rpm/dhcp
SHA256
1
0
Fork 0
forked from pool/dhcp
Code Pull Requests Activity

Accepting request 589263 from network:dhcp

Browse Source 
- Update to dhcp-4.3.6-P1:
  * CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
  * CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
  * Plugged a socket descriptor leak in OMAPI
  * The server now allows the client identifier (option 61) to own
    leases in more than one subnet concurrently [ISC-Bugs #41358].
  * When replying to a DHCPINFORM, the server will now include
    options specified at the pool scope, provided the ciaddr field
    of the DHCPINFORM is populated.
    [ISC-Bugs #43219] [ISC-Bugs #45051].
  * When memory allocation fails in a repeated way the process
    writes "Run out of memory." on the standard error and exists
    with status 1  [ISC-Bugs #32744].
  * The new lmdb (Lightning Memory DataBase) bind9 configure
    option is now disabled by default to avoid the presence of
    this library to be detected which can lead to a link failure.
    [ISC-Bugs #45069]
  * The linux interface discovery code has been modified to use
    getifaddrs() as is done for BSD and OS-X.
    [ISC-Bugs #28761] and others.
  * Fixed a bug in OMAPI that causes omshell to crash when a
    name-value pair with a zero length value is shipped in an
    object [ISC-Bugs #29108].
  * On 64-bit platforms, dhclient now generates the correct value
    for the script environment variable, "expiry", the lease
    expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
  * Common timer logic was modified to cap the maximum timeout
    values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
  * DHCP6 FQDN option unpacking code now correctly handles values
    that contain spaces, special, or non-printable characters.

OBS-URL: https://build.opensuse.org/request/show/589263
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=108
This commit is contained in:
Dominique Leuenberger 2018-03-24 15:12:24 +00:00 committed by Git OBS Bridge
commit 0f7de727ac
14 changed files with 225 additions and 772 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
0009-dhcp-4.2.6-close-on-exec.patch
View File

@ -8,11 +8,9 @@ Merged fixed close-on-exec patch (bnc#732910)
References: bnc#732910
Signed-off-by: Marius Tomaschewski <mt@suse.de>
diff --git a/client/clparse.c b/client/clparse.c
index 320c42f..b7e4251 100644
--- a/client/clparse.c
+++ b/client/clparse.c
@@ -221,7 +221,7 @@ int read_client_conf_file (const char *name, struct interface_info *ip,
--- client/clparse.c.orig
+++ client/clparse.c
@@ -262,7 +262,7 @@ int read_client_conf_file (const char *n
int token;
isc_result_t status;
@ -21,7 +19,7 @@ index 320c42f..b7e4251 100644
return uerr2isc (errno);
cfile = NULL;
@@ -297,7 +297,7 @@ void read_client_leases ()
@@ -338,7 +338,7 @@ void read_client_leases ()
/* Open the lease file. If we can't open it, just return -
we can safely trust the server to remember our state. */
@ -30,11 +28,9 @@ index 320c42f..b7e4251 100644
return;
cfile = NULL;
diff --git a/client/dhclient.c b/client/dhclient.c
index a077b48..ac36e3d 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -438,7 +438,7 @@ main(int argc, char **argv) {
--- client/dhclient.c.orig
+++ client/dhclient.c
@@ -565,7 +565,7 @@ main(int argc, char **argv) {
long temp;
int e;
@ -43,7 +39,7 @@ index a077b48..ac36e3d 100644
e = fscanf(pidfd, "%ld\n", &temp);
oldpid = (pid_t)temp;
@@ -2840,7 +2840,7 @@ void rewrite_client_leases ()
@@ -3403,7 +3403,7 @@ void rewrite_client_leases ()
if (leaseFile != NULL)
fclose (leaseFile);
@ -52,7 +48,7 @@ index a077b48..ac36e3d 100644
if (leaseFile == NULL) {
log_error ("can't create %s: %m", path_dhclient_db);
return;
@@ -3033,7 +3033,7 @@ write_duid(struct data_string *duid)
@@ -3598,7 +3598,7 @@ write_duid(struct data_string *duid)
return DHCP_R_INVALIDARG;
if (leaseFile == NULL) { /* XXX? */
@ -61,7 +57,7 @@ index a077b48..ac36e3d 100644
if (leaseFile == NULL) {
log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR;
@@ -3081,7 +3081,7 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease,
@@ -3643,7 +3643,7 @@ write_client6_lease(struct client_state
return DHCP_R_INVALIDARG;
if (leaseFile == NULL) { /* XXX? */
@ -70,7 +66,7 @@ index a077b48..ac36e3d 100644
if (leaseFile == NULL) {
log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR;
@@ -3213,7 +3213,7 @@ int write_client_lease (client, lease, rewrite, makesure)
@@ -3802,7 +3802,7 @@ int write_client_lease (client, lease, r
return 1;
if (leaseFile == NULL) { /* XXX */
@ -79,11 +75,9 @@ index a077b48..ac36e3d 100644
if (leaseFile == NULL) {
log_error ("can't create %s: %m", path_dhclient_db);
return 0;
diff --git a/common/bpf.c b/common/bpf.c
index 39d4f45..df9facc 100644
--- a/common/bpf.c
+++ b/common/bpf.c
@@ -95,7 +95,7 @@ int if_register_bpf (info)
--- common/bpf.c.orig
+++ common/bpf.c
@@ -94,7 +94,7 @@ int if_register_bpf (info)
for (b = 0; 1; b++) {
/* %Audit% 31 bytes max. %2004.06.17,Safe% */
sprintf(filename, BPF_FORMAT, b);
@ -92,33 +86,9 @@ index 39d4f45..df9facc 100644
if (sock < 0) {
if (errno == EBUSY) {
continue;
diff --git a/common/discover.c b/common/discover.c
index 3cd64a7..37af780 100644
--- a/common/discover.c
+++ b/common/discover.c
@@ -415,7 +415,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) {
int len;
int i;
- ifaces->fp = fopen("/proc/net/dev", "r");
+ ifaces->fp = fopen("/proc/net/dev", "re");
if (ifaces->fp == NULL) {
log_error("Error opening '/proc/net/dev' to list interfaces");
return 0;
@@ -450,7 +450,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) {
#ifdef DHCPv6
if (local_family == AF_INET6) {
- ifaces->fp6 = fopen("/proc/net/if_inet6", "r");
+ ifaces->fp6 = fopen("/proc/net/if_inet6", "re");
if (ifaces->fp6 == NULL) {
log_error("Error opening '/proc/net/if_inet6' to "
"list IPv6 interfaces; %m");
diff --git a/common/dlpi.c b/common/dlpi.c
index c34adc3..944f21c 100644
--- a/common/dlpi.c
+++ b/common/dlpi.c
@@ -804,7 +804,7 @@ dlpiopen(const char *ifname) {
--- common/dlpi.c.orig
+++ common/dlpi.c
@@ -813,7 +813,7 @@ dlpiopen(const char *ifname) {
}
*dp = '\0';
@ -127,10 +97,8 @@ index c34adc3..944f21c 100644
}
/*
diff --git a/common/nit.c b/common/nit.c
index 316e85f..6aa778b 100644
--- a/common/nit.c
+++ b/common/nit.c
--- common/nit.c.orig
+++ common/nit.c
@@ -75,7 +75,7 @@ int if_register_nit (info)
struct strioctl sio;
@ -140,10 +108,8 @@ index 316e85f..6aa778b 100644
if (sock < 0)
log_fatal ("Can't open NIT device for %s: %m", info -> name);
diff --git a/common/resolv.c b/common/resolv.c
index 526cebf..2ac8d43 100644
--- a/common/resolv.c
+++ b/common/resolv.c
--- common/resolv.c.orig
+++ common/resolv.c
@@ -44,7 +44,7 @@ void read_resolv_conf (parse_time)
struct domain_search_list *dp, *dl, *nd;
isc_result_t status;
@ -153,10 +119,8 @@ index 526cebf..2ac8d43 100644
log_error ("Can't open %s: %m", path_resolv_conf);
return;
}
diff --git a/common/upf.c b/common/upf.c
index 34011eb..77d5878 100644
--- a/common/upf.c
+++ b/common/upf.c
--- common/upf.c.orig
+++ common/upf.c
@@ -71,7 +71,7 @@ int if_register_upf (info)
/* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */
sprintf(filename, "/dev/pf/pfilt%d", b);
@ -166,11 +130,9 @@ index 34011eb..77d5878 100644
if (sock < 0) {
if (errno == EBUSY) {
continue;
diff --git a/omapip/trace.c b/omapip/trace.c
index f4115c1..4410c35 100644
--- a/omapip/trace.c
+++ b/omapip/trace.c
@@ -138,10 +138,10 @@ isc_result_t trace_begin (const char *filename,
--- omapip/trace.c.orig
+++ omapip/trace.c
@@ -138,10 +138,10 @@ isc_result_t trace_begin (const char *fi
return DHCP_R_INVALIDARG;
}
@ -183,7 +145,7 @@ index f4115c1..4410c35 100644
0600);
}
@@ -429,7 +429,7 @@ void trace_file_replay (const char *filename)
@@ -429,7 +429,7 @@ void trace_file_replay (const char *file
isc_result_t result;
int len;
@ -192,11 +154,9 @@ index f4115c1..4410c35 100644
if (!traceinfile) {
log_error("Can't open tracefile %s: %m", filename);
return;
diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
index 15b4997..9d39fae 100644
--- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
@@ -558,13 +558,14 @@ main(int argc, char **argv) {
--- relay/dhcrelay.c.orig
+++ relay/dhcrelay.c
@@ -659,13 +659,14 @@ main(int argc, char **argv) {
if (no_pid_file == ISC_FALSE) {
pfdesc = open(path_dhcrelay_pid,
@ -213,11 +173,9 @@ index 15b4997..9d39fae 100644
if (!pf)
log_error("Can't fdopen %s: %m",
path_dhcrelay_pid);
diff --git a/server/confpars.c b/server/confpars.c
index 4b2907d..6aa5b3f 100644
--- a/server/confpars.c
+++ b/server/confpars.c
@@ -111,7 +111,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
--- server/confpars.c.orig
+++ server/confpars.c
@@ -118,7 +118,7 @@ isc_result_t read_conf_file (const char
}
#endif
@ -226,11 +184,9 @@ index 4b2907d..6aa5b3f 100644
if (leasep) {
log_error ("Can't open lease database %s: %m --",
path_dhcpd_db);
diff --git a/server/db.c b/server/db.c
index 0c642ad..e9a38fe 100644
--- a/server/db.c
+++ b/server/db.c
@@ -1072,7 +1072,7 @@ void db_startup (testp)
--- server/db.c.orig
+++ server/db.c
@@ -1081,7 +1081,7 @@ void db_startup (testp)
}
#endif
if (!testp) {
@ -239,7 +195,7 @@ index 0c642ad..e9a38fe 100644
if (!db_file)
log_fatal ("Can't open %s for append.", path_dhcpd_db);
expire_all_pools ();
@@ -1120,7 +1120,7 @@ int new_lease_file ()
@@ -1129,7 +1129,7 @@ int new_lease_file ()
path_dhcpd_db) >= sizeof newfname)
log_fatal("new_lease_file: lease file path too long");
@ -248,7 +204,7 @@ index 0c642ad..e9a38fe 100644
if (db_fd < 0) {
log_error ("Can't create new lease file: %m");
return 0;
@@ -1145,7 +1145,7 @@ int new_lease_file ()
@@ -1154,7 +1154,7 @@ int new_lease_file ()
}
#endif /* PARANOIA */
@ -257,11 +213,9 @@ index 0c642ad..e9a38fe 100644
log_error("Can't fdopen new lease file: %m");
close(db_fd);
goto fdfail;
diff --git a/server/dhcpd.c b/server/dhcpd.c
index eecc89b..afef390 100644
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -658,7 +658,7 @@ main(int argc, char **argv) {
--- server/dhcpd.c.orig
+++ server/dhcpd.c
@@ -760,7 +760,7 @@ main(int argc, char **argv) {
*/
if ((lftest == 0) && (no_pid_file == ISC_FALSE)) {
/*Read previous pid file. */
@ -270,7 +224,7 @@ index eecc89b..afef390 100644
status = read(i, pbuf, (sizeof pbuf) - 1);
close(i);
if (status > 0) {
@@ -758,7 +758,7 @@ main(int argc, char **argv) {
@@ -878,7 +878,7 @@ main(int argc, char **argv) {
* appropriate.
*/
if (no_pid_file == ISC_FALSE) {
@ -279,11 +233,9 @@ index eecc89b..afef390 100644
if (i >= 0) {
sprintf(pbuf, "%d\n", (int) getpid());
IGNORE_RET(write(i, pbuf, strlen(pbuf)));
diff --git a/server/ldap.c b/server/ldap.c
index 2893b82..9530d9d 100644
--- a/server/ldap.c
+++ b/server/ldap.c
@@ -1442,7 +1442,7 @@ ldap_start (void)
--- server/ldap.c.orig
+++ server/ldap.c
@@ -1446,7 +1446,7 @@ ldap_start (void)
if (ldap_debug_file != NULL && ldap_debug_fd == -1)
{
@ -292,6 +244,3 @@ index 2893b82..9530d9d 100644
S_IRUSR | S_IWUSR)) < 0)
log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file,
strerror (errno));
--
2.1.4

