Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/ISC]: src/external/mpl/dhcp/dist Import dhcp-4.4.2-P1:



details:   https://anonhg.NetBSD.org/src/rev/c0d71ad65678
branches:  ISC
changeset: 983483:c0d71ad65678
user:      christos <christos%NetBSD.org@localhost>
date:      Wed May 26 22:48:40 2021 +0000

description:
Import dhcp-4.4.2-P1:
 ! Corrected a buffer overwrite possible when parsing hexadecimal
   literals with more than 1024 octets. Reported by Jon Franklin from Dell,
   and also by Pawel Wieczorkiewicz from Amazon Web Services.
   [Gitlab #182]
   CVE: CVE-2021-25217

diffstat:

 external/mpl/dhcp/dist/LICENSE                        |   2 +-
 external/mpl/dhcp/dist/Makefile.in                    |  22 ++-
 external/mpl/dhcp/dist/README                         |  10 +-
 external/mpl/dhcp/dist/RELNOTES                       |  92 ++----------------
 external/mpl/dhcp/dist/aclocal.m4                     |  52 +++++-----
 external/mpl/dhcp/dist/client/Makefile.in             |   4 +-
 external/mpl/dhcp/dist/client/dhclient.c              |  10 +-
 external/mpl/dhcp/dist/client/tests/Makefile.in       |   4 +-
 external/mpl/dhcp/dist/common/Makefile.in             |   4 +-
 external/mpl/dhcp/dist/common/parse.c                 |  11 +-
 external/mpl/dhcp/dist/common/tests/Makefile.in       |   4 +-
 external/mpl/dhcp/dist/common/tests/option_unittest.c |  88 +++++++++++++++++-
 external/mpl/dhcp/dist/configure                      |  24 ++--
 external/mpl/dhcp/dist/configure.ac                   |   2 +-
 external/mpl/dhcp/dist/dhcpctl/Makefile.in            |   4 +-
 external/mpl/dhcp/dist/includes/Makefile.in           |   8 +-
 external/mpl/dhcp/dist/keama/Makefile.in              |   4 +-
 external/mpl/dhcp/dist/omapip/Makefile.in             |   4 +-
 external/mpl/dhcp/dist/relay/Makefile.in              |   4 +-
 external/mpl/dhcp/dist/relay/dhcrelay.c               |  19 +--
 external/mpl/dhcp/dist/relay/tests/Makefile.in        |   4 +-
 external/mpl/dhcp/dist/relay/tests/relay_unittests.c  |  30 +++++-
 external/mpl/dhcp/dist/server/Makefile.in             |   4 +-
 external/mpl/dhcp/dist/server/dhcpd.c                 |  10 +-
 external/mpl/dhcp/dist/server/tests/Makefile.in       |   4 +-
 external/mpl/dhcp/dist/tests/Makefile.in              |   4 +-
 26 files changed, 240 insertions(+), 188 deletions(-)

diffs (truncated from 1079 to 300 lines):

diff -r 17ec49f8d303 -r c0d71ad65678 external/mpl/dhcp/dist/LICENSE
--- a/external/mpl/dhcp/dist/LICENSE    Thu Apr 29 16:46:17 2021 +0000
+++ b/external/mpl/dhcp/dist/LICENSE    Wed May 26 22:48:40 2021 +0000
@@ -1,4 +1,4 @@
-# Copyright (c) 2004-2020 by Internet Systems Consortium, Inc. ("ISC")
+# Copyright (c) 2004-2021 by Internet Systems Consortium, Inc. ("ISC")
 # Copyright (c) 1995-2003 by Internet Software Consortium
 #
 # THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
diff -r 17ec49f8d303 -r c0d71ad65678 external/mpl/dhcp/dist/Makefile.in
--- a/external/mpl/dhcp/dist/Makefile.in        Thu Apr 29 16:46:17 2021 +0000
+++ b/external/mpl/dhcp/dist/Makefile.in        Wed May 26 22:48:40 2021 +0000
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.2 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -642,6 +642,10 @@
        tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
        $(am__post_remove_distdir)
 
