Hello community,
here is the log from the commit of package dhcp for openSUSE:Factory checked in
at 2019-10-25 18:40:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dhcp (Old)
and /work/SRC/openSUSE:Factory/.dhcp.new.2990 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dhcp"
Fri Oct 25 18:40:07 2019 rev:115 rq:741877 version:4.3.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/dhcp/dhcp.changes 2019-09-05
12:33:30.659582804 +0200
+++ /work/SRC/openSUSE:Factory/.dhcp.new.2990/dhcp.changes 2019-10-25
18:40:09.283784946 +0200
@@ -1,0 +2,19 @@
+Tue Oct 15 15:18:59 UTC 2019 - Reinhard Max <m...@suse.com>
+
+- bsc#1134078, CVE-2019-6470, dhcp-CVE-2019-6470.patch:
+ DHCPv6 server crashes regularly.
+- Add compile option --enable-secs-byteorder to avoid duplicate
+ lease warnings [bsc#1089524].
+
+-------------------------------------------------------------------
+Wed Oct 2 16:50:48 CEST 2019 - ku...@suse.de
+
+- Make systemd a weak dependency as we don't want that in a container
+
+-------------------------------------------------------------------
+Wed Aug 28 12:38:32 UTC 2019 - Reinhard Max <m...@suse.com>
+
+- bsc#1136572: Use IPv6 when called as dhclient6, dhcpd6, and
+ dhcrelay6 (0021-dhcp-ip-family-symlinks.patch).
+
+-------------------------------------------------------------------
New:
----
0021-dhcp-ip-family-symlinks.patch
dhcp-CVE-2019-6470.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dhcp.spec ++++++
--- /var/tmp/diff_new_pack.ZKz6Wx/_old 2019-10-25 18:40:10.763786339 +0200
+++ /var/tmp/diff_new_pack.ZKz6Wx/_new 2019-10-25 18:40:10.771786347 +0200
@@ -86,6 +86,8 @@
Patch18: 0018-client-fail-on-script-pre-init-error-bsc-912098.patch
# PATCH-FIX-SLE dhcp-4.2.4-P1-interval bsc#947780
Patch20: 0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch
+Patch21: 0021-dhcp-ip-family-symlinks.patch
+Patch22: dhcp-CVE-2019-6470.patch
BuildRequires: automake
BuildRequires: dos2unix
BuildRequires: libtool
@@ -103,7 +105,7 @@
Requires: net-tools
Requires(post): %fillup_prereq
Requires(pre): shadow
-%systemd_requires
+%systemd_ordering
%if 0%{?suse_version} >= 1330
Requires(pre): group(nogroup)
%endif
@@ -193,6 +195,8 @@
%patch17 -p1
%patch18 -p1
%patch20
+%patch21
+%patch22
##
find . -type f -name \*.cat\* -exec rm -f {} \;
dos2unix contrib/ms2isc/*
@@ -236,6 +240,7 @@
--enable-failover \
--enable-paranoia \
--enable-early-chroot \
+ --enable-secs-byteorder \
--with-ldap \
--with-ldapcrypto \
--with-cli-pid-file=%{_localstatedir}/run/dhclient.pid \
++++++ 0021-dhcp-ip-family-symlinks.patch ++++++
--- client/dhclient.c.orig
+++ client/dhclient.c
@@ -252,6 +252,17 @@ main(int argc, char **argv) {
progname = argv[0];
#endif
+#ifdef DHCPv6
+ /* Support being called using `dhclient4` or `dhclient6` symlinks */
+ if (argv[0][strlen(argv[0]) - 1] == '4') {
+ local_family_set = 1;
+ local_family = AF_INET;
+ } else if (argv[0][strlen(argv[0]) - 1] == '6') {
+ local_family_set = 1;
+ local_family = AF_INET6;
+ }
+#endif /* DHCPv6 */
+
/* Initialize client globals. */
memset(&default_duid, 0, sizeof(default_duid));
--- relay/dhcrelay.c.orig
+++ relay/dhcrelay.c
@@ -237,6 +237,17 @@ main(int argc, char **argv) {
progname = argv[0];
#endif
+#ifdef DHCPv6
+ /* Support being called using `dhcrelay4` or `dhcrelay6` symlinks */
+ if (argv[0][strlen(argv[0]) - 1] == '4') {
+ local_family_set = 1;
+ local_family = AF_INET;
+ } else if (argv[0][strlen(argv[0]) - 1] == '6') {
+ local_family_set = 1;
+ local_family = AF_INET6;
+ }
+#endif /* DHCPv6 */
+
/* Make sure that file descriptors 0(stdin), 1,(stdout), and
2(stderr) are open. To do this, we assume that when we
open a file the lowest available file descriptor is used. */
--- server/dhcpd.c.orig
+++ server/dhcpd.c
@@ -260,6 +260,17 @@ main(int argc, char **argv) {
progname = argv[0];
#endif
+#ifdef DHCPv6
+ /* Support being called using `dhcpd4` or `dhcpd6` symlinks */
+ if (argv[0][strlen(argv[0]) - 1] == '4') {
+ local_family_set = 1;
+ local_family = AF_INET;
+ } else if (argv[0][strlen(argv[0]) - 1] == '6') {
+ local_family_set = 1;
+ local_family = AF_INET6;
+ }
+#endif /* DHCPv6 */
+
/* Make sure that file descriptors 0 (stdin), 1, (stdout), and
2 (stderr) are open. To do this, we assume that when we
open a file the lowest available file descriptor is used. */
++++++ dhcp-CVE-2019-6470.patch ++++++
commit 21ae396088a3fbe046e3122286d1288eeacce7d3
Author: Thomas Markwalder <tm...@isc.org>
Date: Fri Dec 1 09:21:42 2017 -0500
[v4_3] Use 0 instead of -1 to indicate empty heap index
Merges in rt46719.
