From 348f524f0afd9812ab4f3e0fa65be0fa866a4cae3ca0715aab530e40737f6434 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Fri, 21 Nov 2014 11:33:30 +0000 Subject: [PATCH] - Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to reorder config to add all global options or option declarations to the dhcpService object instead to create new service object (bsc#886094,ISC-Bugs#37876). [+ dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch] - Applied an upstream patch by Thomas Markwalder adding missed mapping of SHA TSIG algorithm names to their constants to enable hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512 authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947). [+ dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch] - Decline IPv6 addresses on Duplicate Address Detection failure and stop client message exchanges on reached MRD rather than at some point after it. Applied fedora patches by Jiri Popelka and added DAD reporting via exit 3 to the dhclient-script and a fix to use correct address variables in the DEPREF6 action (bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238). [+ dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, + dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch] - Applied backport patch by William Preston avoiding to bind ddns socket in the server when ddns-update-style is none (bsc#891655). [+ dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch] - Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409]) [+ dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch] - Updated licence statement and FSF address in our scripts. - Added missed service_add_pre macro calls for dhcrelay services OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=141 --- ...dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch | 32 ++ ...-contrib-conf-to-ldap-reorder.886094.patch | 250 +++++++++++++++ ....x-ddns-tsig-hmac-sha-support.890731.patch | 92 ++++++ ...dhcpv6-decline-on-DAD-failure.872609.patch | 255 +++++++++++++++ ...cpv6-retransmission-until-MRD.872609.patch | 57 ++++ ...le-unused-ddns-port-in-server.891655.patch | 292 ++++++++++++++++++ dhclient-script | 97 +++++- dhcp.changes | 30 ++ dhcp.spec | 24 ++ rc.dhcpd | 6 +- rc.dhcpd6 | 3 +- rc.dhcrelay | 16 +- rc.dhcrelay6 | 16 +- 13 files changed, 1150 insertions(+), 20 deletions(-) create mode 100644 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch create mode 100644 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch create mode 100644 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch create mode 100644 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch create mode 100644 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch create mode 100644 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch diff --git a/0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch b/0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch new file mode 100644 index 0000000..ecb6107 --- /dev/null +++ b/0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch @@ -0,0 +1,32 @@ +Index: dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap +=================================================================== +--- dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap ++++ dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap +@@ -486,14 +486,23 @@ sub parse_subclass + $subclass = next_token (0); + parse_error () if !defined ($subclass); + +- $tmp = next_token (0); +- parse_error () if !defined ($tmp); +- parse_error () if !($tmp eq '{'); +- ++ if (substr($subclass,-1) eq ';') { ++ $tmp = ";"; ++ $subclass = substr($subclass,0,-1); ++ } else { ++ $tmp = next_token (0); ++ parse_error () if !defined ($tmp); ++ } ++ parse_error () if !($tmp eq '{' or $tmp eq ';'); + add_dn_to_stack ("cn=$subclass"); + $curentry{'type'} = 'subclass'; + $curentry{'class'} = $class; + $curentry{'subclass'} = $subclass; ++ ++ if ($tmp eq ';') { ++ print_entry () if %curentry; ++ remove_dn_from_stack (); ++ } + } + + diff --git a/0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch b/0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch new file mode 100644 index 0000000..532b2e7 --- /dev/null +++ b/0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch @@ -0,0 +1,250 @@ +Author: Ales Novak +Subject: reorder config entries for ldap tree +References: bsc#886094, ISC-Bugs#37876 +Upstream: sent + +Reorder config to add all global options or option declarations +to the dhcpService object instead to create new service object, +e.g.: + +option opt-one code 1 = text; +class "class-one" { + option opt-one "..."; +}; +option opt-two code 2 = text; +class "class-two" { + option opt-two "..."; +}; + +has to contain both options (declarations) in the dhcpService, +followed by other objects as the dhcpClass objects under the +service in the ldap tree. +--- dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap ++++ dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap +@@ -137,6 +137,7 @@ add_dn_to_stack + local ($dn) = @_; + + $current_dn = "$dn, $current_dn"; ++ $curentry{'current_dn'} = $current_dn; + } + + +@@ -154,6 +155,26 @@ parse_error + exit (1); + } + ++sub ++new_entry ++{ ++ if (%curentry) { ++ $curentry{'current_dn'} = $current_dn; ++ push(@entrystack, {%curentry}); ++ undef(%curentry); ++ } ++} ++ ++sub ++pop_entry ++{ ++ if (%curentry) { ++ push(@outputlist, {%curentry}); ++ } ++ $rentry = pop(@entrystack); ++ %curentry = %$rentry if $rentry; ++} ++ + + sub + print_entry +@@ -167,7 +188,7 @@ print_entry + print "cn: $server\n"; + print "objectClass: top\n"; + print "objectClass: dhcpServer\n"; +- print "dhcpServiceDN: $current_dn\n"; ++ print "dhcpServiceDN: $curentry{'current_dn'}\n"; + if(grep(/FaIlOvEr/i, @use)) + { + foreach my $fo_peer (keys %failover) +@@ -179,7 +200,7 @@ print_entry + } + print "\n"; + +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: $dhcpcn\n"; + print "objectClass: top\n"; + print "objectClass: dhcpService\n"; +@@ -195,7 +216,7 @@ print_entry + } + elsif ($curentry{'type'} eq 'subnet') + { +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: " . $curentry{'ip'} . "\n"; + print "objectClass: top\n"; + print "objectClass: dhcpSubnet\n"; +@@ -215,7 +236,7 @@ print_entry + } + elsif ($curentry{'type'} eq 'shared-network') + { +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: " . $curentry{'descr'} . "\n"; + print "objectClass: top\n"; + print "objectClass: dhcpSharedNetwork\n"; +@@ -226,7 +247,7 @@ print_entry + } + elsif ($curentry{'type'} eq 'group') + { +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: group", $curentry{'idx'}, "\n"; + print "objectClass: top\n"; + print "objectClass: dhcpGroup\n"; +@@ -237,7 +258,7 @@ print_entry + } + elsif ($curentry{'type'} eq 'host') + { +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: " . $curentry{'host'} . "\n"; + print "objectClass: top\n"; + print "objectClass: dhcpHost\n"; +@@ -254,7 +275,7 @@ print_entry + } + elsif ($curentry{'type'} eq 'pool') + { +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: pool", $curentry{'idx'}, "\n"; + print "objectClass: top\n"; + print "objectClass: dhcpPool\n"; +@@ -273,7 +294,7 @@ print_entry + } + elsif ($curentry{'type'} eq 'class') + { +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: " . $curentry{'class'} . "\n"; + print "objectClass: top\n"; + print "objectClass: dhcpClass\n"; +@@ -284,7 +305,7 @@ print_entry + } + elsif ($curentry{'type'} eq 'subclass') + { +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: " . $curentry{'subclass'} . "\n"; + print "objectClass: top\n"; + print "objectClass: dhcpSubClass\n"; +@@ -344,7 +365,7 @@ sub parse_subnet + { + local ($ip, $tmp, $netmask); + +- print_entry () if %curentry; ++ new_entry (); + + $ip = next_token (0); + parse_error () if !defined ($ip); +@@ -374,7 +395,7 @@ sub parse_shared_network + { + local ($descr, $tmp); + +- print_entry () if %curentry; ++ new_entry (); + + $descr = next_token (0); + parse_error () if !defined ($descr); +@@ -393,7 +414,7 @@ sub parse_host + { + local ($descr, $tmp); + +- print_entry () if %curentry; ++ new_entry (); + + $host = next_token (0); + parse_error () if !defined ($host); +@@ -412,7 +433,7 @@ sub parse_group + { + local ($descr, $tmp); + +- print_entry () if %curentry; ++ new_entry (); + + $tmp = next_token (0); + parse_error () if !defined ($tmp); +@@ -435,7 +456,7 @@ sub parse_pool + { + local ($descr, $tmp); + +- print_entry () if %curentry; ++ new_entry (); + + $tmp = next_token (0); + parse_error () if !defined ($tmp); +@@ -458,7 +479,7 @@ sub parse_class + { + local ($descr, $tmp); + +- print_entry () if %curentry; ++ new_entry (); + + $class = next_token (0); + parse_error () if !defined ($class); +@@ -478,7 +499,7 @@ sub parse_subclass + { + local ($descr, $tmp); + +- print_entry () if %curentry; ++ new_entry (); + + $class = next_token (0); + parse_error () if !defined ($class); +@@ -500,7 +521,7 @@ sub parse_subclass + $curentry{'subclass'} = $subclass; + + if ($tmp eq ';') { +- print_entry () if %curentry; ++ pop_entry (); + remove_dn_from_stack (); + } + } +@@ -691,11 +712,11 @@ print STDERR "\n"; + my $token; + my $token_number = 0; + my $line_number = 0; +-my %curentry; + my $cursubnet = ''; + my %curcounter = ( '' => { pool => 0, group => 0 } ); + + $current_dn = "$dhcpdn"; ++$curentry{'current_dn'} = $current_dn; + $curentry{'descr'} = $dhcpcn; + $line = ''; + %failover = (); +@@ -704,7 +725,7 @@ while (($token = next_token (1))) + { + if ($token eq '}') + { +- print_entry () if %curentry; ++ pop_entry (); + if($current_dn =~ /.+?,\s*${dhcpdn}$/) { + # don't go below dhcpdn ... + remove_dn_from_stack (); +@@ -762,6 +783,16 @@ while (($token = next_token (1))) + } + } + ++pop_entry (); ++ ++while ($#outputlist >= 0) { ++ $rentry = pop(@outputlist); ++ if ($rentry) { ++ %curentry = %$rentry; ++ print_entry (); ++ } ++} ++ + close(STDIN) if($i_conf); + close(STDOUT) if($o_ldif); + diff --git a/0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch b/0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch new file mode 100644 index 0000000..7cdd810 --- /dev/null +++ b/0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch @@ -0,0 +1,92 @@ +Author: Thomas Markwalder +Subject: Addes addtional HMAC TSIG algorithms to DDNS +References: bsc#890731, ISC-Bugs#36947 +Upstream: yes + +TSIG-authenticated dynamic DNS updates now support the use of these +additional algorithms: hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384, +and