SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for dhcp-devel-4.2.5-0.103.1.x86_64.rpm :
Tue Mar 12 13:00:00 2013 mtAATTsuse.com
- Added dhcp6-server service template for SuSEfirewall2 (bnc#783002)

Sun Mar 3 13:00:00 2013 schwabAATTsuse.de
- config-guess-sub-update.patch:
Update config.guess/sub for aarch64

Fri Jan 11 13:00:00 2013 mtAATTsuse.com
- Update to ISC dhcp-4.2.5 release. See RELNOTES file for the
complete list of changes -- digest of fixes not in dhcp-4.2.4-P2:
- Correct code to calculate rebind timing values in client
[ISC-Bugs #29062]
- Fix some issues in the code for parsing and printing options.
[ISC-Bugs #22625,#27289,#27296,#27314]
- Update the memory leakage debug code to work with v6.
[ISC-Bugs #30297]
- Relax the requirements for deleting an A or AAAA record.
This relaxation was codified in RFC 4703. [ISC-Bugs #30734]
- Modify the failover code to handle incorrect peer names better.
[ISC-Bugs #30320]
- Fix a set of issues that were discovered via a code inspection
tool. [ISC-Bugs #23833]
- Parsing unquoted base64 strings improved. [ISC-Bugs #23048]
- The client now passes information about the options it requested
from the server to the script code via environment variables.
These variables are of the form requested_=1 with
the option name being the same as used in the new_
* and old_
*
variables. [ISC-Bugs #29068]
- Check the status value when trying to read from a connection to
see if it may have been closed. If it appears closed don\'t try
to read from it again. This avoids a potential busy-wait like
loop when the peer names are mismatched. [ISC-Bugs #31231]
- Remove an unused variable to keep compilers happy.
[ISC-Bugs #31983]
- Removed obsolete parsing and printing option patch
[dhcp-4.2.4-parsing-and-printing-options.patch]
- Merged dhcp-4.2.2-dhclient-send-hostname-rml.diff
[dhcp-4.2.5-dhclient-send-hostname-rml.patch]
- Fixed discovery of interfaces, which have only addresses with
a label assigned (linux 2.0 \"alias interfaces\" compatibility)
by switching to use the getifaddrs() as on BSD (bnc#791289,
reported upstream as [ISC-Bugs #31992]).
[dhcp-4.2.4-interface-discovery-using-getifaddrs.patch]
- Applied a patch to ignore SIGPIPE instead to die in socket code
before the errno==EPIPE checks are reached (bnc#794578, upstream
report [ISC-Bugs #32222])
[dhcp-4.2.4-P2-do-not-die-on-sigpipe.patch]
- Updated ldap patch to 4.2.5-ldap-mt01 providing following fixes:
- Fixed parse buffer handling code to not avoid truncation of
config > ~8k from bigger ldap objects. Fixed to free the ldap
config buffer passed to the config parser and append new config,
while the parser is in saved state (bnc#788787).
- Fixed subclass name-ref and data quoting/escaping (bnc#788787).
- Fixed memory leaks on ldap_read_config errors (bnc#788787).
- Fixed a memleak while subnet range processing, fixed to reset
bufix variable in ldap_read_function to 0 and to set buflen to
the complete length (do not discard last character, usually \
).
This caused a parsing error at further run of the function,
e.g. while processing the second dhcpService container that the
dhcpServer object may refer to (bnc#784640).
[dhcp-4.2.5-ldap-mt01.patch.bz2]
- Fixed dhclient-script to discard MTU lower-equal 576 rather
than lower-than (bnc#791280).
- Verify GPG source archive signatures.

Thu Sep 20 14:00:00 2012 mtAATTsuse.com
- Update to ISC dhcp-4.2.4-P2 release, providing a security fix for
an issue with the use of lease times was found and fixed. Making
certain changes to the end time of an IPv6 lease could cause the
server to abort. Thanks to Glen Eustace of Massey University,
New Zealand for finding this issue.
([ISC-Bugs #30281], CVE: CVE-2012-3955, bnc#780167)

Wed Jul 25 14:00:00 2012 mtAATTsuse.com
- Update to ISC dhcp-4.2.4-P1 release, providing following security
fixes (bnc#772924):
- Previously the server code was relaxed to allow packets with zero
length client ids to be processed. Under some situations use of
zero length client ids can cause the server to go into an infinite
loop. As such ids are not valid according to RFC 2132 section 9.14
the server no longer accepts them. Client ids with a length of 1
are also invalid but the server still accepts them in order to
minimize disruption. The restriction will likely be tightened in
the future to disallow ids with a length of 1.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29851] CVE: CVE-2012-3571
- When attempting to convert a DUID from a client id option
into a hardware address handle unexpected client ids properly.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29852] CVE: CVE-2012-3570
- A pair of memory leaks were found and fixed. Thanks to Glen
Eustace of Massey University, New Zealand for finding this issue.
[ISC-Bugs #30024] CVE: CVE-2012-3954
- Moved lease file check to a separate action so it is not used in
restart -- it can fail when the daemon rewrites the lease causing
a restart failure then (bnc#762108 regression).
- Request dhcp6.sntp-servers in /etc/dhclient6.conf and forward to
netconfig for processing (bnc#770236).
- Removed RFC 4833 TZ options from client requests [unused].

