diff --git a/SOURCES/dhcp-4.2.5-bind-config.patch b/SOURCES/dhcp-4.2.5-bind-config.patch new file mode 100644 index 00000000..c90f686c --- /dev/null +++ b/SOURCES/dhcp-4.2.5-bind-config.patch @@ -0,0 +1,300 @@ +From 960bee12f1ceca0d6fa97e0423be2ea0a162df96 Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Fri, 9 Feb 2018 15:24:53 +0100 +Subject: [PATCH] Support for isc-config.sh script on --with-libbind parameter + +Move checks only to isc-config section + +Fix detection of bind flags from config + +Add support for with-libbind=config, Improve help message +--- + client/Makefile.am | 4 +- + common/tests/Makefile.am | 4 +- + configure.ac | 91 ++++++++++++++++++++++++++++++++++++---- + dhcpctl/Makefile.am | 6 ++- + omapip/Makefile.am | 4 +- + relay/Makefile.am | 4 +- + server/Makefile.am | 4 +- + server/tests/Makefile.am | 7 +++- + 8 files changed, 108 insertions(+), 16 deletions(-) + +diff --git a/client/Makefile.am b/client/Makefile.am +index b78a915..b764a11 100644 +--- a/client/Makefile.am ++++ b/client/Makefile.am +@@ -1,3 +1,5 @@ ++BIND_LIBS = @BIND_LIBS@ ++ + dist_sysconf_DATA = dhclient.conf.example + sbin_PROGRAMS = dhclient + dhclient_SOURCES = clparse.c dhclient.c dhc6.c \ +@@ -5,7 +7,7 @@ dhclient_SOURCES = clparse.c dhclient.c dhc6.c \ + scripts/netbsd scripts/nextstep scripts/openbsd \ + scripts/solaris scripts/openwrt + dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ +- $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD) ++ $(CAPNG_LDADD) $(BIND_LIBS) + man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 + EXTRA_DIST = $(man_MANS) + +diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am +index df68621..067acd3 100644 +--- a/common/tests/Makefile.am ++++ b/common/tests/Makefile.am +@@ -1,5 +1,7 @@ + SUBDIRS = . + ++BIND_LIBS = @BIND_LIBS@ ++ + AM_CPPFLAGS = $(ATF_CFLAGS) -I$(top_srcdir)/includes + + EXTRA_DIST = Atffile +@@ -14,7 +16,7 @@ alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c + alloc_unittest_LDADD = $(ATF_LDFLAGS) + alloc_unittest_LDADD += ../libdhcp.a \ + ../../omapip/libomapi.la \ +- $(BIND9_LIBDIR) -ldns-export -lisc-export ++ $(BIND_LIBS) + + check: $(ATF_TESTS) + atf-run | atf-report +diff --git a/configure.ac b/configure.ac +index 7ef5588..f849f4b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -650,6 +650,10 @@ AC_CHECK_MEMBER(struct msghdr.msg_control,, + ]) + + libbind= ++BIND_CONFIG= ++BIND_CPPFLAGS= ++BIND_LIBS= ++ + AC_ARG_WITH(libbind, + AC_HELP_STRING([--with-libbind=PATH], + [bind includes are in PATH +@@ -657,14 +661,32 @@ AC_ARG_WITH(libbind, + use_libbind="$withval", use_libbind="no") + case "$use_libbind" in + yes|no) +- libbind="\${top_srcdir}/bind/include" ++ libbind="\${top_srcdir}/bind" ++ ;; ++config) ++ AC_PATH_PROG(BIND_CONFIG, [isc-config.sh bind9-config]) + ;; + *) +- libbind="$use_libbind" ++ if test -f "$use_libbind" -a -x "$use_libbind"; then ++ # passed full path of isc-config.sh ++ BIND_CONFIG="$use_libbind" ++ else ++ libbind="$use_libbind" ++ if test ! -d "$srcdir/bind"; then ++ # no bind directory, create it with a fake Makefile.in ++ # (AC_CONFIG_FILES and top Makefile refer to it so ++ # it must exits) ++ mkdir $srcdir/bind ++ cat > $srcdir/bind/Makefile.in << EOF ++# placeholder ++all check clean distclean distdir install uninstall: ++EOF ++ fi ++ fi + ;; + esac +- +-BIND9_LIBDIR='-L$(top_builddir)/bind/lib' ++ ++BIND_LIBDIR='$(top_builddir)/bind/lib' + AC_ARG_WITH(libbind-libs, + AC_HELP_STRING([--with-libbind-libs=PATH], + [bind9 export libraries are in PATH]), +@@ -677,13 +699,68 @@ no) + BUNDLED_BIND=yes + ;; + *) +- BIND9_LIBDIR="-L$libbind_libs" ++ BIND_LIBDIR="$libbind_libs" + BUNDLED_BIND=no + ;; + esac +-AM_CONDITIONAL([BUNDLED_BIND], [test "$BUNDLED_BIND" = yes]) ++BIND9_LIBDIR="-L$BIND_LIBDIR" + AC_SUBST([BIND9_LIBDIR]) + ++if test -z "$BIND_CONFIG"; then ++ BIND_CPPFLAGS="-I${libbind}/include" ++ BIND_LIBS="$BIND9_LIBDIR -ldns -lisc" ++else ++ BIND_CPPFLAGS=`$BIND_CONFIG --cflags` ++ BIND_LIBS=`$BIND_CONFIG --libs dns isc` ++ BUNDLED_BIND=no ++ ++ # bind is already built ++ AC_CHECKING([Checking bind libraries have no thread support]) ++ saved_libs="$LIBS" ++ saved_CPPFLAGS="$CPPFLAGS" ++ CPPFLAGS="${CPPFLAGS} ${BIND_CPPFLAGS}" ++ LIBS="${LIBS} ${BIND_LIBS}" ++AC_TRY_LINK([ ++#include ++#include ++],[ ++#ifdef BIND9 ++#error Export BIND library has to be used with BIND version up to 9.9 ++#endif ++isc_lib_register(); ++], [AC_MSG_RESULT(Bind export library found) ++ BIND_EXPORT=yes], [BIND_EXPORT=no] ++) ++ ++# Allow build with disabled threads for dhcp ++AC_TRY_LINK([ ++#include ++#include ++#include ++],[ ++#ifdef ISC_PLATFORM_USETHREADS ++#error Bind library must not be compiled with threads ++#endif ++isc_lib_register(); ++if (isc_bind9 != 0) {} ++], [AC_MSG_RESULT(Bind single thread library found) ++ BIND_SINGLETHREAD=yes], [BIND_SINGLETHREAD=no] ++) ++ ++ if test "x$BIND_EXPORT" != xyes -a "x$BIND_SINGLETHREADED" != xyes ++ then ++ AC_MSG_RESULT([BIND_CONFIG=${BIND_CONFIG}]) ++ AC_MSG_RESULT([BIND_CPPFLAGS=${BIND_CPPFLAGS}]) ++ AC_MSG_RESULT([BIND_LIBS=${BIND_LIBS}]) ++ AC_MSG_ERROR([Bind libraries are not useable for dhcp]) ++ fi ++ CPPFLAGS="$saved_CPPFLAGS" ++ LIBS="$saved_LIBS" ++fi ++AC_SUBST(BIND_CPPFLAGS) ++AC_SUBST(BIND_LIBS) ++AM_CONDITIONAL([BUNDLED_BIND], [test "$BUNDLED_BIND" = yes]) ++ + # OpenLDAP support. + AC_ARG_WITH(ldap, + AC_HELP_STRING([--with-ldap], +@@ -730,7 +807,7 @@ fi + CFLAGS="$CFLAGS $STD_CWARNINGS" + + # Try to add the bind include directory +-CFLAGS="$CFLAGS -I$libbind" ++CFLAGS="$CFLAGS $BIND_CPPFLAGS" + + AC_C_FLEXIBLE_ARRAY_MEMBER + +diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am +index fb7a840..4f59dcf 100644 +--- a/dhcpctl/Makefile.am ++++ b/dhcpctl/Makefile.am +@@ -1,3 +1,5 @@ ++BIND_LIBS = @BIND_LIBS@ ++ + bin_PROGRAMS = omshell + lib_LTLIBRARIES = libdhcpctl.la + noinst_PROGRAMS = cltest +@@ -6,10 +8,10 @@ EXTRA_DIST = $(man_MANS) + + omshell_SOURCES = omshell.c + omshell_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ +- $(BIND9_LIBDIR) -ldns-export -lisc-export ++ $(BIND_LIBS) + + libdhcpctl_la_SOURCES = dhcpctl.c callback.c remote.c + + cltest_SOURCES = cltest.c + cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ +- $(BIND9_LIBDIR) -ldns-export -lisc-export ++ $(BIND_LIBS) +diff --git a/omapip/Makefile.am b/omapip/Makefile.am +index 6247549..265bcef 100644 +--- a/omapip/Makefile.am ++++ b/omapip/Makefile.am +@@ -1,3 +1,5 @@ ++BIND_LIBS = @BIND_LIBS@ ++ + lib_LTLIBRARIES = libomapi.la + noinst_PROGRAMS = svtest + +@@ -10,5 +12,5 @@ man_MANS = omapi.3 + EXTRA_DIST = $(man_MANS) + + svtest_SOURCES = test.c +-svtest_LDADD = libomapi.la $(BIND9_LIBDIR) -ldns-export -lisc-export ++svtest_LDADD = libomapi.la $(BIND_LIBS) + +diff --git a/relay/Makefile.am b/relay/Makefile.am +index 1885c82..999e543 100644 +--- a/relay/Makefile.am ++++ b/relay/Makefile.am +@@ -1,9 +1,11 @@ ++BIND_LIBS = @BIND_LIBS@ ++ + AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' + + sbin_PROGRAMS = dhcrelay + dhcrelay_SOURCES = dhcrelay.c + dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ +- $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD) ++ $(CAPNG_LDADD) $(BIND_LIBS) + man_MANS = dhcrelay.8 + EXTRA_DIST = $(man_MANS) + +diff --git a/server/Makefile.am b/server/Makefile.am +index 1d1122d..e593898 100644 +--- a/server/Makefile.am ++++ b/server/Makefile.am +@@ -4,6 +4,8 @@ + # production code. Sadly, we are not there yet. + SUBDIRS = . tests + ++BIND_LIBS = @BIND_LIBS@ ++ + AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"' + + dist_sysconf_DATA = dhcpd.conf.example +@@ -14,7 +16,7 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \ + + dhcpd_CFLAGS = $(LDAP_CFLAGS) + dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ +- ../dhcpctl/libdhcpctl.la $(BIND9_LIBDIR) -ldns-export -lisc-export ++ ../dhcpctl/libdhcpctl.la $(BIND_LIBS) + + man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 + EXTRA_DIST = $(man_MANS) +diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am +index 5f2c5a8..4522f6b 100644 +--- a/server/tests/Makefile.am ++++ b/server/tests/Makefile.am +@@ -1,7 +1,10 @@ + SUBDIRS = . + ++BIND_LIBS = @BIND_LIBS@ ++BIND_CPPFLAGS = @BIND_CPPFLAGS@ ++ + AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes +-AM_CPPFLAGS += -I$(top_srcdir)/bind/include -I$(top_srcdir) ++AM_CPPFLAGS += $(BIND_CPPFLAGS) -I$(top_srcdir) + AM_CPPFLAGS += -DLOCALSTATEDIR='"."' + + EXTRA_DIST = Atffile +@@ -18,7 +21,7 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpars.c ../db.c ../class.c \ + ../ldap.c ../ldap_casa.c ../dhcpd.c + + DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.la \ +- $(top_builddir)/dhcpctl/libdhcpctl.la $(BIND9_LIBDIR) -ldns-export -lisc-export ++ $(top_builddir)/dhcpctl/libdhcpctl.la $(BIND_LIBS) + + if ENABLE_SYSTEMTAP + DHCPLIBS += ../probes.o +-- +2.20.1 + diff --git a/SOURCES/dhcp-4.2.5-expiry_before_renewal_v2.patch b/SOURCES/dhcp-4.2.5-expiry_before_renewal_v2.patch new file mode 100644 index 00000000..069da1f5 --- /dev/null +++ b/SOURCES/dhcp-4.2.5-expiry_before_renewal_v2.patch @@ -0,0 +1,31 @@ +diff -up dhcp-4.2.5/client/dhclient.c.orig dhcp-4.2.5/client/dhclient.c +--- dhcp-4.2.5/client/dhclient.c.orig 2018-11-07 14:21:16.756152614 +0100 ++++ dhcp-4.2.5/client/dhclient.c 2018-11-08 17:30:15.754440523 +0100 +@@ -1618,8 +1618,14 @@ void dhcpack (packet) + } else + client -> new -> renewal = 0; + +- /* If it wasn't specified by the server, calculate it. */ +- if (!client -> new -> renewal) ++ /* ++ * If it wasn't specified by the server, calculate it. Also use expiry ++ * instead of renewal time when it is shorter. This better follows ++ * RFC 2131 (section 4.4.5) when dealing with some DHCP servers. ++ */ ++ ++ if (!client -> new -> renewal || ++ client -> new -> renewal > client -> new -> expiry) + client -> new -> renewal = client -> new -> expiry / 2 + 1; + + if (client -> new -> renewal <= 0) +@@ -1645,7 +1651,9 @@ void dhcpack (packet) + } else + client -> new -> rebind = 0; + +- if (client -> new -> rebind <= 0) { ++ /* Rebinding time must not be longer than expiry. */ ++ if (client -> new -> rebind <= 0 || ++ client -> new -> rebind > client -> new -> expiry) { + if (client -> new -> expiry <= TIME_MAX / 7) + client -> new -> rebind = + client -> new -> expiry * 7 / 8; diff --git a/SOURCES/dhcp-4.2.5-isc-util.patch b/SOURCES/dhcp-4.2.5-isc-util.patch new file mode 100644 index 00000000..73749a62 --- /dev/null +++ b/SOURCES/dhcp-4.2.5-isc-util.patch @@ -0,0 +1,77 @@ +From 0770fd9971d38a0691d2f43528a86dba5fd40a9c Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Fri, 16 Feb 2018 17:50:40 +0100 +Subject: [PATCH] New bind includes never includes isc/util.h from any public + headers. Include them to all compiled files that require it. + +--- + client/dhclient.c | 1 + + common/execute.c | 1 + + common/parse.c | 1 + + common/socket.c | 1 + + omapip/connection.c | 1 + + 5 files changed, 5 insertions(+) + +diff --git a/client/dhclient.c b/client/dhclient.c +index f9d0493..cf5faa5 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -37,6 +37,7 @@ + #include + #include + #include ++#include + #include + + #ifdef HAVE_LIBCAP_NG +diff --git a/common/execute.c b/common/execute.c +index bbf0279..945c14e 100644 +--- a/common/execute.c ++++ b/common/execute.c +@@ -35,6 +35,7 @@ + + #include "dhcpd.h" + #include ++#include + #include + #include + +diff --git a/common/parse.c b/common/parse.c +index 7477543..de14be2 100644 +--- a/common/parse.c ++++ b/common/parse.c +@@ -33,6 +33,7 @@ + */ + + #include "dhcpd.h" ++#include + #include + + /* Enumerations can be specified in option formats, and are used for +diff --git a/common/socket.c b/common/socket.c +index f30c171..1df558d 100644 +--- a/common/socket.c ++++ b/common/socket.c +@@ -41,6 +41,7 @@ + */ + + #include "dhcpd.h" ++#include + #include + #include + #include +diff --git a/omapip/connection.c b/omapip/connection.c +index d08524d..2f4d399 100644 +--- a/omapip/connection.c ++++ b/omapip/connection.c +@@ -36,6 +36,7 @@ + #include "dhcpd.h" + + #include ++#include + #include + #include + #include +-- +2.20.1 + diff --git a/SOURCES/dhcp-4.2.5-standard_ddns.patch b/SOURCES/dhcp-4.2.5-standard_ddns.patch index 39107a76..b2cb182f 100644 --- a/SOURCES/dhcp-4.2.5-standard_ddns.patch +++ b/SOURCES/dhcp-4.2.5-standard_ddns.patch @@ -9,7 +9,7 @@ index a29757a..c66a912 100644 +.B -i +] +[ -+.B -I ++.B -C +] +[ .B -D @@ -27,7 +27,7 @@ index a29757a..c66a912 100644 +setting a client id in the configuration file. Overridding the +client id in this fashion is discouraged. +.TP -+.BI \-I ++.BI \-C +Use the standard DDNS scheme from RFCs 4701 & 4702. +.TP .BI \--version @@ -82,7 +82,7 @@ index 0db4703..6403754 100644 + } else if (!strcmp(argv[i], "-i")) { + /* enable DUID support for DHCPv4 clients */ + duid_v4 = 1; -+ } else if (!strcmp(argv[i], "-I")) { ++ } else if (!strcmp(argv[i], "-C")) { + /* enable standard DHCID support for DDNS