From 9f2ff0f90be2e74ecb798d5423a471e64be72dc42868151122d735eb477f0d3a Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Wed, 10 Feb 2021 14:21:23 +0000 Subject: [PATCH] Accepting request 866365 from home:dirkmueller:branches:network:dhcp - update to 4.4.2: * Please note that that ISC DHCP is now licensed under the Mozilla Public License, MPL 2.0. In general, the areas of focus for ISC DHCP 4.4 were: 1. Dynamic DNS additions 2. dhclient improvements 3. Support for dynamic shared libraries * Added the interface name to socket initialization failure log messages. Prior to this the log messages stated only the error reason without stating the target interface. * Corrected buffer pointer logic in dhcrelay functions that manipulate agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities & Mitigations for reporting the issue. * Corrected unresolved symbol errors building relay_unittests when configured to build using libtool. * A new configuration parameter, ping-cltt-secs (v4 operation only), has been added to allow the user to specify the number of seconds that must elapse since CLTT before a ping check is conducted. Prior to this, the value was hard coded at 60 seconds. Please see the server man pages for a more detailed discussion. * A new configuration parameter, ping-timeout-ms (v4 operation only), has been added that allows the user to specify the amount of time the server waits for a ping-check response in milliseconds rather than in seconds (via ping-timeout). When greater than zero, the value of ping-timeout-ms will override the value of ping-timeout. Thanks to Jay Doran from Bluecat Networks for suggesting this feature. * An experimental tool called, Keama (KEA Migration Assistant), which helps translate ISC DHCP configurations to Kea configurations, is now included in the distribution. * Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be OBS-URL: https://build.opensuse.org/request/show/866365 OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=224 --- ...4.3.2-dhclient-send-hostname-or-fqdn.patch | 42 +- 0009-dhcp-4.2.6-close-on-exec.patch | 78 ++-- ...dhcpv6-decline-on-DAD-failure.872609.patch | 255 ----------- 0016-infiniband-support.patch | 198 +++++---- ...-on-script-pre-init-error-bsc-912098.patch | 19 +- 0021-dhcp-ip-family-symlinks.patch | 31 +- dhcp-4.3.6-P1.tar.gz | 3 - dhcp-4.3.6-P1.tar.gz.asc | 17 - dhcp-4.4.2.tar.gz | 3 + dhcp-4.4.2.tar.gz.asc | 16 + dhcp-CVE-2019-6470.patch | 191 --------- dhcp.changes | 204 +++++++++ dhcp.keyring | 396 +++++++++++------- dhcp.spec | 54 +-- 14 files changed, 708 insertions(+), 799 deletions(-) delete mode 100644 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch delete mode 100644 dhcp-4.3.6-P1.tar.gz delete mode 100644 dhcp-4.3.6-P1.tar.gz.asc create mode 100644 dhcp-4.4.2.tar.gz create mode 100644 dhcp-4.4.2.tar.gz.asc delete mode 100644 dhcp-CVE-2019-6470.patch diff --git a/0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch b/0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch index 463174d..b8730f4 100644 --- a/0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch +++ b/0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch @@ -5,11 +5,11 @@ Subject: [PATCH] dhcp-4.3.2-dhclient-send-hostname-or-fqdn Signed-off-by: Marius Tomaschewski -diff --git a/client/dhclient.8 b/client/dhclient.8 -index cf073b4..6c7296b 100644 ---- a/client/dhclient.8 -+++ b/client/dhclient.8 -@@ -72,6 +72,10 @@ dhclient - Dynamic Host Configuration Protocol Client +Index: dhcp-4.4.2/client/dhclient.8 +=================================================================== +--- dhcp-4.4.2.orig/client/dhclient.8 ++++ dhcp-4.4.2/client/dhclient.8 +@@ -73,6 +73,10 @@ dhclient - Dynamic Host Configuration Pr .I LL|LLT ] [ @@ -20,7 +20,7 @@ index cf073b4..6c7296b 100644 .B -p .I port-number ] -@@ -340,6 +344,11 @@ transmits these messages to 255.255.255.255 (the IP limited broadcast +@@ -353,6 +357,11 @@ transmits these messages to 255.255.255. address). Overriding this is mostly useful for debugging purposes. This feature is not supported in DHCPv6 (\fB-6\fR) mode. .TP @@ -32,19 +32,19 @@ index cf073b4..6c7296b 100644 .BI \-g \ relay .\" mockup relay Set the giaddr field of all packets to the \fIrelay\fR IP address -diff --git a/client/dhclient.c b/client/dhclient.c -index 2fb8de8..678379a 100644 ---- a/client/dhclient.c -+++ b/client/dhclient.c -@@ -174,6 +174,7 @@ usage(const char *sfmt, const char *sarg) - #else /* DHCPv6 */ - "[-I1dvrxi] [-nw] [-p ] [-D LL|LLT] \n" - #endif /* DHCPv6 */ -+ " [-H hostname]\n" - " [-s server-addr] [-cf config-file]\n" - " [-df duid-file] [-lf lease-file]\n" - " [-pf pid-file] [--no-pid] [-e VAR=val]\n" -@@ -200,6 +201,7 @@ main(int argc, char **argv) { +Index: dhcp-4.4.2/client/dhclient.c +=================================================================== +--- dhcp-4.4.2.orig/client/dhclient.c ++++ dhcp-4.4.2/client/dhclient.c +@@ -185,6 +185,7 @@ static const char use_v6command[] = "Com + #endif + + #define DHCLIENT_USAGEC \ ++" [-H hostname]\n" \ + " [-s server-addr] [-cf config-file]\n" \ + " [-df duid-file] [-lf lease-file]\n" \ + " [-pf pid-file] [--no-pid] [-e VAR=val]\n" \ +@@ -235,6 +236,7 @@ main(int argc, char **argv) { int no_dhclient_db = 0; int no_dhclient_pid = 0; int no_dhclient_script = 0; @@ -52,7 +52,7 @@ index 2fb8de8..678379a 100644 #ifdef DHCPv6 int local_family_set = 0; #ifdef DHCP4o6 -@@ -337,6 +339,24 @@ main(int argc, char **argv) { +@@ -434,6 +436,24 @@ main(int argc, char **argv) { if (++i == argc) usage(use_noarg, argv[i-1]); mockup_relay = argv[i]; @@ -77,7 +77,7 @@ index 2fb8de8..678379a 100644 } else if (!strcmp(argv[i], "-nw")) { nowait = 1; } else if (!strcmp(argv[i], "-n")) { -@@ -630,6 +650,48 @@ main(int argc, char **argv) { +@@ -759,6 +779,48 @@ main(int argc, char **argv) { /* Parse the dhclient.conf file. */ read_client_conf(); diff --git a/0009-dhcp-4.2.6-close-on-exec.patch b/0009-dhcp-4.2.6-close-on-exec.patch index 5efc059..3e6450a 100644 --- a/0009-dhcp-4.2.6-close-on-exec.patch +++ b/0009-dhcp-4.2.6-close-on-exec.patch @@ -8,9 +8,11 @@ Merged fixed close-on-exec patch (bnc#732910) References: bnc#732910 Signed-off-by: Marius Tomaschewski +Index: client/clparse.c +=================================================================== --- client/clparse.c.orig +++ client/clparse.c -@@ -262,7 +262,7 @@ int read_client_conf_file (const char *n +@@ -265,7 +265,7 @@ int read_client_conf_file (const char *n int token; isc_result_t status; @@ -19,7 +21,7 @@ Signed-off-by: Marius Tomaschewski return uerr2isc (errno); cfile = NULL; -@@ -338,7 +338,7 @@ void read_client_leases () +@@ -341,7 +341,7 @@ void read_client_leases () /* Open the lease file. If we can't open it, just return - we can safely trust the server to remember our state. */ @@ -28,9 +30,11 @@ Signed-off-by: Marius Tomaschewski return; cfile = NULL; +Index: client/dhclient.c +=================================================================== --- client/dhclient.c.orig +++ client/dhclient.c -@@ -565,7 +565,7 @@ main(int argc, char **argv) { +@@ -683,7 +683,7 @@ main(int argc, char **argv) { long temp; int e; @@ -39,7 +43,7 @@ Signed-off-by: Marius Tomaschewski e = fscanf(pidfd, "%ld\n", &temp); oldpid = (pid_t)temp; -@@ -3403,7 +3403,7 @@ void rewrite_client_leases () +@@ -3642,7 +3642,7 @@ void rewrite_client_leases () if (leaseFile != NULL) fclose (leaseFile); @@ -48,7 +52,7 @@ Signed-off-by: Marius Tomaschewski if (leaseFile == NULL) { log_error ("can't create %s: %m", path_dhclient_db); return; -@@ -3598,7 +3598,7 @@ write_duid(struct data_string *duid) +@@ -3837,7 +3837,7 @@ write_duid(struct data_string *duid) return DHCP_R_INVALIDARG; if (leaseFile == NULL) { /* XXX? */ @@ -57,7 +61,7 @@ Signed-off-by: Marius Tomaschewski if (leaseFile == NULL) { log_error("can't create %s: %m", path_dhclient_db); return ISC_R_IOERROR; -@@ -3643,7 +3643,7 @@ write_client6_lease(struct client_state +@@ -3882,7 +3882,7 @@ write_client6_lease(struct client_state return DHCP_R_INVALIDARG; if (leaseFile == NULL) { /* XXX? */ @@ -66,7 +70,7 @@ Signed-off-by: Marius Tomaschewski if (leaseFile == NULL) { log_error("can't create %s: %m", path_dhclient_db); return ISC_R_IOERROR; -@@ -3802,7 +3802,7 @@ int write_client_lease (client, lease, r +@@ -4041,7 +4041,7 @@ int write_client_lease (client, lease, r return 1; if (leaseFile == NULL) { /* XXX */ @@ -75,6 +79,8 @@ Signed-off-by: Marius Tomaschewski if (leaseFile == NULL) { log_error ("can't create %s: %m", path_dhclient_db); return 0; +Index: common/bpf.c +=================================================================== --- common/bpf.c.orig +++ common/bpf.c @@ -94,7 +94,7 @@ int if_register_bpf (info) @@ -86,9 +92,11 @@ Signed-off-by: Marius Tomaschewski if (sock < 0) { if (errno == EBUSY) { continue; +Index: common/dlpi.c +=================================================================== --- common/dlpi.c.orig +++ common/dlpi.c -@@ -813,7 +813,7 @@ dlpiopen(const char *ifname) { +@@ -817,7 +817,7 @@ dlpiopen(const char *ifname) { } *dp = '\0'; @@ -97,6 +105,8 @@ Signed-off-by: Marius Tomaschewski } /* +Index: common/nit.c +=================================================================== --- common/nit.c.orig +++ common/nit.c @@ -75,7 +75,7 @@ int if_register_nit (info) @@ -108,9 +118,11 @@ Signed-off-by: Marius Tomaschewski if (sock < 0) log_fatal ("Can't open NIT device for %s: %m", info -> name); +Index: common/resolv.c +=================================================================== --- common/resolv.c.orig +++ common/resolv.c -@@ -44,7 +44,7 @@ void read_resolv_conf (parse_time) +@@ -43,7 +43,7 @@ void read_resolv_conf (parse_time) struct domain_search_list *dp, *dl, *nd; isc_result_t status; @@ -119,6 +131,8 @@ Signed-off-by: Marius Tomaschewski log_error ("Can't open %s: %m", path_resolv_conf); return; } +Index: common/upf.c +=================================================================== --- common/upf.c.orig +++ common/upf.c @@ -71,7 +71,7 @@ int if_register_upf (info) @@ -130,9 +144,11 @@ Signed-off-by: Marius Tomaschewski if (sock < 0) { if (errno == EBUSY) { continue; +Index: omapip/trace.c +=================================================================== --- omapip/trace.c.orig +++ omapip/trace.c -@@ -138,10 +138,10 @@ isc_result_t trace_begin (const char *fi +@@ -136,10 +136,10 @@ isc_result_t trace_begin (const char *fi return DHCP_R_INVALIDARG; } @@ -145,7 +161,7 @@ Signed-off-by: Marius Tomaschewski 0600); } -@@ -429,7 +429,7 @@ void trace_file_replay (const char *file +@@ -427,7 +427,7 @@ void trace_file_replay (const char *file isc_result_t result; int len; @@ -154,10 +170,12 @@ Signed-off-by: Marius Tomaschewski if (!traceinfile) { log_error("Can't open tracefile %s: %m", filename); return; +Index: relay/dhcrelay.c +=================================================================== --- relay/dhcrelay.c.orig +++ relay/dhcrelay.c -@@ -659,13 +659,14 @@ main(int argc, char **argv) { - +@@ -783,13 +783,14 @@ main(int argc, char **argv) { + /* Create the pid file. */ if (no_pid_file == ISC_FALSE) { pfdesc = open(path_dhcrelay_pid, - O_CREAT | O_TRUNC | O_WRONLY, 0644); @@ -173,6 +191,8 @@ Signed-off-by: Marius Tomaschewski if (!pf) log_error("Can't fdopen %s: %m", path_dhcrelay_pid); +Index: server/confpars.c +=================================================================== --- server/confpars.c.orig +++ server/confpars.c @@ -118,7 +118,7 @@ isc_result_t read_conf_file (const char @@ -184,18 +204,20 @@ Signed-off-by: Marius Tomaschewski if (leasep) { log_error ("Can't open lease database %s: %m --", path_dhcpd_db); +Index: server/db.c +=================================================================== --- server/db.c.orig +++ server/db.c -@@ -1081,7 +1081,7 @@ void db_startup (testp) +@@ -1105,7 +1105,7 @@ void db_startup (int test_mode) + * Therefore, in test mode we need to point db_file to a disposable + * file to protect the original lease file. */ + current_db_path = (test_mode ? "/dev/null" : path_dhcpd_db); +- db_file = fopen (current_db_path, "a"); ++ db_file = fopen (current_db_path, "ae"); + if (!db_file) { + log_fatal ("Can't open %s for append.", current_db_path); } - #endif - if (!testp) { -- db_file = fopen (path_dhcpd_db, "a"); -+ db_file = fopen (path_dhcpd_db, "ae"); - if (!db_file) - log_fatal ("Can't open %s for append.", path_dhcpd_db); - expire_all_pools (); -@@ -1129,7 +1129,7 @@ int new_lease_file () +@@ -1154,7 +1154,7 @@ int new_lease_file (int test_mode) path_dhcpd_db) >= sizeof newfname) log_fatal("new_lease_file: lease file path too long"); @@ -204,7 +226,7 @@ Signed-off-by: Marius Tomaschewski if (db_fd < 0) { log_error ("Can't create new lease file: %m"); return 0; -@@ -1154,7 +1154,7 @@ int new_lease_file () +@@ -1179,7 +1179,7 @@ int new_lease_file (int test_mode) } #endif /* PARANOIA */ @@ -213,9 +235,11 @@ Signed-off-by: Marius Tomaschewski log_error("Can't fdopen new lease file: %m"); close(db_fd); goto fdfail; +Index: server/dhcpd.c +=================================================================== --- server/dhcpd.c.orig +++ server/dhcpd.c -@@ -760,7 +760,7 @@ main(int argc, char **argv) { +@@ -880,7 +880,7 @@ main(int argc, char **argv) { */ if ((lftest == 0) && (no_pid_file == ISC_FALSE)) { /*Read previous pid file. */ @@ -224,7 +248,7 @@ Signed-off-by: Marius Tomaschewski status = read(i, pbuf, (sizeof pbuf) - 1); close(i); if (status > 0) { -@@ -878,7 +878,7 @@ main(int argc, char **argv) { +@@ -990,7 +990,7 @@ main(int argc, char **argv) { * appropriate. */ if (no_pid_file == ISC_FALSE) { @@ -233,9 +257,11 @@ Signed-off-by: Marius Tomaschewski if (i >= 0) { sprintf(pbuf, "%d\n", (int) getpid()); IGNORE_RET(write(i, pbuf, strlen(pbuf))); +Index: server/ldap.c +=================================================================== --- server/ldap.c.orig +++ server/ldap.c -@@ -1446,7 +1446,7 @@ ldap_start (void) +@@ -1447,7 +1447,7 @@ ldap_start (void) if (ldap_debug_file != NULL && ldap_debug_fd == -1) { diff --git a/0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch b/0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch deleted file mode 100644 index f59b224..0000000 --- a/0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch +++ /dev/null @@ -1,255 +0,0 @@ -Author: Jiri Popelka -References: bsc#872609, ISC-Bugs#21237 -Upstream: yes - -If the bound address failed DAD (is found to be in use on the link), -the dhcpv6 client sends a Decline message to the server as described -in section 18.1.7 of RFC-3315 (#559147) -(Submitted to dhcp-bugs@isc.org - [ISC-Bugs #26735]) - -diff --git a/client/dhc6.c b/client/dhc6.c -index c8d16e8..21d0203 100644 ---- a/client/dhc6.c -+++ b/client/dhc6.c -@@ -115,6 +115,8 @@ void do_select6(void *input); - void do_refresh6(void *input); - static void do_release6(void *input); - static void start_bound(struct client_state *client); -+static void start_decline6(struct client_state *client); -+static void do_decline6(void *input); - static void start_informed(struct client_state *client); - void informed_handler(struct packet *packet, struct client_state *client); - void bound_handler(struct packet *packet, struct client_state *client); -@@ -2314,6 +2316,7 @@ start_release6(struct client_state *client) - cancel_timeout(do_select6, client); - cancel_timeout(do_refresh6, client); - cancel_timeout(do_release6, client); -+ cancel_timeout(do_decline6, client); - client->state = S_STOPPED; - - /* -@@ -2968,6 +2971,7 @@ dhc6_check_reply(struct client_state *client, struct dhc6_lease *new) - break; - - case S_STOPPED: -+ case S_DECLINED: - action = dhc6_stop_action; - break; - -@@ -3084,6 +3088,7 @@ dhc6_check_reply(struct client_state *client, struct dhc6_lease *new) - break; - - case S_STOPPED: -+ case S_DECLINED: - /* Nothing critical to do at this stage. */ - break; - -@@ -4214,17 +4219,23 @@ reply_handler(struct packet *packet, struct client_state *client) - cancel_timeout(do_select6, client); - cancel_timeout(do_refresh6, client); - cancel_timeout(do_release6, client); -+ cancel_timeout(do_decline6, client); - - /* If this is in response to a Release/Decline, clean up and return. */ -- if (client->state == S_STOPPED) { -- if (client->active_lease == NULL) -- return; -+ if ((client->state == S_STOPPED) || -+ (client->state == S_DECLINED)) { -+ -+ if (client->active_lease != NULL) { -+ dhc6_lease_destroy(&client->active_lease, MDL); -+ client->active_lease = NULL; -+ /* We should never wait for nothing!? */ -+ if (stopping_finished()) -+ exit(0); -+ } -+ -+ if (client->state == S_DECLINED) -+ start_init6(client); - -- dhc6_lease_destroy(&client->active_lease, MDL); -- client->active_lease = NULL; -- /* We should never wait for nothing!? */ -- if (stopping_finished()) -- exit(0); - return; - } - -@@ -4798,7 +4809,11 @@ start_bound(struct client_state *client) - dhc6_marshall_values("new_", client, lease, ia, addr); - script_write_requested6(client); - -- script_go(client); -+ // when script returns 3, DAD failed -+ if (script_go(client) == 3) { -+ start_decline6(client); -+ return; -+ } - } - - /* XXX: maybe we should loop on the old values instead? */ -@@ -4851,6 +4866,149 @@ start_bound(struct client_state *client) - dhc6_check_times(client); - } - -+/* -+ * Decline addresses. -+ */ -+void -+start_decline6(struct client_state *client) -+{ -+ /* Cancel any pending transmissions */ -+ cancel_timeout(do_confirm6, client); -+ cancel_timeout(do_select6, client); -+ cancel_timeout(do_refresh6, client); -+ cancel_timeout(do_release6, client); -+ cancel_timeout(do_decline6, client); -+ client->state = S_DECLINED; -+ -+ if (client->active_lease == NULL) -+ return; -+ -+ /* Set timers per RFC3315 section 18.1.7. */ -+ client->IRT = DEC_TIMEOUT * 100; -+ client->MRT = 0; -+ client->MRC = DEC_MAX_RC; -+ client->MRD = 0; -+ -+ dhc6_retrans_init(client); -+ client->v6_handler = reply_handler; -+ -+ client->refresh_type = DHCPV6_DECLINE; -+ do_decline6(client); -+} -+ -+/* -+ * do_decline6() creates a Decline packet and transmits it. -+ */ -+static void -+do_decline6(void *input) -+{ -+ struct client_state *client; -+ struct data_string ds; -+ int send_ret, added; -+ struct timeval elapsed, tv; -+ -+ client = input; -+ -+ if ((client->active_lease == NULL) || !active_prefix(client)) -+ return; -+ -+ if ((client->MRC != 0) && (client->txcount > client->MRC)) { -+ log_info("Max retransmission count exceeded."); -+ goto decline_done; -+ } -+ -+ /* -+ * Start_time starts at the first transmission. -+ */ -+ if (client->txcount == 0) { -+ client->start_time.tv_sec = cur_tv.tv_sec; -+ client->start_time.tv_usec = cur_tv.tv_usec; -+ } -+ -+ /* elapsed = cur - start */ -+ elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec; -+ elapsed.tv_usec = cur_tv.tv_usec - client->start_time.tv_usec; -+ if (elapsed.tv_usec < 0) { -+ elapsed.tv_sec -= 1; -+ elapsed.tv_usec += 1000000; -+ } -+ -+ memset(&ds, 0, sizeof(ds)); -+ if (!buffer_allocate(&ds.buffer, 4, MDL)) { -+ log_error("Unable to allocate memory for Decline."); -+ goto decline_done; -+ } -+ -+ ds.data = ds.buffer->data; -+ ds.len = 4; -+ ds.buffer->data[0] = DHCPV6_DECLINE; -+ memcpy(ds.buffer->data + 1, client->dhcpv6_transaction_id, 3); -+ -+ /* Form an elapsed option. */ -+ /* Maximum value is 65535 1/100s coded as 0xffff. */ -+ if ((elapsed.tv_sec < 0) || (elapsed.tv_sec > 655) || -+ ((elapsed.tv_sec == 655) && (elapsed.tv_usec > 350000))) { -+ client->elapsed = 0xffff; -+ } else { -+ client->elapsed = elapsed.tv_sec * 100; -+ client->elapsed += elapsed.tv_usec / 10000; -+ } -+ -+ client->elapsed = htons(client->elapsed); -+ -+ log_debug("XMT: Forming Decline."); -+ make_client6_options(client, &client->sent_options, -+ client->active_lease, DHCPV6_DECLINE); -+ dhcpv6_universe.encapsulate(&ds, NULL, NULL, client, NULL, -+ client->sent_options, &global_scope, -+ &dhcpv6_universe); -+ -+ /* Append IA's (but don't release temporary addresses). */ -+ if (wanted_ia_na && -+ dhc6_add_ia_na(client, &ds, client->active_lease, -+ DHCPV6_DECLINE, 0, &added) != ISC_R_SUCCESS) { -+ data_string_forget(&ds, MDL); -+ goto decline_done; -+ } -+ if (wanted_ia_pd && -+ dhc6_add_ia_pd(client, &ds, client->active_lease, -+ DHCPV6_DECLINE, 0, &added) != ISC_R_SUCCESS) { -+ data_string_forget(&ds, MDL); -+ goto decline_done; -+ } -+ -+ /* Transmit and wait. */ -+ log_info("XMT: Decline on %s, interval %ld0ms.", -+ client->name ? client->name : client->interface->name, -+ (long int)client->RT); -+ -+ send_ret = send_packet6(client->interface, ds.data, ds.len, -+ &DHCPv6DestAddr); -+ if (send_ret != ds.len) { -+ log_error("dhc6: sendpacket6() sent %d of %d bytes", -+ send_ret, ds.len); -+ } -+ -+ data_string_forget(&ds, MDL); -+ -+ /* Wait RT */ -+ tv.tv_sec = cur_tv.tv_sec + client->RT / 100; -+ tv.tv_usec = cur_tv.tv_usec + (client->RT % 100) * 10000; -+ if (tv.tv_usec >= 1000000) { -+ tv.tv_sec += 1; -+ tv.tv_usec -= 1000000; -+ } -+ add_timeout(&tv, do_decline6, client, NULL, NULL); -+ dhc6_retrans_advance(client); -+ return; -+ -+decline_done: -+ dhc6_lease_destroy(&client->active_lease, MDL); -+ client->active_lease = NULL; -+ start_init6(client); -+ return; -+} -+ - /* While bound, ignore packets. In the future we'll want to answer - * Reconfigure-Request messages and the like. - */ -diff --git a/includes/dhcpd.h b/includes/dhcpd.h -index b5bec1c..6d500a3 100644 ---- a/includes/dhcpd.h -+++ b/includes/dhcpd.h -@@ -1176,7 +1176,8 @@ enum dhcp_state { - S_BOUND = 5, - S_RENEWING = 6, - S_REBINDING = 7, -- S_STOPPED = 8 -+ S_STOPPED = 8, -+ S_DECLINED = 9 - }; - - /* Possible pending client operations. */ diff --git a/0016-infiniband-support.patch b/0016-infiniband-support.patch index 8ad0429..d51375b 100644 --- a/0016-infiniband-support.patch +++ b/0016-infiniband-support.patch @@ -49,9 +49,11 @@ Date: Tue Mar 25 23:15:58 2014 +0200 References: bnc#870535 +Index: client/dhclient.c +=================================================================== --- client/dhclient.c.orig +++ client/dhclient.c -@@ -71,6 +71,40 @@ int std_dhcid = 0; +@@ -76,6 +76,40 @@ int decline_wait_time = 10; /* Default t assert (state_is == state_shouldbe). */ #define ASSERT_STATE(state_is, state_shouldbe) {} @@ -90,9 +92,9 @@ Date: Tue Mar 25 23:15:58 2014 +0200 +} + #ifndef UNIT_TEST - static const char copyright[] = "Copyright 2004-2018 Internet Systems Consortium."; + static const char copyright[] = "Copyright 2004-2020 Internet Systems Consortium."; static const char arr [] = "All rights reserved."; -@@ -767,6 +801,26 @@ main(int argc, char **argv) { +@@ -885,6 +919,26 @@ main(int argc, char **argv) { } } @@ -119,7 +121,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 /* At this point, all the interfaces that the script thinks are relevant should be running, so now we once again call discover_interfaces(), and this time ask it to actually set -@@ -781,19 +835,42 @@ main(int argc, char **argv) { +@@ -899,19 +953,42 @@ main(int argc, char **argv) { Not much entropy, but we're booting, so we're not likely to find anything better. */ seed = 0; @@ -164,7 +166,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 */ if ((local_family == AF_INET6) || ((local_family == AF_INET) && (duid_v4 == 1))) { -@@ -804,6 +881,20 @@ main(int argc, char **argv) { +@@ -922,6 +999,20 @@ main(int argc, char **argv) { form_duid(&default_duid, MDL); write_duid(&default_duid); } @@ -185,7 +187,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 } #if defined(DHCPv6) && defined(DHCP4o6) -@@ -1293,15 +1384,22 @@ void dhcpack (packet) +@@ -1411,15 +1502,22 @@ void dhcpack (packet) if (client -> xid == packet -> raw -> xid) break; } @@ -213,16 +215,20 @@ Date: Tue Mar 25 23:15:58 2014 +0200 } if (client -> state != S_REBOOTING && -@@ -1314,7 +1412,7 @@ void dhcpack (packet) +@@ -1432,9 +1530,10 @@ void dhcpack (packet) return; } -- log_info ("DHCPACK from %s", piaddr (packet -> client_addr)); -+ log_info ("DHCPACK from %s (xid=0x%x)", piaddr (packet -> client_addr), client -> xid); +- log_info ("DHCPACK of %s from %s", ++ log_info ("DHCPACK of %s from %s (xid=0x%x)", + inet_ntoa(packet->raw->yiaddr), +- piaddr (packet->client_addr)); ++ piaddr (packet->client_addr), ++ client -> xid); lease = packet_to_lease (packet, client); if (!lease) { -@@ -1969,15 +2067,21 @@ void dhcpoffer (packet) +@@ -2101,15 +2200,21 @@ void dhcpoffer (packet) /* If we're not receptive to an offer right now, or if the offer has an unrecognizable transaction id, then just drop it. */ if (!client || @@ -248,8 +254,8 @@ Date: Tue Mar 25 23:15:58 2014 +0200 + return; } - sprintf (obuf, "%s from %s", name, piaddr (packet -> client_addr)); -@@ -2215,11 +2319,11 @@ void dhcpnak (packet) + sprintf (obuf, "%s of %s from %s", name, +@@ -2350,11 +2455,11 @@ void dhcpnak (packet) /* If we're not receptive to an offer right now, or if the offer has an unrecognizable transaction id, then just drop it. */ @@ -266,7 +272,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 #if defined (DEBUG) log_debug ("DHCPNAK in wrong transaction."); #endif -@@ -2234,9 +2338,15 @@ void dhcpnak (packet) +@@ -2369,9 +2474,15 @@ void