rpm/dhcp
SHA256
1
0
Fork 0
forked from pool/dhcp
Code Pull Requests Activity

Accepting request 80093 from network:dhcp

Browse Source 
bnc#712653,bnc#712438,bnc#711420,bnc#700771,bnc#697279,bnc#714004

OBS-URL: https://build.opensuse.org/request/show/80093
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=59
This commit is contained in:
Sascha Peilicke 2011-08-31 08:47:42 +00:00 committed by Git OBS Bridge
commit 76fa77e20f
19 changed files with 769 additions and 289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
dhclient-script
View File

@ -400,8 +400,8 @@ ARPCHECK|ARPSEND)
BOUND|RENEW|REBIND|REBOOT)
####################################################################
if [ x$old_ip_address != x -a x$alias_ip_address != x ] && \
[ x$alias_ip_address != x$old_ip_address ] ;
if [ x$alias_ip_address != x -a x$alias_ip_address != x$old_ip_address -a \
x$new_ip_address != x$old_ip_address ] ;
then
# Possible new alias. Remove old alias.
/sbin/ip addr del $alias_ip_address/$alias_subnet_mask dev $interface
@ -426,7 +426,8 @@ BOUND|RENEW|REBIND|REBOOT)
set_ipv4_routes
fi
if [ x$new_ip_address != x$alias_ip_address -a x$alias_ip_address != x ];
if [ x$new_ip_address != x$alias_ip_address -a x$alias_ip_address != x \
-a x$new_ip_address != x$old_ip_address ];
then
/sbin/ip addr add $alias_ip_address/$alias_subnet_mask \
dev $interface

31
dhcp-4.1.1-P1-relay-no-ip-on-interface.diff
View File

@ -1,31 +0,0 @@
From 4509d956715297469469ab0e207c2641f521470d Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Fri, 29 Oct 2010 18:49:06 +0200
Subject: [PATCH] dhcp-4.1.1-P1-relay-no-ip-on-interface
Fix for a dhcrelay segfault while receiving packets on interfaces
without any IPv4 address assigned (bnc#631305, [ISC-Bugs #22409]).
Signed-off-by: Marius Tomaschewski <mt@suse.de>
---
relay/dhcrelay.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
index 11676ae..c375c83 100644
--- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
@@ -565,6 +565,10 @@ do_relay4(struct interface_info *ip, struct dhcp_packet *packet,
log_info("Discarding packet with invalid hlen.");
return;
}
+ if (ip->address_count < 1 || ip->addresses == NULL) {
+ log_info("Discarding packet from interface without IP address");
+ return;
+ }
/* Find the interface that corresponds to the giaddr
in the packet. */
--
1.7.1

21
dhcp-4.1.1-in6_pktinfo-prototype.diff
View File

@ -1,21 +0,0 @@
diff --git a/common/socket.c b/common/socket.c
index 036f7ae..6f56740 100644
--- a/common/socket.c
+++ b/common/socket.c
@@ -40,11 +40,16 @@
* I have implemented it under Linux; other systems should be doable also.
*/
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
#include "dhcpd.h"
#include <errno.h>
#include <sys/ioctl.h>
#include <sys/uio.h>
#include <sys/uio.h>
+#include <netinet/in.h> /* for struct in6_pktinfo, with glibc >= 2.10.1
+ _GNU_SOURCE required to enable it */
#ifdef USE_SOCKET_FALLBACK
# if !defined (USE_SOCKET_SEND)

77
dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff
View File

@ -1,77 +0,0 @@
From 7c0b7ae289a0f25853bd4bb660f3dd34b5c1ce88 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Wed, 27 Apr 2011 13:56:47 +0200
Subject: [PATCH] dhclient string option checks
Merged dhclient pretty escape and string option checks.
Use relaxed domain-name option check causing a regression, when the
server is misusing it to provide a domain list and does not provide
it via the domain-search option; pretty escape semicolon as well
(bnc#675052, CVE-2011-0997).
Signed-off-by: Marius Tomaschewski <mt@suse.de>
---
client/dhclient.c | 8 ++++----
common/options.c | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/client/dhclient.c b/client/dhclient.c
index 970b935..93db494 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -3142,7 +3142,7 @@ void script_write_params (client, prefix, lease)
} else {
log_error("suspect value in %s "
"option - discarded",
- lease->filename);
+ "filename");
}
}
@@ -3155,7 +3155,7 @@ void script_write_params (client, prefix, lease)
} else {
log_error("suspect value in %s "
"option - discarded",
- lease->server_name);
+ "server-name");
}
}
@@ -4077,7 +4077,7 @@ static int check_domain_name(const char *ptr, size_t len, int dots)
const char *p;
/* not empty or complete length not over 255 characters */
- if ((len == 0) || (len > 256))
+ if ((len == 0) || (len >= 256))
return(-1);
/* consists of [[:alnum:]-]+ labels separated by [.] */
@@ -4140,11 +4140,11 @@ static int check_option_values(struct universe *universe,
if ((universe == NULL) || (universe == &dhcp_universe)) {
switch(opt) {
case DHO_HOST_NAME:
- case DHO_DOMAIN_NAME:
case DHO_NIS_DOMAIN:
case DHO_NETBIOS_SCOPE:
return check_domain_name(ptr, len, 0);
break;
+ case DHO_DOMAIN_NAME: /* accept a list for compatibiliy */
case DHO_DOMAIN_SEARCH:
return check_domain_name_list(ptr, len, 0);
break;
diff --git a/common/options.c b/common/options.c
index c26f88c..8b4be65 100644
--- a/common/options.c
+++ b/common/options.c
@@ -3916,7 +3916,7 @@ pretty_escape(char **dst, char *dend, const unsigned char **src,
}
} else if (**src == '"' || **src == '\'' || **src == '$' ||
**src == '`' || **src == '\\' || **src == '|' ||
- **src == '&') {
+ **src == '&' || **src == ';') {
if (*dst + 2 > dend)
return -1;
--
1.7.3.4

3
dhcp-4.2.1-P1-ldap-patch-mt01.diff.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6f1458dc06686ad2c80111f09d1ffc61f0f7feecbd9e693bdc55904a35708608
size 11461

3
dhcp-4.2.1-P1.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cb8e19d01c5ab5de1da759c3fb34e4967e863e78c8d6106d2cbb0ffeaa80df76
size 8659247

