import upstream 4.2.5-P1

LICENSE

@@ -1,4 +1,4 @@
-# Copyright (c) 2004-2012 by Internet Systems Consortium, Inc. ("ISC")
+# Copyright (c) 2004-2013 by Internet Systems Consortium, Inc. ("ISC")
 # Copyright (c) 1995-2003 by Internet Software Consortium
 #
 # Permission to use, copy, modify, and distribute this software for any

Makefile.am

@@ -19,7 +19,8 @@ EXTRA_DIST = RELNOTES LICENSE \
 	     doc/ja_JP.eucJP/dhcp-eval.5 doc/ja_JP.eucJP/dhcp-options.5 \
 	     doc/examples/dhclient-dhcpv6.conf doc/examples/dhcpd-dhcpv6.conf \
 	     util/bindvar.sh \
-	     bind/Makefile bind/bind.tar.gz bind/version.tmp 
+	     bind/Makefile bind/bind.tar.gz bind/version.tmp \
+	     common/tests/Atffile server/tests/Atffile
 
 SUBDIRS = bind includes tests common dst omapip client dhcpctl relay server
 

Makefile.in

@@ -33,7 +33,8 @@ POST_UNINSTALL = :
 subdir = .
 DIST_COMMON = README $(am__configure_deps) $(nobase_include_HEADERS) \
 	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/configure depcomp install-sh missing
+	$(top_srcdir)/configure $(top_srcdir)/doc/devel/doxyfile.in \
+	depcomp install-sh missing
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
@@ -42,7 +43,7 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
  configure.lineno config.status.lineno
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/includes/config.h
-CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_FILES = doc/devel/doxyfile
 SOURCES =
 DIST_SOURCES =
 RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
@@ -79,6 +80,8 @@ distuninstallcheck_listfiles = find . -type f -print
 distcleancheck_listfiles = find . -type f -print
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
+ATF_CFLAGS = @ATF_CFLAGS@
+ATF_LDFLAGS = @ATF_LDFLAGS@
 AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
@@ -185,7 +188,8 @@ EXTRA_DIST = RELNOTES LICENSE \
 	     doc/ja_JP.eucJP/dhcp-eval.5 doc/ja_JP.eucJP/dhcp-options.5 \
 	     doc/examples/dhclient-dhcpv6.conf doc/examples/dhcpd-dhcpv6.conf \
 	     util/bindvar.sh \
-	     bind/Makefile bind/bind.tar.gz bind/version.tmp 
+	     bind/Makefile bind/bind.tar.gz bind/version.tmp \
+	     common/tests/Atffile server/tests/Atffile
 
 SUBDIRS = bind includes tests common dst omapip client dhcpctl relay server
 nobase_include_HEADERS = dhcpctl/dhcpctl.h
@@ -216,6 +220,8 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
 	cd $(srcdir) && $(AUTOCONF)
 $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+doc/devel/doxyfile: $(top_builddir)/config.status $(top_srcdir)/doc/devel/doxyfile.in
+	cd $(top_builddir) && $(SHELL) ./config.status $@
 install-nobase_includeHEADERS: $(nobase_include_HEADERS)
 	@$(NORMAL_INSTALL)
 	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"

README

@@ -1,6 +1,6 @@
 	      Internet Systems Consortium DHCP Distribution
-			       Version 4.2.4
-			        29 May 2012
+			     Version 4.2.5-P1
+			      26 March 2013
 
 			        README FILE
 
@@ -34,7 +34,8 @@ the ISC DHCP Distribution.
 	 5.7	 NeXTSTEP
 	 5.8	 SOLARIS
 	  5.8.1 Solaris 11
-	  5.8.2 Other Solaris Items
+	  5.8.2 Solaris 11 and ATF
+	  5.8.3 Other Solaris Items
 	 5.9	 AIX
 	 5.10	 MacOS X
 	6	SUPPORT
@@ -58,8 +59,8 @@ DHCP server documentation is in the dhcpd man page.  Information about
 the DHCP server lease database is in the dhcpd.leases man page.
 Server configuration documentation is in the dhcpd.conf man page as
 well as the dhcp-options man page.   A sample DHCP server
-configuration is in the file server/dhcpd.conf.   The source for the
-dhcpd, dhcpd.leases and dhcpd.conf man pages is in the server/ sub-
+configuration is in the file server/dhcpd.conf.example.   The source for
+the dhcpd, dhcpd.leases and dhcpd.conf man pages is in the server/ sub-
 directory in the distribution.   The source for the dhcp-options.5
 man page is in the common/ subdirectory.
 
