commit 8f6a1c5683f1be260dc7d99f736f65936f7a2b28 Author: CentOS Sources Date: Tue May 16 06:14:49 2023 +0000 import dhcp-4.3.6-49.el8 diff --git a/.dhcp.metadata b/.dhcp.metadata new file mode 100644 index 0000000..5ad3be0 --- /dev/null +++ b/.dhcp.metadata @@ -0,0 +1 @@ +fb0417530e49368fe032cd9722f51c74f93180ac SOURCES/dhcp-4.3.6.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b16842b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/dhcp-4.3.6.tar.gz diff --git a/SOURCES/11-dhclient b/SOURCES/11-dhclient new file mode 100644 index 0000000..8bd0c75 --- /dev/null +++ b/SOURCES/11-dhclient @@ -0,0 +1,37 @@ +#!/bin/bash +# run dhclient.d scripts in an emulated environment + +PATH=/bin:/usr/bin:/sbin +ETCDIR=/etc/dhcp +SAVEDIR=/var/lib/dhclient +interface=$1 + +for optname in "${!DHCP4_@}"; do + newoptname=${optname,,}; + newoptname=new_${newoptname#dhcp4_}; + export "${newoptname}"="${!optname}"; +done + +[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network + +[ -f /etc/sysconfig/network-scripts/ifcfg-"${interface}" ] && \ + . /etc/sysconfig/network-scripts/ifcfg-"${interface}" + +if [ -d $ETCDIR/dhclient.d ]; then + for f in $ETCDIR/dhclient.d/*.sh; do + if [ -x "${f}" ]; then + subsystem="${f%.sh}" + subsystem="${subsystem##*/}" + . "${f}" + if [ "$2" = "up" ]; then + "${subsystem}_config" + elif [ "$2" = "dhcp4-change" ]; then + if [ "$subsystem" = "chrony" -o "$subsystem" = "ntp" ]; then + "${subsystem}_config" + fi + elif [ "$2" = "down" ]; then + "${subsystem}_restore" + fi + fi + done +fi diff --git a/SOURCES/56dhclient b/SOURCES/56dhclient new file mode 100644 index 0000000..7f185f1 --- /dev/null +++ b/SOURCES/56dhclient @@ -0,0 +1,61 @@ +#!/bin/sh +# If we are running dhclient, shutdown running instances cleanly and +# bring them back up on resume. + +. "${PM_FUNCTIONS}" + +PM_DHCLIENT_RUNDIR="${PM_UTILS_RUNDIR}/network" +PM_DHCLIENT_SUSPEND="${PM_DHCLIENT_RUNDIR}/dhclient.suspend" + +suspend_dhclient() { + [ ! -d /etc/sysconfig/network-scripts ] && return + [ ! -x /sbin/ifdown ] && return + + [ ! -d ${PM_DHCLIENT_RUNDIR} ] && /bin/mkdir -p ${PM_DHCLIENT_RUNDIR} + [ -f ${PM_DHCLIENT_SUSPEND} ] && /bin/rm -f ${PM_DHCLIENT_SUSPEND} + + cd /etc/sysconfig/network-scripts + for ifcfg in ifcfg-* ; do + # Clear relevant parameters set by previous interface + # (lo doesn't set them) + NM_CONTROLLED= + BOOTPROTO= + + . ./"${ifcfg}" + + if [ "${NM_CONTROLLED}" = "no" ] || [ "${NM_CONTROLLED}" = "n" ] || [ "${NM_CONTROLLED}" = "false" ]; then + if [ "${BOOTPROTO}" = "bootp" ] || [ "${BOOTPROTO}" = "dhcp" ] || [ -z "${BOOTPROTO}" ]; then + # device is not NetworkManager controlled and uses dhcp, + # now see if it's actually up at the moment + /sbin/ip link show ${DEVICE} | /bin/grep -qE "state (UP|UNKNOWN)" >/dev/null 2>&1 + if [ $? -eq 0 ]; then + echo "${DEVICE}" >> ${PM_DHCLIENT_SUSPEND} + /sbin/ifdown ${DEVICE} + fi + fi + fi + done +} + +resume_dhclient() { + [ ! -f ${PM_DHCLIENT_SUSPEND} ] && return + [ ! -x /sbin/ifup ] && return + + cd /etc/sysconfig/network-scripts + while read device ; do + /sbin/ifup ${device} + done < ${PM_DHCLIENT_SUSPEND} + + /bin/rm -f ${PM_DHCLIENT_SUSPEND} +} + +case "$1" in + hibernate|suspend) + suspend_dhclient + ;; + thaw|resume) + resume_dhclient + ;; + *) exit $NA + ;; +esac diff --git a/SOURCES/README.dhclient.d b/SOURCES/README.dhclient.d new file mode 100644 index 0000000..6899aaa --- /dev/null +++ b/SOURCES/README.dhclient.d @@ -0,0 +1,47 @@ +The /etc/dhcp/dhclient.d directory allows other packages and system +administrators to create application-specific option handlers for dhclient. + +When dhclient is run, any option listed in the dhcp-options(5) man page can +be requested. dhclient-script does not handle every option available +because doing so would make the script unmaintainable as the components +using those options might change over time. The knowledge of how to handle +those options should be under the responsibility of the package maintainer +for that component (e.g., NTP options belong in a handler in the ntp +package). + +To make maintenance easier, application specific DHCP options can be handled +by creating a bash script with two functions and placing it in /etc/dhcp/dhclient.d + +The script must follow a specific form: + +(1) The script must be named NAME.sh. NAME can be anything, but it makes + sense to name it for the service it handles. e.g., ntp.sh + +(2) The script must provide a NAME_config() function to read the options and + do whatever it takes to put those options in place. + +(3) The script must provide a NAME_restore() function to restore original + configuration state when dhclient stops. + +(4) The script must be 'chmod +x' or dhclient-script will ignore it. + +The scripts execute in the same environment as dhclient-script. That means +all of the functions and variables available to it are available to your +NAME.sh script. Things of note: + + ${SAVEDIR} is where original configuration files are saved. Save your + original configuration files here before you take the DHCP provided + values and generate new files. + + Variables set in /etc/sysconfig/network, /etc/sysconfig/networking/network, + and /etc/sysconfig/network-scripts/ifcfg-$interface are available to + you. + +See the scripts in /etc/dhcp/dhclient.d for examples. + +NOTE: Do not use functions defined in /usr/sbin/dhclient-script. Consider +dhclient-script a black box. This script may change over time, so the +dhclient.d scripts should not be using functions defined in it. + +-- +David Cantrell diff --git a/SOURCES/dhclient-script b/SOURCES/dhclient-script new file mode 100644 index 0000000..5f58112 --- /dev/null +++ b/SOURCES/dhclient-script @@ -0,0 +1,975 @@ +#!/bin/bash +# +# dhclient-script: Network interface configuration script run by +# dhclient based on DHCP client communication +# +# Copyright (C) 2008-2014 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# Author(s): David Cantrell +# Jiri Popelka +# +# ---------- +# This script is a rewrite/reworking on dhclient-script originally +# included as part of dhcp-970306: +# dhclient-script for Linux. Dan Halbert, March, 1997. +# Updated for Linux 2.[12] by Brian J. Murrell, January 1999. +# Modified by David Cantrell for Fedora and RHEL +# ---------- +# + +PATH=/bin:/usr/bin:/sbin +# scripts in dhclient.d/ use $SAVEDIR (#833054) +export SAVEDIR=/var/lib/dhclient + +LOGFACILITY="local7" +LOGLEVEL="notice" + +ETCDIR="/etc/dhcp" + +RESOLVCONF="/etc/resolv.conf" + +logmessage() { + msg="${1}" + logger -p "${LOGFACILITY}.${LOGLEVEL}" -t "NET" "dhclient: ${msg}" +} + +eventually_add_hostnames_domain_to_search() { +# For the case when hostname for this machine has a domain that is not in domain_search list +# 1) get a hostname with `ipcalc --hostname` or `hostnamectl --transient` +# 2) get the domain from this hostname +# 3) add this domain to search line in resolv.conf if it's not already +# there (domain list that we have recently added there is a parameter of this function) +# We can't do this directly when generating resolv.conf in make_resolv_conf(), because +# we need to first save the resolv.conf with obtained values before we can call `ipcalc --hostname`. +# See bug 637763 + search="${1}" + if need_hostname; then + status=1 + OLD_HOSTNAME=$HOSTNAME + if [ -n "${new_ip_address}" ]; then + eval $(/usr/bin/ipcalc --silent --hostname "${new_ip_address}" ; echo "status=$?") + elif [ -n "${new_ip6_address}" ]; then + eval $(/usr/bin/ipcalc --silent --hostname "${new_ip6_address}" ; echo "status=$?") + fi + + if [ ${status} -eq 0 ]; then + domain=$(echo "${HOSTNAME}" | cut -s -d "." -f 2-) + fi + HOSTNAME=$OLD_HOSTNAME + else + domain=$(hostnamectl --transient 2>/dev/null | cut -s -d "." -f 2-) + fi + + if [ -n "${domain}" ] && + [ ! "${domain}" = "localdomain" ] && + [ ! "${domain}" = "localdomain6" ] && + [ ! "${domain}" = "(none)" ] && + [[ ! "${domain}" = *\ * ]]; then + is_in="false" + for s in ${search}; do + if [ "${s}" = "${domain}" ] || + [ "${s}" = "${domain}." ]; then + is_in="true" + fi + done + + if [ "${is_in}" = "false" ]; then + # Add domain name to search list (#637763) + sed -i -e "s/${search}/${search} ${domain}/" "${RESOLVCONF}" + fi + fi +} + +make_resolv_conf() { + [ "${PEERDNS}" = "no" ] && return + + if [ "${reason}" = "RENEW" ] && + [ "${new_domain_name}" = "${old_domain_name}" ] && + [ "${new_domain_name_servers}" = "${old_domain_name_servers}" ]; then + return + fi + + if [ -n "${new_domain_name}" ] || + [ -n "${new_domain_name_servers}" ] || + [ -n "${new_domain_search}" ]; then + rscf="$(mktemp "${TMPDIR:-/tmp}/XXXXXX")" + [[ -z "${rscf}" ]] && return + echo "; generated by /usr/sbin/dhclient-script" > "${rscf}" + + if [ -n "${SEARCH}" ]; then + search="${SEARCH}" + else + if [ -n "${new_domain_search}" ]; then + # Remove instaces of \032 (#450042) + search="${new_domain_search//\\032/ }" + elif [ -n "${new_domain_name}" ]; then + # Note that the DHCP 'Domain Name Option' is really just a domain + # name, and that this practice of using the domain name option as + # a search path is both nonstandard and deprecated. + search="${new_domain_name}" + fi + fi + + if [ -n "${search}" ]; then + echo "search ${search}" >> "${rscf}" + fi + + if [ -n "${RES_OPTIONS}" ]; then + echo "options ${RES_OPTIONS}" >> "${rscf}" + fi + + if [ -n "${new_domain_name_servers}" ]; then + for nameserver in ${new_domain_name_servers} ; do + echo "nameserver ${nameserver}" >> "${rscf}" + done + else # keep 'old' nameservers + sed -n /^\w*[Nn][Aa][Mm][Ee][Ss][Ee][Rr][Vv][Ee][Rr]/p "${RESOLVCONF}" >> "${rscf}" + fi + + change_resolv_conf "${rscf}" + rm -f "${rscf}" + + if [ -n "${search}" ]; then + eventually_add_hostnames_domain_to_search "${search}" + fi + elif [ -n "${new_dhcp6_name_servers}" ] || + [ -n "${new_dhcp6_domain_search}" ]; then + rscf="$(mktemp "${TMPDIR:-/tmp}/XXXXXX")" + [[ -z "${rscf}" ]] && return + echo "; generated by /usr/sbin/dhclient-script" > "${rscf}" + + if [ -n "${SEARCH}" ]; then + search="${SEARCH}" + else + if [ -n "${new_dhcp6_domain_search}" ]; then + search="${new_dhcp6_domain_search//\\032/ }" + fi + fi + + if [ -n "${search}" ]; then + echo "search ${search}" >> "${rscf}" + fi + + if [ -n "${RES_OPTIONS}" ]; then + echo "options ${RES_OPTIONS}" >> "${rscf}" + fi + + shopt -s nocasematch + if [ -n "${new_dhcp6_name_servers}" ]; then + for nameserver in ${new_dhcp6_name_servers} ; do + # If the nameserver has a link-local address + # add a (interface name) to it. + if [[ "$nameserver" =~ ^fe80:: ]] + then + zone_id="%${interface}" + else + zone_id= + fi + echo "nameserver ${nameserver}$zone_id" >> "${rscf}" + done + else # keep 'old' nameservers + sed -n /^\w*[Nn][Aa][Mm][Ee][Ss][Ee][Rr][Vv][Ee][Rr]/p "${RESOLVCONF}" >> "${rscf}" + fi + shopt -u nocasematch + + change_resolv_conf "${rscf}" + rm -f "${rscf}" + + if [ -n "${search}" ]; then + eventually_add_hostnames_domain_to_search "${search}" + fi + fi +} + +# run given script +run_hook() { + local script + local exit_status + script="${1}" + + if [ -f ${script} ]; then + . ${script} + fi + + if [ -n "${exit_status}" ] && [ "${exit_status}" -ne 0 ]; then + logmessage "${script} returned non-zero exit status ${exit_status}" + fi + + return ${exit_status} +} + +# run scripts in given directory +run_hookdir() { + local dir + dir="${1}" + + if [ -d "${dir}" ]; then + for script in $(find $dir -executable ! -empty); do + run_hook ${script} || return $? + done + fi + + return 0 +} + +exit_with_hooks() { + # Source the documented exit-hook script, if it exists + run_hook "${ETCDIR}/dhclient-exit-hooks" || exit $? + # Now run scripts in the hooks directory. + run_hookdir "${ETCDIR}/dhclient-exit-hooks.d" || exit $? + + exit ${1} +} + +quad2num() { + if [ $# -eq 4 ]; then + let n="${1} << 24 | ${2} << 16 | ${3} << 8 | ${4}" + echo "${n}" + return 0 + else + echo "0" + return 1 + fi +} + +ip2num() { + IFS='.' quad2num ${1} +} + +num2ip() { + let n="${1}" + let o1="(${n} >> 24) & 0xff" + let o2="(${n} >> 16) & 0xff" + let o3="(${n} >> 8) & 0xff" + let o4="${n} & 0xff" + echo "${o1}.${o2}.${o3}.${o4}" +} + +get_network_address() { +# get network address for the given IP address and (netmask or prefix) + ip="${1}" + nm="${2}" + + if [ -n "${ip}" -a -n "${nm}" ]; then + if [[ "${nm}" = *.* ]]; then + ipcalc -s -n "${ip}" "${nm}" | cut -d '=' -f 2 + else + ipcalc -s -n "${ip}/${nm}" | cut -d '=' -f 2 + fi + fi +} + +get_prefix() { +# get prefix for the given IP address and mask + ip="${1}" + nm="${2}" + + if [ -n "${ip}" -a -n "${nm}" ]; then + ipcalc -s -p "${ip}" "${nm}" | cut -d '=' -f 2 + fi +} + +class_bits() { + let ip=$(IFS='.' ip2num "${1}") + let bits=32 + let mask='255' + for ((i=0; i <= 3; i++, 'mask<<=8')); do + let v='ip&mask' + if [ "$v" -eq 0 ] ; then + let bits-=8 + else + break + fi + done + echo $bits +} + +is_router_reachable() { + # handle DHCP servers that give us a router not on our subnet + router="${1}" + routersubnet="$(get_network_address "${router}" "${new_subnet_mask}")" + mysubnet="$(get_network_address "${new_ip_address}" "${new_subnet_mask}")" + + if [ ! "${routersubnet}" = "${mysubnet}" ]; then + # TODO: This function should not have side effects such as adding or + # removing routes. Can this be done with "ip route get" or similar + # instead? Are there cases that rely on this route being created here? + ip -4 route replace "${router}/32" dev "${interface}" + if [ "$?" -ne 0 ]; then + logmessage "failed to create host route for ${router}" + return 1 + fi + fi + + return 0 +} + +add_default_gateway() { + router="${1}" + + if is_router_reachable "${router}" ; then + if [ $# -gt 1 ] && [ -n "${2}" ] && [[ "${2}" -gt 0 ]]; then + ip -4 route replace default via "${router}" dev "${interface}" metric "${2}" + else + ip -4 route replace default via "${router}" dev "${interface}" + fi + if [ $? -ne 0 ]; then + logmessage "failed to create default route: ${router} dev ${interface} ${metric}" + return 1 + else + return 0 + fi + fi + + return 1 +} + +execute_client_side_configuration_scripts() { +# execute any additional client side configuration scripts we have + if [ "${1}" == "config" ] || [ "${1}" == "restore" ]; then + for f in ${ETCDIR}/dhclient.d/*.sh ; do + if [ -x "${f}" ]; then + subsystem="${f%.sh}" + subsystem="${subsystem##*/}" + . "${f}" + "${subsystem}_${1}" + fi + done + fi +} + +flush_dev() { +# Instead of bringing the interface down (#574568) +# explicitly clear ARP cache and flush all addresses & routes. + ip -4 addr flush dev "${1}" >/dev/null 2>&1 + ip -4 route flush dev "${1}" >/dev/null 2>&1 + ip -4 neigh flush dev "${1}" >/dev/null 2>&1 +} + +remove_old_addr() { + if [ -n "${old_ip_address}" ]; then + if [ -n "${old_prefix}" ]; then + ip -4 addr del "${old_ip_address}/${old_prefix}" dev "${interface}" >/dev/null 2>&1 + else + ip -4 addr del "${old_ip_address}" dev "${interface}" >/dev/null 2>&1 + fi + fi +} + +dhconfig() { + if [ -n "${old_ip_address}" ] && [ -n "${alias_ip_address}" ] && + [ ! "${alias_ip_address}" = "${old_ip_address}" ]; then + # possible new alias, remove old alias first + ip -4 addr del "${old_ip_address}" dev "${interface}" label "${interface}:0" + fi + + if [ -n "${old_ip_address}" ] && + [ ! "${old_ip_address}" = "${new_ip_address}" ]; then + # IP address changed. Delete all routes, and clear the ARP cache. + flush_dev "${interface}" + fi + + # make sure the interface is up + ip link set dev "${interface}" up + + # replace = add if it doesn't exist or override (update lifetimes) if it's there + ip -4 addr replace "${new_ip_address}/${new_prefix}" broadcast "${new_broadcast_address}" dev "${interface}" \ + valid_lft "${new_dhcp_lease_time}" preferred_lft "${new_dhcp_lease_time}" >/dev/null 2>&1 + + if [ "${reason}" = "BOUND" ] || [ "${reason}" = "REBOOT" ] || + [ ! "${old_ip_address}" = "${new_ip_address}" ] || + [ ! "${old_subnet_mask}" = "${new_subnet_mask}" ] || + [ ! "${old_network_number}" = "${new_network_number}" ] || + [ ! "${old_broadcast_address}" = "${new_broadcast_address}" ] || + [ ! "${old_routers}" = "${new_routers}" ] || + [ ! "${old_interface_mtu}" = "${new_interface_mtu}" ]; then + + # The 576 MTU is only used for X.25 and dialup connections + # where the admin wants low latency. Such a low MTU can cause + # problems with UDP traffic, among other things. As such, + # disallow MTUs from 576 and below by default, so that broken + # MTUs are ignored, but higher stuff is allowed (1492, 1500, etc). + if [ -n "${new_interface_mtu}" ] && [ "${new_interface_mtu}" -gt 576 ]; then + ip link set dev "${interface}" mtu "${new_interface_mtu}" + fi + + # static routes + if [ -n "${new_classless_static_routes}" ] || + [ -n "${new_static_routes}" ]; then + if [ -n "${new_classless_static_routes}" ]; then + IFS=', |' static_routes=(${new_classless_static_routes}) + # If the DHCP server returns both a Classless Static Routes option and + # a Router option, the DHCP client MUST ignore the Router option. (RFC3442) + new_routers="" + else + IFS=', |' static_routes=(${new_static_routes}) + fi + route_targets=() + + for((i=0; i<${#static_routes[@]}; i+=2)); do + target=${static_routes[$i]} + if [ -n "${new_classless_static_routes}" ]; then + if [ "${target}" = "0" ]; then + new_routers="${static_routes[$i+1]}" + continue + else + prefix=${target%%.*} + target=${target#*.} + IFS="." target_arr=(${target}) + unset IFS + ((pads=4-${#target_arr[@]})) + for j in $(seq $pads); do + target="${target}.0" + done + + # Client MUST zero any bits in the subnet number where the corresponding bit in the mask is zero. + # In other words, the subnet number installed in the routing table is the logical AND of + # the subnet number and subnet mask given in the Classless Static Routes option. (RFC3442) + target="$(get_network_address "${target}" "${prefix}")" + fi + else + prefix=$(class_bits "${target}") + fi + gateway=${static_routes[$i+1]} + + # special case 0.0.0.0 to allow static routing for link-local addresses + # (including IPv4 multicast) which will not have a next-hop (#769463, #787318) + if [ "${gateway}" = "0.0.0.0" ]; then + valid_gateway=0 + scope='scope link' + else + is_router_reachable "${gateway}" + valid_gateway=$? + scope='' + fi + if [ "${valid_gateway}" -eq 0 ]; then + metric='' + for t in "${route_targets[@]}"; do + if [ "${t}" = "${target}" ]; then + if [ -z "${metric}" ]; then + metric=1 + else + ((metric=metric+1)) + fi + fi + done + + if [ -n "${metric}" ]; then + metric="metric ${metric}" + fi + + ip -4 route replace "${target}/${prefix}" proto static via "${gateway}" dev "${interface}" ${metric} ${scope} + + if [ $? -ne 0 ]; then + logmessage "failed to create static route: ${target}/${prefix} via ${gateway} dev ${interface} ${metric}" + else + route_targets=(${route_targets[@]} ${target}) + fi + fi + done + fi + + # gateways + if [[ ( "${DEFROUTE}" != "no" ) && + (( -z "${GATEWAYDEV}" ) || ( "${GATEWAYDEV}" = "${interface}" )) ]]; then + if [[ ( -z "${GATEWAY}" ) || + (( -n "${DHCLIENT_IGNORE_GATEWAY}" ) && ( "${DHCLIENT_IGNORE_GATEWAY}" = [Yy]* )) ]]; then + metric="${METRIC:-}" + let i="${METRIC:-0}" + default_routers=() + + for router in ${new_routers} ; do + added_router=- + + for r in "${default_routers[@]}" ; do + if [ "${r}" = "${router}" ]; then + added_router=1 + fi + done + + if [ -z "${router}" ] || + [ "${added_router}" = "1" ] || + [ "$(IFS='.' ip2num ${router})" -le 0 ] || + [[ ( "${router}" = "${new_broadcast_address}" ) && + ( "${new_subnet_mask}" != "255.255.255.255" ) ]]; then + continue + fi + + default_routers=(${default_routers[@]} ${router}) + add_default_gateway "${router}" "${metric}" + let i=i+1 + metric=${i} + done + elif [ -n "${GATEWAY}" ]; then + routersubnet=$(get_network_address "${GATEWAY}" "${new_subnet_mask}") + mysubnet=$(get_network_address "${new_ip_address}" "${new_subnet_mask}") + + if [ "${routersubnet}" = "${mysubnet}" ]; then + ip -4 route replace default via "${GATEWAY}" dev "${interface}" + fi + fi + fi + fi + + if [ ! "${new_ip_address}" = "${alias_ip_address}" ] && + [ -n "${alias_ip_address}" ]; then + # Reset the alias address (fix: this should really only do this on changes) + ip -4 addr flush dev "${interface}" label "${interface}:0" >/dev/null 2>&1 + ip -4 addr replace "${alias_ip_address}/${alias_prefix}" broadcast "${alias_broadcast_address}" dev "${interface}" label "${interface}:0" + ip -4 route replace "${alias_ip_address}/32" dev "${interface}" + fi + + # After dhclient brings an interface UP with a new IP address, subnet mask, + # and routes, in the REBOOT/BOUND states -> search for "dhclient-up-hooks". + if [ "${reason}" = "BOUND" ] || [ "${reason}" = "REBOOT" ] || + [ ! "${old_ip_address}" = "${new_ip_address}" ] || + [ ! "${old_subnet_mask}" = "${new_subnet_mask}" ] || + [ ! "${old_network_number}" = "${new_network_number}" ] || + [ ! "${old_broadcast_address}" = "${new_broadcast_address}" ] || + [ ! "${old_routers}" = "${new_routers}" ] || + [ ! "${old_interface_mtu}" = "${new_interface_mtu}" ]; then + + if [ -x "${ETCDIR}/dhclient-${interface}-up-hooks" ]; then + . "${ETCDIR}/dhclient-${interface}-up-hooks" + elif [ -x ${ETCDIR}/dhclient-up-hooks ]; then + . ${ETCDIR}/dhclient-up-hooks + fi + fi + + make_resolv_conf + + if [ -n "${new_host_name}" ] && need_hostname; then + hostnamectl set-hostname --transient --no-ask-password "${new_host_name}" + fi + + if [[ ( "${DHCP_TIME_OFFSET_SETS_TIMEZONE}" = [yY1]* ) && + ( -n "${new_time_offset}" ) ]]; then + # DHCP option "time-offset" is requested by default and should be + # handled. The geographical zone abbreviation cannot be determined + # from the GMT offset, but the $ZONEINFO/Etc/GMT$offset file can be + # used - note: this disables DST. + ((z=new_time_offset/3600)) + ((hoursWest=$(printf '%+d' $z))) + + if (( $hoursWest < 0 )); then + # tzdata treats negative 'hours west' as positive 'gmtoff'! + ((hoursWest*=-1)) + fi + + tzfile=/usr/share/zoneinfo/Etc/GMT$(printf '%+d' ${hoursWest}) + if [ -e "${tzfile}" ]; then + cp -fp "${tzfile}" /etc/localtime + touch /etc/localtime + fi + fi + + execute_client_side_configuration_scripts "config" +} + +wait_for_link_local() { + # we need a link-local address to be ready (not tentative) + for i in $(seq 50); do + linklocal=$(ip -6 addr show dev "${interface}" scope link) + # tentative flag means DAD is still not complete + tentative=$(echo "${linklocal}" | grep tentative) + [[ -n "${linklocal}" && -z "${tentative}" ]] && exit_with_hooks 0 + sleep 0.1 + done +} + +# Section 18.1.8. (Receipt of Reply Messages) of RFC 3315 says: +# The client SHOULD perform duplicate address detection on each of +# the addresses in any IAs it receives in the Reply message before +# using that address for traffic. +add_ipv6_addr_with_DAD() { + ip -6 addr replace "${new_ip6_address}/${new_ip6_prefixlen}" \ + dev "${interface}" scope global valid_lft "${new_max_life}" \ + preferred_lft "${new_preferred_life}" + + # repeatedly test whether newly added address passed + # duplicate address detection (DAD) + for i in $(seq 5); do + sleep 1 # give the DAD some time + + addr=$(ip -6 addr show dev "${interface}" \ + | grep "${new_ip6_address}/${new_ip6_prefixlen}") + + # tentative flag == DAD is still not complete + tentative=$(echo "${addr}" | grep tentative) + # dadfailed flag == address is already in use somewhere else + dadfailed=$(echo "${addr}" | grep dadfailed) + + if [ -n "${dadfailed}" ] ; then + # address was added with valid_lft/preferred_lft 'forever', remove it + ip -6 addr del "${new_ip6_address}/${new_ip6_prefixlen}" dev "${interface}" + exit_with_hooks 3 + fi + if [ -z "${tentative}" ] ; then + if [ -n "${addr}" ]; then + # DAD is over + return 0 + else + # address was auto-removed (or not added at all) + exit_with_hooks 3 + fi + fi + done + return 0 +} + +dh6config() { + if [ -n "${old_ip6_prefix}" ] || + [ -n "${new_ip6_prefix}" ]; then + echo "Prefix ${reason} old=${old_ip6_prefix} new=${new_ip6_prefix}" + exit_with_hooks 0 + fi + + case "${reason}" in + BOUND6) + if [ -z "${new_ip6_address}" ] || + [ -z "${new_ip6_prefixlen}" ]; then + exit_with_hooks 2 + fi + + add_ipv6_addr_with_DAD + + make_resolv_conf + ;; + + RENEW6|REBIND6) + if [[ -n "${new_ip6_address}" ]] && + [[ -n "${new_ip6_prefixlen}" ]]; then + if [[ ! "${new_ip6_address}" = "${old_ip6_address}" ]]; then + [[ -n "${old_ip6_address}" ]] && ip -6 addr del "${old_ip6_address}" dev "${interface}" + fi + # call it even if new_ip6_address = old_ip6_address to update lifetimes + add_ipv6_addr_with_DAD + fi + + if [ ! "${new_dhcp6_name_servers}" = "${old_dhcp6_name_servers}" ] || + [ ! "${new_dhcp6_domain_search}" = "${old_dhcp6_domain_search}" ]; then + make_resolv_conf + fi + ;; + + DEPREF6) + if [ -z "${new_ip6_prefixlen}" ]; then + exit_with_hooks 2 + fi + + ip -6 addr change "${new_ip6_address}/${new_ip6_prefixlen}" \ + dev "${interface}" scope global preferred_lft 0 + ;; + esac + + execute_client_side_configuration_scripts "config" +} + +# Functions from /etc/sysconfig/network-scripts/network-functions + +need_hostname () +{ + CHECK_HOSTNAME=$(hostnamectl --transient) + if [[ "${CHECK_HOSTNAME}" = "(none)" ]] || + [[ "${CHECK_HOSTNAME}" = "localhost" ]] || + [[ "${CHECK_HOSTNAME}" = "localhost.localdomain" ]]; then + return 0 + else + return 1 + fi +} + +# Takes one argument - temporary resolv.conf file +change_resolv_conf () +{ + options=$(grep '^[\ \ ]*option' "${RESOLVCONF}" 2>/dev/null); + if [[ -n "${options}" ]]; then + # merge options from existing resolv.conf with specified resolv.conf content + newres="${options}"$'\n'$(grep -vF "${options}" "${1}"); + else + newres=$(cat "${1}"); + fi; + + eval $(echo "${newres}" > "${RESOLVCONF}"; echo "status=$?") + if [[ $status -eq 0 ]]; then + logger -p local7.notice -t "NET" -i "${0} : updated ${RESOLVCONF}"; + [[ -e /var/run/nscd/socket ]] && /usr/sbin/nscd -i hosts; # invalidate cache + fi; + return $status; +} + +get_config_by_name () +{ + LANG=C grep -E -i -l \ + "^[[:space:]]*NAME=\"(Auto |System )?${1}\"" \ + /etc/sysconfig/network-scripts/ifcfg-* \ + | LC_ALL=C sed -e "$__sed_discard_ignored_files" +} + +get_hwaddr () +{ + if [ -f /sys/class/net/${1}/address ]; then + awk '{ print toupper($0) }' < /sys/class/net/${1}/address + elif [ -d "/sys/class/net/${1}" ]; then + LC_ALL= LANG= ip -o link show ${1} 2>/dev/null | \ + awk '{ print toupper(gensub(/.*link\/[^ ]* ([[:alnum:]:]*).*/, + "\\1", 1)); }' + fi +} + +validate_resolv_conf() +{ + # It's possible to have broken symbolic link $RESOLVCONF -> + # https://bugzilla.redhat.com/1475279 + # Remove broken link and hope NM will survive + if [ -h "${RESOLVCONF}" -a ! -e "${RESOLVCONF}" ]; + then + logmessage "${RESOLVCONF} is broken symlink. Recreating..." + unlink "${RESOLVCONF}" + touch "${RESOLVCONF}" + fi; +} + + +get_config_by_hwaddr () +{ + LANG=C grep -il "^[[:space:]]*HWADDR=\"\?${1}\"\?\([[:space:]#]\|$\)" /etc/sysconfig/network-scripts/ifcfg-* \ + | LC_ALL=C sed -e "$__sed_discard_ignored_files" +} + +get_config_by_device () +{ + LANG=C grep -l "^[[:space:]]*DEVICE=\"\?${1}\"\?\([[:space:]#]\|$\)" \ + /etc/sysconfig/network-scripts/ifcfg-* \ + | LC_ALL=C sed -e "$__sed_discard_ignored_files" +} + +need_config () +{ + # A sed expression to filter out the files that is_ignored_file recognizes + __sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d' + + local nconfig + + CONFIG="ifcfg-${1}" + [ -f "${CONFIG}" ] && return + CONFIG="${1##*/}" + [ -f "${CONFIG}" ] && return + nconfig=$(get_config_by_name "${1}") + if [ -n "$nconfig" ] && [ -f "$nconfig" ]; then + CONFIG=${nconfig##*/} + return + fi + local addr=$(get_hwaddr ${1}) + if [ -n "$addr" ]; then + nconfig=$(get_config_by_hwaddr ${addr}) + if [ -n "$nconfig" ] ; then + CONFIG=${nconfig##*/} + [ -f "${CONFIG}" ] && return + fi + fi + nconfig=$(get_config_by_device ${1}) + if [ -n "$nconfig" ] && [ -f "$nconfig" ]; then + CONFIG=${nconfig##*/} + return + fi +} + +# We need this because of PEERDNS +source_config () +{ + CONFIG=${CONFIG##*/} + . /etc/sysconfig/network-scripts/$CONFIG +} + +# +# ### MAIN +# + +# Invoke the local dhcp client enter hooks, if they exist. +run_hook "${ETCDIR}/dhclient-enter-hooks" || exit $? +run_hookdir "${ETCDIR}/dhclient-enter-hooks.d" || exit $? + +[ "${PEERDNS}" = "no" ] || validate_resolv_conf + +if [ -f /etc/sysconfig/network ]; then + . /etc/sysconfig/network +fi + +if [ -f /etc/sysconfig/networking/network ]; then + . /etc/sysconfig/networking/network +fi + +## it's possible initscripts package is not installed +## for example in container. Don't flood stderr then +if [ -d /etc/sysconfig/network-scripts ]; then + cd /etc/sysconfig/network-scripts + CONFIG="${interface}" + need_config "${CONFIG}" + source_config >/dev/null 2>&1 +fi; + +# In case there's some delay in rebinding, it might happen, that the valid_lft drops to 0, +# address is removed by kernel and then re-added few seconds later by dhclient-script. +# With this work-around the address lives a minute longer. +# "4294967235" = infinite (forever) - 60 +[[ "${new_dhcp_lease_time}" -lt "4294967235" ]] && new_dhcp_lease_time=$((new_dhcp_lease_time + 60)) +[[ "${new_max_life}" -lt "4294967235" ]] && new_max_life=$((new_max_life + 60)) + +new_prefix="$(get_prefix "${new_ip_address}" "${new_subnet_mask}")" +old_prefix="$(get_prefix "${old_ip_address}" "${old_subnet_mask}")" +alias_prefix="$(get_prefix "${alias_ip_address}" "${alias_subnet_mask}")" + +case "${reason}" in + MEDIUM|ARPCHECK|ARPSEND) + # Do nothing + exit_with_hooks 0 + ;; + + PREINIT) + if [ -n "${alias_ip_address}" ]; then + # Flush alias, its routes will disappear too. + ip -4 addr flush dev "${interface}" label "${interface}:0" >/dev/null 2>&1 + fi + + # upstream dhclient-script removes (ifconfig $interface 0 up) old adresses in PREINIT, + # but we sometimes (#125298) need (for iSCSI/nfs root to have a dhcp interface) to keep the existing ip + # flush_dev ${interface} + ip link set dev "${interface}" up + if [ -n "${DHCLIENT_DELAY}" ] && [ "${DHCLIENT_DELAY}" -gt 0 ]; then + # We need to give the kernel some time to get the interface up. + sleep "${DHCLIENT_DELAY}" + fi + + exit_with_hooks 0 + ;; + + PREINIT6) + # ensure interface is up + ip link set dev "${interface}" up + + # Removing stale addresses from aborted clients shouldn't be needed + # since we've been adding addresses with lifetimes. + # Which means that kernel eventually removes them automatically. + # ip -6 addr flush dev "${interface}" scope global permanent + + wait_for_link_local + + exit_with_hooks 0 + ;; + + BOUND|RENEW|REBIND|REBOOT) + if [ -z "${interface}" ] || [ -z "${new_ip_address}" ]; then + exit_with_hooks 2 + fi + if arping -D -q -c2 -I "${interface}" "${new_ip_address}"; then + dhconfig + exit_with_hooks 0 + else # DAD failed, i.e. address is already in use + ARP_REPLY=$(arping -D -c2 -I "${interface}" "${new_ip_address}" | grep reply | awk '{print toupper($5)}' | cut -d "[" -f2 | cut -d "]" -f1) + OUR_MACS=$(ip link show | grep link | awk '{print toupper($2)}' | uniq) + if [[ "${OUR_MACS}" = *"${ARP_REPLY}"* ]]; then + # the reply can come from our system, that's OK (#1116004#c33) + dhconfig + exit_with_hooks 0 + else + exit_with_hooks 1 + fi + fi + ;; + + BOUND6|RENEW6|REBIND6|DEPREF6) + dh6config + exit_with_hooks 0 + ;; + + EXPIRE6|RELEASE6|STOP6) + if [ -z "${old_ip6_address}" ] || [ -z "${old_ip6_prefixlen}" ]; then + exit_with_hooks 2 + fi + + ip -6 addr del "${old_ip6_address}/${old_ip6_prefixlen}" \ + dev "${interface}" + + execute_client_side_configuration_scripts "restore" + + if [ -x "${ETCDIR}/dhclient-${interface}-down-hooks" ]; then + . "${ETCDIR}/dhclient-${interface}-down-hooks" + elif [ -x ${ETCDIR}/dhclient-down-hooks ]; then + . ${ETCDIR}/dhclient-down-hooks + fi + + exit_with_hooks 0 + ;; + + EXPIRE|FAIL|RELEASE|STOP) + execute_client_side_configuration_scripts "restore" + + if [ -x "${ETCDIR}/dhclient-${interface}-down-hooks" ]; then + . "${ETCDIR}/dhclient-${interface}-down-hooks" + elif [ -x ${ETCDIR}/dhclient-down-hooks ]; then + . ${ETCDIR}/dhclient-down-hooks + fi + + if [ -n "${alias_ip_address}" ]; then + # Flush alias + ip -4 addr flush dev "${interface}" label "${interface}:0" >/dev/null 2>&1 + fi + + # upstream script sets interface down here, + # we only remove old ip address + #flush_dev ${interface} + remove_old_addr + + if [ -n "${alias_ip_address}" ]; then + ip -4 addr replace "${alias_ip_address}/${alias_prefix}" broadcast "${alias_broadcast_address}" dev "${interface}" label "${interface}:0" + ip -4 route replace "${alias_ip_address}/32" dev "${interface}" + fi + + exit_with_hooks 0 + ;; + + TIMEOUT) + if [ -n "${new_routers}" ]; then + if [ -n "${alias_ip_address}" ]; then + ip -4 addr flush dev "${interface}" label "${interface}:0" >/dev/null 2>&1 + fi + + ip -4 addr replace "${new_ip_address}/${new_prefix}" \ + broadcast "${new_broadcast_address}" dev "${interface}" \ + valid_lft "${new_dhcp_lease_time}" preferred_lft "${new_dhcp_lease_time}" + set ${new_routers} + + if ping -q -c 1 -w 10 -I "${interface}" "${1}"; then + dhconfig + exit_with_hooks 0 + fi + + #flush_dev ${interface} + remove_old_addr + exit_with_hooks 1 + else + exit_with_hooks 1 + fi + ;; + + *) + logmessage "unhandled state: ${reason}" + exit_with_hooks 1 + ;; +esac + +exit_with_hooks 0 diff --git a/SOURCES/dhcp-4.2.5-expiry_before_renewal_v2.patch b/SOURCES/dhcp-4.2.5-expiry_before_renewal_v2.patch new file mode 100644 index 0000000..069da1f --- /dev/null +++ b/SOURCES/dhcp-4.2.5-expiry_before_renewal_v2.patch @@ -0,0 +1,31 @@ +diff -up dhcp-4.2.5/client/dhclient.c.orig dhcp-4.2.5/client/dhclient.c +--- dhcp-4.2.5/client/dhclient.c.orig 2018-11-07 14:21:16.756152614 +0100 ++++ dhcp-4.2.5/client/dhclient.c 2018-11-08 17:30:15.754440523 +0100 +@@ -1618,8 +1618,14 @@ void dhcpack (packet) + } else + client -> new -> renewal = 0; + +- /* If it wasn't specified by the server, calculate it. */ +- if (!client -> new -> renewal) ++ /* ++ * If it wasn't specified by the server, calculate it. Also use expiry ++ * instead of renewal time when it is shorter. This better follows ++ * RFC 2131 (section 4.4.5) when dealing with some DHCP servers. ++ */ ++ ++ if (!client -> new -> renewal || ++ client -> new -> renewal > client -> new -> expiry) + client -> new -> renewal = client -> new -> expiry / 2 + 1; + + if (client -> new -> renewal <= 0) +@@ -1645,7 +1651,9 @@ void dhcpack (packet) + } else + client -> new -> rebind = 0; + +- if (client -> new -> rebind <= 0) { ++ /* Rebinding time must not be longer than expiry. */ ++ if (client -> new -> rebind <= 0 || ++ client -> new -> rebind > client -> new -> expiry) { + if (client -> new -> expiry <= TIME_MAX / 7) + client -> new -> rebind = + client -> new -> expiry * 7 / 8; diff --git a/SOURCES/dhcp-4.3.6-isc-util.patch b/SOURCES/dhcp-4.3.6-isc-util.patch new file mode 100644 index 0000000..50a0248 --- /dev/null +++ b/SOURCES/dhcp-4.3.6-isc-util.patch @@ -0,0 +1,77 @@ +From c37721f799e6b32da156759a830011949311205a Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Fri, 16 Feb 2018 17:50:40 +0100 +Subject: [PATCH] New bind includes never includes isc/util.h from any public + headers. Include them to all compiled files that require it. + +--- + client/dhclient.c | 1 + + common/execute.c | 1 + + common/parse.c | 1 + + common/socket.c | 1 + + omapip/connection.c | 1 + + 5 files changed, 5 insertions(+) + +diff --git a/client/dhclient.c b/client/dhclient.c +index 228b4fe..014365d 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -38,6 +38,7 @@ + #include + #include + #include ++#include + #include + + #ifdef HAVE_LIBCAP_NG +diff --git a/common/execute.c b/common/execute.c +index fa4e0f8..1ee1e7d 100644 +--- a/common/execute.c ++++ b/common/execute.c +@@ -28,6 +28,7 @@ + + #include "dhcpd.h" + #include ++#include + #include + #include + +diff --git a/common/parse.c b/common/parse.c +index d08cd2c..729d442 100644 +--- a/common/parse.c ++++ b/common/parse.c +@@ -27,6 +27,7 @@ + */ + + #include "dhcpd.h" ++#include + #include + + /* Enumerations can be specified in option formats, and are used for +diff --git a/common/socket.c b/common/socket.c +index 2b352a1..94ce334 100644 +--- a/common/socket.c ++++ b/common/socket.c +@@ -35,6 +35,7 @@ + */ + + #include "dhcpd.h" ++#include + #include + #include + #include +diff --git a/omapip/connection.c b/omapip/connection.c +index 9aac0c8..a74becc 100644 +--- a/omapip/connection.c ++++ b/omapip/connection.c +@@ -30,6 +30,7 @@ + #include "dhcpd.h" + + #include ++#include + #include + #include + #include +-- +2.14.3 + diff --git a/SOURCES/dhcp-4.3.6-omapi-leak.patch b/SOURCES/dhcp-4.3.6-omapi-leak.patch new file mode 100644 index 0000000..0ffcfe3 --- /dev/null +++ b/SOURCES/dhcp-4.3.6-omapi-leak.patch @@ -0,0 +1,52 @@ +commit ccff9ed69d0b26d33ce9cac8e83dab535b64d627 +Author: Thomas Markwalder +Date: Tue Dec 5 15:12:34 2017 -0500 + + [46767] Plugged a socket descriptor leak in OMAPI + + If disconnect is triggered by the reader closing the socket, while there + is data left to write, the socket would be orphaned. + + omapip/buffer.c + omapi_connection_writea() - added logic to recall disconnect once + pending data has been written + + omapip/message.c + Removed static declaration from omapi_message_unregister so you can + actually compile when DEBUG_PROTOCOL is defined. + + Added a release note + +diff --git a/omapip/buffer.c b/omapip/buffer.c +index 6e0621b..a21f0a8 100644 +--- a/omapip/buffer.c ++++ b/omapip/buffer.c +@@ -565,6 +565,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h) + omapi_buffer_dereference (&buffer, MDL); + } + } ++ ++ /* If we had data left to write when we're told to disconnect, ++ * we need recall disconnect, now that we're done writing. ++ * See rt46767. */ ++ if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) { ++ omapi_disconnect (h, 1); ++ return ISC_R_SHUTTINGDOWN; ++ } ++ + return ISC_R_SUCCESS; + } + +diff --git a/omapip/message.c b/omapip/message.c +index ee15d82..37abbd2 100644 +--- a/omapip/message.c ++++ b/omapip/message.c +@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo) + } + + #ifdef DEBUG_PROTOCOL +-static const char *omapi_message_op_name(int op) { ++const char *omapi_message_op_name(int op) { + switch (op) { + case OMAPI_OP_OPEN: return "OMAPI_OP_OPEN"; + case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH"; diff --git a/SOURCES/dhcp-4.3.6-options_overflow.patch b/SOURCES/dhcp-4.3.6-options_overflow.patch new file mode 100644 index 0000000..a51c0cc --- /dev/null +++ b/SOURCES/dhcp-4.3.6-options_overflow.patch @@ -0,0 +1,41 @@ +diff --git a/common/options.c b/common/options.c +index 83e0384..8a1deca 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -1672,7 +1672,8 @@ format_min_length(format, oc) + + + /* Format the specified option so that a human can easily read it. */ +- ++/* Maximum pretty printed size */ ++#define MAX_OUTPUT_SIZE 32*1024 + const char *pretty_print_option (option, data, len, emit_commas, emit_quotes) + struct option *option; + const unsigned char *data; +@@ -1680,8 +1681,9 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes) + int emit_commas; + int emit_quotes; + { +- static char optbuf [32768]; /* XXX */ +- static char *endbuf = &optbuf[sizeof(optbuf)]; ++ /* We add 128 byte pad so we don't have to add checks everywhere. */ ++ static char optbuf [MAX_OUTPUT_SIZE + 128]; /* XXX */ ++ static char *endbuf = optbuf + MAX_OUTPUT_SIZE; + int hunksize = 0; + int opthunk = 0; + int hunkinc = 0; +@@ -2132,7 +2134,14 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes) + log_error ("Unexpected format code %c", + fmtbuf [j]); + } ++ + op += strlen (op); ++ if (op >= endbuf) { ++ log_error ("Option data exceeds" ++ " maximum size %d", MAX_OUTPUT_SIZE); ++ return (""); ++ } ++ + if (dp == data + len) + break; + if (j + 1 < numelem && comma != ':') diff --git a/SOURCES/dhcp-4.3.6-reference_count_overflow.patch b/SOURCES/dhcp-4.3.6-reference_count_overflow.patch new file mode 100644 index 0000000..c6c94cd --- /dev/null +++ b/SOURCES/dhcp-4.3.6-reference_count_overflow.patch @@ -0,0 +1,13 @@ +diff --git a/common/options.c b/common/options.c +index 83e0384..a58c5fc 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -189,6 +189,8 @@ int parse_option_buffer (options, buffer, length, universe) + + /* If the length is outrageous, the options are bad. */ + if (offset + len > length) { ++ /* Avoid reference count overflow */ ++ option_dereference(&option, MDL); + reason = "option length exceeds option buffer length"; + bogus: + log_error("parse_option_buffer: malformed option " diff --git a/SOURCES/dhcp-64_bit_lease_parse.patch b/SOURCES/dhcp-64_bit_lease_parse.patch new file mode 100644 index 0000000..a07b5b0 --- /dev/null +++ b/SOURCES/dhcp-64_bit_lease_parse.patch @@ -0,0 +1,75 @@ +diff -up dhcp-4.3.0a1/common/parse.c.64-bit_lease_parse dhcp-4.3.0a1/common/parse.c +--- dhcp-4.3.0a1/common/parse.c.64-bit_lease_parse 2013-12-11 01:25:12.000000000 +0100 ++++ dhcp-4.3.0a1/common/parse.c 2013-12-19 15:45:25.990771814 +0100 +@@ -938,8 +938,8 @@ TIME + parse_date_core(cfile) + struct parse *cfile; + { +- int guess; +- int tzoff, year, mon, mday, hour, min, sec; ++ TIME guess; ++ long int tzoff, year, mon, mday, hour, min, sec; + const char *val; + enum dhcp_token token; + static int months[11] = { 31, 59, 90, 120, 151, 181, +@@ -965,7 +965,7 @@ parse_date_core(cfile) + } + + skip_token(&val, NULL, cfile); /* consume number */ +- guess = atoi(val); ++ guess = atol(val); + + return((TIME)guess); + } +@@ -993,7 +993,7 @@ parse_date_core(cfile) + somebody invents a time machine, I think we can safely disregard + it. This actually works around a stupid Y2K bug that was present + in a very early beta release of dhcpd. */ +- year = atoi(val); ++ year = atol(val); + if (year > 1900) + year -= 1900; + +@@ -1039,7 +1039,7 @@ parse_date_core(cfile) + return((TIME)0); + } + skip_token(&val, NULL, cfile); /* consume day of month */ +- mday = atoi(val); ++ mday = atol(val); + + /* Hour... */ + token = peek_token(&val, NULL, cfile); +@@ -1050,7 +1050,7 @@ parse_date_core(cfile) + return((TIME)0); + } + skip_token(&val, NULL, cfile); /* consume hour */ +- hour = atoi(val); ++ hour = atol(val); + + /* Colon separating hour