SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for dhcp-devel-4.4.3.P1-322.1.x86_64.rpm :

* Thu Dec 07 2023 jorik.cronenbergAATTsuse.com- Revert dhclient-script removal and instead change usleep to sleep (boo#1216822)
* Tue Dec 05 2023 jorik.cronenbergAATTsuse.com- Add new Kea migration assistant subpackage- Switch doc subpackage to noarch
* Thu Nov 02 2023 pvorelAATTsuse.cz- Remove dhclient-script (boo#1216822).
* Tue Dec 27 2022 lnusselAATTsuse.com- Replace transitional %usrmerged macro with regular version check (boo#1206798)
* Fri Dec 09 2022 kukukAATTsuse.com- Add /etc/sysconfig/network hierachy to server file list
* Mon Nov 14 2022 jorik.cronenbergAATTsuse.com- Update to 4.4.3-P1: Bug Fixes:
* Minor corrections were made to allow compilation under gcc 10.
* The logic in dhclient that causes it to decline DHCPv4 leases if the client script exits abnormally (i.e. crashes) has been corrected.
* The limit on the size of a lease file that can be loaded at startup is now only enforced on 32-bit systems.
* The PRNG initialization has been improved. It now uses the configure flag `--with-randomdev=PATH`, which specifies the device from which to read the initial seed. That is typically `/dev/random` (the default value) or `/dev/urandom`, but may be specified otherwise on the local system. The old behavior can be forced by disabling this feature (`--with-randomdev=no`). If the initialization is disabled or reading from the random device fails, the previous algorithm (retrieve the last four bytes of hardware addresses from all network interfaces that have them, and use the current time and process ID) is used.
* A minor dhclient code fix was made to remove compilation warnings.
* The hard-coded MD5 algorithm name was removed in OMAPI connection logic. Previously, using any other algorithm via a key-algorithm statement would allow OMAPI connections to be made, but subsequent actions such as updating an object would fail.
* The parallel build has been improved. Thanks to Sergei Trofimovich for the patch. The parallel build is still experimental, as officially the BIND 9 code does not support the parallel build for libraries.
* Handling of LDAP options (`ldap-gssapi-principal` and `ldap-gssapi-keytab`) has been improved. This is contributed code that has not been tested by ISC. Thank you to Petr Mensik and Pavel Zhukov for the patches!
* It is now possible to use `option -g ipaddr` in the dhcrelay to replace the giaddr sent to clients with the given ipaddr, to work around bogus clients like Solaris 11 grub which use giaddr instead of the announced router (3) to set up their default route. Thanks to Jens Elkner for the patch! New Features:
* Two new OMAPI function calls were added, `dhcpctl_timed_connect()` and `dhcpctl_timed_wait_for_completion()`. These provide timed versions of creating a connection and waiting for an operation to complete.
* The BIND libraries have been updated to the latest version, 9.11.36. This fixes a number of compilation issues on various systems, including OpenWRT. Thanks to Philip Prindeville for testing on OpenWRT.
* Support was added for the new DHCPv4 option v6-only-preferred, specified in RFC 8925. A new reason code, V6ONLY, was added to the client script and the client Linux script sample was updated. This obsoletes the following patches:
* dhcp-CVE-2022-2928.patch
* dhcp-CVE-2022-2929.patch The following patches needed modification:
* 0009-dhcp-4.2.6-close-on-exec.patch
* 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch
* 0016-infiniband-support.patch
* Thu Oct 27 2022 gmbr3AATTopensuse.org- Use %_rundir
* Wed Oct 05 2022 maxAATTsuse.com- bsc#1203988, CVE-2022-2928, dhcp-CVE-2022-2928.patch: An option refcount overflow exists in dhcpd- bsc#1203989, CVE-2022-2929, dhcp-CVE-2022-2929.patch: DHCP memory leak
* Tue Apr 26 2022 maxAATTsuse.com- bsc#1198657: properly handle DHCRELAY(6)_OPTIONS.
* Sat Apr 16 2022 chrisAATTcomputersalat.de- Update dhcpd.service: After: network-online.target
* boo#826319: DHCP gets autostarted too early (network interface not up yet - Systemd/LSB problem) e.g. NM and bridged interface
* Tue Mar 15 2022 kukukAATTsuse.com- Require hostname binary, not package [bsc#1197087]
* Wed Jan 19 2022 manfred99AATTgmx.ch- modify source if-up.d.dhcpd-restart-hook:
* fix option parsing
* do not call /usr/libexec/dhcp/dhcpd directly, use systemd for it
* Mon Jan 17 2022 jsegitzAATTsuse.com- Drop PrivateDevices and ProtectClock hardenings. They clash with the chroot logic (bsc#1194722)
* Fri Jan 14 2022 gmbr3AATTopensuse.org- Add now working CONFIG parameter to sysusers generator
* Tue Oct 26 2021 maxAATTsuse.com- Add a fallback definition for %make_build to fix build on SLE-12.- Handle sysusers with a bcond to improve readability and simplify removal once we don\'t have to support SLE-12 anymore.- bsc#1192020: Drop the obsolete dependency on \"group(nogroup)\".
* Mon Sep 13 2021 jsegitzAATTsuse.com- Added hardening to systemd service(s) (bsc#1181400). Modified:
* dhcpd.service
* dhcpd6.service
* dhcrelay.service
* dhcrelay6.service
* Thu Aug 05 2021 maxAATTsuse.com- bsc#1186249: Remove remaining references to /etc/init.d from dhclient-script and if-up.d.dhcpd-restart-hook .- Use , instead of - or / as a separator in sed when dealing with path names.
* Mon May 31 2021 maxAATTsuse.com- Add -fno-strict-aliasing to CFLAGS to avoid a segfault in dhcpd (boo#1186631).
* Thu May 27 2021 maxAATTsuse.com- Update to 4.4.2-P1:
* CVE-2021-25217, bsc#1186382: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient.- Error out, if %version and %isc_version are not in sync.
* Sun Jan 24 2021 dmuellerAATTsuse.com- update to 4.4.2:
* Please note that that ISC DHCP is now licensed under the Mozilla Public License, MPL 2.0. In general, the areas of focus for ISC DHCP 4.4 were: 1. Dynamic DNS additions 2. dhclient improvements 3. Support for dynamic shared libraries
* Added the interface name to socket initialization failure log messages. Prior to this the log messages stated only the error reason without stating the target interface.
* Corrected buffer pointer logic in dhcrelay functions that manipulate agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities & Mitigations for reporting the issue.
* Corrected unresolved symbol errors building relay_unittests when configured to build using libtool.
* A new configuration parameter, ping-cltt-secs (v4 operation only), has been added to allow the user to specify the number of seconds that must elapse since CLTT before a ping check is conducted. Prior to this, the value was hard coded at 60 seconds. Please see the server man pages for a more detailed discussion.
* A new configuration parameter, ping-timeout-ms (v4 operation only), has been added that allows the user to specify the amount of time the server waits for a ping-check response in milliseconds rather than in seconds (via ping-timeout). When greater than zero, the value of ping-timeout-ms will override the value of ping-timeout. Thanks to Jay Doran from Bluecat Networks for suggesting this feature.
* An experimental tool called, Keama (KEA Migration Assistant), which helps translate ISC DHCP configurations to Kea configurations, is now included in the distribution.
* Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be carried out over TCP rather than UDP. The coding error was exposed by migration to BIND9 9.11. Thanks to Jinmei Tatuya at Infoblox for reporting the issue.
* Bind9 now defaults to requiring python to build. The Makefile for building Bind9 when bundled with ISC DHCP was modified to turn off this dependency.
* Corrected a dual-stack mixed-mode issue that occurs when both ddns-guard-id-must-match and ddns-other-guard-is-dynamic are enabled and that caused the server to incorrectly interpret the presence of a guard record belonging to another client as a case of no guard record at all. Thanks to Fernando Soto from BlueCat Networks for reporting this issue.
* Corrected a compilation issue that occurred when building without DNS update ability (e.g. by undefining NSUPDATE).
* Corrected an issue that was causing the server, when running in DHPCv4 mode, to segfault when class lease limits are reached. Thanks to Peter Nagy at Porion-Digital for reporting the matter and submitting a patch.
