From 1b9b69e6d23ee77974f4da01d3fba602f0b0be46 Mon Sep 17 00:00:00 2001 From: Rosa Date: Fri, 27 Jul 2012 04:09:57 +0000 Subject: [PATCH] Automatic import for version 4.2.4 --- .abf.yml | 2 +- dhcp-4.1.1-useless-wait.patch | 17 ------ dhcp-4.2.1-P1-CVE-2011-2748,2749.diff | 59 ------------------- dhcp-4.2.1-P1.tar.gz.sha512.asc | 11 ---- ...atch => dhcp-4.2.2-fix-format-errors.patch | 34 +++++------ ...-4.1.1-ifup.patch => dhcp-4.2.2-ifup.patch | 38 ++++++------ dhcp-4.2.4-P1.tar.gz.sha512.asc | 11 ++++ dhcp.spec | 20 ++++--- 8 files changed, 61 insertions(+), 131 deletions(-) delete mode 100644 dhcp-4.1.1-useless-wait.patch delete mode 100644 dhcp-4.2.1-P1-CVE-2011-2748,2749.diff delete mode 100644 dhcp-4.2.1-P1.tar.gz.sha512.asc rename dhcp-4.1.1-format_not_a_string_literal_and_no_format_arguments.patch => dhcp-4.2.2-fix-format-errors.patch (58%) rename dhcp-4.1.1-ifup.patch => dhcp-4.2.2-ifup.patch (86%) create mode 100644 dhcp-4.2.4-P1.tar.gz.sha512.asc diff --git a/.abf.yml b/.abf.yml index 92cc6d3..d6a3f12 100644 --- a/.abf.yml +++ b/.abf.yml @@ -1,3 +1,3 @@ sources: - "dhcp-4.2.1-P1.tar.gz": 7767019313b4128357054a1eb053c66799831dd6 + "dhcp-4.2.4-P1.tar.gz": 0fe0f20b7be597d60e61951d2ccafe547d3bcec2 "dhcp-dynamic-dns-examples.tar.bz2": d33980aad3e0380fc89f8346ab37786d39157696 diff --git a/dhcp-4.1.1-useless-wait.patch b/dhcp-4.1.1-useless-wait.patch deleted file mode 100644 index 88bbd16..0000000 --- a/dhcp-4.1.1-useless-wait.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- client/dhclient.c 2010/04/28 19:13:43 1.1 -+++ client/dhclient.c 2010/04/28 19:17:01 -@@ -594,9 +594,12 @@ - else { - client->state = S_INIT; - /* Set up a timeout to start the -- * initialization process. -+ * initialization process, -+ * _immediately_, as agreed but never -+ * applied by the ISC upstream -+ https://lists.isc.org/mailman/htdig/dhcp-users/2006-June/thread.html#928 - */ -- tv.tv_sec = cur_time + random() % 5; -+ tv.tv_sec = cur_time - 1; - tv.tv_usec = 0; - add_timeout(&tv, state_reboot, - client, 0, 0); diff --git a/dhcp-4.2.1-P1-CVE-2011-2748,2749.diff b/dhcp-4.2.1-P1-CVE-2011-2748,2749.diff deleted file mode 100644 index dffbbd6..0000000 --- a/dhcp-4.2.1-P1-CVE-2011-2748,2749.diff +++ /dev/null @@ -1,59 +0,0 @@ -diff -Naurp dhcp-4.2.1-P1/common/discover.c dhcp-4.2.1-P1.oden/common/discover.c ---- dhcp-4.2.1-P1/common/discover.c 2011-08-18 12:58:40.883411562 +0200 -+++ dhcp-4.2.1-P1.oden/common/discover.c 2011-08-18 12:55:47.002338724 +0200 -@@ -1391,12 +1391,16 @@ isc_result_t got_one (h) - if (result == 0) - return ISC_R_UNEXPECTED; - -- /* If we didn't at least get the fixed portion of the BOOTP -- packet, drop the packet. We're allowing packets with no -- sname or filename, because we're aware of at least one -- client that sends such packets, but this definitely falls -- into the category of being forgiving. */ -- if (result < DHCP_FIXED_NON_UDP - DHCP_SNAME_LEN - DHCP_FILE_LEN) -+ /* -+ * If we didn't at least get the fixed portion of the BOOTP -+ * packet, drop the packet. -+ * Previously we allowed packets with no