* CVE-2021-25217, bsc#1186382, dhcp-CVE-2021-25217.patch: A
buffer overrun in lease file parsing code can be used to
exploit a common vulnerability shared by dhcpd and dhclient.
- Error out, if %version and %isc_version are not in sync.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=226
- update to 4.4.2:
* Please note that that ISC DHCP is now licensed under the Mozilla Public
License, MPL 2.0.
In general, the areas of focus for ISC DHCP 4.4 were:
1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries
* Added the interface name to socket initialization failure log messages.
Prior to this the log messages stated only the error reason without
stating the target interface.
* Corrected buffer pointer logic in dhcrelay functions that manipulate
agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
& Mitigations for reporting the issue.
* Corrected unresolved symbol errors building relay_unittests when
configured to build using libtool.
* A new configuration parameter, ping-cltt-secs (v4 operation only), has
been added to allow the user to specify the number of seconds that must
elapse since CLTT before a ping check is conducted. Prior to this, the
value was hard coded at 60 seconds. Please see the server man pages for
a more detailed discussion.
* A new configuration parameter, ping-timeout-ms (v4 operation only),
has been added that allows the user to specify the amount of time
the server waits for a ping-check response in milliseconds rather
than in seconds (via ping-timeout). When greater than zero, the value
of ping-timeout-ms will override the value of ping-timeout. Thanks
to Jay Doran from Bluecat Networks for suggesting this feature.
* An experimental tool called, Keama (KEA Migration Assistant), which helps
translate ISC DHCP configurations to Kea configurations, is now included
in the distribution.
* Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
OBS-URL: https://build.opensuse.org/request/show/866365
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=224
DHCPv6 server crashes regularly.
- Add compile option --enable-secs-byteorder to avoid duplicate
lease warnings [bsc#1089524].
- bsc#1136572: Use IPv6 when called as dhclient6, dhcpd6, and
dhcrelay6 (0021-dhcp-ip-family-symlinks.patch).
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=201
- Drop use of $FIRST_ARG in .spec
The use of $FIRST_ARG was probably required because of the
%service_* rpm macros were playing tricks with the shell positional
parameters. This is bad practice and error prones so let's assume
that no macros should do that anymore and hence it's safe to assume
that positional parameters remains unchanged after any rpm macro
call.
OBS-URL: https://build.opensuse.org/request/show/678162
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=192
- Drop doc subpackage as we do not build on < SLE12 anyway so it
evaluated always as true
- Do not condition flags settings for codestreams that we are no
longer building for
- Use %license macro for license as mandated by new TW requirements
- Format with spec-cleaner (automatic, remove FIXMEs)
- Use getent to detect created user prior doing it again
- Drop ldapcasa as it evaluates as false on all current products
- Drop ldap conditional as it is always true
- Kill omc configs wrt fate#301838
OBS-URL: https://build.opensuse.org/request/show/614191
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=188
* CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
* CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
* Plugged a socket descriptor leak in OMAPI
* The server now allows the client identifier (option 61) to own
leases in more than one subnet concurrently [ISC-Bugs #41358].
* When replying to a DHCPINFORM, the server will now include
options specified at the pool scope, provided the ciaddr field
of the DHCPINFORM is populated.
[ISC-Bugs #43219] [ISC-Bugs #45051].
* When memory allocation fails in a repeated way the process
writes "Run out of memory." on the standard error and exists
with status 1 [ISC-Bugs #32744].
* The new lmdb (Lightning Memory DataBase) bind9 configure
option is now disabled by default to avoid the presence of
this library to be detected which can lead to a link failure.
[ISC-Bugs #45069]
* The linux interface discovery code has been modified to use
getifaddrs() as is done for BSD and OS-X.
[ISC-Bugs #28761] and others.
* Fixed a bug in OMAPI that causes omshell to crash when a
name-value pair with a zero length value is shipped in an
object [ISC-Bugs #29108].
* On 64-bit platforms, dhclient now generates the correct value
for the script environment variable, "expiry", the lease
expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
* Common timer logic was modified to cap the maximum timeout
values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
* DHCP6 FQDN option unpacking code now correctly handles values
that contain spaces, special, or non-printable characters.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=186
- fixed a typo in nis-servers option name breaking the config file introduced
in previous change to workaround issues in NetworkManager parser.
- Update to dhcp-4.3.5
- Corrected a bug which could cause the server to sporadically crash while
loading lease files with the lease-id-format is set to "hex". Our thanks
to Jay Ford, University of Iowa for reporting the issue.
[ISC-Bugs #43185]
- Eliminated a noisy, but otherwise harmless debug log statment that may
appear during server startup when building with --enable-binary-leases
and configuring multiple pools in a shared network. Thanks to Fernando
Soto from BlueCat Networks for reporting the issue and supplying a patch.
[ISC-Bugs #43262]
- Fixed util/bindvar.sh error handling.
[ISC-Bugs #41973]
- Correct error message in relay to use remote id length instead
of circuit id length.
[ISC-Bugs #42556]
- Add logic to test directory Makefiles to avoid copying Attfile(s)
when building within the source tree. This eliminates a noisy but
otherwise harmless error message when running "make check".
[ISC-Bugs #41883]
- Leases are now scrubbed of certain prior use information when pool
re-balancing reassigns them from one FO peer to the other. This
corrects an issue where leases that were offered but not used
by the client retained the client hostname from the original
client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University
for reporting the issue.
[ISC-Bugs #42008]
- In the LDAP code and schema add some missing '6' characters to use
the v6 instead of the v4 versions. Thanks to Denis Taranushin for
OBS-URL: https://build.opensuse.org/request/show/508601
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=174
- Use /usr/sbin/arping instead of /sbin/arping in the dhcp scripts.
/sbin/arping is a symlink to /usr/sbin/arping in order to ease the
transition for the /usr merge. Newest releases of iputils may only
install utilities in /usr/* so this dependency will no longer be valid.
Moreover, we replace the '/sbin/arping' dependency with 'iputils'.
OBS-URL: https://build.opensuse.org/request/show/396824
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=165
receiving a packet (bsc#961305,CVE-2015-8605,ISC-Bugs#41267).
- adjusted interval check.
[*0019-dhcp-4.2.4-P1-interval.patch]
- Fixed improper lease duration checking. Also added fixes for integer
overflows in the date and time handling code(bsc#936923, bsc#880984).
[+0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch]
- fixed service files to start dhcpd after slapd (bsc#956159)
- dhclient-script: complain in the log about conflicts, added
a see log messages to the dhclient log message (bsc#960506)
[* 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=163
and fail if pre-init fails for a requested interface (bsc#912098)
Adjusted dhclient-script to fail also if NetworkManager is enabled,
as it is using an own script and a second client causes conflicts.
[+ 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=156
