ALP-pool/dhcp
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
dhcp/dhcp.changes

3367 lines
151 KiB
Plaintext
Raw Permalink Normal View History

Sync from SUSE:ALP:Source:Standard:1.0 dhcp revision ce631c21fbafd7dce70b6b065fa59e54
2023-11-27 11:56:55 +01:00
-------------------------------------------------------------------
Thu Nov 2 13:53:11 UTC 2023 - Petr Vorel <pvorel@suse.cz>
- Remove dhclient-script (boo#1216822).
-------------------------------------------------------------------
Tue Dec 27 10:32:19 UTC 2022 - Ludwig Nussel <lnussel@suse.com>
- Replace transitional %usrmerged macro with regular version check (boo#1206798)
-------------------------------------------------------------------
Fri Dec 9 07:42:59 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
- Add /etc/sysconfig/network hierachy to server file list
-------------------------------------------------------------------
Thu Oct 27 15:30:26 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
- Use %_rundir
-------------------------------------------------------------------
Wed Oct 5 14:01:47 UTC 2022 - Reinhard Max <max@suse.com>
- bsc#1203988, CVE-2022-2928, dhcp-CVE-2022-2928.patch:
An option refcount overflow exists in dhcpd
- bsc#1203989, CVE-2022-2929, dhcp-CVE-2022-2929.patch:
DHCP memory leak
-------------------------------------------------------------------
Tue Apr 26 10:48:39 UTC 2022 - Reinhard Max <max@suse.com>
- bsc#1198657: properly handle DHCRELAY(6)_OPTIONS.
-------------------------------------------------------------------
Sat Apr 16 20:19:19 UTC 2022 - chris@computersalat.de
- Update dhcpd.service: After: network-online.target
* boo#826319: DHCP gets autostarted too early (network interface
not up yet - Systemd/LSB problem)
e.g. NM and bridged interface
-------------------------------------------------------------------
Tue Mar 15 07:45:51 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
- Require hostname binary, not package [bsc#1197087]
-------------------------------------------------------------------
Wed Jan 19 09:53:39 UTC 2022 - Manfred Schwarb <manfred99@gmx.ch>
- modify source if-up.d.dhcpd-restart-hook:
* fix option parsing
* do not call /usr/libexec/dhcp/dhcpd directly, use systemd for it
-------------------------------------------------------------------
Mon Jan 17 08:52:07 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Drop PrivateDevices and ProtectClock hardenings. They clash with
the chroot logic (bsc#1194722)
-------------------------------------------------------------------
Fri Jan 14 13:19:38 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
- Add now working CONFIG parameter to sysusers generator
-------------------------------------------------------------------
Tue Oct 26 11:58:59 UTC 2021 - Reinhard Max <max@suse.com>
- Add a fallback definition for %make_build to fix build on SLE-12.
- Handle sysusers with a bcond to improve readability and simplify
removal once we don't have to support SLE-12 anymore.
- bsc#1192020: Drop the obsolete dependency on "group(nogroup)".
-------------------------------------------------------------------
Mon Sep 13 13:50:50 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* dhcpd.service
* dhcpd6.service
* dhcrelay.service
* dhcrelay6.service
-------------------------------------------------------------------
Thu Aug 5 11:33:54 UTC 2021 - Reinhard Max <max@suse.com>
- bsc#1186249: Remove remaining references to /etc/init.d from
dhclient-script and if-up.d.dhcpd-restart-hook .
- Use , instead of - or / as a separator in sed when dealing with
path names.
-------------------------------------------------------------------
Mon May 31 09:24:51 UTC 2021 - Reinhard Max <max@suse.com>
- Add -fno-strict-aliasing to CFLAGS to avoid a segfault in dhcpd
(boo#1186631).
-------------------------------------------------------------------
Thu May 27 08:53:49 UTC 2021 - Reinhard Max <max@suse.com>
- Update to 4.4.2-P1:
* CVE-2021-25217, bsc#1186382: A buffer overrun in lease file
parsing code can be used to exploit a common vulnerability
shared by dhcpd and dhclient.
- Error out, if %version and %isc_version are not in sync.
-------------------------------------------------------------------
Sun Jan 24 13:20:58 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 4.4.2:
* Please note that that ISC DHCP is now licensed under the Mozilla Public
License, MPL 2.0.
In general, the areas of focus for ISC DHCP 4.4 were:
1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries
* Added the interface name to socket initialization failure log messages.
Prior to this the log messages stated only the error reason without
stating the target interface.
* Corrected buffer pointer logic in dhcrelay functions that manipulate
agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
& Mitigations for reporting the issue.
* Corrected unresolved symbol errors building relay_unittests when
configured to build using libtool.
* A new configuration parameter, ping-cltt-secs (v4 operation only), has
been added to allow the user to specify the number of seconds that must
elapse since CLTT before a ping check is conducted. Prior to this, the
value was hard coded at 60 seconds. Please see the server man pages for
a more detailed discussion.
* A new configuration parameter, ping-timeout-ms (v4 operation only),
has been added that allows the user to specify the amount of time
the server waits for a ping-check response in milliseconds rather
than in seconds (via ping-timeout). When greater than zero, the value
of ping-timeout-ms will override the value of ping-timeout. Thanks
to Jay Doran from Bluecat Networks for suggesting this feature.
* An experimental tool called, Keama (KEA Migration Assistant), which helps
translate ISC DHCP configurations to Kea configurations, is now included
in the distribution.
* Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
carried out over TCP rather than UDP. The coding error was exposed by
migration to BIND9 9.11. Thanks to Jinmei Tatuya at Infoblox for
reporting the issue.
* Bind9 now defaults to requiring python to build. The Makefile for
building Bind9 when bundled with ISC DHCP was modified to turn off
this dependency.
* Corrected a dual-stack mixed-mode issue that occurs when both
ddns-guard-id-must-match and ddns-other-guard-is-dynamic
are enabled and that caused the server to incorrectly interpret
the presence of a guard record belonging to another client as
a case of no guard record at all. Thanks to Fernando Soto
from BlueCat Networks for reporting this issue.
* Corrected a compilation issue that occurred when building without DNS
update ability (e.g. by undefining NSUPDATE).
* Corrected an issue that was causing the server, when running in
DHPCv4 mode, to segfault when class lease limits are reached.
Thanks to Peter Nagy at Porion-Digital for reporting the matter
and submitting a patch.
* Made minor changes to eliminate warnings when compiled with GCC 9.
Thanks to Brett Neumeier for bringing the matter to our attention.
* Fixed potential memory leaks in parser error message generation
spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195
* Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks
to Tommy Smith for contributing the patch.
* Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for
reporting the issue.
* Applied a patch from OpenBSD to always set the scope id of outbound
DHPCv6 packets. Note this change only applies when compiling under
OpenBSD. Thanks to Brad Smith at OpenBSD from bringing it to our
attention.
* Modified dhclient to not discard config file leases that are
duplicates of server-provided leases and to retain such leases
after they have been used as the fallback active lease and
DHCP service has been restored. This allows them to be used
more than once during the lifetime of a dhclient instance.
This applies to DHCPv4 operation only.
* Corrected a number of reference counter and zero-length buffer leaks.
Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for
pointing them out.
* Closed a small window of time between the installation of graceful
shutdown signal handlers and application context startup, during which
the receipt of shutdown signal would cause a REQUIRE() assertion to
occur. Note this issue is only visible when compiling with
ENABLE_GENTLE_SHUTDOWN defined.
* Corrected a buffer overflow that can occur when retrieving zone
names that are more than 255 characters in length.
* The "d" domain name option format was incorrectly handled as text
instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks
for reporting this issue.
* Improved the error message issued when a host declaration has both
a uid and a dhcp-client-identifier. Server configuration parsing will
now fail if a host declaration specifies more than one uid.
* Updated developer's documentation on building and running unit tests.
Removed support for --with-atf=bind as BIND9 no longer bundles in ATF
source.
* Fixed a syntax error in ldap.c which cropped up under Ubuntu
18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out.
* Added clarification to dhcp-options.5 section on ip-address values
describing the first-use DNS resolution of options with hostnames as
values (e.g. next-server).
* The option format for the server option omapi-key was changed to a
format type 'k' (key name); while server options ldap-port and
ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These
three options were inadvertantly broken when the 'd' format content
was changed to comply with RFC 1035 wire format (see Gitlab #2).
* A delayed-ack value of 0 (the default), now correctly disables the delayed
feature. A change in 4.4.0 prohibited lease updates marking leases active
from be written to the lease file when delayed-ack is 0. This in turn,
caused servers to lose active lease assignments upon restart.
! Option reference count was not correctly decremented in error path
when parsing buffer for options. Reported by Felix Wilhelm, Google
Security Team.
CVE: CVE-2018-5733
! Corrected an issue where large sized 'X/x' format options were causing
option handling logic to overwrite memory when expanding them to human
readable form. Reported by Felix Wilhelm, Google Security Team.
CVE: CVE-2018-5732
* Added use of new Bind9 compatibility header files, that are now necessary
to supply type definitions for primitive data types, removed from Bind9
proper. Altered util/bind.sh to pull from Bind9 repo on gitlab.
* Duplicate address detection when binding to a new IPv6 address was added
to the following dhclient scripts: linux,freebsd,netbsd,openbsd, and macos.
The scripts will check for DAD errors after binding to a new IPv6 address
for at most --dad-wait-time seconds. If a DAD error is detected the script
will exit with a value of 3, instructing dhclient to decline the address. If
dad-wait-time is zero (the default), DAD error checking is not peformed.
* Support for sending and receiving additional DHCP4 options has been added
to both the dhcpd and dhclient. Specifically: option codes 93,94, and 97
(RFC 4578); code 150 (RFC 5859); and codes 209,219, and 211 (RFC 5071).
Beyond configuring, sending, requesting, and receiving these options neither
server nor client apply any additional logic based on their values.
Thanks to Peter Lewis for requesting this change.
* Added clarifying text to dhcpd.conf.5 explaining the class match expressions
cannot rely on the results of executable statements.
* Fixed a bug which causes dhcpd and dhclient to crash on certain
systems when given relative path names for lease or pid files on
the command line. Affected systems are those on which the C library
function, realpath() does not support a second parameter value of
NULL (see manpages for realpath(3)).
* Fixed a build issue when building with embedded BIND9 under OpenBSD that
was causing BIND9 build to not generate dns/enumclass.h and dns/enumtype.h.
* Added <dhcp>/m4/README to the distribution tarball. Some versions of
ac_local() treat the absence of the m4 subdirectory as error rather than
warning. This was causing the call to autoreconf, necessary for building
with libtool, to fail.
* Added experimental support for relay port (draft-ietf-dhc-relay-port-10.txt)
feature for DHCPv4, DHCPv6 and DHCPv4-over-DHCPv6. Relay port has to be
enabled at compile time via --enable-relay-port and is fully backward
compatible (i.e. works with previous implementations of servers and relays
using the standard ports). A new --rp <relay-port> command line option
specifies to dhcrelay an alternate source port for upstream (i.e. toward
the server) messages. Thanks to Naiming Shen and Enke Chen of Cisco
systems for submitting these patches.
* Added --release-on-roam to dhcpd server. When enabled and the server detects
that a DHCPv6 client (IAID+DUID) has roamed to a new network, it will release
the pre-existing leases on the old network and emit a log statement similar
to the following:
"Client: <id> roamed to new network, releasing lease: <address>"
The server will carry out all of the same steps that would normally occur
when a client explicitly releases a lease. This behavior is disabled by
default and may only be specified globally. Prior to this the server renders
the leases unavailable until they expire or the server is restarted. Clients
that need leases in multiple networks must supply a unique IAID in each IA.
When release-on-roam is disabled (the default) the server maintains the
prior behavior of making such leases unavailable until they expire or the
server is restarted. Clients that need leases in multiple networks must
supply a unique IAID in each IA. This parameter may only be specified at
the global level. Thanks to Fernando Soto from BlueCat Networks for
suggesting this change.
* Support for delayed-ack is now compiled in by default. Prior to this
it had to be enabled at compile time via --enable-delayed-acks. The
default value for delayed-ack, however, has been changed from 28 to 0
(i.e. disabled). This was done to minimize the impact on users not
currently using the feature. Please note that the delayed-ack feature
is not currently compatible with support for DHPCv4-over-DHCPv6 so
when a 4to6 port command line argument enables this in the server the
delayed-ack value is reset to 0.
* Added to the server (-6) a new statement, local-address6, which specifies
the source address of packets sent by the server. An additional flag,
bind-local-address6, disabled by default, binds the service socket to
to local-address6. Note that bind-local-address does not work with direct
clients: a relay has to forward packets to the server using the
local-address6 destination.
* The server now recognizes environment variables PATH_DHCPD_DB and
PATH_DHCPD_PID. These had been incorrectly compiled out of the code
unless DHCPv6 support was disabled. Additionally, the server man
pages were corrected to accurately reflect how the server chooses
file names (see lease-file-name and pid-file-name statements). Thanks
to Fernando Soto at Bluecat Networks for bringing this matter to our
attention.
* Removed an "Impossible condition" error upon exit in the dhcpd server that
has been shutdown via OMAPI. This condition was only apparent under Solaris
when building with --enable-use-sockets and --enable-ipv4-pktinfo.
* Corrected some minor Coverity issues: CID 1426059, 1426058, and 1426057.
* Added missing text to dhclient.8 and expanded release note coverage
for --address-prefix-len changes.
- remove dhcp-CVE-2019-6470.patch,
0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch: merged upstream
- 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch
0009-dhcp-4.2.6-close-on-exec.patch
0016-infiniband-support.patch
0018-client-fail-on-script-pre-init-error-bsc-912098.patch
0021-dhcp-ip-family-symlinks.patch: refresh against newer code base
- build with --enable-log-pid (log pid) and enable-binary-leases (faster
binary looup for large leases files)
-------------------------------------------------------------------
Tue Nov 17 13:56:54 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
- prepare usrmerge (boo#1029961)
-------------------------------------------------------------------
Wed Oct 21 17:06:32 UTC 2020 - Reinhard Max <max@suse.com>
- Complete the /var/run -> /run migration by renaming
/var/lib/dhcp/var/run accordingly (boo#1177951).
-------------------------------------------------------------------
Thu Sep 17 14:55:25 UTC 2020 - Reinhard Max <max@suse.com>
- Don't create dhclient.leases in %post. It affects transactional
updates and the files don't need to pre-exist (boo#1129951).
-------------------------------------------------------------------
Thu Sep 3 13:52:57 UTC 2020 - Franck Bui <fbui@suse.com>
- Drop dependency on insserv-compat
It was required to call the rc_status helpers from the sysvinit
scripts. These scripts are supposed to be called by systemd, which
has its own mechanism to report service status.
Please note that this package still needs to be converted to ship
proper systemd units.
-------------------------------------------------------------------
Thu Sep 3 12:56:11 UTC 2020 - Franck Bui <fbui@suse.com>
- /var/run is legacy -> /run should be used instead
-------------------------------------------------------------------
Mon Jun 29 07:11:52 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- The server package still requires insserv-compat: the .service
files only call out to legacy sysv init scripts that are still
sourcing /etc/rc.status (boo#1173440).
-------------------------------------------------------------------
Tue Jun 23 15:22:00 UTC 2020 - Cristian Rodríguez <crrodriguez@opensuse.org>
- insserv is not required anymore
-------------------------------------------------------------------
Thu Jun 11 15:46:50 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
- Fixes for %_libexecdir changing to /usr/libexec
-------------------------------------------------------------------
Wed Apr 15 06:32:20 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Use sysusers.d instead of shadow
-------------------------------------------------------------------
Mon Mar 2 17:26:39 UTC 2020 - Reinhard Max <max@suse.com>
- Add -fcommon to CFLAGS to fix build with gcc10 (boo#1160262).
-------------------------------------------------------------------
Wed Jan 22 06:12:51 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Change remaining systemd requires to weak dependencies, too.
- Don't require net-tools with SLE15 or newer, it does not contain
anything anymore we need
- Get ride of coreutils dependency
-------------------------------------------------------------------
Tue Oct 15 15:18:59 UTC 2019 - Reinhard Max <max@suse.com>
- bsc#1134078, CVE-2019-6470, dhcp-CVE-2019-6470.patch:
DHCPv6 server crashes regularly.
- Add compile option --enable-secs-byteorder to avoid duplicate
lease warnings [bsc#1089524].
-------------------------------------------------------------------
Wed Oct 2 16:50:48 CEST 2019 - kukuk@suse.de
- Make systemd a weak dependency as we don't want that in a container
-------------------------------------------------------------------
Wed Aug 28 12:38:32 UTC 2019 - Reinhard Max <max@suse.com>
- bsc#1136572: Use IPv6 when called as dhclient6, dhcpd6, and
dhcrelay6 (0021-dhcp-ip-family-symlinks.patch).
-------------------------------------------------------------------
Thu Aug 8 12:19:53 UTC 2019 - Dirk Mueller <dmueller@suse.com>
- dhclient-script: replace host(1) with getent, which is more
lightweight (part of glibc and does not pull in bind-utils)
-------------------------------------------------------------------
Fri Aug 2 06:58:43 UTC 2019 - Martin Liška <mliska@suse.cz>
- Use FAT LTO objects in order to provide proper static library.
-------------------------------------------------------------------
Thu Jul 11 18:13:36 UTC 2019 - Antoine Belvire <antoine.belvire@opensuse.org>
- Remove SuSEfirewall2 services since SuSEfirewall2 has been
replaced by firewalld (which already provides a service for
dhcp).