sname or filename -+ * as we were aware of at least one client that did. But -+ * a bug caused short packets to not work and nobody has -+ * complained, it seems rational to tighten up that -+ * restriction. -+ */ -+ if (result < DHCP_FIXED_NON_UDP) - return ISC_R_UNEXPECTED; - - if (bootp_packet_handler) { -diff -Naurp dhcp-4.2.1-P1/common/options.c dhcp-4.2.1-P1.oden/common/options.c ---- dhcp-4.2.1-P1/common/options.c 2011-03-24 22:57:13.000000000 +0100 -+++ dhcp-4.2.1-P1.oden/common/options.c 2011-08-18 12:55:47.003338734 +0200 -@@ -592,8 +592,8 @@ cons_options(struct packet *inpacket, st - } else if (bootpp) { - mb_size = 64; - if (inpacket != NULL && -- (inpacket->packet_length - DHCP_FIXED_LEN >= 64)) -- mb_size = inpacket->packet_length - DHCP_FIXED_LEN; -+ (inpacket->packet_length >= 64 + DHCP_FIXED_NON_UDP)) -+ mb_size = inpacket->packet_length - DHCP_FIXED_NON_UDP; - } else - mb_size = DHCP_MIN_OPTION_LEN; - -diff -Naurp dhcp-4.2.1-P1/server/dhcp.c dhcp-4.2.1-P1.oden/server/dhcp.c ---- dhcp-4.2.1-P1/server/dhcp.c 2010-09-09 08:52:37.000000000 +0200 -+++ dhcp-4.2.1-P1.oden/server/dhcp.c 2011-08-18 12:57:53.156117387 +0200 -@@ -2336,6 +2336,7 @@ void ack_lease (packet, lease, offer, wh - * giaddr. - */ - if (!packet->agent_options_stashed && -+ (packet->options != NULL) && - packet->options->universe_count > agent_universe.index && - packet->options->universes[agent_universe.index] != NULL) { - oc = lookup_option (&server_universe, state -> options, -@@ -4429,6 +4430,7 @@ maybe_return_agent_options(struct packet - * by the user into the new state, not just give up. - */ - if (!packet->agent_options_stashed && -+ (packet->options != NULL) && - packet->options->universe_count > agent_universe.index && - packet->options->universes[agent_universe.index] != NULL && - (options->universe_count <= agent_universe.index || diff --git a/dhcp-4.2.1-P1.tar.gz.sha512.asc b/dhcp-4.2.1-P1.tar.gz.sha512.asc deleted file mode 100644 index 6d53584..0000000 --- a/dhcp-4.2.1-P1.tar.gz.sha512.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.9 (GNU/Linux) - -iQEVAwUATZoM/dgRtT8Le64AAQoHqQf/dRI18soyGYHZwP868cMk4mZsTThTPCul -8WRfxQNjC93fRSrCeANdBeUOEjKnGbDyeAMS4gJHP4MnRywWDKvlKNjEhFNvoD4B -bKRAXTsvYjR19IwMmbjwexI7XAUbD208FiNvynvvjfKbnkiDnb4bJMzea2y/RGYO -RfNJm4SR4P4u4csuY9uG4CaD4z+3CZkCKX00l3oN3SHlkLfntPm/VUbpILtt77wQ -KH/nYaiglyt+SkFEevDMjvW6+04ZQ//tDYuSIOK0LZJBrkspAOMW8lWProZPl2oX -fOI+OLQHAavei1qber2A1Tqj1JC3BRftX6stuMbfTWGj4RYZmhHMNw== -=cijx ------END PGP SIGNATURE----- diff --git a/dhcp-4.1.1-format_not_a_string_literal_and_no_format_arguments.patch b/dhcp-4.2.2-fix-format-errors.patch similarity index 58% rename from dhcp-4.1.1-format_not_a_string_literal_and_no_format_arguments.patch rename to dhcp-4.2.2-fix-format-errors.patch index 0c7fca4..04c70dc 100644 --- a/dhcp-4.1.1-format_not_a_string_literal_and_no_format_arguments.patch +++ b/dhcp-4.2.2-fix-format-errors.patch @@ -1,7 +1,7 @@ -diff -p -up dhcp-4.1.1/client/dhclient.c.not_a_string dhcp-4.1.1/client/dhclient.c ---- dhcp-4.1.1/client/dhclient.c.not_a_string 2010-01-07 