From 31e4219e7b0a7685f985722aa2060ad052ab9a3f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 12 Aug 2011 16:16:11 +0200
Subject: [PATCH] dhcp: Security update.

https://www.isc.org/software/dhcp/advisories/cve-2011-2748
---
 lfs/dhcp                                |   5 +-
 src/patches/dhcp-3.0.4-iproute2-1.patch | 230 ------------------------
 2 files changed, 2 insertions(+), 233 deletions(-)
 delete mode 100644 src/patches/dhcp-3.0.4-iproute2-1.patch

diff --git a/lfs/dhcp b/lfs/dhcp
index 01cd9d5203..845813cc80 100644
--- a/lfs/dhcp
+++ b/lfs/dhcp
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.1.0
+VER        = 3.1-ESV-R3
 
 THISAPP    = dhcp-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 27d179a3c3fbef576566b456a1168246
+$(DL_FILE)_MD5 = af3d8db60f62664f1d5538b81e406459
 
 install : $(TARGET)
 
@@ -70,7 +70,6 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-3.0.4-iproute2-1.patch
 	cd $(DIR_APP) && ./configure
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make LIBDIR=/usr/lib INCDIR=/usr/include install
diff --git a/src/patches/dhcp-3.0.4-iproute2-1.patch b/src/patches/dhcp-3.0.4-iproute2-1.patch
deleted file mode 100644
index 40a6aad0e4..0000000000
--- a/src/patches/dhcp-3.0.4-iproute2-1.patch
+++ /dev/null
@@ -1,230 +0,0 @@
-Submitted By: DJ Lucas (dj at linuxfromscratch dot org)
-Date: 2005-06-18
-Initial Package Version: 3.0.2
-Origin: Jim Gifford, Bruce Dubbs, DJ Lucas
-Description: Fixes client script to use iproute2 (added flush to previous 
-             unversioned patches)
-Upstream Status:  Not submitted
-
---- dhcp-3.0.2-orig/client/scripts/linux	2002-11-14 19:09:09.000000000 -0600
-+++ dhcp-3.0.2/client/scripts/linux	2005-06-18 22:54:59.000000000 -0500
-@@ -1,26 +1,15 @@
- #!/bin/bash
- # dhclient-script for Linux. Dan Halbert, March, 1997.
- # Updated for Linux 2.[12] by Brian J. Murrell, January 1999.
--# No guarantees about this. I'm a novice at the details of Linux
--# networking.
-+
-+# Updated to iproute2 by Jim Gifford (scripts@jg555.com)
- 
- # Notes:
- 
- # 0. This script is based on the netbsd script supplied with dhcp-970306.
--
--# 1. ifconfig down apparently deletes all relevant routes and flushes
--# the arp cache, so this doesn't need to be done explicitly.
--
--# 2. The alias address handling here has not been tested AT ALL.
--# I'm just going by the doc of modern Linux ip aliasing, which uses
--# notations like eth0:0, eth0:1, for each alias.
--
--# 3. I have to calculate the network address, and calculate the broadcast
--# address if it is not supplied. This might be much more easily done
--# by the dhclient C code, and passed on.
--
--# 4. TIMEOUT not tested. ping has a flag I don't know, and I'm suspicious
--# of the $1 in its args.
-+# 1. This script was modified to work with iproute2
-+# 2. cidr_convert based on a script by Kevin Fleming (kpfleming@linuxfromscratch.org)
-+# 3. Updated to delete addresses when taking an interface down (bdubbs@linuxfromscratch.org)
- 
- make_resolv_conf() {
-   if [ "x$new_domain_name" != x ] && [ x"$new_domain_name_servers" != x ]; then
-@@ -32,6 +21,30 @@
-   fi
- }
- 
-+dec2binary()
-+{
-+    local n=$1
-+    local ret=""
-+    while [ $n != 0 ]; do
-+        ret=$[$n%2]$ret
-+        n=$[$n>>1]
-+    done
-+    echo $ret
-+}
-+
-+mask_to_binary()
-+{
-+    echo `dec2binary $1``dec2binary $2``dec2binary $3``dec2binary $4`
-+}
-+
-+cidr_convert()
-+{
-+	netmask=$1
-+        local mask=`mask_to_binary ${netmask//./ }`
-+        mask=${mask%%0*}
-+        cidr=${#mask}
-+}
-+
- # Must be used on exit.   Invokes the local dhcp client exit hooks, if any.
- exit_with_hooks() {
-   exit_status=$1
-@@ -53,11 +66,6 @@
-   fi
- fi
- 
--release=`uname -r`
--release=`expr $release : '\(.*\)\..*'`
--relminor=`echo $release |sed -e 's/[0-9]*\.\([0-9][0-9]*\)\(\..*\)*$/\1/'`
--relmajor=`echo $release |sed -e 's/\([0-9][0-9]*\)\..*$/\1/'`
--
- if [ x$new_broadcast_address != x ]; then
-   new_broadcast_arg="broadcast $new_broadcast_address"
- fi
-@@ -65,13 +73,12 @@
-   old_broadcast_arg="broadcast $old_broadcast_address"
- fi
- if [ x$new_subnet_mask != x ]; then
--  new_subnet_arg="netmask $new_subnet_mask"
-+  cidr_convert $new_subnet_mask
-+  new_subnet_arg="$cidr"
- fi
- if [ x$old_subnet_mask != x ]; then
--  old_subnet_arg="netmask $old_subnet_mask"
--fi
--if [ x$alias_subnet_mask != x ]; then
--  alias_subnet_arg="netmask $alias_subnet_mask"