420
dhcp-4.2.2-close-on-exec.diff Normal file
View File

@ -0,0 +1,420 @@
diff --git a/client/clparse.c b/client/clparse.c
index 9de4ce2..ca24ba6 100644
--- a/client/clparse.c
+++ b/client/clparse.c
@@ -220,7 +220,7 @@ int read_client_conf_file (const char *name, struct interface_info *ip,
int token;
isc_result_t status;
- if ((file = open (name, O_RDONLY)) < 0)
+ if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0)
return uerr2isc (errno);
cfile = NULL;
@@ -257,7 +257,7 @@ void read_client_leases ()
/* Open the lease file. If we can't open it, just return -
we can safely trust the server to remember our state. */
- if ((file = open (path_dhclient_db, O_RDONLY)) < 0)
+ if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0)
return;
cfile = NULL;
diff --git a/client/dhclient.c b/client/dhclient.c
index 82c26bb..a1cab01 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -131,11 +131,11 @@ main(int argc, char **argv) {
/* Make sure that file descriptors 0 (stdin), 1, (stdout), and
2 (stderr) are open. To do this, we assume that when we
open a file the lowest available file descriptor is used. */
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 0)
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 1)
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 2)
log_perror = 0; /* No sense logging to /dev/null. */
else if (fd != -1)
@@ -423,7 +423,7 @@ main(int argc, char **argv) {
int e;
oldpid = 0;
- if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) {
+ if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) {
e = fscanf(pidfd, "%ld\n", &temp);
oldpid = (pid_t)temp;
@@ -2689,7 +2689,7 @@ void rewrite_client_leases ()
if (leaseFile != NULL)
fclose (leaseFile);
- leaseFile = fopen (path_dhclient_db, "w");
+ leaseFile = fopen (path_dhclient_db, "we");
if (leaseFile == NULL) {
log_error ("can't create %s: %m", path_dhclient_db);
return;
@@ -2799,7 +2799,7 @@ write_duid(struct data_string *duid)
return DHCP_R_INVALIDARG;
if (leaseFile == NULL) { /* XXX? */
- leaseFile = fopen(path_dhclient_db, "w");
+ leaseFile = fopen(path_dhclient_db, "we");
if (leaseFile == NULL) {
log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR;
@@ -2847,7 +2847,7 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease,
return DHCP_R_INVALIDARG;
if (leaseFile == NULL) { /* XXX? */
- leaseFile = fopen(path_dhclient_db, "w");
+ leaseFile = fopen(path_dhclient_db, "we");
if (leaseFile == NULL) {
log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR;
@@ -2979,7 +2979,7 @@ int write_client_lease (client, lease, rewrite, makesure)
return 1;
if (leaseFile == NULL) { /* XXX */
- leaseFile = fopen (path_dhclient_db, "w");
+ leaseFile = fopen (path_dhclient_db, "we");
if (leaseFile == NULL) {
log_error ("can't create %s: %m", path_dhclient_db);
return 0;
@@ -3472,9 +3472,9 @@ void go_daemon ()
close(2);
/* Reopen them on /dev/null. */
- open("/dev/null", O_RDWR);
- open("/dev/null", O_RDWR);
- open("/dev/null", O_RDWR);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
write_client_pid_file ();
diff --git a/common/bpf.c b/common/bpf.c
index 8bd5727..7b8f1d4 100644
--- a/common/bpf.c
+++ b/common/bpf.c
@@ -94,7 +94,7 @@ int if_register_bpf (info)
for (b = 0; 1; b++) {
/* %Audit% 31 bytes max. %2004.06.17,Safe% */
sprintf(filename, BPF_FORMAT, b);
- sock = open (filename, O_RDWR, 0);
+ sock = open (filename, O_RDWR | O_CLOEXEC, 0);
if (sock < 0) {
if (errno == EBUSY) {
continue;
diff --git a/common/discover.c b/common/discover.c
index 1d84219..93a278e 100644
--- a/common/discover.c
+++ b/common/discover.c
@@ -421,7 +421,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) {
int len;
int i;
- ifaces->fp = fopen("/proc/net/dev", "r");
+ ifaces->fp = fopen("/proc/net/dev", "re");
if (ifaces->fp == NULL) {
log_error("Error opening '/proc/net/dev' to list interfaces");
return 0;
@@ -456,7 +456,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) {
#ifdef DHCPv6
if (local_family == AF_INET6) {
- ifaces->fp6 = fopen("/proc/net/if_inet6", "r");
+ ifaces->fp6 = fopen("/proc/net/if_inet6", "re");
if (ifaces->fp6 == NULL) {
log_error("Error opening '/proc/net/if_inet6' to "
"list IPv6 interfaces; %m");
diff --git a/common/dlpi.c b/common/dlpi.c
index b9eb1d3..c044ec6 100644
--- a/common/dlpi.c
+++ b/common/dlpi.c
@@ -806,7 +806,7 @@ dlpiopen(const char *ifname) {
}
*dp = '\0';
- return open (devname, O_RDWR, 0);
+ return open (devname, O_RDWR | O_CLOEXEC, 0);
}
/*
diff --git a/common/nit.c b/common/nit.c
index 0da9c36..896cbb6 100644
--- a/common/nit.c
+++ b/common/nit.c
@@ -81,7 +81,7 @@ int if_register_nit (info)
struct strioctl sio;
/* Open a NIT device */
- sock = open ("/dev/nit", O_RDWR);
+ sock = open ("/dev/nit", O_RDWR | O_CLOEXEC);
if (sock < 0)
log_fatal ("Can't open NIT device for %s: %m", info -> name);
diff --git a/common/resolv.c b/common/resolv.c
index b29d4cf..d946ccc 100644
--- a/common/resolv.c
+++ b/common/resolv.c
@@ -49,7 +49,7 @@ void read_resolv_conf (parse_time)
struct domain_search_list *dp, *dl, *nd;
isc_result_t status;
- if ((file = open (path_resolv_conf, O_RDONLY)) < 0) {
+ if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) {
log_error ("Can't open %s: %m", path_resolv_conf);
return;
}
diff --git a/common/upf.c b/common/upf.c
index fff3949..4f9318e 100644
--- a/common/upf.c
+++ b/common/upf.c
@@ -77,7 +77,7 @@ int if_register_upf (info)
/* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */
sprintf(filename, "/dev/pf/pfilt%d", b);
- sock = open (filename, O_RDWR, 0);
+ sock = open (filename, O_RDWR | O_CLOEXEC, 0);
if (sock < 0) {
if (errno == EBUSY) {
continue;
diff --git a/dst/dst_api.c b/dst/dst_api.c
index 8925c66..fa4eb5f 100644
--- a/dst/dst_api.c
+++ b/dst/dst_api.c
@@ -437,7 +437,7 @@ dst_s_write_private_key(const DST_KEY *key)
PRIVATE_KEY, PATH_MAX);
/* Do not overwrite an existing file */
- if ((fp = dst_s_fopen(file, "w", 0600)) != NULL) {
+ if ((fp = dst_s_fopen(file, "we", 0600)) != NULL) {
int nn;
if ((nn = fwrite(encoded_block, 1, len, fp)) != len) {
EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n",
@@ -494,7 +494,7 @@ dst_s_read_public_key(const char *in_name, const unsigned in_id, int in_alg)
* flags, proto, alg stored as decimal (or hex numbers FIXME).
* (FIXME: handle parentheses for line continuation.)
*/
- if ((fp = dst_s_fopen(name, "r", 0)) == NULL) {
+ if ((fp = dst_s_fopen(name, "re", 0)) == NULL) {
EREPORT(("dst_read_public_key(): Public Key not found %s\n",
name));
return (NULL);
@@ -620,7 +620,7 @@ dst_s_write_public_key(const DST_KEY *key)
return (0);
}
/* create public key file */
- if ((fp = dst_s_fopen(filename, "w+", 0644)) == NULL) {
+ if ((fp = dst_s_fopen(filename, "w+e", 0644)) == NULL) {
EREPORT(("DST_write_public_key: open of file:%s failed (errno=%d)\n",
filename, errno));
return (0);
@@ -854,7 +854,7 @@ dst_s_read_private_key_file(char *name, DST_KEY *pk_key, unsigned in_id,
return (0);
}
/* first check if we can find the key file */
- if ((fp = dst_s_fopen(filename, "r", 0)) == NULL) {
+ if ((fp = dst_s_fopen(filename, "re", 0)) == NULL) {
EREPORT(("dst_s_read_private_key_file: Could not open file %s in directory %s\n",
filename, dst_path[0] ? dst_path :
(char *) getcwd(NULL, PATH_MAX - 1)));
diff --git a/dst/prandom.c b/dst/prandom.c
index 4de3fe4..fbbe07c 100644
--- a/dst/prandom.c
+++ b/dst/prandom.c
@@ -269,7 +269,7 @@ get_dev_random(u_char *output, unsigned size)
s = stat("/dev/random", &st);
if (s == 0 && S_ISCHR(st.st_mode)) {
- if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) {
+ if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK | O_CLOEXEC)) != -1) {
if ((n = read(fd, output, size)) < 0)
n = 0;
close(fd);
@@ -480,7 +480,7 @@ digest_file(dst_work *work)
work->file_digest = dst_free_key(work->file_digest);
return (0);
}
- if ((fp = fopen(name, "r")) == NULL)
+ if ((fp = fopen(name, "re")) == NULL)
return (0);
for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0;
no += i)
diff --git a/omapip/trace.c b/omapip/trace.c
index 9fd3fb5..9c4e11e 100644
--- a/omapip/trace.c
+++ b/omapip/trace.c
@@ -141,10 +141,10 @@ isc_result_t trace_begin (const char *filename,
return DHCP_R_INVALIDARG;
}
- traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600);
+ traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600);
if (traceoutfile < 0 && errno == EEXIST) {
log_error ("WARNING: Overwriting trace file \"%s\"", filename);
- traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC,
+ traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC | O_CLOEXEC,
0600);
}
@@ -431,7 +431,7 @@ void trace_file_replay (const char *filename)
isc_result_t result;
int len;
- traceinfile = fopen (filename, "r");
+ traceinfile = fopen (filename, "re");
if (!traceinfile) {
log_error("Can't open tracefile %s: %m", filename);
return;
diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
index f21f16f..d2aa90e 100644
--- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
@@ -183,11 +183,11 @@ main(int argc, char **argv) {
/* Make sure that file descriptors 0(stdin), 1,(stdout), and
2(stderr) are open. To do this, we assume that when we
open a file the lowest available file descriptor is used. */
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 0)
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 1)
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 2)
log_perror = 0; /* No sense logging to /dev/null. */
else if (fd != -1)
@@ -540,13 +540,14 @@ main(int argc, char **argv) {
if (no_pid_file == ISC_FALSE) {
pfdesc = open(path_dhcrelay_pid,
- O_CREAT | O_TRUNC | O_WRONLY, 0644);
+ O_CREAT | O_TRUNC | O_WRONLY |
+ O_CLOEXEC, 0644);
if (pfdesc < 0) {
log_error("Can't create %s: %m",
path_dhcrelay_pid);
} else {
- pf = fdopen(pfdesc, "w");
+ pf = fdopen(pfdesc, "we");
if (!pf)
log_error("Can't fdopen %s: %m",
path_dhcrelay_pid);
diff --git a/server/confpars.c b/server/confpars.c
index c0742d4..62568e9 100644
--- a/server/confpars.c
+++ b/server/confpars.c
@@ -116,7 +116,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
}
#endif
- if ((file = open (filename, O_RDONLY)) < 0) {
+ if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) {
if (leasep) {
log_error ("Can't open lease database %s: %m --",
path_dhcpd_db);
diff --git a/server/db.c b/server/db.c
index dc75321..be5db26 100644
--- a/server/db.c
+++ b/server/db.c
@@ -1035,7 +1035,7 @@ void db_startup (testp)
}
#endif
if (!testp) {
- db_file = fopen (path_dhcpd_db, "a");
+ db_file = fopen (path_dhcpd_db, "ae");
if (!db_file)
log_fatal ("Can't open %s for append.", path_dhcpd_db);
expire_all_pools ();
@@ -1074,7 +1074,7 @@ int new_lease_file ()
db_validity = lease_file_is_corrupt;
snprintf (newfname, sizeof(newfname), "%s.XXXXXX", path_dhcpd_db);
- db_fd = mkstemp (newfname);
+ db_fd = mkostemp (newfname, O_CLOEXEC);
if (db_fd < 0) {
log_error ("Can't create new lease file: %m");
return 0;
@@ -1083,7 +1083,7 @@ int new_lease_file ()
log_error ("Can't fchmod new lease file: %m");
goto fail;
}
- if ((new_db_file = fdopen(db_fd, "w")) == NULL) {
+ if ((new_db_file = fdopen(db_fd, "we")) == NULL) {
log_error("Can't fdopen new lease file: %m");
close(db_fd);
goto fdfail;
diff --git a/server/dhcpd.c b/server/dhcpd.c
index 27e04e4..9233d26 100644
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -274,11 +274,11 @@ main(int argc, char **argv) {
/* Make sure that file descriptors 0 (stdin), 1, (stdout), and
2 (stderr) are open. To do this, we assume that when we
open a file the lowest available file descriptor is used. */
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 0)
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 1)
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 2)
log_perror = 0; /* No sense logging to /dev/null. */
else if (fd != -1)
@@ -809,7 +809,7 @@ main(int argc, char **argv) {
*/
if (no_pid_file == ISC_FALSE) {
/*Read previous pid file. */
- if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) {
+ if ((i = open (path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) {
status = read(i, pbuf, (sizeof pbuf) - 1);
close (i);
if (status > 0) {
@@ -828,7 +828,7 @@ main(int argc, char **argv) {
}
/* Write new pid file. */
- i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644);
+ i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644);
if (i >= 0) {
sprintf(pbuf, "%d\n", (int) getpid());
IGNORE_RET (write(i, pbuf, strlen(pbuf)));
@@ -856,9 +856,9 @@ main(int argc, char **argv) {
close(2);
/* Reopen them on /dev/null. */
- open("/dev/null", O_RDWR);
- open("/dev/null", O_RDWR);
- open("/dev/null", O_RDWR);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
log_perror = 0; /* No sense logging to /dev/null. */
IGNORE_RET (chdir("/"));
diff --git a/server/ldap.c b/server/ldap.c
index 68acbbb..77efe26 100644
--- a/server/ldap.c
+++ b/server/ldap.c
@@ -1098,7 +1098,7 @@ ldap_start (void)
if (ldap_debug_file != NULL && ldap_debug_fd == -1)
{
- if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY,
+ if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC,
S_IRUSR | S_IWUSR)) < 0)
log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file,
strerror (errno));
--
1.7.3.4

