From 5bb288a244156c95a61cdf2f3b416061c867bf26 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 1 Jun 2018 19:54:29 +0200 Subject: [PATCH] dhcp: Update to 4.4.1 For details see: https://kb.isc.org/article/AA-01571/82/DHCP-4.4.1-Release-Notes.html This should close https://bugzilla.ipfire.org/show_bug.cgi?id=11697 and https://bugzilla.ipfire.org/show_bug.cgi?id=11293. This update required some changes as described in: https://bugzilla.ipfire.org/show_bug.cgi?id=11697#c6 Thanks to all testers! ;-) Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer --- config/rootfiles/common/dhcp | 4 +- lfs/dhcp | 39 +- .../dhcp/dhcp-64_bit_lease_parse.patch | 75 --- src/patches/dhcp/dhcp-CLOEXEC.patch | 342 ---------- src/patches/dhcp/dhcp-PPP.patch | 150 ----- src/patches/dhcp/dhcp-UseMulticast.patch | 241 -------- .../dhcp/dhcp-add_timeout_when_NULL.patch | 14 - src/patches/dhcp/dhcp-capability.patch | 250 -------- .../dhcp/dhcp-default-requested-options.patch | 44 -- .../dhcp/dhcp-dhclient-decline-backoff.patch | 63 -- src/patches/dhcp/dhcp-dhclient-options.patch | 509 --------------- src/patches/dhcp/dhcp-errwarn-message.patch | 22 - src/patches/dhcp/dhcp-garbage-chars.patch | 12 - src/patches/dhcp/dhcp-gpxe-cid.patch | 73 --- src/patches/dhcp/dhcp-honor-expired.patch | 49 -- src/patches/dhcp/dhcp-improved-xid.patch | 138 ----- src/patches/dhcp/dhcp-logpid.patch | 11 - src/patches/dhcp/dhcp-lpf-ib.patch | 585 ------------------ src/patches/dhcp/dhcp-manpages.patch | 157 ----- src/patches/dhcp/dhcp-paranoia.patch | 156 ----- src/patches/dhcp/dhcp-paths.patch | 44 -- src/patches/dhcp/dhcp-release-by-ifup.patch | 85 --- src/patches/dhcp/dhcp-remove-bind.patch | 192 ------ ...dhcp-rfc3442-classless-static-routes.patch | 405 ------------ src/patches/dhcp/dhcp-sendDecline.patch | 231 ------- src/patches/dhcp/dhcp-sharedlib.patch | 107 ---- .../dhcp/dhcp-stateless-DUID-LLT.patch | 48 -- src/patches/dhcp/dhcp-unicast-bootp.patch | 101 --- src/patches/dhcp/dhcp-xen-checksum.patch | 251 -------- 29 files changed, 7 insertions(+), 4391 deletions(-) delete mode 100644 src/patches/dhcp/dhcp-64_bit_lease_parse.patch delete mode 100644 src/patches/dhcp/dhcp-CLOEXEC.patch delete mode 100644 src/patches/dhcp/dhcp-PPP.patch delete mode 100644 src/patches/dhcp/dhcp-UseMulticast.patch delete mode 100644 src/patches/dhcp/dhcp-add_timeout_when_NULL.patch delete mode 100644 src/patches/dhcp/dhcp-capability.patch delete mode 100644 src/patches/dhcp/dhcp-default-requested-options.patch delete mode 100644 src/patches/dhcp/dhcp-dhclient-decline-backoff.patch delete mode 100644 src/patches/dhcp/dhcp-dhclient-options.patch delete mode 100644 src/patches/dhcp/dhcp-errwarn-message.patch delete mode 100644 src/patches/dhcp/dhcp-garbage-chars.patch delete mode 100644 src/patches/dhcp/dhcp-gpxe-cid.patch delete mode 100644 src/patches/dhcp/dhcp-honor-expired.patch delete mode 100644 src/patches/dhcp/dhcp-improved-xid.patch delete mode 100644 src/patches/dhcp/dhcp-logpid.patch delete mode 100644 src/patches/dhcp/dhcp-lpf-ib.patch delete mode 100644 src/patches/dhcp/dhcp-manpages.patch delete mode 100644 src/patches/dhcp/dhcp-paranoia.patch delete mode 100644 src/patches/dhcp/dhcp-paths.patch delete mode 100644 src/patches/dhcp/dhcp-release-by-ifup.patch delete mode 100644 src/patches/dhcp/dhcp-remove-bind.patch delete mode 100644 src/patches/dhcp/dhcp-rfc3442-classless-static-routes.patch delete mode 100644 src/patches/dhcp/dhcp-sendDecline.patch delete mode 100644 src/patches/dhcp/dhcp-sharedlib.patch delete mode 100644 src/patches/dhcp/dhcp-stateless-DUID-LLT.patch delete mode 100644 src/patches/dhcp/dhcp-unicast-bootp.patch delete mode 100644 src/patches/dhcp/dhcp-xen-checksum.patch diff --git a/config/rootfiles/common/dhcp b/config/rootfiles/common/dhcp index ff225a5714..9e6d52e4ea 100644 --- a/config/rootfiles/common/dhcp +++ b/config/rootfiles/common/dhcp @@ -5,8 +5,6 @@ etc/dhcp/dhcpd.conf #usr/bin/omshell #usr/include/dhcpctl #usr/include/dhcpctl/dhcpctl.h -#usr/include/isc-dhcp -#usr/include/isc-dhcp/dst.h #usr/include/omapip #usr/include/omapip/alloc.h #usr/include/omapip/buffer.h @@ -17,8 +15,8 @@ etc/dhcp/dhcpd.conf #usr/include/omapip/omapip_p.h #usr/include/omapip/result.h #usr/include/omapip/trace.h +#usr/lib/libdhcp.a #usr/lib/libdhcpctl.a -#usr/lib/libdst.a #usr/lib/libomapi.a #usr/sbin/dhclient usr/sbin/dhcpd diff --git a/lfs/dhcp b/lfs/dhcp index 262a25129c..a055d60818 100644 --- a/lfs/dhcp +++ b/lfs/dhcp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2015 IPFire Team # +# Copyright (C) 2007-2018 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 4.3.1 +VER = 4.4.1 THISAPP = dhcp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = b3a42ece3c7f2cd2e74a3e12ca881d20 +$(DL_FILE)_MD5 = 18c7f4dcbb0a63df25098216d47b1ede install : $(TARGET) @@ -71,47 +71,20 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-remove-bind.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-errwarn-message.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-dhclient-options.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-release-by-ifup.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-unicast-bootp.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-default-requested-options.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-xen-checksum.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-manpages.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-paths.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-CLOEXEC.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-garbage-chars.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-64_bit_lease_parse.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-capability.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-logpid.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-UseMulticast.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-sendDecline.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-rfc3442-classless-static-routes.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-honor-expired.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-sharedlib.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-PPP.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-paranoia.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-lpf-ib.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-improved-xid.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-gpxe-cid.