-+  cidr_convert $old_subnet_mask
-+  old_subnet_arg="$cidr"
- fi
- 
- if [ x$reason = xMEDIUM ]; then
-@@ -82,17 +89,10 @@
- if [ x$reason = xPREINIT ]; then
-   if [ x$alias_ip_address != x ]; then
-     # Bring down alias interface. Its routes will disappear too.
--    ifconfig $interface:0- inet 0
--  fi
--  if [ $relmajor -lt 2 ] || ( [ $relmajor -eq 2 ] && [ $relminor -eq 0 ] )
--   then
--    ifconfig $interface inet 0.0.0.0 netmask 0.0.0.0 \
--		broadcast 255.255.255.255 up
--    # Add route to make broadcast work. Do not omit netmask.
--    route add default dev $interface netmask 0.0.0.0
--  else
--    ifconfig $interface 0 up
-+    ip link set $interface down
-+    ip addr del $alias_ip_address  dev $interface
-   fi
-+  ip link set $interface up
- 
-   # We need to give the kernel some time to get the interface up.
-   sleep 1
-@@ -115,83 +115,51 @@
-     fi
-   fi
-     
--  if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \
--		[ x$alias_ip_address != x$old_ip_address ]; then
--    # Possible new alias. Remove old alias.
--    ifconfig $interface:0- inet 0
--  fi
-   if [ x$old_ip_address != x ] && [ x$old_ip_address != x$new_ip_address ]; then
--    # IP address changed. Bringing down the interface will delete all routes,
-+    # IP address changed. Bring down the interface, delete all routes,
-     # and clear the ARP cache.
--    ifconfig $interface inet 0 down
--
-+    ip link set $interface down
-+    ip addr flush dev $interface
-   fi
-   if [ x$old_ip_address = x ] || [ x$old_ip_address != x$new_ip_address ] || \
-      [ x$reason = xBOUND ] || [ x$reason = xREBOOT ]; then
- 
--    ifconfig $interface inet $new_ip_address $new_subnet_arg \
--							$new_broadcast_arg
-+    ip link set $interface up
-+    ip addr add $new_ip_address/$new_subnet_arg $new_broadcast_arg \
-+       label $interface dev $interface
-     # Add a network route to the computed network address.
--    if [ $relmajor -lt 2 ] || \
--		( [ $relmajor -eq 2 ] && [ $relminor -eq 0 ] ); then
--      route add -net $new_network_number $new_subnet_arg dev $interface
--    fi
-     for router in $new_routers; do
--      route add default gw $router
-+      ip route add default via $router
-     done
-   fi
--  if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ];
--   then
--    ifconfig $interface:0- inet 0
--    ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
--    route add -host $alias_ip_address $interface:0
--  fi
-   make_resolv_conf
-   exit_with_hooks 0
- fi
- 
- if [ x$reason = xEXPIRE ] || [ x$reason = xFAIL ] || [ x$reason = xRELEASE ] \
-    || [ x$reason = xSTOP ]; then
--  if [ x$alias_ip_address != x ]; then
--    # Turn off alias interface.
--    ifconfig $interface:0- inet 0
--  fi
-   if [ x$old_ip_address != x ]; then
--    # Shut down interface, which will delete routes and clear arp cache.
--    ifconfig $interface inet 0 down
--  fi
--  if [ x$alias_ip_address != x ]; then
--    ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
--    route add -host $alias_ip_address $interface:0
-+    # Shut down interface, delete routes, and clear arp cache.
-+    ip link set $interface down
-+    ip addr flush dev $interface
-   fi
-   exit_with_hooks 0
- fi
- 
- if [ x$reason = xTIMEOUT ]; then
--  if [ x$alias_ip_address != x ]; then
--    ifconfig $interface:0- inet 0
--  fi
--  ifconfig $interface inet $new_ip_address $new_subnet_arg \
--					$new_broadcast_arg
-+  ip link set $interface up
-+  ip addr set $new_ip_address/$new_subnet_arg $new_broadcast_arg \
-+     label $interface dev $interface
-   set $new_routers
--  ############## what is -w in ping?
--  if ping -q -c 1 $1; then
--    if [ x$new_ip_address != x$alias_ip_address ] && \
--			[ x$alias_ip_address != x ]; then
--      ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
--      route add -host $alias_ip_address dev $interface:0
--    fi
--    if [ $relmajor -lt 2 ] || \
--		( [ $relmajor -eq 2 ] && [ $relminor -eq 0 ] ); then
--      route add -net $new_network_number
--    fi
--    for router in $new_routers; do
--      route add default gw $router
--    done
--    make_resolv_conf
--    exit_with_hooks 0
--  fi
--  ifconfig $interface inet 0 down
-+  
-+  for router in $new_routers; do
-+    ip route add default via $router
-+  done
-+  
-+  make_resolv_conf
-+  exit_with_hooks 0
-+  ip link set $interface down
-+  ip addr flush dev $interface
-   exit_with_hooks 1
- fi
- 
-- 
2.39.2