Fri Mar 2 21:24:02 2018 UTC ()
Pullup ticket #5712 - requested by taca
net/isc-dhcp4: security update

Revisions pulled up:
- net/isc-dhcp4/Makefile.common                                 1.35
- net/isc-dhcp4/distinfo                                        1.27

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Mar  1 00:53:05 UTC 2018

   Modified Files:
   	pkgsrc/net/isc-dhcp4: Makefile.common distinfo

   Log Message:
   net/isc-dhcp4: update to 4.3.6p1 (ISC DHCP 4.3.6-P1)

   			Changes since 4.3.6

   !- Plugged a socket descriptor leak in OMAPI, that can occur when there is
     data pending to be written to an OMAPI connection, when the connection
     is closed by the reader.
     [ISc-Bugs #46767]

   ! Corrected an issue where large sized 'X/x' format options were causing
     option handling logic to overwrite memory when expanding them to human
     readable form. Reported by Felix Wilhelm, Google Security Team.
     [ISC-Bugs #47139]
     CVE: CVE-2018-5732

   ! Option reference count was not correctly decremented in error path
     when parsing buffer for options. Reported by Felix Wilhelm, Google
     Security Team.
     [ISC-Bugs #47140]
     CVE: CVE-2018-5733

   To generate a diff of this commit:
   cvs rdiff -u -r1.34 -r1.35 pkgsrc/net/isc-dhcp4/Makefile.common
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/isc-dhcp4/distinfo


(spz)
diff -r1.34 -r1.34.6.1 pkgsrc/net/isc-dhcp4/Makefile.common
diff -r1.26 -r1.26.6.1 pkgsrc/net/isc-dhcp4/distinfo
cvs diff -r1.34 -r1.34.6.1 pkgsrc/net/isc-dhcp4/Makefile.common (expand / switch to unified diff)

--- pkgsrc/net/isc-dhcp4/Makefile.common 2017/08/13 14:21:03 1.34
+++ pkgsrc/net/isc-dhcp4/Makefile.common 2018/03/02 21:24:02 1.34.6.1
@@ -1,33 +1,33 @@ @@ -1,33 +1,33 @@
1# $NetBSD: Makefile.common,v 1.34 2017/08/13 14:21:03 taca Exp $ 1# $NetBSD: Makefile.common,v 1.34.6.1 2018/03/02 21:24:02 spz Exp $
2# 2#
3# used by net/isc-dhcp4/Makefile 3# used by net/isc-dhcp4/Makefile
4# used by net/isc-dhcpd4/Makefile 4# used by net/isc-dhcpd4/Makefile
5# used by net/isc-dhclient4/Makefile 5# used by net/isc-dhclient4/Makefile
6# used by net/isc-dhcrelay4/Makefile 6# used by net/isc-dhcrelay4/Makefile
7 7
8DISTNAME= dhcp-${VERSION} 8DISTNAME= dhcp-${VERSION}
9DHVER= ${DISTNAME:S/dhcp-//:S/-P/p/} 9DHVER= ${DISTNAME:S/dhcp-//:S/-P/p/}
10CATEGORIES= net 10CATEGORIES= net
11MASTER_SITES= ftp://ftp.isc.org/isc/dhcp/${VERSION}/ 11MASTER_SITES= ftp://ftp.isc.org/isc/dhcp/${VERSION}/
12MASTER_SITES+= http://ftp.isc.org/isc/dhcp/${VERSION}/ 12MASTER_SITES+= http://ftp.isc.org/isc/dhcp/${VERSION}/
13 13
14MAINTAINER= pkgsrc-users@NetBSD.org 14MAINTAINER= pkgsrc-users@NetBSD.org
15HOMEPAGE= https://www.isc.org/sw/dhcp 15HOMEPAGE= https://www.isc.org/sw/dhcp
16LICENSE= isc 16LICENSE= isc
17 17
18CONFLICTS+= isc-dhcp-base-3.* 18CONFLICTS+= isc-dhcp-base-3.*
19 19
20VERSION= 4.3.6 20VERSION= 4.3.6-P1
21 21
22.include "../../mk/bsd.prefs.mk" 22.include "../../mk/bsd.prefs.mk"
23 23
24GNU_CONFIGURE= yes 24GNU_CONFIGURE= yes
25DHCP_HOME?= ${VARBASE}/db/isc-dhcp 25DHCP_HOME?= ${VARBASE}/db/isc-dhcp
26DHCP_PID?= ${VARBASE}/run/isc-dhcp 26DHCP_PID?= ${VARBASE}/run/isc-dhcp
27PKG_SYSCONFSUBDIR= dhcp 27PKG_SYSCONFSUBDIR= dhcp
28 28
29USE_TOOLS+= gmake gunzip gzip tar 29USE_TOOLS+= gmake gunzip gzip tar
30USE_LANGUAGES+= c c++ 30USE_LANGUAGES+= c c++
31 31
32PATCHDIR= ${.CURDIR}/../isc-dhcp4/patches 32PATCHDIR= ${.CURDIR}/../isc-dhcp4/patches
33DISTINFO_FILE= ${.CURDIR}/../isc-dhcp4/distinfo 33DISTINFO_FILE= ${.CURDIR}/../isc-dhcp4/distinfo
@@ -72,25 +72,25 @@ post-extract: @@ -72,25 +72,25 @@ post-extract:
72 (cd ${WRKSRC}/bind && gunzip -c bind.tar.gz | tar xf -) 72 (cd ${WRKSRC}/bind && gunzip -c bind.tar.gz | tar xf -)
73 73
74BIND_CONFIGURE_ARGS+= --disable-kqueue 74BIND_CONFIGURE_ARGS+= --disable-kqueue
75BIND_CONFIGURE_ARGS+= --disable-epoll 75BIND_CONFIGURE_ARGS+= --disable-epoll
76BIND_CONFIGURE_ARGS+= --disable-devpoll 76BIND_CONFIGURE_ARGS+= --disable-devpoll
77BIND_CONFIGURE_ARGS+= --without-openssl 77BIND_CONFIGURE_ARGS+= --without-openssl
78BIND_CONFIGURE_ARGS+= --without-libxml2 78BIND_CONFIGURE_ARGS+= --without-libxml2
79BIND_CONFIGURE_ARGS+= --enable-exportlib 79BIND_CONFIGURE_ARGS+= --enable-exportlib
80BIND_CONFIGURE_ARGS+= --enable-threads=no 80BIND_CONFIGURE_ARGS+= --enable-threads=no
81BIND_CONFIGURE_ARGS+= --with-export-includedir=${WRKSRC}/bind/include 81BIND_CONFIGURE_ARGS+= --with-export-includedir=${WRKSRC}/bind/include
82BIND_CONFIGURE_ARGS+= --with-export-libdir=${WRKSRC}/bind/lib 82BIND_CONFIGURE_ARGS+= --with-export-libdir=${WRKSRC}/bind/lib
83BIND_CONFIGURE_ARGS+= --with-gssapi=no 83BIND_CONFIGURE_ARGS+= --with-gssapi=no
84 84
85BIND_WRKSRC= ${WRKSRC}/bind/bind-9.9.11 85BIND_WRKSRC= ${WRKSRC}/bind/bind-9.9.11-P1
86 86
87post-configure: 87post-configure:
88 ${RUN}${_ULIMIT_CMD} \ 88 ${RUN}${_ULIMIT_CMD} \
89 cd ${BIND_WRKSRC} && \ 89 cd ${BIND_WRKSRC} && \
90 ${PKGSRC_SETENV} ${_CONFIGURE_SCRIPT_ENV} \ 90 ${PKGSRC_SETENV} ${_CONFIGURE_SCRIPT_ENV} \
91 ${CONFIG_SHELL} ${CONFIG_SHELL_FLAGS} \ 91 ${CONFIG_SHELL} ${CONFIG_SHELL_FLAGS} \
92 ${CONFIGURE_SCRIPT} \ 92 ${CONFIGURE_SCRIPT} \
93 ${CONFIGURE_ARGS} \ 93 ${CONFIGURE_ARGS} \
94 ${BIND_CONFIGURE_ARGS} 94 ${BIND_CONFIGURE_ARGS}
95 95
96.include "../../security/openssl/buildlink3.mk" 96.include "../../security/openssl/buildlink3.mk"
cvs diff -r1.26 -r1.26.6.1 pkgsrc/net/isc-dhcp4/distinfo (expand / switch to unified diff)

