dhcp package update

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>

SOURCES/dhcp-4.2.5-bind-config.patch

@@ -0,0 +1,300 @@
+From 960bee12f1ceca0d6fa97e0423be2ea0a162df96 Mon Sep 17 00:00:00 2001
+From: Petr Mensik <pemensik@redhat.com>
+Date: Fri, 9 Feb 2018 15:24:53 +0100
+Subject: [PATCH] Support for isc-config.sh script on --with-libbind parameter
+
+Move checks only to isc-config section
+
+Fix detection of bind flags from config
+
+Add support for with-libbind=config, Improve help message
+---
+ client/Makefile.am       |  4 +-
+ common/tests/Makefile.am |  4 +-
+ configure.ac             | 91 ++++++++++++++++++++++++++++++++++++----
+ dhcpctl/Makefile.am      |  6 ++-
+ omapip/Makefile.am       |  4 +-
+ relay/Makefile.am        |  4 +-
+ server/Makefile.am       |  4 +-
+ server/tests/Makefile.am |  7 +++-
+ 8 files changed, 108 insertions(+), 16 deletions(-)
+
+diff --git a/client/Makefile.am b/client/Makefile.am
+index b78a915..b764a11 100644
+--- a/client/Makefile.am
++++ b/client/Makefile.am
+@@ -1,3 +1,5 @@
++BIND_LIBS = @BIND_LIBS@
++
+ dist_sysconf_DATA = dhclient.conf.example
+ sbin_PROGRAMS = dhclient
+ dhclient_SOURCES = clparse.c dhclient.c dhc6.c \
+@@ -5,7 +7,7 @@ dhclient_SOURCES = clparse.c dhclient.c dhc6.c \
+ 		   scripts/netbsd scripts/nextstep scripts/openbsd \
+ 		   scripts/solaris scripts/openwrt
+ dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
+-		 $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD)
++		 $(CAPNG_LDADD) $(BIND_LIBS)
+ man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
+ EXTRA_DIST = $(man_MANS)
+ 
+diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
+index df68621..067acd3 100644
+--- a/common/tests/Makefile.am
++++ b/common/tests/Makefile.am
+@@ -1,5 +1,7 @@
+ SUBDIRS = .
+ 
++BIND_LIBS = @BIND_LIBS@
++
+ AM_CPPFLAGS = $(ATF_CFLAGS) -I$(top_srcdir)/includes
+ 
+ EXTRA_DIST = Atffile
+@@ -14,7 +16,7 @@ alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c
+ alloc_unittest_LDADD = $(ATF_LDFLAGS)
+ alloc_unittest_LDADD += ../libdhcp.a  \
+ 	../../omapip/libomapi.la \
+-	 $(BIND9_LIBDIR) -ldns-export -lisc-export
++	 $(BIND_LIBS)
+ 
+ check: $(ATF_TESTS)
+ 	atf-run | atf-report
+diff --git a/configure.ac b/configure.ac
+index 7ef5588..f849f4b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -650,6 +650,10 @@ AC_CHECK_MEMBER(struct msghdr.msg_control,,
+ 	])
+ 
+ libbind=
++BIND_CONFIG=
++BIND_CPPFLAGS=
++BIND_LIBS=
++
+ AC_ARG_WITH(libbind,
+ 	AC_HELP_STRING([--with-libbind=PATH],
+ 		       [bind includes are in PATH 
+@@ -657,14 +661,32 @@ AC_ARG_WITH(libbind,
+ 	use_libbind="$withval", use_libbind="no")
+ case "$use_libbind" in 
+ yes|no)
+-	libbind="\${top_srcdir}/bind/include"
++	libbind="\${top_srcdir}/bind"
++	;;
++config)
++	AC_PATH_PROG(BIND_CONFIG, [isc-config.sh bind9-config])
+ 	;;
+ *)
+-	libbind="$use_libbind"
++	if test -f "$use_libbind" -a -x "$use_libbind"; then
++		# passed full path of isc-config.sh
++		BIND_CONFIG="$use_libbind"
++	else
++		libbind="$use_libbind"
++		if test ! -d "$srcdir/bind"; then
++			# no bind directory, create it with a fake Makefile.in
++			# (AC_CONFIG_FILES and top Makefile refer to it so
++			# it must exits)
++			mkdir $srcdir/bind
++			cat > $srcdir/bind/Makefile.in << EOF
++# placeholder
++all check clean distclean distdir install uninstall:
++EOF
++		fi
++	fi
+ 	;;
+ esac
+-
+-BIND9_LIBDIR='-L$(top_builddir)/bind/lib'
++	
++BIND_LIBDIR='$(top_builddir)/bind/lib'
+ AC_ARG_WITH(libbind-libs,
+ 	AC_HELP_STRING([--with-libbind-libs=PATH],
+ 		       [bind9 export libraries are in PATH]),
+@@ -677,13 +699,68 @@ no)
+ 	BUNDLED_BIND=yes
+ 	;;
+ *)
+-	BIND9_LIBDIR="-L$libbind_libs"
++	BIND_LIBDIR="$libbind_libs"
+ 	BUNDLED_BIND=no
+ 	;;
+ esac
+-AM_CONDITIONAL([BUNDLED_BIND], [test "$BUNDLED_BIND" = yes])
++BIND9_LIBDIR="-L$BIND_LIBDIR"
+ AC_SUBST([BIND9_LIBDIR])
+ 
++if test -z "$BIND_CONFIG"; then
++	BIND_CPPFLAGS="-I${libbind}/include"
++	BIND_LIBS="$BIND9_LIBDIR -ldns -lisc"
++else
++	BIND_CPPFLAGS=`$BIND_CONFIG --cflags`
++	BIND_LIBS=`$BIND_CONFIG --libs dns isc`
++	BUNDLED_BIND=no
++
++	# bind is already built
++	AC_CHECKING([Checking bind libraries have no thread support])
++	saved_libs="$LIBS"
++	saved_CPPFLAGS="$CPPFLAGS"
++	CPPFLAGS="${CPPFLAGS} ${BIND_CPPFLAGS}"
++	LIBS="${LIBS} ${BIND_LIBS}"
++AC_TRY_LINK([
++#include <isc/bind9.h>
++#include <isc/lib.h>
++],[
++#ifdef BIND9
++#error Export BIND library has to be used with BIND version up to 9.9
++#endif
++isc_lib_register();
++], [AC_MSG_RESULT(Bind export library found)
