Accepting request 589263 from network:dhcp

- Update to dhcp-4.3.6-P1: * CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd. * CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient. * Plugged a socket descriptor leak in OMAPI * The server now allows the client identifier (option 61) to own leases in more than one subnet concurrently [ISC-Bugs #41358]. * When replying to a DHCPINFORM, the server will now include options specified at the pool scope, provided the ciaddr field of the DHCPINFORM is populated. [ISC-Bugs #43219] [ISC-Bugs #45051]. * When memory allocation fails in a repeated way the process writes "Run out of memory." on the standard error and exists with status 1 [ISC-Bugs #32744]. * The new lmdb (Lightning Memory DataBase) bind9 configure option is now disabled by default to avoid the presence of this library to be detected which can lead to a link failure. [ISC-Bugs #45069] * The linux interface discovery code has been modified to use getifaddrs() as is done for BSD and OS-X. [ISC-Bugs #28761] and others. * Fixed a bug in OMAPI that causes omshell to crash when a name-value pair with a zero length value is shipped in an object [ISC-Bugs #29108]. * On 64-bit platforms, dhclient now generates the correct value for the script environment variable, "expiry", the lease expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326]. * Common timer logic was modified to cap the maximum timeout values at 0x7FFFFFFF - 1 [ISC-Bugs #28038]. * DHCP6 FQDN option unpacking code now correctly handles values that contain spaces, special, or non-printable characters. OBS-URL: https://build.opensuse.org/request/show/589263 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=108
2018-03-24 15:12:24 +00:00 · 2018-03-24 15:12:24 +00:00 · 0f7de727ac
commit 0f7de727ac
parent baa5bdd674 e9398b14d9
14 changed files with 225 additions and 772 deletions
--- a/0009-dhcp-4.2.6-close-on-exec.patch
+++ b/0009-dhcp-4.2.6-close-on-exec.patch
@ -8,11 +8,9 @@ Merged fixed close-on-exec patch (bnc#732910)
 References: bnc#732910
 Signed-off-by: Marius Tomaschewski <mt@suse.de>
-diff --git a/client/clparse.c b/client/clparse.c
+--- client/clparse.c.orig
-index 320c42f..b7e4251 100644
+++ client/clparse.c
--- a/client/clparse.c
+@@ -262,7 +262,7 @@ int read_client_conf_file (const char *n
 +++ b/client/clparse.c
@@ -221,7 +221,7 @@ int read_client_conf_file (const char *name, struct interface_info *ip,
 	int token;
 	isc_result_t status;
@ -21,7 +19,7 @@ index 320c42f..b7e4251 100644
 		return uerr2isc (errno);
 	cfile = NULL;
-@@ -297,7 +297,7 @@ void read_client_leases ()
+@@ -338,7 +338,7 @@ void read_client_leases ()
 	/* Open the lease file.   If we can't open it, just return -
 	   we can safely trust the server to remember our state. */
@ -30,11 +28,9 @@ index 320c42f..b7e4251 100644
 		return;
 	cfile = NULL;
-diff --git a/client/dhclient.c b/client/dhclient.c
+--- client/dhclient.c.orig
-index a077b48..ac36e3d 100644
+++ client/dhclient.c
--- a/client/dhclient.c
+@@ -565,7 +565,7 @@ main(int argc, char **argv) {
 +++ b/client/dhclient.c
@@ -438,7 +438,7 @@ main(int argc, char **argv) {
 		long temp;
 		int e;
@ -43,7 +39,7 @@ index a077b48..ac36e3d 100644
 			e = fscanf(pidfd, "%ld\n", &temp);
 			oldpid = (pid_t)temp;
-@@ -2840,7 +2840,7 @@ void rewrite_client_leases ()
+@@ -3403,7 +3403,7 @@ void rewrite_client_leases ()
 	if (leaseFile != NULL)
 		fclose (leaseFile);
@ -52,7 +48,7 @@ index a077b48..ac36e3d 100644
 	if (leaseFile == NULL) {
 		log_error ("can't create %s: %m", path_dhclient_db);
 		return;
-@@ -3033,7 +3033,7 @@ write_duid(struct data_string *duid)
+@@ -3598,7 +3598,7 @@ write_duid(struct data_string *duid)
 		return DHCP_R_INVALIDARG;
 	if (leaseFile == NULL) {	/* XXX? */
@ -61,7 +57,7 @@ index a077b48..ac36e3d 100644
 		if (leaseFile == NULL) {
 			log_error("can't create %s: %m", path_dhclient_db);
 			return ISC_R_IOERROR;
-@@ -3081,7 +3081,7 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease,
+@@ -3643,7 +3643,7 @@ write_client6_lease(struct client_state
 		return DHCP_R_INVALIDARG;
 	if (leaseFile == NULL) {	/* XXX? */
@ -70,7 +66,7 @@ index a077b48..ac36e3d 100644
 		if (leaseFile == NULL) {
 			log_error("can't create %s: %m", path_dhclient_db);
 			return ISC_R_IOERROR;
-@@ -3213,7 +3213,7 @@ int write_client_lease (client, lease, rewrite, makesure)
+@@ -3802,7 +3802,7 @@ int write_client_lease (client, lease, r
 		return 1;
 	if (leaseFile == NULL) {	/* XXX */
@ -79,11 +75,9 @@ index a077b48..ac36e3d 100644
 		if (leaseFile == NULL) {
 			log_error ("can't create %s: %m", path_dhclient_db);
 			return 0;
-diff --git a/common/bpf.c b/common/bpf.c
+--- common/bpf.c.orig
-index 39d4f45..df9facc 100644
+++ common/bpf.c
--- a/common/bpf.c
+@@ -94,7 +94,7 @@ int if_register_bpf (info)
 +++ b/common/bpf.c
@@ -95,7 +95,7 @@ int if_register_bpf (info)
 	for (b = 0; 1; b++) {
 		/* %Audit% 31 bytes max. %2004.06.17,Safe% */
 		sprintf(filename, BPF_FORMAT, b);
@ -92,33 +86,9 @@ index 39d4f45..df9facc 100644
 		if (sock < 0) {
 			if (errno == EBUSY) {
 				continue;
-diff --git a/common/discover.c b/common/discover.c
+--- common/dlpi.c.orig
-index 3cd64a7..37af780 100644
+++ common/dlpi.c
--- a/common/discover.c
+@@ -813,7 +813,7 @@ dlpiopen(const char *ifname) {
 +++ b/common/discover.c
@@ -415,7 +415,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) {
 	int len;
 	int i;
 -	ifaces->fp = fopen("/proc/net/dev", "r");
 +	ifaces->fp = fopen("/proc/net/dev", "re");
 	if (ifaces->fp == NULL) {
 		log_error("Error opening '/proc/net/dev' to list interfaces");
 		return 0;
@@ -450,7 +450,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) {
 #ifdef DHCPv6
 	if (local_family == AF_INET6) {
 -		ifaces->fp6 = fopen("/proc/net/if_inet6", "r");
 +		ifaces->fp6 = fopen("/proc/net/if_inet6", "re");
 		if (ifaces->fp6 == NULL) {
 			log_error("Error opening '/proc/net/if_inet6' to "
 				  "list IPv6 interfaces; %m");
 diff --git a/common/dlpi.c b/common/dlpi.c
 index c34adc3..944f21c 100644
 --- a/common/dlpi.c
 +++ b/common/dlpi.c
@@ -804,7 +804,7 @@ dlpiopen(const char *ifname) {
 	}
 	*dp = '\0';
@ -127,10 +97,8 @@ index c34adc3..944f21c 100644
 }
 /*
-diff --git a/common/nit.c b/common/nit.c
+--- common/nit.c.orig
-index 316e85f..6aa778b 100644
+++ common/nit.c
 --- a/common/nit.c
 +++ b/common/nit.c
@@ -75,7 +75,7 @@ int if_register_nit (info)
 	struct strioctl sio;
@ -140,10 +108,8 @@ index 316e85f..6aa778b 100644
 	if (sock < 0)
 		log_fatal ("Can't open NIT device for %s: %m", info -> name);
-diff --git a/common/resolv.c b/common/resolv.c
+--- common/resolv.c.orig
-index 526cebf..2ac8d43 100644
+++ common/resolv.c
 --- a/common/resolv.c
 +++ b/common/resolv.c
@@ -44,7 +44,7 @@ void read_resolv_conf (parse_time)
 	struct domain_search_list *dp, *dl, *nd;
 	isc_result_t status;
@ -153,10 +119,8 @@ index 526cebf..2ac8d43 100644
 		log_error ("Can't open %s: %m", path_resolv_conf);
 		return;
 	}
-diff --git a/common/upf.c b/common/upf.c
+--- common/upf.c.orig
-index 34011eb..77d5878 100644
+++ common/upf.c
 --- a/common/upf.c
 +++ b/common/upf.c
@@ -71,7 +71,7 @@ int if_register_upf (info)
 		/* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */
 		sprintf(filename, "/dev/pf/pfilt%d", b);
@ -166,11 +130,9 @@ index 34011eb..77d5878 100644
 		if (sock < 0) {
 			if (errno == EBUSY) {
 				continue;
-diff --git a/omapip/trace.c b/omapip/trace.c
+--- omapip/trace.c.orig
-index f4115c1..4410c35 100644
+++ omapip/trace.c
--- a/omapip/trace.c
+@@ -138,10 +138,10 @@ isc_result_t trace_begin (const char *fi
 +++ b/omapip/trace.c
@@ -138,10 +138,10 @@ isc_result_t trace_begin (const char *filename,
 		return DHCP_R_INVALIDARG;
 	}
@ -183,7 +145,7 @@ index f4115c1..4410c35 100644