47
dhcp-4.2.2-dhclient-option-checks.bnc675052.diff Normal file
View File

@ -0,0 +1,47 @@
diff --git a/client/dhclient.c b/client/dhclient.c
index 9fd7ccc..82c26bb 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -3251,7 +3251,7 @@ void script_write_params (client, prefix, lease)
} else {
log_error("suspect value in %s "
"option - discarded",
- lease->filename);
+ "filename");
}
}
@@ -3264,7 +3264,7 @@ void script_write_params (client, prefix, lease)
} else {
log_error("suspect value in %s "
"option - discarded",
- lease->server_name);
+ "server-name");
}
}
@@ -4193,7 +4193,7 @@ static int check_domain_name(const char *ptr, size_t len, int dots)
const char *p;
/* not empty or complete length not over 255 characters */
- if ((len == 0) || (len > 256))
+ if ((len == 0) || (len >= 256))
return(-1);
/* consists of [[:alnum:]-]+ labels separated by [.] */
diff --git a/common/options.c b/common/options.c
index 80fd8db..6b95f3b 100644
--- a/common/options.c
+++ b/common/options.c
@@ -3916,7 +3916,7 @@ pretty_escape(char **dst, char *dend, const unsigned char **src,
}
} else if (**src == '"' || **src == '\'' || **src == '$' ||
**src == '`' || **src == '\\' || **src == '|' ||
- **src == '&') {
+ **src == '&' || **src == ';') {
if (*dst + 2 > dend)
return -1;
--
1.7.3.4

67
dhcp-4.2.1-dhclient-send-hostname-rml.diff → dhcp-4.2.2-dhclient-send-hostname-rml.diff
View File

