Hello community, here is the log from the commit of package dhcp for openSUSE:Factory checked in at Mon May 2 13:31:09 CEST 2011.
-------- --- dhcp/dhcp.changes 2011-04-05 20:58:14.000000000 +0200 +++ /mounts/work_src_done/STABLE/dhcp/dhcp.changes 2011-04-29 15:49:29.000000000 +0200 @@ -1,0 +2,19 @@ +Fri Apr 29 13:31:57 UTC 2011 - [email protected] + +- Implemented optional ldap connect retry loop during the initial + startup of the dhcp server in cases where the ldap server is not + yet started. Set the ldap-init-retry <num> option in dhcpd.conf + to enable it (bnc#627617). Merged in the actual ldap patch. +- Cleaned up init script error reporting, no -TERM for killproc. + +------------------------------------------------------------------- +Wed Apr 27 12:31:25 UTC 2011 - [email protected] + +- Updated to ISC dhcp-4.2.1-P1 release, that provides most of the + dhclient pretty escape and string option checks. Merged to use + relaxed domain-name option check causing a regression, when the + server is misusing it to provide a domain list (compatibility to + attic clients) and does not provide it via domain-search option; + pretty escape semicolon as well (bnc#675052, CVE-2011-0997). + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- dhcp-4.2.1-dhclient-option-checks.bnc675052.diff dhcp-4.2.1-ldap-patch-mt01.diff.bz2 dhcp-4.2.1.tar.bz2 New: ---- dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff dhcp-4.2.1-P1-ldap-patch-mt01.diff.bz2 dhcp-4.2.1-P1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dhcp.spec ++++++ --- /var/tmp/diff_new_pack.8b3YSd/_old 2011-05-02 13:29:36.000000000 +0200 +++ /var/tmp/diff_new_pack.8b3YSd/_new 2011-05-02 13:29:36.000000000 +0200 @@ -17,7 +17,7 @@ # norootforbuild -%define isc_version 4.2.1 +%define isc_version 4.2.1-P1 %define susefw2dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services %define omc_prefix /usr/share/omc %define omc_svcdir %{omc_prefix}/svcinfo.d @@ -35,7 +35,7 @@ License: BSD3c(or similar) Group: Productivity/Networking/Boot/Servers AutoReqProv: on -Version: 4.2.1 +Version: 4.2.1.P1 Release: 1 Summary: Common Files Used by ISC DHCP Software Url: http://www.isc.org/software/dhcp @@ -78,11 +78,11 @@ Patch20: dhcp-4.1.1-dhclient-exec-filedes.diff Patch21: dhcp-4.2.1-dhclient-send-hostname-rml.diff ## patch lives here: http://www.suse.de/~mt/git/dhcp-ldap.git/ -Patch30: dhcp-4.2.1-ldap-patch-mt01.diff.bz2 +Patch30: dhcp-4.2.1-P1-ldap-patch-mt01.diff.bz2 Patch40: dhcp-4.1.1-P1-lpf-bind-msg-fix.diff Patch41: dhcp-4.1.1-P1-relay-no-ip-on-interface.diff Patch44: dhcp-4.2.0-xen-checksum.patch -Patch45: dhcp-4.2.1-dhclient-option-checks.bnc675052.diff +Patch45: dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff ## PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -372,7 +372,6 @@ rm -f $tmpfile fi fi -exit 0 %preun server %stop_on_removal dhcpd ++++++ dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff ++++++ >From 7c0b7ae289a0f25853bd4bb660f3dd34b5c1ce88 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski <[email protected]> Date: Wed, 27 Apr 2011 13:56:47 +0200 Subject: [PATCH] dhclient string option checks Merged dhclient pretty escape and string option checks. Use relaxed domain-name option check causing a regression, when the server is misusing it to provide a domain list and does not provide it via the domain-search option; pretty escape semicolon as well (bnc#675052, CVE-2011-0997). Signed-off-by: Marius Tomaschewski <[email protected]> --- client/dhclient.c | 8 ++++---- common/options.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/client/dhclient.c b/client/dhclient.c index 970b935..93db494 100644 --- a/client/dhclient.c +++ b/client/dhclient.c @@ -3142,7 +3142,7 @@ void script_write_params (client, prefix, lease) } else { log_error("suspect value in %s " "option - discarded", - lease->filename); + "filename"); } } @@ -3155,7 +3155,7 @@ void script_write_params (client, prefix, lease) } else { log_error("suspect value in %s " "option - discarded", - lease->server_name); + "server-name"); } } @@ -4077,7 +4077,7 @@ static int check_domain_name(const char *ptr, size_t len, int dots) const char *p; /* not empty or complete length not over 255 characters */ - if ((len == 0) || (len > 256)) + if ((len == 0) || (len >= 256)) return(-1); /* consists of [[:alnum:]-]+ labels separated by [.] */ @@ -4140,11 +4140,11 @@ static int check_option_values(struct universe *universe, if ((universe == NULL) || (universe == &dhcp_universe)) { switch(opt) { case DHO_HOST_NAME: - case DHO_DOMAIN_NAME: case DHO_NIS_DOMAIN: case DHO_NETBIOS_SCOPE: return check_domain_name(ptr, len, 0); break; + case DHO_DOMAIN_NAME: /* accept a list for compatibiliy */ case