- Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to

reorder config to add all global options or option declarations
  to the dhcpService object instead to create new service object
  (bsc#886094,ISC-Bugs#37876).
  [+ dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch]
- Applied an upstream patch by Thomas Markwalder adding missed
  mapping of SHA TSIG algorithm names to their constants to enable
  hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512
  authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947).
  [+ dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch]
- Decline IPv6 addresses on Duplicate Address Detection failure
  and stop client message exchanges on reached MRD rather than
  at some point after it. Applied fedora patches by Jiri Popelka
  and added DAD reporting via exit 3 to the dhclient-script and
  a fix to use correct address variables in the DEPREF6 action
  (bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238).
  [+ dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
   + dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch]
- Applied backport patch by William Preston avoiding to bind ddns
  socket in the server when ddns-update-style is none (bsc#891655).
  [+ dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script
  fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409])
  [+ dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch]
- Updated licence statement and FSF address in our scripts.
- Added missed service_add_pre macro calls for dhcrelay services

OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=141

0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch

@@ -0,0 +1,32 @@
+Index: dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap
+===================================================================
+--- dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap
++++ dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap
+@@ -486,14 +486,23 @@ sub parse_subclass
+   $subclass = next_token (0);
+   parse_error () if !defined ($subclass);
+ 
+-  $tmp = next_token (0);
+-  parse_error () if !defined ($tmp);
+-  parse_error () if !($tmp eq '{');
+-
++  if (substr($subclass,-1) eq ';') {
++    $tmp = ";";
++    $subclass = substr($subclass,0,-1);
++  } else {
++    $tmp = next_token (0); 
++    parse_error () if !defined ($tmp);
++  }
++  parse_error () if !($tmp eq '{' or $tmp eq ';');
+   add_dn_to_stack ("cn=$subclass");
+   $curentry{'type'} = 'subclass';
+   $curentry{'class'} = $class;
+   $curentry{'subclass'} = $subclass;
++
++  if ($tmp eq ';') {
++    print_entry () if %curentry;
++    remove_dn_from_stack ();
++  }
+ }
+ 
+ 

0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch

@@ -0,0 +1,250 @@
+Author: Ales Novak <alnovak@suse.com>
+Subject: reorder config entries for ldap tree
+References: bsc#886094, ISC-Bugs#37876
+Upstream: sent
+
+Reorder config to add all global options or option declarations
+to the dhcpService object instead to create new service object,
+e.g.:
+
+option opt-one code 1 = text;
+class "class-one" {
+	option opt-one "...";
+};
+option opt-two code 2 = text;
+class "class-two" {
+	option opt-two "...";
+};
+
+has to contain both options (declarations) in the dhcpService,
+followed by other objects as the dhcpClass objects under the
+service in the ldap tree.
+--- dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap
++++ dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap
+@@ -137,6 +137,7 @@ add_dn_to_stack
+   local ($dn) = @_;
+ 
+   $current_dn = "$dn, $current_dn";
++  $curentry{'current_dn'} = $current_dn;
+ }
+ 
+ 
+@@ -154,6 +155,26 @@ parse_error
+   exit (1);
+ }
+ 
++sub
++new_entry
++{
++   if (%curentry) {
++     $curentry{'current_dn'} = $current_dn;
++     push(@entrystack, {%curentry});
++     undef(%curentry);
++   }
++}
++
++sub
++pop_entry
++{
++  if (%curentry) {
++    push(@outputlist, {%curentry});
++  }
++  $rentry = pop(@entrystack);
++  %curentry = %$rentry if $rentry;
++}
++
+ 
+ sub
+ print_entry
+@@ -167,7 +188,7 @@ print_entry
+       print "cn: $server\n";
+       print "objectClass: top\n";
+       print "objectClass: dhcpServer\n";
+-      print "dhcpServiceDN: $current_dn\n";
++      print "dhcpServiceDN: $curentry{'current_dn'}\n";
+       if(grep(/FaIlOvEr/i, @use))
+         {
+           foreach my $fo_peer (keys %failover)
+@@ -179,7 +200,7 @@ print_entry
+         }
+       print "\n";
+ 
+-      print "dn: $current_dn\n";
++      print "dn: $curentry{'current_dn'}\n";
+       print "cn: $dhcpcn\n";
+       print "objectClass: top\n";
+       print "objectClass: dhcpService\n";
+@@ -195,7 +216,7 @@ print_entry
+     }
+   elsif ($curentry{'type'} eq 'subnet')
+     {
+-      print "dn: $current_dn\n";
++      print "dn: $curentry{'current_dn'}\n";
+       print "cn: " . $curentry{'ip'} . "\n";
+       print "objectClass: top\n";
+       print "objectClass: dhcpSubnet\n";
+@@ -215,7 +236,7 @@ print_entry
+     }
+   elsif ($curentry{'type'} eq 'shared-network')
+     {
+-      print "dn: $current_dn\n";
++      print "dn: $curentry{'current_dn'}\n";
+       print "cn: " . $curentry{'descr'} . "\n";
+       print "objectClass: top\n";
+       print "objectClass: dhcpSharedNetwork\n";
+@@ -226,7 +247,7 @@ print_entry
+     }
+   elsif ($curentry{'type'} eq 'group')
+     {
+-      print "dn: $current_dn\n";
++      print "dn: $curentry{'current_dn'}\n";
+       print "cn: group", $curentry{'idx'}, "\n";
+       print "objectClass: top\n";
+       print "objectClass: dhcpGroup\n";
+@@ -237,7 +258,7 @@ print_entry
+     }
+   elsif ($curentry{'type'} eq 'host')
+     {
+-      print "dn: $current_dn\n";
++      print "dn: $curentry{'current_dn'}\n";
+       print "cn: " . $curentry{'host'} . "\n";
+       print "objectClass: top\n";
+       print "objectClass: dhcpHost\n";
+@@ -254,7 +275,7 @@ print_entry
+     }
+   elsif ($curentry{'type'} eq 'pool')
+     {
+-      print "dn: $current_dn\n";
++      print "dn: $curentry{'current_dn'}\n";
+       print "cn: pool", $curentry{'idx'}, "\n";
+       print "objectClass: top\n";
+       print "objectClass: dhcpPool\n";
+@@ -273,7 +294,7 @@ print_entry
+     }
+   elsif ($curentry{'type'} eq 'class')
+     {
+-      print "dn: $current_dn\n";
++      print "dn: $curentry{'current_dn'}\n";
+       print "cn: " . $curentry{'class'} . "\n";
+       print "objectClass: top\n";
+       print "objectClass: dhcpClass\n";
+@@ -284,7 +305,7 @@ print_entry
+     }
+   elsif ($curentry{'type'} eq 'subclass')
+     {
+-      print "dn: $current_dn\n";
++      print "dn: $curentry{'current_dn'}\n";
+       print "cn: " . $curentry{'subclass'} . "\n";
+       print "objectClass: top\n";
+       print "objectClass: dhcpSubClass\n";
+@@ -344,7 +365,7 @@ sub parse_subnet
+ {
+   local ($ip, $tmp, $netmask);
+ 
+-  print_entry () if %curentry;
++  new_entry ();
+     
+   $ip = next_token (0);
+   parse_error () if !defined ($ip);
+@@ -374,7 +395,7 @@ sub parse_shared_network
+ {
+   local ($descr, $tmp);
+ 
+-  print_entry () if %curentry;
++  new_entry ();
+ 
+   $descr = next_token (0);
+   parse_error () if !defined ($descr);
+@@ -393,7 +414,7 @@ sub parse_host
+ {
+   local ($descr, $tmp);
+ 
+-  print_entry () if %curentry;
++  new_entry ();
+ 
+   $host = next_token (0);
+   parse_error () if !defined ($host);
+@@ -412,7 +433,7 @@ sub parse_group
+ {
+   local ($descr, $tmp);
+ 
+-  print_entry () if %curentry;
++  new_entry ();
+ 
+   $tmp = next_token (0);
+   parse_error () if !defined ($tmp);
+@@ -435,7 +456,7 @@ sub parse_pool
+ {
+   local ($descr, $tmp);
+ 
+-  print_entry () if %curentry;
++  new_entry ();
+ 
+   $tmp = next_token (0);
+   parse_error () if !defined ($tmp);
+@@ -458,7 +479,7 @@ sub parse_class
+ {
+   local ($descr, $tmp);
+ 
+-  print_entry () if %curentry;
++  new_entry ();
+ 
+   $class = next_token (0);
+   parse_error () if !defined ($class);
+@@ -478,7 +499,7 @@ sub parse_subclass
+ {
+   local ($descr, $tmp);
+ 
+-  print_entry () if %curentry;
++  new_entry ();
+ 
+   $class = next_token (0);
+   parse_error () if !defined ($class);
+@@ -500,7 +521,7 @@ sub parse_subclass
+   $curentry{'subclass'} = $subclass;
+ 
+   if ($tmp eq ';') {
+-    print_entry () if %curentry;
++    pop_entry ();
+     remove_dn_from_stack ();
+   }
+ }
+@@ -691,11 +712,11 @@ print STDERR "\n";
+ my $token;
+ my $token_number = 0;
+ my $line_number = 0;
+-my %curentry;
+ my $cursubnet = '';
+ my %curcounter = ( '' => { pool => 0, group => 0 } );
+ 
+ $current_dn = "$dhcpdn";
++$curentry{'current_dn'} = $current_dn;
+ $curentry{'descr'} = $dhcpcn;
+ $line = '';
+ %failover = ();
+@@ -704,7 +725,7 @@ while (($token = next_token (1)))
+   {
+     if ($token eq '}')
+       {
+-        print_entry () if %curentry;
++        pop_entry ();
+         if($current_dn =~ /.+?,\s*${dhcpdn}$/) {
+           # don't go below dhcpdn ...
+           remove_dn_from_stack ();
+@@ -762,6 +783,16 @@ while (($token = next_token (1)))
+       }
+   }
+ 
++pop_entry ();
++
++while ($#outputlist >= 0) {
++  $rentry = pop(@outputlist);
++  if ($rentry) {
++    %curentry = %$rentry;
++    print_entry ();
++  }
++}
++
+ close(STDIN)  if($i_conf);
+ close(STDOUT) if($o_ldif);
+ 

