From ea23aaf2616c2a4018891abd1c7e2214fef6ffda Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Sep 24 2012 15:58:07 +0000 Subject: 4.2.4-P2 (#786023) --- diff --git a/.gitignore b/.gitignore index 7d3949b..883926e 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ /dhcp-4.2.2.tar.gz /dhcp-4.2.3.tar.gz /dhcp-4.2.3-P1.tar.gz +/dhcp-4.2.4-P2.tar.gz diff --git a/dhcp-4.2.0-PPP.patch b/dhcp-4.2.0-PPP.patch deleted file mode 100644 index bef2be7..0000000 --- a/dhcp-4.2.0-PPP.patch +++ /dev/null @@ -1,150 +0,0 @@ -diff -up dhcp-4.2.0-P1/client/dhc6.c.PPP dhcp-4.2.0-P1/client/dhc6.c ---- dhcp-4.2.0-P1/client/dhc6.c.PPP 2010-11-05 10:47:37.000000000 +0100 -+++ dhcp-4.2.0-P1/client/dhc6.c 2010-11-09 15:54:12.000000000 +0100 -@@ -129,7 +129,7 @@ extern int stateless; - * is not how it is intended. Upcoming rearchitecting the client should - * address this "one daemon model." - */ --void -+isc_result_t - form_duid(struct data_string *duid, const char *file, int line) - { - struct interface_info *ip; -@@ -141,6 +141,15 @@ form_duid(struct data_string *duid, cons - if (ip == NULL) - log_fatal("Impossible condition at %s:%d.", MDL); - -+ while (ip && ip->hw_address.hbuf[0] == HTYPE_RESERVED) { -+ /* Try the other interfaces */ -+ log_debug("Cannot form default DUID from interface %s.", ip->name); -+ ip = ip->next; -+ } -+ if (ip == NULL) { -+ return ISC_R_UNEXPECTED; -+ } -+ - if ((ip->hw_address.hlen == 0) || - (ip->hw_address.hlen > sizeof(ip->hw_address.hbuf))) - log_fatal("Impossible hardware address length at %s:%d.", MDL); -@@ -176,6 +185,8 @@ form_duid(struct data_string *duid, cons - memcpy(duid->buffer->data + 4, ip->hw_address.hbuf + 1, - ip->hw_address.hlen - 1); - } -+ -+ return ISC_R_SUCCESS; - } - - /* -@@ -5289,7 +5300,8 @@ make_client6_options(struct client_state - */ - if ((oc = lookup_option(&dhcpv6_universe, *op, - D6O_CLIENTID)) == NULL) { -- if (!option_cache(&oc, &default_duid, NULL, clientid_option, -+ if (default_duid.len == 0 || -+ !option_cache(&oc, &default_duid, NULL, clientid_option, - MDL)) - log_fatal("Failure assembling a DUID."); - -diff -up dhcp-4.2.0-P1/client/dhclient.c.PPP dhcp-4.2.0-P1/client/dhclient.c ---- dhcp-4.2.0-P1/client/dhclient.c.PPP 2010-11-05 10:47:37.000000000 +0100 -+++ dhcp-4.2.0-P1/client/dhclient.c 2010-11-09 15:37:26.000000000 +0100 -@@ -911,8 +911,8 @@ main(int argc, char **argv) { - if (default_duid.buffer != NULL) - data_string_forget(&default_duid, MDL); - -- form_duid(&default_duid, MDL); -- write_duid(&default_duid); -+ if (form_duid(&default_duid, MDL) == ISC_R_SUCCESS) -+ write_duid(&default_duid); - } - - for (ip = interfaces ; ip != NULL ; ip = ip->next) { -diff -up dhcp-4.2.0-P1/common/bpf.c.PPP dhcp-4.2.0-P1/common/bpf.c ---- dhcp-4.2.0-P1/common/bpf.c.PPP 2010-11-05 10:47:37.000000000 +0100 -+++ dhcp-4.2.0-P1/common/bpf.c 2010-11-09 15:42:42.000000000 +0100 -@@ -599,6 +599,22 @@ get_hw_addr(const char *name, struct har - memcpy(&hw->hbuf[1], LLADDR(sa), sa->sdl_alen); - break; - #endif /* IFT_FDDI */ -+#if defined(IFT_PPP) -+ case IFT_PPP: -+ if (local_family != AF_INET6) -+ log_fatal("Unsupported device type %d for \"%s\"", -+ sa->sdl_type, name); -+ hw->hlen = 0; -+ hw->hbuf[0] = HTYPE_RESERVED; -+ /* 0xdeadbeef should never occur on the wire, -+ * and is a signature that something went wrong. -+ */ -+ hw->hbuf[1] = 0xde; -+ hw->hbuf[2] = 0xad; -+ hw->hbuf[3] = 0xbe; -+ hw->hbuf[4] = 0xef; -+ break; -+#endif - default: - log_fatal("Unsupported device type %d for \"%s\"", - sa->sdl_type, name); -diff -up dhcp-4.2.0-P1/common/lpf.c.PPP dhcp-4.2.0-P1/common/lpf.c ---- dhcp-4.2.0-P1/common/lpf.c.PPP 2010-11-05 10:47:37.000000000 +0100 -+++ dhcp-4.2.0-P1/common/lpf.c 2010-11-09 15:45:40.000000000 +0100 -@@ -502,6 +502,22 @@ get_hw_addr(const char *name, struct har - hw->hbuf[0] = HTYPE_FDDI; - memcpy(&hw->hbuf[1], sa->sa_data, 16); - break; -+#if defined(ARPHRD_PPP) -+ case ARPHRD_PPP: -+ if (local_family != AF_INET6) -+ log_fatal("Unsupported device type %d for \"%s\"", -+ sa->sa_family, name); -+ hw->hlen = 0; -+ hw->hbuf[0] = HTYPE_RESERVED; -+ /* 0xdeadbeef should never occur on the wire, -+ * and is a signature that something went wrong. -+ */ -+ hw->hbuf[1] = 0xde; -+ hw->hbuf[2] = 0xad; -+ hw->hbuf[3] = 0xbe; -+ hw->hbuf[4] = 0xef; -+ break; -+#endif - default: - log_fatal("Unsupported device type %ld for \"%s\"", - (long int)sa->sa_family, name); -diff -up dhcp-4.2.0-P1/includes/dhcpd.h.PPP dhcp-4.2.0-P1/includes/dhcpd.h ---- dhcp-4.2.0-P1/includes/dhcpd.h.PPP 2010-11-05 10:47:37.000000000 +0100 -+++ dhcp-4.2.0-P1/includes/dhcpd.h 2010-11-09 15:46:58.000000000 +0100 -@@ -2733,7 +2733,7 @@ void dhcpv4_client_assignments(void); - void dhcpv6_client_assignments(void); - - /* dhc6.c */ --void form_duid(struct data_string *duid, const char *file, int line); -+isc_result_t form_duid(struct data_string *duid, const char *file, int line); - void dhc6_lease_destroy(struct dhc6_lease **src, const char *file, int line); - void start_init6(struct client_state *client); - void start_info_request6(struct client_state *client); -diff -up dhcp-4.2.0-P1/includes/dhcp.h.PPP dhcp-4.2.0-P1/includes/dhcp.h ---- dhcp-4.2.0-P1/includes/dhcp.h.PPP 2010-11-05 10:47:37.000000000 +0100 -+++ dhcp-4.2.0-P1/includes/dhcp.h 2010-11-09 15:48:53.000000000 +0100 -@@ -80,6 +80,8 @@ struct dhcp_packet { - #define HTYPE_IEEE802 6 /* IEEE 802.2 Token Ring... */ - #define HTYPE_FDDI 8 /* FDDI... */ - -+#define HTYPE_RESERVED 0 /* RFC 5494 */ -+ - /* Magic cookie validating dhcp options field (and bootp vendor - extensions field). */ - #define DHCP_OPTIONS_COOKIE "\143\202\123\143" -diff -up dhcp-4.2.0-P1/server/dhcpv6.c.PPP dhcp-4.2.0-P1/server/dhcpv6.c ---- dhcp-4.2.0-P1/server/dhcpv6.c.PPP 2010-11-05 10:47:37.000000000 +0100 -+++ dhcp-4.2.0-P1/server/dhcpv6.c 2010-11-09 15:50:17.000000000 +0100 -@@ -300,6 +300,9 @@ generate_new_server_duid(void) { - if (p->hw_address.hlen > 0) { - break; - } -+ if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) { -+ log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!"); -+ } - } - if (p == NULL) { - return ISC_R_UNEXPECTED; diff --git a/dhcp-4.2.0-UseMulticast.patch b/dhcp-4.2.0-UseMulticast.patch deleted file mode 100644 index 319344a..0000000 --- a/dhcp-4.2.0-UseMulticast.patch +++ /dev/null @@ -1,229 +0,0 @@ -diff -up dhcp-4.2.0/server/dhcpv6.c.UseMulticast dhcp-4.2.0/server/dhcpv6.c ---- dhcp-4.2.0/server/dhcpv6.c.UseMulticast 2010-06-01 19:30:00.000000000 +0200 -+++ dhcp-4.2.0/server/dhcpv6.c 2010-07-21 16:17:30.000000000 +0200 -@@ -346,6 +346,48 @@ generate_new_server_duid(void) { - } - - /* -+ * Is the D6O_UNICAST option defined in dhcpd.conf ? -+ */ -+static isc_boolean_t unicast_option_defined; -+ -+/* -+ * Did we already search dhcpd.conf for D6O_UNICAST option ? -+ * We need to store it here to not parse dhcpd.conf repeatedly. -+ */ -+static isc_boolean_t unicast_option_parsed = ISC_FALSE; -+ -+ -+/* -+ * Is the D6O_UNICAST option defined in dhcpd.conf ? -+ */ -+isc_boolean_t -+is_unicast_option_defined(void) { -+ struct option_state *opt_state; -+ struct option_cache *oc; -+ -+ /* -+ * If we are looking for the unicast option for the first time -+ */ -+ if (unicast_option_parsed == ISC_FALSE) { -+ unicast_option_parsed = ISC_TRUE; -+ opt_state = NULL; -+ if (!option_state_allocate(&opt_state, MDL)) { -+ log_fatal("No memory for option state."); -+ } -+ -+ execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, -+ opt_state, &global_scope, root_group, NULL); -+ -+ oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST); -+ unicast_option_defined = (oc != NULL); -+ -+ option_state_dereference(&opt_state, MDL); -+ } -+ -+ return (unicast_option_defined); -+} -+ -+/* - * Get the client identifier from the packet. - */ - isc_result_t -@@ -1405,6 +1447,56 @@ lease_to_client(struct data_string *repl - reply.shared->group); - } - -+ /* reject unicast message, unless we set unicast option */ -+ if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) -+ /* -+ * RFC3315 section 18.2.1 (Request): -+ * -+ * When the server receives a Request message via unicast from a client -+ * to which the server has not sent a unicast option, the server -+ * discards the Request message and responds with a Reply message -+ * containing a Status Code option with the value UseMulticast, a Server -+ * Identifier option containing the server's DUID, the Client Identifier -+ * option from the client message, and no other options. -+ * -+ * Section 18.2.3 (Renew): -+ * -+ * When the server receives a Renew message via unicast from a client to -+ * which the server has not sent a unicast option, the server discards -+ * the Renew message and responds with a Reply message containing a -+ * Status Code option with the value UseMulticast, a Server Identifier -+ * option containing the server's DUID, the Client Identifier option -+ * from the client message, and no other options. -+ */ -+ { -+ /* Set the UseMulticast status code. */ -+ if (!set_status_code(STATUS_UseMulticast, -+ "Unicast not allowed by server.", -+ reply.opt_state)) { -+ log_error("lease_to_client: Unable to set " -+ "UseMulticast status code."); -+ goto exit; -+ } -+ -+ /* Rewind the cursor to the start. */ -+ reply.cursor = REPLY_OPTIONS_INDEX; -+ -+ /* -+ * Produce an reply that includes only: -+ * -+ * Status code. -+ * Server DUID. -+ * Client DUID. -+ */ -+ reply.cursor += store_options6((char *)reply.buf.data + -+ reply.cursor, -+ sizeof(reply.buf) - -+ reply.cursor, -+ reply.opt_state, reply.packet, -+ required_opts_NAA, -+ NULL); -+ } else if (no_resources_avail && (reply.ia_count != 0) && -+ (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT)) - /* - * RFC3315 section 17.2.2 (Solicit): - * -@@ -1429,8 +1521,6 @@ lease_to_client(struct data_string *repl - * the server. - * Sends a Renew/Rebind if the IA is not in the Reply message. - */ -- if (no_resources_avail && (reply.ia_count != 0) && -- (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT)) - { - /* Set the NoAddrsAvail status code. */ - if (!set_status_code(STATUS_NoAddrsAvail, -@@ -4128,7 +4218,6 @@ dhcpv6_solicit(struct data_string *reply - * Very similar to Solicit handling, except the server DUID is required. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - static void - dhcpv6_request(struct data_string *reply_ret, struct packet *packet) { - struct data_string client_id; -@@ -4443,7 +4532,6 @@ exit: - * except for the error code of when addresses don't match. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - static void - dhcpv6_renew(struct data_string *reply, struct packet *packet) { - struct data_string client_id; -@@ -4688,18 +4776,60 @@ iterate_over_ia_na(struct data_string *r - goto exit; - } - -- snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type); -- if (!set_status_code(STATUS_Success, status_msg, opt_state)) { -- goto exit; -- } -+ /* reject unicast message, unless we set unicast option */ -+ if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) { -+ /* -+ * RFC3315 section 18.2.6 (Release): -+ * -+ * When the server receives a Release message via unicast from a client -+ * to which the server has not sent a unicast option, the server -+ * discards the Release message and responds with a Reply message -+ * containing a Status Code option with value UseMulticast, a Server -+ * Identifier option containing the server's DUID, the Client Identifier -+ * option from the client message, and no other options. -+ * -+ * Section 18.2.7 (Decline): -+ * -+ * When the server receives a Decline message via unicast from a client -+ * to which the server has not sent a unicast option, the server -+ * discards the Decline message and responds with a Reply message -+ * containing a Status Code option with the value UseMulticast, a Server -+ * Identifier option containing the server's DUID, the Client Identifier -+ * option from the client message, and no other options. -+ */ -+ snprintf(status_msg, sizeof(status_msg), -+ "%s received unicast.", packet_type); -+ if (!set_status_code(STATUS_UseMulticast, status_msg, opt_state)) { -+ goto exit; -+ } - -- /* -- * Add our options that are not associated with any IA_NA or IA_TA. -- */ -- reply_ofs += store_options6(reply_data+reply_ofs, -- sizeof(reply_data)-reply_ofs, -+ /* -+ * Produce an reply that includes only: -+ * -+ * Status code. -+ * Server DUID. -+ * Client DUID. -+ */ -+ reply_ofs += store_options6(reply_data+reply_ofs, -+ sizeof(reply_data)-reply_ofs, - opt_state, packet, -- required_opts, NULL); -+ required_opts_NAA, NULL); -+ -+ goto return_reply; -+ } else { -+ snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type); -+ if (!set_status_code(STATUS_Success, status_msg, opt_state)) { -+ goto exit; -+ } -+ -+ /* -+ * Add our options that are not associated with any IA_NA or IA_TA. -+ */ -+ reply_ofs += store_options6(reply_data+reply_ofs, -+ sizeof(reply_data)-reply_ofs, -+ opt_state, packet, -+ required_opts, NULL); -+ } - - /* - * Loop through the IA_NA reported by the client, and deal with -@@ -4838,6 +4968,7 @@ iterate_over_ia_na(struct data_string *r - /* - * Return our reply to the caller. - */ -+return_reply: - reply_ret->len = reply_ofs; - reply_ret->buffer = NULL; - if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) { -@@ -4883,7 +5014,6 @@ exit: - * we still need to be aware of this possibility. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - /* TODO: IA_TA */ - static void - dhcpv6_decline(struct data_string *reply, struct packet *packet) { -@@ -5355,7 +5485,6 @@ exit: - * Release means a client is done with the leases. