[dhcp] 4.2.1b1: fix for CVE-2011-0413 (#672996)
Jiří Popelka
jpopelka at fedoraproject.org
Fri Jan 28 08:36:08 UTC 2011
commit 45c037153ff6d92b4db9ba349fe2590810ef118e
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Thu Jan 27 17:06:55 2011 +0100
4.2.1b1: fix for CVE-2011-0413 (#672996)
.gitignore | 2 +-
dhcp-4.2.0-P1-64_bit_lease_parse.patch | 215 -------
dhcp-4.2.0-invalid-dhclient-conf.patch | 16 -
dhcp-4.2.0-manpages.patch | 644 --------------------
dhcp-4.2.0-parse_date.patch | 207 -------
dhcp-4.2.0-release6-elapsed.patch | 46 --
dhcp-4.2.0-retransmission.patch | 75 ---
dhcp-4.2.1-64_bit_lease_parse.patch | 94 +++
...0-PIE-RELRO.patch => dhcp-4.2.1-PIE-RELRO.patch | 48 +-
...capability.patch => dhcp-4.2.1-capability.patch | 60 +-
dhcp-4.2.1-invalid-dhclient-conf.patch | 12 +
dhcp-4.2.1-manpages.patch | 264 ++++++++
dhcp-4.2.1-retransmission.patch | 48 ++
dhcp.spec | 111 ++--
sources | 2 +-
15 files changed, 525 insertions(+), 1319 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 75ca1bb..3992c1a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-/dhcp-4.2.0-P2.tar.gz
+/dhcp-4.2.1b1.tar.gz
diff --git a/dhcp-4.2.1-64_bit_lease_parse.patch b/dhcp-4.2.1-64_bit_lease_parse.patch
new file mode 100644
index 0000000..a540bc1
--- /dev/null
+++ b/dhcp-4.2.1-64_bit_lease_parse.patch
@@ -0,0 +1,94 @@
+diff -up dhcp-4.2.1b1/common/dispatch.c.64-bit_lease_parse dhcp-4.2.1b1/common/dispatch.c
+diff -up dhcp-4.2.1b1/common/parse.c.64-bit_lease_parse dhcp-4.2.1b1/common/parse.c
+--- dhcp-4.2.1b1/common/parse.c.64-bit_lease_parse 2010-12-30 00:01:42.000000000 +0100
++++ dhcp-4.2.1b1/common/parse.c 2011-01-28 08:01:10.000000000 +0100
+@@ -909,8 +909,8 @@ TIME
+ parse_date_core(cfile)
+ struct parse *cfile;
+ {
+- int guess;
+- int tzoff, wday, year, mon, mday, hour, min, sec;
++ TIME guess;
++ long int tzoff, wday, year, mon, mday, hour, min, sec;
+ const char *val;
+ enum dhcp_token token;
+ static int months[11] = { 31, 59, 90, 120, 151, 181,
+@@ -936,7 +936,7 @@ parse_date_core(cfile)
+ }
+
+ token = next_token(&val, NULL, cfile); /* consume number */
+- guess = atoi(val);
++ guess = atol(val);
+
+ return((TIME)guess);
+ }
+@@ -948,7 +948,7 @@ parse_date_core(cfile)
+ return((TIME)0);
+ }
+ token = next_token(&val, NULL, cfile); /* consume day of week */
+- wday = atoi(val);
++ wday = atol(val);
+
+ /* Year... */
+ token = peek_token(&val, NULL, cfile);
+@@ -964,7 +964,7 @@ parse_date_core(cfile)
+ somebody invents a time machine, I think we can safely disregard
+ it. This actually works around a stupid Y2K bug that was present
+ in a very early beta release of dhcpd. */
+- year = atoi(val);
++ year = atol(val);
+ if (year > 1900)
+ year -= 1900;
+
+@@ -988,7 +988,7 @@ parse_date_core(cfile)
+ return((TIME)0);
+ }
+ token = next_token(&val, NULL, cfile); /* consume month */
+- mon = atoi(val) - 1;
++ mon = atol(val) - 1;
+
+ /* Slash separating month from day... */
+ token = peek_token(&val, NULL, cfile);
+@@ -1010,7 +1010,7 @@ parse_date_core(cfile)
+ return((TIME)0);
+ }
+ token = next_token(&val, NULL, cfile); /* consume day of month */
+- mday = atoi(val);
++ mday = atol(val);
+
+ /* Hour... */
+ token = peek_token(&val, NULL, cfile);
+@@ -1021,7 +1021,7 @@ parse_date_core(cfile)
+ return((TIME)0);
+ }
+ token = next_token(&val, NULL, cfile); /* consume hour */
+- hour = atoi(val);
++ hour = atol(val);
+
+ /* Colon separating hour from minute... */
+ token = peek_token(&val, NULL, cfile);
+@@ -1043,7 +1043,7 @@ parse_date_core(cfile)
+ return((TIME)0);
+ }
+ token = next_token(&val, NULL, cfile); /* consume minute */
+- min = atoi(val);
++ min = atol(val);
+
+ /* Colon separating minute from second... */
+ token = peek_token(&val, NULL, cfile);
+@@ -1065,13 +1065,13 @@ parse_date_core(cfile)
+ return((TIME)0);
+ }
+ token = next_token(&val, NULL, cfile); /* consume second */
+- sec = atoi(val);
++ sec = atol(val);
+
+ tzoff = 0;
+ token = peek_token(&val, NULL, cfile);
+ if (token == NUMBER) {
+ token = next_token(&val, NULL, cfile); /* consume tzoff */
+- tzoff = atoi(val);
++ tzoff = atol(val);
+ } else if (token != SEMI) {
+ token = next_token(&val, NULL, cfile);
+ parse_warn(cfile,
diff --git a/dhcp-4.2.0-PIE-RELRO.patch b/dhcp-4.2.1-PIE-RELRO.patch
similarity index 51%
rename from dhcp-4.2.0-PIE-RELRO.patch
rename to dhcp-4.2.1-PIE-RELRO.patch
index 23306b8..848070f 100644
--- a/dhcp-4.2.0-PIE-RELRO.patch
+++ b/dhcp-4.2.1-PIE-RELRO.patch
@@ -1,19 +1,19 @@
-diff -up dhcp-4.2.0/bind/Makefile.PIE-RELRO dhcp-4.2.0/bind/Makefile
---- dhcp-4.2.0/bind/Makefile.PIE-RELRO 2010-07-10 05:26:52.000000000 +0200
-+++ dhcp-4.2.0/bind/Makefile 2010-09-30 13:38:45.670019545 +0200
+diff -up dhcp-4.2.1b1/bind/Makefile.PIE-RELRO dhcp-4.2.1b1/bind/Makefile
+--- dhcp-4.2.1b1/bind/Makefile.PIE-RELRO 2011-01-21 01:11:42.000000000 +0100
++++ dhcp-4.2.1b1/bind/Makefile 2011-01-28 08:50:13.000000000 +0100
@@ -45,7 +45,7 @@ all:
# Currently disable the epoll and devpoll options as they don't interact
# well with the DHCP code.
@echo Configuring BIND Export libraries for DHCP.
-- @(cd ${bindsrcdir} && ./configure --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib > ${binddir}/configure.log)
-+ @(cd ${bindsrcdir} && ./configure --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib --with-libtool --with-pic --disable-shared > ${binddir}/configure.log)
+- @(cd ${bindsrcdir} && ./configure --disable-kqueue --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib > ${binddir}/configure.log)
++ @(cd ${bindsrcdir} && ./configure --disable-kqueue --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib --with-libtool --with-pic --disable-shared > ${binddir}/configure.log)
# Build the export libraries
@echo Building BIND Export libraries - this takes some time.
-diff -up dhcp-4.2.0/client/Makefile.am.PIE-RELRO dhcp-4.2.0/client/Makefile.am
---- dhcp-4.2.0/client/Makefile.am.PIE-RELRO 2010-09-30 13:38:45.630019545 +0200
-+++ dhcp-4.2.0/client/Makefile.am 2010-09-30 13:38:45.670019545 +0200
-@@ -4,15 +4,12 @@ dhclient_SOURCES = clparse.c dhclient.c
+diff -up dhcp-4.2.1b1/client/Makefile.am.PIE-RELRO dhcp-4.2.1b1/client/Makefile.am
+--- dhcp-4.2.1b1/client/Makefile.am.PIE-RELRO 2011-01-28 08:47:43.000000000 +0100
++++ dhcp-4.2.1b1/client/Makefile.am 2011-01-28 08:51:57.000000000 +0100
+@@ -4,15 +4,11 @@ dhclient_SOURCES = clparse.c dhclient.c
scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
scripts/netbsd scripts/nextstep scripts/openbsd \
scripts/solaris scripts/openwrt
@@ -25,26 +25,26 @@ diff -up dhcp-4.2.0/client/Makefile.am.PIE-RELRO dhcp-4.2.0/client/Makefile.am
+
man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
EXTRA_DIST = $(man_MANS)
-
+-
-dhclient.o: dhclient.c
-- $(COMPILE) -DCLIENT_PATH='"$(sbindir)"' \
+- $(COMPILE) -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
- -DLOCALSTATEDIR='"$(localstatedir)"' -c dhclient.c
-
-dhc6.o: dhc6.c
-- $(COMPILE) -DCLIENT_PATH='"$(sbindir)"' \
+- $(COMPILE) -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
- -DLOCALSTATEDIR='"$(localstatedir)"' -c dhc6.c
-diff -up dhcp-4.2.0/common/Makefile.am.PIE-RELRO dhcp-4.2.0/common/Makefile.am
---- dhcp-4.2.0/common/Makefile.am.PIE-RELRO 2009-10-28 05:12:29.000000000 +0100
-+++ dhcp-4.2.0/common/Makefile.am 2010-09-30 13:38:45.670019545 +0200
+diff -up dhcp-4.2.1b1/common/Makefile.am.PIE-RELRO dhcp-4.2.1b1/common/Makefile.am
+--- dhcp-4.2.1b1/common/Makefile.am.PIE-RELRO 2009-10-28 05:12:29.000000000 +0100
++++ dhcp-4.2.1b1/common/Makefile.am 2011-01-28 08:47:43.000000000 +0100
@@ -1,4 +1,5 @@
AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"'
+AM_CFLAGS = -fpic
noinst_LIBRARIES = libdhcp.a
libdhcp_a_SOURCES = alloc.c bpf.c comapi.c conflex.c ctrace.c discover.c \
-diff -up dhcp-4.2.0/omapip/Makefile.am.PIE-RELRO dhcp-4.2.0/omapip/Makefile.am
---- dhcp-4.2.0/omapip/Makefile.am.PIE-RELRO 2010-02-12 01:13:54.000000000 +0100
-+++ dhcp-4.2.0/omapip/Makefile.am 2010-09-30 13:39:06.900022975 +0200
+diff -up dhcp-4.2.1b1/omapip/Makefile.am.PIE-RELRO dhcp-4.2.1b1/omapip/Makefile.am
+--- dhcp-4.2.1b1/omapip/Makefile.am.PIE-RELRO 2010-02-12 01:13:54.000000000 +0100
++++ dhcp-4.2.1b1/omapip/Makefile.am 2011-01-28 08:47:43.000000000 +0100
@@ -1,3 +1,5 @@
+AM_CFLAGS = -fpic
+
@@ -58,9 +58,9 @@ diff -up dhcp-4.2.0/omapip/Makefile.am.PIE-RELRO dhcp-4.2.0/omapip/Makefile.am
+svtest_CFLAGS = -fpie
svtest_LDADD = libomapi.a ../bind/lib/libdns.a ../bind/lib/libisc.a
