commit b8225540ab67cac71496b4dd499dc23f4458e986 Author: Adrian Schröter Date: Mon Nov 27 11:56:55 2023 +0100 Sync from SUSE:ALP:Source:Standard:1.0 dhcp revision ce631c21fbafd7dce70b6b065fa59e54 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/0001-dhcp-4.1.1-default-paths.patch b/0001-dhcp-4.1.1-default-paths.patch new file mode 100644 index 0000000..61b6ccc --- /dev/null +++ b/0001-dhcp-4.1.1-default-paths.patch @@ -0,0 +1,44 @@ +From b6ba495cc0b6f578a5cc444af39cab424f63d996 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 09:50:30 +0200 +Subject: [PATCH] dhcp-4.1.1-default-paths + +--- + includes/dhcpd.h | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/includes/dhcpd.h b/includes/dhcpd.h +index b0f73fb..5830bdb 100644 +--- a/includes/dhcpd.h ++++ b/includes/dhcpd.h +@@ -1420,11 +1420,11 @@ typedef unsigned char option_mask [16]; + #endif /* DEBUG */ + + #ifndef _PATH_DHCPD_DB +-#define _PATH_DHCPD_DB LOCALSTATEDIR"/db/dhcpd.leases" ++#define _PATH_DHCPD_DB LOCALSTATEDIR"/lib/dhcp/db/dhcpd.leases" + #endif + + #ifndef _PATH_DHCPD6_DB +-#define _PATH_DHCPD6_DB LOCALSTATEDIR"/db/dhcpd6.leases" ++#define _PATH_DHCPD6_DB LOCALSTATEDIR"/lib/dhcp6/db/dhcpd6.leases" + #endif + + #ifndef _PATH_DHCPD_PID +@@ -1454,11 +1454,11 @@ typedef unsigned char option_mask [16]; + #endif + + #ifndef _PATH_DHCLIENT_DB +-#define _PATH_DHCLIENT_DB LOCALSTATEDIR"/db/dhclient.leases" ++#define _PATH_DHCLIENT_DB LOCALSTATEDIR"/lib/dhcp/dhclient.leases" + #endif + + #ifndef _PATH_DHCLIENT6_DB +-#define _PATH_DHCLIENT6_DB LOCALSTATEDIR"/db/dhclient6.leases" ++#define _PATH_DHCLIENT6_DB LOCALSTATEDIR"/lib/dhcp6/dhclient6.leases" + #endif + + #ifndef _PATH_RESOLV_CONF +-- +1.8.4 + diff --git a/0002-dhcp-4.1.1-paranoia.patch b/0002-dhcp-4.1.1-paranoia.patch new file mode 100644 index 0000000..2ffd30e --- /dev/null +++ b/0002-dhcp-4.1.1-paranoia.patch @@ -0,0 +1,75 @@ +From 1561b8cb9bacabc5e6064b84ba7a187bfb97d0ad Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 09:53:00 +0200 +Subject: [PATCH] dhcp-4.1.1-paranoia + +--- + server/dhcpd.c | 24 ++++++++++++++++++++---- + 1 file changed, 20 insertions(+), 4 deletions(-) + +diff --git a/server/dhcpd.c b/server/dhcpd.c +index 7dc7dd2..b4c1bef 100644 +--- a/server/dhcpd.c ++++ b/server/dhcpd.c +@@ -207,7 +207,11 @@ static void omapi_listener_start (void *foo) + #if defined (PARANOIA) + /* to be used in one of two possible scenarios */ + static void setup_chroot (char *chroot_dir) { +- if (geteuid()) ++ /* ++ ** getuid() instead of geteuid(), see ++ ** comment by thomas@suse.de bellow ++ */ ++ if (getuid()) + log_fatal ("you must be root to use chroot"); + + if (chroot(chroot_dir)) { +@@ -413,7 +417,7 @@ main(int argc, char **argv) { + log_fatal ("Insufficient memory to %s %s: %s", + "record interface", argv [i], + isc_result_totext (result)); +- strcpy (tmp -> name, argv [i]); ++ strncpy (tmp -> name, argv [i], sizeof(tmp->name)-1); + if (interfaces) { + interface_reference (&tmp -> next, + interfaces, MDL); +@@ -499,7 +503,15 @@ main(int argc, char **argv) { + if (set_user) { + struct passwd *tmp_pwd; + +- if (geteuid()) ++ /* ++ ** I query for the real UID and not for the effective UID ++ ** just to force the user to run this server as root and ++ ** not setting it suid. It should be a paranoia patch and ++ ** not a teletubbie patch. *eg* ++ ** Note: That the user is still able to set it suid! *zitter* ++ ** thomas@suse.de ++ */ ++ if (getuid()) + log_fatal ("you must be root to set user"); + + if (!(tmp_pwd = getpwnam(set_user))) +@@ -517,7 +529,10 @@ main(int argc, char **argv) { + #define group real_group + struct group *tmp_grp; + +- if (geteuid()) ++ /* ++ ** getuid() instead of geteuid(), see above ++ */ ++ if (getuid()) + log_fatal ("you must be root to set group"); + + if (!(tmp_grp = getgrnam(set_group))) +@@ -771,6 +786,7 @@ main(int argc, char **argv) { + /* change uid to the specified one */ + + if (set_gid) { ++ /* setgroups is done, OK */ + if (setgroups (0, (void *)0)) + log_fatal ("setgroups: %m"); + if (setgid (set_gid)) +-- +1.8.4 + diff --git a/0003-dhcp-4.2.2-man-includes.patch b/0003-dhcp-4.2.2-man-includes.patch new file mode 100644 index 0000000..af879ee --- /dev/null +++ b/0003-dhcp-4.2.2-man-includes.patch @@ -0,0 +1,41 @@ +From 3c393c65c158048f55017e48aedcc304c9ebd075 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 10:01:04 +0200 +Subject: [PATCH] dhcp-4.2.2-man-includes + +--- + dhcpctl/dhcpctl.3 | 4 ++-- + omapip/omapi.3 | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/dhcpctl/dhcpctl.3 b/dhcpctl/dhcpctl.3 +index ae42a71..d699f4a 100644 +--- a/dhcpctl/dhcpctl.3 ++++ b/dhcpctl/dhcpctl.3 +@@ -430,8 +430,8 @@ that most error checking has been omitted for brevity. + #include + #include + +-#include "omapip/result.h" +-#include "dhcpctl.h" ++#include ++#include + + int main (int argc, char **argv) { + dhcpctl_data_string ipaddrstring = NULL; +diff --git a/omapip/omapi.3 b/omapip/omapi.3 +index 8fa8105..a616fd3 100644 +--- a/omapip/omapi.3 ++++ b/omapip/omapi.3 +@@ -88,7 +88,7 @@ the lease ends. + #include + #include + +- #include ++ #include + #include + + int main (int argc, char **argv) { +-- +1.8.4 + diff --git a/0004-dhcp-4.1.1-tmpfile.patch b/0004-dhcp-4.1.1-tmpfile.patch new file mode 100644 index 0000000..aeec2aa --- /dev/null +++ b/0004-dhcp-4.1.1-tmpfile.patch @@ -0,0 +1,37 @@ +From 70f2683580a88180238804546dd24a6a41427282 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 10:06:01 +0200 +Subject: [PATCH] dhcp-4.1.1-tmpfile + +Signed-off-by: Marius Tomaschewski + +diff --git a/server/db.c b/server/db.c +index 5238ed8..0c642ad 100644 +--- a/server/db.c ++++ b/server/db.c +@@ -1116,15 +1116,19 @@ int new_lease_file () + * either by malice or ignorance, we panic, since the potential + * for havoc is high. + */ +- if (snprintf (newfname, sizeof newfname, "%s.%d", +- path_dhcpd_db, (int)t) >= sizeof newfname) ++ if (snprintf (newfname, sizeof newfname, "%s.XXXXXX", ++ path_dhcpd_db) >= sizeof newfname) + log_fatal("new_lease_file: lease file path too long"); + +- db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664); ++ db_fd = mkstemp (newfname); + if (db_fd < 0) { + log_error ("Can't create new lease file: %m"); + return 0; + } ++ if (fchmod(db_fd, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) { ++ log_error ("Can't fchmod new lease file: %m"); ++ goto fail; ++ } + + #if defined (PARANOIA) + /* +-- +2.1.4 + diff --git a/0005-dhcp-4.1.1-dhclient-exec-filedes.patch b/0005-dhcp-4.1.1-dhclient-exec-filedes.patch new file mode 100644 index 0000000..a2bb2eb --- /dev/null +++ b/0005-dhcp-4.1.1-dhclient-exec-filedes.patch @@ -0,0 +1,29 @@ +From 92a611b4b05ef420e81c2c78f8c1eb3b38c31627 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 10:28:04 +0200 +Subject: [PATCH] dhcp-4.1.1-dhclient-exec-filedes + +--- + client/dhclient.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/client/dhclient.c b/client/dhclient.c +index 52121be..203d3d1 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -3369,6 +3369,12 @@ int script_go (client) + */ + if (leaseFile != NULL) + fclose(leaseFile); ++ if ((i = open("/dev/null", O_RDWR)) != -1) { ++ dup2(i, STDIN_FILENO); ++ dup2(i, STDOUT_FILENO); ++ if (i > STDERR_FILENO) ++ close(i); ++ } + execve (scriptName, argv, envp); + log_error ("execve (%s, ...): %m", scriptName); + exit (0); +-- +1.8.4 + diff --git a/0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch b/0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch new file mode 100644 index 0000000..9586b1f --- /dev/null +++ b/0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch @@ -0,0 +1,128 @@ +From ec55fe43e597e5ea0f8dff5b8edef091c0911801 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 10:49:07 +0200 +Subject: [PATCH] dhcp-4.3.2-dhclient-send-hostname-or-fqdn + +Signed-off-by: Marius Tomaschewski + +Index: dhcp-4.4.2/client/dhclient.8 +=================================================================== +--- dhcp-4.4.2.orig/client/dhclient.8 ++++ dhcp-4.4.2/client/dhclient.8 +@@ -73,6 +73,10 @@ dhclient - Dynamic Host Configuration Pr + .I LL|LLT + ] + [ ++.B -H ++.I hostname ++] ++[ + .B -p + .I port-number + ] +@@ -353,6 +357,11 @@ transmits these messages to 255.255.255. + address). Overriding this is mostly useful for debugging purposes. This + feature is not supported in DHCPv6 (\fB-6\fR) mode. + .TP ++.BI \-H \ hostname ++This flag may be used to specify a client hostname that should be sent to ++the DHCP server as host-name (ipv4 only) or fqdn to perform dns update. ++Note, that this option is a SUSE/Novell extension. ++.TP + .BI \-g \ relay + .\" mockup relay + Set the giaddr field of all packets to the \fIrelay\fR IP address +Index: dhcp-4.4.2/client/dhclient.c +=================================================================== +--- dhcp-4.4.2.orig/client/dhclient.c ++++ dhcp-4.4.2/client/dhclient.c +@@ -185,6 +185,7 @@ static const char use_v6command[] = "Com + #endif + + #define DHCLIENT_USAGEC \ ++" [-H hostname]\n" \ + " [-s server-addr] [-cf config-file]\n" \ + " [-df duid-file] [-lf lease-file]\n" \ + " [-pf pid-file] [--no-pid] [-e VAR=val]\n" \ +@@ -235,6 +236,7 @@ main(int argc, char **argv) { + int no_dhclient_db = 0; + int no_dhclient_pid = 0; + int no_dhclient_script = 0; ++ char *dhclient_hostname = NULL; + #ifdef DHCPv6 + int local_family_set = 0; + #ifdef DHCP4o6 +@@ -434,6 +436,24 @@ main(int argc, char **argv) { + if (++i == argc) + usage(use_noarg, argv[i-1]); + mockup_relay = argv[i]; ++ } else if (!strcmp (argv[i], "-H")) { ++ size_t len; ++ if (++i == argc || !argv[i] || *(argv[i]) == '\0') ++ usage(use_noarg, argv[i-1]); ++ len = strlen (argv[i]); ++ if (len > HOST_NAME_MAX) { ++ log_error("-H option hostname string \"%s\" is too long:" ++ "maximum length is %d characters", ++ argv[i], HOST_NAME_MAX); ++ exit(1); ++ } else if(check_domain_name(argv[i], len, ++ local_family == AF_INET6 ? 1 : 0) != 0) { ++ log_error("suspect %s in -H option: \"%s\"", ++ local_family == AF_INET6 ? "fqdn" : "hostname", ++ argv[i]); ++ exit(1); ++ } ++ dhclient_hostname = argv [i]; + } else if (!strcmp(argv[i], "-nw")) { + nowait = 1; + } else if (!strcmp(argv[i], "-n")) { +@@ -759,6 +779,48 @@ main(int argc, char **argv) { + /* Parse the dhclient.conf file. */ + read_client_conf(); + ++ /* If the user specified a hostname, send it here and now */ ++ if ((dhclient_hostname != NULL) && (*dhclient_hostname != '\0') ) { ++ struct parse *cfile = NULL; ++ char buf[1024] = {'\0'}; ++ int len; ++ ++ if (strchr(dhclient_hostname, '.')) { ++ len = strlen(dhclient_hostname); ++ snprintf (buf, sizeof(buf), ++ "send fqdn.fqdn \"%s%s\";\n" ++ "send fqdn.encoded on;\n" ++ "send fqdn.server-update on;\n" ++ "also request %s;\n", ++ dhclient_hostname, ++ dhclient_hostname[len - 1] == '.' ? "" : ".", ++ local_family == AF_INET6 ? "dhcp6.fqdn" : "fqdn"); ++ } else if (local_family == AF_INET) { ++ snprintf (buf, sizeof(buf), ++ "send host-name \"%s\";", ++ dhclient_hostname); ++ } ++ if ((len = strlen(buf))) { ++ status = new_parse (&cfile, -1, buf, len, ++ "hostname update options", 0); ++ if (status != ISC_R_SUCCESS) ++ log_fatal ("Cannot parse send host-name statement!"); ++ ++ for (;;) { ++ const char *val = NULL; ++ int token; ++ ++ token = peek_token (&val, (unsigned *)0, cfile); ++ if (token == END_OF_FILE) ++ break; ++ ++ parse_client_statement (cfile, NULL, ++ &top_level_config); ++ } ++ end_parse (&cfile); ++ } ++ } ++ + /* Parse the lease database. */ + read_client_leases(); + diff --git a/0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch b/0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch new file mode 100644 index 0000000..6c63654 --- /dev/null +++ b/0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch @@ -0,0 +1,26 @@ +From a9d31f9f8356fba3fc49ead5afdfd8cca5a4a535 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Tue, 12 Jun 2012 08:54:23 +0200 +Subject: [PATCH] dhcp-4.1.1-P1-lpf-bind-msg-fix +References: bnc#617795 + +--- + common/lpf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/common/lpf.c b/common/lpf.c +index 44f5f54..82c8b76 100644 +--- a/common/lpf.c ++++ b/common/lpf.c +@@ -94,7 +94,7 @@ int if_register_lpf (info) + if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || + errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || + errno == EAFNOSUPPORT || errno == EINVAL) { +- log_error ("socket: %m - make sure"); ++ log_error ("bind: %m - make sure"); + log_error ("CONFIG_PACKET (Packet socket) %s", + "and CONFIG_FILTER"); + log_error ("(Socket Filtering) are enabled %s", +-- +1.8.4 + diff --git a/0008-dhcp-4.2.2-dhclient-option-checks.patch b/0008-dhcp-4.2.2-dhclient-option-checks.patch new file mode 100644 index 0000000..4bce16c --- /dev/null +++ b/0008-dhcp-4.2.2-dhclient-option-checks.patch @@ -0,0 +1,58 @@ +From 48c1bbb9cbd6d6e71178e82fd45a7409efbb9d72 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Wed, 27 Apr 2011 13:56:47 +0200 +Subject: [PATCH] dhcp-4.2.2-dhclient-option-checks +References: bnc#643845 + +--- + client/dhclient.c | 6 +++--- + common/options.c | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/client/dhclient.c b/client/dhclient.c +index b7a14fe..19a527b 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -3301,7 +3301,7 @@ void script_write_params (client, prefix, lease) + } else { + log_error("suspect value in %s " + "option - discarded", +- lease->filename); ++ "filename"); + } + } + +@@ -3314,7 +3314,7 @@ void script_write_params (client, prefix, lease) + } else { + log_error("suspect value in %s " + "option - discarded", +- lease->server_name); ++ "server-name"); + } + } + +@@ -4283,7 +4283,7 @@ static int check_domain_name(const char *ptr, size_t len, int dots) + const char *p; + + /* not empty or complete length not over 255 characters */ +- if ((len == 0) || (len > 256)) ++ if ((len == 0) || (len >= 256)) + return(-1); + + /* consists of [[:alnum:]-]+ labels separated by [.] */ +diff --git a/common/options.c b/common/options.c +index 56bb151..be44a70 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -3979,7 +3979,7 @@ pretty_escape(char **dst, char *dend, const unsigned char **src, + } + } else if (**src == '"' || **src == '\'' || **src == '$' || + **src == '`' || **src == '\\' || **src == '|' || +- **src == '&') { ++ **src == '&' || **src == ';') { + if (*dst + 2 > dend) + return -1; + +-- +1.8.4 + diff --git a/0009-dhcp-4.2.6-close-on-exec.patch b/0009-dhcp-4.2.6-close-on-exec.patch new file mode 100644 index 0000000..2a429c3 --- /dev/null +++ b/0009-dhcp-4.2.6-close-on-exec.patch @@ -0,0 +1,272 @@ +From ecb183516cf0b51ebf0a02f3b46248479fa51e43 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 14:09:06 +0200 +Subject: [PATCH] dhcp-4.2.6-close-on-exec + +Merged fixed close-on-exec patch (bnc#732910) + +References: bnc#732910 +Signed-off-by: Marius Tomaschewski + +Index: client/clparse.c +=================================================================== +--- client/clparse.c.orig ++++ client/clparse.c +@@ -265,7 +265,7 @@ int read_client_conf_file (const char *n + int token; + isc_result_t status; + +- if ((file = open (name, O_RDONLY)) < 0) ++ if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0) + return uerr2isc (errno); + + cfile = NULL; +@@ -341,7 +341,7 @@ void read_client_leases () + + /* Open the lease file. If we can't open it, just return - + we can safely trust the server to remember our state. */ +- if ((file = open (path_dhclient_db, O_RDONLY)) < 0) ++ if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0) + return; + + cfile = NULL; +Index: client/dhclient.c +=================================================================== +--- client/dhclient.c.orig ++++ client/dhclient.c +@@ -683,7 +683,7 @@ main(int argc, char **argv) { + long temp; + int e; + +- if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) { ++ if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) { + e = fscanf(pidfd, "%ld\n", &temp); + oldpid = (pid_t)temp; + +@@ -3642,7 +3642,7 @@ void rewrite_client_leases () + + if (leaseFile != NULL) + fclose (leaseFile); +- leaseFile = fopen (path_dhclient_db, "w"); ++ leaseFile = fopen (path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error ("can't create %s: %m", path_dhclient_db); + return; +@@ -3837,7 +3837,7 @@ write_duid(struct data_string *duid) + return DHCP_R_INVALIDARG; + + if (leaseFile == NULL) { /* XXX? */ +- leaseFile = fopen(path_dhclient_db, "w"); ++ leaseFile = fopen(path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error("can't create %s: %m", path_dhclient_db); + return ISC_R_IOERROR; +@@ -3882,7 +3882,7 @@ write_client6_lease(struct client_state + return DHCP_R_INVALIDARG; + + if (leaseFile == NULL) { /* XXX? */ +- leaseFile = fopen(path_dhclient_db, "w"); ++ leaseFile = fopen(path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error("can't create %s: %m", path_dhclient_db); + return ISC_R_IOERROR; +@@ -4041,7 +4041,7 @@ int write_client_lease (client, lease, r + return 1; + + if (leaseFile == NULL) { /* XXX */ +- leaseFile = fopen (path_dhclient_db, "w"); ++ leaseFile = fopen (path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error ("can't create %s: %m", path_dhclient_db); + return 0; +Index: common/bpf.c +=================================================================== +--- common/bpf.c.orig ++++ common/bpf.c +@@ -94,7 +94,7 @@ int if_register_bpf (info) + for (b = 0; 1; b++) { + /* %Audit% 31 bytes max. %2004.06.17,Safe% */ + sprintf(filename, BPF_FORMAT, b); +- sock = open (filename, O_RDWR, 0); ++ sock = open (filename, O_RDWR | O_CLOEXEC, 0); + if (sock < 0) { + if (errno == EBUSY) { + continue; +Index: common/dlpi.c +=================================================================== +--- common/dlpi.c.orig ++++ common/dlpi.c +@@ -817,7 +817,7 @@ dlpiopen(const char *ifname) { + } + *dp = '\0'; + +- return open (devname, O_RDWR, 0); ++ return open (devname, O_RDWR | O_CLOEXEC, 0); + } + + /* +Index: common/nit.c +=================================================================== +--- common/nit.c.orig ++++ common/nit.c +@@ -75,7 +75,7 @@ int if_register_nit (info) + struct strioctl sio; + + /* Open a NIT device */ +- sock = open ("/dev/nit", O_RDWR); ++ sock = open ("/dev/nit", O_RDWR | O_CLOEXEC); + if (sock < 0) + log_fatal ("Can't open NIT device for %s: %m", info -> name); + +Index: common/resolv.c +=================================================================== +--- common/resolv.c.orig ++++ common/resolv.c +@@ -43,7 +43,7 @@ void read_resolv_conf (parse_time) + struct domain_search_list *dp, *dl, *nd; + isc_result_t status; + +- if ((file = open (path_resolv_conf, O_RDONLY)) < 0) { ++ if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) { + log_error ("Can't open %s: %m", path_resolv_conf); + return; + } +Index: common/upf.c +=================================================================== +--- common/upf.c.orig ++++ common/upf.c +@@ -71,7 +71,7 @@ int if_register_upf (info) + /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ + sprintf(filename, "/dev/pf/pfilt%d", b); + +- sock = open (filename, O_RDWR, 0); ++ sock = open (filename, O_RDWR | O_CLOEXEC, 0); + if (sock < 0) { + if (errno == EBUSY) { + continue; +Index: omapip/trace.c +=================================================================== +--- omapip/trace.c.orig ++++ omapip/trace.c +@@ -136,10 +136,10 @@ isc_result_t trace_begin (const char *fi + return DHCP_R_INVALIDARG; + } + +- traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600); ++ traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600); + if (traceoutfile < 0 && errno == EEXIST) { + log_error ("WARNING: Overwriting trace file \"%s\"", filename); +- traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC, ++ traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC | O_CLOEXEC, + 0600); + } + +@@ -427,7 +427,7 @@ void trace_file_replay (const char *file + isc_result_t result; + int len; + +- traceinfile = fopen (filename, "r"); ++ traceinfile = fopen (filename, "re"); + if (!traceinfile) { + log_error("Can't open tracefile %s: %m", filename); + return; +Index: relay/dhcrelay.c +=================================================================== +--- relay/dhcrelay.c.orig ++++ relay/dhcrelay.c +@@ -783,13 +783,14 @@ main(int argc, char **argv) { + /* Create the pid file. */ + if (no_pid_file == ISC_FALSE) { + pfdesc = open(path_dhcrelay_pid, +- O_CREAT | O_TRUNC | O_WRONLY, 0644); ++ O_CREAT | O_TRUNC | O_WRONLY | ++ O_CLOEXEC, 0644); + + if (pfdesc < 0) { + log_error("Can't create %s: %m", + path_dhcrelay_pid); + } else { +- pf = fdopen(pfdesc, "w"); ++ pf = fdopen(pfdesc, "we"); + if (!pf) + log_error("Can't fdopen %s: %m", + path_dhcrelay_pid); +Index: server/confpars.c +=================================================================== +--- server/confpars.c.orig ++++ server/confpars.c +@@ -118,7 +118,7 @@ isc_result_t read_conf_file (const char + } + #endif + +- if ((file = open (filename, O_RDONLY)) < 0) { ++ if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) { + if (leasep) { + log_error ("Can't open lease database %s: %m --", + path_dhcpd_db); +Index: server/db.c +=================================================================== +--- server/db.c.orig ++++ server/db.c +@@ -1105,7 +1105,7 @@ void db_startup (int test_mode) + * Therefore, in test mode we need to point db_file to a disposable + * file to protect the original lease file. */ + current_db_path = (test_mode ? "/dev/null" : path_dhcpd_db); +- db_file = fopen (current_db_path, "a"); ++ db_file = fopen (current_db_path, "ae"); + if (!db_file) { + log_fatal ("Can't open %s for append.", current_db_path); + } +@@ -1154,7 +1154,7 @@ int new_lease_file (int test_mode) + path_dhcpd_db) >= sizeof newfname) + log_fatal("new_lease_file: lease file path too long"); + +- db_fd = mkstemp (newfname); ++ db_fd = mkostemp (newfname, O_CLOEXEC); + if (db_fd < 0) { + log_error ("Can't create new lease file: %m"); + return 0; +@@ -1179,7 +1179,7 @@ int new_lease_file (int test_mode) + } + #endif /* PARANOIA */ + +- if ((new_db_file = fdopen(db_fd, "w")) == NULL) { ++ if ((new_db_file = fdopen(db_fd, "we")) == NULL) { + log_error("Can't fdopen new lease file: %m"); + close(db_fd); + goto fdfail; +Index: server/dhcpd.c +=================================================================== +--- server/dhcpd.c.orig ++++ server/dhcpd.c +@@ -880,7 +880,7 @@ main(int argc, char **argv) { + */ + if ((lftest == 0) && (no_pid_file == ISC_FALSE)) { + /*Read previous pid file. */ +- if ((i = open(path_dhcpd_pid, O_RDONLY)) >= 0) { ++ if ((i = open(path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) { + status = read(i, pbuf, (sizeof pbuf) - 1); + close(i); + if (status > 0) { +@@ -990,7 +990,7 @@ main(int argc, char **argv) { + * appropriate. + */ + if (no_pid_file == ISC_FALSE) { +- i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644); ++ i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); + if (i >= 0) { + sprintf(pbuf, "%d\n", (int) getpid()); + IGNORE_RET(write(i, pbuf, strlen(pbuf))); +Index: server/ldap.c +=================================================================== +--- server/ldap.c.orig ++++ server/ldap.c +@@ -1447,7 +1447,7 @@ ldap_start (void) + + if (ldap_debug_file != NULL && ldap_debug_fd == -1) + { +- if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY, ++ if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, + S_IRUSR | S_IWUSR)) < 0) + log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, + strerror (errno)); diff --git a/0010-dhcp-4.2.2-quiet-dhclient.patch b/0010-dhcp-4.2.2-quiet-dhclient.patch new file mode 100644 index 0000000..a0d317c --- /dev/null +++ b/0010-dhcp-4.2.2-quiet-dhclient.patch @@ -0,0 +1,27 @@ +From 61b4b713b630febf170c58c9ebbba2e01bb28eff Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 15:09:01 +0200 +Subject: [PATCH] dhcp-4.2.2-quiet-dhclient +References: bnc#711420 + +--- + client/dhclient.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/client/dhclient.c b/client/dhclient.c +index dbc6f38..65d9eeb 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -451,6 +451,9 @@ main(int argc, char **argv) { + } else { + log_perror = 0; + quiet_interface_discovery = 1; ++#if !defined(DEBUG) ++ setlogmask(LOG_UPTO(LOG_NOTICE)); ++#endif + } + + /* If we're given a relay agent address to insert, for testing +-- +1.8.4 + diff --git a/0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch b/0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch new file mode 100644 index 0000000..e9021a0 --- /dev/null +++ b/0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch @@ -0,0 +1,38 @@ +From 34e6100717f3de5a32ccb3234a949d017f789fdb Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Tue, 10 Jun 2014 02:42:32 +0000 +Subject: [PATCH] dhcp-4.2.x-chown-server-leases.bnc868253 + +Fixed dhcp server to chown leases to run user at start + +References: bnc#868253 +Signed-off-by: Marius Tomaschewski + +diff --git a/server/dhcpd.c b/server/dhcpd.c +index afef390..0f5c640 100644 +--- a/server/dhcpd.c ++++ b/server/dhcpd.c +@@ -770,8 +770,19 @@ main(int argc, char **argv) { + } + + #if defined (PARANOIA) +- /* change uid to the specified one */ ++ /* ensure, the leases db is owned by the run user/group */ ++ if (set_gid || set_uid) { ++ char backfname[512]; ++ ++ chown(path_dhcpd_db, set_uid ? set_uid : -1, ++ set_gid ? set_gid : -1); + ++ snprintf (backfname, sizeof backfname, "%s~", path_dhcpd_db); ++ chown(backfname, set_uid ? set_uid : -1, ++ set_gid ? set_gid : -1); ++ } ++ ++ /* change uid to the specified one */ + if (set_gid) { + /* setgroups is done, OK */ + if (setgroups (0, (void *)0)) +-- +2.1.4 + diff --git a/0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch b/0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch new file mode 100644 index 0000000..1e1759f --- /dev/null +++ b/0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch @@ -0,0 +1,68 @@ +From 9267da086dcbb39509eae05d1d60ba37596a3f89 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Wed, 29 Apr 2015 11:18:36 +0200 +Subject: dhclient6: unsigned lifetimes for script (bsc#926159) + +Address/IA lifetimes are all unsigned, don't turn into signed +(negative e.g. in infinite case) when passing them to scripts +and format timestamps as long to not break them on 64bit archs. + +References: bsc#926159 + +--- client/dhc6.c.orig ++++ client/dhc6.c +@@ -4344,8 +4344,8 @@ dhc6_marshall_values(const char *prefix, + client_envadd(client, prefix, + "ip6_type", "temporary"); + } +- client_envadd(client, prefix, "life_starts", "%d", +- (int)(addr->starts)); ++ client_envadd(client, prefix, "life_starts", "%ld", ++ (long)(addr->starts)); + client_envadd(client, prefix, "preferred_life", "%u", + addr->preferred_life); + client_envadd(client, prefix, "max_life", "%u", +@@ -4356,8 +4356,8 @@ dhc6_marshall_values(const char *prefix, + if (ia != NULL) { + client_envadd(client, prefix, "iaid", "%s", + print_hex_1(4, ia->iaid, 12)); +- client_envadd(client, prefix, "starts", "%d", +- (int)(ia->starts)); ++ client_envadd(client, prefix, "starts", "%ld", ++ (long)(ia->starts)); + client_envadd(client, prefix, "renew", "%u", ia->renew); + client_envadd(client, prefix, "rebind", "%u", ia->rebind); + } +--- client/dhclient.c.orig ++++ client/dhclient.c +@@ -3708,13 +3708,13 @@ write_client6_lease(struct client_state + return ISC_R_IOERROR; + + if (ia->ia_type != D6O_IA_TA) +- stat = fprintf(leaseFile, " starts %d;\n" ++ stat = fprintf(leaseFile, " starts %ld;\n" + " renew %u;\n" + " rebind %u;\n", +- (int)ia->starts, ia->renew, ia->rebind); ++ (long)ia->starts, ia->renew, ia->rebind); + else +- stat = fprintf(leaseFile, " starts %d;\n", +- (int)ia->starts); ++ stat = fprintf(leaseFile, " starts %ld;\n", ++ (long)ia->starts); + if (stat <= 0) + return ISC_R_IOERROR; + +@@ -3731,10 +3731,10 @@ write_client6_lease(struct client_state + if (stat <= 0) + return ISC_R_IOERROR; + +- stat = fprintf(leaseFile, " starts %d;\n" ++ stat = fprintf(leaseFile, " starts %ld;\n" + " preferred-life %u;\n" + " max-life %u;\n", +- (int)addr->starts, addr->preferred_life, ++ (long)addr->starts, addr->preferred_life, + addr->max_life); + if (stat <= 0) + return ISC_R_IOERROR; diff --git a/0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch b/0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch new file mode 100644 index 0000000..cb18805 --- /dev/null +++ b/0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch @@ -0,0 +1,69 @@ +From 5fd4d0595760acd3e4c2524c9747dc5c0042e173 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Fri, 29 May 2015 13:56:58 +0200 +Subject: Expose next-server DHCPv4 option to dhclient script + +Currently dhclient does not exposes next-server option +to the dhclient script. this patch fixes this. + +Signed-off-by: Tomas Hozza +References: bsc#928390 + +diff --git a/client/dhclient.c b/client/dhclient.c +index 4d7394d..0c77ae2 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -1104,7 +1104,7 @@ void state_selecting (cpp) + client -> state = S_REQUESTING; + + /* Bind to the address we received. */ +- bind_lease (client); ++ bind_lease (client, NULL); + return; + } + +@@ -1294,11 +1294,12 @@ void dhcpack (packet) + if (client -> new -> rebind < cur_time) + client -> new -> rebind = TIME_MAX; + +- bind_lease (client); ++ bind_lease (client, &packet -> raw -> siaddr); + } + +-void bind_lease (client) ++void bind_lease (client, siaddr) + struct client_state *client; ++ struct in_addr *siaddr; + { + struct timeval tv; + +@@ -1318,6 +1319,13 @@ void bind_lease (client) + if (client->alias) + script_write_params(client, "alias_", client->alias); + ++ if (siaddr) { ++ char buf[INET_ADDRSTRLEN]; ++ ++ if (inet_ntop (AF_INET, (void *) siaddr, buf, sizeof (buf))) ++ client_envadd (client, "new_", "next_server", "%s", buf); ++ } ++ + /* If the BOUND/RENEW code detects another machine using the + offered address, it exits nonzero. We need to send a + DHCPDECLINE and toss the lease. */ +diff --git a/includes/dhcpd.h b/includes/dhcpd.h +index 86d0afe..f0f4b20 100644 +--- a/includes/dhcpd.h ++++ b/includes/dhcpd.h +@@ -2891,7 +2891,7 @@ void state_bound (void *); + void state_stop (void *); + void state_panic (void *); + +-void bind_lease (struct client_state *); ++void bind_lease (struct client_state *, struct in_addr *); + + void make_client_options (struct client_state *, + struct client_lease *, u_int8_t *, +-- +2.1.4 + diff --git a/0016-infiniband-support.patch b/0016-infiniband-support.patch new file mode 100644 index 0000000..cf4f638 --- /dev/null +++ b/0016-infiniband-support.patch @@ -0,0 +1,1115 @@ +References: bnc#870535,bsc#909189,bsc#910984 + +From 92250da05c2e4e3f1f60d627b52fe3f4f14828d3 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Mon, 14 Sep 2015 13:42:34 +0200 +Subject: [PATCH] infiniband-support + +Squashed rework based on the following commits: + +commit 8f5918fa4319fc8173ca6e75d6e2ab8c379e980d +Author: Marius Tomaschewski +Date: Mon Sep 14 12:26:12 2015 +0200 + + dhcp 4.3.3 ip over ib support fixes (bsc#910984) + + - verify client-identifier in responses as defined by RFC6864 + - generate RFC4361 client-identifier for infiniband as required by + RFC4390; config file can still override it using send statement. + - fixed to set the ib hwaddr and guard copying/compares to chaddr; + it is used for client-identifier, improved xid and other things. + - fixed lpf send_packet to not break unicast on fallback socket. + +commit 3173fd96fe8873f7924f8b5c3f2a6a34ebe1c90c +Author: root +Date: Tue Mar 25 23:30:18 2014 +0200 + + dhcp 4.3.2 improved xid + + References: bnc#870535 + +commit 7e27105baa2a86469efa17fe70667baa8bcc627f +Author: Jiri Slaby +Date: Wed Dec 10 13:48:03 2014 +0100 + + dhcp-4.2.x-handle-ifa_addr-NULL.909189 + + Fix to not crash in interface discovery when the interface + address is NULL. Bug has been introduced by the infiniband + support patch (bsc#870535). + + References: bsc#909189,bnc#870535 + +commit 7818a340f84c0fe3c750baa721fb4221e2e2d443 +Author: root +Date: Tue Mar 25 23:15:58 2014 +0200 + + dhcp 4.3.2 lpf ip over ib support + + References: bnc#870535 + + +Index: client/dhclient.c +=================================================================== +--- client/dhclient.c.orig ++++ client/dhclient.c +@@ -76,6 +76,40 @@ int decline_wait_time = 10; /* Default t + assert (state_is == state_shouldbe). */ + #define ASSERT_STATE(state_is, state_shouldbe) {} + ++static void form_interface_duid(struct data_string *duid, struct interface_info *ip, const char *file, int line); ++ ++static int check_client_identifier(struct option_state *packet_options, struct option_state *client_options) ++{ ++ struct option_cache *client_oc; ++ struct option_cache *packet_oc; ++ ++ /* RFC6864 check: ++ * ++ * When a client receives a DHCP message containing a 'client ++ * identifier' option, the client MUST compare that client ++ * identifier to the one it is configured to send. ++ * If the two client identifiers do not match, the client MUST ++ * silently discard the message. ++ */ ++ ++ /* no identifier received: not RFC6864 server ... */ ++ if (!packet_options || !(packet_oc = lookup_option(&dhcp_universe, packet_options, ++ DHO_DHCP_CLIENT_IDENTIFIER))) ++ return 1; ++ ++ /* client does not remember them in some cases ... */ ++ if (!client_options || !(client_oc = lookup_option(&dhcp_universe, client_options, ++ DHO_DHCP_CLIENT_IDENTIFIER))) ++ return 1; ++ ++ /* when we've sent one, the identifiers MUST match */ ++ if (client_oc->data.len != packet_oc->data.len || ++ memcmp(client_oc->data.data, packet_oc->data.data, client_oc->data.len)) ++ return -1; ++ ++ return 0; ++} ++ + #ifndef UNIT_TEST + static const char copyright[] = "Copyright 2004-2021 Internet Systems Consortium."; + static const char arr [] = "All rights reserved."; +@@ -885,6 +919,26 @@ main(int argc, char **argv) { + } + } + ++ /* We create a backup seed before rediscovering interfaces in order to ++ have a seed built using all of the available interfaces ++ It's interesting if required interfaces doesn't let us defined ++ a really unique seed due to a lack of valid HW addr later ++ (this is the case with DHCP over IB) ++ We only use the last device as using a sum could broke the ++ uniqueness of the seed among multiple nodes ++ */ ++ unsigned backup_seed = 0; ++ for (ip = interfaces; ip; ip = ip -> next) { ++ int junk; ++ if ( ip -> hw_address.hlen <= sizeof seed ) ++ continue; ++ memcpy (&junk, ++ &ip -> hw_address.hbuf [ip -> hw_address.hlen - ++ sizeof seed], sizeof seed); ++ backup_seed = junk; ++ } ++ ++ + /* At this point, all the interfaces that the script thinks + are relevant should be running, so now we once again call + discover_interfaces(), and this time ask it to actually set +@@ -899,19 +953,42 @@ main(int argc, char **argv) { + Not much entropy, but we're booting, so we're not likely to + find anything better. */ + seed = 0; ++ int seed_flag = 0; + for (ip = interfaces; ip; ip = ip->next) { + int junk; ++ if (ip->hw_address.hlen <= sizeof seed) ++ continue; + memcpy(&junk, + &ip->hw_address.hbuf[ip->hw_address.hlen - + sizeof seed], sizeof seed); + seed += junk; ++ seed_flag = 1; + } +- srandom(seed + cur_time + (unsigned)getpid()); ++ if ( seed_flag == 0 ) { ++ if ( backup_seed != 0 ) { ++ seed = backup_seed; ++ log_info ("xid: rand init seed (0x%x) built using all" ++ " available interfaces",seed); ++ } ++ else { ++ seed = cur_time^((unsigned) gethostid()) ; ++ log_info ("xid: warning: no netdev with useable HWADDR found" ++ " for seed's uniqueness enforcement"); ++ log_info ("xid: rand init seed (0x%x) built using gethostid", ++ seed); ++ } ++ /* we only use seed and no current time as a broadcast reply */ ++ /* will certainly be used by the hwaddrless interface */ ++ srandom(seed); ++ } ++ else ++ srandom(seed + cur_time + (unsigned)getpid()); + + + /* + * Establish a default DUID. We always do so for v6 and +- * do so if desired for v4 via the -D or -i options ++ * do so if desired for v4 via the -D or -i options or ++ * when an infiniband interface is involved. + */ + if ((local_family == AF_INET6) || + ((local_family == AF_INET) && (duid_v4 == 1))) { +@@ -922,6 +999,20 @@ main(int argc, char **argv) { + form_duid(&default_duid, MDL); + write_duid(&default_duid); + } ++ } else { ++ for (ip = interfaces; ip; ip = ip->next) { ++ if (!ip->client || ip->hw_address.hbuf[0] != HTYPE_INFINIBAND) ++ continue; ++ ++ if (default_duid.len == 0) { ++ if (default_duid.buffer != NULL) ++ data_string_forget(&default_duid, MDL); ++ ++ form_duid(&default_duid, MDL); ++ write_duid(&default_duid); ++ break; ++ } ++ } + } + + #if defined(DHCPv6) && defined(DHCP4o6) +@@ -1411,15 +1502,22 @@ void dhcpack (packet) + if (client -> xid == packet -> raw -> xid) + break; + } +- if (!client || +- (packet -> interface -> hw_address.hlen - 1 != +- packet -> raw -> hlen) || +- (memcmp (&packet -> interface -> hw_address.hbuf [1], +- packet -> raw -> chaddr, packet -> raw -> hlen))) { ++ ++ if (!client || (packet -> raw -> hlen && ++ ((packet -> interface -> hw_address.hlen - 1 != ++ packet -> raw -> hlen) || ++ (memcmp (&packet -> interface -> hw_address.hbuf [1], ++ packet -> raw -> chaddr, packet -> raw -> hlen))))) { + #if defined (DEBUG) + log_debug ("DHCPACK in wrong transaction."); + #endif + return; ++ } else ++ if (check_client_identifier(packet->options, client->sent_options) < 0) { ++#if defined (DEBUG) ++ log_debug ("response client identifier does not match ours"); ++#endif ++ return; + } + + if (client -> state != S_REBOOTING && +@@ -1432,9 +1530,10 @@ void dhcpack (packet) + return; + } + +- log_info ("DHCPACK of %s from %s", ++ log_info ("DHCPACK of %s from %s (xid=0x%x)", + inet_ntoa(packet->raw->yiaddr), +- piaddr (packet->client_addr)); ++ piaddr (packet->client_addr), ++ client -> xid); + + lease = packet_to_lease (packet, client); + if (!lease) { +@@ -2101,15 +2200,21 @@ void dhcpoffer (packet) + /* If we're not receptive to an offer right now, or if the offer + has an unrecognizable transaction id, then just drop it. */ + if (!client || +- client -> state != S_SELECTING || +- (packet -> interface -> hw_address.hlen - 1 != +- packet -> raw -> hlen) || +- (memcmp (&packet -> interface -> hw_address.hbuf [1], +- packet -> raw -> chaddr, packet -> raw -> hlen))) { ++ client -> state != S_SELECTING || (packet -> raw -> hlen && ++ ((packet -> interface -> hw_address.hlen - 1 != ++ packet -> raw -> hlen) || ++ (memcmp (&packet -> interface -> hw_address.hbuf [1], ++ packet -> raw -> chaddr, packet -> raw -> hlen))))) { + #if defined (DEBUG) + log_debug ("%s in wrong transaction.", name); + #endif + return; ++ } else ++ if (check_client_identifier(packet->options, client->sent_options) < 0) { ++#if defined (DEBUG) ++ log_debug ("response client identifier does not match ours"); ++#endif ++ return; + } + + sprintf (obuf, "%s of %s from %s", name, +@@ -2350,11 +2455,11 @@ void dhcpnak (packet) + + /* If we're not receptive to an offer right now, or if the offer + has an unrecognizable transaction id, then just drop it. */ +- if (!client || +- (packet -> interface -> hw_address.hlen - 1 != +- packet -> raw -> hlen) || +- (memcmp (&packet -> interface -> hw_address.hbuf [1], +- packet -> raw -> chaddr, packet -> raw -> hlen))) { ++ if (!client || (packet -> raw -> hlen && ++ ((packet -> interface -> hw_address.hlen - 1 != ++ packet -> raw -> hlen) || ++ (memcmp (&packet -> interface -> hw_address.hbuf [1], ++ packet -> raw -> chaddr, packet -> raw -> hlen))))) { + #if defined (DEBUG) + log_debug ("DHCPNAK in wrong transaction."); + #endif +@@ -2369,9 +2474,15 @@ void dhcpnak (packet) + log_debug ("DHCPNAK in wrong state."); + #endif + return; ++ } else ++ if (check_client_identifier(packet->options, client->sent_options) < 0) { ++#if defined (DEBUG) ++ log_debug ("response client identifier does not match ours"); ++#endif ++ return; + } + +- log_info ("DHCPNAK from %s", piaddr (packet -> client_addr)); ++ log_info ("DHCPNAK from %s (xid=0x%x)", piaddr (packet -> client_addr), client -> xid); + + if (!client -> active) { + #if defined (DEBUG) +@@ -2504,11 +2615,11 @@ void send_discover (cpp) + (long)(client -> interval)); + } else + #endif +- log_info ("DHCPDISCOVER on %s to %s port %d interval %ld", +- client -> name ? client -> name : client -> interface -> name, +- inet_ntoa (sockaddr_broadcast.sin_addr), +- ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval)); +- ++ log_info ("DHCPDISCOVER on %s to %s port %d interval %ld (xid=0x%x)", ++ client -> name ? client -> name : client -> interface -> name, ++ inet_ntoa (sockaddr_broadcast.sin_addr), ++ ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval), client -> xid); ++ + /* Send out a packet. */ + #if defined(DHCPv6) && defined(DHCP4o6) + if (dhcpv4_over_dhcpv6) { +@@ -2901,10 +3012,12 @@ void send_request (cpp) + } + + strncpy(rip_buf, rip_str, sizeof(rip_buf)-1); +- log_info ("DHCPREQUEST for %s on %s to %s port %d", rip_buf, ++ log_info ("DHCPREQUEST for %s on %s to %s port %d (xid=0x%x)", rip_buf, + client->name ? client->name : client->interface->name, + inet_ntoa(destination.sin_addr), +- ntohs (destination.sin_port)); ++ ntohs (destination.sin_port), ++ client -> xid ++ ); + + #if defined(DHCPv6) && defined(DHCP4o6) + if (dhcpv4_over_dhcpv6) { +@@ -2961,11 +3074,11 @@ void send_decline (cpp) + log_info ("DHCPDECLINE"); + } else + #endif +- log_info ("DHCPDECLINE of %s on %s to %s port %d", ++ log_info ("DHCPDECLINE of %s on %s to %s port %d (xid=0x%x)", + piaddr(client->requested_address), + (client->name ? client->name : client->interface->name), + inet_ntoa(sockaddr_broadcast.sin_addr), +- ntohs(sockaddr_broadcast.sin_port)); ++ ntohs(sockaddr_broadcast.sin_port), client->xid); + + /* Send out a packet. */ + #if defined(DHCPv6) && defined(DHCP4o6) +@@ -3024,11 +3137,11 @@ void send_release (cpp) + log_info ("DHCPRELEASE"); + } else + #endif +- log_info ("DHCPRELEASE of %s on %s to %s port %d", ++ log_info ("DHCPRELEASE of %s on %s to %s port %d (xid=0x%x)", + piaddr(client->active->address), + client->name ? client->name : client->interface->name, + inet_ntoa (destination.sin_addr), +- ntohs (destination.sin_port)); ++ ntohs (destination.sin_port), client->xid); + + #if defined(DHCPv6) && defined(DHCP4o6) + if (dhcpv4_over_dhcpv6) { +@@ -3305,10 +3418,17 @@ make_client_options(struct client_state + * This can be overridden by including a client id in the configuration + * file. + */ +- if (duid_v4 == 1) { ++ if (duid_v4 == 1 || client->interface->hw_address.hbuf[0] == HTYPE_INFINIBAND) { + struct data_string client_identifier; + int hw_idx, hw_len; + ++ if (default_duid.len == 0) { ++ if (default_duid.buffer != NULL) ++ data_string_forget(&default_duid, MDL); ++ ++ form_interface_duid(&default_duid, client->interface, MDL); ++ } ++ + memset(&client_identifier, 0, sizeof(client_identifier)); + client_identifier.len = 1 + 4 + default_duid.len; + if (!buffer_allocate(&client_identifier.buffer, +@@ -3399,12 +3519,13 @@ void make_discover (client, lease) + client -> packet.op = BOOTREQUEST; + client -> packet.htype = client -> interface -> hw_address.hbuf [0]; + /* Assumes hw_address is known, otherwise a random value may result */ +- client -> packet.hlen = client -> interface -> hw_address.hlen - 1; ++ if (client -> interface -> hw_address.hlen - 1 <= sizeof(client -> packet.chaddr)) ++ client -> packet.hlen = client -> interface -> hw_address.hlen - 1; + client -> packet.hops = 0; + client -> packet.xid = random (); + client -> packet.secs = 0; /* filled in by send_discover. */ + +- if (can_receive_unicast_unconfigured (client -> interface)) ++ if (can_receive_unicast_unconfigured (client -> interface) && client -> packet.hlen) + client -> packet.flags = 0; + else + client -> packet.flags = htons (BOOTP_BROADCAST); +@@ -3416,7 +3537,7 @@ void make_discover (client, lease) + memset (&(client -> packet.siaddr), + 0, sizeof client -> packet.siaddr); + client -> packet.giaddr = giaddr; +- if (client -> interface -> hw_address.hlen > 0) ++ if (client -> interface -> hw_address.hlen > 1 && client -> packet.hlen) + memcpy (client -> packet.chaddr, + &client -> interface -> hw_address.hbuf [1], + (unsigned)(client -> interface -> hw_address.hlen - 1)); +@@ -3473,7 +3594,8 @@ void make_request (client, lease) + client -> packet.op = BOOTREQUEST; + client -> packet.htype = client -> interface -> hw_address.hbuf [0]; + /* Assumes hw_address is known, otherwise a random value may result */ +- client -> packet.hlen = client -> interface -> hw_address.hlen - 1; ++ if (client -> interface -> hw_address.hlen - 1 <= sizeof(client -> packet.chaddr)) ++ client -> packet.hlen = client -> interface -> hw_address.hlen - 1; + client -> packet.hops = 0; + client -> packet.xid = client -> xid; + client -> packet.secs = 0; /* Filled in by send_request. */ +@@ -3505,7 +3627,7 @@ void make_request (client, lease) + else + memset (&client -> packet.giaddr, 0, + sizeof client -> packet.giaddr); +- if (client -> interface -> hw_address.hlen > 0) ++ if (client -> interface -> hw_address.hlen > 1 && client -> packet.hlen) + memcpy (client -> packet.chaddr, + &client -> interface -> hw_address.hbuf [1], + (unsigned)(client -> interface -> hw_address.hlen - 1)); +@@ -3548,7 +3670,8 @@ void make_decline (client, lease) + client -> packet.op = BOOTREQUEST; + client -> packet.htype = client -> interface -> hw_address.hbuf [0]; + /* Assumes hw_address is known, otherwise a random value may result */ +- client -> packet.hlen = client -> interface -> hw_address.hlen - 1; ++ if (client -> interface -> hw_address.hlen - 1 <= sizeof(client -> packet.chaddr)) ++ client -> packet.hlen = client -> interface -> hw_address.hlen - 1; + client -> packet.hops = 0; + client -> packet.xid = client -> xid; + client -> packet.secs = 0; /* Filled in by send_request. */ +@@ -3565,9 +3688,10 @@ void make_decline (client, lease) + memset (&client -> packet.siaddr, 0, + sizeof client -> packet.siaddr); + client -> packet.giaddr = giaddr; +- memcpy (client -> packet.chaddr, +- &client -> interface -> hw_address.hbuf [1], +- client -> interface -> hw_address.hlen); ++ if (client -> interface -> hw_address.hlen > 1 && client -> packet.hlen) ++ memcpy (client -> packet.chaddr, ++ &client -> interface -> hw_address.hbuf [1], ++ client -> interface -> hw_address.hlen - 1); + + #ifdef DEBUG_PACKET + dump_raw ((unsigned char *)&client -> packet, client -> packet_length); +@@ -3610,7 +3734,8 @@ void make_release (client, lease) + client -> packet.op = BOOTREQUEST; + client -> packet.htype = client -> interface -> hw_address.hbuf [0]; + /* Assumes hw_address is known, otherwise a random value may result */ +- client -> packet.hlen = client -> interface -> hw_address.hlen - 1; ++ if (client -> interface -> hw_address.hlen - 1 <= sizeof(client -> packet.chaddr)) ++ client -> packet.hlen = client -> interface -> hw_address.hlen - 1; + client -> packet.hops = 0; + client -> packet.xid = random (); + client -> packet.secs = 0; +@@ -3622,9 +3747,10 @@ void make_release (client, lease) + memset (&client -> packet.siaddr, 0, + sizeof client -> packet.siaddr); + client -> packet.giaddr = giaddr; +- memcpy (client -> packet.chaddr, +- &client -> interface -> hw_address.hbuf [1], +- client -> interface -> hw_address.hlen); ++ if (client -> interface -> hw_address.hlen > 1 && client -> packet.hlen) ++ memcpy (client -> packet.chaddr, ++ &client -> interface -> hw_address.hbuf [1], ++ client -> interface -> hw_address.hlen); + + #ifdef DEBUG_PACKET + dump_raw ((unsigned char *)&client -> packet, client -> packet_length); +@@ -3777,17 +3903,13 @@ write_options(struct client_state *clien + * is not how it is intended. Upcoming rearchitecting the client should + * address this "one daemon model." + */ +-void +-form_duid(struct data_string *duid, const char *file, int line) ++static void ++form_interface_duid(struct data_string *duid, struct interface_info *ip, const char *file, int line) + { +- struct interface_info *ip; + int len; + char *str; + +- /* For now, just use the first interface on the list. */ +- ip = interfaces; +- +- if (ip == NULL) ++ if (ip == NULL || duid == NULL) + log_fatal("Impossible condition at %s:%d.", MDL); + + if ((ip->hw_address.hlen == 0) || +@@ -3837,6 +3959,13 @@ form_duid(struct data_string *duid, cons + } + } + ++void ++form_duid(struct data_string *duid, const char *file, int line) ++{ ++ /* For now, just use the first interface on the list. */ ++ form_interface_duid(duid, interfaces, file, line); ++} ++ + /* Write the default DUID to the lease store. */ + static isc_result_t + write_duid(struct data_string *duid) +@@ -5276,7 +5405,8 @@ client_dns_update(struct client_state *c + NULL, client, + client->sent_options, NULL, + &global_scope, oc, MDL)) { +- if ((std_dhcid == 1) && (duid_v4 == 1) && ++ if ((std_dhcid == 1) && (duid_v4 == 1 || ++ client->interface->hw_address.hbuf[0] == HTYPE_INFINIBAND) && + (client_identifier.data[0] == 255)) { + /* + * This appears to be an embedded DUID, +Index: common/bpf.c +=================================================================== +--- common/bpf.c.orig ++++ common/bpf.c +@@ -116,7 +116,7 @@ int if_register_bpf (info) + log_fatal ("Can't attach interface %s to bpf device %s: %m", + info -> name, filename); + +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + + return sock; + } +@@ -237,11 +237,44 @@ int dhcp_bpf_relay_filter_len = + sizeof dhcp_bpf_relay_filter / sizeof (struct bpf_insn); + #endif + ++/* Packet filter program for DHCP over Infiniband. ++ * It is a generic UDP in IP packet filter (initialized to port 67 in [6].k). ++ * ++ * XXX ++ * Changes to the filter program may require changes to the constant offsets ++ * used in lpf_gen_filter_setup to patch the port in the BPF program! ++ * XXX ++ */ ++struct bpf_insn dhcp_ib_bpf_filter [] = { ++ /* Make sure it's a UDP packet... */ ++ BPF_STMT(BPF_LD + BPF_B + BPF_ABS, 9), ++ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 6), ++ ++ /* Make sure this isn't a fragment... */ ++ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 6), ++ BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 4, 0), ++ ++ /* Get the IP header length... */ ++ BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, 0), ++ ++ /* Make sure it's to the right port... */ ++ BPF_STMT(BPF_LD + BPF_H + BPF_IND, 2), ++ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 67, 0, 1), ++ ++ /* If we passed all the tests, ask for the whole packet. */ ++ BPF_STMT(BPF_RET + BPF_K, (u_int)-1), ++ ++ /* Otherwise, drop it. */ ++ BPF_STMT(BPF_RET + BPF_K, 0), ++}; ++ + #if defined (DEC_FDDI) + struct bpf_insn *bpf_fddi_filter = NULL; + #endif + + int dhcp_bpf_filter_len = sizeof dhcp_bpf_filter / sizeof (struct bpf_insn); ++int dhcp_ib_bpf_filter_len = sizeof dhcp_ib_bpf_filter / sizeof (struct bpf_insn); ++ + #if defined (HAVE_TR_SUPPORT) + struct bpf_insn dhcp_bpf_tr_filter [] = { + /* accept all token ring packets due to variable length header */ +@@ -600,7 +633,9 @@ void maybe_setup_fallback () + + #if defined(USE_BPF_RECEIVE) || defined(USE_BPF_HWADDR) + void +-get_hw_addr(const char *name, struct hardware *hw) { ++get_hw_addr(struct interface_info *info) { ++ const char *name = info->name; ++ struct hardware *hw = &info->hw_address; + struct ifaddrs *ifa; + struct ifaddrs *p; + struct sockaddr_dl *sa; +Index: common/discover.c +=================================================================== +--- common/discover.c.orig ++++ common/discover.c +@@ -899,7 +899,7 @@ discover_interfaces(int state) { + if_register_send(tmp); + } else { + /* get_hw_addr() was called by register. */ +- get_hw_addr(tmp->name, &tmp->hw_address); ++ get_hw_addr(tmp); + } + break; + #ifdef DHCPv6 +@@ -912,7 +912,7 @@ discover_interfaces(int state) { + so now we have to call it explicitly + to not leave the hardware address unknown + (some code expects it cannot be. */ +- get_hw_addr(tmp->name, &tmp->hw_address); ++ get_hw_addr(tmp); + } else { + if_register_linklocal6(tmp); + } +Index: common/dlpi.c +=================================================================== +--- common/dlpi.c.orig ++++ common/dlpi.c +@@ -1343,7 +1343,9 @@ void maybe_setup_fallback () + #endif /* USE_DLPI_SEND */ + + void +-get_hw_addr(const char *name, struct hardware *hw) { ++get_hw_addr(struct interface_info *info) { ++ const char *name = info->name; ++ struct hardware *hw = &info->hw_address; + int sock, unit; + long buf[DLPI_MAXDLBUF]; + union DL_primitives *dlp; +Index: common/lpf.c +=================================================================== +--- common/lpf.c.orig ++++ common/lpf.c +@@ -45,12 +45,22 @@ + #include + #include + #include ++#include + #endif + + #if defined (USE_LPF_SEND) || defined (USE_LPF_RECEIVE) + /* Reinitializes the specified interface after an address change. This + is not required for packet-filter APIs. */ + ++/* Default broadcast address for IPoIB */ ++static unsigned char default_ib_bcast_addr[20] = { ++ 0x00, 0xff, 0xff, 0xff, ++ 0xff, 0x12, 0x40, 0x1b, ++ 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, ++ 0xff, 0xff, 0xff, 0xff ++}; ++ + #ifdef USE_LPF_SEND + void if_reinitialize_send (info) + struct interface_info *info; +@@ -78,10 +88,25 @@ int if_register_lpf (info) + struct sockaddr common; + } sa; + struct ifreq ifr; ++ int type; ++ int protocol; + + /* Make an LPF socket. */ +- if ((sock = socket(PF_PACKET, SOCK_RAW, +- htons((short)ETH_P_ALL))) < 0) { ++ get_hw_addr(info); ++ ++ if (info->hw_address.hbuf[0] == HTYPE_INFINIBAND) { ++ /* ++ * Infiniband provides a 4-octet encapsulation ++ * header [08 00 00 00] only, so just omit it. ++ */ ++ type = SOCK_DGRAM; ++ protocol = ETHERTYPE_IP; ++ } else { ++ type = SOCK_RAW; ++ protocol = ETH_P_ALL; ++ } ++ ++ if ((sock = socket(PF_PACKET, type, htons((short)protocol))) < 0) { + if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || + errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || + errno == EAFNOSUPPORT || errno == EINVAL) { +@@ -105,6 +130,7 @@ int if_register_lpf (info) + memset (&sa, 0, sizeof sa); + sa.ll.sll_family = AF_PACKET; + sa.ll.sll_ifindex = ifr.ifr_ifindex; ++ sa.ll.sll_protocol = htons(protocol); + if (bind (sock, &sa.common, sizeof sa)) { + if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || + errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || +@@ -120,8 +146,6 @@ int if_register_lpf (info) + + } + +- get_hw_addr(info->name, &info->hw_address); +- + return sock; + } + #endif /* USE_LPF_SEND || USE_LPF_RECEIVE */ +@@ -176,6 +200,8 @@ void if_deregister_send (info) + in bpf includes... */ + extern struct sock_filter dhcp_bpf_filter []; + extern int dhcp_bpf_filter_len; ++extern struct sock_filter dhcp_ib_bpf_filter []; ++extern int dhcp_ib_bpf_filter_len; + + #if defined(RELAY_PORT) + extern struct sock_filter dhcp_bpf_relay_filter []; +@@ -188,6 +214,8 @@ extern int dhcp_bpf_tr_filter_len; + static void lpf_tr_filter_setup (struct interface_info *); + #endif + ++static void lpf_ib_filter_setup (struct interface_info *); ++ + static void lpf_gen_filter_setup (struct interface_info *); + + void if_register_receive (info) +@@ -209,12 +237,14 @@ void if_register_receive (info) + } + #endif + +- + #if defined (HAVE_TR_SUPPORT) + if (info -> hw_address.hbuf [0] == HTYPE_IEEE802) + lpf_tr_filter_setup (info); + else + #endif ++ if (info -> hw_address.hbuf [0] == HTYPE_INFINIBAND) ++ lpf_ib_filter_setup (info); ++ else + lpf_gen_filter_setup (info); + + if (!quiet_interface_discovery) +@@ -291,6 +321,38 @@ static void lpf_gen_filter_setup (info) + } + } + ++static void lpf_ib_filter_setup (info) ++ struct interface_info *info; ++{ ++ struct sock_fprog p; ++ ++ memset(&p, 0, sizeof(p)); ++ ++ /* Set up the bpf filter program structure */ ++ p.len = dhcp_ib_bpf_filter_len; ++ p.filter = dhcp_ib_bpf_filter; ++ ++ /* Patch the server port into the LPF program... ++ XXX changes to filter program may require changes ++ to the insn number(s) used below! XXX */ ++ dhcp_ib_bpf_filter [6].k = ntohs ((short)local_port); ++ ++ if (setsockopt (info -> rfdesc, SOL_SOCKET, SO_ATTACH_FILTER, &p, ++ sizeof p) < 0) { ++ if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || ++ errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || ++ errno == EAFNOSUPPORT) { ++ log_error ("socket: %m - make sure"); ++ log_error ("CONFIG_PACKET (Packet socket) %s", ++ "and CONFIG_FILTER"); ++ log_error ("(Socket Filtering) are enabled %s", ++ "in your kernel"); ++ log_fatal ("configuration!"); ++ } ++ log_fatal ("Can't install packet filter program: %m"); ++ } ++} ++ + #if defined (HAVE_TR_SUPPORT) + static void lpf_tr_filter_setup (info) + struct interface_info *info; +@@ -330,6 +392,54 @@ static void lpf_tr_filter_setup (info) + #endif /* USE_LPF_RECEIVE */ + + #ifdef USE_LPF_SEND ++ssize_t send_packet_ib(interface, packet, raw, len, from, to, hto) ++ struct interface_info *interface; ++ struct packet *packet; ++ struct dhcp_packet *raw; ++ size_t len; ++ struct in_addr from; ++ struct sockaddr_in *to; ++ struct hardware *hto; ++{ ++ unsigned ibufp = 0; ++ double ih [1536 / sizeof (double)]; ++ unsigned char *buf = (unsigned char *)ih; ++ ssize_t result; ++ ++ union sockunion { ++ struct sockaddr sa; ++ struct sockaddr_ll sll; ++ struct sockaddr_storage ss; ++ } su; ++ ++ assemble_udp_ip_header (interface, buf, &ibufp, from.s_addr, ++ to->sin_addr.s_addr, to->sin_port, ++ (unsigned char *)raw, len); ++ memcpy (buf + ibufp, raw, len); ++ ++ memset(&su, 0, sizeof(su)); ++ su.sll.sll_family = AF_PACKET; ++ su.sll.sll_protocol = htons(ETHERTYPE_IP); ++ ++ if (!(su.sll.sll_ifindex = if_nametoindex(interface->name))) { ++ errno = ENOENT; ++ log_error ("send_packet_ib: %m - failed to get if index"); ++ return -1; ++ } ++ ++ su.sll.sll_hatype = htons(HTYPE_INFINIBAND); ++ su.sll.sll_halen = sizeof(interface->bcast_addr); ++ memcpy(&su.sll.sll_addr, interface->bcast_addr, 20); ++ ++ result = sendto(interface->wfdesc, buf, ibufp + len, 0, ++ &su.sa, sizeof(su)); ++ ++ if (result < 0) ++ log_error ("send_packet_ib: %m"); ++ ++ return result; ++} ++ + ssize_t send_packet (interface, packet, raw, len, from, to, hto) + struct interface_info *interface; + struct packet *packet; +@@ -350,6 +460,10 @@ ssize_t send_packet (interface, packet, + return send_fallback (interface, packet, raw, + len, from, to, hto); + ++ if (interface->hw_address.hbuf[0] == HTYPE_INFINIBAND) ++ return send_packet_ib(interface, packet, raw, ++ len, from, to, hto); ++ + if (hto == NULL && interface->anycast_mac_addr.hlen) + hto = &interface->anycast_mac_addr; + +@@ -454,7 +568,15 @@ ssize_t receive_packet (interface, buf, + + bufix = 0; + /* Decode the physical header... */ +- offset = decode_hw_header (interface, ibuf, bufix, hfrom); ++ if (interface->hw_address.hbuf[0] == HTYPE_INFINIBAND) { ++ /* ETHERTYPE_IP packet, no HW header to decode */ ++ if (hfrom) { ++ memset(hfrom, 0, sizeof(*hfrom)); ++ hfrom->hbuf[0] = HTYPE_INFINIBAND; ++ } ++ } else { ++ offset = decode_hw_header (interface, ibuf, bufix, hfrom); ++ } + + /* If a physical layer checksum failed (dunno of any + physical layer that supports this, but WTH), skip this +@@ -522,33 +644,44 @@ void maybe_setup_fallback () + + #if defined (USE_LPF_RECEIVE) || defined (USE_LPF_HWADDR) + void +-get_hw_addr(const char *name, struct hardware *hw) { +- int sock; +- struct ifreq tmp; +- struct sockaddr *sa; ++get_hw_addr(struct interface_info *info) ++{ ++ const char *name = info->name; ++ struct hardware *hw = &info->hw_address; ++ struct ifaddrs *ifaddrs; ++ struct ifaddrs *ifa; ++ struct sockaddr_ll *sll = NULL; + +- if (strlen(name) >= sizeof(tmp.ifr_name)) { +- log_fatal("Device name too long: \"%s\"", name); +- } ++ if (getifaddrs(&ifaddrs) == -1) ++ log_fatal("Failed to get interfaces"); ++ ++ for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { ++ ++ if (!ifa->ifa_addr) ++ continue; ++ ++ if (ifa->ifa_addr->sa_family != AF_PACKET) ++ continue; + +- sock = socket(AF_INET, SOCK_DGRAM, 0); +- if (sock < 0) { +- log_fatal("Can't create socket for \"%s\": %m", name); ++ if (ifa->ifa_flags & IFF_LOOPBACK) ++ continue; ++ ++ if (strcmp(ifa->ifa_name, name) == 0) { ++ sll = (struct sockaddr_ll *)(void *)ifa->ifa_addr; ++ break; ++ } + } + +- memset(&tmp, 0, sizeof(tmp)); +- strcpy(tmp.ifr_name, name); +- if (ioctl(sock, SIOCGIFHWADDR, &tmp) < 0) { +- log_fatal("Error getting hardware address for \"%s\": %m", +- name); ++ if (sll == NULL || sll->sll_halen >= sizeof(hw->hbuf)) { ++ freeifaddrs(ifaddrs); ++ log_fatal("Failed to get HW address for %s\n", name); + } + +- sa = &tmp.ifr_hwaddr; +- switch (sa->sa_family) { ++ switch (sll->sll_hatype) { + case ARPHRD_ETHER: + hw->hlen = 7; + hw->hbuf[0] = HTYPE_ETHER; +- memcpy(&hw->hbuf[1], sa->sa_data, 6); ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); + break; + case ARPHRD_IEEE802: + #ifdef ARPHRD_IEEE802_TR +@@ -556,18 +689,37 @@ get_hw_addr(const char *name, struct har + #endif /* ARPHRD_IEEE802_TR */ + hw->hlen = 7; + hw->hbuf[0] = HTYPE_IEEE802; +- memcpy(&hw->hbuf[1], sa->sa_data, 6); ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); + break; + case ARPHRD_FDDI: + hw->hlen = 7; + hw->hbuf[0] = HTYPE_FDDI; +- memcpy(&hw->hbuf[1], sa->sa_data, 6); ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); ++ break; ++ case ARPHRD_INFINIBAND: ++ /* For Infiniband, save the broadcast address and store ++ * the port GUID into the hardware address. ++ */ ++ if (ifa->ifa_flags & IFF_BROADCAST) { ++ struct sockaddr_ll *bll; ++ ++ bll = (struct sockaddr_ll *)ifa->ifa_broadaddr; ++ memcpy(&info->bcast_addr, bll->sll_addr, sll->sll_halen); ++ } else { ++ memcpy(&info->bcast_addr, default_ib_bcast_addr, ++ sizeof(default_ib_bcast_addr)); ++ } ++ ++ hw->hlen = sll->sll_halen + 1; ++ hw->hbuf[0] = HTYPE_INFINIBAND; ++ memcpy(&hw->hbuf[1], sll->sll_addr, sll->sll_halen); + break; + default: ++ freeifaddrs(ifaddrs); + log_fatal("Unsupported device type %ld for \"%s\"", +- (long int)sa->sa_family, name); ++ (long int)sll->sll_family, name); + } + +- close(sock); ++ freeifaddrs(ifaddrs); + } + #endif +Index: common/print.c +=================================================================== +--- common/print.c.orig ++++ common/print.c +@@ -173,11 +173,11 @@ char *print_hw_addr (htype, hlen, data) + const int hlen; + const unsigned char *data; + { +- static char habuf [49]; ++ static char habuf [64]; + char *s; + int i; + +- if (hlen <= 0) ++ if (hlen <= 0 || hlen >= sizeof(habuf)) + habuf [0] = 0; + else { + s = habuf; +Index: common/socket.c +=================================================================== +--- common/socket.c.orig ++++ common/socket.c +@@ -358,7 +358,7 @@ void if_register_send (info) + info->wfdesc = if_register_socket(info, AF_INET, 0, NULL); + /* If this is a normal IPv4 address, get the hardware address. */ + if (strcmp(info->name, "fallback") != 0) +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + #if defined (USE_SOCKET_FALLBACK) + /* Fallback only registers for send, but may need to receive as + well. */ +@@ -421,7 +421,7 @@ void if_register_receive (info) + #endif /* IP_PKTINFO... */ + /* If this is a normal IPv4 address, get the hardware address. */ + if (strcmp(info->name, "fallback") != 0) +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + + if (!quiet_interface_discovery) + log_info ("Listening on Socket/%s%s%s", +@@ -577,7 +577,7 @@ if_register6(struct interface_info *info + if (req_multi) + if_register_multicast(info); + +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + + if (!quiet_interface_discovery) { + if (info->shared_network != NULL) { +@@ -633,7 +633,7 @@ if_register_linklocal6(struct interface_ + info->rfdesc = sock; + info->wfdesc = sock; + +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + + if (!quiet_interface_discovery) { + if (info->shared_network != NULL) { +@@ -1246,7 +1246,9 @@ void maybe_setup_fallback () + #if defined(sun) && defined(USE_V4_PKTINFO) + /* This code assumes the existence of SIOCGLIFHWADDR */ + void +-get_hw_addr(const char *name, struct hardware *hw) { ++get_hw_addr(struct interface_info *info) { ++ const char *name = info->name; ++ struct hardware *hw = &info->hw_address; + struct sockaddr_dl *dladdrp; + int sock, i; + struct lifreq lifr; +Index: includes/dhcpd.h +=================================================================== +--- includes/dhcpd.h.orig ++++ includes/dhcpd.h +@@ -1372,6 +1372,7 @@ struct interface_info { + struct shared_network *shared_network; + /* Networks connected to this interface. */ + struct hardware hw_address; /* Its physical address. */ ++ u_int8_t bcast_addr[HARDWARE_ADDR_LEN]; /* broadcast hw address */ + struct in_addr *addresses; /* Addresses associated with this + * interface. + */ +@@ -2641,7 +2642,7 @@ void print_dns_status (int, struct dhcp_ + #endif + const char *print_time(TIME); + +-void get_hw_addr(const char *name, struct hardware *hw); ++void get_hw_addr(struct interface_info *info); + char *buf_to_hex (const unsigned char *s, unsigned len, + const char *file, int line); + char *format_lease_id(const unsigned char *s, unsigned len, int format, +Index: server/dhcp.c +=================================================================== +--- server/dhcp.c.orig ++++ server/dhcp.c +@@ -2035,11 +2035,12 @@ void echo_client_id(packet, lease, in_op + + /* Check if echo-client-id is enabled */ + oc = lookup_option(&server_universe, in_options, SV_ECHO_CLIENT_ID); +- if (oc && evaluate_boolean_option_cache(&ignorep, packet, lease, ++ if ((packet->raw && packet->raw->hlen == 0) || ++ (oc && evaluate_boolean_option_cache(&ignorep, packet, lease, + NULL, packet->options, + in_options, + (lease ? &lease->scope : NULL), +- oc, MDL)) { ++ oc, MDL))) { + struct data_string client_id; + unsigned int opcode = DHO_DHCP_CLIENT_IDENTIFIER; + +@@ -3948,9 +3949,11 @@ void dhcp_reply (lease) + } else + bufs |= 2; /* XXX */ + +- memcpy (raw.chaddr, +- &lease -> hardware_addr.hbuf [1], sizeof raw.chaddr); +- raw.hlen = lease -> hardware_addr.hlen - 1; ++ if (lease -> hardware_addr.hlen - 1 <= sizeof(raw.chaddr)) ++ raw.hlen = lease -> hardware_addr.hlen - 1; ++ if (lease -> hardware_addr.hlen > 1 && raw.hlen) ++ memcpy (raw.chaddr, ++ &lease -> hardware_addr.hbuf [1], raw.hlen); + raw.htype = lease -> hardware_addr.hbuf [0]; + + /* See if this is a Microsoft client that NUL-terminates its +Index: server/dhcpleasequery.c +=================================================================== +--- server/dhcpleasequery.c.orig ++++ server/dhcpleasequery.c +@@ -302,7 +302,7 @@ dhcpleasequery(struct packet *packet, in + assoc_ips, + nassoc_ips); + +- } else { ++ } else if (packet->raw->hlen) { + + if (packet->raw->hlen+1 > sizeof(h.hbuf)) { + log_info("%s: hardware length too long, " +@@ -412,11 +412,13 @@ dhcpleasequery(struct packet *packet, in + * Set the hardware address fields. + */ + +- packet->raw->hlen = lease->hardware_addr.hlen - 1; + packet->raw->htype = lease->hardware_addr.hbuf[0]; +- memcpy(packet->raw->chaddr, +- &lease->hardware_addr.hbuf[1], +- sizeof(packet->raw->chaddr)); ++ if (lease->hardware_addr.hlen - 1 <= sizeof(packet->raw->chaddr)) ++ packet->raw->hlen = lease->hardware_addr.hlen - 1; ++ if (lease->hardware_addr.hlen > 1 && packet->raw->hlen) ++ memcpy(packet->raw->chaddr, ++ &lease->hardware_addr.hbuf[1], ++ packet->raw->hlen); + + /* + * Set client identifier option. +Index: server/mdb.c +=================================================================== +--- server/mdb.c.orig ++++ server/mdb.c +@@ -640,6 +640,9 @@ int find_hosts_by_haddr (struct host_dec + return ret; + #endif + ++ if (!hlen || hlen > HARDWARE_ADDR_LEN) ++ return 0; ++ + h.hlen = hlen + 1; + h.hbuf [0] = htype; + memcpy (&h.hbuf [1], haddr, hlen); diff --git a/0017-server-no-success-report-before-send.919959.patch b/0017-server-no-success-report-before-send.919959.patch new file mode 100644 index 0000000..c309227 --- /dev/null +++ b/0017-server-no-success-report-before-send.919959.patch @@ -0,0 +1,98 @@ +From ce15607bca2509bc2abd440000d25498ad589e27 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Mon, 14 Sep 2015 15:31:37 +0200 +Subject: [PATCH] server: no success report before send (bsc#919959) +References: bsc#919959 + + +diff --git a/server/dhcp.c b/server/dhcp.c +index effa9b1..18297a6 100644 +--- a/server/dhcp.c ++++ b/server/dhcp.c +@@ -3859,22 +3859,6 @@ void dhcp_reply (lease) + } + #endif + +- /* Say what we're doing... */ +- log_info ("%s on %s to %s %s%s%svia %s", +- (state -> offer +- ? (state -> offer == DHCPACK ? "DHCPACK" : "DHCPOFFER") +- : "BOOTREPLY"), +- piaddr (lease -> ip_addr), +- (lease -> hardware_addr.hlen +- ? print_hw_addr (lease -> hardware_addr.hbuf [0], +- lease -> hardware_addr.hlen - 1, +- &lease -> hardware_addr.hbuf [1]) +- : print_hex_1(lease->uid_len, lease->uid, 60)), +- s ? "(" : "", s ? s : "", s ? ") " : "", +- (state -> giaddr.s_addr +- ? inet_ntoa (state -> giaddr) +- : state -> ip -> name)); +- + #ifdef DEBUG_PACKET + dump_raw ((unsigned char *)&raw, packet_length); + #endif +@@ -3906,12 +3890,13 @@ void dhcp_reply (lease) + "packet over %s interface.", MDL, + packet_length, + fallback_interface->name); +- } + ++ free_lease_state (state, MDL); ++ lease -> state = (struct lease_state *)0; ++ return; ++ } + +- free_lease_state (state, MDL); +- lease -> state = (struct lease_state *)0; +- return; ++ goto report; + } + + /* If the client is RENEWING, unicast to the client using the +@@ -3944,11 +3929,13 @@ void dhcp_reply (lease) + " packet over %s interface.", MDL, + packet_length, + fallback_interface->name); ++ ++ free_lease_state (state, MDL); ++ lease -> state = (struct lease_state *)0; ++ return; + } + +- free_lease_state (state, MDL); +- lease -> state = (struct lease_state *)0; +- return; ++ goto report; + } + + /* If it comes from a client that already knows its address +@@ -3976,8 +3963,28 @@ void dhcp_reply (lease) + log_error ("%s:%d: Failed to send %d byte long " + "packet over %s interface.", MDL, + packet_length, state->ip->name); ++ ++ free_lease_state (state, MDL); ++ lease -> state = (struct lease_state *)0; ++ return; + } + ++report: ++ /* Say what we're doing... */ ++ log_info ("%s on %s to %s %s%s%svia %s", ++ (state -> offer ++ ? (state -> offer == DHCPACK ? "DHCPACK" : "DHCPOFFER") ++ : "BOOTREPLY"), ++ piaddr (lease -> ip_addr), ++ (lease -> hardware_addr.hlen ++ ? print_hw_addr (lease -> hardware_addr.hbuf [0], ++ lease -> hardware_addr.hlen - 1, ++ &lease -> hardware_addr.hbuf [1]) ++ : print_hex_1(lease->uid_len, lease->uid, 60)), ++ s ? "(" : "", s ? s : "", s ? ") " : "", ++ (state -> giaddr.s_addr ++ ? inet_ntoa (state -> giaddr) ++ : state -> ip -> name)); + + /* Free all of the entries in the option_state structure + now that we're done with them. */ diff --git a/0018-client-fail-on-script-pre-init-error-bsc-912098.patch b/0018-client-fail-on-script-pre-init-error-bsc-912098.patch new file mode 100644 index 0000000..7d5c64b --- /dev/null +++ b/0018-client-fail-on-script-pre-init-error-bsc-912098.patch @@ -0,0 +1,47 @@ +From 937561ef8c09e3281caba3c859e80ce2fcf23ce4 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Mon, 14 Sep 2015 18:53:34 +0200 +Subject: [PATCH] client: fail on script pre-init error (bsc#912098) +References: bsc#912098 + +Index: dhcp-4.4.2/client/dhclient.c +=================================================================== +--- dhcp-4.4.2.orig/client/dhclient.c ++++ dhcp-4.4.2/client/dhclient.c +@@ -882,7 +882,8 @@ main(int argc, char **argv) { + * in case somebody cares. + */ + script_init(NULL, "NBI", NULL); +- script_go(NULL); ++ if (script_go(NULL)) ++ log_fatal("dhclient-script was unable to pre-init"); + + /* + * If we haven't been asked to persist, waiting for new +@@ -894,6 +895,8 @@ main(int argc, char **argv) { + finish(0); + } + } else if (!release_mode && !exit_mode) { ++ unsigned int failed = 0; ++ + /* Call the script with the list of interfaces. */ + for (ip = interfaces; ip; ip = ip->next) { + /* +@@ -915,7 +918,16 @@ main(int argc, char **argv) { + "alias_", + ip->client->alias); + } +- script_go(ip->client); ++ if (script_go(ip->client)) { ++ log_info("%s: unable to pre-init requested interface %s", ++ path_dhclient_script, ip->name); ++ ip->flags &= ~(INTERFACE_REQUESTED|INTERFACE_AUTOMATIC); ++ failed++; ++ } ++ } ++ if (failed) { ++ log_fatal("%s: unable to pre-init requested interfaces -- see log messages", ++ path_dhclient_script); + } + } + diff --git a/0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch b/0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch new file mode 100644 index 0000000..ab6a0eb --- /dev/null +++ b/0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch @@ -0,0 +1,67 @@ +From: Marius Tomaschewski +Date: Tue, 12 Jan 2016 15:42:22 +0100 +Subject: [PATCH] fixed improper lease duration checking. +References: bsc#936923, bsc#880984 + +year 2038 is EOT only for 32 bit machine. This patch checks +wordsize and do a proper EOT checking on lease duration. It +also fixes integer overflows in the date and time handling code. + +--- common/parse.c.orig ++++ common/parse.c +@@ -939,7 +939,7 @@ TIME + parse_date_core(cfile) + struct parse *cfile; + { +- int guess; ++ long guess; + int tzoff, year, mon, mday, hour, min, sec; + const char *val; + enum dhcp_token token; +@@ -966,7 +966,7 @@ parse_date_core(cfile) + } + + skip_token(&val, NULL, cfile); /* consume number */ +- guess = atoi(val); ++ guess = atol(val); + + return((TIME)guess); + } +@@ -1113,11 +1113,22 @@ parse_date_core(cfile) + * overflow issues. We could try and be more precise but there + * doesn't seem to be a good reason to worry about it and waste + * the cpu looking at the rest of the date. */ +- if (year >= 138) +- return(MAX_TIME); +- ++ if (sizeof(time_t) == 8) { ++ /* 2038 is not an issue on 64bit. time calculations ++ * start to fail at almost INT_MAX (- some guard) */ ++ if (year > 0x7fff0000) ++ return(MAX_TIME); ++ } else { ++ /* assume 32bit with end in 2038 */ ++ if (year >= 138) ++ return(MAX_TIME); ++ } ++ /* I don't think we need to care about lease starts before 1900 */ ++ if (year < 0) ++ return((TIME)0); ++ + /* Guess the time value... */ +- guess = ((((((365 * (year - 70) + /* Days in years since '70 */ ++ guess = ((((((365 * ((long)year - 70) + /* Days in years since '70 */ + (year - 69) / 4 + /* Leap days since '70 */ + (mon /* Days in months this year */ + ? months [mon - 1] +--- includes/dhcpd.h.orig ++++ includes/dhcpd.h +@@ -1588,7 +1588,7 @@ typedef unsigned char option_mask [16]; + #endif + + #define INFINITE_TIME 0xffffffff +-#define MAX_TIME 0x7fffffff ++#define MAX_TIME LONG_MAX + #define MIN_TIME 0 + + #ifdef USE_LOG_PID diff --git a/0021-dhcp-ip-family-symlinks.patch b/0021-dhcp-ip-family-symlinks.patch new file mode 100644 index 0000000..096a9c0 --- /dev/null +++ b/0021-dhcp-ip-family-symlinks.patch @@ -0,0 +1,67 @@ +Index: client/dhclient.c +=================================================================== +--- client/dhclient.c.orig ++++ client/dhclient.c +@@ -284,6 +284,18 @@ main(int argc, char **argv) { + #else + progname = argv[0]; + #endif ++ ++#ifdef DHCPv6 ++ /* Support being called using `dhclient4` or `dhclient6` symlinks */ ++ if (argv[0][strlen(argv[0]) - 1] == '4') { ++ local_family_set = 1; ++ local_family = AF_INET; ++ } else if (argv[0][strlen(argv[0]) - 1] == '6') { ++ local_family_set = 1; ++ local_family = AF_INET6; ++ } ++#endif /* DHCPv6 */ ++ + /* Initialize client globals. */ + memset(&default_duid, 0, sizeof(default_duid)); + +Index: relay/dhcrelay.c +=================================================================== +--- relay/dhcrelay.c.orig ++++ relay/dhcrelay.c +@@ -300,6 +300,17 @@ main(int argc, char **argv) { + progname = argv[0]; + #endif + ++#ifdef DHCPv6 ++ /* Support being called using `dhcrelay4` or `dhcrelay6` symlinks */ ++ if (argv[0][strlen(argv[0]) - 1] == '4') { ++ local_family_set = 1; ++ local_family = AF_INET; ++ } else if (argv[0][strlen(argv[0]) - 1] == '6') { ++ local_family_set = 1; ++ local_family = AF_INET6; ++ } ++#endif /* DHCPv6 */ ++ + /* Make sure that file descriptors 0(stdin), 1,(stdout), and + 2(stderr) are open. To do this, we assume that when we + open a file the lowest available file descriptor is used. */ +Index: server/dhcpd.c +=================================================================== +--- server/dhcpd.c.orig ++++ server/dhcpd.c +@@ -301,6 +301,17 @@ main(int argc, char **argv) { + progname = argv[0]; + #endif + ++#ifdef DHCPv6 ++ /* Support being called using `dhcpd4` or `dhcpd6` symlinks */ ++ if (argv[0][strlen(argv[0]) - 1] == '4') { ++ local_family_set = 1; ++ local_family = AF_INET; ++ } else if (argv[0][strlen(argv[0]) - 1] == '6') { ++ local_family_set = 1; ++ local_family = AF_INET6; ++ } ++#endif /* DHCPv6 */ ++ + /* Make sure that file descriptors 0 (stdin), 1, (stdout), and + 2 (stderr) are open. To do this, we assume that when we + open a file the lowest available file descriptor is used. */ diff --git a/DDNS-howto.txt b/DDNS-howto.txt new file mode 100644 index 0000000..fb3ce9f --- /dev/null +++ b/DDNS-howto.txt @@ -0,0 +1,120 @@ +The ISC DHCP server v3 supports dynamical DNS updates (DDNS), as do BIND8/9. +There are several standards in the works; for now the best way to do it seems +to be updates done by the DHCP server only (not by the clients themselves). + +Short outline of how things work together: + - DHCP clients send their preferred hostname along the request + - dhcpd acknowledges the lease + - dhcpd contacts named, asking it to update the zone, using an HMAC-MD5 key + (TSIG, short for transaction signature) for authentication + - named updates the zone (and rewrites the zone files periodically) + - when the lease times out or is freed, named will remove it + +The following instructions should get you started. +They are basically taken from the dnskeygen and dhcpd.conf man pages. + + + +1. Make a key to be used by dhcpd to authenticate for DNS updates. +You can use the script /usr/bin/genDDNSkey which essentially runs BIND's key +generating utility, extracts the secret from the K*.private key file and puts +it into the file /etc/named.keys. File name and key name can be specified on +the commandline, or via shell environment. Install the bind-utils package if +you don't have the script, or get it here: . +Call genDDNSkey --help for usage info. + +The simplest example to use it is: + + genDDNSkey + +which is equivalent to + + genDDNSkey --key-file /etc/named.keys --key-name DHCP_UPDATER + +thereby using the defaults that fit the rest of this readme. + +The script works both for BIND8 and BIND9 (some subtle difference in the syntax). + + +2. Configure dhcpd: + +/etc/dhcpd.conf needs these additional lines: + + --------------------> + ddns-updates on; + ddns-update-style interim; + ignore client-updates; + + include "/etc/named.keys"; + <-------------------- + +and in the subnet declaration: + + --------------------> + subnet 192.168.0.0 netmask 255.255.255.0 { + range dynamic-bootp 192.168.0.201 192.168.0.219; + + zone whirl. { primary 127.0.0.1; key DHCP_UPDATER; } + zone 0.168.192.in-addr.arpa. { primary 127.0.0.1; key DHCP_UPDATER; } + + } + + <-------------------- + +Note that this setup implies that the DNS server runs on the same machine +(127.0.0.1), but you can easily change that. + +Since the DHCP server runs in a chroot jail by default, the key file needs to +be copied into the jail because dhcpd cannot files outside it (thanks Andrew +Beames for pointing this out!). This can easily be achieved by adding + /etc/named.keys +to the value of DHCPD_CONF_INCLUDE_FILES in /etc/sysconfig/dhcpd, which can be +done via YaST, or via any editor. + + + +3. Configure named: + +Append something along these lines to /etc/named.conf: + + --------------------> + include "/etc/named.keys"; + + zone "whirl" in { + type master; + file "dyn/whirl.zone"; + allow-update { key DHCP_UPDATER; }; + }; + zone "0.168.192.in-addr.arpa" in { + type master; + file "dyn/0.168.192.zone"; + allow-update { key DHCP_UPDATER; }; + }; + <-------------------- + +Since named runs, by default, in a chroot directory since SuSE 8.2, we need to add + /etc/named.keys +to the value of NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named, just as we +did it with dhcpd. + +Since named runs, by default, as user "named" since SuSE 8.2, there is another +issue to be sorted out: named needs to create its .jnl files somewhere, but it +isn't allowed to do that in its working directory (/var/lib/named) for security +reasons. See /usr/share/doc/packages/bind9/README.SuSE for a solution. + + +if you got this far, there is a reasonable chance that you've got DDNS working. +Obviously, you need some zone files :) One further note: if you provide dummy +hostnames like d1, d2, d3,... for the dynamical clients they will have a +hostname even if they don't send a hostname (and no DDNS update is done). + +If it doesn't work, closely watch /var/log/messages. In almost all cases the +messages give the right clues. + +Feedback is appreciated. + +Have fun, +Peter +-- +Thought is limitation. Free your mind. + diff --git a/contrib.tar.gz b/contrib.tar.gz new file mode 100644 index 0000000..d6d0654 --- /dev/null +++ b/contrib.