Hi Bonno, On Fr 15 Jan 2016 08:20:59 CET, Bonno Bloksma wrote:
Please fix the package in Squeeze-lts so I can have the dhcpd.conf file in its proper place.
I double checked yesterday's upload of isc-dhcp-server to squeeze-lts. The fix introduced there is very unrelated to file names and paths and such.
So please, could you report back from what version to what version of the $DHCP package you actually upgraded? Please investigate /var/log/dpkg.log for that.
Furthermore, it is possible to set the path to dhcpd.conf as an env variable. This, for example, could be done in /etc/default/isc-dhcp-server:
""" PATH_DHCPD_CONF=/etc/dhcp/dhcpd.conf """Please also note that isc-dhcp-server copies the conf file (in a nasty way, non-Debian-policy conform, it seems) from
/etc/dhcp3/dhcpd.conf -> /etc/dhcp/dhcpd.conf when upgrading from dhcp3-server. Thanks+Greets, MikePS: Attached is the .debdiff between isc-dhcp-4.1.1-P1-15+squeeze8 and isc-dhcp-4.1.1-P1-15+squeeze9.
-- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de
diff -u isc-dhcp-4.1.1-P1/debian/changelog isc-dhcp-4.1.1-P1/debian/changelog
--- isc-dhcp-4.1.1-P1/debian/changelog
+++ isc-dhcp-4.1.1-P1/debian/changelog
@@ -1,3 +1,14 @@
+isc-dhcp (4.1.1-P1-15+squeeze9) squeeze-lts; urgency=medium
+
+ * Non-maintainer upload by the Debian LTS Team.
+ * debian/patches:
+ + Add CVE-2015-8605.dpatch. Properly check UDP payload length
+ (CVE-2015-8605).
+ + Add drop_unused_vars_from_ldap-c.dpatch. Fix FTBFS when gcc
+ option -Werror is used.
+
+ -- Mike Gabriel <sunwea...@debian.org> Thu, 14 Jan 2016 10:14:47 +0100
+
isc-dhcp (4.1.1-P1-15+squeeze8) squeeze-security; urgency=high
* Non-maintainer upload.
diff -u isc-dhcp-4.1.1-P1/debian/patches/00list
isc-dhcp-4.1.1-P1/debian/patches/00list
--- isc-dhcp-4.1.1-P1/debian/patches/00list
+++ isc-dhcp-4.1.1-P1/debian/patches/00list
@@ -26,0 +27,5 @@
+
+CVE-2015-8605
+
+# fix build when gcc option -Werror is used
+drop_unused_vars_from_ldap-c.dpatch
only in patch2:
unchanged:
--- isc-dhcp-4.1.1-P1.orig/debian/patches/drop_unused_vars_from_ldap-c.dpatch
+++ isc-dhcp-4.1.1-P1/debian/patches/drop_unused_vars_from_ldap-c.dpatch
@@ -0,0 +1,53 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## drop_unused_vars_from_ldap-c.dpatch by <mike.gabr...@das-netzwerkteam.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix build when gcc option -Werror is used.
+
+@DPATCH@
+--- a/server/ldap.c 2016-01-14 21:39:38.000000000 +0100
++++ b/server/ldap.c 2016-01-14 21:41:52.110259199 +0100
+@@ -1201,7 +1201,6 @@
+ Needs schema change.
+ */
+ LDAPMessage * newres, * newent;
+- struct ldap_config_stack *ns;
+ char **tempstr;
+ int i, j, ret;
+ #if defined (DEBUG_LDAP)
+@@ -1437,7 +1436,7 @@
+ char **objectClass, *dn;
+ struct ldap_config_stack *entry;
+ LDAPMessage *ent, *res, *entfirst, *resfirst;
+- int i, j, ignore, found;
++ int i, ignore, found;
+ int ret, parsedn = 1;
+
+ if (ld == NULL)
+@@ -1899,7 +1898,7 @@
+ int type, struct host_decl *host,
+ struct class **class)
+ {
+- int i, declaration, lease_limit;
++ int declaration, lease_limit;
+ char option_buffer[8192];
+ enum dhcp_token token;
+ struct parse *cfile;
+@@ -2005,7 +2004,7 @@
+ find_haddr_in_ldap (struct host_decl **hp, int htype, unsigned hlen,
+ const unsigned char *haddr, const char *file, int line)
+ {
+- char buf[128], *type_str, **tempstr, *addr_str;
++ char buf[128], *type_str;
+ LDAPMessage * res, *ent;
+ struct host_decl * host;
+ isc_result_t status;
+@@ -2193,7 +2192,7 @@
+ struct data_string *data)
+ {
+ LDAPMessage * res, * ent;
+- int i, ret, lease_limit;
++ int ret, lease_limit;
+ isc_result_t status;
+ ldap_dn_node *curr;
+ char buf[1024];
only in patch2:
unchanged:
--- isc-dhcp-4.1.1-P1.orig/debian/patches/CVE-2015-8605.dpatch
+++ isc-dhcp-4.1.1-P1/debian/patches/CVE-2015-8605.dpatch
@@ -0,0 +1,105 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2015-8605.dpatch by <mike.gabr...@das-netzwerkteam.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+--- a/common/packet.c 2016-01-09 22:06:01.167749929 +0000
++++ b/common/packet.c 2016-01-09 22:06:01.235749921 +0000
+@@ -205,7 +205,28 @@
+ return decode_ethernet_header (interface, buf, bufix, from);
+ }
+
+-/* UDP header and IP header decoded together for convenience. */
++/*!