dhcpnak (packet) log_debug ("DHCPNAK in wrong state."); #endif return; @@ -283,7 +289,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 if (!client -> active) { #if defined (DEBUG) -@@ -2369,11 +2479,11 @@ void send_discover (cpp) +@@ -2504,11 +2615,11 @@ void send_discover (cpp) (long)(client -> interval)); } else #endif @@ -300,46 +306,50 @@ Date: Tue Mar 25 23:15:58 2014 +0200 /* Send out a packet. */ #if defined(DHCPv6) && defined(DHCP4o6) if (dhcpv4_over_dhcpv6) { -@@ -2664,10 +2774,10 @@ void send_request (cpp) - log_info ("DHCPREQUEST"); - } else - #endif -- log_info ("DHCPREQUEST on %s to %s port %d", -+ log_info ("DHCPREQUEST on %s to %s port %d (xid=0x%x)", - client -> name ? client -> name : client -> interface -> name, - inet_ntoa (destination.sin_addr), -- ntohs (destination.sin_port)); -+ ntohs (destination.sin_port), client -> xid); +@@ -2901,10 +3012,12 @@ void send_request (cpp) + } + + strncpy(rip_buf, rip_str, sizeof(rip_buf)-1); +- log_info ("DHCPREQUEST for %s on %s to %s port %d", rip_buf, ++ log_info ("DHCPREQUEST for %s on %s to %s port %d (xid=0x%x)", rip_buf, + client->name ? client->name : client->interface->name, + inet_ntoa(destination.sin_addr), +- ntohs (destination.sin_port)); ++ ntohs (destination.sin_port), ++ client -> xid ++ ); #if defined(DHCPv6) && defined(DHCP4o6) if (dhcpv4_over_dhcpv6) { -@@ -2724,10 +2834,10 @@ void send_decline (cpp) +@@ -2961,11 +3074,11 @@ void send_decline (cpp) log_info ("DHCPDECLINE"); } else #endif -- log_info ("DHCPDECLINE on %s to %s port %d", -+ log_info ("DHCPDECLINE on %s to %s port %d (xid=0x%x)", - client->name ? client->name : client->interface->name, - inet_ntoa(sockaddr_broadcast.sin_addr), -- ntohs(sockaddr_broadcast.sin_port)); -+ ntohs(sockaddr_broadcast.sin_port), client -> xid); +- log_info ("DHCPDECLINE of %s on %s to %s port %d", ++ log_info ("DHCPDECLINE of %s on %s to %s port %d (xid=0x%x)", + piaddr(client->requested_address), + (client->name ? client->name : client->interface->name), + inet_ntoa(sockaddr_broadcast.sin_addr), +- ntohs(sockaddr_broadcast.sin_port)); ++ ntohs(sockaddr_broadcast.sin_port), client->xid); /* Send out a packet. */ #if defined(DHCPv6) && defined(DHCP4o6) -@@ -2786,10 +2896,10 @@ void send_release (cpp) +@@ -3024,11 +3137,11 @@ void send_release (cpp) log_info ("DHCPRELEASE"); } else #endif -- log_info ("DHCPRELEASE on %s to %s port %d", -+ log_info ("DHCPRELEASE on %s to %s port %d (xid=0x%x)", - client -> name ? client -> name : client -> interface -> name, - inet_ntoa (destination.sin_addr), -- ntohs (destination.sin_port)); -+ ntohs (destination.sin_port), client -> xid); +- log_info ("DHCPRELEASE of %s on %s to %s port %d", ++ log_info ("DHCPRELEASE of %s on %s to %s port %d (xid=0x%x)", + piaddr(client->active->address), + client->name ? client->name : client->interface->name, + inet_ntoa (destination.sin_addr), +- ntohs (destination.sin_port)); ++ ntohs (destination.sin_port), client->xid); #if defined(DHCPv6) && defined(DHCP4o6) if (dhcpv4_over_dhcpv6) { -@@ -3066,10 +3176,17 @@ make_client_options(struct client_state +@@ -3305,10 +3418,17 @@ make_client_options(struct client_state * This can be overridden by including a client id in the configuration * file. */ @@ -358,7 +368,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 memset(&client_identifier, 0, sizeof(client_identifier)); client_identifier.len = 1 + 4 + default_duid.len; if (!buffer_allocate(&client_identifier.buffer, -@@ -3160,12 +3277,13 @@ void make_discover (client, lease) +@@ -3399,12 +3519,13 @@ void make_discover (client, lease) client -> packet.op = BOOTREQUEST; client -> packet.htype = client -> interface -> hw_address.hbuf [0]; /* Assumes hw_address is known, otherwise a random value may result */ @@ -374,7 +384,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 client -> packet.flags = 0; else client -> packet.flags = htons (BOOTP_BROADCAST); -@@ -3177,7 +3295,7 @@ void make_discover (client, lease) +@@ -3416,7 +3537,7 @@ void make_discover (client, lease) memset (&(client -> packet.siaddr), 0, sizeof client -> packet.siaddr); client -> packet.giaddr = giaddr; @@ -383,7 +393,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 memcpy (client -> packet.chaddr, &client -> interface -> hw_address.hbuf [1], (unsigned)(client -> interface -> hw_address.hlen - 1)); -@@ -3234,7 +3352,8 @@ void make_request (client, lease) +@@ -3473,7 +3594,8 @@ void make_request (client, lease) client -> packet.op = BOOTREQUEST; client -> packet.htype = client -> interface -> hw_address.hbuf [0]; /* Assumes hw_address is known, otherwise a random value may result */ @@ -393,7 +403,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 client -> packet.hops = 0; client -> packet.xid = client -> xid; client -> packet.secs = 0; /* Filled in by send_request. */ -@@ -3266,7 +3385,7 @@ void make_request (client, lease) +@@ -3505,7 +3627,7 @@ void make_request (client, lease) else memset (&client -> packet.giaddr, 0, sizeof client -> packet.giaddr); @@ -402,7 +412,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 memcpy (client -> packet.chaddr, &client -> interface -> hw_address.hbuf [1], (unsigned)(client -> interface -> hw_address.hlen - 1)); -@@ -3309,7 +3428,8 @@ void make_decline (client, lease) +@@ -3548,7 +3670,8 @@ void make_decline (client, lease) client -> packet.op = BOOTREQUEST; client -> packet.htype = client -> interface -> hw_address.hbuf [0]; /* Assumes hw_address is known, otherwise a random value may result */ @@ -412,7 +422,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 client -> packet.hops = 0; client -> packet.xid = client -> xid; client -> packet.secs = 0; /* Filled in by send_request. */ -@@ -3326,9 +3446,10 @@ void make_decline (client, lease) +@@ -3565,9 +3688,10 @@ void make_decline (client, lease) memset (&client -> packet.siaddr, 0, sizeof client -> packet.siaddr); client -> packet.giaddr = giaddr; @@ -426,7 +436,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 #ifdef DEBUG_PACKET dump_raw ((unsigned char *)&client -> packet, client -> packet_length); -@@ -3371,7 +3492,8 @@ void make_release (client, lease) +@@ -3610,7 +3734,8 @@ void make_release (client, lease) client -> packet.op = BOOTREQUEST; client -> packet.htype = client -> interface -> hw_address.hbuf [0]; /* Assumes hw_address is known, otherwise a random value may result */ @@ -436,7 +446,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 client -> packet.hops = 0; client -> packet.xid = random (); client -> packet.secs = 0; -@@ -3383,9 +3505,10 @@ void make_release (client, lease) +@@ -3622,9 +3747,10 @@ void make_release (client, lease) memset (&client -> packet.siaddr, 0, sizeof client -> packet.siaddr); client -> packet.giaddr = giaddr; @@ -450,7 +460,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 #ifdef DEBUG_PACKET dump_raw ((unsigned char *)&client -> packet, client -> packet_length); -@@ -3538,17 +3661,13 @@ write_options(struct client_state *clien +@@ -3777,17 +3903,13 @@ write_options(struct client_state *clien * is not how it is intended. Upcoming rearchitecting the client should * address this "one daemon model." */ @@ -471,7 +481,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 log_fatal("Impossible condition at %s:%d.", MDL); if ((ip->hw_address.hlen == 0) || -@@ -3598,6 +3717,13 @@ form_duid(struct data_string *duid, cons +@@ -3837,6 +3959,13 @@ form_duid(struct data_string *duid, cons } } @@ -485,7 +495,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 /* Write the default DUID to the lease store. */ static isc_result_t write_duid(struct data_string *duid) -@@ -5020,7 +5146,8 @@ client_dns_update(struct client_state *c +@@ -5276,7 +5405,8 @@ client_dns_update(struct client_state *c NULL, client, client->sent_options, NULL, &global_scope, oc, MDL)) { @@ -495,6 +505,8 @@ Date: Tue Mar 25 23:15:58 2014 +0200 (client_identifier.data[0] == 255)) { /* * This appears to be an embedded DUID, +Index: common/bpf.c +=================================================================== --- common/bpf.c.orig +++ common/bpf.c @@ -116,7 +116,7 @@ int if_register_bpf (info) @@ -506,9 +518,9 @@ Date: Tue Mar 25 23:15:58 2014 +0200 return sock; } -@@ -198,11 +198,44 @@ struct bpf_insn dhcp_bpf_filter [] = { - BPF_STMT(BPF_RET+BPF_K, 0), - }; +@@ -237,11 +237,44 @@ int dhcp_bpf_relay_filter_len = + sizeof dhcp_bpf_relay_filter / sizeof (struct bpf_insn); + #endif +/* Packet filter program for DHCP over Infiniband. + * It is a generic UDP in IP packet filter (initialized to port 67 in [6].k). @@ -551,7 +563,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 #if defined (HAVE_TR_SUPPORT) struct bpf_insn dhcp_bpf_tr_filter [] = { /* accept all token ring packets due to variable length header */ -@@ -549,7 +582,9 @@ void maybe_setup_fallback () +@@ -600,7 +633,9 @@ void maybe_setup_fallback () #if defined(USE_BPF_RECEIVE) || defined(USE_BPF_HWADDR) void @@ -562,9 +574,11 @@ Date: Tue Mar 25 23:15:58 2014 +0200 struct ifaddrs *ifa; struct ifaddrs *p; struct sockaddr_dl *sa; +Index: common/discover.c +=================================================================== --- common/discover.c.orig +++ common/discover.c -@@ -881,7 +881,7 @@ discover_interfaces(int state) { +@@ -899,7 +899,7 @@ discover_interfaces(int state) { if_register_send(tmp); } else { /* get_hw_addr() was called by register. */ @@ -573,7 +587,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 } break; #ifdef DHCPv6 -@@ -894,7 +894,7 @@ discover_interfaces(int state) { +@@ -912,7 +912,7 @@ discover_interfaces(int state) { so now we have to call it explicitly to not leave the hardware address unknown (some code expects it cannot be. */ @@ -582,9 +596,11 @@ Date: Tue Mar 25 23:15:58 2014 +0200 } else { if_register_linklocal6(tmp); } +Index: common/dlpi.c +=================================================================== --- common/dlpi.c.orig +++ common/dlpi.c -@@ -1339,7 +1339,9 @@ void maybe_setup_fallback () +@@ -1343,7 +1343,9 @@ void maybe_setup_fallback () #endif /* USE_DLPI_SEND */ void @@ -595,9 +611,11 @@ Date: Tue Mar 25 23:15:58 2014 +0200 int sock, unit; long buf[DLPI_MAXDLBUF]; union DL_primitives *dlp; +Index: common/lpf.c +=================================================================== --- common/lpf.c.orig +++ common/lpf.c -@@ -47,12 +47,22 @@ +@@ -45,12 +45,22 @@ #include #include #include @@ -620,7 +638,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 #ifdef USE_LPF_SEND void if_reinitialize_send (info) struct interface_info *info; -@@ -80,10 +90,25 @@ int if_register_lpf (info) +@@ -78,10 +88,25 @@ int if_register_lpf (info) struct sockaddr common; } sa; struct ifreq ifr; @@ -648,7 +666,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || errno == EAFNOSUPPORT || errno == EINVAL) { -@@ -107,6 +132,7 @@ int if_register_lpf (info) +@@ -105,6 +130,7 @@ int if_register_lpf (info) memset (&sa, 0, sizeof sa); sa.ll.sll_family = AF_PACKET; sa.ll.sll_ifindex = ifr.ifr_ifindex; @@ -656,7 +674,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 if (bind (sock, &sa.common, sizeof sa)) { if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || -@@ -122,8 +148,6 @@ int if_register_lpf (info) +@@ -120,8 +146,6 @@ int if_register_lpf (info) } @@ -665,16 +683,16 @@ Date: Tue Mar 25 23:15:58 2014 +0200 return sock; } #endif /* USE_LPF_SEND || USE_LPF_RECEIVE */ -@@ -178,6 +202,8 @@ void if_deregister_send (info) +@@ -176,6 +200,8 @@ void if_deregister_send (info) in bpf includes... */ extern struct sock_filter dhcp_bpf_filter []; extern int dhcp_bpf_filter_len; +extern struct sock_filter dhcp_ib_bpf_filter []; +extern int dhcp_ib_bpf_filter_len; - #if defined (HAVE_TR_SUPPORT) - extern struct sock_filter dhcp_bpf_tr_filter []; -@@ -185,6 +211,8 @@ extern int dhcp_bpf_tr_filter_len; + #if defined(RELAY_PORT) + extern struct sock_filter dhcp_bpf_relay_filter []; +@@ -188,6 +214,8 @@ extern int dhcp_bpf_tr_filter_len; static void lpf_tr_filter_setup (struct interface_info *); #endif @@ -683,7 +701,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 static void lpf_gen_filter_setup (struct interface_info *); void if_register_receive (info) -@@ -206,12 +234,14 @@ void if_register_receive (info) +@@ -209,12 +237,14 @@ void if_register_receive (info) } #endif @@ -699,7 +717,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 lpf_gen_filter_setup (info); if (!quiet_interface_discovery) -@@ -276,6 +306,38 @@ static void lpf_gen_filter_setup (info) +@@ -291,6 +321,38 @@ static void lpf_gen_filter_setup (info) } } @@ -738,7 +756,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 #if defined (HAVE_TR_SUPPORT) static void lpf_tr_filter_setup (info) struct interface_info *info; -@@ -315,6 +377,54 @@ static void lpf_tr_filter_setup (info) +@@ -330,6 +392,54 @@ static void lpf_tr_filter_setup (info) #endif /* USE_LPF_RECEIVE */ #ifdef USE_LPF_SEND @@ -793,7 +811,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 ssize_t send_packet (interface, packet, raw, len, from, to, hto) struct interface_info *interface; struct packet *packet; -@@ -335,6 +445,10 @@ ssize_t send_packet (interface, packet, +@@ -350,6 +460,10 @@ ssize_t send_packet (interface, packet, return send_fallback (interface, packet, raw, len, from, to, hto); @@ -804,7 +822,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 if (hto == NULL && interface->anycast_mac_addr.hlen) hto = &interface->anycast_mac_addr; -@@ -439,7 +553,15 @@ ssize_t receive_packet (interface, buf, +@@ -454,7 +568,15 @@ ssize_t receive_packet (interface, buf, bufix = 0; /* Decode the physical header... */ @@ -821,7 +839,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 /* If a physical layer checksum failed (dunno of any physical layer that supports this, but WTH), skip this -@@ -507,33 +629,44 @@ void maybe_setup_fallback () +@@ -522,33 +644,44 @@ void maybe_setup_fallback () #if defined (USE_LPF_RECEIVE) || defined (USE_LPF_HWADDR) void @@ -884,7 +902,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 break; case ARPHRD_IEEE802: #ifdef ARPHRD_IEEE802_TR -@@ -541,18 +674,37 @@ get_hw_addr(const char *name, struct har +@@ -556,18 +689,37 @@ get_hw_addr(const char *name, struct har #endif /* ARPHRD_IEEE802_TR */ hw->hlen = 7; hw->hbuf[0] = HTYPE_IEEE802; @@ -926,6 +944,8 @@ Date: Tue Mar 25 23:15:58 2014 +0200 + freeifaddrs(ifaddrs); } #endif +Index: common/print.c +=================================================================== --- common/print.c.orig +++ common/print.c @@ -173,11 +173,11 @@ char *print_hw_addr (htype, hlen, data) @@ -942,9 +962,11 @@ Date: Tue Mar 25 23:15:58 2014 +0200 habuf [0] = 0; else { s = habuf; +Index: common/socket.c +=================================================================== --- common/socket.c.orig +++ common/socket.c -@@ -331,7 +331,7 @@ void if_register_send (info) +@@ -358,7 +358,7 @@ void if_register_send (info) info->wfdesc = if_register_socket(info, AF_INET, 0, NULL); /* If this is a normal IPv4 address, get the hardware address. */ if (strcmp(info->name, "fallback") != 0) @@ -953,7 +975,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 #if defined (USE_SOCKET_FALLBACK) /* Fallback only registers for send, but may need to receive as well. */ -@@ -394,7 +394,7 @@ void if_register_receive (info) +@@ -421,7 +421,7 @@ void if_register_receive (info) #endif /* IP_PKTINFO... */ /* If this is a normal IPv4 address, get the hardware address. */ if (strcmp(info->name, "fallback") != 0) @@ -962,7 +984,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 if (!quiet_interface_discovery) log_info ("Listening on Socket/%s%s%s", -@@ -508,7 +508,7 @@ if_register6(struct interface_info *info +@@ -577,7 +577,7 @@ if_register6(struct interface_info *info if (req_multi) if_register_multicast(info); @@ -971,7 +993,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 if (!quiet_interface_discovery) { if (info->shared_network != NULL) { -@@ -564,7 +564,7 @@ if_register_linklocal6(struct interface_ +@@ -633,7 +633,7 @@ if_register_linklocal6(struct interface_ info->rfdesc = sock; info->wfdesc = sock; @@ -980,7 +1002,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 if (!quiet_interface_discovery) { if (info->shared_network != NULL) { -@@ -1148,7 +1148,9 @@ void maybe_setup_fallback () +@@ -1246,7 +1246,9 @@ void maybe_setup_fallback () #if defined(sun) && defined(USE_V4_PKTINFO) /* This code assumes the existence of SIOCGLIFHWADDR */ void @@ -991,9 +1013,11 @@ Date: Tue Mar 25 23:15:58 2014 +0200 struct sockaddr_dl *dladdrp; int sock, i; struct lifreq lifr; +Index: includes/dhcpd.h +=================================================================== --- includes/dhcpd.h.orig +++ includes/dhcpd.h -@@ -1345,6 +1345,7 @@ struct interface_info { +@@ -1372,6 +1372,7 @@ struct interface_info { struct shared_network *shared_network; /* Networks connected to this interface. */ struct hardware hw_address; /* Its physical address. */ @@ -1001,7 +1025,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 struct in_addr *addresses; /* Addresses associated with this * interface. */ -@@ -2584,7 +2585,7 @@ void print_dns_status (int, struct dhcp_ +@@ -2641,7 +2642,7 @@ void print_dns_status (int, struct dhcp_ #endif const char *print_time(TIME); @@ -1010,9 +1034,11 @@ Date: Tue Mar 25 23:15:58 2014 +0200 char *buf_to_hex (const unsigned char *s, unsigned len, const char *file, int line); char *format_lease_id(const unsigned char *s, unsigned len, int format, +Index: server/dhcp.c +=================================================================== --- server/dhcp.c.orig +++ server/dhcp.c -@@ -1991,11 +1991,12 @@ void echo_client_id(packet, lease, in_op +@@ -2035,11 +2035,12 @@ void echo_client_id(packet, lease, in_op /* Check if echo-client-id is enabled */ oc = lookup_option(&server_universe, in_options, SV_ECHO_CLIENT_ID); @@ -1027,7 +1053,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 struct data_string client_id; unsigned int opcode = DHO_DHCP_CLIENT_IDENTIFIER; -@@ -3801,9 +3802,11 @@ void dhcp_reply (lease) +@@ -3948,9 +3949,11 @@ void dhcp_reply (lease) } else bufs |= 2; /* XXX */ @@ -1042,9 +1068,11 @@ Date: Tue Mar 25 23:15:58 2014 +0200 raw.htype = lease -> hardware_addr.hbuf [0]; /* See if this is a Microsoft client that NUL-terminates its +Index: server/dhcpleasequery.c +=================================================================== --- server/dhcpleasequery.c.orig +++ server/dhcpleasequery.c -@@ -299,7 +299,7 @@ dhcpleasequery(struct packet *packet, in +@@ -302,7 +302,7 @@ dhcpleasequery(struct packet *packet, in assoc_ips, nassoc_ips); @@ -1053,7 +1081,7 @@ Date: Tue Mar 25 23:15:58 2014 +0200 if (packet->raw->hlen+1 > sizeof(h.hbuf)) { log_info("%s: hardware length too long, " -@@ -409,11 +409,13 @@ dhcpleasequery(struct packet *packet, in +@@ -412,11 +412,13 @@ dhcpleasequery(struct packet *packet, in * Set the hardware address fields. */ @@ -1071,9 +1099,11 @@ Date: Tue Mar 25 23:15:58 2014 +0200 /* * Set client identifier option. +Index: server/mdb.c +=================================================================== --- server/mdb.c.orig +++ server/mdb.c -@@ -618,6 +618,9 @@ int find_hosts_by_haddr (struct host_dec +@@ -640,6 +640,9 @@ int find_hosts_by_haddr (struct host_dec return ret; #endif diff --git a/0018-client-fail-on-script-pre-init-error-bsc-912098.patch b/0018-client-fail-on-script-pre-init-error-bsc-912098.patch index d1b3256..aa6c00e 100644 --- a/0018-client-fail-on-script-pre-init-error-bsc-912098.patch +++ b/0018-client-fail-on-script-pre-init-error-bsc-912098.patch @@ -4,11 +4,11 @@ Date: Mon, 14 Sep 2015 18:53:34 +0200 Subject: [PATCH] client: fail on script pre-init error (bsc#912098) References: bsc#912098 -diff --git a/client/dhclient.c b/client/dhclient.c -index b438629..82d6ed5 100644 ---- a/client/dhclient.c -+++ b/client/dhclient.c -@@ -632,7 +632,8 @@ main(int argc, char **argv) { +Index: dhcp-4.4.2/client/dhclient.c +=================================================================== +--- dhcp-4.4.2.orig/client/dhclient.c ++++ dhcp-4.4.2/client/dhclient.c +@@ -882,7 +882,8 @@ main(int argc, char **argv) { * in case somebody cares. */ script_init(NULL, "NBI", NULL); @@ -18,8 +18,8 @@ index b438629..82d6ed5 100644 /* * If we haven't been asked to persist, waiting for new -@@ -644,6 +645,8 @@ main(int argc, char **argv) { - exit(0); +@@ -894,6 +895,8 @@ main(int argc, char **argv) { + finish(0); } } else if (!release_mode && !exit_mode) { + unsigned int failed = 0; @@ -27,7 +27,7 @@ index b438629..82d6ed5 100644 /* Call the script with the list of interfaces. */ for (ip = interfaces; ip; ip = ip->next) { /* -@@ -665,7 +668,16 @@ main(int argc, char **argv) { +@@ -915,7 +918,16 @@ main(int argc, char **argv) { "alias_", ip->client->alias); } @@ -45,6 +45,3 @@ index b438629..82d6ed5 100644 } } --- -2.1.4 - diff --git a/0021-dhcp-ip-family-symlinks.patch b/0021-dhcp-ip-family-symlinks.patch index 2b1faad..f4ad710 100644 --- a/0021-dhcp-ip-family-symlinks.patch +++ b/0021-dhcp-ip-family-symlinks.patch @@ -1,26 +1,31 @@ +Index: client/dhclient.c +=================================================================== --- client/dhclient.c.orig +++ client/dhclient.c -@@ -252,6 +252,17 @@ main(int argc, char **argv) { +@@ -284,6 +284,18 @@ main(int argc, char **argv) { + #else progname = argv[0]; #endif - ++ +#ifdef DHCPv6 -+ /* Support being called using `dhclient4` or `dhclient6` symlinks */ -+ if (argv[0][strlen(argv[0]) - 1] == '4') { -+ local_family_set = 1; -+ local_family = AF_INET; -+ } else if (argv[0][strlen(argv[0]) - 1] == '6') { -+ local_family_set = 1; -+ local_family = AF_INET6; -+ } ++ /* Support being called using `dhclient4` or `dhclient6` symlinks */ ++ if (argv[0][strlen(argv[0]) - 1] == '4') { ++ local_family_set = 1; ++ local_family = AF_INET; ++ } else if (argv[0][strlen(argv[0]) - 1] == '6') { ++ local_family_set = 1; ++ local_family = AF_INET6; ++ } +#endif /* DHCPv6 */ + /* Initialize client globals. */ memset(&default_duid, 0, sizeof(default_duid)); +Index: relay/dhcrelay.c +=================================================================== --- relay/dhcrelay.c.orig +++ relay/dhcrelay.c -@@ -237,6 +237,17 @@ main(int argc, char **argv) { +@@ -300,6 +300,17 @@ main(int argc, char **argv) { progname = argv[0]; #endif @@ -38,9 +43,11 @@ /* Make sure that file descriptors 0(stdin), 1,(stdout), and 2(stderr) are open. To do this, we assume that when we open a file the lowest available file descriptor is used. */ +Index: server/dhcpd.c +=================================================================== --- server/dhcpd.c.orig +++ server/dhcpd.c -@@ -260,6 +260,17 @@ main(int argc, char **argv) { +@@ -301,6 +301,17 @@ main(int argc, char **argv) { progname = argv[0]; #endif diff --git a/dhcp-4.3.6-P1.tar.gz b/dhcp-4.3.6-P1.tar.gz deleted file mode 100644 index 9c402c6..0000000 --- a/dhcp-4.3.6-P1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2fd177bef02856f05fe17713ced9bfcc7d94f14c933c15f2f2fbedc9cc57a3c3 -size 10189202 diff --git a/dhcp-4.3.6-P1.tar.gz.asc b/dhcp-4.3.6-P1.tar.gz.asc deleted file mode 100644 index 34145aa..0000000 --- a/dhcp-4.3.6-P1.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Comment: GPGTools - http://gpgtools.org - -iQIzBAABAgAdFiEEvg6XSLcYJToou4n/8bEb8FzwLlcFAlqN9aIACgkQ8bEb8Fzw -LlfmNQ/+OKtQwHU+ymYE0v/r+Ux1/at5Cob5TSiBx/l7Um26nxvBLVgFO6cfoL6X -ZVsA56YFHtsMwDBktWirFxAhou6S66W455O6FJJ75NRhZoi/lpvxf2LJLCHp+R21 -XvCMLZ2ZKziIsDRZBbYUifcDT7r65Vvo88ZV4JEJMPC8PLqxvq/OpET2ZRzH17Fl -xkD4T+mySPGGJI1rodMtpFaFunjWhgXOZC59rscfJmiDkuQR+hH6KF3fnUmaL3wo -qhlzVD/EX4FP9FLZOsNXlLLq3oAzbwFZ+nq33ubabC000vuktvfpoG2HChWYmuZi -wxNtuVa2Su8PSeho0FIoJHMhw+QulBUYi/KyJowEGTKqKIEA6cMdnDKQ7emoTEAH -iUV+qYg+eceaTokDHHsbX/VXlP4fjIsGPWWga3CxFz9li/ld7CcxchIOsWg89/pu -Zd9kAwtrF4li5EVhy9rfuprpWfUgAL4hEw8CA6xFpFs6dafe6YiESiM5qzN4VxzN -NC+QzcUzr5r1KBMwyIzoVj1K9ZWEwEur54nCl6sB4crihTW/Acc0co+4DTUOrz9/ -tg4/i3cVyuh8cqjPURgg3+NMvjQCBI5w7kWM+45NOnzieVJYYMZEB/vo8c2xs8mS -hynQR9Oab2DJZcaSpcAJ0jae7BWM3qQpOdB81D6n2dsRr6tymCQ= -=1kxC ------END PGP SIGNATURE----- diff --git a/dhcp-4.4.2.tar.gz b/dhcp-4.4.2.tar.gz new file mode 100644 index 0000000..26b2f60 --- /dev/null +++ b/dhcp-4.4.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1a7ccd64a16e5e68f7b5e0f527fd07240a2892ea53fe245620f4f5f607004521 +size 9906235 diff --git a/dhcp-4.4.2.tar.gz.asc b/dhcp-4.4.2.tar.gz.asc new file mode 100644 index 0000000..0b07a21 --- /dev/null +++ b/dhcp-4.4.2.