from minute... */ + token = peek_token(&val, NULL, cfile); +@@ -1072,7 +1072,7 @@ parse_date_core(cfile) + return((TIME)0); + } + skip_token(&val, NULL, cfile); /* consume minute */ +- min = atoi(val); ++ min = atol(val); + + /* Colon separating minute from second... */ + token = peek_token(&val, NULL, cfile); +@@ -1094,13 +1094,13 @@ parse_date_core(cfile) + return((TIME)0); + } + skip_token(&val, NULL, cfile); /* consume second */ +- sec = atoi(val); ++ sec = atol(val); + + tzoff = 0; + token = peek_token(&val, NULL, cfile); + if (token == NUMBER) { + skip_token(&val, NULL, cfile); /* consume tzoff */ +- tzoff = atoi(val); ++ tzoff = atol(val); + } else if (token != SEMI) { + skip_token(&val, NULL, cfile); + parse_warn(cfile, diff --git a/SOURCES/dhcp-CLOEXEC.patch b/SOURCES/dhcp-CLOEXEC.patch new file mode 100644 index 0000000..309a87c --- /dev/null +++ b/SOURCES/dhcp-CLOEXEC.patch @@ -0,0 +1,336 @@ +diff -up dhcp-4.3.3b1/client/clparse.c.cloexec dhcp-4.3.3b1/client/clparse.c +--- dhcp-4.3.3b1/client/clparse.c.cloexec 2015-08-10 10:46:20.264755543 +0200 ++++ dhcp-4.3.3b1/client/clparse.c 2015-08-10 10:46:20.274755510 +0200 +@@ -247,7 +247,7 @@ int read_client_conf_file (const char *n + int token; + isc_result_t status; + +- if ((file = open (name, O_RDONLY)) < 0) ++ if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0) + return uerr2isc (errno); + + cfile = NULL; +@@ -323,7 +323,7 @@ void read_client_leases () + + /* Open the lease file. If we can't open it, just return - + we can safely trust the server to remember our state. */ +- if ((file = open (path_dhclient_db, O_RDONLY)) < 0) ++ if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0) + return; + + cfile = NULL; +diff -up dhcp-4.3.3b1/client/dhclient.c.cloexec dhcp-4.3.3b1/client/dhclient.c +--- dhcp-4.3.3b1/client/dhclient.c.cloexec 2015-08-10 10:46:20.260755556 +0200 ++++ dhcp-4.3.3b1/client/dhclient.c 2015-08-10 10:46:20.275755506 +0200 +@@ -153,11 +153,11 @@ main(int argc, char **argv) { + /* Make sure that file descriptors 0 (stdin), 1, (stdout), and + 2 (stderr) are open. To do this, we assume that when we + open a file the lowest available file descriptor is used. */ +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 0) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 1) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 2) + log_perror = 0; /* No sense logging to /dev/null. */ + else if (fd != -1) +@@ -519,7 +519,7 @@ main(int argc, char **argv) { + long temp; + int e; + +- if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) { ++ if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) { + e = fscanf(pidfd, "%ld\n", &temp); + oldpid = (pid_t)temp; + +@@ -574,7 +574,7 @@ main(int argc, char **argv) { + strncpy(new_path_dhclient_pid, path_dhclient_pid, pfx); + sprintf(new_path_dhclient_pid + pfx, "-%s.pid", ip->name); + +- if ((pidfd = fopen(new_path_dhclient_pid, "r")) != NULL) { ++ if ((pidfd = fopen(new_path_dhclient_pid, "re")) != NULL) { + e = fscanf(pidfd, "%ld\n", &temp); + oldpid = (pid_t)temp; + +@@ -599,7 +599,7 @@ main(int argc, char **argv) { + int dhc_running = 0; + char procfn[256] = ""; + +- if ((pidfp = fopen(path_dhclient_pid, "r")) != NULL) { ++ if ((pidfp = fopen(path_dhclient_pid, "re")) != NULL) { + if ((fscanf(pidfp, "%ld", &temp)==1) && ((dhcpid=(pid_t)temp) > 0)) { + snprintf(procfn,256,"/proc/%u",dhcpid); + dhc_running = (access(procfn, F_OK) == 0); +@@ -3120,7 +3120,7 @@ void rewrite_client_leases () + + if (leaseFile != NULL) + fclose (leaseFile); +- leaseFile = fopen (path_dhclient_db, "w"); ++ leaseFile = fopen (path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error ("can't create %s: %m", path_dhclient_db); + return; +@@ -3313,7 +3313,7 @@ write_duid(struct data_string *duid) + return DHCP_R_INVALIDARG; + + if (leaseFile == NULL) { /* XXX? */ +- leaseFile = fopen(path_dhclient_db, "w"); ++ leaseFile = fopen(path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error("can't create %s: %m", path_dhclient_db); + return ISC_R_IOERROR; +@@ -3493,7 +3493,7 @@ int write_client_lease (client, lease, r + return 1; + + if (leaseFile == NULL) { /* XXX */ +- leaseFile = fopen (path_dhclient_db, "w"); ++ leaseFile = fopen (path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error ("can't create %s: %m", path_dhclient_db); + return 0; +@@ -4011,9 +4011,9 @@ void go_daemon () + (void) close(2); + + /* Reopen them on /dev/null. */ +- (void) open("/dev/null", O_RDWR); +- (void) open("/dev/null", O_RDWR); +- (void) open("/dev/null", O_RDWR); ++ (void) open("/dev/null", O_RDWR | O_CLOEXEC); ++ (void) open("/dev/null", O_RDWR | O_CLOEXEC); ++ (void) open("/dev/null", O_RDWR | O_CLOEXEC); + + write_client_pid_file (); + +@@ -4030,14 +4030,14 @@ void write_client_pid_file () + return; + } + +- pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY, 0644); ++ pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); + + if (pfdesc < 0) { + log_error ("Can't create %s: %m", path_dhclient_pid); + return; + } + +- pf = fdopen (pfdesc, "w"); ++ pf = fdopen (pfdesc, "we"); + if (!pf) { + close(pfdesc); + log_error ("Can't fdopen %s: %m", path_dhclient_pid); +diff -up dhcp-4.3.3b1/common/bpf.c.cloexec dhcp-4.3.3b1/common/bpf.c +--- dhcp-4.3.3b1/common/bpf.c.cloexec 2015-07-30 15:17:16.000000000 +0200 ++++ dhcp-4.3.3b1/common/bpf.c 2015-08-10 10:46:20.275755506 +0200 +@@ -95,7 +95,7 @@ int if_register_bpf (info) + for (b = 0; 1; b++) { + /* %Audit% 31 bytes max. %2004.06.17,Safe% */ + sprintf(filename, BPF_FORMAT, b); +- sock = open (filename, O_RDWR, 0); ++ sock = open (filename, O_RDWR | O_CLOEXEC, 0); + if (sock < 0) { + if (errno == EBUSY) { + continue; +diff -up dhcp-4.3.3b1/common/dlpi.c.cloexec dhcp-4.3.3b1/common/dlpi.c +--- dhcp-4.3.3b1/common/dlpi.c.cloexec 2015-07-30 15:17:16.000000000 +0200 ++++ dhcp-4.3.3b1/common/dlpi.c 2015-08-10 10:46:20.275755506 +0200 +@@ -804,7 +804,7 @@ dlpiopen(const char *ifname) { + } + *dp = '\0'; + +- return open (devname, O_RDWR, 0); ++ return open (devname, O_RDWR | O_CLOEXEC, 0); + } + + /* +diff -up dhcp-4.3.3b1/common/nit.c.cloexec dhcp-4.3.3b1/common/nit.c +--- dhcp-4.3.3b1/common/nit.c.cloexec 2015-07-30 15:17:16.000000000 +0200 ++++ dhcp-4.3.3b1/common/nit.c 2015-08-10 10:46:20.275755506 +0200 +@@ -75,7 +75,7 @@ int if_register_nit (info) + struct strioctl sio; + + /* Open a NIT device */ +- sock = open ("/dev/nit", O_RDWR); ++ sock = open ("/dev/nit", O_RDWR | O_CLOEXEC); + if (sock < 0) + log_fatal ("Can't open NIT device for %s: %m", info -> name); + +diff -up dhcp-4.3.3b1/common/resolv.c.cloexec dhcp-4.3.3b1/common/resolv.c +--- dhcp-4.3.3b1/common/resolv.c.cloexec 2015-07-30 15:17:16.000000000 +0200 ++++ dhcp-4.3.3b1/common/resolv.c 2015-08-10 10:46:20.276755503 +0200 +@@ -44,7 +44,7 @@ void read_resolv_conf (parse_time) + struct domain_search_list *dp, *dl, *nd; + isc_result_t status; + +- if ((file = open (path_resolv_conf, O_RDONLY)) < 0) { ++ if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) { + log_error ("Can't open %s: %m", path_resolv_conf); + return; + } +diff -up dhcp-4.3.3b1/common/upf.c.cloexec dhcp-4.3.3b1/common/upf.c +--- dhcp-4.3.3b1/common/upf.c.cloexec 2015-07-30 15:17:16.000000000 +0200 ++++ dhcp-4.3.3b1/common/upf.c 2015-08-10 10:46:20.276755503 +0200 +@@ -71,7 +71,7 @@ int if_register_upf (info) + /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ + sprintf(filename, "/dev/pf/pfilt%d", b); + +- sock = open (filename, O_RDWR, 0); ++ sock = open (filename, O_RDWR | O_CLOEXEC, 0); + if (sock < 0) { + if (errno == EBUSY) { + continue; +diff -up dhcp-4.3.3b1/omapip/trace.c.cloexec dhcp-4.3.3b1/omapip/trace.c +--- dhcp-4.3.3b1/omapip/trace.c.cloexec 2015-07-30 15:17:16.000000000 +0200 ++++ dhcp-4.3.3b1/omapip/trace.c 2015-08-10 10:46:20.276755503 +0200 +@@ -138,10 +138,10 @@ isc_result_t trace_begin (const char *fi + return DHCP_R_INVALIDARG; + } + +- traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600); ++ traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600); + if (traceoutfile < 0 && errno == EEXIST) { + log_error ("WARNING: Overwriting trace file \"%s\"", filename); +- traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC, ++ traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC | O_CLOEXEC, + 0600); + } + +@@ -429,7 +429,7 @@ void trace_file_replay (const char *file + isc_result_t result; + int len; + +- traceinfile = fopen (filename, "r"); ++ traceinfile = fopen (filename, "re"); + if (!traceinfile) { + log_error("Can't open tracefile %s: %m", filename); + return; +diff -up dhcp-4.3.3b1/relay/dhcrelay.c.cloexec dhcp-4.3.3b1/relay/dhcrelay.c +--- dhcp-4.3.3b1/relay/dhcrelay.c.cloexec 2015-07-30 15:17:16.000000000 +0200 ++++ dhcp-4.3.3b1/relay/dhcrelay.c 2015-08-10 10:46:20.276755503 +0200 +@@ -187,11 +187,11 @@ main(int argc, char **argv) { + /* Make sure that file descriptors 0(stdin), 1,(stdout), and + 2(stderr) are open. To do this, we assume that when we + open a file the lowest available file descriptor is used. */ +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 0) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 1) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 2) + log_perror = 0; /* No sense logging to /dev/null. */ + else if (fd != -1) +@@ -558,13 +558,13 @@ main(int argc, char **argv) { + + if (no_pid_file == ISC_FALSE) { + pfdesc = open(path_dhcrelay_pid, +- O_CREAT | O_TRUNC | O_WRONLY, 0644); ++ O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); + + if (pfdesc < 0) { + log_error("Can't create %s: %m", + path_dhcrelay_pid); + } else { +- pf = fdopen(pfdesc, "w"); ++ pf = fdopen(pfdesc, "we"); + if (!pf) + log_error("Can't fdopen %s: %m", + path_dhcrelay_pid); +diff -up dhcp-4.3.3b1/server/confpars.c.cloexec dhcp-4.3.3b1/server/confpars.c +--- dhcp-4.3.3b1/server/confpars.c.cloexec 2015-07-30 15:17:16.000000000 +0200 ++++ dhcp-4.3.3b1/server/confpars.c 2015-08-10 10:46:20.277755500 +0200 +@@ -111,7 +111,7 @@ isc_result_t read_conf_file (const char + } + #endif + +- if ((file = open (filename, O_RDONLY)) < 0) { ++ if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) { + if (leasep) { + log_error ("Can't open lease database %s: %m --", + path_dhcpd_db); +diff -up dhcp-4.3.3b1/server/db.c.cloexec dhcp-4.3.3b1/server/db.c +--- dhcp-4.3.3b1/server/db.c.cloexec 2015-07-30 15:17:16.000000000 +0200 ++++ dhcp-4.3.3b1/server/db.c 2015-08-10 10:47:32.644518358 +0200 +@@ -1072,7 +1072,7 @@ void db_startup (testp) + } + #endif + if (!testp) { +- db_file = fopen (path_dhcpd_db, "a"); ++ db_file = fopen (path_dhcpd_db, "ae"); + if (!db_file) + log_fatal ("Can't open %s for append.", path_dhcpd_db); + expire_all_pools (); +@@ -1120,7 +1120,7 @@ int new_lease_file () + path_dhcpd_db, (int)t) >= sizeof newfname) + log_fatal("new_lease_file: lease file path too long"); + +- db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664); ++ db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0664); + if (db_fd < 0) { + log_error ("Can't create new lease file: %m"); + return 0; +@@ -1141,7 +1141,7 @@ int new_lease_file () + } + #endif /* PARANOIA */ + +- if ((new_db_file = fdopen(db_fd, "w")) == NULL) { ++ if ((new_db_file = fdopen(db_fd, "we")) == NULL) { + log_error("Can't fdopen new lease file: %m"); + close(db_fd); + goto fdfail; +diff -up dhcp-4.3.3b1/server/dhcpd.c.cloexec dhcp-4.3.3b1/server/dhcpd.c +--- dhcp-4.3.3b1/server/dhcpd.c.cloexec 2015-07-30 15:17:16.000000000 +0200 ++++ dhcp-4.3.3b1/server/dhcpd.c 2015-08-10 10:46:20.278755497 +0200 +@@ -194,11 +194,11 @@ main(int argc, char **argv) { + /* Make sure that file descriptors 0 (stdin), 1, (stdout), and + 2 (stderr) are open. To do this, we assume that when we + open a file the lowest available file descriptor is used. */ +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 0) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 1) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 2) + log_perror = 0; /* No sense logging to /dev/null. */ + else if (fd != -1) +@@ -743,7 +743,7 @@ main(int argc, char **argv) { + * appropriate. + */ + if (no_pid_file == ISC_FALSE) { +- i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644); ++ i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); + if (i >= 0) { + sprintf(pbuf, "%d\n", (int) getpid()); + IGNORE_RET(write(i, pbuf, strlen(pbuf))); +@@ -787,9 +787,9 @@ main(int argc, char **argv) { + (void) close(2); + + /* Reopen them on /dev/null. */ +- (void) open("/dev/null", O_RDWR); +- (void) open("/dev/null", O_RDWR); +- (void) open("/dev/null", O_RDWR); ++ (void) open("/dev/null", O_RDWR | O_CLOEXEC); ++ (void) open("/dev/null", O_RDWR | O_CLOEXEC); ++ (void) open("/dev/null", O_RDWR | O_CLOEXEC); + log_perror = 0; /* No sense logging to /dev/null. */ + + IGNORE_RET (chdir("/")); +diff -up dhcp-4.3.3b1/server/ldap.c.cloexec dhcp-4.3.3b1/server/ldap.c +--- dhcp-4.3.3b1/server/ldap.c.cloexec 2015-07-30 21:03:40.000000000 +0200 ++++ dhcp-4.3.3b1/server/ldap.c 2015-08-10 10:46:20.279755493 +0200 +@@ -1442,7 +1442,7 @@ ldap_start (void) + + if (ldap_debug_file != NULL && ldap_debug_fd == -1) + { +- if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY, ++ if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, + S_IRUSR | S_IWUSR)) < 0) + log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, + strerror (errno)); diff --git a/SOURCES/dhcp-CVE-2022-2928.patch b/SOURCES/dhcp-CVE-2022-2928.patch new file mode 100644 index 0000000..485b1d8 --- /dev/null +++ b/SOURCES/dhcp-CVE-2022-2928.patch @@ -0,0 +1,32 @@ +diff --git a/common/options.c b/common/options.c +index ed8ac38..addc65a 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -4397,6 +4397,8 @@ add_option(struct option_state *options, + if (!option_cache_allocate(&oc, MDL)) { + log_error("No memory for option cache adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + return 0; + } + +@@ -4408,6 +4410,8 @@ add_option(struct option_state *options, + MDL)) { + log_error("No memory for constant data adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + option_cache_dereference(&oc, MDL); + return 0; + } +@@ -4416,6 +4420,9 @@ add_option(struct option_state *options, + save_option(&dhcp_universe, options, oc); + option_cache_dereference(&oc, MDL); + ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); ++ + return 1; + } + diff --git a/SOURCES/dhcp-CVE-2022-2929.patch b/SOURCES/dhcp-CVE-2022-2929.patch new file mode 100644 index 0000000..d719bf6 --- /dev/null +++ b/SOURCES/dhcp-CVE-2022-2929.patch @@ -0,0 +1,25 @@ +diff --git a/common/options.c b/common/options.c +index addc65a..3e6383a 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -435,16 +435,16 @@ int fqdn_universe_decode (struct option_state *options, + while (s < &bp -> data[0] + length + 2) { + len = *s; + if (len > 63) { +- log_info ("fancy bits in fqdn option"); +- return 0; ++ log_info ("label length exceeds 63 in fqdn option"); ++ goto bad; + } + if (len == 0) { + terminated = 1; + break; + } + if (s + len > &bp -> data [0] + length + 3) { +- log_info ("fqdn tag longer than buffer"); +- return 0; ++ log_info ("fqdn label longer than buffer"); ++ goto bad; + } + + if (first_len == 0) { diff --git a/SOURCES/dhcp-IPoIB-log-id.patch b/SOURCES/dhcp-IPoIB-log-id.patch new file mode 100644 index 0000000..e0369bb --- /dev/null +++ b/SOURCES/dhcp-IPoIB-log-id.patch @@ -0,0 +1,164 @@ +--- a/server/dhcp.c 2017-07-14 15:32:14.611104590 +0200 ++++ b/server/dhcp.c 2017-07-14 15:34:17.508858018 +0200 +@@ -87,6 +87,42 @@ + + static TIME leaseTimeCheck(TIME calculated, TIME alternate); + ++char *print_client_identifier_from_packet (packet) ++ struct packet *packet; ++{ ++ struct option_cache *oc; ++ struct data_string client_identifier; ++ char *ci; ++ ++ memset (&client_identifier, 0, sizeof client_identifier); ++ ++ oc = lookup_option (&dhcp_universe, packet -> options, ++ DHO_DHCP_CLIENT_IDENTIFIER); ++ if (oc && ++ evaluate_option_cache (&client_identifier, ++ packet, (struct lease *)0, ++ (struct client_state *)0, ++ packet -> options, ++ (struct option_state *)0, ++ &global_scope, oc, MDL)) { ++ ci = print_hw_addr (HTYPE_INFINIBAND, client_identifier.len, client_identifier.data); ++ data_string_forget (&client_identifier, MDL); ++ return ci; ++ } else ++ return "\"no client id\""; ++} ++ ++char *print_hw_addr_or_client_id (packet) ++ struct packet *packet; ++{ ++ if (packet -> raw -> htype == HTYPE_INFINIBAND) ++ return print_client_identifier_from_packet (packet); ++ else ++ return print_hw_addr (packet -> raw -> htype, ++ packet -> raw -> hlen, ++ packet -> raw -> chaddr); ++} ++ + void + dhcp (struct packet *packet) { + int ms_nulltp = 0; +@@ -129,9 +165,7 @@ + + log_info("%s from %s via %s: %s", s, + (packet->raw->htype +- ? print_hw_addr(packet->raw->htype, +- packet->raw->hlen, +- packet->raw->chaddr) ++ ? print_hw_addr_or_client_id(packet) + : ""), + packet->raw->giaddr.s_addr + ? inet_ntoa(packet->raw->giaddr) +@@ -328,9 +362,7 @@ + #endif + snprintf (msgbuf, sizeof msgbuf, "DHCPDISCOVER from %s %s%s%svia %s", + (packet -> raw -> htype +- ? print_hw_addr (packet -> raw -> htype, +- packet -> raw -> hlen, +- packet -> raw -> chaddr) ++ ? print_hw_addr_or_client_id (packet) + : (lease + ? print_hex_1(lease->uid_len, lease->uid, 60) + : "")), +@@ -542,9 +574,7 @@ + "DHCPREQUEST for %s%s from %s %s%s%svia %s", + piaddr (cip), smbuf, + (packet -> raw -> htype +- ? print_hw_addr (packet -> raw -> htype, +- packet -> raw -> hlen, +- packet -> raw -> chaddr) ++ ? print_hw_addr_or_client_id(packet) + : (lease + ? print_hex_1(lease->uid_len, lease->uid, 60) + : "")), +@@ -785,9 +815,7 @@ + if ((oc = lookup_option (&dhcp_universe, packet -> options, + DHO_DHCP_REQUESTED_ADDRESS))) { + log_info ("DHCPRELEASE from %s specified requested-address.", +- print_hw_addr (packet -> raw -> htype, +- packet -> raw -> hlen, +- packet -> raw -> chaddr)); ++ print_hw_addr_or_client_id(packet)); + } + + oc = lookup_option (&dhcp_universe, packet -> options, +@@ -879,9 +907,7 @@ + "DHCPRELEASE of %s from %s %s%s%svia %s (%sfound)", + cstr, + (packet -> raw -> htype +- ? print_hw_addr (packet -> raw -> htype, +- packet -> raw -> hlen, +- packet -> raw -> chaddr) ++ ? print_hw_addr_or_client_id(packet) + : (lease + ? print_hex_1(lease->uid_len, lease->uid, 60) + : "")), +@@ -986,9 +1012,7 @@ + "DHCPDECLINE of %s from %s %s%s%svia %s", + piaddr (cip), + (packet -> raw -> htype +- ? print_hw_addr (packet -> raw -> htype, +- packet -> raw -> hlen, +- packet -> raw -> chaddr) ++ ? print_hw_addr_or_client_id(packet) + : (lease + ? print_hex_1(lease->uid_len, lease->uid, 60) + : "")), +@@ -1707,8 +1731,7 @@ + /* Report what we're sending. */ + snprintf(msgbuf, sizeof msgbuf, "DHCPACK to %s (%s) via", piaddr(cip), + (packet->raw->htype && packet->raw->hlen) ? +- print_hw_addr(packet->raw->htype, packet->raw->hlen, +- packet->raw->chaddr) : ++ print_hw_addr_or_client_id(packet) : + ""); + log_info("%s %s", msgbuf, gip.len ? piaddr(gip) : + packet->interface->name); +@@ -1886,9 +1909,7 @@ + #endif + log_info ("DHCPNAK on %s to %s via %s", + piaddr (*cip), +- print_hw_addr (packet -> raw -> htype, +- packet -> raw -> hlen, +- packet -> raw -> chaddr), ++ print_hw_addr_or_client_id(packet), + packet -> raw -> giaddr.s_addr + ? inet_ntoa (packet -> raw -> giaddr) + : packet -> interface -> name); +@@ -3897,7 +3918,7 @@ + ? (state -> offer == DHCPACK ? "DHCPACK" : "DHCPOFFER") + : "BOOTREPLY"), + piaddr (lease -> ip_addr), +- (lease -> hardware_addr.hlen ++ (lease -> hardware_addr.hlen > 1 + ? print_hw_addr (lease -> hardware_addr.hbuf [0], + lease -> hardware_addr.hlen - 1, + &lease -> hardware_addr.hbuf [1]) +@@ -4450,10 +4471,7 @@ + if (uid_lease) { + if (uid_lease->binding_state == FTS_ACTIVE) { + log_error ("client %s has duplicate%s on %s", +- (print_hw_addr +- (packet -> raw -> htype, +- packet -> raw -> hlen, +- packet -> raw -> chaddr)), ++ (print_hw_addr_or_client_id(packet)), + " leases", + (ip_lease -> subnet -> + shared_network -> name)); +@@ -4620,9 +4638,7 @@ + log_error("uid lease %s for client %s is duplicate " + "on %s", + piaddr(uid_lease->ip_addr), +- print_hw_addr(packet->raw->htype, +- packet->raw->hlen, +- packet->raw->chaddr), ++ print_hw_addr_or_client_id(packet), + uid_lease->subnet->shared_network->name); + + if (!packet -> raw -> ciaddr.s_addr && diff --git a/SOURCES/dhcp-PPP.patch b/SOURCES/dhcp-PPP.patch new file mode 100644 index 0000000..b3d82ea --- /dev/null +++ b/SOURCES/dhcp-PPP.patch @@ -0,0 +1,150 @@ +diff -up dhcp-4.3.4/client/dhc6.c.PPP dhcp-4.3.4/client/dhc6.c +--- dhcp-4.3.4/client/dhc6.c.PPP 2016-04-29 12:46:29.824988665 +0200 ++++ dhcp-4.3.4/client/dhc6.c 2016-04-29 12:46:29.828988666 +0200 +@@ -5641,7 +5641,8 @@ make_client6_options(struct client_state + */ + if ((oc = lookup_option(&dhcpv6_universe, *op, + D6O_CLIENTID)) == NULL) { +- if (!option_cache(&oc, &default_duid, NULL, clientid_option, ++ if (default_duid.len == 0 || ++ !option_cache(&oc, &default_duid, NULL, clientid_option, + MDL)) + log_fatal("Failure assembling a DUID."); + +diff -up dhcp-4.3.4/client/dhclient.c.PPP dhcp-4.3.4/client/dhclient.c +--- dhcp-4.3.4/client/dhclient.c.PPP 2016-04-29 12:46:29.815988664 +0200 ++++ dhcp-4.3.4/client/dhclient.c 2016-04-29 12:46:29.830988666 +0200 +@@ -1077,8 +1077,8 @@ main(int argc, char **argv) { + if (default_duid.buffer != NULL) + data_string_forget(&default_duid, MDL); + +- form_duid(&default_duid, MDL); +- write_duid(&default_duid); ++ if (form_duid(&default_duid, MDL) == ISC_R_SUCCESS) ++ write_duid(&default_duid); + } + } + +@@ -3808,7 +3808,7 @@ write_options(struct client_state *clien + * is not how it is intended. Upcoming rearchitecting the client should + * address this "one daemon model." + */ +-void ++isc_result_t + form_duid(struct data_string *duid, const char *file, int line) + { + struct interface_info *ip; +@@ -3821,6 +3821,15 @@ form_duid(struct data_string *duid, cons + if (ip == NULL) + log_fatal("Impossible condition at %s:%d.", MDL); + ++ while (ip && ip->hw_address.hbuf[0] == HTYPE_RESERVED) { ++ /* Try the other interfaces */ ++ log_debug("Cannot form default DUID from interface %s.", ip->name); ++ ip = ip->next; ++ } ++ if (ip == NULL) { ++ return ISC_R_UNEXPECTED; ++ } ++ + if ((ip->hw_address.hlen == 0) || + (ip->hw_address.hlen > sizeof(ip->hw_address.hbuf))) + log_fatal("Impossible hardware address length at %s:%d.", MDL); +@@ -3866,6 +3875,8 @@ form_duid(struct data_string *duid, cons + log_info("Created duid %s.", str); + dfree(str, MDL); + } ++ ++ return ISC_R_SUCCESS; + } + + /* Write the default DUID to the lease store. */ +diff -up dhcp-4.3.4/common/bpf.c.PPP dhcp-4.3.4/common/bpf.c +--- dhcp-4.3.4/common/bpf.c.PPP 2016-04-29 12:46:29.794988660 +0200 ++++ dhcp-4.3.4/common/bpf.c 2016-04-29 12:46:29.830988666 +0200 +@@ -599,6 +599,22 @@ get_hw_addr(const char *name, struct har + memcpy(&hw->hbuf[1], LLADDR(sa), sa->sdl_alen); + break; + #endif /* IFT_FDDI */ ++#if defined(IFT_PPP) ++ case IFT_PPP: ++ if (local_family != AF_INET6) ++ log_fatal("Unsupported device type %d for \"%s\"", ++ sa->sdl_type, name); ++ hw->hlen = 0; ++ hw->hbuf[0] = HTYPE_RESERVED; ++ /* 0xdeadbeef should never occur on the wire, ++ * and is a signature that something went wrong. ++ */ ++ hw->hbuf[1] = 0xde; ++ hw->hbuf[2] = 0xad; ++ hw->hbuf[3] = 0xbe; ++ hw->hbuf[4] = 0xef; ++ break; ++#endif + default: + log_fatal("Unsupported device type %d for \"%s\"", + sa->sdl_type, name); +diff -up dhcp-4.3.4/common/lpf.c.PPP dhcp-4.3.4/common/lpf.c +--- dhcp-4.3.4/common/lpf.c.PPP 2016-03-22 14:16:51.000000000 +0100 ++++ dhcp-4.3.4/common/lpf.c 2016-04-29 12:46:29.830988666 +0200 +@@ -548,6 +548,22 @@ get_hw_addr(const char *name, struct har + hw->hbuf[0] = HTYPE_FDDI; + memcpy(&hw->hbuf[1], sa->sa_data, 6); + break; ++#if defined(ARPHRD_PPP) ++ case ARPHRD_PPP: ++ if (local_family != AF_INET6) ++ log_fatal("Unsupported device type %d for \"%s\"", ++ sa->sa_family, name); ++ hw->hlen = 0; ++ hw->hbuf[0] = HTYPE_RESERVED; ++ /* 0xdeadbeef should never occur on the wire, ++ * and is a signature that something went wrong. ++ */ ++ hw->hbuf[1] = 0xde; ++ hw->hbuf[2] = 0xad; ++ hw->hbuf[3] = 0xbe; ++ hw->hbuf[4] = 0xef; ++ break; ++#endif + default: + log_fatal("Unsupported device type %ld for \"%s\"", + (long int)sa->sa_family, name); +diff -up dhcp-4.3.4/includes/dhcpd.h.PPP dhcp-4.3.4/includes/dhcpd.h +--- dhcp-4.3.4/includes/dhcpd.h.PPP 2016-04-29 12:46:29.831988667 +0200 ++++ dhcp-4.3.4/includes/dhcpd.h 2016-04-29 12:47:13.167995959 +0200 +@@ -2990,7 +2990,7 @@ void client_dns_remove(struct client_sta + + void dhcpv4_client_assignments(void); + void dhcpv6_client_assignments(void); +-void form_duid(struct data_string *duid, const char *file, int line); ++isc_result_t form_duid(struct data_string *duid, const char *file, int line); + + void dhcp4o6_start(void); + +diff -up dhcp-4.3.4/includes/dhcp.h.PPP dhcp-4.3.4/includes/dhcp.h +--- dhcp-4.3.4/includes/dhcp.h.PPP 2016-04-29 12:46:29.822988665 +0200 ++++ dhcp-4.3.4/includes/dhcp.h 2016-04-29 12:46:29.832988667 +0200 +@@ -81,6 +81,8 @@ struct dhcp_packet { + * is no standard for this so we + * just steal a type */ + ++#define HTYPE_RESERVED 0 /* RFC 5494 */ ++ + /* Magic cookie validating dhcp options field (and bootp vendor + extensions field). */ + #define DHCP_OPTIONS_COOKIE "\143\202\123\143" +diff -up dhcp-4.3.4/server/dhcpv6.c.PPP dhcp-4.3.4/server/dhcpv6.c +--- dhcp-4.3.4/server/dhcpv6.c.PPP 2016-03-22 14:16:51.000000000 +0100 ++++ dhcp-4.3.4/server/dhcpv6.c 2016-04-29 12:46:29.833988667 +0200 +@@ -454,6 +454,9 @@ generate_new_server_duid(void) { + if (p->hw_address.hlen > 0) { + break; + } ++ if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) { ++ log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!"); ++ } + } + if (p == NULL) { + return ISC_R_UNEXPECTED; diff --git a/SOURCES/dhcp-add_timeout_when_NULL.patch b/SOURCES/dhcp-add_timeout_when_NULL.patch new file mode 100644 index 0000000..103824c --- /dev/null +++ b/SOURCES/dhcp-add_timeout_when_NULL.patch @@ -0,0 +1,14 @@ +diff -up dhcp-4.3.0a1/common/dispatch.c.dracut dhcp-4.3.0a1/common/dispatch.c +--- dhcp-4.3.0a1/common/dispatch.c.dracut 2013-12-11 01:25:12.000000000 +0100 ++++ dhcp-4.3.0a1/common/dispatch.c 2013-12-19 15:39:50.350505860 +0100 +@@ -210,6 +210,10 @@ void add_timeout (when, where, what, ref + isc_interval_t interval; + isc_time_t expires; + ++ if (when == NULL) { ++ return; ++ } ++ + /* See if this timeout supersedes an existing timeout. */ + t = (struct timeout *)0; + for (q = timeouts; q; q = q->next) { diff --git a/SOURCES/dhcp-bind-9.11.patch b/SOURCES/dhcp-bind-9.11.patch new file mode 100644 index 0000000..d404197 --- /dev/null +++ b/SOURCES/dhcp-bind-9.11.patch @@ -0,0 +1,85 @@ +From ffb24c0bbd4d6f2b4718a1a8f4f2da237cc6ed66 Mon Sep 17 00:00:00 2001 +From: Thomas Markwalder +Date: Fri, 14 Sep 2018 13:41:41 -0400 +Subject: [PATCH] [master] Added includes of new BIND9 compatibility headers, + updated util/bind.sh + + Merges in rt48072. + +(cherry picked from commit 8194daabfd590f17825f0c61e9534bee5c99cc86) +--- + includes/omapip/isclib.h | 3 +++ + includes/omapip/result.h | 1 + + server/dhcpv6.c | 13 +++++++++---- + 3 files changed, 13 insertions(+), 4 deletions(-) + +diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h +index e2963089..fa5d9ad3 100644 +--- a/includes/omapip/isclib.h ++++ b/includes/omapip/isclib.h +@@ -48,6 +48,9 @@ + #include + #include + ++#include ++#include ++ + #include + #include + #include +diff --git a/includes/omapip/result.h b/includes/omapip/result.h +index ae5f7d6a..9c1fab23 100644 +--- a/includes/omapip/result.h ++++ b/includes/omapip/result.h +@@ -26,6 +26,7 @@ + #ifndef DHCP_RESULT_H + #define DHCP_RESULT_H 1 + ++#include + #include + #include + #include +diff --git a/server/dhcpv6.c b/server/dhcpv6.c +index 74487667..1a6ff241 100644 +--- a/server/dhcpv6.c ++++ b/server/dhcpv6.c +@@ -1003,7 +1003,8 @@ void check_pool6_threshold(struct reply_state *reply, + shared_name, + inet_ntop(AF_INET6, &lease->addr, + tmp_addr, sizeof(tmp_addr)), +- used, count); ++ (long long unsigned)(used), ++ (long long unsigned)(count)); + } + return; + } +@@ -1035,7 +1036,8 @@ void check_pool6_threshold(struct reply_state *reply, + "address: %s; high threshold %d%% %llu/%llu.", + shared_name, + inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)), +- poolhigh, used, count); ++ poolhigh, (long long unsigned)(used), ++ (long long unsigned)(count)); + + /* handle the low threshold now, if we don't + * have one we default to 0. */ +@@ -1383,12 +1385,15 @@ pick_v6_address(struct reply_state *reply) + log_debug("Unable to pick client address: " + "no addresses available - shared network %s: " + " 2^64-1 < total, %llu active, %llu abandoned", +- shared_name, active - abandoned, abandoned); ++ shared_name, (long long unsigned)(active - abandoned), ++ (long long unsigned)(abandoned)); + } else { + log_debug("Unable to pick client address: " + "no addresses available - shared network %s: " + "%llu total, %llu active, %llu abandoned", +- shared_name, total, active - abandoned, abandoned); ++ shared_name, (long long unsigned)(total), ++ (long long unsigned)(active - abandoned), ++ (long long unsigned)(abandoned)); + } + + return ISC_R_NORESOURCES; +-- +2.14.5 diff --git a/SOURCES/dhcp-capability.patch b/SOURCES/dhcp-capability.patch new file mode 100644 index 0000000..49dfbee --- /dev/null +++ b/SOURCES/dhcp-capability.patch @@ -0,0 +1,257 @@ +diff --git a/client/Makefile.am b/client/Makefile.am +index b1ecf82..387c097 100644 +--- a/client/Makefile.am ++++ b/client/Makefile.am +@@ -15,6 +15,7 @@ dhclient_SOURCES = clparse.c dhclient.c dhc6.c \ + scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ + scripts/netbsd scripts/nextstep scripts/openbsd \ + scripts/solaris scripts/openwrt +-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(BIND_LIBS) ++dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ ++ $(CAPNG_LDADD) $(BIND_LIBS) + man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 + EXTRA_DIST = $(man_MANS) +diff --git a/client/dhclient-script.8 b/client/dhclient-script.8 +index 3a3aaf7..fec726c 100644 +--- a/client/dhclient-script.8 ++++ b/client/dhclient-script.8 +@@ -245,6 +245,16 @@ repeatedly initialized to the values provided by one server, and then + the other. Assuming the information provided by both servers is + valid, this shouldn't cause any real problems, but it could be + confusing. ++.PP ++Normally, if dhclient was compiled with libcap-ng support, ++dhclient drops most capabilities immediately upon startup. ++While more secure, this greatly restricts the additional actions that ++hooks in dhclient-script can take. For example, any daemons that ++dhclient-script starts or restarts will inherit the restricted ++capabilities as well, which may interfere with their correct operation. ++Thus, the ++.BI \-nc ++option can be used to prevent dhclient from dropping capabilities. + .SH SEE ALSO + dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and + dhclient.leases(5). +diff --git a/client/dhclient.8 b/client/dhclient.8 +index aa2238d..005cda5 100644 +--- a/client/dhclient.8 ++++ b/client/dhclient.8 +@@ -134,6 +134,9 @@ dhclient - Dynamic Host Configuration Protocol Client + .B -w + ] + [ ++.B -nc ++] ++[ + .B -B + ] + [ +@@ -320,6 +323,32 @@ not to exit when it doesn't find any such interfaces. The + program can then be used to notify the client when a network interface + has been added or removed, so that the client can attempt to configure an IP + address on that interface. ++.TP ++.BI \-nc ++Do not drop capabilities. ++ ++Normally, if ++.B dhclient ++was compiled with libcap-ng support, ++.B dhclient ++drops most capabilities immediately upon startup. While more secure, ++this greatly restricts the additional actions that hooks in ++.B dhclient-script (8) ++can take. (For example, any daemons that ++.B dhclient-script (8) ++starts or restarts will inherit the restricted capabilities as well, ++which may interfere with their correct operation.) Thus, the ++.BI \-nc ++option can be used to prevent ++.B dhclient ++from dropping capabilities. ++ ++The ++.BI \-nc ++option is ignored if ++.B dhclient ++was not compiled with libcap-ng support. ++ + .TP + .BI \-n + Do not configure any interfaces. This is most likely to be useful in +diff --git a/client/dhclient.c b/client/dhclient.c +index 09ae09b..2d564ff 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -40,6 +40,10 @@ + #include + #include + ++#ifdef HAVE_LIBCAP_NG ++#include ++#endif ++ + /* + * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define + * that when building ISC code. +@@ -239,6 +243,9 @@ main(int argc, char **argv) { + int timeout_arg = 0; + char *arg_conf = NULL; + int arg_conf_len = 0; ++#ifdef HAVE_LIBCAP_NG ++ int keep_capabilities = 0; ++#endif + + /* Initialize client globals. */ + memset(&default_duid, 0, sizeof(default_duid)); +@@ -548,6 +555,10 @@ main(int argc, char **argv) { + } + + dhclient_request_options = argv[i]; ++ } else if (!strcmp(argv[i], "-nc")) { ++#ifdef HAVE_LIBCAP_NG ++ keep_capabilities = 1; ++#endif + } else if (argv[i][0] == '-') { + usage("Unknown command: %s", argv[i]); + } else if (interfaces_requested < 0) { +@@ -608,6 +619,19 @@ main(int argc, char **argv) { + path_dhclient_script = s; + } + ++#ifdef HAVE_LIBCAP_NG ++ /* Drop capabilities */ ++ if (!keep_capabilities) { ++ capng_clear(CAPNG_SELECT_CAPS); ++ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, ++ CAP_DAC_OVERRIDE); // Drop this someday ++ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, ++ CAP_NET_ADMIN, CAP_NET_RAW, ++ CAP_NET_BIND_SERVICE, CAP_SYS_ADMIN, -1); ++ capng_apply(CAPNG_SELECT_CAPS); ++ } ++#endif ++ + /* Set up the initial dhcp option universe. */ + initialize_common_option_spaces(); + +diff --git a/configure.ac b/configure.ac +index adc98a8..8bbe5ca 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -592,6 +592,41 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void foo() __attribute__((noreturn)); + # Look for optional headers. + AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) + ++# look for capabilities library ++AC_ARG_WITH(libcap-ng, ++ [ --with-libcap-ng=[auto/yes/no] Add Libcap-ng support [default=auto]],, ++ with_libcap_ng=auto) ++ ++# Check for Libcap-ng API ++# ++# libcap-ng detection ++if test x$with_libcap_ng = xno ; then ++ have_libcap_ng=no; ++else ++ # Start by checking for header file ++ AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no) ++ ++ # See if we have libcap-ng library ++ AC_CHECK_LIB(cap-ng, capng_clear, ++ CAPNG_LDADD=-lcap-ng,) ++ ++ # Check results are usable ++ if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then ++ AC_MSG_ERROR(libcap-ng support was requested and the library was not found) ++ fi ++ if test x$CAPNG_LDADD != x -a $capng_headers = no ; then ++ AC_MSG_ERROR(libcap-ng libraries found but headers are missing) ++ fi ++fi ++AC_SUBST(CAPNG_LDADD) ++AC_MSG_CHECKING(whether to use libcap-ng) ++if test x$CAPNG_LDADD != x ; then ++ AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support]) ++ AC_MSG_RESULT(yes) ++else ++ AC_MSG_RESULT(no) ++fi ++ + # Solaris needs some libraries for functions + AC_SEARCH_LIBS(socket, [socket]) + AC_SEARCH_LIBS(inet_ntoa, [nsl]) +diff --git a/relay/Makefile.am b/relay/Makefile.am +index 316a524..999e543 100644 +--- a/relay/Makefile.am ++++ b/relay/Makefile.am +@@ -5,7 +5,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' + sbin_PROGRAMS = dhcrelay + dhcrelay_SOURCES = dhcrelay.c + dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ +- $(BIND_LIBS) ++ $(CAPNG_LDADD) $(BIND_LIBS) + man_MANS = dhcrelay.8 + EXTRA_DIST = $(man_MANS) + +diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c +index eac119c..d2ab448 100644 +--- a/relay/dhcrelay.c ++++ b/relay/dhcrelay.c +@@ -32,6 +32,11 @@ + #include + #include + ++#ifdef HAVE_LIBCAP_NG ++# include ++ int keep_capabilities = 0; ++#endif ++ + TIME default_lease_time = 43200; /* 12 hours... */ + TIME max_lease_time = 86400; /* 24 hours... */ + struct tree_cache *global_options[256]; +@@ -472,6 +477,10 @@ main(int argc, char **argv) { + if (++i == argc) + usage(use_noarg, argv[i-1]); + dhcrelay_sub_id = argv[i]; ++#endif ++ } else if (!strcmp(argv[i], "-nc")) { ++#ifdef HAVE_LIBCAP_NG ++ keep_capabilities = 1; + #endif + } else if (!strcmp(argv[i], "-pf")) { + if (++i == argc) +@@ -547,6 +556,17 @@ main(int argc, char **argv) { + #endif + } + ++#ifdef HAVE_LIBCAP_NG ++ /* Drop capabilities */ ++ if (!keep_capabilities) { ++ capng_clear(CAPNG_SELECT_BOTH); ++ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, ++ CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1); ++ capng_apply(CAPNG_SELECT_BOTH); ++ log_info ("Dropped all unnecessary capabilities."); ++ } ++#endif ++ + if (!quiet) { + log_info("%s %s", message, PACKAGE_VERSION); + log_info(copyright); +@@ -699,6 +719,15 @@ main(int argc, char **argv) { + signal(SIGTERM, dhcp_signal_handler); /* kill */ + #endif + ++#ifdef HAVE_LIBCAP_NG ++ /* Drop all capabilities */ ++ if (!keep_capabilities) { ++ capng_clear(CAPNG_SELECT_BOTH); ++ capng_apply(CAPNG_SELECT_BOTH); ++ log_info ("Dropped all capabilities."); ++ } ++#endif ++ + /* Start dispatching packets and timeouts... */ + dispatch(); + diff --git a/SOURCES/dhcp-client-request-release-bind-iface.patch b/SOURCES/dhcp-client-request-release-bind-iface.patch new file mode 100644 index 0000000..7b9f271 --- /dev/null +++ b/SOURCES/dhcp-client-request-release-bind-iface.patch @@ -0,0 +1,61 @@ +diff -up dhcp-4.3.4/client/dhclient.c.bind-iface dhcp-4.3.4/client/dhclient.c +--- dhcp-4.3.4/client/dhclient.c.bind-iface 2016-04-29 13:06:50.595257108 +0200 ++++ dhcp-4.3.4/client/dhclient.c 2016-04-29 13:08:30.237281528 +0200 +@@ -3023,6 +3023,14 @@ void send_request (cpp) + #endif + if (destination.sin_addr.s_addr != INADDR_BROADCAST && + fallback_interface) { ++#if defined(SO_BINDTODEVICE) ++ if (setsockopt(fallback_interface -> wfdesc, SOL_SOCKET, ++ SO_BINDTODEVICE, client->interface->name, ++ strlen(client->interface->name)) < 0) { ++ log_error("%s:%d: Failed to bind fallback interface" ++ " to %s: %m", MDL, client->interface->name); ++ } ++#endif + result = send_packet(fallback_interface, NULL, &client->packet, + client->packet_length, from, &destination, + NULL); +@@ -3032,6 +3040,13 @@ void send_request (cpp) + client->packet_length, + fallback_interface->name); + } ++#if defined(SO_BINDTODEVICE) ++ if (setsockopt(fallback_interface -> wfdesc, SOL_SOCKET, ++ SO_BINDTODEVICE, NULL, 0) < 0) { ++ log_fatal("%s:%d: Failed to unbind fallback interface:" ++ " %m", MDL); ++ } ++#endif + } + else { + /* Send out a packet. */ +@@ -3144,6 +3159,14 @@ void send_release (cpp) + } else + #endif + if (fallback_interface) { ++#if defined(SO_BINDTODEVICE) ++ if (setsockopt(fallback_interface -> wfdesc, SOL_SOCKET, ++ SO_BINDTODEVICE, client->interface->name, ++ strlen(client->interface->name)) < 0) { ++ log_error("%s:%d: Failed to bind fallback interface" ++ " to %s: %m", MDL, client->interface->name); ++ } ++#endif + result = send_packet(fallback_interface, NULL, &client->packet, + client->packet_length, from, &destination, + NULL); +@@ -3153,6 +3176,13 @@ void send_release (cpp) + client->packet_length, + fallback_interface->name); + } ++#if defined(SO_BINDTODEVICE) ++ if (setsockopt(fallback_interface -> wfdesc, SOL_SOCKET, ++ SO_BINDTODEVICE, NULL, 0) < 0) { ++ log_fatal("%s:%d: Failed to unbind fallback interface:" ++ " %m", MDL); ++ } ++#endif + } else { + /* Send out a packet. */ + result = send_packet(client->interface, NULL, &client->packet, diff --git a/SOURCES/dhcp-default-requested-options.patch b/SOURCES/dhcp-default-requested-options.patch new file mode 100644 index 0000000..f57fa1f --- /dev/null +++ b/SOURCES/dhcp-default-requested-options.patch @@ -0,0 +1,44 @@ +diff -up dhcp-4.3.4/client/clparse.c.requested dhcp-4.3.4/client/clparse.c +--- dhcp-4.3.4/client/clparse.c.requested 2016-04-29 12:18:50.157151352 +0200 ++++ dhcp-4.3.4/client/clparse.c 2016-04-29 12:19:22.235137243 +0200 +@@ -31,7 +31,7 @@ + + struct client_config top_level_config; + +-#define NUM_DEFAULT_REQUESTED_OPTS 9 ++#define NUM_DEFAULT_REQUESTED_OPTS 14 + /* There can be 2 extra requested options for DHCPv4-over-DHCPv6. */ + struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 2 + 1]; + +@@ -116,6 +116,31 @@ isc_result_t read_client_conf () + option_code_hash_lookup(&default_requested_options[8], + dhcpv6_universe.code_hash, &code, 0, MDL); + ++ /* 10 */ ++ code = DHO_NIS_DOMAIN; ++ option_code_hash_lookup(&default_requested_options[9], ++ dhcp_universe.code_hash, &code, 0, MDL); ++ ++ /* 11 */ ++ code = DHO_NIS_SERVERS; ++ option_code_hash_lookup(&default_requested_options[10], ++ dhcp_universe.code_hash, &code, 0, MDL); ++ ++ /* 12 */ ++ code = DHO_NTP_SERVERS; ++ option_code_hash_lookup(&default_requested_options[11], ++ dhcp_universe.code_hash, &code, 0, MDL); ++ ++ /* 13 */ ++ code = DHO_INTERFACE_MTU; ++ option_code_hash_lookup(&default_requested_options[12], ++ dhcp_universe.code_hash, &code, 0, MDL); ++ ++ /* 14 */ ++ code = DHO_DOMAIN_SEARCH; ++ option_code_hash_lookup(&default_requested_options[13], ++ dhcp_universe.code_hash, &code, 0, MDL); ++ + for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) { + if (default_requested_options[code] == NULL) + log_fatal("Unable to find option definition for " diff --git a/SOURCES/dhcp-detect-system-time-jumps.patch b/SOURCES/dhcp-detect-system-time-jumps.patch new file mode 100644 index 0000000..cf38d0d --- /dev/null +++ b/SOURCES/dhcp-detect-system-time-jumps.patch @@ -0,0 +1,93 @@ +From 41c6032ace65119e6a400365f7e90283c930afd4 Mon Sep 17 00:00:00 2001 +From: Pavel Zhukov +Date: Tue, 22 Oct 2019 16:23:01 +0200 +Subject: [PATCH 24/26] Detect system time changes +Cc: pzhukov@redhat.com + +--- + client/dhclient.c | 6 ++++++ + common/dispatch.c | 11 ++++++++++- + includes/dhcpd.h | 3 ++- + server/dhcpd.c | 6 ++++++ + 4 files changed, 24 insertions(+), 2 deletions(-) + +diff --git a/client/dhclient.c b/client/dhclient.c +index 9b65438..44d508a 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -5408,6 +5408,12 @@ isc_result_t dhcp_set_control_state (control_object_state_t oldstate, + case server_awaken: + state_reboot (client); + break; ++ ++ case server_time_changed: ++ if (client->active){ ++ state_reboot (client); ++ } ++ break; + } + } + } +diff --git a/common/dispatch.c b/common/dispatch.c +index d7fe200..8a24499 100644 +--- a/common/dispatch.c ++++ b/common/dispatch.c +@@ -118,7 +118,6 @@ dispatch(void) + * signal. It will return ISC_R_RELOAD in that + * case. That is a normal behavior. + */ +- + if (status == ISC_R_RELOAD) { + /* + * dhcp_set_control_state() will do the job. +@@ -129,6 +128,16 @@ dispatch(void) + if (status == ISC_R_SUCCESS) + status = ISC_R_RELOAD; + } ++ ++ ++ if (status == ISC_R_TIMESHIFTED){ ++ status = dhcp_set_control_state(server_time_changed, ++ server_time_changed); ++ status = ISC_R_RELOAD; ++ log_info ("System time has been changed. Unable to use existing leases. Restarting"); ++ // do nothing, restart context ++ }; ++ + } while (status == ISC_R_RELOAD); + + log_fatal ("Dispatch routine failed: %s -- exiting", +diff --git a/includes/dhcpd.h b/includes/dhcpd.h +index 635c510..ec6c227 100644 +--- a/includes/dhcpd.h ++++ b/includes/dhcpd.h +@@ -524,7 +524,8 @@ typedef enum { + server_running = 1, + server_shutdown = 2, + server_hibernate = 3, +- server_awaken = 4 ++ server_awaken = 4, ++ server_time_changed = 5 + } control_object_state_t; + + typedef struct { +diff --git a/server/dhcpd.c b/server/dhcpd.c +index 530a923..4aef16b 100644 +--- a/server/dhcpd.c ++++ b/server/dhcpd.c +@@ -1767,6 +1767,12 @@ isc_result_t dhcp_set_control_state (control_object_state_t oldstate, + { + struct timeval tv; + ++ if (newstate == server_time_changed){ ++ log_error ("System time has been changed. Leases information unreliable!"); ++ return ISC_R_SUCCESS; ++ } ++ ++ + if (newstate != server_shutdown) + return DHCP_R_INVALIDARG; + /* Re-entry. */ +-- +2.14.5 + diff --git a/SOURCES/dhcp-dhclient-decline-backoff.patch b/SOURCES/dhcp-dhclient-decline-backoff.patch new file mode 100644 index 0000000..1fc1c12 --- /dev/null +++ b/SOURCES/dhcp-dhclient-decline-backoff.patch @@ -0,0 +1,63 @@ +diff -up dhcp-4.3.4/client/dhclient.c.backoff dhcp-4.3.4/client/dhclient.c +--- dhcp-4.3.4/client/dhclient.c.backoff 2016-04-29 12:16:26.976245611 +0200 ++++ dhcp-4.3.4/client/dhclient.c 2016-04-29 12:16:26.979245609 +0200 +@@ -1423,6 +1423,8 @@ void state_init (cpp) + void *cpp; + { + struct client_state *client = cpp; ++ enum dhcp_state init_state = client->state; ++ struct timeval tv; + + ASSERT_STATE(state, S_INIT); + +@@ -1435,9 +1437,18 @@ void state_init (cpp) + client -> first_sending = cur_time; + client -> interval = client -> config -> initial_interval; + +- /* Add an immediate timeout to cause the first DHCPDISCOVER packet +- to go out. */ +- send_discover (client); ++ if (init_state != S_DECLINED) { ++ /* Add an immediate timeout to cause the first DHCPDISCOVER packet ++ to go out. */ ++ send_discover(client); ++ } else { ++ /* We've received an OFFER and it has been DECLINEd by dhclient-script. ++ * wait for a random time between 1 and backoff_cutoff seconds before ++ * trying again. */ ++ tv . tv_sec = cur_time + ((1 + (random() >> 2)) % client->config->backoff_cutoff); ++ tv . tv_usec = 0; ++ add_timeout(&tv, send_discover, client, 0, 0); ++ } + } + + /* +@@ -1734,5 +1745,6 @@ void bind_lease (client) +#endif + exit(2); + } else { ++ client -> state = S_DECLINED; + state_init(client); + return; + } +@@ -4626,6 +4638,7 @@ void client_location_changed () + case S_INIT: + case S_REBINDING: + case S_STOPPED: ++ case S_DECLINED: + break; + } + client -> state = S_INIT; +diff -up dhcp-4.3.4/includes/dhcpd.h.backoff dhcp-4.3.4/includes/dhcpd.h +--- dhcp-4.3.4/includes/dhcpd.h.backoff 2016-04-29 12:16:26.980245609 +0200 ++++ dhcp-4.3.4/includes/dhcpd.h 2016-04-29 12:17:30.893203533 +0200 +@@ -1171,7 +1171,8 @@ enum dhcp_state { + S_BOUND = 5, + S_RENEWING = 6, + S_REBINDING = 7, +- S_STOPPED = 8 ++ S_STOPPED = 8, ++ S_DECLINED = 9 + }; + + /* Possible pending client operations. */ diff --git a/SOURCES/dhcp-dhclient-options.patch b/SOURCES/dhcp-dhclient-options.patch new file mode 100644 index 0000000..806ac63 --- /dev/null +++ b/SOURCES/dhcp-dhclient-options.patch @@ -0,0 +1,449 @@ +diff --git a/client/clparse.c b/client/clparse.c +index 03190c3..2033427 100644 +--- a/client/clparse.c ++++ b/client/clparse.c +@@ -189,6 +189,7 @@ isc_result_t read_client_conf () + /* Requested lease time, used by DHCPv6 (DHCPv4 uses the option cache) + */ + top_level_config.requested_lease = 7200; ++ top_level_config.bootp_broadcast_always = 0; + + group_allocate (&top_level_config.on_receipt, MDL); + if (!top_level_config.on_receipt) +@@ -394,7 +395,8 @@ void read_client_leases () + interface-declaration | + LEASE client-lease-statement | + ALIAS client-lease-statement | +- KEY key-definition */ ++ KEY key-definition | ++ BOOTP_BROADCAST_ALWAYS */ + + void parse_client_statement (cfile, ip, config) + struct parse *cfile; +@@ -817,6 +819,12 @@ void parse_client_statement (cfile, ip, config) + parse_lease_id_format(cfile); + break; + ++ case BOOTP_BROADCAST_ALWAYS: ++ token = next_token(&val, (unsigned*)0, cfile); ++ config -> bootp_broadcast_always = 1; ++ parse_semi (cfile); ++ return; ++ + + default: + lose = 0; +diff --git a/client/dhclient.8 b/client/dhclient.8 +index 24f8f12..aa2238d 100644 +--- a/client/dhclient.8 ++++ b/client/dhclient.8 +@@ -134,6 +134,33 @@ dhclient - Dynamic Host Configuration Protocol Client + .B -w + ] + [ ++.B -B ++] ++[ ++.B -C ++.I dhcp-client-identifier ++] ++[ ++.B -H ++.I host-name ++] ++[ ++.B -F ++.I fqdn.fqdn ++] ++[ ++.B -V ++.I vendor-class-identifier ++] ++[ ++.B --request-options ++.I request-option-list ++] ++[ ++.B --timeout ++.I timeout ++] ++[ + .B --dad-wait-time + .I seconds + ] +diff --git a/client/dhclient.c b/client/dhclient.c +index dcf3f1a..270a960 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -40,6 +40,12 @@ + #include + #include + ++/* ++ * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define ++ * that when building ISC code. ++ */ ++extern int asprintf(char **strp, const char *fmt, ...); ++ + TIME default_lease_time = 43200; /* 12 hours... */ + TIME max_lease_time = 86400; /* 24 hours... */ + +@@ -101,6 +107,10 @@ char *mockup_relay = NULL; + + char *progname = NULL; + ++int bootp_broadcast_always = 0; ++ ++extern struct option *default_requested_options[]; ++ + void run_stateless(int exit_mode, u_int16_t port); + + static isc_result_t write_duid(struct data_string *duid); +@@ -179,7 +189,11 @@ usage(const char *sfmt, const char *sarg) + " [-s server-addr] [-cf config-file]\n" + " [-df duid-file] [-lf lease-file]\n" + " [-pf pid-file] [--no-pid] [-e VAR=val]\n" +- " [-sf script-file] [interface]*", ++ " [-sf script-file] [interface]*\n" ++ " [-C ] [-B]\n" ++ " [-H | -F ] [--timeout ]\n" ++ " [-V ]\n" ++ " [--request-options ]", + isc_file_basename(progname)); + } + +@@ -216,6 +230,16 @@ main(int argc, char **argv) { + progname = argv[0]; + #endif + ++ char *dhcp_client_identifier_arg = NULL; ++ char *dhcp_host_name_arg = NULL; ++ char *dhcp_fqdn_arg = NULL; ++ char *dhcp_vendor_class_identifier_arg = NULL; ++ char *dhclient_request_options = NULL; ++ ++ int timeout_arg = 0; ++ char *arg_conf = NULL; ++ int arg_conf_len = 0; ++ + /* Initialize client globals. */ + memset(&default_duid, 0, sizeof(default_duid)); + +@@ -442,6 +466,88 @@ main(int argc, char **argv) { + strlen(PACKAGE_VERSION))); + IGNORE_RET(write(STDERR_FILENO, "\n", 1)); + exit(0); ++ } else if (!strcmp(argv[i], "-C")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(use_noarg, argv[i-1]); ++ exit(1); ++ } ++ ++ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { ++ log_error("-C option dhcp-client-identifier string \"%s\" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); ++ exit(1); ++ } ++ ++ dhcp_client_identifier_arg = argv[i]; ++ } else if (!strcmp(argv[i], "-B")) { ++ bootp_broadcast_always = 1; ++ } else if (!strcmp(argv[i], "-H")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(use_noarg, argv[i-1]); ++ exit(1); ++ } ++ ++ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { ++ log_error("-H option host-name string \"%s\" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); ++ exit(1); ++ } ++ ++ if (dhcp_host_name_arg != NULL) { ++ log_error("The -H and -F arguments are mutually exclusive"); ++ exit(1); ++ } ++ ++ dhcp_host_name_arg = argv[i]; ++ } else if (!strcmp(argv[i], "-F")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(use_noarg, argv[i-1]); ++ exit(1); ++ } ++ ++ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { ++ log_error("-F option fqdn.fqdn string \"%s\" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); ++ exit(1); ++ } ++ ++ if (dhcp_fqdn_arg != NULL) { ++ log_error("Only one -F argument can be specified"); ++ exit(1); ++ } ++ ++ if (dhcp_host_name_arg != NULL) { ++ log_error("The -F and -H arguments are mutually exclusive"); ++ exit(1); ++ } ++ ++ dhcp_fqdn_arg = argv[i]; ++ } else if (!strcmp(argv[i], "--timeout")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(use_noarg, argv[i-1]); ++ exit(1); ++ } ++ ++ if ((timeout_arg = atoi(argv[i])) <= 0) { ++ log_error("timeout option must be > 0 - bad value: %s",argv[i]); ++ exit(1); ++ } ++ } else if (!strcmp(argv[i], "-V")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(use_noarg, argv[i-1]); ++ exit(1); ++ } ++ ++ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { ++ log_error("-V option vendor-class-identifier string \"%s\" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); ++ exit(1); ++ } ++ ++ dhcp_vendor_class_identifier_arg = argv[i]; ++ } else if (!strcmp(argv[i], "--request-options")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(use_noarg, argv[i-1]); ++ exit(1); ++ } ++ ++ dhclient_request_options = argv[i]; + } else if (argv[i][0] == '-') { + usage("Unknown command: %s", argv[i]); + } else if (interfaces_requested < 0) { +@@ -641,6 +747,156 @@ main(int argc, char **argv) { + /* Parse the dhclient.conf file. */ + read_client_conf(); + ++ /* Parse any extra command line configuration arguments: */ ++ if ((dhcp_client_identifier_arg != NULL) && (*dhcp_client_identifier_arg != '\0')) { ++ arg_conf_len = asprintf(&arg_conf, "send dhcp-client-identifier \"%s\";", dhcp_client_identifier_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -C option dhcp-client-identifier"); ++ } ++ ++ if ((dhcp_host_name_arg != NULL) && (*dhcp_host_name_arg != '\0')) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "send host-name \"%s\";", dhcp_host_name_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -H option host-name"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\nsend host-name \"%s\";", last_arg_conf, dhcp_host_name_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -H option host-name"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if ((dhcp_fqdn_arg != NULL) && (*dhcp_fqdn_arg != '\0')) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "send fqdn.fqdn \"%s\";", dhcp_fqdn_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -F option fqdn.fqdn"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\nsend fqdn.fqdn \"%s\";", last_arg_conf, dhcp_fqdn_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -F option fqdn.fqdn"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if (timeout_arg) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "timeout %d;", timeout_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to process --timeout timeout argument"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\ntimeout %d;", last_arg_conf, timeout_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len == 0)) ++ log_fatal("Unable to process --timeout timeout argument"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if ((dhcp_vendor_class_identifier_arg != NULL) && (*dhcp_vendor_class_identifier_arg != '\0')) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "send vendor-class-identifier \"%s\";", dhcp_vendor_class_identifier_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -V option vendor-class-identifier"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\nsend vendor-class-identifier \"%s\";", last_arg_conf, dhcp_vendor_class_identifier_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -V option vendor-class-identifier"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if (dhclient_request_options != NULL) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "request %s;", dhclient_request_options); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to parse --request-options argument"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\nrequest %s;", last_arg_conf, dhclient_request_options); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to parse --request-options argument"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if (arg_conf) { ++ if (arg_conf_len == 0) ++ if ((arg_conf_len = strlen(arg_conf)) == 0) ++ /* huh ? cannot happen ! */ ++ log_fatal("Unable to process -C/-H/-F/--timeout/-V/--request-options configuration arguments"); ++ ++ /* parse the extra dhclient.conf configuration arguments ++ * into top level config: */ ++ struct parse *cfile = (struct parse *)0; ++ const char *val = NULL; ++ int token; ++ ++ status = new_parse(&cfile, -1, arg_conf, arg_conf_len, "extra dhclient -C/-H/-F/--timeout/-V/--request-options configuration arguments", 0); ++ ++ if ((status != ISC_R_SUCCESS) || (cfile -> warnings_occurred)) ++ log_fatal("Cannot parse -C/-H/-F/--timeout/-V/--request-options configuration arguments !"); ++ /* more detailed parse failures will be logged */ ++ ++ do { ++ token = peek_token(&val, (unsigned *)0, cfile); ++ if (token == END_OF_FILE) ++ break; ++ ++ parse_client_statement(cfile, (struct interface_info *)0, &top_level_config); ++ } while (1); ++ ++ if (cfile -> warnings_occurred) ++ log_fatal("Cannot parse -C/-H/-F/--timeout/-V/--request-options configuration arguments !"); ++ end_parse(&cfile); ++ ++ if (timeout_arg) { ++ /* we just set the toplevel timeout, but per-client ++ * timeouts may still be at defaults. ++ */ ++ for (ip=interfaces; ip; ip = ip->next) { ++ if (ip->client->config->timeout == 60) ++ ip->client->config->timeout = timeout_arg; ++ } ++ } ++ ++ if ((dhclient_request_options != 0) && (top_level_config.requested_options != default_requested_options)) { ++ for (ip=interfaces; ip; ip = ip->next) { ++ if (ip->client->config->requested_options == default_requested_options) ++ ip->client->config->requested_options = top_level_config.requested_options; ++ } ++ } ++ ++ free(arg_conf); ++ arg_conf = NULL; ++ arg_conf_len = 0; ++ } ++ + /* Parse the lease database. */ + read_client_leases(); + +@@ -3092,7 +3348,8 @@ void make_discover (client, lease) + client -> packet.xid = random (); + client -> packet.secs = 0; /* filled in by send_discover. */ + +- if (can_receive_unicast_unconfigured (client -> interface)) ++ if ((!(bootp_broadcast_always || client->config->bootp_broadcast_always)) ++ && can_receive_unicast_unconfigured(client->interface)) + client -> packet.flags = 0; + else + client -> packet.flags = htons (BOOTP_BROADCAST); +@@ -3177,7 +3434,9 @@ void make_request (client, lease) + } else { + memset (&client -> packet.ciaddr, 0, + sizeof client -> packet.ciaddr); +- if (can_receive_unicast_unconfigured (client -> interface)) ++ if ((!(bootp_broadcast_always || ++ client ->config->bootp_broadcast_always)) && ++ can_receive_unicast_unconfigured (client -> interface)) + client -> packet.flags = 0; + else + client -> packet.flags = htons (BOOTP_BROADCAST); +@@ -3240,7 +3499,8 @@ void make_decline (client, lease) + client -> packet.hops = 0; + client -> packet.xid = client -> xid; + client -> packet.secs = 0; /* Filled in by send_request. */ +- if (can_receive_unicast_unconfigured (client -> interface)) ++ if ((!(bootp_broadcast_always || client->config-> bootp_broadcast_always)) ++ && can_receive_unicast_unconfigured (client->interface)) + client -> packet.flags = 0; + else + client -> packet.flags = htons (BOOTP_BROADCAST); +diff --git a/common/conflex.c b/common/conflex.c +index fe994ac..bdb4a52 100644 +--- a/common/conflex.c ++++ b/common/conflex.c +@@ -832,6 +832,8 @@ intern(char *atom, enum dhcp_token dfv) { + if (!strcasecmp(atom+1, "ig-endian")) { + return TOKEN_BIG_ENDIAN; + } ++ if (!strcasecmp (atom + 1, "ootp-broadcast-always")) ++ return BOOTP_BROADCAST_ALWAYS; + break; + case 'c': + if (!strcasecmp(atom + 1, "ase")) +diff --git a/includes/dhcpd.h b/includes/dhcpd.h +index eab09a6..cfdac23 100644 +--- a/includes/dhcpd.h ++++ b/includes/dhcpd.h +@@ -1251,6 +1251,9 @@ struct client_config { + + int lease_id_format; /* format for IDs in lease file, + TOKEN_OCTAL or TOKEN_HEX */ ++ ++ int bootp_broadcast_always; /* If nonzero, always set the BOOTP_BROADCAST ++ flag in requests */ + }; + + /* Per-interface state used in the dhcp client... */ +diff --git a/includes/dhctoken.h b/includes/dhctoken.h +index 15bbd1c..b312e7a 100644 +--- a/includes/dhctoken.h ++++ b/includes/dhctoken.h +@@ -373,7 +373,8 @@ enum dhcp_token { + TOKEN_BIG_ENDIAN = 675, + LEASE_ID_FORMAT = 676, + TOKEN_HEX = 677, +- TOKEN_OCTAL = 678 ++ TOKEN_OCTAL = 678, ++ BOOTP_BROADCAST_ALWAYS = 679 + }; + + #define is_identifier(x) ((x) >= FIRST_TOKEN && \ diff --git a/SOURCES/dhcp-dhclient-preinit6s.patch b/SOURCES/dhcp-dhclient-preinit6s.patch new file mode 100644 index 0000000..0ce1cf8 --- /dev/null +++ b/SOURCES/dhcp-dhclient-preinit6s.patch @@ -0,0 +1,64 @@ +diff -up dhcp-4.3.4/client/dhclient.c.preinit6s dhcp-4.3.4/client/dhclient.c +--- dhcp-4.3.4/client/dhclient.c.preinit6s 2016-04-29 13:15:10.361379493 +0200 ++++ dhcp-4.3.4/client/dhclient.c 2016-04-29 13:17:43.622415423 +0200 +@@ -812,6 +812,12 @@ main(int argc, char **argv) { + + inaddr_any.s_addr = INADDR_ANY; + ++ /* Discover all the network interfaces. */ ++ discover_interfaces(DISCOVER_UNCONFIGURED); ++ ++ /* Parse the dhclient.conf file. */ ++ read_client_conf(); ++ + /* Stateless special case. */ + if (stateless) { + if (release_mode || (wanted_ia_na > 0) || +@@ -828,12 +834,6 @@ main(int argc, char **argv) { + return 0; + } + +- /* Discover all the network interfaces. */ +- discover_interfaces(DISCOVER_UNCONFIGURED); +- +- /* Parse the dhclient.conf file. */ +- read_client_conf(); +- + /* Parse any extra command line configuration arguments: */ + if ((dhcp_client_identifier_arg != NULL) && (*dhcp_client_identifier_arg != '\0')) { + arg_conf_len = asprintf(&arg_conf, "send dhcp-client-identifier \"%s\";", dhcp_client_identifier_arg); +@@ -1288,20 +1288,30 @@ void run_stateless(int exit_mode, u_int1 + IGNORE_UNUSED(port); + #endif + +- /* Discover the network interface. */ +- discover_interfaces(DISCOVER_REQUESTED); ++ struct interface_info *ip; + + if (!interfaces) + usage("No interfaces available for stateless command: %s", "-S"); + +- /* Parse the dhclient.conf file. */ + #ifdef DHCP4o6 + if (dhcpv4_over_dhcpv6) { + /* Mark we want to request IRT too! */ + dhcpv4_over_dhcpv6++; + } + #endif +- read_client_conf(); ++ ++ for (ip = interfaces; ip; ip = ip->next) { ++ if ((interfaces_requested > 0) && ++ ((ip->flags & (INTERFACE_REQUESTED | ++ INTERFACE_AUTOMATIC)) != ++ INTERFACE_REQUESTED)) ++ continue; ++ script_init(ip->client, "PREINIT6", NULL); ++ script_go(ip->client); ++ } ++ ++ /* Discover the network interface. */ ++ discover_interfaces(DISCOVER_REQUESTED); + + /* Parse the lease database. */ + read_client_leases(); diff --git a/SOURCES/dhcp-dhclient_ipv6_prefix.patch b/SOURCES/dhcp-dhclient_ipv6_prefix.patch new file mode 100644 index 0000000..7115f0a --- /dev/null +++ b/SOURCES/dhcp-dhclient_ipv6_prefix.patch @@ -0,0 +1,94 @@ +diff --git a/client/dhc6.c b/client/dhc6.c +index 5460ee1..fe0057c 100644 +--- a/client/dhc6.c ++++ b/client/dhc6.c +@@ -148,6 +148,7 @@ static int dhc6_score_lease(struct client_state *client, + + extern int onetry; + extern int stateless; ++extern int address_prefix_len; + + /* + * Assign DHCPv6 port numbers as a client. +@@ -4364,7 +4365,7 @@ dhc6_marshall_values(const char *prefix, struct client_state *client, + (unsigned) addr->plen); + } else { + client_envadd(client, prefix, "ip6_prefixlen", +- "%d", DHCLIENT_DEFAULT_PREFIX_LEN); ++ "%d", address_prefix_len); + client_envadd(client, prefix, "ip6_address", + "%s", piaddr(addr->address)); + } +diff --git a/client/dhclient.c b/client/dhclient.c +index b61da43..05bfc7e 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -114,6 +114,7 @@ char *progname = NULL; + + int bootp_broadcast_always = 0; + ++int address_prefix_len = DHCLIENT_DEFAULT_PREFIX_LEN; + extern struct option *default_requested_options[]; + + void run_stateless(int exit_mode, u_int16_t port); +@@ -192,6 +193,7 @@ usage(const char *sfmt, const char *sarg) + #endif + #else /* DHCPv6 */ + "[-I1dvrxi] [-nw] [-p ] [-D LL|LLT] \n" ++ " [--address-prefix-len length]\n" + #endif /* DHCPv6 */ + " [-s server-addr] [-cf config-file]\n" + " [-df duid-file] [-lf lease-file]\n" +@@ -392,6 +394,17 @@ main(int argc, char **argv) { + tmp->next = client_env; + client_env = tmp; + client_env_count++; ++ } else if (!strcmp(argv[i], "--address-prefix-len")) { ++ if (++i == argc) { ++ usage(use_noarg, argv[i-1]); ++ } ++ errno = 0; ++ address_prefix_len = (int)strtol(argv[i], &s, 10); ++ if (errno || (*s != '\0') || ++ (address_prefix_len < 0)) { ++ usage("Invalid value for" ++ " --address-prefix-len: %s", argv[i]); ++ } + #ifdef DHCPv6 + } else if (!strcmp(argv[i], "-S")) { + if (local_family_set && (local_family == AF_INET)) { +diff --git a/includes/site.h b/includes/site.h +index b2f7fd7..aad9711 100644 +--- a/includes/site.h ++++ b/includes/site.h +@@ -286,7 +286,7 @@ + is a host address and doesn't include any on-link information. + 64 indicates that the first 64 bits are the subnet or on-link + prefix. */ +-#define DHCLIENT_DEFAULT_PREFIX_LEN 64 ++#define DHCLIENT_DEFAULT_PREFIX_LEN 128 + + /* Enable the gentle shutdown signal handling. Currently this + means that on SIGINT or SIGTERM a client will release its +diff --git a/client/dhclient.c b/client/dhclient.c +index 2f29591..6c8b145 100644 +diff --git a/client/dhclient.c b/client/dhclient.c +index b0bf2bf..f7b1476 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -193,7 +193,6 @@ usage(const char *sfmt, const char *sarg) + #endif + #else /* DHCPv6 */ + "[-I1dvrxi] [-nw] [-p ] [-D LL|LLT] \n" +- " [--address-prefix-len length]\n" + #endif /* DHCPv6 */ + " [-s server-addr] [-cf config-file]\n" + " [-df duid-file] [-lf lease-file]\n" +@@ -202,6 +201,7 @@ usage(const char *sfmt, const char *sarg) + " [-C ] [-B]\n" + " [-H | -F ] [--timeout ]\n" + " [-V ]\n" ++ " [--address-prefix-len length]\n" + " [--request-options ]", + isc_file_basename(progname)); + } diff --git a/SOURCES/dhcp-dhcp6-vendor-opts.patch b/SOURCES/dhcp-dhcp6-vendor-opts.patch new file mode 100644 index 0000000..4bd685e --- /dev/null +++ b/SOURCES/dhcp-dhcp6-vendor-opts.patch @@ -0,0 +1,12 @@ +diff --git a/common/options.c b/common/options.c +index 3e6383a..9216ae4 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -1122,7 +1122,6 @@ store_options6(char *buf, int buflen, + */ + if (code == vsio_option_code) { + vsio_wanted = 1; +- continue; + } + + /* diff --git a/SOURCES/dhcp-duid_uuid.patch b/SOURCES/dhcp-duid_uuid.patch new file mode 100644 index 0000000..73961df --- /dev/null +++ b/SOURCES/dhcp-duid_uuid.patch @@ -0,0 +1,111 @@ +diff -up dhcp-4.3.4/client/dhclient.c.duid_uuid dhcp-4.3.4/client/dhclient.c +--- dhcp-4.3.4/client/dhclient.c.duid_uuid 2016-04-29 12:58:14.846150838 +0200 ++++ dhcp-4.3.4/client/dhclient.c 2016-04-29 12:58:14.851150839 +0200 +@@ -3868,6 +3868,59 @@ write_options(struct client_state *clien + } + } + ++int unhexchar(char c) { ++ ++ if (c >= '0' && c <= '9') ++ return c - '0'; ++ ++ if (c >= 'a' && c <= 'f') ++ return c - 'a' + 10; ++ ++ if (c >= 'A' && c <= 'F') ++ return c - 'A' + 10; ++ ++ return -1; ++} ++ ++isc_result_t ++read_uuid(u_int8_t* uuid) { ++ const char *id_fname = "/etc/machine-id"; ++ char id[32]; ++ size_t nread; ++ FILE * file = fopen( id_fname , "r"); ++ if (!file) { ++ log_debug("Cannot open %s", id_fname); ++ return ISC_R_IOERROR; ++ } ++ nread = fread(id, 1, sizeof id, file); ++ fclose(file); ++ ++ if (nread < 32) { ++ log_debug("Not enough data in %s", id_fname); ++ return ISC_R_IOERROR; ++ } ++ int j; ++ for (j = 0; j < 16; j++) { ++ int a, b; ++ ++ a = unhexchar(id[j*2]); ++ b = unhexchar(id[j*2+1]); ++ ++ if (a < 0 || b < 0) { ++ log_debug("Wrong data in %s", id_fname); ++ return ISC_R_IOERROR; ++ } ++ uuid[j] = a << 4 | b; ++ } ++ ++ /* Set UUID version to 4 --- truly random generation */ ++ uuid[6] = (uuid[6] & 0x0F) | 0x40; ++ /* Set the UUID variant to DCE */ ++ uuid[8] = (uuid[8] & 0x3F) | 0x80; ++ ++ return ISC_R_SUCCESS; ++} ++ + /* + * The "best" default DUID, since we cannot predict any information + * about the system (such as whether or not the hardware addresses are +@@ -3888,6 +3941,7 @@ form_duid(struct data_string *duid, cons + struct interface_info *ip; + int len; + char *str; ++ u_int8_t uuid[16]; + + /* For now, just use the first interface on the list. */ + ip = interfaces; +@@ -3908,9 +3962,16 @@ form_duid(struct data_string *duid, cons + (ip->hw_address.hlen > sizeof(ip->hw_address.hbuf))) + log_fatal("Impossible hardware address length at %s:%d.", MDL); + +- if (duid_type == 0) +- duid_type = stateless ? DUID_LL : DUID_LLT; +- ++ if (duid_type == 0) { ++ if (read_uuid(uuid) == ISC_R_SUCCESS) ++ duid_type = DUID_UUID; ++ else ++ duid_type = stateless ? DUID_LL : DUID_LLT; ++ } ++ ++ if (duid_type == DUID_UUID) ++ len = 2 + sizeof (uuid); ++ else { + /* + * 2 bytes for the 'duid type' field. + * 2 bytes for the 'htype' field. +@@ -3921,13 +3982,18 @@ form_duid(struct data_string *duid, cons + len = 4 + (ip->hw_address.hlen - 1); + if (duid_type == DUID_LLT) + len += 4; ++ } + if (!buffer_allocate(&duid->buffer, len, MDL)) + log_fatal("no memory for default DUID!"); + duid->data = duid->buffer->data; + duid->len = len; + ++ if (duid_type == DUID_UUID) { ++ putUShort(duid->buffer->data, DUID_UUID); ++ memcpy(duid->buffer->data + 2, uuid, sizeof(uuid)); ++ } + /* Basic Link Local Address type of DUID. */ +- if (duid_type == DUID_LLT) { ++ else if (duid_type == DUID_LLT) { + putUShort(duid->buffer->data, DUID_LLT); + putUShort(duid->buffer->data + 2, ip->hw_address.hbuf[0]); + putULong(duid->buffer->data + 4, cur_time - DUID_TIME_EPOCH); diff --git a/SOURCES/dhcp-duidv4.patch b/SOURCES/dhcp-duidv4.patch new file mode 100644 index 0000000..52fde3b --- /dev/null +++ b/SOURCES/dhcp-duidv4.patch @@ -0,0 +1,34 @@ +diff -up dhcp-4.3.1b1/client/dhclient.8.KrJcIv dhcp-4.3.1b1/client/dhclient.8 +--- dhcp-4.3.1b1/client/dhclient.8.KrJcIv 2014-07-10 17:39:25.852763873 +0200 ++++ dhcp-4.3.1b1/client/dhclient.8 2014-07-10 17:54:26.841012988 +0200 +@@ -458,6 +458,9 @@ used to construct a RFC4361 style client + in the client's messages. This client id can be overridden by + setting a client id in the configuration file. Overridding the + client id in this fashion is discouraged. ++This option is turned on by default, if you want to redefine or turn off ++sending of client id, use send dhcp-client-identifier = "better identifier" ++or send dhcp-client-identifier = "" in /etc/dhcp/dhclient.conf. + .TP + .BI \-I + Use the standard DDNS scheme from RFCs 4701 & 4702. +diff -up dhcp-4.3.1b1/client/dhclient.c.KrJcIv dhcp-4.3.1b1/client/dhclient.c +--- dhcp-4.3.1b1/client/dhclient.c.KrJcIv 2014-07-10 17:54:26.829013157 +0200 ++++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:55:50.155835918 +0200 +@@ -73,7 +73,7 @@ struct sockaddr_in sockaddr_broadcast; + struct in_addr giaddr; + struct data_string default_duid; + int duid_type = 0; +-int duid_v4 = 0; ++int duid_v4 = 1; + int std_dhcid = 0; + + /* ASSERT_STATE() does nothing now; it used to be +@@ -1301,7 +1301,7 @@ static void setup_ib_interface(struct in + } + + /* No client ID specified */ +- log_fatal("dhcp-client-identifier must be specified for InfiniBand"); ++ //log_fatal("dhcp-client-identifier must be specified for InfiniBand"); + } + + /* Individual States: diff --git a/SOURCES/dhcp-errwarn-message.patch b/SOURCES/dhcp-errwarn-message.patch new file mode 100644 index 0000000..18f77cf --- /dev/null +++ b/SOURCES/dhcp-errwarn-message.patch @@ -0,0 +1,64 @@ +diff -up dhcp-4.3.5/omapip/errwarn.c.errwarn dhcp-4.3.5/omapip/errwarn.c +--- dhcp-4.3.5/omapip/errwarn.c.errwarn 2016-09-27 21:16:50.000000000 +0200 ++++ dhcp-4.3.5/omapip/errwarn.c 2016-11-29 19:44:03.515031147 +0100 +@@ -49,6 +49,41 @@ void (*log_cleanup) (void); + static char mbuf [CVT_BUF_MAX + 1]; + static char fbuf [CVT_BUF_MAX + 1]; + ++// get BUG_REPORT_URL from /etc/os-release ++char * bug_report_url(void) { ++ FILE * file = fopen("/etc/os-release", "r"); ++ size_t len; ++ char * line = NULL; ++ char * url = NULL; ++ size_t url_len = 256; ++ ++ url = (char *) malloc(url_len * sizeof(char)); ++ strcpy(url, "https://bugzilla.redhat.com/"); ++ ++ if (!file) ++ return url; ++ ++ while ((getline(&line, &len, file)) != -1) { ++ if (strstr(line, "BUG_REPORT_URL") != NULL) { ++ char * start = strchr(line, '='); ++ char * rquotes = strrchr(line, '"'); ++ ++ if (rquotes != NULL) { ++ *rquotes = '\0'; ++ strncpy(url, start+2, url_len); ++ } else { ++ strncpy(url, start+1, url_len); ++ } ++ url[url_len-1] = '\0'; ++ fclose(file); ++ return url; ++ } ++ } ++ fclose(file); ++ return url; ++} ++ ++ + /* Log an error message, then exit... */ + + void log_fatal (const char * fmt, ... ) +@@ -75,11 +110,13 @@ void log_fatal (const char * fmt, ... ) + } + + log_error ("%s", ""); +- log_error ("If you think you have received this message due to a bug rather"); +- log_error ("than a configuration issue please read the section on submitting"); +- log_error ("bugs on either our web page at www.isc.org or in the README file"); +- log_error ("before submitting a bug. These pages explain the proper"); +- log_error ("process and the information we find helpful for debugging."); ++ log_error ("This version of ISC DHCP is based on the release available"); ++ log_error ("on ftp.isc.org. Features have been added and other changes"); ++ log_error ("have been made to the base software release in order to make"); ++ log_error ("it work better with this distribution."); ++ log_error ("%s", ""); ++ log_error ("Please report issues with this software via: "); ++ log_error ("%s", bug_report_url()); + log_error ("%s", ""); + log_error ("exiting."); + diff --git a/SOURCES/dhcp-garbage-chars.patch b/SOURCES/dhcp-garbage-chars.patch new file mode 100644 index 0000000..131360b --- /dev/null +++ b/SOURCES/dhcp-garbage-chars.patch @@ -0,0 +1,12 @@ +diff -up dhcp-4.3.0rc1/common/tables.c.garbage dhcp-4.3.0rc1/common/tables.c +--- dhcp-4.3.0rc1/common/tables.c.garbage 2014-01-29 10:03:52.132624677 +0100 ++++ dhcp-4.3.0rc1/common/tables.c 2014-01-29 10:04:51.413875343 +0100 +@@ -213,7 +213,7 @@ static struct option dhcp_options[] = { + { "name-service-search", "Sa", &dhcp_universe, 117, 1 }, + #endif + { "subnet-selection", "I", &dhcp_universe, 118, 1 }, +- { "domain-search", "Dc", &dhcp_universe, 119, 1 }, ++ { "domain-search", "D", &dhcp_universe, 119, 1 }, + { "vivco", "Evendor-class.", &dhcp_universe, 124, 1 }, + { "vivso", "Evendor.", &dhcp_universe, 125, 1 }, + #if 0 diff --git a/SOURCES/dhcp-handle_ctx_signals.patch b/SOURCES/dhcp-handle_ctx_signals.patch new file mode 100644 index 0000000..9bbe548 --- /dev/null +++ b/SOURCES/dhcp-handle_ctx_signals.patch @@ -0,0 +1,44 @@ +diff --git a/omapip/isclib.c b/omapip/isclib.c +index 9ec1a0f..42d82ff 100644 +--- a/omapip/isclib.c ++++ b/omapip/isclib.c +@@ -185,16 +185,6 @@ dhcp_context_create(int flags, + if (result != ISC_R_SUCCESS) + goto cleanup; + +- result = isc_app_ctxstart(dhcp_gbl_ctx.actx); +- if (result != ISC_R_SUCCESS) +- return (result); +- dhcp_gbl_ctx.actx_started = ISC_TRUE; +- +- /* Not all OSs support suppressing SIGPIPE through socket +- * options, so set the sigal action to be ignore. This allows +- * broken connections to fail gracefully with EPIPE on writes */ +- handle_signal(SIGPIPE, SIG_IGN); +- + result = isc_taskmgr_createinctx(dhcp_gbl_ctx.mctx, + dhcp_gbl_ctx.actx, + 1, 0, +@@ -217,6 +207,21 @@ dhcp_context_create(int flags, + result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task); + if (result != ISC_R_SUCCESS) + goto cleanup; ++ ++ result = isc_app_ctxstart(dhcp_gbl_ctx.actx); ++ if (result != ISC_R_SUCCESS) ++ return (result); ++ dhcp_gbl_ctx.actx_started = ISC_TRUE; ++ ++ /* Not all OSs support suppressing SIGPIPE through socket ++ * options, so set the sigal action to be ignore. This allows ++ * broken connections to fail gracefully with EPIPE on writes */ ++ handle_signal(SIGPIPE, SIG_IGN); ++ ++ /* Reset handlers installed by isc_app_ctxstart() ++ * to default for control-c and kill */ ++ handle_signal(SIGINT, SIG_DFL); ++ handle_signal(SIGTERM, SIG_DFL); + } + + #if defined (NSUPDATE) + diff --git a/SOURCES/dhcp-honor-expired.patch b/SOURCES/dhcp-honor-expired.patch new file mode 100644 index 0000000..bd89297 --- /dev/null +++ b/SOURCES/dhcp-honor-expired.patch @@ -0,0 +1,49 @@ +diff -up dhcp-4.3.0a1/client/dhc6.c.honor-expired dhcp-4.3.0a1/client/dhc6.c +--- dhcp-4.3.0a1/client/dhc6.c.honor-expired 2013-12-19 16:00:28.062183037 +0100 ++++ dhcp-4.3.0a1/client/dhc6.c 2013-12-19 16:00:28.076182842 +0100 +@@ -1351,6 +1351,32 @@ start_info_request6(struct client_state + go_daemon(); + } + ++/* Run through the addresses in lease and return true if there's any unexpired. ++ * Return false otherwise. ++ */ ++isc_boolean_t ++unexpired_address_in_lease(struct dhc6_lease *lease) ++{ ++ struct dhc6_ia *ia; ++ struct dhc6_addr *addr; ++ ++ for (ia = lease->bindings ; ia != NULL ; ia = ia->next) { ++ for (addr = ia->addrs ; addr != NULL ; addr = addr->next) { ++ if (addr->flags & DHC6_ADDR_EXPIRED) ++ continue; ++ ++ if (addr->starts + addr->max_life > cur_time) { ++ return ISC_TRUE; ++ } ++ } ++ } ++ ++ log_info("PRC: Previous lease is devoid of active addresses." ++ " Re-initializing."); ++ ++ return ISC_FALSE; ++} ++ + /* + * start_confirm6() kicks off an "init-reboot" version of the process, at + * startup to find out if old bindings are 'fair' and at runtime whenever +@@ -1363,8 +1389,10 @@ start_confirm6(struct client_state *clie + + /* If there is no active lease, there is nothing to check. */ + if ((client->active_lease == NULL) || +- !active_prefix(client) || +- client->active_lease->released) { ++ !active_prefix(client) || ++ client->active_lease->released || ++ !unexpired_address_in_lease(client->active_lease)) { ++ dhc6_lease_destroy(&client->active_lease, MDL); + start_init6(client); + return; + } diff --git a/SOURCES/dhcp-improved-xid.patch b/SOURCES/dhcp-improved-xid.patch new file mode 100644 index 0000000..69a6975 --- /dev/null +++ b/SOURCES/dhcp-improved-xid.patch @@ -0,0 +1,138 @@ +diff -up dhcp-4.3.4/client/dhclient.c.improved-xid dhcp-4.3.4/client/dhclient.c +--- dhcp-4.3.4/client/dhclient.c.improved-xid 2016-04-29 12:54:55.997102182 +0200 ++++ dhcp-4.3.4/client/dhclient.c 2016-04-29 12:57:25.123139587 +0200 +@@ -1045,6 +1045,26 @@ main(int argc, char **argv) { + } + } + ++ /* We create a backup seed before rediscovering interfaces in order to ++ have a seed built using all of the available interfaces ++ It's interesting if required interfaces doesn't let us defined ++ a really unique seed due to a lack of valid HW addr later ++ (this is the case with DHCP over IB) ++ We only use the last device as using a sum could broke the ++ uniqueness of the seed among multiple nodes ++ */ ++ unsigned backup_seed = 0; ++ for (ip = interfaces; ip; ip = ip -> next) { ++ int junk; ++ if ( ip -> hw_address.hlen <= sizeof seed ) ++ continue; ++ memcpy (&junk, ++ &ip -> hw_address.hbuf [ip -> hw_address.hlen - ++ sizeof seed], sizeof seed); ++ backup_seed = junk; ++ } ++ ++ + /* At this point, all the interfaces that the script thinks + are relevant should be running, so now we once again call + discover_interfaces(), and this time ask it to actually set +@@ -1059,14 +1079,36 @@ main(int argc, char **argv) { + Not much entropy, but we're booting, so we're not likely to + find anything better. */ + seed = 0; ++ int seed_flag = 0; + for (ip = interfaces; ip; ip = ip->next) { + int junk; ++ if ( ip -> hw_address.hlen <= sizeof seed ) ++ continue; + memcpy(&junk, + &ip->hw_address.hbuf[ip->hw_address.hlen - + sizeof seed], sizeof seed); + seed += junk; ++ seed_flag = 1; + } +- srandom(seed + cur_time + (unsigned)getpid()); ++ if ( seed_flag == 0 ) { ++ if ( backup_seed != 0 ) { ++ seed = backup_seed; ++ log_info ("xid: rand init seed (0x%x) built using all" ++ " available interfaces",seed); ++ } ++ else { ++ seed = cur_time^((unsigned) gethostid()) ; ++ log_info ("xid: warning: no netdev with useable HWADDR found" ++ " for seed's uniqueness enforcement"); ++ log_info ("xid: rand init seed (0x%x) built using gethostid", ++ seed); ++ } ++ /* we only use seed and no current time as a broadcast reply */ ++ /* will certainly be used by the hwaddrless interface */ ++ srandom(seed + ((unsigned)(cur_tv.tv_usec * 1000000)) + (unsigned)getpid()); ++ } ++ else ++ srandom(seed + ((unsigned)(cur_tv.tv_usec * 1000000)) + (unsigned)getpid()); + + /* Setup specific Infiniband options */ + for (ip = interfaces; ip; ip = ip->next) { +@@ -1633,7 +1675,7 @@ void dhcpack (packet) + return; + } + +- log_info ("DHCPACK from %s", piaddr (packet -> client_addr)); ++ log_info ("DHCPACK from %s (xid=0x%x)", piaddr (packet -> client_addr), ntohl(client -> xid)); + + lease = packet_to_lease (packet, client); + if (!lease) { +@@ -2541,7 +2583,7 @@ void dhcpnak (packet) + return; + } + +- log_info ("DHCPNAK from %s", piaddr (packet -> client_addr)); ++ log_info ("DHCPNAK from %s (xid=0x%x)", piaddr (packet -> client_addr), ntohl(client -> xid)); + + if (!client -> active) { + #if defined (DEBUG) +@@ -2674,10 +2716,10 @@ void send_discover (cpp) + (long)(client -> interval)); + } else + #endif +- log_info ("DHCPDISCOVER on %s to %s port %d interval %ld", ++ log_info ("DHCPDISCOVER on %s to %s port %d interval %ld (xid=0x%x)", + client -> name ? client -> name : client -> interface -> name, + inet_ntoa (sockaddr_broadcast.sin_addr), +- ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval)); ++ ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval), ntohl(client -> xid)); + + /* Send out a packet. */ + #if defined(DHCPv6) && defined(DHCP4o6) +@@ -2962,10 +3004,10 @@ void send_request (cpp) + log_info ("DHCPREQUEST"); + } else + #endif +- log_info ("DHCPREQUEST on %s to %s port %d", ++ log_info ("DHCPREQUEST on %s to %s port %d (xid=0x%x)", + client -> name ? client -> name : client -> interface -> name, + inet_ntoa (destination.sin_addr), +- ntohs (destination.sin_port)); ++ ntohs (destination.sin_port), ntohl(client -> xid)); + + #if defined(DHCPv6) && defined(DHCP4o6) + if (dhcpv4_over_dhcpv6) { +@@ -3022,10 +3064,10 @@ void send_decline (cpp) + log_info ("DHCPDECLINE"); + } else + #endif +- log_info ("DHCPDECLINE on %s to %s port %d", ++ log_info ("DHCPDECLINE on %s to %s port %d (xid=0x%x)", + client->name ? client->name : client->interface->name, + inet_ntoa(sockaddr_broadcast.sin_addr), +- ntohs(sockaddr_broadcast.sin_port)); ++ ntohs(sockaddr_broadcast.sin_port), ntohl(client -> xid)); + + /* Send out a packet. */ + #if defined(DHCPv6) && defined(DHCP4o6) +@@ -3084,10 +3126,10 @@ void send_release (cpp) + log_info ("DHCPRELEASE"); + } else + #endif +- log_info ("DHCPRELEASE on %s to %s port %d", ++ log_info ("DHCPRELEASE on %s to %s port %d (xid=0x%x)", + client -> name ? client -> name : client -> interface -> name, + inet_ntoa (destination.sin_addr), +- ntohs (destination.sin_port)); ++ ntohs (destination.sin_port), ntohl(client -> xid)); + + #if defined(DHCPv6) && defined(DHCP4o6) + if (dhcpv4_over_dhcpv6) { diff --git a/SOURCES/dhcp-isc_heap_delete.patch b/SOURCES/dhcp-isc_heap_delete.patch new file mode 100644 index 0000000..3bf1b2b --- /dev/null +++ b/SOURCES/dhcp-isc_heap_delete.patch @@ -0,0 +1,164 @@ +diff --git a/includes/dhcpd.h b/includes/dhcpd.h +index aac2c108..c83dc9a6 100644 +--- a/includes/dhcpd.h ++++ b/includes/dhcpd.h +@@ -1622,8 +1622,9 @@ struct iasubopt { + */ + #define EXPIRED_IPV6_CLEANUP_TIME (60*60) + +- int heap_index; /* index into heap, or -1 +- (internal use only) */ ++ /* index into heaps, or -1 (internal use only) */ ++ int active_index; ++ int inactive_index; + + /* + * A pointer to the state of the ddns update for this lease. +diff --git a/server/mdb6.c b/server/mdb6.c +index 1a728eb3..418ff606 100644 +--- a/server/mdb6.c ++++ b/server/mdb6.c +@@ -216,7 +216,8 @@ iasubopt_allocate(struct iasubopt **iasubopt, const char *file, int line) { + + tmp->refcnt = 1; + tmp->state = FTS_FREE; +- tmp->heap_index = -1; ++ tmp->active_index = -1; ++ tmp->inactive_index = -1; + tmp->plen = 255; + + *iasubopt = tmp; +@@ -604,10 +605,14 @@ lease_older(void *a, void *b) { + * Callback when an address's position in the heap changes. + */ + static void +-lease_index_changed(void *iasubopt, unsigned int new_heap_index) { +- ((struct iasubopt *)iasubopt)-> heap_index = new_heap_index; ++active_changed(void *iasubopt, unsigned int new_heap_index) { ++ ((struct iasubopt *)iasubopt)-> active_index = new_heap_index; + } + ++static void ++inactive_changed(void *iasubopt, unsigned int new_heap_index) { ++ ((struct iasubopt *)iasubopt)-> inactive_index = new_heap_index; ++} + + /*! + * +@@ -660,13 +665,13 @@ ipv6_pool_allocate(struct ipv6_pool **pool, u_int16_t type, + dfree(tmp, file, line); + return ISC_R_NOMEMORY; + } +- if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed, ++ if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, active_changed, + 0, &(tmp->active_timeouts)) != ISC_R_SUCCESS) { + iasubopt_free_hash_table(&(tmp->leases), file, line); + dfree(tmp, file, line); + return ISC_R_NOMEMORY; + } +- if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed, ++ if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, inactive_changed, + 0, &(tmp->inactive_timeouts)) != ISC_R_SUCCESS) { + isc_heap_destroy(&(tmp->active_timeouts)); + iasubopt_free_hash_table(&(tmp->leases), file, line); +@@ -1361,7 +1366,7 @@ cleanup_lease6(ia_hash_t *ia_table, + * Remove the old lease from the active heap and from the hash table + * then remove the lease from the IA and clean up the IA if necessary. + */ +- isc_heap_delete(pool->active_timeouts, test_iasubopt->heap_index); ++ isc_heap_delete(pool->active_timeouts, test_iasubopt->active_index); + pool->num_active--; + if (pool->ipv6_pond) + pool->ipv6_pond->num_active--; +@@ -1434,7 +1439,7 @@ add_lease6(struct ipv6_pool *pool, struct iasubopt *lease, + if ((test_iasubopt->state == FTS_ACTIVE) || + (test_iasubopt->state == FTS_ABANDONED)) { + isc_heap_delete(pool->active_timeouts, +- test_iasubopt->heap_index); ++ test_iasubopt->active_index); + pool->num_active--; + if (pool->ipv6_pond) + pool->ipv6_pond->num_active--; +@@ -1446,7 +1451,7 @@ add_lease6(struct ipv6_pool *pool, struct iasubopt *lease, + } + } else { + isc_heap_delete(pool->inactive_timeouts, +- test_iasubopt->heap_index); ++ test_iasubopt->inactive_index); + pool->num_inactive--; + } + +@@ -1567,14 +1572,13 @@ lease6_usable(struct iasubopt *lease) { + static isc_result_t + move_lease_to_active(struct ipv6_pool *pool, struct iasubopt *lease) { + isc_result_t insert_result; +- int old_heap_index; + +- old_heap_index = lease->heap_index; + insert_result = isc_heap_insert(pool->active_timeouts, lease); + if (insert_result == ISC_R_SUCCESS) { + iasubopt_hash_add(pool->leases, &lease->addr, + sizeof(lease->addr), lease, MDL); +- isc_heap_delete(pool->inactive_timeouts, old_heap_index); ++ isc_heap_delete(pool->inactive_timeouts, ++ lease->inactive_index); + pool->num_active++; + pool->num_inactive--; + lease->state = FTS_ACTIVE; +@@ -1624,16 +1628,16 @@ renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease) { + if (lease->state == FTS_ACTIVE) { + if (old_end_time <= lease->hard_lifetime_end_time) { + isc_heap_decreased(pool->active_timeouts, +- lease->heap_index); ++ lease->active_index); + } else { + isc_heap_increased(pool->active_timeouts, +- lease->heap_index); ++ lease->active_index); + } + return ISC_R_SUCCESS; + } else if (lease->state == FTS_ABANDONED) { + char tmp_addr[INET6_ADDRSTRLEN]; + lease->state = FTS_ACTIVE; +- isc_heap_increased(pool->active_timeouts, lease->heap_index); ++ isc_heap_increased(pool->active_timeouts, lease->active_index); + log_info("Reclaiming previously abandoned address %s", + inet_ntop(AF_INET6, &(lease->addr), tmp_addr, + sizeof(tmp_addr))); +@@ -1655,9 +1659,7 @@ static isc_result_t + move_lease_to_inactive(struct ipv6_pool *pool, struct iasubopt *lease, + binding_state_t state) { + isc_result_t insert_result; +- int old_heap_index; + +- old_heap_index = lease->heap_index; + insert_result = isc_heap_insert(pool->inactive_timeouts, lease); + if (insert_result == ISC_R_SUCCESS) { + /* +@@ -1708,7 +1710,7 @@ move_lease_to_inactive(struct ipv6_pool *pool, struct iasubopt *lease, + + iasubopt_hash_delete(pool->leases, + &lease->addr, sizeof(lease->addr), MDL); +- isc_heap_delete(pool->active_timeouts, old_heap_index); ++ isc_heap_delete(pool->active_timeouts, lease->active_index); + lease->state = state; + pool->num_active--; + pool->num_inactive++; +@@ -1786,7 +1788,7 @@ decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease) { + pool->ipv6_pond->num_abandoned++; + + lease->hard_lifetime_end_time = MAX_TIME; +- isc_heap_decreased(pool->active_timeouts, lease->heap_index); ++ isc_heap_decreased(pool->active_timeouts, lease->active_index); + return ISC_R_SUCCESS; + } + +@@ -2059,7 +2061,7 @@ cleanup_old_expired(struct ipv6_pool *pool) { + break; + } + +- isc_heap_delete(pool->inactive_timeouts, tmp->heap_index); ++ isc_heap_delete(pool->inactive_timeouts, tmp->inactive_index); + pool->num_inactive--; + + if (tmp->ia != NULL) { diff --git a/SOURCES/dhcp-key_algorithm.patch b/SOURCES/dhcp-key_algorithm.patch new file mode 100644 index 0000000..3f29f28 --- /dev/null +++ b/SOURCES/dhcp-key_algorithm.patch @@ -0,0 +1,200 @@ +From e6ffc27f24321017a5ad9af3707f4e2e54bbac74 Mon Sep 17 00:00:00 2001 +From: Thomas Markwalder +Date: Mon, 11 Dec 2017 07:19:43 -0500 +Subject: [PATCH] [master] Adds key-algorithm statement to omshell + + Merges in rt46771. +--- + RELNOTES | 7 +++++++ + common/conflex.c | 2 ++ + dhcpctl/omshell.1 | 32 ++++++++++++++++++++++++-------- + dhcpctl/omshell.c | 38 +++++++++++++++++++++++++++++++++++--- + includes/dhctoken.h | 3 ++- + 5 files changed, 70 insertions(+), 12 deletions(-) + +diff --git a/common/conflex.c b/common/conflex.c +index 8ce024af..045b655d 100644 +--- a/common/conflex.c ++++ b/common/conflex.c +@@ -1104,6 +1104,8 @@ intern(char *atom, enum dhcp_token dfv) { + } + if (!strcasecmp (atom + 1, "ey")) + return KEY; ++ if (!strcasecmp (atom + 1, "ey-algorithm")) ++ return KEY_ALGORITHM; + break; + case 'l': + if (!strcasecmp (atom + 1, "case")) +diff --git a/dhcpctl/omshell.1 b/dhcpctl/omshell.1 +index 4846272a..2f55e965 100644 +--- a/dhcpctl/omshell.1 ++++ b/dhcpctl/omshell.1 +@@ -1,7 +1,6 @@ + .