0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch

@@ -0,0 +1,92 @@
+Author: Thomas Markwalder <tmark@isc.org>
+Subject: Addes addtional HMAC TSIG algorithms to DDNS
+References: bsc#890731, ISC-Bugs#36947
+Upstream: yes
+
+TSIG-authenticated dynamic DNS updates now support the use of these
+additional algorithms: hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384,
+and hmac_sha512. [ISC-Bugs #36947]
+
+RFC4635 updates RFC2845 and mandates hmac-sha1 and hmac-sha256 support.
+
+diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
+index fc45ef3..a9df110 100644
+--- a/includes/omapip/isclib.h
++++ b/includes/omapip/isclib.h
+@@ -104,6 +104,11 @@ extern dhcp_context_t dhcp_gbl_ctx;
+ #define DHCP_MAXDNS_WIRE 256
+ #define DHCP_MAXNS         3
+ #define DHCP_HMAC_MD5_NAME "HMAC-MD5.SIG-ALG.REG.INT."
++#define DHCP_HMAC_SHA1_NAME "HMAC-SHA1.SIG-ALG.REG.INT."
++#define DHCP_HMAC_SHA224_NAME "HMAC-SHA224.SIG-ALG.REG.INT."
++#define DHCP_HMAC_SHA256_NAME "HMAC-SHA256.SIG-ALG.REG.INT."
++#define DHCP_HMAC_SHA384_NAME "HMAC-SHA384.SIG-ALG.REG.INT."
++#define DHCP_HMAC_SHA512_NAME "HMAC-SHA512.SIG-ALG.REG.INT."
+ 
+ isc_result_t dhcp_isc_name(unsigned char    *namestr,
+ 			   dns_fixedname_t  *namefix,
+diff --git a/omapip/isclib.c b/omapip/isclib.c
+index 9b7ff5f..e9cb321 100644
+--- a/omapip/isclib.c
++++ b/omapip/isclib.c
+@@ -230,12 +230,24 @@ isclib_make_dst_key(char          *inname,
+ 	dns_name_t *name;
+ 	dns_fixedname_t name0;
+ 	isc_buffer_t b;
++	unsigned int algorithm_code;
+ 
+ 	isc_buffer_init(&b, secret, length);
+ 	isc_buffer_add(&b, length);
+ 
+-	/* We only support HMAC_MD5 currently */
+-	if (strcasecmp(algorithm, DHCP_HMAC_MD5_NAME) != 0) {
++	if (strcasecmp(algorithm, DHCP_HMAC_MD5_NAME) == 0) {
++		algorithm_code =  DST_ALG_HMACMD5;
++	} else if (strcasecmp(algorithm, DHCP_HMAC_SHA1_NAME) == 0) {
++		algorithm_code =  DST_ALG_HMACSHA1;
++	} else if (strcasecmp(algorithm, DHCP_HMAC_SHA224_NAME) == 0) {
++		algorithm_code =  DST_ALG_HMACSHA224;
++	} else if (strcasecmp(algorithm, DHCP_HMAC_SHA256_NAME) == 0) {
++		algorithm_code =  DST_ALG_HMACSHA256;
++	} else if (strcasecmp(algorithm, DHCP_HMAC_SHA384_NAME) == 0) {
++		algorithm_code =  DST_ALG_HMACSHA384;
++	} else if (strcasecmp(algorithm, DHCP_HMAC_SHA512_NAME) == 0) {
++		algorithm_code =  DST_ALG_HMACSHA512;
++	} else {
+ 		return(DHCP_R_INVALIDARG);
+ 	}
+ 
+@@ -244,7 +256,7 @@ isclib_make_dst_key(char          *inname,
+ 		return(result);
+ 	}
+ 
+-	return(dst_key_frombuffer(name, DST_ALG_HMACMD5, DNS_KEYOWNER_ENTITY,
++	return(dst_key_frombuffer(name, algorithm_code, DNS_KEYOWNER_ENTITY,
+ 				  DNS_KEYPROTO_DNSSEC, dns_rdataclass_in,
+ 				  &b, dhcp_gbl_ctx.mctx, dstkey));
+ }
+diff --git a/server/dhcpd.conf.5 b/server/dhcpd.conf.5
+index e639db6..def7bec 100644
+--- a/server/dhcpd.conf.5
++++ b/server/dhcpd.conf.5
+@@ -1388,11 +1388,16 @@ dnssec-keygen, the above key would be created as follows:
+ 	dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER
+ .fi
+ .PP
+-If you are using the BIND 8 dnskeygen program, the following command will
+-generate a key as seen above:
+-.PP
++The key name, algorithm, and secret must match that being used by the DNS
++server. The DHCP server currently supports the following algorithms:
+ .nf
+-	dnskeygen -H 128 -u -c -n DHCP_UPDATER
++
++        HMAC-MD5
++        HMAC-SHA1
++        HMAC-SHA224
++        HMAC-SHA256
++        HMAC-SHA384
++        HMAC-SHA512
+ .fi
+ .PP
+ You may wish to enable logging of DNS updates on your DNS server.

