SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for dhcp-devel-4.2.1-0.24.1.i586.rpm :
Fri Dec 9 13:00:00 2011 mtAATTsuse.com
- Applied security fix for a DoS due to processing certain regular
expressions, extracted from 4.2.3-P1 (bnc#735610, CVE-2011-4539):

* Add a check for a null pointer before calling the regexec function.
Without out this check we could, under some circumstances, pass
a null pointer to the regexec function causing it to segfault.
Thanks to a report from BlueCat Networks. [ISC-Bugs #26704]

Tue Aug 30 14:00:00 2011 mtAATTsuse.com
- Applied fixes extracted from dhcp-4.1-ESV-R1..R3 correcting
two denial of service flaws via crafted BOOTP packets
(CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653).
- Moved server pid files into chroot directory even chroot is
not used and create a link in /var/run, so it can write one
when started as user without chroot and avoid stop problems
when the chroot sysconfig setting changed (bnc#712438).
- Fixed dhclient-script to not remove alias IP when it didn\'t
changed to not wipe out iptables connmark when renewing the
lease (bnc#700771). Thanks to James Carter for the patch.
- Removed GPL licensed files (bind-
*/contrib/dbus) from bind.tgz
to ensure, they\'re not used to build non-GPL dhcp (bnc#714004).
- Disabled log-info level messages in dhclient(6) quiet mode to
avoid excessive logging of non-critical messages (bnc#711420).

Tue May 3 14:00:00 2011 mtAATTsuse.de
- Fixed dhclient-script typo causing ISC DHCPv6 client to execute
ifup pre-down scripts also while renew, when the ipv6 address
did not changed (bnc#690859).

Wed Apr 6 14:00:00 2011 mtAATTsuse.de
- Relaxed the check of the domain-name option causing a regression,
when the server is misusing it to provide a domain list and does
not provide it using the domain-search option (bnc#675052).

Thu Mar 31 14:00:00 2011 mtAATTsuse.de
- Discard string options such as host and domain names containing
disallowed characters or beeing too long. This proctive patch
limits root-path to a-zA-Z0-9, #%+-_:.,AATT~/\\[]= and a space
(bnc#675052, CVE-2011-0997).

Thu Mar 31 14:00:00 2011 mtAATTsuse.de
- Updated to ISC DHCP 4.2.1 release (bnc#680298), that provides
following fixes (digest):

* Several fixes to OMAPI, cleanup of dereferenced pointers in
the omapi handle, handling of pipe failures and status code
in omapi signal handler that may cause connect failure and
100% CPU use.

* Handle some DDNS corner cases better

* Several fixes to lease input and output

* Corrected side effect of printing all data strings as hex.

* Host record references leaks causing applying config to all
innocent clients.

* Memory leak when parsing a domain name

* Fixes to configuration parsing including infinite loop.

* Fixed for unexpected abort caused by a DHCPv6 decline.
For the complete list see the RELNOTES file, that is available
also online at http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-RELNOTES.
- Removed obsolete optional-value-infinite-loop, no-libcrypto
and CVE-2011-0413.bnc667655 patches.
- Merged the dhclient-send-hostname and ldap patches.

Mon Feb 21 13:00:00 2011 mtAATTsuse.de
- dhclient-script: fixed typo causing that only global settings
to set hostname and default route were applied for primary
and never per interface settings (bnc#673792).

Fri Feb 18 13:00:00 2011 mtAATTsuse.de
- Added dhcp-4.2.0-xen-checksum.patch by David Cantrell to handle
xen partial UDP checksums (bnc#668194).

Wed Feb 2 13:00:00 2011 mtAATTsuse.de
- Applied security fix for unexpected abort caused by a DHCPv6
decline message (CVE-2011-0413, VU#686084, bnc#667655).
- Fixed dhclient.conf to request the domain-search option.

Mon Dec 13 13:00:00 2010 mtAATTsuse.de
- Updated to ISC DHCP 4.2.0-P2, a security release fixing the
handling of connection requests on the failover port.
Previously a connection request from a source that wasn\'t
listed as a failover peer would cause the server to become
non-responsive. ([ISC-Bugs #22679] CERT: VU#159528 CVE:
CVE-2010-3616, bnc#659059).

Tue Dec 7 13:00:00 2010 mtAATTsuse.de
- Enable ldap CASA support on SLE only.

Tue Nov 30 13:00:00 2010 mtAATTsuse.de
- Fixed to use same/correct dhcrelay6 interface variables in the
sysconfig file and in the dhcrelay6 init script.

Mon Nov 29 13:00:00 2010 mtAATTsuse.de
- Updated to ISC DHCP 4.2.0-P1 release, providing a security fix to
handle a relay forward message with an unspecified address in the
link address field. Previously such a message would cause the
server to crash. Thanks to a report from John Gibbons.
[ISC-Bugs #21992] CERT: VU#102047 CVE: CVE-2010-3611 (bnc#650902)
The 4.2.0 version is a feature release, implementing asynchronous
DDNS processing and includes \"The LDAP Patch\".
For a complete list of changes from any previous release, please
consult the RELNOTES file within the source distribution or on
the ISC website: http://www.isc.org/software/dhcp/420
- Fixed compilation to avoid segfaults as soon as ldap is enabled,
merged our ldap patches from 4.1.x branch.

