Hello community,
here is the log from the commit of package dhcp for openSUSE:Factory
checked in at Mon May 2 13:31:09 CEST 2011.
--------
--- dhcp/dhcp.changes 2011-04-05 20:58:14.000000000 +0200
+++ /mounts/work_src_done/STABLE/dhcp/dhcp.changes 2011-04-29 15:49:29.000000000 +0200
@@ -1,0 +2,19 @@
+Fri Apr 29 13:31:57 UTC 2011 - mt@suse.de
+
+- Implemented optional ldap connect retry loop during the initial
+ startup of the dhcp server in cases where the ldap server is not
+ yet started. Set the ldap-init-retry <num> option in dhcpd.conf
+ to enable it (bnc#627617). Merged in the actual ldap patch.
+- Cleaned up init script error reporting, no -TERM for killproc.
+
+-------------------------------------------------------------------
+Wed Apr 27 12:31:25 UTC 2011 - mt@suse.de
+
+- Updated to ISC dhcp-4.2.1-P1 release, that provides most of the
+ dhclient pretty escape and string option checks. Merged to use
+ relaxed domain-name option check causing a regression, when the
+ server is misusing it to provide a domain list (compatibility to
+ attic clients) and does not provide it via domain-search option;
+ pretty escape semicolon as well (bnc#675052, CVE-2011-0997).
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
dhcp-4.2.1-dhclient-option-checks.bnc675052.diff
dhcp-4.2.1-ldap-patch-mt01.diff.bz2
dhcp-4.2.1.tar.bz2
New:
----
dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff
dhcp-4.2.1-P1-ldap-patch-mt01.diff.bz2
dhcp-4.2.1-P1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dhcp.spec ++++++
--- /var/tmp/diff_new_pack.8b3YSd/_old 2011-05-02 13:29:36.000000000 +0200
+++ /var/tmp/diff_new_pack.8b3YSd/_new 2011-05-02 13:29:36.000000000 +0200
@@ -17,7 +17,7 @@
# norootforbuild
-%define isc_version 4.2.1
+%define isc_version 4.2.1-P1
%define susefw2dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%define omc_prefix /usr/share/omc
%define omc_svcdir %{omc_prefix}/svcinfo.d
@@ -35,7 +35,7 @@
License: BSD3c(or similar)
Group: Productivity/Networking/Boot/Servers
AutoReqProv: on
-Version: 4.2.1
+Version: 4.2.1.P1
Release: 1
Summary: Common Files Used by ISC DHCP Software
Url: http://www.isc.org/software/dhcp
@@ -78,11 +78,11 @@
Patch20: dhcp-4.1.1-dhclient-exec-filedes.diff
Patch21: dhcp-4.2.1-dhclient-send-hostname-rml.diff
## patch lives here: http://www.suse.de/~mt/git/dhcp-ldap.git/
-Patch30: dhcp-4.2.1-ldap-patch-mt01.diff.bz2
+Patch30: dhcp-4.2.1-P1-ldap-patch-mt01.diff.bz2
Patch40: dhcp-4.1.1-P1-lpf-bind-msg-fix.diff
Patch41: dhcp-4.1.1-P1-relay-no-ip-on-interface.diff
Patch44: dhcp-4.2.0-xen-checksum.patch
-Patch45: dhcp-4.2.1-dhclient-option-checks.bnc675052.diff
+Patch45: dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff
##
PreReq: /bin/touch /sbin/chkconfig sysconfig
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -372,7 +372,6 @@
rm -f $tmpfile
fi
fi
-exit 0
%preun server
%stop_on_removal dhcpd
++++++ dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff ++++++
From 7c0b7ae289a0f25853bd4bb660f3dd34b5c1ce88 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski
Date: Wed, 27 Apr 2011 13:56:47 +0200
Subject: [PATCH] dhclient string option checks
Merged dhclient pretty escape and string option checks.