110
0011-Fixed-linux-interface-discovery-using-getifaddrs.patch
View File

@ -1,110 +0,0 @@
From bd50ec560d7bec064190e4d430c066e170732c0e Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Tue, 27 Nov 2012 17:44:06 +0100
Subject: [PATCH] Fixed linux interface discovery using getifaddrs
References: bnc#791289,[ISC-Bugs #31992]
Unlike dhcp 3.x, dhcp 4.x scans interfaces from /proc/net/dev,
which provides only true interface names. When the address set
on the interface has a label assigned (linux 2.0 alias interface
compatibility), then the SIOCGIFADDR requires the label / alias
name as argument instead of the interface name to return this
address. When this is the only address assigned to an interface,
dhcp-server is unable to find any address and fails to start.
Changed to use getifaddrs() function, which retrieves all IP
addresses on linux systems and is available since GLIBC 2.3.
---
common/discover.c | 51 ++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 44 insertions(+), 7 deletions(-)
diff --git a/common/discover.c b/common/discover.c
index 4463178..c48d67b 100644
--- a/common/discover.c
+++ b/common/discover.c
@@ -373,7 +373,7 @@ end_iface_scan(struct iface_conf_list *ifaces) {
ifaces->sock = -1;
}
-#elif __linux /* !HAVE_SIOCGLIFCONF */
+#elif __linux && !(defined(__GNUC_PREREQ) && __GNUC_PREREQ(2,3)) /* !HAVE_SIOCGLIFCONF */
/*
* Linux support
* -------------
@@ -382,6 +382,14 @@ end_iface_scan(struct iface_conf_list *ifaces) {
* about interfaces, along with selected ioctl() calls.
*
* Linux low level access is documented in the netdevice man page.
+ *
+ * Note: Use getifaddrs instead
+ * Unfortunately this discover discards all interfaces where the
+ * only address has a label assigned (linux 2.0 alias interface
+ * compatibility) as the SIOCGIFADDR requires the the alias name
+ * (eth0:0) in ifr_name to fetch the address and /proc/net/dev
+ * on linux > 2.0 lists only the interface names (eth0) without
+ * any aliases.
*/
/*
@@ -755,11 +763,11 @@ end_iface_scan(struct iface_conf_list *ifaces) {
#else
/*
- * BSD support
- * -----------
+ * BSD & Linux support
+ * -------------------
*
* FreeBSD, NetBSD, OpenBSD, and OS X all have the getifaddrs()
- * function.
+ * function. Linux has it since glibc 2.3.
*
* The getifaddrs() man page describes the use.
*/
@@ -817,10 +825,39 @@ next_iface(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
return 0;
}
memset(info, 0, sizeof(struct iface_info));
- strncpy(info->name, ifaces->next->ifa_name, sizeof(info->name) - 1);
- memcpy(&info->addr, ifaces->next->ifa_addr,
- ifaces->next->ifa_addr->sa_len);
+ info->addr.ss_family = AF_UNSPEC;
info->flags = ifaces->next->ifa_flags;
+#ifdef __linux
+ if (strchr(ifaces->next->ifa_name, ':')) {
+ /*
+ * the name contains a ':', which may
+ * be a IPv4 "alias interface" label;
+ * resolve to the true interface name
+ */
+ if_indextoname(if_nametoindex(ifaces->next->ifa_name),
+ info->name);
+ } else {
+ strncpy(info->name, ifaces->next->ifa_name, sizeof(info->name) - 1);
+ }
+
+ if (ifaces->next->ifa_addr != NULL) {
+ if (ifaces->next->ifa_addr->sa_family == AF_INET) {
+ memcpy(&info->addr, ifaces->next->ifa_addr,
+ sizeof(struct sockaddr_in));
+ } else
+ if (ifaces->next->ifa_addr->sa_family == AF_INET6) {
+ memcpy(&info->addr, ifaces->next->ifa_addr,
+ sizeof(struct sockaddr_in6));
+ }
+ /* else e.g. AF_PACKET / link layer address */
+ }
+#else
+ strncpy(info->name, ifaces->next->ifa_name, sizeof(info->name) - 1);
+ if (ifaces->next->ifa_addr != NULL) {
+ memcpy(&info->addr, ifaces->next->ifa_addr,
+ ifaces->next->ifa_addr->sa_len);
+ }
+#endif
ifaces->next = ifaces->next->ifa_next;
*err = 0;
return 1;
--
2.13.1

