Hello community,
here is the log from the commit of package dhcp for openSUSE:Factory checked in at 2016-01-30 11:34:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dhcp (Old)
and /work/SRC/openSUSE:Factory/.dhcp.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dhcp"
Changes:
--------
--- /work/SRC/openSUSE:Factory/dhcp/dhcp.changes 2015-10-17 16:36:41.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.dhcp.new/dhcp.changes 2016-01-30 11:34:35.000000000 +0100
@@ -1,0 +2,14 @@
+Tue Jan 26 17:16:45 CET 2016 - ndas@suse.de
+
+- Update to dhcp-4.3.3-P1 correcting bounds checking when
+ receiving a packet (bsc#961305,CVE-2015-8605,ISC-Bugs#41267).
+- adjusted interval check.
+ [*0019-dhcp-4.2.4-P1-interval.patch]
+- Fixed improper lease duration checking. Also added fixes for integer
+ overflows in the date and time handling code(bsc#936923, bsc#880984).
+ [+0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch]
+- fixed service files to start dhcpd after slapd (bsc#956159)
+- dhclient-script: complain in the log about conflicts, added
+ a see log messages to the dhclient log message (bsc#960506)
+ [* 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
+-------------------------------------------------------------------
Old:
----
dhcp-4.3.3.tar.gz
dhcp-4.3.3.tar.gz.asc
New:
----
0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch
dhcp-4.3.3-P1.tar.gz
dhcp-4.3.3-P1.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dhcp.spec ++++++
--- /var/tmp/diff_new_pack.FAsUde/_old 2016-01-30 11:34:37.000000000 +0100
+++ /var/tmp/diff_new_pack.FAsUde/_new 2016-01-30 11:34:37.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package dhcp
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,7 +16,7 @@
#
-%define isc_version 4.3.3
+%define isc_version 4.3.3-P1
%define susefw2dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%define omc_prefix /usr/share/omc
%define omc_svcdir %{omc_prefix}/svcinfo.d
@@ -41,7 +41,7 @@
%endif
BuildRequires: dos2unix
BuildRequires: libtool
-Version: 4.3.3
+Version: 4.3.3.P1
Release: 0
Summary: Common Files Used by ISC DHCP Software
License: BSD-3-Clause
@@ -118,6 +118,7 @@
Patch18: 0018-client-fail-on-script-pre-init-error-bsc-912098.patch
# PATCH-FIX-SLE dhcp-4.2.4-P1-interval bsc#947780
Patch19: 0019-dhcp-4.2.4-P1-interval.patch
+Patch20: 0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch
##
PreReq: /bin/touch /sbin/chkconfig sysconfig
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -249,6 +250,7 @@
%patch17 -p1
%patch18 -p1
%patch19 -p1
+%patch20 -p1
##
find . -type f -name \*.cat\* -exec rm -f {} \;
dos2unix contrib/ms2isc/*
++++++ 0018-client-fail-on-script-pre-init-error-bsc-912098.patch ++++++
--- /var/tmp/diff_new_pack.FAsUde/_old 2016-01-30 11:34:37.000000000 +0100
+++ /var/tmp/diff_new_pack.FAsUde/_new 2016-01-30 11:34:37.000000000 +0100
@@ -40,7 +40,7 @@
+ }
+ }
+ if (failed) {
-+ log_fatal("%s: unable to pre-init requested interfaces",
++ log_fatal("%s: unable to pre-init requested interfaces -- see log messages",
+ path_dhclient_script);
}
}
++++++ 0019-dhcp-4.2.4-P1-interval.patch ++++++
--- /var/tmp/diff_new_pack.FAsUde/_old 2016-01-30 11:34:37.000000000 +0100
+++ /var/tmp/diff_new_pack.FAsUde/_new 2016-01-30 11:34:37.000000000 +0100
@@ -4,7 +4,7 @@
isc_time_nowplusinterval() is not safe with 64-bit time_t (#662254, #789601)
-References: bsc#947780
+References: bsc#947780, bsc#880984
Index: dhcp-4.2.4-P2/common/dispatch.c
===================================================================
--- dhcp-4.2.4-P2.orig/common/dispatch.c
@@ -31,3 +31,20 @@
status = isc_time_nowplusinterval(&expires, &interval);
if (status != ISC_R_SUCCESS) {
/*
+From: Nirmoy Das
+Date: Tue, 26 Jan 2016 13:36:28 +0100
+Subject: [PATCH] adjusted interval check
+
+Index: dhcp-4.3.3/common/dispatch.c
+===================================================================
+--- dhcp-4.3.3.orig/common/dispatch.c
++++ dhcp-4.3.3/common/dispatch.c
+@@ -349,7 +349,7 @@ void add_timeout (when, where, what, ref
+ * gone by since the last call to gettimeofday() and the one in
+ * isc_time_nowplusinterval().
+ */
+- if (sec > TIME_MAX)
++ if (sec > TIME_MAX - 9)
+ sec = TIME_MAX - 9;
+
+ isc_interval_set(&interval, sec, usec * 1000);
++++++ 0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch ++++++
From: Marius Tomaschewski
Date: Tue, 12 Jan 2016 15:42:22 +0100
Subject: [PATCH] fixed improper lease duration checking.