Tue Jun 19 14:00:00 2012 mtAATTsuse.com
- Update to ISC dhcp-4.2.4 release, fixing a dhcpv6 server assert
crash while accessing lease on heap (bnc#767661) and providing
the following fixes:
- Rotate the lease file when running in v6 mode.
Thanks to Christoph Moench-Tegeder at Astaro for the
report and the first version of the patch. [ISC-Bugs #24887]
- Fixed the code that checks if an address the server is planning
to hand out is in a reserved range. This would appear as the
server being out of addresses in pools with particular ranges.
[ISC-Bugs #26498]
- In the DDNS code handle error conditions more gracefully and
add more logging code. The major change is to handle unexpected
cancel events from the DNS client code. [ISC-Bugs #26287]
- Tidy up the receive calls and eliminate the need for found_pkt.
[ISC-Bugs #25066]
- Add support for Infiniband over sockets to the server and
relay code. We\'ve tested this on Solaris and hope to expand
support for Infiniband in the future. This patch also corrects
some issues we found in the socket code. [ISC-Bugs #24245]
- Add a compile time check for the presence of the noreturn attribute
and use it for log_fatal if it\'s available. This will help code
checking programs to eliminate false positives. [ISC-Bugs #27539]
- Fixed many compilation problems (\"set, but not used\" warnings) for
gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588]
- Modify the code that determines if an outstanding DDNS request
should be cancelled. This patch results in cancelling the
outstanding request less often. It fixes the problem caused
by a client doing a release where the TXT and PTR records
weren\'t removed from the DNS. [ISC-BUGS #27858]
- Use offsetof() instead of sizeof() to get the sizes for
dhcpv6_relay_packet and dhcpv6_packet in several more places.
Thanks to a report from Bruno Verstuyft and Vincent Demaertelaere
of Excentis. [ISC-Bugs #27941]
- Remove outdated note in the description of the bootp keyword about
the option not satisfying the requirement of failover peers for
denying dynamic bootp clients. [ISC-bugs #28574]
- Multiple items to clean up IPv6 address processing. When processing
an IA that we\'ve seen check to see if the addresses are usable
(not in use by somebody else) before handing it out.
When reading in leases from the file discard expired addresses.
When picking an address for a client include the IA ID in
addition to the client ID to generally pick different addresses
for different IAs. [ISC-Bugs #23138] [ISC-Bugs #27945]
[ISC-Bugs #25586] [ISC-Bugs #27684]
- Remove unnecessary checks in the lease query code and clean up
several compiler issues (some dereferences of NULL and treating
an int as a boolean). [ISC-Bugs #26203]
- Fix the NA and PD allocation code to handle the case where a client
provides a preference and the server doesn\'t have any addresses or
prefixes available. Previoulsy the server ignored the request with
this patch it replies with a NoAddrsAvail or NoPrefixAvail response.
By default the code performs according to the errata of August 2010
for RFC 3315 section 17.2.2; to enable the previous style see the
section on RFC3315_PRE_ERRATA_2010_08 in includes/site.h.
This option may be removed in the future. Thanks to Jiri Popelka at
Red Hat for the patch. [ISC-Bugs #22676]
- Fix up some issues found by static analysis. A potential memory leak
and NULL dereference in omapi. The use of a boolean test instead of
a bitwise test in dst. [ISC-Bugs #28941]
- Replaced our patches with a complete and upstream verified patch:
- Fix some issues in the code for parsing and printing options.
[ISC-Bugs #27314] - properly parse a zero length option from
a lease file.
[ISC-Bugs #22796] - properly determine if we parsed a 16 or
32 bit value in evaluate_numeric_expression (extract-int).
[ISC-Bugs #22625] - properly print options that have several
fields followed by an array of something for example \"fIa\"
[ISC-Bugs #27289] - properly parse options in declarations
that have several fields followed by an array of something
for example \"fIa\"
This patch obsoletes the following (bnc#739696) patches:
- dhclient: parse_option_param: Bad format a
- zero-length option lease parse error in dhclient6
- Merged ldap and options check patches for the new version
- Fixed dhcp-server init script to check syntax and fail while
force-reload and restart to avoid stopping of running daemon
followed by start failure (bnc#762108). Added libgcc_s.so to
chroot, so the server can report assert/crash line.

Wed Mar 28 14:00:00 2012 mtAATTsuse.com
- Added RFC 4833 TimeZone PosixString and Name declarations to
server and client configs [not used yet].

Mon Mar 19 13:00:00 2012 mtAATTsuse.com
- dhcp-server: fixed to escape all values used in constructed
ldap filters as a DN may contain e.g. asterisks (bnc#721829,
[ISC-Bugs #28545]).

Fri Jan 13 13:00:00 2012 mtAATTsuse.com
- Updated to ISC dhcp-4.2.3-P2 release, providing a DDNS security fix:
Modify the DDNS handling code. In a previous patch we added logging
code to the DDNS handling. This code included a bug that caused it
to attempt to dereference a NULL pointer and eventually segfault.
While reviewing the code as we addressed this problem, we determined
that some of the updates to the lease structures would not work as
planned since the structures being updated were in the process of
being freed: these updates were removed. In addition we removed an
incorrect call to the DDNS removal function that could cause a failure
during the removal of DDNS information from the DNS server.
Thanks to Jasper Jongmans for reporting this issue.
([ISC-Bugs #27078], CVE: CVE-2011-4868, bnc#741239)
- Fixed close-on-exec patch to not set it on stderr (bnc#732910)
- Fixed incorrect \"a\" array type option parsing causing to discard
e.g. classless static routes from lease file [reported as ISC-Bug
27289] and zero-length option parsing such as dhcp6.rapid-commit
in dhclient6 [reported as ISC-Bug 27314] (bnc#739696).
- Fixed dhclient to include its pid number in syslog messages.
- Fixed to use P2 in the spec version, not in the release tag.