updates */ + std_dhcid = 1; } else if (!strcmp(argv[i], "-v")) { @@ -125,10 +125,10 @@ index 0db4703..6403754 100644 log_fatal("Usage: dhclient " #ifdef DHCPv6 - "[-4|-6] [-SNTP1dvrx] [-nw] [-p ] [-D LL|LLT]\n" -+ "[-4|-6] [-SNTPI1dvrxi] [-nw] [-p ] [-D LL|LLT] \n" ++ "[-4|-6] [-SNTPI1dvrxc] [-nw] [-p ] [-D LL|LLT] \n" #else /* DHCPv6 */ - "[-1dvrx] [-nw] [-p ]\n" -+ "[-I1dvrxi] [-nw] [-p ] [-D LL|LLT] \n" ++ "[-C1dvrxc] [-nw] [-p ] [-D LL|LLT] \n" #endif /* DHCPv6 */ " [-s server-addr] [-cf config-file] " "[-lf lease-file]\n" @@ -295,7 +295,7 @@ index 0db4703..6403754 100644 + /* + * Construct the DHCID value for use in the DDNS update process + * We have the newer standard version and the older interim version -+ * chosen by the '-I' option. The interim version is left as is ++ * chosen by the '-C' option. The interim version is left as is + * for backwards compatibility. The standard version is based on + * RFC 4701 section 3.3 */ diff --git a/SOURCES/dhcp-close_file_in_noreplay.patch b/SOURCES/dhcp-close_file_in_noreplay.patch new file mode 100644 index 00000000..75eadac8 --- /dev/null +++ b/SOURCES/dhcp-close_file_in_noreplay.patch @@ -0,0 +1,20 @@ +diff --git a/server/confpars.c b/server/confpars.c +index a9b4b57..761b102 100644 +--- a/server/confpars.c ++++ b/server/confpars.c +@@ -168,7 +168,6 @@ isc_result_t read_conf_file (const char *filename, struct group *group, + if (result != ulen) + log_fatal ("%s: short read of %d bytes instead of %d.", + filename, ulen, result); +- close (file); + memfile: + /* If we're recording, write out the filename and file contents. */ + if (trace_record ()) +@@ -179,6 +178,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group, + status = new_parse(&cfile, file, NULL, 0, filename, 0); + #endif + noreplay: ++ close (file); + if (status != ISC_R_SUCCESS || cfile == NULL) + return status; + diff --git a/SOURCES/dhcp-dhclient_ipv6_prefix.patch b/SOURCES/dhcp-dhclient_ipv6_prefix.patch new file mode 100644 index 00000000..a7de6500 --- /dev/null +++ b/SOURCES/dhcp-dhclient_ipv6_prefix.patch @@ -0,0 +1,74 @@ +diff --git a/client/dhc6.c b/client/dhc6.c +index 47bf0a2..6f12a86 100644 +--- a/client/dhc6.c ++++ b/client/dhc6.c +@@ -120,6 +120,7 @@ static int check_timing6(struct client_state *client, u_int8_t msg_type, + + extern int onetry; + extern int stateless; ++extern int address_prefix_len; + + /* + * The "best" default DUID, since we cannot predict any information +@@ -3968,7 +3969,7 @@ dhc6_marshall_values(const char *prefix, struct client_state *client, + * some suspect this may not be permanent. + */ + client_envadd(client, prefix, "ip6_prefixlen", +- "%d", 64); ++ "%d", address_prefix_len); + client_envadd(client, prefix, "ip6_address", + "%s", piaddr(addr->address)); + } +diff --git a/client/dhclient.c b/client/dhclient.c +index f9d0493..d1ab473 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -106,6 +106,7 @@ int wanted_ia_na = -1; /* the absolute value is the real one. */ + int wanted_ia_ta = 0; + int wanted_ia_pd = 0; + char *mockup_relay = NULL; ++int address_prefix_len = DHCLIENT_DEFAULT_PREFIX_LEN; + int bootp_broadcast_always = 0; + + extern struct option *default_requested_options[]; +@@ -288,6 +289,15 @@ main(int argc, char **argv) { + tmp->next = client_env; + client_env = tmp; + client_env_count++; ++ } else if (!strcmp(argv[i], "--address-prefix-len")) { ++ if (++i == argc) { ++ usage(); ++ } ++ errno = 0; ++ address_prefix_len = (int)strtol(argv[i], &s, 10); ++ if (errno || (*s != '\0') || ++ (address_prefix_len < 0)) { ++ usage(); } + #ifdef DHCPv6 + } else if (!strcmp(argv[i], "-S")) { + if (local_family_set && (local_family == AF_INET)) { +@@ -1127,6 +1137,7 @@ static void usage() + "[-4|-6] [-SNTPI1dvrxc] [-nw] [-p ] [-D LL|LLT] \n" + #else /* DHCPv6 */ + "[-C1dvrxc] [-nw] [-p ] [-D LL|LLT] \n" ++ " [--address-prefix-len length]\n" + #endif /* DHCPv6 */ + " [-s server-addr] [-cf config-file] " + "[-lf lease-file]\n" +diff --git a/includes/site.h b/includes/site.h +index 1c7ec96..c87cfe9 100644 +--- a/includes/site.h ++++ b/includes/site.h +@@ -295,3 +295,12 @@ + up. */ + #define DDNS_UPDATE_SLOW_TRANSITION + ++/* Define the default prefix length passed from the client to ++ the script when modifying an IPv6 IA_NA or IA_TA address. ++ The two most useful values are 