diff --git a/dhcp-4.2.2-close-on-exec.diff b/dhcp-4.2.2-close-on-exec.diff index a633a05..ccd31b6 100644 --- a/dhcp-4.2.2-close-on-exec.diff +++ b/dhcp-4.2.2-close-on-exec.diff @@ -24,21 +24,6 @@ diff --git a/client/dhclient.c b/client/dhclient.c index 82c26bb..a1cab01 100644 --- a/client/dhclient.c +++ b/client/dhclient.c -@@ -131,11 +131,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0 (stdin), 1, (stdout), and - 2 (stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) @@ -423,7 +423,7 @@ main(int argc, char **argv) { int e; @@ -84,19 +69,6 @@ index 82c26bb..a1cab01 100644 if (leaseFile == NULL) { log_error ("can't create %s: %m", path_dhclient_db); return 0; -@@ -3472,9 +3472,9 @@ void go_daemon () - close(2); - - /* Reopen them on /dev/null. */ -- open("/dev/null", O_RDWR); -- open("/dev/null", O_RDWR); -- open("/dev/null", O_RDWR); -+ open("/dev/null", O_RDWR | O_CLOEXEC); -+ open("/dev/null", O_RDWR | O_CLOEXEC); -+ open("/dev/null", O_RDWR | O_CLOEXEC); - - write_client_pid_file (); - diff --git a/common/bpf.c b/common/bpf.c index 8bd5727..7b8f1d4 100644 --- a/common/bpf.c @@ -276,21 +248,6 @@ diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c index f21f16f..d2aa90e 100644 --- a/relay/dhcrelay.c +++ b/relay/dhcrelay.c -@@ -183,11 +183,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0(stdin), 1,(stdout), and - 2(stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) @@ -540,13 +540,14 @@ main(int argc, char **argv) { if (no_pid_file == ISC_FALSE) { @@ -356,21 +313,6 @@ diff --git a/server/dhcpd.c b/server/dhcpd.c index 27e04e4..9233d26 100644 --- a/server/dhcpd.c +++ b/server/dhcpd.c -@@ -274,11 +274,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0 (stdin), 1, (stdout), and - 2 (stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) @@ -809,7 +809,7 @@ main(int argc, char **argv) { */ if (no_pid_file == ISC_FALSE) { @@ -389,19 +331,6 @@ index 27e04e4..9233d26 100644 if (i >= 0) { sprintf(pbuf, "%d\n", (int) getpid()); IGNORE_RET (write(i, pbuf, strlen(pbuf))); -@@ -856,9 +856,9 @@ main(int argc, char **argv) { - close(2); - - /* Reopen them on /dev/null. */ -- open("/dev/null", O_RDWR); -- open("/dev/null", O_RDWR); -- open("/dev/null", O_RDWR); -+ open("/dev/null", O_RDWR | O_CLOEXEC); -+ open("/dev/null", O_RDWR | O_CLOEXEC); -+ open("/dev/null", O_RDWR | O_CLOEXEC); - log_perror = 0; /* No sense logging to /dev/null. */ - - IGNORE_RET (chdir("/")); diff --git a/server/ldap.c b/server/ldap.c index 68acbbb..77efe26 100644 --- a/server/ldap.c diff --git a/dhcp-4.2.3-P1-dhclient-log-pid.diff b/dhcp-4.2.3-P1-dhclient-log-pid.diff new file mode 100644 index 0000000..7df647d --- /dev/null +++ b/dhcp-4.2.3-P1-dhclient-log-pid.diff @@ -0,0 +1,29 @@ +From 1f30e4707e13cb09315cbda2cf36bae099285a79 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 5 Jan 2012 16:25:18 +0100 +Subject: [PATCH] Use pid number in dhclient log messages + +Troubleshooting help to make it visible which client is reporting +as there may be more than one running (v4 + v6 multiple interfaces). + +Signed-off-by: Marius Tomaschewski +--- + client/dhclient.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/client/dhclient.c b/client/dhclient.c +index ff5ede5..bee8e1d 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -141,7 +141,7 @@ main(int argc, char **argv) { + else if (fd != -1) + close(fd); + +- openlog("dhclient", LOG_NDELAY, LOG_DAEMON); ++ openlog("dhclient", LOG_NDELAY | LOG_PID, LOG_DAEMON); + + #if !