This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 5bb288a244156c95a61cdf2f3b416061c867bf26 (commit) from d7ce23e5deccf3fbe56c44ff4c29817c03166c76 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5bb288a244156c95a61cdf2f3b416061c867bf26 Author: Matthias Fischer Date: Fri Jun 1 19:54:29 2018 +0200 dhcp: Update to 4.4.1 For details see: https://kb.isc.org/article/AA-01571/82/DHCP-4.4.1-Release-Notes.html This should close https://bugzilla.ipfire.org/show_bug.cgi?id=11697 and https://bugzilla.ipfire.org/show_bug.cgi?id=11293. This update required some changes as described in: https://bugzilla.ipfire.org/show_bug.cgi?id=11697#c6 Thanks to all testers! ;-) Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: config/rootfiles/common/dhcp | 4 +- lfs/dhcp | 39 +- src/patches/dhcp/dhcp-64_bit_lease_parse.patch | 75 --- src/patches/dhcp/dhcp-CLOEXEC.patch | 342 ------------ src/patches/dhcp/dhcp-PPP.patch | 150 ------ src/patches/dhcp/dhcp-UseMulticast.patch | 241 --------- src/patches/dhcp/dhcp-add_timeout_when_NULL.patch | 14 - src/patches/dhcp/dhcp-capability.patch | 250 --------- .../dhcp/dhcp-default-requested-options.patch | 44 -- .../dhcp/dhcp-dhclient-decline-backoff.patch | 63 --- src/patches/dhcp/dhcp-dhclient-options.patch | 509 ------------------ src/patches/dhcp/dhcp-errwarn-message.patch | 22 - src/patches/dhcp/dhcp-garbage-chars.patch | 12 - src/patches/dhcp/dhcp-gpxe-cid.patch | 73 --- src/patches/dhcp/dhcp-honor-expired.patch | 49 -- src/patches/dhcp/dhcp-improved-xid.patch | 138 ----- src/patches/dhcp/dhcp-logpid.patch | 11 - src/patches/dhcp/dhcp-lpf-ib.patch | 585 --------------------- src/patches/dhcp/dhcp-manpages.patch | 157 ------ src/patches/dhcp/dhcp-paranoia.patch | 156 ------ src/patches/dhcp/dhcp-paths.patch | 44 -- src/patches/dhcp/dhcp-release-by-ifup.patch | 85 --- src/patches/dhcp/dhcp-remove-bind.patch | 192 ------- .../dhcp-rfc3442-classless-static-routes.patch | 405 -------------- src/patches/dhcp/dhcp-sendDecline.patch | 231 -------- src/patches/dhcp/dhcp-sharedlib.patch | 107 ---- src/patches/dhcp/dhcp-stateless-DUID-LLT.patch | 48 -- src/patches/dhcp/dhcp-unicast-bootp.patch | 101 ---- src/patches/dhcp/dhcp-xen-checksum.patch | 251 --------- 29 files changed, 7 insertions(+), 4391 deletions(-) delete mode 100644 src/patches/dhcp/dhcp-64_bit_lease_parse.patch delete mode 100644 src/patches/dhcp/dhcp-CLOEXEC.patch delete mode 100644 src/patches/dhcp/dhcp-PPP.patch delete mode 100644 src/patches/dhcp/dhcp-UseMulticast.patch delete mode 100644 src/patches/dhcp/dhcp-add_timeout_when_NULL.patch delete mode 100644 src/patches/dhcp/dhcp-capability.patch delete mode 100644 src/patches/dhcp/dhcp-default-requested-options.patch delete mode 100644 src/patches/dhcp/dhcp-dhclient-decline-backoff.patch delete mode 100644 src/patches/dhcp/dhcp-dhclient-options.patch delete mode 100644 src/patches/dhcp/dhcp-errwarn-message.patch delete mode 100644 src/patches/dhcp/dhcp-garbage-chars.patch delete mode 100644 src/patches/dhcp/dhcp-gpxe-cid.patch delete mode 100644 src/patches/dhcp/dhcp-honor-expired.patch delete mode 100644 src/patches/dhcp/dhcp-improved-xid.patch delete mode 100644 src/patches/dhcp/dhcp-logpid.patch delete mode 100644 src/patches/dhcp/dhcp-lpf-ib.patch delete mode 100644 src/patches/dhcp/dhcp-manpages.patch delete mode 100644 src/patches/dhcp/dhcp-paranoia.patch delete mode 100644 src/patches/dhcp/dhcp-paths.patch delete mode 100644 src/patches/dhcp/dhcp-release-by-ifup.patch delete mode 100644 src/patches/dhcp/dhcp-remove-bind.patch delete mode 100644 src/patches/dhcp/dhcp-rfc3442-classless-static-routes.patch delete mode 100644 src/patches/dhcp/dhcp-sendDecline.patch delete mode 100644 src/patches/dhcp/dhcp-sharedlib.patch delete mode 100644 src/patches/dhcp/dhcp-stateless-DUID-LLT.patch delete mode 100644 src/patches/dhcp/dhcp-unicast-bootp.patch delete mode 100644 src/patches/dhcp/dhcp-xen-checksum.patch Difference in files: diff --git a/config/rootfiles/common/dhcp b/config/rootfiles/common/dhcp index ff225a571..9e6d52e4e 100644 --- a/config/rootfiles/common/dhcp +++ b/config/rootfiles/common/dhcp @@ -5,8 +5,6 @@ etc/dhcp/dhcpd.conf #usr/bin/omshell #usr/include/dhcpctl #usr/include/dhcpctl/dhcpctl.h -#usr/include/isc-dhcp -#usr/include/isc-dhcp/dst.h #usr/include/omapip #usr/include/omapip/alloc.h #usr/include/omapip/buffer.h @@ -17,8 +15,8 @@ etc/dhcp/dhcpd.conf #usr/include/omapip/omapip_p.h #usr/include/omapip/result.h #usr/include/omapip/trace.h +#usr/lib/libdhcp.a #usr/lib/libdhcpctl.a -#usr/lib/libdst.a #usr/lib/libomapi.a #usr/sbin/dhclient usr/sbin/dhcpd diff --git a/lfs/dhcp b/lfs/dhcp index 262a25129..a055d6081 100644 --- a/lfs/dhcp +++ b/lfs/dhcp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2015 IPFire Team # +# Copyright (C) 2007-2018 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 4.3.1 +VER = 4.4.1 THISAPP = dhcp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = b3a42ece3c7f2cd2e74a3e12ca881d20 +$(DL_FILE)_MD5 = 18c7f4dcbb0a63df25098216d47b1ede install : $(TARGET) @@ -71,47 +71,20 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-remove-bind.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-errwarn-message.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-dhclient-options.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-release-by-ifup.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-unicast-bootp.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-default-requested-options.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-xen-checksum.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-manpages.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-paths.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-CLOEXEC.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-garbage-chars.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-64_bit_lease_parse.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-capability.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-logpid.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-UseMulticast.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-sendDecline.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-rfc3442-classless-static-routes.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-honor-expired.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-sharedlib.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-PPP.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-paranoia.