Fri Dec 9 13:00:00 2011 mtAATTsuse.com
- Updated to ISC dhcp-4.2.3-P1 release, providing security fix for
a DoS due to processing certain regular expressions (bnc#735610)
and several important DDNS related fixes:

* Add a check for a null pointer before calling the regexec function.
Without out this check we could, under some circumstances, pass
a null pointer to the regexec function causing it to segfault.
Thanks to a report from BlueCat Networks. [ISC-Bugs #26704]
CVE-2011-4539.

* Fix the code that checks for an existing DDNS transaction to
cancel when removing DDNS information, so that we will continue
with the processing if we have a lease even if it doesn\'t have an
outstanding transaction. [ISC-Bugs #24682]

* Add AM_MAINTAINER_MODE to configure.ac to avoid rebuilding
configuration files. [ISC-Bugs #24107]

* Add support for passing DDNS information to a DNS server over
an IPv6 address. [ISC-Bugs #22647]

* Enhanced patch for 23595 to handle IPv4 fixed addresses more
cleanly. [ISC-Bugs #23595]
- Refreshed ldap patch

Fri Sep 30 14:00:00 2011 cooloAATTsuse.com
- add libtool as buildrequire to make the spec file more reliable

Tue Sep 6 14:00:00 2011 mtAATTsuse.com
- Commented out all configuration examples in /etc/dhcpd.conf and
dhcp6.conf (bnc#715473).
- Enabled dhcp6.rapid-commit in /etc/dhclient6.conf config file.
- Removed useless provides/obsoletes from spec file.

Wed Aug 31 14:00:00 2011 mtAATTsuse.com
- Set the DHCPD_CONF_INCLUDE_FILES and the DHCPD6_CONF_INCLUDE_FILES
variables to /etc/dhcpd.d and /etc/dhcpd6.d by default, so there
are well-defined directories expected to contain additional config
files (bnc#690585).

Mon Aug 29 14:00:00 2011 mtAATTsuse.de
- Updated to ISC dhcp-4.2.2 release, providing two security fixes
(CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that
allowed remote attackers to cause a denial of service (a daemon
exit) via crafted BOOTP packets. Further also DNS update fix to
detect overlapping pools or misconfigured fixed-address entries,
that caused a server crash during DNS update and other fixes.
For a complete list, please see the RELNOTES file provided in
the package and also available online at http://www.isc.org/.
- Merged/adopted dhclient option-checks, send-hostname-rml, ldap
patch, xen-checksum, close-on-exec patches and removed obsolete
in6_pktinfo-prototype and relay-no-ip-on-interface patches.
- Moved server pid files into chroot directory even chroot is
not used and create a link in /var/run, so it can write one
when started as user without chroot and avoid stop problems
when the chroot sysconfig setting changed (bnc#712438).
- Disabled log-info level messages in dhclient(6) quiet mode to
avoid excessive logging of non-critical messages (bnc#711420).
- Fixed dhclient-script to not remove alias IP when it didn\'t
changed to not wipe out iptables connmark when renewing the
lease (bnc#700771). Thanks to James Carter for the patch.
- Fixed DDNS-howto.txt reference in the config file; it has been
moved to the dhcp-doc package (bnc#697279).
- Removed GPL licensed files (bind-
*/contrib/dbus) from bind.tgz
to ensure, they\'re not used to build non-GPL dhcp (bnc#714004).
- Changed to apply strict-aliasing/RELRO for >= 12.x only

Wed Jul 20 14:00:00 2011 crrodriguezAATTopensuse.org
- Correct previous change.

Wed Jul 20 14:00:00 2011 crrodriguezAATTopensuse.org
- THis is a long running network daemon, link with
full RELRO security enhancements.
- remove -fno-strict-aliasing from CFLAGS, no longer needed.

Tue May 17 14:00:00 2011 crrodriguezAATTopensuse.org
- Import redhat\'s patch to open all needed FDs with O_CLOEXEC
so they dont leak.

Thu May 12 14:00:00 2011 mtAATTsuse.de
- Removed obsolete sles8 compatibility dependencies, fixed
to avoid non-functional sles_version conditionals.

Tue May 10 14:00:00 2011 mtAATTsuse.de
- Fixed to not introduce separate dhcp-doc package on sles,
use versioned provides/obsoletes, improved conditionals.

Tue May 3 14:00:00 2011 mtAATTsuse.de
- Fixed dhclient-script typo causing ISC DHCPv6 client to execute
ifup pre-down scripts also while renew, when the ipv6 address
did not changed (bnc#690859).

Fri Apr 29 14:00:00 2011 mtAATTsuse.de
- Implemented optional ldap connect retry loop during the initial
startup of the dhcp server in cases where the ldap server is not
yet started. Set the ldap-init-retry option in dhcpd.conf
to enable it (bnc#627617). Merged in the actual ldap patch.
- Cleaned up init script error reporting, no -TERM for killproc.

Wed Apr 27 14:00:00 2011 mtAATTsuse.de
- Updated to ISC dhcp-4.2.1-P1 release, that provides most of the
dhclient pretty escape and string option checks. Merged to use
relaxed domain-name option check causing a regression, when the
server is misusing it to provide a domain list (compatibility to
attic clients) and does not provide it via domain-search option;
pretty escape semicolon as well (bnc#675052, CVE-2011-0997).

Thu Mar 31 14:00:00 2011 mtAATTsuse.de
- Discard string options such as host and domain names containing
disallowed characters or beeing too long. This proctive patch
limits root-path to a-zA-Z0-9, #%+-_:.,AATT~/\\[]= and a space
(bnc#675052, CVE-2011-0997).