 				     0600);
 	}
-@@ -429,7 +429,7 @@ void trace_file_replay (const char *filename)
+@@ -429,7 +429,7 @@ void trace_file_replay (const char *file
 	isc_result_t result;
 	int len;
@ -192,11 +154,9 @@ index f4115c1..4410c35 100644
 	if (!traceinfile) {
 		log_error("Can't open tracefile %s: %m", filename);
 		return;
-diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
+--- relay/dhcrelay.c.orig
-index 15b4997..9d39fae 100644
+++ relay/dhcrelay.c
--- a/relay/dhcrelay.c
+@@ -659,13 +659,14 @@ main(int argc, char **argv) {
 +++ b/relay/dhcrelay.c
@@ -558,13 +558,14 @@ main(int argc, char **argv) {
 		if (no_pid_file == ISC_FALSE) {
 			pfdesc = open(path_dhcrelay_pid,
@ -213,11 +173,9 @@ index 15b4997..9d39fae 100644
 				if (!pf)
 					log_error("Can't fdopen %s: %m",
 						  path_dhcrelay_pid);
-diff --git a/server/confpars.c b/server/confpars.c
+--- server/confpars.c.orig
-index 4b2907d..6aa5b3f 100644
+++ server/confpars.c
--- a/server/confpars.c
+@@ -118,7 +118,7 @@ isc_result_t read_conf_file (const char
 +++ b/server/confpars.c
@@ -111,7 +111,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
 	}
 #endif
@ -226,11 +184,9 @@ index 4b2907d..6aa5b3f 100644
 		if (leasep) {
 			log_error ("Can't open lease database %s: %m --",
 				   path_dhcpd_db);
-diff --git a/server/db.c b/server/db.c
+--- server/db.c.orig
-index 0c642ad..e9a38fe 100644
+++ server/db.c
--- a/server/db.c
+@@ -1081,7 +1081,7 @@ void db_startup (testp)
 +++ b/server/db.c
@@ -1072,7 +1072,7 @@ void db_startup (testp)
 	}
 #endif
 	if (!testp) {
@ -239,7 +195,7 @@ index 0c642ad..e9a38fe 100644
 		if (!db_file)
 			log_fatal ("Can't open %s for append.", path_dhcpd_db);
 		expire_all_pools ();
-@@ -1120,7 +1120,7 @@ int new_lease_file ()
+@@ -1129,7 +1129,7 @@ int new_lease_file ()
 		     path_dhcpd_db) >= sizeof newfname)
 		log_fatal("new_lease_file: lease file path too long");
@ -248,7 +204,7 @@ index 0c642ad..e9a38fe 100644
 	if (db_fd < 0) {
 		log_error ("Can't create new lease file: %m");
 		return 0;
-@@ -1145,7 +1145,7 @@ int new_lease_file ()
+@@ -1154,7 +1154,7 @@ int new_lease_file ()
 	}
 #endif /* PARANOIA */
@ -257,11 +213,9 @@ index 0c642ad..e9a38fe 100644
 		log_error("Can't fdopen new lease file: %m");
 		close(db_fd);
 		goto fdfail;
-diff --git a/server/dhcpd.c b/server/dhcpd.c
+--- server/dhcpd.c.orig
-index eecc89b..afef390 100644
+++ server/dhcpd.c
--- a/server/dhcpd.c
+@@ -760,7 +760,7 @@ main(int argc, char **argv) {
 +++ b/server/dhcpd.c
@@ -658,7 +658,7 @@ main(int argc, char **argv) {
 	 */
 	if ((lftest == 0) && (no_pid_file == ISC_FALSE)) {
 		/*Read previous pid file. */
@ -270,7 +224,7 @@ index eecc89b..afef390 100644
 			status = read(i, pbuf, (sizeof pbuf) - 1);
 			close(i);
 			if (status > 0) {
-@@ -758,7 +758,7 @@ main(int argc, char **argv) {
+@@ -878,7 +878,7 @@ main(int argc, char **argv) {
 	 * appropriate.
 	 */
 	if (no_pid_file == ISC_FALSE) {
@ -279,11 +233,9 @@ index eecc89b..afef390 100644
 		if (i >= 0) {
 			sprintf(pbuf, "%d\n", (int) getpid());
 			IGNORE_RET(write(i, pbuf, strlen(pbuf)));
-diff --git a/server/ldap.c b/server/ldap.c
+--- server/ldap.c.orig
-index 2893b82..9530d9d 100644
+++ server/ldap.c
--- a/server/ldap.c
+@@ -1446,7 +1446,7 @@ ldap_start (void)
 +++ b/server/ldap.c
@@ -1442,7 +1442,7 @@ ldap_start (void)
   if (ldap_debug_file != NULL && ldap_debug_fd == -1)
     {
@ -292,6 +244,3 @@ index 2893b82..9530d9d 100644
                                  S_IRUSR | S_IWUSR)) < 0)
         log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file,
                    strerror (errno));
 -- 
 2.1.4
--- a/0011-Fixed-linux-interface-discovery-using-getifaddrs.patch
+++ b/0011-Fixed-linux-interface-discovery-using-getifaddrs.patch
@ -1,110 +0,0 @@
 From bd50ec560d7bec064190e4d430c066e170732c0e Mon Sep 17 00:00:00 2001
 From: Marius Tomaschewski <mt@suse.de>
 Date: Tue, 27 Nov 2012 17:44:06 +0100
 Subject: [PATCH] Fixed linux interface discovery using getifaddrs
 References: bnc#791289,[ISC-Bugs #31992]
 Unlike dhcp 3.x, dhcp 4.x scans interfaces from /proc/net/dev,
 which provides only true interface names. When the address set
 on the interface has a label assigned (linux 2.0 alias interface
 compatibility), then the SIOCGIFADDR requires the label / alias
 name as argument instead of the interface name to return this
 address. When this is the only address assigned to an interface,
 dhcp-server is unable to find any address and fails to start.
 Changed to use getifaddrs() function, which retrieves all IP
 addresses on linux systems and is available since GLIBC 2.3.
 ---
 common/discover.c | 51 ++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 44 insertions(+), 7 deletions(-)
 diff --git a/common/discover.c b/common/discover.c
 index 4463178..c48d67b 100644
 --- a/common/discover.c
 +++ b/common/discover.c
@@ -373,7 +373,7 @@ end_iface_scan(struct iface_conf_list *ifaces) {
 	ifaces->sock = -1;
 }
 -#elif __linux /* !HAVE_SIOCGLIFCONF */
 +#elif __linux && !(defined(__GNUC_PREREQ) && __GNUC_PREREQ(2,3)) /* !HAVE_SIOCGLIFCONF */
 /* 
  * Linux support
  * -------------
@@ -382,6 +382,14 @@ end_iface_scan(struct iface_conf_list *ifaces) {
  * about interfaces, along with selected ioctl() calls.
  *
  * Linux low level access is documented in the netdevice man page.
 + *
 + * Note: Use getifaddrs instead
 + *   Unfortunately this discover discards all interfaces where the
 + *   only address has a label assigned (linux 2.0 alias interface
 + *   compatibility) as the SIOCGIFADDR requires the the alias name
 + *   (eth0:0) in ifr_name to fetch the address and /proc/net/dev
 + *   on linux > 2.0 lists only the interface names (eth0) without
 + *   any aliases.
  */
 /* 
@@ -755,11 +763,11 @@ end_iface_scan(struct iface_conf_list *ifaces) {
 #else
 /* 
 - * BSD support
 - * -----------
 + * BSD & Linux support
 + * -------------------
  *
  * FreeBSD, NetBSD, OpenBSD, and OS X all have the getifaddrs() 
 - * function.
 + * function. Linux has it since glibc 2.3.
  *
  * The getifaddrs() man page describes the use.
  */
@@ -817,10 +825,39 @@ next_iface(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
 		return 0;
 	}
 	memset(info, 0, sizeof(struct iface_info));
 -	strncpy(info->name, ifaces->next->ifa_name, sizeof(info->name) - 1);
 -	memcpy(&info->addr, ifaces->next->ifa_addr, 
 -	       ifaces->next->ifa_addr->sa_len);
 +	info->addr.ss_family = AF_UNSPEC;
 	info->flags = ifaces->next->ifa_flags;
 +#ifdef __linux
 +	if (strchr(ifaces->next->ifa_name, ':')) {
 +		/*
 +		 * the name contains a ':', which may
 +		 * be a IPv4 "alias interface" label;
 +		 * resolve to the true interface name
 +		 */
 +		if_indextoname(if_nametoindex(ifaces->next->ifa_name),
 +				info->name);
 +	} else {
 +		strncpy(info->name, ifaces->next->ifa_name, sizeof(info->name) - 1);
 +	}
 +
 +	if (ifaces->next->ifa_addr != NULL) {
 +		if (ifaces->next->ifa_addr->sa_family == AF_INET) {
 +			memcpy(&info->addr, ifaces->next->ifa_addr,
 +					sizeof(struct sockaddr_in));
 +		} else
 +		if (ifaces->next->ifa_addr->sa_family == AF_INET6) {
 +			memcpy(&info->addr, ifaces->next->ifa_addr,
 +					sizeof(struct sockaddr_in6));
 +		}
 +		/* else e.g. AF_PACKET / link layer address  */
 +	}
 +#else
 +	strncpy(info->name, ifaces->next->ifa_name, sizeof(info->name) - 1);
 +	if (ifaces->next->ifa_addr != NULL) {
 +		memcpy(&info->addr, ifaces->next->ifa_addr,
 +		       ifaces->next->ifa_addr->sa_len);
 +	}
 +#endif
 	ifaces->next = ifaces->next->ifa_next;
 	*err = 0;
 	return 1;
 -- 
 2.13.1
--- a/0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch
+++ b/0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch
@ -9,11 +9,9 @@ and format timestamps as long to not break them on 64bit archs.