++    BIND_EXPORT=yes], [BIND_EXPORT=no]
++)
++
++# Allow build with disabled threads for dhcp
++AC_TRY_LINK([
++#include <isc/platform.h>
++#include <isc/bind9.h>
++#include <isc/lib.h>
++],[
++#ifdef ISC_PLATFORM_USETHREADS
++#error Bind library must not be compiled with threads
++#endif
++isc_lib_register();
++if (isc_bind9 != 0) {}
++], [AC_MSG_RESULT(Bind single thread library found)
++    BIND_SINGLETHREAD=yes], [BIND_SINGLETHREAD=no]
++)
++
++	if test "x$BIND_EXPORT" != xyes -a "x$BIND_SINGLETHREADED" != xyes
++	then
++		AC_MSG_RESULT([BIND_CONFIG=${BIND_CONFIG}])
++		AC_MSG_RESULT([BIND_CPPFLAGS=${BIND_CPPFLAGS}])
++		AC_MSG_RESULT([BIND_LIBS=${BIND_LIBS}])
++		AC_MSG_ERROR([Bind libraries are not useable for dhcp])
++	fi
++	CPPFLAGS="$saved_CPPFLAGS"
++	LIBS="$saved_LIBS"
++fi
++AC_SUBST(BIND_CPPFLAGS)
++AC_SUBST(BIND_LIBS)
++AM_CONDITIONAL([BUNDLED_BIND], [test "$BUNDLED_BIND" = yes])
++
+ # OpenLDAP support.
+ AC_ARG_WITH(ldap,
+     AC_HELP_STRING([--with-ldap],
+@@ -730,7 +807,7 @@ fi
+ CFLAGS="$CFLAGS $STD_CWARNINGS"
+ 
+ # Try to add the bind include directory
+-CFLAGS="$CFLAGS -I$libbind"
++CFLAGS="$CFLAGS $BIND_CPPFLAGS"
+ 
+ AC_C_FLEXIBLE_ARRAY_MEMBER
+ 
+diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
+index fb7a840..4f59dcf 100644
+--- a/dhcpctl/Makefile.am
++++ b/dhcpctl/Makefile.am
+@@ -1,3 +1,5 @@
++BIND_LIBS = @BIND_LIBS@
++
+ bin_PROGRAMS = omshell
+ lib_LTLIBRARIES = libdhcpctl.la
+ noinst_PROGRAMS = cltest
+@@ -6,10 +8,10 @@ EXTRA_DIST = $(man_MANS)
+ 
+ omshell_SOURCES = omshell.c
+ omshell_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \
+-	        $(BIND9_LIBDIR) -ldns-export -lisc-export
++	        $(BIND_LIBS)
+ 
+ libdhcpctl_la_SOURCES = dhcpctl.c callback.c remote.c
+ 
+ cltest_SOURCES = cltest.c
+ cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \
+-	       $(BIND9_LIBDIR) -ldns-export -lisc-export
++	        $(BIND_LIBS)
+diff --git a/omapip/Makefile.am b/omapip/Makefile.am
+index 6247549..265bcef 100644
+--- a/omapip/Makefile.am
++++ b/omapip/Makefile.am
+@@ -1,3 +1,5 @@
++BIND_LIBS = @BIND_LIBS@
++
+ lib_LTLIBRARIES = libomapi.la
+ noinst_PROGRAMS = svtest
+ 
+@@ -10,5 +12,5 @@ man_MANS = omapi.3
+ EXTRA_DIST = $(man_MANS)
+ 
+ svtest_SOURCES = test.c
+-svtest_LDADD = libomapi.la $(BIND9_LIBDIR) -ldns-export -lisc-export
++svtest_LDADD = libomapi.la $(BIND_LIBS)
+ 
+diff --git a/relay/Makefile.am b/relay/Makefile.am
+index 1885c82..999e543 100644
+--- a/relay/Makefile.am
++++ b/relay/Makefile.am
+@@ -1,9 +1,11 @@
++BIND_LIBS = @BIND_LIBS@
++
+ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"'
+ 
+ sbin_PROGRAMS = dhcrelay
+ dhcrelay_SOURCES = dhcrelay.c
+ dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
+-		 $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD)
++		 $(CAPNG_LDADD) $(BIND_LIBS)
+ man_MANS = dhcrelay.8
+ EXTRA_DIST = $(man_MANS)
+ 
+diff --git a/server/Makefile.am b/server/Makefile.am
+index 1d1122d..e593898 100644
+--- a/server/Makefile.am
++++ b/server/Makefile.am
+@@ -4,6 +4,8 @@
+ # production code. Sadly, we are not there yet.
+ SUBDIRS = . tests
+ 
++BIND_LIBS = @BIND_LIBS@
++
+ AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"'
+ 
+ dist_sysconf_DATA = dhcpd.conf.example
+@@ -14,7 +16,7 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \
+ 
+ dhcpd_CFLAGS = $(LDAP_CFLAGS)
+ dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
+-	      ../dhcpctl/libdhcpctl.la $(BIND9_LIBDIR) -ldns-export -lisc-export
++	      ../dhcpctl/libdhcpctl.la $(BIND_LIBS)
+ 
+ man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
+ EXTRA_DIST = $(man_MANS)
+diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
+index 5f2c5a8..4522f6b 100644
+--- a/server/tests/Makefile.am
++++ b/server/tests/Makefile.am
+@@ -1,7 +1,10 @@
+ SUBDIRS = .
+ 
++BIND_LIBS = @BIND_LIBS@
++BIND_CPPFLAGS = @BIND_CPPFLAGS@
++
+ AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
+-AM_CPPFLAGS += -I$(top_srcdir)/bind/include -I$(top_srcdir)
++AM_CPPFLAGS += $(BIND_CPPFLAGS) -I$(top_srcdir)
+ AM_CPPFLAGS += -DLOCALSTATEDIR='"."'
+ 
+ EXTRA_DIST = Atffile
+@@ -18,7 +21,7 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpars.c ../db.c ../class.c      \
+           ../ldap.c ../ldap_casa.c ../dhcpd.c
+ 
+ DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.la    \
+-          $(top_builddir)/dhcpctl/libdhcpctl.la $(BIND9_LIBDIR) -ldns-export -lisc-export
++          $(top_builddir)/dhcpctl/libdhcpctl.la $(BIND_LIBS)
+ 
+ if ENABLE_SYSTEMTAP
+ DHCPLIBS += ../probes.o
+-- 
+2.20.1
+

