SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for dhcp-devel-4.2.2-6.3.test.1.i586.rpm :

* Fri Dec 09 2011 mtAATTsuse.com- Applied security fix for a DoS due to processing certain regular expressions, extracted from 4.2.3-P1 (bnc#735610, CVE-2011-4539):
* Add a check for a null pointer before calling the regexec function. Without out this check we could, under some circumstances, pass a null pointer to the regexec function causing it to segfault. Thanks to a report from BlueCat Networks. [ISC-Bugs #26704]
* Fri Sep 30 2011 cooloAATTsuse.com- add libtool as buildrequire to make the spec file more reliable
* Tue Sep 06 2011 mtAATTsuse.com- Commented out all configuration examples in /etc/dhcpd.conf and dhcp6.conf (bnc#715473).- Enabled dhcp6.rapid-commit in /etc/dhclient6.conf config file.- Removed useless provides/obsoletes from spec file.
* Wed Aug 31 2011 mtAATTsuse.com- Set the DHCPD_CONF_INCLUDE_FILES and the DHCPD6_CONF_INCLUDE_FILES variables to /etc/dhcpd.d and /etc/dhcpd6.d by default, so there are well-defined directories expected to contain additional config files (bnc#690585).
* Mon Aug 29 2011 mtAATTsuse.de- Updated to ISC dhcp-4.2.2 release, providing two security fixes (CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that allowed remote attackers to cause a denial of service (a daemon exit) via crafted BOOTP packets. Further also DNS update fix to detect overlapping pools or misconfigured fixed-address entries, that caused a server crash during DNS update and other fixes. For a complete list, please see the RELNOTES file provided in the package and also available online at http://www.isc.org/.- Merged/adopted dhclient option-checks, send-hostname-rml, ldap patch, xen-checksum, close-on-exec patches and removed obsolete in6_pktinfo-prototype and relay-no-ip-on-interface patches.- Moved server pid files into chroot directory even chroot is not used and create a link in /var/run, so it can write one when started as user without chroot and avoid stop problems when the chroot sysconfig setting changed (bnc#712438).- Disabled log-info level messages in dhclient(6) quiet mode to avoid excessive logging of non-critical messages (bnc#711420).- Fixed dhclient-script to not remove alias IP when it didn\'t changed to not wipe out iptables connmark when renewing the lease (bnc#700771). Thanks to James Carter for the patch.- Fixed DDNS-howto.txt reference in the config file; it has been moved to the dhcp-doc package (bnc#697279).- Removed GPL licensed files (bind-
*/contrib/dbus) from bind.tgz to ensure, they\'re not used to build non-GPL dhcp (bnc#714004).- Changed to apply strict-aliasing/RELRO for >= 12.x only
* Wed Jul 20 2011 crrodriguezAATTopensuse.org- Correct previous change.
* Wed Jul 20 2011 crrodriguezAATTopensuse.org- THis is a long running network daemon, link with full RELRO security enhancements.- remove -fno-strict-aliasing from CFLAGS, no longer needed.
* Tue May 17 2011 crrodriguezAATTopensuse.org- Import redhat\'s patch to open all needed FDs with O_CLOEXEC so they dont leak.
* Thu May 12 2011 mtAATTsuse.de- Removed obsolete sles8 compatibility dependencies, fixed to avoid non-functional sles_version conditionals.
* Tue May 10 2011 mtAATTsuse.de- Fixed to not introduce separate dhcp-doc package on sles, use versioned provides/obsoletes, improved conditionals.
* Tue May 03 2011 mtAATTsuse.de- Fixed dhclient-script typo causing ISC DHCPv6 client to execute ifup pre-down scripts also while renew, when the ipv6 address did not changed (bnc#690859).
* Fri Apr 29 2011 mtAATTsuse.de- Implemented optional ldap connect retry loop during the initial startup of the dhcp server in cases where the ldap server is not yet started. Set the ldap-init-retry option in dhcpd.conf to enable it (bnc#627617). Merged in the actual ldap patch.- Cleaned up init script error reporting, no -TERM for killproc.