References: bsc#936923, bsc#880984
year 2038 is EOT only for 32 bit machine. This patch checks
wordsize and do a proper EOT checking on lease duration. It
also fixes integer overflows in the date and time handling code.
diff --git a/common/parse.c b/common/parse.c
index 22e7d58..e9e53a4 100644
--- a/common/parse.c
+++ b/common/parse.c
@@ -939,7 +939,7 @@ TIME
parse_date_core(cfile)
struct parse *cfile;
{
- int guess;
+ long guess;
int tzoff, year, mon, mday, hour, min, sec;
const char *val;
enum dhcp_token token;
@@ -966,7 +966,7 @@ parse_date_core(cfile)
}
skip_token(&val, NULL, cfile); /* consume number */
- guess = atoi(val);
+ guess = atol(val);
return((TIME)guess);
}
@@ -1113,11 +1113,22 @@ parse_date_core(cfile)
* overflow issues. We could try and be more precise but there
* doesn't seem to be a good reason to worry about it and waste
* the cpu looking at the rest of the date. */
- if (year >= 138)
- return(MAX_TIME);
-
+ if (sizeof(time_t) == 8) {
+ /* 2038 is not an issue on 64bit. time calculations
+ * start to fail at almost INT_MAX (- some guard) */
+ if (year > 0x7fff0000)
+ return(MAX_TIME);
+ } else {
+ /* assume 32bit with end in 2038 */
+ if (year >= 138)
+ return(MAX_TIME);
+ }
+ /* I don't think we need to care about lease starts before 1900 */
+ if (year < 0)
+ return((TIME)0);
+
/* Guess the time value... */
- guess = ((((((365 * (year - 70) + /* Days in years since '70 */
+ guess = ((((((365 * ((long)year - 70) + /* Days in years since '70 */
(year - 69) / 4 + /* Leap days since '70 */
(mon /* Days in months this year */
? months [mon - 1]
diff --git a/includes/dhcpd.h b/includes/dhcpd.h
index 4270edc..1af4c5b 100644
--- a/includes/dhcpd.h
+++ b/includes/dhcpd.h
@@ -1561,7 +1561,7 @@ typedef unsigned char option_mask [16];
#define DHCPD_LOG_FACILITY LOG_DAEMON
#endif
-#define MAX_TIME 0x7fffffff
+#define MAX_TIME LONG_MAX
#define MIN_TIME 0
#ifdef USE_LOG_PID
++++++ dhclient-script ++++++
--- /var/tmp/diff_new_pack.FAsUde/_old 2016-01-30 11:34:37.000000000 +0100
+++ /var/tmp/diff_new_pack.FAsUde/_new 2016-01-30 11:34:37.000000000 +0100
@@ -73,14 +73,26 @@
{
local _id=`/usr/bin/systemctl --no-pager -p Id show network.service 2>/dev/null`
case "${_id#Id=}" in
- # wicked is using an another dhcp client
- wicked.service) return 1 ;;
+ # wicked is using an another dhcp client - dhclient
+ # is not supported with enabled wicked and disabled.
+ wicked.service)
+ logger -t "${0##*/}" -p daemon.error -- \
+ "dhclient conflicts with enabled ${_id#Id=} and disabled"
+ return 1
+ ;;
- # NetworkManager is using another script
- #NetworkManager.service) return 1 ;;
+ # NetworkManager is using an another script
+ # [disarmed except maintainer requests it]
+ #NetworkManager.service)
+ # logger -t "${0##*/}" -p daemon.error -- \
+ # "dhclient-script conflicts with enabled ${_id#Id=} script and disabled"
+ # return 1
+ #;;
- # sysconfig network were using it, other?
- network.service|*) return 0 ;;
+ # sysconfig network [gone] were using it, other?
+ network.service|*)
+ return 0
+ ;;
esac
}
++++++ dhcpd.service ++++++
--- /var/tmp/diff_new_pack.FAsUde/_old 2016-01-30 11:34:37.000000000 +0100
+++ /var/tmp/diff_new_pack.FAsUde/_new 2016-01-30 11:34:37.000000000 +0100
@@ -1,7 +1,7 @@
[Unit]
Description=ISC DHCPv4 Server
Before=multi-user.target
-After=remote-fs.target network.target nss-lookup.target time-sync.target ldap.service ndsd.service
+After=remote-fs.target network.target nss-lookup.target time-sync.target slapd.service sssd.service ndsd.service
[Service]
Type=forking
++++++ dhcpd6.service ++++++
--- /var/tmp/diff_new_pack.FAsUde/_old 2016-01-30 11:34:37.000000000 +0100
+++ /var/tmp/diff_new_pack.FAsUde/_new 2016-01-30 11:34:37.000000000 +0100
@@ -1,7 +1,7 @@
[Unit]
Description=ISC DHCPv6 Server
Before=multi-user.target
-After=remote-fs.target network.target nss-lookup.target time-sync.target ldap.service ndsd.service
+After=remote-fs.target network.target nss-lookup.target time-sync.target slapd.service sssd.service ndsd.service
[Service]
Type=forking