32
0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch
View File

@ -9,11 +9,9 @@ and format timestamps as long to not break them on 64bit archs.
References: bsc#926159
diff --git a/client/dhc6.c b/client/dhc6.c
index bec1c87..e4a85fc 100644
--- a/client/dhc6.c
+++ b/client/dhc6.c
@@ -3877,8 +3877,8 @@ dhc6_marshall_values(const char *prefix, struct client_state *client,
--- client/dhc6.c.orig
+++ client/dhc6.c
@@ -4344,8 +4344,8 @@ dhc6_marshall_values(const char *prefix,
client_envadd(client, prefix,
"ip6_type", "temporary");
}
@ -24,7 +22,7 @@ index bec1c87..e4a85fc 100644
client_envadd(client, prefix, "preferred_life", "%u",
addr->preferred_life);
client_envadd(client, prefix, "max_life", "%u",
@@ -3889,8 +3889,8 @@ dhc6_marshall_values(const char *prefix, struct client_state *client,
@@ -4356,8 +4356,8 @@ dhc6_marshall_values(const char *prefix,
if (ia != NULL) {
client_envadd(client, prefix, "iaid", "%s",
print_hex_1(4, ia->iaid, 12));
@ -35,11 +33,9 @@ index bec1c87..e4a85fc 100644
client_envadd(client, prefix, "renew", "%u", ia->renew);
client_envadd(client, prefix, "rebind", "%u", ia->rebind);
}
diff --git a/client/dhclient.c b/client/dhclient.c
index 2eb28db..4d7394d 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -3119,13 +3119,13 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease,
--- client/dhclient.c.orig
+++ client/dhclient.c
@@ -3708,13 +3708,13 @@ write_client6_lease(struct client_state
return ISC_R_IOERROR;
if (ia->ia_type != D6O_IA_TA)
@ -57,7 +53,7 @@ index 2eb28db..4d7394d 100644
if (stat <= 0)
return ISC_R_IOERROR;
@@ -3142,10 +3142,10 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease,
@@ -3731,10 +3731,10 @@ write_client6_lease(struct client_state
if (stat <= 0)
return ISC_R_IOERROR;
@ -70,15 +66,3 @@ index 2eb28db..4d7394d 100644
addr->max_life);
if (stat <= 0)
return ISC_R_IOERROR;
@@ -3519,7 +3519,7 @@ void script_write_params (client, prefix, lease)
universes [i],
&es, client_option_envadd);
}
- client_envadd (client, prefix, "expiry", "%d", (int)(lease -> expiry));
+ client_envadd (client, prefix, "expiry", "%ld", (long)(lease -> expiry));
}
/*
--
2.1.4