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:60a6f23074e23d01a8658c98c79fba9c64143a54367311b381f5fa92cbef7d2f +size 8702 diff --git a/dhclient.conf b/dhclient.conf new file mode 100644 index 0000000..adf49f8 --- /dev/null +++ b/dhclient.conf @@ -0,0 +1,58 @@ +# +# /etc/dhclient.conf -- dhclient configuration file +# See "man dhclient.conf" for further details +# + +###################################################### +# Sometimes, a special configuration is required for +# e.g. Cable Modem providers (@Home -- TCI). +# For example, it may be required to send out a special +# dhcp-client-identifier or to override some settings. +# +# Uncomment and fill in the appropriate settings: +# +#send dhcp-client-identifier "c32423-a" +# or as hex octets +#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c; +# +# Note, that hostname is usually send using -H option. +#send host-name "andare.fugue.com"; +# +#supersede domain-name "fugue.com home.vix.com"; +#prepend domain-name-servers 127.0.0.1; +# +##################################################### + +# uncomment to request a specific lease time, otherwise +# the dhcp server will provide its default lease time: +#send dhcp-lease-time 3600; + +# +# Define RFC 3442 classless static route option +# +option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; + +# +# Define RFC 4833 timezone options +# +option rfc4833-tz-posix-string code 100 = string; +option rfc4833-tz-name code 101 = string; + +# Request several well known/usefull dhcp options. +request subnet-mask, broadcast-address, routers, rfc3442-classless-static-routes, interface-mtu, host-name, domain-name, domain-search, domain-name-servers, nis-domain, nis-servers, nds-context, nds-servers, nds-tree-name, netbios-name-servers, netbios-dd-server, netbios-node-type, netbios-scope, ntp-servers; +# rfc4833-tz-posix-string, rfc4833-tz-name; + +# We request above options, require only the IP configuration: +require subnet-mask; +# All another options (DNS, NTP, NIS, ...) are applied using +# netconfig(8) modules. + +# To enforce the availability of the dns server list, set to: +#require subnet-mask, domain-name-servers; + +timeout 60; +retry 60; +reboot 10; +select-timeout 5; +initial-interval 2; + diff --git a/dhclient6.conf b/dhclient6.conf new file mode 100644 index 0000000..57f8a3c --- /dev/null +++ b/dhclient6.conf @@ -0,0 +1,22 @@ +# Client configuration file example for DHCPv6 + +# Define RFC 4833 timezone options: +option dhcp6.rfc4833-tz-posix-string code 41 = string; +option dhcp6.rfc4833-tz-name code 42 = string; +# You may add the options you've declared now to the request, +# but it is still needed to use them in a netconfig module or +# dhclient-script. I didn't found the time to implement it +# yet -- feel free to provide a module / patch. +# dhcp6.rfc4833-tz-posix-string, dhcp6.rfc4833-tz-name; + +# The client side command to enable rapid-commit (2 packet exchange) +send dhcp6.rapid-commit; + +# The name-servers and domain-search are requested by default. +# +# We request also sntp-servers, see dhcp-options(5) for more, +# but make sure, the underlying software using it supports IPv6 +# (e.g. ypbind <= 1.35 doesn't, don't add nis-servers/domain!) +# +also request dhcp6.sntp-servers; + diff --git a/dhcp-4.4.2-P1.tar.gz b/dhcp-4.4.2-P1.tar.gz new file mode 100644 index 0000000..6bd1640 --- /dev/null +++ b/dhcp-4.4.2-P1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b05e04337539545a8faa0d6ac518defc61a07e5aec66a857f455e7f218c85a1a +size 9898311 diff --git a/dhcp-4.4.2-P1.tar.gz.asc b/dhcp-4.4.2-P1.tar.gz.asc new file mode 100644 index 0000000..bdda350 --- /dev/null +++ b/dhcp-4.4.2-P1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABAgAdFiEEJFV3TUL9/mucOD64/hACvFlwgR8FAmClcL0ACgkQ/hACvFlw +gR8x7g/8CWUqsUBmN9aMsoqsZKvcR4Yqi+vl+VvpkUVdJxLWKBonTnQ544U8b4qq +GDwfht5LKCUSjF15fNxfbztkTFnxW3CnWmE25HsZwfVOGrBfPRHwO/BvmerqTBui +JPWOVsauwSp1KbEsxJUZERUZO1CncHdrxJ5bk8lPD25/QgxHVQzdxRwkml1uBlI4 +6wF9in05HK+GwZi5G5E7YrNDZKnCk2qtndCeAhlpl0zLUiImVP7EbDZRRpczyQqK +ZpWRpsFLeGCPWAWeomj0EG+S9nxS6UjVq0BS6kMrVTcwfIK1U9OkZRgYLMIkEV5y +vpu1tjXDZxU4lnGtUkQgjnGxWvnldMohvKDYUvKBOyomnYOpMZhMtLTmZRUk0oBz +8vLPK59BQGFsrQw/gA46+jM7oahrZp/uVx4WJkyzjuoZ41N3y61fOgZzMkFwt9wc +F08k66S4fTxxVpnAwMNVn7C7D7IMlCpuVG7/jB50Go9NsaY8Q8FcDxnqrNETNfPC +PZzgM+IkhPOaZezP36UPv9v/ME0sz9YEzslxKtsf2rsoXT0iS/vTuHryyZpfuvks +F7JZk9JlHkG+eoY1h/g05RtC+z+n3U5dn+pIETd9o3OgBYlJXaxA4E1LbkzrfqJC +icxx7sx4/e93/wUd7xppTwk3/+F9Yzp6qrIZDNWIzNWCxKytvdE= +=bHZP +-----END PGP SIGNATURE----- diff --git a/dhcp-CVE-2022-2928.patch b/dhcp-CVE-2022-2928.patch new file mode 100644 index 0000000..94a83ca --- /dev/null +++ b/dhcp-CVE-2022-2928.patch @@ -0,0 +1,100 @@ +--- common/options.c.orig ++++ common/options.c +@@ -4452,6 +4452,8 @@ add_option(struct option_state *options, + if (!option_cache_allocate(&oc, MDL)) { + log_error("No memory for option cache adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + return 0; + } + +@@ -4463,6 +4465,8 @@ add_option(struct option_state *options, + MDL)) { + log_error("No memory for constant data adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + option_cache_dereference(&oc, MDL); + return 0; + } +@@ -4471,6 +4475,9 @@ add_option(struct option_state *options, + save_option(&dhcp_universe, options, oc); + option_cache_dereference(&oc, MDL); + ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); ++ + return 1; + } + +--- common/tests/option_unittest.c.orig ++++ common/tests/option_unittest.c +@@ -213,6 +213,59 @@ ATF_TC_BODY(parse_X, tc) + } + } + ++ATF_TC(add_option_ref_cnt); ++ ++ATF_TC_HEAD(add_option_ref_cnt, tc) ++{ ++ atf_tc_set_md_var(tc, "descr", ++ "Verify add_option() does not leak option ref counts."); ++} ++ ++ATF_TC_BODY(add_option_ref_cnt, tc) ++{ ++ struct option_state *options = NULL; ++ struct option *option = NULL; ++ unsigned int cid_code = DHO_DHCP_CLIENT_IDENTIFIER; ++ char *cid_str = "1234"; ++ int refcnt_before = 0; ++ ++ // Look up the option we're going to add. ++ initialize_common_option_spaces(); ++ if (!option_code_hash_lookup(&option, dhcp_universe.code_hash, ++ &cid_code, 0, MDL)) { ++ atf_tc_fail("cannot find option definition?"); ++ } ++ ++ // Get the option's reference count before we call add_options. ++ refcnt_before = option->refcnt; ++ ++ // Allocate a option_state to which to add an option. ++ if (!option_state_allocate(&options, MDL)) { ++ atf_tc_fail("cannot allocat options state"); ++ } ++ ++ // Call add_option() to add the option to the option state. ++ if (!add_option(options, cid_code, cid_str, strlen(cid_str))) { ++ atf_tc_fail("add_option returned 0"); ++ } ++ ++ // Verify that calling add_option() only adds 1 to the option ref count. ++ if (option->refcnt != (refcnt_before + 1)) { ++ atf_tc_fail("after add_option(), count is wrong, before %d, after: %d", ++ refcnt_before, option->refcnt); ++ } ++ ++ // Derefrence the option_state, this should reduce the ref count to ++ // it's starting value. ++ option_state_dereference(&options, MDL); ++ ++ // Verify that dereferencing option_state restores option ref count. ++ if (option->refcnt != refcnt_before) { ++ atf_tc_fail("after state deref, count is wrong, before %d, after: %d", ++ refcnt_before, option->refcnt); ++ } ++} ++ + /* This macro defines main() method that will call specified + test cases. tp and simple_test_case names can be whatever you want + as long as it is a valid variable identifier. */ +@@ -221,6 +274,7 @@ ATF_TP_ADD_TCS(tp) + ATF_TP_ADD_TC(tp, option_refcnt); + ATF_TP_ADD_TC(tp, pretty_print_option); + ATF_TP_ADD_TC(tp, parse_X); ++ ATF_TP_ADD_TC(tp, add_option_ref_cnt); + + return (atf_no_error()); + } diff --git a/dhcp-CVE-2022-2929.patch b/dhcp-CVE-2022-2929.patch new file mode 100644 index 0000000..30386df --- /dev/null +++ b/dhcp-CVE-2022-2929.patch @@ -0,0 +1,23 @@ +--- common/options.c.orig ++++ common/options.c +@@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_ + while (s < &bp -> data[0] + length + 2) { + len = *s; + if (len > 63) { +- log_info ("fancy bits in fqdn option"); +- return 0; ++ log_info ("label length exceeds 63 in fqdn option"); ++ goto bad; + } + if (len == 0) { + terminated = 1; + break; + } + if (s + len > &bp -> data [0] + length + 3) { +- log_info ("fqdn tag longer than buffer"); +- return 0; ++ log_info ("fqdn label longer than buffer"); ++ goto bad; + } + + if (first_len == 0) { diff --git a/dhcp-user.conf b/dhcp-user.conf new file mode 100644 index 0000000..75eddd9 --- /dev/null +++ b/dhcp-user.conf @@ -0,0 +1,2 @@ +# Type Name ID GECOS [HOME] +u dhcpd - "DHCP server daemon" /var/lib/dhcp diff --git a/dhcp.README b/dhcp.README new file mode 100644 index 0000000..4e2eaa3 --- /dev/null +++ b/dhcp.README @@ -0,0 +1,62 @@ +/* README.SUSE for the ISC DHCP server */ + +Before you can run dhcpd, you have to configure it via + - /etc/sysconfig/dhcpd (general settings) +and + - /etc/dhcpd.conf (DHCPv4 configuration file) + - /etc/dhcpd6.conf (DHCPv6 configuration file) + +See /usr/share/doc/packages/dhcp-server for example configurations. + + +Option 119 (domain-search) vs. option 15 (domain-name) +====================================================== + +The domain-name option supports only one, signgle domain (default domain). +The domain-search option supports a list of domain names. Please do not +abuse the domain-name option to provide a list -- it may be discarded by +dhcp clients. + + +Chroot Jail +=========== + +Our version of the ISC dhcp server contains a modified "(non-root/chroot)" +patch by Ari Edelkind. This allows dhcpd to + + - run as unprivileged user + - run in a chroot environment (/var/lib/dhcp) + +which, in this combination, is the safest possible way of running dhcpd. + +In order to be found by dhcpd in the chroot jail, the configuration file +will automatically copied to /var/lib/dhcp/etc/ when the server is started. +Further conf files (include files) can be listed in DHCPD_CONF_INCLUDE_FILES +or DHCPD6_CONF_INCLUDE_FILES in /etc/sysconfig/dhcpd. + +The /var/lib/dhcp/dev/log syslog socked is automatically provided in the +chroot environment as soon as it is initially set up. + +NOTE: +In the chroot jail, dhcpd can't resolve hostnames unless it can find +the following files: + /etc/localtime + /etc/host.conf + /etc/hosts + /etc/resolv.conf + /lib/libresolv.so.2 + /lib/libnss_dns.so.2 + /lib/libnss_dns6.so.2 + .... +Thererore, these files (about 100 kB) will automatically copied to the chroot +jail when the server is started. (You might have to keep these current if +they are modified dynamically by other programs (e.g./etc/ppp/ip-up) while +dhcpd is running.) This is not a problem at all when you use IP addresses +instead of host names in the config file. + +In case of trouble, you can also disable the chroot feature by setting +DHCPD_RUN_CHROOTED/DHCPD6_RUN_CHROOTED in /etc/sysconfig/dhcpd to "no". + +Have a lot of fun! + + Your SUSE Linux Team diff --git a/dhcp.changes b/dhcp.changes new file mode 100644 index 0000000..a683bb1 --- /dev/null +++ b/dhcp.changes @@ -0,0 +1,3366 @@ +------------------------------------------------------------------- +Thu Nov 2 13:53:11 UTC 2023 - Petr Vorel + +- Remove dhclient-script (boo#1216822). + +------------------------------------------------------------------- +Tue Dec 27 10:32:19 UTC 2022 - Ludwig Nussel + +- Replace transitional %usrmerged macro with regular version check (boo#1206798) + +------------------------------------------------------------------- +Fri Dec 9 07:42:59 UTC 2022 - Thorsten Kukuk + +- Add /etc/sysconfig/network hierachy to server file list + +------------------------------------------------------------------- +Thu Oct 27 15:30:26 UTC 2022 - Callum Farmer + +- Use %_rundir + +------------------------------------------------------------------- +Wed Oct 5 14:01:47 UTC 2022 - Reinhard Max + +- bsc#1203988, CVE-2022-2928, dhcp-CVE-2022-2928.patch: + An option refcount overflow exists in dhcpd +- bsc#1203989, CVE-2022-2929, dhcp-CVE-2022-2929.patch: + DHCP memory leak + +------------------------------------------------------------------- +Tue Apr 26 10:48:39 UTC 2022 - Reinhard Max + +- bsc#1198657: properly handle DHCRELAY(6)_OPTIONS. + +------------------------------------------------------------------- +Sat Apr 16 20:19:19 UTC 2022 - chris@computersalat.de + +- Update dhcpd.service: After: network-online.target + * boo#826319: DHCP gets autostarted too early (network interface + not up yet - Systemd/LSB problem) + e.g. NM and bridged interface + +------------------------------------------------------------------- +Tue Mar 15 07:45:51 UTC 2022 - Thorsten Kukuk + +- Require hostname binary, not package [bsc#1197087] + +------------------------------------------------------------------- +Wed Jan 19 09:53:39 UTC 2022 - Manfred Schwarb + +- modify source if-up.d.dhcpd-restart-hook: + * fix option parsing + * do not call /usr/libexec/dhcp/dhcpd directly, use systemd for it + +------------------------------------------------------------------- +Mon Jan 17 08:52:07 UTC 2022 - Johannes Segitz + +- Drop PrivateDevices and ProtectClock hardenings. They clash with + the chroot logic (bsc#1194722) + +------------------------------------------------------------------- +Fri Jan 14 13:19:38 UTC 2022 - Callum Farmer + +- Add now working CONFIG parameter to sysusers generator + +------------------------------------------------------------------- +Tue Oct 26 11:58:59 UTC 2021 - Reinhard Max + +- Add a fallback definition for %make_build to fix build on SLE-12. +- Handle sysusers with a bcond to improve readability and simplify + removal once we don't have to support SLE-12 anymore. +- bsc#1192020: Drop the obsolete dependency on "group(nogroup)". + +------------------------------------------------------------------- +Mon Sep 13 13:50:50 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * dhcpd.service + * dhcpd6.service + * dhcrelay.service + * dhcrelay6.service + +------------------------------------------------------------------- +Thu Aug 5 11:33:54 UTC 2021 - Reinhard Max + +- bsc#1186249: Remove remaining references to /etc/init.d from + dhclient-script and if-up.d.dhcpd-restart-hook . +- Use , instead of - or / as a separator in sed when dealing with + path names. + +------------------------------------------------------------------- +Mon May 31 09:24:51 UTC 2021 - Reinhard Max + +- Add -fno-strict-aliasing to CFLAGS to avoid a segfault in dhcpd + (boo#1186631). + +------------------------------------------------------------------- +Thu May 27 08:53:49 UTC 2021 - Reinhard Max + +- Update to 4.4.2-P1: + * CVE-2021-25217, bsc#1186382: A buffer overrun in lease file + parsing code can be used to exploit a common vulnerability + shared by dhcpd and dhclient. +- Error out, if %version and %isc_version are not in sync. + +------------------------------------------------------------------- +Sun Jan 24 13:20:58 UTC 2021 - Dirk Müller + +- update to 4.4.2: + * Please note that that ISC DHCP is now licensed under the Mozilla Public + License, MPL 2.0. + + In general, the areas of focus for ISC DHCP 4.4 were: + + 1. Dynamic DNS additions + 2. dhclient improvements + 3. Support for dynamic shared libraries + + * Added the interface name to socket initialization failure log messages. + Prior to this the log messages stated only the error reason without + stating the target interface. + * Corrected buffer pointer logic in dhcrelay functions that manipulate + agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities + & Mitigations for reporting the issue. + * Corrected unresolved symbol errors building relay_unittests when + configured to build using libtool. + * A new configuration parameter, ping-cltt-secs (v4 operation only), has + been added to allow the user to specify the number of seconds that must + elapse since CLTT before a ping check is conducted. Prior to this, the + value was hard coded at 60 seconds. Please see the server man pages for + a more detailed discussion. + * A new configuration parameter, ping-timeout-ms (v4 operation only), + has been added that allows the user to specify the amount of time + the server waits for a ping-check response in milliseconds rather + than in seconds (via ping-timeout). When greater than zero, the value + of ping-timeout-ms will override the value of ping-timeout. Thanks + to Jay Doran from Bluecat Networks for suggesting this feature. + * An experimental tool called, Keama (KEA Migration Assistant), which helps + translate ISC DHCP configurations to Kea configurations, is now included + in the distribution. + * Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be + carried out over TCP rather than UDP. The coding error was exposed by + migration to BIND9 9.11. Thanks to Jinmei Tatuya at Infoblox for + reporting the issue. + * Bind9 now defaults to requiring python to build. The Makefile for + building Bind9 when bundled with ISC DHCP was modified to turn off + this dependency. + * Corrected a dual-stack mixed-mode issue that occurs when both + ddns-guard-id-must-match and ddns-other-guard-is-dynamic + are enabled and that caused the server to incorrectly interpret + the presence of a guard record belonging to another client as + a case of no guard record at all. Thanks to Fernando Soto + from BlueCat Networks for reporting this issue. + * Corrected a compilation issue that occurred when building without DNS + update ability (e.g. by undefining NSUPDATE). + * Corrected an issue that was causing the server, when running in + DHPCv4 mode, to segfault when class lease limits are reached. + Thanks to Peter Nagy at Porion-Digital for reporting the matter + and submitting a patch. + * Made minor changes to eliminate warnings when compiled with GCC 9. + Thanks to Brett Neumeier for bringing the matter to our attention. + * Fixed potential memory leaks in parser error message generation + spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195 + * Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks + to Tommy Smith for contributing the patch. + * Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for + reporting the issue. + * Applied a patch from OpenBSD to always set the scope id of outbound + DHPCv6 packets. Note this change only applies when compiling under + OpenBSD. Thanks to Brad Smith at OpenBSD from bringing it to our + attention. + * Modified dhclient to not discard config file leases that are + duplicates of server-provided leases and to retain such leases + after they have been used as the fallback active lease and + DHCP service has been restored. This allows them to be used + more than once during the lifetime of a dhclient instance. + This applies to DHCPv4 operation only. + * Corrected a number of reference counter and zero-length buffer leaks. + Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for + pointing them out. + * Closed a small window of time between the installation of graceful + shutdown signal handlers and application context startup, during which + the receipt of shutdown signal would cause a REQUIRE() assertion to + occur. Note this issue is only visible when compiling with + ENABLE_GENTLE_SHUTDOWN defined. + * Corrected a buffer overflow that can occur when retrieving zone + names that are more than 255 characters in length. + * The "d" domain name option format was incorrectly handled as text + instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks + for reporting this issue. + * Improved the error message issued when a host declaration has both + a uid and a dhcp-client-identifier. Server configuration parsing will + now fail if a host declaration specifies more than one uid. + * Updated developer's documentation on building and running unit tests. + Removed support for --with-atf=bind as BIND9 no longer bundles in ATF + source. + * Fixed a syntax error in ldap.c which cropped up under Ubuntu + 18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out. + * Added clarification to dhcp-options.5 section on ip-address values + describing the first-use DNS resolution of options with hostnames as + values (e.g. next-server). + * The option format for the server option omapi-key was changed to a + format type 'k' (key name); while server options ldap-port and + ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These + three options were inadvertantly broken when the 'd' format content + was changed to comply with RFC 1035 wire format (see Gitlab #2). + * A delayed-ack value of 0 (the default), now correctly disables the delayed + feature. A change in 4.4.0 prohibited lease updates marking leases active + from be written to the lease file when delayed-ack is 0. This in turn, + caused servers to lose active lease assignments upon restart. + ! Option reference count was not correctly decremented in error path + when parsing buffer for options. Reported by Felix Wilhelm, Google + Security Team. + CVE: CVE-2018-5733 + ! Corrected an issue where large sized 'X/x' format options were causing + option handling logic to overwrite memory when expanding them to human + readable form. Reported by Felix Wilhelm, Google Security Team. + CVE: CVE-2018-5732 + * Added use of new Bind9 compatibility header files, that are now necessary + to supply type definitions for primitive data types, removed from Bind9 + proper. Altered util/bind.sh to pull from Bind9 repo on gitlab. + * Duplicate address detection when binding to a new IPv6 address was added + to the following dhclient scripts: linux,freebsd,netbsd,openbsd, and macos. + The scripts will check for DAD errors after binding to a new IPv6 address + for at most --dad-wait-time seconds. If a DAD error is detected the script + will exit with a value of 3, instructing dhclient to decline the address. If + dad-wait-time is zero (the default), DAD error checking is not peformed. + * Support for sending and receiving additional DHCP4 options has been added + to both the dhcpd and dhclient. Specifically: option codes 93,94, and 97 + (RFC 4578); code 150 (RFC 5859); and codes 209,219, and 211 (RFC 5071). + Beyond configuring, sending, requesting, and receiving these options neither + server nor client apply any additional logic based on their values. + Thanks to Peter Lewis for requesting this change. + * Added clarifying text to dhcpd.conf.5 explaining the class match expressions + cannot rely on the results of executable statements. + * Fixed a bug which causes dhcpd and dhclient to crash on certain + systems when given relative path names for lease or pid files on + the command line. Affected systems are those on which the C library + function, realpath() does not support a second parameter value of + NULL (see manpages for realpath(3)). + * Fixed a build issue when building with embedded BIND9 under OpenBSD that + was causing BIND9 build to not generate dns/enumclass.h and dns/enumtype.h. + * Added /m4/README to the distribution tarball. Some versions of + ac_local() treat the absence of the m4 subdirectory as error rather than + warning. This was causing the call to autoreconf, necessary for building + with libtool, to fail. + * Added experimental support for relay port (draft-ietf-dhc-relay-port-10.txt) + feature for DHCPv4, DHCPv6 and DHCPv4-over-DHCPv6. Relay port has to be + enabled at compile time via --enable-relay-port and is fully backward + compatible (i.e. works with previous implementations of servers and relays + using the standard ports). A new --rp command line option + specifies to dhcrelay an alternate source port for upstream (i.e. toward + the server) messages. Thanks to Naiming Shen and Enke Chen of Cisco + systems for submitting these patches. + * Added --release-on-roam to dhcpd server. When enabled and the server detects + that a DHCPv6 client (IAID+DUID) has roamed to a new network, it will release + the pre-existing leases on the old network and emit a log statement similar + to the following: + + "Client: roamed to new network, releasing lease:
" + + The server will carry out all of the same steps that would normally occur + when a client explicitly releases a lease. This behavior is disabled by + default and may only be specified globally. Prior to this the server renders + the leases unavailable until they expire or the server is restarted. Clients + that need leases in multiple networks must supply a unique IAID in each IA. + When release-on-roam is disabled (the default) the server maintains the + prior behavior of making such leases unavailable until they expire or the + server is restarted. Clients that need leases in multiple networks must + supply a unique IAID in each IA. This parameter may only be specified at + the global level. Thanks to Fernando Soto from BlueCat Networks for + suggesting this change. + * Support for delayed-ack is now compiled in by default. Prior to this + it had to be enabled at compile time via --enable-delayed-acks. The + default value for delayed-ack, however, has been changed from 28 to 0 + (i.e. disabled). This was done to minimize the impact on users not + currently using the feature. Please note that the delayed-ack feature + is not currently compatible with support for DHPCv4-over-DHCPv6 so + when a 4to6 port command line argument enables this in the server the + delayed-ack value is reset to 0. + * Added to the server (-6) a new statement, local-address6, which specifies + the source address of packets sent by the server. An additional flag, + bind-local-address6, disabled by default, binds the service socket to + to local-address6. Note that bind-local-address does not work with direct + clients: a relay has to forward packets to the server using the + local-address6 destination. + * The server now recognizes environment variables PATH_DHCPD_DB and + PATH_DHCPD_PID. These had been incorrectly compiled out of the code + unless DHCPv6 support was disabled. Additionally, the server man + pages were corrected to accurately reflect how the server chooses + file names (see lease-file-name and pid-file-name statements). Thanks + to Fernando Soto at Bluecat Networks for bringing this matter to our + attention. + * Removed an "Impossible condition" error upon exit in the dhcpd server that + has been shutdown via OMAPI. This condition was only apparent under Solaris + when building with --enable-use-sockets and --enable-ipv4-pktinfo. + * Corrected some minor Coverity issues: CID 1426059, 1426058, and 1426057. + * Added missing text to dhclient.8 and expanded release note coverage + for --address-prefix-len changes. +- remove dhcp-CVE-2019-6470.patch, + 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch: merged upstream +- 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch + 0009-dhcp-4.2.6-close-on-exec.patch + 0016-infiniband-support.patch + 0018-client-fail-on-script-pre-init-error-bsc-912098.patch + 0021-dhcp-ip-family-symlinks.patch: refresh against newer code base +- build with --enable-log-pid (log pid) and enable-binary-leases (faster + binary looup for large leases files) + +------------------------------------------------------------------- +Tue Nov 17 13:56:54 UTC 2020 - Ludwig Nussel + +- prepare usrmerge (boo#1029961) + +------------------------------------------------------------------- +Wed Oct 21 17:06:32 UTC 2020 - Reinhard Max + +- Complete the /var/run -> /run migration by renaming + /var/lib/dhcp/var/run accordingly (boo#1177951). + +------------------------------------------------------------------- +Thu Sep 17 14:55:25 UTC 2020 - Reinhard Max + +- Don't create dhclient.leases in %post. It affects transactional + updates and the files don't need to pre-exist (boo#1129951). + +------------------------------------------------------------------- +Thu Sep 3 13:52:57 UTC 2020 - Franck Bui + +- Drop dependency on insserv-compat + + It was required to call the rc_status helpers from the sysvinit + scripts. These scripts are supposed to be called by systemd, which + has its own mechanism to report service status. + + Please note that this package still needs to be converted to ship + proper systemd units. + +------------------------------------------------------------------- +Thu Sep 3 12:56:11 UTC 2020 - Franck Bui + +- /var/run is legacy -> /run should be used instead + +------------------------------------------------------------------- +Mon Jun 29 07:11:52 UTC 2020 - Dominique Leuenberger + +- The server package still requires insserv-compat: the .service + files only call out to legacy sysv init scripts that are still + sourcing /etc/rc.status (boo#1173440). + +------------------------------------------------------------------- +Tue Jun 23 15:22:00 UTC 2020 - Cristian Rodríguez + +- insserv is not required anymore + +------------------------------------------------------------------- +Thu Jun 11 15:46:50 UTC 2020 - Callum Farmer + +- Fixes for %_libexecdir changing to /usr/libexec + +------------------------------------------------------------------- +Wed Apr 15 06:32:20 UTC 2020 - Thorsten Kukuk + +- Use sysusers.d instead of shadow + +------------------------------------------------------------------- +Mon Mar 2 17:26:39 UTC 2020 - Reinhard Max + +- Add -fcommon to CFLAGS to fix build with gcc10 (boo#1160262). + +------------------------------------------------------------------- +Wed Jan 22 06:12:51 UTC 2020 - Thorsten Kukuk + +- Change remaining systemd requires to weak dependencies, too. +- Don't require net-tools with SLE15 or newer, it does not contain + anything anymore we need +- Get ride of coreutils dependency + +------------------------------------------------------------------- +Tue Oct 15 15:18:59 UTC 2019 - Reinhard Max + +- bsc#1134078, CVE-2019-6470, dhcp-CVE-2019-6470.patch: + DHCPv6 server crashes regularly. +- Add compile option --enable-secs-byteorder to avoid duplicate + lease warnings [bsc#1089524]. + +------------------------------------------------------------------- +Wed Oct 2 16:50:48 CEST 2019 - kukuk@suse.de + +- Make systemd a weak dependency as we don't want that in a container + +------------------------------------------------------------------- +Wed Aug 28 12:38:32 UTC 2019 - Reinhard Max + +- bsc#1136572: Use IPv6 when called as dhclient6, dhcpd6, and + dhcrelay6 (0021-dhcp-ip-family-symlinks.patch). + +------------------------------------------------------------------- +Thu Aug 8 12:19:53 UTC 2019 - Dirk Mueller + +- dhclient-script: replace host(1) with getent, which is more + lightweight (part of glibc and does not pull in bind-utils) + +------------------------------------------------------------------- +Fri Aug 2 06:58:43 UTC 2019 - Martin Liška + +- Use FAT LTO objects in order to provide proper static library. + +------------------------------------------------------------------- +Thu Jul 11 18:13:36 UTC 2019 - Antoine Belvire + +- Remove SuSEfirewall2 services since SuSEfirewall2 has been + replaced by firewalld (which already provides a service for + dhcp). + +------------------------------------------------------------------- +Fri May 10 09:06:07 UTC 2019 - Dominique Leuenberger + +- Add workaround to require insserv-compat until the package is + converted to full systemd units (boo#1133632). + +------------------------------------------------------------------- +Fri Feb 22 07:04:56 UTC 2019 - Franck Bui + +- Drop use of $FIRST_ARG in .spec + + The use of $FIRST_ARG was probably required because of the + %service_* rpm macros were playing tricks with the shell positional + parameters. This is bad practice and error prones so let's assume + that no macros should do that anymore and hence it's safe to assume + that positional parameters remains unchanged after any rpm macro + call. + +------------------------------------------------------------------- +Mon Jan 21 13:33:47 UTC 2019 - Jonathan Brielmaier + +- Remove wrong path to documentation in the description of the + server package + +------------------------------------------------------------------- +Tue Jun 5 08:57:34 UTC 2018 - tchvatal@suse.com + +- Drop doc subpackage as we do not build on < SLE12 anyway so it + evaluated always as true +- Do not condition flags settings for codestreams that we are no + longer building for +- Use %license macro for license as mandated by new TW requirements + +------------------------------------------------------------------- +Mon Jun 4 19:53:43 UTC 2018 - tchvatal@suse.com + +- Format with spec-cleaner (automatic, remove FIXMEs) +- Use getent to detect created user prior doing it again +- Drop ldapcasa as it evaluates as false on all current products +- Drop ldap conditional as it is always true + +------------------------------------------------------------------- +Mon Jun 4 19:46:20 UTC 2018 - tchvatal@suse.com + +- Kill omc configs wrt fate#301838 + +------------------------------------------------------------------- +Thu Mar 8 13:15:16 UTC 2018 - max@suse.com + +- Update to dhcp-4.3.6-P1: + * CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd. + * CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient. + * Plugged a socket descriptor leak in OMAPI + * The server now allows the client identifier (option 61) to own + leases in more than one subnet concurrently [ISC-Bugs #41358]. + * When replying to a DHCPINFORM, the server will now include + options specified at the pool scope, provided the ciaddr field + of the DHCPINFORM is populated. + [ISC-Bugs #43219] [ISC-Bugs #45051]. + * When memory allocation fails in a repeated way the process + writes "Run out of memory." on the standard error and exists + with status 1 [ISC-Bugs #32744]. + * The new lmdb (Lightning Memory DataBase) bind9 configure + option is now disabled by default to avoid the presence of + this library to be detected which can lead to a link failure. + [ISC-Bugs #45069] + * The linux interface discovery code has been modified to use + getifaddrs() as is done for BSD and OS-X. + [ISC-Bugs #28761] and others. + * Fixed a bug in OMAPI that causes omshell to crash when a + name-value pair with a zero length value is shipped in an + object [ISC-Bugs #29108]. + * On 64-bit platforms, dhclient now generates the correct value + for the script environment variable, "expiry", the lease + expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326]. + * Common timer logic was modified to cap the maximum timeout + values at 0x7FFFFFFF - 1 [ISC-Bugs #28038]. + * DHCP6 FQDN option unpacking code now correctly handles values + that contain spaces, special, or non-printable characters. + [ISC-Bugs #43592] + * When running in -6 mode, dhclient can enforce the require + option statement and will discard offered leases that do not + contain all the required options specified in the client + configuration [ISC-Bugs #41473]. + * Altered DHCPv4 lease time calculation to avoid roll over + errors on 64-bit OS systems when using -1 or large values + for default-lease-time [ISC-Bugs #41976], + * Added --dad-wait-time parameter to dhclient [ISC-Bugs #36169]. + * The server nows checks both the address and length of a + prefix delegation when attempting to match it to a prefix + pool [ISC-Bugs #35378]. + * Modified DDNS support initialization such that DNS related + ports will only be opened by the server (dhcpd) at startup + if ddns-update-style is not "none"; by dhclient only if and + when the it first attempts an update; and never by dhcrelay. + [ISC-Bugs #45290] [ISC-Bugs #33377] + * Added error logging to two memory allocation failure checks. + [ISC-Bugs #41185] + * Corrected a dhclient -6 issue that caused the client to crash + with an "Impossible condition" error after de-preferencing its + only IA binding [ISC-Bugs #44373]. + * By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h, + dhclient will now call the script with reason set to FAIL when + run with -1 (one try) and there are no server responses. + [ISC-bugs #18183] + * The server now detects failover peers that are not referenced + in at least one pool when run with the command line option for + test mode, -T [ISC-Bugs #29892]. + * Linux script updated [ISC-bugs #19430] [ISC-bugs #18111]. + * Changed severity of the log message indicating UDP checksum + errors in the received packets from 'info' to 'debug'. + [ISC-bugs #41757] + * Corrected a bug which could cause the server to sporadically + crash while loading lease files with the lease-id-format is + set to "hex" [ISC-Bugs #43185]. + +- Obsoleted patches: + * 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch + * 0019-dhcp-4.2.4-P1-interval.patch + * 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch + * 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch + +------------------------------------------------------------------- +Fri Jan 19 12:16:47 CET 2018 - ndas@suse.de + +- Optimized if and when DNS client context and ports + are initted (bsc#1073935) + [+0022-Optimized-if-and-when-DNS-client-context-and-ports.patch] + +------------------------------------------------------------------- +Tue Jan 16 16:15:45 CET 2018 - ndas@suse.de + +- Plugs a socket descriptor leak in OMAPI(bsc#1076119, CVE-2017-3144) + [ +0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch] + +------------------------------------------------------------------- +Fri Jan 5 07:30:46 UTC 2018 - obs@botter.cc + +- add PIDFile= setting to dhcrelay.service, without this systemd + stops the service immediately after starting + +------------------------------------------------------------------- +Wed Dec 13 15:52:25 UTC 2017 - mchandras@suse.de + +- Drop old sysvinit support from the spec file. All the supported + openSUSE distributions are systemd based so there isn't much point + in keeping sysvinit support and files around. + +------------------------------------------------------------------- +Thu Nov 23 13:49:18 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Fri Jul 14 09:48:25 UTC 2017 - dimstar@opensuse.org + +- Replace net-tools Requires in dhcp-client with hostname on + suse_version >= 1330 (CODE15): net-tools does no longer provide + any tool referenced by dhclient-script, but we require hostname + (which is also a dependency to net-tools, thus hiding the issue). + +------------------------------------------------------------------- +Thu Jul 13 12:27:59 UTC 2017 - bwiedemann@suse.com + +- use .gz year instead of current one to make build reproducible + +------------------------------------------------------------------- +Thu Jul 6 16:17:18 CEST 2017 - ndas@suse.de + +- fixed a typo in nis-servers option name breaking the config file introduced + in previous change to workaround issues in NetworkManager parser. +- Update to dhcp-4.3.5 + + - Corrected a bug which could cause the server to sporadically crash while + loading lease files with the lease-id-format is set to "hex". Our thanks + to Jay Ford, University of Iowa for reporting the issue. + [ISC-Bugs #43185] + - Eliminated a noisy, but otherwise harmless debug log statment that may + appear during server startup when building with --enable-binary-leases + and configuring multiple pools in a shared network. Thanks to Fernando + Soto from BlueCat Networks for reporting the issue and supplying a patch. + [ISC-Bugs #43262] + - Fixed util/bindvar.sh error handling. + [ISC-Bugs #41973] + - Correct error message in relay to use remote id length instead + of circuit id length. + [ISC-Bugs #42556] + - Add logic to test directory Makefiles to avoid copying Attfile(s) + when building within the source tree. This eliminates a noisy but + otherwise harmless error message when running "make check". + [ISC-Bugs #41883] + - Leases are now scrubbed of certain prior use information when pool + re-balancing reassigns them from one FO peer to the other. This + corrects an issue where leases that were offered but not used + by the client retained the client hostname from the original + client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University + for reporting the issue. + [ISC-Bugs #42008] + - In the LDAP code and schema add some missing '6' characters to use + the v6 instead of the v4 versions. Thanks to Denis Taranushin for + reporting this issue and supplying its patch. + [ISC-Bugs #42666] + - Correct how the pick-first-value expression is written to a lease + file. Previously it was written as a concat expression due to + a cut and paste error. + [ISC-Bugs #42253] + - Modify the DDNS code to clean up the PTR record even if there + are issues while cleaning up the A or AAAA records. + [ISC-Bugs #23954] + - Added global configuration parameter, abandon-lease-time, which determines + the amount of time a lease remains abandoned. The default is 84600 seconds. + Additionaly, the server now conducts a ping check (if ping checks are + enabled) prior to offering an abandoned lease to client. Our thanks to + David Zych at University of Illinois for reporting the issue and working + with us to produce a viable solution. + [ISC-Bugs #41815] + - Correct handling of interface names during interface discovery. This + addresses an issue where interface names of 15 characters in length + could lead to crashes or interface recognition errors during startup + of dhcpd, dhclient, and dhcrelay. + [ISC-Bugs #42226] + - Updates to contrib/dhcp-lease-list.pl to make it more friendly. + The updates are: looking for the lease file in more places and skipping + the "processing complete" output when creating machine readable + output. Thanks to Cameron Paine (cbp at null dot net) for the + patch. + [ISC-Bugs #42113] + - When reusing a lease for dhcp-cache-threshold return the hostname + to the original lease. Also if the host pointer, UID or hardware address + change don't allow reuse of the lease. + Thanks to Michael Vincent for reporting this and helping us + verify the problem and fix. + [ISC-Bugs #42849] + - Change dmalloc to use a size_t as the length argument to bring it + in line with