-------------------------------------------------------------------
Fri May 10 09:06:07 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
- Add workaround to require insserv-compat until the package is
converted to full systemd units (boo#1133632).
-------------------------------------------------------------------
Fri Feb 22 07:04:56 UTC 2019 - Franck Bui <fbui@suse.com>
- Drop use of $FIRST_ARG in .spec
The use of $FIRST_ARG was probably required because of the
%service_* rpm macros were playing tricks with the shell positional
parameters. This is bad practice and error prones so let's assume
that no macros should do that anymore and hence it's safe to assume
that positional parameters remains unchanged after any rpm macro
call.
-------------------------------------------------------------------
Mon Jan 21 13:33:47 UTC 2019 - Jonathan Brielmaier <jbrielmaier@suse.de>
- Remove wrong path to documentation in the description of the
server package
-------------------------------------------------------------------
Tue Jun 5 08:57:34 UTC 2018 - tchvatal@suse.com
- Drop doc subpackage as we do not build on < SLE12 anyway so it
evaluated always as true
- Do not condition flags settings for codestreams that we are no
longer building for
- Use %license macro for license as mandated by new TW requirements
-------------------------------------------------------------------
Mon Jun 4 19:53:43 UTC 2018 - tchvatal@suse.com
- Format with spec-cleaner (automatic, remove FIXMEs)
- Use getent to detect created user prior doing it again
- Drop ldapcasa as it evaluates as false on all current products
- Drop ldap conditional as it is always true
-------------------------------------------------------------------
Mon Jun 4 19:46:20 UTC 2018 - tchvatal@suse.com
- Kill omc configs wrt fate#301838
-------------------------------------------------------------------
Thu Mar 8 13:15:16 UTC 2018 - max@suse.com
- Update to dhcp-4.3.6-P1:
* CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
* CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
* Plugged a socket descriptor leak in OMAPI
* The server now allows the client identifier (option 61) to own
leases in more than one subnet concurrently [ISC-Bugs #41358].
* When replying to a DHCPINFORM, the server will now include
options specified at the pool scope, provided the ciaddr field
of the DHCPINFORM is populated.
[ISC-Bugs #43219] [ISC-Bugs #45051].
* When memory allocation fails in a repeated way the process
writes "Run out of memory." on the standard error and exists
with status 1 [ISC-Bugs #32744].
* The new lmdb (Lightning Memory DataBase) bind9 configure
option is now disabled by default to avoid the presence of
this library to be detected which can lead to a link failure.
[ISC-Bugs #45069]
* The linux interface discovery code has been modified to use
getifaddrs() as is done for BSD and OS-X.
[ISC-Bugs #28761] and others.
* Fixed a bug in OMAPI that causes omshell to crash when a
name-value pair with a zero length value is shipped in an
object [ISC-Bugs #29108].
* On 64-bit platforms, dhclient now generates the correct value
for the script environment variable, "expiry", the lease
expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
* Common timer logic was modified to cap the maximum timeout
values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
* DHCP6 FQDN option unpacking code now correctly handles values
that contain spaces, special, or non-printable characters.
[ISC-Bugs #43592]
* When running in -6 mode, dhclient can enforce the require
option statement and will discard offered leases that do not
contain all the required options specified in the client
configuration [ISC-Bugs #41473].
* Altered DHCPv4 lease time calculation to avoid roll over
errors on 64-bit OS systems when using -1 or large values
for default-lease-time [ISC-Bugs #41976],
* Added --dad-wait-time parameter to dhclient [ISC-Bugs #36169].
* The server nows checks both the address and length of a
prefix delegation when attempting to match it to a prefix
pool [ISC-Bugs #35378].
* Modified DDNS support initialization such that DNS related
ports will only be opened by the server (dhcpd) at startup
if ddns-update-style is not "none"; by dhclient only if and
when the it first attempts an update; and never by dhcrelay.
[ISC-Bugs #45290] [ISC-Bugs #33377]
* Added error logging to two memory allocation failure checks.
[ISC-Bugs #41185]
* Corrected a dhclient -6 issue that caused the client to crash
with an "Impossible condition" error after de-preferencing its
only IA binding [ISC-Bugs #44373].
* By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h,
dhclient will now call the script with reason set to FAIL when
run with -1 (one try) and there are no server responses.
[ISC-bugs #18183]
* The server now detects failover peers that are not referenced
in at least one pool when run with the command line option for
test mode, -T [ISC-Bugs #29892].
* Linux script updated [ISC-bugs #19430] [ISC-bugs #18111].
* Changed severity of the log message indicating UDP checksum
errors in the received packets from 'info' to 'debug'.
[ISC-bugs #41757]
* Corrected a bug which could cause the server to sporadically
crash while loading lease files with the lease-id-format is
set to "hex" [ISC-Bugs #43185].
- Obsoleted patches:
* 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch
* 0019-dhcp-4.2.4-P1-interval.patch
* 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
* 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch
-------------------------------------------------------------------
Fri Jan 19 12:16:47 CET 2018 - ndas@suse.de
- Optimized if and when DNS client context and ports
are initted (bsc#1073935)
[+0022-Optimized-if-and-when-DNS-client-context-and-ports.patch]
-------------------------------------------------------------------
Tue Jan 16 16:15:45 CET 2018 - ndas@suse.de
- Plugs a socket descriptor leak in OMAPI(bsc#1076119, CVE-2017-3144)
[ +0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch]
-------------------------------------------------------------------
Fri Jan 5 07:30:46 UTC 2018 - obs@botter.cc
- add PIDFile= setting to dhcrelay.service, without this systemd
stops the service immediately after starting
-------------------------------------------------------------------
Wed Dec 13 15:52:25 UTC 2017 - mchandras@suse.de
- Drop old sysvinit support from the spec file. All the supported
openSUSE distributions are systemd based so there isn't much point
in keeping sysvinit support and files around.
-------------------------------------------------------------------
Thu Nov 23 13:49:18 UTC 2017 - rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
-------------------------------------------------------------------
Fri Jul 14 09:48:25 UTC 2017 - dimstar@opensuse.org
- Replace net-tools Requires in dhcp-client with hostname on
suse_version >= 1330 (CODE15): net-tools does no longer provide
any tool referenced by dhclient-script, but we require hostname
(which is also a dependency to net-tools, thus hiding the issue).
-------------------------------------------------------------------
Thu Jul 13 12:27:59 UTC 2017 - bwiedemann@suse.com
- use .gz year instead of current one to make build reproducible
-------------------------------------------------------------------
Thu Jul 6 16:17:18 CEST 2017 - ndas@suse.de
- fixed a typo in nis-servers option name breaking the config file introduced
in previous change to workaround issues in NetworkManager parser.
- Update to dhcp-4.3.5
- Corrected a bug which could cause the server to sporadically crash while
loading lease files with the lease-id-format is set to "hex". Our thanks
to Jay Ford, University of Iowa for reporting the issue.
[ISC-Bugs #43185]
- Eliminated a noisy, but otherwise harmless debug log statment that may
appear during server startup when building with --enable-binary-leases
and configuring multiple pools in a shared network. Thanks to Fernando
Soto from BlueCat Networks for reporting the issue and supplying a patch.
[ISC-Bugs #43262]
- Fixed util/bindvar.sh error handling.
[ISC-Bugs #41973]
- Correct error message in relay to use remote id length instead
of circuit id length.
[ISC-Bugs #42556]
- Add logic to test directory Makefiles to avoid copying Attfile(s)
when building within the source tree. This eliminates a noisy but
otherwise harmless error message when running "make check".
[ISC-Bugs #41883]
- Leases are now scrubbed of certain prior use information when pool
re-balancing reassigns them from one FO peer to the other. This
corrects an issue where leases that were offered but not used
by the client retained the client hostname from the original
client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University
for reporting the issue.
[ISC-Bugs #42008]
- In the LDAP code and schema add some missing '6' characters to use
the v6 instead of the v4 versions. Thanks to Denis Taranushin for
reporting this issue and supplying its patch.
[ISC-Bugs #42666]
- Correct how the pick-first-value expression is written to a lease
file. Previously it was written as a concat expression due to
a cut and paste error.
[ISC-Bugs #42253]
- Modify the DDNS code to clean up the PTR record even if there
are issues while cleaning up the A or AAAA records.
[ISC-Bugs #23954]
- Added global configuration parameter, abandon-lease-time, which determines
the amount of time a lease remains abandoned. The default is 84600 seconds.
Additionaly, the server now conducts a ping check (if ping checks are
enabled) prior to offering an abandoned lease to client. Our thanks to
David Zych at University of Illinois for reporting the issue and working
with us to produce a viable solution.
[ISC-Bugs #41815]
- Correct handling of interface names during interface discovery. This
addresses an issue where interface names of 15 characters in length
could lead to crashes or interface recognition errors during startup
of dhcpd, dhclient, and dhcrelay.
[ISC-Bugs #42226]
- Updates to contrib/dhcp-lease-list.pl to make it more friendly.
The updates are: looking for the lease file in more places and skipping
the "processing complete" output when creating machine readable
output. Thanks to Cameron Paine (cbp at null dot net) for the
patch.
[ISC-Bugs #42113]
- When reusing a lease for dhcp-cache-threshold return the hostname
to the original lease. Also if the host pointer, UID or hardware address
change don't allow reuse of the lease.
Thanks to Michael Vincent for reporting this and helping us
verify the problem and fix.
[ISC-Bugs #42849]
- Change dmalloc to use a size_t as the length argument to bring it
in line with the call it will make to malloc().
[ISC-Bugs #40843]
- If the failover socket can't be bound, close it. Otherwise if the
user configures an incorrect address in the failover stanza the
server will continue to open new sockets every 90 seconds until
it runs out.
[ISC-Bugs #42452]
- Add DHCPv4-mode, dhcrelay command line options, "-iu" and "-id", that
allow interfaces to be upstream or downstream respectively. Upstream
interfaces will accept and forward only BOOTP replies, while downstream
interfaces will accept and forward only BOOTP requests.
[ISC-Bugs #41547]
- Clean up some memory references in the vendor-class construct.
[ISC-Bugs #42984]
[*0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch,
*0011-Fixed-linux-interface-discovery-using-getifaddrs.patch,
*0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
*0016-infiniband-support.patch,
*0017-server-no-success-report-before-send.919959.patch]
-------------------------------------------------------------------
Mon Jul 3 09:08:32 UTC 2017 - zaitor@opensuse.org
- Set all requested dhcp options on a single line, so they are
actually requested (boo#1046969, boo#1047004).
-------------------------------------------------------------------
Mon Mar 13 23:53:20 CET 2017 - ndas@suse.de
- Relax permission of dhclient-script for libguestfs(bsc#987170)
-------------------------------------------------------------------
Fri Feb 10 22:49:38 CET 2017 - kukuk@suse.de
- Require insserv only if needed
- Fix requires of client subpackage
-------------------------------------------------------------------
Thu Aug 4 08:25:28 UTC 2016 - ralf.habacker@freenet.de
- Add config file for registering dhcp server in slp (bsc#992072)
-------------------------------------------------------------------
Thu May 19 10:37:25 UTC 2016 - mchandras@suse.de
- Use /usr/sbin/arping instead of /sbin/arping in the dhcp scripts.
/sbin/arping is a symlink to /usr/sbin/arping in order to ease the
transition for the /usr merge. Newest releases of iputils may only
install utilities in /usr/* so this dependency will no longer be valid.
Moreover, we replace the '/sbin/arping' dependency with 'iputils'.
-------------------------------------------------------------------
Tue Jan 26 17:16:45 CET 2016 - ndas@suse.de
- Update to dhcp-4.3.3-P1 correcting bounds checking when
receiving a packet (bsc#961305,CVE-2015-8605,ISC-Bugs#41267).
- adjusted interval check.
[*0019-dhcp-4.2.4-P1-interval.patch]
- Fixed improper lease duration checking. Also added fixes for integer
overflows in the date and time handling code(bsc#936923, bsc#880984).
[+0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch]
- fixed service files to start dhcpd after slapd (bsc#956159)
- dhclient-script: complain in the log about conflicts, added
a see log messages to the dhclient log message (bsc#960506)
[* 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
-------------------------------------------------------------------
Tue Oct 13 12:59:00 UTC 2015 - mt@suse.de
- Applied a patch by Jiri Popelka catching dhcp server aborts with
"Unable to set up timer: out of range" on very long or infinite
timer intervals / lease lifetimes (bsc#947780)
[+ 0019-dhcp-4.2.4-P1-interval.patch]
- Corrected patch references in and a missed (bsc#919959) patch
description in previous changelog entry.
-------------------------------------------------------------------
Mon Sep 14 14:39:34 UTC 2015 - mt@suse.de
- Update to dhcp-4.3.3 (fate#319067) provinding many bug fixes,
features and obsoletes several patches we were using before.
For complete changelog, please read the RELNOTES file shipped
along with this package or online at:
https://kb.isc.org/article/AA-01297/82/DHCP-4.3.3-Release-Notes.html
- Replaced hostname patch with a dhcpv6 and fqdn aware variant:
[- 0006-dhcp-4.2.5-dhclient-send-hostname-rml.patch,
+ 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch]
- Removed obsolete patches included upstream now:
[- 0007-dhcp-4.2.6-ldap-mt01.patch,
- 0009-dhcp-4.2.6-xen-checksum.patch,
- 0013-dhcp-4.2.3-P1-dhclient-log-pid.patch,
- 0015-Ignore-SIGPIPE-to-not-die-in-socket-code.patch,
- 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch,
- 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch,
- 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch,
- 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch,
- 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch,
- 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch,
- 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Adjusted patch numbers in the spec file:
[- 0008-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch,
- 0010-dhcp-4.2.2-dhclient-option-checks.patch,
- 0011-dhcp-4.2.6-close-on-exec.patch,
- 0012-dhcp-4.2.2-quiet-dhclient.patch,
- 0014-Fixed-linux-interface-discovery-using-getifaddrs.patch,
- 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch,
- 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
+ 0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch,
+ 0008-dhcp-4.2.2-dhclient-option-checks.patch,
+ 0009-dhcp-4.2.6-close-on-exec.patch,
+ 0010-dhcp-4.2.2-quiet-dhclient.patch,
+ 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch,
+ 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch,
+ 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch]
- Fixed to not pass DHCPv6 address lifetimes a positive (unsigned
32bit) integers to scripts and properly format timestamps as long
to not break them on 64bit architectures (bsc#926159).
[+ 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch]
- dhclient: expose next-server DHCPv4 option to script (bsc#928390)
[+ 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch]
- Replaced infiniband support patch with fixed variant (bsc#910984):
[- 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch,
- 0018-dhcp-4.2.6-improved-xid.patch,
- 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch,
+ 0016-infiniband-support.patch]
- Moved dhcp-devel package include files and static libraries
to /usr/include/dhcp and /usr/lib/dhcp subdirectories.
DHCP requires a specific bind library version and conflicts
with the files shipped by bind-devel package, which is not
source and binary compatible (bsc#910686).
- Corrected changes to provide complete patch file references.
- Fixed server to not report success before send (bsc#919959)
[+ 0017-server-no-success-report-before-send.919959.patch]
- Fixed dhclient to check pre-init results reported by dhclient-script
and fail if pre-init fails for a requested interface (bsc#912098).
[+ 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
-------------------------------------------------------------------
Tue Feb 3 18:37:59 UTC 2015 - coolo@suse.com
- do not check scripts not in the src.rpm
-------------------------------------------------------------------
Wed Dec 10 12:52:03 UTC 2014 - mt@suse.de
- Applied fix by Jiri Slaby to not crash in interface discovery
when the interface address is NULL, which has been introduced
by the infiniband support patch (bsc#909189,bsc#870535).
[+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch]
-------------------------------------------------------------------
Tue Dec 09 19:25:00 UTC 2014 - Led <ledest@gmail.com>
- fix bashisms in dhcprelay script
-------------------------------------------------------------------
Thu Nov 20 11:43:07 UTC 2014 - mt@suse.de
- Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to
reorder config to add all global options or option declarations
to the dhcpService object instead to create new service object
(bsc#886094,ISC-Bugs#37876).
[+ 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch]
- Applied an upstream patch by Thomas Markwalder adding missed
mapping of SHA TSIG algorithm names to their constants to enable
hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512
authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947).
[+ 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch]
- Decline IPv6 addresses on Duplicate Address Detection failure
and stop client message exchanges on reached MRD rather than
at some point after it. Applied fedora patches by Jiri Popelka
and added DAD reporting via exit 3 to the dhclient-script and
a fix to use correct address variables in the DEPREF6 action
(bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238).
[+ 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
+ 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch]
- Applied backport patch by William Preston avoiding to bind ddns
socket in the server when ddns-update-style is none (bsc#891655).
[+ 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script
fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409])
[+ 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch]
- Updated licence statement and FSF address in our scripts.
- Added missed service_add_pre macro calls for dhcrelay services
-------------------------------------------------------------------
Fri Nov 14 09:18:33 UTC 2014 - dimstar@opensuse.org
- No longer perform gpg validation; osc source_validator does it
implicit:
+ Drop gpg-offline BuildRequires.
+ No longer execute gpg_verify.