--- includes/dhcpd.h.orig
+++ includes/dhcpd.h
@@ -1596,8 +1596,9 @@ struct iasubopt {
*/
#define EXPIRED_IPV6_CLEANUP_TIME (60*60)
- int heap_index; /* index into heap, or -1
- (internal use only) */
+ /* index into heaps, or -1 (internal use only) */
+ int active_index;
+ int inactive_index;
/*
* A pointer to the state of the ddns update for this lease.
--- server/mdb6.c.orig
+++ server/mdb6.c
@@ -216,7 +216,8 @@ iasubopt_allocate(struct iasubopt **iasu
tmp->refcnt = 1;
tmp->state = FTS_FREE;
- tmp->heap_index = -1;
+ tmp->active_index = 0;
+ tmp->inactive_index = 0;
tmp->plen = 255;
*iasubopt = tmp;
@@ -600,14 +601,18 @@ lease_older(void *a, void *b) {
}
/*
- * Helper function for lease address/prefix heaps.
+ * Helper functions for lease address/prefix heaps.
* Callback when an address's position in the heap changes.
*/
static void
-lease_index_changed(void *iasubopt, unsigned int new_heap_index) {
- ((struct iasubopt *)iasubopt)-> heap_index = new_heap_index;
+active_changed(void *iasubopt, unsigned int new_heap_index) {
+ ((struct iasubopt *)iasubopt)->active_index = new_heap_index;
}
+static void
+inactive_changed(void *iasubopt, unsigned int new_heap_index) {
+ ((struct iasubopt *)iasubopt)->inactive_index = new_heap_index;
+}
/*!
*
@@ -660,13 +665,13 @@ ipv6_pool_allocate(struct ipv6_pool **po
dfree(tmp, file, line);
return ISC_R_NOMEMORY;
}
- if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed,
+ if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, active_changed,
0, &(tmp->active_timeouts)) != ISC_R_SUCCESS) {
iasubopt_free_hash_table(&(tmp->leases), file, line);
dfree(tmp, file, line);
return ISC_R_NOMEMORY;
}
- if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed,
+ if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, inactive_changed,
0, &(tmp->inactive_timeouts)) != ISC_R_SUCCESS) {
isc_heap_destroy(&(tmp->active_timeouts));
iasubopt_free_hash_table(&(tmp->leases), file, line);
@@ -1186,7 +1191,7 @@ cleanup_lease6(ia_hash_t *ia_table,
* Remove the old lease from the active heap and from the hash table
* then remove the lease from the IA and clean up the IA if necessary.
