| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: dhcp-server | Distribution: openSUSE 12.1 |
| Version: 4.2.2 | Vendor: openSUSE |
| Release: 6.3.1 | Build date: Mon Dec 12 09:55:02 2011 |
| Group: Productivity/Networking/Boot/Servers | Build host: build04 |
| Size: 2198158 | Source RPM: dhcp-4.2.2-6.3.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: http://www.isc.org/software/dhcp | |
| Summary: ISC DHCP Server | |
This package contains the ISC DHCP server.
Please read the documentation in /usr/share/doc/packages/dhcp-server
regarding configuration of the DHCP server.
Authors:
--------
Internet Systems Consortium, Inc. <info@isc.org>
BSD3c(or similar)
* Fri Dec 09 2011 mt@suse.com
- Applied security fix for a DoS due to processing certain regular
expressions, extracted from 4.2.3-P1 (bnc#735610, CVE-2011-4539):
* Add a check for a null pointer before calling the regexec function.
Without out this check we could, under some circumstances, pass
a null pointer to the regexec function causing it to segfault.
Thanks to a report from BlueCat Networks. [ISC-Bugs #26704]
* Fri Sep 30 2011 coolo@suse.com
- add libtool as buildrequire to make the spec file more reliable
* Tue Sep 06 2011 mt@suse.com
- Commented out all configuration examples in /etc/dhcpd.conf and
dhcp6.conf (bnc#715473).
- Enabled dhcp6.rapid-commit in /etc/dhclient6.conf config file.
- Removed useless provides/obsoletes from spec file.
* Wed Aug 31 2011 mt@suse.com
- Set the DHCPD_CONF_INCLUDE_FILES and the DHCPD6_CONF_INCLUDE_FILES
variables to /etc/dhcpd.d and /etc/dhcpd6.d by default, so there
are well-defined directories expected to contain additional config
files (bnc#690585).
* Mon Aug 29 2011 mt@suse.de
- Updated to ISC dhcp-4.2.2 release, providing two security fixes
(CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that
allowed remote attackers to cause a denial of service (a daemon
exit) via crafted BOOTP packets. Further also DNS update fix to
detect overlapping pools or misconfigured fixed-address entries,
that caused a server crash during DNS update and other fixes.
For a complete list, please see the RELNOTES file provided in
the package and also available online at http://www.isc.org/.
- Merged/adopted dhclient option-checks, send-hostname-rml, ldap
patch, xen-checksum, close-on-exec patches and removed obsolete
in6_pktinfo-prototype and relay-no-ip-on-interface patches.
- Moved server pid files into chroot directory even chroot is
not used and create a link in /var/run, so it can write one
when started as user without chroot and avoid stop problems
when the chroot sysconfig setting changed (bnc#712438).
- Disabled log-info level messages in dhclient(6) quiet mode to
avoid excessive logging of non-critical messages (bnc#711420).
- Fixed dhclient-script to not remove alias IP when it didn't
changed to not wipe out iptables connmark when renewing the
lease (bnc#700771). Thanks to James Carter for the patch.
- Fixed DDNS-howto.txt reference in the config file; it has been
moved to the dhcp-doc package (bnc#697279).
- Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz
to ensure, they're not used to build non-GPL dhcp (bnc#714004).
- Changed to apply strict-aliasing/RELRO for >= 12.x only
* Wed Jul 20 2011 crrodriguez@opensuse.org
- Correct previous change.
* Wed Jul 20 2011 crrodriguez@opensuse.org
- THis is a long running network daemon, link with
full RELRO security enhancements.
- remove -fno-strict-aliasing from CFLAGS, no longer needed.
* Tue May 17 2011 crrodriguez@opensuse.org
- Import redhat's patch to open all needed FDs with O_CLOEXEC
so they dont leak.
* Thu May 12 2011 mt@suse.de
- Removed obsolete sles8 compatibility dependencies, fixed
to avoid non-functional sles_version conditionals.
* Tue May 10 2011 mt@suse.de
- Fixed to not introduce separate dhcp-doc package on sles,
use versioned provides/obsoletes, improved conditionals.
* Tue May 03 2011 mt@suse.de
- Fixed dhclient-script typo causing ISC DHCPv6 client to execute
ifup pre-down scripts also while renew, when the ipv6 address
did not changed (bnc#690859).
* Fri Apr 29 2011 mt@suse.de
- Implemented optional ldap connect retry loop during the initial
startup of the dhcp server in cases where the ldap server is not
yet started. Set the ldap-init-retry <num> option in dhcpd.conf
to enable it (bnc#627617). Merged in the actual ldap patch.
- Cleaned up init script error reporting, no -TERM for killproc.
