Projects
Mega:24.09
unbound
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 3
View file
_service:tar_scm:unbound.spec
Changed
@@ -2,7 +2,7 @@ Name: unbound Version: 1.17.1 -Release: 6 +Release: 9 Summary: Unbound is a validating, recursive, caching DNS resolver License: BSD-3-Clause Url: https://nlnetlabs.nl/projects/unbound/about/ @@ -28,6 +28,11 @@ Patch5: backport-pre-CVE-2024-33655-Fix-possibly-unaligned-memory-access-in-parse_edns_options_from_query.patch Patch6: backport-pre-CVE-2024-33655-Fix-out-of-bounds-read-in-parse_edns_options_from_query.patch Patch7: backport-CVE-2024-33655.patch +Patch8: backport-CVE-2024-43167.patch +Patch9: backport-001-CVE-2024-43168.patch +Patch10: backport-002-CVE-2024-43168.patch +Patch11: backport-003-CVE-2024-43168.patch +Patch12: backport-004-CVE-2024-43168.patch BuildRequires: make flex swig pkgconfig systemd BuildRequires: libevent-devel expat-devel openssl-devel python3-devel @@ -264,6 +269,24 @@ %{_mandir}/man* %changelog +* Thu Aug 29 2024 gaihuiying <eaglegai@163.com> - 1.17.1-9 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:correct cve number + +* Mon Aug 26 2024 gaihuiying <eaglegai@163.com> - 1.17.1-8 +- Type:cves +- CVE:CVE-2024-43168 +- SUG:NA +- DESC:fix CVE-2024-43168 better + +* Mon Aug 19 2024 gaihuiying <eaglegai@163.com> - 1.17.1-7 +- Type:cves +- CVE:CVE-2024-43167 CVE-2024-43168 +- SUG:NA +- DESC:fix CVE-2024-43167 CVE-2024-43168 + * Mon Jun 24 2024 gaihuiying <eaglegai@163.com> - 1.17.1-6 - Type:bugfix - CVE:NA @@ -320,9 +343,9 @@ * Wed Aug 03 2022 yanglu <yanglu72@h-partners.com> - 1.13.2-5 - Type:cves -- CVE:CVE-2022-30689 CVE-2022-30699 +- CVE:CVE-2022-30698 CVE-2022-30699 - SUG:NA -- DESC:fix CVE-2022-30689 and CVE-2022-30699 +- DESC:fix CVE-2022-30698 and CVE-2022-30699 * Tue Aug 02 2022 gaihuiying <eaglegai@163.com> - 1.13.2-4 - Type:bugfix
View file
_service:tar_scm:backport-001-CVE-2024-43168.patch
Added
@@ -0,0 +1,28 @@ +From 193401e7543a1e561dd634a3eaae932fa462a2b9 Mon Sep 17 00:00:00 2001 +From: zhailiangliang <zhailiangliang@loongson.cn> +Date: Wed, 3 Apr 2024 15:40:58 +0800 +Subject: PATCH fix heap-buffer-overflow issue in function cfg_mark_ports of + file util/config_file.c + +--- + util/config_file.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/util/config_file.c b/util/config_file.c +index 26185da0..e7b2f195 100644 +--- a/util/config_file.c ++++ b/util/config_file.c +@@ -1761,6 +1761,10 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num) + #endif + if(!mid) { + int port = atoi(str); ++ if(port < 0) { ++ log_err("Prevent out-of-bounds access to array avail"); ++ return 0; ++ } + if(port == 0 && strcmp(str, "0") != 0) { + log_err("cannot parse port number '%s'", str); + return 0; +-- +2.33.0 +
View file
_service:tar_scm:backport-002-CVE-2024-43168.patch
Added
@@ -0,0 +1,56 @@ +From dfff8d23cf4145c58e5c1e99d4159d3a91a70ab7 Mon Sep 17 00:00:00 2001 +From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl> +Date: Wed, 3 Apr 2024 10:16:18 +0200 +Subject: PATCH - For #1040: adjust error text and disallow negative ports in + other parts of cfg_mark_ports. + +--- + util/config_file.c | 14 +++++++++++++- + 1 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/util/config_file.c b/util/config_file.c +index e7b2f195..74554286 100644 +--- a/util/config_file.c ++++ b/util/config_file.c +@@ -1762,7 +1762,7 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num) + if(!mid) { + int port = atoi(str); + if(port < 0) { +- log_err("Prevent out-of-bounds access to array avail"); ++ log_err("port number is negative: %d", port); + return 0; + } + if(port == 0 && strcmp(str, "0") != 0) { +@@ -1774,6 +1774,10 