From 563a2e9db6664ff5a6b3376dee68b68d3135051631977f9947f215b03bfcc7a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 3 May 2024 12:03:07 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main dhcp revision ce631c21fbafd7dce70b6b065fa59e54 --- .gitattributes | 23 + 0001-dhcp-4.1.1-default-paths.patch | 44 + 0002-dhcp-4.1.1-paranoia.patch | 75 + 0003-dhcp-4.2.2-man-includes.patch | 41 + 0004-dhcp-4.1.1-tmpfile.patch | 37 + 0005-dhcp-4.1.1-dhclient-exec-filedes.patch | 29 + ...4.3.2-dhclient-send-hostname-or-fqdn.patch | 128 + 0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch | 26 + 0008-dhcp-4.2.2-dhclient-option-checks.patch | 58 + 0009-dhcp-4.2.6-close-on-exec.patch | 272 ++ 0010-dhcp-4.2.2-quiet-dhclient.patch | 27 + ...-4.2.x-chown-server-leases.bnc868253.patch | 38 + ...gned-lifetimes-for-script-bsc-926159.patch | 68 + ...ver-DHCPv4-option-to-dhclient-script.patch | 69 + 0016-infiniband-support.patch | 1115 ++++++ ...no-success-report-before-send.919959.patch | 98 + ...-on-script-pre-init-error-bsc-912098.patch | 47 + ...xed-improper-lease-duration-checking.patch | 67 + 0021-dhcp-ip-family-symlinks.patch | 67 + DDNS-howto.txt | 120 + contrib.tar.gz | 3 + dhclient.conf | 58 + dhclient6.conf | 22 + dhcp-4.4.2-P1.tar.gz | 3 + dhcp-4.4.2-P1.tar.gz.asc | 16 + dhcp-CVE-2022-2928.patch | 100 + dhcp-CVE-2022-2929.patch | 23 + dhcp-user.conf | 2 + dhcp.README | 62 + dhcp.changes | 3366 +++++++++++++++++ dhcp.keyring | 324 ++ dhcp.spec | 568 +++ dhcpd.conf | 154 + dhcpd.script | 429 +++ dhcpd.service | 25 + dhcpd6.conf | 127 + dhcpd6.service | 25 + dhcrelay.script | 213 ++ dhcrelay.service | 26 + dhcrelay6.service | 25 + examples.tar.gz | 3 + if-up.d.dhcpd-restart-hook | 175 + slp.reg.d.dhcp.reg | 11 + sysconfig.dhcpd | 184 + sysconfig.dhcrelay | 59 + sysconfig.syslog-dhcpd | 26 + 46 files changed, 8478 insertions(+) create mode 100644 .gitattributes create mode 100644 0001-dhcp-4.1.1-default-paths.patch create mode 100644 0002-dhcp-4.1.1-paranoia.patch create mode 100644 0003-dhcp-4.2.2-man-includes.patch create mode 100644 0004-dhcp-4.1.1-tmpfile.patch create mode 100644 0005-dhcp-4.1.1-dhclient-exec-filedes.patch create mode 100644 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch create mode 100644 0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch create mode 100644 0008-dhcp-4.2.2-dhclient-option-checks.patch create mode 100644 0009-dhcp-4.2.6-close-on-exec.patch create mode 100644 0010-dhcp-4.2.2-quiet-dhclient.patch create mode 100644 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch create mode 100644 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch create mode 100644 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch create mode 100644 0016-infiniband-support.patch create mode 100644 0017-server-no-success-report-before-send.919959.patch create mode 100644 0018-client-fail-on-script-pre-init-error-bsc-912098.patch create mode 100644 0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch create mode 100644 0021-dhcp-ip-family-symlinks.patch create mode 100644 DDNS-howto.txt create mode 100644 contrib.tar.gz create mode 100644 dhclient.conf create mode 100644 dhclient6.conf create mode 100644 dhcp-4.4.2-P1.tar.gz create mode 100644 dhcp-4.4.2-P1.tar.gz.asc create mode 100644 dhcp-CVE-2022-2928.patch create mode 100644 dhcp-CVE-2022-2929.patch create mode 100644 dhcp-user.conf create mode 100644 dhcp.README create mode 100644 dhcp.changes create mode 100644 dhcp.keyring create mode 100644 dhcp.spec create mode 100644 dhcpd.conf create mode 100644 dhcpd.script create mode 100644 dhcpd.service create mode 100644 dhcpd6.conf create mode 100644 dhcpd6.service create mode 100644 dhcrelay.script create mode 100644 dhcrelay.service create mode 100644 dhcrelay6.service create mode 100644 examples.tar.gz create mode 100644 if-up.d.dhcpd-restart-hook create mode 100644 slp.reg.d.dhcp.reg create mode 100644 sysconfig.dhcpd create mode 100644 sysconfig.dhcrelay create mode 100644 sysconfig.syslog-dhcpd diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/0001-dhcp-4.1.1-default-paths.patch b/0001-dhcp-4.1.1-default-paths.patch new file mode 100644 index 0000000..0a57dd6 --- /dev/null +++ b/0001-dhcp-4.1.1-default-paths.patch @@ -0,0 +1,44 @@ +From b6ba495cc0b6f578a5cc444af39cab424f63d996 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 09:50:30 +0200 +Subject: [PATCH] dhcp-4.1.1-default-paths + +--- + includes/dhcpd.h | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/includes/dhcpd.h b/includes/dhcpd.h +index b0f73fb..5830bdb 100644 +--- a/includes/dhcpd.h ++++ b/includes/dhcpd.h +@@ -1420,11 +1420,11 @@ typedef unsigned char option_mask [16]; + #endif /* DEBUG */ + + #ifndef _PATH_DHCPD_DB +-#define _PATH_DHCPD_DB LOCALSTATEDIR"/db/dhcpd.leases" ++#define _PATH_DHCPD_DB LOCALSTATEDIR"/lib/dhcp/db/dhcpd.leases" + #endif + + #ifndef _PATH_DHCPD6_DB +-#define _PATH_DHCPD6_DB LOCALSTATEDIR"/db/dhcpd6.leases" ++#define _PATH_DHCPD6_DB LOCALSTATEDIR"/lib/dhcp6/db/dhcpd6.leases" + #endif + + #ifndef _PATH_DHCPD_PID +@@ -1454,11 +1454,11 @@ typedef unsigned char option_mask [16]; + #endif + + #ifndef _PATH_DHCLIENT_DB +-#define _PATH_DHCLIENT_DB LOCALSTATEDIR"/db/dhclient.leases" ++#define _PATH_DHCLIENT_DB LOCALSTATEDIR"/lib/dhcp/dhclient.leases" + #endif + + #ifndef _PATH_DHCLIENT6_DB +-#define _PATH_DHCLIENT6_DB LOCALSTATEDIR"/db/dhclient6.leases" ++#define _PATH_DHCLIENT6_DB LOCALSTATEDIR"/lib/dhcp6/dhclient6.leases" + #endif + + #ifndef _PATH_RESOLV_CONF +-- +1.8.4 + diff --git a/0002-dhcp-4.1.1-paranoia.patch b/0002-dhcp-4.1.1-paranoia.patch new file mode 100644 index 0000000..da6e426 --- /dev/null +++ b/0002-dhcp-4.1.1-paranoia.patch @@ -0,0 +1,75 @@ +From 1561b8cb9bacabc5e6064b84ba7a187bfb97d0ad Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 09:53:00 +0200 +Subject: [PATCH] dhcp-4.1.1-paranoia + +--- + server/dhcpd.c | 24 ++++++++++++++++++++---- + 1 file changed, 20 insertions(+), 4 deletions(-) + +diff --git a/server/dhcpd.c b/server/dhcpd.c +index 7dc7dd2..b4c1bef 100644 +--- a/server/dhcpd.c ++++ b/server/dhcpd.c +@@ -207,7 +207,11 @@ static void omapi_listener_start (void *foo) + #if defined (PARANOIA) + /* to be used in one of two possible scenarios */ + static void setup_chroot (char *chroot_dir) { +- if (geteuid()) ++ /* ++ ** getuid() instead of geteuid(), see ++ ** comment by thomas@suse.de bellow ++ */ ++ if (getuid()) + log_fatal ("you must be root to use chroot"); + + if (chroot(chroot_dir)) { +@@ -413,7 +417,7 @@ main(int argc, char **argv) { + log_fatal ("Insufficient memory to %s %s: %s", + "record interface", argv [i], + isc_result_totext (result)); +- strcpy (tmp -> name, argv [i]); ++ strncpy (tmp -> name, argv [i], sizeof(tmp->name)-1); + if (interfaces) { + interface_reference (&tmp -> next, + interfaces, MDL); +@@ -499,7 +503,15 @@ main(int argc, char **argv) { + if (set_user) { + struct passwd *tmp_pwd; + +- if (geteuid()) ++ /* ++ ** I query for the real UID and not for the effective UID ++ ** just to force the user to run this server as root and ++ ** not setting it suid. It should be a paranoia patch and ++ ** not a teletubbie patch. *eg* ++ ** Note: That the user is still able to set it suid! *zitter* ++ ** thomas@suse.de ++ */ ++ if (getuid()) + log_fatal ("you must be root to set user"); + + if (!(tmp_pwd = getpwnam(set_user))) +@@ -517,7 +529,10 @@ main(int argc, char **argv) { + #define group real_group + struct group *tmp_grp; + +- if (geteuid()) ++ /* ++ ** getuid() instead of geteuid(), see above ++ */ ++ if (getuid()) + log_fatal ("you must be root to set group"); + + if (!(tmp_grp = getgrnam(set_group))) +@@ -771,6 +786,7 @@ main(int argc, char **argv) { + /* change uid to the specified one */ + + if (set_gid) { ++ /* setgroups is done, OK */ + if (setgroups (0, (void *)0)) + log_fatal ("setgroups: %m"); + if (setgid (set_gid)) +-- +1.8.4 + diff --git a/0003-dhcp-4.2.2-man-includes.patch b/0003-dhcp-4.2.2-man-includes.patch new file mode 100644 index 0000000..d313625 --- /dev/null +++ b/0003-dhcp-4.2.2-man-includes.patch @@ -0,0 +1,41 @@ +From 3c393c65c158048f55017e48aedcc304c9ebd075 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 10:01:04 +0200 +Subject: [PATCH] dhcp-4.2.2-man-includes + +--- + dhcpctl/dhcpctl.3 | 4 ++-- + omapip/omapi.3 | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/dhcpctl/dhcpctl.3 b/dhcpctl/dhcpctl.3 +index ae42a71..d699f4a 100644 +--- a/dhcpctl/dhcpctl.3 ++++ b/dhcpctl/dhcpctl.3 +@@ -430,8 +430,8 @@ that most error checking has been omitted for brevity. + #include + #include + +-#include "omapip/result.h" +-#include "dhcpctl.h" ++#include ++#include + + int main (int argc, char **argv) { + dhcpctl_data_string ipaddrstring = NULL; +diff --git a/omapip/omapi.3 b/omapip/omapi.3 +index 8fa8105..a616fd3 100644 +--- a/omapip/omapi.3 ++++ b/omapip/omapi.3 +@@ -88,7 +88,7 @@ the lease ends. + #include + #include + +- #include ++ #include + #include + + int main (int argc, char **argv) { +-- +1.8.4 + diff --git a/0004-dhcp-4.1.1-tmpfile.patch b/0004-dhcp-4.1.1-tmpfile.patch new file mode 100644 index 0000000..91cced0 --- /dev/null +++ b/0004-dhcp-4.1.1-tmpfile.patch @@ -0,0 +1,37 @@ +From 70f2683580a88180238804546dd24a6a41427282 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 10:06:01 +0200 +Subject: [PATCH] dhcp-4.1.1-tmpfile + +Signed-off-by: Marius Tomaschewski + +diff --git a/server/db.c b/server/db.c +index 5238ed8..0c642ad 100644 +--- a/server/db.c ++++ b/server/db.c +@@ -1116,15 +1116,19 @@ int new_lease_file () + * either by malice or ignorance, we panic, since the potential + * for havoc is high. + */ +- if (snprintf (newfname, sizeof newfname, "%s.%d", +- path_dhcpd_db, (int)t) >= sizeof newfname) ++ if (snprintf (newfname, sizeof newfname, "%s.XXXXXX", ++ path_dhcpd_db) >= sizeof newfname) + log_fatal("new_lease_file: lease file path too long"); + +- db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664); ++ db_fd = mkstemp (newfname); + if (db_fd < 0) { + log_error ("Can't create new lease file: %m"); + return 0; + } ++ if (fchmod(db_fd, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) { ++ log_error ("Can't fchmod new lease file: %m"); ++ goto fail; ++ } + + #if defined (PARANOIA) + /* +-- +2.1.4 + diff --git a/0005-dhcp-4.1.1-dhclient-exec-filedes.patch b/0005-dhcp-4.1.1-dhclient-exec-filedes.patch new file mode 100644 index 0000000..5ff8511 --- /dev/null +++ b/0005-dhcp-4.1.1-dhclient-exec-filedes.patch @@ -0,0 +1,29 @@ +From 92a611b4b05ef420e81c2c78f8c1eb3b38c31627 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 10:28:04 +0200 +Subject: [PATCH] dhcp-4.1.1-dhclient-exec-filedes + +--- + client/dhclient.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/client/dhclient.c b/client/dhclient.c +index 52121be..203d3d1 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -3369,6 +3369,12 @@ int script_go (client) + */ + if (leaseFile != NULL) + fclose(leaseFile); ++ if ((i = open("/dev/null", O_RDWR)) != -1) { ++ dup2(i, STDIN_FILENO); ++ dup2(i, STDOUT_FILENO); ++ if (i > STDERR_FILENO) ++ close(i); ++ } + execve (scriptName, argv, envp); + log_error ("execve (%s, ...): %m", scriptName); + exit (0); +-- +1.8.4 + diff --git a/0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch b/0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch new file mode 100644 index 0000000..b8730f4 --- /dev/null +++ b/0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch @@ -0,0 +1,128 @@ +From ec55fe43e597e5ea0f8dff5b8edef091c0911801 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 10:49:07 +0200 +Subject: [PATCH] dhcp-4.3.2-dhclient-send-hostname-or-fqdn + +Signed-off-by: Marius Tomaschewski + +Index: dhcp-4.4.2/client/dhclient.8 +=================================================================== +--- dhcp-4.4.2.orig/client/dhclient.8 ++++ dhcp-4.4.2/client/dhclient.8 +@@ -73,6 +73,10 @@ dhclient - Dynamic Host Configuration Pr + .I LL|LLT + ] + [ ++.B -H ++.I hostname ++] ++[ + .B -p + .I port-number + ] +@@ -353,6 +357,11 @@ transmits these messages to 255.255.255. + address). Overriding this is mostly useful for debugging purposes. This + feature is not supported in DHCPv6 (\fB-6\fR) mode. + .TP ++.BI \-H \ hostname ++This flag may be used to specify a client hostname that should be sent to ++the DHCP server as host-name (ipv4 only) or fqdn to perform dns update. ++Note, that this option is a SUSE/Novell extension. ++.TP + .BI \-g \ relay + .\" mockup relay + Set the giaddr field of all packets to the \fIrelay\fR IP address +Index: dhcp-4.4.2/client/dhclient.c +=================================================================== +--- dhcp-4.4.2.orig/client/dhclient.c ++++ dhcp-4.4.2/client/dhclient.c +@@ -185,6 +185,7 @@ static const char use_v6command[] = "Com + #endif + + #define DHCLIENT_USAGEC \ ++" [-H hostname]\n" \ + " [-s server-addr] [-cf config-file]\n" \ + " [-df duid-file] [-lf lease-file]\n" \ + " [-pf pid-file] [--no-pid] [-e VAR=val]\n" \ +@@ -235,6 +236,7 @@ main(int argc, char **argv) { + int no_dhclient_db = 0; + int no_dhclient_pid = 0; + int no_dhclient_script = 0; ++ char *dhclient_hostname = NULL; + #ifdef DHCPv6 + int local_family_set = 0; + #ifdef DHCP4o6 +@@ -434,6 +436,24 @@ main(int argc, char **argv) { + if (++i == argc) + usage(use_noarg, argv[i-1]); + mockup_relay = argv[i]; ++ } else if (!strcmp (argv[i], "-H")) { ++ size_t len; ++ if (++i == argc || !argv[i] || *(argv[i]) == '\0') ++ usage(use_noarg, argv[i-1]); ++ len = strlen (argv[i]); ++ if (len > HOST_NAME_MAX) { ++ log_error("-H option hostname string \"%s\" is too long:" ++ "maximum length is %d characters", ++ argv[i], HOST_NAME_MAX); ++ exit(1); ++ } else if(check_domain_name(argv[i], len, ++ local_family == AF_INET6 ? 1 : 0) != 0) { ++ log_error("suspect %s in -H option: \"%s\"", ++ local_family == AF_INET6 ? "fqdn" : "hostname", ++ argv[i]); ++ exit(1); ++ } ++ dhclient_hostname = argv [i]; + } else if (!strcmp(argv[i], "-nw")) { + nowait = 1; + } else if (!strcmp(argv[i], "-n")) { +@@ -759,6 +779,48 @@ main(int argc, char **argv) { + /* Parse the dhclient.conf file. */ + read_client_conf(); + ++ /* If the user specified a hostname, send it here and now */ ++ if ((dhclient_hostname != NULL) && (*dhclient_hostname != '\0') ) { ++ struct parse *cfile = NULL; ++ char buf[1024] = {'\0'}; ++ int len; ++ ++ if (strchr(dhclient_hostname, '.')) { ++ len = strlen(dhclient_hostname); ++ snprintf (buf, sizeof(buf), ++ "send fqdn.fqdn \"%s%s\";\n" ++ "send fqdn.encoded on;\n" ++ "send fqdn.server-update on;\n" ++ "also request %s;\n", ++ dhclient_hostname, ++ dhclient_hostname[len - 1] == '.' ? "" : ".", ++ local_family == AF_INET6 ? "dhcp6.fqdn" : "fqdn"); ++ } else if (local_family == AF_INET) { ++ snprintf (buf, sizeof(buf), ++ "send host-name \"%s\";", ++ dhclient_hostname); ++ } ++ if ((len = strlen(buf))) { ++ status = new_parse (&cfile, -1, buf, len, ++ "hostname update options", 0); ++ if (status != ISC_R_SUCCESS) ++ log_fatal ("Cannot parse send host-name statement!"); ++ ++ for (;;) { ++ const char *val = NULL; ++ int token; ++ ++ token = peek_token (&val, (unsigned *)0, cfile); ++ if (token == END_OF_FILE) ++ break; ++ ++ parse_client_statement (cfile, NULL, ++ &top_level_config); ++ } ++ end_parse (&cfile); ++ } ++ } ++ + /* Parse the lease database. */ + read_client_leases(); + diff --git a/0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch b/0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch new file mode 100644 index 0000000..e9a6003 --- /dev/null +++ b/0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch @@ -0,0 +1,26 @@ +From a9d31f9f8356fba3fc49ead5afdfd8cca5a4a535 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Tue, 12 Jun 2012 08:54:23 +0200 +Subject: [PATCH] dhcp-4.1.1-P1-lpf-bind-msg-fix +References: bnc#617795 + +--- + common/lpf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/common/lpf.c b/common/lpf.c +index 44f5f54..82c8b76 100644 +--- a/common/lpf.c ++++ b/common/lpf.c +@@ -94,7 +94,7 @@ int if_register_lpf (info) + if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || + errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || + errno == EAFNOSUPPORT || errno == EINVAL) { +- log_error ("socket: %m - make sure"); ++ log_error ("bind: %m - make sure"); + log_error ("CONFIG_PACKET (Packet socket) %s", + "and CONFIG_FILTER"); + log_error ("(Socket Filtering) are enabled %s", +-- +1.8.4 + diff --git a/0008-dhcp-4.2.2-dhclient-option-checks.patch b/0008-dhcp-4.2.2-dhclient-option-checks.patch new file mode 100644 index 0000000..12b0d0d --- /dev/null +++ b/0008-dhcp-4.2.2-dhclient-option-checks.patch @@ -0,0 +1,58 @@ +From 48c1bbb9cbd6d6e71178e82fd45a7409efbb9d72 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Wed, 27 Apr 2011 13:56:47 +0200 +Subject: [PATCH] dhcp-4.2.2-dhclient-option-checks +References: bnc#643845 + +--- + client/dhclient.c | 6 +++--- + common/options.c | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/client/dhclient.c b/client/dhclient.c +index b7a14fe..19a527b 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -3301,7 +3301,7 @@ void script_write_params (client, prefix, lease) + } else { + log_error("suspect value in %s " + "option - discarded", +- lease->filename); ++ "filename"); + } + } + +@@ -3314,7 +3314,7 @@ void script_write_params (client, prefix, lease) + } else { + log_error("suspect value in %s " + "option - discarded", +- lease->server_name); ++ "server-name"); + } + } + +@@ -4283,7 +4283,7 @@ static int check_domain_name(const char *ptr, size_t len, int dots) + const char *p; + + /* not empty or complete length not over 255 characters */ +- if ((len == 0) || (len > 256)) ++ if ((len == 0) || (len >= 256)) + return(-1); + + /* consists of [[:alnum:]-]+ labels separated by [.] */ +diff --git a/common/options.c b/common/options.c +index 56bb151..be44a70 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -3979,7 +3979,7 @@ pretty_escape(char **dst, char *dend, const unsigned char **src, + } + } else if (**src == '"' || **src == '\'' || **src == '$' || + **src == '`' || **src == '\\' || **src == '|' || +- **src == '&') { ++ **src == '&' || **src == ';') { + if (*dst + 2 > dend) + return -1; + +-- +1.8.4 + diff --git a/0009-dhcp-4.2.6-close-on-exec.patch b/0009-dhcp-4.2.6-close-on-exec.patch new file mode 100644 index 0000000..3e6450a --- /dev/null +++ b/0009-dhcp-4.2.6-close-on-exec.patch @@ -0,0 +1,272 @@ +From ecb183516cf0b51ebf0a02f3b46248479fa51e43 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 14:09:06 +0200 +Subject: [PATCH] dhcp-4.2.6-close-on-exec + +Merged fixed close-on-exec patch (bnc#732910) + +References: bnc#732910 +Signed-off-by: Marius Tomaschewski + +Index: client/clparse.c +=================================================================== +--- client/clparse.c.orig ++++ client/clparse.c +@@ -265,7 +265,7 @@ int read_client_conf_file (const char *n + int token; + isc_result_t status; + +- if ((file = open (name, O_RDONLY)) < 0) ++ if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0) + return uerr2isc (errno); + + cfile = NULL; +@@ -341,7 +341,7 @@ void read_client_leases () + + /* Open the lease file. If we can't open it, just return - + we can safely trust the server to remember our state. */ +- if ((file = open (path_dhclient_db, O_RDONLY)) < 0) ++ if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0) + return; + + cfile = NULL; +Index: client/dhclient.c +=================================================================== +--- client/dhclient.c.orig ++++ client/dhclient.c +@@ -683,7 +683,7 @@ main(int argc, char **argv) { + long temp; + int e; + +- if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) { ++ if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) { + e = fscanf(pidfd, "%ld\n", &temp); + oldpid = (pid_t)temp; + +@@ -3642,7 +3642,7 @@ void rewrite_client_leases () + + if (leaseFile != NULL) + fclose (leaseFile); +- leaseFile = fopen (path_dhclient_db, "w"); ++ leaseFile = fopen (path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error ("can't create %s: %m", path_dhclient_db); + return; +@@ -3837,7 +3837,7 @@ write_duid(struct data_string *duid) + return DHCP_R_INVALIDARG; + + if (leaseFile == NULL) { /* XXX? */ +- leaseFile = fopen(path_dhclient_db, "w"); ++ leaseFile = fopen(path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error("can't create %s: %m", path_dhclient_db); + return ISC_R_IOERROR; +@@ -3882,7 +3882,7 @@ write_client6_lease(struct client_state + return DHCP_R_INVALIDARG; + + if (leaseFile == NULL) { /* XXX? */ +- leaseFile = fopen(path_dhclient_db, "w"); ++ leaseFile = fopen(path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error("can't create %s: %m", path_dhclient_db); + return ISC_R_IOERROR; +@@ -4041,7 +4041,7 @@ int write_client_lease (client, lease, r + return 1; + + if (leaseFile == NULL) { /* XXX */ +- leaseFile = fopen (path_dhclient_db, "w"); ++ leaseFile = fopen (path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error ("can't create %s: %m", path_dhclient_db); + return 0; +Index: common/bpf.c +=================================================================== +--- common/bpf.c.orig ++++ common/bpf.c +@@ -94,7 +94,7 @@ int if_register_bpf (info) + for (b = 0; 1; b++) { + /* %Audit% 31 bytes max. %2004.06.17,Safe% */ + sprintf(filename, BPF_FORMAT, b); +- sock = open (filename, O_RDWR, 0); ++ sock = open (filename, O_RDWR | O_CLOEXEC, 0); + if (sock < 0) { + if (errno == EBUSY) { + continue; +Index: common/dlpi.c +=================================================================== +--- common/dlpi.c.orig ++++ common/dlpi.c +@@ -817,7 +817,7 @@ dlpiopen(const char *ifname) { + } + *dp = '\0'; + +- return open (devname, O_RDWR, 0); ++ return open (devname, O_RDWR | O_CLOEXEC, 0); + } + + /* +Index: common/nit.c +=================================================================== +--- common/nit.c.orig ++++ common/nit.c +@@ -75,7 +75,7 @@ int if_register_nit (info) + struct strioctl sio; + + /* Open a NIT device */ +- sock = open ("/dev/nit", O_RDWR); ++ sock = open ("/dev/nit", O_RDWR | O_CLOEXEC); + if (sock < 0) + log_fatal ("Can't open NIT device for %s: %m", info -> name); + +Index: common/resolv.c +=================================================================== +--- common/resolv.c.orig ++++ common/resolv.c +@@ -43,7 +43,7 @@ void read_resolv_conf (parse_time) + struct domain_search_list *dp, *dl, *nd; + isc_result_t status; + +- if ((file = open (path_resolv_conf, O_RDONLY)) < 0) { ++ if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) { + log_error ("Can't open %s: %m", path_resolv_conf); + return; + } +Index: common/upf.c +=================================================================== +--- common/upf.c.orig ++++ common/upf.c +@@ -71,7 +71,7 @@ int if_register_upf (info) + /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ + sprintf(filename, "/dev/pf/pfilt%d", b); + +- sock = open (filename, O_RDWR, 0); ++ sock = open (filename, O_RDWR | O_CLOEXEC, 0); + if (sock < 0) { + if (errno == EBUSY) { + continue; +Index: omapip/trace.c +=================================================================== +--- omapip/trace.c.orig ++++ omapip/trace.c +@@ -136,10 +136,10 @@ isc_result_t trace_begin (const char *fi + return DHCP_R_INVALIDARG; + } + +- traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600); ++ traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600); + if (traceoutfile < 0 && errno == EEXIST) { + log_error ("WARNING: Overwriting trace file \"%s\"", filename); +- traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC, ++ traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC | O_CLOEXEC, + 0600); + } + +@@ -427,7 +427,7 @@ void trace_file_replay (const char *file + isc_result_t result; + int len; + +- traceinfile = fopen (filename, "r"); ++ traceinfile = fopen (filename, "re"); + if (!traceinfile) { + log_error("Can't open tracefile %s: %m", filename); + return; +Index: relay/dhcrelay.c +=================================================================== +--- relay/dhcrelay.c.orig ++++ relay/dhcrelay.c +@@ -783,13 +783,14 @@ main(int argc, char **argv) { + /* Create the pid file. */ + if (no_pid_file == ISC_FALSE) { + pfdesc = open(path_dhcrelay_pid, +- O_CREAT | O_TRUNC | O_WRONLY, 0644); ++ O_CREAT | O_TRUNC | O_WRONLY | ++ O_CLOEXEC, 0644); + + if (pfdesc < 0) { + log_error("Can't create %s: %m", + path_dhcrelay_pid); + } else { +- pf = fdopen(pfdesc, "w"); ++ pf = fdopen(pfdesc, "we"); + if (!pf) + log_error("Can't fdopen %s: %m", + path_dhcrelay_pid); +Index: server/confpars.c +=================================================================== +--- server/confpars.c.orig ++++ server/confpars.c +@@ -118,7 +118,7 @@ isc_result_t read_conf_file (const char + } + #endif + +- if ((file = open (filename, O_RDONLY)) < 0) { ++ if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) { + if (leasep) { + log_error ("Can't open lease database %s: %m --", + path_dhcpd_db); +Index: server/db.c +=================================================================== +--- server/db.c.orig ++++ server/db.c +@@ -1105,7 +1105,7 @@ void db_startup (int test_mode) + * Therefore, in test mode we need to point db_file to a disposable + * file to protect the original lease file. */ + current_db_path = (test_mode ? "/dev/null" : path_dhcpd_db); +- db_file = fopen (current_db_path, "a"); ++ db_file = fopen (current_db_path, "ae"); + if (!db_file) { + log_fatal ("Can't open %s for append.", current_db_path); + } +@@ -1154,7 +1154,7 @@ int new_lease_file (int test_mode) + path_dhcpd_db) >= sizeof newfname) + log_fatal("new_lease_file: lease file path too long"); + +- db_fd = mkstemp (newfname); ++ db_fd = mkostemp (newfname, O_CLOEXEC); + if (db_fd < 0) { + log_error ("Can't create new lease file: %m"); + return 0; +@@ -1179,7 +1179,7 @@ int new_lease_file (int test_mode) + } + #endif /* PARANOIA */ + +- if ((new_db_file = fdopen(db_fd, "w")) == NULL) { ++ if ((new_db_file = fdopen(db_fd, "we")) == NULL) { + log_error("Can't fdopen new lease file: %m"); + close(db_fd); + goto fdfail; +Index: server/dhcpd.c +=================================================================== +--- server/dhcpd.c.orig ++++ server/dhcpd.c +@@ -880,7 +880,7 @@ main(int argc, char **argv) { + */ + if ((lftest == 0) && (no_pid_file == ISC_FALSE)) { + /*Read previous pid file. */ +- if ((i = open(path_dhcpd_pid, O_RDONLY)) >= 0) { ++ if ((i = open(path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) { + status = read(i, pbuf, (sizeof pbuf) - 1); + close(i); + if (status > 0) { +@@ -990,7 +990,7 @@ main(int argc, char **argv) { + * appropriate. + */ + if (no_pid_file == ISC_FALSE) { +- i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644); ++ i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); + if (i >= 0) { + sprintf(pbuf, "%d\n", (int) getpid()); + IGNORE_RET(write(i, pbuf, strlen(pbuf))); +Index: server/ldap.c +=================================================================== +--- server/ldap.c.orig ++++ server/ldap.c +@@ -1447,7 +1447,7 @@ ldap_start (void) + + if (ldap_debug_file != NULL && ldap_debug_fd == -1) + { +- if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY, ++ if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, + S_IRUSR | S_IWUSR)) < 0) + log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, + strerror (errno)); diff --git a/0010-dhcp-4.2.2-quiet-dhclient.patch b/0010-dhcp-4.2.2-quiet-dhclient.patch new file mode 100644 index 0000000..d619812 --- /dev/null +++ b/0010-dhcp-4.2.2-quiet-dhclient.patch @@ -0,0 +1,27 @@ +From 61b4b713b630febf170c58c9ebbba2e01bb28eff Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Thu, 18 Aug 2011 15:09:01 +0200 +Subject: [PATCH] dhcp-4.2.2-quiet-dhclient +References: bnc#711420 + +--- + client/dhclient.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/client/dhclient.c b/client/dhclient.c +index dbc6f38..65d9eeb 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -451,6 +451,9 @@ main(int argc, char **argv) { + } else { + log_perror = 0; + quiet_interface_discovery = 1; ++#if !defined(DEBUG) ++ setlogmask(LOG_UPTO(LOG_NOTICE)); ++#endif + } + + /* If we're given a relay agent address to insert, for testing +-- +1.8.4 + diff --git a/0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch b/0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch new file mode 100644 index 0000000..8e81885 --- /dev/null +++ b/0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch @@ -0,0 +1,38 @@ +From 34e6100717f3de5a32ccb3234a949d017f789fdb Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Tue, 10 Jun 2014 02:42:32 +0000 +Subject: [PATCH] dhcp-4.2.x-chown-server-leases.bnc868253 + +Fixed dhcp server to chown leases to run user at start + +References: bnc#868253 +Signed-off-by: Marius Tomaschewski + +diff --git a/server/dhcpd.c b/server/dhcpd.c +index afef390..0f5c640 100644 +--- a/server/dhcpd.c ++++ b/server/dhcpd.c +@@ -770,8 +770,19 @@ main(int argc, char **argv) { + } + + #if defined (PARANOIA) +- /* change uid to the specified one */ ++ /* ensure, the leases db is owned by the run user/group */ ++ if (set_gid || set_uid) { ++ char backfname[512]; ++ ++ chown(path_dhcpd_db, set_uid ? set_uid : -1, ++ set_gid ? set_gid : -1); + ++ snprintf (backfname, sizeof backfname, "%s~", path_dhcpd_db); ++ chown(backfname, set_uid ? set_uid : -1, ++ set_gid ? set_gid : -1); ++ } ++ ++ /* change uid to the specified one */ + if (set_gid) { + /* setgroups is done, OK */ + if (setgroups (0, (void *)0)) +-- +2.1.4 + diff --git a/0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch b/0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch new file mode 100644 index 0000000..febe880 --- /dev/null +++ b/0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch @@ -0,0 +1,68 @@ +From 9267da086dcbb39509eae05d1d60ba37596a3f89 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Wed, 29 Apr 2015 11:18:36 +0200 +Subject: dhclient6: unsigned lifetimes for script (bsc#926159) + +Address/IA lifetimes are all unsigned, don't turn into signed +(negative e.g. in infinite case) when passing them to scripts +and format timestamps as long to not break them on 64bit archs. + +References: bsc#926159 + +--- client/dhc6.c.orig ++++ client/dhc6.c +@@ -4344,8 +4344,8 @@ dhc6_marshall_values(const char *prefix, + client_envadd(client, prefix, + "ip6_type", "temporary"); + } +- client_envadd(client, prefix, "life_starts", "%d", +- (int)(addr->starts)); ++ client_envadd(client, prefix, "life_starts", "%ld", ++ (long)(addr->starts)); + client_envadd(client, prefix, "preferred_life", "%u", + addr->preferred_life); + client_envadd(client, prefix, "max_life", "%u", +@@ -4356,8 +4356,8 @@ dhc6_marshall_values(const char *prefix, + if (ia != NULL) { + client_envadd(client, prefix, "iaid", "%s", + print_hex_1(4, ia->iaid, 12)); +- client_envadd(client, prefix, "starts", "%d", +- (int)(ia->starts)); ++ client_envadd(client, prefix, "starts", "%ld", ++ (long)(ia->starts)); + client_envadd(client, prefix, "renew", "%u", ia->renew); + client_envadd(client, prefix, "rebind", "%u", ia->rebind); + } +--- client/dhclient.c.orig ++++ client/dhclient.c +@@ -3708,13 +3708,13 @@ write_client6_lease(struct client_state + return ISC_R_IOERROR; + + if (ia->ia_type != D6O_IA_TA) +- stat = fprintf(leaseFile, " starts %d;\n" ++ stat = fprintf(leaseFile, " starts %ld;\n" + " renew %u;\n" + " rebind %u;\n", +- (int)ia->starts, ia->renew, ia->rebind); ++ (long)ia->starts, ia->renew, ia->rebind); + else +- stat = fprintf(leaseFile, " starts %d;\n", +- (int)ia->starts); ++ stat = fprintf(leaseFile, " starts %ld;\n", ++ (long)ia->starts); + if (stat <= 0) + return ISC_R_IOERROR; + +@@ -3731,10 +3731,10 @@ write_client6_lease(struct client_state + if (stat <= 0) + return ISC_R_IOERROR; + +- stat = fprintf(leaseFile, " starts %d;\n" ++ stat = fprintf(leaseFile, " starts %ld;\n" + " preferred-life %u;\n" + " max-life %u;\n", +- (int)addr->starts, addr->preferred_life, ++ (long)addr->starts, addr->preferred_life, + addr->max_life); + if (stat <= 0) + return ISC_R_IOERROR; diff --git a/0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch b/0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch new file mode 100644 index 0000000..f2383b9 --- /dev/null +++ b/0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch @@ -0,0 +1,69 @@ +From 5fd4d0595760acd3e4c2524c9747dc5c0042e173 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Fri, 29 May 2015 13:56:58 +0200 +Subject: Expose next-server DHCPv4 option to dhclient script + +Currently dhclient does not exposes next-server option +to the dhclient script. this patch fixes this. + +Signed-off-by: Tomas Hozza +References: bsc#928390 + +diff --git a/client/dhclient.c b/client/dhclient.c +index 4d7394d..0c77ae2 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -1104,7 +1104,7 @@ void state_selecting (cpp) + client -> state = S_REQUESTING; + + /* Bind to the address we received. */ +- bind_lease (client); ++ bind_lease (client, NULL); + return; + } + +@@ -1294,11 +1294,12 @@ void dhcpack (packet) + if (client -> new -> rebind < cur_time) + client -> new -> rebind = TIME_MAX; + +- bind_lease (client); ++ bind_lease (client, &packet -> raw -> siaddr); + } + +-void bind_lease (client) ++void bind_lease (client, siaddr) + struct client_state *client; ++ struct in_addr *siaddr; + { + struct timeval tv; + +@@ -1318,6 +1319,13 @@ void bind_lease (client) + if (client->alias) + script_write_params(client, "alias_", client->alias); + ++ if (siaddr) { ++ char buf[INET_ADDRSTRLEN]; ++ ++ if (inet_ntop (AF_INET, (void *) siaddr, buf, sizeof (buf))) ++ client_envadd (client, "new_", "next_server", "%s", buf); ++ } ++ + /* If the BOUND/RENEW code detects another machine using the + offered address, it exits nonzero. We need to send a + DHCPDECLINE and toss the lease. */ +diff --git a/includes/dhcpd.h b/includes/dhcpd.h +index 86d0afe..f0f4b20 100644 +--- a/includes/dhcpd.h ++++ b/includes/dhcpd.h +@@ -2891,7 +2891,7 @@ void state_bound (void *); + void state_stop (void *); + void state_panic (void *); + +-void bind_lease (struct client_state *); ++void bind_lease (struct client_state *, struct in_addr *); + + void make_client_options (struct client_state *, + struct client_lease *, u_int8_t *, +-- +2.1.4 + diff --git a/0016-infiniband-support.patch b/0016-infiniband-support.patch new file mode 100644 index 0000000..cc8a1ea --- /dev/null +++ b/0016-infiniband-support.patch @@ -0,0 +1,1115 @@ +References: bnc#870535,bsc#909189,bsc#910984 + +From 92250da05c2e4e3f1f60d627b52fe3f4f14828d3 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Mon, 14 Sep 2015 13:42:34 +0200 +Subject: [PATCH] infiniband-support + +Squashed rework based on the following commits: + +commit 8f5918fa4319fc8173ca6e75d6e2ab8c379e980d +Author: Marius Tomaschewski +Date: Mon Sep 14 12:26:12 2015 +0200 + + dhcp 4.3.3 ip over ib support fixes (bsc#910984) + + - verify client-identifier in responses as defined by RFC6864 + - generate RFC4361 client-identifier for infiniband as required by + RFC4390; config file can still override it using send statement. + - fixed to set the ib hwaddr and guard copying/compares to chaddr; + it is used for client-identifier, improved xid and other things. + - fixed lpf send_packet to not break unicast on fallback socket. + +commit 3173fd96fe8873f7924f8b5c3f2a6a34ebe1c90c +Author: root +Date: Tue Mar 25 23:30:18 2014 +0200 + + dhcp 4.3.2 improved xid + + References: bnc#870535 + +commit 7e27105baa2a86469efa17fe70667baa8bcc627f +Author: Jiri Slaby +Date: Wed Dec 10 13:48:03 2014 +0100 + + dhcp-4.2.x-handle-ifa_addr-NULL.909189 + + Fix to not crash in interface discovery when the interface + address is NULL. Bug has been introduced by the infiniband + support patch (bsc#870535). + + References: bsc#909189,bnc#870535 + +commit 7818a340f84c0fe3c750baa721fb4221e2e2d443 +Author: root +Date: Tue Mar 25 23:15:58 2014 +0200 + + dhcp 4.3.2 lpf ip over ib support + + References: bnc#870535 + + +Index: client/dhclient.c +=================================================================== +--- client/dhclient.c.orig ++++ client/dhclient.c +@@ -76,6 +76,40 @@ int decline_wait_time = 10; /* Default t + assert (state_is == state_shouldbe). */ + #define ASSERT_STATE(state_is, state_shouldbe) {} + ++static void form_interface_duid(struct data_string *duid, struct interface_info *ip, const char *file, int line); ++ ++static int check_client_identifier(struct option_state *packet_options, struct option_state *client_options) ++{ ++ struct option_cache *client_oc; ++ struct option_cache *packet_oc; ++ ++ /* RFC6864 check: ++ * ++ * When a client receives a DHCP message containing a 'client ++ * identifier' option, the client MUST compare that client ++ * identifier to the one it is configured to send. ++ * If the two client identifiers do not match, the client MUST ++ * silently discard the message. ++ */ ++ ++ /* no identifier received: not RFC6864 server ... */ ++ if (!packet_options || !(packet_oc = lookup_option(&dhcp_universe, packet_options, ++ DHO_DHCP_CLIENT_IDENTIFIER))) ++ return 1; ++ ++ /* client does not remember them in some cases ... */ ++ if (!client_options || !