From 2f1515e5297b004d6288ed10ab2f7bec002510be Mon Sep 17 00:00:00 2001
From: Jiri Popelka <jpopelka@redhat.com>
Date: Apr 06 2011 18:33:31 +0000
Subject: Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)


---

diff --git a/dhcp-4.2.1-P1-CVE-2011-0997.patch b/dhcp-4.2.1-P1-CVE-2011-0997.patch
new file mode 100644
index 0000000..1a0243c
--- /dev/null
+++ b/dhcp-4.2.1-P1-CVE-2011-0997.patch
@@ -0,0 +1,16 @@
+diff -up dhcp-4.2.1-P1/client/dhclient.c.CVE-2011-0997 dhcp-4.2.1-P1/client/dhclient.c
+--- dhcp-4.2.1-P1/client/dhclient.c.CVE-2011-0997	2011-04-06 20:21:43.000000000 +0200
++++ dhcp-4.2.1-P1/client/dhclient.c	2011-04-06 20:22:31.000000000 +0200
+@@ -4545,11 +4545,11 @@ static int check_option_values(struct un
+ 	if ((universe == NULL) || (universe == &dhcp_universe)) {
+ 		switch(opt) {
+ 		      case DHO_HOST_NAME:
+-		      case DHO_DOMAIN_NAME:
+ 		      case DHO_NIS_DOMAIN:
+ 		      case DHO_NETBIOS_SCOPE:
+ 			return check_domain_name(ptr, len, 0);
+ 			break;
++		      case DHO_DOMAIN_NAME: /* accept a list for compatibiliy */
+ 		      case DHO_DOMAIN_SEARCH:
+ 			return check_domain_name_list(ptr, len, 0);
+ 			break;
diff --git a/dhcp.spec b/dhcp.spec
index 632d0a0..0b0702f 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -16,7 +16,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.2.1
-Release:  4.%{patchver}%{?dist}
+Release:  5.%{patchver}%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -68,6 +68,7 @@ Patch28:  dhcp-4.2.0-noprefixavail.patch
 Patch29:  dhcp420-rh637017.patch
 Patch30:  dhcp420-sharedlib.patch
 Patch31:  dhcp-4.2.0-PPP.patch
+Patch32:  dhcp-4.2.1-P1-CVE-2011-0997.patch
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -297,6 +298,9 @@ rm bind/bind.tar.gz
 # DHCPv6 over PPP support (#626514)
 %patch31 -p1 -b .PPP
 
+# Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
+%patch32 -p1 -b .CVE-2011-0997
+
 # Copy in the Fedora/RHEL dhclient script
 %{__install} -p -m 0755 %{SOURCE4} client/scripts/linux
 %{__install} -p -m 0644 %{SOURCE5} .
@@ -630,6 +634,9 @@ fi
 %attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
 
 %changelog
+* Wed Apr 06 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.1-5.P1
+- Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
+
 * Wed Apr 06 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.1-4.P1
 - 4.2.1-P1: fix for CVE-2011-0997 (#694005)