148
0016-infiniband-support.patch
View File

@ -49,10 +49,8 @@ Date: Tue Mar 25 23:15:58 2014 +0200
References: bnc#870535
diff --git a/client/dhclient.c b/client/dhclient.c
index 3f2f8b2..40d9fe0 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
--- client/dhclient.c.orig
+++ client/dhclient.c
@@ -71,6 +71,40 @@ int std_dhcid = 0;
assert (state_is == state_shouldbe). */
#define ASSERT_STATE(state_is, state_shouldbe) {}
@ -92,9 +90,9 @@ index 3f2f8b2..40d9fe0 100644
+}
+
#ifndef UNIT_TEST
static const char copyright[] = "Copyright 2004-2016 Internet Systems Consortium.";
static const char copyright[] = "Copyright 2004-2018 Internet Systems Consortium.";
static const char arr [] = "All rights reserved.";
@@ -756,6 +790,26 @@ main(int argc, char **argv) {
@@ -767,6 +801,26 @@ main(int argc, char **argv) {
}
}
@ -121,7 +119,7 @@ index 3f2f8b2..40d9fe0 100644
/* At this point, all the interfaces that the script thinks
are relevant should be running, so now we once again call
discover_interfaces(), and this time ask it to actually set
@@ -770,19 +824,42 @@ main(int argc, char **argv) {
@@ -781,19 +835,42 @@ main(int argc, char **argv) {
Not much entropy, but we're booting, so we're not likely to
find anything better. */
seed = 0;
@ -166,7 +164,7 @@ index 3f2f8b2..40d9fe0 100644
*/
if ((local_family == AF_INET6) ||
((local_family == AF_INET) && (duid_v4 == 1))) {
@@ -793,6 +870,20 @@ main(int argc, char **argv) {
@@ -804,6 +881,20 @@ main(int argc, char **argv) {
form_duid(&default_duid, MDL);
write_duid(&default_duid);
}
@ -187,7 +185,7 @@ index 3f2f8b2..40d9fe0 100644
}
#if defined(DHCPv6) && defined(DHCP4o6)
@@ -1282,15 +1373,22 @@ void dhcpack (packet)
@@ -1293,15 +1384,22 @@ void dhcpack (packet)
if (client -> xid == packet -> raw -> xid)
break;
}
@ -215,7 +213,7 @@ index 3f2f8b2..40d9fe0 100644
}
if (client -> state != S_REBOOTING &&
@@ -1303,7 +1401,7 @@ void dhcpack (packet)
@@ -1314,7 +1412,7 @@ void dhcpack (packet)
return;
}
@ -224,7 +222,7 @@ index 3f2f8b2..40d9fe0 100644
lease = packet_to_lease (packet, client);
if (!lease) {
@@ -1951,15 +2049,21 @@ void dhcpoffer (packet)
@@ -1969,15 +2067,21 @@ void dhcpoffer (packet)
/* If we're not receptive to an offer right now, or if the offer
has an unrecognizable transaction id, then just drop it. */
if (!client ||
@ -251,7 +249,7 @@ index 3f2f8b2..40d9fe0 100644
}
sprintf (obuf, "%s from %s", name, piaddr (packet -> client_addr));
@@ -2197,11 +2301,11 @@ void dhcpnak (packet)
@@ -2215,11 +2319,11 @@ void dhcpnak (packet)
/* If we're not receptive to an offer right now, or if the offer
has an unrecognizable transaction id, then just drop it. */
@ -268,7 +266,7 @@ index 3f2f8b2..40d9fe0 100644
#if defined (DEBUG)
log_debug ("DHCPNAK in wrong transaction.");
#endif
@@ -2216,9 +2320,15 @@ void dhcpnak (packet)
@@ -2234,9 +2338,15 @@ void dhcpnak (packet)
log_debug ("DHCPNAK in wrong state.");
#endif
return;
@ -285,7 +283,7 @@ index 3f2f8b2..40d9fe0 100644
if (!client -> active) {
#if defined (DEBUG)
@@ -2351,11 +2461,11 @@ void send_discover (cpp)
@@ -2369,11 +2479,11 @@ void send_discover (cpp)
(long)(client -> interval));
} else
#endif
@ -302,7 +300,7 @@ index 3f2f8b2..40d9fe0 100644
/* Send out a packet. */
#if defined(DHCPv6) && defined(DHCP4o6)
if (dhcpv4_over_dhcpv6) {
@@ -2639,10 +2749,10 @@ void send_request (cpp)
@@ -2664,10 +2774,10 @@ void send_request (cpp)
log_info ("DHCPREQUEST");
} else
#endif
@ -315,7 +313,7 @@ index 3f2f8b2..40d9fe0 100644
#if defined(DHCPv6) && defined(DHCP4o6)
if (dhcpv4_over_dhcpv6) {
@@ -2699,10 +2809,10 @@ void send_decline (cpp)
@@ -2724,10 +2834,10 @@ void send_decline (cpp)
log_info ("DHCPDECLINE");
} else
#endif
@ -328,7 +326,7 @@ index 3f2f8b2..40d9fe0 100644
/* Send out a packet. */
#if defined(DHCPv6) && defined(DHCP4o6)
@@ -2761,10 +2871,10 @@ void send_release (cpp)
@@ -2786,10 +2896,10 @@ void send_release (cpp)
log_info ("DHCPRELEASE");
} else
#endif
@ -341,7 +339,7 @@ index 3f2f8b2..40d9fe0 100644
#if defined(DHCPv6) && defined(DHCP4o6)
if (dhcpv4_over_dhcpv6) {
@@ -3041,10 +3151,17 @@ make_client_options(struct client_state *client, struct client_lease *lease,
@@ -3066,10 +3176,17 @@ make_client_options(struct client_state
* This can be overridden by including a client id in the configuration
* file.
*/
@ -360,7 +358,7 @@ index 3f2f8b2..40d9fe0 100644
memset(&client_identifier, 0, sizeof(client_identifier));
client_identifier.len = 1 + 4 + default_duid.len;
if (!buffer_allocate(&client_identifier.buffer,
@@ -3135,12 +3252,13 @@ void make_discover (client, lease)
@@ -3160,12 +3277,13 @@ void make_discover (client, lease)
client -> packet.op = BOOTREQUEST;
client -> packet.htype = client -> interface -> hw_address.hbuf [0];
/* Assumes hw_address is known, otherwise a random value may result */
@ -376,7 +374,7 @@ index 3f2f8b2..40d9fe0 100644
client -> packet.flags = 0;
else
client -> packet.flags = htons (BOOTP_BROADCAST);
@@ -3152,7 +3270,7 @@ void make_discover (client, lease)
@@ -3177,7 +3295,7 @@ void make_discover (client, lease)
memset (&(client -> packet.siaddr),
0, sizeof client -> packet.siaddr);
client -> packet.giaddr = giaddr;
@ -385,7 +383,7 @@ index 3f2f8b2..40d9fe0 100644
memcpy (client -> packet.chaddr,
&client -> interface -> hw_address.hbuf [1],
(unsigned)(client -> interface -> hw_address.hlen - 1));
@@ -3209,7 +3327,8 @@ void make_request (client, lease)
@@ -3234,7 +3352,8 @@ void make_request (client, lease)
client -> packet.op = BOOTREQUEST;
client -> packet.htype = client -> interface -> hw_address.hbuf [0];
/* Assumes hw_address is known, otherwise a random value may result */
@ -395,7 +393,7 @@ index 3f2f8b2..40d9fe0 100644
client -> packet.hops = 0;
client -> packet.xid = client -> xid;
client -> packet.secs = 0; /* Filled in by send_request. */
@@ -3241,7 +3360,7 @@ void make_request (client, lease)
@@ -3266,7 +3385,7 @@ void make_request (client, lease)
else
memset (&client -> packet.giaddr, 0,
sizeof client -> packet.giaddr);
@ -404,7 +402,7 @@ index 3f2f8b2..40d9fe0 100644
memcpy (client -> packet.chaddr,
&client -> interface -> hw_address.hbuf [1],
(unsigned)(client -> interface -> hw_address.hlen - 1));
@@ -3284,7 +3403,8 @@ void make_decline (client, lease)
@@ -3309,7 +3428,8 @@ void make_decline (client, lease)
client -> packet.op = BOOTREQUEST;
client -> packet.htype = client -> interface -> hw_address.hbuf [0];
/* Assumes hw_address is known, otherwise a random value may result */
@ -414,7 +412,7 @@ index 3f2f8b2..40d9fe0 100644
client -> packet.hops = 0;
client -> packet.xid = client -> xid;
client -> packet.secs = 0; /* Filled in by send_request. */
@@ -3301,9 +3421,10 @@ void make_decline (client, lease)
@@ -3326,9 +3446,10 @@ void make_decline (client, lease)
memset (&client -> packet.siaddr, 0,
sizeof client -> packet.siaddr);
client -> packet.giaddr = giaddr;
@ -428,7 +426,7 @@ index 3f2f8b2..40d9fe0 100644
#ifdef DEBUG_PACKET
dump_raw ((unsigned char *)&client -> packet, client -> packet_length);
@@ -3346,7 +3467,8 @@ void make_release (client, lease)
@@ -3371,7 +3492,8 @@ void make_release (client, lease)
client -> packet.op = BOOTREQUEST;
client -> packet.htype = client -> interface -> hw_address.hbuf [0];
/* Assumes hw_address is known, otherwise a random value may result */
@ -438,7 +436,7 @@ index 3f2f8b2..40d9fe0 100644
client -> packet.hops = 0;
client -> packet.xid = random ();
client -> packet.secs = 0;
@@ -3358,9 +3480,10 @@ void make_release (client, lease)
@@ -3383,9 +3505,10 @@ void make_release (client, lease)
memset (&client -> packet.siaddr, 0,
sizeof client -> packet.siaddr);
client -> packet.giaddr = giaddr;
@ -452,7 +450,7 @@ index 3f2f8b2..40d9fe0 100644
#ifdef DEBUG_PACKET
dump_raw ((unsigned char *)&client -> packet, client -> packet_length);
@@ -3513,17 +3636,13 @@ write_options(struct client_state *client, struct option_state *options,
@@ -3538,17 +3661,13 @@ write_options(struct client_state *clien
* is not how it is intended. Upcoming rearchitecting the client should
* address this "one daemon model."
*/
@ -473,7 +471,7 @@ index 3f2f8b2..40d9fe0 100644
log_fatal("Impossible condition at %s:%d.", MDL);
if ((ip->hw_address.hlen == 0) ||
@@ -3573,6 +3692,13 @@ form_duid(struct data_string *duid, const char *file, int line)
@@ -3598,6 +3717,13 @@ form_duid(struct data_string *duid, cons
