[people/pmueller/ipfire-2.x.git] / src / patches / dhcp / dhcp-capability.patch

diff -up dhcp-4.3.1b1/client/dhclient.8.zzftXp dhcp-4.3.1b1/client/dhclient.8
--- dhcp-4.3.1b1/client/dhclient.8.zzftXp	2014-07-10 17:38:26.938599402 +0200
+++ dhcp-4.3.1b1/client/dhclient.8	2014-07-10 17:39:25.852763873 +0200
@@ -128,6 +128,9 @@ dhclient - Dynamic Host Configuration Pr
 .B -w
 ]
 [
+.B -nc
+]
+[
 .B -B
 ]
 [
@@ -304,6 +307,32 @@ has been added or removed, so that the c
 address on that interface.
 
 .TP
+.BI \-nc
+Do not drop capabilities.
+
+Normally, if
+.B dhclient
+was compiled with libcap-ng support,
+.B dhclient
+drops most capabilities immediately upon startup.  While more secure,
+this greatly restricts the additional actions that hooks in
+.B dhclient-script (8)
+can take.  (For example, any daemons that 
+.B dhclient-script (8)
+starts or restarts will inherit the restricted capabilities as well,
+which may interfere with their correct operation.)  Thus, the
+.BI \-nc
+option can be used to prevent
+.B dhclient
+from dropping capabilities.
+
+The
+.BI \-nc
+option is ignored if
+.B dhclient
+was not compiled with libcap-ng support.
+
+.TP
 .BI \-B
 Set the BOOTP broadcast flag in request packets so servers will always
 broadcast replies.
diff -up dhcp-4.3.1b1/client/dhclient.c.zzftXp dhcp-4.3.1b1/client/dhclient.c
--- dhcp-4.3.1b1/client/dhclient.c.zzftXp	2014-07-10 17:39:25.797764653 +0200
+++ dhcp-4.3.1b1/client/dhclient.c	2014-07-10 17:39:25.853763858 +0200
@@ -39,6 +39,10 @@
 #include <limits.h>
 #include <dns/result.h>
 
+#ifdef HAVE_LIBCAP_NG
+#include <cap-ng.h>
+#endif
+
 /*
  * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define
  * that when building ISC code.
@@ -143,6 +147,9 @@ main(int argc, char **argv) {
 	int timeout_arg = 0;
 	char *arg_conf = NULL;
 	int arg_conf_len = 0;
+#ifdef HAVE_LIBCAP_NG
+	int keep_capabilities = 0;
+#endif
 
 	/* Initialize client globals. */
 	memset(&default_duid, 0, sizeof(default_duid));
@@ -425,6 +432,10 @@ main(int argc, char **argv) {
 			}
 
 			dhclient_request_options = argv[i];
+		} else if (!strcmp(argv[i], "-nc")) {
+#ifdef HAVE_LIBCAP_NG
+			keep_capabilities = 1;
+#endif
 		} else if (argv[i][0] == '-') {
 		    usage();
 		} else if (interfaces_requested < 0) {
@@ -473,6 +484,19 @@ main(int argc, char **argv) {
 		path_dhclient_script = s;
 	}
 
+#ifdef HAVE_LIBCAP_NG
+	/* Drop capabilities */
+	if (!keep_capabilities) {
+		capng_clear(CAPNG_SELECT_CAPS);
+		capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+				CAP_DAC_OVERRIDE); // Drop this someday
+		capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+				CAP_NET_ADMIN, CAP_NET_RAW,
+				CAP_NET_BIND_SERVICE, CAP_SYS_ADMIN, -1);
+		capng_apply(CAPNG_SELECT_CAPS);
+	}
+#endif
+
 	/* Set up the initial dhcp option universe. */
 	initialize_common_option_spaces();
 