-------------------------------------------------------------------
Wed Sep 3 01:48:48 CEST 2014 - ro@suse.de
- sanitize release line in specfile
-------------------------------------------------------------------
Mon Aug 18 07:39:11 UTC 2014 - mt@suse.de
- Disabled /sbin/service legacy-action hooks on openSUSE <= 13.1,
which does not support it and causes build failure (bnc#891961).
-------------------------------------------------------------------
Fri Jul 18 11:13:40 UTC 2014 - mt@suse.de
- Fixed to require iproute2 in dhcp-client package (bnc#885399)
- Disarmed dhclient-script when wicked is the network service,
as wicked is using an another dhcp client (runtime conflict),
NetworkManager an own script and sysconfig-network is gone on
sles12 and opensuse > 13.1, so it is obsolete and unsupported.
-------------------------------------------------------------------
Tue Jun 10 02:42:32 UTC 2014 - mt@suse.de
- Fixed /etc/sysconfig/dhcpd fillup in dhcp server post-install.
- Fixed dhcp server start script to use correct libdir (bnc#868250)
- Fixed dhcp server to chown leases to run user at start (bnc#868253)
[+ 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch]
- Fixed to write missed dhcp-ldap debug level messages (bnc#835818)
[+ 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch]
- Fixed unsupported dhclient-script used by sysconfig ifup to provide
a function to calculate netmask. NetworkManager provides an own one.
-------------------------------------------------------------------
Wed May 21 08:34:07 UTC 2014 - jsegitz@novell.com
- added necessary macros for systemd files
-------------------------------------------------------------------
Thu Apr 24 08:24:38 UTC 2014 - dmueller@suse.com
- remove gpg-offline dependency (blocks rebuilds) as checking
is already done by source validator
-------------------------------------------------------------------
Fri Mar 28 18:53:28 UTC 2014 - mt@suse.de
- Applied fixes for DHCP over IPoIB by Mellanox (bnc#870535)
[+ 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch,
+ 0018-dhcp-4.2.6-improved-xid.patch]
-------------------------------------------------------------------
Mon Mar 17 16:19:58 UTC 2014 - mt@suse.com
- Added support for custom for rcdhcpd[6] check-syntax,check-lease
and syntax-check actions (bnc#868713).
-------------------------------------------------------------------
Mon Feb 10 17:52:15 UTC 2014 - mt@suse.com
- Initially switched to use systemd service files under systemd
and enabled Restart=on-abort (fate#315133).
- Update to ISC dhcp-4.2.6 release. See RELNOTES file for the
complete list of changes -- digest of fixes not in dhcp-4.2.5:
- Tidy up receive packet processing.
Thanks to Brad Plank of GTA for reporting the issue and
suggesting a possible patch. [ISC-Bugs #34447]
- Fix the socket handling for DHCPv6 clients to allow multiple
instances of a client on a single machine to work properly.
Previously only one client would receive the packets.
Thanks to Jiri Popelka at Red Hat for the bug report and a
potential patch. [ISC-Bugs #34784]
- Added support for gentle shutdown after signal is received.
[ISC-Bugs #32692] [ISC-Bugs 34945]
- Enhance the DHCPv6 server logging to include the addresses
that are assigned to the clients. This can be enabled by
defining LOG_V6_ADDRESSES in site.h. [ISC-Bugs #26377]
- Fix an operation in the DDNS code to be a bitwise instead
of logical or. [ISC-Bugs #35138]
- Merged patches for dhcp-4.2.6 version to apply without fuzzy,
prepended patch number prefixes to match spec file patch nr,
added patch markup tags / bug numbers to the spec file.
- Applied contrib-lease-path pach to contrib.tar.gz
[- contrib-lease-path.diff]
- Changed to require automake and use its config.sub and guess
files instead of maintaining a patch.
[- config-guess-sub-update.patch]
- Enabled to log DHCPv6 addresses assigned by server to clients
[+ 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch]
- Cleaned up documentation, rpmlint adjustments.
-------------------------------------------------------------------
Fri Jan 10 12:05:22 UTC 2014 - mt@suse.com
- Test if /etc/sysconfig/network/scripts/functions exists before
sourcing it (fate#316768,bnc#856591).
-------------------------------------------------------------------
Mon Nov 18 09:40:55 UTC 2013 - mt@suse.com
- Fixed path to systemctl in dhclient-script (bnc#847778).
-------------------------------------------------------------------
Fri Sep 27 15:16:26 UTC 2013 - mt@suse.com
- Added /etc/bindresvport.blacklist to dhcp server chroot file
lists as it seems to block its start in some cases (bnc#842360).
-------------------------------------------------------------------
Tue Sep 10 13:04:10 UTC 2013 - mt@suse.com
- Fixed to reload syslog on hostname changes using systemctl as
there is no /etc/init.d/syslog script since syslog-service-2.0
(bnc#830467).
-------------------------------------------------------------------
Fri Apr 26 09:27:19 UTC 2013 - mmeister@suse.com
- Added autoreconf -i option to fix build for the new automake
-------------------------------------------------------------------
Tue Apr 2 09:16:44 UTC 2013 - mt@suse.com
- Install missed bind include files and libraries in dhcp-devel;
conflicts to bind-devel providing different versions (bnc#805162).
-------------------------------------------------------------------
Thu Mar 28 07:39:53 UTC 2013 - mt@suse.com
- Use manual patch command for config-guess-sub-update.patch
again as patch macro does not work on older distributions.
-------------------------------------------------------------------
Wed Mar 27 13:20:43 UTC 2013 - mt@suse.com
- Update to ISC dhcp-4.2.5-P1 release, which contains updated
bind-9.8.4-P2 sources with removed regex.h check in configure
(bnc#811934, CVE-2013-2266).
- Changed spec make the bind export library build output visible.
-------------------------------------------------------------------
Tue Mar 12 15:17:19 UTC 2013 - mt@suse.com
- Added dhcp6-server service template for SuSEfirewall2 (bnc#783002)
-------------------------------------------------------------------
Sun Mar 3 21:54:38 UTC 2013 - schwab@suse.de
- config-guess-sub-update.patch:
Update config.guess/sub for aarch64
-------------------------------------------------------------------
Fri Jan 11 10:54:28 UTC 2013 - mt@suse.com
- Update to ISC dhcp-4.2.5 release. See RELNOTES file for the
complete list of changes -- digest of fixes not in dhcp-4.2.4-P2:
- Correct code to calculate rebind timing values in client
[ISC-Bugs #29062]
- Fix some issues in the code for parsing and printing options.
[ISC-Bugs #22625,#27289,#27296,#27314]
- Update the memory leakage debug code to work with v6.
[ISC-Bugs #30297]
- Relax the requirements for deleting an A or AAAA record.
This relaxation was codified in RFC 4703. [ISC-Bugs #30734]
- Modify the failover code to handle incorrect peer names better.
[ISC-Bugs #30320]
- Fix a set of issues that were discovered via a code inspection
tool. [ISC-Bugs #23833]
- Parsing unquoted base64 strings improved. [ISC-Bugs #23048]
- The client now passes information about the options it requested
from the server to the script code via environment variables.
These variables are of the form requested_<option_name>=1 with
the option name being the same as used in the new_* and old_*
variables. [ISC-Bugs #29068]
- Check the status value when trying to read from a connection to
see if it may have been closed. If it appears closed don't try
to read from it again. This avoids a potential busy-wait like
loop when the peer names are mismatched. [ISC-Bugs #31231]
- Remove an unused variable to keep compilers happy.
[ISC-Bugs #31983]
- Removed obsolete parsing and printing option patch
[dhcp-4.2.4-parsing-and-printing-options.patch]
- Merged dhcp-4.2.2-dhclient-send-hostname-rml.diff
[dhcp-4.2.5-dhclient-send-hostname-rml.patch]
- Fixed discovery of interfaces, which have only addresses with
a label assigned (linux 2.0 "alias interfaces" compatibility)
by switching to use the getifaddrs() as on BSD (bnc#791289,
reported upstream as [ISC-Bugs #31992]).
[dhcp-4.2.4-interface-discovery-using-getifaddrs.patch]
- Applied a patch to ignore SIGPIPE instead to die in socket code
before the errno==EPIPE checks are reached (bnc#794578, upstream
report [ISC-Bugs #32222])
[dhcp-4.2.4-P2-do-not-die-on-sigpipe.patch]
- Updated ldap patch to 4.2.5-ldap-mt01 providing following fixes:
- Fixed parse buffer handling code to not avoid truncation of
config > ~8k from bigger ldap objects. Fixed to free the ldap
config buffer passed to the config parser and append new config,
while the parser is in saved state (bnc#788787).
- Fixed subclass name-ref and data quoting/escaping (bnc#788787).
- Fixed memory leaks on ldap_read_config errors (bnc#788787).
- Fixed a memleak while subnet range processing, fixed to reset
bufix variable in ldap_read_function to 0 and to set buflen to
the complete length (do not discard last character, usually \n).
This caused a parsing error at further run of the function,
e.g. while processing the second dhcpService container that the
dhcpServer object may refer to (bnc#784640).
[dhcp-4.2.5-ldap-mt01.patch.bz2]
- Fixed dhclient-script to discard MTU lower-equal 576 rather
than lower-than (bnc#791280).
- Verify GPG source archive signatures.
-------------------------------------------------------------------
Thu Sep 20 12:26:53 UTC 2012 - mt@suse.com
- Update to ISC dhcp-4.2.4-P2 release, providing a security fix for
an issue with the use of lease times was found and fixed. Making
certain changes to the end time of an IPv6 lease could cause the
server to abort. Thanks to Glen Eustace of Massey University,
New Zealand for finding this issue.
([ISC-Bugs #30281], CVE: CVE-2012-3955, bnc#780167)
-------------------------------------------------------------------
Wed Jul 25 18:13:59 UTC 2012 - mt@suse.com
- Update to ISC dhcp-4.2.4-P1 release, providing following security
fixes (bnc#772924):
- Previously the server code was relaxed to allow packets with zero
length client ids to be processed. Under some situations use of
zero length client ids can cause the server to go into an infinite
loop. As such ids are not valid according to RFC 2132 section 9.14
the server no longer accepts them. Client ids with a length of 1
are also invalid but the server still accepts them in order to
minimize disruption. The restriction will likely be tightened in
the future to disallow ids with a length of 1.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29851] CVE: CVE-2012-3571
- When attempting to convert a DUID from a client id option
into a hardware address handle unexpected client ids properly.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29852] CVE: CVE-2012-3570
- A pair of memory leaks were found and fixed. Thanks to Glen
Eustace of Massey University, New Zealand for finding this issue.
[ISC-Bugs #30024] CVE: CVE-2012-3954
- Moved lease file check to a separate action so it is not used in
restart -- it can fail when the daemon rewrites the lease causing
a restart failure then (bnc#762108 regression).
- Request dhcp6.sntp-servers in /etc/dhclient6.conf and forward to
netconfig for processing (bnc#770236).
- Removed RFC 4833 TZ options from client requests [unused].
-------------------------------------------------------------------
Tue Jun 19 06:40:03 UTC 2012 - mt@suse.com
- Update to ISC dhcp-4.2.4 release, fixing a dhcpv6 server assert
crash while accessing lease on heap (bnc#767661) and providing
the following fixes:
- Rotate the lease file when running in v6 mode.
Thanks to Christoph Moench-Tegeder at Astaro for the
report and the first version of the patch. [ISC-Bugs #24887]
- Fixed the code that checks if an address the server is planning
to hand out is in a reserved range. This would appear as the
server being out of addresses in pools with particular ranges.
[ISC-Bugs #26498]
- In the DDNS code handle error conditions more gracefully and
add more logging code. The major change is to handle unexpected
cancel events from the DNS client code. [ISC-Bugs #26287]
- Tidy up the receive calls and eliminate the need for found_pkt.
[ISC-Bugs #25066]
- Add support for Infiniband over sockets to the server and
relay code. We've tested this on Solaris and hope to expand
support for Infiniband in the future. This patch also corrects
some issues we found in the socket code. [ISC-Bugs #24245]
- Add a compile time check for the presence of the noreturn attribute
and use it for log_fatal if it's available. This will help code
checking programs to eliminate false positives. [ISC-Bugs #27539]
- Fixed many compilation problems ("set, but not used" warnings) for
gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588]
- Modify the code that determines if an outstanding DDNS request
should be cancelled. This patch results in cancelling the
outstanding request less often. It fixes the problem caused
by a client doing a release where the TXT and PTR records
weren't removed from the DNS. [ISC-BUGS #27858]
- Use offsetof() instead of sizeof() to get the sizes for
dhcpv6_relay_packet and dhcpv6_packet in several more places.
Thanks to a report from Bruno Verstuyft and Vincent Demaertelaere
of Excentis. [ISC-Bugs #27941]
- Remove outdated note in the description of the bootp keyword about
the option not satisfying the requirement of failover peers for
denying dynamic bootp clients. [ISC-bugs #28574]
- Multiple items to clean up IPv6 address processing. When processing
an IA that we've seen check to see if the addresses are usable
(not in use by somebody else) before handing it out.
When reading in leases from the file discard expired addresses.
When picking an address for a client include the IA ID in
addition to the client ID to generally pick different addresses
for different IAs. [ISC-Bugs #23138] [ISC-Bugs #27945]
[ISC-Bugs #25586] [ISC-Bugs #27684]
- Remove unnecessary checks in the lease query code and clean up
several compiler issues (some dereferences of NULL and treating
an int as a boolean). [ISC-Bugs #26203]
- Fix the NA and PD allocation code to handle the case where a client
provides a preference and the server doesn't have any addresses or
prefixes available. Previoulsy the server ignored the request with
this patch it replies with a NoAddrsAvail or NoPrefixAvail response.
By default the code performs according to the errata of August 2010
for RFC 3315 section 17.2.2; to enable the previous style see the
section on RFC3315_PRE_ERRATA_2010_08 in includes/site.h.
This option may be removed in the future. Thanks to Jiri Popelka at
Red Hat for the patch. [ISC-Bugs #22676]
- Fix up some issues found by static analysis. A potential memory leak
and NULL dereference in omapi. The use of a boolean test instead of
a bitwise test in dst. [ISC-Bugs #28941]
- Replaced our patches with a complete and upstream verified patch:
- Fix some issues in the code for parsing and printing options.
[ISC-Bugs #27314] - properly parse a zero length option from
a lease file.
[ISC-Bugs #22796] - properly determine if we parsed a 16 or
32 bit value in evaluate_numeric_expression (extract-int).
[ISC-Bugs #22625] - properly print options that have several
fields followed by an array of something for example "fIa"
[ISC-Bugs #27289] - properly parse options in declarations
that have several fields followed by an array of something
for example "fIa"
This patch obsoletes the following (bnc#739696) patches:
- dhclient: parse_option_param: Bad format a
- zero-length option lease parse error in dhclient6
- Merged ldap and options check patches for the new version
- Fixed dhcp-server init script to check syntax and fail while
force-reload and restart to avoid stopping of running daemon
followed by start failure (bnc#762108). Added libgcc_s.so to
chroot, so the server can report assert/crash line.
-------------------------------------------------------------------
Wed Mar 28 15:06:47 UTC 2012 - mt@suse.com
- Added RFC 4833 TimeZone PosixString and Name declarations to
server and client configs [not used yet].
-------------------------------------------------------------------
Mon Mar 19 09:37:52 UTC 2012 - mt@suse.com
- dhcp-server: fixed to escape all values used in constructed
ldap filters as a DN may contain e.g. asterisks (bnc#721829,
[ISC-Bugs #28545]).
-------------------------------------------------------------------
Fri Jan 13 15:26:43 UTC 2012 - mt@suse.com
- Updated to ISC dhcp-4.2.3-P2 release, providing a DDNS security fix:
Modify the DDNS handling code. In a previous patch we added logging
code to the DDNS handling. This code included a bug that caused it
to attempt to dereference a NULL pointer and eventually segfault.
While reviewing the code as we addressed this problem, we determined
that some of the updates to the lease structures would not work as
planned since the structures being updated were in the process of
being freed: these updates were removed. In addition we removed an
incorrect call to the DDNS removal function that could cause a failure
during the removal of DDNS information from the DNS server.
Thanks to Jasper Jongmans for reporting this issue.
([ISC-Bugs #27078], CVE: CVE-2011-4868, bnc#741239)
- Fixed close-on-exec patch to not set it on stderr (bnc#732910)
- Fixed incorrect "a" array type option parsing causing to discard
e.g. classless static routes from lease file [reported as ISC-Bug
27289] and zero-length option parsing such as dhcp6.rapid-commit
in dhclient6 [reported as ISC-Bug 27314] (bnc#739696).
- Fixed dhclient to include its pid number in syslog messages.
- Fixed to use P2 in the spec version, not in the release tag.
-------------------------------------------------------------------
Fri Dec 9 13:40:53 UTC 2011 - mt@suse.com
- Updated to ISC dhcp-4.2.3-P1 release, providing security fix for
a DoS due to processing certain regular expressions (bnc#735610)
and several important DDNS related fixes:
* Add a check for a null pointer before calling the regexec function.
Without out this check we could, under some circumstances, pass
a null pointer to the regexec function causing it to segfault.
Thanks to a report from BlueCat Networks. [ISC-Bugs #26704]
CVE-2011-4539.
