From fbac420d32e74e1946d4f19186558d095140af035f1cfe2fd7fab727ab2b9d26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Thu, 20 Nov 2014 13:00:48 +0000 Subject: [PATCH 1/8] Accepting request 261548 from home:dimstar:gpg2 OBS-URL: https://build.opensuse.org/request/show/261548 OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=140 --- dhcp.changes | 8 ++++++++ dhcp.spec | 6 ------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/dhcp.changes b/dhcp.changes index 2541144..38e6861 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Nov 14 09:18:33 UTC 2014 - dimstar@opensuse.org + +- No longer perform gpg validation; osc source_validator does it + implicit: + + Drop gpg-offline BuildRequires. + + No longer execute gpg_verify. + ------------------------------------------------------------------- Wed Sep 3 01:48:48 CEST 2014 - ro@suse.de diff --git a/dhcp.spec b/dhcp.spec index a7d13bf..8a89000 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -123,9 +123,6 @@ Patch20: 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch ## PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build -%if 0%{?suse_version} > 1220 -BuildRequires: gpg-offline -%endif BuildRequires: automake %package server @@ -234,9 +231,6 @@ Authors: %prep -%if 0%{?gpg_verify:1} -%gpg_verify %{S:1} -%endif %setup -q -n %{name}-%{isc_version} -a 44 -a 45 ## %patch1 -p1 From 348f524f0afd9812ab4f3e0fa65be0fa866a4cae3ca0715aab530e40737f6434 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Fri, 21 Nov 2014 11:33:30 +0000 Subject: [PATCH 2/8] - Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to reorder config to add all global options or option declarations to the dhcpService object instead to create new service object (bsc#886094,ISC-Bugs#37876). [+ dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch] - Applied an upstream patch by Thomas Markwalder adding missed mapping of SHA TSIG algorithm names to their constants to enable hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512 authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947). [+ dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch] - Decline IPv6 addresses on Duplicate Address Detection failure and stop client message exchanges on reached MRD rather than at some point after it. Applied fedora patches by Jiri Popelka and added DAD reporting via exit 3 to the dhclient-script and a fix to use correct address variables in the DEPREF6 action (bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238). [+ dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, + dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch] - Applied backport patch by William Preston avoiding to bind ddns socket in the server when ddns-update-style is none (bsc#891655). [+ dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch] - Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409]) [+ dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch] - Updated licence statement and FSF address in our scripts. - Added missed service_add_pre macro calls for dhcrelay services OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=141 --- ...dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch | 32 ++ ...-contrib-conf-to-ldap-reorder.886094.patch | 250 +++++++++++++++ ....x-ddns-tsig-hmac-sha-support.890731.patch | 92 ++++++ ...dhcpv6-decline-on-DAD-failure.872609.patch | 255 +++++++++++++++ ...cpv6-retransmission-until-MRD.872609.patch | 57 ++++ ...le-unused-ddns-port-in-server.891655.patch | 292 ++++++++++++++++++ dhclient-script | 97 +++++- dhcp.changes | 30 ++ dhcp.spec | 24 ++ rc.dhcpd | 6 +- rc.dhcpd6 | 3 +- rc.dhcrelay | 16 +- rc.dhcrelay6 | 16 +- 13 files changed, 1150 insertions(+), 20 deletions(-) create mode 100644 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch create mode 100644 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch create mode 100644 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch create mode 100644 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch create mode 100644 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch create mode 100644 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch diff --git a/0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch b/0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch new file mode 100644 index 0000000..ecb6107 --- /dev/null +++ b/0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch @@ -0,0 +1,32 @@ +Index: dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap +=================================================================== +--- dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap ++++ dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap +@@ -486,14 +486,23 @@ sub parse_subclass + $subclass = next_token (0); + parse_error () if !defined ($subclass); + +- $tmp = next_token (0); +- parse_error () if !defined ($tmp); +- parse_error () if !($tmp eq '{'); +- ++ if (substr($subclass,-1) eq ';') { ++ $tmp = ";"; ++ $subclass = substr($subclass,0,-1); ++ } else { ++ $tmp = next_token (0); ++ parse_error () if !defined ($tmp); ++ } ++ parse_error () if !($tmp eq '{' or $tmp eq ';'); + add_dn_to_stack ("cn=$subclass"); + $curentry{'type'} = 'subclass'; + $curentry{'class'} = $class; + $curentry{'subclass'} = $subclass; ++ ++ if ($tmp eq ';') { ++ print_entry () if %curentry; ++ remove_dn_from_stack (); ++ } + } + + diff --git a/0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch b/0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch new file mode 100644 index 0000000..532b2e7 --- /dev/null +++ b/0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch @@ -0,0 +1,250 @@ +Author: Ales Novak +Subject: reorder config entries for ldap tree +References: bsc#886094, ISC-Bugs#37876 +Upstream: sent + +Reorder config to add all global options or option declarations +to the dhcpService object instead to create new service object, +e.g.: + +option opt-one code 1 = text; +class "class-one" { + option opt-one "..."; +}; +option opt-two code 2 = text; +class "class-two" { + option opt-two "..."; +}; + +has to contain both options (declarations) in the dhcpService, +followed by other objects as the dhcpClass objects under the +service in the ldap tree. +--- dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap ++++ dhcp-4.2.4-P2/contrib/ldap/dhcpd-conf-to-ldap +@@ -137,6 +137,7 @@ add_dn_to_stack + local ($dn) = @_; + + $current_dn = "$dn, $current_dn"; ++ $curentry{'current_dn'} = $current_dn; + } + + +@@ -154,6 +155,26 @@ parse_error + exit (1); + } + ++sub ++new_entry ++{ ++ if (%curentry) { ++ $curentry{'current_dn'} = $current_dn; ++ push(@entrystack, {%curentry}); ++ undef(%curentry); ++ } ++} ++ ++sub ++pop_entry ++{ ++ if (%curentry) { ++ push(@outputlist, {%curentry}); ++ } ++ $rentry = pop(@entrystack); ++ %curentry = %$rentry if $rentry; ++} ++ + + sub + print_entry +@@ -167,7 +188,7 @@ print_entry + print "cn: $server\n"; + print "objectClass: top\n"; + print "objectClass: dhcpServer\n"; +- print "dhcpServiceDN: $current_dn\n"; ++ print "dhcpServiceDN: $curentry{'current_dn'}\n"; + if(grep(/FaIlOvEr/i, @use)) + { + foreach my $fo_peer (keys %failover) +@@ -179,7 +200,7 @@ print_entry + } + print "\n"; + +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: $dhcpcn\n"; + print "objectClass: top\n"; + print "objectClass: dhcpService\n"; +@@ -195,7 +216,7 @@ print_entry + } + elsif ($curentry{'type'} eq 'subnet') + { +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: " . $curentry{'ip'} . "\n"; + print "objectClass: top\n"; + print "objectClass: dhcpSubnet\n"; +@@ -215,7 +236,7 @@ print_entry + } + elsif ($curentry{'type'} eq 'shared-network') + { +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: " . $curentry{'descr'} . "\n"; + print "objectClass: top\n"; + print "objectClass: dhcpSharedNetwork\n"; +@@ -226,7 +247,7 @@ print_entry + } + elsif ($curentry{'type'} eq 'group') + { +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: group", $curentry{'idx'}, "\n"; + print "objectClass: top\n"; + print "objectClass: dhcpGroup\n"; +@@ -237,7 +258,7 @@ print_entry + } + elsif ($curentry{'type'} eq 'host') + { +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: " . $curentry{'host'} . "\n"; + print "objectClass: top\n"; + print "objectClass: dhcpHost\n"; +@@ -254,7 +275,7 @@ print_entry + } + elsif ($curentry{'type'} eq 'pool') + { +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: pool", $curentry{'idx'}, "\n"; + print "objectClass: top\n"; + print "objectClass: dhcpPool\n"; +@@ -273,7 +294,7 @@ print_entry + } + elsif ($curentry{'type'} eq 'class') + { +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: " . $curentry{'class'} . "\n"; + print "objectClass: top\n"; + print "objectClass: dhcpClass\n"; +@@ -284,7 +305,7 @@ print_entry + } + elsif ($curentry{'type'} eq 'subclass') + { +- print "dn: $current_dn\n"; ++ print "dn: $curentry{'current_dn'}\n"; + print "cn: " . $curentry{'subclass'} . "\n"; + print "objectClass: top\n"; + print "objectClass: dhcpSubClass\n"; +@@ -344,7 +365,7 @@ sub parse_subnet + { + local ($ip, $tmp, $netmask); + +- print_entry () if %curentry; ++ new_entry (); + + $ip = next_token (0); + parse_error () if !defined ($ip); +@@ -374,7 +395,7 @@ sub parse_shared_network + { + local ($descr, $tmp); + +- print_entry () if %curentry; ++ new_entry (); + + $descr = next_token (0); + parse_error () if !defined ($descr); +@@ -393,7 +414,7 @@ sub parse_host + { + local ($descr, $tmp); + +- print_entry () if %curentry; ++ new_entry (); + + $host = next_token (0); + parse_error () if !defined ($host); +@@ -412,7 +433,7 @@ sub parse_group + { + local ($descr, $tmp); + +- print_entry () if %curentry; ++ new_entry (); + + $tmp = next_token (0); + parse_error () if !defined ($tmp); +@@ -435,7 +456,7 @@ sub parse_pool + { + local ($descr, $tmp); + +- print_entry () if %curentry; ++ new_entry (); + + $tmp = next_token (0); + parse_error () if !defined ($tmp); +@@ -458,7 +479,7 @@ sub parse_class + { + local ($descr, $tmp); + +- print_entry () if %curentry; ++ new_entry (); + + $class = next_token (0); + parse_error () if !defined ($class); +@@ -478,7 +499,7 @@ sub parse_subclass + { + local ($descr, $tmp); + +- print_entry () if %curentry; ++ new_entry (); + + $class = next_token (0); + parse_error () if !defined ($class); +@@ -500,7 +521,7 @@ sub parse_subclass + $curentry{'subclass'} = $subclass; + + if ($tmp eq ';') { +- print_entry () if %curentry; ++ pop_entry (); + remove_dn_from_stack (); + } + } +@@ -691,11 +712,11 @@ print STDERR "\n"; + my $token; + my $token_number = 0; + my $line_number = 0; +-my %curentry; + my $cursubnet = ''; + my %curcounter = ( '' => { pool => 0, group => 0 } ); + + $current_dn = "$dhcpdn"; ++$curentry{'current_dn'} = $current_dn; + $curentry{'descr'} = $dhcpcn; + $line = ''; + %failover = (); +@@ -704,7 +725,7 @@ while (($token = next_token (1))) + { + if ($token eq '}') + { +- print_entry () if %curentry; ++ pop_entry (); + if($current_dn =~ /.+?,\s*${dhcpdn}$/) { + # don't go below dhcpdn ... + remove_dn_from_stack (); +@@ -762,6 +783,16 @@ while (($token = next_token (1))) + } + } + ++pop_entry (); ++ ++while ($#outputlist >= 0) { ++ $rentry = pop(@outputlist); ++ if ($rentry) { ++ %curentry = %$rentry; ++ print_entry (); ++ } ++} ++ + close(STDIN) if($i_conf); + close(STDOUT) if($o_ldif); + diff --git a/0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch b/0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch new file mode 100644 index 0000000..7cdd810 --- /dev/null +++ b/0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch @@ -0,0 +1,92 @@ +Author: Thomas Markwalder +Subject: Addes addtional HMAC TSIG algorithms to DDNS +References: bsc#890731, ISC-Bugs#36947 +Upstream: yes + +TSIG-authenticated dynamic DNS updates now support the use of these +additional algorithms: hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384, +and hmac_sha512. [ISC-Bugs #36947] + +RFC4635 updates RFC2845 and mandates hmac-sha1 and hmac-sha256 support. + +diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h +index fc45ef3..a9df110 100644 +--- a/includes/omapip/isclib.h ++++ b/includes/omapip/isclib.h +@@ -104,6 +104,11 @@ extern dhcp_context_t dhcp_gbl_ctx; + #define DHCP_MAXDNS_WIRE 256 + #define DHCP_MAXNS 3 + #define DHCP_HMAC_MD5_NAME "HMAC-MD5.SIG-ALG.REG.INT." ++#define DHCP_HMAC_SHA1_NAME "HMAC-SHA1.SIG-ALG.REG.INT." ++#define DHCP_HMAC_SHA224_NAME "HMAC-SHA224.SIG-ALG.REG.INT." ++#define DHCP_HMAC_SHA256_NAME "HMAC-SHA256.SIG-ALG.REG.INT." ++#define DHCP_HMAC_SHA384_NAME "HMAC-SHA384.SIG-ALG.REG.INT." ++#define DHCP_HMAC_SHA512_NAME "HMAC-SHA512.SIG-ALG.REG.INT." + + isc_result_t dhcp_isc_name(unsigned char *namestr, + dns_fixedname_t *namefix, +diff --git a/omapip/isclib.c b/omapip/isclib.c +index 9b7ff5f..e9cb321 100644 +--- a/omapip/isclib.c ++++ b/omapip/isclib.c +@@ -230,12 +230,24 @@ isclib_make_dst_key(char *inname, + dns_name_t *name; + dns_fixedname_t name0; + isc_buffer_t b; ++ unsigned int algorithm_code; + + isc_buffer_init(&b, secret, length); + isc_buffer_add(&b, length); + +- /* We only support HMAC_MD5 currently */ +- if (strcasecmp(algorithm, DHCP_HMAC_MD5_NAME) != 0) { ++ if (strcasecmp(algorithm, DHCP_HMAC_MD5_NAME) == 0) { ++ algorithm_code = DST_ALG_HMACMD5; ++ } else if (strcasecmp(algorithm, DHCP_HMAC_SHA1_NAME) == 0) { ++ algorithm_code = DST_ALG_HMACSHA1; ++ } else if (strcasecmp(algorithm, DHCP_HMAC_SHA224_NAME) == 0) { ++ algorithm_code = DST_ALG_HMACSHA224; ++ } else if (strcasecmp(algorithm, DHCP_HMAC_SHA256_NAME) == 0) { ++ algorithm_code = DST_ALG_HMACSHA256; ++ } else if (strcasecmp(algorithm, DHCP_HMAC_SHA384_NAME) == 0) { ++ algorithm_code = DST_ALG_HMACSHA384; ++ } else if (strcasecmp(algorithm, DHCP_HMAC_SHA512_NAME) == 0) { ++ algorithm_code = DST_ALG_HMACSHA512; ++ } else { + return(DHCP_R_INVALIDARG); + } + +@@ -244,7 +256,7 @@ isclib_make_dst_key(char *inname, + return(result); + } + +- return(dst_key_frombuffer(name, DST_ALG_HMACMD5, DNS_KEYOWNER_ENTITY, ++ return(dst_key_frombuffer(name, algorithm_code, DNS_KEYOWNER_ENTITY, + DNS_KEYPROTO_DNSSEC, dns_rdataclass_in, + &b, dhcp_gbl_ctx.mctx, dstkey)); + } +diff --git a/server/dhcpd.conf.5 b/server/dhcpd.conf.5 +index e639db6..def7bec 100644 +--- a/server/dhcpd.conf.5 ++++ b/server/dhcpd.conf.5 +@@ -1388,11 +1388,16 @@ dnssec-keygen, the above key would be created as follows: + dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER + .fi + .PP +-If you are using the BIND 8 dnskeygen program, the following command will +-generate a key as seen above: +-.PP ++The key name, algorithm, and secret must match that being used by the DNS ++server. The DHCP server currently supports the following algorithms: + .nf +- dnskeygen -H 128 -u -c -n DHCP_UPDATER ++ ++ HMAC-MD5 ++ HMAC-SHA1 ++ HMAC-SHA224 ++ HMAC-SHA256 ++ HMAC-SHA384 ++ HMAC-SHA512 + .fi + .PP + You may wish to enable logging of DNS updates on your DNS server. diff --git a/0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch b/0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch new file mode 100644 index 0000000..2b268eb --- /dev/null +++ b/0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch @@ -0,0 +1,255 @@ +Author: Jiri Popelka +References: bsc#872609, ISC-Bugs#21237 +Upstream: yes + +If the bound address failed DAD (is found to be in use on the link), +the dhcpv6 client sends a Decline message to the server as described +in section 18.1.7 of RFC-3315 (#559147) +(Submitted to dhcp-bugs@isc.org - [ISC-Bugs #26735]) + +diff --git a/client/dhc6.c b/client/dhc6.c +index 8974e7a..f8ad25d 100644 +--- a/client/dhc6.c ++++ b/client/dhc6.c +@@ -96,6 +96,8 @@ void do_select6(void *input); + void do_refresh6(void *input); + static void do_release6(void *input); + static void start_bound(struct client_state *client); ++static void start_decline6(struct client_state *client); ++static void do_decline6(void *input); + static void start_informed(struct client_state *client); + void informed_handler(struct packet *packet, struct client_state *client); + void bound_handler(struct packet *packet, struct client_state *client); +@@ -2080,6 +2082,7 @@ start_release6(struct client_state *client) + cancel_timeout(do_select6, client); + cancel_timeout(do_refresh6, client); + cancel_timeout(do_release6, client); ++ cancel_timeout(do_decline6, client); + client->state = S_STOPPED; + + /* +@@ -2713,6 +2716,7 @@ dhc6_check_reply(struct client_state *client, struct dhc6_lease *new) + break; + + case S_STOPPED: ++ case S_DECLINED: + action = dhc6_stop_action; + break; + +@@ -2814,6 +2818,7 @@ dhc6_check_reply(struct client_state *client, struct dhc6_lease *new) + break; + + case S_STOPPED: ++ case S_DECLINED: + /* Nothing critical to do at this stage. */ + break; + +@@ -3804,17 +3809,23 @@ reply_handler(struct packet *packet, struct client_state *client) + cancel_timeout(do_select6, client); + cancel_timeout(do_refresh6, client); + cancel_timeout(do_release6, client); ++ cancel_timeout(do_decline6, client); + + /* If this is in response to a Release/Decline, clean up and return. */ +- if (client->state == S_STOPPED) { +- if (client->active_lease == NULL) +- return; ++ if ((client->state == S_STOPPED) || ++ (client->state == S_DECLINED)) { ++ ++ if (client->active_lease != NULL) { ++ dhc6_lease_destroy(&client->active_lease, MDL); ++ client->active_lease = NULL; ++ /* We should never wait for nothing!? */ ++ if (stopping_finished()) ++ exit(0); ++ } ++ ++ if (client->state == S_DECLINED) ++ start_init6(client); + +- dhc6_lease_destroy(&client->active_lease, MDL); +- client->active_lease = NULL; +- /* We should never wait for nothing!? */ +- if (stopping_finished()) +- exit(0); + return; + } + +@@ -4342,7 +4353,11 @@ start_bound(struct client_state *client) + dhc6_marshall_values("new_", client, lease, ia, addr); + script_write_requested6(client); + +- script_go(client); ++ // when script returns 3, DAD failed ++ if (script_go(client) == 3) { ++ start_decline6(client); ++ return; ++ } + } + + /* XXX: maybe we should loop on the old values