From f52eac7d2215a83155881f7d52e1e02a5f4eb60128524fe3c36f6b810ef00a74 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 6 Aug 2009 19:34:50 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=24 --- dhcp-3.0.5-ldap-patch_3.1.1.bz2 | 3 - dhcp-3.0.5-ldap-patch_host_brace.dif | 15 - dhcp-3.0.5-ldap-patch_object-order.dif | 110 -- dhcp-3.0.5-ldap-patch_server_dn.dif | 22 - dhcp-3.0.6-ldap-patch_external-dn.diff | 19 - dhcp-3.0.6-ldap-patch_hwaddr-icase.dif | 60 - dhcp-3.1.1-CVE-2009-1892.bnc519413.dif | 11 + dhcp-3.1.1-dhclient-no-dereference-twice.dif | 10 - dhcp-3.1.1-ldap-patch_failover-obj.dif | 381 ------ dhcp-3.1.1-ldap-patch_service-assoc-msg.dif | 12 - dhcp-3.1.1.tar.gz | 3 - dhcp-3.1.1.tar.gz.asc | 11 - ...ript.dif => dhcp-3.1.2-dhclient-script.dif | 72 +- dhcp-3.1.2p1-ldap-patch-mt.11.2-02.diff.bz2 | 3 + dhcp-3.1.2p1.tar.gz | 3 + dhcp-3.1.2p1.tar.gz.asc | 11 + dhcp.changes | 48 + dhcp.spec | 1219 +---------------- 18 files changed, 136 insertions(+), 1877 deletions(-) delete mode 100644 dhcp-3.0.5-ldap-patch_3.1.1.bz2 delete mode 100644 dhcp-3.0.5-ldap-patch_host_brace.dif delete mode 100644 dhcp-3.0.5-ldap-patch_object-order.dif delete mode 100644 dhcp-3.0.5-ldap-patch_server_dn.dif delete mode 100644 dhcp-3.0.6-ldap-patch_external-dn.diff delete mode 100644 dhcp-3.0.6-ldap-patch_hwaddr-icase.dif create mode 100644 dhcp-3.1.1-CVE-2009-1892.bnc519413.dif delete mode 100644 dhcp-3.1.1-dhclient-no-dereference-twice.dif delete mode 100644 dhcp-3.1.1-ldap-patch_failover-obj.dif delete mode 100644 dhcp-3.1.1-ldap-patch_service-assoc-msg.dif delete mode 100644 dhcp-3.1.1.tar.gz delete mode 100644 dhcp-3.1.1.tar.gz.asc rename dhcp-3.1.1-dhclient-script.dif => dhcp-3.1.2-dhclient-script.dif (87%) create mode 100644 dhcp-3.1.2p1-ldap-patch-mt.11.2-02.diff.bz2 create mode 100644 dhcp-3.1.2p1.tar.gz create mode 100644 dhcp-3.1.2p1.tar.gz.asc diff --git a/dhcp-3.0.5-ldap-patch_3.1.1.bz2 b/dhcp-3.0.5-ldap-patch_3.1.1.bz2 deleted file mode 100644 index c670904..0000000 --- a/dhcp-3.0.5-ldap-patch_3.1.1.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:09a632cd8f9ff436047cfa548eb2935409b246932075de8c084c4a9ba1080dd9 -size 38097 diff --git a/dhcp-3.0.5-ldap-patch_host_brace.dif b/dhcp-3.0.5-ldap-patch_host_brace.dif deleted file mode 100644 index 58072ca..0000000 --- a/dhcp-3.0.5-ldap-patch_host_brace.dif +++ /dev/null @@ -1,15 +0,0 @@ ---- server/ldap.c -+++ server/ldap.c 2007/04/26 11:44:01 -@@ -165,10 +165,11 @@ - - x_strncat (cfile->inbuf, "host ", LDAP_BUFFER_SIZE); - x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE); - - if (hwaddr != NULL && hwaddr[0] != NULL) - { -- x_strncat (cfile->inbuf, " {\nhardware ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, "hardware ", LDAP_BUFFER_SIZE); - x_strncat (cfile->inbuf, hwaddr[0], LDAP_BUFFER_SIZE); - x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); - ldap_value_free (hwaddr); diff --git a/dhcp-3.0.5-ldap-patch_object-order.dif b/dhcp-3.0.5-ldap-patch_object-order.dif deleted file mode 100644 index 393b8f6..0000000 --- a/dhcp-3.0.5-ldap-patch_object-order.dif +++ /dev/null @@ -1,110 +0,0 @@ ---- server/ldap.c -+++ server/ldap.c 2007/03/13 14:58:28 -@@ -974,8 +974,8 @@ next_ldap_entry (struct parse *cfile) - } - - while (ldap_stack != NULL && -- (ldap_stack->ldent == NULL || -- (ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL)) -+ (ldap_stack->ldent == NULL || ( ldap_stack->processed && -+ (ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL))) - { - if (ldap_stack->close_brace) - { -@@ -1110,9 +1110,9 @@ ldap_generate_config_string (struct pars - { - char **objectClass, *dn; - struct ldap_config_stack *entry; -- LDAPMessage * ent, * res; -+ LDAPMessage *ent, *res, *entfirst, *resfirst; - int i, j, ignore, found; -- int ret; -+ int ret, parsedn = 1; - - if (ld == NULL) - ldap_start (); -@@ -1124,6 +1124,7 @@ ldap_generate_config_string (struct pars - "objectClass")) == NULL) - return; - -+ entry->processed = 1; - ignore = 0; - found = 1; - for (i=0; objectClass[i] != NULL; i++) -@@ -1184,18 +1185,32 @@ ldap_generate_config_string (struct pars - LDAP_BUFFER_SIZE-1, NULL); - - dn = ldap_get_dn (ld, entry->ldent); -- -+ if (dn == NULL) -+ { -+ ldap_stop(); -+ return; -+ } - #if defined(DEBUG_LDAP) -- if (dn != NULL) -- log_info ("Found LDAP entry '%s'", dn); -+ else -+ { -+ log_info ("Found LDAP entry '%s'", dn); -+ } - #endif - -- if (dn == NULL || -- (ret = ldap_search_s (ld, dn, LDAP_SCOPE_ONELEVEL, "objectClass=*", -+ if ((ret = ldap_search_s (ld, dn, LDAP_SCOPE_ONELEVEL, "(!(|(|(objectClass=dhcpTSigKey)(objectClass=dhcpClass)) (objectClass=dhcpFailOverPeer)))", - NULL, 0, &res)) != LDAP_SUCCESS) - { -- if (dn) -- ldap_memfree (dn); -+ ldap_memfree (dn); -+ -+ ldap_stop(); -+ return; -+ } -+ -+ if ((ret = ldap_search_s (ld, dn, LDAP_SCOPE_ONELEVEL, "(|(|(objectClass=dhcpTSigKey)(objectClass=dhcpClass)) (objectClass=dhcpFailOverPeer))", -+ NULL, 0, &resfirst)) != LDAP_SUCCESS) -+ { -+ ldap_memfree (dn); -+ ldap_msgfree (res); - - ldap_stop(); - return; -@@ -1203,17 +1218,32 @@ ldap_generate_config_string (struct pars - - ldap_memfree (dn); - -- if ((ent = ldap_first_entry (ld, res)) != NULL) -+ ent = ldap_first_entry(ld, res); -+ entfirst = ldap_first_entry(ld, resfirst); -+ -+ if (ent == NULL && entfirst == NULL) -+ { -+ parse_external_dns (entry->ldent); -+ next_ldap_entry (cfile); -+ } -+ -+ if (ent != NULL) - { - add_to_config_stack (res, ent); - parse_external_dns (entry->ldent); -+ parsedn = 0; - } - else -+ ldap_msgfree (res); -+ -+ if (entfirst != NULL) - { -- ldap_msgfree (res); -- parse_external_dns (entry->ldent); -- next_ldap_entry (cfile); -+ add_to_config_stack (resfirst, entfirst); -+ if(parsedn) -+ parse_external_dns (entry->ldent); - } -+ else -+ ldap_msgfree (resfirst); - } - - diff --git a/dhcp-3.0.5-ldap-patch_server_dn.dif b/dhcp-3.0.5-ldap-patch_server_dn.dif deleted file mode 100644 index 432a378..0000000 --- a/dhcp-3.0.5-ldap-patch_server_dn.dif +++ /dev/null @@ -1,22 +0,0 @@ ---- server/ldap.c -+++ server/ldap.c 2007/04/26 11:42:39 -@@ -1477,8 +1477,8 @@ - for (cnt=0; tempstr[cnt] != NULL; cnt++) - { - snprintf(sfilter, sizeof(sfilter), "(&(objectClass=dhcpService)" -- "(|(dhcpPrimaryDN=%s)(dhcpSecondaryDN=%s)))", -- hostdn, hostdn); -+ "(|(|(dhcpPrimaryDN=%s)(dhcpSecondaryDN=%s))(dhcpServerDN=%s)))", -+ hostdn, hostdn, hostdn); - ldres = NULL; - if ((ret = ldap_search_s (ld, tempstr[cnt], LDAP_SCOPE_BASE, - sfilter, NULL, 0, &ldres)) != LDAP_SUCCESS) -@@ -1493,7 +1493,7 @@ - - if ((ent = ldap_first_entry (ld, ldres)) == NULL) - { -- log_error ("Error: Cannot find dhcpService DN '%s' with primary or secondary server reference. Please update the LDAP server entry '%s'", -+ log_error ("Error: Cannot find dhcpService DN '%s' with server reference. Please update the LDAP server entry '%s'", - tempstr[cnt], hostdn); - - ldap_msgfree(ldres); diff --git a/dhcp-3.0.6-ldap-patch_external-dn.diff b/dhcp-3.0.6-ldap-patch_external-dn.diff deleted file mode 100644 index 15d9ca9..0000000 --- a/dhcp-3.0.6-ldap-patch_external-dn.diff +++ /dev/null @@ -1,19 +0,0 @@ ---- server/ldap.c -+++ server/ldap.c 2008-05-10 07:49:20.000000000 +0530 -@@ -893,7 +893,15 @@ - { - char *search[] = {"dhcpOptionsDN", "dhcpSharedNetworkDN", "dhcpSubnetDN", - "dhcpGroupDN", "dhcpHostDN", "dhcpClassesDN", -- "dhcpPoolDN", NULL}; -+ "dhcpPoolDN", "dhcpZoneDN", "dhcpFailOverPeerDN", NULL}; -+ -+ /* FIXME: dhcpKeyDN can't be added. It is referenced in dhcpDnsZone to -+ retrive the key name (cn). Adding keyDN will reflect adding a key declaration -+ inside the zone configuration. -+ -+ dhcpSubClassesDN cant be added. It is also similar to the above. -+ Needs schema change. -+ */ - LDAPMessage * newres, * newent; - struct ldap_config_stack *ns; - char **tempstr; diff --git a/dhcp-3.0.6-ldap-patch_hwaddr-icase.dif b/dhcp-3.0.6-ldap-patch_hwaddr-icase.dif deleted file mode 100644 index da45012..0000000 --- a/dhcp-3.0.6-ldap-patch_hwaddr-icase.dif +++ /dev/null @@ -1,60 +0,0 @@ ---- server/ldap.c -+++ server/ldap.c 2007/12/04 10:16:56 -@@ -39,6 +39,7 @@ - - #include "dhcpd.h" - #include -+#include - - #if defined(LDAP_CONFIGURATION) - -@@ -87,6 +88,24 @@ - return strncat(dst, src, dst_size > len ? dst_size - len - 1: 0); - } - -+static char * -+x_strxform(char *dst, const char *src, size_t dst_size, -+ int (*xform)(int)) -+{ -+ if(dst && src && dst_size) -+ { -+ size_t len, pos; -+ -+ len = strlen(src); -+ for(pos=0; pos < len && pos + 1 < dst_size; pos++) -+ dst[pos] = xform((int)src[pos]); -+ dst[pos] = '\0'; -+ -+ return dst; -+ } -+ return NULL; -+} -+ - static void - ldap_parse_class (struct ldap_config_stack *item, struct parse *cfile) - { -@@ -1707,6 +1726,8 @@ - struct host_decl * host; - isc_result_t status; - ldap_dn_node *curr; -+ char up_hwaddr[20]; -+ char lo_hwaddr[20]; - int ret; - - if (ldap_method == LDAP_METHOD_STATIC) -@@ -1737,9 +1758,13 @@ - ** FIXME: It is not guaranteed, that the dhcpHWAddress attribute - ** contains _exactly_ "type addr" with one space between! - */ -+ snprintf(lo_hwaddr, sizeof(lo_hwaddr), "%s", -+ print_hw_addr (htype, hlen, haddr)); -+ x_strxform(up_hwaddr, lo_hwaddr, sizeof(up_hwaddr), toupper); -+ - snprintf (buf, sizeof (buf), -- "(&(objectClass=dhcpHost)(dhcpHWAddress=%s %s))", -- type_str, print_hw_addr (htype, hlen, haddr)); -+ "(&(objectClass=dhcpHost)(|(dhcpHWAddress=%s %s)(dhcpHWAddress=%s %s)))", -+ type_str, lo_hwaddr, type_str, up_hwaddr); - - res = ent = NULL; - for (curr = ldap_service_dn_head; diff --git a/dhcp-3.1.1-CVE-2009-1892.bnc519413.dif b/dhcp-3.1.1-CVE-2009-1892.bnc519413.dif new file mode 100644 index 0000000..018744d --- /dev/null +++ b/dhcp-3.1.1-CVE-2009-1892.bnc519413.dif @@ -0,0 +1,11 @@ +--- server/dhcp.c ++++ server/dhcp.c 2009/07/09 16:05:43 +@@ -1747,6 +1747,8 @@ void ack_lease (packet, lease, offer, wh + host_reference (&host, h, MDL); + } + if (!host) { ++ if (hp) ++ host_dereference (&hp, MDL); + find_hosts_by_haddr (&hp, + packet -> raw -> htype, + packet -> raw -> chaddr, diff --git a/dhcp-3.1.1-dhclient-no-dereference-twice.dif b/dhcp-3.1.1-dhclient-no-dereference-twice.dif deleted file mode 100644 index e336dc0..0000000 --- a/dhcp-3.1.1-dhclient-no-dereference-twice.dif +++ /dev/null @@ -1,10 +0,0 @@ ---- client/dhclient.c -+++ client/dhclient.c 2008/09/12 11:37:53 -@@ -2156,7 +2156,6 @@ - (struct option_state *)0, options, - &global_scope, 0, 0, 0, (struct data_string *)0, - client -> config -> vendor_space_name); -- option_state_dereference (&options, MDL); - if (client -> packet_length < BOOTP_MIN_LEN) - client -> packet_length = BOOTP_MIN_LEN; - option_state_dereference (&options, MDL); diff --git a/dhcp-3.1.1-ldap-patch_failover-obj.dif b/dhcp-3.1.1-ldap-patch_failover-obj.dif deleted file mode 100644 index 364324f..0000000 --- a/dhcp-3.1.1-ldap-patch_failover-obj.dif +++ /dev/null @@ -1,381 +0,0 @@ ---- server/ldap.c -+++ server/ldap.c 2009/01/15 15:42:21 -@@ -106,6 +106,106 @@ x_strxform(char *dst, const char *src, s - return NULL; - } - -+static int -+get_host_entry(char *fqdnname, size_t fqdnname_size, -+ char *hostaddr, size_t hostaddr_size) -+{ -+#if defined(MAXHOSTNAMELEN) -+ char hname[MAXHOSTNAMELEN+1]; -+#else -+ char hname[65]; -+#endif -+ struct hostent *hp; -+ -+ if (NULL == fqdnname || 1 >= fqdnname_size) -+ return -1; -+ -+ memset(hname, 0, sizeof(hname)); -+ if (gethostname(hname, sizeof(hname)-1)) -+ return -1; -+ -+ if (NULL == (hp = gethostbyname(hname))) -+ return -1; -+ -+ strncpy(fqdnname, hp->h_name, fqdnname_size-1); -+ fqdnname[fqdnname_size-1] = '\0'; -+ -+ if (hostaddr != NULL) -+ { -+ if (hp->h_addr != NULL) -+ { -+ struct in_addr *aptr = (struct in_addr *)hp->h_addr; -+#if defined(HAVE_INET_NTOP) -+ if (hostaddr_size >= INET_ADDRSTRLEN && -+ inet_ntop(AF_INET, aptr, hostaddr, hostaddr_size) != NULL) -+ { -+ return 0; -+ } -+#else -+ char *astr = inet_ntoa(*aptr); -+ size_t alen = strlen(astr); -+ if (astr && alen > 0 && hostaddr_size > alen) -+ { -+ strncpy(hostaddr, astr, hostaddr_size-1); -+ hostaddr[hostaddr_size-1] = '\0'; -+ return 0; -+ } -+#endif -+ } -+ return -1; -+ } -+ return 0; -+} -+ -+static int -+get_host_address(const char *hostname, char *hostaddr, size_t hostaddr_size) -+{ -+ if (hostname && *hostname && hostaddr && hostaddr_size) -+ { -+ struct in_addr addr; -+ -+#if defined(HAVE_INET_PTON) -+ if (inet_pton(AF_INET, hostname, &addr) == 0) -+#else -+ if (inet_aton(hostname, &addr) == 0) -+#endif -+ { -+ /* it is already IP address string */ -+ if(strlen(hostname) < hostaddr_size) -+ { -+ strncpy(hostaddr, hostname, hostaddr_size-1); -+ hostaddr[hostaddr_size-1] = '\0'; -+ return 0; -+ } -+ } -+ else -+ { -+ struct hostent *hp; -+ if ((hp = gethostbyname(hostname)) != NULL && hp->h_addr != NULL) -+ { -+ struct in_addr *aptr = (struct in_addr *)hp->h_addr; -+#if defined(HAVE_INET_NTOP) -+ if (hostaddr_size >= INET_ADDRSTRLEN && -+ inet_ntop(AF_INET, aptr, hostaddr, hostaddr_size) != NULL) -+ { -+ return 0; -+ } -+#else -+ char *astr = inet_ntoa(*aptr); -+ size_t alen = strlen(astr); -+ if (astr && alen > 0 && alen < hostaddr_size) -+ { -+ strncpy(hostaddr, astr, hostaddr_size-1); -+ hostaddr[hostaddr_size-1] = '\0'; -+ return 0; -+ } -+#endif -+ } -+ } -+ } -+ return -1; -+} -+ - static void - ldap_parse_class (struct ldap_config_stack *item, struct parse *cfile) - { -@@ -447,6 +547,220 @@ add_to_config_stack (LDAPMessage * res, - ldap_stack = ns; - } - -+static void -+ldap_parse_failover (struct ldap_config_stack *item, struct parse *cfile) -+{ -+ char **tempstr; -+ char nodename[257]="\0", fqdnname[257]="\0", fqdnaddr[64]="\0"; -+ char srvaddr[2][64] = {"\0", "\0"}; -+ int primary, split = 0; -+ struct utsname unme; -+ -+ if(uname(&unme) == 0) -+ { -+ snprintf(nodename, sizeof(nodename), "%s", unme.nodename); -+ } -+ if (get_host_entry (fqdnname, sizeof(fqdnname), fqdnaddr, sizeof(fqdnaddr))) -+ { -+ log_info("Could not get fqdn and the IP address of the host"); -+ return; -+ } -+ -+ /* -+ ** when dhcpFailOverPrimaryServer or dhcpFailOverSecondaryServer -+ ** matches our IP address, the following valiables are set: -+ ** - primary is 1 when we are primary or 0 when we are secondary -+ ** - srvaddr[0] contains ip address of the primary -+ ** - srvaddr[1] contains ip address of the secondary -+ */ -+ primary = -1; -+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverPrimaryServer")) != NULL) -+ { -+ if (strcasecmp (tempstr[0], fqdnaddr) == 0 || -+ strcasecmp (tempstr[0], fqdnname) == 0 || -+ strcasecmp (tempstr[0], nodename) == 0) -+ { -+ /* we are the primary */ -+ primary = 1; -+ /* write primary address */ -+ strncpy(srvaddr[0], fqdnaddr, sizeof(srvaddr[0])-1); -+ srvaddr[0][sizeof(srvaddr[0])-1] = '\0'; -+ } -+ else -+ { -+ /* no match => don't set primary flag */ -+ /* write primary address */ -+ if (get_host_address (tempstr[0], srvaddr[0], sizeof(srvaddr[0])) != 0) -+ { -+ log_info("Can't resolve address of the primary failover server %s", -+ tempstr[0]); -+ ldap_value_free (tempstr); -+ return; -+ } -+ } -+ ldap_value_free (tempstr); -+ } -+ -+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverSecondaryServer")) != NULL) -+ { -+ if (strcasecmp (tempstr[0], fqdnaddr) == 0 || -+ strcasecmp (tempstr[0], fqdnname) == 0 || -+ strcasecmp (tempstr[0], nodename) == 0) -+ { -+ if (primary == 1) -+ { -+ log_info("Both, primary and secondary failover server" -+ " attribute matches our hostname/address"); -+ ldap_value_free (tempstr); -+ return; -+ } -+ /* we are the secondary */ -+ primary = 0; -+ /* write secondary address */ -+ strncpy(srvaddr[1], fqdnaddr, sizeof(srvaddr[1])-1); -+ srvaddr[1][sizeof(srvaddr[1])-1] = '\0'; -+ } -+ else -+ { -+ /* no match => don't set primary flag */ -+ /* write secondary address */ -+ if (get_host_address (tempstr[0], srvaddr[1], sizeof(srvaddr[1])) != 0) -+ { -+ log_info("Can't resolve address of the secondary failover server %s", -+ tempstr[0]); -+ ldap_value_free (tempstr); -+ return; -+ } -+ } -+ ldap_value_free (tempstr); -+ } -+ -+ if (primary == -1 || srvaddr[0] == '\0' || srvaddr[1] == '\0') -+ { -+ log_error("Could not decide if the server type is primary" -+ " or secondary for failover peering."); -+ return; -+ } -+ -+ if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) != NULL) -+ { -+ x_strncat (cfile->inbuf, "failover peer \"", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE); -+ ldap_value_free (tempstr); -+ } -+ else -+ { -+ // ldap with disabled schema checks? fail to avoid syntax error. -+ log_error("Unable to find mandatory failover peering name attribute"); -+ return; -+ } -+ -+ if (primary) -+ x_strncat (cfile->inbuf, "primary;\n", LDAP_BUFFER_SIZE); -+ else -+ x_strncat (cfile->inbuf, "secondary;\n", LDAP_BUFFER_SIZE); -+ -+ x_strncat (cfile->inbuf, "address ", LDAP_BUFFER_SIZE); -+ if (primary) -+ x_strncat (cfile->inbuf, srvaddr[0], LDAP_BUFFER_SIZE); -+ else -+ x_strncat (cfile->inbuf, srvaddr[1], LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ -+ x_strncat (cfile->inbuf, "peer address ", LDAP_BUFFER_SIZE); -+ if (primary) -+ x_strncat (cfile->inbuf, srvaddr[1], LDAP_BUFFER_SIZE); -+ else -+ x_strncat (cfile->inbuf, srvaddr[0], LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ -+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverPrimaryPort")) != NULL) -+ { -+ if (primary) -+ x_strncat (cfile->inbuf, "port ", LDAP_BUFFER_SIZE); -+ else -+ x_strncat (cfile->inbuf, "peer port ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ ldap_value_free (tempstr); -+ } -+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverSecondaryPort")) != NULL) -+ { -+ if (primary) -+ x_strncat (cfile->inbuf, "peer port ", LDAP_BUFFER_SIZE); -+ else -+ x_strncat (cfile->inbuf, "port ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ ldap_value_free (tempstr); -+ } -+ -+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverResponseDelay")) != NULL) -+ { -+ x_strncat (cfile->inbuf, "max-response-delay ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ ldap_value_free (tempstr); -+ } -+ -+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverUnackedUpdates")) != NULL) -+ { -+ x_strncat (cfile->inbuf, "max-unacked-updates ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ ldap_value_free (tempstr); -+ } -+ -+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverLoadBalanceTime")) != NULL) -+ { -+ x_strncat (cfile->inbuf, "load balance max seconds ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ ldap_value_free (tempstr); -+ } -+ -+ if (primary && -+ (tempstr = ldap_get_values (ld, item->ldent, "dhcpMaxClientLeadTime")) != NULL) -+ { -+ x_strncat (cfile->inbuf, "mclt ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ ldap_value_free (tempstr); -+ } -+ -+ if (primary && -+ (tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverSplit")) != NULL) -+ { -+ x_strncat (cfile->inbuf, "split ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ split = 1; -+ ldap_value_free (tempstr); -+ } -+ -+ if (primary && !split && -+ (tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverHashBucketAssignment")) != NULL) -+ { -+ x_strncat (cfile->inbuf, "hba ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ ldap_value_free (tempstr); -+ } -+ -+ /* -+ ** Are there any other options can come here? If yes then we need to enable -+ ** dhcpStatements in the schema and apply them here as well. -+ ** -+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpStatements")) != NULL) -+ { -+ ... -+ ldap_value_free (tempstr); -+ } -+ */ -+ -+ item->close_brace = 1; -+} - - static void - ldap_stop() -@@ -1171,6 +1485,8 @@ ldap_generate_config_string (struct pars - ldap_parse_key (entry, cfile); - else if (strcasecmp (objectClass[i], "dhcpDnsZone") == 0) - ldap_parse_zone (entry, cfile); -+ else if (strcasecmp (objectClass[i], "dhcpFailOverPeer") == 0) -+ ldap_parse_failover (entry, cfile); - else if (strcasecmp (objectClass[i], "dhcpHost") == 0) - { - if (ldap_method == LDAP_METHOD_STATIC) -@@ -1356,32 +1672,6 @@ ldap_get_host_name (LDAPMessage * ent) - } - - --static int --getfqhostname(char *fqhost, size_t size) --{ --#if defined(MAXHOSTNAMELEN) -- char hname[MAXHOSTNAMELEN]; --#else -- char hname[65]; --#endif -- struct hostent *hp; -- -- if(NULL == fqhost || 1 >= size) -- return -1; -- -- memset(hname, 0, sizeof(hname)); -- if( gethostname(hname, sizeof(hname)-1)) -- return -1; -- -- if(NULL == (hp = gethostbyname(hname))) -- return -1; -- -- strncpy(fqhost, hp->h_name, size-1); -- fqhost[size-1] = '\0'; -- return 0; --} -- -- - isc_result_t - ldap_read_config (void) - { -@@ -1417,7 +1707,7 @@ ldap_read_config (void) - } - else - { -- if(0 == getfqhostname(fqdn, sizeof(fqdn))) -+ if(0 == get_host_entry(fqdn, sizeof(fqdn), NULL, 0)) - { - snprintf (hfilter, sizeof (hfilter), - "(&(objectClass=dhcpServer)(|(cn=%s)(cn=%s)))", diff --git a/dhcp-3.1.1-ldap-patch_service-assoc-msg.dif b/dhcp-3.1.1-ldap-patch_service-assoc-msg.dif deleted file mode 100644 index 5a55147..0000000 --- a/dhcp-3.1.1-ldap-patch_service-assoc-msg.dif +++ /dev/null @@ -1,12 +0,0 @@ ---- server/ldap.c -+++ server/ldap.c 2009/01/15 15:47:19 -@@ -1750,7 +1750,8 @@ ldap_read_config (void) - (tempstr = ldap_get_values (ld, hostent, "dhcpServiceDN")) == NULL || - tempstr[0] == NULL) - { -- log_error ("Error: Cannot find LDAP entry matching %s", hfilter); -+ log_error ("Error: No dhcp service is associated with the server %s %s", (hostdn ? "dn" : "name"), -+ (hostdn ? hostdn : (ldap_dhcp_server_cn ? ldap_dhcp_server_cn : unme.nodename))); - - if (tempstr != NULL) - ldap_value_free (tempstr); diff --git a/dhcp-3.1.1.tar.gz b/dhcp-3.1.1.tar.gz deleted file mode 100644 index 70bff01..0000000 --- a/dhcp-3.1.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:129024c7545e3e8d37e75cd5d534b50c53955592c4935189a57916e216355f6d -size 798228 diff --git a/dhcp-3.1.1.tar.gz.asc b/dhcp-3.1.1.tar.gz.asc deleted file mode 100644 index 81be8dd..0000000 --- a/dhcp-3.1.1.