Thu Mar 31 14:00:00 2011 mtAATTsuse.de
- Updated to ISC DHCP 4.2.1 release (bnc#680298), that provides
following fixes (digest):

* Several fixes to OMAPI, cleanup of dereferenced pointers in
the omapi handle, handling of pipe failures and status code
in omapi signal handler that may cause connect failure and
100% CPU use.

* Handle some DDNS corner cases better

* Several fixes to lease input and output

* Corrected side effect of printing all data strings as hex.

* Host record references leaks causing applying config to all
innocent clients.

* Memory leak when parsing a domain name

* Fixes to configuration parsing including infinite loop.

* Fixed for unexpected abort caused by a DHCPv6 decline.
For the complete list see the RELNOTES file, that is available
also online at http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-RELNOTES.
- Removed obsolete optional-value-infinite-loop, no-libcrypto
and CVE-2011-0413.bnc667655 patches.
- Merged the dhclient-send-hostname and ldap patches.

Mon Feb 21 13:00:00 2011 mtAATTsuse.de
- dhclient-script: fixed typo causing that only global settings
to set hostname and default route were applied for primary
and never per interface settings (bnc#673792).

Fri Feb 18 13:00:00 2011 mtAATTsuse.de
- Added dhcp-4.2.0-xen-checksum.patch by David Cantrell to handle
xen partial UDP checksums (bnc#668194).

Wed Feb 2 13:00:00 2011 mtAATTsuse.de
- Applied security fix for unexpected abort caused by a DHCPv6
decline message (CVE-2011-0413, VU#686084, bnc#667655).
- Fixed dhclient.conf to request the domain-search option.

Mon Dec 13 13:00:00 2010 mtAATTsuse.de
- Updated to ISC DHCP 4.2.0-P2, a security release fixing the
handling of connection requests on the failover port.
Previously a connection request from a source that wasn\'t
listed as a failover peer would cause the server to become
non-responsive. ([ISC-Bugs #22679] CERT: VU#159528 CVE:
CVE-2010-3616, bnc#659059).

Tue Dec 7 13:00:00 2010 mtAATTsuse.de
- Enable ldap CASA support on SLE only.

Tue Nov 30 13:00:00 2010 mtAATTsuse.de
- Fixed to use same/correct dhcrelay6 interface variables in the
sysconfig file and in the dhcrelay6 init script.

Mon Nov 29 13:00:00 2010 mtAATTsuse.de
- Updated to ISC DHCP 4.2.0-P1 release, providing a security fix to
handle a relay forward message with an unspecified address in the
link address field. Previously such a message would cause the
server to crash. Thanks to a report from John Gibbons.
[ISC-Bugs #21992] CERT: VU#102047 CVE: CVE-2010-3611 (bnc#650902)
The 4.2.0 version is a feature release, implementing asynchronous
DDNS processing and includes \"The LDAP Patch\".
For a complete list of changes from any previous release, please
consult the RELNOTES file within the source distribution or on
the ISC website: http://www.isc.org/software/dhcp/420
- Fixed compilation to avoid segfaults as soon as ldap is enabled,
merged our ldap patches from 4.1.x branch.

Tue Nov 2 13:00:00 2010 mtAATTsuse.de
- Fixed a dhcrelay segfault while receiving packets on interfaces
without any IPv4 address assigned (bnc#631305, reported upsteam
as [ISC-Bugs #22409]).
- Fixed a common infinite loop while parsing options with optional
parts in the value such as in slp-service-scope option (bnc#643845,
reported upsteam as [ISC-Bugs #22410]).
- Fixed init scripts to report correct LSB codes in status action,
when the config file or the binary do not exists (bnc#640336).
- Fixed syntax of a check in the rcdhcrelay[6] (bnc#648580)
- Avoid pid check error message in the rcdhcpd[6] (bnc#646875)

Wed Sep 29 14:00:00 2010 mtAATTsuse.de
- Fixed server lease file path in contrib/listlease and leasestate
changed to extract contrib and examples using setup macro.

Wed Aug 4 14:00:00 2010 mtAATTsuse.de
- Renamed rfc3442-classless-static-routes_raw in /etc/dhclient.conf
to rfc3442-classless-static-routes for compatibility with the
NetworkManager making use of /etc/dhclient.conf now and adopted
/sbin/dhclient-script (bnc#625770).

Tue Jul 27 14:00:00 2010 mtAATTsuse.de
- Fixed ldap option number conflicting with new options (bnc#625358)

Fri Jul 2 14:00:00 2010 mtAATTsuse.de
- Added a fix for an lpf bind error messages making it easier to
localize problems (bnc#617795)

Mon Jun 14 14:00:00 2010 mtAATTsuse.de
- Updated to ISC DHCP 4.1.1-P1 patch release, which contains
a pair of bug fixes including one for a security related bug
(bnc#612546, CVE-2010-2156):

* A bug was fixed that could cause the DHCPv6 server to
advertise/assign a previously allocated (active) lease to a
client that has changed subnets, despite being on different
shared networks. Dynamic prefixes specifically allocated in
shared networks also now are not offered if the client has
moved. [ISC-Bugs #21152]

* Accept a client id of length 0 while hashing. Previously the
server would exit if it attempted to hash a zero length client
id, providing attackers with a simple denial of service attack.
[ISC-Bugs #21253]

Tue May 18 14:00:00 2010 mtAATTsuse.de
- Added rc.dhcrelay6 as source in the spec file