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num) + } else { + int i, low, high = atoi(mid+1); + char buf16; ++ if(high < 0) { ++ log_err("port number is negative: %d", high); ++ return 0; ++ } + if(high == 0 && strcmp(mid+1, "0") != 0) { + log_err("cannot parse port number '%s'", mid+1); + return 0; +@@ -1786,10 +1790,18 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num) + memcpy(buf, str, (size_t)(mid-str)); + bufmid-str = 0; + low = atoi(buf); ++ if(low < 0) { ++ log_err("port number is negative: %d", low); ++ return 0; ++ } + if(low == 0 && strcmp(buf, "0") != 0) { + log_err("cannot parse port number '%s'", buf); + return 0; + } ++ if(high > num) { ++ /* Stop very high values from taking a long time. */ ++ high = num; ++ } + for(i=low; i<=high; i++) { + if(i < num) + availi = (allow?i:0); +-- +2.33.0 +
View file
_service:tar_scm:backport-003-CVE-2024-43168.patch
Added
@@ -0,0 +1,135 @@ +From 4497e8a154f53cd5947a6ee5aa65cf99be57152e Mon Sep 17 00:00:00 2001 +From: zhailiangliang <zhailiangliang@loongson.cn> +Date: Tue, 7 May 2024 11:35:52 +0000 +Subject: PATCH Fix potential overflow bug while parsing port in function + cfg_mark_ports + +--- + util/config_file.c | 76 ++++++++++++++++++++++++++++++---------------- + 1 file changed, 50 insertions(+), 26 deletions(-) + +diff --git a/util/config_file.c b/util/config_file.c +index 2b67d4c1..4a3b7d77 100644 +--- a/util/config_file.c ++++ b/util/config_file.c +@@ -42,6 +42,7 @@ + #include "config.h" + #include <ctype.h> + #include <stdarg.h> ++#include <errno.h> + #ifdef HAVE_TIME_H + #include <time.h> + #endif +@@ -1772,6 +1773,38 @@ init_outgoing_availports(int* a, int num) + } + } + ++static int ++extract_port_from_str(const char* str, int max_port) { ++ char* endptr; ++ if (str == NULL || *str == '\0') { ++ log_err("str: '%s' is invalid", str); ++ return -1; ++ } ++ ++ long int value = strtol(str, &endptr, 10); ++ if ((endptr == str) || (*endptr != '\0')) { ++ log_err("cannot parse port number '%s'", str); ++ return -1; ++ } ++ ++ if (errno == ERANGE) { ++ log_err("overflow occurred when parsing '%s'", str); ++ return -1; ++ } ++ ++ if (value == 0 && strcmp(str, "0") != 0) { ++ log_err("cannot parse port number '%s'", str); ++ return -1; ++ } ++ ++ if (value < 0 || value >= max_port) { ++ log_err(" '%s' is out of bounds 0, %d)", str, max_port); ++ return -1; ++ } ++ ++ return (int)value; ++} ++ + int + cfg_mark_ports(const char* str, int allow, int* avail, int num) + { +@@ -1782,53 +1815,44 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num) + "options"); + #endif + if(!mid) { +- int port = atoi(str); +- if(port < 0) { +- log_err("port number is negative: %d", port); ++ int port = extract_port_from_str(str, num); ++ if (port < 0) { ++ log_err("Failed to parse the port number"); + return 0; + } +- if(port == 0 && strcmp(str, "0") != 0) { +- log_err("cannot parse port number '%s'", str); +- return 0; +- } +- if(port < num) +- availport = (allow?port:0); ++ availport = (allow?port:0); + } else { +- int i, low, high = atoi(mid+1); + char buf16; +- if(high < 0) { +- log_err("port number is negative: %d", high); +- return 0; +- } +- if(high == 0 && strcmp(mid+1, "0") != 0) { +- log_err("cannot parse port number '%s'", mid+1); ++ int i, low; ++ int high = extract_port_from_str(mid+1, num); ++ if (high < 0) { ++ log_err("Failed to parse the port number"); + return 0; + } ++ + if( (int)(mid-str)+1 >= (int)sizeof(buf) ) { + log_err("cannot parse port number '%s'", str); + return 0; + } ++ + if(mid > str) + memcpy(buf, str, (size_t)(mid-str)); + bufmid-str = 0; +- low = atoi(buf); +- if(low < 0) { +- log_err("port number is