ports/156246: [PATCH] net/isc-dhcp41-server: update to 4.1-ESV-R2 *CVE-2011-0997*
Marcin Cieslak
saper at saper.info
Thu Apr 7 11:10:09 UTC 2011
>Number: 156246
>Category: ports
>Synopsis: [PATCH] net/isc-dhcp41-server: update to 4.1-ESV-R2 *CVE-2011-0997*
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 07 11:10:07 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Marcin Cieslak
>Release: FreeBSD 9.0-CURRENT amd64
>Organization:
http://saper.info
>Environment:
System: FreeBSD radziecki.saper.info 9.0-CURRENT FreeBSD 9.0-CURRENT #1 r219785M: Mon Mar 21 11:40:40 CET
>Description:
- Quick & dirty update to 4.1-ESV-R2
Not sure about PORTEPOCH bump, but the 4.1 line got somehow rebadged.
Changes since 4.1-ESV-R1
! In dhclient check the data for some string options for
reasonableness before passing it along to the script that
interfaces with the OS.
[ISC-Bugs #23722]
CVE: CVE-2011-0997
Changes since 4.1-ESV
! When processing a request in the DHCPv6 server code that specifies
an address that is tagged as abandoned (meaning we received a
decline request for it previously) don't attempt to move it from
the inactive to active pool as doing so can result in the server
crshing on an assert failure. Also retag the lease as active
and reset it's timeout value.
[ISC-Bugs #21921]
(4.1-ESV seems to be re-badged 4.1.2-P1 we have in ports)
Port maintainer (douglas at douglasthrift.net) is cc'd.
Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
>Fix:
--- isc-dhcp41-server-4.1,2.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/net/isc-dhcp41-server.old/Makefile /usr/ports/net/isc-dhcp41-server/Makefile
--- /usr/ports/net/isc-dhcp41-server.old/Makefile 2011-02-17 15:16:56.000000000 +0100
+++ /usr/ports/net/isc-dhcp41-server/Makefile 2011-04-07 12:09:55.856436260 +0200
@@ -6,9 +6,9 @@
#
PORTNAME= dhcp
-DISTVERSION= 4.1.2
+DISTVERSION= 4.1
PORTREVISION= ${DHCP_PORTREVISION}
-PORTEPOCH= 1
+PORTEPOCH= 2
CATEGORIES= net
MASTER_SITES= ${MASTER_SITE_ISC}
MASTER_SITE_SUBDIR= dhcp
@@ -19,8 +19,8 @@
MAINTAINER= douglas at douglasthrift.net
COMMENT?= The ISC Dynamic Host Configuration Protocol server
-PATCHLEVEL= P1
-PORTREVISION_SERVER= 2
+PATCHLEVEL= ESV-R2
+PORTREVISION_SERVER= 0
PORTREVISION_CLIENT= 0
PORTREVISION_RELAY= 0
diff -ruN --exclude=CVS /usr/ports/net/isc-dhcp41-server.old/distinfo /usr/ports/net/isc-dhcp41-server/distinfo
--- /usr/ports/net/isc-dhcp41-server.old/distinfo 2011-01-29 02:05:38.000000000 +0100
+++ /usr/ports/net/isc-dhcp41-server/distinfo 2011-04-07 12:15:32.567313992 +0200
@@ -1,4 +1,2 @@
-SHA256 (dhcp-4.1.2-P1.tar.gz) = bf6e13e1aa90c4d15adb6fdf0071b3da8988c3322c1b5629075181eea9d78dcd
-SIZE (dhcp-4.1.2-P1.tar.gz) = 1092661
-SHA256 (ldap-for-dhcp-4.1.1-2.tar.gz) = 566b7be2ebefdc583d0bf0095c804ba69807b67e5cc29a2b64b1b39202b37d0d
-SIZE (ldap-for-dhcp-4.1.1-2.tar.gz) = 39004
+SHA256 (dhcp-4.1-ESV-R2.tar.gz) = 49fa6f00ceee536e1e66698cc416279d333f833e41d545185a5b8684638cff03
+SIZE (dhcp-4.1-ESV-R2.tar.gz) = 1094285
--- isc-dhcp41-server-4.1,2.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list