128 which is what the current ++ specifications call for or 64 which is what has been used in ++ the past. For most OSes 128 will indicate that the address ++ is a host address and doesn't include any on-link information. ++ 64 indicates that the first 64 bits are the subnet or on-link ++ prefix. */ ++#define DHCLIENT_DEFAULT_PREFIX_LEN 128 diff --git a/SOURCES/dhcp-handle_ctx_signals.patch b/SOURCES/dhcp-handle_ctx_signals.patch new file mode 100644 index 00000000..374e4013 --- /dev/null +++ b/SOURCES/dhcp-handle_ctx_signals.patch @@ -0,0 +1,68 @@ +diff --git a/omapip/isclib.c b/omapip/isclib.c +index b3d336d..b252fb6 100644 +--- a/omapip/isclib.c ++++ b/omapip/isclib.c +@@ -28,6 +28,7 @@ + #include "dhcpd.h" + + #include ++#include + + dhcp_context_t dhcp_gbl_ctx; + +@@ -67,6 +67,21 @@ isclib_cleanup(void) + return; + } + ++/* Installs a handler for a signal using sigaction */ ++static void ++handle_signal(int sig, void (*handler)(int)) { ++ struct sigaction sa; ++ ++ memset(&sa, 0, sizeof(sa)); ++ sa.sa_handler = handler; ++ sigfillset(&sa.sa_mask); ++ if (sigaction(sig, &sa, NULL) != 0) { ++ log_debug("handle_signal() failed for signal %d error: %s", ++ sig, strerror(errno)); ++ } ++} ++ ++ + isc_result_t + dhcp_context_create(void) { + isc_result_t result; +@@ -102,11 +117,6 @@ dhcp_context_create(void) { + if (result != ISC_R_SUCCESS) + goto cleanup; + +- result = isc_app_ctxstart(dhcp_gbl_ctx.actx); +- if (result != ISC_R_SUCCESS) +- return (result); +- dhcp_gbl_ctx.actx_started = ISC_TRUE; +- + result = isc_taskmgr_createinctx(dhcp_gbl_ctx.mctx, + dhcp_gbl_ctx.actx, + 1, 0, +@@ -130,6 +140,21 @@ dhcp_context_create(void) { + if (result != ISC_R_SUCCESS) + goto cleanup; + ++ result = isc_app_ctxstart(dhcp_gbl_ctx.actx); ++ if (result != ISC_R_SUCCESS) ++ return (result); ++ dhcp_gbl_ctx.actx_started = ISC_TRUE; ++ ++ /* Not all OSs support suppressing SIGPIPE through socket ++ * options, so set the sigal action to be ignore. This allows ++ * broken connections to fail gracefully with EPIPE on writes */ ++ handle_signal(SIGPIPE, SIG_IGN); ++ ++ /* Reset handlers installed by isc_app_ctxstart() ++ * to default for control-c and kill */ ++ handle_signal(SIGINT, SIG_DFL); ++ handle_signal(SIGTERM, SIG_DFL); ++ + #if !defined (NSUPDATE) + /* The dst library is inited as part of dns_lib_init, we don't + * need it if NSUPDATE is enabled */ diff --git a/SOURCES/dhcp-isc_heap_delete.patch b/SOURCES/dhcp-isc_heap_delete.patch new file mode 100644 index 00000000..8d6aba90 --- /dev/null +++ b/SOURCES/dhcp-isc_heap_delete.patch @@ -0,0 +1,160 @@ +diff --git a/includes/dhcpd.h b/includes/dhcpd.h +index 52ba677..deea2a7 100644 +--- a/includes/dhcpd.h ++++ b/includes/dhcpd.h +@@ -1521,8 +1521,9 @@ struct iasubopt { + */ + #define EXPIRED_IPV6_CLEANUP_TIME (60*60) + +- int heap_index; /* index into heap, or -1 +- (internal use only) */ ++ /* index into heaps, or -1 (internal use only) */ ++ int active_index; ++ int inactive_index; + + /* + * A pointer to the state of the ddns update for this lease. +diff --git a/server/mdb6.c b/server/mdb6.c +index 0e76264..711ab3d 100644 +--- a/server/mdb6.c ++++ b/server/mdb6.c +@@ -130,7 +130,8 @@ iasubopt_allocate(struct iasubopt **iasubopt, const char *file, int line) { + + tmp->refcnt = 1; + tmp->state = FTS_FREE; +- tmp->heap_index = -1; ++ tmp->active_index = -1; ++ tmp->inactive_index = -1; + tmp->plen = 255; + + *iasubopt = tmp; +@@ -504,10 +505,14 @@ lease_older(void *a, void *b) { + * Callback when an address's position in the heap changes. + */ + static void +-lease_index_changed(void *iasubopt, unsigned int new_heap_index) { +- ((struct iasubopt *)iasubopt)-> heap_index = new_heap_index; ++active_changed(void *iasubopt, unsigned int new_heap_index) { ++ ((struct iasubopt *)iasubopt)-> active_index = new_heap_index; + } + ++static void ++inactive_changed(void *iasubopt, unsigned int new_heap_index) { ++ ((struct iasubopt *)iasubopt)-> inactive_index = new_heap_index; ++} + + /* + * Create a new IPv6 lease pool structure. +@@ -544,13 +549,13 @@ ipv6_pool_allocate(struct ipv6_pool **pool, u_int16_t type, + dfree(tmp, file, line); + return ISC_R_NOMEMORY; + } +- if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed, ++ if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, active_changed, + 