@@ -97,7 +98,9 @@ directory, it may not have up-to-date information).
 
 			    RELEASE STATUS
 
-This is ISC DHCP 4.2.4, a maintenance release containing patches.
+This is ISC DHCP 4.2.5-P1, a security release.  A security issue has
+been found and fixed in Bind9, this release includes the updated Bind9
+code.  There are no code changes to DHCP.
 
 In this release, the DHCPv6 server should be fully functional on Linux,
 Solaris, or any BSD.  The DHCPv6 client should be similarly functional
@@ -132,12 +135,12 @@ information.   On Digital Unix, type ``man pfilt''.
 To build the DHCP Distribution, unpack the compressed tar file using
 the tar utility and the gzip command - type something like:
 
-	gunzip dhcp-4.2.4.tar.gz
-	tar xvf dhcp-4.2.4.tar
+	gunzip dhcp-4.2.5-P1.tar.gz
+	tar xvf dhcp-4.2.5-P1.tar
 
 			    CONFIGURING IT
 
-Now, cd to the dhcp-4.2.4 subdirectory that you've just created and
+Now, cd to the dhcp-4.2.5-P1 subdirectory that you've just created and
 configure the source tree by typing:
 
 	./configure
@@ -148,6 +151,11 @@ system; otherwise, it will complain.  If it can't figure out what
 system you are using, that system is not supported - you are on
 your own.
 
+Several options may be enabled or disabled via the configure command.
+You can get a list of these by typing:
+
+	./configure --help
+
 			 DYNAMIC DNS UPDATES
 
 A fully-featured implementation of dynamic DNS updates is included in
@@ -450,6 +458,36 @@ configuration step.  The command line would be something like:
 
 	  ./configure --enable-use-sockets --enable-ipv4-pktinfo
 
+				Solaris 11 and ATF
+
+We have reports that ATF 0.15 and 0.16 do not build on Solaris 11.  The
+following changes to the ATF source code appear to fix this issue:
+
+diff -ru atf-0.15/atf-c/tp_test.c atf-0.15-patched/atf-c/tp_test.c
+--- atf-0.15/atf-c/tp_test.c 2011-12-06 06:31:11.000000000 +0100
++++ atf-0.15-patched/atf-c/tp_test.c 2012-06-19 15:54:57.000000000 +0200
+@@ -28,6 +28,7 @@
+*/
+
+#include <string.h>
++#include <stdio.h>
+#include <unistd.h>
+
+#include <atf-c.h>
+
+diff -ru atf-0.15/atf-run/requirements.cpp atf-0.15-patched/atf-run/requirements.cpp
+--- atf-0.15/atf-run/requirements.cpp 2012-01-13 20:44:25.000000000 +0100
++++ atf-0.15-patched/atf-run/requirements.cpp 2012-06-19 15:41:51.000000000 +0200
+@@ -29,7 +29,7 @@
+
+extern "C" {
+#include <sys/param.h>
+-#include <sys/sysctl.h>
++//#include <sys/sysctl.h>
+}
+
+#include <cerrno>
+
 				Other Solaris Items
 
 One problem which has been observed and is not fixed in this

RELNOTES

@@ -1,6 +1,6 @@
 	      Internet Systems Consortium DHCP Distribution
-			      Version 4.2.4
-			       29 May 2012
+			    Version 4.2.5-P1
+			     26 March 2013
 
 			      Release Notes
 
@@ -39,6 +39,157 @@ The system has only been tested on Linux, FreeBSD, and Solaris, and may not
 work on other platforms. Please report any problems and suggested fixes to
 <dhcp-users@isc.org>.
 