* Wed Apr 27 2011 mt@suse.de
- Updated to ISC dhcp-4.2.1-P1 release, that provides most of the
dhclient pretty escape and string option checks. Merged to use
relaxed domain-name option check causing a regression, when the
server is misusing it to provide a domain list (compatibility to
attic clients) and does not provide it via domain-search option;
pretty escape semicolon as well (bnc#675052, CVE-2011-0997).
* Thu Mar 31 2011 mt@suse.de
- Discard string options such as host and domain names containing
disallowed characters or beeing too long. This proctive patch
limits root-path to a-zA-Z0-9, #%+-_:.,@~/\[]= and a space
(bnc#675052, CVE-2011-0997).
* Thu Mar 31 2011 mt@suse.de
- Updated to ISC DHCP 4.2.1 release (bnc#680298), that provides
following fixes (digest):
* Several fixes to OMAPI, cleanup of dereferenced pointers in
the omapi handle, handling of pipe failures and status code
in omapi signal handler that may cause connect failure and
100% CPU use.
* Handle some DDNS corner cases better
* Several fixes to lease input and output
* Corrected side effect of printing all data strings as hex.
* Host record references leaks causing applying config to all
innocent clients.
* Memory leak when parsing a domain name
* Fixes to configuration parsing including infinite loop.
* Fixed for unexpected abort caused by a DHCPv6 decline.
For the complete list see the RELNOTES file, that is available
also online at http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-RELNOTES.
- Removed obsolete optional-value-infinite-loop, no-libcrypto
and CVE-2011-0413.bnc667655 patches.
- Merged the dhclient-send-hostname and ldap patches.
* Mon Feb 21 2011 mt@suse.de
- dhclient-script: fixed typo causing that only global settings
to set hostname and default route were applied for primary
and never per interface settings (bnc#673792).
* Fri Feb 18 2011 mt@suse.de
- Added dhcp-4.2.0-xen-checksum.patch by David Cantrell to handle
xen partial UDP checksums (bnc#668194).
* Wed Feb 02 2011 mt@suse.de
- Applied security fix for unexpected abort caused by a DHCPv6
decline message (CVE-2011-0413, VU#686084, bnc#667655).
- Fixed dhclient.conf to request the domain-search option.
* Mon Dec 13 2010 mt@suse.de
- Updated to ISC DHCP 4.2.0-P2, a security release fixing the
handling of connection requests on the failover port.
Previously a connection request from a source that wasn't
listed as a failover peer would cause the server to become
non-responsive. ([ISC-Bugs #22679] CERT: VU#159528 CVE:
CVE-2010-3616, bnc#659059).
* Tue Dec 07 2010 mt@suse.de
- Enable ldap CASA support on SLE only.
* Tue Nov 30 2010 mt@suse.de
- Fixed to use same/correct dhcrelay6 interface variables in the
sysconfig file and in the dhcrelay6 init script.
* Mon Nov 29 2010 mt@suse.de
- Updated to ISC DHCP 4.2.0-P1 release, providing a security fix to
handle a relay forward message with an unspecified address in the
link address field. Previously such a message would cause the
server to crash. Thanks to a report from John Gibbons.
[ISC-Bugs #21992] CERT: VU#102047 CVE: CVE-2010-3611 (bnc#650902)
The 4.2.0 version is a feature release, implementing asynchronous
DDNS processing and includes "The LDAP Patch".
For a complete list of changes from any previous release, please
consult the RELNOTES file within the source distribution or on
the ISC website: http://www.isc.org/software/dhcp/420
- Fixed compilation to avoid segfaults as soon as ldap is enabled,
merged our ldap patches from 4.1.x branch.
* Tue Nov 02 2010 mt@suse.de
- Fixed a dhcrelay segfault while receiving packets on interfaces
without any IPv4 address assigned (bnc#631305, reported upsteam
as [ISC-Bugs #22409]).
- Fixed a common infinite loop while parsing options with optional
parts in the value such as in slp-service-scope option (bnc#643845,
reported upsteam as [ISC-Bugs #22410]).
- Fixed init scripts to report correct LSB codes in status action,
when the config file or the binary do not exists (bnc#640336).
- Fixed syntax of a check in the rcdhcrelay[6] (bnc#648580)
- Avoid pid check error message in the rcdhcpd[6] (bnc#646875)
* Wed Sep 29 2010 mt@suse.de
- Fixed server lease file path in contrib/listlease and leasestate
changed to extract contrib and examples using setup macro.
* Wed Aug 04 2010 mt@suse.de
- Renamed rfc3442-classless-static-routes_raw in /etc/dhclient.conf
to rfc3442-classless-static-routes for compatibility with the
NetworkManager making use of /etc/dhclient.conf now and adopted
/sbin/dhclient-script (bnc#625770).