--- pkgsrc/net/isc-dhcp4/distinfo 2017/08/13 14:21:03 1.26
+++ pkgsrc/net/isc-dhcp4/distinfo 2018/03/02 21:24:02 1.26.6.1
@@ -1,10 +1,10 @@ @@ -1,10 +1,10 @@
1$NetBSD: distinfo,v 1.26 2017/08/13 14:21:03 taca Exp $ 1$NetBSD: distinfo,v 1.26.6.1 2018/03/02 21:24:02 spz Exp $
2 2
3SHA1 (dhcp-4.3.6.tar.gz) = fb0417530e49368fe032cd9722f51c74f93180ac 3SHA1 (dhcp-4.3.6-P1.tar.gz) = 8a02b202377c030bfd378b0497dc8974510e9b87
4RMD160 (dhcp-4.3.6.tar.gz) = b80936239858a373bfb9bf2a362688a04db546ad 4RMD160 (dhcp-4.3.6-P1.tar.gz) = 54dfc9de84006b684684b7689d873c4d129aeb24
5SHA512 (dhcp-4.3.6.tar.gz) = de4962dc2aa174df17a3a1456719a777a42d238c3d6ad1771ccc460fa70c9e9cefcce52c7437f7acde61b9c3a2e84e9d49fd2dc33c7e9243053ceed5b247be03 5SHA512 (dhcp-4.3.6-P1.tar.gz) = cb04af2fb0fa8c5621e8b3dcb41e81422475218e1569b0eac6e13c876a21279928a3348f799253d7207517720466523b1cc28005c671542e37b1a391342b1e62
6Size (dhcp-4.3.6.tar.gz) = 10182593 bytes 6Size (dhcp-4.3.6-P1.tar.gz) = 10189202 bytes
7SHA1 (patch-aa) = da090b3b824f5d437f8d05ce00e2ac4dfc65d6af 7SHA1 (patch-aa) = da090b3b824f5d437f8d05ce00e2ac4dfc65d6af
8SHA1 (patch-ab) = 0683dd2259e48184713559aa0356ee352aa52c39 8SHA1 (patch-ab) = 0683dd2259e48184713559aa0356ee352aa52c39
9SHA1 (patch-ac) = a7e6808a6e1e93c520eb085f31259f6c142750f4 9SHA1 (patch-ac) = a7e6808a6e1e93c520eb085f31259f6c142750f4
10SHA1 (patch-common_dlpi.c) = 14cb1c1aed610b1d6952b26a7775caa06b6a8792 10SHA1 (patch-common_dlpi.c) = 14cb1c1aed610b1d6952b26a7775caa06b6a8792