Tue May 11 14:00:00 2010 mtAATTsuse.de
- Fixed dhcprelay scripts to source sysconfig file correctly
- Fixed spec file typo in arping path require, enabled ldap
- Fixed a dhclient option name and new/old ip address check

Fri May 7 14:00:00 2010 mtAATTsuse.de
- Updated to ISC DHCP 4.1.1, the current 4.x series production
release, providing DHCPv6 client/server/relay implementation.
The programs act in DHCPv6 mode, when the -6 start option is set.
We install separate init scripts with a 6 at the end to handle
them, that is /etc/init.d/dhcpd6 and dhrelay6. Further, there is
also a link to the binaries with a 6 at the end, e.g. dhclient6,
making it visible, that the installed version supports DHCPv6.
- Moved additional documentation to a separate dhcp-doc package.
- Changed to provide config files and scripts as source files
instead of patches to the ISC scripts.
- Adopted spec file and config/scripts, merged in all patches.
- Implemented RFC 3442 classless static routes support in the
dhclient-script (bnc#555870).

Thu Apr 29 14:00:00 2010 mtAATTsuse.de
- Updated to ISC DHCP 3.1-ESV, an extended support version release
which includes a small number of bug fixes (bnc#592178) over the
3.1.3 version:

* Modified the handling of a connection to avoid releasing the
omapi io object for the connection while it is still in use.
One symptom from this error was a segfault when a failover
secondary attempted to connect to the failover primary if
their clocks were not synchronized.

* Fix test in dhcp_interface_signal_handler to check that the
inner handler has a signal_handler before calling it.

* When using \'ignore client-updates;\', the FQDN returned to the
client is no longer truncated to one octet.

* Clean up some compiler warnings - ticket 19054.
- Fixed vlan interface check in dhcpd-restart-hook if-up.d script
(bnc#599702)
- Touch dhclient.leases in post-install script instead to provide
an empty file, versioned provides/obsoletes (rpmlint warnings).

Fri Mar 12 13:00:00 2010 mtAATTsuse.de
- Fixed dhclient-script to call ifup -o dhcp and signal \"complete\"
to ifup when all configuration is done (bnc#585380,bnc#518219).

Thu Jan 7 13:00:00 2010 jengelhAATTmedozas.de
- Enable parallel building
- Use large PIE model on all SPARC flavors

Mon Dec 14 13:00:00 2009 mtAATTsuse.de
- Fixed dhclient-script to use correct sysconfig run dir path
to not to break the defaultroute/hostname setup (bnc#555095).
- Don\'t request any specific lease-time by default (bnc#516459).

Fri Oct 16 14:00:00 2009 mtAATTsuse.de
- Fixed dhclient-script to forward new_domain_search as DNSSEARCH
to netconfig.

Tue Oct 13 14:00:00 2009 mtAATTsuse.de
- Updated to dhcp-3.1.3 maintenance release fixing several issues
(a digest, see RELNOTES for the complete list):

* Remove infinite loop in token_print_indent_concat().

* A parser bug was fixed that segfaulted if site-option-space
was tried to be used interchangeably with vendor-option-space.

* Two uninitialized stack structures are now memset to zero,
thanks to patch from David Cantrell at Red Hat.

* Memory leak in the load_balance_mine() function is fixed. This
would leak ~20-30 octets per DHCPDISCOVER packet while failover
was in use and in normal state.

* Fixed setting hostname in Linux hosts that require hostname
argument to be double-quoted. Also allow server-provided
hostname to override hostnames \'localhost\' and \'(none)\'.

* Added client support for setting interface MTU and metric,
thanks to Roy \"UberLord\" Marples .

* Fixed failover reconnection retry code to continue to retry to
reconnect rather than restarting the listener.

* Fixed a bug where an OMAPI socket disconnection message would
not result in scheduling a failover reconnection, if the link
had not negotiated a failover connect yet (e.g.: connection
refused, asynch socket connect() timeouts).

* Versions 3.0.x syntax with multiple name->code option
definitions is now supported. Note that, similarly to 3.0.x,
for by-code lookups only the last option definition is used.

* Fixed a fenceposting bug when a client had two host records
configured, one using \'uid\' and the other using \'hardware
ethernet\'. CVE-2009-1892
- Updated to dhcp-3.1.3-ldap-patch-mt-01 including previous fixes.
- Merged dhclient script, removed obsolete CVE-2009-1892 fix.

Tue Sep 29 14:00:00 2009 mtAATTsuse.de
- Replaced mt-02 ldap patch from old git repository with equivalent
one (dhcp-3.1.2p1-ldap-patch-mt-02) from a new repository with
fixed patch history (http://www.suse.de/~mt/git/dhcp-ldap.git/).

Wed Aug 12 14:00:00 2009 mtAATTsuse.de
- Added dhcpd-restart-hook if-up.d script that restarts dhcp server
while network restart when a virtual interfaces as bridge, bond
or vlan goes up again (bnc#517810).

Wed Jul 29 14:00:00 2009 mtAATTsuse.de
- Applied fix for a dhcp client id DoS (CVE-2009-1892, bnc#519413).

Wed Jul 29 14:00:00 2009 mtAATTsuse.de
- Updated to dhcp-3.1.2p1 maintenance release fixing following
issues:

* A stack overflow vulnerability was fixed in dhclient that could
allow remote attackers to execute arbitrary commands as root on
the system, or simply terminate the client, by providing an
over-long subnet-mask option.

* A double-dereference in dhclient transmission of DHCPDECLINEs
was repaired.

* Fix handling of -A and -a flags in dhcrelay; it was failing
to expand packet size as needed to add relay agent options.

