* CVE-2021-25217, bsc#1186382, dhcp-CVE-2021-25217.patch: A
buffer overrun in lease file parsing code can be used to
exploit a common vulnerability shared by dhcpd and dhclient.
- Error out, if %version and %isc_version are not in sync.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=226
- update to 4.4.2:
* Please note that that ISC DHCP is now licensed under the Mozilla Public
License, MPL 2.0.
In general, the areas of focus for ISC DHCP 4.4 were:
1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries
* Added the interface name to socket initialization failure log messages.
Prior to this the log messages stated only the error reason without
stating the target interface.
* Corrected buffer pointer logic in dhcrelay functions that manipulate
agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
& Mitigations for reporting the issue.
* Corrected unresolved symbol errors building relay_unittests when
configured to build using libtool.
* A new configuration parameter, ping-cltt-secs (v4 operation only), has
been added to allow the user to specify the number of seconds that must
elapse since CLTT before a ping check is conducted. Prior to this, the
value was hard coded at 60 seconds. Please see the server man pages for
a more detailed discussion.
* A new configuration parameter, ping-timeout-ms (v4 operation only),
has been added that allows the user to specify the amount of time
the server waits for a ping-check response in milliseconds rather
than in seconds (via ping-timeout). When greater than zero, the value
of ping-timeout-ms will override the value of ping-timeout. Thanks
to Jay Doran from Bluecat Networks for suggesting this feature.
* An experimental tool called, Keama (KEA Migration Assistant), which helps
translate ISC DHCP configurations to Kea configurations, is now included
in the distribution.
* Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
OBS-URL: https://build.opensuse.org/request/show/866365
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=224
- Don't create dhclient.leases in %post. It affects transactional
updates and the files don't need to pre-exist (boo#1129951).
- Drop dependency on insserv-compat
It was required to call the rc_status helpers from the sysvinit
scripts. These scripts are supposed to be called by systemd, which
has its own mechanism to report service status.
Please note that this package still needs to be converted to ship
proper systemd units.
- /var/run is legacy -> /run should be used instead
OBS-URL: https://build.opensuse.org/request/show/835242
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=121
DHCPv6 server crashes regularly.
- Add compile option --enable-secs-byteorder to avoid duplicate
lease warnings [bsc#1089524].
- bsc#1136572: Use IPv6 when called as dhclient6, dhcpd6, and
dhcrelay6 (0021-dhcp-ip-family-symlinks.patch).
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=201
- Drop use of $FIRST_ARG in .spec
The use of $FIRST_ARG was probably required because of the
%service_* rpm macros were playing tricks with the shell positional
parameters. This is bad practice and error prones so let's assume
that no macros should do that anymore and hence it's safe to assume
that positional parameters remains unchanged after any rpm macro
call.
OBS-URL: https://build.opensuse.org/request/show/678162
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=192
- Drop doc subpackage as we do not build on < SLE12 anyway so it
evaluated always as true
- Do not condition flags settings for codestreams that we are no
longer building for
- Use %license macro for license as mandated by new TW requirements
- Format with spec-cleaner (automatic, remove FIXMEs)
- Use getent to detect created user prior doing it again
- Drop ldapcasa as it evaluates as false on all current products
- Drop ldap conditional as it is always true
- Kill omc configs wrt fate#301838
OBS-URL: https://build.opensuse.org/request/show/614191
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=188
- Update to dhcp-4.3.6-P1:
* CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
* CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
* Plugged a socket descriptor leak in OMAPI
* The server now allows the client identifier (option 61) to own
leases in more than one subnet concurrently [ISC-Bugs #41358].
* When replying to a DHCPINFORM, the server will now include
options specified at the pool scope, provided the ciaddr field
of the DHCPINFORM is populated.
[ISC-Bugs #43219] [ISC-Bugs #45051].
* When memory allocation fails in a repeated way the process
writes "Run out of memory." on the standard error and exists
with status 1 [ISC-Bugs #32744].