}
}
@ -487,7 +485,7 @@ index 3f2f8b2..40d9fe0 100644
/* Write the default DUID to the lease store. */
static isc_result_t
write_duid(struct data_string *duid)
@@ -4946,7 +5072,8 @@ client_dns_update(struct client_state *client, dhcp_ddns_cb_t *ddns_cb)
@@ -5020,7 +5146,8 @@ client_dns_update(struct client_state *c
NULL, client,
client->sent_options, NULL,
&global_scope, oc, MDL)) {
@ -497,10 +495,8 @@ index 3f2f8b2..40d9fe0 100644
(client_identifier.data[0] == 255)) {
/*
* This appears to be an embedded DUID,
diff --git a/common/bpf.c b/common/bpf.c
index 34bbd5b..c415c22 100644
--- a/common/bpf.c
+++ b/common/bpf.c
--- common/bpf.c.orig
+++ common/bpf.c
@@ -116,7 +116,7 @@ int if_register_bpf (info)
log_fatal ("Can't attach interface %s to bpf device %s: %m",
info -> name, filename);
@ -566,11 +562,9 @@ index 34bbd5b..c415c22 100644
struct ifaddrs *ifa;
struct ifaddrs *p;
struct sockaddr_dl *sa;
diff --git a/common/discover.c b/common/discover.c
index c48d67b..969ee3e 100644
--- a/common/discover.c
+++ b/common/discover.c
@@ -1280,7 +1280,7 @@ discover_interfaces(int state) {
--- common/discover.c.orig
+++ common/discover.c
@@ -881,7 +881,7 @@ discover_interfaces(int state) {
if_register_send(tmp);
} else {
/* get_hw_addr() was called by register. */
@ -579,7 +573,7 @@ index c48d67b..969ee3e 100644
}
break;
#ifdef DHCPv6
@@ -1293,7 +1293,7 @@ discover_interfaces(int state) {
@@ -894,7 +894,7 @@ discover_interfaces(int state) {
so now we have to call it explicitly
to not leave the hardware address unknown
(some code expects it cannot be. */
@ -588,10 +582,8 @@ index c48d67b..969ee3e 100644
} else {
if_register_linklocal6(tmp);
}
diff --git a/common/dlpi.c b/common/dlpi.c
index 1014e29..3e6a3d3 100644
--- a/common/dlpi.c
+++ b/common/dlpi.c
--- common/dlpi.c.orig
+++ common/dlpi.c
@@ -1339,7 +1339,9 @@ void maybe_setup_fallback ()
#endif /* USE_DLPI_SEND */
@ -603,10 +595,8 @@ index 1014e29..3e6a3d3 100644
int sock, unit;
long buf[DLPI_MAXDLBUF];
union DL_primitives *dlp;
diff --git a/common/lpf.c b/common/lpf.c
index 123790d..943d679 100644
--- a/common/lpf.c
+++ b/common/lpf.c
--- common/lpf.c.orig
+++ common/lpf.c
@@ -47,12 +47,22 @@
#include <sys/ioctl.h>
#include <sys/socket.h>
@ -803,7 +793,7 @@ index 123790d..943d679 100644
ssize_t send_packet (interface, packet, raw, len, from, to, hto)
struct interface_info *interface;
struct packet *packet;
@@ -335,6 +445,10 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto)
@@ -335,6 +445,10 @@ ssize_t send_packet (interface, packet,
return send_fallback (interface, packet, raw,
len, from, to, hto);
@ -814,7 +804,7 @@ index 123790d..943d679 100644
if (hto == NULL && interface->anycast_mac_addr.hlen)
hto = &interface->anycast_mac_addr;
@@ -439,7 +553,15 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
@@ -439,7 +553,15 @@ ssize_t receive_packet (interface, buf,
bufix = 0;
/* Decode the physical header... */
@ -894,7 +884,7 @@ index 123790d..943d679 100644
break;
case ARPHRD_IEEE802:
#ifdef ARPHRD_IEEE802_TR
@@ -541,18 +674,37 @@ get_hw_addr(const char *name, struct hardware *hw) {
@@ -541,18 +674,37 @@ get_hw_addr(const char *name, struct har
#endif /* ARPHRD_IEEE802_TR */
hw->hlen = 7;
hw->hbuf[0] = HTYPE_IEEE802;
@ -936,10 +926,8 @@ index 123790d..943d679 100644
+ freeifaddrs(ifaddrs);
}
#endif
diff --git a/common/print.c b/common/print.c
index ce368c4..7dd9f52 100644
--- a/common/print.c
+++ b/common/print.c
--- common/print.c.orig
+++ common/print.c
@@ -173,11 +173,11 @@ char *print_hw_addr (htype, hlen, data)
const int hlen;
const unsigned char *data;
@ -954,11 +942,9 @@ index ce368c4..7dd9f52 100644
habuf [0] = 0;
else {
s = habuf;
diff --git a/common/socket.c b/common/socket.c
index e8851b4..2c6fb1c 100644
--- a/common/socket.c
+++ b/common/socket.c
@@ -328,7 +328,7 @@ void if_register_send (info)
--- common/socket.c.orig
+++ common/socket.c
@@ -331,7 +331,7 @@ void if_register_send (info)
info->wfdesc = if_register_socket(info, AF_INET, 0, NULL);
/* If this is a normal IPv4 address, get the hardware address. */
if (strcmp(info->name, "fallback") != 0)
@ -967,7 +953,7 @@ index e8851b4..2c6fb1c 100644
#if defined (USE_SOCKET_FALLBACK)
/* Fallback only registers for send, but may need to receive as
well. */
@@ -391,7 +391,7 @@ void if_register_receive (info)
@@ -394,7 +394,7 @@ void if_register_receive (info)
#endif /* IP_PKTINFO... */
/* If this is a normal IPv4 address, get the hardware address. */
if (strcmp(info->name, "fallback") != 0)
@ -976,7 +962,7 @@ index e8851b4..2c6fb1c 100644
if (!quiet_interface_discovery)
log_info ("Listening on Socket/%s%s%s",
@@ -505,7 +505,7 @@ if_register6(struct interface_info *info, int do_multicast) {
@@ -508,7 +508,7 @@ if_register6(struct interface_info *info
if (req_multi)
if_register_multicast(info);
@ -985,7 +971,7 @@ index e8851b4..2c6fb1c 100644
if (!quiet_interface_discovery) {
if (info->shared_network != NULL) {
@@ -561,7 +561,7 @@ if_register_linklocal6(struct interface_info *info) {
@@ -564,7 +564,7 @@ if_register_linklocal6(struct interface_
info->rfdesc = sock;
info->wfdesc = sock;
@ -994,7 +980,7 @@ index e8851b4..2c6fb1c 100644
if (!quiet_interface_discovery) {
if (info->shared_network != NULL) {
@@ -1145,7 +1145,9 @@ void maybe_setup_fallback ()
@@ -1148,7 +1148,9 @@ void maybe_setup_fallback ()
#if defined(sun) && defined(USE_V4_PKTINFO)
/* This code assumes the existence of SIOCGLIFHWADDR */
void
@ -1005,10 +991,8 @@ index e8851b4..2c6fb1c 100644
struct sockaddr_dl *dladdrp;
int sock, i;
struct lifreq lifr;
diff --git a/includes/dhcpd.h b/includes/dhcpd.h
index fa7d6fb..e55309e 100644
--- a/includes/dhcpd.h
+++ b/includes/dhcpd.h
--- includes/dhcpd.h.orig
+++ includes/dhcpd.h
@@ -1345,6 +1345,7 @@ struct interface_info {
struct shared_network *shared_network;
/* Networks connected to this interface. */
@ -1017,7 +1001,7 @@ index fa7d6fb..e55309e 100644
struct in_addr *addresses; /* Addresses associated with this
* interface.
*/
@@ -2583,7 +2584,7 @@ void print_dns_status (int, struct dhcp_ddns_cb *, isc_result_t);
@@ -2584,7 +2585,7 @@ void print_dns_status (int, struct dhcp_
#endif
const char *print_time(TIME);
@ -1026,11 +1010,9 @@ index fa7d6fb..e55309e 100644
char *buf_to_hex (const unsigned char *s, unsigned len,
const char *file, int line);
char *format_lease_id(const unsigned char *s, unsigned len, int format,
diff --git a/server/dhcp.c b/server/dhcp.c
index c9b3632..effa9b1 100644
--- a/server/dhcp.c
+++ b/server/dhcp.c
@@ -1967,11 +1967,12 @@ void echo_client_id(packet, lease, in_options, out_options)
--- server/dhcp.c.orig
+++ server/dhcp.c
@@ -1991,11 +1991,12 @@ void echo_client_id(packet, lease, in_op
/* Check if echo-client-id is enabled */
oc = lookup_option(&server_universe, in_options, SV_ECHO_CLIENT_ID);
@ -1045,7 +1027,7 @@ index c9b3632..effa9b1 100644
struct data_string client_id;
unsigned int opcode = DHO_DHCP_CLIENT_IDENTIFIER;
@@ -3766,9 +3767,11 @@ void dhcp_reply (lease)
@@ -3801,9 +3802,11 @@ void dhcp_reply (lease)
} else
bufs |= 2; /* XXX */
@ -1060,11 +1042,9 @@ index c9b3632..effa9b1 100644
raw.htype = lease -> hardware_addr.hbuf [0];
/* See if this is a Microsoft client that NUL-terminates its
diff --git a/server/dhcpleasequery.c b/server/dhcpleasequery.c
index 75a0e72..6207c31 100644
--- a/server/dhcpleasequery.c
+++ b/server/dhcpleasequery.c
@@ -299,7 +299,7 @@ dhcpleasequery(struct packet *packet, int ms_nulltp) {
--- server/dhcpleasequery.c.orig
+++ server/dhcpleasequery.c
@@ -299,7 +299,7 @@ dhcpleasequery(struct packet *packet, in
assoc_ips,
nassoc_ips);
@ -1073,7 +1053,7 @@ index 75a0e72..6207c31 100644
if (packet->raw->hlen+1 > sizeof(h.hbuf)) {
log_info("%s: hardware length too long, "
@@ -409,11 +409,13 @@ dhcpleasequery(struct packet *packet, int ms_nulltp) {
@@ -409,11 +409,13 @@ dhcpleasequery(struct packet *packet, in
* Set the hardware address fields.
*/
@ -1091,11 +1071,9 @@ index 75a0e72..6207c31 100644
/*
* Set client identifier option.
diff --git a/server/mdb.c b/server/mdb.c
index 6af6b63..a143452 100644
--- a/server/mdb.c
+++ b/server/mdb.c
@@ -618,6 +618,9 @@ int find_hosts_by_haddr (struct host_decl **hp, int htype,
--- server/mdb.c.orig
+++ server/mdb.c
@@ -618,6 +618,9 @@ int find_hosts_by_haddr (struct host_dec
return ret;
#endif

