- Update to ISC dhcp-4.2.4-P1 release, providing security fixes (bnc#772924)
- Moved lease file check to a separate action so it is not used in restart -- it can fail when the daemon rewrites the lease causing a restart failure then (bnc#762108 regression). - Request dhcp6.sntp-servers in /etc/dhclient6.conf and forward to netconfig for processing (bnc#770236). - Removed RFC 4833 TZ options from client requests [unused]. - Update to ISC dhcp-4.2.4 release, fixing a dhcpv6 server assert crash while accessing lease on heap (bnc#767661) and providing... OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=92
This commit is contained in:
Git OBS Bridge
113
dhcp.changes
113
dhcp.changes
@@ -1,3 +1,116 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 25 18:13:59 UTC 2012 - mt@suse.com
|
||||
|
||||
- Update to ISC dhcp-4.2.4-P1 release, providing following security
|
||||
fixes (bnc#772924):
|
||||
- Previously the server code was relaxed to allow packets with zero
|
||||
length client ids to be processed. Under some situations use of
|
||||
zero length client ids can cause the server to go into an infinite
|
||||
loop. As such ids are not valid according to RFC 2132 section 9.14
|
||||
the server no longer accepts them. Client ids with a length of 1
|
||||
are also invalid but the server still accepts them in order to
|
||||
minimize disruption. The restriction will likely be tightened in
|
||||
the future to disallow ids with a length of 1.
|
||||
Thanks to Markus Hietava of Codenomicon CROSS project for the
|
||||
finding this issue and CERT-FI for vulnerability coordination.
|
||||
[ISC-Bugs #29851] CVE: CVE-2012-3571
|
||||
- When attempting to convert a DUID from a client id option
|
||||
into a hardware address handle unexpected client ids properly.
|
||||
Thanks to Markus Hietava of Codenomicon CROSS project for the
|
||||
finding this issue and CERT-FI for vulnerability coordination.
|
||||
[ISC-Bugs #29852] CVE: CVE-2012-3570
|
||||
- A pair of memory leaks were found and fixed. Thanks to Glen
|
||||
Eustace of Massey University, New Zealand for finding this issue.
|
||||
[ISC-Bugs #30024] CVE: CVE-2012-3954
|
||||
- Moved lease file check to a separate action so it is not used in
|
||||
restart -- it can fail when the daemon rewrites the lease causing
|
||||
a restart failure then (bnc#762108 regression).
|
||||
- Request dhcp6.sntp-servers in /etc/dhclient6.conf and forward to
|
||||
netconfig for processing (bnc#770236).
|
||||
- Removed RFC 4833 TZ options from client requests [unused].
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 19 06:40:03 UTC 2012 - mt@suse.com
|
||||
|
||||
- Update to ISC dhcp-4.2.4 release, fixing a dhcpv6 server assert
|
||||
crash while accessing lease on heap (bnc#767661) and providing
|
||||
the following fixes:
|
||||
- Rotate the lease file when running in v6 mode.
|
||||
Thanks to Christoph Moench-Tegeder at Astaro for the
|
||||
report and the first version of the patch. [ISC-Bugs #24887]
|
||||
- Fixed the code that checks if an address the server is planning
|
||||
to hand out is in a reserved range. This would appear as the
|
||||
server being out of addresses in pools with particular ranges.
|
||||
[ISC-Bugs #26498]
|
||||
- In the DDNS code handle error conditions more gracefully and
|
||||
add more logging code. The major change is to handle unexpected
|
||||
cancel events from the DNS client code. [ISC-Bugs #26287]
|
||||
- Tidy up the receive calls and eliminate the need for found_pkt.