* The new lmdb (Lightning Memory DataBase) bind9 configure
option is now disabled by default to avoid the presence of
this library to be detected which can lead to a link failure.
[ISC-Bugs #45069]
* The linux interface discovery code has been modified to use
getifaddrs() as is done for BSD and OS-X.
[ISC-Bugs #28761] and others.
* Fixed a bug in OMAPI that causes omshell to crash when a
name-value pair with a zero length value is shipped in an
object [ISC-Bugs #29108].
* On 64-bit platforms, dhclient now generates the correct value
for the script environment variable, "expiry", the lease
expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
* Common timer logic was modified to cap the maximum timeout
values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
* DHCP6 FQDN option unpacking code now correctly handles values
that contain spaces, special, or non-printable characters.
OBS-URL: https://build.opensuse.org/request/show/589263
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=108
* CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
* CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
* Plugged a socket descriptor leak in OMAPI
* The server now allows the client identifier (option 61) to own
leases in more than one subnet concurrently [ISC-Bugs #41358].
* When replying to a DHCPINFORM, the server will now include
options specified at the pool scope, provided the ciaddr field
of the DHCPINFORM is populated.
[ISC-Bugs #43219] [ISC-Bugs #45051].
* When memory allocation fails in a repeated way the process
writes "Run out of memory." on the standard error and exists
with status 1 [ISC-Bugs #32744].
* The new lmdb (Lightning Memory DataBase) bind9 configure
option is now disabled by default to avoid the presence of
this library to be detected which can lead to a link failure.
[ISC-Bugs #45069]
* The linux interface discovery code has been modified to use
getifaddrs() as is done for BSD and OS-X.
[ISC-Bugs #28761] and others.
* Fixed a bug in OMAPI that causes omshell to crash when a
name-value pair with a zero length value is shipped in an
object [ISC-Bugs #29108].
* On 64-bit platforms, dhclient now generates the correct value
for the script environment variable, "expiry", the lease
expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
* Common timer logic was modified to cap the maximum timeout
values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
* DHCP6 FQDN option unpacking code now correctly handles values
that contain spaces, special, or non-printable characters.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=186
- fixed a typo in nis-servers option name breaking the config file introduced
in previous change to workaround issues in NetworkManager parser.
- Update to dhcp-4.3.5
- Corrected a bug which could cause the server to sporadically crash while
loading lease files with the lease-id-format is set to "hex". Our thanks
to Jay Ford, University of Iowa for reporting the issue.
[ISC-Bugs #43185]
- Eliminated a noisy, but otherwise harmless debug log statment that may
appear during server startup when building with --enable-binary-leases
and configuring multiple pools in a shared network. Thanks to Fernando
Soto from BlueCat Networks for reporting the issue and supplying a patch.
[ISC-Bugs #43262]
- Fixed util/bindvar.sh error handling.
[ISC-Bugs #41973]
- Correct error message in relay to use remote id length instead
of circuit id length.
[ISC-Bugs #42556]
- Add logic to test directory Makefiles to avoid copying Attfile(s)
when building within the source tree. This eliminates a noisy but
otherwise harmless error message when running "make check".
[ISC-Bugs #41883]
- Leases are now scrubbed of certain prior use information when pool
re-balancing reassigns them from one FO peer to the other. This
corrects an issue where leases that were offered but not used
by the client retained the client hostname from the original
client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University
for reporting the issue.
[ISC-Bugs #42008]
- In the LDAP code and schema add some missing '6' characters to use
the v6 instead of the v4 versions. Thanks to Denis Taranushin for
OBS-URL: https://build.opensuse.org/request/show/508601
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=174
- Use /usr/sbin/arping instead of /sbin/arping in the dhcp scripts.
/sbin/arping is a symlink to /usr/sbin/arping in order to ease the
transition for the /usr merge. Newest releases of iputils may only
install utilities in /usr/* so this dependency will no longer be valid.
Moreover, we replace the '/sbin/arping' dependency with 'iputils'.