-diff -up dhcp-4.2.0/relay/Makefile.am.PIE-RELRO dhcp-4.2.0/relay/Makefile.am
---- dhcp-4.2.0/relay/Makefile.am.PIE-RELRO 2009-10-28 05:12:30.000000000 +0100
-+++ dhcp-4.2.0/relay/Makefile.am 2010-09-30 13:38:45.670019545 +0200
+diff -up dhcp-4.2.1b1/relay/Makefile.am.PIE-RELRO dhcp-4.2.1b1/relay/Makefile.am
+--- dhcp-4.2.1b1/relay/Makefile.am.PIE-RELRO 2009-10-28 05:12:30.000000000 +0100
++++ dhcp-4.2.1b1/relay/Makefile.am 2011-01-28 08:47:43.000000000 +0100
@@ -2,8 +2,11 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
sbin_PROGRAMS = dhcrelay
@@ -73,9 +73,9 @@ diff -up dhcp-4.2.0/relay/Makefile.am.PIE-RELRO dhcp-4.2.0/relay/Makefile.am
man_MANS = dhcrelay.8
EXTRA_DIST = $(man_MANS)
-diff -up dhcp-4.2.0/server/Makefile.am.PIE-RELRO dhcp-4.2.0/server/Makefile.am
---- dhcp-4.2.0/server/Makefile.am.PIE-RELRO 2010-03-24 22:49:47.000000000 +0100
-+++ dhcp-4.2.0/server/Makefile.am 2010-09-30 13:38:45.670019545 +0200
+diff -up dhcp-4.2.1b1/server/Makefile.am.PIE-RELRO dhcp-4.2.1b1/server/Makefile.am
+--- dhcp-4.2.1b1/server/Makefile.am.PIE-RELRO 2010-03-24 22:49:47.000000000 +0100
++++ dhcp-4.2.1b1/server/Makefile.am 2011-01-28 08:47:43.000000000 +0100
@@ -6,10 +6,11 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
omapi.c mdb.c stables.c salloc.c ddns.c dhcpleasequery.c \
dhcpv6.c mdb6.c ldap.c ldap_casa.c
diff --git a/dhcp-4.2.0-capability.patch b/dhcp-4.2.1-capability.patch
similarity index 70%
rename from dhcp-4.2.0-capability.patch
rename to dhcp-4.2.1-capability.patch
index dcc422d..613ca9c 100644
--- a/dhcp-4.2.0-capability.patch
+++ b/dhcp-4.2.1-capability.patch
@@ -1,18 +1,18 @@
-diff -up dhcp-4.2.0/client/dhclient.8.capability dhcp-4.2.0/client/dhclient.8
---- dhcp-4.2.0/client/dhclient.8.capability 2010-07-21 14:27:13.000000000 +0200
-+++ dhcp-4.2.0/client/dhclient.8 2010-07-21 16:13:02.000000000 +0200
-@@ -109,6 +109,9 @@ relay
- .B -n
+diff -up dhcp-4.2.1b1/client/dhclient.8.capability dhcp-4.2.1b1/client/dhclient.8
+--- dhcp-4.2.1b1/client/dhclient.8.capability 2011-01-28 08:05:51.000000000 +0100
++++ dhcp-4.2.1b1/client/dhclient.8 2011-01-28 08:24:48.000000000 +0100
+@@ -115,6 +115,9 @@ dhclient - Dynamic Host Configuration Pr
+ .B -w
]
[
+.B -nc
+]
+[
- .B -nw
+ .B -B
]
[
-@@ -395,6 +398,32 @@ Do not configure any interfaces. Most u
- option.
+@@ -293,6 +296,32 @@ has been added or removed, so that the c
+ address on that interface.
.TP
+.BI \-nc
@@ -41,12 +41,12 @@ diff -up dhcp-4.2.0/client/dhclient.8.capability dhcp-4.2.0/client/dhclient.8
+was not compiled with libcap-ng support.
+
+.TP
- .BI \-nw
- Become a daemon process immediately (nowait) rather than waiting until an IP
- address has been acquired.
-diff -up dhcp-4.2.0/client/dhclient.c.capability dhcp-4.2.0/client/dhclient.c
---- dhcp-4.2.0/client/dhclient.c.capability 2010-07-21 14:40:05.000000000 +0200
-+++ dhcp-4.2.0/client/dhclient.c 2010-07-21 16:13:52.000000000 +0200
+ .BI \-B
+ Set the BOOTP broadcast flag in request packets so servers will always
+ broadcast replies.
+diff -up dhcp-4.2.1b1/client/dhclient.c.capability dhcp-4.2.1b1/client/dhclient.c
+--- dhcp-4.2.1b1/client/dhclient.c.capability 2011-01-28 08:05:51.000000000 +0100
++++ dhcp-4.2.1b1/client/dhclient.c 2011-01-28 08:05:51.000000000 +0100
@@ -39,6 +39,10 @@
#include <limits.h>
#include <dns/result.h>
@@ -58,7 +58,7 @@ diff -up dhcp-4.2.0/client/dhclient.c.capability dhcp-4.2.0/client/dhclient.c
/*
* Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define
* that when building ISC code.