* Made minor changes to eliminate warnings when compiled with GCC 9. Thanks to Brett Neumeier for bringing the matter to our attention.
* Fixed potential memory leaks in parser error message generation spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195
* Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks to Tommy Smith for contributing the patch.
* Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for reporting the issue.
* Applied a patch from OpenBSD to always set the scope id of outbound DHPCv6 packets. Note this change only applies when compiling under OpenBSD. Thanks to Brad Smith at OpenBSD from bringing it to our attention.
* Modified dhclient to not discard config file leases that are duplicates of server-provided leases and to retain such leases after they have been used as the fallback active lease and DHCP service has been restored. This allows them to be used more than once during the lifetime of a dhclient instance. This applies to DHCPv4 operation only.
* Corrected a number of reference counter and zero-length buffer leaks. Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for pointing them out.
* Closed a small window of time between the installation of graceful shutdown signal handlers and application context startup, during which the receipt of shutdown signal would cause a REQUIRE() assertion to occur. Note this issue is only visible when compiling with ENABLE_GENTLE_SHUTDOWN defined.
* Corrected a buffer overflow that can occur when retrieving zone names that are more than 255 characters in length.
* The \"d\" domain name option format was incorrectly handled as text instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks for reporting this issue.
* Improved the error message issued when a host declaration has both a uid and a dhcp-client-identifier. Server configuration parsing will now fail if a host declaration specifies more than one uid.
* Updated developer\'s documentation on building and running unit tests. Removed support for --with-atf=bind as BIND9 no longer bundles in ATF source.
* Fixed a syntax error in ldap.c which cropped up under Ubuntu 18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out.
* Added clarification to dhcp-options.5 section on ip-address values describing the first-use DNS resolution of options with hostnames as values (e.g. next-server).
* The option format for the server option omapi-key was changed to a format type \'k\' (key name); while server options ldap-port and ldap-init-retry were changed to \'L\' (unsigned 32-bit integer). These three options were inadvertantly broken when the \'d\' format content was changed to comply with RFC 1035 wire format (see Gitlab #2).
* A delayed-ack value of 0 (the default), now correctly disables the delayed feature. A change in 4.4.0 prohibited lease updates marking leases active from be written to the lease file when delayed-ack is 0. This in turn, caused servers to lose active lease assignments upon restart. ! Option reference count was not correctly decremented in error path when parsing buffer for options. Reported by Felix Wilhelm, Google Security Team. CVE: CVE-2018-5733 ! Corrected an issue where large sized \'X/x\' format options were causing option handling logic to overwrite memory when expanding them to human readable form. Reported by Felix Wilhelm, Google Security Team. CVE: CVE-2018-5732
* Added use of new Bind9 compatibility header files, that are now necessary to supply type definitions for primitive data types, removed from Bind9 proper. Altered util/bind.sh to pull from Bind9 repo on gitlab.
* Duplicate address detection when binding to a new IPv6 address was added to the following dhclient scripts: linux,freebsd,netbsd,openbsd, and macos. The scripts will check for DAD errors after binding to a new IPv6 address for at most --dad-wait-time seconds. If a DAD error is detected the script will exit with a value of 3, instructing dhclient to decline the address. If dad-wait-time is zero (the default), DAD error checking is not peformed.
* Support for sending and receiving additional DHCP4 options has been added to both the dhcpd and dhclient. Specifically: option codes 93,94, and 97 (RFC 4578); code 150 (RFC 5859); and codes 209,219, and 211 (RFC 5071). Beyond configuring, sending, requesting, and receiving these options neither server nor client apply any additional logic based on their values. Thanks to Peter Lewis for requesting this change.
* Added clarifying text to dhcpd.conf.5 explaining the class match expressions cannot rely on the results of executable statements.
* Fixed a bug which causes dhcpd and dhclient to crash on certain systems when given relative path names for lease or pid files on the command line. Affected systems are those on which the C library function, realpath() does not support a second parameter value of NULL (see manpages for realpath(3)).
* Fixed a build issue when building with embedded BIND9 under OpenBSD that was causing BIND9 build to not generate dns/enumclass.h and dns/enumtype.h.
* Added /m4/README to the distribution tarball. Some versions of ac_local() treat the absence of the m4 subdirectory as error rather than warning. This was causing the call to autoreconf, necessary for building with libtool, to fail.
* Added experimental support for relay port (draft-ietf-dhc-relay-port-10.txt) feature for DHCPv4, DHCPv6 and DHCPv4-over-DHCPv6. Relay port has to be enabled at compile time via --enable-relay-port and is fully backward compatible (i.e. works with previous implementations of servers and relays using the standard ports). A new --rp command line option specifies to dhcrelay an alternate source port for upstream (i.e. toward the server) messages. Thanks to Naiming Shen and Enke Chen of Cisco systems for submitting these patches.
* Added --release-on-roam to dhcpd server. When enabled and the server detects that a DHCPv6 client (IAID+DUID) has roamed to a new network, it will release the pre-existing leases on the old network and emit a log statement similar to the following: \"Client: roamed to new network, releasing lease:
\" The server will carry out all of the same steps that would normally occur when a client explicitly releases a lease. This behavior is disabled by default and may only be specified globally. Prior to this the server renders the leases unavailable until they expire or the server is restarted. Clients that need leases in multiple networks must supply a unique IAID in each IA. When release-on-roam is disabled (the default) the server maintains the prior behavior of making such leases unavailable until they expire or the server is restarted. Clients that need leases in multiple networks must supply a unique IAID in each IA. This parameter may only be specified at the global level. Thanks to Fernando Soto from BlueCat Networks for suggesting this change.
* Support for delayed-ack is now compiled in by default. Prior to this it had to be enabled at compile time via --enable-delayed-acks. The default value for delayed-ack, however, has been changed from 28 to 0 (i.e. disabled). This was done to minimize the impact on users not currently using the feature. Please note that the delayed-ack feature is not currently compatible with support for DHPCv4-over-DHCPv6 so when a 4to6 port command line argument enables this in the server the delayed-ack value is reset to 0.
* Added to the server (-6) a new statement, local-address6, which specifies the source address of packets sent by the server. An additional flag, bind-local-address6, disabled by default, binds the service socket to to local-address6. Note that bind-local-address does not work with direct clients: a relay has to forward packets to the server using the local-address6 destination.
* The server now recognizes environment variables PATH_DHCPD_DB and PATH_DHCPD_PID. These had been incorrectly compiled out of the code unless DHCPv6 support was disabled. Additionally, the server man pages were corrected to accurately reflect how the server chooses file names (see lease-file-name and pid-file-name statements). Thanks to Fernando Soto at Bluecat Networks for bringing this matter to our attention.
* Removed an \"Impossible condition\" error upon exit in the dhcpd server that has been shutdown via OMAPI. This condition was only apparent under Solaris when building with --enable-use-sockets and --enable-ipv4-pktinfo.
* Corrected some minor Coverity issues: CID 1426059, 1426058, and 1426057.
* Added missing text to dhclient.8 and expanded release note coverage for --address-prefix-len changes.- remove dhcp-CVE-2019-6470.patch, 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch: merged upstream- 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch 0009-dhcp-4.2.6-close-on-exec.patch 0016-infiniband-support.patch 0018-client-fail-on-script-pre-init-error-bsc-912098.patch 0021-dhcp-ip-family-symlinks.patch: refresh against newer code base- build with --enable-log-pid (log pid) and enable-binary-leases (faster binary looup for large leases files)
* Tue Nov 17 2020 lnusselAATTsuse.de- prepare usrmerge (boo#1029961)
* Wed Oct 21 2020 maxAATTsuse.com- Complete the /var/run -> /run migration by renaming /var/lib/dhcp/var/run accordingly (boo#1177951).
* Thu Sep 17 2020 maxAATTsuse.com- Don\'t create dhclient.leases in %post. It affects transactional updates and the files don\'t need to pre-exist (boo#1129951).
* Thu Sep 03 2020 fbuiAATTsuse.com- Drop dependency on insserv-compat It was required to call the rc_status helpers from the sysvinit scripts. These scripts are supposed to be called by systemd, which has its own mechanism to report service status. Please note that this package still needs to be converted to ship proper systemd units.