hmac_sha512. [ISC-Bugs #36947] + +RFC4635 updates RFC2845 and mandates hmac-sha1 and hmac-sha256 support. + +diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h +index fc45ef3..a9df110 100644 +--- a/includes/omapip/isclib.h ++++ b/includes/omapip/isclib.h +@@ -104,6 +104,11 @@ extern dhcp_context_t dhcp_gbl_ctx; + #define DHCP_MAXDNS_WIRE 256 + #define DHCP_MAXNS 3 + #define DHCP_HMAC_MD5_NAME "HMAC-MD5.SIG-ALG.REG.INT." ++#define DHCP_HMAC_SHA1_NAME "HMAC-SHA1.SIG-ALG.REG.INT." ++#define DHCP_HMAC_SHA224_NAME "HMAC-SHA224.SIG-ALG.REG.INT." ++#define DHCP_HMAC_SHA256_NAME "HMAC-SHA256.SIG-ALG.REG.INT." ++#define DHCP_HMAC_SHA384_NAME "HMAC-SHA384.SIG-ALG.REG.INT." ++#define DHCP_HMAC_SHA512_NAME "HMAC-SHA512.SIG-ALG.REG.INT." + + isc_result_t dhcp_isc_name(unsigned char *namestr, + dns_fixedname_t *namefix, +diff --git a/omapip/isclib.c b/omapip/isclib.c +index 9b7ff5f..e9cb321 100644 +--- a/omapip/isclib.c ++++ b/omapip/isclib.c +@@ -230,12 +230,24 @@ isclib_make_dst_key(char *inname, + dns_name_t *name; + dns_fixedname_t name0; + isc_buffer_t b; ++ unsigned int algorithm_code; + + isc_buffer_init(&b, secret, length); + isc_buffer_add(&b, length); + +- /* We only support HMAC_MD5 currently */ +- if (strcasecmp(algorithm, DHCP_HMAC_MD5_NAME) != 0) { ++ if (strcasecmp(algorithm, DHCP_HMAC_MD5_NAME) == 0) { ++ algorithm_code = DST_ALG_HMACMD5; ++ } else if (strcasecmp(algorithm, DHCP_HMAC_SHA1_NAME) == 0) { ++ algorithm_code = DST_ALG_HMACSHA1; ++ } else if (strcasecmp(algorithm, DHCP_HMAC_SHA224_NAME) == 0) { ++ algorithm_code = DST_ALG_HMACSHA224; ++ } else if (strcasecmp(algorithm, DHCP_HMAC_SHA256_NAME) == 0) { ++ algorithm_code = DST_ALG_HMACSHA256; ++ } else if (strcasecmp(algorithm, DHCP_HMAC_SHA384_NAME) == 0) { ++ algorithm_code = DST_ALG_HMACSHA384; ++ } else if (strcasecmp(algorithm, DHCP_HMAC_SHA512_NAME) == 0) { ++ algorithm_code = DST_ALG_HMACSHA512; ++ } else { + return(DHCP_R_INVALIDARG); + } + +@@ -244,7 +256,7 @@ isclib_make_dst_key(char *inname, + return(result); + } + +- return(dst_key_frombuffer(name, DST_ALG_HMACMD5, DNS_KEYOWNER_ENTITY, ++ return(dst_key_frombuffer(name, algorithm_code, DNS_KEYOWNER_ENTITY, + DNS_KEYPROTO_DNSSEC, dns_rdataclass_in, + &b, dhcp_gbl_ctx.mctx, dstkey)); + } +diff --git a/server/dhcpd.conf.5 b/server/dhcpd.conf.5 +index e639db6..def7bec 100644 +--- a/server/dhcpd.conf.5 ++++ b/server/dhcpd.conf.5 +@@ -1388,11 +1388,16 @@ dnssec-keygen, the above key would be created as follows: + dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER + .fi + .PP +-If you are using the BIND 8 dnskeygen program, the following command will +-generate a key as seen above: +-.PP ++The key name, algorithm, and secret must match that being used by the DNS ++server. The DHCP server currently supports the following algorithms: + .nf +- dnskeygen -H 128 -u -c -n DHCP_UPDATER ++ ++ HMAC-MD5 ++ HMAC-SHA1 ++ HMAC-SHA224 ++ HMAC-SHA256 ++ HMAC-SHA384 ++ HMAC-SHA512 + .fi + .PP + You may wish to enable logging of DNS updates on your DNS server. diff --git a/0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch b/0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch new file mode 100644 index 0000000..2b268eb --- /dev/null +++ b/0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch @@ -0,0 +1,255 @@ +Author: Jiri Popelka +References: bsc#872609, ISC-Bugs#21237 +Upstream: yes + +If the bound address failed DAD (is found to be in use on the link), +the dhcpv6 client sends a Decline message to the server as described +in section 18.1.7 of RFC-3315 (#559147) +(Submitted to dhcp-bugs@isc.org - [ISC-Bugs #26735]) + +diff --git a/client/dhc6.c b/client/dhc6.c +index 8974e7a..f8ad25d 100644 +--- a/client/dhc6.c ++++ b/client/dhc6.c +@@ -96,6 +96,8 @@ void do_select6(void *input); + void do_refresh6(void *input); + static void do_release6(void *input); + static void start_bound(struct client_state *client); ++static void start_decline6(struct client_state *client); ++static void do_decline6(void *input); + static void start_informed(struct client_state *client); + void informed_handler(struct packet *packet, struct client_state *client); + void bound_handler(struct packet *packet, struct client_state *client); +@@ -2080,6 +2082,7 @@ start_release6(struct client_state *client) + cancel_timeout(do_select6, client); + cancel_timeout(do_refresh6, client); + cancel_timeout(do_release6, client); ++ cancel_timeout(do_decline6, client); + client->state = S_STOPPED; + + /* +@@ -2713,6 +2716,7 @@ dhc6_check_reply(struct client_state *client, struct dhc6_lease *new) + break; + + case S_STOPPED: ++ case S_DECLINED: + action = dhc6_stop_action; + break; + +@@ -2814,6 +2818,7 @@ dhc6_check_reply(struct client_state *client, struct dhc6_lease *new) + break; + + case S_STOPPED: ++ case S_DECLINED: + /* Nothing critical to do at this stage. */ + break; + +@@ -3804,17 +3809,23 @@ reply_handler(struct packet *packet, struct client_state *client) + cancel_timeout(do_select6, client); + cancel_timeout(do_refresh6, client); + cancel_timeout(do_release6, client); ++ cancel_timeout(do_decline6, client); + + /* If this is in response to a Release/Decline, clean up and return. */ +- if (client->state == S_STOPPED) { +- if (client->active_lease == NULL) +- return; ++ if ((client->state == S_STOPPED) || ++ (client->state == S_DECLINED)) { ++ ++ if (client->active_lease != NULL) { ++ dhc6_lease_destroy(&client->active_lease, MDL); ++ client->active_lease = NULL; ++ /* We should never wait for nothing!? */ ++ if (stopping_finished()) ++ exit(0); ++ } ++ ++ if (client->state == S_DECLINED) ++ start_init6(client); + +- dhc6_lease_destroy(&client->active_lease, MDL); +- client->active_lease = NULL; +- /* We should never wait for nothing!? */ +- if (stopping_finished()) +- exit(0); + return; + } + +@@ -4342,7 +4353,11 @@ start_bound(struct client_state *client) + dhc6_marshall_values("new_", client, lease, ia, addr); + script_write_requested6(client); + +- script_go(client); ++ // when script returns 3, DAD failed ++ if (script_go(client) == 3) { ++ start_decline6(client); ++ return; ++ } + } + + /* XXX: maybe we should loop on the old values instead? */ +@@ -4390,6 +4405,149 @@ start_bound(struct client_state *client) + dhc6_check_times(client); + } + ++/* ++ * Decline addresses. ++ */ ++void ++start_decline6(struct client_state *client) ++{ ++ /* Cancel any pending transmissions */ ++ cancel_timeout(do_confirm6, client); ++ cancel_timeout(do_select6, client); ++ cancel_timeout(do_refresh6, client); ++ cancel_timeout(do_release6, client); ++ cancel_timeout(do_decline6, client); ++ client->state = S_DECLINED; ++ ++ if (client->active_lease == NULL) ++ return; ++ ++ /* Set timers per RFC3315 section 18.1.7. */ ++ client->IRT = DEC_TIMEOUT * 100; ++ client->MRT = 0; ++ client->MRC = DEC_MAX_RC; ++ client->MRD = 0; ++ ++ dhc6_retrans_init(client); ++ client->v6_handler = reply_handler; ++ ++ client->refresh_type = DHCPV6_DECLINE; ++ do_decline6(client); ++} ++ ++/* ++ * do_decline6() creates a Decline packet and transmits it. ++ */ ++static void ++do_decline6(void *input) ++{ ++ struct client_state *client; ++ struct data_string ds; ++ int send_ret; ++ struct timeval elapsed, tv; ++ ++ client = input; ++ ++ if ((client->active_lease == NULL) || !active_prefix(client)) ++ return; ++ ++ if ((client->MRC != 0) && (client->txcount > client->MRC)) { ++ log_info("Max retransmission count exceeded."); ++ goto decline_done; ++ } ++ ++ /* ++ * Start_time starts at the first transmission. ++ */ ++ if (client->txcount == 0) { ++ client->start_time.tv_sec = cur_tv.tv_sec; ++ client->start_time.tv_usec = cur_tv.tv_usec; ++ } ++ ++ /* elapsed = cur - start */ ++ elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec; ++ elapsed.tv_usec = cur_tv.tv_usec - client->start_time.tv_usec; ++ if (elapsed.tv_usec < 0) { ++ elapsed.tv_sec -= 1; ++ elapsed.tv_usec += 1000000; ++ } ++ ++ memset(&ds, 0, sizeof(ds)); ++ if (!buffer_allocate(&ds.buffer, 4, MDL)) { ++ log_error("Unable to allocate memory for Decline."); ++ goto decline_done; ++ } ++ ++ ds.data = ds.buffer->data; ++ ds.len = 4; ++ ds.buffer->data[0] = DHCPV6_DECLINE; ++ memcpy(ds.buffer->data + 1, client->dhcpv6_transaction_id, 3); ++ ++ /* Form an elapsed option. */ ++ /* Maximum value is 65535 1/100s coded as 0xffff. */ ++ if ((elapsed.tv_sec < 0) || (elapsed.tv_sec > 655) || ++ ((elapsed.tv_sec == 655) && (elapsed.tv_usec > 350000))) { ++ client->elapsed = 0xffff; ++ } else { ++ client->elapsed = elapsed.tv_sec * 100; ++ client->elapsed += elapsed.tv_usec / 10000; ++ } ++ ++ client->elapsed = htons(client->elapsed); ++ ++ log_debug("XMT: Forming Decline."); ++ make_client6_options(client, &client->sent_options, ++ client->active_lease, DHCPV6_DECLINE); ++ dhcpv6_universe.encapsulate(&ds, NULL, NULL, client, NULL, ++ client->sent_options, &global_scope, ++ &dhcpv6_universe); ++ ++ /* Append IA's (but don't release temporary addresses). */ ++ if (wanted_ia_na && ++ dhc6_add_ia_na(client, &ds, client->active_lease, ++ DHCPV6_DECLINE) != ISC_R_SUCCESS) { ++ data_string_forget(&ds, MDL); ++ goto decline_done; ++ } ++ if (wanted_ia_pd && ++ dhc6_add_ia_pd(client, &ds, client->active_lease, ++ DHCPV6_DECLINE) != ISC_R_SUCCESS) { ++ data_string_forget(&ds, MDL); ++ goto decline_done; ++ } ++ ++ /* Transmit and wait. */ ++ log_info("XMT: Decline on %s, interval %ld0ms.", ++ client->name ? client->name : client->interface->name, ++ (long int)client->RT); ++ ++ send_ret = send_packet6(client->interface, ds.data, ds.len, ++ &DHCPv6DestAddr); ++ if (send_ret != ds.len) { ++ log_error("dhc6: sendpacket6() sent %d of %d bytes", ++ send_ret, ds.len); ++ } ++ ++ data_string_forget(&ds, MDL); ++ ++ /* Wait RT */ ++ tv.tv_sec = cur_tv.tv_sec + client->RT / 100; ++ tv.tv_usec = cur_tv.tv_usec + (client->RT % 100) * 10000; ++ if (tv.tv_usec >= 1000000) { ++ tv.tv_sec += 1; ++ tv.tv_usec -= 1000000; ++ } ++ add_timeout(&tv, do_decline6, client, NULL, NULL); ++ dhc6_retrans_advance(client); ++ return; ++ ++decline_done: ++ dhc6_lease_destroy(&client->active_lease, MDL); ++ client->active_lease = NULL; ++ start_init6(client); ++ return; ++} ++ + /* While bound, ignore packets. In the future we'll want to answer + * Reconfigure-Request messages and the like. + */ +diff --git a/includes/dhcpd.h b/includes/dhcpd.h +index a52992b..0eda51d 100644 +--- a/includes/dhcpd.h ++++ b/includes/dhcpd.h +@@ -1060,7 +1060,8 @@ enum dhcp_state { + S_BOUND = 5, + S_RENEWING = 6, + S_REBINDING = 7, +- S_STOPPED = 8 ++ S_STOPPED = 8, ++ S_DECLINED = 9 + }; + + /* Authentication and BOOTP policy possibilities (not all values work diff --git a/0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch b/0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch new file mode 100644 index 0000000..4ab93e8 --- /dev/null +++ b/0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch @@ -0,0 +1,57 @@ +Author: Jiri Popelka +References: bsc#872609, ISC-Bugs#21238 +Upstream: yes + +In client initiated message exchanges stop retransmission upon +reaching the MRD rather than at some point after it (#559153) +(Submitted to dhcp-bugs@isc.org - [ISC-Bugs #21238]) + +diff --git a/client/dhc6.c b/client/dhc6.c +index f8ad25d..63cbb65 100644 +--- a/client/dhc6.c ++++ b/client/dhc6.c +@@ -365,7 +365,7 @@ dhc6_retrans_init(struct client_state *client) + static void + dhc6_retrans_advance(struct client_state *client) + { +- struct timeval elapsed; ++ struct timeval elapsed, elapsed_after_RT; + + /* elapsed = cur - start */ + elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec; +@@ -382,6 +382,8 @@ dhc6_retrans_advance(struct client_state *client) + elapsed.tv_sec += 1; + elapsed.tv_usec -= 1000000; + } ++ elapsed_after_RT.tv_sec = elapsed.tv_sec; ++ elapsed_after_RT.tv_usec = elapsed.tv_usec; + + /* + * RT for each subsequent message transmission is based on the previous +@@ -419,13 +421,10 @@ dhc6_retrans_advance(struct client_state *client) + elapsed.tv_usec -= 1000000; + } + if (elapsed.tv_sec >= client->MRD) { +- /* +- * wake at RT + cur = start + MRD +- */ +- client->RT = client->MRD + +- (client->start_time.tv_sec - cur_tv.tv_sec); +- client->RT = client->RT * 100 + +- (client->start_time.tv_usec - cur_tv.tv_usec) / 10000; ++ client->RT = client->MRD - elapsed_after_RT.tv_sec; ++ client->RT = client->RT * 100 - elapsed_after_RT.tv_usec / 10000; ++ if (client->RT < 0) ++ client->RT = 0; + } + client->txcount++; + } +@@ -1502,7 +1501,7 @@ check_timing6 (struct client_state *client, u_int8_t msg_type, + } + + /* Check if finished (-1 argument). */ +- if ((client->MRD != 0) && (elapsed.tv_sec > client->MRD)) { ++ if ((client->MRD != 0) && (elapsed.tv_sec >= client->MRD)) { + log_info("Max retransmission duration exceeded."); + return(CHK_TIM_MRD_EXCEEDED); + } diff --git a/0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch b/0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch new file mode 100644 index 0000000..fe73ae9 --- /dev/null +++ b/0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch @@ -0,0 +1,292 @@ +Author: William Preston +Subject: do not bind ddns socket in server when ddns-update-style is none +References: bsc#891655 +Upstream: yes + +backported from commit 61ef216b8dc05bc4245b61eee812038757d12ffe +by Shawn Routhier with changes. + +diff --git a/client/dhclient.c b/client/dhclient.c +index bfa99fb..93f1dfc 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -171,7 +171,7 @@ main(int argc, char **argv) { + #endif + + /* Set up the isc and dns library managers */ +- status = dhcp_context_create(); ++ status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB); + if (status != ISC_R_SUCCESS) + log_fatal("Can't initialize context: %s", + isc_result_totext(status)); +diff --git a/dhcpctl/dhcpctl.c b/dhcpctl/dhcpctl.c +index a4aee7f..2217956 100644 +--- a/dhcpctl/dhcpctl.c ++++ b/dhcpctl/dhcpctl.c +@@ -43,7 +43,7 @@ dhcpctl_status dhcpctl_initialize () + isc_result_t status; + + /* Set up the isc and dns library managers */ +- status = dhcp_context_create(); ++ status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB); + if (status != ISC_R_SUCCESS) + return status; + +diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h +index a9df110..05a18f1 100644 +--- a/includes/omapip/isclib.h ++++ b/includes/omapip/isclib.h +@@ -121,7 +121,9 @@ isclib_make_dst_key(char *inname, + int length, + dst_key_t **dstkey); + +-isc_result_t dhcp_context_create(void); ++#define DHCP_CONTEXT_PRE_DB 1 ++#define DHCP_CONTEXT_POST_DB 2 ++isc_result_t dhcp_context_create(int flags); + void isclib_cleanup(void); + + void dhcp_signal_handler(int signal); +diff --git a/omapip/isclib.c b/omapip/isclib.c +index e9cb321..d833bc9 100644 +--- a/omapip/isclib.c ++++ b/omapip/isclib.c +@@ -87,98 +87,102 @@ handle_signal(int sig, void (*handler)(int)) { + } + + isc_result_t +-dhcp_context_create(void) { ++dhcp_context_create(int flags) { + isc_result_t result; + +- /* +- * Set up the error messages, this isn't the right place +- * for this call but it is convienent for now. +- */ +- result = dhcp_result_register(); +- if (result != ISC_R_SUCCESS) { +- log_fatal("register_table() %s: %u", "failed", result); +- } +- +- memset(&dhcp_gbl_ctx, 0, sizeof (dhcp_gbl_ctx)); ++ if ((flags & DHCP_CONTEXT_PRE_DB) != 0) { ++ /* ++ * Set up the error messages, this isn't the right place ++ * for this call but it is convienent for now. ++ */ ++ result = dhcp_result_register(); ++ if (result != ISC_R_SUCCESS) { ++ log_fatal("register_table() %s: %u", "failed", result); ++ } ++ ++ memset(&dhcp_gbl_ctx, 0, sizeof (dhcp_gbl_ctx)); + +- isc_lib_register(); ++ isc_lib_register(); + +- /* get the current time for use as the random seed */ +- gettimeofday(&cur_tv, (struct timezone *)0); +- isc_random_seed(cur_tv.tv_sec); ++ /* get the current time for use as the random seed */ ++ gettimeofday(&cur_tv, (struct timezone *)0); ++ isc_random_seed(cur_tv.tv_sec); + + #if defined (NSUPDATE) +- result = dns_lib_init(); +- if (result != ISC_R_SUCCESS) +- goto cleanup; ++ result = dns_lib_init(); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++#else ++ /* The dst library is inited as part of dns_lib_init, we don't ++ * need it if NSUPDATE is enabled */ ++ result = dst_lib_init(dhcp_gbl_ctx.mctx, NULL, 0); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; + #endif + +- result = isc_mem_create(0, 0, &dhcp_gbl_ctx.mctx); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- result = isc_appctx_create(dhcp_gbl_ctx.mctx, &dhcp_gbl_ctx.actx); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- result = isc_app_ctxstart(dhcp_gbl_ctx.actx); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- /* +- * Always ignore SIGPIPE. +- * Otherwise we will die before the errno == EPIPE +- * checks in the socket code are reached. +- * +- * Note: unlike isc_app_start(), isc_app_ctxstart() +- * does not set any signal handlers. +- */ +- result = handle_signal(SIGPIPE, SIG_IGN); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- dhcp_gbl_ctx.actx_started = ISC_TRUE; +- +- result = isc_taskmgr_createinctx(dhcp_gbl_ctx.mctx, +- dhcp_gbl_ctx.actx, +- 1, 0, +- &dhcp_gbl_ctx.taskmgr); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- result = isc_socketmgr_createinctx(dhcp_gbl_ctx.mctx, +- dhcp_gbl_ctx.actx, +- &dhcp_gbl_ctx.socketmgr); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- result = isc_timermgr_createinctx(dhcp_gbl_ctx.mctx, +- dhcp_gbl_ctx.actx, +- &dhcp_gbl_ctx.timermgr); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task); +- if (result != ISC_R_SUCCESS) +- goto cleanup; ++ result = isc_mem_create(0, 0, &dhcp_gbl_ctx.mctx); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ ++ result = isc_appctx_create(dhcp_gbl_ctx.mctx, &dhcp_gbl_ctx.actx); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ ++ result = isc_app_ctxstart(dhcp_gbl_ctx.actx); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ ++ /* ++ * Always ignore SIGPIPE. ++ * Otherwise we will die before the errno == EPIPE ++ * checks in the socket code are reached. ++ * ++ * Note: unlike isc_app_start(), isc_app_ctxstart() ++ * does not set any signal handlers. ++ */ ++ result = handle_signal(SIGPIPE, SIG_IGN); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ ++ dhcp_gbl_ctx.actx_started = ISC_TRUE; ++ ++ result = isc_taskmgr_createinctx(dhcp_gbl_ctx.mctx, ++ dhcp_gbl_ctx.actx, ++ 1, 0, ++ &dhcp_gbl_ctx.taskmgr); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ ++ result = isc_socketmgr_createinctx(dhcp_gbl_ctx.mctx, ++ dhcp_gbl_ctx.actx, ++ &dhcp_gbl_ctx.socketmgr); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ ++ result = isc_timermgr_createinctx(dhcp_gbl_ctx.mctx, ++ dhcp_gbl_ctx.actx, ++ &dhcp_gbl_ctx.timermgr); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ ++ result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ } + + #if defined (NSUPDATE) +- result = dns_client_createx(dhcp_gbl_ctx.mctx, +- dhcp_gbl_ctx.actx, +- dhcp_gbl_ctx.taskmgr, +- dhcp_gbl_ctx.socketmgr, +- dhcp_gbl_ctx.timermgr, +- 0, +- &dhcp_gbl_ctx.dnsclient); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +-#else +- /* The dst library is inited as part of dns_lib_init, we don't +- * need it if NSUPDATE is enabled */ +- result = dst_lib_init(dhcp_gbl_ctx.mctx, NULL, 0); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- ++ if ((flags & DHCP_CONTEXT_POST_DB) != 0) { ++ ++ result = dns_client_createx(dhcp_gbl_ctx.mctx, ++ dhcp_gbl_ctx.actx, ++ dhcp_gbl_ctx.taskmgr, ++ dhcp_gbl_ctx.socketmgr, ++ dhcp_gbl_ctx.timermgr, ++ 0, ++ &dhcp_gbl_ctx.dnsclient); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ } + #endif + return(ISC_R_SUCCESS); + +diff --git a/omapip/test.c b/omapip/test.c +index e97a61f..2735716 100644 +--- a/omapip/test.c ++++ b/omapip/test.c +@@ -45,7 +45,7 @@ int main (int argc, char **argv) + omapi_object_t *connection = (omapi_object_t*)0; + isc_result_t status; + +- status = dhcp_context_create(); ++ status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB); + if (status != ISC_R_SUCCESS) { + fprintf(stderr, "Can't initialize context: %s\n", + isc_result_totext(status)); +diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c +index 4ef6737..15e5c46 100644 +--- a/relay/dhcrelay.c ++++ b/relay/dhcrelay.c +@@ -195,7 +195,7 @@ main(int argc, char **argv) { + #endif + + /* Set up the isc and dns library managers */ +- status = dhcp_context_create(); ++ status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB); + if (status != ISC_R_SUCCESS) + log_fatal("Can't initialize context: %s", + isc_result_totext(status)); +diff --git a/server/dhcpd.c b/server/dhcpd.c +index b28c34c..434db00 100644 +--- a/server/dhcpd.c ++++ b/server/dhcpd.c +@@ -281,7 +281,7 @@ main(int argc, char **argv) { + close(fd); + + /* Set up the isc and dns library managers */ +- status = dhcp_context_create(); ++ status = dhcp_context_create(DHCP_CONTEXT_PRE_DB); + if (status != ISC_R_SUCCESS) + log_fatal("Can't initialize context: %s", + isc_result_totext(status)); +@@ -1100,6 +1100,11 @@ void postconf_initialization (int quiet) + if (ddns_update_style == DDNS_UPDATE_STYLE_AD_HOC) { + log_fatal("ddns-update-style ad_hoc no longer supported"); + } ++ ++ if (ddns_update_style != DDNS_UPDATE_STYLE_NONE && dhcp_context_create(DHCP_CONTEXT_POST_DB) ++ != ISC_R_SUCCESS) ++ log_fatal("Unable to complete ddns initialization"); ++ + #else + /* If we don't have support for updates compiled in tell the user */ + if (ddns_update_style != DDNS_UPDATE_STYLE_NONE) { +-- +2.1.2 + diff --git a/dhclient-script b/dhclient-script index af8daf7..14bd43c 100644 --- a/dhclient-script +++ b/dhclient-script @@ -1,6 +1,20 @@ #!