Use relaxed domain-name option check causing a regression, when the
server is misusing it to provide a domain list and does not provide
it via the domain-search option; pretty escape semicolon as well
(bnc#675052, CVE-2011-0997).
Signed-off-by: Marius Tomaschewski
---
client/dhclient.c | 8 ++++----
common/options.c | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/client/dhclient.c b/client/dhclient.c
index 970b935..93db494 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -3142,7 +3142,7 @@ void script_write_params (client, prefix, lease)
} else {
log_error("suspect value in %s "
"option - discarded",
- lease->filename);
+ "filename");
}
}
@@ -3155,7 +3155,7 @@ void script_write_params (client, prefix, lease)
} else {
log_error("suspect value in %s "
"option - discarded",
- lease->server_name);
+ "server-name");
}
}
@@ -4077,7 +4077,7 @@ static int check_domain_name(const char *ptr, size_t len, int dots)
const char *p;
/* not empty or complete length not over 255 characters */
- if ((len == 0) || (len > 256))
+ if ((len == 0) || (len >= 256))
return(-1);
/* consists of [[:alnum:]-]+ labels separated by [.] */
@@ -4140,11 +4140,11 @@ static int check_option_values(struct universe *universe,
if ((universe == NULL) || (universe == &dhcp_universe)) {
switch(opt) {
case DHO_HOST_NAME:
- case DHO_DOMAIN_NAME:
case DHO_NIS_DOMAIN:
case DHO_NETBIOS_SCOPE:
return check_domain_name(ptr, len, 0);
break;
+ case DHO_DOMAIN_NAME: /* accept a list for compatibiliy */
case DHO_DOMAIN_SEARCH:
return check_domain_name_list(ptr, len, 0);
break;
diff --git a/common/options.c b/common/options.c
index c26f88c..8b4be65 100644
--- a/common/options.c
+++ b/common/options.c
@@ -3916,7 +3916,7 @@ pretty_escape(char **dst, char *dend, const unsigned char **src,
}
} else if (**src == '"' || **src == '\'' || **src == '$' ||
**src == '`' || **src == '\\' || **src == '|' ||
- **src == '&') {
+ **src == '&' || **src == ';') {
if (*dst + 2 > dend)
return -1;
--
1.7.3.4
++++++ dhcp-4.2.1-P1-ldap-patch-mt01.diff.bz2 ++++++
++++ 1252 lines (skipped)
++++++ rc.dhcpd ++++++
--- /var/tmp/diff_new_pack.8b3YSd/_old 2011-05-02 13:29:37.000000000 +0200
+++ /var/tmp/diff_new_pack.8b3YSd/_new 2011-05-02 13:29:37.000000000 +0200
@@ -280,8 +280,10 @@
ret=$?
fi
- if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then
- cat $STARTPROC_LOGFILE
+ if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then
+ ## be verbose
+ echo ""
+ echo -n " please see $STARTPROC_LOGFILE for details ";
## set status to failed
rc_failed
else
@@ -297,7 +299,7 @@
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
- killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -TERM $DAEMON_BIN
+ killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN
ret=$?
if test -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then
kill $(<$CHROOT_PREFIX/$DAEMON_PIDFILE) 2>/dev/null
++++++ rc.dhcpd6 ++++++
--- /var/tmp/diff_new_pack.8b3YSd/_old 2011-05-02 13:29:37.000000000 +0200
+++ /var/tmp/diff_new_pack.8b3YSd/_new 2011-05-02 13:29:37.000000000 +0200
@@ -285,7 +285,9 @@
fi
if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then
- cat $STARTPROC_LOGFILE
+ ## be verbose
+ echo ""
+ echo -n " please see $STARTPROC_LOGFILE for details "
## set status to failed
rc_failed
else
@@ -301,7 +303,7 @@
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
- killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -TERM $DAEMON_BIN
+ killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN
ret=$?