* Thu Sep 03 2020 fbuiAATTsuse.com- /var/run is legacy -> /run should be used instead
* Mon Jun 29 2020 dimstarAATTopensuse.org- The server package still requires insserv-compat: the .service files only call out to legacy sysv init scripts that are still sourcing /etc/rc.status (boo#1173440).
* Tue Jun 23 2020 crrodriguezAATTopensuse.org- insserv is not required anymore
* Thu Jun 11 2020 callumjfarmer13AATTgmail.com- Fixes for %_libexecdir changing to /usr/libexec
* Wed Apr 15 2020 kukukAATTsuse.com- Use sysusers.d instead of shadow
* Mon Mar 02 2020 maxAATTsuse.com- Add -fcommon to CFLAGS to fix build with gcc10 (boo#1160262).
* Wed Jan 22 2020 kukukAATTsuse.com- Change remaining systemd requires to weak dependencies, too.- Don\'t require net-tools with SLE15 or newer, it does not contain anything anymore we need- Get ride of coreutils dependency
* Tue Oct 15 2019 maxAATTsuse.com- bsc#1134078, CVE-2019-6470, dhcp-CVE-2019-6470.patch: DHCPv6 server crashes regularly.- Add compile option --enable-secs-byteorder to avoid duplicate lease warnings [bsc#1089524].
* Wed Oct 02 2019 kukukAATTsuse.de- Make systemd a weak dependency as we don\'t want that in a container
* Wed Aug 28 2019 maxAATTsuse.com- bsc#1136572: Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (0021-dhcp-ip-family-symlinks.patch).
* Thu Aug 08 2019 dmuellerAATTsuse.com- dhclient-script: replace host(1) with getent, which is more lightweight (part of glibc and does not pull in bind-utils)
* Fri Aug 02 2019 mliskaAATTsuse.cz- Use FAT LTO objects in order to provide proper static library.
* Thu Jul 11 2019 antoine.belvireAATTopensuse.org- Remove SuSEfirewall2 services since SuSEfirewall2 has been replaced by firewalld (which already provides a service for dhcp).
* Fri May 10 2019 dimstarAATTopensuse.org- Add workaround to require insserv-compat until the package is converted to full systemd units (boo#1133632).
* Fri Feb 22 2019 fbuiAATTsuse.com- Drop use of $FIRST_ARG in .spec The use of $FIRST_ARG was probably required because of the %service_
* rpm macros were playing tricks with the shell positional parameters. This is bad practice and error prones so let\'s assume that no macros should do that anymore and hence it\'s safe to assume that positional parameters remains unchanged after any rpm macro call.
* Mon Jan 21 2019 jbrielmaierAATTsuse.de- Remove wrong path to documentation in the description of the server package
* Tue Jun 05 2018 tchvatalAATTsuse.com- Drop doc subpackage as we do not build on < SLE12 anyway so it evaluated always as true- Do not condition flags settings for codestreams that we are no longer building for- Use %license macro for license as mandated by new TW requirements
* Mon Jun 04 2018 tchvatalAATTsuse.com- Format with spec-cleaner (automatic, remove FIXMEs)- Use getent to detect created user prior doing it again- Drop ldapcasa as it evaluates as false on all current products- Drop ldap conditional as it is always true
* Mon Jun 04 2018 tchvatalAATTsuse.com- Kill omc configs wrt fate#301838
* Thu Mar 08 2018 maxAATTsuse.com- Update to dhcp-4.3.6-P1:
* CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
* CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
* Plugged a socket descriptor leak in OMAPI
* The server now allows the client identifier (option 61) to own leases in more than one subnet concurrently [ISC-Bugs #41358].
* When replying to a DHCPINFORM, the server will now include options specified at the pool scope, provided the ciaddr field of the DHCPINFORM is populated. [ISC-Bugs #43219] [ISC-Bugs #45051].
* When memory allocation fails in a repeated way the process writes \"Run out of memory.\" on the standard error and exists with status 1 [ISC-Bugs #32744].
* The new lmdb (Lightning Memory DataBase) bind9 configure option is now disabled by default to avoid the presence of this library to be detected which can lead to a link failure. [ISC-Bugs #45069]
* The linux interface discovery code has been modified to use getifaddrs() as is done for BSD and OS-X. [ISC-Bugs #28761] and others.
* Fixed a bug in OMAPI that causes omshell to crash when a name-value pair with a zero length value is shipped in an object [ISC-Bugs #29108].
* On 64-bit platforms, dhclient now generates the correct value for the script environment variable, \"expiry\", the lease expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
* Common timer logic was modified to cap the maximum timeout values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
* DHCP6 FQDN option unpacking code now correctly handles values that contain spaces, special, or non-printable characters. [ISC-Bugs #43592]
* When running in -6 mode, dhclient can enforce the require option statement and will discard offered leases that do not contain all the required options specified in the client configuration [ISC-Bugs #41473].
* Altered DHCPv4 lease time calculation to avoid roll over errors on 64-bit OS systems when using -1 or large values for default-lease-time [ISC-Bugs #41976],
* Added --dad-wait-time parameter to dhclient [ISC-Bugs #36169].
* The server nows checks both the address and length of a prefix delegation when attempting to match it to a prefix pool [ISC-Bugs #35378].
* Modified DDNS support initialization such that DNS related ports will only be opened by the server (dhcpd) at startup if ddns-update-style is not \"none\"; by dhclient only if and when the it first attempts an update; and never by dhcrelay. [ISC-Bugs #45290] [ISC-Bugs #33377]
* Added error logging to two memory allocation failure checks. [ISC-Bugs #41185]
* Corrected a dhclient -6 issue that caused the client to crash with an \"Impossible condition\" error after de-preferencing its only IA binding [ISC-Bugs #44373].
* By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h, dhclient will now call the script with reason set to FAIL when run with -1 (one try) and there are no server responses. [ISC-bugs #18183]
* The server now detects failover peers that are not referenced in at least one pool when run with the command line option for test mode, -T [ISC-Bugs #29892].
* Linux script updated [ISC-bugs #19430] [ISC-bugs #18111].
* Changed severity of the log message indicating UDP checksum errors in the received packets from \'info\' to \'debug\'. [ISC-bugs #41757]
* Corrected a bug which could cause the server to sporadically crash while loading lease files with the lease-id-format is set to \"hex\" [ISC-Bugs #43185].- Obsoleted patches:
* 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch
* 0019-dhcp-4.2.4-P1-interval.patch
* 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
* 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch
* Fri Jan 19 2018 ndasAATTsuse.de- Optimized if and when DNS client context and ports are initted (bsc#1073935) [+0022-Optimized-if-and-when-DNS-client-context-and-ports.patch]
* Tue Jan 16 2018 ndasAATTsuse.de- Plugs a socket descriptor leak in OMAPI(bsc#1076119, CVE-2017-3144) [ +0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch]
* Fri Jan 05 2018 obsAATTbotter.cc- add PIDFile= setting to dhcrelay.service, without this systemd stops the service immediately after starting
* Wed Dec 13 2017 mchandrasAATTsuse.de- Drop old sysvinit support from the spec file. All the supported openSUSE distributions are systemd based so there isn\'t much point in keeping sysvinit support and files around.
* Thu Nov 23 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
* Fri Jul 14 2017 dimstarAATTopensuse.org- Replace net-tools Requires in dhcp-client with hostname on suse_version >= 1330 (CODE15): net-tools does no longer provide any tool referenced by dhclient-script, but we require hostname (which is also a dependency to net-tools, thus hiding the issue).