(client_oc = lookup_option(&dhcp_universe, client_options, ++ DHO_DHCP_CLIENT_IDENTIFIER))) ++ return 1; ++ ++ /* when we've sent one, the identifiers MUST match */ ++ if (client_oc->data.len != packet_oc->data.len || ++ memcmp(client_oc->data.data, packet_oc->data.data, client_oc->data.len)) ++ return -1; ++ ++ return 0; ++} ++ + #ifndef UNIT_TEST + static const char copyright[] = "Copyright 2004-2021 Internet Systems Consortium."; + static const char arr [] = "All rights reserved."; +@@ -885,6 +919,26 @@ main(int argc, char **argv) { + } + } + ++ /* We create a backup seed before rediscovering interfaces in order to ++ have a seed built using all of the available interfaces ++ It's interesting if required interfaces doesn't let us defined ++ a really unique seed due to a lack of valid HW addr later ++ (this is the case with DHCP over IB) ++ We only use the last device as using a sum could broke the ++ uniqueness of the seed among multiple nodes ++ */ ++ unsigned backup_seed = 0; ++ for (ip = interfaces; ip; ip = ip -> next) { ++ int junk; ++ if ( ip -> hw_address.hlen <= sizeof seed ) ++ continue; ++ memcpy (&junk, ++ &ip -> hw_address.hbuf [ip -> hw_address.hlen - ++ sizeof seed], sizeof seed); ++ backup_seed = junk; ++ } ++ ++ + /* At this point, all the interfaces that the script thinks + are relevant should be running, so now we once again call + discover_interfaces(), and this time ask it to actually set +@@ -899,19 +953,42 @@ main(int argc, char **argv) { + Not much entropy, but we're booting, so we're not likely to + find anything better. */ + seed = 0; ++ int seed_flag = 0; + for (ip = interfaces; ip; ip = ip->next) { + int junk; ++ if (ip->hw_address.hlen <= sizeof seed) ++ continue; + memcpy(&junk, + &ip->hw_address.hbuf[ip->hw_address.hlen - + sizeof seed], sizeof seed); + seed += junk; ++ seed_flag = 1; + } +- srandom(seed + cur_time + (unsigned)getpid()); ++ if ( seed_flag == 0 ) { ++ if ( backup_seed != 0 ) { ++ seed = backup_seed; ++ log_info ("xid: rand init seed (0x%x) built using all" ++ " available interfaces",seed); ++ } ++ else { ++ seed = cur_time^((unsigned) gethostid()) ; ++ log_info ("xid: warning: no netdev with useable HWADDR found" ++ " for seed's uniqueness enforcement"); ++ log_info ("xid: rand init seed (0x%x) built using gethostid", ++ seed); ++ } ++ /* we only use seed and no current time as a broadcast reply */ ++ /* will certainly be used by the hwaddrless interface */ ++ srandom(seed); ++ } ++ else ++ srandom(seed + cur_time + (unsigned)getpid()); + + + /* + * Establish a default DUID. We always do so for v6 and +- * do so if desired for v4 via the -D or -i options ++ * do so if desired for v4 via the -D or -i options or ++ * when an infiniband interface is involved. + */ + if ((local_family == AF_INET6) || + ((local_family == AF_INET) && (duid_v4 == 1))) { +@@ -922,6 +999,20 @@ main(int argc, char **argv) { + form_duid(&default_duid, MDL); + write_duid(&default_duid); + } ++ } else { ++ for (ip = interfaces; ip; ip = ip->next) { ++ if (!ip->client || ip->hw_address.hbuf[0] != HTYPE_INFINIBAND) ++ continue; ++ ++ if (default_duid.len == 0) { ++ if (default_duid.buffer != NULL) ++ data_string_forget(&default_duid, MDL); ++ ++ form_duid(&default_duid, MDL); ++ write_duid(&default_duid); ++ break; ++ } ++ } + } + + #if defined(DHCPv6) && defined(DHCP4o6) +@@ -1411,15 +1502,22 @@ void dhcpack (packet) + if (client -> xid == packet -> raw -> xid) + break; + } +- if (!client || +- (packet -> interface -> hw_address.hlen - 1 != +- packet -> raw -> hlen) || +- (memcmp (&packet -> interface -> hw_address.hbuf [1], +- packet -> raw -> chaddr, packet -> raw -> hlen))) { ++ ++ if (!client || (packet -> raw -> hlen && ++ ((packet -> interface -> hw_address.hlen - 1 != ++ packet -> raw -> hlen) || ++ (memcmp (&packet -> interface -> hw_address.hbuf [1], ++ packet -> raw -> chaddr, packet -> raw -> hlen))))) { + #if defined (DEBUG) + log_debug ("DHCPACK in wrong transaction."); + #endif + return; ++ } else ++ if (check_client_identifier(packet->options, client->sent_options) < 0) { ++#if defined (DEBUG) ++ log_debug ("response client identifier does not match ours"); ++#endif ++ return; + } + + if (client -> state != S_REBOOTING && +@@ -1432,9 +1530,10 @@ void dhcpack (packet) + return; + } + +- log_info ("DHCPACK of %s from %s", ++ log_info ("DHCPACK of %s from %s (xid=0x%x)", + inet_ntoa(packet->raw->yiaddr), +- piaddr (packet->client_addr)); ++ piaddr (packet->client_addr), ++ client -> xid); + + lease = packet_to_lease (packet, client); + if (!lease) { +@@ -2101,15 +2200,21 @@ void dhcpoffer (packet) + /* If we're not receptive to an offer right now, or if the offer + has an unrecognizable transaction id, then just drop it. */ + if (!client || +- client -> state != S_SELECTING || +- (packet -> interface -> hw_address.hlen - 1 != +- packet -> raw -> hlen) || +- (memcmp (&packet -> interface -> hw_address.hbuf [1], +- packet -> raw -> chaddr, packet -> raw -> hlen))) { ++ client -> state != S_SELECTING || (packet -> raw -> hlen && ++ ((packet -> interface -> hw_address.hlen - 1 != ++ packet -> raw -> hlen) || ++ (memcmp (&packet -> interface -> hw_address.hbuf [1], ++ packet -> raw -> chaddr, packet -> raw -> hlen))))) { + #if defined (DEBUG) + log_debug ("%s in wrong transaction.", name); + #endif + return; ++ } else ++ if (check_client_identifier(packet->options, client->sent_options) < 0) { ++#if defined (DEBUG) ++ log_debug ("response client identifier does not match ours"); ++#endif ++ return; + } + + sprintf (obuf, "%s of %s from %s", name, +@@ -2350,11 +2455,11 @@ void dhcpnak (packet) + + /* If we're not receptive to an offer right now, or if the offer + has an unrecognizable transaction id, then just drop it. */ +- if (!client || +- (packet -> interface -> hw_address.hlen - 1 != +- packet -> raw -> hlen) || +- (memcmp (&packet -> interface -> hw_address.hbuf [1], +- packet -> raw -> chaddr, packet -> raw -> hlen))) { ++ if (!client || (packet -> raw -> hlen && ++ ((packet -> interface -> hw_address.hlen - 1 != ++ packet -> raw -> hlen) || ++ (memcmp (&packet -> interface -> hw_address.hbuf [1], ++ packet -> raw -> chaddr, packet -> raw -> hlen))))) { + #if defined (DEBUG) + log_debug ("DHCPNAK in wrong transaction."); + #endif +@@ -2369,9 +2474,15 @@ void dhcpnak (packet) + log_debug ("DHCPNAK in wrong state."); + #endif + return; ++ } else ++ if (check_client_identifier(packet->options, client->sent_options) < 0) { ++#if defined (DEBUG) ++ log_debug ("response client identifier does not match ours"); ++#endif ++ return; + } + +- log_info ("DHCPNAK from %s", piaddr (packet -> client_addr)); ++ log_info ("DHCPNAK from %s (xid=0x%x)", piaddr (packet -> client_addr), client -> xid); + + if (!client -> active) { + #if defined (DEBUG) +@@ -2504,11 +2615,11 @@ void send_discover (cpp) + (long)(client -> interval)); + } else + #endif +- log_info ("DHCPDISCOVER on %s to %s port %d interval %ld", +- client -> name ? client -> name : client -> interface -> name, +- inet_ntoa (sockaddr_broadcast.sin_addr), +- ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval)); +- ++ log_info ("DHCPDISCOVER on %s to %s port %d interval %ld (xid=0x%x)", ++ client -> name ? client -> name : client -> interface -> name, ++ inet_ntoa (sockaddr_broadcast.sin_addr), ++ ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval), client -> xid); ++ + /* Send out a packet. */ + #if defined(DHCPv6) && defined(DHCP4o6) + if (dhcpv4_over_dhcpv6) { +@@ -2901,10 +3012,12 @@ void send_request (cpp) + } + + strncpy(rip_buf, rip_str, sizeof(rip_buf)-1); +- log_info ("DHCPREQUEST for %s on %s to %s port %d", rip_buf, ++ log_info ("DHCPREQUEST for %s on %s to %s port %d (xid=0x%x)", rip_buf, + client->name ? client->name : client->interface->name, + inet_ntoa(destination.sin_addr), +- ntohs (destination.sin_port)); ++ ntohs (destination.sin_port), ++ client -> xid ++ ); + + #if defined(DHCPv6) && defined(DHCP4o6) + if (dhcpv4_over_dhcpv6) { +@@ -2961,11 +3074,11 @@ void send_decline (cpp) + log_info ("DHCPDECLINE"); + } else + #endif +- log_info ("DHCPDECLINE of %s on %s to %s port %d", ++ log_info ("DHCPDECLINE of %s on %s to %s port %d (xid=0x%x)", + piaddr(client->requested_address), + (client->name ? client->name : client->interface->name), + inet_ntoa(sockaddr_broadcast.sin_addr), +- ntohs(sockaddr_broadcast.sin_port)); ++ ntohs(sockaddr_broadcast.sin_port), client->xid); + + /* Send out a packet. */ + #if defined(DHCPv6) && defined(DHCP4o6) +@@ -3024,11 +3137,11 @@ void send_release (cpp) + log_info ("DHCPRELEASE"); + } else + #endif +- log_info ("DHCPRELEASE of %s on %s to %s port %d", ++ log_info ("DHCPRELEASE of %s on %s to %s port %d (xid=0x%x)", + piaddr(client->active->address), + client->name ? client->name : client->interface->name, + inet_ntoa (destination.sin_addr), +- ntohs (destination.sin_port)); ++ ntohs (destination.sin_port), client->xid); + + #if defined(DHCPv6) && defined(DHCP4o6) + if (dhcpv4_over_dhcpv6) { +@@ -3305,10 +3418,17 @@ make_client_options(struct client_state + * This can be overridden by including a client id in the configuration + * file. + */ +- if (duid_v4 == 1) { ++ if (duid_v4 == 1 || client->interface->hw_address.hbuf[0] == HTYPE_INFINIBAND) { + struct data_string client_identifier; + int hw_idx, hw_len; + ++ if (default_duid.len == 0) { ++ if (default_duid.buffer != NULL) ++ data_string_forget(&default_duid, MDL); ++ ++ form_interface_duid(&default_duid, client->interface, MDL); ++ } ++ + memset(&client_identifier, 0, sizeof(client_identifier)); + client_identifier.len = 1 + 4 + default_duid.len; + if (!buffer_allocate(&client_identifier.buffer, +@@ -3399,12 +3519,13 @@ void make_discover (client, lease) + client -> packet.op = BOOTREQUEST; + client -> packet.htype = client -> interface -> hw_address.hbuf [0]; + /* Assumes hw_address is known, otherwise a random value may result */ +- client -> packet.hlen = client -> interface -> hw_address.hlen - 1; ++ if (client -> interface -> hw_address.hlen - 1 <= sizeof(client -> packet.chaddr)) ++ client -> packet.hlen = client -> interface -> hw_address.hlen - 1; + client -> packet.hops = 0; + client -> packet.xid = random (); + client -> packet.secs = 0; /* filled in by send_discover. */ + +- if (can_receive_unicast_unconfigured (client -> interface)) ++ if (can_receive_unicast_unconfigured (client -> interface) && client -> packet.hlen) + client -> packet.flags = 0; + else + client -> packet.flags = htons (BOOTP_BROADCAST); +@@ -3416,7 +3537,7 @@ void make_discover (client, lease) + memset (&(client -> packet.siaddr), + 0, sizeof client -> packet.siaddr); + client -> packet.giaddr = giaddr; +- if (client -> interface -> hw_address.hlen > 0) ++ if (client -> interface -> hw_address.hlen > 1 && client -> packet.hlen) + memcpy (client -> packet.chaddr, + &client -> interface -> hw_address.hbuf [1], + (unsigned)(client -> interface -> hw_address.hlen - 1)); +@@ -3473,7 +3594,8 @@ void make_request (client, lease) + client -> packet.op = BOOTREQUEST; + client -> packet.htype = client -> interface -> hw_address.hbuf [0]; + /* Assumes hw_address is known, otherwise a random value may result */ +- client -> packet.hlen = client -> interface -> hw_address.hlen - 1; ++ if (client -> interface -> hw_address.hlen - 1 <= sizeof(client -> packet.chaddr)) ++ client -> packet.hlen = client -> interface -> hw_address.hlen - 1; + client -> packet.hops = 0; + client -> packet.xid = client -> xid; + client -> packet.secs = 0; /* Filled in by send_request. */ +@@ -3505,7 +3627,7 @@ void make_request (client, lease) + else + memset (&client -> packet.giaddr, 0, + sizeof client -> packet.giaddr); +- if (client -> interface -> hw_address.hlen > 0) ++ if (client -> interface -> hw_address.hlen > 1 && client -> packet.hlen) + memcpy (client -> packet.chaddr, + &client -> interface -> hw_address.hbuf [1], + (unsigned)(client -> interface -> hw_address.hlen - 1)); +@@ -3548,7 +3670,8 @@ void make_decline (client, lease) + client -> packet.op = BOOTREQUEST; + client -> packet.htype = client -> interface -> hw_address.hbuf [0]; + /* Assumes hw_address is known, otherwise a random value may result */ +- client -> packet.hlen = client -> interface -> hw_address.hlen - 1; ++ if (client -> interface -> hw_address.hlen - 1 <= sizeof(client -> packet.chaddr)) ++ client -> packet.hlen = client -> interface -> hw_address.hlen - 1; + client -> packet.hops = 0; + client -> packet.xid = client -> xid; + client -> packet.secs = 0; /* Filled in by send_request. */ +@@ -3565,9 +3688,10 @@ void make_decline (client, lease) + memset (&client -> packet.siaddr, 0, + sizeof client -> packet.siaddr); + client -> packet.giaddr = giaddr; +- memcpy (client -> packet.chaddr, +- &client -> interface -> hw_address.hbuf [1], +- client -> interface -> hw_address.hlen); ++ if (client -> interface -> hw_address.hlen > 1 && client -> packet.hlen) ++ memcpy (client -> packet.chaddr, ++ &client -> interface -> hw_address.hbuf [1], ++ client -> interface -> hw_address.hlen - 1); + + #ifdef DEBUG_PACKET + dump_raw ((unsigned char *)&client -> packet, client -> packet_length); +@@ -3610,7 +3734,8 @@ void make_release (client, lease) + client -> packet.op = BOOTREQUEST; + client -> packet.htype = client -> interface -> hw_address.hbuf [0]; + /* Assumes hw_address is known, otherwise a random value may result */ +- client -> packet.hlen = client -> interface -> hw_address.hlen - 1; ++ if (client -> interface -> hw_address.hlen - 1 <= sizeof(client -> packet.chaddr)) ++ client -> packet.hlen = client -> interface -> hw_address.hlen - 1; + client -> packet.hops = 0; + client -> packet.xid = random (); + client -> packet.secs = 0; +@@ -3622,9 +3747,10 @@ void make_release (client, lease) + memset (&client -> packet.siaddr, 0, + sizeof client -> packet.siaddr); + client -> packet.giaddr = giaddr; +- memcpy (client -> packet.chaddr, +- &client -> interface -> hw_address.hbuf [1], +- client -> interface -> hw_address.hlen); ++ if (client -> interface -> hw_address.hlen > 1 && client -> packet.hlen) ++ memcpy (client -> packet.chaddr, ++ &client -> interface -> hw_address.hbuf [1], ++ client -> interface -> hw_address.hlen); + + #ifdef DEBUG_PACKET + dump_raw ((unsigned char *)&client -> packet, client -> packet_length); +@@ -3777,17 +3903,13 @@ write_options(struct client_state *clien + * is not how it is intended. Upcoming rearchitecting the client should + * address this "one daemon model." + */ +-void +-form_duid(struct data_string *duid, const char *file, int line) ++static void ++form_interface_duid(struct data_string *duid, struct interface_info *ip, const char *file, int line) + { +- struct interface_info *ip; + int len; + char *str; + +- /* For now, just use the first interface on the list. */ +- ip = interfaces; +- +- if (ip == NULL) ++ if (ip == NULL || duid == NULL) + log_fatal("Impossible condition at %s:%d.", MDL); + + if ((ip->hw_address.hlen == 0) || +@@ -3837,6 +3959,13 @@ form_duid(struct data_string *duid, cons + } + } + ++void ++form_duid(struct data_string *duid, const char *file, int line) ++{ ++ /* For now, just use the first interface on the list. */ ++ form_interface_duid(duid, interfaces, file, line); ++} ++ + /* Write the default DUID to the lease store. */ + static isc_result_t + write_duid(struct data_string *duid) +@@ -5276,7 +5405,8 @@ client_dns_update(struct client_state *c + NULL, client, + client->sent_options, NULL, + &global_scope, oc, MDL)) { +- if ((std_dhcid == 1) && (duid_v4 == 1) && ++ if ((std_dhcid == 1) && (duid_v4 == 1 || ++ client->interface->hw_address.hbuf[0] == HTYPE_INFINIBAND) && + (client_identifier.data[0] == 255)) { + /* + * This appears to be an embedded DUID, +Index: common/bpf.c +=================================================================== +--- common/bpf.c.orig ++++ common/bpf.c +@@ -116,7 +116,7 @@ int if_register_bpf (info) + log_fatal ("Can't attach interface %s to bpf device %s: %m", + info -> name, filename); + +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + + return sock; + } +@@ -237,11 +237,44 @@ int dhcp_bpf_relay_filter_len = + sizeof dhcp_bpf_relay_filter / sizeof (struct bpf_insn); + #endif + ++/* Packet filter program for DHCP over Infiniband. ++ * It is a generic UDP in IP packet filter (initialized to port 67 in [6].k). ++ * ++ * XXX ++ * Changes to the filter program may require changes to the constant offsets ++ * used in lpf_gen_filter_setup to patch the port in the BPF program! ++ * XXX ++ */ ++struct bpf_insn dhcp_ib_bpf_filter [] = { ++ /* Make sure it's a UDP packet... */ ++ BPF_STMT(BPF_LD + BPF_B + BPF_ABS, 9), ++ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 6), ++ ++ /* Make sure this isn't a fragment... */ ++ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 6), ++ BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 4, 0), ++ ++ /* Get the IP header length... */ ++ BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, 0), ++ ++ /* Make sure it's to the right port... */ ++ BPF_STMT(BPF_LD + BPF_H + BPF_IND, 2), ++ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 67, 0, 1), ++ ++ /* If we passed all the tests, ask for the whole packet. */ ++ BPF_STMT(BPF_RET + BPF_K, (u_int)-1), ++ ++ /* Otherwise, drop it. */ ++ BPF_STMT(BPF_RET + BPF_K, 0), ++}; ++ + #if defined (DEC_FDDI) + struct bpf_insn *bpf_fddi_filter = NULL; + #endif + + int dhcp_bpf_filter_len = sizeof dhcp_bpf_filter / sizeof (struct bpf_insn); ++int dhcp_ib_bpf_filter_len = sizeof dhcp_ib_bpf_filter / sizeof (struct bpf_insn); ++ + #if defined (HAVE_TR_SUPPORT) + struct bpf_insn dhcp_bpf_tr_filter [] = { + /* accept all token ring packets due to variable length header */ +@@ -600,7 +633,9 @@ void maybe_setup_fallback () + + #if defined(USE_BPF_RECEIVE) || defined(USE_BPF_HWADDR) + void +-get_hw_addr(const char *name, struct hardware *hw) { ++get_hw_addr(struct interface_info *info) { ++ const char *name = info->name; ++ struct hardware *hw = &info->hw_address; + struct ifaddrs *ifa; + struct ifaddrs *p; + struct sockaddr_dl *sa; +Index: common/discover.c +=================================================================== +--- common/discover.c.orig ++++ common/discover.c +@@ -899,7 +899,7 @@ discover_interfaces(int state) { + if_register_send(tmp); + } else { + /* get_hw_addr() was called by register. */ +- get_hw_addr(tmp->name, &tmp->hw_address); ++ get_hw_addr(tmp); + } + break; + #ifdef DHCPv6 +@@ -912,7 +912,7 @@ discover_interfaces(int state) { + so now we have to call it explicitly + to not leave the hardware address unknown + (some code expects it cannot be. */ +- get_hw_addr(tmp->name, &tmp->hw_address); ++ get_hw_addr(tmp); + } else { + if_register_linklocal6(tmp); + } +Index: common/dlpi.c +=================================================================== +--- common/dlpi.c.orig ++++ common/dlpi.c +@@ -1343,7 +1343,9 @@ void maybe_setup_fallback () + #endif /* USE_DLPI_SEND */ + + void +-get_hw_addr(const char *name, struct hardware *hw) { ++get_hw_addr(struct interface_info *info) { ++ const char *name = info->name; ++ struct hardware *hw = &info->hw_address; + int sock, unit; + long buf[DLPI_MAXDLBUF]; + union DL_primitives *dlp; +Index: common/lpf.c +=================================================================== +--- common/lpf.c.orig ++++ common/lpf.c +@@ -45,12 +45,22 @@ + #include + #include + #include ++#include + #endif + + #if defined (USE_LPF_SEND) || defined (USE_LPF_RECEIVE) + /* Reinitializes the specified interface after an address change. This + is not required for packet-filter APIs. */ + ++/* Default broadcast address for IPoIB */ ++static unsigned char default_ib_bcast_addr[20] = { ++ 0x00, 0xff, 0xff, 0xff, ++ 0xff, 0x12, 0x40, 0x1b, ++ 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, ++ 0xff, 0xff, 0xff, 0xff ++}; ++ + #ifdef USE_LPF_SEND + void if_reinitialize_send (info) + struct interface_info *info; +@@ -78,10 +88,25 @@ int if_register_lpf (info) + struct sockaddr common; + } sa; + struct ifreq ifr; ++ int type; ++ int protocol; + + /* Make an LPF socket. */ +- if ((sock = socket(PF_PACKET, SOCK_RAW, +- htons((short)ETH_P_ALL))) < 0) { ++ get_hw_addr(info); ++ ++ if (info->hw_address.hbuf[0] == HTYPE_INFINIBAND) { ++ /* ++ * Infiniband provides a 4-octet encapsulation ++ * header [08 00 00 00] only, so just omit it. ++ */ ++ type = SOCK_DGRAM; ++ protocol = ETHERTYPE_IP; ++ } else { ++ type = SOCK_RAW; ++ protocol = ETH_P_ALL; ++ } ++ ++ if ((sock = socket(PF_PACKET, type, htons((short)protocol))) < 0) { + if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || + errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || + errno == EAFNOSUPPORT || errno == EINVAL) { +@@ -105,6 +130,7 @@ int if_register_lpf (info) + memset (&sa, 0, sizeof sa); + sa.ll.sll_family = AF_PACKET; + sa.ll.sll_ifindex = ifr.ifr_ifindex; ++ sa.ll.sll_protocol = htons(protocol); + if (bind (sock, &sa.common, sizeof sa)) { + if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || + errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || +@@ -120,8 +146,6 @@ int if_register_lpf (info) + + } + +- get_hw_addr(info->name, &info->hw_address); +- + return sock; + } + #endif /* USE_LPF_SEND || USE_LPF_RECEIVE */ +@@ -176,6 +200,8 @@ void if_deregister_send (info) + in bpf includes... */ + extern struct sock_filter dhcp_bpf_filter []; + extern int dhcp_bpf_filter_len; ++extern struct sock_filter dhcp_ib_bpf_filter []; ++extern int dhcp_ib_bpf_filter_len; + + #if defined(RELAY_PORT) + extern struct sock_filter dhcp_bpf_relay_filter []; +@@ -188,6 +214,8 @@ extern int dhcp_bpf_tr_filter_len; + static void lpf_tr_filter_setup (struct interface_info *); + #endif + ++static void lpf_ib_filter_setup (struct interface_info *); ++ + static void lpf_gen_filter_setup (struct interface_info *); + + void if_register_receive (info) +@@ -209,12 +237,14 @@ void if_register_receive (info) + } + #endif + +- + #if defined (HAVE_TR_SUPPORT) + if (info -> hw_address.hbuf [0] == HTYPE_IEEE802) + lpf_tr_filter_setup (info); + else + #endif ++ if (info -> hw_address.hbuf [0] == HTYPE_INFINIBAND) ++ lpf_ib_filter_setup (info); ++ else + lpf_gen_filter_setup (info); + + if (!quiet_interface_discovery) +@@ -291,6 +321,38 @@ static void lpf_gen_filter_setup (info) + } + } + ++static void lpf_ib_filter_setup (info) ++ struct interface_info *info; ++{ ++ struct sock_fprog p; ++ ++ memset(&p, 0, sizeof(p)); ++ ++ /* Set up the bpf filter program structure */ ++ p.len = dhcp_ib_bpf_filter_len; ++ p.filter = dhcp_ib_bpf_filter; ++ ++ /* Patch the server port into the LPF program... ++ XXX changes to filter program may require changes ++ to the insn number(s) used below! XXX */ ++ dhcp_ib_bpf_filter [6].k = ntohs ((short)local_port); ++ ++ if (setsockopt (info -> rfdesc, SOL_SOCKET, SO_ATTACH_FILTER, &p, ++ sizeof p) < 0) { ++ if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || ++ errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || ++ errno == EAFNOSUPPORT) { ++ log_error ("socket: %m - make sure"); ++ log_error ("CONFIG_PACKET (Packet socket) %s", ++ "and CONFIG_FILTER"); ++ log_error ("(Socket Filtering) are enabled %s", ++ "in your kernel"); ++ log_fatal ("configuration!"); ++ } ++ log_fatal ("Can't install packet filter program: %m"); ++ } ++} ++ + #if defined (HAVE_TR_SUPPORT) + static void lpf_tr_filter_setup (info) + struct interface_info *info; +@@ -330,6 +392,54 @@ static void lpf_tr_filter_setup (info) + #endif /* USE_LPF_RECEIVE */ + + #ifdef USE_LPF_SEND ++ssize_t send_packet_ib(interface, packet, raw, len, from, to, hto) ++ struct interface_info *interface; ++ struct packet *packet; ++ struct dhcp_packet *raw; ++ size_t len; ++ struct in_addr from; ++ struct sockaddr_in *to; ++ struct hardware *hto; ++{ ++ unsigned ibufp = 0; ++ double ih [1536 / sizeof (double)]; ++ unsigned char *buf = (unsigned char *)ih; ++ ssize_t result; ++ ++ union sockunion { ++ struct sockaddr sa; ++ struct sockaddr_ll sll; ++ struct sockaddr_storage ss; ++ } su; ++ ++ assemble_udp_ip_header (interface, buf, &ibufp, from.s_addr, ++ to->sin_addr.s_addr, to->sin_port, ++ (unsigned char *)raw, len); ++ memcpy (buf + ibufp, raw, len); ++ ++ memset(&su, 0, sizeof(su)); ++ su.sll.sll_family = AF_PACKET; ++ su.sll.sll_protocol = htons(ETHERTYPE_IP); ++ ++ if (!(su.sll.sll_ifindex = if_nametoindex(interface->name))) { ++ errno = ENOENT; ++ log_error ("send_packet_ib: %m - failed to get if index"); ++ return -1; ++ } ++ ++ su.sll.sll_hatype = htons(HTYPE_INFINIBAND); ++ su.sll.sll_halen = sizeof(interface->bcast_addr); ++ memcpy(&su.sll.sll_addr, interface->bcast_addr, 20); ++ ++ result = sendto(interface->wfdesc, buf, ibufp + len, 0, ++ &su.sa, sizeof(su)); ++ ++ if (result < 0) ++ log_error ("send_packet_ib: %m"); ++ ++ return result; ++} ++ + ssize_t send_packet (interface, packet, raw, len, from, to, hto) + struct interface_info *interface; + struct packet *packet; +@@ -350,6 +460,10 @@ ssize_t send_packet (interface, packet, + return send_fallback (interface, packet, raw, + len, from, to, hto); + ++ if (interface->hw_address.hbuf[0] == HTYPE_INFINIBAND) ++ return send_packet_ib(interface, packet, raw, ++ len, from, to, hto); ++ + if (hto == NULL && interface->anycast_mac_addr.hlen) + hto = &interface->anycast_mac_addr; + +@@ -454,7 +568,15 @@ ssize_t receive_packet (interface, buf, + + bufix = 0; + /* Decode the physical header... */ +- offset = decode_hw_header (interface, ibuf, bufix, hfrom); ++ if (interface->hw_address.hbuf[0] == HTYPE_INFINIBAND) { ++ /* ETHERTYPE_IP packet, no HW header to decode */ ++ if (hfrom) { ++ memset(hfrom, 0, sizeof(*hfrom)); ++ hfrom->hbuf[0] = HTYPE_INFINIBAND; ++ } ++ } else { ++ offset = decode_hw_header (interface, ibuf, bufix, hfrom); ++ } + + /* If a physical layer checksum failed (dunno of any + physical layer that supports this, but WTH), skip this +@@ -522,33 +644,44 @@ void maybe_setup_fallback () + + #if defined (USE_LPF_RECEIVE) || defined (USE_LPF_HWADDR) + void +-get_hw_addr(const char *name, struct hardware *hw) { +- int sock; +- struct ifreq tmp; +- struct sockaddr *sa; ++get_hw_addr(struct interface_info *info) ++{ ++ const char *name = info->name; ++ struct hardware *hw = &info->hw_address; ++ struct ifaddrs *ifaddrs; ++ struct ifaddrs *ifa; ++ struct sockaddr_ll *sll = NULL; + +- if (strlen(name) >= sizeof(tmp.ifr_name)) { +- log_fatal("Device name too long: \"%s\"", name); +- } ++ if (getifaddrs(&ifaddrs) == -1) ++ log_fatal("Failed to get interfaces"); ++ ++ for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { ++ ++ if (!ifa->ifa_addr) ++ continue; ++ ++ if (ifa->ifa_addr->sa_family != AF_PACKET) ++ continue; + +- sock = socket(AF_INET, SOCK_DGRAM, 0); +- if (sock < 0) { +- log_fatal("Can't create socket for \"%s\": %m", name); ++ if (ifa->ifa_flags & IFF_LOOPBACK) ++ continue; ++ ++ if (strcmp(ifa->ifa_name, name) == 0) { ++ sll = (struct sockaddr_ll *)(void *)ifa->ifa_addr; ++ break; ++ } + } + +- memset(&tmp, 0, sizeof(tmp)); +- strcpy(tmp.ifr_name, name); +- if (ioctl(sock, SIOCGIFHWADDR, &tmp) < 0) { +- log_fatal("Error getting hardware address for \"%s\": %m", +- name); ++ if (sll == NULL || sll->sll_halen >= sizeof(hw->hbuf)) { ++ freeifaddrs(ifaddrs); ++ log_fatal("Failed to get HW address for %s\n", name); + } + +- sa = &tmp.ifr_hwaddr; +- switch (sa->sa_family) { ++ switch (sll->sll_hatype) { + case ARPHRD_ETHER: + hw->hlen = 7; + hw->hbuf[0] = HTYPE_ETHER; +- memcpy(&hw->hbuf[1], sa->sa_data, 6); ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); + break; + case ARPHRD_IEEE802: + #ifdef ARPHRD_IEEE802_TR +@@ -556,18 +689,37 @@ get_hw_addr(const char *name, struct har + #endif /* ARPHRD_IEEE802_TR */ + hw->hlen = 7; + hw->hbuf[0] = HTYPE_IEEE802; +- memcpy(&hw->hbuf[1], sa->sa_data, 6); ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); + break; + case ARPHRD_FDDI: + hw->hlen = 7; + hw->hbuf[0] = HTYPE_FDDI; +- memcpy(&hw->hbuf[1], sa->sa_data, 6); ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); ++ break; ++ case ARPHRD_INFINIBAND: ++ /* For Infiniband, save the broadcast address and store ++ * the port GUID into the hardware address. ++ */ ++ if (ifa->ifa_flags & IFF_BROADCAST) { ++ struct sockaddr_ll *bll; ++ ++ bll = (struct sockaddr_ll *)ifa->ifa_broadaddr; ++ memcpy(&info->bcast_addr, bll->sll_addr, sll->sll_halen); ++ } else { ++ memcpy(&info->bcast_addr, default_ib_bcast_addr, ++ sizeof(default_ib_bcast_addr)); ++ } ++ ++ hw->hlen = sll->sll_halen + 1; ++ hw->hbuf[0] = HTYPE_INFINIBAND; ++ memcpy(&hw->hbuf[1], sll->sll_addr, sll->sll_halen); + break; + default: ++ freeifaddrs(ifaddrs); + log_fatal("Unsupported device type %ld for \"%s\"", +- (long int)sa->sa_family, name); ++ (long int)sll->sll_family, name); + } + +- close(sock); ++ freeifaddrs(ifaddrs); + } + #endif +Index: common/print.c +=================================================================== +--- common/print.c.orig ++++ common/print.c +@@ -173,11 +173,11 @@ char *print_hw_addr (htype, hlen, data) + const int hlen; + const unsigned char *data; + { +- static char habuf [49]; ++ static char habuf [64]; + char *s; + int i; + +- if (hlen <= 0) ++ if (hlen <= 0 || hlen >= sizeof(habuf)) + habuf [0] = 0; + else { + s = habuf; +Index: common/socket.c +=================================================================== +--- common/socket.c.orig ++++ common/socket.c +@@ -358,7 +358,7 @@ void if_register_send (info) + info->wfdesc = if_register_socket(info, AF_INET, 0, NULL); + /* If this is a normal IPv4 address, get the hardware address. */ + if (strcmp(info->name, "fallback") != 0) +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + #if defined (USE_SOCKET_FALLBACK) + /* Fallback only registers for send, but may need to receive as + well. */ +@@ -421,7 +421,7 @@ void if_register_receive (info) + #endif /* IP_PKTINFO... */ + /* If this is a normal IPv4 address, get the hardware address. */ + if (strcmp(info->name, "fallback") != 0) +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + + if (!quiet_interface_discovery) + log_info ("Listening on Socket/%s%s%s", +@@ -577,7 +577,7 @@ if_register6(struct interface_info *info + if (req_multi) + if_register_multicast(info); + +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + + if (!quiet_interface_discovery) { + if (info->shared_network != NULL) { +@@ -633,7 +633,7 @@ if_register_linklocal6(struct interface_ + info->rfdesc = sock; + info->wfdesc = sock; + +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + + if (!quiet_interface_discovery) { + if (info->shared_network != NULL) { +@@ -1246,7 +1246,9 @@ void maybe_setup_fallback () + #if defined(sun) && defined(USE_V4_PKTINFO) + /* This code assumes the existence of SIOCGLIFHWADDR */ + void +-get_hw_addr(const char *name, struct hardware *hw) { ++get_hw_addr(struct interface_info *info) { ++ const char *name = info->name; ++ struct hardware *hw = &info->hw_address; + struct sockaddr_dl *dladdrp; + int sock, i; + struct lifreq lifr; +Index: includes/dhcpd.h +=================================================================== +--- includes/dhcpd.h.orig ++++ includes/dhcpd.h +@@ -1372,6 +1372,7 @@ struct interface_info { + struct shared_network *shared_network; + /* Networks connected to this interface. */ + struct hardware hw_address; /* Its physical address. */ ++ u_int8_t bcast_addr[HARDWARE_ADDR_LEN]; /* broadcast hw address */ + struct in_addr *addresses; /* Addresses associated with this + * interface. + */ +@@ -2641,7 +2642,7 @@ void print_dns_status (int, struct dhcp_ + #endif + const char *print_time(TIME); + +-void get_hw_addr(const char *name, struct hardware *hw); ++void get_hw_addr(struct interface_info *info); + char *buf_to_hex (const unsigned char *s, unsigned len, + const char *file, int line); + char *format_lease_id(const unsigned char *s, unsigned len, int format, +Index: server/dhcp.c +=================================================================== +--- server/dhcp.c.orig ++++ server/dhcp.c +@@ -2035,11 +2035,12 @@ void echo_client_id(packet, lease, in_op + + /* Check if echo-client-id is enabled */ + oc = lookup_option(&server_universe, in_options, SV_ECHO_CLIENT_ID); +- if (oc && evaluate_boolean_option_cache(&ignorep, packet, lease, ++ if ((packet->raw && packet->raw->hlen == 0) || ++ (oc && evaluate_boolean_option_cache(&ignorep, packet, lease, + NULL, packet->options, + in_options, + (lease ? &lease->scope : NULL), +- oc, MDL)) { ++ oc, MDL))) { + struct data_string client_id; + unsigned int opcode = DHO_DHCP_CLIENT_IDENTIFIER; + +@@ -3948,9 +3949,11 @@ void dhcp_reply (lease) + } else + bufs |= 2; /* XXX */ + +- memcpy (raw.chaddr, +- &lease -> hardware_addr.hbuf [1], sizeof raw.chaddr); +- raw.hlen = lease -> hardware_addr.hlen - 1; ++ if (lease -> hardware_addr.hlen - 1 <= sizeof(raw.chaddr)) ++ raw.hlen = lease -> hardware_addr.hlen - 1; ++ if (lease -> hardware_addr.hlen > 1 && raw.hlen) ++ memcpy (raw.chaddr, ++ &lease -> hardware_addr.hbuf [1], raw.hlen); + raw.htype = lease -> hardware_addr.hbuf [0]; + + /* See if this is a Microsoft client that NUL-terminates its +Index: server/dhcpleasequery.c +=================================================================== +--- server/dhcpleasequery.c.orig ++++ server/dhcpleasequery.c +@@ -302,7 +302,7 @@ dhcpleasequery(struct packet *packet, in + assoc_ips, + nassoc_ips); + +- } else { ++ } else if (packet->raw->hlen) { + + if (packet->raw->hlen+1 > sizeof(h.hbuf)) { + log_info("%s: hardware length too long, " +@@ -412,11 +412,13 @@ dhcpleasequery(struct packet *packet, in + * Set the hardware address fields. + */ + +- packet->raw->hlen = lease->hardware_addr.hlen - 1; + packet->raw->htype = lease->hardware_addr.hbuf[0]; +- memcpy(packet->raw->chaddr, +- &lease->hardware_addr.hbuf[1], +- sizeof(packet->raw->chaddr)); ++ if (lease->hardware_addr.hlen - 1 <= sizeof(packet->raw->chaddr)) ++ packet->raw->hlen = lease->hardware_addr.hlen - 1; ++ if (lease->hardware_addr.hlen > 1 && packet->raw->hlen) ++ memcpy(packet->raw->chaddr, ++ &lease->hardware_addr.hbuf[1], ++ packet->raw->hlen); + + /* + * Set client identifier option. +Index: server/mdb.c +=================================================================== +--- server/mdb.c.orig ++++ server/mdb.c +@@ -640,6 +640,9 @@ int find_hosts_by_haddr (struct host_dec + return ret; + #endif + ++ if (!hlen || hlen > HARDWARE_ADDR_LEN) ++ return 0; ++ + h.hlen = hlen + 1; + h.hbuf [0] = htype; + memcpy (&h.hbuf [1], haddr, hlen); diff --git a/0017-server-no-success-report-before-send.919959.patch b/0017-server-no-success-report-before-send.919959.patch new file mode 100644 index 0000000..a9676bd --- /dev/null +++ b/0017-server-no-success-report-before-send.919959.patch @@ -0,0 +1,98 @@ +From ce15607bca2509bc2abd440000d25498ad589e27 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Mon, 14 Sep 2015 15:31:37 +0200 +Subject: [PATCH] server: no success report before send (bsc#919959) +References: bsc#919959 + + +diff --git a/server/dhcp.c b/server/dhcp.c +index effa9b1..18297a6 100644 +--- a/server/dhcp.c ++++ b/server/dhcp.c +@@ -3859,22 +3859,6 @@ void dhcp_reply (lease) + } + #endif + +- /* Say what we're doing... */ +- log_info ("%s on %s to %s %s%s%svia %s", +- (state -> offer +- ? (state -> offer == DHCPACK ? "DHCPACK" : "DHCPOFFER") +- : "BOOTREPLY"), +- piaddr (lease -> ip_addr), +- (lease -> hardware_addr.hlen +- ? print_hw_addr (lease -> hardware_addr.hbuf [0], +- lease -> hardware_addr.hlen - 1, +- &lease -> hardware_addr.hbuf [1]) +- : print_hex_1(lease->uid_len, lease->uid, 60)), +- s ? "(" : "", s ? s : "", s ? ") " : "", +- (state -> giaddr.s_addr +- ? inet_ntoa (state -> giaddr) +- : state -> ip -> name)); +- + #ifdef DEBUG_PACKET + dump_raw ((unsigned char *)&raw, packet_length); + #endif +@@ -3906,12 +3890,13 @@ void dhcp_reply (lease) + "packet over %s interface.", MDL, + packet_length, + fallback_interface->name); +- } + ++ free_lease_state (state, MDL); ++ lease -> state = (struct lease_state *)0; ++ return; ++ } + +- free_lease_state (state, MDL); +- lease -> state = (struct lease_state *)0; +- return; ++ goto report; + } + + /* If the client is RENEWING, unicast to the client using the +@@ -3944,11 +3929,13 @@ void dhcp_reply (lease) + " packet over %s interface.", MDL, + packet_length, + fallback_interface->name); ++ ++ free_lease_state (state, MDL); ++ lease -> state = (struct lease_state *)0; ++ return; + } + +- free_lease_state (state, MDL); +- lease -> state = (struct lease_state *)0; +- return; ++ goto report; + } + + /* If it comes from a client that already knows its address +@@ -3976,8 +3963,28 @@ void dhcp_reply (lease) + log_error ("%s:%d: Failed to send %d byte long " + "packet over %s interface.", MDL, + packet_length, state->ip->name); ++ ++ free_lease_state (state, MDL); ++ lease -> state = (struct lease_state *)0; ++ return; + } + ++report: ++ /* Say what we're doing... */ ++ log_info ("%s on %s to %s %s%s%svia %s", ++ (state -> offer ++ ? (state -> offer == DHCPACK ? "DHCPACK" : "DHCPOFFER") ++ : "BOOTREPLY"), ++ piaddr (lease -> ip_addr), ++ (lease -> hardware_addr.hlen ++ ? print_hw_addr (lease -> hardware_addr.hbuf [0], ++ lease -> hardware_addr.hlen - 1, ++ &lease -> hardware_addr.hbuf [1]) ++ : print_hex_1(lease->uid_len, lease->uid, 60)), ++ s ? "(" : "", s ? s : "", s ? ") " : "", ++ (state -> giaddr.s_addr ++ ? inet_ntoa (state -> giaddr) ++ : state -> ip -> name)); + + /* Free all of the entries in the option_state structure + now that we're done with them. */ diff --git a/0018-client-fail-on-script-pre-init-error-bsc-912098.patch b/0018-client-fail-on-script-pre-init-error-bsc-912098.patch new file mode 100644 index 0000000..aa6c00e --- /dev/null +++ b/0018-client-fail-on-script-pre-init-error-bsc-912098.patch @@ -0,0 +1,47 @@ +From 937561ef8c09e3281caba3c859e80ce2fcf23ce4 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Mon, 14 Sep 2015 18:53:34 +0200 +Subject: [PATCH] client: fail on script pre-init error (bsc#912098) +References: bsc#912098 + +Index: dhcp-4.4.2/client/dhclient.c +=================================================================== +--- dhcp-4.4.2.orig/client/dhclient.c ++++ dhcp-4.4.2/client/dhclient.c +@@ -882,7 +882,8 @@ main(int argc, char **argv) { + * in case somebody cares. + */ + script_init(NULL, "NBI", NULL); +- script_go(NULL); ++ if (script_go(NULL)) ++ log_fatal("dhclient-script was unable to pre-init"); + + /* + * If we haven't been asked to persist, waiting for new +@@ -894,6 +895,8 @@ main(int argc, char **argv) { + finish(0); + } + } else if (!release_mode && !exit_mode) { ++ unsigned int failed = 0; ++ + /* Call the script with the list of interfaces. */ + for (ip = interfaces; ip; ip = ip->next) { + /* +@@ -915,7 +918,16 @@ main(int argc, char **argv) { + "alias_", + ip->client->alias); + } +- script_go(ip->client); ++ if (script_go(ip->client)) { ++ log_info("%s: unable to pre-init requested interface %s", ++ path_dhclient_script, ip->name); ++ ip->flags &= ~(INTERFACE_REQUESTED|INTERFACE_AUTOMATIC); ++ failed++; ++ } ++ } ++ if (failed) { ++ log_fatal("%s: unable to pre-init requested interfaces -- see log messages", ++ path_dhclient_script); + } + } + diff --git a/0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch b/0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch new file mode 100644 index 0000000..216fa8f --- /dev/null +++ b/0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch @@ -0,0 +1,67 @@ +From: Marius Tomaschewski +Date: Tue, 12 Jan 2016 15:42:22 +0100 +Subject: [PATCH] fixed improper lease duration checking. +References: bsc#936923, bsc#880984 + +year 2038 is EOT only for 32 bit machine. This patch checks +wordsize and do a proper EOT checking on lease duration. It +also fixes integer overflows in the date and time handling code. + +--- common/parse.c.orig ++++ common/parse.c +@@ -939,7 +939,7 @@ TIME + parse_date_core(cfile) + struct parse *cfile; + { +- int guess; ++ long guess; + int tzoff, year, mon, mday, hour, min, sec; + const char *val; + enum dhcp_token token; +@@ -966,7 +966,7 @@ parse_date_core(cfile) + } + + skip_token(&val, NULL, cfile); /* consume number */ +- guess = atoi(val); ++ guess = atol(val); + + return((TIME)guess); + } +@@ -1113,11 +1113,22 @@ parse_date_core(cfile) + * overflow issues. We could try and be more precise but there + * doesn't seem to be a good reason to worry about it and waste + * the cpu looking at the rest of the date. */ +- if (year >= 138) +- return(MAX_TIME); +- ++ if (sizeof(time_t) == 8) { ++ /* 2038 is not an issue on 64bit. time calculations ++ * start to fail at almost INT_MAX (- some guard) */ ++ if (year > 0x7fff0000) ++ return(MAX_TIME); ++ } else { ++ /* assume 32bit with end in 2038 */ ++ if (year >= 138) ++ return(MAX_TIME); ++ } ++ /* I don't think we need to care about lease starts before 1900 */ ++ if (year < 0) ++ return((TIME)0); ++ + /* Guess the time value... */ +- guess = ((((((365 * (year - 70) + /* Days in years since '70 */ ++ guess = ((((((365 * ((long)year - 70) + /* Days in years since '70 */ + (year - 69) / 4 + /* Leap days since '70 */ + (mon /* Days in months this year */ + ? months [mon - 1] +--- includes/dhcpd.h.orig ++++ includes/dhcpd.h +@@ -1588,7 +1588,7 @@ typedef unsigned char option_mask [16]; + #endif + + #define INFINITE_TIME 0xffffffff +-#define MAX_TIME 0x7fffffff ++#define MAX_TIME LONG_MAX + #define MIN_TIME 0 + + #ifdef USE_LOG_PID diff --git a/0021-dhcp-ip-family-symlinks.patch b/0021-dhcp-ip-family-symlinks.patch new file mode 100644 index 0000000..f4ad710 --- /dev/null +++ b/0021-dhcp-ip-family-symlinks.patch @@ -0,0 +1,67 @@ +Index: client/dhclient.c +=================================================================== +--- client/dhclient.c.orig ++++ client/dhclient.c +@@ -284,6 +284,18 @@ main(int argc, char **argv) { + #else + progname = argv[0]; + #endif ++ ++#ifdef DHCPv6 ++ /* Support being called using `dhclient4` or `dhclient6` symlinks */ ++ if (argv[0][strlen(argv[0]) - 1] == '4') { ++ local_family_set = 1; ++ local_family = AF_INET; ++ } else if (argv[0][strlen(argv[0]) - 1] == '6') { ++ local_family_set = 1; ++ local_family = AF_INET6; ++ } ++#endif /* DHCPv6 */ ++ + /* Initialize client globals. */ + memset(&default_duid, 0, sizeof(default_duid)); + +Index: relay/dhcrelay.c +=================================================================== +--- relay/dhcrelay.c.orig ++++ relay/dhcrelay.c +@@ -300,6 +300,17 @@ main(int argc, char **argv) { + progname = argv[0]; + #endif + ++#ifdef DHCPv6 ++ /* Support being called using `dhcrelay4` or `dhcrelay6` symlinks */ ++ if (argv[0][strlen(argv[0]) - 1] == '4') { ++ local_family_set = 1; ++ local_family = AF_INET; ++ } else if (argv[0][strlen(argv[0]) - 1] == '6') { ++ local_family_set = 1; ++ local_family = AF_INET6; ++ } ++#endif /* DHCPv6 */ ++ + /* Make sure that file descriptors 0(stdin), 1,(stdout), and + 2(stderr) are open. To do this, we assume that when we + open a file the lowest available file descriptor is used. */ +Index: server/dhcpd.c +=================================================================== +--- server/dhcpd.c.orig ++++ server/dhcpd.c +@@ -301,6 +301,17 @@ main(int argc, char **argv) { + progname = argv[0]; + #endif + ++#ifdef DHCPv6 ++ /* Support being called using `dhcpd4` or `dhcpd6` symlinks */ ++ if (argv[0][strlen(argv[0]) - 1] == '4') { ++ local_family_set = 1; ++ local_family = AF_INET; ++ } else if (argv[0][strlen(argv[0]) - 1] == '6') { ++ local_family_set = 1; ++ local_family = AF_INET6; ++ } ++#endif /* DHCPv6 */ ++ + /* Make sure that file descriptors 0 (stdin), 1, (stdout), and + 2 (stderr) are open. To do this, we assume that when we + open a file the lowest available file descriptor is used. */ diff --git a/DDNS-howto.txt b/DDNS-howto.txt new file mode 100644 index 0000000..336b68e --- /dev/null +++ b/DDNS-howto.txt @@ -0,0 +1,120 @@ +The ISC DHCP server v3 supports dynamical DNS updates (DDNS), as do BIND8/9. +There are several standards in the works; for now the best way to do it seems +to be updates done by the DHCP server only (not by the clients themselves). + +Short outline of how things work together: + - DHCP clients send their preferred hostname along the request + - dhcpd acknowledges the lease + - dhcpd contacts named, asking it to update the zone, using an HMAC-MD5 key + (TSIG, short for transaction signature) for authentication + - named updates the zone (and rewrites the zone files periodically) + - when the lease times out or is freed, named will remove it + +The following instructions should get you started. +They are basically taken from the dnskeygen and dhcpd.conf man pages. + + + +1. Make a key to be used by dhcpd to authenticate for DNS updates. +You can use the script /usr/bin/genDDNSkey which essentially runs BIND's key +generating utility, extracts the secret from the K*.private key file and puts +it into the file /etc/named.keys. File name and key name can be specified on +the commandline, or via shell environment. Install the bind-utils package if +you don't have the script, or get it here: . +Call genDDNSkey --help for usage info. + +The simplest example to use it is: + + genDDNSkey + +which is equivalent to + + genDDNSkey --key-file /etc/named.keys --key-name DHCP_UPDATER + +thereby using the defaults that fit the rest of this readme. + +The script works both for BIND8 and BIND9 (some subtle difference in the syntax). + + +2. Configure dhcpd: + +/etc/dhcpd.conf needs these additional lines: + + --------------------> + ddns-updates on; + ddns-update-style interim; + ignore client-updates; + + include "/etc/named.keys"; + <-------------------- + +and in the subnet declaration: + + --------------------> + subnet 192.168.0.0 netmask 255.255.255.0 { + range dynamic-bootp 192.168.0.201 192.168.0.219; + + zone whirl. { primary 127.0.0.1; key DHCP_UPDATER; } + zone 0.168.192.in-addr.arpa. { primary 127.0.0.1; key DHCP_UPDATER; } + + } + + <-------------------- + +Note that this setup implies that the DNS server runs on the same machine +(127.0.0.1), but you can easily change that. + +Since the DHCP server runs in a chroot jail by default, the key file needs to +be copied into the jail because dhcpd cannot files outside it (thanks Andrew +Beames for pointing this out!). This can easily be achieved by adding + /etc/named.keys +to the value of DHCPD_CONF_INCLUDE_FILES in /etc/sysconfig/dhcpd, which can be +done via YaST, or via any editor. + + + +3. Configure named: + +Append something along these lines to /etc/named.conf: + + --------------------> + include "/etc/named.keys"; + + zone "whirl" in { + type master; + file "dyn/whirl.zone"; + allow-update { key DHCP_UPDATER; }; + }; + zone "0.168.192.in-addr.arpa" in { + type master; + file "dyn/0.168.192.zone"; + allow-update { key DHCP_UPDATER; }; + }; + <-------------------- + +Since named runs, by default, in a chroot directory since SuSE 8.2, we need to add + /etc/named.keys +to the value of NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named, just as we +did it with dhcpd. + +Since named runs, by default, as user "named" since SuSE 8.2, there is another +issue to be sorted out: named needs to create its .jnl files somewhere, but it +isn't allowed to do that in its working directory (/var/lib/named) for security +reasons. See /usr/share/doc/packages/bind9/README.SuSE for a solution. + + +if you got this far, there is a reasonable chance that you've got DDNS working. +Obviously, you need some zone files :) One further note: if you provide dummy +hostnames like d1, d2, d3,... for the dynamical clients they will have a +hostname even if they don't send a hostname (and no DDNS update is done). + +If it doesn't work, closely watch /var/log/messages. In almost all cases the +messages give the right clues. + +Feedback is appreciated. + +Have fun, +Peter +-- +Thought is limitation. Free your mind. + diff --git a/contrib.tar.gz b/contrib.tar.gz new file mode 100644 index 0000000..3895b7e --- /dev/null +++ b/contrib.