From 39371295493c77007634cceb7f9026e62b95ac91648320bbd92c89176e73b7e0 Mon Sep 17 00:00:00 2001
From: OBS User buildservice-autocommit <null@suse.de>
Date: Mon, 13 Dec 2010 11:54:52 +0000
Subject: [PATCH 1/4] Updating link to change in openSUSE:Factory/dhcp revision
 45.0

OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=92919383283294f2d114756d9f34aa8a
---
 dhcp.spec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dhcp.spec b/dhcp.spec
index 0f422bc..74f92d7 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package dhcp (Version 4.2.0.P1)
+# spec file for package dhcp (Version 4.2.0.P2)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -36,7 +36,7 @@ License:        BSD3c(or similar)
 Group:          Productivity/Networking/Boot/Servers
 AutoReqProv:    on
 Version:        4.2.0.P2
-Release:        0
+Release:        1
 Summary:        Common Files Used by ISC DHCP Software
 Url:            http://www.isc.org/software/dhcp
 Source0:        dhcp-%{isc_version}.tar.bz2

From 3e8864fa10fd5b8278de4563c253de8ebf243670a570069bd266c1d14391d55c Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.com>
Date: Wed, 2 Feb 2011 09:03:02 +0000
Subject: [PATCH 2/4] - Applied security fix for unexpected abort caused by a
 DHCPv6   decline message (CVE-2011-0413, VU#686084, bnc#667655). - Fixed
 dhclient.conf to request the domain-search option.

OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=53
---
 dhclient.conf                              |  2 +-
 dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff | 76 ++++++++++++++++++++++
 dhcp.changes                               |  7 ++
 dhcp.spec                                  |  2 +
 4 files changed, 86 insertions(+), 1 deletion(-)
 create mode 100644 dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff

diff --git a/dhclient.conf b/dhclient.conf
index 2497fa1..c1a4340 100644
--- a/dhclient.conf
+++ b/dhclient.conf
@@ -35,7 +35,7 @@ option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
 # Request several well known/usefull dhcp options.
 request subnet-mask, broadcast-address, routers,
 	rfc3442-classless-static-routes,
-	interface-mtu, host-name, domain-name,
+	interface-mtu, host-name, domain-name, domain-search,
 	domain-name-servers, nis-domain, nis-servers,
 	nds-context, nds-servers, nds-tree-name,
 	netbios-name-servers, netbios-dd-server,
diff --git a/dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff b/dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff
new file mode 100644
index 0000000..f7341d7
--- /dev/null
+++ b/dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff
@@ -0,0 +1,76 @@
+From d995f772e6b957c7569a640d024daa3e58c08f56 Mon Sep 17 00:00:00 2001
+From: Marius Tomaschewski <mt@suse.de>
+Date: Wed, 2 Feb 2011 09:18:39 +0100
+Subject: [PATCH] Unexpected abort caused by a DHCPv6 decline
+
+! When processing a request in the DHCPv6 server code that specifies
+  an address that is tagged as abandoned (meaning we received a
+  decline request for it previously) don't attempt to move it from
+  the inactive to active pool as doing so can result in the server
+  crshing on an assert failure.  Also retag the lease as active
+  and reset it's timeout value.
+  [ISC-Bugs #21921] (CVE-2011-0413, VU#686084)
+
+Signed-off-by: Marius Tomaschewski <mt@suse.de>
+---
+ server/mdb6.c |   19 ++++++++++++++++---
+ 1 files changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/server/mdb6.c b/server/mdb6.c
+index 87bd152..9d410f5 100644
+--- a/server/mdb6.c
++++ b/server/mdb6.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C) 2007-2010 by Internet Systems Consortium, Inc. ("ISC")
++ * Copyright (C) 2007-2011 by Internet Systems Consortium, Inc. ("ISC")
+  *
+  * Permission to use, copy, modify, and distribute this software for any
+  * purpose with or without fee is hereby granted, provided that the above
+@@ -1010,7 +1010,7 @@ move_lease_to_active(struct ipv6_pool *pool, struct iasubopt *lease) {
+  * Renew an lease in the pool.
+  *
+  * To do this, first set the new hard_lifetime_end_time for the resource,
+- * and then invoke renew_lease() on it.
++ * and then invoke renew_lease6() on it.
+  *
+  * WARNING: lease times must only be extended, never reduced!!!
+  */
+@@ -1020,12 +1020,24 @@ renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease) {
+ 	 * If we're already active, then we can just move our expiration
+ 	 * time down the heap. 
+ 	 *
++	 * If we're abandoned then we are already on the active list
++	 * but we need to retag the lease and move our expiration
++	 * from infinite to the current value
++	 *
+ 	 * Otherwise, we have to move from the inactive heap to the 
+ 	 * active heap.
+ 	 */
+ 	if (lease->state == FTS_ACTIVE) {
+ 		isc_heap_decreased(pool->active_timeouts, lease->heap_index);
+ 		return ISC_R_SUCCESS;
++	} else if (lease->state == FTS_ABANDONED) {
++		char tmp_addr[INET6_ADDRSTRLEN];
++                lease->state = FTS_ACTIVE;
++                isc_heap_increased(pool->active_timeouts, lease->heap_index);
++		log_info("Reclaiming previously abandoned address %s",
++			 inet_ntop(AF_INET6, &(lease->addr), tmp_addr,
++				   sizeof(tmp_addr)));
++                return ISC_R_SUCCESS;
+ 	} else {
+ 		return move_lease_to_active(pool, lease);
+ 	}
+@@ -1115,7 +1127,8 @@ isc_result_t
+ decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease) {
+ 	isc_result_t result;
+ 
+-	if (lease->state != FTS_ACTIVE) {
++	if ((lease->state != FTS_ACTIVE) &&
++	    (lease->state != FTS_ABANDONED)) {
+ 		result = move_lease_to_active(pool, lease);
+ 		if (result != ISC_R_SUCCESS) {
+ 			return result;
+-- 
+1.7.1
+
diff --git a/dhcp.changes b/dhcp.changes
index 689e067..692c7d3 100644
--- a/dhcp.changes
+++ b/dhcp.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Feb  2 09:02:18 UTC 2011 - mt@suse.de
+
+- Applied security fix for unexpected abort caused by a DHCPv6
+  decline message (CVE-2011-0413, VU#686084, bnc#667655).
+- Fixed dhclient.conf to request the domain-search option.
+
 -------------------------------------------------------------------
 Mon Dec 13 08:51:59 UTC 2010 - mt@suse.de
 