* Thu Jul 13 2017 bwiedemannAATTsuse.com- use .gz year instead of current one to make build reproducible
* Thu Jul 06 2017 ndasAATTsuse.de- fixed a typo in nis-servers option name breaking the config file introduced in previous change to workaround issues in NetworkManager parser.- Update to dhcp-4.3.5 - Corrected a bug which could cause the server to sporadically crash while loading lease files with the lease-id-format is set to \"hex\". Our thanks to Jay Ford, University of Iowa for reporting the issue. [ISC-Bugs #43185] - Eliminated a noisy, but otherwise harmless debug log statment that may appear during server startup when building with --enable-binary-leases and configuring multiple pools in a shared network. Thanks to Fernando Soto from BlueCat Networks for reporting the issue and supplying a patch. [ISC-Bugs #43262] - Fixed util/bindvar.sh error handling. [ISC-Bugs #41973] - Correct error message in relay to use remote id length instead of circuit id length. [ISC-Bugs #42556] - Add logic to test directory Makefiles to avoid copying Attfile(s) when building within the source tree. This eliminates a noisy but otherwise harmless error message when running \"make check\". [ISC-Bugs #41883] - Leases are now scrubbed of certain prior use information when pool re-balancing reassigns them from one FO peer to the other. This corrects an issue where leases that were offered but not used by the client retained the client hostname from the original client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University for reporting the issue. [ISC-Bugs #42008] - In the LDAP code and schema add some missing \'6\' characters to use the v6 instead of the v4 versions. Thanks to Denis Taranushin for reporting this issue and supplying its patch. [ISC-Bugs #42666] - Correct how the pick-first-value expression is written to a lease file. Previously it was written as a concat expression due to a cut and paste error. [ISC-Bugs #42253] - Modify the DDNS code to clean up the PTR record even if there are issues while cleaning up the A or AAAA records. [ISC-Bugs #23954] - Added global configuration parameter, abandon-lease-time, which determines the amount of time a lease remains abandoned. The default is 84600 seconds. Additionaly, the server now conducts a ping check (if ping checks are enabled) prior to offering an abandoned lease to client. Our thanks to David Zych at University of Illinois for reporting the issue and working with us to produce a viable solution. [ISC-Bugs #41815] - Correct handling of interface names during interface discovery. This addresses an issue where interface names of 15 characters in length could lead to crashes or interface recognition errors during startup of dhcpd, dhclient, and dhcrelay. [ISC-Bugs #42226] - Updates to contrib/dhcp-lease-list.pl to make it more friendly. The updates are: looking for the lease file in more places and skipping the \"processing complete\" output when creating machine readable output. Thanks to Cameron Paine (cbp at null dot net) for the patch. [ISC-Bugs #42113] - When reusing a lease for dhcp-cache-threshold return the hostname to the original lease. Also if the host pointer, UID or hardware address change don\'t allow reuse of the lease. Thanks to Michael Vincent for reporting this and helping us verify the problem and fix. [ISC-Bugs #42849] - Change dmalloc to use a size_t as the length argument to bring it in line with the call it will make to malloc(). [ISC-Bugs #40843] - If the failover socket can\'t be bound, close it. Otherwise if the user configures an incorrect address in the failover stanza the server will continue to open new sockets every 90 seconds until it runs out. [ISC-Bugs #42452] - Add DHCPv4-mode, dhcrelay command line options, \"-iu\" and \"-id\", that allow interfaces to be upstream or downstream respectively. Upstream interfaces will accept and forward only BOOTP replies, while downstream interfaces will accept and forward only BOOTP requests. [ISC-Bugs #41547] - Clean up some memory references in the vendor-class construct. [ISC-Bugs #42984] [
*0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch,
* 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch,
* 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
* 0016-infiniband-support.patch,
* 0017-server-no-success-report-before-send.919959.patch]
* Mon Jul 03 2017 zaitorAATTopensuse.org- Set all requested dhcp options on a single line, so they are actually requested (boo#1046969, boo#1047004).
* Mon Mar 13 2017 ndasAATTsuse.de- Relax permission of dhclient-script for libguestfs(bsc#987170)
* Fri Feb 10 2017 kukukAATTsuse.de- Require insserv only if needed- Fix requires of client subpackage
* Thu Aug 04 2016 ralf.habackerAATTfreenet.de- Add config file for registering dhcp server in slp (bsc#992072)
* Thu May 19 2016 mchandrasAATTsuse.de- Use /usr/sbin/arping instead of /sbin/arping in the dhcp scripts. /sbin/arping is a symlink to /usr/sbin/arping in order to ease the transition for the /usr merge. Newest releases of iputils may only install utilities in /usr/
* so this dependency will no longer be valid. Moreover, we replace the \'/sbin/arping\' dependency with \'iputils\'.
* Tue Jan 26 2016 ndasAATTsuse.de- Update to dhcp-4.3.3-P1 correcting bounds checking when receiving a packet (bsc#961305,CVE-2015-8605,ISC-Bugs#41267).- adjusted interval check. [
*0019-dhcp-4.2.4-P1-interval.patch]- Fixed improper lease duration checking. Also added fixes for integer overflows in the date and time handling code(bsc#936923, bsc#880984). [+0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch]- fixed service files to start dhcpd after slapd (bsc#956159)- dhclient-script: complain in the log about conflicts, added a see log messages to the dhclient log message (bsc#960506) [
* 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
* Tue Oct 13 2015 mtAATTsuse.de- Applied a patch by Jiri Popelka catching dhcp server aborts with \"Unable to set up timer: out of range\" on very long or infinite timer intervals / lease lifetimes (bsc#947780) [+ 0019-dhcp-4.2.4-P1-interval.patch]- Corrected patch references in and a missed (bsc#919959) patch description in previous changelog entry.
* Mon Sep 14 2015 mtAATTsuse.de- Update to dhcp-4.3.3 (fate#319067) provinding many bug fixes, features and obsoletes several patches we were using before. For complete changelog, please read the RELNOTES file shipped along with this package or online at: https://kb.isc.org/article/AA-01297/82/DHCP-4.3.3-Release-Notes.html- Replaced hostname patch with a dhcpv6 and fqdn aware variant: [- 0006-dhcp-4.2.5-dhclient-send-hostname-rml.patch, + 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch]- Removed obsolete patches included upstream now: [- 0007-dhcp-4.2.6-ldap-mt01.patch, - 0009-dhcp-4.2.6-xen-checksum.patch, - 0013-dhcp-4.2.3-P1-dhclient-log-pid.patch, - 0015-Ignore-SIGPIPE-to-not-die-in-socket-code.patch, - 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch, - 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch, - 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch, - 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch, - 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch, - 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch, - 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]- Adjusted patch numbers in the spec file: [- 0008-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch, - 0010-dhcp-4.2.2-dhclient-option-checks.patch, - 0011-dhcp-4.2.6-close-on-exec.patch, - 0012-dhcp-4.2.2-quiet-dhclient.patch, - 0014-Fixed-linux-interface-discovery-using-getifaddrs.patch, - 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch, - 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, + 0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch, + 0008-dhcp-4.2.2-dhclient-option-checks.patch, + 0009-dhcp-4.2.6-close-on-exec.patch, + 0010-dhcp-4.2.2-quiet-dhclient.patch, + 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch, + 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch, + 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch]- Fixed to not pass DHCPv6 address lifetimes a positive (unsigned 32bit) integers to scripts and properly format timestamps as long to not break them on 64bit architectures (bsc#926159). [+ 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch]- dhclient: expose next-server DHCPv4 option to script (bsc#928390) [+ 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch]- Replaced infiniband support patch with fixed variant (bsc#910984): [- 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch, - 0018-dhcp-4.2.6-improved-xid.patch, - 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch, + 0016-infiniband-support.patch]- Moved dhcp-devel package include files and static libraries to /usr/include/dhcp and /usr/lib/dhcp subdirectories. DHCP requires a specific bind library version and conflicts with the files shipped by bind-devel package, which is not source and binary compatible (bsc#910686).- Corrected changes to provide complete patch file references.- Fixed server to not report success before send (bsc#919959) [+ 0017-server-no-success-report-before-send.919959.patch]- Fixed dhclient to check pre-init results reported by dhclient-script and fail if pre-init fails for a requested interface (bsc#912098). [+ 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
* Tue Feb 03 2015 cooloAATTsuse.com- do not check scripts not in the src.rpm
* Wed Dec 10 2014 mtAATTsuse.de- Applied fix by Jiri Slaby to not crash in interface discovery when the interface address is NULL, which has been introduced by the infiniband support patch (bsc#909189,bsc#870535). [+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch]
* Tue Dec 09 2014 ledestAATTgmail.com- fix bashisms in dhcprelay script
* Thu Nov 20 2014 mtAATTsuse.de- Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to reorder config to add all global options or option declarations to the dhcpService object instead to create new service object (bsc#886094,ISC-Bugs#37876). [+ 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch]- Applied an upstream patch by Thomas Markwalder adding missed mapping of SHA TSIG algorithm names to their constants to enable hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512 authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947). [+ 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch]- Decline IPv6 addresses on Duplicate Address Detection failure and stop client message exchanges on reached MRD rather than at some point after it. Applied fedora patches by Jiri Popelka and added DAD reporting via exit 3 to the dhclient-script and a fix to use correct address variables in the DEPREF6 action (bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238). [+ 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, + 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch]- Applied backport patch by William Preston avoiding to bind ddns socket in the server when ddns-update-style is none (bsc#891655). [+ 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409]) [+ 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch]- Updated licence statement and FSF address in our scripts.- Added missed service_add_pre macro calls for dhcrelay services
* Fri Nov 14 2014 dimstarAATTopensuse.org- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.