the call it will make to malloc(). + [ISC-Bugs #40843] + - If the failover socket can't be bound, close it. Otherwise if the + user configures an incorrect address in the failover stanza the + server will continue to open new sockets every 90 seconds until + it runs out. + [ISC-Bugs #42452] + - Add DHCPv4-mode, dhcrelay command line options, "-iu" and "-id", that + allow interfaces to be upstream or downstream respectively. Upstream + interfaces will accept and forward only BOOTP replies, while downstream + interfaces will accept and forward only BOOTP requests. + [ISC-Bugs #41547] + - Clean up some memory references in the vendor-class construct. + [ISC-Bugs #42984] + [*0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch, + *0011-Fixed-linux-interface-discovery-using-getifaddrs.patch, + *0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, + *0016-infiniband-support.patch, + *0017-server-no-success-report-before-send.919959.patch] + + +------------------------------------------------------------------- +Mon Jul 3 09:08:32 UTC 2017 - zaitor@opensuse.org + +- Set all requested dhcp options on a single line, so they are + actually requested (boo#1046969, boo#1047004). + +------------------------------------------------------------------- +Mon Mar 13 23:53:20 CET 2017 - ndas@suse.de + +- Relax permission of dhclient-script for libguestfs(bsc#987170) + +------------------------------------------------------------------- +Fri Feb 10 22:49:38 CET 2017 - kukuk@suse.de + +- Require insserv only if needed +- Fix requires of client subpackage + +------------------------------------------------------------------- +Thu Aug 4 08:25:28 UTC 2016 - ralf.habacker@freenet.de + +- Add config file for registering dhcp server in slp (bsc#992072) + +------------------------------------------------------------------- +Thu May 19 10:37:25 UTC 2016 - mchandras@suse.de + +- Use /usr/sbin/arping instead of /sbin/arping in the dhcp scripts. + /sbin/arping is a symlink to /usr/sbin/arping in order to ease the + transition for the /usr merge. Newest releases of iputils may only + install utilities in /usr/* so this dependency will no longer be valid. + Moreover, we replace the '/sbin/arping' dependency with 'iputils'. + +------------------------------------------------------------------- +Tue Jan 26 17:16:45 CET 2016 - ndas@suse.de + +- Update to dhcp-4.3.3-P1 correcting bounds checking when + receiving a packet (bsc#961305,CVE-2015-8605,ISC-Bugs#41267). +- adjusted interval check. + [*0019-dhcp-4.2.4-P1-interval.patch] +- Fixed improper lease duration checking. Also added fixes for integer + overflows in the date and time handling code(bsc#936923, bsc#880984). + [+0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch] +- fixed service files to start dhcpd after slapd (bsc#956159) +- dhclient-script: complain in the log about conflicts, added + a see log messages to the dhclient log message (bsc#960506) + [* 0018-client-fail-on-script-pre-init-error-bsc-912098.patch] +------------------------------------------------------------------- +Tue Oct 13 12:59:00 UTC 2015 - mt@suse.de + +- Applied a patch by Jiri Popelka catching dhcp server aborts with + "Unable to set up timer: out of range" on very long or infinite + timer intervals / lease lifetimes (bsc#947780) + [+ 0019-dhcp-4.2.4-P1-interval.patch] +- Corrected patch references in and a missed (bsc#919959) patch + description in previous changelog entry. + +------------------------------------------------------------------- +Mon Sep 14 14:39:34 UTC 2015 - mt@suse.de + +- Update to dhcp-4.3.3 (fate#319067) provinding many bug fixes, + features and obsoletes several patches we were using before. + For complete changelog, please read the RELNOTES file shipped + along with this package or online at: + https://kb.isc.org/article/AA-01297/82/DHCP-4.3.3-Release-Notes.html +- Replaced hostname patch with a dhcpv6 and fqdn aware variant: + [- 0006-dhcp-4.2.5-dhclient-send-hostname-rml.patch, + + 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch] +- Removed obsolete patches included upstream now: + [- 0007-dhcp-4.2.6-ldap-mt01.patch, + - 0009-dhcp-4.2.6-xen-checksum.patch, + - 0013-dhcp-4.2.3-P1-dhclient-log-pid.patch, + - 0015-Ignore-SIGPIPE-to-not-die-in-socket-code.patch, + - 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch, + - 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch, + - 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch, + - 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch, + - 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch, + - 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch, + - 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch] +- Adjusted patch numbers in the spec file: + [- 0008-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch, + - 0010-dhcp-4.2.2-dhclient-option-checks.patch, + - 0011-dhcp-4.2.6-close-on-exec.patch, + - 0012-dhcp-4.2.2-quiet-dhclient.patch, + - 0014-Fixed-linux-interface-discovery-using-getifaddrs.patch, + - 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch, + - 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, + + 0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch, + + 0008-dhcp-4.2.2-dhclient-option-checks.patch, + + 0009-dhcp-4.2.6-close-on-exec.patch, + + 0010-dhcp-4.2.2-quiet-dhclient.patch, + + 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch, + + 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch, + + 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch] +- Fixed to not pass DHCPv6 address lifetimes a positive (unsigned + 32bit) integers to scripts and properly format timestamps as long + to not break them on 64bit architectures (bsc#926159). + [+ 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch] +- dhclient: expose next-server DHCPv4 option to script (bsc#928390) + [+ 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch] +- Replaced infiniband support patch with fixed variant (bsc#910984): + [- 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch, + - 0018-dhcp-4.2.6-improved-xid.patch, + - 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch, + + 0016-infiniband-support.patch] +- Moved dhcp-devel package include files and static libraries + to /usr/include/dhcp and /usr/lib/dhcp subdirectories. + DHCP requires a specific bind library version and conflicts + with the files shipped by bind-devel package, which is not + source and binary compatible (bsc#910686). +- Corrected changes to provide complete patch file references. +- Fixed server to not report success before send (bsc#919959) + [+ 0017-server-no-success-report-before-send.919959.patch] +- Fixed dhclient to check pre-init results reported by dhclient-script + and fail if pre-init fails for a requested interface (bsc#912098). + [+ 0018-client-fail-on-script-pre-init-error-bsc-912098.patch] + +------------------------------------------------------------------- +Tue Feb 3 18:37:59 UTC 2015 - coolo@suse.com + +- do not check scripts not in the src.rpm + +------------------------------------------------------------------- +Wed Dec 10 12:52:03 UTC 2014 - mt@suse.de + +- Applied fix by Jiri Slaby to not crash in interface discovery + when the interface address is NULL, which has been introduced + by the infiniband support patch (bsc#909189,bsc#870535). + [+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch] + +------------------------------------------------------------------- +Tue Dec 09 19:25:00 UTC 2014 - Led + +- fix bashisms in dhcprelay script + +------------------------------------------------------------------- +Thu Nov 20 11:43:07 UTC 2014 - mt@suse.de + +- Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to + reorder config to add all global options or option declarations + to the dhcpService object instead to create new service object + (bsc#886094,ISC-Bugs#37876). + [+ 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch] +- Applied an upstream patch by Thomas Markwalder adding missed + mapping of SHA TSIG algorithm names to their constants to enable + hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512 + authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947). + [+ 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch] +- Decline IPv6 addresses on Duplicate Address Detection failure + and stop client message exchanges on reached MRD rather than + at some point after it. Applied fedora patches by Jiri Popelka + and added DAD reporting via exit 3 to the dhclient-script and + a fix to use correct address variables in the DEPREF6 action + (bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238). + [+ 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, + + 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch] +- Applied backport patch by William Preston avoiding to bind ddns + socket in the server when ddns-update-style is none (bsc#891655). + [+ 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch] +- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script + fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409]) + [+ 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch] +- Updated licence statement and FSF address in our scripts. +- Added missed service_add_pre macro calls for dhcrelay services + +------------------------------------------------------------------- +Fri Nov 14 09:18:33 UTC 2014 - dimstar@opensuse.org + +- No longer perform gpg validation; osc source_validator does it + implicit: + + Drop gpg-offline BuildRequires. + + No longer execute gpg_verify. + +------------------------------------------------------------------- +Wed Sep 3 01:48:48 CEST 2014 - ro@suse.de + +- sanitize release line in specfile + +------------------------------------------------------------------- +Mon Aug 18 07:39:11 UTC 2014 - mt@suse.de + +- Disabled /sbin/service legacy-action hooks on openSUSE <= 13.1, + which does not support it and causes build failure (bnc#891961). + +------------------------------------------------------------------- +Fri Jul 18 11:13:40 UTC 2014 - mt@suse.de + +- Fixed to require iproute2 in dhcp-client package (bnc#885399) +- Disarmed dhclient-script when wicked is the network service, + as wicked is using an another dhcp client (runtime conflict), + NetworkManager an own script and sysconfig-network is gone on + sles12 and opensuse > 13.1, so it is obsolete and unsupported. + +------------------------------------------------------------------- +Tue Jun 10 02:42:32 UTC 2014 - mt@suse.de + +- Fixed /etc/sysconfig/dhcpd fillup in dhcp server post-install. +- Fixed dhcp server start script to use correct libdir (bnc#868250) +- Fixed dhcp server to chown leases to run user at start (bnc#868253) + [+ 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch] +- Fixed to write missed dhcp-ldap debug level messages (bnc#835818) + [+ 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch] +- Fixed unsupported dhclient-script used by sysconfig ifup to provide + a function to calculate netmask. NetworkManager provides an own one. + +------------------------------------------------------------------- +Wed May 21 08:34:07 UTC 2014 - jsegitz@novell.com + +- added necessary macros for systemd files + +------------------------------------------------------------------- +Thu Apr 24 08:24:38 UTC 2014 - dmueller@suse.com + +- remove gpg-offline dependency (blocks rebuilds) as checking + is already done by source validator + +------------------------------------------------------------------- +Fri Mar 28 18:53:28 UTC 2014 - mt@suse.de + +- Applied fixes for DHCP over IPoIB by Mellanox (bnc#870535) + [+ 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch, + + 0018-dhcp-4.2.6-improved-xid.patch] + +------------------------------------------------------------------- +Mon Mar 17 16:19:58 UTC 2014 - mt@suse.com + +- Added support for custom for rcdhcpd[6] check-syntax,check-lease + and syntax-check actions (bnc#868713). + +------------------------------------------------------------------- +Mon Feb 10 17:52:15 UTC 2014 - mt@suse.com + +- Initially switched to use systemd service files under systemd + and enabled Restart=on-abort (fate#315133). +- Update to ISC dhcp-4.2.6 release. See RELNOTES file for the + complete list of changes -- digest of fixes not in dhcp-4.2.5: + - Tidy up receive packet processing. + Thanks to Brad Plank of GTA for reporting the issue and + suggesting a possible patch. [ISC-Bugs #34447] + - Fix the socket handling for DHCPv6 clients to allow multiple + instances of a client on a single machine to work properly. + Previously only one client would receive the packets. + Thanks to Jiri Popelka at Red Hat for the bug report and a + potential patch. [ISC-Bugs #34784] + - Added support for gentle shutdown after signal is received. + [ISC-Bugs #32692] [ISC-Bugs 34945] + - Enhance the DHCPv6 server logging to include the addresses + that are assigned to the clients. This can be enabled by + defining LOG_V6_ADDRESSES in site.h. [ISC-Bugs #26377] + - Fix an operation in the DDNS code to be a bitwise instead + of logical or. [ISC-Bugs #35138] +- Merged patches for dhcp-4.2.6 version to apply without fuzzy, + prepended patch number prefixes to match spec file patch nr, + added patch markup tags / bug numbers to the spec file. +- Applied contrib-lease-path pach to contrib.tar.gz + [- contrib-lease-path.diff] +- Changed to require automake and use its config.sub and guess + files instead of maintaining a patch. + [- config-guess-sub-update.patch] +- Enabled to log DHCPv6 addresses assigned by server to clients + [+ 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch] +- Cleaned up documentation, rpmlint adjustments. + +------------------------------------------------------------------- +Fri Jan 10 12:05:22 UTC 2014 - mt@suse.com + +- Test if /etc/sysconfig/network/scripts/functions exists before + sourcing it (fate#316768,bnc#856591). + +------------------------------------------------------------------- +Mon Nov 18 09:40:55 UTC 2013 - mt@suse.com + +- Fixed path to systemctl in dhclient-script (bnc#847778). + +------------------------------------------------------------------- +Fri Sep 27 15:16:26 UTC 2013 - mt@suse.com + +- Added /etc/bindresvport.blacklist to dhcp server chroot file + lists as it seems to block its start in some cases (bnc#842360). + +------------------------------------------------------------------- +Tue Sep 10 13:04:10 UTC 2013 - mt@suse.com + +- Fixed to reload syslog on hostname changes using systemctl as + there is no /etc/init.d/syslog script since syslog-service-2.0 + (bnc#830467). + +------------------------------------------------------------------- +Fri Apr 26 09:27:19 UTC 2013 - mmeister@suse.com + +- Added autoreconf -i option to fix build for the new automake + +------------------------------------------------------------------- +Tue Apr 2 09:16:44 UTC 2013 - mt@suse.com + +- Install missed bind include files and libraries in dhcp-devel; + conflicts to bind-devel providing different versions (bnc#805162). + +------------------------------------------------------------------- +Thu Mar 28 07:39:53 UTC 2013 - mt@suse.com + +- Use manual patch command for config-guess-sub-update.patch + again as patch macro does not work on older distributions. + +------------------------------------------------------------------- +Wed Mar 27 13:20:43 UTC 2013 - mt@suse.com + +- Update to ISC dhcp-4.2.5-P1 release, which contains updated + bind-9.8.4-P2 sources with removed regex.h check in configure + (bnc#811934, CVE-2013-2266). +- Changed spec make the bind export library build output visible. + +------------------------------------------------------------------- +Tue Mar 12 15:17:19 UTC 2013 - mt@suse.com + +- Added dhcp6-server service template for SuSEfirewall2 (bnc#783002) + +------------------------------------------------------------------- +Sun Mar 3 21:54:38 UTC 2013 - schwab@suse.de + +- config-guess-sub-update.patch: + Update config.guess/sub for aarch64 + +------------------------------------------------------------------- +Fri Jan 11 10:54:28 UTC 2013 - mt@suse.com + +- Update to ISC dhcp-4.2.5 release. See RELNOTES file for the + complete list of changes -- digest of fixes not in dhcp-4.2.4-P2: + - Correct code to calculate rebind timing values in client + [ISC-Bugs #29062] + - Fix some issues in the code for parsing and printing options. + [ISC-Bugs #22625,#27289,#27296,#27314] + - Update the memory leakage debug code to work with v6. + [ISC-Bugs #30297] + - Relax the requirements for deleting an A or AAAA record. + This relaxation was codified in RFC 4703. [ISC-Bugs #30734] + - Modify the failover code to handle incorrect peer names better. + [ISC-Bugs #30320] + - Fix a set of issues that were discovered via a code inspection + tool. [ISC-Bugs #23833] + - Parsing unquoted base64 strings improved. [ISC-Bugs #23048] + - The client now passes information about the options it requested + from the server to the script code via environment variables. + These variables are of the form requested_=1 with + the option name being the same as used in the new_* and old_* + variables. [ISC-Bugs #29068] + - Check the status value when trying to read from a connection to + see if it may have been closed. If it appears closed don't try + to read from it again. This avoids a potential busy-wait like + loop when the peer names are mismatched. [ISC-Bugs #31231] + - Remove an unused variable to keep compilers happy. + [ISC-Bugs #31983] +- Removed obsolete parsing and printing option patch + [dhcp-4.2.4-parsing-and-printing-options.patch] +- Merged dhcp-4.2.2-dhclient-send-hostname-rml.diff + [dhcp-4.2.5-dhclient-send-hostname-rml.patch] +- Fixed discovery of interfaces, which have only addresses with + a label assigned (linux 2.0 "alias interfaces" compatibility) + by switching to use the getifaddrs() as on BSD (bnc#791289, + reported upstream as [ISC-Bugs #31992]). + [dhcp-4.2.4-interface-discovery-using-getifaddrs.patch] +- Applied a patch to ignore SIGPIPE instead to die in socket code + before the errno==EPIPE checks are reached (bnc#794578, upstream + report [ISC-Bugs #32222]) + [dhcp-4.2.4-P2-do-not-die-on-sigpipe.patch] +- Updated ldap patch to 4.2.5-ldap-mt01 providing following fixes: + - Fixed parse buffer handling code to not avoid truncation of + config > ~8k from bigger ldap objects. Fixed to free the ldap + config buffer passed to the config parser and append new config, + while the parser is in saved state (bnc#788787). + - Fixed subclass name-ref and data quoting/escaping (bnc#788787). + - Fixed memory leaks on ldap_read_config errors (bnc#788787). + - Fixed a memleak while subnet range processing, fixed to reset + bufix variable in ldap_read_function to 0 and to set buflen to + the complete length (do not discard last character, usually \n). + This caused a parsing error at further run of the function, + e.g. while processing the second dhcpService container that the + dhcpServer object may refer to (bnc#784640). + [dhcp-4.2.5-ldap-mt01.patch.bz2] +- Fixed dhclient-script to discard MTU lower-equal 576 rather + than lower-than (bnc#791280). +- Verify GPG source archive signatures. + +------------------------------------------------------------------- +Thu Sep 20 12:26:53 UTC 2012 - mt@suse.com + +- Update to ISC dhcp-4.2.4-P2 release, providing a security fix for + an issue with the use of lease times was found and fixed. Making + certain changes to the end time of an IPv6 lease could cause the + server to abort. Thanks to Glen Eustace of Massey University, + New Zealand for finding this issue. + ([ISC-Bugs #30281], CVE: CVE-2012-3955, bnc#780167) + +------------------------------------------------------------------- +Wed Jul 25 18:13:59 UTC 2012 - mt@suse.com + +- Update to ISC dhcp-4.2.4-P1 release, providing following security + fixes (bnc#772924): + - Previously the server code was relaxed to allow packets with zero + length client ids to be processed. Under some situations use of + zero length client ids can cause the server to go into an infinite + loop. As such ids are not valid according to RFC 2132 section 9.14 + the server no longer accepts them. Client ids with a length of 1 + are also invalid but the server still accepts them in order to + minimize disruption. The restriction will likely be tightened in + the future to disallow ids with a length of 1. + Thanks to Markus Hietava of Codenomicon CROSS project for the + finding this issue and CERT-FI for vulnerability coordination. + [ISC-Bugs #29851] CVE: CVE-2012-3571 + - When attempting to convert a DUID from a client id option + into a hardware address handle unexpected client ids properly. + Thanks to Markus Hietava of Codenomicon CROSS project for the + finding this issue and CERT-FI for vulnerability coordination. + [ISC-Bugs #29852] CVE: CVE-2012-3570 + - A pair of memory leaks were found and fixed. Thanks to Glen + Eustace of Massey University, New Zealand for finding this issue. + [ISC-Bugs #30024] CVE: CVE-2012-3954 +- Moved lease file check to a separate action so it is not used in + restart -- it can fail when the daemon rewrites the lease causing + a restart failure then (bnc#762108 regression). +- Request dhcp6.sntp-servers in /etc/dhclient6.conf and forward to + netconfig for processing (bnc#770236). +- Removed RFC 4833 TZ options from client requests [unused]. + +------------------------------------------------------------------- +Tue Jun 19 06:40:03 UTC 2012 - mt@suse.com + +- Update to ISC dhcp-4.2.4 release, fixing a dhcpv6 server assert + crash while accessing lease on heap (bnc#767661) and providing + the following fixes: + - Rotate the lease file when running in v6 mode. + Thanks to Christoph Moench-Tegeder at Astaro for the + report and the first version of the patch. [ISC-Bugs #24887] + - Fixed the code that checks if an address the server is planning + to hand out is in a reserved range. This would appear as the + server being out of addresses in pools with particular ranges. + [ISC-Bugs #26498] + - In the DDNS code handle error conditions more gracefully and + add more logging code. The major change is to handle unexpected + cancel events from the DNS client code. [ISC-Bugs #26287] + - Tidy up the receive calls and eliminate the need for found_pkt. + [ISC-Bugs #25066] + - Add support for Infiniband over sockets to the server and + relay code. We've tested this on Solaris and hope to expand + support for Infiniband in the future. This patch also corrects + some issues we found in the socket code. [ISC-Bugs #24245] + - Add a compile time check for the presence of the noreturn attribute + and use it for log_fatal if it's available. This will help code + checking programs to eliminate false positives. [ISC-Bugs #27539] + - Fixed many compilation problems ("set, but not used" warnings) for + gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588] + - Modify the code that determines if an outstanding DDNS request + should be cancelled. This patch results in cancelling the + outstanding request less often. It fixes the problem caused + by a client doing a release where the TXT and PTR records + weren't removed from the DNS. [ISC-BUGS #27858] + - Use offsetof() instead of sizeof() to get the sizes for + dhcpv6_relay_packet and dhcpv6_packet in several more places. + Thanks to a report from Bruno Verstuyft and Vincent Demaertelaere + of Excentis. [ISC-Bugs #27941] + - Remove outdated note in the description of the bootp keyword about + the option not satisfying the requirement of failover peers for + denying dynamic bootp clients. [ISC-bugs #28574] + - Multiple items to clean up IPv6 address processing. When processing + an IA that we've seen check to see if the addresses are usable + (not in use by somebody else) before handing it out. + When reading in leases from the file discard expired addresses. + When picking an address for a client include the IA ID in + addition to the client ID to generally pick different addresses + for different IAs. [ISC-Bugs #23138] [ISC-Bugs #27945] + [ISC-Bugs #25586] [ISC-Bugs #27684] + - Remove unnecessary checks in the lease query code and clean up + several compiler issues (some dereferences of NULL and treating + an int as a boolean). [ISC-Bugs #26203] + - Fix the NA and PD allocation code to handle the case where a client + provides a preference and the server doesn't have any addresses or + prefixes available. Previoulsy the server ignored the request with + this patch it replies with a NoAddrsAvail or NoPrefixAvail response. + By default the code performs according to the errata of August 2010 + for RFC 3315 section 17.2.2; to enable the previous style see the + section on RFC3315_PRE_ERRATA_2010_08 in includes/site.h. + This option may be removed in the future. Thanks to Jiri Popelka at + Red Hat for the patch. [ISC-Bugs #22676] + - Fix up some issues found by static analysis. A potential memory leak + and NULL dereference in omapi. The use of a boolean test instead of + a bitwise test in dst. [ISC-Bugs #28941] +- Replaced our patches with a complete and upstream verified patch: + - Fix some issues in the code for parsing and printing options. + [ISC-Bugs #27314] - properly parse a zero length option from + a lease file. + [ISC-Bugs #22796] - properly determine if we parsed a 16 or + 32 bit value in evaluate_numeric_expression (extract-int). + [ISC-Bugs #22625] - properly print options that have several + fields followed by an array of something for example "fIa" + [ISC-Bugs #27289] - properly parse options in declarations + that have several fields followed by an array of something + for example "fIa" + This patch obsoletes the following (bnc#739696) patches: + - dhclient: parse_option_param: Bad format a + - zero-length option lease parse error in dhclient6 +- Merged ldap and options check patches for the new version +- Fixed dhcp-server init script to check syntax and fail while + force-reload and restart to avoid stopping of running daemon + followed by start failure (bnc#762108). Added libgcc_s.so to + chroot, so the server can report assert/crash line. + +------------------------------------------------------------------- +Wed Mar 28 15:06:47 UTC 2012 - mt@suse.com + +- Added RFC 4833 TimeZone PosixString and Name declarations to + server and client configs [not used yet]. + +------------------------------------------------------------------- +Mon Mar 19 09:37:52 UTC 2012 - mt@suse.com + +- dhcp-server: fixed to escape all values used in constructed + ldap filters as a DN may contain e.g. asterisks (bnc#721829, + [ISC-Bugs #28545]). + +------------------------------------------------------------------- +Fri Jan 13 15:26:43 UTC 2012 - mt@suse.com + +- Updated to ISC dhcp-4.2.3-P2 release, providing a DDNS security fix: + Modify the DDNS handling code. In a previous patch we added logging + code to the DDNS handling. This code included a bug that caused it + to attempt to dereference a NULL pointer and eventually segfault. + While reviewing the code as we addressed this problem, we determined + that some of the updates to the lease structures would not work as + planned since the structures being updated were in the process of + being freed: these updates were removed. In addition we removed an + incorrect call to the DDNS removal function that could cause a failure + during the removal of DDNS information from the DNS server. + Thanks to Jasper Jongmans for reporting this issue. + ([ISC-Bugs #27078], CVE: CVE-2011-4868, bnc#741239) +- Fixed close-on-exec patch to not set it on stderr (bnc#732910) +- Fixed incorrect "a" array type option parsing causing to discard + e.g. classless static routes from lease file [reported as ISC-Bug + 27289] and zero-length option parsing such as dhcp6.rapid-commit + in dhclient6 [reported as ISC-Bug 27314] (bnc#739696). +- Fixed dhclient to include its pid number in syslog messages. +- Fixed to use P2 in the spec version, not in the release tag. + +------------------------------------------------------------------- +Fri Dec 9 13:40:53 UTC 2011 - mt@suse.com + +- Updated to ISC dhcp-4.2.3-P1 release, providing security fix for + a DoS due to processing certain regular expressions (bnc#735610) + and several important DDNS related fixes: + * Add a check for a null pointer before calling the regexec function. + Without out this check we could, under some circumstances, pass + a null pointer to the regexec function causing it to segfault. + Thanks to a report from BlueCat Networks. [ISC-Bugs #26704] + CVE-2011-4539. + * Fix the code that checks for an existing DDNS transaction to + cancel when removing DDNS information, so that we will continue + with the processing if we have a lease even if it doesn't have an + outstanding transaction. [ISC-Bugs #24682] + * Add AM_MAINTAINER_MODE to configure.ac to avoid rebuilding + configuration files. [ISC-Bugs #24107] + * Add support for passing DDNS information to a DNS server over + an IPv6 address. [ISC-Bugs #22647] + * Enhanced patch for 23595 to handle IPv4 fixed addresses more + cleanly. [ISC-Bugs #23595] +- Refreshed ldap patch + +------------------------------------------------------------------- +Fri Sep 30 20:07:54 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Tue Sep 6 14:27:51 UTC 2011 - mt@suse.com + +- Commented out all configuration examples in /etc/dhcpd.conf and + dhcp6.conf (bnc#715473). +- Enabled dhcp6.rapid-commit in /etc/dhclient6.conf config file. +- Removed useless provides/obsoletes from spec file. + +------------------------------------------------------------------- +Wed Aug 31 08:42:12 UTC 2011 - mt@suse.com + +- Set the DHCPD_CONF_INCLUDE_FILES and the DHCPD6_CONF_INCLUDE_FILES + variables to /etc/dhcpd.d and /etc/dhcpd6.d by default, so there + are well-defined directories expected to contain additional config + files (bnc#690585). + +------------------------------------------------------------------- +Mon Aug 29 15:15:44 UTC 2011 - mt@suse.de + +- Updated to ISC dhcp-4.2.2 release, providing two security fixes + (CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that + allowed remote attackers to cause a denial of service (a daemon + exit) via crafted BOOTP packets. Further also DNS update fix to + detect overlapping pools or misconfigured fixed-address entries, + that caused a server crash during DNS update and other fixes. + For a complete list, please see the RELNOTES file provided in + the package and also available online at http://www.isc.org/. +- Merged/adopted dhclient option-checks, send-hostname-rml, ldap + patch, xen-checksum, close-on-exec patches and removed obsolete + in6_pktinfo-prototype and relay-no-ip-on-interface patches. +- Moved server pid files into chroot directory even chroot is + not used and create a link in /var/run, so it can write one + when started as user without chroot and avoid stop problems + when the chroot sysconfig setting changed (bnc#712438). +- Disabled log-info level messages in dhclient(6) quiet mode to + avoid excessive logging of non-critical messages (bnc#711420). +- Fixed dhclient-script to not remove alias IP when it didn't + changed to not wipe out iptables connmark when renewing the + lease (bnc#700771). Thanks to James Carter for the patch. +- Fixed DDNS-howto.txt reference in the config file; it has been + moved to the dhcp-doc package (bnc#697279). +- Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz + to ensure, they're not used to build non-GPL dhcp (bnc#714004). +- Changed to apply strict-aliasing/RELRO for >= 12.x only + +------------------------------------------------------------------- +Wed Jul 20 18:53:07 UTC 2011 - crrodriguez@opensuse.org + +- Correct previous change. + +------------------------------------------------------------------- +Wed Jul 20 04:45:40 UTC 2011 - crrodriguez@opensuse.org + +- THis is a long running network daemon, link with + full RELRO security enhancements. +- remove -fno-strict-aliasing from CFLAGS, no longer needed. + +------------------------------------------------------------------- +Tue May 17 03:58:24 UTC 2011 - crrodriguez@opensuse.org + +- Import redhat's patch to open all needed FDs with O_CLOEXEC + so they dont leak. + +------------------------------------------------------------------- +Thu May 12 08:39:03 UTC 2011 - mt@suse.de + +- Removed obsolete sles8 compatibility dependencies, fixed + to avoid non-functional sles_version conditionals. + +------------------------------------------------------------------- +Tue May 10 11:48:57 UTC 2011 - mt@suse.de + +- Fixed to not introduce separate dhcp-doc package on sles, + use versioned provides/obsoletes, improved conditionals. + +------------------------------------------------------------------- +Tue May 3 12:27:08 UTC 2011 - mt@suse.de + +- Fixed dhclient-script typo causing ISC DHCPv6 client to execute + ifup pre-down scripts also while renew, when the ipv6 address + did not changed (bnc#690859). + +------------------------------------------------------------------- +Fri Apr 29 13:31:57 UTC 2011 - mt@suse.de + +- Implemented optional ldap connect retry loop during the initial + startup of the dhcp server in cases where the ldap server is not + yet started. Set the ldap-init-retry option in dhcpd.conf + to enable it (bnc#627617). Merged in the actual ldap patch. +- Cleaned up init script error reporting, no -TERM for killproc. + +------------------------------------------------------------------- +Wed Apr 27 12:31:25 UTC 2011 - mt@suse.de + +- Updated to ISC dhcp-4.2.1-P1 release, that provides most of the + dhclient pretty escape and string option checks. Merged to use + relaxed domain-name option check causing a regression, when the + server is misusing it to provide a domain list (compatibility to + attic clients) and does not provide it via domain-search option; + pretty escape semicolon as well (bnc#675052, CVE-2011-0997). + +------------------------------------------------------------------- +Thu Mar 31 09:56:02 UTC 2011 - mt@suse.de + +- Discard string options such as host and domain names containing + disallowed characters or beeing too long. This proctive patch + limits root-path to a-zA-Z0-9, #%+-_:.,@~/\[]= and a space + (bnc#675052, CVE-2011-0997). + +------------------------------------------------------------------- +Thu Mar 31 09:00:19 UTC 2011 - mt@suse.de + +- Updated to ISC DHCP 4.2.1 release (bnc#680298), that provides + following fixes (digest): + * Several fixes to OMAPI, cleanup of dereferenced pointers in + the omapi handle, handling of pipe failures and status code + in omapi signal handler that may cause connect failure and + 100% CPU use. + * Handle some DDNS corner cases better + * Several fixes to lease input and output + * Corrected side effect of printing all data strings as hex. + * Host record references leaks causing applying config to all + innocent clients. + * Memory leak when parsing a domain name + * Fixes to configuration parsing including infinite loop. + * Fixed for unexpected abort caused by a DHCPv6 decline. + For the complete list see the RELNOTES file, that is available + also online at http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-RELNOTES. +- Removed obsolete optional-value-infinite-loop, no-libcrypto + and CVE-2011-0413.bnc667655 patches. +- Merged the dhclient-send-hostname and ldap patches. + +------------------------------------------------------------------- +Mon Feb 21 14:51:43 UTC 2011 - mt@suse.de + +- dhclient-script: fixed typo causing that only global settings + to set hostname and default route were applied for primary + and never per interface settings (bnc#673792). + +------------------------------------------------------------------- +Fri Feb 18 10:21:28 UTC 2011 - mt@suse.de + +- Added dhcp-4.2.0-xen-checksum.patch by David Cantrell to handle + xen partial UDP checksums (bnc#668194). + +------------------------------------------------------------------- +Wed Feb 2 09:12:11 UTC 2011 - mt@suse.de + +- Applied security fix for unexpected abort caused by a DHCPv6 + decline message (CVE-2011-0413, VU#686084, bnc#667655). +- Fixed dhclient.conf to request the domain-search option. + +------------------------------------------------------------------- +Mon Dec 13 08:51:59 UTC 2010 - mt@suse.de + +- Updated to ISC DHCP 4.2.0-P2, a security release fixing the + handling of connection requests on the failover port. + Previously a connection request from a source that wasn't + listed as a failover peer would cause the server to become + non-responsive. ([ISC-Bugs #22679] CERT: VU#159528 CVE: + CVE-2010-3616, bnc#659059). + +------------------------------------------------------------------- +Tue Dec 7 14:50:23 UTC 2010 - mt@suse.de + +- Enable ldap CASA support on SLE only. + +------------------------------------------------------------------- +Tue Nov 30 21:56:04 UTC 2010 - mt@suse.de + +- Fixed to use same/correct dhcrelay6 interface variables in the + sysconfig file and in the dhcrelay6 init script. + +------------------------------------------------------------------- +Mon Nov 29 15:45:09 CET 2010 - mt@suse.de + +- Updated to ISC DHCP 4.2.0-P1 release, providing a security fix to + handle a relay forward message with an unspecified address in the + link address field. Previously such a message would cause the + server to crash. Thanks to a report from John Gibbons. + [ISC-Bugs #21992] CERT: VU#102047 CVE: CVE-2010-3611 (bnc#650902) + The 4.2.0 version is a feature release, implementing asynchronous + DDNS processing and includes "The LDAP Patch". + For a complete list of changes from any previous release, please + consult the RELNOTES file within the source distribution or on + the ISC website: http://www.isc.org/software/dhcp/420 +- Fixed compilation to avoid segfaults as soon as ldap is enabled, + merged our ldap patches from 4.1.x branch. + +------------------------------------------------------------------- +Tue Nov 2 09:48:56 UTC 2010 - mt@suse.de + +- Fixed a dhcrelay segfault while receiving packets on interfaces + without any IPv4 address assigned (bnc#631305, reported upsteam + as [ISC-Bugs #22409]). +- Fixed a common infinite loop while parsing options with optional + parts in the value such as in slp-service-scope option (bnc#643845, + reported upsteam as [ISC-Bugs #22410]). +- Fixed init scripts to report correct LSB codes in status action, + when the config file or the binary do not exists (bnc#640336). +- Fixed syntax of a check in the rcdhcrelay[6] (bnc#648580) +- Avoid pid check error message in the rcdhcpd[6] (bnc#646875) + +------------------------------------------------------------------- +Wed Sep 29 10:26:37 UTC 2010 - mt@suse.de + +- Fixed server lease file path in contrib/listlease and leasestate + changed to extract contrib and examples using setup macro. + +------------------------------------------------------------------- +Wed Aug 4 12:52:03 UTC 2010 - mt@suse.de + +- Renamed rfc3442-classless-static-routes_raw in /etc/dhclient.conf + to rfc3442-classless-static-routes for compatibility with the + NetworkManager making use of /etc/dhclient.conf now and adopted + /sbin/dhclient-script (bnc#625770). + +------------------------------------------------------------------- +Tue Jul 27 13:31:09 UTC 2010 - mt@suse.de + +- Fixed ldap option number conflicting with new options (bnc#625358) + +------------------------------------------------------------------- +Fri Jul 2 10:48:21 UTC 2010 - mt@suse.de + +- Added a fix for an lpf bind error messages making it easier to + localize problems (bnc#617795) + +------------------------------------------------------------------- +Mon Jun 14 12:11:57 UTC 2010 - mt@suse.de + +- Updated to ISC DHCP 4.1.1-P1 patch release, which contains + a pair of bug fixes including one for a security related bug + (bnc#612546, CVE-2010-2156): + * A bug was fixed that could cause the DHCPv6 server to + advertise/assign a previously allocated (active) lease to a + client that has changed subnets, despite being on different + shared networks. Dynamic prefixes specifically allocated in + shared networks also now are not offered if the client has + moved. [ISC-Bugs #21152] + * Accept a client id of length 0 while hashing. Previously the + server would exit if it attempted to hash a zero length client + id, providing attackers with a simple denial of service attack. + [ISC-Bugs #21253] + +------------------------------------------------------------------- +Tue May 18 08:46:37 UTC 2010 - mt@suse.de + +- Added rc.dhcrelay6 as source in the spec file + +------------------------------------------------------------------- +Tue May 11 11:22:48 UTC 2010 - mt@suse.de + +- Fixed dhcprelay scripts to source sysconfig file correctly +- Fixed spec file typo in arping path require, enabled ldap +- Fixed a dhclient option name and new/old ip address check + +------------------------------------------------------------------- +Fri May 7 14:10:21 UTC 2010 - mt@suse.de + +- Updated to ISC DHCP 4.1.1, the current 4.x series production + release, providing