-@@ -89,6 +93,9 @@ int wanted_ia_ta = 0;
+@@ -91,6 +95,9 @@ int wanted_ia_ta = 0;
int wanted_ia_pd = 0;
char *mockup_relay = NULL;
int bootp_broadcast_always = 0;
@@ -68,7 +68,7 @@ diff -up dhcp-4.2.0/client/dhclient.c.capability dhcp-4.2.0/client/dhclient.c
extern u_int32_t default_requested_options[];
-@@ -397,6 +404,10 @@ main(int argc, char **argv) {
+@@ -399,6 +406,10 @@ main(int argc, char **argv) {
}
dhclient_request_options = argv[i];
@@ -79,7 +79,7 @@ diff -up dhcp-4.2.0/client/dhclient.c.capability dhcp-4.2.0/client/dhclient.c
} else if (argv[i][0] == '-') {
usage();
} else if (interfaces_requested < 0) {
-@@ -445,6 +456,19 @@ main(int argc, char **argv) {
+@@ -447,6 +458,19 @@ main(int argc, char **argv) {
path_dhclient_script = s;
}
@@ -99,9 +99,9 @@ diff -up dhcp-4.2.0/client/dhclient.c.capability dhcp-4.2.0/client/dhclient.c
/* Set up the initial dhcp option universe. */
initialize_common_option_spaces();
-diff -up dhcp-4.2.0/client/dhclient-script.8.capability dhcp-4.2.0/client/dhclient-script.8
---- dhcp-4.2.0/client/dhclient-script.8.capability 2010-07-21 14:00:16.000000000 +0200
-+++ dhcp-4.2.0/client/dhclient-script.8 2010-07-21 16:13:02.000000000 +0200
+diff -up dhcp-4.2.1b1/client/dhclient-script.8.capability dhcp-4.2.1b1/client/dhclient-script.8
+--- dhcp-4.2.1b1/client/dhclient-script.8.capability 2011-01-28 08:05:51.000000000 +0100
++++ dhcp-4.2.1b1/client/dhclient-script.8 2011-01-28 08:05:51.000000000 +0100
@@ -239,6 +239,16 @@ repeatedly initialized to the values pro
the other. Assuming the information provided by both servers is
valid, this shouldn't cause any real problems, but it could be
@@ -119,9 +119,9 @@ diff -up dhcp-4.2.0/client/dhclient-script.8.capability dhcp-4.2.0/client/dhclie
.SH SEE ALSO
dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and
dhclient.leases(5).
-diff -up dhcp-4.2.0/client/Makefile.am.capability dhcp-4.2.0/client/Makefile.am
---- dhcp-4.2.0/client/Makefile.am.capability 2009-10-28 05:12:29.000000000 +0100
-+++ dhcp-4.2.0/client/Makefile.am 2010-07-21 16:15:29.000000000 +0200
+diff -up dhcp-4.2.1b1/client/Makefile.am.capability dhcp-4.2.1b1/client/Makefile.am
+--- dhcp-4.2.1b1/client/Makefile.am.capability 2010-09-15 00:32:36.000000000 +0200
++++ dhcp-4.2.1b1/client/Makefile.am 2011-01-28 08:05:51.000000000 +0100
@@ -5,7 +5,7 @@ dhclient_SOURCES = clparse.c dhclient.c
scripts/netbsd scripts/nextstep scripts/openbsd \
scripts/solaris scripts/openwrt
@@ -131,10 +131,10 @@ diff -up dhcp-4.2.0/client/Makefile.am.capability dhcp-4.2.0/client/Makefile.am
man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
EXTRA_DIST = $(man_MANS)
-diff -up dhcp-4.2.0/configure.ac.capability dhcp-4.2.0/configure.ac
---- dhcp-4.2.0/configure.ac.capability 2010-07-10 05:25:51.000000000 +0200
-+++ dhcp-4.2.0/configure.ac 2010-07-21 16:13:02.000000000 +0200
-@@ -419,6 +419,41 @@ AC_TRY_LINK(
+diff -up dhcp-4.2.1b1/configure.ac.capability dhcp-4.2.1b1/configure.ac
+--- dhcp-4.2.1b1/configure.ac.capability 2011-01-28 08:05:51.000000000 +0100
++++ dhcp-4.2.1b1/configure.ac 2011-01-28 08:26:11.000000000 +0100
+@@ -425,6 +425,41 @@ AC_TRY_LINK(
# Look for optional headers.
AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
@@ -173,6 +173,6 @@ diff -up dhcp-4.2.0/configure.ac.capability dhcp-4.2.0/configure.ac
+ AC_MSG_RESULT(no)
+fi
+
- # find an MD5 library
- AC_SEARCH_LIBS(MD5_Init, [crypto])
- AC_SEARCH_LIBS(MD5Init, [crypto])
+ # Solaris needs some libraries for functions
+ AC_SEARCH_LIBS(socket, [socket])
+ AC_SEARCH_LIBS(inet_ntoa, [nsl])
diff --git a/dhcp-4.2.1-invalid-dhclient-conf.patch b/dhcp-4.2.1-invalid-dhclient-conf.patch
new file mode 100644
index 0000000..eeeea84
--- /dev/null
+++ b/dhcp-4.2.1-invalid-dhclient-conf.patch
@@ -0,0 +1,12 @@
+diff -up dhcp-4.2.1b1/client/dhclient.conf.supersede dhcp-4.2.1b1/client/dhclient.conf
+--- dhcp-4.2.1b1/client/dhclient.conf.supersede 2010-09-15 01:03:56.000000000 +0200
++++ dhcp-4.2.1b1/client/dhclient.conf 2011-01-27 18:38:28.000000000 +0100
+@@ -4,7 +4,7 @@ send dhcp-lease-time 3600;
+ supersede domain-search "fugue.com", "home.vix.com";
+ prepend domain-name-servers 127.0.0.1;
+ request subnet-mask, broadcast-address, time-offset, routers,
+- domain-name, domain-name-servers, host-name;
++ domain-search, domain-name-servers, host-name;
+ require subnet-mask, domain-name-servers;
+ timeout 60;
+ retry 60;
diff --git a/dhcp-4.2.1-manpages.patch b/dhcp-4.2.1-manpages.patch
new file mode 100644
index 0000000..9a42b7f
--- /dev/null
+++ b/dhcp-4.2.1-manpages.patch
@@ -0,0 +1,264 @@
+diff -up dhcp-4.2.1b1/client/dhclient.8.man dhcp-4.2.1b1/client/dhclient.8
+--- dhcp-4.2.1b1/client/dhclient.8.man 2010-07-14 22:09:34.000000000 +0200
++++ dhcp-4.2.1b1/client/dhclient.8 2011-01-27 18:19:07.000000000 +0100
+@@ -115,6 +115,33 @@ dhclient - Dynamic Host Configuration Pr
+ .B -w
+ ]
+ [
++.B -B
++]
++[
++.B -I
++.I dhcp-client-identifier
++]
++[
++.B -H
++.I host-name
++]
++[
++.B -F
++.I fqdn.fqdn
++]
++[
++.B -V
++.I vendor-class-identifier
++]
++[
++.B -R
++.I request-option-list
++]
++[
++.B -timeout
++.I timeout
++]
++[
+ .B -v
+ ]
+ [
+@@ -264,6 +291,69 @@ not to exit when it doesn't find any suc
+ program can then be used to notify the client when a network interface
+ has been added or removed, so that the client can attempt to configure an IP
+ address on that interface.