/bin/bash # -# Copyright (C) 2010-2014 SUSE LINUX Products GmbH / Novell Inc. +# Copyright (C) 2010-2013 SUSE LINUX Products GmbH / Novell Inc. +# Copyright (C) 2013-2014 SUSE LINUX GmbH +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, see . # # Author: Marius Tomaschewski # @@ -270,10 +284,6 @@ set_ipv4_routes() fi fi } -set_ipv6_routes() -{ - : TODO -} set_hostname() { rx_host='^[[:alnum:]][[:alnum:]_-]{0,62}$' @@ -324,6 +334,57 @@ set_hostname() fi fi } +dhcp6_dad_check() +{ + local ifname="$1" word i + local ipaddr="$2" + local noaddr=1 nodad=0 tentative=0 dadfailed=0 + test -n "$ifname" -a -n "$ipaddr" || return 1 + + while read -a word ; do + test "${word[0]}" != "inet6" && continue + noaddr=0 + for((i=2; i<${#word[@]}; ++i)) ; do + case ${word[$i]} in + nodad) nodad=1 ;; + tentative) tentative=1 ;; + dadfailed) dadfailed=1 ;; + flags) ((i++)) + rx='^[[:xdigit:]]+$' + [[ "${word[$i]}" =~ $rx ]] || continue + hx="0x${word[$i]}" + ((hx & 0x02)) && nodad=1 + ((hx & 0x08)) && dadfailed=1 + ((hx & 0x40)) && tentative=1 + ;; + esac + done + ((nodad)) && continue + ((dadfailed)) && return 3 + ((tentative)) && return 2 + done < <(LC_ALL=C ip -6 addr show dev "${ifname}" to "${ipaddr}" 2>/dev/null) + # on dad failure of dynamic (non-persistent) address, + # the kernel deletes dad failed addresses + # that is, the address is tentative (2) and vanishes + # (4) and is not visible as dadfailed (3). + ((noaddr)) && return 4 || return 0 +} +dhcp6_dad_wait() +{ + local ifname="$1" + local ipaddr="$2" + local -i wsecs=${3:-0} + local -i uwait=25000 + local -i loops=$(((wsecs * 1000000) / uwait)) + local -i loop=0 ret=0 + + dhcp6_dad_check "$ifname" "$ipaddr" ; ret=$? + while ((ret == 2 && loop++ < loops)) ; do + usleep $uwait + dhcp6_dad_check "$ifname" "$ipaddr" ; ret=$? + done + return $ret +} # Must be used on exit. Invokes the local dhcp client exit hooks, if any. exit_with_hooks() { @@ -483,12 +544,12 @@ BOUND|RENEW|REBIND|REBOOT) if is_ifup_controlled ; then ifdown $interface -o dhcp - write_cached_config_data dhcp4_state "new" $interface + write_cached_config_data dhcp4_state "up" $interface commit_cached_config_data $interface fi else if is_ifup_controlled ; then - write_cached_config_data dhcp4_state "up" $interface + write_cached_config_data dhcp4_state "new" $interface commit_cached_config_data $interface fi fi @@ -607,21 +668,29 @@ BOUND6|RENEW6|REBIND6|REBOOT6) /sbin/ip addr del "$old_ip6_address/$old_ip6_prefixlen" dev $interface if is_ifup_controlled ; then - write_cached_config_data dhcp6_state "new" $interface + write_cached_config_data dhcp6_state "up" $interface commit_cached_config_data $interface fi else if is_ifup_controlled ; then - write_cached_config_data dhcp6_state "up" $interface + write_cached_config_data dhcp6_state "new" $interface commit_cached_config_data $interface fi fi if [ "x$new_ip6_address" != x -a "x$new_ip6_prefixlen" != x ] ; then - /sbin/ip addr add "$new_ip6_address/$new_ip6_prefixlen" \ - dev $interface scope global + /sbin/ip addr replace "$new_ip6_address/$new_ip6_prefixlen" \ + scope global dev $interface \ + ${new_max_life:+valid_lft $new_max_life} \ + ${new_preferred_life:+preferred_lft $new_preferred_life} \ + || exit_with_hooks 2 - set_ipv6_routes + echo >&2 "Checking DAD results for $new_ip6_address" + + if ! dhcp6_dad_wait "$interface" "$new_ip6_address/$new_ip6_prefixlen" 5 ; then + /sbin/ip addr del "$new_ip6_address/$new_ip6_prefixlen" dev $interface 2>/dev/null + exit_with_hooks 3 + fi fi netconfig_modify @@ -646,11 +715,11 @@ BOUND6|RENEW6|REBIND6|REBOOT6) DEPREF6) #################################################################### - if [ x$new_ip6_address = x -o x$new_ip6_prefixlen = x ] ; then + if [ x$cur_ip6_address = x -o x$cur_ip6_prefixlen = x ] ; then exit_with_hooks 2 fi - /sbin/ip addr change "$new_ip6_address/$new_ip6_prefixlen" \ + /sbin/ip addr change "$cur_ip6_address/$cur_ip6_prefixlen" \ dev $interface scope global preferred_lft 0 exit_with_hooks 0 diff --git a/dhcp.changes b/dhcp.changes index 38e6861..7f82d5d 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Thu Nov 20 11:43:07 UTC 2014 - mt@suse.de + +- Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to + reorder config to add all global options or option declarations + to the dhcpService object instead to create new service object + (bsc#886094,ISC-Bugs#37876). + [+ dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch] +- Applied an upstream patch by Thomas Markwalder adding missed + mapping of SHA TSIG algorithm names to their constants to enable + hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512 + authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947). + [+ dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch] +- Decline IPv6 addresses on Duplicate Address Detection failure + and stop client message exchanges on reached MRD rather than + at some point after it. Applied fedora patches by Jiri Popelka + and added DAD reporting via exit 3 to the dhclient-script and + a fix to use correct address variables in the DEPREF6 action + (bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238). + [+ dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, + + dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch] +- Applied backport patch by William Preston avoiding to bind ddns + socket in the server when ddns-update-style is none (bsc#891655). + [+ dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch] +- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script + fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409]) + [+ dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch] +- Updated licence statement and FSF address in our scripts. +- Added missed service_add_pre macro calls for dhcrelay services + ------------------------------------------------------------------- Fri Nov 14 09:18:33 UTC 2014 - dimstar@opensuse.org diff --git a/dhcp.spec b/dhcp.spec index 8a89000..ced2b89 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -120,6 +120,18 @@ Patch18: 0018-dhcp-4.2.6-improved-xid.patch Patch19: 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch # PATCH-FIX-OPENSUSE dhcp-4.2.x-chown-server-leases bnc#868253 Patch20: 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch +# PATCH-FIX-SLE dhcp-4.2.4-P2-bnc878846-conf-to-ldap bnc#878846 +Patch21: 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch +# PATCH-FIX-SLE dhcp-4.2.x-contrib-conf-to-ldap-reorder bnc#886094 +Patch22: 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch +# PATCH-FIX-OPENSUSE dhcp-4.2.x-ddns-tsig-hmac-sha-support bnc#890731 +Patch23: 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch +# PATCH-FIX-SLE dhcp-4.2.x-dhcpv6-decline-on-DAD-failure bnc#872609 +Patch24: 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch +# PATCH-FIX-SLE dhcp-4.2.x-dhcpv6-retransmission-until-MRD bnc#872609 +Patch25: 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch +# PATCH-FIX-SLE dhcp-4.2.x-disable-unused-ddns-port-in-server bnc#891655 +Patch26: 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch ## PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -255,6 +267,12 @@ Authors: %patch18 -p1 %patch19 -p1 %patch20 -p1 +%patch21 -p1 +%patch22 -p1 +%patch23 -p1 +%patch24 -p1 +%patch25 -p1 +%patch26 -p1 ## find . -type f -name \*.cat\* -exec rm -f {} \; dos2unix contrib/ms2isc/* @@ -542,6 +560,12 @@ fi %insserv_cleanup %endif +%pre relay +%if %{with systemd} +%service_add_pre dhcrelay.service +%service_add_pre dhcrelay6.service +%endif + %post relay # %{rename_sysconfig_variable -f etc/sysconfig/dhcrelay diff --git a/rc.dhcpd b/rc.dhcpd index 8aae2cf..ccad35d 100644 --- a/rc.dhcpd +++ b/rc.dhcpd @@ -2,7 +2,8 @@ # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH # Copyright (c) 2002, 2003 SuSE Linux AG -# Copyright (c) 2004-2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2004-2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013-2014 SUSE LINUX GmbH, Nuernberg, Germany. # # This program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software @@ -15,8 +16,7 @@ # details. # # You should have received a copy of the GNU General Public License along with -# this program; if not, write to the Free Software Foundation, Inc., 59 Temple -# Place, Suite 330, Boston, MA 02111-1307 USA +# this program; if not, see . # # Author: Rolf Haberrecker , 1997-1999 # Peter Poeml , 2000-2006 diff --git a/rc.dhcpd6 b/rc.dhcpd6 index 5398220..b471bf8 100644 --- a/rc.dhcpd6 +++ b/rc.dhcpd6 @@ -2,7 +2,8 @@ # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH # Copyright (c) 2002, 2003 SuSE Linux AG -# Copyright (c) 2004-2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2004-2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2004-2013 SUSE LINUX GmbH, Nuernberg, Germany. # # This program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software diff --git a/rc.dhcrelay b/rc.dhcrelay index 03c906c..7fd6ead 100644 --- a/rc.dhcrelay +++ b/rc.dhcrelay @@ -2,7 +2,21 @@ # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH # Copyright (c) 2002 SuSE Linux AG -# Copyright (c) 2003-2010 SUSE LINUX Products GmbH +# Copyright (c) 2003-2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (C) 2013-2014 SUSE LINUX GmbH, Nuernberg, Germany. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, see . # # Author: Peter Poeml , 2001 # Marius Tomaschewski , 2010 diff --git a/rc.dhcrelay6 b/rc.dhcrelay6 index f182a3b..36fdf8d 100644 --- a/rc.dhcrelay6 +++ b/rc.dhcrelay6 @@ -2,7 +2,21 @@ # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH # Copyright (c) 2002 SuSE Linux AG -# Copyright (c) 2003-2010 SUSE LINUX Products GmbH +# Copyright (c) 2003-2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (C) 2013-2014 SUSE LINUX GmbH, Nuernberg, Germany. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, see . # # Author: Peter Poeml , 2001 # Marius Tomaschewski , 2010