OBS-URL: https://build.opensuse.org/request/show/396824
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=165
- Update to dhcp-4.3.3-P1 correcting bounds checking when
receiving a packet (bsc#961305,CVE-2015-8605,ISC-Bugs#41267).
- adjusted interval check.
[*0019-dhcp-4.2.4-P1-interval.patch]
- Fixed improper lease duration checking. Also added fixes for integer
overflows in the date and time handling code(bsc#936923, bsc#880984).
[+0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch]
- fixed service files to start dhcpd after slapd (bsc#956159)
- dhclient-script: complain in the log about conflicts, added
a see log messages to the dhclient log message (bsc#960506)
[* 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
OBS-URL: https://build.opensuse.org/request/show/356097
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=99
receiving a packet (bsc#961305,CVE-2015-8605,ISC-Bugs#41267).
- adjusted interval check.
[*0019-dhcp-4.2.4-P1-interval.patch]
- Fixed improper lease duration checking. Also added fixes for integer
overflows in the date and time handling code(bsc#936923, bsc#880984).
[+0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch]
- fixed service files to start dhcpd after slapd (bsc#956159)
- dhclient-script: complain in the log about conflicts, added
a see log messages to the dhclient log message (bsc#960506)
[* 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=163
- Applied a patch by Jiri Popelka catching dhcp server aborts with
"Unable to set up timer: out of range" on very long or infinite
timer intervals / lease lifetimes (bsc#947780)
[+ 0019-dhcp-4.2.4-P1-interval.patch]
- Corrected patch references in and a missed (bsc#919959) patch
description in previous changelog entry.
- Update to dhcp-4.3.3 (fate#319067) provinding many bug fixes,
features and obsoletes several patches we were using before.
For complete changelog, please read the RELNOTES file shipped
along with this package or online at:
https://kb.isc.org/article/AA-01297/82/DHCP-4.3.3-Release-Notes.html
- Replaced hostname patch with a dhcpv6 and fqdn aware variant:
[- 0006-dhcp-4.2.5-dhclient-send-hostname-rml.patch,
+ 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch]
- Removed obsolete patches included upstream now:
[- 0007-dhcp-4.2.6-ldap-mt01.patch,
- 0009-dhcp-4.2.6-xen-checksum.patch,
- 0013-dhcp-4.2.3-P1-dhclient-log-pid.patch,
- 0015-Ignore-SIGPIPE-to-not-die-in-socket-code.patch,
- 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch,
- 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch,
- 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch,
- 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch,
- 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch,
- 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch,
- 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Adjusted patch numbers in the spec file:
[- 0008-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch,
- 0010-dhcp-4.2.2-dhclient-option-checks.patch,
OBS-URL: https://build.opensuse.org/request/show/338445
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=98
and fail if pre-init fails for a requested interface (bsc#912098)
Adjusted dhclient-script to fail also if NetworkManager is enabled,
as it is using an own script and a second client causes conflicts.
[+ 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=156
along with this package or online at:
- Replaced hostname patch with a dhcpv6 and fqdn aware variant:
[- 0006-dhcp-4.2.5-dhclient-send-hostname-rml.patch,
+ 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch]
- Adjusted patch numbers in the spec file:
[- 0008-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch,
- 0010-dhcp-4.2.2-dhclient-option-checks.patch,
- 0011-dhcp-4.2.6-close-on-exec.patch,
- 0012-dhcp-4.2.2-quiet-dhclient.patch,
- 0014-Fixed-linux-interface-discovery-using-getifaddrs.patch,
- 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch,
- 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
+ 0008-dhcp-4.2.2-dhclient-option-checks.patch,
+ 0009-dhcp-4.2.6-close-on-exec.patch,
+ 0010-dhcp-4.2.2-quiet-dhclient.patch,
+ 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch,
+ 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch,
+ 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch]
- Fixed to not pass DHCPv6 address lifetimes a positive (unsigned
32bit) integers to scripts and properly format timestamps as long
to not break them on 64bit architectures (bsc#926159).
