CVS commit: pkgsrc/net/isc-dhcp4

["Takahiro Kambe" <taca%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   taca
Date:           Wed Mar 21 15:05:05 UTC 2018

Modified Files:
        pkgsrc/net/isc-dhcp4: Makefile.common PLIST distinfo

Log Message:
net/isc-dhcp4: update to 4.4.1

The areas of focus for ISC DHCP 4.4 were:

1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries

Dynamic DNS Improvements:

- We added three new server configuration parameters which influence DDNS
  conflict resolution:

    1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
    to mitigate issues with non-compliant clients in dual stack environments.

    2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
    requirement of DNS conflict resolution.

    3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
    allow unguarded DNS entries to be overwritten in certain cases

- The server now honors update-static-leases parameter for static DHCPv6
  hosts.

dhclient Improvements:

  - We've added three command line parameters to dhclient:

    1. --prefix-len-hint - directs dhclient to use the given length as
    the prefix length hint when requesting prefixes

    2. --decline-wait-time - instructs the client to wait the given number
    of seconds after declining an IPv4 address before issuing a discover

    3. --address-prefix-len - specifies the prefix length passed by dhclient
    into the client script (via the environment variable ip6_prefixlen) with
    each IPv6 address.  We added this parameter because we have changed the
    default value from 64 to 128 in order to be compliant with RFC3315bis
    draft (-09, page 64) and RFC5942, Section 4, point 1.
    **WARNING**: The new default value of 128 may not be backwardly compatible
    with your environment. If you are operating without a router, such as
    between VMs on a host, you may find they cannot see each other with prefix
    length of 128. In such cases, you'll need to either provide routing or use
    the command line parameter to set the value to 64. Alternatively you may
    change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN
    in includes/site.h.

  - dhclient will now generate a DHCPv6 DECLINE message when the client script
    indicates a DAD failure

Dynamic shared library support:

  Configure script, configure.ac+lt, which supports libtool is now provided
  with the source tar ball.  This script can be used to configure ISC DHCP
  to build with libtool and thus use dynamic shared libraries.

Other Highlights:

 - The server now supports dhcp-cache-threshold for DHCPv6 operations
 - The server now supports DHPv6 address allocation based on EUI-64 DUIDs
 - Experimental support for alternate relay port in the both the server
   and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)

For information on how to install, configure and run this software, as
well as how to find documentation and report bugs, please consult the
README file.

ISC DHCP uses standard GNU configure for installation. Please review the
output of "./configure --help" to see what options are available.

The system has only been tested on Linux, FreeBSD, and Solaris, and may not
work on other platforms. Please report any problems and suggested fixes to
<dhcp-users%isc.org@localhost>.

ISC DHCP is open source software maintained by Internet Systems
Consortium.  This product includes cryptographic software written
by Eric Young (eay%cryptsoft.com@localhost).

                Changes since 4.4.0 (New Features)
- none
                Changes since 4.4.0 (Bug Fixes)

- A delayed-ack value of 0 (the default), now correctly disables the delayed
  feature.  A change in 4.4.0 prohibited lease updates marking leases active
  from be written to the lease file when delayed-ack is 0. This in turn,
  caused servers to lose active lease assignments upon restart.
  [ISC-Bugs #47141]

! Option reference count was not correctly decremented in error path
  when parsing buffer for options. Reported by Felix Wilhelm, Google
  Security Team.
  [ISC-Bugs #47140]
  CVE: CVE-2018-5733

! Corrected an issue where large sized 'X/x' format options were causing
  option handling logic to overwrite memory when expanding them to human
  readable form. Reported by Felix Wilhelm, Google Security Team.
  [ISC-Bugs #47139]
  CVE: CVE-2018-5732


To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/net/isc-dhcp4/Makefile.common
cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/isc-dhcp4/PLIST
cvs rdiff -u -r1.27 -r1.28 pkgsrc/net/isc-dhcp4/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/isc-dhcp4/Makefile.common
diff -u pkgsrc/net/isc-dhcp4/Makefile.common:1.35 pkgsrc/net/isc-dhcp4/Makefile.common:1.36
--- pkgsrc/net/isc-dhcp4/Makefile.common:1.35   Thu Mar  1 00:53:04 2018
+++ pkgsrc/net/isc-dhcp4/Makefile.common        Wed Mar 21 15:05:05 2018
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.35 2018/03/01 00:53:04 taca Exp $
+# $NetBSD: Makefile.common,v 1.36 2018/03/21 15:05:05 taca Exp $
 #
 # used by net/isc-dhcp4/Makefile
 # used by net/isc-dhcpd4/Makefile
@@ -17,7 +17,7 @@ LICENSE=              isc
 