* Fix the code that checks for an existing DDNS transaction to
cancel when removing DDNS information, so that we will continue
with the processing if we have a lease even if it doesn't have an
outstanding transaction. [ISC-Bugs #24682]
* Add AM_MAINTAINER_MODE to configure.ac to avoid rebuilding
configuration files. [ISC-Bugs #24107]
* Add support for passing DDNS information to a DNS server over
an IPv6 address. [ISC-Bugs #22647]
* Enhanced patch for 23595 to handle IPv4 fixed addresses more
cleanly. [ISC-Bugs #23595]
- Refreshed ldap patch
-------------------------------------------------------------------
Fri Sep 30 20:07:54 UTC 2011 - coolo@suse.com
- add libtool as buildrequire to make the spec file more reliable
-------------------------------------------------------------------
Tue Sep 6 14:27:51 UTC 2011 - mt@suse.com
- Commented out all configuration examples in /etc/dhcpd.conf and
dhcp6.conf (bnc#715473).
- Enabled dhcp6.rapid-commit in /etc/dhclient6.conf config file.
- Removed useless provides/obsoletes from spec file.
-------------------------------------------------------------------
Wed Aug 31 08:42:12 UTC 2011 - mt@suse.com
- Set the DHCPD_CONF_INCLUDE_FILES and the DHCPD6_CONF_INCLUDE_FILES
variables to /etc/dhcpd.d and /etc/dhcpd6.d by default, so there
are well-defined directories expected to contain additional config
files (bnc#690585).
-------------------------------------------------------------------
Mon Aug 29 15:15:44 UTC 2011 - mt@suse.de
- Updated to ISC dhcp-4.2.2 release, providing two security fixes
(CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that
allowed remote attackers to cause a denial of service (a daemon
exit) via crafted BOOTP packets. Further also DNS update fix to
detect overlapping pools or misconfigured fixed-address entries,
that caused a server crash during DNS update and other fixes.
For a complete list, please see the RELNOTES file provided in
the package and also available online at http://www.isc.org/.
- Merged/adopted dhclient option-checks, send-hostname-rml, ldap
patch, xen-checksum, close-on-exec patches and removed obsolete
in6_pktinfo-prototype and relay-no-ip-on-interface patches.
- Moved server pid files into chroot directory even chroot is
not used and create a link in /var/run, so it can write one
when started as user without chroot and avoid stop problems
when the chroot sysconfig setting changed (bnc#712438).
- Disabled log-info level messages in dhclient(6) quiet mode to
avoid excessive logging of non-critical messages (bnc#711420).
- Fixed dhclient-script to not remove alias IP when it didn't
changed to not wipe out iptables connmark when renewing the
lease (bnc#700771). Thanks to James Carter for the patch.
- Fixed DDNS-howto.txt reference in the config file; it has been
moved to the dhcp-doc package (bnc#697279).
- Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz
to ensure, they're not used to build non-GPL dhcp (bnc#714004).
- Changed to apply strict-aliasing/RELRO for >= 12.x only
-------------------------------------------------------------------
Wed Jul 20 18:53:07 UTC 2011 - crrodriguez@opensuse.org
- Correct previous change.
-------------------------------------------------------------------
Wed Jul 20 04:45:40 UTC 2011 - crrodriguez@opensuse.org
- THis is a long running network daemon, link with
full RELRO security enhancements.
- remove -fno-strict-aliasing from CFLAGS, no longer needed.
-------------------------------------------------------------------
Tue May 17 03:58:24 UTC 2011 - crrodriguez@opensuse.org
- Import redhat's patch to open all needed FDs with O_CLOEXEC
so they dont leak.
-------------------------------------------------------------------
Thu May 12 08:39:03 UTC 2011 - mt@suse.de
- Removed obsolete sles8 compatibility dependencies, fixed
to avoid non-functional sles_version conditionals.
-------------------------------------------------------------------
Tue May 10 11:48:57 UTC 2011 - mt@suse.de
- Fixed to not introduce separate dhcp-doc package on sles,
use versioned provides/obsoletes, improved conditionals.
-------------------------------------------------------------------
Tue May 3 12:27:08 UTC 2011 - mt@suse.de
- Fixed dhclient-script typo causing ISC DHCPv6 client to execute
ifup pre-down scripts also while renew, when the ipv6 address
did not changed (bnc#690859).
-------------------------------------------------------------------
Fri Apr 29 13:31:57 UTC 2011 - mt@suse.de
- Implemented optional ldap connect retry loop during the initial
startup of the dhcp server in cases where the ldap server is not
yet started. Set the ldap-init-retry <num> option in dhcpd.conf
to enable it (bnc#627617). Merged in the actual ldap patch.
- Cleaned up init script error reporting, no -TERM for killproc.
-------------------------------------------------------------------
Wed Apr 27 12:31:25 UTC 2011 - mt@suse.de
- Updated to ISC dhcp-4.2.1-P1 release, that provides most of the
dhclient pretty escape and string option checks. Merged to use
relaxed domain-name option check causing a regression, when the
server is misusing it to provide a domain list (compatibility to
attic clients) and does not provide it via domain-search option;
pretty escape semicolon as well (bnc#675052, CVE-2011-0997).
-------------------------------------------------------------------
Thu Mar 31 09:56:02 UTC 2011 - mt@suse.de
- Discard string options such as host and domain names containing
disallowed characters or beeing too long. This proctive patch
limits root-path to a-zA-Z0-9, #%+-_:.,@~/\[]= and a space
(bnc#675052, CVE-2011-0997).
-------------------------------------------------------------------
Thu Mar 31 09:00:19 UTC 2011 - mt@suse.de
- Updated to ISC DHCP 4.2.1 release (bnc#680298), that provides
following fixes (digest):
* Several fixes to OMAPI, cleanup of dereferenced pointers in
the omapi handle, handling of pipe failures and status code
in omapi signal handler that may cause connect failure and
100% CPU use.
* Handle some DDNS corner cases better
* Several fixes to lease input and output
* Corrected side effect of printing all data strings as hex.
* Host record references leaks causing applying config to all
innocent clients.
* Memory leak when parsing a domain name
* Fixes to configuration parsing including infinite loop.
* Fixed for unexpected abort caused by a DHCPv6 decline.
For the complete list see the RELNOTES file, that is available
also online at http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-RELNOTES.
- Removed obsolete optional-value-infinite-loop, no-libcrypto
and CVE-2011-0413.bnc667655 patches.
- Merged the dhclient-send-hostname and ldap patches.
-------------------------------------------------------------------
Mon Feb 21 14:51:43 UTC 2011 - mt@suse.de
- dhclient-script: fixed typo causing that only global settings
to set hostname and default route were applied for primary
and never per interface settings (bnc#673792).
-------------------------------------------------------------------
Fri Feb 18 10:21:28 UTC 2011 - mt@suse.de
- Added dhcp-4.2.0-xen-checksum.patch by David Cantrell to handle
xen partial UDP checksums (bnc#668194).
-------------------------------------------------------------------
Wed Feb 2 09:12:11 UTC 2011 - mt@suse.de
- Applied security fix for unexpected abort caused by a DHCPv6
decline message (CVE-2011-0413, VU#686084, bnc#667655).
- Fixed dhclient.conf to request the domain-search option.
-------------------------------------------------------------------
Mon Dec 13 08:51:59 UTC 2010 - mt@suse.de
- Updated to ISC DHCP 4.2.0-P2, a security release fixing the
handling of connection requests on the failover port.
Previously a connection request from a source that wasn't
listed as a failover peer would cause the server to become
non-responsive. ([ISC-Bugs #22679] CERT: VU#159528 CVE:
CVE-2010-3616, bnc#659059).
-------------------------------------------------------------------
Tue Dec 7 14:50:23 UTC 2010 - mt@suse.de
- Enable ldap CASA support on SLE only.
-------------------------------------------------------------------
Tue Nov 30 21:56:04 UTC 2010 - mt@suse.de
- Fixed to use same/correct dhcrelay6 interface variables in the
sysconfig file and in the dhcrelay6 init script.
-------------------------------------------------------------------
Mon Nov 29 15:45:09 CET 2010 - mt@suse.de
- Updated to ISC DHCP 4.2.0-P1 release, providing a security fix to
handle a relay forward message with an unspecified address in the
link address field. Previously such a message would cause the
server to crash. Thanks to a report from John Gibbons.
[ISC-Bugs #21992] CERT: VU#102047 CVE: CVE-2010-3611 (bnc#650902)
The 4.2.0 version is a feature release, implementing asynchronous
DDNS processing and includes "The LDAP Patch".
For a complete list of changes from any previous release, please
consult the RELNOTES file within the source distribution or on
the ISC website: http://www.isc.org/software/dhcp/420
- Fixed compilation to avoid segfaults as soon as ldap is enabled,
merged our ldap patches from 4.1.x branch.
-------------------------------------------------------------------
Tue Nov 2 09:48:56 UTC 2010 - mt@suse.de
- Fixed a dhcrelay segfault while receiving packets on interfaces
without any IPv4 address assigned (bnc#631305, reported upsteam
as [ISC-Bugs #22409]).
- Fixed a common infinite loop while parsing options with optional
parts in the value such as in slp-service-scope option (bnc#643845,
reported upsteam as [ISC-Bugs #22410]).
- Fixed init scripts to report correct LSB codes in status action,
when the config file or the binary do not exists (bnc#640336).
- Fixed syntax of a check in the rcdhcrelay[6] (bnc#648580)
- Avoid pid check error message in the rcdhcpd[6] (bnc#646875)
-------------------------------------------------------------------
Wed Sep 29 10:26:37 UTC 2010 - mt@suse.de
- Fixed server lease file path in contrib/listlease and leasestate
changed to extract contrib and examples using setup macro.
-------------------------------------------------------------------
Wed Aug 4 12:52:03 UTC 2010 - mt@suse.de
- Renamed rfc3442-classless-static-routes_raw in /etc/dhclient.conf
to rfc3442-classless-static-routes for compatibility with the
NetworkManager making use of /etc/dhclient.conf now and adopted
/sbin/dhclient-script (bnc#625770).
-------------------------------------------------------------------
Tue Jul 27 13:31:09 UTC 2010 - mt@suse.de
- Fixed ldap option number conflicting with new options (bnc#625358)
-------------------------------------------------------------------
Fri Jul 2 10:48:21 UTC 2010 - mt@suse.de
- Added a fix for an lpf bind error messages making it easier to
localize problems (bnc#617795)
-------------------------------------------------------------------
Mon Jun 14 12:11:57 UTC 2010 - mt@suse.de
- Updated to ISC DHCP 4.1.1-P1 patch release, which contains
a pair of bug fixes including one for a security related bug
(bnc#612546, CVE-2010-2156):
* A bug was fixed that could cause the DHCPv6 server to
advertise/assign a previously allocated (active) lease to a
client that has changed subnets, despite being on different
shared networks. Dynamic prefixes specifically allocated in
shared networks also now are not offered if the client has
moved. [ISC-Bugs #21152]
* Accept a client id of length 0 while hashing. Previously the
server would exit if it attempted to hash a zero length client
id, providing attackers with a simple denial of service attack.
[ISC-Bugs #21253]
-------------------------------------------------------------------
Tue May 18 08:46:37 UTC 2010 - mt@suse.de
- Added rc.dhcrelay6 as source in the spec file
-------------------------------------------------------------------
Tue May 11 11:22:48 UTC 2010 - mt@suse.de
- Fixed dhcprelay scripts to source sysconfig file correctly
- Fixed spec file typo in arping path require, enabled ldap
- Fixed a dhclient option name and new/old ip address check
-------------------------------------------------------------------
Fri May 7 14:10:21 UTC 2010 - mt@suse.de
- Updated to ISC DHCP 4.1.1, the current 4.x series production
release, providing DHCPv6 client/server/relay implementation.
The programs act in DHCPv6 mode, when the -6 start option is set.
We install separate init scripts with a 6 at the end to handle
them, that is /etc/init.d/dhcpd6 and dhrelay6. Further, there is
also a link to the binaries with a 6 at the end, e.g. dhclient6,
making it visible, that the installed version supports DHCPv6.
- Moved additional documentation to a separate dhcp-doc package.
- Changed to provide config files and scripts as source files
instead of patches to the ISC scripts.
- Adopted spec file and config/scripts, merged in all patches.
- Implemented RFC 3442 classless static routes support in the
dhclient-script (bnc#555870).
-------------------------------------------------------------------
Thu Apr 29 11:18:20 UTC 2010 - mt@suse.de
- Updated to ISC DHCP 3.1-ESV, an extended support version release
which includes a small number of bug fixes (bnc#592178) over the
3.1.3 version:
* Modified the handling of a connection to avoid releasing the
omapi io object for the connection while it is still in use.
One symptom from this error was a segfault when a failover
secondary attempted to connect to the failover primary if
their clocks were not synchronized.
* Fix test in dhcp_interface_signal_handler to check that the
inner handler has a signal_handler before calling it.
* When using 'ignore client-updates;', the FQDN returned to the
client is no longer truncated to one octet.
* Clean up some compiler warnings - ticket 19054.
- Fixed vlan interface check in dhcpd-restart-hook if-up.d script
(bnc#599702)
- Touch dhclient.leases in post-install script instead to provide
an empty file, versioned provides/obsoletes (rpmlint warnings).
-------------------------------------------------------------------
Fri Mar 12 15:53:09 UTC 2010 - mt@suse.de
- Fixed dhclient-script to call ifup -o dhcp and signal "complete"
to ifup when all configuration is done (bnc#585380,bnc#518219).
-------------------------------------------------------------------
Thu Jan 7 20:41:13 CET 2010 - jengelh@medozas.de
- Enable parallel building
- Use large PIE model on all SPARC flavors
-------------------------------------------------------------------
Mon Dec 14 22:39:01 CET 2009 - mt@suse.de
- Fixed dhclient-script to use correct sysconfig run dir path
to not to break the defaultroute/hostname setup (bnc#555095).
- Don't request any specific lease-time by default (bnc#516459).
-------------------------------------------------------------------
Fri Oct 16 10:17:23 CEST 2009 - mt@suse.de
- Fixed dhclient-script to forward new_domain_search as DNSSEARCH
to netconfig.
-------------------------------------------------------------------
Tue Oct 13 22:51:49 CEST 2009 - mt@suse.de
- Updated to dhcp-3.1.3 maintenance release fixing several issues
(a digest, see RELNOTES for the complete list):
* Remove infinite loop in token_print_indent_concat().
* A parser bug was fixed that segfaulted if site-option-space
was tried to be used interchangeably with vendor-option-space.
* Two uninitialized stack structures are now memset to zero,
thanks to patch from David Cantrell at Red Hat.
* Memory leak in the load_balance_mine() function is fixed. This
would leak ~20-30 octets per DHCPDISCOVER packet while failover
was in use and in normal state.
* Fixed setting hostname in Linux hosts that require hostname
argument to be double-quoted. Also allow server-provided
hostname to override hostnames 'localhost' and '(none)'.
* Added client support for setting interface MTU and metric,
thanks to Roy "UberLord" Marples <roy@marples.name>.
* Fixed failover reconnection retry code to continue to retry to
reconnect rather than restarting the listener.
* Fixed a bug where an OMAPI socket disconnection message would
not result in scheduling a failover reconnection, if the link
had not negotiated a failover connect yet (e.g.: connection
refused, asynch socket connect() timeouts).
* Versions 3.0.x syntax with multiple name->code option
definitions is now supported. Note that, similarly to 3.0.x,
for by-code lookups only the last option definition is used.
* Fixed a fenceposting bug when a client had two host records
configured, one using 'uid' and the other using 'hardware
ethernet'. CVE-2009-1892
- Updated to dhcp-3.1.3-ldap-patch-mt-01 including previous fixes.
- Merged dhclient script, removed obsolete CVE-2009-1892 fix.
-------------------------------------------------------------------
Tue Sep 29 11:37:18 CEST 2009 - mt@suse.de
- Replaced mt-02 ldap patch from old git repository with equivalent
one (dhcp-3.1.2p1-ldap-patch-mt-02) from a new repository with
fixed patch history (http://www.suse.de/~mt/git/dhcp-ldap.git/).
-------------------------------------------------------------------
Wed Aug 12 10:38:26 CEST 2009 - mt@suse.de
- Added dhcpd-restart-hook if-up.d script that restarts dhcp server
while network restart when a virtual interfaces as bridge, bond
or vlan goes up again (bnc#517810).
-------------------------------------------------------------------
Wed Jul 29 14:05:41 CEST 2009 - mt@suse.de
- Applied fix for a dhcp client id DoS (CVE-2009-1892, bnc#519413).
-------------------------------------------------------------------
Wed Jul 29 12:47:46 CEST 2009 - mt@suse.de
- Updated to dhcp-3.1.2p1 maintenance release fixing following
issues:
* A stack overflow vulnerability was fixed in dhclient that could
allow remote attackers to execute arbitrary commands as root on
the system, or simply terminate the client, by providing an
over-long subnet-mask option.
* A double-dereference in dhclient transmission of DHCPDECLINEs
was repaired.
* Fix handling of -A and -a flags in dhcrelay; it was failing
to expand packet size as needed to add relay agent options.
* Corrected list of failover state values in dhcpd man page.
* Fixed a bug that caused some request types to be logged
incorrectly.
* Fixed a coredump when adding a class via OMAPI.
* Clients that sent a parameter request list containing the
routers option before the subnet mask option were receiving
only the latter. Fixed.
* The server wasn't always sending the FQDN option when it should.
* A partner-down failover server no longer emits 'peer holds all
free leases' if it is able to newly-allocate one of the peer's
leases.
* A cosmetic bug in DHCPDECLINE processing was fixed which caused
all successful DHCPDECLINEs to be logged as "not found" rather
than "abandoned".