50
0019-dhcp-4.2.4-P1-interval.patch
View File

@ -1,50 +0,0 @@
commit 9a312e3cd914da2b6f32651c94d1d1d4fb0bf359
Author: Jiri Popelka <jpopelka@redhat.com>
Date: Fri Jul 27 10:00:49 2012 +0200
isc_time_nowplusinterval() is not safe with 64-bit time_t (#662254, #789601)
References: bsc#947780, bsc#880984
Index: dhcp-4.2.4-P2/common/dispatch.c
===================================================================
--- dhcp-4.2.4-P2.orig/common/dispatch.c
+++ dhcp-4.2.4-P2/common/dispatch.c
@@ -320,7 +320,20 @@ void add_timeout (when, where, what, ref
q->next = timeouts;
timeouts = q;
- isc_interval_set(&interval, sec & DHCP_SEC_MAX, usec * 1000);
+ /* isc_time_nowplusinterval() is not safe with 64-bit time_t and will
+ * return an error for sufficiently large intervals. We have to limit
+ * the interval to INT_MAX or less to ensure the interval doesn't
+ * overflow 32 bits, since the returned isc_time_t fields are
+ * 32-bit unsigned ints.
+ *
+ * HACK: The 9 is a magic number of seconds, since some time may have
+ * gone by since the last call to gettimeofday() and the one in
+ * isc_time_nowplusinterval().
+ */
+ if (sec > TIME_MAX)
+ sec = TIME_MAX - 9;
+
+ isc_interval_set(&interval, sec, usec * 1000);
status = isc_time_nowplusinterval(&expires, &interval);
if (status != ISC_R_SUCCESS) {
/*
From: Nirmoy Das <ndas@suse.de>
Date: Tue, 26 Jan 2016 13:36:28 +0100
Subject: [PATCH] adjusted interval check
Index: dhcp-4.3.3/common/dispatch.c
===================================================================
--- dhcp-4.3.3.orig/common/dispatch.c
+++ dhcp-4.3.3/common/dispatch.c
@@ -349,7 +349,7 @@ void add_timeout (when, where, what, ref
* gone by since the last call to gettimeofday() and the one in
* isc_time_nowplusinterval().
*/
- if (sec > TIME_MAX)
+ if (sec > TIME_MAX - 9)
sec = TIME_MAX - 9;
isc_interval_set(&interval, sec, usec * 1000);

20
0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch
View File

@ -7,10 +7,8 @@ year 2038 is EOT only for 32 bit machine. This patch checks
wordsize and do a proper EOT checking on lease duration. It
also fixes integer overflows in the date and time handling code.
diff --git a/common/parse.c b/common/parse.c
index 22e7d58..e9e53a4 100644
--- a/common/parse.c
+++ b/common/parse.c
--- common/parse.c.orig
+++ common/parse.c
@@ -939,7 +939,7 @@ TIME
parse_date_core(cfile)
struct parse *cfile;
@ -56,16 +54,14 @@ index 22e7d58..e9e53a4 100644
(year - 69) / 4 + /* Leap days since '70 */
(mon /* Days in months this year */
? months [mon - 1]
diff --git a/includes/dhcpd.h b/includes/dhcpd.h
index 4270edc..1af4c5b 100644
--- a/includes/dhcpd.h
+++ b/includes/dhcpd.h
@@ -1561,7 +1561,7 @@ typedef unsigned char option_mask [16];
#define DHCPD_LOG_FACILITY LOG_DAEMON
--- includes/dhcpd.h.orig
+++ includes/dhcpd.h
@@ -1588,7 +1588,7 @@ typedef unsigned char option_mask [16];
#endif
-#define MAX_TIME 0x7fffffff
#define INFINITE_TIME 0xffffffff
-#define MAX_TIME 0x7fffffff
+#define MAX_TIME LONG_MAX
#define MIN_TIME 0
#define MIN_TIME 0
#ifdef USE_LOG_PID

61
0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
View File

@ -1,61 +0,0 @@
From 1a6b62fe17a42b00fa234d06b6dfde3d03451894 Mon Sep 17 00:00:00 2001
From: Thomas Markwalder <tmark@isc.org>
Date: Thu, 7 Dec 2017 11:23:36 -0500
Subject: [PATCH] [master] Plugs a socket descriptor leak in OMAPI
Merges in rt46767.
---
RELNOTES | 5 +++++
omapip/buffer.c | 9 +++++++++
omapip/message.c | 2 +-
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/RELNOTES b/RELNOTES
index cf44b3e..d43e7b3 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -919,6 +919,11 @@ by Eric Young (eay@cryptsoft.com).
and our website for directions on bug submissions.
[ISC-Bugs #24789]
+- Plugged a socket descriptor leak in OMAPI, that can occur when there is
+ data pending to be written to an OMAPI connection, when the connection
+ is closed by the reader.
+ [ISc-Bugs #46767]
+
Changes since 4.2.0 (new features)
- If a client renews before 'dhcp-cache-threshold' percent of its lease
diff --git a/omapip/buffer.c b/omapip/buffer.c
index f7fdc32..809034d 100644
--- a/omapip/buffer.c
+++ b/omapip/buffer.c
@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
omapi_buffer_dereference (&buffer, MDL);
}
}
+
+ /* If we had data left to write when we're told to disconnect,
+ * we need recall disconnect, now that we're done writing.
+ * See rt46767. */
+ if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
+ omapi_disconnect (h, 1);
+ return ISC_R_SHUTTINGDOWN;
+ }
+
return ISC_R_SUCCESS;
}
diff --git a/omapip/message.c b/omapip/message.c
index 59ccdc2..21bcfc3 100644
--- a/omapip/message.c
+++ b/omapip/message.c
@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
}
#ifdef DEBUG_PROTOCOL
-static const char *omapi_message_op_name(int op) {
+const char *omapi_message_op_name(int op) {
switch (op) {
case OMAPI_OP_OPEN: return "OMAPI_OP_OPEN";
case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";