* Tue Sep 02 2014 roAATTsuse.de- sanitize release line in specfile
* Mon Aug 18 2014 mtAATTsuse.de- Disabled /sbin/service legacy-action hooks on openSUSE <= 13.1, which does not support it and causes build failure (bnc#891961).
* Fri Jul 18 2014 mtAATTsuse.de- Fixed to require iproute2 in dhcp-client package (bnc#885399)- Disarmed dhclient-script when wicked is the network service, as wicked is using an another dhcp client (runtime conflict), NetworkManager an own script and sysconfig-network is gone on sles12 and opensuse > 13.1, so it is obsolete and unsupported.
* Tue Jun 10 2014 mtAATTsuse.de- Fixed /etc/sysconfig/dhcpd fillup in dhcp server post-install.- Fixed dhcp server start script to use correct libdir (bnc#868250)- Fixed dhcp server to chown leases to run user at start (bnc#868253) [+ 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch]- Fixed to write missed dhcp-ldap debug level messages (bnc#835818) [+ 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch]- Fixed unsupported dhclient-script used by sysconfig ifup to provide a function to calculate netmask. NetworkManager provides an own one.
* Wed May 21 2014 jsegitzAATTnovell.com- added necessary macros for systemd files
* Thu Apr 24 2014 dmuellerAATTsuse.com- remove gpg-offline dependency (blocks rebuilds) as checking is already done by source validator
* Fri Mar 28 2014 mtAATTsuse.de- Applied fixes for DHCP over IPoIB by Mellanox (bnc#870535) [+ 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch, + 0018-dhcp-4.2.6-improved-xid.patch]
* Mon Mar 17 2014 mtAATTsuse.com- Added support for custom for rcdhcpd[6] check-syntax,check-lease and syntax-check actions (bnc#868713).
* Mon Feb 10 2014 mtAATTsuse.com- Initially switched to use systemd service files under systemd and enabled Restart=on-abort (fate#315133).- Update to ISC dhcp-4.2.6 release. See RELNOTES file for the complete list of changes -- digest of fixes not in dhcp-4.2.5: - Tidy up receive packet processing. Thanks to Brad Plank of GTA for reporting the issue and suggesting a possible patch. [ISC-Bugs #34447] - Fix the socket handling for DHCPv6 clients to allow multiple instances of a client on a single machine to work properly. Previously only one client would receive the packets. Thanks to Jiri Popelka at Red Hat for the bug report and a potential patch. [ISC-Bugs #34784] - Added support for gentle shutdown after signal is received. [ISC-Bugs #32692] [ISC-Bugs 34945] - Enhance the DHCPv6 server logging to include the addresses that are assigned to the clients. This can be enabled by defining LOG_V6_ADDRESSES in site.h. [ISC-Bugs #26377] - Fix an operation in the DDNS code to be a bitwise instead of logical or. [ISC-Bugs #35138]- Merged patches for dhcp-4.2.6 version to apply without fuzzy, prepended patch number prefixes to match spec file patch nr, added patch markup tags / bug numbers to the spec file.- Applied contrib-lease-path pach to contrib.tar.gz [- contrib-lease-path.diff]- Changed to require automake and use its config.sub and guess files instead of maintaining a patch. [- config-guess-sub-update.patch]- Enabled to log DHCPv6 addresses assigned by server to clients [+ 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch]- Cleaned up documentation, rpmlint adjustments.
* Fri Jan 10 2014 mtAATTsuse.com- Test if /etc/sysconfig/network/scripts/functions exists before sourcing it (fate#316768,bnc#856591).
* Mon Nov 18 2013 mtAATTsuse.com- Fixed path to systemctl in dhclient-script (bnc#847778).
* Fri Sep 27 2013 mtAATTsuse.com- Added /etc/bindresvport.blacklist to dhcp server chroot file lists as it seems to block its start in some cases (bnc#842360).
* Tue Sep 10 2013 mtAATTsuse.com- Fixed to reload syslog on hostname changes using systemctl as there is no /etc/init.d/syslog script since syslog-service-2.0 (bnc#830467).
* Fri Apr 26 2013 mmeisterAATTsuse.com- Added autoreconf -i option to fix build for the new automake
* Tue Apr 02 2013 mtAATTsuse.com- Install missed bind include files and libraries in dhcp-devel; conflicts to bind-devel providing different versions (bnc#805162).
* Thu Mar 28 2013 mtAATTsuse.com- Use manual patch command for config-guess-sub-update.patch again as patch macro does not work on older distributions.
* Wed Mar 27 2013 mtAATTsuse.com- Update to ISC dhcp-4.2.5-P1 release, which contains updated bind-9.8.4-P2 sources with removed regex.h check in configure (bnc#811934, CVE-2013-2266).- Changed spec make the bind export library build output visible.
* Tue Mar 12 2013 mtAATTsuse.com- Added dhcp6-server service template for SuSEfirewall2 (bnc#783002)
* Sun Mar 03 2013 schwabAATTsuse.de- config-guess-sub-update.patch: Update config.guess/sub for aarch64
* Fri Jan 11 2013 mtAATTsuse.com- Update to ISC dhcp-4.2.5 release. See RELNOTES file for the complete list of changes -- digest of fixes not in dhcp-4.2.4-P2: - Correct code to calculate rebind timing values in client [ISC-Bugs #29062] - Fix some issues in the code for parsing and printing options. [ISC-Bugs #22625,#27289,#27296,#27314] - Update the memory leakage debug code to work with v6. [ISC-Bugs #30297] - Relax the requirements for deleting an A or AAAA record. This relaxation was codified in RFC 4703. [ISC-Bugs #30734] - Modify the failover code to handle incorrect peer names better. [ISC-Bugs #30320] - Fix a set of issues that were discovered via a code inspection tool. [ISC-Bugs #23833] - Parsing unquoted base64 strings improved. [ISC-Bugs #23048] - The client now passes information about the options it requested from the server to the script code via environment variables. These variables are of the form requested_=1 with the option name being the same as used in the new_
* and old_
* variables. [ISC-Bugs #29068] - Check the status value when trying to read from a connection to see if it may have been closed. If it appears closed don\'t try to read from it again. This avoids a potential busy-wait like loop when the peer names are mismatched. [ISC-Bugs #31231] - Remove an unused variable to keep compilers happy. [ISC-Bugs #31983]- Removed obsolete parsing and printing option patch [dhcp-4.2.4-parsing-and-printing-options.patch]- Merged dhcp-4.2.2-dhclient-send-hostname-rml.diff [dhcp-4.2.5-dhclient-send-hostname-rml.patch]- Fixed discovery of interfaces, which have only addresses with a label assigned (linux 2.0 \"alias interfaces\" compatibility) by switching to use the getifaddrs() as on BSD (bnc#791289, reported upstream as [ISC-Bugs #31992]). [dhcp-4.2.4-interface-discovery-using-getifaddrs.patch]- Applied a patch to ignore SIGPIPE instead to die in socket code before the errno==EPIPE checks are reached (bnc#794578, upstream report [ISC-Bugs #32222]) [dhcp-4.2.4-P2-do-not-die-on-sigpipe.patch]- Updated ldap patch to 4.2.5-ldap-mt01 providing following fixes: - Fixed parse buffer handling code to not avoid truncation of config > ~8k from bigger ldap objects. Fixed to free the ldap config buffer passed to the config parser and append new config, while the parser is in saved state (bnc#788787). - Fixed subclass name-ref and data quoting/escaping (bnc#788787). - Fixed memory leaks on ldap_read_config errors (bnc#788787). - Fixed a memleak while subnet range processing, fixed to reset bufix variable in ldap_read_function to 0 and to set buflen to the complete length (do not discard last character, usually \
). This caused a parsing error at further run of the function, e.g. while processing the second dhcpService container that the dhcpServer object may refer to (bnc#784640). [dhcp-4.2.5-ldap-mt01.patch.bz2]- Fixed dhclient-script to discard MTU lower-equal 576 rather than lower-than (bnc#791280).- Verify GPG source archive signatures.
