diff --git a/community/connman/APKBUILD b/community/connman/APKBUILD
index ba9eeac61b524659da75d334c9f2a5bf21b8fe6d..afb34c5ac7132bb42e39cafccc172c2dd4b429b6 100644
--- a/community/connman/APKBUILD
+++ b/community/connman/APKBUILD
@@ -1,8 +1,8 @@
# Maintainer: Clayton Craft <clayton@craftyguy.net>
# Contributor: Valery Kartel <valery.kartel@gmail.com>
pkgname=connman
-pkgver=1.38
-pkgrel=4
+pkgver=1.39
+pkgrel=0
pkgdesc="Daemon for managing internet connections"
url="https://01.org/connman"
arch="all"
@@ -13,10 +13,11 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-openrc"
source="https://www.kernel.org/pub/linux/network/connman/connman-$pkgver.tar.xz
libresolv.patch
connman.initd
- CVE-2021-26676.patch
"
# secfixes:
+# 1.39-r0:
+# - CVE-2021-26675
# 1.38-r4:
# - CVE-2021-26676
@@ -51,7 +52,6 @@ package() {
install -Dm755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
}
-sha512sums="9c8f77c4dd62763ccb9ea5cc5d285a8a1c51bb09a82eafc73246231557a4f627ae1e5e4a9df5e104457390ebba643349d7d67800a4ee4c17c6dceff192afe8d4 connman-1.38.tar.xz
+sha512sums="5bec2830971e34966a7a3a40c505b8a14cf6fa639262d4f1eaeb38f5e602d7a234f7d4f2c4919517b0832664382389e20a59fdb027753cd20059a23589de1764 connman-1.39.tar.xz
122b48fc9e25354e25ba3a3e0864bdd84da84457fed94aeea726bcb189b2f05f2cc361ae15f44af5c49bcee572e91e4c0488ef3b0bc79d20f6efe15853fb6b3a libresolv.patch
-b0676714b3952f38d50f3707c3ec72269902dd07f3cefc412c2720d91d02c9537f2823eb4ed5359650eaa64b9132cddba3abc15fd68542ff0870de653e023ed8 connman.initd
-a988206f4619d3b7dc83e910a00739059a2231fd26c7af114857f448d5d9279306ac074fc5d80dba35d5fa476d4f8e63de945b9f5dce33fa0c5c3d7e6d687684 CVE-2021-26676.patch"
+b0676714b3952f38d50f3707c3ec72269902dd07f3cefc412c2720d91d02c9537f2823eb4ed5359650eaa64b9132cddba3abc15fd68542ff0870de653e023ed8 connman.initd"
diff --git a/community/connman/CVE-2021-26676.patch b/community/connman/CVE-2021-26676.patch
deleted file mode 100644
index e992d1691f32100c978a561b18752e050a798d48..0000000000000000000000000000000000000000
--- a/community/connman/CVE-2021-26676.patch
+++ /dev/null
@@ -1,251 +0,0 @@
-From a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 Mon Sep 17 00:00:00 2001
-From: Colin Wee <cwee@tesla.com>
-Date: Thu, 28 Jan 2021 19:41:09 +0100
-Subject: gdhcp: Avoid leaking stack data via unitiialized variable
-
-Fixes: CVE-2021-26676
----
- gdhcp/client.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/gdhcp/client.c b/gdhcp/client.c
-index 6a5613e7..c7b85e58 100644
---- a/gdhcp/client.c
-+++ b/gdhcp/client.c
-@@ -2270,7 +2270,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
- {
- GDHCPClient *dhcp_client = user_data;
- struct sockaddr_in dst_addr = { 0 };
-- struct dhcp_packet packet;
-+ struct dhcp_packet packet = { 0 };
- struct dhcpv6_packet *packet6 = NULL;
- uint8_t *message_type = NULL, *client_id = NULL, *option,
- *server_id = NULL;
---
-cgit 1.2.3-1.el7
-
-From 58d397ba74873384aee449690a9070bacd5676fa Mon Sep 17 00:00:00 2001
-From: Colin Wee <cwee@tesla.com>
-Date: Thu, 28 Jan 2021 19:39:14 +0100
-Subject: gdhcp: Avoid reading invalid data in dhcp_get_option
-
----
- gdhcp/client.c | 20 +++++++++++---------
- gdhcp/common.c | 24 +++++++++++++++++++-----
- gdhcp/common.h | 2 +-
- gdhcp/server.c | 12 +++++++-----
- 4 files changed, 38 insertions(+), 20 deletions(-)
-
-diff --git a/gdhcp/client.c b/gdhcp/client.c
-index 09dfe5ec..6a5613e7 100644
