Update isc-dhcp4 package to 4.2.4p1 (ISC DHCP 4.2.4-P1). Fixes security problems. Changes since 4.2.4 ! Previously the server code was relaxed to allow packets with zero length client ids to be processed. Under some situations use of zero length client ids can cause the server to go into an infinite loop. As such ids are not valid according to RFC 2132 section 9.14 the server no longer accepts them. Client ids with a length of 1 are also invalid but the server still accepts them in order to minimize disruption. The restriction will likely be tightened in the future to disallow ids with a length of 1. Thanks to Markus Hietava of Codenomicon CROSS project for the finding this issue and CERT-FI for vulnerability coordination. [ISC-Bugs #29851] CVE: CVE-2012-3571 ! When attempting to convert a DUID from a client id option into a hardware address handle unexpected client ids properly. Thanks to Markus Hietava of Codenomicon CROSS project for the finding this issue and CERT-FI for vulnerability coordination. [ISC-Bugs #29852] CVE: CVE-2012-3570 ! A pair of memory leaks were found and fixed. Thanks to Glen Eustace of Massey University, New Zealand for finding this issue. [ISC-Bugs #30024] CVE: CVE-2012-3954diff -r1.15 -r1.16 pkgsrc/net/isc-dhcp4/Makefile.common
(taca)
| @@ -1,33 +1,33 @@ | @@ -1,33 +1,33 @@ | |||
| 1 | # $NetBSD: Makefile.common,v 1.15 2012/06/06 15:59:31 taca Exp $ | 1 | # $NetBSD: Makefile.common,v 1.16 2012/07/25 00:56:52 taca Exp $ | |
| 2 | # | 2 | # | |
| 3 | # used by net/isc-dhcp4/Makefile | 3 | # used by net/isc-dhcp4/Makefile | |
| 4 | # used by net/isc-dhcpd4/Makefile | 4 | # used by net/isc-dhcpd4/Makefile | |
| 5 | # used by net/isc-dhclient4/Makefile | 5 | # used by net/isc-dhclient4/Makefile | |
| 6 | # used by net/isc-dhcrelay4/Makefile | 6 | # used by net/isc-dhcrelay4/Makefile | |
| 7 | 7 | |||
| 8 | DISTNAME= dhcp-${VERSION} | 8 | DISTNAME= dhcp-${VERSION} | |
| 9 | DHVER= ${DISTNAME:S/dhcp-//:S/-P/p/} | 9 | DHVER= ${DISTNAME:S/dhcp-//:S/-P/p/} | |
| 10 | CATEGORIES= net | 10 | CATEGORIES= net | |
| 11 | MASTER_SITES= ftp://ftp.isc.org/isc/dhcp/${VERSION}/ \ | 11 | MASTER_SITES= ftp://ftp.isc.org/isc/dhcp/${VERSION}/ \ | |
| 12 | http://ftp.isc.org/isc/dhcp/${VERSION}/ | 12 | http://ftp.isc.org/isc/dhcp/${VERSION}/ | |
| 13 | 13 | |||
| 14 | MAINTAINER= pkgsrc-users@NetBSD.org | 14 | MAINTAINER= pkgsrc-users@NetBSD.org | |
| 15 | HOMEPAGE= https://www.isc.org/sw/dhcp | 15 | HOMEPAGE= https://www.isc.org/sw/dhcp | |
| 16 | LICENSE= isc | 16 | LICENSE= isc | |
| 17 | 17 | |||
| 18 | CONFLICTS+= isc-dhcp-base-3.*{,nb*} | 18 | CONFLICTS+= isc-dhcp-base-3.*{,nb*} | |
| 19 | 19 | |||
| 20 | VERSION= 4.2.4 | 20 | VERSION= 4.2.4-P1 | |
| 21 | 21 | |||
| 22 | .include "../../mk/bsd.prefs.mk" | 22 | .include "../../mk/bsd.prefs.mk" | |
| 23 | 23 | |||
| 24 | GNU_CONFIGURE= yes | 24 | GNU_CONFIGURE= yes | |
| 25 | DHCP_HOME?= ${VARBASE}/db/isc-dhcp | 25 | DHCP_HOME?= ${VARBASE}/db/isc-dhcp | |
| 26 | DHCP_PID?= ${VARBASE}/run/isc-dhcp | 26 | DHCP_PID?= ${VARBASE}/run/isc-dhcp | |
| 27 | PKG_SYSCONFSUBDIR= dhcp | 27 | PKG_SYSCONFSUBDIR= dhcp | |
| 28 | 28 | |||