\" $Id: omshell.1,v 1.6 2009/11/24 02:06:56 sar Exp $ + .\" +-.\" Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC") +-.\" Copyright (c) 2004,2009 by Internet Systems Consortium, Inc. ("ISC") ++.\" Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC") + .\" Copyright (c) 2001-2003 by Internet Software Consortium + .\" + .\" Permission to use, copy, modify, and distribute this software for any +@@ -81,7 +80,24 @@ where number is the port that OMAPI listens on. By default, this is 7911. + This specifies the TSIG key to use to authenticate the OMAPI transactions. + \fIname\fR is the name of a key defined in \fIdhcpd.conf\fR with the + \fBomapi-key\fR statement. The \fIsecret\fR is the secret key generated from +-\fBdnssec-keygen\fR or another key generation program. ++\fBdnssec-keygen\fR or another key generation program. The key algorithm is ++assumed to be HMAC-MD5 key. If a different algorithm was specified in dhcpd.conf ++file for the key, then it must be specified via the \fIkey-algorithm\fR statement. ++.RE ++.PP ++.B key-algorithm \fIalgorithm\fR ++.RS 0.5i ++This specifies the cryptographic algorithm for the key used when authenticating OMAPI ++transactions. Supported values for \fIalgorithm\fR are: ++.nf ++ HMAC-MD5 ++ HMAC-SHA1 ++ HMAC-SHA224 ++ HMAC-SHA256 ++ HMAC-SHA384 ++ HMAC-SHA512 ++fi ++The default is HMAC-MD5. (Value is not case sensitive). + .RE + .PP + .B connect +@@ -253,7 +269,7 @@ name = "some-host" + hardware-address = 00:80:c7:84:b1:94 + hardware-type = 00:00:00:01 + ip-address = c0:a8:04:28 +-> ++> + .fi + .PP + Your dhcpd.leases file would then have an entry like this in it: +@@ -267,7 +283,7 @@ host some-host { + .fi + .PP + The \fIdynamic;\fR line is to denote that this host entry did not come from +-dhcpd.conf, but was created dynamically via OMAPI. ++dhcpd.conf, but was created dynamically via OMAPI. + .SH RESETTING ATTRIBUTES + .PP + If you want to remove an attribute from an object, you can do this with the +@@ -288,7 +304,7 @@ name = "some-host" + hardware-address = 00:80:c7:84:b1:94 + hardware-type = 00:00:00:01 + ip-address = +-> ++> + .fi + .SH REFRESHING OBJECTS + .PP +@@ -300,7 +316,7 @@ particularly useful for hosts. + .PP + Any remote object that can be created can also be destroyed. This is done by + creating a new local object, setting attributes, associating the local and +-remote object using \fBopen\fR, and then using the \fBremove\fR command. ++remote object using \fBopen\fR, and then using the \fBremove\fR command. + If the host "some-host" from before was created in error, this could be + corrected as follows: + .nf +@@ -312,7 +328,7 @@ hardware-type = 00:00:00:01 + ip-address = c0:a8:04:28 + > remove + obj: +-> ++> + .fi + .SH HELP + .PP +diff --git a/dhcpctl/omshell.c b/dhcpctl/omshell.c +index c42bab1a..9233f50e 100644 +--- a/dhcpctl/omshell.c ++++ b/dhcpctl/omshell.c +@@ -321,12 +321,42 @@ main(int argc, char **argv) { + } + break; + ++ case KEY_ALGORITHM: ++ /* Algorithm is optional */ ++ token = next_token (&val, (unsigned *)0, cfile); ++ if (token != NAME || !is_identifier(token)) { ++ printf ("missing or invalid algorithm name\n"); ++ printf ("usage: key-algoritm \n"); ++ skip_to_semi (cfile); ++ break; ++ } ++ ++ s = dmalloc (strlen (val) + 1, MDL); ++ if (!s) { ++ printf ("no memory for algorithm name.\n"); ++ skip_to_semi (cfile); ++ break; ++ } ++ ++ strcpy (s, val); ++ algorithm = s; ++ ++ token = next_token (&val, (unsigned *)0, cfile); ++ if (token != END_OF_FILE && token != EOL) { ++ printf ("extra information after %s\n", algorithm); ++ printf ("usage: key-algorithm \n"); ++ skip_to_semi (cfile); ++ break; ++ } ++ ++ break; ++ + case KEY: + token = peek_token(&val, (unsigned *)0, cfile); + if (token == STRING) { + token = next_token (&val, (unsigned *)0, cfile); + if (!is_identifier (token)) { +- printf ("usage: key \n"); ++ printf ("usage: key \n"); + skip_to_semi (cfile); + break; + } +@@ -340,7 +370,7 @@ main(int argc, char **argv) { + } else { + s = parse_host_name(cfile); + if (s == NULL) { +- printf ("usage: key \n"); ++ printf ("usage: key \n"); + skip_to_semi(cfile); + break; + } +@@ -352,12 +382,14 @@ main(int argc, char **argv) { + skip_to_semi (cfile); + break; + } ++ + token = next_token (&val, (unsigned *)0, cfile); + if (token != END_OF_FILE && token != EOL) { +- printf ("usage: key \n"); ++ printf ("usage: key {algorithm}\n"); + skip_to_semi (cfile); + break; + } ++ + break; + + case CONNECT: +diff --git a/includes/dhctoken.h b/includes/dhctoken.h +index 6fc4df3..ca24d4c 100644 +--- a/includes/dhctoken.h ++++ b/includes/dhctoken.h +@@ -374,8 +374,9 @@ enum dhcp_token { + LEASE_ID_FORMAT = 676, + TOKEN_HEX = 677, + TOKEN_OCTAL = 678, +- BOOTP_BROADCAST_ALWAYS = 679, +- DESTINATION_DESCRIPTOR = 680 ++ KEY_ALGORITHM = 679, ++ BOOTP_BROADCAST_ALWAYS = 680, ++ DESTINATION_DESCRIPTOR = 681 + }; + + #define is_identifier(x) ((x) >= FIRST_TOKEN && \ diff --git a/SOURCES/dhcp-lpf-ib.patch b/SOURCES/dhcp-lpf-ib.patch new file mode 100644 index 0000000..766d518 --- /dev/null +++ b/SOURCES/dhcp-lpf-ib.patch @@ -0,0 +1,614 @@ +diff -up dhcp-4.3.4/client/dhclient.c.lpf-ib dhcp-4.3.4/client/dhclient.c +--- dhcp-4.3.4/client/dhclient.c.lpf-ib 2016-05-02 14:37:36.945128001 +0200 ++++ dhcp-4.3.4/client/dhclient.c 2016-05-02 14:37:36.952128005 +0200 +@@ -163,6 +163,8 @@ static const char use_noarg[] = "No argu + static const char use_v6command[] = "Command not used for DHCPv4: %s"; + #endif + ++static void setup_ib_interface(struct interface_info *ip); ++ + static void + usage(const char *sfmt, const char *sarg) + { +@@ -1066,6 +1068,13 @@ main(int argc, char **argv) { + } + srandom(seed + cur_time + (unsigned)getpid()); + ++ /* Setup specific Infiniband options */ ++ for (ip = interfaces; ip; ip = ip->next) { ++ if (ip->client && ++ (ip->hw_address.hbuf[0] == HTYPE_INFINIBAND)) { ++ setup_ib_interface(ip); ++ } ++ } + + /* + * Establish a default DUID. We always do so for v6 and +@@ -1361,6 +1370,29 @@ int find_subnet (struct subnet **sp, + return 0; + } + ++static void setup_ib_interface(struct interface_info *ip) ++{ ++ struct group *g; ++ ++ /* Set the broadcast flag */ ++ ip->client->config->bootp_broadcast_always = 1; ++ ++ /* ++ * Find out if a dhcp-client-identifier option was specified either ++ * in the config file or on the command line ++ */ ++ for (g = ip->client->config->on_transmission; g != NULL; g = g->next) { ++ if ((g->statements != NULL) && ++ (strcmp(g->statements->data.option->option->name, ++ "dhcp-client-identifier") == 0)) { ++ return; ++ } ++ } ++ ++ /* No client ID specified */ ++ log_fatal("dhcp-client-identifier must be specified for InfiniBand"); ++} ++ + /* Individual States: + * + * Each routine is called from the dhclient_state_machine() in one of +diff -up dhcp-4.3.4/common/bpf.c.lpf-ib dhcp-4.3.4/common/bpf.c +--- dhcp-4.3.4/common/bpf.c.lpf-ib 2016-05-02 14:37:36.946128001 +0200 ++++ dhcp-4.3.4/common/bpf.c 2016-05-02 14:37:36.952128005 +0200 +@@ -198,11 +198,43 @@ struct bpf_insn dhcp_bpf_filter [] = { + BPF_STMT(BPF_RET+BPF_K, 0), + }; + ++/* Packet filter program for DHCP over Infiniband. ++ * ++ * XXX ++ * Changes to the filter program may require changes to the constant offsets ++ * used in lpf_gen_filter_setup to patch the port in the BPF program! ++ * XXX ++ */ ++struct bpf_insn dhcp_ib_bpf_filter [] = { ++ /* Packet filter for Infiniband */ ++ /* Make sure it's a UDP packet... */ ++ BPF_STMT(BPF_LD + BPF_B + BPF_ABS, 9), ++ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 6), ++ ++ /* Make sure this isn't a fragment... */ ++ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 6), ++ BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 4, 0), ++ ++ /* Get the IP header length... */ ++ BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, 0), ++ ++ /* Make sure it's to the right port... */ ++ BPF_STMT(BPF_LD + BPF_H + BPF_IND, 2), ++ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 67, 0, 1), ++ ++ /* If we passed all the tests, ask for the whole packet. */ ++ BPF_STMT(BPF_RET + BPF_K, (u_int)-1), ++ ++ /* Otherwise, drop it. */ ++ BPF_STMT(BPF_RET + BPF_K, 0), ++}; ++ + #if defined (DEC_FDDI) + struct bpf_insn *bpf_fddi_filter = NULL; + #endif + + int dhcp_bpf_filter_len = sizeof dhcp_bpf_filter / sizeof (struct bpf_insn); ++int dhcp_ib_bpf_filter_len = sizeof dhcp_ib_bpf_filter / sizeof (struct bpf_insn); + #if defined (HAVE_TR_SUPPORT) + struct bpf_insn dhcp_bpf_tr_filter [] = { + /* accept all token ring packets due to variable length header */ +diff -up dhcp-4.3.4/common/discover.c.lpf-ib dhcp-4.3.4/common/discover.c +--- dhcp-4.3.4/common/discover.c.lpf-ib 2016-03-22 14:16:51.000000000 +0100 ++++ dhcp-4.3.4/common/discover.c 2016-05-02 14:38:08.257147982 +0200 +@@ -1235,7 +1235,7 @@ discover_interfaces(int state) { + if_register_send(tmp); + } else { + /* get_hw_addr() was called by register. */ +- get_hw_addr(tmp->name, &tmp->hw_address); ++ get_hw_addr(tmp); + } + break; + #ifdef DHCPv6 +@@ -1248,7 +1248,7 @@ discover_interfaces(int state) { + so now we have to call it explicitly + to not leave the hardware address unknown + (some code expects it cannot be. */ +- get_hw_addr(tmp->name, &tmp->hw_address); ++ get_hw_addr(tmp); + } else { + if_register_linklocal6(tmp); + } +diff -up dhcp-4.3.4/common/lpf.c.lpf-ib dhcp-4.3.4/common/lpf.c +--- dhcp-4.3.4/common/lpf.c.lpf-ib 2016-05-02 14:37:36.947128002 +0200 ++++ dhcp-4.3.4/common/lpf.c 2016-05-02 14:37:36.953128006 +0200 +@@ -47,6 +47,17 @@ + #include + #include + #include ++#include ++ ++/* Default broadcast address for IPoIB */ ++static unsigned char default_ib_bcast_addr[20] = { ++ 0x00, 0xff, 0xff, 0xff, ++ 0xff, 0x12, 0x40, 0x1b, ++ 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, ++ 0xff, 0xff, 0xff, 0xff ++}; ++ + #endif + + #if defined (USE_LPF_SEND) || defined (USE_LPF_RECEIVE) +@@ -80,10 +91,20 @@ int if_register_lpf (info) + struct sockaddr common; + } sa; + struct ifreq ifr; ++ int type; ++ int protocol; ++ ++ get_hw_addr(info); ++ if (info->hw_address.hbuf[0] == HTYPE_INFINIBAND) { ++ type = SOCK_DGRAM; ++ protocol = ETHERTYPE_IP; ++ } else { ++ type = SOCK_RAW; ++ protocol = ETH_P_ALL; ++ } + + /* Make an LPF socket. */ +- if ((sock = socket(PF_PACKET, SOCK_RAW, +- htons((short)ETH_P_ALL))) < 0) { ++ if ((sock = socket(PF_PACKET, type, htons((short)protocol))) < 0) { + if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || + errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || + errno == EAFNOSUPPORT || errno == EINVAL) { +@@ -106,6 +127,7 @@ int if_register_lpf (info) + /* Bind to the interface name */ + memset (&sa, 0, sizeof sa); + sa.ll.sll_family = AF_PACKET; ++ sa.ll.sll_protocol = htons(protocol); + sa.ll.sll_ifindex = ifr.ifr_ifindex; + if (bind (sock, &sa.common, sizeof sa)) { + if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || +@@ -122,8 +144,6 @@ int if_register_lpf (info) + + } + +- get_hw_addr(info->name, &info->hw_address); +- + return sock; + } + #endif /* USE_LPF_SEND || USE_LPF_RECEIVE */ +@@ -178,6 +198,8 @@ void if_deregister_send (info) + in bpf includes... */ + extern struct sock_filter dhcp_bpf_filter []; + extern int dhcp_bpf_filter_len; ++extern struct sock_filter dhcp_ib_bpf_filter []; ++extern int dhcp_ib_bpf_filter_len; + + #if defined (HAVE_TR_SUPPORT) + extern struct sock_filter dhcp_bpf_tr_filter []; +@@ -196,11 +218,12 @@ void if_register_receive (info) + #ifdef PACKET_AUXDATA + { + int val = 1; +- +- if (setsockopt(info->rfdesc, SOL_PACKET, PACKET_AUXDATA, +- &val, sizeof(val)) < 0) { +- if (errno != ENOPROTOOPT) { +- log_fatal ("Failed to set auxiliary packet data: %m"); ++ if (info->hw_address.hbuf[0] != HTYPE_INFINIBAND) { ++ if (setsockopt(info->rfdesc, SOL_PACKET, PACKET_AUXDATA, ++ &val, sizeof(val)) < 0) { ++ if (errno != ENOPROTOOPT) { ++ log_fatal ("Failed to set auxiliary packet data: %m"); ++ } + } + } + } +@@ -250,15 +273,28 @@ static void lpf_gen_filter_setup (info) + + memset(&p, 0, sizeof(p)); + +- /* Set up the bpf filter program structure. This is defined in +- bpf.c */ +- p.len = dhcp_bpf_filter_len; +- p.filter = dhcp_bpf_filter; +- +- /* Patch the server port into the LPF program... +- XXX changes to filter program may require changes +- to the insn number(s) used below! XXX */ +- dhcp_bpf_filter [8].k = ntohs ((short)local_port); ++ if (info->hw_address.hbuf[0] == HTYPE_INFINIBAND) { ++ /* Set up the bpf filter program structure. */ ++ p.len = dhcp_ib_bpf_filter_len; ++ p.filter = dhcp_ib_bpf_filter; ++ ++ /* Patch the server port into the LPF program... ++ XXX ++ changes to filter program may require changes ++ to the insn number(s) used below! ++ XXX */ ++ dhcp_ib_bpf_filter[6].k = ntohs ((short)local_port); ++ } else { ++ /* Set up the bpf filter program structure. ++ This is defined in bpf.c */ ++ p.len = dhcp_bpf_filter_len; ++ p.filter = dhcp_bpf_filter; ++ ++ /* Patch the server port into the LPF program... ++ XXX changes to filter program may require changes ++ to the insn number(s) used below! XXX */ ++ dhcp_bpf_filter [8].k = ntohs ((short)local_port); ++ } + + if (setsockopt (info -> rfdesc, SOL_SOCKET, SO_ATTACH_FILTER, &p, + sizeof p) < 0) { +@@ -315,6 +351,54 @@ static void lpf_tr_filter_setup (info) + #endif /* USE_LPF_RECEIVE */ + + #ifdef USE_LPF_SEND ++ssize_t send_packet_ib(interface, packet, raw, len, from, to, hto) ++ struct interface_info *interface; ++ struct packet *packet; ++ struct dhcp_packet *raw; ++ size_t len; ++ struct in_addr from; ++ struct sockaddr_in *to; ++ struct hardware *hto; ++{ ++ unsigned ibufp = 0; ++ double ih [1536 / sizeof (double)]; ++ unsigned char *buf = (unsigned char *)ih; ++ ssize_t result; ++ ++ union sockunion { ++ struct sockaddr sa; ++ struct sockaddr_ll sll; ++ struct sockaddr_storage ss; ++ } su; ++ ++ assemble_udp_ip_header (interface, buf, &ibufp, from.s_addr, ++ to->sin_addr.s_addr, to->sin_port, ++ (unsigned char *)raw, len); ++ memcpy (buf + ibufp, raw, len); ++ ++ memset(&su, 0, sizeof(su)); ++ su.sll.sll_family = AF_PACKET; ++ su.sll.sll_protocol = htons(ETHERTYPE_IP); ++ ++ if (!(su.sll.sll_ifindex = if_nametoindex(interface->name))) { ++ errno = ENOENT; ++ log_error ("send_packet_ib: %m - failed to get if index"); ++ return -1; ++ } ++ ++ su.sll.sll_hatype = htons(HTYPE_INFINIBAND); ++ su.sll.sll_halen = sizeof(interface->bcast_addr); ++ memcpy(&su.sll.sll_addr, interface->bcast_addr, 20); ++ ++ result = sendto(interface->wfdesc, buf, ibufp + len, 0, ++ &su.sa, sizeof(su)); ++ ++ if (result < 0) ++ log_error ("send_packet_ib: %m"); ++ ++ return result; ++} ++ + ssize_t send_packet (interface, packet, raw, len, from, to, hto) + struct interface_info *interface; + struct packet *packet; +@@ -335,6 +419,11 @@ ssize_t send_packet (interface, packet, + return send_fallback (interface, packet, raw, + len, from, to, hto); + ++ if (interface->hw_address.hbuf[0] == HTYPE_INFINIBAND) { ++ return send_packet_ib(interface, packet, raw, len, from, ++ to, hto); ++ } ++ + if (hto == NULL && interface->anycast_mac_addr.hlen) + hto = &interface->anycast_mac_addr; + +@@ -355,6 +444,42 @@ ssize_t send_packet (interface, packet, + #endif /* USE_LPF_SEND */ + + #ifdef USE_LPF_RECEIVE ++ssize_t receive_packet_ib (interface, buf, len, from, hfrom) ++ struct interface_info *interface; ++ unsigned char *buf; ++ size_t len; ++ struct sockaddr_in *from; ++ struct hardware *hfrom; ++{ ++ int length = 0; ++ int offset = 0; ++ unsigned char ibuf [1536]; ++ unsigned bufix = 0; ++ unsigned paylen; ++ ++ length = read(interface->rfdesc, ibuf, sizeof(ibuf)); ++ ++ if (length <= 0) ++ return length; ++ ++ offset = decode_udp_ip_header(interface, ibuf, bufix, from, ++ (unsigned)length, &paylen, 0); ++ ++ if (offset < 0) ++ return 0; ++ ++ bufix += offset; ++ length -= offset; ++ ++ if (length < paylen) ++ log_fatal("Internal inconsistency at %s:%d.", MDL); ++ ++ /* Copy out the data in the packet... */ ++ memcpy(buf, &ibuf[bufix], paylen); ++ ++ return (ssize_t)paylen; ++} ++ + ssize_t receive_packet (interface, buf, len, from, hfrom) + struct interface_info *interface; + unsigned char *buf; +@@ -393,6 +518,10 @@ ssize_t receive_packet (interface, buf, + }; + #endif /* PACKET_AUXDATA */ + ++ if (interface->hw_address.hbuf[0] == HTYPE_INFINIBAND) { ++ return receive_packet_ib(interface, buf, len, from, hfrom); ++ } ++ + length = recvmsg (interface->rfdesc, &msg, 0); + if (length <= 0) + return length; +@@ -506,11 +635,33 @@ void maybe_setup_fallback () + #endif + + #if defined (USE_LPF_RECEIVE) || defined (USE_LPF_HWADDR) +-void +-get_hw_addr(const char *name, struct hardware *hw) { ++struct sockaddr_ll * ++get_ll (struct ifaddrs *ifaddrs, struct ifaddrs **ifa, char *name) ++{ ++ for (*ifa = ifaddrs; *ifa != NULL; *ifa = (*ifa)->ifa_next) { ++ if ((*ifa)->ifa_addr == NULL) ++ continue; ++ ++ if ((*ifa)->ifa_addr->sa_family != AF_PACKET) ++ continue; ++ ++ if ((*ifa)->ifa_flags & IFF_LOOPBACK) ++ continue; ++ ++ if (strcmp((*ifa)->ifa_name, name) == 0) ++ return (struct sockaddr_ll *)(void *)(*ifa)->ifa_addr; ++ } ++ *ifa = NULL; ++ return NULL; ++} ++ ++struct sockaddr_ll * ++ioctl_get_ll(char *name) ++{ + int sock; + struct ifreq tmp; +- struct sockaddr *sa; ++ struct sockaddr *sa = NULL; ++ struct sockaddr_ll *sll = NULL; + + if (strlen(name) >= sizeof(tmp.ifr_name)) { + log_fatal("Device name too long: \"%s\"", name); +@@ -524,16 +675,61 @@ get_hw_addr(const char *name, struct har + memset(&tmp, 0, sizeof(tmp)); + strcpy(tmp.ifr_name, name); + if (ioctl(sock, SIOCGIFHWADDR, &tmp) < 0) { +- log_fatal("Error getting hardware address for \"%s\": %m", ++ log_fatal("Error getting hardware address for \"%s\": %m", + name); + } ++ close(sock); + + sa = &tmp.ifr_hwaddr; +- switch (sa->sa_family) { ++ // needs to be freed outside this function ++ sll = dmalloc (sizeof (struct sockaddr_ll), MDL); ++ if (!sll) ++ log_fatal("Unable to allocate memory for link layer address"); ++ memcpy(&sll->sll_hatype, &sa->sa_family, sizeof (sll->sll_hatype)); ++ memcpy(sll->sll_addr, sa->sa_data, sizeof (sll->sll_addr)); ++ switch (sll->sll_hatype) { ++ case ARPHRD_INFINIBAND: ++ sll->sll_halen = HARDWARE_ADDR_LEN_IOCTL; ++ break; ++ default: ++ break; ++ } ++ return sll; ++} ++ ++void ++get_hw_addr(struct interface_info *info) ++{ ++ struct hardware *hw = &info->hw_address; ++ char *name = info->name; ++ struct ifaddrs *ifaddrs = NULL; ++ struct ifaddrs *ifa = NULL; ++ struct sockaddr_ll *sll = NULL; ++ int sll_allocated = 0; ++ char *dup = NULL; ++ char *colon = NULL; ++ ++ if (getifaddrs(&ifaddrs) == -1) ++ log_fatal("Failed to get interfaces"); ++ ++ if ((sll = get_ll(ifaddrs, &ifa, name)) == NULL) { ++ /* ++ * We were unable to get link-layer address for name. ++ * Fall back to ioctl(SIOCGIFHWADDR). ++ */ ++ sll = ioctl_get_ll(name); ++ if (sll != NULL) ++ sll_allocated = 1; ++ else ++ // shouldn't happen ++ log_fatal("Unexpected internal error"); ++ } ++ ++ switch (sll->sll_hatype) { + case ARPHRD_ETHER: + hw->hlen = 7; + hw->hbuf[0] = HTYPE_ETHER; +- memcpy(&hw->hbuf[1], sa->sa_data, 6); ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); + break; + case ARPHRD_IEEE802: + #ifdef ARPHRD_IEEE802_TR +@@ -541,18 +737,50 @@ get_hw_addr(const char *name, struct har + #endif /* ARPHRD_IEEE802_TR */ + hw->hlen = 7; + hw->hbuf[0] = HTYPE_IEEE802; +- memcpy(&hw->hbuf[1], sa->sa_data, 6); ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); + break; + case ARPHRD_FDDI: + hw->hlen = 7; + hw->hbuf[0] = HTYPE_FDDI; +- memcpy(&hw->hbuf[1], sa->sa_data, 6); ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); ++ break; ++ case ARPHRD_INFINIBAND: ++ dup = strdup(name); ++ /* Aliased infiniband interface is special case where ++ * neither get_ll() nor ioctl_get_ll() get's correct hw ++ * address, so we have to truncate the :0 and run ++ * get_ll() again for the rest. ++ */ ++ if ((colon = strchr(dup, ':')) != NULL) { ++ *colon = '\0'; ++ if ((sll = get_ll(ifaddrs, &ifa, dup)) == NULL) ++ log_fatal("Error getting hardware address for \"%s\": %m", name); ++ } ++ free (dup); ++ /* For Infiniband, save the broadcast address and store ++ * the port GUID into the hardware address. ++ */ ++ if (ifa && (ifa->ifa_flags & IFF_BROADCAST)) { ++ struct sockaddr_ll *bll; ++ ++ bll = (struct sockaddr_ll *)ifa->ifa_broadaddr; ++ memcpy(&info->bcast_addr, bll->sll_addr, 20); ++ } else { ++ memcpy(&info->bcast_addr, default_ib_bcast_addr, ++ 20); ++ } ++ ++ hw->hlen = HARDWARE_ADDR_LEN_IOCTL + 1; ++ hw->hbuf[0] = HTYPE_INFINIBAND; ++ memcpy(&hw->hbuf[1], ++ &sll->sll_addr[sll->sll_halen - HARDWARE_ADDR_LEN_IOCTL], ++ HARDWARE_ADDR_LEN_IOCTL); + break; + #if defined(ARPHRD_PPP) + case ARPHRD_PPP: + if (local_family != AF_INET6) +- log_fatal("Unsupported device type %d for \"%s\"", +- sa->sa_family, name); ++ log_fatal("local_family != AF_INET6 for \"%s\"", ++ name); + hw->hlen = 0; + hw->hbuf[0] = HTYPE_RESERVED; + /* 0xdeadbeef should never occur on the wire, +@@ -565,10 +793,13 @@ get_hw_addr(const char *name, struct har + break; + #endif + default: +- log_fatal("Unsupported device type %ld for \"%s\"", +- (long int)sa->sa_family, name); ++ freeifaddrs(ifaddrs); ++ log_fatal("Unsupported device type %hu for \"%s\"", ++ sll->sll_hatype, name); + } + +- close(sock); ++ if (sll_allocated) ++ dfree(sll, MDL); ++ freeifaddrs(ifaddrs); + } + #endif +diff -up dhcp-4.3.4/common/socket.c.lpf-ib dhcp-4.3.4/common/socket.c +--- dhcp-4.3.4/common/socket.c.lpf-ib 2016-03-22 14:16:51.000000000 +0100 ++++ dhcp-4.3.4/common/socket.c 2016-05-02 14:37:36.953128006 +0200 +@@ -328,7 +328,7 @@ void if_register_send (info) + info->wfdesc = if_register_socket(info, AF_INET, 0, NULL); + /* If this is a normal IPv4 address, get the hardware address. */ + if (strcmp(info->name, "fallback") != 0) +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + #if defined (USE_SOCKET_FALLBACK) + /* Fallback only registers for send, but may need to receive as + well. */ +@@ -391,7 +391,7 @@ void if_register_receive (info) + #endif /* IP_PKTINFO... */ + /* If this is a normal IPv4 address, get the hardware address. */ + if (strcmp(info->name, "fallback") != 0) +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + + if (!quiet_interface_discovery) + log_info ("Listening on Socket/%s%s%s", +@@ -505,7 +505,7 @@ if_register6(struct interface_info *info + if (req_multi) + if_register_multicast(info); + +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + + if (!quiet_interface_discovery) { + if (info->shared_network != NULL) { +@@ -561,7 +561,7 @@ if_register_linklocal6(struct interface_ + info->rfdesc = sock; + info->wfdesc = sock; + +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + + if (!quiet_interface_discovery) { + if (info->shared_network != NULL) { +diff -up dhcp-4.3.4/includes/dhcpd.h.lpf-ib dhcp-4.3.4/includes/dhcpd.h +--- dhcp-4.3.4/includes/dhcpd.h.lpf-ib 2016-05-02 14:37:36.948128002 +0200 ++++ dhcp-4.3.4/includes/dhcpd.h 2016-05-02 14:37:36.954128006 +0200 +@@ -482,6 +482,9 @@ struct packet { + + #define HARDWARE_ADDR_LEN 20 + ++/* ioctl limits hardware addresses to 8 bytes */ ++#define HARDWARE_ADDR_LEN_IOCTL 8 ++ + struct hardware { + u_int8_t hlen; + u_int8_t hbuf[HARDWARE_ADDR_LEN + 1]; +@@ -1343,6 +1346,7 @@ struct interface_info { + struct shared_network *shared_network; + /* Networks connected to this interface. */ + struct hardware hw_address; /* Its physical address. */ ++ u_int8_t bcast_addr[20]; /* Infiniband broadcast address */ + struct in_addr *addresses; /* Addresses associated with this + * interface. + */ +@@ -2580,7 +2584,7 @@ void print_dns_status (int, struct dhcp_ + #endif + const char *print_time(TIME); + +-void get_hw_addr(const char *name, struct hardware *hw); ++void get_hw_addr(struct interface_info *info); + char *buf_to_hex (const unsigned char *s, unsigned len, + const char *file, int line); + char *format_lease_id(const unsigned char *s, unsigned len, int format, diff --git a/SOURCES/dhcp-manpages.patch b/SOURCES/dhcp-manpages.patch new file mode 100644 index 0000000..24d6972 --- /dev/null +++ b/SOURCES/dhcp-manpages.patch @@ -0,0 +1,148 @@ +diff -up dhcp-4.3.5b1/client/dhclient.conf.5.man dhcp-4.3.5b1/client/dhclient.conf.5 +--- dhcp-4.3.5b1/client/dhclient.conf.5.man 2016-08-26 20:19:53.000000000 +0200 ++++ dhcp-4.3.5b1/client/dhclient.conf.5 2016-09-12 17:09:23.243313514 +0200 +@@ -228,7 +228,8 @@ responding to the client send the client + options. Only the option names should be specified in the request + statement - not option parameters. By default, the DHCPv4 client + requests the subnet-mask, broadcast-address, time-offset, routers, +-domain-name, domain-name-servers and host-name options while the DHCPv6 ++domain-search, domain-name, domain-name-servers, host-name, nis-domain, ++nis-servers, ntp-servers and interface-mtu options while the DHCPv6 + client requests the dhcp6 name-servers and domain-search options. Note + that if you enter a \'request\' statement, you over-ride these defaults + and these options will not be requested. +@@ -736,6 +737,17 @@ know the DHCP service(s) anycast MAC add + client. The \fIlink-type\fR and \fImac-address\fR parameters are configured + in a similar manner to the \fBhardware\fR statement. + .PP ++ \fBbootp-broadcast-always;\fR ++.PP ++The ++.B bootp-broadcast-always ++statement instructs dhclient to always set the bootp broadcast flag in ++request packets, so that servers will always broadcast replies. ++This is equivalent to supplying the dhclient -B argument, and has ++the same effect as specifying 'always-broadcast' in the server's dhcpd.conf. ++This option is provided as an extension to enable dhclient to work ++on IBM s390 Linux guests. ++.PP + .SH SAMPLE + The following configuration file was used on a laptop running NetBSD + 1.3, though the domains have been modified. +diff -up dhcp-4.3.5b1/client/dhclient-script.8.man dhcp-4.3.5b1/client/dhclient-script.8 +--- dhcp-4.3.5b1/client/dhclient-script.8.man 2016-08-26 20:19:53.000000000 +0200 ++++ dhcp-4.3.5b1/client/dhclient-script.8 2016-09-12 17:08:09.516254385 +0200 +@@ -45,7 +45,7 @@ customizations are needed, they should b + exit hooks provided (see HOOKS for details). These hooks will allow the + user to override the default behaviour of the client in creating a + .B /etc/resolv.conf +-file. ++file, and to handle DHCP options not handled by default. + .PP + No standard client script exists for some operating systems, even though + the actual client may work, so a pioneering user may well need to create +@@ -89,6 +89,26 @@ present. The + .B ETCDIR/dhclient-exit-hooks + script can modify the valid of exit_status to change the exit status + of dhclient-script. ++.PP ++Immediately after dhclient brings an interface UP with a new IP address, ++subnet mask, and routes, in the REBOOT/BOUND states, it will check for the ++existence of an executable ++.B ETCDIR/dhclient-up-hooks ++script, and source it if found. This script can handle DHCP options in ++the environment that are not handled by default. A per-interface. ++.B ETCDIR/dhclient-${IF}-up-hooks ++script will override the generic script and be sourced when interface ++$IF has been brought up. ++.PP ++Immediately before dhclient brings an interface DOWN, removing its IP ++address, subnet mask, and routes, in the STOP/RELEASE states, it will ++check for the existence of an executable ++.B ETCDIR/dhclient-down-hooks ++script, and source it if found. This script can handle DHCP options in ++the environment that are not handled by default. A per-interface ++.B ETCDIR/dhclient-${IF}-down-hooks ++script will override the generic script and be sourced when interface ++$IF is about to be brought down. + .SH OPERATION + When dhclient needs to invoke the client configuration script, it + defines a set of variables in the environment, and then invokes +diff -up dhcp-4.3.5b1/common/dhcp-options.5.man dhcp-4.3.5b1/common/dhcp-options.5 +--- dhcp-4.3.5b1/common/dhcp-options.5.man 2016-08-26 20:19:53.000000000 +0200 ++++ dhcp-4.3.5b1/common/dhcp-options.5 2016-09-12 17:08:09.517254386 +0200 +@@ -1013,6 +1013,21 @@ classless IP routing - it does not inclu + classless IP routing is now the most widely deployed routing standard, + this option is virtually useless, and is not implemented by any of the + popular DHCP clients, for example the Microsoft DHCP client. ++.PP ++NOTE to Fedora dhclient users: ++.br ++dhclient-script interprets trailing 0 octets of the target as indicating ++the subnet class of the route, so for the following static-routes value: ++.br ++ option static-routes 172.0.0.0 172.16.2.254, ++.br ++ 192.168.0.0 192.168.2.254; ++.br ++dhclient-script will create routes: ++.br ++ 172/8 via 172.16.2.254 dev $interface ++.br ++ 192.168/16 via 192.168.2.254 dev $interface + .RE + .PP + .nf +diff -up dhcp-4.3.5b1/server/dhcpd.conf.5.man dhcp-4.3.5b1/server/dhcpd.conf.5 +--- dhcp-4.3.5b1/server/dhcpd.conf.5.man 2016-08-26 20:19:53.000000000 +0200 ++++ dhcp-4.3.5b1/server/dhcpd.conf.5 2016-09-12 17:10:11.205351980 +0200 +@@ -528,6 +528,9 @@ pool { + }; + .fi + .PP ++Dynamic BOOTP leases are not compatible with failover, and, as such, ++you need to disallow BOOTP in pools that you are using failover for. ++.PP + The server currently does very little sanity checking, so if you + configure it wrong, it will just fail in odd ways. I would recommend + therefore that you either do failover or don't do failover, but don't +@@ -542,9 +545,9 @@ primary server might look like this: + failover peer "foo" { + primary; + address anthrax.rc.example.com; +- port 519; ++ port 647; + peer address trantor.rc.example.com; +- peer port 520; ++ peer port 847; + max-response-delay 60; + max-unacked-updates 10; + mclt 3600; +@@ -1246,7 +1249,7 @@ the zone containing PTR records - for IS + .PP + .nf + key DHCP_UPDATER { +- algorithm HMAC-MD5.SIG-ALG.REG.INT; ++ algorithm hmac-md5; + secret pRP5FapFoJ95JEL06sv4PQ==; + }; + +@@ -1269,7 +1272,7 @@ dhcpd.conf file: + .PP + .nf + key DHCP_UPDATER { +- algorithm HMAC-MD5.SIG-ALG.REG.INT; ++ algorithm hmac-md5; + secret pRP5FapFoJ95JEL06sv4PQ==; + }; + +@@ -2742,7 +2745,8 @@ statement + The \fInext-server\fR statement is used to specify the host address of + the server from which the initial boot file (specified in the + \fIfilename\fR statement) is to be loaded. \fIServer-name\fR should +-be a numeric IP address or a domain name. ++be a numeric IP address or a domain name. If no \fInext-server\fR statement ++applies to a given client, the address 0.0.0.0 is used. + .RE + .PP + The diff --git a/SOURCES/dhcp-no-subnet-error2info.patch b/SOURCES/dhcp-no-subnet-error2info.patch new file mode 100644 index 0000000..975a4d4 --- /dev/null +++ b/SOURCES/dhcp-no-subnet-error2info.patch @@ -0,0 +1,48 @@ +diff -up dhcp-4.3.0a1/common/discover.c.error2info dhcp-4.3.0a1/common/discover.c +--- dhcp-4.3.0a1/common/discover.c.error2info 2013-12-20 13:59:15.148553898 +0100 ++++ dhcp-4.3.0a1/common/discover.c 2013-12-20 13:59:15.181553438 +0100 +@@ -779,9 +779,9 @@ discover_interfaces(int state) { + + /* We must have a subnet declaration for each interface. */ + if (!tmp->shared_network && (state == DISCOVER_SERVER)) { +- log_error("%s", ""); ++ log_info("%s", ""); + if (local_family == AF_INET) { +- log_error("No subnet declaration for %s (%s).", ++ log_info("No subnet declaration for %s (%s).", + tmp->name, + (tmp->addresses == NULL) ? + "no IPv4 addresses" : +@@ -796,26 +796,26 @@ discover_interfaces(int state) { + } else { + strcpy(abuf, "no IPv6 addresses"); + } +- log_error("No subnet6 declaration for %s (%s).", ++ log_info("No subnet6 declaration for %s (%s).", + tmp->name, + abuf); + #endif /* DHCPv6 */ + } + if (supports_multiple_interfaces(tmp)) { +- log_error ("** Ignoring requests on %s. %s", ++ log_info ("** Ignoring requests on %s. %s", + tmp -> name, "If this is not what"); +- log_error (" you want, please write %s", ++ log_info (" you want, please write %s", + #ifdef DHCPv6 + (local_family != AF_INET) ? + "a subnet6 declaration" : + #endif + "a subnet declaration"); +- log_error (" in your dhcpd.conf file %s", ++ log_info (" in your dhcpd.conf file %s", + "for the network segment"); +- log_error (" to %s %s %s", ++ log_info (" to %s %s %s", + "which interface", + tmp -> name, "is attached. **"); +- log_error ("%s", ""); ++ log_info ("%s", ""); + goto next; + } else { + log_error ("You must write a %s", diff --git a/SOURCES/dhcp-omshell-hmac-sha512-support.patch b/SOURCES/dhcp-omshell-hmac-sha512-support.patch new file mode 100644 index 0000000..3c07ea8 --- /dev/null +++ b/SOURCES/dhcp-omshell-hmac-sha512-support.patch @@ -0,0 +1,155 @@ +diff --git a/omapip/connection.c b/omapip/connection.c +index a74becc..56826a5 100644 +--- a/omapip/connection.c ++++ b/omapip/connection.c +@@ -46,6 +46,9 @@ extern omapi_array_t *trace_listeners; + #endif + static isc_result_t omapi_connection_connect_internal (omapi_object_t *); + ++static isc_result_t ctring_from_attribute(omapi_object_t *obj, char *attr_name, ++ char **cstr); ++ + OMAPI_OBJECT_ALLOC (omapi_connection, + omapi_connection_object_t, omapi_type_connection) + +@@ -765,64 +768,41 @@ isc_result_t omapi_connection_reaper (omapi_object_t *h) + } + + static isc_result_t make_dst_key (dst_key_t **dst_key, omapi_object_t *a) { +- omapi_value_t *name = (omapi_value_t *)0; +- omapi_value_t *algorithm = (omapi_value_t *)0; +- omapi_value_t *key = (omapi_value_t *)0; +- char *name_str = NULL; ++ omapi_value_t *key = 0; ++ char *name_str = 0; ++ char *algorithm_str = 0; + isc_result_t status = ISC_R_SUCCESS; + +- if (status == ISC_R_SUCCESS) +- status = omapi_get_value_str +- (a, (omapi_object_t *)0, "name", &name); +- +- if (status == ISC_R_SUCCESS) +- status = omapi_get_value_str +- (a, (omapi_object_t *)0, "algorithm", &algorithm); +- +- if (status == ISC_R_SUCCESS) +- status = omapi_get_value_str +- (a, (omapi_object_t *)0, "key", &key); +- ++ /* Get the key name as a C string. */ ++ status = ctring_from_attribute(a, "name", &name_str); + if (status == ISC_R_SUCCESS) { +- if ((algorithm->value->type != omapi_datatype_data && +- algorithm->value->type != omapi_datatype_string) || +- strncasecmp((char *)algorithm->value->u.buffer.value, +- NS_TSIG_ALG_HMAC_MD5 ".", +- algorithm->value->u.buffer.len) != 0) { +- status = DHCP_R_INVALIDARG; ++ /* Get the algorithm name as a C string. */ ++ status = ctring_from_attribute(a, "algorithm", &algorithm_str); ++ if (status == ISC_R_SUCCESS) { ++ /* Get the key secret value */ ++ status = omapi_get_value_str(a, 0, "key", &key); ++ if (status == ISC_R_SUCCESS) { ++ /* Now let's try and create the key */ ++ status = isclib_make_dst_key( ++ name_str, ++ algorithm_str, ++ key->value->u.buffer.value, ++ key->value->u.buffer.len, ++ dst_key); ++ ++ if (*dst_key == NULL) { ++ status = ISC_R_NOMEMORY; ++ } ++ } + } + } + +- if (status == ISC_R_SUCCESS) { +- name_str = dmalloc (name -> value -> u.buffer.len + 1, MDL); +- if (!name_str) +- status = ISC_R_NOMEMORY; +- } +- +- if (status == ISC_R_SUCCESS) { +- memcpy (name_str, +- name -> value -> u.buffer.value, +- name -> value -> u.buffer.len); +- name_str [name -> value -> u.buffer.len] = 0; +- +- status = isclib_make_dst_key(name_str, +- DHCP_HMAC_MD5_NAME, +- key->value->u.buffer.value, +- key->value->u.buffer.len, +- dst_key); +- +- if (*dst_key == NULL) +- status = ISC_R_NOMEMORY; +- } +- + if (name_str) + dfree (name_str, MDL); ++ if (algorithm_str) ++ dfree (algorithm_str, MDL); + if (key) + omapi_value_dereference (&key, MDL); +- if (algorithm) +- omapi_value_dereference (&algorithm, MDL); +- if (name) +- omapi_value_dereference (&name, MDL); + + return status; + } +@@ -1105,3 +1085,50 @@ isc_result_t omapi_connection_stuff_values (omapi_object_t *c, + m -> inner); + return ISC_R_SUCCESS; + } ++ ++/* @brief Fetches the value of an attribute in an object as an allocated ++ * C string ++ * ++ * @param obj ompapi object containing the desire attribute ++ * @param attr_name name of the desired attribute ++ * @param[out] cstr pointer in which to place the allocated C string's address ++ * ++ * Caller is responsible for freeing (via dfree) the allocated string. ++ * ++ * @return ISC_R_SUCCESS if successful, otherwise indicates the type of failure ++*/ ++static isc_result_t ctring_from_attribute(omapi_object_t *obj, char *attr_name, ++ char **cstr) { ++ isc_result_t status = ISC_R_SUCCESS; ++ omapi_value_t *attr = 0; ++ ++ /* Find the attribute in the object. */ ++ status = omapi_get_value_str(obj, (omapi_object_t *)0, attr_name, ++ &attr); ++ if (status != ISC_R_SUCCESS) { ++ return (status); ++ } ++ ++ /* Got it, let's make sure it's either data or string type. */ ++ if (attr->value->type != omapi_datatype_data && ++ attr->value->type != omapi_datatype_string) { ++ return (DHCP_R_INVALIDARG); ++ } ++ ++ /* Make a C string from the attribute value. */ ++ *cstr = dmalloc (attr->value->u.buffer.len + 1, MDL); ++ if (!