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-stateless-DUID-LLT.patch - # Help unpacking bundled BIND - cd $(DIR_APP) && sed -e "s/gunzip -c/&d/" -i bind/Makefile + cd $(DIR_APP) && sed -e "s/gunzip -c/&d/" -i bind/Makefile.in cd $(DIR_APP) && \ ./configure \ --prefix=/usr \ --sysconfdir=/etc/dhcp \ + --with-srv-conf-file=/etc/dhcp/dhcpd.conf \ --with-srv-lease-file=/var/state/dhcp/dhcpd.leases \ --enable-paranoia \ --enable-early-chroot \ --disable-dhcpv6 - cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make cd $(DIR_APP) && make install mkdir -pv /var/state/dhcp diff --git a/src/patches/dhcp/dhcp-64_bit_lease_parse.patch b/src/patches/dhcp/dhcp-64_bit_lease_parse.patch deleted file mode 100644 index a07b5b032a..0000000000 --- a/src/patches/dhcp/dhcp-64_bit_lease_parse.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff -up dhcp-4.3.0a1/common/parse.c.64-bit_lease_parse dhcp-4.3.0a1/common/parse.c ---- dhcp-4.3.0a1/common/parse.c.64-bit_lease_parse 2013-12-11 01:25:12.000000000 +0100 -+++ dhcp-4.3.0a1/common/parse.c 2013-12-19 15:45:25.990771814 +0100 -@@ -938,8 +938,8 @@ TIME - parse_date_core(cfile) - struct parse *cfile; - { -- int guess; -- int tzoff, year, mon, mday, hour, min, sec; -+ TIME guess; -+ long int tzoff, year, mon, mday, hour, min, sec; - const char *val; - enum dhcp_token token; - static int months[11] = { 31, 59, 90, 120, 151, 181, -@@ -965,7 +965,7 @@ parse_date_core(cfile) - } - - skip_token(&val, NULL, cfile); /* consume number */ -- guess = atoi(val); -+ guess = atol(val); - - return((TIME)guess); - } -@@ -993,7 +993,7 @@ parse_date_core(cfile) - somebody invents a time machine, I think we can safely disregard - it. This actually works around a stupid Y2K bug that was present - in a very early beta release of dhcpd. */ -- year = atoi(val); -+ year = atol(val); - if (year > 1900) - year -= 1900; - -@@ -1039,7 +1039,7 @@ parse_date_core(cfile) - return((TIME)0); - } - skip_token(&val, NULL, cfile); /* consume day of month */ -- mday = atoi(val); -+ mday = atol(val); - - /* Hour... */ - token = peek_token(&val, NULL, cfile); -@@ -1050,7 +1050,7 @@ parse_date_core(cfile) - return((TIME)0); - } - skip_token(&val, NULL, cfile); /* consume hour */ -- hour = atoi(val); -+ hour = atol(val); - - /* Colon separating hour from minute... */ - token = peek_token(&val, NULL, cfile); -@@ -1072,7 +1072,7 @@ parse_date_core(cfile) - return((TIME)0); - } - skip_token(&val, NULL, cfile); /* consume minute */ -- min = atoi(val); -+ min = atol(val); - - /* Colon separating minute from second... */ - token = peek_token(&val, NULL, cfile); -@@ -1094,13 +1094,13 @@ parse_date_core(cfile) - return((TIME)0); - } - skip_token(&val, NULL, cfile); /* consume second */ -- sec = atoi(val); -+ sec = atol(val); - - tzoff = 0; - token = peek_token(&val, NULL, cfile); - if (token == NUMBER) { - skip_token(&val, NULL, cfile); /* consume tzoff */ -- tzoff = atoi(val); -+ tzoff = atol(val); - } else if (token != SEMI) { - skip_token(&val, NULL, cfile); - parse_warn(cfile, diff --git a/src/patches/dhcp/dhcp-CLOEXEC.patch b/src/patches/dhcp/dhcp-CLOEXEC.patch deleted file mode 100644 index 722865e4f6..0000000000 --- a/src/patches/dhcp/dhcp-CLOEXEC.patch +++ /dev/null @@ -1,342 +0,0 @@ -diff -up dhcp-4.3.0a1/client/clparse.c.cloexec dhcp-4.3.0a1/client/clparse.c ---- dhcp-4.3.0a1/client/clparse.c.cloexec 2013-12-19 15:34:41.638886256 +0100 -+++ dhcp-4.3.0a1/client/clparse.c 2013-12-19 15:34:41.657885985 +0100 -@@ -253,7 +253,7 @@ int read_client_conf_file (const char *n - int token; - isc_result_t status; - -- if ((file = open (name, O_RDONLY)) < 0) -+ if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0) - return uerr2isc (errno); - - cfile = NULL; -@@ -290,7 +290,7 @@ void read_client_leases () - - /* Open the lease file. If we can't open it, just return - - we can safely trust the server to remember our state. */ -- if ((file = open (path_dhclient_db, O_RDONLY)) < 0) -+ if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0) - return; - - cfile = NULL; -diff -up dhcp-4.3.0a1/client/dhclient.c.cloexec dhcp-4.3.0a1/client/dhclient.c ---- dhcp-4.3.0a1/client/dhclient.c.cloexec 2013-12-19 15:34:41.629886384 +0100 -+++ dhcp-4.3.0a1/client/dhclient.c 2013-12-19 15:36:41.608180467 +0100 -@@ -148,11 +148,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0 (stdin), 1, (stdout), and - 2 (stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) -@@ -504,7 +504,7 @@ main(int argc, char **argv) { - long temp; - int e; - -- if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) { -+ if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) { - e = fscanf(pidfd, "%ld\n", &temp); - oldpid = (pid_t)temp; - -@@ -554,7 +554,7 @@ main(int argc, char **argv) { - strncpy(new_path_dhclient_pid, path_dhclient_pid, pfx); - sprintf(new_path_dhclient_pid + pfx, "-%s.pid", ip->name); - -- if ((pidfd = fopen(new_path_dhclient_pid, "r")) != NULL) { -+ if ((pidfd = fopen(new_path_dhclient_pid, "re")) != NULL) { - e = fscanf(pidfd, "%ld\n", &temp); - oldpid = (pid_t)temp; - -@@ -579,7 +579,7 @@ main(int argc, char **argv) { - int dhc_running = 0; - char procfn[256] = ""; - -- if ((pidfp = fopen(path_dhclient_pid, "r")) != NULL) { -+ if ((pidfp = fopen(path_dhclient_pid, "re")) != NULL) { - if ((fscanf(pidfp, "%ld", &temp)==1) && ((dhcpid=(pid_t)temp) > 0)) { - snprintf(procfn,256,"/proc/%u",dhcpid); - dhc_running = (access(procfn, F_OK) == 0); -@@ -3077,7 +3077,7 @@ void rewrite_client_leases () - - if (leaseFile != NULL) - fclose (leaseFile); -- leaseFile = fopen (path_dhclient_db, "w"); -+ leaseFile = fopen (path_dhclient_db, "we"); - if (leaseFile == NULL) { - log_error ("can't create %s: %m", path_dhclient_db); - return; -@@ -3261,7 +3261,7 @@ write_duid(struct data_string *duid) - return DHCP_R_INVALIDARG; - - if (leaseFile == NULL) { /* XXX? */ -- leaseFile = fopen(path_dhclient_db, "w"); -+ leaseFile = fopen(path_dhclient_db, "we"); - if (leaseFile == NULL) { - log_error("can't create %s: %m", path_dhclient_db); - return ISC_R_IOERROR; -@@ -3441,7 +3441,7 @@ int write_client_lease (client, lease, r - return 1; - - if (leaseFile == NULL) { /* XXX */ -- leaseFile = fopen (path_dhclient_db, "w"); -+ leaseFile = fopen (path_dhclient_db, "we"); - if (leaseFile == NULL) { - log_error ("can't create %s: %m", path_dhclient_db); - return 0; -@@ -3952,9 +3952,9 @@ void go_daemon () - (void) close(2); - - /* Reopen them on /dev/null. */ -- (void) open("/dev/null", O_RDWR); -- (void) open("/dev/null", O_RDWR); -- (void) open("/dev/null", O_RDWR); -+ (void) open("/dev/null", O_RDWR | O_CLOEXEC); -+ (void) open("/dev/null", O_RDWR | O_CLOEXEC); -+ (void) open("/dev/null", O_RDWR | O_CLOEXEC); - - write_client_pid_file (); - -@@ -3971,14 +3971,14 @@ void write_client_pid_file () - return; - } - -- pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY, 0644); -+ pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); - - if (pfdesc < 0) { - log_error ("Can't create %s: %m", path_dhclient_pid); - return; - } - -- pf = fdopen (pfdesc, "w"); -+ pf = fdopen (pfdesc, "we"); - if (!pf) { - close(pfdesc); - log_error ("Can't fdopen %s: %m", path_dhclient_pid); -diff -up dhcp-4.3.0a1/common/bpf.c.cloexec dhcp-4.3.0a1/common/bpf.c ---- dhcp-4.3.0a1/common/bpf.c.cloexec 2013-12-19 15:34:41.640886227 +0100 -+++ dhcp-4.3.0a1/common/bpf.c 2013-12-19 15:34:41.661885928 +0100 -@@ -95,7 +95,7 @@ int if_register_bpf (info) - for (b = 0; 1; b++) { - /* %Audit% 31 bytes max. %2004.06.17,Safe% */ - sprintf(filename, BPF_FORMAT, b); -- sock = open (filename, O_RDWR, 0); -+ sock = open (filename, O_RDWR | O_CLOEXEC, 0); - if (sock < 0) { - if (errno == EBUSY) { - continue; -diff -up dhcp-4.3.0a1/common/dlpi.c.cloexec dhcp-4.3.0a1/common/dlpi.c ---- dhcp-4.3.0a1/common/dlpi.c.cloexec 2013-12-19 15:34:41.641886213 +0100 -+++ dhcp-4.3.0a1/common/dlpi.c 2013-12-19 15:34:41.662885914 +0100 -@@ -804,7 +804,7 @@ dlpiopen(const char *ifname) { - } - *dp = '\0'; - -- return open (devname, O_RDWR, 0); -+ return open (devname, O_RDWR | O_CLOEXEC, 0); - } - - /* -diff -up dhcp-4.3.0a1/common/nit.c.cloexec dhcp-4.3.0a1/common/nit.c ---- dhcp-4.3.0a1/common/nit.c.cloexec 2013-12-19 15:34:41.642886199 +0100 -+++ dhcp-4.3.0a1/common/nit.c 2013-12-19 15:34:41.662885914 +0100 -@@ -81,7 +81,7 @@ int if_register_nit (info) - struct strioctl sio; - - /* Open a NIT device */ -- sock = open ("/dev/nit", O_RDWR); -+ sock = open ("/dev/nit", O_RDWR | O_CLOEXEC); - if (sock < 0) - log_fatal ("Can't open NIT device for %s: %m", info -> name); - -diff -up dhcp-4.3.0a1/common/resolv.c.cloexec dhcp-4.3.0a1/common/resolv.c ---- dhcp-4.3.0a1/common/resolv.c.cloexec 2013-12-11 01:25:12.000000000 +0100 -+++ dhcp-4.3.0a1/common/resolv.c 2013-12-19 15:34:41.663885900 +0100 -@@ -50,7 +50,7 @@ void read_resolv_conf (parse_time) - struct domain_search_list *dp, *dl, *nd; - isc_result_t status; - -- if ((file = open (path_resolv_conf, O_RDONLY)) < 0) { -+ if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) { - log_error ("Can't open %s: %m", path_resolv_conf); - return; - } -diff -up dhcp-4.3.0a1/common/upf.c.cloexec dhcp-4.3.0a1/common/upf.c ---- dhcp-4.3.0a1/common/upf.c.cloexec 2013-12-19 15:34:41.642886199 +0100 -+++ dhcp-4.3.0a1/common/upf.c 2013-12-19 15:34:41.663885900 +0100 -@@ -77,7 +77,7 @@ int if_register_upf (info) - /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ - sprintf(filename, "/dev/pf/pfilt%d", b); - -- sock = open (filename, O_RDWR, 0); -+ sock = open (filename, O_RDWR | O_CLOEXEC, 0); - if (sock < 0) { - if (errno == EBUSY) { - continue; -diff -up dhcp-4.3.0a1/omapip/trace.c.cloexec dhcp-4.3.0a1/omapip/trace.c ---- dhcp-4.3.0a1/omapip/trace.c.cloexec 2013-12-11 01:01:03.000000000 +0100 -+++ dhcp-4.3.0a1/omapip/trace.c 2013-12-19 15:34:41.663885900 +0100 -@@ -142,10 +142,10 @@ isc_result_t trace_begin (const char *fi - return DHCP_R_INVALIDARG; - } - -- traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600); -+ traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600); - if (traceoutfile < 0 && errno == EEXIST) { - log_error ("WARNING: Overwriting trace file \"%s\"", filename); -- traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC, -+ traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC | O_CLOEXEC, - 0600); - } - -@@ -433,7 +433,7 @@ void trace_file_replay (const char *file - isc_result_t result; - int len; - -- traceinfile = fopen (filename, "r"); -+ traceinfile = fopen (filename, "re"); - if (!traceinfile) { - log_error("Can't open tracefile %s: %m", filename); - return; -diff -up dhcp-4.3.0a1/relay/dhcrelay.c.cloexec dhcp-4.3.0a1/relay/dhcrelay.c ---- dhcp-4.3.0a1/relay/dhcrelay.c.cloexec 2013-12-13 22:26:21.000000000 +0100 -+++ dhcp-4.3.0a1/relay/dhcrelay.c 2013-12-19 15:34:41.664885886 +0100 -@@ -193,11 +193,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0(stdin), 1,(stdout), and - 2(stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) -@@ -564,13 +564,13 @@ main(int argc, char **argv) { - - if (no_pid_file == ISC_FALSE) { - pfdesc = open(path_dhcrelay_pid, -- O_CREAT | O_TRUNC | O_WRONLY, 0644); -+ O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); - - if (pfdesc < 0) { - log_error("Can't create %s: %m", - path_dhcrelay_pid); - } else { -- pf = fdopen(pfdesc, "w"); -+ pf = fdopen(pfdesc, "we"); - if (!pf) - log_error("Can't fdopen %s: %m", - path_dhcrelay_pid); -diff -up dhcp-4.3.0a1/server/confpars.c.cloexec dhcp-4.3.0a1/server/confpars.c ---- dhcp-4.3.0a1/server/confpars.c.cloexec 2013-12-11 01:25:12.000000000 +0100 -+++ dhcp-4.3.0a1/server/confpars.c 2013-12-19 15:34:41.665885871 +0100 -@@ -117,7 +117,7 @@ isc_result_t read_conf_file (const char - } - #endif - -- if ((file = open (filename, O_RDONLY)) < 0) { -+ if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) { - if (leasep) { - log_error ("Can't open lease database %s: %m --", - path_dhcpd_db); -diff -up dhcp-4.3.0a1/server/db.c.cloexec dhcp-4.3.0a1/server/db.c ---- dhcp-4.3.0a1/server/db.c.cloexec 2013-12-11 01:25:12.000000000 +0100 -+++ dhcp-4.3.0a1/server/db.c 2013-12-19 15:34:41.666885857 +0100 -@@ -1081,7 +1081,7 @@ void db_startup (testp) - } - #endif - if (!testp) { -- db_file = fopen (path_dhcpd_db, "a"); -+ db_file = fopen (path_dhcpd_db, "ae"); - if (!db_file) - log_fatal ("Can't open %s for append.", path_dhcpd_db); - expire_all_pools (); -@@ -1129,12 +1129,12 @@ int new_lease_file () - path_dhcpd_db, (int)t) >= sizeof newfname) - log_fatal("new_lease_file: lease file path too long"); - -- db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664); -+ db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0664); - if (db_fd < 0) { - log_error ("Can't create new lease file: %m"); - return 0; - } -- if ((new_db_file = fdopen(db_fd, "w")) == NULL) { -+ if ((new_db_file = fdopen(db_fd, "we")) == NULL) { - log_error("Can't