DHCPv6 client/server/relay implementation. + The programs act in DHCPv6 mode, when the -6 start option is set. + We install separate init scripts with a 6 at the end to handle + them, that is /etc/init.d/dhcpd6 and dhrelay6. Further, there is + also a link to the binaries with a 6 at the end, e.g. dhclient6, + making it visible, that the installed version supports DHCPv6. +- Moved additional documentation to a separate dhcp-doc package. +- Changed to provide config files and scripts as source files + instead of patches to the ISC scripts. +- Adopted spec file and config/scripts, merged in all patches. +- Implemented RFC 3442 classless static routes support in the + dhclient-script (bnc#555870). + +------------------------------------------------------------------- +Thu Apr 29 11:18:20 UTC 2010 - mt@suse.de + +- Updated to ISC DHCP 3.1-ESV, an extended support version release + which includes a small number of bug fixes (bnc#592178) over the + 3.1.3 version: + * Modified the handling of a connection to avoid releasing the + omapi io object for the connection while it is still in use. + One symptom from this error was a segfault when a failover + secondary attempted to connect to the failover primary if + their clocks were not synchronized. + * Fix test in dhcp_interface_signal_handler to check that the + inner handler has a signal_handler before calling it. + * When using 'ignore client-updates;', the FQDN returned to the + client is no longer truncated to one octet. + * Clean up some compiler warnings - ticket 19054. +- Fixed vlan interface check in dhcpd-restart-hook if-up.d script + (bnc#599702) +- Touch dhclient.leases in post-install script instead to provide + an empty file, versioned provides/obsoletes (rpmlint warnings). + +------------------------------------------------------------------- +Fri Mar 12 15:53:09 UTC 2010 - mt@suse.de + +- Fixed dhclient-script to call ifup -o dhcp and signal "complete" + to ifup when all configuration is done (bnc#585380,bnc#518219). + +------------------------------------------------------------------- +Thu Jan 7 20:41:13 CET 2010 - jengelh@medozas.de + +- Enable parallel building +- Use large PIE model on all SPARC flavors + +------------------------------------------------------------------- +Mon Dec 14 22:39:01 CET 2009 - mt@suse.de + +- Fixed dhclient-script to use correct sysconfig run dir path + to not to break the defaultroute/hostname setup (bnc#555095). +- Don't request any specific lease-time by default (bnc#516459). + +------------------------------------------------------------------- +Fri Oct 16 10:17:23 CEST 2009 - mt@suse.de + +- Fixed dhclient-script to forward new_domain_search as DNSSEARCH + to netconfig. + +------------------------------------------------------------------- +Tue Oct 13 22:51:49 CEST 2009 - mt@suse.de + +- Updated to dhcp-3.1.3 maintenance release fixing several issues + (a digest, see RELNOTES for the complete list): + * Remove infinite loop in token_print_indent_concat(). + * A parser bug was fixed that segfaulted if site-option-space + was tried to be used interchangeably with vendor-option-space. + * Two uninitialized stack structures are now memset to zero, + thanks to patch from David Cantrell at Red Hat. + * Memory leak in the load_balance_mine() function is fixed. This + would leak ~20-30 octets per DHCPDISCOVER packet while failover + was in use and in normal state. + * Fixed setting hostname in Linux hosts that require hostname + argument to be double-quoted. Also allow server-provided + hostname to override hostnames 'localhost' and '(none)'. + * Added client support for setting interface MTU and metric, + thanks to Roy "UberLord" Marples . + * Fixed failover reconnection retry code to continue to retry to + reconnect rather than restarting the listener. + * Fixed a bug where an OMAPI socket disconnection message would + not result in scheduling a failover reconnection, if the link + had not negotiated a failover connect yet (e.g.: connection + refused, asynch socket connect() timeouts). + * Versions 3.0.x syntax with multiple name->code option + definitions is now supported. Note that, similarly to 3.0.x, + for by-code lookups only the last option definition is used. + * Fixed a fenceposting bug when a client had two host records + configured, one using 'uid' and the other using 'hardware + ethernet'. CVE-2009-1892 +- Updated to dhcp-3.1.3-ldap-patch-mt-01 including previous fixes. +- Merged dhclient script, removed obsolete CVE-2009-1892 fix. + +------------------------------------------------------------------- +Tue Sep 29 11:37:18 CEST 2009 - mt@suse.de + +- Replaced mt-02 ldap patch from old git repository with equivalent + one (dhcp-3.1.2p1-ldap-patch-mt-02) from a new repository with + fixed patch history (http://www.suse.de/~mt/git/dhcp-ldap.git/). + +------------------------------------------------------------------- +Wed Aug 12 10:38:26 CEST 2009 - mt@suse.de + +- Added dhcpd-restart-hook if-up.d script that restarts dhcp server + while network restart when a virtual interfaces as bridge, bond + or vlan goes up again (bnc#517810). + +------------------------------------------------------------------- +Wed Jul 29 14:05:41 CEST 2009 - mt@suse.de + +- Applied fix for a dhcp client id DoS (CVE-2009-1892, bnc#519413). + +------------------------------------------------------------------- +Wed Jul 29 12:47:46 CEST 2009 - mt@suse.de + +- Updated to dhcp-3.1.2p1 maintenance release fixing following + issues: + * A stack overflow vulnerability was fixed in dhclient that could + allow remote attackers to execute arbitrary commands as root on + the system, or simply terminate the client, by providing an + over-long subnet-mask option. + * A double-dereference in dhclient transmission of DHCPDECLINEs + was repaired. + * Fix handling of -A and -a flags in dhcrelay; it was failing + to expand packet size as needed to add relay agent options. + * Corrected list of failover state values in dhcpd man page. + * Fixed a bug that caused some request types to be logged + incorrectly. + * Fixed a coredump when adding a class via OMAPI. + * Clients that sent a parameter request list containing the + routers option before the subnet mask option were receiving + only the latter. Fixed. + * The server wasn't always sending the FQDN option when it should. + * A partner-down failover server no longer emits 'peer holds all + free leases' if it is able to newly-allocate one of the peer's + leases. + * A cosmetic bug in DHCPDECLINE processing was fixed which caused + all successful DHCPDECLINEs to be logged as "not found" rather + than "abandoned". + * Some failover debugging #defines have been better defined and + some high frequency messages moved to a deeper debugging symbol. + * The CLTT parameter in failover is now only updated by client + activity, and not by failover binding updates. + * Failover BNDUPD messages are now discarded if they conflict with + an update that has been trasnmitted, but not acknowledged. + * A bug cleaning up unknown-xxx temporary option definitions was + fixed. +- Removed obsolete dhclient-no-dereference-twice patch +- Improved dhclient-script to apply global dhcp settings, when + there is no interface config (bnc#480922). +- Enabled casa support in dhcp-ldap for >= sles 10 and => 11.1. +- Updated dhcp-3.1.2p1-ldap-patch-mt.11.2-02 merging all patches + flying around -- see http://www.suse.de/~mt/git/dhcp-ldap.git + and the git changelog at the begin of the patch. + +------------------------------------------------------------------- +Mon Jan 19 15:58:38 CET 2009 - mt@suse.de + +- Fixed dhclient-script to apply a dhcp provided MTU (bnc#467358). + +------------------------------------------------------------------- +Thu Jan 15 16:43:01 CET 2009 - mt@suse.de + +- Fix message about missed service/server association (bnc#392354). +- Applied missed patch with support for dhcpFailOverPeer objects + (failover peering definition) by S Kalyanasundaram (fate#303198). + +------------------------------------------------------------------- +Thu Jan 15 13:50:01 CET 2009 - mt@suse.de + +- Fixed init script to copy nsswitch.conf and all libnss libs to + the chroot jail to fix resolving via /etc/hosts (bnc#462851). + +------------------------------------------------------------------- +Tue Dec 16 11:37:00 CET 2008 - mt@suse.de + +- Fixed init scripts Required-Start/Stop tags to require network- + remotefs script, so all interfaces are up while start. + +------------------------------------------------------------------- +Wed Nov 26 08:05:01 CET 2008 - coolo@suse.de + +- prereq sysconfig to avoid warnings about missing + /etc/sysconfig/dhcp + +------------------------------------------------------------------- +Mon Nov 24 13:00:39 CET 2008 - mt@suse.de + +- Removed network-number request from dhclient.conf (bnc#443788). + +------------------------------------------------------------------- +Tue Nov 11 11:12:23 CET 2008 - mt@suse.de + +- Fixed dhclient-script to apply DHCLIENT_SET_HOSTNAME and + SET_DEFAULT_ROUTE policy correctly and inclusive of per + interface setings (bnc#426650). +- Fixed dhclient-script to make sure, the host name is set + as short-name even dhcp provides fqdn (bnc#418168) +- Fixed dhclient-script to translate all known dhcp options + to netconfig variables and unknown with dhclient prefix. +- Fixed dhclient.conf to request all netbios dhcp-options, + added also nds and mtu options. + +------------------------------------------------------------------- +Fri Sep 12 16:58:22 CEST 2008 - mt@suse.de + +- Removed one of two option_state_dereference calls in dhclient.c + causing null pointer messages (not critical) in the log. +- Fixed a forgotten fi typo in the dhclient-script + +------------------------------------------------------------------- +Mon Sep 8 18:29:00 CEST 2008 - mt@suse.de + +- Updated to dhcp-3.1.1, providing following major new features + compared to its 3.0.x derivative: + * A significantly enhanced Failover protocol implementation, + which: + + Implements MAC Address Affinity to reduce the frequency + of clients being assigned new IP addresses; + + Supports the assignment of failover-protected addresses + to legacy BOOTP clients; + + Implements a dynamic lease reservation system that provides + improved accounting of the use of fixed address assignments, + by allocating fixed addresses out of the pool of dynamic leases + + Improves tools and reduces operator oversight necessary for + maintaining a functioning system. + * Support for DHCP leasequery, and the VIVCO/VIVSO options, which + makes easy and comfortable integration with DOCSIS devices and + the environment in which they are used. + * Management of class and subclass statements via OMAPI + * Several server configuration options related to dynamic DNS + behavior + * Other new configuration functions, including "execute()", + which runs a shell command from within a dhcpd or dhclient + configuration file + For a full list of new features added in this release, please + observe the changes list. +- Adopted/merged patches, dropped obsolete dhcdbd (NM) patches. + +------------------------------------------------------------------- +Fri Aug 22 13:34:07 CEST 2008 - mt@suse.de + +- Adopted dhclient-script and manual page to use /sbin/netconfig + that is replacing the modify_resolvconf mechanizm by default. + +------------------------------------------------------------------- +Wed Aug 20 15:11:14 CEST 2008 - mt@suse.de + +- Updated to dhcp-3.0.7, a maintenance release containing several + bug fixes; since the 3.0.6 release this are: + * Fixed "--version" flag in dhcrelay. + * Clarified error message when lease limit exceeded + * Fixed a buffer overflow error which could have allowed a denial + of service under unusual server configurations + * Bug in octal parsing fixed. Thanks to Bernd Fuhrmann for the + report and fix. + * The warning logged when an address range doesn't fit in the + subnets they were declared has been updated to be more helpful + and identify the typo in configuration that created the + spanning addresses. + * The 'min-secs' configuration parameter's log message has been + updated to be more helpful. + * Fixed a bug in which write_lease() might report a failure + incorrectly. + * Bug in server configuration parser caused server to get stuck + on startup for certain bad pool declarations. Thanks to + Guillaume Knispel for the bug report and fix. + * Fixed file descriptor leak on listen failure. Thanks to Tom + Clark. + * Failover binding acks are now transmitted before new binding + updates (which may, very rarely, be related to a lease on the + ack queue). This eliminates a lease database inconsistency + bug, as the remote system relies upon the most recent message + it received from its peer. + * POOLREQ messages received within 30 seconds of one another are + ignored. + * 'lease imbalance' messages are not logged unless rebalance was + actually attempted ("ten percent" rule). + * A bug was fixed where the 'giaddr' may be used to find the + client's subnet rather than its own 'ciaddr'. + * A log message was introduced to clarify the situation where a + failover 'address' parameter (the server's local address) did + not resolve to an IPv4 address. + * When server is configured with options that it overrides, a + warning is issued when the configuration file is read, rather + than at the time the option is overridden. This was important, + because the warning was given every time the option was + overridden, which could create a lot of unnecessary logging. + * When a failover server suspects it has encountered a peer + running a version 3.1.x failover server, a warning that the + failover wire protocol is incompatible is printed. + * The failover server no longer issues a floating point error + if it encounters a previously undefined option code. + * A memory leak when using omapi has been fixed. +- Adopted dhcp-send-hostname-rml patch +- Removed obsolete dhcp-3.0.5-pool_eof patch +- Merged changes between server:isc-dhcp and openSUSE:Factory +- Removed down parameter from ifconfig calls in dhclient-script + because it destroys bonding interfaces and also conflicts with + an dhcpv6 client running on same interface (bnc#410905). + +------------------------------------------------------------------- +Wed Aug 20 14:11:14 CEST 2008 - skalyanasundaram@novell.com + +- Added missing DNs (dhcpZoneDN, dhcpFailOverPeerDN) to list of + external references. + +------------------------------------------------------------------- +Fri Jun 27 14:28:02 CEST 2008 - mt@suse.de + +- Added /etc/openldap directory to the file list of the dhcp-server + package, because it is not provided by the ldap package any more. + +------------------------------------------------------------------- +Fri May 23 15:55:14 CEST 2008 - mt@suse.de + +- Don't set parts of host error messages as hostname (bnc#389668). + +------------------------------------------------------------------- +Mon May 19 15:47:19 CEST 2008 - mt@suse.de + +- Documentation updates for DDNS-howto.txt (bnc#359977). + +------------------------------------------------------------------- +Fri Apr 4 16:43:21 CEST 2008 - mt@suse.de + +- Changed the list of dhcp options required by the dhcp-client in + the server response to not to enforce the domain-name-servers + option availiability (bnc#331964). +- Fixed too long error messages server init script (bnc#353589). +- Renamed/renumbered patches modifying the dhclient.conf file. +- Fixed the dhclient-script to add explicit host route to default + gateway when it is not reachable via interface route created by + ifconfig based on the IP and netmask (e.g. /32) values provided + by dhcp server (bnc#266215). +- Fixed ntp configuration feature in dhclient-script to try-restart + the ntp service to apply the server changes. Changed to use new + per interface server list to avoid merge problems (bnc#375746). + +------------------------------------------------------------------- +Tue Apr 1 16:07:04 CEST 2008 - mkoenig@suse.de + +- remove dir /usr/share/omc/svcinfo.d as it is provided now + by filesystem + +------------------------------------------------------------------- +Tue Dec 4 11:02:45 CET 2007 - mt@suse.de + +- Bug #343069: Added dhcp-server compatibility workaround to search + for lower- and upper-case MAC addresses in the dhcpHWAddress LDAP + attributes. New patch: dhcp-3.0.6-ldap-patch_hwaddr-icase.dif + +------------------------------------------------------------------- +Mon Nov 19 09:43:56 CET 2007 - mt@suse.de + +- Disabled script setting in the /etc/dhclient.conf, + because it overrides the -sf command line option. + +------------------------------------------------------------------- +Fri Aug 24 10:25:29 CEST 2007 - mt@suse.de + +- Removed getcfg interface config to interface name conversions + +------------------------------------------------------------------- +Mon Jul 30 13:06:43 CEST 2007 - thoenig@suse.de + +- dhcp-3.0.3-dhclient-script-dhcdbd.patch: dbus-send is now located + in /bin + +------------------------------------------------------------------- +Thu Jul 19 16:14:33 CEST 2007 - mt@suse.de + +- Updated to 3.0.6, a maintenance release containing fixes + for bugs discovered since DHCP 3.0.5, but no new features. + See the RELNOTES file for full list of changes. +- Adopted dhcp-3.0rc10.filedes.dif patch + new patch file name: dhcp-3.0.6-dhclient-exec-filedes.dif +- Bug #289933: Let dhclient request netbios-name-servers as well; + old patch file name: dhcp-3.0.5-dhclient-nis-ntp.patch + new patch file name: dhcp-3.0.6-dhclient-requests-conf.patch +- Removed $local_fs from init-scripts, included in $remote_fs. + +------------------------------------------------------------------- +Wed Jun 27 17:41:11 CEST 2007 - anschneider@suse.de + +- Added support for ntpd runtime configuration + new patch file: dhcp-3.0.6-dhclient-script-ntp-runtime.patch + +------------------------------------------------------------------- +Wed Jun 27 12:27:47 CEST 2007 - lmuelle@suse.de + +- Let dhclient request ntp-servers by default. + +------------------------------------------------------------------- +Tue May 22 09:37:59 CEST 2007 - mt@suse.de + +- Bug 275592: Added ldap and ndsd to the Should-Start/Stop LSB + init info tags of the dhcp-server init script. +- Bug #241113: Added copying of /etc/openldap/ldap.conf and + more base libraries into the chroot jail. + +------------------------------------------------------------------- +Mon May 14 15:31:04 CEST 2007 - mt@suse.de + +- Bug #265337: Fix to generate proper "host ... {" block begin + brace even if no harware address is specified for the host. + New patch file: dhcp-3.0.5-ldap-patch_host_brace.dif +- Bug #258493: Fix to support new dhcpServerDN reference in + dhcpService object search filter. + New patch file: dhcp-3.0.5-ldap-patch_server_dn.dif +- Fixed LSB init info to use LSB 2.0 Should-Start/Should-Stop. + +------------------------------------------------------------------- +Thu Mar 15 18:07:35 CET 2007 - mt@suse.de + +- Bug #181212: Improved dhcp init-script to copy directories + specified in the DHCPD_CONF_INCLUDE_FILES sysconfig variable + into the chroot jail. + +------------------------------------------------------------------- +Wed Mar 14 12:15:11 CET 2007 - mt@suse.de + +- Bug #247365: Added installation of dhcp-server SuSEfirewall2 + service definition file. + +------------------------------------------------------------------- +Tue Mar 13 18:16:48 CET 2007 - mt@suse.de + +- Updated to dhcp-3.0.5-ldap-patch.gz, released on 2007-02-23 + fixing a parsing bug in dhcpd-conf-to-ldap.pl script to handle + correctly quoted string containing spaces. + Further, it includes our fixes and obsoletes following patches: + * dhcp-3.0.5-ldap-patch-strncat.dif + * dhcp-3.0.5-ldap-patch-casa-fix.dif + * dhcp-3.0.5-ldap-patch-dhcp-cn.dif + * dhcp-3.0.5-ldap-patch-schema.dif + * dhcp-3.0.5-ldap-patch-nomd5.dif + * dhcp-3.0.5-ldap-patch-referrals.dif + * dhcp-3.0.5-ldap-patch-ssl-opts.dif + * dhcp-3.0.5-ldap-patch-ldap_read.dif +- Bug #250153: Fix for object order related parse error, that + occured in case an dhcp-ldap object referencing a dhcp-tsigkey, + class or failoverpeer object was parsed before the declaration + of the referenced objects, because of the order in ldap result. + New patch file: dhcp-3.0.5-ldap-patch_object-order.dif + +------------------------------------------------------------------- +Tue Feb 20 11:45:29 CET 2007 - mt@suse.de + +- Bug #162186: Added check for EOF in parse_pool_statement to + avoid endless recursion loop between parse_pool_statement + and parse_statement when a closing right brace "}" is missed + at the end of a pool declaration in /etc/dhcpd.conf. + New patch file: dhcp-3.0.5-pool_eof.dif +- Fixed ldap_read_function to avoid returning of empty strings + causing parsing errors in ldap-dynamic mode. + New patch file: dhcp-3.0.5-ldap-patch-ldap_read.dif + +------------------------------------------------------------------- +Thu Jan 25 11:15:57 CET 2007 - mt@suse.de + +- Updated to dhcp-3.0.5-ldap-patch.gz, providing several fixes: + * unbind from the LDAP server after the config file has been ran + if the server is being ran in static mode + * fixed ldap_read_function bug where the entire configuration + was not being processed + and extensions / enhancements: + * added functions for reading config values from the config + file to clean up the ldap_start() function. + * new ldap-server-cn option that will be used to locate the + data in ldap; defaults to the hostname as before (FATE #227). + * while host is added in the ldap-method dynamic mode, try to + find if it belongs to a group and apply the group options too. + * modifies the dhcpHWAddress attribute to case-insensitive, adds + several new objectclasses, e.g. dhcpLocator, dhcpTsigKey, + dhcpDnsZone,dhcpFailOver to the dhcp.schema. + * implements support for dhcpTsigKey, dhcpDnsZone and related. + * implements auth password query via casa. +- Adopted ldap-patch-strncat, removed ldap-patch-nossl obsoleted by + ldap-patch-nomd5. New patch: dhcp-3.0.5-ldap-patch-strncat.dif +- Added dhcp-3.0.5-ldap-patch-nomd5.dif linking the dhcp-server + with md5 functions from openssl library instead of own copy. +- Added dhcp-3.0.5-ldap-patch-casa-fix.dif, fixing casa support +- Added dhcp-3.0.5-ldap-patch-dhcp-cn.dif, renaming the dhcpd.conf + ldap-server-cn option to more clear ldap-dhcp-server-cn. +- dhcp-3.0.5-ldap-patch-schema.dif +- Added dhcp-3.0.5-ldap-patch-referrals.dif, implementing support + for LDAP referrals, introducing new "ldap-referrals " + option in dhcpd.conf. +- Added dhcp-3.0.5-ldap-patch-ssl-opts.dif enabling/implementing + TLS/LDAPS support. Adds new "ldap-ssl " + and several "ldap-tls-*" options for dhcpd.conf. By default, the + server trys to use TLS if possible, but continues without if not. + +------------------------------------------------------------------- +Tue Jan 9 13:48:07 CET 2007 - mt@suse.de + +- Added installation of dhcpd.xml, dhcpd service description + for omc xml-service-provider, fate #301710. +- fix of the ldap-patch strncat fix, bug #202648 + +------------------------------------------------------------------- +Wed Nov 8 11:33:50 CET 2006 - mt@suse.de + +- fix for strncat usage in ldap-patch, bug #202648 + +------------------------------------------------------------------- +Tue Nov 7 11:28:23 CET 2006 - mt@suse.de + +- updated to 3.0.5, bug #212310: + * This release is a maintenance release that seeks to correct bugs + introduced in 3.0.4 or prior. The most important of these bugs + is for 64-bit time_t systems that was introduced in 3.0.4. + * If you are upgrading from ISC DHCP 3.0.3 or prior and are using + failover, please take special care of the 'atsfp' values now + included on failover-controlled leases. See the RELNOTES file. +- adopted dhcp-3.0.4-tmpfile.dif (now dhcp-3.0.5-tmpfile.dif) +- added to provide gpg signature of the tar archive as rpm-source + +------------------------------------------------------------------- +Tue Oct 17 20:26:30 CEST 2006 - poeml@suse.de + +- there is no SuSEconfig.syslog script anymore, thus remove the + YaST hint from the sysconfig template + +------------------------------------------------------------------- +Fri Jun 9 14:49:58 CEST 2006 - poeml@suse.de + +- upstream 3.0.4: + * fix an insidious bug in the failover implementation which, if + left unchecked, could result in tying up all leases in + transitional states (such as released, reset, or expired) + * fix a confusing (wrong) syslog line, logged by during DDNS update + * The server now tries harder to survive the condition where it is + unable to open a new lease file to rewrite the lease state + database. + * several other small bug fixes +- update ldap patch. It now supports ldap over ssl, but we don't + enable it and add dhcp-3.0.4-ldap-patch-nossl.dif, because at the + moment there seems to be a choice between linking dhclient + against ldap+ssl libs (not in /lib) or risking clash between + openssl and isc's md5 symbols. (At least, I assume that this is + the reason why the ldap patch now removes the isc implementation + from the build.) Thus, I readd the patch which added ldap libs to + LIBS in the server subdir only, via ./configure +- if /etc/sysconfig/dhcpd:DHCPD_INTERFACE is set to "ANY", dhcpd + will now autodetect available network interfaces + +------------------------------------------------------------------- +Fri Jun 2 11:55:59 CEST 2006 - poeml@suse.de + +- allow for build on SUSE Linux 9.3 and older (no -fpie) +- clean up all CFLAGS/DEBUG_FLAGS definitions + +------------------------------------------------------------------- +Tue May 16 16:24:33 CEST 2006 - poeml@suse.de + +- add s390x to the list of platforms to compile with -fsigned-char + to avoid the dhclient.conf parse error "expecting a statement" + [#171532], [#134590] + +------------------------------------------------------------------- +Thu May 4 23:01:10 CEST 2006 - rml@suse.de + +- Add "-H" flag for setting hostname (Novell major bug #139532) + +------------------------------------------------------------------- +Wed Mar 29 15:47:38 CEST 2006 - poeml@suse.de + +- fix two further include paths in dhcpctl.3 and omapi.3 + +------------------------------------------------------------------- +Wed Mar 29 12:50:24 CEST 2006 - poeml@suse.de + +- package the static libdst.a library [#158271] +- fix the include path in dhcpctl.3 and omapi.3 [#158271] + +------------------------------------------------------------------- +Fri Jan 27 01:11:31 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Jan 25 14:06:19 CET 2006 - poeml@suse.de + +- dereference links when copying stuff into the chroot jail [#145169] + +------------------------------------------------------------------- +Mon Jan 23 11:53:45 CET 2006 - thoenig@suse.de + +- dropped dhcp-3.0.3-dhclient-nm_active-01-thoenig.patch. Correct + solution is being implemented in NetworkManager + +------------------------------------------------------------------- +Sat Jan 14 12:40:06 CET 2006 - thoenig@suse.de + +- replaced 'nis-domain-servers' by 'nis-servers' in + dhcp-3.0.3-dhclient-nis-01-thoenig.patch (follow-up #134160) + +------------------------------------------------------------------- +Fri Jan 13 22:35:10 CET 2006 - thoenig@suse.de + +- add 'nis-domain' and 'nis-domain-servers' to 'request' + dhclient.conf (dhcp-3.0.3-dhclient-nis-01-thoenig.patch). If + the DHCP reply contains information about NIS, NM will set those. + (#134160) +- extended /sbin/dhclient-script to set domain name and host name. + This will only happen if the relevant options in + /etc/sysconfig/network/dhcp are set. + (dhcp-3.0.3-dhclient-nm_active-01-thoenig.patch) (#134160) + +------------------------------------------------------------------- +Mon Nov 28 14:43:43 CET 2005 - poeml@suse.de + +- compile with -fsigned-char on ppc/ppc64, avoiding the + dhclient.conf parse error "expecting a statement" [#134590] + +------------------------------------------------------------------- +Mon Sep 26 01:30:25 CEST 2005 - ro@suse.de + +- define LDAP_DEPRECATED in CFLAGS + +------------------------------------------------------------------- +Wed Aug 3 15:07:50 CEST 2005 - poeml@suse.de + +- update to 3.0.3 + * A bug was fixed in BOOTPREQUEST handling code wherein stale + references to host records would be left behind on leases that + were not allocated to the client currently booting (eg in the + case where the host was denied booting). + * The dhcpd.conf.5 manpage was updated to be more clear in + regards to multiple host declarations (thanks to Vincent + McIntyre). 'Interim' style dynamic updates were also + retouched. + * dhclient.conf documentation for interface {} was updated to + reflect recent discussion on the dhcp-hackers mailing list. +- update ldap patch, patches merged upstream +- compile with LPF instead of bsd sockets. Provide optional binary + compiled with bsd sockets. +- README: describe how to serve option 119 (searchlist), add dns + compression tool + +------------------------------------------------------------------- +Tue Jul 12 08:47:02 CEST 2005 - hare@suse.de + +- build with pie/PIE depending on architecture. + +------------------------------------------------------------------- +Thu Jun 30 21:38:41 CEST 2005 - gekker@suse.de + +- Add -DEXTENDED_NEW_OPTION_INFO to CFLAGS for rml + +------------------------------------------------------------------- +Tue Jun 28 22:03:50 CEST 2005 - gekker@suse.de + +- Add support for dhcdbd, patches from RH via rml + +------------------------------------------------------------------- +Mon Jun 20 16:45:22 CEST 2005 - ro@suse.de + +- build with pie/fpie + +------------------------------------------------------------------- +Mon Jun 13 15:26:44 CEST 2005 - kukuk@suse.de + +- Don't use kernel types in user space + +------------------------------------------------------------------- +Fri Apr 8 16:25:06 CEST 2005 - poeml@suse.de + +- update to 3.0.3b1 release. Changes since 3.0.2: + * A bug was fixed where a server might load balance a DHCP REQUEST to its + peer after already choosing not to load balance the preceeding DISCOVER. + The peer cannot allocate the originating server's lease. + * In the case where a secondary server lost its stable storage while the + primary was still in communications-interrupted, and came back online, + the lease databases would not be fully transferred to the secondary. + This was due to the secondary errantly sending an extra UPDREQ message + when the primary made its state transition to PARTNER-DOWN known. + * The package will now compile cleanly in gcc 3.3 and 3.4. As a side effect, + lease structures will be 9 bytes smaller on all platforms. Thanks to + Jason Vas Dias at Redhat. + * Interface discovery code in DISCOVER_UNCONFIGURED mode is now + properly restricted to only detecting broadcast interfaces. Thanks + to a patch from Jason Vas Dias at RedHat. + * decode_udp_ip_header was changed so that the IP address was copied out + to a variable, rather than referenced by a pointer. This enforces 4-byte + alignment of the 32-bit IP address value. Thanks to a patch from Dr. + Peter Poeml. + * An incorrect log message was corrected thanks to a patch from + Dr. Peter Poeml. + * A bug in DDNS was repaired, where if the server's first DDNS action was + a DDNS removal rather than a DDNS update, the resolver library's + retransmit timer and retry timer was set to the default, implying a + 15 second timeout interval. Which is a little excessive in a synchronous, + single-threaded system. In all cases, ISC DHCP should now hold fast to + a 1-second timeout, trying only once. + * The siaddr field was being improperly set to the server-identifier when + responding to DHCP messages. RFC2131 clarified the siaddr field as + meaning the 'next server in the bootstrap process', eg a tftp server. + The siaddr field is now left zeroed unless next-server is configured. + * mockup_lease() could have returned in an error condition (or in the + condition where no fixed-address was found matching the shared + network) with stale references to a host record. This is probably not + a memory leak since host records generally never die anyway. + * A bug was repaired where failover servers would let stale client identifiers + persist on leases that were reallocated to new clients not sending an id. + * Binding scopes ("set var = value;") are now removed from leases allocated + by failover peers if the lease had expired. This should help reduce the + number of stale binding scopes on leases. + * A small memory leak was closed involving client identifiers larger than + 7 bytes, and failover. + * Configuring a subnet in dhcpd.conf with a subnet mask of 32 bits might + cause an internal function to overflow heap. Thanks to Jason Vas Dias + at Redhat. + * Some inconsistencies in treating numbers that the lexer parsed as 'NUMBER' + or 'NUMBER_OR_NAME' was repaired. Hexadecimal parsing is affected, and + should work better. + * In several cases, parse warnings were being issued before the lexical + token had been advanced to the token whose value was causing an error... + causing parse warnings to claim the problem is on the wrong token. + * Host declarations matching on client identifier for dynamic leases will + no longer match fixed-address host declarations (this is now identical + to behaviour for host records matching on hardware address). +- print error if binary DHCPD_BINARY is not found [#76392] +- remove patches incorporated upstreams +- update ssh forced command example in dhcpsync man page + +------------------------------------------------------------------- +Mon Feb 21 17:53:08 CET 2005 - poeml@suse.de + +- update to 3.0.2 release. Changes since 3.0.2rc3: + * A previously undocumented configuration directive, + 'local-address', was documented in the dhcpd.conf manpage. + +------------------------------------------------------------------- +Tue Feb 8 17:40:05 CET 2005 - mt@suse.de + +- Bug #49433: try to reconnect to ldap server if it was down; + ignore SIGPIPE while ldap_unbind called on closed handle. + = new patch file: dhcp-3.0.2-ldap-reconnect.mt.dif.gz + +------------------------------------------------------------------- +Tue Dec 7 15:29:15 CET 2004 - poeml@suse.de + +- update to 3.0.2rc3. Changes since rc2: + * Two variables introduced in 3.0.2b1 were used without being + initialized in the case where neither the FILE nor SNAME fields + were available for overloading. This was repaired. + * A heretofore believed to be impossible corner case of the + option overloading implementation turned out to be possible + ("Unable to sort overloaded options after 10 tries."). The + implementation was reworked to consider the case of an option + so large it would require more than three chunks to fit. + * Many other instances of variables being used without being + initialized were repaired. + * An uninitialized variable in omapi_io_destroy() led to the + discovery that this function may result in orphaned pointers + (and hence, a memory leak). +- refresh the unaligned.patch + +------------------------------------------------------------------- +Tue Nov 30 14:10:15 CET 2004 - poeml@suse.de + +- update to 3.0.2rc2. Changes since 3.0.1: + * allocate_lease() was rewritten to repair a bug in which the server would + try to allocate an ABANDONED lease when FREE leases were available. + * Some dhcp-eval.5 manpage formatting was repaired. + * A bug was fixed in the server's 'option overloading' implementation, + where options loaded into the 'file' and 'sname' packet fields were + not aligned precisely as rfc2131 dictates. + * The FreeBSD client script was changed to support the case where a domain + name was not provided by the server. + * A memory leak in 'omshell' per each command line parsed was + repaired, thanks to a patch from Jarkko Torppa. + * Log functions writing to stderr were adjusted to use the STDERR_FILENO + system definition rather than '2'. This is a no-op for 90% of platforms. + * One call to trace_write_packet_iov() counted the number of io vectors + incorrectly, causing inconsistent tracefiles. This was fixed. + * Some expression parse failure memory leaks were closed. + * A host byte order problem in tracefiles was repaired. + * Pools configured in DHCPD for failover possessing permission lists that + previously were assumed to not include dyanmic bootp clients are now + a little more pessimistic. The result is, dhcpd will nag you about just + about most pools that possess a 'allow' statement with no 'deny' that + would definitely match a dynamic bootp client. + * The 'ddns-update-style' configuration warning bit now insists that + the configuration be globally scoped. + * Two memory leaks in dhclient were closed thanks to a patch from Felix + Farkas. + * Some minor but excellently pedantic documentation errors were fixed + thanks to a patch from Thomas Klausner. + * Bugs in operator precedence in executable statements have been repaired + once again. More legal syntaxes should be parsed legally. + * Failing to initialize a tracefile for any reason if a tracefile was + specified is now a fatal error. Thanks to a patch from Albert Herranz. + * Corrected a bug in which the number of leases transferred as calculated + by the failover primary and sent to peers in POOLRESP responses may be + incorrect. This value is not believed to be used by other failover + implementations, excepting perhaps as logged information. + * Corrected a bug in which 'dhcp_failover_send_poolresp()' was in fact + sending POOLREQ messages instead of POOLRESP mesasges. This message + was essentially ignored since failover secondaries effectively do not + respond to POOLREQ messages. + * Type definitions for various bitwidths of integers in the sunos5-5 + build of ISC DHCP have been fixed. It should compile and run more + easily when built in 64-bit for this platform. + * "allow known-clients;" is now a legal syntax, to avoid confusion. + * If one dhcp server chooses to 'load balance' a request to its failover + peer, it first checks to see if it believes said peer has a free + lease to allocate before ignoring the DISCOVER. + * log() was logging a work buffer, rather than the value returned by + executing the statements configured by the user. In some cases, + the work buffer and the intended results were the same. In some other + cases, they were not. This was fixed thanks to a patch from Gunnar + Fjone and directconnect.no. + * Compiler warnings for some string type conversions was fixed, thanks + to Andreas Gustafsson. + * The netbsd build environments were simplified to one, in which + -Wconversion is not used, thanks to Andreas Gustafsson. + * How randomness in the backoff-cutoff dhclient configuration variable + is implemented was better documented in the manpage, and the behaviour + of dhclient in REQUEST timeout handling was changed to match that of + DISCOVER timeout handling. + * Omapi was hardened against clients that pass in null values, thanks + to a patch from Mark Jason Dominus. + * A bug was fixed in dhclient that kept it from doing client-side + ddns updates. Thanks to a patch from Andreas Gustafsson, which + underwent some modification after review by Jason Vas Dias. + * Failover implementations disconnected due to the network between + them (rather than one of the two shutting down) will now try to + re-establish the failover connection every 5 seconds, rather than + to simply try once and give up until one of them is restarted. + Thanks to a patch from Ulf Ekberg from Infoblox, and field testing + by Greger V. Teigre which led to an enhancement to it. + * A problem that kept DHCP Failover secondaries from tearing down + ddns records was repaired. Thanks to a patch from Ulf Ekberg from + Infoblox. + * 64bit pointer sizes are detected properly on FreeBSD now. + * A bug was repaired where the DHCP server would leave stale references + to host records on leases it once thought about offering to certain + clients. The result would be to apply host and 'known' scopes to the + wrong clients (possibly denying booting). NOTE: The 'mis-host' patch + that was being circulated as a workaround is not the way this bug was + fixed. If you were a victim of this bug in 3.0.1, you are cautioned + to proceed carefully and see if it fixes your problem. + * A bug was repaired in the server's DHCPINFORM handling, where it + tried to divine the client's address from the source packet and + would get it wrong. Thanks to Anshuman Singh Rawat. + * A log message was introduced to help illuminate the case where the + server was unable to find a lease to assign to any BOOTP client. + Thanks to Daniel Baker. + * A minor dhcpd.conf.5 manpage error was fixed. +- update ldap patch (11/8/2004 version) + +------------------------------------------------------------------- +Thu Nov 11 12:47:21 CET 2004 - ro@suse.de + +- fixed file list for devel package + +------------------------------------------------------------------- +Thu Sep 23 11:34:56 CEST 2004 - poeml@suse.de + +- sysconfig.dhcpd, sysconfig.dhcrelay: give examples how to use + configuration names instead of interface names + +------------------------------------------------------------------- +Thu Aug 5 14:12:50 CEST 2004 - poeml@suse.de + +- update to 3.0.1 + * The global variable 'cur_time' was centralized and is now + uniformly of a type #defined in system-dependent headers. It + had previously been defined in one of many places as a 32-bit + value, and this causes mayhem on 64-bit big endian systems. It + probably wasn't too healthy on little endian systems either. + * A printf format string error introduced in rc14 was repaired. + * AIX system-dependent header file was altered to only define + NO_SNPRINTF if the condition used to #ifdef in vsnprintf in + AIX' header files is false. + * The Alpha/OSF system-dependent header file was altered to + define NO_SNPRINTF on OS revisions older than 4.0G. + * omapip/test.c had string.h added to its includes. +- drop obsolete dhcp-curtimetype.patch +- cope with missing files during chroot setup (e.g., if no + resolv.conf exists) [#40728] +- remove duplicated option "-cf" from usage output +- add notes about the used raw socket API to README + +------------------------------------------------------------------- +Fri Jul 16 14:27:18 CEST 2004 - poeml@suse.de + +- update to 3.0.1rc14 +- remove obsolete patches and adapt dhcp-3.0.1rc13-tmpfile.dif +- dhcpsync: use try-restart (so the server isn't started if it has + been stopped) +- remove notify messages that are sent to root +- check if dhcpd was active at boot time before update and + restore runlevel links if needed [#41215], and PreRequires for + that + +------------------------------------------------------------------- +Mon Jun 14 20:51:29 CEST 2004 - poeml@suse.de + +- security fixes [#41975]: + - fix buffer overflow in the DHCP server that can be exploited by + the client by specifying multiple 'hostnames' to execute + arbitrary code or at least crash the server. VU#317350 + - add patch to use vsnprintf() instead of vsprintf() calls. + VU#654390 + +------------------------------------------------------------------- +Fri May 14 15:04:50 CEST 2004 - poeml@suse.de + +- fix sysconfig comment and DHCPD_RUN_AS default [#40174] + +------------------------------------------------------------------- +Thu May 13 14:05:35 CEST 2004 - poeml@suse.de + +- improve security of the chroot jail setup by creating a dedicated + user id for the server, and move the leases database into a + subdirectory (/var/lib/dhcp/db). With the exception of that + subdirectory the chroot jail is now owned by root. [#40174] Use + mkstemp to create temporary files. [#40267] +- don't use startproc to start dhcpd, because startproc waits a + fixed time (100 msec) until it decides whether the service is + running or not. Now that dhcpd might have to contact an LDAP + server first to read its configuration, starting up can take + longer than that, and the init script would falsely report + "success" even when the server cannot start up due to broken + configuration or non-existant interfaces. Increasing the + startproc timeout (-t) is not a real alternative because, because + it would imply a fixed dely to the init script, and it might + still be too short. [#40350] + +------------------------------------------------------------------- +Tue May 4 18:24:14 CEST 2004 - poeml@suse.de + +- convert configuration names in DHCPD_INTERFACE / + DHCRELAY_INTERFACES into interface names [#39718] +- fix service restart for the case where the binary has been + switched for backward compatibility during updating. +- do not change DHCPD_BINARY for backward compatibility if updating + from 9.0. This and the last change complete the fix for [#38422] + and take care of updates from 8.1-9.1 with and without YOU + updates. + +------------------------------------------------------------------- +Fri Apr 30 15:09:44 CEST 2004 - poeml@suse.de + +- additionally package the dhcpd binary that uses the Linux packet + filter API. New option DHCPD_BINARY in sysconfig.dhcpd. [#38422] +- when updating from a previous package using LPF API, retain the + old behaviour. Fix init script so that 'stop' works also after a + switch of DHCPD_BINARY. + +------------------------------------------------------------------- +Thu Apr 22 11:53:00 CEST 2004 - mt@suse.de + +- updated to dhcp-3.0.1rc13-ldap-patch also obsolating the + patches: dhcp-ldap-fix01.dif, dhcpd-conf-to-ldap.pl.dif +- added dhcp-3.0.1rc13-ldap.mt.dif, providing diverse fixes + and basic failover support for server/ldap.c +- added dhcpd-conf-to-ldap.mt.dif providing failover support + to dhcpd.conf convert script + +------------------------------------------------------------------- +Thu Mar 25 19:23:17 CET 2004 - mt@suse.de + +- applied dhcp-3.0.1rc12-ldap-patch adding support to store + dhcp configuration in ldap (incl. draft ldap schema). + further patches: + - dhcp-ldap-fix01.dif: fixes for server/ldap.c (debuging + output, support for block statements, ...) + - dhcpd-conf-to-ldap.pl.dif: fixes for convert script + +------------------------------------------------------------------- +Wed Feb 25 16:00:55 CET 2004 - poeml@suse.de + +- the genDDNSkey script has been moved to the bind-utils package +- update the DDNS-howto.txt +- package leases.awk (dhcpd.leases analyzer) (courtesy of Jeff Wilson) +- update to 3.0.1rc13 + - Fixed a bug in omapi lease lookup function, to form the + hardware address for the hash lookup correctly + - The 'ping timeout' debugs from rc12 were removed to -DDEBUG + only + - Fixed a case where leases read from the leases database do not + properly over-ride previously read leases. + - Fixed a bug where dhcrelay was sending relayed responses back + to the broadcast address, but with the source's unicast mac + address. Should now conform to rfc2131 section 4.1. + - Fixed a crash bug in dhclient where dhcpd servers that do not + provide renewal times results in an FPE. As a side effect, + dhclient can now properly handle 0xFFFFFFFF (-1) expiry times + supplied by servers. + - dhcpctl.3 manpage was tweaked. +- the files CHANGES and COPYRIGHT have vanished, package LICENSE + instead + +------------------------------------------------------------------- +Sun Jan 11 10:35:11 CET 2004 - adrian@suse.de + +- build as user + +------------------------------------------------------------------- +Tue Nov 18 22:48:05 CET 2003 - poeml@suse.de + +- if starting dhcpd in chroot jail, and a pid file is present in + the jail, and the pid file does not contain a pid of a running + dhcpd process, but that of another _running_ process, remove + that pid file. [#32603] +- fix typo in dhcp.LIESMICH +- DDNS-howto.txt: adjust changed path +- DDNS-howto.txt: instead of the shell variables (they were copy + and paste'd from a script), use a real example (makes it easier) +- add a comment in sysconfig.dhcpd that entire directories may be + included +- dhcpsync: if run from the commandline, do not use an identity + that ssh-agent may hold, but use $KEY instead +- dhcpsync.8: add a note about a know limitation + +------------------------------------------------------------------- +Tue Nov 18 14:06:10 CET 2003 - poeml@suse.de + +- fix wrong ServiceRestart tags in sysconfig/dhcrelay [#32062] + +------------------------------------------------------------------- +Fri Oct 17 14:12:45 CEST 2003 - uli@suse.de + +- fixed data type mismatch in libomapi, only harmful on 64-bit + BE systems (ppc64, s390x, bug #32123) + +------------------------------------------------------------------- +Mon Sep 8 16:32:33 CEST 2003 - poeml@suse.de + +- update to 3.0.1rc12 + - a failover bug relating to identifying peers by name length + instead of by name was fixed + - declaring failover configs within shared-network statements + should no longer result in error + - a problem with lease expiry times in failover configurations + was fixed + - reverse dns PTR record updates with values containing spaces + are now permitted + - problems with long option processing fixed + - fixes to minires so that updates of KEY records will work + - memory leak in configuration parsing closed + - non-broadcast or point-to-point interfaces are now ignored + - options not yet known by the dhcpd or dhclient now appear as + e.g. "unknown-144" rather than "#144" in the leases file, to + avoid the hash marks + - dhclient no longer uses shell commands to kill another instance + of itself, it sends the signal directly. + - the -nw command line option to dhclient now works +- dhcp-3.0.1rc10-dhcrelay-limit-hopcount.dif included upstreams +- added contrib/ms2isc (converts Microsoft DHCP server configuration) + +------------------------------------------------------------------- +Mon Sep 8 10:46:42 CEST 2003 - poeml@suse.de + +- mark dhclient's lease database %config(noreplace) + +------------------------------------------------------------------- +Wed Sep 3 13:28:21 CEST 2003 - kukuk@suse.de + +- Really fix [#29405], server should not provide and obsolete dhcp. + +------------------------------------------------------------------- +Wed Aug 27 12:34:27 CEST 2003 - poeml@suse.de + +- don't provide/require dhcp-base. Require dhcp instead [#29405] + +------------------------------------------------------------------- +Tue Aug 26 18:16:28 CEST 2003 - poeml@suse.de + +- add Config: syslog-ng to sysconfig.syslog-dhcpd + +------------------------------------------------------------------- +Fri Aug 15 03:28:02 CEST 2003 - poeml@suse.de + +- use -Wall -Wno-unused +- add -fno-strict-aliasing, due to warnings about code where + dereferencing type-punned pointers will break strict aliasing +- add activation metadata to sysconfig template [#28864, [#28865], + [#28950] + +------------------------------------------------------------------- +Tue Aug 12 21:05:33 CEST 2003 - poeml@suse.de + +- rc.dhcpd, rc.dhcrelay: implement try-restart correctly +- cleaned up the root mail, and the READMEs [#27214], [#26266] +- send the root mail only on update [#27214] +- have no default value in /etc/sysconfig/dhcpd:DHCPD_INTERFACE +- in client's %post, send a mail only when rc.config is encountered +- clean buildroot, but not in chroot buildsystem +- the SuSE string is now replaced by UnitedLinux where appropriate +- rename the "dhcp-base" package to "dhcp", so there is a binary + package matching the name of the source package [#17668] +- use the lately added macros only on newer distributions + +------------------------------------------------------------------- +Wed Jul 30 16:58:25 CEST 2003 - poeml@suse.de + +- new macros for stop/restart of services on rpm update/removal + +------------------------------------------------------------------- +Mon Jul 28 14:25:01 CEST 2003 - poeml@suse.de + +- when copying include files into the chroot jail, create + subdirectories as needed, thus retaining the path to the files + +------------------------------------------------------------------- +Sun Jul 27 15:45:49 CEST 2003 - poeml@suse.de + +- don't explicitely strip binaries since RPM handles it, and may + keep the stripped information somewhere + +------------------------------------------------------------------- +Mon Jun 16 16:32:47 CEST 2003 - poeml@suse.de + +- add some notes to DDNS-howto.txt, kindly provided by Andrew Beames +- fix typo in genDDNSKey.sh + +------------------------------------------------------------------- +Wed May 21 18:25:11 CEST 2003 - mmj@suse.de + +- Implement try-restart correctly in init-script + +------------------------------------------------------------------- +Mon May 19 14:06:36 CEST 2003 - poeml@suse.de + +- update to 3.0.1rc11, relevant fixes are + - Potential buffer overflows in minires repaired. + - A correction of boolean parsing syntax validation - some illegal syntaxes + that worked before are now detected and produce errs, some legal syntaxes + that errored before will now work properly. + - Some search-and-replace errors that caused some options to change their + names was repaired. + - Shu-min Chang of the Intel corporation has contributed a perl script and + module that converts the MS NT4 DHCP configuration to a ISC DHCP3 + configuration file. + - Applied the remainder of the dhcpctl memory leak patch provided by Bill + Squier at ReefEdge, Inc. (groo@reefedge.com). + - Missing non-optional failover peer configurations will now result in a soft + error rather than a null dereference. +- use BSD sockets instead of LPF (makes iptables filtering of + packages possible for server and relay. It doesn't work on the + client, though, so that one requires seperate compilation.) See + Message-Id: <5.1.0.14.0.20030408175011.00b9c7c0@pop.itd.nrl.navy.mil> + +------------------------------------------------------------------- +Thu Mar 13 13:14:03 CET 2003 - poeml@suse.de + +- rcdhcpd, rcdcrelay: do not write the startup log to a world + writable directory [#25241] + +------------------------------------------------------------------- +Mon Mar 3 16:38:07 CET 2003 - poeml@suse.de + +- don't try to copy libraries into the chroot jail that do not + exist (any longer) [#24533] +- remove the %ghost filelist entries for pid files and chroot jail + contents [#20030]. Clean up the libraries from the jail when the + server is stopped. +- dhcrelay: add patch from Florian Lohoff (slightly modified), + that makes the maximal hop count of forwarded packages + configurable (-c maxcount), sets the default to 4, and rejects + packages with a hop count higher than maxcount (CAN-2003-0039, + http://www.kb.cert.org/vuls/id/149953). Add a variable to + /etc/sysconfig/dhcrelay to pass such additional options. + +------------------------------------------------------------------- +Wed Feb 12 15:29:29 CET 2003 - mmj@suse.de + +- Added sysconfig metadata [#22631] [#22632] [#22696] + +------------------------------------------------------------------- +Tue Dec 10 14:51:59 CET 2002 - okir@suse.de + +- Added security patch from ISC + +------------------------------------------------------------------- +Thu Dec 5 18:26:18 CET 2002 - poeml@suse.de + +- update to 3.0.1rc10. relevant fixes: + - A Linux-specific Token Ring detection problem was fixed. + - Hashes removed from as-yet-unknown agent options, having those + options appear in reality before we know about them will no + longer produce self-corrupting lease databases. + - dhclient will use the proper port numbers now when using the -g + option. + - A order-of-operations bug with 2 match clauses in 1 class + statement is fixed thanks to a patch from Andrew Matheson. + - A fix to the dhcp ack process which makes certain group options + will be included in the first DHCPOFFER message was made thanks + to a patch from Ling Gou. + - A few memory leaks were repaired thanks to patches from Bill + Squier at ReefEdge, Inc. (groo@reefedge.com). + - A fix for shared-networks that sometimes give clients options + for the wrong subnets (in particular, 'option routers') was + applied, thanks to Ted Lemon for the patch. + - Omshell's handling of dotted octets as values was changed such + that dots one after the other produce zero values in the + integer string. +- due to the upstream fixes: drop the reactivate-tr-support.dif and + format.dif +- retrofitted the (server) package to work for old distributions + down to 7.2 + +------------------------------------------------------------------- +Fri Nov 29 12:58:46 CET 2002 - schwab@suse.de + +- Fix unaligned access. + +------------------------------------------------------------------- +Mon Nov 4 13:02:26 CET 2002 - poeml@suse.de + +- update DDNS-howto.txt for BIND9 +- add genDDNSKey.sh to create a key for BIND8/9 +- add comments about DDNS to the dhcpd.conf [#18419], and + directives to disable DDNS by default +- change defaults in the sample configuration + +------------------------------------------------------------------- +Thu Aug 29 18:01:32 CEST 2002 - poeml@suse.de + +- fix permissions of man pages + +------------------------------------------------------------------- +Sun Aug 18 15:03:16 CEST 2002 - poeml@suse.de + +- re-add token ring support that got lost ("tr0:unknown hardware + address type 800"). With 2.4 kernel, ARPHRD_IEEE802 (6) has been + renamed to ARPHRD_IEEE802_TR (800). Known bug in 3.0.1rc9. +- move PreReq tag to the subpackages, where it is actually needed + [#17822, #17821] + +------------------------------------------------------------------- +Mon Aug 12 17:25:09 CEST 2002 - poeml@suse.de + +- dhcp-client: add missing Requires on /usr/bin/host + +------------------------------------------------------------------- +Mon Aug 12 14:53:14 CEST 2002 - poeml@suse.de + +- Fix requires of dhcp-devel subpackage +- add some helpful scripts, courtesy of Kevin C. Miller + +------------------------------------------------------------------- +Thu Aug 1 02:05:06 CEST 2002 - poeml@suse.de + +- use PreReq + +------------------------------------------------------------------- +Wed Jul 17 17:55:08 CEST 2002 - poeml@suse.de + +- add a sysconfig.syslog-dhcpd template to make syslogd open an + additional socket (inside the chroot dir of dhcpd) + +------------------------------------------------------------------- +Thu Jul 11 16:28:20 CEST 2002 - poeml@suse.de + +- fix typo in %post, introduced with last change + +------------------------------------------------------------------- +Thu Jul 11 15:33:11 CEST 2002 - poeml@suse.de + +- add Version: tags to the subpackages to satisfy the build system, + because dhcp has no main package [#16318] +- run in chroot and as user nobody per default +- fix wrong pathnames in mail to root [#15601] +- install example dhcpd.conf [#9122] +- improve example configuration files [#12563] +- init scripts: update INIT INFO, using the new tags from + /etc/init.d/skeleton + +------------------------------------------------------------------- +Tue May 21 18:48:50 CEST 2002 - poeml@suse.de + +- dhclient-script: + - source the right sysconfig files (/etc/sysconfig/network/) + [#15871] + - use KEEP_SEARCHLIST option (thanks Sumit Bose) + - improve the indentation + +------------------------------------------------------------------- +Thu May 16 13:15:36 CEST 2002 - poeml@suse.de + +- add documentation about configuration for dynamical DNS updates + +------------------------------------------------------------------- +Mon May 13 19:33:59 CEST 2002 - poeml@suse.de + +- fix last change (rediff dhcp-3.0.1rc9.format.dif) + +------------------------------------------------------------------- +Mon May 13 18:21:50 CEST 2002 - poeml@suse.de + +- update to 3.0.1rc9 + - fixes a format string vulnerability in the server that could + lead to a remote root compromise + (see http://www.cert.org/advisories/CA-2002-12.html) + - fixes a memory leak in the client and some other minor bugs +- fix some printf arguments in server/omapi.c +- fix small typo (x390x -> s390x) + +------------------------------------------------------------------- +Mon Apr 29 10:24:29 CEST 2002 - sf@suse.de + +- changed Makefile.conf to be able to add LIBDIR +- added LIBDIR to make install to put libs into the correct path +- use -DPTRSIZE_64BIT on x86_64 + +------------------------------------------------------------------- +Mon Apr 22 17:35:58 CEST 2002 - poeml@suse.de + +- update to 3.0.1rc8. Most significant changes are (see RELNOTES): + - Don't allow a lease that's in the EXPIRED, RELEASED or RESET + state to be renewed. + - Implement lease stealing for cases where the primary has fewer + leases than the secondary, as called for by the standard. + - Fix a bug where if an option universe contained no options, the + DHCP server could dump core (Walter Steiner). + - Fix a bug in the handling of encapsulated options. + - Fix an uninitialized memory bug in the DHCP client. +- use -DPTRSIZE_64BIT on x390x and ppc64, too +- create /etc/resolv.conf with a file mask of 644, regardless of + the umask [Bug #15915]. Patch by Joerg Mayer. +- the scripts dir is now called CLIENTBINDIR in the Makefiles, and + correctly set to /sbin --> drop 2 hunks from dhcp-3.0rc10.dif + +------------------------------------------------------------------- +Tue Mar 26 14:12:42 CET 2002 - ro@suse.de + +- Fix handling of initscript links and START_* variable [Bug #13755] + +------------------------------------------------------------------- +Sun Feb 10 23:09:42 CET 2002 - poeml@suse.de + +- drop the sysconfig/network/dhcp template. It's in the syconfig + package now. +- strip /sbin/dhclient + +------------------------------------------------------------------- +Mon Feb 4 17:55:01 CET 2002 - poeml@suse.de + +- rename dhcp subpackage to dhcp-base, add dhcp-server subpackage +- rename dhclient to dhcp-client and dhcrelay to dhcp-relay +- remove Conflicts tag dhclient <-> dhcpcd +- use %defattr(-, root, root) for all subpackages +- update copyright info (GmbH --> AG) +- update sysconfig.dhclient (.dhcp-dhclient now), and let it be + filled up into /etc/sysconfig/network/config + +------------------------------------------------------------------- +Wed Jan 30 19:59:51 CET 2002 - poeml@suse.de + +- add /sbin/dhclient, accidentally deleted from filelist lately + +------------------------------------------------------------------- +Sun Jan 27 23:19:14 CET 2002 - ro@suse.de + +- remove START_DHCPD on update +- use fillup_only where no initscript is handled + +------------------------------------------------------------------- +Sun Jan 27 21:08:27 CET 2002 - poeml@suse.de + +- use %_lib and %_libdir +- update rc.dhcpd to use %_libdir when setting up chroot dir +- dhcpsync: name of slave can be given as argument; update man page +- rc.dhcpd: no longer source rc.config +- don't try insserv on dhclient init script -- it's dropped +- tell fillup to use "dhcpd" instead of the package name (dhcp) + +------------------------------------------------------------------- +Fri Jan 25 00:18:52 CET 2002 - poeml@suse.de + +- update to 3.0.1rc6 + - Fix the off-by-one error in the MAC-address checking code for + DHCPRELEASE that was added in 3.0.1rc5. + - Fix a bug where client-specific information was not being + discarded from the lease when it expired or was released, + resulting in problems if the lease was reallocated to a + different client. + - merge pools if possible + - workaround for some Lexmark printers that send a double-NUL- + terminated host-name option, which would break DNS updates. + - no longer log fallback_discard messages +- dhcp-3.0.1rc5-release.dif obsolete hereby +- drop dhclient init script (obsoleted by /sbin/if*-dhcp) + +------------------------------------------------------------------- +Tue Jan 15 16:31:35 CET 2002 - poeml@suse.de + +- update to 3.0.1rc5 + - Fix a bug that would cause the DHCP server to spin if asked to + parse a certain kind of incorrect statement. + - Fix a related bug that would prevent an error from being + reported in the same case. + - Additional documentation. + - Make sure that the hardware address matches the lease when + processing a DHCPRELEASE message. +- add dhcp-3.0.1rc5-release.dif that corrects an error by one in + the code that finds a lease that is being RELEASEd +- use ddns-update-style interim instead of ad-hoc when testing +- make sure that dhcpd is started after xntpd (failover needs + correct system time) +- drop version 2 of dhcpd and dhcrelay + +------------------------------------------------------------------- +Thu Dec 13 00:39:56 CET 2001 - ro@suse.de + +- removed START_ variables, moved rc.config.d -> sysconfig + +------------------------------------------------------------------- +Tue Nov 6 13:50:12 CET 2001 - poeml@suse.de + +- update to 3.0.1rc4 +- add dhcpsync and dhcpync.8 (script to sync DHCP failover config.) +- update rc.dhclient script from the one used in the dhcpcd package +- client: don't check if a device is there; terminate anyway +- small addition to the examples; update README.upgrade + +------------------------------------------------------------------- +Wed Oct 31 17:28:27 CET 2001 - poeml@suse.de + +- update to 3.0.1rc2 +- add a README.upgrade + +------------------------------------------------------------------- +Thu Oct 25 15:51:22 CEST 2001 - poeml@suse.de + +- update to 3.0.1rc1 +- remove our #undef use_LPF patch for 2.0pl5; it seems to cause + problems (stopping responding) with more than one network card +- mark /etc/dhclient.conf with noreplace tag + +------------------------------------------------------------------- +Sun Sep 16 15:44:51 CEST 2001 - poeml@suse.de + +- fix stupid bug in rc.dhcpd where rc.config is sourced too late + +------------------------------------------------------------------- +Fri Sep 14 12:25:38 CEST 2001 - poeml@suse.de + +- fix #9962 where "exit 1" instead of "return" in dhclient-script + would confuse dhclient (which then DECLINEd the lease) + +------------------------------------------------------------------- +Tue Aug 28 16:45:54 CEST 2001 - poeml@suse.de + +- make sure that files are really copied to the chroot dir + +------------------------------------------------------------------- +Mon Aug 27 11:43:08 CEST 2001 - poeml@suse.de + +- add libnss_dns6.so.2 as ghost to the file list to remove it + from the chroot dir when uninstalling the package +- rc.dhcpd: remove empty pid files to avoid warnings by + checkproc/killproc (dhcpd sometimes leaves them if it does not + want to start due to wrong syntax) +- rc.dhcpd: to save time, source rc.config only when necessary +- add dhcpd.conf examples + +------------------------------------------------------------------- +Fri Aug 24 02:11:12 CEST 2001 - poeml@suse.de + +- update to 3.0rc12 (fixes some failover state transitions; other + failover fixes; always returns a subnet selection option if one + is sent) +- change dhclient-script to ignore lines that are commented out + when grepping for variables and eval-ing them + +------------------------------------------------------------------- +Mon Jul 16 14:35:33 CEST 2001 - poeml@suse.de + +- add filedes.dif that gives scripts executed from dhclient-script + their own filedescriptors (patch by Brian Somers + ) +- correct typo in rc.dhcpd + +------------------------------------------------------------------- +Mon Jul 2 11:23:46 CEST 2001 - poeml@suse.de + +- update to 3.0rc10 +- change default in rc.config.d.dhcrelay +- add /usr/sbin/svtest, /usr/bin/omshell, and omshell man pages +- new variable in rc.dhcpd.config: $DHCPD_CONF_INCLUDE_FILES, for + dhcpd.conf include files to be copied to $chroot/etc/ + +------------------------------------------------------------------- +Tue May 22 13:10:54 CEST 2001 - poeml@suse.de + +- update to 3.0rc7 (failover and OMAPI fixes, see RELNOTES) + +------------------------------------------------------------------- +Wed May 16 18:59:53 CEST 2001 - poeml@suse.de + +- on 64 bit archs, define -DPTRSIZE_64BIT +- fix missing include + +------------------------------------------------------------------- +Fri May 11 12:16:16 CEST 2001 - poeml@suse.de + +- if resolv.conf does not exist, touch it; so that there is a file + to back up and restore later and the temporary resolv.conf would + not persist after stopping the client [#8078] +- use the modify_resolvconf tool to cleanup old backup files before + starting the daemon, because it does it intelligently [#8077] + +------------------------------------------------------------------- +Tue May 8 21:37:13 CEST 2001 - poeml@suse.de + +- don't provide empty /etc/rc.config.d/dhcpd.rc.config because that + inhibits the correct removal of variables from rc.config +- mention correct version numbers in mail to root (now using + version macro) +- fix a typo and a nonsense comment in rc.config.d.dhcpd + +------------------------------------------------------------------- +Mon May 7 18:38:32 CEST 2001 - poeml@suse.de + +- update to 3.0rc4 (bugfixes) +- add empty dir /var/lib/dhcp/dev and documentation about how to + ensure that logging from the chroot jail works [#6906] + +------------------------------------------------------------------- +Tue Apr 24 16:14:16 CEST 2001 - poeml@suse.de + +- update to 3.0rc2pl1: fixes bugs in the failover implementation + and a memory smash that happens when fixed-address leases are + used +- Read dhcp client script hooks if they exist, rather than only if + they're executable. +- new file: 3.0b1 lease conversion script + +------------------------------------------------------------------- +Sun Apr 15 17:49:53 CEST 2001 - poeml@suse.de + +- Init scripts: get try-restart ("restart when running") right +- client: + - dhclient-script is now correctly installed to /sbin (thus, + don't mv dhclient-script from /etc/ to /sbin/, thereby + overwriting it with the one from v2) + - move rcdhclient conveniency link to /sbin/ (same as in dhcpcd) + - update info header for resolv.conf acc. to guidelines +- server: + - don't run in chroot environment and as nobody by default + - add missing %postun for subpackages to rearrange runlevel + links after deinstalling + +------------------------------------------------------------------- +Mon Apr 9 11:35:33 CEST 2001 - poeml@suse.de + +- update to 3.0b2pl24 +- don't use rc_status -u in init scripts (option was dropped) +- always run test of dhcpd + +------------------------------------------------------------------- +Wed Mar 28 18:53:35 CEST 2001 - poeml@suse.de + +- update to 3.0b2pl18 + * trim chroot/non-root patch and the other security patches into + dhcp-3.0b2pl18.paranoia.dif + * build stable version of server (2.0pl5) and include the binary + as well as the man pages with '-2' suffix (same for dhcrelay) +- split off subpackages: dhcrelay, dhcp-devel +- reworked all init scripts + * adhere to LSB and use new rc.status functions + * rc.dhcpd: at start, copy conf file and libs to chroot dir + * rc.dhcpd: add syntax check + * rc.dhcrelay: make interface configurable + * rc.dhclient: improve resolv.conf handling +- dhclient: catch TERM to restore resolv.conf before quitting +- create /etc/rc.config.d/dhcrelay.rc.config +- create /etc/rc.config.d/dhclient.rc.config +- clean up Provides/Conflicts +- rework SuSE-fillup templates (and rename them) +- mark libraries for chroot dir as %ghost +- when ABUILD_RUN_TEST_SUITES is true, start dhcpd for a simple + test + +------------------------------------------------------------------- +Fri Mar 16 13:33:30 CET 2001 - poeml@suse.de + +- add dhcpd-thomas.diff from + * query for the real UID and not for the effective UID + * drop supplementary GID's + * avoid potential buffer overflow +- copy dhcpd.conf instead of moving it +- add $syslog to Required-Start in server init script +- fix Required-Start in client init script +- bzipped sources + +------------------------------------------------------------------- +Wed Jan 31 18:38:23 CET 2001 - poeml@suse.de + +- dhcpd.conf will no longer be installed in /etc/ but placed in the + docdir, since it is a nonfunctional example file +- test for etc/SuSE-release in %post +- fix removal of variables from rc.config which failed sometimes +- update {README,LIESMICH}.SuSE + +------------------------------------------------------------------- +Mon Jan 29 13:53:38 CET 2001 - poeml@suse.de + +- added paranoia patch by Ari Edelkind to allow dhcpd run chrooted + in /var/lib/dhcp and as nobody/nogroup. Both is optional. +- moved dhcpd.conf to /var/lib/dhcp/etc/. The file will also be + moved by %post +- moved rc.config options to rc.config.d/dhcpd.rc.config + (existing variables are moved there by %post) +- added some syntax checking via undocumented -t switch, and write + log file during startup +- renamed start script from dhcp to dhcpd +- removed /var/run/dhcpd.pid from the package +- tag some %configs with (noreplace) +- use BuildRoot +- added "Provides: dhcp2"+"Conflicts: dhcp3" in anticipation of v3 +- added {README,LIESMICH}.SuSE and the paranoia patch to the docs + +------------------------------------------------------------------- +Tue Jan 16 02:10:15 MET 2001 - draht@suse.de + +- format string security bugs in syslog(3) calls fixed. + +------------------------------------------------------------------- +Thu Jan 11 06:14:49 CET 2001 - poeml@suse.de + +- in runlevel 2, start only the client, not the server/relay +- tell insserv to start after $named +- improved comments + +------------------------------------------------------------------- +Thu Jan 4 09:29:22 CET 2001 - fober@suse.de + +- package dhclient requires net-tools, not net_tool +- removed superfluous Provides dhclient in package dhclient + +------------------------------------------------------------------- +Wed Nov 29 21:05:35 CET 2000 - poeml@suse.de + +- Update to dhcp-2.0pl5.tar.gz +- This includes a security fix that applies to the DHCP client *only* + +------------------------------------------------------------------- +Tue Nov 28 20:03:14 CET 2000 - poeml@suse.de + +- adapted spec file to use /etc/init.d for the scripts instead of + /sbin/init.d and let insserv create the links +- extracted source files from diff and placed them separately +- included paranoia (non-root/chroot) patch by ari edelkind. This + needs testing, and possibly an adapted start script + +------------------------------------------------------------------- +Mon Jul 24 13:34:55 CEST 2000 - schwab@suse.de + +- Fix argument type of dhcp_option_ev_name. + +------------------------------------------------------------------- +Mon Jul 24 13:11:34 CEST 2000 - schwab@suse.de + +- Set DEBUG, not COPTS. + +------------------------------------------------------------------- +Thu Jul 20 14:40:15 CEST 2000 - zoz@suse.de + +- updated to dhcp-2.0pl3 + +------------------------------------------------------------------- +Wed Jul 19 21:36:43 CEST 2000 - schwab@suse.de + +- Fix handling of abandoned leases with BOOTP. +- Properly handle default lease timeout. + +------------------------------------------------------------------- +Fri Jul 14 16:49:27 CEST 2000 - werner@suse.de + +- make dchpd quiet + +------------------------------------------------------------------- +Thu Jul 13 21:41:39 CEST 2000 - zoz@suse.de + +- changed test for availability of device in rcdhlient: + now using ifconfig, so automatically loading of modules + will be triggered (Bug 3415) +- patched dhclient.c do to a possible root exploit bug + (patch from Pavel Kankovsky ) + Still to be improved, waiting for Ted Lemon to rework it. + +------------------------------------------------------------------- +Tue Jul 11 11:48:02 CEST 2000 - zoz@suse.de + +- reworked rcdhclient once again. + +------------------------------------------------------------------- +Tue Jul 4 11:21:41 CEST 2000 - zoz@suse.de + +- update to dhcp-2.0.pl2 +- dhclient: hostname will only be set, if there is a + DHCLIENT_SET_HOSTNAME=yes (default =no) + in /etc/rc.config. (fixes bug 2807 and 3146) + +------------------------------------------------------------------- +Tue Jun 27 20:20:07 CEST 2000 - zoz@suse.de + +- update to dhcp-2.0.pl1 +- moved /var/state/dhcp to /var/lib/dhcp +- moved manpages to %{_mandir} +- changed rcdhclient: DHCLIENT is obsolete now. It will be started + if it finds any IFCONFIG_x=dhcpclient + +------------------------------------------------------------------- +Mon Apr 10 17:22:31 CEST 2000 - schwab@suse.de + +- Treat Linux 2.3 as linux-2.2 configuration. + +------------------------------------------------------------------- +Thu Jan 27 13:35:46 MET 2000 - grimmer@suse.de + +- added "Provides: dhcp_client" and "Conflicts: dhcpcd" to + dhclient section in spec file +- added "Provides: dhcp_server" to dhcp section +- corrected typo in rc.config variables +- added Group Tag and version macro to spec file +- changed Summary: to "ISC DHCP client" +- moved man pages to /usr/share/man + +------------------------------------------------------------------- +Wed Nov 17 19:56:07 MET 1999 - rolf@suse.de + +- now set hostname in dhclient-script [BUG#1262] + +------------------------------------------------------------------- +Fri Nov 5 11:54:06 MET 1999 - rolf@suse.de + +- reduced waiting time to 1 second +- wait 5 seconds after dhclient start to acquire an IP adress so the + following scripts have a working network setup + +------------------------------------------------------------------- +Thu Nov 4 15:07:34 MET 1999 - rolf@suse.de + +- changes from Josh for @home cablenet + +------------------------------------------------------------------- +Thu Oct 28 15:28:16 MEST 1999 - rolf@suse.de + +- added changes by Lenz Grimmer to use + ifconfig $NETDEV 0.0.0.0 up + for device setup + +------------------------------------------------------------------- +Mon Oct 25 13:47:28 MEST 1999 - rolf@suse.de + +- applied patch of Bernhard Bender + to use the correct interface. +- added client latency time and rc.config entry + +------------------------------------------------------------------- +Mon Sep 27 16:31:01 CEST 1999 - bs@suse.de + +- fixed requirements for sub packages + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Mon Jul 19 17:25:15 MEST 1999 - bs@suse.de + +- changed comment for rc.config + +------------------------------------------------------------------- +Mon Jul 19 17:10:12 MEST 1999 - bs@suse.de + +- fix from werner@suse.de for /sbin/init.d/dhclient + +------------------------------------------------------------------- +Fri Jul 16 11:29:11 MEST 1999 - ro@suse.de + +- added new dhclient-script from werner + +------------------------------------------------------------------- +Wed Jun 23 14:14:46 MEST 1999 - rolf@suse.de + +- new version 2.0 +- apply fix from Michael Hasenstein + +------------------------------------------------------------------- +Mon Mar 8 23:41:14 MET 1999 - ro@suse.de + +- fixed man5-path + +------------------------------------------------------------------- +Fri Feb 26 11:15:09 MET 1999 - rolf@suse.de + +- new version 2.0b1pl16 (stable beta) +- leases are now stored in /var/state/dhcp/ (thanks to Ted Lemmon) +- correct paths in manpages +- PID files as %ghost in filelist + +------------------------------------------------------------------- +Wed Feb 17 15:11:07 MET 1999 - rolf@suse.de + +- new version 2.0b1pl13 + +------------------------------------------------------------------- +Wed Dec 9 11:54:32 MET 1998 - rolf@suse.de + +- added /usr/sbin/rcdhcp + /usr/sbin/rcdhcrelay + /usr/sbin/rcdhclient + +------------------------------------------------------------------- +Tue Nov 24 11:42:34 MET 1998 - rolf@suse.de + +- new init scripts for SuSE Linux 6.0 + +------------------------------------------------------------------- +Thu Nov 12 14:40:29 MET 1998 - bs@suse.de + +- minor changes for new rpm + +------------------------------------------------------------------- +Thu Sep 24 15:01:41 MEST 1998 - rolf@suse.de + +- new version 2.0b1pl6 (stable beta) +- now with dhcp client and dhcp relay agent +- added init scripts for relay agent and client +- changed from $NETDEV_0 to $DHCPD_INTERFACE + +------------------------------------------------------------------- +Fri Jun 26 10:23:59 MEST 1998 - rolf@suse.de + +- new version 1.0pl2 fixes two potential input buffer overrun problems +that were missed in Patchlevel 1 + +------------------------------------------------------------------- +Mon May 18 15:35:00 MEST 1998 - rolf@suse.de + +- new security patch 1.0pl1 included + changed /sbin/init.d/dhcp to run on $NETDEV_0 + +------------------------------------------------------------------- +Wed Dec 10 17:28:11 MET 1997 - rolf@suse.de + +- new version 1.0.0 this is not beta any more! + +------------------------------------------------------------------- +Thu Oct 16 19:56:24 MEST 1997 - rolf@suse.de + +- switched to dhcp.spec instead of Makefile.Linux + +---------------------------------------------------------------------------- +Thu Sep 11 16:57:58 MEST 1997 - rolf@suse.de + +- Upddate to Version 5 beta 16 and made entry for rc.config and + /sbin/init.d for startup/shutdown + There is no dhcp client in this package anymore. + +---------------------------------------------------------------------------- +Thu Jun 12 11:09:37 MEST 1997 - rolf@suse.de + +- build the package for the first time diff --git a/dhcp.keyring b/dhcp.keyring new file mode 100644 index 0000000..a7ad68e --- /dev/null +++ b/dhcp.keyring @@ -0,0 +1,324 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: GPGTools - http://gpgtools.org + +mQINBF/u5KMBEAC0hPiTonjYEe5FqNzFn73KmcN8KGD2wzujmWWLnFXGEVDEpFcS +ULQDshhCclwNeXUArUey4nficwpqUe+Xl2h4dP4z7yh3WiL5nA5JRjJjw8KJQGVW +AkgiZTnJHH8DrzNt9LnDL516qMDJarTHemDUUUZLNxnuv0RDEhDxsXWiVCQZZcw/ +41yIY97uCf30dsDwnckVl3iEmYaGTYavWbKP60S8WaxO0YG57RI1etmlIQ0nMmka +4bvFnwwb9Jdnwle4LIiRMCGymsheaKCKrEZgIJY+idyBuExLLykiL8iNBj2Pzi7z +XSCniH9qcEwfqgZlP/KZwujLhGOc4c4peNwpuDGcmYZoAsUD8CZ8H/LU1FIR2A1u +/UrRREtC8nNTDGxCckSMEquHNURfMk1QmDbJ9gaa9aOk0AArxuTxyj6Cn+KQd5l5 +0mN0R1sDVQq9xWdvnB7N0d3MDhnV7f19iUhi3KYvjVTkCMXjhNXjDH/KXFKoFhKa +9SkxYGfW25inwSQoqbP1TE5+rESf57bo+XFxfVQuYfVJ5BlZobz+sRl2iDQyBJDM +uDFyXE/t+E76BmwyHeOI1weqUMYebqHgu0x76dTYj9yWgWdQAC1pXi15/MTIaOtQ +hWezb5rkI2yZqaZLaRBOIRBIPM5C5AOjL2XbfwUuSr2W4+TvxLocxi48DwARAQAB +tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5 +LCAyMDIxLTIwMjIpIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBH4ckayA +MKWlnR76uXUPPIdyPkASBQJf7uSjAhsPBQkD60WABQsJCAcCBhUKCQgLAgQWAgMB +Ah4BAheAAAoJEHUPPIdyPkAS0lMP/2IgMErScBUaXrZXqYXoluR8xU0p9DyZEBx+ +ZGNAcJ2CTPAbn3FrkNGNpK4SOCLXEZPKOQ09umaIxl8H6uEGaTut1JLj1qGaZ8ID +4gAeQcTIN9OQA5ElQo+ci20XE9JSvzqY1zb04EkMuVL678xPCYJhUSLS0MAQkcDJ +JQLN17SwNi4vGqzVhnwKUviQU9/s+LRUkThsTg4qT0fNnmGoVJXqrshxJa2ZWM6J +QtOWBgJiC6xZ+zRiZS898L0tekU4o9yxtnnDWry2bI+mJbxAp94ZAXgKahOU7LKV +3SPxkx7TAng24nOWi1EaP51pe7usTFH1BR3CUHZdoIQ4xruZGkt/qPumskofzl+1 +8bw1bEFbq8S6jC+twT3JUcE02HbEIbrd6l2T8pYBXaojFggGjUTSv9d5YUN5N9U/ +/Qy0o3xZwHNdXLx6xSrUO+NT5JU1Nh/0sutEH7ru/YqFZof9vfCbV86y8fIOPgk8 +LkJNUSu4QCJ1PHKB+fJp7yAhlPkOXNG1b9+W/hVp96rdkovpCUkLD83s+suQyJGk +QB7Qpem7nS4zp7/Naui+g3M3p/uRSzZgELTnXNyY//bw9fOqx5SDLjSUslUMz+TH +sFTwfo/Mot70MPHMe6aE6tdTDoJTcv4Iim/8MDhJ6yqKt8sxprataZoWwFi6zAF9 +BzWkJcrbiQEzBBABCAAdFiEEFcm6uMUTPAcGawLtlumWUDlMmawFAmAGsmYACgkQ +lumWUDlMmazJ/wgAg3ESpvkvg1cCkWzPeWIMARuW1exngZPQiZ7heZkklzKJHdMh +4HitpF3/FLyJKx6cPInOud1TmuLLK6en5BCX8fVb1GLH7kpkrchkIBMXi9NxQlfQ +O6/0Qb+wwDgpk3LdmfR9GIQ2G62Ub0J9H8NYUvwwINSTuaxAjErUpUV2tHV82EQL +JqE3z5KRyMMdx2FGk4VJglf5vmhlCPF+UsX5LvEHuZOQBLN8ifCnBSHl4ztnE1tn +iawI+KwuL+1+695Aog4ZzdKLhLc1wHJwhoyFv0gUHIzrDZjU80CPBz11gGOmJxr4 +aHUFBgWEs9+YtRUD3nxAWqTDU0iFGDsJLewTvokBMwQQAQgAHRYhBHpqR7X54SM6 +0lUrXL2X3GOe6MR7BQJgBrKdAAoJEL2X3GOe6MR7yEEH/jYIvcupbj11VJN5Cpxw +MrPbGhDGP0uS7a5afFaPkzsmu/bjopnkzFb2cK928LOqKurlZAOae9NFUDxTEvO7 +2kvYb3ksPROQ63LCr6IT+lVoS11AAbD51cup2asRB/Xz1cmciGDEcsHZIiVPrvWM +pSJdCuVmgFUDPpV9S63tX1ZBkmbSIaM2/teJJqkt0qlgaonHhOaHD/GdlPxd4LgJ +eL3DuxSQ1MMDxs0yrouD9Gfq7Yr2udAyAbMaHs0yI1smotLZHMnhfN+6sofEcQrR +JT2GvaCQFCysUnHL0CovPiAdRyPn+/PbUjyqaPatz4+ewt4OcLM6JkkLhWOj6Dgh +iNm5Ag0EX+7k/gEQAKyjyIvMUn4zXCpywIO6n4a1EzO17TgICUuZouDLN8vfHEGj +gBSBfpRtQIbJwbzvwlWfnZLo2yXoWVqybIfTQwaNm3UK43PiG19KYsZwEyMjBC/U +JhHxub0Q/BHXk1pZ2DMkdKEJ24we/gd1+pJrpRB/M78/ybCKgRHX1+QNBIRTUqxj +TKX/+KlaJbdkkZKEYcuefhhvGiBC2xE8RIpSxD0y3O4y3d6Ea2Q3hGC45cLqkJY/ +wngX2WCNJn64s5ApXiualtIxee04mLae77XhmPfp6dbzHIBc7/DnP/ByLYYs39pr ++/ZrcYzdYlCw83OkPAH6mvWfQqn7AroruyJWYOhX5Z5wPYo02A65LJS97uEGNZEz +1bXcuyAsaEokDzJSk++FeT3W8tFSHAUnYZSKvEs8uzZNJOMeUe+Fw/LppfYfFseR +w63nefaHTPHue2XU3tcejMxaYemE+xK85nlK25BEAW98TrcTJ9HzgpQ8htmS9+1s +Ak8oIkLxboaqF85HNhmqV0M029rmJgcXU4i0Xv1ksYjnp2I2wFX1I5UqTh1/1Cnq +6tg5371EZAaYJC179ZIVpT3P1Bg8QaXU2WYYBa3sorIHpBdkfWgQzBe093zgZBfd +ca3KCASnoEbCQUVZFDMXURnSZpE+uk3hulCotdImKpDGxf4UBw6SGmjpftvxABEB +AAGJBHIEGAEIACYWIQR+HJGsgDClpZ0e+rl1DzyHcj5AEgUCX+7k/gIbAgUJA+tF +gAJACRB1DzyHcj5AEsF0IAQZAQgAHRYhBOmrbnkjPAQW6Jk/RQwDr6kKWWfEBQJf +7uT+AAoJEAwDr6kKWWfEO2YP/RgJRxyYq51b0+JDDuYjUdK7AvppL4yUbr8snv2e +aLpNOl7zs0NwS/ZsGlVZhxArzuyYLEhjK6PhIJm4FCK+PK55yKlGgbXg9SEpTxSK +p0X68oO9QADuG44GVHh2Cvv8q+OKudvA7eYai7BmzMM4u9oe47jTf5M+bVuYm0QD +3LpZuT/49O18/KZDCdqImQ+FDpDtlvJqxEiKw7cxE9pxSO3YNcWLlVX8zJryjk9p +7fNj7lKMzITayI+dUTj+fOnjbiMPNKrgMYRSKn/H5BgcXDGEImZ1mVEgWae9IIAZ +cGnI9VtyQLQbDyRnwewbM1sxvH9WMMbcsVPxNHYOOyH33/qJw7Un6MOQ82cgUSxi +MDDtOizkg+EhPVeRIJbzgqoEbmkYjmHt8nN/X2xHsqLpfIV7pVi+CB5AhLtU3UhK +Xe1E392TQZusqRQqvQ5V9pEPTBdAdPNt5zwWzjcbTP8MqgW60YH8nfKMCbAg5w/l +HquqOFWngA9CmwHnVcJpqoRdpdnIxasogts8iOUToUd6HWp37N0iO6WWcXZhm/z0 +dT10hfEqvfkIzx/cFabgPhxGOxQ5agaEw3B0fMdg53KzpPvYoEr0PaKvPwIvRvJy +M35Iil179q6j51AqooPf+Kmvh3IonI5SyWz1zKHGQWnTfVxnmtZtdwsnz+zUF5U+ +MUKeCo8P/2swoDqQJKdOj6tKplHGj1GVDDLgrrF8890dm8GLcDhRgKy6uCWou0W0 +YbxIxaKCZRlYtPq6GyLSitHnB8bu/NqMXQdx3zK5ZrjMZ67SsUleAbrg/KOcke2/ +ZPOLwM1jlj7yZ9epR7DIRRdAvGcuqkaU+M1QAkq+ObhKy01p17CBZ5voXzFRAlzy +jAaYrn7JlDktmPpuO30OvdIIzc6D+JLlcrk84ZQmC2Bctene7Lun1LOwnveqGsMg +j9ipLBOgy7y1S/jEQbHJx5U8Ob7LB17lJdia28xiurkMF2VqVn2QGULl/JwgjMqg +g46Qoqlr9gDIp0tOTxkHKMOTVGt1w7I/hU2kK/KKx/ok/BZ8p0zmbF/juFuzvOKh +QfuaJQYDqLlM2LV74NTaYv3awnBDRaQfDoppR7PZj0JoPyFmdDD+H8lw2rqdvzLQ +ZHyHupaazcrSu1KzxK4NdSx1msUB5RGK9xyaiFd1223QUPOSF4oZezbtJKXyg4KH +6OX+ERTPPaYkYXBEGjQUjmKk3nUh+OEwnzPNKa9+u13BPZO7rBJj0MuxhHvS1YY5 +zYcDqjuR1wLVXSnaO9By3bzUWsL11NcWBwO4ZQFiHMRl5bCO5hBcHMyq4Xp6uxWc ++j9nmXVKeQr7BUFBt/iKAc5qhuXQBDGdvzpbgJcFNncK9Grqjy9ZuQINBF/u5SUB +EADuhOVVleF1WU+dJCWcjknCi8baMQitGJ+lvJq+WGWixf6uC1DkQgufQNI8nfkI +184B45wtB5GskBmPrD/H0UdZ8pEAdR6JNOxUPNOsPIkEJW4LjRyTnzspVRwa4He9 +57Tf/LyoBzOPlNk1oN2X7ioDM4VC5XgyPAk7Hl+xdnDd1QBLunDWZOQBhOGfPnnt +u5zwkkLGt5tPoW83xu6CTssnxJiYjXnhDnAJ1cHpDjax1IwWUoo9hFGYi9e8jhi2 +X8nfm/jeAIttdxxNZCkFf6trvmyd1LaFgZCFwL5Z0223hMeBTpJvsSukkrvsDWvV +Z/RZKKhDZVaNPRBtQT7ohcPUnx26HpmDO6qmkybXdoN0wNkbB1zGUXD6+Whsz4gB +f5CDM+OyUzcUdW+98IuRr5y0w76UvRvPUbieM0RdwgAguGaipEjgi1Ufs2VkjekB +8ssHipuFMpMiJL64igDzZFTzqjOvmglkKwlrk3kSkmdjGeO/a1iFTjZ6H6OHIz7m +trV1e294q8vlKRW5FSU9m+A67BDXhCePqy/wKa0GnJWm6keZjZFs20tUt0cjHeXJ +BuBWj2IwkiheI9eZxFYKAuA564ROMVewRwUvG434PQzLR23BZyD7bvW+0+fSitM5 +vGRy0Ur5XfYHIljFW/K00JbbjlsgKnEKJzGaHmRgSZAKcwARAQABiQRyBBgBCAAm +FiEEfhyRrIAwpaWdHvq5dQ88h3I+QBIFAl/u5SUCGwIFCQPrRYACQAkQdQ88h3I+ +QBLBdCAEGQEIAB0WIQSq27pQdPFAL3tp1WvFtO6TGp+d/QUCX+7lJQAKCRDFtO6T +Gp+d/Zp6D/9mykivgRNV/dqLR1cKbY9/qCkztBR8j189QfKa8GE2s2F9mo0AOnNs +l5/MuJ/xqzuRSv3TjNNzkmx7lrQzMKszITBMMigIoO/aS0urUvbRvB+Vmz6g/bsJ +gLkWQliAtg+tBn/uFELwRaOCfq/ex4m0SjwbveSJUQE6fFUR8ZnzPGZfUKlo5Z+G +IVgKaQR7oKT2Eb45pa3v5ZbTBZPVQWKW7NFEAQxE5wJS3IHkg8KoIf9HP+b9sTob +6Udmjo5j/Bjar+hbZ/0kH/hDIl5Ij5+SNj/AON81COI8wt9ly2/bkh5lhVhm8gqt +2eNvNF74bBguDkb9JulI4Rvk7nk+zyY1SlgVowJ959b4MbjxrhbJQbMWvnYEwq8c +q1zpzs/f6a4ECpw1ljFGrIshCJiJX0IKOkhXVaBR552ugdRe8kX9IC81W8FlHTQj +8PaGwP0EWHcHUURhvDsa5i4bbtnp+BGiU5BR5NpuNAsjfzpJXcjFnUoXCbgZTwFN +tQDbPBPeG78FpoIjmNNIvIGl2jXRvXCAwSeqZcboBs13EVURbAT4IT74EdbRgGEq +nx+CEfDA3V/BMJX5DIDhCfoQFUOROtQ8qpN4KYfO3cBCHxZWuyauh3Kvlinr0uhG +eWQtwYmI4Iow6aSin1nfZyQaJ5geuXbgPDqGZRJYMb6kGfR7NtI+K3cWEACoPbLV +XOrGxoI4Prfgu2rwBu+mE/xdk+uuwLcMgDfohNoJANrkKfuZp0sJfL+4/o362iO3 +Nd/i1TO6bAYkYUu10xc2a4S5euP742tTXFyxxu8Ofk7g0Mxp3AjUQOVCjvC5Yr2N +pABWEXuIMQERrNl7bqSdAXELSbLhLI7W5BoSDcEoePrPt2QCPNYlpBmHOqXKtHNs +KJVRQjxmSuAz/7/o0miFQb+Fp3oOh5+Arofz/KOBXHVa3H5cC4FDZy9yWFxMCYez +Xbx1Z240fEjZjH64ziS4dik8oHB0SH3Vk142q0ElRF9JWMEKMqRNiJLuSK9fK9A4 +F1lV5JWmP9CgB9pSVCgFWbtoXrF/sa1iVXOMywth2mNeHLhltBBVS48j7V/IWTDw ++kBJneC87opDhXbDeE5gDFhDWRLBO1oDv7XyfK/rlWiVOYCi2Yu6f3hQqfvOOikH +IGcL9cSqxTe2JuD0DvFDYpSlaSmYbfl/hlH1oQjFJ7Ymab5J7Ql+ICrpLN93Ja+v +9PNpL8FkvhYQ+TZXD+bNYQ9k6xykiQEUYr5SXvK5e9utvCv7OYCKQeZNvVVd89v1 +4GfAMO5EeEsHKbgUys+PN7OIDHGRJxN8ONarqu8yZoR7UJf52PqV3H0mn12JSeCi +Xz15KABA62m2NyK3mjRjQy79EXoogEbz2CEWXLkCDQRf7uVUARAAoXHlqwpbsD0E +0o+RpeDKbQCVbazNBHWfDGLcA8tUtLQCX1j/eacFtjI7zgcOvzYC0xJZIxhRkgq2 +RSPaxWpRv7Ec4+Rj8x6fKgGsKXappNUnz2edYxSO2tfaqTQ7T34HKhhdOK0FU8Ah +n+pl8Y0H4OynWFo0pF2jCR/pZeTDsD10cHmKxWZoz9nRMc0lEfBzqZypsRUzh8Mv +44LHqbYpAdMeKuT44T03CtqXzYgiqPd3lQEeaMcBtA1dMPNltaDq1hss3cgRjFJF +CmQlkhWF7IGZYVm6K+biEINnEmVnWyDFB4hmTrBHYsFHpxxNbo8fXU+Eimvo7xpC +HwlQyD79okrZ5Bcg2jNh2M5NSOdYBR5Sowvs+D+8RFECAdc71n41MgRYQ6gR77xY +4WauZ+Nv1TPbsO3KaFSM6XSvKIboXVv3S3Wtm9UpZHY5oJSEgKbzyjcwKBscV46H +u/e2dBvZSi3uRjWGByHqPUw1hYZvwuPChMCbH2iQS/2aHXX2T5J1Uk/rCxdm0vjz +rS9N9PDpFAzuuRkHNPJ/ioK9Tm5FJ3a7omq1SHDib+CQpDJbyMsSSpfslpP6IQGA +/OMAu99JYNsOCy3SzOpTmOW1imCMbc6fv9kYUUmuQHTqitS+i/EtOFZa+bWK6DDj +9q/efriGX/J/G8pActADcp+SOPNzeg8AEQEAAYkEcgQYAQgAJhYhBH4ckayAMKWl +nR76uXUPPIdyPkASBQJf7uVUAhsCBQkD60WAAkAJEHUPPIdyPkASwXQgBBkBCAAd +FiEEYU+FZy4le11CfpkGIZkHOteCtLgFAl/u5VQACgkQIZkHOteCtLiN+Q/8Clhk +hGcEv4t1M9h1tkNhei2QTpE7pmw91xXUbqdrmMnuKB1W6+jPmc/etf6hCgfqT0PK +xDPKH9KRdE+ds47K9Cwjtq2YftKSE2fuR7zOYQkvMCkcDRkwZe0EkdCRnADksNYh +Bvwdu0lMGvYPIlxB2lGY/eEcODJiDCDQBQb/YkTBiqmz7+mokKstI/4Ys4CJr7BE +f3HC/VWXaAjFZeoQ7pTem6pSD7TPUC/gaP/HO7DUXd4us5+CSWGkBJzxC0Lz2THW +eEVL47JtB9EAftg30MoTkvWQnFDi365bxOJd/2v4x1xUwQjcsBNlG2CjAVzj3eDs +SROmmappsWez05qbLFd0jMsAqgq/KSvsc8IFZSdmfYjZGtwZCW1EFCVHQxuM76wW +Lz1ecU/BcjD+3/3OirVtcIZO3sflG2t/ELXBNheosR1X2mm02PuPmaV9/2AMzDW/ +cx9TFvP2AgPOzsA2fDdKRaL53S/Rstp1Z0i2SrZYq++AHnw0m0o9zwnCKWGc7tbf +VT+S/wVH0lwVfNL35jp6MgKUXgUDCvm0rTs3/FIUAoSzmTIBgQrE/q8jn2bmH607 +xzCz6mLiCp9Zre3dv51XMqX0AiRYBiOr0W9t+KpmApOVO+JJQymYrmolWV3vb42K +iVRWeIlvD1nXSmzgbjOZdKXVnHIqd6FTNwrI+J4QSw//X+1y1DHUuFW7RMlEu1as +TnbeGrGmoN0Xz9Cs2n11fdhWgSQxBbdhiKvagRG1qixZeZGOV2rl01+C3ByWEb78 +I/mvE14ImUj5vrikL/JAwKtvP9XvhoCKm6/tlkx+WCvtkPmLePIz/v8C6dKo5Q/C +QquN600Xzl6Jt47tzRj38eEguQtDwSg18myF1zT+xzAxkSksdMwAdKvEIBUW6Euw +X16l6cDohu24yynjdpLGyFfTlEfsX3i6PhUIxRKz/3S+IHmeMi2k91kKpQd5dK8t +KPGqyZLhPP0Of65a/GV4EtFFylnKS40saDBVdp9Z+1ZsD5T0pomcNYV3OMn6ACxZ +8d8UE5rVF9dg/7575Ul+VwdoRnhvIsbll/UeoC+9xpKEBW4xdjWGhgmKe+G6TXMl +Fb10/tqlnHsFdbFtZyfwsxHkYV+6eX8zaI0BKaSrEn2C/LpMFFYm7ZB41s3kqzT8 +YNRrBCq+GYzdXrMVBZWw/Boem58hoaqcoLaBdogdc8/SV3Jd0tfCBn7oDsMgSodA +HYENuIm2i+ToZorw9QIQdOIOZEX+YHOWkEk6f4dzkQu5+Cv0TaWSsonMVqAIEK5w +2FURpR50WvJzF9IAuKeDsMk9Zvlyhu70r7dP0veTnteDFICP6Dq87Ee7Ecu97Ug+ +F4JZ+Qqkkfl9oUNYqklhg9q5Ag0EX+7lgAEQAOBZNLvAUDf1e+lY0dJ8ABHb+eUZ +a5O8PvOiKvNTA53b4jZdjCCX3XQqzOeGWoOsdmWoq4ZGNCVunJNuw4fY3mQgT7S4 +ReJ1TeLCyVJnfdEsvSH35zMOeWCKNhcsKDlJyzAEQLUT+RdfrzkBQJM9facPX5ib +HGCi/cC8i1XEoN3c3kRGzLqFhY8rgAJe3juEkWo98+2dB7Yh0WRGbds65f9fv0pv +k3pwChqjrlOmyLHWmbq1M3DDT5MfMhbMr/KGLX+1Q6/9AkwRUDF4EA+v4+aa+Me+ +wj1E1C3tWegdWSomE8PHJBlHYg5VBe+VjIK2Q8DhZCXLEvNYzbhMbzGEPW/NnMDy +qz/+j1Ajw4uDZljGmULiVboYRmTcaetNezttbodSr5GVrIhsPDugyzfSMC9jIN1C +lmti5m+xYpsq77rliLczmRbS/3otPe54wlov9Fqcv0mEBa4SrJ7N9+wFnlrzz+LS +f0UnxxDV9mrb8Yur+Y3Ylnd78dJbKdOeWaT6oaTZurRxEUk0cCzYc0CbQh2mNIUI ++Z6T2PfTCnZzaScwv5KxLDmHrnvSbAgu4rAWvqLaHIWU+Tgfuc/Ti89Dw/Y+7k78 +J+D2s9IGMiL0Ww1Lz9rb2xK46axIYdmcytVSkbD6IqbH+NV6M62p7qFjJ24xJC0h +Tn0TZ+rlMzi25vqrABEBAAGJBHIEGAEIACYWIQR+HJGsgDClpZ0e+rl1DzyHcj5A +EgUCX+7lgAIbAgUJA+tFgAJACRB1DzyHcj5AEsF0IAQZAQgAHRYhBCOhQZpgfPJX +JlY3dSxN985XgQuUBQJf7uWAAAoJECxN985XgQuUN6sQAIE/2QAfXsYeWgtcmN3U +ge21FZTZCz9VXQfXiDXiGBHPb9BrspFHiYatc8pL9y0yQNfCW+zgc9RN47gwxPfy +HDG/ngCNbsK0XwNHcRAVcpHnWuggJCiCe+qk97Vq40RF0vMB1yf42gcRAHt7I+qN +Azc4YarRJVHA2e/vvuj4p3w1y//h9HXG8DbQOz3gbm8JikcHon6U89VcGbOs5hJ/ +5BlaxeMBl2cABiSkSN8mE2uq+pKhHFnR3B4KqJ56ebw3O3+90v2dPf7gAbLmGZoA +bYQ2PkCEjX3iC2AAK8rAKXmEXRUoyG2bl31JZL7Wq4fOCfdQWHdVmt+M+J0JHriY +i7dGll7sRxH6UyXuAInF0WUdUPfPWVvPZXq77EfhmwutNj6/yQPHNjyiMz/MNueU +Qr7HMD1qSGVoPcPfApdFW5KWvF8RW/XibAo3kBgc3tssvduM6j1Zi0vOcfoC/gap +dJD4s6XT7pssqYPrz83SrYiJnBRI6zFMTV9R1g8Xx6I3wv7flC3SPDJuJ5Rrcli2 +Y7wRbhkSaMkbAqDKt/56KAk3b/QB4HBwnJTDVh/NqqpLfk03Kfl4oA3IVDZmEiO5 +dHIE6hQwEDHZNKbsUZ4U4jD5pCBqnoe4ZtnQRkHPqGv2iA0L0VVcI8Q0qj4Z1Mag +gSzSfqAY48/myynvFQrfjbQAzccQAJKZho0LUZ+rZ3zV8jRMEn0BMJE+jXgyMkaJ +ZoVpehWn+VB46+VfYnIEbYjp+EwY8Yqe0J9f78wREs0CJqFCA6O+c4JB2UuFur7q +WhDV5JNfYBelGVCm/LEu55tsz4dfc3/2aoCSyBB2WOaqglBuIT8epeqOYp7XrKVT +dGNpvJzan/fWnuGbQgn/fKoOwzToVQEnXTxIAtDJW8qpEDqrW3851vfGC3aKxsIS +C+EnyRjPctCS9NbvmtJrVwzndR13WtvKjW3Q9o5IZ5RnDvf+djX7ou1QSDtDTHii +EvVQTvPv7XiYC2fg68YO5kmKXst/hw+zN/RIWgc+zyJQWlKisHCfe77lldY1gVuU +9TZYrc7napmqyO5Aj+Aru5CFeMk7mcDkzxi/ttWtssw6PriF06k1t3nphxyrBhsd +kvdbJEA3tM2DlmUeAhVpzbZK1rCNeIdYMZoBekJocmfyvIzctj4tPPXpHYxuL4dV +rD7R9j1/+Yhw51PoDIOD5XbTQaQZcvprDQtmQFmYOKf44yYvsBLxNnh29m3OP6zK +RxPwOxoWPkC7rMcmgKey5KEyq4c4D+9xSSGh7z8TZjZB2JfvPAMzy8Uzy1cO6MUs +08hm4i1xUSkTfKwVXZl9WAFejFOVlRDF2AkFDTODoTPusNgQCFWqjaBj2yRe03zR +f+6eyMZJuQINBF/u5aIBEADeLum7z9C+6R4gGgiTVXQYcY+Nf4Z5Xd9Hh+5yJiDH +40pNdP+gn/z0pV561PgJKcYRlwSkC+wEveGyJuUljItWZ6gKeIWVT6sx6bjNg/Y+ +cRfvRDnp3pKMECuzcrUVkrblLmqq/lx4zXQ1VHA+59XVEi66LqZAubZnCVgnLIA1 +llcyscwl1oekr2YwFJIXjYwVBmFxq5AKuEyFymZkqfQPb4+lG95jBKvjdCKoFZHY +g1MOaP9XcREy+ITu8tqNZByYN1ysGni7eaIAlwlKfddHlKK4vlbvuMUTOAnNHzJM +LiFYTrSdYk6TxSsRukvKvuYETROvv7UgEyBVeHxYfLMsTYQ1EQW+2nwqVJLLjsrL +2f7lqo8jgzt6kw3BT9kZCcLyjfJfTNkvW0qrR9MDDUvLg0YTWBFubOtBwKGpQeD8 +ngoVgEyDx4IDO4+ngJGTzBTO7h9Fas6tqjP/tu+EfyKWA+7W14ssrMN053FABqLP ++cbLTQgI1tiqJ9Hmbvcr+sN2O0iqCwyn0DPSYSmBU2rxI/MzmCuoCc/+LDBDHAV+ +2Jer+kQ/Z3yufrl7w2KQ3jZDbw8fUP+4Fic65V1lS+NT3DDLCZ/Kv41kxodf2w3x +HcqT33Rb1XHB05MhOkCPPSoy2kTuL8bA8S2lk9Mh+Xnj5xUq/JSMG5NeRae9c37o +yQARAQABiQRyBBgBCAAmFiEEfhyRrIAwpaWdHvq5dQ88h3I+QBIFAl/u5aICGwIF +CQPrRYACQAkQdQ88h3I+QBLBdCAEGQEIAB0WIQQGMSq9VqJhvqwrEBOTVpBqq9CL +gwUCX+7logAKCRCTVpBqq9CLg/YyD/0Vd+whkCA838Or3nLV8cbyOw9cShhU1jVy +h3HEBo2q8FdmR8lsXBJiktjfEhvLEe4a460L02kjL0zX49HsyzG1kC9KM/5+U//X +bH7qc/Yfc1Y4gKmxjW006dB7ZKMonFlccWcOoMGAqm/dB8pQeZgR0TEl7ek1CuNk +CCZ1sQd6iP4/ZVXm+pGsmio1X+lRsz1zN8Qd4xUyb+bBY06L+loKHXL8/FkySPZu +osxEV8wv07/tA4lHG7fBDCXqMkePijoIeSzq3bfsVIH6pmGFA/69HYJmXnCVDi2v +DTCk2BtlEgyVTe1R8VD4p0WwztSrDPCtWBYW6vmvsqsXMk3zwQpKmWshjSqx7pLl +vnwftPDWO1+Nv/EXqNDPlqhn3F6Z3yugtF5Gko+rvSjZ4g/UeSMK2qZ3ldxFBpUR +S+W/fhZlDnDZ4DVsQERKNusqFf4fRSfSaxRLQmmel6BE1mpbcF516izS6zIyx+ox +iZkRxlveHDnVedJvwH9aGRKZygS4QJHF4K7W3DSmfujgZ6YB6pPmeDwtd4REmGtR +OUIjJFpvxMhBm+Z/peOd5PSy1ksoKhlRc77sUfsXuc+x7DV1T5YUhq5BfvU+RmnY +kxPtbnsco+4SKWUXy/n4fWT0mr/aT5l2CZPUZ3bucAsE5zuryuvTQt/oFTcr5ex9 +aj6nTwJcq519D/4kXPOnIp5fmdWqKpvGpRqQ/L863TXT/vjnthWm9wuZy9NifhxH +R2i22X3qWnnBPWM3tVd9m7+2wcS1ODWh94TE24IvwNlWxI3zfqJ1GY5uEs92diZO +FlxcEndGBKeJA3C+64ZS2kfs5dvm+cA57jb6ffK5zGE8j0bOjmDp9OpbBv6rCHf3 +J3G2K/e/eOAWLEkuP8cfcyzFObpw1RNY0vO9f4e6AF645/IMb37597dSZl4xzMAX +0320MU/7RvV2JfLAlZ9J1UsGYwBFh6HRLCO53rRJAtOpqpdV89IQIaj0tVzCi3a7 +irrtCFQLY5MqJOQXpBUTTmIqg8Q+QJOYy9KlscXcRFkTcnpixWDXtRzsutnsNFEX +7Tea7ieNLwu8ih4G6qwH3qY1A0f8/AtIA1ZO1yULCPYL1bUcrLfMqOe7eQI8cvPB +AUQ7bxMTkSxuWcF0DyjM0hXzztXvLDz0zE+Gm5dGfwFUBTVL0OPuPeY0cuOtUCBm +av+fHegO3xV85mkry7e7W+hl0L5ydMF1wbaDMzxhr6HwLrRjx0XPKSvyGvhvmAN4 +MjU6RDa85Ae2dA92xxgqXS/We0erbCsW4IiiXhad4qHcmu91vftwv3vW7iB2nDSN +M7/KQK8uWKnGMn82udcVvpOuJlGBZmqIjBjaUoR9kNepz+I5rYvTIGvbVrkCDQRf +7uW7ARAAz8JB2KdPMgdoQmwJ7jaDq23h0EL9QLjAPfruslzIlsR36posnBIJBRuD +/CsR1FP5pE4dUovCu9fG2AmzTHXm+8VO6uSfUGc0yHunzChjCKns8qs2fb73piDs +CpzdreCQNB4XxDu6Kk4f/l94mHqXsi7vXym+cNTDhQVm39FSt2qx4VdXCv999JqU +vHuAmEveZi5TWqklnGyic3ABLjd5WJqAjQUdKqLEHmQ+AVxsF/cEiKKw4LJrUv1r +7NK3XLVoQULub71iUYkDcLT9fyz50rRVY6smU/9aYpSncSnGm7qyuwEi1xNgy4YD +zb/TdgAn6OkYxFv5fUOr2+45TG8OMb4bXQKB7DYSOICRelWD/U2wKtBZFuwq0V/k +9cZ8oI7SLyETPCYkt3k6U0giK6njnSJfh5LvtN7Lr2EbLB4sgLhgM8PAWmluQN1E +bqcO949sQeLnPUvjU1pY1rTATKHbw6quYPQUJwa6STbikFV6ZUTHQSfiyJCVrr/V +BdCUb/BOLtiLvVX/ijPuJniVI9azQAIUYP1bkieVHKSJFcLVxXbt/6ozD25jpRuC +83vRxZ+UrkLt7aH94BB/GP6x5gVSMyclOReJkTzmbrenVi7YDVz36OonQvct+flg +hB21Z1jdBzVEhBg9VGXk1yBcg9XtPCO+eOjC4eNZfQhBuG/rWU0AEQEAAYkEcgQY +AQgAJhYhBH4ckayAMKWlnR76uXUPPIdyPkASBQJf7uW7AhsCBQkD60WAAkAJEHUP +PIdyPkASwXQgBBkBCAAdFiEE4l6wzxzoBJ1H8dmmM+EOShg6jkYFAl/u5bsACgkQ +M+EOShg6jkaGlxAAujAKlnxSjAxaVAV9nbJIlqWdkzpLZHEIWKyzhb2ka6708q43 +bB1dbccaQEYMC5CAvBqdJ+EZK3+6tPf4NPjQ6UMzNqdHAQrSqJJpKz/EG0p00vsm +YZtxZNek0/doeF9iFU6Ds0mex9nxOLd1+6/dmuNwu+B2dn+zo71LeBTwO0d+mc58 +TeHGNQQcTD2Gz061zp+gKowNkO99Td6Zh24PkC9OJdh14P+ZkEPg6YX30ghdY25B +7EAn7GA4929dpi3SUG5eZ8xyf/WGtTdEmqC7Cc9nZxTnOjjX+5Jt2wWtMcrIQ4tO +fRdhiTTuZkZ2xyWPOZdumxsALgmnwIMGFR93N+LWfcA7JuWTWfLB+KicuXMcO19Z +BgLGnXo3xLYxTu0DXDysU3BUNXCbEh+CMuuM8CC+pKkKYsdNc0F90tRhEC9Klj1N +H5Thg464THY2LCemt2ObWqKU35+Y9He1a9UKGUPeQeZKmLX72LH7GLOUGM15nTwS +rmsME+xOmomag1LykcTQQvchWlwHWlnmt3pQFJrsugwt5bBabsCnlVkAt+mMw3Cz +hIDark5NFjaiv/6bX5x8NYg/7ZdBXhho0Uxs7tcqve+dQ7Fj2DIAOp9EmK8OWMeL +DmIvNuRoezt1gk480wYyVHNl+STGDo9q3HjhNDas7sufIKBV0VlYMc16+BFnwA// +XnbF+Heqw6dP5HfZG3wJzBeYoXEvKWCmN6BxSZu62jD3N2Vfbqpnrtwn/emE0tmA +Bgo+sZ5wYDQEnZTOw8QorPwj90Cn3oukej/bhapRqaHXPY9ECDIkYLjfObSsD8oC +VyG3xtsj9W5nl4BheMfTVB89LuLt8U6vJhgWp8f4FOndkSv8DsWRw5leY1UaDj6g +La3pwmfMOwzQxQnt2A0AdMsbHpFllqF0TcsnyhUnxV6T0q2Mls+vXjcRku3KaSLL +3enMtRopZ8JkkIIj2d8mc1me+hBe/SXfCetAgUTXgW/SNtMAsdGBEmUHhxmLe14S +5/uyFIOx3XckN1+bEyzGd95WwhQ9r4nQYFJt7XgkdeVx3S3TdylvM7njtBusWkP3 +xc7pjs559YPenAMXYjOOefgKfL+GlQgQ7UDaPioeFSSqacWYE7rIgWJzrfsImdh7 +e5Tuyz9M0hQouG6OqVw2XxZ44xU9uGcK46HJCHZqKgAqfXKJDUSA1IgYhUMvCoy3 +STEjnb9oORmAJwR8EULVzXsh5Qf4bQcwabj39pwUeSFfrVLh59eG/MfknSUOv7Sq +ThpUo3CqRQ2nnoZIwuGKJJiK9f1dripAY2WauSLWkLYNqaVNcMsHrtdBxGl0Bz7i +c1MrgT9zOuvT7CWSDPukLUwCWUIuKXJNI8acog+U53a5Ag0EX+7l3QEQAMX7qEO4 +q/NuYpZk1eMkroSb/mefME5rXnlhAs33XMyzoI4jin5i4hU8/NVZlhHTIeyBNbDj +lwxX5FjC4v8/7VnzhuA7I+WghUX1VCM4L7AHcafiqZPOhuvqr5R9BW9SJRDx8YbX +W15a9ilaIb3W6JqWMdmaukA5DGMdHEc+mLRxm1MUSqKcIjLpz3jbFu1mfN+fM+nG +QqXRryzV4pnQqUMroBvn2fECKeKWiFdGD9TqyrKmzIuXjUvSoxl6Tl0S3gKveyl1 +KRmDGomktOpDL/lUHilx8RohpqeTewvGGmKX+hCKr7fxYDRWQgJDJ6IKy994QrK3 +ULoI4E0f6iV6BTG51MoMcW2HIYw9HPcxwjmMfELKu7SZ8slqDaEdfOAahoNWRgjC +S/JWwdYOqtkwxdwIhRWWmmHG0ejUzfYABOdYV7grWcV1t6NH1cLnFY6DBtPMJuWq +misfNTRzxYFt8nRjXQgOsexr8XTw+QW9U3jxh2KTqtzCjBI/E/7n1D0AouEix3aH +N9ZTbMBsbk+HXB5zCVhHe2n/SLe5JMNd+65pj6+uqmgQI3p+dKDw3GIFuNQlHQm7 +ooMzZJ4FTPmGn0HMvz449OiBFmiKfEGiCtEC90Ys6csbmEyMF7PMXxQS+nogyKwY +cFmBehfgm69/vxETwk7Adr4dR6OPmRiJBbpPABEBAAGJBHIEGAEIACYWIQR+HJGs +gDClpZ0e+rl1DzyHcj5AEgUCX+7l3QIbAgUJA+tFgAJACRB1DzyHcj5AEsF0IAQZ +AQgAHRYhBPYBT3A31btO47ojcTnqe73wkUVbBQJf7uXdAAoJEDnqe73wkUVbnCEP +/0e7lycnSGfOqTcxCx0xdtM0uy/4p49XvWRwxFq3iGPDYuL9NRoLzG0DzV07/Whu +ay6gMCC/zYqVDsMsNeMWTarjmUl2BnECQ3d0ShhqR1MgSLXUW/BuFX6rFkqNOreM +VCGjiLcYMuCu8EwbgHVMYwfQg+7H1+YEanFgqanUaOGmCgxen1urOxX+Y9lPE+WY +il4kQ7aN4JYqEcfDqvPAaMXrwbceInROq+N0K1w2vB3cZMOx0Qm1SXj1qoUztV+i +oqNV1E79gMv//5Mk05jPkQEaMhnFuGBkn1DP6B5IHH0Ym0NZ2rX3eh8WLf2iV5MW +cQyP454ivUFzalzxnccm20WSeJwkOR7N7eYzQJkCSFWQsXLoO8BCReuC9+kBRgUA +JBbwTZeZEGIp3iG6iNZjPlAZIQiTZ9hFWGx7YcBRn2BM4NJfYvXeeWz4ESKwCuyZ +IUD9FCyUNdb4mX4/R7fsHM3nW6TYODjKUlQGBylNFSfhDxzUOAcOGQRWcEifLYf8 +wW6EibD2DnGqUF8IQqHkPwPR7h9fbwyFKwGU4J4gomhjzlTcY1jS2UjAC3wzsggd +7WfWqdw9sAyarQrjwnWV/JMRtemdJ8CvMR1ueiyMFRqJBfkTADrnp5nrBvdWrTZQ +N6Loo+46iyXhWjL4V+rkwKRqdUwD3v/TBXcJ4K9BgZuy+xQP/18thzfIfsDTGSwr +s8ibO0NHwwuxQ+iK/++d9n5Ykn5gnRMoAebVk7c2p5mYPtehYcrCHzfOwrzH8lQB +IIE3XqKwL5ibojAXzf8dcl8o2++i2SvZYboO/xWDUeGTYi/nLcQxsVr2t+/q+PGG +j7SxiutokfypAAzTwgg6Lv5p+uRH+KSADxXvKaqZ3G0wwdmob6HlHRUZNXBAHFnn +9mJjnpCflQfabRNzYAc5wBBO8ITDJvX0g/KGJ/6t6TeelK8q0NzpYEmKjKKC8OGX +6OAh9wijvvDoa2GBsVz2Trwl7no967YnfTNaPvpn4OLU4mECPXAWvj9dPmhzUwH9 +V/LHeEQ9EM3Pt1FoOqhWdhV2gjRuXIKJKQP0jj9rFvhffE3ZIrhcD/O/4tvUVsIz +VcUvZoX7T22T7vsRV1awGZCk4CsPR3ngTVi6UEZrFWblAp+i/bcqKocgVUXxZiom +o0nBslFmKLuSVzORWbfAW17c1YrsdbyR8XXjuW/TPcCJlieTQ7oyPWKndHxCbnKK +/nsNtuAgyRI9YKkS0UYcigraawnZtByLOHZYbEuizTRFPHchUB5IBLnj6SuswGDn +TA1zNwYco8NQovCRhzOAeidS2WMCR5edOXr2uJ8KEj4qmMc20Xp0WALVpK0w653o +eEBx3R/eWa4/MIYanhg5DH21XXf1uQINBF/u5fgBEADFrJu51Arh8wjMuJWCsjO2 +GFvf8Mrzc82iFM0x6YzZXbPUiPkOW7Zc0PKkx1HSsoz9AjfNa53X693aH+VBmWDn +wWym+tjojuEj5xt1GV1VoAoMZAejkGLRrsGSidm9L/TCc1Q8iHL/OfNe1dF/gvt4 +9kyh8f/ayHPhNnXI2lTzNqiZjp42NJznU/i9XG0NDhCh9B4kSfxo71rjCG47RNUQ +A8pFgFGCMzx9oO5Qm0t+ILc6uEuD4HslVIXd2LgkhMDJp89tkAIuNXtSbFtJQvep +MllWki6EXTFA4IT5ZHHdezuWQ90cyo/Y5onxjjKZHTxxJ8g/ZcUqxAW2ipNXIxCA +aAjpVcXw5+cKcaDHQOjW8k2gvSd4XNVekI8/OHVFtyu2d1la6b/VHh6CRiAnxM9A +flff3UnnxTB3mX39kN2hJ55Bh21NHhhDz/8BMU7eGhJG8RLhTpnA7wszp2Ktrqmp +vqPSWJP4N1wHATgLVsYkwnp33dLlJ8feWUMgwmju4kNsogsUwRL2uDtLojz5Jbvl +OMpSThjsvxHyrBRGoTK444Z9pBeKuq+OLg91wYMGIiTY6rr0rLqWaUmDIgdJntI7 +UleTTIAlNdv5roUlMsXGJ2QhnO74uEsGf8yEA+NXK/eoJNDs7SW7wx9yqDnyGEno +gTv08EdLfPyiT6YUrSIatwARAQABiQRyBBgBCAAmFiEEfhyRrIAwpaWdHvq5dQ88 +h3I+QBIFAl/u5fgCGwIFCQPrRYACQAkQdQ88h3I+QBLBdCAEGQEIAB0WIQQkVXdN +Qv3+a5w4Prj+EAK8WXCBHwUCX+7l+AAKCRD+EAK8WXCBH4uhEACC0iBopvhljyqg +AVl6mH5LKD6Ywp88mQG4ZR50mXojFscFKDaaGcKMnRuZ2rGwBeC1xJSqa1ljD03K +gaCJWOz6C7mxCnU7Fzb+R5BdpWSxOShfB2d/7aJfKnVY954sbJIebO7DL1x4TG36 +HSZWYGAWWzbA10UY9tV+JPc+8WTCqye1rod5sNM3ikzO8bUggZXsvkpGjUR2aSu3 +eVdBaZ2AeXcmg1D2/8mB/iOjqAPDndi8kUolxo44BLd3gLM9aZwvNzLiZ/T1gjcO +hAJtgvdxE16VTDNQXYvpDI8LCidd6YsKZ+QGCxJWq9bh+rypsQcYXZ8rvHd3ttkS +xSIYK3+1c6QOQ0nfVP+YLfmfFl9yPwAw+LE74GcB4p5gLfsttAPvqOvDnbq1RewA +X5A43kM96i357xsjH2pJu92qlcOQriUZxFO5LY5ULwn1d8NNyHjCbcp3g/iUN1EA +lact9VrLSbTksaV6RZ0TNyM/woNogIf2sSzp/17WDLqZMQGcFb//jUHEQtMrGhMa +VxffISEKYrfqDkL/53pvsmLlqsYZMJr3q//EbfYphzXN+fdNiQLHTqk9RvOICXaX +QxOkZ6rPaEkw4YDcm7HCWSwkqqc9jLSEcp1Vbg+efbk15dwGnzCmS3xVk5FvOPD9 +MkHuq8kehGjW1q3zlSKP2sBepPI7wRrSEACL8R+6IMPLcZXtu+MVIDVcSMt34XjS +DZfRAb88dNJxgHisUnBXQYVTEseviDuLKkBUj4EHgRiKTHyCl57oHSDcn6toIUMO +tE8Mp2qulkrnehhwE+R1IFsKvkwBr8zcN6soESCgFVRtpIdY3s4fZp77lHpfYRGZ +hl1bg8KPqXDtr5GGQCyAqjxGOieNXrV6FA9mHbSegjX1DzQFhhIJ8ce/PLm/C8HK +GZMwk2uXc8OkHL39PAFHkOmcd848lfpueXel27rkXZNEzrKgVt+hSISqtdXjALUj +7431WOtC9dKnSKT9doxarzvAsiD7WjASUkjPDJla6RCRkwBi16xUXPbRjALs27xI +2v81NIIfUSouxLhiEFOyOlzZPwCpSWDEquKWYtuuPrg9eAyxD1ZibnPCULlQDl6T +LliERMUnbl0hqmUybjtohs9Ifl/3Ll5g+R84Kgy7mgPMPOhd0f1XVh+weprxtuhK +BN1quILbfHfwT09pZA3JjYwUovpwW3aKUiwxJIPokCbXHyQG2fVsGikbnzzuZMO2 +WocLD9CtO4ut4kb0onV1AUn9Djb5ywfT2XTzXCW/gEG5WU3VeaP5zaxaf3SXUE9l +9gd32OGCAj3rJNmF9N8VtIxK4Y9DKoefANh0Ddw2PkFiJ68GQ7kVloJ71JnjFxiC +qVWm/Xk7tWsP4g== +=Ynj7 + + +-----END PGP PUBLIC KEY BLOCK----- diff --git a/dhcp.spec b/dhcp.spec new file mode 100644 index 0000000..0a4cc94 --- /dev/null +++ b/dhcp.spec @@ -0,0 +1,568 @@ +# +# spec file for package dhcp +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define isc_version 4.4.2-P1 +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif +%if 0%{?suse_version} >= 1550 +%define sbindir %{_sbindir} +%else +%define sbindir /sbin +%endif +%if 0%{?suse_version} >= 1330 +%bcond_without sysusers +%else +%bcond_with sysusers +%endif +Name: dhcp +Version: 4.4.2.P1 +Release: 0 +Summary: Common Files Used by ISC DHCP Software +License: MPL-2.0 +Group: Productivity/Networking/Boot/Servers +URL: https://www.isc.org/software/dhcp +Source0: https://ftp.isc.org/isc/dhcp/%{isc_version}/dhcp-%{isc_version}.tar.gz +Source1: https://ftp.isc.org/isc/dhcp/%{isc_version}/dhcp-%{isc_version}.tar.gz.asc +Source2: %{name}.keyring +# +Source10: dhcpd.script +Source11: dhcrelay.script +Source12: dhcpd.service +Source13: dhcpd6.service +Source14: dhcrelay.service +Source15: dhcrelay6.service +Source17: sysconfig.dhcpd +Source18: sysconfig.dhcrelay +Source19: if-up.d.dhcpd-restart-hook +# +Source20: dhclient.conf +Source21: dhclient6.conf +Source22: dhcpd.conf +Source23: dhcpd6.conf +Source26: sysconfig.syslog-dhcpd +# +Source41: dhcp.README +Source43: DDNS-howto.txt +Source44: contrib.tar.gz +Source45: examples.tar.gz +Source46: slp.reg.d.dhcp.reg +Source47: dhcp-user.conf +Patch1: 0001-dhcp-4.1.1-default-paths.patch +# paranoia patch is included now, but not the +# additional patch by thomas@suse.de not ... +Patch2: 0002-dhcp-4.1.1-paranoia.patch +Patch3: 0003-dhcp-4.2.2-man-includes.patch +Patch4: 0004-dhcp-4.1.1-tmpfile.patch +Patch5: 0005-dhcp-4.1.1-dhclient-exec-filedes.patch +Patch6: 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch +# PATCH-FIX-UPSTREAM lpf-bind-msg-fix bnc#617795 +Patch7: 0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch +# PATCH-FIX-SLE dhclient-option-checks bnc#675052 +Patch8: 0008-dhcp-4.2.2-dhclient-option-checks.patch +# PATCH-FIX-OPENSUSE close-on-exec bnc#732910 +Patch9: 0009-dhcp-4.2.6-close-on-exec.patch +# PATCH-FIX-OPENSUSE quiet-dhclient bnc#711420 +Patch10: 0010-dhcp-4.2.2-quiet-dhclient.patch +# PATCH-FIX-OPENSUSE dhcp-4.2.x-chown-server-leases bnc#868253 +Patch12: 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch +# PATCH-FIX-SLE dhclient6-unsigned-lifetimes-for-script bsc#926159 +Patch14: 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch +# PATCH-FIX-SLE Expose-next-server-DHCPv4-option-to-dhclient-script bsc#928390 +Patch15: 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch +# PATCH-FIX-SLE infiniband-support bnc#870535,bsc#909189,bsc#910984 +Patch16: 0016-infiniband-support.patch +# PATCH-FIX-SLE server-no-success-report-before-send bsc#919959 +Patch17: 0017-server-no-success-report-before-send.919959.patch +# PATCH-FIX-SLE client-fail-on-script-pre-init-error bsc#912098 +Patch18: 0018-client-fail-on-script-pre-init-error-bsc-912098.patch +# PATCH-FIX-SLE dhcp-4.2.4-P1-interval bsc#947780 +Patch20: 0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch +Patch21: 0021-dhcp-ip-family-symlinks.patch +Patch22: dhcp-CVE-2022-2928.patch +Patch23: dhcp-CVE-2022-2929.patch +BuildRequires: automake +BuildRequires: dos2unix +BuildRequires: libtool +BuildRequires: openldap2-devel +%if %{with sysusers} +BuildRequires: sysuser-tools +%endif + +%package server +Summary: ISC DHCP Server +Group: Productivity/Networking/Boot/Servers +Requires: dhcp = %{version} +Requires(post): %fillup_prereq +%{?systemd_ordering} +%if 0%{?suse_version} < 1500 +Requires: net-tools +%endif +%if %{with sysusers} +%sysusers_requires +%else +Requires(pre): shadow +%endif + +%package client +Summary: ISC DHCP Client +Group: Productivity/Networking/Boot/Clients +Requires: %{_bindir}/getent +Requires: dhcp = %{version} +Requires: iproute2 +Requires: iputils +%if 0%{?suse_version} >= 1330 +Requires: /usr/bin/hostname +%else +Requires: net-tools +%endif + +%package relay +Summary: ISC DHCP Relay Agent +Group: Productivity/Networking/Boot/Servers +Requires: dhcp = %{version} +Requires(post): %fillup_prereq +%{?systemd_ordering} +%if 0%{?suse_version} < 1500 +Requires: net-tools +%endif + +%package devel +Summary: Header Files and Libraries for dhcpctl API +Group: Development/Libraries/C and C++ +Requires: dhcp = %{version} + +%package doc +Summary: Documentation +Group: Productivity/Networking/Boot/Servers + +%description +This package contains common programs used by both the ISC DHCP +server ("dhcp-server" package) and client ("dhcp-client") as the +omshell and common manual pages. + +%description server +This package contains the ISC DHCP server. + +%description client +This is an alternative DHCP client, the ISC DHCP client for Linux. Like +"dhcpcd" (the client that is installed by default), it can be used to +configure the network setup. IP address, hostname, routing, +nameserver, netmask, and broadcast can be dynamically assigned while +booting the machine. + +It is configurable via the configuration file %{_sysconfdir}/dhclient.conf. + +%description relay +This is the ISC DHCP relay agent. It can be used as a 'gateway' for +DHCP messages across physical network segments. This is necessary +because requests can be broadcast, and they will normally not be +routed. + +%description doc +This package contains additional documentation files provided with +the software. The manual pages are in the corresponding packages. + +%description devel +This package contains all of the libraries and headers for developing +with the Internet Software Consortium (ISC) dhcpctl API. + +%prep +if test "%version" != $(echo %isc_version | tr "-" "."); then + echo "error: %%version and %%isc_version are not in sync." + exit 1 +fi +%setup -q -n %{name}-%{isc_version} -a 44 -a 45 +## +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 +%patch10 -p1 +%patch12 -p1 +%patch14 +%patch15 -p1 +%patch16 +%patch17 -p1 +%patch18 -p1 +%patch20 +%patch21 +%patch22 +%patch23 +## +find . -type f -name \*.cat\* -exec rm -f {} \; +dos2unix contrib/ms2isc/* +# Remove GPL licensed files to make sure, +# they're not used to build (bnc#714004). +pushd bind +gunzip -c bind.tar.gz | tar xf - +rm -rf bind-*/contrib/dbus +bind_dir=$(ls -1d bind-*) +for i in %{_datadir}/automake-*/config.{sub,guess} ; do + install -v -m755 $i $bind_dir/ +done +# use the year from source gzip header instead of current one to make reproducible rpms +year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < bind.tar.gz) +sed -i "s/stdout, copyright, year/stdout, copyright, \"-$year\"/" $bind_dir/lib/dns/gen.c +popd +## + +%build +%global _lto_cflags %{_lto_cflags} -ffat-lto-objects +CFLAGS="%{optflags} -D_GNU_SOURCE -W -Wall -Wno-unused -fcommon -fno-strict-aliasing" +%ifarch ppc ppc64 s390x + # bugs 134590, 171532 + CFLAGS="$CFLAGS -fsigned-char" +%endif +%ifarch ia64 %{sparc} alpha s390x ppc64 x86_64 + CFLAGS="$CFLAGS -fPIE" +%else + CFLAGS="$CFLAGS -fpie" +%endif +LDFLAGS="-Wl,-z,relro,-z,now -pie" +FFLAGS="$CFLAGS" +CXXFLAGS="$CFLAGS" +export CFLAGS LDFLAGS FFLAGS CXXFLAGS +%configure \ + --enable-dhcpv6 \ + --enable-failover \ + --enable-paranoia \ + --enable-early-chroot \ + --disable-libtool \ + --enable-log-pid \ + --enable-binary-leases \ + --with-ldap \ + --with-ldapcrypto \ + --with-cli-pid-file=%{_rundir}/dhclient.pid \ + --with-cli-lease-file=%{_localstatedir}/lib/dhcp/dhclient.leases \ + --with-cli6-pid-file=%{_rundir}/dhclient6.pid \ + --with-cli6-lease-file=%{_localstatedir}/lib/dhcp6/dhclient.leases \ + --with-srv-pid-file=%{_rundir}/dhcpd.pid \ + --with-srv-lease-file=%{_localstatedir}/lib/dhcp/db/dhcpd.leases \ + --with-srv6-pid-file=%{_rundir}/dhcpd6.pid \ + --with-srv6-lease-file=%{_localstatedir}/lib/dhcp6/db/dhcpd6.leases +# +: building bind sources +%if 0%{?!make_build:1} +# SLE-12 compatbility still needed as of October 2021 +%define make_build %{__make} %{?_smp_mflags} +%endif +%make_build -j1 -C bind all +cat bind/configure.log +cat bind/build.log +cat bind/install.log +: building dhcp sources +%make_build +%if %{with sysusers} +%sysusers_generate_pre %{SOURCE47} dhcp-server dhcp-user.conf +%endif + +%check +# check example config, see if it runs +./server/dhcpd -4 -t -cf $RPM_SOURCE_DIR/dhcpd.conf +./server/dhcpd -6 -t -cf $RPM_SOURCE_DIR/dhcpd6.conf +# check syntax in our scripts +bash -n $RPM_SOURCE_DIR/dhcpd.script +bash -n $RPM_SOURCE_DIR/dhcrelay.script + +%install +%make_install +# +# directories +install -d -m0755 %{buildroot}/sbin +install -d -m0755 %{buildroot}%{_sysconfdir}/dhcpd{,6}.d +install -d -m0755 %{buildroot}%{_sysconfdir}/openldap/schema +install -d -m0755 %{buildroot}%{_localstatedir}/run +install -d -m0755 %{buildroot}%{_fillupdir} +# chroot jail +install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}%{_sysconfdir} +install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}/dev +install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}/%{_lib} +install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}/run +install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}/db +%if 0%{?suse_version} < 1550 +# move the dhclient binary to /sbin +mv -f %{buildroot}%{_sbindir}/dhclient %{buildroot}/sbin/ +%endif +# provide a ...6 link, so we know it supports DHCPv6 +ln -sf dhcpd %{buildroot}%{_sbindir}/dhcpd6 +ln -sf dhcrelay %{buildroot}%{_sbindir}/dhcrelay6 +ln -sf dhclient %{buildroot}%{sbindir}/dhclient6 +# install our adopted config examples: +install -m0644 $RPM_SOURCE_DIR/dhcpd.conf %{buildroot}%{_sysconfdir}/ +install -m0644 $RPM_SOURCE_DIR/dhcpd6.conf %{buildroot}%{_sysconfdir}/ +install -m0644 $RPM_SOURCE_DIR/dhclient.conf %{buildroot}%{_sysconfdir}/ +install -m0644 $RPM_SOURCE_DIR/dhclient6.conf %{buildroot}%{_sysconfdir}/ +# We don't ship dhclient-script any more (boo#1216822) +rm -f %{buildroot}%{_mandir}/man8/dhclient-script.8 +# helper / wrapper scripts +install -d -m0755 %{buildroot}%{_libexecdir}/dhcp +install -m0755 $RPM_SOURCE_DIR/dhcpd.script \ + %{buildroot}%{_libexecdir}/dhcp/dhcpd +sed -e 's,@LIBDIR@,%{_lib},g' -i %{buildroot}%{_libexecdir}/dhcp/dhcpd +install -m0755 $RPM_SOURCE_DIR/dhcrelay.script \ + %{buildroot}%{_libexecdir}/dhcp/dhcrelay +# service units +install -d -m0755 %{buildroot}%{_unitdir} +install -m0644 $RPM_SOURCE_DIR/dhcpd.service \ + %{buildroot}%{_unitdir}/dhcpd.service +install -m0644 $RPM_SOURCE_DIR/dhcpd6.service \ + %{buildroot}%{_unitdir}/dhcpd6.service +install -m0644 $RPM_SOURCE_DIR/dhcrelay.service \ + %{buildroot}%{_unitdir}/dhcrelay.service +install -m0644 $RPM_SOURCE_DIR/dhcrelay6.service \ + %{buildroot}%{_unitdir}/dhcrelay6.service +sed -e 's,@LIBEXECDIR@,%{_libexecdir},g' -i %{buildroot}%{_unitdir}/d* +# rcservice links +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdhcpd +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdhcpd6 +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdhcrelay +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdhcrelay6 +# rcservice actions +legacy_actionsdir=%{buildroot}%{_libexecdir}/initscripts/legacy-actions +cat >dhcpd.action <<'EOF' +#!/bin/bash +exec %{_libexecdir}/dhcp/dhcpd -4 ${0##*/} +EOF +install -d -m0755 ${legacy_actionsdir}/dhcpd +install -m0755 dhcpd.action ${legacy_actionsdir}/dhcpd/syntax-check +ln -sf syntax-check ${legacy_actionsdir}/dhcpd/check-syntax +ln -sf syntax-check ${legacy_actionsdir}/dhcpd/check-lease +rm -f dhcpd.action +cat >dhcpd.action <<'EOF' +#!/bin/bash +exec %{_libexecdir}/dhcp/dhcpd -6 ${0##*/} +EOF +install -d -m0755 ${legacy_actionsdir}/dhcpd6 +install -m0755 dhcpd.action ${legacy_actionsdir}/dhcpd6/syntax-check +ln -sf syntax-check ${legacy_actionsdir}/dhcpd6/check-syntax +ln -sf syntax-check ${legacy_actionsdir}/dhcpd6/check-lease +rm -f dhcpd.action +# sysconfig files +install -m0644 $RPM_SOURCE_DIR/sysconfig.dhcpd \ + %{buildroot}%{_fillupdir}/ +install -m0644 $RPM_SOURCE_DIR/sysconfig.syslog-dhcpd \ + %{buildroot}%{_fillupdir}/ +install -m0644 $RPM_SOURCE_DIR/sysconfig.dhcrelay \ + %{buildroot}%{_fillupdir}/ +# another config files and scripts +install -m0644 contrib/ldap/dhcp.schema \ + %{buildroot}%{_sysconfdir}/openldap/schema +install -d -m0755 %{buildroot}%{_sysconfdir}/sysconfig/network/if-up.d +install -d -m0755 %{buildroot}%{_sysconfdir}/sysconfig/network/scripts +install -m0755 $RPM_SOURCE_DIR/if-up.d.dhcpd-restart-hook \ + %{buildroot}%{_sysconfdir}/sysconfig/network/scripts/dhcpd-restart-hook +sed 's,@LIBEXECDIR@,%{_libexecdir},g' -i \ + %{buildroot}%{_sysconfdir}/sysconfig/network/scripts/dhcpd-restart-hook +ln -sf ../scripts/dhcpd-restart-hook \ + %{buildroot}%{_sysconfdir}/sysconfig/network/if-up.d/60-dhcpd-restart-hook +# slp support +install -d -m0755 %{buildroot}%{_sysconfdir}/slp.reg.d +install -m0644 $RPM_SOURCE_DIR/slp.reg.d.dhcp.reg \ + %{buildroot}%{_sysconfdir}/slp.reg.d/dhcp.reg +# fix manual page permissions +find %{buildroot}/%{_mandir} -type f | xargs chmod 644 +# copy some documentation and examples from src dir +install -m0644 $RPM_SOURCE_DIR/dhcp.README README.SUSE +install -m0644 $RPM_SOURCE_DIR/DDNS-howto.txt . +cp doc/examples/* ./examples/ +rm -f doc/{References.xml,Makefile*} +rm -f contrib/dhcp.spec +rm -f %{buildroot}%{_sysconfdir}/{dhcpd,dhclient}.conf.example +find contrib doc/examples -type f | xargs chmod -x +# install bind libs+includes needed for dhcp-devel +pushd bind +install -d -m0755 %{buildroot}%{_includedir}/dhcp/ +for i in include/* ; do + cp -r $i %{buildroot}%{_includedir}/dhcp/ +done +install -d -m0755 %{buildroot}%{_libdir}/dhcp/ +for l in lib/lib*.a ; do + install -m0644 $l %{buildroot}%{_libdir}/dhcp/ +done +popd +# move also all dhcp-devel files to dhcp subdirectories +mv %{buildroot}%{_includedir}/{dhcpctl,omapip} \ + %{buildroot}%{_includedir}/dhcp/ +mv %{buildroot}%{_libdir}/lib*.* \ + %{buildroot}%{_libdir}/dhcp/ +%if %{with sysusers} +mkdir -p %{buildroot}%{_sysusersdir} +install -m 644 %{SOURCE47} %{buildroot}%{_sysusersdir}/ +%endif + +%if %{with sysusers} +%pre server -f dhcp-server.pre +%else + +%pre server +getent passwd dhcpd >/dev/null || useradd -r -g nogroup -s /bin/false -c "DHCP server daemon" -d %{_localstatedir}/lib/dhcp dhcpd +%endif +%service_add_pre dhcpd.service +%service_add_pre dhcpd6.service + +%post server +%{fillup_only -n dhcpd dhcpd} +%{fillup_only -ans syslog dhcpd} +%service_add_post dhcpd.service +%service_add_post dhcpd6.service +# FIXME: update? +if [ $1 -gt 1 ]; then + if grep -q '^DHCPD_RUN_AS=.*nobody' etc/sysconfig/dhcpd; then + tmpfile=$(mktemp -q etc/sysconfig/dhcpd.XXXXXX) + sed 's|^DHCPD_RUN_AS=.*|DHCPD_RUN_AS="dhcpd"|' etc/sysconfig/dhcpd \ + > $tmpfile && mv $tmpfile etc/sysconfig/dhcpd + rm -f $tmpfile + fi + if grep -q '^DHCPD_BINARY=.*dhcpd\..*' etc/sysconfig/dhcpd; then + tmpfile=$(mktemp -q etc/sysconfig/dhcpd.XXXXXX) + sed 's|^DHCPD_BINARY=.*|DHCPD_BINARY=""|' etc/sysconfig/dhcpd \ + > $tmpfile && mv $tmpfile etc/sysconfig/dhcpd + rm -f $tmpfile + fi +fi + +%preun server +%service_del_preun dhcpd.service +%service_del_preun dhcpd6.service + +%postun server +%service_del_postun dhcpd.service +%service_del_postun dhcpd6.service + +%pre relay +%service_add_pre dhcrelay.service +%service_add_pre dhcrelay6.service + +%post relay +# +%{rename_sysconfig_variable -f etc/sysconfig/dhcrelay + DHCRELAY6_LOWER_INTERFACES_ARGS DHCRELAY6_LOWER_INTERFACES} +%{rename_sysconfig_variable -f etc/sysconfig/dhcrelay + DHCRELAY6_UPPER_INTERFACES_ARGS DHCRELAY6_UPPER_INTERFACES} +# +%{fillup_only -n dhcrelay dhcrelay} +%service_add_post dhcrelay.service +%service_add_post dhcrelay6.service + +%preun relay +%service_del_preun dhcrelay.service +%service_del_preun dhcrelay6.service + +%postun relay +%service_del_postun dhcrelay.service +%service_del_postun dhcrelay6.service + +%files +%license LICENSE +%{_bindir}/omshell +%{_mandir}/man1/omshell.1%{?ext_man} +%{_mandir}/man5/dhcp-eval.5%{?ext_man} +%{_mandir}/man5/dhcp-options.5%{?ext_man} + +%files server +%{_sbindir}/dhcpd +%{_sbindir}/dhcpd6 +%{_sbindir}/rcdhcpd +%{_sbindir}/rcdhcpd6 +%{_unitdir}/dhcpd.service +%{_unitdir}/dhcpd6.service +%if %{with sysusers} +%{_sysusersdir}/dhcp-user.conf +%endif +%dir %{_libexecdir}/initscripts/legacy-actions/dhcpd +%{_libexecdir}/initscripts/legacy-actions/dhcpd/* +%dir %{_libexecdir}/initscripts/legacy-actions/dhcpd6 +%{_libexecdir}/initscripts/legacy-actions/dhcpd6/* +%config(noreplace) %{_sysconfdir}/dhcpd.conf +%config(noreplace) %{_sysconfdir}/dhcpd6.conf +%attr(755,root,root) %dir %config(noreplace) %ghost %{_sysconfdir}/dhcpd.d/ +%attr(755,root,root) %dir %config(noreplace) %ghost %{_sysconfdir}/dhcpd6.d/ +%dir %{_libexecdir}/dhcp +%{_libexecdir}/dhcp/dhcpd +%dir %{_localstatedir}/lib/dhcp +%dir %{_localstatedir}/lib/dhcp%{_sysconfdir} +%dir %{_localstatedir}/lib/dhcp/dev +%dir %{_localstatedir}/lib/dhcp/%{_lib} +%dir %{_localstatedir}/lib/dhcp/run +%attr(755,dhcpd,root) %dir %{_localstatedir}/lib/dhcp/db +%dir %{_localstatedir}/lib/dhcp6 +%dir %{_localstatedir}/lib/dhcp6%{_sysconfdir} +%dir %{_localstatedir}/lib/dhcp6/dev +%dir %{_localstatedir}/lib/dhcp6/%{_lib} +%dir %{_localstatedir}/lib/dhcp6/run +%attr(755,dhcpd,root) %dir %{_localstatedir}/lib/dhcp6/db +%{_mandir}/man8/dhcpd.8%{?ext_man} +%{_mandir}/man5/dhcpd.conf.5%{?ext_man} +%{_mandir}/man5/dhcpd.leases.5%{?ext_man} +%dir %{_sysconfdir}/openldap +%dir %{_sysconfdir}/openldap/schema +%attr(0644, root, root) %config %{_sysconfdir}/openldap/schema/dhcp.schema +%dir %{_sysconfdir}/slp.reg.d +%config(noreplace) %{_sysconfdir}/slp.reg.d/dhcp.reg +%dir %{_sysconfdir}/sysconfig/network +%dir %{_sysconfdir}/sysconfig/network/scripts +%dir %{_sysconfdir}/sysconfig/network/if-up.d +%{_sysconfdir}/sysconfig/network/scripts/dhcpd-restart-hook +%{_sysconfdir}/sysconfig/network/if-up.d/60-dhcpd-restart-hook +%{_fillupdir}/sysconfig.dhcpd +%{_fillupdir}/sysconfig.syslog-dhcpd + +%files doc +%doc README RELNOTES +%doc README.