* Tue Jul 27 2010 mt@suse.de
- Fixed ldap option number conflicting with new options (bnc#625358)
* Fri Jul 02 2010 mt@suse.de
- Added a fix for an lpf bind error messages making it easier to
localize problems (bnc#617795)
* Mon Jun 14 2010 mt@suse.de
- Updated to ISC DHCP 4.1.1-P1 patch release, which contains
a pair of bug fixes including one for a security related bug
(bnc#612546, CVE-2010-2156):
* A bug was fixed that could cause the DHCPv6 server to
advertise/assign a previously allocated (active) lease to a
client that has changed subnets, despite being on different
shared networks. Dynamic prefixes specifically allocated in
shared networks also now are not offered if the client has
moved. [ISC-Bugs #21152]
* Accept a client id of length 0 while hashing. Previously the
server would exit if it attempted to hash a zero length client
id, providing attackers with a simple denial of service attack.
[ISC-Bugs #21253]
* Tue May 18 2010 mt@suse.de
- Added rc.dhcrelay6 as source in the spec file
* Tue May 11 2010 mt@suse.de
- Fixed dhcprelay scripts to source sysconfig file correctly
- Fixed spec file typo in arping path require, enabled ldap
- Fixed a dhclient option name and new/old ip address check
* Fri May 07 2010 mt@suse.de
- Updated to ISC DHCP 4.1.1, the current 4.x series production
release, providing DHCPv6 client/server/relay implementation.
The programs act in DHCPv6 mode, when the -6 start option is set.
We install separate init scripts with a 6 at the end to handle
them, that is /etc/init.d/dhcpd6 and dhrelay6. Further, there is
also a link to the binaries with a 6 at the end, e.g. dhclient6,
making it visible, that the installed version supports DHCPv6.
- Moved additional documentation to a separate dhcp-doc package.
- Changed to provide config files and scripts as source files
instead of patches to the ISC scripts.
- Adopted spec file and config/scripts, merged in all patches.
- Implemented RFC 3442 classless static routes support in the
dhclient-script (bnc#555870).
* Thu Apr 29 2010 mt@suse.de
- Updated to ISC DHCP 3.1-ESV, an extended support version release
which includes a small number of bug fixes (bnc#592178) over the
3.1.3 version:
* Modified the handling of a connection to avoid releasing the
omapi io object for the connection while it is still in use.
One symptom from this error was a segfault when a failover
secondary attempted to connect to the failover primary if
their clocks were not synchronized.
* Fix test in dhcp_interface_signal_handler to check that the
inner handler has a signal_handler before calling it.
* When using 'ignore client-updates;', the FQDN returned to the
client is no longer truncated to one octet.
* Clean up some compiler warnings - ticket 19054.
- Fixed vlan interface check in dhcpd-restart-hook if-up.d script
(bnc#599702)
- Touch dhclient.leases in post-install script instead to provide
an empty file, versioned provides/obsoletes (rpmlint warnings).
* Fri Mar 12 2010 mt@suse.de
- Fixed dhclient-script to call ifup -o dhcp and signal "complete"
to ifup when all configuration is done (bnc#585380,bnc#518219).
* Thu Jan 07 2010 jengelh@medozas.de
- Enable parallel building
- Use large PIE model on all SPARC flavors
* Mon Dec 14 2009 mt@suse.de
- Fixed dhclient-script to use correct sysconfig run dir path
to not to break the defaultroute/hostname setup (bnc#555095).
- Don't request any specific lease-time by default (bnc#516459).
* Fri Oct 16 2009 mt@suse.de
- Fixed dhclient-script to forward new_domain_search as DNSSEARCH
to netconfig.
* Tue Oct 13 2009 mt@suse.de
- Updated to dhcp-3.1.3 maintenance release fixing several issues
(a digest, see RELNOTES for the complete list):
* Remove infinite loop in token_print_indent_concat().
* A parser bug was fixed that segfaulted if site-option-space
was tried to be used interchangeably with vendor-option-space.
* Two uninitialized stack structures are now memset to zero,
thanks to patch from David Cantrell at Red Hat.
* Memory leak in the load_balance_mine() function is fixed. This
would leak ~20-30 octets per DHCPDISCOVER packet while failover
was in use and in normal state.
* Fixed setting hostname in Linux hosts that require hostname
argument to be double-quoted. Also allow server-provided
hostname to override hostnames 'localhost' and '(none)'.
* Added client support for setting interface MTU and metric,
thanks to Roy "UberLord" Marples <roy@marples.name>.
* Fixed failover reconnection retry code to continue to retry to
reconnect rather than restarting the listener.