fdopen new lease file: %m"); - close(db_fd); - goto fdfail; -diff -up dhcp-4.3.0a1/server/dhcpd.c.cloexec dhcp-4.3.0a1/server/dhcpd.c ---- dhcp-4.3.0a1/server/dhcpd.c.cloexec 2013-12-13 22:26:01.000000000 +0100 -+++ dhcp-4.3.0a1/server/dhcpd.c 2013-12-19 15:37:17.258674472 +0100 -@@ -193,11 +193,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0 (stdin), 1, (stdout), and - 2 (stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) -@@ -716,7 +716,7 @@ main(int argc, char **argv) { - */ - if (no_pid_file == ISC_FALSE) { - /*Read previous pid file. */ -- if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) { -+ if ((i = open (path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) { - status = read(i, pbuf, (sizeof pbuf) - 1); - close (i); - if (status > 0) { -@@ -735,7 +735,7 @@ main(int argc, char **argv) { - } - - /* Write new pid file. */ -- i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644); -+ i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); - if (i >= 0) { - sprintf(pbuf, "%d\n", (int) getpid()); - IGNORE_RET (write(i, pbuf, strlen(pbuf))); -@@ -763,9 +763,9 @@ main(int argc, char **argv) { - (void) close(2); - - /* Reopen them on /dev/null. */ -- (void) open("/dev/null", O_RDWR); -- (void) open("/dev/null", O_RDWR); -- (void) open("/dev/null", O_RDWR); -+ (void) open("/dev/null", O_RDWR | O_CLOEXEC); -+ (void) open("/dev/null", O_RDWR | O_CLOEXEC); -+ (void) open("/dev/null", O_RDWR | O_CLOEXEC); - log_perror = 0; /* No sense logging to /dev/null. */ - - IGNORE_RET (chdir("/")); -diff -up dhcp-4.3.0a1/server/ldap.c.cloexec dhcp-4.3.0a1/server/ldap.c ---- dhcp-4.3.0a1/server/ldap.c.cloexec 2013-12-11 01:25:12.000000000 +0100 -+++ dhcp-4.3.0a1/server/ldap.c 2013-12-19 15:34:41.667885843 +0100 -@@ -684,7 +684,7 @@ ldap_start (void) - - if (ldap_debug_file != NULL && ldap_debug_fd == -1) - { -- if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY, -+ if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, - S_IRUSR | S_IWUSR)) < 0) - log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, - strerror (errno)); diff --git a/src/patches/dhcp/dhcp-PPP.patch b/src/patches/dhcp/dhcp-PPP.patch deleted file mode 100644 index 5d022e4320..0000000000 --- a/src/patches/dhcp/dhcp-PPP.patch +++ /dev/null @@ -1,150 +0,0 @@ -diff -up dhcp-4.3.1b1/client/dhc6.c.mRfpsB dhcp-4.3.1b1/client/dhc6.c ---- dhcp-4.3.1b1/client/dhc6.c.mRfpsB 2014-07-10 17:48:03.779424870 +0200 -+++ dhcp-4.3.1b1/client/dhc6.c 2014-07-10 17:48:03.795424644 +0200 -@@ -5088,7 +5088,8 @@ make_client6_options(struct client_state - */ - if ((oc = lookup_option(&dhcpv6_universe, *op, - D6O_CLIENTID)) == NULL) { -- if (!option_cache(&oc, &default_duid, NULL, clientid_option, -+ if (default_duid.len == 0 || -+ !option_cache(&oc, &default_duid, NULL, clientid_option, - MDL)) - log_fatal("Failure assembling a DUID."); - -diff -up dhcp-4.3.1b1/client/dhclient.c.mRfpsB dhcp-4.3.1b1/client/dhclient.c ---- dhcp-4.3.1b1/client/dhclient.c.mRfpsB 2014-07-10 17:39:25.853763858 +0200 -+++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:49:49.882925843 +0200 -@@ -948,8 +948,8 @@ main(int argc, char **argv) { - if (default_duid.buffer != NULL) - data_string_forget(&default_duid, MDL); - -- form_duid(&default_duid, MDL); -- write_duid(&default_duid); -+ if (form_duid(&default_duid, MDL) == ISC_R_SUCCESS) -+ write_duid(&default_duid); - } - } - -@@ -3267,7 +3267,7 @@ write_options(struct client_state *clien - * is not how it is intended. Upcoming rearchitecting the client should - * address this "one daemon model." - */ --void -+isc_result_t - form_duid(struct data_string *duid, const char *file, int line) - { - struct interface_info *ip; -@@ -3280,6 +3280,15 @@ form_duid(struct data_string *duid, cons - if (ip == NULL) - log_fatal("Impossible condition at %s:%d.", MDL); - -+ while (ip && ip->hw_address.hbuf[0] == HTYPE_RESERVED) { -+ /* Try the other interfaces */ -+ log_debug("Cannot form default DUID from interface %s.", ip->name); -+ ip = ip->next; -+ } -+ if (ip == NULL) { -+ return ISC_R_UNEXPECTED; -+ } -+ - if ((ip->hw_address.hlen == 0) || - (ip->hw_address.hlen > sizeof(ip->hw_address.hbuf))) - log_fatal("Impossible hardware address length at %s:%d.", MDL); -@@ -3323,6 +3332,8 @@ form_duid(struct data_string *duid, cons - log_info("Created duid %s.", str); - dfree(str, MDL); - } -+ -+ return ISC_R_SUCCESS; - } - - /* Write the default DUID to the lease store. */ -diff -up dhcp-4.3.1b1/common/bpf.c.mRfpsB dhcp-4.3.1b1/common/bpf.c ---- dhcp-4.3.1b1/common/bpf.c.mRfpsB 2014-07-10 17:39:25.797764653 +0200 -+++ dhcp-4.3.1b1/common/bpf.c 2014-07-10 17:48:03.797424616 +0200 -@@ -600,6 +600,22 @@ get_hw_addr(const char *name, struct har - memcpy(&hw->hbuf[1], LLADDR(sa), sa->sdl_alen); - break; - #endif /* IFT_FDDI */ -+#if defined(IFT_PPP) -+ case IFT_PPP: -+ if (local_family != AF_INET6) -+ log_fatal("Unsupported device type %d for \"%s\"", -+ sa->sdl_type, name); -+ hw->hlen = 0; -+ hw->hbuf[0] = HTYPE_RESERVED; -+ /* 0xdeadbeef should never occur on the wire, -+ * and is a signature that something went wrong. -+ */ -+ hw->hbuf[1] = 0xde; -+ hw->hbuf[2] = 0xad; -+ hw->hbuf[3] = 0xbe; -+ hw->hbuf[4] = 0xef; -+ break; -+#endif - default: - log_fatal("Unsupported device type %d for \"%s\"", - sa->sdl_type, name); -diff -up dhcp-4.3.1b1/common/lpf.c.mRfpsB dhcp-4.3.1b1/common/lpf.c ---- dhcp-4.3.1b1/common/lpf.c.mRfpsB 2014-07-10 17:39:25.744765404 +0200 -+++ dhcp-4.3.1b1/common/lpf.c 2014-07-10 17:48:03.797424616 +0200 -@@ -511,6 +511,22 @@ get_hw_addr(const char *name, struct har - hw->hbuf[0] = HTYPE_FDDI; - memcpy(&hw->hbuf[1], sa->sa_data, 6); - break; -+#if defined(ARPHRD_PPP) -+ case ARPHRD_PPP: -+ if (local_family != AF_INET6) -+ log_fatal("Unsupported device type %d for \"%s\"", -+ sa->sa_family, name); -+ hw->hlen = 0; -+ hw->hbuf[0] = HTYPE_RESERVED; -+ /* 0xdeadbeef should never occur on the wire, -+ * and is a signature that something went wrong. -+ */ -+ hw->hbuf[1] = 0xde; -+ hw->hbuf[2] = 0xad; -+ hw->hbuf[3] = 0xbe; -+ hw->hbuf[4] = 0xef; -+ break; -+#endif - default: - log_fatal("Unsupported device type %ld for \"%s\"", - (long int)sa->sa_family, name); -diff -up dhcp-4.3.1b1/includes/dhcpd.h.mRfpsB dhcp-4.3.1b1/includes/dhcpd.h ---- dhcp-4.3.1b1/includes/dhcpd.h.mRfpsB 2014-07-10 17:48:03.761425124 +0200 -+++ dhcp-4.3.1b1/includes/dhcpd.h 2014-07-10 17:48:03.798424601 +0200 -@@ -2839,7 +2839,7 @@ void client_dns_remove(struct client_sta - - void dhcpv4_client_assignments(void); - void dhcpv6_client_assignments(void); --void form_duid(struct data_string *duid, const char *file, int line); -+isc_result_t form_duid(struct data_string *duid, const char *file, int line); - - /* dhc6.c */ - void dhc6_lease_destroy(struct dhc6_lease **src, const char *file, int line); -diff -up dhcp-4.3.1b1/includes/dhcp.h.mRfpsB dhcp-4.3.1b1/includes/dhcp.h ---- dhcp-4.3.1b1/includes/dhcp.h.mRfpsB 2014-07-10 17:48:03.761425124 +0200 -+++ dhcp-4.3.1b1/includes/dhcp.h 2014-07-10 17:48:03.798424601 +0200 -@@ -81,6 +81,8 @@ struct dhcp_packet { - * is no standard for this so we - * just steal a type */ - -+#define HTYPE_RESERVED 0 /* RFC 5494 */ -+ - /* Magic cookie validating dhcp options field (and bootp vendor - extensions field). */ - #define DHCP_OPTIONS_COOKIE "\143\202\123\143" -diff -up dhcp-4.3.1b1/server/dhcpv6.c.mRfpsB dhcp-4.3.1b1/server/dhcpv6.c ---- dhcp-4.3.1b1/server/dhcpv6.c.mRfpsB 2014-07-10 17:47:31.464881409 +0200 -+++ dhcp-4.3.1b1/server/dhcpv6.c 2014-07-10 17:48:03.800424573 +0200 -@@ -330,6 +330,9 @@ generate_new_server_duid(void) { - if (p->hw_address.hlen > 0) { - break; - } -+ if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) { -+ log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!"); -+ } - } - if (p == NULL) { - return ISC_R_UNEXPECTED; diff --git a/src/patches/dhcp/dhcp-UseMulticast.patch b/src/patches/dhcp/dhcp-UseMulticast.patch deleted file mode 100644 index ee0ea6b9af..0000000000 --- a/src/patches/dhcp/dhcp-UseMulticast.patch +++ /dev/null @@ -1,241 +0,0 @@ -diff -up dhcp-4.3.1b1/server/dhcpv6.c.UseMulticast dhcp-4.3.1b1/server/dhcpv6.c ---- dhcp-4.3.1b1/server/dhcpv6.c.UseMulticast 2014-07-02 19:58:40.000000000 +0200 -+++ dhcp-4.3.1b1/server/dhcpv6.c 2014-07-10 18:20:03.066256219 +0200 -@@ -376,6 +376,48 @@ generate_new_server_duid(void) { - } - - /* -+ * Is the D6O_UNICAST option defined in dhcpd.conf ? -+ */ -+static isc_boolean_t unicast_option_defined; -+ -+/* -+ * Did we already search dhcpd.conf for D6O_UNICAST option ? -+ * We need to store it here to not parse dhcpd.conf repeatedly. -+ */ -+static isc_boolean_t unicast_option_parsed = ISC_FALSE; -+ -+ -+/* -+ * Is the D6O_UNICAST option defined in dhcpd.conf ? -+ */ -+isc_boolean_t -+is_unicast_option_defined(void) { -+ struct option_state *opt_state; -+ struct option_cache *oc; -+ -+ /* -+ * If we are looking for the unicast option for the first time -+ */ -+ if (unicast_option_parsed == ISC_FALSE) { -+ unicast_option_parsed = ISC_TRUE; -+ opt_state = NULL; -+ if (!option_state_allocate(&opt_state, MDL)) { -+ log_fatal("No memory for option state."); -+ } -+ -+ execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, -+ opt_state, &global_scope, root_group, NULL, NULL); -+ -+ oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST); -+ unicast_option_defined = (oc != NULL); -+ -+ option_state_dereference(&opt_state, MDL); -+ } -+ -+ return (unicast_option_defined); -+} -+ -+/* - * Get the client identifier from the packet. - */ - isc_result_t -@@ -706,6 +748,12 @@ static const int required_opts[] = { - D6O_PREFERENCE, - 0 - }; -+static const int required_opts_NAA[] = { -+ D6O_CLIENTID, -+ D6O_SERVERID, -+ D6O_STATUS_CODE, -+ 0 -+}; - static const int required_opts_solicit[] = { - D6O_CLIENTID, - D6O_SERVERID, -@@ -1587,6 +1635,56 @@ lease_to_client(struct data_string *repl - reply.shared->group, NULL); - } - -+ /* reject unicast message, unless we set unicast option */ -+ if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) -+ /* -+ * RFC3315 section 18.2.1 (Request): -+ * -+ * When the server receives a Request message via unicast from a client -+ * to which the server has not sent a unicast option, the server -+ * discards the Request message and responds with a Reply message -+ * containing a Status Code option with the value UseMulticast, a Server -+ * Identifier option containing the server's DUID, the Client Identifier -+ * option from the client message, and no other options. -+ * -+ * Section 18.2.3 (Renew): -+ * -+ * When the server receives a Renew message via unicast from a client to -+ * which the server has not sent a unicast option, the server discards -+ * the Renew message and responds with a Reply message containing a -+ * Status Code option with the value UseMulticast, a Server Identifier -+ * option containing the server's DUID, the Client Identifier option -+ * from the client message, and no other options. -+ */ -+ { -+ /* Set the UseMulticast status code. */ -+ if (!set_status_code(STATUS_UseMulticast, -+ "Unicast not allowed by server.", -+ reply.opt_state)) { -+ log_error("lease_to_client: Unable to set " -+ "UseMulticast status code."); -+ goto exit; -+ } -+ -+ /* Rewind the cursor to the start. */ -+ reply.cursor = REPLY_OPTIONS_INDEX; -+ -+ /* -+ * Produce an reply that includes only: -+ * -+ * Status code. -+ * Server DUID. -+ * Client DUID. -+ */ -+ reply.cursor += store_options6((char *)reply.buf.data + -+ reply.cursor, -+ sizeof(reply.buf) - -+ reply.cursor, -+ reply.opt_state, reply.packet, -+ required_opts_NAA, -+ NULL); -+ } -+ - /* - * RFC3315 section 17.2.2 (Solicit): - * -@@ -1619,6 +1717,7 @@ lease_to_client(struct data_string *repl - * Having stored the client's IA's, store any options that - * will fit in the remaining space. - */ -+ else - reply.cursor += store_options6((char *)reply.buf.data + reply.cursor, - sizeof(reply.buf) - reply.cursor, - reply.opt_state, reply.packet, -@@ -4748,7 +4847,6 @@ dhcpv6_solicit(struct data_string *reply - * Very similar to Solicit handling, except the server DUID is required. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - static void - dhcpv6_request(struct data_string *reply_ret, struct packet *packet) { - struct data_string client_id; -@@ -5078,7 +5176,6 @@ exit: - * except for the error code of when addresses don't match. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - static void - dhcpv6_renew(struct data_string *reply, struct packet *packet) { - struct data_string client_id; -@@ -5322,18 +5419,60 @@ iterate_over_ia_na(struct data_string *r - goto exit; - } - -- snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type); -- if (!set_status_code(STATUS_Success, status_msg, opt_state)) { -- goto exit; -- } -+ /* reject unicast message, unless we set unicast option */ -+ if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) { -+ /* -+ * RFC3315 section 18.2.6 (Release): -+ * -+ * When the server receives a Release message via unicast from a client -+ * to which the server has not sent a unicast option, the server -+ * discards the Release message and responds with a Reply message -+ * containing a Status Code option with value UseMulticast, a Server -+ * Identifier option containing the server's DUID, the Client Identifier -+ * option from the client message, and no other options. -+ * -+ * Section 18.2.7 (Decline): -+ * -+ * When the server receives a Decline message via unicast from a client -+ * to which the server has not sent a unicast option, the server -+ * discards the Decline message and responds with a Reply message -+ * containing a Status Code option with the value UseMulticast, a Server -+ * Identifier option containing the server's DUID, the Client Identifier -+ * option from the client message, and no other options. -+ */ -+ snprintf(status_msg, sizeof(status_msg), -+ "%s received unicast.", packet_type); -+ if (!set_status_code(STATUS_UseMulticast, status_msg, opt_state)) { -+ goto exit; -+ } - -- /* -- * Add our options that are not associated with any IA_NA or IA_TA. -- */ -- reply_ofs += store_options6(reply_data+reply_ofs, -- sizeof(reply_data)-reply_ofs, -+ /* -+ * Produce an reply that includes only: -+ * -+ * Status code. -+ * Server DUID. -+ * Client DUID. -+ */ -+ reply_ofs += store_options6(reply_data+reply_ofs, -+ sizeof(reply_data)-reply_ofs, - opt_state, packet, -- required_opts, NULL); -+ required_opts_NAA, NULL); -+ -+ goto return_reply; -+ } else { -+ snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type); -+ if (!set_status_code(STATUS_Success, status_msg, opt_state)) { -+ goto exit; -+ } -+ -+ /* -+ * Add our options that are not associated with any IA_NA or IA_TA. -+ */ -+ reply_ofs += store_options6(reply_data+reply_ofs, -+ sizeof(reply_data)-reply_ofs, -+ opt_state, packet, -+ required_opts, NULL); -+ } - - /* - * Loop through the IA_NA reported by the client, and deal with -@@ -5471,6 +5610,7 @@ iterate_over_ia_na(struct data_string *r - /* - * Return our reply to the caller. - */ -+return_reply: - reply_ret->len = reply_ofs; - reply_ret->buffer = NULL; - if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) { -@@ -5516,7 +5656,6 @@ exit: - * we still need to be aware of this possibility. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - /* TODO: IA_TA */ - static void - dhcpv6_decline(struct data_string *reply, struct packet *packet) { -@@ -5986,7 +6125,6 @@ exit: - * Release means a client is done with the leases. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - static void - dhcpv6_release(struct data_string *reply, struct packet *packet) { - struct data_string client_id; diff --git a/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch b/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch deleted file mode 100644 index 103824c384..0000000000 --- a/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -up dhcp-4.3.0a1/common/dispatch.c.dracut dhcp-4.3.0a1/common/dispatch.c ---- dhcp-4.3.0a1/common/dispatch.c.dracut 2013-12-11 01:25:12.000000000 +0100 -+++ dhcp-4.3.0a1/common/dispatch.c 2013-12-19 15:39:50.350505860 +0100 -@@ -210,6 +210,10 @@ void add_timeout (when, where, what, ref - isc_interval_t interval; - isc_time_t expires; - -+ if (when == NULL) { -+ return; -+ } -+ - /* See if this timeout supersedes an existing timeout. */ - t = (struct timeout *)0; - for (q = timeouts; q; q = q->next) { diff --git a/src/patches/dhcp/dhcp-capability.patch b/src/patches/dhcp/dhcp-capability.patch deleted file mode 100644 index 91a1baef52..0000000000 --- a/src/patches/dhcp/dhcp-capability.patch +++ /dev/null @@ -1,250 +0,0 @@ -diff -up dhcp-4.3.1b1/client/dhclient.8.zzftXp dhcp-4.3.1b1/client/dhclient.8 ---- dhcp-4.3.1b1/client/dhclient.8.zzftXp 2014-07-10 17:38:26.938599402 +0200 -+++ dhcp-4.3.1b1/client/dhclient.8 2014-07-10 17:39:25.852763873 +0200 -@@ -128,6 +128,9 @@ dhclient - Dynamic Host Configuration Pr - .B -w - ] - [ -+.B -nc -+] -+[ - .B -B - ] - [ -@@ -304,6 +307,32 @@ has been added or removed, so that the c - address on that interface. - - .TP -+.BI \-nc -+Do not drop capabilities. -+ -+Normally, if -+.B dhclient -+was compiled with libcap-ng support, -+.B dhclient -+drops most capabilities immediately upon startup. While more secure, -+this greatly restricts the additional actions that hooks in -+.B dhclient-script (8) -+can take. (For example, any daemons that -+.B dhclient-script (8) -+starts or restarts will inherit the restricted capabilities as well, -+which may interfere with their correct operation.) Thus, the -+.BI \-nc -+option can be used to prevent -+.B dhclient -+from dropping capabilities. -+ -+The -+.BI \-nc -+option is ignored if -+.B dhclient -+was not compiled with libcap-ng support. -+ -+.TP - .BI \-B - Set the BOOTP broadcast flag in request packets so servers will always - broadcast replies. -diff -up dhcp-4.3.1b1/client/dhclient.c.zzftXp dhcp-4.3.1b1/client/dhclient.c ---- dhcp-4.3.1b1/client/dhclient.c.zzftXp 2014-07-10 17:39:25.797764653 +0200 -+++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:39:25.853763858 +0200 -@@ -39,6 +39,10 @@ - #include - #include - -+#ifdef HAVE_LIBCAP_NG -+#include -+#endif -+ - /* - * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define - * that when building ISC code. -@@ -143,6 +147,9 @@ main(int argc, char **argv) { - int timeout_arg = 0; - char *arg_conf = NULL; - int arg_conf_len = 0; -+#ifdef HAVE_LIBCAP_NG -+ int keep_capabilities = 0; -+#endif - - /* Initialize client globals. */ - memset(&default_duid, 0, sizeof(default_duid)); -@@ -425,6 +432,10 @@ main(int argc, char **argv) { - } - - dhclient_request_options = argv[i]; -+ } else if (!strcmp(argv[i], "-nc")) { -+#ifdef HAVE_LIBCAP_NG -+ keep_capabilities = 1; -+#endif - } else if (argv[i][0] == '-') { - usage(); - } else if (interfaces_requested < 0) { -@@ -473,6 +484,19 @@ main(int argc, char **argv) { - path_dhclient_script = s; - } - -+#ifdef HAVE_LIBCAP_NG -+ /* Drop capabilities */ -+ if (!keep_capabilities) { -+ capng_clear(CAPNG_SELECT_CAPS); -+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_DAC_OVERRIDE); // Drop this someday -+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_NET_ADMIN, CAP_NET_RAW, -+ CAP_NET_BIND_SERVICE, CAP_SYS_ADMIN, -1); -+ capng_apply(CAPNG_SELECT_CAPS); -+ } -+#endif -+ - /* Set up the initial dhcp option universe. */ - initialize_common_option_spaces(); - -diff -up dhcp-4.3.1b1/client/dhclient-script.8.zzftXp dhcp-4.3.1b1/client/dhclient-script.8 ---- dhcp-4.3.1b1/client/dhclient-script.8.zzftXp 2014-07-10 17:39:25.761765163 +0200 -+++ dhcp-4.3.1b1/client/dhclient-script.8 2014-07-10 17:39:25.851763887 +0200 -@@ -243,6 +243,16 @@ repeatedly initialized to the values pro - the other. Assuming the information provided by both servers is - valid, this shouldn't cause any real problems, but it could be - confusing. -+.PP -+Normally, if dhclient was compiled with libcap-ng support, -+dhclient drops most capabilities immediately upon startup. -+While more secure, this greatly restricts the additional actions that -+hooks in dhclient-script can take. For example, any daemons that -+dhclient-script starts or restarts will inherit the restricted -+capabilities as well, which may interfere with their correct operation. -+Thus, the -+.BI \-nc -+option can be used to prevent dhclient from dropping capabilities. - .SH SEE ALSO - dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and - dhclient.leases(5). -diff -up dhcp-4.3.1b1/client/Makefile.am.zzftXp dhcp-4.3.1b1/client/Makefile.am ---- dhcp-4.3.1b1/client/Makefile.am.zzftXp 2014-07-10 17:38:10.778828583 +0200 -+++ dhcp-4.3.1b1/client/Makefile.am 2014-07-10 17:39:25.851763887 +0200 -@@ -10,7 +10,7 @@ dhclient_SOURCES = clparse.c dhclient.c - scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ - scripts/netbsd scripts/nextstep scripts/openbsd \ - scripts/solaris scripts/openwrt --dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -+dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \ - $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc - man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 - EXTRA_DIST = $(man_MANS) -diff -up dhcp-4.3.1b1/configure.ac.zzftXp dhcp-4.3.1b1/configure.ac ---- dhcp-4.3.1b1/configure.ac.zzftXp 2014-07-10 17:38:10.779828569 +0200 -+++ dhcp-4.3.1b1/configure.ac 2014-07-10 17:39:25.854763844 +0200 -@@ -499,6 +499,41 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], - # Look for optional headers. - AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) - -+# look for capabilities library -+AC_ARG_WITH(libcap-ng, -+ [ --with-libcap-ng=[auto/yes/no] Add Libcap-ng support [default=auto]],, -+ with_libcap_ng=auto) -+ -+# Check for Libcap-ng API -+# -+# libcap-ng detection -+if test x$with_libcap_ng = xno ; then -+ have_libcap_ng=no; -+else -+ # Start by checking for header file -+ AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no) -+ -+ # See if we have libcap-ng library -+ AC_CHECK_LIB(cap-ng, capng_clear, -+ CAPNG_LDADD=-lcap-ng,) -+ -+ # Check results are usable -+ if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then -+ AC_MSG_ERROR(libcap-ng support was requested and the library was not found) -+ fi -+ if test x$CAPNG_LDADD != x -a $capng_headers = no ; then -+ AC_MSG_ERROR(libcap-ng libraries found but headers are missing) -+ fi -+fi -+AC_SUBST(CAPNG_LDADD) -+AC_MSG_CHECKING(whether to use libcap-ng) -+if test x$CAPNG_LDADD != x ; then -+ AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support]) -+ AC_MSG_RESULT(yes) -+else -+ AC_MSG_RESULT(no) -+fi -+ - # Solaris needs some libraries for functions - AC_SEARCH_LIBS(socket, [socket]) - AC_SEARCH_LIBS(inet_ntoa, [nsl]) -diff -up dhcp-4.3.1b1/relay/dhcrelay.c.zzftXp dhcp-4.3.1b1/relay/dhcrelay.c ---- dhcp-4.3.1b1/relay/dhcrelay.c.zzftXp 2014-07-10 17:39:25.799764624 +0200 -+++ dhcp-4.3.1b1/relay/dhcrelay.c 2014-07-10 17:40:19.191007421 +0200 -@@ -31,6 +31,11 @@ - #include - #include - -+#ifdef HAVE_LIBCAP_NG -+# include -+ int keep_capabilities = 0; -+#endif -+ - TIME default_lease_time = 43200; /* 12 hours... */ - TIME max_lease_time = 86400; /* 24 hours... */ - struct tree_cache *global_options[256]; -@@ -376,6 +381,10 @@ main(int argc, char **argv) { - usage(); - dhcrelay_sub_id = argv[i]; - #endif -+ } else if (!strcmp(argv[i], "-nc")) { -+#ifdef HAVE_LIBCAP_NG -+ keep_capabilities = 1; -+#endif - } else if (!strcmp(argv[i], "-pf")) { - if (++i == argc) - usage(); -@@ -446,6 +455,17 @@ main(int argc, char **argv) { - #endif - } - -+#ifdef HAVE_LIBCAP_NG -+ /* Drop capabilities */ -+ if (!keep_capabilities) { -+ capng_clear(CAPNG_SELECT_BOTH); -+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1); -+ capng_apply(CAPNG_SELECT_BOTH); -+ log_info ("Dropped all unnecessary capabilities."); -+ } -+#endif -+ - if (!quiet) { - log_info("%s %s", message, PACKAGE_VERSION); - log_info(copyright); -@@ -598,6 +618,15 @@ main(int argc, char **argv) { - signal(SIGTERM, dhcp_signal_handler); /* kill */ - #endif - -+#ifdef HAVE_LIBCAP_NG -+ /* Drop all capabilities */ -+ if (!keep_capabilities) { -+ capng_clear(CAPNG_SELECT_BOTH); -+ capng_apply(CAPNG_SELECT_BOTH); -+ log_info ("Dropped all capabilities."); -+ } -+#endif -+ - /* Start dispatching packets and timeouts... */ - dispatch(); - -diff -up dhcp-4.3.1b1/relay/Makefile.am.zzftXp dhcp-4.3.1b1/relay/Makefile.am ---- dhcp-4.3.1b1/relay/Makefile.am.zzftXp 2014-07-10 17:38:10.780828554 +0200 -+++ dhcp-4.3.1b1/relay/Makefile.am 2014-07-10 17:39:25.854763844 +0200 -@@ -2,7 +2,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst - - sbin_PROGRAMS = dhcrelay - dhcrelay_SOURCES = dhcrelay.c --dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -+dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \ - $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc - man_MANS = dhcrelay.8 - EXTRA_DIST = $(man_MANS) diff --git a/src/patches/dhcp/dhcp-default-requested-options.patch b/src/patches/dhcp/dhcp-default-requested-options.patch deleted file mode 100644 index afda222e65..0000000000 --- a/src/patches/dhcp/dhcp-default-requested-options.patch +++ /dev/null @@ -1,44 +0,0 @@ -diff -up dhcp-4.3.0a1/client/clparse.c.requested dhcp-4.3.0a1/client/clparse.c ---- dhcp-4.3.0a1/client/clparse.c.requested 2013-12-19 15:13:27.276631307 +0100 -+++ dhcp-4.3.0a1/client/clparse.c 2013-12-19 15:13:27.313630789 +0100 -@@ -37,7 +37,7 @@ - - struct client_config top_level_config; - --#define NUM_DEFAULT_REQUESTED_OPTS 9 -+#define NUM_DEFAULT_REQUESTED_OPTS 14 - struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 1]; - - static void parse_client_default_duid(struct parse *cfile); -@@ -119,6 +119,31 @@ isc_result_t read_client_conf () - option_code_hash_lookup(&default_requested_options[8], - dhcpv6_universe.code_hash, &code, 0, MDL); - -+ /* 10 */ -+ code = DHO_NIS_DOMAIN; -+ option_code_hash_lookup(&default_requested_options[9], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ -+ /* 11 */ -+ code = DHO_NIS_SERVERS; -+ option_code_hash_lookup(&default_requested_options[10], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ -+ /* 12 */ -+ code = DHO_NTP_SERVERS; -+ option_code_hash_lookup(&default_requested_options[11], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ -+ /* 13 */ -+ code = DHO_INTERFACE_MTU; -+ option_code_hash_lookup(&default_requested_options[12], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ -+ /* 14 */ -+ code = DHO_DOMAIN_SEARCH; -+ option_code_hash_lookup(&default_requested_options[13], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ - for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) { - if (default_requested_options[code] == NULL) - log_fatal("Unable to find option definition for " diff --git a/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch b/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch deleted file mode 100644 index 3e52e6400e..0000000000 --- a/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -up dhcp-4.3.1b1/client/dhclient.c.JwFUZj dhcp-4.3.1b1/client/dhclient.c ---- dhcp-4.3.1b1/client/dhclient.c.JwFUZj 2014-07-10 17:38:50.511265091 +0200 -+++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:39:16.164901267 +0200 -@@ -1281,6 +1281,8 @@ void state_init (cpp) - void *cpp; - { - struct client_state *client = cpp; -+ enum dhcp_state init_state = client->state; -+ struct timeval tv; - - ASSERT_STATE(state, S_INIT); - -@@ -1293,9 +1295,18 @@ void state_init (cpp) - client -> first_sending = cur_time; - client -> interval = client -> config -> initial_interval; - -- /* Add an immediate timeout to cause the first DHCPDISCOVER packet -- to go out. */ -- send_discover (client); -+ if (init_state != S_DECLINED) { -+ /* Add an immediate timeout to cause the first DHCPDISCOVER packet -+ to go out. */ -+ send_discover(client); -+ } else { -+ /* We've received an OFFER and it has been DECLINEd by dhclient-script. -+ * wait for a random time between 1 and backoff_cutoff seconds before -+ * trying again. */ -+ tv . tv_sec = cur_time + ((1 + (random() >> 2)) % client->config->backoff_cutoff); -+ tv . tv_usec = 0; -+ add_timeout(&tv, send_discover, client, 0, 0); -+ } - } - - /* -@@ -1592,6 +1603,7 @@ void bind_lease (client) - "try (declined). Exiting."); - exit(2); - } else { -+ client -> state = S_DECLINED; - state_init(client); - return; - } -@@ -4059,6 +4071,7 @@ void client_location_changed () - case S_INIT: - case S_REBINDING: - case S_STOPPED: -+ case S_DECLINED: - break; - } - client -> state = S_INIT; -diff -up dhcp-4.3.1b1/includes/dhcpd.h.JwFUZj dhcp-4.3.1b1/includes/dhcpd.h ---- dhcp-4.3.1b1/includes/dhcpd.h.JwFUZj 2014-07-10 17:38:26.941599360 +0200 -+++ dhcp-4.3.1b1/includes/dhcpd.h 2014-07-10 17:38:50.526264878 +0200 -@@ -1087,7 +1087,8 @@ enum dhcp_state { - S_BOUND = 5, - S_RENEWING = 6, - S_REBINDING = 7, -- S_STOPPED = 8 -+ S_STOPPED = 8, -+ S_DECLINED = 9 - }; - - /* Authentication and BOOTP policy possibilities (not all values work diff --git a/src/patches/dhcp/dhcp-dhclient-options.patch b/src/patches/dhcp/dhcp-dhclient-options.patch deleted file mode 100644 index 67f144ecb7..0000000000 --- a/src/patches/dhcp/dhcp-dhclient-options.patch +++ /dev/null @@ -1,509 +0,0 @@ -diff -up dhcp-4.3.1b1/client/clparse.c.fLPqYB dhcp-4.3.1b1/client/clparse.c ---- dhcp-4.3.1b1/client/clparse.c.fLPqYB 2014-07-02 19:58:38.000000000 +0200 -+++ dhcp-4.3.1b1/client/clparse.c 2014-07-10 17:38:26.938599402 +0200 -@@ -148,6 +148,7 @@ isc_result_t read_client_conf () - /* Requested lease time, used by DHCPv6 (DHCPv4 uses the option cache) - */ - top_level_config.requested_lease = 7200; -+ top_level_config.bootp_broadcast_always = 0; - - group_allocate (&top_level_config.on_receipt, MDL); - if (!top_level_config.on_receipt) -@@ -353,7 +354,8 @@ void read_client_leases () - interface-declaration | - LEASE client-lease-statement | - ALIAS client-lease-statement | -- KEY key-definition */ -+ KEY key-definition | -+ BOOTP_BROADCAST_ALWAYS */ - - void parse_client_statement (cfile, ip, config) - struct parse *cfile; -@@ -771,6 +773,12 @@ void parse_client_statement (cfile, ip, - parse_reject_statement (cfile, config); - return; - -+ case BOOTP_BROADCAST_ALWAYS: -+ token = next_token(&val, (unsigned*)0, cfile); -+ config -> bootp_broadcast_always = 1; -+ parse_semi (cfile); -+ return; -+ - default: - lose = 0; - stmt = (struct executable_statement *)0; -diff -up dhcp-4.3.1b1/client/dhclient.8.fLPqYB dhcp-4.3.1b1/client/dhclient.8 ---- dhcp-4.3.1b1/client/dhclient.8.fLPqYB 2014-07-02 19:58:38.000000000 +0200 -+++ dhcp-4.3.1b1/client/dhclient.8 2014-07-10 17:38:26.938599402 +0200 -@@ -128,6 +128,33 @@ dhclient - Dynamic Host Configuration Pr - .B -w - ] - [ -+.B -B -+] -+[ -+.B -C -+.I dhcp-client-identifier -+] -+[ -+.B -H -+.I host-name -+] -+[ -+.B -F -+.I fqdn.fqdn -+] -+[ -+.B -V -+.I vendor-class-identifier -+] -+[ -+.B -R -+.I request-option-list -+] -+[ -+.B -timeout -+.I timeout -+] -+[ - .B -v - ] - [ -@@ -275,6 +302,69 @@ not to exit when it doesn't find any suc - program can then be used to notify the client when a network interface - has been added or removed, so that the client can attempt to configure an IP - address on that interface. -+ -+.TP -+.BI \-B -+Set the BOOTP broadcast flag in request packets so servers will always -+broadcast replies. -+ -+.TP -+.BI \-C\ -+Specify the dhcp-client-identifier option to send to the DHCP server. -+ -+.TP -+.BI \-H\ -+Specify the host-name option to send to the DHCP server. The host-name -+string only contains the client's hostname prefix, to which the server will -+append the ddns-domainname or domain-name options, if any, to derive the -+fully qualified domain name of the client. The -+.B -H -+option cannot be used with the -+.B -F -+option. -+ -+.TP -+.BI \-F\ -+Specify the fqdn.fqdn option to send to the DHCP server. This option cannot -+be used with the -+.B -H -+option. The fqdn.fqdn option must specify the complete domain name of the -+client host, which the server may use for dynamic DNS updates. -+ -+.TP -+.BI \-V\ -+Specify the vendor-class-identifier option to send to the DHCP server. -+ -+.TP -+.BI \-R\