* Corrected list of failover state values in dhcpd man page.

* Fixed a bug that caused some request types to be logged
incorrectly.

* Fixed a coredump when adding a class via OMAPI.

* Clients that sent a parameter request list containing the
routers option before the subnet mask option were receiving
only the latter. Fixed.

* The server wasn\'t always sending the FQDN option when it should.

* A partner-down failover server no longer emits \'peer holds all
free leases\' if it is able to newly-allocate one of the peer\'s
leases.

* A cosmetic bug in DHCPDECLINE processing was fixed which caused
all successful DHCPDECLINEs to be logged as \"not found\" rather
than \"abandoned\".

* Some failover debugging #defines have been better defined and
some high frequency messages moved to a deeper debugging symbol.

* The CLTT parameter in failover is now only updated by client
activity, and not by failover binding updates.

* Failover BNDUPD messages are now discarded if they conflict with
an update that has been trasnmitted, but not acknowledged.

* A bug cleaning up unknown-xxx temporary option definitions was
fixed.
- Removed obsolete dhclient-no-dereference-twice patch
- Improved dhclient-script to apply global dhcp settings, when
there is no interface config (bnc#480922).
- Enabled casa support in dhcp-ldap for >= sles 10 and => 11.1.
- Updated dhcp-3.1.2p1-ldap-patch-mt.11.2-02 merging all patches
flying around -- see http://www.suse.de/~mt/git/dhcp-ldap.git
and the git changelog at the begin of the patch.

Mon Jan 19 13:00:00 2009 mtAATTsuse.de
- Fixed dhclient-script to apply a dhcp provided MTU (bnc#467358).

Thu Jan 15 13:00:00 2009 mtAATTsuse.de
- Fix message about missed service/server association (bnc#392354).
- Applied missed patch with support for dhcpFailOverPeer objects
(failover peering definition) by S Kalyanasundaram (fate#303198).

Thu Jan 15 13:00:00 2009 mtAATTsuse.de
- Fixed init script to copy nsswitch.conf and all libnss libs to
the chroot jail to fix resolving via /etc/hosts (bnc#462851).

Tue Dec 16 13:00:00 2008 mtAATTsuse.de
- Fixed init scripts Required-Start/Stop tags to require network-
remotefs script, so all interfaces are up while start.

Wed Nov 26 13:00:00 2008 cooloAATTsuse.de
- prereq sysconfig to avoid warnings about missing
/etc/sysconfig/dhcp

Mon Nov 24 13:00:00 2008 mtAATTsuse.de
- Removed network-number request from dhclient.conf (bnc#443788).

Tue Nov 11 13:00:00 2008 mtAATTsuse.de
- Fixed dhclient-script to apply DHCLIENT_SET_HOSTNAME and
SET_DEFAULT_ROUTE policy correctly and inclusive of per
interface setings (bnc#426650).
- Fixed dhclient-script to make sure, the host name is set
as short-name even dhcp provides fqdn (bnc#418168)
- Fixed dhclient-script to translate all known dhcp options
to netconfig variables and unknown with dhclient prefix.
- Fixed dhclient.conf to request all netbios dhcp-options,
added also nds and mtu options.

Fri Sep 12 14:00:00 2008 mtAATTsuse.de
- Removed one of two option_state_dereference calls in dhclient.c
causing null pointer messages (not critical) in the log.
- Fixed a forgotten fi typo in the dhclient-script

Mon Sep 8 14:00:00 2008 mtAATTsuse.de
- Updated to dhcp-3.1.1, providing following major new features
compared to its 3.0.x derivative:

* A significantly enhanced Failover protocol implementation,
which:
+ Implements MAC Address Affinity to reduce the frequency
of clients being assigned new IP addresses;
+ Supports the assignment of failover-protected addresses
to legacy BOOTP clients;
+ Implements a dynamic lease reservation system that provides
improved accounting of the use of fixed address assignments,
by allocating fixed addresses out of the pool of dynamic leases
+ Improves tools and reduces operator oversight necessary for
maintaining a functioning system.

* Support for DHCP leasequery, and the VIVCO/VIVSO options, which
makes easy and comfortable integration with DOCSIS devices and
the environment in which they are used.

* Management of class and subclass statements via OMAPI

* Several server configuration options related to dynamic DNS
behavior

* Other new configuration functions, including \"execute()\",
which runs a shell command from within a dhcpd or dhclient
configuration file
For a full list of new features added in this release, please
observe the changes list.
- Adopted/merged patches, dropped obsolete dhcdbd (NM) patches.

Fri Aug 22 14:00:00 2008 mtAATTsuse.de
- Adopted dhclient-script and manual page to use /sbin/netconfig
that is replacing the modify_resolvconf mechanizm by default.

Wed Aug 20 14:00:00 2008 mtAATTsuse.de
- Updated to dhcp-3.0.7, a maintenance release containing several
bug fixes; since the 3.0.6 release this are:

* Fixed \"--version\" flag in dhcrelay.

* Clarified error message when lease limit exceeded

* Fixed a buffer overflow error which could have allowed a denial
of service under unusual server configurations

* Bug in octal parsing fixed. Thanks to Bernd Fuhrmann for the
report and fix.

* The warning logged when an address range doesn\'t fit in the
subnets they were declared has been updated to be more helpful
and identify the typo in configuration that created the
spanning addresses.

* The \'min-secs\' configuration parameter\'s log message has been
updated to be more helpful.

* Fixed a bug in which write_lease() might report a failure
incorrectly.