diff -up dhcp-4.3.1b1/client/dhclient-script.8.zzftXp dhcp-4.3.1b1/client/dhclient-script.8
--- dhcp-4.3.1b1/client/dhclient-script.8.zzftXp	2014-07-10 17:39:25.761765163 +0200
+++ dhcp-4.3.1b1/client/dhclient-script.8	2014-07-10 17:39:25.851763887 +0200
@@ -243,6 +243,16 @@ repeatedly initialized to the values pro
 the other.   Assuming the information provided by both servers is
 valid, this shouldn't cause any real problems, but it could be
 confusing.
+.PP
+Normally, if dhclient was compiled with libcap-ng support,
+dhclient drops most capabilities immediately upon startup.
+While more secure, this greatly restricts the additional actions that
+hooks in dhclient-script can take. For example, any daemons that
+dhclient-script starts or restarts will inherit the restricted
+capabilities as well, which may interfere with their correct operation.
+Thus, the
+.BI \-nc
+option can be used to prevent dhclient from dropping capabilities.
 .SH SEE ALSO
 dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and
 dhclient.leases(5).
diff -up dhcp-4.3.1b1/client/Makefile.am.zzftXp dhcp-4.3.1b1/client/Makefile.am
--- dhcp-4.3.1b1/client/Makefile.am.zzftXp	2014-07-10 17:38:10.778828583 +0200
+++ dhcp-4.3.1b1/client/Makefile.am	2014-07-10 17:39:25.851763887 +0200
@@ -10,7 +10,7 @@ dhclient_SOURCES = clparse.c dhclient.c
 		   scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
 		   scripts/netbsd scripts/nextstep scripts/openbsd \
 		   scripts/solaris scripts/openwrt
-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
+dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \
 		 $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
 man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
 EXTRA_DIST = $(man_MANS)
diff -up dhcp-4.3.1b1/configure.ac.zzftXp dhcp-4.3.1b1/configure.ac
--- dhcp-4.3.1b1/configure.ac.zzftXp	2014-07-10 17:38:10.779828569 +0200
+++ dhcp-4.3.1b1/configure.ac	2014-07-10 17:39:25.854763844 +0200
@@ -499,6 +499,41 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],
 # Look for optional headers.
 AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
 
+# look for capabilities library
+AC_ARG_WITH(libcap-ng,
+    [  --with-libcap-ng=[auto/yes/no]  Add Libcap-ng support [default=auto]],,
+    with_libcap_ng=auto)
+
+# Check for Libcap-ng API
+#
+# libcap-ng detection
+if test x$with_libcap_ng = xno ; then
+    have_libcap_ng=no;
+else
+    # Start by checking for header file
+    AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no)
+
+    # See if we have libcap-ng library
+    AC_CHECK_LIB(cap-ng, capng_clear,
+                 CAPNG_LDADD=-lcap-ng,)
+
+    # Check results are usable
+    if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then
+       AC_MSG_ERROR(libcap-ng support was requested and the library was not found)
+    fi
+    if test x$CAPNG_LDADD != x -a $capng_headers = no ; then
+       AC_MSG_ERROR(libcap-ng libraries found but headers are missing)
+    fi
+fi
+AC_SUBST(CAPNG_LDADD)
+AC_MSG_CHECKING(whether to use libcap-ng)
+if test x$CAPNG_LDADD != x ; then
+    AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support])
+    AC_MSG_RESULT(yes)
+else
+    AC_MSG_RESULT(no)
+fi
+
 # Solaris needs some libraries for functions
 AC_SEARCH_LIBS(socket, [socket])
 AC_SEARCH_LIBS(inet_ntoa, [nsl])
diff -up dhcp-4.3.1b1/relay/dhcrelay.c.zzftXp dhcp-4.3.1b1/relay/dhcrelay.c
--- dhcp-4.3.1b1/relay/dhcrelay.c.zzftXp	2014-07-10 17:39:25.799764624 +0200
+++ dhcp-4.3.1b1/relay/dhcrelay.c	2014-07-10 17:40:19.191007421 +0200
@@ -31,6 +31,11 @@
 #include <signal.h>
 #include <sys/time.h>
 