 CONFLICTS+=            isc-dhcp-base-3.*
 
-VERSION=               4.3.6-P1
+VERSION=               4.4.1
 
 .include "../../mk/bsd.prefs.mk"
 
@@ -82,7 +82,7 @@ BIND_CONFIGURE_ARGS+= --with-export-incl
 BIND_CONFIGURE_ARGS+=  --with-export-libdir=${WRKSRC}/bind/lib
 BIND_CONFIGURE_ARGS+=  --with-gssapi=no
 
-BIND_WRKSRC=           ${WRKSRC}/bind/bind-9.9.11-P1
+BIND_WRKSRC=           ${WRKSRC}/bind/bind-9.11.2-P1
 
 post-configure:
        ${RUN}${_ULIMIT_CMD}                                    \

Index: pkgsrc/net/isc-dhcp4/PLIST
diff -u pkgsrc/net/isc-dhcp4/PLIST:1.5 pkgsrc/net/isc-dhcp4/PLIST:1.6
--- pkgsrc/net/isc-dhcp4/PLIST:1.5      Sun Aug 13 14:21:03 2017
+++ pkgsrc/net/isc-dhcp4/PLIST  Wed Mar 21 15:05:05 2018
@@ -1,5 +1,4 @@
-@comment $NetBSD: PLIST,v 1.5 2017/08/13 14:21:03 taca Exp $
-include/isc-dhcp/dst.h
+@comment $NetBSD: PLIST,v 1.6 2018/03/21 15:05:05 taca Exp $
 include/omapip/alloc.h
 include/omapip/buffer.h
 include/omapip/convert.h
@@ -9,6 +8,7 @@ include/omapip/omapip.h
 include/omapip/omapip_p.h
 include/omapip/result.h
 include/omapip/trace.h
+lib/libdhcp.a
 man/man5/dhcp-eval.5
 man/man5/dhcp-options.5
 share/doc/isc-dhcp/README

Index: pkgsrc/net/isc-dhcp4/distinfo
diff -u pkgsrc/net/isc-dhcp4/distinfo:1.27 pkgsrc/net/isc-dhcp4/distinfo:1.28
--- pkgsrc/net/isc-dhcp4/distinfo:1.27  Thu Mar  1 00:53:04 2018
+++ pkgsrc/net/isc-dhcp4/distinfo       Wed Mar 21 15:05:05 2018
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.27 2018/03/01 00:53:04 taca Exp $
+$NetBSD: distinfo,v 1.28 2018/03/21 15:05:05 taca Exp $
 
-SHA1 (dhcp-4.3.6-P1.tar.gz) = 8a02b202377c030bfd378b0497dc8974510e9b87
-RMD160 (dhcp-4.3.6-P1.tar.gz) = 54dfc9de84006b684684b7689d873c4d129aeb24
-SHA512 (dhcp-4.3.6-P1.tar.gz) = cb04af2fb0fa8c5621e8b3dcb41e81422475218e1569b0eac6e13c876a21279928a3348f799253d7207517720466523b1cc28005c671542e37b1a391342b1e62
-Size (dhcp-4.3.6-P1.tar.gz) = 10189202 bytes
+SHA1 (dhcp-4.4.1.tar.gz) = 7be2c4911107f613c2d4b0a943261603c6b8507a
+RMD160 (dhcp-4.4.1.tar.gz) = e3fd6af7b95ba2734f1c987fb485a18565147017
+SHA512 (dhcp-4.4.1.tar.gz) = 684ae349f224918c9f8cec7bd6c55cd0b83ad2b5827375b2876ca088eb05b7ff1364e50f6dc24f2485c610d9be94d4ba3020f60a0fa0ef63962349d191b887e7
+Size (dhcp-4.4.1.tar.gz) = 11164378 bytes
 SHA1 (patch-aa) = da090b3b824f5d437f8d05ce00e2ac4dfc65d6af
 SHA1 (patch-ab) = 0683dd2259e48184713559aa0356ee352aa52c39
 SHA1 (patch-ac) = a7e6808a6e1e93c520eb085f31259f6c142750f4