++
++.TP
++.BI \-B
++Set the BOOTP broadcast flag in request packets so servers will always
++broadcast replies.
++
++.TP
++.BI \-I\ <dhcp-client-identifier>
++Specify the dhcp-client-identifier option to send to the DHCP server.
++
++.TP
++.BI \-H\ <host-name>
++Specify the host-name option to send to the DHCP server. The host-name
++string only contains the client's hostname prefix, to which the server will
++append the ddns-domainname or domain-name options, if any, to derive the
++fully qualified domain name of the client. The
++.B -H
++option cannot be used with the
++.B -F
++option.
++
++.TP
++.BI \-F\ <fqdn.fqdn>
++Specify the fqdn.fqdn option to send to the DHCP server. This option cannot
++be used with the
++.B -H
++option. The fqdn.fqdn option must specify the complete domain name of the
++client host, which the server may use for dynamic DNS updates.
++
++.TP
++.BI \-V\ <vendor-class-identifier>
++Specify the vendor-class-identifier option to send to the DHCP server.
++
++.TP
++.BI \-R\ <option>[,<option>...]
++Specify the list of options the client is to request from the server. The
++option list must be a single string consisting of option names separated
++by at least one command and optional space characters. The default option
++list is:
++
++.BR
++ subnet-mask, broadcast-address, time-offset, routers,
++.BR
++ domain-search, domain-name, domain-name-servers, host-name,
++.BR
++ nis-domain, nis-servers, ntp-servers, interface-mtu
++
++.TP
++.B -R
++option does not append options to the default request, it overrides the
++default request list. Keep this in mind if you want to request an
++additional option besides the default request list. You will have to
++specify all option names for the
++.B -R
++parameter.
++
++.TP
++.BI \-timeout\ <timeout>
++Specify the time after which
++.B dhclient
++will decide that no DHCP servers can be contacted when no responses have been
++received.
++
+ .TP
+ .BI \-n
+ Do not configure any interfaces. This is most likely to be useful in
+diff -up dhcp-4.2.1b1/client/dhclient.conf.5.man dhcp-4.2.1b1/client/dhclient.conf.5
+--- dhcp-4.2.1b1/client/dhclient.conf.5.man 2010-09-15 01:03:56.000000000 +0200
++++ dhcp-4.2.1b1/client/dhclient.conf.5 2011-01-27 18:22:56.000000000 +0100
+@@ -186,7 +186,8 @@ responding to the client send the client
+ options. Only the option names should be specified in the request
+ statement - not option parameters. By default, the DHCPv4 client
+ requests the subnet-mask, broadcast-address, time-offset, routers,
+-domain-name, domain-name-servers and host-name options while the DHCPv6
++domain-search, domain-name, domain-name-servers, host-name, nis-domain,
++nis-servers, ntp-servers and interface-mtu options while the DHCPv6
+ client requests the dhcp6 name-servers and domain-search options. Note
+ that if you enter a \'request\' statement, you over-ride these defaults
+ and these options will not be requested.
+@@ -672,6 +673,17 @@ know the DHCP service(s) anycast MAC add
+ client. The \fIlink-type\fR and \fImac-address\fR parameters are configured
+ in a similar manner to the \fBhardware\fR statement.
+ .PP
++ \fBbootp-broadcast-always;\fR
++.PP
++The
++.B bootp-broadcast-always
++statement instructs dhclient to always set the bootp broadcast flag in
++request packets, so that servers will always broadcast replies.
++This is equivalent to supplying the dhclient -B argument, and has
++the same effect as specifying 'always-broadcast' in the server's dhcpd.conf.
++This option is provided as an extension to enable dhclient to work
++on IBM s390 Linux guests.
++.PP
+ .SH SAMPLE
+ The following configuration file is used on a laptop running NetBSD
+ 1.3. The laptop has an IP alias of 192.5.5.213, and has one
+@@ -697,7 +709,7 @@ interface "ep0" {
+ supersede domain-search "fugue.com", "rc.vix.com", "home.vix.com";
+ prepend domain-name-servers 127.0.0.1;
+ request subnet-mask, broadcast-address, time-offset, routers,
+- domain-name, domain-name-servers, host-name;
++ domain-search, domain-name, domain-name-servers, host-name;
+ require subnet-mask, domain-name-servers;
+ script "CLIENTBINDIR/dhclient-script";
+ media "media 10baseT/UTP", "media 10base2/BNC";
+diff -up dhcp-4.2.1b1/client/dhclient-script.8.man dhcp-4.2.1b1/client/dhclient-script.8
+--- dhcp-4.2.1b1/client/dhclient-script.8.man 2010-07-06 21:03:11.000000000 +0200
++++ dhcp-4.2.1b1/client/dhclient-script.8 2011-01-27 18:24:44.000000000 +0100
+@@ -47,7 +47,7 @@ customizations are needed, they should b
+ exit hooks provided (see HOOKS for details). These hooks will allow the
+ user to override the default behaviour of the client in creating a
+ .B /etc/resolv.conf
+-file.