+#ifdef HAVE_LIBCAP_NG
+#  include <cap-ng.h>
+   int keep_capabilities = 0;
+#endif
+
 TIME default_lease_time = 43200; /* 12 hours... */
 TIME max_lease_time = 86400; /* 24 hours... */
 struct tree_cache *global_options[256];
@@ -376,6 +381,10 @@ main(int argc, char **argv) {
 				usage();
 			dhcrelay_sub_id = argv[i];
 #endif
+		} else if (!strcmp(argv[i], "-nc")) {
+#ifdef HAVE_LIBCAP_NG
+			keep_capabilities = 1;
+#endif
 		} else if (!strcmp(argv[i], "-pf")) {
 			if (++i == argc)
 				usage();
@@ -446,6 +455,17 @@ main(int argc, char **argv) {
 #endif
 	}
 
+#ifdef HAVE_LIBCAP_NG
+	/* Drop capabilities */
+	if (!keep_capabilities) {
+		capng_clear(CAPNG_SELECT_BOTH);
+		capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+				CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1);
+		capng_apply(CAPNG_SELECT_BOTH);
+		log_info ("Dropped all unnecessary capabilities.");
+	}
+#endif
+
 	if (!quiet) {
 		log_info("%s %s", message, PACKAGE_VERSION);
 		log_info(copyright);
@@ -598,6 +618,15 @@ main(int argc, char **argv) {
 	signal(SIGTERM, dhcp_signal_handler);  /* kill */
 #endif
 
+#ifdef HAVE_LIBCAP_NG
+	/* Drop all capabilities */
+	if (!keep_capabilities) {
+		capng_clear(CAPNG_SELECT_BOTH);
+		capng_apply(CAPNG_SELECT_BOTH);
+		log_info ("Dropped all capabilities.");
+	}
+#endif
+
 	/* Start dispatching packets and timeouts... */
 	dispatch();
 
diff -up dhcp-4.3.1b1/relay/Makefile.am.zzftXp dhcp-4.3.1b1/relay/Makefile.am
--- dhcp-4.3.1b1/relay/Makefile.am.zzftXp	2014-07-10 17:38:10.780828554 +0200
+++ dhcp-4.3.1b1/relay/Makefile.am	2014-07-10 17:39:25.854763844 +0200
@@ -2,7 +2,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
 