306
0022-Optimized-if-and-when-DNS-client-context-and-ports.patch
View File

@ -1,306 +0,0 @@
From df869de2b9f95f14ce4eca142afaf0f1fef29809 Mon Sep 17 00:00:00 2001
From: Nirmoy Das <ndas@suse.de>
Date: Thu, 11 Jan 2018 10:20:59 +0100
Subject: [PATCH] modified for SLES
From ca22af89996483efd820de0084c964fc336ee7c1 Mon Sep 17 00:00:00 2001
From: Thomas Markwalder <tmark@isc.org>
Date: Mon, 19 Jun 2017 14:44:29 -0400
Subject: [PATCH] [master] Optimized if and when DNS client context and ports
are initted
Merges in rt45290.
---
RELNOTES | 9 ++++++
client/dhclient.8 | 5 +--
client/dhclient.c | 4 +--
common/dns.c | 15 +++++++--
includes/omapip/isclib.h | 9 +++++-
omapip/isclib.c | 80 ++++++++++++++++++++++++++++++------------------
relay/dhcrelay.c | 3 +-
server/dhcpd.8 | 6 ++--
server/dhcpd.c | 14 ++++++---
9 files changed, 100 insertions(+), 45 deletions(-)
---
client/dhclient.8 | 5 +--
client/dhclient.c | 4 +--
common/dns.c | 15 +++++++--
includes/omapip/isclib.h | 9 +++++-
omapip/isclib.c | 80 ++++++++++++++++++++++++++++++------------------
relay/dhcrelay.c | 3 +-
server/dhcpd.8 | 4 +--
server/dhcpd.c | 14 ++++++---
8 files changed, 90 insertions(+), 44 deletions(-)
diff --git a/client/dhclient.8 b/client/dhclient.8
index d9a26b7..8991e16 100644
--- a/client/dhclient.8
+++ b/client/dhclient.8
@@ -461,8 +461,9 @@ port will be used for the established connection.
When DDNS is enabled at compile time (see includes/site.h)
the client will open both a v4 and a v6 UDP socket on
-random ports. These ports are opened even if DDNS is disabled
-in the configuration file.
+random ports. These ports are not opened unless/until the
+client first attempts to do an update. If the client is not
+configured to do updates, the ports will never be opened.
.PP
.SH CONFIGURATION
The syntax of the \fBdhclient.conf(5)\fR file is discussed separately.
diff --git a/client/dhclient.c b/client/dhclient.c
index 2804ea8..d3fe751 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -187,8 +187,8 @@ main(int argc, char **argv) {
#endif
/* Set up the isc and dns library managers */
- status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB,
- NULL, NULL);
+ status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB
+ | DHCP_DNS_CLIENT_LAZY_INIT, NULL, NULL);
if (status != ISC_R_SUCCESS)
log_fatal("Can't initialize context: %s",
isc_result_totext(status));
diff --git a/common/dns.c b/common/dns.c
index 0f8be80..2ca4ba8 100644
--- a/common/dns.c
+++ b/common/dns.c
@@ -3,8 +3,7 @@
Domain Name Service subroutines. */
/*
- * Copyright (c) 2009-2015 by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 2004-2007 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2001-2003 by Internet Software Consortium
*
* Permission to use, copy, modify, and distribute this software for any
@@ -2151,6 +2150,12 @@ ddns_modify_fwd(dhcp_ddns_cb_t *ddns_cb, const char *file, int line)
isc_sockaddrlist_t *zlist = NULL;
+ /* Creates client context if we need to */
+ result = dns_client_init();
+ if (result != ISC_R_SUCCESS) {
+ return result;
+ }
+
/* Get a pointer to the clientname to make things easier. */
clientname = (unsigned char *)ddns_cb->fwd_name.data;
@@ -2359,6 +2364,12 @@ ddns_modify_ptr(dhcp_ddns_cb_t *ddns_cb, const char *file, int line)
unsigned char buf[256];
int buflen;
+ /* Creates client context if we need to */
+ result = dns_client_init();
+ if (result != ISC_R_SUCCESS) {
+ return result;
+ }
+
/*
* Try to lookup the zone in the zone cache. As with the forward
* case it's okay if we don't have one, the DNS code will try to
diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
index caa388a..e296308 100644
--- a/includes/omapip/isclib.h
+++ b/includes/omapip/isclib.h
@@ -3,7 +3,7 @@
connections to the isc and dns libraries */
/*
- * Copyright (c) 2009,2013,2014 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2009-2017 by Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -98,6 +98,10 @@ typedef struct dhcp_context {
isc_timermgr_t *timermgr;
#if defined (NSUPDATE)
dns_client_t *dnsclient;
+ int use_local4;
+ isc_sockaddr_t local4_sockaddr;
+ int use_local6;
+ isc_sockaddr_t local6_sockaddr;
#endif
} dhcp_context_t;
@@ -125,6 +129,7 @@ isclib_make_dst_key(char *inname,
#define DHCP_CONTEXT_PRE_DB 1
#define DHCP_CONTEXT_POST_DB 2
+#define DHCP_DNS_CLIENT_LAZY_INIT 4
isc_result_t dhcp_context_create(int flags,
struct in_addr *local4,
struct in6_addr *local6);
@@ -133,4 +138,6 @@ void isclib_cleanup(void);
void dhcp_signal_handler(int signal);
extern int shutdown_signal;
+isc_result_t dns_client_init();
+
#endif /* ISCLIB_H */
diff --git a/omapip/isclib.c b/omapip/isclib.c
index 13f0d3e..ce86490 100644
--- a/omapip/isclib.c
+++ b/omapip/isclib.c
@@ -1,5 +1,5 @@
/*
- * Copyright(c) 2009-2010,2013-2014 by Internet Systems Consortium, Inc.("ISC")
+ * Copyright(c) 2009-2017 by Internet Systems Consortium, Inc.("ISC")
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -221,39 +221,24 @@ dhcp_context_create(int flags,
#if defined (NSUPDATE)
if ((flags & DHCP_CONTEXT_POST_DB) != 0) {
- isc_sockaddr_t localaddr4, *localaddr4_ptr = NULL;
- isc_sockaddr_t localaddr6, *localaddr6_ptr = NULL;
+ /* Setting addresses only.
+ * All real work will be done later on if needed to avoid
+ * listening on ddns port if client/server was compiled with
+ * ddns support but not using it. */
if (local4 != NULL) {
- isc_sockaddr_fromin(&localaddr4, local4, 0);
- localaddr4_ptr = &localaddr4;
+ dhcp_gbl_ctx.use_local4 = 1;
+ isc_sockaddr_fromin(&dhcp_gbl_ctx.local4_sockaddr,
+ local4, 0);
}
+
if (local6 != NULL) {
- isc_sockaddr_fromin6(&localaddr6, local6, 0);
- localaddr6_ptr = &localaddr6;
+ dhcp_gbl_ctx.use_local6 = 1;
+ isc_sockaddr_fromin6(&dhcp_gbl_ctx.local6_sockaddr,
+ local6, 0);
}
- result = dns_client_createx2(dhcp_gbl_ctx.mctx,
- dhcp_gbl_ctx.actx,
- dhcp_gbl_ctx.taskmgr,
- dhcp_gbl_ctx.socketmgr,
- dhcp_gbl_ctx.timermgr,
- 0,
- &dhcp_gbl_ctx.dnsclient,
- localaddr4_ptr,
- localaddr6_ptr);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
-
- /*
- * If we can't set up the servers we may not be able to
- * do DDNS but we should continue to try and perform
- * our basic functions and let the user sort it out.
- */
- result = dhcp_dns_client_setservers();
- if (result != ISC_R_SUCCESS) {
- log_error("Unable to set resolver from resolv.conf; "
- "startup continuing but DDNS support "
- "may be affected");
+ if (!(flags & DHCP_DNS_CLIENT_LAZY_INIT)) {
+ result = dns_client_init();
}
}
#endif
@@ -360,3 +345,40 @@ void dhcp_signal_handler(int signal) {
(void) isc_app_ctxsuspend(ctx);
}
}
+
+isc_result_t dns_client_init() {
+ isc_result_t result;
+ if (dhcp_gbl_ctx.dnsclient == NULL) {
+ result = dns_client_createx2(dhcp_gbl_ctx.mctx,
+ dhcp_gbl_ctx.actx,
+ dhcp_gbl_ctx.taskmgr,
+ dhcp_gbl_ctx.socketmgr,
+ dhcp_gbl_ctx.timermgr,
+ 0,
+ &dhcp_gbl_ctx.dnsclient,
+ (dhcp_gbl_ctx.use_local4 ?
+ &dhcp_gbl_ctx.local4_sockaddr
+ : NULL),
+ (dhcp_gbl_ctx.use_local6 ?
+ &dhcp_gbl_ctx.local6_sockaddr
+ : NULL));
+
+ if (result != ISC_R_SUCCESS) {
+ log_error("Unable to create DNS client context:"
+ " result: %d", result);
+ return result;
+ }
+
+ /* If we can't set up the servers we may not be able to
+ * do DDNS but we should continue to try and perform
+ * our basic functions and let the user sort it out. */
+ result = dhcp_dns_client_setservers();
+ if (result != ISC_R_SUCCESS) {
+ log_error("Unable to set resolver from resolv.conf; "
+ "startup continuing but DDNS support "
+ "may be affected: result %d", result);
+ }
+ }
+
+ return ISC_R_SUCCESS;
+}
diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
index 9d39fae..3abbe1e 100644
--- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
@@ -204,8 +204,7 @@ main(int argc, char **argv) {
#endif
/* Set up the isc and dns library managers */
- status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB,
- NULL, NULL);
+ status = dhcp_context_create(DHCP_CONTEXT_PRE_DB, NULL, NULL);
if (status != ISC_R_SUCCESS)
log_fatal("Can't initialize context: %s",
isc_result_totext(status));
diff --git a/server/dhcpd.8 b/server/dhcpd.8
index bfda639..259b91c 100644
--- a/server/dhcpd.8
+++ b/server/dhcpd.8
@@ -358,8 +358,8 @@ port will be used for the established connection.
When DDNS is enabled at compile time (see includes/site.h)
the server will open both a v4 and a v6 UDP socket on
-random ports. These ports are opened even if DDNS is disabled
-in the configuration file.
+random ports, unless DDNS updates are globally disabled by
+setting ddns-update-style to none in the configuration file.
.PP
.SH CONFIGURATION
The syntax of the dhcpd.conf(5) file is discussed separately. This
diff --git a/server/dhcpd.c b/server/dhcpd.c
index 0f5c640..d7c4456 100644
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -1053,10 +1053,16 @@ void postconf_initialization (int quiet)
}
}
- if (dhcp_context_create(DHCP_CONTEXT_POST_DB, local4_ptr, local6_ptr)
- != ISC_R_SUCCESS)
- log_fatal("Unable to complete ddns initialization");
-
+ /* Don't init DNS client if update style is none. This avoids
+ * listening ports that aren't needed. We don't use ddns-udpates
+ * as that has multiple levels of scope. */
+ if (ddns_update_style != DDNS_UPDATE_STYLE_NONE) {
+ if (dhcp_context_create(DHCP_CONTEXT_POST_DB,
+ local4_ptr, local6_ptr)
+ != ISC_R_SUCCESS) {
+ log_fatal("Unable to complete ddns initialization");
+ }
+ }
#else
/* If we don't have support for updates compiled in tell the user */
if (ddns_update_style != DDNS_UPDATE_STYLE_NONE) {
--
2.15.0