* Bug in server configuration parser caused server to get stuck
on startup for certain bad pool declarations. Thanks to
Guillaume Knispel for the bug report and fix.

* Fixed file descriptor leak on listen failure. Thanks to Tom
Clark.

* Failover binding acks are now transmitted before new binding
updates (which may, very rarely, be related to a lease on the
ack queue). This eliminates a lease database inconsistency
bug, as the remote system relies upon the most recent message
it received from its peer.

* POOLREQ messages received within 30 seconds of one another are
ignored.

* \'lease imbalance\' messages are not logged unless rebalance was
actually attempted (\"ten percent\" rule).

* A bug was fixed where the \'giaddr\' may be used to find the
client\'s subnet rather than its own \'ciaddr\'.

* A log message was introduced to clarify the situation where a
failover \'address\' parameter (the server\'s local address) did
not resolve to an IPv4 address.

* When server is configured with options that it overrides, a
warning is issued when the configuration file is read, rather
than at the time the option is overridden. This was important,
because the warning was given every time the option was
overridden, which could create a lot of unnecessary logging.

* When a failover server suspects it has encountered a peer
running a version 3.1.x failover server, a warning that the
failover wire protocol is incompatible is printed.

* The failover server no longer issues a floating point error
if it encounters a previously undefined option code.

* A memory leak when using omapi has been fixed.
- Adopted dhcp-send-hostname-rml patch
- Removed obsolete dhcp-3.0.5-pool_eof patch
- Merged changes between server:isc-dhcp and openSUSE:Factory
- Removed down parameter from ifconfig calls in dhclient-script
because it destroys bonding interfaces and also conflicts with
an dhcpv6 client running on same interface (bnc#410905).

Wed Aug 20 14:00:00 2008 skalyanasundaramAATTnovell.com
- Added missing DNs (dhcpZoneDN, dhcpFailOverPeerDN) to list of
external references.

Fri Jun 27 14:00:00 2008 mtAATTsuse.de
- Added /etc/openldap directory to the file list of the dhcp-server
package, because it is not provided by the ldap package any more.

Fri May 23 14:00:00 2008 mtAATTsuse.de
- Don\'t set parts of host error messages as hostname (bnc#389668).

Mon May 19 14:00:00 2008 mtAATTsuse.de
- Documentation updates for DDNS-howto.txt (bnc#359977).

Fri Apr 4 14:00:00 2008 mtAATTsuse.de
- Changed the list of dhcp options required by the dhcp-client in
the server response to not to enforce the domain-name-servers
option availiability (bnc#331964).
- Fixed too long error messages server init script (bnc#353589).
- Renamed/renumbered patches modifying the dhclient.conf file.
- Fixed the dhclient-script to add explicit host route to default
gateway when it is not reachable via interface route created by
ifconfig based on the IP and netmask (e.g. /32) values provided
by dhcp server (bnc#266215).
- Fixed ntp configuration feature in dhclient-script to try-restart
the ntp service to apply the server changes. Changed to use new
per interface server list to avoid merge problems (bnc#375746).

Tue Apr 1 14:00:00 2008 mkoenigAATTsuse.de
- remove dir /usr/share/omc/svcinfo.d as it is provided now
by filesystem

Tue Dec 4 13:00:00 2007 mtAATTsuse.de
- Bug #343069: Added dhcp-server compatibility workaround to search
for lower- and upper-case MAC addresses in the dhcpHWAddress LDAP
attributes. New patch: dhcp-3.0.6-ldap-patch_hwaddr-icase.dif

Mon Nov 19 13:00:00 2007 mtAATTsuse.de
- Disabled script setting in the /etc/dhclient.conf,
because it overrides the -sf command line option.

Fri Aug 24 14:00:00 2007 mtAATTsuse.de
- Removed getcfg interface config to interface name conversions

Mon Jul 30 14:00:00 2007 thoenigAATTsuse.de
- dhcp-3.0.3-dhclient-script-dhcdbd.patch: dbus-send is now located
in /bin

Thu Jul 19 14:00:00 2007 mtAATTsuse.de
- Updated to 3.0.6, a maintenance release containing fixes
for bugs discovered since DHCP 3.0.5, but no new features.
See the RELNOTES file for full list of changes.
- Adopted dhcp-3.0rc10.filedes.dif patch
new patch file name: dhcp-3.0.6-dhclient-exec-filedes.dif
- Bug #289933: Let dhclient request netbios-name-servers as well;
old patch file name: dhcp-3.0.5-dhclient-nis-ntp.patch
new patch file name: dhcp-3.0.6-dhclient-requests-conf.patch
- Removed $local_fs from init-scripts, included in $remote_fs.

Wed Jun 27 14:00:00 2007 anschneiderAATTsuse.de
- Added support for ntpd runtime configuration
new patch file: dhcp-3.0.6-dhclient-script-ntp-runtime.patch

Wed Jun 27 14:00:00 2007 lmuelleAATTsuse.de
- Let dhclient request ntp-servers by default.

Tue May 22 14:00:00 2007 mtAATTsuse.de
- Bug 275592: Added ldap and ndsd to the Should-Start/Stop LSB
init info tags of the dhcp-server init script.
- Bug #241113: Added copying of /etc/openldap/ldap.conf and
more base libraries into the chroot jail.

Mon May 14 14:00:00 2007 mtAATTsuse.de
- Bug #265337: Fix to generate proper \"host ... {\" block begin
brace even if no harware address is specified for the host.
New patch file: dhcp-3.0.5-ldap-patch_host_brace.dif
- Bug #258493: Fix to support new dhcpServerDN reference in
dhcpService object search filter.
New patch file: dhcp-3.0.5-ldap-patch_server_dn.dif
- Fixed LSB init info to use LSB 2.0 Should-Start/Should-Stop.