(defined(DEBUG) || defined(__CYGWIN32__)) + setlogmask(LOG_UPTO(LOG_INFO)); +-- +1.7.7 + diff --git a/dhcp-4.2.3-P1-dhclient-option_param-a.diff b/dhcp-4.2.3-P1-dhclient-option_param-a.diff new file mode 100644 index 0000000..db11c28 --- /dev/null +++ b/dhcp-4.2.3-P1-dhclient-option_param-a.diff @@ -0,0 +1,41 @@ +From 3e3874a4e322536a683d2c22602c6c1a3f39df8e Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 5 Jan 2012 16:20:42 +0100 +Subject: [PATCH] dhclient: parse_option_param: Bad format a + +When the server provides options using the "a" array type, such as: +option rfc3442-classless-routes code 121 = array of unsigned integer 8; +the option is stored into the lease file, but when the client reads the +lease file next time, it complains about, because "a" array type aren't +recognized in the parsing loop and the option (lease?) discarded. + +Signed-off-by: Marius Tomaschewski +--- + common/parse.c | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/common/parse.c b/common/parse.c +index 61488c1..0fca63c 100644 +--- a/common/parse.c ++++ b/common/parse.c +@@ -5518,7 +5518,7 @@ int parse_option_decl (oc, cfile) + /* Parse the option data... */ + do { + for (fmt = option -> format; *fmt; fmt++) { +- if (*fmt == 'A') ++ if (*fmt == 'A' || *fmt == 'a') + break; + if (*fmt == 'o' && fmt != option -> format) + continue; +@@ -5732,7 +5732,7 @@ int parse_option_decl (oc, cfile) + } + } + token = next_token (&val, (unsigned *)0, cfile); +- } while (*fmt == 'A' && token == COMMA); ++ } while ((*fmt == 'A' || *fmt == 'a') && token == COMMA); + + if (token != SEMI) { + parse_warn (cfile, "semicolon expected."); +-- +1.7.7 + diff --git a/dhcp-4.2.3-P1-dhclient-zero-length-options.patch b/dhcp-4.2.3-P1-dhclient-zero-length-options.patch new file mode 100644 index 0000000..9127c45 --- /dev/null +++ b/dhcp-4.2.3-P1-dhclient-zero-length-options.patch @@ -0,0 +1,65 @@ +From 70330e5cb91616dd235b63e54b9fe0dc15f3d61b Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 5 Jan 2012 16:28:50 +0100 +Subject: [PATCH] zero-length option lease parse error in dhclient6 + +common/parse.c: +Use peek_token only or the next_token call behind the while loop +will cause two warnings / errors in the log: + lease line XX: semicolon expected. + lease line XX: Unexpected end of file. + [there is a } behind the semicolon as the next token in my case] +and the option (lease?) gets discarded. +To reproduce, use "send dhcp6.rapid-commit;" to /etc/dhclient6.conf, +remove the lease file and start the client. When the lease is bound, +kill the client and start it again. + +client/dhclient.c: +More of cosmetic nature - do not print zero-length options like there +would be a value missed, e.g. " option dhcp6.rapid-commit ;". + +Signed-off-by: Marius Tomaschewski +--- + client/dhclient.c | 11 ++++++++--- + common/parse.c | 2 +- + 2 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/client/dhclient.c b/client/dhclient.c +index bee8e1d..ee87aa6 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -2769,10 +2769,15 @@ void write_lease_option (struct option_cache *oc, + } + if (evaluate_option_cache (&ds, packet, lease, client_state, + in_options, cfg_options, scope, oc, MDL)) { +- fprintf(leaseFile, "%soption %s%s%s %s;\n", preamble, +- name, dot, oc->option->name, +- pretty_print_option(oc->option, ds.data, ds.len, ++ if(oc->option->format && oc->option->format[0] == 'Z' && ds.len == 0) { ++ fprintf(leaseFile, "%soption %s%s%s;\n", preamble, ++ name, dot, oc->option->name); ++ } else { ++ fprintf(leaseFile, "%soption %s%s%s %s;\n", preamble, ++ name, dot, oc->option->name, ++ pretty_print_option(oc->option, ds.data, ds.len, + 1, 1)); ++ } + data_string_forget (&ds, MDL); + } + } +diff --git a/common/parse.c b/common/parse.c +index 0fca63c..fe661d5 100644 +--- a/common/parse.c ++++ b/common/parse.c +@@ -5715,7 +5715,7 @@ int