 References: bsc#926159
-diff --git a/client/dhc6.c b/client/dhc6.c
+--- client/dhc6.c.orig
-index bec1c87..e4a85fc 100644
+++ client/dhc6.c
--- a/client/dhc6.c
+@@ -4344,8 +4344,8 @@ dhc6_marshall_values(const char *prefix,
 +++ b/client/dhc6.c
@@ -3877,8 +3877,8 @@ dhc6_marshall_values(const char *prefix, struct client_state *client,
 			client_envadd(client, prefix,
 				      "ip6_type", "temporary");
 		}
@ -24,7 +22,7 @@ index bec1c87..e4a85fc 100644
 		client_envadd(client, prefix, "preferred_life", "%u",
 			      addr->preferred_life);
 		client_envadd(client, prefix, "max_life", "%u",
-@@ -3889,8 +3889,8 @@ dhc6_marshall_values(const char *prefix, struct client_state *client,
+@@ -4356,8 +4356,8 @@ dhc6_marshall_values(const char *prefix,
 	if (ia != NULL) {
 		client_envadd(client, prefix, "iaid", "%s",
 			      print_hex_1(4, ia->iaid, 12));
@ -35,11 +33,9 @@ index bec1c87..e4a85fc 100644
 		client_envadd(client, prefix, "renew", "%u", ia->renew);
 		client_envadd(client, prefix, "rebind", "%u", ia->rebind);
 	}
-diff --git a/client/dhclient.c b/client/dhclient.c
+--- client/dhclient.c.orig
-index 2eb28db..4d7394d 100644
+++ client/dhclient.c
--- a/client/dhclient.c
+@@ -3708,13 +3708,13 @@ write_client6_lease(struct client_state
 +++ b/client/dhclient.c
@@ -3119,13 +3119,13 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease,
 			return ISC_R_IOERROR;
 		if (ia->ia_type != D6O_IA_TA)
@ -57,7 +53,7 @@ index 2eb28db..4d7394d 100644
 		if (stat <= 0)
 			return ISC_R_IOERROR;
-@@ -3142,10 +3142,10 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease,
+@@ -3731,10 +3731,10 @@ write_client6_lease(struct client_state
 			if (stat <= 0)
 				return ISC_R_IOERROR;
@ -70,15 +66,3 @@ index 2eb28db..4d7394d 100644
 				       addr->max_life);
 			if (stat <= 0)
 				return ISC_R_IOERROR;
@@ -3519,7 +3519,7 @@ void script_write_params (client, prefix, lease)
 				      universes [i],
 				      &es, client_option_envadd);
 	}
 -	client_envadd (client, prefix, "expiry", "%d", (int)(lease -> expiry));
 +	client_envadd (client, prefix, "expiry", "%ld", (long)(lease -> expiry));
 }
 /*
 -- 
 2.1.4
--- a/0016-infiniband-support.patch
+++ b/0016-infiniband-support.patch
@ -49,10 +49,8 @@ Date:   Tue Mar 25 23:15:58 2014 +0200
    References: bnc#870535
-diff --git a/client/dhclient.c b/client/dhclient.c
+--- client/dhclient.c.orig
-index 3f2f8b2..40d9fe0 100644
+++ client/dhclient.c
 --- a/client/dhclient.c
 +++ b/client/dhclient.c
@@ -71,6 +71,40 @@ int std_dhcid = 0;
    assert (state_is == state_shouldbe). */
 #define ASSERT_STATE(state_is, state_shouldbe) {}
@ -92,9 +90,9 @@ index 3f2f8b2..40d9fe0 100644
 +}
 +
 #ifndef UNIT_TEST
- static const char copyright[] = "Copyright 2004-2016 Internet Systems Consortium.";
+ static const char copyright[] = "Copyright 2004-2018 Internet Systems Consortium.";
 static const char arr [] = "All rights reserved.";
-@@ -756,6 +790,26 @@ main(int argc, char **argv) {
+@@ -767,6 +801,26 @@ main(int argc, char **argv) {
 		}
 	}
@ -121,7 +119,7 @@ index 3f2f8b2..40d9fe0 100644
 	/* At this point, all the interfaces that the script thinks
 	   are relevant should be running, so now we once again call
 	   discover_interfaces(), and this time ask it to actually set
-@@ -770,19 +824,42 @@ main(int argc, char **argv) {
+@@ -781,19 +835,42 @@ main(int argc, char **argv) {
 	   Not much entropy, but we're booting, so we're not likely to
 	   find anything better. */
 	seed = 0;
@ -166,7 +164,7 @@ index 3f2f8b2..40d9fe0 100644
 	 */
 	if ((local_family == AF_INET6) ||
 	    ((local_family == AF_INET) && (duid_v4 == 1))) {
-@@ -793,6 +870,20 @@ main(int argc, char **argv) {
+@@ -804,6 +881,20 @@ main(int argc, char **argv) {
 			form_duid(&default_duid, MDL);
 			write_duid(&default_duid);
 		}
@ -187,7 +185,7 @@ index 3f2f8b2..40d9fe0 100644
 	}
 #if defined(DHCPv6) && defined(DHCP4o6)
-@@ -1282,15 +1373,22 @@ void dhcpack (packet)
+@@ -1293,15 +1384,22 @@ void dhcpack (packet)
 		if (client -> xid == packet -> raw -> xid)
 			break;
 	}
@ -215,7 +213,7 @@ index 3f2f8b2..40d9fe0 100644
 	}
 	if (client -> state != S_REBOOTING &&
-@@ -1303,7 +1401,7 @@ void dhcpack (packet)
+@@ -1314,7 +1412,7 @@ void dhcpack (packet)
 		return;
 	}
@ -224,7 +222,7 @@ index 3f2f8b2..40d9fe0 100644
 	lease = packet_to_lease (packet, client);
 	if (!lease) {
-@@ -1951,15 +2049,21 @@ void dhcpoffer (packet)
+@@ -1969,15 +2067,21 @@ void dhcpoffer (packet)
 	/* If we're not receptive to an offer right now, or if the offer
 	   has an unrecognizable transaction id, then just drop it. */
 	if (!client ||
@ -251,7 +249,7 @@ index 3f2f8b2..40d9fe0 100644
 	}
 	sprintf (obuf, "%s from %s", name, piaddr (packet -> client_addr));
-@@ -2197,11 +2301,11 @@ void dhcpnak (packet)
+@@ -2215,11 +2319,11 @@ void dhcpnak (packet)
 	/* If we're not receptive to an offer right now, or if the offer
 	   has an unrecognizable transaction id, then just drop it. */
@ -268,7 +266,7 @@ index 3f2f8b2..40d9fe0 100644
 #if defined (DEBUG)
 		log_debug ("DHCPNAK in wrong transaction.");
 #endif
-@@ -2216,9 +2320,15 @@ void dhcpnak (packet)
+@@ -2234,9 +2338,15 @@ void dhcpnak (packet)
 		log_debug ("DHCPNAK in wrong state.");
 #endif
 		return;
@ -285,7 +283,7 @@ index 3f2f8b2..40d9fe0 100644
 	if (!client -> active) {
 #if defined (DEBUG)
-@@ -2351,11 +2461,11 @@ void send_discover (cpp)
+@@ -2369,11 +2479,11 @@ void send_discover (cpp)
 			  (long)(client -> interval));
 	} else
 #endif
@ -302,7 +300,7 @@ index 3f2f8b2..40d9fe0 100644
 	/* Send out a packet. */
 #if defined(DHCPv6) && defined(DHCP4o6)
 	if (dhcpv4_over_dhcpv6) {
-@@ -2639,10 +2749,10 @@ void send_request (cpp)
+@@ -2664,10 +2774,10 @@ void send_request (cpp)
 		log_info ("DHCPREQUEST");
 	} else
 #endif
@ -315,7 +313,7 @@ index 3f2f8b2..40d9fe0 100644
 #if defined(DHCPv6) && defined(DHCP4o6)
 	if (dhcpv4_over_dhcpv6) {
-@@ -2699,10 +2809,10 @@ void send_decline (cpp)
+@@ -2724,10 +2834,10 @@ void send_decline (cpp)
 		log_info ("DHCPDECLINE");
 	} else
 #endif
@ -328,7 +326,7 @@ index 3f2f8b2..40d9fe0 100644
 	/* Send out a packet. */
 #if defined(DHCPv6) && defined(DHCP4o6)
-@@ -2761,10 +2871,10 @@ void send_release (cpp)
+@@ -2786,10 +2896,10 @@ void send_release (cpp)
 		log_info ("DHCPRELEASE");
 	} else
 #endif
@ -341,7 +339,7 @@ index 3f2f8b2..40d9fe0 100644
 #if defined(DHCPv6) && defined(DHCP4o6)
 	if (dhcpv4_over_dhcpv6) {
-@@ -3041,10 +3151,17 @@ make_client_options(struct client_state *client, struct client_lease *lease,
+@@ -3066,10 +3176,17 @@ make_client_options(struct client_state
 	 * This can be overridden by including a client id in the configuration
 	 * file.