[+ 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch]
- dhclient: expose next-server DHCPv4 option to script (bsc#928390)
[+ 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch]
- Replaced infiniband support patch with fixed variant (bsc#910984):
[- 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch,
- 0018-dhcp-4.2.6-improved-xid.patch,
+ 0016-infiniband-support.patch]
- Moved dhcp-devel package include files and static libraries
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=154
features and obsoletes several patches we were using before.
For complete list of the changes, please read the RELNOTES
file shipped along with the package or online:
https://kb.isc.org/article/AA-01297/82/DHCP-4.3.3-Release-Notes.html
- Removed obsolete patches included upstream now:
[- 0007-dhcp-4.2.6-ldap-mt01.patch,
- 0009-dhcp-4.2.6-xen-checksum.patch,
- 0013-dhcp-4.2.3-P1-dhclient-log-pid.patch,
- 0015-Ignore-SIGPIPE-to-not-die-in-socket-code.patch,
- 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch,
- 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch,
- 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch,
- 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch,
- 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch,
- 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch,
- 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Replaced hostname patch with a dhcpv6 and fqdn aware variant:
[- 0006-dhcp-4.2.5-dhclient-send-hostname-rml.patch,
+ 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch]
- Replaced infiniband support patch with fixed variant:
[- 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch
- 0018-dhcp-4.2.6-improved-xid.patch
- 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch,
+ 0030-infiniband-support.patch]
- Merged/Adopted patches for the dhcp-4.3.3 sources:
[* 0004-dhcp-4.1.1-tmpfile.patch,
* 0011-dhcp-4.2.6-close-on-exec.patch,
* 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch]
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=151
Fixed patch references in the changelog to include patch nr.
- Applied fix by Jiri Slaby to not crash in interface discovery
when the interface address is NULL, which has been introduced
by the infiniband support patch (bsc#909189,bsc#870535).
[+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch]
- fix bashisms in dhcprelay script
- Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to
reorder config to add all global options or option declarations
to the dhcpService object instead to create new service object
(bsc#886094,ISC-Bugs#37876).
[+ 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch]
- Applied an upstream patch by Thomas Markwalder adding missed
mapping of SHA TSIG algorithm names to their constants to enable
hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512
authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947).
[+ 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch]
- Decline IPv6 addresses on Duplicate Address Detection failure
and stop client message exchanges on reached MRD rather than
at some point after it. Applied fedora patches by Jiri Popelka
and added DAD reporting via exit 3 to the dhclient-script and
a fix to use correct address variables in the DEPREF6 action
(bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238).
[+ 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
+ 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch]
- Applied backport patch by William Preston avoiding to bind ddns
socket in the server when ddns-update-style is none (bsc#891655).
[+ 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script
fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409])
OBS-URL: https://build.opensuse.org/request/show/264670
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=96
- Applied fix by Jiri Slaby to not crash in interface discovery
when the interface address is NULL, which has been introduced
by the infiniband support patch (bsc#909189,bsc#870535).
[+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch]
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=146
reorder config to add all global options or option declarations
to the dhcpService object instead to create new service object
(bsc#886094,ISC-Bugs#37876).
[+ dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch]
- Applied an upstream patch by Thomas Markwalder adding missed
mapping of SHA TSIG algorithm names to their constants to enable
hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512
authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947).
[+ dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch]
- Decline IPv6 addresses on Duplicate Address Detection failure
and stop client message exchanges on reached MRD rather than
at some point after it. Applied fedora patches by Jiri Popelka
and added DAD reporting via exit 3 to the dhclient-script and
a fix to use correct address variables in the DEPREF6 action
(bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238).
[+ dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
+ dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch]
- Applied backport patch by William Preston avoiding to bind ddns
socket in the server when ddns-update-style is none (bsc#891655).
[+ dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script
fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409])
[+ dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch]
- Updated licence statement and FSF address in our scripts.