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:60a6f23074e23d01a8658c98c79fba9c64143a54367311b381f5fa92cbef7d2f +size 8702 diff --git a/dhclient.conf b/dhclient.conf new file mode 100644 index 0000000..a81c6d8 --- /dev/null +++ b/dhclient.conf @@ -0,0 +1,58 @@ +# +# /etc/dhclient.conf -- dhclient configuration file +# See "man dhclient.conf" for further details +# + +###################################################### +# Sometimes, a special configuration is required for +# e.g. Cable Modem providers (@Home -- TCI). +# For example, it may be required to send out a special +# dhcp-client-identifier or to override some settings. +# +# Uncomment and fill in the appropriate settings: +# +#send dhcp-client-identifier "c32423-a" +# or as hex octets +#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c; +# +# Note, that hostname is usually send using -H option. +#send host-name "andare.fugue.com"; +# +#supersede domain-name "fugue.com home.vix.com"; +#prepend domain-name-servers 127.0.0.1; +# +##################################################### + +# uncomment to request a specific lease time, otherwise +# the dhcp server will provide its default lease time: +#send dhcp-lease-time 3600; + +# +# Define RFC 3442 classless static route option +# +option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; + +# +# Define RFC 4833 timezone options +# +option rfc4833-tz-posix-string code 100 = string; +option rfc4833-tz-name code 101 = string; + +# Request several well known/usefull dhcp options. +request subnet-mask, broadcast-address, routers, rfc3442-classless-static-routes, interface-mtu, host-name, domain-name, domain-search, domain-name-servers, nis-domain, nis-servers, nds-context, nds-servers, nds-tree-name, netbios-name-servers, netbios-dd-server, netbios-node-type, netbios-scope, ntp-servers; +# rfc4833-tz-posix-string, rfc4833-tz-name; + +# We request above options, require only the IP configuration: +require subnet-mask; +# All another options (DNS, NTP, NIS, ...) are applied using +# netconfig(8) modules. + +# To enforce the availability of the dns server list, set to: +#require subnet-mask, domain-name-servers; + +timeout 60; +retry 60; +reboot 10; +select-timeout 5; +initial-interval 2; + diff --git a/dhclient6.conf b/dhclient6.conf new file mode 100644 index 0000000..5ea1bf4 --- /dev/null +++ b/dhclient6.conf @@ -0,0 +1,22 @@ +# Client configuration file example for DHCPv6 + +# Define RFC 4833 timezone options: +option dhcp6.rfc4833-tz-posix-string code 41 = string; +option dhcp6.rfc4833-tz-name code 42 = string; +# You may add the options you've declared now to the request, +# but it is still needed to use them in a netconfig module or +# dhclient-script. I didn't found the time to implement it +# yet -- feel free to provide a module / patch. +# dhcp6.rfc4833-tz-posix-string, dhcp6.rfc4833-tz-name; + +# The client side command to enable rapid-commit (2 packet exchange) +send dhcp6.rapid-commit; + +# The name-servers and domain-search are requested by default. +# +# We request also sntp-servers, see dhcp-options(5) for more, +# but make sure, the underlying software using it supports IPv6 +# (e.g. ypbind <= 1.35 doesn't, don't add nis-servers/domain!) +# +also request dhcp6.sntp-servers; + diff --git a/dhcp-4.4.2-P1.tar.gz b/dhcp-4.4.2-P1.tar.gz new file mode 100644 index 0000000..024e65f --- /dev/null +++ b/dhcp-4.4.2-P1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b05e04337539545a8faa0d6ac518defc61a07e5aec66a857f455e7f218c85a1a +size 9898311 diff --git a/dhcp-4.4.2-P1.tar.gz.asc b/dhcp-4.4.2-P1.tar.gz.asc new file mode 100644 index 0000000..7c8143c --- /dev/null +++ b/dhcp-4.4.2-P1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABAgAdFiEEJFV3TUL9/mucOD64/hACvFlwgR8FAmClcL0ACgkQ/hACvFlw +gR8x7g/8CWUqsUBmN9aMsoqsZKvcR4Yqi+vl+VvpkUVdJxLWKBonTnQ544U8b4qq +GDwfht5LKCUSjF15fNxfbztkTFnxW3CnWmE25HsZwfVOGrBfPRHwO/BvmerqTBui +JPWOVsauwSp1KbEsxJUZERUZO1CncHdrxJ5bk8lPD25/QgxHVQzdxRwkml1uBlI4 +6wF9in05HK+GwZi5G5E7YrNDZKnCk2qtndCeAhlpl0zLUiImVP7EbDZRRpczyQqK +ZpWRpsFLeGCPWAWeomj0EG+S9nxS6UjVq0BS6kMrVTcwfIK1U9OkZRgYLMIkEV5y +vpu1tjXDZxU4lnGtUkQgjnGxWvnldMohvKDYUvKBOyomnYOpMZhMtLTmZRUk0oBz +8vLPK59BQGFsrQw/gA46+jM7oahrZp/uVx4WJkyzjuoZ41N3y61fOgZzMkFwt9wc +F08k66S4fTxxVpnAwMNVn7C7D7IMlCpuVG7/jB50Go9NsaY8Q8FcDxnqrNETNfPC +PZzgM+IkhPOaZezP36UPv9v/ME0sz9YEzslxKtsf2rsoXT0iS/vTuHryyZpfuvks +F7JZk9JlHkG+eoY1h/g05RtC+z+n3U5dn+pIETd9o3OgBYlJXaxA4E1LbkzrfqJC +icxx7sx4/e93/wUd7xppTwk3/+F9Yzp6qrIZDNWIzNWCxKytvdE= +=bHZP +-----END PGP SIGNATURE----- diff --git a/dhcp-CVE-2022-2928.patch b/dhcp-CVE-2022-2928.patch new file mode 100644 index 0000000..da44153 --- /dev/null +++ b/dhcp-CVE-2022-2928.patch @@ -0,0 +1,100 @@ +--- common/options.c.orig ++++ common/options.c +@@ -4452,6 +4452,8 @@ add_option(struct option_state *options, + if (!option_cache_allocate(&oc, MDL)) { + log_error("No memory for option cache adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + return 0; + } + +@@ -4463,6 +4465,8 @@ add_option(struct option_state *options, + MDL)) { + log_error("No memory for constant data adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + option_cache_dereference(&oc, MDL); + return 0; + } +@@ -4471,6 +4475,9 @@ add_option(struct option_state *options, + save_option(&dhcp_universe, options, oc); + option_cache_dereference(&oc, MDL); + ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); ++ + return 1; + } + +--- common/tests/option_unittest.c.orig ++++ common/tests/option_unittest.c +@@ -213,6 +213,59 @@ ATF_TC_BODY(parse_X, tc) + } + } + ++ATF_TC(add_option_ref_cnt); ++ ++ATF_TC_HEAD(add_option_ref_cnt, tc) ++{ ++ atf_tc_set_md_var(tc, "descr", ++ "Verify add_option() does not leak option ref counts."); ++} ++ ++ATF_TC_BODY(add_option_ref_cnt, tc) ++{ ++ struct option_state *options = NULL; ++ struct option *option = NULL; ++ unsigned int cid_code = DHO_DHCP_CLIENT_IDENTIFIER; ++ char *cid_str = "1234"; ++ int refcnt_before = 0; ++ ++ // Look up the option we're going to add. ++ initialize_common_option_spaces(); ++ if (!option_code_hash_lookup(&option, dhcp_universe.code_hash, ++ &cid_code, 0, MDL)) { ++ atf_tc_fail("cannot find option definition?"); ++ } ++ ++ // Get the option's reference count before we call add_options. ++ refcnt_before = option->refcnt; ++ ++ // Allocate a option_state to which to add an option. ++ if (!option_state_allocate(&options, MDL)) { ++ atf_tc_fail("cannot allocat options state"); ++ } ++ ++ // Call add_option() to add the option to the option state. ++ if (!add_option(options, cid_code, cid_str, strlen(cid_str))) { ++ atf_tc_fail("add_option returned 0"); ++ } ++ ++ // Verify that calling add_option() only adds 1 to the option ref count. ++ if (option->refcnt != (refcnt_before + 1)) { ++ atf_tc_fail("after add_option(), count is wrong, before %d, after: %d", ++ refcnt_before, option->refcnt); ++ } ++ ++ // Derefrence the option_state, this should reduce the ref count to ++ // it's starting value. ++ option_state_dereference(&options, MDL); ++ ++ // Verify that dereferencing option_state restores option ref count. ++ if (option->refcnt != refcnt_before) { ++ atf_tc_fail("after state deref, count is wrong, before %d, after: %d", ++ refcnt_before, option->refcnt); ++ } ++} ++ + /* This macro defines main() method that will call specified + test cases. tp and simple_test_case names can be whatever you want + as long as it is a valid variable identifier. */ +@@ -221,6 +274,7 @@ ATF_TP_ADD_TCS(tp) + ATF_TP_ADD_TC(tp, option_refcnt); + ATF_TP_ADD_TC(tp, pretty_print_option); + ATF_TP_ADD_TC(tp, parse_X); ++ ATF_TP_ADD_TC(tp, add_option_ref_cnt); + + return (atf_no_error()); + } diff --git a/dhcp-CVE-2022-2929.patch b/dhcp-CVE-2022-2929.patch new file mode 100644 index 0000000..d3756ee --- /dev/null +++ b/dhcp-CVE-2022-2929.patch @@ -0,0 +1,23 @@ +--- common/options.c.orig ++++ common/options.c +@@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_ + while (s < &bp -> data[0] + length + 2) { + len = *s; + if (len > 63) { +- log_info ("fancy bits in fqdn option"); +- return 0; ++ log_info ("label length exceeds 63 in fqdn option"); ++ goto bad; + } + if (len == 0) { + terminated = 1; + break; + } + if (s + len > &bp -> data [0] + length + 3) { +- log_info ("fqdn tag longer than buffer"); +- return 0; ++ log_info ("fqdn label longer than buffer"); ++ goto bad; + } + + if (first_len == 0) { diff --git a/dhcp-user.conf b/dhcp-user.conf new file mode 100644 index 0000000..68c53a3 --- /dev/null +++ b/dhcp-user.conf @@ -0,0 +1,2 @@ +# Type Name ID GECOS [HOME] +u dhcpd - "DHCP server daemon" /var/lib/dhcp diff --git a/dhcp.README b/dhcp.README new file mode 100644 index 0000000..c27a131 --- /dev/null +++ b/dhcp.README @@ -0,0 +1,62 @@ +/* README.SUSE for the ISC DHCP server */ + +Before you can run dhcpd, you have to configure it via + - /etc/sysconfig/dhcpd (general settings) +and + - /etc/dhcpd.conf (DHCPv4 configuration file) + - /etc/dhcpd6.conf (DHCPv6 configuration file) + +See /usr/share/doc/packages/dhcp-server for example configurations. + + +Option 119 (domain-search) vs. option 15 (domain-name) +====================================================== + +The domain-name option supports only one, signgle domain (default domain). +The domain-search option supports a list of domain names. Please do not +abuse the domain-name option to provide a list -- it may be discarded by +dhcp clients. + + +Chroot Jail +=========== + +Our version of the ISC dhcp server contains a modified "(non-root/chroot)" +patch by Ari Edelkind. This allows dhcpd to + + - run as unprivileged user + - run in a chroot environment (/var/lib/dhcp) + +which, in this combination, is the safest possible way of running dhcpd. + +In order to be found by dhcpd in the chroot jail, the configuration file +will automatically copied to /var/lib/dhcp/etc/ when the server is started. +Further conf files (include files) can be listed in DHCPD_CONF_INCLUDE_FILES +or DHCPD6_CONF_INCLUDE_FILES in /etc/sysconfig/dhcpd. + +The /var/lib/dhcp/dev/log syslog socked is automatically provided in the +chroot environment as soon as it is initially set up. + +NOTE: +In the chroot jail, dhcpd can't resolve hostnames unless it can find +the following files: + /etc/localtime + /etc/host.conf + /etc/hosts + /etc/resolv.conf + /lib/libresolv.so.2 + /lib/libnss_dns.so.2 + /lib/libnss_dns6.so.2 + .... +Thererore, these files (about 100 kB) will automatically copied to the chroot +jail when the server is started. (You might have to keep these current if +they are modified dynamically by other programs (e.g./etc/ppp/ip-up) while +dhcpd is running.) This is not a problem at all when you use IP addresses +instead of host names in the config file. + +In case of trouble, you can also disable the chroot feature by setting +DHCPD_RUN_CHROOTED/DHCPD6_RUN_CHROOTED in /etc/sysconfig/dhcpd to "no". + +Have a lot of fun! + + Your SUSE Linux Team diff --git a/dhcp.changes b/dhcp.changes new file mode 100644 index 0000000..1d48a00 --- /dev/null +++ b/dhcp.changes @@ -0,0 +1,3366 @@ +------------------------------------------------------------------- +Thu Nov 2 13:53:11 UTC 2023 - Petr Vorel + +- Remove dhclient-script (boo#1216822). + +------------------------------------------------------------------- +Tue Dec 27 10:32:19 UTC 2022 - Ludwig Nussel + +- Replace transitional %usrmerged macro with regular version check (boo#1206798) + +------------------------------------------------------------------- +Fri Dec 9 07:42:59 UTC 2022 - Thorsten Kukuk + +- Add /etc/sysconfig/network hierachy to server file list + +------------------------------------------------------------------- +Thu Oct 27 15:30:26 UTC 2022 - Callum Farmer + +- Use %_rundir + +------------------------------------------------------------------- +Wed Oct 5 14:01:47 UTC 2022 - Reinhard Max + +- bsc#1203988, CVE-2022-2928, dhcp-CVE-2022-2928.patch: + An option refcount overflow exists in dhcpd +- bsc#1203989, CVE-2022-2929, dhcp-CVE-2022-2929.patch: + DHCP memory leak + +------------------------------------------------------------------- +Tue Apr 26 10:48:39 UTC 2022 - Reinhard Max + +- bsc#1198657: properly handle DHCRELAY(6)_OPTIONS. + +------------------------------------------------------------------- +Sat Apr 16 20:19:19 UTC 2022 - chris@computersalat.de + +- Update dhcpd.service: After: network-online.target + * boo#826319: DHCP gets autostarted too early (network interface + not up yet - Systemd/LSB problem) + e.g. NM and bridged interface + +------------------------------------------------------------------- +Tue Mar 15 07:45:51 UTC 2022 - Thorsten Kukuk + +- Require hostname binary, not package [bsc#1197087] + +------------------------------------------------------------------- +Wed Jan 19 09:53:39 UTC 2022 - Manfred Schwarb + +- modify source if-up.d.dhcpd-restart-hook: + * fix option parsing + * do not call /usr/libexec/dhcp/dhcpd directly, use systemd for it + +------------------------------------------------------------------- +Mon Jan 17 08:52:07 UTC 2022 - Johannes Segitz + +- Drop PrivateDevices and ProtectClock hardenings. They clash with + the chroot logic (bsc#1194722) + +------------------------------------------------------------------- +Fri Jan 14 13:19:38 UTC 2022 - Callum Farmer + +- Add now working CONFIG parameter to sysusers generator + +------------------------------------------------------------------- +Tue Oct 26 11:58:59 UTC 2021 - Reinhard Max + +- Add a fallback definition for %make_build to fix build on SLE-12. +- Handle sysusers with a bcond to improve readability and simplify + removal once we don't have to support SLE-12 anymore. +- bsc#1192020: Drop the obsolete dependency on "group(nogroup)". + +------------------------------------------------------------------- +Mon Sep 13 13:50:50 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * dhcpd.service + * dhcpd6.service + * dhcrelay.service + * dhcrelay6.service + +------------------------------------------------------------------- +Thu Aug 5 11:33:54 UTC 2021 - Reinhard Max + +- bsc#1186249: Remove remaining references to /etc/init.d from + dhclient-script and if-up.d.dhcpd-restart-hook . +- Use , instead of - or / as a separator in sed when dealing with + path names. + +------------------------------------------------------------------- +Mon May 31 09:24:51 UTC 2021 - Reinhard Max + +- Add -fno-strict-aliasing to CFLAGS to avoid a segfault in dhcpd + (boo#1186631). + +------------------------------------------------------------------- +Thu May 27 08:53:49 UTC 2021 - Reinhard Max + +- Update to 4.4.2-P1: + * CVE-2021-25217, bsc#1186382: A buffer overrun in lease file + parsing code can be used to exploit a common vulnerability + shared by dhcpd and dhclient. +- Error out, if %version and %isc_version are not in sync. + +------------------------------------------------------------------- +Sun Jan 24 13:20:58 UTC 2021 - Dirk Müller + +- update to 4.4.2: + * Please note that that ISC DHCP is now licensed under the Mozilla Public + License, MPL 2.0. + + In general, the areas of focus for ISC DHCP 4.4 were: + + 1. Dynamic DNS additions + 2. dhclient improvements + 3. Support for dynamic shared libraries + + * Added the interface name to socket initialization failure log messages. + Prior to this the log messages stated only the error reason without + stating the target interface. + * Corrected buffer pointer logic in dhcrelay functions that manipulate + agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities + & Mitigations for reporting the issue. + * Corrected unresolved symbol errors building relay_unittests when + configured to build using libtool. + * A new configuration parameter, ping-cltt-secs (v4 operation only), has + been added to allow the user to specify the number of seconds that must + elapse since CLTT before a ping check is conducted. Prior to this, the + value was hard coded at 60 seconds. Please see the server man pages for + a more detailed discussion. + * A new configuration parameter, ping-timeout-ms (v4 operation only), + has been added that allows the user to specify the amount of time + the server waits for a ping-check response in milliseconds rather + than in seconds (via ping-timeout). When greater than zero, the value + of ping-timeout-ms will override the value of ping-timeout. Thanks + to Jay Doran from Bluecat Networks for suggesting this feature. + * An experimental tool called, Keama (KEA Migration Assistant), which helps + translate ISC DHCP configurations to Kea configurations, is now included + in the distribution. + * Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be + carried out over TCP rather than UDP. The coding error was exposed by + migration to BIND9 9.11. Thanks to Jinmei Tatuya at Infoblox for + reporting the issue. + * Bind9 now defaults to requiring python to build. The Makefile for + building Bind9 when bundled with ISC DHCP was modified to turn off + this dependency. + * Corrected a dual-stack mixed-mode issue that occurs when both + ddns-guard-id-must-match and ddns-other-guard-is-dynamic + are enabled and that caused the server to incorrectly interpret + the presence of a guard record belonging to another client as + a case of no guard record at all. Thanks to Fernando Soto + from BlueCat Networks for reporting this issue. + * Corrected a compilation issue that occurred when building without DNS + update ability (e.g. by undefining NSUPDATE). + * Corrected an issue that was causing the server, when running in + DHPCv4 mode, to segfault when class lease limits are reached. + Thanks to Peter Nagy at Porion-Digital for reporting the matter + and submitting a patch. + * Made minor changes to eliminate warnings when compiled with GCC 9. + Thanks to Brett Neumeier for bringing the matter to our attention. + * Fixed potential memory leaks in parser error message generation + spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195 + * Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks + to Tommy Smith for contributing the patch. + * Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for + reporting the issue. + * Applied a patch from OpenBSD to always set the scope id of outbound + DHPCv6 packets. Note this change only applies when compiling under + OpenBSD. Thanks to Brad Smith at OpenBSD from bringing it to our + attention. + * Modified dhclient to not discard config file leases that are + duplicates of server-provided leases and to retain such leases + after they have been used as the fallback active lease and + DHCP service has been restored. This allows them to be used + more than once during the lifetime of a dhclient instance. + This applies to DHCPv4 operation only. + * Corrected a number of reference counter and zero-length buffer leaks. + Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for + pointing them out. + * Closed a small window of time between the installation of graceful + shutdown signal handlers and application context startup, during which + the receipt of shutdown signal would cause a REQUIRE() assertion to + occur. Note this issue is only visible when compiling with + ENABLE_GENTLE_SHUTDOWN defined. + * Corrected a buffer overflow that can occur when retrieving zone + names that are more than 255 characters in length. + * The "d" domain name option format was incorrectly handled as text + instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks + for reporting this issue. + * Improved the error message issued when a host declaration has both + a uid and a dhcp-client-identifier. Server configuration parsing will + now fail if a host declaration specifies more than one uid. + * Updated developer's documentation on building and running unit tests. + Removed support for --with-atf=bind as BIND9 no longer bundles in ATF + source. + * Fixed a syntax error in ldap.c which cropped up under Ubuntu + 18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out. + * Added clarification to dhcp-options.5 section on ip-address values + describing the first-use DNS resolution of options with hostnames as + values (e.g. next-server). + * The option format for the server option omapi-key was changed to a + format type 'k' (key name); while server options ldap-port and + ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These + three options were inadvertantly broken when the 'd' format content + was changed to comply with RFC 1035 wire format (see Gitlab #2). + * A delayed-ack value of 0 (the default), now correctly disables the delayed + feature. A change in 4.4.0 prohibited lease updates marking leases active + from be written to the lease file when delayed-ack is 0. This in turn, + caused servers to lose active lease assignments upon restart. + ! Option reference count was not correctly decremented in error path + when parsing buffer for options. Reported by Felix Wilhelm, Google + Security Team. + CVE: CVE-2018-5733 + ! Corrected an issue where large sized 'X/x' format options were causing + option handling logic to overwrite memory when expanding them to human + readable form. Reported by Felix Wilhelm, Google Security Team. + CVE: CVE-2018-5732 + * Added use of new Bind9 compatibility header files, that are now necessary + to supply type definitions for primitive data types, removed from Bind9 + proper. Altered util/bind.sh to pull from Bind9 repo on gitlab. + * Duplicate address detection when binding to a new IPv6 address was added + to the following dhclient scripts: linux,freebsd,netbsd,openbsd, and macos. + The scripts will check for DAD errors after binding to a new IPv6 address + for at most --dad-wait-time seconds. If a DAD error is detected the script + will exit with a value of 3, instructing dhclient to decline the address. If + dad-wait-time is zero (the default), DAD error checking is not peformed. + * Support for sending and receiving additional DHCP4 options has been added + to both the dhcpd and dhclient. Specifically: option codes 93,94, and 97 + (RFC 4578); code 150 (RFC 5859); and codes 209,219, and 211 (RFC 5071). + Beyond configuring, sending, requesting, and receiving these options neither + server nor client apply any additional logic based on their values. + Thanks to Peter Lewis for requesting this change. + * Added clarifying text to dhcpd.conf.5 explaining the class match expressions + cannot rely on the results of executable statements. + * Fixed a bug which causes dhcpd and dhclient to crash on certain + systems when given relative path names for lease or pid files on + the command line. Affected systems are those on which the C library + function, realpath() does not support a second parameter value of + NULL (see manpages for realpath(3)). + * Fixed a build issue when building with embedded BIND9 under OpenBSD that + was causing BIND9 build to not generate dns/enumclass.h and dns/enumtype.h. + * Added /m4/README to the distribution tarball. Some versions of + ac_local() treat the absence of the m4 subdirectory as error rather than + warning. This was causing the call to autoreconf, necessary for building + with libtool, to fail. + * Added experimental support for relay port (draft-ietf-dhc-relay-port-10.txt) + feature for DHCPv4, DHCPv6 and DHCPv4-over-DHCPv6. Relay port has to be + enabled at compile time via --enable-relay-port and is fully backward + compatible (i.e. works with previous implementations of servers and relays + using the standard ports). A new --rp command line option + specifies to dhcrelay an alternate source port for upstream (i.e. toward + the server) messages. Thanks to Naiming Shen and Enke Chen of Cisco + systems for submitting these patches. + * Added --release-on-roam to dhcpd server. When enabled and the server detects + that a DHCPv6 client (IAID+DUID) has roamed to a new network, it will release + the pre-existing leases on the old network and emit a log statement similar + to the following: + + "Client: roamed to new network, releasing lease:
" + + The server will carry out all of the same steps that would normally occur + when a client explicitly releases a lease. This behavior is disabled by + default and may only be specified globally. Prior to this the server renders + the leases unavailable until they expire or the server is restarted. Clients + that need leases in multiple networks must supply a unique IAID in each IA. + When release-on-roam is disabled (the default) the server maintains the + prior behavior of making such leases unavailable until they expire or the + server is restarted. Clients that need leases in multiple networks must + supply a unique IAID in each IA. This parameter may only be specified at + the global level. Thanks to Fernando Soto from BlueCat Networks for + suggesting this change. + * Support for delayed-ack is now compiled in by default. Prior to this + it had to be enabled at compile time via --enable-delayed-acks. The + default value for delayed-ack, however, has been changed from 28 to 0 + (i.e. disabled). This was done to minimize the impact on users not + currently using the feature. Please note that the delayed-ack feature + is not currently compatible with support for DHPCv4-over-DHCPv6 so + when a 4to6 port command line argument enables this in the server the + delayed-ack value is reset to 0. + * Added to the server (-6) a new statement, local-address6, which specifies + the source address of packets sent by the server. An additional flag, + bind-local-address6, disabled by default, binds the service socket to + to local-address6. Note that bind-local-address does not work with direct + clients: a relay has to forward packets to the server using the + local-address6 destination. + * The server now recognizes environment variables PATH_DHCPD_DB and + PATH_DHCPD_PID. These had been incorrectly compiled out of the code + unless DHCPv6 support was disabled. Additionally, the server man + pages were corrected to accurately reflect how the server chooses + file names (see lease-file-name and pid-file-name statements). Thanks + to Fernando Soto at Bluecat Networks for bringing this matter to our + attention. + * Removed an "Impossible condition" error upon exit in the dhcpd server that + has been shutdown via OMAPI. This condition was only apparent under Solaris + when building with --enable-use-sockets and --enable-ipv4-pktinfo. + * Corrected some minor Coverity issues: CID 1426059, 1426058, and 1426057. + * Added missing text to dhclient.8 and expanded release note coverage + for --address-prefix-len changes. +- remove dhcp-CVE-2019-6470.patch, + 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch: merged upstream +- 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch + 0009-dhcp-4.2.6-close-on-exec.patch + 0016-infiniband-support.patch + 0018-client-fail-on-script-pre-init-error-bsc-912098.patch + 0021-dhcp-ip-family-symlinks.patch: refresh against newer code base +- build with --enable-log-pid (log pid) and enable-binary-leases (faster + binary looup for large leases files) + +------------------------------------------------------------------- +Tue Nov 17 13:56:54 UTC 2020 - Ludwig Nussel + +- prepare usrmerge (boo#1029961) + +------------------------------------------------------------------- +Wed Oct 21 17:06:32 UTC 2020 - Reinhard Max + +- Complete the /var/run -> /run migration by renaming + /var/lib/dhcp/var/run accordingly (boo#1177951). + +------------------------------------------------------------------- +Thu Sep 17 14:55:25 UTC 2020 - Reinhard Max + +- Don't create dhclient.leases in %post. It affects transactional + updates and the files don't need to pre-exist (boo#1129951). + +------------------------------------------------------------------- +Thu Sep 3 13:52:57 UTC 2020 - Franck Bui + +- Drop dependency on insserv-compat + + It was required to call the rc_status helpers from the sysvinit + scripts. These scripts are supposed to be called by systemd, which + has its own mechanism to report service status. + + Please note that this package still needs to be converted to ship + proper systemd units. + +------------------------------------------------------------------- +Thu Sep 3 12:56:11 UTC 2020 - Franck Bui + +- /var/run is legacy -> /run should be used instead + +------------------------------------------------------------------- +Mon Jun 29 07:11:52 UTC 2020 - Dominique Leuenberger + +- The server package still requires insserv-compat: the .service + files only call out to legacy sysv init scripts that are still + sourcing /etc/rc.status (boo#1173440). + +------------------------------------------------------------------- +Tue Jun 23 15:22:00 UTC 2020 - Cristian Rodríguez + +- insserv is not required anymore + +------------------------------------------------------------------- +Thu Jun 11 15:46:50 UTC 2020 - Callum Farmer + +- Fixes for %_libexecdir changing to /usr/libexec + +------------------------------------------------------------------- +Wed Apr 15 06:32:20 UTC 2020 - Thorsten Kukuk + +- Use sysusers.d instead of shadow + +------------------------------------------------------------------- +Mon Mar 2 17:26:39 UTC 2020 - Reinhard Max + +- Add -fcommon to CFLAGS to fix build with gcc10 (boo#1160262). + +------------------------------------------------------------------- +Wed Jan 22 06:12:51 UTC 2020 - Thorsten Kukuk + +- Change remaining systemd requires to weak dependencies, too. +- Don't require net-tools with SLE15 or newer, it does not contain + anything anymore we need +- Get ride of coreutils dependency + +------------------------------------------------------------------- +Tue Oct 15 15:18:59 UTC 2019 - Reinhard Max + +- bsc#1134078, CVE-2019-6470, dhcp-CVE-2019-6470.patch: + DHCPv6 server crashes regularly. +- Add compile option --enable-secs-byteorder to avoid duplicate + lease warnings [bsc#1089524]. + +------------------------------------------------------------------- +Wed Oct 2 16:50:48 CEST 2019 - kukuk@suse.de + +- Make systemd a weak dependency as we don't want that in a container + +------------------------------------------------------------------- +Wed Aug 28 12:38:32 UTC 2019 - Reinhard Max + +- bsc#1136572: Use IPv6 when called as dhclient6, dhcpd6, and + dhcrelay6 (0021-dhcp-ip-family-symlinks.patch). + +------------------------------------------------------------------- +Thu Aug 8 12:19:53 UTC 2019 - Dirk Mueller + +- dhclient-script: replace host(1) with getent, which is more + lightweight (part of glibc and does not pull in bind-utils) + +------------------------------------------------------------------- +Fri Aug 2 06:58:43 UTC 2019 - Martin Liška + +- Use FAT LTO objects in order to provide proper static library. + +------------------------------------------------------------------- +Thu Jul 11 18:13:36 UTC 2019 - Antoine Belvire + +- Remove SuSEfirewall2 services since SuSEfirewall2 has been + replaced by firewalld (which already provides a service for + dhcp). + +------------------------------------------------------------------- +Fri May 10 09:06:07 UTC 2019 - Dominique Leuenberger + +- Add workaround to require insserv-compat until the package is + converted to full systemd units (boo#1133632). + +------------------------------------------------------------------- +Fri Feb 22 07:04:56 UTC 2019 - Franck Bui + +- Drop use of $FIRST_ARG in .spec + + The use of $FIRST_ARG was probably required because of the + %service_* rpm macros were playing tricks with the shell positional + parameters. This is bad practice and error prones so let's assume + that no macros should do that anymore and hence it's safe to assume + that positional parameters remains unchanged after any rpm macro + call. + +------------------------------------------------------------------- +Mon Jan 21 13:33:47 UTC 2019 - Jonathan Brielmaier + +- Remove wrong path to documentation in the description of the + server package + +------------------------------------------------------------------- +Tue Jun 5 08:57:34 UTC 2018 - tchvatal@suse.com + +- Drop doc subpackage as we do not build on < SLE12 anyway so it + evaluated always as true +- Do not condition flags settings for codestreams that we are no + longer building for +- Use %license macro for license as mandated by new TW requirements + +------------------------------------------------------------------- +Mon Jun 4 19:53:43 UTC 2018 - tchvatal@suse.com + +- Format with spec-cleaner (automatic, remove FIXMEs) +- Use getent to detect created user prior doing it again +- Drop ldapcasa as it evaluates as false on all current products +- Drop ldap conditional as it is always true + +------------------------------------------------------------------- +Mon Jun 4 19:46:20 UTC 2018 - tchvatal@suse.com + +- Kill omc configs wrt fate#301838 + +------------------------------------------------------------------- +Thu Mar 8 13:15:16 UTC 2018 - max@suse.com + +- Update to dhcp-4.3.6-P1: + * CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd. + * CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient. + * Plugged a socket descriptor leak in OMAPI + * The server now allows the client identifier (option 61) to own + leases in more than one subnet concurrently [ISC-Bugs #41358]. + * When replying to a DHCPINFORM, the server will now include + options specified at the pool scope, provided the ciaddr field + of the DHCPINFORM is populated. + [ISC-Bugs #43219] [ISC-Bugs #45051]. + * When memory allocation fails in a repeated way the process + writes "Run out of memory." on the standard error and exists + with status 1 [ISC-Bugs #32744]. + * The new lmdb (Lightning Memory DataBase) bind9 configure + option is now disabled by default to avoid the presence of + this library to be detected which can lead to a link failure. + [ISC-Bugs #45069] + * The linux interface discovery code has been modified to use + getifaddrs() as is done for BSD and OS-X. + [ISC-Bugs #28761] and others. + * Fixed a bug in OMAPI that causes omshell to crash when a + name-value pair with a zero length value is shipped in an + object [ISC-Bugs #29108]. + * On 64-bit platforms, dhclient now generates the correct value + for the script environment variable, "expiry", the lease + expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326]. + * Common timer logic was modified to cap the maximum timeout + values at 0x7FFFFFFF - 1 [ISC-Bugs #28038]. + * DHCP6 FQDN option unpacking code now correctly handles values + that contain spaces, special, or non-printable characters. + [ISC-Bugs #43592] + * When running in -6 mode, dhclient can enforce the require + option statement and will discard offered leases that do not + contain all the required options specified in the client + configuration [ISC-Bugs #41473]. + * Altered DHCPv4 lease time calculation to avoid roll over + errors on 64-bit OS systems when using -1 or large values + for default-lease-time [ISC-Bugs #41976], + * Added --dad-wait-time parameter to dhclient [ISC-Bugs #36169]. + * The server nows checks both the address and length of a + prefix delegation when attempting to match it to a prefix + pool [ISC-Bugs #35378]. + * Modified DDNS support initialization such that DNS related + ports will only be opened by the server (dhcpd) at startup + if ddns-update-style is not "none"; by dhclient only if and + when the it first attempts an update; and never by dhcrelay. + [ISC-Bugs #45290] [ISC-Bugs #33377] + * Added error logging to two memory allocation failure checks. + [ISC-Bugs #41185] + * Corrected a dhclient -6 issue that caused the client to crash + with an "Impossible condition" error after de-preferencing its + only IA binding [ISC-Bugs #44373]. + * By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h, + dhclient will now call the script with reason set to FAIL when + run with -1 (one try) and there are no server responses. + [ISC-bugs #18183] + * The server now detects failover peers that are not referenced + in at least one pool when run with the command line option for + test mode, -T [ISC-Bugs #29892]. + * Linux script updated [ISC-bugs #19430] [ISC-bugs #18111]. + * Changed severity of the log message indicating UDP checksum + errors in the received packets from 'info' to 'debug'. + [ISC-bugs #41757] + * Corrected a bug which could cause the server to sporadically + crash while loading lease files with the lease-id-format is + set to "hex" [ISC-Bugs #43185]. + +- Obsoleted patches: + * 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch + * 0019-dhcp-4.2.4-P1-interval.patch + * 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch + * 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch + +------------------------------------------------------------------- +Fri Jan 19 12:16:47 CET 2018 - ndas@suse.de + +- Optimized if and when DNS client context and ports + are initted (bsc#1073935) + [+0022-Optimized-if-and-when-DNS-client-context-and-ports.patch] + +------------------------------------------------------------------- +Tue Jan 16 16:15:45 CET 2018 - ndas@suse.de + +- Plugs a socket descriptor leak in OMAPI(bsc#1076119, CVE-2017-3144) + [ +0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch] + +------------------------------------------------------------------- +Fri Jan 5 07:30:46 UTC 2018 - obs@botter.cc + +- add PIDFile= setting to dhcrelay.service, without this systemd + stops the service immediately after starting + +------------------------------------------------------------------- +Wed Dec 13 15:52:25 UTC 2017 - mchandras@suse.de + +- Drop old sysvinit support from the spec file. All the supported + openSUSE distributions are systemd based so there isn't much point + in keeping sysvinit support and files around. + +------------------------------------------------------------------- +Thu Nov 23 13:49:18 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Fri Jul 14 09:48:25 UTC 2017 - dimstar@opensuse.org + +- Replace net-tools Requires in dhcp-client with hostname on + suse_version >= 1330 (CODE15): net-tools does no longer provide + any tool referenced by dhclient-script, but we require hostname + (which is also a dependency to net-tools, thus hiding the issue). + +------------------------------------------------------------------- +Thu Jul 13 12:27:59 UTC 2017 - bwiedemann@suse.com + +- use .gz year instead of current one to make build reproducible + +------------------------------------------------------------------- +Thu Jul 6 16:17:18 CEST 2017 - ndas@suse.de + +- fixed a typo in nis-servers option name breaking the config file introduced + in previous change to workaround issues in NetworkManager parser. +- Update to dhcp-4.3.5 + + - Corrected a bug which could cause the server to sporadically crash while + loading lease files with the lease-id-format is set to "hex". Our thanks + to Jay Ford, University of Iowa for reporting the issue. + [ISC-Bugs #43185] + - Eliminated a noisy, but otherwise harmless debug log statment that may + appear during server startup when building with --enable-binary-leases + and configuring multiple pools in a shared network. Thanks to Fernando + Soto from BlueCat Networks for reporting the issue and supplying a patch. + [ISC-Bugs #43262] + - Fixed util/bindvar.sh error handling. + [ISC-Bugs #41973] + - Correct error message in relay to use remote id length instead + of circuit id length. + [ISC-Bugs #42556] + - Add logic to test directory Makefiles to avoid copying Attfile(s) + when building within the source tree. This eliminates