 	 */
@ -360,7 +358,7 @@ index 3f2f8b2..40d9fe0 100644
 		memset(&client_identifier, 0, sizeof(client_identifier));
 		client_identifier.len = 1 + 4 + default_duid.len;
 		if (!buffer_allocate(&client_identifier.buffer,
-@@ -3135,12 +3252,13 @@ void make_discover (client, lease)
+@@ -3160,12 +3277,13 @@ void make_discover (client, lease)
 	client -> packet.op = BOOTREQUEST;
 	client -> packet.htype = client -> interface -> hw_address.hbuf [0];
 	/* Assumes hw_address is known, otherwise a random value may result */
@ -376,7 +374,7 @@ index 3f2f8b2..40d9fe0 100644
 		client -> packet.flags = 0;
 	else
 		client -> packet.flags = htons (BOOTP_BROADCAST);
-@@ -3152,7 +3270,7 @@ void make_discover (client, lease)
+@@ -3177,7 +3295,7 @@ void make_discover (client, lease)
 	memset (&(client -> packet.siaddr),
 		0, sizeof client -> packet.siaddr);
 	client -> packet.giaddr = giaddr;
@ -385,7 +383,7 @@ index 3f2f8b2..40d9fe0 100644
 	    memcpy (client -> packet.chaddr,
 		    &client -> interface -> hw_address.hbuf [1],
 		    (unsigned)(client -> interface -> hw_address.hlen - 1));
-@@ -3209,7 +3327,8 @@ void make_request (client, lease)
+@@ -3234,7 +3352,8 @@ void make_request (client, lease)
 	client -> packet.op = BOOTREQUEST;
 	client -> packet.htype = client -> interface -> hw_address.hbuf [0];
 	/* Assumes hw_address is known, otherwise a random value may result */
@ -395,7 +393,7 @@ index 3f2f8b2..40d9fe0 100644
 	client -> packet.hops = 0;
 	client -> packet.xid = client -> xid;
 	client -> packet.secs = 0; /* Filled in by send_request. */
-@@ -3241,7 +3360,7 @@ void make_request (client, lease)
+@@ -3266,7 +3385,7 @@ void make_request (client, lease)
 	else
 		memset (&client -> packet.giaddr, 0,
 			sizeof client -> packet.giaddr);
@ -404,7 +402,7 @@ index 3f2f8b2..40d9fe0 100644
 	    memcpy (client -> packet.chaddr,
 		    &client -> interface -> hw_address.hbuf [1],
 		    (unsigned)(client -> interface -> hw_address.hlen - 1));
-@@ -3284,7 +3403,8 @@ void make_decline (client, lease)
+@@ -3309,7 +3428,8 @@ void make_decline (client, lease)
 	client -> packet.op = BOOTREQUEST;
 	client -> packet.htype = client -> interface -> hw_address.hbuf [0];
 	/* Assumes hw_address is known, otherwise a random value may result */
@ -414,7 +412,7 @@ index 3f2f8b2..40d9fe0 100644
 	client -> packet.hops = 0;
 	client -> packet.xid = client -> xid;
 	client -> packet.secs = 0; /* Filled in by send_request. */
-@@ -3301,9 +3421,10 @@ void make_decline (client, lease)
+@@ -3326,9 +3446,10 @@ void make_decline (client, lease)
 	memset (&client -> packet.siaddr, 0,
 		sizeof client -> packet.siaddr);
 	client -> packet.giaddr = giaddr;
@ -428,7 +426,7 @@ index 3f2f8b2..40d9fe0 100644
 #ifdef DEBUG_PACKET
 	dump_raw ((unsigned char *)&client -> packet, client -> packet_length);
-@@ -3346,7 +3467,8 @@ void make_release (client, lease)
+@@ -3371,7 +3492,8 @@ void make_release (client, lease)
 	client -> packet.op = BOOTREQUEST;
 	client -> packet.htype = client -> interface -> hw_address.hbuf [0];
 	/* Assumes hw_address is known, otherwise a random value may result */
@ -438,7 +436,7 @@ index 3f2f8b2..40d9fe0 100644
 	client -> packet.hops = 0;
 	client -> packet.xid = random ();
 	client -> packet.secs = 0;
-@@ -3358,9 +3480,10 @@ void make_release (client, lease)
+@@ -3383,9 +3505,10 @@ void make_release (client, lease)
 	memset (&client -> packet.siaddr, 0,
 		sizeof client -> packet.siaddr);
 	client -> packet.giaddr = giaddr;
@ -452,7 +450,7 @@ index 3f2f8b2..40d9fe0 100644
 #ifdef DEBUG_PACKET
 	dump_raw ((unsigned char *)&client -> packet, client -> packet_length);
-@@ -3513,17 +3636,13 @@ write_options(struct client_state *client, struct option_state *options,
+@@ -3538,17 +3661,13 @@ write_options(struct client_state *clien
  * is not how it is intended.  Upcoming rearchitecting the client should
  * address this "one daemon model."
  */
@ -473,7 +471,7 @@ index 3f2f8b2..40d9fe0 100644
 		log_fatal("Impossible condition at %s:%d.", MDL);
 	if ((ip->hw_address.hlen == 0) ||
-@@ -3573,6 +3692,13 @@ form_duid(struct data_string *duid, const char *file, int line)
+@@ -3598,6 +3717,13 @@ form_duid(struct data_string *duid, cons
 	}
 }
@ -487,7 +485,7 @@ index 3f2f8b2..40d9fe0 100644
 /* Write the default DUID to the lease store. */
 static isc_result_t
 write_duid(struct data_string *duid)
-@@ -4946,7 +5072,8 @@ client_dns_update(struct client_state *client, dhcp_ddns_cb_t *ddns_cb)
+@@ -5020,7 +5146,8 @@ client_dns_update(struct client_state *c
 					  NULL, client,
 					  client->sent_options, NULL,
 					  &global_scope, oc, MDL)) {
@ -497,10 +495,8 @@ index 3f2f8b2..40d9fe0 100644
 			    (client_identifier.data[0] == 255)) {
 				/*
 				 * This appears to be an embedded DUID,
-diff --git a/common/bpf.c b/common/bpf.c
+--- common/bpf.c.orig
-index 34bbd5b..c415c22 100644
+++ common/bpf.c
 --- a/common/bpf.c
 +++ b/common/bpf.c
@@ -116,7 +116,7 @@ int if_register_bpf (info)
 		log_fatal ("Can't attach interface %s to bpf device %s: %m",
 		       info -> name, filename);
@ -566,11 +562,9 @@ index 34bbd5b..c415c22 100644
 	struct ifaddrs *ifa;
 	struct ifaddrs *p;
 	struct sockaddr_dl *sa;
-diff --git a/common/discover.c b/common/discover.c
+--- common/discover.c.orig
-index c48d67b..969ee3e 100644
+++ common/discover.c
--- a/common/discover.c
+@@ -881,7 +881,7 @@ discover_interfaces(int state) {
 +++ b/common/discover.c
@@ -1280,7 +1280,7 @@ discover_interfaces(int state) {
 				if_register_send(tmp);
 			} else {
 				/* get_hw_addr() was called by register. */
@ -579,7 +573,7 @@ index c48d67b..969ee3e 100644
 			}
 			break;
 #ifdef DHCPv6
-@@ -1293,7 +1293,7 @@ discover_interfaces(int state) {
+@@ -894,7 +894,7 @@ discover_interfaces(int state) {
 				   so now we have to call it explicitly
 				   to not leave the hardware address unknown
 				   (some code expects it cannot be. */
@ -588,10 +582,8 @@ index c48d67b..969ee3e 100644
 			} else {
 				if_register_linklocal6(tmp);
 			}
-diff --git a/common/dlpi.c b/common/dlpi.c
+--- common/dlpi.c.orig
-index 1014e29..3e6a3d3 100644
+++ common/dlpi.c
 --- a/common/dlpi.c
 +++ b/common/dlpi.c
@@ -1339,7 +1339,9 @@ void maybe_setup_fallback ()
 #endif /* USE_DLPI_SEND */
@ -603,10 +595,8 @@ index 1014e29..3e6a3d3 100644
 	int sock, unit;
 	long buf[DLPI_MAXDLBUF];
         union DL_primitives *dlp;
-diff --git a/common/lpf.c b/common/lpf.c
+--- common/lpf.c.orig
-index 123790d..943d679 100644
+++ common/lpf.c
 --- a/common/lpf.c
 +++ b/common/lpf.c
@@ -47,12 +47,22 @@
 #include <sys/ioctl.h>
 #include <sys/socket.h>
@ -803,7 +793,7 @@ index 123790d..943d679 100644
 ssize_t send_packet (interface, packet, raw, len, from, to, hto)
 	struct interface_info *interface;
 	struct packet *packet;
-@@ -335,6 +445,10 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto)
+@@ -335,6 +445,10 @@ ssize_t send_packet (interface, packet,
 		return send_fallback (interface, packet, raw,
