From e9398b14d9427a64d7685d0a13876e98e8769fa2d6467962982be6883e81d24d Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Thu, 8 Mar 2018 13:53:43 +0000 Subject: [PATCH] - Update to dhcp-4.3.6-P1: * CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd. * CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient. * Plugged a socket descriptor leak in OMAPI * The server now allows the client identifier (option 61) to own leases in more than one subnet concurrently [ISC-Bugs #41358]. * When replying to a DHCPINFORM, the server will now include options specified at the pool scope, provided the ciaddr field of the DHCPINFORM is populated. [ISC-Bugs #43219] [ISC-Bugs #45051]. * When memory allocation fails in a repeated way the process writes "Run out of memory." on the standard error and exists with status 1 [ISC-Bugs #32744]. * The new lmdb (Lightning Memory DataBase) bind9 configure option is now disabled by default to avoid the presence of this library to be detected which can lead to a link failure. [ISC-Bugs #45069] * The linux interface discovery code has been modified to use getifaddrs() as is done for BSD and OS-X. [ISC-Bugs #28761] and others. * Fixed a bug in OMAPI that causes omshell to crash when a name-value pair with a zero length value is shipped in an object [ISC-Bugs #29108]. * On 64-bit platforms, dhclient now generates the correct value for the script environment variable, "expiry", the lease expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326]. * Common timer logic was modified to cap the maximum timeout values at 0x7FFFFFFF - 1 [ISC-Bugs #28038]. * DHCP6 FQDN option unpacking code now correctly handles values that contain spaces, special, or non-printable characters. OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=186 --- 0009-dhcp-4.2.6-close-on-exec.patch | 141 +++----- ...interface-discovery-using-getifaddrs.patch | 110 ------- ...gned-lifetimes-for-script-bsc-926159.patch | 32 +- 0016-infiniband-support.patch | 148 ++++----- 0019-dhcp-4.2.4-P1-interval.patch | 50 --- ...xed-improper-lease-duration-checking.patch | 20 +- ...gs-a-socket-descriptor-leak-in-OMAPI.patch | 61 ---- ...nd-when-DNS-client-context-and-ports.patch | 306 ------------------ dhcp-4.3.5.tar.gz | 3 - dhcp-4.3.5.tar.gz.asc | 11 - dhcp-4.3.6-P1.tar.gz | 3 + dhcp-4.3.6-P1.tar.gz.asc | 17 + dhcp.changes | 76 +++++ dhcp.spec | 19 +- 14 files changed, 225 insertions(+), 772 deletions(-) delete mode 100644 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch delete mode 100644 0019-dhcp-4.2.4-P1-interval.patch delete mode 100644 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch delete mode 100644 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch delete mode 100644 dhcp-4.3.5.tar.gz delete mode 100644 dhcp-4.3.5.tar.gz.asc create mode 100644 dhcp-4.3.6-P1.tar.gz create mode 100644 dhcp-4.3.6-P1.tar.gz.asc diff --git a/0009-dhcp-4.2.6-close-on-exec.patch b/0009-dhcp-4.2.6-close-on-exec.patch index 04b169d..5efc059 100644 --- a/0009-dhcp-4.2.6-close-on-exec.patch +++ b/0009-dhcp-4.2.6-close-on-exec.patch @@ -8,11 +8,9 @@ Merged fixed close-on-exec patch (bnc#732910) References: bnc#732910 Signed-off-by: Marius Tomaschewski -diff --git a/client/clparse.c b/client/clparse.c -index 320c42f..b7e4251 100644 ---- a/client/clparse.c -+++ b/client/clparse.c -@@ -221,7 +221,7 @@ int read_client_conf_file (const char *name, struct interface_info *ip, +--- client/clparse.c.orig ++++ client/clparse.c +@@ -262,7 +262,7 @@ int read_client_conf_file (const char *n int token; isc_result_t status; @@ -21,7 +19,7 @@ index 320c42f..b7e4251 100644 return uerr2isc (errno); cfile = NULL; -@@ -297,7 +297,7 @@ void read_client_leases () +@@ -338,7 +338,7 @@ void read_client_leases () /* Open the lease file. If we can't open it, just return - we can safely trust the server to remember our state. */ @@ -30,11 +28,9 @@ index 320c42f..b7e4251 100644 return; cfile = NULL; -diff --git a/client/dhclient.c b/client/dhclient.c -index a077b48..ac36e3d 100644 ---- a/client/dhclient.c -+++ b/client/dhclient.c -@@ -438,7 +438,7 @@ main(int argc, char **argv) { +--- client/dhclient.c.orig ++++ client/dhclient.c +@@ -565,7 +565,7 @@ main(int argc, char **argv) { long temp; int e; @@ -43,7 +39,7 @@ index a077b48..ac36e3d 100644 e = fscanf(pidfd, "%ld\n", &temp); oldpid = (pid_t)temp; -@@ -2840,7 +2840,7 @@ void rewrite_client_leases () +@@ -3403,7 +3403,7 @@ void rewrite_client_leases () if (leaseFile != NULL) fclose (leaseFile); @@ -52,7 +48,7 @@ index a077b48..ac36e3d 100644 if (leaseFile == NULL) { log_error ("can't create %s: %m", path_dhclient_db); return; -@@ -3033,7 +3033,7 @@ write_duid(struct data_string *duid) +@@ -3598,7 +3598,7 @@ write_duid(struct data_string *duid) return DHCP_R_INVALIDARG; if (leaseFile == NULL) { /* XXX? */ @@ -61,7 +57,7 @@ index a077b48..ac36e3d 100644 if (leaseFile == NULL) { log_error("can't create %s: %m", path_dhclient_db); return ISC_R_IOERROR; -@@ -3081,7 +3081,7 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease, +@@ -3643,7 +3643,7 @@ write_client6_lease(struct client_state return DHCP_R_INVALIDARG; if (leaseFile == NULL) { /* XXX? */ @@ -70,7 +66,7 @@ index a077b48..ac36e3d 100644 if (leaseFile == NULL) { log_error("can't create %s: %m", path_dhclient_db); return ISC_R_IOERROR; -@@ -3213,7 +3213,7 @@ int write_client_lease (client, lease, rewrite, makesure) +@@ -3802,7 +3802,7 @@ int write_client_lease (client, lease, r return 1; if (leaseFile == NULL) { /* XXX */ @@ -79,11 +75,9 @@ index a077b48..ac36e3d 100644 if (leaseFile == NULL) { log_error ("can't create %s: %m", path_dhclient_db); return 0; -diff --git a/common/bpf.c b/common/bpf.c -index 39d4f45..df9facc 100644 ---- a/common/bpf.c -+++ b/common/bpf.c -@@ -95,7 +95,7 @@ int if_register_bpf (info) +--- common/bpf.c.orig ++++ common/bpf.c +@@ -94,7 +94,7 @@ int if_register_bpf (info) for (b = 0; 1; b++) { /* %Audit% 31 bytes max. %2004.06.17,Safe% */ sprintf(filename, BPF_FORMAT, b); @@ -92,33 +86,9 @@ index 39d4f45..df9facc 100644 if (sock < 0) { if (errno == EBUSY) { continue; -diff --git a/common/discover.c b/common/discover.c -index 3cd64a7..37af780 100644 ---- a/common/discover.c -+++ b/common/discover.c -@@ -415,7 +415,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) { - int len; - int i; - -- ifaces->fp = fopen("/proc/net/dev", "r"); -+ ifaces->fp = fopen("/proc/net/dev", "re"); - if (ifaces->fp == NULL) { - log_error("Error opening '/proc/net/dev' to list interfaces"); - return 0; -@@ -450,7 +450,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) { - - #ifdef DHCPv6 - if (local_family == AF_INET6) { -- ifaces->fp6 = fopen("/proc/net/if_inet6", "r"); -+ ifaces->fp6 = fopen("/proc/net/if_inet6", "re"); - if (ifaces->fp6 == NULL) { - log_error("Error opening '/proc/net/if_inet6' to " - "list IPv6 interfaces; %m"); -diff --git a/common/dlpi.c b/common/dlpi.c -index c34adc3..944f21c 100644 ---- a/common/dlpi.c -+++ b/common/dlpi.c -@@ -804,7 +804,7 @@ dlpiopen(const char *ifname) { +--- common/dlpi.c.orig ++++ common/dlpi.c +@@ -813,7 +813,7 @@ dlpiopen(const char *ifname) { } *dp = '\0'; @@ -127,10 +97,8 @@ index c34adc3..944f21c 100644 } /* -diff --git a/common/nit.c b/common/nit.c -index 316e85f..6aa778b 100644 ---- a/common/nit.c -+++ b/common/nit.c +--- common/nit.c.orig ++++ common/nit.c @@ -75,7 +75,7 @@ int if_register_nit (info) struct strioctl sio; @@ -140,10 +108,8 @@ index 316e85f..6aa778b 100644 if (sock < 0) log_fatal ("Can't open NIT device for %s: %m", info -> name); -diff --git a/common/resolv.c b/common/resolv.c -index 526cebf..2ac8d43 100644 ---- a/common/resolv.c -+++ b/common/resolv.c +--- common/resolv.c.orig ++++ common/resolv.c @@ -44,7 +44,7 @@ void read_resolv_conf (parse_time) struct domain_search_list *dp, *dl, *nd; isc_result_t status; @@ -153,10 +119,8 @@ index 526cebf..2ac8d43 100644 log_error ("Can't open %s: %m", path_resolv_conf); return; } -diff --git a/common/upf.c b/common/upf.c -index 34011eb..77d5878 100644 ---- a/common/upf.c -+++ b/common/upf.c +--- common/upf.c.orig ++++ common/upf.c @@ -71,7 +71,7 @@ int if_register_upf (info) /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ sprintf(filename, "/dev/pf/pfilt%d", b); @@ -166,11 +130,9 @@ index 34011eb..77d5878 100644 if (sock < 0) { if (errno == EBUSY) { continue; -diff --git a/omapip/trace.c b/omapip/trace.c -index f4115c1..4410c35 100644 ---- a/omapip/trace.c -+++ b/omapip/trace.c -@@ -138,10 +138,10 @@ isc_result_t trace_begin (const char *filename, +--- omapip/trace.c.orig ++++ omapip/trace.c +@@ -138,10 +138,10 @@ isc_result_t trace_begin (const char *fi return DHCP_R_INVALIDARG; } @@ -183,7 +145,7 @@ index f4115c1..4410c35 100644 0600); } -@@ -429,7 +429,7 @@ void trace_file_replay (const char *filename) +@@ -429,7 +429,7 @@ void trace_file_replay (const char *file isc_result_t result; int len; @@ -192,11 +154,9 @@ index f4115c1..4410c35 100644 if (!traceinfile) { log_error("Can't open tracefile %s: %m", filename); return; -diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c -index 15b4997..9d39fae 100644 ---- a/relay/dhcrelay.c -+++ b/relay/dhcrelay.c -@@ -558,13 +558,14 @@ main(int argc, char **argv) { +--- relay/dhcrelay.c.orig ++++ relay/dhcrelay.c +@@ -659,13 +659,14 @@ main(int argc, char **argv) { if (no_pid_file == ISC_FALSE) { pfdesc = open(path_dhcrelay_pid, @@ -213,11 +173,9 @@ index 15b4997..9d39fae 100644 if (!pf) log_error("Can't fdopen %s: %m", path_dhcrelay_pid); -diff --git a/server/confpars.c b/server/confpars.c -index 4b2907d..6aa5b3f 100644 ---- a/server/confpars.c -+++ b/server/confpars.c -@@ -111,7 +111,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group, +--- server/confpars.c.orig ++++ server/confpars.c +@@ -118,7 +118,7 @@ isc_result_t read_conf_file (const char } #endif @@ -226,11 +184,9 @@ index 4b2907d..6aa5b3f 100644 if (leasep) { log_error ("Can't open lease database %s: %m --", path_dhcpd_db); -diff --git a/server/db.c b/server/db.c -index 0c642ad..e9a38fe 100644 ---- a/server/db.c -+++ b/server/db.c -@@ -1072,7 +1072,7 @@ void db_startup (testp) +--- server/db.c.orig ++++ server/db.c +@@ -1081,7 +1081,7 @@ void db_startup (testp) } #endif if (!testp) { @@ -239,7 +195,7 @@ index 0c642ad..e9a38fe 100644 if (!db_file) log_fatal ("Can't open %s for append.", path_dhcpd_db); expire_all_pools (); -@@ -1120,7 +1120,7 @@ int new_lease_file () +@@ -1129,7 +1129,7 @@ int new_lease_file () path_dhcpd_db) >= sizeof newfname) log_fatal("new_lease_file: lease file path too long"); @@ -248,7 +204,7 @@ index 0c642ad..e9a38fe 100644 if (db_fd < 0) { log_error ("Can't create new lease file: %m"); return 0; -@@ -1145,7 +1145,7 @@ int new_lease_file () +@@ -1154,7 +1154,7 @@ int new_lease_file () } #endif /* PARANOIA */ @@ -257,11 +213,9 @@ index 0c642ad..e9a38fe 100644 log_error("Can't fdopen new lease file: %m"); close(db_fd); goto fdfail; -diff --git a/server/dhcpd.c b/server/dhcpd.c -index eecc89b..afef390 100644 ---- a/server/dhcpd.c -+++ b/server/dhcpd.c -@@ -658,7 +658,7 @@ main(int argc, char **argv) { +--- server/dhcpd.c.orig ++++ server/dhcpd.c +@@ -760,7 +760,7 @@ main(int argc, char **argv) { */ if ((lftest == 0) && (no_pid_file == ISC_FALSE)) { /*Read previous pid file. */ @@ -270,7 +224,7 @@ index eecc89b..afef390 100644 status = read(i, pbuf, (sizeof pbuf) - 1); close(i); if (status > 0) { -@@ -758,7 +758,7 @@ main(int argc, char **argv) { +@@ -878,7 +878,7 @@ main(int argc, char **argv) { * appropriate. */ if (no_pid_file == ISC_FALSE) { @@ -279,11 +233,9 @@ index eecc89b..afef390 100644 if (i >= 0) { sprintf(pbuf, "%d\n", (int) getpid()); IGNORE_RET(write(i, pbuf, strlen(pbuf))); -diff --git a/server/ldap.c b/server/ldap.c -index 2893b82..9530d9d 100644 ---- a/server/ldap.c -+++ b/server/ldap.c -@@ -1442,7 +1442,7 @@ ldap_start (void) +--- server/ldap.c.orig ++++ server/ldap.c +@@ -1446,7 +1446,7 @@ ldap_start (void) if (ldap_debug_file != NULL && ldap_debug_fd == -1) { @@ -292,6 +244,3 @@ index 2893b82..9530d9d 100644 S_IRUSR | S_IWUSR)) < 0) log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, strerror (errno)); --- -2.1.4 - diff --git a/0011-Fixed-linux-interface-discovery-using-getifaddrs.patch b/0011-Fixed-linux-interface-discovery-using-getifaddrs.patch deleted file mode 100644 index 6d4392a..0000000 --- a/0011-Fixed-linux-interface-discovery-using-getifaddrs.patch +++ /dev/null @@ -1,110 +0,0 @@ -From bd50ec560d7bec064190e4d430c066e170732c0e Mon Sep 17 00:00:00 2001 -From: Marius Tomaschewski -Date: Tue, 27 Nov 2012 17:44:06 +0100 -Subject: [PATCH] Fixed linux interface discovery using getifaddrs -References: bnc#791289,[ISC-Bugs #31992] - -Unlike dhcp 3.x, dhcp 4.x scans interfaces from /proc/net/dev, -which provides only true interface names. When the address set -on the interface has a label assigned (linux 2.0 alias interface -compatibility), then the SIOCGIFADDR requires the label / alias -name as argument instead of the interface name to return this -address. When this is the only address assigned to an interface, -dhcp-server is unable to find any address and fails to start. - -Changed to use getifaddrs() function, which retrieves all IP -addresses on linux systems and is available since GLIBC 2.3. - ---- - common/discover.c | 51 ++++++++++++++++++++++++++++++++++++++++++++------- - 1 file changed, 44 insertions(+), 7 deletions(-) - -diff --git a/common/discover.c b/common/discover.c -index 4463178..c48d67b 100644 ---- a/common/discover.c -+++ b/common/discover.c -@@ -373,7 +373,7 @@ end_iface_scan(struct iface_conf_list *ifaces) { - ifaces->sock = -1; - } - --#elif __linux /* !HAVE_SIOCGLIFCONF */ -+#elif __linux && !(defined(__GNUC_PREREQ) && __GNUC_PREREQ(2,3)) /* !HAVE_SIOCGLIFCONF */ - /* - * Linux support - * ------------- -@@ -382,6 +382,14 @@ end_iface_scan(struct iface_conf_list *ifaces) { - * about interfaces, along with selected ioctl() calls. - * - * Linux low level access is documented in the netdevice man page. -+ * -+ * Note: Use getifaddrs instead -+ * Unfortunately this discover discards all interfaces where the -+ * only address has a label assigned (linux 2.0 alias interface -+ * compatibility) as the SIOCGIFADDR requires the the alias name -+ * (eth0:0) in ifr_name to fetch the address and /proc/net/dev -+ * on linux > 2.0 lists only the interface names (eth0) without -+ * any aliases. - */ - - /* -@@ -755,11 +763,11 @@ end_iface_scan(struct iface_conf_list *ifaces) { - #else - - /* -- * BSD support -- * ----------- -+ * BSD & Linux support -+ * ------------------- - * - * FreeBSD, NetBSD, OpenBSD, and OS X all have the getifaddrs() -- * function. -+ * function. Linux has it since glibc 2.3. - * - * The getifaddrs() man page describes the use. - */ -@@ -817,10 +825,39 @@ next_iface(struct iface_info *info, int *err, struct iface_conf_list *ifaces) { - return 