Tue Nov 2 13:00:00 2010 mtAATTsuse.de
- Fixed a dhcrelay segfault while receiving packets on interfaces
without any IPv4 address assigned (bnc#631305, reported upsteam
as [ISC-Bugs #22409]).
- Fixed a common infinite loop while parsing options with optional
parts in the value such as in slp-service-scope option (bnc#643845,
reported upsteam as [ISC-Bugs #22410]).
- Fixed init scripts to report correct LSB codes in status action,
when the config file or the binary do not exists (bnc#640336).
- Fixed syntax of a check in the rcdhcrelay[6] (bnc#648580)
- Avoid pid check error message in the rcdhcpd[6] (bnc#646875)

Wed Sep 29 14:00:00 2010 mtAATTsuse.de
- Fixed server lease file path in contrib/listlease and leasestate
changed to extract contrib and examples using setup macro.

Wed Aug 4 14:00:00 2010 mtAATTsuse.de
- Renamed rfc3442-classless-static-routes_raw in /etc/dhclient.conf
to rfc3442-classless-static-routes for compatibility with the
NetworkManager making use of /etc/dhclient.conf now and adopted
/sbin/dhclient-script (bnc#625770).

Tue Jul 27 14:00:00 2010 mtAATTsuse.de
- Fixed ldap option number conflicting with new options (bnc#625358)

Fri Jul 2 14:00:00 2010 mtAATTsuse.de
- Added a fix for an lpf bind error messages making it easier to
localize problems (bnc#617795)

Mon Jun 14 14:00:00 2010 mtAATTsuse.de
- Updated to ISC DHCP 4.1.1-P1 patch release, which contains
a pair of bug fixes including one for a security related bug
(bnc#612546, CVE-2010-2156):

* A bug was fixed that could cause the DHCPv6 server to
advertise/assign a previously allocated (active) lease to a
client that has changed subnets, despite being on different
shared networks. Dynamic prefixes specifically allocated in
shared networks also now are not offered if the client has
moved. [ISC-Bugs #21152]

* Accept a client id of length 0 while hashing. Previously the
server would exit if it attempted to hash a zero length client
id, providing attackers with a simple denial of service attack.
[ISC-Bugs #21253]

Tue May 18 14:00:00 2010 mtAATTsuse.de
- Added rc.dhcrelay6 as source in the spec file

Tue May 11 14:00:00 2010 mtAATTsuse.de
- Fixed dhcprelay scripts to source sysconfig file correctly
- Fixed spec file typo in arping path require, enabled ldap
- Fixed a dhclient option name and new/old ip address check

Fri May 7 14:00:00 2010 mtAATTsuse.de
- Updated to ISC DHCP 4.1.1, the current 4.x series production
release, providing DHCPv6 client/server/relay implementation.
The programs act in DHCPv6 mode, when the -6 start option is set.
We install separate init scripts with a 6 at the end to handle
them, that is /etc/init.d/dhcpd6 and dhrelay6. Further, there is
also a link to the binaries with a 6 at the end, e.g. dhclient6,
making it visible, that the installed version supports DHCPv6.
- Moved additional documentation to a separate dhcp-doc package.
- Changed to provide config files and scripts as source files
instead of patches to the ISC scripts.
- Adopted spec file and config/scripts, merged in all patches.
- Implemented RFC 3442 classless static routes support in the
dhclient-script (bnc#555870).

Thu Apr 29 14:00:00 2010 mtAATTsuse.de
- Updated to ISC DHCP 3.1-ESV, an extended support version release
which includes a small number of bug fixes (bnc#592178) over the
3.1.3 version:

* Modified the handling of a connection to avoid releasing the
omapi io object for the connection while it is still in use.
One symptom from this error was a segfault when a failover
secondary attempted to connect to the failover primary if
their clocks were not synchronized.

* Fix test in dhcp_interface_signal_handler to check that the
inner handler has a signal_handler before calling it.

* When using \'ignore client-updates;\', the FQDN returned to the
client is no longer truncated to one octet.

* Clean up some compiler warnings - ticket 19054.
- Fixed vlan interface check in dhcpd-restart-hook if-up.d script
(bnc#599702)
- Touch dhclient.leases in post-install script instead to provide
an empty file, versioned provides/obsoletes (rpmlint warnings).

Fri Mar 12 13:00:00 2010 mtAATTsuse.de
- Fixed dhclient-script to call ifup -o dhcp and signal \"complete\"
to ifup when all configuration is done (bnc#585380,bnc#518219).