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - static void - dhcpv6_release(struct data_string *reply, struct packet *packet) { - struct data_string client_id; diff --git a/dhcp-4.2.0-noprefixavail.patch b/dhcp-4.2.0-noprefixavail.patch deleted file mode 100644 index 729a172..0000000 --- a/dhcp-4.2.0-noprefixavail.patch +++ /dev/null @@ -1,140 +0,0 @@ -diff -up dhcp-4.2.0/server/dhcpv6.c.noprefixavail dhcp-4.2.0/server/dhcpv6.c ---- dhcp-4.2.0/server/dhcpv6.c.noprefixavail 2010-10-07 13:48:45.000000000 +0200 -+++ dhcp-4.2.0/server/dhcpv6.c 2010-10-13 11:00:25.000000000 +0200 -@@ -1134,7 +1134,7 @@ try_client_v6_prefix(struct iasubopt **p - return DHCP_R_INVALIDARG; - } - tmp_plen = (int) requested_pref->data[0]; -- if ((tmp_plen < 3) || (tmp_plen > 128)) { -+ if ((tmp_plen < 3) || (tmp_plen > 128) ||((int)tmp_plen != pool->units)) { - return ISC_R_FAILURE; - } - memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref)); -@@ -1147,9 +1147,8 @@ try_client_v6_prefix(struct iasubopt **p - return ISC_R_FAILURE; - } - -- if (((int)tmp_plen != pool->units) || -- !ipv6_in_pool(&tmp_pref, pool)) { -- return ISC_R_FAILURE; -+ if (!ipv6_in_pool(&tmp_pref, pool)) { -+ return ISC_R_ADDRNOTAVAIL; - } - - if (prefix6_exists(pool, &tmp_pref, tmp_plen)) { -@@ -1409,13 +1408,6 @@ lease_to_client(struct data_string *repl - if ((status != ISC_R_SUCCESS) && - (status != ISC_R_NORESOURCES)) - goto exit; -- -- /* -- * If any prefix cannot be given to any IA_PD, then -- * set the NoPrefixAvail status code. -- */ -- if (reply.client_resources == 0) -- no_resources_avail = ISC_TRUE; - } - - /* -@@ -1549,36 +1541,6 @@ lease_to_client(struct data_string *repl - reply.opt_state, reply.packet, - required_opts_NAA, - NULL); -- } else if (no_resources_avail && (reply.ia_count == 0) && -- (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT)) -- { -- /* Set the NoPrefixAvail status code. */ -- if (!set_status_code(STATUS_NoPrefixAvail, -- "No prefixes available for this " -- "interface.", reply.opt_state)) { -- log_error("lease_to_client: Unable to set " -- "NoPrefixAvail status code."); -- goto exit; -- } -- -- /* Rewind the cursor to the start. */ -- reply.cursor = REPLY_OPTIONS_INDEX; -- -- /* -- * Produce an advertise that includes only: -- * -- * Status code. -- * Server DUID. -- * Client DUID. -- */ -- reply.buf.reply.msg_type = DHCPV6_ADVERTISE; -- reply.cursor += store_options6((char *)reply.buf.data + -- reply.cursor, -- sizeof(reply.buf) - -- reply.cursor, -- reply.opt_state, reply.packet, -- required_opts_NAA, -- NULL); - } else { - /* - * Having stored the client's IA's, store any options that -@@ -2793,16 +2755,18 @@ find_client_temporaries(struct reply_sta - */ - static isc_result_t - reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) { -- isc_result_t status = ISC_R_NORESOURCES; -+ isc_result_t status = ISC_R_ADDRNOTAVAIL; - struct ipv6_pool *pool; - int i; - struct data_string data_addr; - - if ((reply == NULL) || (reply->shared == NULL) || -- (reply->shared->ipv6_pools == NULL) || (addr == NULL) || -- (reply->lease != NULL)) -+ (addr == NULL) || (reply->lease != NULL)) - return DHCP_R_INVALIDARG; - -+ if (reply->shared->ipv6_pools == NULL) -+ return ISC_R_ADDRNOTAVAIL; -+ - memset(&data_addr, 0, sizeof(data_addr)); - data_addr.len = addr->len; - data_addr.data = addr->iabuf; -@@ -3314,7 +3278,9 @@ reply_process_ia_pd(struct reply_state * - if (status == ISC_R_CANCELED) - break; - -- if ((status != ISC_R_SUCCESS) && (status != ISC_R_ADDRINUSE)) -+ if ((status != ISC_R_SUCCESS) && -+ (status != ISC_R_ADDRINUSE) && -+ (status != ISC_R_ADDRNOTAVAIL)) - goto cleanup; - } - -@@ -3594,7 +3560,8 @@ reply_process_prefix(struct reply_state - - /* Either error out or skip this prefix. */ - if ((status != ISC_R_SUCCESS) && -- (status != ISC_R_ADDRINUSE)) -+ (status != ISC_R_ADDRINUSE) && -+ (status != ISC_R_ADDRNOTAVAIL)) - goto cleanup; - - if (reply->lease == NULL) { -@@ -3773,16 +3740,18 @@ prefix_is_owned(struct reply_state *repl - static isc_result_t - reply_process_try_prefix(struct reply_state *reply, - struct iaddrcidrnet *pref) { -- isc_result_t status = ISC_R_NORESOURCES; -+ isc_result_t status = ISC_R_ADDRNOTAVAIL; - struct ipv6_pool *pool; - int i; - struct data_string data_pref; - - if ((reply == NULL) || (reply->shared == NULL) || -- (reply->shared->ipv6_pools == NULL) || (pref == NULL) || -- (reply->lease != NULL)) -+ (pref == NULL) || (reply->lease != NULL)) - return DHCP_R_INVALIDARG; - -+ if (reply->shared->ipv6_pools == NULL) -+ return ISC_R_ADDRNOTAVAIL; -+ - memset(&data_pref, 0, sizeof(data_pref)); - data_pref.len = 17; - if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) { diff --git a/dhcp-4.2.0-paths.patch b/dhcp-4.2.0-paths.patch deleted file mode 100644 index 54c7aba..0000000 --- a/dhcp-4.2.0-paths.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff -up dhcp-4.2.0/includes/dhcpd.h.paths dhcp-4.2.0/includes/dhcpd.h ---- dhcp-4.2.0/includes/dhcpd.h.paths 2010-07-21 13:55:42.000000000 +0200 -+++ dhcp-4.2.0/includes/dhcpd.h 2010-07-21 14:29:57.000000000 +0200 -@@ -1390,15 +1390,15 @@ typedef unsigned char option_mask [16]; - #else /* !DEBUG */ - - #ifndef _PATH_DHCPD_CONF --#define _PATH_DHCPD_CONF "/etc/dhcpd.conf" -+#define _PATH_DHCPD_CONF "/etc/dhcp/dhcpd.conf" - #endif /* DEBUG */ - - #ifndef _PATH_DHCPD_DB --#define _PATH_DHCPD_DB LOCALSTATEDIR"/db/dhcpd.leases" -+#define _PATH_DHCPD_DB LOCALSTATEDIR"/dhcpd/dhcpd.leases" - #endif - - #ifndef _PATH_DHCPD6_DB --#define _PATH_DHCPD6_DB LOCALSTATEDIR"/db/dhcpd6.leases" -+#define _PATH_DHCPD6_DB LOCALSTATEDIR"/dhcpd/dhcpd6.leases" - #endif - - #ifndef _PATH_DHCPD_PID -@@ -1412,7 +1412,7 @@ typedef unsigned char option_mask [16]; - #endif /* DEBUG */ - - #ifndef _PATH_DHCLIENT_CONF --#define _PATH_DHCLIENT_CONF "/etc/dhclient.conf" -+#define _PATH_DHCLIENT_CONF "/etc/dhcp/dhclient.conf" - #endif - - #ifndef _PATH_DHCLIENT_SCRIPT -@@ -1428,11 +1428,11 @@ typedef unsigned char option_mask [16]; - #endif - - #ifndef _PATH_DHCLIENT_DB --#define _PATH_DHCLIENT_DB LOCALSTATEDIR"/db/dhclient.leases" -+#define _PATH_DHCLIENT_DB LOCALSTATEDIR"/dhclient/dhclient.leases" - #endif - - #ifndef _PATH_DHCLIENT6_DB --#define _PATH_DHCLIENT6_DB LOCALSTATEDIR"/db/dhclient6.leases" -+#define _PATH_DHCLIENT6_DB LOCALSTATEDIR"/dhclient/dhclient6.leases" - #endif - - #ifndef _PATH_RESOLV_CONF diff --git a/dhcp-4.2.0-unicast-bootp.patch b/dhcp-4.2.0-unicast-bootp.patch deleted file mode 100644 index 78bc078..0000000 --- a/dhcp-4.2.0-unicast-bootp.patch +++ /dev/null @@ -1,99 +0,0 @@ -diff -up dhcp-4.2.0/server/bootp.c.unicast dhcp-4.2.0/server/bootp.c ---- dhcp-4.2.0/server/bootp.c.unicast 2009-11-20 02:49:03.000000000 +0100 -+++ dhcp-4.2.0/server/bootp.c 2010-07-21 13:40:25.000000000 +0200 -@@ -58,6 +58,7 @@ void bootp (packet) - char msgbuf [1024]; - int ignorep; - int peer_has_leases = 0; -+ int norelay = 0; - - if (packet -> raw -> op != BOOTREQUEST) - return; -@@ -73,7 +74,7 @@ void bootp (packet) - ? inet_ntoa (packet -> raw -> giaddr) - : packet -> interface -> name); - -- if (!locate_network (packet)) { -+ if ((norelay = locate_network (packet)) == 0) { - log_info ("%s: network unknown", msgbuf); - return; - } -@@ -390,6 +391,13 @@ void bootp (packet) - from, &to, &hto); - goto out; - } -+ } else if (norelay == 2) { -+ to.sin_addr = raw.ciaddr; -+ to.sin_port = remote_port; -+ if (fallback_interface) { -+ result = send_packet (fallback_interface, (struct packet *)0, &raw, outgoing.packet_length, from, &to, &hto); -+ goto out; -+ } - - /* If it comes from a client that already knows its address - and is not requesting a broadcast response, and we can -diff -up dhcp-4.2.0/server/dhcp.c.unicast dhcp-4.2.0/server/dhcp.c ---- dhcp-4.2.0/server/dhcp.c.unicast 2010-06-01 19:29:59.000000000 +0200 -+++ dhcp-4.2.0/server/dhcp.c 2010-07-21 13:40:25.000000000 +0200 -@@ -4185,6 +4185,7 @@ int locate_network (packet) - struct data_string data; - struct subnet *subnet = (struct subnet *)0; - struct option_cache *oc; -+ int norelay = 0; - - /* See if there's a Relay Agent Link Selection Option, or a - * Subnet Selection Option. The Link-Select and Subnet-Select -@@ -4200,12 +4201,24 @@ int locate_network (packet) - from the interface, if there is one. If not, fail. */ - if (!oc && !packet -> raw -> giaddr.s_addr) { - if (packet -> interface -> shared_network) { -- shared_network_reference -- (&packet -> shared_network, -- packet -> interface -> shared_network, MDL); -- return 1; -+ struct in_addr any_addr; -+ any_addr.s_addr = INADDR_ANY; -+ -+ if (!packet -> packet_type && memcmp(&packet -> raw -> ciaddr, &any_addr, 4)) { -+ struct iaddr cip; -+ memcpy(cip.iabuf, &packet -> raw -> ciaddr, 4); -+ cip.len = 4; -+ if (!find_grouped_subnet(&subnet, packet->interface->shared_network, cip, MDL)) -+ norelay = 2; -+ } -+ -+ if (!norelay) { -+ shared_network_reference(&packet -> shared_network, packet -> interface -> shared_network, MDL); -+ return 1; -+ } -+ } else { -+ return 0; - } -- return 0; - } - - /* If there's an option indicating link connection, and it's valid, -@@ -4228,7 +4241,10 @@ int locate_network (packet) - data_string_forget (&data, MDL); - } else { - ia.len = 4; -- memcpy (ia.iabuf, &packet -> raw -> giaddr, 4); -+ if (norelay) -+ memcpy (ia.iabuf, &packet->raw->ciaddr, 4); -+ else -+ memcpy (ia.iabuf, &packet->raw->giaddr, 4); - } - - /* If we know the subnet on which the IP address lives, use it. */ -@@ -4236,7 +4252,10 @@ int locate_network (packet) - shared_network_reference (&packet -> shared_network, - subnet -> shared_network, MDL); - subnet_dereference (&subnet, MDL); -- return 1; -+ if (norelay) -+ return norelay; -+ else -+ return 1; - } - - /* Otherwise, fail. */ diff --git a/dhcp-4.2.1-64_bit_lease_parse.patch b/dhcp-4.2.1-64_bit_lease_parse.patch deleted file mode 100644 index a540bc1..0000000 --- a/dhcp-4.2.1-64_bit_lease_parse.patch +++ /dev/null @@ -1,94 +0,0 @@ -diff -up dhcp-4.2.1b1/common/dispatch.c.64-bit_lease_parse dhcp-4.2.1b1/common/dispatch.c -diff -up dhcp-4.2.1b1/common/parse.c.64-bit_lease_parse dhcp-4.2.1b1/common/parse.c ---- dhcp-4.2.1b1/common/parse.c.64-bit_lease_parse 2010-12-30 00:01:42.000000000 +0100 -+++ dhcp-4.2.1b1/common/parse.c 2011-01-28 08:01:10.000000000 +0100 -@@ -909,8 +909,8 @@ TIME - parse_date_core(cfile) - struct parse *cfile; - { -- int guess; -- int tzoff, wday, year, mon, mday, hour, min, sec; -+ TIME guess; -+ long int tzoff, wday, year, mon, mday, hour, min, sec; - const char *val; - enum dhcp_token token; - static int months[11] = { 31, 59, 90, 120, 151, 181, -@@ -936,7 +936,7 @@ parse_date_core(cfile) - } - - token = next_token(&val, NULL, cfile); /* consume number */ -- guess = atoi(val); -+ guess = atol(val); - - return((TIME)guess); - } -@@ -948,7 +948,7 @@ parse_date_core(cfile) - return((TIME)0); - } - token = next_token(&val, NULL, cfile); /* consume day of week */ -- wday = atoi(val); -+ wday = atol(val); - - /* Year... */ - token = peek_token(&val, NULL, cfile); -@@ -964,7 +964,7 @@ parse_date_core(cfile) - somebody invents a time machine, I think we can safely disregard - it. This actually works around a stupid Y2K bug that was present - in a very early beta release of dhcpd. */ -- year = atoi(val); -+ year = atol(val); - if (year > 1900) - year -= 1900; - -@@ -988,7 +988,7 @@ parse_date_core(cfile) - return((TIME)0); - } - token = next_token(&val, NULL, cfile); /* consume month */ -- mon = atoi(val) - 1; -+ mon = atol(val) - 1; - - /* Slash separating month from day... */ - token = peek_token(&val, NULL, cfile); -@@ -1010,7 +1010,7 @@ parse_date_core(cfile) - return((TIME)0); - } - token = next_token(&val, NULL, cfile); /* consume day of month */ -- mday = atoi(val); -+ mday = atol(val); - - /* Hour... */ - token = peek_token(&val, NULL, cfile); -@@ -1021,7 +1021,7 @@ parse_date_core(cfile) - return((TIME)0); - } - token = next_token(&val, NULL, cfile); /* consume hour */ -- hour = atoi(val); -+ hour = atol(val); - - /* Colon separating hour from minute... */ - token = peek_token(&val, NULL, cfile); -@@ -1043,7 +1043,7 @@ parse_date_core(cfile) - return((TIME)0); - } - token = next_token(&val, NULL, cfile); /* consume minute */ -- min = atoi(val); -+ min = atol(val); - - /* Colon separating minute from second... */ - token = peek_token(&val, NULL, cfile); -@@ -1065,13 +1065,13 @@ parse_date_core(cfile) - return((TIME)0); - } - token = next_token(&val, NULL, cfile); /* consume second */ -- sec = atoi(val); -+ sec = atol(val); - - tzoff = 0; - token = peek_token(&val, NULL, cfile); - if (token == NUMBER) { - token = next_token(&val, NULL, cfile); /* consume tzoff */ -- tzoff = atoi(val); -+ tzoff = atol(val); - } else if (token != SEMI) { - token = next_token(&val, NULL, cfile); - parse_warn(cfile, diff --git a/dhcp-4.2.3-options.patch b/dhcp-4.2.3-options.patch deleted file mode 100644 index 09726ce..0000000 --- a/dhcp-4.2.3-options.patch +++ /dev/null @@ -1,401 +0,0 @@ -diff -up dhcp-4.2.3rc1/client/clparse.c.options dhcp-4.2.3rc1/client/clparse.c ---- dhcp-4.2.3rc1/client/clparse.c.options 2011-04-21 16:08:14.000000000 +0200 -+++ dhcp-4.2.3rc1/client/clparse.c 2011-10-18 18:43:04.341962957 +0200 -@@ -146,6 +146,7 @@ isc_result_t read_client_conf () - /* Requested lease time, used by DHCPv6 (DHCPv4 uses the option cache) - */ - top_level_config.requested_lease = 7200; -+ top_level_config.bootp_broadcast_always = 0; - - group_allocate (&top_level_config.on_receipt, MDL); - if (!top_level_config.on_receipt) -@@ -313,7 +314,8 @@ void read_client_leases () - interface-declaration | - LEASE client-lease-statement | - ALIAS client-lease-statement | -- KEY key-definition */ -+ KEY key-definition | -+ BOOTP_BROADCAST_ALWAYS */ - - void parse_client_statement (cfile, ip, config) - struct parse *cfile; -@@ -732,6 +734,12 @@ void parse_client_statement (cfile, ip, - parse_reject_statement (cfile, config); - return; - -+ case BOOTP_BROADCAST_ALWAYS: -+ token = next_token(&val, (unsigned*)0, cfile); -+ config -> bootp_broadcast_always = 1; -+ parse_semi (cfile); -+ return; -+ - default: - lose = 0; - stmt = (struct executable_statement *)0; -diff -up dhcp-4.2.3rc1/client/dhclient.c.options dhcp-4.2.3rc1/client/dhclient.c ---- dhcp-4.2.3rc1/client/dhclient.c.options 2011-07-01 13:58:53.000000000 +0200 -+++ dhcp-4.2.3rc1/client/dhclient.c 2011-10-18 18:43:04.342962944 +0200 -@@ -39,6 +39,12 @@ - #include - #include - -+/* -+ * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define -+ * that when building ISC code. -+ */ -+extern int asprintf(char **strp, const char *fmt, ...); -+ - TIME default_lease_time = 43200; /* 12 hours... */ - TIME max_lease_time = 86400; /* 24 hours... */ - -@@ -87,6 +93,9 @@ int wanted_ia_na = -1; /* the absolute - int wanted_ia_ta = 0; - int wanted_ia_pd = 0; - char *mockup_relay = NULL; -+int bootp_broadcast_always = 0; -+ -+extern u_int32_t default_requested_options[]; - - void run_stateless(int exit_mode); - -@@ -123,6 +132,15 @@ main(int argc, char **argv) { - int local_family_set = 0; - #endif /* DHCPv6 */ - char *s; -+ char *dhcp_client_identifier_arg = NULL; -+ char *dhcp_host_name_arg = NULL; -+ char *dhcp_fqdn_arg = NULL; -+ char *dhcp_vendor_class_identifier_arg = NULL; -+ char *dhclient_request_options = NULL; -+ -+ int timeout_arg = 0; -+ char *arg_conf = NULL; -+ int arg_conf_len = 0; - - /* Initialize client globals. */ - memset(&default_duid, 