Bug 206015

Summary: net/dhcpcd: Update to 6.10.0 (Fixes security vulnerabilities)
Product: Ports & Packages Reporter: roy
Component: Individual Port(s)Assignee: Jason Unovitch <junovitch>
Status: Closed FIXED    
Severity: Affects Many People CC: junovitch
Priority: Normal Keywords: easy, patch, patch-ready, security
Version: LatestFlags: junovitch: merge-quarterly+
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Patch to net/dhcpcd to update to 6.10.0 roy: maintainer-approval+

Description roy 2016-01-07 23:21:59 UTC 
Created attachment 165232 [details]
Patch to net/dhcpcd to update to 6.10.0

dhcpcd-6.10.0 has been released with the following changes:
  *  --noption requires an argument
  *  optimise the ARP BPF filter, thanks to Nate Karstens
  *  send gratuitous ARP each time we apply our IP address
  *  fix truncation of hostnames based on the short hostname option
  *  improve routing and address management by always loading all
     interfaces, routes and addresses even for interfaces we are
     not directly working on
  *  timezone, lookup-hostname, wpa_supplicant and YP hooks are no
     longer installed by default but are installed to an example
     directory
  *  fix compile on kFreeBSD
     thanks to Christoph Egger for providing a temporary build host
  *  improve error logging of packet parsing
  *  fix ignoring routing messages generated by dhcpcd just before
     forking
  *  fix handling of rapid commit messages (allow ACK after DISCOVER)
  *  add PROBE state so we can easily reject DHCP messages received
     during the ARP probe phase
  *  fix CVE-2016-1503
  *  fix CVE-2016-1504
Comment 1 roy 2016-01-07 23:22:38 UTC 
Passes portlint
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-01-08 01:32:31 UTC 
A commit references this bug:

Author: junovitch
Date: Fri Jan  8 01:31:33 UTC 2016
New revision: 405502
URL: https://svnweb.freebsd.org/changeset/ports/405502

Log:
  Document two dhcpcd vulnerabilities

  PR:		206015
  Security:	CVE-2016-1504
  Security:	CVE-2016-1503
  Security:	https://vuxml.FreeBSD.org/freebsd/df587aa2-b5a5-11e5-9728-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-01-08 01:32:32 UTC 
A commit references this bug:

Author: junovitch
Date: Fri Jan  8 01:31:36 UTC 2016
New revision: 405503
URL: https://svnweb.freebsd.org/changeset/ports/405503

Log:
  net/dhcpcd: update 6.9.4 -> 6.10.0

  Changes:
  *  --noption requires an argument
  *  optimise the ARP BPF filter, thanks to Nate Karstens
  *  send gratuitous ARP each time we apply our IP address
  *  fix truncation of hostnames based on the short hostname option
  *  improve routing and address management by always loading all interfaces,
     routes and addresses even for interfaces we are not directly working on
  *  timezone, lookup-hostname, wpa_supplicant and YP hooks are no longer
     installed by default but are installed to an example directory
  *  fix compile on kFreeBSD
     thanks to Christoph Egger for providing a temporary build host
  *  improve error logging of packet parsing
  *  fix ignoring routing messages generated by dhcpcd just before forking
  *  fix handling of rapid commit messages (allow ACK after DISCOVER)
  *  add PROBE state so we can easily reject DHCP messages received during
     the ARP probe phase
  *  fix CVE-2016-1503
  *  fix CVE-2016-1504

  PR:		206015
  Submitted by:	Roy Marples <roy@marples.name> (maintainer)
  Security:	CVE-2016-1504
  Security:	CVE-2016-1503
  Security:	https://vuxml.FreeBSD.org/freebsd/df587aa2-b5a5-11e5-9728-002590263bf5.html
  MFH:		2016Q1

Changes:
  head/net/dhcpcd/Makefile
  head/net/dhcpcd/distinfo
  head/net/dhcpcd/files/patch-dhcpcd.conf
  head/net/dhcpcd/pkg-plist
Comment 4 Jason Unovitch freebsd_committer freebsd_triage 2016-01-08 02:18:16 UTC 
Roy, thanks as always!
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-01-08 02:18:38 UTC 
A commit references this bug:

Author: junovitch
Date: Fri Jan  8 02:17:42 UTC 2016
New revision: 405506
URL: https://svnweb.freebsd.org/changeset/ports/405506

Log:
  MFH: r405503

  net/dhcpcd: update 6.9.4 -> 6.10.0

  Changes:
  *  --noption requires an argument
  *  optimise the ARP BPF filter, thanks to Nate Karstens
  *  send gratuitous ARP each time we apply our IP address
  *  fix truncation of hostnames based on the short hostname option
  *  improve routing and address management by always loading all interfaces,
     routes and addresses even for interfaces we are not directly working on
  *  timezone, lookup-hostname, wpa_supplicant and YP hooks are no longer
     installed by default but are installed to an example directory
  *  fix compile on kFreeBSD
     thanks to Christoph Egger for providing a temporary build host
  *  improve error logging of packet parsing
  *  fix ignoring routing messages generated by dhcpcd just before forking
  *  fix handling of rapid commit messages (allow ACK after DISCOVER)
  *  add PROBE state so we can easily reject DHCP messages received during
     the ARP probe phase
  *  fix CVE-2016-1503
  *  fix CVE-2016-1504

  PR:		206015
  Submitted by:	Roy Marples <roy@marples.name> (maintainer)
  Approved by:	ports-secteam (miwi)
  Security:	CVE-2016-1504
  Security:	CVE-2016-1503
  Security:	https://vuxml.FreeBSD.org/freebsd/df587aa2-b5a5-11e5-9728-002590263bf5.html

Changes:
_U  branches/2016Q1/
  branches/2016Q1/net/dhcpcd/Makefile
  branches/2016Q1/net/dhcpcd/distinfo
  branches/2016Q1/net/dhcpcd/files/patch-dhcpcd.conf
  branches/2016Q1/net/dhcpcd/pkg-plist