SOURCES/dhcp-4.2.5-expiry_before_renewal_v2.patch

@@ -0,0 +1,31 @@
+diff -up dhcp-4.2.5/client/dhclient.c.orig dhcp-4.2.5/client/dhclient.c
+--- dhcp-4.2.5/client/dhclient.c.orig	2018-11-07 14:21:16.756152614 +0100
++++ dhcp-4.2.5/client/dhclient.c	2018-11-08 17:30:15.754440523 +0100
+@@ -1618,8 +1618,14 @@ void dhcpack (packet)
+ 	} else
+ 			client -> new -> renewal = 0;
+ 
+-	/* If it wasn't specified by the server, calculate it. */
+-	if (!client -> new -> renewal)
++	/* 
++	 * If it wasn't specified by the server, calculate it. Also use expiry
++	 * instead of renewal time when it is shorter. This better follows 
++	 * RFC 2131 (section 4.4.5) when dealing with some DHCP servers.
++	 */
++	
++	if (!client -> new -> renewal ||
++	    client -> new -> renewal > client -> new -> expiry)
+ 		client -> new -> renewal = client -> new -> expiry / 2 + 1;
+ 
+ 	if (client -> new -> renewal <= 0)
+@@ -1645,7 +1651,9 @@ void dhcpack (packet)
+ 	} else
+ 			client -> new -> rebind = 0;
+ 
+-	if (client -> new -> rebind <= 0) {
++	/* Rebinding time must not be longer than expiry. */
++	if (client -> new -> rebind <= 0 ||
++	    client -> new -> rebind > client -> new -> expiry) {
+ 		if (client -> new -> expiry <= TIME_MAX / 7)
+ 			client -> new -> rebind =
+ 					client -> new -> expiry * 7 / 8;

SOURCES/dhcp-4.2.5-isc-util.patch

@@ -0,0 +1,77 @@
+From 0770fd9971d38a0691d2f43528a86dba5fd40a9c Mon Sep 17 00:00:00 2001
+From: Petr Mensik <pemensik@redhat.com>
+Date: Fri, 16 Feb 2018 17:50:40 +0100
+Subject: [PATCH] New bind includes never includes isc/util.h from any public
+ headers. Include them to all compiled files that require it.
+
+---
+ client/dhclient.c   | 1 +
+ common/execute.c    | 1 +
+ common/parse.c      | 1 +
+ common/socket.c     | 1 +
+ omapip/connection.c | 1 +
+ 5 files changed, 5 insertions(+)
+
+diff --git a/client/dhclient.c b/client/dhclient.c
+index f9d0493..cf5faa5 100644
+--- a/client/dhclient.c
++++ b/client/dhclient.c
+@@ -37,6 +37,7 @@
+ #include <sys/time.h>
+ #include <sys/wait.h>
+ #include <limits.h>
++#include <isc/util.h>
+ #include <dns/result.h>
+ 
+ #ifdef HAVE_LIBCAP_NG
+diff --git a/common/execute.c b/common/execute.c
+index bbf0279..945c14e 100644
+--- a/common/execute.c
++++ b/common/execute.c
+@@ -35,6 +35,7 @@
+ 
+ #include "dhcpd.h"
+ #include <omapip/omapip_p.h>
++#include <isc/util.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ 
+diff --git a/common/parse.c b/common/parse.c
+index 7477543..de14be2 100644
+--- a/common/parse.c
++++ b/common/parse.c
+@@ -33,6 +33,7 @@
+  */
+ 
+ #include "dhcpd.h"
++#include <isc/util.h>
+ #include <syslog.h>
+ 
+ /* Enumerations can be specified in option formats, and are used for
+diff --git a/common/socket.c b/common/socket.c
+index f30c171..1df558d 100644
+--- a/common/socket.c
++++ b/common/socket.c
+@@ -41,6 +41,7 @@
+  */
+ 
+ #include "dhcpd.h"
++#include <isc/util.h>
+ #include <errno.h>
+ #include <sys/ioctl.h>
+ #include <sys/uio.h>
+diff --git a/omapip/connection.c b/omapip/connection.c
+index d08524d..2f4d399 100644
+--- a/omapip/connection.c
++++ b/omapip/connection.c
+@@ -36,6 +36,7 @@
+ #include "dhcpd.h"
+ 
+ #include <omapip/omapip_p.h>
++#include <isc/util.h>
+ #include <arpa/inet.h>
+ #include <arpa/nameser.h>
+ #include <errno.h>
+-- 
+2.20.1
+