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABAgAdFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAl4oFp4ACgkQdLtrmky7 +PThiqA//TfSFypzVHjkfv+bI6dKbuRHWO9xNci8VXddQQTGFdu1afso+9KHFwkKD +ET6id7BNGzi62KJrw5tYB/C3m66IO/2nOixOXi+Ay/xbbHBA+zoknIQlK9NadDBd +yJNNWwQlQhpZvio4cugvg6ybkIC4ApzsTrvzIGpM0+WEnB4T1/k+C+SAq0DC5Bud +cJgGDmuJFoEPe+k/k6giDdDV5Ijgb5jRjvCay81sDvA9o87ku/EfavHFJwYNsjyN +lEq1M3teNj7j+d44v5j0Ko/ANWmB9xDV0tjK3qA/ZE4Onctur1Q/XrYJd14J/QHT +ACEngzClVcJ6A24m2RApFTugJwpGs60C5fuiDbf/xnpxMxOIOkUEyHe3iujI0O4h +vWIYFb2VsBATg/rlBHOl9otYomkku27iVgVW0KOw9eshdAy9YOjJ6ycg0gMvXwKB +BnzVxFC1iEOF7zivWAflEEs6tD2haqhPEHT6EqyHngSUOtynd89qYMQxn5YRO11N +WEo6OMiCkRSvO0SBOzGJP1WwBEkvAd6UiUhrTwPbgec7shsb6EwamGiXdy0oQu7S +wH/Ka0uKfvfdhtjEBm4z74rWpnMl8sm4AY7m6qIp4a9UGLqSH6Wq88W3Skwl4xuo +2s/ruHJnbnZ80ZfW0z+zSCeyvErDAGs8oKe8+VQwTokxJG2eXRY= +=0p7W +-----END PGP SIGNATURE----- diff --git a/dhcp-CVE-2019-6470.patch b/dhcp-CVE-2019-6470.patch deleted file mode 100644 index 49ccab3..0000000 --- a/dhcp-CVE-2019-6470.patch +++ /dev/null @@ -1,191 +0,0 @@ -commit 21ae396088a3fbe046e3122286d1288eeacce7d3 -Author: Thomas Markwalder -Date: Fri Dec 1 09:21:42 2017 -0500 - - [v4_3] Use 0 instead of -1 to indicate empty heap index - - Merges in rt46719. - ---- includes/dhcpd.h.orig -+++ includes/dhcpd.h -@@ -1596,8 +1596,9 @@ struct iasubopt { - */ - #define EXPIRED_IPV6_CLEANUP_TIME (60*60) - -- int heap_index; /* index into heap, or -1 -- (internal use only) */ -+ /* index into heaps, or -1 (internal use only) */ -+ int active_index; -+ int inactive_index; - - /* - * A pointer to the state of the ddns update for this lease. ---- server/mdb6.c.orig -+++ server/mdb6.c -@@ -216,7 +216,8 @@ iasubopt_allocate(struct iasubopt **iasu - - tmp->refcnt = 1; - tmp->state = FTS_FREE; -- tmp->heap_index = -1; -+ tmp->active_index = 0; -+ tmp->inactive_index = 0; - tmp->plen = 255; - - *iasubopt = tmp; -@@ -600,14 +601,18 @@ lease_older(void *a, void *b) { - } - - /* -- * Helper function for lease address/prefix heaps. -+ * Helper functions for lease address/prefix heaps. - * Callback when an address's position in the heap changes. - */ - static void --lease_index_changed(void *iasubopt, unsigned int new_heap_index) { -- ((struct iasubopt *)iasubopt)-> heap_index = new_heap_index; -+active_changed(void *iasubopt, unsigned int new_heap_index) { -+ ((struct iasubopt *)iasubopt)->active_index = new_heap_index; - } - -+static void -+inactive_changed(void *iasubopt, unsigned int new_heap_index) { -+ ((struct iasubopt *)iasubopt)->inactive_index = new_heap_index; -+} - - /*! - * -@@ -660,13 +665,13 @@ ipv6_pool_allocate(struct ipv6_pool **po - dfree(tmp, file, line); - return ISC_R_NOMEMORY; - } -- if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed, -+ if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, active_changed, - 0, &(tmp->active_timeouts)) != ISC_R_SUCCESS) { - iasubopt_free_hash_table(&(tmp->leases), file, line); - dfree(tmp, file, line); - return ISC_R_NOMEMORY; - } -- if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed, -+ if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, inactive_changed, - 0, &(tmp->inactive_timeouts)) != ISC_R_SUCCESS) { - isc_heap_destroy(&(tmp->active_timeouts)); - iasubopt_free_hash_table(&(tmp->leases), file, line); -@@ -1186,7 +1191,7 @@ cleanup_lease6(ia_hash_t *ia_table, - * Remove the old lease from the active heap and from the hash table - * then remove the lease from the IA and clean up the IA if necessary. - */ -- isc_heap_delete(pool->active_timeouts, test_iasubopt->heap_index); -+ isc_heap_delete(pool->active_timeouts, test_iasubopt->active_index); - pool->num_active--; - if (pool->ipv6_pond) - pool->ipv6_pond->num_active--; -@@ -1259,7 +1264,7 @@ add_lease6(struct ipv6_pool *pool, struc - if ((test_iasubopt->state == FTS_ACTIVE) || - (test_iasubopt->state == FTS_ABANDONED)) { - isc_heap_delete(pool->active_timeouts, -- test_iasubopt->heap_index); -+ test_iasubopt->active_index); - pool->num_active--; - if (pool->ipv6_pond) - pool->ipv6_pond->num_active--; -@@ -1271,7 +1276,7 @@ add_lease6(struct ipv6_pool *pool, struc - } - } else { - isc_heap_delete(pool->inactive_timeouts, -- test_iasubopt->heap_index); -+ test_iasubopt->inactive_index); - pool->num_inactive--; - } - -@@ -1392,14 +1397,13 @@ lease6_usable(struct iasubopt *lease) { - static isc_result_t - move_lease_to_active(struct ipv6_pool *pool, struct iasubopt *lease) { - isc_result_t insert_result; -- int old_heap_index; - -- old_heap_index = lease->heap_index; - insert_result = isc_heap_insert(pool->active_timeouts, lease); - if (insert_result == ISC_R_SUCCESS) { - iasubopt_hash_add(pool->leases, &lease->addr, - sizeof(lease->addr), lease, MDL); -- isc_heap_delete(pool->inactive_timeouts, old_heap_index); -+ isc_heap_delete(pool->inactive_timeouts, -+ lease->inactive_index); - pool->num_active++; - pool->num_inactive--; - lease->state = FTS_ACTIVE; -@@ -1449,16 +1453,16 @@ renew_lease6(struct ipv6_pool *pool, str - if (lease->state == FTS_ACTIVE) { - if (old_end_time <= lease->hard_lifetime_end_time) { - isc_heap_decreased(pool->active_timeouts, -- lease->heap_index); -+ lease->active_index); - } else { - isc_heap_increased(pool->active_timeouts, -- lease->heap_index); -+ lease->active_index); - } - return ISC_R_SUCCESS; - } else if (lease->state == FTS_ABANDONED) { - char tmp_addr[INET6_ADDRSTRLEN]; - lease->state = FTS_ACTIVE; -- isc_heap_increased(pool->active_timeouts, lease->heap_index); -+ isc_heap_increased(pool->active_timeouts, lease->active_index); - log_info("Reclaiming previously abandoned address %s", - inet_ntop(AF_INET6, &(lease->addr), tmp_addr, - sizeof(tmp_addr))); -@@ -1480,9 +1484,7 @@ static isc_result_t - move_lease_to_inactive(struct ipv6_pool *pool, struct iasubopt *lease, - binding_state_t state) { - isc_result_t insert_result; -- int old_heap_index; - -- old_heap_index = lease->heap_index; - insert_result = isc_heap_insert(pool->inactive_timeouts, lease); - if (insert_result == ISC_R_SUCCESS) { - /* -@@ -1533,7 +1535,7 @@ move_lease_to_inactive(struct ipv6_pool - - iasubopt_hash_delete(pool->leases, - &lease->addr, sizeof(lease->addr), MDL); -- isc_heap_delete(pool->active_timeouts, old_heap_index); -+ isc_heap_delete(pool->active_timeouts, lease->active_index); - lease->state = state; - pool->num_active--; - pool->num_inactive++; -@@ -1611,7 +1613,7 @@ decline_lease6(struct ipv6_pool *pool, s - pool->ipv6_pond->num_abandoned++; - - lease->hard_lifetime_end_time = MAX_TIME; -- isc_heap_decreased(pool->active_timeouts, lease->heap_index); -+ isc_heap_decreased(pool->active_timeouts, lease->active_index); - return ISC_R_SUCCESS; - } - -@@ -1884,7 +1886,7 @@ cleanup_old_expired(struct ipv6_pool *po - break; - } - -- isc_heap_delete(pool->inactive_timeouts, tmp->heap_index); -+ isc_heap_delete(pool->inactive_timeouts, tmp->inactive_index); - pool->num_inactive--; - - if (tmp->ia != NULL) { ---- server/tests/mdb6_unittest.c.orig -+++ server/tests/mdb6_unittest.c -@@ -65,8 +65,13 @@ ATF_TC_BODY(iaaddr_basic, tc) - if (iaaddr->state != FTS_FREE) { - atf_tc_fail("ERROR: bad state %s:%d", MDL); - } -- if (iaaddr->heap_index != -1) { -- atf_tc_fail("ERROR: bad heap_index %s:%d", MDL); -+ if (iaaddr->active_index != 0) { -+ atf_tc_fail("ERROR: bad active_index :%d %s:%d", -+ iaaddr->active_index, MDL); -+ } -+ if (iaaddr->inactive_index != 0) { -+ atf_tc_fail("ERROR: bad inactive_index %d %s:%d", -+ iaaddr->inactive_index, MDL); - } - if (iasubopt_reference(&iaaddr_copy, iaaddr, MDL) != ISC_R_SUCCESS) { - atf_tc_fail("ERROR: iasubopt_reference() %s:%d", MDL); diff --git a/dhcp.changes b/dhcp.changes index 6dbc8ee..4cf0fc2 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,3 +1,207 @@ +------------------------------------------------------------------- +Sun Jan 24 13:20:58 UTC 2021 - Dirk Müller + +- update to 4.4.2: + * Please note that that ISC DHCP is now licensed under the Mozilla Public + License, MPL 2.0. + + In general, the areas of focus for ISC DHCP 4.4 were: + + 1. Dynamic DNS additions + 2. dhclient improvements + 3. Support for dynamic shared libraries + + * Added the interface name to socket initialization failure log messages. + Prior to this the log messages stated only the error reason without + stating the target interface. + * Corrected buffer pointer logic in dhcrelay functions that manipulate + agent relay options. Thanks to Thomas Imbert of MSRC Vulnerabilities + & Mitigations for reporting the issue. + * Corrected unresolved symbol errors building relay_unittests when + configured to build using libtool. + * A new configuration parameter, ping-cltt-secs (v4 operation only), has + been added to allow the user to specify the number of seconds that must + elapse since CLTT before a ping check is conducted. Prior to this, the + value was hard coded at 60 seconds. Please see the server man pages for + a more detailed discussion. + * A new configuration parameter, ping-timeout-ms (v4 operation only), + has been added that allows the user to specify the amount of time + the server waits for a ping-check response in milliseconds rather + than in seconds (via ping-timeout). When greater than zero, the value + of ping-timeout-ms will override the value of ping-timeout. Thanks + to Jay Doran from Bluecat Networks for suggesting this feature. + * An experimental tool called, Keama (KEA Migration Assistant), which helps + translate ISC DHCP configurations to Kea configurations, is now included + in the distribution. + * Corrected a misuse of the BIND9 DDNS API which caused DDNS updates to be + carried out over TCP rather than UDP. The coding error was exposed by + migration to BIND9 9.11. Thanks to Jinmei Tatuya at Infoblox for + reporting the issue. + * Bind9 now defaults to requiring python to build. The Makefile for + building Bind9 when bundled with ISC DHCP was modified to turn off + this dependency. + * Corrected a dual-stack mixed-mode issue that occurs when both + ddns-guard-id-must-match and ddns-other-guard-is-dynamic + are enabled and that caused the server to incorrectly interpret + the presence of a guard record belonging to another client as + a case of no guard record at all. Thanks to Fernando Soto + from BlueCat Networks for reporting this issue. + * Corrected a compilation issue that occurred when building without DNS + update ability (e.g. by undefining NSUPDATE). + * Corrected an issue that was causing the server, when running in + DHPCv4 mode, to segfault when class lease limits are reached. + Thanks to Peter Nagy at Porion-Digital for reporting the matter + and submitting a patch. + * Made minor changes to eliminate warnings when compiled with GCC 9. + Thanks to Brett Neumeier for bringing the matter to our attention. + * Fixed potential memory leaks in parser error message generation + spotted by Coverity, CIDs: 1448191, 1448193, 1448194, 1448195 + * Updated URL of IEEE oui.txt in contrib/dhcp-lease-list.pl. Thanks + to Tommy Smith for contributing the patch. + * Fixed define flags when using SO_BINDTODEVICE. Thanks to Joe LeVeque for + reporting the issue. + * Applied a patch from OpenBSD to always set the scope id of outbound + DHPCv6 packets. Note this change only applies when compiling under + OpenBSD. Thanks to Brad Smith at OpenBSD from bringing it to our + attention. + * Modified dhclient to not discard config file leases that are + duplicates of server-provided leases and to retain such leases + after they have been used as the fallback active lease and + DHCP service has been restored. This allows them to be used + more than once during the lifetime of a dhclient instance. + This applies to DHCPv4 operation only. + * Corrected a number of reference counter and zero-length buffer leaks. + Thanks to Christopher Ertl of MSRC Vulnerabilities & Mitigations for + pointing them out. + * Closed a small window of time between the installation of graceful + shutdown signal handlers and application context startup, during which + the receipt of shutdown signal would cause a REQUIRE() assertion to + occur. Note this issue is only visible when compiling with + ENABLE_GENTLE_SHUTDOWN defined. + * Corrected a buffer overflow that can occur when retrieving zone + names that are more than 255 characters in length. + * The "d" domain name option format was incorrectly handled as text + instead of RFC 1035 wire format. Thanks to Jay Doran at BlueCat Networks + for reporting this issue. + * Improved the error message issued when a host declaration has both + a uid and a dhcp-client-identifier. Server configuration parsing will + now fail if a host declaration specifies more than one uid. + * Updated developer's documentation on building and running unit tests. + Removed support for --with-atf=bind as BIND9 no longer bundles in ATF + source. + * Fixed a syntax error in ldap.c which cropped up under Ubuntu + 18.04.1/gcc 7.4.0. Thanks to Charles Hedrick for pointing it out. + * Added clarification to dhcp-options.5 section on ip-address values + describing the first-use DNS resolution of options with hostnames as + values (e.g. next-server). + * The option format for the server option omapi-key was changed to a + format type 