0, &(tmp->active_timeouts)) != ISC_R_SUCCESS) { + iasubopt_free_hash_table(&(tmp->leases), file, line); + dfree(tmp, file, line); + return ISC_R_NOMEMORY; + } +- if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed, ++ if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, inactive_changed, + 0, &(tmp->inactive_timeouts)) != ISC_R_SUCCESS) { + isc_heap_destroy(&(tmp->active_timeouts)); + iasubopt_free_hash_table(&(tmp->leases), file, line); +@@ -1045,7 +1050,7 @@ cleanup_lease6(ia_hash_t *ia_table, + * Remove the old lease from the active heap and from the hash table + * then remove the lease from the IA and clean up the IA if necessary. + */ +- isc_heap_delete(pool->active_timeouts, test_iasubopt->heap_index); ++ isc_heap_delete(pool->active_timeouts, test_iasubopt->active_index); + pool->num_active--; + + iasubopt_hash_delete(pool->leases, &test_iasubopt->addr, +@@ -1110,11 +1115,11 @@ add_lease6(struct ipv6_pool *pool, struct iasubopt *lease, + if ((test_iasubopt->state == FTS_ACTIVE) || + (test_iasubopt->state == FTS_ABANDONED)) { + isc_heap_delete(pool->active_timeouts, +- test_iasubopt->heap_index); ++ test_iasubopt->active_index); + pool->num_active--; + } else { + isc_heap_delete(pool->inactive_timeouts, +- test_iasubopt->heap_index); ++ test_iasubopt->inactive_index); + pool->num_inactive--; + } + +@@ -1225,14 +1230,13 @@ lease6_usable(struct iasubopt *lease) { + static isc_result_t + move_lease_to_active(struct ipv6_pool *pool, struct iasubopt *lease) { + isc_result_t insert_result; +- int old_heap_index; + +- old_heap_index = lease->heap_index; + insert_result = isc_heap_insert(pool->active_timeouts, lease); + if (insert_result == ISC_R_SUCCESS) { + iasubopt_hash_add(pool->leases, &lease->addr, + sizeof(lease->addr), lease, MDL); +- isc_heap_delete(pool->inactive_timeouts, old_heap_index); ++ isc_heap_delete(pool->inactive_timeouts, ++ lease->inactive_index); + pool->num_active++; + pool->num_inactive--; + lease->state = FTS_ACTIVE; +@@ -1278,16 +1282,16 @@ renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease) { + if (lease->state == FTS_ACTIVE) { + if (old_end_time <= lease->hard_lifetime_end_time) { + isc_heap_decreased(pool->active_timeouts, +- lease->heap_index); ++ lease->active_index); + } else { + isc_heap_increased(pool->active_timeouts, +- lease->heap_index); ++ lease->active_index); + } + return ISC_R_SUCCESS; + } else if (lease->state == FTS_ABANDONED) { + char tmp_addr[INET6_ADDRSTRLEN]; + lease->state = FTS_ACTIVE; +- isc_heap_increased(pool->active_timeouts, lease->heap_index); ++ isc_heap_increased(pool->active_timeouts, lease->active_index); + log_info("Reclaiming previously abandoned address %s", + inet_ntop(AF_INET6, &(lease->addr), tmp_addr, + sizeof(tmp_addr))); +@@ -1304,9 +1308,7 @@ static isc_result_t + move_lease_to_inactive(struct ipv6_pool *pool, struct iasubopt *lease, + binding_state_t state) { + isc_result_t insert_result; +- int old_heap_index; + +- old_heap_index = lease->heap_index; + insert_result = isc_heap_insert(pool->inactive_timeouts, lease); + if (insert_result == ISC_R_SUCCESS) { + #if defined (NSUPDATE) +@@ -1325,7 +1327,7 @@ move_lease_to_inactive(struct ipv6_pool *pool, struct iasubopt *lease, + + iasubopt_hash_delete(pool->leases, + &lease->addr, sizeof(lease->addr), MDL); +- isc_heap_delete(pool->active_timeouts, old_heap_index); ++ isc_heap_delete(pool->active_timeouts, lease->active_index); + lease->state = state; + pool->num_active--; + pool->num_inactive++; +@@ -1390,7 +1392,7 @@ decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease) { + } + lease->state = FTS_ABANDONED; + lease->hard_lifetime_end_time = MAX_TIME; +- isc_heap_decreased(pool->active_timeouts, lease->heap_index); ++ isc_heap_decreased(pool->active_timeouts, lease->active_index); + return ISC_R_SUCCESS; + } + +@@ -1663,7 +1665,7 @@ cleanup_old_expired(struct ipv6_pool *pool) { + break; + } + +- isc_heap_delete(pool->inactive_timeouts, tmp->heap_index); ++ isc_heap_delete(pool->inactive_timeouts, tmp->inactive_index); + pool->num_inactive--; + + if (tmp->ia != NULL) { diff --git a/SOURCES/dhcp-replay_file_limit.patch b/SOURCES/dhcp-replay_file_limit.patch new file mode 100644 index 00000000..e58ccdf7 --- /dev/null +++ b/SOURCES/dhcp-replay_file_limit.patch @@ -0,0 +1,45 @@ +diff --git