0; - } - memset(info, 0, sizeof(struct iface_info)); -- strncpy(info->name, ifaces->next->ifa_name, sizeof(info->name) - 1); -- memcpy(&info->addr, ifaces->next->ifa_addr, -- ifaces->next->ifa_addr->sa_len); -+ info->addr.ss_family = AF_UNSPEC; - info->flags = ifaces->next->ifa_flags; -+#ifdef __linux -+ if (strchr(ifaces->next->ifa_name, ':')) { -+ /* -+ * the name contains a ':', which may -+ * be a IPv4 "alias interface" label; -+ * resolve to the true interface name -+ */ -+ if_indextoname(if_nametoindex(ifaces->next->ifa_name), -+ info->name); -+ } else { -+ strncpy(info->name, ifaces->next->ifa_name, sizeof(info->name) - 1); -+ } -+ -+ if (ifaces->next->ifa_addr != NULL) { -+ if (ifaces->next->ifa_addr->sa_family == AF_INET) { -+ memcpy(&info->addr, ifaces->next->ifa_addr, -+ sizeof(struct sockaddr_in)); -+ } else -+ if (ifaces->next->ifa_addr->sa_family == AF_INET6) { -+ memcpy(&info->addr, ifaces->next->ifa_addr, -+ sizeof(struct sockaddr_in6)); -+ } -+ /* else e.g. AF_PACKET / link layer address */ -+ } -+#else -+ strncpy(info->name, ifaces->next->ifa_name, sizeof(info->name) - 1); -+ if (ifaces->next->ifa_addr != NULL) { -+ memcpy(&info->addr, ifaces->next->ifa_addr, -+ ifaces->next->ifa_addr->sa_len); -+ } -+#endif - ifaces->next = ifaces->next->ifa_next; - *err = 0; - return 1; --- -2.13.1 - diff --git a/0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch b/0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch index ea1e275..febe880 100644 --- a/0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch +++ b/0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch @@ -9,11 +9,9 @@ and format timestamps as long to not break them on 64bit archs. References: bsc#926159 -diff --git a/client/dhc6.c b/client/dhc6.c -index bec1c87..e4a85fc 100644 ---- a/client/dhc6.c -+++ b/client/dhc6.c -@@ -3877,8 +3877,8 @@ dhc6_marshall_values(const char *prefix, struct client_state *client, +--- client/dhc6.c.orig ++++ client/dhc6.c +@@ -4344,8 +4344,8 @@ dhc6_marshall_values(const char *prefix, client_envadd(client, prefix, "ip6_type", "temporary"); } @@ -24,7 +22,7 @@ index bec1c87..e4a85fc 100644 client_envadd(client, prefix, "preferred_life", "%u", addr->preferred_life); client_envadd(client, prefix, "max_life", "%u", -@@ -3889,8 +3889,8 @@ dhc6_marshall_values(const char *prefix, struct client_state *client, +@@ -4356,8 +4356,8 @@ dhc6_marshall_values(const char *prefix, if (ia != NULL) { client_envadd(client, prefix, "iaid", "%s", print_hex_1(4, ia->iaid, 12)); @@ -35,11 +33,9 @@ index bec1c87..e4a85fc 100644 client_envadd(client, prefix, "renew", "%u", ia->renew); client_envadd(client, prefix, "rebind", "%u", ia->rebind); } -diff --git a/client/dhclient.c b/client/dhclient.c -index 2eb28db..4d7394d 100644 ---- a/client/dhclient.c -+++ b/client/dhclient.c -@@ -3119,13 +3119,13 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease, +--- client/dhclient.c.orig ++++ client/dhclient.c +@@ -3708,13 +3708,13 @@ write_client6_lease(struct client_state return ISC_R_IOERROR; if (ia->ia_type != D6O_IA_TA) @@ -57,7 +53,7 @@ index 2eb28db..4d7394d 100644 if (stat <= 0) return ISC_R_IOERROR; -@@ -3142,10 +3142,10 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease, +@@ -3731,10 +3731,10 @@ write_client6_lease(struct client_state if (stat <= 0) return ISC_R_IOERROR; @@ -70,15 +66,3 @@ index 2eb28db..4d7394d 100644 addr->max_life); if (stat <= 0) return ISC_R_IOERROR; -@@ -3519,7 +3519,7 @@ void script_write_params (client, prefix, lease) - universes [i], - &es, client_option_envadd); - } -- client_envadd (client, prefix, "expiry", "%d", (int)(lease -> expiry)); -+ client_envadd (client, prefix, "expiry", "%ld", (long)(lease -> expiry)); - } - - /* --- -2.1.4 - diff --git a/0016-infiniband-support.patch b/0016-infiniband-support.patch index 241f287..8ad0429 100644 --- a/0016-infiniband-support.patch +++ b/0016-infiniband-support.patch @@ -49,10 +49,8 @@ Date: Tue Mar 25 23:15:58 2014 +0200 References: bnc#870535 -diff --git a/client/dhclient.c b/client/dhclient.c -index 3f2f8b2..40d9fe0 100644 ---- a/client/dhclient.c -+++ b/client/dhclient.c +--- client/dhclient.c.orig ++++ client/dhclient.c @@ -71,6 +71,40 @@ int std_dhcid = 0; assert (state_is == state_shouldbe). */ #define ASSERT_STATE(state_is, state_shouldbe) {} @@ -92,9 +90,9 @@ index 3f2f8b2..40d9fe0 100644 +} + #ifndef UNIT_TEST - static const char copyright[] = "Copyright 2004-2016 Internet Systems Consortium."; + static const char copyright[] = "Copyright 2004-2018 Internet Systems Consortium."; static const char arr [] = "All rights reserved."; -@@ -756,6 +790,26 @@ main(int argc, char **argv) { +@@ -767,6 +801,26 @@ main(int argc, char **argv) { } } @@ -121,7 +119,7 @@ index 3f2f8b2..40d9fe0 100644 /* At this point, all the interfaces that the script thinks are relevant should be running, so now we once again call discover_interfaces(), and this time ask it to actually set -@@ -770,19 +824,42 @@ main(int argc, char **argv) { +@@ -781,19 +835,42 @@ main(int argc, char **argv) { Not much entropy, but we're booting, so we're not likely to find anything better. */ seed = 0; @@ -166,7 +164,7 @@ index 3f2f8b2..40d9fe0 100644 */ if ((local_family == AF_INET6) || ((local_family == AF_INET) && (duid_v4 == 1))) { -@@ -793,6 +870,20 @@ main(int argc, char **argv) { +@@ -804,6 +881,20 @@ main(int argc, char **argv) { form_duid(&default_duid, MDL); write_duid(&default_duid); } @@ -187,7 +185,7 @@ index 3f2f8b2..40d9fe0 100644 } #if defined(DHCPv6) && defined(DHCP4o6) -@@ -1282,15 +1373,22 @@ void dhcpack (packet) +@@ -1293,15 +1384,22 @@ void dhcpack (packet) if (client -> xid == packet -> raw -> xid) break; } @@ -215,7 +213,7 @@ index 3f2f8b2..40d9fe0 100644 } if (client -> state != S_REBOOTING && -@@ -1303,7 +1401,7 @@ void dhcpack (packet) +@@ -1314,7 +1412,7 @@ void dhcpack (packet) return; } @@ -224,7 +222,7 @@ index 3f2f8b2..40d9fe0 100644 lease = packet_to_lease (packet, client); if (!lease) { -@@ -1951,15 +2049,21 @@ void dhcpoffer (packet) +@@ -1969,15 +2067,21 @@ void dhcpoffer (packet) /* If we're not receptive to an offer right now, or if the offer has an unrecognizable transaction id, then just drop it. */ if (!client || @@ -251,7 +249,7 @@ index 3f2f8b2..40d9fe0 100644 } sprintf (obuf, "%s from %s", name, piaddr (packet -> client_addr)); -@@ -2197,11 +2301,11 @@ void dhcpnak (packet) +@@ -2215,11 +2319,11 @@ void dhcpnak (packet) /* If we're not receptive to an offer right now, or if the offer has an unrecognizable transaction id, then just drop it. */ @@ -268,7 +266,7 @@ index 3f2f8b2..40d9fe0 100644 #if defined (DEBUG) log_debug ("DHCPNAK in wrong transaction."); #endif -@@ -2216,9 +2320,15 @@ void dhcpnak (packet) +@@ -2234,9 +2338,15 @@ void dhcpnak (packet) log_debug ("DHCPNAK in wrong state."); #endif return; @@ -285,7 +283,7 @@ index 3f2f8b2..40d9fe0 100644 if (!client -> active) { #if defined (DEBUG) -@@ -2351,11 +2461,11 @@ void send_discover (cpp) +@@ -2369,11 +2479,11 @@ void send_discover (cpp) (long)(client -> interval)); } else #endif @@ -302,7 +300,7 @@ index 3f2f8b2..40d9fe0 100644 /* Send out a packet. */ #if defined(DHCPv6) && defined(DHCP4o6) if (dhcpv4_over_dhcpv6) { -@@ -2639,10 +2749,10 @@ void send_request (cpp) +@@ -2664,10 +2774,10 @@ void send_request (cpp) log_info ("DHCPREQUEST"); } else #endif @@ -315,7 +313,7 @@ index 3f2f8b2..40d9fe0 100644 #if defined(DHCPv6) && defined(DHCP4o6) if (dhcpv4_over_dhcpv6) { -@@ -2699,10 +2809,10 @@ void send_decline (cpp) +@@ -2724,10 +2834,10 @@ void send_decline (cpp) log_info ("DHCPDECLINE"); } else #endif @@ -328,7 +326,7 @@ index 3f2f8b2..40d9fe0 100644 /* Send out a packet. */ #if defined(DHCPv6) && defined(DHCP4o6) -@@ -2761,10 +2871,10 @@ void send_release (cpp) +@@ -2786,10 +2896,10 @@ void send_release (cpp) log_info ("DHCPRELEASE"); } else #endif @@ -341,7 +339,7 @@ index 3f2f8b2..40d9fe0 100644 #if defined(DHCPv6) && defined(DHCP4o6) if (dhcpv4_over_dhcpv6) { -@@ -3041,10 +3151,17 @@ make_client_options(struct client_state *client, struct client_lease *lease, +@@ -3066,10 +3176,17 @@ make_client_options(struct client_state * This can be overridden by including a client id in the configuration * file. */ @@ -360,7 +358,7 @@ index 3f2f8b2..40d9fe0 100644 memset(&client_identifier, 0, sizeof(client_identifier)); client_identifier.len = 1 + 4 + default_duid.len; if (!buffer_allocate(&client_identifier.buffer, -@@ -3135,12 +3252,13 @@ void make_discover (client, lease) +@@ -3160,12 +3277,13 @@ void make_discover (client, lease) client -> packet.op = BOOTREQUEST; client -> packet.htype = client -> interface -> hw_address.hbuf [0]; /* Assumes hw_address is known, otherwise a random value may result */ @@ -376,7 +374,7 @@ index 3f2f8b2..40d9fe0 100644 client -> packet.flags = 0; else client -> packet.flags = htons (BOOTP_BROADCAST); -@@ -3152,7 +3270,7 @@ void make_discover (client, lease) +@@ -3177,7 +3295,7 @@ void make_discover (client, lease) memset (&(client -> packet.siaddr), 0, sizeof client -> packet.siaddr); client -> packet.giaddr = giaddr; @@ -385,7 +383,7 @@ index 3f2f8b2..40d9fe0 100644 memcpy (client -> packet.chaddr, &client -> interface -> hw_address.hbuf [1], (unsigned)(client -> interface -> hw_address.hlen - 1)); -@@ -3209,7 +3327,8 @@ void make_request (client, lease) +@@ -3234,7 +3352,8 @@ void make_request (client, lease) client -> packet.op = BOOTREQUEST; client -> packet.htype = client -> interface -> hw_address.hbuf [0]; /* Assumes hw_address is known, otherwise a random value may result */ @@ -395,7 +393,7 @@ index 3f2f8b2..40d9fe0 100644 client -> packet.hops = 0; client -> packet.xid = client -> xid; client -> packet.secs = 0; /* Filled in by send_request. */ -@@ -3241,7 +3360,7 @@ void make_request (client, lease) +@@ -3266,7 +3385,7 @@ void make_request (client, lease) else memset (&client -> packet.giaddr, 0, sizeof client -> packet.giaddr); @@ -404,7 +402,7 @@ index 3f2f8b2..40d9fe0 100644 memcpy (client -> packet.chaddr, &client -> interface -> hw_address.hbuf [1], (unsigned)(client -> interface -> hw_address.hlen - 1)); -@@ -3284,7 +3403,8 @@ void make_decline (client, lease) +@@ -3309,7 +3428,8 @@ void make_decline (client, lease) client -> packet.op = BOOTREQUEST; client -> packet.htype = client -> interface -> hw_address.hbuf [0]; /* Assumes hw_address is known, otherwise a random value may result */ @@ -414,7 +412,7 @@ index 3f2f8b2..40d9fe0 100644 client -> packet.hops = 0; client -> packet.xid = client -> xid; client -> packet.secs = 0; /* Filled in by send_request. */ -@@ -3301,9 +3421,10 @@ void make_decline (client, lease) +@@ -3326,9 +3446,10 @@ void make_decline (client, lease) memset (&client -> packet.siaddr, 0, sizeof client -> packet.siaddr); client -> packet.giaddr = giaddr; @@ -428,7 +426,7 @@ index 3f2f8b2..40d9fe0 100644 #ifdef DEBUG_PACKET dump_raw ((unsigned char *)&client -> packet, client -> packet_length); -@@ -3346,7 +3467,8 @@ void make_release (client, lease) +@@ -3371,7 +3492,8 @@ void make_release (client, lease) client -> packet.op = BOOTREQUEST; client -> packet.htype = client -> interface -> hw_address.hbuf [0]; /* Assumes hw_address is known, otherwise a random value may result */ @@ -438,7 +436,7 @@ index 3f2f8b2..40d9fe0 100644 client -> packet.hops = 0; client -> packet.xid = random (); client -> packet.secs = 0; -@@ -3358,9 +3480,10 @@ void make_release (client, lease) +@@ -3383,9 +3505,10 @@ void make_release (client, lease) memset (&client -> packet.siaddr, 0, sizeof client -> packet.siaddr); client -> packet.giaddr = giaddr; @@ -452,7 +450,7 @@ index 3f2f8b2..40d9fe0 100644 #ifdef DEBUG_PACKET dump_raw ((unsigned char *)&client -> packet, client -> packet_length); -@@ -3513,17 +3636,13 @@ write_options(struct client_state *client, struct option_state *options, +@@ -3538,17 +3661,13 @@ write_options(struct client_state *clien * is not how it is intended. Upcoming rearchitecting the client should * address this "one daemon model." */ @@ -473,7 +471,7 @@ index 3f2f8b2..40d9fe0 100644 log_fatal("Impossible condition at %s:%d.", MDL); if ((ip->hw_address.hlen == 0) || -@@ -3573,6 +3692,13 @@ form_duid(struct data_string *duid, const char *file, int line) +@@ -3598,6 +3717,13 @@ form_duid(struct data_string *duid, cons } } @@ -487,7 +485,7 @@ index 3f2f8b2..40d9fe0 100644 /* Write the default DUID to the lease store. */ static isc_result_t write_duid(struct data_string *duid) -@@ -4946,7 +5072,8 @@ client_dns_update(struct client_state *client, dhcp_ddns_cb_t *ddns_cb) +@@ -5020,7 +5146,8 @@ client_dns_update(struct client_state *c NULL, client, client->sent_options, NULL, &global_scope, oc, MDL)) { @@ -497,10 +495,8 @@ index 3f2f8b2..40d9fe0 100644 (client_identifier.data[0] == 255)) { /* * This appears to be an embedded DUID, -diff --git a/common/bpf.c b/common/bpf.c -index 34bbd5b..c415c22 100644 ---- a/common/bpf.c -+++ b/common/bpf.c +--- common/bpf.c.orig ++++ common/bpf.c @@ -116,7 +116,7 @@ int if_register_bpf (info) log_fatal ("Can't attach interface %s to bpf device %s: %m", info -> name, filename); @@ -566,11 +562,9 @@ index 34bbd5b..c415c22 100644 struct ifaddrs *ifa; struct ifaddrs *p; struct sockaddr_dl *sa; -diff --git a/common/discover.c b/common/discover.c -index c48d67b..969ee3e 100644 ---- a/common/discover.c -+++ b/common/discover.c -@@ -1280,7 +1280,7 @@ discover_interfaces(int state) { +--- common/discover.c.orig ++++ common/discover.c +@@ -881,7 +881,7 @@ discover_interfaces(int state) { if_register_send(tmp); } else { /* get_hw_addr() was called by register. */ @@ -579,7 +573,7 @@ index c48d67b..969ee3e 100644 } break; #ifdef DHCPv6 -@@ -1293,7 +1293,7 @@ discover_interfaces(int state) { +@@ -894,7 +894,7 @@ discover_interfaces(int state) { so now we have to call it explicitly to not leave the hardware address unknown (some code expects it cannot be. */ @@ -588,10 +582,8 @@ index c48d67b..969ee3e 100644 } else { if_register_linklocal6(tmp); } -diff --git a/common/dlpi.c b/common/dlpi.c -index 1014e29..3e6a3d3 100644 ---- a/common/dlpi.c -+++ b/common/dlpi.c +--- common/dlpi.c.orig ++++ common/dlpi.c @@ -1339,7 +1339,9 @@ void maybe_setup_fallback () #endif /* USE_DLPI_SEND */ @@ -603,10 +595,8 @@ index 1014e29..3e6a3d3 100644 int sock, unit; long buf[DLPI_MAXDLBUF]; union DL_primitives *dlp; -diff --git a/common/lpf.c b/common/lpf.c -index 123790d..943d679 100644 ---- a/common/lpf.c -+++ b/common/lpf.c +--- common/lpf.c.orig ++++ common/lpf.c @@ -47,12 +47,22 @@ #include #include @@ -803,7 +793,7 @@ index 123790d..943d679 100644 ssize_t send_packet (interface, packet, raw, len, from, to, hto) struct interface_info *interface; struct packet *packet; -@@ -335,6 +445,10 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto) +@@ -335,6 +445,10 @@ ssize_t send_packet (interface, packet, return send_fallback (interface, packet, raw, len, from, to, hto); @@ -814,7 +804,7 @@ index 123790d..943d679 100644 if (hto == NULL && interface->anycast_mac_addr.hlen) hto = &interface->anycast_mac_addr; -@@ -439,7 +553,15 @@ ssize_t receive_packet (interface, buf, len, from, hfrom) +@@ -439,7 +553,15 @@ ssize_t receive_packet (interface, buf, bufix = 0; /* Decode the physical header... */ @@ -894,7 +884,7 @@ index 123790d..943d679 100644 break; case ARPHRD_IEEE802: #ifdef ARPHRD_IEEE802_TR -@@ -541,18 +674,37 @@ get_hw_addr(const char *name, struct hardware *hw) { +@@ -541,18 +674,37 @@ get_hw_addr(const char *name, struct har #endif /* ARPHRD_IEEE802_TR */ hw->hlen = 7; hw->hbuf[0] = HTYPE_IEEE802; @@ -936,10 +926,8 @@ index 123790d..943d679 100644 + freeifaddrs(ifaddrs); } #endif -diff --git a/common/print.c b/common/print.c -index ce368c4..7dd9f52 100644 ---- a/common/print.c -+++ b/common/print.c +--- common/print.c.orig ++++ common/print.c @@ -173,11 +173,11 @@ char *print_hw_addr (htype, hlen, data) const int hlen; const unsigned char *data; @@ -954,11 +942,9 @@ index ce368c4..7dd9f52 100644 habuf [0] = 0; else { s = habuf; -diff --git a/common/socket.c b/common/socket.c -index e8851b4..2c6fb1c 100644 ---- a/common/socket.c -+++ b/common/socket.c -@@ -328,7 +328,7 @@ void if_register_send (info) +--- common/socket.c.orig ++++ common/socket.c +@@ -331,7 +331,7 @@ void if_register_send (info) info->wfdesc = if_register_socket(info, AF_INET, 0, NULL); /* If this is a normal IPv4 address, get the hardware address. */ if (strcmp(info->name, "fallback") != 0) @@ -967,7 +953,7 @@ index e8851b4..2c6fb1c 100644 #if defined (USE_SOCKET_FALLBACK) /* Fallback only registers for send, but may need to receive as well. */ -@@ -391,7 +391,7 @@ void if_register_receive (info) +@@ -394,7 +394,7 @@ void if_register_receive (info) #endif /* IP_PKTINFO... */ /* If this is a normal IPv4 address, get the hardware address. */ if (strcmp(info->name, "fallback") != 0) @@ -976,7 +962,7 @@ index e8851b4..2c6fb1c 100644 if (!quiet_interface_discovery) log_info ("Listening on Socket/%s%s%s", -@@ -505,7 +505,7 @@ if_register6(struct interface_info *info, int do_multicast) { +@@ -508,7 +508,7 @@ if_register6(struct interface_info *info if (req_multi) if_register_multicast(info); @@ -985,7 +971,7 @@ index e8851b4..2c6fb1c 100644 if (!quiet_interface_discovery) { if (info->shared_network != NULL) { -@@ -561,7 +561,7 @@ if_register_linklocal6(struct interface_info *info) { +@@ -564,7 +564,7 @@ if_register_linklocal6(struct interface_ info->rfdesc = sock; info->wfdesc = sock; @@ -994,7 +980,7 @@ index e8851b4..2c6fb1c 100644 if (!quiet_interface_discovery) { if (info->shared_network != NULL) { -@@ -1145,7 +1145,9 @@ void maybe_setup_fallback () +@@ -1148,7 +1148,9 @@ void maybe_setup_fallback () #if defined(sun) && defined(USE_V4_PKTINFO) /* This code assumes the existence of SIOCGLIFHWADDR */ void @@ -1005,10 +991,8 @@ index e8851b4..2c6fb1c 100644 struct sockaddr_dl *dladdrp; int sock, i; struct lifreq lifr; -diff --git a/includes/dhcpd.h b/includes/dhcpd.h -index fa7d6fb..e55309e 100644 ---- a/includes/dhcpd.h -+++ b/includes/dhcpd.h +--- includes/dhcpd.h.orig ++++ includes/dhcpd.h @@ -1345,6 +1345,7 @@ struct interface_info { struct shared_network *shared_network; /* Networks connected to this interface. */ @@ -1017,7 +1001,7 @@ index fa7d6fb..e55309e 100644 struct in_addr *addresses; /* Addresses associated with this * interface. */ -@@ -2583,7 +2584,7 @@ void print_dns_status (int, struct dhcp_ddns_cb *, isc_result_t); +@@ -2584,7 +2585,7 @@ void print_dns_status (int, struct dhcp_ #endif const char *print_time(TIME); @@ -1026,11 +1010,9 @@ index fa7d6fb..e55309e 100644 char *buf_to_hex (const unsigned char *s, unsigned len, const char *file, int line); char *format_lease_id(const unsigned char *s, unsigned len, int format, -diff --git a/server/dhcp.c b/server/dhcp.c -index c9b3632..effa9b1 100644 ---- a/server/dhcp.c -+++ b/server/dhcp.c -@@ -1967,11 +1967,12 @@ void echo_client_id(packet, lease, in_options, out_options) +--- server/dhcp.c.orig ++++ server/dhcp.c +@@ -1991,11 +1991,12 @@ void echo_client_id(packet, lease, in_op /* Check if echo-client-id is enabled */ oc = lookup_option(&server_universe, in_options, SV_ECHO_CLIENT_ID); @@ -1045,7 +1027,7 @@ index c9b3632..effa9b1 100644 struct data_string client_id; unsigned int opcode = DHO_DHCP_CLIENT_IDENTIFIER; -@@ -3766,9 +3767,11 @@ void dhcp_reply (lease) +@@ -3801,9 +3802,11 @@ void dhcp_reply (lease) } else bufs |= 2; /* XXX */ @@ -1060,11 +1042,9 @@ index c9b3632..effa9b1 100644 raw.htype = lease -> hardware_addr.hbuf [0]; /* See if this is a Microsoft client that NUL-terminates its -diff --git a/server/dhcpleasequery.c b/server/dhcpleasequery.c -index 75a0e72..6207c31 100644 ---- a/server/dhcpleasequery.c -+++ b/server/dhcpleasequery.c -@@ -299,7 +299,7 @@ dhcpleasequery(struct packet *packet, int ms_nulltp) { +--- server/dhcpleasequery.c.orig ++++ server/dhcpleasequery.c +@@ -299,7 +299,7 @@ dhcpleasequery(struct packet *packet, in assoc_ips, nassoc_ips); @@ -1073,7 +1053,7 @@ index 75a0e72..6207c31 100644 if (packet->raw->hlen+1 > sizeof(h.hbuf)) { log_info("%s: hardware length too long, " -@@ -409,11 +409,13 @@ dhcpleasequery(struct packet *packet, int ms_nulltp) { +@@ -409,11 +409,13 @@ dhcpleasequery(struct packet *packet, in * Set the hardware address fields. */ @@ -1091,11 +1071,9 @@ index 75a0e72..6207c31 100644 /* * Set client identifier option. -diff --git a/server/mdb.c b/server/mdb.c -index 6af6b63..a143452 100644 ---- a/server/mdb.c -+++ b/server/mdb.c -@@ -618,6 +618,9 @@ int find_hosts_by_haddr (struct host_decl **hp, int htype, +--- server/mdb.c.orig ++++ server/mdb.c +@@ -618,6 +618,9 @@ int find_hosts_by_haddr (struct host_dec return ret; #endif diff --git a/0019-dhcp-4.2.4-P1-interval.patch b/0019-dhcp-4.2.4-P1-interval.patch deleted file mode 100644 index 5b07e34..0000000 --- a/0019-dhcp-4.2.4-P1-interval.patch +++ /dev/null @@ -1,50 +0,0 @@ -commit 9a312e3cd914da2b6f32651c94d1d1d4fb0bf359 -Author: Jiri Popelka -Date: Fri Jul 27 10:00:49 2012 +0200 - - isc_time_nowplusinterval() is not safe with 64-bit time_t (#662254, #789601) - -References: bsc#947780, bsc#880984 -Index: dhcp-4.2.4-P2/common/dispatch.c -=================================================================== ---- dhcp-4.2.4-P2.orig/common/dispatch.c -+++ dhcp-4.2.4-P2/common/dispatch.c -@@ -320,7 +320,20 @@ void add_timeout (when, where, what, ref - q->next = timeouts; - timeouts = q; - -- isc_interval_set(&interval, sec & DHCP_SEC_MAX, usec * 1000); -+ /* isc_time_nowplusinterval() is not safe with 64-bit time_t and will -+ * return an error for sufficiently large intervals. We have to limit -+ * the interval to INT_MAX or less to ensure the interval doesn't -+ * overflow 32 bits, since the returned isc_time_t fields are -+ * 32-bit unsigned ints. -+ * -+ * HACK: The 9 is a magic number of seconds, since some time may have -+ * gone by since the last call to gettimeofday() and the one in -+ * isc_time_nowplusinterval(). -+ */ -+ if (sec > TIME_MAX) -+ sec = TIME_MAX - 9; -+ -+ isc_interval_set(&interval, sec, usec * 1000); - status = isc_time_nowplusinterval(&expires, &interval); - if (status != ISC_R_SUCCESS) { - /* -From: Nirmoy Das -Date: Tue, 26 Jan 2016 13:36:28 +0100 -Subject: [PATCH] adjusted interval check - -Index: dhcp-4.3.3/common/dispatch.c -=================================================================== ---- dhcp-4.3.3.orig/common/dispatch.c -+++ dhcp-4.3.3/common/dispatch.c -@@ -349,7 +349,7 @@ void add_timeout (when, where, what, ref - * gone by since the last call to gettimeofday() and the one in - * isc_time_nowplusinterval(). - */ -- if (sec > TIME_MAX) -+ if (sec > TIME_MAX - 9) - sec = TIME_MAX - 9; - - isc_interval_set(&interval, sec, usec * 1000); diff --git a/0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch b/0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch index b0f2963..216fa8f 100644 --- a/0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch +++ b/0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch @@ -7,10 +7,8 @@ year 2038 is EOT only for 32 bit machine. This patch checks wordsize and do a proper EOT checking on lease duration. It also fixes integer overflows in the date and time handling code. -diff --git a/common/parse.c b/common/parse.c -index 22e7d58..e9e53a4 100644 ---- a/common/parse.c -+++ b/common/parse.c +--- common/parse.c.orig ++++ common/parse.c @@ -939,7 +939,7 @@ TIME parse_date_core(cfile) struct parse *cfile; @@ -56,16 +54,14 @@ index 22e7d58..e9e53a4 100644 (year - 69) / 4 + /* Leap days since '70 */ (mon /* Days in months this year */ ? months [mon - 1] -diff --git a/includes/dhcpd.h b/includes/dhcpd.h -index 4270edc..1af4c5b 100644 ---- a/includes/dhcpd.h -+++ b/includes/dhcpd.h -@@ -1561,7 +1561,7 @@ typedef unsigned char option_mask [16]; - #define DHCPD_LOG_FACILITY LOG_DAEMON +--- includes/dhcpd.h.orig ++++ includes/dhcpd.h +@@ -1588,7 +1588,7 @@ typedef unsigned char option_mask [16]; #endif --#define MAX_TIME 0x7fffffff + #define INFINITE_TIME 0xffffffff +-#define MAX_TIME 0x7fffffff +#define MAX_TIME LONG_MAX - #define MIN_TIME 0 + #define MIN_TIME 0 #ifdef USE_LOG_PID diff --git a/0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch b/0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch deleted file mode 100644 index 8e645e2..0000000 --- a/0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 1a6b62fe17a42b00fa234d06b6dfde3d03451894 Mon Sep 17 00:00:00 2001 -From: Thomas Markwalder -Date: Thu, 7 Dec 2017 11:23:36 -0500 -Subject: [PATCH] [master] Plugs a socket descriptor leak in OMAPI - - Merges in rt46767. ---- - RELNOTES | 5 +++++ - omapip/buffer.c | 9 +++++++++ - omapip/message.c | 2 +- - 3 files changed, 15 insertions(+), 1 deletion(-) - -diff --git a/RELNOTES b/RELNOTES -index cf44b3e..d43e7b3 100644 ---- a/RELNOTES -+++ b/RELNOTES -@@ -919,6 +919,11 @@ by Eric Young (eay@cryptsoft.com). - and our website for directions on bug submissions. - [ISC-Bugs #24789] - -+- Plugged a socket descriptor leak in OMAPI, that can occur when there is -+ data pending to be written to an OMAPI connection, when the connection -+ is closed by the reader. -+ [ISc-Bugs #46767] -+ - Changes since 4.2.0 (new features) - - - If a client renews before 'dhcp-cache-threshold' percent of its lease -diff --git a/omapip/buffer.c b/omapip/buffer.c -index f7fdc32..809034d 100644 ---- a/omapip/buffer.c -+++ b/omapip/buffer.c -@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h) - omapi_buffer_dereference (&buffer, MDL); - } - } -+ -+ /* If we had data left to write when we're told to disconnect, -+ * we need recall disconnect, now that we're done writing. -+ * See rt46767. */ -+ if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) { -+ omapi_disconnect (h, 1); -+ return ISC_R_SHUTTINGDOWN; -+ } -+ - return ISC_R_SUCCESS; - } - -diff --git a/omapip/message.c b/omapip/message.c -index 59ccdc2..21bcfc3 100644 ---- a/omapip/message.c -+++ b/omapip/message.c -@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo) - } - - #ifdef DEBUG_PROTOCOL --static const char *omapi_message_op_name(int op) { -+const char *omapi_message_op_name(int op) { - switch (op) { - case OMAPI_OP_OPEN: return "OMAPI_OP_OPEN"; - case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH"; diff --git a/0022-Optimized-if-and-when-DNS-client-context-and-ports.patch b/0022-Optimized-if-and-when-DNS-client-context-and-ports.patch deleted file mode 100644 index c4a46a7..0000000 --- a/0022-Optimized-if-and-when-DNS-client-context-and-ports.patch +++ /dev/null @@ -1,306 +0,0 @@ -From df869de2b9f95f14ce4eca142afaf0f1fef29809 Mon Sep 17 00:00:00 2001 -From: Nirmoy Das -Date: Thu, 11 Jan 2018 10:20:59 +0100 -Subject: [PATCH] modified for SLES - -From ca22af89996483efd820de0084c964fc336ee7c1 Mon Sep 17 00:00:00 2001 -From: Thomas Markwalder -Date: Mon, 19 Jun 2017 14:44:29 -0400 -Subject: [PATCH] [master] Optimized if and when DNS client context and ports - are initted - - Merges in rt45290. ---- - RELNOTES | 9 ++++++ - client/dhclient.8 | 5 +-- - client/dhclient.c | 4 +-- - common/dns.c | 15 +++++++-- - includes/omapip/isclib.h | 9 +++++- - omapip/isclib.c | 80 ++++++++++++++++++++++++++++++------------------ - relay/dhcrelay.c | 3 +- - server/dhcpd.8 | 6 ++-- - server/dhcpd.c | 14 ++++++--- - 9 files changed, 100 insertions(+), 45 deletions(-) ---- - client/dhclient.8 | 5 +-- - client/dhclient.c | 4 +-- - common/dns.c | 15 +++++++-- - includes/omapip/isclib.h | 9 +++++- - omapip/isclib.c | 80 ++++++++++++++++++++++++++++++------------------ - relay/dhcrelay.c | 3 +- - server/dhcpd.8 | 4 +-- - server/dhcpd.c | 14 ++++++--- - 8 files changed, 90 insertions(+), 44 deletions(-) - -diff --git a/client/dhclient.8 b/client/dhclient.8 -index d9a26b7..8991e16 100644 ---- a/client/dhclient.8 -+++ b/client/dhclient.8 -@@ -461,8 +461,9 @@ port will be used for the established connection. - - When DDNS is enabled at compile time (see includes/site.h) - the client will open both a v4 and a v6 UDP socket on --random ports. These ports are opened even if DDNS is disabled --in the configuration file. -+random ports. These ports are not opened unless/until the -+client first attempts to do an update. If the client is not -+configured to do updates, the ports will never be opened. - .PP - .SH CONFIGURATION - The syntax of the \fBdhclient.conf(5)\fR file is discussed separately. -diff --git a/client/dhclient.c b/client/dhclient.c -index 2804ea8..d3fe751 100644 ---- a/client/dhclient.c -+++ b/client/dhclient.c -@@ -187,8 +187,8 @@ main(int argc, char **argv) { - #endif - - /* Set up the isc and dns library managers */ -- status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB, -- NULL, NULL); -+ status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB -+ | DHCP_DNS_CLIENT_LAZY_INIT, NULL, NULL); - if (status != ISC_R_SUCCESS) - log_fatal("Can't initialize context: %s", - isc_result_totext(status)); -diff --git a/common/dns.c b/common/dns.c -index 0f8be80..2ca4ba8 100644 ---- a/common/dns.c -+++ b/common/dns.c -@@ -3,8 +3,7 @@ - Domain Name Service subroutines. */ - - /* -- * Copyright (c) 2009-2015 by Internet Systems Consortium, Inc. ("ISC") -- * Copyright (c) 2004-2007 by Internet Systems Consortium, Inc. ("ISC") -+ * Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 2001-2003 by Internet Software Consortium - * - * Permission to use, copy, modify, and distribute this software for any -@@ -2151,6 +2150,12 @@ ddns_modify_fwd(dhcp_ddns_cb_t *ddns_cb, const char *file, int line) - - isc_sockaddrlist_t *zlist = NULL; - -+ /* Creates client context if we need to */ -+ result = dns_client_init(); -+ if (result != ISC_R_SUCCESS) { -+ return result; -+ } -+ - /* Get a pointer to the clientname to make things easier. */ - clientname = (unsigned char *)ddns_cb->fwd_name.data; - -@@ -2359,6 +2364,12 @@ ddns_modify_ptr(dhcp_ddns_cb_t *ddns_cb, const char *file, int line) - unsigned char buf[256]; - int buflen; - -+ /* Creates client context if we need to */ -+ result = dns_client_init(); -+ if (result != ISC_R_SUCCESS) { -+ return result; -+ } -+ - /* - * Try to lookup the zone in the zone cache. As with the forward - * case it's okay if we don't have one, the DNS code will try to -diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h -index caa388a..e296308 100644 ---- a/includes/omapip/isclib.h -+++ b/includes/omapip/isclib.h -@@ -3,7 +3,7 @@ - connections to the isc and dns libraries */ - - /* -- * Copyright (c) 2009,2013,2014 by Internet Systems Consortium, Inc. ("ISC") -+ * Copyright (c) 2009-2017 by Internet Systems Consortium, Inc. ("ISC") - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above -@@ -98,6 +98,10 @@ typedef struct dhcp_context { - isc_timermgr_t *timermgr; - #if defined (NSUPDATE) - dns_client_t *dnsclient; -+ int use_local4; -+ isc_sockaddr_t local4_sockaddr; -+ int use_local6; -+ isc_sockaddr_t local6_sockaddr; - #endif - } dhcp_context_t; - -@@ -125,6 +129,7 @@ isclib_make_dst_key(char *inname, - - #define DHCP_CONTEXT_PRE_DB 1 - #define DHCP_CONTEXT_POST_DB 2 -+#define DHCP_DNS_CLIENT_LAZY_INIT 4 - isc_result_t dhcp_context_create(int flags, - struct in_addr *local4, - struct in6_addr *local6); -@@ -133,4 +138,6 @@ void isclib_cleanup(void); - void dhcp_signal_handler(int signal); - extern int shutdown_signal; - -+isc_result_t dns_client_init(); -+ - #endif /* ISCLIB_H */ -diff --git a/omapip/isclib.c b/omapip/isclib.c -index 13f0d3e..ce86490 100644 ---- a/omapip/isclib.c -+++ b/omapip/isclib.c -@@ -1,5 +1,5 @@ - /* -- * Copyright(c) 2009-2010,2013-2014 by Internet Systems Consortium, Inc.("ISC") -+ * Copyright(c) 2009-2017 by Internet Systems Consortium, Inc.("ISC") - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above -@@ -221,39 +221,24 @@ dhcp_context_create(int flags, - - #if defined (NSUPDATE) - if ((flags & DHCP_CONTEXT_POST_DB) != 0) { -- isc_sockaddr_t localaddr4, *localaddr4_ptr = NULL; -- isc_sockaddr_t localaddr6, *localaddr6_ptr = NULL; -+ /* Setting addresses only. -+ * All real work will be done later on if needed to avoid -+ * listening on ddns port if client/server was compiled with -+ * ddns support but not using it. */ - if (local4 != NULL) { -- isc_sockaddr_fromin(&localaddr4, local4, 0); -- localaddr4_ptr = &localaddr4; -+ dhcp_gbl_ctx.use_local4 = 1; -+ isc_sockaddr_fromin(&dhcp_gbl_ctx.local4_sockaddr, -+ local4, 0); - } -+ - if (local6 != NULL) { -- isc_sockaddr_fromin6(&localaddr6, local6, 0); -- localaddr6_ptr = &localaddr6; -+ dhcp_gbl_ctx.use_local6 = 1; -+ isc_sockaddr_fromin6(&dhcp_gbl_ctx.local6_sockaddr, -+ local6, 0); - } - -- result = dns_client_createx2(dhcp_gbl_ctx.mctx, -- dhcp_gbl_ctx.actx, -- dhcp_gbl_ctx.taskmgr, -- dhcp_gbl_ctx.socketmgr, -- dhcp_gbl_ctx.timermgr, -- 0, -- &dhcp_gbl_ctx.dnsclient, -- localaddr4_ptr, -- localaddr6_ptr); -- if (result != ISC_R_SUCCESS) -- goto cleanup; -- -- /* -- * If we can't set up the servers we may not be able to -- * do DDNS but we should continue to try and perform -- * our basic functions and let the user sort it out. -- */ -- result = dhcp_dns_client_setservers(); -- if (result != ISC_R_SUCCESS) { -- log_error("Unable to set resolver from resolv.conf; " -- "startup continuing but DDNS support " -- "may be affected"); -+ if (!(flags & DHCP_DNS_CLIENT_LAZY_INIT)) { -+ result = dns_client_init(); - } - } - #endif -@@ -360,3 +345,40 @@ void dhcp_signal_handler(int signal) { - (void) isc_app_ctxsuspend(ctx); - } - } -+ -+isc_result_t dns_client_init() { -+ isc_result_t result; -+ if (dhcp_gbl_ctx.dnsclient == NULL) { -+ result = dns_client_createx2(dhcp_gbl_ctx.mctx, -+ dhcp_gbl_ctx.actx, -+ dhcp_gbl_ctx.taskmgr, -+ dhcp_gbl_ctx.socketmgr, -+ dhcp_gbl_ctx.timermgr, -+ 0, -+ &dhcp_gbl_ctx.dnsclient, -+ (dhcp_gbl_ctx.use_local4 ? -+ &dhcp_gbl_ctx.local4_sockaddr -+ : NULL), -+ (dhcp_gbl_ctx.use_local6 ? -+ &dhcp_gbl_ctx.local6_sockaddr -+ : NULL)); -+ -+ if (result != ISC_R_SUCCESS) { -+ log_error("Unable to create DNS client context:" -+ " result: %d", result); -+ return result; -+ } -+ -+ /* If we can't set up the servers we may not be able to -+ * do DDNS but we should continue to try and perform -+ * our basic functions and let the user sort it out. */ -+ result = dhcp_dns_client_setservers(); -+ if (result != ISC_R_SUCCESS) { -+ log_error("Unable to set resolver from resolv.conf; " -+ "startup continuing but DDNS support " -+ "may be affected: result %d", result); -+ } -+ } -+ -+ return ISC_R_SUCCESS; -+} -diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c -index 9d39fae..3abbe1e 100644 ---- a/relay/dhcrelay.c -+++ b/relay/dhcrelay.c -@@ -204,8 +204,7 @@ main(int argc, char **argv) { - #endif - - /* Set up the isc and dns library managers */ -- status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB, -- NULL, NULL); -+ status = dhcp_context_create(DHCP_CONTEXT_PRE_DB, NULL, NULL); - if (status != ISC_R_SUCCESS) - log_fatal("Can't initialize context: %s", - isc_result_totext(status)); -diff --git a/server/dhcpd.8 b/server/dhcpd.8 -index bfda639..259b91c 100644 ---- a/server/dhcpd.8 -+++ b/server/dhcpd.8 -@@ -358,8 +358,8 @@ port will be used for the established connection. - - When DDNS is enabled at compile time (see includes/site.h) - the server will open both a v4 and a v6 UDP socket on --random ports. These ports are opened even if DDNS is disabled --in the configuration file. -+random ports, unless DDNS updates are globally disabled by -+setting ddns-update-style to none in the configuration file. - .PP - .SH CONFIGURATION - The syntax of the dhcpd.conf(5) file is discussed separately. This -diff --git a/server/dhcpd.c b/server/dhcpd.c -index 0f5c640..d7c4456 100644 ---- a/server/dhcpd.c -+++ b/server/dhcpd.c -@@ -1053,10 +1053,16 @@ void postconf_initialization (int quiet) - } - } - -- if (dhcp_context_create(DHCP_CONTEXT_POST_DB, local4_ptr, local6_ptr) -- != ISC_R_SUCCESS) -- log_fatal("Unable to complete ddns initialization"); -- -+ /* Don't init DNS client if update style is none. This avoids -+ * listening ports that aren't needed. We don't use ddns-udpates -+ * as that has multiple levels of scope. */ -+ if (ddns_update_style != DDNS_UPDATE_STYLE_NONE) { -+ if (dhcp_context_create(DHCP_CONTEXT_POST_DB, -+ local4_ptr, local6_ptr) -+ != ISC_R_SUCCESS) { -+ log_fatal("Unable to complete ddns initialization"); -+ } -+ } - #else - /* If we don't have support for updates compiled in tell the user */ - if (ddns_update_style != DDNS_UPDATE_STYLE_NONE) { --- -2.15.0 - diff --git a/dhcp-4.3.5.tar.gz b/dhcp-4.3.5.tar.gz deleted file mode 100644 index eab724a..0000000 --- a/dhcp-4.3.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:eb95936bf15d2393c55dd505bc527d1d4408289cec5a9fa8abb99f7577e7f954 -size 10075147 diff --git a/dhcp-4.3.5.tar.gz.asc b/dhcp-4.3.5.tar.gz.asc deleted file mode 100644 index 0202fe1..0000000 --- a/dhcp-4.3.5.