- Added missed service_add_pre macro calls for dhcrelay services
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=141
- Disarmed dhclient-script when wicked is the network service,
as wicked is using an another dhcp client (runtime conflict),
NetworkManager an own script and sysconfig-network is gone on
sles12 and opensuse > 13.1, so it is obsolete and unsupported.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=133
- Fixed /etc/sysconfig/dhcpd fillup in dhcp server post-install.
- Fixed dhcp server start script to use correct libdir (bnc#868250)
- Fixed dhcp server to chown leases to run user at start (bnc#868253)
[+ 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch]
- Fixed to write missed dhcp-ldap debug level messages (bnc#835818)
[+ 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch]
- Fixed unsupported dhclient-script used by sysconfig ifup to provide
a function to calculate netmask. NetworkManager provides an own one.
OBS-URL: https://build.opensuse.org/request/show/236700
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=91
- Fixed dhcp server start script to use correct libdir (bnc#868250)
- Fixed dhcp server to chown leases to run user at start (bnc#868253)
[+ 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch]
- Fixed to write missed dhcp-ldap debug level messages (bnc#835818)
[+ 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch]
- Fixed unsupported dhclient-script used by sysconfig ifup to provide
a function to calculate netmask. NetworkManager provides an own one.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=131
- Initially switched to use systemd service files under systemd
and enabled Restart=on-abort (fate#315133).
- Update to ISC dhcp-4.2.6 release. See RELNOTES file for the
complete list of changes -- digest of fixes not in dhcp-4.2.5:
- Tidy up receive packet processing.
Thanks to Brad Plank of GTA for reporting the issue and
suggesting a possible patch. [ISC-Bugs #34447]
- Fix the socket handling for DHCPv6 clients to allow multiple
instances of a client on a single machine to work properly.
Previously only one client would receive the packets.
Thanks to Jiri Popelka at Red Hat for the bug report and a
potential patch. [ISC-Bugs #34784]
- Added support for gentle shutdown after signal is received.
[ISC-Bugs #32692] [ISC-Bugs 34945]
- Enhance the DHCPv6 server logging to include the addresses
that are assigned to the clients. This can be enabled by
defining LOG_V6_ADDRESSES in site.h. [ISC-Bugs #26377]
- Fix an operation in the DDNS code to be a bitwise instead
of logical or. [ISC-Bugs #35138]
- Merged patches for dhcp-4.2.6 version to apply without fuzzy,
prepended patch number prefixes to match spec file patch nr,
added patch markup tags / bug numbers to the spec file.
- Applied contrib-lease-path pach to contrib.tar.gz
[- contrib-lease-path.diff]
- Changed to require automake and use its config.sub and guess
files instead of maintaining a patch.
[- config-guess-sub-update.patch]
- Enabled to log DHCPv6 addresses assigned by server to clients
[+ 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch]
- Cleaned up documentation, rpmlint adjustments.
OBS-URL: https://build.opensuse.org/request/show/221675
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=86
and enabled Restart=on-abort (fate#315133).
- Update to ISC dhcp-4.2.6 release. See RELNOTES file for the
complete list of changes -- digest of fixes not in dhcp-4.2.5:
- Tidy up receive packet processing.
Thanks to Brad Plank of GTA for reporting the issue and
suggesting a possible patch. [ISC-Bugs #34447]
- Fix the socket handling for DHCPv6 clients to allow multiple
instances of a client on a single machine to work properly.
Previously only one client would receive the packets.
Thanks to Jiri Popelka at Red Hat for the bug report and a
potential patch. [ISC-Bugs #34784]
- Added support for gentle shutdown after signal is received.
[ISC-Bugs #32692] [ISC-Bugs 34945]
- Enhance the DHCPv6 server logging to include the addresses
that are assigned to the clients. This can be enabled by
defining LOG_V6_ADDRESSES in site.h. [ISC-Bugs #26377]
- Fix an operation in the DDNS code to be a bitwise instead
of logical or. [ISC-Bugs #35138]
- Merged patches for dhcp-4.2.6 version to apply without fuzzy,
prepended patch number prefixes to match spec file patch nr,
added patch markup tags / bug numbers to the spec file.