 				      len, from, to, hto);
@ -814,7 +804,7 @@ index 123790d..943d679 100644
 	if (hto == NULL && interface->anycast_mac_addr.hlen)
 		hto = &interface->anycast_mac_addr;
-@@ -439,7 +553,15 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
+@@ -439,7 +553,15 @@ ssize_t receive_packet (interface, buf,
 	bufix = 0;
 	/* Decode the physical header... */
@ -894,7 +884,7 @@ index 123790d..943d679 100644
 			break;
 		case ARPHRD_IEEE802:
 #ifdef ARPHRD_IEEE802_TR
-@@ -541,18 +674,37 @@ get_hw_addr(const char *name, struct hardware *hw) {
+@@ -541,18 +674,37 @@ get_hw_addr(const char *name, struct har
 #endif /* ARPHRD_IEEE802_TR */
 			hw->hlen = 7;
 			hw->hbuf[0] = HTYPE_IEEE802;
@ -936,10 +926,8 @@ index 123790d..943d679 100644
 +	freeifaddrs(ifaddrs);
 }
 #endif
-diff --git a/common/print.c b/common/print.c
+--- common/print.c.orig
-index ce368c4..7dd9f52 100644
+++ common/print.c
 --- a/common/print.c
 +++ b/common/print.c
@@ -173,11 +173,11 @@ char *print_hw_addr (htype, hlen, data)
 	const int hlen;
 	const unsigned char *data;
@ -954,11 +942,9 @@ index ce368c4..7dd9f52 100644
 		habuf [0] = 0;
 	else {
 		s = habuf;
-diff --git a/common/socket.c b/common/socket.c
+--- common/socket.c.orig
-index e8851b4..2c6fb1c 100644
+++ common/socket.c
--- a/common/socket.c
+@@ -331,7 +331,7 @@ void if_register_send (info)
 +++ b/common/socket.c
@@ -328,7 +328,7 @@ void if_register_send (info)
 	info->wfdesc = if_register_socket(info, AF_INET, 0, NULL);
 	/* If this is a normal IPv4 address, get the hardware address. */
 	if (strcmp(info->name, "fallback") != 0)
@ -967,7 +953,7 @@ index e8851b4..2c6fb1c 100644
 #if defined (USE_SOCKET_FALLBACK)
 	/* Fallback only registers for send, but may need to receive as
 	   well. */
-@@ -391,7 +391,7 @@ void if_register_receive (info)
+@@ -394,7 +394,7 @@ void if_register_receive (info)
 #endif /* IP_PKTINFO... */
 	/* If this is a normal IPv4 address, get the hardware address. */
 	if (strcmp(info->name, "fallback") != 0)
@ -976,7 +962,7 @@ index e8851b4..2c6fb1c 100644
 	if (!quiet_interface_discovery)
 		log_info ("Listening on Socket/%s%s%s",
-@@ -505,7 +505,7 @@ if_register6(struct interface_info *info, int do_multicast) {
+@@ -508,7 +508,7 @@ if_register6(struct interface_info *info
 	if (req_multi)
 		if_register_multicast(info);
@ -985,7 +971,7 @@ index e8851b4..2c6fb1c 100644
 	if (!quiet_interface_discovery) {
 		if (info->shared_network != NULL) {
-@@ -561,7 +561,7 @@ if_register_linklocal6(struct interface_info *info) {
+@@ -564,7 +564,7 @@ if_register_linklocal6(struct interface_
 	info->rfdesc = sock;
 	info->wfdesc = sock;
@ -994,7 +980,7 @@ index e8851b4..2c6fb1c 100644
 	if (!quiet_interface_discovery) {
 		if (info->shared_network != NULL) {
-@@ -1145,7 +1145,9 @@ void maybe_setup_fallback ()
+@@ -1148,7 +1148,9 @@ void maybe_setup_fallback ()
 #if defined(sun) && defined(USE_V4_PKTINFO)
 /* This code assumes the existence of SIOCGLIFHWADDR */
 void
@ -1005,10 +991,8 @@ index e8851b4..2c6fb1c 100644
 	struct sockaddr_dl *dladdrp;
 	int sock, i;
 	struct lifreq lifr;
-diff --git a/includes/dhcpd.h b/includes/dhcpd.h
+--- includes/dhcpd.h.orig
-index fa7d6fb..e55309e 100644
+++ includes/dhcpd.h
 --- a/includes/dhcpd.h
 +++ b/includes/dhcpd.h
@@ -1345,6 +1345,7 @@ struct interface_info {
 	struct shared_network *shared_network;
 				/* Networks connected to this interface. */
@ -1017,7 +1001,7 @@ index fa7d6fb..e55309e 100644
 	struct in_addr *addresses;	/* Addresses associated with this
 					 * interface.
 					 */
-@@ -2583,7 +2584,7 @@ void print_dns_status (int, struct dhcp_ddns_cb *, isc_result_t);
+@@ -2584,7 +2585,7 @@ void print_dns_status (int, struct dhcp_
 #endif
 const char *print_time(TIME);
@ -1026,11 +1010,9 @@ index fa7d6fb..e55309e 100644
 char *buf_to_hex (const unsigned char *s, unsigned len,
                    const char *file, int line);
 char *format_lease_id(const unsigned char *s, unsigned len, int format,
-diff --git a/server/dhcp.c b/server/dhcp.c
+--- server/dhcp.c.orig
-index c9b3632..effa9b1 100644
+++ server/dhcp.c
--- a/server/dhcp.c
+@@ -1991,11 +1991,12 @@ void echo_client_id(packet, lease, in_op
 +++ b/server/dhcp.c
@@ -1967,11 +1967,12 @@ void echo_client_id(packet, lease, in_options, out_options)
 	/* Check if echo-client-id is enabled */
 	oc = lookup_option(&server_universe, in_options, SV_ECHO_CLIENT_ID);
@ -1045,7 +1027,7 @@ index c9b3632..effa9b1 100644
 		struct data_string client_id;
 		unsigned int opcode = DHO_DHCP_CLIENT_IDENTIFIER;
-@@ -3766,9 +3767,11 @@ void dhcp_reply (lease)
+@@ -3801,9 +3802,11 @@ void dhcp_reply (lease)
 	} else
 		bufs |= 2; /* XXX */
@ -1060,11 +1042,9 @@ index c9b3632..effa9b1 100644
 	raw.htype = lease -> hardware_addr.hbuf [0];
 	/* See if this is a Microsoft client that NUL-terminates its
-diff --git a/server/dhcpleasequery.c b/server/dhcpleasequery.c
+--- server/dhcpleasequery.c.orig
-index 75a0e72..6207c31 100644
+++ server/dhcpleasequery.c
--- a/server/dhcpleasequery.c
+@@ -299,7 +299,7 @@ dhcpleasequery(struct packet *packet, in
 +++ b/server/dhcpleasequery.c
@@ -299,7 +299,7 @@ dhcpleasequery(struct packet *packet, int ms_nulltp) {
 							  assoc_ips, 
 							  nassoc_ips);
@ -1073,7 +1053,7 @@ index 75a0e72..6207c31 100644
 			if (packet->raw->hlen+1 > sizeof(h.hbuf)) {
 				log_info("%s: hardware length too long, "
-@@ -409,11 +409,13 @@ dhcpleasequery(struct packet *packet, int ms_nulltp) {
+@@ -409,11 +409,13 @@ dhcpleasequery(struct packet *packet, in
 		 * Set the hardware address fields.
 		 */
@ -1091,11 +1071,9 @@ index 75a0e72..6207c31 100644
 		/*
 		 * Set client identifier option.
-diff --git a/server/mdb.c b/server/mdb.c
+--- server/mdb.c.orig
-index 6af6b63..a143452 100644
+++ server/mdb.c
--- a/server/mdb.c
+@@ -618,6 +618,9 @@ int find_hosts_by_haddr (struct host_dec
 +++ b/server/mdb.c
@@ -618,6 +618,9 @@ int find_hosts_by_haddr (struct host_decl **hp, int htype,
 		return ret;
 #endif
--- a/0019-dhcp-4.2.4-P1-interval.patch
+++ b/0019-dhcp-4.2.4-P1-interval.patch
@ -1,50 +0,0 @@
 commit 9a312e3cd914da2b6f32651c94d1d1d4fb0bf359
 Author: Jiri Popelka <jpopelka@redhat.com>
 Date:   Fri Jul 27 10:00:49 2012 +0200
    isc_time_nowplusinterval() is not safe with 64-bit time_t (#662254, #789601)
 References: bsc#947780, bsc#880984
 Index: dhcp-4.2.4-P2/common/dispatch.c
 ===================================================================
 --- dhcp-4.2.4-P2.orig/common/dispatch.c
 +++ dhcp-4.2.4-P2/common/dispatch.c
@@ -320,7 +320,20 @@ void add_timeout (when, where, what, ref
 	q->next  = timeouts;
 	timeouts = q;
 -	isc_interval_set(&interval, sec & DHCP_SEC_MAX, usec * 1000);
 +	/* isc_time_nowplusinterval() is not safe with 64-bit time_t and will
 +	 * return an error for sufficiently large intervals.  We have to limit
 +	 * the interval to INT_MAX or less to ensure the interval doesn't
 +	 * overflow 32 bits, since the returned isc_time_t fields are
 +	 * 32-bit unsigned ints.