* Thu Sep 20 2012 mtAATTsuse.com- Update to ISC dhcp-4.2.4-P2 release, providing a security fix for an issue with the use of lease times was found and fixed. Making certain changes to the end time of an IPv6 lease could cause the server to abort. Thanks to Glen Eustace of Massey University, New Zealand for finding this issue. ([ISC-Bugs #30281], CVE: CVE-2012-3955, bnc#780167)
* Wed Jul 25 2012 mtAATTsuse.com- Update to ISC dhcp-4.2.4-P1 release, providing following security fixes (bnc#772924): - Previously the server code was relaxed to allow packets with zero length client ids to be processed. Under some situations use of zero length client ids can cause the server to go into an infinite loop. As such ids are not valid according to RFC 2132 section 9.14 the server no longer accepts them. Client ids with a length of 1 are also invalid but the server still accepts them in order to minimize disruption. The restriction will likely be tightened in the future to disallow ids with a length of 1. Thanks to Markus Hietava of Codenomicon CROSS project for the finding this issue and CERT-FI for vulnerability coordination. [ISC-Bugs #29851] CVE: CVE-2012-3571 - When attempting to convert a DUID from a client id option into a hardware address handle unexpected client ids properly. Thanks to Markus Hietava of Codenomicon CROSS project for the finding this issue and CERT-FI for vulnerability coordination. [ISC-Bugs #29852] CVE: CVE-2012-3570 - A pair of memory leaks were found and fixed. Thanks to Glen Eustace of Massey University, New Zealand for finding this issue. [ISC-Bugs #30024] CVE: CVE-2012-3954- Moved lease file check to a separate action so it is not used in restart -- it can fail when the daemon rewrites the lease causing a restart failure then (bnc#762108 regression).- Request dhcp6.sntp-servers in /etc/dhclient6.conf and forward to netconfig for processing (bnc#770236).- Removed RFC 4833 TZ options from client requests [unused].
* Tue Jun 19 2012 mtAATTsuse.com- Update to ISC dhcp-4.2.4 release, fixing a dhcpv6 server assert crash while accessing lease on heap (bnc#767661) and providing the following fixes: - Rotate the lease file when running in v6 mode. Thanks to Christoph Moench-Tegeder at Astaro for the report and the first version of the patch. [ISC-Bugs #24887] - Fixed the code that checks if an address the server is planning to hand out is in a reserved range. This would appear as the server being out of addresses in pools with particular ranges. [ISC-Bugs #26498] - In the DDNS code handle error conditions more gracefully and add more logging code. The major change is to handle unexpected cancel events from the DNS client code. [ISC-Bugs #26287] - Tidy up the receive calls and eliminate the need for found_pkt. [ISC-Bugs #25066] - Add support for Infiniband over sockets to the server and relay code. We\'ve tested this on Solaris and hope to expand support for Infiniband in the future. This patch also corrects some issues we found in the socket code. [ISC-Bugs #24245] - Add a compile time check for the presence of the noreturn attribute and use it for log_fatal if it\'s available. This will help code checking programs to eliminate false positives. [ISC-Bugs #27539] - Fixed many compilation problems (\"set, but not used\" warnings) for gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588] - Modify the code that determines if an outstanding DDNS request should be cancelled. This patch results in cancelling the outstanding request less often. It fixes the problem caused by a client doing a release where the TXT and PTR records weren\'t removed from the DNS. [ISC-BUGS #27858] - Use offsetof() instead of sizeof() to get the sizes for dhcpv6_relay_packet and dhcpv6_packet in several more places. Thanks to a report from Bruno Verstuyft and Vincent Demaertelaere of Excentis. [ISC-Bugs #27941] - Remove outdated note in the description of the bootp keyword about the option not satisfying the requirement of failover peers for denying dynamic bootp clients. [ISC-bugs #28574] - Multiple items to clean up IPv6 address processing. When processing an IA that we\'ve seen check to see if the addresses are usable (not in use by somebody else) before handing it out. When reading in leases from the file discard expired addresses. When picking an address for a client include the IA ID in addition to the client ID to generally pick different addresses for different IAs. [ISC-Bugs #23138] [ISC-Bugs #27945] [ISC-Bugs #25586] [ISC-Bugs #27684] - Remove unnecessary checks in the lease query code and clean up several compiler issues (some dereferences of NULL and treating an int as a boolean). [ISC-Bugs #26203] - Fix the NA and PD allocation code to handle the case where a client provides a preference and the server doesn\'t have any addresses or prefixes available. Previoulsy the server ignored the request with this patch it replies with a NoAddrsAvail or NoPrefixAvail response. By default the code performs according to the errata of August 2010 for RFC 3315 section 17.2.2; to enable the previous style see the section on RFC3315_PRE_ERRATA_2010_08 in includes/site.h. This option may be removed in the future. Thanks to Jiri Popelka at Red Hat for the patch. [ISC-Bugs #22676] - Fix up some issues found by static analysis. A potential memory leak and NULL dereference in omapi. The use of a boolean test instead of a bitwise test in dst. [ISC-Bugs #28941]- Replaced our patches with a complete and upstream verified patch: - Fix some issues in the code for parsing and printing options. [ISC-Bugs #27314] - properly parse a zero length option from a lease file. [ISC-Bugs #22796] - properly determine if we parsed a 16 or 32 bit value in evaluate_numeric_expression (extract-int). [ISC-Bugs #22625] - properly print options that have several fields followed by an array of something for example \"fIa\" [ISC-Bugs #27289] - properly parse options in declarations that have several fields followed by an array of something for example \"fIa\" This patch obsoletes the following (bnc#739696) patches: - dhclient: parse_option_param: Bad format a - zero-length option lease parse error in dhclient6- Merged ldap and options check patches for the new version- Fixed dhcp-server init script to check syntax and fail while force-reload and restart to avoid stopping of running daemon followed by start failure (bnc#762108). Added libgcc_s.so to chroot, so the server can report assert/crash line.
* Wed Mar 28 2012 mtAATTsuse.com- Added RFC 4833 TimeZone PosixString and Name declarations to server and client configs [not used yet].
* Mon Mar 19 2012 mtAATTsuse.com- dhcp-server: fixed to escape all values used in constructed ldap filters as a DN may contain e.g. asterisks (bnc#721829, [ISC-Bugs #28545]).
* Fri Jan 13 2012 mtAATTsuse.com- Updated to ISC dhcp-4.2.3-P2 release, providing a DDNS security fix: Modify the DDNS handling code. In a previous patch we added logging code to the DDNS handling. This code included a bug that caused it to attempt to dereference a NULL pointer and eventually segfault. While reviewing the code as we addressed this problem, we determined that some of the updates to the lease structures would not work as planned since the structures being updated were in the process of being freed: these updates were removed. In addition we removed an incorrect call to the DDNS removal function that could cause a failure during the removal of DDNS information from the DNS server. Thanks to Jasper Jongmans for reporting this issue. ([ISC-Bugs #27078], CVE: CVE-2011-4868, bnc#741239)- Fixed close-on-exec patch to not set it on stderr (bnc#732910)- Fixed incorrect \"a\" array type option parsing causing to discard e.g. classless static routes from lease file [reported as ISC-Bug 27289] and zero-length option parsing such as dhcp6.rapid-commit in dhclient6 [reported as ISC-Bug 27314] (bnc#739696).- Fixed dhclient to include its pid number in syslog messages.- Fixed to use P2 in the spec version, not in the release tag.
* Fri Dec 09 2011 mtAATTsuse.com- Updated to ISC dhcp-4.2.3-P1 release, providing security fix for a DoS due to processing certain regular expressions (bnc#735610) and several important DDNS related fixes:
* Add a check for a null pointer before calling the regexec function. Without out this check we could, under some circumstances, pass a null pointer to the regexec function causing it to segfault. Thanks to a report from BlueCat Networks. [ISC-Bugs #26704] CVE-2011-4539.