SOURCES/dhcp-4.2.5-standard_ddns.patch

@@ -9,7 +9,7 @@ index a29757a..c66a912 100644
 +.B -i
 +]
 +[
-+.B -I
++.B -C
 +]
 +[
  .B -D
@@ -27,7 +27,7 @@ index a29757a..c66a912 100644
 +setting a client id in the configuration file.  Overridding the
 +client id in this fashion is discouraged.
 +.TP
-+.BI \-I
++.BI \-C
 +Use the standard DDNS scheme from RFCs 4701 & 4702.  
 +.TP
  .BI \--version
@@ -82,7 +82,7 @@ index 0db4703..6403754 100644
 +		} else if (!strcmp(argv[i], "-i")) {
 +			/* enable DUID support for DHCPv4 clients */
 +			duid_v4 = 1;
-+		} else if (!strcmp(argv[i], "-I")) {
++		} else if (!strcmp(argv[i], "-C")) {
 +			/* enable standard DHCID support for DDNS updates */
 +			std_dhcid = 1;
  		} else if (!strcmp(argv[i], "-v")) {
@@ -125,10 +125,10 @@ index 0db4703..6403754 100644
  	log_fatal("Usage: dhclient "
  #ifdef DHCPv6
 -		  "[-4|-6] [-SNTP1dvrx] [-nw] [-p <port>] [-D LL|LLT]\n"
-+		  "[-4|-6] [-SNTPI1dvrxi] [-nw] [-p <port>] [-D LL|LLT] \n"
++		  "[-4|-6] [-SNTPI1dvrxc] [-nw] [-p <port>] [-D LL|LLT] \n"
  #else /* DHCPv6 */
 -		  "[-1dvrx] [-nw] [-p <port>]\n"
-+		  "[-I1dvrxi] [-nw] [-p <port>] [-D LL|LLT] \n"
++		  "[-C1dvrxc] [-nw] [-p <port>] [-D LL|LLT] \n"
  #endif /* DHCPv6 */
  		  "                [-s server-addr] [-cf config-file] "
  		  "[-lf lease-file]\n"
@@ -295,7 +295,7 @@ index 0db4703..6403754 100644
 +        /*
 +	 * Construct the DHCID value for use in the DDNS update process
 +	 * We have the newer standard version and the older interim version
-+	 * chosen by the '-I' option.  The interim version is left as is
++	 * chosen by the '-C' option.  The interim version is left as is
 +	 * for backwards compatibility.  The standard version is based on
 +	 * RFC 4701 section 3.3
  	 */

SOURCES/dhcp-close_file_in_noreplay.patch

@@ -0,0 +1,20 @@
+diff --git a/server/confpars.c b/server/confpars.c
+index a9b4b57..761b102 100644
+--- a/server/confpars.c
++++ b/server/confpars.c
+@@ -168,7 +168,6 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
+ 	if (result != ulen)
+ 		log_fatal ("%s: short read of %d bytes instead of %d.",
+ 			   filename, ulen, result);
+-	close (file);
+       memfile:
+ 	/* If we're recording, write out the filename and file contents. */
+ 	if (trace_record ())
+@@ -179,6 +178,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
+ 	status = new_parse(&cfile, file, NULL, 0, filename, 0);
+ #endif
+       noreplay:
++	close (file);
+ 	if (status != ISC_R_SUCCESS || cfile == NULL)
+ 		return status;
+ 

SOURCES/dhcp-dhclient_ipv6_prefix.patch

@@ -0,0 +1,74 @@
+diff --git a/client/dhc6.c b/client/dhc6.c
+index 47bf0a2..6f12a86 100644
+--- a/client/dhc6.c
++++ b/client/dhc6.c
+@@ -120,6 +120,7 @@ static int check_timing6(struct client_state *client, u_int8_t msg_type,
+ 
+ extern int onetry;
+ extern int stateless;
++extern int address_prefix_len;
+ 
+ /*
+  * The "best" default DUID, since we cannot predict any information
+@@ -3968,7 +3969,7 @@ dhc6_marshall_values(const char *prefix, struct client_state *client,
+ 			 * some suspect this may not be permanent.
+ 			 */
+ 			client_envadd(client, prefix, "ip6_prefixlen",
+-				      "%d", 64);
++				      "%d", address_prefix_len);
+ 			client_envadd(client, prefix, "ip6_address",
+ 				      "%s", piaddr(addr->address));
+ 		}
+diff --git a/client/dhclient.c b/client/dhclient.c
+index f9d0493..d1ab473 100644
+--- a/client/dhclient.c
++++ b/client/dhclient.c
+@@ -106,6 +106,7 @@ int wanted_ia_na = -1;		/* the absolute value is the real one. */
+ int wanted_ia_ta = 0;
+ int wanted_ia_pd = 0;
+ char *mockup_relay = NULL;
++int address_prefix_len = DHCLIENT_DEFAULT_PREFIX_LEN;
+ int bootp_broadcast_always = 0;
+ 
+ extern struct option *default_requested_options[];
+@@ -288,6 +289,15 @@ main(int argc, char **argv) {
+ 			tmp->next = client_env;
+ 			client_env = tmp;
+ 			client_env_count++;
++		} else if (!strcmp(argv[i], "--address-prefix-len")) {
++			if (++i == argc) {
++				usage();
++			}
++			errno = 0;
++			address_prefix_len = (int)strtol(argv[i], &s, 10);
++			if (errno || (*s != '\0') ||
++			    (address_prefix_len < 0)) {
++				usage();			}
+ #ifdef DHCPv6
+ 		} else if (!strcmp(argv[i], "-S")) {
+ 			if (local_family_set && (local_family == AF_INET)) {
+@@ -1127,6 +1137,7 @@ static void usage()
+ 		  "[-4|-6] [-SNTPI1dvrxc] [-nw] [-p <port>] [-D LL|LLT] \n"
+ #else /* DHCPv6 */
+ 		  "[-C1dvrxc] [-nw] [-p <port>] [-D LL|LLT] \n"
++                  "                [--address-prefix-len length]\n"
+ #endif /* DHCPv6 */
+ 		  "                [-s server-addr] [-cf config-file] "
+ 		  "[-lf lease-file]\n"
+diff --git a/includes/site.h b/includes/site.h
+index 1c7ec96..c87cfe9 100644
+--- a/includes/site.h
++++ b/includes/site.h
+@@ -295,3 +295,12 @@
+    up. */
+ #define DDNS_UPDATE_SLOW_TRANSITION
+    
++/* Define the default prefix length passed from the client to
++   the script when modifying an IPv6 IA_NA or IA_TA address.
++   The two most useful values are 128 which is what the current
++   specifications call for or 64 which is what has been used in
++   the past.  For most OSes 128 will indicate that the address
++   is a host address and doesn't include any on-link information.
++   64 indicates that the first 64 bits are the subnet or on-link
++   prefix. */
++#define DHCLIENT_DEFAULT_PREFIX_LEN 128