 +	 *
 +	 * HACK: The 9 is a magic number of seconds, since some time may have
 +	 * gone by since the last call to gettimeofday() and the one in
 +	 * isc_time_nowplusinterval().
 +	 */
 +	if (sec > TIME_MAX)
 +		sec = TIME_MAX - 9;
 +
 +	isc_interval_set(&interval, sec, usec * 1000);
 	status = isc_time_nowplusinterval(&expires, &interval);
 	if (status != ISC_R_SUCCESS) {
 		/*
 From: Nirmoy Das <ndas@suse.de>
 Date: Tue, 26 Jan 2016 13:36:28 +0100
 Subject: [PATCH] adjusted interval check
 Index: dhcp-4.3.3/common/dispatch.c
 ===================================================================
 --- dhcp-4.3.3.orig/common/dispatch.c
 +++ dhcp-4.3.3/common/dispatch.c
@@ -349,7 +349,7 @@ void add_timeout (when, where, what, ref
 	 * gone by since the last call to gettimeofday() and the one in
 	 * isc_time_nowplusinterval().
 	 */
 -	if (sec > TIME_MAX)
 +	if (sec > TIME_MAX - 9)
 		sec = TIME_MAX - 9;
 	isc_interval_set(&interval, sec, usec * 1000);
--- a/0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch
+++ b/0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch
@ -7,10 +7,8 @@ year 2038 is EOT only for 32 bit machine. This patch checks
 wordsize and do a proper EOT checking on lease duration. It  
 also fixes integer overflows in the date and time handling code.
-diff --git a/common/parse.c b/common/parse.c
+--- common/parse.c.orig
-index 22e7d58..e9e53a4 100644
+++ common/parse.c
 --- a/common/parse.c
 +++ b/common/parse.c
@@ -939,7 +939,7 @@ TIME
 parse_date_core(cfile)
 	struct parse *cfile;
@ -56,16 +54,14 @@ index 22e7d58..e9e53a4 100644
 		      (year - 69) / 4 +		/* Leap days since '70 */
 		      (mon			/* Days in months this year */
 		       ? months [mon - 1]
-diff --git a/includes/dhcpd.h b/includes/dhcpd.h
+--- includes/dhcpd.h.orig
-index 4270edc..1af4c5b 100644
+++ includes/dhcpd.h
--- a/includes/dhcpd.h
+@@ -1588,7 +1588,7 @@ typedef unsigned char option_mask [16];
 +++ b/includes/dhcpd.h
@@ -1561,7 +1561,7 @@ typedef unsigned char option_mask [16];
 #define DHCPD_LOG_FACILITY	LOG_DAEMON
 #endif
-#define MAX_TIME 0x7fffffff
+ #define INFINITE_TIME	0xffffffff
 -#define MAX_TIME	0x7fffffff
 +#define MAX_TIME LONG_MAX
- #define MIN_TIME 0
+ #define MIN_TIME	0
 #ifdef USE_LOG_PID
--- a/0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
+++ b/0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
@ -1,61 +0,0 @@
 From 1a6b62fe17a42b00fa234d06b6dfde3d03451894 Mon Sep 17 00:00:00 2001
 From: Thomas Markwalder <tmark@isc.org>
 Date: Thu, 7 Dec 2017 11:23:36 -0500
 Subject: [PATCH] [master] Plugs a socket descriptor leak in OMAPI
    Merges in rt46767.
 ---
 RELNOTES         | 5 +++++
 omapip/buffer.c  | 9 +++++++++
 omapip/message.c | 2 +-
 3 files changed, 15 insertions(+), 1 deletion(-)
 diff --git a/RELNOTES b/RELNOTES
 index cf44b3e..d43e7b3 100644
 --- a/RELNOTES
 +++ b/RELNOTES
@@ -919,6 +919,11 @@ by Eric Young (eay@cryptsoft.com).
   and our website for directions on bug submissions.
   [ISC-Bugs #24789]
 +- Plugged a socket descriptor leak in OMAPI, that can occur when there is
 +  data pending to be written to an OMAPI connection, when the connection
 +  is closed by the reader.
 +  [ISc-Bugs #46767]
 +
 			Changes since 4.2.0 (new features)
 - If a client renews before 'dhcp-cache-threshold' percent of its lease
 diff --git a/omapip/buffer.c b/omapip/buffer.c
 index f7fdc32..809034d 100644
 --- a/omapip/buffer.c
 +++ b/omapip/buffer.c
@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
 			omapi_buffer_dereference (&buffer, MDL);
 		}
 	}
 +
 +	/* If we had data left to write when we're told to disconnect,
 +	* we need recall disconnect, now that we're done writing.
 +	* See rt46767. */
 +	if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
 +		omapi_disconnect (h, 1);
 +		return ISC_R_SHUTTINGDOWN;
 +	}
 +
 	return ISC_R_SUCCESS;
 }
 diff --git a/omapip/message.c b/omapip/message.c
 index 59ccdc2..21bcfc3 100644
 --- a/omapip/message.c
 +++ b/omapip/message.c
@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
 }
 #ifdef DEBUG_PROTOCOL
 -static const char *omapi_message_op_name(int op) {
 +const char *omapi_message_op_name(int op) {
 	switch (op) {
 	case OMAPI_OP_OPEN:    return "OMAPI_OP_OPEN";
 	case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
--- a/0022-Optimized-if-and-when-DNS-client-context-and-ports.patch
+++ b/0022-Optimized-if-and-when-DNS-client-context-and-ports.patch
@ -1,306 +0,0 @@
 From df869de2b9f95f14ce4eca142afaf0f1fef29809 Mon Sep 17 00:00:00 2001
 From: Nirmoy Das <ndas@suse.de>
 Date: Thu, 11 Jan 2018 10:20:59 +0100
 Subject: [PATCH] modified for SLES
 From ca22af89996483efd820de0084c964fc336ee7c1 Mon Sep 17 00:00:00 2001
 From: Thomas Markwalder <tmark@isc.org>
 Date: Mon, 19 Jun 2017 14:44:29 -0400
 Subject: [PATCH] [master] Optimized if and when DNS client context and ports
 are initted
    Merges in rt45290.
 ---
 RELNOTES                 |  9 ++++++
 client/dhclient.8        |  5 +--
 client/dhclient.c        |  4 +--
 common/dns.c             | 15 +++++++--
 includes/omapip/isclib.h |  9 +++++-
 omapip/isclib.c          | 80 ++++++++++++++++++++++++++++++------------------
 relay/dhcrelay.c         |  3 +-
 server/dhcpd.8           |  6 ++--
 server/dhcpd.c           | 14 ++++++---
 9 files changed, 100 insertions(+), 45 deletions(-)
 ---
 client/dhclient.8        |  5 +--
 client/dhclient.c        |  4 +--
 common/dns.c             | 15 +++++++--
 includes/omapip/isclib.h |  9 +++++-
 omapip/isclib.c          | 80 ++++++++++++++++++++++++++++++------------------
 relay/dhcrelay.c         |  3 +-
 server/dhcpd.8           |  4 +--
 server/dhcpd.c           | 14 ++++++---
 8 files changed, 90 insertions(+), 44 deletions(-)
 diff --git a/client/dhclient.8 b/client/dhclient.8
 index d9a26b7..8991e16 100644
 --- a/client/dhclient.8
 +++ b/client/dhclient.8
@@ -461,8 +461,9 @@ port will be used for the established connection.
 When DDNS is enabled at compile time (see includes/site.h)
 the client will open both a v4 and a v6 UDP socket on
 -random ports.  These ports are opened even if DDNS is disabled
 -in the configuration file.
 +random ports.  These ports are not opened unless/until the
 +client first attempts to do an update.  If the client is not
 +configured to do updates, the ports will never be opened.
 .PP
 .SH CONFIGURATION
 The syntax of the \fBdhclient.conf(5)\fR file is discussed separately.