diff --git a/dhcp.spec b/dhcp.spec
index 74f92d7..6549c5e 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -83,6 +83,7 @@ Patch39:        dhcp-4.2.0-P1-no-libcrypto.diff
 Patch40:        dhcp-4.1.1-P1-lpf-bind-msg-fix.diff
 Patch41:        dhcp-4.1.1-P1-relay-no-ip-on-interface.diff
 Patch42:        dhcp-4.1.1-P1-optional-value-infinite-loop.diff
+Patch43:        dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff
 ##
 PreReq:         /bin/touch /sbin/chkconfig sysconfig
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -208,6 +209,7 @@ Authors:
 %patch40 -p1
 %patch41 -p1
 %patch42 -p1
+%patch43 -p1
 ##
 find . -type f -name \*.cat\* -exec rm -f {} \;
 dos2unix contrib/ms2isc/*

From 74e272fef29399fa6398c7739faee02a0a01a8d55621e8ebb97553a196f74dfc Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.com>
Date: Wed, 2 Feb 2011 09:11:54 +0000
Subject: [PATCH 3/4] Improved patch description

OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=54
---
 dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff b/dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff
index f7341d7..5941b03 100644
--- a/dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff
+++ b/dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff
@@ -1,15 +1,17 @@
-From d995f772e6b957c7569a640d024daa3e58c08f56 Mon Sep 17 00:00:00 2001
+From ef8d97cd543d87135b3aae2d778a6f91cb800498 Mon Sep 17 00:00:00 2001
 From: Marius Tomaschewski <mt@suse.de>
 Date: Wed, 2 Feb 2011 09:18:39 +0100
 Subject: [PATCH] Unexpected abort caused by a DHCPv6 decline
 
+Security fix (CVE-2011-0413, VU#686084, bnc#667655) extracted from
+dhcp-4.2.1b1 sources; description from dhcp-4.2.1b1/RELNOTES:
 ! When processing a request in the DHCPv6 server code that specifies
   an address that is tagged as abandoned (meaning we received a
   decline request for it previously) don't attempt to move it from
   the inactive to active pool as doing so can result in the server
   crshing on an assert failure.  Also retag the lease as active
   and reset it's timeout value.
-  [ISC-Bugs #21921] (CVE-2011-0413, VU#686084)
+  [ISC-Bugs #21921]
 
 Signed-off-by: Marius Tomaschewski <mt@suse.de>
 ---

From 6e20855cc5e8ca9856e65bb972ded00115ac16f0b29ccdc4d8e6c5436b689ffd Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.com>
Date: Wed, 2 Feb 2011 09:12:37 +0000
Subject: [PATCH 4/4] update date in changes file

OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=55
---
 dhcp.changes | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dhcp.changes b/dhcp.changes
index 692c7d3..9c66e4f 100644
--- a/dhcp.changes
+++ b/dhcp.changes
@@ -1,5 +1,5 @@
 -------------------------------------------------------------------
-Wed Feb  2 09:02:18 UTC 2011 - mt@suse.de
+Wed Feb  2 09:12:11 UTC 2011 - mt@suse.de
 
 - Applied security fix for unexpected abort caused by a DHCPv6
   decline message (CVE-2011-0413, VU#686084, bnc#667655).