+			Changes since 4.2.5
+
+- A security issue in Bind9 was found and fixed.  This release includes the
+  fixed Bind9 code.  There have been no code changes to the DHCP code.
+  [ISC-Bugs #32688]
+  CVE: CVE-2013-2266
+
+			Changes since 4.2.5rc1
+
+- None
+			Changes since 4.2.5b1
+
+- Modify test makefiles to be more similar to standard makefiles
+  and comment out a currently unused test.
+  [ISC-Bugs #32098]
+
+			Changes since 4.2.4
+
+- Correct code to calculate timing values in client to compare
+  rebind value to infinity instead of renew value.
+  Thanks to Chenda Huang from H3C Technologies Co., Limited
+  for reporting this issue.
+  [ISC-Bugs #29062]
+
+- Fix some issues in the code for parsing and printing options.
+  [ISC-Bugs #22625] - properly print options that have several fields
+  followed by an array of something for example "fIa"
+  [ISC-Bugs #27289] - properly parse options in declarations that have
+  several fields followed by an array of something for example "fIa"
+  [ISC-Bugs #27296] - properly determine if we parsed a 16 or 32 bit
+  value in evaluate_numeric_expression (extract-int).
+  [ISC-Bugs #27314] - properly parse a zero length option from
+  a lease file.  Thanks to Marius Tomaschewski from SUSE for the report
+  and prototype patch for this ticket as well as ticket 27289.
+
+! Previously the server code was relaxed to allow packets with zero
+  length client ids to be processed.  Under some situations use of
+  zero length client ids can cause the server to go into an infinite
+  loop.  As such ids are not valid according to RFC 2132 section 9.14
+  the server no longer accepts them.  Client ids with a length of 1
+  are also invalid but the server still accepts them in order to
+  minimize disruption.  The restriction will likely be tightened in
+  the future to disallow ids with a length of 1.
+  Thanks to Markus Hietava of Codenomicon CROSS project for the
+  finding this issue and CERT-FI for vulnerability coordination. 
+  [ISC-Bugs #29851]
+  CVE: CVE-2012-3571
+
+! When attempting to convert a DUID from a client id option
+  into a hardware address handle unexpected client ids properly.
+  Thanks to Markus Hietava of Codenomicon CROSS project for the
+  finding this issue and CERT-FI for vulnerability coordination. 
+  [ISC-Bugs #29852]
+  CVE: CVE-2012-3570
+
+! A pair of memory leaks were found and fixed.  Thanks to
+  Glen Eustace of Massey University, New Zealand for finding
+  this issue.
+  [ISC-Bugs #30024]
+  CVE: CVE-2012-3954
+
+- Existing legacy unit-tests have been migrated to Automated Test
+  Framework (ATF). Several new tests have been developed. To enable
+  unit-tests, please use --with-atf in configure script. A Developer's
+  Guide has been added. To generate it, please use make devel in
+  the doc directory. It is currently in early stages of development,
+  but is expected to grow in the near future. [ISC-Bugs 25901]
+
+! An issue with the use of lease times was found and fixed.  Making
+  certain changes to the end time of an IPv6 lease could cause the
+  server to abort.  Thanks to Glen Eustace of Massey University,
+  New Zealand for finding this issue.
+  [ISC-Bugs #30281]
+  CVE: CVE-2012-3955
+
+- Update the memory leakage debug code to work with v6.
+  [ISC-Bugs #30297]
+
+- Relax the requirements for deleting an A or AAAA record.
+  Previously the DDNS removal code required both the A or AAAA
+  record and the TXT record to exist.  This requirement could
+  cause problems if something interrupted the removal leaving
+  the TXT record alone.  This relaxation was codified in RFC 4703.
+  [ISC-Bugs #30734]
+
+- Modify the failover code to handle incorrect peer names
+  better.  Previously the structure holding the name might
+  have been freed inappropriately in some cases and not
+  freed in other cases.
+  [ISC-Bugs #30320]
+
+- Add a configure option, enable-secs-byteorder, to deal with
+  clients that do the byte ordering on the secs field incorrectly.
+  This field should be in network byte order but some clients
+  get it wrong.  When this option is enabled the server will examine
+  the secs field and if it looks wrong (high byte non zero and low
+  byte zero) swap the bytes.  The default is disabled.  This option
+  is only useful when doing load balancing within failover.
+  [ISC-Bugs #26108]
+
+- Fix a set of issues that were discovered via a code inspection
+  tool.  Thanks to Jiri Popelka and Tomas Hozza Red Hat for the logs
+  and patches.
+  [ISC-Bugs #23833]
+
+- Parsing unquoted base64 strings improved. Parser now properly handles 
+  strings that contain reserved names. [ISC-Bugs #23048]
+
+- Modify the nak_lease function to make some attempts to find a
+  server-identifier option to use for the NAK.  This feature is
+  enabled by defining SERVER_ID_FOR_NAK in includes/site.h and
+  currently defaults to disabled.
+  [ISC-Bugs #25689]
+
+- The client now passes information about the options it requested
+  from the server to the script code via environment variables.
+  These variables are of the form requested_<option_name>=1 with
+  the option name being the same as used in the new_* and old_*
+  variables.
+  [ISC-Bugs #29068]
+
+- Add support for a simple check that the server id in a request message
+  to a failover peer matches the server id of the server.  This support
+  is enabled by editing the file includes/site.h and uncommenting the
+  definition for SERVER_ID_CHECK.  The option has several restrictions
+  and issues - please read the comment in the site.h file before
+  enabling it.
+  [ISC-Bugs #31463]
+
+- Tidy up some compiler issues in the debug code.
+  [ISC-Bugs #26460]
+
+- Move the dhcpd.conf exmample file to dhcpd.conf.example to avoid
+  overwriting the dhcpd.conf file when installing a new version of
+  ISC DHCP.  The user will now need to manual copy and edit the
+  dhcpd.conf file as desired.
+  [ISC-Bugs #19337]
+
+- Check the status value when trying to read from a connection to
+  see if it may have been closed.  If it appears closed don't try
+  to read from it again.  This avoids a potential busy-wait like
+  loop when the peer names are mismatched.
+  [ISC-Bugs #31231]
+
+- Remove an unused variable to keep compilers happy.
+  [ISC-Bugs #31983]
+
+			Changes since 4.2.4rc2
+
+- None
+
 			Changes since 4.2.4rc1
 