* Wed Apr 27 2011 mtAATTsuse.de- Updated to ISC dhcp-4.2.1-P1 release, that provides most of the dhclient pretty escape and string option checks. Merged to use relaxed domain-name option check causing a regression, when the server is misusing it to provide a domain list (compatibility to attic clients) and does not provide it via domain-search option; pretty escape semicolon as well (bnc#675052, CVE-2011-0997).
* Thu Mar 31 2011 mtAATTsuse.de- Discard string options such as host and domain names containing disallowed characters or beeing too long. This proctive patch limits root-path to a-zA-Z0-9, #%+-_:.,AATT~/\\[]= and a space (bnc#675052, CVE-2011-0997).
* Thu Mar 31 2011 mtAATTsuse.de- Updated to ISC DHCP 4.2.1 release (bnc#680298), that provides following fixes (digest):
* Several fixes to OMAPI, cleanup of dereferenced pointers in the omapi handle, handling of pipe failures and status code in omapi signal handler that may cause connect failure and 100% CPU use.
* Handle some DDNS corner cases better
* Several fixes to lease input and output
* Corrected side effect of printing all data strings as hex.
* Host record references leaks causing applying config to all innocent clients.
* Memory leak when parsing a domain name
* Fixes to configuration parsing including infinite loop.
* Fixed for unexpected abort caused by a DHCPv6 decline. For the complete list see the RELNOTES file, that is available also online at http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-RELNOTES.- Removed obsolete optional-value-infinite-loop, no-libcrypto and CVE-2011-0413.bnc667655 patches.- Merged the dhclient-send-hostname and ldap patches.
* Mon Feb 21 2011 mtAATTsuse.de- dhclient-script: fixed typo causing that only global settings to set hostname and default route were applied for primary and never per interface settings (bnc#673792).
* Fri Feb 18 2011 mtAATTsuse.de- Added dhcp-4.2.0-xen-checksum.patch by David Cantrell to handle xen partial UDP checksums (bnc#668194).
* Wed Feb 02 2011 mtAATTsuse.de- Applied security fix for unexpected abort caused by a DHCPv6 decline message (CVE-2011-0413, VU#686084, bnc#667655).- Fixed dhclient.conf to request the domain-search option.
* Mon Dec 13 2010 mtAATTsuse.de- Updated to ISC DHCP 4.2.0-P2, a security release fixing the handling of connection requests on the failover port. Previously a connection request from a source that wasn\'t listed as a failover peer would cause the server to become non-responsive. ([ISC-Bugs #22679] CERT: VU#159528 CVE: CVE-2010-3616, bnc#659059).
* Tue Dec 07 2010 mtAATTsuse.de- Enable ldap CASA support on SLE only.
* Tue Nov 30 2010 mtAATTsuse.de- Fixed to use same/correct dhcrelay6 interface variables in the sysconfig file and in the dhcrelay6 init script.
* Mon Nov 29 2010 mtAATTsuse.de- Updated to ISC DHCP 4.2.0-P1 release, providing a security fix to handle a relay forward message with an unspecified address in the link address field. Previously such a message would cause the server to crash. Thanks to a report from John Gibbons. [ISC-Bugs #21992] CERT: VU#102047 CVE: CVE-2010-3611 (bnc#650902) The 4.2.0 version is a feature release, implementing asynchronous DDNS processing and includes \"The LDAP Patch\". For a complete list of changes from any previous release, please consult the RELNOTES file within the source distribution or on the ISC website: http://www.isc.org/software/dhcp/420- Fixed compilation to avoid segfaults as soon as ldap is enabled, merged our ldap patches from 4.1.x branch.
* Tue Nov 02 2010 mtAATTsuse.de- Fixed a dhcrelay segfault while receiving packets on interfaces without any IPv4 address assigned (bnc#631305, reported upsteam as [ISC-Bugs #22409]).- Fixed a common infinite loop while parsing options with optional parts in the value such as in slp-service-scope option (bnc#643845, reported upsteam as [ISC-Bugs #22410]).- Fixed init scripts to report correct LSB codes in status action, when the config file or the binary do not exists (bnc#640336).- Fixed syntax of a check in the rcdhcrelay[6] (bnc#648580)- Avoid pid check error message in the rcdhcpd[6] (bnc#646875)
* Wed Sep 29 2010 mtAATTsuse.de- Fixed server lease file path in contrib/listlease and leasestate changed to extract contrib and examples using setup macro.
