Hello community,
here is the log from the commit of package dhcp for openSUSE:12.2 checked in at
2012-08-08 21:53:33
Comparing /work/SRC/openSUSE:12.2/dhcp (Old)
and /work/SRC/openSUSE:12.2/.dhcp.new (New)
Package is "dhcp", Maintainer is "m...@suse.com"
Changes:
--- /work/SRC/openSUSE:12.2/dhcp/dhcp.changes 2012-06-25 15:17:39.0
+0200
+++ /work/SRC/openSUSE:12.2/.dhcp.new/dhcp.changes 2012-08-08
21:53:35.0 +0200
@@ -1,0 +2,113 @@
+Wed Jul 25 18:13:59 UTC 2012 - m...@suse.com
+
+- Update to ISC dhcp-4.2.4-P1 release, providing following security
+ fixes (bnc#772924):
+ - Previously the server code was relaxed to allow packets with zero
+length client ids to be processed. Under some situations use of
+zero length client ids can cause the server to go into an infinite
+loop. As such ids are not valid according to RFC 2132 section 9.14
+the server no longer accepts them. Client ids with a length of 1
+are also invalid but the server still accepts them in order to
+minimize disruption. The restriction will likely be tightened in
+the future to disallow ids with a length of 1.
+Thanks to Markus Hietava of Codenomicon CROSS project for the
+finding this issue and CERT-FI for vulnerability coordination.
+[ISC-Bugs #29851] CVE: CVE-2012-3571
+ - When attempting to convert a DUID from a client id option
+into a hardware address handle unexpected client ids properly.
+Thanks to Markus Hietava of Codenomicon CROSS project for the
+finding this issue and CERT-FI for vulnerability coordination.
+[ISC-Bugs #29852] CVE: CVE-2012-3570
+ - A pair of memory leaks were found and fixed. Thanks to Glen
+Eustace of Massey University, New Zealand for finding this issue.
+[ISC-Bugs #30024] CVE: CVE-2012-3954
+- Moved lease file check to a separate action so it is not used in
+ restart -- it can fail when the daemon rewrites the lease causing
+ a restart failure then (bnc#762108 regression).
+- Request dhcp6.sntp-servers in /etc/dhclient6.conf and forward to
+ netconfig for processing (bnc#770236).
+- Removed RFC 4833 TZ options from client requests [unused].
+
+---
+Tue Jun 19 06:40:03 UTC 2012 - m...@suse.com
+
+- Update to ISC dhcp-4.2.4 release, fixing a dhcpv6 server assert
+ crash while accessing lease on heap (bnc#767661) and providing
+ the following fixes:
+ - Rotate the lease file when running in v6 mode.
+Thanks to Christoph Moench-Tegeder at Astaro for the
+report and the first version of the patch. [ISC-Bugs #24887]
+ - Fixed the code that checks if an address the server is planning
+to hand out is in a reserved range. This would appear as the
+server being out of addresses in pools with particular ranges.
+[ISC-Bugs #26498]
+ - In the DDNS code handle error conditions more gracefully and
+add more logging code. The major change is to handle unexpected
+cancel events from the DNS client code. [ISC-Bugs #26287]
+ - Tidy up the receive calls and eliminate the need for found_pkt.
+[ISC-Bugs #25066]
+ - Add support for Infiniband over sockets to the server and
+relay code. We've tested this on Solaris and hope to expand
+support for Infiniband in the future. This patch also corrects
+some issues we found in the socket code. [ISC-Bugs #24245]
+ - Add a compile time check for the presence of the noreturn attribute
+and use it for log_fatal if it's available. This will help code
+checking programs to eliminate false positives. [ISC-Bugs #27539]
+ - Fixed many compilation problems ("set, but not used" warnings) for
+gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588]
+ - Modify the code that determines if an outstanding DDNS request
+should be cancelled. This patch results in cancelling the
+outstanding request less often. It fixes the problem caused
+by a client doing a release where the TXT and PTR records
+weren't removed from the DNS. [ISC-BUGS #27858]
+ - Use offsetof() instead of sizeof() to get the sizes for
+dhcpv6_relay_packet and dhcpv6_packet in several more places.
+Thanks to a report from Bruno Verstuyft and Vincent Demaertelaere
+of Excentis. [ISC-Bugs #27941]
+ - Remove outdated note in the description of the bootp keyword about
+the option not satisfying the requirement of failover peers for
+denying dynamic bootp clients. [ISC-bugs #28574]
+ - Multiple items to clean up IPv6 address processing. When processing
+an IA that we've seen check to see if the addresses are usable
+(not in use by somebody else) before handing it out.
+When reading in leases from the file discard expired addresses.
+When picking an address for a client include the IA ID in
+