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.9 (FreeBSD) - -iQEVAwUASCtC6iM0Ek4byR5sAQLL3QgAstoKreDh/9lqQDQ/LhwgsOdzL3aidqu1 -YPz23QMqMWTR9lxCeLHJlz3w6JzlgA+2JRDn8CKHO8EMayw99nwtJs+Eu1D1s77D -m3K7T/vz3rfFlk0ObmFD/p18nL5HdEU+jX7wzJS8Um0R9AWClwLfJU6g58OH37MG -RHqrW9pXKa2cehoiQ1fZexuoylLgz/Rrb8PY79xjazWEbJCEbkkp8ZNMX3j6+FkO -CW6HVjFMWIkfnjGWUAbgbO8myzETPuBoVvh7yrpGicjOgQ+FvqukWgww2AgaLo/X -iUAIfjhjqQT2qnHwVvA7v1GEzEkl6pRR86knG492Aj4HTflLGCjV/A== -=Zw8s ------END PGP SIGNATURE----- diff --git a/dhcp-3.1.1-dhclient-script.dif b/dhcp-3.1.2-dhclient-script.dif similarity index 87% rename from dhcp-3.1.1-dhclient-script.dif rename to dhcp-3.1.2-dhclient-script.dif index d82937b..cd7d467 100644 --- a/dhcp-3.1.1-dhclient-script.dif +++ b/dhcp-3.1.2-dhclient-script.dif @@ -1,5 +1,5 @@ --- client/dhclient-script.8 -+++ client/dhclient-script.8 2009/01/19 14:56:42 ++++ client/dhclient-script.8 2009/05/04 09:54:05 @@ -45,9 +45,10 @@ This script is not meant to be customized by the end user. If local customizations are needed, they should be possible using the enter and @@ -72,7 +72,7 @@ .B dhclient-script(8) has been written for Internet Systems Consortium --- client/scripts/linux -+++ client/scripts/linux 2009/01/19 14:56:58 ++++ client/scripts/linux 2009/05/04 10:01:50 @@ -22,25 +22,97 @@ # 4. TIMEOUT not tested. ping has a flag I don't know, and I'm suspicious # of the $1 in its args. @@ -83,7 +83,7 @@ +# logs entire run of dhclient-script to /var/log/dhclient-script, +# if DHCLIENT_DEBUG is set in sysconfig/network/dhcp +# -+eval `grep "^DHCLIENT_DEBUG=" /etc/sysconfig/network/dhcp` ++eval `grep "^DHCLIENT_DEBUG=" /etc/sysconfig/network/dhcp 2>/dev/null` +if [ "$DHCLIENT_DEBUG" = yes ]; then + set -a # allexport + ( @@ -198,7 +198,7 @@ # Add route to make broadcast work. Do not omit netmask. route add default dev $interface netmask 0.0.0.0 else -@@ -116,39 +192,59 @@ +@@ -116,47 +192,117 @@ if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \ [ x$reason = xREBIND ] || [ x$reason = xREBOOT ]; then @@ -241,14 +241,21 @@ - route add default gw $router - done + -+ if grep -qs '^primary=yes' /dev/shm/sysconfig/if-${interface} 2>/dev/null ; ++ if test -f /etc/sysconfig/network/ifcfg-${interface} -o \ ++ -f /dev/shm/sysconfig/if-${interface} ; + then -+ eval `grep --no-filename '^[[:space:]]*DHCLIENT_SET_DEFAULT_ROUTE=' \ -+ /etc/sysconfig/network/dhcp -+ /etc/sysconfig/network/ifcfg-${interface} 2>/dev/null` ++ if grep -qs '^primary=yes' /dev/shm/sysconfig/if-${interface} 2>/dev/null ; ++ then ++ eval `grep --no-filename '^[[:space:]]*DHCLIENT_SET_DEFAULT_ROUTE=' \ ++ /etc/sysconfig/network/dhcp ++ /etc/sysconfig/network/ifcfg-${interface} 2>/dev/null` ++ else ++ eval `grep --no-filename '^[[:space:]]*DHCLIENT_SET_DEFAULT_ROUTE=' \ ++ /etc/sysconfig/network/ifcfg-${interface} 2>/dev/null` ++ fi + else + eval `grep --no-filename '^[[:space:]]*DHCLIENT_SET_DEFAULT_ROUTE=' \ -+ /etc/sysconfig/network/ifcfg-${interface} 2>/dev/null` ++ /etc/sysconfig/network/dhcp 2>/dev/null` + fi + if [ "$DHCLIENT_SET_DEFAULT_ROUTE" = yes ] ; then + for router in $new_routers; do @@ -272,52 +279,61 @@ + done + fi fi ++ if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ]; then -@@ -156,7 +252,41 @@ + ifconfig $interface:0- inet 0 ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg route add -host $alias_ip_address $interface:0 fi - make_resolv_conf ++ + if use_netconfig ; then + netconfig_modify + else + make_resolv_conf + fi -+ if grep -qs '^primary=yes' /dev/shm/sysconfig/if-${interface} 2>/dev/null ; ++ ++ if test -f /etc/sysconfig/network/ifcfg-${interface} -o \ ++ -f /dev/shm/sysconfig/if-${interface} ; + then -+ eval `grep --no-filename "^[[:space:]]*DHCLIENT_SET_HOSTNAME=" \ -+ /etc/sysconfig/network/dhcp -+ /etc/sysconfig/network/ifcfg-${interface} 2>/dev/null` ++ if grep -qs '^primary=yes' /dev/shm/sysconfig/if-${interface} 2>/dev/null ; ++ then ++ eval `grep --no-filename "^[[:space:]]*DHCLIENT_SET_HOSTNAME=" \ ++ /etc/sysconfig/network/dhcp ++ /etc/sysconfig/network/ifcfg-${interface} 2>/dev/null` ++ else ++ eval `grep --no-filename "^[[:space:]]*DHCLIENT_SET_HOSTNAME=" \ ++ /etc/sysconfig/network/ifcfg-${interface} 2>/dev/null` ++ fi + else + eval `grep --no-filename "^[[:space:]]*DHCLIENT_SET_HOSTNAME=" \ -+ /etc/sysconfig/network/ifcfg-${interface} 2>/dev/null` ++ /etc/sysconfig/network/dhcp 2>/dev/null` + fi + if [ "$DHCLIENT_SET_HOSTNAME" = yes ] ; then -+ + current_hostname=`hostname` + if [ "x${current_hostname%%.*}" = x ] || \ + [ "x${current_hostname%%.*}" != "x${new_host_name%%.*}" ]; then + -+ if [ "x${new_host_name%%.*}" != x ]; then -+ hostname "${new_host_name%%.*}" -+ else -+ if [ -x /usr/bin/host ] ; then -+ if out=`host -W 2 "$new_ip_address" 2>/dev/null` ; then -+ _hostname="`echo "$out" | sed 's:^.* ::; s:\..*::'`" -+ if [ "x${_hostname}" != x ]; then -+ hostname "${_hostname}" -+ fi ++ if [ "x${new_host_name%%.*}" != x ]; then ++ hostname "${new_host_name%%.*}" ++ else ++ if [ -x /usr/bin/host ] ; then ++ if out=`host -W 2 "$new_ip_address" 2>/dev/null` ; then ++ _hostname="`echo "$out" | sed 's:^.* ::; s:\..*::'`" ++ if [ "x${_hostname}" != x ]; then ++ hostname "${_hostname}" + fi + fi + fi ++ fi + fi -+ + fi ++ exit_with_hooks 0 fi -@@ -168,7 +298,7 @@ +@@ -168,7 +314,7 @@ fi if [ x$old_ip_address != x ]; then # Shut down interface, which will delete routes and clear arp cache. @@ -326,7 +342,7 @@ fi if [ x$alias_ip_address != x ]; then ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg -@@ -182,27 +312,37 @@ +@@ -182,27 +328,37 @@ ifconfig $interface:0- inet 0 fi ifconfig $interface inet $new_ip_address $new_subnet_arg \ diff --git a/dhcp-3.1.2p1-ldap-patch-mt.11.2-02.diff.bz2 b/dhcp-3.1.2p1-ldap-patch-mt.11.2-02.diff.bz2 new file mode 100644 index 0000000..47ba021 --- /dev/null +++ b/dhcp-3.1.2p1-ldap-patch-mt.11.2-02.diff.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bfe07920a26242850ea78fe5439e29b6f2f8e068618752849b72ab5ff8dbc449 +size 42845 diff --git a/dhcp-3.1.2p1.tar.gz b/dhcp-3.1.2p1.tar.gz new file mode 100644 index 0000000..1917dcf --- /dev/null +++ b/dhcp-3.1.2p1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e0cb405e0fef0ecebec7aaed294032a06178ff28be87498596e6069ccda4341e +size 792355 diff --git a/dhcp-3.1.2p1.tar.gz.asc b/dhcp-3.1.2p1.tar.gz.asc new file mode 100644 index 0000000..52aa80e --- /dev/null +++ b/dhcp-3.1.2p1.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iQEVAwUASj/23dgRtT8Le64AAQLfFAgAjKwtGHGpS9Jw5nEhqkiXUq6E+WPxAVAl +u59q6XS186MwbfZuOreTJBmh2MrD/EKqb642AJr6kZpw/EfuB4Bisd1iyqixH8pX +hQsmmpGis4QkPIBkEW6ktGEayeVEUE5r5PEmDvXEEs6kTxmMjOk5ZUpy3lsN2ZYN +OitmOTU4TbHyFyWVwRKWsRvozJrPvwMmMGEyNWcGKFF8O8ogJ5iWQAqaMWiRN8a0 +q+8/lU3IbT+ZUK8agFK28rohNsoSto41ABEcjG+xRY8YQDJVVJ+NJuzxnjB5ns/W +ELiEZhnJ+m8jyze0yR2qNlunudg2FBKIK8z4YVTUQvF0q0r99kAkig== +=BJvL +-----END PGP SIGNATURE----- diff --git a/dhcp.changes b/dhcp.changes index 0ceb26e..6aa2453 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,3 +1,51 @@ +------------------------------------------------------------------- +Wed Jul 29 14:05:41 CEST 2009 - mt@suse.de + +- Applied fix for a dhcp client id DoS (CVE-2009-1892, bnc#519413). + +------------------------------------------------------------------- +Wed Jul 29 12:47:46 CEST 2009 - mt@suse.de + +- Updated to dhcp-3.1.2p1 maintenance release fixing following + issues: + * A stack overflow vulnerability was fixed in dhclient that could + allow remote attackers to execute arbitrary commands as root on + the system, or simply terminate the client, by providing an + over-long subnet-mask option. + * A double-dereference in dhclient transmission of DHCPDECLINEs + was repaired. + * Fix handling of -A and -a flags in dhcrelay; it was failing + to expand packet size as needed to add relay agent options. + * Corrected list of failover state values in dhcpd man page. + * Fixed a bug that caused some request types to be logged + incorrectly. + * Fixed a coredump when adding a class via OMAPI. + * Clients that sent a parameter request list containing the + routers option before the subnet mask option were receiving + only the latter. Fixed. + * The server wasn't always sending the FQDN option when it should. + * A partner-down failover server no longer emits 'peer holds all + free leases' if it is able to newly-allocate one of the peer's + leases. + * A cosmetic bug in DHCPDECLINE processing was fixed which caused + all successful DHCPDECLINEs to be logged as "not found" rather + than "abandoned". + * Some failover debugging #defines have been better defined and + some high frequency messages moved to a deeper debugging symbol. + * The CLTT parameter in failover is now only updated by client + activity, and not by failover binding updates. + * Failover BNDUPD messages are now discarded if they conflict with + an update that has been trasnmitted, but not acknowledged. + * A bug cleaning up unknown-xxx temporary option definitions was + fixed. +- Removed obsolete dhclient-no-dereference-twice patch +- Improved dhclient-script to apply global dhcp settings, when + there is no interface config (bnc#480922). +- Enabled casa support in dhcp-ldap for >= sles 10 and => 11.1. +- Updated dhcp-3.1.2p1-ldap-patch-mt.11.2-02 merging all patches + flying around -- see http://www.suse.de/~mt/git/dhcp-ldap.git + and the git changelog at the begin of the patch. + ------------------------------------------------------------------- Mon Jan 19 15:58:38 CET 2009 - mt@suse.de diff --git a/dhcp.spec b/dhcp.spec index 4779228..b405f76 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -1,5 +1,5 @@ # -# spec file for package dhcp (Version 3.1.1) +# spec file for package dhcp (Version 3.1.2p1) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -22,16 +22,16 @@ Name: dhcp %define susefw2dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services %define omc_prefix /usr/share/omc %define omc_svcdir %{omc_prefix}/svcinfo.d -%define with_casa 0 -%if %{?with_casa:%with_casa} +%define with_casa 0%{?sles_version} >= 10 || 0%{?suse_version} >= 1110 +%if 0%{?with_casa:%with_casa} BuildRequires: CASA-devel %endif BuildRequires: dos2unix openldap2-devel -License: BSD 3-Clause +License: BSD 3-clause (or similar) Group: Productivity/Networking/Boot/Servers AutoReqProv: on -Version: 3.1.1 -Release: 9 +Version: 3.1.2p1 +Release: 1 Summary: Common Files Used by ISC DHCP Software Url: http://www.isc.org/isc/dhcp.html Source0: http://ftp.isc.org/isc/dhcp/dhcp-%{version}.tar.gz @@ -67,14 +67,7 @@ Patch4: dhcp-3.1.1-tmpfile.dif ## patch lives here: http://home.ntelos.net/~masneyb/ %define DHCPD_LDAP 1 %if %DHCPD_LDAP -Patch10: dhcp-3.0.5-ldap-patch_3.1.1.bz2 -Patch11: dhcp-3.0.5-ldap-patch_object-order.dif -Patch12: dhcp-3.0.5-ldap-patch_server_dn.dif -Patch13: dhcp-3.0.5-ldap-patch_host_brace.dif -Patch14: dhcp-3.0.6-ldap-patch_hwaddr-icase.dif -Patch15: dhcp-3.0.6-ldap-patch_external-dn.diff -Patch16: dhcp-3.1.1-ldap-patch_failover-obj.dif -Patch17: dhcp-3.1.1-ldap-patch_service-assoc-msg.dif +Patch10: dhcp-3.1.2p1-ldap-patch-mt.11.2-02.diff.bz2 %endif %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 Patch30: dhcp-3.1.1-pie.dif @@ -82,17 +75,17 @@ Patch30: dhcp-3.1.1-pie.dif Patch40: dhcp-3.1.1-dhclient-exec-filedes.dif Patch41: dhcp-3.1.1-dhclient-send-hostname-rml.dif Patch42: dhcp-3.1.1-dhclient-use-script-cmdline.dif -Patch43: dhcp-3.1.1-dhclient-no-dereference-twice.dif Patch50: dhcp-3.1.1-dhclient-conf.dif -Patch60: dhcp-3.1.1-dhclient-script.dif +Patch60: dhcp-3.1.2-dhclient-script.dif ## +Patch70: dhcp-3.1.1-CVE-2009-1892.bnc519413.dif Obsoletes: dhcp-base Provides: dhcp-base:/usr/bin/omshell PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build %package server -License: BSD 3-Clause +License: BSD 3-clause (or similar) Summary: ISC DHCP Server Group: Productivity/Networking/Boot/Servers Requires: net-tools dhcp @@ -101,7 +94,7 @@ Provides: dhcp_server dhcp:/usr/sbin/dhcpd AutoReqProv: on %package client -License: BSD 3-Clause +License: BSD 3-clause (or similar) Summary: ISC DHCP Client Group: Productivity/Networking/Boot/Clients Requires: net-tools dhcp /usr/bin/host @@ -111,7 +104,7 @@ Obsoletes: dhclient AutoReqProv: on %package relay -License: BSD 3-Clause +License: BSD 3-clause (or similar) Summary: DHCP Relay Agent Group: Productivity/Networking/Boot/Servers Requires: net-tools dhcp @@ -121,7 +114,7 @@ Obsoletes: dhcrelay AutoReqProv: on %package devel -License: BSD 3-Clause +License: BSD 3-clause (or similar) Summary: Header Files and Libraries for dhcpctl API Group: Development/Libraries/C and C++ Requires: dhcp = %{version} @@ -201,13 +194,6 @@ Authors: %patch4 -p0 %if %DHCPD_LDAP %patch10 -p1 -%patch11 -p0 -%patch12 -p0 -%patch13 -p0 -%patch14 -p0 -%patch15 -p0 -%patch16 -p0 -%patch17 -p0 %endif %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 %patch30 -p0 @@ -215,9 +201,9 @@ Authors: %patch40 -p0 %patch41 -p0 %patch42 -p0 -%patch43 -p0 %patch50 -p0 %patch60 -p0 +%patch70 -p0 ## find . -type f -name \*.cat\* -exec rm -f {} \; cp -p %{S:2} %{S:3} %{S:11} %{S:12} %{S:14} %{S:32} %{S:33} . @@ -232,8 +218,8 @@ dos2unix contrib/ms2isc/* %build export CFLAGS -CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing -Wno-unused -DEXTENDED_NEW_OPTION_INFO -DLDAP_DEPRECATED -DUSE_SSL -DPARANOIA" -%if %{?with_casa:%with_casa} +CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing -Wno-unused -DLDAP_DEPRECATED -DUSE_SSL -DPARANOIA" +%if 0%{?with_casa:%with_casa} CFLAGS="$CFLAGS -DLDAP_CASA_AUTH" %endif # seems obsolete (redefined reports) => double check @@ -490,1176 +476,3 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi %doc %{_mandir}/man3/dhcpctl.3.gz %changelog -* Mon Jan 19 2009 mt@suse.de -- Fixed dhclient-script to apply a dhcp provided MTU (bnc#467358). -* Thu Jan 15 2009 mt@suse.de -- Fix message about missed service/server association (bnc#392354). -- Applied missed patch with support for dhcpFailOverPeer objects - (failover peering definition) by S Kalyanasundaram (fate#303198). -* Thu Jan 15 2009 mt@suse.de -- Fixed init script to copy nsswitch.conf and all libnss libs to - the chroot jail to fix resolving via /etc/hosts (bnc#462851). -* Tue Dec 16 2008 mt@suse.de -- Fixed init scripts Required-Start/Stop tags to require network- - remotefs script, so all interfaces are up while start. -* Wed Nov 26 2008 coolo@suse.de -- prereq sysconfig to avoid warnings about missing - /etc/sysconfig/dhcp -* Mon Nov 24 2008 mt@suse.de -- Removed network-number request from dhclient.conf (bnc#443788). -* Tue Nov 11 2008 mt@suse.de -- Fixed dhclient-script to apply DHCLIENT_SET_HOSTNAME and - SET_DEFAULT_ROUTE policy correctly and inclusive of per - interface setings (bnc#426650). -- Fixed dhclient-script to make sure, the host name is set - as short-name even dhcp provides fqdn (bnc#418168) -- Fixed dhclient-script to translate all known dhcp options - to netconfig variables and unknown with dhclient prefix. -- Fixed dhclient.conf to request all netbios dhcp-options, - added also nds and mtu options. -* Fri Sep 12 2008 mt@suse.de -- Removed one of two option_state_dereference calls in dhclient.c - causing null pointer messages (not critical) in the log. -- Fixed a forgotten fi typo in the dhclient-script -* Mon Sep 08 2008 mt@suse.de -- Updated to dhcp-3.1.1, providing following major new features - compared to its 3.0.x derivative: - * A significantly enhanced Failover protocol implementation, - which: - + Implements MAC Address Affinity to reduce the frequency - of clients being assigned new IP addresses; - + Supports the assignment of failover-protected addresses - to legacy BOOTP clients; - + Implements a dynamic lease reservation system that provides - improved accounting of the use of fixed address assignments, - by allocating fixed addresses out of the pool of dynamic leases - + Improves tools and reduces operator oversight necessary for - maintaining a functioning system. - * Support for DHCP leasequery, and the VIVCO/VIVSO options, which - makes easy and comfortable integration with DOCSIS devices and - the environment in which they are used. - * Management of class and subclass statements via OMAPI - * Several server configuration options related to dynamic DNS - behavior - * Other new configuration functions, including "execute()", - which runs a shell command from within a dhcpd or dhclient - configuration file - For a full list of new features added in this release, please - observe the changes list. -- Adopted/merged patches, dropped obsolete dhcdbd (NM) patches. -* Fri Aug 22 2008 mt@suse.de -- Adopted dhclient-script and manual page to use /sbin/netconfig - that is replacing the modify_resolvconf mechanizm by default. -* Wed Aug 20 2008 mt@suse.de -- Updated to dhcp-3.0.7, a maintenance release containing several - bug fixes; since the 3.0.6 release this are: - * Fixed "--version" flag in dhcrelay. - * Clarified error message when lease limit exceeded - * Fixed a buffer overflow error which could have allowed a denial - of service under unusual server configurations - * Bug in octal parsing fixed. Thanks to Bernd Fuhrmann for the - report and fix. - * The warning logged when an address range doesn't fit in the - subnets they were declared has been updated to be more helpful - and identify the typo in configuration that created the - spanning addresses. - * The 'min-secs' configuration parameter's log message has been - updated to be more helpful. - * Fixed a bug in which write_lease() might report a failure - incorrectly. - * Bug in server configuration parser caused server to get stuck - on startup for certain bad pool declarations. Thanks to - Guillaume Knispel for the bug report and fix. - * Fixed file descriptor leak on listen failure. Thanks to Tom - Clark. - * Failover binding acks are now transmitted before new binding - updates (which may, very rarely, be related to a lease on the - ack queue). This eliminates a lease database inconsistency - bug, as the remote system relies upon the most recent message - it received from its peer. - * POOLREQ messages received within 30 seconds of one another are - ignored. - * 'lease imbalance' messages are not logged unless rebalance was - actually attempted ("ten percent" rule). - * A bug was fixed where the 'giaddr' may be used to find the - client's subnet rather than its own 'ciaddr'. - * A log message was introduced to clarify the situation where a - failover 'address' parameter (the server's local address) did - not resolve to an IPv4 address. - * When server is configured with options that it overrides, a - warning is issued when the configuration file is read, rather - than at the time the option is overridden. This was important, - because the warning was given every time the option was - overridden, which could create a lot of unnecessary logging. - * When a failover server suspects it has encountered a peer - running a version 3.1.x failover server, a warning that the - failover wire protocol is incompatible is printed. - * The failover server no longer issues a floating point error - if it encounters a previously undefined option code. - * A memory leak when using omapi has been fixed. -- Adopted dhcp-send-hostname-rml patch -- Removed obsolete dhcp-3.0.5-pool_eof patch -- Merged changes between server:isc-dhcp and openSUSE:Factory -- Removed down parameter from ifconfig calls in dhclient-script - because it destroys bonding interfaces and also conflicts with - an dhcpv6 client running on same interface (bnc#410905). -* Wed Aug 20 2008 skalyanasundaram@novell.com -- Added missing DNs (dhcpZoneDN, dhcpFailOverPeerDN) to list of - external references. -* Fri Jun 27 2008 mt@suse.de -- Added /etc/openldap directory to the file list of the dhcp-server - package, because it is not provided by the ldap package any more. -* Fri May 23 2008 mt@suse.de -- Don't set parts of host error messages as hostname (bnc#389668). -* Mon May 19 2008 mt@suse.de -- Documentation updates for DDNS-howto.txt (bnc#359977). -* Fri Apr 04 2008 mt@suse.de -- Changed the list of dhcp options required by the dhcp-client in - the server response to not to enforce the domain-name-servers - option availiability (bnc#331964). -- Fixed too long error messages server init script (bnc#353589). -- Renamed/renumbered patches modifying the dhclient.conf file. -- Fixed the dhclient-script to add explicit host route to default - gateway when it is not reachable via interface route created by - ifconfig based on the IP and netmask (e.g. /32) values provided - by dhcp server (bnc#266215). -- Fixed ntp configuration feature in dhclient-script to try-restart - the ntp service to apply the server changes. Changed to use new - per interface server list to avoid merge problems (bnc#375746). -* Tue Apr 01 2008 mkoenig@suse.de -- remove dir /usr/share/omc/svcinfo.d as it is provided now - by filesystem -* Tue Dec 04 2007 mt@suse.de -- Bug #343069: Added dhcp-server compatibility workaround to search - for lower- and upper-case MAC addresses in the dhcpHWAddress LDAP - attributes. New patch: dhcp-3.0.6-ldap-patch_hwaddr-icase.dif -* Mon Nov 19 2007 mt@suse.de -- Disabled script setting in the /etc/dhclient.conf, - because it overrides the -sf command line option. -* Fri Aug 24 2007 mt@suse.de -- Removed getcfg interface config to interface name conversions -* Mon Jul 30 2007 thoenig@suse.de -- dhcp-3.0.3-dhclient-script-dhcdbd.patch: dbus-send is now located - in /bin -* Thu Jul 19 2007 mt@suse.de -- Updated to 3.0.6, a maintenance release containing fixes - for bugs discovered since DHCP 3.0.5, but no new features. - See the RELNOTES file for full list of changes. -- Adopted dhcp-3.0rc10.filedes.dif patch - new patch file name: dhcp-3.0.6-dhclient-exec-filedes.dif -- Bug #289933: Let dhclient request netbios-name-servers as well; - old patch file name: dhcp-3.0.5-dhclient-nis-ntp.patch - new patch file name: dhcp-3.0.6-dhclient-requests-conf.patch -- Removed $local_fs from init-scripts, included in $remote_fs. -* Wed Jun 27 2007 anschneider@suse.de -- Added support for ntpd runtime configuration - new patch file: dhcp-3.0.6-dhclient-script-ntp-runtime.patch -* Wed Jun 27 2007 lmuelle@suse.de -- Let dhclient request ntp-servers by default. -* Tue May 22 2007 mt@suse.de -- Bug 275592: Added ldap and ndsd to the Should-Start/Stop LSB - init info tags of the dhcp-server init script. -- Bug #241113: Added copying of /etc/openldap/ldap.conf and - more base libraries into the chroot jail. -* Mon May 14 2007 mt@suse.de -- Bug #265337: Fix to generate proper "host ... {" block begin - brace even if no harware address is specified for the host. - New patch file: dhcp-3.0.5-ldap-patch_host_brace.dif -- Bug #258493: Fix to support new dhcpServerDN reference in - dhcpService object search filter. - New patch file: dhcp-3.0.5-ldap-patch_server_dn.dif -- Fixed LSB init info to use LSB 2.0 Should-Start/Should-Stop. -* Thu Mar 15 2007 mt@suse.de -- Bug #181212: Improved dhcp init-script to copy directories - specified in the DHCPD_CONF_INCLUDE_FILES sysconfig variable - into the chroot jail. -* Wed Mar 14 2007 mt@suse.de -- Bug #247365: Added installation of dhcp-server SuSEfirewall2 - service definition file. -* Tue Mar 13 2007 mt@suse.de -- Updated to dhcp-3.0.5-ldap-patch.gz, released on 2007-02-23 - fixing a parsing bug in dhcpd-conf-to-ldap.pl script to handle - correctly quoted string containing spaces. - Further, it includes our fixes and obsoletes following patches: - * dhcp-3.0.5-ldap-patch-strncat.dif - * dhcp-3.0.5-ldap-patch-casa-fix.dif - * dhcp-3.0.5-ldap-patch-dhcp-cn.dif - * dhcp-3.0.5-ldap-patch-schema.dif - * dhcp-3.0.5-ldap-patch-nomd5.dif - * dhcp-3.0.5-ldap-patch-referrals.dif - * dhcp-3.0.5-ldap-patch-ssl-opts.dif - * dhcp-3.0.5-ldap-patch-ldap_read.dif -- Bug #250153: Fix for object order related parse error, that - occured in case an dhcp-ldap object referencing a dhcp-tsigkey, - class or failoverpeer object was parsed before the declaration - of the referenced objects, because of the order in ldap result. - New patch file: dhcp-3.0.5-ldap-patch_object-order.dif -* Tue Feb 20 2007 mt@suse.de -- Bug #162186: Added check for EOF in parse_pool_statement to - avoid endless recursion loop between parse_pool_statement - and parse_statement when a closing right brace "}" is missed - at the end of a pool declaration in /etc/dhcpd.conf. - New patch file: dhcp-3.0.5-pool_eof.dif -- Fixed ldap_read_function to avoid returning of empty strings - causing parsing errors in ldap-dynamic mode. - New patch file: dhcp-3.0.5-ldap-patch-ldap_read.dif -* Thu Jan 25 2007 mt@suse.de -- Updated to dhcp-3.0.5-ldap-patch.gz, providing several fixes: - * unbind from the LDAP server after the config file has been ran - if the server is being ran in static mode - * fixed ldap_read_function bug where the entire configuration - was not being processed - and extensions / enhancements: - * added functions for reading config values from the config - file to clean up the ldap_start() function. - * new ldap-server-cn option that will be used to locate the - data in ldap; defaults to the hostname as before (FATE #227). - * while host is added in the ldap-method dynamic