* Wed Aug 04 2010 mtAATTsuse.de- Renamed rfc3442-classless-static-routes_raw in /etc/dhclient.conf to rfc3442-classless-static-routes for compatibility with the NetworkManager making use of /etc/dhclient.conf now and adopted /sbin/dhclient-script (bnc#625770).
* Tue Jul 27 2010 mtAATTsuse.de- Fixed ldap option number conflicting with new options (bnc#625358)
* Fri Jul 02 2010 mtAATTsuse.de- Added a fix for an lpf bind error messages making it easier to localize problems (bnc#617795)
* Mon Jun 14 2010 mtAATTsuse.de- Updated to ISC DHCP 4.1.1-P1 patch release, which contains a pair of bug fixes including one for a security related bug (bnc#612546, CVE-2010-2156):
* A bug was fixed that could cause the DHCPv6 server to advertise/assign a previously allocated (active) lease to a client that has changed subnets, despite being on different shared networks. Dynamic prefixes specifically allocated in shared networks also now are not offered if the client has moved. [ISC-Bugs #21152]
* Accept a client id of length 0 while hashing. Previously the server would exit if it attempted to hash a zero length client id, providing attackers with a simple denial of service attack. [ISC-Bugs #21253]
* Tue May 18 2010 mtAATTsuse.de- Added rc.dhcrelay6 as source in the spec file
* Tue May 11 2010 mtAATTsuse.de- Fixed dhcprelay scripts to source sysconfig file correctly- Fixed spec file typo in arping path require, enabled ldap- Fixed a dhclient option name and new/old ip address check
* Fri May 07 2010 mtAATTsuse.de- Updated to ISC DHCP 4.1.1, the current 4.x series production release, providing DHCPv6 client/server/relay implementation. The programs act in DHCPv6 mode, when the -6 start option is set. We install separate init scripts with a 6 at the end to handle them, that is /etc/init.d/dhcpd6 and dhrelay6. Further, there is also a link to the binaries with a 6 at the end, e.g. dhclient6, making it visible, that the installed version supports DHCPv6.- Moved additional documentation to a separate dhcp-doc package.- Changed to provide config files and scripts as source files instead of patches to the ISC scripts.- Adopted spec file and config/scripts, merged in all patches.- Implemented RFC 3442 classless static routes support in the dhclient-script (bnc#555870).
* Thu Apr 29 2010 mtAATTsuse.de- Updated to ISC DHCP 3.1-ESV, an extended support version release which includes a small number of bug fixes (bnc#592178) over the 3.1.3 version:
* Modified the handling of a connection to avoid releasing the omapi io object for the connection while it is still in use. One symptom from this error was a segfault when a failover secondary attempted to connect to the failover primary if their clocks were not synchronized.
* Fix test in dhcp_interface_signal_handler to check that the inner handler has a signal_handler before calling it.
* When using \'ignore client-updates;\', the FQDN returned to the client is no longer truncated to one octet.
* Clean up some compiler warnings - ticket 19054.- Fixed vlan interface check in dhcpd-restart-hook if-up.d script (bnc#599702)- Touch dhclient.leases in post-install script instead to provide an empty file, versioned provides/obsoletes (rpmlint warnings).
* Fri Mar 12 2010 mtAATTsuse.de- Fixed dhclient-script to call ifup -o dhcp and signal \"complete\" to ifup when all configuration is done (bnc#585380,bnc#518219).
* Thu Jan 07 2010 jengelhAATTmedozas.de- Enable parallel building- Use large PIE model on all SPARC flavors
* Mon Dec 14 2009 mtAATTsuse.de- Fixed dhclient-script to use correct sysconfig run dir path to not to break the defaultroute/hostname setup (bnc#555095).- Don\'t request any specific lease-time by default (bnc#516459).
* Fri Oct 16 2009 mtAATTsuse.de- Fixed dhclient-script to forward new_domain_search as DNSSEARCH to netconfig.
