[AUTOPATCHER-CORE] Upgrade dhcp to 4.4.3-P1 CVE-2022-2928, CVE-2022-2929 (#9436)

CBL-Mariner-Bot · osamaesmailmsft · web-flow · commit da61f9c8be13 · 2024-06-19T14:01:43.000-07:00
Co-authored-by: Osama Esmail &lt;osamaesmail@microsoft.com&gt;
diff --git a/SPECS/dhcp/dhcp.signatures.json b/SPECS/dhcp/dhcp.signatures.json
@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "dhcp-4.4.3.tar.gz": "0e3ec6b4c2a05ec0148874bcd999a66d05518378d77421f607fb0bc9d0135818"
+    "dhcp-4.4.3-P1.tar.gz": "0ac416bb55997ca8632174fd10737fd61cdb8dba2752160a335775bc21dc73c7"
   }
 }
diff --git a/SPECS/dhcp/dhcp.spec b/SPECS/dhcp/dhcp.spec
@@ -1,17 +1,13 @@
 Summary:        Dynamic host configuration protocol
 Name:           dhcp
-Version:        4.4.3
-Release:        3%{?dist}
+Version:        4.4.3.P1
+Release:        1%{?dist}
 License:        MPLv2.0
 Url:            https://www.isc.org/dhcp/
-Source0:        ftp://ftp.isc.org/isc/dhcp/%{version}/%{name}-%{version}.tar.gz
-Patch0:         CVE-2022-38177.patch
-Patch1:         CVE-2022-38178.patch
-Patch2:         CVE-2022-2795.patch
-Patch3:         CVE-2023-2828.patch
+Source0:        https://downloads.isc.org/isc/dhcp/4.4.3-P1/dhcp-4.4.3-P1.tar.gz
 Group:          System Environment/Base
 Vendor:         Microsoft Corporation
-Distribution:   Mariner
+Distribution:   Azure Linux
 BuildRequires:  systemd
 %description
 The ISC DHCP package contains both the client and server programs for DHCP. dhclient (the client) is used for connecting to a network which uses DHCP to assign network addresses. dhcpd (the server) is used for assigning network addresses on private networks
@@ -42,15 +38,9 @@ The ISC DHCP Client, dhclient, provides a means for configuring one or more netw
 
 
 %prep
-%setup -q -n dhcp-%{version}
+%autosetup -p1 -n dhcp-4.4.3-P1
 
-# Extracting bundled 'bind' to allow some of the patches to modify it.
-tar -C bind -xf bind/bind.tar.gz
-ln -s bind/bind-9* bind_ln
-
-%autopatch -p1
-
-%build
+%build -n dhcp-4.4.3-P1
 CFLAGS="$CFLAGS \
         -D_PATH_DHCLIENT_SCRIPT='\"/sbin/dhclient-script\"' \
         -D_PATH_DHCPD_CONF='\"/etc/dhcp/dhcpd.conf\"' \
@@ -179,6 +169,10 @@ mkdir -p %{buildroot}%{_localstatedir}/lib/dhclient/
 %{_mandir}/man8/dhclient.8.gz
 
 %changelog
+* Wed Jun 19 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 4.4.3-P1-1
+- Auto-upgrade to 4.4.3-P1 - CVE-2022-2928, CVE-2022-2929
+- Updating spec to match 3.0
+
 * Wed May 29 2024 Sumedh Sharma <sumsharma@microsoft.com> - 4.4.3-3
 - Fix CVE-2023-2828
 
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -2608,8 +2608,8 @@
         "type": "other",
         "other": {
           "name": "dhcp",
-          "version": "4.4.3",
-          "downloadUrl": "ftp://ftp.isc.org/isc/dhcp/4.4.3/dhcp-4.4.3.tar.gz"
+          "version": "4.4.3.P1",
+          "downloadUrl": "https://downloads.isc.org/isc/dhcp/4.4.3-P1/dhcp-4.4.3-P1.tar.gz"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"Signatures": {`
`3`		`- "dhcp-4.4.3.tar.gz": "0e3ec6b4c2a05ec0148874bcd999a66d05518378d77421f607fb0bc9d0135818"`
	`3`	`+ "dhcp-4.4.3-P1.tar.gz": "0ac416bb55997ca8632174fd10737fd61cdb8dba2752160a335775bc21dc73c7"`
`4`	`4`	`}`
`5`	`5`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2608,8 +2608,8 @@`
`2608`	`2608`	`"type": "other",`
`2609`	`2609`	`"other": {`
`2610`	`2610`	`"name": "dhcp",`
`2611`		`- "version": "4.4.3",`
`2612`		`- "downloadUrl": "ftp://ftp.isc.org/isc/dhcp/4.4.3/dhcp-4.4.3.tar.gz"`
	`2611`	`+ "version": "4.4.3.P1",`
	`2612`	`+ "downloadUrl": "https://downloads.isc.org/isc/dhcp/4.4.3-P1/dhcp-4.4.3-P1.tar.gz"`
`2613`	`2613`	`}`
`2614`	`2614`	`}`
`2615`	`2615`	`},`