mode, try to - find if it belongs to a group and apply the group options too. - * modifies the dhcpHWAddress attribute to case-insensitive, adds - several new objectclasses, e.g. dhcpLocator, dhcpTsigKey, - dhcpDnsZone,dhcpFailOver to the dhcp.schema. - * implements support for dhcpTsigKey, dhcpDnsZone and related. - * implements auth password query via casa. -- Adopted ldap-patch-strncat, removed ldap-patch-nossl obsoleted by - ldap-patch-nomd5. New patch: dhcp-3.0.5-ldap-patch-strncat.dif -- Added dhcp-3.0.5-ldap-patch-nomd5.dif linking the dhcp-server - with md5 functions from openssl library instead of own copy. -- Added dhcp-3.0.5-ldap-patch-casa-fix.dif, fixing casa support -- Added dhcp-3.0.5-ldap-patch-dhcp-cn.dif, renaming the dhcpd.conf - ldap-server-cn option to more clear ldap-dhcp-server-cn. -- dhcp-3.0.5-ldap-patch-schema.dif -- Added dhcp-3.0.5-ldap-patch-referrals.dif, implementing support - for LDAP referrals, introducing new "ldap-referrals " - option in dhcpd.conf. -- Added dhcp-3.0.5-ldap-patch-ssl-opts.dif enabling/implementing - TLS/LDAPS support. Adds new "ldap-ssl " - and several "ldap-tls-*" options for dhcpd.conf. By default, the - server trys to use TLS if possible, but continues without if not. -* Tue Jan 09 2007 mt@suse.de -- Added installation of dhcpd.xml, dhcpd service description - for omc xml-service-provider, fate #301710. -- fix of the ldap-patch strncat fix, bug #202648 -* Wed Nov 08 2006 mt@suse.de -- fix for strncat usage in ldap-patch, bug #202648 -* Tue Nov 07 2006 mt@suse.de -- updated to 3.0.5, bug #212310: - * This release is a maintenance release that seeks to correct bugs - introduced in 3.0.4 or prior. The most important of these bugs - is for 64-bit time_t systems that was introduced in 3.0.4. - * If you are upgrading from ISC DHCP 3.0.3 or prior and are using - failover, please take special care of the 'atsfp' values now - included on failover-controlled leases. See the RELNOTES file. -- adopted dhcp-3.0.4-tmpfile.dif (now dhcp-3.0.5-tmpfile.dif) -- added to provide gpg signature of the tar archive as rpm-source -* Tue Oct 17 2006 poeml@suse.de -- there is no SuSEconfig.syslog script anymore, thus remove the - YaST hint from the sysconfig template -* Fri Jun 09 2006 poeml@suse.de -- upstream 3.0.4: - * fix an insidious bug in the failover implementation which, if - left unchecked, could result in tying up all leases in - transitional states (such as released, reset, or expired) - * fix a confusing (wrong) syslog line, logged by during DDNS update - * The server now tries harder to survive the condition where it is - unable to open a new lease file to rewrite the lease state - database. - * several other small bug fixes -- update ldap patch. It now supports ldap over ssl, but we don't - enable it and add dhcp-3.0.4-ldap-patch-nossl.dif, because at the - moment there seems to be a choice between linking dhclient - against ldap+ssl libs (not in /lib) or risking clash between - openssl and isc's md5 symbols. (At least, I assume that this is - the reason why the ldap patch now removes the isc implementation - from the build.) Thus, I readd the patch which added ldap libs to - LIBS in the server subdir only, via ./configure -- if /etc/sysconfig/dhcpd:DHCPD_INTERFACE is set to "ANY", dhcpd - will now autodetect available network interfaces -* Fri Jun 02 2006 poeml@suse.de -- allow for build on SUSE Linux 9.3 and older (no -fpie) -- clean up all CFLAGS/DEBUG_FLAGS definitions -* Tue May 16 2006 poeml@suse.de -- add s390x to the list of platforms to compile with -fsigned-char - to avoid the dhclient.conf parse error "expecting a statement" - [#171532], [#134590] -* Thu May 04 2006 rml@suse.de -- Add "-H" flag for setting hostname (Novell major bug #139532) -* Wed Mar 29 2006 poeml@suse.de -- fix two further include paths in dhcpctl.3 and omapi.3 -* Wed Mar 29 2006 poeml@suse.de -- package the static libdst.a library [#158271] -- fix the include path in dhcpctl.3 and omapi.3 [#158271] -* Fri Jan 27 2006 mls@suse.de -- converted neededforbuild to BuildRequires -* Wed Jan 25 2006 poeml@suse.de -- dereference links when copying stuff into the chroot jail [#145169] -* Mon Jan 23 2006 thoenig@suse.de -- dropped dhcp-3.0.3-dhclient-nm_active-01-thoenig.patch. Correct - solution is being implemented in NetworkManager -* Sat Jan 14 2006 thoenig@suse.de -- replaced 'nis-domain-servers' by 'nis-servers' in - dhcp-3.0.3-dhclient-nis-01-thoenig.patch (follow-up #134160) -* Fri Jan 13 2006 thoenig@suse.de -- add 'nis-domain' and 'nis-domain-servers' to 'request' - dhclient.conf (dhcp-3.0.3-dhclient-nis-01-thoenig.patch). If - the DHCP reply contains information about NIS, NM will set those. - (#134160) -- extended /sbin/dhclient-script to set domain name and host name. - This will only happen if the relevant options in - /etc/sysconfig/network/dhcp are set. - (dhcp-3.0.3-dhclient-nm_active-01-thoenig.patch) (#134160) -* Mon Nov 28 2005 poeml@suse.de -- compile with -fsigned-char on ppc/ppc64, avoiding the - dhclient.conf parse error "expecting a statement" [#134590] -* Mon Sep 26 2005 ro@suse.de -- define LDAP_DEPRECATED in CFLAGS -* Wed Aug 03 2005 poeml@suse.de -- update to 3.0.3 - * A bug was fixed in BOOTPREQUEST handling code wherein stale - references to host records would be left behind on leases that - were not allocated to the client currently booting (eg in the - case where the host was denied booting). - * The dhcpd.conf.5 manpage was updated to be more clear in - regards to multiple host declarations (thanks to Vincent - McIntyre). 'Interim' style dynamic updates were also - retouched. - * dhclient.conf documentation for interface {} was updated to - reflect recent discussion on the dhcp-hackers mailing list. -- update ldap patch, patches merged upstream -- compile with LPF instead of bsd sockets. Provide optional binary - compiled with bsd sockets. -- README: describe how to serve option 119 (searchlist), add dns - compression tool -* Tue Jul 12 2005 hare@suse.de -- build with pie/PIE depending on architecture. -* Thu Jun 30 2005 gekker@suse.de -- Add -DEXTENDED_NEW_OPTION_INFO to CFLAGS for rml -* Tue Jun 28 2005 gekker@suse.de -- Add support for dhcdbd, patches from RH via rml -* Mon Jun 20 2005 ro@suse.de -- build with pie/fpie -* Mon Jun 13 2005 kukuk@suse.de -- Don't use kernel types in user space -* Fri Apr 08 2005 poeml@suse.de -- update to 3.0.3b1 release. Changes since 3.0.2: - * A bug was fixed where a server might load balance a DHCP REQUEST to its - peer after already choosing not to load balance the preceeding DISCOVER. - The peer cannot allocate the originating server's lease. - * In the case where a secondary server lost its stable storage while the - primary was still in communications-interrupted, and came back online, - the lease databases would not be fully transferred to the secondary. - This was due to the secondary errantly sending an extra UPDREQ message - when the primary made its state transition to PARTNER-DOWN known. - * The package will now compile cleanly in gcc 3.3 and 3.4. As a side effect, - lease structures will be 9 bytes smaller on all platforms. Thanks to - Jason Vas Dias at Redhat. - * Interface discovery code in DISCOVER_UNCONFIGURED mode is now - properly restricted to only detecting broadcast interfaces. Thanks - to a patch from Jason Vas Dias at RedHat. - * decode_udp_ip_header was changed so that the IP address was copied out - to a variable, rather than referenced by a pointer. This enforces 4-byte - alignment of the 32-bit IP address value. Thanks to a patch from Dr. - Peter Poeml. - * An incorrect log message was corrected thanks to a patch from - Dr. Peter Poeml. - * A bug in DDNS was repaired, where if the server's first DDNS action was - a DDNS removal rather than a DDNS update, the resolver library's - retransmit timer and retry timer was set to the default, implying a - 15 second timeout interval. Which is a little excessive in a synchronous, - single-threaded system. In all cases, ISC DHCP should now hold fast to - a 1-second timeout, trying only once. - * The siaddr field was being improperly set to the server-identifier when - responding to DHCP messages. RFC2131 clarified the siaddr field as - meaning the 'next server in the bootstrap process', eg a tftp server. - The siaddr field is now left zeroed unless next-server is configured. - * mockup_lease() could have returned in an error condition (or in the - condition where no fixed-address was found matching the shared - network) with stale references to a host record. This is probably not - a memory leak since host records generally never die anyway. - * A bug was repaired where failover servers would let stale client identifiers - persist on leases that were reallocated to new clients not sending an id. - * Binding scopes ("set var = value;") are now removed from leases allocated - by failover peers if the lease had expired. This should help reduce the - number of stale binding scopes on leases. - * A small memory leak was closed involving client identifiers larger than - 7 bytes, and failover. - * Configuring a subnet in dhcpd.conf with a subnet mask of 32 bits might - cause an internal function to overflow heap. Thanks to Jason Vas Dias - at Redhat. - * Some inconsistencies in treating numbers that the lexer parsed as 'NUMBER' - or 'NUMBER_OR_NAME' was repaired. Hexadecimal parsing is affected, and - should work better. - * In several cases, parse warnings were being issued before the lexical - token had been advanced to the token whose value was causing an error... - causing parse warnings to claim the problem is on the wrong token. - * Host declarations matching on client identifier for dynamic leases will - no longer match fixed-address host declarations (this is now identical - to behaviour for host records matching on hardware address). -- print error if binary DHCPD_BINARY is not found [#76392] -- remove patches incorporated upstreams -- update ssh forced command example in dhcpsync man page -* Mon Feb 21 2005 poeml@suse.de -- update to 3.0.2 release. Changes since 3.0.2rc3: - * A previously undocumented configuration directive, - 'local-address', was documented in the dhcpd.conf manpage. -* Tue Feb 08 2005 mt@suse.de -- Bug #49433: try to reconnect to ldap server if it was down; - ignore SIGPIPE while ldap_unbind called on closed handle. - = new patch file: dhcp-3.0.2-ldap-reconnect.mt.dif.gz -* Tue Dec 07 2004 poeml@suse.de -- update to 3.0.2rc3. Changes since rc2: - * Two variables introduced in 3.0.2b1 were used without being - initialized in the case where neither the FILE nor SNAME fields - were available for overloading. This was repaired. - * A heretofore believed to be impossible corner case of the - option overloading implementation turned out to be possible - ("Unable to sort overloaded options after 10 tries."). The - implementation was reworked to consider the case of an option - so large it would require more than three chunks to fit. - * Many other instances of variables being used without being - initialized were repaired. - * An uninitialized variable in omapi_io_destroy() led to the - discovery that this function may result in orphaned pointers - (and hence, a memory leak). -- refresh the unaligned.patch -* Tue Nov 30 2004 poeml@suse.de -- update to 3.0.2rc2. Changes since 3.0.1: - * allocate_lease() was rewritten to repair a bug in which the server would - try to allocate an ABANDONED lease when FREE leases were available. - * Some dhcp-eval.5 manpage formatting was repaired. - * A bug was fixed in the server's 'option overloading' implementation, - where options loaded into the 'file' and 'sname' packet fields were - not aligned precisely as rfc2131 dictates. - * The FreeBSD client