0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch

@@ -0,0 +1,255 @@
+Author: Jiri Popelka <jpopelka@redhat.com>
+References: bsc#872609, ISC-Bugs#21237
+Upstream: yes
+
+If the bound address failed DAD (is found to be in use on the link),
+the dhcpv6 client sends a Decline message to the server as described
+in section 18.1.7 of RFC-3315 (#559147)
+(Submitted to dhcp-bugs@isc.org - [ISC-Bugs #26735])
+
+diff --git a/client/dhc6.c b/client/dhc6.c
+index 8974e7a..f8ad25d 100644
+--- a/client/dhc6.c
++++ b/client/dhc6.c
+@@ -96,6 +96,8 @@ void do_select6(void *input);
+ void do_refresh6(void *input);
+ static void do_release6(void *input);
+ static void start_bound(struct client_state *client);
++static void start_decline6(struct client_state *client);
++static void do_decline6(void *input);
+ static void start_informed(struct client_state *client);
+ void informed_handler(struct packet *packet, struct client_state *client);
+ void bound_handler(struct packet *packet, struct client_state *client);
+@@ -2080,6 +2082,7 @@ start_release6(struct client_state *client)
+ 	cancel_timeout(do_select6, client);
+ 	cancel_timeout(do_refresh6, client);
+ 	cancel_timeout(do_release6, client);
++	cancel_timeout(do_decline6, client);
+ 	client->state = S_STOPPED;
+ 
+ 	/*
+@@ -2713,6 +2716,7 @@ dhc6_check_reply(struct client_state *client, struct dhc6_lease *new)
+ 		break;
+ 
+ 	      case S_STOPPED:
++	      case S_DECLINED:
+ 		action = dhc6_stop_action;
+ 		break;
+ 
+@@ -2814,6 +2818,7 @@ dhc6_check_reply(struct client_state *client, struct dhc6_lease *new)
+ 		break;
+ 
+ 	      case S_STOPPED:
++	      case S_DECLINED:
+ 		/* Nothing critical to do at this stage. */
+ 		break;
+ 
+@@ -3804,17 +3809,23 @@ reply_handler(struct packet *packet, struct client_state *client)
+ 	cancel_timeout(do_select6, client);
+ 	cancel_timeout(do_refresh6, client);
+ 	cancel_timeout(do_release6, client);
++	cancel_timeout(do_decline6, client);
+ 
+ 	/* If this is in response to a Release/Decline, clean up and return. */
+-	if (client->state == S_STOPPED) {
+-		if (client->active_lease == NULL)
+-			return;
++	if ((client->state == S_STOPPED) ||
++	    (client->state == S_DECLINED)) {
++
++		if (client->active_lease != NULL) {
++			dhc6_lease_destroy(&client->active_lease, MDL);
++			client->active_lease = NULL;
++			/* We should never wait for nothing!? */
++			if (stopping_finished())
++				exit(0);
++		}
++
++		if (client->state == S_DECLINED)
++			start_init6(client);
+ 
+-		dhc6_lease_destroy(&client->active_lease, MDL);
+-		client->active_lease = NULL;
+-		/* We should never wait for nothing!? */
+-		if (stopping_finished())
+-			exit(0);
+ 		return;
+ 	}
+ 
+@@ -4342,7 +4353,11 @@ start_bound(struct client_state *client)
+ 			dhc6_marshall_values("new_", client, lease, ia, addr);
+ 			script_write_requested6(client);
+ 
+-			script_go(client);
++			// when script returns 3, DAD failed
++			if (script_go(client) == 3) {
++				start_decline6(client);
++				return;
++			}
+ 		}
+ 
+ 		/* XXX: maybe we should loop on the old values instead? */
+@@ -4390,6 +4405,149 @@ start_bound(struct client_state *client)
+ 	dhc6_check_times(client);
+ }
+ 
++/*
++ * Decline addresses.
++ */
++void
++start_decline6(struct client_state *client)
++{
++	/* Cancel any pending transmissions */
++	cancel_timeout(do_confirm6, client);
++	cancel_timeout(do_select6, client);
++	cancel_timeout(do_refresh6, client);
++	cancel_timeout(do_release6, client);
++	cancel_timeout(do_decline6, client);
++	client->state = S_DECLINED;
++
++	if (client->active_lease == NULL)
++		return;
++
++	/* Set timers per RFC3315 section 18.1.7. */
++	client->IRT = DEC_TIMEOUT * 100;
++	client->MRT = 0;
++	client->MRC = DEC_MAX_RC;
++	client->MRD = 0;
++
++	dhc6_retrans_init(client);
++	client->v6_handler = reply_handler;
++
++	client->refresh_type = DHCPV6_DECLINE;
++	do_decline6(client);
++}
++
++/*
++ * do_decline6() creates a Decline packet and transmits it.
++ */
++static void
++do_decline6(void *input)
++{
++	struct client_state *client;
++	struct data_string ds;
++	int send_ret;
++	struct timeval elapsed, tv;
++
++	client = input;
++
++	if ((client->active_lease == NULL) || !active_prefix(client))
++		return;
++
++	if ((client->MRC != 0) && (client->txcount > client->MRC))  {
++		log_info("Max retransmission count exceeded.");
++		goto decline_done;
++	}
++
++	/*
++	 * Start_time starts at the first transmission.
++	 */
++	if (client->txcount == 0) {
++		client->start_time.tv_sec = cur_tv.tv_sec;
++		client->start_time.tv_usec = cur_tv.tv_usec;
++	}
++
++	/* elapsed = cur - start */
++	elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec;
++	elapsed.tv_usec = cur_tv.tv_usec - client->start_time.tv_usec;
++	if (elapsed.tv_usec < 0) {
++		elapsed.tv_sec -= 1;
++		elapsed.tv_usec += 1000000;
++	}
++
++	memset(&ds, 0, sizeof(ds));
++	if (!buffer_allocate(&ds.buffer, 4, MDL)) {
++		log_error("Unable to allocate memory for Decline.");
++		goto decline_done;
++	}
++
++	ds.data = ds.buffer->data;
++	ds.len = 4;
++	ds.buffer->data[0] = DHCPV6_DECLINE;
++	memcpy(ds.buffer->data + 1, client->dhcpv6_transaction_id, 3);
++
++	/* Form an elapsed option. */
++	/* Maximum value is 65535 1/100s coded as 0xffff. */
++	if ((elapsed.tv_sec < 0) || (elapsed.tv_sec > 655) ||
++	    ((elapsed.tv_sec == 655) && (elapsed.tv_usec > 350000))) {
++		client->elapsed = 0xffff;
++	} else {
++		client->elapsed = elapsed.tv_sec * 100;
++		client->elapsed += elapsed.tv_usec / 10000;
++	}
++
++	client->elapsed = htons(client->elapsed);
++
++	log_debug("XMT: Forming Decline.");
++	make_client6_options(client, &client->sent_options,
++			     client->active_lease, DHCPV6_DECLINE);
++	dhcpv6_universe.encapsulate(&ds, NULL, NULL, client, NULL,
++				    client->sent_options, &global_scope,
++				    &dhcpv6_universe);
++
++	/* Append IA's (but don't release temporary addresses). */
++	if (wanted_ia_na &&
++	    dhc6_add_ia_na(client, &ds, client->active_lease,
++			   DHCPV6_DECLINE) != ISC_R_SUCCESS) {
++		data_string_forget(&ds, MDL);
++		goto decline_done;
++	}
++	if (wanted_ia_pd &&
++	    dhc6_add_ia_pd(client, &ds, client->active_lease,
++			   DHCPV6_DECLINE) != ISC_R_SUCCESS) {
++		data_string_forget(&ds, MDL);
++		goto decline_done;
++	}
++
++	/* Transmit and wait. */
++	log_info("XMT: Decline on %s, interval %ld0ms.",
++		 client->name ? client->name : client->interface->name,
++		 (long int)client->RT);
++
++	send_ret = send_packet6(client->interface, ds.data, ds.len,
++				&DHCPv6DestAddr);
++	if (send_ret != ds.len) {
++		log_error("dhc6: sendpacket6() sent %d of %d bytes",
++			  send_ret, ds.len);
++	}
++
++	data_string_forget(&ds, MDL);
++
++	/* Wait RT */
++	tv.tv_sec = cur_tv.tv_sec + client->RT / 100;
++	tv.tv_usec = cur_tv.tv_usec + (client->RT % 100) * 10000;
++	if (tv.tv_usec >= 1000000) {
++		tv.tv_sec += 1;
++		tv.tv_usec -= 1000000;
++	}
++	add_timeout(&tv, do_decline6, client, NULL, NULL);
++	dhc6_retrans_advance(client);
++	return;
++
++decline_done:
++	dhc6_lease_destroy(&client->active_lease, MDL);
++	client->active_lease = NULL;
++	start_init6(client);
++	return;
++}
++
+ /* While bound, ignore packets.  In the future we'll want to answer
+  * Reconfigure-Request messages and the like.
+  */
+diff --git a/includes/dhcpd.h b/includes/dhcpd.h
+index a52992b..0eda51d 100644
+--- a/includes/dhcpd.h
++++ b/includes/dhcpd.h
+@@ -1060,7 +1060,8 @@ enum dhcp_state {
+ 	S_BOUND = 5,
+ 	S_RENEWING = 6,
+ 	S_REBINDING = 7,
+-	S_STOPPED = 8
++	S_STOPPED = 8,
++	S_DECLINED = 9
+ };
+ 
+ /* Authentication and BOOTP policy possibilities (not all values work