++ *
++ * \brief UDP header and IP header decoded together for convenience.
++ *
++ * Attempt to decode the UDP and IP headers and, if necessary, checksum
++ * the packet.
++ *
++ * \param inteface - the interface on which the packet was recevied
++ * \param buf - a pointer to the buffer for the received packet
++ * \param bufix - where to start processing the buffer, previous
++ * routines may have processed parts of the buffer already
++ * \param from - space to return the address of the packet sender
++ * \param buflen - remaining length of the buffer, this will have been
++ * decremented by bufix by the caller
++ * \param rbuflen - space to return the length of the payload from the udp
++ * header
++ * \param csum_ready - indication if the checksum is valid for use
++ * non-zero indicates the checksum should be validated
++ *
++ * \return - the index to the first byte of the udp payload (that is the
++ * start of the DHCP packet
++ */
+
+ ssize_t
+ decode_udp_ip_header(struct interface_info *interface,
+@@ -216,7 +237,7 @@
+ unsigned char *data;
+ struct ip ip;
+ struct udphdr udp;
+- unsigned char *upp, *endbuf;
++ unsigned char *upp;
+ u_int32_t ip_len, ulen, pkt_len;
+ u_int32_t sum, usum;
+ static int ip_packets_seen;
+@@ -227,11 +248,8 @@
+ static int udp_packets_length_overflow;
+ unsigned len;
+
+- /* Designate the end of the input buffer for bounds checks. */
+- endbuf = buf + bufix + buflen;
+-
+ /* Assure there is at least an IP header there. */
+- if ((buf + bufix + sizeof(ip)) > endbuf)
++ if (sizeof(ip) > buflen)
+ return -1;
+
+ /* Copy the IP header into a stack aligned structure for inspection.
+@@ -243,13 +261,17 @@
+ ip_len = (*upp & 0x0f) << 2;
+ upp += ip_len;
+
+- /* Check the IP packet length. */
++ /* Check packet lengths are within the buffer:
++ * first the ip header (ip_len)
++ * then the packet length from the ip header (pkt_len)
++ * then the udp header (ip_len + sizeof(udp)
++ * We are liberal in what we accept, the udp payload should fit within
++ * pkt_len, but we only check against the full buffer size.
++ */
+ pkt_len = ntohs(ip.ip_len);
+- if (pkt_len > buflen)
+- return -1;
+-
+- /* Assure after ip_len bytes that there is enough room for a UDP header. */
+- if ((upp + sizeof(udp)) > endbuf)
++ if ((ip_len > buflen) ||
++ (pkt_len > buflen) ||
++ ((ip_len + sizeof(udp)) > buflen))
+ return -1;
+
+ /* Copy the UDP header into a stack aligned structure for inspection. */
+@@ -270,7 +292,8 @@
+ return -1;
+
+ udp_packets_length_checked++;
+- if ((upp + ulen) > endbuf) {
++ /* verify that the payload length from the udp packet fits in the buffer */
++ if ((ip_len + ulen) > buflen) {
+ udp_packets_length_overflow++;
+ if ((udp_packets_length_checked > 4) &&
+ ((udp_packets_length_checked /
+@@ -284,9 +307,6 @@
+ return -1;
+ }
+
+- if ((ulen < sizeof(udp)) || ((upp + ulen) > endbuf))
+- return -1;
+-
+ /* Check the IP header checksum - it should be zero. */
+ ++ip_packets_seen;
+ if (wrapsum (checksum (buf + bufix, ip_len, 0))) {
pgpPOQbMaUm5r.pgp
Description: Digitale PGP-Signatur
