Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 7 Apr 2011 10:58:22 GMT
From:      Marcin Cieslak <saper@saper.info>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        douglas@douglasthrift.net
Subject:   ports/156246: [PATCH] net/isc-dhcp41-server: update to 4.1-ESV-R2 *CVE-2011-0997*
Message-ID:  <201104071058.p37AwMn3075242@radziecki.saper.info>
Resent-Message-ID: <201104071110.p37BA8oW050749@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         156246
>Category:       ports
>Synopsis:       [PATCH] net/isc-dhcp41-server: update to 4.1-ESV-R2 *CVE-2011-0997*
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 07 11:10:07 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Marcin Cieslak
>Release:        FreeBSD 9.0-CURRENT amd64
>Organization:
http://saper.info
>Environment:
System: FreeBSD radziecki.saper.info 9.0-CURRENT FreeBSD 9.0-CURRENT #1 r219785M: Mon Mar 21 11:40:40 CET
>Description:
- Quick & dirty update to 4.1-ESV-R2

Not sure about PORTEPOCH bump, but the 4.1 line got somehow rebadged.

                        Changes since 4.1-ESV-R1

! In dhclient check the data for some string options for
  reasonableness before passing it along to the script that
  interfaces with the OS.
  [ISC-Bugs #23722]
  CVE: CVE-2011-0997
                        Changes since 4.1-ESV

! When processing a request in the DHCPv6 server code that specifies
  an address that is tagged as abandoned (meaning we received a
  decline request for it previously) don't attempt to move it from
  the inactive to active pool as doing so can result in the server
  crshing on an assert failure.  Also retag the lease as active
  and reset it's timeout value.
  [ISC-Bugs #21921]
  
(4.1-ESV seems to be re-badged 4.1.2-P1 we have in ports)

Port maintainer (douglas@douglasthrift.net) is cc'd.

Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
>Fix:

--- isc-dhcp41-server-4.1,2.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/net/isc-dhcp41-server.old/Makefile /usr/ports/net/isc-dhcp41-server/Makefile
--- /usr/ports/net/isc-dhcp41-server.old/Makefile	2011-02-17 15:16:56.000000000 +0100
+++ /usr/ports/net/isc-dhcp41-server/Makefile	2011-04-07 12:09:55.856436260 +0200
@@ -6,9 +6,9 @@
 #
 PORTNAME=	dhcp
-DISTVERSION=	4.1.2
+DISTVERSION=	4.1
 PORTREVISION=	${DHCP_PORTREVISION}
-PORTEPOCH=	1
+PORTEPOCH=	2
 CATEGORIES=	net
 MASTER_SITES=	${MASTER_SITE_ISC}
 MASTER_SITE_SUBDIR=	dhcp
@@ -19,8 +19,8 @@
 MAINTAINER=	douglas@douglasthrift.net
 COMMENT?=	The ISC Dynamic Host Configuration Protocol server
 
-PATCHLEVEL=	P1
-PORTREVISION_SERVER=	2
+PATCHLEVEL=	ESV-R2
+PORTREVISION_SERVER=	0
 PORTREVISION_CLIENT=	0
 PORTREVISION_RELAY=	0
 
diff -ruN --exclude=CVS /usr/ports/net/isc-dhcp41-server.old/distinfo /usr/ports/net/isc-dhcp41-server/distinfo
--- /usr/ports/net/isc-dhcp41-server.old/distinfo	2011-01-29 02:05:38.000000000 +0100
+++ /usr/ports/net/isc-dhcp41-server/distinfo	2011-04-07 12:15:32.567313992 +0200
@@ -1,4 +1,2 @@
-SHA256 (dhcp-4.1.2-P1.tar.gz) = bf6e13e1aa90c4d15adb6fdf0071b3da8988c3322c1b5629075181eea9d78dcd
-SIZE (dhcp-4.1.2-P1.tar.gz) = 1092661
-SHA256 (ldap-for-dhcp-4.1.1-2.tar.gz) = 566b7be2ebefdc583d0bf0095c804ba69807b67e5cc29a2b64b1b39202b37d0d
-SIZE (ldap-for-dhcp-4.1.1-2.tar.gz) = 39004
+SHA256 (dhcp-4.1-ESV-R2.tar.gz) = 49fa6f00ceee536e1e66698cc416279d333f833e41d545185a5b8684638cff03
+SIZE (dhcp-4.1-ESV-R2.tar.gz) = 1094285
--- isc-dhcp41-server-4.1,2.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201104071058.p37AwMn3075242>