diff --git a/SOURCES/dont-drop-bounds-twice.patch b/SOURCES/dont-drop-bounds-twice.patch new file mode 100644 index 0000000..7570a00 --- /dev/null +++ b/SOURCES/dont-drop-bounds-twice.patch @@ -0,0 +1,15 @@ +diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c +index c4ee5ba..1c6531a 100644 +--- a/relay/dhcrelay.c ++++ b/relay/dhcrelay.c +@@ -843,8 +843,8 @@ main(int argc, char **argv) { + #ifdef HAVE_LIBCAP_NG + /* Drop all capabilities */ + if (!keep_capabilities) { +- capng_clear(CAPNG_SELECT_BOTH); +- capng_apply(CAPNG_SELECT_BOTH); ++ capng_clear(CAPNG_SELECT_CAPS); ++ capng_apply(CAPNG_SELECT_CAPS); + log_info ("Dropped all capabilities."); + } + #endif diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec index 3f310ae..bc41b44 100644 --- a/SPECS/dhcp.spec +++ b/SPECS/dhcp.spec @@ -15,7 +15,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.4.2 -Release: 18.b1%{?dist} +Release: 19.b1%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and @@ -67,6 +67,7 @@ Patch30: CVE-2021-25220.patch Patch31: omshell-hmac-sha512-support.patch Patch32: CVE-2022-2928.patch Patch33: CVE-2022-2929.patch +Patch34: dont-drop-bounds-twice.patch BuildRequires: autoconf @@ -508,9 +509,12 @@ done %endif %changelog -* Fri Apr 14 2023 MSVSphere Packaging Team - 4.4.2-18.b1 +* Fri Apr 14 2023 MSVSphere Packaging Team - 12:4.4.2-19.b1 - Rebuilt for MSVSphere 9.2 beta +* Wed Apr 12 2023 Martin Osvald - 12:4.4.2-19.b1 +- Do not drop bounding set twice (#2184965) + * Mon Oct 10 2022 Martin Osvald - 12:4.4.2-18.b1 - Fix for CVE-2022-2928 - Fix for CVE-2022-2929