206015 – net/dhcpcd: Update to 6.10.0 (Fixes security vulnerabilities)

Bug 206015 - net/dhcpcd: Update to 6.10.0 (Fixes security vulnerabilities)

Summary: net/dhcpcd: Update to 6.10.0 (Fixes security vulnerabilities)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Jason Unovitch

URL:
Keywords:	easy, patch, patch-ready, security

Depends on:
Blocks:

Reported:	2016-01-07 23:21 UTC by roy
Modified:	2016-01-08 07:52 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	junovitch: merge-quarterly+

Attachments
Patch to net/dhcpcd to update to 6.10.0 (2.56 KB, patch) 2016-01-07 23:21 UTC, roy	roy: maintainer-approval+	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description roy 2016-01-07 23:21:59 UTC

Created attachment 165232 [details]
Patch to net/dhcpcd to update to 6.10.0

dhcpcd-6.10.0 has been released with the following changes:
  *  --noption requires an argument
  *  optimise the ARP BPF filter, thanks to Nate Karstens
  *  send gratuitous ARP each time we apply our IP address
  *  fix truncation of hostnames based on the short hostname option
  *  improve routing and address management by always loading all
     interfaces, routes and addresses even for interfaces we are
     not directly working on
  *  timezone, lookup-hostname, wpa_supplicant and YP hooks are no
     longer installed by default but are installed to an example
     directory
  *  fix compile on kFreeBSD
     thanks to Christoph Egger for providing a temporary build host
  *  improve error logging of packet parsing
  *  fix ignoring routing messages generated by dhcpcd just before
     forking
  *  fix handling of rapid commit messages (allow ACK after DISCOVER)
  *  add PROBE state so we can easily reject DHCP messages received
     during the ARP probe phase
  *  fix CVE-2016-1503
  *  fix CVE-2016-1504

Comment 1 roy 2016-01-07 23:22:38 UTC

Passes portlint

Comment 2 commit-hook freebsd_committer

2016-01-08 01:32:31 UTC

A commit references this bug:

Author: junovitch
Date: Fri Jan  8 01:31:33 UTC 2016
New revision: 405502
URL: https://svnweb.freebsd.org/changeset/ports/405502

Log:
  Document two dhcpcd vulnerabilities

  PR:		206015
  Security:	CVE-2016-1504
  Security:	CVE-2016-1503
  Security:	https://vuxml.FreeBSD.org/freebsd/df587aa2-b5a5-11e5-9728-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml

Comment 3 commit-hook freebsd_committer

2016-01-08 01:32:32 UTC

A commit references this bug:

Author: junovitch
Date: Fri Jan  8 01:31:36 UTC 2016
New revision: 405503
URL: https://svnweb.freebsd.org/changeset/ports/405503

Log:
  net/dhcpcd: update 6.9.4 -> 6.10.0

  Changes:
  *  --noption requires an argument
  *  optimise the ARP BPF filter, thanks to Nate Karstens
  *  send gratuitous ARP each time we apply our IP address
  *  fix truncation of hostnames based on the short hostname option
  *  improve routing and address management by always loading all interfaces,
     routes and addresses even for interfaces we are not directly working on
  *  timezone, lookup-hostname, wpa_supplicant and YP hooks are no longer
     installed by default but are installed to an example directory
  *  fix compile on kFreeBSD
     thanks to Christoph Egger for providing a temporary build host
  *  improve error logging of packet parsing
  *  fix ignoring routing messages generated by dhcpcd just before forking
  *  fix handling of rapid commit messages (allow ACK after DISCOVER)
  *  add PROBE state so we can easily reject DHCP messages received during
     the ARP probe phase
  *  fix CVE-2016-1503
  *  fix CVE-2016-1504

  PR:		206015
  Submitted by:	Roy Marples <roy@marples.name> (maintainer)
  Security:	CVE-2016-1504
  Security:	CVE-2016-1503
  Security:	https://vuxml.FreeBSD.org/freebsd/df587aa2-b5a5-11e5-9728-002590263bf5.html
  MFH:		2016Q1

Changes:
  head/net/dhcpcd/Makefile
  head/net/dhcpcd/distinfo
  head/net/dhcpcd/files/patch-dhcpcd.conf
  head/net/dhcpcd/pkg-plist

Comment 4 Jason Unovitch freebsd_committer

2016-01-08 02:18:16 UTC

Roy, thanks as always!

Comment 5 commit-hook freebsd_committer

2016-01-08 02:18:38 UTC

A commit references this bug:

Author: junovitch
Date: Fri Jan  8 02:17:42 UTC 2016
New revision: 405506
URL: https://svnweb.freebsd.org/changeset/ports/405506

Log:
  MFH: r405503

  net/dhcpcd: update 6.9.4 -> 6.10.0

  Changes:
  *  --noption requires an argument
  *  optimise the ARP BPF filter, thanks to Nate Karstens
  *  send gratuitous ARP each time we apply our IP address
  *  fix truncation of hostnames based on the short hostname option
  *  improve routing and address management by always loading all interfaces,
     routes and addresses even for interfaces we are not directly working on
  *  timezone, lookup-hostname, wpa_supplicant and YP hooks are no longer
     installed by default but are installed to an example directory
  *  fix compile on kFreeBSD
     thanks to Christoph Egger for providing a temporary build host
  *  improve error logging of packet parsing
  *  fix ignoring routing messages generated by dhcpcd just before forking
  *  fix handling of rapid commit messages (allow ACK after DISCOVER)
  *  add PROBE state so we can easily reject DHCP messages received during
     the ARP probe phase
  *  fix CVE-2016-1503
  *  fix CVE-2016-1504

  PR:		206015
  Submitted by:	Roy Marples <roy@marples.name> (maintainer)
  Approved by:	ports-secteam (miwi)
  Security:	CVE-2016-1504
  Security:	CVE-2016-1503
  Security:	https://vuxml.FreeBSD.org/freebsd/df587aa2-b5a5-11e5-9728-002590263bf5.html

Changes:
_U  branches/2016Q1/
  branches/2016Q1/net/dhcpcd/Makefile
  branches/2016Q1/net/dhcpcd/distinfo
  branches/2016Q1/net/dhcpcd/files/patch-dhcpcd.conf
  branches/2016Q1/net/dhcpcd/pkg-plist