script was changed to support the case where a domain - name was not provided by the server. - * A memory leak in 'omshell' per each command line parsed was - repaired, thanks to a patch from Jarkko Torppa. - * Log functions writing to stderr were adjusted to use the STDERR_FILENO - system definition rather than '2'. This is a no-op for 90%% of platforms. - * One call to trace_write_packet_iov() counted the number of io vectors - incorrectly, causing inconsistent tracefiles. This was fixed. - * Some expression parse failure memory leaks were closed. - * A host byte order problem in tracefiles was repaired. - * Pools configured in DHCPD for failover possessing permission lists that - previously were assumed to not include dyanmic bootp clients are now - a little more pessimistic. The result is, dhcpd will nag you about just - about most pools that possess a 'allow' statement with no 'deny' that - would definitely match a dynamic bootp client. - * The 'ddns-update-style' configuration warning bit now insists that - the configuration be globally scoped. - * Two memory leaks in dhclient were closed thanks to a patch from Felix - Farkas. - * Some minor but excellently pedantic documentation errors were fixed - thanks to a patch from Thomas Klausner. - * Bugs in operator precedence in executable statements have been repaired - once again. More legal syntaxes should be parsed legally. - * Failing to initialize a tracefile for any reason if a tracefile was - specified is now a fatal error. Thanks to a patch from Albert Herranz. - * Corrected a bug in which the number of leases transferred as calculated - by the failover primary and sent to peers in POOLRESP responses may be - incorrect. This value is not believed to be used by other failover - implementations, excepting perhaps as logged information. - * Corrected a bug in which 'dhcp_failover_send_poolresp()' was in fact - sending POOLREQ messages instead of POOLRESP mesasges. This message - was essentially ignored since failover secondaries effectively do not - respond to POOLREQ messages. - * Type definitions for various bitwidths of integers in the sunos5-5 - build of ISC DHCP have been fixed. It should compile and run more - easily when built in 64-bit for this platform. - * "allow known-clients;" is now a legal syntax, to avoid confusion. - * If one dhcp server chooses to 'load balance' a request to its failover - peer, it first checks to see if it believes said peer has a free - lease to allocate before ignoring the DISCOVER. - * log() was logging a work buffer, rather than the value returned by - executing the statements configured by the user. In some cases, - the work buffer and the intended results were the same. In some other - cases, they were not. This was fixed thanks to a patch from Gunnar - Fjone and directconnect.no. - * Compiler warnings for some string type conversions was fixed, thanks - to Andreas Gustafsson. - * The netbsd build environments were simplified to one, in which - -Wconversion is not used, thanks to Andreas Gustafsson. - * How randomness in the backoff-cutoff dhclient configuration variable - is implemented was better documented in the manpage, and the behaviour - of dhclient in REQUEST timeout handling was changed to match that of - DISCOVER timeout handling. - * Omapi was hardened against clients that pass in null values, thanks - to a patch from Mark Jason Dominus. - * A bug was fixed in dhclient that kept it from doing client-side - ddns updates. Thanks to a patch from Andreas Gustafsson, which - underwent some modification after review by Jason Vas Dias. - * Failover implementations disconnected due to the network between - them (rather than one of the two shutting down) will now try to - re-establish the failover connection every 5 seconds, rather than - to simply try once and give up until one of them is restarted. - Thanks to a patch from Ulf Ekberg from Infoblox, and field testing - by Greger V. Teigre which led to an enhancement to it. - * A problem that kept DHCP Failover secondaries from tearing down - ddns records was repaired. Thanks to a patch from Ulf Ekberg from - Infoblox. - * 64bit pointer sizes are detected properly on FreeBSD now. - * A bug was repaired where the DHCP server would leave stale references - to host records on leases it once thought about offering to certain - clients. The result would be to apply host and 'known' scopes to the - wrong clients (possibly denying booting). NOTE: The 'mis-host' patch - that was being circulated as a workaround is not the way this bug was - fixed. If you were a victim of this bug in 3.0.1, you are cautioned - to proceed carefully and see if it fixes your problem. - * A bug was repaired in the server's DHCPINFORM handling, where it - tried to divine the client's address from the source packet and - would get it wrong. Thanks to Anshuman Singh Rawat. - * A log message was introduced to help illuminate the case where the - server was unable to find a lease to assign to any BOOTP client. - Thanks to Daniel Baker. - * A minor dhcpd.conf.5 manpage error was fixed. -- update ldap patch (11/8/2004 version) -* Thu Nov 11 2004 ro@suse.de -- fixed file list for devel package -* Thu Sep 23 2004 poeml@suse.de -- sysconfig.dhcpd, sysconfig.dhcrelay: give examples how to use - configuration names instead of interface names -* Thu Aug 05 2004 poeml@suse.de -- update to 3.0.1 - * The global variable 'cur_time' was centralized and is now - uniformly of a type #defined in system-dependent headers. It - had previously been defined in one of many places as a 32-bit - value, and this causes mayhem on 64-bit big endian systems. It - probably wasn't too healthy on little endian systems either. - * A printf format string error introduced in rc14 was repaired. - * AIX system-dependent header file was altered to only define - NO_SNPRINTF if the condition used to #ifdef in vsnprintf in - AIX' header files is false. - * The Alpha/OSF system-dependent header file was altered to - define NO_SNPRINTF on OS revisions older than 4.0G. - * omapip/test.c had string.h added to its includes. -- drop obsolete dhcp-curtimetype.patch -- cope with missing files during chroot setup (e.g., if no - resolv.conf exists) [#40728] -- remove duplicated option "-cf" from usage output -- add notes about the used raw socket API to README -* Fri Jul 16 2004 poeml@suse.de -- update to 3.0.1rc14 -- remove obsolete patches and adapt dhcp-3.0.1rc13-tmpfile.dif -- dhcpsync: use try-restart (so the server isn't started if it has - been stopped) -- remove notify messages that are sent to root -- check if dhcpd was active at boot time before update and - restore runlevel links if needed [#41215], and PreRequires for - that -* Mon Jun 14 2004 poeml@suse.de -- security fixes [#41975]: - - fix buffer overflow in the DHCP server that can be exploited by - the client by specifying multiple 'hostnames' to execute - arbitrary code or at least crash the server. VU#317350 - - add patch to use vsnprintf() instead of vsprintf() calls. - VU#654390 -* Fri May 14 2004 poeml@suse.de -- fix sysconfig comment and DHCPD_RUN_AS default [#40174] -* Thu May 13 2004 poeml@suse.de -- improve security of the chroot jail setup by creating a dedicated - user id for the server, and move the leases database into a - subdirectory (/var/lib/dhcp/db). With the exception of that - subdirectory the chroot jail is now owned by root. [#40174] Use - mkstemp to create temporary files. [#40267] -- don't use startproc to start dhcpd, because startproc waits a - fixed time (100 msec) until it decides whether the service is - running or not. Now that dhcpd might have to contact an LDAP - server first to read its configuration, starting up can take - longer than that, and the init script would falsely report - "success" even when the server cannot start up due to broken - configuration or non-existant interfaces. Increasing the - startproc timeout (-t) is not a real alternative because, because - it would imply a fixed dely to the init script, and it might - still be too short. [#40350] -* Tue May 04 2004 poeml@suse.de -- convert configuration names in DHCPD_INTERFACE / - DHCRELAY_INTERFACES into interface names [#39718] -- fix service restart for the case where the binary has been - switched for backward compatibility during updating. -- do not change DHCPD_BINARY for backward compatibility if updating - from 9.0. This and the last change complete the fix for [#38422] - and take care of updates from 8.1-9.1 with and without YOU - updates. -* Fri Apr 30 2004 poeml@suse.de -- additionally package the dhcpd binary that uses the Linux packet - filter API. New option DHCPD_BINARY in sysconfig.dhcpd. [#38422] -- when updating from a previous package using LPF API, retain the - old behaviour. Fix init script so that 'stop' works also after a - switch of DHCPD_BINARY. -* Thu Apr 22 2004 mt@suse.de -- updated to dhcp-3.0.1rc13-ldap-patch also obsolating the - patches: dhcp-ldap-fix01.dif, dhcpd-conf-to-ldap.pl.dif -- added dhcp-3.0.1rc13-ldap.mt.dif, providing diverse fixes - and basic failover support for server/ldap.c -- added dhcpd-conf-to-ldap.mt.dif providing failover support - to dhcpd.conf convert script -* Thu Mar 25 2004 mt@suse.de -- applied dhcp-3.0.1rc12-ldap-patch adding support to store - dhcp configuration in ldap (incl. draft ldap schema). - further patches: - - dhcp-ldap-fix01.dif: fixes for server/ldap.c (debuging - output, support for block statements, ...) - - dhcpd-conf-to-ldap.pl.dif: fixes for convert script -* Wed Feb 25 2004 poeml@suse.de -- the genDDNSkey script has been moved to the bind-utils package -- update the DDNS-howto.txt -- package leases.awk (dhcpd.leases analyzer) (courtesy of Jeff Wilson) -- update to 3.0.1rc13 - - Fixed a bug in omapi lease lookup function, to form the - hardware address for the hash lookup correctly - - The 'ping timeout' debugs from rc12 were removed to -DDEBUG - only - - Fixed a case where leases read from the leases database do not - properly over-ride previously read leases. - - Fixed a bug where dhcrelay was sending relayed responses back - to the broadcast address, but with the source's unicast mac - address. Should now conform to rfc2131 section 4.1. - - Fixed a crash bug in dhclient where dhcpd servers that do not - provide renewal times results in an FPE. As a side effect, - dhclient can now properly handle 0xFFFFFFFF (-1) expiry times - supplied by servers. - - dhcpctl.3 manpage was tweaked. -- the files CHANGES and COPYRIGHT have vanished, package LICENSE - instead -* Sun Jan 11 2004 adrian@suse.de -- build as user -* Tue Nov 18 2003 poeml@suse.de -- if starting dhcpd in chroot jail, and a pid file is present in - the jail, and the pid file does not contain a pid of a running - dhcpd process, but that of another _running_ process, remove - that pid file. [#32603] -- fix typo in dhcp.LIESMICH -- DDNS-howto.txt: adjust changed path -- DDNS-howto.txt: instead of the shell variables (they were copy - and paste'd from a script), use a real example (makes it easier) -- add a comment in sysconfig.dhcpd that entire directories may be - included -- dhcpsync: if run from the commandline, do not use an identity - that ssh-agent may hold, but use $KEY instead -- dhcpsync.8: add a note about a know limitation -* Tue Nov 18 2003 poeml@suse.de -- fix wrong ServiceRestart tags in sysconfig/dhcrelay [#32062] -* Fri Oct 17 2003 uli@suse.de -- fixed data type mismatch in libomapi, only harmful on 64-bit - BE systems (ppc64, s390x, bug #32123) -* Mon Sep 08 2003 poeml@suse.de -- update to 3.0.1rc12 - - a failover bug relating to identifying peers by name length - instead of by name was fixed - - declaring failover configs within shared-network statements - should no