From bb3be569e37d9f06cbc6b654d684c778b4906ba7 Mon Sep 17 00:00:00 2001 From: kuzma kazygashev Date: Thu, 20 Sep 2012 17:49:36 +0700 Subject: [PATCH] Revert "Security fix CVE-2012-3955" This reverts commit 5db2ea2fb3a8fd0ece5512188d39594f50b436b6. --- dhcp-4.1.1-P1-CVE-2012-3955.patch | 121 ------------------------------ dhcp.spec | 6 +- 2 files changed, 1 insertion(+), 126 deletions(-) delete mode 100644 dhcp-4.1.1-P1-CVE-2012-3955.patch diff --git a/dhcp-4.1.1-P1-CVE-2012-3955.patch b/dhcp-4.1.1-P1-CVE-2012-3955.patch deleted file mode 100644 index 49fe5ee..0000000 --- a/dhcp-4.1.1-P1-CVE-2012-3955.patch +++ /dev/null @@ -1,121 +0,0 @@ -diff -rup dhcp-4.1-ESV-R6/server/dhcpv6.c dhcp-4.1-ESV-R7/server/dhcpv6.c ---- dhcp-4.1-ESV-R6/server/dhcpv6.c 2012-07-13 08:11:52.000000000 +0200 -+++ dhcp-4.1-ESV-R7/server/dhcpv6.c 2012-08-23 20:23:54.000000000 +0200 -@@ -1830,9 +1830,6 @@ reply_process_ia_na(struct reply_state * - ia_reference(&tmp->ia, reply->ia, MDL); - - /* Commit 'hard' bindings. */ -- tmp->hard_lifetime_end_time = -- tmp->soft_lifetime_end_time; -- tmp->soft_lifetime_end_time = 0; - renew_lease6(tmp->ipv6_pool, tmp); - schedule_lease_timeout(tmp->ipv6_pool); - -@@ -2489,9 +2486,6 @@ reply_process_ia_ta(struct reply_state * - ia_reference(&tmp->ia, reply->ia, MDL); - - /* Commit 'hard' bindings. */ -- tmp->hard_lifetime_end_time = -- tmp->soft_lifetime_end_time; -- tmp->soft_lifetime_end_time = 0; - renew_lease6(tmp->ipv6_pool, tmp); - schedule_lease_timeout(tmp->ipv6_pool); - -@@ -3359,9 +3353,6 @@ reply_process_ia_pd(struct reply_state * - ia_reference(&tmp->ia, reply->ia, MDL); - - /* Commit 'hard' bindings. */ -- tmp->hard_lifetime_end_time = -- tmp->soft_lifetime_end_time; -- tmp->soft_lifetime_end_time = 0; - renew_lease6(tmp->ipv6_pool, tmp); - schedule_lease_timeout(tmp->ipv6_pool); - } -diff -rup dhcp-4.1-ESV-R6/server/mdb6.c dhcp-4.1-ESV-R7/server/mdb6.c ---- dhcp-4.1-ESV-R6/server/mdb6.c 2012-07-13 08:11:52.000000000 +0200 -+++ dhcp-4.1-ESV-R7/server/mdb6.c 2012-08-23 20:23:54.000000000 +0200 -@@ -375,6 +378,8 @@ void - ia_remove_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt, - const char *file, int line) { - int i, j; -+ if (ia == NULL || iasubopt == NULL) -+ return; - - for (i=0; inum_iasubopt; i++) { - if (ia->iasubopt[i] == iasubopt) { -@@ -1234,29 +1239,49 @@ move_lease_to_active(struct ipv6_pool *p - return insert_result; - } - --/* -- * Renew an lease in the pool. -+/*! -+ * \brief Renew a lease in the pool. -+ * -+ * The hard_lifetime_end_time of the lease should be set to -+ * the current expiration time. -+ * The soft_lifetime_end_time of the lease should be set to -+ * the desired expiration time. -+ * -+ * This routine will compare the two and call the correct -+ * heap routine to move the lease. If the lease is active -+ * and the new expiration time is greater (the normal case) -+ * then we call isc_heap_decreased() as a larger time is a -+ * lower priority. If the new expiration time is less then -+ * we call isc_heap_increased(). -+ * -+ * If the lease is abandoned then it will be on the active list -+ * and we will always call isc_heap_increased() as the previous -+ * expiration would have been all 1s (as close as we can get -+ * to infinite). -+ * -+ * If the lease is moving to active we call that routine -+ * which will move it from the inactive list to the active list. - * -- * To do this, first set the new hard_lifetime_end_time for the resource, -- * and then invoke renew_lease6() on it. -+ * \param pool a pool the lease belongs to -+ * \param lease the lease to be renewed - * -- * WARNING: lease times must only be extended, never reduced!!! -+ * \return result of the renew operation (ISC_R_SUCCESS if successful, -+ ISC_R_NOMEMORY when run out of memory) - */ - isc_result_t - renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease) { -- /* -- * If we're already active, then we can just move our expiration -- * time down the heap. -- * -- * If we're abandoned then we are already on the active list -- * but we need to retag the lease and move our expiration -- * from infinite to the current value -- * -- * Otherwise, we have to move from the inactive heap to the -- * active heap. -- */ -+ time_t old_end_time = lease->hard_lifetime_end_time; -+ lease->hard_lifetime_end_time = lease->soft_lifetime_end_time; -+ lease->soft_lifetime_end_time = 0; -+ - if (lease->state == FTS_ACTIVE) { -- isc_heap_decreased(pool->active_timeouts, lease->heap_index); -+ if (old_end_time <= lease->hard_lifetime_end_time) { -+ isc_heap_decreased(pool->active_timeouts, -+ lease->heap_index); -+ } else { -+ isc_heap_increased(pool->active_timeouts, -+ lease->heap_index); -+ } - return ISC_R_SUCCESS; - } else if (lease->state == FTS_ABANDONED) { - char tmp_addr[INET6_ADDRSTRLEN]; -@@ -1382,7 +1407,7 @@ release_lease6(struct ipv6_pool *pool, s - * Create a prefix by hashing the input, and using that for - * the part subject to allocation. - */ --static void -+void - build_prefix6(struct in6_addr *pref, - const struct in6_addr *net_start_pref, - int pool_bits, int pref_bits, diff --git a/dhcp.spec b/dhcp.spec index 5b8cb63..69288a1 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -5,7 +5,7 @@ Summary: The ISC DHCP (Dynamic Host Configuration Protocol) server/relay agent/c Name: dhcp Epoch: 3 Version: 4.2.1 -Release: %mkrel 0.%{pver}.3 +Release: %mkrel 0.%{pver}.2 License: Distributable Group: System/Servers URL: https://www.isc.org/software/dhcp @@ -31,7 +31,6 @@ Patch7: dhcp-4.1.1-prevent_wireless_deassociation.patch # redhat bug #587070 Patch9: dhcp-4.1.1-useless-wait.patch Patch10: dhcp-4.2.1-P1-CVE-2011-2748,2749.diff -Patch11: dhcp-4.1.1-P1-CVE-2012-3955.patch BuildRequires: perl groff-for-man BuildRequires: openldap-devel Provides: dhcpd @@ -340,9 +339,6 @@ rm -rf %{buildroot} %changelog -* Wed Sep 19 2012 Kuzma Kazygashev -- Security fix for CVE-2012-3955 - * Thu Aug 18 2011 Oden Eriksson 3:4.2.1-0.P1.2mdv2011.0 + Revision: 695144 - actually use the correct friggin patch...