diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2021-09-17 04:17:57 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2021-09-17 17:59:52 +0200 |
commit | 216e5284961bf8c173702c05ba4329cfaca9015f (patch) | |
tree | 3c56f60ee4f8b5e724c91dec4c1aa9ab4a931af3 /source/n/dhcpcd/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch | |
parent | d4dd1e8c22c4ac031b6dd8997701d97385f7feac (diff) | |
download | current-216e5284961bf8c173702c05ba4329cfaca9015f.tar.gz |
Fri Sep 17 04:17:57 UTC 202120210917041757
a/cryptsetup-2.4.1-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.0-noarch-5.txz: Rebuilt.
Stop D-Bus after NFS partitions are unmounted to avoid a hang.
Thanks to vulcan59 and bassmadrigal.
ap/sudo-1.9.8p1-x86_64-1.txz: Upgraded.
l/fftw-3.3.10-x86_64-1.txz: Upgraded.
l/libxkbcommon-1.3.1-x86_64-1.txz: Upgraded.
l/pipewire-0.3.36-x86_64-1.txz: Upgraded.
n/dhcpcd-9.4.0-x86_64-2.txz: Rebuilt.
Applied upstream patch:
DHCP6: Only send FQDN for SOLICIT, REQUEST, RENEW, or REBIND messages.
Thanks to marav.
n/httpd-2.4.49-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]
core: ap_escape_quotes buffer overflow
mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]
core: null pointer dereference on malformed request
mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
(* Security fix *)
x/ibus-libpinyin-1.12.1-x86_64-1.txz: Upgraded.
x/libpinyin-2.6.1-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-91.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.1.1/releasenotes/
Diffstat (limited to 'source/n/dhcpcd/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch')
-rw-r--r-- | source/n/dhcpcd/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/source/n/dhcpcd/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch b/source/n/dhcpcd/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch new file mode 100644 index 00000000..8f6a0075 --- /dev/null +++ b/source/n/dhcpcd/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch @@ -0,0 +1,119 @@ +From 2fae4a113c3e736d585dd300ca6c8fddae300503 Mon Sep 17 00:00:00 2001 +From: Roy Marples <roy@marples.name> +Date: Tue, 31 Aug 2021 10:57:44 +0100 +Subject: [PATCH] DHCP6: Only send FQDN for SOLICIT, REQUEST, RENEW, or REBIND messages. + +As per RFC 4704 section 5. +Fixes #44. +--- + src/dhcp6.c | 79 +++++++++++++++++++++++++++++++++------------------------- + 1 files changed, 45 insertions(+), 34 deletions(-) + +diff --git a/src/dhcp6.c b/src/dhcp6.c +index f355418..9c818b3 100644 +--- a/src/dhcp6.c ++++ b/src/dhcp6.c +@@ -637,7 +637,7 @@ dhcp6_makemessage(struct interface *ifp) + uint8_t type; + uint16_t si_len, uni_len, n_options; + uint8_t *o_lenp; +- struct if_options *ifo; ++ struct if_options *ifo = ifp->options; + const struct dhcp_opt *opt, *opt2; + const struct ipv6_addr *ap; + char hbuf[HOSTNAME_MAX_LEN + 1]; +@@ -658,8 +658,50 @@ dhcp6_makemessage(struct interface *ifp) + state->send = NULL; + } + +- ifo = ifp->options; +- fqdn = ifo->fqdn; ++ switch(state->state) { ++ case DH6S_INIT: /* FALLTHROUGH */ ++ case DH6S_DISCOVER: ++ type = DHCP6_SOLICIT; ++ break; ++ case DH6S_REQUEST: ++ type = DHCP6_REQUEST; ++ break; ++ case DH6S_CONFIRM: ++ type = DHCP6_CONFIRM; ++ break; ++ case DH6S_REBIND: ++ type = DHCP6_REBIND; ++ break; ++ case DH6S_RENEW: ++ type = DHCP6_RENEW; ++ break; ++ case DH6S_INFORM: ++ type = DHCP6_INFORMATION_REQ; ++ break; ++ case DH6S_RELEASE: ++ type = DHCP6_RELEASE; ++ break; ++ case DH6S_DECLINE: ++ type = DHCP6_DECLINE; ++ break; ++ default: ++ errno = EINVAL; ++ return -1; ++ } ++ ++ /* RFC 4704 Section 5 says we can only send FQDN for these ++ * message types. */ ++ switch(type) { ++ case DHCP6_SOLICIT: ++ case DHCP6_REQUEST: ++ case DHCP6_RENEW: ++ case DHCP6_REBIND: ++ fqdn = ifo->fqdn; ++ break; ++ default: ++ fqdn = FQDN_DISABLE; ++ break; ++ } + + if (fqdn == FQDN_DISABLE && ifo->options & DHCPCD_HOSTNAME) { + /* We're sending the DHCPv4 hostname option, so send FQDN as +@@ -823,37 +865,6 @@ dhcp6_makemessage(struct interface *ifp) + } + + switch(state->state) { +- case DH6S_INIT: /* FALLTHROUGH */ +- case DH6S_DISCOVER: +- type = DHCP6_SOLICIT; +- break; +- case DH6S_REQUEST: +- type = DHCP6_REQUEST; +- break; +- case DH6S_CONFIRM: +- type = DHCP6_CONFIRM; +- break; +- case DH6S_REBIND: +- type = DHCP6_REBIND; +- break; +- case DH6S_RENEW: +- type = DHCP6_RENEW; +- break; +- case DH6S_INFORM: +- type = DHCP6_INFORMATION_REQ; +- break; +- case DH6S_RELEASE: +- type = DHCP6_RELEASE; +- break; +- case DH6S_DECLINE: +- type = DHCP6_DECLINE; +- break; +- default: +- errno = EINVAL; +- return -1; +- } +- +- switch(state->state) { + case DH6S_REQUEST: /* FALLTHROUGH */ + case DH6S_RENEW: /* FALLTHROUGH */ + case DH6S_RELEASE: +-- +1.7.1 + + |