a noisy but + otherwise harmless error message when running "make check". + [ISC-Bugs #41883] + - Leases are now scrubbed of certain prior use information when pool + re-balancing reassigns them from one FO peer to the other. This + corrects an issue where leases that were offered but not used + by the client retained the client hostname from the original + client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University + for reporting the issue. + [ISC-Bugs #42008] + - In the LDAP code and schema add some missing '6' characters to use + the v6 instead of the v4 versions. Thanks to Denis Taranushin for + reporting this issue and supplying its patch. + [ISC-Bugs #42666] + - Correct how the pick-first-value expression is written to a lease + file. Previously it was written as a concat expression due to + a cut and paste error. + [ISC-Bugs #42253] + - Modify the DDNS code to clean up the PTR record even if there + are issues while cleaning up the A or AAAA records. + [ISC-Bugs #23954] + - Added global configuration parameter, abandon-lease-time, which determines + the amount of time a lease remains abandoned. The default is 84600 seconds. + Additionaly, the server now conducts a ping check (if ping checks are + enabled) prior to offering an abandoned lease to client. Our thanks to + David Zych at University of Illinois for reporting the issue and working + with us to produce a viable solution. + [ISC-Bugs #41815] + - Correct handling of interface names during interface discovery. This + addresses an issue where interface names of 15 characters in length + could lead to crashes or interface recognition errors during startup + of dhcpd, dhclient, and dhcrelay. + [ISC-Bugs #42226] + - Updates to contrib/dhcp-lease-list.pl to make it more friendly. + The updates are: looking for the lease file in more places and skipping + the "processing complete" output when creating machine readable + output. Thanks to Cameron Paine (cbp at null dot net) for the + patch. + [ISC-Bugs #42113] + - When reusing a lease for dhcp-cache-threshold return the hostname + to the original lease. Also if the host pointer, UID or hardware address + change don't allow reuse of the lease. + Thanks to Michael Vincent for reporting this and helping us + verify the problem and fix. + [ISC-Bugs #42849] + - Change dmalloc to use a size_t as the length argument to bring it + in line with the call it will make to malloc(). + [ISC-Bugs #40843] + - If the failover socket can't be bound, close it. Otherwise if the + user configures an incorrect address in the failover stanza the + server will continue to open new sockets every 90 seconds until + it runs out. + [ISC-Bugs #42452] + - Add DHCPv4-mode, dhcrelay command line options, "-iu" and "-id", that + allow interfaces to be upstream or downstream respectively. Upstream + interfaces will accept and forward only BOOTP replies, while downstream + interfaces will accept and forward only BOOTP requests. + [ISC-Bugs #41547] + - Clean up some memory references in the vendor-class construct. + [ISC-Bugs #42984] + [*0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch, + *0011-Fixed-linux-interface-discovery-using-getifaddrs.patch, + *0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, + *0016-infiniband-support.patch, + *0017-server-no-success-report-before-send.919959.patch] + + +------------------------------------------------------------------- +Mon Jul 3 09:08:32 UTC 2017 - zaitor@opensuse.org + +- Set all requested dhcp options on a single line, so they are + actually requested (boo#1046969, boo#1047004). + +------------------------------------------------------------------- +Mon Mar 13 23:53:20 CET 2017 - ndas@suse.de + +- Relax permission of dhclient-script for libguestfs(bsc#987170) + +------------------------------------------------------------------- +Fri Feb 10 22:49:38 CET 2017 - kukuk@suse.de + +- Require insserv only if needed +- Fix requires of client subpackage + +------------------------------------------------------------------- +Thu Aug 4 08:25:28 UTC 2016 - ralf.habacker@freenet.de + +- Add config file for registering dhcp server in slp (bsc#992072) + +------------------------------------------------------------------- +Thu May 19 10:37:25 UTC 2016 - mchandras@suse.de + +- Use /usr/sbin/arping instead of /sbin/arping in the dhcp scripts. + /sbin/arping is a symlink to /usr/sbin/arping in order to ease the + transition for the /usr merge. Newest releases of iputils may only + install utilities in /usr/* so this dependency will no longer be valid. + Moreover, we replace the '/sbin/arping' dependency with 'iputils'. + +------------------------------------------------------------------- +Tue Jan 26 17:16:45 CET 2016 - ndas@suse.de + +- Update to dhcp-4.3.3-P1 correcting bounds checking when + receiving a packet (bsc#961305,CVE-2015-8605,ISC-Bugs#41267). +- adjusted interval check. + [*0019-dhcp-4.2.4-P1-interval.patch] +- Fixed improper lease duration checking. Also added fixes for integer + overflows in the date and time handling code(bsc#936923, bsc#880984). + [+0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch] +- fixed service files to start dhcpd after slapd (bsc#956159) +- dhclient-script: complain in the log about conflicts, added + a see log messages to the dhclient log message (bsc#960506) + [* 0018-client-fail-on-script-pre-init-error-bsc-912098.patch] +------------------------------------------------------------------- +Tue Oct 13 12:59:00 UTC 2015 - mt@suse.de + +- Applied a patch by Jiri Popelka catching dhcp server aborts with + "Unable to set up timer: out of range" on very long or infinite + timer intervals / lease lifetimes (bsc#947780) + [+ 0019-dhcp-4.2.4-P1-interval.patch] +- Corrected patch references in and a missed (bsc#919959) patch + description in previous changelog entry. + +------------------------------------------------------------------- +Mon Sep 14 14:39:34 UTC 2015 - mt@suse.de + +- Update to dhcp-4.3.3 (fate#319067) provinding many bug fixes, + features and obsoletes several patches we were using before. + For complete changelog, please read the RELNOTES file shipped + along with this package or online at: + https://kb.isc.org/article/AA-01297/82/DHCP-4.3.3-Release-Notes.html +- Replaced hostname patch with a dhcpv6 and fqdn aware variant: + [- 0006-dhcp-4.2.5-dhclient-send-hostname-rml.patch, + + 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch] +- Removed obsolete patches included upstream now: + [- 0007-dhcp-4.2.6-ldap-mt01.patch, + - 0009-dhcp-4.2.6-xen-checksum.patch, + - 0013-dhcp-4.2.3-P1-dhclient-log-pid.patch, + - 0015-Ignore-SIGPIPE-to-not-die-in-socket-code.patch, + - 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch, + - 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch, + - 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch, + - 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch, + - 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch, + - 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch, + - 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch] +- Adjusted patch numbers in the spec file: + [- 0008-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch, + - 0010-dhcp-4.2.2-dhclient-option-checks.patch, + - 0011-dhcp-4.2.6-close-on-exec.patch, + - 0012-dhcp-4.2.2-quiet-dhclient.patch, + - 0014-Fixed-linux-interface-discovery-using-getifaddrs.patch, + - 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch, + - 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, + + 0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch, + + 0008-dhcp-4.2.2-dhclient-option-checks.patch, + + 0009-dhcp-4.2.6-close-on-exec.patch, + + 0010-dhcp-4.2.2-quiet-dhclient.patch, + + 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch, + + 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch, + + 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch] +- Fixed to not pass DHCPv6 address lifetimes a positive (unsigned + 32bit) integers to scripts and properly format timestamps as long + to not break them on 64bit architectures (bsc#926159). + [+ 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch] +- dhclient: expose next-server DHCPv4 option to script (bsc#928390) + [+ 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch] +- Replaced infiniband support patch with fixed variant (bsc#910984): + [- 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch, + - 0018-dhcp-4.2.6-improved-xid.patch, + - 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch, + + 0016-infiniband-support.patch] +- Moved dhcp-devel package include files and static libraries + to /usr/include/dhcp and /usr/lib/dhcp subdirectories. + DHCP requires a specific bind library version and conflicts + with the files shipped by bind-devel package, which is not + source and binary compatible (bsc#910686). +- Corrected changes to provide complete patch file references. +- Fixed server to not report success before send (bsc#919959) + [+ 0017-server-no-success-report-before-send.919959.patch] +- Fixed dhclient to check pre-init results reported by dhclient-script + and fail if pre-init fails for a requested interface (bsc#912098). + [+ 0018-client-fail-on-script-pre-init-error-bsc-912098.patch] + +------------------------------------------------------------------- +Tue Feb 3 18:37:59 UTC 2015 - coolo@suse.com + +- do not check scripts not in the src.rpm + +------------------------------------------------------------------- +Wed Dec 10 12:52:03 UTC 2014 - mt@suse.de + +- Applied fix by Jiri Slaby to not crash in interface discovery + when the interface address is NULL, which has been introduced + by the infiniband support patch (bsc#909189,bsc#870535). + [+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch] + +------------------------------------------------------------------- +Tue Dec 09 19:25:00 UTC 2014 - Led + +- fix bashisms in dhcprelay script + +------------------------------------------------------------------- +Thu Nov 20 11:43:07 UTC 2014 - mt@suse.de + +- Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to + reorder config to add all global options or option declarations + to the dhcpService object instead to create new service object + (bsc#886094,ISC-Bugs#37876). + [+ 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch] +- Applied an upstream patch by Thomas Markwalder adding missed + mapping of SHA TSIG algorithm names to their constants to enable + hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512 + authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947). + [+ 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch] +- Decline IPv6 addresses on Duplicate Address Detection failure + and stop client message exchanges on reached MRD rather than + at some point after it. Applied fedora patches by Jiri Popelka + and added DAD reporting via exit 3 to the dhclient-script and + a fix to use correct address variables in the DEPREF6 action + (bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238). + [+ 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, + + 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch] +- Applied backport patch by William Preston avoiding to bind ddns + socket in the server when ddns-update-style is none (bsc#891655). + [+ 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch] +- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script + fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409]) + [+ 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch] +- Updated licence statement and FSF address in our scripts. +- Added missed service_add_pre macro calls for dhcrelay services + +------------------------------------------------------------------- +Fri Nov 14 09:18:33 UTC 2014 - dimstar@opensuse.org + +- No longer perform gpg validation; osc source_validator does it + implicit: + + Drop gpg-offline BuildRequires. + + No longer execute gpg_verify. + +------------------------------------------------------------------- +Wed Sep 3 01:48:48 CEST 2014 - ro@suse.de + +- sanitize release line in specfile + +------------------------------------------------------------------- +Mon Aug 18 07:39:11 UTC 2014 - mt@suse.de + +- Disabled /sbin/service legacy-action hooks on openSUSE <= 13.1, + which does not support it and causes build failure (bnc#891961). + +------------------------------------------------------------------- +Fri Jul 18 11:13:40 UTC 2014 - mt@suse.de + +- Fixed to require iproute2 in dhcp-client package (bnc#885399) +- Disarmed dhclient-script when wicked is the network service, + as wicked is using an another dhcp client (runtime conflict), + NetworkManager an own script and sysconfig-network is gone on + sles12 and opensuse > 13.1, so it is obsolete and unsupported. + +------------------------------------------------------------------- +Tue Jun 10 02:42:32 UTC 2014 - mt@suse.de + +- Fixed /etc/sysconfig/dhcpd fillup in dhcp server post-install. +- Fixed dhcp server start script to use correct libdir (bnc#868250) +- Fixed dhcp server to chown leases to run user at start (bnc#868253) + [+ 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch] +- Fixed to write missed dhcp-ldap debug level messages (bnc#835818) + [+ 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch] +- Fixed unsupported dhclient-script used by sysconfig ifup to provide + a function to calculate netmask. NetworkManager provides an own one. + +------------------------------------------------------------------- +Wed May 21 08:34:07 UTC 2014 - jsegitz@novell.com + +- added necessary macros for systemd files + +------------------------------------------------------------------- +Thu Apr 24 08:24:38 UTC 2014 - dmueller@suse.com + +- remove gpg-offline dependency (blocks rebuilds) as checking + is already done by source validator + +------------------------------------------------------------------- +Fri Mar 28 18:53:28 UTC 2014 - mt@suse.de + +- Applied fixes for DHCP over IPoIB by Mellanox (bnc#870535) + [+ 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch, + + 0018-dhcp-4.2.6-improved-xid.patch] + +------------------------------------------------------------------- +Mon Mar 17 16:19:58 UTC 2014 - mt@suse.com + +- Added support for custom for rcdhcpd[6] check-syntax,check-lease + and syntax-check actions (bnc#868713). + +------------------------------------------------------------------- +Mon Feb 10 17:52:15 UTC 2014 - mt@suse.com + +- Initially switched to use systemd service files under systemd + and enabled Restart=on-abort (fate#315133). +- Update to ISC dhcp-4.2.6 release. See RELNOTES file for the + complete list of changes -- digest of fixes not in dhcp-4.2.5: + - Tidy up receive packet processing. + Thanks to Brad Plank of GTA for reporting the issue and + suggesting a possible patch. [ISC-Bugs #34447] + - Fix the socket handling for DHCPv6 clients to allow multiple + instances of a client on a single machine to work properly. + Previously only one client would receive the packets. + Thanks to Jiri Popelka at Red Hat for the bug report and a + potential patch. [ISC-Bugs #34784] + - Added support for gentle shutdown after signal is received. + [ISC-Bugs #32692] [ISC-Bugs 34945] + - Enhance the DHCPv6 server logging to include the addresses + that are assigned to the clients. This can be enabled by + defining LOG_V6_ADDRESSES in site.h. [ISC-Bugs #26377] + - Fix an operation in the DDNS code to be a bitwise instead + of logical or. [ISC-Bugs #35138] +- Merged patches for dhcp-4.2.6 version to apply without fuzzy, + prepended patch number prefixes to match spec file patch nr, + added patch markup tags / bug numbers to the spec file. +- Applied contrib-lease-path pach to contrib.tar.gz + [- contrib-lease-path.diff] +- Changed to require automake and use its config.sub and guess + files instead of maintaining a patch. + [- config-guess-sub-update.patch] +- Enabled to log DHCPv6 addresses assigned by server to clients + [+ 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch] +- Cleaned up documentation, rpmlint adjustments. + +------------------------------------------------------------------- +Fri Jan 10 12:05:22 UTC 2014 - mt@suse.com + +- Test if /etc/sysconfig/network/scripts/functions exists before + sourcing it (fate#316768,bnc#856591). + +------------------------------------------------------------------- +Mon Nov 18 09:40:55 UTC 2013 - mt@suse.com + +- Fixed path to systemctl in dhclient-script (bnc#847778). + +------------------------------------------------------------------- +Fri Sep 27 15:16:26 UTC 2013 - mt@suse.com + +- Added /etc/bindresvport.blacklist to dhcp server chroot file + lists as it seems to block its start in some cases (bnc#842360). + +------------------------------------------------------------------- +Tue Sep 10 13:04:10 UTC 2013 - mt@suse.com + +- Fixed to reload syslog on hostname changes using systemctl as + there is no /etc/init.d/syslog script since syslog-service-2.0 + (bnc#830467). + +------------------------------------------------------------------- +Fri Apr 26 09:27:19 UTC 2013 - mmeister@suse.com + +- Added autoreconf -i option to fix build for the new automake + +------------------------------------------------------------------- +Tue Apr 2 09:16:44 UTC 2013 - mt@suse.com + +- Install missed bind include files and libraries in dhcp-devel; + conflicts to bind-devel providing different versions (bnc#805162). + +------------------------------------------------------------------- +Thu Mar 28 07:39:53 UTC 2013 - mt@suse.com + +- Use manual patch command for config-guess-sub-update.patch + again as patch macro does not work on older distributions. + +------------------------------------------------------------------- +Wed Mar 27 13:20:43 UTC 2013 - mt@suse.com + +- Update to ISC dhcp-4.2.5-P1 release, which contains updated + bind-9.8.4-P2 sources with removed regex.h check in configure + (bnc#811934, CVE-2013-2266). +- Changed spec make the bind export library build output visible. + +------------------------------------------------------------------- +Tue Mar 12 15:17:19 UTC 2013 - mt@suse.com + +- Added dhcp6-server service template for SuSEfirewall2 (bnc#783002) + +------------------------------------------------------------------- +Sun Mar 3 21:54:38 UTC 2013 - schwab@suse.de + +- config-guess-sub-update.patch: + Update config.guess/sub for aarch64 + +------------------------------------------------------------------- +Fri Jan 11 10:54:28 UTC 2013 - mt@suse.com + +- Update to ISC dhcp-4.2.5 release. See RELNOTES file for the + complete list of changes -- digest of fixes not in dhcp-4.2.4-P2: + - Correct code to calculate rebind timing values in client + [ISC-Bugs #29062] + - Fix some issues in the code for parsing and printing options. + [ISC-Bugs #22625,#27289,#27296,#27314] + - Update the memory leakage debug code to work with v6. + [ISC-Bugs #30297] + - Relax the requirements for deleting an A or AAAA record. + This relaxation was codified in RFC 4703. [ISC-Bugs #30734] + - Modify the failover code to handle incorrect peer names better. + [ISC-Bugs #30320] + - Fix a set of issues that were discovered via a code inspection + tool. [ISC-Bugs #23833] + - Parsing unquoted base64 strings improved. [ISC-Bugs #23048] + - The client now passes information about the options it requested + from the server to the script code via environment variables. + These variables are of the form requested_=1 with + the option name being the same as used in the new_* and old_* + variables. [ISC-Bugs #29068] + - Check the status value when trying to read from a connection to + see if it may have been closed. If it appears closed don't try + to read from it again. This avoids a potential busy-wait like + loop when the peer names are mismatched. [ISC-Bugs #31231] + - Remove an unused variable to keep compilers happy. + [ISC-Bugs #31983] +- Removed obsolete parsing and printing option patch + [dhcp-4.2.4-parsing-and-printing-options.patch] +- Merged dhcp-4.2.2-dhclient-send-hostname-rml.diff + [dhcp-4.2.5-dhclient-send-hostname-rml.patch] +- Fixed discovery of interfaces, which have only addresses with + a label assigned (linux 2.0 "alias interfaces" compatibility) + by switching to use the getifaddrs() as on BSD (bnc#791289, + reported upstream as [ISC-Bugs #31992]). + [dhcp-4.2.4-interface-discovery-using-getifaddrs.patch] +- Applied a patch to ignore SIGPIPE instead to die in socket code + before the errno==EPIPE checks are reached (bnc#794578, upstream + report [ISC-Bugs #32222]) + [dhcp-4.2.4-P2-do-not-die-on-sigpipe.patch] +- Updated ldap patch to 4.2.5-ldap-mt01 providing following fixes: + - Fixed parse buffer handling code to not avoid truncation of + config > ~8k from bigger ldap objects. Fixed to free the ldap + config buffer passed to the config parser and append new config, + while the parser is in saved state (bnc#788787). + - Fixed subclass name-ref and data quoting/escaping (bnc#788787). + - Fixed memory leaks on ldap_read_config errors (bnc#788787). + - Fixed a memleak while subnet range processing, fixed to reset + bufix variable in ldap_read_function to 0 and to set buflen to + the complete length (do not discard last character, usually \n). + This caused a parsing error at further run of the function, + e.g. while processing the second dhcpService container that the + dhcpServer object may refer to (bnc#784640). + [dhcp-4.2.5-ldap-mt01.patch.bz2] +- Fixed dhclient-script to discard MTU lower-equal 576 rather + than lower-than (bnc#791280). +- Verify GPG source archive signatures. + +------------------------------------------------------------------- +Thu Sep 20 12:26:53 UTC 2012 - mt@suse.com + +- Update to ISC dhcp-4.2.4-P2 release, providing a security fix for + an issue with the use of lease times was found and fixed. Making + certain changes to the end time of an IPv6 lease could cause the + server to abort. Thanks to Glen Eustace of Massey University, + New Zealand for finding this issue. + ([ISC-Bugs #30281], CVE: CVE-2012-3955, bnc#780167) + +------------------------------------------------------------------- +Wed Jul 25 18:13:59 UTC 2012 - mt@suse.com + +- Update to ISC dhcp-4.2.4-P1 release, providing following security + fixes (bnc#772924): + - Previously the server code was relaxed to allow packets with zero + length client ids to be processed. Under some situations use of + zero length client ids can cause the server to go into an infinite + loop. As such ids are not valid according to RFC 2132 section 9.14 + the server no longer accepts them. Client ids with a length of 1 + are also invalid but the server still accepts them in order to + minimize disruption. The restriction will likely be tightened in + the future to disallow ids with a length of 1. + Thanks to Markus Hietava of Codenomicon CROSS project for the + finding this issue and CERT-FI for vulnerability coordination. + [ISC-Bugs #29851] CVE: CVE-2012-3571 + - When attempting to convert a DUID from a client id option + into a hardware address handle unexpected client ids properly. + Thanks to Markus Hietava of Codenomicon CROSS project for the + finding this issue and CERT-FI for vulnerability coordination. + [ISC-Bugs #29852] CVE: CVE-2012-3570 + - A pair of memory leaks were found and fixed. Thanks to Glen + Eustace of Massey University, New Zealand for finding this issue. + [ISC-Bugs #30024] CVE: CVE-2012-3954 +- Moved lease file check to a separate action so it is not used in + restart -- it can fail when the daemon rewrites the lease causing + a restart failure then (bnc#762108 regression). +- Request dhcp6.sntp-servers in /etc/dhclient6.conf and forward to + netconfig for processing (bnc#770236). +- Removed RFC 4833 TZ options from client requests [unused]. + +------------------------------------------------------------------- +Tue Jun 19 06:40:03 UTC 2012 - mt@suse.com + +- Update to ISC dhcp-4.2.4 release, fixing a dhcpv6 server assert + crash while accessing lease on heap (bnc#767661) and providing + the following fixes: + - Rotate the lease file when running in v6 mode. + Thanks to Christoph Moench-Tegeder at Astaro for the + report and the first version of the patch. [ISC-Bugs #24887] + - Fixed the code that checks if an address the server is planning + to hand out is in a reserved range. This would appear as the + server being out of addresses in pools with particular ranges. + [ISC-Bugs #26498] + - In the DDNS code handle error conditions more gracefully and + add more logging code. The major change is to handle unexpected + cancel events from the DNS client code. [ISC-Bugs #26287] + - Tidy up the receive calls and eliminate the need for found_pkt. + [ISC-Bugs #25066] + - Add support for Infiniband over sockets to the server and + relay code. We've tested this on Solaris and hope to expand + support for Infiniband in the future. This patch also corrects + some issues we found in the socket code. [ISC-Bugs #24245] + - Add a compile time check for the presence of the noreturn attribute + and use it for log_fatal if it's available. This will help code + checking programs to eliminate false positives. [ISC-Bugs #27539] + - Fixed many compilation problems ("set, but not used" warnings) for + gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588] + - Modify the code that determines if an outstanding DDNS request + should be cancelled. This patch results in cancelling the + outstanding request less often. It fixes the problem caused + by a client doing a release where the TXT and PTR records + weren't removed from the DNS. [ISC-BUGS #27858] + - Use offsetof() instead of sizeof() to get the sizes for + dhcpv6_relay_packet and dhcpv6_packet in several more places. + Thanks to a report from Bruno Verstuyft and Vincent Demaertelaere + of Excentis. [ISC-Bugs #27941] + - Remove outdated note in the description of the bootp keyword about + the option not satisfying the requirement of failover peers for + denying dynamic bootp clients. [ISC-bugs #28574] + - Multiple items to clean up IPv6 address processing. When processing + an IA that we've seen check to see if the addresses are usable + (not in use by somebody else) before handing it out. + When reading in leases from the file discard expired addresses. + When picking an address for a client include the IA ID in + addition to the client ID to generally pick different addresses + for different IAs. [ISC-Bugs #23138] [ISC-Bugs #27945] + [ISC-Bugs #25586] [ISC-Bugs #27684] + - Remove unnecessary checks in the lease query code and clean up + several compiler issues (some dereferences of NULL and treating + an int as a boolean). [ISC-Bugs #26203] + - Fix the NA and PD allocation code to handle the case where a client + provides a preference and the server doesn't have any addresses or + prefixes available. Previoulsy the server ignored the request with + this patch it replies with a NoAddrsAvail or NoPrefixAvail response. + By default the code performs according to the errata of August 2010 + for RFC 3315 section 17.2.2; to enable the previous style see the + section on RFC3315_PRE_ERRATA_2010_08 in includes/site.h. + This option may be removed in the future. Thanks to Jiri Popelka at + Red Hat for the patch. [ISC-Bugs #22676] + - Fix up some issues found by static analysis. A potential memory leak + and NULL dereference in omapi. The use of a boolean test instead of + a bitwise test in dst. [ISC-Bugs #28941] +- Replaced our patches with a complete and upstream verified patch: + - Fix some issues in the code for parsing and printing options. + [ISC-Bugs #27314] - properly parse a zero length option from + a lease file. + [ISC-Bugs #22796] - properly determine if we parsed a 16 or + 32 bit value in evaluate_numeric_expression (extract-int). + [ISC-Bugs #22625] - properly print options that have several + fields followed by an array of something for example "fIa" + [ISC-Bugs #27289] - properly parse options in declarations + that have several fields followed by an array of something + for example "fIa" + This patch obsoletes the following (bnc#739696) patches: + - dhclient: parse_option_param: Bad format a + - zero-length option lease parse error in dhclient6 +- Merged ldap and options check patches for the new version +- Fixed dhcp-server init script to check syntax and fail while + force-reload and restart to avoid stopping of running daemon + followed by start failure (bnc#762108). Added libgcc_s.so to + chroot, so the server can report assert/crash line. + +------------------------------------------------------------------- +Wed Mar 28 15:06:47 UTC 2012 - mt@suse.com + +- Added RFC 4833 TimeZone PosixString and Name declarations to + server and client configs [not used yet]. + +------------------------------------------------------------------- +Mon Mar 19 09:37:52 UTC 2012 - mt@suse.com + +- dhcp-server: fixed to escape all values used in constructed + ldap filters as a DN may contain e.g. asterisks (bnc#721829, + [ISC-Bugs #28545]). + +------------------------------------------------------------------- +Fri Jan 13 15:26:43 UTC 2012 - mt@suse.com + +- Updated to ISC dhcp-4.2.3-P2 release, providing a DDNS security fix: + Modify the DDNS handling code. In a previous patch we added logging + code to the DDNS handling. This code included a bug that caused it + to attempt to dereference a NULL pointer and eventually segfault. + While reviewing the code as we addressed this problem, we determined + that some of the updates to the lease structures would not work as + planned since the structures being updated were in the process of + being freed: these updates were removed. In addition we removed an + incorrect call to the DDNS removal function that could cause a failure + during the removal of DDNS information from the DNS server. + Thanks to Jasper Jongmans for reporting this issue. + ([ISC-Bugs #27078], CVE: CVE-2011-4868, bnc#741239) +- Fixed close-on-exec patch to not set it on stderr (bnc#732910) +- Fixed incorrect "a" array type option parsing causing to discard + e.g. classless static routes from lease file [reported as ISC-Bug + 27289] and zero-length option parsing such as dhcp6.rapid-commit + in dhclient6 [reported as ISC-Bug 27314] (bnc#739696). +- Fixed dhclient to include its pid number in syslog messages. +- Fixed to use P2 in the spec version, not in the release tag. + +------------------------------------------------------------------- +Fri Dec 9 13:40:53 UTC 2011 - mt@suse.com + +- Updated to ISC dhcp-4.2.3-P1 release, providing security fix for + a DoS due to processing certain regular expressions (bnc#735610) + and several important DDNS related fixes: + * Add a check for a null pointer before calling the regexec function. + Without out this check we could, under some circumstances, pass + a null pointer to the regexec function causing it to segfault. + Thanks to a report from BlueCat Networks. [ISC-Bugs #26704] + CVE-2011-4539. + * Fix the code that checks for an existing DDNS transaction to + cancel when removing DDNS information, so that we will continue + with the processing if we have a lease even if it doesn't have an + outstanding transaction. [ISC-Bugs #24682] + * Add AM_MAINTAINER_MODE to configure.ac to avoid rebuilding + configuration files. [ISC-Bugs #24107] + * Add support for passing DDNS information to a DNS server over + an IPv6 address. [ISC-Bugs #22647] + * Enhanced patch for 23595 to handle IPv4 fixed addresses more + cleanly. [ISC-Bugs #23595] +- Refreshed ldap patch + +------------------------------------------------------------------- +Fri Sep 30 20:07:54 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Tue Sep 6 14:27:51 UTC 2011 - mt@suse.com + +- Commented out all configuration examples in /etc/dhcpd.conf and + dhcp6.conf (bnc#715473). +- Enabled dhcp6.rapid-commit in /etc/dhclient6.conf config file. +- Removed useless provides/obsoletes from spec file. + +------------------------------------------------------------------- +Wed Aug 31 08:42:12 UTC 2011 - mt@suse.com + +- Set the DHCPD_CONF_INCLUDE_FILES and the DHCPD6_CONF_INCLUDE_FILES + variables to /etc/dhcpd.d and /etc/dhcpd6.d by default, so there + are well-defined directories expected to contain additional config + files (bnc#690585). + +------------------------------------------------------------------- +Mon Aug 29 15:15:44 UTC 2011 - mt@suse.de + +- Updated to ISC dhcp-4.2.2 release, providing two security fixes + (CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that + allowed remote attackers to cause a denial of service (a daemon + exit) via crafted BOOTP packets. Further also DNS update fix to + detect overlapping pools or misconfigured fixed-address entries, + that caused a server crash during DNS update and other fixes. + For a complete list, please see the RELNOTES file provided in + the package and also available online at http://www.isc.org/. +- Merged/adopted dhclient option-checks, send-hostname-rml, ldap + patch, xen-checksum, close-on-exec patches and removed obsolete + in6_pktinfo-prototype and relay-no-ip-on-interface patches. +- Moved server pid files into chroot directory even chroot is + not used and create a link in /var/run, so it can write one + when started as user without chroot and avoid stop problems + when the chroot sysconfig setting changed (bnc#712438). +- Disabled log-info level messages in dhclient(6) quiet mode to + avoid excessive logging of non-critical messages (bnc#711420). +- Fixed dhclient-script to not remove alias IP when it didn't + changed to not wipe out iptables connmark when renewing the + lease (bnc#700771). Thanks to James Carter for the patch. +- Fixed DDNS-howto.txt reference in the config file; it has been + moved to the dhcp-doc package (bnc#697279). +- Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz + to ensure, they're not used to build non-GPL dhcp (bnc#714004). +- Changed to apply strict-aliasing/RELRO for >= 12.x only + +------------------------------------------------------------------- +Wed Jul 20 18:53:07 UTC 2011 - crrodriguez@opensuse.org + +- Correct previous change. + +------------------------------------------------------------------- +Wed Jul 20 04:45:40 UTC 2011 - crrodriguez@opensuse.org + +- THis is a long running network daemon, link with + full RELRO security enhancements. +- remove -fno-strict-aliasing from CFLAGS, no longer needed. + +------------------------------------------------------------------- +Tue May 17 03:58:24 UTC 2011 - crrodriguez@opensuse.org + +- Import redhat's patch to open all needed FDs with O_CLOEXEC + so they dont leak. + +------------------------------------------------------------------- +Thu May 12 08:39:03 UTC 2011 - mt@suse.de + +- Removed obsolete sles8 compatibility dependencies, fixed + to avoid non-functional sles_version conditionals. + +------------------------------------------------------------------- +Tue May 10 11:48:57 UTC 2011 - mt@suse.de + +- Fixed to not introduce separate dhcp-doc package on sles, + use versioned provides/obsoletes, improved conditionals. + +------------------------------------------------------------------- +Tue May 3 12:27:08 UTC 2011 - mt@suse.de + +- Fixed dhclient-script typo causing ISC DHCPv6 client to execute + ifup pre-down scripts also while renew, when the ipv6 address + did not changed (bnc#690859). + +------------------------------------------------------------------- +Fri Apr 29 13:31:57 UTC 2011 - mt@suse.de + +- Implemented optional ldap connect retry loop during the initial + startup of the dhcp server in cases where the ldap server is not + yet started. Set the ldap-init-retry option in dhcpd.conf + to enable it (bnc#627617). Merged in the actual ldap patch. +- Cleaned up init script error reporting, no -TERM for killproc. + +------------------------------------------------------------------- +Wed Apr 27 12:31:25 UTC 2011 - mt@suse.de + +- Updated to ISC dhcp-4.2.1-P1 release, that provides most of the + dhclient pretty escape and string option checks. Merged to use + relaxed domain-name option check causing a regression, when the + server is misusing it to provide a domain list (compatibility to + attic clients) and does not provide it via domain-search option; + pretty escape semicolon as well (bnc#675052, CVE-2011-0997). + +------------------------------------------------------------------- +Thu Mar 31 09:56:02 UTC 2011 - mt@suse.de + +- Discard string options such as host and domain names containing + disallowed characters or beeing too long. This proctive patch + limits root-path to a-zA-Z0-9, #%+-_:.,@~/\[]= and a space + (bnc#675052, CVE-2011-0997). + +------------------------------------------------------------------- +Thu Mar 31 09:00:19 UTC 2011 - mt@suse.de + +- Updated to ISC DHCP 4.2.1 release (bnc#680298), that provides + following fixes (digest): + * Several fixes to OMAPI, cleanup of dereferenced pointers in + the omapi handle, handling of pipe failures and status code + in omapi signal handler that may cause connect failure and + 100% CPU use. + * Handle some DDNS corner cases better + * Several fixes to lease input and output + * Corrected side effect of printing all data strings as hex. + * Host record references leaks causing applying config to all + innocent clients. + * Memory leak when parsing a domain name + * Fixes to configuration parsing including infinite loop. + * Fixed for unexpected abort caused by a DHCPv6 decline. + For the complete list see the RELNOTES file, that is available + also online at http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-RELNOTES. +- Removed obsolete optional-value-infinite-loop, no-libcrypto + and CVE-2011-0413.bnc667655 patches. +- Merged the dhclient-send-hostname and ldap patches. + +------------------------------------------------------------------- +Mon Feb 21 14:51:43 UTC 2011 - mt@suse.de + +- dhclient-script: fixed typo causing that only global settings + to set hostname and default route were applied for primary + and never per interface settings (bnc#673792). + +------------------------------------------------------------------- +Fri Feb 18 10:21:28 UTC 2011 - mt@suse.de + +- Added dhcp-4.2.0-xen-checksum.patch by David Cantrell to handle + xen partial UDP checksums (bnc#668194). + +------------------------------------------------------------------- +Wed Feb 2 09:12:11 UTC 2011 - mt@suse.de + +- Applied security fix for unexpected abort caused by a DHCPv6 + decline message (CVE-2011-0413, VU#686084, bnc#667655). +- Fixed dhclient.conf to request the domain-search option. + +------------------------------------------------------------------- +Mon Dec 13 08:51:59 UTC 2010 - mt@suse.de + +- Updated to ISC DHCP 4.2.0-P2, a security release fixing the + handling of connection requests on the failover port. + Previously a connection request from a source that wasn't + listed as a failover peer would cause the server to become + non-responsive. ([ISC-Bugs #22679] CERT: VU#159528 CVE: + CVE-2010-3616, bnc#659059). + +------------------------------------------------------------------- +Tue Dec 7 14:50:23 UTC 2010 - mt@suse.de + +- Enable ldap CASA support on SLE only. + +------------------------------------------------------------------- +Tue Nov 30 21:56:04 UTC 2010 - mt@suse.de + +- Fixed to use same/correct dhcrelay6 interface variables in the + sysconfig file and in the dhcrelay6 init script. + +------------------------------------------------------------------- +Mon Nov 29 15:45:09 CET 2010 - mt@suse.de + +- Updated to ISC DHCP 4.2.0-P1 release, providing a security fix to + handle a relay forward message with an unspecified address in the + link address field. Previously such a message would cause the + server to crash. Thanks to a report from John Gibbons. + [ISC-Bugs #21992] CERT: VU#102047 CVE: CVE-2010-3611 (bnc#650902) + The 4.2.0 version is a feature release, implementing asynchronous + DDNS processing and includes "The LDAP Patch". + For a complete list of changes from any previous release, please + consult the RELNOTES file within the source distribution or on + the ISC website: http://www.isc.org/software/dhcp/420 +- Fixed compilation to avoid segfaults as soon as ldap is enabled, + merged our ldap patches from 4.1.x branch. + +------------------------------------------------------------------- +Tue Nov 2 09:48:56 UTC 2010 - mt@suse.de + +- Fixed a dhcrelay segfault while receiving packets on interfaces + without any IPv4 address assigned (bnc#631305, reported upsteam + as [ISC-Bugs #22409]). +- Fixed a common infinite loop while parsing options with optional + parts in the value such as in slp-service-scope option (bnc#643845, + reported upsteam as [ISC-Bugs #22410]). +- Fixed init scripts to report correct LSB codes in status action, + when the config file or the binary do not exists (bnc#640336). +- Fixed syntax of a check in the rcdhcrelay[6] (bnc#648580) +- Avoid pid check error message in the rcdhcpd[6] (bnc#646875) + +------------------------------------------------------------------- +Wed Sep 29 10:26:37 UTC 2010 - mt@suse.de + +- Fixed server lease file path in contrib/listlease and leasestate + changed to extract contrib and examples using setup macro. + +------------------------------------------------------------------- +Wed Aug 4 12:52:03 UTC 2010 - mt@suse.de + +- Renamed rfc3442-classless-static-routes_raw in /etc/dhclient.conf + to rfc3442-classless-static-routes for compatibility with the + NetworkManager making use of /etc/dhclient.conf now and adopted + /sbin/dhclient-script (bnc#625770). + +------------------------------------------------------------------- +Tue Jul 27 13:31:09 UTC 2010 - mt@suse.de + +- Fixed ldap option number conflicting with new options (bnc#625358) + +------------------------------------------------------------------- +Fri Jul 2 10:48:21 UTC 2010 - mt@suse.de + +- Added a fix for an lpf bind error messages making it easier to + localize problems (bnc#617795) + +------------------------------------------------------------------- +Mon Jun 14 12:11:57 UTC 2010 - mt@suse.de + +- Updated to ISC DHCP 4.1.1-P1 patch release, which contains + a pair of bug fixes including one for a security related bug + (bnc#612546, CVE-2010-2156): + * A bug was fixed that could cause the DHCPv6 server to + advertise/assign a previously allocated (active) lease to a + client that has changed subnets, despite being on different + shared networks. Dynamic prefixes specifically allocated in + shared networks also now are not offered if the client has + moved. [ISC-Bugs #21152] + * Accept a client id of length 0 while hashing. Previously the + server would exit if it attempted to hash a zero length client + id, providing attackers with a simple denial of service attack. + [ISC-Bugs #21253] + +------------------------------------------------------------------- +Tue May 18 08:46:37 UTC 2010 - mt@suse.de + +- Added rc.dhcrelay6 as source in the spec file + +------------------------------------------------------------------- +Tue May 11 11:22:48 UTC 2010 - mt@suse.de + +- Fixed dhcprelay scripts to source sysconfig file correctly +- Fixed spec file typo in arping path require, enabled ldap +- Fixed a dhclient option name and new/old ip address check + +------------------------------------------------------------------- +Fri May 7 14:10:21 UTC 2010 - mt@suse.de + +- Updated to ISC DHCP 4.1.1, the current 4.x series production + release, providing DHCPv6 client/server/relay implementation. + The programs act in DHCPv6 mode, when the -6 start option is set. + We install separate init scripts with a 6 at the end to handle + them, that is /etc/init.d/dhcpd6 and dhrelay6. Further, there is + also a link to the binaries with a 6 at the end, e.g. dhclient6, + making it visible, that the installed version supports DHCPv6. +- Moved additional documentation to a separate dhcp-doc package. +- Changed to provide config files and scripts as source files + instead of patches to the ISC scripts. +- Adopted spec file and config/scripts, merged in all patches. +- Implemented RFC 3442 classless static routes support in the + dhclient-script (bnc#555870). + +------------------------------------------------------------------- +Thu Apr 29 11:18:20 UTC 2010 - mt@suse.de + +- Updated to ISC DHCP 3.1-ESV, an extended support version release + which includes a small number of bug fixes (bnc#592178) over the + 3.1.3 version: + * Modified the handling of a connection to avoid releasing the + omapi io object for the connection while it is still in use. + One symptom from this error was a segfault when a failover + secondary attempted to connect to the failover primary if + their clocks were not synchronized. + * Fix test in dhcp_interface_signal_handler to check that the + inner handler has a signal_handler before calling it. + * When using 'ignore client-updates;', the FQDN returned to the + client is no longer truncated to one octet. + * Clean up some compiler warnings - ticket 19054. +- Fixed vlan interface check in dhcpd-restart-hook if-up.d script + (bnc#599702) +- Touch dhclient.leases in post-install script instead to provide + an empty file, versioned provides/obsoletes (rpmlint warnings). + +------------------------------------------------------------------- +Fri Mar 12 15:53:09 UTC 2010 - mt@suse.de + +- Fixed dhclient-script to call ifup -o dhcp and signal "complete" + to ifup when all configuration is done (bnc#585380,bnc#518219). + +------------------------------------------------------------------- +Thu Jan 7 20:41:13 CET 2010 - jengelh@medozas.de + +- Enable parallel building +- Use large PIE model on all SPARC flavors + +------------------------------------------------------------------- +Mon Dec 14 22:39:01 CET 2009 - mt@suse.de + +- Fixed dhclient-script to use correct sysconfig run dir path + to not to break the defaultroute/hostname setup (bnc#555095). +- Don't request any specific lease-time by default (bnc#516459). + +------------------------------------------------------------------- +Fri Oct 16 10:17:23 CEST 2009 - mt@suse.de + +- Fixed dhclient-script to forward new_domain_search as DNSSEARCH + to netconfig. + +------------------------------------------------------------------- +Tue Oct 13 22:51:49 CEST 2009 - mt@suse.de + +- Updated to dhcp-3.1.3 maintenance release fixing several issues + (a digest, see RELNOTES for the complete list): + * Remove infinite loop in token_print_indent_concat(). + * A parser bug was fixed that segfaulted if site-option-space + was tried to be used interchangeably with vendor-option-space. + * Two uninitialized stack structures are now memset to zero, + thanks to patch from David Cantrell at Red Hat. + * Memory leak in the load_balance_mine() function is fixed. This + would leak ~20-30 octets per DHCPDISCOVER packet while failover + was in use and in normal state. + * Fixed setting hostname in Linux hosts that require hostname + argument to be double-quoted. Also allow server-provided + hostname to override hostnames 'localhost' and '(none)'. + * Added client support for setting interface MTU and metric, + thanks to Roy "UberLord" Marples . + * Fixed failover reconnection retry code to continue to retry to + reconnect rather than restarting the listener. + * Fixed a bug where an OMAPI socket disconnection message would + not result in scheduling a failover reconnection, if the link + had not negotiated a failover connect yet (e.g.: connection + refused, asynch socket connect() timeouts). + * Versions 3.0.x syntax with multiple name->code option + definitions is now supported. Note that, similarly to 3.0.x, + for by-code lookups only the last option definition is used. + * Fixed a fenceposting bug when a client had two host records + configured, one using 'uid' and the other using 'hardware + ethernet'. CVE-2009-1892 +- Updated to dhcp-3.1.3-ldap-patch-mt-01 including previous fixes. +- Merged dhclient script, removed obsolete CVE-2009-1892 fix. + +------------------------------------------------------------------- +Tue Sep 29 11:37:18 CEST 2009 - mt@suse.de + +- Replaced mt-02 ldap patch from old git repository with equivalent + one (dhcp-3.1.2p1-ldap-patch-mt-02) from a new repository with + fixed patch history (http://www.suse.de/~mt/git/dhcp-ldap.git/). + +------------------------------------------------------------------- +Wed Aug 12 10:38:26 CEST 2009 - mt@suse.de + +- Added dhcpd-restart-hook if-up.d script that restarts dhcp server + while network restart when a virtual interfaces as bridge, bond + or vlan goes up again (bnc#517810). + +------------------------------------------------------------------- +Wed Jul 29 14:05:41 CEST 2009 - mt@suse.de + +- Applied fix for a dhcp client id DoS (CVE-2009-1892, bnc#519413). + +------------------------------------------------------------------- +Wed Jul 29 12:47:46 CEST 2009 - mt@suse.de + +- Updated to dhcp-3.1.2p1 maintenance release fixing following + issues: + * A stack overflow vulnerability was fixed in dhclient that could + allow remote attackers to execute arbitrary commands as root on + the system, or simply terminate the client, by providing an + over-long subnet-mask option. + * A double-dereference in dhclient transmission of DHCPDECLINEs + was repaired. + * Fix handling of -A and -a flags in dhcrelay; it was failing + to expand packet size as needed to add relay agent options. + * Corrected list of failover state values in dhcpd man page. + * Fixed a bug that caused some request types to be logged + incorrectly. + * Fixed a coredump when adding a class via OMAPI. + * Clients that sent a parameter request list containing the + routers option before the subnet mask option were receiving + only the latter. Fixed. + * The server wasn't always sending the FQDN option when it should. + * A partner-down failover server no longer emits 'peer holds all + free leases' if it is able to newly-allocate one of the peer's + leases. + * A cosmetic bug in DHCPDECLINE processing was fixed which caused + all successful DHCPDECLINEs to be logged as "not found" rather + than "abandoned". + * Some failover debugging #defines have been better defined and + some high frequency messages moved to a deeper debugging symbol. + * The CLTT parameter in failover is now only updated by client + activity, and not by failover binding updates. + * Failover BNDUPD messages are now discarded if they conflict with + an update that has been trasnmitted, but not acknowledged. + * A bug cleaning up unknown-xxx temporary option definitions was + fixed. +- Removed obsolete dhclient-no-dereference-twice patch +- Improved dhclient-script to apply global dhcp settings, when + there is no interface config (bnc#480922). +- Enabled casa support in dhcp-ldap for >= sles 10 and => 11.1. +- Updated dhcp-3.1.2p1-ldap-patch-mt.11.2-02 merging all patches + flying around -- see http://www.suse.de/~mt/git/dhcp-ldap.git + and the git changelog at the begin of the patch. + +------------------------------------------------------------------- +Mon Jan 19 15:58:38 CET 2009 - mt@suse.de + +- Fixed dhclient-script to apply a dhcp provided MTU (bnc#467358). + +------------------------------------------------------------------- +Thu Jan 15 16:43:01 CET 2009 - mt@suse.de + +- Fix message about missed service/server association (bnc#392354). +- Applied missed patch with support for dhcpFailOverPeer objects + (failover peering definition) by S Kalyanasundaram (fate#303198). + +------------------------------------------------------------------- +Thu Jan 15 13:50:01 CET 2009 - mt@suse.de + +- Fixed init script to copy nsswitch.conf and all libnss libs to + the chroot jail to fix resolving via /etc/hosts (bnc#462851). + +------------------------------------------------------------------- +Tue Dec 16 11:37:00 CET 2008 - mt@suse.de + +- Fixed init scripts Required-Start/Stop tags to require network- + remotefs script, so all interfaces are up while start. + +------------------------------------------------------------------- +Wed Nov 26 08:05:01 CET 2008 - coolo@suse.de + +- prereq sysconfig to avoid warnings about missing + /etc/sysconfig/dhcp + +------------------------------------------------------------------- +Mon Nov 24 13:00:39 CET 2008 - mt@suse.de + +- Removed network-number request from dhclient.conf (bnc#443788). + +------------------------------------------------------------------- +Tue Nov 11 11:12:23 CET 2008 - mt@suse.de + +- Fixed dhclient-script to apply DHCLIENT_SET_HOSTNAME and + SET_DEFAULT_ROUTE policy correctly and inclusive of per + interface setings (bnc#426650). +- Fixed dhclient-script to make sure, the host name is set + as short-name even dhcp provides fqdn (bnc#418168) +- Fixed dhclient-script to translate all known dhcp options + to netconfig variables and unknown with dhclient prefix. +- Fixed dhclient.conf to request all netbios dhcp-options, + added also nds and mtu options. + +------------------------------------------------------------------- +Fri Sep 12 16:58:22 CEST 2008 - mt@suse.de + +- Removed one of two option_state_dereference calls in dhclient.c + causing null pointer messages (not critical) in the log. +- Fixed a forgotten fi typo in the dhclient-script + +------------------------------------------------------------------- +Mon Sep 8 18:29:00 CEST 2008 - mt@suse.de + +- Updated to dhcp-3.1.1, providing following major new features + compared to its 3.0.x derivative: + * A significantly enhanced Failover protocol implementation, + which: + + Implements MAC Address Affinity to reduce the frequency + of clients being assigned new IP addresses; + + Supports the assignment of failover-protected addresses + to legacy BOOTP clients; + + Implements a dynamic lease reservation system that provides + improved accounting of the use of fixed address assignments, + by allocating fixed addresses out of the pool of dynamic leases + + Improves tools and reduces operator oversight necessary for + maintaining a functioning system. + * Support for DHCP leasequery, and the VIVCO/VIVSO options, which + makes easy and comfortable integration with DOCSIS devices and + the environment in which they are used. + * Management of class and subclass statements via OMAPI + * Several server configuration options related to dynamic DNS + behavior + * Other new configuration functions, including "execute()", + which runs a shell command from within a dhcpd or dhclient + configuration file + For a full list of new features added in this release, please + observe the changes list. +- Adopted/merged patches, dropped obsolete dhcdbd (NM) patches. + +------------------------------------------------------------------- +Fri Aug 22 13:34:07 CEST 2008 - mt@suse.de + +- Adopted dhclient-script and manual page to use /sbin/netconfig + that is replacing the modify_resolvconf mechanizm by default. + +------------------------------------------------------------------- +Wed Aug 20 15:11:14 CEST 2008 - mt@suse.de + +- Updated to dhcp-3.0.7, a maintenance release containing several + bug fixes; since the 3.0.6 release this are: + * Fixed "--version" flag in dhcrelay. + * Clarified error message when lease limit exceeded + * Fixed a buffer overflow error which could have allowed a denial + of service under unusual server configurations + * Bug in octal parsing fixed. Thanks to Bernd Fuhrmann for the + report and fix. + * The warning logged when an address range doesn't fit in the + subnets they were declared has been updated to be more helpful + and identify the typo in configuration that created the + spanning addresses. + * The 'min-secs' configuration parameter's log message has been + updated to be more helpful. + * Fixed a bug in which write_lease() might report a failure + incorrectly. + * Bug in server configuration parser caused server to get stuck + on startup for certain bad pool declarations. Thanks to + Guillaume Knispel for the bug report and fix. + * Fixed file descriptor leak on listen failure. Thanks to Tom + Clark. + * Failover binding acks are now transmitted before new binding + updates (which may, very rarely, be related to a lease on the + ack queue). This eliminates a lease database inconsistency + bug, as the remote system relies upon the most recent message + it received from its peer. + * POOLREQ messages received within 30 seconds of one another are + ignored. + * 'lease imbalance' messages are not logged unless rebalance was + actually attempted ("ten percent" rule). + * A bug was fixed where the 'giaddr' may be used to find the + client's subnet rather than its own 'ciaddr'. + * A log message was introduced to clarify the situation where a + failover 'address' parameter (the server's local address) did + not resolve to an IPv4 address. + * When server is configured with options that it overrides, a + warning is issued when the configuration file is read, rather + than at the time the option is overridden. This was important, + because the warning was given every time the option was + overridden, which could create a lot of unnecessary logging. + * When a failover server suspects it has encountered a peer + running a version 3.1.x failover server, a warning that the + failover wire protocol is incompatible is printed. + * The failover server no longer issues a floating point error + if it encounters a previously undefined option code. + * A memory leak when using omapi has been fixed. +- Adopted dhcp-send-hostname-rml patch +- Removed obsolete dhcp-3.0.5-pool_eof patch +- Merged changes between server:isc-dhcp and openSUSE:Factory +- Removed down parameter from ifconfig calls in dhclient-script + because it destroys bonding interfaces and also conflicts with + an dhcpv6 client running on same interface (bnc#410905). + +------------------------------------------------------------------- +Wed Aug 20 14:11:14 CEST 2008 - skalyanasundaram@novell.com + +- Added missing DNs (dhcpZoneDN, dhcpFailOverPeerDN) to list of + external references. + +------------------------------------------------------------------- +Fri Jun 27 14:28:02 CEST 2008 - mt@suse.de + +- Added /etc/openldap directory to the file list of the dhcp-server + package, because it is not provided by the ldap package any more. + +------------------------------------------------------------------- +Fri May 23 15:55:14 CEST 2008 - mt@suse.de + +- Don't set parts of host error messages as hostname (bnc#389668). + +------------------------------------------------------------------- +Mon May 19 15:47:19 CEST 2008 - mt@suse.de + +- Documentation updates for DDNS-howto.txt (bnc#359977). + +------------------------------------------------------------------- +Fri Apr 4 16:43:21 CEST 2008 - mt@suse.de + +- Changed the list of dhcp options required by the dhcp-client in + the server response to not to enforce the domain-name-servers + option availiability (bnc#331964). +- Fixed too long error messages server init script (bnc#353589). +- Renamed/renumbered patches modifying the dhclient.conf file. +- Fixed the dhclient-script to add explicit host route to default + gateway when it is not reachable via interface route created by + ifconfig based on the IP and netmask (e.g. /32) values provided + by dhcp server (bnc#266215). +- Fixed ntp configuration feature in dhclient-script to try-restart + the ntp service to apply the server changes. Changed to use new + per interface server list to avoid merge problems (bnc#375746). + +------------------------------------------------------------------- +Tue Apr 1 16:07:04 CEST 2008 - mkoenig@suse.de + +- remove dir /usr/share/omc/svcinfo.d as it is provided now + by filesystem + +------------------------------------------------------------------- +Tue Dec 4 11:02:45 CET 2007 - mt@suse.de + +- Bug #343069: Added dhcp-server compatibility workaround to search + for lower- and upper-case MAC addresses in the dhcpHWAddress LDAP + attributes. New patch: dhcp-3.0.6-ldap-patch_hwaddr-icase.dif + +------------------------------------------------------------------- +Mon Nov 19 09:43:56 CET 2007 - mt@suse.de + +- Disabled script setting in the /etc/dhclient.conf, + because it overrides the -sf command line option. + +------------------------------------------------------------------- +Fri Aug 24 10:25:29 CEST 2007 - mt@suse.de + +- Removed getcfg interface config to interface name conversions + +------------------------------------------------------------------- +Mon Jul 30 13:06:43 CEST 2007 - thoenig@suse.de + +- dhcp-3.0.3-dhclient-script-dhcdbd.patch: dbus-send is now located + in /bin + +------------------------------------------------------------------- +Thu Jul 19 16:14:33 CEST 2007 - mt@suse.de + +- Updated to 3.0.6, a maintenance release containing fixes + for bugs discovered since DHCP 3.0.5, but no new features. + See the RELNOTES file for full list of changes. +- Adopted dhcp-3.0rc10.filedes.dif patch + new patch file name: dhcp-3.0.6-dhclient-exec-filedes.dif +- Bug #289933: Let dhclient request netbios-name-servers as well; + old patch file name: dhcp-3.0.5-dhclient-nis-ntp.patch + new patch file name: dhcp-3.0.6-dhclient-requests-conf.patch +- Removed $local_fs from init-scripts, included in $remote_fs. + +------------------------------------------------------------------- +Wed Jun 27 17:41:11 CEST 2007 - anschneider@suse.de + +- Added support for ntpd runtime configuration + new patch file: dhcp-3.0.6-dhclient-script-ntp-runtime.patch + +------------------------------------------------------------------- +Wed Jun 27 12:27:47 CEST 2007 - lmuelle@suse.de + +- Let dhclient request ntp-servers by default. + +------------------------------------------------------------------- +Tue May 22 09:37:59 CEST 2007 - mt@suse.de + +- Bug 275592: Added ldap and ndsd to the Should-Start/Stop LSB + init info tags of the dhcp-server init script. +- Bug #241113: Added copying of /etc/openldap/ldap.conf and + more base libraries into the chroot jail. + +------------------------------------------------------------------- +Mon May 14 15:31:04 CEST 2007 - mt@suse.de + +- Bug #265337: Fix to generate proper "host ... {" block begin + brace even if no harware address is specified for the host. + New patch file: dhcp-3.0.5-ldap-patch_host_brace.dif +- Bug #258493: Fix to support new dhcpServerDN reference in + dhcpService object search filter. + New patch file: dhcp-3.0.5-ldap-patch_server_dn.dif +- Fixed LSB init info to use LSB 2.0 Should-Start/Should-Stop. + +------------------------------------------------------------------- +Thu Mar 15 18:07:35 CET 2007 - mt@suse.de + +- Bug #181212: Improved dhcp init-script to copy directories + specified in the DHCPD_CONF_INCLUDE_FILES sysconfig variable + into the chroot jail. + +------------------------------------------------------------------- +Wed Mar 14 12:15:11 CET 2007 - mt@suse.de + +- Bug #247365: Added installation of dhcp-server SuSEfirewall2 + service definition file. + +------------------------------------------------------------------- +Tue Mar 13 18:16:48 CET 2007 - mt@suse.de + +- Updated to dhcp-3.0.5-ldap-patch.gz, released on 2007-02-23 + fixing a parsing bug in dhcpd-conf-to-ldap.pl script to handle + correctly quoted string containing spaces. + Further, it includes our fixes and obsoletes following patches: + * dhcp-3.0.5-ldap-patch-strncat.dif + * dhcp-3.0.5-ldap-patch-casa-fix.dif + * dhcp-3.0.5-ldap-patch-dhcp-cn.dif + * dhcp-3.0.5-ldap-patch-schema.dif + * dhcp-3.0.5-ldap-patch-nomd5.dif + * dhcp-3.0.5-ldap-patch-referrals.dif + * dhcp-3.0.5-ldap-patch-ssl-opts.dif + * dhcp-3.0.5-ldap-patch-ldap_read.dif +- Bug #250153: Fix for object order related parse error, that + occured in case an dhcp-ldap object referencing a dhcp-tsigkey, + class or failoverpeer object was parsed before the declaration + of the referenced objects, because of the order in ldap result. + New patch file: dhcp-3.0.5-ldap-patch_object-order.dif + +------------------------------------------------------------------- +Tue Feb 20 11:45:29 CET 2007 - mt@suse.de + +- Bug #162186: Added check for EOF in parse_pool_statement to + avoid endless recursion loop between parse_pool_statement + and parse_statement when a closing right brace "}" is missed + at the end of a pool declaration in /etc/dhcpd.conf. + New patch file: dhcp-3.0.5-pool_eof.dif +- Fixed ldap_read_function to avoid returning of empty strings + causing parsing errors in ldap-dynamic mode. + New patch file: dhcp-3.0.5-ldap-patch-ldap_read.dif + +------------------------------------------------------------------- +Thu Jan 25 11:15:57 CET 2007 - mt@suse.de + +- Updated to dhcp-3.0.5-ldap-patch.gz, providing several fixes: + * unbind from the LDAP server after the config file has been ran + if the server is being ran in static mode + * fixed ldap_read_function bug where the entire configuration + was not being processed + and extensions / enhancements: + * added functions for reading config values from the config + file to clean up the ldap_start() function. + * new ldap-server-cn option that will be used to locate the + data in ldap; defaults to the hostname as before (FATE #227). + * while host is added in the ldap-method dynamic mode, try to + find if it belongs to a group and apply the group options too. + * modifies the dhcpHWAddress attribute to case-insensitive, adds + several new objectclasses, e.g. dhcpLocator, dhcpTsigKey, + dhcpDnsZone,dhcpFailOver to the dhcp.schema. + * implements support for dhcpTsigKey, dhcpDnsZone and related. + * implements auth password query via casa. +- Adopted ldap-patch-strncat, removed ldap-patch-nossl obsoleted by + ldap-patch-nomd5. New patch: dhcp-3.0.5-ldap-patch-strncat.dif +- Added dhcp-3.0.5-ldap-patch-nomd5.dif linking the dhcp-server + with md5 functions from openssl library instead of own copy. +- Added dhcp-3.0.5-ldap-patch-casa-fix.dif, fixing casa support +- Added dhcp-3.0.5-ldap-patch-dhcp-cn.dif, renaming the dhcpd.conf + ldap-server-cn option to more clear ldap-dhcp-server-cn. +- dhcp-3.0.5-ldap-patch-schema.dif +- Added dhcp-3.0.5-ldap-patch-referrals.dif, implementing support + for LDAP referrals, introducing new "ldap-referrals " + option in dhcpd.conf. +- Added dhcp-3.0.5-ldap-patch-ssl-opts.dif enabling/implementing + TLS/LDAPS support. Adds new "ldap-ssl " + and several "ldap-tls-*" options for dhcpd.conf. By default, the + server trys to use TLS if possible, but continues without if not. + +------------------------------------------------------------------- +Tue Jan 9 13:48:07 CET 2007 - mt@suse.de + +- Added installation of dhcpd.xml, dhcpd service description + for omc xml-service-provider, fate #301710. +- fix of the ldap-patch strncat fix, bug #202648 + +------------------------------------------------------------------- +Wed Nov 8 11:33:50 CET 2006 - mt@suse.de + +- fix for strncat usage in ldap-patch, bug #202648 + +------------------------------------------------------------------- +Tue Nov 7 11:28:23 CET 2006 - mt@suse.de + +- updated to 3.0.5, bug #212310: + * This release is a maintenance release that seeks to correct bugs + introduced in 3.0.4 or prior. The most important of these bugs + is for 64-bit time_t systems that was introduced in 3.0.4. + * If you are upgrading from ISC DHCP 3.0.3 or prior and are using + failover, please take special care of the 'atsfp' values now + included on failover-controlled leases. See the RELNOTES file. +- adopted dhcp-3.0.4-tmpfile.dif (now dhcp-3.0.5-tmpfile.dif) +- added to provide gpg signature of the tar archive as rpm-source + +------------------------------------------------------------------- +Tue Oct 17 20:26:30 CEST 2006 - poeml@suse.de + +- there is no SuSEconfig.syslog script anymore, thus remove the + YaST hint from the sysconfig template + +------------------------------------------------------------------- +Fri Jun 9 14:49:58 CEST 2006 - poeml@suse.de + +- upstream 3.0.4: + * fix an insidious bug in the failover implementation which, if + left unchecked, could result in tying up all leases in + transitional states (such as released, reset, or expired) + * fix a confusing (wrong) syslog line, logged by during DDNS update + * The server now tries harder to survive the condition where it is + unable to open a new lease file to rewrite the lease state + database. + * several other small bug fixes +- update ldap patch. It now supports ldap over ssl, but we don't + enable it and add dhcp-3.0.4-ldap-patch-nossl.dif, because at the + moment there seems to be a choice between linking dhclient + against ldap+ssl libs (not in /lib) or risking clash between + openssl and isc's md5 symbols. (At least, I assume that this is + the reason why the ldap patch now removes the isc implementation + from the build.) Thus, I readd the patch which added ldap libs to + LIBS in the server subdir only, via ./configure +- if /etc/sysconfig/dhcpd:DHCPD_INTERFACE is set to "ANY", dhcpd + will now autodetect available network interfaces + +------------------------------------------------------------------- +Fri Jun 2 11:55:59 CEST 2006 - poeml@suse.de + +- allow for build on SUSE Linux 9.3 and older (no -fpie) +- clean up all CFLAGS/DEBUG_FLAGS definitions + +------------------------------------------------------------------- +Tue May 16 16:24:33 CEST 2006 - poeml@suse.de + +- add s390x to the list of platforms to compile with -fsigned-char + to avoid the dhclient.conf parse error "expecting a statement" + [#171532], [#134590] + +------------------------------------------------------------------- +Thu May 4 23:01:10 CEST 2006 - rml@suse.de + +- Add "-H" flag for setting hostname (Novell major bug #139532) + +------------------------------------------------------------------- +Wed Mar 29 15:47:38 CEST 2006 - poeml@suse.de + +- fix two further include paths in dhcpctl.3 and omapi.3 + +------------------------------------------------------------------- +Wed Mar 29 12:50:24 CEST 2006 - poeml@suse.de + +- package the static libdst.a library [#158271] +- fix the include path in dhcpctl.3 and omapi.3 [#158271] + +------------------------------------------------------------------- +Fri Jan 27 01:11:31 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Jan 25 14:06:19 CET 2006 - poeml@suse.de + +- dereference links when copying stuff into the chroot jail [#145169] + +------------------------------------------------------------------- +Mon Jan 23 11:53:45 CET 2006 - thoenig@suse.de + +- dropped dhcp-3.0.3-dhclient-nm_active-01-thoenig.patch. Correct + solution is being implemented in NetworkManager + +------------------------------------------------------------------- +Sat Jan 14 12:40:06 CET 2006 - thoenig@suse.de + +- replaced 'nis-domain-servers' by 'nis-servers' in + dhcp-3.0.3-dhclient-nis-01-thoenig.patch (follow-up #134160) + +------------------------------------------------------------------- +Fri Jan 13 22:35:10 CET 2006 - thoenig@suse.de + +- add 'nis-domain' and 'nis-domain-servers' to 'request' + dhclient.conf (dhcp-3.0.3-dhclient-nis-01-thoenig.patch). If + the DHCP reply contains information about NIS, NM will set those. + (#134160) +- extended /sbin/dhclient-script to set domain name and host name. + This will only happen if the relevant options in + /etc/sysconfig/network/dhcp are set. + (dhcp-3.0.3-dhclient-nm_active-01-thoenig.patch) (#134160) + +------------------------------------------------------------------- +Mon Nov 28 14:43:43 CET 2005 - poeml@suse.de + +- compile with -fsigned-char on ppc/ppc64, avoiding the + dhclient.conf parse error "expecting a statement" [#134590] + +------------------------------------------------------------------- +Mon Sep 26 01:30:25 CEST 2005 - ro@suse.de + +- define LDAP_DEPRECATED in CFLAGS + +------------------------------------------------------------------- +Wed Aug 3 15:07:50 CEST 2005 - poeml@suse.de + +- update to 3.0.3 + * A bug was fixed in BOOTPREQUEST handling code wherein stale + references to host records would be left behind on leases that + were not allocated to the client currently booting (eg in the + case where the host was denied booting). + * The dhcpd.conf.5 manpage was updated to be more clear in + regards to multiple host declarations (thanks to Vincent + McIntyre). 'Interim' style dynamic updates were also + retouched. + * dhclient.conf documentation for interface {} was updated to + reflect recent discussion on the dhcp-hackers mailing list. +- update ldap patch, patches merged upstream +- compile with LPF instead of bsd sockets. Provide optional binary + compiled with bsd sockets. +- README: describe how to serve option 119 (searchlist), add dns + compression tool + +------------------------------------------------------------------- +Tue Jul 12 08:47:02 CEST 2005 - hare@suse.de + +- build with pie/PIE depending on architecture. + +------------------------------------------------------------------- +Thu Jun 30 21:38:41 CEST 2005 - gekker@suse.de + +- Add -DEXTENDED_NEW_OPTION_INFO to CFLAGS for rml + +------------------------------------------------------------------- +Tue Jun 28 22:03:50 CEST 2005 - gekker@suse.de + +- Add support for dhcdbd, patches from RH via rml + +------------------------------------------------------------------- +Mon Jun 20 16:45:22 CEST 2005 - ro@suse.de + +- build with pie/fpie + +------------------------------------------------------------------- +Mon Jun 13 15:26:44 CEST 2005 - kukuk@suse.de + +- Don't use kernel types in user space + +------------------------------------------------------------------- +Fri Apr 8 16:25:06 CEST 2005 - poeml@suse.de + +- update to 3.0.3b1 release. Changes since 3.0.2: + * A bug was fixed where a server might load balance a DHCP REQUEST to its + peer after already choosing not to load balance the preceeding DISCOVER. + The peer cannot allocate the originating server's lease. + * In the case where a secondary server lost its stable storage while the + primary was still in communications-interrupted, and came back online, + the lease databases would not be fully transferred to the secondary. + This was due to the secondary errantly sending an extra UPDREQ message + when the primary made its state transition to PARTNER-DOWN known. + * The package will now compile cleanly in gcc 3.3 and 3.4. As a side effect, + lease structures will be 9 bytes smaller on all platforms. Thanks to + Jason Vas Dias at Redhat. + * Interface discovery code in DISCOVER_UNCONFIGURED mode is now + properly restricted to only detecting broadcast interfaces. Thanks + to a patch from Jason Vas Dias at RedHat. + * decode_udp_ip_header was changed so that the IP address was copied out + to a variable, rather than referenced by a pointer. This enforces 4-byte + alignment of the 32-bit IP address value. Thanks to a patch from Dr. + Peter Poeml. + * An incorrect log message was corrected thanks to a patch from + Dr. Peter Poeml. + * A bug in DDNS was repaired, where if the server's first DDNS action was + a DDNS removal rather than a DDNS update, the resolver library's + retransmit timer and retry timer was set to the default, implying a + 15 second timeout interval. Which is a little excessive in a synchronous, + single-threaded system. In all cases, ISC DHCP should now hold fast to + a 1-second timeout, trying only once. + * The siaddr field was being improperly set to the server-identifier when + responding to DHCP messages. RFC2131 clarified the siaddr field as + meaning the 'next server in the bootstrap process', eg a tftp server. + The siaddr field is now left zeroed unless next-server is configured. + * mockup_lease() could have returned in an error condition (or in the + condition where no fixed-address was found matching the shared + network) with stale references to a host record. This is probably not + a memory leak since host records generally never die anyway. + * A bug was repaired where failover servers would let stale client identifiers + persist on leases that were reallocated to new clients not sending an id. + * Binding scopes ("set var = value;") are now removed from leases allocated + by failover peers if the lease had expired. This should help reduce the + number of stale binding scopes on leases. + * A small memory leak was closed involving client identifiers larger than + 7 bytes, and failover. + * Configuring a subnet in dhcpd.conf with a subnet mask of 32 bits might + cause an internal function to overflow heap. Thanks to Jason Vas Dias + at Redhat. + * Some inconsistencies in treating numbers that the lexer parsed as 'NUMBER' + or 'NUMBER_OR_NAME' was repaired. Hexadecimal parsing is affected, and + should work better. + * In several cases, parse warnings were being issued before the lexical + token had been advanced to the token whose value was causing an error... + causing parse warnings to claim the problem is on the wrong token. + * Host declarations matching on client identifier for dynamic leases will + no longer match fixed-address host declarations (this is now identical + to behaviour for host records matching on hardware address). +- print error if binary DHCPD_BINARY is not found [#76392] +- remove patches incorporated upstreams +- update ssh forced command example in dhcpsync man page + +------------------------------------------------------------------- +Mon Feb 21 17:53:08 CET 2005 - poeml@suse.de + +- update to 3.0.2 release. Changes since 3.0.2rc3: + * A previously undocumented configuration directive, + 'local-address', was documented in the dhcpd.conf manpage. + +------------------------------------------------------------------- +Tue Feb 8 17:40:05 CET 2005 - mt@suse.de + +- Bug #49433: try to reconnect to ldap server if it was down; + ignore SIGPIPE while ldap_unbind called on closed handle. + = new patch file: dhcp-3.0.2-ldap-reconnect.mt.dif.gz + +------------------------------------------------------------------- +Tue Dec 7 15:29:15 CET 2004 - poeml@suse.de + +- update to 3.0.2rc3. Changes since rc2: + * Two variables introduced in 3.0.2b1 were used without being + initialized in the case where neither the FILE nor SNAME fields + were available for overloading. This was repaired. + * A heretofore believed to be impossible corner case of the + option overloading implementation turned out to be possible + ("Unable to sort overloaded options after 10 tries."). The + implementation was reworked to consider the case of an option + so large it would require more than three chunks to fit. + * Many other instances of variables being used without being + initialized were repaired. + * An uninitialized variable in omapi_io_destroy() led to the + discovery that this function may result in orphaned pointers + (and hence, a memory leak). +- refresh the unaligned.patch + +------------------------------------------------------------------- +Tue Nov 30 14:10:15 CET 2004 - poeml@suse.de + +- update to 3.0.2rc2. Changes since 3.0.1: + * allocate_lease() was rewritten to repair a bug in which the server would + try to allocate an ABANDONED lease when FREE leases were available. + * Some dhcp-eval.5 manpage formatting was repaired. + * A bug was fixed in the server's 'option overloading' implementation, + where options loaded into the 'file' and 'sname' packet fields were + not aligned precisely as rfc2131 dictates. + * The FreeBSD client script was changed to support the case where a domain + name was not provided by the server. + * A memory leak in 'omshell' per each command line parsed was + repaired, thanks to a patch from Jarkko Torppa. + * Log functions writing to stderr were adjusted to use the STDERR_FILENO + system definition rather than '2'. This is a no-op for 90% of platforms. + * One call to trace_write_packet_iov() counted the number of io vectors + incorrectly, causing inconsistent tracefiles. This was fixed. + * Some expression parse failure memory leaks were closed. + * A host byte order problem in tracefiles was repaired. + * Pools configured in DHCPD for failover possessing permission lists that + previously were assumed to not include dyanmic bootp clients are now + a little more pessimistic. The result is, dhcpd will nag you about just + about most pools that possess a 'allow' statement with no 'deny' that + would definitely match a dynamic bootp client. + * The 'ddns-update-style' configuration warning bit now insists that + the configuration be globally scoped. + * Two memory leaks in dhclient were closed thanks to a patch from Felix + Farkas. + * Some minor but excellently pedantic documentation errors were fixed + thanks to a patch from Thomas Klausner. + * Bugs in operator precedence in executable statements have been repaired + once again. More legal syntaxes should be parsed legally. + * Failing to initialize a tracefile for any reason if a tracefile was + specified is now a fatal error. Thanks to a patch from Albert Herranz. + * Corrected a bug in which the number of leases transferred as calculated + by the failover primary and sent to peers in POOLRESP responses may be + incorrect. This value is not believed to be used by other failover + implementations, excepting perhaps as logged information. + * Corrected a bug in which 'dhcp_failover_send_poolresp()' was in fact + sending POOLREQ messages instead of POOLRESP mesasges. This message + was essentially ignored since failover secondaries effectively do not + respond to POOLREQ messages. + * Type definitions for various bitwidths of integers in the sunos5-5 + build of ISC DHCP have been fixed. It should compile and run more + easily when built in 64-bit for this platform. + * "allow known-clients;" is now a legal syntax, to avoid confusion. + * If one dhcp server chooses to 'load balance' a request to its failover + peer, it first checks to see if it believes said peer has a free + lease to allocate before ignoring the DISCOVER. + * log() was logging a work buffer, rather than the value returned by + executing the statements configured by the user. In some cases, + the work buffer and the intended results were the same. In some other + cases, they were not. This was fixed thanks to a patch from Gunnar + Fjone and directconnect.no. + * Compiler warnings for some string type conversions was fixed, thanks + to Andreas Gustafsson. + * The netbsd build environments were simplified to one, in which + -Wconversion is not used, thanks to Andreas Gustafsson. + * How randomness in the backoff-cutoff dhclient configuration variable + is implemented was better documented in the manpage, and the behaviour + of dhclient in REQUEST timeout handling was changed to match that of + DISCOVER timeout handling. + * Omapi was hardened against clients that pass in null values, thanks + to a patch from Mark Jason Dominus. + * A bug was fixed in dhclient that kept it from doing client-side + ddns updates. Thanks to a patch from Andreas Gustafsson, which + underwent some modification after review by Jason Vas Dias. + * Failover implementations disconnected due to the network between + them (rather than one of the two shutting down) will now try to + re-establish the failover connection every 5 seconds, rather than + to