Roy's Blog

A Hacker's musings on Code | Tech | Life

dhcpcd-7.2.2 has been released with the following fixes:

  • DHCP: Ensure dhcp is running on the interface received from
  • BSD: Link handling has been simplified, however it is expected that if an interface supports SIOCGIFMEDIA then it reports the correct link status via route(4) for reliable operations
  • BPF: ARP filter is more robust
  • BSD and sun: Validate RTM message lengths

This security issue has been addressed

  • DHCPv6: Fix a potential read overflow with D6_OPTION_PD_EXCLUDE

IT IS HIGHLY RECOMMENDED YOU UPGRADE DHCPCD!

Patch for dhcpcd-7 if you don't want to upgrade to dhcpcd-7.2.2:
https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8
https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=896ef4a54b0578985e5e1360b141593f1d62837b

dhcpcd-6.11.7 has been released as well, with this in. I have no plans to fix earlier versions, heck you shouldn't even be using dhcpcd-6!

Many thanks to Maxime Villard max@m00nbsd.net for discovering this issue.

FTP: ftp://roy.marples.name/pub/dhcpcd/dhcpcd-7.2.2.tar.xz
HTTP: https://roy.marples.name/downloads/dhcpcd/dhcpcd-7.2.2.tar.xz
FTP: ftp://roy.marples.name/pub/dhcpcd/dhcpcd-6.11.7.tar.xz
HTTP: https://roy.marples.name/downloads/dhcpcd/dhcpcd-6.11.7.tar.xz

Continue reading...

dhcpcd-7.2.1 has been released with the following changes:

  • Solaris: Many more issues fixed
  • OpenBSD: Don't spam syslog when cannot send NA
  • FreeBSD: Fix fetching IPv6 address lifetimes

These security issues are also addressed:

  • auth: Use consttime_memequal to avoid latency attack
    consttime_memequal is supplied if libc does not support it dhcpcd >=6.2 <7.2.1 are vulnerable

  • DHCP: Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED
    dhcpcd >=4 <7.2.1 are vulnerable

  • DHCPv6: Fix a potential buffer overflow reading NA/TA addresses
    dhcpcd >=7 <7.2.1 are vulnerable

IT IS HIGHLY RECOMMENDED YOU UPGRADE DHCPCD!
Especially if you are using dhcpcd-7

Patch for dhcpcd-7 if you don't want to upgrade to dhcpcd-7.2.1: https://roy.marples.name/git/dhcpcd.git/patch/?id=23525884a346ed81c808c1ed90e3c56a8bf0cc68

dhcpcd-6.11.6 has been released as well, with the two applicable fixes in. I have no plans to fix earlier versions, heck you shouldn't even be using dhcpcd-6!

Many thanks to Maxime Villard max@m00nbsd.net for discovering these issues.

FTP: ftp://roy.marples.name/pub/dhcpcd/dhcpcd-7.2.1.tar.xz
HTTP: https://roy.marples.name/downloads/dhcpcd/dhcpcd-7.2.1.tar.xz
FTP: ftp://roy.marples.name/pub/dhcpcd/dhcpcd-6.11.6.tar.xz
HTTP: https://roy.marples.name/downloads/dhcpcd/dhcpcd-6.11.6.tar.xz

Continue reading...

dhcpcd-7.2.0 has been released with the following changes of note:

  • build: latest gmake-3 works once more
  • build: exits on error in a subdir
  • BSD: PF_LINK sockets now closed when no longer needed
  • BSD: Fix detecting interface for scoped routes
  • Solaris: Many, many, many fixes - pretty much works now
  • script: Allow "" to mean /dev/null
  • script: Add static routers and routes to env
  • DHCP: outbound interface is no longer dictated with IP_PKTINFO
  • DHCP: BPF sockets now closed when no longer needed
  • DHCPv6: Allow nooption dhcp6_unicast to work
  • DHCPv6: Don't spam syslog if we always get the same error
  • route: Log pid which deleted routes of interest

Sorry for the longer delay than normal in getting this release out. Anwyay, this is likely the last feature release from the -7 branch. Just minor bug fixes and any security issues from this point. A dhcpcd-7 branch has now been created for maintainance.

FTP: ftp://roy.marples.name/pub/dhcpcd/dhcpcd-7.2.0.tar.xz
HTTP: https://roy.marples.name/downloads/dhcpcd/dhcpcd-7.2.0.tar.xz

Continue reading...

A minor update, highlights include:

  • IPv4LL: Fixed build with this disabled
  • IPv4LL: Remember last address between carrier resets
  • BSD: Fixed initial link infos reported as LINK_STATE_UNKNOWN
  • FreeBSD: Avoid panicing kernel when RTA_IFP is set for IPv6 prefix routes

ftp://roy.marples.name/pub/dhcpcd/dhcpcd-7.1.1.tar.xz
https://roy.marples.name/downloads/dhcpcd/dhcpcd-7.1.1.tar.xz

Continue reading...

dhcpcd-7.1.0 has been released with the following changes:

  • OpenBSD: works alongside slaacd(8)
  • NetBSD: sets SO_RERROR on to detect receive socket overflow
  • BSD: route improvements to avoid listening for own changes
  • Linux: use NETLINK_BROADCAST_ERROR
  • BSD: avoid late address deletion messages by testing address existance
  • IP6: implement IP6 address sharing
  • BSD: catch UP/DOWN events when interfaces does support media changes
  • IPv4LL: remember old address when carrier is lost

Many other minor fixes and documenation updates have been submitted by various community members for this release which is nice to see :) IP6 address sharing requies the kernel to avoid IPv6 ND messages from itself via nonce matching and/or hardware address matching because all kernels handle IP6 Duplicate Address Detection.

ftp://roy.marples.name/pub/dhcpcd/dhcpcd-7.1.0.tar.xz
https://roy.marples.name/downloads/dhcpcd/dhcpcd-7.1.0.tar.xz

Continue reading...