parse_option_decl (oc, cfile) + goto alloc; + + case 'Z': /* Zero-length option */ +- token = next_token(&val, (unsigned *)0, cfile); ++ token = peek_token(&val, (unsigned *)0, cfile); + if (token != SEMI) { + parse_warn(cfile, + "semicolon expected."); +-- +1.7.7 + diff --git a/dhcp-4.2.3-P1.tar.bz2 b/dhcp-4.2.3-P1.tar.bz2 deleted file mode 100644 index 5f98d05..0000000 --- a/dhcp-4.2.3-P1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b3b924fef93e7cdb72e84dce81f0121a43964e43995f40e12c17b933c38148bf -size 9367106 diff --git a/dhcp-4.2.3-P2.tar.bz2 b/dhcp-4.2.3-P2.tar.bz2 new file mode 100644 index 0000000..4eb0ee6 --- /dev/null +++ b/dhcp-4.2.3-P2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ba303393c9e986c51265c6ffded0d8bab1abeb3fe37103d4385802345a2b1109 +size 9369048 diff --git a/dhcp.changes b/dhcp.changes index 5a618be..14db6d1 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Fri Jan 13 15:26:43 UTC 2012 - mt@suse.com + +- Updated to ISC dhcp-4.2.3-P2 release, providing a DDNS security fix: + Modify the DDNS handling code. In a previous patch we added logging + code to the DDNS handling. This code included a bug that caused it + to attempt to dereference a NULL pointer and eventually segfault. + While reviewing the code as we addressed this problem, we determined + that some of the updates to the lease structures would not work as + planned since the structures being updated were in the process of + being freed: these updates were removed. In addition we removed an + incorrect call to the DDNS removal function that could cause a failure + during the removal of DDNS information from the DNS server. + Thanks to Jasper Jongmans for reporting this issue. + ([ISC-Bugs #27078], CVE: CVE-2011-4868, bnc#741239) +- Fixed close-on-exec patch to not set it on stderr (bnc#732910) +- Fixed incorrect "a" array type option parsing causing to discard + e.g. classless static routes from lease file [reported as ISC-Bug + 27289] and zero-length option parsing such as dhcp6.rapid-commit + in dhclient6 [reported as ISC-Bug 27314] (bnc#739696). +- Fixed dhclient to include its pid number in syslog messages. +- Fixed to use P2 in the spec version, not in the release tag. + ------------------------------------------------------------------- Fri Dec 9 13:40:53 UTC 2011 - mt@suse.com diff --git a/dhcp.spec b/dhcp.spec index 6d8d1ac..2a1b05c 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -1,7 +1,7 @@ # # spec file for package dhcp # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ # norootforbuild -%define isc_version 4.2.3-P1 +%define isc_version 4.2.3-P2 %define susefw2dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services %define omc_prefix /usr/share/omc %define omc_svcdir %{omc_prefix}/svcinfo.d @@ -40,8 +40,8 @@ BuildRequires: libtool License: BSD-3-Clause Group: Productivity/Networking/Boot/Servers AutoReqProv: on -Version: 4.2.3 -Release: P1.0. +Version: 4.2.3.P2 +Release: 0. Summary: Common Files Used by ISC DHCP Software Url: http://www.isc.org/software/dhcp Source0: dhcp-%{isc_version}.tar.bz2 @@ -88,6 +88,9 @@ Patch44: dhcp-4.2.2-xen-checksum.diff Patch45: dhcp-4.2.2-dhclient-option-checks.bnc675052.diff Patch46: dhcp-4.2.2-close-on-exec.diff Patch47: dhcp-4.2.2-quiet-dhclient.bnc711420.diff +Patch48: dhcp-4.2.3-P1-dhclient-option_param-a.diff +Patch49: dhcp-4.2.3-P1-dhclient-log-pid.diff +Patch50: dhcp-4.2.3-P1-dhclient-zero-length-options.patch ## PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -216,6 +219,9 @@ Authors: %patch45 -p1 %patch46 -p1 %patch47 -p1 +%patch48 -p1 +%patch49 -p1 +%patch50 -p1 ## find . -type f -name \*.cat\* -exec rm -f {} \; dos2unix contrib/ms2isc/*