simply try once and give up until one of them is restarted. + Thanks to a patch from Ulf Ekberg from Infoblox, and field testing + by Greger V. Teigre which led to an enhancement to it. + * A problem that kept DHCP Failover secondaries from tearing down + ddns records was repaired. Thanks to a patch from Ulf Ekberg from + Infoblox. + * 64bit pointer sizes are detected properly on FreeBSD now. + * A bug was repaired where the DHCP server would leave stale references + to host records on leases it once thought about offering to certain + clients. The result would be to apply host and 'known' scopes to the + wrong clients (possibly denying booting). NOTE: The 'mis-host' patch + that was being circulated as a workaround is not the way this bug was + fixed. If you were a victim of this bug in 3.0.1, you are cautioned + to proceed carefully and see if it fixes your problem. + * A bug was repaired in the server's DHCPINFORM handling, where it + tried to divine the client's address from the source packet and + would get it wrong. Thanks to Anshuman Singh Rawat. + * A log message was introduced to help illuminate the case where the + server was unable to find a lease to assign to any BOOTP client. + Thanks to Daniel Baker. + * A minor dhcpd.conf.5 manpage error was fixed. +- update ldap patch (11/8/2004 version) + +------------------------------------------------------------------- +Thu Nov 11 12:47:21 CET 2004 - ro@suse.de + +- fixed file list for devel package + +------------------------------------------------------------------- +Thu Sep 23 11:34:56 CEST 2004 - poeml@suse.de + +- sysconfig.dhcpd, sysconfig.dhcrelay: give examples how to use + configuration names instead of interface names + +------------------------------------------------------------------- +Thu Aug 5 14:12:50 CEST 2004 - poeml@suse.de + +- update to 3.0.1 + * The global variable 'cur_time' was centralized and is now + uniformly of a type #defined in system-dependent headers. It + had previously been defined in one of many places as a 32-bit + value, and this causes mayhem on 64-bit big endian systems. It + probably wasn't too healthy on little endian systems either. + * A printf format string error introduced in rc14 was repaired. + * AIX system-dependent header file was altered to only define + NO_SNPRINTF if the condition used to #ifdef in vsnprintf in + AIX' header files is false. + * The Alpha/OSF system-dependent header file was altered to + define NO_SNPRINTF on OS revisions older than 4.0G. + * omapip/test.c had string.h added to its includes. +- drop obsolete dhcp-curtimetype.patch +- cope with missing files during chroot setup (e.g., if no + resolv.conf exists) [#40728] +- remove duplicated option "-cf" from usage output +- add notes about the used raw socket API to README + +------------------------------------------------------------------- +Fri Jul 16 14:27:18 CEST 2004 - poeml@suse.de + +- update to 3.0.1rc14 +- remove obsolete patches and adapt dhcp-3.0.1rc13-tmpfile.dif +- dhcpsync: use try-restart (so the server isn't started if it has + been stopped) +- remove notify messages that are sent to root +- check if dhcpd was active at boot time before update and + restore runlevel links if needed [#41215], and PreRequires for + that + +------------------------------------------------------------------- +Mon Jun 14 20:51:29 CEST 2004 - poeml@suse.de + +- security fixes [#41975]: + - fix buffer overflow in the DHCP server that can be exploited by + the client by specifying multiple 'hostnames' to execute + arbitrary code or at least crash the server. VU#317350 + - add patch to use vsnprintf() instead of vsprintf() calls. + VU#654390 + +------------------------------------------------------------------- +Fri May 14 15:04:50 CEST 2004 - poeml@suse.de + +- fix sysconfig comment and DHCPD_RUN_AS default [#40174] + +------------------------------------------------------------------- +Thu May 13 14:05:35 CEST 2004 - poeml@suse.de + +- improve security of the chroot jail setup by creating a dedicated + user id for the server, and move the leases database into a + subdirectory (/var/lib/dhcp/db). With the exception of that + subdirectory the chroot jail is now owned by root. [#40174] Use + mkstemp to create temporary files. [#40267] +- don't use startproc to start dhcpd, because startproc waits a + fixed time (100 msec) until it decides whether the service is + running or not. Now that dhcpd might have to contact an LDAP + server first to read its configuration, starting up can take + longer than that, and the init script would falsely report + "success" even when the server cannot start up due to broken + configuration or non-existant interfaces. Increasing the + startproc timeout (-t) is not a real alternative because, because + it would imply a fixed dely to the init script, and it might + still be too short. [#40350] + +------------------------------------------------------------------- +Tue May 4 18:24:14 CEST 2004 - poeml@suse.de + +- convert configuration names in DHCPD_INTERFACE / + DHCRELAY_INTERFACES into interface names [#39718] +- fix service restart for the case where the binary has been + switched for backward compatibility during updating. +- do not change DHCPD_BINARY for backward compatibility if updating + from 9.0. This and the last change complete the fix for [#38422] + and take care of updates from 8.1-9.1 with and without YOU + updates. + +------------------------------------------------------------------- +Fri Apr 30 15:09:44 CEST 2004 - poeml@suse.de + +- additionally package the dhcpd binary that uses the Linux packet + filter API. New option DHCPD_BINARY in sysconfig.dhcpd. [#38422] +- when updating from a previous package using LPF API, retain the + old behaviour. Fix init script so that 'stop' works also after a + switch of DHCPD_BINARY. + +------------------------------------------------------------------- +Thu Apr 22 11:53:00 CEST 2004 - mt@suse.de + +- updated to dhcp-3.0.1rc13-ldap-patch also obsolating the + patches: dhcp-ldap-fix01.dif, dhcpd-conf-to-ldap.pl.dif +- added dhcp-3.0.1rc13-ldap.mt.dif, providing diverse fixes + and basic failover support for server/ldap.c +- added dhcpd-conf-to-ldap.mt.dif providing failover support + to dhcpd.conf convert script + +------------------------------------------------------------------- +Thu Mar 25 19:23:17 CET 2004 - mt@suse.de + +- applied dhcp-3.0.1rc12-ldap-patch adding support to store + dhcp configuration in ldap (incl. draft ldap schema). + further patches: + - dhcp-ldap-fix01.dif: fixes for server/ldap.c (debuging + output, support for block statements, ...) + - dhcpd-conf-to-ldap.pl.dif: fixes for convert script + +------------------------------------------------------------------- +Wed Feb 25 16:00:55 CET 2004 - poeml@suse.de + +- the genDDNSkey script has been moved to the bind-utils package +- update the DDNS-howto.txt +- package leases.awk (dhcpd.leases analyzer) (courtesy of Jeff Wilson) +- update to 3.0.1rc13 + - Fixed a bug in omapi lease lookup function, to form the + hardware address for the hash lookup correctly + - The 'ping timeout' debugs from rc12 were removed to -DDEBUG + only + - Fixed a case where leases read from the leases database do not + properly over-ride previously read leases. + - Fixed a bug where dhcrelay was sending relayed responses back + to the broadcast address, but with the source's unicast mac + address. Should now conform to rfc2131 section 4.1. + - Fixed a crash bug in dhclient where dhcpd servers that do not + provide renewal times results in an FPE. As a side effect, + dhclient can now properly handle 0xFFFFFFFF (-1) expiry times + supplied by servers. + - dhcpctl.3 manpage was tweaked. +- the files CHANGES and COPYRIGHT have vanished, package LICENSE + instead + +------------------------------------------------------------------- +Sun Jan 11 10:35:11 CET 2004 - adrian@suse.de + +- build as user + +------------------------------------------------------------------- +Tue Nov 18 22:48:05 CET 2003 - poeml@suse.de + +- if starting dhcpd in chroot jail, and a pid file is present in + the jail, and the pid file does not contain a pid of a running + dhcpd process, but that of another _running_ process, remove + that pid file. [#32603] +- fix typo in dhcp.LIESMICH +- DDNS-howto.txt: adjust changed path +- DDNS-howto.txt: instead of the shell variables (they were copy + and paste'd from a script), use a real example (makes it easier) +- add a comment in sysconfig.dhcpd that entire directories may be + included +- dhcpsync: if run from the commandline, do not use an identity + that ssh-agent may hold, but use $KEY instead +- dhcpsync.8: add a note about a know limitation + +------------------------------------------------------------------- +Tue Nov 18 14:06:10 CET 2003 - poeml@suse.de + +- fix wrong ServiceRestart tags in sysconfig/dhcrelay [#32062] + +------------------------------------------------------------------- +Fri Oct 17 14:12:45 CEST 2003 - uli@suse.de + +- fixed data type mismatch in libomapi, only harmful on 64-bit + BE systems (ppc64, s390x, bug #32123) + +------------------------------------------------------------------- +Mon Sep 8 16:32:33 CEST 2003 - poeml@suse.de + +- update to 3.0.1rc12 + - a failover bug relating to identifying peers by name length + instead of by name was fixed + - declaring failover configs within shared-network statements + should no longer result in error + - a problem with lease expiry times in failover configurations + was fixed + - reverse dns PTR record updates with values containing spaces + are now permitted + - problems with long option processing fixed + - fixes to minires so that updates of KEY records will work + - memory leak in configuration parsing closed + - non-broadcast or point-to-point interfaces are now ignored + - options not yet known by the dhcpd or dhclient now appear as + e.g. "unknown-144" rather than "#144" in the leases file, to + avoid the hash marks + - dhclient no longer uses shell commands to kill another instance + of itself, it sends the signal directly. + - the -nw command line option to dhclient now works +- dhcp-3.0.1rc10-dhcrelay-limit-hopcount.dif included upstreams +- added contrib/ms2isc (converts Microsoft DHCP server configuration) + +------------------------------------------------------------------- +Mon Sep 8 10:46:42 CEST 2003 - poeml@suse.de + +- mark dhclient's lease database %config(noreplace) + +------------------------------------------------------------------- +Wed Sep 3 13:28:21 CEST 2003 - kukuk@suse.de + +- Really fix [#29405], server should not provide and obsolete dhcp. + +------------------------------------------------------------------- +Wed Aug 27 12:34:27 CEST 2003 - poeml@suse.de + +- don't provide/require dhcp-base. Require dhcp instead [#29405] + +------------------------------------------------------------------- +Tue Aug 26 18:16:28 CEST 2003 - poeml@suse.de + +- add Config: syslog-ng to sysconfig.syslog-dhcpd + +------------------------------------------------------------------- +Fri Aug 15 03:28:02 CEST 2003 - poeml@suse.de + +- use -Wall -Wno-unused +- add -fno-strict-aliasing, due to warnings about code where + dereferencing type-punned pointers will break strict aliasing +- add activation metadata to sysconfig template [#28864, [#28865], + [#28950] + +------------------------------------------------------------------- +Tue Aug 12 21:05:33 CEST 2003 - poeml@suse.de + +- rc.dhcpd, rc.dhcrelay: implement try-restart correctly +- cleaned up the root mail, and the READMEs [#27214], [#26266] +- send the root mail only on update [#27214] +- have no default value in /etc/sysconfig/dhcpd:DHCPD_INTERFACE +- in client's %post, send a mail only when rc.config is encountered +- clean buildroot, but not in chroot buildsystem +- the SuSE string is now replaced by UnitedLinux where appropriate +- rename the "dhcp-base" package to "dhcp", so there is a binary + package matching the name of the source package [#17668] +- use the lately added macros only on newer distributions + +------------------------------------------------------------------- +Wed Jul 30 16:58:25 CEST 2003 - poeml@suse.de + +- new macros for stop/restart of services on rpm update/removal + +------------------------------------------------------------------- +Mon Jul 28 14:25:01 CEST 2003 - poeml@suse.de + +- when copying include files into the chroot jail, create + subdirectories as needed, thus retaining the path to the files + +------------------------------------------------------------------- +Sun Jul 27 15:45:49 CEST 2003 - poeml@suse.de + +- don't explicitely strip binaries since RPM handles it, and may + keep the stripped information somewhere + +------------------------------------------------------------------- +Mon Jun 16 16:32:47 CEST 2003 - poeml@suse.de + +- add some notes to DDNS-howto.txt, kindly provided by Andrew Beames +- fix typo in genDDNSKey.sh + +------------------------------------------------------------------- +Wed May 21 18:25:11 CEST 2003 - mmj@suse.de + +- Implement try-restart correctly in init-script + +------------------------------------------------------------------- +Mon May 19 14:06:36 CEST 2003 - poeml@suse.de + +- update to 3.0.1rc11, relevant fixes are + - Potential buffer overflows in minires repaired. + - A correction of boolean parsing syntax validation - some illegal syntaxes + that worked before are now detected and produce errs, some legal syntaxes + that errored before will now work properly. + - Some search-and-replace errors that caused some options to change their + names was repaired. + - Shu-min Chang of the Intel corporation has contributed a perl script and + module that converts the MS NT4 DHCP configuration to a ISC DHCP3 + configuration file. + - Applied the remainder of the dhcpctl memory leak patch provided by Bill + Squier at ReefEdge, Inc. (groo@reefedge.com). + - Missing non-optional failover peer configurations will now result in a soft + error rather than a null dereference. +- use BSD sockets instead of LPF (makes iptables filtering of + packages possible for server and relay. It doesn't work on the + client, though, so that one requires seperate compilation.) See + Message-Id: <5.1.0.14.0.20030408175011.00b9c7c0@pop.itd.nrl.navy.mil> + +------------------------------------------------------------------- +Thu Mar 13 13:14:03 CET 2003 - poeml@suse.de + +- rcdhcpd, rcdcrelay: do not write the startup log to a world + writable directory [#25241] + +------------------------------------------------------------------- +Mon Mar 3 16:38:07 CET 2003 - poeml@suse.de + +- don't try to copy libraries into the chroot jail that do not + exist (any longer) [#24533] +- remove the %ghost filelist entries for pid files and chroot jail + contents [#20030]. Clean up the libraries from the jail when the + server is stopped. +- dhcrelay: add patch from Florian Lohoff (slightly modified), + that makes the maximal hop count of forwarded packages + configurable (-c maxcount), sets the default to 4, and rejects + packages with a hop count higher than maxcount (CAN-2003-0039, + http://www.kb.cert.org/vuls/id/149953). Add a variable to + /etc/sysconfig/dhcrelay to pass such additional options. + +------------------------------------------------------------------- +Wed Feb 12 15:29:29 CET 2003 - mmj@suse.de + +- Added sysconfig metadata [#22631] [#22632] [#22696] + +------------------------------------------------------------------- +Tue Dec 10 14:51:59 CET 2002 - okir@suse.de + +- Added security patch from ISC + +------------------------------------------------------------------- +Thu Dec 5 18:26:18 CET 2002 - poeml@suse.de + +- update to 3.0.1rc10. relevant fixes: + - A Linux-specific Token Ring detection problem was fixed. + - Hashes removed from as-yet-unknown agent options, having those + options appear in reality before we know about them will no + longer produce self-corrupting lease databases. + - dhclient will use the proper port numbers now when using the -g + option. + - A order-of-operations bug with 2 match clauses in 1 class + statement is fixed thanks to a patch from Andrew Matheson. + - A fix to the dhcp ack process which makes certain group options + will be included in the first DHCPOFFER message was made thanks + to a patch from Ling Gou. + - A few memory leaks were repaired thanks to patches from Bill + Squier at ReefEdge, Inc. (groo@reefedge.com). + - A fix for shared-networks that sometimes give clients options + for the wrong subnets (in particular, 'option routers') was + applied, thanks to Ted Lemon for the patch. + - Omshell's handling of dotted octets as values was changed such + that dots one after the other produce zero values in the + integer string. +- due to the upstream fixes: drop the reactivate-tr-support.dif and + format.dif +- retrofitted the (server) package to work for old distributions + down to 7.2 + +------------------------------------------------------------------- +Fri Nov 29 12:58:46 CET 2002 - schwab@suse.de + +- Fix unaligned access. + +------------------------------------------------------------------- +Mon Nov 4 13:02:26 CET 2002 - poeml@suse.de + +- update DDNS-howto.txt for BIND9 +- add genDDNSKey.sh to create a key for BIND8/9 +- add comments about DDNS to the dhcpd.conf [#18419], and + directives to disable DDNS by default +- change defaults in the sample configuration + +------------------------------------------------------------------- +Thu Aug 29 18:01:32 CEST 2002 - poeml@suse.de + +- fix permissions of man pages + +------------------------------------------------------------------- +Sun Aug 18 15:03:16 CEST 2002 - poeml@suse.de + +- re-add token ring support that got lost ("tr0:unknown hardware + address type 800"). With 2.4 kernel, ARPHRD_IEEE802 (6) has been + renamed to ARPHRD_IEEE802_TR (800). Known bug in 3.0.1rc9. +- move PreReq tag to the subpackages, where it is actually needed + [#17822, #17821] + +------------------------------------------------------------------- +Mon Aug 12 17:25:09 CEST 2002 - poeml@suse.de + +- dhcp-client: add missing Requires on /usr/bin/host + +------------------------------------------------------------------- +Mon Aug 12 14:53:14 CEST 2002 - poeml@suse.de + +- Fix requires of dhcp-devel subpackage +- add some helpful scripts, courtesy of Kevin C. Miller + +------------------------------------------------------------------- +Thu Aug 1 02:05:06 CEST 2002 - poeml@suse.de + +- use PreReq + +------------------------------------------------------------------- +Wed Jul 17 17:55:08 CEST 2002 - poeml@suse.de + +- add a sysconfig.syslog-dhcpd template to make syslogd open an + additional socket (inside the chroot dir of dhcpd) + +------------------------------------------------------------------- +Thu Jul 11 16:28:20 CEST 2002 - poeml@suse.de + +- fix typo in %post, introduced with last change + +------------------------------------------------------------------- +Thu Jul 11 15:33:11 CEST 2002 - poeml@suse.de + +- add Version: tags to the subpackages to satisfy the build system, + because dhcp has no main package [#16318] +- run in chroot and as user nobody per default +- fix wrong pathnames in mail to root [#15601] +- install example dhcpd.conf [#9122] +- improve example configuration files [#12563] +- init scripts: update INIT INFO, using the new tags from + /etc/init.d/skeleton + +------------------------------------------------------------------- +Tue May 21 18:48:50 CEST 2002 - poeml@suse.de + +- dhclient-script: + - source the right sysconfig files (/etc/sysconfig/network/) + [#15871] + - use KEEP_SEARCHLIST option (thanks Sumit Bose) + - improve the indentation + +------------------------------------------------------------------- +Thu May 16 13:15:36 CEST 2002 - poeml@suse.de + +- add documentation about configuration for dynamical DNS updates + +------------------------------------------------------------------- +Mon May 13 19:33:59 CEST 2002 - poeml@suse.de + +- fix last change (rediff dhcp-3.0.1rc9.format.dif) + +------------------------------------------------------------------- +Mon May 13 18:21:50 CEST 2002 - poeml@suse.de + +- update to 3.0.1rc9 + - fixes a format string vulnerability in the server that could + lead to a remote root compromise + (see http://www.cert.org/advisories/CA-2002-12.html) + - fixes a memory leak in the client and some other minor bugs +- fix some printf arguments in server/omapi.c +- fix small typo (x390x -> s390x) + +------------------------------------------------------------------- +Mon Apr 29 10:24:29 CEST 2002 - sf@suse.de + +- changed Makefile.conf to be able to add LIBDIR +- added LIBDIR to make install to put libs into the correct path +- use -DPTRSIZE_64BIT on x86_64 + +------------------------------------------------------------------- +Mon Apr 22 17:35:58 CEST 2002 - poeml@suse.de + +- update to 3.0.1rc8. Most significant changes are (see RELNOTES): + - Don't allow a lease that's in the EXPIRED, RELEASED or RESET + state to be renewed. + - Implement lease stealing for cases where the primary has fewer + leases than the secondary, as called for by the standard. + - Fix a bug where if an option universe contained no options, the + DHCP server could dump core (Walter Steiner). + - Fix a bug in the handling of encapsulated options. + - Fix an uninitialized memory bug in the DHCP client. +- use -DPTRSIZE_64BIT on x390x and ppc64, too +- create /etc/resolv.conf with a file mask of 644, regardless of + the umask [Bug #15915]. Patch by Joerg Mayer. +- the scripts dir is now called CLIENTBINDIR in the Makefiles, and + correctly set to /sbin --> drop 2 hunks from dhcp-3.0rc10.dif + +------------------------------------------------------------------- +Tue Mar 26 14:12:42 CET 2002 - ro@suse.de + +- Fix handling of initscript links and START_* variable [Bug #13755] + +------------------------------------------------------------------- +Sun Feb 10 23:09:42 CET 2002 - poeml@suse.de + +- drop the sysconfig/network/dhcp template. It's in the syconfig + package now. +- strip /sbin/dhclient + +------------------------------------------------------------------- +Mon Feb 4 17:55:01 CET 2002 - poeml@suse.de + +- rename dhcp subpackage to dhcp-base, add dhcp-server subpackage +- rename dhclient to dhcp-client and dhcrelay to dhcp-relay +- remove Conflicts tag dhclient <-> dhcpcd +- use %defattr(-, root, root) for all subpackages +- update copyright info (GmbH --> AG) +- update sysconfig.dhclient (.dhcp-dhclient now), and let it be + filled up into /etc/sysconfig/network/config + +------------------------------------------------------------------- +Wed Jan 30 19:59:51 CET 2002 - poeml@suse.de + +- add /sbin/dhclient, accidentally deleted from filelist lately + +------------------------------------------------------------------- +Sun Jan 27 23:19:14 CET 2002 - ro@suse.de + +- remove START_DHCPD on update +- use fillup_only where no initscript is handled + +------------------------------------------------------------------- +Sun Jan 27 21:08:27 CET 2002 - poeml@suse.de + +- use %_lib and %_libdir +- update rc.dhcpd to use %_libdir when setting up chroot dir +- dhcpsync: name of slave can be given as argument; update man page +- rc.dhcpd: no longer source rc.config +- don't try insserv on dhclient init script -- it's dropped +- tell fillup to use "dhcpd" instead of the package name (dhcp) + +------------------------------------------------------------------- +Fri Jan 25 00:18:52 CET 2002 - poeml@suse.de + +- update to 3.0.1rc6 + - Fix the off-by-one error in the MAC-address checking code for + DHCPRELEASE that was added in 3.0.1rc5. + - Fix a bug where client-specific information was not being + discarded from the lease when it expired or was released, + resulting in problems if the lease was reallocated to a + different client. + - merge pools if possible + - workaround for some Lexmark printers that send a double-NUL- + terminated host-name option, which would break DNS updates. + - no longer log fallback_discard messages +- dhcp-3.0.1rc5-release.dif obsolete hereby +- drop dhclient init script (obsoleted by /sbin/if*-dhcp) + +------------------------------------------------------------------- +Tue Jan 15 16:31:35 CET 2002 - poeml@suse.de + +- update to 3.0.1rc5 + - Fix a bug that would cause the DHCP server to spin if asked to + parse a certain kind of incorrect statement. + - Fix a related bug that would prevent an error from being + reported in the same case. + - Additional documentation. + - Make sure that the hardware address matches the lease when + processing a DHCPRELEASE message. +- add dhcp-3.0.1rc5-release.dif that corrects an error by one in + the code that finds a lease that is being RELEASEd +- use ddns-update-style interim instead of ad-hoc when testing +- make sure that dhcpd is started after xntpd (failover needs + correct system time) +- drop version 2 of dhcpd and dhcrelay + +------------------------------------------------------------------- +Thu Dec 13 00:39:56 CET 2001 - ro@suse.de + +- removed START_ variables, moved rc.config.d -> sysconfig + +------------------------------------------------------------------- +Tue Nov 6 13:50:12 CET 2001 - poeml@suse.de + +- update to 3.0.1rc4 +- add dhcpsync and dhcpync.8 (script to sync DHCP failover config.) +- update rc.dhclient script from the one used in the dhcpcd package +- client: don't check if a device is there; terminate anyway +- small addition to the examples; update README.upgrade + +------------------------------------------------------------------- +Wed Oct 31 17:28:27 CET 2001 - poeml@suse.de + +- update to 3.0.1rc2 +- add a README.upgrade + +------------------------------------------------------------------- +Thu Oct 25 15:51:22 CEST 2001 - poeml@suse.de + +- update to 3.0.1rc1 +- remove our #undef use_LPF patch for 2.0pl5; it seems to cause + problems (stopping responding) with more than one network card +- mark /etc/dhclient.conf with noreplace tag + +------------------------------------------------------------------- +Sun Sep 16 15:44:51 CEST 2001 - poeml@suse.de + +- fix stupid bug in rc.dhcpd where rc.config is sourced too late + +------------------------------------------------------------------- +Fri Sep 14 12:25:38 CEST 2001 - poeml@suse.de + +- fix #9962 where "exit 1" instead of "return" in dhclient-script + would confuse dhclient (which then DECLINEd the lease) + +------------------------------------------------------------------- +Tue Aug 28 16:45:54 CEST 2001 - poeml@suse.de + +- make sure that files are really copied to the chroot dir + +------------------------------------------------------------------- +Mon Aug 27 11:43:08 CEST 2001 - poeml@suse.de + +- add libnss_dns6.so.2 as ghost to the file list to remove it + from the chroot dir when uninstalling the package +- rc.dhcpd: remove empty pid files to avoid warnings by + checkproc/killproc (dhcpd sometimes leaves them if it does not + want to start due to wrong syntax) +- rc.dhcpd: to save time, source rc.config only when necessary +- add dhcpd.conf examples + +------------------------------------------------------------------- +Fri Aug 24 02:11:12 CEST 2001 - poeml@suse.de + +- update to 3.0rc12 (fixes some failover state transitions; other + failover fixes; always returns a subnet selection option if one + is sent) +- change dhclient-script to ignore lines that are commented out + when grepping for variables and eval-ing them + +------------------------------------------------------------------- +Mon Jul 16 14:35:33 CEST 2001 - poeml@suse.de + +- add filedes.dif that gives scripts executed from dhclient-script + their own filedescriptors (patch by Brian Somers + ) +- correct typo in rc.dhcpd + +------------------------------------------------------------------- +Mon Jul 2 11:23:46 CEST 2001 - poeml@suse.de + +- update to 3.0rc10 +- change default in rc.config.d.dhcrelay +- add /usr/sbin/svtest, /usr/bin/omshell, and omshell man pages +- new variable in rc.dhcpd.config: $DHCPD_CONF_INCLUDE_FILES, for + dhcpd.conf include files to be copied to $chroot/etc/ + +------------------------------------------------------------------- +Tue May 22 13:10:54 CEST 2001 - poeml@suse.de + +- update to 3.0rc7 (failover and OMAPI fixes, see RELNOTES) + +------------------------------------------------------------------- +Wed May 16 18:59:53 CEST 2001 - poeml@suse.de + +- on 64 bit archs, define -DPTRSIZE_64BIT +- fix missing include + +------------------------------------------------------------------- +Fri May 11 12:16:16 CEST 2001 - poeml@suse.de + +- if resolv.conf does not exist, touch it; so that there is a file + to back up and restore later and the temporary resolv.conf would + not persist after stopping the client [#8078] +- use the modify_resolvconf tool to cleanup old backup files before + starting the daemon, because it does it intelligently [#8077] + +------------------------------------------------------------------- +Tue May 8 21:37:13 CEST 2001 - poeml@suse.de + +- don't provide empty /etc/rc.config.d/dhcpd.rc.config because that + inhibits the correct removal of variables from rc.config +- mention correct version numbers in mail to root (now using + version macro) +- fix a typo and a nonsense comment in rc.config.d.dhcpd + +------------------------------------------------------------------- +Mon May 7 18:38:32 CEST 2001 - poeml@suse.de + +- update to 3.0rc4 (bugfixes) +- add empty dir /var/lib/dhcp/dev and documentation about how to + ensure that logging from the chroot jail works [#6906] + +------------------------------------------------------------------- +Tue Apr 24 16:14:16 CEST 2001 - poeml@suse.de + +- update to 3.0rc2pl1: fixes bugs in the failover implementation + and a memory smash that happens when fixed-address leases are + used +- Read dhcp client script hooks if they exist, rather than only if + they're executable. +- new file: 3.0b1 lease conversion script + +------------------------------------------------------------------- +Sun Apr 15 17:49:53 CEST 2001 - poeml@suse.de + +- Init scripts: get try-restart ("restart when running") right +- client: + - dhclient-script is now correctly installed to /sbin (thus, + don't mv dhclient-script from /etc/ to /sbin/, thereby + overwriting it with the one from v2) + - move rcdhclient conveniency link to /sbin/ (same as in dhcpcd) + - update info header for resolv.conf acc. to guidelines +- server: + - don't run in chroot environment and as nobody by default + - add missing %postun for subpackages to rearrange runlevel + links after deinstalling + +------------------------------------------------------------------- +Mon Apr 9 11:35:33 CEST 2001 - poeml@suse.de + +- update to 3.0b2pl24 +- don't use rc_status -u in init scripts (option was dropped) +- always run test of dhcpd + +------------------------------------------------------------------- +Wed Mar 28 18:53:35 CEST 2001 - poeml@suse.de + +- update to 3.0b2pl18 + * trim chroot/non-root patch and the other security patches into + dhcp-3.0b2pl18.paranoia.dif + * build stable version of server (2.0pl5) and include the binary + as well as the man pages with '-2' suffix (same for dhcrelay) +- split off subpackages: dhcrelay, dhcp-devel +- reworked all init scripts + * adhere to LSB and use new rc.status functions + * rc.dhcpd: at start, copy conf file and libs to chroot dir + * rc.dhcpd: add syntax check + * rc.dhcrelay: make interface configurable + * rc.dhclient: improve resolv.conf handling +- dhclient: catch TERM to restore resolv.conf before quitting +- create /etc/rc.config.d/dhcrelay.rc.config +- create /etc/rc.config.d/dhclient.rc.config +- clean up Provides/Conflicts +- rework SuSE-fillup templates (and rename them) +- mark libraries for chroot dir as %ghost +- when ABUILD_RUN_TEST_SUITES is true, start dhcpd for a simple + test + +------------------------------------------------------------------- +Fri Mar 16 13:33:30 CET 2001 - poeml@suse.de + +- add dhcpd-thomas.diff from + * query for the real UID and not for the effective UID + * drop supplementary GID's + * avoid potential buffer overflow +- copy dhcpd.conf instead of moving it +- add $syslog to Required-Start in server init script +- fix Required-Start in client init script +- bzipped sources + +------------------------------------------------------------------- +Wed Jan 31 18:38:23 CET 2001 - poeml@suse.de + +- dhcpd.conf will no longer be installed in /etc/ but placed in the + docdir, since it is a nonfunctional example file +- test for etc/SuSE-release in %post +- fix removal of variables from rc.config which failed sometimes +- update {README,LIESMICH}.SuSE + +------------------------------------------------------------------- +Mon Jan 29 13:53:38 CET 2001 - poeml@suse.de + +- added paranoia patch by Ari Edelkind to allow dhcpd run chrooted + in /var/lib/dhcp and as nobody/nogroup. Both is optional. +- moved dhcpd.conf to /var/lib/dhcp/etc/. The file will also be + moved by %post +- moved rc.config options to rc.config.d/dhcpd.rc.config + (existing variables are moved there by %post) +- added some syntax checking via undocumented -t switch, and write + log file during startup +- renamed start script from dhcp to dhcpd +- removed /var/run/dhcpd.pid from the package +- tag some %configs with (noreplace) +- use BuildRoot +- added "Provides: dhcp2"+"Conflicts: dhcp3" in anticipation of v3 +- added {README,LIESMICH}.SuSE and the paranoia patch to the docs + +------------------------------------------------------------------- +Tue Jan 16 02:10:15 MET 2001 - draht@suse.de + +- format string security bugs in syslog(3) calls fixed. + +------------------------------------------------------------------- +Thu Jan 11 06:14:49 CET 2001 - poeml@suse.de + +- in runlevel 2, start only the client, not the server/relay +- tell insserv to start after $named +- improved comments + +------------------------------------------------------------------- +Thu Jan 4 09:29:22 CET 2001 - fober@suse.de + +- package dhclient requires net-tools, not net_tool +- removed superfluous Provides dhclient in package dhclient + +------------------------------------------------------------------- +Wed Nov 29 21:05:35 CET 2000 - poeml@suse.de + +- Update to dhcp-2.0pl5.tar.gz +- This includes a security fix that applies to the DHCP client *only* + +------------------------------------------------------------------- +Tue Nov 28 20:03:14 CET 2000 - poeml@suse.de + +- adapted spec file to use /etc/init.d for the scripts instead of + /sbin/init.d and let insserv create the links +- extracted source files from diff and placed them separately +- included paranoia (non-root/chroot) patch by ari edelkind. This + needs testing, and possibly an adapted start script + +------------------------------------------------------------------- +Mon Jul 24 13:34:55 CEST 2000 - schwab@suse.de + +- Fix argument type of dhcp_option_ev_name. + +------------------------------------------------------------------- +Mon Jul 24 13:11:34 CEST 2000 - schwab@suse.de + +- Set DEBUG, not COPTS. + +------------------------------------------------------------------- +Thu Jul 20 14:40:15 CEST 2000 - zoz@suse.de + +- updated to dhcp-2.0pl3 + +------------------------------------------------------------------- +Wed Jul 19 21:36:43 CEST 2000 - schwab@suse.de + +- Fix handling of abandoned leases with BOOTP. +- Properly handle default lease timeout. + +------------------------------------------------------------------- +Fri Jul 14 16:49:27 CEST 2000 - werner@suse.de + +- make dchpd quiet + +------------------------------------------------------------------- +Thu Jul 13 21:41:39 CEST 2000 - zoz@suse.de + +- changed test for availability of device in rcdhlient: + now using ifconfig, so automatically loading of modules + will be triggered (Bug 3415) +- patched dhclient.c do to a possible root exploit bug + (patch from Pavel Kankovsky ) + Still to be improved, waiting for Ted Lemon to rework it. + +------------------------------------------------------------------- +Tue Jul 11 11:48:02 CEST 2000 - zoz@suse.de + +- reworked rcdhclient once again. + +------------------------------------------------------------------- +Tue Jul 4 11:21:41 CEST 2000 - zoz@suse.de + +- update to dhcp-2.0.pl2 +- dhclient: hostname will only be set, if there is a + DHCLIENT_SET_HOSTNAME=yes (default =no) + in /etc/rc.config. (fixes bug 2807 and 3146) + +------------------------------------------------------------------- +Tue Jun 27 20:20:07 CEST 2000 - zoz@suse.de + +- update to dhcp-2.0.pl1 +- moved /var/state/dhcp to /var/lib/dhcp +- moved manpages to %{_mandir} +- changed rcdhclient: DHCLIENT is obsolete now. It will be started + if it finds any IFCONFIG_x=dhcpclient + +------------------------------------------------------------------- +Mon Apr 10 17:22:31 CEST 2000 - schwab@suse.de + +- Treat Linux 2.3 as linux-2.2 configuration. + +------------------------------------------------------------------- +Thu Jan 27 13:35:46 MET 2000 - grimmer@suse.de + +- added "Provides: dhcp_client" and "Conflicts: dhcpcd" to + dhclient section in spec file +- added "Provides: dhcp_server" to dhcp section +- corrected typo in rc.config variables +- added Group Tag and version macro to spec file +- changed Summary: to "ISC DHCP client" +- moved man pages to /usr/share/man + +------------------------------------------------------------------- +Wed Nov 17 19:56:07 MET 1999 - rolf@suse.de + +- now set hostname in dhclient-script [BUG#1262] + +------------------------------------------------------------------- +Fri Nov 5 11:54:06 MET 1999 - rolf@suse.de + +- reduced waiting time to 1 second +- wait 5 seconds after dhclient start to acquire an IP adress so the + following scripts have a working network setup + +------------------------------------------------------------------- +Thu Nov 4 15:07:34 MET 1999 - rolf@suse.de + +- changes from Josh for @home cablenet + +------------------------------------------------------------------- +Thu Oct 28 15:28:16 MEST 1999 - rolf@suse.de + +- added changes by Lenz Grimmer to use + ifconfig $NETDEV 0.0.0.0 up + for device setup + +------------------------------------------------------------------- +Mon Oct 25 13:47:28 MEST 1999 - rolf@suse.de + +- applied patch of Bernhard Bender + to use the correct interface. +- added client latency time and rc.config entry + +------------------------------------------------------------------- +Mon Sep 27 16:31:01 CEST 1999 - bs@suse.de + +- fixed requirements for sub packages + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Mon Jul 19 17:25:15 MEST 1999 - bs@suse.de + +- changed comment for rc.config + +------------------------------------------------------------------- +Mon Jul 19 17:10:12 MEST 1999 - bs@suse.de + +- fix from werner@suse.de for /sbin/init.d/dhclient + +------------------------------------------------------------------- +Fri Jul 16 11:29:11 MEST 1999 - ro@suse.de + +- added new dhclient-script from werner + +------------------------------------------------------------------- +Wed Jun 23 14:14:46 MEST 1999 - rolf@suse.de + +- new version 2.0 +- apply fix from Michael Hasenstein + +------------------------------------------------------------------- +Mon Mar 8 23:41:14 MET 1999 - ro@suse.de + +- fixed man5-path + +------------------------------------------------------------------- +Fri Feb 26 11:15:09 MET 1999 - rolf@suse.de + +- new version 2.0b1pl16 (stable beta) +- leases are now stored in /var/state/dhcp/ (thanks to Ted Lemmon) +- correct paths in manpages +- PID files as %ghost in filelist + +------------------------------------------------------------------- +Wed Feb 17 15:11:07 MET 1999 - rolf@suse.de + +- new version 2.0b1pl13 + +------------------------------------------------------------------- +Wed Dec 9 11:54:32 MET 1998 - rolf@suse.de + +- added /usr/sbin/rcdhcp + /usr/sbin/rcdhcrelay + /usr/sbin/rcdhclient + +------------------------------------------------------------------- +Tue Nov 24 11:42:34 MET 1998 - rolf@suse.de + +- new init scripts for SuSE Linux 6.0 + +------------------------------------------------------------------- +Thu Nov 12 14:40:29 MET 1998 - bs@suse.de + +- minor changes for new rpm + +------------------------------------------------------------------- +Thu Sep 24 15:01:41 MEST 1998 - rolf@suse.de + +- new version 2.0b1pl6 (stable beta) +- now with dhcp client and dhcp relay agent +- added init scripts for relay agent and client +- changed from $NETDEV_0 to $DHCPD_INTERFACE + +------------------------------------------------------------------- +Fri Jun 26 10:23:59 MEST 1998 - rolf@suse.de + +- new version 1.0pl2 fixes two potential input buffer overrun problems +that were missed in Patchlevel 1 + +------------------------------------------------------------------- +Mon May 18 15:35:00 MEST 1998 - rolf@suse.de + +- new security patch 1.0pl1 included + changed /sbin/init.d/dhcp to run on $NETDEV_0 + +------------------------------------------------------------------- +Wed Dec 10 17:28:11 MET 1997 - rolf@suse.de + +- new version 1.0.0 this is not beta any more! + +------------------------------------------------------------------- +Thu Oct 16 19:56:24 MEST 1997 - rolf@suse.de + +- switched to dhcp.spec instead of Makefile.Linux + +---------------------------------------------------------------------------- +Thu Sep 11 16:57:58 MEST 1997 - rolf@suse.de + +- Upddate to Version 5 beta 16 and made entry for rc.config and + /sbin/init.d for startup/shutdown + There is no dhcp client in this package anymore. + +---------------------------------------------------------------------------- +Thu Jun 12 11:09:37 MEST 1997 - rolf@suse.de + +- build the package for the first time diff --git a/dhcp.keyring b/dhcp.keyring new file mode 100644 index 0000000..235b0b9 --- /dev/null +++ b/dhcp.keyring @@ -0,0 +1,324 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: GPGTools - http://gpgtools.org + +mQINBF/u5KMBEAC0hPiTonjYEe5FqNzFn73KmcN8KGD2wzujmWWLnFXGEVDEpFcS +ULQDshhCclwNeXUArUey4nficwpqUe+Xl2h4dP4z7yh3WiL5nA5JRjJjw8KJQGVW +AkgiZTnJHH8DrzNt9LnDL516qMDJarTHemDUUUZLNxnuv0RDEhDxsXWiVCQZZcw/ +41yIY97uCf30dsDwnckVl3iEmYaGTYavWbKP60S8WaxO0YG57RI1etmlIQ0nMmka +4bvFnwwb9Jdnwle4LIiRMCGymsheaKCKrEZgIJY+idyBuExLLykiL8iNBj2Pzi7z +XSCniH9qcEwfqgZlP/KZwujLhGOc4c4peNwpuDGcmYZoAsUD8CZ8H/LU1FIR2A1u +/UrRREtC8nNTDGxCckSMEquHNURfMk1QmDbJ9gaa9aOk0AArxuTxyj6Cn+KQd5l5 +0mN0R1sDVQq9xWdvnB7N0d3MDhnV7f19iUhi3KYvjVTkCMXjhNXjDH/KXFKoFhKa +9SkxYGfW25inwSQoqbP1TE5+rESf57bo+XFxfVQuYfVJ5BlZobz+sRl2iDQyBJDM +uDFyXE/t+E76BmwyHeOI1weqUMYebqHgu0x76dTYj9yWgWdQAC1pXi15/MTIaOtQ +hWezb5rkI2yZqaZLaRBOIRBIPM5C5AOjL2XbfwUuSr2W4+TvxLocxi48DwARAQAB +tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5 +LCAyMDIxLTIwMjIpIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBH4ckayA +MKWlnR76uXUPPIdyPkASBQJf7uSjAhsPBQkD60WABQsJCAcCBhUKCQgLAgQWAgMB +Ah4BAheAAAoJEHUPPIdyPkAS0lMP/2IgMErScBUaXrZXqYXoluR8xU0p9DyZEBx+ +ZGNAcJ2CTPAbn3FrkNGNpK4SOCLXEZPKOQ09umaIxl8H6uEGaTut1JLj1qGaZ8ID +4gAeQcTIN9OQA5ElQo+ci20XE9JSvzqY1zb04EkMuVL678xPCYJhUSLS0MAQkcDJ +JQLN17SwNi4vGqzVhnwKUviQU9/s+LRUkThsTg4qT0fNnmGoVJXqrshxJa2ZWM6J +QtOWBgJiC6xZ+zRiZS898L0tekU4o9yxtnnDWry2bI+mJbxAp94ZAXgKahOU7LKV +3SPxkx7TAng24nOWi1EaP51pe7usTFH1BR3CUHZdoIQ4xruZGkt/qPumskofzl+1 +8bw1bEFbq8S6jC+twT3JUcE02HbEIbrd6l2T8pYBXaojFggGjUTSv9d5YUN5N9U/ +/Qy0o3xZwHNdXLx6xSrUO+NT5JU1Nh/0sutEH7ru/YqFZof9vfCbV86y8fIOPgk8 +LkJNUSu4QCJ1PHKB+fJp7yAhlPkOXNG1b9+W/hVp96rdkovpCUkLD83s+suQyJGk +QB7Qpem7nS4zp7/Naui+g3M3p/uRSzZgELTnXNyY//bw9fOqx5SDLjSUslUMz+TH +sFTwfo/Mot70MPHMe6aE6tdTDoJTcv4Iim/8MDhJ6yqKt8sxprataZoWwFi6zAF9 +BzWkJcrbiQEzBBABCAAdFiEEFcm6uMUTPAcGawLtlumWUDlMmawFAmAGsmYACgkQ +lumWUDlMmazJ/wgAg3ESpvkvg1cCkWzPeWIMARuW1exngZPQiZ7heZkklzKJHdMh +4HitpF3/FLyJKx6cPInOud1TmuLLK6en5BCX8fVb1GLH7kpkrchkIBMXi9NxQlfQ +O6/0Qb+wwDgpk3LdmfR9GIQ2G62Ub0J9H8NYUvwwINSTuaxAjErUpUV2tHV82EQL +JqE3z5KRyMMdx2FGk4VJglf5vmhlCPF+UsX5LvEHuZOQBLN8ifCnBSHl4ztnE1tn +iawI+KwuL+1+695Aog4ZzdKLhLc1wHJwhoyFv0gUHIzrDZjU80CPBz11gGOmJxr4 +aHUFBgWEs9+YtRUD3nxAWqTDU0iFGDsJLewTvokBMwQQAQgAHRYhBHpqR7X54SM6 +0lUrXL2X3GOe6MR7BQJgBrKdAAoJEL2X3GOe6MR7yEEH/jYIvcupbj11VJN5Cpxw +MrPbGhDGP0uS7a5afFaPkzsmu/bjopnkzFb2cK928LOqKurlZAOae9NFUDxTEvO7 +2kvYb3ksPROQ63LCr6IT+lVoS11AAbD51cup2asRB/Xz1cmciGDEcsHZIiVPrvWM +pSJdCuVmgFUDPpV9S63tX1ZBkmbSIaM2/teJJqkt0qlgaonHhOaHD/GdlPxd4LgJ +eL3DuxSQ1MMDxs0yrouD9Gfq7Yr2udAyAbMaHs0yI1smotLZHMnhfN+6sofEcQrR +JT2GvaCQFCysUnHL0CovPiAdRyPn+/PbUjyqaPatz4+ewt4OcLM6JkkLhWOj6Dgh +iNm5Ag0EX+7k/gEQAKyjyIvMUn4zXCpywIO6n4a1EzO17TgICUuZouDLN8vfHEGj +gBSBfpRtQIbJwbzvwlWfnZLo2yXoWVqybIfTQwaNm3UK43PiG19KYsZwEyMjBC/U +JhHxub0Q/BHXk1pZ2DMkdKEJ24we/gd1+pJrpRB/M78/ybCKgRHX1+QNBIRTUqxj +TKX/+KlaJbdkkZKEYcuefhhvGiBC2xE8RIpSxD0y3O4y3d6Ea2Q3hGC45cLqkJY/ +wngX2WCNJn64s5ApXiualtIxee04mLae77XhmPfp6dbzHIBc7/DnP/ByLYYs39pr ++/ZrcYzdYlCw83OkPAH6mvWfQqn7AroruyJWYOhX5Z5wPYo02A65LJS97uEGNZEz +1bXcuyAsaEokDzJSk++FeT3W8tFSHAUnYZSKvEs8uzZNJOMeUe+Fw/LppfYfFseR +w63nefaHTPHue2XU3tcejMxaYemE+xK85nlK25BEAW98TrcTJ9HzgpQ8htmS9+1s +Ak8oIkLxboaqF85HNhmqV0M029rmJgcXU4i0Xv1ksYjnp2I2wFX1I5UqTh1/1Cnq +6tg5371EZAaYJC179ZIVpT3P1Bg8QaXU2WYYBa3sorIHpBdkfWgQzBe093zgZBfd +ca3KCASnoEbCQUVZFDMXURnSZpE+uk3hulCotdImKpDGxf4UBw6SGmjpftvxABEB +AAGJBHIEGAEIACYWIQR+HJGsgDClpZ0e+rl1DzyHcj5AEgUCX+7k/gIbAgUJA+tF +gAJACRB1DzyHcj5AEsF0IAQZAQgAHRYhBOmrbnkjPAQW6Jk/RQwDr6kKWWfEBQJf +7uT+AAoJEAwDr6kKWWfEO2YP/RgJRxyYq51b0+JDDuYjUdK7AvppL4yUbr8snv2e +aLpNOl7zs0NwS/ZsGlVZhxArzuyYLEhjK6PhIJm4FCK+PK55yKlGgbXg9SEpTxSK +p0X68oO9QADuG44GVHh2Cvv8q+OKudvA7eYai7BmzMM4u9oe47jTf5M+bVuYm0QD +3LpZuT/49O18/KZDCdqImQ+FDpDtlvJqxEiKw7cxE9pxSO3YNcWLlVX8zJryjk9p +7fNj7lKMzITayI+dUTj+fOnjbiMPNKrgMYRSKn/H5BgcXDGEImZ1mVEgWae9IIAZ +cGnI9VtyQLQbDyRnwewbM1sxvH9WMMbcsVPxNHYOOyH33/qJw7Un6MOQ82cgUSxi +MDDtOizkg+EhPVeRIJbzgqoEbmkYjmHt8nN/X2xHsqLpfIV7pVi+CB5AhLtU3UhK +Xe1E392TQZusqRQqvQ5V9pEPTBdAdPNt5zwWzjcbTP8MqgW60YH8nfKMCbAg5w/l +HquqOFWngA9CmwHnVcJpqoRdpdnIxasogts8iOUToUd6HWp37N0iO6WWcXZhm/z0 +dT10hfEqvfkIzx/cFabgPhxGOxQ5agaEw3B0fMdg53KzpPvYoEr0PaKvPwIvRvJy +M35Iil179q6j51AqooPf+Kmvh3IonI5SyWz1zKHGQWnTfVxnmtZtdwsnz+zUF5U+ +MUKeCo8P/2swoDqQJKdOj6tKplHGj1GVDDLgrrF8890dm8GLcDhRgKy6uCWou0W0 +YbxIxaKCZRlYtPq6GyLSitHnB8bu/NqMXQdx3zK5ZrjMZ67SsUleAbrg/KOcke2/ +ZPOLwM1jlj7yZ9epR7DIRRdAvGcuqkaU+M1QAkq+ObhKy01p17CBZ5voXzFRAlzy +jAaYrn7JlDktmPpuO30OvdIIzc6D+JLlcrk84ZQmC2Bctene7Lun1LOwnveqGsMg +j9ipLBOgy7y1S/jEQbHJx5U8Ob7LB17lJdia28xiurkMF2VqVn2QGULl/JwgjMqg +g46Qoqlr9gDIp0tOTxkHKMOTVGt1w7I/hU2kK/KKx/ok/BZ8p0zmbF/juFuzvOKh +QfuaJQYDqLlM2LV74NTaYv3awnBDRaQfDoppR7PZj0JoPyFmdDD+H8lw2rqdvzLQ +ZHyHupaazcrSu1KzxK4NdSx1msUB5RGK9xyaiFd1223QUPOSF4oZezbtJKXyg4KH +6OX+ERTPPaYkYXBEGjQUjmKk3nUh+OEwnzPNKa9+u13BPZO7rBJj0MuxhHvS1YY5 +zYcDqjuR1wLVXSnaO9By3bzUWsL11NcWBwO4ZQFiHMRl5bCO5hBcHMyq4Xp6uxWc ++j9nmXVKeQr7BUFBt/iKAc5qhuXQBDGdvzpbgJcFNncK9Grqjy9ZuQINBF/u5SUB +EADuhOVVleF1WU+dJCWcjknCi8baMQitGJ+lvJq+WGWixf6uC1DkQgufQNI8nfkI +184B45wtB5GskBmPrD/H0UdZ8pEAdR6JNOxUPNOsPIkEJW4LjRyTnzspVRwa4He9 +57Tf/LyoBzOPlNk1oN2X7ioDM4VC5XgyPAk7Hl+xdnDd1QBLunDWZOQBhOGfPnnt +u5zwkkLGt5tPoW83xu6CTssnxJiYjXnhDnAJ1cHpDjax1IwWUoo9hFGYi9e8jhi2 +X8nfm/jeAIttdxxNZCkFf6trvmyd1LaFgZCFwL5Z0223hMeBTpJvsSukkrvsDWvV +Z/RZKKhDZVaNPRBtQT7ohcPUnx26HpmDO6qmkybXdoN0wNkbB1zGUXD6+Whsz4gB +f5CDM+OyUzcUdW+98IuRr5y0w76UvRvPUbieM0RdwgAguGaipEjgi1Ufs2VkjekB +8ssHipuFMpMiJL64igDzZFTzqjOvmglkKwlrk3kSkmdjGeO/a1iFTjZ6H6OHIz7m +trV1e294q8vlKRW5FSU9m+A67BDXhCePqy/wKa0GnJWm6keZjZFs20tUt0cjHeXJ +BuBWj2IwkiheI9eZxFYKAuA564ROMVewRwUvG434PQzLR23BZyD7bvW+0+fSitM5 +vGRy0Ur5XfYHIljFW/K00JbbjlsgKnEKJzGaHmRgSZAKcwARAQABiQRyBBgBCAAm +FiEEfhyRrIAwpaWdHvq5dQ88h3I+QBIFAl/u5SUCGwIFCQPrRYACQAkQdQ88h3I+ +QBLBdCAEGQEIAB0WIQSq27pQdPFAL3tp1WvFtO6TGp+d/QUCX+7lJQAKCRDFtO6T +Gp+d/Zp6D/9mykivgRNV/dqLR1cKbY9/qCkztBR8j189QfKa8GE2s2F9mo0AOnNs +l5/MuJ/xqzuRSv3TjNNzkmx7lrQzMKszITBMMigIoO/aS0urUvbRvB+Vmz6g/bsJ +gLkWQliAtg+tBn/uFELwRaOCfq/ex4m0SjwbveSJUQE6fFUR8ZnzPGZfUKlo5Z+G +IVgKaQR7oKT2Eb45pa3v5ZbTBZPVQWKW7NFEAQxE5wJS3IHkg8KoIf9HP+b9sTob +6Udmjo5j/Bjar+hbZ/0kH/hDIl5Ij5+SNj/AON81COI8wt9ly2/bkh5lhVhm8gqt +2eNvNF74bBguDkb9JulI4Rvk7nk+zyY1SlgVowJ959b4MbjxrhbJQbMWvnYEwq8c +q1zpzs/f6a4ECpw1ljFGrIshCJiJX0IKOkhXVaBR552ugdRe8kX9IC81W8FlHTQj +8PaGwP0EWHcHUURhvDsa5i4bbtnp+BGiU5BR5NpuNAsjfzpJXcjFnUoXCbgZTwFN +tQDbPBPeG78FpoIjmNNIvIGl2jXRvXCAwSeqZcboBs13EVURbAT4IT74EdbRgGEq +nx+CEfDA3V/BMJX5DIDhCfoQFUOROtQ8qpN4KYfO3cBCHxZWuyauh3Kvlinr0uhG +eWQtwYmI4Iow6aSin1nfZyQaJ5geuXbgPDqGZRJYMb6kGfR7NtI+K3cWEACoPbLV +XOrGxoI4Prfgu2rwBu+mE/xdk+uuwLcMgDfohNoJANrkKfuZp0sJfL+4/o362iO3 +Nd/i1TO6bAYkYUu10xc2a4S5euP742tTXFyxxu8Ofk7g0Mxp3AjUQOVCjvC5Yr2N +pABWEXuIMQERrNl7bqSdAXELSbLhLI7W5BoSDcEoePrPt2QCPNYlpBmHOqXKtHNs +KJVRQjxmSuAz/7/o0miFQb+Fp3oOh5+Arofz/KOBXHVa3H5cC4FDZy9yWFxMCYez +Xbx1Z240fEjZjH64ziS4dik8oHB0SH3Vk142q0ElRF9JWMEKMqRNiJLuSK9fK9A4 +F1lV5JWmP9CgB9pSVCgFWbtoXrF/sa1iVXOMywth2mNeHLhltBBVS48j7V/IWTDw ++kBJneC87opDhXbDeE5gDFhDWRLBO1oDv7XyfK/rlWiVOYCi2Yu6f3hQqfvOOikH +IGcL9cSqxTe2JuD0DvFDYpSlaSmYbfl/hlH1oQjFJ7Ymab5J7Ql+ICrpLN93Ja+v +9PNpL8FkvhYQ+TZXD+bNYQ9k6xykiQEUYr5SXvK5e9utvCv7OYCKQeZNvVVd89v1 +4GfAMO5EeEsHKbgUys+PN7OIDHGRJxN8ONarqu8yZoR7UJf52PqV3H0mn12JSeCi +Xz15KABA62m2NyK3mjRjQy79EXoogEbz2CEWXLkCDQRf7uVUARAAoXHlqwpbsD0E +0o+RpeDKbQCVbazNBHWfDGLcA8tUtLQCX1j/eacFtjI7zgcOvzYC0xJZIxhRkgq2 +RSPaxWpRv7Ec4+Rj8x6fKgGsKXappNUnz2edYxSO2tfaqTQ7T34HKhhdOK0FU8Ah +n+pl8Y0H4OynWFo0pF2jCR/pZeTDsD10cHmKxWZoz9nRMc0lEfBzqZypsRUzh8Mv +44LHqbYpAdMeKuT44T03CtqXzYgiqPd3lQEeaMcBtA1dMPNltaDq1hss3cgRjFJF +CmQlkhWF7IGZYVm6K+biEINnEmVnWyDFB4hmTrBHYsFHpxxNbo8fXU+Eimvo7xpC +HwlQyD79okrZ5Bcg2jNh2M5NSOdYBR5Sowvs+D+8RFECAdc71n41MgRYQ6gR77xY +4WauZ+Nv1TPbsO3KaFSM6XSvKIboXVv3S3Wtm9UpZHY5oJSEgKbzyjcwKBscV46H +u/e2dBvZSi3uRjWGByHqPUw1hYZvwuPChMCbH2iQS/2aHXX2T5J1Uk/rCxdm0vjz +rS9N9PDpFAzuuRkHNPJ/ioK9Tm5FJ3a7omq1SHDib+CQpDJbyMsSSpfslpP6IQGA +/OMAu99JYNsOCy3SzOpTmOW1imCMbc6fv9kYUUmuQHTqitS+i/EtOFZa+bWK6DDj +9q/efriGX/J/G8pActADcp+SOPNzeg8AEQEAAYkEcgQYAQgAJhYhBH4ckayAMKWl +nR76uXUPPIdyPkASBQJf7uVUAhsCBQkD60WAAkAJEHUPPIdyPkASwXQgBBkBCAAd +FiEEYU+FZy4le11CfpkGIZkHOteCtLgFAl/u5VQACgkQIZkHOteCtLiN+Q/8Clhk +hGcEv4t1M9h1tkNhei2QTpE7pmw91xXUbqdrmMnuKB1W6+jPmc/etf6hCgfqT0PK +xDPKH9KRdE+ds47K9Cwjtq2YftKSE2fuR7zOYQkvMCkcDRkwZe0EkdCRnADksNYh +Bvwdu0lMGvYPIlxB2lGY/eEcODJiDCDQBQb/YkTBiqmz7+mokKstI/4Ys4CJr7BE +f3HC/VWXaAjFZeoQ7pTem6pSD7TPUC/gaP/HO7DUXd4us5+CSWGkBJzxC0Lz2THW +eEVL47JtB9EAftg30MoTkvWQnFDi365bxOJd/2v4x1xUwQjcsBNlG2CjAVzj3eDs +SROmmappsWez05qbLFd0jMsAqgq/KSvsc8IFZSdmfYjZGtwZCW1EFCVHQxuM76wW +Lz1ecU/BcjD+3/3OirVtcIZO3sflG2t/ELXBNheosR1X2mm02PuPmaV9/2AMzDW/ +cx9TFvP2AgPOzsA2fDdKRaL53S/Rstp1Z0i2SrZYq++AHnw0m0o9zwnCKWGc7tbf +VT+S/wVH0lwVfNL35jp6MgKUXgUDCvm0rTs3/FIUAoSzmTIBgQrE/q8jn2bmH607 +xzCz6mLiCp9Zre3dv51XMqX0AiRYBiOr0W9t+KpmApOVO+JJQymYrmolWV3vb42K +iVRWeIlvD1nXSmzgbjOZdKXVnHIqd6FTNwrI+J4QSw//X+1y1DHUuFW7RMlEu1as +TnbeGrGmoN0Xz9Cs2n11fdhWgSQxBbdhiKvagRG1qixZeZGOV2rl01+C3ByWEb78 +I/mvE14ImUj5vrikL/JAwKtvP9XvhoCKm6/tlkx+WCvtkPmLePIz/v8C6dKo5Q/C +QquN600Xzl6Jt47tzRj38eEguQtDwSg18myF1zT+xzAxkSksdMwAdKvEIBUW6Euw +X16l6cDohu24yynjdpLGyFfTlEfsX3i6PhUIxRKz/3S+IHmeMi2k91kKpQd5dK8t +KPGqyZLhPP0Of65a/GV4EtFFylnKS40saDBVdp9Z+1ZsD5T0pomcNYV3OMn6ACxZ +8d8UE5rVF9dg/7575Ul+VwdoRnhvIsbll/UeoC+9xpKEBW4xdjWGhgmKe+G6TXMl +Fb10/tqlnHsFdbFtZyfwsxHkYV+6eX8zaI0BKaSrEn2C/LpMFFYm7ZB41s3kqzT8 +YNRrBCq+GYzdXrMVBZWw/Boem58hoaqcoLaBdogdc8/SV3Jd0tfCBn7oDsMgSodA +HYENuIm2i+ToZorw9QIQdOIOZEX+YHOWkEk6f4dzkQu5+Cv0TaWSsonMVqAIEK5w +2FURpR50WvJzF9IAuKeDsMk9Zvlyhu70r7dP0veTnteDFICP6Dq87Ee7Ecu97Ug+ +F4JZ+Qqkkfl9oUNYqklhg9q5Ag0EX+7lgAEQAOBZNLvAUDf1e+lY0dJ8ABHb+eUZ +a5O8PvOiKvNTA53b4jZdjCCX3XQqzOeGWoOsdmWoq4ZGNCVunJNuw4fY3mQgT7S4 +ReJ1TeLCyVJnfdEsvSH35zMOeWCKNhcsKDlJyzAEQLUT+RdfrzkBQJM9facPX5ib +HGCi/cC8i1XEoN3c3kRGzLqFhY8rgAJe3juEkWo98+2dB7Yh0WRGbds65f9fv0pv +k3pwChqjrlOmyLHWmbq1M3DDT5MfMhbMr/KGLX+1Q6/9AkwRUDF4EA+v4+aa+Me+ +wj1E1C3tWegdWSomE8PHJBlHYg5VBe+VjIK2Q8DhZCXLEvNYzbhMbzGEPW/NnMDy +qz/+j1Ajw4uDZljGmULiVboYRmTcaetNezttbodSr5GVrIhsPDugyzfSMC9jIN1C +lmti5m+xYpsq77rliLczmRbS/3otPe54wlov9Fqcv0mEBa4SrJ7N9+wFnlrzz+LS +f0UnxxDV9mrb8Yur+Y3Ylnd78dJbKdOeWaT6oaTZurRxEUk0cCzYc0CbQh2mNIUI ++Z6T2PfTCnZzaScwv5KxLDmHrnvSbAgu4rAWvqLaHIWU+Tgfuc/Ti89Dw/Y+7k78 +J+D2s9IGMiL0Ww1Lz9rb2xK46axIYdmcytVSkbD6IqbH+NV6M62p7qFjJ24xJC0h +Tn0TZ+rlMzi25vqrABEBAAGJBHIEGAEIACYWIQR+HJGsgDClpZ0e+rl1DzyHcj5A +EgUCX+7lgAIbAgUJA+tFgAJACRB1DzyHcj5AEsF0IAQZAQgAHRYhBCOhQZpgfPJX +JlY3dSxN985XgQuUBQJf7uWAAAoJECxN985XgQuUN6sQAIE/2QAfXsYeWgtcmN3U +ge21FZTZCz9VXQfXiDXiGBHPb9BrspFHiYatc8pL9y0yQNfCW+zgc9RN47gwxPfy +HDG/ngCNbsK0XwNHcRAVcpHnWuggJCiCe+qk97Vq40RF0vMB1yf42gcRAHt7I+qN +Azc4YarRJVHA2e/vvuj4p3w1y//h9HXG8DbQOz3gbm8JikcHon6U89VcGbOs5hJ/ +5BlaxeMBl2cABiSkSN8mE2uq+pKhHFnR3B4KqJ56ebw3O3+90v2dPf7gAbLmGZoA +bYQ2PkCEjX3iC2AAK8rAKXmEXRUoyG2bl31JZL7Wq4fOCfdQWHdVmt+M+J0JHriY +i7dGll7sRxH6UyXuAInF0WUdUPfPWVvPZXq77EfhmwutNj6/yQPHNjyiMz/MNueU +Qr7HMD1qSGVoPcPfApdFW5KWvF8RW/XibAo3kBgc3tssvduM6j1Zi0vOcfoC/gap +dJD4s6XT7pssqYPrz83SrYiJnBRI6zFMTV9R1g8Xx6I3wv7flC3SPDJuJ5Rrcli2 +Y7wRbhkSaMkbAqDKt/56KAk3b/QB4HBwnJTDVh/NqqpLfk03Kfl4oA3IVDZmEiO5 +dHIE6hQwEDHZNKbsUZ4U4jD5pCBqnoe4ZtnQRkHPqGv2iA0L0VVcI8Q0qj4Z1Mag +gSzSfqAY48/myynvFQrfjbQAzccQAJKZho0LUZ+rZ3zV8jRMEn0BMJE+jXgyMkaJ +ZoVpehWn+VB46+VfYnIEbYjp+EwY8Yqe0J9f78wREs0CJqFCA6O+c4JB2UuFur7q +WhDV5JNfYBelGVCm/LEu55tsz4dfc3/2aoCSyBB2WOaqglBuIT8epeqOYp7XrKVT +dGNpvJzan/fWnuGbQgn/fKoOwzToVQEnXTxIAtDJW8qpEDqrW3851vfGC3aKxsIS +C+EnyRjPctCS9NbvmtJrVwzndR13WtvKjW3Q9o5IZ5RnDvf+djX7ou1QSDtDTHii +EvVQTvPv7XiYC2fg68YO5kmKXst/hw+zN/RIWgc+zyJQWlKisHCfe77lldY1gVuU +9TZYrc7napmqyO5Aj+Aru5CFeMk7mcDkzxi/ttWtssw6PriF06k1t3nphxyrBhsd +kvdbJEA3tM2DlmUeAhVpzbZK1rCNeIdYMZoBekJocmfyvIzctj4tPPXpHYxuL4dV +rD7R9j1/+Yhw51PoDIOD5XbTQaQZcvprDQtmQFmYOKf44yYvsBLxNnh29m3OP6zK +RxPwOxoWPkC7rMcmgKey5KEyq4c4D+9xSSGh7z8TZjZB2JfvPAMzy8Uzy1cO6MUs +08hm4i1xUSkTfKwVXZl9WAFejFOVlRDF2AkFDTODoTPusNgQCFWqjaBj2yRe03zR +f+6eyMZJuQINBF/u5aIBEADeLum7z9C+6R4gGgiTVXQYcY+Nf4Z5Xd9Hh+5yJiDH +40pNdP+gn/z0pV561PgJKcYRlwSkC+wEveGyJuUljItWZ6gKeIWVT6sx6bjNg/Y+ +cRfvRDnp3pKMECuzcrUVkrblLmqq/lx4zXQ1VHA+59XVEi66LqZAubZnCVgnLIA1 +llcyscwl1oekr2YwFJIXjYwVBmFxq5AKuEyFymZkqfQPb4+lG95jBKvjdCKoFZHY +g1MOaP9XcREy+ITu8tqNZByYN1ysGni7eaIAlwlKfddHlKK4vlbvuMUTOAnNHzJM +LiFYTrSdYk6TxSsRukvKvuYETROvv7UgEyBVeHxYfLMsTYQ1EQW+2nwqVJLLjsrL +2f7lqo8jgzt6kw3BT9kZCcLyjfJfTNkvW0qrR9MDDUvLg0YTWBFubOtBwKGpQeD8 +ngoVgEyDx4IDO4+ngJGTzBTO7h9Fas6tqjP/tu+EfyKWA+7W14ssrMN053FABqLP ++cbLTQgI1tiqJ9Hmbvcr+sN2O0iqCwyn0DPSYSmBU2rxI/MzmCuoCc/+LDBDHAV+ +2Jer+kQ/Z3yufrl7w2KQ3jZDbw8fUP+4Fic65V1lS+NT3DDLCZ/Kv41kxodf2w3x +HcqT33Rb1XHB05MhOkCPPSoy2kTuL8bA8S2lk9Mh+Xnj5xUq/JSMG5NeRae9c37o +yQARAQABiQRyBBgBCAAmFiEEfhyRrIAwpaWdHvq5dQ88h3I+QBIFAl/u5aICGwIF +CQPrRYACQAkQdQ88h3I+QBLBdCAEGQEIAB0WIQQGMSq9VqJhvqwrEBOTVpBqq9CL +gwUCX+7logAKCRCTVpBqq9CLg/YyD/0Vd+whkCA838Or3nLV8cbyOw9cShhU1jVy +h3HEBo2q8FdmR8lsXBJiktjfEhvLEe4a460L02kjL0zX49HsyzG1kC9KM/5+U//X +bH7qc/Yfc1Y4gKmxjW006dB7ZKMonFlccWcOoMGAqm/dB8pQeZgR0TEl7ek1CuNk +CCZ1sQd6iP4/ZVXm+pGsmio1X+lRsz1zN8Qd4xUyb+bBY06L+loKHXL8/FkySPZu +osxEV8wv07/tA4lHG7fBDCXqMkePijoIeSzq3bfsVIH6pmGFA/69HYJmXnCVDi2v +DTCk2BtlEgyVTe1R8VD4p0WwztSrDPCtWBYW6vmvsqsXMk3zwQpKmWshjSqx7pLl +vnwftPDWO1+Nv/EXqNDPlqhn3F6Z3yugtF5Gko+rvSjZ4g/UeSMK2qZ3ldxFBpUR +S+W/fhZlDnDZ4DVsQERKNusqFf4fRSfSaxRLQmmel6BE1mpbcF516izS6zIyx+ox +iZkRxlveHDnVedJvwH9aGRKZygS4QJHF4K7W3DSmfujgZ6YB6pPmeDwtd4REmGtR +OUIjJFpvxMhBm+Z/peOd5PSy1ksoKhlRc77sUfsXuc+x7DV1T5YUhq5BfvU+RmnY +kxPtbnsco+4SKWUXy/n4fWT0mr/aT5l2CZPUZ3bucAsE5zuryuvTQt/oFTcr5ex9 +aj6nTwJcq519D/4kXPOnIp5fmdWqKpvGpRqQ/L863TXT/vjnthWm9wuZy9NifhxH +R2i22X3qWnnBPWM3tVd9m7+2wcS1ODWh94TE24IvwNlWxI3zfqJ1GY5uEs92diZO +FlxcEndGBKeJA3C+64ZS2kfs5dvm+cA57jb6ffK5zGE8j0bOjmDp9OpbBv6rCHf3 +J3G2K/e/eOAWLEkuP8cfcyzFObpw1RNY0vO9f4e6AF645/IMb37597dSZl4xzMAX +0320MU/7RvV2JfLAlZ9J1UsGYwBFh6HRLCO53rRJAtOpqpdV89IQIaj0tVzCi3a7 +irrtCFQLY5MqJOQXpBUTTmIqg8Q+QJOYy9KlscXcRFkTcnpixWDXtRzsutnsNFEX +7Tea7ieNLwu8ih4G6qwH3qY1A0f8/AtIA1ZO1yULCPYL1bUcrLfMqOe7eQI8cvPB +AUQ7bxMTkSxuWcF0DyjM0hXzztXvLDz0zE+Gm5dGfwFUBTVL0OPuPeY0cuOtUCBm +av+fHegO3xV85mkry7e7W+hl0L5ydMF1wbaDMzxhr6HwLrRjx0XPKSvyGvhvmAN4 +MjU6RDa85Ae2dA92xxgqXS/We0erbCsW4IiiXhad4qHcmu91vftwv3vW7iB2nDSN +M7/KQK8uWKnGMn82udcVvpOuJlGBZmqIjBjaUoR9kNepz+I5rYvTIGvbVrkCDQRf +7uW7ARAAz8JB2KdPMgdoQmwJ7jaDq23h0EL9QLjAPfruslzIlsR36posnBIJBRuD +/CsR1FP5pE4dUovCu9fG2AmzTHXm+8VO6uSfUGc0yHunzChjCKns8qs2fb73piDs +CpzdreCQNB4XxDu6Kk4f/l94mHqXsi7vXym+cNTDhQVm39FSt2qx4VdXCv999JqU +vHuAmEveZi5TWqklnGyic3ABLjd5WJqAjQUdKqLEHmQ+AVxsF/cEiKKw4LJrUv1r +7NK3XLVoQULub71iUYkDcLT9fyz50rRVY6smU/9aYpSncSnGm7qyuwEi1xNgy4YD +zb/TdgAn6OkYxFv5fUOr2+45TG8OMb4bXQKB7DYSOICRelWD/U2wKtBZFuwq0V/k +9cZ8oI7SLyETPCYkt3k6U0giK6njnSJfh5LvtN7Lr2EbLB4sgLhgM8PAWmluQN1E +bqcO949sQeLnPUvjU1pY1rTATKHbw6quYPQUJwa6STbikFV6ZUTHQSfiyJCVrr/V +BdCUb/BOLtiLvVX/ijPuJniVI9azQAIUYP1bkieVHKSJFcLVxXbt/6ozD25jpRuC +83vRxZ+UrkLt7aH94BB/GP6x5gVSMyclOReJkTzmbrenVi7YDVz36OonQvct+flg +hB21Z1jdBzVEhBg9VGXk1yBcg9XtPCO+eOjC4eNZfQhBuG/rWU0AEQEAAYkEcgQY +AQgAJhYhBH4ckayAMKWlnR76uXUPPIdyPkASBQJf7uW7AhsCBQkD60WAAkAJEHUP +PIdyPkASwXQgBBkBCAAdFiEE4l6wzxzoBJ1H8dmmM+EOShg6jkYFAl/u5bsACgkQ +M+EOShg6jkaGlxAAujAKlnxSjAxaVAV9nbJIlqWdkzpLZHEIWKyzhb2ka6708q43 +bB1dbccaQEYMC5CAvBqdJ+EZK3+6tPf4NPjQ6UMzNqdHAQrSqJJpKz/EG0p00vsm +YZtxZNek0/doeF9iFU6Ds0mex9nxOLd1+6/dmuNwu+B2dn+zo71LeBTwO0d+mc58 +TeHGNQQcTD2Gz061zp+gKowNkO99Td6Zh24PkC9OJdh14P+ZkEPg6YX30ghdY25B +7EAn7GA4929dpi3SUG5eZ8xyf/WGtTdEmqC7Cc9nZxTnOjjX+5Jt2wWtMcrIQ4tO +fRdhiTTuZkZ2xyWPOZdumxsALgmnwIMGFR93N+LWfcA7JuWTWfLB+KicuXMcO19Z +BgLGnXo3xLYxTu0DXDysU3BUNXCbEh+CMuuM8CC+pKkKYsdNc0F90tRhEC9Klj1N +H5Thg464THY2LCemt2ObWqKU35+Y9He1a9UKGUPeQeZKmLX72LH7GLOUGM15nTwS +rmsME+xOmomag1LykcTQQvchWlwHWlnmt3pQFJrsugwt5bBabsCnlVkAt+mMw3Cz +hIDark5NFjaiv/6bX5x8NYg/7ZdBXhho0Uxs7tcqve+dQ7Fj2DIAOp9EmK8OWMeL +DmIvNuRoezt1gk480wYyVHNl+STGDo9q3HjhNDas7sufIKBV0VlYMc16+BFnwA// +XnbF+Heqw6dP5HfZG3wJzBeYoXEvKWCmN6BxSZu62jD3N2Vfbqpnrtwn/emE0tmA +Bgo+sZ5wYDQEnZTOw8QorPwj90Cn3oukej/bhapRqaHXPY9ECDIkYLjfObSsD8oC +VyG3xtsj9W5nl4BheMfTVB89LuLt8U6vJhgWp8f4FOndkSv8DsWRw5leY1UaDj6g +La3pwmfMOwzQxQnt2A0AdMsbHpFllqF0TcsnyhUnxV6T0q2Mls+vXjcRku3KaSLL +3enMtRopZ8JkkIIj2d8mc1me+hBe/SXfCetAgUTXgW/SNtMAsdGBEmUHhxmLe14S +5/uyFIOx3XckN1+bEyzGd95WwhQ9r4nQYFJt7XgkdeVx3S3TdylvM7njtBusWkP3 +xc7pjs559YPenAMXYjOOefgKfL+GlQgQ7UDaPioeFSSqacWYE7rIgWJzrfsImdh7 +e5Tuyz9M0hQouG6OqVw2XxZ44xU9uGcK46HJCHZqKgAqfXKJDUSA1IgYhUMvCoy3 +STEjnb9oORmAJwR8EULVzXsh5Qf4bQcwabj39pwUeSFfrVLh59eG/MfknSUOv7Sq +ThpUo3CqRQ2nnoZIwuGKJJiK9f1dripAY2WauSLWkLYNqaVNcMsHrtdBxGl0Bz7i +c1MrgT9zOuvT7CWSDPukLUwCWUIuKXJNI8acog+U53a5Ag0EX+7l3QEQAMX7qEO4 +q/NuYpZk1eMkroSb/mefME5rXnlhAs33XMyzoI4jin5i4hU8/NVZlhHTIeyBNbDj +lwxX5FjC4v8/7VnzhuA7I+WghUX1VCM4L7AHcafiqZPOhuvqr5R9BW9SJRDx8YbX +W15a9ilaIb3W6JqWMdmaukA5DGMdHEc+mLRxm1MUSqKcIjLpz3jbFu1mfN+fM+nG +QqXRryzV4pnQqUMroBvn2fECKeKWiFdGD9TqyrKmzIuXjUvSoxl6Tl0S3gKveyl1 +KRmDGomktOpDL/lUHilx8RohpqeTewvGGmKX+hCKr7fxYDRWQgJDJ6IKy994QrK3 +ULoI4E0f6iV6BTG51MoMcW2HIYw9HPcxwjmMfELKu7SZ8slqDaEdfOAahoNWRgjC +S/JWwdYOqtkwxdwIhRWWmmHG0ejUzfYABOdYV7grWcV1t6NH1cLnFY6DBtPMJuWq +misfNTRzxYFt8nRjXQgOsexr8XTw+QW9U3jxh2KTqtzCjBI/E/7n1D0AouEix3aH +N9ZTbMBsbk+HXB5zCVhHe2n/SLe5JMNd+65pj6+uqmgQI3p+dKDw3GIFuNQlHQm7 +ooMzZJ4FTPmGn0HMvz449OiBFmiKfEGiCtEC90Ys6csbmEyMF7PMXxQS+nogyKwY +cFmBehfgm69/vxETwk7Adr4dR6OPmRiJBbpPABEBAAGJBHIEGAEIACYWIQR+HJGs +gDClpZ0e+rl1DzyHcj5AEgUCX+7l3QIbAgUJA+tFgAJACRB1DzyHcj5AEsF0IAQZ +AQgAHRYhBPYBT3A31btO47ojcTnqe73wkUVbBQJf7uXdAAoJEDnqe73wkUVbnCEP +/0e7lycnSGfOqTcxCx0xdtM0uy/4p49XvWRwxFq3iGPDYuL9NRoLzG0DzV07/Whu +ay6gMCC/zYqVDsMsNeMWTarjmUl2BnECQ3d0ShhqR1MgSLXUW/BuFX6rFkqNOreM +VCGjiLcYMuCu8EwbgHVMYwfQg+7H1+YEanFgqanUaOGmCgxen1urOxX+Y9lPE+WY +il4kQ7aN4JYqEcfDqvPAaMXrwbceInROq+N0K1w2vB3cZMOx0Qm1SXj1qoUztV+i +oqNV1E79gMv//5Mk05jPkQEaMhnFuGBkn1DP6B5IHH0Ym0NZ2rX3eh8WLf2iV5MW +cQyP454ivUFzalzxnccm20WSeJwkOR7N7eYzQJkCSFWQsXLoO8BCReuC9+kBRgUA +JBbwTZeZEGIp3iG6iNZjPlAZIQiTZ9hFWGx7YcBRn2BM4NJfYvXeeWz4ESKwCuyZ +IUD9FCyUNdb4mX4/R7fsHM3nW6TYODjKUlQGBylNFSfhDxzUOAcOGQRWcEifLYf8 +wW6EibD2DnGqUF8IQqHkPwPR7h9fbwyFKwGU4J4gomhjzlTcY1jS2UjAC3wzsggd +7WfWqdw9sAyarQrjwnWV/JMRtemdJ8CvMR1ueiyMFRqJBfkTADrnp5nrBvdWrTZQ +N6Loo+46iyXhWjL4V+rkwKRqdUwD3v/TBXcJ4K9BgZuy+xQP/18thzfIfsDTGSwr +s8ibO0NHwwuxQ+iK/++d9n5Ykn5gnRMoAebVk7c2p5mYPtehYcrCHzfOwrzH8lQB +IIE3XqKwL5ibojAXzf8dcl8o2++i2SvZYboO/xWDUeGTYi/nLcQxsVr2t+/q+PGG +j7SxiutokfypAAzTwgg6Lv5p+uRH+KSADxXvKaqZ3G0wwdmob6HlHRUZNXBAHFnn +9mJjnpCflQfabRNzYAc5wBBO8ITDJvX0g/KGJ/6t6TeelK8q0NzpYEmKjKKC8OGX +6OAh9wijvvDoa2GBsVz2Trwl7no967YnfTNaPvpn4OLU4mECPXAWvj9dPmhzUwH9 +V/LHeEQ9EM3Pt1FoOqhWdhV2gjRuXIKJKQP0jj9rFvhffE3ZIrhcD/O/4tvUVsIz +VcUvZoX7T22T7vsRV1awGZCk4CsPR3ngTVi6UEZrFWblAp+i/bcqKocgVUXxZiom +o0nBslFmKLuSVzORWbfAW17c1YrsdbyR8XXjuW/TPcCJlieTQ7oyPWKndHxCbnKK +/nsNtuAgyRI9YKkS0UYcigraawnZtByLOHZYbEuizTRFPHchUB5IBLnj6SuswGDn +TA1zNwYco8NQovCRhzOAeidS2WMCR5edOXr2uJ8KEj4qmMc20Xp0WALVpK0w653o +eEBx3R/eWa4/MIYanhg5DH21XXf1uQINBF/u5fgBEADFrJu51Arh8wjMuJWCsjO2 +GFvf8Mrzc82iFM0x6YzZXbPUiPkOW7Zc0PKkx1HSsoz9AjfNa53X693aH+VBmWDn +wWym+tjojuEj5xt1GV1VoAoMZAejkGLRrsGSidm9L/TCc1Q8iHL/OfNe1dF/gvt4 +9kyh8f/ayHPhNnXI2lTzNqiZjp42NJznU/i9XG0NDhCh9B4kSfxo71rjCG47RNUQ +A8pFgFGCMzx9oO5Qm0t+ILc6uEuD4HslVIXd2LgkhMDJp89tkAIuNXtSbFtJQvep +MllWki6EXTFA4IT5ZHHdezuWQ90cyo/Y5onxjjKZHTxxJ8g/ZcUqxAW2ipNXIxCA +aAjpVcXw5+cKcaDHQOjW8k2gvSd4XNVekI8/OHVFtyu2d1la6b/VHh6CRiAnxM9A +flff3UnnxTB3mX39kN2hJ55Bh21NHhhDz/8BMU7eGhJG8RLhTpnA7wszp2Ktrqmp +vqPSWJP4N1wHATgLVsYkwnp33dLlJ8feWUMgwmju4kNsogsUwRL2uDtLojz5Jbvl +OMpSThjsvxHyrBRGoTK444Z9pBeKuq+OLg91wYMGIiTY6rr0rLqWaUmDIgdJntI7 +UleTTIAlNdv5roUlMsXGJ2QhnO74uEsGf8yEA+NXK/eoJNDs7SW7wx9yqDnyGEno +gTv08EdLfPyiT6YUrSIatwARAQABiQRyBBgBCAAmFiEEfhyRrIAwpaWdHvq5dQ88 +h3I+QBIFAl/u5fgCGwIFCQPrRYACQAkQdQ88h3I+QBLBdCAEGQEIAB0WIQQkVXdN +Qv3+a5w4Prj+EAK8WXCBHwUCX+7l+AAKCRD+EAK8WXCBH4uhEACC0iBopvhljyqg +AVl6mH5LKD6Ywp88mQG4ZR50mXojFscFKDaaGcKMnRuZ2rGwBeC1xJSqa1ljD03K +gaCJWOz6C7mxCnU7Fzb+R5BdpWSxOShfB2d/7aJfKnVY954sbJIebO7DL1x4TG36 +HSZWYGAWWzbA10UY9tV+JPc+8WTCqye1rod5sNM3ikzO8bUggZXsvkpGjUR2aSu3 +eVdBaZ2AeXcmg1D2/8mB/iOjqAPDndi8kUolxo44BLd3gLM9aZwvNzLiZ/T1gjcO +hAJtgvdxE16VTDNQXYvpDI8LCidd6YsKZ+QGCxJWq9bh+rypsQcYXZ8rvHd3ttkS +xSIYK3+1c6QOQ0nfVP+YLfmfFl9yPwAw+LE74GcB4p5gLfsttAPvqOvDnbq1RewA +X5A43kM96i357xsjH2pJu92qlcOQriUZxFO5LY5ULwn1d8NNyHjCbcp3g/iUN1EA +lact9VrLSbTksaV6RZ0TNyM/woNogIf2sSzp/17WDLqZMQGcFb//jUHEQtMrGhMa +VxffISEKYrfqDkL/53pvsmLlqsYZMJr3q//EbfYphzXN+fdNiQLHTqk9RvOICXaX +QxOkZ6rPaEkw4YDcm7HCWSwkqqc9jLSEcp1Vbg+efbk15dwGnzCmS3xVk5FvOPD9 +MkHuq8kehGjW1q3zlSKP2sBepPI7wRrSEACL8R+6IMPLcZXtu+MVIDVcSMt34XjS +DZfRAb88dNJxgHisUnBXQYVTEseviDuLKkBUj4EHgRiKTHyCl57oHSDcn6toIUMO +tE8Mp2qulkrnehhwE+R1IFsKvkwBr8zcN6soESCgFVRtpIdY3s4fZp77lHpfYRGZ +hl1bg8KPqXDtr5GGQCyAqjxGOieNXrV6FA9mHbSegjX1DzQFhhIJ8ce/PLm/C8HK +GZMwk2uXc8OkHL39PAFHkOmcd848lfpueXel27rkXZNEzrKgVt+hSISqtdXjALUj +7431WOtC9dKnSKT9doxarzvAsiD7WjASUkjPDJla6RCRkwBi16xUXPbRjALs27xI +2v81NIIfUSouxLhiEFOyOlzZPwCpSWDEquKWYtuuPrg9eAyxD1ZibnPCULlQDl6T +LliERMUnbl0hqmUybjtohs9Ifl/3Ll5g+R84Kgy7mgPMPOhd0f1XVh+weprxtuhK +BN1quILbfHfwT09pZA3JjYwUovpwW3aKUiwxJIPokCbXHyQG2fVsGikbnzzuZMO2 +WocLD9CtO4ut4kb0onV1AUn9Djb5ywfT2XTzXCW/gEG5WU3VeaP5zaxaf3SXUE9l +9gd32OGCAj3rJNmF9N8VtIxK4Y9DKoefANh0Ddw2PkFiJ68GQ7kVloJ71JnjFxiC +qVWm/Xk7tWsP4g== +=Ynj7 + + +-----END PGP PUBLIC KEY BLOCK----- diff --git a/dhcp.spec b/dhcp.spec new file mode 100644 index 0000000..aebd4dc --- /dev/null +++ b/dhcp.spec @@ -0,0 +1,568 @@ +# +# spec file for package dhcp +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define isc_version 4.4.2-P1 +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif +%if 0%{?suse_version} >= 1550 +%define sbindir %{_sbindir} +%else +%define sbindir /sbin +%endif +%if 0%{?suse_version} >= 1330 +%bcond_without sysusers +%else +%bcond_with sysusers +%endif +Name: dhcp +Version: 4.4.2.P1 +Release: 0 +Summary: Common Files Used by ISC DHCP Software +License: MPL-2.0 +Group: Productivity/Networking/Boot/Servers +URL: https://www.isc.org/software/dhcp +Source0: https://ftp.isc.org/isc/dhcp/%{isc_version}/dhcp-%{isc_version}.tar.gz +Source1: https://ftp.isc.org/isc/dhcp/%{isc_version}/dhcp-%{isc_version}.tar.gz.asc +Source2: %{name}.keyring +# +Source10: dhcpd.script +Source11: dhcrelay.script +Source12: dhcpd.service +Source13: dhcpd6.service +Source14: dhcrelay.service +Source15: dhcrelay6.service +Source17: sysconfig.dhcpd +Source18: sysconfig.dhcrelay +Source19: if-up.d.dhcpd-restart-hook +# +Source20: dhclient.conf +Source21: dhclient6.conf +Source22: dhcpd.conf +Source23: dhcpd6.conf +Source26: sysconfig.syslog-dhcpd +# +Source41: dhcp.README +Source43: DDNS-howto.txt +Source44: contrib.tar.gz +Source45: examples.tar.gz +Source46: slp.reg.d.dhcp.reg +Source47: dhcp-user.conf +Patch1: 0001-dhcp-4.1.1-default-paths.patch +# paranoia patch is included now, but not the +# additional patch by thomas@suse.de not ... +Patch2: 0002-dhcp-4.1.1-paranoia.patch +Patch3: 0003-dhcp-4.2.2-man-includes.patch +Patch4: 0004-dhcp-4.1.1-tmpfile.patch +Patch5: 0005-dhcp-4.1.1-dhclient-exec-filedes.patch +Patch6: 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch +# PATCH-FIX-UPSTREAM lpf-bind-msg-fix bnc#617795 +Patch7: 0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch +# PATCH-FIX-SLE dhclient-option-checks bnc#675052 +Patch8: 0008-dhcp-4.2.2-dhclient-option-checks.patch +# PATCH-FIX-OPENSUSE close-on-exec bnc#732910 +Patch9: 0009-dhcp-4.2.6-close-on-exec.patch +# PATCH-FIX-OPENSUSE quiet-dhclient bnc#711420 +Patch10: 0010-dhcp-4.2.2-quiet-dhclient.patch +# PATCH-FIX-OPENSUSE dhcp-4.2.x-chown-server-leases bnc#868253 +Patch12: 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch +# PATCH-FIX-SLE dhclient6-unsigned-lifetimes-for-script bsc#926159 +Patch14: 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch +# PATCH-FIX-SLE Expose-next-server-DHCPv4-option-to-dhclient-script bsc#928390 +Patch15: 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch +# PATCH-FIX-SLE infiniband-support bnc#870535,bsc#909189,bsc#910984 +Patch16: 0016-infiniband-support.patch +# PATCH-FIX-SLE server-no-success-report-before-send bsc#919959 +Patch17: 0017-server-no-success-report-before-send.919959.patch +# PATCH-FIX-SLE client-fail-on-script-pre-init-error bsc#912098 +Patch18: 0018-client-fail-on-script-pre-init-error-bsc-912098.patch +# PATCH-FIX-SLE dhcp-4.2.4-P1-interval bsc#947780 +Patch20: 0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch +Patch21: 0021-dhcp-ip-family-symlinks.patch +Patch22: dhcp-CVE-2022-2928.patch +Patch23: dhcp-CVE-2022-2929.patch +BuildRequires: automake +BuildRequires: dos2unix +BuildRequires: libtool +BuildRequires: openldap2-devel +%if %{with sysusers} +BuildRequires: sysuser-tools +%endif + +%package server +Summary: ISC DHCP Server +Group: Productivity/Networking/Boot/Servers +Requires: dhcp = %{version} +Requires(post): %fillup_prereq +%{?systemd_ordering} +%if 0%{?suse_version} < 1500 +Requires: net-tools +%endif +%if %{with sysusers} +%sysusers_requires +%else +Requires(pre): shadow +%endif + +%package client +Summary: ISC DHCP Client +Group: Productivity/Networking/Boot/Clients +Requires: %{_bindir}/getent +Requires: dhcp = %{version} +Requires: iproute2 +Requires: iputils +%if 0%{?suse_version} >= 1330 +Requires: /usr/bin/hostname +%else +Requires: net-tools +%endif + +%package relay +Summary: ISC DHCP Relay Agent +Group: Productivity/Networking/Boot/Servers +Requires: dhcp = %{version} +Requires(post): %fillup_prereq +%{?systemd_ordering} +%if 0%{?suse_version} < 1500 +Requires: net-tools +%endif + +%package devel +Summary: Header Files and Libraries for dhcpctl API +Group: Development/Libraries/C and C++ +Requires: dhcp = %{version} + +%package doc +Summary: Documentation +Group: Productivity/Networking/Boot/Servers + +%description +This package contains common programs used by both the ISC DHCP +server ("dhcp-server" package) and client ("dhcp-client") as the +omshell and common manual pages. + +%description server +This package contains the ISC DHCP server. + +%description client +This is an alternative DHCP client, the ISC DHCP client for Linux. Like +"dhcpcd" (the client that is installed by default), it can be used to +configure the network setup. IP address, hostname, routing, +nameserver, netmask, and broadcast can be dynamically assigned while +booting the machine. + +It is configurable via the configuration file %{_sysconfdir}/dhclient.conf. + +%description relay +This is the ISC DHCP relay agent. It can be used as a 'gateway' for +DHCP messages across physical network segments. This is necessary +because requests can be broadcast, and they will normally not be +routed. + +%description doc +This package contains additional documentation files provided with +the software. The manual pages are in the corresponding packages. + +%description devel +This package contains all of the libraries and headers for developing +with the Internet Software Consortium (ISC) dhcpctl API. + +%prep +if test "%version" != $(echo %isc_version | tr "-" "."); then + echo "error: %%version and %%isc_version are not in sync." + exit 1 +fi +%setup -q -n %{name}-%{isc_version} -a 44 -a 45 +## +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 +%patch10 -p1 +%patch12 -p1 +%patch14 +%patch15 -p1 +%patch16 +%patch17 -p1 +%patch18 -p1 +%patch20 +%patch21 +%patch22 +%patch23 +## +find . -type f -name \*.cat\* -exec rm -f {} \; +dos2unix contrib/ms2isc/* +# Remove GPL licensed files to make sure, +# they're not used to build (bnc#714004). +pushd bind +gunzip -c bind.tar.gz | tar xf - +rm -rf bind-*/contrib/dbus +bind_dir=$(ls -1d bind-*) +for i in %{_datadir}/automake-*/config.{sub,guess} ; do + install -v -m755 $i $bind_dir/ +done +# use the year from source gzip header instead of current one to make reproducible rpms +year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < bind.tar.gz) +sed -i "s/stdout, copyright, year/stdout, copyright, \"-$year\"/" $bind_dir/lib/dns/gen.c +popd +## + +%build +%global _lto_cflags %{_lto_cflags} -ffat-lto-objects +CFLAGS="%{optflags} -D_GNU_SOURCE -W -Wall -Wno-unused -fcommon -fno-strict-aliasing" +%ifarch ppc ppc64 s390x + # bugs 134590, 171532 + CFLAGS="$CFLAGS -fsigned-char" +%endif +%ifarch ia64 %{sparc} alpha s390x ppc64 x86_64 + CFLAGS="$CFLAGS -fPIE" +%else + CFLAGS="$CFLAGS -fpie" +%endif +LDFLAGS="-Wl,-z,relro,-z,now -pie" +FFLAGS="$CFLAGS" +CXXFLAGS="$CFLAGS" +export CFLAGS LDFLAGS FFLAGS CXXFLAGS +%configure \ + --enable-dhcpv6 \ + --enable-failover \ + --enable-paranoia \ + --enable-early-chroot \ + --disable-libtool \ + --enable-log-pid \ + --enable-binary-leases \ + --with-ldap \ + --with-ldapcrypto \ + --with-cli-pid-file=%{_rundir}/dhclient.pid \ + --with-cli-lease-file=%{_localstatedir}/lib/dhcp/dhclient.leases \ + --with-cli6-pid-file=%{_rundir}/dhclient6.pid \ + --with-cli6-lease-file=%{_localstatedir}/lib/dhcp6/dhclient.leases \ + --with-srv-pid-file=%{_rundir}/dhcpd.pid \ + --with-srv-lease-file=%{_localstatedir}/lib/dhcp/db/dhcpd.leases \ + --with-srv6-pid-file=%{_rundir}/dhcpd6.pid \ + --with-srv6-lease-file=%{_localstatedir}/lib/dhcp6/db/dhcpd6.leases +# +: building bind sources +%if 0%{?!make_build:1} +# SLE-12 compatbility still needed as of October 2021 +%define make_build %{__make} %{?_smp_mflags} +%endif +%make_build -j1 -C bind all +cat bind/configure.log +cat bind/build.log +cat bind/install.log +: building dhcp sources +%make_build +%if %{with sysusers} +%sysusers_generate_pre %{SOURCE47} dhcp-server dhcp-user.conf +%endif + +%check +# check example config, see if it runs +./server/dhcpd -4 -t -cf $RPM_SOURCE_DIR/dhcpd.conf +./server/dhcpd -6 -t -cf $RPM_SOURCE_DIR/dhcpd6.conf +# check syntax in our scripts +bash -n $RPM_SOURCE_DIR/dhcpd.script +bash -n $RPM_SOURCE_DIR/dhcrelay.script + +%install +%make_install +# +# directories +install -d -m0755 %{buildroot}/sbin +install -d -m0755 %{buildroot}%{_sysconfdir}/dhcpd{,6}.d +install -d -m0755 %{buildroot}%{_sysconfdir}/openldap/schema +install -d -m0755 %{buildroot}%{_localstatedir}/run +install -d -m0755 %{buildroot}%{_fillupdir} +# chroot jail +install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}%{_sysconfdir} +install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}/dev +install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}/%{_lib} +install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}/run +install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}/db +%if 0%{?suse_version} < 1550 +# move the dhclient binary to /sbin +mv -f %{buildroot}%{_sbindir}/dhclient %{buildroot}/sbin/ +%endif +# provide a ...6 link, so we know it supports DHCPv6 +ln -sf dhcpd %{buildroot}%{_sbindir}/dhcpd6 +ln -sf dhcrelay %{buildroot}%{_sbindir}/dhcrelay6 +ln -sf dhclient %{buildroot}%{sbindir}/dhclient6 +# install our adopted config examples: +install -m0644 $RPM_SOURCE_DIR/dhcpd.conf %{buildroot}%{_sysconfdir}/ +install -m0644 $RPM_SOURCE_DIR/dhcpd6.conf %{buildroot}%{_sysconfdir}/ +install -m0644 $RPM_SOURCE_DIR/dhclient.conf %{buildroot}%{_sysconfdir}/ +install -m0644 $RPM_SOURCE_DIR/dhclient6.conf %{buildroot}%{_sysconfdir}/ +# We don't ship dhclient-script any more (boo#1216822) +rm -f %{buildroot}%{_mandir}/man8/dhclient-script.8 +# helper / wrapper scripts +install -d -m0755 %{buildroot}%{_libexecdir}/dhcp +install -m0755 $RPM_SOURCE_DIR/dhcpd.script \ + %{buildroot}%{_libexecdir}/dhcp/dhcpd +sed -e 's,@LIBDIR@,%{_lib},g' -i %{buildroot}%{_libexecdir}/dhcp/dhcpd +install -m0755 $RPM_SOURCE_DIR/dhcrelay.script \ + %{buildroot}%{_libexecdir}/dhcp/dhcrelay +# service units +install -d -m0755 %{buildroot}%{_unitdir} +install -m0644 $RPM_SOURCE_DIR/dhcpd.service \ + %{buildroot}%{_unitdir}/dhcpd.service +install -m0644 $RPM_SOURCE_DIR/dhcpd6.service \ + %{buildroot}%{_unitdir}/dhcpd6.service +install -m0644 $RPM_SOURCE_DIR/dhcrelay.service \ + %{buildroot}%{_unitdir}/dhcrelay.service +install -m0644 $RPM_SOURCE_DIR/dhcrelay6.service \ + %{buildroot}%{_unitdir}/dhcrelay6.service +sed -e 's,@LIBEXECDIR@,%{_libexecdir},g' -i %{buildroot}%{_unitdir}/d* +# rcservice links +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdhcpd +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdhcpd6 +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdhcrelay +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdhcrelay6 +# rcservice actions +legacy_actionsdir=%{buildroot}%{_libexecdir}/initscripts/legacy-actions +cat >dhcpd.action <<'EOF' +#!/bin/bash +exec %{_libexecdir}/dhcp/dhcpd -4 ${0##*/} +EOF +install -d -m0755 ${legacy_actionsdir}/dhcpd +install -m0755 dhcpd.action ${legacy_actionsdir}/dhcpd/syntax-check +ln -sf syntax-check ${legacy_actionsdir}/dhcpd/check-syntax +ln -sf syntax-check ${legacy_actionsdir}/dhcpd/check-lease +rm -f dhcpd.action +cat >dhcpd.action <<'EOF' +#!/bin/bash +exec %{_libexecdir}/dhcp/dhcpd -6 ${0##*/} +EOF +install -d -m0755 ${legacy_actionsdir}/dhcpd6 +install -m0755 dhcpd.action ${legacy_actionsdir}/dhcpd6/syntax-check +ln -sf syntax-check ${legacy_actionsdir}/dhcpd6/check-syntax +ln -sf syntax-check ${legacy_actionsdir}/dhcpd6/check-lease +rm -f dhcpd.action +# sysconfig files +install -m0644 $RPM_SOURCE_DIR/sysconfig.dhcpd \ + %{buildroot}%{_fillupdir}/ +install -m0644 $RPM_SOURCE_DIR/sysconfig.syslog-dhcpd \ + %{buildroot}%{_fillupdir}/ +install -m0644 $RPM_SOURCE_DIR/sysconfig.dhcrelay \ + %{buildroot}%{_fillupdir}/ +# another config files and scripts +install -m0644 contrib/ldap/dhcp.schema \ + %{buildroot}%{_sysconfdir}/openldap/schema +install -d -m0755 %{buildroot}%{_sysconfdir}/sysconfig/network/if-up.d +install -d -m0755 %{buildroot}%{_sysconfdir}/sysconfig/network/scripts +install -m0755 $RPM_SOURCE_DIR/if-up.d.dhcpd-restart-hook \ + %{buildroot}%{_sysconfdir}/sysconfig/network/scripts/dhcpd-restart-hook +sed 's,@LIBEXECDIR@,%{_libexecdir},g' -i \ + %{buildroot}%{_sysconfdir}/sysconfig/network/scripts/dhcpd-restart-hook +ln -sf ../scripts/dhcpd-restart-hook \ + %{buildroot}%{_sysconfdir}/sysconfig/network/if-up.d/60-dhcpd-restart-hook +# slp support +install -d -m0755 %{buildroot}%{_sysconfdir}/slp.reg.d +install -m0644 $RPM_SOURCE_DIR/slp.reg.d.dhcp.reg \ + %{buildroot}%{_sysconfdir}/slp.reg.d/dhcp.reg +# fix manual page permissions +find %{buildroot}/%{_mandir} -type f | xargs chmod 644 +# copy some documentation and examples from src dir +install -m0644 $RPM_SOURCE_DIR/dhcp.README README.SUSE +install -m0644 $RPM_SOURCE_DIR/DDNS-howto.txt . +cp doc/examples/* ./examples/ +rm -f doc/{References.xml,Makefile*} +rm -f contrib/dhcp.spec +rm -f %{buildroot}%{_sysconfdir}/{dhcpd,dhclient}.conf.example +find contrib doc/examples -type f | xargs chmod -x +# install bind libs+includes needed for dhcp-devel +pushd bind +install -d -m0755 %{buildroot}%{_includedir}/dhcp/ +for i in include/* ; do + cp -r $i %{buildroot}%{_includedir}/dhcp/ +done +install -d -m0755 %{buildroot}%{_libdir}/dhcp/ +for l in lib/lib*.a ; do + install -m0644 $l %{buildroot}%{_libdir}/dhcp/ +done +popd +# move also all dhcp-devel files to dhcp subdirectories +mv %{buildroot}%{_includedir}/{dhcpctl,omapip} \ + %{buildroot}%{_includedir}/dhcp/ +mv %{buildroot}%{_libdir}/lib*.* \ + %{buildroot}%{_libdir}/dhcp/ +%if %{with sysusers} +mkdir -p %{buildroot}%{_sysusersdir} +install -m 644 %{SOURCE47} %{buildroot}%{_sysusersdir}/ +%endif + +%if %{with sysusers} +%pre server -f dhcp-server.pre +%else + +%pre server +getent passwd dhcpd >/dev/null || useradd -r -g nogroup -s /bin/false -c "DHCP server daemon" -d %{_localstatedir}/lib/dhcp dhcpd +%endif +%service_add_pre dhcpd.service +%service_add_pre dhcpd6.service + +%post server +%{fillup_only -n dhcpd dhcpd} +%{fillup_only -ans syslog dhcpd} +%service_add_post dhcpd.service +%service_add_post dhcpd6.service +# FIXME: update? +if [ $1 -gt 1 ]; then + if grep -q '^DHCPD_RUN_AS=.*nobody' etc/sysconfig/dhcpd; then + tmpfile=$(mktemp -q etc/sysconfig/dhcpd.XXXXXX) + sed 's|^DHCPD_RUN_AS=.*|DHCPD_RUN_AS="dhcpd"|' etc/sysconfig/dhcpd \ + > $tmpfile && mv $tmpfile etc/sysconfig/dhcpd + rm -f $tmpfile + fi + if grep -q '^DHCPD_BINARY=.*dhcpd\..*' etc/sysconfig/dhcpd; then + tmpfile=$(mktemp -q etc/sysconfig/dhcpd.XXXXXX) + sed 's|^DHCPD_BINARY=.*|DHCPD_BINARY=""|' etc/sysconfig/dhcpd \ + > $tmpfile && mv $tmpfile etc/sysconfig/dhcpd + rm -f $tmpfile + fi +fi + +%preun server +%service_del_preun dhcpd.service +%service_del_preun dhcpd6.service + +%postun server +%service_del_postun dhcpd.service +%service_del_postun dhcpd6.service + +%pre relay +%service_add_pre dhcrelay.service +%service_add_pre dhcrelay6.service + +%post relay +# +%{rename_sysconfig_variable -f etc/sysconfig/dhcrelay + DHCRELAY6_LOWER_INTERFACES_ARGS DHCRELAY6_LOWER_INTERFACES} +%{rename_sysconfig_variable -f etc/sysconfig/dhcrelay + DHCRELAY6_UPPER_INTERFACES_ARGS DHCRELAY6_UPPER_INTERFACES} +# +%{fillup_only -n dhcrelay dhcrelay} +%service_add_post dhcrelay.service +%service_add_post dhcrelay6.service + +%preun relay +%service_del_preun dhcrelay.service +%service_del_preun dhcrelay6.service + +%postun relay +%service_del_postun dhcrelay.service +%service_del_postun dhcrelay6.service + +%files +%license LICENSE +%{_bindir}/omshell +%{_mandir}/man1/omshell.1%{?ext_man} +%{_mandir}/man5/dhcp-eval.5%{?ext_man} +%{_mandir}/man5/dhcp-options.5%{?ext_man} + +%files server +%{_sbindir}/dhcpd +%{_sbindir}/dhcpd6 +%{_sbindir}/rcdhcpd +%{_sbindir}/rcdhcpd6 +%{_unitdir}/dhcpd.service +%{_unitdir}/dhcpd6.service +%if %{with sysusers} +%{_sysusersdir}/dhcp-user.conf +%endif +%dir %{_libexecdir}/initscripts/legacy-actions/dhcpd +%{_libexecdir}/initscripts/legacy-actions/dhcpd/* +%dir %{_libexecdir}/initscripts/legacy-actions/dhcpd6 +%{_libexecdir}/initscripts/legacy-actions/dhcpd6/* +%config(noreplace) %{_sysconfdir}/dhcpd.conf +%config(noreplace) %{_sysconfdir}/dhcpd6.conf +%attr(755,root,root) %dir %config(noreplace) %ghost %{_sysconfdir}/dhcpd.d/ +%attr(755,root,root) %dir %config(noreplace) %ghost %{_sysconfdir}/dhcpd6.d/ +%dir %{_libexecdir}/dhcp +%{_libexecdir}/dhcp/dhcpd +%dir %{_localstatedir}/lib/dhcp +%dir %{_localstatedir}/lib/dhcp%{_sysconfdir} +%dir %{_localstatedir}/lib/dhcp/dev +%dir %{_localstatedir}/lib/dhcp/%{_lib} +%dir %{_localstatedir}/lib/dhcp/run +%attr(755,dhcpd,root) %dir %{_localstatedir}/lib/dhcp/db +%dir %{_localstatedir}/lib/dhcp6 +%dir %{_localstatedir}/lib/dhcp6%{_sysconfdir} +%dir %{_localstatedir}/lib/dhcp6/dev +%dir %{_localstatedir}/lib/dhcp6/%{_lib} +%dir %{_localstatedir}/lib/dhcp6/run +%attr(755,dhcpd,root) %dir %{_localstatedir}/lib/dhcp6/db +%{_mandir}/man8/dhcpd.8%{?ext_man} +%{_mandir}/man5/dhcpd.conf.5%{?ext_man} +%{_mandir}/man5/dhcpd.leases.5%{?ext_man} +%dir %{_sysconfdir}/openldap +%dir %{_sysconfdir}/openldap/schema +%attr(0644, root, root) %config %{_sysconfdir}/openldap/schema/dhcp.schema +%dir %{_sysconfdir}/slp.reg.d +%config(noreplace) %{_sysconfdir}/slp.reg.d/dhcp.reg +%dir %{_sysconfdir}/sysconfig/network +%dir %{_sysconfdir}/sysconfig/network/scripts +%dir %{_sysconfdir}/sysconfig/network/if-up.d +%{_sysconfdir}/sysconfig/network/scripts/dhcpd-restart-hook +%{_sysconfdir}/sysconfig/network/if-up.d/60-dhcpd-restart-hook +%{_fillupdir}/sysconfig.dhcpd +%{_fillupdir}/sysconfig.syslog-dhcpd + +%files doc +%doc README RELNOTES +%doc README.