[AUTOPATCHER-CORE] Upgrade dhcp to 4.4.3 Fix for CVE-2022-2928 and CVE-2022-2929 (#8880)

2024-04-25 07:23:23 -07:00 · 2024-04-25 07:23:23 -07:00 · f09667a9c6
--- a/SPECS/dhcp/CVE-2021-25217.patch
+++ b/SPECS/dhcp/CVE-2021-25217.patch
@ -1,30 +0,0 @@
-diff --git a/common/parse.c b/common/parse.c
-index 386a6321..fc7b39c6 100644
--- a/common/parse.c
-+++ b/common/parse.c
-@@ -3,7 +3,7 @@
-    Common parser code for dhcpd and dhclient. */
- 
- /*
- * Copyright (c) 2004-2019 by Internet Systems Consortium, Inc. ("ISC")
-+ * Copyright (c) 2004-2021 by Internet Systems Consortium, Inc. ("ISC")
-  * Copyright (c) 1995-2003 by Internet Software Consortium
-  *
-  * This Source Code Form is subject to the terms of the Mozilla Public
-@@ -5556,13 +5556,14 @@ int parse_X (cfile, buf, max)
- 				skip_to_semi (cfile);
- 				return 0;
- 			}
-			convert_num (cfile, &buf [len], val, 16, 8);
-			if (len++ > max) {
-+			if (len >= max) {
- 				parse_warn (cfile,
- 					    "hexadecimal constant too long.");
- 				skip_to_semi (cfile);
- 				return 0;
- 			}
-+			convert_num (cfile, &buf [len], val, 16, 8);
-+			len++;
- 			token = peek_token (&val, (unsigned *)0, cfile);
- 			if (token == COLON)
- 				token = next_token (&val,
--- a/SPECS/dhcp/dhcp.signatures.json
+++ b/SPECS/dhcp/dhcp.signatures.json
@ -1,5 +1,5 @@
 {
- "Signatures": {
-  "dhcp-4.4.2.tar.gz": "1a7ccd64a16e5e68f7b5e0f527fd07240a2892ea53fe245620f4f5f607004521"
- }
-}
+  "Signatures": {
+    "dhcp-4.4.3.tar.gz": "0e3ec6b4c2a05ec0148874bcd999a66d05518378d77421f607fb0bc9d0135818"
+  }
+}
--- a/SPECS/dhcp/dhcp.spec
+++ b/SPECS/dhcp/dhcp.spec
@ -1,11 +1,10 @@
 Summary:        Dynamic host configuration protocol
 Name:           dhcp
-Version:        4.4.2
-Release:        6%{?dist}
+Version:        4.4.3
+Release:        1%{?dist}
 License:        MPLv2.0
 Url:            https://www.isc.org/dhcp/
 Source0:        ftp://ftp.isc.org/isc/dhcp/%{version}/%{name}-%{version}.tar.gz
-Patch1:         CVE-2021-25217.patch
 Group:          System Environment/Base
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@ -170,6 +169,9 @@ mkdir -p %{buildroot}%{_localstatedir}/lib/dhclient/
 %{_mandir}/man8/dhclient.8.gz

 %changelog
+* Tue Apr 23 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 4.4.3-1
+- Auto-upgrade to 4.4.3 - Fix for CVE-2022-2928 and CVE-2022-2929
+
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 4.4.2-6
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)

--- a/cgmanifest.json
+++ b/cgmanifest.json
@ -2588,8 +2588,8 @@
        "type": "other",
        "other": {
          "name": "dhcp",
-          "version": "4.4.2",
-          "downloadUrl": "ftp://ftp.isc.org/isc/dhcp/4.4.2/dhcp-4.4.2.tar.gz"
+          "version": "4.4.3",
+          "downloadUrl": "ftp://ftp.isc.org/isc/dhcp/4.4.3/dhcp-4.4.3.tar.gz"
        }
      }
    },