---- a/gdhcp/client.c
-+++ b/gdhcp/client.c
-@@ -1629,12 +1629,12 @@ static void start_request(GDHCPClient *dhcp_client)
- NULL);
- }
-
--static uint32_t get_lease(struct dhcp_packet *packet)
-+static uint32_t get_lease(struct dhcp_packet *packet, uint16_t packet_len)
- {
- uint8_t *option;
- uint32_t lease_seconds;
-
-- option = dhcp_get_option(packet, DHCP_LEASE_TIME);
-+ option = dhcp_get_option(packet, packet_len, DHCP_LEASE_TIME);
- if (!option)
- return 3600;
-
-@@ -2226,7 +2226,8 @@ static void get_dhcpv6_request(GDHCPClient *dhcp_client,
- }
- }
-
--static void get_request(GDHCPClient *dhcp_client, struct dhcp_packet *packet)
-+static void get_request(GDHCPClient *dhcp_client, struct dhcp_packet *packet,
-+ uint16_t packet_len)
- {
- GDHCPOptionType type;
- GList *list, *value_list;
-@@ -2237,7 +2238,7 @@ static void get_request(GDHCPClient *dhcp_client, struct dhcp_packet *packet)
- for (list = dhcp_client->request_list; list; list = list->next) {
- code = (uint8_t) GPOINTER_TO_INT(list->data);
-
-- option = dhcp_get_option(packet, code);
-+ option = dhcp_get_option(packet, packet_len, code);
- if (!option) {
- g_hash_table_remove(dhcp_client->code_value_hash,
- GINT_TO_POINTER((int) code));
-@@ -2297,6 +2298,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
- re = dhcp_recv_l2_packet(&packet,
- dhcp_client->listener_sockfd,
- &dst_addr);
-+ pkt_len = (uint16_t)(unsigned int)re;
- xid = packet.xid;
- } else if (dhcp_client->listen_mode == L3) {
- if (dhcp_client->type == G_DHCP_IPV6) {
-@@ -2361,7 +2363,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
- dhcp_client->status_code = status;
- }
- } else {
-- message_type = dhcp_get_option(&packet, DHCP_MESSAGE_TYPE);
-+ message_type = dhcp_get_option(&packet, pkt_len, DHCP_MESSAGE_TYPE);
- if (!message_type)
- return TRUE;
- }
-@@ -2378,7 +2380,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
- dhcp_client->timeout = 0;
- dhcp_client->retry_times = 0;
-
-- option = dhcp_get_option(&packet, DHCP_SERVER_ID);
-+ option = dhcp_get_option(&packet, pkt_len, DHCP_SERVER_ID);
- dhcp_client->server_ip = get_be32(option);
- dhcp_client->requested_ip = ntohl(packet.yiaddr);
-
-@@ -2428,9 +2430,9 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
-
- remove_timeouts(dhcp_client);
-
-- dhcp_client->lease_seconds = get_lease(&packet);
-+ dhcp_client->lease_seconds = get_lease(&packet, pkt_len);
-
-- get_request(dhcp_client, &packet);
-+ get_request(dhcp_client, &packet, pkt_len);
-
- switch_listening_mode(dhcp_client, L_NONE);
-
-@@ -2438,7 +2440,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
- dhcp_client->assigned_ip = get_ip(packet.yiaddr);
-
- if (dhcp_client->state == REBOOTING) {
-- option = dhcp_get_option(&packet,
-+ option = dhcp_get_option(&packet, pkt_len,
- DHCP_SERVER_ID);
- dhcp_client->server_ip = get_be32(option);
- }
-diff --git a/gdhcp/common.c b/gdhcp/common.c
-index 1d667d17..c8916aa8 100644
---- a/gdhcp/common.c
-+++ b/gdhcp/common.c
-@@ -73,18 +73,21 @@ GDHCPOptionType dhcp_get_code_type(uint8_t code)
- return OPTION_UNKNOWN;
- }
-
--uint8_t *dhcp_get_option(struct dhcp_packet *packet, int code)
-+uint8_t *dhcp_get_option(struct dhcp_packet *packet, uint16_t packet_len, int code)
- {
- int len, rem;
-- uint8_t *optionptr;
-+ uint8_t *optionptr, *options_end;
-+ size_t options_len;
- uint8_t overload = 0;
-
- /* option bytes: [code][len][data1][data2]..[dataLEN] */