* Some failover debugging #defines have been better defined and
some high frequency messages moved to a deeper debugging symbol.
* The CLTT parameter in failover is now only updated by client
activity, and not by failover binding updates.
* Failover BNDUPD messages are now discarded if they conflict with
an update that has been trasnmitted, but not acknowledged.
* A bug cleaning up unknown-xxx temporary option definitions was
fixed.
- Removed obsolete dhclient-no-dereference-twice patch
- Improved dhclient-script to apply global dhcp settings, when
there is no interface config (bnc#480922).
- Enabled casa support in dhcp-ldap for >= sles 10 and => 11.1.
- Updated dhcp-3.1.2p1-ldap-patch-mt.11.2-02 merging all patches
flying around -- see http://www.suse.de/~mt/git/dhcp-ldap.git
and the git changelog at the begin of the patch.
-------------------------------------------------------------------
Mon Jan 19 15:58:38 CET 2009 - mt@suse.de
- Fixed dhclient-script to apply a dhcp provided MTU (bnc#467358).
-------------------------------------------------------------------
Thu Jan 15 16:43:01 CET 2009 - mt@suse.de
- Fix message about missed service/server association (bnc#392354).
- Applied missed patch with support for dhcpFailOverPeer objects
(failover peering definition) by S Kalyanasundaram (fate#303198).
-------------------------------------------------------------------
Thu Jan 15 13:50:01 CET 2009 - mt@suse.de
- Fixed init script to copy nsswitch.conf and all libnss libs to
the chroot jail to fix resolving via /etc/hosts (bnc#462851).
-------------------------------------------------------------------
Tue Dec 16 11:37:00 CET 2008 - mt@suse.de
- Fixed init scripts Required-Start/Stop tags to require network-
remotefs script, so all interfaces are up while start.
-------------------------------------------------------------------
Wed Nov 26 08:05:01 CET 2008 - coolo@suse.de
- prereq sysconfig to avoid warnings about missing
/etc/sysconfig/dhcp
-------------------------------------------------------------------
Mon Nov 24 13:00:39 CET 2008 - mt@suse.de
- Removed network-number request from dhclient.conf (bnc#443788).
-------------------------------------------------------------------
Tue Nov 11 11:12:23 CET 2008 - mt@suse.de
- Fixed dhclient-script to apply DHCLIENT_SET_HOSTNAME and
SET_DEFAULT_ROUTE policy correctly and inclusive of per
interface setings (bnc#426650).
- Fixed dhclient-script to make sure, the host name is set
as short-name even dhcp provides fqdn (bnc#418168)
- Fixed dhclient-script to translate all known dhcp options
to netconfig variables and unknown with dhclient prefix.
- Fixed dhclient.conf to request all netbios dhcp-options,
added also nds and mtu options.
-------------------------------------------------------------------
Fri Sep 12 16:58:22 CEST 2008 - mt@suse.de
- Removed one of two option_state_dereference calls in dhclient.c
causing null pointer messages (not critical) in the log.
- Fixed a forgotten fi typo in the dhclient-script
-------------------------------------------------------------------
Mon Sep 8 18:29:00 CEST 2008 - mt@suse.de
- Updated to dhcp-3.1.1, providing following major new features
compared to its 3.0.x derivative:
* A significantly enhanced Failover protocol implementation,
which:
+ Implements MAC Address Affinity to reduce the frequency
of clients being assigned new IP addresses;
+ Supports the assignment of failover-protected addresses
to legacy BOOTP clients;
+ Implements a dynamic lease reservation system that provides
improved accounting of the use of fixed address assignments,
by allocating fixed addresses out of the pool of dynamic leases
+ Improves tools and reduces operator oversight necessary for
maintaining a functioning system.
* Support for DHCP leasequery, and the VIVCO/VIVSO options, which
makes easy and comfortable integration with DOCSIS devices and
the environment in which they are used.
* Management of class and subclass statements via OMAPI
* Several server configuration options related to dynamic DNS
behavior
* Other new configuration functions, including "execute()",
which runs a shell command from within a dhcpd or dhclient
configuration file
For a full list of new features added in this release, please
observe the changes list.
- Adopted/merged patches, dropped obsolete dhcdbd (NM) patches.
-------------------------------------------------------------------
Fri Aug 22 13:34:07 CEST 2008 - mt@suse.de
- Adopted dhclient-script and manual page to use /sbin/netconfig
that is replacing the modify_resolvconf mechanizm by default.
-------------------------------------------------------------------
Wed Aug 20 15:11:14 CEST 2008 - mt@suse.de
- Updated to dhcp-3.0.7, a maintenance release containing several
bug fixes; since the 3.0.6 release this are:
* Fixed "--version" flag in dhcrelay.
* Clarified error message when lease limit exceeded
* Fixed a buffer overflow error which could have allowed a denial
of service under unusual server configurations
* Bug in octal parsing fixed. Thanks to Bernd Fuhrmann for the
report and fix.
* The warning logged when an address range doesn't fit in the
subnets they were declared has been updated to be more helpful
and identify the typo in configuration that created the
spanning addresses.
* The 'min-secs' configuration parameter's log message has been
updated to be more helpful.
* Fixed a bug in which write_lease() might report a failure
incorrectly.
* Bug in server configuration parser caused server to get stuck
on startup for certain bad pool declarations. Thanks to
Guillaume Knispel for the bug report and fix.
* Fixed file descriptor leak on listen failure. Thanks to Tom
Clark.
* Failover binding acks are now transmitted before new binding
updates (which may, very rarely, be related to a lease on the
ack queue). This eliminates a lease database inconsistency
bug, as the remote system relies upon the most recent message
it received from its peer.
* POOLREQ messages received within 30 seconds of one another are
ignored.
* 'lease imbalance' messages are not logged unless rebalance was
actually attempted ("ten percent" rule).
* A bug was fixed where the 'giaddr' may be used to find the
client's subnet rather than its own 'ciaddr'.
* A log message was introduced to clarify the situation where a
failover 'address' parameter (the server's local address) did
not resolve to an IPv4 address.
* When server is configured with options that it overrides, a
warning is issued when the configuration file is read, rather
than at the time the option is overridden. This was important,
because the warning was given every time the option was
overridden, which could create a lot of unnecessary logging.
* When a failover server suspects it has encountered a peer
running a version 3.1.x failover server, a warning that the
failover wire protocol is incompatible is printed.
* The failover server no longer issues a floating point error
if it encounters a previously undefined option code.
* A memory leak when using omapi has been fixed.
- Adopted dhcp-send-hostname-rml patch
- Removed obsolete dhcp-3.0.5-pool_eof patch
- Merged changes between server:isc-dhcp and openSUSE:Factory
- Removed down parameter from ifconfig calls in dhclient-script
because it destroys bonding interfaces and also conflicts with
an dhcpv6 client running on same interface (bnc#410905).
-------------------------------------------------------------------
Wed Aug 20 14:11:14 CEST 2008 - skalyanasundaram@novell.com
- Added missing DNs (dhcpZoneDN, dhcpFailOverPeerDN) to list of
external references.
-------------------------------------------------------------------
Fri Jun 27 14:28:02 CEST 2008 - mt@suse.de
- Added /etc/openldap directory to the file list of the dhcp-server
package, because it is not provided by the ldap package any more.
-------------------------------------------------------------------
Fri May 23 15:55:14 CEST 2008 - mt@suse.de
- Don't set parts of host error messages as hostname (bnc#389668).
-------------------------------------------------------------------
Mon May 19 15:47:19 CEST 2008 - mt@suse.de
- Documentation updates for DDNS-howto.txt (bnc#359977).
-------------------------------------------------------------------
Fri Apr 4 16:43:21 CEST 2008 - mt@suse.de
- Changed the list of dhcp options required by the dhcp-client in
the server response to not to enforce the domain-name-servers
option availiability (bnc#331964).
- Fixed too long error messages server init script (bnc#353589).
- Renamed/renumbered patches modifying the dhclient.conf file.
- Fixed the dhclient-script to add explicit host route to default
gateway when it is not reachable via interface route created by
ifconfig based on the IP and netmask (e.g. /32) values provided
by dhcp server (bnc#266215).
- Fixed ntp configuration feature in dhclient-script to try-restart
the ntp service to apply the server changes. Changed to use new
per interface server list to avoid merge problems (bnc#375746).
-------------------------------------------------------------------
Tue Apr 1 16:07:04 CEST 2008 - mkoenig@suse.de
- remove dir /usr/share/omc/svcinfo.d as it is provided now
by filesystem
-------------------------------------------------------------------
Tue Dec 4 11:02:45 CET 2007 - mt@suse.de
- Bug #343069: Added dhcp-server compatibility workaround to search
for lower- and upper-case MAC addresses in the dhcpHWAddress LDAP
attributes. New patch: dhcp-3.0.6-ldap-patch_hwaddr-icase.dif
-------------------------------------------------------------------
Mon Nov 19 09:43:56 CET 2007 - mt@suse.de
- Disabled script setting in the /etc/dhclient.conf,
because it overrides the -sf command line option.
-------------------------------------------------------------------
Fri Aug 24 10:25:29 CEST 2007 - mt@suse.de
- Removed getcfg interface config to interface name conversions
-------------------------------------------------------------------
Mon Jul 30 13:06:43 CEST 2007 - thoenig@suse.de
- dhcp-3.0.3-dhclient-script-dhcdbd.patch: dbus-send is now located
in /bin
-------------------------------------------------------------------
Thu Jul 19 16:14:33 CEST 2007 - mt@suse.de
- Updated to 3.0.6, a maintenance release containing fixes
for bugs discovered since DHCP 3.0.5, but no new features.
See the RELNOTES file for full list of changes.
- Adopted dhcp-3.0rc10.filedes.dif patch
new patch file name: dhcp-3.0.6-dhclient-exec-filedes.dif
- Bug #289933: Let dhclient request netbios-name-servers as well;
old patch file name: dhcp-3.0.5-dhclient-nis-ntp.patch
new patch file name: dhcp-3.0.6-dhclient-requests-conf.patch
- Removed $local_fs from init-scripts, included in $remote_fs.
-------------------------------------------------------------------
Wed Jun 27 17:41:11 CEST 2007 - anschneider@suse.de
- Added support for ntpd runtime configuration
new patch file: dhcp-3.0.6-dhclient-script-ntp-runtime.patch
-------------------------------------------------------------------
Wed Jun 27 12:27:47 CEST 2007 - lmuelle@suse.de
- Let dhclient request ntp-servers by default.
-------------------------------------------------------------------
Tue May 22 09:37:59 CEST 2007 - mt@suse.de
- Bug 275592: Added ldap and ndsd to the Should-Start/Stop LSB
init info tags of the dhcp-server init script.
- Bug #241113: Added copying of /etc/openldap/ldap.conf and
more base libraries into the chroot jail.
-------------------------------------------------------------------
Mon May 14 15:31:04 CEST 2007 - mt@suse.de
- Bug #265337: Fix to generate proper "host ... {" block begin
brace even if no harware address is specified for the host.
New patch file: dhcp-3.0.5-ldap-patch_host_brace.dif
- Bug #258493: Fix to support new dhcpServerDN reference in
dhcpService object search filter.
New patch file: dhcp-3.0.5-ldap-patch_server_dn.dif
- Fixed LSB init info to use LSB 2.0 Should-Start/Should-Stop.
-------------------------------------------------------------------
Thu Mar 15 18:07:35 CET 2007 - mt@suse.de
- Bug #181212: Improved dhcp init-script to copy directories
specified in the DHCPD_CONF_INCLUDE_FILES sysconfig variable
into the chroot jail.
-------------------------------------------------------------------
Wed Mar 14 12:15:11 CET 2007 - mt@suse.de
- Bug #247365: Added installation of dhcp-server SuSEfirewall2
service definition file.
-------------------------------------------------------------------
Tue Mar 13 18:16:48 CET 2007 - mt@suse.de
- Updated to dhcp-3.0.5-ldap-patch.gz, released on 2007-02-23
fixing a parsing bug in dhcpd-conf-to-ldap.pl script to handle
correctly quoted string containing spaces.
Further, it includes our fixes and obsoletes following patches:
* dhcp-3.0.5-ldap-patch-strncat.dif
* dhcp-3.0.5-ldap-patch-casa-fix.dif
* dhcp-3.0.5-ldap-patch-dhcp-cn.dif
* dhcp-3.0.5-ldap-patch-schema.dif
* dhcp-3.0.5-ldap-patch-nomd5.dif
* dhcp-3.0.5-ldap-patch-referrals.dif
* dhcp-3.0.5-ldap-patch-ssl-opts.dif
* dhcp-3.0.5-ldap-patch-ldap_read.dif
- Bug #250153: Fix for object order related parse error, that
occured in case an dhcp-ldap object referencing a dhcp-tsigkey,
class or failoverpeer object was parsed before the declaration
of the referenced objects, because of the order in ldap result.
New patch file: dhcp-3.0.5-ldap-patch_object-order.dif
-------------------------------------------------------------------
Tue Feb 20 11:45:29 CET 2007 - mt@suse.de
- Bug #162186: Added check for EOF in parse_pool_statement to
avoid endless recursion loop between parse_pool_statement
and parse_statement when a closing right brace "}" is missed
at the end of a pool declaration in /etc/dhcpd.conf.
New patch file: dhcp-3.0.5-pool_eof.dif
- Fixed ldap_read_function to avoid returning of empty strings
causing parsing errors in ldap-dynamic mode.
New patch file: dhcp-3.0.5-ldap-patch-ldap_read.dif
-------------------------------------------------------------------
Thu Jan 25 11:15:57 CET 2007 - mt@suse.de
- Updated to dhcp-3.0.5-ldap-patch.gz, providing several fixes:
* unbind from the LDAP server after the config file has been ran
if the server is being ran in static mode
* fixed ldap_read_function bug where the entire configuration
was not being processed
and extensions / enhancements:
* added functions for reading config values from the config
file to clean up the ldap_start() function.
* new ldap-server-cn option that will be used to locate the
data in ldap; defaults to the hostname as before (FATE #227).
* while host is added in the ldap-method dynamic mode, try to
find if it belongs to a group and apply the group options too.
* modifies the dhcpHWAddress attribute to case-insensitive, adds
several new objectclasses, e.g. dhcpLocator, dhcpTsigKey,
dhcpDnsZone,dhcpFailOver to the dhcp.schema.
* implements support for dhcpTsigKey, dhcpDnsZone and related.
* implements auth password query via casa.
- Adopted ldap-patch-strncat, removed ldap-patch-nossl obsoleted by
ldap-patch-nomd5. New patch: dhcp-3.0.5-ldap-patch-strncat.dif
- Added dhcp-3.0.5-ldap-patch-nomd5.dif linking the dhcp-server
with md5 functions from openssl library instead of own copy.
- Added dhcp-3.0.5-ldap-patch-casa-fix.dif, fixing casa support
- Added dhcp-3.0.5-ldap-patch-dhcp-cn.dif, renaming the dhcpd.conf
ldap-server-cn option to more clear ldap-dhcp-server-cn.
- dhcp-3.0.5-ldap-patch-schema.dif
- Added dhcp-3.0.5-ldap-patch-referrals.dif, implementing support
for LDAP referrals, introducing new "ldap-referrals <on|off>"
option in dhcpd.conf.
- Added dhcp-3.0.5-ldap-patch-ssl-opts.dif enabling/implementing
TLS/LDAPS support. Adds new "ldap-ssl <on|off|ldaps|start_tls>"
and several "ldap-tls-*" options for dhcpd.conf. By default, the
server trys to use TLS if possible, but continues without if not.
-------------------------------------------------------------------
Tue Jan 9 13:48:07 CET 2007 - mt@suse.de
- Added installation of dhcpd.xml, dhcpd service description
for omc xml-service-provider, fate #301710.
- fix of the ldap-patch strncat fix, bug #202648
-------------------------------------------------------------------
Wed Nov 8 11:33:50 CET 2006 - mt@suse.de
- fix for strncat usage in ldap-patch, bug #202648
-------------------------------------------------------------------
Tue Nov 7 11:28:23 CET 2006 - mt@suse.de
- updated to 3.0.5, bug #212310:
* This release is a maintenance release that seeks to correct bugs
introduced in 3.0.4 or prior. The most important of these bugs
is for 64-bit time_t systems that was introduced in 3.0.4.
* If you are upgrading from ISC DHCP 3.0.3 or prior and are using
failover, please take special care of the 'atsfp' values now
included on failover-controlled leases. See the RELNOTES file.
- adopted dhcp-3.0.4-tmpfile.dif (now dhcp-3.0.5-tmpfile.dif)
- added to provide gpg signature of the tar archive as rpm-source
-------------------------------------------------------------------
Tue Oct 17 20:26:30 CEST 2006 - poeml@suse.de
- there is no SuSEconfig.syslog script anymore, thus remove the
YaST hint from the sysconfig template
-------------------------------------------------------------------
Fri Jun 9 14:49:58 CEST 2006 - poeml@suse.de
- upstream 3.0.4:
* fix an insidious bug in the failover implementation which, if
left unchecked, could result in tying up all leases in
transitional states (such as released, reset, or expired)
* fix a confusing (wrong) syslog line, logged by during DDNS update
* The server now tries harder to survive the condition where it is
unable to open a new lease file to rewrite the lease state
database.