Thu Mar 15 13:00:00 2007 mtAATTsuse.de
- Bug #181212: Improved dhcp init-script to copy directories
specified in the DHCPD_CONF_INCLUDE_FILES sysconfig variable
into the chroot jail.

Wed Mar 14 13:00:00 2007 mtAATTsuse.de
- Bug #247365: Added installation of dhcp-server SuSEfirewall2
service definition file.

Tue Mar 13 13:00:00 2007 mtAATTsuse.de
- Updated to dhcp-3.0.5-ldap-patch.gz, released on 2007-02-23
fixing a parsing bug in dhcpd-conf-to-ldap.pl script to handle
correctly quoted string containing spaces.
Further, it includes our fixes and obsoletes following patches:

* dhcp-3.0.5-ldap-patch-strncat.dif

* dhcp-3.0.5-ldap-patch-casa-fix.dif

* dhcp-3.0.5-ldap-patch-dhcp-cn.dif

* dhcp-3.0.5-ldap-patch-schema.dif

* dhcp-3.0.5-ldap-patch-nomd5.dif

* dhcp-3.0.5-ldap-patch-referrals.dif

* dhcp-3.0.5-ldap-patch-ssl-opts.dif

* dhcp-3.0.5-ldap-patch-ldap_read.dif
- Bug #250153: Fix for object order related parse error, that
occured in case an dhcp-ldap object referencing a dhcp-tsigkey,
class or failoverpeer object was parsed before the declaration
of the referenced objects, because of the order in ldap result.
New patch file: dhcp-3.0.5-ldap-patch_object-order.dif

Tue Feb 20 13:00:00 2007 mtAATTsuse.de
- Bug #162186: Added check for EOF in parse_pool_statement to
avoid endless recursion loop between parse_pool_statement
and parse_statement when a closing right brace \"}\" is missed
at the end of a pool declaration in /etc/dhcpd.conf.
New patch file: dhcp-3.0.5-pool_eof.dif
- Fixed ldap_read_function to avoid returning of empty strings
causing parsing errors in ldap-dynamic mode.
New patch file: dhcp-3.0.5-ldap-patch-ldap_read.dif

Thu Jan 25 13:00:00 2007 mtAATTsuse.de
- Updated to dhcp-3.0.5-ldap-patch.gz, providing several fixes:

* unbind from the LDAP server after the config file has been ran
if the server is being ran in static mode

* fixed ldap_read_function bug where the entire configuration
was not being processed
and extensions / enhancements:

* added functions for reading config values from the config
file to clean up the ldap_start() function.

* new ldap-server-cn option that will be used to locate the
data in ldap; defaults to the hostname as before (FATE #227).

* while host is added in the ldap-method dynamic mode, try to
find if it belongs to a group and apply the group options too.

* modifies the dhcpHWAddress attribute to case-insensitive, adds
several new objectclasses, e.g. dhcpLocator, dhcpTsigKey,
dhcpDnsZone,dhcpFailOver to the dhcp.schema.

* implements support for dhcpTsigKey, dhcpDnsZone and related.

* implements auth password query via casa.
- Adopted ldap-patch-strncat, removed ldap-patch-nossl obsoleted by
ldap-patch-nomd5. New patch: dhcp-3.0.5-ldap-patch-strncat.dif
- Added dhcp-3.0.5-ldap-patch-nomd5.dif linking the dhcp-server
with md5 functions from openssl library instead of own copy.
- Added dhcp-3.0.5-ldap-patch-casa-fix.dif, fixing casa support
- Added dhcp-3.0.5-ldap-patch-dhcp-cn.dif, renaming the dhcpd.conf
ldap-server-cn option to more clear ldap-dhcp-server-cn.
- dhcp-3.0.5-ldap-patch-schema.dif
- Added dhcp-3.0.5-ldap-patch-referrals.dif, implementing support
for LDAP referrals, introducing new \"ldap-referrals \"
option in dhcpd.conf.
- Added dhcp-3.0.5-ldap-patch-ssl-opts.dif enabling/implementing
TLS/LDAPS support. Adds new \"ldap-ssl \"
and several \"ldap-tls-
*\" options for dhcpd.conf. By default, the
server trys to use TLS if possible, but continues without if not.

Tue Jan 9 13:00:00 2007 mtAATTsuse.de
- Added installation of dhcpd.xml, dhcpd service description
for omc xml-service-provider, fate #301710.
- fix of the ldap-patch strncat fix, bug #202648

Wed Nov 8 13:00:00 2006 mtAATTsuse.de
- fix for strncat usage in ldap-patch, bug #202648

Tue Nov 7 13:00:00 2006 mtAATTsuse.de
- updated to 3.0.5, bug #212310:

* This release is a maintenance release that seeks to correct bugs
introduced in 3.0.4 or prior. The most important of these bugs
is for 64-bit time_t systems that was introduced in 3.0.4.

* If you are upgrading from ISC DHCP 3.0.3 or prior and are using
failover, please take special care of the \'atsfp\' values now
included on failover-controlled leases. See the RELNOTES file.
- adopted dhcp-3.0.4-tmpfile.dif (now dhcp-3.0.5-tmpfile.dif)
- added to provide gpg signature of the tar archive as rpm-source

Tue Oct 17 14:00:00 2006 poemlAATTsuse.de
- there is no SuSEconfig.syslog script anymore, thus remove the
YaST hint from the sysconfig template


 
ICM