Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

dhcp-4.4.2.P1-2.5 RPM for armv7hl

From OpenSuSE Ports Tumbleweed for armv7hl

Name: dhcp Distribution: openSUSE Tumbleweed
Version: 4.4.2.P1 Vendor: openSUSE
Release: 2.5 Build date: Thu Oct 21 11:08:50 2021
Group: Productivity/Networking/Boot/Servers Build host: obs-arm-11
Size: 1504939 Source RPM: dhcp-4.4.2.P1-2.5.src.rpm
Packager: http://bugs.opensuse.org
Url: https://www.isc.org/software/dhcp
Summary: Common Files Used by ISC DHCP Software
This package contains common programs used by both the ISC DHCP
server ("dhcp-server" package) and client ("dhcp-client") as the
omshell and common manual pages.

Provides

Requires

License

MPL-2.0

Changelog

* Thu Aug 05 2021 Reinhard Max <max@suse.com>
  - bsc#1186249: Remove remaining references to /etc/init.d from
    dhclient-script and if-up.d.dhcpd-restart-hook .
  - Use , instead of - or / as a separator in sed when dealing with
    path names.
* Mon May 31 2021 Reinhard Max <max@suse.com>
  - Add -fno-strict-aliasing to CFLAGS to avoid a segfault in dhcpd
    (boo#1186631).
* Thu May 27 2021 Reinhard Max <max@suse.com>
  - Update to 4.4.2-P1:
    * CVE-2021-25217, bsc#1186382: A buffer overrun in lease file
      parsing code can be used to exploit a common vulnerability
      shared by dhcpd and dhclient.
  - Error out, if %version and %isc_version are not in sync.
* Sun Jan 24 2021 Dirk Müller <dmueller@suse.com>
  - update to 4.4.2:
    * Please note that that ISC DHCP is now licensed under the Mozilla Public
    License, MPL 2.0.
    In general, the areas of focus for ISC DHCP 4.4 were:
    1. Dynamic DNS additions
    2. dhclient improvements
    3. Support for dynamic shared libraries
    * Added the interface name to socket initialization failure log messages.
      Prior to this the log messages stated only the error reason without
      stating the target interface.
    * Corrected buffer pointer logic in dhcrelay functions that manipulate
      agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities
      & Mitigations for reporting the issue.
    * Corrected unresolved symbol errors building relay_unittests when
      configured to build using libtool.
    * A new configuration parameter, ping-cltt-secs (v4 operation only), has
      been added to allow the user to specify the number of seconds that must
      elapse since CLTT before a ping check is conducted.  Prior to this, the
      value was hard coded at 60 seconds.  Please see the server man pages for
      a more detailed discussion.
    * A new configuration parameter, ping-timeout-ms (v4 operation only),
      has been added that allows the user to specify the amount of time
      the server waits for a ping-check response in milliseconds rather
      than in seconds (via ping-timeout). When greater than zero, the value
      of ping-timeout-ms will override the value of ping-timeout.  Thanks
      to Jay Doran from Bluecat Networks for suggesting this feature.
    * An experimental tool called, Keama (KEA Migration Assistant), which helps
      translate ISC DHCP configurations to Kea configurations, is now included
      in the distribution.
    * Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be
      carried out over TCP rather than UDP. The coding error was exposed by
      migration to BIND9 9.11.  Thanks to Jinmei Tatuya at Infoblox for
      reporting the issue.
    * Bind9 now defaults to requiring python to build. The Makefile for
      building Bind9 when bundled with ISC DHCP was modified to turn off
      this dependency.
    * Corrected a dual-stack mixed-mode issue that occurs when both
      ddns-guard-id-must-match and ddns-other-guard-is-dynamic
      are enabled and that caused the server to incorrectly interpret
      the presence of a guard record belonging to another client as
      a case of no guard record at all.  Thanks to Fernando Soto
      from BlueCat Networks for reporting this issue.
    * Corrected a compilation issue that occurred when building without DNS
      update ability (e.g. by undefining NSUPDATE).
    * Corrected an issue that was causing the server, when running in
      DHPCv4 mode, to segfault when class lease limits are reached.
      Thanks to Peter Nagy at Porion-Digital for reporting the matter
      and submitting a patch.
    * Made minor changes to eliminate warnings when compiled with GCC 9.
      Thanks to Brett Neumeier for bringing the matter to our attention.
    * Fixed potential memory leaks in parser error message generation
      spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195
    * Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks
      to Tommy Smith for contributing the patch.
    * Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for
      reporting the issue.
    * Applied a patch from OpenBSD to always set the scope id of outbound
      DHPCv6 packets.  Note this change only applies when compiling under
      OpenBSD.  Thanks to Brad Smith at OpenBSD from bringing it to our
      attention.
    * Modified dhclient to not discard config file leases that are
      duplicates of server-provided leases and to retain such leases
      after they have been used as the fallback active lease and
      DHCP service has been restored.  This allows them to be used
      more than once during the lifetime of a dhclient instance.
      This applies to DHCPv4 operation only.
    * Corrected a number of reference counter and zero-length buffer leaks.
      Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for
      pointing them out.
    * Closed a small window of time between the installation of graceful
      shutdown signal handlers and application context startup, during which
      the receipt of shutdown signal would cause a REQUIRE() assertion to
      occur.  Note this issue is only visible when compiling with
      ENABLE_GENTLE_SHUTDOWN defined.
    * Corrected a buffer overflow that can occur when retrieving zone
      names that are more than 255 characters in length.
    * The "d" domain name option format was incorrectly handled as text
      instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks
      for reporting this issue.
    * Improved the error message issued when a host declaration has both
      a uid and a dhcp-client-identifier. Server configuration parsing will
      now fail if a host declaration specifies more than one uid.
    * Updated developer's documentation on building and running unit tests.
      Removed support for --with-atf=bind as BIND9 no longer bundles in ATF
      source.
    * Fixed a syntax error in ldap.c which cropped up under Ubuntu
      18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out.
    * Added clarification to dhcp-options.5 section on ip-address values
      describing the first-use DNS resolution of options with hostnames as
      values (e.g. next-server).
    * The option format for the server option omapi-key was changed to a
      format type 'k' (key name); while server options ldap-port and
      ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These
      three options were inadvertantly broken when the 'd' format content
      was changed to comply with RFC 1035 wire format (see Gitlab #2).
    * A delayed-ack value of 0 (the default), now correctly disables the delayed
      feature.  A change in 4.4.0 prohibited lease updates marking leases active
      from be written to the lease file when delayed-ack is 0. This in turn,
      caused servers to lose active lease assignments upon restart.
    ! Option reference count was not correctly decremented in error path
      when parsing buffer for options. Reported by Felix Wilhelm, Google
      Security Team.
      CVE: CVE-2018-5733
    ! Corrected an issue where large sized 'X/x' format options were causing
      option handling logic to overwrite memory when expanding them to human
      readable form. Reported by Felix Wilhelm, Google Security Team.
      CVE: CVE-2018-5732
    * Added use of new Bind9 compatibility header files, that are now necessary
      to supply type definitions for primitive data types, removed from Bind9
      proper.  Altered util/bind.sh to pull from Bind9 repo on gitlab.
    * Duplicate address detection when binding to a new IPv6 address was added
      to the following dhclient scripts: linux,freebsd,netbsd,openbsd, and macos.
      The scripts will check for DAD errors after binding to a new IPv6 address
      for at most --dad-wait-time seconds.  If a DAD error is detected the script
      will exit with a value of 3, instructing dhclient to decline the address. If
      dad-wait-time is zero (the default), DAD error checking is not peformed.
    * Support for sending and receiving additional DHCP4 options has been added
      to both the dhcpd and dhclient.  Specifically: option codes 93,94, and 97
      (RFC 4578); code 150 (RFC 5859); and codes 209,219, and 211 (RFC 5071).
      Beyond configuring, sending, requesting, and receiving these options neither
      server nor client apply any additional logic based on their values.
      Thanks to Peter Lewis for requesting this change.
    * Added clarifying text to dhcpd.conf.5 explaining the class match expressions