* several other small bug fixes
- update ldap patch. It now supports ldap over ssl, but we don't
enable it and add dhcp-3.0.4-ldap-patch-nossl.dif, because at the
moment there seems to be a choice between linking dhclient
against ldap+ssl libs (not in /lib) or risking clash between
openssl and isc's md5 symbols. (At least, I assume that this is
the reason why the ldap patch now removes the isc implementation
from the build.) Thus, I readd the patch which added ldap libs to
LIBS in the server subdir only, via ./configure
- if /etc/sysconfig/dhcpd:DHCPD_INTERFACE is set to "ANY", dhcpd
will now autodetect available network interfaces
-------------------------------------------------------------------
Fri Jun 2 11:55:59 CEST 2006 - poeml@suse.de
- allow for build on SUSE Linux 9.3 and older (no -fpie)
- clean up all CFLAGS/DEBUG_FLAGS definitions
-------------------------------------------------------------------
Tue May 16 16:24:33 CEST 2006 - poeml@suse.de
- add s390x to the list of platforms to compile with -fsigned-char
to avoid the dhclient.conf parse error "expecting a statement"
[#171532], [#134590]
-------------------------------------------------------------------
Thu May 4 23:01:10 CEST 2006 - rml@suse.de
- Add "-H" flag for setting hostname (Novell major bug #139532)
-------------------------------------------------------------------
Wed Mar 29 15:47:38 CEST 2006 - poeml@suse.de
- fix two further include paths in dhcpctl.3 and omapi.3
-------------------------------------------------------------------
Wed Mar 29 12:50:24 CEST 2006 - poeml@suse.de
- package the static libdst.a library [#158271]
- fix the include path in dhcpctl.3 and omapi.3 [#158271]
-------------------------------------------------------------------
Fri Jan 27 01:11:31 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Wed Jan 25 14:06:19 CET 2006 - poeml@suse.de
- dereference links when copying stuff into the chroot jail [#145169]
-------------------------------------------------------------------
Mon Jan 23 11:53:45 CET 2006 - thoenig@suse.de
- dropped dhcp-3.0.3-dhclient-nm_active-01-thoenig.patch. Correct
solution is being implemented in NetworkManager
-------------------------------------------------------------------
Sat Jan 14 12:40:06 CET 2006 - thoenig@suse.de
- replaced 'nis-domain-servers' by 'nis-servers' in
dhcp-3.0.3-dhclient-nis-01-thoenig.patch (follow-up #134160)
-------------------------------------------------------------------
Fri Jan 13 22:35:10 CET 2006 - thoenig@suse.de
- add 'nis-domain' and 'nis-domain-servers' to 'request'
dhclient.conf (dhcp-3.0.3-dhclient-nis-01-thoenig.patch). If
the DHCP reply contains information about NIS, NM will set those.
(#134160)
- extended /sbin/dhclient-script to set domain name and host name.
This will only happen if the relevant options in
/etc/sysconfig/network/dhcp are set.
(dhcp-3.0.3-dhclient-nm_active-01-thoenig.patch) (#134160)
-------------------------------------------------------------------
Mon Nov 28 14:43:43 CET 2005 - poeml@suse.de
- compile with -fsigned-char on ppc/ppc64, avoiding the
dhclient.conf parse error "expecting a statement" [#134590]
-------------------------------------------------------------------
Mon Sep 26 01:30:25 CEST 2005 - ro@suse.de
- define LDAP_DEPRECATED in CFLAGS
-------------------------------------------------------------------
Wed Aug 3 15:07:50 CEST 2005 - poeml@suse.de
- update to 3.0.3
* A bug was fixed in BOOTPREQUEST handling code wherein stale
references to host records would be left behind on leases that
were not allocated to the client currently booting (eg in the
case where the host was denied booting).
* The dhcpd.conf.5 manpage was updated to be more clear in
regards to multiple host declarations (thanks to Vincent
McIntyre). 'Interim' style dynamic updates were also
retouched.
* dhclient.conf documentation for interface {} was updated to
reflect recent discussion on the dhcp-hackers mailing list.
- update ldap patch, patches merged upstream
- compile with LPF instead of bsd sockets. Provide optional binary
compiled with bsd sockets.
- README: describe how to serve option 119 (searchlist), add dns
compression tool
-------------------------------------------------------------------
Tue Jul 12 08:47:02 CEST 2005 - hare@suse.de
- build with pie/PIE depending on architecture.
-------------------------------------------------------------------
Thu Jun 30 21:38:41 CEST 2005 - gekker@suse.de
- Add -DEXTENDED_NEW_OPTION_INFO to CFLAGS for rml
-------------------------------------------------------------------
Tue Jun 28 22:03:50 CEST 2005 - gekker@suse.de
- Add support for dhcdbd, patches from RH via rml
-------------------------------------------------------------------
Mon Jun 20 16:45:22 CEST 2005 - ro@suse.de
- build with pie/fpie
-------------------------------------------------------------------
Mon Jun 13 15:26:44 CEST 2005 - kukuk@suse.de
- Don't use kernel types in user space
-------------------------------------------------------------------
Fri Apr 8 16:25:06 CEST 2005 - poeml@suse.de
- update to 3.0.3b1 release. Changes since 3.0.2:
* A bug was fixed where a server might load balance a DHCP REQUEST to its
peer after already choosing not to load balance the preceeding DISCOVER.
The peer cannot allocate the originating server's lease.
* In the case where a secondary server lost its stable storage while the
primary was still in communications-interrupted, and came back online,
the lease databases would not be fully transferred to the secondary.
This was due to the secondary errantly sending an extra UPDREQ message
when the primary made its state transition to PARTNER-DOWN known.
* The package will now compile cleanly in gcc 3.3 and 3.4. As a side effect,
lease structures will be 9 bytes smaller on all platforms. Thanks to
Jason Vas Dias at Redhat.
* Interface discovery code in DISCOVER_UNCONFIGURED mode is now
properly restricted to only detecting broadcast interfaces. Thanks
to a patch from Jason Vas Dias at RedHat.
* decode_udp_ip_header was changed so that the IP address was copied out
to a variable, rather than referenced by a pointer. This enforces 4-byte
alignment of the 32-bit IP address value. Thanks to a patch from Dr.
Peter Poeml.
* An incorrect log message was corrected thanks to a patch from
Dr. Peter Poeml.
* A bug in DDNS was repaired, where if the server's first DDNS action was
a DDNS removal rather than a DDNS update, the resolver library's
retransmit timer and retry timer was set to the default, implying a
15 second timeout interval. Which is a little excessive in a synchronous,
single-threaded system. In all cases, ISC DHCP should now hold fast to
a 1-second timeout, trying only once.
* The siaddr field was being improperly set to the server-identifier when
responding to DHCP messages. RFC2131 clarified the siaddr field as
meaning the 'next server in the bootstrap process', eg a tftp server.
The siaddr field is now left zeroed unless next-server is configured.
* mockup_lease() could have returned in an error condition (or in the
condition where no fixed-address was found matching the shared
network) with stale references to a host record. This is probably not
a memory leak since host records generally never die anyway.
* A bug was repaired where failover servers would let stale client identifiers
persist on leases that were reallocated to new clients not sending an id.
* Binding scopes ("set var = value;") are now removed from leases allocated
by failover peers if the lease had expired. This should help reduce the
number of stale binding scopes on leases.
* A small memory leak was closed involving client identifiers larger than
7 bytes, and failover.
* Configuring a subnet in dhcpd.conf with a subnet mask of 32 bits might
cause an internal function to overflow heap. Thanks to Jason Vas Dias
at Redhat.
* Some inconsistencies in treating numbers that the lexer parsed as 'NUMBER'
or 'NUMBER_OR_NAME' was repaired. Hexadecimal parsing is affected, and
should work better.
* In several cases, parse warnings were being issued before the lexical
token had been advanced to the token whose value was causing an error...
causing parse warnings to claim the problem is on the wrong token.
* Host declarations matching on client identifier for dynamic leases will
no longer match fixed-address host declarations (this is now identical
to behaviour for host records matching on hardware address).
- print error if binary DHCPD_BINARY is not found [#76392]
- remove patches incorporated upstreams
- update ssh forced command example in dhcpsync man page
-------------------------------------------------------------------
Mon Feb 21 17:53:08 CET 2005 - poeml@suse.de
- update to 3.0.2 release. Changes since 3.0.2rc3:
* A previously undocumented configuration directive,
'local-address', was documented in the dhcpd.conf manpage.
-------------------------------------------------------------------
Tue Feb 8 17:40:05 CET 2005 - mt@suse.de
- Bug #49433: try to reconnect to ldap server if it was down;
ignore SIGPIPE while ldap_unbind called on closed handle.
= new patch file: dhcp-3.0.2-ldap-reconnect.mt.dif.gz
-------------------------------------------------------------------
Tue Dec 7 15:29:15 CET 2004 - poeml@suse.de
- update to 3.0.2rc3. Changes since rc2:
* Two variables introduced in 3.0.2b1 were used without being
initialized in the case where neither the FILE nor SNAME fields
were available for overloading. This was repaired.
* A heretofore believed to be impossible corner case of the
option overloading implementation turned out to be possible
("Unable to sort overloaded options after 10 tries."). The
implementation was reworked to consider the case of an option
so large it would require more than three chunks to fit.
* Many other instances of variables being used without being
initialized were repaired.
* An uninitialized variable in omapi_io_destroy() led to the
discovery that this function may result in orphaned pointers
(and hence, a memory leak).
- refresh the unaligned.patch
-------------------------------------------------------------------
Tue Nov 30 14:10:15 CET 2004 - poeml@suse.de
- update to 3.0.2rc2. Changes since 3.0.1:
* allocate_lease() was rewritten to repair a bug in which the server would
try to allocate an ABANDONED lease when FREE leases were available.
* Some dhcp-eval.5 manpage formatting was repaired.
* A bug was fixed in the server's 'option overloading' implementation,
where options loaded into the 'file' and 'sname' packet fields were
not aligned precisely as rfc2131 dictates.
* The FreeBSD client script was changed to support the case where a domain
name was not provided by the server.
* A memory leak in 'omshell' per each command line parsed was
repaired, thanks to a patch from Jarkko Torppa.
* Log functions writing to stderr were adjusted to use the STDERR_FILENO
system definition rather than '2'. This is a no-op for 90% of platforms.
* One call to trace_write_packet_iov() counted the number of io vectors
incorrectly, causing inconsistent tracefiles. This was fixed.
* Some expression parse failure memory leaks were closed.
* A host byte order problem in tracefiles was repaired.
* Pools configured in DHCPD for failover possessing permission lists that
previously were assumed to not include dyanmic bootp clients are now
a little more pessimistic. The result is, dhcpd will nag you about just
about most pools that possess a 'allow' statement with no 'deny' that
would definitely match a dynamic bootp client.
* The 'ddns-update-style' configuration warning bit now insists that
the configuration be globally scoped.
* Two memory leaks in dhclient were closed thanks to a patch from Felix
Farkas.
* Some minor but excellently pedantic documentation errors were fixed
thanks to a patch from Thomas Klausner.
* Bugs in operator precedence in executable statements have been repaired
once again. More legal syntaxes should be parsed legally.
* Failing to initialize a tracefile for any reason if a tracefile was
specified is now a fatal error. Thanks to a patch from Albert Herranz.
* Corrected a bug in which the number of leases transferred as calculated
by the failover primary and sent to peers in POOLRESP responses may be
incorrect. This value is not believed to be used by other failover
implementations, excepting perhaps as logged information.
* Corrected a bug in which 'dhcp_failover_send_poolresp()' was in fact
sending POOLREQ messages instead of POOLRESP mesasges. This message
was essentially ignored since failover secondaries effectively do not
respond to POOLREQ messages.
* Type definitions for various bitwidths of integers in the sunos5-5
build of ISC DHCP have been fixed. It should compile and run more
easily when built in 64-bit for this platform.
* "allow known-clients;" is now a legal syntax, to avoid confusion.
* If one dhcp server chooses to 'load balance' a request to its failover
peer, it first checks to see if it believes said peer has a free
lease to allocate before ignoring the DISCOVER.
* log() was logging a work buffer, rather than the value returned by
executing the statements configured by the user. In some cases,
the work buffer and the intended results were the same. In some other
cases, they were not. This was fixed thanks to a patch from Gunnar
Fjone and directconnect.no.
* Compiler warnings for some string type conversions was fixed, thanks
to Andreas Gustafsson.
* The netbsd build environments were simplified to one, in which
-Wconversion is not used, thanks to Andreas Gustafsson.
* How randomness in the backoff-cutoff dhclient configuration variable
is implemented was better documented in the manpage, and the behaviour
of dhclient in REQUEST timeout handling was changed to match that of
DISCOVER timeout handling.
* Omapi was hardened against clients that pass in null values, thanks
to a patch from Mark Jason Dominus.
* A bug was fixed in dhclient that kept it from doing client-side
ddns updates. Thanks to a patch from Andreas Gustafsson, which
underwent some modification after review by Jason Vas Dias.
* Failover implementations disconnected due to the network between
them (rather than one of the two shutting down) will now try to
re-establish the failover connection every 5 seconds, rather than
to simply try once and give up until one of them is restarted.
Thanks to a patch from Ulf Ekberg from Infoblox, and field testing
by Greger V. Teigre which led to an enhancement to it.
* A problem that kept DHCP Failover secondaries from tearing down
ddns records was repaired. Thanks to a patch from Ulf Ekberg from
Infoblox.
* 64bit pointer sizes are detected properly on FreeBSD now.
* A bug was repaired where the DHCP server would leave stale references
to host records on leases it once thought about offering to certain
clients. The result would be to apply host and 'known' scopes to the
wrong clients (possibly denying booting). NOTE: The 'mis-host' patch
that was being circulated as a workaround is not the way this bug was
fixed. If you were a victim of this bug in 3.0.1, you are cautioned
to proceed carefully and see if it fixes your problem.
* A bug was repaired in the server's DHCPINFORM handling, where it
tried to divine the client's address from the source packet and
would get it wrong. Thanks to Anshuman Singh Rawat.
* A log message was introduced to help illuminate the case where the
server was unable to find a lease to assign to any BOOTP client.
Thanks to Daniel Baker.
* A minor dhcpd.conf.5 manpage error was fixed.
- update ldap patch (11/8/2004 version)
-------------------------------------------------------------------
Thu Nov 11 12:47:21 CET 2004 - ro@suse.de
- fixed file list for devel package
-------------------------------------------------------------------
Thu Sep 23 11:34:56 CEST 2004 - poeml@suse.de
- sysconfig.dhcpd, sysconfig.dhcrelay: give examples how to use
configuration names instead of interface names
-------------------------------------------------------------------
Thu Aug 5 14:12:50 CEST 2004 - poeml@suse.de
- update to 3.0.1
* The global variable 'cur_time' was centralized and is now
uniformly of a type #defined in system-dependent headers. It
had previously been defined in one of many places as a 32-bit
value, and this causes mayhem on 64-bit big endian systems. It
probably wasn't too healthy on little endian systems either.
* A printf format string error introduced in rc14 was repaired.
* AIX system-dependent header file was altered to only define
NO_SNPRINTF if the condition used to #ifdef in vsnprintf in
AIX' header files is false.
* The Alpha/OSF system-dependent header file was altered to
define NO_SNPRINTF on OS revisions older than 4.0G.
* omapip/test.c had string.h added to its includes.
- drop obsolete dhcp-curtimetype.patch
- cope with missing files during chroot setup (e.g., if no
resolv.conf exists) [#40728]
- remove duplicated option "-cf" from usage output
- add notes about the used raw socket API to README
-------------------------------------------------------------------
Fri Jul 16 14:27:18 CEST 2004 - poeml@suse.de
- update to 3.0.1rc14
- remove obsolete patches and adapt dhcp-3.0.1rc13-tmpfile.dif
- dhcpsync: use try-restart (so the server isn't started if it has
been stopped)
- remove notify messages that are sent to root
- check if dhcpd was active at boot time before update and
restore runlevel links if needed [#41215], and PreRequires for
that
-------------------------------------------------------------------
Mon Jun 14 20:51:29 CEST 2004 - poeml@suse.de
- security fixes [#41975]:
- fix buffer overflow in the DHCP server that can be exploited by
the client by specifying multiple 'hostnames' to execute
arbitrary code or at least crash the server. VU#317350
- add patch to use vsnprintf() instead of vsprintf() calls.
VU#654390
-------------------------------------------------------------------
Fri May 14 15:04:50 CEST 2004 - poeml@suse.de
- fix sysconfig comment and DHCPD_RUN_AS default [#40174]
-------------------------------------------------------------------
Thu May 13 14:05:35 CEST 2004 - poeml@suse.de
- improve security of the chroot jail setup by creating a dedicated
user id for the server, and move the leases database into a
subdirectory (/var/lib/dhcp/db). With the exception of that
subdirectory the chroot jail is now owned by root. [#40174] Use
mkstemp to create temporary files. [#40267]
- don't use startproc to start dhcpd, because startproc waits a
fixed time (100 msec) until it decides whether the service is
running or not. Now that dhcpd might have to contact an LDAP
server first to read its configuration, starting up can take
longer than that, and the init script would falsely report
"success" even when the server cannot start up due to broken
configuration or non-existant interfaces. Increasing the
startproc timeout (-t) is not a real alternative because, because
it would imply a fixed dely to the init script, and it might
still be too short. [#40350]
-------------------------------------------------------------------
Tue May 4 18:24:14 CEST 2004 - poeml@suse.de
- convert configuration names in DHCPD_INTERFACE /
DHCRELAY_INTERFACES into interface names [#39718]
- fix service restart for the case where the binary has been
switched for backward compatibility during updating.