0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch

@@ -0,0 +1,57 @@
+Author: Jiri Popelka <jpopelka@redhat.com>
+References: bsc#872609, ISC-Bugs#21238
+Upstream: yes
+
+In client initiated message exchanges stop retransmission upon
+reaching the MRD rather than at some point after it (#559153)
+(Submitted to dhcp-bugs@isc.org - [ISC-Bugs #21238])
+
+diff --git a/client/dhc6.c b/client/dhc6.c
+index f8ad25d..63cbb65 100644
+--- a/client/dhc6.c
++++ b/client/dhc6.c
+@@ -365,7 +365,7 @@ dhc6_retrans_init(struct client_state *client)
+ static void
+ dhc6_retrans_advance(struct client_state *client)
+ {
+-	struct timeval elapsed;
++	struct timeval elapsed, elapsed_after_RT;
+ 
+ 	/* elapsed = cur - start */
+ 	elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec;
+@@ -382,6 +382,8 @@ dhc6_retrans_advance(struct client_state *client)
+ 		elapsed.tv_sec += 1;
+ 		elapsed.tv_usec -= 1000000;
+ 	}
++	elapsed_after_RT.tv_sec = elapsed.tv_sec;
++	elapsed_after_RT.tv_usec = elapsed.tv_usec;
+ 
+ 	/*
+ 	 * RT for each subsequent message transmission is based on the previous
+@@ -419,13 +421,10 @@ dhc6_retrans_advance(struct client_state *client)
+ 		elapsed.tv_usec -= 1000000;
+ 	}
+ 	if (elapsed.tv_sec >= client->MRD) {
+-		/*
+-		 * wake at RT + cur = start + MRD
+-		 */
+-		client->RT = client->MRD +
+-			(client->start_time.tv_sec - cur_tv.tv_sec);
+-		client->RT = client->RT * 100 +
+-			(client->start_time.tv_usec - cur_tv.tv_usec) / 10000;
++		client->RT = client->MRD - elapsed_after_RT.tv_sec;
++		client->RT = client->RT * 100 - elapsed_after_RT.tv_usec / 10000;
++		if (client->RT < 0)
++			client->RT = 0;
+ 	}
+ 	client->txcount++;
+ }
+@@ -1502,7 +1501,7 @@ check_timing6 (struct client_state *client, u_int8_t msg_type,
+ 	}
+ 
+ 	/* Check if finished (-1 argument). */
+-	if ((client->MRD != 0) && (elapsed.tv_sec > client->MRD)) {
++	if ((client->MRD != 0) && (elapsed.tv_sec >= client->MRD)) {
+ 		log_info("Max retransmission duration exceeded.");
+ 		return(CHK_TIM_MRD_EXCEEDED);
+ 	}

