* CVE-2021-25217, bsc#1186382, dhcp-CVE-2021-25217.patch: A
buffer overrun in lease file parsing code can be used to
exploit a common vulnerability shared by dhcpd and dhclient.
- Error out, if %version and %isc_version are not in sync.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=226
- update to 4.4.2:
* Please note that that ISC DHCP is now licensed under the Mozilla Public
License, MPL 2.0.
In general, the areas of focus for ISC DHCP 4.4 were:
1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries
* Added the interface name to socket initialization failure log messages.
Prior to this the log messages stated only the error reason without
stating the target interface.
* Corrected buffer pointer logic in dhcrelay functions that manipulate
agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
& Mitigations for reporting the issue.
* Corrected unresolved symbol errors building relay_unittests when
configured to build using libtool.
* A new configuration parameter, ping-cltt-secs (v4 operation only), has
been added to allow the user to specify the number of seconds that must
elapse since CLTT before a ping check is conducted. Prior to this, the
value was hard coded at 60 seconds. Please see the server man pages for
a more detailed discussion.
* A new configuration parameter, ping-timeout-ms (v4 operation only),
has been added that allows the user to specify the amount of time
the server waits for a ping-check response in milliseconds rather
than in seconds (via ping-timeout). When greater than zero, the value
of ping-timeout-ms will override the value of ping-timeout. Thanks
to Jay Doran from Bluecat Networks for suggesting this feature.
* An experimental tool called, Keama (KEA Migration Assistant), which helps
translate ISC DHCP configurations to Kea configurations, is now included
in the distribution.
* Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
OBS-URL: https://build.opensuse.org/request/show/866365
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=224
* CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
* CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
* Plugged a socket descriptor leak in OMAPI
* The server now allows the client identifier (option 61) to own
leases in more than one subnet concurrently [ISC-Bugs #41358].
* When replying to a DHCPINFORM, the server will now include
options specified at the pool scope, provided the ciaddr field
of the DHCPINFORM is populated.
[ISC-Bugs #43219] [ISC-Bugs #45051].
* When memory allocation fails in a repeated way the process
writes "Run out of memory." on the standard error and exists
with status 1 [ISC-Bugs #32744].
* The new lmdb (Lightning Memory DataBase) bind9 configure
option is now disabled by default to avoid the presence of
this library to be detected which can lead to a link failure.
[ISC-Bugs #45069]
* The linux interface discovery code has been modified to use
getifaddrs() as is done for BSD and OS-X.
[ISC-Bugs #28761] and others.
* Fixed a bug in OMAPI that causes omshell to crash when a
name-value pair with a zero length value is shipped in an
object [ISC-Bugs #29108].
* On 64-bit platforms, dhclient now generates the correct value
for the script environment variable, "expiry", the lease
expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
* Common timer logic was modified to cap the maximum timeout
values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
* DHCP6 FQDN option unpacking code now correctly handles values
that contain spaces, special, or non-printable characters.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=186
- fixed a typo in nis-servers option name breaking the config file introduced
in previous change to workaround issues in NetworkManager parser.
- Update to dhcp-4.3.5
- Corrected a bug which could cause the server to sporadically crash while
loading lease files with the lease-id-format is set to "hex". Our thanks
to Jay Ford, University of Iowa for reporting the issue.
[ISC-Bugs #43185]
- Eliminated a noisy, but otherwise harmless debug log statment that may
appear during server startup when building with --enable-binary-leases
and configuring multiple pools in a shared network. Thanks to Fernando
Soto from BlueCat Networks for reporting the issue and supplying a patch.
[ISC-Bugs #43262]
- Fixed util/bindvar.sh error handling.
[ISC-Bugs #41973]
- Correct error message in relay to use remote id length instead
of circuit id length.
[ISC-Bugs #42556]
- Add logic to test directory Makefiles to avoid copying Attfile(s)
when building within the source tree. This eliminates a noisy but
otherwise harmless error message when running "make check".
[ISC-Bugs #41883]
- Leases are now scrubbed of certain prior use information when pool
re-balancing reassigns them from one FO peer to the other. This
corrects an issue where leases that were offered but not used
by the client retained the client hostname from the original
client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University
for reporting the issue.
[ISC-Bugs #42008]
- In the LDAP code and schema add some missing '6' characters to use
the v6 instead of the v4 versions. Thanks to Denis Taranushin for
OBS-URL: https://build.opensuse.org/request/show/508601
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=174
along with this package or online at:
- Replaced hostname patch with a dhcpv6 and fqdn aware variant:
[- 0006-dhcp-4.2.5-dhclient-send-hostname-rml.patch,
+ 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch]
- Adjusted patch numbers in the spec file:
[- 0008-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch,
- 0010-dhcp-4.2.2-dhclient-option-checks.patch,
- 0011-dhcp-4.2.6-close-on-exec.patch,
- 0012-dhcp-4.2.2-quiet-dhclient.patch,
- 0014-Fixed-linux-interface-discovery-using-getifaddrs.patch,
- 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch,
- 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
+ 0008-dhcp-4.2.2-dhclient-option-checks.patch,
+ 0009-dhcp-4.2.6-close-on-exec.patch,
+ 0010-dhcp-4.2.2-quiet-dhclient.patch,
+ 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch,
+ 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch,
+ 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch]
- Fixed to not pass DHCPv6 address lifetimes a positive (unsigned
32bit) integers to scripts and properly format timestamps as long
to not break them on 64bit architectures (bsc#926159).
[+ 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch]
- dhclient: expose next-server DHCPv4 option to script (bsc#928390)
[+ 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch]
- Replaced infiniband support patch with fixed variant (bsc#910984):
[- 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch,
- 0018-dhcp-4.2.6-improved-xid.patch,
+ 0016-infiniband-support.patch]
- Moved dhcp-devel package include files and static libraries
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=154