DHO_DOMAIN_SEARCH: return check_domain_name_list(ptr, len, 0); break; diff --git a/common/options.c b/common/options.c index c26f88c..8b4be65 100644 --- a/common/options.c +++ b/common/options.c @@ -3916,7 +3916,7 @@ pretty_escape(char **dst, char *dend, const unsigned char **src, } } else if (**src == '"' || **src == '\'' || **src == '$' || **src == '`' || **src == '\\' || **src == '|' || - **src == '&') { + **src == '&' || **src == ';') { if (*dst + 2 > dend) return -1; -- 1.7.3.4 ++++++ dhcp-4.2.1-P1-ldap-patch-mt01.diff.bz2 ++++++ ++++ 1252 lines (skipped) ++++++ rc.dhcpd ++++++ --- /var/tmp/diff_new_pack.8b3YSd/_old 2011-05-02 13:29:37.000000000 +0200 +++ /var/tmp/diff_new_pack.8b3YSd/_new 2011-05-02 13:29:37.000000000 +0200 @@ -280,8 +280,10 @@ ret=$? fi - if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then - cat $STARTPROC_LOGFILE + if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then + ## be verbose + echo "" + echo -n " please see $STARTPROC_LOGFILE for details "; ## set status to failed rc_failed else @@ -297,7 +299,7 @@ ## Stop daemon with killproc(8) and if this fails ## set echo the echo return value. - killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -TERM $DAEMON_BIN + killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN ret=$? if test -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then kill $(<$CHROOT_PREFIX/$DAEMON_PIDFILE) 2>/dev/null ++++++ rc.dhcpd6 ++++++ --- /var/tmp/diff_new_pack.8b3YSd/_old 2011-05-02 13:29:37.000000000 +0200 +++ /var/tmp/diff_new_pack.8b3YSd/_new 2011-05-02 13:29:37.000000000 +0200 @@ -285,7 +285,9 @@ fi if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then - cat $STARTPROC_LOGFILE + ## be verbose + echo "" + echo -n " please see $STARTPROC_LOGFILE for details " ## set status to failed rc_failed else @@ -301,7 +303,7 @@ ## Stop daemon with killproc(8) and if this fails ## set echo the echo return value. - killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -TERM $DAEMON_BIN + killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN ret=$? if test -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then kill $(<$CHROOT_PREFIX/$DAEMON_PIDFILE) 2>/dev/null ++++++ rc.dhcrelay ++++++ --- /var/tmp/diff_new_pack.8b3YSd/_old 2011-05-02 13:29:37.000000000 +0200 +++ /var/tmp/diff_new_pack.8b3YSd/_new 2011-05-02 13:29:37.000000000 +0200 @@ -105,16 +105,12 @@ # already running to match LSB spec. test "$2" = "-v" && echo -en \ "\nexecuting '$DAEMON_BIN $DHCPv_OPT $DHCRELAY_OPTIONS $DHCRELAY_INTERFACES_ARGS $DHCRELAY_SERVERS'" - startproc -q -l $STARTPROC_LOGFILE -p $DAEMON_PIDFILE $DAEMON_BIN $DHCPv_OPT $DHCRELAY_OPTIONS $DHCRELAY_INTERFACES_ARGS $DHCRELAY_SERVERS + startproc -q -l $STARTPROC_LOGFILE -p $DAEMON_PIDFILE $DAEMON_BIN $DHCPv_OPT $DHCRELAY_OPTIONS $DHCRELAY_INTERFACES_ARGS $DHCRELAY_SERVERS &>/dev/null rc=$? if ! [ $rc -eq 0 ]; then - if [ $link = $base ] ; then - ## be quiet - cat $STARTPROC_LOGFILE - else - ## be verbose - echo -e -n " please see $STARTPROC_LOGFILE for details "; - fi + ## be verbose + echo "" + echo -n " please see $STARTPROC_LOGFILE for details " ## set status to failed rc_failed fi @@ -127,7 +123,7 @@ ## Stop daemon with killproc(8) and if this fails ## set echo the echo return value. - killproc -p $DAEMON_PIDFILE -TERM $DAEMON_BIN + killproc -p $DAEMON_PIDFILE $DAEMON_BIN # Remember status and be verbose rc_status -v ++++++ rc.dhcrelay6 ++++++ --- /var/tmp/diff_new_pack.8b3YSd/_old 2011-05-02 13:29:37.000000000 +0200 +++ /var/tmp/diff_new_pack.8b3YSd/_new 2011-05-02 13:29:37.000000000 +0200 @@ -113,16 +113,12 @@ # already running to match LSB spec. test "$2" = "-v" && echo -en \ "\nexecuting '$DAEMON_BIN $DHCPv_OPT $DHCRELAY6_OPTIONS $DHCRELAY6_LOWER_INTERFACES_ARGS $DHCRELAY6_UPPER_INTERFACES_ARGS'" - startproc -q -l $STARTPROC_LOGFILE -p $DAEMON_PIDFILE $DAEMON_BIN $DHCPv_OPT $DHCRELAY6_OPTIONS $DHCRELAY6_LOWER_INTERFACES_ARGS $DHCRELAY6_UPPER_INTERFACES_ARGS + startproc -q -l $STARTPROC_LOGFILE -p $DAEMON_PIDFILE $DAEMON_BIN $DHCPv_OPT $DHCRELAY6_OPTIONS $DHCRELAY6_LOWER_INTERFACES_ARGS $DHCRELAY6_UPPER_INTERFACES_ARGS &>/dev/null rc=$? if ! [ $rc -eq 0 ]; then - if [ $link = $base ] ; then - ## be quiet - cat $STARTPROC_LOGFILE - else - ## be verbose - echo -e -n " please see $STARTPROC_LOGFILE for details "; - fi + ## be verbose + echo "" + echo -n " please see $STARTPROC_LOGFILE for details "; ## set status to failed rc_failed fi @@ -135,7 +131,7 @@ ## Stop daemon with killproc(8) and if this fails ## set echo the echo return value. - killproc -p $DAEMON_PIDFILE -TERM $DAEMON_BIN + killproc -p $DAEMON_PIDFILE $DAEMON_BIN # Remember status and be verbose rc_status -v ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