* Fix the code that checks for an existing DDNS transaction to cancel when removing DDNS information, so that we will continue with the processing if we have a lease even if it doesn\'t have an outstanding transaction. [ISC-Bugs #24682]
* Add AM_MAINTAINER_MODE to configure.ac to avoid rebuilding configuration files. [ISC-Bugs #24107]
* Add support for passing DDNS information to a DNS server over an IPv6 address. [ISC-Bugs #22647]
* Enhanced patch for 23595 to handle IPv4 fixed addresses more cleanly. [ISC-Bugs #23595]- Refreshed ldap patch
* Fri Sep 30 2011 cooloAATTsuse.com- add libtool as buildrequire to make the spec file more reliable
* Tue Sep 06 2011 mtAATTsuse.com- Commented out all configuration examples in /etc/dhcpd.conf and dhcp6.conf (bnc#715473).- Enabled dhcp6.rapid-commit in /etc/dhclient6.conf config file.- Removed useless provides/obsoletes from spec file.
* Wed Aug 31 2011 mtAATTsuse.com- Set the DHCPD_CONF_INCLUDE_FILES and the DHCPD6_CONF_INCLUDE_FILES variables to /etc/dhcpd.d and /etc/dhcpd6.d by default, so there are well-defined directories expected to contain additional config files (bnc#690585).
* Mon Aug 29 2011 mtAATTsuse.de- Updated to ISC dhcp-4.2.2 release, providing two security fixes (CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that allowed remote attackers to cause a denial of service (a daemon exit) via crafted BOOTP packets. Further also DNS update fix to detect overlapping pools or misconfigured fixed-address entries, that caused a server crash during DNS update and other fixes. For a complete list, please see the RELNOTES file provided in the package and also available online at http://www.isc.org/.- Merged/adopted dhclient option-checks, send-hostname-rml, ldap patch, xen-checksum, close-on-exec patches and removed obsolete in6_pktinfo-prototype and relay-no-ip-on-interface patches.- Moved server pid files into chroot directory even chroot is not used and create a link in /var/run, so it can write one when started as user without chroot and avoid stop problems when the chroot sysconfig setting changed (bnc#712438).- Disabled log-info level messages in dhclient(6) quiet mode to avoid excessive logging of non-critical messages (bnc#711420).- Fixed dhclient-script to not remove alias IP when it didn\'t changed to not wipe out iptables connmark when renewing the lease (bnc#700771). Thanks to James Carter for the patch.- Fixed DDNS-howto.txt reference in the config file; it has been moved to the dhcp-doc package (bnc#697279).- Removed GPL licensed files (bind-
*/contrib/dbus) from bind.tgz to ensure, they\'re not used to build non-GPL dhcp (bnc#714004).- Changed to apply strict-aliasing/RELRO for >= 12.x only
* Wed Jul 20 2011 crrodriguezAATTopensuse.org- Correct previous change.
* Wed Jul 20 2011 crrodriguezAATTopensuse.org- THis is a long running network daemon, link with full RELRO security enhancements.- remove -fno-strict-aliasing from CFLAGS, no longer needed.
* Tue May 17 2011 crrodriguezAATTopensuse.org- Import redhat\'s patch to open all needed FDs with O_CLOEXEC so they dont leak.
* Thu May 12 2011 mtAATTsuse.de- Removed obsolete sles8 compatibility dependencies, fixed to avoid non-functional sles_version conditionals.
* Tue May 10 2011 mtAATTsuse.de- Fixed to not introduce separate dhcp-doc package on sles, use versioned provides/obsoletes, improved conditionals.
* Tue May 03 2011 mtAATTsuse.de- Fixed dhclient-script typo causing ISC DHCPv6 client to execute ifup pre-down scripts also while renew, when the ipv6 address did not changed (bnc#690859).
* Fri Apr 29 2011 mtAATTsuse.de- Implemented optional ldap connect retry loop during the initial startup of the dhcp server in cases where the ldap server is not yet started. Set the ldap-init-retry option in dhcpd.conf to enable it (bnc#627617). Merged in the actual ldap patch.- Cleaned up init script error reporting, no -TERM for killproc.
* Wed Apr 27 2011 mtAATTsuse.de- Updated to ISC dhcp-4.2.1-P1 release, that provides most of the dhclient pretty escape and string option checks. Merged to use relaxed domain-name option check causing a regression, when the server is misusing it to provide a domain list (compatibility to attic clients) and does not provide it via domain-search option; pretty escape semicolon as well (bnc#675052, CVE-2011-0997).
* Thu Mar 31 2011 mtAATTsuse.de- Discard string options such as host and domain names containing disallowed characters or beeing too long. This proctive patch limits root-path to a-zA-Z0-9, #%+-_:.,AATT~/\\[]= and a space (bnc#675052, CVE-2011-0997).
* Thu Mar 31 2011 mtAATTsuse.de- Updated to ISC DHCP 4.2.1 release (bnc#680298), that provides following fixes (digest):
* Several fixes to OMAPI, cleanup of dereferenced pointers in the omapi handle, handling of pipe failures and status code in omapi signal handler that may cause connect failure and 100% CPU use.
* Handle some DDNS corner cases better
* Several fixes to lease input and output
* Corrected side effect of printing all data strings as hex.
* Host record references leaks causing applying config to all innocent clients.
* Memory leak when parsing a domain name
* Fixes to configuration parsing including infinite loop.
* Fixed for unexpected abort caused by a DHCPv6 decline. For the complete list see the RELNOTES file, that is available also online at http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-RELNOTES.- Removed obsolete optional-value-infinite-loop, no-libcrypto and CVE-2011-0413.bnc667655 patches.- Merged the dhclient-send-hostname and ldap patches.
* Mon Feb 21 2011 mtAATTsuse.de- dhclient-script: fixed typo causing that only global settings to set hostname and default route were applied for primary and never per interface settings (bnc#673792).
* Fri Feb 18 2011 mtAATTsuse.de- Added dhcp-4.2.0-xen-checksum.patch by David Cantrell to handle xen partial UDP checksums (bnc#668194).
* Wed Feb 02 2011 mtAATTsuse.de- Applied security fix for unexpected abort caused by a DHCPv6 decline message (CVE-2011-0413, VU#686084, bnc#667655).- Fixed dhclient.conf to request the domain-search option.
* Mon Dec 13 2010 mtAATTsuse.de- Updated to ISC DHCP 4.2.0-P2, a security release fixing the handling of connection requests on the failover port. Previously a connection request from a source that wasn\'t listed as a failover peer would cause the server to become non-responsive. ([ISC-Bugs #22679] CERT: VU#159528 CVE: CVE-2010-3616, bnc#659059).
* Tue Dec 07 2010 mtAATTsuse.de- Enable ldap CASA support on SLE only.
* Tue Nov 30 2010 mtAATTsuse.de- Fixed to use same/correct dhcrelay6 interface variables in the sysconfig file and in the dhcrelay6 init script.
* Mon Nov 29 2010 mtAATTsuse.de- Updated to ISC DHCP 4.2.0-P1 release, providing a security fix to handle a relay forward message with an unspecified address in the link address field. Previously such a message would cause the server to crash. Thanks to a report from John Gibbons. [ISC-Bugs #21992] CERT: VU#102047 CVE: CVE-2010-3611 (bnc#650902) The 4.2.0 version is a feature release, implementing asynchronous DDNS processing and includes \"The LDAP Patch\". For a complete list of changes from any previous release, please consult the RELNOTES file within the source distribution or on the ISC website: http://www.isc.org/software/dhcp/420- Fixed compilation to avoid segfaults as soon as ldap is enabled, merged our ldap patches from 4.1.x branch.
* Tue Nov 02 2010 mtAATTsuse.de- Fixed a dhcrelay segfault while receiving packets on interfaces without any IPv4 address assigned (bnc#631305, reported upsteam as [ISC-Bugs #22409]).- Fixed a common infinite loop while parsing options with optional parts in the value such as in slp-service-scope option (bnc#643845, reported upsteam as [ISC-Bugs #22410]).- Fixed init scripts to report correct LSB codes in status action, when the config file or the binary do not exists (bnc#640336).- Fixed syntax of a check in the rcdhcrelay[6] (bnc#648580)- Avoid pid check error message in the rcdhcpd[6] (bnc#646875)
* Wed Sep 29 2010 mtAATTsuse.de- Fixed server lease file path in contrib/listlease and leasestate changed to extract contrib and examples using setup macro.