@ -1,34 +1,34 @@
diff --git a/client/dhclient.8 b/client/dhclient.8
index 7a3c154..e284210 100644
index 6306b08..1394c38 100644
--- a/client/dhclient.8
+++ b/client/dhclient.8
@@ -64,6 +64,10 @@ dhclient - Dynamic Host Configuration Protocol Client
.I port
@@ -60,6 +60,10 @@ dhclient - Dynamic Host Configuration Protocol Client
.I LL|LLT
]
[
+.B -H
+.I hostname
+]
+[
.B -d
.B -p
.I port
]
[
@@ -305,6 +309,10 @@ If a different port is specified on which the client should listen and
transmit, the client will also use a different destination port -
one less than the specified port.
@@ -299,6 +303,10 @@ PID file. When shutdown via this method
.B dhclient-script(8)
will be executed with the specific reason for calling the script set.
.TP
+.BI \-H \ hostname
+This flag may be used to specify a client hostname that should be sent to
+the DHCP server. Note, that this option is a SUSE/Novell extension.
+.TP
.BI \-s \ server
Specify the server IP address or fully qualified domain name to use as
a destination for DHCP protocol messages before
.BI \-p \ port
The UDP port number on which the DHCP client should listen and transmit.
If unspecified,
diff --git a/client/dhclient.c b/client/dhclient.c
index dc19e8b..bd02cc9 100644
index 9b53f07..9fd7ccc 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -110,6 +110,7 @@ main(int argc, char **argv) {
@@ -119,6 +119,7 @@ main(int argc, char **argv) {
int no_dhclient_db = 0;
int no_dhclient_pid = 0;
int no_dhclient_script = 0;
@ -36,24 +36,30 @@ index dc19e8b..bd02cc9 100644
#ifdef DHCPv6
int local_family_set = 0;
#endif /* DHCPv6 */
@@ -220,6 +221,16 @@ main(int argc, char **argv) {
@@ -231,6 +232,22 @@ main(int argc, char **argv) {
if (++i == argc)
usage();
mockup_relay = argv[i];
+ } else if (!strcmp (argv[i], "-H")) {
+ size_t len;
+ if (++i == argc || !argv[i] || *(argv[i]) == '\0')
+ usage ();
+ if (strlen (argv[i]) > HOST_NAME_MAX) {
+ len = strlen (argv[i]);
+ if (len > HOST_NAME_MAX) {
+ log_error("-H option host-name string \"%s\" is too long:"
+ "maximum length is %d characters",
+ argv[i], HOST_NAME_MAX);
+ exit(1);
+ } else if(check_domain_name(argv[i], len, 0) != 0) {
+ log_error("suspect host-name in -H \"%s\"",
+ argv[i]);
+ exit(1);
+ }
+ dhclient_hostname = argv [i];
} else if (!strcmp(argv[i], "-nw")) {
nowait = 1;
} else if (!strcmp(argv[i], "-n")) {
@@ -468,6 +479,32 @@ main(int argc, char **argv) {
@@ -484,6 +501,35 @@ main(int argc, char **argv) {
/* Parse the dhclient.conf file. */
read_client_conf();
@ -63,10 +69,12 @@ index dc19e8b..bd02cc9 100644
+ char buf[HOST_NAME_MAX + 40];
+ int len;
+
+ snprintf (buf, sizeof(buf), "send host-name \"%s\";", dhclient_hostname);
+ snprintf (buf, sizeof(buf), "send host-name \"%s\";",
+ dhclient_hostname);
+ len = strlen(buf);
+
+ status = new_parse (&cfile, -1, buf, len, "host-name option", 0);
+ status = new_parse (&cfile, -1, buf, len,
+ "host-name option", 0);
+ if (status != ISC_R_SUCCESS)
+ log_fatal ("Cannot parse send host-name statement!");
+
@ -78,7 +86,8 @@ index dc19e8b..bd02cc9 100644
+ if (token == END_OF_FILE)
+ break;
+
+ parse_client_statement (cfile, NULL, &top_level_config);
+ parse_client_statement (cfile, NULL,
+ &top_level_config);
+ }
+ end_parse (&cfile);
+ }
@ -86,19 +95,15 @@ index dc19e8b..bd02cc9 100644
/* Parse the lease database. */
read_client_leases();
@@ -676,12 +713,12 @@ static void usage()
@@ -708,9 +754,9 @@ static void usage()
log_error("Usage: dhclient %s %s",
log_fatal("Usage: dhclient "
#ifdef DHCPv6
- "[-4|-6] [-SNTP1dvrx] [-nw] [-p <port>] [-D LL|LLT]",
+ "[-4|-6] [-SNTP1dvrx] [-nw] [-H <hostname>] [-p <port>] [-D LL|LLT]",
- "[-4|-6] [-SNTP1dvrx] [-nw] [-p <port>] [-D LL|LLT]\n"
+ "[-4|-6] [-SNTP1dvrx] [-nw] [-H <hostname>] [-p <port>] [-D LL|LLT]\n"
#else /* DHCPv6 */
- "[-1dvrx] [-nw] [-p <port>]",
+ "[-1dvrx] [-nw] [-H <hostname>] [-p <port>]",
- "[-1dvrx] [-nw] [-p <port>]\n"
+ "[-1dvrx] [-nw] [-H <hostname>] [-p <port>]\n"
#endif /* DHCPv6 */
"[-s server]");
- log_error(" [-cf config-file] [-lf lease-file]%s",
+ log_error(" [-cf config-file] [-lf lease-file] %s",
"[-pf pid-file] [-e VAR=val]");
log_fatal(" [-sf script-file] [interface]");
}
" [-s server-addr] [-cf config-file] "
"[-lf lease-file]\n"

3
dhcp-4.2.2-ldap-patch-mt01.diff.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b113289cbcaf5d9f76892b48a6c8a452f7f2180aab1a06a8acacc49d0fa137a9
size 11732

20
dhcp-4.1.1-man-includes.diff → dhcp-4.2.2-man-includes.diff
View File

@ -1,26 +1,28 @@
diff --git a/dhcpctl/dhcpctl.3 b/dhcpctl/dhcpctl.3
index 2e1cb8a..ee44755 100644
index 9aa1851..7497612 100644
--- a/dhcpctl/dhcpctl.3
+++ b/dhcpctl/dhcpctl.3
@@ -425,7 +425,7 @@ that most error checking has been ommitted for brevity.
#include <stdio.h>
@@ -430,8 +430,8 @@ that most error checking has been ommitted for brevity.
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <isc/result.h>
+#include <isc-dhcp/result.h>
#include <dhcpctl/dhcpctl.h>
-#include "omapip/result.h"
-#include "dhcpctl.h"
+#include <omapip/result.h>
+#include <dhcpctl/dhcpctl.h>
int main (int argc, char **argv) {
dhcpctl_data_string ipaddrstring = NULL;
diff --git a/omapip/omapi.3 b/omapip/omapi.3
index 4673549..8e2503f 100644
index 4868d7c..23389b0 100644
--- a/omapip/omapi.3
+++ b/omapip/omapi.3
@@ -87,7 +87,7 @@ the lease ends.
@@ -88,7 +88,7 @@ the lease ends.
#include <stdio.h>
#include <netinet/in.h>
- #include <isc/result.h>
+ #include <isc-dhcp/result.h>
+ #include <omapip/result.h>
#include <dhcpctl/dhcpctl.h>
int main (int argc, char **argv) {

17
dhcp-4.2.2-quiet-dhclient.bnc711420.diff Normal file
View File

@ -0,0 +1,17 @@
diff --git a/client/dhclient.c b/client/dhclient.c
index a1cab01..ff5ede5 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -444,6 +444,9 @@ main(int argc, char **argv) {
} else {
log_perror = 0;
quiet_interface_discovery = 1;
+#if !defined(DEBUG)
+ setlogmask(LOG_UPTO(LOG_NOTICE));
+#endif
}
/* If we're given a relay agent address to insert, for testing
--
1.7.3.4