 sbin_PROGRAMS = dhcrelay
 dhcrelay_SOURCES = dhcrelay.c
-dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
+dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \
 		 $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
 man_MANS = dhcrelay.8
 EXTRA_DIST = $(man_MANS)
Commit	Line	Data
c1e9ba67 MF	1	diff -up dhcp-4.3.1b1/client/dhclient.8.zzftXp dhcp-4.3.1b1/client/dhclient.8
	2	--- dhcp-4.3.1b1/client/dhclient.8.zzftXp 2014-07-10 17:38:26.938599402 +0200
	3	+++ dhcp-4.3.1b1/client/dhclient.8 2014-07-10 17:39:25.852763873 +0200
	4	@@ -128,6 +128,9 @@ dhclient - Dynamic Host Configuration Pr
78ab9b04 MT	5	.B -w
	6	]
	7	[
	8	+.B -nc
	9	+]
	10	+[
	11	.B -B
	12	]
	13	[
c1e9ba67	14	@@ -304,6 +307,32 @@ has been added or removed, so that the c
78ab9b04 MT	15	address on that interface.
	16
	17	.TP
	18	+.BI \-nc
	19	+Do not drop capabilities.
	20	+
	21	+Normally, if
	22	+.B dhclient
	23	+was compiled with libcap-ng support,
	24	+.B dhclient
	25	+drops most capabilities immediately upon startup. While more secure,
	26	+this greatly restricts the additional actions that hooks in
	27	+.B dhclient-script (8)
	28	+can take. (For example, any daemons that
	29	+.B dhclient-script (8)
	30	+starts or restarts will inherit the restricted capabilities as well,
	31	+which may interfere with their correct operation.) Thus, the
	32	+.BI \-nc
	33	+option can be used to prevent
	34	+.B dhclient
	35	+from dropping capabilities.
	36	+
	37	+The
	38	+.BI \-nc
	39	+option is ignored if
	40	+.B dhclient
	41	+was not compiled with libcap-ng support.
	42	+
	43	+.TP
	44	.BI \-B
	45	Set the BOOTP broadcast flag in request packets so servers will always
	46	broadcast replies.
c1e9ba67 MF	47	diff -up dhcp-4.3.1b1/client/dhclient.c.zzftXp dhcp-4.3.1b1/client/dhclient.c
	48	--- dhcp-4.3.1b1/client/dhclient.c.zzftXp 2014-07-10 17:39:25.797764653 +0200
	49	+++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:39:25.853763858 +0200
78ab9b04 MT	50	@@ -39,6 +39,10 @@
	51	#include <limits.h>
	52	#include <dns/result.h>
	53
	54	+#ifdef HAVE_LIBCAP_NG
	55	+#include <cap-ng.h>
	56	+#endif
	57	+
	58	/*
	59	* Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define
	60	* that when building ISC code.
c1e9ba67	61	@@ -143,6 +147,9 @@ main(int argc, char **argv) {
78ab9b04 MT	62	int timeout_arg = 0;
	63	char *arg_conf = NULL;
	64	int arg_conf_len = 0;
	65	+#ifdef HAVE_LIBCAP_NG
	66	+ int keep_capabilities = 0;
	67	+#endif
	68
	69	/* Initialize client globals. */
	70	memset(&default_duid, 0, sizeof(default_duid));
c1e9ba67	71	@@ -425,6 +432,10 @@ main(int argc, char **argv) {
78ab9b04 MT	72	}
	73
	74	dhclient_request_options = argv[i];
	75	+ } else if (!strcmp(argv[i], "-nc")) {
	76	+#ifdef HAVE_LIBCAP_NG
	77	+ keep_capabilities = 1;
	78	+#endif
	79	} else if (argv[i][0] == '-') {
	80	usage();
	81	} else if (interfaces_requested < 0) {
c1e9ba67	82	@@ -473,6 +484,19 @@ main(int argc, char **argv) {
78ab9b04 MT	83	path_dhclient_script = s;
	84	}
	85
	86	+#ifdef HAVE_LIBCAP_NG
	87	+ /* Drop capabilities */
	88	+ if (!keep_capabilities) {
	89	+ capng_clear(CAPNG_SELECT_CAPS);
	90	+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE\|CAPNG_PERMITTED,
	91	+ CAP_DAC_OVERRIDE); // Drop this someday
	92	+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE\|CAPNG_PERMITTED,
	93	+ CAP_NET_ADMIN, CAP_NET_RAW,