Thu Jan 7 13:00:00 2010 jengelhAATTmedozas.de
- Enable parallel building
- Use large PIE model on all SPARC flavors

Mon Dec 14 13:00:00 2009 mtAATTsuse.de
- Fixed dhclient-script to use correct sysconfig run dir path
to not to break the defaultroute/hostname setup (bnc#555095).
- Don\'t request any specific lease-time by default (bnc#516459).

Fri Oct 16 14:00:00 2009 mtAATTsuse.de
- Fixed dhclient-script to forward new_domain_search as DNSSEARCH
to netconfig.

Tue Oct 13 14:00:00 2009 mtAATTsuse.de
- Updated to dhcp-3.1.3 maintenance release fixing several issues
(a digest, see RELNOTES for the complete list):

* Remove infinite loop in token_print_indent_concat().

* A parser bug was fixed that segfaulted if site-option-space
was tried to be used interchangeably with vendor-option-space.

* Two uninitialized stack structures are now memset to zero,
thanks to patch from David Cantrell at Red Hat.

* Memory leak in the load_balance_mine() function is fixed. This
would leak ~20-30 octets per DHCPDISCOVER packet while failover
was in use and in normal state.

* Fixed setting hostname in Linux hosts that require hostname
argument to be double-quoted. Also allow server-provided
hostname to override hostnames \'localhost\' and \'(none)\'.

* Added client support for setting interface MTU and metric,
thanks to Roy \"UberLord\" Marples .

* Fixed failover reconnection retry code to continue to retry to
reconnect rather than restarting the listener.

* Fixed a bug where an OMAPI socket disconnection message would
not result in scheduling a failover reconnection, if the link
had not negotiated a failover connect yet (e.g.: connection
refused, asynch socket connect() timeouts).

* Versions 3.0.x syntax with multiple name->code option
definitions is now supported. Note that, similarly to 3.0.x,
for by-code lookups only the last option definition is used.

* Fixed a fenceposting bug when a client had two host records
configured, one using \'uid\' and the other using \'hardware
ethernet\'. CVE-2009-1892
- Updated to dhcp-3.1.3-ldap-patch-mt-01 including previous fixes.
- Merged dhclient script, removed obsolete CVE-2009-1892 fix.

Tue Sep 29 14:00:00 2009 mtAATTsuse.de
- Replaced mt-02 ldap patch from old git repository with equivalent
one (dhcp-3.1.2p1-ldap-patch-mt-02) from a new repository with
fixed patch history (http://www.suse.de/~mt/git/dhcp-ldap.git/).

Wed Aug 12 14:00:00 2009 mtAATTsuse.de
- Added dhcpd-restart-hook if-up.d script that restarts dhcp server
while network restart when a virtual interfaces as bridge, bond
or vlan goes up again (bnc#517810).

Wed Jul 29 14:00:00 2009 mtAATTsuse.de
- Applied fix for a dhcp client id DoS (CVE-2009-1892, bnc#519413).

Wed Jul 29 14:00:00 2009 mtAATTsuse.de
- Updated to dhcp-3.1.2p1 maintenance release fixing following
issues:

* A stack overflow vulnerability was fixed in dhclient that could
allow remote attackers to execute arbitrary commands as root on
the system, or simply terminate the client, by providing an
over-long subnet-mask option.

* A double-dereference in dhclient transmission of DHCPDECLINEs
was repaired.

* Fix handling of -A and -a flags in dhcrelay; it was failing
to expand packet size as needed to add relay agent options.

* Corrected list of failover state values in dhcpd man page.

* Fixed a bug that caused some request types to be logged
incorrectly.

* Fixed a coredump when adding a class via OMAPI.

* Clients that sent a parameter request list containing the
routers option before the subnet mask option were receiving
only the latter. Fixed.

* The server wasn\'t always sending the FQDN option when it should.

* A partner-down failover server no longer emits \'peer holds all
free leases\' if it is able to newly-allocate one of the peer\'s
leases.

* A cosmetic bug in DHCPDECLINE processing was fixed which caused
all successful DHCPDECLINEs to be logged as \"not found\" rather
than \"abandoned\".

* Some failover debugging #defines have been better defined and
some high frequency messages moved to a deeper debugging symbol.

* The CLTT parameter in failover is now only updated by client
activity, and not by failover binding updates.

* Failover BNDUPD messages are now discarded if they conflict with
an update that has been trasnmitted, but not acknowledged.

* A bug cleaning up unknown-xxx temporary option definitions was
fixed.
- Removed obsolete dhclient-no-dereference-twice patch
- Improved dhclient-script to apply global dhcp settings, when
there is no interface config (bnc#480922).
- Enabled casa support in dhcp-ldap for >= sles 10 and => 11.1.
- Updated dhcp-3.1.2p1-ldap-patch-mt.11.2-02 merging all patches
flying around -- see http://www.suse.de/~mt/git/dhcp-ldap.git
and the git changelog at the begin of the patch.


  
ICM