 diff --git a/client/dhclient.c b/client/dhclient.c
 index 2804ea8..d3fe751 100644
 --- a/client/dhclient.c
 +++ b/client/dhclient.c
@@ -187,8 +187,8 @@ main(int argc, char **argv) {
 #endif
 	/* Set up the isc and dns library managers */
 -	status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB,
 -				     NULL, NULL);
 +	status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB
 +				     | DHCP_DNS_CLIENT_LAZY_INIT, NULL, NULL);
 	if (status != ISC_R_SUCCESS)
 		log_fatal("Can't initialize context: %s",
 			  isc_result_totext(status));
 diff --git a/common/dns.c b/common/dns.c
 index 0f8be80..2ca4ba8 100644
 --- a/common/dns.c
 +++ b/common/dns.c
@@ -3,8 +3,7 @@
    Domain Name Service subroutines. */
 /*
 - * Copyright (c) 2009-2015 by Internet Systems Consortium, Inc. ("ISC")
 - * Copyright (c) 2004-2007 by Internet Systems Consortium, Inc. ("ISC")
 + * Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 2001-2003 by Internet Software Consortium
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -2151,6 +2150,12 @@ ddns_modify_fwd(dhcp_ddns_cb_t *ddns_cb, const char *file, int line)
 	isc_sockaddrlist_t *zlist = NULL;
 +	/* Creates client context if we need to */
 +	result = dns_client_init();
 +	if (result != ISC_R_SUCCESS) {
 +		return result;
 +	}
 +
 	/* Get a pointer to the clientname to make things easier. */
 	clientname = (unsigned char *)ddns_cb->fwd_name.data;
@@ -2359,6 +2364,12 @@ ddns_modify_ptr(dhcp_ddns_cb_t *ddns_cb, const char *file, int line)
 	unsigned char buf[256];
 	int buflen;
 +	/* Creates client context if we need to */
 +	result = dns_client_init();
 +	if (result != ISC_R_SUCCESS) {
 +		return result;
 +	}
 +
 	/*
 	 * Try to lookup the zone in the zone cache.  As with the forward
 	 * case it's okay if we don't have one, the DNS code will try to
 diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
 index caa388a..e296308 100644
 --- a/includes/omapip/isclib.h
 +++ b/includes/omapip/isclib.h
@@ -3,7 +3,7 @@
    connections to the isc and dns libraries */
 /*
 - * Copyright (c) 2009,2013,2014 by Internet Systems Consortium, Inc. ("ISC")
 + * Copyright (c) 2009-2017 by Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -98,6 +98,10 @@ typedef struct dhcp_context {
 	isc_timermgr_t	*timermgr;
 #if defined (NSUPDATE)
   	dns_client_t    *dnsclient;
 +	int use_local4;
 +	isc_sockaddr_t local4_sockaddr;
 +	int use_local6;
 +	isc_sockaddr_t local6_sockaddr;
 #endif
 } dhcp_context_t;
@@ -125,6 +129,7 @@ isclib_make_dst_key(char          *inname,
 #define DHCP_CONTEXT_PRE_DB  1
 #define DHCP_CONTEXT_POST_DB 2
 +#define DHCP_DNS_CLIENT_LAZY_INIT 4
 isc_result_t dhcp_context_create(int              flags,
 				 struct in_addr  *local4,
 				 struct in6_addr *local6);
@@ -133,4 +138,6 @@ void isclib_cleanup(void);
 void dhcp_signal_handler(int signal);
 extern int shutdown_signal;
 +isc_result_t dns_client_init();
 +
 #endif /* ISCLIB_H */
 diff --git a/omapip/isclib.c b/omapip/isclib.c
 index 13f0d3e..ce86490 100644
 --- a/omapip/isclib.c
 +++ b/omapip/isclib.c
@@ -1,5 +1,5 @@
 /*
 - * Copyright(c) 2009-2010,2013-2014 by Internet Systems Consortium, Inc.("ISC")
 + * Copyright(c) 2009-2017 by Internet Systems Consortium, Inc.("ISC")
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -221,39 +221,24 @@ dhcp_context_create(int flags,
 #if defined (NSUPDATE)
 	if ((flags & DHCP_CONTEXT_POST_DB) != 0) {
 -		isc_sockaddr_t localaddr4, *localaddr4_ptr = NULL;
 -		isc_sockaddr_t localaddr6, *localaddr6_ptr = NULL;
 +		/* Setting addresses only.
 +		 * All real work will be done later on if needed to avoid
 +		 * listening on ddns port if client/server was compiled with
 +		 * ddns support but not using it. */
 		if (local4 != NULL) {
 -			isc_sockaddr_fromin(&localaddr4, local4, 0);
 -			localaddr4_ptr = &localaddr4;
 +			dhcp_gbl_ctx.use_local4 = 1;
 +			isc_sockaddr_fromin(&dhcp_gbl_ctx.local4_sockaddr,
 +					    local4, 0);
 		}
 +
 		if (local6 != NULL) {
 -			isc_sockaddr_fromin6(&localaddr6, local6, 0);
 -			localaddr6_ptr = &localaddr6;
 +			dhcp_gbl_ctx.use_local6 = 1;
 +			isc_sockaddr_fromin6(&dhcp_gbl_ctx.local6_sockaddr,
 +					     local6, 0);
 		}
 -		result = dns_client_createx2(dhcp_gbl_ctx.mctx,
 -					     dhcp_gbl_ctx.actx,
 -					     dhcp_gbl_ctx.taskmgr,
 -					     dhcp_gbl_ctx.socketmgr,
 -					     dhcp_gbl_ctx.timermgr,
 -					     0,
 -					     &dhcp_gbl_ctx.dnsclient,
 -					     localaddr4_ptr,
 -					     localaddr6_ptr);
 -		if (result != ISC_R_SUCCESS)
 -			goto cleanup;
 -
 -		/*
 -		 * If we can't set up the servers we may not be able to
 -		 * do DDNS but we should continue to try and perform
 -		 * our basic functions and let the user sort it out.
 -		 */
 -		result = dhcp_dns_client_setservers();
 -		if (result != ISC_R_SUCCESS) {
 -			log_error("Unable to set resolver from resolv.conf; "
 -				  "startup continuing but DDNS support "
 -				  "may be affected");
 +		if (!(flags & DHCP_DNS_CLIENT_LAZY_INIT)) {
 +			result = dns_client_init();
 		}
 	}
 #endif
@@ -360,3 +345,40 @@ void dhcp_signal_handler(int signal) {
 		(void) isc_app_ctxsuspend(ctx);
 	}
 }
 +
 +isc_result_t dns_client_init() {
 +	isc_result_t result;
 +	if (dhcp_gbl_ctx.dnsclient == NULL) {
 +		result = dns_client_createx2(dhcp_gbl_ctx.mctx,
 +					     dhcp_gbl_ctx.actx,
 +					     dhcp_gbl_ctx.taskmgr,
 +					     dhcp_gbl_ctx.socketmgr,
 +					     dhcp_gbl_ctx.timermgr,
 +					     0,
 +					     &dhcp_gbl_ctx.dnsclient,
 +					     (dhcp_gbl_ctx.use_local4 ?
 +					      &dhcp_gbl_ctx.local4_sockaddr
 +					      : NULL),
 +					     (dhcp_gbl_ctx.use_local6 ?
 +					      &dhcp_gbl_ctx.local6_sockaddr
 +					      : NULL));
 +
 +		if (result != ISC_R_SUCCESS) {
 +			log_error("Unable to create DNS client context:"
 +				  " result: %d", result);
 +			return result;
 +		}
 +
 +		/* If we can't set up the servers we may not be able to
 +		 * do DDNS but we should continue to try and perform
 +		 * our basic functions and let the user sort it out. */
 +		result = dhcp_dns_client_setservers();
 +		if (result != ISC_R_SUCCESS) {
 +			log_error("Unable to set resolver from resolv.conf; "
 +				  "startup continuing but DDNS support "
 +				  "may be affected: result %d", result);
 +		}
 +	}
 +
 +	return ISC_R_SUCCESS;
 +}
 diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
 index 9d39fae..3abbe1e 100644
 --- a/relay/dhcrelay.c
 +++ b/relay/dhcrelay.c
@@ -204,8 +204,7 @@ main(int argc, char **argv) {
 #endif	
 	/* Set up the isc and dns library managers */
 -	status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB,
 -				     NULL, NULL);
 +	status = dhcp_context_create(DHCP_CONTEXT_PRE_DB, NULL, NULL);
 	if (status != ISC_R_SUCCESS)
 		log_fatal("Can't initialize context: %s",
 			  isc_result_totext(status));
 diff --git a/server/dhcpd.8 b/server/dhcpd.8
 index bfda639..259b91c 100644
 --- a/server/dhcpd.8
 +++ b/server/dhcpd.8
@@ -358,8 +358,8 @@ port will be used for the established connection.
 When DDNS is enabled at compile time (see includes/site.h)
 the server will open both a v4 and a v6 UDP socket on
 -random ports.  These ports are opened even if DDNS is disabled
 -in the configuration file.
 +random ports, unless DDNS updates are globally disabled by
 +setting ddns-update-style to none in the configuration file.