0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch

@@ -0,0 +1,292 @@
+Author: William Preston <wpreston@suse.com>
+Subject: do not bind ddns socket in server when ddns-update-style is none
+References: bsc#891655
+Upstream: yes
+
+backported from commit 61ef216b8dc05bc4245b61eee812038757d12ffe
+by Shawn Routhier <sar@isc.org> with changes.
+
+diff --git a/client/dhclient.c b/client/dhclient.c
+index bfa99fb..93f1dfc 100644
+--- a/client/dhclient.c
++++ b/client/dhclient.c
+@@ -171,7 +171,7 @@ main(int argc, char **argv) {
+ #endif
+ 
+ 	/* Set up the isc and dns library managers */
+-	status = dhcp_context_create();
++	status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB);
+ 	if (status != ISC_R_SUCCESS)
+ 		log_fatal("Can't initialize context: %s",
+ 			  isc_result_totext(status));
+diff --git a/dhcpctl/dhcpctl.c b/dhcpctl/dhcpctl.c
+index a4aee7f..2217956 100644
+--- a/dhcpctl/dhcpctl.c
++++ b/dhcpctl/dhcpctl.c
+@@ -43,7 +43,7 @@ dhcpctl_status dhcpctl_initialize ()
+ 	isc_result_t status;
+ 
+ 	/* Set up the isc and dns library managers */
+-	status = dhcp_context_create();
++	status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB);
+ 	if (status != ISC_R_SUCCESS)
+ 		return status;
+ 
+diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
+index a9df110..05a18f1 100644
+--- a/includes/omapip/isclib.h
++++ b/includes/omapip/isclib.h
+@@ -121,7 +121,9 @@ isclib_make_dst_key(char          *inname,
+ 		    int            length,
+ 		    dst_key_t    **dstkey);
+ 
+-isc_result_t dhcp_context_create(void);
++#define DHCP_CONTEXT_PRE_DB  1
++#define DHCP_CONTEXT_POST_DB 2
++isc_result_t dhcp_context_create(int              flags);
+ void isclib_cleanup(void);
+ 
+ void dhcp_signal_handler(int signal);
+diff --git a/omapip/isclib.c b/omapip/isclib.c
+index e9cb321..d833bc9 100644
+--- a/omapip/isclib.c
++++ b/omapip/isclib.c
+@@ -87,98 +87,102 @@ handle_signal(int sig, void (*handler)(int)) {
+ }
+ 
+ isc_result_t
+-dhcp_context_create(void) {
++dhcp_context_create(int flags) {
+ 	isc_result_t result;
+ 
+-	/*
+-	 * Set up the error messages, this isn't the right place
+-	 * for this call but it is convienent for now.
+-	 */
+-	result = dhcp_result_register();
+-	if (result != ISC_R_SUCCESS) {
+-		log_fatal("register_table() %s: %u", "failed", result);
+-	}
+-
+-	memset(&dhcp_gbl_ctx, 0, sizeof (dhcp_gbl_ctx));
++	if ((flags & DHCP_CONTEXT_PRE_DB) != 0) {
++		/*
++		 * Set up the error messages, this isn't the right place
++		 * for this call but it is convienent for now.
++		 */
++		result = dhcp_result_register();
++		if (result != ISC_R_SUCCESS) {
++			log_fatal("register_table() %s: %u", "failed", result);
++		}
++
++		memset(&dhcp_gbl_ctx, 0, sizeof (dhcp_gbl_ctx));
+ 	
+-	isc_lib_register();
++		isc_lib_register();
+ 
+-	/* get the current time for use as the random seed */
+-	gettimeofday(&cur_tv, (struct timezone *)0);
+-	isc_random_seed(cur_tv.tv_sec);
++		/* get the current time for use as the random seed */
++		gettimeofday(&cur_tv, (struct timezone *)0);
++		isc_random_seed(cur_tv.tv_sec);
+ 
+ #if defined (NSUPDATE)
+-	result = dns_lib_init();
+-	if (result != ISC_R_SUCCESS)
+-		goto cleanup;
++		result = dns_lib_init();
++		if (result != ISC_R_SUCCESS)
++			goto cleanup;
++#else
++		/* The dst library is inited as part of dns_lib_init, we don't
++		 * need it if NSUPDATE is enabled */
++		result = dst_lib_init(dhcp_gbl_ctx.mctx, NULL, 0);
++		if (result != ISC_R_SUCCESS)
++			goto cleanup;
+ #endif
+ 
+-	result = isc_mem_create(0, 0, &dhcp_gbl_ctx.mctx);
+-	if (result != ISC_R_SUCCESS)
+-		goto cleanup;
+-
+-	result = isc_appctx_create(dhcp_gbl_ctx.mctx, &dhcp_gbl_ctx.actx);
+-	if (result != ISC_R_SUCCESS)
+-		goto cleanup;
+-
+-	result = isc_app_ctxstart(dhcp_gbl_ctx.actx);
+-	if (result != ISC_R_SUCCESS)
+-		goto cleanup;
+-
+-	/*
+-	 * Always ignore SIGPIPE.
+-	 * Otherwise we will die before the errno == EPIPE
+-	 * checks in the socket code are reached.
+-	 *
+-	 * Note: unlike isc_app_start(), isc_app_ctxstart()
+-	 *       does not set any signal handlers.
+-	 */
+-	result = handle_signal(SIGPIPE, SIG_IGN);
+-	if (result != ISC_R_SUCCESS)
+-		goto cleanup;
+-
+-	dhcp_gbl_ctx.actx_started = ISC_TRUE;
+-
+-	result = isc_taskmgr_createinctx(dhcp_gbl_ctx.mctx,
+-					 dhcp_gbl_ctx.actx,
+-					 1, 0,
+-					 &dhcp_gbl_ctx.taskmgr);
+-	if (result != ISC_R_SUCCESS)
+-		goto cleanup;
+-
+-	result = isc_socketmgr_createinctx(dhcp_gbl_ctx.mctx,
+-					   dhcp_gbl_ctx.actx,
+-					   &dhcp_gbl_ctx.socketmgr);
+-	if (result != ISC_R_SUCCESS)