++file, and to handle DHCP options not handled by default.
+ .PP
+ No standard client script exists for some operating systems, even though
+ the actual client may work, so a pioneering user may well need to create
+@@ -91,6 +91,26 @@ present. The
+ .B ETCDIR/dhclient-exit-hooks
+ script can modify the valid of exit_status to change the exit status
+ of dhclient-script.
++.PP
++Immediately after dhclient brings an interface UP with a new IP address,
++subnet mask, and routes, in the REBOOT/BOUND states, it will check for the
++existence of an executable
++.B ETCDIR/dhclient-up-hooks
++script, and source it if found. This script can handle DHCP options in
++the environment that are not handled by default. A per-interface.
++.B ETCDIR/dhclient-${IF}-up-hooks
++script will override the generic script and be sourced when interface
++$IF has been brought up.
++.PP
++Immediately before dhclient brings an interface DOWN, removing its IP
++address, subnet mask, and routes, in the STOP/RELEASE states, it will
++check for the existence of an executable
++.B ETCDIR/dhclient-down-hooks
++script, and source it if found. This script can handle DHCP options in
++the environment that are not handled by default. A per-interface
++.B ETCDIR/dhclient-${IF}-down-hooks
++script will override the generic script and be sourced when interface
++$IF is about to be brought down.
+ .SH OPERATION
+ When dhclient needs to invoke the client configuration script, it
+ defines a set of variables in the environment, and then invokes
+diff -up dhcp-4.2.1b1/common/dhcp-options.5.man dhcp-4.2.1b1/common/dhcp-options.5
+--- dhcp-4.2.1b1/common/dhcp-options.5.man 2010-07-13 22:56:56.000000000 +0200
++++ dhcp-4.2.1b1/common/dhcp-options.5 2011-01-27 18:25:57.000000000 +0100
+@@ -913,6 +913,21 @@ classless IP routing - it does not inclu
+ classless IP routing is now the most widely deployed routing standard,
+ this option is virtually useless, and is not implemented by any of the
+ popular DHCP clients, for example the Microsoft DHCP client.
++.PP
++NOTE to Fedora dhclient users:
++.br
++dhclient-script interprets trailing 0 octets of the target as indicating
++the subnet class of the route, so for the following static-routes value:
++.br
++ option static-routes 172.0.0.0 172.16.2.254,
++.br
++ 192.168.0.0 192.168.2.254;
++.br
++dhclient-script will create routes:
++.br
++ 172/8 via 172.16.2.254 dev $interface
++.br
++ 192.168/16 via 192.168.2.254 dev $interface
+ .RE
+ .PP
+ .nf
+diff -up dhcp-4.2.1b1/server/dhcpd.conf.5.man dhcp-4.2.1b1/server/dhcpd.conf.5
+--- dhcp-4.2.1b1/server/dhcpd.conf.5.man 2010-07-06 21:03:12.000000000 +0200
++++ dhcp-4.2.1b1/server/dhcpd.conf.5 2011-01-27 18:29:12.000000000 +0100
+@@ -519,6 +519,9 @@ pool {
+ };
+ .fi
+ .PP
++Dynamic BOOTP leases are not compatible with failover, and, as such,
++you need to disallow BOOTP in pools that you are using failover for.
++.PP
+ The server currently does very little sanity checking, so if you
+ configure it wrong, it will just fail in odd ways. I would recommend
+ therefore that you either do failover or don't do failover, but don't
+@@ -533,9 +536,9 @@ primary server might look like this:
+ failover peer "foo" {
+ primary;
+ address anthrax.rc.vix.com;
+- port 519;
++ port 647;
+ peer address trantor.rc.vix.com;
+- peer port 520;
++ peer port 847;
+ max-response-delay 60;
+ max-unacked-updates 10;
+ mclt 3600;
+@@ -1305,7 +1308,7 @@ the zone containing PTR records - for IS
+ .PP
+ .nf
+ key DHCP_UPDATER {
+- algorithm HMAC-MD5.SIG-ALG.REG.INT;
++ algorithm hmac-md5;
+ secret pRP5FapFoJ95JEL06sv4PQ==;
+ };
+
+@@ -1328,7 +1331,7 @@ dhcpd.conf file:
+ .PP
+ .nf
+ key DHCP_UPDATER {
+- algorithm HMAC-MD5.SIG-ALG.REG.INT;
++ algorithm hmac-md5;
+ secret pRP5FapFoJ95JEL06sv4PQ==;
+ };
+
+@@ -2540,7 +2543,8 @@ statement
+ The \fInext-server\fR statement is used to specify the host address of
+ the server from which the initial boot file (specified in the
+ \fIfilename\fR statement) is to be loaded. \fIServer-name\fR should
+-be a numeric IP address or a domain name.
++be a numeric IP address or a domain name. If no \fInext-server\fR statement
++applies to a given client, the address 0.0.0.0 is used.