a/server/confpars.c b/server/confpars.c +index d79489b..c20d618 100644 +--- a/server/confpars.c ++++ b/server/confpars.c +@@ -134,6 +134,11 @@ isc_result_t read_conf_file (const char *filename, struct group *group, + + cfile = (struct parse *)0; + #if defined (TRACING) ++ // No need to dmalloc huge memory region if we're not going to re-play ++ if (!trace_playback()){ ++ status = new_parse(&cfile, file, NULL, 0, filename, 0); ++ goto noreplay; ++ }; + flen = lseek (file, (off_t)0, SEEK_END); + if (flen < 0) { + boom: +@@ -174,6 +179,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group, + #else + status = new_parse(&cfile, file, NULL, 0, filename, 0); + #endif ++ noreplay: + if (status != ISC_R_SUCCESS || cfile == NULL) + return status; + +diff --git a/server/confpars.c b/server/confpars.c +index 3aecd05..5be4ab1 100644 +--- a/server/confpars.c ++++ b/server/confpars.c +@@ -176,6 +176,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group, + if (trace_record ()) + trace_write_packet (ttype, ulen + tflen + 1, dbuf, MDL); + status = new_parse(&cfile, -1, fbuf, ulen, filename, 0); /* XXX */ ++ dfree(dbuf, MDL); + #else + status = new_parse(&cfile, file, NULL, 0, filename, 0); + #endif +@@ -188,9 +189,6 @@ isc_result_t read_conf_file (const char *filename, struct group *group, + else + status = conf_file_subparse (cfile, group, group_type); + end_parse (&cfile); +-#if defined (TRACING) +- dfree (dbuf, MDL); +-#endif + return status; + } diff --git a/SOURCES/dhcp-system_time_changed.patch b/SOURCES/dhcp-system_time_changed.patch new file mode 100644 index 00000000..6fe66e7a --- /dev/null +++ b/SOURCES/dhcp-system_time_changed.patch @@ -0,0 +1,73 @@ +diff --git a/client/dhclient.c b/client/dhclient.c +index 1992467..364fd08 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -4463,6 +4463,10 @@ isc_result_t dhcp_set_control_state (control_object_state_t oldstate, + case server_awaken: + state_reboot (client); + break; ++ case server_time_changed: ++ if (client->active) ++ state_reboot (client); ++ break; + } + } + } +diff --git a/common/dispatch.c b/common/dispatch.c +index af8a5b5..c1d558f 100644 +--- a/common/dispatch.c ++++ b/common/dispatch.c +@@ -110,10 +110,20 @@ dispatch(void) + { + isc_result_t status; + +- status = isc_app_ctxrun(dhcp_gbl_ctx.actx); +- +- log_fatal ("Dispatch routine failed: %s -- exiting", +- isc_result_totext (status)); ++ do{ ++ status = isc_app_ctxrun(dhcp_gbl_ctx.actx); ++ ++ if (status == ISC_R_TIMESHIFTED){ ++ status = dhcp_set_control_state(server_time_changed, ++ server_time_changed); ++ status = ISC_R_RELOAD; ++ log_info ("System time has been changed. Unable to use existing leases. Restarting"); ++ // do nothing, restart context ++ }; ++ } while (status == ISC_R_RELOAD); ++ ++ log_fatal ("Dispatch routine failed: %s -- exiting", ++ isc_result_totext (status)); + } + + void +diff --git a/includes/dhcpd.h b/includes/dhcpd.h +index deea2a7..d60a03c 100644 +--- a/includes/dhcpd.h ++++ b/includes/dhcpd.h +@@ -479,7 +479,8 @@ typedef enum { + server_running = 1, + server_shutdown = 2, + server_hibernate = 3, +- server_awaken = 4 ++ server_awaken = 4, ++ server_time_changed = 5 + } control_object_state_t; + + typedef struct { +diff --git a/server/dhcpd.c b/server/dhcpd.c +index 9617d75..9add7e4 100644 +--- a/server/dhcpd.c ++++ b/server/dhcpd.c +@@ -1392,6 +1392,10 @@ static isc_result_t dhcp_io_shutdown_countdown (void *vlp) + isc_result_t dhcp_set_control_state (control_object_state_t oldstate, + control_object_state_t newstate) + { ++ if (newstate == server_time_changed){ ++ log_error ("System time has been changed. Leases information unreliable!"); ++ return ISC_R_SUCCESS; ++ } + if (newstate == server_shutdown) { + shutdown_time = cur_time; + shutdown_state = shutdown_listeners; diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec index 1c0e1c8d..d2724256 100644 --- a/SPECS/dhcp.spec +++ b/SPECS/dhcp.spec @@ -18,7 +18,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.2.5 -Release: 68%{?dist} +Release: 77%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -108,7 +108,16 @@ Patch68: dhcp-4.2.5-reap_orphan_sockets.patch Patch69: dhcp-4.2.5-options_overflow.patch # CVE-2018-5733 Patch70: dhcp-4.2.5-reference_count_overflow.patch -Patch71: dhcp-4.2.5-powerel-branding.patch +Patch71: dhcp-replay_file_limit.patch +Patch72: dhcp-4.2.5-expiry_before_renewal_v2.patch +Patch73: dhcp-4.2.5-bind-config.patch +Patch74: dhcp-dhclient_ipv6_prefix.patch +# Support build with bind 9.11.3+ +Patch75: dhcp-4.2.5-isc-util.patch + +Patch76: dhcp-isc_heap_delete.patch +Patch77: dhcp-handle_ctx_signals.patch +Patch78: dhcp-4.2.5-powerel-branding.patch BuildRequires: autoconf @@ -116,7 +125,8 @@ BuildRequires: automake BuildRequires: libtool BuildRequires: openldap-devel BuildRequires: libcap-ng-devel -BuildRequires: bind-lite-devel +# https://fedorahosted.org/fpc/ticket/502#comment:3 +BuildRequires: bind-export-devel BuildRequires: systemd systemd-devel %if %sdt BuildRequires: systemtap-sdt-devel @@ -360,7 +370,6 @@ rm -rf includes/isc-dhcp # multiple key statements in zone definition causes inappropriate error (#873794) # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #31892]) %patch46 -p1 -b .dupl-key - # Make sure range6 is correct for subnet6 where it's declared (#902966) # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #32453]) %patch47 -p1 -b .range6 @@ -437,7 +446,22 @@ rm -rf includes/isc-dhcp %patch69 -p1 -b .options_overflow %patch70 -p1 -b .reference_overflow -%patch71 -p1 +%patch71 -p1 -b .load_leases + +# https://bugzilla.redhat.com/show_bug.cgi?id=1647784 +%patch72 -p1 -b .t2-expirity +%patch74 -p1 -b .ipv6-prefix + +# Support for BIND 9.11 +%patch73 -p1 -b .bind-config +# include isc/util.h explicitly, is it no longer contained in used headers +%patch75 -p1 -b .isc-util + +# fixed bug in isc_heap_delete function triggered dhcpd(6) crash +%patch76 -p1 -b .heap-delete + +%patch77 -p1 -b .sig-handlers +%patch78 -p1 # Update paths in all man pages for page in client/dhclient.conf.5 client/dhclient.leases.5 \ @@ -470,9 +494,9 @@ CFLAGS="%{optflags} -fno-strict-aliasing" \ --with-cli-pid-file=%{_localstatedir}/run/dhclient.pid \ --with-cli6-pid-file=%{_localstatedir}/run/dhclient6.pid \ --with-relay-pid-file=%{_localstatedir}/run/dhcrelay.pid \ + --with-libbind=/usr/bin/isc-export-config.sh \ --with-ldap \ --with-ldapcrypto \ - --with-libbind=%{_includedir} --with-libbind-libs=%{_libdir} \ --disable-static \ %if %sdt --enable-systemtap \ @@ -510,7 +534,7 @@ CFLAGS="%{optflags} -fno-strict-aliasing" \ # NetworkManager dispatcher script %{__mkdir} -p %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d %{__install} -p -m 0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d -%{__install} -p -m 0755 %{SOURCE4} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d +%{__install} -p -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d # pm-utils script to handle suspend/resume and dhclient leases %{__mkdir} -p %{buildroot}%{_libdir}/pm-utils/sleep.d @@ -719,8 +743,40 @@ done %changelog -* Tue Apr 24 2018 Pavel Zhukov - 12:4.2.5-68.1 -- Resolves: #1570898 - Fix CVE-2018-1111: Do not parse backslash as escape character +* Tue Aug 06 2019 CentOS Sources - 4.2.5-77.el7.centos +- Roll in CentOS Branding + +* Tue May 21 2019 Pavel Zhukov - 12:4.2.5-77 +- Resolves: #1712414 - Reset signal handlers set by isclib + +* Thu May 2 2019 Pavel Zhukov - 12:4.2.5-76 +- Resolves: #1704675 - Fix crash of dhcpd(6) triggered by bind rebase + +* Mon Mar 4 2019 Pavel Zhukov - 12:4.2.5-75 +- Resolves: #1672308 - Do not restart dhcp on NetworkManagers up events + +* Thu Feb 14 2019 Petr Menšík - 12:4.2.5-74 +- Use bind-export-libs package instead of bind99 +- Use isc-config.sh to configure bind libs +- Change requirement to bind-export-devel +- Compile with recent bind includes, that does not include isc/util.h + +* Tue Feb 12 2019 Pavel Zhukov - 12:4.2.5-73 +- Resolves: #1635181 +- Change default ipv6 prefix to /128. +- Allow its customization via cl option + +* Mon Dec 17 2018 Pavel Zhukov - 12:4.2.5-72 +- Resolves: #1647784 - Update renew time if it is greater than expiry + +* Mon Dec 17 2018 Pavel Zhukov - 12:4.2.5-71 +- Resolves: #1623792 - Load leases file in tracing mode only + +* Mon May 7 2018 Pavel Zhukov - 12:4.2.5-70 +- Resolves: #1574292 - Fix options conflict for ddns update + +* Tue Apr 24 2018 Pavel Zhukov - 12:4.2.5-69 +- Resolves: #1570895 - Fix command execution vulnerability (CVE-2018-1111) * Wed Feb 28 2018 Pavel Zhukov - 12:4.2.5-68 - Resolves: #1549999 - CVE-2018-5733 Avoid buffer overflow reference counter