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iQEcBAABAgAGBQJX8jrBAAoJEG+m68mRGkwCczcH/1lMdlvf2RX+IfNraDTXWmY1 -+MGk51H7aIJDRDFhiLA1f1ht1hIXJB0gnaOdJxLcqQGUiHPQfVZidDz2XxAjr7S2 -VvV6mfHxO1+oPsaFzCEItDqHk/LJcBDgKWC2cvabNfi5Nyq8rR+Zjn0i509DYFBR -cJYzau7Smse8ZVpUrsdLOtKgNznVPioowqCooiOlzZfYNfKOdwk4z6U8vglLhRL4 -xpfbg373Z78dExeNPqJ97c/tUg2YCnuZGvLfwvI+2Bzrp63TbAnJYB3CnyCj+fS2 -iSH7WACNSqRQoEWxE+vi9kTY0GGVFaonPZSRMT1DKFhBge4TdMCm2STIIOJiPFw= -=xG2q ------END PGP SIGNATURE----- diff --git a/dhcp-4.3.6-P1.tar.gz b/dhcp-4.3.6-P1.tar.gz new file mode 100644 index 0000000..9c402c6 --- /dev/null +++ b/dhcp-4.3.6-P1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2fd177bef02856f05fe17713ced9bfcc7d94f14c933c15f2f2fbedc9cc57a3c3 +size 10189202 diff --git a/dhcp-4.3.6-P1.tar.gz.asc b/dhcp-4.3.6-P1.tar.gz.asc new file mode 100644 index 0000000..34145aa --- /dev/null +++ b/dhcp-4.3.6-P1.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - http://gpgtools.org + +iQIzBAABAgAdFiEEvg6XSLcYJToou4n/8bEb8FzwLlcFAlqN9aIACgkQ8bEb8Fzw +LlfmNQ/+OKtQwHU+ymYE0v/r+Ux1/at5Cob5TSiBx/l7Um26nxvBLVgFO6cfoL6X +ZVsA56YFHtsMwDBktWirFxAhou6S66W455O6FJJ75NRhZoi/lpvxf2LJLCHp+R21 +XvCMLZ2ZKziIsDRZBbYUifcDT7r65Vvo88ZV4JEJMPC8PLqxvq/OpET2ZRzH17Fl +xkD4T+mySPGGJI1rodMtpFaFunjWhgXOZC59rscfJmiDkuQR+hH6KF3fnUmaL3wo +qhlzVD/EX4FP9FLZOsNXlLLq3oAzbwFZ+nq33ubabC000vuktvfpoG2HChWYmuZi +wxNtuVa2Su8PSeho0FIoJHMhw+QulBUYi/KyJowEGTKqKIEA6cMdnDKQ7emoTEAH +iUV+qYg+eceaTokDHHsbX/VXlP4fjIsGPWWga3CxFz9li/ld7CcxchIOsWg89/pu +Zd9kAwtrF4li5EVhy9rfuprpWfUgAL4hEw8CA6xFpFs6dafe6YiESiM5qzN4VxzN +NC+QzcUzr5r1KBMwyIzoVj1K9ZWEwEur54nCl6sB4crihTW/Acc0co+4DTUOrz9/ +tg4/i3cVyuh8cqjPURgg3+NMvjQCBI5w7kWM+45NOnzieVJYYMZEB/vo8c2xs8mS +hynQR9Oab2DJZcaSpcAJ0jae7BWM3qQpOdB81D6n2dsRr6tymCQ= +=1kxC +-----END PGP SIGNATURE----- diff --git a/dhcp.changes b/dhcp.changes index f65a286..5a9e5d7 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,3 +1,79 @@ +------------------------------------------------------------------- +Thu Mar 8 13:15:16 UTC 2018 - max@suse.com + +- Update to dhcp-4.3.6-P1: + * CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd. + * CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient. + * Plugged a socket descriptor leak in OMAPI + * The server now allows the client identifier (option 61) to own + leases in more than one subnet concurrently [ISC-Bugs #41358]. + * When replying to a DHCPINFORM, the server will now include + options specified at the pool scope, provided the ciaddr field + of the DHCPINFORM is populated. + [ISC-Bugs #43219] [ISC-Bugs #45051]. + * When memory allocation fails in a repeated way the process + writes "Run out of memory." on the standard error and exists + with status 1 [ISC-Bugs #32744]. + * The new lmdb (Lightning Memory DataBase) bind9 configure + option is now disabled by default to avoid the presence of + this library to be detected which can lead to a link failure. + [ISC-Bugs #45069] + * The linux interface discovery code has been modified to use + getifaddrs() as is done for BSD and OS-X. + [ISC-Bugs #28761] and others. + * Fixed a bug in OMAPI that causes omshell to crash when a + name-value pair with a zero length value is shipped in an + object [ISC-Bugs #29108]. + * On 64-bit platforms, dhclient now generates the correct value + for the script environment variable, "expiry", the lease + expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326]. + * Common timer logic was modified to cap the maximum timeout + values at 0x7FFFFFFF - 1 [ISC-Bugs #28038]. + * DHCP6 FQDN option unpacking code now correctly handles values + that contain spaces, special, or non-printable characters. + [ISC-Bugs #43592] + * When running in -6 mode, dhclient can enforce the require + option statement and will discard offered leases that do not + contain all the required options specified in the client + configuration [ISC-Bugs #41473]. + * Altered DHCPv4 lease time calculation to avoid roll over + errors on 64-bit OS systems when using -1 or large values + for default-lease-time [ISC-Bugs #41976], + * Added --dad-wait-time parameter to dhclient [ISC-Bugs #36169]. + * The server nows checks both the address and length of a + prefix delegation when attempting to match it to a prefix + pool [ISC-Bugs #35378]. + * Modified DDNS support initialization such that DNS related + ports will only be opened by the server (dhcpd) at startup + if ddns-update-style is not "none"; by dhclient only if and + when the it first attempts an update; and never by dhcrelay. + [ISC-Bugs #45290] [ISC-Bugs #33377] + * Added error logging to two memory allocation failure checks. + [ISC-Bugs #41185] + * Corrected a dhclient -6 issue that caused the client to crash + with an "Impossible condition" error after de-preferencing its + only IA binding [ISC-Bugs #44373]. + * By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h, + dhclient will now call the script with reason set to FAIL when + run with -1 (one try) and there are no server responses. + [ISC-bugs #18183] + * The server now detects failover peers that are not referenced + in at least one pool when run with the command line option for + test mode, -T [ISC-Bugs #29892]. + * Linux script updated [ISC-bugs #19430] [ISC-bugs #18111]. + * Changed severity of the log message indicating UDP checksum + errors in the received packets from 'info' to 'debug'. + [ISC-bugs #41757] + * Corrected a bug which could cause the server to sporadically + crash while loading lease files with the lease-id-format is + set to "hex" [ISC-Bugs #43185]. + +- Obsoleted patches: + * 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch + * 0019-dhcp-4.2.4-P1-interval.patch + * 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch + * 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch + ------------------------------------------------------------------- Fri Jan 19 12:16:47 CET 2018 - ndas@suse.de diff --git a/dhcp.spec b/dhcp.spec index 1c946fa..c845ad4 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -21,7 +21,7 @@ %define _fillupdir /var/adm/fillup-templates %endif -%define isc_version 4.3.5 +%define isc_version 4.3.6-P1 %define susefw2dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services %define omc_prefix /usr/share/omc %define omc_svcdir %{omc_prefix}/svcinfo.d @@ -94,8 +94,6 @@ Patch8: 0008-dhcp-4.2.2-dhclient-option-checks.patch Patch9: 0009-dhcp-4.2.6-close-on-exec.patch # PATCH-FIX-OPENSUSE quiet-dhclient bnc#711420 Patch10: 0010-dhcp-4.2.2-quiet-dhclient.patch -# PATCH-FIX-UPSTREAM use-getifaddrs bnc#791289,ISC-Bugs#31992 -Patch11: 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch # PATCH-FIX-OPENSUSE dhcp-4.2.x-chown-server-leases bnc#868253 Patch12: 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch # PATCH-FIX-SLE dhcp-4.2.x-dhcpv6-decline-on-DAD-failure bnc#872609 @@ -111,10 +109,7 @@ Patch17: 0017-server-no-success-report-before-send.919959.patch # PATCH-FIX-SLE client-fail-on-script-pre-init-error bsc#912098 Patch18: 0018-client-fail-on-script-pre-init-error-bsc-912098.patch # PATCH-FIX-SLE dhcp-4.2.4-P1-interval bsc#947780 -Patch19: 0019-dhcp-4.2.4-P1-interval.patch Patch20: 0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch -Patch21: 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch -Patch22: 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch ## PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -239,20 +234,16 @@ Authors: %patch6 -p1 %patch7 -p1 %patch8 -p1 -%patch9 -p1 +%patch9 %patch10 -p1 -%patch11 -p1 %patch12 -p1 %patch13 -p1 -%patch14 -p1 +%patch14 %patch15 -p1 -%patch16 -p1 +%patch16 %patch17 -p1 %patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 +%patch20 ## find . -type f -name \*.cat\* -exec rm -f {} \; dos2unix contrib/ms2isc/*