0, sizeof(default_duid)); -@@ -310,6 +328,88 @@ main(int argc, char **argv) { - } else if (!strcmp(argv[i], "--version")) { - log_info("isc-dhclient-%s", PACKAGE_VERSION); - exit(0); -+ } else if (!strcmp(argv[i], "-I")) { -+ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { -+ usage(); -+ exit(1); -+ } -+ -+ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { -+ log_error("-I option dhcp-client-identifier string \"%s\" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); -+ exit(1); -+ } -+ -+ dhcp_client_identifier_arg = argv[i]; -+ } else if (!strcmp(argv[i], "-B")) { -+ bootp_broadcast_always = 1; -+ } else if (!strcmp(argv[i], "-H")) { -+ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { -+ usage(); -+ exit(1); -+ } -+ -+ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { -+ log_error("-H option host-name string \"%s\" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); -+ exit(1); -+ } -+ -+ if (dhcp_host_name_arg != NULL) { -+ log_error("The -H and -F arguments are mutually exclusive"); -+ exit(1); -+ } -+ -+ dhcp_host_name_arg = argv[i]; -+ } else if (!strcmp(argv[i], "-F")) { -+ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { -+ usage(); -+ exit(1); -+ } -+ -+ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { -+ log_error("-F option fqdn.fqdn string \"%s\" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); -+ exit(1); -+ } -+ -+ if (dhcp_fqdn_arg != NULL) { -+ log_error("Only one -F argument can be specified"); -+ exit(1); -+ } -+ -+ if (dhcp_host_name_arg != NULL) { -+ log_error("The -F and -H arguments are mutually exclusive"); -+ exit(1); -+ } -+ -+ dhcp_fqdn_arg = argv[i]; -+ } else if (!strcmp(argv[i], "-timeout")) { -+ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { -+ usage(); -+ exit(1); -+ } -+ -+ if ((timeout_arg = atoi(argv[i])) <= 0) { -+ log_error("-T timeout option must be > 0 - bad value: %s",argv[i]); -+ exit(1); -+ } -+ } else if (!strcmp(argv[i], "-V")) { -+ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { -+ usage(); -+ exit(1); -+ } -+ -+ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { -+ log_error("-V option vendor-class-identifier string \"%s\" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); -+ exit(1); -+ } -+ -+ dhcp_vendor_class_identifier_arg = argv[i]; -+ } else if (!strcmp(argv[i], "-R")) { -+ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { -+ usage(); -+ exit(1); -+ } -+ -+ dhclient_request_options = argv[i]; - } else if (argv[i][0] == '-') { - usage(); - } else if (interfaces_requested < 0) { -@@ -484,6 +584,166 @@ main(int argc, char **argv) { - /* Parse the dhclient.conf file. */ - read_client_conf(); - -+ /* Parse any extra command line configuration arguments: */ -+ if ((dhcp_client_identifier_arg != NULL) && (*dhcp_client_identifier_arg != '\0')) { -+ arg_conf_len = asprintf(&arg_conf, "send dhcp-client-identifier \"%s\";", dhcp_client_identifier_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send -I option dhcp-client-identifier"); -+ } -+ -+ if ((dhcp_host_name_arg != NULL) && (*dhcp_host_name_arg != '\0')) { -+ if (arg_conf == 0) { -+ arg_conf_len = asprintf(&arg_conf, "send host-name \"%s\";", dhcp_host_name_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send -H option host-name"); -+ } else { -+ char *last_arg_conf = arg_conf; -+ arg_conf = NULL; -+ arg_conf_len = asprintf(&arg_conf, "%s\nsend host-name \"%s\";", last_arg_conf, dhcp_host_name_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send -H option host-name"); -+ -+ free(last_arg_conf); -+ } -+ } -+ -+ if ((dhcp_fqdn_arg != NULL) && (*dhcp_fqdn_arg != '\0')) { -+ if (arg_conf == 0) { -+ arg_conf_len = asprintf(&arg_conf, "send fqdn.fqdn \"%s\";", dhcp_fqdn_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send -F option fqdn.fqdn"); -+ } else { -+ char *last_arg_conf = arg_conf; -+ arg_conf = NULL; -+ arg_conf_len = asprintf(&arg_conf, "%s\nsend fqdn.fqdn \"%s\";", last_arg_conf, dhcp_fqdn_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send -F option fqdn.fqdn"); -+ -+ free(last_arg_conf); -+ } -+ } -+ -+ if (timeout_arg) { -+ if (arg_conf == 0) { -+ arg_conf_len = asprintf(&arg_conf, "timeout %d;", timeout_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to process -timeout timeout argument"); -+ } else { -+ char *last_arg_conf = arg_conf; -+ arg_conf = NULL; -+ arg_conf_len = asprintf(&arg_conf, "%s\ntimeout %d;", last_arg_conf, timeout_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len == 0)) -+ log_fatal("Unable to process -timeout timeout argument"); -+ -+ free(last_arg_conf); -+ } -+ } -+ -+ if ((dhcp_vendor_class_identifier_arg != NULL) && (*dhcp_vendor_class_identifier_arg != '\0')) { -+ if (arg_conf == 0) { -+ arg_conf_len = asprintf(&arg_conf, "send vendor-class-identifier \"%s\";", dhcp_vendor_class_identifier_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send -V option vendor-class-identifier"); -+ } else { -+ char *last_arg_conf = arg_conf; -+ arg_conf = NULL; -+ arg_conf_len = asprintf(&arg_conf, "%s\nsend vendor-class-identifier \"%s\";", last_arg_conf, dhcp_vendor_class_identifier_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send -V option vendor-class-identifier"); -+ -+ free(last_arg_conf); -+ } -+ } -+ -+ if (dhclient_request_options != NULL) { -+ if (arg_conf == 0) { -+ arg_conf_len = asprintf(&arg_conf, "request %s;", dhclient_request_options); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to parse -R argument"); -+ } else { -+ char *last_arg_conf = arg_conf; -+ arg_conf = NULL; -+ arg_conf_len = asprintf(&arg_conf, "%s\nrequest %s;", last_arg_conf, dhclient_request_options); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to parse -R argument"); -+ -+ free(last_arg_conf); -+ } -+ } -+ -+ if (arg_conf) { -+ if (arg_conf_len == 0) -+ if ((arg_conf_len = strlen(arg_conf)) == 0) -+ /* huh ? cannot happen ! */ -+ log_fatal("Unable to process -I/-H/-F/-timeout/-V/-R configuration arguments"); -+ -+ /* parse the extra dhclient.conf configuration arguments -+ * into top level config: */ -+ struct parse *cfile = (struct parse *)0; -+ const char *val = NULL; -+ int token; -+ -+ status = new_parse(&cfile, -1, arg_conf, arg_conf_len, "extra dhclient -I/-H/-F/-timeout/-V/-R configuration arguments", 0); -+ -+ if ((status != ISC_R_SUCCESS) || (cfile -> warnings_occurred)) -+ log_fatal("Cannot parse -I/-H/-F/-timeout/-V/-R configuration arguments !"); -+ /* more detailed parse failures will be logged */ -+ -+ do { -+ token = peek_token(&val, (unsigned *)0, cfile); -+ if (token == END_OF_FILE) -+ break; -+ -+ parse_client_statement(cfile, (struct interface_info *)0, &top_level_config); -+ } while (1); -+ -+ if (cfile -> warnings_occurred) -+ log_fatal("Cannot parse -I/-H/-F/-timeout/-V/-R configuration arguments !"); -+ end_parse(&cfile); -+ -+ if (timeout_arg) { -+ /* we just set the toplevel timeout, but per-client -+ * timeouts may still be at defaults. Also, it makes no -+ * sense having the reboot_timeout or backoff_cutoff -+ * greater than the timeout: -+ */ -+ if ((top_level_config.backoff_cutoff == 15) && (top_level_config.backoff_cutoff > (timeout_arg / 2))) -+ top_level_config.backoff_cutoff = (((unsigned long)(timeout_arg / 2)) == 0) ? timeout_arg : (unsigned long)(timeout_arg / 2); -+ -+ for (ip=interfaces; ip; ip = ip->next) { -+ if (ip->client->config->timeout == 60) -+ ip->client->config->timeout = timeout_arg; -+ -+ if ((ip->client->config->reboot_timeout == 10) && (ip->client->config->reboot_timeout > ip->client->config->timeout)) -+ ip->client->config->reboot_timeout = ip->client->config->timeout; -+ if ((ip->client->config->backoff_cutoff == 15) && (ip->client->config->backoff_cutoff > top_level_config.backoff_cutoff)) -+ ip->client->config->backoff_cutoff = top_level_config.backoff_cutoff; -+ } -+ } -+ -+ if ((dhclient_request_options != 0) && (top_level_config.requested_options != default_requested_options)) { -+ for (ip=interfaces; ip; ip = ip->next) { -+ if (ip->client->config->requested_options == default_requested_options) -+ ip->client->config->requested_options = top_level_config.requested_options; -+ } -+ } -+ -+ free(arg_conf); -+ arg_conf = NULL; -+ arg_conf_len = 0; -+ } -+ - /* Parse the lease database. */ - read_client_leases(); - -@@ -2397,7 +2657,8 @@ void make_discover (client, lease) - client -> packet.xid = random (); - client -> packet.secs = 0; /* filled in by send_discover. */ - -- if (can_receive_unicast_unconfigured (client -> interface)) -+ if ((!(bootp_broadcast_always || client->config->bootp_broadcast_always)) -+ && can_receive_unicast_unconfigured(client->interface)) - client -> packet.flags = 0; - else - client -> packet.flags = htons (BOOTP_BROADCAST); -@@ -2481,7 +2742,9 @@ void make_request (client, lease) - } else { - memset (&client -> packet.ciaddr, 0, - sizeof client -> packet.ciaddr); -- if (can_receive_unicast_unconfigured (client -> interface)) -+ if ((!(bootp_broadcast_always || -+ client ->config->bootp_broadcast_always)) && -+ can_receive_unicast_unconfigured (client -> interface)) - client -> packet.flags = 0; - else - client -> packet.flags = htons (BOOTP_BROADCAST); -@@ -2543,7 +2806,8 @@ void make_decline (client, lease) - client -> packet.hops = 0; - client -> packet.xid = client -> xid; - client -> packet.secs = 0; /* Filled in by send_request. */ -- if (can_receive_unicast_unconfigured (client -> interface)) -+ if ((!(bootp_broadcast_always || client->config-> bootp_broadcast_always)) -+ && can_receive_unicast_unconfigured (client->interface)) - client -> packet.flags = 0; - else - client -> packet.flags = htons (BOOTP_BROADCAST); -diff -up dhcp-4.2.3rc1/common/conflex.c.options dhcp-4.2.3rc1/common/conflex.c ---- dhcp-4.2.3rc1/common/conflex.c.options 2011-09-21 22:43:10.000000000 +0200 -+++ dhcp-4.2.3rc1/common/conflex.c 2011-10-18 18:43:04.347962883 +0200 -@@ -808,6 +808,8 @@ intern(char *atom, enum dhcp_token dfv) - return BALANCE; - if (!strcasecmp (atom + 1, "ound")) - return BOUND; -+ if (!strcasecmp (atom + 1, "ootp-broadcast-always")) -+ return BOOTP_BROADCAST_ALWAYS; - break; - case 'c': - if (!strcasecmp(atom + 1, "ase")) -diff -up dhcp-4.2.3rc1/includes/dhcpd.h.options dhcp-4.2.3rc1/includes/dhcpd.h ---- dhcp-4.2.3rc1/includes/dhcpd.h.options 2011-10-04 21:43:12.000000000 +0200 -+++ dhcp-4.2.3rc1/includes/dhcpd.h 2011-10-18 18:43:04.388962369 +0200 -@@ -1147,6 +1147,9 @@ struct client_config { - int do_forward_update; /* If nonzero, and if we have the - information we need, update the - A record for the address we get. */ -+ -+ int bootp_broadcast_always; /* If nonzero, always set the BOOTP_BROADCAST -+ flag in requests */ - }; - - /* Per-interface state used in the dhcp client... */ -diff -up dhcp-4.2.3rc1/includes/dhctoken.h.options dhcp-4.2.3rc1/includes/dhctoken.h ---- dhcp-4.2.3rc1/includes/dhctoken.h.options 2011-09-21 22:43:10.000000000 +0200 -+++ dhcp-4.2.3rc1/includes/dhctoken.h 2011-10-18 18:47:08.039916315 +0200 -@@ -363,7 +363,8 @@ enum dhcp_token { - INITIAL_DELAY = 664, - GETHOSTBYNAME = 665, - PRIMARY6 = 666, -- SECONDARY6 = 667 -+ SECONDARY6 = 667, -+ BOOTP_BROADCAST_ALWAYS = 668 - }; - - #define is_identifier(x) ((x) >= FIRST_TOKEN && \ diff --git a/dhcp-4.2.3-rfc3442-classless-static-routes.patch b/dhcp-4.2.3-rfc3442-classless-static-routes.patch deleted file mode 100644 index 5897c21..0000000 --- a/dhcp-4.2.3-rfc3442-classless-static-routes.patch +++ /dev/null @@ -1,405 +0,0 @@ -diff -up dhcp-4.2.3rc1/client/clparse.c.rfc3442 dhcp-4.2.3rc1/client/clparse.c ---- dhcp-4.2.3rc1/client/clparse.c.rfc3442 2011-10-18 18:50:11.564621939 +0200 -+++ dhcp-4.2.3rc1/client/clparse.c 2011-10-18 18:50:11.661620727 +0200 -@@ -37,7 +37,7 @@ - - struct client_config top_level_config; - --#define NUM_DEFAULT_REQUESTED_OPTS 14 -+#define NUM_DEFAULT_REQUESTED_OPTS 15 - struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 1]; - - static void parse_client_default_duid(struct parse *cfile); -@@ -82,7 +82,11 @@ isc_result_t read_client_conf () - dhcp_universe.code_hash, &code, 0, MDL); - - /* 4 */ -- code = DHO_ROUTERS; -+ /* The Classless Static Routes option code MUST appear in the parameter -+ * request list prior to both the Router option code and the Static -+ * Routes option code, if present. (RFC3442) -+ */ -+ code = DHO_CLASSLESS_STATIC_ROUTES; - option_code_hash_lookup(&default_requested_options[3], - dhcp_universe.code_hash, &code, 0, MDL); - -@@ -136,6 +140,11 @@ isc_result_t read_client_conf () - option_code_hash_lookup(&default_requested_options[13], - dhcp_universe.code_hash, &code, 0, MDL); - -+ /* 15 */ -+ code = DHO_ROUTERS; -+ option_code_hash_lookup(&default_requested_options[14], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ - for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) { - if (default_requested_options[code] == NULL) - log_fatal("Unable to find option definition for " -diff -up dhcp-4.2.3rc1/common/dhcp-options.5.rfc3442 dhcp-4.2.3rc1/common/dhcp-options.5 ---- dhcp-4.2.3rc1/common/dhcp-options.5.rfc3442 2011-10-18 18:50:11.550622114 +0200 -+++ dhcp-4.2.3rc1/common/dhcp-options.5 2011-10-18 18:50:11.662620715 +0200 -@@ -115,6 +115,26 @@ hexadecimal, separated by colons. For - or - option dhcp-client-identifier 43:4c:49:45:54:2d:46:4f:4f; - .fi -+.PP -+The -+.B destination-descriptor -+describe the IP subnet number and subnet mask -+of a particular destination using a compact encoding. This encoding -+consists of one octet describing the width of the subnet mask, -+followed by all the significant octets of the subnet number. -+The following table contains some examples of how various subnet -+number/mask combinations can be encoded: -+.nf -+.sp 1 -+Subnet number Subnet mask Destination descriptor -+0 0 0 -+10.0.0.0 255.0.0.0 8.10 -+10.0.0.0 255.255.255.0 24.10.0.0 -+10.17.0.0 255.255.0.0 16.10.17 -+10.27.129.0 255.255.255.0 24.10.27.129 -+10.229.0.128 255.255.255.128 25.10.229.0.128 -+10.198.122.47 255.255.255.255 32.10.198.122.47 -+.fi - .SH SETTING OPTION VALUES USING EXPRESSIONS - Sometimes it's helpful to be able to set the value of a DHCP option - based on some value that the client has sent. To do this, you can -@@ -931,6 +951,29 @@ dhclient-script will create routes: - .RE - .PP - .nf -+.B option \fBclassless-static-routes\fR \fIdestination-descriptor ip-address\fR -+ [\fB,\fR \fIdestination-descriptor ip-address\fR...]