- do not change DHCPD_BINARY for backward compatibility if updating
from 9.0. This and the last change complete the fix for [#38422]
and take care of updates from 8.1-9.1 with and without YOU
updates.
-------------------------------------------------------------------
Fri Apr 30 15:09:44 CEST 2004 - poeml@suse.de
- additionally package the dhcpd binary that uses the Linux packet
filter API. New option DHCPD_BINARY in sysconfig.dhcpd. [#38422]
- when updating from a previous package using LPF API, retain the
old behaviour. Fix init script so that 'stop' works also after a
switch of DHCPD_BINARY.
-------------------------------------------------------------------
Thu Apr 22 11:53:00 CEST 2004 - mt@suse.de
- updated to dhcp-3.0.1rc13-ldap-patch also obsolating the
patches: dhcp-ldap-fix01.dif, dhcpd-conf-to-ldap.pl.dif
- added dhcp-3.0.1rc13-ldap.mt.dif, providing diverse fixes
and basic failover support for server/ldap.c
- added dhcpd-conf-to-ldap.mt.dif providing failover support
to dhcpd.conf convert script
-------------------------------------------------------------------
Thu Mar 25 19:23:17 CET 2004 - mt@suse.de
- applied dhcp-3.0.1rc12-ldap-patch adding support to store
dhcp configuration in ldap (incl. draft ldap schema).
further patches:
- dhcp-ldap-fix01.dif: fixes for server/ldap.c (debuging
output, support for block statements, ...)
- dhcpd-conf-to-ldap.pl.dif: fixes for convert script
-------------------------------------------------------------------
Wed Feb 25 16:00:55 CET 2004 - poeml@suse.de
- the genDDNSkey script has been moved to the bind-utils package
- update the DDNS-howto.txt
- package leases.awk (dhcpd.leases analyzer) (courtesy of Jeff Wilson)
- update to 3.0.1rc13
- Fixed a bug in omapi lease lookup function, to form the
hardware address for the hash lookup correctly
- The 'ping timeout' debugs from rc12 were removed to -DDEBUG
only
- Fixed a case where leases read from the leases database do not
properly over-ride previously read leases.
- Fixed a bug where dhcrelay was sending relayed responses back
to the broadcast address, but with the source's unicast mac
address. Should now conform to rfc2131 section 4.1.
- Fixed a crash bug in dhclient where dhcpd servers that do not
provide renewal times results in an FPE. As a side effect,
dhclient can now properly handle 0xFFFFFFFF (-1) expiry times
supplied by servers.
- dhcpctl.3 manpage was tweaked.
- the files CHANGES and COPYRIGHT have vanished, package LICENSE
instead
-------------------------------------------------------------------
Sun Jan 11 10:35:11 CET 2004 - adrian@suse.de
- build as user
-------------------------------------------------------------------
Tue Nov 18 22:48:05 CET 2003 - poeml@suse.de
- if starting dhcpd in chroot jail, and a pid file is present in
the jail, and the pid file does not contain a pid of a running
dhcpd process, but that of another _running_ process, remove
that pid file. [#32603]
- fix typo in dhcp.LIESMICH
- DDNS-howto.txt: adjust changed path
- DDNS-howto.txt: instead of the shell variables (they were copy
and paste'd from a script), use a real example (makes it easier)
- add a comment in sysconfig.dhcpd that entire directories may be
included
- dhcpsync: if run from the commandline, do not use an identity
that ssh-agent may hold, but use $KEY instead
- dhcpsync.8: add a note about a know limitation
-------------------------------------------------------------------
Tue Nov 18 14:06:10 CET 2003 - poeml@suse.de
- fix wrong ServiceRestart tags in sysconfig/dhcrelay [#32062]
-------------------------------------------------------------------
Fri Oct 17 14:12:45 CEST 2003 - uli@suse.de
- fixed data type mismatch in libomapi, only harmful on 64-bit
BE systems (ppc64, s390x, bug #32123)
-------------------------------------------------------------------
Mon Sep 8 16:32:33 CEST 2003 - poeml@suse.de
- update to 3.0.1rc12
- a failover bug relating to identifying peers by name length
instead of by name was fixed
- declaring failover configs within shared-network statements
should no longer result in error
- a problem with lease expiry times in failover configurations
was fixed
- reverse dns PTR record updates with values containing spaces
are now permitted
- problems with long option processing fixed
- fixes to minires so that updates of KEY records will work
- memory leak in configuration parsing closed
- non-broadcast or point-to-point interfaces are now ignored
- options not yet known by the dhcpd or dhclient now appear as
e.g. "unknown-144" rather than "#144" in the leases file, to
avoid the hash marks
- dhclient no longer uses shell commands to kill another instance
of itself, it sends the signal directly.
- the -nw command line option to dhclient now works
- dhcp-3.0.1rc10-dhcrelay-limit-hopcount.dif included upstreams
- added contrib/ms2isc (converts Microsoft DHCP server configuration)
-------------------------------------------------------------------
Mon Sep 8 10:46:42 CEST 2003 - poeml@suse.de
- mark dhclient's lease database %config(noreplace)
-------------------------------------------------------------------
Wed Sep 3 13:28:21 CEST 2003 - kukuk@suse.de
- Really fix [#29405], server should not provide and obsolete dhcp.
-------------------------------------------------------------------
Wed Aug 27 12:34:27 CEST 2003 - poeml@suse.de
- don't provide/require dhcp-base. Require dhcp instead [#29405]
-------------------------------------------------------------------
Tue Aug 26 18:16:28 CEST 2003 - poeml@suse.de
- add Config: syslog-ng to sysconfig.syslog-dhcpd
-------------------------------------------------------------------
Fri Aug 15 03:28:02 CEST 2003 - poeml@suse.de
- use -Wall -Wno-unused
- add -fno-strict-aliasing, due to warnings about code where
dereferencing type-punned pointers will break strict aliasing
- add activation metadata to sysconfig template [#28864, [#28865],
[#28950]
-------------------------------------------------------------------
Tue Aug 12 21:05:33 CEST 2003 - poeml@suse.de
- rc.dhcpd, rc.dhcrelay: implement try-restart correctly
- cleaned up the root mail, and the READMEs [#27214], [#26266]
- send the root mail only on update [#27214]
- have no default value in /etc/sysconfig/dhcpd:DHCPD_INTERFACE
- in client's %post, send a mail only when rc.config is encountered
- clean buildroot, but not in chroot buildsystem
- the SuSE string is now replaced by UnitedLinux where appropriate
- rename the "dhcp-base" package to "dhcp", so there is a binary
package matching the name of the source package [#17668]
- use the lately added macros only on newer distributions
-------------------------------------------------------------------
Wed Jul 30 16:58:25 CEST 2003 - poeml@suse.de
- new macros for stop/restart of services on rpm update/removal
-------------------------------------------------------------------
Mon Jul 28 14:25:01 CEST 2003 - poeml@suse.de
- when copying include files into the chroot jail, create
subdirectories as needed, thus retaining the path to the files
-------------------------------------------------------------------
Sun Jul 27 15:45:49 CEST 2003 - poeml@suse.de
- don't explicitely strip binaries since RPM handles it, and may
keep the stripped information somewhere
-------------------------------------------------------------------
Mon Jun 16 16:32:47 CEST 2003 - poeml@suse.de
- add some notes to DDNS-howto.txt, kindly provided by Andrew Beames
- fix typo in genDDNSKey.sh
-------------------------------------------------------------------
Wed May 21 18:25:11 CEST 2003 - mmj@suse.de
- Implement try-restart correctly in init-script
-------------------------------------------------------------------
Mon May 19 14:06:36 CEST 2003 - poeml@suse.de
- update to 3.0.1rc11, relevant fixes are
- Potential buffer overflows in minires repaired.
- A correction of boolean parsing syntax validation - some illegal syntaxes
that worked before are now detected and produce errs, some legal syntaxes
that errored before will now work properly.
- Some search-and-replace errors that caused some options to change their
names was repaired.
- Shu-min Chang of the Intel corporation has contributed a perl script and
module that converts the MS NT4 DHCP configuration to a ISC DHCP3
configuration file.
- Applied the remainder of the dhcpctl memory leak patch provided by Bill
Squier at ReefEdge, Inc. (groo@reefedge.com).
- Missing non-optional failover peer configurations will now result in a soft
error rather than a null dereference.
- use BSD sockets instead of LPF (makes iptables filtering of
packages possible for server and relay. It doesn't work on the
client, though, so that one requires seperate compilation.) See
Message-Id: <5.1.0.14.0.20030408175011.00b9c7c0@pop.itd.nrl.navy.mil>
-------------------------------------------------------------------
Thu Mar 13 13:14:03 CET 2003 - poeml@suse.de
- rcdhcpd, rcdcrelay: do not write the startup log to a world
writable directory [#25241]
-------------------------------------------------------------------
Mon Mar 3 16:38:07 CET 2003 - poeml@suse.de
- don't try to copy libraries into the chroot jail that do not
exist (any longer) [#24533]
- remove the %ghost filelist entries for pid files and chroot jail
contents [#20030]. Clean up the libraries from the jail when the
server is stopped.
- dhcrelay: add patch from Florian Lohoff (slightly modified),
that makes the maximal hop count of forwarded packages
configurable (-c maxcount), sets the default to 4, and rejects
packages with a hop count higher than maxcount (CAN-2003-0039,
http://www.kb.cert.org/vuls/id/149953). Add a variable to
/etc/sysconfig/dhcrelay to pass such additional options.
-------------------------------------------------------------------
Wed Feb 12 15:29:29 CET 2003 - mmj@suse.de
- Added sysconfig metadata [#22631] [#22632] [#22696]
-------------------------------------------------------------------
Tue Dec 10 14:51:59 CET 2002 - okir@suse.de
- Added security patch from ISC
-------------------------------------------------------------------
Thu Dec 5 18:26:18 CET 2002 - poeml@suse.de
- update to 3.0.1rc10. relevant fixes:
- A Linux-specific Token Ring detection problem was fixed.
- Hashes removed from as-yet-unknown agent options, having those
options appear in reality before we know about them will no
longer produce self-corrupting lease databases.
- dhclient will use the proper port numbers now when using the -g
option.
- A order-of-operations bug with 2 match clauses in 1 class
statement is fixed thanks to a patch from Andrew Matheson.
- A fix to the dhcp ack process which makes certain group options
will be included in the first DHCPOFFER message was made thanks
to a patch from Ling Gou.
- A few memory leaks were repaired thanks to patches from Bill
Squier at ReefEdge, Inc. (groo@reefedge.com).
- A fix for shared-networks that sometimes give clients options
for the wrong subnets (in particular, 'option routers') was
applied, thanks to Ted Lemon for the patch.
- Omshell's handling of dotted octets as values was changed such
that dots one after the other produce zero values in the
integer string.
- due to the upstream fixes: drop the reactivate-tr-support.dif and
format.dif
- retrofitted the (server) package to work for old distributions
down to 7.2
-------------------------------------------------------------------
Fri Nov 29 12:58:46 CET 2002 - schwab@suse.de
- Fix unaligned access.
-------------------------------------------------------------------
Mon Nov 4 13:02:26 CET 2002 - poeml@suse.de
- update DDNS-howto.txt for BIND9
- add genDDNSKey.sh to create a key for BIND8/9
- add comments about DDNS to the dhcpd.conf [#18419], and
directives to disable DDNS by default
- change defaults in the sample configuration
-------------------------------------------------------------------
Thu Aug 29 18:01:32 CEST 2002 - poeml@suse.de
- fix permissions of man pages
-------------------------------------------------------------------
Sun Aug 18 15:03:16 CEST 2002 - poeml@suse.de
- re-add token ring support that got lost ("tr0:unknown hardware
address type 800"). With 2.4 kernel, ARPHRD_IEEE802 (6) has been
renamed to ARPHRD_IEEE802_TR (800). Known bug in 3.0.1rc9.
- move PreReq tag to the subpackages, where it is actually needed
[#17822, #17821]
-------------------------------------------------------------------
Mon Aug 12 17:25:09 CEST 2002 - poeml@suse.de
- dhcp-client: add missing Requires on /usr/bin/host
-------------------------------------------------------------------
Mon Aug 12 14:53:14 CEST 2002 - poeml@suse.de
- Fix requires of dhcp-devel subpackage
- add some helpful scripts, courtesy of Kevin C. Miller
-------------------------------------------------------------------
Thu Aug 1 02:05:06 CEST 2002 - poeml@suse.de
- use PreReq
-------------------------------------------------------------------
Wed Jul 17 17:55:08 CEST 2002 - poeml@suse.de
- add a sysconfig.syslog-dhcpd template to make syslogd open an
additional socket (inside the chroot dir of dhcpd)
-------------------------------------------------------------------
Thu Jul 11 16:28:20 CEST 2002 - poeml@suse.de
- fix typo in %post, introduced with last change
-------------------------------------------------------------------
Thu Jul 11 15:33:11 CEST 2002 - poeml@suse.de
- add Version: tags to the subpackages to satisfy the build system,
because dhcp has no main package [#16318]
- run in chroot and as user nobody per default
- fix wrong pathnames in mail to root [#15601]
- install example dhcpd.conf [#9122]
- improve example configuration files [#12563]
- init scripts: update INIT INFO, using the new tags from
/etc/init.d/skeleton
-------------------------------------------------------------------
Tue May 21 18:48:50 CEST 2002 - poeml@suse.de
- dhclient-script:
- source the right sysconfig files (/etc/sysconfig/network/)
[#15871]
- use KEEP_SEARCHLIST option (thanks Sumit Bose)
- improve the indentation
-------------------------------------------------------------------
Thu May 16 13:15:36 CEST 2002 - poeml@suse.de
- add documentation about configuration for dynamical DNS updates
-------------------------------------------------------------------
Mon May 13 19:33:59 CEST 2002 - poeml@suse.de
- fix last change (rediff dhcp-3.0.1rc9.format.dif)
-------------------------------------------------------------------
Mon May 13 18:21:50 CEST 2002 - poeml@suse.de
- update to 3.0.1rc9
- fixes a format string vulnerability in the server that could
lead to a remote root compromise
(see http://www.cert.org/advisories/CA-2002-12.html)
- fixes a memory leak in the client and some other minor bugs
- fix some printf arguments in server/omapi.c
- fix small typo (x390x -> s390x)
-------------------------------------------------------------------
Mon Apr 29 10:24:29 CEST 2002 - sf@suse.de
- changed Makefile.conf to be able to add LIBDIR
- added LIBDIR to make install to put libs into the correct path
- use -DPTRSIZE_64BIT on x86_64
-------------------------------------------------------------------
Mon Apr 22 17:35:58 CEST 2002 - poeml@suse.de
- update to 3.0.1rc8. Most significant changes are (see RELNOTES):
- Don't allow a lease that's in the EXPIRED, RELEASED or RESET
state to be renewed.
- Implement lease stealing for cases where the primary has fewer
leases than the secondary, as called for by the standard.
- Fix a bug where if an option universe contained no options, the
DHCP server could dump core (Walter Steiner).
- Fix a bug in the handling of encapsulated options.
- Fix an uninitialized memory bug in the DHCP client.
- use -DPTRSIZE_64BIT on x390x and ppc64, too
- create /etc/resolv.conf with a file mask of 644, regardless of
the umask [Bug #15915]. Patch by Joerg Mayer.
- the scripts dir is now called CLIENTBINDIR in the Makefiles, and
correctly set to /sbin --> drop 2 hunks from dhcp-3.0rc10.dif
-------------------------------------------------------------------
Tue Mar 26 14:12:42 CET 2002 - ro@suse.de
- Fix handling of initscript links and START_* variable [Bug #13755]
-------------------------------------------------------------------
Sun Feb 10 23:09:42 CET 2002 - poeml@suse.de
- drop the sysconfig/network/dhcp template. It's in the syconfig
package now.
- strip /sbin/dhclient
-------------------------------------------------------------------
Mon Feb 4 17:55:01 CET 2002 - poeml@suse.de
- rename dhcp subpackage to dhcp-base, add dhcp-server subpackage
- rename dhclient to dhcp-client and dhcrelay to dhcp-relay
- remove Conflicts tag dhclient <-> dhcpcd
- use %defattr(-, root, root) for all subpackages
- update copyright info (GmbH --> AG)
- update sysconfig.dhclient (.dhcp-dhclient now), and let it be
filled up into /etc/sysconfig/network/config
-------------------------------------------------------------------
Wed Jan 30 19:59:51 CET 2002 - poeml@suse.de
- add /sbin/dhclient, accidentally deleted from filelist lately
-------------------------------------------------------------------
Sun Jan 27 23:19:14 CET 2002 - ro@suse.de
- remove START_DHCPD on update
- use fillup_only where no initscript is handled
-------------------------------------------------------------------
Sun Jan 27 21:08:27 CET 2002 - poeml@suse.de
- use %_lib and %_libdir
- update rc.dhcpd to use %_libdir when setting up chroot dir
- dhcpsync: name of slave can be given as argument; update man page
- rc.dhcpd: no longer source rc.config
- don't try insserv on dhclient init script -- it's dropped
- tell fillup to use "dhcpd" instead of the package name (dhcp)
-------------------------------------------------------------------
Fri Jan 25 00:18:52 CET 2002 - poeml@suse.de
- update to 3.0.1rc6
- Fix the off-by-one error in the MAC-address checking code for
DHCPRELEASE that was added in 3.0.1rc5.