*/
- isc_heap_delete(pool->active_timeouts, test_iasubopt->heap_index);
+ isc_heap_delete(pool->active_timeouts, test_iasubopt->active_index);
pool->num_active--;
if (pool->ipv6_pond)
pool->ipv6_pond->num_active--;
@@ -1259,7 +1264,7 @@ add_lease6(struct ipv6_pool *pool, struc
if ((test_iasubopt->state == FTS_ACTIVE) ||
(test_iasubopt->state == FTS_ABANDONED)) {
isc_heap_delete(pool->active_timeouts,
- test_iasubopt->heap_index);
+ test_iasubopt->active_index);
pool->num_active--;
if (pool->ipv6_pond)
pool->ipv6_pond->num_active--;
@@ -1271,7 +1276,7 @@ add_lease6(struct ipv6_pool *pool, struc
}
} else {
isc_heap_delete(pool->inactive_timeouts,
- test_iasubopt->heap_index);
+ test_iasubopt->inactive_index);
pool->num_inactive--;
}
@@ -1392,14 +1397,13 @@ lease6_usable(struct iasubopt *lease) {
static isc_result_t
move_lease_to_active(struct ipv6_pool *pool, struct iasubopt *lease) {
isc_result_t insert_result;
- int old_heap_index;
- old_heap_index = lease->heap_index;
insert_result = isc_heap_insert(pool->active_timeouts, lease);
if (insert_result == ISC_R_SUCCESS) {
iasubopt_hash_add(pool->leases, &lease->addr,
sizeof(lease->addr), lease, MDL);
- isc_heap_delete(pool->inactive_timeouts, old_heap_index);
+ isc_heap_delete(pool->inactive_timeouts,
+ lease->inactive_index);
pool->num_active++;
pool->num_inactive--;
lease->state = FTS_ACTIVE;
@@ -1449,16 +1453,16 @@ renew_lease6(struct ipv6_pool *pool, str
if (lease->state == FTS_ACTIVE) {
if (old_end_time <= lease->hard_lifetime_end_time) {
isc_heap_decreased(pool->active_timeouts,
- lease->heap_index);
+ lease->active_index);
} else {
isc_heap_increased(pool->active_timeouts,
- lease->heap_index);
+ lease->active_index);
}
return ISC_R_SUCCESS;
} else if (lease->state == FTS_ABANDONED) {
char tmp_addr[INET6_ADDRSTRLEN];
lease->state = FTS_ACTIVE;
- isc_heap_increased(pool->active_timeouts, lease->heap_index);
+ isc_heap_increased(pool->active_timeouts, lease->active_index);
log_info("Reclaiming previously abandoned address %s",
inet_ntop(AF_INET6, &(lease->addr), tmp_addr,
sizeof(tmp_addr)));
@@ -1480,9 +1484,7 @@ static isc_result_t
move_lease_to_inactive(struct ipv6_pool *pool, struct iasubopt *lease,
binding_state_t state) {
isc_result_t insert_result;
- int old_heap_index;
- old_heap_index = lease->heap_index;
insert_result = isc_heap_insert(pool->inactive_timeouts, lease);
if (insert_result == ISC_R_SUCCESS) {
/*
@@ -1533,7 +1535,7 @@ move_lease_to_inactive(struct ipv6_pool
iasubopt_hash_delete(pool->leases,
&lease->addr, sizeof(lease->addr), MDL);
- isc_heap_delete(pool->active_timeouts, old_heap_index);
+ isc_heap_delete(pool->active_timeouts, lease->active_index);
lease->state = state;
pool->num_active--;
pool->num_inactive++;
@@ -1611,7 +1613,7 @@ decline_lease6(struct ipv6_pool *pool, s
pool->ipv6_pond->num_abandoned++;
lease->hard_lifetime_end_time = MAX_TIME;
- isc_heap_decreased(pool->active_timeouts, lease->heap_index);
+ isc_heap_decreased(pool->active_timeouts, lease->active_index);
return ISC_R_SUCCESS;
}
@@ -1884,7 +1886,7 @@ cleanup_old_expired(struct ipv6_pool *po
break;
}
- isc_heap_delete(pool->inactive_timeouts, tmp->heap_index);
+ isc_heap_delete(pool->inactive_timeouts, tmp->inactive_index);
pool->num_inactive--;
if (tmp->ia != NULL) {
--- server/tests/mdb6_unittest.c.orig
+++ server/tests/mdb6_unittest.c
@@ -65,8 +65,13 @@ ATF_TC_BODY(iaaddr_basic, tc)
if (iaaddr->state != FTS_FREE) {
atf_tc_fail("ERROR: bad state %s:%d", MDL);
}
- if (iaaddr->heap_index != -1) {
- atf_tc_fail("ERROR: bad heap_index %s:%d", MDL);
+ if (iaaddr->active_index != 0) {
+ atf_tc_fail("ERROR: bad active_index :%d %s:%d",
+ iaaddr->active_index, MDL);
+ }
+ if (iaaddr->inactive_index != 0) {
+ atf_tc_fail("ERROR: bad inactive_index %d %s:%d",
+ iaaddr->inactive_index, MDL);
}
if (iasubopt_reference(&iaaddr_copy, iaaddr, MDL) != ISC_R_SUCCESS) {
atf_tc_fail("ERROR: iasubopt_reference() %s:%d", MDL);