|
||||
[ISC-Bugs #25066]
|
||||
- Add support for Infiniband over sockets to the server and
|
||||
relay code. We've tested this on Solaris and hope to expand
|
||||
support for Infiniband in the future. This patch also corrects
|
||||
some issues we found in the socket code. [ISC-Bugs #24245]
|
||||
- Add a compile time check for the presence of the noreturn attribute
|
||||
and use it for log_fatal if it's available. This will help code
|
||||
checking programs to eliminate false positives. [ISC-Bugs #27539]
|
||||
- Fixed many compilation problems ("set, but not used" warnings) for
|
||||
gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588]
|
||||
- Modify the code that determines if an outstanding DDNS request
|
||||
should be cancelled. This patch results in cancelling the
|
||||
outstanding request less often. It fixes the problem caused
|
||||
by a client doing a release where the TXT and PTR records
|
||||
weren't removed from the DNS. [ISC-BUGS #27858]
|
||||
- Use offsetof() instead of sizeof() to get the sizes for
|
||||
dhcpv6_relay_packet and dhcpv6_packet in several more places.
|
||||
Thanks to a report from Bruno Verstuyft and Vincent Demaertelaere
|
||||
of Excentis. [ISC-Bugs #27941]
|
||||
- Remove outdated note in the description of the bootp keyword about
|
||||
the option not satisfying the requirement of failover peers for
|
||||
denying dynamic bootp clients. [ISC-bugs #28574]
|
||||
- Multiple items to clean up IPv6 address processing. When processing
|
||||
an IA that we've seen check to see if the addresses are usable
|
||||
(not in use by somebody else) before handing it out.
|
||||
When reading in leases from the file discard expired addresses.
|
||||
When picking an address for a client include the IA ID in
|
||||
addition to the client ID to generally pick different addresses
|
||||
for different IAs. [ISC-Bugs #23138] [ISC-Bugs #27945]
|
||||
[ISC-Bugs #25586] [ISC-Bugs #27684]
|
||||
- Remove unnecessary checks in the lease query code and clean up
|
||||
several compiler issues (some dereferences of NULL and treating
|
||||
an int as a boolean). [ISC-Bugs #26203]
|
||||
- Fix the NA and PD allocation code to handle the case where a client
|
||||
provides a preference and the server doesn't have any addresses or
|
||||
prefixes available. Previoulsy the server ignored the request with
|
||||
this patch it replies with a NoAddrsAvail or NoPrefixAvail response.
|
||||
By default the code performs according to the errata of August 2010
|
||||
for RFC 3315 section 17.2.2; to enable the previous style see the
|
||||
section on RFC3315_PRE_ERRATA_2010_08 in includes/site.h.
|
||||
This option may be removed in the future. Thanks to Jiri Popelka at
|
||||
Red Hat for the patch. [ISC-Bugs #22676]
|
||||
- Fix up some issues found by static analysis. A potential memory leak
|
||||
and NULL dereference in omapi. The use of a boolean test instead of
|
||||
a bitwise test in dst. [ISC-Bugs #28941]
|
||||
- Replaced our patches with a complete and upstream verified patch:
|
||||
- Fix some issues in the code for parsing and printing options.
|
||||
[ISC-Bugs #27314] - properly parse a zero length option from
|
||||
a lease file.
|
||||
[ISC-Bugs #22796] - properly determine if we parsed a 16 or
|
||||
32 bit value in evaluate_numeric_expression (extract-int).
|
||||
[ISC-Bugs #22625] - properly print options that have several
|
||||
fields followed by an array of something for example "fIa"
|
||||
[ISC-Bugs #27289] - properly parse options in declarations
|
||||
that have several fields followed by an array of something
|
||||
for example "fIa"
|
||||
This patch obsoletes the following (bnc#739696) patches:
|
||||
- dhclient: parse_option_param: Bad format a
|
||||
- zero-length option lease parse error in dhclient6
|
||||
- Merged ldap and options check patches for the new version
|
||||
- Fixed dhcp-server init script to check syntax and fail while
|
||||
force-reload and restart to avoid stopping of running daemon
|
||||
followed by start failure (bnc#762108). Added libgcc_s.so to
|
||||
chroot, so the server can report assert/crash line.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 28 15:06:47 UTC 2012 - mt@suse.com
|
||||
|
||||
|
||||
Reference in New Issue
Block a user