(*cstr)) { ++ status = ISC_R_NOMEMORY; ++ } else { ++ memcpy (*cstr, attr->value->u.buffer.value, ++ attr->value->u.buffer.len); ++ (*cstr)[attr->value->u.buffer.len] = 0; ++ } ++ ++ /* Get rid of the attribute reference */ ++ if (attr) { ++ omapi_value_dereference (&attr, MDL); ++ } ++ ++ return (status); ++} diff --git a/SOURCES/dhcp-option97-pxe-client-id.patch b/SOURCES/dhcp-option97-pxe-client-id.patch new file mode 100644 index 0000000..fac2ace --- /dev/null +++ b/SOURCES/dhcp-option97-pxe-client-id.patch @@ -0,0 +1,217 @@ +diff -up dhcp-4.3.5b1/common/options.c.option97 dhcp-4.3.5b1/common/options.c +--- dhcp-4.3.5b1/common/options.c.option97 2016-09-12 17:17:13.972691041 +0200 ++++ dhcp-4.3.5b1/common/options.c 2016-09-12 17:19:17.706790276 +0200 +@@ -4434,13 +4434,26 @@ int validate_packet(struct packet *packe + "a future version of ISC DHCP will reject this"); + } + } else { +- /* +- * If hlen is 0 we don't have any identifier, we warn the user +- * but continue processing the packet as we can. +- */ +- if (packet->raw->hlen == 0) { +- log_debug("Received DHCPv4 packet without client-id" +- " option and empty hlen field."); ++ oc = lookup_option (&dhcp_universe, packet->options, ++ DHO_PXE_CLIENT_ID); ++ if (oc) { ++ /* Let's check if pxe-client-id is sane */ ++ if ((oc->data.len < 2) || ++ (oc->data.data[0] == '\0' && ++ oc->data.len != 17)) { ++ log_debug("Dropped DHCPv4 packet with wrong " ++ "(len == %d) pxe-client-id", oc->data.len); ++ return (0); ++ } ++ } else { ++ /* ++ * If hlen is 0 we don't have any identifier, we warn the user ++ * but continue processing the packet as we can. ++ */ ++ if (packet->raw->hlen == 0) { ++ log_debug("Received DHCPv4 packet without client-id" ++ " option and empty hlen field."); ++ } + } + } + +diff -up dhcp-4.3.5b1/common/tables.c.option97 dhcp-4.3.5b1/common/tables.c +--- dhcp-4.3.5b1/common/tables.c.option97 2016-09-12 17:17:13.927691005 +0200 ++++ dhcp-4.3.5b1/common/tables.c 2016-09-12 17:17:13.972691041 +0200 +@@ -196,8 +196,9 @@ static struct option dhcp_options[] = { + /* Defined by RFC 4578 */ + { "pxe-system-type", "S", &dhcp_universe, 93, 1 }, + { "pxe-interface-id", "BBB", &dhcp_universe, 94, 1 }, +- { "pxe-client-id", "BX", &dhcp_universe, 97, 1 }, + #endif ++ { "pxe-client-id", "BX", &dhcp_universe, 97, 1 }, ++ + { "uap-servers", "t", &dhcp_universe, 98, 1 }, + #if defined(RFC4776_OPTIONS) + { "geoconf-civic", "X", &dhcp_universe, 99, 1 }, +diff -up dhcp-4.3.5b1/includes/dhcp.h.option97 dhcp-4.3.5b1/includes/dhcp.h +--- dhcp-4.3.5b1/includes/dhcp.h.option97 2016-09-12 17:17:13.936691013 +0200 ++++ dhcp-4.3.5b1/includes/dhcp.h 2016-09-12 17:17:13.972691041 +0200 +@@ -159,6 +159,7 @@ struct dhcp_packet { + #define DHO_AUTHENTICATE 90 /* RFC3118, was 210 */ + #define DHO_CLIENT_LAST_TRANSACTION_TIME 91 + #define DHO_ASSOCIATED_IP 92 ++#define DHO_PXE_CLIENT_ID 97 /* RFC4578 */ + #define DHO_SUBNET_SELECTION 118 /* RFC3011! */ + #define DHO_DOMAIN_SEARCH 119 /* RFC3397 */ + #define DHO_CLASSLESS_STATIC_ROUTES 121 /* RFC3442 */ +diff -up dhcp-4.3.5b1/server/dhcp.c.option97 dhcp-4.3.5b1/server/dhcp.c +--- dhcp-4.3.5b1/server/dhcp.c.option97 2016-09-12 17:17:13.947691021 +0200 ++++ dhcp-4.3.5b1/server/dhcp.c 2016-09-12 17:17:13.973691042 +0200 +@@ -221,6 +221,10 @@ dhcp (struct packet *packet) { + oc = lookup_option (&dhcp_universe, packet -> options, + DHO_DHCP_CLIENT_IDENTIFIER); + if (!oc) ++ oc = lookup_option (&dhcp_universe, ++ packet -> options, ++ DHO_PXE_CLIENT_ID); ++ if (!oc) + goto nolease; + + memset (&data, 0, sizeof data); +@@ -818,6 +822,9 @@ void dhcprelease (packet, ms_nulltp) + + oc = lookup_option (&dhcp_universe, packet -> options, + DHO_DHCP_CLIENT_IDENTIFIER); ++ if (!oc) ++ oc = lookup_option (&dhcp_universe, packet -> options, ++ DHO_PXE_CLIENT_ID); + memset (&data, 0, sizeof data); + if (oc && + evaluate_option_cache (&data, packet, (struct lease *)0, +@@ -1286,6 +1293,9 @@ void dhcpinform (packet, ms_nulltp) + */ + oc = lookup_option(&dhcp_universe, packet->options, + DHO_DHCP_CLIENT_IDENTIFIER); ++ if (!oc) ++ oc = lookup_option (&dhcp_universe, packet -> options, ++ DHO_PXE_CLIENT_ID); + memset(&d1, 0, sizeof(d1)); + if (oc && + evaluate_option_cache(&d1, packet, NULL, NULL, +@@ -2381,6 +2391,9 @@ void ack_lease (packet, lease, offer, wh + can be used. */ + oc = lookup_option (&dhcp_universe, packet -> options, + DHO_DHCP_CLIENT_IDENTIFIER); ++ if (!oc) ++ oc = lookup_option (&dhcp_universe, packet -> options, ++ DHO_PXE_CLIENT_ID); + if (oc && + evaluate_option_cache (&d1, packet, lease, + (struct client_state *)0, +@@ -2962,6 +2975,9 @@ void ack_lease (packet, lease, offer, wh + /* Record the uid, if given... */ + oc = lookup_option (&dhcp_universe, packet -> options, + DHO_DHCP_CLIENT_IDENTIFIER); ++ if (!oc) ++ oc = lookup_option (&dhcp_universe, packet -> options, ++ DHO_PXE_CLIENT_ID); + if (oc && + evaluate_option_cache(&d1, packet, lease, NULL, + packet->options, state->options, +@@ -4068,6 +4084,9 @@ int find_lease (struct lease **lp, + specified unique client identifier. */ + oc = lookup_option (&dhcp_universe, packet -> options, + DHO_DHCP_CLIENT_IDENTIFIER); ++ if (!oc) ++ oc = lookup_option (&dhcp_universe, packet -> options, ++ DHO_PXE_CLIENT_ID); + memset (&client_identifier, 0, sizeof client_identifier); + if (oc && + evaluate_option_cache (&client_identifier, +diff -up dhcp-4.3.5b1/server/dhcpd.conf.5.option97 dhcp-4.3.5b1/server/dhcpd.conf.5 +--- dhcp-4.3.5b1/server/dhcpd.conf.5.option97 2016-09-12 17:17:13.885690972 +0200 ++++ dhcp-4.3.5b1/server/dhcpd.conf.5 2016-09-12 17:17:13.974691043 +0200 +@@ -1587,10 +1587,12 @@ should be a name identifying the host. + not specified for the host, \fIhostname\fR is used. + .PP + \fIHost\fR declarations are matched to actual DHCP or BOOTP clients +-by matching the \fRdhcp-client-identifier\fR option specified in the ++by matching the \fIdhcp-client-identifier\fR or \fIpxe-client-id\fR ++options specified in the + \fIhost\fR declaration to the one supplied by the client, or, if the + \fIhost\fR declaration or the client does not provide a +-\fRdhcp-client-identifier\fR option, by matching the \fIhardware\fR ++\fIdhcp-client-identifier\fR or \fIpxe-client-id\fR options, ++by matching the \fIhardware\fR + parameter in the \fIhost\fR declaration to the network hardware + address supplied by the client. BOOTP clients do not normally + provide a \fIdhcp-client-identifier\fR, so the hardware address must +@@ -1602,7 +1604,8 @@ to identify hosts. + .PP + Please be aware that + .B only +-the \fIdhcp-client-identifier\fR option and the hardware address can be ++the \fIdhcp-client-identifier\fR and \fIpxe-client-id\fR ++options and the hardware address can be + used to match a host declaration, or the \fIhost-identifier option\fR + parameter for DHCPv6 servers. For example, it is not possible to + match a host declaration to a \fIhost-name\fR option. This is +diff -up dhcp-4.3.5b1/server/dhcpleasequery.c.option97 dhcp-4.3.5b1/server/dhcpleasequery.c +--- dhcp-4.3.5b1/server/dhcpleasequery.c.option97 2016-08-26 20:19:53.000000000 +0200 ++++ dhcp-4.3.5b1/server/dhcpleasequery.c 2016-09-12 17:17:13.974691043 +0200 +@@ -273,7 +273,7 @@ dhcpleasequery(struct packet *packet, in + */ + + memset(&uid, 0, sizeof(uid)); +- if (get_option(&uid, ++ i = get_option(&uid, + &dhcp_universe, + packet, + NULL, +@@ -283,8 +283,20 @@ dhcpleasequery(struct packet *packet, in + packet->options, + &global_scope, + DHO_DHCP_CLIENT_IDENTIFIER, +- MDL)) { +- ++ MDL); ++ if (!i) ++ i = get_option(&uid, ++ &dhcp_universe, ++ packet, ++ NULL, ++ NULL, ++ packet->options, ++ NULL, ++ packet->options, ++ &global_scope, ++ DHO_PXE_CLIENT_ID, ++ MDL); ++ if (i) { + snprintf(dbg_info, + sizeof(dbg_info), + "client-id %s", +diff -up dhcp-4.3.5b1/server/failover.c.option97 dhcp-4.3.5b1/server/failover.c +--- dhcp-4.3.5b1/server/failover.c.option97 2016-08-26 20:19:53.000000000 +0200 ++++ dhcp-4.3.5b1/server/failover.c 2016-09-12 17:17:13.975691044 +0200 +@@ -5957,6 +5957,9 @@ int load_balance_mine (struct packet *pa + + oc = lookup_option(&dhcp_universe, packet->options, + DHO_DHCP_CLIENT_IDENTIFIER); ++ if (!oc) ++ oc = lookup_option(&dhcp_universe, packet -> options, ++ DHO_PXE_CLIENT_ID); + memset(&ds, 0, sizeof ds); + if (oc && + evaluate_option_cache(&ds, packet, NULL, NULL, +diff -up dhcp-4.3.5b1/server/mdb.c.option97 dhcp-4.3.5b1/server/mdb.c +--- dhcp-4.3.5b1/server/mdb.c.option97 2016-08-26 20:19:53.000000000 +0200 ++++ dhcp-4.3.5b1/server/mdb.c 2016-09-12 17:17:13.975691044 +0200 +@@ -129,8 +129,9 @@ static int find_uid_statement (struct ex + esp -> data.option && + (esp -> data.option -> option -> universe == + &dhcp_universe) && +- (esp -> data.option -> option -> code == +- DHO_DHCP_CLIENT_IDENTIFIER)) { ++ ((esp -> data.option -> option -> code == ++ DHO_DHCP_CLIENT_IDENTIFIER) || ++ (esp -> data.option -> option -> code == DHO_PXE_CLIENT_ID))) { + if (condp) { + log_error ("dhcp client identifier may not be %s", + "specified conditionally."); diff --git a/SOURCES/dhcp-paths.patch b/SOURCES/dhcp-paths.patch new file mode 100644 index 0000000..59a711d --- /dev/null +++ b/SOURCES/dhcp-paths.patch @@ -0,0 +1,38 @@ +diff -up dhcp-4.3.0a1/doc/examples/dhcpd-dhcpv6.conf.paths dhcp-4.3.0a1/doc/examples/dhcpd-dhcpv6.conf +--- dhcp-4.3.0a1/doc/examples/dhcpd-dhcpv6.conf.paths 2013-11-07 20:15:08.000000000 +0100 ++++ dhcp-4.3.0a1/doc/examples/dhcpd-dhcpv6.conf 2013-12-19 15:34:16.262247711 +0100 +@@ -42,7 +42,7 @@ option dhcp6.domain-search "test.example + option dhcp6.info-refresh-time 21600; + + # The path of the lease file +-dhcpv6-lease-file-name "/usr/local/var/db/dhcpd6.leases"; ++dhcpv6-lease-file-name "/var/lib/dhcpd/dhcpd6.leases"; + + # Static definition (must be global) + host myclient { +diff -up dhcp-4.3.0a1/includes/dhcpd.h.paths dhcp-4.3.0a1/includes/dhcpd.h +--- dhcp-4.3.0a1/includes/dhcpd.h.paths 2013-12-19 15:34:16.253247840 +0100 ++++ dhcp-4.3.0a1/includes/dhcpd.h 2013-12-19 15:34:16.263247697 +0100 +@@ -1429,7 +1429,7 @@ typedef unsigned char option_mask [16]; + #else /* !DEBUG */ + + #ifndef _PATH_DHCPD_CONF +-#define _PATH_DHCPD_CONF "/etc/dhcpd.conf" ++#define _PATH_DHCPD_CONF "/etc/dhcp/dhcpd.conf" + #endif /* DEBUG */ + + #ifndef _PATH_DHCPD_DB +@@ -1451,11 +1451,11 @@ typedef unsigned char option_mask [16]; + #endif /* DEBUG */ + + #ifndef _PATH_DHCLIENT_CONF +-#define _PATH_DHCLIENT_CONF "/etc/dhclient.conf" ++#define _PATH_DHCLIENT_CONF "/etc/dhcp/dhclient.conf" + #endif + + #ifndef _PATH_DHCLIENT_SCRIPT +-#define _PATH_DHCLIENT_SCRIPT "/sbin/dhclient-script" ++#define _PATH_DHCLIENT_SCRIPT "/usr/sbin/dhclient-script" + #endif + + #ifndef _PATH_DHCLIENT_PID diff --git a/SOURCES/dhcp-release-by-ifup.patch b/SOURCES/dhcp-release-by-ifup.patch new file mode 100644 index 0000000..677eb5c --- /dev/null +++ b/SOURCES/dhcp-release-by-ifup.patch @@ -0,0 +1,85 @@ +diff -up dhcp-4.3.0a1/client/dhclient.c.ifup dhcp-4.3.0a1/client/dhclient.c +--- dhcp-4.3.0a1/client/dhclient.c.ifup 2013-12-19 14:53:08.817760677 +0100 ++++ dhcp-4.3.0a1/client/dhclient.c 2013-12-19 15:05:16.290518574 +0100 +@@ -521,9 +521,81 @@ main(int argc, char **argv) { + } + } + fclose(pidfd); ++ } else { ++ /* handle release for interfaces requested with Red Hat ++ * /sbin/ifup - pidfile will be /var/run/dhclient-$interface.pid ++ */ ++ ++ if ((path_dhclient_pid == NULL) || (*path_dhclient_pid == '\0')) ++ path_dhclient_pid = "/var/run/dhclient.pid"; ++ ++ char *new_path_dhclient_pid; ++ struct interface_info *ip; ++ int pdp_len = strlen(path_dhclient_pid), pfx, dpfx; ++ ++ /* find append point: beginning of any trailing '.pid' ++ * or '-$IF.pid' */ ++ for (pfx=pdp_len; (pfx >= 0) && (path_dhclient_pid[pfx] != '.') && (path_dhclient_pid[pfx] != '/'); pfx--); ++ if (pfx == -1) ++ pfx = pdp_len; ++ ++ if (path_dhclient_pid[pfx] == '/') ++ pfx += 1; ++ ++ for (dpfx=pfx; (dpfx >= 0) && (path_dhclient_pid[dpfx] != '-') && (path_dhclient_pid[dpfx] != '/'); dpfx--); ++ if ((dpfx > -1) && (path_dhclient_pid[dpfx] != '/')) ++ pfx = dpfx; ++ ++ for (ip = interfaces; ip; ip = ip->next) { ++ if (interfaces_requested && (ip->flags & (INTERFACE_REQUESTED))) { ++ int n_len = strlen(ip->name); ++ ++ new_path_dhclient_pid = (char*) malloc(pfx + n_len + 6); ++ strncpy(new_path_dhclient_pid, path_dhclient_pid, pfx); ++ sprintf(new_path_dhclient_pid + pfx, "-%s.pid", ip->name); ++ ++ if ((pidfd = fopen(new_path_dhclient_pid, "r")) != NULL) { ++ e = fscanf(pidfd, "%ld\n", &temp); ++ oldpid = (pid_t)temp; ++ ++ if (e != 0 && e != EOF) { ++ if (oldpid) { ++ if (kill(oldpid, SIGTERM) == 0) ++ unlink(path_dhclient_pid); ++ } ++ } ++ ++ fclose(pidfd); ++ } ++ ++ free(new_path_dhclient_pid); ++ } ++ } ++ } ++ } else { ++ FILE *pidfp = NULL; ++ long temp = 0; ++ pid_t dhcpid = 0; ++ int dhc_running = 0; ++ char procfn[256] = ""; ++ ++ if ((pidfp = fopen(path_dhclient_pid, "r")) != NULL) { ++ if ((fscanf(pidfp, "%ld", &temp)==1) && ((dhcpid=(pid_t)temp) > 0)) { ++ snprintf(procfn,256,"/proc/%u",dhcpid); ++ dhc_running = (access(procfn, F_OK) == 0); ++ } ++ ++ fclose(pidfp); ++ } ++ ++ if (dhc_running) { ++ log_fatal("dhclient(%u) is already running - exiting. ", dhcpid); ++ return(1); + } + } + ++ write_client_pid_file(); ++ + if (!quiet) { + log_info("%s %s", message, PACKAGE_VERSION); + log_info(copyright); diff --git a/SOURCES/dhcp-remove-bind.patch b/SOURCES/dhcp-remove-bind.patch new file mode 100644 index 0000000..7706c60 --- /dev/null +++ b/SOURCES/dhcp-remove-bind.patch @@ -0,0 +1,351 @@ +From 2698385647a6ebd58b5d25147333e494c3da2409 Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Fri, 9 Feb 2018 15:24:53 +0100 +Subject: [PATCH] Support for isc-config.sh script on --with-libbind parameter + +Move checks only to isc-config section + +Fix detection of bind flags from config + +Add support for with-libbind=config, Improve help message +--- + client/Makefile.am | 5 ++- + client/tests/Makefile.am | 8 ++--- + common/tests/Makefile.am | 14 +++----- + configure.ac | 84 ++++++++++++++++++++++++++++++++++++++++++------ + dhcpctl/Makefile.am | 8 ++--- + omapip/Makefile.am | 5 ++- + relay/Makefile.am | 5 ++- + server/Makefile.am | 6 ++-- + server/tests/Makefile.am | 9 +++--- + 9 files changed, 98 insertions(+), 46 deletions(-) + +diff --git a/client/Makefile.am b/client/Makefile.am +index 2cb83d8..b85f5d2 100644 +--- a/client/Makefile.am ++++ b/client/Makefile.am +@@ -4,7 +4,7 @@ + # production code. Sadly, we are not there yet. + SUBDIRS = . tests + +-BINDLIBDIR = @BINDDIR@/lib ++BIND_LIBS = @BIND_LIBS@ + + AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \ + -DLOCALSTATEDIR='"$(localstatedir)"' +@@ -15,7 +15,6 @@ dhclient_SOURCES = clparse.c dhclient.c dhc6.c \ + scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ + scripts/netbsd scripts/nextstep scripts/openbsd \ + scripts/solaris scripts/openwrt +-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a $(BIND_LIBS) + man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 + EXTRA_DIST = $(man_MANS) +diff --git a/client/tests/Makefile.am b/client/tests/Makefile.am +index 5031d0c..bb1fda4 100644 +--- a/client/tests/Makefile.am ++++ b/client/tests/Makefile.am +@@ -1,9 +1,9 @@ + SUBDIRS = . + +-BINDLIBDIR = @BINDDIR@/lib ++BIND_LIBS = @BIND_LIBS@ + + AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes +-AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir) ++AM_CPPFLAGS += @BIND_CPPFLAGS@ -I$(top_srcdir) + AM_CPPFLAGS += -DLOCALSTATEDIR='"."' + AM_CPPFLAGS += -DCLIENT_PATH='"."' + +@@ -18,9 +18,7 @@ info: + DHCPSRC = ../clparse.c ../dhc6.c ../dhclient.c + + DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.a \ +- $(top_builddir)/dhcpctl/libdhcpctl.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a \ +- $(BINDLIBDIR)/libisc.a ++ $(top_builddir)/dhcpctl/libdhcpctl.a $(BIND_LIBS) + + ATF_TESTS = + if HAVE_ATF +diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am +index f6a43e4..196aa44 100644 +--- a/common/tests/Makefile.am ++++ b/common/tests/Makefile.am +@@ -1,6 +1,6 @@ + SUBDIRS = . + +-BINDLIBDIR = @BINDDIR@/lib ++BIND_LIBS = @BIND_LIBS@ + + AM_CPPFLAGS = $(ATF_CFLAGS) -I$(top_srcdir)/includes + +@@ -15,26 +15,22 @@ ATF_TESTS += alloc_unittest dns_unittest misc_unittest ns_name_unittest + alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c + alloc_unittest_LDADD = $(ATF_LDFLAGS) + alloc_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++ ../../omapip/libomapi.a $(BIND_LIBS) + + dns_unittest_SOURCES = dns_unittest.c $(top_srcdir)/tests/t_api_dhcp.c + dns_unittest_LDADD = $(ATF_LDFLAGS) + dns_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++ ../../omapip/libomapi.a $(BIND_LIBS) + + misc_unittest_SOURCES = misc_unittest.c $(top_srcdir)/tests/t_api_dhcp.c + misc_unittest_LDADD = $(ATF_LDFLAGS) + misc_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++ ../../omapip/libomapi.a $(BIND_LIBS) + + ns_name_unittest_SOURCES = ns_name_test.c $(top_srcdir)/tests/t_api_dhcp.c + ns_name_unittest_LDADD = $(ATF_LDFLAGS) + ns_name_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++ ../../omapip/libomapi.a $(BIND_LIBS) + + check: $(ATF_TESTS) + @if test $(top_srcdir) != ${top_builddir}; then \ +diff --git a/configure.ac b/configure.ac +index cdfa352..ef55f8d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -688,8 +688,12 @@ AC_CHECK_MEMBER(struct tpacket_auxdata.tp_vlan_tci, + + BINDDIR= + BINDSRCDIR= ++BIND_CONFIG= ++BIND_CPPFLAGS= ++BIND_LIBS= + AC_ARG_WITH(libbind, +- AS_HELP_STRING([--with-libbind=PATH],[bind includes and libraries are in PATH ++ AS_HELP_STRING([--with-libbind=PATH|config],[bind includes and libraries are in PATH. ++ Use config to obtain libraries from isc-config.sh. + (default is ./bind)]), + use_libbind="$withval", use_libbind="no") + case "$use_libbind" in +@@ -701,23 +705,85 @@ no) + BINDDIR="\${top_srcdir}/bind" + BINDSRCDIR="\${top_srcdir}/bind" + ;; ++config) ++ AC_PATH_PROG(BIND_CONFIG, [isc-config.sh bind9-config]) ++ ;; + *) +- BINDDIR="$use_libbind" +- if test ! -d "$srcdir/bind"; then +- # no bind directory, create it with a fake Makefile.in +- # (AC_CONFIG_FILES and top Makefile refer to it so +- # it must exits) +- mkdir $srcdir/bind +- cat > $srcdir/bind/Makefile.in << EOF ++ if test -f "$use_libbind" -a -x "$use_libbind"; then ++ # passed full path of isc-config.sh ++ BIND_CONFIG="$use_libbind" ++ else ++ BINDDIR="$use_libbind" ++ if test ! -d "$srcdir/bind"; then ++ # no bind directory, create it with a fake Makefile.in ++ # (AC_CONFIG_FILES and top Makefile refer to it so ++ # it must exits) ++ mkdir $srcdir/bind ++ cat > $srcdir/bind/Makefile.in << EOF + # placeholder + all check clean distclean distdir install uninstall: + + EOF ++ fi + fi + ;; + esac ++if test -z "$BIND_CONFIG"; then ++ BIND_CPPFLAGS="-I${BINDDIR}/include" ++ BIND_LIBDIR="${BINDDIR}/lib" ++ BIND_LIBS="$(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a" ++else ++ BIND_CPPFLAGS=`$BIND_CONFIG --cflags` ++ BIND_LIBS=`$BIND_CONFIG --libs irs dns isccfg isc` ++ ++ # bind is already built ++ AC_CHECKING([Checking bind libraries have no thread support]) ++ saved_libs="$LIBS" ++ saved_CPPFLAGS="$CPPFLAGS" ++ CPPFLAGS="${CPPFLAGS} ${BIND_CPPFLAGS}" ++ LIBS="${LIBS} ${BIND_LIBS}" ++AC_TRY_LINK([ ++#include ++#include ++],[ ++#ifdef BIND9 ++#error Export BIND library has to be used with BIND version up to 9.9 ++#endif ++isc_lib_register(); ++], [AC_MSG_RESULT(Bind export library found) ++ BIND_EXPORT=yes], [BIND_EXPORT=no] ++) ++ ++# Allow build with disabled threads for dhcp ++AC_TRY_LINK([ ++#include ++#include ++#include ++],[ ++#ifdef ISC_PLATFORM_USETHREADS ++#error Bind library must not be compiled with threads ++#endif ++isc_lib_register(); ++if (isc_bind9 != 0) {} ++], [AC_MSG_RESULT(Bind single thread library found) ++ BIND_SINGLETHREAD=yes], [BIND_SINGLETHREAD=no] ++) ++ ++ if test "x$BIND_EXPORT" != xyes -a "x$BIND_SINGLETHREADED" != xyes ++ then ++ AC_MSG_RESULT([BIND_CONFIG=${BIND_CONFIG}]) ++ AC_MSG_RESULT([BIND_CPPFLAGS=${BIND_CPPFLAGS}]) ++ AC_MSG_RESULT([BIND_LIBS=${BIND_LIBS}]) ++ AC_MSG_ERROR([Bind libraries are not useable for dhcp]) ++ fi ++ CPPFLAGS="$saved_CPPFLAGS" ++ LIBS="$saved_LIBS" ++fi ++ + AC_SUBST(BINDDIR) + AC_SUBST(BINDSRCDIR) ++AC_SUBST(BIND_CPPFLAGS) ++AC_SUBST(BIND_LIBS) + + # OpenLDAP support. + AC_ARG_WITH(ldap, +@@ -795,7 +861,7 @@ fi + CFLAGS="$CFLAGS $STD_CWARNINGS" + + # Try to add the bind and dhcp include directories +-CFLAGS="$CFLAGS -I\$(top_srcdir)/includes -I$BINDDIR/include" ++CFLAGS="$CFLAGS -I\$(top_srcdir)/includes $BIND_CPPFLAGS" + + case "$host" in + *-darwin*) +diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am +index ceb0de1..fa20a78 100644 +--- a/dhcpctl/Makefile.am ++++ b/dhcpctl/Makefile.am +@@ -1,4 +1,4 @@ +-BINDLIBDIR = @BINDDIR@/lib ++BIND_LIBS = @BIND_LIBS@ + + bin_PROGRAMS = omshell + lib_LIBRARIES = libdhcpctl.a +@@ -8,12 +8,10 @@ EXTRA_DIST = $(man_MANS) + + omshell_SOURCES = omshell.c + omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ +- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ +- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++ $(BIND_LIBS) + + libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c + + cltest_SOURCES = cltest.c + cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ +- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ +- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++ $(BIND_LIBS) +diff --git a/omapip/Makefile.am b/omapip/Makefile.am +index 446a594..b0d2680 100644 +--- a/omapip/Makefile.am ++++ b/omapip/Makefile.am +@@ -1,4 +1,4 @@ +-BINDLIBDIR = @BINDDIR@/lib ++BIND_LIBS = @BIND_LIBS@ + + lib_LIBRARIES = libomapi.a + noinst_PROGRAMS = svtest +@@ -12,6 +12,5 @@ man_MANS = omapi.3 + EXTRA_DIST = $(man_MANS) + + svtest_SOURCES = test.c +-svtest_LDADD = libomapi.a $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ +- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++svtest_LDADD = libomapi.a $(BIND_LIBS) + +diff --git a/relay/Makefile.am b/relay/Makefile.am +index 3060eca..c9a1cba 100644 +--- a/relay/Makefile.am ++++ b/relay/Makefile.am +@@ -1,12 +1,11 @@ +-BINDLIBDIR = @BINDDIR@/lib ++BIND_LIBS = @BIND_LIBS@ + + AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' + + sbin_PROGRAMS = dhcrelay + dhcrelay_SOURCES = dhcrelay.c + dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ +- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ +- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++ $(BIND_LIBS) + man_MANS = dhcrelay.8 + EXTRA_DIST = $(man_MANS) + +diff --git a/server/Makefile.am b/server/Makefile.am +index 54feedf..30cf2b1 100644 +--- a/server/Makefile.am ++++ b/server/Makefile.am +@@ -4,7 +4,7 @@ + # production code. Sadly, we are not there yet. + SUBDIRS = . tests + +-BINDLIBDIR = @BINDDIR@/lib ++BIND_LIBS = @BIND_LIBS@ + + AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"' + +@@ -16,9 +16,7 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \ + + dhcpd_CFLAGS = $(LDAP_CFLAGS) + dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ +- ../dhcpctl/libdhcpctl.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a \ +- $(BINDLIBDIR)/libisc.a $(LDAP_LIBS) ++ ../dhcpctl/libdhcpctl.a $(BIND_LIBS) $(LDAP_LIBS) + + man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 + EXTRA_DIST = $(man_MANS) +diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am +index a87c5e7..771de06 100644 +--- a/server/tests/Makefile.am ++++ b/server/tests/Makefile.am +@@ -1,9 +1,10 @@ + SUBDIRS = . + +-BINDLIBDIR = @BINDDIR@/lib ++BIND_LIBS = @BIND_LIBS@ ++ + + AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes +-AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir) ++AM_CPPFLAGS += $(BIND_CPPFLAGS) -I$(top_srcdir) + AM_CPPFLAGS += -DLOCALSTATEDIR='"."' + + EXTRA_DIST = Atffile +@@ -20,9 +21,7 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpars.c ../db.c ../class.c \ + ../ldap.c ../ldap_casa.c ../dhcpd.c ../leasechain.c + + DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.a \ +- $(top_builddir)/dhcpctl/libdhcpctl.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a \ +- $(BINDLIBDIR)/libisc.a ++ $(top_builddir)/dhcpctl/libdhcpctl.a $(BIND_LIBS) + + ATF_TESTS = + if HAVE_ATF +-- +2.14.3 + diff --git a/SOURCES/dhcp-replay_file_limit.patch b/SOURCES/dhcp-replay_file_limit.patch new file mode 100644 index 0000000..3859e78 --- /dev/null +++ b/SOURCES/dhcp-replay_file_limit.patch @@ -0,0 +1,44 @@ +diff --git a/server/confpars.c b/server/confpars.c +index d79489b..2b1e393 100644 +--- a/server/confpars.c ++++ b/server/confpars.c +@@ -134,6 +134,11 @@ isc_result_t read_conf_file (const char *filename, struct group *group, + + cfile = (struct parse *)0; + #if defined (TRACING) ++ // No need to dmalloc huge memory region if we're not going to re-play ++ if (!trace_record()){ ++ status = new_parse(&cfile, file, NULL, 0, filename, 0); ++ goto noreplay; ++ }; + flen = lseek (file, (off_t)0, SEEK_END); + if (flen < 0) { + boom: +@@ -165,7 +170,6 @@ isc_result_t read_conf_file (const char *filename, struct group *group, + if (result != ulen) + log_fatal ("%s: short read of %d bytes instead of %d.", + filename, ulen, result); +- close (file); + memfile: + /* If we're recording, write out the filename and file contents. */ + if (trace_record ()) +@@ -174,6 +178,9 @@ isc_result_t read_conf_file (const char *filename, struct group *group, + #else + status = new_parse(&cfile, file, NULL, 0, filename, 0); + #endif ++ noreplay: ++ if (!trace_playback()) ++ close (file); + if (status != ISC_R_SUCCESS || cfile == NULL) + return status; + +@@ -183,7 +190,8 @@ isc_result_t read_conf_file (const char *filename, struct group *group, + status = conf_file_subparse (cfile, group, group_type); + end_parse (&cfile); + #if defined (TRACING) +- dfree (dbuf, MDL); ++ if (trace_record()) ++ dfree (dbuf, MDL); + #endif + return status; + } diff --git a/SOURCES/dhcp-rfc3442-classless-static-routes.patch b/SOURCES/dhcp-rfc3442-classless-static-routes.patch new file mode 100644 index 0000000..6c3a239 --- /dev/null +++ b/SOURCES/dhcp-rfc3442-classless-static-routes.patch @@ -0,0 +1,405 @@ +diff -up dhcp-4.3.4/client/clparse.c.rfc3442 dhcp-4.3.4/client/clparse.c +--- dhcp-4.3.4/client/clparse.c.rfc3442 2016-04-29 12:23:34.192032714 +0200 ++++ dhcp-4.3.4/client/clparse.c 2016-04-29 12:24:37.531016317 +0200 +@@ -31,7 +31,7 @@ + + struct client_config top_level_config; + +-#define NUM_DEFAULT_REQUESTED_OPTS 14 ++#define NUM_DEFAULT_REQUESTED_OPTS 15 + /* There can be 2 extra requested options for DHCPv4-over-DHCPv6. */ + struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 2 + 1]; + +@@ -87,7 +87,11 @@ isc_result_t read_client_conf () + dhcp_universe.code_hash, &code, 0, MDL); + + /* 4 */ +- code = DHO_ROUTERS; ++ /* The Classless Static Routes option code MUST appear in the parameter ++ * request list prior to both the Router option code and the Static ++ * Routes option code, if present. (RFC3442) ++ */ ++ code = DHO_CLASSLESS_STATIC_ROUTES; + option_code_hash_lookup(&default_requested_options[3], + dhcp_universe.code_hash, &code, 0, MDL); + +@@ -141,6 +145,11 @@ isc_result_t read_client_conf () + option_code_hash_lookup(&default_requested_options[13], + dhcp_universe.code_hash, &code, 0, MDL); + ++ /* 15 */ ++ code = DHO_ROUTERS; ++ option_code_hash_lookup(&default_requested_options[14], ++ dhcp_universe.code_hash, &code, 0, MDL); ++ + for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) { + if (default_requested_options[code] == NULL) + log_fatal("Unable to find option definition for " +diff -up dhcp-4.3.4/common/dhcp-options.5.rfc3442 dhcp-4.3.4/common/dhcp-options.5 +--- dhcp-4.3.4/common/dhcp-options.5.rfc3442 2016-04-29 12:23:34.183032716 +0200 ++++ dhcp-4.3.4/common/dhcp-options.5 2016-04-29 12:23:34.237032703 +0200 +@@ -111,6 +111,26 @@ hexadecimal, separated by colons. For e + or + option dhcp-client-identifier 43:4c:49:45:54:2d:46:4f:4f; + .fi ++.PP ++The ++.B destination-descriptor ++describe the IP subnet number and subnet mask ++of a particular destination using a compact encoding. This encoding ++consists of one octet describing the width of the subnet mask, ++followed by all the significant octets of the subnet number. ++The following table contains some examples of how various subnet ++number/mask combinations can be encoded: ++.nf ++.sp 1 ++Subnet number Subnet mask Destination descriptor ++0 0 0 ++10.0.0.0 255.0.0.0 8.10 ++10.0.0.0 255.255.255.0 24.10.0.0 ++10.17.0.0 255.255.0.0 16.10.17 ++10.27.129.0 255.255.255.0 24.10.27.129 ++10.229.0.128 255.255.255.128 25.10.229.0.128 ++10.198.122.47 255.255.255.255 32.10.198.122.47 ++.fi + .SH SETTING OPTION VALUES USING EXPRESSIONS + Sometimes it's helpful to be able to set the value of a DHCP option + based on some value that the client has sent. To do this, you can +@@ -1031,6 +1051,29 @@ dhclient-script will create routes: + .RE + .PP + .nf ++.B option \fBclassless-static-routes\fR \fIdestination-descriptor ip-address\fR ++ [\fB,\fR \fIdestination-descriptor ip-address\fR...]\fB;\fR ++.fi ++.RS 0.25i ++.PP ++This option (see RFC3442) specifies a list of classless static routes ++that the client should install in its routing cache. ++.PP ++This option can contain one or more static routes, each of which ++consists of a destination descriptor and the IP address of the router ++that should be used to reach that destination. ++.PP ++Many clients may not implement the Classless Static Routes option. ++DHCP server administrators should therefore configure their DHCP ++servers to send both a Router option and a Classless Static Routes ++option, and should specify the default router(s) both in the Router ++option and in the Classless Static Routes option. ++.PP ++If the DHCP server returns both a Classless Static Routes option and ++a Router option, the DHCP client ignores the Router option. ++.RE ++.PP ++.nf + .B option \fBstreettalk-directory-assistance-server\fR \fIip-address\fR + [\fB,\fR \fIip-address\fR...]\fB;\fR + .fi +diff -up dhcp-4.3.4/common/inet.c.rfc3442 dhcp-4.3.4/common/inet.c +--- dhcp-4.3.4/common/inet.c.rfc3442 2016-03-22 14:16:51.000000000 +0100 ++++ dhcp-4.3.4/common/inet.c 2016-04-29 12:23:34.237032703 +0200 +@@ -519,6 +519,60 @@ free_iaddrcidrnetlist(struct iaddrcidrne + return ISC_R_SUCCESS; + } + ++static const char * ++inet_ntopdd(const unsigned char *src, unsigned srclen, char *dst, size_t size) ++{ ++ char tmp[sizeof("32.255.255.255.255")]; ++ int len; ++ ++ switch (srclen) { ++ case 2: ++ len = sprintf (tmp, "%u.%u", src[0], src[1]); ++ break; ++ case 3: ++ len = sprintf (tmp, "%u.%u.%u", src[0], src[1], src[2]); ++ break; ++ case 4: ++ len = sprintf (tmp, "%u.%u.%u.%u", src[0], src[1], src[2], src[3]); ++ break; ++ case 5: ++ len = sprintf (tmp, "%u.%u.%u.%u.%u", src[0], src[1], src[2], src[3], src[4]); ++ break; ++ default: ++ return NULL; ++ } ++ if (len < 0) ++ return NULL; ++ ++ if (len > size) { ++ errno = ENOSPC; ++ return NULL; ++ } ++ ++ return strcpy (dst, tmp); ++} ++ ++/* pdestdesc() turns an iaddr structure into a printable dest. descriptor */ ++const char * ++pdestdesc(const struct iaddr addr) { ++ static char pbuf[sizeof("255.255.255.255.255")]; ++ ++ if (addr.len == 0) { ++ return ""; ++ } ++ if (addr.len == 1) { ++ return "0"; ++ } ++ if ((addr.len >= 2) && (addr.len <= 5)) { ++ return inet_ntopdd(addr.iabuf, addr.len, pbuf, sizeof(pbuf)); ++ } ++ ++ log_fatal("pdestdesc():%s:%d: Invalid destination descriptor length %d.", ++ MDL, addr.len); ++ /* quell compiler warnings */ ++ return NULL; ++} ++ + /* piaddr() turns an iaddr structure into a printable address. */ + /* XXX: should use a const pointer rather than passing the structure */ + const char * +diff -up dhcp-4.3.4/common/options.c.rfc3442 dhcp-4.3.4/common/options.c +--- dhcp-4.3.4/common/options.c.rfc3442 2016-03-22 14:16:51.000000000 +0100 ++++ dhcp-4.3.4/common/options.c 2016-04-29 12:23:34.237032703 +0200 +@@ -713,7 +713,11 @@ cons_options(struct packet *inpacket, st + * packet. + */ + priority_list[priority_len++] = DHO_SUBNET_MASK; +- priority_list[priority_len++] = DHO_ROUTERS; ++ if (lookup_option(&dhcp_universe, cfg_options, ++ DHO_CLASSLESS_STATIC_ROUTES)) ++ priority_list[priority_len++] = DHO_CLASSLESS_STATIC_ROUTES; ++ else ++ priority_list[priority_len++] = DHO_ROUTERS; + priority_list[priority_len++] = DHO_DOMAIN_NAME_SERVERS; + priority_list[priority_len++] = DHO_HOST_NAME; + priority_list[priority_len++] = DHO_FQDN; +@@ -1694,6 +1698,7 @@ const char *pretty_print_option (option, + unsigned long tval; + isc_boolean_t a_array = ISC_FALSE; + int len_used; ++ unsigned int octets = 0; + + if (emit_commas) + comma = ','; +@@ -1702,6 +1707,7 @@ const char *pretty_print_option (option, + + memset (enumbuf, 0, sizeof enumbuf); + ++ if (option->format[0] != 'R') { /* see explanation lower */ + /* Figure out the size of the data. */ + for (l = i = 0; option -> format [i]; i++, l++) { + if (l >= sizeof(fmtbuf) - 1) +@@ -1894,6 +1900,33 @@ const char *pretty_print_option (option, + if (numhunk < 0) + numhunk = 1; + ++ } else { /* option->format[i] == 'R') */ ++ /* R (destination descriptor) has variable length. ++ * We can find it only in classless static route option, ++ * so we are for sure parsing classless static route option now. ++ * We go through whole the option to check whether there are no ++ * missing/extra bytes. ++ * I didn't find out how to improve the existing code and that's the ++ * reason for this separate 'else' where I do my own checkings. ++ * I know it's little bit unsystematic, but it works. ++ */ ++ numhunk = 0; ++ numelem = 2; /* RI */ ++ fmtbuf[0]='R'; fmtbuf[1]='I'; fmtbuf[2]=0; ++ for (i =0; i < len; i = i + octets + 5) { ++ if (data[i] > 32) { /* subnet mask width */ ++ log_error ("wrong subnet mask width in destination descriptor"); ++ break; ++ } ++ numhunk++; ++ octets = ((data[i]+7) / 8); ++ } ++ if (i != len) { ++ log_error ("classless static routes option has wrong size or " ++ "there's some garbage in format"); ++ } ++ } ++ + /* Cycle through the array (or hunk) printing the data. */ + for (i = 0; i < numhunk; i++) { + if ((a_array == ISC_TRUE) && (i != 0) && (numelem > 0)) { +@@ -2049,6 +2082,20 @@ const char *pretty_print_option (option, + strcpy(op, piaddr(iaddr)); + dp += 4; + break; ++ ++ case 'R': ++ if (dp[0] <= 32) ++ iaddr.len = (((dp[0]+7)/8)+1); ++ else { ++ log_error ("wrong subnet mask width in destination descriptor"); ++ return ""; ++ } ++ ++ memcpy(iaddr.iabuf, dp, iaddr.len); ++ strcpy(op, pdestdesc(iaddr)); ++ dp += iaddr.len; ++ break; ++ + case '6': + iaddr.len = 16; + memcpy(iaddr.iabuf, dp, 16); +diff -up dhcp-4.3.4/common/parse.c.rfc3442 dhcp-4.3.4/common/parse.c +--- dhcp-4.3.4/common/parse.c.rfc3442 2016-04-29 12:23:34.220032707 +0200 ++++ dhcp-4.3.4/common/parse.c 2016-04-29 12:23:34.238032702 +0200 +@@ -341,6 +341,39 @@ int parse_ip_addr (cfile, addr) + } + + /* ++ * destination-descriptor :== NUMBER DOT NUMBER | ++ * NUMBER DOT NUMBER DOT NUMBER | ++ * NUMBER DOT NUMBER DOT NUMBER DOT NUMBER | ++ * NUMBER DOT NUMBER DOT NUMBER DOT NUMBER DOT NUMBER ++ */ ++ ++int parse_destination_descriptor (cfile, addr) ++ struct parse *cfile; ++ struct iaddr *addr; ++{ ++ unsigned int mask_width, dest_dest_len; ++ addr -> len = 0; ++ if (parse_numeric_aggregate (cfile, addr -> iabuf, ++ &addr -> len, DOT, 10, 8)) { ++ mask_width = (unsigned int)addr->iabuf[0]; ++ dest_dest_len = (((mask_width+7)/8)+1); ++ if (mask_width > 32) { ++ parse_warn (cfile, ++ "subnet mask width (%u) greater than 32.", mask_width); ++ } ++ else if (dest_dest_len != addr->len) { ++ parse_warn (cfile, ++ "destination descriptor with subnet mask width %u " ++ "should have %u octets, but has %u octets.", ++ mask_width, dest_dest_len, addr->len); ++ } ++ ++ return 1; ++ } ++ return 0; ++} ++ ++/* + * Return true if every character in the string is hexadecimal. + */ + static int +@@ -720,8 +753,10 @@ unsigned char *parse_numeric_aggregate ( + if (count) { + token = peek_token (&val, (unsigned *)0, cfile); + if (token != separator) { +- if (!*max) ++ if (!*max) { ++ *max = count; + break; ++ } + if (token != RBRACE && token != LBRACE) + token = next_token (&val, + (unsigned *)0, +@@ -1668,6 +1703,9 @@ int parse_option_code_definition (cfile, + case IP_ADDRESS: + type = 'I'; + break; ++ case DESTINATION_DESCRIPTOR: ++ type = 'R'; ++ break; + case IP6_ADDRESS: + type = '6'; + break; +@@ -5097,6 +5135,15 @@ int parse_option_token (rv, cfile, fmt, + } + break; + ++ case 'R': /* destination descriptor */ ++ if (!parse_destination_descriptor (cfile, &addr)) { ++ return 0; ++ } ++ if (!make_const_data (&t, addr.iabuf, addr.len, 0, 1, MDL)) { ++ return 0; ++ } ++ break; ++ + case '6': /* IPv6 address. */ + if (!parse_ip6_addr(cfile, &addr)) { + return 0; +@@ -5374,6 +5421,13 @@ int parse_option_decl (oc, cfile) + goto exit; + len = ip_addr.len; + dp = ip_addr.iabuf; ++ goto alloc; ++ ++ case 'R': /* destination descriptor */ ++ if (!parse_destination_descriptor (cfile, &ip_addr)) ++ goto exit; ++ len = ip_addr.len; ++ dp = ip_addr.iabuf; + + alloc: + if (hunkix + len > sizeof hunkbuf) { +diff -up dhcp-4.3.4/common/tables.c.rfc3442 dhcp-4.3.4/common/tables.c +--- dhcp-4.3.4/common/tables.c.rfc3442 2016-04-29 12:23:34.209032710 +0200 ++++ dhcp-4.3.4/common/tables.c 2016-04-29 12:23:34.238032702 +0200 +@@ -45,6 +45,7 @@ HASH_FUNCTIONS (option_code, const unsig + Format codes: + + I - IPv4 address ++ R - destination descriptor (RFC3442) + 6 - IPv6 address + l - 32-bit signed integer + L - 32-bit unsigned integer +@@ -216,6 +217,7 @@ static struct option dhcp_options[] = { + #endif + { "subnet-selection", "I", &dhcp_universe, 118, 1 }, + { "domain-search", "D", &dhcp_universe, 119, 1 }, ++ { "classless-static-routes", "RIA", &dhcp_universe, 121, 1 }, + { "vivco", "Evendor-class.", &dhcp_universe, 124, 1 }, + { "vivso", "Evendor.", &dhcp_universe, 125, 1 }, + #if 0 +diff -up dhcp-4.3.4/includes/dhcpd.h.rfc3442 dhcp-4.3.4/includes/dhcpd.h +--- dhcp-4.3.4/includes/dhcpd.h.rfc3442 2016-04-29 12:23:34.186032716 +0200 ++++ dhcp-4.3.4/includes/dhcpd.h 2016-04-29 12:23:34.239032702 +0200 +@@ -2894,6 +2894,7 @@ isc_result_t range2cidr(struct iaddrcidr + const struct iaddr *lo, const struct iaddr *hi); + isc_result_t free_iaddrcidrnetlist(struct iaddrcidrnetlist **result); + const char *piaddr (struct iaddr); ++const char *pdestdesc (struct iaddr); + char *piaddrmask(struct iaddr *, struct iaddr *); + char *piaddrcidr(const struct iaddr *, unsigned int); + u_int16_t validate_port(char *); +@@ -3108,6 +3109,7 @@ void parse_client_lease_declaration (str + int parse_option_decl (struct option_cache **, struct parse *); + void parse_string_list (struct parse *, struct string_list **, int); + int parse_ip_addr (struct parse *, struct iaddr *); ++int parse_destination_descriptor (struct parse *, struct iaddr *); + int parse_ip_addr_with_subnet(struct parse *, struct iaddrmatch *); + void parse_reject_statement (struct parse *, struct client_config *); + +diff -up dhcp-4.3.4/includes/dhcp.h.rfc3442 dhcp-4.3.4/includes/dhcp.h +--- dhcp-4.3.4/includes/dhcp.h.rfc3442 2016-03-22 14:16:51.000000000 +0100 ++++ dhcp-4.3.4/includes/dhcp.h 2016-04-29 12:23:34.239032702 +0200 +@@ -159,6 +159,7 @@ struct dhcp_packet { + #define DHO_ASSOCIATED_IP 92 + #define DHO_SUBNET_SELECTION 118 /* RFC3011! */ + #define DHO_DOMAIN_SEARCH 119 /* RFC3397 */ ++#define DHO_CLASSLESS_STATIC_ROUTES 121 /* RFC3442 */ + #define DHO_VIVCO_SUBOPTIONS 124 + #define DHO_VIVSO_SUBOPTIONS 125 + +diff -up dhcp-4.3.4/includes/dhctoken.h.rfc3442 dhcp-4.3.4/includes/dhctoken.h +--- dhcp-4.3.4/includes/dhctoken.h.rfc3442 2016-04-29 12:23:34.239032702 +0200 ++++ dhcp-4.3.4/includes/dhctoken.h 2016-04-29 12:25:07.236008628 +0200 +@@ -374,7 +374,8 @@ enum dhcp_token { + LEASE_ID_FORMAT = 676, + TOKEN_HEX = 677, + TOKEN_OCTAL = 678, +- BOOTP_BROADCAST_ALWAYS = 679 ++ BOOTP_BROADCAST_ALWAYS = 679, ++ DESTINATION_DESCRIPTOR = 680 + }; + + #define is_identifier(x) ((x) >= FIRST_TOKEN && \ diff --git a/SOURCES/dhcp-sd_notify.patch b/SOURCES/dhcp-sd_notify.patch new file mode 100644 index 0000000..a123923 --- /dev/null +++ b/SOURCES/dhcp-sd_notify.patch @@ -0,0 +1,79 @@ +diff -up dhcp-4.3.4/configure.ac.sd_notify dhcp-4.3.4/configure.ac +--- dhcp-4.3.4/configure.ac.sd_notify 2016-04-29 13:08:52.813287060 +0200 ++++ dhcp-4.3.4/configure.ac 2016-04-29 13:08:52.872287075 +0200 +@@ -832,6 +832,17 @@ if test x$ldap = xyes || test x$ldapcryp + AC_SUBST(LDAP_CFLAGS, [$LDAP_CFLAGS]) + fi + ++AC_ARG_WITH(systemd, ++ AC_HELP_STRING([--with-systemd], ++ [enable sending status notifications to systemd daemon (default is no)]), ++ [systemd=$withval], ++ [systemd=no]) ++ ++if test x$systemd = xyes ; then ++ AC_CHECK_LIB(systemd, sd_notifyf, , ++ AC_MSG_FAILURE([*** systemd library not present - do you need to install systemd-libs package?])) ++fi ++ + # Append selected warning levels to CFLAGS before substitution (but after + # AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[],[]) & etc). + CFLAGS="$CFLAGS $STD_CWARNINGS" +diff -up dhcp-4.3.4/relay/dhcrelay.c.sd_notify dhcp-4.3.4/relay/dhcrelay.c +--- dhcp-4.3.4/relay/dhcrelay.c.sd_notify 2016-04-29 13:08:52.814287061 +0200 ++++ dhcp-4.3.4/relay/dhcrelay.c 2016-04-29 13:08:52.872287075 +0200 +@@ -37,6 +37,10 @@ + int keep_capabilities = 0; + #endif + ++#ifdef HAVE_LIBSYSTEMD ++#include ++#endif ++ + TIME default_lease_time = 43200; /* 12 hours... */ + TIME max_lease_time = 86400; /* 24 hours... */ + struct tree_cache *global_options[256]; +@@ -709,6 +713,14 @@ main(int argc, char **argv) { + } + #endif + ++#ifdef HAVE_LIBSYSTEMD ++ /* We are ready to process incomming packets. Let's notify systemd */ ++ sd_notifyf(0, "READY=1\n" ++ "STATUS=Dispatching packets...\n" ++ "MAINPID=%lu", ++ (unsigned long) getpid()); ++#endif ++ + /* Start dispatching packets and timeouts... */ + dispatch(); + +diff -up dhcp-4.3.4/server/dhcpd.c.sd_notify dhcp-4.3.4/server/dhcpd.c +--- dhcp-4.3.4/server/dhcpd.c.sd_notify 2016-04-29 13:08:52.873287075 +0200 ++++ dhcp-4.3.4/server/dhcpd.c 2016-04-29 13:12:00.655333096 +0200 +@@ -57,6 +57,10 @@ uid_t set_uid = 0; + gid_t set_gid = 0; + #endif /* PARANOIA */ + ++#ifdef HAVE_LIBSYSTEMD ++#include ++#endif ++ + struct iaddr server_identifier; + int server_identifier_matched; + +@@ -931,6 +935,14 @@ main(int argc, char **argv) { + /* Log that we are about to start working */ + log_info("Server starting service."); + ++#ifdef HAVE_LIBSYSTEMD ++ /* We are ready to process incomming packets. Let's notify systemd */ ++ sd_notifyf(0, "READY=1\n" ++ "STATUS=Dispatching packets...