+-		goto cleanup;
+-
+-	result = isc_timermgr_createinctx(dhcp_gbl_ctx.mctx,
+-					  dhcp_gbl_ctx.actx,
+-					  &dhcp_gbl_ctx.timermgr);
+-	if (result != ISC_R_SUCCESS)
+-		goto cleanup;
+-
+-	result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task);
+-	if (result != ISC_R_SUCCESS)
+-		goto cleanup;
++		result = isc_mem_create(0, 0, &dhcp_gbl_ctx.mctx);
++		if (result != ISC_R_SUCCESS)
++			goto cleanup;
++
++		result = isc_appctx_create(dhcp_gbl_ctx.mctx, &dhcp_gbl_ctx.actx);
++		if (result != ISC_R_SUCCESS)
++			goto cleanup;
++
++		result = isc_app_ctxstart(dhcp_gbl_ctx.actx);
++		if (result != ISC_R_SUCCESS)
++			goto cleanup;
++
++		/*
++		 * Always ignore SIGPIPE.
++		 * Otherwise we will die before the errno == EPIPE
++		 * checks in the socket code are reached.
++		 *
++		 * Note: unlike isc_app_start(), isc_app_ctxstart()
++		 *       does not set any signal handlers.
++		 */
++		result = handle_signal(SIGPIPE, SIG_IGN);
++		if (result != ISC_R_SUCCESS)
++			goto cleanup;
++
++		dhcp_gbl_ctx.actx_started = ISC_TRUE;
++
++		result = isc_taskmgr_createinctx(dhcp_gbl_ctx.mctx,
++						 dhcp_gbl_ctx.actx,
++						 1, 0,
++						 &dhcp_gbl_ctx.taskmgr);
++		if (result != ISC_R_SUCCESS)
++			goto cleanup;
++
++		result = isc_socketmgr_createinctx(dhcp_gbl_ctx.mctx,
++						   dhcp_gbl_ctx.actx,
++						   &dhcp_gbl_ctx.socketmgr);
++		if (result != ISC_R_SUCCESS)
++			goto cleanup;
++
++		result = isc_timermgr_createinctx(dhcp_gbl_ctx.mctx,
++						  dhcp_gbl_ctx.actx,
++						  &dhcp_gbl_ctx.timermgr);
++		if (result != ISC_R_SUCCESS)
++			goto cleanup;
++
++		result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task);
++		if (result != ISC_R_SUCCESS)
++			goto cleanup;
++	}
+ 
+ #if defined (NSUPDATE)
+-	result = dns_client_createx(dhcp_gbl_ctx.mctx,
+-				    dhcp_gbl_ctx.actx,
+-				    dhcp_gbl_ctx.taskmgr,
+-				    dhcp_gbl_ctx.socketmgr,
+-				    dhcp_gbl_ctx.timermgr,
+-				    0,
+-				    &dhcp_gbl_ctx.dnsclient);
+-	if (result != ISC_R_SUCCESS)
+-		goto cleanup;
+-#else
+-	/* The dst library is inited as part of dns_lib_init, we don't
+-	 * need it if NSUPDATE is enabled */
+-	result = dst_lib_init(dhcp_gbl_ctx.mctx, NULL, 0);
+-	if (result != ISC_R_SUCCESS)
+-		goto cleanup;
+-
++	if ((flags & DHCP_CONTEXT_POST_DB) != 0) {
++ 
++		result = dns_client_createx(dhcp_gbl_ctx.mctx,
++					    dhcp_gbl_ctx.actx,
++					    dhcp_gbl_ctx.taskmgr,
++					    dhcp_gbl_ctx.socketmgr,
++					    dhcp_gbl_ctx.timermgr,
++					    0,
++					    &dhcp_gbl_ctx.dnsclient);
++		if (result != ISC_R_SUCCESS)
++			goto cleanup;
++	}
+ #endif
+ 	return(ISC_R_SUCCESS);
+ 
+diff --git a/omapip/test.c b/omapip/test.c
+index e97a61f..2735716 100644
+--- a/omapip/test.c
++++ b/omapip/test.c
+@@ -45,7 +45,7 @@ int main (int argc, char **argv)
+ 	omapi_object_t *connection = (omapi_object_t*)0;
+ 	isc_result_t status;
+ 
+-	status = dhcp_context_create();
++	status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB);
+ 	if (status != ISC_R_SUCCESS) {
+ 		fprintf(stderr, "Can't initialize context: %s\n",
+ 			isc_result_totext(status));
+diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
+index 4ef6737..15e5c46 100644
+--- a/relay/dhcrelay.c
++++ b/relay/dhcrelay.c
+@@ -195,7 +195,7 @@ main(int argc, char **argv) {
+ #endif	
+ 
+ 	/* Set up the isc and dns library managers */
+-	status = dhcp_context_create();
++	status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB);
+ 	if (status != ISC_R_SUCCESS)
+ 		log_fatal("Can't initialize context: %s",
+ 			  isc_result_totext(status));
+diff --git a/server/dhcpd.c b/server/dhcpd.c
+index b28c34c..434db00 100644
+--- a/server/dhcpd.c
++++ b/server/dhcpd.c
+@@ -281,7 +281,7 @@ main(int argc, char **argv) {
+                 close(fd);
+ 
+ 	/* Set up the isc and dns library managers */
+-	status = dhcp_context_create();
++	status = dhcp_context_create(DHCP_CONTEXT_PRE_DB);
+ 	if (status != ISC_R_SUCCESS)
+ 		log_fatal("Can't initialize context: %s",
+ 			  isc_result_totext(status));
+@@ -1100,6 +1100,11 @@ void postconf_initialization (int quiet)
+ 	if (ddns_update_style == DDNS_UPDATE_STYLE_AD_HOC) {
+ 		log_fatal("ddns-update-style ad_hoc no longer supported");
+ 	}
++
++	if (ddns_update_style != DDNS_UPDATE_STYLE_NONE && dhcp_context_create(DHCP_CONTEXT_POST_DB)
++	    != ISC_R_SUCCESS)
++		log_fatal("Unable to complete ddns initialization");
++
+ #else
+ 	/* If we don't have support for updates compiled in tell the user */
+ 	if (ddns_update_style != DDNS_UPDATE_STYLE_NONE) {
+-- 
+2.1.2
+