* DDNS-howto.txt doc/* +%doc contrib examples + +%files client +%{sbindir}/dhclient +%{sbindir}/dhclient6 +%config(noreplace) %{_sysconfdir}/dhclient.conf +%config(noreplace) %{_sysconfdir}/dhclient6.conf +%{_mandir}/man5/dhclient.conf.5%{?ext_man} +%{_mandir}/man5/dhclient.leases.5%{?ext_man} +%{_mandir}/man8/dhclient.8%{?ext_man} +%dir %{_localstatedir}/lib/dhcp +%dir %{_localstatedir}/lib/dhcp6 + +%files relay +%{_sbindir}/dhcrelay +%{_sbindir}/dhcrelay6 +%{_sbindir}/rcdhcrelay +%{_sbindir}/rcdhcrelay6 +%dir %{_libexecdir}/dhcp +%{_libexecdir}/dhcp/dhcrelay +%{_unitdir}/dhcrelay.service +%{_unitdir}/dhcrelay6.service +%{_mandir}/man8/dhcrelay.8%{?ext_man} +%{_fillupdir}/sysconfig.dhcrelay + +%files devel +%dir %{_libdir}/dhcp +%{_libdir}/dhcp/lib* +%dir %{_includedir}/dhcp +%{_includedir}/dhcp/* +%{_mandir}/man3/omapi.3%{?ext_man} +%{_mandir}/man3/dhcpctl.3%{?ext_man} + +%changelog diff --git a/dhcpd.conf b/dhcpd.conf new file mode 100644 index 0000000..b320e16 --- /dev/null +++ b/dhcpd.conf @@ -0,0 +1,154 @@ +# /etc/dhcpd.conf +# +# Sample configuration file for ISC dhcpd +# +# *** PLEASE CONFIGURE IT FIRST *** +# +# Don't forget to set the DHCPD_INTERFACE in the +# /etc/sysconfig/dhcpd file. +# + +# option definitions common to all supported networks... +#option domain-name "example.org"; +#option domain-name-servers ns1.example.org, ns2.example.org; + +#default-lease-time 600; +#max-lease-time 7200; + +# if you do not use dynamical DNS updates: +# +# if you want to use dynamical DNS updates, you should first read +# read /usr/share/doc/packages/dhcp-server/DDNS-howto.txt +# +#ddns-updates off; + +# Use this to enble / disable dynamic dns updates globally. +#ddns-update-style none; + +# If this DHCP server is the official DHCP server for the local +# network, the authoritative directive should be uncommented. +#authoritative; + +# Use this to send dhcp log messages to a different log file (you also +# have to hack syslog.conf to complete the redirection). +#log-facility local7; + +# +# Define RFC 3442 classless static route option (121); +# the following _example_ routes: +# 192.168.2.254/32 via 0.0.0.0 (device route) +# 192.168.2.253/32 via 192.168.1.2 (255.255.255.255) +# 192.2.0.128/25 via 192.168.1.2 (255.255.255.128) +# 192.168.2.0/24 via 192.168.1.2 (255.255.255.0) +# 172.16.0.0/12 via 192.168.1.2 (255.240.0.0) +# 10.0.0.0/8 via 192.168.1.2 (255.0.0.0) +# default via 192.168.1.1 +# have to be written as: +# option rfc3442-classless-static-routes +# 32, 192, 168, 2, 254, 0, 0, 0, 0, +# 32, 192, 168, 2, 253, 192, 168, 1, 2, +# 25, 192, 2, 0, 128, 192, 168, 1, 2, +# 24, 192, 168, 3, 192, 168, 1, 2, +# 12, 172, 16, 192, 168, 1, 2, +# 8, 10, 192, 168, 1, 2, +# 0, 192, 168, 1, 1; +# +# Note: you have to specify the default gateway here +# as well, because when classless routes are in use, +# the 'routers' option is ignored by the dhcp client. +# +#option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; + +# +# Define RFC 4833 timezone options: +# +#option rfc4833-tz-posix-string code 100 = string; +#option rfc4833-tz-name code 101 = string; +# +# Use example: +# option rfc4833-tz-posix-string "EST5EDT4,M3.2.0/02:00,M11.1.0/02:00"; +# option rfc4833-tz-name "Europe/Zurich"; + + +# No service will be given on this subnet, but declaring it helps the +# DHCP server to understand the network topology. + +#subnet 10.152.187.0 netmask 255.255.255.0 { +#} + +# This is a very basic subnet declaration. + +#subnet 10.254.239.0 netmask 255.255.255.224 { +# range 10.254.239.10 10.254.239.20; +# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; +#} + +# This declaration allows BOOTP clients to get dynamic addresses, +# which we don't really recommend. + +#subnet 10.254.239.32 netmask 255.255.255.224 { +# range dynamic-bootp 10.254.239.40 10.254.239.60; +# option broadcast-address 10.254.239.31; +# option routers rtr-239-32-1.example.org; +#} + +# A slightly different configuration for an internal subnet. +#subnet 10.5.5.0 netmask 255.255.255.224 { +# range 10.5.5.26 10.5.5.30; +# option domain-name-servers ns1.internal.example.org; +# option domain-name "internal.example.org"; +# option routers 10.5.5.1; +# option broadcast-address 10.5.5.31; +# default-lease-time 600; +# max-lease-time 7200; +#} + +# Hosts which require special configuration options can be listed in +# host statements. If no address is specified, the address will be +# allocated dynamically (if possible), but the host-specific information +# will still come from the host declaration. + +#host passacaglia { +# hardware ethernet 0:0:c0:5d:bd:95; +# filename "vmunix.passacaglia"; +# server-name "toccata.fugue.com"; +#} + +# Fixed IP addresses can also be specified for hosts. These addresses +# should not also be listed as being available for dynamic assignment. +# Hosts for which fixed IP addresses have been specified can boot using +# BOOTP or DHCP. Hosts for which no fixed address is specified can only +# be booted with DHCP, unless there is an address range on the subnet +# to which a BOOTP client is connected which has the dynamic-bootp flag +# set. +#host fantasia { +# hardware ethernet 08:00:07:26:c0:a5; +# fixed-address fantasia.fugue.com; +#} + +# You can declare a class of clients and then do address allocation +# based on that. The example below shows a case where all clients +# in a certain class get addresses on the 10.17.224/24 subnet, and all +# other clients get addresses on the 10.0.29/24 subnet. + +#class "foo" { +# match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; +#} +# +#shared-network 224-29 { +# subnet 10.17.224.0 netmask 255.255.255.0 { +# option routers rtr-224.example.org; +# } +# subnet 10.0.29.0 netmask 255.255.255.0 { +# option routers rtr-29.example.org; +# } +# pool { +# allow members of "foo"; +# range 10.17.224.10 10.17.224.250; +# } +# pool { +# deny members of "foo"; +# range 10.0.29.10 10.0.29.230; +# } +#} + diff --git a/dhcpd.script b/dhcpd.script new file mode 100644 index 0000000..0e40e81 --- /dev/null +++ b/dhcpd.script @@ -0,0 +1,429 @@ +#! /bin/bash +# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH +# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH +# Copyright (c) 2002, 2003 SuSE Linux AG +# Copyright (c) 2004-2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, see . +# +# Author: Rolf Haberrecker , 1997-1999 +# Peter Poeml , 2000-2006 +# Marius Tomaschewski , 2006-2010 +# +# /usr/lib/dhcp/dhcpd helper script, fromer /etc/init.d/dhcpd init script. +# +### +test -s /etc/sysconfig/dhcpd && . /etc/sysconfig/dhcpd + +SUPPORTS_CHROOT="yes" +SUPPORTS_RUN_AS="yes" +SUPPORTS_HUP="no" + +# note: $DAEMON_PIDFILE is a symlink to the +# $DAEMON_STATE$DAEMON_PIDFILE (also +# while DHCPD_RUN_CHROOTED=no) now, +# as DHCPD_RUN_AS is not allowed to +# create pid files in /run. + +DHCPv_OPT=$1 ; shift +case $DHCPv_OPT in +-4) + DAEMON='ISC DHCPv4 Server' + DAEMON_BIN=/usr/sbin/dhcpd + DAEMON_CONF=/etc/dhcpd.conf + DAEMON_STATE=/var/lib/dhcp + DAEMON_LEASES=dhcpd.leases + DAEMON_PIDFILE=/run/dhcpd.pid + STARTPROC_LOGFILE=/var/log/rc.dhcpd.log + LDAP_CONF=/etc/openldap/ldap.conf + + test "$DHCPD_RUN_CHROOTED" = "yes" && \ + CHROOT_PREFIX="$DAEMON_STATE" || CHROOT_PREFIX='' + + DHCPD_CONF_INCLUDE_FILES=${DHCPD_CONF_INCLUDE_FILES:-/etc/dhcpd.d} +;; +-6) + DAEMON='ISC DHCPv6 Server' + DAEMON_BIN=/usr/sbin/dhcpd + DAEMON_CONF=/etc/dhcpd6.conf + DAEMON_STATE=/var/lib/dhcp6 + DAEMON_LEASES=dhcpd6.leases + DAEMON_PIDFILE=/run/dhcpd6.pid + STARTPROC_LOGFILE=/var/log/rc.dhcpd6.log + LDAP_CONF="" + + test "$DHCPD6_RUN_CHROOTED" = "yes" && \ + CHROOT_PREFIX="$DAEMON_STATE" || CHROOT_PREFIX='' + + DHCPD_RUN_AS=$DHCPD6_RUN_AS + DHCPD_INTERFACE=$DHCPD6_INTERFACE + DHCPD_OTHER_ARGS=$DHCPD6_OTHER_ARGS + DHCPD_CONF_INCLUDE_FILES=${DHCPD6_CONF_INCLUDE_FILES:-/etc/dhcpd6.d} +;; +*) + echo >&2 "Usage: $0 <-4|-6> " + exit 2 +;; +esac + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signalling is not supported) are +# considered a success. + +if ! [ -x "$DAEMON_BIN" ]; then + case $1 in + stop) ;; + *) echo -n >&2 "\"$DAEMON_BIN\" is not an executable file. Exiting." + case $1 in + status) exit 4 ;; + *) exit 5 ;; + esac + ;; + esac + exit +fi +if ! [ -r "$DAEMON_CONF" ] ; then + case $1 in + stop|status) + if test ! -s /etc/sysconfig/dhcpd ; then + test -e $DAEMON_STATE/$DAEMON_PIDFILE && \ + CHROOT_PREFIX="$DAEMON_STATE" || CHROOT_PREFIX='' + fi + ;; + *) + echo -n >&2 "\"$DAEMON_CONF\" config file missed. Exiting." + exit 6 + ;; + esac +fi + +# remove empty pid files to avoid disturbing warnings by checkproc/killproc +# (these can occur if dhcpd does not start correctly) +test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE +test -e $DAEMON_STATE/$DAEMON_PIDFILE && ! test -s $DAEMON_STATE/$DAEMON_PIDFILE && rm $DAEMON_STATE/$DAEMON_PIDFILE + +case "$1" in + start) + echo -n "Starting $DAEMON " + + ## If there is no conf file, skip starting of dhcpd + ## and return with "program not configured" + if ! [ -f $DAEMON_CONF ]; then + echo -n "... no configuration file found"; + # service is not configured + exit 6; + fi + + ## If the interfaces are not set, skip starting of dhcpd + ## and return with "program not configured" + if [ -z "$DHCPD_INTERFACE" ]; then + var="DHCPD_INTERFACE" + case $DHCPv_OPT in -6) var=DHCPD6_INTERFACE ;; esac + echo -n "... set $var in /etc/sysconfig/dhcpd" + # service is not configured + exit 6; + fi + + if [ "$DHCPD_INTERFACE" = "ANY" ]; then + DHCPD_INTERFACE="" + fi + + jail=${CHROOT_PREFIX:-${DAEMON_STATE}}; leases=$DAEMON_LEASES + if ! [ -e $jail/db/$leases ]; then + # until 9.0, the lease file was in /var/lib/dhcp and part of the package + if test -e $jail/$leases -a '!' -L $jail/$leases; then + # this is the case where the %post script runs _before_ the old package is + # removed (i.e., dhcpd.leases has not renamed to .rpmsave yet) + mv $jail/$leases $jail/db/$leases && \ + ln -s db/$leases $jail/ + elif test -e $jail/$leases.rpmsave; then + # this is what's left when the package is already gone. + mv $jail/$leases.rpmsave $jail/db/$leases && \ + ln -s db/$leases $jail/ + else + # fresh installation: + # a lease file must be present. the server won't start without + touch $jail/db/$leases + fi + fi + + if test "$DHCPD_RUN_CHROOTED" = "yes" ; then + ## copy the conf file to the chroot jail (dhcpd has to be restarted anyway, + ## when it has changed) and change path to leases file + for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES $LDAP_CONF /etc /dev; do + if test -d "${i}" ; then + test -d "$CHROOT_PREFIX/${i}" || \ + mkdir -p "$CHROOT_PREFIX/${i}" + elif test -e "${i}" ; then + test -d "$CHROOT_PREFIX/${i%/*}" || \ + mkdir -p "$CHROOT_PREFIX/${i%/*}" + fi + done + rm -f $CHROOT_PREFIX/dev/urandom + for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES $LDAP_CONF /etc/{gai.conf,nsswitch.conf,resolv.conf,host.conf,hosts,localtime,bindresvport.blacklist} /dev/urandom; do + if ! test -e "$i"; then continue; fi # neither of them is absolutely necessary + cp -aL "$i" "${CHROOT_PREFIX}/${i%/*}/" &>/dev/null \ + || { echo "...$0:$LINENO: could not copy $i to chroot jail"; exit 6; } + done + libdir=@LIBDIR@ + if test -x /usr/bin/ldd ; then + get_ldd_deps() + { + ldd_wl="\/${libdir}\/lib" + ldd_bl="\/${libdir}\/libc\." + /usr/bin/ldd "$1" | \ + while read -sr a b c d ; do + [ -n "$c" ] || continue + [[ $c =~ $ldd_wl ]] || continue + [[ $c =~ $ldd_bl ]] && continue + echo $c + done + } + else + get_ldd_deps() { :; } + fi + cplibs=`for i in /$libdir/{libresolv.so.*,libnss_*.so.*} \ + /$libdir/{libpthread.so.0,libdl.so.2,libgcc_s.so.*} ; + do + if [ -s "$i" ] ; then + echo "$i" + get_ldd_deps "$i" + fi + done | sort -u` + for i in $cplibs ; do + if [ -s "$i" ]; then + cp -pL "$i" "${CHROOT_PREFIX}/$libdir/" \ + || { echo "...$0:$LINENO: could not copy $i to chroot jail"; exit 6; } + fi + done + + # mount /proc into the chroot; the server fails if unable to read /proc/net/{dev,if_inet6} + mkdir -p ${CHROOT_PREFIX}/proc + mount -t proc -o ro proc ${CHROOT_PREFIX}/proc 2>/dev/null + + DHCPD_ARGS="-chroot $CHROOT_PREFIX -lf /db/$DAEMON_LEASES" + + ## If there is a pid file containing a pid, the machine might have crashed. pid files in + ## /run are always cleaned up at boot time, but this is not the case for the pid file in + ## the chroot jail. Therefore, and old pid file may exist. This is only a problem if it + ## incidentally contains the pid of a running process. If this process is not a 'dhcpd', + ## we remove the pid. (dhcpd itself only checks whether the pid is alive or not.) + if test -s $DAEMON_STATE/$DAEMON_PIDFILE; then + p=$(<$DAEMON_STATE/$DAEMON_PIDFILE) + if test -n "$p" && grep -qsE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then + echo -n '(already running) ' + else + rm -f $DAEMON_STATE/$DAEMON_PIDFILE + fi + fi + PID_FILE_ARG="$DAEMON_PIDFILE" + else + DHCPD_ARGS="-lf ${DAEMON_STATE}/db/$DAEMON_LEASES" + PID_FILE_ARG="$DAEMON_STATE$DAEMON_PIDFILE" + fi + + if [ -n "$DHCPD_RUN_AS" ]; then + DHCPD_RUN_AS_GROUP="$(getent group $(getent passwd $DHCPD_RUN_AS | cut -d: -f4) | cut -d: -f1)" + DHCPD_ARGS="$DHCPD_ARGS -user $DHCPD_RUN_AS -group $DHCPD_RUN_AS_GROUP" + + chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \ + "$DAEMON_STATE/${DAEMON_PIDFILE%/*}" + fi + + + ## check syntax with -t (output to log file) and start only when the syntax is okay + rm -f $STARTPROC_LOGFILE # start log + error=0 + if ! $DAEMON_BIN $DHCPv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $PID_FILE_ARG > $STARTPROC_LOGFILE 2>&1 ; then + error=1 + else + ## Start daemon. If this fails the return value is set appropriate. + ## The init script should return 0, even if service is already running, + ## to match the LSB spec. + + test "$2" = "-v" && echo -en \ + "\nexecuting '$DAEMON_BIN $DHCPv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'" + + $DAEMON_BIN $DHCPv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE + ret=$? + fi + + if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then + ## be verbose + echo "" + echo -n " please see $STARTPROC_LOGFILE for details " + ## set status to failed + exit 1 + else + ln -sf "$DAEMON_STATE$DAEMON_PIDFILE" "$DAEMON_PIDFILE" + [ "$DHCPD_RUN_CHROOTED" = "yes" ] && echo -n "[chroot]" || : + fi + ;; + stop) + echo -n "Shutting down $DAEMON " + + # Catch the case where daemon is running without chroot, + # but sysconfig/dhcp has been changed to use chroot (and + # another way around). + # In this case is there is no $chroot/$pidfile, but there + # should be a /pidfile that we use instead. + # We can not kill without pid file or dhcp4 kills dhcp6. + PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE" + if test "$DHCPD_RUN_CHROOTED" = "yes" ; then + if test ! -s "$DAEMON_STATE$DAEMON_PIDFILE" -a \ + -s "$DAEMON_PIDFILE" ; then + PID_FILE="$DAEMON_PIDFILE" + fi + else + if test ! -s "$DAEMON_PIDFILE" -a \ + -s "$DAEMON_STATE$DAEMON_PIDFILE" ; then + PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE" + fi + fi + + ## Stop daemon with killproc(8) and if this fails + ## set echo the echo return value. + killproc -p "$PID_FILE" $DAEMON_BIN + ret=$? + + # umount proc and remove libraries from the chroot jail, + # so they are not left over if the server is deinstalled + if [ "$DHCPD_RUN_CHROOTED" = yes -a -n "$CHROOT_PREFIX" ]; then + umount ${CHROOT_PREFIX}/proc 2>/dev/null + rm -f $CHROOT_PREFIX/lib*/* + fi + + exit $ret + ;; + try-restart) + ## Do a restart only if the service was active before. + ## Note: try-restart is now part of LSB (as of 1.9). + ## RH has a similar command named condrestart. + $0 $DHCPv_OPT status + if test $? = 0; then + $0 $DHCPv_OPT restart + fi + ;; + restart) + ## Check syntax and when it is OK, stop the service + ## and regardless of whether it was running or not, + ## start it again. + if ! $0 $DHCPv_OPT check-syntax &>/dev/null ; then + echo -n "Syntax check reports errors, see log messages" + exit 1 + else + $0 $DHCPv_OPT stop + sleep 3 + $0 $DHCPv_OPT start + fi + ;; + force-reload) + ## Signal the daemon to reload its config. Most daemons + ## do this on signal 1 (SIGHUP). + ## If it does not support it, restart. + + if [ "$SUPPORTS_HUP" = "yes" ]; then + echo -n "Reload service $DAEMON" + killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN + #touch $DAEMON_STATE/$DAEMON_PIDFILE + elif ! $0 $DHCPv_OPT check-syntax &>/dev/null ; then + echo -n "Syntax check reports errors, see log messages" + exit 1 + else + $0 $DHCPv_OPT stop && sleep 3 && $0 $DHCPv_OPT start + fi + ;; + reload) + ## Like force-reload, but if daemon does not support + ## signalling, do nothing (!) + + echo -n "Reload service $DAEMON" + if [ "$SUPPORTS_HUP" = "yes" ]; then + # If it supports signalling: + killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN + #touch $DAEMON_STATE/$DAEMON_PIDFILE + else + ## Otherwise if it does not support reload: + exit 3 + fi + ;; + status) + echo -n "Checking for $DAEMON: " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Status has a slightly different for the status command: + # 0 - service running + # 1 - service dead, but /run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running + + # NOTE: checkproc returns LSB compliant status values. + checkproc -p $DAEMON_STATE/$DAEMON_PIDFILE $DAEMON_BIN + ;; + probe) + ## Optional: Probe for the necessity of a reload, + ## give out the argument which is required for a reload. + + rc=0 + for i in /etc/sysconfig/dhcpd $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do + test $i -nt $DAEMON_STATE/$DAEMON_PIDFILE && rc=1 + done + test $rc = 1 && echo restart + ;; + check-syntax|syntax-check) + echo -n "Checking syntax of $DAEMON_CONF: " + + ## this nice bit is from Edwin Groothuis: + ## check syntax (quiet) + $DAEMON_BIN $DHCPv_OPT -q -t -cf $DAEMON_CONF + if [ $? -ne 0 ]; then + echo "" + ## check syntax (verbose) + $DAEMON_BIN $DHCPv_OPT -t -cf $DAEMON_CONF + echo -ne '\nConfig is NOT okay' + exit 1 + fi + ;; + check-lease|check-lease-file) + echo -n "Checking lease file $DAEMON_LEASES: " + + if [ -s ${DAEMON_STATE}/db/$DAEMON_LEASES ] ; then + ## check leases file (quiet) + $DAEMON_BIN $DHCPv_OPT -q -T -cf /dev/null -lf ${DAEMON_STATE}/db/$DAEMON_LEASES + if [ $? -ne 0 ]; then + echo "" + ## check leases file (verbose) + $DAEMON_BIN $DHCPv_OPT -T -cf $DAEMON_CONF -lf ${DAEMON_STATE}/db/$DAEMON_LEASES + echo -ne '\nLease file is NOT okay' + exit 1 + fi + fi + ;; + *) + SCRIPT="${SCRIPT:-${0##*/} $DHCPv_OPT}" + echo "Usage: $SCRIPT {start|stop|status|try-restart|restart|force-reload|reload|probe|check-syntax} [-v]" + exit 1 +esac diff --git a/dhcpd.service b/dhcpd.service new file mode 100644 index 0000000..1112afd --- /dev/null +++ b/dhcpd.service @@ -0,0 +1,25 @@ +[Unit] +Description=ISC DHCPv4 Server +Before=multi-user.target +After=remote-fs.target network-online.target nss-lookup.target time-sync.target slapd.service sssd.service ndsd.service + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +Type=forking +Restart=on-abort +ExecStart=@LIBEXECDIR@/dhcp/dhcpd -4 start +ExecStop=@LIBEXECDIR@/dhcp/dhcpd -4 stop + +[Install] +WantedBy=multi-user.target +Alias=dhcp-server.service + diff --git a/dhcpd6.conf b/dhcpd6.conf new file mode 100644 index 0000000..d611bac --- /dev/null +++ b/dhcpd6.conf @@ -0,0 +1,127 @@ +# /etc/dhcpd6.conf +# +# Sample DHCPv6 configuration file for ISC dhcpd +# +# *** PLEASE CONFIGURE IT FIRST *** +# +# Don't forget to set the DHCPD6_INTERFACE in the +# /etc/sysconfig/dhcpd file. +# + +# +# Define RFC 4833 timezone options: +# +#option dhcp6.rfc4833-tz-posix-string code 41 = string; +#option dhcp6.rfc4833-tz-name code 42 = string; +# +# Use example: +# option dhcp6.rfc4833-tz-posix-string "EST5EDT4,M3.2.0/02:00,M11.1.0/02:00"; +# option dhcp6.rfc4833-tz-name "Europe/Zurich"; + + +# From the file used for TAHI tests. + +# +# For more iformations about IPv6 addresses, see also: +# http://tools.ietf.org/html/rfc4193 +# http://tools.ietf.org/html/rfc4291 +# http://www.iana.org/assignments/ipv6-address-space/ +# +# The addresses in the examples bellow are from the: +# FC00::/7 Unique Local Unicast [RFC4193] +# address space. +# +# Please allocate own prefix (6to4, tunnel broker) ! +# + +# IPv6 address valid lifetime +# (at the end the address is no longer usable by the client) +# (set to 30 days, the usual IPv6 default) +#default-lease-time 2592000; + +# IPv6 address preferred lifetime +# (at the end the address is deprecated, i.e., the client should use +# other addresses for new connections) +# (set to 7 days, the usual IPv6 default) +#preferred-lifetime 604800; + +# T1, the delay before Renew +# (default is 1/2 preferred lifetime) +# (set to 1 hour) +#option dhcp-renewal-time 3600; + +# T2, the delay before Rebind (if Renews failed) +# (default is 3/4 preferred lifetime) +# (set to 2 hours) +#option dhcp-rebinding-time 7200; + +# Enable RFC 5007 support (same than for DHCPv4) +#allow leasequery; + +# Global definitions for name server address(es) and domain search list +#option dhcp6.name-servers fc00:501:ffff:100:200:ff:fe00:3f3e; +#option dhcp6.domain-search "test.example.com","example.com"; + +# Set preference to 255 (maximum) in order to avoid waiting for +# additional servers when there is only one +##option dhcp6.preference 255; + +# Server side command to enable rapid-commit (2 packet exchange) +##option dhcp6.rapid-commit; + +# The delay before information-request refresh +# (minimum is 10 minutes, maximum one day, default is to not refresh) +# (set to 6 hours) +#option dhcp6.info-refresh-time 21600; + +# Static definition (must be global) +#host myclient { +# # The entry is looked up by this +# host-identifier option +# dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2; +# +# # A fixed address +# fixed-address6 fc00:501:ffff:100::1234; +# +# # A fixed prefix +# fixed-prefix6 fc00:501:ffff:101::/64; +# +# # Override of the global definitions, +# # works only when a resource (address or prefix) is assigned +# option dhcp6.name-servers fc00:501:ffff:100:200:ff:fe00:4f4e; +# +# # For debug (to see when the entry statements are executed) +# # (log "sol" when a matching Solicitation is received) +# ##if packet(0,1) = 1 { log(debug,"sol"); } +#} + +# The subnet where the server is attached +# (i.e., the server has an address in this subnet) +#subnet6 fc00:501:ffff:100::/64 { +# # Two addresses available to clients +# # (the third client should get NoAddrsAvail) +# range6 fc00:501:ffff:100::10 fc00:501:ffff:100::11; +# +# # Use the whole /64 prefix for temporary addresses +# # (i.e., direct application of RFC 4941) +# range6 fc00:501:ffff:100:: temporary; +# +# # Some /64 prefixes available for Prefix Delegation (RFC 3633) +# prefix6 fc00:501:ffff:100:: fc00:501:ffff:111:: /64; +#} + +# A second subnet behind a relay agent +#subnet6 fc00:501:ffff:101::/64 { +# range6 fc00:501:ffff:101::10 fc00:501:ffff:101::11; +# +# # Override of the global definitions, +# # works only when a resource (address or prefix) is assigned +# option dhcp6.name-servers fc00:501:ffff:101:200:ff:fe00:3f3e; +# +#} + +# A third subnet behind a relay agent chain +#subnet6 fc00:501:ffff:102::/64 { +# range6 fc00:501:ffff:102::10 fc00:501:ffff:102::11; +#} + diff --git a/dhcpd6.service b/dhcpd6.service new file mode 100644 index 0000000..2370a2b --- /dev/null +++ b/dhcpd6.service @@ -0,0 +1,25 @@ +[Unit] +Description=ISC DHCPv6 Server +Before=multi-user.target +After=remote-fs.target network.target nss-lookup.target time-sync.target slapd.service sssd.service ndsd.service + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +Type=forking +Restart=on-abort +ExecStart=@LIBEXECDIR@/dhcp/dhcpd -6 start +ExecStop=@LIBEXECDIR@/dhcp/dhcpd -6 stop + +[Install] +WantedBy=multi-user.target +Alias=dhcp6-server.service + diff --git a/dhcrelay.script b/dhcrelay.script new file mode 100644 index 0000000..9ff2837 --- /dev/null +++ b/dhcrelay.script @@ -0,0 +1,213 @@ +#! /bin/sh +# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH +# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH +# Copyright (c) 2002 SuSE Linux AG +# Copyright (c) 2003-2014 SUSE LINUX Products GmbH +# +# Author: Peter Poeml , 2001 +# Marius Tomaschewski , 2010 +# +# /usr/lib/dhcp/dhcrelay helper, +# fromer /etc/init.d/dhcrelay init script +# +### + +DHCPv_OPT=$1 ; shift +case $DHCPv_OPT in +-4) + DAEMON="ISC DHCPv4 relay agent" + DAEMON_BIN=/usr/sbin/dhcrelay + DAEMON_CONF=/etc/sysconfig/dhcrelay + DAEMON_PIDFILE=/run/dhcrelay.pid + STARTPROC_LOGFILE=/var/log/rc.dhcrelay.log + SUPPORTS_HUP="no" +;; +-6) + DAEMON="ISC DHCPv6 relay agent" + DAEMON_BIN=/usr/sbin/dhcrelay6 + DAEMON_CONF=/etc/sysconfig/dhcrelay + DAEMON_PIDFILE=/run/dhcrelay6.pid + STARTPROC_LOGFILE=/var/log/rc.dhcrelay6.log +;; +*) + echo >&2 "Usage: $0 <-4|-6> " + exit 2 +;; +esac + +test -s "$DAEMON_CONF" && . "$DAEMON_CONF" +if ! [ -x "$DAEMON_BIN" ]; then + case $1 in + stop) ;; + *) echo -n >&2 "$0: \"$DAEMON_BIN\" is not an executable file. Exiting." + case $1 in + status) exit 4 ;; + *) exit 5 ;; + esac + ;; + esac + exit 0 +fi + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signalling is not supported) are +# considered a success. + +case "$1" in + start) + # FIXME: this check is pointless since systemd already do it. + echo -n "Starting $DAEMON" + checkproc -p $DAEMON_PIDFILE $DAEMON_BIN && { + echo -n "... already running"; exit 0; + } + + case $DHCPv_OPT in + -4) + ## If interfaces or servers are not set, skip starting of dhcrelay + ## and return with "program not configured" + if [ -z "$DHCRELAY_INTERFACES" -o -z "$DHCRELAY_SERVERS" ]; then + # service is not configured + exit 6; + fi + + DHCRELAY_INTERFACES_ARGS='' + for i in $DHCRELAY_INTERFACES ; do + DHCRELAY_INTERFACES_ARGS="$DHCRELAY_INTERFACES_ARGS -i $i" + done + + DHCRELAY_ARGS="$DHCRELAY_OPTIONS $DHCRELAY_INTERFACES_ARGS $DHCRELAY_SERVERS" + ;; + -6) + DHCRELAY6_LOWER_INTERFACES_ARGS='' + for l in $DHCRELAY6_LOWER_INTERFACES ; do + test "x$l" = x -o "x$l" = "x-l" && continue + DHCRELAY6_LOWER_INTERFACES_ARGS="$DHCRELAY6_LOWER_INTERFACES_ARGS -l $l" + done + DHCRELAY6_UPPER_INTERFACES_ARGS='' + for u in $DHCRELAY6_UPPER_INTERFACES ; do + test "x$u" = x -o "x$u" = "x-u" && continue + DHCRELAY6_UPPER_INTERFACES_ARGS="$DHCRELAY6_UPPER_INTERFACES_ARGS -u $u" + done + if [ "x$DHCRELAY6_LOWER_INTERFACES_ARGS" = x -o \ + "x$DHCRELAY6_UPPER_INTERFACES_ARGS" = x ]; then + # service is not configured + exit 6; + fi + DHCRELAY_ARGS="$DHCRELAY6_OPTIONS $DHCRELAY6_LOWER_INTERFACES_ARGS $DHCRELAY6_UPPER_INTERFACES_ARGS" + ;; + esac + ## Start daemon with startproc(8). If this fails + ## the echo return value is set appropriate. + + # startproc should return 0, even if service is + # already running to match LSB spec. + if [ "$2" = "-v" ]; then + echo + echo -n "executing '$DAEMON_BIN $DHCPv_OPT $DHCRELAY_ARGS'" + fi + startproc -q -l $STARTPROC_LOGFILE -p $DAEMON_PIDFILE $DAEMON_BIN $DHCPv_OPT $DHCRELAY_ARGS >/dev/null 2>&1 + rc=$? + if ! [ $rc -eq 0 ]; then + ## be verbose + echo "" + echo -n " please see $STARTPROC_LOGFILE for details " + ## set status to failed + exit 1 + fi + ;; + stop) + echo -n "Shutting down $DAEMON" + ## Stop daemon with killproc(8) and if this fails + ## set echo the echo return value. + + killproc -p $DAEMON_PIDFILE $DAEMON_BIN + ;; + try-restart) + ## Do a restart only if the service was active before. + ## Note: try-restart is now part of LSB (as of 1.9). + ## RH has a similar command named condrestart. + $0 status + if test $? = 0; then + $0 restart + fi + ;; + restart) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 stop + sleep 1 + $0 start + ;; + force-reload) + ## Signal the daemon to reload its config. Most daemons + ## do this on signal 1 (SIGHUP). + ## If it does not support it, restart. + + $0 stop && sleep 1 && $0 start || exit + + echo -n "Reload service $DAEMON" + + if [ "$SUPPORTS_HUP" = "yes" ] ; then + killproc -p $DAEMON_PIDFILE -HUP $DAEMON_BIN + #touch $DAEMON_PIDFILE + else + $0 stop && $0 start + fi + ;; + reload) + ## Like force-reload, but if daemon does not support + ## signalling, do nothing (!) + + if [ "$SUPPORTS_HUP" = "yes" ] ; then + # If it supports signalling: + echo -n "Reload service $DAEMON" + killproc -p $DAEMON_PIDFILE -HUP $DAEMON_BIN + #touch $DAEMON_PIDFILE + else + ## Otherwise if it does not support reload: + exit 3 + fi + ;; + status) + echo -n "Checking for dhcp relay agent: " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Status has a slightly different for the status command: + # 0 - service running + # 1 - service dead, but /run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running + + # NOTE: checkproc returns LSB compliant status values. + checkproc -p $DAEMON_PIDFILE $DAEMON_BIN + ;; + probe) + ## Optional: Probe for the necessity of a reload, + ## give out the argument which is required for a reload. + + if [ "$DAEMON_CONF" -nt "$DAEMON_PIDFILE" ]; then + if [ "$SUPPORTS_HUP" = "yes" ]; then + echo reload + else + echo restart + fi + fi + ;; + *) + SCRIPT="${SCRIPT:-${0##*/} $DHCPv_OPT}" + echo "Usage: $SCRIPT {start|stop|status|try-restart|restart|force-reload|reload|probe} [-v]" + exit 1 + ;; +esac diff --git a/dhcrelay.service b/dhcrelay.service new file mode 100644 index 0000000..6b0af82 --- /dev/null +++ b/dhcrelay.service @@ -0,0 +1,26 @@ +[Unit] +Description=ISC DHCPv4 Relay Agent +Before=multi-user.target +After=remote-fs.target network.target nss-lookup.target time-sync.target ldap.service ndsd.service + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +Type=forking +Restart=on-abort +ExecStart=@LIBEXECDIR@/dhcp/dhcrelay -4 start +ExecStop=@LIBEXECDIR@/dhcp/dhcrelay -4 stop +PIDFile=/run/dhcrelay.pid + +[Install] +WantedBy=multi-user.target +Alias=dhcp-relay.service + diff --git a/dhcrelay6.service b/dhcrelay6.service new file mode 100644 index 0000000..cb77590 --- /dev/null +++ b/dhcrelay6.service @@ -0,0 +1,25 @@ +[Unit] +Description=ISC DHCPv6 Relay Agent +Before=multi-user.target +After=remote-fs.target network.target nss-lookup.target time-sync.target ldap.service ndsd.service + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +Type=forking +Restart=on-abort +ExecStart=@LIBEXECDIR@/dhcp/dhcrelay -6 start +ExecStop=@LIBEXECDIR@/dhcp/dhcrelay -6 stop + +[Install] +WantedBy=multi-user.target +Alias=dhcp6-relay.service + diff --git a/examples.tar.gz b/examples.tar.gz new file mode 100644 index 0000000..5d86e5b --- /dev/null +++ b/examples.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c8e12dc80ff8aaff46d69671b3700c5c2331900f9ae76ab0735913426bc38ad1 +size 1836 diff --git a/if-up.d.dhcpd-restart-hook b/if-up.d.dhcpd-restart-hook new file mode 100644 index 0000000..9bfbfbf --- /dev/null +++ b/if-up.d.dhcpd-restart-hook @@ -0,0 +1,175 @@ +#! /bin/bash +# +# dhcpd-restart-hook - script to restart dhcpd on virtual interfaces +# +# Copyright (C) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# Author(s): Marius Tomaschewski , 2009 +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# version 2 as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see +# +# Please send feedback via http://www.suse.de/feedback +# + +set -e + +unset ${!LC_*} LANUGUAGE +export LANG=POSIX +export PATH=/sbin:/usr/sbin:/usr/bin:/bin + +SCRIPTNAME=${0##*/} + +usage () { + echo "usage: $SCRIPTNAME [] [-o ]" + echo "" + echo "Any options are ignored" + exit $R_USAGE +} + +R_INTERNAL=1 # internal error, e.g. no config or missing scripts +cd /etc/sysconfig/network || exit $R_INTERNAL + +case $1 in ""|-h|*help*) usage ;; esac +INTERFACE="$1" +if test "x$2" != x -a "x$2" != "x-o" ; then + CONFIG=$INTERFACE + INTERFACE="$2" + shift +else + CONFIG=$INTERFACE +fi +shift + +mode="" +args=$(getopt -o "o:" -- "$@") +eval set -- "$args" +while [ $# -gt 0 ]; do + case "$1" in + --) shift; break;; + -o) mode="$2"; shift;; + esac + shift +done + +. /etc/sysconfig/network/config +if test -f /etc/sysconfig/network/scripts/functions ; then + . /etc/sysconfig/network/scripts/functions +fi + +. /etc/sysconfig/dhcpd 2>/dev/null +. /etc/sysconfig/network/ifcfg-"$CONFIG" 2>/dev/null || true + +: ${DHCPD_IFUP_RESTART:=auto} +: ${DHCPD6_IFUP_RESTART:=auto} + +iface_needs_restart() +{ + test -d /sys/class/net/$1/bridge -o \ + -d /sys/class/net/$1/bonding -o \ + -f /proc/net/vlan/$1 +} + +dhcpv4_server_restart() +{ + # + # don't do anything if we are disabled either + # in the /etc/sysconfig/dhcpd or per interface + # in the /etc/sysconfig/network/ifcfg-"$CONFIG" + # + test "$DHCPD_IFUP_RESTART" = no && return 0 + + # don't restart for loopback interface + case $INTERFACE in (lo) return 0 ;; esac + + restart_needed=$DHCPD_IFUP_RESTART + if test -n "$DHCPD_INTERFACE" \ + -a "$restart_needed" != yes ; + then + for I in $DHCPD_INTERFACE ; do + test -n "$I" || continue + + # don't restart when _one_ involved + # interface is not available/up yet + is_iface_up $I || return 0 + + # check if this interface is involved + if test "$I" = "$INTERFACE" ; then + + # check if a restart is needed + if iface_needs_restart $I ; then + restart_needed=yes + fi + fi + done + fi + + if test "$restart_needed" = yes ; then + if test "`/usr/bin/systemctl --value -p SubState show dhcpd.service`" = "running"; then + /usr/bin/systemctl restart dhcpd.service + fi + fi +} +dhcpv6_server_restart() +{ + # + # don't do anything if we are disabled either + # in the /etc/sysconfig/dhcpd or per interface + # in the /etc/sysconfig/network/ifcfg-"$CONFIG" + # + test "$DHCPD6_IFUP_RESTART" = no && return 0 + + # don't restart for loopback interface + case $INTERFACE in (lo) return 0 ;; esac + + restart_needed=$DHCPD6_IFUP_RESTART + if test -n "$DHCPD6_INTERFACE" \ + -a "$restart_needed" != yes ; + then + for I in $DHCPD6_INTERFACE ; do + test -n "$I" || continue + + # don't restart when _one_ involved + # interface is not available/up yet + is_iface_up $I || return 0 + + # check if this interface is involved + if test "$I" = "$INTERFACE" ; then + + # check if a restart is needed + if iface_needs_restart $I ; then + restart_needed=yes + fi + fi + done + fi + + if test "$restart_needed" = yes ; then + if test "`/usr/bin/systemctl --value -p SubState show dhcpd6.service`" = "running"; then + /usr/bin/systemctl restart dhcpd6.service + fi + fi +} + +case "$mode" in +*-up*) + dhcpv4_server_restart + dhcpv6_server_restart +;; +*-down*) + # don't do anything +;; +*) + echo "$SCRIPTNAME: don't know what to do" >&2 +;; +esac + diff --git a/slp.reg.d.dhcp.reg b/slp.reg.d.dhcp.reg new file mode 100644 index 0000000..43a711e --- /dev/null +++ b/slp.reg.d.dhcp.reg @@ -0,0 +1,11 @@ +############################################################################# +# +# OpenSLP registration file +# +# register dhcp service daemon +# +############################################################################# + +service:dhcp://$HOSTNAME:67,en,65535 +watch-port-udp=67 +description=DHCP Service diff --git a/sysconfig.dhcpd b/sysconfig.dhcpd new file mode 100644 index 0000000..566b10b --- /dev/null +++ b/sysconfig.dhcpd @@ -0,0 +1,184 @@ +## Path: Network/DHCP/DHCP server +## Description: DHCPv4 server settings +## Type: string +## Default: "" +## ServiceRestart: dhcpd +# +# Interface(s) for the DHCPv4 server to listen on. +# +# A special keyword is ANY, it will cause dhcpd to autodetect available +# interfaces. +# +# Examples: DHCPD_INTERFACE="eth0 eth1 eth2" +# DHCPD_INTERFACE="ANY" +# +DHCPD_INTERFACE="" + +## Path: Network/DHCP/DHCP server +## Description: DHCPv6 server settings +## Type: string +## Default: "" +## ServiceRestart: dhcpd6 +# +# Interface(s) for the DHCPv6 server to listen on. +# +# A special keyword is ANY, it will cause dhcpd to autodetect available +# interfaces. +# +# Examples: DHCPD6_INTERFACE="eth0 eth1 eth2" +# DHCPD6_INTERFACE="ANY" +# +DHCPD6_INTERFACE="" + +## Type: list(yes,no,auto,) +## Default: +## Description: Restart dhcpv4 server when interface goes up (again) +# +# When the dhcp server is listening on a virtual interface, e.g. bridge, +# bonding or vlan, and this interface gets deleted and recreated during +# a network restart, dhcpd will stop answering requests on this interface +# and needs a restart as well. +# Begining with SLE-10 SP3, we install an if-up.d post script (see ifup(8) +# and also ifservices(5)), enabled in auto mode by default. This variable +# can be used to force or avoid the dhcp server restart: +# +# no: do not restart dhcpd +# yes: force a dhcp server restart +# auto: (default) restart for virtual interfaces (bond,bridge,vlan) when +# all interfaces used in DHCPD_INTERFACE variable are up as well. +# +# Except of this global setting, the variable can be specified per interface +# in the interface configurations (/etc/sysconfig/network/ifcfg-$name). +# +DHCPD_IFUP_RESTART="" + +## Type: list(yes,no,auto,) +## Default: +## Description: Restart dhcpv6 server when interface goes up (again) +# +# When the dhcp server is listening on a virtual interface, e.g. bridge, +# bonding or vlan, and this interface gets deleted and recreated during +# a network restart, dhcpd will stop answering requests on this interface +# and needs a restart as well. +# Begining with SLE-10 SP3, we install an if-up.d post script (see ifup(8) +# and also ifservices(5)), enabled in auto mode by default. This variable +# can be used to force or avoid the dhcp server restart: +# +# no: do not restart dhcpd +# yes: force a dhcp server restart +# auto: (default) restart for virtual interfaces (bond,bridge,vlan) when +# all interfaces used in DHCPD_INTERFACE variable are up as well. +# +# Except of this global setting, the variable can be specified per interface +# in the interface configurations (/etc/sysconfig/network/ifcfg-$name). +# +DHCPD6_IFUP_RESTART="" + +## Type: yesno +## Default: yes +## ServiceRestart: dhcpd +# +# Shall the DHCP server dhcpd run in a chroot jail (/var/lib/dhcp)? +# +# Each time you start dhcpd with the init script, /etc/dhcpd.conf +# will be copied to /var/lib/dhcp/etc/. +# +# Some files that are important for hostname to IP address resolution +# (/etc/{gai.conf,nsswitch.conf,resolv.conf,host.conf,hosts,localtime}, +# /lib/lib{resolv.so.*,libnss_*.so.*,libpthread.so.0,libdl.so.2}) will +# also be copied to the chroot jail by the init script when you start +# it (less than 1MB altogether). +# +# The pid file will be in /var/lib/dhcp/var/run/dhcpd.pid. +# +DHCPD_RUN_CHROOTED="yes" + +## Type: yesno +## Default: yes +## ServiceRestart: dhcpd6 +# +# Shall the DHCP server dhcpd run in a chroot jail (/var/lib/dhcp6)? +# +# Each time you start dhcpd with the init script, /etc/dhcpd6.conf +# will be copied to /var/lib/dhcp6/etc/. +# +# Some files that are important for hostname to IP address resolution +# (/etc/{gai.conf,nsswitch.conf,resolv.conf,host.conf,hosts,localtime}, +# /lib/lib{resolv.so.*,libnss_*.so.*,libpthread.so.0,libdl.so.2}) will +# also be copied to the chroot jail by the init script when you start +# it (less than 1MB altogether). +# +# The pid file will be in /var/lib/dhcp6/var/run/dhcpd.pid. +# +DHCPD6_RUN_CHROOTED="yes" + +## Type: string +## Default: "/etc/dhcpd.d" +## ServiceRestart: dhcpd +# +# Since version 3, dhcpd.conf can contain include statements. +# If you enter the names of any include files here, _all_ conf +# files will be copied to $chroot/etc/, when dhcpd is started in the +# chroot jail. (/etc/dhcpd.conf is always copied.) +# +# For your convenience, you can also specify entire directories, +# that will be copied inclusive subdirectories. The /etc/dhcpd.d +# directory will be copied by default when it exists. +# +# Example: "/etc/foo.bar.conf /etc/dhcpd.bootp-clients.conf" +# +DHCPD_CONF_INCLUDE_FILES="/etc/dhcpd.d" + +## Type: string +## Default: "/etc/dhcpd.d" +## ServiceRestart: dhcpd6 +# +# Since version 3, dhcpd.conf can contain include statements. +# If you enter the names of any include files here, _all_ conf +# files will be copied to $chroot/etc/, when dhcpd is started in +# the chroot jail. (/etc/dhcpd6.conf is always copied.) +# +# For your convenience, you can also specify entire directories, +# that will be copied inclusive subdirectories. The /etc/dhcpd6.d +# directory will be copied by default when it exists. +# +# Example: "/etc/foo.bar.conf /etc/dhcpd6.bootp-clients.conf" +# +DHCPD6_CONF_INCLUDE_FILES="/etc/dhcpd6.d" + +## Type: string +## Default: "dhcpd" +## ServiceRestart: dhcpd +# +# Leave empty or enter "root" to let dhcpd run as root. +# Enter "dhcpd" to run dhcpd as user 'dhcpd'. +# +DHCPD_RUN_AS="dhcpd" + +## Type: string +## Default: "dhcpd" +## ServiceRestart: dhcpd6 +# +# Leave empty or enter "root" to let dhcpd run as root. +# Enter "dhcpd" to run dhcpd as user 'dhcpd'. +# +DHCPD6_RUN_AS="dhcpd" + +## Type: string +## Default: "" +## ServiceRestart: dhcpd +# +# Other arguments that you want dhcpd to be started with +# (e.g. "-p 1234" for a non-standard port to listen on) +# +DHCPD_OTHER_ARGS="" + +## Type: string +## Default: "" +## ServiceRestart: dhcpd6 +# +# Other arguments that you want dhcpd to be started with +# (e.g. "-p 1234" for a non-standard port to listen on) +# +DHCPD6_OTHER_ARGS="" + diff --git a/sysconfig.dhcrelay b/sysconfig.dhcrelay new file mode 100644 index 0000000..3d6ee67 --- /dev/null +++ b/sysconfig.dhcrelay @@ -0,0 +1,59 @@ +## Path: Network/DHCP/DHCP Relay agent +## Description: Configuration file for DHCP relay agent +## Type: string +## Default: "" +## ServiceRestart: dhcrelay +# +# Interface(s) for DHCPv4 relay agent to listen on +# +# Example: DHCPD_INTERFACE="eth0 eth1 eth2 wlan0" +# +DHCRELAY_INTERFACES="" + +## Type: string +## Default: "" +## ServiceRestart: dhcrelay +# +# DHCPv4 servers to be used by DHCPv4 relay agent +# (separated by spaces, e.g. "192.168.0.11 191.168.0.12") +# +DHCRELAY_SERVERS="" + +## Type: string +## Default: "" +## ServiceRestart: dhcrelay +# +# Additional DHCPv4 relay start options +# Example: "-c 8" +# +DHCRELAY_OPTIONS="" + +## Type: string +## Default: "" +## ServiceRestart: dhcrelay6 +# +# Specifies the ``lower'' client link network interfaces for DHCPv6 +# relay -- separated by spaces. +# The format of the lower interface is: "[address%]ifname[#index]". +# +DHCRELAY6_LOWER_INTERFACES="" + +## Type: string +## Default: "" +## ServiceRestart: dhcrelay6 +# +# Specifies the ``upper'' server link network interfaces for DHCPv6 +# relay -- separated by spaces. +# The format of the upper interface is "[address%]ifname". +# +DHCRELAY6_UPPER_INTERFACES="" + +## Type: string +## Default: "" +## ServiceRestart: dhcrelay6 +# +# Additional DHCPv6 relay start options +# Example: "-c 8 -I" +# +DHCRELAY6_OPTIONS="" + diff --git a/sysconfig.syslog-dhcpd b/sysconfig.syslog-dhcpd new file mode 100644 index 0000000..95be31a --- /dev/null +++ b/sysconfig.syslog-dhcpd @@ -0,0 +1,26 @@ +## Type: string +## Default: "/var/lib/dhcp/dev/log" +## ServiceRestart: syslog +# +# The filename mentioned here will be added with the "-a ..." option as +# additional socket via SYSLOGD_PARAMS when syslogd is started or used +# to generate an include file for another syslog daemons. +# +# This additional socket is needed in case that syslogd is restarted. +# Otherwise a chrooted dhcpd won't be able to continue logging. +# +SYSLOGD_ADDITIONAL_SOCKET_DHCP="/var/lib/dhcp/dev/log" + +## Type: string +## Default: "/var/lib/dhcp6/dev/log" +## ServiceRestart: syslog +# +# The filename mentioned here will be added with the "-a ..." option as +# additional socket via SYSLOGD_PARAMS when syslogd is started or used +# to generate an include file for another syslog daemons. +# +# This additional socket is needed in case that syslogd is restarted. +# Otherwise a chrooted dhcpd won't be able to continue logging. +# +SYSLOGD_ADDITIONAL_SOCKET_DHCP6="/var/lib/dhcp6/dev/log" +