\n" ++ "MAINPID=%lu", ++ (unsigned long) getpid()); ++#endif ++ + /* + * Receive packets and dispatch them... + * dispatch() will never return. diff --git a/SOURCES/dhcp-sendDecline.patch b/SOURCES/dhcp-sendDecline.patch new file mode 100644 index 0000000..ede9298 --- /dev/null +++ b/SOURCES/dhcp-sendDecline.patch @@ -0,0 +1,231 @@ +diff -up dhcp-4.3.4/client/dhc6.c.sendDecline dhcp-4.3.4/client/dhc6.c +--- dhcp-4.3.4/client/dhc6.c.sendDecline 2016-03-22 14:16:51.000000000 +0100 ++++ dhcp-4.3.4/client/dhc6.c 2016-05-02 14:51:57.916578401 +0200 +@@ -115,6 +115,8 @@ void do_select6(void *input); + void do_refresh6(void *input); + static void do_release6(void *input); + static void start_bound(struct client_state *client); ++static void start_decline6(struct client_state *client); ++static void do_decline6(void *input); + static void start_informed(struct client_state *client); + void informed_handler(struct packet *packet, struct client_state *client); + void bound_handler(struct packet *packet, struct client_state *client); +@@ -2314,6 +2316,7 @@ start_release6(struct client_state *clie + cancel_timeout(do_select6, client); + cancel_timeout(do_refresh6, client); + cancel_timeout(do_release6, client); ++ cancel_timeout(do_decline6, client); + client->state = S_STOPPED; + + /* +@@ -2968,6 +2971,7 @@ dhc6_check_reply(struct client_state *cl + break; + + case S_STOPPED: ++ case S_DECLINED: + action = dhc6_stop_action; + break; + +@@ -3084,6 +3088,7 @@ dhc6_check_reply(struct client_state *cl + break; + + case S_STOPPED: ++ case S_DECLINED: + /* Nothing critical to do at this stage. */ + break; + +@@ -4214,17 +4219,23 @@ reply_handler(struct packet *packet, str + cancel_timeout(do_select6, client); + cancel_timeout(do_refresh6, client); + cancel_timeout(do_release6, client); ++ cancel_timeout(do_decline6, client); + + /* If this is in response to a Release/Decline, clean up and return. */ +- if (client->state == S_STOPPED) { +- if (client->active_lease == NULL) +- return; ++ if ((client->state == S_STOPPED) || ++ (client->state == S_DECLINED)) { ++ ++ if (client->active_lease != NULL) { ++ dhc6_lease_destroy(&client->active_lease, MDL); ++ client->active_lease = NULL; ++ /* We should never wait for nothing!? */ ++ if (stopping_finished()) ++ exit(0); ++ } ++ ++ if (client->state == S_DECLINED) ++ start_init6(client); + +- dhc6_lease_destroy(&client->active_lease, MDL); +- client->active_lease = NULL; +- /* We should never wait for nothing!? */ +- if (stopping_finished()) +- exit(0); + return; + } + +@@ -4798,7 +4809,11 @@ start_bound(struct client_state *client) + dhc6_marshall_values("new_", client, lease, ia, addr); + script_write_requested6(client); + +- script_go(client); ++ // when script returns 3, DAD failed ++ if (script_go(client) == 3) { ++ start_decline6(client); ++ return; ++ } + } + + /* XXX: maybe we should loop on the old values instead? */ +@@ -4851,6 +4866,149 @@ start_bound(struct client_state *client) + dhc6_check_times(client); + } + ++/* ++ * Decline addresses. ++ */ ++void ++start_decline6(struct client_state *client) ++{ ++ /* Cancel any pending transmissions */ ++ cancel_timeout(do_confirm6, client); ++ cancel_timeout(do_select6, client); ++ cancel_timeout(do_refresh6, client); ++ cancel_timeout(do_release6, client); ++ cancel_timeout(do_decline6, client); ++ client->state = S_DECLINED; ++ ++ if (client->active_lease == NULL) ++ return; ++ ++ /* Set timers per RFC3315 section 18.1.7. */ ++ client->IRT = DEC_TIMEOUT * 100; ++ client->MRT = 0; ++ client->MRC = DEC_MAX_RC; ++ client->MRD = 0; ++ ++ dhc6_retrans_init(client); ++ client->v6_handler = reply_handler; ++ ++ client->refresh_type = DHCPV6_DECLINE; ++ do_decline6(client); ++} ++ ++/* ++ * do_decline6() creates a Decline packet and transmits it. ++ */ ++static void ++do_decline6(void *input) ++{ ++ struct client_state *client; ++ struct data_string ds; ++ struct timeval elapsed, tv; ++ int send_ret, added; ++ ++ client = input; ++ ++ if ((client->active_lease == NULL) || !active_prefix(client)) ++ return; ++ ++ if ((client->MRC != 0) && (client->txcount > client->MRC)) { ++ log_info("Max retransmission count exceeded."); ++ goto decline_done; ++ } ++ ++ /* ++ * Start_time starts at the first transmission. ++ */ ++ if (client->txcount == 0) { ++ client->start_time.tv_sec = cur_tv.tv_sec; ++ client->start_time.tv_usec = cur_tv.tv_usec; ++ } ++ ++ /* elapsed = cur - start */ ++ elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec; ++ elapsed.tv_usec = cur_tv.tv_usec - client->start_time.tv_usec; ++ if (elapsed.tv_usec < 0) { ++ elapsed.tv_sec -= 1; ++ elapsed.tv_usec += 1000000; ++ } ++ ++ memset(&ds, 0, sizeof(ds)); ++ if (!buffer_allocate(&ds.buffer, 4, MDL)) { ++ log_error("Unable to allocate memory for Decline."); ++ goto decline_done; ++ } ++ ++ ds.data = ds.buffer->data; ++ ds.len = 4; ++ ds.buffer->data[0] = DHCPV6_DECLINE; ++ memcpy(ds.buffer->data + 1, client->dhcpv6_transaction_id, 3); ++ ++ /* Form an elapsed option. */ ++ /* Maximum value is 65535 1/100s coded as 0xffff. */ ++ if ((elapsed.tv_sec < 0) || (elapsed.tv_sec > 655) || ++ ((elapsed.tv_sec == 655) && (elapsed.tv_usec > 350000))) { ++ client->elapsed = 0xffff; ++ } else { ++ client->elapsed = elapsed.tv_sec * 100; ++ client->elapsed += elapsed.tv_usec / 10000; ++ } ++ ++ client->elapsed = htons(client->elapsed); ++ ++ log_debug("XMT: Forming Decline."); ++ make_client6_options(client, &client->sent_options, ++ client->active_lease, DHCPV6_DECLINE); ++ dhcpv6_universe.encapsulate(&ds, NULL, NULL, client, NULL, ++ client->sent_options, &global_scope, ++ &dhcpv6_universe); ++ ++ /* Append IA's (but don't release temporary addresses). */ ++ if (wanted_ia_na && ++ dhc6_add_ia_na(client, &ds, client->active_lease, ++ DHCPV6_DECLINE, 0, &added) != ISC_R_SUCCESS) { ++ data_string_forget(&ds, MDL); ++ goto decline_done; ++ } ++ if (wanted_ia_pd && ++ dhc6_add_ia_pd(client, &ds, client->active_lease, ++ DHCPV6_DECLINE, 0, &added) != ISC_R_SUCCESS) { ++ data_string_forget(&ds, MDL); ++ goto decline_done; ++ } ++ ++ /* Transmit and wait. */ ++ log_info("XMT: Decline on %s, interval %ld0ms.", ++ client->name ? client->name : client->interface->name, ++ (long int)client->RT); ++ ++ send_ret = send_packet6(client->interface, ds.data, ds.len, ++ &DHCPv6DestAddr); ++ if (send_ret != ds.len) { ++ log_error("dhc6: sendpacket6() sent %d of %d bytes", ++ send_ret, ds.len); ++ } ++ ++ data_string_forget(&ds, MDL); ++ ++ /* Wait RT */ ++ tv.tv_sec = cur_tv.tv_sec + client->RT / 100; ++ tv.tv_usec = cur_tv.tv_usec + (client->RT % 100) * 10000; ++ if (tv.tv_usec >= 1000000) { ++ tv.tv_sec += 1; ++ tv.tv_usec -= 1000000; ++ } ++ add_timeout(&tv, do_decline6, client, NULL, NULL); ++ dhc6_retrans_advance(client); ++ return; ++ ++decline_done: ++ dhc6_lease_destroy(&client->active_lease, MDL); ++ client->active_lease = NULL; ++ start_init6(client); ++ return; ++} ++ + /* While bound, ignore packets. In the future we'll want to answer + * Reconfigure-Request messages and the like. + */ diff --git a/SOURCES/dhcp-sharedlib.patch b/SOURCES/dhcp-sharedlib.patch new file mode 100644 index 0000000..4e4869e --- /dev/null +++ b/SOURCES/dhcp-sharedlib.patch @@ -0,0 +1,149 @@ +diff --git a/client/Makefile.am b/client/Makefile.am +index b85f5d2..b1ecf82 100644 +--- a/client/Makefile.am ++++ b/client/Makefile.am +@@ -15,6 +15,6 @@ dhclient_SOURCES = clparse.c dhclient.c dhc6.c \ + scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ + scripts/netbsd scripts/nextstep scripts/openbsd \ + scripts/solaris scripts/openwrt +-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a $(BIND_LIBS) ++dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(BIND_LIBS) + man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 + EXTRA_DIST = $(man_MANS) +diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am +index 196aa44..1ccaa05 100644 +--- a/common/tests/Makefile.am ++++ b/common/tests/Makefile.am +@@ -15,22 +15,22 @@ ATF_TESTS += alloc_unittest dns_unittest misc_unittest ns_name_unittest + alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c + alloc_unittest_LDADD = $(ATF_LDFLAGS) + alloc_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a $(BIND_LIBS) ++ ../../omapip/libomapi.la $(BIND_LIBS) + + dns_unittest_SOURCES = dns_unittest.c $(top_srcdir)/tests/t_api_dhcp.c + dns_unittest_LDADD = $(ATF_LDFLAGS) + dns_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a $(BIND_LIBS) ++ ../../omapip/libomapi.la $(BIND_LIBS) + + misc_unittest_SOURCES = misc_unittest.c $(top_srcdir)/tests/t_api_dhcp.c + misc_unittest_LDADD = $(ATF_LDFLAGS) + misc_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a $(BIND_LIBS) ++ ../../omapip/libomapi.la $(BIND_LIBS) + + ns_name_unittest_SOURCES = ns_name_test.c $(top_srcdir)/tests/t_api_dhcp.c + ns_name_unittest_LDADD = $(ATF_LDFLAGS) + ns_name_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a $(BIND_LIBS) ++ ../../omapip/libomapi.la $(BIND_LIBS) + + check: $(ATF_TESTS) + @if test $(top_srcdir) != ${top_builddir}; then \ +diff --git a/configure.ac b/configure.ac +index f594cfa..adc98a8 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -47,7 +47,8 @@ AM_CONDITIONAL(CROSS_COMPILING, test "$cross_compiling" = "yes") + # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API. + AC_USE_SYSTEM_EXTENSIONS + +-AC_PROG_RANLIB ++# Use libtool to simplify building of shared libraries ++AC_PROG_LIBTOOL + + AC_PATH_PROG(AR, ar) + AC_SUBST(AR) +diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am +index fa20a78..dd016e4 100644 +--- a/dhcpctl/Makefile.am ++++ b/dhcpctl/Makefile.am +@@ -1,17 +1,17 @@ + BIND_LIBS = @BIND_LIBS@ + + bin_PROGRAMS = omshell +-lib_LIBRARIES = libdhcpctl.a ++lib_LTLIBRARIES = libdhcpctl.la + noinst_PROGRAMS = cltest + man_MANS = omshell.1 dhcpctl.3 + EXTRA_DIST = $(man_MANS) + + omshell_SOURCES = omshell.c +-omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ ++omshell_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ + $(BIND_LIBS) + +-libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c ++libdhcpctl_la_SOURCES = dhcpctl.c callback.c remote.c + + cltest_SOURCES = cltest.c +-cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ ++cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ + $(BIND_LIBS) +diff --git a/omapip/Makefile.am b/omapip/Makefile.am +index b0d2680..265bcef 100644 +--- a/omapip/Makefile.am ++++ b/omapip/Makefile.am +@@ -1,9 +1,9 @@ + BIND_LIBS = @BIND_LIBS@ + +-lib_LIBRARIES = libomapi.a ++lib_LTLIBRARIES = libomapi.la + noinst_PROGRAMS = svtest + +-libomapi_a_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \ ++libomapi_la_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \ + errwarn.c listener.c dispatch.c generic.c support.c \ + handle.c message.c convert.c hash.c auth.c inet_addr.c \ + array.c trace.c toisc.c iscprint.c isclib.c +@@ -12,5 +12,5 @@ man_MANS = omapi.3 + EXTRA_DIST = $(man_MANS) + + svtest_SOURCES = test.c +-svtest_LDADD = libomapi.a $(BIND_LIBS) ++svtest_LDADD = libomapi.la $(BIND_LIBS) + +diff --git a/relay/Makefile.am b/relay/Makefile.am +index c9a1cba..316a524 100644 +--- a/relay/Makefile.am ++++ b/relay/Makefile.am +@@ -4,7 +4,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' + + sbin_PROGRAMS = dhcrelay + dhcrelay_SOURCES = dhcrelay.c +-dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ ++dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ + $(BIND_LIBS) + man_MANS = dhcrelay.8 + EXTRA_DIST = $(man_MANS) +diff --git a/server/Makefile.am b/server/Makefile.am +index 30cf2b1..f56f310 100644 +--- a/server/Makefile.am ++++ b/server/Makefile.am +@@ -15,8 +15,8 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \ + dhcpv6.c mdb6.c ldap.c ldap_casa.c leasechain.c ldap_krb_helper.c + + dhcpd_CFLAGS = $(LDAP_CFLAGS) +-dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ +- ../dhcpctl/libdhcpctl.a $(BIND_LIBS) $(LDAP_LIBS) ++dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ ++ ../dhcpctl/libdhcpctl.la $(BIND_LIBS) $(LDAP_LIBS) + + man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 + EXTRA_DIST = $(man_MANS) +diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am +index 771de06..8d8a2c1 100644 +--- a/server/tests/Makefile.am ++++ b/server/tests/Makefile.am +@@ -20,8 +20,8 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpars.c ../db.c ../class.c \ + ../ddns.c ../dhcpleasequery.c ../dhcpv6.c ../mdb6.c \ + ../ldap.c ../ldap_casa.c ../dhcpd.c ../leasechain.c + +-DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.a \ +- $(top_builddir)/dhcpctl/libdhcpctl.a $(BIND_LIBS) ++DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.la \ ++ $(top_builddir)/dhcpctl/libdhcpctl.la $(BIND_LIBS) + + ATF_TESTS = + if HAVE_ATF diff --git a/SOURCES/dhcp-stateless-DUID-LLT.patch b/SOURCES/dhcp-stateless-DUID-LLT.patch new file mode 100644 index 0000000..72b7b0f --- /dev/null +++ b/SOURCES/dhcp-stateless-DUID-LLT.patch @@ -0,0 +1,13 @@ +diff -up dhcp-4.3.4/client/dhclient.c.stateless-DUID-LLT dhcp-4.3.4/client/dhclient.c +--- dhcp-4.3.4/client/dhclient.c.stateless-DUID-LLT 2016-04-29 13:13:50.467360008 +0200 ++++ dhcp-4.3.4/client/dhclient.c 2016-04-29 13:14:53.389375428 +0200 +@@ -1317,6 +1317,9 @@ void run_stateless(int exit_mode, u_int1 + data_string_forget(&default_duid, MDL); + + form_duid(&default_duid, MDL); ++ if (form_duid(&default_duid, MDL) == ISC_R_SUCCESS && ++ duid_type == DUID_LLT) ++ write_duid(&default_duid); + } + + #ifdef DHCP4o6 diff --git a/SOURCES/dhcp-statement_parser.patch b/SOURCES/dhcp-statement_parser.patch new file mode 100644 index 0000000..2bb474b --- /dev/null +++ b/SOURCES/dhcp-statement_parser.patch @@ -0,0 +1,21 @@ +diff --git a/common/parse.c b/common/parse.c +index e78223c2..656b378b 100644 +--- a/common/parse.c ++++ b/common/parse.c +@@ -5790,13 +5790,14 @@ int parse_X (cfile, buf, max) + skip_to_semi (cfile); + return 0; + } +- convert_num (cfile, &buf [len], val, 16, 8); +- if (len++ > max) { ++ if (len >= max) { + parse_warn (cfile, + "hexadecimal constant too long."); + skip_to_semi (cfile); + return 0; + } ++ convert_num (cfile, &buf [len], val, 16, 8); ++ len++; + token = peek_token (&val, (unsigned *)0, cfile); + if (token == COLON) + token = next_token (&val, diff --git a/SOURCES/dhcp-unicast-bootp.patch b/SOURCES/dhcp-unicast-bootp.patch new file mode 100644 index 0000000..abf89f2 --- /dev/null +++ b/SOURCES/dhcp-unicast-bootp.patch @@ -0,0 +1,101 @@ +diff -up dhcp-4.3.4/server/bootp.c.unicast dhcp-4.3.4/server/bootp.c +--- dhcp-4.3.4/server/bootp.c.unicast 2016-03-22 14:16:51.000000000 +0100 ++++ dhcp-4.3.4/server/bootp.c 2016-05-02 15:09:40.023243008 +0200 +@@ -52,6 +52,7 @@ void bootp (packet) + char msgbuf [1024]; + int ignorep; + int peer_has_leases = 0; ++ int norelay = 0; + + if (packet -> raw -> op != BOOTREQUEST) + return; +@@ -67,7 +68,7 @@ void bootp (packet) + ? inet_ntoa (packet -> raw -> giaddr) + : packet -> interface -> name); + +- if (!locate_network (packet)) { ++ if ((norelay = locate_network (packet)) == 0) { + log_info ("%s: network unknown", msgbuf); + return; + } +@@ -428,6 +429,15 @@ void bootp (packet) + + goto out; + } ++ } else if (norelay == 2) { ++ to.sin_addr = raw.ciaddr; ++ to.sin_port = remote_port; ++ if (fallback_interface) { ++ result = send_packet (fallback_interface, NULL, &raw, ++ outgoing.packet_length, from, ++ &to, &hto); ++ goto out; ++ } + + /* If it comes from a client that already knows its address + and is not requesting a broadcast response, and we can +diff -up dhcp-4.3.4/server/dhcp.c.unicast dhcp-4.3.4/server/dhcp.c +--- dhcp-4.3.4/server/dhcp.c.unicast 2016-03-22 14:16:51.000000000 +0100 ++++ dhcp-4.3.4/server/dhcp.c 2016-05-02 15:10:13.255267511 +0200 +@@ -5132,6 +5132,7 @@ int locate_network (packet) + struct data_string data; + struct subnet *subnet = (struct subnet *)0; + struct option_cache *oc; ++ int norelay = 0; + + #if defined(DHCPv6) && defined(DHCP4o6) + if (dhcpv4_over_dhcpv6 && (packet->dhcp4o6_response != NULL)) { +@@ -5153,12 +5154,24 @@ int locate_network (packet) + from the interface, if there is one. If not, fail. */ + if (!oc && !packet -> raw -> giaddr.s_addr) { + if (packet -> interface -> shared_network) { +- shared_network_reference +- (&packet -> shared_network, +- packet -> interface -> shared_network, MDL); +- return 1; ++ struct in_addr any_addr; ++ any_addr.s_addr = INADDR_ANY; ++ ++ if (!packet -> packet_type && memcmp(&packet -> raw -> ciaddr, &any_addr, 4)) { ++ struct iaddr cip; ++ memcpy(cip.iabuf, &packet -> raw -> ciaddr, 4); ++ cip.len = 4; ++ if (!find_grouped_subnet(&subnet, packet->interface->shared_network, cip, MDL)) ++ norelay = 2; ++ } ++ ++ if (!norelay) { ++ shared_network_reference(&packet -> shared_network, packet -> interface -> shared_network, MDL); ++ return 1; ++ } ++ } else { ++ return 0; + } +- return 0; + } + + /* If there's an option indicating link connection, and it's valid, +@@ -5185,7 +5198,10 @@ int locate_network (packet) + data_string_forget (&data, MDL); + } else { + ia.len = 4; +- memcpy (ia.iabuf, &packet -> raw -> giaddr, 4); ++ if (norelay) ++ memcpy (ia.iabuf, &packet->raw->ciaddr, 4); ++ else ++ memcpy (ia.iabuf, &packet->raw->giaddr, 4); + } + + /* If we know the subnet on which the IP address lives, use it. */ +@@ -5193,7 +5209,10 @@ int locate_network (packet) + shared_network_reference (&packet -> shared_network, + subnet -> shared_network, MDL); + subnet_dereference (&subnet, MDL); +- return 1; ++ if (norelay) ++ return norelay; ++ else ++ return 1; + } + + /* Otherwise, fail. */ diff --git a/SOURCES/dhcpd.service b/SOURCES/dhcpd.service new file mode 100644 index 0000000..7363d7d --- /dev/null +++ b/SOURCES/dhcpd.service @@ -0,0 +1,15 @@ +[Unit] +Description=DHCPv4 Server Daemon +Documentation=man:dhcpd(8) man:dhcpd.conf(5) +Wants=network-online.target +After=network-online.target +After=time-sync.target + +[Service] +Type=notify +EnvironmentFile=-/etc/sysconfig/dhcpd +ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid $DHCPDARGS +StandardError=null + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/dhcpd6.service b/SOURCES/dhcpd6.service new file mode 100644 index 0000000..ff844c0 --- /dev/null +++ b/SOURCES/dhcpd6.service @@ -0,0 +1,15 @@ +[Unit] +Description=DHCPv6 Server Daemon +Documentation=man:dhcpd(8) man:dhcpd.conf(5) +Wants=network-online.target +After=network-online.target +After=time-sync.target + +[Service] +Type=notify +EnvironmentFile=-/etc/sysconfig/dhcpd6 +ExecStart=/usr/sbin/dhcpd -f -6 -cf /etc/dhcp/dhcpd6.conf -user dhcpd -group dhcpd --no-pid $DHCPDARGS +StandardError=null + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/dhcrelay.service b/SOURCES/dhcrelay.service new file mode 100644 index 0000000..43a0ca3 --- /dev/null +++ b/SOURCES/dhcrelay.service @@ -0,0 +1,13 @@ +[Unit] +Description=DHCP Relay Agent Daemon +Documentation=man:dhcrelay(8) +Wants=network-online.target +After=network-online.target + +[Service] +Type=notify +ExecStart=/usr/sbin/dhcrelay -d --no-pid +StandardError=null + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec new file mode 100644 index 0000000..2c1428d --- /dev/null +++ b/SPECS/dhcp.spec @@ -0,0 +1,3009 @@ +# SystemTap support is disabled by default +%{!?sdt:%global sdt 0} + +#http://lists.fedoraproject.org/pipermail/devel/2011-August/155358.html +%global _hardened_build 1 + +# Where dhcp configuration files are stored +%global dhcpconfdir %{_sysconfdir}/dhcp + + +#global prever b1 +#global patchver P1 +%global DHCPVERSION %{version}%{?prever}%{?patchver:-%{patchver}} + + +Summary: Dynamic host configuration protocol software +Name: dhcp +Version: 4.3.6 +Release: 49%{?dist} +# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to +# dcantrell maintaining the package) made incorrect use of the epoch and +# that's why it is at 12 now. It should have never been used, but it was. +# So we are stuck with it. +Epoch: 12 +License: ISC +Url: http://isc.org/products/DHCP/ +Source0: ftp://ftp.isc.org/isc/dhcp/%{DHCPVERSION}/dhcp-%{DHCPVERSION}.tar.gz +Source1: dhclient-script +Source2: README.dhclient.d +Source3: 11-dhclient +Source5: 56dhclient +Source6: dhcpd.service +Source7: dhcpd6.service +Source8: dhcrelay.service + +Patch0: dhcp-remove-bind.patch + +Patch2: dhcp-sharedlib.patch +Patch3: dhcp-errwarn-message.patch +Patch4: dhcp-dhclient-options.patch +Patch5: dhcp-release-by-ifup.patch +Patch6: dhcp-dhclient-decline-backoff.patch +Patch7: dhcp-unicast-bootp.patch +Patch8: dhcp-default-requested-options.patch + +Patch10: dhcp-manpages.patch +Patch11: dhcp-paths.patch +Patch12: dhcp-CLOEXEC.patch +Patch13: dhcp-garbage-chars.patch +Patch14: dhcp-add_timeout_when_NULL.patch +Patch15: dhcp-64_bit_lease_parse.patch +Patch16: dhcp-capability.patch + +Patch18: dhcp-sendDecline.patch +Patch19: dhcp-rfc3442-classless-static-routes.patch +Patch20: dhcp-honor-expired.patch +Patch21: dhcp-PPP.patch + +Patch23: dhcp-lpf-ib.patch +Patch24: dhcp-IPoIB-log-id.patch +Patch25: dhcp-improved-xid.patch +#Patch26: dhcp-gpxe-cid.patch +Patch26: dhcp-duidv4.patch +Patch27: dhcp-duid_uuid.patch +#Patch28: dhcp-systemtap.patch + +Patch31: dhcp-client-request-release-bind-iface.patch +Patch33: dhcp-no-subnet-error2info.patch +Patch34: dhcp-sd_notify.patch + +Patch36: dhcp-option97-pxe-client-id.patch +Patch37: dhcp-stateless-DUID-LLT.patch +Patch38: dhcp-dhclient-preinit6s.patch +Patch39: dhcp-handle_ctx_signals.patch +Patch40: dhcp-4.3.6-omapi-leak.patch +Patch41: dhcp-4.3.6-isc-util.patch +Patch42: dhcp-4.3.6-options_overflow.patch +Patch43: dhcp-4.3.6-reference_count_overflow.patch +Patch44: dhcp-replay_file_limit.patch +Patch45: dhcp-4.2.5-expiry_before_renewal_v2.patch +Patch46: dhcp-dhclient_ipv6_prefix.patch +Patch47: dhcp-isc_heap_delete.patch +Patch48: dhcp-bind-9.11.patch +Patch49: dhcp-detect-system-time-jumps.patch +Patch50: dhcp-key_algorithm.patch +Patch51: dhcp-statement_parser.patch +Patch52: dhcp-omshell-hmac-sha512-support.patch +Patch53: dhcp-CVE-2022-2928.patch +Patch54: dhcp-CVE-2022-2929.patch +Patch55: dhcp-dhcp6-vendor-opts.patch + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: openldap-devel +# --with-ldap-gssapi +BuildRequires: krb5-devel +BuildRequires: libcap-ng-devel +# https://fedorahosted.org/fpc/ticket/502#comment:3 +BuildRequires: bind-export-devel >= 9.11.11 +BuildRequires: systemd systemd-devel +# dhcp-sd_notify.patch +BuildRequires: pkgconfig(libsystemd) +%if ! 0%{?_module_build} +BuildRequires: doxygen +%endif +%if %{sdt} +BuildRequires: systemtap-sdt-devel +%global tapsetdir /usr/share/systemtap/tapset +%endif + +# In _docdir we ship some perl scripts and module from contrib subdirectory. +# Because nothing under _docdir is allowed to "require" anything, +# prevent _docdir from being scanned. (#674058) +%filter_requires_in %{_docdir} +%{filter_setup} + +%description +DHCP (Dynamic Host Configuration Protocol) + +%package server +Summary: Provides the ISC DHCP server +Requires: %{name}-common = %{epoch}:%{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} +Requires(pre): shadow-utils +Requires(post): coreutils grep sed +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description server +DHCP (Dynamic Host Configuration Protocol) is a protocol which allows +individual devices on an IP network to get their own network +configuration information (IP address, subnetmask, broadcast address, +etc.) from a DHCP server. The overall purpose of DHCP is to make it +easier to administer a large network. + +This package provides the ISC DHCP server. + +%package relay +Summary: Provides the ISC DHCP relay agent +Requires: %{name}-common = %{epoch}:%{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} +Requires(post): grep sed +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description relay +DHCP (Dynamic Host Configuration Protocol) is a protocol which allows +individual devices on an IP network to get their own network +configuration information (IP address, subnetmask, broadcast address, +etc.) from a DHCP server. The overall purpose of DHCP is to make it +easier to administer a large network. + +This package provides the ISC DHCP relay agent. + +%package client +Summary: Provides the ISC DHCP client daemon and dhclient-script +Provides: dhclient = %{epoch}:%{version}-%{release} +Obsoletes: dhclient < %{epoch}:%{version}-%{release} +# dhclient-script requires: +Requires: coreutils gawk grep ipcalc iproute iputils sed systemd +Requires: %{name}-common = %{epoch}:%{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} + +%description client +DHCP (Dynamic Host Configuration Protocol) is a protocol which allows +individual devices on an IP network to get their own network +configuration information (IP address, subnetmask, broadcast address, +etc.) from a DHCP server. The overall purpose of DHCP is to make it +easier to administer a large network. + +This package provides the ISC DHCP client. + +%package common +Summary: Common files used by ISC dhcp client, server and relay agent +BuildArch: noarch + +%description common +DHCP (Dynamic Host Configuration Protocol) is a protocol which allows +individual devices on an IP network to get their own network +configuration information (IP address, subnetmask, broadcast address, +etc.) from a DHCP server. The overall purpose of DHCP is to make it +easier to administer a large network. + +This package provides common files used by dhcp and dhclient package. + +%package libs +Summary: Shared libraries used by ISC dhcp client and server + +%description libs +This package contains shared libraries used by ISC dhcp client and server + + +%package devel +Summary: Development headers and libraries for interfacing to the DHCP server +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} + +%description devel +Header files and API documentation for using the ISC DHCP libraries. The +libdhcpctl and libomapi static libraries are also included in this package. + +%if ! 0%{?_module_build} +%package devel-doc +Summary: Developer's Guide for ISC DHCP +Requires: %{name}-libs = %{epoch}:%{version}-%{release} +BuildArch: noarch + +%description devel-doc +This documentation is intended for developers, contributors and other +programmers that are interested in internal operation of the code. +This package contains doxygen-generated documentation. +%endif + +%prep +%setup -q -n dhcp-%{DHCPVERSION} + +# Remove bundled BIND source +rm bind/bind.tar.gz + +# Fire away bundled BIND source. +%patch0 -p1 -b .remove-bind %{?_rawbuild} + +#Build dhcp's libraries as shared libs instead of static libs. +%patch2 -p1 -b .sharedlib + +# Replace the standard ISC warning message about requesting help with an +# explanation that this is a patched build of ISC DHCP and bugs should be +# reported through bugzilla.redhat.com +%patch3 -p1 -b .errwarn + +# Add more dhclient options (-I, -B, -H, -F, -timeout, -V, and -R) +%patch4 -p1 -b .options + +# Handle releasing interfaces requested by /sbin/ifup +# pid file is assumed to be /var/run/dhclient-$interface.pid +%patch5 -p1 -b .ifup + +# If we receive a DHCP offer in dhclient and it's DECLINEd in dhclient-script, +# backoff for an amount of time before trying again +%patch6 -p1 -b .backoff + +# Support unicast BOOTP for IBM pSeries systems (and maybe others) +# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19146]) +%patch7 -p1 -b .unicast + +# Add NIS domain, NIS servers, NTP servers, interface-mtu and domain-search +# to the list of default requested DHCP options +%patch8 -p1 -b .requested + + +# Various man-page-only fixes +%patch10 -p1 -b .man + +# Change paths to conform to our standards +%patch11 -p1 -b .paths + +# Make sure all open file descriptors are closed-on-exec for SELinux (#446632) +# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19148]) +%patch12 -p1 -b .cloexec + +# Fix 'garbage in format string' error (#450042) +%patch13 -p1 -b .garbage + +# Handle cases in add_timeout() where the function is called with a NULL +# value for the 'when' parameter +# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19867]) +%patch14 -p1 -b .dracut + +# Ensure 64-bit platforms parse lease file dates & times correctly (#448615, #628258) +# (Partly submitted to dhcp-bugs@isc.org - [ISC-Bugs #22033]) +%patch15 -p1 -b .64-bit_lease_parse + +# Drop unnecessary capabilities in +# dhclient (#517649, #546765), dhcpd/dhcrelay (#699713) +%patch16 -p1 -b .capability + +# If any of the bound addresses are found to be in use on the link, +# the dhcpv6 client sends a Decline message to the server +# as described in section 18.1.7 of RFC-3315 (#559147) +# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #21237]) +%patch18 -p1 -b .sendDecline + +# RFC 3442 - Classless Static Route Option for DHCPv4 (#516325) +# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #24572]) +%patch19 -p1 -b .rfc3442 + +# check whether there is any unexpired address in previous lease +# prior to confirming (INIT-REBOOT) the lease (#585418) +# (Submitted to dhcp-suggest@isc.org - [ISC-Bugs #22675]) +%patch20 -p1 -b .honor-expired + +# DHCPv6 over PPP support (#626514) +%patch21 -p1 -b .PPP + +# IPoIB support (#660681) +# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #24249]) +%patch23 -p1 -b .lpf-ib +# add GUID/DUID to dhcpd logs (#1064416) +%patch24 -p1 -b .IPoIB-log-id +%patch25 -p1 -b .improved-xid + +# create client identifier per rfc4390 +#%%patch26 -p1 -b .gpxe-cid (not needed as we use DUIDs - see next patch) +# Turn on creating/sending of DUID as client identifier with DHCPv4 clients (#560361c#40, rfc4361) +%patch26 -p1 -b .duidv4 +# Implement DUID-UUID (RFC 6355) and make it default DUID type (#560361#60) +%patch27 -p1 -b .duid_uuid + +# http://sourceware.org/systemtap/wiki/SystemTap +#%%patch28 -p1 -b .systemtap + +# send unicast request/release via correct interface (#800561, #1177351) +# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #30544]) +%patch31 -p1 -b .bind-iface + + +# 'No subnet declaration for ' should be info, not error. +%patch33 -p1 -b .error2info + +# support for sending startup notification to systemd (#1077666) +%patch34 -p1 -b .sd_notify + +# option 97 - pxe-client-id (#1058674) +# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #38110]) +%patch36 -p1 -b .option97 + +# dhclient: write DUID_LLT even in stateless mode (#1156356) +# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #38144]) +%patch37 -p1 -b .stateless-DUID-LLT + +# dhclient: make sure link-local address is ready in stateless mode (#1263466) +%patch38 -p1 -b .preinit6s + +# add signal handlers for proper work with share context +%patch39 -p1 -b .signals + +# close omapi socker descriptions properly +# https://bugzilla.redhat.com/1523547 +%patch40 -p1 -b .omapi-leak + +# include isc/util.h explicitly, is it no longer contained in used headers +%patch41 -p1 -b .isc-util + +## https://bugzilla.redhat.com/show_bug.cgi?id=1550246 +%patch42 -p1 +%patch43 -p1 + +## https://bugzilla.redhat.com/show_bug.cgi?id=1623794 +%patch44 -p1 -b .noreplay + +# https://bugzilla.redhat.com/show_bug.cgi?id=1647786 +%patch45 -p1 -b .t2-expirity + +%patch46 -p1 -b .ipv6-prefix + +# https://bugzilla.redhat.com/show_bug.cgi?id=1704672 +%patch47 -p1 -b .heap-delete + +## https://bugzilla.redhat.com/show_bug.cgi?id=1762796 +%patch48 -p1 -b .isc-types + +%patch49 -p1 -b .time-change + +# https://github.com/isc-projects/dhcp/commit/e6ffc27f24321017a5ad9af3707f4e2e54bbac74 +%patch50 -p1 -b .key-alg + +# https://bugzilla.redhat.com/show_bug.cgi?id=1963807 +%patch51 -p1 + +# https://bugzilla.redhat.com/show_bug.cgi?id=2016248 +%patch52 -p1 + +# https://bugzilla.redhat.com/show_bug.cgi?id=2132248 +%patch53 -p1 + +# https://bugzilla.redhat.com/show_bug.cgi?id=2132245 +%patch54 -p1 + +# https://bugzilla.redhat.com/show_bug.cgi?id=2142024 +%patch55 -p1 + +# Update paths in all man pages +for page in client/dhclient.conf.5 client/dhclient.leases.5 \ + client/dhclient-script.8 client/dhclient.8 ; do + sed -i -e 's|CLIENTBINDIR|%{_sbindir}|g' \ + -e 's|RUNDIR|%{_localstatedir}/run|g' \ + -e 's|DBDIR|%{_localstatedir}/lib/dhclient|g' \ + -e 's|ETCDIR|%{dhcpconfdir}|g' $page +done + +for page in server/dhcpd.conf.5 server/dhcpd.leases.5 server/dhcpd.8 ; do + sed -i -e 's|CLIENTBINDIR|%{_sbindir}|g' \ + -e 's|RUNDIR|%{_localstatedir}/run|g' \ + -e 's|DBDIR|%{_localstatedir}/lib/dhcpd|g' \ + -e 's|ETCDIR|%{dhcpconfdir}|g' $page +done + +sed -i -e 's|/var/db/|%{_localstatedir}/lib/dhcpd/|g' contrib/dhcp-lease-list.pl + +%build +#libtoolize --copy --force +autoreconf --verbose --force --install + +CFLAGS="%{optflags} -fno-strict-aliasing" \ +%configure \ + --with-srv-lease-file=%{_localstatedir}/lib/dhcpd/dhcpd.leases \ + --with-srv6-lease-file=%{_localstatedir}/lib/dhcpd/dhcpd6.leases \ + --with-cli-lease-file=%{_localstatedir}/lib/dhclient/dhclient.leases \ + --with-cli6-lease-file=%{_localstatedir}/lib/dhclient/dhclient6.leases \ + --with-srv-pid-file=%{_localstatedir}/run/dhcpd.pid \ + --with-srv6-pid-file=%{_localstatedir}/run/dhcpd6.pid \ + --with-cli-pid-file=%{_localstatedir}/run/dhclient.pid \ + --with-cli6-pid-file=%{_localstatedir}/run/dhclient6.pid \ + --with-relay-pid-file=%{_localstatedir}/run/dhcrelay.pid \ + --with-libbind=/usr/bin/isc-export-config.sh \ + --with-ldap \ + --with-ldapcrypto \ + --with-ldap-gssapi \ + --disable-static \ + --enable-log-pid \ +%if %{sdt} + --enable-systemtap \ + --with-tapset-install-dir=%{tapsetdir} \ +%endif + --enable-paranoia --enable-early-chroot \ + --enable-binary-leases \ + --with-systemd +make %{?_smp_mflags} +%if ! 0%{?_module_build} +pushd doc +make %{?_smp_mflags} devel +popd +%endif + +%install +make DESTDIR=%{buildroot} install %{?_smp_mflags} + +# We don't want example conf files in /etc +rm -f %{buildroot}%{_sysconfdir}/dhclient.conf.example +rm -f %{buildroot}%{_sysconfdir}/dhcpd.conf.example + +# dhclient-script +install -D -p -m 0755 %{SOURCE1} %{buildroot}%{_sbindir}/dhclient-script + +# README.dhclient.d +install -p -m 0644 %{SOURCE2} . + +# Empty directory for dhclient.d scripts +mkdir -p %{buildroot}%{dhcpconfdir}/dhclient.d + +# NetworkManager dispatcher script +mkdir -p %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d +install -p -m 0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d + +# pm-utils script to handle suspend/resume and dhclient leases +install -D -p -m 0755 %{SOURCE5} %{buildroot}%{_libdir}/pm-utils/sleep.d/56dhclient + +# systemd unit files +mkdir -p %{buildroot}%{_unitdir} +install -m 644 %{SOURCE6} %{buildroot}%{_unitdir} +install -m 644 %{SOURCE7} %{buildroot}%{_unitdir} +install -m 644 %{SOURCE8} %{buildroot}%{_unitdir} + +# Start empty lease databases +mkdir -p %{buildroot}%{_localstatedir}/lib/dhcpd/ +touch %{buildroot}%{_localstatedir}/lib/dhcpd/dhcpd.leases +touch %{buildroot}%{_localstatedir}/lib/dhcpd/dhcpd6.leases +mkdir -p %{buildroot}%{_localstatedir}/lib/dhclient/ + +# default sysconfig file for dhcpd +mkdir -p %{buildroot}%{_sysconfdir}/sysconfig +cat < %{buildroot}%{_sysconfdir}/sysconfig/dhcpd +# WARNING: This file is NOT used anymore. + +# If you are here to restrict what interfaces should dhcpd listen on, +# be aware that dhcpd listens *only* on interfaces for which it finds subnet +# declaration in dhcpd.conf. It means that explicitly enumerating interfaces +# also on command line should not be required in most cases. + +# If you still insist on adding some command line options, +# copy dhcpd.service from /lib/systemd/system to /etc/systemd/system and modify +# it there. +# https://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F + +# example: +# $ cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system/ +# $ vi /etc/systemd/system/dhcpd.service +# $ ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid +# $ systemctl --system daemon-reload +# $ systemctl restart dhcpd.service +EOF + +# Copy sample conf files into position (called by doc macro) +cp -p doc/examples/dhclient-dhcpv6.conf client/dhclient6.conf.example +cp -p doc/examples/dhcpd-dhcpv6.conf server/dhcpd6.conf.example + +cat << EOF > client/dhclient-enter-hooks +#!/bin/bash + +# For dhclient/dhclient-script debugging. +# Copy this into /etc/dhcp/ and make it executable. +# Run 'dhclient -d ' to see info passed from dhclient to dhclient-script. +# See also HOOKS section in dhclient-script(8) man page. + +echo "interface: ${interface}" +echo "reason: ${reason}" + +( set -o posix ; set ) | grep "old_" +( set -o posix ; set ) | grep "new_" +( set -o posix ; set ) | grep "alias_" +( set -o posix ; set ) | grep "requested_" +EOF + +# Install default (empty) dhcpd.conf: +mkdir -p %{buildroot}%{dhcpconfdir} +cat << EOF > %{buildroot}%{dhcpconfdir}/dhcpd.conf +# +# DHCP Server Configuration file. +# see /usr/share/doc/dhcp-server/dhcpd.conf.example +# see dhcpd.conf(5) man page +# +EOF + +# Install default dhclient.conf: +%{__mkdir} -p %{buildroot}%{dhcpconfdir} +%{__cat} << EOF > %{buildroot}%{dhcpconfdir}/dhclient.conf +# +# DHCP Client Configuration file. +# see /usr/share/doc/dhclient/dhclient.conf.example +# see dhclient.conf(5) man page +# +# Send client identifier as "hardware-type.link-layer address" (e.g. "1.c2.23.7d.c3.52.2c") +# Required in environments where a bridge might be clobbering the forwarded +# packet's MAC address (common in Wifi, Docsis, or ADSL bridging scenarios) +# see dhcp-options(5) man page for 'dhcp-client-identifier' +# see dhcp-eval(5) man page for 'hardware' +send dhcp-client-identifier = hardware; +EOF + +# Install default (empty) dhcpd6.conf: +cat << EOF > %{buildroot}%{dhcpconfdir}/dhcpd6.conf +# +# DHCPv6 Server Configuration file. +# see /usr/share/doc/dhcp-server/dhcpd6.conf.example +# see dhcpd.conf(5) man page +# +EOF + +# Install dhcp.schema for LDAP configuration +install -D -p -m 0644 contrib/ldap/dhcp.schema %{buildroot}%{_sysconfdir}/openldap/schema/dhcp.schema + +# Don't package libtool *.la files +find %{buildroot} -type f -name "*.la" -delete -print + +rm %{buildroot}%{_includedir}/isc-dhcp/dst.h + +%pre server +# /usr/share/doc/setup/uidgid +%global gid_uid 177 +getent group dhcpd >/dev/null || groupadd --force --gid %{gid_uid} --system dhcpd +if ! getent passwd dhcpd >/dev/null ; then + if ! getent passwd %{gid_uid} >/dev/null ; then + useradd --system --uid %{gid_uid} --gid dhcpd --home / --shell /sbin/nologin --comment "DHCP server" dhcpd + else + useradd --system --gid dhcpd --home / --shell /sbin/nologin --comment "DHCP server" dhcpd + fi +fi +exit 0 + +%post server +# Initial installation +%systemd_post dhcpd.service dhcpd6.service + + +for servicename in dhcpd dhcpd6; do + etcservicefile=%{_sysconfdir}/systemd/system/${servicename}.service + if [ -f ${etcservicefile} ]; then + grep -q Type= ${etcservicefile} || sed -i '/\[Service\]/a Type=notify' ${etcservicefile} + sed -i 's/After=network.target/Wants=network-online.target\nAfter=network-online.target/' ${etcservicefile} + fi +done +exit 0 + +%post relay +# Initial installation +%systemd_post dhcrelay.service + +for servicename in dhcrelay; do + etcservicefile=%{_sysconfdir}/systemd/system/${servicename}.service + if [ -f ${etcservicefile} ]; then + grep -q Type= ${etcservicefile} || sed -i '/\[Service\]/a Type=notify' ${etcservicefile} + sed -i 's/After=network.target/Wants=network-online.target\nAfter=network-online.target/' ${etcservicefile} + fi +done +exit 0 + +%preun server +# Package removal, not upgrade +%systemd_preun dhcpd.service dhcpd6.service + +%preun relay +# Package removal, not upgrade +%systemd_preun dhcrelay.service + + +%postun server +# Package upgrade, not uninstall +%systemd_postun_with_restart dhcpd.service dhcpd6.service + +%postun relay +# Package upgrade, not uninstall +%systemd_postun_with_restart dhcrelay.service + +%ldconfig_scriptlets libs + +%triggerun -- dhcp +# convert DHC*ARGS from /etc/sysconfig/dhc* to /etc/systemd/system/dhc*.service +for servicename in dhcpd dhcpd6 dhcrelay; do + if [ -f %{_sysconfdir}/sysconfig/${servicename} ]; then + # get DHCPDARGS/DHCRELAYARGS value from /etc/sysconfig/${servicename} + source %{_sysconfdir}/sysconfig/${servicename} + if [ "${servicename}" == "dhcrelay" ]; then + args=$DHCRELAYARGS + else + args=$DHCPDARGS + fi + # value is non-empty (i.e. user modified) and there isn't a service unit yet + if [ -n "${args}" -a ! -f %{_sysconfdir}/systemd/system/${servicename}.service ]; then + # in $args replace / with \/ otherwise the next sed won't take it + args=$(echo $args | sed 's/\//\\\//'g) + # add $args to the end of ExecStart line + sed -r -e "/ExecStart=/ s/$/ ${args}/" \ + < %{_unitdir}/${servicename}.service \ + > %{_sysconfdir}/systemd/system/${servicename}.service + fi + fi +done + +%files server +%doc server/dhcpd.conf.example server/dhcpd6.conf.example +%doc contrib/ldap/ contrib/dhcp-lease-list.pl +%attr(0750,root,root) %dir %{dhcpconfdir} +%attr(0755,dhcpd,dhcpd) %dir %{_localstatedir}/lib/dhcpd +%attr(0644,dhcpd,dhcpd) %verify(mode) %config(noreplace) %{_localstatedir}/lib/dhcpd/dhcpd.leases +%attr(0644,dhcpd,dhcpd) %verify(mode) %config(noreplace) %{_localstatedir}/lib/dhcpd/dhcpd6.leases +%config(noreplace) %{_sysconfdir}/sysconfig/dhcpd +%config(noreplace) %{dhcpconfdir}/dhcpd.conf +%config(noreplace) %{dhcpconfdir}/dhcpd6.conf +%dir %{_sysconfdir}/openldap/schema +%config(noreplace) %{_sysconfdir}/openldap/schema/dhcp.schema +%dir %{_sysconfdir}/NetworkManager +%dir %{_sysconfdir}/NetworkManager/dispatcher.d +%attr(0644,root,root) %{_unitdir}/dhcpd.service +%attr(0644,root,root) %{_unitdir}/dhcpd6.service +%{_sbindir}/dhcpd +%{_bindir}/omshell +%attr(0644,root,root) %{_mandir}/man1/omshell.1.gz +%attr(0644,root,root) %{_mandir}/man5/dhcpd.conf.5.gz +%attr(0644,root,root) %{_mandir}/man5/dhcpd.leases.5.gz +%attr(0644,root,root) %{_mandir}/man8/dhcpd.8.gz +%if %{sdt} +%{tapsetdir}/*.stp +%endif + +%files relay +%{_sbindir}/dhcrelay +%attr(0644,root,root) %{_unitdir}/dhcrelay.service +%attr(0644,root,root) %{_mandir}/man8/dhcrelay.8.gz + + +%files client +%doc README.dhclient.d +%doc client/dhclient.conf.example client/dhclient6.conf.example client/dhclient-enter-hooks +%attr(0750,root,root) %dir %{dhcpconfdir} +%config(noreplace) %{dhcpconfdir}/dhclient.conf +%dir %{dhcpconfdir}/dhclient.d +%dir %{_localstatedir}/lib/dhclient +%dir %{_sysconfdir}/NetworkManager +%dir %{_sysconfdir}/NetworkManager/dispatcher.d +%{_sysconfdir}/NetworkManager/dispatcher.d/11-dhclient +%{_sbindir}/dhclient +%{_sbindir}/dhclient-script +%attr(0755,root,root) %{_libdir}/pm-utils/sleep.d/56dhclient +%attr(0644,root,root) %{_mandir}/man5/dhclient.conf.5.gz +%attr(0644,root,root) %{_mandir}/man5/dhclient.leases.5.gz +%attr(0644,root,root) %{_mandir}/man8/dhclient.8.gz +%attr(0644,root,root) %{_mandir}/man8/dhclient-script.8.gz + +%files common +%{!?