dhclient-script

@@ -1,6 +1,20 @@
 #!/bin/bash
 #
-# Copyright (C) 2010-2014 SUSE LINUX Products GmbH / Novell Inc.
+# Copyright (C) 2010-2013 SUSE LINUX Products GmbH / Novell Inc.
+# Copyright (C) 2013-2014 SUSE LINUX GmbH
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program; if not, see <http://www.gnu.org/licenses/>.
 #
 # Author: Marius Tomaschewski <mt@suse.de>
 #
@@ -270,10 +284,6 @@ set_ipv4_routes()
     fi
   fi
 }
-set_ipv6_routes()
-{
-  : TODO
-}
 set_hostname()
 {
   rx_host='^[[:alnum:]][[:alnum:]_-]{0,62}$'
@@ -324,6 +334,57 @@ set_hostname()
     fi
   fi
 }
+dhcp6_dad_check()
+{
+	local ifname="$1" word i
+	local ipaddr="$2"
+	local noaddr=1 nodad=0 tentative=0 dadfailed=0
+	test -n "$ifname" -a -n "$ipaddr" || return 1
+
+	while read -a word ; do
+		test "${word[0]}" != "inet6" && continue
+		noaddr=0
+		for((i=2; i<${#word[@]}; ++i)) ; do
+			case ${word[$i]} in
+			nodad)          nodad=1     ;;
+			tentative)      tentative=1 ;;
+			dadfailed)      dadfailed=1 ;;
+			flags)  ((i++))
+				rx='^[[:xdigit:]]+$'
+				[[ "${word[$i]}" =~ $rx ]] || continue
+				hx="0x${word[$i]}"
+				((hx & 0x02)) && nodad=1
+				((hx & 0x08)) && dadfailed=1
+				((hx & 0x40)) && tentative=1
+			;;
+			esac
+		done
+		((nodad))     && continue
+		((dadfailed)) && return 3
+		((tentative)) && return 2
+	done < <(LC_ALL=C ip -6 addr show dev "${ifname}" to "${ipaddr}" 2>/dev/null)
+	# on dad failure of dynamic (non-persistent) address,
+	# the kernel deletes dad failed addresses
+	# that is, the address is tentative (2) and vanishes
+	# (4) and is not visible as dadfailed (3).
+	((noaddr)) && return 4 || return 0
+}
+dhcp6_dad_wait()
+{
+	local ifname="$1"
+	local ipaddr="$2"
+	local -i wsecs=${3:-0}
+	local -i uwait=25000
+	local -i loops=$(((wsecs * 1000000) / uwait))
+	local -i loop=0 ret=0
+
+	dhcp6_dad_check "$ifname" "$ipaddr" ; ret=$?
+	while ((ret == 2 && loop++ < loops)) ; do
+		usleep $uwait
+		dhcp6_dad_check "$ifname" "$ipaddr" ; ret=$?
+	done
+	return $ret
+}
 
 # Must be used on exit. Invokes the local dhcp client exit hooks, if any.
 exit_with_hooks() {
@@ -483,12 +544,12 @@ BOUND|RENEW|REBIND|REBOOT)
     if is_ifup_controlled ; then
       ifdown $interface -o dhcp
 
-      write_cached_config_data  dhcp4_state "new"      $interface
+      write_cached_config_data  dhcp4_state "up"       $interface
       commit_cached_config_data                        $interface
     fi
   else
     if is_ifup_controlled ; then
-      write_cached_config_data  dhcp4_state "up"       $interface
+      write_cached_config_data  dhcp4_state "new"      $interface
       commit_cached_config_data                        $interface
     fi
   fi
@@ -607,21 +668,29 @@ BOUND6|RENEW6|REBIND6|REBOOT6)
     /sbin/ip addr del "$old_ip6_address/$old_ip6_prefixlen" dev $interface
 
     if is_ifup_controlled ; then
-      write_cached_config_data  dhcp6_state "new"      $interface
+      write_cached_config_data  dhcp6_state "up"       $interface
       commit_cached_config_data                        $interface
     fi
   else
     if is_ifup_controlled ; then
-      write_cached_config_data  dhcp6_state "up"       $interface
+      write_cached_config_data  dhcp6_state "new"      $interface
       commit_cached_config_data                        $interface
     fi
   fi
 
   if [ "x$new_ip6_address" != x -a "x$new_ip6_prefixlen" != x ] ; then
-    /sbin/ip addr add "$new_ip6_address/$new_ip6_prefixlen" \
-                  dev $interface scope global
+    /sbin/ip addr replace "$new_ip6_address/$new_ip6_prefixlen" \
+                  scope global dev $interface \
+                  ${new_max_life:+valid_lft $new_max_life} \
+                  ${new_preferred_life:+preferred_lft $new_preferred_life} \
+      || exit_with_hooks 2
 