negative: %d", low); ++ low = extract_port_from_str(buf, num); ++ if (low < 0) { ++ log_err("Failed to parse the port number"); + return 0; + } +- if(low == 0 && strcmp(buf, "0") != 0) { +- log_err("cannot parse port number '%s'", buf); ++ ++ if (low > high) { ++ log_err("Low value is greater than high value"); + return 0; + } +- if(high > num) { +- /* Stop very high values from taking a long time. */ +- high = num; +- } ++ + for(i=low; i<=high; i++) { + if(i < num) + availi = (allow?i:0); + } +- return 1; + } + return 1; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-004-CVE-2024-43168.patch
Added
@@ -0,0 +1,44 @@ +From c085a53268940dfbb907cbaa7a690740b6c8210c Mon Sep 17 00:00:00 2001 +From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl> +Date: Tue, 7 May 2024 14:05:21 +0200 +Subject: PATCH - Fix for #1062: declaration before statement, avoid print of + null, and redundant check for array size. And changelog note for merge of + #1062. + +--- + util/config_file.c | 8 +++++--- + 1 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/util/config_file.c b/util/config_file.c +index 4a3b7d77..2ac6c468 100644 +--- a/util/config_file.c ++++ b/util/config_file.c +@@ -1776,12 +1776,13 @@ init_outgoing_availports(int* a, int num) + static int + extract_port_from_str(const char* str, int max_port) { + char* endptr; ++ long int value; + if (str == NULL || *str == '\0') { +- log_err("str: '%s' is invalid", str); ++ log_err("str: '%s' is invalid", (str?str:"NULL")); + return -1; + } + +- long int value = strtol(str, &endptr, 10); ++ value = strtol(str, &endptr, 10); + if ((endptr == str) || (*endptr != '\0')) { + log_err("cannot parse port number '%s'", str); + return -1; +@@ -1820,7 +1821,8 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num) + log_err("Failed to parse the port number"); + return 0; + } +- availport = (allow?port:0); ++ if(port < num) ++ availport = (allow?port:0); + } else { + char buf16; + int i, low; +-- +2.33.0 +
View file
_service:tar_scm:backport-CVE-2024-43167.patch
Added
@@ -0,0 +1,45 @@ +From 8e43e2574c4e02f79c562a061581cdcefe136912 Mon Sep 17 00:00:00 2001 +From: zhailiangliang <zhailiangliang@loongson.cn> +Date: Tue, 21 May 2024 08:40:16 +0000 +Subject: PATCH fix null pointer dereference issue in function ub_ctx_set_fwd + of file libunbound/libunbound.c + +--- + libunbound/libunbound.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c +index 17057ec6..3c895514 100644 +--- a/libunbound/libunbound.c ++++ b/libunbound/libunbound.c +@@ -981,7 +981,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) + if(!addr) { + /* disable fwd mode - the root stub should be first. */ + if(ctx->env->cfg->forwards && +- strcmp(ctx->env->cfg->forwards->name, ".") == 0) { ++ (ctx->env->cfg->forwards->name && ++ strcmp(ctx->env->cfg->forwards->name, ".") == 0)) { + s = ctx->env->cfg->forwards; + ctx->env->cfg->forwards = s->next; + s->next = NULL; +@@ -1001,7 +1002,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) + /* it parses, add root stub in front of list */ + lock_basic_lock(&ctx->cfglock); + if(!ctx->env->cfg->forwards || +- strcmp(ctx->env->cfg->forwards->name, ".") != 0) { ++ (ctx->env->cfg->forwards->name && ++ strcmp(ctx->env->cfg->forwards->name, ".") != 0)) { + s = calloc(1, sizeof(*s)); + if(!s) { + lock_basic_unlock(&ctx->cfglock); +@@ -1019,6 +1021,7 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) + ctx->env->cfg->forwards = s; + } else { + log_assert(ctx->env->cfg->forwards); ++ log_assert(ctx->env->cfg->forwards->name); + s = ctx->env->cfg->forwards; + } + dupl = strdup(addr); +-- +2.33.0 +
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2