110
dhcp-4.2.0-xen-checksum.patch → dhcp-4.2.2-xen-checksum.diff
View File

@ -1,7 +1,8 @@
diff -up dhcp-4.2.0/common/bpf.c.xen dhcp-4.2.0/common/bpf.c
--- dhcp-4.2.0/common/bpf.c.xen 2009-11-20 02:48:59.000000000 +0100
+++ dhcp-4.2.0/common/bpf.c 2010-07-21 13:51:24.000000000 +0200
@@ -485,7 +485,7 @@ ssize_t receive_packet (interface, buf,
diff --git a/common/bpf.c b/common/bpf.c
index b0ef657..8bd5727 100644
--- a/common/bpf.c
+++ b/common/bpf.c
@@ -485,7 +485,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
offset = decode_udp_ip_header (interface,
interface -> rbuf,
interface -> rbuf_offset,
@ -10,10 +11,11 @@ diff -up dhcp-4.2.0/common/bpf.c.xen dhcp-4.2.0/common/bpf.c
/* If the IP or UDP checksum was bad, skip the packet... */
if (offset < 0) {
diff -up dhcp-4.2.0/common/dlpi.c.xen dhcp-4.2.0/common/dlpi.c
--- dhcp-4.2.0/common/dlpi.c.xen 2009-11-20 02:49:00.000000000 +0100
+++ dhcp-4.2.0/common/dlpi.c 2010-07-21 13:51:24.000000000 +0200
@@ -694,7 +694,7 @@ ssize_t receive_packet (interface, buf,
diff --git a/common/dlpi.c b/common/dlpi.c
index 8f2c73d..b9eb1d3 100644
--- a/common/dlpi.c
+++ b/common/dlpi.c
@@ -693,7 +693,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
length -= offset;
#endif
offset = decode_udp_ip_header (interface, dbuf, bufix,
@ -22,10 +24,11 @@ diff -up dhcp-4.2.0/common/dlpi.c.xen dhcp-4.2.0/common/dlpi.c
/*
* If the IP or UDP checksum was bad, skip the packet...
diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
--- dhcp-4.2.0/common/lpf.c.xen 2009-07-23 20:52:19.000000000 +0200
+++ dhcp-4.2.0/common/lpf.c 2010-07-21 13:51:24.000000000 +0200
@@ -29,18 +29,33 @@
diff --git a/common/lpf.c b/common/lpf.c
index 16eecc9..4bdb0f1 100644
--- a/common/lpf.c
+++ b/common/lpf.c
@@ -29,19 +29,33 @@
#include "dhcpd.h"
#if defined (USE_LPF_SEND) || defined (USE_LPF_RECEIVE)
#include <sys/ioctl.h>
@ -38,6 +41,7 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
#include <linux/if_ether.h>
+#include <linux/if_packet.h>
#include <netinet/in_systm.h>
-#include <net/if_packet.h>
#include "includes/netinet/ip.h"
#include "includes/netinet/udp.h"
#include "includes/netinet/if_ether.h"
@ -59,7 +63,7 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
/* Reinitializes the specified interface after an address change. This
is not required for packet-filter APIs. */
@@ -66,10 +81,14 @@ int if_register_lpf (info)
@@ -67,10 +81,14 @@ int if_register_lpf (info)
struct interface_info *info;
{
int sock;
@ -76,7 +80,7 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
htons((short)ETH_P_ALL))) < 0) {
if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT ||
@@ -84,11 +103,16 @@ int if_register_lpf (info)
@@ -85,11 +103,16 @@ int if_register_lpf (info)
log_fatal ("Open a socket for LPF: %m");
}
@ -96,7 +100,7 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT ||
errno == EAFNOSUPPORT || errno == EINVAL) {
@@ -170,9 +194,18 @@ static void lpf_gen_filter_setup (struct
@@ -171,9 +194,18 @@ static void lpf_gen_filter_setup (struct interface_info *);
void if_register_receive (info)
struct interface_info *info;
{
@ -115,32 +119,34 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
#if defined (HAVE_TR_SUPPORT)
if (info -> hw_address.hbuf [0] == HTYPE_IEEE802)
lpf_tr_filter_setup (info);
@@ -294,7 +327,6 @@ ssize_t send_packet (interface, packet,
@@ -295,7 +327,6 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto)
double hh [16];
double ih [1536 / sizeof (double)];
unsigned char *buf = (unsigned char *)ih;
- struct sockaddr sa;
- struct sockaddr_pkt sa;
int result;
int fudge;
@@ -315,15 +347,7 @@ ssize_t send_packet (interface, packet,
@@ -316,17 +347,7 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto)
(unsigned char *)raw, len);
memcpy (buf + ibufp, raw, len);
- /* For some reason, SOCK_PACKET sockets can't be connected,
- so we have to do a sentdo every time. */
- memset (&sa, 0, sizeof sa);
- sa.sa_family = AF_PACKET;
- strncpy (sa.sa_data,
- (const char *)interface -> ifp, sizeof sa.sa_data);
- sa.spkt_family = AF_PACKET;
- strncpy ((char *)sa.spkt_device,
- (const char *)interface -> ifp, sizeof sa.spkt_device);
- sa.spkt_protocol = htons(ETH_P_IP);
-
- result = sendto (interface -> wfdesc,
- buf + fudge, ibufp + len - fudge, 0, &sa, sizeof sa);
- buf + fudge, ibufp + len - fudge, 0,
- (const struct sockaddr *)&sa, sizeof sa);
+ result = write (interface -> wfdesc, buf + fudge, ibufp + len - fudge);
if (result < 0)
log_error ("send_packet: %m");
return result;
@@ -340,14 +364,35 @@ ssize_t receive_packet (interface, buf,
@@ -343,14 +364,35 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
{
int length = 0;
int offset = 0;
@ -148,6 +154,8 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
unsigned char ibuf [1536];
unsigned bufix = 0;
unsigned paylen;
-
- length = read (interface -> rfdesc, ibuf, sizeof ibuf);
+ unsigned char cmsgbuf[CMSG_LEN(sizeof(struct tpacket_auxdata))];
+ struct iovec iov = {
+ .iov_base = ibuf,
@ -160,8 +168,7 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
+ .msg_controllen = sizeof(cmsgbuf),
+ };
+ struct cmsghdr *cmsg;
- length = read (interface -> rfdesc, ibuf, sizeof ibuf);
+
+ length = recvmsg (interface -> rfdesc, &msg, 0);
if (length <= 0)
return length;
@ -177,7 +184,7 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
bufix = 0;
/* Decode the physical header... */
offset = decode_hw_header (interface, ibuf, bufix, hfrom);
@@ -364,7 +409,7 @@ ssize_t receive_packet (interface, buf,
@@ -367,7 +409,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
/* Decode the IP and UDP headers... */
offset = decode_udp_ip_header (interface, ibuf, bufix, from,
@ -186,10 +193,11 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
/* If the IP or UDP checksum was bad, skip the packet... */
if (offset < 0)
diff -up dhcp-4.2.0/common/nit.c.xen dhcp-4.2.0/common/nit.c
--- dhcp-4.2.0/common/nit.c.xen 2009-11-20 02:49:01.000000000 +0100
+++ dhcp-4.2.0/common/nit.c 2010-07-21 13:51:24.000000000 +0200
@@ -369,7 +369,7 @@ ssize_t receive_packet (interface, buf,
diff --git a/common/nit.c b/common/nit.c
index 3822206..0da9c36 100644
--- a/common/nit.c
+++ b/common/nit.c
@@ -369,7 +369,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
/* Decode the IP and UDP headers... */
offset = decode_udp_ip_header (interface, ibuf, bufix,
@ -198,9 +206,10 @@ diff -up dhcp-4.2.0/common/nit.c.xen dhcp-4.2.0/common/nit.c
/* If the IP or UDP checksum was bad, skip the packet... */
if (offset < 0)
diff -up dhcp-4.2.0/common/packet.c.xen dhcp-4.2.0/common/packet.c
--- dhcp-4.2.0/common/packet.c.xen 2009-07-23 20:52:20.000000000 +0200
+++ dhcp-4.2.0/common/packet.c 2010-07-21 13:51:24.000000000 +0200
diff --git a/common/packet.c b/common/packet.c
index 42bca69..fd2d975 100644
--- a/common/packet.c
+++ b/common/packet.c
@@ -211,7 +211,7 @@ ssize_t
decode_udp_ip_header(struct interface_info *interface,
unsigned char *buf, unsigned bufix,
@ -210,7 +219,7 @@ diff -up dhcp-4.2.0/common/packet.c.xen dhcp-4.2.0/common/packet.c
{
unsigned char *data;
struct ip ip;
@@ -322,7 +322,7 @@ decode_udp_ip_header(struct interface_in
@@ -322,7 +322,7 @@ decode_udp_ip_header(struct interface_info *interface,
8, IPPROTO_UDP + ulen))));
udp_packets_seen++;
@ -219,10 +228,11 @@ diff -up dhcp-4.2.0/common/packet.c.xen dhcp-4.2.0/common/packet.c
udp_packets_bad_checksum++;
if (udp_packets_seen > 4 &&
(udp_packets_seen / udp_packets_bad_checksum) < 2) {
diff -up dhcp-4.2.0/common/upf.c.xen dhcp-4.2.0/common/upf.c
--- dhcp-4.2.0/common/upf.c.xen 2009-11-20 02:49:01.000000000 +0100
+++ dhcp-4.2.0/common/upf.c 2010-07-21 13:51:24.000000000 +0200
@@ -320,7 +320,7 @@ ssize_t receive_packet (interface, buf,
diff --git a/common/upf.c b/common/upf.c
index feb82a2..fff3949 100644
--- a/common/upf.c
+++ b/common/upf.c
@@ -320,7 +320,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
/* Decode the IP and UDP headers... */
offset = decode_udp_ip_header (interface, ibuf, bufix,
@ -231,15 +241,19 @@ diff -up dhcp-4.2.0/common/upf.c.xen dhcp-4.2.0/common/upf.c
/* If the IP or UDP checksum was bad, skip the packet... */
if (offset < 0)
diff -up dhcp-4.2.0/includes/dhcpd.h.xen dhcp-4.2.0/includes/dhcpd.h
--- dhcp-4.2.0/includes/dhcpd.h.xen 2010-07-21 13:38:31.000000000 +0200
+++ dhcp-4.2.0/includes/dhcpd.h 2010-07-21 13:51:24.000000000 +0200
@@ -2773,7 +2773,7 @@ ssize_t decode_hw_header PROTO ((struct
unsigned, struct hardware *));
ssize_t decode_udp_ip_header PROTO ((struct interface_info *, unsigned char *,
unsigned, struct sockaddr_in *,
- unsigned, unsigned *));
+ unsigned, unsigned *, int));
diff --git a/includes/dhcpd.h b/includes/dhcpd.h
index adf04cc..ded57a9 100644
--- a/includes/dhcpd.h
+++ b/includes/dhcpd.h
@@ -2793,7 +2793,7 @@ ssize_t decode_hw_header (struct interface_info *, unsigned char *,
unsigned, struct hardware *);
ssize_t decode_udp_ip_header (struct interface_info *, unsigned char *,
unsigned, struct sockaddr_in *,
- unsigned, unsigned *);
+ unsigned, unsigned *, int);
/* ethernet.c */
void assemble_ethernet_header PROTO ((struct interface_info *, unsigned char *,
void assemble_ethernet_header (struct interface_info *, unsigned char *,
--
1.7.3.4