      cannot rely on the results of executable statements.
    * Fixed a bug which causes dhcpd and dhclient to crash on certain
      systems when given relative path names for lease or pid files on
      the command line.  Affected systems are those on which the C library
      function, realpath() does not support a second parameter value of
      NULL (see manpages for realpath(3)).
    * Fixed a build issue when building with embedded BIND9 under OpenBSD that
      was causing BIND9 build to not generate dns/enumclass.h and dns/enumtype.h.
    * Added <dhcp>/m4/README to the distribution tarball.  Some versions of
      ac_local() treat the absence of the m4 subdirectory as error rather than
      warning.  This was causing the call to autoreconf, necessary for building
      with libtool, to fail.
    * Added experimental support for relay port (draft-ietf-dhc-relay-port-10.txt)
      feature for DHCPv4, DHCPv6 and DHCPv4-over-DHCPv6.  Relay port has to be
      enabled at compile time via --enable-relay-port and is fully backward
      compatible (i.e. works with previous implementations of servers and relays
      using the standard ports).  A new --rp <relay-port> command line option
      specifies to dhcrelay an alternate source port for upstream (i.e. toward
      the server) messages.  Thanks to Naiming Shen and Enke Chen of Cisco
      systems for submitting these patches.
    * Added --release-on-roam to dhcpd server. When enabled and the server detects
      that a DHCPv6 client (IAID+DUID) has roamed to a new network, it will release
      the pre-existing leases on the old network and emit a log statement similar
      to the following:
      "Client: <id> roamed to new network, releasing lease: <address>"
      The server will carry out all of the same steps that would normally occur
      when a client explicitly releases a lease.  This behavior is disabled by
      default and may only be specified globally. Prior to this the server renders
      the leases unavailable until they expire or the server is restarted. Clients
      that need leases in multiple networks must supply a unique IAID in each IA.
      When release-on-roam is disabled (the default) the server maintains the
      prior behavior of making such leases unavailable until they expire or the
      server is restarted. Clients that need leases in multiple networks must
      supply a unique IAID in each IA.  This parameter may only be specified at
      the global level.  Thanks to Fernando Soto from BlueCat Networks for
      suggesting this change.
    * Support for delayed-ack is now compiled in by default. Prior to this
      it had to be enabled at compile time via --enable-delayed-acks. The
      default value for delayed-ack, however, has been changed from 28 to 0
      (i.e. disabled).  This was done to minimize the impact on users not
      currently using the feature.  Please note that the delayed-ack feature
      is not currently compatible with support for DHPCv4-over-DHCPv6 so
      when a 4to6 port command line argument enables this in the server the
      delayed-ack value is reset to 0.
    * Added to the server (-6) a new statement, local-address6, which specifies
      the source address of packets sent by the server. An additional flag,
      bind-local-address6, disabled by default, binds the service socket to
      to local-address6. Note that bind-local-address does not work with direct
      clients: a relay has to forward packets to the server using the
      local-address6 destination.
    * The server now recognizes environment variables PATH_DHCPD_DB and
      PATH_DHCPD_PID.  These had been incorrectly compiled out of the code
      unless DHCPv6 support was disabled. Additionally, the server man
      pages were corrected to accurately reflect how the server chooses
      file names (see lease-file-name and pid-file-name statements). Thanks
      to Fernando Soto at Bluecat Networks for bringing this matter to our
      attention.
    * Removed an "Impossible condition" error upon exit in the dhcpd server that
      has been shutdown via OMAPI. This condition was only apparent under Solaris
      when building with --enable-use-sockets and --enable-ipv4-pktinfo.
    * Corrected some minor Coverity issues: CID 1426059, 1426058, and 1426057.
    * Added missing text to dhclient.8 and expanded release note coverage
      for --address-prefix-len changes.
  - remove dhcp-CVE-2019-6470.patch,
    0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch: merged upstream
  - 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch
    0009-dhcp-4.2.6-close-on-exec.patch
    0016-infiniband-support.patch
    0018-client-fail-on-script-pre-init-error-bsc-912098.patch
    0021-dhcp-ip-family-symlinks.patch: refresh against newer code base
  - build with --enable-log-pid (log pid) and enable-binary-leases (faster
    binary looup for large leases files)
* Tue Nov 17 2020 Ludwig Nussel <lnussel@suse.de>
  - prepare usrmerge (boo#1029961)
* Wed Oct 21 2020 Reinhard Max <max@suse.com>
  - Complete the /var/run -> /run migration by renaming
    /var/lib/dhcp/var/run accordingly (boo#1177951).
* Thu Sep 17 2020 Reinhard Max <max@suse.com>
  - Don't create dhclient.leases in %post. It affects transactional
    updates and the files don't need to pre-exist (boo#1129951).
* Thu Sep 03 2020 Franck Bui <fbui@suse.com>
  - Drop dependency on insserv-compat
    It was required to call the rc_status helpers from the sysvinit
    scripts. These scripts are supposed to be called by systemd, which
    has its own mechanism to report service status.
    Please note that this package still needs to be converted to ship
    proper systemd units.
* Thu Sep 03 2020 Franck Bui <fbui@suse.com>
  - /var/run is legacy -> /run should be used instead
* Mon Jun 29 2020 Dominique Leuenberger <dimstar@opensuse.org>
  - The server package still requires insserv-compat: the .service
    files only call out to legacy sysv init scripts that are still
    sourcing /etc/rc.status (boo#1173440).
* Tue Jun 23 2020 Cristian Rodríguez <crrodriguez@opensuse.org>
  - insserv is not required anymore
* Thu Jun 11 2020 Callum Farmer <callumjfarmer13@gmail.com>
  - Fixes for %_libexecdir changing to /usr/libexec
* Wed Apr 15 2020 Thorsten Kukuk <kukuk@suse.com>
  - Use sysusers.d instead of shadow
* Mon Mar 02 2020 Reinhard Max <max@suse.com>
  - Add -fcommon to CFLAGS to fix build with gcc10 (boo#1160262).
* Wed Jan 22 2020 Thorsten Kukuk <kukuk@suse.com>
  - Change remaining systemd requires to weak dependencies, too.
  - Don't require net-tools with SLE15 or newer, it does not contain
    anything anymore we need
  - Get ride of coreutils dependency
* Tue Oct 15 2019 Reinhard Max <max@suse.com>
  - bsc#1134078, CVE-2019-6470, dhcp-CVE-2019-6470.patch:
    DHCPv6 server crashes regularly.
  - Add compile option --enable-secs-byteorder to avoid duplicate
    lease warnings [bsc#1089524].
* Wed Oct 02 2019 kukuk@suse.de
  - Make systemd a weak dependency as we don't want that in a container
* Wed Aug 28 2019 Reinhard Max <max@suse.com>
  - bsc#1136572: Use IPv6 when called as dhclient6, dhcpd6, and
    dhcrelay6 (0021-dhcp-ip-family-symlinks.patch).
* Thu Aug 08 2019 Dirk Mueller <dmueller@suse.com>
  - dhclient-script: replace host(1) with getent, which is more
    lightweight (part of glibc and does not pull in bind-utils)
* Fri Aug 02 2019 Martin Liška <mliska@suse.cz>
  - Use FAT LTO objects in order to provide proper static library.
* Thu Jul 11 2019 Antoine Belvire <antoine.belvire@opensuse.org>
  - Remove SuSEfirewall2 services since SuSEfirewall2 has been
    replaced by firewalld (which already provides a service for
    dhcp).
* Fri May 10 2019 Dominique Leuenberger <dimstar@opensuse.org>
  - Add workaround to require insserv-compat until the package is
    converted to full systemd units (boo#1133632).
* Fri Feb 22 2019 Franck Bui <fbui@suse.com>
  - Drop use of $FIRST_ARG in .spec
    The use of $FIRST_ARG was probably required because of the
    %service_* rpm macros were playing tricks with the shell positional
    parameters. This is bad practice and error prones so let's assume
    that no macros should do that anymore and hence it's safe to assume
    that positional parameters remains unchanged after any rpm macro
    call.
* Mon Jan 21 2019 Jonathan Brielmaier <jbrielmaier@suse.de>
  - Remove wrong path to documentation in the description of the
    server package
* Tue Jun 05 2018 tchvatal@suse.com
  - Drop doc subpackage as we do not build on < SLE12 anyway so it
    evaluated always as true
  - Do not condition flags settings for codestreams that we are no
    longer building for
  - Use %license macro for license as mandated by new TW requirements
* Mon Jun 04 2018 tchvatal@suse.com
  - Format with spec-cleaner (automatic, remove FIXMEs)
  - Use getent to detect created user prior doing it again
  - Drop ldapcasa as it evaluates as false on all current products
  - Drop ldap conditional as it is always true
* Mon Jun 04 2018 tchvatal@suse.com
  - Kill omc configs wrt fate#301838
* Thu Mar 08 2018 max@suse.com
  - Update to dhcp-4.3.6-P1:
    * CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
    * CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
    * Plugged a socket descriptor leak in OMAPI
    * The server now allows the client identifier (option 61) to own
      leases in more than one subnet concurrently [ISC-Bugs #41358].
    * When replying to a DHCPINFORM, the server will now include
      options specified at the pool scope, provided the ciaddr field
      of the DHCPINFORM is populated.
      [ISC-Bugs #43219] [ISC-Bugs #45051].
    * When memory allocation fails in a repeated way the process
      writes "Run out of memory." on the standard error and exists
      with status 1  [ISC-Bugs #32744].
    * The new lmdb (Lightning Memory DataBase) bind9 configure
      option is now disabled by default to avoid the presence of
      this library to be detected which can lead to a link failure.
      [ISC-Bugs #45069]
    * The linux interface discovery code has been modified to use
      getifaddrs() as is done for BSD and OS-X.
      [ISC-Bugs #28761] and others.
    * Fixed a bug in OMAPI that causes omshell to crash when a
      name-value pair with a zero length value is shipped in an
      object [ISC-Bugs #29108].
    * On 64-bit platforms, dhclient now generates the correct value
      for the script environment variable, "expiry", the lease
      expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
    * Common timer logic was modified to cap the maximum timeout
      values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
    * DHCP6 FQDN option unpacking code now correctly handles values
      that contain spaces, special, or non-printable characters.
      [ISC-Bugs #43592]
    * When running in -6 mode, dhclient can enforce the require
      option statement and will discard offered leases that do not
      contain all the required options specified in the client
      configuration [ISC-Bugs #41473].
    * Altered DHCPv4 lease time calculation to avoid roll over
      errors on 64-bit OS systems when using -1 or large values
      for default-lease-time [ISC-Bugs #41976],
    * Added --dad-wait-time parameter to dhclient [ISC-Bugs #36169].
    * The server nows checks both the address and length of a
      prefix delegation when attempting to match it to a prefix
      pool [ISC-Bugs #35378].
    * Modified DDNS support initialization such that DNS related
      ports will only be opened by the server (dhcpd) at startup
      if ddns-update-style is not "none"; by dhclient only if and
      when the it first attempts an update; and never by dhcrelay.
      [ISC-Bugs #45290] [ISC-Bugs #33377]
    * Added error logging to two memory allocation failure checks.
      [ISC-Bugs #41185]
    * Corrected a dhclient -6 issue that caused the client to crash
      with an "Impossible condition" error after de-preferencing its
      only IA binding [ISC-Bugs #44373].
    * By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h,
      dhclient will now call the script with reason set to FAIL when
      run with -1 (one try) and there are no server responses.
      [ISC-bugs #18183]
    * The server now detects failover peers that are not referenced
      in at least one pool when run with the command line option for
      test mode, -T [ISC-Bugs #29892].
    * Linux script updated [ISC-bugs #19430] [ISC-bugs #18111].
    * Changed severity of the log message indicating UDP checksum
      errors in the received packets from 'info' to 'debug'.
      [ISC-bugs #41757]
    * Corrected a bug which could cause the server to sporadically
      crash while loading lease files with the lease-id-format is
      set to "hex" [ISC-Bugs #43185].
  - Obsoleted patches:
    * 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch
    * 0019-dhcp-4.2.4-P1-interval.patch
    * 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
    * 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch
* Fri Jan 19 2018 ndas@suse.de
  - Optimized if and when DNS client context and ports
    are initted (bsc#1073935)
    [+0022-Optimized-if-and-when-DNS-client-context-and-ports.patch]
* Tue Jan 16 2018 ndas@suse.de
  - Plugs a socket descriptor leak in OMAPI(bsc#1076119, CVE-2017-3144)
    [ +0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch]
* Fri Jan 05 2018 obs@botter.cc
  - add PIDFile= setting to dhcrelay.service, without this systemd
    stops the service immediately after starting

Files

/usr/bin/omshell
/usr/share/licenses/dhcp
/usr/share/licenses/dhcp/LICENSE
/usr/share/man/man1/omshell.1.gz
/usr/share/man/man5/dhcp-eval.5.gz
/usr/share/man/man5/dhcp-options.5.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 9 23:48:49 2021