	94	+ CAP_NET_BIND_SERVICE, CAP_SYS_ADMIN, -1);
	95	+ capng_apply(CAPNG_SELECT_CAPS);
	96	+ }
	97	+#endif
	98	+
	99	/* Set up the initial dhcp option universe. */
	100	initialize_common_option_spaces();
	101
c1e9ba67 MF	102	diff -up dhcp-4.3.1b1/client/dhclient-script.8.zzftXp dhcp-4.3.1b1/client/dhclient-script.8
	103	--- dhcp-4.3.1b1/client/dhclient-script.8.zzftXp 2014-07-10 17:39:25.761765163 +0200
	104	+++ dhcp-4.3.1b1/client/dhclient-script.8 2014-07-10 17:39:25.851763887 +0200
	105	@@ -243,6 +243,16 @@ repeatedly initialized to the values pro
78ab9b04 MT	106	the other. Assuming the information provided by both servers is
	107	valid, this shouldn't cause any real problems, but it could be
	108	confusing.
	109	+.PP
	110	+Normally, if dhclient was compiled with libcap-ng support,
	111	+dhclient drops most capabilities immediately upon startup.
	112	+While more secure, this greatly restricts the additional actions that
	113	+hooks in dhclient-script can take. For example, any daemons that
	114	+dhclient-script starts or restarts will inherit the restricted
	115	+capabilities as well, which may interfere with their correct operation.
	116	+Thus, the
	117	+.BI \-nc
	118	+option can be used to prevent dhclient from dropping capabilities.
	119	.SH SEE ALSO
	120	dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and
	121	dhclient.leases(5).
c1e9ba67 MF	122	diff -up dhcp-4.3.1b1/client/Makefile.am.zzftXp dhcp-4.3.1b1/client/Makefile.am
	123	--- dhcp-4.3.1b1/client/Makefile.am.zzftXp 2014-07-10 17:38:10.778828583 +0200
	124	+++ dhcp-4.3.1b1/client/Makefile.am 2014-07-10 17:39:25.851763887 +0200
	125	@@ -10,7 +10,7 @@ dhclient_SOURCES = clparse.c dhclient.c
	126	scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
78ab9b04 MT	127	scripts/netbsd scripts/nextstep scripts/openbsd \
78ab9b04 MT	128	scripts/solaris scripts/openwrt
c1e9ba67 MF	129	-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
	130	+dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \
	131	$(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
78ab9b04 MT	132	man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
78ab9b04 MT	133	EXTRA_DIST = $(man_MANS)
c1e9ba67 MF	134	diff -up dhcp-4.3.1b1/configure.ac.zzftXp dhcp-4.3.1b1/configure.ac
	135	--- dhcp-4.3.1b1/configure.ac.zzftXp 2014-07-10 17:38:10.779828569 +0200
	136	+++ dhcp-4.3.1b1/configure.ac 2014-07-10 17:39:25.854763844 +0200
	137	@@ -499,6 +499,41 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],
78ab9b04 MT	138	# Look for optional headers.
	139	AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
	140
	141	+# look for capabilities library
	142	+AC_ARG_WITH(libcap-ng,
	143	+ [ --with-libcap-ng=[auto/yes/no] Add Libcap-ng support [default=auto]],,
	144	+ with_libcap_ng=auto)
	145	+
	146	+# Check for Libcap-ng API
	147	+#
	148	+# libcap-ng detection
	149	+if test x$with_libcap_ng = xno ; then
	150	+ have_libcap_ng=no;
	151	+else
	152	+ # Start by checking for header file
	153	+ AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no)
	154	+
	155	+ # See if we have libcap-ng library
	156	+ AC_CHECK_LIB(cap-ng, capng_clear,
	157	+ CAPNG_LDADD=-lcap-ng,)
	158	+
	159	+ # Check results are usable
	160	+ if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then
