mirror of
git://slackware.nl/current.git
synced 2025-01-14 08:01:11 +01:00
216e528496
a/cryptsetup-2.4.1-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.0-noarch-5.txz: Rebuilt.
Stop D-Bus after NFS partitions are unmounted to avoid a hang.
Thanks to vulcan59 and bassmadrigal.
ap/sudo-1.9.8p1-x86_64-1.txz: Upgraded.
l/fftw-3.3.10-x86_64-1.txz: Upgraded.
l/libxkbcommon-1.3.1-x86_64-1.txz: Upgraded.
l/pipewire-0.3.36-x86_64-1.txz: Upgraded.
n/dhcpcd-9.4.0-x86_64-2.txz: Rebuilt.
Applied upstream patch:
DHCP6: Only send FQDN for SOLICIT, REQUEST, RENEW, or REBIND messages.
Thanks to marav.
n/httpd-2.4.49-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]
core: ap_escape_quotes buffer overflow
mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]
core: null pointer dereference on malformed request
mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
(* Security fix *)
x/ibus-libpinyin-1.12.1-x86_64-1.txz: Upgraded.
x/libpinyin-2.6.1-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-91.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.1.1/releasenotes/
119 lines
2.6 KiB
Diff
119 lines
2.6 KiB
Diff
From 2fae4a113c3e736d585dd300ca6c8fddae300503 Mon Sep 17 00:00:00 2001
|
|
From: Roy Marples <roy@marples.name>
|
|
Date: Tue, 31 Aug 2021 10:57:44 +0100
|
|
Subject: [PATCH] DHCP6: Only send FQDN for SOLICIT, REQUEST, RENEW, or REBIND messages.
|
|
|
|
As per RFC 4704 section 5.
|
|
Fixes #44.
|
|
---
|
|
src/dhcp6.c | 79 +++++++++++++++++++++++++++++++++-------------------------
|
|
1 files changed, 45 insertions(+), 34 deletions(-)
|
|
|
|
diff --git a/src/dhcp6.c b/src/dhcp6.c
|
|
index f355418..9c818b3 100644
|
|
--- a/src/dhcp6.c
|
|
+++ b/src/dhcp6.c
|
|
@@ -637,7 +637,7 @@ dhcp6_makemessage(struct interface *ifp)
|
|
uint8_t type;
|
|
uint16_t si_len, uni_len, n_options;
|
|
uint8_t *o_lenp;
|
|
- struct if_options *ifo;
|
|
+ struct if_options *ifo = ifp->options;
|
|
const struct dhcp_opt *opt, *opt2;
|
|
const struct ipv6_addr *ap;
|
|
char hbuf[HOSTNAME_MAX_LEN + 1];
|
|
@@ -658,8 +658,50 @@ dhcp6_makemessage(struct interface *ifp)
|
|
state->send = NULL;
|
|
}
|
|
|
|
- ifo = ifp->options;
|
|
- fqdn = ifo->fqdn;
|
|
+ switch(state->state) {
|
|
+ case DH6S_INIT: /* FALLTHROUGH */
|
|
+ case DH6S_DISCOVER:
|
|
+ type = DHCP6_SOLICIT;
|
|
+ break;
|
|
+ case DH6S_REQUEST:
|
|
+ type = DHCP6_REQUEST;
|
|
+ break;
|
|
+ case DH6S_CONFIRM:
|
|
+ type = DHCP6_CONFIRM;
|
|
+ break;
|
|
+ case DH6S_REBIND:
|
|
+ type = DHCP6_REBIND;
|
|
+ break;
|
|
+ case DH6S_RENEW:
|
|
+ type = DHCP6_RENEW;
|
|
+ break;
|
|
+ case DH6S_INFORM:
|
|
+ type = DHCP6_INFORMATION_REQ;
|
|
+ break;
|
|
+ case DH6S_RELEASE:
|
|
+ type = DHCP6_RELEASE;
|
|
+ break;
|
|
+ case DH6S_DECLINE:
|
|
+ type = DHCP6_DECLINE;
|
|
+ break;
|
|
+ default:
|
|
+ errno = EINVAL;
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ /* RFC 4704 Section 5 says we can only send FQDN for these
|
|
+ * message types. */
|
|
+ switch(type) {
|
|
+ case DHCP6_SOLICIT:
|
|
+ case DHCP6_REQUEST:
|
|
+ case DHCP6_RENEW:
|
|
+ case DHCP6_REBIND:
|
|
+ fqdn = ifo->fqdn;
|
|
+ break;
|
|
+ default:
|
|
+ fqdn = FQDN_DISABLE;
|
|
+ break;
|
|
+ }
|
|
|
|
if (fqdn == FQDN_DISABLE && ifo->options & DHCPCD_HOSTNAME) {
|
|
/* We're sending the DHCPv4 hostname option, so send FQDN as
|
|
@@ -823,37 +865,6 @@ dhcp6_makemessage(struct interface *ifp)
|
|
}
|
|
|
|
switch(state->state) {
|
|
- case DH6S_INIT: /* FALLTHROUGH */
|
|
- case DH6S_DISCOVER:
|
|
- type = DHCP6_SOLICIT;
|
|
- break;
|
|
- case DH6S_REQUEST:
|
|
- type = DHCP6_REQUEST;
|
|
- break;
|
|
- case DH6S_CONFIRM:
|
|
- type = DHCP6_CONFIRM;
|
|
- break;
|
|
- case DH6S_REBIND:
|
|
- type = DHCP6_REBIND;
|
|
- break;
|
|
- case DH6S_RENEW:
|
|
- type = DHCP6_RENEW;
|
|
- break;
|
|
- case DH6S_INFORM:
|
|
- type = DHCP6_INFORMATION_REQ;
|
|
- break;
|
|
- case DH6S_RELEASE:
|
|
- type = DHCP6_RELEASE;
|
|
- break;
|
|
- case DH6S_DECLINE:
|
|
- type = DHCP6_DECLINE;
|
|
- break;
|
|
- default:
|
|
- errno = EINVAL;
|
|
- return -1;
|
|
- }
|
|
-
|
|
- switch(state->state) {
|
|
case DH6S_REQUEST: /* FALLTHROUGH */
|
|
case DH6S_RENEW: /* FALLTHROUGH */
|
|
case DH6S_RELEASE:
|
|
--
|
|
1.7.1
|
|
|
|
|