- Applied contrib-lease-path pach to contrib.tar.gz
[- contrib-lease-path.diff]
- Changed to require automake and use its config.sub and guess
files instead of maintaining a patch.
[- config-guess-sub-update.patch]
- Enabled to log DHCPv6 addresses assigned by server to clients
[+ 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch]
- Cleaned up documentation, rpmlint adjustments.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=121
- Update to ISC dhcp-4.2.5 release. See RELNOTES file for the
- Removed obsolete parsing and printing option patch
- Merged dhcp-4.2.2-dhclient-send-hostname-rml.diff
- Fixed discovery of interfaces, which have only addresses with
a label assigned (linux 2.0 "alias interfaces" compatibility)
- Applied a patch to ignore SIGPIPE instead to die in socket code
- Updated ldap patch to 4.2.5-ldap-mt01
- Fixed dhclient-script to discard MTU lower-equal 576
- Verify GPG source archive signatures.
OBS-URL: https://build.opensuse.org/request/show/148048
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=73
complete list of changes -- digest of fixes not in dhcp-4.2.4-P2:
- Correct code to calculate rebind timing values in client
[ISC-Bugs #29062]
- Fix some issues in the code for parsing and printing options.
[ISC-Bugs #22625,#27289,#27296,#27314]
- Update the memory leakage debug code to work with v6.
[ISC-Bugs #30297]
- Relax the requirements for deleting an A or AAAA record.
This relaxation was codified in RFC 4703. [ISC-Bugs #30734]
- Modify the failover code to handle incorrect peer names better.
[ISC-Bugs #30320]
- Fix a set of issues that were discovered via a code inspection
tool. [ISC-Bugs #23833]
- Parsing unquoted base64 strings improved. [ISC-Bugs #23048]
- The client now passes information about the options it requested
from the server to the script code via environment variables.
These variables are of the form requested_<option_name>=1 with
the option name being the same as used in the new_* and old_*
variables. [ISC-Bugs #29068]
- Check the status value when trying to read from a connection to
see if it may have been closed. If it appears closed don't try
to read from it again. This avoids a potential busy-wait like
loop when the peer names are mismatched. [ISC-Bugs #31231]
- Remove an unused variable to keep compilers happy.
[ISC-Bugs #31983]
- Removed obsolete parsing and printing option patch
[dhcp-4.2.4-parsing-and-printing-options.patch]
- Merged dhcp-4.2.2-dhclient-send-hostname-rml.diff
[dhcp-4.2.5-dhclient-send-hostname-rml.patch]
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=96
an issue with the use of lease times was found and fixed. Making
certain changes to the end time of an IPv6 lease could cause the
server to abort. Thanks to Glen Eustace of Massey University,
New Zealand for finding this issue.
([ISC-Bugs #30281], CVE: CVE-2012-3955, bnc#780167)
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=94
- Moved lease file check to a separate action so it is not used in
restart -- it can fail when the daemon rewrites the lease causing
a restart failure then (bnc#762108 regression).
- Request dhcp6.sntp-servers in /etc/dhclient6.conf and forward to
netconfig for processing (bnc#770236).
- Removed RFC 4833 TZ options from client requests [unused].
- Update to ISC dhcp-4.2.4 release, fixing a dhcpv6 server assert
crash while accessing lease on heap (bnc#767661) and providing...
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=92
Modify the DDNS handling code. In a previous patch we added logging
code to the DDNS handling. This code included a bug that caused it
to attempt to dereference a NULL pointer and eventually segfault.
While reviewing the code as we addressed this problem, we determined
that some of the updates to the lease structures would not work as
planned since the structures being updated were in the process of
being freed: these updates were removed. In addition we removed an
incorrect call to the DDNS removal function that could cause a failure
during the removal of DDNS information from the DNS server.