+dist-zstd: distdir
+       tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst
+       $(am__post_remove_distdir)
+
 dist-tarZ: distdir
        @echo WARNING: "Support for distribution archives compressed with" \
                       "legacy program 'compress' is deprecated." >&2
@@ -684,6 +688,8 @@
          eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
        *.zip*) \
          unzip $(distdir).zip ;;\
+       *.tar.zst*) \
+         zstd -dc $(distdir).tar.zst | $(am__untar) ;;\
        esac
        chmod -R a-w $(distdir)
        chmod u+w $(distdir)
@@ -865,12 +871,12 @@
        am--refresh check check-am clean clean-cscope clean-generic \
        cscope cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \
        dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \
-       distcheck distclean distclean-generic distclean-local \
-       distclean-tags distcleancheck distdir distuninstallcheck dvi \
-       dvi-am html html-am info info-am install install-am \
-       install-data install-data-am install-dvi install-dvi-am \
-       install-exec install-exec-am install-html install-html-am \
-       install-info install-info-am install-man \
+       dist-zstd distcheck distclean distclean-generic \
+       distclean-local distclean-tags distcleancheck distdir \
+       distuninstallcheck dvi dvi-am html html-am info info-am \
+       install install-am install-data install-data-am install-dvi \
+       install-dvi-am install-exec install-exec-am install-html \
+       install-html-am install-info install-info-am install-man \
        install-nobase_includeHEADERS install-pdf install-pdf-am \
        install-ps install-ps-am install-strip installcheck \
        installcheck-am installdirs installdirs-am maintainer-clean \
diff -r 17ec49f8d303 -r c0d71ad65678 external/mpl/dhcp/dist/README
--- a/external/mpl/dhcp/dist/README     Thu Apr 29 16:46:17 2021 +0000
+++ b/external/mpl/dhcp/dist/README     Wed May 26 22:48:40 2021 +0000
@@ -1,6 +1,6 @@
              Internet Systems Consortium DHCP Distribution
-                            Version 4.4.2
-                           22 January 2020
+                            Version 4.4.2-P1
+                              26 May 2021
 
                              README FILE
 
@@ -97,12 +97,12 @@
 To build the DHCP Distribution, unpack the compressed tar file using
 the tar utility and the gzip command - type something like:
 
-       gunzip dhcp-4.4.2.tar.gz
-       tar xvf dhcp-4.4.2.tar
+       gunzip dhcp-4.4.2-P1.tar.gz
+       tar xvf dhcp-4.4.2-P1.tar
 
                            CONFIGURING IT
 
-Now, cd to the dhcp-4.4.2 subdirectory that you've just created and
+Now, cd to the dhcp-4.4.2-P1 subdirectory that you've just created and
 configure the source tree by typing:
 
        ./configure
diff -r 17ec49f8d303 -r c0d71ad65678 external/mpl/dhcp/dist/RELNOTES
--- a/external/mpl/dhcp/dist/RELNOTES   Thu Apr 29 16:46:17 2021 +0000
+++ b/external/mpl/dhcp/dist/RELNOTES   Wed May 26 22:48:40 2021 +0000
@@ -1,6 +1,6 @@
                 Internet Systems Consortium DHCP Distribution
-                            Version 4.4.2
-                            22 January 2020
+                            Version 4.4.2-P1
+                              26 May 2021
                              Release Notes
 
                               NEW FEATURES
@@ -9,84 +9,8 @@
 MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
 license terms.
 
-While release 4.4.2 is primarily a maintenance release that addresses a number
-of defects, it does introduce a few new features:
-
-- Keama - Keama is a migration utility that assists in converting ISC DHCP
-  server configuration files to Kea configuration files.  It is found in the
-  keama subdirectory and includes a README.md file with instructions on how
-  to build it as well as a manpage on its usage.
-
-- Two new server parameters related to ping checking were added:
-
-1. ping-cltt-secs which allows the user to specify the number of seconds
-   that must elapse since CLTT before a ping check is conducted.
-
-2. ping-timeout-ms which allows the user to specify the amount of time the
-   server waits for a ping-check response in milliseconds rather than in
-   seconds.
-
-In general, the areas of focus for ISC DHCP 4.4 were:
-
-1. Dynamic DNS additions
-2. dhclient improvements
-3. Support for dynamic shared libraries
-
-Dynamic DNS Improvements:
-
-- We added three new server configuration parameters which influence DDNS
-  conflict resolution:
-
-    1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
-    to mitigate issues with non-compliant clients in dual stack environments.
-
-    2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
-    requirement of DNS conflict resolution.
-
-    3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
-    allow unguarded DNS entries to be overwritten in certain cases
-
-- The server now honors update-static-leases parameter for static DHCPv6
-  hosts.
-
-dhclient Improvements:
-
-  - We've added three command line parameters to dhclient:
-
-    1. --prefix-len-hint - directs dhclient to use the given length as
-    the prefix length hint when requesting prefixes
-
-    2. --decline-wait-time - instructs the client to wait the given number
-    of seconds after declining an IPv4 address before issuing a discover
-
-    3. --address-prefix-len - specifies the prefix length passed by dhclient
-    into the client script (via the environment variable ip6_prefixlen) with
-    each IPv6 address.  We added this parameter because we have changed the
-    default value from 64 to 128 in order to be compliant with RFC3315bis
-    draft (-09, page 64) and RFC5942, Section 4, point 1.
-    **WARNING**: The new default value of 128 may not be backwardly compatible
-    with your environment. If you are operating without a router, such as
-    between VMs on a host, you may find they cannot see each other with prefix
-    length of 128. In such cases, you'll need to either provide routing or use
-    the command line parameter to set the value to 64. Alternatively you may
-    change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN
-    in includes/site.h.
-
-  - dhclient will now generate a DHCPv6 DECLINE message when the client script
-    indicates a DAD failure
-
-Dynamic shared library support:
-
-  Configure script, configure.ac+lt, which supports libtool is now provided
-  with the source tar ball.  This script can be used to configure ISC DHCP
-  to build with libtool and thus use dynamic shared libraries.
-
-Other Highlights:
-
- - The server now supports dhcp-cache-threshold for DHCPv6 operations
- - The server now supports DHPv6 address allocation based on EUI-64 DUIDs
- - Experimental support for alternate relay port in the both the server
-   and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)
+Release 4.4.2-P1 is a security release fixing possible buffer overwrite error
+in client and server while parsing haxadecimal literals in lease file.
 
