aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2014-09-12 09:29:57 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2014-09-12 09:47:28 +0000
commit6bdb184bee8ac9364997e653cb3a30759d5096a0 (patch)
treef1069f6114200bd8941803a644236992680b6052
parenta697949d338c950eaabe908b07a86bca96983d87 (diff)
downloadaports-6bdb184bee8ac9364997e653cb3a30759d5096a0.tar.bz2
aports-6bdb184bee8ac9364997e653cb3a30759d5096a0.tar.xz
main/dhcpcd: fix CVE-2014-6060
fixes #3357
Diffstat
-rw-r--r--main/dhcpcd/APKBUILD13
-rw-r--r--main/dhcpcd/CVE-2014-6060.patch24
2 files changed, 36 insertions, 1 deletions
diff --git a/main/dhcpcd/APKBUILD b/main/dhcpcd/APKBUILD
index 33ac08f8ea..e51719d9ca 100644
--- a/main/dhcpcd/APKBUILD
+++ b/main/dhcpcd/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=dhcpcd
pkgver=5.6.2
-pkgrel=0
+pkgrel=1
pkgdesc="RFC2131 compliant DHCP client"
url="http://roy.marples.name/projects/dhcpcd/"
arch="all"
@@ -12,8 +12,18 @@ makedepends=
install=
subpackages="$pkgname-doc"
source="http://roy.marples.name/downloads/dhcpcd/$pkgname-$pkgver.tar.bz2
+ CVE-2014-6060.patch
dhcpcd.initd"
+prepare() {
+ cd "$srcdir/$pkgname-$pkgver"
+ for i in $source; do
+ case $i in
+ *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+ esac
+ done
+}
+
build() {
cd "$srcdir/$pkgname-$pkgver"
./configure --libexecdir=/lib/dhcpcd \
@@ -29,4 +39,5 @@ package() {
}
md5sums="fbd0d12ae335beed1fd2c3afd7859af9 dhcpcd-5.6.2.tar.bz2
+bb314ebc6bdf643ee2621b78b934b133 CVE-2014-6060.patch
ecbd807cf3f87d7c5b6095bf63f26894 dhcpcd.initd"
diff --git a/main/dhcpcd/CVE-2014-6060.patch b/main/dhcpcd/CVE-2014-6060.patch
new file mode 100644
index 0000000000..d16ad188ad
--- /dev/null
+++ b/main/dhcpcd/CVE-2014-6060.patch
@@ -0,0 +1,24 @@
+Index: dhcp.c
+==================================================================
+--- a/dhcp.c
++++ b/dhcp.c
+@@ -201,13 +201,16 @@
+ e = p + sizeof(dhcp->servername);
+ } else
+ goto exit;
+ break;
+ case DHO_OPTIONSOVERLOADED:
+- /* Ensure we only get this option once */
++ /* Ensure we only get this option once by setting
++ * the last bit as well as the value.
++ * This is valid because only the first two bits
++ * actually mean anything in RFC2132 Section 9.3 */
+ if (!overl)
+- overl = p[1];
++ overl = 0x80 | p[1];
+ break;
+ }
+ l = *p++;
+ p += l;
+ }
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 23:09:37 +0000