longer result in error - - a problem with lease expiry times in failover configurations - was fixed - - reverse dns PTR record updates with values containing spaces - are now permitted - - problems with long option processing fixed - - fixes to minires so that updates of KEY records will work - - memory leak in configuration parsing closed - - non-broadcast or point-to-point interfaces are now ignored - - options not yet known by the dhcpd or dhclient now appear as - e.g. "unknown-144" rather than "#144" in the leases file, to - avoid the hash marks - - dhclient no longer uses shell commands to kill another instance - of itself, it sends the signal directly. - - the -nw command line option to dhclient now works -- dhcp-3.0.1rc10-dhcrelay-limit-hopcount.dif included upstreams -- added contrib/ms2isc (converts Microsoft DHCP server configuration) -* Mon Sep 08 2003 poeml@suse.de -- mark dhclient's lease database %%config(noreplace) -* Wed Sep 03 2003 kukuk@suse.de -- Really fix [#29405], server should not provide and obsolete dhcp. -* Wed Aug 27 2003 poeml@suse.de -- don't provide/require dhcp-base. Require dhcp instead [#29405] -* Tue Aug 26 2003 poeml@suse.de -- add Config: syslog-ng to sysconfig.syslog-dhcpd -* Fri Aug 15 2003 poeml@suse.de -- use -Wall -Wno-unused -- add -fno-strict-aliasing, due to warnings about code where - dereferencing type-punned pointers will break strict aliasing -- add activation metadata to sysconfig template [#28864, [#28865], - [#28950] -* Tue Aug 12 2003 poeml@suse.de -- rc.dhcpd, rc.dhcrelay: implement try-restart correctly -- cleaned up the root mail, and the READMEs [#27214], [#26266] -- send the root mail only on update [#27214] -- have no default value in /etc/sysconfig/dhcpd:DHCPD_INTERFACE -- in client's %%post, send a mail only when rc.config is encountered -- clean buildroot, but not in chroot buildsystem -- the SuSE string is now replaced by UnitedLinux where appropriate -- rename the "dhcp-base" package to "dhcp", so there is a binary - package matching the name of the source package [#17668] -- use the lately added macros only on newer distributions -* Wed Jul 30 2003 poeml@suse.de -- new macros for stop/restart of services on rpm update/removal -* Mon Jul 28 2003 poeml@suse.de -- when copying include files into the chroot jail, create - subdirectories as needed, thus retaining the path to the files -* Sun Jul 27 2003 poeml@suse.de -- don't explicitely strip binaries since RPM handles it, and may - keep the stripped information somewhere -* Mon Jun 16 2003 poeml@suse.de -- add some notes to DDNS-howto.txt, kindly provided by Andrew Beames -- fix typo in genDDNSKey.sh -* Wed May 21 2003 mmj@suse.de -- Implement try-restart correctly in init-script -* Mon May 19 2003 poeml@suse.de -- update to 3.0.1rc11, relevant fixes are - - Potential buffer overflows in minires repaired. - - A correction of boolean parsing syntax validation - some illegal syntaxes - that worked before are now detected and produce errs, some legal syntaxes - that errored before will now work properly. - - Some search-and-replace errors that caused some options to change their - names was repaired. - - Shu-min Chang of the Intel corporation has contributed a perl script and - module that converts the MS NT4 DHCP configuration to a ISC DHCP3 - configuration file. - - Applied the remainder of the dhcpctl memory leak patch provided by Bill - Squier at ReefEdge, Inc. (groo@reefedge.com). - - Missing non-optional failover peer configurations will now result in a soft - error rather than a null dereference. -- use BSD sockets instead of LPF (makes iptables filtering of - packages possible for server and relay. It doesn't work on the - client, though, so that one requires seperate compilation.) See - Message-Id: <5.1.0.14.0.20030408175011.00b9c7c0@pop.itd.nrl.navy.mil> -* Thu Mar 13 2003 poeml@suse.de -- rcdhcpd, rcdcrelay: do not write the startup log to a world - writable directory [#25241] -* Mon Mar 03 2003 poeml@suse.de -- don't try to copy libraries into the chroot jail that do not - exist (any longer) [#24533] -- remove the %%ghost filelist entries for pid files and chroot jail - contents [#20030]. Clean up the libraries from the jail when the - server is stopped. -- dhcrelay: add patch from Florian Lohoff (slightly modified), - that makes the maximal hop count of forwarded packages - configurable (-c maxcount), sets the default to 4, and rejects - packages with a hop count higher than maxcount (CAN-2003-0039, - http://www.kb.cert.org/vuls/id/149953). Add a variable to - /etc/sysconfig/dhcrelay to pass such additional options. -* Wed Feb 12 2003 mmj@suse.de -- Added sysconfig metadata [#22631] [#22632] [#22696] -* Tue Dec 10 2002 okir@suse.de -- Added security patch from ISC -* Thu Dec 05 2002 poeml@suse.de -- update to 3.0.1rc10. relevant fixes: - - A Linux-specific Token Ring detection problem was fixed. - - Hashes removed from as-yet-unknown agent options, having those - options appear in reality before we know about them will no - longer produce self-corrupting lease databases. - - dhclient will use the proper port numbers now when using the -g - option. - - A order-of-operations bug with 2 match clauses in 1 class - statement is fixed thanks to a patch from Andrew Matheson. - - A fix to the dhcp ack process which makes certain group options - will be included in the first DHCPOFFER message was made thanks - to a patch from Ling Gou. - - A few memory leaks were repaired thanks to patches from Bill - Squier at ReefEdge, Inc. (groo@reefedge.com). - - A fix for shared-networks that sometimes give clients options - for the wrong subnets (in particular, 'option routers') was - applied, thanks to Ted Lemon for the patch. - - Omshell's handling of dotted octets as values was changed such - that dots one after the other produce zero values in the - integer string. -- due to the upstream fixes: drop the reactivate-tr-support.dif and - format.dif -- retrofitted the (server) package to work for old distributions - down to 7.2 -* Fri Nov 29 2002 schwab@suse.de -- Fix unaligned access. -* Mon Nov 04 2002 poeml@suse.de -- update DDNS-howto.txt for BIND9 -- add genDDNSKey.sh to create a key for BIND8/9 -- add comments about DDNS to the dhcpd.conf [#18419], and - directives to disable DDNS by default -- change defaults in the sample configuration -* Thu Aug 29 2002 poeml@suse.de -- fix permissions of man pages -* Sun Aug 18 2002 poeml@suse.de -- re-add token ring support that got lost ("tr0:unknown hardware - address type 800"). With 2.4 kernel, ARPHRD_IEEE802 (6) has been - renamed to ARPHRD_IEEE802_TR (800). Known bug in 3.0.1rc9. -- move PreReq tag to the subpackages, where it is actually needed - [#17822, #17821] -* Mon Aug 12 2002 poeml@suse.de -- dhcp-client: add missing Requires on /usr/bin/host -* Mon Aug 12 2002 poeml@suse.de -- Fix requires of dhcp-devel subpackage -- add some helpful scripts, courtesy of Kevin C. Miller -* Thu Aug 01 2002 poeml@suse.de -- use PreReq -* Wed Jul 17 2002 poeml@suse.de -- add a sysconfig.syslog-dhcpd template to make syslogd open an - additional socket (inside the chroot dir of dhcpd) -* Thu Jul 11 2002 poeml@suse.de -- fix typo in %%post, introduced with last change -* Thu Jul 11 2002 poeml@suse.de -- add Version: tags to the subpackages to satisfy the build system, - because dhcp has no main package [#16318] -- run in chroot and as user nobody per default -- fix wrong pathnames in mail to root [#15601] -- install example dhcpd.conf [#9122] -- improve example configuration files [#12563] -- init scripts: update INIT INFO, using the new tags from - /etc/init.d/skeleton -* Tue May 21 2002 poeml@suse.de -- dhclient-script: - - source the right sysconfig files (/etc/sysconfig/network/) - [#15871] - - use KEEP_SEARCHLIST option (thanks Sumit Bose) - - improve the indentation -* Thu May 16 2002 poeml@suse.de -- add documentation about configuration for dynamical DNS updates -* Mon May 13 2002 poeml@suse.de -- fix last change (rediff dhcp-3.0.1rc9.format.dif) -* Mon May 13 2002 poeml@suse.de -- update to 3.0.1rc9 - - fixes a format string vulnerability in the server that could - lead to a remote root compromise - (see http://www.cert.org/advisories/CA-2002-12.html) - - fixes a memory leak in the client and some other minor bugs -- fix some printf arguments in server/omapi.c -- fix small typo (x390x -> s390x) -* Mon Apr 29 2002 sf@suse.de -- changed Makefile.conf to be able to add LIBDIR -- added LIBDIR to make install to put libs into the correct path -- use -DPTRSIZE_64BIT on x86_64 -* Mon Apr 22 2002 poeml@suse.de -- update to 3.0.1rc8. Most significant changes are (see RELNOTES): - - Don't allow a lease that's in the EXPIRED, RELEASED or RESET - state to be renewed. - - Implement lease stealing for cases where the primary has fewer - leases than the secondary, as called for by the standard. - - Fix a bug where if an option universe contained no options, the - DHCP server could dump core (Walter Steiner). - - Fix a bug in the handling of encapsulated options. - - Fix an uninitialized memory bug in the DHCP client. -- use -DPTRSIZE_64BIT on x390x and ppc64, too -- create /etc/resolv.conf with a file mask of 644, regardless of - the umask [Bug #15915]. Patch by Joerg Mayer. -- the scripts dir is now called CLIENTBINDIR in the Makefiles, and - correctly set to /sbin --> drop 2 hunks from dhcp-3.0rc10.dif -* Tue Mar 26 2002 ro@suse.de -- Fix handling of initscript links and START_* variable [Bug #13755] -* Sun Feb 10 2002 poeml@suse.de -- drop the sysconfig/network/dhcp template. It's in the syconfig - package now. -- strip /sbin/dhclient -* Mon Feb 04 2002 poeml@suse.de -- rename dhcp subpackage to dhcp-base, add dhcp-server subpackage -- rename dhclient to dhcp-client and dhcrelay to dhcp-relay -- remove Conflicts tag dhclient <-> dhcpcd -- use %%defattr(-, root, root) for all subpackages -- update copyright info (GmbH --> AG) -- update sysconfig.dhclient (.dhcp-dhclient now), and let it be - filled up into /etc/sysconfig/network/config -* Wed Jan 30 2002 poeml@suse.de -- add /sbin/dhclient, accidentally deleted from filelist lately -* Sun Jan 27 2002 ro@suse.de -- remove START_DHCPD on update -- use fillup_only where no initscript is handled -* Sun Jan 27 2002 poeml@suse.de -- use %%_lib and %%_libdir -- update rc.dhcpd to use %%_libdir when setting up chroot dir -- dhcpsync: name of slave can be given as argument; update man page -- rc.dhcpd: no longer source rc.config -- don't try insserv on dhclient init script -- it's dropped -- tell fillup to use "dhcpd" instead of the package name (dhcp) -* Fri Jan 25 2002 poeml@suse.de -- update to 3.0.1rc6 - - Fix the off-by-one error in the MAC-address checking code for - DHCPRELEASE that was added in 3.0.1rc5. - - Fix a bug where client-specific information was not being - discarded from the lease when it expired or was released, - resulting in problems if the lease was reallocated to a - different client. - - merge pools if possible - - workaround for some Lexmark printers that send a double-NUL- - terminated host-name option, which would break DNS updates. - - no longer log fallback_discard messages -- dhcp-3.0.1rc5-release.dif obsolete hereby -- drop dhclient init script (obsoleted by /sbin/if*-dhcp) -* Tue Jan 15 2002 poeml@suse.de -- update to 3.0.1rc5 - - Fix a bug that would cause the DHCP server to spin if asked to - parse a certain kind of incorrect statement. - - Fix a related bug that would prevent an error from being - reported in the same case. - - Additional documentation. - - Make sure that the hardware address matches the lease when - processing a DHCPRELEASE message. -- add dhcp-3.0.1rc5-release.dif that corrects an error by one in - the code that finds a