 - Rotate the lease file when running in v6 mode.

aclocal.m4

@@ -13,8 +13,8 @@
 
 m4_ifndef([AC_AUTOCONF_VERSION],
   [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-m4_if(AC_AUTOCONF_VERSION, [2.67],,
-[m4_warning([this file was generated for autoconf 2.67.
+m4_if(AC_AUTOCONF_VERSION, [2.69],,
+[m4_warning([this file was generated for autoconf 2.69.
 You have another version of autoconf.  It may work, but is not guaranteed to.
 If you have problems, you may need to regenerate the build system entirely.
 To do so, use the procedure documented by the package, typically `autoreconf'.])])

bind/Makefile

@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.bind,v 1.2.2.8 2012-04-05 22:17:08 sar Exp $
+# $Id: Makefile.bind,v 1.2.2.8 2012/04/05 22:17:08 sar Exp $
 
 # Configure and build the bind libraries for use by DHCP
 

bind/version.tmp

@@ -5,6 +5,6 @@
 #
 MAJORVER=9
 MINORVER=8
-PATCHVER=3
-RELEASETYPE=
-RELEASEVER=
+PATCHVER=4
+RELEASETYPE=-P
+RELEASEVER=2

client/Makefile.am

@@ -1,4 +1,4 @@
-dist_sysconf_DATA = dhclient.conf
+dist_sysconf_DATA = dhclient.conf.example
 sbin_PROGRAMS = dhclient
 dhclient_SOURCES = clparse.c dhclient.c dhc6.c \
 		   scripts/bsdos scripts/freebsd scripts/linux scripts/macos \

client/Makefile.in

@@ -77,6 +77,8 @@ CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
+ATF_CFLAGS = @ATF_CFLAGS@
+ATF_LDFLAGS = @ATF_LDFLAGS@
 AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
@@ -166,7 +168,7 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-dist_sysconf_DATA = dhclient.conf
+dist_sysconf_DATA = dhclient.conf.example
 dhclient_SOURCES = clparse.c dhclient.c dhc6.c \
 		   scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
 		   scripts/netbsd scripts/nextstep scripts/openbsd \