\fB;\fR -+.fi -+.RS 0.25i -+.PP -+This option (see RFC3442) specifies a list of classless static routes -+that the client should install in its routing cache. -+.PP -+This option can contain one or more static routes, each of which -+consists of a destination descriptor and the IP address of the router -+that should be used to reach that destination. -+.PP -+Many clients may not implement the Classless Static Routes option. -+DHCP server administrators should therefore configure their DHCP -+servers to send both a Router option and a Classless Static Routes -+option, and should specify the default router(s) both in the Router -+option and in the Classless Static Routes option. -+.PP -+If the DHCP server returns both a Classless Static Routes option and -+a Router option, the DHCP client ignores the Router option. -+.RE -+.PP -+.nf - .B option \fBstreettalk-directory-assistance-server\fR \fIip-address\fR - [\fB,\fR \fIip-address\fR...]\fB;\fR - .fi -diff -up dhcp-4.2.3rc1/common/inet.c.rfc3442 dhcp-4.2.3rc1/common/inet.c ---- dhcp-4.2.3rc1/common/inet.c.rfc3442 2011-05-11 02:47:22.000000000 +0200 -+++ dhcp-4.2.3rc1/common/inet.c 2011-10-18 18:50:11.665620676 +0200 -@@ -528,6 +528,60 @@ free_iaddrcidrnetlist(struct iaddrcidrne - return ISC_R_SUCCESS; - } - -+static const char * -+inet_ntopdd(const unsigned char *src, unsigned srclen, char *dst, size_t size) -+{ -+ char tmp[sizeof("32.255.255.255.255")]; -+ int len; -+ -+ switch (srclen) { -+ case 2: -+ len = sprintf (tmp, "%u.%u", src[0], src[1]); -+ break; -+ case 3: -+ len = sprintf (tmp, "%u.%u.%u", src[0], src[1], src[2]); -+ break; -+ case 4: -+ len = sprintf (tmp, "%u.%u.%u.%u", src[0], src[1], src[2], src[3]); -+ break; -+ case 5: -+ len = sprintf (tmp, "%u.%u.%u.%u.%u", src[0], src[1], src[2], src[3], src[4]); -+ break; -+ default: -+ return NULL; -+ } -+ if (len < 0) -+ return NULL; -+ -+ if (len > size) { -+ errno = ENOSPC; -+ return NULL; -+ } -+ -+ return strcpy (dst, tmp); -+} -+ -+/* pdestdesc() turns an iaddr structure into a printable dest. descriptor */ -+const char * -+pdestdesc(const struct iaddr addr) { -+ static char pbuf[sizeof("255.255.255.255.255")]; -+ -+ if (addr.len == 0) { -+ return ""; -+ } -+ if (addr.len == 1) { -+ return "0"; -+ } -+ if ((addr.len >= 2) && (addr.len <= 5)) { -+ return inet_ntopdd(addr.iabuf, addr.len, pbuf, sizeof(pbuf)); -+ } -+ -+ log_fatal("pdestdesc():%s:%d: Invalid destination descriptor length %d.", -+ MDL, addr.len); -+ /* quell compiler warnings */ -+ return NULL; -+} -+ - /* piaddr() turns an iaddr structure into a printable address. */ - /* XXX: should use a const pointer rather than passing the structure */ - const char * -diff -up dhcp-4.2.3rc1/common/options.c.rfc3442 dhcp-4.2.3rc1/common/options.c ---- dhcp-4.2.3rc1/common/options.c.rfc3442 2011-07-20 00:22:48.000000000 +0200 -+++ dhcp-4.2.3rc1/common/options.c 2011-10-18 18:50:11.725619925 +0200 -@@ -706,7 +706,11 @@ cons_options(struct packet *inpacket, st - * packet. - */ - priority_list[priority_len++] = DHO_SUBNET_MASK; -- priority_list[priority_len++] = DHO_ROUTERS; -+ if (lookup_option(&dhcp_universe, cfg_options, -+ DHO_CLASSLESS_STATIC_ROUTES)) -+ priority_list[priority_len++] = DHO_CLASSLESS_STATIC_ROUTES; -+ else -+ priority_list[priority_len++] = DHO_ROUTERS; - priority_list[priority_len++] = DHO_DOMAIN_NAME_SERVERS; - priority_list[priority_len++] = DHO_HOST_NAME; - priority_list[priority_len++] = DHO_FQDN; -@@ -1683,6 +1687,7 @@ const char *pretty_print_option (option, - const unsigned char *dp = data; - char comma; - unsigned long tval; -+ unsigned int octets = 0; - - if (emit_commas) - comma = ','; -@@ -1691,6 +1696,7 @@ const char *pretty_print_option (option, - - memset (enumbuf, 0, sizeof enumbuf); - -+ if (option->format[0] != 'R') { /* see explanation lower */ - /* Figure out the size of the data. */ - for (l = i = 0; option -> format [i]; i++, l++) { - if (l >= sizeof(fmtbuf) - 1) -@@ -1840,6 +1846,33 @@ const char *pretty_print_option (option, - if (numhunk < 0) - numhunk = 1; - -+ } else { /* option->format[i] == 'R') */ -+ /* R (destination descriptor) has variable length. -+ * We can find it only in classless static route option, -+ * so we are for sure parsing classless static route option now. -+ * We go through whole the option to check whether there are no -+ * missing/extra bytes. -+ * I didn't find out how to improve the existing code and that's the -+ * reason for this separate 'else' where I do my own checkings. -+ * I know it's little bit unsystematic, but it works. -+ */ -+ numhunk = 0; -+ numelem = 2; /* RI */ -+ fmtbuf[0]='R'; fmtbuf[1]='I'; fmtbuf[2]=0; -+ for (i =0; i < len; i = i + octets + 5) { -+ if (data[i] > 32) { /* subnet mask width */ -+ log_error ("wrong subnet mask width in destination descriptor"); -+ break; -+ } -+ numhunk++; -+ octets = ((data[i]+7) / 8); -+ } -+ if (i != len) { -+ log_error ("classless static routes option has wrong size or " -+ "there's some garbage in format"); -+ } -+ } -+ - /* Cycle through the array (or hunk) printing the data. */ - for (i = 0; i < numhunk; i++) { - for (j = 0; j < numelem; j++) { -@@ -1978,6 +2011,20 @@ const char *pretty_print_option (option, - strcpy(op, piaddr(iaddr)); - dp += 4; - break; -+ -+ case 'R': -+ if (dp[0] <= 32) -+ iaddr.len = (((dp[0]+7)/8)+1); -+ else { -+ log_error ("wrong subnet mask width in destination descriptor"); -+ return ""; -+ } -+ -+ memcpy(iaddr.iabuf, dp, iaddr.len); -+ strcpy(op, pdestdesc(iaddr)); -+ dp += iaddr.len; -+ break; -+ - case '6': - iaddr.len = 16; - memcpy(iaddr.iabuf, dp, 16); -diff -up dhcp-4.2.3rc1/common/parse.c.rfc3442 dhcp-4.2.3rc1/common/parse.c ---- dhcp-4.2.3rc1/common/parse.c.rfc3442 2011-10-18 18:50:11.609621377 +0200 -+++ dhcp-4.2.3rc1/common/parse.c 2011-10-18 18:50:11.731619852 +0200 -@@ -341,6 +341,39 @@ int parse_ip_addr (cfile, addr) - } - - /* -+ * destination-descriptor :== NUMBER DOT NUMBER | -+ * NUMBER DOT NUMBER DOT NUMBER | -+ * NUMBER DOT NUMBER DOT NUMBER DOT NUMBER | -+ * NUMBER DOT NUMBER DOT NUMBER DOT NUMBER DOT NUMBER -+ */ -+ -+int parse_destination_descriptor (cfile, addr) -+ struct parse *cfile; -+ struct iaddr *addr; -+{ -+ unsigned int mask_width, dest_dest_len; -+ addr -> len = 0; -+ if (parse_numeric_aggregate (cfile, addr -> iabuf, -+ &addr -> len, DOT, 10, 8)) { -+ mask_width = (unsigned int)addr->iabuf[0]; -+ dest_dest_len = (((mask_width+7)/8)+1); -+ if (mask_width > 32) { -+ parse_warn (cfile, -+ "subnet mask width (%u) greater than 32.", mask_width); -+ } -+ else if (dest_dest_len != addr->len) { -+ parse_warn (cfile, -+ "destination descriptor with subnet mask width %u " -+ "should have %u octets, but has %u octets.", -+ mask_width, dest_dest_len, addr->len); -+ } -+ -+ return 1; -+ } -+ return 0; -+} -+ -+/* - * Return true if every character in the string is hexadecimal. - */ - static int -@@ -700,8 +733,10 @@ unsigned char *parse_numeric_aggregate ( - if (count) { - token = peek_token (&val, (unsigned *)0, cfile); - if (token != separator) { -- if (!*max) -+ if (!*max) { -+ *max = count; - break; -+ } - if (token != RBRACE && token != LBRACE) - token = next_token (&val, - (unsigned *)0, -@@ -1624,6 +1659,9 @@ int parse_option_code_definition (cfile, - case IP_ADDRESS: - type = 'I'; - break; -+ case DESTINATION_DESCRIPTOR: -+ type = 'R'; -+ break; - case IP6_ADDRESS: - type = '6'; - break; -@@ -5372,6 +5410,15 @@ int parse_option_token (rv, cfile, fmt, - } - break; - -+ case 'R': /* destination descriptor */ -+ if (!parse_destination_descriptor (cfile, &addr)) { -+ return 0; -+ } -+ if (!make_const_data (&t, addr.iabuf, addr.len, 0, 1, MDL)) { -+ return 0; -+ } -+ break; -+ - case '6': /* IPv6 address. */ - if (!parse_ip6_addr(cfile, &addr)) { - return 0; -@@ -5632,6 +5679,13 @@ int parse_option_decl (oc, cfile) - goto exit; - len = ip_addr.len; - dp = ip_addr.iabuf; -+ goto alloc; -+ -+ case 'R': /* destination descriptor */ -+ if (!parse_destination_descriptor (cfile, &ip_addr)) -+ goto exit; -+ len = ip_addr.len; -+ dp = ip_addr.iabuf; - - alloc: - if (hunkix + len > sizeof hunkbuf) { -diff -up dhcp-4.2.3rc1/common/tables.c.rfc3442 dhcp-4.2.3rc1/common/tables.c ---- dhcp-4.2.3rc1/common/tables.c.rfc3442 2011-10-18 18:50:11.600621489 +0200 -+++ dhcp-4.2.3rc1/common/tables.c 2011-10-18 18:50:11.736619789 +0200 -@@ -51,6 +51,7 @@ HASH_FUNCTIONS (option_code, const unsig - Format codes: - - I - IPv4 address -+ R - destination descriptor (RFC3442) - 6 - IPv6 address - l - 32-bit signed integer - L - 32-bit unsigned integer -@@ -208,6 +209,7 @@ static struct option dhcp_options[] = { - { "default-url", "t", &dhcp_universe, 114, 1 }, - { "subnet-selection", "I", &dhcp_universe, 118, 1 }, - { "domain-search", "D", &dhcp_universe, 119, 1 }, -+ { "classless-static-routes", "RIA", &dhcp_universe, 121, 1 }, - { "vivco", "Evendor-class.", &dhcp_universe, 124, 1 }, - { "vivso", "Evendor.", &dhcp_universe, 125, 1 }, - #if 0 -diff -up dhcp-4.2.3rc1/includes/dhcpd.h.rfc3442 dhcp-4.2.3rc1/includes/dhcpd.h ---- dhcp-4.2.3rc1/includes/dhcpd.h.rfc3442 2011-10-18 18:50:11.561621977 +0200 -+++ dhcp-4.2.3rc1/includes/dhcpd.h 2011-10-18 18:50:11.767619401 +0200 -@@ -2665,6 +2665,7 @@ isc_result_t range2cidr(struct iaddrcidr - const struct iaddr *lo, const struct iaddr *hi); - isc_result_t free_iaddrcidrnetlist(struct iaddrcidrnetlist **result); - const char *piaddr (struct iaddr); -+const char *pdestdesc (struct iaddr); - char *piaddrmask(struct iaddr *, struct iaddr *); - char *piaddrcidr(const struct iaddr *, unsigned int); - u_int16_t validate_port(char *); -@@ -2872,6 +2873,7 @@ void parse_client_lease_declaration (str - int parse_option_decl (struct option_cache **, struct parse *); - void parse_string_list (struct parse *, struct string_list **, int); - int parse_ip_addr (struct parse *, struct iaddr *); -+int parse_destination_descriptor (struct parse *, struct iaddr *); - int parse_ip_addr_with_subnet(struct parse *, struct iaddrmatch *); - void parse_reject_statement (struct parse *, struct client_config *); - -diff -up dhcp-4.2.3rc1/includes/dhcp.h.rfc3442 dhcp-4.2.3rc1/includes/dhcp.h ---- dhcp-4.2.3rc1/includes/dhcp.h.rfc3442 2009-11-20 02:49:01.000000000 +0100 -+++ dhcp-4.2.3rc1/includes/dhcp.h 2011-10-18 18:50:11.772619339 +0200 -@@ -158,6 +158,7 @@ struct dhcp_packet { - #define DHO_ASSOCIATED_IP 92 - #define DHO_SUBNET_SELECTION 118 /* RFC3011! */ - #define DHO_DOMAIN_SEARCH 119 /* RFC3397 */ -+#define DHO_CLASSLESS_STATIC_ROUTES 121 /* RFC3442 */ - #define DHO_VIVCO_SUBOPTIONS 124 - #define DHO_VIVSO_SUBOPTIONS 125 - -diff -up dhcp-4.2.3rc1/includes/dhctoken.h.rfc3442 dhcp-4.2.3rc1/includes/dhctoken.h ---- dhcp-4.2.3rc1/includes/dhctoken.h.rfc3442 2011-10-18 18:50:11.000000000 +0200 -+++ dhcp-4.2.3rc1/includes/dhctoken.h 2011-10-18 18:50:55.753069508 +0200 -@@ -364,7 +364,8 @@ enum dhcp_token { - GETHOSTBYNAME = 665, - PRIMARY6 = 666, - SECONDARY6 = 667, -- BOOTP_BROADCAST_ALWAYS = 668 -+ BOOTP_BROADCAST_ALWAYS = 668, -+ DESTINATION_DESCRIPTOR = 669 - }; - - #define is_identifier(x) ((x) >= FIRST_TOKEN && \ diff --git a/dhcp-4.2.4-64_bit_lease_parse.patch b/dhcp-4.2.4-64_bit_lease_parse.patch new file mode 100644 index 0000000..c1b978b --- /dev/null +++ b/dhcp-4.2.4-64_bit_lease_parse.patch @@ -0,0 +1,84 @@ +diff -up dhcp-4.2.4b1/common/parse.c.64-bit_lease_parse dhcp-4.2.4b1/common/parse.c +--- dhcp-4.2.4b1/common/parse.c.64-bit_lease_parse 2012-03-09 12:28:10.000000000 +0100 ++++ dhcp-4.2.4b1/common/parse.c 2012-04-16 17:30:55.867045149 +0200 +@@ -906,8 +906,8 @@ TIME + parse_date_core(cfile) + struct parse *cfile; + { +- int guess; +- int tzoff, year, mon, mday, hour, min, sec; ++ TIME guess; ++ long int tzoff, year, mon, mday, hour, min, sec; + const char *val; + enum dhcp_token token; + static int months[11] = { 31, 59, 90, 120, 151, 181, +@@ -933,7 +933,7 @@ parse_date_core(cfile) + } + + token = next_token(&val, NULL, cfile); /* consume number */ +- guess = atoi(val); ++ guess = atol(val); + + return((TIME)guess); + } +@@ -961,7 +961,7 @@ parse_date_core(cfile) + somebody invents a time machine, I think we can safely disregard + it. This actually works around a stupid Y2K bug that was present + in a very early beta release of dhcpd. */ +- year = atoi(val); ++ year = atol(val); + if (year > 1900) + year -= 1900; + +@@ -985,7 +985,7 @@ parse_date_core(cfile) + return((TIME)0); + } + token = next_token(&val, NULL, cfile); /* consume month */ +- mon = atoi(val) - 1; ++ mon = atol(val) - 1; + + /* Slash separating month from day... */ + token = peek_token(&val, NULL, cfile); +@@ -1007,7 +1007,7 @@ parse_date_core(cfile) + return((TIME)0); + } + token = next_token(&val, NULL, cfile); /* consume day of month */ +- mday = atoi(val); ++ mday = atol(val); + + /* Hour... */ + token = peek_token(&val, NULL, cfile); +@@ -1018,7 +1018,7 @@ parse_date_core(cfile) + return((TIME)0); + } + token = next_token(&val, NULL, cfile); /* consume hour */ +- hour = atoi(val); ++ hour = atol(val); + + /* Colon separating hour from minute... */ + token = peek_token(&val, NULL, cfile); +@@ -1040,7 +1040,7 @@ parse_date_core(cfile) + return((TIME)0); + } + token = next_token(&val, NULL, cfile); /* consume minute */ +- min = atoi(val); ++ min = atol(val); + + /* Colon separating minute from second... */ + token = peek_token(&val, NULL, cfile); +@@ -1062,13 +1062,13 @@ parse_date_core(cfile) + return((TIME)0); + } + token = next_token(&val, NULL, cfile); /* consume second */ +- sec = atoi(val); ++ sec = atol(val); + + tzoff = 0; + token = peek_token(&val, NULL, cfile); + if (token == NUMBER) { + token = next_token(&val, NULL, cfile); /* consume tzoff */ +- tzoff = atoi(val); ++ tzoff = atol(val); + } else if (token != SEMI) { + token = next_token(&val, NULL, cfile); + parse_warn(cfile, diff --git a/dhcp-4.2.4-CVE-2012-3570-3571-3954.patch b/dhcp-4.2.4-CVE-2012-3570-3571-3954.patch deleted file mode 100644 index aa34f30..0000000 --- a/dhcp-4.2.4-CVE-2012-3570-3571-3954.patch +++ /dev/null @@ -1,149 +0,0 @@ -diff -up dhcp-4.2.3-P2/common/options.c.CVE-2012-3570-3571-3954 dhcp-4.2.3-P2/common/options.c ---- dhcp-4.2.3-P2/common/options.c.CVE-2012-3570-3571-3954 2012-07-25 14:02:05.632045359 +0200 -+++ dhcp-4.2.3-P2/common/options.c 2012-07-25 14:04:46.089599642 +0200 -@@ -2406,6 +2406,8 @@ prepare_option_buffer(struct universe *u - - /* And let go of our references. */ - cleanup: -+ if (lbp != NULL) -+ buffer_dereference(&lbp, MDL); - option_dereference(&option, MDL); - - return 1; -@@ -3801,11 +3803,13 @@ void do_packet (interface, packet, len, - data_string_forget (&dp, MDL); - } - } -- -- if (decoded_packet -> packet_type) -- dhcp (decoded_packet); -- else -- bootp (decoded_packet); -+ -+ if (validate_packet(decoded_packet) != 0) { -+ if (decoded_packet->packet_type) -+ dhcp(decoded_packet); -+ else -+ bootp(decoded_packet); -+ } - - /* If the caller kept the packet, they'll have upped the refcnt. */ - packet_dereference (&decoded_packet, MDL); -@@ -4123,4 +4127,47 @@ add_option(struct option_state *options, - return 1; - } - -+/** -+ * Checks if received BOOTP/DHCPv4 packet is sane -+ * -+ * @param packet received, decoded packet -+ * -+ * @return 1 if packet is sane, 0 if it is not -+ */ -+int validate_packet(struct packet *packet) -+{ -+ struct option_cache *oc = NULL; -+ -+ oc = lookup_option (&dhcp_universe, packet->options, -+ DHO_DHCP_CLIENT_IDENTIFIER); -+ if (oc) { -+ /* Let's check if client-identifier is sane */ -+ if (oc->data.len == 0) { -+ log_debug("Dropped DHCPv4 packet with zero-length client-id"); -+ return (0); - -+ } else if (oc->data.len == 1) { -+ /* -+ * RFC2132, section 9.14 states that minimum length of client-id -+ * is 2. We will allow single-character client-ids for now (for -+ * backwards compatibility), but warn the user that support for -+ * this is against the standard. -+ */ -+ log_debug("Accepted DHCPv4 packet with one-character client-id - " -+ "a future version of ISC DHCP will reject this"); -+ } -+ } else { -+ /* -+ * If hlen is 0 we don't have any identifier, we warn the user -+ * but continue processing the packet as we can. -+ */ -+ if (packet->raw->hlen == 0) { -+ log_debug("Received DHCPv4 packet without client-id" -+ " option and empty hlen field."); -+ } -+ } -+ -+ /* @todo: Add checks for other received options */ -+ -+ return (1); -+} -diff -up dhcp-4.2.3-P2/includes/dhcpd.h.CVE-2012-3570-3571-3954 dhcp-4.2.3-P2/includes/dhcpd.h ---- dhcp-4.2.3-P2/includes/dhcpd.h.CVE-2012-3570-3571-3954 2012-07-25 14:02:05.651045307 +0200 -+++ dhcp-4.2.3-P2/includes/dhcpd.h 2012-07-25 14:07:45.840102184 +0200 -@@ -432,11 +432,17 @@ struct packet { - isc_boolean_t unicast; - }; - --/* A network interface's MAC address. */ -+/* -+ * A network interface's MAC address. -+ * 20 bytes for the hardware address -+ * and 1 byte for the type tag -+ */ -+ -+#define HARDWARE_ADDR_LEN 20 - - struct hardware { - u_int8_t hlen; -- u_int8_t hbuf [17]; -+ u_int8_t hbuf[HARDWARE_ADDR_LEN + 1]; - }; - - #if defined(LDAP_CONFIGURATION) -@@ -1857,6 +1863,8 @@ void do_packet6(struct interface_info *, - int, int, const struct iaddr *, isc_boolean_t); - int packet6_len_okay(const char *, int); - -+int validate_packet(struct packet *); -+ - int add_option(struct option_state *options, - unsigned int option_num, - void *data, -diff -up dhcp-4.2.3-P2/server/dhcpv6.c.CVE-2012-3570-3571-3954 dhcp-4.2.3-P2/server/dhcpv6.c ---- dhcp-4.2.3-P2/server/dhcpv6.c.CVE-2012-3570-3571-3954 2012-07-25 14:02:05.653045301 +0200 -+++ dhcp-4.2.3-P2/server/dhcpv6.c 2012-07-25 14:11:25.062503597 +0200 -@@ -1285,6 +1285,8 @@ lease_to_client(struct data_string *repl - struct data_string packet_oro; - isc_boolean_t no_resources_avail; - -+ memset(&packet_oro, 0, sizeof(packet_oro)); -+ - /* Locate the client. */ - if (shared_network_from_packet6(&reply.shared, - packet) != ISC_R_SUCCESS) -@@ -1307,7 +1309,6 @@ lease_to_client(struct data_string *repl - * Get the ORO from the packet, if any. - */ - oc = lookup_option(&dhcpv6_universe, packet->options, D6O_ORO); -- memset(&packet_oro, 0, sizeof(packet_oro)); - if (oc != NULL) { - if (!evaluate_option_cache(&packet_oro, packet, - NULL, NULL, -@@ -1579,6 +1580,8 @@ lease_to_client(struct data_string *repl - packet_dereference(&reply.packet, MDL); - if (reply.client_id.data != NULL) - data_string_forget(&reply.client_id, MDL); -+ if (packet_oro.buffer != NULL) -+ data_string_forget(&packet_oro, MDL); - reply.renew = reply.rebind = reply.prefer = reply.valid = 0; - reply.cursor = 0; - } -@@ -6130,7 +6133,7 @@ find_hosts_by_duid_chaddr(struct host_de - break; - } - -- if (hlen == 0) -+ if ((hlen == 0) || (hlen > HARDWARE_ADDR_LEN)) - return 0; - - /* diff --git a/dhcp-4.2.4-CVE-2012-3955.patch b/dhcp-4.2.4-CVE-2012-3955.patch deleted file mode 100644 index a890ea3..0000000 --- a/dhcp-4.2.4-CVE-2012-3955.patch +++ /dev/null @@ -1,115 +0,0 @@ -diff -rup dhcp-4.2.4-P1/server/dhcpv6.c dhcp-4.2.4-P2/server/dhcpv6.c ---- dhcp-4.2.4-P1/server/dhcpv6.c 2012-07-13 08:18:05.000000000 +0200 -+++ dhcp-4.2.4-P2/server/dhcpv6.c 2012-08-28 04:13:22.000000000 +0200 -@@ -1837,9 +1837,6 @@ reply_process_ia_na(struct reply_state * - ia_reference(&tmp->ia, reply->ia, MDL); - - /* Commit 'hard' bindings. */ -- tmp->hard_lifetime_end_time = -- tmp->soft_lifetime_end_time; -- tmp->soft_lifetime_end_time = 0; - renew_lease6(tmp->ipv6_pool, tmp); - schedule_lease_timeout(tmp->ipv6_pool); - -@@ -2498,9 +2495,6 @@ reply_process_ia_ta(struct reply_state * - ia_reference(&tmp->ia, reply->ia, MDL); - - /* Commit 'hard' bindings. */ -- tmp->hard_lifetime_end_time = -- tmp->soft_lifetime_end_time; -- tmp->soft_lifetime_end_time = 0; - renew_lease6(tmp->ipv6_pool, tmp); - schedule_lease_timeout(tmp->ipv6_pool); - -@@ -3370,9 +3364,6 @@ reply_process_ia_pd(struct reply_state * - ia_reference(&tmp->ia, reply->ia, MDL); - - /* Commit 'hard' bindings. */ -- tmp->hard_lifetime_end_time = -- tmp->soft_lifetime_end_time; -- tmp->soft_lifetime_end_time = 0; - renew_lease6(tmp->ipv6_pool, tmp); - schedule_lease_timeout(tmp->ipv6_pool); - } -diff -rup dhcp-4.2.4-P1/server/mdb6.c dhcp-4.2.4-P2/server/mdb6.c ---- dhcp-4.2.4-P1/server/mdb6.c 2012-07-13 08:17:54.000000000 +0200 -+++ dhcp-4.2.4-P2/server/mdb6.c 2012-08-28 04:13:22.000000000 +0200 -@@ -1235,29 +1238,49 @@ move_lease_to_active(struct ipv6_pool *p - return insert_result; - } - --/* -- * Renew an lease in the pool. -+/*! -+ * \brief Renew a lease in the pool. -+ * -+ * The hard_lifetime_end_time of the lease should be set to -+ * the current expiration time. -+ * The soft_lifetime_end_time of the lease should be set to -+ * the desired expiration time. -+ * -+ * This routine will compare the two and call the correct -+ * heap routine to move the lease. If the lease is active -+ * and the new expiration time is greater (the normal case) -+ * then we call isc_heap_decreased() as a larger time is a -+ * lower priority. If the new expiration time is less then -+ * we call isc_heap_increased(). -+ * -+ * If the lease is abandoned then it will be on the active list -+ * and we will always call isc_heap_increased() as the previous -+ * expiration would have been all 1s (as close as we can get -+ * to infinite). -+ * -+ * If the lease is moving to active we call that routine -+ * which will move it from the inactive list to the active list. - * -- * To do this, first set the new hard_lifetime_end_time for the resource, -- * and then invoke renew_lease6() on it. -+ * \param pool a pool the lease belongs to -+ * \param lease the lease to be renewed - * -- * WARNING: lease times must only be extended, never reduced!!! -+ * \return result of the renew operation (ISC_R_SUCCESS if successful, -+ ISC_R_NOMEMORY when run out of memory) - */ - isc_result_t - renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease) { -- /* -- * If we're already active, then we can just move our expiration -- * time down the heap. -- * -- * If we're abandoned then we are already on the active list -- * but we need to retag the lease and move our expiration -- * from infinite to the current value -- * -- * Otherwise, we have to move from the inactive heap to the -- * active heap. -- */ -+ time_t old_end_time = lease->hard_lifetime_end_time; -+ lease->hard_lifetime_end_time = lease->soft_lifetime_end_time; -+ lease->soft_lifetime_end_time = 0; -+ - if (lease->state == FTS_ACTIVE) { -- isc_heap_decreased(pool->active_timeouts, lease->heap_index); -+ if (old_end_time <= lease->hard_lifetime_end_time) { -+ isc_heap_decreased(pool->active_timeouts, -+ lease->heap_index); -+ } else { -+ isc_heap_increased(pool->active_timeouts, -+ lease->heap_index); -+ } - return ISC_R_SUCCESS; - } else if (lease->state == FTS_ABANDONED) { - char tmp_addr[INET6_ADDRSTRLEN]; -@@ -1920,9 +1943,8 @@ change_leases(struct ia_xx *ia, - /* - * Renew all leases in an IA from all pools. - * -- * The new hard_lifetime_end_time should be updated for the addresses/prefixes. -- * -- * WARNING: lease times must only be extended, never reduced!!! -+ * The new lifetime should be in the soft_lifetime_end_time -+ * and will be moved to hard_lifetime_end_time by renew_lease6. - */ - isc_result_t - renew_leases(struct ia_xx *ia) { diff --git a/dhcp-4.2.4-PPP.patch b/dhcp-4.2.4-PPP.patch new file mode 100644 index 0000000..aa01881 --- /dev/null +++ b/dhcp-4.2.4-PPP.patch @@ -0,0 +1,149 @@ +diff -up dhcp-4.2.4-P2/client/dhc6.c.PPP dhcp-4.2.4-P2/client/dhc6.c +--- dhcp-4.2.4-P2/client/dhc6.c.PPP 2012-09-24 15:47:42.517895833 +0200 ++++ dhcp-4.2.4-P2/client/dhc6.c 2012-09-24 15:47:42.525895761 +0200 +@@ -133,7 +133,7 @@ extern int stateless; + * is not how it is intended. Upcoming rearchitecting the client should + * address this "one daemon model." + */ +-void ++isc_result_t + form_duid(struct data_string *duid, const char *file, int line) + { + struct interface_info *ip; +@@ -145,6 +145,15 @@ form_duid(struct data_string *duid, cons + if (ip == NULL) + log_fatal("Impossible condition at %s:%d.", MDL); + ++ while (ip && ip->hw_address.hbuf[0] == HTYPE_RESERVED) { ++ /* Try the other interfaces */ ++ log_debug("Cannot form default DUID from interface %s.", ip->name); ++ ip = ip->next; ++ } ++ if (ip == NULL) { ++ return ISC_R_UNEXPECTED; ++ } ++ + if ((ip->hw_address.hlen == 0) || + (ip->hw_address.hlen > sizeof(ip->hw_address.hbuf))) + log_fatal("Impossible hardware address length at %s:%d.", MDL); +@@ -180,6 +189,8 @@ form_duid(struct data_string *duid, cons + memcpy(duid->buffer->data + 4, ip->hw_address.hbuf + 1, + ip->hw_address.hlen - 1); + } ++ ++ return ISC_R_SUCCESS; + } + + /* +@@ -5130,7 +5141,8 @@ make_client6_options(struct client_state + */ + if ((oc = lookup_option(&dhcpv6_universe, *op, + D6O_CLIENTID)) == NULL) { +- if (!option_cache(&oc, &default_duid, NULL, clientid_option, ++ if (default_duid.len == 0 || ++ !option_cache(&oc, &default_duid, NULL, clientid_option, + MDL)) + log_fatal("Failure assembling a DUID."); + +diff -up dhcp-4.2.4-P2/client/dhclient.c.PPP dhcp-4.2.4-P2/client/dhclient.c +--- dhcp-4.2.4-P2/client/dhclient.c.PPP 2012-09-24 15:47:42.489896082 +0200 ++++ dhcp-4.2.4-P2/client/dhclient.c 2012-09-24 15:47:42.527895743 +0200 +@@ -919,8 +919,8 @@ main(int argc, char **argv) { + if (default_duid.buffer != NULL) + data_string_forget(&default_duid, MDL); + +- form_duid(&default_duid, MDL); +- write_duid(&default_duid); ++ if (form_duid(&default_duid, MDL) == ISC_R_SUCCESS) ++ write_duid(&default_duid); + } + + for (ip = interfaces ; ip != NULL ; ip = ip->next) { +diff -up dhcp-4.2.4-P2/common/bpf.c.PPP dhcp-4.2.4-P2/common/bpf.c +--- dhcp-4.2.4-P2/common/bpf.c.PPP 2012-09-24 15:47:42.452896411 +0200 ++++ dhcp-4.2.4-P2/common/bpf.c 2012-09-24 15:47:42.527895743 +0200 +@@ -599,6 +599,22 @@ get_hw_addr(const char *name, struct har + memcpy(&hw->hbuf[1], LLADDR(sa), sa->sdl_alen); + break; + #endif /* IFT_FDDI */ ++#if defined(IFT_PPP) ++ case IFT_PPP: ++ if (local_family != AF_INET6) ++ log_fatal("Unsupported device type %d for \"%s\"", ++ sa->sdl_type, name); ++ hw->hlen = 0; ++ hw->hbuf[0] = HTYPE_RESERVED; ++ /* 0xdeadbeef should never occur on the wire, ++ * and is a signature that something went wrong. ++ */ ++ hw->hbuf[1] = 0xde; ++ hw->hbuf[2] = 0xad; ++ hw->hbuf[3] = 0xbe; ++ hw->hbuf[4] = 0xef; ++ break; ++#endif + default: + log_fatal("Unsupported device type %d for \"%s\"", + sa->sdl_type, name); +diff -up dhcp-4.2.4-P2/common/lpf.c.PPP dhcp-4.2.4-P2/common/lpf.c +--- dhcp-4.2.4-P2/common/lpf.c.PPP 2012-09-24 15:47:42.434896571 +0200 ++++ dhcp-4.2.4-P2/common/lpf.c 2012-09-24 15:47:42.528895734 +0200 +@@ -503,6 +503,22 @@ get_hw_addr(const char *name, struct har + hw->hbuf[0] = HTYPE_FDDI; + memcpy(&hw->hbuf[1], sa->sa_data, 16); + break; ++#if defined(ARPHRD_PPP) ++ case ARPHRD_PPP: ++ if (local_family != AF_INET6) ++ log_fatal("Unsupported device type %d for \"%s\"", ++ sa->sa_family, name); ++ hw->hlen = 0; ++ hw->hbuf[0] = HTYPE_RESERVED; ++ /* 0xdeadbeef should never occur on the wire, ++ * and is a signature that something went wrong. ++ */ ++ hw->hbuf[1] = 0xde; ++ hw->hbuf[2] = 0xad; ++ hw->hbuf[3] = 0xbe; ++ hw->hbuf[4] = 0xef; ++ break; ++#endif + default: + log_fatal("Unsupported device type %ld for \"%s\"", + (long int)sa->sa_family, name); +diff -up dhcp-4.2.4-P2/includes/dhcpd.h.PPP dhcp-4.2.4-P2/includes/dhcpd.h +--- dhcp-4.2.4-P2/includes/dhcpd.h.PPP 2012-09-24 15:47:42.513895869 +0200 ++++ dhcp-4.2.4-P2/includes/dhcpd.h 2012-09-24 15:47:42.529895726 +0200 +@@ -2768,7 +2768,7 @@ void dhcpv4_client_assignments(void); + void dhcpv6_client_assignments(void); + + /* dhc6.c */ +-void form_duid(struct data_string *duid, const char *file, int line); ++isc_result_t form_duid(struct data_string *duid, const char *file, int line); + void dhc6_lease_destroy(struct dhc6_lease **src, const char *file, int line); + void start_init6(struct client_state *client); + void start_info_request6(struct client_state *client); +diff -up dhcp-4.2.4-P2/includes/dhcp.h.PPP dhcp-4.2.4-P2/includes/dhcp.h +--- dhcp-4.2.4-P2/includes/dhcp.h.PPP 2012-09-24 15:47:42.000000000 +0200 ++++ dhcp-4.2.4-P2/includes/dhcp.h 2012-09-24 15:48:51.543234589 +0200 +@@ -84,6 +84,7 @@ struct dhcp_packet { + #define HTYPE_IPMP 255 /* IPMP - random hw address - there + * is no standard for this so we + * just steal a type */ ++#define HTYPE_RESERVED 0 /* RFC 5494 */ + + /* Magic cookie validating dhcp options field (and bootp vendor + extensions field). */ +diff -up dhcp-4.2.4-P2/server/dhcpv6.c.PPP dhcp-4.2.4-P2/server/dhcpv6.c +--- dhcp-4.2.4-P2/server/dhcpv6.c.PPP 2012-09-24 15:47:42.493896046 +0200 ++++ dhcp-4.2.4-P2/server/dhcpv6.c 2012-09-24 15:47:42.532895701 +0200 +@@ -300,6 +300,9 @@ generate_new_server_duid(void) { + if (p->hw_address.hlen > 0) { + break; + } ++ if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) { ++ log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!"); ++ } + } + if (p == NULL) { + return ISC_R_UNEXPECTED; diff --git a/dhcp-4.2.4-UseMulticast.patch b/dhcp-4.2.4-UseMulticast.patch new file mode 100644 index 0000000..d0c5dfe --- /dev/null +++ b/dhcp-4.2.4-UseMulticast.patch @@ -0,0 +1,239 @@ +diff -up dhcp-4.2.4b1/server/dhcpv6.c.UseMulticast dhcp-4.2.4b1/server/dhcpv6.c +--- dhcp-4.2.4b1/server/dhcpv6.c.UseMulticast 2012-04-11 00:14:04.000000000 +0200 ++++ dhcp-4.2.4b1/server/dhcpv6.c 2012-04-16 19:21:43.575923732 +0200 +@@ -346,6 +346,48 @@ generate_new_server_duid(void) { + } + + /* ++ * Is the D6O_UNICAST option defined in dhcpd.conf ? ++ */ ++static isc_boolean_t unicast_option_defined; ++ ++/* ++ * Did we already search dhcpd.conf for D6O_UNICAST option ? ++ * We need to store it here to not parse dhcpd.conf repeatedly. ++ */ ++static isc_boolean_t unicast_option_parsed = ISC_FALSE; ++ ++ ++/* ++ * Is the D6O_UNICAST option defined in dhcpd.conf ? ++ */ ++isc_boolean_t ++is_unicast_option_defined(void) { ++ struct option_state *opt_state; ++ struct option_cache *oc; ++ ++ /* ++ * If we are looking for the unicast option for the first time ++ */ ++ if (unicast_option_parsed == ISC_FALSE) { ++ unicast_option_parsed = ISC_TRUE; ++ opt_state = NULL; ++ if (!option_state_allocate(&opt_state, MDL)) { ++ log_fatal("No memory for option state."); ++ } ++ ++ execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, ++ opt_state, &global_scope, root_group, NULL); ++ ++ oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST); ++ unicast_option_defined = (oc != NULL); ++ ++ option_state_dereference(&opt_state, MDL); ++ } ++ ++ return (unicast_option_defined); ++} ++ ++/* + * Get the client identifier from the packet. + */ + isc_result_t +@@ -1404,6 +1446,56 @@ lease_to_client(struct data_string *repl + reply.shared->group); + } + ++ /* reject unicast message, unless we set unicast option */ ++ if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) ++ /* ++ * RFC3315 section 18.2.1 (Request): ++ * ++ * When the server receives a Request message via unicast from a client ++ * to which the server has not sent a unicast option, the server ++ * discards the Request message and responds with a Reply message ++ * containing a Status Code option with the value UseMulticast, a Server ++ * Identifier option containing the server's DUID, the Client Identifier ++ * option from the client message, and no other options. ++ * ++ * Section 18.2.3 (Renew): ++ * ++ * When the server receives a Renew message via unicast from a client to ++ * which the server has not sent a unicast option, the server discards ++ * the Renew message and responds with a Reply message containing a ++ * Status Code option with the value UseMulticast, a Server Identifier ++ * option containing the server's DUID, the Client Identifier option ++ * from the client message, and no other options. ++ */ ++ { ++ /* Set the UseMulticast status code. */ ++ if (!set_status_code(STATUS_UseMulticast, ++ "Unicast not allowed by server.", ++ reply.opt_state)) { ++ log_error("lease_to_client: Unable to set " ++ "UseMulticast status code."); ++ goto exit; ++ } ++ ++ /* Rewind the cursor to the start. */ ++ reply.cursor = REPLY_OPTIONS_INDEX; ++ ++ /* ++ * Produce an reply that includes only: ++ * ++ * Status code. ++ * Server DUID. ++ * Client DUID. ++ */ ++ reply.cursor += store_options6((char *)reply.buf.data + ++ reply.cursor, ++ sizeof(reply.buf) - ++ reply.cursor, ++ reply.opt_state, reply.packet, ++ required_opts_NAA, ++ NULL); ++ } ++ + /* + * RFC3315 section 17.2.2 (Solicit): + * +@@ -1429,8 +1521,8 @@ lease_to_client(struct data_string *repl + * Sends a Renew/Rebind if the IA is not in the Reply message. + */ + #if defined (RFC3315_PRE_ERRATA_2010_08) +- if (no_resources_avail && (reply.ia_count != 0) && +- (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT)) ++ else if (no_resources_avail && (reply.ia_count != 0) && ++ (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT)) + { + /* Set the NoAddrsAvail status code. */ + if (!set_status_code(STATUS_NoAddrsAvail, +@@ -1477,6 +1569,7 @@ lease_to_client(struct data_string *repl + * Having stored the client's IA's, store any options that + * will fit in the remaining space. + */ ++ else + reply.cursor += store_options6((char *)reply.buf.data + reply.cursor, + sizeof(reply.buf) - reply.cursor, + reply.opt_state, reply.packet, +@@ -4126,7 +4219,6 @@ dhcpv6_solicit(struct data_string *reply + * Very similar to Solicit handling, except the server DUID is required. + */ + +-/* TODO: reject unicast messages, unless we set unicast option */ + static void + dhcpv6_request(struct data_string *reply_ret, struct packet *packet) { + struct data_string client_id; +@@ -4456,7 +4548,6 @@ exit: + * except for the error code of when addresses don't match. + */ + +-/* TODO: reject unicast messages, unless we set unicast option */ + static void + dhcpv6_renew(struct data_string *reply, struct packet *packet) { + struct data_string client_id; +@@ -4700,18 +4791,60 @@ iterate_over_ia_na(struct data_string *r + goto exit; + } + +- snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type); +- if (!set_status_code(STATUS_Success, status_msg, opt_state)) { +- goto exit; +- } ++ /* reject unicast message, unless we set unicast option */ ++ if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) { ++ /* ++ * RFC3315 section 18.2.6 (Release): ++ * ++ * When the server receives a Release message via unicast from a client ++ * to which the server has not sent a unicast option, the server ++ * discards the Release message and responds with a Reply message ++ * containing a Status Code option with value UseMulticast, a Server ++ * Identifier option containing the server's DUID, the Client Identifier ++ * option from the client message, and no other options. ++ * ++ * Section 18.2.7 (Decline): ++ * ++ * When the server receives a Decline message via unicast from a client ++ * to which the server has not sent a unicast option, the server ++ * discards the Decline message and responds with a Reply message ++ * containing a Status Code option with the value UseMulticast, a Server ++ * Identifier option containing the server's DUID, the Client Identifier ++ * option from the client message, and no other options. ++ */ ++ snprintf(status_msg, sizeof(status_msg), ++ "%s received unicast.", packet_type); ++ if (!set_status_code(STATUS_UseMulticast, status_msg, opt_state)) { ++ goto exit; ++ } + +- /* +- * Add our options that are not associated with any IA_NA or IA_TA. +- */ +- reply_ofs += store_options6(reply_data+reply_ofs, +- sizeof(reply_data)-reply_ofs, ++ /* ++ * Produce an reply that includes only: ++ * ++ * Status code. ++ * Server DUID. ++ * Client DUID. ++ */ ++ reply_ofs += store_options6(reply_data+reply_ofs, ++ sizeof(reply_data)-reply_ofs, + opt_state, packet, +- required_opts, NULL); ++ required_opts_NAA, NULL); ++ ++ goto return_reply; ++ } else { ++ snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type); ++ if (!set_status_code(STATUS_Success, status_msg, opt_state)) { ++ goto exit; ++ } ++ ++ /* ++ * Add our options that are not associated with any IA_NA or IA_TA. ++ */ ++ reply_ofs += store_options6(reply_data+reply_ofs, ++ sizeof(reply_data)-reply_ofs, ++ opt_state, packet, ++ required_opts, NULL); ++ } + + /* + * Loop through the IA_NA reported by the client, and deal with +@@ -4849,6 +4982,7 @@ iterate_over_ia_na(struct data_string *r + /* + * Return our reply to the caller. + */ ++return_reply: + reply_ret->len = reply_ofs; + reply_ret->buffer = NULL; + if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) { +@@ -4894,7 +5028,6 @@ exit: + * we still need to be aware of this possibility. + */ + +-/* TODO: reject unicast messages, unless we set unicast option */ + /* TODO: IA_TA */ + static void + dhcpv6_decline(struct data_string *reply, struct packet *packet) { +@@ -5364,7 +5497,6 @@ exit: + * Release means a client is done with the leases. + */ + +-/* TODO: reject unicast messages, unless we set unicast option */ + static void + dhcpv6_release(struct data_string *reply, struct packet *packet) { + struct data_string client_id; diff --git a/dhcp-4.2.4-options.patch b/dhcp-4.2.4-options.patch new file mode 100644 index 0000000..b0080e1 --- /dev/null +++ b/dhcp-4.2.4-options.patch @@ -0,0 +1,391 @@ +diff -up dhcp-4.2.4b1/client/clparse.c.options dhcp-4.2.4b1/client/clparse.c +--- dhcp-4.2.4b1/client/clparse.c.options 2012-03-09 12:28:10.000000000 +0100 ++++ dhcp-4.2.4b1/client/clparse.c 2012-04-16 17:24:58.794047046 +0200 +@@ -154,6 +154,7 @@ isc_result_t read_client_conf () + /* Requested lease time, used by DHCPv6 (DHCPv4 uses the option cache) + */ + top_level_config.requested_lease = 7200; ++ top_level_config.bootp_broadcast_always = 0; + + group_allocate (&top_level_config.on_receipt, MDL); + if (!top_level_config.on_receipt) +@@ -320,7 +321,8 @@ void read_client_leases () + interface-declaration | + LEASE client-lease-statement | + ALIAS client-lease-statement | +- KEY key-definition */ ++ KEY key-definition | ++ BOOTP_BROADCAST_ALWAYS */ + + void parse_client_statement (cfile, ip, config) + struct parse *cfile; +@@ -739,6 +741,12 @@ void parse_client_statement (cfile, ip, + parse_reject_statement (cfile, config); + return; + ++ case BOOTP_BROADCAST_ALWAYS: ++ token = next_token(&val, (unsigned*)0, cfile); ++ config -> bootp_broadcast_always = 1; ++ parse_semi (cfile); ++ return; ++ + default: + lose = 0; + stmt = (struct executable_statement *)0; +diff -up dhcp-4.2.4b1/client/dhclient.c.options dhcp-4.2.4b1/client/dhclient.c +--- dhcp-4.2.4b1/client/dhclient.c.options 2012-04-11 22:43:24.000000000 +0200 ++++ dhcp-4.2.4b1/client/dhclient.c 2012-04-16 17:24:58.795047032 +0200 +@@ -39,6 +39,12 @@ + #include + #include + ++/* ++ * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define ++ * that when building ISC code. ++ */ ++extern int asprintf(char **strp, const char *fmt, ...); ++ + TIME default_lease_time = 43200; /* 12 hours... */ + TIME max_lease_time = 86400; /* 24 hours... */ + +@@ -87,6 +93,9 @@ int wanted_ia_na = -1; /* the absolute + int wanted_ia_ta = 0; + int wanted_ia_pd = 0; + char *mockup_relay = NULL; ++int bootp_broadcast_always = 0; ++ ++extern u_int32_t default_requested_options[]; + + void run_stateless(int exit_mode); + +@@ -123,6 +132,15 @@ main(int argc, char **argv) { + int local_family_set = 0; + #endif /* DHCPv6 */ + char *s; ++ char *dhcp_client_identifier_arg = NULL; ++ char *dhcp_host_name_arg = NULL; ++ char *dhcp_fqdn_arg = NULL; ++ char *dhcp_vendor_class_identifier_arg = NULL; ++ char *dhclient_request_options = NULL; ++ ++ int timeout_arg = 0; ++ char *arg_conf = NULL; ++ int arg_conf_len = 0; + + /* Initialize client globals. */ + memset(&default_duid, 0, sizeof(default_duid)); +@@ -310,6 +328,88 @@ main(int argc, char **argv) { + } else if (!strcmp(argv[i], "--version")) { + log_info("isc-dhclient-%s", PACKAGE_VERSION); + exit(0); ++ } else if (!strcmp(argv[i], "-I")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(); ++ exit(1); ++ } ++ ++ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { ++ log_error("-I option dhcp-client-identifier string \"%s\" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); ++ exit(1); ++ } ++ ++ dhcp_client_identifier_arg = argv[i]; ++ } else if (!strcmp(argv[i], "-B")) { ++ bootp_broadcast_always = 1; ++ } else if (!strcmp(argv[i], "-H")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(); ++ exit(1); ++ } ++ ++ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { ++ log_error("-H option host-name string \"%s\" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); ++ exit(1); ++ } ++ ++ if (dhcp_host_name_arg != NULL) { ++ log_error("The -H and -F arguments are mutually exclusive"); ++ exit(1); ++ } ++ ++ dhcp_host_name_arg = argv[i]; ++ } else if (!strcmp(argv[i], "-F")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(); ++ exit(1); ++ } ++ ++ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { ++ log_error("-F option fqdn.fqdn string \"%s\" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); ++ exit(1); ++ } ++ ++ if (dhcp_fqdn_arg != NULL) { ++ log_error("Only one -F argument can be specified"); ++ exit(1); ++ } ++ ++ if (dhcp_host_name_arg != NULL) { ++ log_error("The -F and -H arguments are mutually exclusive"); ++ exit(1); ++ } ++ ++ dhcp_fqdn_arg = argv[i]; ++ } else if (!strcmp(argv[i], "-timeout")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(); ++ exit(1); ++ } ++ ++ if ((timeout_arg = atoi(argv[i])) <= 0) { ++ log_error("timeout option must be > 0 - bad value: %s",argv[i]); ++ exit(1); ++ } ++ } else if (!strcmp(argv[i], "-V")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(); ++ exit(1); ++ } ++ ++ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { ++ log_error("-V option vendor-class-identifier string \"%s\" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); ++ exit(1); ++ } ++ ++ dhcp_vendor_class_identifier_arg = argv[i]; ++ } else if (!strcmp(argv[i], "-R")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(); ++ exit(1); ++ } ++ ++ dhclient_request_options = argv[i]; + } else if (argv[i][0] == '-') { + usage(); + } else if (interfaces_requested < 0) { +@@ -484,6 +584,156 @@ main(int argc, char **argv) { + /* Parse the dhclient.conf file. */ + read_client_conf(); + ++ /* Parse any extra command line configuration arguments: */ ++ if ((dhcp_client_identifier_arg != NULL) && (*dhcp_client_identifier_arg != '\0')) { ++ arg_conf_len = asprintf(&arg_conf, "send dhcp-client-identifier \"%s\";", dhcp_client_identifier_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -I option dhcp-client-identifier"); ++ } ++ ++ if ((dhcp_host_name_arg != NULL) && (*dhcp_host_name_arg != '\0')) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "send host-name \"%s\";", dhcp_host_name_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -H option host-name"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\nsend host-name \"%s\";", last_arg_conf, dhcp_host_name_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -H option host-name"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if ((dhcp_fqdn_arg != NULL) && (*dhcp_fqdn_arg != '\0')) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "send fqdn.fqdn \"%s\";", dhcp_fqdn_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -F option fqdn.fqdn"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\nsend fqdn.fqdn \"%s\";", last_arg_conf, dhcp_fqdn_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -F option fqdn.fqdn"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if (timeout_arg) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "timeout %d;", timeout_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to process -timeout timeout argument"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\ntimeout %d;", last_arg_conf, timeout_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len == 0)) ++ log_fatal("Unable to process -timeout timeout argument"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if ((dhcp_vendor_class_identifier_arg != NULL) && (*dhcp_vendor_class_identifier_arg != '\0')) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "send vendor-class-identifier \"%s\";", dhcp_vendor_class_identifier_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -V option vendor-class-identifier"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\nsend vendor-class-identifier \"%s\";", last_arg_conf, dhcp_vendor_class_identifier_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -V option vendor-class-identifier"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if (dhclient_request_options != NULL) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "request %s;", dhclient_request_options); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to parse -R argument"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\nrequest %s;", last_arg_conf, dhclient_request_options); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to parse -R argument"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if (arg_conf) { ++ if (arg_conf_len == 0) ++ if ((arg_conf_len = strlen(arg_conf)) == 0) ++ /* huh ? cannot happen ! */ ++ log_fatal("Unable to process -I/-H/-F/-timeout/-V/-R configuration arguments"); ++ ++ /* parse the extra dhclient.conf configuration arguments ++ * into top level config: */ ++ struct parse *cfile = (struct parse *)0; ++ const char *val = NULL; ++ int token; ++ ++ status = new_parse(&cfile, -1, arg_conf, arg_conf_len, "extra dhclient -I/-H/-F/-timeout/-V/-R configuration arguments", 0); ++ ++ if ((status != ISC_R_SUCCESS) || (cfile -> warnings_occurred)) ++ log_fatal("Cannot parse -I/-H/-F/-timeout/-V/-R configuration arguments !"); ++ /* more detailed parse failures will be logged */ ++ ++ do { ++ token = peek_token(&val, (unsigned *)0, cfile); ++ if (token == END_OF_FILE) ++ break; ++ ++ parse_client_statement(cfile, (struct interface_info *)0, &top_level_config); ++ } while (1); ++ ++ if (cfile -> warnings_occurred) ++ log_fatal("Cannot parse -I/-H/-F/-timeout/-V/-R configuration arguments !"); ++ end_parse(&cfile); ++ ++ if (timeout_arg) { ++ /* we just set the toplevel timeout, but per-client ++ * timeouts may still be at defaults. ++ */ ++ for (ip=interfaces; ip; ip = ip->next) { ++ if (ip->client->config->timeout == 60) ++ ip->client->config->timeout = timeout_arg; ++ } ++ } ++ ++ if ((dhclient_request_options != 0) && (top_level_config.requested_options != default_requested_options)) { ++ for (ip=interfaces; ip; ip = ip->next) { ++ if (ip->client->config->requested_options == default_requested_options) ++ ip->client->config->requested_options = top_level_config.requested_options; ++ } ++ } ++ ++ free(arg_conf); ++ arg_conf = NULL; ++ arg_conf_len = 0; ++ } ++ + /* Parse the lease database. */ + read_client_leases(); + +@@ -2421,7 +2671,8 @@ void make_discover (client, lease) + client -> packet.xid = random (); + client -> packet.secs = 0; /* filled in by send_discover. */ + +- if (can_receive_unicast_unconfigured (client -> interface)) ++ if ((!(bootp_broadcast_always || client->config->bootp_broadcast_always)) ++ && can_receive_unicast_unconfigured(client->interface)) + client -> packet.flags = 0; + else + client -> packet.flags = htons (BOOTP_BROADCAST); +@@ -2505,7 +2756,9 @@ void make_request (client, lease) + } else { + memset (&client -> packet.ciaddr, 0, + sizeof client -> packet.ciaddr); +- if (can_receive_unicast_unconfigured (client -> interface)) ++ if ((!(bootp_broadcast_always || ++ client ->config->bootp_broadcast_always)) && ++ can_receive_unicast_unconfigured (client -> interface)) + client -> packet.flags = 0; + else + client -> packet.flags = htons (BOOTP_BROADCAST); +@@ -2567,7 +2820,8 @@ void make_decline (client, lease) + client -> packet.hops = 0; + client -> packet.xid = client -> xid; + client -> packet.secs = 0; /* Filled in by send_request. */ +- if (can_receive_unicast_unconfigured (client -> interface)) ++ if ((!(bootp_broadcast_always || client->config-> bootp_broadcast_always)) ++ && can_receive_unicast_unconfigured (client->interface)) + client -> packet.flags = 0; + else + client -> packet.flags = htons (BOOTP_BROADCAST); +diff -up dhcp-4.2.4b1/common/conflex.c.options dhcp-4.2.4b1/common/conflex.c +--- dhcp-4.2.4b1/common/conflex.c.options 2012-02-16 22:09:14.000000000 +0100 ++++ dhcp-4.2.4b1/common/conflex.c 2012-04-16 17:24:58.796047018 +0200 +@@ -808,6 +808,8 @@ intern(char *atom, enum dhcp_token dfv) + return BALANCE; + if (!strcasecmp (atom + 1, "ound")) + return BOUND; ++ if (!strcasecmp (atom + 1, "ootp-broadcast-always")) ++ return BOOTP_BROADCAST_ALWAYS; + break; + case 'c': + if (!strcasecmp(atom + 1, "ase")) +diff -up dhcp-4.2.4b1/includes/dhcpd.h.options dhcp-4.2.4b1/includes/dhcpd.h +--- dhcp-4.2.4b1/includes/dhcpd.h.options 2012-04-10 02:55:06.000000000 +0200 ++++ dhcp-4.2.4b1/includes/dhcpd.h 2012-04-16 17:24:58.797047004 +0200 +@@ -1147,6 +1147,9 @@ struct client_config { + int do_forward_update; /* If nonzero, and if we have the + information we need, update the + A record for the address we get. */ ++ ++ int bootp_broadcast_always; /* If nonzero, always set the BOOTP_BROADCAST ++ flag in requests */ + }; + + /* Per-interface state used in the dhcp client... */ +diff -up dhcp-4.2.4b1/includes/dhctoken.h.options dhcp-4.2.4b1/includes/dhctoken.h +--- dhcp-4.2.4b1/includes/dhctoken.h.options 2012-02-16 22:09:15.000000000 +0100 ++++ dhcp-4.2.4b1/includes/dhctoken.h 2012-04-16 17:25:53.819276248 +0200 +@@ -364,7 +364,8 @@ enum dhcp_token { + GETHOSTBYNAME = 665, + PRIMARY6 = 666, + SECONDARY6 = 667, +- TOKEN_INFINIBAND = 668 ++ TOKEN_INFINIBAND = 668, ++ BOOTP_BROADCAST_ALWAYS = 669 + }; + + #define is_identifier(x) ((x) >= FIRST_TOKEN && \ diff --git a/dhcp-4.2.4-paths.patch b/dhcp-4.2.4-paths.patch new file mode 100644 index 0000000..a737571 --- /dev/null +++ b/dhcp-4.2.4-paths.patch @@ -0,0 +1,26 @@ +diff -up dhcp-4.2.4b1/includes/dhcpd.h.paths dhcp-4.2.4b1/includes/dhcpd.h +--- dhcp-4.2.4b1/includes/dhcpd.h.paths 2012-04-18 11:12:34.000000000 +0200 ++++ dhcp-4.2.4b1/includes/dhcpd.h 2012-04-18 11:14:38.541272405 +0200 +@@ -1420,7 +1420,7 @@ typedef unsigned char option_mask [16]; + #else /* !DEBUG */ + + #ifndef _PATH_DHCPD_CONF +-#define _PATH_DHCPD_CONF "/etc/dhcpd.conf" ++#define _PATH_DHCPD_CONF "/etc/dhcp/dhcpd.conf" + #endif /* DEBUG */ + + #ifndef _PATH_DHCPD_DB +@@ -1442,11 +1442,11 @@ typedef unsigned char option_mask [16]; + #endif /* DEBUG */ + + #ifndef _PATH_DHCLIENT_CONF +-#define _PATH_DHCLIENT_CONF "/etc/dhclient.conf" ++#define _PATH_DHCLIENT_CONF "/etc/dhcp/dhclient.conf" + #endif + + #ifndef _PATH_DHCLIENT_SCRIPT +-#define _PATH_DHCLIENT_SCRIPT "/sbin/dhclient-script" ++#define _PATH_DHCLIENT_SCRIPT "/usr/sbin/dhclient-script" + #endif + + #ifndef _PATH_DHCLIENT_PID diff --git a/dhcp-4.2.4-rfc3442-classless-static-routes.patch b/dhcp-4.2.4-rfc3442-classless-static-routes.patch new file mode 100644 index 0000000..a2fe219 --- /dev/null +++ b/dhcp-4.2.4-rfc3442-classless-static-routes.patch @@ -0,0 +1,405 @@ +diff -up dhcp-4.2.4b1/client/clparse.c.rfc3442 dhcp-4.2.4b1/client/clparse.c +--- dhcp-4.2.4b1/client/clparse.c.rfc3442 2012-04-16 17:34:27.546079944 +0200 ++++ dhcp-4.2.4b1/client/clparse.c 2012-04-16 17:34:27.605079118 +0200 +@@ -37,7 +37,7 @@ + + struct client_config top_level_config; + +-#define NUM_DEFAULT_REQUESTED_OPTS 14 ++#define NUM_DEFAULT_REQUESTED_OPTS 15 + struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 1]; + + static void parse_client_default_duid(struct parse *cfile); +@@ -90,7 +90,11 @@ isc_result_t read_client_conf () + dhcp_universe.code_hash, &code, 0, MDL); + + /* 4 */ +- code = DHO_ROUTERS; ++ /* The Classless Static Routes option code MUST appear in the parameter ++ * request list prior to both the Router option code and the Static ++ * Routes option code, if present. (RFC3442) ++ */ ++ code = DHO_CLASSLESS_STATIC_ROUTES; + option_code_hash_lookup(&default_requested_options[3], + dhcp_universe.code_hash, &code, 0, MDL); + +@@ -144,6 +148,11 @@ isc_result_t read_client_conf () + option_code_hash_lookup(&default_requested_options[13], + dhcp_universe.code_hash, &code, 0, MDL); + ++ /* 15 */ ++ code = DHO_ROUTERS; ++ option_code_hash_lookup(&default_requested_options[14], ++ dhcp_universe.code_hash, &code, 0, MDL); ++ + for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) { + if (default_requested_options[code] == NULL) + log_fatal("Unable to find option definition for " +diff -up dhcp-4.2.4b1/common/dhcp-options.5.rfc3442 dhcp-4.2.4b1/common/dhcp-options.5 +--- dhcp-4.2.4b1/common/dhcp-options.5.rfc3442 2012-04-16 17:34:27.537080070 +0200 ++++ dhcp-4.2.4b1/common/dhcp-options.5 2012-04-16 17:34:27.606079104 +0200 +@@ -115,6 +115,26 @@ hexadecimal, separated by colons. For + or + option dhcp-client-identifier 43:4c:49:45:54:2d:46:4f:4f; + .fi ++.PP ++The ++.B destination-descriptor ++describe the IP subnet number and subnet mask ++of a particular destination using a compact encoding. This encoding ++consists of one octet describing the width of the subnet mask, ++followed by all the significant octets of the subnet number. ++The following table contains some examples of how various subnet ++number/mask combinations can be encoded: ++.nf ++.sp 1 ++Subnet number Subnet mask Destination descriptor ++0 0 0 ++10.0.0.0 255.0.0.0 8.10 ++10.0.0.0 255.255.255.0 24.10.0.0 ++10.17.0.0 255.255.0.0 16.10.17 ++10.27.129.0 255.255.255.0 24.10.27.129 ++10.229.0.128 255.255.255.128 25.10.229.0.128 ++10.198.122.47 255.255.255.255 32.10.198.122.47 ++.fi + .SH SETTING OPTION VALUES USING EXPRESSIONS + Sometimes it's helpful to be able to set the value of a DHCP option + based on some value that the client has sent. To do this, you can +@@ -931,6 +951,29 @@ dhclient-script will create routes: + .RE + .PP + .nf ++.B option \fBclassless-static-routes\fR \fIdestination-descriptor ip-address\fR ++ [\fB,\fR \fIdestination-descriptor ip-address\fR...]\fB;\fR ++.fi ++.RS 0.25i ++.PP ++This option (see RFC3442) specifies a list of classless static routes ++that the client should install in its routing cache. ++.PP ++This option can contain one or more static routes, each of which ++consists of a destination descriptor and the IP address of the router ++that should be used to reach that destination. ++.PP ++Many clients may not implement the Classless Static Routes option. ++DHCP server administrators should therefore configure their DHCP ++servers to send both a Router option and a Classless Static Routes ++option, and should specify the default router(s) both in the Router ++option and in the Classless Static Routes option. ++.PP ++If the DHCP server returns both a Classless Static Routes option and ++a Router option, the DHCP client ignores the Router option. ++.RE ++.PP ++.nf + .B option \fBstreettalk-directory-assistance-server\fR \fIip-address\fR + [\fB,\fR \fIip-address\fR...]\fB;\fR + .fi +diff -up dhcp-4.2.4b1/common/inet.c.rfc3442 dhcp-4.2.4b1/common/inet.c +--- dhcp-4.2.4b1/common/inet.c.rfc3442 2011-05-11 02:47:22.000000000 +0200 ++++ dhcp-4.2.4b1/common/inet.c 2012-04-16 17:34:27.607079090 +0200 +@@ -528,6 +528,60 @@ free_iaddrcidrnetlist(struct iaddrcidrne + return ISC_R_SUCCESS; + } + ++static const char * ++inet_ntopdd(const unsigned char *src, unsigned srclen, char *dst, size_t size) ++{ ++ char tmp[sizeof("32.255.255.255.255")]; ++ int len; ++ ++ switch (srclen) { ++ case 2: ++ len = sprintf (tmp, "%u.%u", src[0], src[1]); ++ break; ++ case 3: ++ len = sprintf (tmp, "%u.%u.%u", src[0], src[1], src[2]); ++ break; ++ case 4: ++ len = sprintf (tmp, "%u.%u.%u.%u", src[0], src[1], src[2], src[3]); ++ break; ++ case 5: ++ len = sprintf (tmp, "%u.%u.%u.%u.%u", src[0], src[1], src[2], src[3], src[4]); ++ break; ++ default: ++ return NULL; ++ } ++ if (len < 0) ++ return NULL; ++ ++ if (len > size) { ++ errno = ENOSPC; ++ return NULL; ++ } ++ ++ return strcpy (dst, tmp); ++} ++ ++/* pdestdesc() turns an iaddr structure into a printable dest. descriptor */ ++const char * ++pdestdesc(const struct iaddr addr) { ++ static char pbuf[sizeof("255.255.255.255.255")]; ++ ++ if (addr.len == 0) { ++ return ""; ++ } ++ if (addr.len == 1) { ++ return "0"; ++ } ++ if ((addr.len >= 2) && (addr.len <= 5)) { ++ return inet_ntopdd(addr.iabuf, addr.len, pbuf, sizeof(pbuf)); ++ } ++ ++ log_fatal("pdestdesc():%s:%d: Invalid destination descriptor length %d.", ++ MDL, addr.len); ++ /* quell compiler warnings */ ++ return NULL; ++} ++ + /* piaddr() turns an iaddr structure into a printable address. */ + /* XXX: should use a const pointer rather than passing the structure */ + const char * +diff -up dhcp-4.2.4b1/common/options.c.rfc3442 dhcp-4.2.4b1/common/options.c +--- dhcp-4.2.4b1/common/options.c.rfc3442 2012-03-20 01:31:53.000000000 +0100 ++++ dhcp-4.2.4b1/common/options.c 2012-04-16 17:34:27.608079076 +0200 +@@ -706,7 +706,11 @@ cons_options(struct packet *inpacket, st + * packet. + */ + priority_list[priority_len++] = DHO_SUBNET_MASK; +- priority_list[priority_len++] = DHO_ROUTERS; ++ if (lookup_option(&dhcp_universe, cfg_options, ++ DHO_CLASSLESS_STATIC_ROUTES)) ++ priority_list[priority_len++] = DHO_CLASSLESS_STATIC_ROUTES; ++ else ++ priority_list[priority_len++] = DHO_ROUTERS; + priority_list[priority_len++] = DHO_DOMAIN_NAME_SERVERS; + priority_list[priority_len++] = DHO_HOST_NAME; + priority_list[priority_len++] = DHO_FQDN; +@@ -1683,6 +1687,7 @@ const char *pretty_print_option (option, + const unsigned char *dp = data; + char comma; + unsigned long tval; ++ unsigned int octets = 0; + + if (emit_commas) + comma = ','; +@@ -1691,6 +1696,7 @@ const char *pretty_print_option (option, + + memset (enumbuf, 0, sizeof enumbuf); + ++ if (option->format[0] != 'R') { /* see explanation lower */ + /* Figure out the size of the data. */ + for (l = i = 0; option -> format [i]; i++, l++) { + if (l >= sizeof(fmtbuf) - 1) +@@ -1840,6 +1846,33 @@ const char *pretty_print_option (option, + if (numhunk < 0) + numhunk = 1; + ++ } else { /* option->format[i] == 'R') */ ++ /* R (destination descriptor) has variable length. ++ * We can find it only in classless static route option, ++ * so we are for sure parsing classless static route option now. ++ * We go through whole the option to check whether there are no ++ * missing/extra bytes. ++ * I didn't find out how to improve the existing code and that's the ++ * reason for this separate 'else' where I do my own checkings. ++ * I know it's little bit unsystematic, but it works. ++ */ ++ numhunk = 0; ++ numelem = 2; /* RI */ ++ fmtbuf[0]='R'; fmtbuf[1]='I'; fmtbuf[2]=0; ++ for (i =0; i < len; i = i + octets + 5) { ++ if (data[i] > 32) { /* subnet mask width */ ++ log_error ("wrong subnet mask width in destination descriptor"); ++ break; ++ } ++ numhunk++; ++ octets = ((data[i]+7) / 8); ++ } ++ if (i != len) { ++ log_error ("classless static routes option has wrong size or " ++ "there's some garbage in format"); ++ } ++ } ++ + /* Cycle through the array (or hunk) printing the data. */ + for (i = 0; i < numhunk; i++) { + for (j = 0; j < numelem; j++) { +@@ -1978,6 +2011,20 @@ const char *pretty_print_option (option, + strcpy(op, piaddr(iaddr)); + dp += 4; + break; ++ ++ case 'R': ++ if (dp[0] <= 32) ++ iaddr.len = (((dp[0]+7)/8)+1); ++ else { ++ log_error ("wrong subnet mask width in destination descriptor"); ++ return ""; ++ } ++ ++ memcpy(iaddr.iabuf, dp, iaddr.len); ++ strcpy(op, pdestdesc(iaddr)); ++ dp += iaddr.len; ++ break; ++ + case '6': + iaddr.len = 16; + memcpy(iaddr.iabuf, dp, 16); +diff -up dhcp-4.2.4b1/common/parse.c.rfc3442 dhcp-4.2.4b1/common/parse.c +--- dhcp-4.2.4b1/common/parse.c.rfc3442 2012-04-16 17:34:27.577079510 +0200 ++++ dhcp-4.2.4b1/common/parse.c 2012-04-16 17:34:27.610079048 +0200 +@@ -341,6 +341,39 @@ int parse_ip_addr (cfile, addr) + } + + /* ++ * destination-descriptor :== NUMBER DOT NUMBER | ++ * NUMBER DOT NUMBER DOT NUMBER | ++ * NUMBER DOT NUMBER DOT NUMBER DOT NUMBER | ++ * NUMBER DOT NUMBER DOT NUMBER DOT NUMBER DOT NUMBER ++ */ ++ ++int parse_destination_descriptor (cfile, addr) ++ struct parse *cfile; ++ struct iaddr *addr; ++{ ++ unsigned int mask_width, dest_dest_len; ++ addr -> len = 0; ++ if (parse_numeric_aggregate (cfile, addr -> iabuf, ++ &addr -> len, DOT, 10, 8)) { ++ mask_width = (unsigned int)addr->iabuf[0]; ++ dest_dest_len = (((mask_width+7)/8)+1); ++ if (mask_width > 32) { ++ parse_warn (cfile, ++ "subnet mask width (%u) greater than 32.", mask_width); ++ } ++ else if (dest_dest_len != addr->len) { ++ parse_warn (cfile, ++ "destination descriptor with subnet mask width %u " ++ "should have %u octets, but has %u octets.", ++ mask_width, dest_dest_len, addr->len); ++ } ++ ++ return 1; ++ } ++ return 0; ++} ++ ++/* + * Return true if every character in the string is hexadecimal. + */ + static int +@@ -704,8 +737,10 @@ unsigned char *parse_numeric_aggregate ( + if (count) { + token = peek_token (&val, (unsigned *)0, cfile); + if (token != separator) { +- if (!*max) ++ if (!*max) { ++ *max = count; + break; ++ } + if (token != RBRACE && token != LBRACE) + token = next_token (&val, + (unsigned *)0, +@@ -1628,6 +1663,9 @@ int parse_option_code_definition (cfile, + case IP_ADDRESS: + type = 'I'; + break; ++ case DESTINATION_DESCRIPTOR: ++ type = 'R'; ++ break; + case IP6_ADDRESS: + type = '6'; + break; +@@ -5375,6 +5413,15 @@ int parse_option_token (rv, cfile, fmt, + } + break; + ++ case 'R': /* destination descriptor */ ++ if (!parse_destination_descriptor (cfile, &addr)) { ++ return 0; ++ } ++ if (!make_const_data (&t, addr.iabuf, addr.len, 0, 1, MDL)) { ++ return 0; ++ } ++ break; ++ + case '6': /* IPv6 address. */ + if (!parse_ip6_addr(cfile, &addr)) { + return 0; +@@ -5635,6 +5682,13 @@ int parse_option_decl (oc, cfile) + goto exit; + len = ip_addr.len; + dp = ip_addr.iabuf; ++ goto alloc; ++ ++ case 'R': /* destination descriptor */ ++ if (!parse_destination_descriptor (cfile, &ip_addr)) ++ goto exit; ++ len = ip_addr.len; ++ dp = ip_addr.iabuf; + + alloc: + if (hunkix + len > sizeof hunkbuf) { +diff -up dhcp-4.2.4b1/common/tables.c.rfc3442 dhcp-4.2.4b1/common/tables.c +--- dhcp-4.2.4b1/common/tables.c.rfc3442 2012-04-16 17:34:27.566079664 +0200 ++++ dhcp-4.2.4b1/common/tables.c 2012-04-16 17:34:27.611079034 +0200 +@@ -52,6 +52,7 @@ HASH_FUNCTIONS (option_code, const unsig + Format codes: + + I - IPv4 address ++ R - destination descriptor (RFC3442) + 6 - IPv6 address + l - 32-bit signed integer + L - 32-bit unsigned integer +@@ -209,6 +210,7 @@ static struct option dhcp_options[] = { + { "default-url", "t", &dhcp_universe, 114, 1 }, + { "subnet-selection", "I", &dhcp_universe, 118, 1 }, + { "domain-search", "D", &dhcp_universe, 119, 1 }, ++ { "classless-static-routes", "RIA", &dhcp_universe, 121, 1 }, + { "vivco", "Evendor-class.", &dhcp_universe, 124, 1 }, + { "vivso", "Evendor.", &dhcp_universe, 125, 1 }, + #if 0 +diff -up dhcp-4.2.4b1/includes/dhcpd.h.rfc3442 dhcp-4.2.4b1/includes/dhcpd.h +--- dhcp-4.2.4b1/includes/dhcpd.h.rfc3442 2012-04-16 17:34:27.543079986 +0200 ++++ dhcp-4.2.4b1/includes/dhcpd.h 2012-04-16 17:34:27.613079006 +0200 +@@ -2666,6 +2666,7 @@ isc_result_t range2cidr(struct iaddrcidr + const struct iaddr *lo, const struct iaddr *hi); + isc_result_t free_iaddrcidrnetlist(struct iaddrcidrnetlist **result); + const char *piaddr (struct iaddr); ++const char *pdestdesc (struct iaddr); + char *piaddrmask(struct iaddr *, struct iaddr *); + char *piaddrcidr(const struct iaddr *, unsigned int); + u_int16_t validate_port(char *); +@@ -2873,6 +2874,7 @@ void parse_client_lease_declaration (str + int parse_option_decl (struct option_cache **, struct parse *); + void parse_string_list (struct parse *, struct string_list **, int); + int parse_ip_addr (struct parse *, struct iaddr *); ++int parse_destination_descriptor (struct parse *, struct iaddr *); + int parse_ip_addr_with_subnet(struct parse *, struct iaddrmatch *); + void parse_reject_statement (struct parse *, struct client_config *); + +diff -up dhcp-4.2.4b1/includes/dhcp.h.rfc3442 dhcp-4.2.4b1/includes/dhcp.h +--- dhcp-4.2.4b1/includes/dhcp.h.rfc3442 2012-02-16 22:09:14.000000000 +0100 ++++ dhcp-4.2.4b1/includes/dhcp.h 2012-04-16 17:34:27.613079006 +0200 +@@ -163,6 +163,7 @@ struct dhcp_packet { + #define DHO_ASSOCIATED_IP 92 + #define DHO_SUBNET_SELECTION 118 /* RFC3011! */ + #define DHO_DOMAIN_SEARCH 119 /* RFC3397 */ ++#define DHO_CLASSLESS_STATIC_ROUTES 121 /* RFC3442 */ + #define DHO_VIVCO_SUBOPTIONS 124 + #define DHO_VIVSO_SUBOPTIONS 125 + +diff -up dhcp-4.2.4b1/includes/dhctoken.h.rfc3442 dhcp-4.2.4b1/includes/dhctoken.h +--- dhcp-4.2.4b1/includes/dhctoken.h.rfc3442 2012-04-16 17:34:27.000000000 +0200 ++++ dhcp-4.2.4b1/includes/dhctoken.h 2012-04-16 17:35:15.028414805 +0200 +@@ -365,7 +365,8 @@ enum dhcp_token { + PRIMARY6 = 666, + SECONDARY6 = 667, + TOKEN_INFINIBAND = 668, +- BOOTP_BROADCAST_ALWAYS = 669 ++ BOOTP_BROADCAST_ALWAYS = 669, ++ DESTINATION_DESCRIPTOR = 670 + }; + + #define is_identifier(x) ((x) >= FIRST_TOKEN && \ diff --git a/dhcp-4.2.4-unicast-bootp.patch b/dhcp-4.2.4-unicast-bootp.patch new file mode 100644 index 0000000..69ab4c8 --- /dev/null +++ b/dhcp-4.2.4-unicast-bootp.patch @@ -0,0 +1,101 @@ +diff -up dhcp-4.2.4b1/server/bootp.c.unicast dhcp-4.2.4b1/server/bootp.c +--- dhcp-4.2.4b1/server/bootp.c.unicast 2012-04-10 23:27:06.000000000 +0200 ++++ dhcp-4.2.4b1/server/bootp.c 2012-04-16 17:28:42.095919022 +0200 +@@ -59,6 +59,7 @@ void bootp (packet) + char msgbuf [1024]; + int ignorep; + int peer_has_leases = 0; ++ int norelay = 0; + + if (packet -> raw -> op != BOOTREQUEST) + return; +@@ -74,7 +75,7 @@ void bootp (packet) + ? inet_ntoa (packet -> raw -> giaddr) + : packet -> interface -> name); + +- if (!locate_network (packet)) { ++ if ((norelay = locate_network (packet)) == 0) { + log_info ("%s: network unknown", msgbuf); + return; + } +@@ -399,6 +400,15 @@ void bootp (packet) + + goto out; + } ++ } else if (norelay == 2) { ++ to.sin_addr = raw.ciaddr; ++ to.sin_port = remote_port; ++ if (fallback_interface) { ++ result = send_packet (fallback_interface, NULL, &raw, ++ outgoing.packet_length, from, ++ &to, &hto); ++ goto out; ++ } + + /* If it comes from a client that already knows its address + and is not requesting a broadcast response, and we can +diff -up dhcp-4.2.4b1/server/dhcp.c.unicast dhcp-4.2.4b1/server/dhcp.c +--- dhcp-4.2.4b1/server/dhcp.c.unicast 2012-03-09 12:28:12.000000000 +0100 ++++ dhcp-4.2.4b1/server/dhcp.c 2012-04-16 17:26:55.067418285 +0200 +@@ -4299,6 +4299,7 @@ int locate_network (packet) + struct data_string data; + struct subnet *subnet = (struct subnet *)0; + struct option_cache *oc; ++ int norelay = 0; + + /* See if there's a Relay Agent Link Selection Option, or a + * Subnet Selection Option. The Link-Select and Subnet-Select +@@ -4314,12 +4315,24 @@ int locate_network (packet) + from the interface, if there is one. If not, fail. */ + if (!oc && !packet -> raw -> giaddr.s_addr) { + if (packet -> interface -> shared_network) { +- shared_network_reference +- (&packet -> shared_network, +- packet -> interface -> shared_network, MDL); +- return 1; ++ struct in_addr any_addr; ++ any_addr.s_addr = INADDR_ANY; ++ ++ if (!packet -> packet_type && memcmp(&packet -> raw -> ciaddr, &any_addr, 4)) { ++ struct iaddr cip; ++ memcpy(cip.iabuf, &packet -> raw -> ciaddr, 4); ++ cip.len = 4; ++ if (!find_grouped_subnet(&subnet, packet->interface->shared_network, cip, MDL)) ++ norelay = 2; ++ } ++ ++ if (!norelay) { ++ shared_network_reference(&packet -> shared_network, packet -> interface -> shared_network, MDL); ++ return 1; ++ } ++ } else { ++ return 0; + } +- return 0; + } + + /* If there's an option indicating link connection, and it's valid, +@@ -4342,7 +4355,10 @@ int locate_network (packet) + data_string_forget (&data, MDL); + } else { + ia.len = 4; +- memcpy (ia.iabuf, &packet -> raw -> giaddr, 4); ++ if (norelay) ++ memcpy (ia.iabuf, &packet->raw->ciaddr, 4); ++ else ++ memcpy (ia.iabuf, &packet->raw->giaddr, 4); + } + + /* If we know the subnet on which the IP address lives, use it. */ +@@ -4350,7 +4366,10 @@ int locate_network (packet) + shared_network_reference (&packet -> shared_network, + subnet -> shared_network, MDL); + subnet_dereference (&subnet, MDL); +- return 1; ++ if (norelay) ++ return norelay; ++ else ++ return 1; + } + + /* Otherwise, fail. */ diff --git a/dhcp.spec b/dhcp.spec index acb85ed..74c00c4 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -18,8 +18,8 @@ Summary: Dynamic host configuration protocol software Name: dhcp -Version: 4.2.3 -Release: 12.%{patchver}%{?dist} +Version: 4.2.4 +Release: 1.%{patchver}%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -42,37 +42,34 @@ Source10: dhcpd6.service Source11: dhcrelay.service Patch0: dhcp-4.2.0-errwarn-message.patch -Patch1: dhcp-4.2.3-options.patch +Patch1: dhcp-4.2.4-options.patch Patch2: dhcp-4.2.0-release-by-ifup.patch Patch3: dhcp-4.2.0-dhclient-decline-backoff.patch -Patch4: dhcp-4.2.0-unicast-bootp.patch +Patch4: dhcp-4.2.4-unicast-bootp.patch Patch6: dhcp-4.2.2-dhclient-usage.patch Patch7: dhcp-4.2.0-default-requested-options.patch Patch8: dhcp-4.2.2-xen-checksum.patch Patch10: dhcp-4.2.1-manpages.patch -Patch11: dhcp-4.2.0-paths.patch +Patch11: dhcp-4.2.4-paths.patch Patch12: dhcp-4.2.2-CLOEXEC.patch Patch13: dhcp-4.2.0-inherit-leases.patch Patch14: dhcp-4.2.0-garbage-chars.patch Patch15: dhcp-4.2.0-missing-ipv6-not-fatal.patch Patch17: dhcp-4.2.0-add_timeout_when_NULL.patch -Patch18: dhcp-4.2.1-64_bit_lease_parse.patch +Patch18: dhcp-4.2.4-64_bit_lease_parse.patch Patch19: dhcp-4.2.2-capability.patch Patch20: dhcp-4.2.0-logpid.patch -Patch21: dhcp-4.2.0-UseMulticast.patch +Patch21: dhcp-4.2.4-UseMulticast.patch Patch22: dhcp-4.2.1-sendDecline.patch Patch23: dhcp-4.2.1-retransmission.patch -Patch25: dhcp-4.2.3-rfc3442-classless-static-routes.patch +Patch25: dhcp-4.2.4-rfc3442-classless-static-routes.patch Patch27: dhcp-4.2.0-honor-expired.patch -Patch28: dhcp-4.2.0-noprefixavail.patch Patch29: dhcp-4.2.2-remove-bind.patch Patch30: dhcp-4.2.2-sharedlib.patch -Patch31: dhcp-4.2.0-PPP.patch +Patch31: dhcp-4.2.4-PPP.patch Patch32: dhcp-4.2.3-paranoia.patch Patch33: dhcp-4.2.3-P2-log_perror.patch -Patch34: dhcp-4.2.4-CVE-2012-3570-3571-3954.patch Patch35: dhcp-interval.patch -Patch36: dhcp-4.2.4-CVE-2012-3955.patch BuildRequires: autoconf BuildRequires: automake @@ -290,17 +287,6 @@ rm bind/bind.tar.gz # (Submitted to dhcp-suggest@isc.org - [ISC-Bugs #22675]) %patch27 -p1 -b .honor-expired -# 1) When server has empty pool of addresses/prefixes it must send Advertise with -# NoAddrsAvail/NoPrefixAvail status in response to clients Solicit. -# Without this patch server having empty pool of addresses/prefixes was ignoring -# client's' Solicit when client was also sending address in IA_NA or prefix in IA_PD as a preference. -# 2) When client sends prefix in IA_PD as a preference and server doesn't have -# this prefix in any pool the server should offer other free prefix. -# Without this patch server ignored client's Solicit in which the client was sending -# prefix in IA_PD (as a preference) and this prefix was not in any of server's pools. -# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #22676]) -%patch28 -p1 -b .noprefixavail - #Build dhcp's libraries as shared libs instead of static libs. %patch30 -p1 -b .sharedlib @@ -316,15 +302,9 @@ rm bind/bind.tar.gz # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #28049]) %patch33 -p1 -b .log_perror -# 4.2.4-P1: fix for CVE-2012-3570 CVE-2012-3571 and CVE-2012-3954 (#842892) -%patch34 -p1 -b .CVE-2012-3570-3571-3954 - # isc_time_nowplusinterval() is not safe with 64-bit time_t %patch35 -p1 -b .interval -# 4.2.4-P2: fix for CVE-2012-3955 (#856770) -%patch36 -p1 -b .CVE-2012-3955 - # Copy in the Fedora/RHEL dhclient script %{__install} -p -m 0755 %{SOURCE4} client/scripts/linux %{__install} -p -m 0644 %{SOURCE5} . @@ -658,14 +638,17 @@ fi %{_initddir}/dhcrelay %changelog +* Mon Sep 24 2012 Jiri Popelka - 12:4.2.4-1.P2 +- 4.2.4-P2 (#786023) + * Thu Sep 13 2012 Tomas Hozza - 12:4.2.3-12.P2 -- 4.2.4-P2: fix for CVE-2012-3955 (#856770) +- fix for CVE-2012-3955 (#856770) * Fri Jul 27 2012 Jiri Popelka - 12:4.2.3-11.P2 - isc_time_nowplusinterval() is not safe with 64-bit time_t (#662254, #789601) * Wed Jul 25 2012 Tomas Hozza - 12:4.2.3-10.P2 -- 4.2.4-P1: fix for CVE-2012-3570 CVE-2012-3571 and CVE-2012-3954 (#842892) +- fix for CVE-2012-3570 CVE-2012-3571 and CVE-2012-3954 (#842892) * Mon Jul 09 2012 Tomas Hozza - 12:4.2.3-9.P2 - changed the list of %verify on the leases files (#837474) diff --git a/sources b/sources index ad71aa8..3b72467 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -14f57fd580d01633d0fad4809007a801 dhcp-4.2.3-P2.tar.gz +fe36056f2d274fa4b82a5422f192e65f dhcp-4.2.4-P2.tar.gz