e9398b14d9
* CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
* CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
* Plugged a socket descriptor leak in OMAPI
* The server now allows the client identifier (option 61) to own
leases in more than one subnet concurrently [ISC-Bugs #41358].
* When replying to a DHCPINFORM, the server will now include
options specified at the pool scope, provided the ciaddr field
of the DHCPINFORM is populated.
[ISC-Bugs #43219] [ISC-Bugs #45051].
* When memory allocation fails in a repeated way the process
writes "Run out of memory." on the standard error and exists
with status 1 [ISC-Bugs #32744].
* The new lmdb (Lightning Memory DataBase) bind9 configure
option is now disabled by default to avoid the presence of
this library to be detected which can lead to a link failure.
[ISC-Bugs #45069]
* The linux interface discovery code has been modified to use
getifaddrs() as is done for BSD and OS-X.
[ISC-Bugs #28761] and others.
* Fixed a bug in OMAPI that causes omshell to crash when a
name-value pair with a zero length value is shipped in an
object [ISC-Bugs #29108].
* On 64-bit platforms, dhclient now generates the correct value
for the script environment variable, "expiry", the lease
expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
* Common timer logic was modified to cap the maximum timeout
values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
* DHCP6 FQDN option unpacking code now correctly handles values
that contain spaces, special, or non-printable characters.
OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=186
69 lines
2.4 KiB
Diff
69 lines
2.4 KiB
Diff
From 9267da086dcbb39509eae05d1d60ba37596a3f89 Mon Sep 17 00:00:00 2001
|
|
From: Marius Tomaschewski <mt@suse.de>
|
|
Date: Wed, 29 Apr 2015 11:18:36 +0200
|
|
Subject: dhclient6: unsigned lifetimes for script (bsc#926159)
|
|
|
|
Address/IA lifetimes are all unsigned, don't turn into signed
|
|
(negative e.g. in infinite case) when passing them to scripts
|
|
and format timestamps as long to not break them on 64bit archs.
|
|
|
|
References: bsc#926159
|
|
|
|
--- client/dhc6.c.orig
|
|
+++ client/dhc6.c
|
|
@@ -4344,8 +4344,8 @@ dhc6_marshall_values(const char *prefix,
|
|
client_envadd(client, prefix,
|
|
"ip6_type", "temporary");
|
|
}
|
|
- client_envadd(client, prefix, "life_starts", "%d",
|
|
- (int)(addr->starts));
|
|
+ client_envadd(client, prefix, "life_starts", "%ld",
|
|
+ (long)(addr->starts));
|
|
client_envadd(client, prefix, "preferred_life", "%u",
|
|
addr->preferred_life);
|
|
client_envadd(client, prefix, "max_life", "%u",
|
|
@@ -4356,8 +4356,8 @@ dhc6_marshall_values(const char *prefix,
|
|
if (ia != NULL) {
|
|
client_envadd(client, prefix, "iaid", "%s",
|
|
print_hex_1(4, ia->iaid, 12));
|
|
- client_envadd(client, prefix, "starts", "%d",
|
|
- (int)(ia->starts));
|
|
+ client_envadd(client, prefix, "starts", "%ld",
|
|
+ (long)(ia->starts));
|
|
client_envadd(client, prefix, "renew", "%u", ia->renew);
|
|
client_envadd(client, prefix, "rebind", "%u", ia->rebind);
|
|
}
|
|
--- client/dhclient.c.orig
|
|
+++ client/dhclient.c
|
|
@@ -3708,13 +3708,13 @@ write_client6_lease(struct client_state
|
|
return ISC_R_IOERROR;
|
|
|
|
if (ia->ia_type != D6O_IA_TA)
|
|
- stat = fprintf(leaseFile, " starts %d;\n"
|
|
+ stat = fprintf(leaseFile, " starts %ld;\n"
|
|
" renew %u;\n"
|
|
" rebind %u;\n",
|
|
- (int)ia->starts, ia->renew, ia->rebind);
|
|
+ (long)ia->starts, ia->renew, ia->rebind);
|
|
else
|
|
- stat = fprintf(leaseFile, " starts %d;\n",
|
|
- (int)ia->starts);
|
|
+ stat = fprintf(leaseFile, " starts %ld;\n",
|
|
+ (long)ia->starts);
|
|
if (stat <= 0)
|
|
return ISC_R_IOERROR;
|
|
|
|
@@ -3731,10 +3731,10 @@ write_client6_lease(struct client_state
|
|
if (stat <= 0)
|
|
return ISC_R_IOERROR;
|
|
|
|
- stat = fprintf(leaseFile, " starts %d;\n"
|
|
+ stat = fprintf(leaseFile, " starts %ld;\n"
|
|
" preferred-life %u;\n"
|
|
" max-life %u;\n",
|
|
- (int)addr->starts, addr->preferred_life,
|
|
+ (long)addr->starts, addr->preferred_life,
|
|
addr->max_life);
|
|
if (stat <= 0)
|
|
return ISC_R_IOERROR;
|