SOURCES/dhcp-handle_ctx_signals.patch

@@ -0,0 +1,68 @@
+diff --git a/omapip/isclib.c b/omapip/isclib.c
+index b3d336d..b252fb6 100644
+--- a/omapip/isclib.c
++++ b/omapip/isclib.c
+@@ -28,6 +28,7 @@
+ #include "dhcpd.h"
+ 
+ #include <sys/time.h>
++#include <signal.h>
+ 
+ dhcp_context_t dhcp_gbl_ctx;
+ 
+@@ -67,6 +67,21 @@ isclib_cleanup(void)
+ 	return;
+ }
+ 
++/* Installs a handler for a signal using sigaction */
++static void
++handle_signal(int sig, void (*handler)(int)) {
++	struct sigaction sa;
++
++	memset(&sa, 0, sizeof(sa));
++	sa.sa_handler = handler;
++	sigfillset(&sa.sa_mask);
++	if (sigaction(sig, &sa, NULL) != 0) {
++		log_debug("handle_signal() failed for signal %d error: %s",
++                          sig, strerror(errno));
++	}
++}
++
++
+ isc_result_t
+ dhcp_context_create(void) {
+ 	isc_result_t result;
+@@ -102,11 +117,6 @@ dhcp_context_create(void) {
+ 	if (result != ISC_R_SUCCESS)
+ 		goto cleanup;
+ 
+-	result = isc_app_ctxstart(dhcp_gbl_ctx.actx);
+-	if (result != ISC_R_SUCCESS)
+-		return (result);
+-	dhcp_gbl_ctx.actx_started = ISC_TRUE;
+-
+ 	result = isc_taskmgr_createinctx(dhcp_gbl_ctx.mctx,
+ 					 dhcp_gbl_ctx.actx,
+ 					 1, 0,
+@@ -130,6 +140,21 @@ dhcp_context_create(void) {
+ 	if (result != ISC_R_SUCCESS)
+ 		goto cleanup;
+ 
++        result = isc_app_ctxstart(dhcp_gbl_ctx.actx);
++        if (result != ISC_R_SUCCESS)
++          return (result);
++        dhcp_gbl_ctx.actx_started = ISC_TRUE;
++
++        /* Not all OSs support suppressing SIGPIPE through socket
++         * options, so set the sigal action to be ignore.  This allows
++         * broken connections to fail gracefully with EPIPE on writes */
++        handle_signal(SIGPIPE, SIG_IGN);
++
++        /* Reset handlers installed by isc_app_ctxstart()
++         * to default for control-c and kill */
++        handle_signal(SIGINT, SIG_DFL);
++        handle_signal(SIGTERM, SIG_DFL);
++        
+ #if !defined (NSUPDATE)
+ 	/* The dst library is inited as part of dns_lib_init, we don't
+ 	 * need it if NSUPDATE is enabled */