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-lpf-ib.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-improved-xid.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-gpxe-cid.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-stateless-DUID-LLT.patch - # Help unpacking bundled BIND - cd $(DIR_APP) && sed -e "s/gunzip -c/&d/" -i bind/Makefile + cd $(DIR_APP) && sed -e "s/gunzip -c/&d/" -i bind/Makefile.in cd $(DIR_APP) && \ ./configure \ --prefix=/usr \ --sysconfdir=/etc/dhcp \ + --with-srv-conf-file=/etc/dhcp/dhcpd.conf \ --with-srv-lease-file=/var/state/dhcp/dhcpd.leases \ --enable-paranoia \ --enable-early-chroot \ --disable-dhcpv6 - cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make cd $(DIR_APP) && make install mkdir -pv /var/state/dhcp diff --git a/src/patches/dhcp/dhcp-64_bit_lease_parse.patch b/src/patches/dhcp/dhcp-64_bit_lease_parse.patch deleted file mode 100644 index a07b5b032..000000000 --- a/src/patches/dhcp/dhcp-64_bit_lease_parse.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff -up dhcp-4.3.0a1/common/parse.c.64-bit_lease_parse dhcp-4.3.0a1/common/parse.c ---- dhcp-4.3.0a1/common/parse.c.64-bit_lease_parse 2013-12-11 01:25:12.000000000 +0100 -+++ dhcp-4.3.0a1/common/parse.c 2013-12-19 15:45:25.990771814 +0100 -@@ -938,8 +938,8 @@ TIME - parse_date_core(cfile) - struct parse *cfile; - { -- int guess; -- int tzoff, year, mon, mday, hour, min, sec; -+ TIME guess; -+ long int tzoff, year, mon, mday, hour, min, sec; - const char *val; - enum dhcp_token token; - static int months[11] = { 31, 59, 90, 120, 151, 181, -@@ -965,7 +965,7 @@ parse_date_core(cfile) - } - - skip_token(&val, NULL, cfile); /* consume number */ -- guess = atoi(val); -+ guess = atol(val); - - return((TIME)guess); - } -@@ -993,7 +993,7 @@ parse_date_core(cfile) - somebody invents a time machine, I think we can safely disregard - it. This actually works around a stupid Y2K bug that was present - in a very early beta release of dhcpd. */ -- year = atoi(val); -+ year = atol(val); - if (year > 1900) - year -= 1900; - -@@ -1039,7 +1039,7 @@ parse_date_core(cfile) - return((TIME)0); - } - skip_token(&val, NULL, cfile); /* consume day of month */ -- mday = atoi(val); -+ mday = atol(val); - - /* Hour... */ - token = peek_token(&val, NULL, cfile); -@@ -1050,7 +1050,7 @@ parse_date_core(cfile) - return((TIME)0); - } - skip_token(&val, NULL, cfile); /* consume hour */ -- hour = atoi(val); -+ hour = atol(val); - - /* Colon separating hour from minute... */ - token = peek_token(&val, NULL, cfile); -@@ -1072,7 +1072,7 @@ parse_date_core(cfile) - return((TIME)0); - } - skip_token(&val, NULL, cfile); /* consume minute */ -- min = atoi(val); -+ min = atol(val); - - /* Colon separating minute from second... */ - token = peek_token(&val, NULL, cfile); -@@ -1094,13 +1094,13 @@ parse_date_core(cfile) - return((TIME)0); - } - skip_token(&val, NULL, cfile); /* consume second */ -- sec = atoi(val); -+ sec = atol(val); - - tzoff = 0; - token = peek_token(&val, NULL, cfile); - if (token == NUMBER) { - skip_token(&val, NULL, cfile); /* consume tzoff */ -- tzoff = atoi(val); -+ tzoff = atol(val); - } else if (token != SEMI) { - skip_token(&val, NULL, cfile); - parse_warn(cfile, diff --git a/src/patches/dhcp/dhcp-CLOEXEC.patch b/src/patches/dhcp/dhcp-CLOEXEC.patch deleted file mode 100644 index 722865e4f..000000000 --- a/src/patches/dhcp/dhcp-CLOEXEC.patch +++ /dev/null @@ -1,342 +0,0 @@ -diff -up dhcp-4.3.0a1/client/clparse.c.cloexec dhcp-4.3.0a1/client/clparse.c ---- dhcp-4.3.0a1/client/clparse.c.cloexec 2013-12-19 15:34:41.638886256 +0100 -+++ dhcp-4.3.0a1/client/clparse.c 2013-12-19 15:34:41.657885985 +0100 -@@ -253,7 +253,7 @@ int read_client_conf_file (const char *n - int token; - isc_result_t status; - -- if ((file = open (name, O_RDONLY)) < 0) -+ if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0) - return uerr2isc (errno); - - cfile = NULL; -@@ -290,7 +290,7 @@ void read_client_leases () - - /* Open the lease file. If we can't open it, just return - - we can safely trust the server to remember our state. */ -- if ((file = open (path_dhclient_db, O_RDONLY)) < 0) -+ if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0) - return; - - cfile = NULL; -diff -up dhcp-4.3.0a1/client/dhclient.c.cloexec dhcp-4.3.0a1/client/dhclient.c ---- dhcp-4.3.0a1/client/dhclient.c.cloexec 2013-12-19 15:34:41.629886384 +0100 -+++ dhcp-4.3.0a1/client/dhclient.c 2013-12-19 15:36:41.608180467 +0100 -@@ -148,11 +148,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0 (stdin), 1, (stdout), and - 2 (stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) -@@ -504,7 +504,7 @@ main(int argc, char **argv) { - long temp; - int e; - -- if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) { -+ if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) { - e = fscanf(pidfd, "%ld\n", &temp); - oldpid = (pid_t)temp; - -@@ -554,7 +554,7 @@ main(int argc, char **argv) { - strncpy(new_path_dhclient_pid, path_dhclient_pid, pfx); - sprintf(new_path_dhclient_pid + pfx, "-%s.pid", ip->name); - -- if ((pidfd = fopen(new_path_dhclient_pid, "r")) != NULL) { -+ if ((pidfd = fopen(new_path_dhclient_pid, "re")) != NULL) { - e = fscanf(pidfd, "%ld\n", &temp); - oldpid = (pid_t)temp; - -@@ -579,7 +579,7 @@ main(int argc, char **argv) { - int dhc_running = 0; - char procfn[256] = ""; - -- if ((pidfp = fopen(path_dhclient_pid, "r")) != NULL) { -+ if ((pidfp = fopen(path_dhclient_pid, "re")) != NULL) { - if ((fscanf(pidfp, "%ld", &temp)==1) && ((dhcpid=(pid_t)temp) > 0)) { - snprintf(procfn,256,"/proc/%u",dhcpid); - dhc_running = (access(procfn, F_OK) == 0); -@@ -3077,7 +3077,7 @@ void rewrite_client_leases () - - if (leaseFile != NULL) - fclose (leaseFile); -- leaseFile = fopen (path_dhclient_db, "w"); -+ leaseFile = fopen (path_dhclient_db, "we"); - if (leaseFile == NULL) { - log_error ("can't create %s: %m", path_dhclient_db); - return; -@@ -3261,7 +3261,7 @@ write_duid(struct data_string *duid) - return DHCP_R_INVALIDARG; - - if (leaseFile == NULL) { /* XXX? */ -- leaseFile = fopen(path_dhclient_db, "w"); -+ leaseFile = fopen(path_dhclient_db, "we"); - if (leaseFile == NULL) { - log_error("can't create %s: %m", path_dhclient_db); - return ISC_R_IOERROR; -@@ -3441,7 +3441,7 @@ int write_client_lease (client, lease, r - return 1; - - if (leaseFile == NULL) { /* XXX */ -- leaseFile = fopen (path_dhclient_db, "w"); -+ leaseFile = fopen (path_dhclient_db, "we"); - if (leaseFile == NULL) { - log_error ("can't create %s: %m", path_dhclient_db); - return 0; -@@ -3952,9 +3952,9 @@ void go_daemon () - (void) close(2); - - /* Reopen them on /dev/null. */ -- (void) open("/dev/null", O_RDWR); -- (void) open("/dev/null", O_RDWR); -- (void) open("/dev/null", O_RDWR); -+ (void) open("/dev/null", O_RDWR | O_CLOEXEC); -+ (void) open("/dev/null", O_RDWR | O_CLOEXEC); -+ (void) open("/dev/null", O_RDWR | O_CLOEXEC); - - write_client_pid_file (); - -@@ -3971,14 +3971,14 @@ void write_client_pid_file () - return; - } - -- pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY, 0644); -+ pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); - - if (pfdesc < 0) { - log_error ("Can't create %s: %m", path_dhclient_pid); - return; - } - -- pf = fdopen (pfdesc, "w"); -+ pf = fdopen (pfdesc, "we"); - if (!pf) { - close(pfdesc); - log_error ("Can't fdopen %s: %m", path_dhclient_pid); -diff -up dhcp-4.3.0a1/common/bpf.c.cloexec dhcp-4.3.0a1/common/bpf.c ---- dhcp-4.3.0a1/common/bpf.c.cloexec 2013-12-19 15:34:41.640886227 +0100 -+++ dhcp-4.3.0a1/common/bpf.c 2013-12-19 15:34:41.661885928 +0100 -@@ -95,7 +95,7 @@ int if_register_bpf (info) - for (b = 0; 1; b++) { - /* %Audit% 31 bytes max. %2004.06.17,Safe% */ - sprintf(filename, BPF_FORMAT, b); -- sock = open (filename, O_RDWR, 0); -+ sock = open (filename, O_RDWR | O_CLOEXEC, 0); - if (sock < 0) { - if (errno == EBUSY) { - continue; -diff -up dhcp-4.3.0a1/common/dlpi.c.cloexec dhcp-4.3.0a1/common/dlpi.c ---- dhcp-4.3.0a1/common/dlpi.c.cloexec 2013-12-19 15:34:41.641886213 +0100 -+++ dhcp-4.3.0a1/common/dlpi.c 2013-12-19 15:34:41.662885914 +0100 -@@ -804,7 +804,7 @@ dlpiopen(const char *ifname) { - } - *dp = '\0'; - -- return open (devname, O_RDWR, 0); -+ return open (devname, O_RDWR | O_CLOEXEC, 0); - } - - /* -diff -up dhcp-4.3.0a1/common/nit.c.cloexec dhcp-4.3.0a1/common/nit.c ---- dhcp-4.3.0a1/common/nit.c.cloexec 2013-12-19 15:34:41.642886199 +0100 -+++ dhcp-4.3.0a1/common/nit.c 2013-12-19 15:34:41.662885914 +0100 -@@ -81,7 +81,7 @@ int if_register_nit (info) - struct strioctl sio; - - /* Open a NIT device */ -- sock = open ("/dev/nit", O_RDWR); -+ sock = open ("/dev/nit", O_RDWR | O_CLOEXEC); - if (sock < 0) - log_fatal ("Can't open NIT device for %s: %m", info -> name); - -diff -up dhcp-4.3.0a1/common/resolv.c.cloexec dhcp-4.3.0a1/common/resolv.c ---- dhcp-4.3.0a1/common/resolv.c.cloexec 2013-12-11 01:25:12.000000000 +0100 -+++ dhcp-4.3.0a1/common/resolv.c 2013-12-19 15:34:41.663885900 +0100 -@@ -50,7 +50,7 @@ void read_resolv_conf (parse_time) - struct domain_search_list *dp, *dl, *nd; - isc_result_t status; - -- if ((file = open (path_resolv_conf, O_RDONLY)) < 0) { -+ if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) { - log_error ("Can't open %s: %m", path_resolv_conf); - return; - } -diff -up dhcp-4.3.0a1/common/upf.c.cloexec dhcp-4.3.0a1/common/upf.c ---- dhcp-4.3.0a1/common/upf.c.cloexec 2013-12-19 15:34:41.642886199 +0100 -+++ dhcp-4.3.0a1/common/upf.c 2013-12-19 15:34:41.663885900 +0100 -@@ -77,7 +77,7 @@ int if_register_upf (info) - /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ - sprintf(filename, "/dev/pf/pfilt%d", b); - -- sock = open (filename, O_RDWR, 0); -+ sock = open (filename, O_RDWR | O_CLOEXEC, 0); - if (sock < 0) { - if (errno == EBUSY) { - continue; -diff -up dhcp-4.3.0a1/omapip/trace.c.cloexec dhcp-4.3.0a1/omapip/trace.c ---- dhcp-4.3.0a1/omapip/trace.c.cloexec 2013-12-11 01:01:03.000000000 +0100 -+++ dhcp-4.3.0a1/omapip/trace.c 2013-12-19 15:34:41.663885900 +0100 -@@ -142,10 +142,10 @@ isc_result_t trace_begin (const char *fi - return DHCP_R_INVALIDARG; - } - -- traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600); -+ traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600); - if (traceoutfile < 0 && errno == EEXIST) { - log_error ("WARNING: Overwriting trace file \"%s\"", filename); -- traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC, -+ traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC | O_CLOEXEC, - 0600); - } - -@@ -433,7 +433,7 @@ void trace_file_replay (const char *file - isc_result_t result; - int len; - -- traceinfile = fopen (filename, "r"); -+ traceinfile = fopen (filename, "re"); - if (!traceinfile) { - log_error("Can't open tracefile %s: %m", filename); - return; -diff -up dhcp-4.3.0a1/relay/dhcrelay.c.cloexec dhcp-4.3.0a1/relay/dhcrelay.c ---- dhcp-4.3.0a1/relay/dhcrelay.c.cloexec 2013-12-13 22:26:21.000000000 +0100 -+++ dhcp-4.3.0a1/relay/dhcrelay.c 2013-12-19 15:34:41.664885886 +0100 -@@ -193,11 +193,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0(stdin), 1,(stdout), and - 2(stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) -@@ -564,13 +564,13 @@ main(int argc, char **argv) { - - if (no_pid_file == ISC_FALSE) { - pfdesc = open(path_dhcrelay_pid, -- O_CREAT | O_TRUNC | O_WRONLY, 0644); -+ O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); - - if (pfdesc < 0) { - log_error("Can't create %s: %m", - path_dhcrelay_pid); - } else { -- pf = fdopen(pfdesc, "w"); -+ pf = fdopen(pfdesc, "we"); - if (!pf) - log_error("Can't fdopen %s: %m", - path_dhcrelay_pid); -diff -up dhcp-4.3.0a1/server/confpars.c.cloexec dhcp-4.3.0a1/server/confpars.c ---- dhcp-4.3.0a1/server/confpars.c.cloexec 2013-12-11 01:25:12.000000000 +0100 -+++ dhcp-4.3.0a1/server/confpars.c 2013-12-19 15:34:41.665885871 +0100 -@@ -117,7 +117,7 @@ isc_result_t read_conf_file (const char - } - #endif - -- if ((file = open (filename, O_RDONLY)) < 0) { -+ if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) { - if (leasep) { - log_error ("Can't open lease database %s: %m --", - path_dhcpd_db); -diff -up dhcp-4.3.0a1/server/db.c.cloexec dhcp-4.3.0a1/server/db.c ---- dhcp-4.3.0a1/server/db.c.cloexec 2013-12-11 01:25:12.000000000 +0100 -+++ dhcp-4.3.0a1/server/db.c 2013-12-19 15:34:41.666885857 +0100 -@@ -1081,7 +1081,7 @@ void db_startup (testp) - } - #endif - if (!testp) { -- db_file = fopen (path_dhcpd_db, "a"); -+ db_file = fopen (path_dhcpd_db, "ae"); - if (!db_file) - log_fatal ("Can't open %s for append.", path_dhcpd_db); - expire_all_pools (); -@@ -1129,12 +1129,12 @@ int new_lease_file () - path_dhcpd_db, (int)t) >= sizeof newfname) - log_fatal("new_lease_file: lease file path too long"); - -- db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664); -+ db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0664); - if (db_fd < 0) { - log_error ("Can't create