if test -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then
kill $(<$CHROOT_PREFIX/$DAEMON_PIDFILE) 2>/dev/null
++++++ rc.dhcrelay ++++++
--- /var/tmp/diff_new_pack.8b3YSd/_old 2011-05-02 13:29:37.000000000 +0200
+++ /var/tmp/diff_new_pack.8b3YSd/_new 2011-05-02 13:29:37.000000000 +0200
@@ -105,16 +105,12 @@
# already running to match LSB spec.
test "$2" = "-v" && echo -en \
"\nexecuting '$DAEMON_BIN $DHCPv_OPT $DHCRELAY_OPTIONS $DHCRELAY_INTERFACES_ARGS $DHCRELAY_SERVERS'"
- startproc -q -l $STARTPROC_LOGFILE -p $DAEMON_PIDFILE $DAEMON_BIN $DHCPv_OPT $DHCRELAY_OPTIONS $DHCRELAY_INTERFACES_ARGS $DHCRELAY_SERVERS
+ startproc -q -l $STARTPROC_LOGFILE -p $DAEMON_PIDFILE $DAEMON_BIN $DHCPv_OPT $DHCRELAY_OPTIONS $DHCRELAY_INTERFACES_ARGS $DHCRELAY_SERVERS &>/dev/null
rc=$?
if ! [ $rc -eq 0 ]; then
- if [ $link = $base ] ; then
- ## be quiet
- cat $STARTPROC_LOGFILE
- else
- ## be verbose
- echo -e -n " please see $STARTPROC_LOGFILE for details ";
- fi
+ ## be verbose
+ echo ""
+ echo -n " please see $STARTPROC_LOGFILE for details "
## set status to failed
rc_failed
fi
@@ -127,7 +123,7 @@
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
- killproc -p $DAEMON_PIDFILE -TERM $DAEMON_BIN
+ killproc -p $DAEMON_PIDFILE $DAEMON_BIN
# Remember status and be verbose
rc_status -v
++++++ rc.dhcrelay6 ++++++
--- /var/tmp/diff_new_pack.8b3YSd/_old 2011-05-02 13:29:37.000000000 +0200
+++ /var/tmp/diff_new_pack.8b3YSd/_new 2011-05-02 13:29:37.000000000 +0200
@@ -113,16 +113,12 @@
# already running to match LSB spec.
test "$2" = "-v" && echo -en \
"\nexecuting '$DAEMON_BIN $DHCPv_OPT $DHCRELAY6_OPTIONS $DHCRELAY6_LOWER_INTERFACES_ARGS $DHCRELAY6_UPPER_INTERFACES_ARGS'"
- startproc -q -l $STARTPROC_LOGFILE -p $DAEMON_PIDFILE $DAEMON_BIN $DHCPv_OPT $DHCRELAY6_OPTIONS $DHCRELAY6_LOWER_INTERFACES_ARGS $DHCRELAY6_UPPER_INTERFACES_ARGS
+ startproc -q -l $STARTPROC_LOGFILE -p $DAEMON_PIDFILE $DAEMON_BIN $DHCPv_OPT $DHCRELAY6_OPTIONS $DHCRELAY6_LOWER_INTERFACES_ARGS $DHCRELAY6_UPPER_INTERFACES_ARGS &>/dev/null
rc=$?
if ! [ $rc -eq 0 ]; then
- if [ $link = $base ] ; then
- ## be quiet
- cat $STARTPROC_LOGFILE
- else
- ## be verbose
- echo -e -n " please see $STARTPROC_LOGFILE for details ";
- fi
+ ## be verbose
+ echo ""
+ echo -n " please see $STARTPROC_LOGFILE for details ";
## set status to failed
rc_failed
fi
@@ -135,7 +131,7 @@
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
- killproc -p $DAEMON_PIDFILE -TERM $DAEMON_BIN
+ killproc -p $DAEMON_PIDFILE $DAEMON_BIN
# Remember status and be verbose
rc_status -v
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org