_licensedir:%global license %%doc} +%{license} LICENSE +%doc README RELNOTES doc/References.txt +%attr(0644,root,root) %{_mandir}/man5/dhcp-options.5.gz +%attr(0644,root,root) %{_mandir}/man5/dhcp-eval.5.gz + +%files libs +%{_libdir}/libdhcpctl.so.* +%{_libdir}/libomapi.so.* + +%files devel +%doc doc/IANA-arp-parameters doc/api+protocol +%{_includedir}/dhcpctl +%{_includedir}/omapip +%{_libdir}/libdhcpctl.so +%{_libdir}/libomapi.so +%attr(0644,root,root) %{_mandir}/man3/dhcpctl.3.gz +%attr(0644,root,root) %{_mandir}/man3/omapi.3.gz + +%if ! 0%{?_module_build} +%files devel-doc +%doc doc/html/ +%endif + +%changelog +* Tue Oct 11 2022 Martin Osvald - 12:4.3.6-49 +- Fix for CVE-2022-2928 +- Fix for CVE-2022-2929 +- send back dhcp6.vendor-opts again (#2142024) + +* Tue May 10 2022 Martin Osvald - 12:4.3.6-48 +- omshell: add support for hmac-sha512 algorithm (#2016248) + +* Tue Dec 21 2021 Petr Menšík - 12:4.3.6-47 +- Rebuilt on a new side-tag (#2022715) + +* Thu Dec 16 2021 Martin Osvald - 12:4.3.6-46 +- Rebuild with new bind (#2022715) + +* Thu May 27 2021 Pavel Zhukov - 12:4.3.6-45 +- Fix for CVE-2021-25217 + +* Fri Dec 11 2020 Pavel Zhukov - 12:4.3.6-44 +- Rebuild with new bind (#1904613) + +* Wed Nov 25 2020 Pavel Zhukov - 12:4.3.6-43 +- Drop 12-dhcp NM dispatchers script (#1898423) + +* Tue Oct 20 2020 Pavel Zhukov - 12:4.3.6-42 +- Add key-algorithm support. +- Resolves: rhbz#1883999 + +* Mon Apr 20 2020 Artem Egorenkov - 12:4.3.6-41 +- Rebuild with bind-9.11.18 + +* Tue Nov 26 2019 Petr Menšík - 12:4.3.6-40 +- Rebuild with bind-9.11.13 again + +* Tue Nov 26 2019 Pavel Zhukov - 12:4.3.6-39 +- Resolves: #1757475 - Close replay files properly + +* Mon Nov 25 2019 Petr Menšík - 12:4.3.6-38 +- Rebuild with bind-9.11.13 + +* Wed Nov 20 2019 Pavel Zhukov - 12:4.3.6-36 +- Resolves: #1729211 - detect system time changes with monotonic timer + +* Tue Nov 19 2019 Pavel Zhukov - 12:4.3.6-36 +- Resolves: #1757475 - fix FD leak in nonreplay mode + +* Tue Oct 22 2019 Pavel Zhukov - 12:4.3.6-35 +- Rebuild with bind-9.11 + +* Mon May 13 2019 Pavel Zhukov - 12:4.3.6-34 +- Resolves: #1704672 - Fix crash caused by bind rebase + +* Fri Mar 29 2019 Pavel Zhukov - 12:4.3.6-33 +- Resolves: #1673946 - Change default prefix length to 128 +- Add address-prefix-lenght option to change default value +- Fix backporting issues + +* Thu Mar 28 2019 Pavel Zhukov - 12:4.3.6-31 +- Resolves: #1685560 - Drop executable flag from NM dispatcher + +* Mon Dec 17 2018 Pavel Zhukov - 12:4.3.6-30 +- Resolves: 1647786 - Recalculate renew time if it's greater than expirity time + +* Tue Sep 11 2018 Pavel Zhukov - 12:4.3.6-29 +- Related: #1623794 - Drop compat subpackage + +* Tue Sep 11 2018 Pavel Zhukov - 12:4.3.6-28 +- Resolves: #1623794 - Mmap() leases in replay mode only + +* Thu Jul 19 2018 Petr Menšík - 12:4.3.6-25 +- Update to bind 9.11.4 + +* Mon Jun 18 2018 Pavel Zhukov - 12:4.3.6-24 +- Resolves: #1589966 - Handle dhcp4-change event. + +* Thu May 31 2018 Pavel Zhukov - 12:4.3.6-23 +- Always send hardware as identifier + +* Mon May 28 2018 Pavel Zhukov - 12:4.3.6-22 +- Do not use eval in dhclient scripts + +* Mon May 28 2018 Pavel Zhukov - 12:4.3.6-21 +- Bring dhclient.conf back (#1579768) + +* Tue May 15 2018 Pavel Zhukov - 12:4.3.6-20 +- Fix for CVE-2018-1111 + +* Wed Mar 21 2018 Pavel Zhukov - 12:4.3.6-19 +- Don't use run-parts for hooks discovery (#1558612) + +* Fri Mar 09 2018 Pavel Zhukov - 12:4.3.6-18 +- Own ldap schema directory (#1553432) + +* Thu Mar 1 2018 Pavel Zhukov - 12:4.3.6-17 +- Fix CVE-2018-5732 CVE-2018-5733 (#1550246) + +* Thu Feb 22 2018 Petr Menšík - 12:4.3.6-16 +- Compile with recent bind includes, that does not include isc/util.h + +* Thu Feb 22 2018 Petr Menšík - 12:4.3.6-15 +- Do not rely on ignoring case sensitivity of VERSION variable + +* Thu Feb 22 2018 Petr Menšík - 12:4.3.6-14 +- Use bind-export-libs package instead of bind99 +- Use isc-config.sh to configure bind libs +- Change requirement to bind-export-devel + +* Thu Feb 22 2018 Pavel Zhukov - 12:4.3.6-13 +- Do not parse sysconfig/network-scripts if initscripts not installed (#1098172) + +* Wed Feb 07 2018 Fedora Release Engineering - 12:4.3.6-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Feb 03 2018 Igor Gnatenko - 12:4.3.6-11 +- Switch to %%ldconfig_scriptlets + +* Wed Jan 10 2018 Pavel Zhukov - 12:4.3.6-10 +- Use released version + +* Wed Dec 20 2017 Pavel Zhukov - 12:4.3.5-9 +- Change duid_uuid patch to not use std99 feature + +* Fri Dec 8 2017 Pavel Zhukov - 12:4.3.6-8 +- Fix omapi SD leak (#1523547) + +* Thu Nov 9 2017 Pavel Zhukov - 12:4.3.6-7 +- Add patch for proper signal handling with shared context (#1457871) + +* Wed Sep 20 2017 Pavel Zhukov - 12:4.3.6-6 +- Do now override hostname variable in script + +* Sun Sep 10 2017 Peter Robinson 12:4.3.6-5 +- Rebuild for bind 9.9.11 + +* Tue Aug 1 2017 Pavel Zhukov - 12:4.3.6-4 +- Fix typos in dhclient-script + +* Thu Jul 27 2017 Pavel Zhukov - 12:4.3.6-3 +- Recreate /etc/resolv.conf if NetworkManager screwed it up (#1475279) + +* Wed Jul 26 2017 Fedora Release Engineering - 12:4.3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + + +* Fri Jul 14 2017 Pavel Zhukov - 12:4.3.6-1 +- New version 4.3.6 + +* Fri Jul 07 2017 Igor Gnatenko - 12:4.3.5-10 +- Rebuild due to bug in RPM (RHBZ #1468476) + +* Mon Jul 03 2017 Petr Menšík - 12:4.3.5-9 +- Rebuild for bind 9.9.10 + +* Wed May 31 2017 Pavel Zhukov - 12:4.3.5-8 +- Drop chown from the post section + +* Tue May 23 2017 Pavel Zhukov - 12:4.3.5-7 +- Don't open ddns port until it's needed. Credits to Petr Menšík for the original idea + +* Wed Apr 19 2017 Dominika Hodovska - 12:4.3.5-5 +- don't build doxygen documentation during modular build + +* Tue Apr 04 2017 Pavel Zhukov - 12:4.3.5-4 +- Add EnvironmentFile parameter for backward compatibility + +* Fri Feb 10 2017 Fedora Release Engineering - 12:4.3.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Nov 30 2016 Jiri Popelka - 12:4.3.5-2 +- get BUG_REPORT_URL from /etc/os-release (#1399351) + +* Wed Oct 05 2016 Jiri Popelka - 12:4.3.5-1 +- 4.3.5 + +* Mon Sep 12 2016 Jiri Popelka - 12:4.3.5-0.1b1 +- 4.3.5b1 + +* Wed Aug 03 2016 Jiri Popelka - 12:4.3.4-3 +- [dhclient] rename -R option to --request-options (#1357947) +- [dhclient] rename -timeout option to --timeout + +* Thu May 26 2016 Tomas Hozza - 12:4.3.4-2 +- Rebuild against bind99-9.9.9-P1 + +* Fri Apr 29 2016 Jiri Popelka - 12:4.3.4-1 +- 4.3.4 +- disable systemtap (I don't think anybody ever used it) + +* Wed Mar 23 2016 Zdenek Dohnal zdohnal@redhat.com - 12:4.3.3-13.P1 +- Mentioning the bash script is needed in README.dhclient.d + +* Wed Feb 03 2016 Fedora Release Engineering - 12:4.3.3-12.P1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jan 13 2016 Jiri Popelka - 12:4.3.3-11.P1 +- 4.3.3-P1 - fix for CVE-2015-8605 (#1298077) + +* Wed Dec 16 2015 Tomas Hozza - 12:4.3.3-10 +- Rebuild against bind-9.9.8-P2 + +* Mon Dec 14 2015 Jiri Popelka - 12:4.3.3-9 +- implement DUID-UUID (RFC 6355) and make it default DUID type (#560361#60) + +* Tue Nov 24 2015 Jiri Popelka - 12:4.3.3-8 +- dispatcher.d/12-dhcpd: use reset-failed command + +* Mon Nov 23 2015 Jiri Popelka - 12:4.3.3-7 +- dhclient-script: hostname -> hostnamectl --transient + +* Tue Nov 03 2015 Jiri Popelka - 12:4.3.3-6 +- dhclient-script: source ifcfg-* because of PEERDNS (#1277253) + +* Tue Oct 13 2015 Jiri Popelka - 12:4.3.3-5 +- dhclient-script: fix for gateway not in the end of rfc3442 routes list (#1251644) + +* Tue Oct 13 2015 Jiri Popelka - 12:4.3.3-4 +- dhclient-script: make_resolv_conf(): keep old nameservers + if server sends domain-name/search, but no nameservers (#1269595) + +* Tue Sep 22 2015 Jiri Popelka - 12:4.3.3-3 +- dhclient: make sure link-local address is ready in stateless mode (#1263466) + +* Mon Sep 07 2015 Jiri Popelka - 12:4.3.3-2 +- VLAN ID is only bottom 12-bits of TCI (#1259552) + +* Fri Sep 04 2015 Jiri Popelka - 12:4.3.3-1 +- 4.3.3 + +* Tue Aug 11 2015 Jiri Popelka - 12:4.3.3-0.2b1 +- dhclient-script: respect DEFROUTE/GATEWAYDEV if Classless Static Routes are offered (#1251644) + +* Mon Aug 10 2015 Jiri Popelka - 12:4.3.3-0.1b1 +- 4.3.3b1 +- enable krb5/gssapi authentication for OpenLDAP +- enable support for binary insertion of leases + +* Wed Jul 15 2015 Jiri Popelka - 12:4.3.2-12 +- fix ipcalc requires + +* Tue Jul 14 2015 Jiri Popelka - 12:4.3.2-11 +- remove dependency on initscripts (#1098172) +- make path to resolv.conf configurable (#1086425) + +* Thu Jul 09 2015 Jiri Popelka - 12:4.3.2-10 +- spec cleanup + +* Thu Jul 02 2015 Jiri Popelka - 12:4.3.2-9 +- test upstream fix for #866714 (paranoia.patch) + +* Wed Jun 24 2015 Jiri Popelka - 12:4.3.2-8 +- add more randomness into xid generation (#1195693) + +* Wed Jun 17 2015 Fedora Release Engineering - 12:4.3.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue May 26 2015 Jiri Popelka - 12:4.3.2-6 +- dhclient-script: run also scripts in dhclient-[enter/exit]-hooks.d dir + +* Tue Apr 21 2015 Jiri Popelka - 12:4.3.2-5 +- dhclient-script: add a minute to address lifetimes (#1188423) + +* Mon Apr 13 2015 Jiri Popelka - 12:4.3.2-4 +- dhclient-script: amend previous change (#1210984) + +* Wed Mar 25 2015 Jiri Popelka - 12:4.3.2-3 +- dhclient-script: fix shellcheck.net suggestions + +* Fri Mar 13 2015 Tomas Hozza - 12:4.3.2-2 +- rebuild against bind99 9.9.7 package + +* Thu Mar 05 2015 Jiri Popelka - 12:4.3.2-1 +- 4.3.2 + +* Wed Feb 25 2015 Jiri Popelka - 12:4.3.2-0.6b1 +- correctly set IB's hw->hlen (#1185075) + +* Wed Feb 25 2015 Tomas Hozza - 12:4.3.2-0.5b1 +- Rebuild against bind-9.10.2rc2 + +* Tue Feb 17 2015 Jiri Popelka - 12:4.3.2-0.4b1 +- dhclient-script: use 'ip addr replace' for both BOUND & RENEW + +* Tue Feb 17 2015 Jiri Popelka - 12:4.3.2-0.3b1 +- doc/dhclient/dhclient-enter-hooks for dhclient-script debugging + +* Fri Feb 13 2015 Jiri Popelka - 12:4.3.2-0.2b1 +- dhclient-script: s/addr add/addr replace/ + +* Sun Feb 08 2015 Jiri Popelka - 12:4.3.2-0.1b1 +- 4.3.2b1 + +* Tue Feb 03 2015 Jiri Popelka - 12:4.3.1-21 +- send unicast request/release via correct interface (#800561, #1177351) + +* Mon Feb 02 2015 Tomas Hozza - 12:4.3.1-20 +- rebuild against bind-9.10.2rc1 + +* Wed Jan 14 2015 Tomas Hozza - 12:4.3.1-19 +- rebuild against bind 9.10.1-P1 + +* Thu Dec 18 2014 Jiri Popelka - 12:4.3.1-18 +- dhclient: write DUID_LLT even in stateless mode (#1156356) + +* Wed Dec 17 2014 Jiri Popelka - 12:4.3.1-17 +- option 97 - pxe-client-id (#1058674) + +* Wed Nov 19 2014 Jiri Popelka - 12:4.3.1-16 +- amend post scriptlets for #1120656 + +* Mon Nov 10 2014 Jiri Popelka - 12:4.3.1-15 +- dhclient-script: restorecon calls shouldn't be needed + as we have SELinux transition rules (#1161500) + +* Tue Nov 04 2014 Jiri Popelka - 12:4.3.1-14 +- GSSAPI support for ldap authentication (#1150542) + +* Fri Oct 31 2014 Jiri Popelka - 12:4.3.1-13 +- redefine DHCLIENT_DEFAULT_PREFIX_LEN 64 -> 128 + +* Fri Oct 10 2014 Jiri Popelka - 12:4.3.1-12 +- Relay-forward Message's Hop Limit should be 32 (#1147240) + +* Wed Oct 08 2014 Jiri Popelka - 12:4.3.1-11 +- dhcpd generates spurious responses when seeing requests + from vlans on plain interface (#1150587) + +* Fri Oct 03 2014 Tomas Hozza - 12:4.3.1-10 +- rebuild against bind-9.9.6 + +* Thu Sep 04 2014 Jiri Popelka - 12:4.3.1-9 +- [dhclient -6] infinite preferred/valid lifetime represented as -1 (#1133839) + +* Mon Sep 01 2014 Jiri Popelka - 12:4.3.1-8 +- better obsoletes for server & client + +* Sat Aug 30 2014 Kalev Lember - 12:4.3.1-7 +- Fix dhclient obsoletes version + +* Tue Aug 26 2014 Jiri Popelka - 12:4.3.1-6 +- dhclient-script: another improvement of add_ipv6_addr_with_DAD() + +* Mon Aug 25 2014 Jiri Popelka - 12:4.3.1-5 +- spec: use -D with 'install' +- dhclient-script: IPv6 address which fails DAD is auto-removed when it was + added with valid_lft/preferred_lft other then 'forever' (#1133465) + +* Sat Aug 16 2014 Fedora Release Engineering - 12:4.3.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Aug 14 2014 Jiri Popelka - 12:4.3.1-3 +- dhclient-script: one more fix for #1129500 + +* Thu Aug 14 2014 Jiri Popelka - 12:4.3.1-2 +- dhclient-script: PREINIT6: make sure link-local address is available (#1129500) + +* Tue Aug 12 2014 Jiri Popelka - 12:4.3.1-1 +- 4.3.1 + +* Tue Aug 05 2014 Jiri Popelka - 12:4.3.1-0.4.b1 +- dhclient-script: it's OK if the arping reply comes from our system (#1116004) + +* Tue Jul 22 2014 Jiri Popelka - 12:4.3.1-0.3.b1 +- Use network-online.target instead of network.target (#1120656) + +* Fri Jul 11 2014 Tom Callaway 12:4.3.1-0.2.b1 +- fix license handling + +* Thu Jul 10 2014 Jiri Popelka - 12:4.3.1-0.1.b1 +- 4.3.1b1 + +* Thu Jun 12 2014 Filipe Brandenburger - 12:4.3.0-15 +- dhclient-script: fix issue with classless static routes that breaks Fedora 20 on GCE cloud (#1102830) + +* Sat Jun 07 2014 Fedora Release Engineering - 12:4.3.0-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri May 30 2014 Jiri Popelka - 12:4.3.0-13 +- systemtap: fixed dtrace input file (#1102797) + +* Thu May 29 2014 Jiri Popelka - 12:4.3.0-12 +- dhcp-sd_notify.patch BuildRequires: pkgconfig(libsystemd) + +* Wed May 28 2014 Jiri Popelka - 12:4.3.0-11 +- dhclient-script: fix stateless DHCPv6 mode (#1101149) + +* Wed May 07 2014 Jiri Popelka - 12:4.3.0-10 +- use StandardError=null instead of log_perror.patch + +* Tue Mar 18 2014 Jiri Popelka - 12:4.3.0-9 +- support for sending startup notifications to systemd (#1077666) + +* Fri Mar 07 2014 Jiri Popelka - 12:4.3.0-8 +- rename doc subpackage do devel-doc + +* Mon Mar 03 2014 Jaromír Končický - 12:4.3.0-7 +- added 'doc' package containing doxygen-generated documentation + +* Wed Feb 19 2014 Jiri Popelka - 12:4.3.0-6 +- dhclient: rename our -I option to -C as upstream now uses -I + +* Wed Feb 19 2014 Jiri Popelka - 12:4.3.0-5 +- dhclient-script: don't flush all addresses, just the used one + +* Tue Feb 18 2014 Jiri Popelka - 12:4.3.0-4 +- IPoIB: add GUID/DUID to dhcpd logs (#1064416) + +* Mon Feb 17 2014 Jiri Popelka - 12:4.3.0-3 +- don't try to run tests because there's no atf package since F21 + +* Mon Feb 17 2014 Jiri Popelka - 12:4.3.0-2 +- turn on using of DUID with DHCPv4 clients (#560361,c#40) +- remove default /etc/dhcp/dhclient.conf + +* Tue Feb 04 2014 Jiri Popelka - 12:4.3.0-1 +- 4.3.0 + +* Wed Jan 29 2014 Jiri Popelka - 12:4.3.0-0.7.rc1 +- 4.3.0rc1 + +* Tue Jan 28 2014 Jiri Popelka - 12:4.3.0-0.6.b1 +- don't apply retransmission.patch for now (RHBZ#1026565) + +* Sun Jan 26 2014 Kevin Fenzi 12:4.3.0-0.5.b1 +- Rebuild for new bind + +* Tue Jan 21 2014 Jiri Popelka - 12:4.3.0-0.4.b1 +- 4.3.0b1 +- ship dhcp-lease-list.pl +- dhclient-script: don't ping router (#1055181) + +* Mon Jan 13 2014 Jiri Popelka - 12:4.3.0-0.3.a1 +- update address lifetimes on RENEW/RENEW6 (#1032809) + +* Tue Jan 07 2014 Jiri Popelka - 12:4.3.0-0.2.a1 +- make it actually build + +* Thu Dec 19 2013 Jiri Popelka - 12:4.3.0-0.1.a1 +- 4.3.0a1: requires bind-9.9.5 + +* Thu Nov 21 2013 Jiri Popelka - 12:4.2.5-28 +- dhclient-script: set address lifetimes (#1032809) + +* Thu Nov 14 2013 Jiri Popelka - 12:4.2.5-27 +- dhclient-script(RENEW6|REBIND6): delete old ip6_address if it changed (#1015729) + +* Thu Oct 31 2013 Jiri Popelka - 12:4.2.5-26 +- Provide default /etc/dhcp/dhclient.conf +- Client always sends dhcp-client-identifier (#560361) + +* Thu Oct 24 2013 Jiri Popelka - 12:4.2.5-25 +- use upstream patch for #1001742 ([ISC-Bugs #34784]) + +* Mon Oct 07 2013 Jiri Popelka - 12:4.2.5-24 +- dhcpd rejects the udp packet with checksum=0xffff (#1015997) + +* Fri Sep 27 2013 Jiri Popelka - 12:4.2.5-23 +- 'No subnet declaration for ' should be info, not error +- decrease the sleep in 12-dhcpd due to timeout (#1003695#8) + +* Wed Sep 18 2013 Jiri Popelka - 12:4.2.5-22 +- fix segfault introduced with previous commit + +* Tue Sep 17 2013 Jiri Popelka - 12:4.2.5-21 +- 12-dhcpd: wait a few seconds before restarting services (#1003695) +- another solution for #1001742 (#1005814#c10) + +* Thu Sep 12 2013 Jiri Popelka - 12:4.2.5-20 +- bind DHCPv6 client to link-local address instead of 0 address (#1001742) + +* Mon Aug 26 2013 Jiri Popelka - 12:4.2.5-19 +- don't crash on aliased infiniband interface (#996518) + +* Sun Aug 04 2013 Jiri Popelka - 12:4.2.5-18 +- BuildRequires: systemd due to %%{_unitdir} + +* Mon Jul 29 2013 Jiri Popelka - 12:4.2.5-17 +- 12-dhcpd previously exited with error status 1 (#989207) + +* Mon Jul 15 2013 Tomas Hozza - 12:4.2.5-16 +- rebuild against new bind + +* Tue Jul 02 2013 Jiri Popelka - 12:4.2.5-15 +- fix several memory leaks in omapi (#978420) +- remove send_release.patch (#979510) + +* Tue Jun 18 2013 Jiri Popelka - 12:4.2.5-14 +- rebuilt against bind once more + +* Fri Jun 14 2013 Jiri Popelka - 12:4.2.5-13 +- return /etc/sysconfig/dhcpd back, but do NOT use it (#909733) + +* Tue May 14 2013 Adam Williamson - 12:4.2.5-12 +- rebuild against new bind + +* Tue Apr 30 2013 Jiri Popelka - 12:4.2.5-11 +- add missing conversion specifier in log_fatal() call (#957371) + +* Tue Apr 16 2013 Adam Tkac - 12:4.2.5-10 +- rebuild against new bind + +* Wed Apr 03 2013 Tomas Hozza - 12:4.2.5-9 +- Expose next-server DHCPv4 option to dhclient script + +* Tue Mar 26 2013 Jiri Popelka - 12:4.2.5-8 +- describe -user/-group/-chroot in dhcpd.8 + +* Fri Feb 22 2013 Jiri Popelka - 12:4.2.5-7 +- remove triggerun condition (#895475) + +* Wed Feb 13 2013 Fedora Release Engineering - 12:4.2.5-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Jan 24 2013 Jiri Popelka - 12:4.2.5-5 +- remove missing-ipv6-not-fatal.patch because the concerning code is later + removed with getifaddrs.patch + +* Wed Jan 23 2013 Jiri Popelka - 12:4.2.5-4 +- Make sure range6 is correct for subnet6 where it's declared (#902966) + +* Fri Jan 18 2013 Jiri Popelka - 12:4.2.5-3 +- simplify the previously added triggerun scriptlet + +* Thu Jan 17 2013 Jiri Popelka - 12:4.2.5-2 +- during update convert DHC*ARGS from /etc/sysconfig/dhc* + to /etc/systemd/system/dhc*.service (#895475) +- 12-dhcpd NM dispatcher script now restarts also dhcpd6 service + +* Thu Jan 10 2013 Jiri Popelka - 12:4.2.5-1 +- 4.2.5 + +* Wed Jan 02 2013 Jiri Popelka - 12:4.2.5-0.3.rc1 +- run %%check in Fedora only, there's no atf package in RHEL + +* Thu Dec 20 2012 Jiri Popelka - 12:4.2.5-0.2.rc1 +- don't package ancient contrib/* files + +* Thu Dec 20 2012 Jiri Popelka - 12:4.2.5-0.1.rc1 +- 4.2.5rc1 + - added %%check - upstream unit tests (Automated Test Framework - ATF) + +* Fri Nov 30 2012 Jiri Popelka - 12:4.2.4-23.P2 +- fix two resource leaks in lpf-ib.patch + +* Mon Nov 26 2012 Jiri Popelka - 12:4.2.4-22.P2 +- add After=time-sync.target to dhcpd[6].service (#878293) +- remove groff from BuildRequires (no idea why it's been there) + +* Fri Nov 16 2012 Jiri Popelka - 12:4.2.4-21.P2 +- multiple key statements in zone definition causes inappropriate error (#873794) + +* Fri Oct 26 2012 Jiri Popelka - 12:4.2.4-20.P2 +- fix path to dhcpd6.leases in dhcpd6.conf.sample (#870458) + +* Wed Oct 17 2012 Jiri Popelka - 12:4.2.4-19.P2 +- dhcpd needs to chown leases file created before de-rooting itself (#866714) + +* Thu Oct 11 2012 Adam Tkac - 12:4.2.4-18.P2 +- rebuild against new bind-libs-lite + +* Tue Oct 09 2012 Jiri Popelka - 12:4.2.4-17.P2 +- do-forward-updates statement wasn't recognized (#863646) + +* Wed Sep 26 2012 Jiri Popelka - 12:4.2.4-16.P2 +- dhclient-usage.patch+part of manpages.patch merged with dhclient-options.patch + +* Thu Sep 13 2012 Tomas Hozza - 12:4.2.4-15.P2 +- 4.2.4-P2: fix for CVE-2012-3955 (#856770) + +* Fri Aug 24 2012 Tomas Hozza - 12:4.2.4-14.P1 +- SystemD unit files don't use Environment files any more (#850558) +- NetworkManager dispatcher script doesn't use DHCPDARGS any more + +* Wed Aug 22 2012 Tomas Hozza - 12:4.2.4-13.P1 +- fixed SPEC file so it comply with new systemd-rpm macros guidelines (#850089) + +* Mon Aug 20 2012 Tomas Hozza - 12:4.2.4-12.P1 +- dhclient-script: fixed CONFIG variable value passed to need_config (#848858) +- dhclient-script: calling dhclient-up-hooks after setting up route, gateways + & interface alias (#848869) + +* Fri Aug 17 2012 Jiri Popelka - 12:4.2.4-11.P1 +- don't build libdst, it hasn't been used since 4.2.0 (#849166) + +* Fri Jul 27 2012 Jiri Popelka - 12:4.2.4-10.P1 +- isc_time_nowplusinterval() is not safe with 64-bit time_t (#662254, #789601) + +* Fri Jul 27 2012 Fedora Release Engineering - 12:4.2.4-9.P1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jul 25 2012 Tomas Hozza - 12:4.2.4-8.P1 +- Dhclient does not correctly parse zero-length options in + dhclient6.leases (#633318) + +* Wed Jul 25 2012 Tomas Hozza - 12:4.2.4-7.P1 +- 4.2.4-P1: fix for CVE-2012-3570 CVE-2012-3571 and CVE-2012-3954 (#842892) + +* Mon Jul 23 2012 Jiri Popelka - 12:4.2.4-6 +- ib.patch: added fall-back method (using ioctl(SIOCGIFHWADDR)) when getting + of HW address with getifaddrs() fails (#626514-c#63, #840601). + +* Mon Jul 23 2012 Tomas Hozza - 12:4.2.4-5 +- Dhcpd does not correctly follow DhcpFailOverPeerDN (#838400) + +* Wed Jul 18 2012 Jiri Popelka - 12:4.2.4-4 +- allow dhcpd to listen on alias interfaces (#840601) + +* Mon Jul 09 2012 Tomas Hozza - 12:4.2.4-3 +- changed list of %%verify on the leases files (#837474) + +* Mon Jun 18 2012 Jiri Popelka - 12:4.2.4-2 +- define $SAVEDIR in dhclient-script (#833054) + +* Wed Jun 06 2012 Jiri Popelka - 12:4.2.4-1 +- 4.2.4 + +* Tue Jun 05 2012 Jiri Popelka - 12:4.2.4-0.8.rc2 +- return prematurely removed 12-dhcpd (NM dispatcher script) (#828522) + +* Fri May 25 2012 Jiri Popelka - 12:4.2.4-0.7.rc2 +- getifaddrs.patch: use HAVE_SA_LEN macro + +* Wed May 23 2012 Jiri Popelka - 12:4.2.4-0.6.rc2 +- 4.2.4rc2 + +* Mon May 07 2012 Jiri Popelka - 12:4.2.4-0.5.rc1 +- dhcpd.service: explicitly add -cf to indicate what conf file we use (#819325) +- no need to copy /etc/*.conf to /etc/dhcp/*.conf in %%prep anymore + +* Tue May 01 2012 Jiri Popelka - 12:4.2.4-0.4.rc1 +- 4.2.4rc1 + +* Thu Apr 26 2012 Jiri Popelka - 12:4.2.4-0.3.b1 +- remove inherit-leases.patch - it's probably not needed anymore (#815355) + +* Wed Apr 18 2012 Jiri Popelka - 12:4.2.4-0.2.b1 +- update paths.patch and source URL + +* Mon Apr 16 2012 Jiri Popelka - 12:4.2.4-0.1.b1 +- 4.2.4b1: noprefixavail.patch merged upstream + +* Fri Mar 30 2012 Jiri Popelka - 12:4.2.3-25.P2 +- move dhclient & dhclient-script from /sbin to /usr/sbin + +* Fri Mar 23 2012 Jiri Popelka - 12:4.2.3-24.P2 +- one more fix (#806342) + +* Fri Mar 23 2012 Jiri Popelka - 12:4.2.3-23.P2 +- improve #449946 fix (#806342) + +* Wed Mar 21 2012 Jiri Popelka - 12:4.2.3-22.P2 +- RFC5970 - DHCPv6 Options for Network Boot (#798735) + +* Wed Mar 21 2012 Jiri Popelka - 12:4.2.3-21.P2 +- don't use fallback_interface when releasing lease (#800561) + +* Wed Mar 21 2012 Jiri Popelka - 12:4.2.3-20.P2 +- use getifaddrs() to scan for interfaces on Linux (#449946) + +* Wed Feb 22 2012 Jiri Popelka - 12:4.2.3-19.P2 +- don't send log messages to the standard error descriptor by default (#790387) + +* Mon Feb 13 2012 Jiri Popelka - 12:4.2.3-18.P2 +- -timeout option (command line) with value 3 or less was driving dhclient mad (#789719) + +* Tue Feb 07 2012 Jiri Popelka - 12:4.2.3-17.P2 +- dhclient-script: install link-local static routes with correct scope (#787318) + +* Wed Feb 1 2012 Adam Williamson - 12:4.2.3-16.P2 +- rebuild for new bind-libs-lite + +* Tue Jan 31 2012 Jiri Popelka - 12:4.2.3-15.P2 +- revert previous change (#782499) +- remove the rest of the sysvinit scriptlets + +* Tue Jan 17 2012 Jiri Popelka - 12:4.2.3-14.P2 +- use PrivateTmp=true in service files (#782499) + +* Fri Jan 13 2012 Jiri Popelka - 12:4.2.3-13.P2 +- 4.2.3-P2: fix for CVE-2011-4868 (#781246) +- clean up old Provides and Obsoletes + +* Fri Jan 13 2012 Fedora Release Engineering - 12:4.2.3-12.P1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Dec 21 2011 Jiri Popelka - 12:4.2.3-11.P1 +- revert change made in 4.2.3-3 because of failing failover inicialization (#765967) + the procedure is now: + init lease file, init failover, init PID file, change effective user/group ID +- don't need to fix lease files ownership before starting service +- dhclient-script: allow static route with a 0.0.0.0 next-hop address (#769463) + +* Tue Dec 20 2011 Jiri Popelka - 12:4.2.3-10.P1 +- hopefully we don't need 12-dhcpd anymore as 'After=network.target' + in dhcpd[6].service should take care of the original problem (#565921) + +* Mon Dec 19 2011 Jiri Popelka - 12:4.2.3-9.P1 +- don't ship legacy SysV initscripts +- dhcpd6: move '-cf /etc/dhcp/dhcpd6.conf' from sysconfig/dhcpd6 to dhcpd6.service +- run 'chown -R dhcpd:dhcpd /var/lib/dhcpd/' before starting dhcpd/dhcpd6 service + for the case where leases file is owned by root:root as a + consequence of running dhcpd without '-user dhcpd -group dhcpd' (#744292) + +* Fri Dec 09 2011 Jiri Popelka - 12:4.2.3-8.P1 +- 4.2.3-P1: fix for CVE-2011-4539 (#765681) + +* Thu Nov 24 2011 Jiri Popelka - 12:4.2.3-7 +- Send DHCPDECLINE and exit(2) when duplicate address was detected and + dhclient had been started with '-1' (#756759). +- Don't build with -D_GNU_SOURCE, configure.ac uses AC_USE_SYSTEM_EXTENSIONS + +* Mon Nov 14 2011 Adam Tkac - 12:4.2.3-6 +- rebuild against new bind + +* Fri Nov 11 2011 Jiri Popelka - 12:4.2.3-5 +- dhclient-script: arping address in BOUND|RENEW|REBIND|REBOOT (#752116) + +* Wed Oct 26 2011 Fedora Release Engineering - 12:4.2.3-4 +- Rebuilt for glibc bug#747377 + +* Wed Oct 26 2011 Jiri Popelka - 12:4.2.3-3 +- Write lease file AFTER changing of the effective user/group ID. +- Move omshell from dhcp-common to main package (where it originally was). + +* Thu Oct 20 2011 Jiri Popelka - 12:4.2.3-2 +- Write PID file BEFORE changing of the effective user/group ID. +- Really define _hardened_build this time + +* Thu Oct 20 2011 Jiri Popelka - 12:4.2.3-1 +- 4.2.3 + +* Tue Oct 18 2011 Jiri Popelka - 12:4.2.3-0.1.rc1 +- 4.2.3rc1 + +* Sun Oct 09 2011 Jiri Popelka - 12:4.2.2-12 +- change ownership of /var/lib/dhcpd/ to dhcpd:dhcpd (#744292) +- no need to drop capabilies in dhcpd since it's been running as regular user + +* Fri Sep 30 2011 Jiri Popelka - 12:4.2.2-11 +- 56dhclient: ifcfg file was not sourced (#742482) + +* Thu Sep 29 2011 Jiri Popelka - 12:4.2.2-10 +- dhclient-script: address alias handling fixes from Scott Shambarger (#741786) + +* Thu Sep 22 2011 Jiri Popelka - 12:4.2.2-9 +- dhclient-script: do not backup&restore /etc/resolv.conf and /etc/localtime. + +* Wed Sep 21 2011 Jiri Popelka - 12:4.2.2-8 +- SystemTap support: spec file change, some dummy probes, tapset, simple script + +* Mon Sep 19 2011 Jiri Popelka - 12:4.2.2-7 +- Support for IPoIB (IP over InfiniBand) interfaces (#660681) +- Hopefully last tweak of adding of user and group (#699713) + +* Fri Sep 09 2011 Jiri Popelka - 12:4.2.2-6 +- PIE-RELRO.patch is not needed anymore, defining _hardened_build does the same +- One more tweak of adding of user and group (#699713) + +* Fri Sep 09 2011 Adam Tkac - 12:4.2.2-5 +- rebuild against new bind + +* Fri Aug 26 2011 Jiri Popelka - 12:4.2.2-4 +- Fix adding of user and group (#699713) + +* Fri Aug 19 2011 Jiri Popelka - 12:4.2.2-3 +- Tighten explicit libs sub-package requirement so that it includes + the correct architecture as well. + +* Fri Aug 12 2011 Jiri Popelka - 12:4.2.2-2 +- #699713: + - Use '--enable-paranoia --enable-early-chroot' configure flags + - Create/delete dhcpd user in %%post/%%postun + - Run dhcpd/dhcpd6 services with '-user dhcpd -group dhcpd' + +* Thu Aug 11 2011 Jiri Popelka - 12:4.2.2-1 +- 4.2.2: fix for CVE-2011-2748, CVE-2011-2749 (#729850) + +* Wed Aug 10 2011 Jiri Popelka - 12:4.2.2-0.4.rc1 +- Do not ship default /etc/dhcp/dhclient.conf (#560361,c#9) + +* Mon Jul 25 2011 Jiri Popelka - 12:4.2.2-0.3.rc1 +- Improve capabilities patch to be able to run with PARANOIA & EARLY_CHROOT (#699713) + +* Mon Jul 18 2011 Jiri Popelka - 12:4.2.2-0.2.rc1 +- 4.2.2rc1 + +* Fri Jul 01 2011 Jiri Popelka - 12:4.2.2-0.1.b1 +- 4.2.2b1: upstream merged initialization-delay.patch +- Drop all capabilities in dhcpd/dhcrelay (#699713) + +* Fri Jun 17 2011 Jiri Popelka - 12:4.2.1-12.P1 +- Removed upstream-merged IFNAMSIZ.patch +- Polished patches according to results from static analysis of code. + +* Thu Jun 16 2011 Jiri Popelka - 12:4.2.1-11.P1 +- Add triggerpostun scriptlet tied to dhcp-sysvinit +- Make it possible to build without downstream patches (Kamil Dudka) + +* Tue May 17 2011 Jiri Popelka - 12:4.2.1-10.P1 +- Fix typo in triggerun scriptlet (#705417) + +* Mon May 16 2011 Jiri Popelka - 12:4.2.1-9.P1 +- Packages dhcp/dhclient/dhcp-common explicitly require the libs sub-package + with the same version and release (bug #705037). +- Fix triggerun scriptlet + +* Mon May 09 2011 Jiri Popelka - 12:4.2.1-8.P1 +- Fix 11-dhclient to export variables (#702735) + +* Fri Apr 29 2011 Jiri Popelka - 12:4.2.1-7.P1 +- Comply with guidelines for systemd services + +* Wed Apr 27 2011 Jiri Popelka - 12:4.2.1-6.P1 +- Fix NetworkManager dispatcher script for dhcpd to support arbitrary interface names + +* Wed Apr 06 2011 Jiri Popelka - 12:4.2.1-5.P1 +- Better fix for CVE-2011-0997: making domain-name check more lenient (#694005) + +* Wed Apr 06 2011 Jiri Popelka - 12:4.2.1-4.P1 +- 4.2.1-P1: fix for CVE-2011-0997 (#694005) + +* Fri Mar 25 2011 Jiri Popelka - 12:4.2.1-3 +- Polished patches according to results from static analysis of code. + +* Mon Mar 07 2011 Rex Dieter - 12:4.2.1-2 +- rebuild (bind) + +* Wed Mar 02 2011 Jiri Popelka - 12:4.2.1-1 +- 4.2.1 + +* Wed Feb 23 2011 Jiri Popelka - 12:4.2.1-0.6.rc1 +- 4.2.1rc1 +- Fixed typo in dhclient.leases(5) (#676284) + +* Mon Feb 21 2011 Adam Tkac - 12:4.2.1-0.5.b1 +- rebuild against new bind-libs-lite + +* Tue Feb 08 2011 Fedora Release Engineering - 12:4.2.1-0.4.b1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 31 2011 Jiri Popelka - 12:4.2.1-0.3.b1 +- Prevent anything under _docdir from being scanned. (#674058) + +* Fri Jan 28 2011 Jiri Popelka - 12:4.2.1-0.2.b1 +- dhclient-script improvements, thanks to Ville Skyttä (#672279) + +* Thu Jan 27 2011 Jiri Popelka - 12:4.2.1-0.1.b1 +- 4.2.1b1: fix for CVE-2011-0413 (#672996) +- No longer need invalid-dhclient-conf, parse_date and release6-elapsed patches + +* Thu Jan 13 2011 Jiri Popelka - 12:4.2.0-26.P2 +- Fix loading of configuration when LDAP is used (#668276) + +* Mon Jan 03 2011 Jiri Popelka - 12:4.2.0-25.P2 +- Fix OMAPI (#666441) + +* Tue Dec 21 2010 Jiri Popelka - 12:4.2.0-24.P2 +- Provide default /etc/dhcp/dhclient.conf +- Client always sends dhcp-client-identifier (#560361) + +* Wed Dec 15 2010 Jiri Popelka - 12:4.2.0-23.P2 +- Add dhcp-common subpackage (#634673) + +* Mon Dec 13 2010 Jiri Popelka - 12:4.2.0-22.P2 +- 4.2.0-P2: fix for CVE-2010-3616 (#662326) +- Use upstream fix for #628258 +- Provide versioned symbols for rpmlint + +* Tue Dec 07 2010 Jiri Popelka - 12:4.2.0-21.P1 +- Porting dhcpd/dhcpd6/dhcrelay services from SysV to Systemd + +* Tue Nov 23 2010 Jiri Popelka - 12:4.2.0-20.P1 +- Remove explicit Obsoletes (#656310) + +* Fri Nov 19 2010 Dan Horák - 12:4.2.0-19.P1 +- fix build on sparc and s390 + +* Tue Nov 09 2010 Jiri Popelka - 12:4.2.0-18.P1 +- Applied Patrik Lahti's patch for DHCPv6 over PPP support (#626514) + +* Fri Nov 05 2010 Jiri Popelka - 12:4.2.0-17.P1 +- fix broken dependencies + +* Thu Nov 04 2010 Jiri Popelka - 12:4.2.0-16.P1 +- 4.2.0-P1: fix for CVE-2010-3611 (#649880) +- dhclient-script: when updating 'search' statement in resolv.conf, + add domain part of hostname if it's not already there (#637763) + +* Wed Oct 20 2010 Adam Tkac - 12:4.2.0-15 +- build dhcp's libraries as shared libs instead of static libs + +* Wed Oct 20 2010 Adam Tkac - 12:4.2.0-14 +- fire away bundled BIND source + +* Wed Oct 20 2010 Adam Tkac - 12:4.2.0-13 +- improve PIE patch (build libraries with -fpic, not with -fpie) + +* Wed Oct 13 2010 Jiri Popelka - 12:4.2.0-12 +- Server was ignoring client's + Solicit (where client included address/prefix as a preference) (#634842) + +* Thu Oct 07 2010 Jiri Popelka - 12:4.2.0-11 +- Use ping instead of arping in dhclient-script to handle + not-on-local-net gateway in ARP-less device (#524298) + +* Thu Oct 07 2010 Jiri Popelka - 12:4.2.0-10 +- Check whether there is any unexpired address in previous lease + prior to confirming (INIT-REBOOT) the lease (#585418) + +* Mon Oct 04 2010 Jiri Popelka - 12:4.2.0-9 +- RFC 3442 - ignore Router option only if + Classless Static Routes option contains default router + +* Thu Sep 30 2010 Jiri Popelka - 12:4.2.0-8 +- Explicitly clear the ARP cache and flush all addresses & routes + instead of bringing the interface down (#574568) + +* Tue Sep 07 2010 Jiri Popelka - 12:4.2.0-7 +- Hardening dhcpd/dhcrelay/dhclient by making them PIE & RELRO + +* Thu Sep 02 2010 Jiri Popelka - 12:4.2.0-6 +- Another fix for handling time values on 64-bit platforms (#628258) + +* Wed Sep 01 2010 Jiri Popelka - 12:4.2.0-5 +- Fix parsing of lease file dates & times on 64-bit platforms (#628258) + +* Tue Aug 31 2010 Jiri Popelka - 12:4.2.0-4 +- RFC 3442 - Classless Static Route Option for DHCPv4 (#516325) + +* Fri Aug 20 2010 Jiri Popelka - 12:4.2.0-3 +- Add DHCRELAYARGS variable to /etc/sysconfig/dhcrelay + +* Fri Jul 30 2010 Jiri Popelka - 12:4.2.0-2 +- Add 12-dhcpd NM dispatcher script (#565921) +- Rename 10-dhclient to 11-dhclient (10-sendmail already exists) + +* Wed Jul 21 2010 Jiri Popelka - 12:4.2.0-1 +- 4.2.0: includes ldap-for-dhcp + +* Mon Jul 12 2010 Jiri Popelka - 12:4.1.1-26.P1 +- Add LICENSE file to dhclient subpackage. + +* Thu Jul 01 2010 Jiri Popelka - 12:4.1.1-25.P1 +- Adhere to Static Library Packaging Guidelines (#609605) + +* Tue Jun 29 2010 Jiri Popelka - 12:4.1.1-24.P1 +- Fix parsing of date (#514828) + +* Thu Jun 03 2010 Jiri Popelka - 12:4.1.1-23.P1 +- 4.1.1-P1: pair of bug fixes including one for CVE-2010-2156 (#601405) +- Compile with -fno-strict-aliasing + +* Mon May 03 2010 Jiri Popelka - 12:4.1.1-22 +- Fix the initialization-delay.patch (#587070) + +* Thu Apr 29 2010 Jiri Popelka - 12:4.1.1-21 +- Cut down the 0-4 second delay before sending first DHCPDISCOVER (#587070) + +* Wed Apr 28 2010 Jiri Popelka - 12:4.1.1-20 +- Move /etc/NetworkManager/dispatcher.d/10-dhclient script + from dhcp to dhclient subpackage (#586999) + +* Wed Apr 28 2010 Jiri Popelka - 12:4.1.1-19 +- Add domain-search to the list of default requested DHCP options (#586906) + +* Wed Apr 21 2010 Jiri Popelka - 12:4.1.1-18 +- If the Reply was received in response to Renew or Rebind message, + client adds any new addresses in the IA option to the IA (#578097) + +* Mon Apr 19 2010 Jiri Popelka - 12:4.1.1-17 +- Fill in Elapsed Time Option in Release/Decline messages (#582939) + +* Thu Mar 25 2010 Jiri Popelka - 12:4.1.1-16 +- In client initiated message exchanges stop retransmission + upon reaching the MRD rather than at some point after it (#559153) + +* Wed Mar 24 2010 Jiri Popelka - 12:4.1.1-15 +- In dhclient-script check whether bound address + passed duplicate address detection (DAD) (#559147) +- If the bound address failed DAD (is found to be in use on the link), + the dhcpv6 client sends a Decline message to the server + as described in section 18.1.7 of RFC-3315 (#559147) + +* Fri Mar 19 2010 Jiri Popelka - 12:4.1.1-14 +- Fix UseMulticast.patch to not repeatedly parse dhcpd.conf for unicast option +- Fix dhclient-script to set interface MTU only when it's greater than 576 (#574629) + +* Fri Mar 12 2010 Jiri Popelka - 12:4.1.1-13 +- Discard unicast Request/Renew/Release/Decline message + (unless we set unicast option) and respond with Reply + with UseMulticast Status Code option (#573090) +- Remove DHCPV6 OPERATION section from dhclient.conf.5 + describing deprecated 'send dhcp6.oro' syntax + +* Thu Feb 25 2010 Jiri Popelka - 12:4.1.1-12 +- Fix paths in man pages (#568031) +- Remove odd tests in %%preun + +* Mon Feb 22 2010 Jiri Popelka - 12:4.1.1-11 +- Add interface-mtu to the list of default requested DHCP options (#566873) + +* Fri Feb 19 2010 Jiri Popelka - 12:4.1.1-10 +- Fix pm-utils/sleep.d/ directory ownership conflict + +* Fri Feb 19 2010 Jiri Popelka - 12:4.1.1-9 +- In dhclient-script: + - use ip command options '-4' or '-6' as shortcuts for '-f[amily] inet' resp. '-f[amily] inet6' + - do not use IP protocol family identifier with 'ip link' + +* Thu Feb 18 2010 Jiri Popelka - 12:4.1.1-8 +- Fix installation of pm-utils script (#479639, c#16) + +* Tue Feb 16 2010 Jiri Popelka - 12:4.1.1-7 +- ldap-for-dhcp-4.1.1-2 (#564810) + +* Tue Feb 16 2010 Jiri Popelka - 12:4.1.1-6 +- Fix ldap patch to explicitly link with liblber (#564810) + +* Mon Feb 08 2010 Jiri Popelka - 12:4.1.1-5 +- Fix dhclient-decline-backoff.patch (#562854) + +* Fri Feb 05 2010 Jiri Popelka - 12:4.1.1-4 +- Fix dhclient-script to delete address which the client is going to release + as soon as it begins the Release message exchange process (#559142) + +* Wed Feb 03 2010 Jiri Popelka - 12:4.1.1-3 +- move /etc/dhcp.conf to /etc/dhcp.conf.rpmsave in %%post (#561094) +- document -nc option in dhclient(8) man page + +* Tue Feb 02 2010 Jiri Popelka - 12:4.1.1-2 +- Fix capability patch (#546765) + +* Wed Jan 20 2010 Jiri Popelka - 12:4.1.1-1 +- Upgraded to ISC dhcp-4.1.1 + +* Mon Jan 18 2010 Jiri Popelka - 12:4.1.0p1-18 +- Hide startup info when starting dhcpd6 service. +- Remove -TERM from calling killproc when stopping dhcrelay (#555672) + +* Fri Jan 15 2010 Jiri Popelka - 12:4.1.0p1-17 +- Added init script to also start dhcpd for IPv6 (#552453) +- Added dhcpd6.conf.sample + +* Thu Jan 07 2010 Jiri Popelka - 12:4.1.0p1-16 +- Use %%global instead of %%define. + +* Mon Dec 14 2009 Jiri Popelka - 12:4.1.0p1-15 +- dhclient logs its pid to make troubleshooting NM managed systems + with multiple dhclients running easier (#546792) + +* Mon Nov 23 2009 Jiri Popelka - 12:4.1.0p1-14 +- Honor DEFROUTE=yes|no for all connection types (#530209) + +* Fri Oct 30 2009 Jiri Popelka - 12:4.1.0p1-13 +- Make dhclient-script add IPv6 address to interface (#531997) + +* Tue Oct 13 2009 Jiri Popelka - 12:4.1.0p1-12 +- Fix 56dhclient so network comes back after suspend/hibernate (#527641) + +* Thu Sep 24 2009 Jiri Popelka - 12:4.1.0p1-11 +- Make dhcpd and dhcrelay init scripts LSB compliant (#522134, #522146) + +* Mon Sep 21 2009 David Cantrell - 12:4.1.0p1-10 +- Obsolete the dhcpv6 and dhcpv6-client packages + +* Fri Sep 18 2009 David Cantrell - 12:4.1.0p1-9 +- Update dhclient-script with handlers for DHCPv6 states + +* Wed Aug 26 2009 David Cantrell - 12:4.1.0p1-8 +- Conditionalize restorecon calls in post scriptlets (#519479) + +* Wed Aug 26 2009 David Cantrell - 12:4.1.0p1-7 +- Do not require policycoreutils for post scriptlet (#519479) + +* Fri Aug 21 2009 David Cantrell - 12:4.1.0p1-6 +- BR libcap-ng-devel (#517649) + +* Tue Aug 18 2009 David Cantrell - 12:4.1.0p1-5 +- Drop unnecessary capabilities in dhclient (#517649) + +* Fri Aug 14 2009 David Cantrell - 12:4.1.0p1-4 +- Upgrade to latest ldap-for-dhcp patch which makes sure that only + dhcpd links with OpenLDAP (#517474) + +* Wed Aug 12 2009 David Cantrell - 12:4.1.0p1-3 +- Update NetworkManager dispatcher script to remove case conversion + and source /etc/sysconfig/network + +* Thu Aug 06 2009 David Cantrell - 12:4.1.0p1-2 +- Add /usr/lib[64]/pm-utils/sleep.d/56dhclient to handle suspend and + resume with active dhclient leases (#479639) + +* Wed Aug 05 2009 David Cantrell - 12:4.1.0p1-1 +- Upgrade to dhcp-4.1.0p1, which is the official upstream release to fix + CVE-2009-0692 + +* Wed Aug 05 2009 David Cantrell - 12:4.1.0-27 +- Fix for CVE-2009-0692 +- Fix for CVE-2009-1892 (#511834) + +* Fri Jul 24 2009 Fedora Release Engineering - 12:4.1.0-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Jul 23 2009 David Cantrell - 12:4.1.0-25 +- Include NetworkManager dispatcher script to run dhclient.d scripts (#459276) + +* Thu Jul 09 2009 David Cantrell - 12:4.1.0-24 +- Ensure 64-bit platforms parse lease file dates & times correctly (#448615) + +* Thu Jul 09 2009 David Cantrell - 12:4.1.0-23 +- Upgrade to ldap-for-dhcp-4.1.0-4 + +* Wed Jul 01 2009 David Cantrell - 12:4.1.0-22 +- Set permissions on /etc/dhcp to 0750 (#508247) +- Update to new ldap-for-dhcp patch set +- Correct problems when upgrading from a previous release and your + dhcpd.conf file not being placed in /etc/dhcp (#506600) + +* Fri Jun 26 2009 David Cantrell - 12:4.1.0-21 +- Handle cases in add_timeout() where the function is called with a NULL + value for the 'when' parameter (#506626) +- Fix SELinux denials in dhclient-script when the script makes backup + configuration files and restores them later (#483747) + +* Wed May 06 2009 David Cantrell - 12:4.1.0-20 +- Obsolete libdhcp4client <= 12:4.0.0-34.fc10 (#499290) + +* Mon Apr 20 2009 David Cantrell - 12:4.1.0-19 +- Restrict interface names given on the dhcpd command line to length + IFNAMSIZ or shorter (#441524) +- Change to /etc/sysconfig/network-scripts in dhclient-script before + calling need_config or source_config (#496233) + +* Mon Apr 20 2009 David Cantrell - 12:4.1.0-18 +- Make dhclient-script work with pre-configured wireless interfaces (#491157) + +* Thu Apr 16 2009 David Cantrell - 12:4.1.0-17 +- Fix setting default route when client IP address changes (#486512, #473658) +- 'reload' and 'try-restart' on dhcpd and dhcrelay init scripts + will display usage information and return code 3 + +* Mon Apr 13 2009 David Cantrell - 12:4.1.0-16 +- Correct %%post problems in dhclient package (#495361) +- Read hooks scripts from /etc/dhcp (#495361) +- Update to latest ldap-for-dhcp + +* Fri Apr 03 2009 David Cantrell - 12:4.1.0-15 +- Obsolete libdhcp and libdhcp-devel (#493547) + +* Thu Apr 02 2009 David Cantrell - 12:4.1.0-14 +- Obsolete libdhcp and libdhcp-devel (#493547) + +* Tue Mar 31 2009 David Cantrell - 12:4.1.0-13 +- dhclient obsoletes libdhcp4client (#493213) +- dhcp-devel obsolets libdhcp4client-devel (#493213) + +* Wed Mar 11 2009 David Cantrell - 12:4.1.0-12 +- Fix problems with dhclient.d script execution (#488864) + +* Mon Mar 09 2009 David Cantrell - 12:4.1.0-11 +- Use LDAP configuration patch from upstream tarball + +* Thu Mar 05 2009 David Cantrell - 12:4.1.0-10 +- restorecon fixes for /etc/localtime and /etc/resolv.conf (#488470) + +* Tue Feb 24 2009 Fedora Release Engineering - 12:4.1.0-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Feb 18 2009 David Cantrell - 12:4.1.0-8 +- Correct subsystem execution in dhclient-script (#486251) + +* Wed Feb 18 2009 David Cantrell - 12:4.1.0-7 +- Do not segfault if the ipv6 kernel module is not loaded (#486097) + +* Mon Feb 16 2009 David Cantrell - 12:4.1.0-6 +- Enable dhcpv6 support (#480798) +- Fix config file migration in scriptlets (#480543) +- Allow dhclient-script expansion with /etc/dhcp/dhclient.d/*.sh scripts + +* Thu Jan 15 2009 Tomas Mraz - 12:4.1.0-5 +- rebuild with new openssl + +* Tue Jan 13 2009 David Cantrell - 12:4.1.0-4 +- Updated LSB init script header to reference /etc/dhcp/dhcpd.conf (#479012) + +* Sun Jan 11 2009 David Cantrell - 12:4.1.0-3 +- Correct syntax errors in %%post script (#479012) + +* Sat Jan 10 2009 David Cantrell - 12:4.1.0-2 +- Make sure all /etc/dhcp config files are marked in the manifest +- Include new config file directies in the dhcp and dhclient packages +- Do not overwrite new config files if they already exist + +* Tue Jan 06 2009 David Cantrell - 12:4.1.0-1 +- Upgraded to ISC dhcp-4.1.0 +- Had to rename the -T option to -timeout as ISC is now using -T +- Allow package rebuilders to easily enable DHCPv6 support with: + rpmbuild --with DHCPv6 dhcp.spec + Note that Fedora is still using the 'dhcpv6' package, but some + users may want to experiment with the ISC DHCPv6 implementation + locally. + +* Thu Dec 18 2008 David Cantrell - 12:4.0.0-34 +- Move /etc/dhclient.conf to /etc/dhcp/dhclient.conf +- Move /etc/dhcpd.conf to /etc/dhcp/dhcpd.conf + +* Thu Dec 18 2008 David Cantrell - 12:4.0.0-33 +- Remove unnecessary success/failure lines in init scripts (#476846) + +* Wed Dec 03 2008 David Cantrell - 12:4.0.0-32 +- Enable LDAP/SSL support in dhcpd (#467740) +- Do not calculate a prefix for an address we did not receive (#473885) +- Removed libdhcp4client because libdhcp has been removed from Fedora + +* Wed Oct 29 2008 David Cantrell - 12:4.0.0-31 +- Use O_CLOEXEC in open(2) calls and "e" mode in fopen(3) calls, build + with -D_GNU_SOURCE so we pick up O_CLOEXEC (#468984) +- Add missing prototype for validate_port() in common/inet.c + +* Thu Oct 23 2008 David Cantrell - 12:4.0.0-30 +- Fix dhclient.conf man page and sample config file to say 'supersede + domain-search', which is what was actually demonstrated (#467955) + +* Wed Oct 01 2008 David Cantrell - 12:4.0.0-29 +- Make sure /etc/resolv.conf has restorecon run on it (#451560) + +* Tue Sep 30 2008 David Cantrell - 12:4.0.0-28 +- Forgot to actually include (#438149) + +* Tue Sep 30 2008 David Cantrell - 12:4.0.0-27 +- Fix patch fuzziness and include errno.h in includes/dhcpd.h (#438149) + +* Tue Sep 30 2008 David Cantrell - 12:4.0.0-26 +- Validate port numbers for dhclient, dhcpd, and dhcrelay to ensure + that are within the correct range (#438149) + +* Mon Sep 29 2008 David Cantrell - 12:4.0.0-25 +- Fix dhcpd so it can find configuration data via LDAP (#452985) + +* Tue Sep 16 2008 David Cantrell - 12:4.0.0-24 +- 'server' -> 'service' in dhclient-script (#462343) + +* Fri Aug 29 2008 David Cantrell - 12:4.0.0-23 +- Prevent $metric from being set to '' (#460640) +- Remove unnecessary warning messages +- Do not source config file (ifcfg-DEVICE) unless it exists + +* Sun Aug 24 2008 David Cantrell - 12:4.0.0-22 +- Add missing '[' to dhclient-script (#459860) +- Correct test statement in add_default_gateway() in dhclient-script (#459860) + +* Sat Aug 23 2008 David Cantrell - 12:4.0.0-21 +- Fix syntax error in dhclient-script (#459860) + +* Fri Aug 22 2008 David Cantrell - 12:4.0.0-20 +- Rewrite of /sbin/dhclient-script (make the script a little more readable, + discontinue use of ifconfig in favor of ip, store backup copies of orig + files in /var rather than in /etc) + +* Wed Aug 06 2008 David Cantrell - 12:4.0.0-19 +- Remove 'c' from the domain-search format string in common/tables.c +- Prevent \032 from appearing in resolv.conf search line (#450042) +- Restore SELinux context on saved /etc files (#451560) + +* Sun Aug 03 2008 Tom "spot" Callaway - 12:4.0.0-18 +- filter out false positive perl requires + +* Fri Aug 01 2008 David Cantrell - 12:4.0.0-17 +- Carry over RES_OPTIONS from ifcfg-ethX files to /etc/resolv.conf (#202923) +- Clean up Requires tags for devel packages +- Allow SEARCH variable in ifcfg files to override search path (#454152) +- Do not down interface if there is an active lease (#453982) +- Clean up how dhclient-script restarts ypbind +- Set close-on-exec on dhclient.leases for SELinux (#446632) + +* Sat Jun 21 2008 David Cantrell - 12:4.0.0-16 +- Remove instaces of \032 in domain search option (#450042) +- Make 'service dhcpd configtest' display text indicating the status + +* Fri May 16 2008 David Cantrell - 12:4.0.0-15 +- Set close-on-exec on dhclient.leases for SELinux (#446632) + +* Tue Apr 01 2008 David Cantrell - 12:4.0.0-14 +- Avoid dhclient crash when run via NetworkManager (#439796) + +* Tue Mar 25 2008 David Cantrell - 12:4.0.0-13 +- Update dhclient-script to handle domain-search correctly (#437840) + +* Tue Mar 25 2008 David Cantrell - 12:4.0.0-12 +- Remove Requires on openldap-server (#432180) +- Replace CLIENTBINDIR, ETCDIR, DBDIR, and RUNDIR in the man pages with the + correct paths + +* Wed Feb 13 2008 David Cantrell - 12:4.0.0-11 +- Add missing newline to usage() screen in dhclient + +* Thu Feb 07 2008 David Cantrell - 12:4.0.0-10 +- Save conf files adding '.predhclient.