3
dhcp-4.2.2.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:dfafcabbd4b2f099fd7ae1f9a9f6f2dc472b134ed5b6a391c2f7082dfdc2d8b6
size 8613758

47
dhcp.changes
View File

@ -1,3 +1,50 @@
-------------------------------------------------------------------
Mon Aug 29 15:15:44 UTC 2011 - mt@suse.de
- Updated to ISC dhcp-4.2.2 release, providing two security fixes
(CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that
allowed remote attackers to cause a denial of service (a daemon
exit) via crafted BOOTP packets. Further also DNS update fix to
detect overlapping pools or misconfigured fixed-address entries,
that caused a server crash during DNS update and other fixes.
For a complete list, please see the RELNOTES file provided in
the package and also available online at http://www.isc.org/.
- Merged/adopted dhclient option-checks, send-hostname-rml, ldap
patch, xen-checksum, close-on-exec patches and removed obsolete
in6_pktinfo-prototype and relay-no-ip-on-interface patches.
- Moved server pid files into chroot directory even chroot is
not used and create a link in /var/run, so it can write one
when started as user without chroot and avoid stop problems
when the chroot sysconfig setting changed (bnc#712438).
- Disabled log-info level messages in dhclient(6) quiet mode to
avoid excessive logging of non-critical messages (bnc#711420).
- Fixed dhclient-script to not remove alias IP when it didn't
changed to not wipe out iptables connmark when renewing the
lease (bnc#700771). Thanks to James Carter for the patch.
- Fixed DDNS-howto.txt reference in the config file; it has been
moved to the dhcp-doc package (bnc#697279).
- Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz
to ensure, they're not used to build non-GPL dhcp (bnc#714004).
- Changed to apply strict-aliasing/RELRO for >= 12.x only
-------------------------------------------------------------------
Wed Jul 20 18:53:07 UTC 2011 - crrodriguez@opensuse.org
- Correct previous change.
-------------------------------------------------------------------
Wed Jul 20 04:45:40 UTC 2011 - crrodriguez@opensuse.org
- THis is a long running network daemon, link with
full RELRO security enhancements.
- remove -fno-strict-aliasing from CFLAGS, no longer needed.
-------------------------------------------------------------------
Tue May 17 03:58:24 UTC 2011 - crrodriguez@opensuse.org
- Import redhat's patch to open all needed FDs with O_CLOEXEC
so they dont leak.
-------------------------------------------------------------------
Thu May 12 08:39:03 UTC 2011 - mt@suse.de