 .PP
 .SH CONFIGURATION
 The syntax of the dhcpd.conf(5) file is discussed separately.  This
 diff --git a/server/dhcpd.c b/server/dhcpd.c
 index 0f5c640..d7c4456 100644
 --- a/server/dhcpd.c
 +++ b/server/dhcpd.c
@@ -1053,10 +1053,16 @@ void postconf_initialization (int quiet)
 		}
 	}
 -	if (dhcp_context_create(DHCP_CONTEXT_POST_DB, local4_ptr, local6_ptr)
 -	    != ISC_R_SUCCESS)
 -		log_fatal("Unable to complete ddns initialization");
 -
 +	/* Don't init DNS client if update style is none. This avoids
 +	 * listening ports that aren't needed.  We don't use ddns-udpates
 +	 * as that has multiple levels of scope. */
 +	if (ddns_update_style != DDNS_UPDATE_STYLE_NONE) {
 +		if (dhcp_context_create(DHCP_CONTEXT_POST_DB,
 +					local4_ptr, local6_ptr)
 +			!= ISC_R_SUCCESS) {
 +			log_fatal("Unable to complete ddns initialization");
 +		}
 +	}
 #else
 	/* If we don't have support for updates compiled in tell the user */
 	if (ddns_update_style != DDNS_UPDATE_STYLE_NONE) {
 -- 
 2.15.0
--- a/dhcp-4.3.5.tar.gz
+++ b/dhcp-4.3.5.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:eb95936bf15d2393c55dd505bc527d1d4408289cec5a9fa8abb99f7577e7f954
 size 10075147
--- a/dhcp-4.3.5.tar.gz.asc
+++ b/dhcp-4.3.5.tar.gz.asc
@ -1,11 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 iQEcBAABAgAGBQJX8jrBAAoJEG+m68mRGkwCczcH/1lMdlvf2RX+IfNraDTXWmY1
 +MGk51H7aIJDRDFhiLA1f1ht1hIXJB0gnaOdJxLcqQGUiHPQfVZidDz2XxAjr7S2
 VvV6mfHxO1+oPsaFzCEItDqHk/LJcBDgKWC2cvabNfi5Nyq8rR+Zjn0i509DYFBR
 cJYzau7Smse8ZVpUrsdLOtKgNznVPioowqCooiOlzZfYNfKOdwk4z6U8vglLhRL4
 xpfbg373Z78dExeNPqJ97c/tUg2YCnuZGvLfwvI+2Bzrp63TbAnJYB3CnyCj+fS2
 iSH7WACNSqRQoEWxE+vi9kTY0GGVFaonPZSRMT1DKFhBge4TdMCm2STIIOJiPFw=
 =xG2q
 -----END PGP SIGNATURE-----
--- a/dhcp-4.3.6-P1.tar.gz
+++ b/dhcp-4.3.6-P1.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:2fd177bef02856f05fe17713ced9bfcc7d94f14c933c15f2f2fbedc9cc57a3c3
 size 10189202
--- a/dhcp-4.3.6-P1.tar.gz.asc
+++ b/dhcp-4.3.6-P1.tar.gz.asc
@ -0,0 +1,17 @@
 -----BEGIN PGP SIGNATURE-----
 Comment: GPGTools - http://gpgtools.org
 iQIzBAABAgAdFiEEvg6XSLcYJToou4n/8bEb8FzwLlcFAlqN9aIACgkQ8bEb8Fzw
 LlfmNQ/+OKtQwHU+ymYE0v/r+Ux1/at5Cob5TSiBx/l7Um26nxvBLVgFO6cfoL6X
 ZVsA56YFHtsMwDBktWirFxAhou6S66W455O6FJJ75NRhZoi/lpvxf2LJLCHp+R21
 XvCMLZ2ZKziIsDRZBbYUifcDT7r65Vvo88ZV4JEJMPC8PLqxvq/OpET2ZRzH17Fl
 xkD4T+mySPGGJI1rodMtpFaFunjWhgXOZC59rscfJmiDkuQR+hH6KF3fnUmaL3wo
 qhlzVD/EX4FP9FLZOsNXlLLq3oAzbwFZ+nq33ubabC000vuktvfpoG2HChWYmuZi
 wxNtuVa2Su8PSeho0FIoJHMhw+QulBUYi/KyJowEGTKqKIEA6cMdnDKQ7emoTEAH
 iUV+qYg+eceaTokDHHsbX/VXlP4fjIsGPWWga3CxFz9li/ld7CcxchIOsWg89/pu
 Zd9kAwtrF4li5EVhy9rfuprpWfUgAL4hEw8CA6xFpFs6dafe6YiESiM5qzN4VxzN
 NC+QzcUzr5r1KBMwyIzoVj1K9ZWEwEur54nCl6sB4crihTW/Acc0co+4DTUOrz9/
 tg4/i3cVyuh8cqjPURgg3+NMvjQCBI5w7kWM+45NOnzieVJYYMZEB/vo8c2xs8mS
 hynQR9Oab2DJZcaSpcAJ0jae7BWM3qQpOdB81D6n2dsRr6tymCQ=
 =1kxC
 -----END PGP SIGNATURE-----
--- a/dhcp.changes
+++ b/dhcp.changes
@ -1,3 +1,79 @@
 -------------------------------------------------------------------
 Thu Mar  8 13:15:16 UTC 2018 - max@suse.com
 - Update to dhcp-4.3.6-P1:
  * CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
  * CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
  * Plugged a socket descriptor leak in OMAPI
  * The server now allows the client identifier (option 61) to own
    leases in more than one subnet concurrently [ISC-Bugs #41358].
  * When replying to a DHCPINFORM, the server will now include
    options specified at the pool scope, provided the ciaddr field
    of the DHCPINFORM is populated.
    [ISC-Bugs #43219] [ISC-Bugs #45051].
  * When memory allocation fails in a repeated way the process
    writes "Run out of memory." on the standard error and exists
    with status 1  [ISC-Bugs #32744].
  * The new lmdb (Lightning Memory DataBase) bind9 configure
    option is now disabled by default to avoid the presence of
    this library to be detected which can lead to a link failure.
    [ISC-Bugs #45069]
  * The linux interface discovery code has been modified to use
    getifaddrs() as is done for BSD and OS-X.
    [ISC-Bugs #28761] and others.
  * Fixed a bug in OMAPI that causes omshell to crash when a
    name-value pair with a zero length value is shipped in an
    object [ISC-Bugs #29108].
  * On 64-bit platforms, dhclient now generates the correct value
    for the script environment variable, "expiry", the lease
    expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
  * Common timer logic was modified to cap the maximum timeout
    values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
  * DHCP6 FQDN option unpacking code now correctly handles values
    that contain spaces, special, or non-printable characters.
    [ISC-Bugs #43592]
  * When running in -6 mode, dhclient can enforce the require
    option statement and will discard offered leases that do not
    contain all the required options specified in the client
    configuration [ISC-Bugs #41473].
  * Altered DHCPv4 lease time calculation to avoid roll over
    errors on 64-bit OS systems when using -1 or large values
    for default-lease-time [ISC-Bugs #41976],
  * Added --dad-wait-time parameter to dhclient [ISC-Bugs #36169].
  * The server nows checks both the address and length of a
    prefix delegation when attempting to match it to a prefix
    pool [ISC-Bugs #35378].
  * Modified DDNS support initialization such that DNS related
    ports will only be opened by the server (dhcpd) at startup
    if ddns-update-style is not "none"; by dhclient only if and
    when the it first attempts an update; and never by dhcrelay.
    [ISC-Bugs #45290] [ISC-Bugs #33377]
  * Added error logging to two memory allocation failure checks.
    [ISC-Bugs #41185]
  * Corrected a dhclient -6 issue that caused the client to crash
    with an "Impossible condition" error after de-preferencing its
    only IA binding [ISC-Bugs #44373].
  * By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h,
    dhclient will now call the script with reason set to FAIL when
    run with -1 (one try) and there are no server responses.
    [ISC-bugs #18183]
  * The server now detects failover peers that are not referenced
    in at least one pool when run with the command line option for
    test mode, -T [ISC-Bugs #29892].
  * Linux script updated [ISC-bugs #19430] [ISC-bugs #18111].
  * Changed severity of the log message indicating UDP checksum
    errors in the received packets from 'info' to 'debug'.
    [ISC-bugs #41757]
  * Corrected a bug which could cause the server to sporadically
    crash while loading lease files with the lease-id-format is
    set to "hex" [ISC-Bugs #43185].
 - Obsoleted patches:
  * 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch
  * 0019-dhcp-4.2.4-P1-interval.patch
  * 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
  * 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch
 -------------------------------------------------------------------
 Fri Jan 19 12:16:47 CET 2018 - ndas@suse.de
--- a/dhcp.spec
+++ b/dhcp.spec
@ -21,7 +21,7 @@
  %define _fillupdir /var/adm/fillup-templates
 %endif
-%define isc_version   4.3.5
+%define isc_version   4.3.6-P1
 %define susefw2dir    %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
 %define omc_prefix    /usr/share/omc
 %define omc_svcdir    %{omc_prefix}/svcinfo.d
@ -94,8 +94,6 @@ Patch8:         0008-dhcp-4.2.2-dhclient-option-checks.patch
 Patch9:         0009-dhcp-4.2.6-close-on-exec.patch
 # PATCH-FIX-OPENSUSE quiet-dhclient bnc#711420
 Patch10:        0010-dhcp-4.2.2-quiet-dhclient.patch
 # PATCH-FIX-UPSTREAM use-getifaddrs bnc#791289,ISC-Bugs#31992
 Patch11:        0011-Fixed-linux-interface-discovery-using-getifaddrs.patch
 # PATCH-FIX-OPENSUSE dhcp-4.2.x-chown-server-leases bnc#868253
 Patch12:        0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch
 # PATCH-FIX-SLE dhcp-4.2.x-dhcpv6-decline-on-DAD-failure bnc#872609
@ -111,10 +109,7 @@ Patch17:        0017-server-no-success-report-before-send.919959.patch
 # PATCH-FIX-SLE client-fail-on-script-pre-init-error bsc#912098
 Patch18:        0018-client-fail-on-script-pre-init-error-bsc-912098.patch
 # PATCH-FIX-SLE dhcp-4.2.4-P1-interval bsc#947780
 Patch19:        0019-dhcp-4.2.4-P1-interval.patch
 Patch20:        0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch
 Patch21:        0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
 Patch22:        0022-Optimized-if-and-when-DNS-client-context-and-ports.patch
 ##
 PreReq:         /bin/touch /sbin/chkconfig sysconfig
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@ -239,20 +234,16 @@ Authors:
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
-%patch9 -p1
+%patch9
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
-%patch14 -p1
+%patch14
 %patch15 -p1
-%patch16 -p1
+%patch16
 %patch17 -p1
 %patch18 -p1
-%patch19 -p1
+%patch20
 %patch20 -p1
 %patch21 -p1
 %patch22 -p1
 ##
 find . -type f -name \*.cat\* -exec rm -f {} \;
 dos2unix contrib/ms2isc/*