diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-09-12 09:29:57 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-09-12 09:47:28 +0000 |
commit | 6bdb184bee8ac9364997e653cb3a30759d5096a0 (patch) | |
tree | f1069f6114200bd8941803a644236992680b6052 | |
parent | a697949d338c950eaabe908b07a86bca96983d87 (diff) | |
download | aports-6bdb184bee8ac9364997e653cb3a30759d5096a0.tar.bz2 aports-6bdb184bee8ac9364997e653cb3a30759d5096a0.tar.xz |
main/dhcpcd: fix CVE-2014-6060
fixes #3357
-rw-r--r-- | main/dhcpcd/APKBUILD | 13 | ||||
-rw-r--r-- | main/dhcpcd/CVE-2014-6060.patch | 24 |
2 files changed, 36 insertions, 1 deletions
diff --git a/main/dhcpcd/APKBUILD b/main/dhcpcd/APKBUILD index 33ac08f8ea..e51719d9ca 100644 --- a/main/dhcpcd/APKBUILD +++ b/main/dhcpcd/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=dhcpcd pkgver=5.6.2 -pkgrel=0 +pkgrel=1 pkgdesc="RFC2131 compliant DHCP client" url="http://roy.marples.name/projects/dhcpcd/" arch="all" @@ -12,8 +12,18 @@ makedepends= install= subpackages="$pkgname-doc" source="http://roy.marples.name/downloads/dhcpcd/$pkgname-$pkgver.tar.bz2 + CVE-2014-6060.patch dhcpcd.initd" +prepare() { + cd "$srcdir/$pkgname-$pkgver" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} + build() { cd "$srcdir/$pkgname-$pkgver" ./configure --libexecdir=/lib/dhcpcd \ @@ -29,4 +39,5 @@ package() { } md5sums="fbd0d12ae335beed1fd2c3afd7859af9 dhcpcd-5.6.2.tar.bz2 +bb314ebc6bdf643ee2621b78b934b133 CVE-2014-6060.patch ecbd807cf3f87d7c5b6095bf63f26894 dhcpcd.initd" diff --git a/main/dhcpcd/CVE-2014-6060.patch b/main/dhcpcd/CVE-2014-6060.patch new file mode 100644 index 0000000000..d16ad188ad --- /dev/null +++ b/main/dhcpcd/CVE-2014-6060.patch @@ -0,0 +1,24 @@ +Index: dhcp.c +================================================================== +--- a/dhcp.c ++++ b/dhcp.c +@@ -201,13 +201,16 @@ + e = p + sizeof(dhcp->servername); + } else + goto exit; + break; + case DHO_OPTIONSOVERLOADED: +- /* Ensure we only get this option once */ ++ /* Ensure we only get this option once by setting ++ * the last bit as well as the value. ++ * This is valid because only the first two bits ++ * actually mean anything in RFC2132 Section 9.3 */ + if (!overl) +- overl = p[1]; ++ overl = 0x80 | p[1]; + break; + } + l = *p++; + p += l; + } + |