 For information on how to install, configure and run this software, as
 well as how to find documentation and report bugs, please consult the
@@ -103,6 +27,14 @@
 Consortium.  This product includes cryptographic software written
 by Eric Young (eay%cryptsoft.com@localhost).
 
+               Changes since 4.4.2 (Bug Fixes)
+
+ ! Corrected a buffer overwrite possible when parsing hexadecimal
+   literals with more than 1024 octets. Reported by Jon Franklin from Dell,
+   and also by Pawel Wieczorkiewicz from Amazon Web Services.
+   [Gitlab #182]
+   CVE: CVE-2021-25217
+
                Changes since 4.4.2b1 (Bug Fixes)
 
 - Added a clarification on DHCPINFORMs and server authority to
diff -r 17ec49f8d303 -r c0d71ad65678 external/mpl/dhcp/dist/aclocal.m4
--- a/external/mpl/dhcp/dist/aclocal.m4 Thu Apr 29 16:46:17 2021 +0000
+++ b/external/mpl/dhcp/dist/aclocal.m4 Wed May 26 22:48:40 2021 +0000
@@ -1,6 +1,6 @@
-# generated automatically by aclocal 1.16.1 -*- Autoconf -*-
+# generated automatically by aclocal 1.16.2 -*- Autoconf -*-
 
-# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+# Copyright (C) 1996-2020 Free Software Foundation, Inc.
 
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,7 @@
 If you have problems, you may need to regenerate the build system entirely.
 To do so, use the procedure documented by the package, typically 'autoreconf'.])])
 
-# Copyright (C) 2002-2018 Free Software Foundation, Inc.
+# Copyright (C) 2002-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -35,7 +35,7 @@
 [am__api_version='1.16'
 dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
 dnl require some minimum version.  Point them to the right macro.
-m4_if([$1], [1.16.1], [],
+m4_if([$1], [1.16.2], [],
       [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
 ])
 
@@ -51,14 +51,14 @@
 # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
 # This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
 AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.16.1])dnl
+[AM_AUTOMAKE_VERSION([1.16.2])dnl
 m4_ifndef([AC_AUTOCONF_VERSION],
   [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
 _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
 
 # AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
 
-# Copyright (C) 2001-2018 Free Software Foundation, Inc.
+# Copyright (C) 2001-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -110,7 +110,7 @@
 
 # AM_COND_IF                                            -*- Autoconf -*-
 
-# Copyright (C) 2008-2018 Free Software Foundation, Inc.
+# Copyright (C) 2008-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -147,7 +147,7 @@
 
 # AM_CONDITIONAL                                            -*- Autoconf -*-
 
-# Copyright (C) 1997-2018 Free Software Foundation, Inc.
+# Copyright (C) 1997-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -178,7 +178,7 @@
 Usually this means the macro was only invoked conditionally.]])
 fi])])
 
-# Copyright (C) 1999-2018 Free Software Foundation, Inc.
+# Copyright (C) 1999-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -369,7 +369,7 @@
 
 # Generate code to set up dependency tracking.              -*- Autoconf -*-
 
-# Copyright (C) 1999-2018 Free Software Foundation, Inc.
+# Copyright (C) 1999-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -408,7 +408,9 @@
   done
   if test $am_rc -ne 0; then
     AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
-    for automatic dependency tracking.  Try re-running configure with the
+    for automatic dependency tracking.  If GNU make was not used, consider
+    re-running the configure script with MAKE="gmake" (or whatever is
+    necessary).  You can also try re-running configure with the
     '--disable-dependency-tracking' option to at least be able to build
     the package (albeit without support for automatic dependency tracking).])
   fi
@@ -435,7 +437,7 @@
 
 # Do all the work for Automake.                             -*- Autoconf -*-



Home | Main Index | Thread Index | Old Index