instead? */ +@@ -4390,6 +4405,149 @@ start_bound(struct client_state *client) + dhc6_check_times(client); + } + ++/* ++ * Decline addresses. ++ */ ++void ++start_decline6(struct client_state *client) ++{ ++ /* Cancel any pending transmissions */ ++ cancel_timeout(do_confirm6, client); ++ cancel_timeout(do_select6, client); ++ cancel_timeout(do_refresh6, client); ++ cancel_timeout(do_release6, client); ++ cancel_timeout(do_decline6, client); ++ client->state = S_DECLINED; ++ ++ if (client->active_lease == NULL) ++ return; ++ ++ /* Set timers per RFC3315 section 18.1.7. */ ++ client->IRT = DEC_TIMEOUT * 100; ++ client->MRT = 0; ++ client->MRC = DEC_MAX_RC; ++ client->MRD = 0; ++ ++ dhc6_retrans_init(client); ++ client->v6_handler = reply_handler; ++ ++ client->refresh_type = DHCPV6_DECLINE; ++ do_decline6(client); ++} ++ ++/* ++ * do_decline6() creates a Decline packet and transmits it. ++ */ ++static void ++do_decline6(void *input) ++{ ++ struct client_state *client; ++ struct data_string ds; ++ int send_ret; ++ struct timeval elapsed, tv; ++ ++ client = input; ++ ++ if ((client->active_lease == NULL) || !active_prefix(client)) ++ return; ++ ++ if ((client->MRC != 0) && (client->txcount > client->MRC)) { ++ log_info("Max retransmission count exceeded."); ++ goto decline_done; ++ } ++ ++ /* ++ * Start_time starts at the first transmission. ++ */ ++ if (client->txcount == 0) { ++ client->start_time.tv_sec = cur_tv.tv_sec; ++ client->start_time.tv_usec = cur_tv.tv_usec; ++ } ++ ++ /* elapsed = cur - start */ ++ elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec; ++ elapsed.tv_usec = cur_tv.tv_usec - client->start_time.tv_usec; ++ if (elapsed.tv_usec < 0) { ++ elapsed.tv_sec -= 1; ++ elapsed.tv_usec += 1000000; ++ } ++ ++ memset(&ds, 0, sizeof(ds)); ++ if (!buffer_allocate(&ds.buffer, 4, MDL)) { ++ log_error("Unable to allocate memory for Decline."); ++ goto decline_done; ++ } ++ ++ ds.data = ds.buffer->data; ++ ds.len = 4; ++ ds.buffer->data[0] = DHCPV6_DECLINE; ++ memcpy(ds.buffer->data + 1, client->dhcpv6_transaction_id, 3); ++ ++ /* Form an elapsed option. */ ++ /* Maximum value is 65535 1/100s coded as 0xffff. */ ++ if ((elapsed.tv_sec < 0) || (elapsed.tv_sec > 655) || ++ ((elapsed.tv_sec == 655) && (elapsed.tv_usec > 350000))) { ++ client->elapsed = 0xffff; ++ } else { ++ client->elapsed = elapsed.tv_sec * 100; ++ client->elapsed += elapsed.tv_usec / 10000; ++ } ++ ++ client->elapsed = htons(client->elapsed); ++ ++ log_debug("XMT: Forming Decline."); ++ make_client6_options(client, &client->sent_options, ++ client->active_lease, DHCPV6_DECLINE); ++ dhcpv6_universe.encapsulate(&ds, NULL, NULL, client, NULL, ++ client->sent_options, &global_scope, ++ &dhcpv6_universe); ++ ++ /* Append IA's (but don't release temporary addresses). */ ++ if (wanted_ia_na && ++ dhc6_add_ia_na(client, &ds, client->active_lease, ++ DHCPV6_DECLINE) != ISC_R_SUCCESS) { ++ data_string_forget(&ds, MDL); ++ goto decline_done; ++ } ++ if (wanted_ia_pd && ++ dhc6_add_ia_pd(client, &ds, client->active_lease, ++ DHCPV6_DECLINE) != ISC_R_SUCCESS) { ++ data_string_forget(&ds, MDL); ++ goto decline_done; ++ } ++ ++ /* Transmit and wait. */ ++ log_info("XMT: Decline on %s, interval %ld0ms.", ++ client->name ? client->name : client->interface->name, ++ (long int)client->RT); ++ ++ send_ret = send_packet6(client->interface, ds.data, ds.len, ++ &DHCPv6DestAddr); ++ if (send_ret != ds.len) { ++ log_error("dhc6: sendpacket6() sent %d of %d bytes", ++ send_ret, ds.len); ++ } ++ ++ data_string_forget(&ds, MDL); ++ ++ /* Wait RT */ ++ tv.tv_sec = cur_tv.tv_sec + client->RT / 100; ++ tv.tv_usec = cur_tv.tv_usec + (client->RT % 100) * 10000; ++ if (tv.tv_usec >= 1000000) { ++ tv.tv_sec += 1; ++ tv.tv_usec -= 1000000; ++ } ++ add_timeout(&tv, do_decline6, client, NULL, NULL); ++ dhc6_retrans_advance(client); ++ return; ++ ++decline_done: ++ dhc6_lease_destroy(&client->active_lease, MDL); ++ client->active_lease = NULL; ++ start_init6(client); ++ return; ++} ++ + /* While bound, ignore packets. In the future we'll want to answer + * Reconfigure-Request messages and the like. + */ +diff --git a/includes/dhcpd.h b/includes/dhcpd.h +index a52992b..0eda51d 100644 +--- a/includes/dhcpd.h ++++ b/includes/dhcpd.h +@@ -1060,7 +1060,8 @@ enum dhcp_state { + S_BOUND = 5, + S_RENEWING = 6, + S_REBINDING = 7, +- S_STOPPED = 8 ++ S_STOPPED = 8, ++ S_DECLINED = 9 + }; + + /* Authentication and BOOTP policy possibilities (not all values work diff --git a/0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch b/0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch new file mode 100644 index 0000000..4ab93e8 --- /dev/null +++ b/0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch @@ -0,0 +1,57 @@ +Author: Jiri Popelka +References: bsc#872609, ISC-Bugs#21238 +Upstream: yes + +In client initiated message exchanges stop retransmission upon +reaching the MRD rather than at some point after it (#559153) +(Submitted to dhcp-bugs@isc.org - [ISC-Bugs #21238]) + +diff --git a/client/dhc6.c b/client/dhc6.c +index f8ad25d..63cbb65 100644 +--- a/client/dhc6.c ++++ b/client/dhc6.c +@@ -365,7 +365,7 @@ dhc6_retrans_init(struct client_state *client) + static void + dhc6_retrans_advance(struct client_state *client) + { +- struct timeval elapsed; ++ struct timeval elapsed, elapsed_after_RT; + + /* elapsed = cur - start */ + elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec; +@@ -382,6 +382,8 @@ dhc6_retrans_advance(struct client_state *client) + elapsed.tv_sec += 1; + elapsed.tv_usec -= 1000000; + } ++ elapsed_after_RT.tv_sec = elapsed.tv_sec; ++ elapsed_after_RT.tv_usec = elapsed.tv_usec; + + /* + * RT for each subsequent message transmission is based on the previous +@@ -419,13 +421,10 @@ dhc6_retrans_advance(struct client_state *client) + elapsed.tv_usec -= 1000000; + } + if (elapsed.tv_sec >= client->MRD) { +- /* +- * wake at RT + cur = start + MRD +- */ +- client->RT = client->MRD + +- (client->start_time.tv_sec - cur_tv.tv_sec); +- client->RT = client->RT * 100 + +- (client->start_time.tv_usec - cur_tv.tv_usec) / 10000; ++ client->RT = client->MRD - elapsed_after_RT.tv_sec; ++ client->RT = client->RT * 100 - elapsed_after_RT.tv_usec / 10000; ++ if (client->RT < 0) ++ client->RT = 0; + } + client->txcount++; + } +@@ -1502,7 +1501,7 @@ check_timing6 (struct client_state *client, u_int8_t msg_type, + } + + /* Check if finished (-1 argument). */ +- if ((client->MRD != 0) && (elapsed.tv_sec > client->MRD)) { ++ if ((client->MRD != 0) && (elapsed.tv_sec >= client->MRD)) { + log_info("Max retransmission duration exceeded."); + return(CHK_TIM_MRD_EXCEEDED); + } diff --git a/0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch b/0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch new file mode 100644 index 0000000..fe73ae9 --- /dev/null +++ b/0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch @@ -0,0 +1,292 @@ +Author: William Preston +Subject: do not bind ddns socket in server when ddns-update-style is none +References: bsc#891655 +Upstream: yes + +backported from commit 61ef216b8dc05bc4245b61eee812038757d12ffe +by Shawn Routhier with changes. + +diff --git a/client/dhclient.c b/client/dhclient.c +index bfa99fb..93f1dfc 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -171,7 +171,7 @@ main(int argc, char **argv) { + #endif + + /* Set up the isc and dns library managers */ +- status = dhcp_context_create(); ++ status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB); + if (status != ISC_R_SUCCESS) + log_fatal("Can't initialize context: %s", + isc_result_totext(status)); +diff --git a/dhcpctl/dhcpctl.c b/dhcpctl/dhcpctl.c +index a4aee7f..2217956 100644 +--- a/dhcpctl/dhcpctl.c ++++ b/dhcpctl/dhcpctl.c +@@ -43,7 +43,7 @@ dhcpctl_status dhcpctl_initialize () + isc_result_t status; + + /* Set up the isc and dns library managers */ +- status = dhcp_context_create(); ++ status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB); + if (status != ISC_R_SUCCESS) + return status; + +diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h +index a9df110..05a18f1 100644 +--- a/includes/omapip/isclib.h ++++ b/includes/omapip/isclib.h +@@ -121,7 +121,9 @@ isclib_make_dst_key(char *inname, + int length, + dst_key_t **dstkey); + +-isc_result_t dhcp_context_create(void); ++#define DHCP_CONTEXT_PRE_DB 1 ++#define DHCP_CONTEXT_POST_DB 2 ++isc_result_t dhcp_context_create(int flags); + void isclib_cleanup(void); + + void dhcp_signal_handler(int signal); +diff --git a/omapip/isclib.c b/omapip/isclib.c +index e9cb321..d833bc9 100644 +--- a/omapip/isclib.c ++++ b/omapip/isclib.c +@@ -87,98 +87,102 @@ handle_signal(int sig, void (*handler)(int)) { + } + + isc_result_t +-dhcp_context_create(void) { ++dhcp_context_create(int flags) { + isc_result_t result; + +- /* +- * Set up the error messages, this isn't the right place +- * for this call but it is convienent for now. +- */ +- result = dhcp_result_register(); +- if (result != ISC_R_SUCCESS) { +- log_fatal("register_table() %s: %u", "failed", result); +- } +- +- memset(&dhcp_gbl_ctx, 0, sizeof (dhcp_gbl_ctx)); ++ if ((flags & DHCP_CONTEXT_PRE_DB) != 0) { ++ /* ++ * Set up the error messages, this isn't the right place ++ * for this call but it is convienent for now. ++ */ ++ result = dhcp_result_register(); ++ if (result != ISC_R_SUCCESS) { ++ log_fatal("register_table() %s: %u", "failed", result); ++ } ++ ++ memset(&dhcp_gbl_ctx, 0, sizeof (dhcp_gbl_ctx)); + +- isc_lib_register(); ++ isc_lib_register(); + +- /* get the current time for use as the random seed */ +- gettimeofday(&cur_tv, (struct timezone *)0); +- isc_random_seed(cur_tv.tv_sec); ++ /* get the current time for use as the random seed */ ++ gettimeofday(&cur_tv, (struct timezone *)0); ++ isc_random_seed(cur_tv.tv_sec); + + #if defined (NSUPDATE) +- result = dns_lib_init(); +- if (result != ISC_R_SUCCESS) +- goto cleanup; ++ result = dns_lib_init(); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++#else ++ /* The dst library is inited as part of dns_lib_init, we don't ++ * need it if NSUPDATE is enabled */ ++ result = dst_lib_init(dhcp_gbl_ctx.mctx, NULL, 0); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; + #endif + +- result = isc_mem_create(0, 0, &dhcp_gbl_ctx.mctx); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- result = isc_appctx_create(dhcp_gbl_ctx.mctx, &dhcp_gbl_ctx.actx); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- result = isc_app_ctxstart(dhcp_gbl_ctx.actx); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- /* +- * Always ignore SIGPIPE. +- * Otherwise we will die before the errno == EPIPE +- * checks in the socket code are reached. +- * +- * Note: unlike isc_app_start(), isc_app_ctxstart() +- * does not set any signal handlers. +- */ +- result = handle_signal(SIGPIPE, SIG_IGN); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- dhcp_gbl_ctx.actx_started = ISC_TRUE; +- +- result = isc_taskmgr_createinctx(dhcp_gbl_ctx.mctx, +- dhcp_gbl_ctx.actx, +- 1, 0, +- &dhcp_gbl_ctx.taskmgr); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- result = isc_socketmgr_createinctx(dhcp_gbl_ctx.mctx, +- dhcp_gbl_ctx.actx, +- &dhcp_gbl_ctx.socketmgr); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- result = isc_timermgr_createinctx(dhcp_gbl_ctx.mctx, +- dhcp_gbl_ctx.actx, +- &dhcp_gbl_ctx.timermgr); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task); +- if (result != ISC_R_SUCCESS) +- goto cleanup; ++ result = isc_mem_create(0, 0, &dhcp_gbl_ctx.mctx); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ ++ result = isc_appctx_create(dhcp_gbl_ctx.mctx, &dhcp_gbl_ctx.actx); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ ++ result = isc_app_ctxstart(dhcp_gbl_ctx.actx); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ ++ /* ++ * Always ignore SIGPIPE. ++ * Otherwise we will die before the errno == EPIPE ++ * checks in the socket code are reached. ++ * ++ * Note: unlike isc_app_start(), isc_app_ctxstart() ++ * does not set any signal handlers. ++ */ ++ result = handle_signal(SIGPIPE, SIG_IGN); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ ++ dhcp_gbl_ctx.actx_started = ISC_TRUE; ++ ++ result = isc_taskmgr_createinctx(dhcp_gbl_ctx.mctx, ++ dhcp_gbl_ctx.actx, ++ 1, 0, ++ &dhcp_gbl_ctx.taskmgr); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ ++ result = isc_socketmgr_createinctx(dhcp_gbl_ctx.mctx, ++ dhcp_gbl_ctx.actx, ++ &dhcp_gbl_ctx.socketmgr); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ ++ result = isc_timermgr_createinctx(dhcp_gbl_ctx.mctx, ++ dhcp_gbl_ctx.actx, ++ &dhcp_gbl_ctx.timermgr); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ ++ result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ } + + #if defined (NSUPDATE) +- result = dns_client_createx(dhcp_gbl_ctx.mctx, +- dhcp_gbl_ctx.actx, +- dhcp_gbl_ctx.taskmgr, +- dhcp_gbl_ctx.socketmgr, +- dhcp_gbl_ctx.timermgr, +- 0, +- &dhcp_gbl_ctx.dnsclient); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +-#else +- /* The dst library is inited as part of dns_lib_init, we don't +- * need it if NSUPDATE is enabled */ +- result = dst_lib_init(dhcp_gbl_ctx.mctx, NULL, 0); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- ++ if ((flags & DHCP_CONTEXT_POST_DB) != 0) { ++ ++ result = dns_client_createx(dhcp_gbl_ctx.mctx, ++ dhcp_gbl_ctx.actx, ++ dhcp_gbl_ctx.taskmgr, ++ dhcp_gbl_ctx.socketmgr, ++ dhcp_gbl_ctx.timermgr, ++ 0, ++ &dhcp_gbl_ctx.dnsclient); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ } + #endif + return(ISC_R_SUCCESS); + +diff --git a/omapip/test.c b/omapip/test.c +index e97a61f..2735716 100644 +--- a/omapip/test.c ++++ b/omapip/test.c +@@ -45,7 +45,7 @@ int main (int argc, char **argv) + omapi_object_t *connection = (omapi_object_t*)0; + isc_result_t status; + +- status = dhcp_context_create(); ++ status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB); + if (status != ISC_R_SUCCESS) { + fprintf(stderr, "Can't initialize context: %s\n", + isc_result_totext(status)); +diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c +index 4ef6737..15e5c46 100644 +--- a/relay/dhcrelay.c ++++ b/relay/dhcrelay.c +@@ -195,7 +195,7 @@ main(int argc, char **argv) { + #endif + + /* Set up the isc and dns library managers */ +- status = dhcp_context_create(); ++ status = dhcp_context_create(DHCP_CONTEXT_PRE_DB | DHCP_CONTEXT_POST_DB); + if (status != ISC_R_SUCCESS) + log_fatal("Can't initialize context: %s", + isc_result_totext(status)); +diff --git a/server/dhcpd.c b/server/dhcpd.c +index b28c34c..434db00 100644 +--- a/server/dhcpd.c ++++ b/server/dhcpd.c +@@ -281,7 +281,7 @@ main(int argc, char **argv) { + close(fd); + + /* Set up the isc and dns library managers */ +- status = dhcp_context_create(); ++ status = dhcp_context_create(DHCP_CONTEXT_PRE_DB); + if (status != ISC_R_SUCCESS) + log_fatal("Can't initialize context: %s", + isc_result_totext(status)); +@@ -1100,6 +1100,11 @@ void postconf_initialization (int quiet) + if (ddns_update_style == DDNS_UPDATE_STYLE_AD_HOC) { + log_fatal("ddns-update-style ad_hoc no longer supported"); + } ++ ++ if (ddns_update_style != DDNS_UPDATE_STYLE_NONE && dhcp_context_create(DHCP_CONTEXT_POST_DB) ++ != ISC_R_SUCCESS) ++ log_fatal("Unable to complete ddns initialization"); ++ + #else + /* If we don't have support for updates compiled in tell the user */ + if (ddns_update_style != DDNS_UPDATE_STYLE_NONE) { +-- +2.1.2 + diff --git a/dhclient-script b/dhclient-script index af8daf7..14bd43c 100644 --- a/dhclient-script +++ b/dhclient-script @@ -1,6 +1,20 @@ #!/bin/bash # -# Copyright (C) 2010-2014 SUSE LINUX Products GmbH / Novell Inc. +# Copyright (C) 2010-2013 SUSE LINUX Products GmbH / Novell Inc. +# Copyright (C) 2013-2014 SUSE LINUX GmbH +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, see . # # Author: Marius Tomaschewski # @@ -270,10 +284,6 @@ set_ipv4_routes() fi fi } -set_ipv6_routes() -{ - : TODO -} set_hostname() { rx_host='^[[:alnum:]][[:alnum:]_-]{0,62}$' @@ -324,6 +334,57 @@ set_hostname() fi fi } +dhcp6_dad_check() +{ + local ifname="$1" word i + local ipaddr="$2" + local noaddr=1 nodad=0 tentative=0 dadfailed=0 + test -n "$ifname" -a -n "$ipaddr" || return 1 + + while read -a word ; do + test "${word[0]}" != "inet6" && continue + noaddr=0 + for((i=2; i<${#word[@]}; ++i)) ; do + case ${word[$i]} in + nodad) nodad=1 ;; + tentative) tentative=1 ;; + dadfailed) dadfailed=1 ;; + flags) ((i++)) + rx='^[[:xdigit:]]+$' + [[ "${word[$i]}" =~ $rx ]] || continue + hx="0x${word[$i]}" + ((hx & 0x02)) && nodad=1 + ((hx & 0x08)) && dadfailed=1 + ((hx & 0x40)) && tentative=1 + ;; + esac + done + ((nodad)) && continue + ((dadfailed)) && return 3 + ((tentative)) && return 2 + done < <(LC_ALL=C ip -6 addr show dev "${ifname}" to "${ipaddr}" 2>/dev/null) + # on dad failure of dynamic (non-persistent) address, + # the kernel deletes dad failed addresses + # that is, the address is tentative (2) and vanishes + # (4) and is not visible as dadfailed (3). + ((noaddr)) && return 4 || return 0 +} +dhcp6_dad_wait() +{ + local ifname="$1" + local ipaddr="$2" + local -i wsecs=${3:-0} + local -i uwait=25000 + local -i loops=$(((wsecs * 1000000) / uwait)) + local -i loop=0 ret=0 + + dhcp6_dad_check "$ifname" "$ipaddr" ; ret=$? + while ((ret == 2 && loop++ < loops)) ; do + usleep $uwait + dhcp6_dad_check "$ifname" "$ipaddr" ; ret=$? + done + return $ret +} # Must be used on exit. Invokes the local dhcp client exit hooks, if any. exit_with_hooks() { @@ -483,12 +544,12 @@ BOUND|RENEW|REBIND|REBOOT) if is_ifup_controlled ; then ifdown $interface -o dhcp - write_cached_config_data dhcp4_state "new" $interface + write_cached_config_data dhcp4_state "up" $interface commit_cached_config_data $interface fi else if is_ifup_controlled ; then - write_cached_config_data dhcp4_state "up" $interface + write_cached_config_data dhcp4_state "new" $interface commit_cached_config_data $interface fi fi @@ -607,21 +668,29 @@ BOUND6|RENEW6|REBIND6|REBOOT6) /sbin/ip addr del "$old_ip6_address/$old_ip6_prefixlen" dev $interface if is_ifup_controlled ; then - write_cached_config_data dhcp6_state "new" $interface + write_cached_config_data dhcp6_state "up" $interface commit_cached_config_data $interface fi else if is_ifup_controlled ; then - write_cached_config_data dhcp6_state "up" $interface + write_cached_config_data dhcp6_state "new" $interface commit_cached_config_data $interface fi fi if [ "x$new_ip6_address" != x -a "x$new_ip6_prefixlen" != x ] ; then - /sbin/ip addr add "$new_ip6_address/$new_ip6_prefixlen" \ - dev $interface scope global + /sbin/ip addr replace "$new_ip6_address/$new_ip6_prefixlen" \ + scope global dev $interface \ + ${new_max_life:+valid_lft $new_max_life} \ + ${new_preferred_life:+preferred_lft $new_preferred_life} \ + || exit_with_hooks 2 - set_ipv6_routes + echo >&2 "Checking DAD results for $new_ip6_address" + + if ! dhcp6_dad_wait "$interface" "$new_ip6_address/$new_ip6_prefixlen" 5 ; then + /sbin/ip addr del "$new_ip6_address/$new_ip6_prefixlen" dev $interface 2>/dev/null + exit_with_hooks 3 + fi fi netconfig_modify @@ -646,11 +715,11 @@ BOUND6|RENEW6|REBIND6|REBOOT6) DEPREF6) #################################################################### - if [ x$new_ip6_address = x -o x$new_ip6_prefixlen = x ] ; then + if [ x$cur_ip6_address = x -o x$cur_ip6_prefixlen = x ] ; then exit_with_hooks 2 fi - /sbin/ip addr change "$new_ip6_address/$new_ip6_prefixlen" \ + /sbin/ip addr change "$cur_ip6_address/$cur_ip6_prefixlen" \ dev $interface scope global preferred_lft 0 exit_with_hooks 0 diff --git a/dhcp.changes b/dhcp.changes index 38e6861..7f82d5d 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Thu Nov 20 11:43:07 UTC 2014 - mt@suse.de + +- Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to + reorder config to add all global options or option declarations + to the dhcpService object instead to create new service object + (bsc#886094,ISC-Bugs#37876). + [+ dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch] +- Applied an upstream patch by Thomas Markwalder adding missed + mapping of SHA TSIG algorithm names to their constants to enable + hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512 + authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947). + [+ dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch] +- Decline IPv6 addresses on Duplicate Address Detection failure + and stop client message exchanges on reached MRD rather than + at some point after it. Applied fedora patches by Jiri Popelka + and added DAD reporting via exit 3 to the dhclient-script and + a fix to use correct address variables in the DEPREF6 action + (bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238). + [+ dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, + + dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch] +- Applied backport patch by William Preston avoiding to bind ddns + socket in the server when ddns-update-style is none (bsc#891655). + [+ dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch] +- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script + fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409]) + [+ dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch] +- Updated licence statement and FSF address in our scripts. +- Added missed service_add_pre macro calls for dhcrelay services + ------------------------------------------------------------------- Fri Nov 14 09:18:33 UTC 2014 - dimstar@opensuse.org diff --git a/dhcp.spec b/dhcp.spec index 8a89000..ced2b89 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -120,6 +120,18 @@ Patch18: 0018-dhcp-4.2.6-improved-xid.patch Patch19: 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch # PATCH-FIX-OPENSUSE dhcp-4.2.x-chown-server-leases bnc#868253 Patch20: 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch +# PATCH-FIX-SLE dhcp-4.2.4-P2-bnc878846-conf-to-ldap bnc#878846 +Patch21: 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch +# PATCH-FIX-SLE dhcp-4.2.x-contrib-conf-to-ldap-reorder bnc#886094 +Patch22: 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch +# PATCH-FIX-OPENSUSE dhcp-4.2.x-ddns-tsig-hmac-sha-support bnc#890731 +Patch23: 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch +# PATCH-FIX-SLE dhcp-4.2.x-dhcpv6-decline-on-DAD-failure bnc#872609 +Patch24: 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch +# PATCH-FIX-SLE dhcp-4.2.x-dhcpv6-retransmission-until-MRD bnc#872609 +Patch25: 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch +# PATCH-FIX-SLE dhcp-4.2.x-disable-unused-ddns-port-in-server bnc#891655 +Patch26: 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch ## PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -255,6 +267,12 @@ Authors: %patch18 -p1 %patch19 -p1 %patch20 -p1 +%patch21 -p1 +%patch22 -p1 +%patch23 -p1 +%patch24 -p1 +%patch25 -p1 +%patch26 -p1 ## find . -type f -name \*.cat\* -exec rm -f {} \; dos2unix contrib/ms2isc/* @@ -542,6 +560,12 @@ fi %insserv_cleanup %endif +%pre relay +%if %{with systemd} +%service_add_pre dhcrelay.service +%service_add_pre dhcrelay6.service +%endif + %post relay # %{rename_sysconfig_variable -f etc/sysconfig/dhcrelay diff --git a/rc.dhcpd b/rc.dhcpd index 8aae2cf..ccad35d 100644 --- a/rc.dhcpd +++ b/rc.dhcpd @@ -2,7 +2,8 @@ # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH # Copyright (c) 2002, 2003 SuSE Linux AG -# Copyright (c) 2004-2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2004-2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013-2014 SUSE LINUX GmbH, Nuernberg, Germany. # # This program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software @@ -15,8 +16,7 @@ # details. # # You should have received a copy of the GNU General Public License along with -# this program; if not, write to the Free Software Foundation, Inc., 59 Temple -# Place, Suite 330, Boston, MA 02111-1307 USA +# this program; if not, see . # # Author: Rolf Haberrecker , 1997-1999 # Peter Poeml , 2000-2006 diff --git a/rc.dhcpd6 b/rc.dhcpd6 index 5398220..b471bf8 100644 --- a/rc.dhcpd6 +++ b/rc.dhcpd6 @@ -2,7 +2,8 @@ # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH # Copyright (c) 2002, 2003 SuSE Linux AG -# Copyright (c) 2004-2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2004-2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2004-2013 SUSE LINUX GmbH, Nuernberg, Germany. # # This program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software diff --git a/rc.dhcrelay b/rc.dhcrelay index 03c906c..7fd6ead 100644 --- a/rc.dhcrelay +++ b/rc.dhcrelay @@ -2,7 +2,21 @@ # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH # Copyright (c) 2002 SuSE Linux AG -# Copyright (c) 2003-2010 SUSE LINUX Products GmbH +# Copyright (c) 2003-2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (C) 2013-2014 SUSE LINUX GmbH, Nuernberg, Germany. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, see . # # Author: Peter Poeml , 2001 # Marius Tomaschewski , 2010 diff --git a/rc.dhcrelay6 b/rc.dhcrelay6 index f182a3b..36fdf8d 100644 --- a/rc.dhcrelay6 +++ b/rc.dhcrelay6 @@ -2,7 +2,21 @@ # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH # Copyright (c) 2002 SuSE Linux AG -# Copyright (c) 2003-2010 SUSE LINUX Products GmbH +# Copyright (c) 2003-2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (C) 2013-2014 SUSE LINUX GmbH, Nuernberg, Germany. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, see . # # Author: Peter Poeml , 2001 # Marius Tomaschewski , 2010 From 71bbe2c0272130e5e7b796f4d30290a1ddb4d2db5e0af02f08d8929ca54b4480 Mon Sep 17 00:00:00 2001 From: Philipp Thomas Date: Wed, 10 Dec 2014 13:04:15 +0000 Subject: [PATCH 3/8] - Modify 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch as detailed in bnc#870535 instead of adding yet another patch. OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=142 --- 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch | 78 ++++++++++---------- dhcp.changes | 6 ++ 2 files changed, 45 insertions(+), 39 deletions(-) diff --git a/0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch b/0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch index bf54368..720c545 100644 --- a/0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch +++ b/0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch @@ -4,18 +4,18 @@ Date: Tue, 25 Mar 2014 23:15:58 +0200 Subject: [PATCH 1/2] dhcp 4.2.6 lpf ip over ib support --- - client/dhclient.c | 31 +++++++ - common/bpf.c | 33 ++++++++ - common/lpf.c | 236 +++++++++++++++++++++++++++++++++++++++++++++--------- - common/socket.c | 8 +- - includes/dhcpd.h | 3 +- - 5 files changed, 266 insertions(+), 45 deletions(-) + client/dhclient.c | 31 +++++++ + common/bpf.c | 33 +++++++ + common/lpf.c | 239 ++++++++++++++++++++++++++++++++++++++++++++---------- + common/socket.c | 8 - + includes/dhcpd.h | 3 + 5 files changed, 269 insertions(+), 45 deletions(-) -diff --git a/client/dhclient.c b/client/dhclient.c -index 8af0a42..f7dfbef 100644 ---- a/client/dhclient.c -+++ b/client/dhclient.c -@@ -100,6 +100,29 @@ static int check_domain_name_list(const char *ptr, size_t len, int dots); +Index: dhcp-4.2.6/client/dhclient.c +=================================================================== +--- dhcp-4.2.6.orig/client/dhclient.c 2014-12-10 13:24:48.679081338 +0100 ++++ dhcp-4.2.6/client/dhclient.c 2014-12-10 13:25:34.226013202 +0100 +@@ -100,6 +100,29 @@ static int check_domain_name_list(const static int check_option_values(struct universe *universe, unsigned int opt, const char *ptr, size_t len); @@ -60,10 +60,10 @@ index 8af0a42..f7dfbef 100644 /* Start a configuration state machine for each interface. */ #ifdef DHCPv6 if (local_family == AF_INET6) { -diff --git a/common/bpf.c b/common/bpf.c -index 076d9bc..124281b 100644 ---- a/common/bpf.c -+++ b/common/bpf.c +Index: dhcp-4.2.6/common/bpf.c +=================================================================== +--- dhcp-4.2.6.orig/common/bpf.c 2014-12-10 13:24:48.664081690 +0100 ++++ dhcp-4.2.6/common/bpf.c 2014-12-10 13:24:48.703080775 +0100 @@ -198,11 +198,44 @@ struct bpf_insn dhcp_bpf_filter [] = { BPF_STMT(BPF_RET+BPF_K, 0), }; @@ -109,10 +109,10 @@ index 076d9bc..124281b 100644 #if defined (HAVE_TR_SUPPORT) struct bpf_insn dhcp_bpf_tr_filter [] = { /* accept all token ring packets due to variable length header */ -diff --git a/common/lpf.c b/common/lpf.c -index 6639809..a428870 100644 ---- a/common/lpf.c -+++ b/common/lpf.c +Index: dhcp-4.2.6/common/lpf.c +=================================================================== +--- dhcp-4.2.6.orig/common/lpf.c 2014-12-10 13:24:48.647082088 +0100 ++++ dhcp-4.2.6/common/lpf.c 2014-12-10 13:27:33.789208756 +0100 @@ -43,6 +43,7 @@ #include "includes/netinet/udp.h" #include "includes/netinet/if_ether.h" @@ -299,7 +299,7 @@ index 6639809..a428870 100644 ssize_t send_packet (interface, packet, raw, len, from, to, hto) struct interface_info *interface; struct packet *packet; -@@ -335,6 +420,11 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto) +@@ -335,6 +420,11 @@ ssize_t send_packet (interface, packet, return send_fallback (interface, packet, raw, len, from, to, hto); @@ -311,7 +311,7 @@ index 6639809..a428870 100644 if (hto == NULL && interface->anycast_mac_addr.hlen) hto = &interface->anycast_mac_addr; -@@ -356,6 +446,42 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto) +@@ -356,6 +446,42 @@ ssize_t send_packet (interface, packet, #endif /* USE_LPF_SEND */ #ifdef USE_LPF_RECEIVE @@ -354,7 +354,7 @@ index 6639809..a428870 100644 ssize_t receive_packet (interface, buf, len, from, hfrom) struct interface_info *interface; unsigned char *buf; -@@ -382,6 +508,10 @@ ssize_t receive_packet (interface, buf, len, from, hfrom) +@@ -382,6 +508,10 @@ ssize_t receive_packet (interface, buf, }; struct cmsghdr *cmsg; @@ -365,7 +365,7 @@ index 6639809..a428870 100644 length = recvmsg (interface -> rfdesc, &msg, 0); if (length <= 0) return length; -@@ -462,33 +592,41 @@ void maybe_setup_fallback () +@@ -462,33 +592,44 @@ void maybe_setup_fallback () } void @@ -386,11 +386,14 @@ index 6639809..a428870 100644 - } + if (getifaddrs(&ifaddrs) == -1) + log_fatal("Failed to get interfaces"); ++ ++ for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { - sock = socket(AF_INET, SOCK_DGRAM, 0); - if (sock < 0) { - log_fatal("Can't create socket for \"%s\": %m", name); -+ for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { ++ if (!ifa->ifa_addr) ++ continue; + + if (ifa->ifa_addr->sa_family != AF_PACKET) + continue; @@ -425,7 +428,7 @@ index 6639809..a428870 100644 break; case ARPHRD_IEEE802: #ifdef ARPHRD_IEEE802_TR -@@ -496,18 +634,36 @@ get_hw_addr(const char *name, struct hardware *hw) { +@@ -496,18 +637,36 @@ get_hw_addr(const char *name, struct har #endif /* ARPHRD_IEEE802_TR */ hw->hlen = 7; hw->hbuf[0] = HTYPE_IEEE802; @@ -466,10 +469,10 @@ index 6639809..a428870 100644 + freeifaddrs(ifaddrs); } #endif -diff --git a/common/socket.c b/common/socket.c -index e111d82..04c86e3 100644 ---- a/common/socket.c -+++ b/common/socket.c +Index: dhcp-4.2.6/common/socket.c +=================================================================== +--- dhcp-4.2.6.orig/common/socket.c 2014-01-31 20:35:09.000000000 +0100 ++++ dhcp-4.2.6/common/socket.c 2014-12-10 13:24:48.703080775 +0100 @@ -322,7 +322,7 @@ void if_register_send (info) info->wfdesc = if_register_socket(info, AF_INET, 0, NULL); /* If this is a normal IPv4 address, get the hardware address. */ @@ -488,7 +491,7 @@ index e111d82..04c86e3 100644 if (!quiet_interface_discovery) log_info ("Listening on Socket/%s%s%s", -@@ -499,7 +499,7 @@ if_register6(struct interface_info *info, int do_multicast) { +@@ -499,7 +499,7 @@ if_register6(struct interface_info *info if (req_multi) if_register_multicast(info); @@ -497,7 +500,7 @@ index e111d82..04c86e3 100644 if (!quiet_interface_discovery) { if (info->shared_network != NULL) { -@@ -555,7 +555,7 @@ if_register_linklocal6(struct interface_info *info) { +@@ -555,7 +555,7 @@ if_register_linklocal6(struct interface_ info->rfdesc = sock; info->wfdesc = sock; @@ -506,10 +509,10 @@ index e111d82..04c86e3 100644 if (!quiet_interface_discovery) { if (info->shared_network != NULL) { -diff --git a/includes/dhcpd.h b/includes/dhcpd.h -index 68262e9..a52992b 100644 ---- a/includes/dhcpd.h -+++ b/includes/dhcpd.h +Index: dhcp-4.2.6/includes/dhcpd.h +=================================================================== +--- dhcp-4.2.6.orig/includes/dhcpd.h 2014-12-10 13:24:48.648082065 +0100 ++++ dhcp-4.2.6/includes/dhcpd.h 2014-12-10 13:25:34.042017517 +0100 @@ -1217,6 +1217,7 @@ struct interface_info { struct shared_network *shared_network; /* Networks connected to this interface. */ @@ -518,7 +521,7 @@ index 68262e9..a52992b 100644 struct in_addr *addresses; /* Addresses associated with this * interface. */ -@@ -2346,7 +2347,7 @@ void print_dns_status (int, struct dhcp_ddns_cb *, isc_result_t); +@@ -2346,7 +2347,7 @@ void print_dns_status (int, struct dhcp_ #endif const char *print_time(TIME); @@ -527,6 +530,3 @@ index 68262e9..a52992b 100644 /* socket.c */ #if defined (USE_SOCKET_SEND) || defined (USE_SOCKET_RECEIVE) \ --- -1.7.12.4 - diff --git a/dhcp.changes b/dhcp.changes index 7f82d5d..8a22e17 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Dec 10 13:29:38 CET 2014 - pth@suse.de + +- Modify 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch as detailed + in bnc#870535 instead of adding yet another patch. + ------------------------------------------------------------------- Thu Nov 20 11:43:07 UTC 2014 - mt@suse.de From 68ca1863f75a0e0a118674d3a0cedb04731440efd96298c07b6a6f5af6deddae Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 10 Dec 2014 13:24:44 +0000 Subject: [PATCH 4/8] - Applied fix by Jiri Slaby to not crash in interface discovery when the interface address is NULL, which has been introduced by the infiniband support patch (bsc#909189,bsc#870535). [+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch] - Reverted previous commit OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=143 --- 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch | 78 +++++++++---------- ...cp-4.2.x-handle-ifa_addr-NULL.909189.patch | 28 +++++++ dhcp.changes | 8 +- dhcp.spec | 3 + 4 files changed, 75 insertions(+), 42 deletions(-) create mode 100644 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch diff --git a/0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch b/0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch index 720c545..bf54368 100644 --- a/0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch +++ b/0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch @@ -4,18 +4,18 @@ Date: Tue, 25 Mar 2014 23:15:58 +0200 Subject: [PATCH 1/2] dhcp 4.2.6 lpf ip over ib support --- - client/dhclient.c | 31 +++++++ - common/bpf.c | 33 +++++++ - common/lpf.c | 239 ++++++++++++++++++++++++++++++++++++++++++++---------- - common/socket.c | 8 - - includes/dhcpd.h | 3 - 5 files changed, 269 insertions(+), 45 deletions(-) + client/dhclient.c | 31 +++++++ + common/bpf.c | 33 ++++++++ + common/lpf.c | 236 +++++++++++++++++++++++++++++++++++++++++++++--------- + common/socket.c | 8 +- + includes/dhcpd.h | 3 +- + 5 files changed, 266 insertions(+), 45 deletions(-) -Index: dhcp-4.2.6/client/dhclient.c -=================================================================== ---- dhcp-4.2.6.orig/client/dhclient.c 2014-12-10 13:24:48.679081338 +0100 -+++ dhcp-4.2.6/client/dhclient.c 2014-12-10 13:25:34.226013202 +0100 -@@ -100,6 +100,29 @@ static int check_domain_name_list(const +diff --git a/client/dhclient.c b/client/dhclient.c +index 8af0a42..f7dfbef 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -100,6 +100,29 @@ static int check_domain_name_list(const char *ptr, size_t len, int dots); static int check_option_values(struct universe *universe, unsigned int opt, const char *ptr, size_t len); @@ -60,10 +60,10 @@ Index: dhcp-4.2.6/client/dhclient.c /* Start a configuration state machine for each interface. */ #ifdef DHCPv6 if (local_family == AF_INET6) { -Index: dhcp-4.2.6/common/bpf.c -=================================================================== ---- dhcp-4.2.6.orig/common/bpf.c 2014-12-10 