* Tue Oct 13 2009 mtAATTsuse.de- Updated to dhcp-3.1.3 maintenance release fixing several issues (a digest, see RELNOTES for the complete list):
* Remove infinite loop in token_print_indent_concat().
* A parser bug was fixed that segfaulted if site-option-space was tried to be used interchangeably with vendor-option-space.
* Two uninitialized stack structures are now memset to zero, thanks to patch from David Cantrell at Red Hat.
* Memory leak in the load_balance_mine() function is fixed. This would leak ~20-30 octets per DHCPDISCOVER packet while failover was in use and in normal state.
* Fixed setting hostname in Linux hosts that require hostname argument to be double-quoted. Also allow server-provided hostname to override hostnames \'localhost\' and \'(none)\'.
* Added client support for setting interface MTU and metric, thanks to Roy \"UberLord\" Marples .
* Fixed failover reconnection retry code to continue to retry to reconnect rather than restarting the listener.
* Fixed a bug where an OMAPI socket disconnection message would not result in scheduling a failover reconnection, if the link had not negotiated a failover connect yet (e.g.: connection refused, asynch socket connect() timeouts).
* Versions 3.0.x syntax with multiple name->code option definitions is now supported. Note that, similarly to 3.0.x, for by-code lookups only the last option definition is used.
* Fixed a fenceposting bug when a client had two host records configured, one using \'uid\' and the other using \'hardware ethernet\'. CVE-2009-1892- Updated to dhcp-3.1.3-ldap-patch-mt-01 including previous fixes.- Merged dhclient script, removed obsolete CVE-2009-1892 fix.
* Tue Sep 29 2009 mtAATTsuse.de- Replaced mt-02 ldap patch from old git repository with equivalent one (dhcp-3.1.2p1-ldap-patch-mt-02) from a new repository with fixed patch history (http://www.suse.de/~mt/git/dhcp-ldap.git/).
* Wed Aug 12 2009 mtAATTsuse.de- Added dhcpd-restart-hook if-up.d script that restarts dhcp server while network restart when a virtual interfaces as bridge, bond or vlan goes up again (bnc#517810).
* Wed Jul 29 2009 mtAATTsuse.de- Applied fix for a dhcp client id DoS (CVE-2009-1892, bnc#519413).
* Wed Jul 29 2009 mtAATTsuse.de- Updated to dhcp-3.1.2p1 maintenance release fixing following issues:
* A stack overflow vulnerability was fixed in dhclient that could allow remote attackers to execute arbitrary commands as root on the system, or simply terminate the client, by providing an over-long subnet-mask option.
* A double-dereference in dhclient transmission of DHCPDECLINEs was repaired.
* Fix handling of -A and -a flags in dhcrelay; it was failing to expand packet size as needed to add relay agent options.
* Corrected list of failover state values in dhcpd man page.
* Fixed a bug that caused some request types to be logged incorrectly.
* Fixed a coredump when adding a class via OMAPI.
* Clients that sent a parameter request list containing the routers option before the subnet mask option were receiving only the latter. Fixed.
* The server wasn\'t always sending the FQDN option when it should.
* A partner-down failover server no longer emits \'peer holds all free leases\' if it is able to newly-allocate one of the peer\'s leases.
* A cosmetic bug in DHCPDECLINE processing was fixed which caused all successful DHCPDECLINEs to be logged as \"not found\" rather than \"abandoned\".
* Some failover debugging #defines have been better defined and some high frequency messages moved to a deeper debugging symbol.
* The CLTT parameter in failover is now only updated by client activity, and not by failover binding updates.
* Failover BNDUPD messages are now discarded if they conflict with an update that has been trasnmitted, but not acknowledged.
* A bug cleaning up unknown-xxx temporary option definitions was fixed.- Removed obsolete dhclient-no-dereference-twice patch- Improved dhclient-script to apply global dhcp settings, when there is no interface config (bnc#480922).- Enabled casa support in dhcp-ldap for >= sles 10 and => 11.1.- Updated dhcp-3.1.2p1-ldap-patch-mt.11.2-02 merging all patches flying around -- see http://www.suse.de/~mt/git/dhcp-ldap.git and the git changelog at the begin of the patch.
  
ICM