* Wed Aug 04 2010 mtAATTsuse.de- Renamed rfc3442-classless-static-routes_raw in /etc/dhclient.conf to rfc3442-classless-static-routes for compatibility with the NetworkManager making use of /etc/dhclient.conf now and adopted /sbin/dhclient-script (bnc#625770).
* Tue Jul 27 2010 mtAATTsuse.de- Fixed ldap option number conflicting with new options (bnc#625358)
* Fri Jul 02 2010 mtAATTsuse.de- Added a fix for an lpf bind error messages making it easier to localize problems (bnc#617795)
* Mon Jun 14 2010 mtAATTsuse.de- Updated to ISC DHCP 4.1.1-P1 patch release, which contains a pair of bug fixes including one for a security related bug (bnc#612546, CVE-2010-2156):
* A bug was fixed that could cause the DHCPv6 server to advertise/assign a previously allocated (active) lease to a client that has changed subnets, despite being on different shared networks. Dynamic prefixes specifically allocated in shared networks also now are not offered if the client has moved. [ISC-Bugs #21152]
* Accept a client id of length 0 while hashing. Previously the server would exit if it attempted to hash a zero length client id, providing attackers with a simple denial of service attack. [ISC-Bugs #21253]
* Tue May 18 2010 mtAATTsuse.de- Added rc.dhcrelay6 as source in the spec file
* Tue May 11 2010 mtAATTsuse.de- Fixed dhcprelay scripts to source sysconfig file correctly- Fixed spec file typo in arping path require, enabled ldap- Fixed a dhclient option name and new/old ip address check
* Fri May 07 2010 mtAATTsuse.de- Updated to ISC DHCP 4.1.1, the current 4.x series production release, providing DHCPv6 client/server/relay implementation. The programs act in DHCPv6 mode, when the -6 start option is set. We install separate init scripts with a 6 at the end to handle them, that is /etc/init.d/dhcpd6 and dhrelay6. Further, there is also a link to the binaries with a 6 at the end, e.g. dhclient6, making it visible, that the installed version supports DHCPv6.- Moved additional documentation to a separate dhcp-doc package.- Changed to provide config files and scripts as source files instead of patches to the ISC scripts.- Adopted spec file and config/scripts, merged in all patches.- Implemented RFC 3442 classless static routes support in the dhclient-script (bnc#555870).
* Thu Apr 29 2010 mtAATTsuse.de- Updated to ISC DHCP 3.1-ESV, an extended support version release which includes a small number of bug fixes (bnc#592178) over the 3.1.3 version:
* Modified the handling of a connection to avoid releasing the omapi io object for the connection while it is still in use. One symptom from this error was a segfault when a failover secondary attempted to connect to the failover primary if their clocks were not synchronized.
* Fix test in dhcp_interface_signal_handler to check that the inner handler has a signal_handler before calling it.
* When using \'ignore client-updates;\', the FQDN returned to the client is no longer truncated to one octet.
* Clean up some compiler warnings - ticket 19054.- Fixed vlan interface check in dhcpd-restart-hook if-up.d script (bnc#599702)- Touch dhclient.leases in post-install script instead to provide an empty file, versioned provides/obsoletes (rpmlint warnings).
* Fri Mar 12 2010 mtAATTsuse.de- Fixed dhclient-script to call ifup -o dhcp and signal \"complete\" to ifup when all configuration is done (bnc#585380,bnc#518219).
* Thu Jan 07 2010 jengelhAATTmedozas.de- Enable parallel building- Use large PIE model on all SPARC flavors
* Mon Dec 14 2009 mtAATTsuse.de- Fixed dhclient-script to use correct sysconfig run dir path to not to break the defaultroute/hostname setup (bnc#555095).- Don\'t request any specific lease-time by default (bnc#516459).
* Fri Oct 16 2009 mtAATTsuse.de- Fixed dhclient-script to forward new_domain_search as DNSSEARCH to netconfig.
* Tue Oct 13 2009 mtAATTsuse.de- Updated to dhcp-3.1.3 maintenance release fixing several issues (a digest, see RELNOTES for the complete list):
* Remove infinite loop in token_print_indent_concat().
* A parser bug was fixed that segfaulted if site-option-space was tried to be used interchangeably with vendor-option-space.
* Two uninitialized stack structures are now memset to zero, thanks to patch from David Cantrell at Red Hat.
* Memory leak in the load_balance_mine() function is fixed. This would leak ~20-30 octets per DHCPDISCOVER packet while failover was in use and in normal state.
* Fixed setting hostname in Linux hosts that require hostname argument to be double-quoted. Also allow server-provided hostname to override hostnames \'localhost\' and \'(none)\'.
* Added client support for setting interface MTU and metric, thanks to Roy \"UberLord\" Marples .
* Fixed failover reconnection retry code to continue to retry to reconnect rather than restarting the listener.
* Fixed a bug where an OMAPI socket disconnection message would not result in scheduling a failover reconnection, if the link had not negotiated a failover connect yet (e.g.: connection refused, asynch socket connect() timeouts).
* Versions 3.0.x syntax with multiple name->code option definitions is now supported. Note that, similarly to 3.0.x, for by-code lookups only the last option definition is used.
* Fixed a fenceposting bug when a client had two host records configured, one using \'uid\' and the other using \'hardware ethernet\'. CVE-2009-1892- Updated to dhcp-3.1.3-ldap-patch-mt-01 including previous fixes.- Merged dhclient script, removed obsolete CVE-2009-1892 fix.
* Tue Sep 29 2009 mtAATTsuse.de- Replaced mt-02 ldap patch from old git repository with equivalent one (dhcp-3.1.2p1-ldap-patch-mt-02) from a new repository with fixed patch history (http://www.suse.de/~mt/git/dhcp-ldap.git/).
* Wed Aug 12 2009 mtAATTsuse.de- Added dhcpd-restart-hook if-up.d script that restarts dhcp server while network restart when a virtual interfaces as bridge, bond or vlan goes up again (bnc#517810).
* Wed Jul 29 2009 mtAATTsuse.de- Applied fix for a dhcp client id DoS (CVE-2009-1892, bnc#519413).
* Wed Jul 29 2009 mtAATTsuse.de- Updated to dhcp-3.1.2p1 maintenance release fixing following issues:
* A stack overflow vulnerability was fixed in dhclient that could allow remote attackers to execute arbitrary commands as root on the system, or simply terminate the client, by providing an over-long subnet-mask option.
* A double-dereference in dhclient transmission of DHCPDECLINEs was repaired.
* Fix handling of -A and -a flags in dhcrelay; it was failing to expand packet size as needed to add relay agent options.
* Corrected list of failover state values in dhcpd man page.
* Fixed a bug that caused some request types to be logged incorrectly.
* Fixed a coredump when adding a class via OMAPI.
* Clients that sent a parameter request list containing the routers option before the subnet mask option were receiving only the latter. Fixed.
* The server wasn\'t always sending the FQDN option when it should.
* A partner-down failover server no longer emits \'peer holds all free leases\' if it is able to newly-allocate one of the peer\'s leases.
* A cosmetic bug in DHCPDECLINE processing was fixed which caused all successful DHCPDECLINEs to be logged as \"not found\" rather than \"abandoned\".
* Some failover debugging #defines have been better defined and some high frequency messages moved to a deeper debugging symbol.
* The CLTT parameter in failover is now only updated by client activity, and not by failover binding updates.
* Failover BNDUPD messages are now discarded if they conflict with an update that has been trasnmitted, but not acknowledged.
* A bug cleaning up unknown-xxx temporary option definitions was fixed.- Removed obsolete dhclient-no-dereference-twice patch- Improved dhclient-script to apply global dhcp settings, when there is no interface config (bnc#480922).- Enabled casa support in dhcp-ldap for >= sles 10 and => 11.1.- Updated dhcp-3.1.2p1-ldap-patch-mt.11.2-02 merging all patches flying around -- see http://www.suse.de/~mt/git/dhcp-ldap.git and the git changelog at the begin of the patch.
 
ICM