-    set_ipv6_routes
+    echo >&2 "Checking DAD results for $new_ip6_address"
+
+    if ! dhcp6_dad_wait "$interface" "$new_ip6_address/$new_ip6_prefixlen" 5 ; then
+      /sbin/ip addr del "$new_ip6_address/$new_ip6_prefixlen" dev $interface 2>/dev/null
+      exit_with_hooks 3
+    fi
   fi
 
   netconfig_modify
@@ -646,11 +715,11 @@ BOUND6|RENEW6|REBIND6|REBOOT6)
 
 DEPREF6)
   ####################################################################
-  if [ x$new_ip6_address = x -o x$new_ip6_prefixlen = x ] ; then
+  if [ x$cur_ip6_address = x -o x$cur_ip6_prefixlen = x ] ; then
     exit_with_hooks 2
   fi
 
-  /sbin/ip addr change "$new_ip6_address/$new_ip6_prefixlen" \
+  /sbin/ip addr change "$cur_ip6_address/$cur_ip6_prefixlen" \
                 dev $interface scope global preferred_lft 0
 
   exit_with_hooks 0

dhcp.changes

@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Thu Nov 20 11:43:07 UTC 2014 - mt@suse.de
+
+- Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to
+  reorder config to add all global options or option declarations
+  to the dhcpService object instead to create new service object
+  (bsc#886094,ISC-Bugs#37876).
+  [+ dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch]
+- Applied an upstream patch by Thomas Markwalder adding missed
+  mapping of SHA TSIG algorithm names to their constants to enable
+  hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512
+  authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947).
+  [+ dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch]
+- Decline IPv6 addresses on Duplicate Address Detection failure
+  and stop client message exchanges on reached MRD rather than
+  at some point after it. Applied fedora patches by Jiri Popelka
+  and added DAD reporting via exit 3 to the dhclient-script and
+  a fix to use correct address variables in the DEPREF6 action
+  (bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238).
+  [+ dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
+   + dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch]
+- Applied backport patch by William Preston avoiding to bind ddns
+  socket in the server when ddns-update-style is none (bsc#891655).
+  [+ dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
+- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script
+  fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409])
+  [+ dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch]
+- Updated licence statement and FSF address in our scripts.
+- Added missed service_add_pre macro calls for dhcrelay services
+
 -------------------------------------------------------------------
 Fri Nov 14 09:18:33 UTC 2014 - dimstar@opensuse.org
 

dhcp.spec

@@ -120,6 +120,18 @@ Patch18:        0018-dhcp-4.2.6-improved-xid.patch
 Patch19:        0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch
 # PATCH-FIX-OPENSUSE dhcp-4.2.x-chown-server-leases bnc#868253
 Patch20:        0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch
+# PATCH-FIX-SLE dhcp-4.2.4-P2-bnc878846-conf-to-ldap bnc#878846
+Patch21:        0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch
+# PATCH-FIX-SLE dhcp-4.2.x-contrib-conf-to-ldap-reorder bnc#886094
+Patch22:        0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch
+# PATCH-FIX-OPENSUSE dhcp-4.2.x-ddns-tsig-hmac-sha-support bnc#890731
+Patch23:        0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch
+# PATCH-FIX-SLE dhcp-4.2.x-dhcpv6-decline-on-DAD-failure bnc#872609
+Patch24:        0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch
+# PATCH-FIX-SLE dhcp-4.2.x-dhcpv6-retransmission-until-MRD bnc#872609
+Patch25:        0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch
+# PATCH-FIX-SLE dhcp-4.2.x-disable-unused-ddns-port-in-server bnc#891655
+Patch26:        0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch
 ##
 PreReq:         /bin/touch /sbin/chkconfig sysconfig
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -255,6 +267,12 @@ Authors:
 %patch18 -p1
 %patch19 -p1
 %patch20 -p1
+%patch21 -p1
+%patch22 -p1
+%patch23 -p1
+%patch24 -p1
+%patch25 -p1
+%patch26 -p1
 ##
 find . -type f -name \*.cat\* -exec rm -f {} \;
 dos2unix contrib/ms2isc/*
@@ -542,6 +560,12 @@ fi
 %insserv_cleanup
 %endif
 
+%pre relay
+%if %{with systemd}
+%service_add_pre dhcrelay.service
+%service_add_pre dhcrelay6.service
+%endif
+
 %post relay
 #
 %{rename_sysconfig_variable -f etc/sysconfig/dhcrelay

rc.dhcpd

@@ -2,7 +2,8 @@
 # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
 # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
 # Copyright (c) 2002, 2003 SuSE Linux AG
-# Copyright (c) 2004-2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2004-2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013-2014 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # This program is free software; you can redistribute it and/or modify it under
 # the terms of the GNU General Public License as published by the Free Software
@@ -15,8 +16,7 @@
 # details.
 #
 # You should have received a copy of the GNU General Public License along with
-# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
-# Place, Suite 330, Boston, MA 02111-1307 USA
+# this program; if not, see <http://www.gnu.org/licenses/>.
 #
 # Author: Rolf Haberrecker <rolf@suse.de>, 1997-1999
 #         Peter Poeml <poeml@suse.de>, 2000-2006

rc.dhcpd6

@@ -2,7 +2,8 @@
 # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
 # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
 # Copyright (c) 2002, 2003 SuSE Linux AG
-# Copyright (c) 2004-2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2004-2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2004-2013 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # This program is free software; you can redistribute it and/or modify it under
 # the terms of the GNU General Public License as published by the Free Software

rc.dhcrelay

@@ -2,7 +2,21 @@
 # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
 # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
 # Copyright (c) 2002 SuSE Linux AG
-# Copyright (c) 2003-2010 SUSE LINUX Products GmbH
+# Copyright (c) 2003-2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (C) 2013-2014 SUSE LINUX GmbH, Nuernberg, Germany.
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program; if not, see <http://www.gnu.org/licenses/>.
 #
 # Author: Peter Poeml <poeml@suse.de>, 2001
 #         Marius Tomaschewski <mt@suse.de>, 2010

rc.dhcrelay6

@@ -2,7 +2,21 @@
 # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
 # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
 # Copyright (c) 2002 SuSE Linux AG
-# Copyright (c) 2003-2010 SUSE LINUX Products GmbH
+# Copyright (c) 2003-2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (C) 2013-2014 SUSE LINUX GmbH, Nuernberg, Germany.
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program; if not, see <http://www.gnu.org/licenses/>.
 #
 # Author: Peter Poeml <poeml@suse.de>, 2001
 #         Marius Tomaschewski <mt@suse.de>, 2010