- optionptr = packet->options;
- rem = sizeof(packet->options);
-+ options_len = packet_len - (sizeof(*packet) - sizeof(packet->options));
-+ options_end = optionptr + options_len - 1;
-
- while (1) {
-- if (rem <= 0)
-+ if ((rem <= 0) && (optionptr + OPT_CODE > options_end))
- /* Bad packet, malformed option field */
- return NULL;
-
-@@ -115,14 +118,25 @@ uint8_t *dhcp_get_option(struct dhcp_packet *packet, int code)
- break;
- }
-
-+ if (optionptr + OPT_LEN > options_end) {
-+ /* bad packet, would read length field from OOB */
-+ return NULL;
-+ }
-+
- len = 2 + optionptr[OPT_LEN];
-
- rem -= len;
- if (rem < 0)
- continue; /* complain and return NULL */
-
-- if (optionptr[OPT_CODE] == code)
-- return optionptr + OPT_DATA;
-+ if (optionptr[OPT_CODE] == code) {
-+ if (optionptr + len > options_end) {
-+ /* bad packet, option length points OOB */
-+ return NULL;
-+ } else {
-+ return optionptr + OPT_DATA;
-+ }
-+ }
-
- if (optionptr[OPT_CODE] == DHCP_OPTION_OVERLOAD)
- overload |= optionptr[OPT_DATA];
-diff --git a/gdhcp/common.h b/gdhcp/common.h
-index 9660231c..8f63fd75 100644
---- a/gdhcp/common.h
-+++ b/gdhcp/common.h
-@@ -179,7 +179,7 @@ struct in6_pktinfo {
- };
- #endif
-
--uint8_t *dhcp_get_option(struct dhcp_packet *packet, int code);
-+uint8_t *dhcp_get_option(struct dhcp_packet *packet, uint16_t packet_len, int code);
- uint8_t *dhcpv6_get_option(struct dhcpv6_packet *packet, uint16_t pkt_len,
- int code, uint16_t *option_len, int *option_count);
- uint8_t *dhcpv6_get_sub_option(unsigned char *option, uint16_t max_len,
-diff --git a/gdhcp/server.c b/gdhcp/server.c
-index 85405f19..52ea2a55 100644
---- a/gdhcp/server.c
-+++ b/gdhcp/server.c
-@@ -413,7 +413,7 @@ error:
- }
-
-
--static uint8_t check_packet_type(struct dhcp_packet *packet)
-+static uint8_t check_packet_type(struct dhcp_packet *packet, uint16_t packet_len)
- {
- uint8_t *type;
-
-@@ -423,7 +423,7 @@ static uint8_t check_packet_type(struct dhcp_packet *packet)
- if (packet->op != BOOTREQUEST)
- return 0;
-
-- type = dhcp_get_option(packet, DHCP_MESSAGE_TYPE);
-+ type = dhcp_get_option(packet, packet_len, DHCP_MESSAGE_TYPE);
-
- if (!type)
- return 0;
-@@ -651,6 +651,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
- struct dhcp_lease *lease;
- uint32_t requested_nip = 0;
- uint8_t type, *server_id_option, *request_ip_option;
-+ uint16_t packet_len;
- int re;
-
- if (condition & (G_IO_NVAL | G_IO_ERR | G_IO_HUP)) {
-@@ -661,12 +662,13 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
- re = dhcp_recv_l3_packet(&packet, dhcp_server->listener_sockfd);
- if (re < 0)
- return TRUE;
-+ packet_len = (uint16_t)(unsigned int)re;
-
-- type = check_packet_type(&packet);
-+ type = check_packet_type(&packet, packet_len);
- if (type == 0)
- return TRUE;
-
-- server_id_option = dhcp_get_option(&packet, DHCP_SERVER_ID);
-+ server_id_option = dhcp_get_option(&packet, packet_len, DHCP_SERVER_ID);
- if (server_id_option) {
- uint32_t server_nid =
- get_unaligned((const uint32_t *) server_id_option);
-@@ -675,7 +677,7 @@ static gboolean listener_event(GIOChannel *channel, GIOCondition condition,
- return TRUE;
- }
-
-- request_ip_option = dhcp_get_option(&packet, DHCP_REQUESTED_IP);
-+ request_ip_option = dhcp_get_option(&packet, packet_len, DHCP_REQUESTED_IP);
- if (request_ip_option)
- requested_nip = get_be32(request_ip_option);
-
---
-cgit 1.2.3-1.el7
-