From e4668526417a3db6081105b27a966321f2245e9a Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 22 Sep 2023 16:17:18 +0300 Subject: [PATCH] import dhcp-4.4.2-19.b1.el9 --- SOURCES/dont-drop-bounds-twice.patch | 15 +++++++++++++++ SPECS/dhcp.spec | 6 +++++- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 SOURCES/dont-drop-bounds-twice.patch diff --git a/SOURCES/dont-drop-bounds-twice.patch b/SOURCES/dont-drop-bounds-twice.patch new file mode 100644 index 0000000..7570a00 --- /dev/null +++ b/SOURCES/dont-drop-bounds-twice.patch @@ -0,0 +1,15 @@ +diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c +index c4ee5ba..1c6531a 100644 +--- a/relay/dhcrelay.c ++++ b/relay/dhcrelay.c +@@ -843,8 +843,8 @@ main(int argc, char **argv) { + #ifdef HAVE_LIBCAP_NG + /* Drop all capabilities */ + if (!keep_capabilities) { +- capng_clear(CAPNG_SELECT_BOTH); +- capng_apply(CAPNG_SELECT_BOTH); ++ capng_clear(CAPNG_SELECT_CAPS); ++ capng_apply(CAPNG_SELECT_CAPS); + log_info ("Dropped all capabilities."); + } + #endif diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec index ce39e57..1a63ec3 100644 --- a/SPECS/dhcp.spec +++ b/SPECS/dhcp.spec @@ -15,7 +15,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.4.2 -Release: 18.b1%{?dist} +Release: 19.b1%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and @@ -67,6 +67,7 @@ Patch30: CVE-2021-25220.patch Patch31: omshell-hmac-sha512-support.patch Patch32: CVE-2022-2928.patch Patch33: CVE-2022-2929.patch +Patch34: dont-drop-bounds-twice.patch BuildRequires: autoconf @@ -508,6 +509,9 @@ done %endif %changelog +* Wed Apr 12 2023 Martin Osvald - 12:4.4.2-19.b1 +- Do not drop bounding set twice (#2184965) + * Mon Oct 10 2022 Martin Osvald - 12:4.4.2-18.b1 - Fix for CVE-2022-2928 - Fix for CVE-2022-2929