* Fixed a bug where an OMAPI socket disconnection message would
not result in scheduling a failover reconnection, if the link
had not negotiated a failover connect yet (e.g.: connection
refused, asynch socket connect() timeouts).
* Versions 3.0.x syntax with multiple name->code option
definitions is now supported. Note that, similarly to 3.0.x,
for by-code lookups only the last option definition is used.
* Fixed a fenceposting bug when a client had two host records
configured, one using 'uid' and the other using 'hardware
ethernet'. CVE-2009-1892
- Updated to dhcp-3.1.3-ldap-patch-mt-01 including previous fixes.
- Merged dhclient script, removed obsolete CVE-2009-1892 fix.
* Tue Sep 29 2009 mt@suse.de
- Replaced mt-02 ldap patch from old git repository with equivalent
one (dhcp-3.1.2p1-ldap-patch-mt-02) from a new repository with
fixed patch history (http://www.suse.de/~mt/git/dhcp-ldap.git/).
* Wed Aug 12 2009 mt@suse.de
- Added dhcpd-restart-hook if-up.d script that restarts dhcp server
while network restart when a virtual interfaces as bridge, bond
or vlan goes up again (bnc#517810).
* Wed Jul 29 2009 mt@suse.de
- Applied fix for a dhcp client id DoS (CVE-2009-1892, bnc#519413).
* Wed Jul 29 2009 mt@suse.de
- Updated to dhcp-3.1.2p1 maintenance release fixing following
issues:
* A stack overflow vulnerability was fixed in dhclient that could
allow remote attackers to execute arbitrary commands as root on
the system, or simply terminate the client, by providing an
over-long subnet-mask option.
* A double-dereference in dhclient transmission of DHCPDECLINEs
was repaired.
* Fix handling of -A and -a flags in dhcrelay; it was failing
to expand packet size as needed to add relay agent options.
* Corrected list of failover state values in dhcpd man page.
* Fixed a bug that caused some request types to be logged
incorrectly.
* Fixed a coredump when adding a class via OMAPI.
* Clients that sent a parameter request list containing the
routers option before the subnet mask option were receiving
only the latter. Fixed.
* The server wasn't always sending the FQDN option when it should.
* A partner-down failover server no longer emits 'peer holds all
free leases' if it is able to newly-allocate one of the peer's
leases.
* A cosmetic bug in DHCPDECLINE processing was fixed which caused
all successful DHCPDECLINEs to be logged as "not found" rather
than "abandoned".
* Some failover debugging #defines have been better defined and
some high frequency messages moved to a deeper debugging symbol.
* The CLTT parameter in failover is now only updated by client
activity, and not by failover binding updates.
* Failover BNDUPD messages are now discarded if they conflict with
an update that has been trasnmitted, but not acknowledged.
* A bug cleaning up unknown-xxx temporary option definitions was
fixed.
- Removed obsolete dhclient-no-dereference-twice patch
- Improved dhclient-script to apply global dhcp settings, when
there is no interface config (bnc#480922).
- Enabled casa support in dhcp-ldap for >= sles 10 and => 11.1.
- Updated dhcp-3.1.2p1-ldap-patch-mt.11.2-02 merging all patches
flying around -- see http://www.suse.de/~mt/git/dhcp-ldap.git
and the git changelog at the begin of the patch.
/etc/dhcpd.conf /etc/dhcpd.d /etc/dhcpd6.conf /etc/dhcpd6.d /etc/init.d/dhcpd /etc/init.d/dhcpd6 /etc/openldap /etc/openldap/schema /etc/openldap/schema/dhcp.schema /etc/sysconfig/network/if-up.d/60-dhcpd-restart-hook /etc/sysconfig/network/scripts/dhcpd-restart-hook /usr/sbin/dhcpd /usr/sbin/dhcpd6 /usr/sbin/rcdhcpd /usr/sbin/rcdhcpd6 /usr/share/man/man5/dhcpd.conf.5.gz /usr/share/man/man5/dhcpd.leases.5.gz /usr/share/man/man8/dhcpd.8.gz /usr/share/omc/svcinfo.d/dhcpd.xml /usr/share/omc/svcinfo.d/dhcpd6.xml /var/adm/fillup-templates/sysconfig.dhcpd /var/adm/fillup-templates/sysconfig.syslog-dhcpd /var/lib/dhcp /var/lib/dhcp/db /var/lib/dhcp/dev /var/lib/dhcp/etc /var/lib/dhcp/lib /var/lib/dhcp/var /var/lib/dhcp/var/run /var/lib/dhcp6 /var/lib/dhcp6/db /var/lib/dhcp6/dev /var/lib/dhcp6/etc /var/lib/dhcp6/lib /var/lib/dhcp6/var /var/lib/dhcp6/var/run
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Jun 15 03:35:44 2013