$interface' to the name (#306381) +- Only restore conf files on EXPIRE/FAIL/RELEASE/STOP if there are no other + dhclient processes running (#306381) + +* Wed Feb 06 2008 David Cantrell - 12:4.0.0-9 +- Match LDAP server option values in stables.c and dhcpd.h (#431003) +- Fix invalid sprintf() statement in server/ldap.c (#431003) + +* Wed Feb 06 2008 David Cantrell - 12:4.0.0-8 +- Remove invalid fclose() patch + +* Tue Feb 05 2008 David Cantrell - 12:4.0.0-7 +- Don't leak /var/lib/dhclient/dhclient.leases file descriptors (#429890) + +* Tue Jan 22 2008 David Cantrell - 12:4.0.0-6 +- read_function() comes from the LDAP patch, so fix it there +- Init new struct universe structs in libdhcp4client so we don't crash on + multiple DHCP attempts (#428203) + +* Thu Jan 17 2008 David Cantrell - 12:4.0.0-5 +- Patch read_function() to handle size_t from read() correctly (#429207) + +* Wed Jan 16 2008 David Cantrell - 12:4.0.0-4 +- Fix dhclient.lease file parsing problems (#428785) +- Disable IPv6 support for now as we already ship dhcpv6 (#428987) + +* Tue Jan 15 2008 David Cantrell - 12:4.0.0-3 +- Fix segfault in next_iface4() and next_iface6() (#428870) + +* Mon Jan 14 2008 David Cantrell - 12:4.0.0-2 +- -fvisibility fails me again + +* Mon Jan 14 2008 David Cantrell - 12:4.0.0-1 +- Upgrade to ISC dhcp-4.0.0 (#426634) + - first ISC release to incorporate DHCPv6 protocol support + - source tree now uses GNU autoconf/automake +- Removed the libdhcp4client-static package + +* Tue Dec 04 2007 David Cantrell - 12:3.1.0-12 +- Requires line fixes + +* Tue Dec 04 2007 David Cantrell - 12:3.1.0-11 +- Postinstall script fixes + +* Mon Nov 19 2007 David Cantrell - 12:3.1.0-10 +- Remove dhcdbd check from dhcpd init script + +* Thu Nov 15 2007 David Cantrell - 12:3.1.0-9 +- Fix chkconfig lines in dhcpd and dhcrelay init scripts (#384431) +- Improve preun scriptlet + +* Mon Nov 12 2007 David Cantrell - 12:3.1.0-8 +- Put dhcp.schema in /etc/openldap/schema (#330471) +- Remove manpages patch and keep modified man pages as Source files +- Improve dhclient.8 man page to list options in a style consistent + with most other man pages on the planet +- Upgrade to latest dhcp LDAP patch, which brings in a new dhcpd-conf-to-ldap + script, updated schema file, and other bug fixes including SSL support for + LDAP authentication (#375711) +- Do not run dhcpd and dhcrelay services by default (#362321) + +* Fri Oct 26 2007 David Cantrell - 12:3.1.0-7 +- libdhcp4client-devel requires openldap-devel + +* Thu Oct 25 2007 David Cantrell - 12:3.1.0-6 +- Rename Makefile.dist to Makefile.libdhcp4client +- Spec file cleanups +- Include stdarg.h in libdhcp_control.h + +* Thu Oct 25 2007 David Cantrell - 12:3.1.0-5 +- Remove chkconfig usage for ypbind in dhclient-script (#351211) +- Combine dhcp-static and dhcp-devel packages since there are no shared + libraries offered +- Remove Requires: openldap-devel on dhcp-devel and libdhcp4client-devel +- Make libdhcp4client-devel require dhcp-devel (for libdhcp_control.h) +- Do not make dhcp-devel require the dhcp package, those are independent + +* Wed Oct 24 2007 David Cantrell - 12:3.1.0-4 +- Install libdhcp_control.h to /usr/include/isc-dhcp/libdhcp_control.h +- Update libdhcp4client patch to use new libdhcp_control.h location +- Remove __fedora_contrib/ subdirectory in /usr/share/doc/dhcp-3.1.0, + install those docs to /usr/share/doc/dhcp-3.1.0 + +* Wed Oct 24 2007 David Cantrell - 12:3.1.0-3 +- Remove ISC.Cflags variable from libdhcp4client.pc + +* Wed Oct 24 2007 David Cantrell - 12:3.1.0-2 +- Fix 'restart' mode in init script (#349341) + +* Tue Oct 23 2007 David Cantrell - 12:3.1.0-1 +- Upgrade to ISC dhcp-3.1.0 +- Remove unnecessary /usr/include/dhcp4client/isc_dhcp headers +- Make sure restorecon is run on /var/lib/dhcpd/dhcpd.leases (#251688) +- Install dhcp.schema to /etc/openldap/dhcp.schema (#330471) + +* Mon Oct 08 2007 David Cantrell - 12:3.0.6-8 +- Init script fixes (#320761) +- Removed linux.dbus-example script since we aren't using dhcdbd now +- Remove dhcdbd leftovers from dhclient-script (#306381) + +* Wed Sep 26 2007 David Cantrell - 12:3.0.6-7 +- In dhcp.conf.5, explain that if no next-server statement applies to the + requesting client, the address 0.0.0.0 is used (#184484). + +* Wed Sep 26 2007 David Cantrell - 12:3.0.6-6 +- Init script fixes for dhcpd and dhcrelay (#278601) + +* Mon Sep 10 2007 David Cantrell - 12:3.0.6-5 +- Fix typos in ldap.c and correct LDAP macros (#283391) + +* Tue Sep 04 2007 David Cantrell - 12:3.0.6-4 +- Do not override manually configured NTP servers in /etc/ntp.conf (#274761) + +* Wed Aug 15 2007 David Cantrell - 12:3.0.6-3 +- Remove the -x switch enabling extended new option info. If given to + dhclient now, it's ignored. + +* Wed Jul 18 2007 Florian La Roche - 12:3.0.6-2 +- use a new macro name vendor -> vvendor to not overwrite the + RPMTAG_VENDOR setting + +* Tue Jul 10 2007 David Cantrell - 12:3.0.6-1 +- Upgrade to ISC dhcp-3.0.6 +- Remove the -TERM option from killproc command (#245317) + +* Wed Jun 20 2007 David Cantrell - 12:3.0.5-37 +- For init script functions, echo new line after OK or FAIL msg (#244956) + +* Fri Jun 15 2007 David Cantrell - 12:3.0.5-36 +- BOOTP_BROADCAST_ALWAYS is not the same as ATSFP, fixed +- Added anycast mac support to dhclient for OLPC + +* Tue May 22 2007 David Cantrell - 12:3.0.5-35 +- Disable -fvisibility=hidden for now as it breaks dhcpv4_client() from + the shared library (#240804) + +* Thu Apr 26 2007 David Cantrell - 12:3.0.5-34 +- Init script fixes (#237985, #237983) +- Reference correct scripts in dhclient-script.8 man page (#238036) + +* Fri Apr 20 2007 David Cantrell - 12:3.0.5-33 +- Rename -devel-static packages to -static (#225691) + +* Tue Apr 17 2007 David Cantrell - 12:3.0.5-32 +- Added missing newline on usage() screen in dhclient + +* Thu Apr 12 2007 David Cantrell - 12:3.0.5-31 +- Spec file cleanups (#225691) +- Put libdhcpctl.a and libomapi.a in dhcp-devel-static package +- Put libdhcp4client.a in libdhcp4client-devel-static package + +* Wed Apr 11 2007 David Cantrell - 12:3.0.5-30 +- Enable Xen patch again, kernel bits present (#231444) + +* Tue Apr 10 2007 David Cantrell - 12:3.0.5-29 +- Spec file cleanups (#225691) + +* Mon Apr 09 2007 David Cantrell - 12:3.0.5-28 +- Remove Xen patch (#235649, from RHEL-5, doesn't work correctly for Fedora) + +* Sun Apr 01 2007 David Cantrell - 12:3.0.5-27 +- Ensure that Perl and Perl modules are not added as dependencies (#234688) +- Reorganize patches by feature/bug per packaging guidelines (#225691) +- Move the following files from patches to source files: + linux.dbus-example, linux, Makefile.dist, dhcp4client.h, libdhcp_control.h +- Compile with -fno-strict-aliasing as ISC coding standards generally don't + agree well with gcc 4.x.x + +* Wed Mar 21 2007 David Cantrell - 12:3.0.5-26 +- Fix formatting problems in dhclient man page (#233076). + +* Mon Mar 05 2007 David Cantrell - 12:3.0.5-25 +- Man pages need 0644 permissions (#222572) + +* Thu Mar 01 2007 David Cantrell - 12:3.0.5-24 +- Include contrib/ subdirectory in /usr/share/doc (#230476) +- Added back Requires for perl since dhcpd-conf-to-ldap needs it (#225691) +- Put copies of dhcp-options and dhcp-eval man pages in the dhcp and + dhclient packages rather than having the elaborate symlink collection +- Explicitly name man pages in the %%files listings +- Use the %%{_sysconfdir} and %%{_initrddir} macros (#225691) +- Use macros for commands in %%build and %%install +- Split README.ldap, draft-ietf-dhc-ldap-schema-01.txt, and + dhcpd-conf-to-ldap.pl out of the LDAP patch +- Split linux.dbus-example script out of the extended new option info patch +- Remove unnecessary changes from the Makefile patch + +* Wed Feb 28 2007 David Cantrell - 12:3.0.5-23 +- Update Xen partial checksums patch +- Remove perl Requires (#225691) +- Make dhcp-devel depend on dhcp = e:v-r (#225691) +- libdhcp4client-devel Requires pkgconfig (#225691) +- Do not add to RPM_OPT_FLAGS, use COPTS variable instead (#225691) +- Use %%{buildroot} macro instead of RPM_BUILD_ROOT variable (#225691) +- Preserve timestamps on all installed data files (#225691) +- Remove dhcp-options.5.gz and dhcp-eval.5.gz symlinking in post (#225691) +- Use %%defattr(-,root,root,-) (#225691) +- Do not flag init scripts as %%config in %%files section (#225691) + +* Tue Feb 27 2007 David Cantrell - 12:3.0.5-22 +- Change license field to say ISC + +* Sat Feb 17 2007 David Cantrell - 12:3.0.5-21 +- Obsoletes dhcpcd <= 1.3.22 (#225691) + +* Fri Feb 16 2007 David Cantrell - 12:3.0.5-20 +- Review cleanups (#225691) + +* Fri Feb 09 2007 David Cantrell - 12:3.0.5-19 +- Require openldap-devel on dhcp-devel and libdhcp4client-devel packages + +* Thu Feb 08 2007 David Cantrell - 12:3.0.5-18 +- Fix libdhcp4client visibility _again_ (#198496) + +* Thu Feb 08 2007 David Cantrell - 12:3.0.5-17 +- Remove period from summary line (package review) +- Use preferred BuildRoot (package review) + +* Sun Feb 04 2007 David Cantrell - 12:3.0.5-16 +- Disable xen-checksums patch for now as it breaks dhclient (#227266) +- Updated fix-warnings patch + +* Sun Feb 04 2007 David Woodhouse - 12:3.0.5-15 +- Fix broken file reading due to LDAP patch + +* Fri Feb 02 2007 David Cantrell - 12:3.0.5-14 +- Only export the symbols we want in libdhcp4client (#198496) + +* Wed Jan 31 2007 David Cantrell - 12:3.0.5-13 +- Add support for dhcpd(8) to read dhcpd.conf from an LDAP server (#224352) +- Remove invalid ja_JP.eucJP man pages from /usr/share/doc + +* Wed Jan 31 2007 David Cantrell - 12:3.0.5-12 +- Rebuild + +* Tue Jan 30 2007 David Cantrell - 12:3.0.5-11 +- Remove FORTIFY_SOURCE=0 leftovers from testing last week (whoops) + +* Tue Jan 30 2007 David Cantrell - 12:3.0.5-10 +- Fix Xen networking problems with partial checksums (#221964) + +* Mon Jan 29 2007 David Cantrell - 12:3.0.5-9 +- Remove dhcptables.pl from the source package +- Mark libres.a symbols hidden (#198496) +- Set DT_SONAME on libdhcp4client to libdhcp4client-VERSION.so.0 +- Make function definition for dst_hmac_md5_init() match the prototype + +* Wed Nov 29 2006 David Cantrell - 12:3.0.5-8 +- Roll md5 patch in to libdhcp4client patch since it's related +- Do not overwrite /etc/ntp/step-tickers (#217663) +- Resolves: rhbz#217663 + +* Wed Nov 22 2006 Peter Jones - 12:3.0.5-7 +- Build the MD5 functions we link against. + +* Thu Nov 16 2006 David Cantrell - 12:3.0.5-6 +- Set permission of libdhcp4client.so.1 to 0755 (#215910) + +* Tue Nov 14 2006 David Cantrell - 12:3.0.5-5 +- Do not link res_query.o in to libdhcp4client (#215501) + +* Mon Nov 13 2006 David Cantrell - 12:3.0.5-4 +- Enable relinquish_timeouts() and cancel_all_timeouts() even when + DEBUG_MEMORY_LEAKAGE_ON_EXIT is not defined +- Add prototypes for b64_pton() and b64_ntop in dst/ +- Move variable declarations and labels around in the fix-warnings patch +- Expand the list of objects needed for libdhcp4client (#215328) +- Use libres.a in libdhcp4client since it gives correct minires objects +- Remove the dhcp options table in C, Perl, Python, and text format (these + were reference files added to /usr/share/doc) + +* Mon Nov 13 2006 David Cantrell - 12:3.0.5-3 +- Remove struct universe *universe from envadd_state in the client patch +- Add struct universe *universe to envadd_state in the enoi patch +- Add example dbusified dhclient-script in the enoi patch + +* Fri Nov 10 2006 David Cantrell - 12:3.0.5-2 +- Change the way libdhcp4client is compiled (patch main source, create new + Makefile rather than copy and patch code after main patches) +- Fix up problems generating compiler warnings +- Use 'gcc' for making dependencies +- Pass -fPIC instead of -fpie/-fPIE in compiler flags +- Combine the extended new option info changes in to one patch file (makes + it easier for outside projects that want to use dhcdbd and NetworkManager) + +* Tue Nov 07 2006 David Cantrell - 12:3.0.5-1 +- Upgrade to ISC dhcp-3.0.5 + +* Fri Oct 27 2006 David Cantrell - 12:3.0.4-24 +- Put typedef for dhcp_state_e before it's used in libdhcp_control.h (#212612) +- Remove dhcpctl.3 from minires/Makefile.dist because it's in dhcpctl +- Remove findptrsize.c and just set compiler flag for ppc64 and s390x + +* Sat Oct 14 2006 David Cantrell - 12:3.0.4-23 +- Remove NODEBUGINFO junk from the spec file as well as old/unused code +- Rolled all 68 patches in to one patch since more than half of them get + overridden by later patches anyway. + +* Fri Oct 13 2006 David Cantrell - 12:3.0.4-22 +- Send usage() screen in dhclient to stdout rather than the syslog (#210524) + +* Mon Sep 11 2006 David Cantrell - 12:3.0.4-21 +- Rebuild (#205505) + +* Fri Aug 18 2006 Jesse Keating - 12:3.0.4-20 +- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc* + (#203001) + +* Thu Aug 17 2006 David Cantrell - 12:3.0.4-19 +- Fix mkdir problem in libdhcp4client.Makefile + +* Thu Aug 17 2006 David Cantrell - 12:3.0.4-18 +- Fix dhclient on s390x platform (#202911) + +* Wed Jul 12 2006 Jesse Keating - 12:3.0.4-17.1 +- rebuild + +* Wed Jun 28 2006 Peter Jones - 12:3.0.4-17 +- export timeout cancellation functions in libdhcp4client + +* Wed Jun 28 2006 Florian La Roche - 12:3.0.4-16 +- add proper coreutils requires for the scripts + +* Thu Jun 22 2006 Peter Jones - 12:3.0.4-15 +- Make timeout dispatch code not recurse while traversing a linked + list, so it doesn't try to free an entries that have been removed. + (bz #195723) +- Don't patch in a makefile, do it in the spec. + +* Thu Jun 08 2006 Jason Vas Dias - 12:3.0.4-14 +- fix bug 191461: preserve ntp.conf local clock fudge statements +- fix bug 193047: both dhcp and dhclient need to ship common + man-pages: dhcp-options(5) dhcp-eval(5) + +* Tue May 30 2006 Jason Vas Dias - 12:3.0.4-12 +- Make -R option take effect in per-interface client configs + +* Fri May 26 2006 Jason Vas Dias - 12:3.0.4-10 +- fix bug 193047: allow $METRIC to be specified for dhclient routes +- add a '-R ' dhclient argument + +* Fri May 26 2006 Jason Vas Dias - 12:3.0.4-8.1 +- fix a libdhcp4client memory leak (1 strdup) and + fill in client->packet.siaddr before bind_lease() for pump + nextServer option. + +* Fri May 19 2006 Jason Vas Dias - 12:3.0.4-8 +- Make libdhcp4client a versioned .so (BZ 192146) + +* Wed May 17 2006 Jason Vas Dias - 12:3.0.4-4 +- Enable libdhcp4client build + +* Tue May 16 2006 Jason Vas Dias - 12:3.0.4-2 +- Fix bug 191470: prevent dhcpd writing 8 byte dhcp-lease-time + option in packets on 64-bit platforms + +* Sun May 14 2006 Jason Vas Dias - 12:3.0.4-2 +- Add the libdhcp4client library package for use by the new libdhcp + package, which enables dhclient to be invoked by programs in a + single process from the library. The normal dhclient code is + unmodified by this. + +* Mon May 08 2006 Jason Vas Dias - 12:3.0.4-2 +- Add new dhclient command line argument: + -V + +* Sat May 06 2006 Jason Vas Dias - 12:3.0.4-1 +- Upgrade to upstream version 3.0.4, released Friday 2006-05-05 . +- Add new dhclient command line arguments: + -H : parse as dhclient.conf 'send host-name "";' + -F : parse as dhclient.conf 'send fqdn.fqdn "";' + -T : parse as dhclient.conf 'timeout ;' + +* Thu Mar 02 2006 Jason Vas Dias - 11:3.0.3-26 +- fix bug 181908: enable dhclient to operate on IBM zSeries z/OS linux guests: + o add -I dhclient command line option + o add -B "always broadcast" dhclient command line option + o add 'bootp-broadcast-always;' dhclient.conf statement + +* Mon Feb 20 2006 Jason Vas Dias - 11:3.0.3-24 +- Apply upstream fix for bug 176615 / ISC RT#15811 + +* Tue Feb 14 2006 Jason Vas Dias - 11:3.0.3-22 +- fix bug 181482: resolv.conf not updated on RENEW : + since dhcp-3.0.1rc12-RHScript.patch: "$new_domain_servers" should have + been "$new_domain_name_servers" :-( + +* Fri Feb 10 2006 Jesse Keating - 11:3.0.3-21.1.1 +- bump again for double-long bug on ppc(64) + +* Mon Feb 06 2006 Jason Vas Dias - 11:3.0.3-21.1 +- Rebuild for new gcc, glibc and glibc-kernheaders + +* Sun Jan 22 2006 Dan Williams - 11:3.0.3-21 +- Fix dhclient-script to use /bin/dbus-send now that all dbus related + binaries are in /bin rather than /usr/bin + +* Mon Jan 16 2006 Jason Vas Dias - 11:3.0.3-20 +- fix bug 177845: allow client ip-address as default router +- fix bug 176615: fix DDNS update when Windows-NT client sends + host-name with trailing nul + +* Tue Dec 20 2005 Jason Vas Dias - 11:3.0.3-18 +- fix bug 176270: allow routers with an octet of 255 in their IP address + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Mon Dec 05 2005 Jason Vas Dias - 11:3.0.3-16 +- fix gcc 4.1 compile warnings (-Werror) + +* Fri Nov 18 2005 Jason Vas Dias - 11:3.0.3-12 +- fix bug 173619: dhclient-script should reconfig on RENEW if + subnet-mask, broadcast-address, mtu, routers, etc. + have changed +- apply upstream improvements to trailing nul options fix of bug 160655 + +* Tue Nov 15 2005 Jason Vas Dias - 11:3.0.3-11 +- Rebuild for FC-5 +- fix bug 167028 - test IBM's unicast bootp patch (from xma@us.ibm.com) +- fix bug 171312 - silence chkconfig error message if ypbind not installed +- fix dhcpd.init when -cf arg given to dhcpd +- make dhcpd init touch /var/lib/dhcpd/dhcpd.leases, not /var/lib/dhcp/dhcpd.leases + +* Tue Oct 18 2005 Jason Vas Dias - 11:3.0.3-10 +- Allow dhclient route metrics to be specified with DHCP options: + The dhcp-options(5) man-page states: + 'option routers ... Routers should be listed in order of preference' + and + 'option static-routes ... are listed in descending order of priority' . + No preference / priority could be set with previous dhclient-script . + Now, dhclient-script provides: + Default Gateway (option 'routers') metrics: + Instead of allowing only one default gateway, if more than one router + is specified in the routers option, routers following the first router + will have a 'metric' of their position in the list (1,...N>1). + Option static-routes metrics: + If a target appears in the list more than once, routes for duplicate + targets will have successively greater metrics, starting at 1. + +* Mon Oct 17 2005 Jason Vas Dias - 11:3.0.3-8 +- further fix for bug 160655 / ISC bug 15293 - upstream patch: + do NOT always strip trailing nulls in the dhcpd server +- handle static-routes option properly in dhclient-script : + trailing 0 octets in the 'target' IP specify the class - + ie '172.16.0.0 w.x.y.z' specifies '172.16/16 via w.x.y.z'. + +* Fri Sep 23 2005 Jason Vas Dias - 11:3.0.3-7 +- fix bug 169164: separate /var/lib/{dhcpd,dhclient} directories +- fix bug 167292: update failover port info in dhcpd.conf.5; give + failover ports default values in server/confpars.c + +* Mon Sep 12 2005 Jason Vas Dias - 11:3.0.3-6 +- fix bug 167273: time-offset should not set timezone by default + tzdata's Etc/* files are named with reverse sign + for hours west - ie. 'GMT+5' is GMT offset -18000seconds. + +* Mon Aug 29 2005 Jason Vas Dias - 11:3.0.3-4 +- fix bug 166926: make dhclient-script handle interface-mtu option + make dhclient-script support /etc/dhclient{,-$IF}-{up,down}-hooks scripts + to allow easy customization to support other non-default DHCP options - + documented in 'man 8 dhclient-script' . +- handle the 'time-offset' DHCP option, requested by default. + +* Tue Aug 23 2005 Jason Vas Dias - 11:3.0.3-3 +- fix bug 160655: strip trailing '\0' bytes from text options before append +- fix gcc4 compiler warnings ; now compiles with -Werror +- add RPM_OPT_FLAGS to link as suggested in gcc man-page on '-pie' option +- change ISC version string to 'V3.0.3-RedHat' at request of ISC + +* Tue Aug 9 2005 Jeremy Katz - 11:3.0.3-2 +- don't explicitly require 2.2 era kernel, it's fairly overkill at this point + +* Fri Jul 29 2005 Jason Vas Dias 11:3.0.3-1 +- Upgrade to upstream version 3.0.3 +- Don't apply the 'default boot file server' patch: legacy + dhcp behaviour broke RFC 2131, which requires that the siaddr + field only be non-zero if the next-server or tftp-server-name + options are specified. +- Try removing the 1-5 second wait on dhclient startup altogether. +- fix bug 163367: supply default configuration file for dhcpd + +* Thu Jul 14 2005 Jason Vas Dias 10:3.0.3rc1-1 +- Upgrade to upstream version 3.0.3rc1 +- fix bug 163203: silence ISC blurb on configtest +- fix default 'boot file server' value (packet->siaddr): + In dhcp-3.0.2(-), this was defaulted to the server address; + now it defaults to 0.0.0.0 (a rather silly default!) and + must be specified with the 'next-server' option (not the tftp-boot-server + option ?!?) which causes PXE boot clients to fail to load anything after + the boot file. + +* Fri Jul 08 2005 Jason Vas Dias 10:3.0.2-14.FC5 +- Allow package to compile with glibc-headers-2.3.5-11 (tr.c's use of __u16) + +* Fri Jun 17 2005 Jason Vas Dias 10:3.0.2-14 +- Fix bug 159929: prevent dhclient flooding network on repeated DHCPDECLINE +- dhclient fast startup: + remove dhclient's random 1-5 second delay on startup if only + configuring one interface + remove dhclient_script's "sleep 1" on PREINIT +- fix new gcc-4.0.0-11 compiler warnings for binding_state_t + +* Tue May 03 2005 Jason Vas Dias 10:3.0.2-12 +- Rebuild for new glibc +- Fix dhcdbd set for multiple interfaces + +* Wed Apr 27 2005 Jason Vas Dias 10:3.0.2-11 +- as pointed out by Peter Jones, dhclient-script spews +- 'chkconfig: Usage' if run in init state 1 (runlevel returns "unknown".) +- this is now corrected. + +* Mon Apr 25 2005 Jason Vas Dias 10:3.0.2-10 +- dhclient-script dhcdbd extensions. +- Tested to have no effect unless dhcdbd invokes dhclient. + +* Thu Apr 21 2005 Jason Vas Dias 10:3.0.2-9 +- bugs 153244 & 155143 are now fixed with SELinux policy; + autotrans now works for dhcpc_t, so restorecons are not required, + and dhclient runs OK under dhcpc_t with SELinux enforcing. +- fix bug 155506: 'predhclien' typo (emacs!). + +* Mon Apr 18 2005 Jason Vas Dias 10:3.0.2-8 +- Fix bugs 153244 & 155143: + o restore dhclient-script 'restorecon's + o give dhclient and dhclient-script an exec context of + 'system_u:object_r:sbin_t' that allows them to run + domainname / hostname and to update configuration files + in dhclient post script. +- Prevent dhclient emitting verbose ISC 'blurb' on error exit in -q mode + +* Mon Apr 04 2005 Jason Vas Dias 10:3.0.2-7 +- Add '-x' "extended option environment" dhclient argument: +- When -x option given to dhclient: +- dhclient enables arbitrary option processing by writing information +- about user or vendor defined option space options to environment. +- +- fix bug 153244: dhclient should not use restorecon +- fix bug 151023: dhclient no 'headers & libraries' +- fix bug 149780: add 'DHCLIENT_IGNORE_GATEWAY' variable +- remove all usage of /sbin/route from dhclient-script + +* Thu Mar 24 2005 Florian La Roche +- add "exit 0" to post script + +* Mon Mar 07 2005 Jason Vas Dias 10.3.0.2-3 +- rebuild for gcc4/glibc-2.3.4-14; fix bad memset + +* Thu Feb 24 2005 Jason Vas Dias 10:3.0.2-2 +- Fix bug 143640: do not allow more than one dhclient to configure an interface + +* Mon Feb 21 2005 Jason Vas Dias 10:3.0.2-1 +- Upgrade to ISC 3.0.2 Final Release (documentation change only). + +* Wed Feb 16 2005 Jason Vas Dias 8:3.0.2rc3-8 +- Add better execshield security link options +- fix dhcpd.init when no /etc/dhcpd.conf exists and -cf in DHCPDARGS + +* Mon Feb 14 2005 Jason Vas Dias 8:3.0.2rc3-4 +- make dhclient-script TIMEOUT mode do exactly the same configuration +- as BOUND / RENEW / REBIND / REBOOT if router ping succeeds + +* Mon Feb 14 2005 Jason Vas Dias 3.0.2rc3-4 +- fix bug 147926: dhclient-script should do restorecon for modified conf files +- optimize execshield protection + +* Thu Feb 10 2005 Jason Vas Dias 8.3.0.4rc3-3 +- fix bug 147375: dhcpd heap corruption on 32-bit 'subnet' masks +- fix bug 147502: dhclient should honor GATEWAYDEV and GATEWAY settings +- fix bug 146600: dhclient's timeout mode ping should use -I +- fix bug 146524: dhcpd.init should discard dhcpd's initial output message +- fix bug 147739: dhcpd.init configtest should honor -cf in DHCPDARGS + +* Mon Jan 24 2005 Jason Vas Dias 8:3.0.2rc3-2 +- fix bug 145997: allow hex 32-bit integers in user specified options + +* Thu Jan 06 2005 Jason Vas Dias 8:3.0.2rc3-1 +- still need an epoch to get past nvre test + +* Thu Jan 06 2005 Jason Vas Dias 3.0.2rc3-1 +- fix bug 144417: much improved dhclient-script + +* Thu Jan 06 2005 Jason Vas Dias 3.0.2rc3-1 +- Upgrade to latest release from ISC, which includes most of our +- recent patches anyway. + +* Thu Jan 06 2005 Jason Vas Dias 7:3.0.1-17 +- fix bug 144250: gcc-3.4.3-11 is broken : +- log_error ("Lease with bogus binding state: %%d size: %%d", +- comp -> binding_state, +- sizeof(comp->binding_state)); +- prints: 'Lease with bogus binding state: 257 1' ! +- compiling with gcc33 (compat-gcc-8-3.3.4.2 fixes for now). + +* Mon Jan 03 2005 Jason Vas Dias 7:3.0.1-16 +- fix bug 143704: dhclient -r does not work if lease held by +- dhclient run from ifup . dhclient will now look for the pid +- files created by ifup. + +* Wed Nov 17 2004 Jason Vas Dias 7:3.0.1-14 +- NTP: fix bug 139715: merge in new ntp servers only rather than replace +- all the ntp configuration files; restart ntpd if configuration changed. + +* Tue Nov 16 2004 Jason Vas Dias 7:3.0.1-12 +- fix bug 138181 & bug 139468: do not attempt to listen/send on +- unconfigured loopback, point-to-point or non-broadcast +- interfaces (don't generate annoying log messages) +- fix bug 138869: dhclient-script: check if '$new_routers' is +- empty before doing 'set $new_routers;...;ping ... $1' + +* Wed Oct 06 2004 Jason Vas Dias 7:3.0.1-11 +- dhcp-3.0.2b1 came out today. A diff of the 'ack_lease' function +- Dave Hankins and I patched exposed a missing '!' on an if clause +- that got dropped with the 'new-host' patch. Replacing the '!'. +- Also found one missing host_dereference. + +* Wed Oct 06 2004 Jason Vas Dias 7:3.0.1-10 +- clean-up last patch: new-host.patch adds host_reference(host) +- without host_dereference(host) before returns in ack_lease +- (dhcp-3.0.1-host_dereference.patch) + +* Mon Sep 27 2004 Jason Vas Dias 7:3.0.1-9 +- Fix bug 133522: +- PXE Boot clients with static leases not given 'file' option +- 104 by server - PXE booting was disabled for 'fixed-address' +- clients. + +* Fri Sep 10 2004 Jason Vas Dias 7:3.0.1-8 +- Fix bug 131212: +- If "deny booting" is defined for some group of hosts, +- then after one of those hosts is denied booting, all +- hosts are denied booting, because of a pointer not being +- cleared in the lease record. +- An upstream patch was obtained which will be in dhcp-3.0.2. + +* Mon Aug 16 2004 Jason Vas Dias 7:3.0.1-7 +- Forward DNS update by client was disabled by a bug that I +- found in code where 'client->sent_options' was being +- freed too early. +- Re-enabled it after contacting upstream maintainer +- who confirmed that this was a bug (bug #130069) - +- submitted patch dhcp-3.0.1.preserve-sent-options.patch. +- Upstream maintainer informs me this patch will be in dhcp-3.0.2 . + +* Tue Aug 3 2004 Jason Vas Dias 6:3.0.1-6 +- Allow 2.0 kernels to obtain default gateway via dhcp + +* Mon Aug 2 2004 Jason Vas Dias 5:3.0.1-5 +- Invoke 'change_resolv_conf' function to change resolv.conf + +* Fri Jul 16 2004 Jason Vas Dias 3:3.0.1 +- Upgraded to new ISC 3.0.1 version + +* Thu Jun 24 2004 Dan Walsh 1:3.0.1rc14-5 +- Allow dhclient-script to continue without a config file. +- It will use default values. + +* Wed Jun 23 2004 Dan Walsh 1:3.0.1rc14-4 +- fix inherit-leases patch + +* Tue Jun 22 2004 Dan Walsh 1:3.0.1rc14-2 +- Turn on inherit-leases patch + +* Tue Jun 22 2004 Dan Walsh 1:3.0.1rc14-1 +- User kernelversion instead of uname-r +- Update to latest package from ISC +- Remove inherit-leases patch for now. + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Thu Jun 10 2004 Dan Walsh 1:3.0.1rc13-1 +- Update to latest package from ISC + +* Thu Jun 10 2004 Dan Walsh 1:3.0.1rc12-9 +- add route back in after route up call + +* Wed Jun 9 2004 Dan Walsh 1:3.0.1rc12-8 +- add alex's dhcp-3.0.1rc12-inherit-leases.patch patch + +* Tue Jun 8 2004 Bill Nottingham 1:3.0.1rc12-7 +- set device on default gateway route + +* Mon May 17 2004 Thomas Woerner 1:3.0.1rc12-6 +- compiling dhcpd PIE + +* Thu Mar 25 2004 Dan Walsh 1:3.0.1rc12-5 +- Add static routes patch to dhclient-script + +* Thu Mar 25 2004 Dan Walsh 1:3.0.1rc12-4 +- Fix init to check config during restart + +* Wed Mar 24 2004 Dan Walsh 1:3.0.1rc12-3 +- Fix init script to create leases file if missing + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Wed Jan 21 2004 Dan Walsh 1:3.0pl2-6.20 +- Fix initialization of memory to prevent compiler error + +* Mon Jan 5 2004 Dan Walsh 1:3.0pl2-6.19 +- Close leaseFile before exec, to fix selinux error message + +* Mon Dec 29 2003 Dan Walsh 1:3.0pl2-6.18 +- Add BuildRequires groff +- Replace resolv.conf if renew and data changes + +* Sun Nov 30 2003 Dan Walsh 1:3.0pl2-6.17 +- Add obsoletes dhcpcd + +* Wed Oct 8 2003 Dan Walsh 1:3.0pl2-6.16 +- Fix location of ntp driftfile + +* Fri Sep 5 2003 Dan Walsh 1:3.0pl2-6.15 +- Bump Release + +* Fri Sep 5 2003 Dan Walsh 1:3.0pl2-6.14 +- Add div0 patch + +* Wed Aug 20 2003 Dan Walsh 1:3.0pl2-6.13 +- Add SEARCH to client script + +* Wed Aug 20 2003 Dan Walsh 1:3.0pl2-6.12 +- Bump Release + +* Wed Aug 20 2003 Dan Walsh 1:3.0pl2-6.11 +- Add configtest + +* Fri Aug 1 2003 Dan Walsh 1:3.0pl2-6.10 +- increment for base + +* Fri Aug 1 2003 Dan Walsh 1:3.0pl2-6.9 +- Don't update resolv.conf on renewals + +* Tue Jul 29 2003 Dan Walsh 1:3.0pl2-6.8 +- increment for base + +* Tue Jul 29 2003 Dan Walsh 1:3.0pl2-6.7 +- Fix name of driftfile + +* Tue Jul 29 2003 Dan Walsh 1:3.0pl2-6.6 +- increment for base + +* Tue Jul 29 2003 Dan Walsh 1:3.0pl2-6.5 +- Change dhcrelay script to check DHCPSERVERS + +* Mon Jul 7 2003 Dan Walsh 1:3.0pl2-6.4 +- increment for base + +* Mon Jul 7 2003 Dan Walsh 1:3.0pl2-6.3 +- Fix dhclient-script to support PEERNTP and PEERNIS flags. +- patch submitted by aoliva@redhat.com + +* Sun Jun 8 2003 Tim Powers 1:3.0pl2-6.1 +- add epoch to dhcp-devel versioned requires on dhcp +- build for RHEL + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Tue May 27 2003 Dan Walsh 3.0pl2-5 +- Fix memory leak in parser. + +* Mon May 19 2003 Dan Walsh 3.0pl2-4 +- Change Rev for RHEL + +* Mon May 19 2003 Dan Walsh 3.0pl2-3 +- Change example to not give out 255 address. + +* Tue Apr 29 2003 Dan Walsh 3.0pl2-2 +- Change Rev for RHEL + +* Mon Apr 28 2003 Dan Walsh 3.0pl2-1 +- upgrade to 3.0pl2 + +* Wed Mar 26 2003 Dan Walsh 3.0pl1-26 +- add usage for dhcprelay -c +- add man page for dhcprelay -c + +* Fri Mar 7 2003 Dan Walsh 3.0pl1-25 +- Fix man dhcpd.conf man page + +* Tue Mar 4 2003 Dan Walsh 3.0pl1-24 +- Fix man dhcpctl.3 page + +* Mon Feb 3 2003 Dan Walsh 3.0pl1-23 +- fix script to handle ntp.conf correctly + +* Wed Jan 29 2003 Dan Walsh 3.0pl1-22 +- Increment release to add to 8.1 + +* Wed Jan 29 2003 Dan Walsh 3.0pl1-21 +- Implement max hops patch + +* Wed Jan 29 2003 Dan Walsh 3.0pl1-20 +- It has now been decided to just have options within dhclient kit + +* Sun Jan 26 2003 Florian La Roche +- add defattr() to have files not owned by root + +* Fri Jan 24 2003 Dan Walsh 3.0pl1-17 +- require kernel version + +* Fri Jan 24 2003 Dan Walsh 3.0pl1-16 +- move dhcp-options to separate package + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Thu Jan 9 2003 Dan Walsh 3.0pl1-15 +- eliminate dhcp-options from dhclient in order to get errata out + +* Wed Jan 8 2003 Dan Walsh 3.0pl1-14 +- VU#284857 - ISC DHCPD minires library contains multiple buffer overflows + +* Mon Jan 6 2003 Dan Walsh 3.0pl1-13 +- Fix when ntp is not installed. + +* Mon Jan 6 2003 Dan Walsh 3.0pl1-12 +- Fix #73079 (dhcpctl man page) + +* Thu Nov 14 2002 Elliot Lee 3.0pl1-11 +- Use generic PTRSIZE_64BIT detection instead of ifarch. + +* Thu Nov 14 2002 Preston Brown 3.0pl1-10 +- fix parsing of command line args in dhclient. It was missing a few. + +* Mon Oct 07 2002 Florian La Roche +- work on 64bit archs + +* Wed Aug 28 2002 Elliot Lee 3.0pl1-9 +- Fix #72795 + +* Mon Aug 26 2002 Elliot Lee 3.0pl1-8 +- More #68650 (modify requested options) +- Fix #71453 (dhcpctl man page) and #71474 (include libdst.a) and + #72622 (hostname setting) + +* Thu Aug 15 2002 Elliot Lee 3.0pl1-7 +- More #68650 (modify existing patch to also set NIS domain) + +* Tue Aug 13 2002 Elliot Lee 3.0pl1-6 +- Patch102 (dhcp-3.0pl1-dhcpctlman-69731.patch) to fix #69731 + +* Tue Aug 13 2002 Elliot Lee 3.0pl1-5 +- Patch101 (dhcp-3.0pl1-dhhostname-68650.patch) to fix #68650 + +* Fri Jul 12 2002 Elliot Lee 3.0pl1-4 +- Fix unaligned accesses when decoding a UDP packet + +* Thu Jul 11 2002 Elliot Lee 3.0pl1-3 +- No apparent reason for the dhclient -> dhcp dep mentioned in #68001, + so removed it + +* Thu Jun 27 2002 David Sainty 3.0pl1-2 +- Move dhclient.conf.sample from dhcp to dhclient + +* Tue Jun 25 2002 David Sainty 3.0pl1-1 +- Change to dhclient, dhcp, dhcp-devel packaging +- Move to 3.0pl1, do not strip binaries +- Drop in sysconfig-enabled dhclient-script + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Sat Jan 26 2002 Florian La Roche +- prereq chkconfig + +* Tue Jan 22 2002 Elliot Lee 3.0-5 +- Split headers/libs into a devel subpackage (#58656) + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Fri Dec 28 2001 Elliot Lee 3.0-3 +- Fix the #52856 nit. +- Include dhcrelay scripts from #49186 + +* Thu Dec 20 2001 Elliot Lee 3.0-2 +- Update to 3.0, include devel files installed by it (as part of the main + package). + +* Sun Aug 26 2001 Elliot Lee 2.0pl5-8 +- Fix #26446 + +* Mon Aug 20 2001 Elliot Lee +- Fix #5405 for real - it is dhcpd.leases not dhcp.leases. + +* Mon Jul 16 2001 Elliot Lee +- /etc/sysconfig/dhcpd +- Include dhcp.leases file (#5405) + +* Sun Jun 24 2001 Elliot Lee +- Bump release + rebuild. + +* Wed Feb 14 2001 Tim Waugh +- Fix initscript typo (bug #27624). + +* Wed Feb 7 2001 Trond Eivind Glomsrød +- Improve spec file i18n + +* Mon Feb 5 2001 Bernhard Rosenkraenzer +- i18nize init script (#26084) + +* Sun Sep 10 2000 Florian La Roche +- update to 2.0pl5 +- redo buildroot patch + +* Wed Aug 30 2000 Matt Wilson +- rebuild to cope with glibc locale binary incompatibility, again + +* Mon Aug 14 2000 Preston Brown +- check for existence of /var/lib/dhcpd.leases in initscript before starting + +* Wed Jul 19 2000 Jakub Jelinek +- rebuild to cope with glibc locale binary incompatibility + +* Sat Jul 15 2000 Bill Nottingham +- move initscript back + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Fri Jul 7 2000 Florian La Roche +- /etc/rc.d/init.d -> /etc/init.d +- fix /var/state/dhcp -> /var/lib/dhcp + +* Fri Jun 16 2000 Preston Brown +- condrestart for initscript, graceful upgrades. + +* Thu Feb 03 2000 Erik Troan +- gzipped man pages +- marked /etc/rc.d/init.d/dhcp as a config file + +* Mon Jan 24 2000 Jakub Jelinek +- fix booting of JavaStations + (reported by Pete Zaitcev ). +- fix SIGBUS crashes on SPARC (apparently gcc is too clever). + +* Fri Sep 10 1999 Bill Nottingham +- chkconfig --del in %%preun, not %%postun + +* Mon Aug 16 1999 Bill Nottingham +- initscript munging + +* Fri Jun 25 1999 Jeff Johnson +- update to 2.0. + +* Fri Jun 18 1999 Bill Nottingham +- don't run by default + +* Wed Jun 2 1999 Jeff Johnson +- update to 2.0b1pl28. + +* Tue Apr 06 1999 Preston Brown +- strip binaries + +* Mon Apr 05 1999 Cristian Gafton +- copy the source file in prep, not move + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 4) + +* Mon Jan 11 1999 Erik Troan +- added a sample dhcpd.conf file +- we don't need to dump rfc's in /usr/doc + +* Sun Sep 13 1998 Cristian Gafton +- modify dhcpd.init to exit if /etc/dhcpd.conf is not present + +* Sat Jun 27 1998 Jeff Johnson +- Upgraded to 2.0b1pl6 (patch1 no longer needed). + +* Thu Jun 11 1998 Erik Troan +- applied patch from Chris Evans which makes the server a bit more paranoid + about dhcp requests coming in from the wire + +* Mon Jun 01 1998 Erik Troan +- updated to dhcp 2.0b1pl1 +- got proper man pages in the package + +* Tue Mar 31 1998 Erik Troan +- updated to build in a buildroot properly +- don't package up the client, as it doens't work very well + +* Tue Mar 17 1998 Bryan C. Andregg +- Build rooted and corrected file listing. + +* Mon Mar 16 1998 Mike Wangsmo +- removed the actual inet.d links (chkconfig takes care of this for us) + and made the %%postun section handle upgrades. + +* Mon Mar 16 1998 Bryan C. Andregg +- First package.