lease that is being RELEASEd -- use ddns-update-style interim instead of ad-hoc when testing -- make sure that dhcpd is started after xntpd (failover needs - correct system time) -- drop version 2 of dhcpd and dhcrelay -* Thu Dec 13 2001 ro@suse.de -- removed START_ variables, moved rc.config.d -> sysconfig -* Tue Nov 06 2001 poeml@suse.de -- update to 3.0.1rc4 -- add dhcpsync and dhcpync.8 (script to sync DHCP failover config.) -- update rc.dhclient script from the one used in the dhcpcd package -- client: don't check if a device is there; terminate anyway -- small addition to the examples; update README.upgrade -* Wed Oct 31 2001 poeml@suse.de -- update to 3.0.1rc2 -- add a README.upgrade -* Thu Oct 25 2001 poeml@suse.de -- update to 3.0.1rc1 -- remove our #undef use_LPF patch for 2.0pl5; it seems to cause - problems (stopping responding) with more than one network card -- mark /etc/dhclient.conf with noreplace tag -* Sun Sep 16 2001 poeml@suse.de -- fix stupid bug in rc.dhcpd where rc.config is sourced too late -* Fri Sep 14 2001 poeml@suse.de -- fix #9962 where "exit 1" instead of "return" in dhclient-script - would confuse dhclient (which then DECLINEd the lease) -* Tue Aug 28 2001 poeml@suse.de -- make sure that files are really copied to the chroot dir -* Mon Aug 27 2001 poeml@suse.de -- add libnss_dns6.so.2 as ghost to the file list to remove it - from the chroot dir when uninstalling the package -- rc.dhcpd: remove empty pid files to avoid warnings by - checkproc/killproc (dhcpd sometimes leaves them if it does not - want to start due to wrong syntax) -- rc.dhcpd: to save time, source rc.config only when necessary -- add dhcpd.conf examples -* Fri Aug 24 2001 poeml@suse.de -- update to 3.0rc12 (fixes some failover state transitions; other - failover fixes; always returns a subnet selection option if one - is sent) -- change dhclient-script to ignore lines that are commented out - when grepping for variables and eval-ing them -* Mon Jul 16 2001 poeml@suse.de -- add filedes.dif that gives scripts executed from dhclient-script - their own filedescriptors (patch by Brian Somers - ) -- correct typo in rc.dhcpd -* Mon Jul 02 2001 poeml@suse.de -- update to 3.0rc10 -- change default in rc.config.d.dhcrelay -- add /usr/sbin/svtest, /usr/bin/omshell, and omshell man pages -- new variable in rc.dhcpd.config: $DHCPD_CONF_INCLUDE_FILES, for - dhcpd.conf include files to be copied to $chroot/etc/ -* Tue May 22 2001 poeml@suse.de -- update to 3.0rc7 (failover and OMAPI fixes, see RELNOTES) -* Wed May 16 2001 poeml@suse.de -- on 64 bit archs, define -DPTRSIZE_64BIT -- fix missing include -* Fri May 11 2001 poeml@suse.de -- if resolv.conf does not exist, touch it; so that there is a file - to back up and restore later and the temporary resolv.conf would - not persist after stopping the client [#8078] -- use the modify_resolvconf tool to cleanup old backup files before - starting the daemon, because it does it intelligently [#8077] -* Tue May 08 2001 poeml@suse.de -- don't provide empty /etc/rc.config.d/dhcpd.rc.config because that - inhibits the correct removal of variables from rc.config -- mention correct version numbers in mail to root (now using - version macro) -- fix a typo and a nonsense comment in rc.config.d.dhcpd -* Mon May 07 2001 poeml@suse.de -- update to 3.0rc4 (bugfixes) -- add empty dir /var/lib/dhcp/dev and documentation about how to - ensure that logging from the chroot jail works [#6906] -* Tue Apr 24 2001 poeml@suse.de -- update to 3.0rc2pl1: fixes bugs in the failover implementation - and a memory smash that happens when fixed-address leases are - used -- Read dhcp client script hooks if they exist, rather than only if - they're executable. -- new file: 3.0b1 lease conversion script -* Sun Apr 15 2001 poeml@suse.de -- Init scripts: get try-restart ("restart when running") right -- client: - - dhclient-script is now correctly installed to /sbin (thus, - don't mv dhclient-script from /etc/ to /sbin/, thereby - overwriting it with the one from v2) - - move rcdhclient conveniency link to /sbin/ (same as in dhcpcd) - - update info header for resolv.conf acc. to guidelines -- server: - - don't run in chroot environment and as nobody by default - - add missing %%postun for subpackages to rearrange runlevel - links after deinstalling -* Mon Apr 09 2001 poeml@suse.de -- update to 3.0b2pl24 -- don't use rc_status -u in init scripts (option was dropped) -- always run test of dhcpd -* Wed Mar 28 2001 poeml@suse.de -- update to 3.0b2pl18 - * trim chroot/non-root patch and the other security patches into - dhcp-3.0b2pl18.paranoia.dif - * build stable version of server (2.0pl5) and include the binary - as well as the man pages with '-2' suffix (same for dhcrelay) -- split off subpackages: dhcrelay, dhcp-devel -- reworked all init scripts - * adhere to LSB and use new rc.status functions - * rc.dhcpd: at start, copy conf file and libs to chroot dir - * rc.dhcpd: add syntax check - * rc.dhcrelay: make interface configurable - * rc.dhclient: improve resolv.conf handling -- dhclient: catch TERM to restore resolv.conf before quitting -- create /etc/rc.config.d/dhcrelay.rc.config -- create /etc/rc.config.d/dhclient.rc.config -- clean up Provides/Conflicts -- rework SuSE-fillup templates (and rename them) -- mark libraries for chroot dir as %%ghost -- when ABUILD_RUN_TEST_SUITES is true, start dhcpd for a simple - test -* Fri Mar 16 2001 poeml@suse.de -- add dhcpd-thomas.diff from - * query for the real UID and not for the effective UID - * drop supplementary GID's - * avoid potential buffer overflow -- copy dhcpd.conf instead of moving it -- add $syslog to Required-Start in server init script -- fix Required-Start in client init script -- bzipped sources -* Wed Jan 31 2001 poeml@suse.de -- dhcpd.conf will no longer be installed in /etc/ but placed in the - docdir, since it is a nonfunctional example file -- test for etc/SuSE-release in %%post -- fix removal of variables from rc.config which failed sometimes -- update {README,LIESMICH}.SuSE -* Mon Jan 29 2001 poeml@suse.de -- added paranoia patch by Ari Edelkind to allow dhcpd run chrooted - in /var/lib/dhcp and as nobody/nogroup. Both is optional. -- moved dhcpd.conf to /var/lib/dhcp/etc/. The file will also be - moved by %%post -- moved rc.config options to rc.config.d/dhcpd.rc.config - (existing variables are moved there by %%post) -- added some syntax checking via undocumented -t switch, and write - log file during startup -- renamed start script from dhcp to dhcpd -- removed /var/run/dhcpd.pid from the package -- tag some %%configs with (noreplace) -- use BuildRoot -- added "Provides: dhcp2"+"Conflicts: dhcp3" in anticipation of v3 -- added {README,LIESMICH}.SuSE and the paranoia patch to the docs -* Tue Jan 16 2001 draht@suse.de -- format string security bugs in syslog(3) calls fixed. -* Thu Jan 11 2001 poeml@suse.de -- in runlevel 2, start only the client, not the server/relay -- tell insserv to start after $named -- improved comments -* Thu Jan 04 2001 fober@suse.de -- package dhclient requires net-tools, not net_tool -- removed superfluous Provides dhclient in package dhclient -* Wed Nov 29 2000 poeml@suse.de -- Update to dhcp-2.0pl5.tar.gz -- This includes a security fix that applies to the DHCP client *only* -* Tue Nov 28 2000 poeml@suse.de -- adapted spec file to use /etc/init.d for the scripts instead of - /sbin/init.d and let insserv create the links -- extracted source files from diff and placed them separately -- included paranoia (non-root/chroot) patch by ari edelkind. This - needs testing, and possibly an adapted start script -* Mon Jul 24 2000 schwab@suse.de -- Fix argument type of dhcp_option_ev_name. -* Mon Jul 24 2000 schwab@suse.de -- Set DEBUG, not COPTS. -* Thu Jul 20 2000 zoz@suse.de -- updated to dhcp-2.0pl3 -* Wed Jul 19 2000 schwab@suse.de -- Fix handling of abandoned leases with BOOTP. -- Properly handle default lease timeout. -* Fri Jul 14 2000 werner@suse.de -- make dchpd quiet -* Thu Jul 13 2000 zoz@suse.de -- changed test for availability of device in rcdhlient: - now using ifconfig, so automatically loading of modules - will be triggered (Bug 3415) -- patched dhclient.c do to a possible root exploit bug - (patch from Pavel Kankovsky ) - Still to be improved, waiting for Ted Lemon to rework it. -* Tue Jul 11 2000 zoz@suse.de -- reworked rcdhclient once again. -* Tue Jul 04 2000 zoz@suse.de -- update to dhcp-2.0.pl2 -- dhclient: hostname will only be set, if there is a - DHCLIENT_SET_HOSTNAME=yes (default =no) - in /etc/rc.config. (fixes bug 2807 and 3146) -* Tue Jun 27 2000 zoz@suse.de -- update to dhcp-2.0.pl1 -- moved /var/state/dhcp to /var/lib/dhcp -- moved manpages to %%{_mandir} -- changed rcdhclient: DHCLIENT is obsolete now. It will be started - if it finds any IFCONFIG_x=dhcpclient -* Mon Apr 10 2000 schwab@suse.de -- Treat Linux 2.3 as linux-2.2 configuration. -* Thu Jan 27 2000 grimmer@suse.de -- added "Provides: dhcp_client" and "Conflicts: dhcpcd" to - dhclient section in spec file -- added "Provides: dhcp_server" to dhcp section -- corrected typo in rc.config variables -- added Group Tag and version macro to spec file -- changed Summary: to "ISC DHCP client" -- moved man pages to /usr/share/man -* Wed Nov 17 1999 rolf@suse.de -- now set hostname in dhclient-script [BUG#1262] -* Fri Nov 05 1999 rolf@suse.de -- reduced waiting time to 1 second -- wait 5 seconds after dhclient start to acquire an IP adress so the - following scripts have a working network setup -* Thu Nov 04 1999 rolf@suse.de -- changes from Josh for @home cablenet -* Thu Oct 28 1999 rolf@suse.de -- added changes by Lenz Grimmer to use - ifconfig $NETDEV 0.0.0.0 up - for device setup -* Mon Oct 25 1999 rolf@suse.de -- applied patch of Bernhard Bender - to use the correct interface. -- added client latency time and rc.config entry -* Mon Sep 27 1999 bs@suse.de -- fixed requirements for sub packages -* Mon Sep 13 1999 bs@suse.de -- ran old prepare_spec on spec file to switch to new prepare_spec. -* Mon Jul 19 1999 bs@suse.de -- changed comment for rc.config -* Mon Jul 19 1999 bs@suse.de -- fix from werner@suse.de for /sbin/init.d/dhclient -* Fri Jul 16 1999 ro@suse.de -- added new dhclient-script from werner -* Wed Jun 23 1999 rolf@suse.de -- new version 2.0 -- apply fix from Michael Hasenstein -* Mon Mar 08 1999 ro@suse.de -- fixed man5-path -* Fri Feb 26 1999 rolf@suse.de -- new version 2.0b1pl16 (stable beta) -- leases are now stored in /var/state/dhcp/ (thanks to Ted Lemmon) -- correct paths in manpages -- PID files as %%ghost in filelist -* Wed Feb 17 1999 rolf@suse.de -- new version 2.0b1pl13 -* Wed Dec 09 1998 rolf@suse.de -- added /usr/sbin/rcdhcp - /usr/sbin/rcdhcrelay - /usr/sbin/rcdhclient -* Tue Nov 24 1998 rolf@suse.de -- new init scripts for SuSE Linux 6.0 -* Thu Nov 12 1998 bs@suse.de -- minor changes for new rpm -* Thu Sep 24 1998 rolf@suse.de -- new version 2.0b1pl6 (stable beta) -- now with dhcp client and dhcp relay agent -- added init scripts for relay agent and client -- changed from $NETDEV_0 to $DHCPD_INTERFACE -* Fri Jun 26 1998 rolf@suse.de -- new version 1.0pl2 fixes two potential input buffer overrun problems - that were missed in Patchlevel 1 -* Mon May 18 1998 rolf@suse.de -- new security patch 1.0pl1 included - changed /sbin/init.d/dhcp to run on $NETDEV_0 -* Wed Dec 10 1997 rolf@suse.de -- new version 1.0.0 this is not beta any more! -* Thu Oct 16 1997 rolf@suse.de -- switched to dhcp.spec instead of Makefile.Linux -* Thu Sep 11 1997 rolf@suse.de -- Upddate to Version 5 beta 16 and made entry for rc.config and - /sbin/init.d for startup/shutdown - There is no dhcp client in this package anymore. -* Thu Jun 12 1997 rolf@suse.de -- build the package for the first time