SOURCES/dhcp-isc_heap_delete.patch

@@ -0,0 +1,160 @@
+diff --git a/includes/dhcpd.h b/includes/dhcpd.h
+index 52ba677..deea2a7 100644
+--- a/includes/dhcpd.h
++++ b/includes/dhcpd.h
+@@ -1521,8 +1521,9 @@ struct iasubopt {
+  */
+ #define EXPIRED_IPV6_CLEANUP_TIME (60*60)
+ 
+-	int heap_index;				/* index into heap, or -1
+-						   (internal use only) */
++	/* index into heaps, or -1 (internal use only) */
++	int active_index;
++	int inactive_index;
+ 
+ 	/*
+ 	 * A pointer to the state of the ddns update for this lease.
+diff --git a/server/mdb6.c b/server/mdb6.c
+index 0e76264..711ab3d 100644
+--- a/server/mdb6.c
++++ b/server/mdb6.c
+@@ -130,7 +130,8 @@ iasubopt_allocate(struct iasubopt **iasubopt, const char *file, int line) {
+ 
+ 	tmp->refcnt = 1;
+ 	tmp->state = FTS_FREE;
+-	tmp->heap_index = -1;
++	tmp->active_index = -1;
++	tmp->inactive_index = -1;
+ 	tmp->plen = 255;
+ 
+ 	*iasubopt = tmp;
+@@ -504,10 +505,14 @@ lease_older(void *a, void *b) {
+  * Callback when an address's position in the heap changes.
+  */
+ static void
+-lease_index_changed(void *iasubopt, unsigned int new_heap_index) {
+-	((struct iasubopt *)iasubopt)-> heap_index = new_heap_index;
++active_changed(void *iasubopt, unsigned int new_heap_index) {
++	((struct iasubopt *)iasubopt)-> active_index = new_heap_index;
+ }
+ 
++static void
++inactive_changed(void *iasubopt, unsigned int new_heap_index) {
++	((struct iasubopt *)iasubopt)-> inactive_index = new_heap_index;
++}
+ 
+ /*
+  * Create a new IPv6 lease pool structure.
+@@ -544,13 +549,13 @@ ipv6_pool_allocate(struct ipv6_pool **pool, u_int16_t type,
+ 		dfree(tmp, file, line);
+ 		return ISC_R_NOMEMORY;
+ 	}
+-	if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed,
++	if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, active_changed,
+ 			    0, &(tmp->active_timeouts)) != ISC_R_SUCCESS) {
+ 		iasubopt_free_hash_table(&(tmp->leases), file, line);
+ 		dfree(tmp, file, line);
+ 		return ISC_R_NOMEMORY;
+ 	}
+-	if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed,
++	if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, inactive_changed,
+ 			    0, &(tmp->inactive_timeouts)) != ISC_R_SUCCESS) {
+ 		isc_heap_destroy(&(tmp->active_timeouts));
+ 		iasubopt_free_hash_table(&(tmp->leases), file, line);
+@@ -1045,7 +1050,7 @@ cleanup_lease6(ia_hash_t *ia_table,
+ 	 * Remove the old lease from the active heap and from the hash table
+ 	 * then remove the lease from the IA and clean up the IA if necessary.
+ 	 */
+-	isc_heap_delete(pool->active_timeouts, test_iasubopt->heap_index);
++	isc_heap_delete(pool->active_timeouts, test_iasubopt->active_index);
+ 	pool->num_active--;
+ 
+ 	iasubopt_hash_delete(pool->leases, &test_iasubopt->addr,
+@@ -1110,11 +1115,11 @@ add_lease6(struct ipv6_pool *pool, struct iasubopt *lease,
+ 		if ((test_iasubopt->state == FTS_ACTIVE) ||
+ 		    (test_iasubopt->state == FTS_ABANDONED)) {
+ 			isc_heap_delete(pool->active_timeouts,
+-					test_iasubopt->heap_index);
++					test_iasubopt->active_index);
+ 			pool->num_active--;
+ 		} else {
+ 			isc_heap_delete(pool->inactive_timeouts,
+-					test_iasubopt->heap_index);
++					test_iasubopt->inactive_index);
+ 			pool->num_inactive--;
+ 		}
+ 
+@@ -1225,14 +1230,13 @@ lease6_usable(struct iasubopt *lease) {
+ static isc_result_t
+ move_lease_to_active(struct ipv6_pool *pool, struct iasubopt *lease) {
+ 	isc_result_t insert_result;
+-	int old_heap_index;
+ 
+-	old_heap_index = lease->heap_index;
+ 	insert_result = isc_heap_insert(pool->active_timeouts, lease);
+ 	if (insert_result == ISC_R_SUCCESS) {
+        		iasubopt_hash_add(pool->leases, &lease->addr, 
+ 				  sizeof(lease->addr), lease, MDL);
+-		isc_heap_delete(pool->inactive_timeouts, old_heap_index);
++		isc_heap_delete(pool->inactive_timeouts,
++				lease->inactive_index);
+ 		pool->num_active++;
+ 		pool->num_inactive--;
+ 		lease->state = FTS_ACTIVE;
+@@ -1278,16 +1282,16 @@ renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease) {
+ 	if (lease->state == FTS_ACTIVE) {
+ 		if (old_end_time <= lease->hard_lifetime_end_time) {
+ 			isc_heap_decreased(pool->active_timeouts,
+-					   lease->heap_index);
++					   lease->active_index);
+ 		} else {
+ 			isc_heap_increased(pool->active_timeouts,
+-					   lease->heap_index);
++					   lease->active_index);
+ 		}
+ 		return ISC_R_SUCCESS;
+ 	} else if (lease->state == FTS_ABANDONED) {
+ 		char tmp_addr[INET6_ADDRSTRLEN];
+                 lease->state = FTS_ACTIVE;
+-                isc_heap_increased(pool->active_timeouts, lease->heap_index);
++                isc_heap_increased(pool->active_timeouts, lease->active_index);
+ 		log_info("Reclaiming previously abandoned address %s",
+ 			 inet_ntop(AF_INET6, &(lease->addr), tmp_addr,
+ 				   sizeof(tmp_addr)));
+@@ -1304,9 +1308,7 @@ static isc_result_t
+ move_lease_to_inactive(struct ipv6_pool *pool, struct iasubopt *lease, 
+ 		       binding_state_t state) {
+ 	isc_result_t insert_result;
+-	int old_heap_index;
+ 
+-	old_heap_index = lease->heap_index;
+ 	insert_result = isc_heap_insert(pool->inactive_timeouts, lease);
+ 	if (insert_result == ISC_R_SUCCESS) {
+ #if defined (NSUPDATE)
+@@ -1325,7 +1327,7 @@ move_lease_to_inactive(struct ipv6_pool *pool, struct iasubopt *lease,
+ 
+ 		iasubopt_hash_delete(pool->leases, 
+ 				     &lease->addr, sizeof(lease->addr), MDL);
+-		isc_heap_delete(pool->active_timeouts, old_heap_index);
++		isc_heap_delete(pool->active_timeouts, lease->active_index);
+ 		lease->state = state;
+ 		pool->num_active--;
+ 		pool->num_inactive++;
+@@ -1390,7 +1392,7 @@ decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease) {
+ 	}
+ 	lease->state = FTS_ABANDONED;
+ 	lease->hard_lifetime_end_time = MAX_TIME;
+-	isc_heap_decreased(pool->active_timeouts, lease->heap_index);
++	isc_heap_decreased(pool->active_timeouts, lease->active_index);
+ 	return ISC_R_SUCCESS;
+ }
+ 
+@@ -1663,7 +1665,7 @@ cleanup_old_expired(struct ipv6_pool *pool) {
+ 			break;
+ 		}
+ 
+-		isc_heap_delete(pool->inactive_timeouts, tmp->heap_index);
++		isc_heap_delete(pool->inactive_timeouts, tmp->inactive_index);
+ 		pool->num_inactive--;
+ 
+ 		if (tmp->ia != NULL) {