42
dhcp.spec
View File

@ -17,7 +17,7 @@
# norootforbuild
%define isc_version 4.2.1-P1
%define isc_version 4.2.2
%define susefw2dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%define omc_prefix /usr/share/omc
%define omc_svcdir %{omc_prefix}/svcinfo.d
@ -39,8 +39,8 @@ BuildRequires: dos2unix
License: BSD3c(or similar)
Group: Productivity/Networking/Boot/Servers
AutoReqProv: on
Version: 4.2.1.P1
Release: 5
Version: 4.2.2
Release: 0
Summary: Common Files Used by ISC DHCP Software
Url: http://www.isc.org/software/dhcp
Source0: dhcp-%{isc_version}.tar.bz2
@ -75,18 +75,18 @@ Patch10: dhcp-4.1.1-default-paths.diff
# paranoia patch is included now, but not the
# additional patch by thomas@suse.de not ...
Patch11: dhcp-4.1.1-paranoia.diff
Patch12: dhcp-4.1.1-man-includes.diff
Patch12: dhcp-4.2.2-man-includes.diff
Patch13: dhcp-4.1.1-tmpfile.diff
Patch14: dhcp-4.1.1-in6_pktinfo-prototype.diff
Patch15: contrib-lease-path.diff
Patch20: dhcp-4.1.1-dhclient-exec-filedes.diff
Patch21: dhcp-4.2.1-dhclient-send-hostname-rml.diff
## patch lives here: http://www.suse.de/~mt/git/dhcp-ldap.git/
Patch30: dhcp-4.2.1-P1-ldap-patch-mt01.diff.bz2
Patch21: dhcp-4.2.2-dhclient-send-hostname-rml.diff
## patch repo lives here: http://www.suse.de/~mt/git/dhcp-ldap.git/
Patch30: dhcp-4.2.2-ldap-patch-mt01.diff.bz2
Patch40: dhcp-4.1.1-P1-lpf-bind-msg-fix.diff
Patch41: dhcp-4.1.1-P1-relay-no-ip-on-interface.diff
Patch44: dhcp-4.2.0-xen-checksum.patch
Patch45: dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff
Patch44: dhcp-4.2.2-xen-checksum.diff
Patch45: dhcp-4.2.2-dhclient-option-checks.bnc675052.diff
Patch46: dhcp-4.2.2-close-on-exec.diff
Patch47: dhcp-4.2.2-quiet-dhclient.bnc711420.diff
##
PreReq: /bin/touch /sbin/chkconfig sysconfig
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -216,7 +216,6 @@ Authors:
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p0
%patch20 -p1
%patch21 -p1
@ -224,15 +223,26 @@ Authors:
%patch30 -p1
%endif
%patch40 -p1
%patch41 -p1
%patch44 -p1
%patch45 -p1
%patch46 -p1
%patch47 -p1
##
find . -type f -name \*.cat\* -exec rm -f {} \;
dos2unix contrib/ms2isc/*
%build
CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing -Wno-unused"
# Remove GPL licensed files to make sure,
# they're not used to build (bnc#714004).
pushd bind
gunzip -c bind.tar.gz | tar xf -
rm -rf bind-*/contrib/dbus
popd
%if %suse_version >= 1210
CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -W -Wall -Wno-unused"
%else
CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -W -Wall -fno-strict-aliasing -Wno-unused"
%endif
%ifarch ppc ppc64 s390x
# bugs 134590, 171532
CFLAGS="$CFLAGS -fsigned-char"
@ -242,7 +252,11 @@ CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing -Wno-unused"
%else
CFLAGS="$CFLAGS -fpie"
%endif
%if %suse_version >= 1210
LDFLAGS="-Wl,-z,relro,-z,now -pie"
%else
LDFLAGS="-pie"
%endif
FFLAGS="$CFLAGS"
CXXFLAGS="$CFLAGS"
export RPM_OPT_FLAGS LDFLAGS

2
dhcpd.conf
View File

@ -13,7 +13,7 @@ max-lease-time 7200;
# if you do not use dynamical DNS updates:
#
# if you want to use dynamical DNS updates, you should first read
# read /usr/share/doc/packages/dhcp-server/DDNS-howto.txt
# the manuals and DDNS-howto.txt provided in the dhcp-doc package.
#
ddns-updates off;

69
rc.dhcpd
View File

@ -59,6 +59,11 @@ DAEMON_BIN=${DHCPD_BINARY:=/usr/sbin/dhcpd}
DAEMON_CONF=/etc/dhcpd.conf
DAEMON_STATE=/var/lib/dhcp
DAEMON_LEASES=dhcpd.leases
# note: $DAEMON_PIDFILE is a symlink to the
# $DAEMON_STATE$DAEMON_PIDFILE (also
# while DHCPD_RUN_CHROOTED=no) now,
# as DHCPD_RUN_AS is not allowed to
# create pid files in /var/run.
DAEMON_PIDFILE=/var/run/dhcpd.pid
STARTPROC_LOGFILE=/var/log/rc.dhcpd.log
LDAP_CONF=/etc/openldap/ldap.conf
@ -128,7 +133,7 @@ fi
# remove empty pid files to avoid disturbing warnings by checkproc/killproc
# (these can occur if dhcpd does not start correctly)
test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE
test -e $CHROOT_PREFIX/$DAEMON_PIDFILE && ! test -s $CHROOT_PREFIX/$DAEMON_PIDFILE && rm $CHROOT_PREFIX/$DAEMON_PIDFILE
test -e $DAEMON_STATE/$DAEMON_PIDFILE && ! test -s $DAEMON_STATE/$DAEMON_PIDFILE && rm $DAEMON_STATE/$DAEMON_PIDFILE
case "$1" in
start)
@ -240,33 +245,33 @@ case "$1" in
## the chroot jail. Therefore, and old pid file may exist. This is only a problem if it
## incidentally contains the pid of a running process. If this process is not a 'dhcpd',
## we remove the pid. (dhcpd itself only checks whether the pid is alive or not.)
if test -e $CHROOT_PREFIX/$DAEMON_PIDFILE -a -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then
p=$(<$CHROOT_PREFIX/$DAEMON_PIDFILE)
if test -s $DAEMON_STATE/$DAEMON_PIDFILE; then
p=$(<$DAEMON_STATE/$DAEMON_PIDFILE)
if test -n "$p" && grep -qsE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then
echo -n '(already running) '
else
rm $CHROOT_PREFIX/$DAEMON_PIDFILE
rm -f $DAEMON_STATE/$DAEMON_PIDFILE
fi
fi
PID_FILE_ARG="$DAEMON_PIDFILE"
else
DHCPD_ARGS="-lf ${DAEMON_STATE}/db/$DAEMON_LEASES"
PID_FILE_ARG="$DAEMON_STATE$DAEMON_PIDFILE"
fi
if [ -n "$DHCPD_RUN_AS" ]; then
DHCPD_RUN_AS_GROUP="$(getent group $(getent passwd $DHCPD_RUN_AS | cut -d: -f4) | cut -d: -f1)"
DHCPD_ARGS="$DHCPD_ARGS -user $DHCPD_RUN_AS -group $DHCPD_RUN_AS_GROUP"
if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \
"$CHROOT_PREFIX/${DAEMON_PIDFILE%/*}"
fi
chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \
"$DAEMON_STATE/${DAEMON_PIDFILE%/*}"
fi
## check syntax with -t (output to log file) and start only when the syntax is okay
rm -f $STARTPROC_LOGFILE # start log
error=0
if ! $DAEMON_BIN $DHCPDv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $DAEMON_PIDFILE > $STARTPROC_LOGFILE 2>&1 ; then
if ! $DAEMON_BIN $DHCPDv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $PID_FILE_ARG > $STARTPROC_LOGFILE 2>&1 ; then
error=1
else
## Start daemon. If this fails the return value is set appropriate.
@ -274,19 +279,20 @@ case "$1" in
## to match the LSB spec.
test "$2" = "-v" && echo -en \
"\nexecuting '$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $DAEMON_PIDFILE $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'"
"\nexecuting '$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'"
$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $DAEMON_PIDFILE $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE
$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE
ret=$?
fi
if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then
## be verbose
echo ""
echo -n " please see $STARTPROC_LOGFILE for details ";
echo -n " please see $STARTPROC_LOGFILE for details "
## set status to failed
rc_failed
else
ln -sf "$DAEMON_STATE$DAEMON_PIDFILE" "$DAEMON_PIDFILE"
[ "$DHCPD_RUN_CHROOTED" = "yes" ] && echo -n "[chroot]" || :
fi
@ -296,14 +302,29 @@ case "$1" in
stop)
echo -n "Shutting down $DAEMON "
# Catch the case where daemon is running without chroot,
# but sysconfig/dhcp has been changed to use chroot (and
# another way around).
# In this case is there is no $chroot/$pidfile, but there
# should be a /pidfile that we use instead.
# We can not kill without pid file or dhcp4 kills dhcp6.
PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
if test ! -s "$DAEMON_STATE$DAEMON_PIDFILE" -a \
-s "$DAEMON_PIDFILE" ; then
PID_FILE="$DAEMON_PIDFILE"
fi
else
if test ! -s "$DAEMON_PIDFILE" -a \
-s "$DAEMON_STATE$DAEMON_PIDFILE" ; then
PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
fi
fi
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN
killproc -p "$PID_FILE" $DAEMON_BIN
ret=$?
if test -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then
kill $(<$CHROOT_PREFIX/$DAEMON_PIDFILE) 2>/dev/null
fi
# umount proc and remove libraries from the chroot jail,
# so they are not left over if the server is deinstalled
@ -347,8 +368,8 @@ case "$1" in
echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $CHROOT_PREFIX/$DAEMON_PIDFILE
killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $DAEMON_STATE/$DAEMON_PIDFILE
rc_status -v
else
$0 stop && sleep 3 && $0 start
@ -362,8 +383,8 @@ case "$1" in
echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then
# If it supports signalling:
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $CHROOT_PREFIX/$DAEMON_PIDFILE
killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $DAEMON_STATE/$DAEMON_PIDFILE
rc_status -v
else
## Otherwise if it does not support reload:
@ -383,7 +404,7 @@ case "$1" in
# 3 - service not running
# NOTE: checkproc returns LSB compliant status values.
checkproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN
checkproc -p $DAEMON_STATE/$DAEMON_PIDFILE $DAEMON_BIN
rc_status -v
;;
probe)
@ -392,7 +413,7 @@ case "$1" in
rc=0
for i in /etc/sysconfig/dhcpd $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do
test $i -nt $CHROOT_PREFIX/$DAEMON_PIDFILE && rc=1
test $i -nt $DAEMON_STATE/$DAEMON_PIDFILE && rc=1
done
test $rc = 1 && echo restart
;;