	161	+ AC_MSG_ERROR(libcap-ng support was requested and the library was not found)
	162	+ fi
	163	+ if test x$CAPNG_LDADD != x -a $capng_headers = no ; then
	164	+ AC_MSG_ERROR(libcap-ng libraries found but headers are missing)
	165	+ fi
	166	+fi
	167	+AC_SUBST(CAPNG_LDADD)
	168	+AC_MSG_CHECKING(whether to use libcap-ng)
	169	+if test x$CAPNG_LDADD != x ; then
	170	+ AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support])
	171	+ AC_MSG_RESULT(yes)
	172	+else
	173	+ AC_MSG_RESULT(no)
	174	+fi
	175	+
	176	# Solaris needs some libraries for functions
	177	AC_SEARCH_LIBS(socket, [socket])
	178	AC_SEARCH_LIBS(inet_ntoa, [nsl])
c1e9ba67 MF	179	diff -up dhcp-4.3.1b1/relay/dhcrelay.c.zzftXp dhcp-4.3.1b1/relay/dhcrelay.c
	180	--- dhcp-4.3.1b1/relay/dhcrelay.c.zzftXp 2014-07-10 17:39:25.799764624 +0200
	181	+++ dhcp-4.3.1b1/relay/dhcrelay.c 2014-07-10 17:40:19.191007421 +0200
	182	@@ -31,6 +31,11 @@
	183	#include <signal.h>
78ab9b04 MT	184	#include <sys/time.h>
	185
	186	+#ifdef HAVE_LIBCAP_NG
	187	+# include <cap-ng.h>
	188	+ int keep_capabilities = 0;
	189	+#endif
	190	+
	191	TIME default_lease_time = 43200; /* 12 hours... */
	192	TIME max_lease_time = 86400; /* 24 hours... */
	193	struct tree_cache *global_options[256];
c1e9ba67 MF	194	@@ -376,6 +381,10 @@ main(int argc, char **argv) {
	195	usage();
	196	dhcrelay_sub_id = argv[i];
78ab9b04 MT	197	#endif
	198	+ } else if (!strcmp(argv[i], "-nc")) {
	199	+#ifdef HAVE_LIBCAP_NG
	200	+ keep_capabilities = 1;
	201	+#endif
	202	} else if (!strcmp(argv[i], "-pf")) {
	203	if (++i == argc)
	204	usage();
c1e9ba67	205	@@ -446,6 +455,17 @@ main(int argc, char **argv) {
78ab9b04 MT	206	#endif
	207	}
	208
	209	+#ifdef HAVE_LIBCAP_NG
	210	+ /* Drop capabilities */
	211	+ if (!keep_capabilities) {
	212	+ capng_clear(CAPNG_SELECT_BOTH);
	213	+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE\|CAPNG_PERMITTED,
	214	+ CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1);
	215	+ capng_apply(CAPNG_SELECT_BOTH);
	216	+ log_info ("Dropped all unnecessary capabilities.");
	217	+ }
	218	+#endif
	219	+
	220	if (!quiet) {
	221	log_info("%s %s", message, PACKAGE_VERSION);
	222	log_info(copyright);
c1e9ba67 MF	223	@@ -598,6 +618,15 @@ main(int argc, char **argv) {
c1e9ba67 MF	224	signal(SIGTERM, dhcp_signal_handler); /* kill */
78ab9b04 MT	225	#endif
	226
	227	+#ifdef HAVE_LIBCAP_NG
	228	+ /* Drop all capabilities */
	229	+ if (!keep_capabilities) {
	230	+ capng_clear(CAPNG_SELECT_BOTH);
	231	+ capng_apply(CAPNG_SELECT_BOTH);
	232	+ log_info ("Dropped all capabilities.");
	233	+ }
	234	+#endif
	235	+
	236	/* Start dispatching packets and timeouts... */
	237	dispatch();
	238
c1e9ba67 MF	239	diff -up dhcp-4.3.1b1/relay/Makefile.am.zzftXp dhcp-4.3.1b1/relay/Makefile.am
	240	--- dhcp-4.3.1b1/relay/Makefile.am.zzftXp 2014-07-10 17:38:10.780828554 +0200
	241	+++ dhcp-4.3.1b1/relay/Makefile.am 2014-07-10 17:39:25.854763844 +0200
	242	@@ -2,7 +2,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
	243
78ab9b04 MT	244	sbin_PROGRAMS = dhcrelay
78ab9b04 MT	245	dhcrelay_SOURCES = dhcrelay.c
c1e9ba67 MF	246	-dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
	247	+dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \
	248	$(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc
78ab9b04 MT	249	man_MANS = dhcrelay.8
78ab9b04 MT	250	EXTRA_DIST = $(man_MANS)