+ .RE
+ .PP
+ The
diff --git a/dhcp-4.2.1-retransmission.patch b/dhcp-4.2.1-retransmission.patch
new file mode 100644
index 0000000..18e447f
--- /dev/null
+++ b/dhcp-4.2.1-retransmission.patch
@@ -0,0 +1,48 @@
+diff -up dhcp-4.2.1b1/client/dhc6.c.retransmission dhcp-4.2.1b1/client/dhc6.c
+--- dhcp-4.2.1b1/client/dhc6.c.retransmission 2011-01-28 08:40:56.000000000 +0100
++++ dhcp-4.2.1b1/client/dhc6.c 2011-01-28 08:39:22.000000000 +0100
+@@ -361,7 +361,7 @@ dhc6_retrans_init(struct client_state *c
+ static void
+ dhc6_retrans_advance(struct client_state *client)
+ {
+- struct timeval elapsed;
++ struct timeval elapsed, elapsed_after_RT;
+
+ /* elapsed = cur - start */
+ elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec;
+@@ -378,6 +378,8 @@ dhc6_retrans_advance(struct client_state
+ elapsed.tv_sec += 1;
+ elapsed.tv_usec -= 1000000;
+ }
++ elapsed_after_RT.tv_sec = elapsed.tv_sec;
++ elapsed_after_RT.tv_usec = elapsed.tv_usec;
+
+ /*
+ * RT for each subsequent message transmission is based on the previous
+@@ -415,13 +417,10 @@ dhc6_retrans_advance(struct client_state
+ elapsed.tv_usec -= 1000000;
+ }
+ if (elapsed.tv_sec >= client->MRD) {
+- /*
+- * wake at RT + cur = start + MRD
+- */
+- client->RT = client->MRD +
+- (client->start_time.tv_sec - cur_tv.tv_sec);
+- client->RT = client->RT * 100 +
+- (client->start_time.tv_usec - cur_tv.tv_usec) / 10000;
++ client->RT = client->MRD - elapsed_after_RT.tv_sec;
++ client->RT = client->RT * 100 - elapsed_after_RT.tv_usec / 10000;
++ if (client->RT < 0)
++ client->RT = 0;
+ }
+ client->txcount++;
+ }
+@@ -1497,7 +1496,7 @@ check_timing6 (struct client_state *clie
+ }
+
+ /* Check if finished (-1 argument). */
+- if ((client->MRD != 0) && (elapsed.tv_sec > client->MRD)) {
++ if ((client->MRD != 0) && (elapsed.tv_sec >= client->MRD)) {
+ log_info("Max retransmission duration exceeded.");
+ return(CHK_TIM_MRD_EXCEEDED);
+ }
diff --git a/dhcp.spec b/dhcp.spec
index e5830e8..8db9167 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -4,15 +4,18 @@
# Where dhcp configuration files are stored
%global dhcpconfdir %{_sysconfdir}/dhcp
-# Patch version
-%global patchver P2
+# Patch version
+#%global patchver P2
+# Pre-Release version
+%global prever b1
-%global VERSION %{version}-%{patchver}
+#%define VERSION %{version}-%{patchver}
+%global VERSION %{version}%{prever}
Summary: Dynamic host configuration protocol software
Name: dhcp
-Version: 4.2.0
-Release: 26.%{patchver}%{?dist}
+Version: 4.2.1
+Release: 0.1.%{prever}%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
@@ -34,7 +37,6 @@ Source9: dhcpd.service
Source10: dhcpd6.service
Source11: dhcrelay.service
-
Patch0: dhcp-4.2.0-errwarn-message.patch
Patch1: dhcp-4.2.0-options.patch
Patch2: dhcp-4.2.0-release-by-ifup.patch
@@ -44,33 +46,30 @@ Patch5: dhcp-4.2.0-ldap.patch
Patch6: dhcp-4.2.0-dhclient-usage.patch
Patch7: dhcp-4.2.0-default-requested-options.patch
Patch8: dhcp-4.2.0-xen-checksum.patch
-Patch10: dhcp-4.2.0-manpages.patch
+Patch10: dhcp-4.2.1-manpages.patch
Patch11: dhcp-4.2.0-paths.patch
Patch12: dhcp-4.2.0-CLOEXEC.patch
Patch13: dhcp-4.2.0-inherit-leases.patch
Patch14: dhcp-4.2.0-garbage-chars.patch
-Patch15: dhcp-4.2.0-invalid-dhclient-conf.patch
-Patch16: dhcp-4.2.0-missing-ipv6-not-fatal.patch
-Patch17: dhcp-4.2.0-IFNAMSIZ.patch
-Patch18: dhcp-4.2.0-add_timeout_when_NULL.patch
-Patch19: dhcp-4.2.0-P1-64_bit_lease_parse.patch
-Patch20: dhcp-4.2.0-capability.patch
-Patch21: dhcp-4.2.0-logpid.patch
-Patch22: dhcp-4.2.0-UseMulticast.patch
-Patch23: dhcp-4.2.0-sendDecline.patch
-Patch24: dhcp-4.2.0-retransmission.patch
-Patch25: dhcp-4.2.0-release6-elapsed.patch
-Patch26: dhcp-4.2.0-initialization-delay.patch
-Patch27: dhcp-4.2.0-parse_date.patch
-Patch28: dhcp-4.2.0-rfc3442-classless-static-routes.patch
-Patch29: dhcp-4.2.0-PIE-RELRO.patch
-Patch30: dhcp-4.2.0-honor-expired.patch
-Patch31: dhcp-4.2.0-noprefixavail.patch
-Patch32: dhcp420-rh637017.patch
-Patch33: dhcp420-sharedlib.patch
-Patch34: dhcp-4.2.0-PPP.patch
-Patch35: dhcp-4.2.0-P2-omapi.patch
-Patch36: dhcp-4.2.0-P2-ldap-configuration.patch
+Patch15: dhcp-4.2.0-missing-ipv6-not-fatal.patch
+Patch16: dhcp-4.2.0-IFNAMSIZ.patch
+Patch17: dhcp-4.2.0-add_timeout_when_NULL.patch
+Patch18: dhcp-4.2.1-64_bit_lease_parse.patch
+Patch19: dhcp-4.2.1-capability.patch
+Patch20: dhcp-4.2.0-logpid.patch
+Patch21: dhcp-4.2.0-UseMulticast.patch
+Patch22: dhcp-4.2.0-sendDecline.patch
+Patch23: dhcp-4.2.1-retransmission.patch
+Patch24: dhcp-4.2.0-initialization-delay.patch
+Patch25: dhcp-4.2.0-rfc3442-classless-static-routes.patch
+Patch26: dhcp-4.2.1-PIE-RELRO.patch
+Patch27: dhcp-4.2.0-honor-expired.patch
+Patch28: dhcp-4.2.0-noprefixavail.patch
+Patch29: dhcp420-rh637017.patch
+Patch30: dhcp420-sharedlib.patch
+Patch31: dhcp-4.2.0-PPP.patch
+Patch32: dhcp-4.2.0-P2-omapi.patch
+Patch33: dhcp-4.2.0-P2-ldap-configuration.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -223,72 +222,60 @@ rm bind/bind.tar.gz