Thanks to Jasper Jongmans for reporting this issue.
([ISC-Bugs #27078], CVE: CVE-2011-4868, bnc#741239)
- Fixed close-on-exec patch to not set it on stderr (bnc#732910)
- Fixed incorrect "a" array type option parsing causing to discard
e.g. classless static routes from lease file [reported as ISC-Bug
27289] and zero-length option parsing such as dhcp6.rapid-commit
in dhclient6 [reported as ISC-Bug 27314] (bnc#739696).
- Fixed dhclient to include its pid number in syslog messages.
- Fixed to use P2 in the spec version, not in the release tag.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=85
a DoS due to processing certain regular expressions (bnc#735610)
and several important DDNS related fixes:
* Add a check for a null pointer before calling the regexec function.
Without out this check we could, under some circumstances, pass
a null pointer to the regexec function causing it to segfault.
Thanks to a report from BlueCat Networks. [ISC-Bugs #26704]
CVE-2011-4539.
* Fix the code that checks for an existing DDNS transaction to
cancel when removing DDNS information, so that we will continue
with the processing if we have a lease even if it doesn't have an
outstanding transaction. [ISC-Bugs #24682]
* Add AM_MAINTAINER_MODE to configure.ac to avoid rebuilding
configuration files. [ISC-Bugs #24107]
* Add support for passing DDNS information to a DNS server over
an IPv6 address. [ISC-Bugs #22647]
* Enhanced patch for 23595 to handle IPv4 fixed addresses more
cleanly. [ISC-Bugs #23595]
- Refreshed ldap patch
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=82
(CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that
allowed remote attackers to cause a denial of service (a daemon
exit) via crafted BOOTP packets. Further also DNS update fix to
detect overlapping pools or misconfigured fixed-address entries,
that caused a server crash during DNS update and other fixes.
For a complete list, please see the RELNOTES file provided in
the package and also available online at http://www.isc.org/.
- Merged/adopted dhclient option-checks, send-hostname-rml, ldap
patch, xen-checksum, close-on-exec patches and removed obsolete
in6_pktinfo-prototype and relay-no-ip-on-interface patches.
- Moved server pid files into chroot directory even chroot is
not used and create a link in /var/run, so it can write one
when started as user without chroot and avoid stop problems
when the chroot sysconfig setting changed (bnc#712438).
- Disabled log-info level messages in dhclient(6) quiet mode to
avoid excessive logging of non-critical messages (bnc#711420).
- Fixed dhclient-script to not remove alias IP when it didn't
changed to not wipe out iptables connmark when renewing the
lease (bnc#700771). Thanks to James Carter for the patch.
- Fixed DDNS-howto.txt reference in the config file; it has been
moved to the dhcp-doc package (bnc#697279).
- Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz
to ensure, they're not used to build non-GPL dhcp (bnc#714004).
- Changed to apply strict-aliasing/RELRO for >= 12.x only
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=75
startup of the dhcp server in cases where the ldap server is not
yet started. Set the ldap-init-retry <num> option in dhcpd.conf
to enable it (bnc#627617). Merged in the actual ldap patch.
- Cleaned up init script error reporting, no -TERM for killproc.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=65
dhclient pretty escape and string option checks. Use relaxed
domain-name option check causing a regression, when the server
is misusing it to provide a domain list and does not provide
it via the domain-search option; pretty escape semicolon as well
(bnc#675052, CVE-2011-0997).
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=64
handling of connection requests on the failover port.
Previously a connection request from a source that wasn't
listed as a failover peer would cause the server to become
non-responsive. ([ISC-Bugs #22679] CERT: VU#159528 CVE:
CVE-2010-3616, bnc#659059).
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=51
handle a relay forward message with an unspecified address in the
link address field. Previously such a message would cause the
server to crash. Thanks to a report from John Gibbons.
[ISC-Bugs #21992] CERT: VU#102047 CVE: CVE-2010-3611 (bnc#650902)
The 4.2.0 version is a feature release, implementing asynchronous
DDNS processing and includes "The LDAP Patch".
