From 97c26ead0fee909061c8cc77ac2a7ce1d6eba816 Mon Sep 17 00:00:00 2001 From: Danila Leontiev Date: Mon, 1 Apr 2013 15:03:59 +0400 Subject: [PATCH] Security update --- dhcp-4.2.4-P1.tar.gz.sha512.asc | 11 -- dhcp-4.2.4-P2-CVE-2012-3955.patch | 183 ------------------------------ dhcp-4.2.5-P1.tar.gz.asc | 11 -- dhcp-4.2.5-P1.tar.gz.sha512.asc | 11 ++ 4 files changed, 11 insertions(+), 205 deletions(-) delete mode 100644 dhcp-4.2.4-P1.tar.gz.sha512.asc delete mode 100644 dhcp-4.2.4-P2-CVE-2012-3955.patch delete mode 100644 dhcp-4.2.5-P1.tar.gz.asc create mode 100644 dhcp-4.2.5-P1.tar.gz.sha512.asc diff --git a/dhcp-4.2.4-P1.tar.gz.sha512.asc b/dhcp-4.2.4-P1.tar.gz.sha512.asc deleted file mode 100644 index c95361d..0000000 --- a/dhcp-4.2.4-P1.tar.gz.sha512.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.12 (GNU/Linux) - -iQEcBAABCgAGBQJQDUjkAAoJEKv5WqfJazUKE38H/0OOq8Ww/exUWUYg28Jeyxqj -NX/jqyma6amjVDhmnDu/l4HekYl2DExb71slg4iYMCatKbPVV8Aak1o8BdRzQ/pi -u0lNvPNxYH6+z3AxffY7zONgY/YYXlYxt2QdAvn86NHepIzdJxHlZP/Axpu6kQwk -9N6519CjXgtfai9J1K4rKTjOqM3vFVYrqe1e5uRIlEuPmyWcfQl2mzgG0B5p6pts -dPXJ0RvV8UAsCSc4noNUnpd8XWtqCK7I4795LEJ/iA9CWUj0HDn8D35nMZ4q1vVe -fr2FEtyTfqIj0VvIX6W7mlDZm8tOgfrXqgiZYhmKbNeJcPqQfjJ08WWau/eWDGw= -=ONl/ ------END PGP SIGNATURE----- diff --git a/dhcp-4.2.4-P2-CVE-2012-3955.patch b/dhcp-4.2.4-P2-CVE-2012-3955.patch deleted file mode 100644 index f0e6ab4..0000000 --- a/dhcp-4.2.4-P2-CVE-2012-3955.patch +++ /dev/null @@ -1,183 +0,0 @@ -diff -pruN dhcp-4.2.4-P1/RELNOTES dhcp-4.2.4-P2/RELNOTES ---- dhcp-4.2.4-P1/RELNOTES 2012-07-13 00:18:05.000000000 -0600 -+++ dhcp-4.2.4-P2/RELNOTES 2012-08-27 20:15:33.000000000 -0600 -@@ -39,6 +39,15 @@ The system has only been tested on Linux - work on other platforms. Please report any problems and suggested fixes to - . - -+ Changes since 4.2.4-P1 -+ -+! An issue with the use of lease times was found and fixed. Making -+ certain changes to the end time of an IPv6 lease could cause the -+ server to abort. Thanks to Glen Eustace of Massey University, -+ New Zealand for finding this issue. -+ [ISC-Bugs #30281] -+ CVE: CVE-2012-3955 -+ - Changes since 4.2.4 - - ! Previously the server code was relaxed to allow packets with zero -diff -pruN dhcp-4.2.4-P1/server/dhcpv6.c dhcp-4.2.4-P2/server/dhcpv6.c ---- dhcp-4.2.4-P1/server/dhcpv6.c 2012-07-13 00:18:05.000000000 -0600 -+++ dhcp-4.2.4-P2/server/dhcpv6.c 2012-08-27 20:13:22.000000000 -0600 -@@ -1837,9 +1837,6 @@ reply_process_ia_na(struct reply_state * - ia_reference(&tmp->ia, reply->ia, MDL); - - /* Commit 'hard' bindings. */ -- tmp->hard_lifetime_end_time = -- tmp->soft_lifetime_end_time; -- tmp->soft_lifetime_end_time = 0; - renew_lease6(tmp->ipv6_pool, tmp); - schedule_lease_timeout(tmp->ipv6_pool); - -@@ -2498,9 +2495,6 @@ reply_process_ia_ta(struct reply_state * - ia_reference(&tmp->ia, reply->ia, MDL); - - /* Commit 'hard' bindings. */ -- tmp->hard_lifetime_end_time = -- tmp->soft_lifetime_end_time; -- tmp->soft_lifetime_end_time = 0; - renew_lease6(tmp->ipv6_pool, tmp); - schedule_lease_timeout(tmp->ipv6_pool); - -@@ -3370,9 +3364,6 @@ reply_process_ia_pd(struct reply_state * - ia_reference(&tmp->ia, reply->ia, MDL); - - /* Commit 'hard' bindings. */ -- tmp->hard_lifetime_end_time = -- tmp->soft_lifetime_end_time; -- tmp->soft_lifetime_end_time = 