# Fix 'garbage in format string' error (#450042)
%patch14 -p1 -b .garbage
-# The sample dhclient.conf should say 'supersede domain-search' (#467955)
-# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #19147])
-%patch15 -p1 -b .supersede
-
# If the ipv6 kernel module is missing, do not segfault
# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #19367])
-%patch16 -p1 -b .noipv6
+%patch15 -p1 -b .noipv6
# Read only up to IFNAMSIZ characters for the interface name in dhcpd (#441524)
# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #19617])
-%patch17 -p1 -b .ifnamsiz
+%patch16 -p1 -b .ifnamsiz
# Handle cases in add_timeout() where the function is called with a NULL
# value for the 'when' parameter
# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #19867])
-%patch18 -p1 -b .dracut
+%patch17 -p1 -b .dracut
# Ensure 64-bit platforms parse lease file dates & times correctly (#448615, #628258)
# (Partly submitted to dhcp-bugs at isc.org - [ISC-Bugs #22033])
-%patch19 -p1 -b .64-bit_lease_parse
+%patch18 -p1 -b .64-bit_lease_parse
# Drop unnecessary capabilities in dhclient (#517649, #546765)
-%patch20 -p1 -b .capability
+%patch19 -p1 -b .capability
# dhclient logs its pid to make troubleshooting NM managed systems
# with multiple dhclients running easier (#546792)
-%patch21 -p1 -b .logpid
+%patch20 -p1 -b .logpid
# Discard unicast Request/Renew/Release/Decline message
# (unless we set unicast option) and respond with Reply
# with UseMulticast Status Code option (#573090)
# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #21235])
-%patch22 -p1 -b .UseMulticast
+%patch21 -p1 -b .UseMulticast
# If any of the bound addresses are found to be in use on the link,
# the dhcpv6 client sends a Decline message to the server
# as described in section 18.1.7 of RFC-3315 (#559147)
# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #21237])
-%patch23 -p1 -b .sendDecline
+%patch22 -p1 -b .sendDecline
# In client initiated message exchanges stop retransmission
# upon reaching the MRD rather than at some point after it (#559153)
# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #21238])
-%patch24 -p1 -b .retransmission
-
-# Fill in Elapsed Time Option in Release message (#582939)
-# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #21171])
-%patch25 -p1 -b .release6-elapsed
+%patch23 -p1 -b .retransmission
# Cut down the 0-4 second delay before sending first DHCPDISCOVER (#587070)
-%patch26 -p1 -b .initialization-delay
-
-# Fix parsing of date (#514828)
-# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #21501])
-%patch27 -p1 -b .parse_date
+%patch24 -p1 -b .initialization-delay
# RFC 3442 - Classless Static Route Option for DHCPv4 (#516325)
-%patch28 -p1 -b .rfc3442
+%patch25 -p1 -b .rfc3442
# hardening dhcpd/dhcrelay/dhclient by making them PIE & RELRO
-%patch29 -p1 -b .PIE-RELRO
+%patch26 -p1 -b .PIE-RELRO
# check whether there is any unexpired address in previous lease
# prior to confirming (INIT-REBOOT) the lease (#585418)
# (Submitted to dhcp-suggest at isc.org - [ISC-Bugs #22675])
-%patch30 -p1 -b .honor-expired
+%patch27 -p1 -b .honor-expired
# 1) When server has empty pool of addresses/prefixes it must send Advertise with
# NoAddrsAvail/NoPrefixAvail status in response to clients Solicit.
@@ -299,22 +286,22 @@ rm bind/bind.tar.gz
# Without this patch server ignored client's Solicit in which the client was sending
# prefix in IA_PD (as a preference) and this prefix was not in any of server's pools.
# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #22676])
-%patch31 -p1 -b .noprefixavail
+%patch28 -p1 -b .noprefixavail
# Fire away bundled BIND source.
-%patch32 -p1 -b .rh637017
+%patch29 -p1 -b .rh637017
#Build dhcp's libraries as shared libs instead of static libs.
-%patch33 -p1 -b .sharedlib
+%patch30 -p1 -b .sharedlib
# DHCPv6 over PPP support (#626514)
-%patch34 -p1 -b .PPP
+%patch31 -p1 -b .PPP
# Fix OMAPI (#666441)
-%patch35 -p1 -b .omapi
+%patch32 -p1 -b .omapi
# Fix loading of configuration when LDAP is used (#668276)
# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #22888])
-%patch36 -p1 -b .ldap-configuration
+%patch33 -p1 -b .ldap-configuration
# Copy in the Fedora/RHEL dhclient script
%{__install} -p -m 0755 %{SOURCE4} client/scripts/linux
@@ -663,6 +650,10 @@ fi
%attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
%changelog
+* Thu Jan 27 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.1-0.1.b1
+- 4.2.1b1: fix for CVE-2011-0413 (#672996)
+- No longer need invalid-dhclient-conf, parse_date and release6-elapsed patches
+
* Thu Jan 13 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-26.P2
- Fix loading of configuration when LDAP is used (#668276)
diff --git a/sources b/sources
index 7dd0d92..b3ad91f 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-a98f4ce3ca651e7e28a5a1ae6398689e dhcp-4.2.0-P2.tar.gz
+44c613e8703658588fce1c79da0a2843 dhcp-4.2.1b1.tar.gz
More information about the scm-commits
mailing list