'k' (key name); while server options ldap-port and + ldap-init-retry were changed to 'L' (unsigned 32-bit integer). These + three options were inadvertantly broken when the 'd' format content + was changed to comply with RFC 1035 wire format (see Gitlab #2). + * A delayed-ack value of 0 (the default), now correctly disables the delayed + feature. A change in 4.4.0 prohibited lease updates marking leases active + from be written to the lease file when delayed-ack is 0. This in turn, + caused servers to lose active lease assignments upon restart. + ! Option reference count was not correctly decremented in error path + when parsing buffer for options. Reported by Felix Wilhelm, Google + Security Team. + CVE: CVE-2018-5733 + ! Corrected an issue where large sized 'X/x' format options were causing + option handling logic to overwrite memory when expanding them to human + readable form. Reported by Felix Wilhelm, Google Security Team. + CVE: CVE-2018-5732 + * Added use of new Bind9 compatibility header files, that are now necessary + to supply type definitions for primitive data types, removed from Bind9 + proper. Altered util/bind.sh to pull from Bind9 repo on gitlab. + * Duplicate address detection when binding to a new IPv6 address was added + to the following dhclient scripts: linux,freebsd,netbsd,openbsd, and macos. + The scripts will check for DAD errors after binding to a new IPv6 address + for at most --dad-wait-time seconds. If a DAD error is detected the script + will exit with a value of 3, instructing dhclient to decline the address. If + dad-wait-time is zero (the default), DAD error checking is not peformed. + * Support for sending and receiving additional DHCP4 options has been added + to both the dhcpd and dhclient. Specifically: option codes 93,94, and 97 + (RFC 4578); code 150 (RFC 5859); and codes 209,219, and 211 (RFC 5071). + Beyond configuring, sending, requesting, and receiving these options neither + server nor client apply any additional logic based on their values. + Thanks to Peter Lewis for requesting this change. + * Added clarifying text to dhcpd.conf.5 explaining the class match expressions + cannot rely on the results of executable statements. + * Fixed a bug which causes dhcpd and dhclient to crash on certain + systems when given relative path names for lease or pid files on + the command line. Affected systems are those on which the C library + function, realpath() does not support a second parameter value of + NULL (see manpages for realpath(3)). + * Fixed a build issue when building with embedded BIND9 under OpenBSD that + was causing BIND9 build to not generate dns/enumclass.h and dns/enumtype.h. + * Added /m4/README to the distribution tarball. Some versions of + ac_local() treat the absence of the m4 subdirectory as error rather than + warning. This was causing the call to autoreconf, necessary for building + with libtool, to fail. + * Added experimental support for relay port (draft-ietf-dhc-relay-port-10.txt) + feature for DHCPv4, DHCPv6 and DHCPv4-over-DHCPv6. Relay port has to be + enabled at compile time via --enable-relay-port and is fully backward + compatible (i.e. works with previous implementations of servers and relays + using the standard ports). A new --rp command line option + specifies to dhcrelay an alternate source port for upstream (i.e. toward + the server) messages. Thanks to Naiming Shen and Enke Chen of Cisco + systems for submitting these patches. + * Added --release-on-roam to dhcpd server. When enabled and the server detects + that a DHCPv6 client (IAID+DUID) has roamed to a new network, it will release + the pre-existing leases on the old network and emit a log statement similar + to the following: + + "Client: roamed to new network, releasing lease:
" + + The server will carry out all of the same steps that would normally occur + when a client explicitly releases a lease. This behavior is disabled by + default and may only be specified globally. Prior to this the server renders + the leases unavailable until they expire or the server is restarted. Clients + that need leases in multiple networks must supply a unique IAID in each IA. + When release-on-roam is disabled (the default) the server maintains the + prior behavior of making such leases unavailable until they expire or the + server is restarted. Clients that need leases in multiple networks must + supply a unique IAID in each IA. This parameter may only be specified at + the global level. Thanks to Fernando Soto from BlueCat Networks for + suggesting this change. + * Support for delayed-ack is now compiled in by default. Prior to this + it had to be enabled at compile time via --enable-delayed-acks. The + default value for delayed-ack, however, has been changed from 28 to 0 + (i.e. disabled). This was done to minimize the impact on users not + currently using the feature. Please note that the delayed-ack feature + is not currently compatible with support for DHPCv4-over-DHCPv6 so + when a 4to6 port command line argument enables this in the server the + delayed-ack value is reset to 0. + * Added to the server (-6) a new statement, local-address6, which specifies + the source address of packets sent by the server. An additional flag, + bind-local-address6, disabled by default, binds the service socket to + to local-address6. Note that bind-local-address does not work with direct + clients: a relay has to forward packets to the server using the + local-address6 destination. + * The server now recognizes environment variables PATH_DHCPD_DB and + PATH_DHCPD_PID. These had been incorrectly compiled out of the code + unless DHCPv6 support was disabled. Additionally, the server man + pages were corrected to accurately reflect how the server chooses + file names (see lease-file-name and pid-file-name statements). Thanks + to Fernando Soto at Bluecat Networks for bringing this matter to our + attention. + * Removed an "Impossible condition" error upon exit in the dhcpd server that + has been shutdown via OMAPI. This condition was only apparent under Solaris + when building with --enable-use-sockets and --enable-ipv4-pktinfo. + * Corrected some minor Coverity issues: CID 1426059, 1426058, and 1426057. + * Added missing text to dhclient.8 and expanded release note coverage + for --address-prefix-len changes. +- remove dhcp-CVE-2019-6470.patch, + 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch: merged upstream +- 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch + 0009-dhcp-4.2.6-close-on-exec.patch + 0016-infiniband-support.patch + 0018-client-fail-on-script-pre-init-error-bsc-912098.patch + 0021-dhcp-ip-family-symlinks.patch: refresh against newer code base +- build with --enable-log-pid (log pid) and enable-binary-leases (faster + binary looup for large leases files) + ------------------------------------------------------------------- Tue Nov 17 13:56:54 UTC 2020 - Ludwig Nussel diff --git a/dhcp.keyring b/dhcp.keyring index 515cb63..924b1eb 100644 --- a/dhcp.keyring +++ b/dhcp.keyring @@ -1,152 +1,252 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: GPGTools - http://gpgtools.org -mQINBFf1aL4BEADaw6pPFCoWEtbcGEbfFRsCxEK2PDjzG7+PWTDUpdJgzMvHKvWU -BkKKpxxkWk6+irY4fZnaRkXKR6ggkTDRXucpssayXt95ZXdniOWGOuEGvGmIcif9 -klfvDLxK3dq1WrsRGs35FE4puxldS0RAS8dcRlq0bqMpnaSPxay8bdvQF8v5syIF -vW2ySfT21e1YgaMdSCu92kmg7lzrPccKFNuX3xkosGIglnoVcjpXqsZEIZjj6YAw -cZiEGB1Lxc88WjWbhrct0S1Z4zITapRAFdY65i1POmHmcyqEDlhYvbPIfk99PUvB -o6SbvE5IGChc+O5cqwp9i8sTw/ABewUkv2rcRfjaehQzIm6HHq3lX+ukqinic1fc -+FsZnQNQXUoh9z3InKPzWkxOcc1DiXkMcXUdxSi7C0zghR/tFKTLHeTOxj8j6oaX -DfWpdhBfFch2ogVQXZMyPaQxuObtG9aVffbpQsTHzAitz5/M7lXj2044DE8p9gcq -ORMZnqAE/uVuYvGzdQZJEx8pDma4Aegx/Nn0Wpv19U2zw2dfGon3Ckrdi8G77K10 -5++BB0ZFDia93kkEodcyJtdLMhFSxXV2XMMN8frO4jhHq86lnG71kbb5Y2ZdrkXz -BCGo6sVMVqWWEXUp4COfgEboeDneLUTlVLFQbgqpgWCCFZKz/k0hQpZbOQARAQAB +mQINBFwq9BQBEADHjPDCwsHVtxnMNilgu187W8a9rYTMLgLfQwioSbjsF7dUJu8m +r1w2stcsatRs7HBk/j26RNJagY2Jt0QufOQLlTePpTl6UPU8EeiJ8c15DNf45TMk +pa/3MdIVpDnBioyD1JNqsI4z+yCYZ7p/TRVCyh5vCcwmt5pdKjKMTcu7aD2PtTtI +yhTIetJavy1HQmgOl4/t/nKL7Lll2xtZ56JFUt7epo0h69fiUvPewkhykzoEf4UG +ZFHSLZKqdMNPs/Jr9n7zS+iOgEXJnKDkp8SoXpAcgJ5fncROMXpxgY2U+G5rB9n0 +/hvV1zG+EP6OLIGqekiDUga84LdmR/8Cyc7DimUmaoIZXrAo0Alpt0aZ8GimdKmh +qirIguJOSrrsZTeZLilCWu37fRIjCQ3dSMNyhHJaOhRJQpQOEDG7jHxFak7627aF +UnVwBAOK3NlFfbomapXQm64lYNoONGrpV0ctueD3VoPipxIyzNHHgcsXDZ6C00sv +SbuuS9jlFEDonA6S8tApKgkEJuToBuopM4xqqwHNJ4e6QoXYjERIgIBTco3r/76D +o22ZxSK1m2m2i+p0gnWTlFn6RH+r6gfLwZRj8iR4fa0yMn3DztyTO6H8AiaslONt +LV2kvkhBar1/6dzlBvMdiRBejrVnw+Jg2bOmYTncFN00szPOXbEalps8wwARAQAB tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5 -LCAyMDE3LTIwMTgpIDxjb2Rlc2lnbkBpc2Mub3JnPokCPwQTAQgAKQUCV/VovgIb -AwUJBF9JgAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEPGxG/Bc8C5XwvEP -/jRPx7GaTG4PqXiNptV36r1q+Eg92oRozUqNcuhN/l09gThyClfQylsEhZBcTT3I -VAjqqqAott5XNqw8pyPjERMFnqal0zBMZTln9RLkLnvoWQrHnEzG3CJ9Ndkk7niM -DOpRI71h8+nMl7YbkXOy87qamvoZ2BQZcdL+a8R5p733JaPMDUy5leZKNiywThQQ -iEtpWuz5u+zoALP5EKedPKCr0+xfGTUS5qptR2nHnRXnZouPfbQWKyEWtC3Qbiu+ -0ir9e2/4pp725g+os8TDCyzfRDLgD1cbxPrObwDAiw1B8KrL5l9WD70vfYpyMuvj -aUVkNbL5kFEuKKOrQSxyehyR8pgUyUnYUejmSdXDg/BmOpXr6gscnRDpq7Th6yew -85Dy5ntYHVAO2Qq6Iafnsun0/i1g0Wlv+OEbN+YIXTMbweCt5qddC1ak6I0WomiP -Frh8a2EeFrpRGEsKR9aFxUb+HdobclBMV4T2siewcW12W+MWnvRzVcMxFs/Yf1Wi -4DTb0sAztpftYk3vOVFkhIlTtgp0u9GPkSgCwIeW1ZCVMnxaWMfzDvzjt0cp09MQ -a6MBwIoKPLIRwVOzoyIhS9PrI26e/hdcQPaJo6ESYbJGT64lTbkVoaWkKKbJbJrG -gTnIzoxDL7l9rlYGOy3G1M6jZvT8uFanMM9vl22QfT5nuQINBFf1aL4BEADuNlry -8PqyjDsl/olp5bUc3Y97jKyHAYNghg0VrwwoKtaGGieWXaV7HtUslmtmUlj7L8Dy -zvBvOlmKZwGnAEA6UJSHEY+VbYzjxKaPzTHtWJpZtfskZkyCQeYy7yChxk500khU -8wNP5+zdkFU+d95jlj0Q26KS/ZLnK/0wZoSzGRNV2+CeTlPztPuzotcpY5eg/7X0 -D/ie8WE7BOK2BoxNWHvmpmHjeAoW5asBlJ6Hyd7ON0tbP8+ieHbcAxapkr9IEr12 -+/RPhmurAwRT1W3XNKPbqHhEMmanpjv9QFZnzhusPumebS9F3S3IdSPHnZZsCupV -5Ve7d6zqvbdb0f/nE/7tR+7jEFNe491kJUnzXTN7rKfjJkIVkxlYDkDH8K2r7kNb -Ckds2sRN+w8/v8REJkA31FGhf2oO6mgV+Na3NpYtSN8tS2x9oC5cMteElvnBxoDf -E0YUHSv5Ny5sGjjW/+RHqq1VxqKBHYbblQpfR1OsEsWzRWJ4R5F8Sum8k9XfRAdq -T04gE9DlmGsg4ZNn4d1R+SvXaojIRhzOrFu2thEvQJp1cYMjM9CSIU+q3021E+li -ED7zg5d5D19l2iVAmJkXfKsFdv4mHS1OM/IDgtu0vg7g4qRRB4oGQRlSl288Elpu -wo/mO1LXwyqk6oH3pZB+Fu7axo1xN5EPvYZrFwARAQABiQIlBBgBCAAPBQJX9Wi+ -AhsMBQkEX0mAAAoJEPGxG/Bc8C5Xys8QAK+Zf+5dONEeAjc5+qT4BxKrB9H1czGd -X2IgjsBrMDCHZCFRfvUhMG905b1ibO16xwgEw/VrXwJQujWSKc4uLHuKF9SNdwp/ -oBUpyltHm0ZUVJzpnQpLuNowYc2hKULRSRKjURkBw5n0gK+OmvCA2uRHERBdUokJ -mVrajTIVtYOuqzMvRUYgObo1EAi0LLwloCIDZl7y/WeAJM/4scvfRRPvZ2zCmn7Q -kKZxae1nWKRCiSuZdVV9E05sOC0c2P4EA+pqaXyHLkZ2/XOHL0eVeks7zl7qp4yB -WaZfmU/h3SBPvxhk0IQr+PZ0Nkzq+gqV0azh6Oy6a5Sz1OhJtxdax9h9WwO1KcBR -a6IC8UOtbGHuHa0TGKt7/3Y+W53zZgyJ1rK9QbJMVSnNzFcaWpsKewJk0iNSMLSp -lrEUPaNdGULGfxG1Hx1jRCadTWsbqHRtpkM+fSaAfdMKlPEIlzegD+mXKWLoZ+D5 -WyFgoNxnUV1SWYh/H+1nKAIAE9FsqIHYM2vlLhV3lVhkUZRH+EC+tWgTR/9fltxF -q+51plQhtod1i5Zk/WAioWnma45K4Onvd12sh0RsQh5LUl8NzL6M8IV+XbDpO45F -JqFQTqHt7B/HcxEICgdWTISBQDVdH7shzk3iZ2ir/2UFWTmgmbny4m0BZuASzmnm -TLm3Bfj8ss6qmQENBFR9szQBCADAwiKoEyFh32NHLc+c1vGgZ2lDKvXd7MoZZAOM -2NUJkaDqt+Xy537ycGmZRqukpGUsa0fDeqjOq+l4paX3QnW1DEs8ypnWi5Zme4lY -HysmNeG33iheSMeGRbnZi+9VTho3NGv3iM9gtRMDXTB5wi7OCu0XNypUtR2afP9F -9EgRs4nJ5iMzo5c1y0wH4y+lJ33NCHZDj8ditl64yMbuVlZOD3UxoQqw/8E6T4rH -ly64g9s6Ld7oYybSN/hKIXFZRqrTebEd2LwZqGhPQIgYDUdumwvtw6jfrosbMOx0 -tan3esnxlptlfbkmOsoi8pPJqlo2VtLBx9XN53ZFMqc/Pj3tABEBAAG0TUludGVy -bmV0IFN5c3RlbXMgQ29uc29ydGl1bSwgSW5jLiAoU2lnbmluZyBrZXksIDIwMTUt -MjAxNikgPGNvZGVzaWduQGlzYy5vcmc+iEYEEBECAAYFAlSqwTUACgkQs9Bv5D4Y -wC2XOwCgyzqRPw321UGSlg8BsLTL30oIp5sAnj0V/+8utHZDkXfCAVdaIIQNJmD/ -iEYEEBECAAYFAlSrw4MACgkQEKO5buIYjAZGywCfbu462hUgo3zPQHOm8Wo266j8 -qWUAni78PlKHBZ28H2Rjq+KhVJ45nZhHiEYEEBECAAYFAlTrQigACgkQi9gubzC5 -S1wIQQCgieUn67RR0OpW6y7mAYDbI0tsZgoAoIcrlgiZcRUQWEuguOXdkR/6oUtr -iQEcBBABAgAGBQJUrXNsAAoJEJbpllA5TJms5wcH/1Czp5cpkrxV/ONDuL5goYd/ -UpNS7P/VlowYS3uMUe0BEW5JSp0dzgqfBMQUe53cH+N6wFex23QlJbCM4S1fEuol -MWI1X7f8KJtp8vMUTR9DgMINVM5Kw+YeM7ud8RLOe4qBOcyPUDYK6xr4wxA4zuDQ -qAxqjJHlEx7g19ED9yJX5JZ98FmsPS0rsA3h3LvkfFpIUuhTM3+uPSuktZNwjQtD -Ps8VQmydUtgBRToA/KJQfTibufUrzRwI73HakPUH/pwj7Ynkfy2YkKRpW30RtDyG -Zt3hOMNBIHPz57iFXLg4d7y8ZtgVOdcOGSsc9CYBwZxoAWrcv5r30RIW49fBmwOJ -ARwEEAECAAYFAlStdBoACgkQvZfcY57oxHv+JwgAiO39F3dFN5z3JA/rlw8j43iM -YkBKfOjFeJTvmp05gv8zgNiqlLHerEVC88HfJdeVWKV6r8bnzOmFtRR44Sjzg4/W -zz9J2x0Y3p+s54xrNrJi4zGUbwFCqFznkOntcrHlAIGt9Q6Ks9ztcxBiAqtLAj6+ -XlU0IXVX5YymdusqYo3qkWm+HNxhYsf7JJMyGzsGuOsL9eV/+jplreVrIprdcxJD -TUx4pUuGjJgnQqXhl+O6vpS3qV54ASW74VtJaniVhQ6+vTjWxRFnJQia2jZiFg/u -5hawb53CcQatjSB886HKlb2xMbeF8T+jZOGiIIjQd5Vf6xeyKN0uNXTkiOBzu4kB -HAQQAQIABgUCVK2fAAAKCRBFrHhXGJzbxYefB/0cNKb+GkiapChQ4mKInw7ozm4K -mqrrGMWpddY5VY7nHuSfLCOpnFLFby6lyVNzTwjMWwDVs24GR22CZ9pYJm2uT4PO -xYEfgYOW3dRUlW16fJ6dk/4qHJXqTrSHn/4BZDUwQpH2z15rl6RZQSOB1QrkAjiY -2lsdpCIxxy/dwoltpsf1uYUJ40nXjzZnFXKmu5INc9ryBLCGTzNq86b1MWLqmXdy -iWJOvho8SDEFFGQi0JJuXOTk6EJvhM90ofsrdchubf60RiwbD9n8EJw63Z7lNHvM -aNfyriP+nRibFQUW7wSZBOZaBgVxEr3PcQBvmbXarw1MlROEbcKMZi9zf2sSiQEc -BBABAgAGBQJU45s8AAoJEDp7U4zJG4K/oC0IAIqu8yhL2Omyw7qkFt+N8ByKvk/5 -T3UBQ3kf0JmQTEU12ZpZFkQNxmTZ+nwJG2I1qxpSj8NnmLQVktFj9i8Eb65q0zqe -hgqCo8XRlAgO/7X8pcrZU21a9u0eoCT6DGUfvIcYo+dqiMV+VC31YMfQyGoJxueX -QpTnjGAx46iJPLjgehlU3GY4ZfWnGr8azez5Tkq+0hxGGVJgsLGzNYQVZjdL6JpV -A8NMgvs2N4/aaAm5m83scYVdenIF+Fr3uCjjJnYiUn2gGAuXc/IAP67jbtrR5tNA -Phs8BrZhJzxNyAdsZgxOZMe/Juqxe2nSZUYS+jXjPsZ/p/pO4dOCF5WVBgCJAT0E -EwECACgFAlR9szQCGwMFCQQS0oAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJ -EG+m68mRGkwCEPcH+KnXyRBITj/9i3xUwXqRyINtwJAA7DLjn/V+tlpf3BLmuL+l -0fEHS/DhLCukmAkSQsYbSwTNHBLztB4UK0YOEjAn/7klfqKfRwn6GvYbsMlSlWAq -ndjyURndyH6ABneTjm7POg5NPi2bq5daWQ6eU8mNRvWz1tXMv3NSwntdpXnHhpHc -HDnf+LMkQhrFYePUISMDNELvA9Cmj8Qr59bMUF96dIIEkS9bW+Sia1vWMx2P66Gh -3UvMV1cd1CMMJIqf8aWmf9hxn38uSJRLA0tOkvgLENsSKzhBY0Od0BH+71EQLXMN -b/FAQLdTGwHTpmb01paMAfLyzSs6KGCh61quhokCHAQQAQoABgUCVK1/PAAKCRBX -QSctAwfif73dEAC0v76ioGt7g7uwXDeuF2RDio2Pwn6mqrzgU6BnqwX8u8qUEWFW -uhJmQstEaRk4+vLso2lLad/5DEjany+TqRwyA4GR6Q9krQ4mpMzaVLtLIXDDQGzk -LjHvERjlsy5xeXHhooUhGe98R+8oyS0ykliiZd/aR+tGOZRPJmK/0zZ29aNi2n87 -oJwN4h6c/Gieoa2dO4iwnKbbIof+PXAhHczNAvV0ufhgXDbuf4ZjbuGbOVJzM2ej -4iLnHpqAiqHvZviVZdcs+9mBc+rrk6DJ03uVNakrLApykRxHoBSkbIhzoiBPT8vE -9QMZCIZLWkWWZ791LKWCK4JuPP6iHNmmWacZwvRHOyXRTjWX4qBaVRugaIfETdVP -y0tmwooTR7KLQwcjFlm5P20x+WoWC/EgcfXs1PvG6hLDc62HsqCgt9mykk4Ud/V9 -QFigaZCQf4sI5GuRr/jD24fzN1b0BVV0Df3tqQ9JbymKo0EBESZuYrA/RIM9oH4f -E0PLSAEbcm2Ef/kBbicLYrIWxgxcCKA0xoQ737bPPLE7EM8HJYMBZaUZl8eqXTau -TxNBU9c6UhDVjhyViTcBv+cIYbIo+c6khSL64FPT32zDaDYR/0AUn6+u+JSVXjvx -Wl0oPMHOAOOtgKSXBOUwZC6r9vgBWH67kKPYr0ZGnhVN5lbfRfdmYgXOi4kCIgQQ -AQoADAUCVUg3zQWDA0hN5wAKCRAfRF6wIguS7NiaD/9nVUAIXSZx8xq2Lo37E6je -1APbdSAT/K2TdLTMJsugzORVj4LVaSE4lOskMa3g8ffMdAnfGhEB5uLG9THDxOsv -Q0ipdNdTr2hdpbo0v9J63H44LEaqKppOV3eHOJYXnfWI6Armv31cUGAuJkI1GZUI -InL9jE80Ky/zYmkdSQwogPiSjb7i3ftS0QI7MR/hgJWz7vYLZ7o+Sqyse3PKl9Bw -6SVL9oy05u/Kx9nih5nh4mYWokfY3cEKVV9mhlTApkCgRqPWPVLN4/FfgoPIzKVG -71wAVgkNwuZOAJH6+nNSV/N/nITyqLz0ddt4qxGtepZ+6P3FF7Qi4UNSGnhyHBbB -kMbG3rRvo0VSgxWBUJQz3GAZjkS/YwGzR4F4P+IlFzj+1iKxke6vjGnXN06FzpsS -YJ46j9EOk/+j2K1ir/pUn7hF4QeLUCnxQL785kUiKg2+8KWkM6hGawUsvH9TqAfq -Cp8Mu4YDGXG0KoBMeD7h6N9DZYGGk/kqbFhitnKZ2VanheaI6wFCjTCwDAnySfib -+i1uKxaeddmSLMYiFlGz0E1pwjgALQF+qm6XHn6yD/vFLj/kiP1BtjY9dUTb6Yg3 -W01CyBOeFA/iSGZzWPgsbghlM7DJ16Jxq/Ij3M/7wfg6TiBgJoXLk7YXyWzGf2l2 -JI1kkLlZDCV7vAwC5+7ORIkCNwQQAQoAIQUCVp2NngMFATwWhjxbXj5dK1tALl1p -c2NcLm9yZz4kAAAKCRCVthgbLTPp7OCdD/9fQ3sqawQmdWoU9+MQZQ+lvirre8k7 -L0oSsoQGcjAn5VDD047dwyXsnQkEdQFBM0VSYYHTAuVYBd1CmqILcaiwzWpaOrvk -Fvxe3IqUhdyP/KNzmUaVvVR/qnujD1Wn8PwDAD+KwZnL0DApqo53tQfsuzeMjiZw -JI5+VFVUPWiYEbTOwZxUIfVGxhEQoRC6zR9CeJqdXIwKBLh22xBgfNrsNPF/UaEV -Wdf5eLIbgsTicPLOTbs8rz3cXCskd6J68Zk4S1chmZLx8sqVFYl0Eh6TZXpWOVqp -MUXYq9iZ5ir0csTNoLuCpLgunyUpTMbXixoCMDrDsX3Xgxl235JPpVTHiFRJmZz2 -Grvs+IIHUodCuCtYISvBE97mv4QAtvAz4ZM5Tdv+ka57n4bKN878iKy3wKzcQ2dS -EAdcyXiCTRPz9w/C+IfSdZ/agWEyESSj3D6k5Wa0b7bzBttpx4dSsAOB2MV4i2mQ -a95uEGqv00SokyITYi031BbpDy9xZdp/O7XxqlWpIf2qrNg+AoedfFyEeg//+3Op -iAKHCYojoG7q2qgcLVq98acxiyx9qs02d8gErEANMF2IOohJtlm34w1KXCqe9x9F -UMjb8+PksnoQrzPPSJJuzn+7PmtbUiVjvK3SoEOPtxYYxxUOuNv8VjOroJ7ea9RV -pK/E+8aGMKRLZrkBDQRUfbM0AQgAreBuzWxpZYdYbGw+6E5/7HXyDT/43t/h9kTt -NN6082F06BjQsbG6X1UdGhmC89ueb4FmZmFgYyv+haVMS4X6xr8OvxIqpUONgiPS -o7OKYwtiBophXxJDwuFQW1RCOblXkn8VD3s3M7Z8+AQijslshWuGw8Saz7WCX3Jq -cpb/4dSi+XspTI1Gi99ol2k7i7K5j0IbPzvkOoTf0SF+UFY33pukJSan079VCzh4 -lOnqmS/YSQxVwRp20VcBUWVIV785R3zeBtVcz00JF9j3xkloHY6cjX+VTw6iZ0c6 -37PqHtt20L/DjaqyMGa77LYW2HhZfM93tZt+9V2UyNsEdkufwQARAQABiQElBBgB -AgAPBQJUfbM0AhsMBQkEEtKAAAoJEG+m68mRGkwCERcH/Rer02pHu+BJlN53t6xI -xao4tZmWgp2PHKzcED2HcRcKQXqAx0Thvo6QhQfRXZoUJgldmbIWiXS2rnRoRMPr -ZoKAI5W3GWTHlUe1MuX9PVV6d/1MMhKISYMEj7cMOqMDdg4fzoWqXsmr4QxnHh7Y -vnQ9ZbJFHcvOOnpMV71eHiupAmgjQ4G0vJfXc1978CvhnzkNfo7Wy/8IzRpaR8Zt -0wB54esNVEpqtodQvLJfiR+76ZmPwC2HEylUPJoeKX1YJfW7Aaj7quSK4Ay9RFuf -TmHkL3a3ZBRAkTWu8EqnMsQFbypCrl+ij7zIcdanO57iLiva4Qnf4UtSyO2VT7cX -4+qJAjcEEAEKACEFAladjZ4DBQE8FoY8W14+XStbQC5daXNjXC5vcmc+JAAACgkQ -lbYYGy0z6ezgnQ//X0N7KmsEJnVqFPfjEGUPpb4q63vJOy9KErKEBnIwJ+VQw9OO -3cMl7J0JBHUBQTNFUmGB0wLlWAXdQpqiC3GosM1qWjq75Bb8XtyKlIXcj/yjc5lG -lb1Uf6p7ow9Vp/D8AwA/isGZy9AwKaqOd7UH7Ls3jI4mcCSOflRVVD1omBG0zsGc -VCH1RsYREKEQus0fQnianVyMCgS4dtsQYHza7DTxf1GhFVnX+XiyG4LE4nDyzk27 -PK893FwrJHeievGZOEtXIZmS8fLKlRWJdBIek2V6VjlaqTFF2KvYmeYq9HLEzaC7 -gqS4Lp8lKUzG14saAjA6w7F914MZdt+ST6VUx4hUSZmc9hq77PiCB1KHQrgrWCEr -wRPe5r+EALbwM+GTOU3b/pGue5+GyjfO/Iist8Cs3ENnUhAHXMl4gk0T8/cPwviH -0nWf2oFhMhEko9w+pOVmtG+28wbbaceHUrADgdjFeItpkGvebhBqr9NEqJMiE2It -N9QW6Q8vcWXafzu18apVqSH9qqzYPgKHnXxchHoP//tzqYgChwmKI6Bu6tqoHC1a -vfGnMYssfarNNnfIBKxADTBdiDqISbZZt+MNSlwqnvcfRVDI2/Pj5LJ6EK8zz0iS -bs5/uz5rW1IlY7yt0qBDj7cWGMcVDrjb/FYzq6Ce3mvUVaSvxPvGhjCkS2Y= -=E+8v +LCAyMDE5LTIwMjApIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBK4/rHln +EexZ/AB6pHS7a5pMuz04BQJcKvQUAhsDBQkD7JcABQsJCAcCBhUKCQgLAgQWAgMB +Ah4BAheAAAoJEHS7a5pMuz0476oP/1+UaSHfe4WVHV43QaQ/z1rw7vg2aHEwyWJA +1D1tBr9+LvfohswwWBLIjcKRaoXZ4pLBFjuiYHBTsdaAQFeQQvQTXMmBx21ZyUZj +tjim8f9T1JhmIrMx6tF14NbqFpjw82Mv0rc8y74pdRvkdnFigqLKUoN2tFQlKeG+ +5T24zNwrGrlR3S7gnM47nD1JqKwt4GnczLnMBW/0gbLscMUpAeNo/gY4g0GV/zkn +Rt91bLpcEyDAv+ZhQZbkJ49dnNzl5cTK5+uQWnlAZAdPecdLkvBNRNgj/FKL41RF +JGN6eqq3+jlPbyj9okeJoGQ64Ibv1ZHVTQIx5vT1+PuVX/Nm0GqSUZdLqR33daKI +hjpgUdUK/D0AnN5ulVuE1NnZWjVDTXVEeU8DFvi4lxZVHnZixejxFIZ7vRMvyaHa +xLwbevwEUuPLzWn3XhC5yQeqCe6zmzzaPhPlg6NTnM5wgzcKORqCXgxzmtnX+Pbd +gXTwNKAJId/141vj1OtZQKJexG9QLufMjBg5rg/qdKooozremeM+FovIocbdFnmX +pzP8it8r8FKi7FpXRE3fwxwba4Y9AS2/owtuixlJ2+7M2OXwZEtxyXTXw2v5GFOP +vN64G/b71l9c3yKVlQ3BXD0jErv9XcieeFDR9PK0XGlsxykPcIXZYVy2KSWptkSf +6f2op3tMiQEzBBABCAAdFiEEFcm6uMUTPAcGawLtlumWUDlMmawFAlwuSqAACgkQ +lumWUDlMmaz+igf/ZW8OY5aWjRk7QiXp93jkWRIbMi8kB9jW5u6tfYXFjMADpqiQ +yYdzEHFayRF92PQwj81UzIWzOWjErFWLDE2xol9sP5LdzeqoyED+XTqKggpVsIs+ +Lq672qnumQoZKp1YGb8MDocU2DNg/VsMdi7kCnEnPbcSuBxksmxGYomusXNrAF94 +1OJ2sqd9BuFamLIyn8XUCGGYlsvMoe4kTCg6Cc1sQvx0lDG8urKN57jBKWbP4alV ++JBV5KQcf74gzPmE3ypgY1tMEwxyH/WyS9ekDbai0qauX6eUAsM1bduH8fIcknLS +Zl5hrJTrzWFF9/DKOth8QOwhJ9zoIF1fcAsx9okBMwQQAQgAHRYhBHpqR7X54SM6 +0lUrXL2X3GOe6MR7BQJcLktcAAoJEL2X3GOe6MR7jwEH/iaolMeno1oeWAgzN6Mg +bx3maweh/9Vqty1fwk7Crq1G78X5i1OCkknEL2p0Bfle4ApwcC4HZVcqCgoYpRV3 +/EEXtwkMNy3plWdBbLCQSev/E1D39GzgAHiMnv7NUJnkoJbvMrvrAiUTXPTtARMM +gjEpvgEs60wuJxS8ESomRhe/KW4myxDoBxF+K+e5bOkOvvWVcAYJHWZ1BIZs4n6b ++C2vO8q5aKTkQ/XvNT7utbTOqj1SGhItRaAQKXHBdzkQ1Et3wTA4+uRg4gK12624 +9LperYs26w9X9UzApl+qVxQhtWUw3tnUXMastDfQrRcvJgq1xpv++OqX5Uc93RTf +SNWJAjMEEAEIAB0WIQS+DpdItxglOii7if/xsRvwXPAuVwUCXC5LlQAKCRDxsRvw +XPAuV29KEACEwlTVVKe4gnBYHnlAD7csoQ0+gJ6C+Ofzlw+UItRIcFeVCAknSGBs +NPxr9JStIvKpmsbSKpCNUEAYnRP2immh94y/C6BuTe1uUUmqBGr1f4OAUwZpmI29 +ixYeY/uUs9FZO3bS0/WtG46tdcJK41qtM0DYAGT3oeZhJMTW15dfvMGlFukauSOU ++BbR+6sZhqdbWl/AOTE/6x5otnAaW0GObY/BW240Xq/KTgBrzVdK5qNoYsMVsiTd +0im0JKvFG08ED+ZfcILhlO6G9jRhoTkhtYuf8CKN1dPf2IoB5FrRFf0xqRr9hNlk +X7ViNMP9OPb8i3BubWvRi5rNSquCwrFATSiAgaA9Yi1BNzQsmQxOql9lsh7eCH7m ++8zzUg9umWI6PkSv8vHBo2kPX73wmtEsF6vxJlk0yDBuQw7y0uuKh406tEEk4cP2 +8U4baq+ihpioupDhNuEII1h1Eh/RBE408RAOpcr+2F0m/fKOoJyz7u+AxyV81Ia6 +fyBnUfZnlfKo16w87c1HJRs9dKkRa5yGziBf9TcED3sru58Pftes2Nr80/iOh26i +P2pRihcIyrmeAqDWnneErVCmPMDTe6zkMrm/0iZ25/Jfq+M8IHEzFEw3Y1FBOeFg +9TyMDwYG2biJPTNTDO0BQ+Rrvs4SjFWEYSxgJSvG1jMfSPt5AR6MJrkCDQRcKvQU +ARAAufZX5WzJr0lZAhxaGpHY6JMBr4jVOCP4TrDZhwC2K4CXNM/PLLNisWzquiWa +FvUDhB89kCxrEhipwVFYhBr16CDQxrr8yhah3RIxrBMYhRTxgIAkANgkhGWfDJSE +zXauA7krYtS3rYwhfXe4cNsTkLPbnMUlyLJcqj2wnZcZIt97aL+NFRPyfIw1KfUb +9u3tB9seDYbvTEULeL07aTnHpWM5f3bTwJrJ2OFPzXseCCzPiVNh3Bv+YtJ1pMTr +c/UHO5DoJuHLsF0wicPSrpD0twspFdR/0rT6eNycsaCtV4GQzBcMPvY7qai5XrZm +Cqgluo1W6l6+F5YrKvRMtyyFkUNGcPywdjSlP44JyRrS2uzvFUViSsJArcmFG2TJ +LCohnse8wqjw0dIUVbmDbE4zjaG56zkvu0k+04Wwp3XPgOZrbl6cbhX3yLhu/Gt0 +dzd9EReoNfKXk32hBzKas/vdeB5DZejbOOOWYftqyZC1LvDvvrYFhFK6VGozfZ6L +Fml1hzn+xPahp5tRv93/T9zXeVPm9zilGMqm/gjRgh8ojWxNQoNzJyqTPWIvWmbu +EIP3T3cTFq6lJpJsg3+sfzofGWZCGnBZQGqm8rEOoUWiaKe1BvQCX1x8p4/x8/tX +TaVDpQCGoqxXt09plkDuGMuiDICxBlaHWUR2jLoHc2cLrB8AEQEAAYkCPAQYAQgA +JhYhBK4/rHlnEexZ/AB6pHS7a5pMuz04BQJcKvQUAhsMBQkD7JcAAAoJEHS7a5pM +uz04pB8P/Amfg54IFeALiPOrKbjC3bVAQzrsf09IL8sUln/LCZIx9HgGAJj/f35S +Q35sK2ucjWiDX6qCxVrWmC6caQXFgXOFSKIlqladmmgj4sIdLM5wj4nbomHChpB5 +rqV/GgkFwWBQ3kPCatXvc8Bg+zKJ+wXgTuPFXefyE9R+SLuas2grQ9hAjvTGHYbq +iYxSlNDFc1aHLAQ3bS76351MHuMHOpLzoB0OkZDCVNW4GNEqrLbINdr50RAK+Loo +Z2UBIobEZjXYor9A2FWkSvdjyz6X1QKMdQMath6R91k/O0abBa7ly4/805eAGXM3 +w1Xf2eMlpiUs69BeYoJBklK8aNMntpDREunJjhiPU4JoDzSxl5Qv7LuXylyo0YJA +9YmydKhTTcRdwsKc//nGr/ckg4BRl+VbtJBYvd3xGB7IQ+pT/TOakv9qCospAhr3 +EQjVP/XpnWJRd+x+dq8UXqwWmTenWDE42cNr7BDFJdOqS5ZWy4sIz4sdjpSxXMB9 +8iiRtKSpKRCJgXScB7SYebh835EgG2YyQGdhJMO7C6ok9POYQBqL8sBqRzImJKoT +VDvOH42WArKwJWTHa4mPdiDHEIZlkONerec3JXtl4Mfv8cwZ5Lb8fSiB/x8AWvqs +puc/7hQtkus4TcgutS1fwhAwpnFItpVF6+73CMQrJsblBdTjW0T+uQINBFxbVHwB +EADebZOJbhPdhHeBPdlZYE3rRjB8scDpWdjrCupfmeTC9MM6JgCE4DEMBtBXk+h1 ++7wfpblYYNFwGVFvytG5nvGRDtHWxwd1Z9O8Fx4Zqu0Fx/wAn7ZL3ryE+tdHR7JK +7SLxOa2X49T/8LY0U8Q65I4ZRo/b4VMcXApCmncw3QSRqHT/mYdNnf+HHPvi3jza +md3iVptCS4Iaisc079DFda+htWXspBc13lmPi2vGQkWjjS3B4yO8JackyQPVhpsg +KYbRBzOH0Kii8bXmyA6O5uIJYEddp5Veged4FE/ej3CrgGP1D0Yk1epx8lLbi9RB +kwFS7DA5rQ23UnbSy1WyV1ZgPrWqQAWuGpjMTVTWN0ElI3AGxAnE8lZlSXyE+XyV +uHjjIVrayBjLKVqDuSLdKZeCvI4QsyHH6F0NKJQkngvXxLZYxO6s0c2EFFLzdVWT +1V9GMP8UsDrrb+JsZjUVmPR1tTP4xqEQG6KjfFoQm5XWpGtFwh91OK1lwf/Bx2/C +j+PquLLFcj7hEP79VDTUZPQAduTTxIeTzHXH+x1PCHFB10xxH3e82VSdJeBUrJxn +riXzK50SKTTmF+uYpHqE8Jg1N2Y1n5ksuxeYUy8PFjhAeBCqZ6ZcldUDf4999e/z +PT8bwfCDr8jRdqJHrq7RxTJiP5RsMudWpKeohzJGwQ5uZwARAQABiQRyBBgBCAAm +FiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVHwCGwIFCQO9IQACQAkQdLtrmky7 +PTjBdCAEGQEIAB0WIQSVztolaxygoV8wL7WVIaftXazpGAUCXFtUfAAKCRCVIaft +XazpGPeMEACm9nxA/VKf8RxDo2ZuTgyuSwlR8tCjAE4k3+UoiYUbamkW4pjx9Vgd +1zC5bNxSWZ5vlJ4CH8ArKFqNK5LBVDZqhYureAo/1Af2b9vRJw0/QQHhuXz/jqeT +wwrLuKpy796Gpt+aFfcmS0ZC4QXfxJERhAP6tu1p6YmAsSb+bjziQVkKrt9mhOrL +dtz6WP0Fg1joRj33FgnnLtayHvtgQrNFI3ztCjk/B2FjYZxqbBGfk5gyo0cTE2Fi +oLhG/XrxIoZepFMJkGYETnYQXrOt2KuJLvawV70YQmG8EqHYY8drKA0XDZs8TVdT +5cvGvtm8ERz5znsssRBxQMI5Ml6O2ahrXp8Eq4htCzlvO8t2MOtzvqAJRiyAd6bA +Uo+MGVRpnvePOR1SAgBXCd416rF0iCXc1utZxnqwdq9kJAZ+8mCLx4N4jk6AdGpX +zcNkLg7QmUzXn75RxZ6GrIUYZJNMlswXq5XhSW4o8ePlaxWjh9+QTtU964AZhpA1 +uoHsKGTBxHJs0w6McZm14kb2PuaO2/rpf8s8IZyc93+Y5O/gHZ6/agBjA9qN6wkQ +R1d5UhJC4QS/m35rBGBKK9X3fqQxaBCio6Qz+m4A3GchrztJpq+2P+ma5ylsTq5j +V4njky26WNtrV7+N0C4Moj3I4Qn6YU/eSManTXzHzoiPZCEH/IOxgXIiD/9Zm3Zz +I+h4NCfSGyP11/w1gEzlTHQ4at/FXIIDh0Y2ZNpWPffuFQLtcER2vyKPwhDYpGMy +NNHXks4azfrXVCv0wmSNBbeS8pJrYtopZpCEBrAbg/YLv9m5lpDSRHaR3gv/qMZ7 +QxY+NwqciqTwGq68PuF4mDSvtfuFmbEES9Iybiie+eL/6DU2knfBjgshUe6vElR+ +LYoPQ45GY2IxRTJ1pMXaZw1+evwH3UvseRGkRygiaBgoU/qR4prynvjMQcacCa+C +aRnXZJYp/usVBeY0xut9toc9/OcLGoBr5h9l5YjruO2vu8VHou8N0tarVQn3YbQR +Fi+YtNtclWJa8Pq1AsKRTCFwDwP6eODv6mNOrEFydNRcpiQmzp47VWF/YHRfHzCq +A1wHLxLUrpQTaVw6J4FqedAQ31aAO4faA7MS+ZMNBqZCZ7lTGC6TvojqqBAN2yX7 +AnnYpZHM+lGpi2/ukVzLqSkGmdNOgbu+UZvoej3YnHYig4yWP+z2xrlJl8bkhU/d +r9IQE5aRCEPB/JWhHJ2/GqYl9qjshlB52+6X2KDarwptOtzT9ooArYhpMwKIYh34 +c7X8tlAKYk7V5j7txIRFDKKAftC7dM82PntXJxSkWyR70GYnYjiXyrqqerqT7xIC +mDEQgFOPpy09zFW62paO9uiZw6qwybwqgGpoX7kCDQRcW1TbARAA3ERo2mPv2VVg +ZUFr4MtPDm4UG00YJW/LYa3D3k0e9tdSScACXprk1sAoxUlQx/CSdErPKwXG4rax +iN4t5nICUUNYSC0dh09G25jC7nwsWc0AYyZu+h/FzfvpOm3fBwmBlzILlGh0URwH +Ffj9fHt6hos4C+3PFZZ/X24aMJF/cov1oYi9rqFwt/l0mgtPE88Iyj2/Vp3Lergg +QMzKfEuyluj9fL2cgU0Qa7oAPXmaxhHtua4cvbM5SXGo3FXjIgzH9OfM+2orebeN +wH1M3ec6w+nPmRmCJLvPKGOeS7GVXL5/aOyPlDWzSXYnpCKS2ntw4K4nt0IA8n8z +1db109l/C2noDrDSJEqOo843ShNGTYOMVUrj3a+Y7o2ATc9pNZalf0PwnKas7NDb +IJ152PEQw665iYXcv2awjLF6W0yuSq8kfiaAxIrsie2Dto0zgqOs0Ot9Y74u11Hh +wBSHUO3mEZJScAAcI/yDF2PvjvCQSzu4mdXb77t6X2O6YHULz4A7bVQCMazcTDI9 +/S0W2+ixPnnJVnE3xgjK9zuizji8JDJw1hJCQM+yTLVqq9pfvcRfQ6uwpMRzz/O3 +S0zDRiA69/GyfNwkpgz5QaGpY02IK5WrQU1doRjIz4BHAYzoIOkMkRqTtjdElQZw +/D3wSO2uwsEMNwRzibR/Lz1JF2aGn6EAEQEAAYkEcgQYAQgAJhYhBK4/rHlnEexZ +/AB6pHS7a5pMuz04BQJcW1TbAhsCBQkDvSEAAkAJEHS7a5pMuz04wXQgBBkBCAAd +FiEE1wyE5ktVjlvM7AchMuIXXx11eioFAlxbVNsACgkQMuIXXx11eiqCfQ//SFDf +rOIEoslp6n6vlCuavOg02wvjskKQGP1P1Q4v40Fw1Gl87n9uXAoMpeF4H+pzUxOi +BHYCQi+EemwocSThzaWfPzd3JG/0OcRymf+ZOcBb+58VJL7p88QdMFIAi5J+KMuA +fEG0zLkc9anEnXoVMmQJX5K+6PyeVDvBbYGjLjQAsWTZTiVuQI0w3WxFtDGWqQII +8e/qE0DA7c/auGn7j2hid308+FcdfpmLefW9YesWjE1yYvHoCRdFOJ/7Sft4MQCI +Re7UET3TRMBvtisP2DcqyzGPp22s4ZYFCCJJNiB92bXdEl5zXe4Ff7JTfNE/QrR7 +Wg5R9hZHgHdbp8p8bA3f0y29YCx3puYg7BbmQWiMh3rXWE5b090pSpw0K9BQU3vO +irr+5/2TaFOJXHl4VF03GrWsSncShCbdsdRIv4TB0lY2mN4q+e7bjlAzJJeoaS97 +GIqu3DBlAJyx/ZwWW23DXXwoQ4jNuJhpl2jaCE7rVQB0uLjbp0i9Zdd4SdYZxmO/ +Y+JfgoJz8eyx8wZi4eDz1ijN0WKsIGjxJH5VUK9STjijDMeG6ZZRLc6b1QCGhe97 +ZbDkEUTdQGoeu4L5Fiqoma13NEsf8ofBDv+myJm/O67Va9JI3gxhIrhmF7LMzQQp +lYx2peZC1CmhEnn83dtt83mhXvX6Dth657BW/Qd+GQ//SVuTPuNkBXfrTi4dbnv+ +cU6IsoIBodTF/WsQ6h4kbtsPhO5DbrsLNuNumrqVEN8jw+HUsEeNvFNeMrTPdG2V +87ShQ4BQGkCf+GFRBj0myxxXOFZYQx6RpY5fCe7yOcTzpkbnPWmm7V8HdOuZ0NnL +JNQ5YogOI6UvXVKv35R9qBo+G9jkhhb0eaAu6BERzKVANKfsGN7545ElZ1qlffMh +AQhXGb6TsvCeSg2cWGb2cnVL2d58uVukD4PDiq4qqwgClkF3bOO70SIgGrCteHbi +4Hseopex5m6GqqjoUYXr7QQBwSaQdc+gKtEjMHCsHbUyHRk0qEHdEe+2RmL0d0ra +QMJfKyYQjcCR7tnrgN4WD1h4NKRdC/KRW31MDmH9XVPrkOMQCUCnArXkOwdKWsKf +h8af9HqweXOT1FHJN/M3tWaBpv6KoduF2f2pj1VhPZ2EqFUycJ26lrHyOpsynQR6 ++TD+c1uXotDwKN5RW+YL1cydk6mhib64fdOyPUeTcHehjMAFgM2f5wi35Ujcj8id +37cWOqRsggSbMnGO4AUA/YtcVNG8TjZbakson8ENK7e8q4sEiNFUZ7/CtzNokwHQ +5uOG1+qB85Y4ImGnIZVeiBpjt73VVawg4Zvm/omtW50P9R+4rVhMJZZFAgrWg8BH +H/KNznW0vUuShG8B+2FA/eu5Ag0EXFtVDAEQAL5ftI1GgVJEFgX5VsuFnfBnH95c +zqmwEXaTP4s7Xm3O0Wy579EzRUD1eEw/UaD/q2OHScwvMP65cZYQ9w4hnCN6H96P +96Teo7LOMCssvSXIO7gqP33LKTqDzsIoAFHwWE3dq1jbyP6T1Je85mr0Edvk8kOC +B1hudswAARno/7X9zGulhhwuEHk5Iey7R59yRUQqBctdNcetGyaiFjjX0evuVADi +/z/s07XhDLDt7+3Vglh1/7XGC64QhB9QjZ8j0u7+0xfmLLjhi+7EpkDlAHIJXX1H +0wAsPOGKlYruQUmIsMNfBINZeulHEBZ4cAd30xsM296DzJ6QL9sAGfYMhRs0YHB/ +EJ10Zv0iw1pU2jCCUv/9Kf4F4nwgHQWQP7JAbfhOIUOUq/YlxjTLnkd25+7vD3KH +NQ6UiRDROR9Jwetpd/zokpf5O5iTBpVL+sCq+NsTZyDOjITve2sY0V8v10M+Z+pL +cp/cUZ4JEDS/WJ4/ovBNJP8b+YwN/RBgCjl8UBX/N+e7AA52eYP2H9GK9XPkzSCE +VxEf5PyjGrwedpoLkzagrHsDuWo3uBquLyneT/ozihqKQAuInUy5B7rWU4mpKHe5 +Vto5o6Zuj+6MgHgIQzRK6Da2ziMNEmroxwZibcYCtUPdvcvxGh+byclnzBclKjOw +kAalFPx0SxEbHmzPABEBAAGJBHIEGAEIACYWIQSuP6x5ZxHsWfwAeqR0u2uaTLs9 +OAUCXFtVDAIbAgUJA70hAAJACRB0u2uaTLs9OMF0IAQZAQgAHRYhBK7WIv4CB360 +tcFGwUKiedJIzcMQBQJcW1UMAAoJEEKiedJIzcMQH+cQAIQYXDnqi4Hl21LtAgky +pZxug+x/LECVlwkrIfaQF337+fG+H9J7SdU87Sn1Xe/YUgQnF0XP/fjIVFM0e/Tb +xVlmTFqiejLnIwJJDgUaHO3POT2sGEyO3tc0mqSzyRBxtMQ8yvApccBhL5QODv3h +hlRWgk5MXU0IPeXw134IWm+o/PRiPBoXPawvVfEVIBlUFaiSZASf4BAiSad4aJQe +P8PyP7FPvQB1xiib0iSetn6ZmNeN2OSUJPiPA8aE9JCKuFtomVQEDM0BqQDl5A7h +5O2uyf0Li+/ArqBvfBjrH03e5zbID02dO3D2BjsV3jUeVPQ5WDgVg8LH+nfg/rRy +wfCsx9zFp1mt3K4xN2v7IKwxGndApgCcx17gsjzMvLz0J7sSGov4MNjzqvGEDKCl +uUvNKXqy7je9xcQLpoyvWtoWFXWTbQAcK5Vv+hC67r9bHpjI1KuqA8hYqNKxsv7s +wiLZdd4SK9SIuwf0j8/XTZwmoFfGolJil0ZNxyqBF39+CMVpaHdLM1qKZz99TVzS +h4obOOjkUjK458xSo0XCbJ4qXYp7PgxyWK6GIbTozbbG/1ldw+LUnqxt8Shf797L +J9lbI3ICuR2P5PYlKJf3b6D9GyfqyrP387fKAKhHsYkZ1XD54/8wIgTrdfeNPtL0 +1mjWDjw5KvO9kuPBjcmzgt+NrtsQAJwKeZsiqLLcY8kJ9xP+/xtTlh2iVuZMfxwq +hwlo4MMCzpobLDZ/JKU398m77eboTKJSBfeUYxQd4ATn1L8NLKjLxKAaBkjEk0nN +8w9OUQbFlhQ/asLzzF7Z9IGGh9/SEgBZ8V67a0O3Qw9Xdi3ARK3bbZ8RIVJ0+P9G +CGrfq9j4ZmGA2L4irLjsvDAv7CSMb4WBKW8j0Jz5LFMwOMJgG1TT5c6lNqFj6y09 +rZcVLnt8+lUv2Bw3LC0oI1TjFkrrCzIdfg++mPi3K/ZFc50bvnWF4eCOjgZ5U9Vb +sxFZq3+vTRcIfI9z2lZ9CNDRA1O5jGvuVtEGLiSLF2aJ6kiNriLuuGTlXfg/Fpgh +GTvyppOTzF7PtHzHBQ/ZjnhWojnc/jyJRwLK8cCl6+EOc887v8BDmqgFWtmycsE2 +5fDJ7UFGP13g/eDL3ZUgMDty5dQaUOTX145t2KT+lMqpY6ZK2EC+eoqrnIGJ+tYy +0l4RRxi10mbNhuPIIDdph7X+mUHgCeA9gyF0Y+LqiB6CX+zFg7ovLvnCbMPxdGXq +z7AjfwqZBKI+BVuBeDtyW4onmElCu5cXNKsg3W0IlQlZf9PMDU6Ht0XLUs7EPfbQ +sH1Vqi1XE1W/tGnkmjcpG/qlt9Gx1uwFGLP6iomqUBc2c0GZ6R1xplXvd3w3yC8d +8lAgPGImuQINBFxbVToBEADkuxhQx9gxlzzCc0nUu2v82XsD+GzONp9irt14gslx +te96eKaTXTi0t5eya0X5TIY3wbREwjlfAeM9AfcAmWcsM4izrfPtANM6WOxB2Tbz +EY2cqv7NBQii7Z5aqPyjcIiT0b0Gs2evlDkn3xEBBqTSrNcnGSA29bZPIkaUb7Qo +p/Ani0S3/tgcR21gXsJwkgpfNKwvPT03Lz3/o5rXAyag0M/25adgk9SVKNcXc8h2 +HSGv5ENjwUKNNnowVbNLw4287mFUM2Vd6unGJ2MBj7aUwTrfBl7gNV96mMdDJWcB +hGKYkxUvibuHCa2KH7gTrnV6X7sdrgD5CbJMPq6OZNSP6n6bUVg22eHxoETplFwT +4NvV3clRMWIAG1XgXR1l99LAh7PPnPMM1pHQGPwYHQskoBFS4g5knzHpB9h9TfZ3 +MM4cDZR5NgWmE0fYVnWe5ax+wW0/IOklUoHv3qoL4yiN9wFJq2oLzUNQd9+tsqiy +vxSTh8iYmHegyn5KuBPsrMPgvqiKOdalTZKkak9DOx4cGQL2qHspKxiBOb6uox2v +fjMQ5bDeUn+4DYMdnZNHeywCUegJmDakUtlfvN+136IDHGwfdGcitqzswzd3+PI2 +qlwPE19gkrp9NUaD3Qj2ZtDP7sU2cThc6Gra5KRFW8f98bI77j1Wu6pCnYFLqPz4 +QQARAQABiQRyBBgBCAAmFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVToCGwIF +CQO9IQACQAkQdLtrmky7PTjBdCAEGQEIAB0WIQR5HX64jryNAThDSqwz3zWa56YK +eQUCXFtVOgAKCRAz3zWa56YKeSWOEADK8u03LESGSQlZQqnnCAI8iYs1s+XRMEnG +2tAQ1OK7/4eNgr1yZckmaW4FBMgeEgYIBJ7v3SlW7Hf7dE10TYPNGbP6UxVW8HIP +rA4CINcGZXWWwpS374JNMS6A5eb6viuEgEMEi00jx0MmLvCMZKypmwXQUl5YJ5nB +ytpQ1681mCQxGBMhT1eKQt3B4nAsoEnP+HnqVM/nKxBemSBNXX+C0b/YeQoLC3sD +L+Z0NRI8U6PZl9Rokod3uynH0vfBYCEJd6MvsjtnJlVVaseYIA3ESNrFG12tw95I +wKNrVCANZ1DBSyK4ovmmWsDrH+uFTHSLNjlxIuVxUfmXcLfgcepVCmd/7Z7UrWYr +SXSvP0VG4ZmEPE7tNb8bfyADftO1cVsmcHBQeSrgvpSrTv9L8MocojpR5vJc1f+a +sBT7rAeGzZP9riz1GmryXawaZgdLfaaJfzRQkc1uTChb7kMN+UMhVUdCAXmho0XO +SfcsW84u/LpjdYh2Ww41xQO6EWvbZDNgD/Fdmp8Uh1MqJ1Dejri6kjNn6wPImXJd +Eu6nHqWDRdYsfT4XUB18tB+4aIpFzCyIgpf7p1uaVU7Oqip5sZkc/WXKr77lV23m +PQvpGRNCzgU2TJY7ktR3LOvUVN6wNfLMHzeQk18NdmcEGUrJ0YYtl9vE5/Eg9L6x +LBH9PKt17IQ8D/9DLwQX8pl3fuTM8ZbzIPLxiXhbgzBBTXKRE2u1888+RIq9xE7c +aVFjwq4qpgqZ5SFonTcG4Pi5ck3mFAzyA5zLRF+ckpmBpwSPMpLwCpv10369D1jh +AF3JsUwt6DIb2BISMhh2ThSUMSKO75q8GSotsKjJyjD6vl1x4L7WXubTWxEiNuwD +3kAjFWS1Z1VWtA9SURWAbsDaCV4VmwCCpSIwRr9OTbyu9XuMdMxGNpl8SwW7MVQb +x4aYNvR7Hl/wIR71AHAXoSfrKp3p12anXjYYASHmbm16ugP4H7HLMBfznKet2f76 +gIxJr1CsAMTSqypcC1UoVb6Gz8djeIR+GU+6efHI4TIUMy5uMIUx8tYbwSEeo/y6 +NnjpJFYYjJa671iSABInNxs4+X+1zrFa+wl45EnaFxziEet2Qzv/VsusoLvLwnYi +BZckclAS5xoVGFW0WJ01OfLUDHxGMt9GSheL8c+GLMaMtaCWunpmmt9zZ9WdpBOu +AGluMG1Cee50TrhXaGE8CdNr8nOdSeLNAveBAPmuVa0JDSe20/D/RuYJLKeG9Vsq +BZvjuGlOUsfl6UjtiGRbgS9OWpxeez5ugc9yyV+rBGIpmnIb+9quz2HmGxE65eA2 +cRNsZRIjFLzeAx/0RMaT1nlLFTBbUuZ+tJ+fgFtRGMhifZn1pb2dMQo0N7kCDQRc +W1VuARAAv4LYaNq2Zev/v7M5DnxLpgHRcMkG7TOQpycrlK5653llpZzTy3mh5peW +vcq3IDmdeUIJxQ+WDh2f0vS+NIKDC/HAddfHrZPbhO7zLxLcMW5KmV05ancaRSP0 +s0+IyQmvVxUNrgPinZiphlvRGoLXS6pdgfc4jIR9B2umPecfvfu/6EWFPnXZgG8K +yY3Z+mwrmEO0FaXHBQuu6nactiPe79N4bLe8hk9RW6yIxLBeJzIoOlIcJmuRHapt +nS2lV3mfhZdFnkAp1o6a2TL5BwgMY0wZUKZr78HEMKh6LbPN9rPepf0neUeq/k1l +NJU7V6XMS+rezF31vgSJ5KoNGYhxtWZ54uksH2rcw7+ltpSVtqY91G/vibpRCJG3 +LdX/kxHni1NEWyZlpS/6ntuH6HSoNYsR9IMsbESs3QVCH74ApK88CxYCRB0SEo0M +yAElbQ3bfEKCKl/FwC4IzAYAJ2arWKwBHRSJlsrNCtczrjG7j3EyJrn8+Tm5yjO6 +0THQjvc/nBxrNE09r1Lzz7jrDWC9Rl+BH6wqdniymoYyUAQsX2rZ+Jhah1Zkf+Gu +76qtY+EH494dPM+0FazcBlgBd6/J5mh3Wk9JuecXLTEUGtzd1GmI9CENPAklCauX +tNOWeTop27djuKWsZxuP1GyV6UYixFVOSWteyAbA32cncVv/2ZUAEQEAAYkEcgQY +AQgAJhYhBK4/rHlnEexZ/AB6pHS7a5pMuz04BQJcW1VuAhsCBQkDvSEAAkAJEHS7 +a5pMuz04wXQgBBkBCAAdFiEEFWiQaF6g32oTce8gF8xdsfAIhAcFAlxbVW4ACgkQ +F8xdsfAIhAd4jxAAiO9+VRQQ3eBOsJRgANdgL/l51kq7qE3u8xnSqNkrmdYDdT2H +TYH5W4n2AmGo50BDafdjd6tut0qtzA3/hGWCooydxKFOsnIYziUeoHvlICj3RkHO +y7utcFhAgRWi+kzFwnnXGf13dMU9iG7yvKrCrCEw44gzoQ1KnY1Xsj18n5JkqxeT +94bzcSbz20OpOSIMfSQPrpy18WrZYwHodcIZ3IUUACCpMZdfTa9c/qHRQ/rcwl+B +0JlHx0V4AYiSAsiMVgflO1Eqi7apPuwxPPd5nnHkrdDM9CYC3LdBORBXwncG3oZ5 +eTSXmsvFxHXH41JHsm/1QFcVmFAYhu9qJFCGiD+8UeTFtT+nnHU69BszgtUskqX8 +k9PqLdK7Vxkp16wc6WOp1NeIQ6Fd4PxTGrPqs9bJk7TlYtTFWpA0X+EMj/San+Ku +PxqLEa4Ab12R4vs1pCrn/g1z3C/6ujH4B70HOrRTIeTjULJ6xdwXGtwUA09hio0r +pHhtyZhAh5irUJNto4ZOk/Qyd+dfMsNvRJfbVIK2mmeRaBnp902AsQNgYVdi2Aki +0h4kz3bVLGw7iD/xV2hV69+JwLSijkkmOpz/EjMwj0hDDYrHH3Y3o0dV3dNdk/5i +6lQgcxSVsl9kWlHcoEllKbf0Hb1muKVwoGGYxFYna2jsLFVjG29M7iPSgrHjmg/+ +I3fmsLZ0VI9kmxniUlZ6gz5NB5PJ3RXmwKO9LkBgE5C1wpuZbNEQ1NsR2bprlJPm +++GNSo8HaheuTRJn42kkOgfIJwjuvXih3FE/NtRA/W8H2uF6YLDjBKGZJbxQcmsd +CTEuCRCVP8X7C5n3rl1YqzfWfNr8QFxvH7ivG7KOlSxvyTKcYatWb9uDUPrnr74f +ZaMljHGsNyKj70MzZcrrsmt61yWGR0h+02rmIKlskl4hkh+qF5ehI+Bkd7eblsBy +rxEREHq/ij2Vd7l0Z606YCE8vj8WfcsJj8JjwR3A+nND/oNJTTbQ3b8OvasvqIey +WqqmGg73nbHjd/VIAUsfvnsEYatDk4pAA/wQr9c4T4s5Q/QRwDrAsa4J89FrDjWC +hQBPL7TaP8Af/3Y3/86jLCN4lnW1qjPXv5rhBFeI0EVi1k1qdV06qr5HOk7CwQTT +uc4rCdFcEnw8kVKZa/yFnlJfRa0Z4IwSahdp5fdFEuad6LpOcFFnYxWtIWhcg4GT +RcMha/OZnsfqOqiAt6In+1IwuJBz3uMM7xw2AMaxzAejGEL63F81C5iJ6Ld6kQK+ +XblDW0G643bVbzkBb46MAT+UnLuWQUs3NDtk1FEioJyWUgbO/srMH4MoWM7rG8ZT +nQPohNmPBrqL2phmE27HQsQ0rTjH2Z2ol7iy9OFMtT0= +=MkGo -----END PGP PUBLIC KEY BLOCK----- diff --git a/dhcp.spec b/dhcp.spec index 71c8f21..f212eff 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -1,7 +1,7 @@ # # spec file for package dhcp # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,26 +16,25 @@ # -%if 0%{?usrmerged} -%define sbindir %_sbindir -%else -%define sbindir /sbin -%endif - -%define isc_version 4.3.6-P1 +%define isc_version 4.4.2 #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif +%if 0%{?usrmerged} +%define sbindir %{_sbindir} +%else +%define sbindir /sbin +%endif Name: dhcp -Version: 4.3.5 +Version: 4.4.2 Release: 0 Summary: Common Files Used by ISC DHCP Software -License: BSD-3-Clause +License: MPL-2.0 Group: Productivity/Networking/Boot/Servers -URL: http://www.isc.org/software/dhcp -Source0: dhcp-%{isc_version}.tar.gz -Source1: dhcp-%{isc_version}.tar.gz.asc +URL: https://www.isc.org/software/dhcp +Source0: https://ftp.isc.org/isc/dhcp/%{isc_version}/dhcp-%{isc_version}.tar.gz +Source1: https://ftp.isc.org/isc/dhcp/%{isc_version}/dhcp-%{isc_version}.tar.gz.asc Source2: %{name}.keyring # Source10: dhcpd.script @@ -79,8 +78,6 @@ Patch9: 0009-dhcp-4.2.6-close-on-exec.patch Patch10: 0010-dhcp-4.2.2-quiet-dhclient.patch # PATCH-FIX-OPENSUSE dhcp-4.2.x-chown-server-leases bnc#868253 Patch12: 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch -# PATCH-FIX-SLE dhcp-4.2.x-dhcpv6-decline-on-DAD-failure bnc#872609 -Patch13: 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch # PATCH-FIX-SLE dhclient6-unsigned-lifetimes-for-script bsc#926159 Patch14: 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch # PATCH-FIX-SLE Expose-next-server-DHCPv4-option-to-dhclient-script bsc#928390 @@ -94,7 +91,6 @@ Patch18: 0018-client-fail-on-script-pre-init-error-bsc-912098.patch # PATCH-FIX-SLE dhcp-4.2.4-P1-interval bsc#947780 Patch20: 0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch Patch21: 0021-dhcp-ip-family-symlinks.patch -Patch22: dhcp-CVE-2019-6470.patch BuildRequires: automake BuildRequires: dos2unix BuildRequires: libtool @@ -108,14 +104,14 @@ BuildRequires: sysuser-tools Summary: ISC DHCP Server Group: Productivity/Networking/Boot/Servers Requires: dhcp = %{version} +Requires(post): %fillup_prereq +%systemd_ordering %if 0%{?suse_version} < 1500 Requires: net-tools %endif -Requires(post): %fillup_prereq -%systemd_ordering %if 0%{?suse_version} >= 1330 Requires(pre): group(nogroup) -%sysusers_requires +# %sysusers_requires %else Requires(pre): shadow %endif @@ -137,11 +133,11 @@ Requires: net-tools Summary: ISC DHCP Relay Agent Group: Productivity/Networking/Boot/Servers Requires: dhcp = %{version} +Requires(post): %fillup_prereq +%systemd_ordering %if 0%{?suse_version} < 1500 Requires: net-tools %endif -Requires(post): %fillup_prereq -%systemd_ordering %package devel Summary: Header Files and Libraries for dhcpctl API @@ -199,7 +195,6 @@ with the Internet Software Consortium (ISC) dhcpctl API. %patch9 %patch10 -p1 %patch12 -p1 -%patch13 -p1 %patch14 %patch15 -p1 %patch16 @@ -207,7 +202,6 @@ with the Internet Software Consortium (ISC) dhcpctl API. %patch18 -p1 %patch20 %patch21 -%patch22 ## find . -type f -name \*.cat\* -exec rm -f {} \; dos2unix contrib/ms2isc/* @@ -242,16 +236,14 @@ LDFLAGS="-Wl,-z,relro,-z,now -pie" FFLAGS="$CFLAGS" CXXFLAGS="$CFLAGS" export CFLAGS LDFLAGS FFLAGS CXXFLAGS -# -#libtoolize --force -#autoreconf -f -i -# %configure \ --enable-dhcpv6 \ --enable-failover \ --enable-paranoia \ --enable-early-chroot \ - --enable-secs-byteorder \ + --disable-libtool \ + --enable-log-pid \ + --enable-binary-leases \ --with-ldap \ --with-ldapcrypto \ --with-cli-pid-file=%{_localstatedir}/run/dhclient.pid \ @@ -264,12 +256,12 @@ export CFLAGS LDFLAGS FFLAGS CXXFLAGS --with-srv6-lease-file=%{_localstatedir}/lib/dhcp6/db/dhcpd6.leases # : building bind sources -make -j1 -C bind all +%make_build -j1 -C bind all cat bind/configure.log cat bind/build.log cat bind/install.log : building dhcp sources -make %{?_smp_mflags} +%make_build %if 0%{?suse_version} >= 1330 %sysusers_generate_pre %{SOURCE47} dhcp-server %endif @@ -397,7 +389,7 @@ for l in lib/lib*.a ; do done popd # move also all dhcp-devel files to dhcp subdirectories -mv %{buildroot}%{_includedir}/{dhcpctl,isc-dhcp,omapip} \ +mv %{buildroot}%{_includedir}/{dhcpctl,omapip} \ %{buildroot}%{_includedir}/dhcp/ mv %{buildroot}%{_libdir}/lib*.* \ %{buildroot}%{_libdir}/dhcp/