For a complete list of changes from any previous release, please
consult the RELNOTES file within the source distribution or on
the ISC website: http://www.isc.org/software/dhcp/420
- Fixed compilation to avoid segfaults as soon as ldap is enabled,
merged our ldap patches from 4.1.x branch.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=43
without any IPv4 address assigned (bnc#631305, reported upsteam
as [ISC-Bugs #22409]).
- Fixed a common infinite loop while parsing options with optional
parts in the value such as in slp-service-scope option (bnc#643845,
reported upsteam as [ISC-Bugs #22410]).
- Fixed init scripts to report correct LSB codes in status action,
when the config file or the binary do not exists (bnc#640336).
- Fixed syntax of a check in the rcdhcrelay[6] (bnc#648580)
- Avoid pid check error message in the rcdhcpd[6] (bnc#646875)
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=38
a pair of bug fixes including one for a security related bug
(bnc#612546, CVE-2010-2156):
* A bug was fixed that could cause the DHCPv6 server to
advertise/assign a previously allocated (active) lease to a
client that has changed subnets, despite being on different
shared networks. Dynamic prefixes specifically allocated in
shared networks also now are not offered if the client has
moved. [ISC-Bugs #21152]
* Accept a client id of length 0 while hashing. Previously the
server would exit if it attempted to hash a zero length client
id, providing attackers with a simple denial of service attack.
[ISC-Bugs #21253]
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=29
release, providing DHCPv6 client/server/relay implementation.
The programs act in DHCPv6 mode, when the -6 start option is set.
We install separate init scripts with a 6 at the end to handle
them, that is /etc/init.d/dhcpd6 and dhrelay6. Further, there is
also a link to the binaries with a 6 at the end, e.g. dhclient6,
making it visible, that the installed version supports DHCPv6.
- Moved additional documentation to a separate dhcp-doc package.
- Changed to provide config files and scripts as source files
instead of patches to the ISC scripts.
- Adopted spec file and config/scripts, merged in all patches.
- Implemented RFC 3442 classless static routes support in the
dhclient-script (bnc#555870).
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=15
to not to break the defaultroute/hostname setup (bnc#555095).
- Don't request any specific lease-time by default (bnc#516459).
- Fixed dhclient-script to forward new_domain_search as DNSSEARCH
to netconfig.
- Updated to dhcp-3.1.3 maintenance release fixing several issues
(a digest, see RELNOTES for the complete list):
* Remove infinite loop in token_print_indent_concat().
* A parser bug was fixed that segfaulted if site-option-space
was tried to be used interchangeably with vendor-option-space.
* Two uninitialized stack structures are now memset to zero,
thanks to patch from David Cantrell at Red Hat.
* Memory leak in the load_balance_mine() function is fixed. This
would leak ~20-30 octets per DHCPDISCOVER packet while failover
was in use and in normal state.
* Fixed setting hostname in Linux hosts that require hostname
argument to be double-quoted. Also allow server-provided
hostname to override hostnames 'localhost' and '(none)'.
* Added client support for setting interface MTU and metric,
thanks to Roy "UberLord" Marples <roy@marples.name>.
* Fixed failover reconnection retry code to continue to retry to
reconnect rather than restarting the listener.
* Fixed a bug where an OMAPI socket disconnection message would
not result in scheduling a failover reconnection, if the link
had not negotiated a failover connect yet (e.g.: connection
refused, asynch socket connect() timeouts).
* Versions 3.0.x syntax with multiple name->code option
definitions is now supported. Note that, similarly to 3.0.x,
for by-code lookups only the last option definition is used.
* Fixed a fenceposting bug when a client had two host records
configured, one using 'uid' and the other using 'hardware
ethernet'. CVE-2009-1892
- Updated to dhcp-3.1.3-ldap-patch-mt-01 including previous fixes.
- Merged dhclient script, removed obsolete CVE-2009-1892 fix.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=4