* DDNS-howto.txt doc/* +%doc contrib examples + +%files client +%{sbindir}/dhclient +%{sbindir}/dhclient6 +%config(noreplace) %{_sysconfdir}/dhclient.conf +%config(noreplace) %{_sysconfdir}/dhclient6.conf +%{_mandir}/man5/dhclient.conf.5%{?ext_man} +%{_mandir}/man5/dhclient.leases.5%{?ext_man} +%{_mandir}/man8/dhclient.8%{?ext_man} +%dir %{_localstatedir}/lib/dhcp +%dir %{_localstatedir}/lib/dhcp6 + +%files relay +%{_sbindir}/dhcrelay +%{_sbindir}/dhcrelay6 +%{_sbindir}/rcdhcrelay +%{_sbindir}/rcdhcrelay6 +%dir %{_libexecdir}/dhcp +%{_libexecdir}/dhcp/dhcrelay +%{_unitdir}/dhcrelay.service +%{_unitdir}/dhcrelay6.service +%{_mandir}/man8/dhcrelay.8%{?ext_man} +%{_fillupdir}/sysconfig.dhcrelay + +%files devel +%dir %{_libdir}/dhcp +%{_libdir}/dhcp/lib* +%dir %{_includedir}/dhcp +%{_includedir}/dhcp/* +%{_mandir}/man3/omapi.3%{?ext_man} +%{_mandir}/man3/dhcpctl.3%{?ext_man} + +%changelog diff --git a/dhcpd.conf b/dhcpd.conf new file mode 100644 index 0000000..574b7d7 --- /dev/null +++ b/dhcpd.conf @@ -0,0 +1,154 @@ +# /etc/dhcpd.conf +# +# Sample configuration file for ISC dhcpd +# +# *** PLEASE CONFIGURE IT FIRST *** +# +# Don't forget to set the DHCPD_INTERFACE in the +# /etc/sysconfig/dhcpd file. +# + +# option definitions common to all supported networks... +#option domain-name "example.org"; +#option domain-name-servers ns1.example.org, ns2.example.org; + +#default-lease-time 600; +#max-lease-time 7200; + +# if you do not use dynamical DNS updates: +# +# if you want to use dynamical DNS updates, you should first read +# read /usr/share/doc/packages/dhcp-server/DDNS-howto.txt +# +#ddns-updates off; + +# Use this to enble / disable dynamic dns updates globally. +#ddns-update-style none; + +# If this DHCP server is the official DHCP server for the local +# network, the authoritative directive should be uncommented. +#authoritative; + +# Use this to send dhcp log messages to a different log file (you also +# have to hack syslog.conf to complete the redirection). +#log-facility local7; + +# +# Define RFC 3442 classless static route option (121); +# the following _example_ routes: +# 192.168.2.254/32 via 0.0.0.0 (device route) +# 192.168.2.253/32 via 192.168.1.2 (255.255.255.255) +# 192.2.0.128/25 via 192.168.1.2 (255.255.255.128) +# 192.168.2.0/24 via 192.168.1.2 (255.255.255.0) +# 172.16.0.0/12 via 192.168.1.2 (255.240.0.0) +# 10.0.0.0/8 via 192.168.1.2 (255.0.0.0) +# default via 192.168.1.1 +# have to be written as: +# option rfc3442-classless-static-routes +# 32, 192, 168, 2, 254, 0, 0, 0, 0, +# 32, 192, 168, 2, 253, 192, 168, 1, 2, +# 25, 192, 2, 0, 128, 192, 168, 1, 2, +# 24, 192, 168, 3, 192, 168, 1, 2, +# 12, 172, 16, 192, 168, 1, 2, +# 8, 10, 192, 168, 1, 2, +# 0, 192, 168, 1, 1; +# +# Note: you have to specify the default gateway here +# as well, because when classless routes are in use, +# the 'routers' option is ignored by the dhcp client. +# +#option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; + +# +# Define RFC 4833 timezone options: +# +#option rfc4833-tz-posix-string code 100 = string; +#option rfc4833-tz-name code 101 = string; +# +# Use example: +# option rfc4833-tz-posix-string "EST5EDT4,M3.2.0/02:00,M11.1.0/02:00"; +# option rfc4833-tz-name "Europe/Zurich"; + + +# No service will be given on this subnet, but declaring it helps the +# DHCP server to understand the network topology. + +#subnet 10.152.187.0 netmask 255.255.255.0 { +#} + +# This is a very basic subnet declaration. + +#subnet 10.254.239.0 netmask 255.255.255.224 { +# range 10.254.239.10 10.254.239.20; +# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; +#} + +# This declaration allows BOOTP clients to get dynamic addresses, +# which we don't really recommend. + +#subnet 10.254.239.32 netmask 255.255.255.224 { +# range dynamic-bootp 10.254.239.40 10.254.239.60; +# option broadcast-address 10.254.239.31; +# option routers rtr-239-32-1.example.org; +#} + +# A slightly different configuration for an internal subnet. +#subnet 10.5.5.0 netmask 255.255.255.224 { +# range 10.5.5.26 10.5.5.30; +# option domain-name-servers ns1.internal.example.org; +# option domain-name "internal.example.org"; +# option routers 10.5.5.1; +# option broadcast-address 10.5.5.31; +# default-lease-time 600; +# max-lease-time 7200; +#} + +# Hosts which require special configuration options can be listed in +# host statements. If no address is specified, the address will be +# allocated dynamically (if possible), but the host-specific information +# will still come from the host declaration. + +#host passacaglia { +# hardware ethernet 0:0:c0:5d:bd:95; +# filename "vmunix.passacaglia"; +# server-name "toccata.fugue.com"; +#} + +# Fixed IP addresses can also be specified for hosts. These addresses +# should not also be listed as being available for dynamic assignment. +# Hosts for which fixed IP addresses have been specified can boot using +# BOOTP or DHCP. Hosts for which no fixed address is specified can only +# be booted with DHCP, unless there is an address range on the subnet +# to which a BOOTP client is connected which has the dynamic-bootp flag +# set. +#host fantasia { +# hardware ethernet 08:00:07:26:c0:a5; +# fixed-address fantasia.fugue.com; +#} + +# You can declare a class of clients and then do address allocation +# based on that. The example below shows a case where all clients +# in a certain class get addresses on the 10.17.224/24 subnet, and all +# other clients get addresses on the 10.0.29/24 subnet. + +#class "foo" { +# match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; +#} +# +#shared-network 224-29 { +# subnet 10.17.224.0 netmask 255.255.255.0 { +# option routers rtr-224.example.org; +# } +# subnet 10.0.29.0 netmask 255.255.255.0 { +# option routers rtr-29.example.org; +# } +# pool { +# allow members of "foo"; +# range 10.17.224.10 10.17.224.250; +# } +# pool { +# deny members of "foo"; +# range 10.0.29.10 10.0.29.230; +# } +#} + diff --git a/dhcpd.script b/dhcpd.script new file mode 100644 index 0000000..714e3d8 --- /dev/null +++ b/dhcpd.script @@ -0,0 +1,429 @@ +#! /bin/bash +# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH +# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH +# Copyright (c) 2002, 2003 SuSE Linux AG +# Copyright (c) 2004-2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, see . +# +# Author: Rolf Haberrecker , 1997-1999 +# Peter Poeml , 2000-2006 +# Marius Tomaschewski , 2006-2010 +# +# /usr/lib/dhcp/dhcpd helper script, fromer /etc/init.d/dhcpd init script. +# +### +test -s /etc/sysconfig/dhcpd && . /etc/sysconfig/dhcpd + +SUPPORTS_CHROOT="yes" +SUPPORTS_RUN_AS="yes" +SUPPORTS_HUP="no" + +# note: $DAEMON_PIDFILE is a symlink to the +# $DAEMON_STATE$DAEMON_PIDFILE (also +# while DHCPD_RUN_CHROOTED=no) now, +# as DHCPD_RUN_AS is not allowed to +# create pid files in /run. + +DHCPv_OPT=$1 ; shift +case $DHCPv_OPT in +-4) + DAEMON='ISC DHCPv4 Server' + DAEMON_BIN=/usr/sbin/dhcpd + DAEMON_CONF=/etc/dhcpd.conf + DAEMON_STATE=/var/lib/dhcp + DAEMON_LEASES=dhcpd.leases + DAEMON_PIDFILE=/run/dhcpd.pid + STARTPROC_LOGFILE=/var/log/rc.dhcpd.log + LDAP_CONF=/etc/openldap/ldap.conf + + test "$DHCPD_RUN_CHROOTED" = "yes" && \ + CHROOT_PREFIX="$DAEMON_STATE" || CHROOT_PREFIX='' + + DHCPD_CONF_INCLUDE_FILES=${DHCPD_CONF_INCLUDE_FILES:-/etc/dhcpd.d} +;; +-6) + DAEMON='ISC DHCPv6 Server' + DAEMON_BIN=/usr/sbin/dhcpd + DAEMON_CONF=/etc/dhcpd6.conf + DAEMON_STATE=/var/lib/dhcp6 + DAEMON_LEASES=dhcpd6.leases + DAEMON_PIDFILE=/run/dhcpd6.pid + STARTPROC_LOGFILE=/var/log/rc.dhcpd6.log + LDAP_CONF="" + + test "$DHCPD6_RUN_CHROOTED" = "yes" && \ + CHROOT_PREFIX="$DAEMON_STATE" || CHROOT_PREFIX='' + + DHCPD_RUN_AS=$DHCPD6_RUN_AS + DHCPD_INTERFACE=$DHCPD6_INTERFACE + DHCPD_OTHER_ARGS=$DHCPD6_OTHER_ARGS + DHCPD_CONF_INCLUDE_FILES=${DHCPD6_CONF_INCLUDE_FILES:-/etc/dhcpd6.d} +;; +*) + echo >&2 "Usage: $0 <-4|-6> " + exit 2 +;; +esac + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signalling is not supported) are +# considered a success. + +if ! [ -x "$DAEMON_BIN" ]; then + case $1 in + stop) ;; + *) echo -n >&2 "\"$DAEMON_BIN\" is not an executable file. Exiting." + case $1 in + status) exit 4 ;; + *) exit 5 ;; + esac + ;; + esac + exit +fi +if ! [ -r "$DAEMON_CONF" ] ; then + case $1 in + stop|status) + if test ! -s /etc/sysconfig/dhcpd ; then + test -e $DAEMON_STATE/$DAEMON_PIDFILE && \ + CHROOT_PREFIX="$DAEMON_STATE" || CHROOT_PREFIX='' + fi + ;; + *) + echo -n >&2 "\"$DAEMON_CONF\" config file missed. Exiting." + exit 6 + ;; + esac +fi + +# remove empty pid files to avoid disturbing warnings by checkproc/killproc +# (these can occur if dhcpd does not start correctly) +test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE +test -e $DAEMON_STATE/$DAEMON_PIDFILE && ! test -s $DAEMON_STATE/$DAEMON_PIDFILE && rm $DAEMON_STATE/$DAEMON_PIDFILE + +case "$1" in + start) + echo -n "Starting $DAEMON " + + ## If there is no conf file, skip starting of dhcpd + ## and return with "program not configured" + if ! [ -f $DAEMON_CONF ]; then + echo -n "... no configuration file found"; + # service is not configured + exit 6; + fi + + ## If the interfaces are not set, skip starting of dhcpd + ## and return with "program not configured" + if [ -z "$DHCPD_INTERFACE" ]; then + var="DHCPD_INTERFACE" + case $DHCPv_OPT in -6) var=DHCPD6_INTERFACE ;; esac + echo -n "... set $var in /etc/sysconfig/dhcpd" + # service is not configured + exit 6; + fi + + if [ "$DHCPD_INTERFACE" = "ANY" ]; then + DHCPD_INTERFACE="" + fi + + jail=${CHROOT_PREFIX:-${DAEMON_STATE}}; leases=$DAEMON_LEASES + if ! [ -e $jail/db/$leases ]; then + # until 9.0, the lease file was in /var/lib/dhcp and part of the package + if test -e $jail/$leases -a '!' -L $jail/$leases; then + # this is the case where the %post script runs _before_ the old package is + # removed (i.e., dhcpd.leases has not renamed to .rpmsave yet) + mv $jail/$leases $jail/db/$leases && \ + ln -s db/$leases $jail/ + elif test -e $jail/$leases.rpmsave; then + # this is what's left when the package is already gone. + mv $jail/$leases.rpmsave $jail/db/$leases && \ + ln -s db/$leases $jail/ + else + # fresh installation: + # a lease file must be present. the server won't start without + touch $jail/db/$leases + fi + fi + + if test "$DHCPD_RUN_CHROOTED" = "yes" ; then + ## copy the conf file to the chroot jail (dhcpd has to be restarted anyway, + ## when it has changed) and change path to leases file + for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES $LDAP_CONF /etc /dev; do + if test -d "${i}" ; then + test -d "$CHROOT_PREFIX/${i}" || \ + mkdir -p "$CHROOT_PREFIX/${i}" + elif test -e "${i}" ; then + test -d "$CHROOT_PREFIX/${i%/*}" || \ + mkdir -p "$CHROOT_PREFIX/${i%/*}" + fi + done + rm -f $CHROOT_PREFIX/dev/urandom + for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES $LDAP_CONF /etc/{gai.conf,nsswitch.conf,resolv.conf,host.conf,hosts,localtime,bindresvport.blacklist} /dev/urandom; do + if ! test -e "$i"; then continue; fi # neither of them is absolutely necessary + cp -aL "$i" "${CHROOT_PREFIX}/${i%/*}/" &>/dev/null \ + || { echo "...$0:$LINENO: could not copy $i to chroot jail"; exit 6; } + done + libdir=@LIBDIR@ + if test -x /usr/bin/ldd ; then + get_ldd_deps() + { + ldd_wl="\/${libdir}\/lib" + ldd_bl="\/${libdir}\/libc\." + /usr/bin/ldd "$1" | \ + while read -sr a b c d ; do + [ -n "$c" ] || continue + [[ $c =~ $ldd_wl ]] || continue + [[ $c =~ $ldd_bl ]] && continue + echo $c + done + } + else + get_ldd_deps() { :; } + fi + cplibs=`for i in /$libdir/{libresolv.so.*,libnss_*.so.*} \ + /$libdir/{libpthread.so.0,libdl.so.2,libgcc_s.so.*} ; + do + if [ -s "$i" ] ; then + echo "$i" + get_ldd_deps "$i" + fi + done | sort -u` + for i in $cplibs ; do + if [ -s "$i" ]; then + cp -pL "$i" "${CHROOT_PREFIX}/$libdir/" \ + || { echo "...$0:$LINENO: could not copy $i to chroot jail"; exit 6; } + fi + done + + # mount /proc into the chroot; the server fails if unable to read /proc/net/{dev,if_inet6} + mkdir -p ${CHROOT_PREFIX}/proc + mount -t proc -o ro proc ${CHROOT_PREFIX}/proc 2>/dev/null + + DHCPD_ARGS="-chroot $CHROOT_PREFIX -lf /db/$DAEMON_LEASES" + + ## If there is a pid file containing a pid, the machine might have crashed. pid files in + ## /run are always cleaned up at boot time, but this is not the case for the pid file in + ## the chroot jail. Therefore, and old pid file may exist. This is only a problem if it + ## incidentally contains the pid of a running process. If this process is not a 'dhcpd', + ## we remove the pid. (dhcpd itself only checks whether the pid is alive or not.) + if test -s $DAEMON_STATE/$DAEMON_PIDFILE; then + p=$(<$DAEMON_STATE/$DAEMON_PIDFILE) + if test -n "$p" && grep -qsE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then + echo -n '(already running) ' + else + rm -f $DAEMON_STATE/$DAEMON_PIDFILE + fi + fi + PID_FILE_ARG="$DAEMON_PIDFILE" + else + DHCPD_ARGS="-lf ${DAEMON_STATE}/db/$DAEMON_LEASES" + PID_FILE_ARG="$DAEMON_STATE$DAEMON_PIDFILE" + fi + + if [ -n "$DHCPD_RUN_AS" ]; then + DHCPD_RUN_AS_GROUP="$(getent group $(getent passwd $DHCPD_RUN_AS | cut -d: -f4) | cut -d: -f1)" + DHCPD_ARGS="$DHCPD_ARGS -user $DHCPD_RUN_AS -group $DHCPD_RUN_AS_GROUP" + + chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \ + "$DAEMON_STATE/${DAEMON_PIDFILE%/*}" + fi + + + ## check syntax with -t (output to log file) and start only when the syntax is okay + rm -f $STARTPROC_LOGFILE # start log + error=0 + if ! $DAEMON_BIN $DHCPv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $PID_FILE_ARG > $STARTPROC_LOGFILE 2>&1 ; then + error=1 + else + ## Start daemon. If this fails the return value is set appropriate. + ## The init script should return 0, even if service is already running, + ## to match the LSB spec. + + test "$2" = "-v" && echo -en \ + "\nexecuting '$DAEMON_BIN $DHCPv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'" + + $DAEMON_BIN $DHCPv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE + ret=$? + fi + + if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then + ## be verbose + echo "" + echo -n " please see $STARTPROC_LOGFILE for details " + ## set status to failed + exit 1 + else + ln -sf "$DAEMON_STATE$DAEMON_PIDFILE" "$DAEMON_PIDFILE" + [ "$DHCPD_RUN_CHROOTED" = "yes" ] && echo -n "[chroot]" || : + fi + ;; + stop) + echo -n "Shutting down $DAEMON " + + # Catch the case where daemon is running without chroot, + # but sysconfig/dhcp has been changed to use chroot (and + # another way around). + # In this case is there is no $chroot/$pidfile, but there + # should be a /pidfile that we use instead. + # We can not kill without pid file or dhcp4 kills dhcp6. + PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE" + if test "$DHCPD_RUN_CHROOTED" = "yes" ; then + if test ! -s "$DAEMON_STATE$DAEMON_PIDFILE" -a \ + -s "$DAEMON_PIDFILE" ; then + PID_FILE="$DAEMON_PIDFILE" + fi + else + if test ! -s "$DAEMON_PIDFILE" -a \ + -s "$DAEMON_STATE$DAEMON_PIDFILE" ; then + PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE" + fi + fi + + ## Stop daemon with killproc(8) and if this fails + ## set echo the echo return value. + killproc -p "$PID_FILE" $DAEMON_BIN + ret=$? + + # umount proc and remove libraries from the chroot jail, + # so they are not left over if the server is deinstalled + if [ "$DHCPD_RUN_CHROOTED" = yes -a -n "$CHROOT_PREFIX" ]; then + umount ${CHROOT_PREFIX}/proc 2>/dev/null + rm -f $CHROOT_PREFIX/lib*/* + fi + + exit $ret + ;; + try-restart) + ## Do a restart only if the service was active before. + ## Note: try-restart is now part of LSB (as of 1.9). + ## RH has a similar command named condrestart. + $0 $DHCPv_OPT status + if test $? = 0; then + $0 $DHCPv_OPT restart + fi + ;; + restart) + ## Check syntax and when it is OK, stop the service + ## and regardless of whether it was running or not, + ## start it again. + if ! $0 $DHCPv_OPT check-syntax &>/dev/null ; then + echo -n "Syntax check reports errors, see log messages" + exit 1 + else + $0 $DHCPv_OPT stop + sleep 3 + $0 $DHCPv_OPT start + fi + ;; + force-reload) + ## Signal the daemon to reload its config. Most daemons + ## do this on signal 1 (SIGHUP). + ## If it does not support it, restart. + + if [ "$SUPPORTS_HUP" = "yes" ]; then + echo -n "Reload service $DAEMON" + killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN + #touch $DAEMON_STATE/$DAEMON_PIDFILE + elif ! $0 $DHCPv_OPT check-syntax &>/dev/null ; then + echo -n "Syntax check reports errors, see log messages" + exit 1 + else + $0 $DHCPv_OPT stop && sleep 3 && $0 $DHCPv_OPT start + fi + ;; + reload) + ## Like force-reload, but if daemon does not support + ## signalling, do nothing (!) + + echo -n "Reload service $DAEMON" + if [ "$SUPPORTS_HUP" = "yes" ]; then + # If it supports signalling: + killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN + #touch $DAEMON_STATE/$DAEMON_PIDFILE + else + ## Otherwise if it does not support reload: + exit 3 + fi + ;; + status) + echo -n "Checking for $DAEMON: " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Status has a slightly different for the status command: + # 0 - service running + # 1 - service dead, but /run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running + + # NOTE: checkproc returns LSB compliant status values. + checkproc -p $DAEMON_STATE/$DAEMON_PIDFILE $DAEMON_BIN + ;; + probe) + ## Optional: Probe for the necessity of a reload, + ## give out the argument which is required for a reload. + + rc=0 + for i in /etc/sysconfig/dhcpd $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do + test $i -nt $DAEMON_STATE/$DAEMON_PIDFILE && rc=1 + done + test $rc = 1 && echo restart + ;; + check-syntax|syntax-check) + echo -n "Checking syntax of $DAEMON_CONF: " + + ## this nice bit is from Edwin Groothuis: + ## check syntax (quiet) + $DAEMON_BIN $DHCPv_OPT -q -t -cf $DAEMON_CONF + if [ $? -ne 0 ]; then + echo "" + ## check syntax (verbose) + $DAEMON_BIN $DHCPv_OPT -t -cf $DAEMON_CONF + echo -ne '\nConfig is NOT okay' + exit 1 + fi + ;; + check-lease|check-lease-file) + echo -n "Checking lease file $DAEMON_LEASES: " + + if [ -s ${DAEMON_STATE}/db/$DAEMON_LEASES ] ; then + ## check leases file (quiet) + $DAEMON_BIN $DHCPv_OPT -q -T -cf /dev/null -lf ${DAEMON_STATE}/db/$DAEMON_LEASES + if [ $? -ne 0 ]; then + echo "" + ## check leases file (verbose) + $DAEMON_BIN $DHCPv_OPT -T -cf $DAEMON_CONF -lf ${DAEMON_STATE}/db/$DAEMON_LEASES + echo -ne '\nLease file is NOT okay' + exit 1 + fi + fi + ;; + *) + SCRIPT="${SCRIPT:-${0##*/} $DHCPv_OPT}" + echo "Usage: $SCRIPT {start|stop|status|try-restart|restart|force-reload|reload|probe|check-syntax} [-v]" + exit 1 +esac diff --git a/dhcpd.service b/dhcpd.service new file mode 100644 index 0000000..2f707b6 --- /dev/null +++ b/dhcpd.service @@ -0,0 +1,25 @@ +[Unit] +Description=ISC DHCPv4 Server +Before=multi-user.target +After=remote-fs.target network-online.target nss-lookup.target time-sync.target slapd.service sssd.service ndsd.service + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +Type=forking +Restart=on-abort +ExecStart=@LIBEXECDIR@/dhcp/dhcpd -4 start +ExecStop=@LIBEXECDIR@/dhcp/dhcpd -4 stop + +[Install] +WantedBy=multi-user.target +Alias=dhcp-server.service + diff --git a/dhcpd6.conf b/dhcpd6.conf new file mode 100644 index 0000000..79cfef3 --- /dev/null +++ b/dhcpd6.conf @@ -0,0 +1,127 @@ +# /etc/dhcpd6.conf +# +# Sample DHCPv6 configuration file for ISC dhcpd +# +# *** PLEASE CONFIGURE IT FIRST *** +# +# Don't forget to set the DHCPD6_INTERFACE in the +# /etc/sysconfig/dhcpd file. +# + +# +# Define RFC 4833 timezone options: +# +#option dhcp6.rfc4833-tz-posix-string code 41 = string; +#option dhcp6.rfc4833-tz-name code 42 = string; +# +# Use example: +# option dhcp6.rfc4833-tz-posix-string "EST5EDT4,M3.2.0/02:00,M11.1.0/02:00"; +# option dhcp6.rfc4833-tz-name "Europe/Zurich"; + + +# From the file used for TAHI tests. + +# +# For more iformations about IPv6 addresses, see also: +# http://tools.ietf.org/html/rfc4193 +# http://tools.ietf.org/html/rfc4291 +# http://www.iana.org/assignments/ipv6-address-space/ +# +# The addresses in the examples bellow are from the: +# FC00::/7 Unique Local Unicast [RFC4193] +# address space. +# +# Please allocate own prefix (6to4, tunnel broker) ! +# + +# IPv6 address valid lifetime +# (at the end the address is no longer usable by the client) +# (set to 30 days, the usual IPv6 default) +#default-lease-time 2592000; + +# IPv6 address preferred lifetime +# (at the end the address is deprecated, i.e., the client should use +# other addresses for new connections) +# (set to 7 days, the usual IPv6 default) +#preferred-lifetime 604800; + +# T1, the delay before Renew +# (default is 1/2 preferred lifetime) +# (set to 1 hour) +#option dhcp-renewal-time 3600; + +# T2, the delay before Rebind (if Renews failed) +# (default is 3/4 preferred lifetime) +# (set to 2 hours) +#option dhcp-rebinding-time 7200; + +# Enable RFC 5007 support (same than for DHCPv4) +#allow leasequery; + +# Global definitions for name server address(es) and domain search list +#option dhcp6.name-servers fc00:501:ffff:100:200:ff:fe00:3f3e; +#option dhcp6.domain-search "test.example.com","example.com"; + +# Set preference to 255 (maximum) in order to avoid waiting for +# additional servers when there is only one +##option dhcp6.preference 255; + +# Server side command to enable rapid-commit (2 packet exchange) +##option dhcp6.rapid-commit; + +# The delay before information-request refresh +# (minimum is 10 minutes, maximum one day, default is to not refresh) +# (set to 6 hours) +#option dhcp6.info-refresh-time 21600; + +# Static definition (must be global) +#host myclient { +# # The entry is looked up by this +# host-identifier option +# dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2; +# +# # A fixed address +# fixed-address6 fc00:501:ffff:100::1234; +# +# # A fixed prefix +# fixed-prefix6 fc00:501:ffff:101::/64; +# +# # Override of the global definitions, +# # works only when a resource (address or prefix) is assigned +# option dhcp6.name-servers fc00:501:ffff:100:200:ff:fe00:4f4e; +# +# # For debug (to see when the entry statements are executed) +# # (log "sol" when a matching Solicitation is received) +# ##if packet(0,1) = 1 { log(debug,"sol"); } +#} + +# The subnet where the server is attached +# (i.e., the server has an address in this subnet) +#subnet6 fc00:501:ffff:100::/64 { +# # Two addresses available to clients +# # (the third client should get NoAddrsAvail) +# range6 fc00:501:ffff:100::10 fc00:501:ffff:100::11; +# +# # Use the whole /64 prefix for temporary addresses +# # (i.e., direct application of RFC 4941) +# range6 fc00:501:ffff:100:: temporary; +# +# # Some /64 prefixes available for Prefix Delegation (RFC 3633) +# prefix6 fc00:501:ffff:100:: fc00:501:ffff:111:: /64; +#} + +# A second subnet behind a relay agent +#subnet6 fc00:501:ffff:101::/64 { +# range6 fc00:501:ffff:101::10 fc00:501:ffff:101::11; +# +# # Override of the global definitions, +# # works only when a resource (address or prefix) is assigned +# option dhcp6.name-servers fc00:501:ffff:101:200:ff:fe00:3f3e; +# +#} + +# A third subnet behind a relay agent chain +#subnet6 fc00:501:ffff:102::/64 { +# range6 fc00:501:ffff:102::10 fc00:501:ffff:102::11; +#} + diff --git a/dhcpd6.service b/dhcpd6.service new file mode 100644 index 0000000..ce9b17e --- /dev/null +++ b/dhcpd6.service @@ -0,0 +1,25 @@ +[Unit] +Description=ISC DHCPv6 Server +Before=multi-user.target +After=remote-fs.target network.target nss-lookup.target time-sync.target slapd.service sssd.service ndsd.service + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +Type=forking +Restart=on-abort +ExecStart=@LIBEXECDIR@/dhcp/dhcpd -6 start +ExecStop=@LIBEXECDIR@/dhcp/dhcpd -6 stop + +[Install] +WantedBy=multi-user.target +Alias=dhcp6-server.service + diff --git a/dhcrelay.script b/dhcrelay.script new file mode 100644 index 0000000..3be6c46 --- /dev/null +++ b/dhcrelay.script @@ -0,0 +1,213 @@ +#! /bin/sh +# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH +# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH +# Copyright (c) 2002 SuSE Linux AG +# Copyright (c) 2003-2014 SUSE LINUX Products GmbH +# +# Author: Peter Poeml , 2001 +# Marius Tomaschewski , 2010 +# +# /usr/lib/dhcp/dhcrelay helper, +# fromer /etc/init.d/dhcrelay init script +# +### + +DHCPv_OPT=$1 ; shift +case $DHCPv_OPT in +-4) + DAEMON="ISC DHCPv4 relay agent" + DAEMON_BIN=/usr/sbin/dhcrelay + DAEMON_CONF=/etc/sysconfig/dhcrelay + DAEMON_PIDFILE=/run/dhcrelay.pid + STARTPROC_LOGFILE=/var/log/rc.dhcrelay.log + SUPPORTS_HUP="no" +;; +-6) + DAEMON="ISC DHCPv6 relay agent" + DAEMON_BIN=/usr/sbin/dhcrelay6 + DAEMON_CONF=/etc/sysconfig/dhcrelay + DAEMON_PIDFILE=/run/dhcrelay6.pid + STARTPROC_LOGFILE=/var/log/rc.dhcrelay6.log +;; +*) + echo >&2 "Usage: $0 <-4|-6> " + exit 2 +;; +esac + +test -s "$DAEMON_CONF" && . "$DAEMON_CONF" +if ! [ -x "$DAEMON_BIN" ]; then + case $1 in + stop) ;; + *) echo -n >&2 "$0: \"$DAEMON_BIN\" is not an executable file. Exiting." + case $1 in + status) exit 4 ;; + *) exit 5 ;; + esac + ;; + esac + exit 0 +fi + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signalling is not supported) are +# considered a success. + +case "$1" in + start) + # FIXME: this check is pointless since systemd already do it. + echo -n "Starting $DAEMON" + checkproc -p $DAEMON_PIDFILE $DAEMON_BIN && { + echo -n "... already running"; exit 0; + } + + case $DHCPv_OPT in + -4) + ## If interfaces or servers are not set, skip starting of dhcrelay + ## and return with "program not configured" + if [ -z "$DHCRELAY_INTERFACES" -o -z "$DHCRELAY_SERVERS" ]; then + # service is not configured + exit 6; + fi + + DHCRELAY_INTERFACES_ARGS='' + for i in $DHCRELAY_INTERFACES ; do + DHCRELAY_INTERFACES_ARGS="$DHCRELAY_INTERFACES_ARGS -i $i" + done + + DHCRELAY_ARGS="$DHCRELAY_OPTIONS $DHCRELAY_INTERFACES_ARGS $DHCRELAY_SERVERS" + ;; + -6) + DHCRELAY6_LOWER_INTERFACES_ARGS='' + for l in $DHCRELAY6_LOWER_INTERFACES ; do + test "x$l" = x -o "x$l" = "x-l" && continue + DHCRELAY6_LOWER_INTERFACES_ARGS="$DHCRELAY6_LOWER_INTERFACES_ARGS -l $l" + done + DHCRELAY6_UPPER_INTERFACES_ARGS='' + for u in $DHCRELAY6_UPPER_INTERFACES ; do + test "x$u" = x -o "x$u" = "x-u" && continue + DHCRELAY6_UPPER_INTERFACES_ARGS="$DHCRELAY6_UPPER_INTERFACES_ARGS -u $u" + done + if [ "x$DHCRELAY6_LOWER_INTERFACES_ARGS" = x -o \ + "x$DHCRELAY6_UPPER_INTERFACES_ARGS" = x ]; then + # service is not configured + exit 6; + fi + DHCRELAY_ARGS="$DHCRELAY6_OPTIONS $DHCRELAY6_LOWER_INTERFACES_ARGS $DHCRELAY6_UPPER_INTERFACES_ARGS" + ;; + esac + ## Start daemon with startproc(8). If this fails + ## the echo return value is set appropriate. + + # startproc should return 0, even if service is + # already running to match LSB spec. + if [ "$2" = "-v" ]; then + echo + echo -n "executing '$DAEMON_BIN $DHCPv_OPT $DHCRELAY_ARGS'" + fi + startproc -q -l $STARTPROC_LOGFILE -p $DAEMON_PIDFILE $DAEMON_BIN $DHCPv_OPT $DHCRELAY_ARGS >/dev/null 2>&1 + rc=$? + if ! [ $rc -eq 0 ]; then + ## be verbose + echo "" + echo -n " please see $STARTPROC_LOGFILE for details " + ## set status to failed + exit 1 + fi + ;; + stop) + echo -n "Shutting down $DAEMON" + ## Stop daemon with killproc(8) and if this fails + ## set echo the echo return value. + + killproc -p $DAEMON_PIDFILE $DAEMON_BIN + ;; + try-restart) + ## Do a restart only if the service was active before. + ## Note: try-restart is now part of LSB (as of 1.9). + ## RH has a similar command named condrestart. + $0 status + if test $? = 0; then + $0 restart + fi + ;; + restart) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 stop + sleep 1 + $0 start + ;; + force-reload) + ## Signal the daemon to reload its config. Most daemons + ## do this on signal 1 (SIGHUP). + ## If it does not support it, restart. + + $0 stop && sleep 1 && $0 start || exit + + echo -n "Reload service $DAEMON" + + if [ "$SUPPORTS_HUP" = "yes" ] ; then + killproc -p $DAEMON_PIDFILE -HUP $DAEMON_BIN + #touch $DAEMON_PIDFILE + else + $0 stop && $0 start + fi + ;; + reload) + ## Like force-reload, but if daemon does not support + ## signalling, do nothing (!) + + if [ "$SUPPORTS_HUP" = "yes" ] ; then + # If it supports signalling: + echo -n "Reload service $DAEMON" + killproc -p $DAEMON_PIDFILE -HUP $DAEMON_BIN + #touch $DAEMON_PIDFILE + else + ## Otherwise if it does not support reload: + exit 3 + fi + ;; + status) + echo -n "Checking for dhcp relay agent: " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Status has a slightly different for the status command: + # 0 - service running + # 1 - service dead, but /run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running + + # NOTE: checkproc returns LSB compliant status values. + checkproc -p $DAEMON_PIDFILE $DAEMON_BIN + ;; + probe) + ## Optional: Probe for the necessity of a reload, + ## give out the argument which is required for a reload. + + if [ "$DAEMON_CONF" -nt "$DAEMON_PIDFILE" ]; then + if [ "$SUPPORTS_HUP" = "yes" ]; then + echo reload + else + echo restart + fi + fi + ;; + *) + SCRIPT="${SCRIPT:-${0##*/} $DHCPv_OPT}" + echo "Usage: $SCRIPT {start|stop|status|try-restart|restart|force-reload|reload|probe} [-v]" + exit 1 + ;; +esac diff --git a/dhcrelay.service b/dhcrelay.service new file mode 100644 index 0000000..d5a9f3c --- /dev/null +++ b/dhcrelay.service @@ -0,0 +1,26 @@ +[Unit] +Description=ISC DHCPv4 Relay Agent +Before=multi-user.target +After=remote-fs.target network.target nss-lookup.target time-sync.target ldap.service ndsd.service + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +Type=forking +Restart=on-abort +ExecStart=@LIBEXECDIR@/dhcp/dhcrelay -4 start +ExecStop=@LIBEXECDIR@/dhcp/dhcrelay -4 stop +PIDFile=/run/dhcrelay.pid + +[Install] +WantedBy=multi-user.target +Alias=dhcp-relay.service + diff --git a/dhcrelay6.service b/dhcrelay6.service new file mode 100644 index 0000000..0b641b1 --- /dev/null +++ b/dhcrelay6.service @@ -0,0 +1,25 @@ +[Unit] +Description=ISC DHCPv6 Relay Agent +Before=multi-user.target +After=remote-fs.target network.target nss-lookup.target time-sync.target ldap.service ndsd.service + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +Type=forking +Restart=on-abort +ExecStart=@LIBEXECDIR@/dhcp/dhcrelay -6 start +ExecStop=@LIBEXECDIR@/dhcp/dhcrelay -6 stop + +[Install] +WantedBy=multi-user.target +Alias=dhcp6-relay.service + diff --git a/examples.tar.gz b/examples.tar.gz new file mode 100644 index 0000000..ce11de6 --- /dev/null +++ b/examples.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c8e12dc80ff8aaff46d69671b3700c5c2331900f9ae76ab0735913426bc38ad1 +size 1836 diff --git a/if-up.d.dhcpd-restart-hook b/if-up.d.dhcpd-restart-hook new file mode 100644 index 0000000..0dd5f23 --- /dev/null +++ b/if-up.d.dhcpd-restart-hook @@ -0,0 +1,175 @@ +#! /bin/bash +# +# dhcpd-restart-hook - script to restart dhcpd on virtual interfaces +# +# Copyright (C) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# Author(s): Marius Tomaschewski , 2009 +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# version 2 as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# +# Please send feedback via http://www.suse.de/feedback +# + +set -e + +unset ${!LC_*} LANUGUAGE +export LANG=POSIX +export PATH=/sbin:/usr/sbin:/usr/bin:/bin + +SCRIPTNAME=${0##*/} + +usage () { + echo "usage: $SCRIPTNAME [] [-o ]" + echo "" + echo "Any options are ignored" + exit $R_USAGE +} + +R_INTERNAL=1 # internal error, e.g. no config or missing scripts +cd /etc/sysconfig/network || exit $R_INTERNAL + +case $1 in ""|-h|*help*) usage ;; esac +INTERFACE="$1" +if test "x$2" != x -a "x$2" != "x-o" ; then + CONFIG=$INTERFACE + INTERFACE="$2" + shift +else + CONFIG=$INTERFACE +fi +shift + +mode="" +args=$(getopt -o "o:" -- "$@") +eval set -- "$args" +while [ $# -gt 0 ]; do + case "$1" in + --) shift; break;; + -o) mode="$2"; shift;; + esac + shift +done + +. /etc/sysconfig/network/config +if test -f /etc/sysconfig/network/scripts/functions ; then + . /etc/sysconfig/network/scripts/functions +fi + +. /etc/sysconfig/dhcpd 2>/dev/null +. /etc/sysconfig/network/ifcfg-"$CONFIG" 2>/dev/null || true + +: ${DHCPD_IFUP_RESTART:=auto} +: ${DHCPD6_IFUP_RESTART:=auto} + +iface_needs_restart() +{ + test -d /sys/class/net/$1/bridge -o \ + -d /sys/class/net/$1/bonding -o \ + -f /proc/net/vlan/$1 +} + +dhcpv4_server_restart() +{ + # + # don't do anything if we are disabled either + # in the /etc/sysconfig/dhcpd or per interface + # in the /etc/sysconfig/network/ifcfg-"$CONFIG" + # + test "$DHCPD_IFUP_RESTART" = no && return 0 + + # don't restart for loopback interface + case $INTERFACE in (lo) return 0 ;; esac + + restart_needed=$DHCPD_IFUP_RESTART + if test -n "$DHCPD_INTERFACE" \ + -a "$restart_needed" != yes ; + then + for I in $DHCPD_INTERFACE ; do + test -n "$I" || continue + + # don't restart when _one_ involved + # interface is not available/up yet + is_iface_up $I || return 0 + + # check if this interface is involved + if test "$I" = "$INTERFACE" ; then + + # check if a restart is needed + if iface_needs_restart $I ; then + restart_needed=yes + fi + fi + done + fi + + if test "$restart_needed" = yes ; then + if test "`/usr/bin/systemctl --value -p SubState show dhcpd.service`" = "running"; then + /usr/bin/systemctl restart dhcpd.service + fi + fi +} +dhcpv6_server_restart() +{ + # + # don't do anything if we are disabled either + # in the /etc/sysconfig/dhcpd or per interface + # in the /etc/sysconfig/network/ifcfg-"$CONFIG" + # + test "$DHCPD6_IFUP_RESTART" = no && return 0 + + # don't restart for loopback interface + case $INTERFACE in (lo) return 0 ;; esac + + restart_needed=$DHCPD6_IFUP_RESTART + if test -n "$DHCPD6_INTERFACE" \ + -a "$restart_needed" != yes ; + then + for I in $DHCPD6_INTERFACE ; do + test -n "$I" || continue + + # don't restart when _one_ involved + # interface is not available/up yet + is_iface_up $I || return 0 + + # check if this interface is involved + if test "$I" = "$INTERFACE" ; then + + # check if a restart is needed + if iface_needs_restart $I ; then + restart_needed=yes + fi + fi + done + fi + + if test "$restart_needed" = yes ; then + if test "`/usr/bin/systemctl --value -p SubState show dhcpd6.service`" = "running"; then + /usr/bin/systemctl restart dhcpd6.service + fi + fi +} + +case "$mode" in +*-up*) + dhcpv4_server_restart + dhcpv6_server_restart +;; +*-down*) + # don't do anything +;; +*) + echo "$SCRIPTNAME: don't know what to do" >&2 +;; +esac + diff --git a/slp.reg.d.dhcp.reg b/slp.reg.d.dhcp.reg new file mode 100644 index 0000000..3bed196 --- /dev/null +++ b/slp.reg.d.dhcp.reg @@ -0,0 +1,11 @@ +############################################################################# +# +# OpenSLP registration file +# +# register dhcp service daemon +# +############################################################################# + +service:dhcp://$HOSTNAME:67,en,65535 +watch-port-udp=67 +description=DHCP Service diff --git a/sysconfig.dhcpd b/sysconfig.dhcpd new file mode 100644 index 0000000..2c007eb --- /dev/null +++ b/sysconfig.dhcpd @@ -0,0 +1,184 @@ +## Path: Network/DHCP/DHCP server +## Description: DHCPv4 server settings +## Type: string +## Default: "" +## ServiceRestart: dhcpd +# +# Interface(s) for the DHCPv4 server to listen on. +# +# A special keyword is ANY, it will cause dhcpd to autodetect available +# interfaces. +# +# Examples: DHCPD_INTERFACE="eth0 eth1 eth2" +# DHCPD_INTERFACE="ANY" +# +DHCPD_INTERFACE="" + +## Path: Network/DHCP/DHCP server +## Description: DHCPv6 server settings +## Type: string +## Default: "" +## ServiceRestart: dhcpd6 +# +# Interface(s) for the DHCPv6 server to listen on. +# +# A special keyword is ANY, it will cause dhcpd to autodetect available +# interfaces. +# +# Examples: DHCPD6_INTERFACE="eth0 eth1 eth2" +# DHCPD6_INTERFACE="ANY" +# +DHCPD6_INTERFACE="" + +## Type: list(yes,no,auto,) +## Default: +## Description: Restart dhcpv4 server when interface goes up (again) +# +# When the dhcp server is listening on a virtual interface, e.g. bridge, +# bonding or vlan, and this interface gets deleted and recreated during +# a network restart, dhcpd will stop answering requests on this interface +# and needs a restart as well. +# Begining with SLE-10 SP3, we install an if-up.d post script (see ifup(8) +# and also ifservices(5)), enabled in auto mode by default. This variable +# can be used to force or avoid the dhcp server restart: +# +# no: do not restart dhcpd +# yes: force a dhcp server restart +# auto: (default) restart for virtual interfaces (bond,bridge,vlan) when +# all interfaces used in DHCPD_INTERFACE variable are up as well. +# +# Except of this global setting, the variable can be specified per interface +# in the interface configurations (/etc/sysconfig/network/ifcfg-$name). +# +DHCPD_IFUP_RESTART="" + +## Type: list(yes,no,auto,) +## Default: +## Description: Restart dhcpv6 server when interface goes up (again) +# +# When the dhcp server is listening on a virtual interface, e.g. bridge, +# bonding or vlan, and this interface gets deleted and recreated during +# a network restart, dhcpd will stop answering requests on this interface +# and needs a restart as well. +# Begining with SLE-10 SP3, we install an if-up.d post script (see ifup(8) +# and also ifservices(5)), enabled in auto mode by default. This variable +# can be used to force or avoid the dhcp server restart: +# +# no: do not restart dhcpd +# yes: force a dhcp server restart +# auto: (default) restart for virtual interfaces (bond,bridge,vlan) when +# all interfaces used in DHCPD_INTERFACE variable are up as well. +# +# Except of this global setting, the variable can be specified per interface +# in the interface configurations (/etc/sysconfig/network/ifcfg-$name). +# +DHCPD6_IFUP_RESTART="" + +## Type: yesno +## Default: yes +## ServiceRestart: dhcpd +# +# Shall the DHCP server dhcpd run in a chroot jail (/var/lib/dhcp)? +# +# Each time you start dhcpd with the init script, /etc/dhcpd.conf +# will be copied to /var/lib/dhcp/etc/. +# +# Some files that are important for hostname to IP address resolution +# (/etc/{gai.conf,nsswitch.conf,resolv.conf,host.conf,hosts,localtime}, +# /lib/lib{resolv.so.*,libnss_*.so.*,libpthread.so.0,libdl.so.2}) will +# also be copied to the chroot jail by the init script when you start +# it (less than 1MB altogether). +# +# The pid file will be in /var/lib/dhcp/var/run/dhcpd.pid. +# +DHCPD_RUN_CHROOTED="yes" + +## Type: yesno +## Default: yes +## ServiceRestart: dhcpd6 +# +# Shall the DHCP server dhcpd run in a chroot jail (/var/lib/dhcp6)? +# +# Each time you start dhcpd with the init script, /etc/dhcpd6.conf +# will be copied to /var/lib/dhcp6/etc/. +# +# Some files that are important for hostname to IP address resolution +# (/etc/{gai.conf,nsswitch.conf,resolv.conf,host.conf,hosts,localtime}, +# /lib/lib{resolv.so.*,libnss_*.so.*,libpthread.so.0,libdl.so.2}) will +# also be copied to the chroot jail by the init script when you start +# it (less than 1MB altogether). +# +# The pid file will be in /var/lib/dhcp6/var/run/dhcpd.pid. +# +DHCPD6_RUN_CHROOTED="yes" + +## Type: string +## Default: "/etc/dhcpd.d" +## ServiceRestart: dhcpd +# +# Since version 3, dhcpd.conf can contain include statements. +# If you enter the names of any include files here, _all_ conf +# files will be copied to $chroot/etc/, when dhcpd is started in the +# chroot jail. (/etc/dhcpd.conf is always copied.) +# +# For your convenience, you can also specify entire directories, +# that will be copied inclusive subdirectories. The /etc/dhcpd.d +# directory will be copied by default when it exists. +# +# Example: "/etc/foo.bar.conf /etc/dhcpd.bootp-clients.conf" +# +DHCPD_CONF_INCLUDE_FILES="/etc/dhcpd.d" + +## Type: string +## Default: "/etc/dhcpd.d" +## ServiceRestart: dhcpd6 +# +# Since version 3, dhcpd.conf can contain include statements. +# If you enter the names of any include files here, _all_ conf +# files will be copied to $chroot/etc/, when dhcpd is started in +# the chroot jail. (/etc/dhcpd6.conf is always copied.) +# +# For your convenience, you can also specify entire directories, +# that will be copied inclusive subdirectories. The /etc/dhcpd6.d +# directory will be copied by default when it exists. +# +# Example: "/etc/foo.bar.conf /etc/dhcpd6.bootp-clients.conf" +# +DHCPD6_CONF_INCLUDE_FILES="/etc/dhcpd6.d" + +## Type: string +## Default: "dhcpd" +## ServiceRestart: dhcpd +# +# Leave empty or enter "root" to let dhcpd run as root. +# Enter "dhcpd" to run dhcpd as user 'dhcpd'. +# +DHCPD_RUN_AS="dhcpd" + +## Type: string +## Default: "dhcpd" +## ServiceRestart: dhcpd6 +# +# Leave empty or enter "root" to let dhcpd run as root. +# Enter "dhcpd" to run dhcpd as user 'dhcpd'. +# +DHCPD6_RUN_AS="dhcpd" + +## Type: string +## Default: "" +## ServiceRestart: dhcpd +# +# Other arguments that you want dhcpd to be started with +# (e.g. "-p 1234" for a non-standard port to listen on) +# +DHCPD_OTHER_ARGS="" + +## Type: string +## Default: "" +## ServiceRestart: dhcpd6 +# +# Other arguments that you want dhcpd to be started with +# (e.g. "-p 1234" for a non-standard port to listen on) +# +DHCPD6_OTHER_ARGS="" + diff --git a/sysconfig.dhcrelay b/sysconfig.dhcrelay new file mode 100644 index 0000000..16a2f15 --- /dev/null +++ b/sysconfig.dhcrelay @@ -0,0 +1,59 @@ +## Path: Network/DHCP/DHCP Relay agent +## Description: Configuration file for DHCP relay agent +## Type: string +## Default: "" +## ServiceRestart: dhcrelay +# +# Interface(s) for DHCPv4 relay agent to listen on +# +# Example: DHCPD_INTERFACE="eth0 eth1 eth2 wlan0" +# +DHCRELAY_INTERFACES="" + +## Type: string +## Default: "" +## ServiceRestart: dhcrelay +# +# DHCPv4 servers to be used by DHCPv4 relay agent +# (separated by spaces, e.g. "192.168.0.11 191.168.0.12") +# +DHCRELAY_SERVERS="" + +## Type: string +## Default: "" +## ServiceRestart: dhcrelay +# +# Additional DHCPv4 relay start options +# Example: "-c 8" +# +DHCRELAY_OPTIONS="" + +## Type: string +## Default: "" +## ServiceRestart: dhcrelay6 +# +# Specifies the ``lower'' client link network interfaces for DHCPv6 +# relay -- separated by spaces. +# The format of the lower interface is: "[address%]ifname[#index]". +# +DHCRELAY6_LOWER_INTERFACES="" + +## Type: string +## Default: "" +## ServiceRestart: dhcrelay6 +# +# Specifies the ``upper'' server link network interfaces for DHCPv6 +# relay -- separated by spaces. +# The format of the upper interface is "[address%]ifname". +# +DHCRELAY6_UPPER_INTERFACES="" + +## Type: string +## Default: "" +## ServiceRestart: dhcrelay6 +# +# Additional DHCPv6 relay start options +# Example: "-c 8 -I" +# +DHCRELAY6_OPTIONS="" + diff --git a/sysconfig.syslog-dhcpd b/sysconfig.syslog-dhcpd new file mode 100644 index 0000000..b35add7 --- /dev/null +++ b/sysconfig.syslog-dhcpd @@ -0,0 +1,26 @@ +## Type: string +## Default: "/var/lib/dhcp/dev/log" +## ServiceRestart: syslog +# +# The filename mentioned here will be added with the "-a ..." option as +# additional socket via SYSLOGD_PARAMS when syslogd is started or used +# to generate an include file for another syslog daemons. +# +# This additional socket is needed in case that syslogd is restarted. +# Otherwise a chrooted dhcpd won't be able to continue logging. +# +SYSLOGD_ADDITIONAL_SOCKET_DHCP="/var/lib/dhcp/dev/log" + +## Type: string +## Default: "/var/lib/dhcp6/dev/log" +## ServiceRestart: syslog +# +# The filename mentioned here will be added with the "-a ..." option as +# additional socket via SYSLOGD_PARAMS when syslogd is started or used +# to generate an include file for another syslog daemons. +# +# This additional socket is needed in case that syslogd is restarted. +# Otherwise a chrooted dhcpd won't be able to continue logging. +# +SYSLOGD_ADDITIONAL_SOCKET_DHCP6="/var/lib/dhcp6/dev/log" +