- Fix a bug where client-specific information was not being
discarded from the lease when it expired or was released,
resulting in problems if the lease was reallocated to a
different client.
- merge pools if possible
- workaround for some Lexmark printers that send a double-NUL-
terminated host-name option, which would break DNS updates.
- no longer log fallback_discard messages
- dhcp-3.0.1rc5-release.dif obsolete hereby
- drop dhclient init script (obsoleted by /sbin/if*-dhcp)
-------------------------------------------------------------------
Tue Jan 15 16:31:35 CET 2002 - poeml@suse.de
- update to 3.0.1rc5
- Fix a bug that would cause the DHCP server to spin if asked to
parse a certain kind of incorrect statement.
- Fix a related bug that would prevent an error from being
reported in the same case.
- Additional documentation.
- Make sure that the hardware address matches the lease when
processing a DHCPRELEASE message.
- add dhcp-3.0.1rc5-release.dif that corrects an error by one in
the code that finds a lease that is being RELEASEd
- use ddns-update-style interim instead of ad-hoc when testing
- make sure that dhcpd is started after xntpd (failover needs
correct system time)
- drop version 2 of dhcpd and dhcrelay
-------------------------------------------------------------------
Thu Dec 13 00:39:56 CET 2001 - ro@suse.de
- removed START_ variables, moved rc.config.d -> sysconfig
-------------------------------------------------------------------
Tue Nov 6 13:50:12 CET 2001 - poeml@suse.de
- update to 3.0.1rc4
- add dhcpsync and dhcpync.8 (script to sync DHCP failover config.)
- update rc.dhclient script from the one used in the dhcpcd package
- client: don't check if a device is there; terminate anyway
- small addition to the examples; update README.upgrade
-------------------------------------------------------------------
Wed Oct 31 17:28:27 CET 2001 - poeml@suse.de
- update to 3.0.1rc2
- add a README.upgrade
-------------------------------------------------------------------
Thu Oct 25 15:51:22 CEST 2001 - poeml@suse.de
- update to 3.0.1rc1
- remove our #undef use_LPF patch for 2.0pl5; it seems to cause
problems (stopping responding) with more than one network card
- mark /etc/dhclient.conf with noreplace tag
-------------------------------------------------------------------
Sun Sep 16 15:44:51 CEST 2001 - poeml@suse.de
- fix stupid bug in rc.dhcpd where rc.config is sourced too late
-------------------------------------------------------------------
Fri Sep 14 12:25:38 CEST 2001 - poeml@suse.de
- fix #9962 where "exit 1" instead of "return" in dhclient-script
would confuse dhclient (which then DECLINEd the lease)
-------------------------------------------------------------------
Tue Aug 28 16:45:54 CEST 2001 - poeml@suse.de
- make sure that files are really copied to the chroot dir
-------------------------------------------------------------------
Mon Aug 27 11:43:08 CEST 2001 - poeml@suse.de
- add libnss_dns6.so.2 as ghost to the file list to remove it
from the chroot dir when uninstalling the package
- rc.dhcpd: remove empty pid files to avoid warnings by
checkproc/killproc (dhcpd sometimes leaves them if it does not
want to start due to wrong syntax)
- rc.dhcpd: to save time, source rc.config only when necessary
- add dhcpd.conf examples
-------------------------------------------------------------------
Fri Aug 24 02:11:12 CEST 2001 - poeml@suse.de
- update to 3.0rc12 (fixes some failover state transitions; other
failover fixes; always returns a subnet selection option if one
is sent)
- change dhclient-script to ignore lines that are commented out
when grepping for variables and eval-ing them
-------------------------------------------------------------------
Mon Jul 16 14:35:33 CEST 2001 - poeml@suse.de
- add filedes.dif that gives scripts executed from dhclient-script
their own filedescriptors (patch by Brian Somers
<brian@Awfulhak.org>)
- correct typo in rc.dhcpd
-------------------------------------------------------------------
Mon Jul 2 11:23:46 CEST 2001 - poeml@suse.de
- update to 3.0rc10
- change default in rc.config.d.dhcrelay
- add /usr/sbin/svtest, /usr/bin/omshell, and omshell man pages
- new variable in rc.dhcpd.config: $DHCPD_CONF_INCLUDE_FILES, for
dhcpd.conf include files to be copied to $chroot/etc/
-------------------------------------------------------------------
Tue May 22 13:10:54 CEST 2001 - poeml@suse.de
- update to 3.0rc7 (failover and OMAPI fixes, see RELNOTES)
-------------------------------------------------------------------
Wed May 16 18:59:53 CEST 2001 - poeml@suse.de
- on 64 bit archs, define -DPTRSIZE_64BIT
- fix missing include
-------------------------------------------------------------------
Fri May 11 12:16:16 CEST 2001 - poeml@suse.de
- if resolv.conf does not exist, touch it; so that there is a file
to back up and restore later and the temporary resolv.conf would
not persist after stopping the client [#8078]
- use the modify_resolvconf tool to cleanup old backup files before
starting the daemon, because it does it intelligently [#8077]
-------------------------------------------------------------------
Tue May 8 21:37:13 CEST 2001 - poeml@suse.de
- don't provide empty /etc/rc.config.d/dhcpd.rc.config because that
inhibits the correct removal of variables from rc.config
- mention correct version numbers in mail to root (now using
version macro)
- fix a typo and a nonsense comment in rc.config.d.dhcpd
-------------------------------------------------------------------
Mon May 7 18:38:32 CEST 2001 - poeml@suse.de
- update to 3.0rc4 (bugfixes)
- add empty dir /var/lib/dhcp/dev and documentation about how to
ensure that logging from the chroot jail works [#6906]
-------------------------------------------------------------------
Tue Apr 24 16:14:16 CEST 2001 - poeml@suse.de
- update to 3.0rc2pl1: fixes bugs in the failover implementation
and a memory smash that happens when fixed-address leases are
used
- Read dhcp client script hooks if they exist, rather than only if
they're executable.
- new file: 3.0b1 lease conversion script
-------------------------------------------------------------------
Sun Apr 15 17:49:53 CEST 2001 - poeml@suse.de
- Init scripts: get try-restart ("restart when running") right
- client:
- dhclient-script is now correctly installed to /sbin (thus,
don't mv dhclient-script from /etc/ to /sbin/, thereby
overwriting it with the one from v2)
- move rcdhclient conveniency link to /sbin/ (same as in dhcpcd)
- update info header for resolv.conf acc. to guidelines
- server:
- don't run in chroot environment and as nobody by default
- add missing %postun for subpackages to rearrange runlevel
links after deinstalling
-------------------------------------------------------------------
Mon Apr 9 11:35:33 CEST 2001 - poeml@suse.de
- update to 3.0b2pl24
- don't use rc_status -u in init scripts (option was dropped)
- always run test of dhcpd
-------------------------------------------------------------------
Wed Mar 28 18:53:35 CEST 2001 - poeml@suse.de
- update to 3.0b2pl18
* trim chroot/non-root patch and the other security patches into
dhcp-3.0b2pl18.paranoia.dif
* build stable version of server (2.0pl5) and include the binary
as well as the man pages with '-2' suffix (same for dhcrelay)
- split off subpackages: dhcrelay, dhcp-devel
- reworked all init scripts
* adhere to LSB and use new rc.status functions
* rc.dhcpd: at start, copy conf file and libs to chroot dir
* rc.dhcpd: add syntax check
* rc.dhcrelay: make interface configurable
* rc.dhclient: improve resolv.conf handling
- dhclient: catch TERM to restore resolv.conf before quitting
- create /etc/rc.config.d/dhcrelay.rc.config
- create /etc/rc.config.d/dhclient.rc.config
- clean up Provides/Conflicts
- rework SuSE-fillup templates (and rename them)
- mark libraries for chroot dir as %ghost
- when ABUILD_RUN_TEST_SUITES is true, start dhcpd for a simple
test
-------------------------------------------------------------------
Fri Mar 16 13:33:30 CET 2001 - poeml@suse.de
- add dhcpd-thomas.diff from <thomas@suse.de>
* query for the real UID and not for the effective UID
* drop supplementary GID's
* avoid potential buffer overflow
- copy dhcpd.conf instead of moving it
- add $syslog to Required-Start in server init script
- fix Required-Start in client init script
- bzipped sources
-------------------------------------------------------------------
Wed Jan 31 18:38:23 CET 2001 - poeml@suse.de
- dhcpd.conf will no longer be installed in /etc/ but placed in the
docdir, since it is a nonfunctional example file
- test for etc/SuSE-release in %post
- fix removal of variables from rc.config which failed sometimes
- update {README,LIESMICH}.SuSE
-------------------------------------------------------------------
Mon Jan 29 13:53:38 CET 2001 - poeml@suse.de
- added paranoia patch by Ari Edelkind to allow dhcpd run chrooted
in /var/lib/dhcp and as nobody/nogroup. Both is optional.
- moved dhcpd.conf to /var/lib/dhcp/etc/. The file will also be
moved by %post
- moved rc.config options to rc.config.d/dhcpd.rc.config
(existing variables are moved there by %post)
- added some syntax checking via undocumented -t switch, and write
log file during startup
- renamed start script from dhcp to dhcpd
- removed /var/run/dhcpd.pid from the package
- tag some %configs with (noreplace)
- use BuildRoot
- added "Provides: dhcp2"+"Conflicts: dhcp3" in anticipation of v3
- added {README,LIESMICH}.SuSE and the paranoia patch to the docs
-------------------------------------------------------------------
Tue Jan 16 02:10:15 MET 2001 - draht@suse.de
- format string security bugs in syslog(3) calls fixed.
-------------------------------------------------------------------
Thu Jan 11 06:14:49 CET 2001 - poeml@suse.de
- in runlevel 2, start only the client, not the server/relay
- tell insserv to start after $named
- improved comments
-------------------------------------------------------------------
Thu Jan 4 09:29:22 CET 2001 - fober@suse.de
- package dhclient requires net-tools, not net_tool
- removed superfluous Provides dhclient in package dhclient
-------------------------------------------------------------------
Wed Nov 29 21:05:35 CET 2000 - poeml@suse.de
- Update to dhcp-2.0pl5.tar.gz
- This includes a security fix that applies to the DHCP client *only*
-------------------------------------------------------------------
Tue Nov 28 20:03:14 CET 2000 - poeml@suse.de
- adapted spec file to use /etc/init.d for the scripts instead of
/sbin/init.d and let insserv create the links
- extracted source files from diff and placed them separately
- included paranoia (non-root/chroot) patch by ari edelkind. This
needs testing, and possibly an adapted start script
-------------------------------------------------------------------
Mon Jul 24 13:34:55 CEST 2000 - schwab@suse.de
- Fix argument type of dhcp_option_ev_name.
-------------------------------------------------------------------
Mon Jul 24 13:11:34 CEST 2000 - schwab@suse.de
- Set DEBUG, not COPTS.
-------------------------------------------------------------------
Thu Jul 20 14:40:15 CEST 2000 - zoz@suse.de
- updated to dhcp-2.0pl3
-------------------------------------------------------------------
Wed Jul 19 21:36:43 CEST 2000 - schwab@suse.de
- Fix handling of abandoned leases with BOOTP.
- Properly handle default lease timeout.
-------------------------------------------------------------------
Fri Jul 14 16:49:27 CEST 2000 - werner@suse.de
- make dchpd quiet
-------------------------------------------------------------------
Thu Jul 13 21:41:39 CEST 2000 - zoz@suse.de
- changed test for availability of device in rcdhlient:
now using ifconfig, so automatically loading of modules
will be triggered (Bug 3415)
- patched dhclient.c do to a possible root exploit bug
(patch from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>)
Still to be improved, waiting for Ted Lemon to rework it.
-------------------------------------------------------------------
Tue Jul 11 11:48:02 CEST 2000 - zoz@suse.de
- reworked rcdhclient once again.
-------------------------------------------------------------------
Tue Jul 4 11:21:41 CEST 2000 - zoz@suse.de
- update to dhcp-2.0.pl2
- dhclient: hostname will only be set, if there is a
DHCLIENT_SET_HOSTNAME=yes (default =no)
in /etc/rc.config. (fixes bug 2807 and 3146)
-------------------------------------------------------------------
Tue Jun 27 20:20:07 CEST 2000 - zoz@suse.de
- update to dhcp-2.0.pl1
- moved /var/state/dhcp to /var/lib/dhcp
- moved manpages to %{_mandir}
- changed rcdhclient: DHCLIENT is obsolete now. It will be started
if it finds any IFCONFIG_x=dhcpclient
-------------------------------------------------------------------
Mon Apr 10 17:22:31 CEST 2000 - schwab@suse.de
- Treat Linux 2.3 as linux-2.2 configuration.
-------------------------------------------------------------------
Thu Jan 27 13:35:46 MET 2000 - grimmer@suse.de
- added "Provides: dhcp_client" and "Conflicts: dhcpcd" to
dhclient section in spec file
- added "Provides: dhcp_server" to dhcp section
- corrected typo in rc.config variables
- added Group Tag and version macro to spec file
- changed Summary: to "ISC DHCP client"
- moved man pages to /usr/share/man
-------------------------------------------------------------------
Wed Nov 17 19:56:07 MET 1999 - rolf@suse.de
- now set hostname in dhclient-script [BUG#1262]
-------------------------------------------------------------------
Fri Nov 5 11:54:06 MET 1999 - rolf@suse.de
- reduced waiting time to 1 second
- wait 5 seconds after dhclient start to acquire an IP adress so the
following scripts have a working network setup
-------------------------------------------------------------------
Thu Nov 4 15:07:34 MET 1999 - rolf@suse.de
- changes from Josh for @home cablenet
-------------------------------------------------------------------
Thu Oct 28 15:28:16 MEST 1999 - rolf@suse.de
- added changes by Lenz Grimmer to use
ifconfig $NETDEV 0.0.0.0 up
for device setup
-------------------------------------------------------------------
Mon Oct 25 13:47:28 MEST 1999 - rolf@suse.de
- applied patch of Bernhard Bender <Bernhard.Bender@elsa.de>
to use the correct interface.
- added client latency time and rc.config entry
-------------------------------------------------------------------
Mon Sep 27 16:31:01 CEST 1999 - bs@suse.de
- fixed requirements for sub packages
-------------------------------------------------------------------
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
-------------------------------------------------------------------
Mon Jul 19 17:25:15 MEST 1999 - bs@suse.de
- changed comment for rc.config
-------------------------------------------------------------------
Mon Jul 19 17:10:12 MEST 1999 - bs@suse.de
- fix from werner@suse.de for /sbin/init.d/dhclient
-------------------------------------------------------------------
Fri Jul 16 11:29:11 MEST 1999 - ro@suse.de
- added new dhclient-script from werner
-------------------------------------------------------------------
Wed Jun 23 14:14:46 MEST 1999 - rolf@suse.de
- new version 2.0
- apply fix from Michael Hasenstein
-------------------------------------------------------------------
Mon Mar 8 23:41:14 MET 1999 - ro@suse.de
- fixed man5-path
-------------------------------------------------------------------
Fri Feb 26 11:15:09 MET 1999 - rolf@suse.de
- new version 2.0b1pl16 (stable beta)
- leases are now stored in /var/state/dhcp/ (thanks to Ted Lemmon)
- correct paths in manpages
- PID files as %ghost in filelist
-------------------------------------------------------------------
Wed Feb 17 15:11:07 MET 1999 - rolf@suse.de
- new version 2.0b1pl13
-------------------------------------------------------------------
Wed Dec 9 11:54:32 MET 1998 - rolf@suse.de
- added /usr/sbin/rcdhcp
/usr/sbin/rcdhcrelay
/usr/sbin/rcdhclient
-------------------------------------------------------------------
Tue Nov 24 11:42:34 MET 1998 - rolf@suse.de
- new init scripts for SuSE Linux 6.0
-------------------------------------------------------------------
Thu Nov 12 14:40:29 MET 1998 - bs@suse.de
- minor changes for new rpm
-------------------------------------------------------------------
Thu Sep 24 15:01:41 MEST 1998 - rolf@suse.de
- new version 2.0b1pl6 (stable beta)
- now with dhcp client and dhcp relay agent
- added init scripts for relay agent and client
- changed from $NETDEV_0 to $DHCPD_INTERFACE
-------------------------------------------------------------------
Fri Jun 26 10:23:59 MEST 1998 - rolf@suse.de
- new version 1.0pl2 fixes two potential input buffer overrun problems
that were missed in Patchlevel 1
-------------------------------------------------------------------
Mon May 18 15:35:00 MEST 1998 - rolf@suse.de
- new security patch 1.0pl1 included
changed /sbin/init.d/dhcp to run on $NETDEV_0
-------------------------------------------------------------------
Wed Dec 10 17:28:11 MET 1997 - rolf@suse.de
- new version 1.0.0 this is not beta any more!
-------------------------------------------------------------------
Thu Oct 16 19:56:24 MEST 1997 - rolf@suse.de
- switched to dhcp.spec instead of Makefile.Linux
----------------------------------------------------------------------------
Thu Sep 11 16:57:58 MEST 1997 - rolf@suse.de
- Upddate to Version 5 beta 16 and made entry for rc.config and
/sbin/init.d for startup/shutdown
There is no dhcp client in this package anymore.
----------------------------------------------------------------------------
Thu Jun 12 11:09:37 MEST 1997 - rolf@suse.de
- build the package for the first time
Reference in New Issue Copy Permalink