69
rc.dhcpd6
View File

@ -63,6 +63,11 @@ DAEMON_BIN=${DHCPD_BINARY:=/usr/sbin/dhcpd6}
DAEMON_CONF=/etc/dhcpd6.conf
DAEMON_STATE=/var/lib/dhcp6
DAEMON_LEASES=dhcpd6.leases
# note: $DAEMON_PIDFILE is a symlink to the
# $DAEMON_STATE$DAEMON_PIDFILE (also
# while DHCPD_RUN_CHROOTED=no) now,
# as DHCPD_RUN_AS is not allowed to
# create pid files in /var/run.
DAEMON_PIDFILE=/var/run/dhcpd6.pid
STARTPROC_LOGFILE=/var/log/rc.dhcpd6.log
LDAP_CONF=
@ -132,7 +137,7 @@ fi
# remove empty pid files to avoid disturbing warnings by checkproc/killproc
# (these can occur if dhcpd does not start correctly)
test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE
test -e $CHROOT_PREFIX/$DAEMON_PIDFILE && ! test -s $CHROOT_PREFIX/$DAEMON_PIDFILE && rm $CHROOT_PREFIX/$DAEMON_PIDFILE
test -e $DAEMON_STATE/$DAEMON_PIDFILE && ! test -s $DAEMON_STATE/$DAEMON_PIDFILE && rm $DAEMON_STATE/$DAEMON_PIDFILE
case "$1" in
start)
@ -244,33 +249,33 @@ case "$1" in
## the chroot jail. Therefore, and old pid file may exist. This is only a problem if it
## incidentally contains the pid of a running process. If this process is not a 'dhcpd',
## we remove the pid. (dhcpd itself only checks whether the pid is alive or not.)
if test -e $CHROOT_PREFIX/$DAEMON_PIDFILE -a -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then
p=$(<$CHROOT_PREFIX/$DAEMON_PIDFILE)
if test -s $DAEMON_STATE/$DAEMON_PIDFILE; then
p=$(<$DAEMON_STATE/$DAEMON_PIDFILE)
if test -n "$p" && grep -qsE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then
echo -n '(already running) '
else
rm $CHROOT_PREFIX/$DAEMON_PIDFILE
rm -f $DAEMON_STATE/$DAEMON_PIDFILE
fi
fi
PID_FILE_ARG="$DAEMON_PIDFILE"
else
DHCPD_ARGS="-lf ${DAEMON_STATE}/db/$DAEMON_LEASES"
PID_FILE_ARG="$DAEMON_STATE$DAEMON_PIDFILE"
fi
if [ -n "$DHCPD_RUN_AS" ]; then
DHCPD_RUN_AS_GROUP="$(getent group $(getent passwd $DHCPD_RUN_AS | cut -d: -f4) | cut -d: -f1)"
DHCPD_ARGS="$DHCPD_ARGS -user $DHCPD_RUN_AS -group $DHCPD_RUN_AS_GROUP"
if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \
"$CHROOT_PREFIX/${DAEMON_PIDFILE%/*}"
fi
chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \
"$DAEMON_STATE/${DAEMON_PIDFILE%/*}"
fi
## check syntax with -t (output to log file) and start only when the syntax is okay
rm -f $STARTPROC_LOGFILE # start log
error=0
if ! $DAEMON_BIN $DHCPDv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $DAEMON_PIDFILE > $STARTPROC_LOGFILE 2>&1 ; then
if ! $DAEMON_BIN $DHCPDv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $PID_FILE_ARG > $STARTPROC_LOGFILE 2>&1 ; then
error=1
else
## Start daemon. If this fails the return value is set appropriate.
@ -278,19 +283,20 @@ case "$1" in
## to match the LSB spec.
test "$2" = "-v" && echo -en \
"\nexecuting '$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $DAEMON_PIDFILE $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'"
"\nexecuting '$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'"
$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $DAEMON_PIDFILE $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE
$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE
ret=$?
fi
if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then
if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then
## be verbose
echo ""
echo -n " please see $STARTPROC_LOGFILE for details "
## set status to failed
rc_failed
else
ln -sf "$DAEMON_STATE$DAEMON_PIDFILE" "$DAEMON_PIDFILE"
[ "$DHCPD_RUN_CHROOTED" = "yes" ] && echo -n "[chroot]" || :
fi
@ -300,14 +306,29 @@ case "$1" in
stop)
echo -n "Shutting down $DAEMON "
# Catch the case where daemon is running without chroot,
# but sysconfig/dhcp has been changed to use chroot (and
# another way around).
# In this case is there is no $chroot/$pidfile, but there
# should be a /pidfile that we use instead.
# We can not kill without pid file or dhcp4 kills dhcp6.
PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
if test ! -s "$DAEMON_STATE$DAEMON_PIDFILE" -a \
-s "$DAEMON_PIDFILE" ; then
PID_FILE="$DAEMON_PIDFILE"
fi
else
if test ! -s "$DAEMON_PIDFILE" -a \
-s "$DAEMON_STATE$DAEMON_PIDFILE" ; then
PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
fi
fi
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN
killproc -p "$PID_FILE" $DAEMON_BIN
ret=$?
if test -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then
kill $(<$CHROOT_PREFIX/$DAEMON_PIDFILE) 2>/dev/null
fi
# umount proc and remove libraries from the chroot jail,
# so they are not left over if the server is deinstalled
@ -351,8 +372,8 @@ case "$1" in
echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $CHROOT_PREFIX/$DAEMON_PIDFILE
killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $DAEMON_STATE/$DAEMON_PIDFILE
rc_status -v
else
$0 stop && sleep 3 && $0 start
@ -366,8 +387,8 @@ case "$1" in
echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then
# If it supports signalling:
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $CHROOT_PREFIX/$DAEMON_PIDFILE
killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $DAEMON_STATE/$DAEMON_PIDFILE
rc_status -v
else
## Otherwise if it does not support reload:
@ -387,7 +408,7 @@ case "$1" in
# 3 - service not running
# NOTE: checkproc returns LSB compliant status values.
checkproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN
checkproc -p $DAEMON_STATE/$DAEMON_PIDFILE $DAEMON_BIN
rc_status -v
;;
probe)
@ -396,7 +417,7 @@ case "$1" in
rc=0
for i in /etc/sysconfig/dhcpd $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do
test $i -nt $CHROOT_PREFIX/$DAEMON_PIDFILE && rc=1
test $i -nt $DAEMON_STATE/$DAEMON_PIDFILE && rc=1
done
test $rc = 1 && echo restart
;;