266
@@ -13,7 +13,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  %{basever}p1
-Release:  5%{?dist}
+Release:  6%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -52,6 +52,7 @@ Patch18:  %{name}-4.1.0-missing-ipv6-not
 Patch19:  %{name}-4.1.0-IFNAMSIZ.patch
 Patch20:  %{name}-4.1.0-add_timeout_when_NULL.patch
 Patch21:  %{name}-4.1.0-CVE-2009-1892.patch
+Patch22:  %{name}-4.1.0p1-CVE-2010-2156.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: autoconf
@@ -206,6 +207,10 @@ libdhcpctl and libomapi static libraries
 # http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1892
 %patch21 -p1
 
+# Fix for CVE-2010-2156
+# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2156
+%patch22 -p1
+
 # Copy in documentation and example scripts for LDAP patch to dhcpd
 %{__install} -p -m 0755 ldap-for-dhcp-%{ldappatchver}/dhcpd-conf-to-ldap contrib/
 
@@ -460,6 +465,9 @@ fi
 %attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
 
 %changelog
+* Fri Jun 18 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.0p1-6
+- Fix for CVE-2010-2156
+
 * Tue Oct 13 2009 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.0p1-5
 - Fix 56dhclient so network comes back after suspend/hibernate (#527641)

More information about the scm-commits mailing list