Hello community,
here is the log from the commit of package dhcp for openSUSE:11.2
checked in at Wed Apr 6 10:53:14 CEST 2011.
--- old-versions/11.2/UPDATES/all/dhcp/dhcp.changes 2009-12-16
15:19:51.0 +0100
+++ 11.2/dhcp/dhcp.changes 2011-04-06 10:31:25.0 +0200
@@ -1,0 +2,11 @@
+Wed Mar 30 10:16:31 UTC 2011 - m...@suse.de
+
+- Discard string options such as host and domain names containing
+ disallowed characters or beeing too long. This proctive patch
+ limits root-path to a-zA-Z0-9, #%+-_:.,@~/\[]= and a space
+ (bnc#675052, CVE-2011-0997).
+- dhclient-script: fixed typo causing that only global settings
+ to set hostname and default route were applied for primary
+ and never per interface settings (bnc#673792).
+
+---
calling whatdependson for 11.2-i586
New:
dhcp-3.1.2p1-dhclient-option-checks.bnc675052.diff
dhcp-3.1.2p1-dhclient-script.bnc673792.diff
Other differences:
--
++ dhcp.spec ++
--- /var/tmp/diff_new_pack.AyMBTa/_old 2011-04-06 10:53:00.0 +0200
+++ /var/tmp/diff_new_pack.AyMBTa/_new 2011-04-06 10:53:00.0 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package dhcp (Version 3.1.2p1)
+# spec file for package dhcp
#
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -31,7 +31,7 @@
Group: Productivity/Networking/Boot/Servers
AutoReqProv:on
Version:3.1.2p1
-Release:4.RELEASE6
+Release:4.RELEASE8
Summary:Common Files Used by ISC DHCP Software
Url:http://www.isc.org/isc/dhcp.html
Source0:http://ftp.isc.org/isc/dhcp/dhcp-%{version}.tar.gz
@@ -81,6 +81,8 @@
##
Patch70:dhcp-3.1.1-CVE-2009-1892.bnc519413.dif
Patch71:dhcp-3.1.2p1-dhclient-script.bnc555095.dif
+Patch72:dhcp-3.1.2p1-dhclient-script.bnc673792.diff
+Patch73:dhcp-3.1.2p1-dhclient-option-checks.bnc675052.diff
Obsoletes: dhcp-base
Provides: dhcp-base:/usr/bin/omshell
PreReq: /bin/touch /sbin/chkconfig sysconfig
@@ -207,6 +209,8 @@
%patch60 -p0
%patch70 -p0
%patch71 -p0
+%patch72 -p0
+%patch73 -p0
##
find . -type f -name \*.cat\* -exec rm -f {} \;
cp -p %{S:2} %{S:3} %{S:11} %{S:12} %{S:14} %{S:32} %{S:33} .
++ dhcp-3.1.2p1-dhclient-option-checks.bnc675052.diff ++
--- client/dhclient.c
+++ client/dhclient.c 2011/03/31 13:28:59
@@ -37,6 +37,8 @@ static char ocopyright[] =
#include dhcpd.h
#include version.h
+#include stddef.h
+#include ctype.h
TIME default_lease_time = 43200; /* 12 hours... */
TIME max_lease_time = 86400; /* 24 hours... */
@@ -76,6 +78,10 @@ int quiet=0;
int nowait=0;
static void usage PROTO ((void));
+static int check_domain_name(const char *ptr, size_t len, int dots);
+static int check_domain_name_list(const char *ptr, size_t len, int dots);
+static int check_option_values(struct universe *universe, unsigned int opt,
+ const char *ptr, size_t len);
int main (argc, argv, envp)
int argc;
@@ -197,8 +203,11 @@ int main (argc, argv, envp)
log_error(-H option host-name string \%s\ is
too long:
maximum length is %d characters,
argv[i], HOST_NAME_MAX);
exit(1);
+ } else if (check_domain_name(argv [i], strlen(argv
[i]), 0) != 0) {
+ log_error(suspect hostname in -H option -
discarded);
+ } else {
+ dhclient_hostname = argv [i];
}
- dhclient_hostname = argv [i];
} else if (!strcmp (argv [i], -nw)) {
nowait = 1;
} else if (!strcmp (argv [i], -n)) {
@@ -2547,12 +2556,21 @@ void client_option_envadd (struct option
char name [256];
if (dhcp_option_ev_name (name, sizeof name,
oc - option)) {
- client_envadd (es - client, es - prefix,
- name, %s,
- (pretty_print_option
- (oc - option,
-data.data, data.len,
-0, 0)));
+ const char *value = pretty_print_option(oc -
option,
+
data.data,
+