0; - renew_lease6(tmp->ipv6_pool, tmp); - schedule_lease_timeout(tmp->ipv6_pool); - } -diff -pruN dhcp-4.2.4-P1/server/mdb6.c dhcp-4.2.4-P2/server/mdb6.c ---- dhcp-4.2.4-P1/server/mdb6.c 2012-07-13 00:17:54.000000000 -0600 -+++ dhcp-4.2.4-P2/server/mdb6.c 2012-08-27 20:13:22.000000000 -0600 -@@ -26,24 +26,26 @@ - * A brief description of the IPv6 structures as reverse engineered. - * - * There are three major data strucutes involved in the database: -- * ipv6_pool - this contains information about a pool of addresses or prefixes -+ * -+ * - ipv6_pool - this contains information about a pool of addresses or prefixes - * that the server is using. This includes a hash table that - * tracks the active items and a pair of heap tables one for - * active items and one for non-active items. The heap tables - * are used to determine the next items to be modified due to - * timing events (expire mostly). -- * ia_xx - this contains information about a single IA from a request -+ * - ia_xx - this contains information about a single IA from a request - * normally it will contain one pointer to a lease for the client - * but it may contain more in some circumstances. There are 3 -- * hash tables to aid in accessing these one each for NA, TA and PD -- * iasubopt - the v6 lease structure. These are creaeted dynamically when -+ * hash tables to aid in accessing these one each for NA, TA and PD. -+ * - iasubopt- the v6 lease structure. These are created dynamically when - * a client asks for something and will eventually be destroyed - * if the client doesn't re-ask for that item. A lease has space - * for backpointers to the IA and to the pool to which it belongs. -- * The pool backpointer is always filled, the IA pointer may not be -+ * The pool backpointer is always filled, the IA pointer may not be. - * - * In normal use we then have something like this: - * -+ * \verbatim - * ia hash tables - * ia_na_active +----------------+ - * ia_ta_active +------------+ | pool | -@@ -53,6 +55,7 @@ - * | iasubopt array |<---| iaptr |<--| inactive heap | - * | lease ptr |--->| | | | - * +-----------------+ +------------+ +----------------+ -+ * \endverbatim - * - * For the pool either the inactive heap will have a pointer - * or both the active heap and the active hash will have pointers. -@@ -934,7 +937,7 @@ create_lease6(struct ipv6_pool *pool, st - } - - --/*! \file server/mdb6.c -+/*! - * - * \brief Cleans up leases when reading from a lease file - * -@@ -1235,29 +1238,49 @@ move_lease_to_active(struct ipv6_pool *p - return insert_result; - } - --/* -- * Renew an lease in the pool. -+/*! -+ * \brief Renew a lease in the pool. -+ * -+ * The hard_lifetime_end_time of the lease should be set to -+ * the current expiration time. -+ * The soft_lifetime_end_time of the lease should be set to -+ * the desired expiration time. -+ * -+ * This routine will compare the two and call the correct -+ * heap routine to move the lease. If the lease is active -+ * and the new expiration time is greater (the normal case) -+ * then we call isc_heap_decreased() as a larger time is a -+ * lower priority. If the new expiration time is less then -+ * we call isc_heap_increased(). -+ * -+ * If the lease is abandoned then it will be on the active list -+ * and we will always call isc_heap_increased() as the previous -+ * expiration would have been all 1s (as close as we can get -+ * to infinite). -+ * -+ * If the lease is moving to active we call that routine -+ * which will move it from the inactive list to the active list. - * -- * To do this, first set the new hard_lifetime_end_time for the resource, -- * and then invoke renew_lease6() on it. -+ * \param pool a pool the lease belongs to -+ * \param lease the lease to be renewed - * -- * WARNING: lease times must only be extended, never reduced!!! -+ * \return result of the renew operation (ISC_R_SUCCESS if successful, -+ ISC_R_NOMEMORY when run out of memory) - */ - isc_result_t - renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease) { -- /* -- * If we're already active, then we can just move our expiration -- * time down the heap. -- * -- * If we're abandoned then we are already on the active list -- * but we need to retag the lease and move our expiration -- * from infinite to the current value -- * -- * Otherwise, we have to move from the inactive heap to the -- * active heap. -- */ -+ time_t old_end_time = lease->hard_lifetime_end_time; -+ lease->hard_lifetime_end_time = lease->soft_lifetime_end_time; -+ lease->soft_lifetime_end_time = 0; -+ - if (lease->state == FTS_ACTIVE) { -- isc_heap_decreased(pool->active_timeouts, lease->heap_index); -+ if (old_end_time <= lease->hard_lifetime_end_time) { -+ isc_heap_decreased(pool->active_timeouts, -+ lease->heap_index); -+ } else { -+ isc_heap_increased(pool->active_timeouts, -+ lease->heap_index); -+ } - return ISC_R_SUCCESS; - } else if (lease->state == FTS_ABANDONED) { - char tmp_addr[INET6_ADDRSTRLEN]; -@@ -1920,9 +1943,8 @@ change_leases(struct ia_xx *ia, - /* - * Renew all leases in an IA from all pools. - * -- * The new hard_lifetime_end_time should be updated for the addresses/prefixes. -- * -- * WARNING: lease times must only be extended, never reduced!!! -+ * The new lifetime should be in the soft_lifetime_end_time -+ * and will be moved to hard_lifetime_end_time by renew_lease6. - */ - isc_result_t - renew_leases(struct ia_xx *ia) { diff --git a/dhcp-4.2.5-P1.tar.gz.asc b/dhcp-4.2.5-P1.tar.gz.asc deleted file mode 100644 index 898696c..0000000 --- a/dhcp-4.2.5-P1.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.12 (NetBSD) - -iQEcBAABAgAGBQJRS2FeAAoJEEWseFcYnNvFjYIH/3S6p2g7sqAbTJaNA81UdIQc -mw2JgfejtbNGIdBhD+iM3AazwO9zVIQfD7mpHhIgSwtBXu2kYlCOaLy+GSTRLLWv -gu1/0J2JPJTx9WoMWYEOPG/qhYYQKX+Xj7ldIFat/7ADOGCYCfZWNhsYZ79T0GCL -tj/jX2bQXDzTeEMHHywBr8MdGGzn1k6mCduyENXpmTBlLT5PfdABWku5iu6efFMS -doLZ5rUYGxxBTmbZJLZjScNI2DNH2UTIxRx58rVYPaXNi91pPRflXoIDpwiKHYfK -6uqshS8z8bMGhSMTLdm5NcWS16ABCFOTmr2RCeQ144VD8L/FNgPEj+vNTMKb9Rs= -=klp9 ------END PGP SIGNATURE----- diff --git a/dhcp-4.2.5-P1.tar.gz.sha512.asc b/dhcp-4.2.5-P1.tar.gz.sha512.asc new file mode 100644 index 0000000..ed714da --- /dev/null +++ b/dhcp-4.2.5-P1.tar.gz.sha512.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (NetBSD) + +iQEcBAABCgAGBQJRS2FKAAoJEEWseFcYnNvFAQEIAJ7vcsU8jBBPCtaNOCOnh02J +r8ef6mFc3XE7Ykx9mTmFCSbwNbzyXINeBYcBLhzNubmGyx8ayrOfHSC8kwIbSyZW +by/fzPWAzDCzU2hfQld4TkQVMaLcA4FL66DHrDYLJ7sHMlRBh9n5XMhVpqwT0V4i +Wb0z7nSHJkaRA+aNKaLltKRo+yyRmYLRxbdiQS2WC9C9IThgL2nNQHq2Z76y6CvU +3jRtyIQnzI5KXOTsD1qLzrie9MndvEIDNmSAmJnwLP7MAhPLrrgGBGW0b/u/SEAT +4x8sYGqTzjSNun0K6O9PpPhW/y51VmFHXmhS7S3FvYwkAeeURrCXj8TmQHC1f5k= +=n0mq +-----END PGP SIGNATURE-----