GitList

Browse code

Fix for systemd CVE-2017-9217

Change-Id: If56bf4e2e38d00b6e3afcc5594fc72be6f57a8ac
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3003
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Xiaolin Li <xiaolinl@vmware.com>

suezzelur authored on 2017/06/21 05:11:37
Showing 2 changed files

SPECS/systemd/systemd-233-CVE-2017-9217.patch index 0000000..8c3917d
SPECS/systemd/systemd.spec index dfbf4cd..6f2cca3 100644

SPECS/systemd/systemd-233-CVE-2017-9217.patch

History View file @ 24a4dad

                     new file mode 100644
@@ -0,0 +1,25 @@
                     +From a924f43f30f9c4acaf70618dd2a055f8b0f166be Mon Sep 17 00:00:00 2001
                     +From: Evgeny Vereshchagin <evvers@ya.ru>
                     +Date: Wed, 24 May 2017 08:56:48 +0300
                     +Subject: [PATCH] resolved: bugfix of null pointer p->question dereferencing
                     + (#6020)
+                    +
                     +See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
                     +---
                     + src/resolve/resolved-dns-packet.c | 3 +++
                     + 1 file changed, 3 insertions(+)
+                    +
                     +diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
                     +index 652970284e..240ee448f4 100644
                     +--- a/src/resolve/resolved-dns-packet.c
                     +@@ -2269,6 +2269,9 @@ int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
                     +         if (r < 0)
                     +                 return r;
+                    +
                     ++        if (!p->question)
                     ++                return 0;
                     ++
                     +         if (p->question->n_keys != 1)
                     +                 return 0;
+                    +

SPECS/systemd/systemd.spec

History View file @ 24a4dad

@@ -1,7 +1,7 @@
                      Summary:          Systemd-233
                      Name:             systemd
                      Version:          233
                     -Release:          1%{?dist}
                     +Release:          2%{?dist}
                      License:          LGPLv2+ and GPLv2+ and MIT
                      URL:              http://www.freedesktop.org/wiki/Software/systemd/
                      Group:            System Environment/Security
@@ -20,6 +20,7 @@ Patch3:           systemd-233-ipv6-disabled-fix.patch
                      Patch4:           systemd-233-default-dns-from-env.patch
                      Patch5:           systemd-macros.patch
                      Patch6:           systemd-233-resolv-conf-symlink.patch
                     +Patch7:           systemd-233-CVE-2017-9217.patch
                      Requires:         Linux-PAM
                      Requires:         libcap
@@ -75,6 +76,7 @@ sed -i "s:blkid/::" $(grep -rl "blkid/blkid.h")
                      %patch4 -p1
                      %patch5 -p1
                      %patch6 -p1
                     +%patch7 -p1
                      sed -i "s#\#DefaultTasksMax=512#DefaultTasksMax=infinity#g" src/core/system.conf
@@ -222,6 +224,8 @@ rm -rf %{buildroot}/*
                      %files lang -f %{name}.lang
                      %changelog
                     +*    Tue Jun 20 2017 Anish Swaminathan <anishs@vmware.com>  233-2
                     +-    Fix for CVE-2017-9217
                      *    Mon Mar 06 2017 Vinay Kulkarni <kulkarniv@vmware.com>  233-1
                      -    Update systemd to 233
                      *    Tue Jan 3 2017 Alexey Makhalov <amakhalov@vmware.com>  232-5