19:47:40.000000000 -0200 -+++ dhcp-4.1.1/client/dhclient.c 2010-02-25 11:30:19.000000000 -0300 -@@ -381,9 +381,9 @@ main(int argc, char **argv) { +diff -Naur -x '*.orig' dhcp-4.2.2/client/dhclient.c dhcp-4.2.2-fix-format-errors/client/dhclient.c +--- dhcp-4.2.2/client/dhclient.c 2011-07-01 13:58:53.000000000 +0200 ++++ dhcp-4.2.2-fix-format-errors/client/dhclient.c 2011-08-29 19:08:55.560183457 +0200 +@@ -420,9 +420,9 @@ if (!quiet) { log_info("%s %s", message, PACKAGE_VERSION); @@ -14,7 +14,7 @@ diff -p -up dhcp-4.1.1/client/dhclient.c.not_a_string dhcp-4.1.1/client/dhclient log_info("%s", ""); } else { log_perror = 0; -@@ -647,9 +647,9 @@ main(int argc, char **argv) { +@@ -701,9 +701,9 @@ static void usage() { log_info("%s %s", message, PACKAGE_VERSION); @@ -25,12 +25,12 @@ diff -p -up dhcp-4.1.1/client/dhclient.c.not_a_string dhcp-4.1.1/client/dhclient + log_info("%s", arr); + log_info("%s", url); - log_error("Usage: dhclient %s %s", - #ifdef DHCPv6 -diff -p -up dhcp-4.1.1/relay/dhcrelay.c.not_a_string dhcp-4.1.1/relay/dhcrelay.c ---- dhcp-4.1.1/relay/dhcrelay.c.not_a_string 2010-01-07 19:48:02.000000000 -0200 -+++ dhcp-4.1.1/relay/dhcrelay.c 2010-02-25 11:30:22.000000000 -0300 -@@ -403,9 +403,9 @@ main(int argc, char **argv) { + + log_fatal("Usage: dhclient " +diff -Naur -x '*.orig' dhcp-4.2.2/relay/dhcrelay.c dhcp-4.2.2-fix-format-errors/relay/dhcrelay.c +--- dhcp-4.2.2/relay/dhcrelay.c 2011-05-10 15:07:37.000000000 +0200 ++++ dhcp-4.2.2-fix-format-errors/relay/dhcrelay.c 2011-08-29 19:08:55.561183444 +0200 +@@ -428,9 +428,9 @@ if (!quiet) { log_info("%s %s", message, PACKAGE_VERSION); @@ -43,10 +43,10 @@ diff -p -up dhcp-4.1.1/relay/dhcrelay.c.not_a_string dhcp-4.1.1/relay/dhcrelay.c } else { quiet = 0; log_perror = 0; -diff -p -up dhcp-4.1.1/server/dhcpd.c.not_a_string dhcp-4.1.1/server/dhcpd.c ---- dhcp-4.1.1/server/dhcpd.c.not_a_string 2010-02-25 11:29:56.000000000 -0300 -+++ dhcp-4.1.1/server/dhcpd.c 2010-02-25 11:30:22.000000000 -0300 -@@ -459,9 +459,9 @@ main(int argc, char **argv) { +diff -Naur -x '*.orig' dhcp-4.2.2/server/dhcpd.c dhcp-4.2.2-fix-format-errors/server/dhcpd.c +--- dhcp-4.2.2/server/dhcpd.c 2011-04-21 16:08:15.000000000 +0200 ++++ dhcp-4.2.2-fix-format-errors/server/dhcpd.c 2011-08-29 19:08:55.563183419 +0200 +@@ -474,9 +474,9 @@ if (!quiet) { log_info("%s %s", message, PACKAGE_VERSION); @@ -59,7 +59,7 @@ diff -p -up dhcp-4.1.1/server/dhcpd.c.not_a_string dhcp-4.1.1/server/dhcpd.c } else { quiet = 0; log_perror = 0; -@@ -1061,9 +1061,9 @@ void postconf_initialization (int quiet) +@@ -1096,9 +1096,9 @@ log_perror = 0; log_info("%s %s", message, PACKAGE_VERSION); @@ -72,7 +72,7 @@ diff -p -up dhcp-4.1.1/server/dhcpd.c.not_a_string dhcp-4.1.1/server/dhcpd.c log_perror = tmp; } } else -@@ -1170,8 +1170,8 @@ void postdb_startup (void) +@@ -1205,8 +1205,8 @@ static void usage(void) { log_info("%s %s", message, PACKAGE_VERSION); diff --git a/dhcp-4.1.1-ifup.patch b/dhcp-4.2.2-ifup.patch similarity index 86% rename from dhcp-4.1.1-ifup.patch rename to dhcp-4.2.2-ifup.patch index 2eb6cf6..0050468 100644 --- a/dhcp-4.1.1-ifup.patch +++ b/dhcp-4.2.2-ifup.patch @@ -1,6 +1,6 @@ -diff -p -up dhcp-4.1.1/client/scripts/linux.ifup dhcp-4.1.1/client/scripts/linux ---- dhcp-4.1.1/client/scripts/linux.ifup 2009-04-21 11:21:09.000000000 -0300 -+++ dhcp-4.1.1/client/scripts/linux 2010-02-25 11:26:32.000000000 -0300 +diff -Naur -x '*~' -x '*.orig' -x '*.rej' dhcp-4.2.2/client/scripts/linux dhcp-4.2.2-ifup/client/scripts/linux +--- dhcp-4.2.2/client/scripts/linux 2011-05-18 22:01:54.000000000 +0200 ++++ dhcp-4.2.2-ifup/client/scripts/linux 2011-08-29 19:07:58.722894019 +0200 @@ -1,8 +1,11 @@ #!/bin/bash -# dhclient-script for Linux. Dan Halbert, March, 1997. @@ -17,7 +17,7 @@ diff -p -up dhcp-4.1.1/client/scripts/linux.ifup dhcp-4.1.1/client/scripts/linux # Notes: -@@ -26,35 +29,46 @@ +@@ -26,28 +29,35 @@ ip=/sbin/ip make_resolv_conf() { @@ -54,7 +54,7 @@ diff -p -up dhcp-4.1.1/client/scripts/linux.ifup dhcp-4.1.1/client/scripts/linux elif [ "x${new_dhcp6_name_servers}" != x ] ; then - cat /dev/null > /etc/resolv.conf.dhclient6 - chmod 644 /etc/resolv.conf.dhclient6 - +- - if [ "x${new_dhcp6_domain_search}" != x ] ; then - echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6 + if [ -n "$DOMAIN" ]; then @@ -63,21 +63,25 @@ diff -p -up dhcp-4.1.1/client/scripts/linux.ifup dhcp-4.1.1/client/scripts/linux + elif [ "x${new_dhcp6_domain_search}" != x ] ; then + d="search ${new_dhcp6_domain_search}" fi + shopt -s nocasematch for nameserver in ${new_dhcp6_name_servers} ; do -- echo nameserver ${nameserver} >> /etc/resolv.conf.dhclient6 -+ ns="$ns"$'\n'"nameserver ${nameserver}" +@@ -59,11 +69,13 @@ + else + zone_id= + fi +- echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6 ++ ns="$ns"$'\n'"nameserver ${nameserver}$zone_id" done + shopt -u nocasematch + fi - mv /etc/resolv.conf.dhclient6 /etc/resolv.conf + if [ -n "$d" -o -n "$ns" ]; then + change_resolv_conf "$d" "$ns" fi -+ } - # Must be used on exit. Invokes the local dhcp client exit hooks, if any. -@@ -78,6 +92,25 @@ if [ -f /etc/dhclient-enter-hooks ]; the +@@ -88,6 +100,25 @@ fi fi @@ -103,7 +107,7 @@ diff -p -up dhcp-4.1.1/client/scripts/linux.ifup dhcp-4.1.1/client/scripts/linux ### ### DHCPv4 Handlers ### -@@ -128,15 +161,6 @@ fi +@@ -138,15 +169,6 @@ if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \ [ x$reason = xREBIND ] || [ x$reason = xREBOOT ]; then @@ -119,7 +123,7 @@ diff -p -up dhcp-4.1.1/client/scripts/linux.ifup dhcp-4.1.1/client/scripts/linux if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \ [ x$alias_ip_address != x$old_ip_address ]; then -@@ -155,12 +179,14 @@ if [ x$reason = xBOUND ] || [ x$reason = +@@ -165,12 +187,14 @@ ifconfig $interface inet $new_ip_address $new_subnet_arg \ $new_broadcast_arg $mtu_arg # Add a network route to the computed network address. @@ -131,10 +135,10 @@ diff -p -up dhcp-4.1.1/client/scripts/linux.ifup dhcp-4.1.1/client/scripts/linux route add default gw $router $metric_arg dev $interface done + fi - fi - if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ]; - then -@@ -168,7 +194,25 @@ if [ x$reason = xBOUND ] || [ x$reason = + else + # we haven't changed the address, have we changed other options + # that we wish to update? +@@ -193,7 +217,25 @@ ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg route add -host $alias_ip_address $interface:0 fi @@ -161,7 +165,7 @@ diff -p -up dhcp-4.1.1/client/scripts/linux.ifup dhcp-4.1.1/client/scripts/linux exit_with_hooks 0 fi -@@ -202,13 +246,17 @@ if [ x$reason = xTIMEOUT ]; then +@@ -227,13 +269,17 @@ ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg route add -host $alias_ip_address dev $interface:0 fi diff --git a/dhcp-4.2.4-P1.tar.gz.sha512.asc b/dhcp-4.2.4-P1.tar.gz.sha512.asc new file mode 100644 index 0000000..c95361d --- /dev/null +++ b/dhcp-4.2.4-P1.tar.gz.sha512.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (GNU/Linux) + +iQEcBAABCgAGBQJQDUjkAAoJEKv5WqfJazUKE38H/0OOq8Ww/exUWUYg28Jeyxqj +NX/jqyma6amjVDhmnDu/l4HekYl2DExb71slg4iYMCatKbPVV8Aak1o8BdRzQ/pi +u0lNvPNxYH6+z3AxffY7zONgY/YYXlYxt2QdAvn86NHepIzdJxHlZP/Axpu6kQwk +9N6519CjXgtfai9J1K4rKTjOqM3vFVYrqe1e5uRIlEuPmyWcfQl2mzgG0B5p6pts +dPXJ0RvV8UAsCSc4noNUnpd8XWtqCK7I4795LEJ/iA9CWUj0HDn8D35nMZ4q1vVe +fr2FEtyTfqIj0VvIX6W7mlDZm8tOgfrXqgiZYhmKbNeJcPqQfjJ08WWau/eWDGw= +=ONl/ +-----END PGP SIGNATURE----- diff --git a/dhcp.spec b/dhcp.spec index 54a4a59..570cce1 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -4,8 +4,9 @@ Summary: The ISC DHCP (Dynamic Host Configuration Protocol) server/relay agent/client Name: dhcp Epoch: 3 -Version: 4.2.1 -Release: %mkrel 0.%{pver}.4 +Version: 4.2.4 +%define subrel 1 +Release: %mkrel 0.%{pver}.1 License: Distributable Group: System/Servers URL: https://www.isc.org/software/dhcp @@ -22,15 +23,12 @@ Source8: dhcpd-chroot.sh Source9: dhclient-exit-hooks Source12: draft-ietf-dhc-ldap-schema-01.txt # customize ifup script -Patch0: dhcp-4.1.1-ifup.patch -Patch5: dhcp-4.1.1-format_not_a_string_literal_and_no_format_arguments.patch +Patch0: dhcp-4.2.2-ifup.patch +Patch5: dhcp-4.2.2-fix-format-errors.patch # (fc) 4.1.0-3mdv no IPv6 is no longer fatal for dhclient Patch6: dhcp-4.1.1-missing-ipv6-not-fatal.patch # prevents needless deassociation, working around mdv bug #43441 Patch7: dhcp-4.1.1-prevent_wireless_deassociation.patch -# redhat bug #587070 -Patch9: dhcp-4.1.1-useless-wait.patch -Patch10: dhcp-4.2.1-P1-CVE-2011-2748,2749.diff BuildRequires: perl groff-for-man BuildRequires: openldap-devel Provides: dhcpd @@ -144,8 +142,6 @@ Internet Software Consortium (ISC) dhcpctl API. %patch5 -p1 -b .format_not_a_string_literal_and_no_format_arguments %patch6 -p1 -b .noipv6nonfatal %patch7 -p1 -b .prevent_wireless_deassociation -%patch9 -p0 -b .useless_wait -%patch10 -p1 -b .CVE-2011-2748,2749 install -m0644 %{SOURCE12} doc @@ -339,6 +335,12 @@ rm -rf %{buildroot} %changelog +* Thu Jul 26 2012 Oden Eriksson 3:4.2.4-0.P1.1.1 +- 4.2.4-P1 (fixes CVE-2012-3570, CVE-2012-3571, CVE-2012-3954) + +* Thu Dec 08 2011 Oden Eriksson 3:4.2.1-0.P1.2.1 +- P11: security fix for CVE-2011-4539 + * Thu Aug 18 2011 Oden Eriksson 3:4.2.1-0.P1.2mdv2011.0 + Revision: 695144 - actually use the correct friggin patch...