SOURCES/dhcp-replay_file_limit.patch

@@ -0,0 +1,45 @@
+diff --git a/server/confpars.c b/server/confpars.c
+index d79489b..c20d618 100644
+--- a/server/confpars.c
++++ b/server/confpars.c
+@@ -134,6 +134,11 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
+ 
+ 	cfile = (struct parse *)0;
+ #if defined (TRACING)
++	// No need to dmalloc huge memory region if we're not going to re-play
++	if (!trace_playback()){
++		status = new_parse(&cfile, file, NULL, 0, filename, 0);
++		goto noreplay;
++	};
+ 	flen = lseek (file, (off_t)0, SEEK_END);
+ 	if (flen < 0) {
+ 	      boom:
+@@ -174,6 +179,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
+ #else
+ 	status = new_parse(&cfile, file, NULL, 0, filename, 0);
+ #endif
++      noreplay:
+ 	if (status != ISC_R_SUCCESS || cfile == NULL)
+ 		return status;
+ 
+diff --git a/server/confpars.c b/server/confpars.c
+index 3aecd05..5be4ab1 100644
+--- a/server/confpars.c
++++ b/server/confpars.c
+@@ -176,6 +176,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
+ 	if (trace_record ())
+ 		trace_write_packet (ttype, ulen + tflen + 1, dbuf, MDL);
+ 	status = new_parse(&cfile, -1, fbuf, ulen, filename, 0); /* XXX */
++	dfree(dbuf, MDL);
+ #else
+ 	status = new_parse(&cfile, file, NULL, 0, filename, 0);
+ #endif
+@@ -188,9 +189,6 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
+ 	else
+ 		status = conf_file_subparse (cfile, group, group_type);
+ 	end_parse (&cfile);
+-#if defined (TRACING)
+-	dfree (dbuf, MDL);
+-#endif
+ 	return status;
+ }

SOURCES/dhcp-system_time_changed.patch

@@ -0,0 +1,73 @@
+diff --git a/client/dhclient.c b/client/dhclient.c
+index 1992467..364fd08 100644
+--- a/client/dhclient.c
++++ b/client/dhclient.c
+@@ -4463,6 +4463,10 @@ isc_result_t dhcp_set_control_state (control_object_state_t oldstate,
+ 		  case server_awaken:
+ 		    state_reboot (client);
+ 		    break;
++                  case server_time_changed:
++                    if (client->active)
++                      state_reboot (client);
++                    break;
+ 		}
+ 	    }
+ 	}
+diff --git a/common/dispatch.c b/common/dispatch.c
+index af8a5b5..c1d558f 100644
+--- a/common/dispatch.c
++++ b/common/dispatch.c
+@@ -110,10 +110,20 @@ dispatch(void)
+ {
+ 	isc_result_t status;
+ 
+-	status = isc_app_ctxrun(dhcp_gbl_ctx.actx);
+-
+-	log_fatal ("Dispatch routine failed: %s -- exiting",
+-		   isc_result_totext (status));
++        do{
++          status = isc_app_ctxrun(dhcp_gbl_ctx.actx);
++
++          if (status == ISC_R_TIMESHIFTED){
++            status = dhcp_set_control_state(server_time_changed,
++                                            server_time_changed);
++            status = ISC_R_RELOAD;
++            log_info ("System time has been changed. Unable to use existing leases. Restarting");
++            // do nothing, restart context
++          };
++        } while (status == ISC_R_RELOAD);
++        
++        log_fatal ("Dispatch routine failed: %s -- exiting",
++                   isc_result_totext (status));
+ }
+ 
+ void
+diff --git a/includes/dhcpd.h b/includes/dhcpd.h
+index deea2a7..d60a03c 100644
+--- a/includes/dhcpd.h
++++ b/includes/dhcpd.h
+@@ -479,7 +479,8 @@ typedef enum {
+ 	server_running = 1,
+ 	server_shutdown = 2,
+ 	server_hibernate = 3,
+-	server_awaken = 4
++	server_awaken = 4,
++        server_time_changed = 5
+ } control_object_state_t;
+ 
+ typedef struct {
+diff --git a/server/dhcpd.c b/server/dhcpd.c
+index 9617d75..9add7e4 100644
+--- a/server/dhcpd.c
++++ b/server/dhcpd.c
+@@ -1392,6 +1392,10 @@ static isc_result_t dhcp_io_shutdown_countdown (void *vlp)
+ isc_result_t dhcp_set_control_state (control_object_state_t oldstate,
+ 				     control_object_state_t newstate)
+ {
++        if (newstate == server_time_changed){
++          log_error ("System time has been changed. Leases information unreliable!");
++          return ISC_R_SUCCESS;
++        }
+ 	if (newstate == server_shutdown) {
+ 		shutdown_time = cur_time;
+ 		shutdown_state = shutdown_listeners;