new lease file: %m"); - return 0; - } -- if ((new_db_file = fdopen(db_fd, "w")) == NULL) { -+ if ((new_db_file = fdopen(db_fd, "we")) == NULL) { - log_error("Can't fdopen new lease file: %m"); - close(db_fd); - goto fdfail; -diff -up dhcp-4.3.0a1/server/dhcpd.c.cloexec dhcp-4.3.0a1/server/dhcpd.c ---- dhcp-4.3.0a1/server/dhcpd.c.cloexec 2013-12-13 22:26:01.000000000 +0100 -+++ dhcp-4.3.0a1/server/dhcpd.c 2013-12-19 15:37:17.258674472 +0100 -@@ -193,11 +193,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0 (stdin), 1, (stdout), and - 2 (stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) -@@ -716,7 +716,7 @@ main(int argc, char **argv) { - */ - if (no_pid_file == ISC_FALSE) { - /*Read previous pid file. */ -- if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) { -+ if ((i = open (path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) { - status = read(i, pbuf, (sizeof pbuf) - 1); - close (i); - if (status > 0) { -@@ -735,7 +735,7 @@ main(int argc, char **argv) { - } - - /* Write new pid file. */ -- i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644); -+ i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); - if (i >= 0) { - sprintf(pbuf, "%d\n", (int) getpid()); - IGNORE_RET (write(i, pbuf, strlen(pbuf))); -@@ -763,9 +763,9 @@ main(int argc, char **argv) { - (void) close(2); - - /* Reopen them on /dev/null. */ -- (void) open("/dev/null", O_RDWR); -- (void) open("/dev/null", O_RDWR); -- (void) open("/dev/null", O_RDWR); -+ (void) open("/dev/null", O_RDWR | O_CLOEXEC); -+ (void) open("/dev/null", O_RDWR | O_CLOEXEC); -+ (void) open("/dev/null", O_RDWR | O_CLOEXEC); - log_perror = 0; /* No sense logging to /dev/null. */ - - IGNORE_RET (chdir("/")); -diff -up dhcp-4.3.0a1/server/ldap.c.cloexec dhcp-4.3.0a1/server/ldap.c ---- dhcp-4.3.0a1/server/ldap.c.cloexec 2013-12-11 01:25:12.000000000 +0100 -+++ dhcp-4.3.0a1/server/ldap.c 2013-12-19 15:34:41.667885843 +0100 -@@ -684,7 +684,7 @@ ldap_start (void) - - if (ldap_debug_file != NULL && ldap_debug_fd == -1) - { -- if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY, -+ if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, - S_IRUSR | S_IWUSR)) < 0) - log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, - strerror (errno)); diff --git a/src/patches/dhcp/dhcp-PPP.patch b/src/patches/dhcp/dhcp-PPP.patch deleted file mode 100644 index 5d022e432..000000000 --- a/src/patches/dhcp/dhcp-PPP.patch +++ /dev/null @@ -1,150 +0,0 @@ -diff -up dhcp-4.3.1b1/client/dhc6.c.mRfpsB dhcp-4.3.1b1/client/dhc6.c ---- dhcp-4.3.1b1/client/dhc6.c.mRfpsB 2014-07-10 17:48:03.779424870 +0200 -+++ dhcp-4.3.1b1/client/dhc6.c 2014-07-10 17:48:03.795424644 +0200 -@@ -5088,7 +5088,8 @@ make_client6_options(struct client_state - */ - if ((oc = lookup_option(&dhcpv6_universe, *op, - D6O_CLIENTID)) == NULL) { -- if (!option_cache(&oc, &default_duid, NULL, clientid_option, -+ if (default_duid.len == 0 || -+ !option_cache(&oc, &default_duid, NULL, clientid_option, - MDL)) - log_fatal("Failure assembling a DUID."); - -diff -up dhcp-4.3.1b1/client/dhclient.c.mRfpsB dhcp-4.3.1b1/client/dhclient.c ---- dhcp-4.3.1b1/client/dhclient.c.mRfpsB 2014-07-10 17:39:25.853763858 +0200 -+++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:49:49.882925843 +0200 -@@ -948,8 +948,8 @@ main(int argc, char **argv) { - if (default_duid.buffer != NULL) - data_string_forget(&default_duid, MDL); - -- form_duid(&default_duid, MDL); -- write_duid(&default_duid); -+ if (form_duid(&default_duid, MDL) == ISC_R_SUCCESS) -+ write_duid(&default_duid); - } - } - -@@ -3267,7 +3267,7 @@ write_options(struct client_state *clien - * is not how it is intended. Upcoming rearchitecting the client should - * address this "one daemon model." - */ --void -+isc_result_t - form_duid(struct data_string *duid, const char *file, int line) - { - struct interface_info *ip; -@@ -3280,6 +3280,15 @@ form_duid(struct data_string *duid, cons - if (ip == NULL) - log_fatal("Impossible condition at %s:%d.", MDL); - -+ while (ip && ip->hw_address.hbuf[0] == HTYPE_RESERVED) { -+ /* Try the other interfaces */ -+ log_debug("Cannot form default DUID from interface %s.", ip->name); -+ ip = ip->next; -+ } -+ if (ip == NULL) { -+ return ISC_R_UNEXPECTED; -+ } -+ - if ((ip->hw_address.hlen == 0) || - (ip->hw_address.hlen > sizeof(ip->hw_address.hbuf))) - log_fatal("Impossible hardware address length at %s:%d.", MDL); -@@ -3323,6 +3332,8 @@ form_duid(struct data_string *duid, cons - log_info("Created duid %s.", str); - dfree(str, MDL); - } -+ -+ return ISC_R_SUCCESS; - } - - /* Write the default DUID to the lease store. */ -diff -up dhcp-4.3.1b1/common/bpf.c.mRfpsB dhcp-4.3.1b1/common/bpf.c ---- dhcp-4.3.1b1/common/bpf.c.mRfpsB 2014-07-10 17:39:25.797764653 +0200 -+++ dhcp-4.3.1b1/common/bpf.c 2014-07-10 17:48:03.797424616 +0200 -@@ -600,6 +600,22 @@ get_hw_addr(const char *name, struct har - memcpy(&hw->hbuf[1], LLADDR(sa), sa->sdl_alen); - break; - #endif /* IFT_FDDI */ -+#if defined(IFT_PPP) -+ case IFT_PPP: -+ if (local_family != AF_INET6) -+ log_fatal("Unsupported device type %d for \"%s\"", -+ sa->sdl_type, name); -+ hw->hlen = 0; -+ hw->hbuf[0] = HTYPE_RESERVED; -+ /* 0xdeadbeef should never occur on the wire, -+ * and is a signature that something went wrong. -+ */ -+ hw->hbuf[1] = 0xde; -+ hw->hbuf[2] = 0xad; -+ hw->hbuf[3] = 0xbe; -+ hw->hbuf[4] = 0xef; -+ break; -+#endif - default: - log_fatal("Unsupported device type %d for \"%s\"", - sa->sdl_type, name); -diff -up dhcp-4.3.1b1/common/lpf.c.mRfpsB dhcp-4.3.1b1/common/lpf.c ---- dhcp-4.3.1b1/common/lpf.c.mRfpsB 2014-07-10 17:39:25.744765404 +0200 -+++ dhcp-4.3.1b1/common/lpf.c 2014-07-10 17:48:03.797424616 +0200 -@@ -511,6 +511,22 @@ get_hw_addr(const char *name, struct har - hw->hbuf[0] = HTYPE_FDDI; - memcpy(&hw->hbuf[1], sa->sa_data, 6); - break; -+#if defined(ARPHRD_PPP) -+ case ARPHRD_PPP: -+ if (local_family != AF_INET6) -+ log_fatal("Unsupported device type %d for \"%s\"", -+ sa->sa_family, name); -+ hw->hlen = 0; -+ hw->hbuf[0] = HTYPE_RESERVED; -+ /* 0xdeadbeef should never occur on the wire, -+ * and is a signature that something went wrong. -+ */ -+ hw->hbuf[1] = 0xde; -+ hw->hbuf[2] = 0xad; -+ hw->hbuf[3] = 0xbe; -+ hw->hbuf[4] = 0xef; -+ break; -+#endif - default: - log_fatal("Unsupported device type %ld for \"%s\"", - (long int)sa->sa_family, name); -diff -up dhcp-4.3.1b1/includes/dhcpd.h.mRfpsB dhcp-4.3.1b1/includes/dhcpd.h ---- dhcp-4.3.1b1/includes/dhcpd.h.mRfpsB 