| 29 | USE_TOOLS+= gmake | 29 | USE_TOOLS+= gmake | |
| 30 | USE_LANGUAGES+= c c++ | 30 | USE_LANGUAGES+= c c++ | |
| 31 | 31 | |||
| 32 | PATCHDIR= ${.CURDIR}/../isc-dhcp4/patches | 32 | PATCHDIR= ${.CURDIR}/../isc-dhcp4/patches | |
| 33 | DISTINFO_FILE= ${.CURDIR}/../isc-dhcp4/distinfo | 33 | DISTINFO_FILE= ${.CURDIR}/../isc-dhcp4/distinfo |
| @@ -1,9 +1,9 @@ | @@ -1,9 +1,9 @@ | |||
| 1 | $NetBSD: distinfo,v 1.11 2012/06/06 15:59:31 taca Exp $ | 1 | $NetBSD: distinfo,v 1.12 2012/07/25 00:56:53 taca Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (dhcp-4.2.4.tar.gz) = ba877b6af5f21df84831f698187814668432e8fe | 3 | SHA1 (dhcp-4.2.4-P1.tar.gz) = 0fe0f20b7be597d60e61951d2ccafe547d3bcec2 | |
| 4 | RMD160 (dhcp-4.2.4.tar.gz) = 99af87ead38807d414a32622996e9815d6b6a95d | 4 | RMD160 (dhcp-4.2.4-P1.tar.gz) = ff7c419eac5391fa6722d522d057d9e1e8b08a8e | |
| 5 | Size (dhcp-4.2.4.tar.gz) = 8063457 bytes | 5 | Size (dhcp-4.2.4-P1.tar.gz) = 8187359 bytes | |
| 6 | SHA1 (patch-aa) = cdb64616f16ee79bf14f496518a2958352ce1fc9 | 6 | SHA1 (patch-aa) = cdb64616f16ee79bf14f496518a2958352ce1fc9 | |
| 7 | SHA1 (patch-ab) = 3a36eb65c6b0a865f2d8a350fa083fa2fe549efd | 7 | SHA1 (patch-ab) = 3a36eb65c6b0a865f2d8a350fa083fa2fe549efd | |
| 8 | SHA1 (patch-ac) = 97af5dd9e787c63ca387fb05df20f42d90b985fb | 8 | SHA1 (patch-ac) = 97af5dd9e787c63ca387fb05df20f42d90b985fb | |
| 9 | SHA1 (patch-includes_Makefile.in) = 3d81c1dce46854cee54742d6ea3593c4cb87f57d | 9 | SHA1 (patch-includes_Makefile.in) = 6004f66e28cd53c0acd09746a284eefe70a3aef2 |
| @@ -1,15 +1,16 @@ | @@ -1,15 +1,16 @@ | |||
| 1 | $NetBSD: patch-includes_Makefile.in,v 1.1 2011/04/08 14:09:24 taca Exp $ | 1 | $NetBSD: patch-includes_Makefile.in,v 1.2 2012/07/25 00:56:53 taca Exp $ | |
| 2 | 2 | |||
| 3 | --- includes/Makefile.in.orig 2011-03-24 21:58:37.000000000 +0000 | 3 | Don't need isc-dhcp/dst.h. | |
| 4 | ||||
| 5 | --- includes/Makefile.in.orig 2012-07-13 06:17:54.000000000 +0000 | |||
| 4 | +++ includes/Makefile.in | 6 | +++ includes/Makefile.in | |
| 5 | @@ -146,8 +146,8 @@ top_builddir = @top_builddir@ | 7 | @@ -147,8 +147,7 @@ top_builddir = @top_builddir@ | |
| 6 | top_srcdir = @top_srcdir@ | 8 | top_srcdir = @top_srcdir@ | |
| 7 | nobase_include_HEADERS = omapip/alloc.h omapip/buffer.h omapip/convert.h \ | 9 | nobase_include_HEADERS = omapip/alloc.h omapip/buffer.h omapip/convert.h \ | |
| 8 | omapip/hash.h omapip/isclib.h omapip/omapip.h \ | 10 | omapip/hash.h omapip/isclib.h omapip/omapip.h \ | |
| 9 | - omapip/omapip_p.h omapip/result.h omapip/trace.h \ | 11 | - omapip/omapip_p.h omapip/result.h omapip/trace.h \ | |
| 10 | - isc-dhcp/dst.h | 12 | - isc-dhcp/dst.h | |
| 11 | + omapip/omapip_p.h omapip/result.h omapip/trace.h | 13 | + omapip/omapip_p.h omapip/result.h omapip/trace.h | |
| 12 | +# isc-dhcp/dst.h | |||
| 13 | 14 | |||
| 14 | EXTRA_DIST = cdefs.h ctrace.h dhcp.h dhcp6.h dhcpd.h dhctoken.h failover.h \ | 15 | EXTRA_DIST = cdefs.h ctrace.h dhcp.h dhcp6.h dhcpd.h dhctoken.h failover.h \ | |
| 15 | heap.h inet.h minires.h osdep.h site.h statement.h tree.h \ | 16 | heap.h inet.h minires.h osdep.h site.h statement.h tree.h \ |