SPECS/dhcp.spec

@@ -18,7 +18,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.2.5
-Release:  68%{?dist}
+Release:  77%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -108,7 +108,16 @@ Patch68:  dhcp-4.2.5-reap_orphan_sockets.patch
 Patch69:  dhcp-4.2.5-options_overflow.patch
 # CVE-2018-5733
 Patch70:  dhcp-4.2.5-reference_count_overflow.patch
-Patch71:  dhcp-4.2.5-powerel-branding.patch
+Patch71:  dhcp-replay_file_limit.patch
+Patch72:  dhcp-4.2.5-expiry_before_renewal_v2.patch
+Patch73:  dhcp-4.2.5-bind-config.patch
+Patch74:  dhcp-dhclient_ipv6_prefix.patch
+# Support build with bind 9.11.3+
+Patch75:  dhcp-4.2.5-isc-util.patch
+
+Patch76:  dhcp-isc_heap_delete.patch
+Patch77:  dhcp-handle_ctx_signals.patch
+Patch78:  dhcp-4.2.5-powerel-branding.patch
 
 
 BuildRequires: autoconf
@@ -116,7 +125,8 @@ BuildRequires: automake
 BuildRequires: libtool
 BuildRequires: openldap-devel
 BuildRequires: libcap-ng-devel
-BuildRequires: bind-lite-devel
+# https://fedorahosted.org/fpc/ticket/502#comment:3
+BuildRequires: bind-export-devel
 BuildRequires: systemd systemd-devel
 %if %sdt
 BuildRequires: systemtap-sdt-devel
@@ -360,7 +370,6 @@ rm -rf includes/isc-dhcp
 # multiple key statements in zone definition causes inappropriate error (#873794)
 # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #31892])
 %patch46 -p1 -b .dupl-key
-
 # Make sure range6 is correct for subnet6 where it's declared (#902966)
 # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #32453])
 %patch47 -p1 -b .range6
@@ -437,7 +446,22 @@ rm -rf includes/isc-dhcp
 
 %patch69 -p1 -b .options_overflow
 %patch70 -p1 -b .reference_overflow
-%patch71 -p1
+%patch71 -p1 -b .load_leases
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1647784
+%patch72 -p1 -b .t2-expirity
+%patch74 -p1 -b .ipv6-prefix
+
+# Support for BIND 9.11
+%patch73 -p1 -b .bind-config
+# include isc/util.h explicitly, is it no longer contained in used headers
+%patch75 -p1 -b .isc-util
+
+# fixed bug in isc_heap_delete function triggered dhcpd(6) crash
+%patch76 -p1 -b .heap-delete
+
+%patch77 -p1 -b .sig-handlers
+%patch78 -p1
 
 # Update paths in all man pages
 for page in client/dhclient.conf.5 client/dhclient.leases.5 \
@@ -470,9 +494,9 @@ CFLAGS="%{optflags} -fno-strict-aliasing" \
     --with-cli-pid-file=%{_localstatedir}/run/dhclient.pid \
     --with-cli6-pid-file=%{_localstatedir}/run/dhclient6.pid \
     --with-relay-pid-file=%{_localstatedir}/run/dhcrelay.pid \
+    --with-libbind=/usr/bin/isc-export-config.sh \
     --with-ldap \
     --with-ldapcrypto \
-    --with-libbind=%{_includedir} --with-libbind-libs=%{_libdir} \
     --disable-static \
 %if %sdt
     --enable-systemtap \
@@ -510,7 +534,7 @@ CFLAGS="%{optflags} -fno-strict-aliasing" \
 # NetworkManager dispatcher script
 %{__mkdir} -p %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
 %{__install} -p -m 0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
-%{__install} -p -m 0755 %{SOURCE4} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
+%{__install} -p -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
 
 # pm-utils script to handle suspend/resume and dhclient leases
 %{__mkdir} -p %{buildroot}%{_libdir}/pm-utils/sleep.d
@@ -719,8 +743,40 @@ done
 
 
 %changelog
-* Tue Apr 24 2018 Pavel Zhukov <pzhukov@redhat.com> - 12:4.2.5-68.1
-- Resolves: #1570898 - Fix CVE-2018-1111: Do not parse backslash as escape character
+* Tue Aug 06 2019 CentOS Sources <bugs@centos.org> - 4.2.5-77.el7.centos
+- Roll in CentOS Branding
+
+* Tue May 21 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.2.5-77
+- Resolves: #1712414 - Reset signal handlers set by isclib
+
+* Thu May  2 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.2.5-76
+- Resolves: #1704675 - Fix crash of dhcpd(6) triggered by bind rebase
+
+* Mon Mar  4 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.2.5-75
+- Resolves: #1672308 - Do not restart dhcp on NetworkManagers up events
+
+* Thu Feb 14 2019 Petr Menšík <pemensik@redhat.com> - 12:4.2.5-74
+- Use bind-export-libs package instead of bind99
+- Use isc-config.sh to configure bind libs
+- Change requirement to bind-export-devel
+- Compile with recent bind includes, that does not include isc/util.h
+
+* Tue Feb 12 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.2.5-73
+- Resolves: #1635181
+- Change default ipv6 prefix to /128.
+- Allow its customization via cl option
+
+* Mon Dec 17 2018 Pavel Zhukov <pzhukov@redhat.com> - 12:4.2.5-72
+- Resolves: #1647784 - Update renew time if it is greater than expiry
+
+* Mon Dec 17 2018 Pavel Zhukov <pzhukov@redhat.com> - 12:4.2.5-71
+- Resolves: #1623792 - Load leases file in tracing mode only
+
+* Mon May  7 2018 Pavel Zhukov <pzhukov@redhat.com> - 12:4.2.5-70
+- Resolves: #1574292 - Fix options conflict for ddns update
+
+* Tue Apr 24 2018 Pavel Zhukov <pzhukov@redhat.com> - 12:4.2.5-69
+- Resolves: #1570895 - Fix command execution vulnerability (CVE-2018-1111)
 
 * Wed Feb 28 2018 Pavel Zhukov <pzhukov@redhat.com> - 12:4.2.5-68
 - Resolves: #1549999 - CVE-2018-5733  Avoid buffer overflow reference counter