3
dhcp-4.3.5.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:eb95936bf15d2393c55dd505bc527d1d4408289cec5a9fa8abb99f7577e7f954
size 10075147

11
dhcp-4.3.5.tar.gz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAABAgAGBQJX8jrBAAoJEG+m68mRGkwCczcH/1lMdlvf2RX+IfNraDTXWmY1
+MGk51H7aIJDRDFhiLA1f1ht1hIXJB0gnaOdJxLcqQGUiHPQfVZidDz2XxAjr7S2
VvV6mfHxO1+oPsaFzCEItDqHk/LJcBDgKWC2cvabNfi5Nyq8rR+Zjn0i509DYFBR
cJYzau7Smse8ZVpUrsdLOtKgNznVPioowqCooiOlzZfYNfKOdwk4z6U8vglLhRL4
xpfbg373Z78dExeNPqJ97c/tUg2YCnuZGvLfwvI+2Bzrp63TbAnJYB3CnyCj+fS2
iSH7WACNSqRQoEWxE+vi9kTY0GGVFaonPZSRMT1DKFhBge4TdMCm2STIIOJiPFw=
=xG2q
-----END PGP SIGNATURE-----

3
dhcp-4.3.6-P1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2fd177bef02856f05fe17713ced9bfcc7d94f14c933c15f2f2fbedc9cc57a3c3
size 10189202

17
dhcp-4.3.6-P1.tar.gz.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIzBAABAgAdFiEEvg6XSLcYJToou4n/8bEb8FzwLlcFAlqN9aIACgkQ8bEb8Fzw
LlfmNQ/+OKtQwHU+ymYE0v/r+Ux1/at5Cob5TSiBx/l7Um26nxvBLVgFO6cfoL6X
ZVsA56YFHtsMwDBktWirFxAhou6S66W455O6FJJ75NRhZoi/lpvxf2LJLCHp+R21
XvCMLZ2ZKziIsDRZBbYUifcDT7r65Vvo88ZV4JEJMPC8PLqxvq/OpET2ZRzH17Fl
xkD4T+mySPGGJI1rodMtpFaFunjWhgXOZC59rscfJmiDkuQR+hH6KF3fnUmaL3wo
qhlzVD/EX4FP9FLZOsNXlLLq3oAzbwFZ+nq33ubabC000vuktvfpoG2HChWYmuZi
wxNtuVa2Su8PSeho0FIoJHMhw+QulBUYi/KyJowEGTKqKIEA6cMdnDKQ7emoTEAH
iUV+qYg+eceaTokDHHsbX/VXlP4fjIsGPWWga3CxFz9li/ld7CcxchIOsWg89/pu
Zd9kAwtrF4li5EVhy9rfuprpWfUgAL4hEw8CA6xFpFs6dafe6YiESiM5qzN4VxzN
NC+QzcUzr5r1KBMwyIzoVj1K9ZWEwEur54nCl6sB4crihTW/Acc0co+4DTUOrz9/
tg4/i3cVyuh8cqjPURgg3+NMvjQCBI5w7kWM+45NOnzieVJYYMZEB/vo8c2xs8mS
hynQR9Oab2DJZcaSpcAJ0jae7BWM3qQpOdB81D6n2dsRr6tymCQ=
=1kxC
-----END PGP SIGNATURE-----

76
dhcp.changes
View File

@ -1,3 +1,79 @@
-------------------------------------------------------------------
Thu Mar 8 13:15:16 UTC 2018 - max@suse.com
- Update to dhcp-4.3.6-P1:
* CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
* CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
* Plugged a socket descriptor leak in OMAPI
* The server now allows the client identifier (option 61) to own
leases in more than one subnet concurrently [ISC-Bugs #41358].
* When replying to a DHCPINFORM, the server will now include
options specified at the pool scope, provided the ciaddr field
of the DHCPINFORM is populated.
[ISC-Bugs #43219] [ISC-Bugs #45051].
* When memory allocation fails in a repeated way the process
writes "Run out of memory." on the standard error and exists
with status 1 [ISC-Bugs #32744].
* The new lmdb (Lightning Memory DataBase) bind9 configure
option is now disabled by default to avoid the presence of
this library to be detected which can lead to a link failure.
[ISC-Bugs #45069]
* The linux interface discovery code has been modified to use
getifaddrs() as is done for BSD and OS-X.
[ISC-Bugs #28761] and others.
* Fixed a bug in OMAPI that causes omshell to crash when a
name-value pair with a zero length value is shipped in an
object [ISC-Bugs #29108].
* On 64-bit platforms, dhclient now generates the correct value
for the script environment variable, "expiry", the lease
expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
* Common timer logic was modified to cap the maximum timeout
values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
* DHCP6 FQDN option unpacking code now correctly handles values
that contain spaces, special, or non-printable characters.
[ISC-Bugs #43592]
* When running in -6 mode, dhclient can enforce the require
option statement and will discard offered leases that do not
contain all the required options specified in the client
configuration [ISC-Bugs #41473].
* Altered DHCPv4 lease time calculation to avoid roll over
errors on 64-bit OS systems when using -1 or large values
for default-lease-time [ISC-Bugs #41976],
* Added --dad-wait-time parameter to dhclient [ISC-Bugs #36169].
* The server nows checks both the address and length of a
prefix delegation when attempting to match it to a prefix
pool [ISC-Bugs #35378].
* Modified DDNS support initialization such that DNS related
ports will only be opened by the server (dhcpd) at startup
if ddns-update-style is not "none"; by dhclient only if and
when the it first attempts an update; and never by dhcrelay.
[ISC-Bugs #45290] [ISC-Bugs #33377]
* Added error logging to two memory allocation failure checks.
[ISC-Bugs #41185]
* Corrected a dhclient -6 issue that caused the client to crash
with an "Impossible condition" error after de-preferencing its
only IA binding [ISC-Bugs #44373].
* By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h,
dhclient will now call the script with reason set to FAIL when
run with -1 (one try) and there are no server responses.
[ISC-bugs #18183]
* The server now detects failover peers that are not referenced
in at least one pool when run with the command line option for
test mode, -T [ISC-Bugs #29892].
* Linux script updated [ISC-bugs #19430] [ISC-bugs #18111].
* Changed severity of the log message indicating UDP checksum
errors in the received packets from 'info' to 'debug'.
[ISC-bugs #41757]
* Corrected a bug which could cause the server to sporadically
crash while loading lease files with the lease-id-format is
set to "hex" [ISC-Bugs #43185].
- Obsoleted patches:
* 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch
* 0019-dhcp-4.2.4-P1-interval.patch
* 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
* 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch
-------------------------------------------------------------------
Fri Jan 19 12:16:47 CET 2018 - ndas@suse.de

19
dhcp.spec
View File

@ -21,7 +21,7 @@
%define _fillupdir /var/adm/fillup-templates
%endif
%define isc_version 4.3.5
%define isc_version 4.3.6-P1
%define susefw2dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%define omc_prefix /usr/share/omc
%define omc_svcdir %{omc_prefix}/svcinfo.d
@ -94,8 +94,6 @@ Patch8: 0008-dhcp-4.2.2-dhclient-option-checks.patch
Patch9: 0009-dhcp-4.2.6-close-on-exec.patch
# PATCH-FIX-OPENSUSE quiet-dhclient bnc#711420
Patch10: 0010-dhcp-4.2.2-quiet-dhclient.patch
# PATCH-FIX-UPSTREAM use-getifaddrs bnc#791289,ISC-Bugs#31992
Patch11: 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch
# PATCH-FIX-OPENSUSE dhcp-4.2.x-chown-server-leases bnc#868253
Patch12: 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch
# PATCH-FIX-SLE dhcp-4.2.x-dhcpv6-decline-on-DAD-failure bnc#872609
@ -111,10 +109,7 @@ Patch17: 0017-server-no-success-report-before-send.919959.patch
# PATCH-FIX-SLE client-fail-on-script-pre-init-error bsc#912098
Patch18: 0018-client-fail-on-script-pre-init-error-bsc-912098.patch
# PATCH-FIX-SLE dhcp-4.2.4-P1-interval bsc#947780
Patch19: 0019-dhcp-4.2.4-P1-interval.patch
Patch20: 0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch
Patch21: 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
Patch22: 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch
##
PreReq: /bin/touch /sbin/chkconfig sysconfig
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -239,20 +234,16 @@ Authors:
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch9
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch14
%patch15 -p1
%patch16 -p1
%patch16
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch20
##
find . -type f -name \*.cat\* -exec rm -f {} \;
dos2unix contrib/ms2isc/*