13:24:48.664081690 +0100 -+++ dhcp-4.2.6/common/bpf.c 2014-12-10 13:24:48.703080775 +0100 +diff --git a/common/bpf.c b/common/bpf.c +index 076d9bc..124281b 100644 +--- a/common/bpf.c ++++ b/common/bpf.c @@ -198,11 +198,44 @@ struct bpf_insn dhcp_bpf_filter [] = { BPF_STMT(BPF_RET+BPF_K, 0), }; @@ -109,10 +109,10 @@ Index: dhcp-4.2.6/common/bpf.c #if defined (HAVE_TR_SUPPORT) struct bpf_insn dhcp_bpf_tr_filter [] = { /* accept all token ring packets due to variable length header */ -Index: dhcp-4.2.6/common/lpf.c -=================================================================== ---- dhcp-4.2.6.orig/common/lpf.c 2014-12-10 13:24:48.647082088 +0100 -+++ dhcp-4.2.6/common/lpf.c 2014-12-10 13:27:33.789208756 +0100 +diff --git a/common/lpf.c b/common/lpf.c +index 6639809..a428870 100644 +--- a/common/lpf.c ++++ b/common/lpf.c @@ -43,6 +43,7 @@ #include "includes/netinet/udp.h" #include "includes/netinet/if_ether.h" @@ -299,7 +299,7 @@ Index: dhcp-4.2.6/common/lpf.c ssize_t send_packet (interface, packet, raw, len, from, to, hto) struct interface_info *interface; struct packet *packet; -@@ -335,6 +420,11 @@ ssize_t send_packet (interface, packet, +@@ -335,6 +420,11 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto) return send_fallback (interface, packet, raw, len, from, to, hto); @@ -311,7 +311,7 @@ Index: dhcp-4.2.6/common/lpf.c if (hto == NULL && interface->anycast_mac_addr.hlen) hto = &interface->anycast_mac_addr; -@@ -356,6 +446,42 @@ ssize_t send_packet (interface, packet, +@@ -356,6 +446,42 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto) #endif /* USE_LPF_SEND */ #ifdef USE_LPF_RECEIVE @@ -354,7 +354,7 @@ Index: dhcp-4.2.6/common/lpf.c ssize_t receive_packet (interface, buf, len, from, hfrom) struct interface_info *interface; unsigned char *buf; -@@ -382,6 +508,10 @@ ssize_t receive_packet (interface, buf, +@@ -382,6 +508,10 @@ ssize_t receive_packet (interface, buf, len, from, hfrom) }; struct cmsghdr *cmsg; @@ -365,7 +365,7 @@ Index: dhcp-4.2.6/common/lpf.c length = recvmsg (interface -> rfdesc, &msg, 0); if (length <= 0) return length; -@@ -462,33 +592,44 @@ void maybe_setup_fallback () +@@ -462,33 +592,41 @@ void maybe_setup_fallback () } void @@ -386,14 +386,11 @@ Index: dhcp-4.2.6/common/lpf.c - } + if (getifaddrs(&ifaddrs) == -1) + log_fatal("Failed to get interfaces"); -+ -+ for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { - sock = socket(AF_INET, SOCK_DGRAM, 0); - if (sock < 0) { - log_fatal("Can't create socket for \"%s\": %m", name); -+ if (!ifa->ifa_addr) -+ continue; ++ for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { + + if (ifa->ifa_addr->sa_family != AF_PACKET) + continue; @@ -428,7 +425,7 @@ Index: dhcp-4.2.6/common/lpf.c break; case ARPHRD_IEEE802: #ifdef ARPHRD_IEEE802_TR -@@ -496,18 +637,36 @@ get_hw_addr(const char *name, struct har +@@ -496,18 +634,36 @@ get_hw_addr(const char *name, struct hardware *hw) { #endif /* ARPHRD_IEEE802_TR */ hw->hlen = 7; hw->hbuf[0] = HTYPE_IEEE802; @@ -469,10 +466,10 @@ Index: dhcp-4.2.6/common/lpf.c + freeifaddrs(ifaddrs); } #endif -Index: dhcp-4.2.6/common/socket.c -=================================================================== ---- dhcp-4.2.6.orig/common/socket.c 2014-01-31 20:35:09.000000000 +0100 -+++ dhcp-4.2.6/common/socket.c 2014-12-10 13:24:48.703080775 +0100 +diff --git a/common/socket.c b/common/socket.c +index e111d82..04c86e3 100644 +--- a/common/socket.c ++++ b/common/socket.c @@ -322,7 +322,7 @@ void if_register_send (info) info->wfdesc = if_register_socket(info, AF_INET, 0, NULL); /* If this is a normal IPv4 address, get the hardware address. */ @@ -491,7 +488,7 @@ Index: dhcp-4.2.6/common/socket.c if (!quiet_interface_discovery) log_info ("Listening on Socket/%s%s%s", -@@ -499,7 +499,7 @@ if_register6(struct interface_info *info +@@ -499,7 +499,7 @@ if_register6(struct interface_info *info, int do_multicast) { if (req_multi) if_register_multicast(info); @@ -500,7 +497,7 @@ Index: dhcp-4.2.6/common/socket.c if (!quiet_interface_discovery) { if (info->shared_network != NULL) { -@@ -555,7 +555,7 @@ if_register_linklocal6(struct interface_ +@@ -555,7 +555,7 @@ if_register_linklocal6(struct interface_info *info) { info->rfdesc = sock; info->wfdesc = sock; @@ -509,10 +506,10 @@ Index: dhcp-4.2.6/common/socket.c if (!quiet_interface_discovery) { if (info->shared_network != NULL) { -Index: dhcp-4.2.6/includes/dhcpd.h -=================================================================== ---- dhcp-4.2.6.orig/includes/dhcpd.h 2014-12-10 13:24:48.648082065 +0100 -+++ dhcp-4.2.6/includes/dhcpd.h 2014-12-10 13:25:34.042017517 +0100 +diff --git a/includes/dhcpd.h b/includes/dhcpd.h +index 68262e9..a52992b 100644 +--- a/includes/dhcpd.h ++++ b/includes/dhcpd.h @@ -1217,6 +1217,7 @@ struct interface_info { struct shared_network *shared_network; /* Networks connected to this interface. */ @@ -521,7 +518,7 @@ Index: dhcp-4.2.6/includes/dhcpd.h struct in_addr *addresses; /* Addresses associated with this * interface. */ -@@ -2346,7 +2347,7 @@ void print_dns_status (int, struct dhcp_ +@@ -2346,7 +2347,7 @@ void print_dns_status (int, struct dhcp_ddns_cb *, isc_result_t); #endif const char *print_time(TIME); @@ -530,3 +527,6 @@ Index: dhcp-4.2.6/includes/dhcpd.h /* socket.c */ #if defined (USE_SOCKET_SEND) || defined (USE_SOCKET_RECEIVE) \ +-- +1.7.12.4 + diff --git a/0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch b/0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch new file mode 100644 index 0000000..4988906 --- /dev/null +++ b/0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch @@ -0,0 +1,28 @@ +From 17e0eabe7700d02b48ed8b0a923427caad3b7b4b Mon Sep 17 00:00:00 2001 +From: Jiri Slaby +Date: Wed, 10 Dec 2014 13:48:03 +0100 +Subject: [PATCH] dhcp-4.2.x-handle-ifa_addr-NULL.909189 + +References: bsc#909189,bnc#870535 + +Fix to not crash in interface discovery when the interface +address is NULL. Bug has been introduced by the infiniband +support patch (bsc#870535). + +diff --git a/common/lpf.c b/common/lpf.c +index 9dc6053..892ccce 100644 +--- a/common/lpf.c ++++ b/common/lpf.c +@@ -605,6 +605,9 @@ get_hw_addr(struct interface_info *info) + + for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { + ++ if (!ifa->ifa_addr) ++ continue; ++ + if (ifa->ifa_addr->sa_family != AF_PACKET) + continue; + +-- +2.2.0 + diff --git a/dhcp.changes b/dhcp.changes index 8a22e17..adfc136 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,8 +1,10 @@ ------------------------------------------------------------------- -Wed Dec 10 13:29:38 CET 2014 - pth@suse.de +Wed Dec 10 12:52:03 UTC 2014 - mt@suse.de -- Modify 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch as detailed - in bnc#870535 instead of adding yet another patch. +- Applied fix by Jiri Slaby to not crash in interface discovery + when the interface address is NULL, which has been introduced + by the infiniband support patch (bsc#909189,bsc#870535). + [+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch] ------------------------------------------------------------------- Thu Nov 20 11:43:07 UTC 2014 - mt@suse.de diff --git a/dhcp.spec b/dhcp.spec index ced2b89..49ca0ef 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -132,6 +132,8 @@ Patch24: 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch Patch25: 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch # PATCH-FIX-SLE dhcp-4.2.x-disable-unused-ddns-port-in-server bnc#891655 Patch26: 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch +# PATCH-FIX-SLE dhcp-4.2.x-handle-ifa_addr-NULL bsc#909189 +Patch27: 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch ## PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -273,6 +275,7 @@ Authors: %patch24 -p1 %patch25 -p1 %patch26 -p1 +%patch27 -p1 ## find . -type f -name \*.cat\* -exec rm -f {} \; dos2unix contrib/ms2isc/* From 8c2a607d3727dd6018ef4ac7d38830382a2ec67ae3ed9f9c515a7273c9341a23 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 10 Dec 2014 14:52:11 +0000 Subject: [PATCH 5/8] - fix bashisms in dhcprelay script OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=144 --- dhcp.changes | 5 +++++ dhcrelay.script | 8 +++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/dhcp.changes b/dhcp.changes index adfc136..aee3ce2 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -6,6 +6,11 @@ Wed Dec 10 12:52:03 UTC 2014 - mt@suse.de by the infiniband support patch (bsc#909189,bsc#870535). [+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch] +------------------------------------------------------------------- +Tue Dec 09 19:25:00 UTC 2014 - Led + +- fix bashisms in dhcprelay script + ------------------------------------------------------------------- Thu Nov 20 11:43:07 UTC 2014 - mt@suse.de diff --git a/dhcrelay.script b/dhcrelay.script index 615cbc8..e710202 100644 --- a/dhcrelay.script +++ b/dhcrelay.script @@ -130,9 +130,11 @@ case "$1" in # startproc should return 0, even if service is # already running to match LSB spec. - test "$2" = "-v" && echo -en \ - "\nexecuting '$DAEMON_BIN $DHCPv_OPT $DHCRELAY_OPTIONS $DHCRELAY_ARGS'" - startproc -q -l $STARTPROC_LOGFILE -p $DAEMON_PIDFILE $DAEMON_BIN $DHCPv_OPT $DHCRELAY_OPTIONS $DHCRELAY_ARGS &>/dev/null + if [ "$2" = "-v" ]; then + echo + echo -n "executing '$DAEMON_BIN $DHCPv_OPT $DHCRELAY_OPTIONS $DHCRELAY_ARGS'" + fi + startproc -q -l $STARTPROC_LOGFILE -p $DAEMON_PIDFILE $DAEMON_BIN $DHCPv_OPT $DHCRELAY_OPTIONS $DHCRELAY_ARGS >/dev/null 2>&1 rc=$? if ! [ $rc -eq 0 ]; then ## be verbose From c16dcdb087453e1f83def2f989cbdebcb6bb7f7997243a9e8b63e830c659a680 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 10 Dec 2014 14:54:02 +0000 Subject: [PATCH 6/8] Accepting request 264583 from home:Ledest:bashisms fix bashisms in dhcprelay script OBS-URL: https://build.opensuse.org/request/show/264583 OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=145 --- ...cp-4.2.x-handle-ifa_addr-NULL.909189.patch | 28 ------------------- dhcp.changes | 8 ------ dhcp.spec | 3 -- 3 files changed, 39 deletions(-) delete mode 100644 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch diff --git a/0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch b/0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch deleted file mode 100644 index 4988906..0000000 --- a/0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 17e0eabe7700d02b48ed8b0a923427caad3b7b4b Mon Sep 17 00:00:00 2001 -From: Jiri Slaby -Date: Wed, 10 Dec 2014 13:48:03 +0100 -Subject: [PATCH] dhcp-4.2.x-handle-ifa_addr-NULL.909189 - -References: bsc#909189,bnc#870535 - -Fix to not crash in interface discovery when the interface -address is NULL. Bug has been introduced by the infiniband -support patch (bsc#870535). - -diff --git a/common/lpf.c b/common/lpf.c -index 9dc6053..892ccce 100644 ---- a/common/lpf.c -+++ b/common/lpf.c -@@ -605,6 +605,9 @@ get_hw_addr(struct interface_info *info) - - for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { - -+ if (!ifa->ifa_addr) -+ continue; -+ - if (ifa->ifa_addr->sa_family != AF_PACKET) - continue; - --- -2.2.0 - diff --git a/dhcp.changes b/dhcp.changes index aee3ce2..12772d9 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,11 +1,3 @@ -------------------------------------------------------------------- -Wed Dec 10 12:52:03 UTC 2014 - mt@suse.de - -- Applied fix by Jiri Slaby to not crash in interface discovery - when the interface address is NULL, which has been introduced - by the infiniband support patch (bsc#909189,bsc#870535). - [+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch] - ------------------------------------------------------------------- Tue Dec 09 19:25:00 UTC 2014 - Led diff --git a/dhcp.spec b/dhcp.spec index 49ca0ef..ced2b89 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -132,8 +132,6 @@ Patch24: 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch Patch25: 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch # PATCH-FIX-SLE dhcp-4.2.x-disable-unused-ddns-port-in-server bnc#891655 Patch26: 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch -# PATCH-FIX-SLE dhcp-4.2.x-handle-ifa_addr-NULL bsc#909189 -Patch27: 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch ## PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -275,7 +273,6 @@ Authors: %patch24 -p1 %patch25 -p1 %patch26 -p1 -%patch27 -p1 ## find . -type f -name \*.cat\* -exec rm -f {} \; dos2unix contrib/ms2isc/* From 4bdbecfaadbde9934cde3cf05f104e537026ce3d9dcafc65acca0399ed63369b Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 10 Dec 2014 14:56:32 +0000 Subject: [PATCH 7/8] But now... - Applied fix by Jiri Slaby to not crash in interface discovery when the interface address is NULL, which has been introduced by the infiniband support patch (bsc#909189,bsc#870535). [+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch] OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=146 --- ...cp-4.2.x-handle-ifa_addr-NULL.909189.patch | 28 +++++++++++++++++++ dhcp.changes | 8 ++++++ dhcp.spec | 3 ++ 3 files changed, 39 insertions(+) create mode 100644 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch diff --git a/0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch b/0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch new file mode 100644 index 0000000..4988906 --- /dev/null +++ b/0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch @@ -0,0 +1,28 @@ +From 17e0eabe7700d02b48ed8b0a923427caad3b7b4b Mon Sep 17 00:00:00 2001 +From: Jiri Slaby +Date: Wed, 10 Dec 2014 13:48:03 +0100 +Subject: [PATCH] dhcp-4.2.x-handle-ifa_addr-NULL.909189 + +References: bsc#909189,bnc#870535 + +Fix to not crash in interface discovery when the interface +address is NULL. Bug has been introduced by the infiniband +support patch (bsc#870535). + +diff --git a/common/lpf.c b/common/lpf.c +index 9dc6053..892ccce 100644 +--- a/common/lpf.c ++++ b/common/lpf.c +@@ -605,6 +605,9 @@ get_hw_addr(struct interface_info *info) + + for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { + ++ if (!ifa->ifa_addr) ++ continue; ++ + if (ifa->ifa_addr->sa_family != AF_PACKET) + continue; + +-- +2.2.0 + diff --git a/dhcp.changes b/dhcp.changes index 12772d9..aee3ce2 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Dec 10 12:52:03 UTC 2014 - mt@suse.de + +- Applied fix by Jiri Slaby to not crash in interface discovery + when the interface address is NULL, which has been introduced + by the infiniband support patch (bsc#909189,bsc#870535). + [+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch] + ------------------------------------------------------------------- Tue Dec 09 19:25:00 UTC 2014 - Led diff --git a/dhcp.spec b/dhcp.spec index ced2b89..49ca0ef 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -132,6 +132,8 @@ Patch24: 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch Patch25: 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch # PATCH-FIX-SLE dhcp-4.2.x-disable-unused-ddns-port-in-server bnc#891655 Patch26: 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch +# PATCH-FIX-SLE dhcp-4.2.x-handle-ifa_addr-NULL bsc#909189 +Patch27: 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch ## PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -273,6 +275,7 @@ Authors: %patch24 -p1 %patch25 -p1 %patch26 -p1 +%patch27 -p1 ## find . -type f -name \*.cat\* -exec rm -f {} \; dos2unix contrib/ms2isc/* From 18d6a5c7fcb80a660bbd46f3779118e2a5e56726d7ab0de8eeae9dad7b62d2c3 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 10 Dec 2014 15:05:07 +0000 Subject: [PATCH 8/8] Fixed patch references in the changelog [+ 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch] [+ 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch] [+ 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, + 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch] [+ 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch] [+ 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch] OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=147 --- dhcp.changes | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/dhcp.changes b/dhcp.changes index aee3ce2..3c119fb 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -18,26 +18,26 @@ Thu Nov 20 11:43:07 UTC 2014 - mt@suse.de reorder config to add all global options or option declarations to the dhcpService object instead to create new service object (bsc#886094,ISC-Bugs#37876). - [+ dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch] + [+ 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch] - Applied an upstream patch by Thomas Markwalder adding missed mapping of SHA TSIG algorithm names to their constants to enable hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512 authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947). - [+ dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch] + [+ 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch] - Decline IPv6 addresses on Duplicate Address Detection failure and stop client message exchanges on reached MRD rather than at some point after it. Applied fedora patches by Jiri Popelka and added DAD reporting via exit 3 to the dhclient-script and a fix to use correct address variables in the DEPREF6 action (bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238). - [+ dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, - + dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch] + [+ 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch, + + 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch] - Applied backport patch by William Preston avoiding to bind ddns socket in the server when ddns-update-style is none (bsc#891655). - [+ dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch] + [+ 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch] - Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409]) - [+ dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch] + [+ 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch] - Updated licence statement and FSF address in our scripts. - Added missed service_add_pre macro calls for dhcrelay services