2014-07-10 17:48:03.761425124 +0200 -+++ dhcp-4.3.1b1/includes/dhcpd.h 2014-07-10 17:48:03.798424601 +0200 -@@ -2839,7 +2839,7 @@ void client_dns_remove(struct client_sta - - void dhcpv4_client_assignments(void); - void dhcpv6_client_assignments(void); --void form_duid(struct data_string *duid, const char *file, int line); -+isc_result_t form_duid(struct data_string *duid, const char *file, int line); - - /* dhc6.c */ - void dhc6_lease_destroy(struct dhc6_lease **src, const char *file, int line); -diff -up dhcp-4.3.1b1/includes/dhcp.h.mRfpsB dhcp-4.3.1b1/includes/dhcp.h ---- dhcp-4.3.1b1/includes/dhcp.h.mRfpsB 2014-07-10 17:48:03.761425124 +0200 -+++ dhcp-4.3.1b1/includes/dhcp.h 2014-07-10 17:48:03.798424601 +0200 -@@ -81,6 +81,8 @@ struct dhcp_packet { - * is no standard for this so we - * just steal a type */ - -+#define HTYPE_RESERVED 0 /* RFC 5494 */ -+ - /* Magic cookie validating dhcp options field (and bootp vendor - extensions field). */ - #define DHCP_OPTIONS_COOKIE "\143\202\123\143" -diff -up dhcp-4.3.1b1/server/dhcpv6.c.mRfpsB dhcp-4.3.1b1/server/dhcpv6.c ---- dhcp-4.3.1b1/server/dhcpv6.c.mRfpsB 2014-07-10 17:47:31.464881409 +0200 -+++ dhcp-4.3.1b1/server/dhcpv6.c 2014-07-10 17:48:03.800424573 +0200 -@@ -330,6 +330,9 @@ generate_new_server_duid(void) { - if (p->hw_address.hlen > 0) { - break; - } -+ if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) { -+ log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!"); -+ } - } - if (p == NULL) { - return ISC_R_UNEXPECTED; diff --git a/src/patches/dhcp/dhcp-UseMulticast.patch b/src/patches/dhcp/dhcp-UseMulticast.patch deleted file mode 100644 index ee0ea6b9a..000000000 --- a/src/patches/dhcp/dhcp-UseMulticast.patch +++ /dev/null @@ -1,241 +0,0 @@ -diff -up dhcp-4.3.1b1/server/dhcpv6.c.UseMulticast dhcp-4.3.1b1/server/dhcpv6.c ---- dhcp-4.3.1b1/server/dhcpv6.c.UseMulticast 2014-07-02 19:58:40.000000000 +0200 -+++ dhcp-4.3.1b1/server/dhcpv6.c 2014-07-10 18:20:03.066256219 +0200 -@@ -376,6 +376,48 @@ generate_new_server_duid(void) { - } - - /* -+ * Is the D6O_UNICAST option defined in dhcpd.conf ? -+ */ -+static isc_boolean_t unicast_option_defined; -+ -+/* -+ * Did we already search dhcpd.conf for D6O_UNICAST option ? -+ * We need to store it here to not parse dhcpd.conf repeatedly. -+ */ -+static isc_boolean_t unicast_option_parsed = ISC_FALSE; -+ -+ -+/* -+ * Is the D6O_UNICAST option defined in dhcpd.conf ? -+ */ -+isc_boolean_t -+is_unicast_option_defined(void) { -+ struct option_state *opt_state; -+ struct option_cache *oc; -+ -+ /* -+ * If we are looking for the unicast option for the first time -+ */ -+ if (unicast_option_parsed == ISC_FALSE) { -+ unicast_option_parsed = ISC_TRUE; -+ opt_state = NULL; -+ if (!option_state_allocate(&opt_state, MDL)) { -+ log_fatal("No memory for option state."); -+ } -+ -+ execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, -+ opt_state, &global_scope, root_group, NULL, NULL); -+ -+ oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST); -+ unicast_option_defined = (oc != NULL); -+ -+ option_state_dereference(&opt_state, MDL); -+ } -+ -+ return (unicast_option_defined); -+} -+ -+/* - * Get the client identifier from the packet. - */ - isc_result_t -@@ -706,6 +748,12 @@ static const int required_opts[] = { - D6O_PREFERENCE, - 0 - }; -+static const int required_opts_NAA[] = { -+ D6O_CLIENTID, -+ D6O_SERVERID, -+ D6O_STATUS_CODE, -+ 0 -+}; - static const int required_opts_solicit[] = { - D6O_CLIENTID, - D6O_SERVERID, -@@ -1587,6 +1635,56 @@ lease_to_client(struct data_string *repl - reply.shared->group, NULL); - } - -+ /* reject unicast message, unless we set unicast option */ -+ if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) -+ /* -+ * RFC3315 section 18.2.1 (Request): -+ * -+ * When the server receives a Request message via unicast from a client -+ * to which the server has not sent a unicast option, the server -+ * discards the Request message and responds with a Reply message -+ * containing a Status Code option with the value UseMulticast, a Server -+ * Identifier option containing the server's DUID, the Client Identifier -+ * option from the client message, and no other options. -+ * -+ * Section 18.2.3 (Renew): -+ * -+ * When the server receives a Renew message via unicast from a client to -+ * which the server has not sent a unicast option, the server discards -+ * the Renew message and responds with a Reply message containing a -+ * Status Code option with the value UseMulticast, a Server Identifier -+ * option containing the server's DUID, the Client Identifier option -+ * from the client message, and no other options. -+ */ -+ { -+ /* Set the UseMulticast status code. */ -+ if (!set_status_code(STATUS_UseMulticast, -+ "Unicast not allowed by server.", -+ reply.opt_state)) { -+ log_error("lease_to_client: Unable to set " -+ "UseMulticast status code."); -+ goto exit; -+ } -+ -+ /* Rewind the cursor to the start. */ -+ reply.cursor = REPLY_OPTIONS_INDEX; -+ -+ /* -+ * Produce an reply that includes only: -+ * -+ * Status code. -+ * Server DUID. -+ * Client DUID. -+ */ -+ reply.cursor += store_options6((char *)reply.buf.data + -+ reply.cursor, -+ sizeof(reply.buf) - -+ reply.cursor, -+ reply.opt_state, reply.packet, -+ required_opts_NAA, -+ NULL); -+ } -+ - /* - * RFC3315 section 17.2.2 (Solicit): - * -@@ -1619,6 +1717,7 @@ lease_to_client(struct data_string *repl - * Having stored the client's IA's, store any options that - * will fit in the remaining space. - */ -+ else - reply.cursor += store_options6((char *)reply.buf.data + reply.cursor, - sizeof(reply.buf) - reply.cursor, - reply.opt_state, reply.packet, -@@ -4748,7 +4847,6 @@ dhcpv6_solicit(struct data_string *reply - * Very similar to Solicit handling, except the server DUID is required. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - static void - dhcpv6_request(struct data_string *reply_ret, struct packet *packet) { - struct data_string client_id; -@@ -5078,7 +5176,6 @@ exit: - * except for the error code of when addresses don't match. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - static void - dhcpv6_renew(struct data_string *reply, struct packet *packet) { - struct data_string client_id; -@@ -5322,18 +5419,60 @@ iterate_over_ia_na(struct data_string *r - goto exit; - } - -- snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type); -- if (!set_status_code(STATUS_Success, status_msg, opt_state)) { -- goto exit; -- } -+ /* reject unicast message, unless we set unicast option */ -+ if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) { -+ /* -+ * RFC3315 section 18.2.6 (Release): -+ * -+ * When the server receives a Release message via unicast from a client -+ * to which the server has not sent a unicast option, the server -+ * discards the Release message and responds with a Reply message -+ * containing a Status Code option with value UseMulticast, a Server -+ * Identifier option containing the server's DUID, the Client Identifier -+ * option from the client message, and no other options. -+ * -+ * Section 18.2.7 (Decline): -+ * -+ * When the server receives a Decline message via unicast from a client -+ * to which the server has not sent a unicast option, the server -+ * discards the Decline message and responds with a Reply message -+ * containing a Status Code option with the value UseMulticast, a Server -+ * Identifier option containing the server's DUID, the Client Identifier -+ * option from the client message, and no other options. -+ */ -+ snprintf(status_msg, sizeof(status_msg), -+ "%s received unicast.", packet_type); -+ if (!set_status_code(STATUS_UseMulticast, status_msg, opt_state)) { -+ goto exit; -+ } - -- /* -- * Add our options that are not associated with any IA_NA or IA_TA. -- */ -- reply_ofs += store_options6(reply_data+reply_ofs, -- sizeof(reply_data)-reply_ofs, -+ /* -+ * Produce an reply that includes only: -+ * -+ * Status code. -+ * Server DUID. -+ * Client DUID. -+ */ -+ reply_ofs += store_options6(reply_data+reply_ofs, -+ sizeof(reply_data)-reply_ofs, - opt_state, packet, -- required_opts, NULL); -+ required_opts_NAA, NULL); -+ -+ goto return_reply; -+ } else { -+ snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type); -+ if (!set_status_code(STATUS_Success, status_msg, opt_state)) { -+ goto exit; -+ } -+ -+ /* -+ * Add our options that are not associated with any IA_NA or IA_TA. -+ */ -+ reply_ofs += store_options6(reply_data+reply_ofs, -+ sizeof(reply_data)-reply_ofs, -+ opt_state, packet, -+ required_opts, NULL); -+ } - - /* - * Loop through the IA_NA reported by the client, and deal with -@@ -5471,6 +5610,7 @@ iterate_over_ia_na(struct data_string *r - /* - * Return our reply to the caller. - */ -+return_reply: - reply_ret->len = reply_ofs; - reply_ret->buffer = NULL; - if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) { -@@ -5516,7 +5656,6 @@ exit: - * we still need to be aware of this possibility. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - /* TODO: IA_TA */ - static void - dhcpv6_decline(struct data_string *reply, struct packet *packet) { -@@ -5986,7 +6125,6 @@ exit: - * Release means a client is done with the leases. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - static void - dhcpv6_release(struct data_string *reply, struct packet *packet) { - struct data_string client_id; diff --git a/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch b/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch deleted file mode 100644 index 103824c38..000000000 --- a/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -up dhcp-4.3.0a1/common/dispatch.c.dracut dhcp-4.3.0a1/common/dispatch.c ---- dhcp-4.3.0a1/common/dispatch.c.dracut 2013-12-11 01:25:12.000000000 +0100 -+++ dhcp-4.3.0a1/common/dispatch.c 2013-12-19 15:39:50.350505860 +0100 -@@ -210,6 +210,10 @@ void add_timeout (when, where, what, ref - isc_interval_t interval; - isc_time_t expires; - -+ if (when == NULL) { -+ return; -+ } -+ - /* See if this timeout supersedes an existing timeout. */ - t = (struct timeout *)0; - for (q = timeouts; q; q = q->next) { diff --git a/src/patches/dhcp/dhcp-capability.patch b/src/patches/dhcp/dhcp-capability.patch deleted file mode 100644 index 91a1baef5..000000000 --- a/src/patches/dhcp/dhcp-capability.patch +++ /dev/null @@ -1,250 +0,0 @@ -diff -up dhcp-4.3.1b1/client/dhclient.8.zzftXp dhcp-4.3.1b1/client/dhclient.8 ---- dhcp-4.3.1b1/client/dhclient.8.zzftXp 2014-07-10 17:38:26.938599402 +0200 -+++ dhcp-4.3.1b1/client/dhclient.8 2014-07-10 17:39:25.852763873 +0200 -@@ -128,6 +128,9 @@ dhclient - Dynamic Host Configuration Pr - .B -w - ] - [ -+.B -nc -+] -+[ - .B -B - ] - [ -@@ -304,6 +307,32 @@ has been added or removed, so that the c - address on that interface. - - .TP -+.BI \-nc -+Do not drop capabilities. -+ -+Normally, if -+.B dhclient -+was compiled with libcap-ng support, -+.B dhclient -+drops most capabilities immediately upon startup. While more secure, -+this greatly restricts the additional actions that hooks in -+.B dhclient-script (8) -+can take. (For example, any daemons that -+.B dhclient-script (8) -+starts or restarts will inherit the restricted capabilities as well, -+which may interfere with their correct operation.) Thus, the -+.BI \-nc -+option can be used to prevent -+.B dhclient -+from dropping capabilities. -+ -+The -+.BI \-nc -+option is ignored if -+.B dhclient -+was not compiled with libcap-ng support. -+ -+.TP - .BI \-B - Set the BOOTP broadcast flag in request packets so servers will always - broadcast replies. -diff -up dhcp-4.3.1b1/client/dhclient.c.zzftXp dhcp-4.3.1b1/client/dhclient.c ---- dhcp-4.3.1b1/client/dhclient.c.zzftXp 2014-07-10 17:39:25.797764653 +0200 -+++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:39:25.853763858 +0200 -@@ -39,6 +39,10 @@ - #include - #include - -+#ifdef HAVE_LIBCAP_NG -+#include -+#endif -+ - /* - * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define - * that when building ISC code. -@@ -143,6 +147,9 @@ main(int argc, char **argv) { - int timeout_arg = 0; - char *arg_conf = NULL; - int arg_conf_len = 0; -+#ifdef HAVE_LIBCAP_NG -+ int keep_capabilities = 0; -+#endif - - /* Initialize client globals. */ - memset(&default_duid, 0, sizeof(default_duid)); -@@ -425,6 +432,10 @@ main(int argc, char **argv) { - } - - dhclient_request_options = argv[i]; -+ } else if (!strcmp(argv[i], "-nc")) { -+#ifdef HAVE_LIBCAP_NG -+ keep_capabilities = 1; -+#endif - } else if (argv[i][0] == '-') { - usage(); - } else if (interfaces_requested < 0) { -@@ -473,6 +484,19 @@ main(int argc, char **argv) { - path_dhclient_script = s; - } - -+#ifdef HAVE_LIBCAP_NG -+ /* Drop capabilities */ -+ if (!keep_capabilities) { -+ capng_clear(CAPNG_SELECT_CAPS); -+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_DAC_OVERRIDE); // Drop this someday -+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_NET_ADMIN, CAP_NET_RAW, -+ CAP_NET_BIND_SERVICE, CAP_SYS_ADMIN, -1); -+ capng_apply(CAPNG_SELECT_CAPS); -+ } -+#endif -+ - /* Set up the initial dhcp option universe. */ - initialize_common_option_spaces(); - -diff -up dhcp-4.3.1b1/client/dhclient-script.8.zzftXp dhcp-4.3.1b1/client/dhclient-script.8 ---- dhcp-4.3.1b1/client/dhclient-script.8.zzftXp 2014-07-10 17:39:25.761765163 +0200 -+++ dhcp-4.3.1b1/client/dhclient-script.8 2014-07-10 17:39:25.851763887 +0200 -@@ -243,6 +243,16 @@ repeatedly initialized to the values pro - the other. Assuming the information provided by both servers is - valid, this shouldn't cause any real problems, but it could be - confusing. -+.PP -+Normally, if dhclient was compiled with libcap-ng support, -+dhclient drops most capabilities immediately upon startup. -+While more secure, this greatly restricts the additional actions that -+hooks in dhclient-script can take. For example, any daemons that -+dhclient-script starts or restarts will inherit the restricted -+capabilities as well, which may interfere with their correct operation. -+Thus, the -+.BI \-nc -+option can be used to prevent dhclient from dropping capabilities. - .SH SEE ALSO - dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and - dhclient.leases(5). -diff -up dhcp-4.3.1b1/client/Makefile.am.zzftXp dhcp-4.3.1b1/client/Makefile.am ---- dhcp-4.3.1b1/client/Makefile.am.zzftXp 2014-07-10 17:38:10.778828583 +0200 -+++ dhcp-4.3.1b1/client/Makefile.am 2014-07-10 17:39:25.851763887 +0200 -@@ -10,7 +10,7 @@ dhclient_SOURCES = clparse.c dhclient.c - scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ - scripts/netbsd scripts/nextstep scripts/openbsd \ - scripts/solaris scripts/openwrt --dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -+dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \ - $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc - man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 - EXTRA_DIST = $(man_MANS) -diff -up dhcp-4.3.1b1/configure.ac.zzftXp dhcp-4.3.1b1/configure.ac ---- dhcp-4.3.1b1/configure.ac.zzftXp 2014-07-10 17:38:10.779828569 +0200 -+++ dhcp-4.3.1b1/configure.ac 2014-07-10 17:39:25.854763844 +0200 -@@ -499,6 +499,41 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], - # Look for optional headers. - AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) - -+# look for capabilities library -+AC_ARG_WITH(libcap-ng, -+ [ --with-libcap-ng=[auto/yes/no] Add Libcap-ng support [default=auto]],, -+ with_libcap_ng=auto) -+ -+# Check for Libcap-ng API -+# -+# libcap-ng detection -+if test x$with_libcap_ng = xno ; then -+ have_libcap_ng=no; -+else -+ # Start by checking for header file -+ AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no) -+ -+ # See if we have libcap-ng library -+ AC_CHECK_LIB(cap-ng, capng_clear, -+ CAPNG_LDADD=-lcap-ng,) -+ -+ # Check results are usable -+ if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then -+ AC_MSG_ERROR(libcap-ng support was requested and the library was not found) -+ fi -+ if test x$CAPNG_LDADD != x -a $capng_headers = no ; then -+ AC_MSG_ERROR(libcap-ng libraries found but headers are missing) -+ fi -+fi -+AC_SUBST(CAPNG_LDADD) -+AC_MSG_CHECKING(whether to use libcap-ng) -+if test x$CAPNG_LDADD != x ; then -+ AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support]) -+ AC_MSG_RESULT(yes) -+else -+ AC_MSG_RESULT(no) -+fi -+ - # Solaris needs some libraries for functions - AC_SEARCH_LIBS(socket, [socket]) - AC_SEARCH_LIBS(inet_ntoa, [nsl]) -diff -up dhcp-4.3.1b1/relay/dhcrelay.c.zzftXp dhcp-4.3.1b1/relay/dhcrelay.c ---- dhcp-4.3.1b1/relay/dhcrelay.c.zzftXp 2014-07-10 17:39:25.799764624 +0200 -+++ dhcp-4.3.1b1/relay/dhcrelay.c 2014-07-10 17:40:19.191007421 +0200 -@@ -31,6 +31,11 @@ - #include - #include - -+#ifdef HAVE_LIBCAP_NG -+# include -+ int keep_capabilities = 0; -+#endif -+ - TIME default_lease_time = 43200; /* 12 hours... */ - TIME max_lease_time = 86400; /* 24 hours... */ - struct tree_cache *global_options[256]; -@@ -376,6 +381,10 @@ main(int argc, char **argv) { - usage(); - dhcrelay_sub_id = argv[i]; - #endif -+ } else if (!strcmp(argv[i], "-nc")) { -+#ifdef HAVE_LIBCAP_NG -+ keep_capabilities = 1; -+#endif - } else if (!strcmp(argv[i], "-pf")) { - if (++i == argc) - usage(); -@@ -446,6 +455,17 @@ main(int argc, char **argv) { - #endif - } - -+#ifdef HAVE_LIBCAP_NG -+ /* Drop capabilities */ -+ if (!keep_capabilities) { -+ capng_clear(CAPNG_SELECT_BOTH); -+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1); -+ capng_apply(CAPNG_SELECT_BOTH); -+ log_info ("Dropped all unnecessary capabilities."); -+ } -+#endif -+ - if (!quiet) { - log_info("%s %s", message, PACKAGE_VERSION); - log_info(copyright); -@@ -598,6 +618,15 @@ main(int argc, char **argv) { - signal(SIGTERM, dhcp_signal_handler); /* kill */ - #endif - -+#ifdef HAVE_LIBCAP_NG -+ /* Drop all capabilities */ -+ if (!keep_capabilities) { -+ capng_clear(CAPNG_SELECT_BOTH); -+ capng_apply(CAPNG_SELECT_BOTH); -+ log_info ("Dropped all capabilities."); -+ } -+#endif -+ - /* Start dispatching packets and timeouts... */ - dispatch(); - -diff -up dhcp-4.3.1b1/relay/Makefile.am.zzftXp dhcp-4.3.1b1/relay/Makefile.am ---- dhcp-4.3.1b1/relay/Makefile.am.zzftXp 2014-07-10 17:38:10.780828554 +0200 -+++ dhcp-4.3.1b1/relay/Makefile.am 2014-07-10 17:39:25.854763844 +0200 -@@ -2,7 +2,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst - - sbin_PROGRAMS = dhcrelay - dhcrelay_SOURCES = dhcrelay.c --dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -+dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \ - $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc - man_MANS = dhcrelay.8 - EXTRA_DIST = $(man_MANS) diff --git a/src/patches/dhcp/dhcp-default-requested-options.patch b/src/patches/dhcp/dhcp-default-requested-options.patch deleted file mode 100644 index afda222e6..000000000 --- a/src/patches/dhcp/dhcp-default-requested-options.patch +++ /dev/null @@ -1,44 +0,0 @@ -diff -up dhcp-4.3.0a1/client/clparse.c.requested dhcp-4.3.0a1/client/clparse.c ---- dhcp-4.3.0a1/client/clparse.c.requested 2013-12-19 15:13:27.276631307 +0100 -+++ dhcp-4.3.0a1/client/clparse.c 2013-12-19 15:13:27.313630789 +0100 -@@ -37,7 +37,7 @@ - - struct client_config top_level_config; - --#define NUM_DEFAULT_REQUESTED_OPTS 9 -+#define NUM_DEFAULT_REQUESTED_OPTS 14 - struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 1]; - - static void parse_client_default_duid(struct parse *cfile); -@@ -119,6 +119,31 @@ isc_result_t read_client_conf () - option_code_hash_lookup(&default_requested_options[8], - dhcpv6_universe.code_hash, &code, 0, MDL); - -+ /* 10 */ -+ code = DHO_NIS_DOMAIN; -+ option_code_hash_lookup(&default_requested_options[9], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ -+ /* 11 */ -+ code = DHO_NIS_SERVERS; -+ option_code_hash_lookup(&default_requested_options[10], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ -+ /* 12 */ -+ code = DHO_NTP_SERVERS; -+ option_code_hash_lookup(&default_requested_options[11], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ -+ /* 13 */ -+ code = DHO_INTERFACE_MTU; -+ option_code_hash_lookup(&default_requested_options[12], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ -+ /* 14 */ -+ code = DHO_DOMAIN_SEARCH; -+ option_code_hash_lookup(&default_requested_options[13], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ - for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) { - if (default_requested_options[code] == NULL) - log_fatal("Unable to find option definition for " diff --git a/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch b/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch deleted file mode 100644 index 3e52e6400..000000000 --- a/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -up dhcp-4.3.1b1/client/dhclient.c.JwFUZj dhcp-4.3.1b1/client/dhclient.c ---- dhcp-4.3.1b1/client/dhclient.c.JwFUZj 2014-07-10 17:38:50.511265091 +0200 -+++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:39:16.164901267 +0200 -@@ -1281,6 +1281,8 @@ void state_init (cpp) - void *cpp; - { - struct client_state *client = cpp; -+ enum dhcp_state init_state = client->state; -+ struct timeval tv; - - ASSERT_STATE(state, S_INIT); - -@@ -1293,9 +1295,18 @@ void state_init (cpp) - client -> first_sending = cur_time; - client -> interval = client -> config -> initial_interval; - -- /* Add an immediate timeout to cause the first DHCPDISCOVER packet -- to go out. */ -- send_discover (client); -+ if (init_state != S_DECLINED) { -+ /* Add an immediate timeout to cause the first DHCPDISCOVER packet -+ to go out. */ -+ send_discover(client); -+ } else { -+ /* We've received an OFFER and it has been DECLINEd by dhclient-script. -+ * wait for a random time between 1 and backoff_cutoff seconds before -+ * trying again. */ -+ tv . tv_sec = cur_time + ((1 + (random() >> 2)) % client->config->backoff_cutoff); -+ tv . tv_usec = 0; -+ add_timeout(&tv, send_discover, client, 0, 0); -+ } - } - - /* -@@ -1592,6 +1603,7 @@ void bind_lease (client) - "try (declined). Exiting."); - exit(2); - } else { -+ client -> state = S_DECLINED; - state_init(client); - return; - } -@@ -4059,6 +4071,7 @@ void client_location_changed () - case S_INIT: - case S_REBINDING: - case S_STOPPED: -+ case S_DECLINED: - break; - } - client -> state = S_INIT; -diff -up dhcp-4.3.1b1/includes/dhcpd.h.JwFUZj dhcp-4.3.1b1/includes/dhcpd.h ---- dhcp-4.3.1b1/includes/dhcpd.h.JwFUZj 2014-07-10 17:38:26.941599360 +0200 -+++ dhcp-4.3.1b1/includes/dhcpd.h 2014-07-10 17:38:50.526264878 +0200 -@@ -1087,7 +1087,8 @@ enum dhcp_state { - S_BOUND = 5, - S_RENEWING = 6, - S_REBINDING = 7, -- S_STOPPED = 8 -+ S_STOPPED = 8, -+ S_DECLINED = 9 - }; - - /* Authentication and BOOTP policy possibilities (not all values work diff --git a/src/patches/dhcp/dhcp-dhclient-options.patch b/src/patches/dhcp/dhcp-dhclient-options.patch deleted file mode 100644 index 67f144ecb..000000000 --- a/src/patches/dhcp/dhcp-dhclient-options.patch +++ /dev/null @@ -1,509 +0,0 @@ -diff -up dhcp-4.3.1b1/client/clparse.c.fLPqYB dhcp-4.3.1b1/client/clparse.c ---- dhcp-4.3.1b1/client/clparse.c.fLPqYB 2014-07-02 19:58:38.000000000 +0200 -+++ dhcp-4.3.1b1/client/clparse.c 2014-07-10 17:38:26.938599402 +0200 -@@ -148,6 +148,7 @@ isc_result_t read_client_conf () - /* Requested lease time, used by DHCPv6 (DHCPv4 uses the option cache) - */ - top_level_config.requested_lease = 7200; -+ top_level_config.bootp_broadcast_always = 0; - - group_allocate (&top_level_config.on_receipt, MDL); - if (!top_level_config.on_receipt) -@@ -353,7 +354,8 @@ void read_client_leases () - interface-declaration | - LEASE client-lease-statement | - ALIAS client-lease-statement | -- KEY key-definition */ -+ KEY key-definition | -+ BOOTP_BROADCAST_ALWAYS */ - - void parse_client_statement (cfile, ip, config) - struct parse *cfile; -@@ -771,6 +773,12 @@ void parse_client_statement (cfile, ip, - parse_reject_statement (cfile, config); - return; - -+ case BOOTP_BROADCAST_ALWAYS: -+ token = next_token(&val, (unsigned*)0, cfile); -+ config -> bootp_broadcast_always = 1; -+ parse_semi (cfile); -+ return; -+ - default: - lose = 0; - stmt = (struct executable_statement *)0; -diff -up dhcp-4.3.1b1/client/dhclient.8.fLPqYB dhcp-4.3.1b1/client/dhclient.8 ---- dhcp-4.3.1b1/client/dhclient.8.fLPqYB 2014-07-02 19:58:38.000000000 +0200 -+++ dhcp-4.3.1b1/client/dhclient.8 2014-07-10 17:38:26.938599402 +0200 -@@ -128,6 +128,33 @@ dhclient - Dynamic Host Configuration Pr - .B -w - ] - [ -+.B -B -+] -+[ -+.B -C -+.I dhcp-client-identifier -+] -+[ -+.B -H -+.I host-name -+] -+[ -+.B -F -+.I fqdn.fqdn -+] -+[ -+.B -V -+.I vendor-class-identifier -+] -+[ -+.B -R -+.I request-option-list -+] -+[ -+.B -timeout -+.I timeout -+] -+[ - .B -v - ] - [ -@@ -275,6 +302,69 @@ not to exit when it doesn't find any suc - program can then be used to notify the client when a network interface - has been added or removed, so that the client can attempt to configure an IP - address on that interface. -+ -+.TP -+.BI \-B -+Set the BOOTP broadcast flag in request packets so servers will always -+broadcast replies. -+ -+.TP -+.BI \-C\ -+Specify the dhcp-client-identifier option to send to the DHCP server. -+ -+.TP -+.BI \-H\ -+Specify the host-name option to send to the DHCP server. The host-name -+string only contains the client's hostname prefix, to which the server will -+append the ddns-domainname or domain-name options, if any, to derive the -+fully qualified domain name of the client. The -+.B -H -+option cannot be used with the -+.B -F -+option. -+ -+.TP -+.BI \-F\ -+Specify the fqdn.fqdn option to send to the DHCP server. This option cannot -+be used with the -+.B -H -+option. The fqdn.fqdn option must specify the complete domain name of the -+client host, which the server may use for dynamic DNS updates. -+ -+.TP -+.BI \-V\ -+Specify the vendor-class-identifier option to send to the DHCP server. -+ -+.TP -+.BI \-R\