Hello community, here is the log from the commit of package dhcp for openSUSE:Factory checked in at 2018-03-24 16:12:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dhcp (Old) and /work/SRC/openSUSE:Factory/.dhcp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dhcp" Sat Mar 24 16:12:24 2018 rev:108 rq:589263 version:4.3.5 Changes: -------- --- /work/SRC/openSUSE:Factory/dhcp/dhcp.changes 2018-02-18 11:37:13.400673515 +0100 +++ /work/SRC/openSUSE:Factory/.dhcp.new/dhcp.changes 2018-03-24 16:12:27.733808560 +0100 @@ -1,0 +2,76 @@ +Thu Mar 8 13:15:16 UTC 2018 - [email protected] + +- Update to dhcp-4.3.6-P1: + * CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd. + * CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient. + * Plugged a socket descriptor leak in OMAPI + * The server now allows the client identifier (option 61) to own + leases in more than one subnet concurrently [ISC-Bugs #41358]. + * When replying to a DHCPINFORM, the server will now include + options specified at the pool scope, provided the ciaddr field + of the DHCPINFORM is populated. + [ISC-Bugs #43219] [ISC-Bugs #45051]. + * When memory allocation fails in a repeated way the process + writes "Run out of memory." on the standard error and exists + with status 1 [ISC-Bugs #32744]. + * The new lmdb (Lightning Memory DataBase) bind9 configure + option is now disabled by default to avoid the presence of + this library to be detected which can lead to a link failure. + [ISC-Bugs #45069] + * The linux interface discovery code has been modified to use + getifaddrs() as is done for BSD and OS-X. + [ISC-Bugs #28761] and others. + * Fixed a bug in OMAPI that causes omshell to crash when a + name-value pair with a zero length value is shipped in an + object [ISC-Bugs #29108]. + * On 64-bit platforms, dhclient now generates the correct value + for the script environment variable, "expiry", the lease + expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326]. + * Common timer logic was modified to cap the maximum timeout + values at 0x7FFFFFFF - 1 [ISC-Bugs #28038]. + * DHCP6 FQDN option unpacking code now correctly handles values + that contain spaces, special, or non-printable characters. + [ISC-Bugs #43592] + * When running in -6 mode, dhclient can enforce the require + option statement and will discard offered leases that do not + contain all the required options specified in the client + configuration [ISC-Bugs #41473]. + * Altered DHCPv4 lease time calculation to avoid roll over + errors on 64-bit OS systems when using -1 or large values + for default-lease-time [ISC-Bugs #41976], + * Added --dad-wait-time parameter to dhclient [ISC-Bugs #36169]. + * The server nows checks both the address and length of a + prefix delegation when attempting to match it to a prefix + pool [ISC-Bugs #35378]. + * Modified DDNS support initialization such that DNS related + ports will only be opened by the server (dhcpd) at startup + if ddns-update-style is not "none"; by dhclient only if and + when the it first attempts an update; and never by dhcrelay. + [ISC-Bugs #45290] [ISC-Bugs #33377] + * Added error logging to two memory allocation failure checks. + [ISC-Bugs #41185] + * Corrected a dhclient -6 issue that caused the client to crash + with an "Impossible condition" error after de-preferencing its + only IA binding [ISC-Bugs #44373]. + * By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h, + dhclient will now call the script with reason set to FAIL when + run with -1 (one try) and there are no server responses. + [ISC-bugs #18183] + * The server now detects failover peers that are not referenced + in at least one pool when run with the command line option for + test mode, -T [ISC-Bugs #29892]. + * Linux script updated [ISC-bugs #19430] [ISC-bugs #18111]. + * Changed severity of the log message indicating UDP checksum + errors in the received packets from 'info' to 'debug'. + [ISC-bugs #41757] + * Corrected a bug which could cause the server to sporadically + crash while loading lease files with the lease-id-format is + set to "hex" [ISC-Bugs #43185]. + +- Obsoleted patches: + * 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch + * 0019-dhcp-4.2.4-P1-interval.patch + * 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch + * 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch + +------------------------------------------------------------------- Old: ---- 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch 0019-dhcp-4.2.4-P1-interval.patch 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch dhcp-4.3.5.tar.gz dhcp-4.3.5.tar.gz.asc New: ---- dhcp-4.3.6-P1.tar.gz dhcp-4.3.6-P1.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dhcp.spec ++++++ --- /var/tmp/diff_new_pack.DpUF1a/_old 2018-03-24 16:12:30.153721327 +0100 +++ /var/tmp/diff_new_pack.DpUF1a/_new 2018-03-24 16:12:30.157721183 +0100 @@ -21,7 +21,7 @@ %define _fillupdir /var/adm/fillup-templates %endif -%define isc_version 4.3.5 +%define isc_version 4.3.6-P1 %define susefw2dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services %define omc_prefix /usr/share/omc %define omc_svcdir %{omc_prefix}/svcinfo.d @@ -94,8 +94,6 @@ Patch9: 0009-dhcp-4.2.6-close-on-exec.patch # PATCH-FIX-OPENSUSE quiet-dhclient bnc#711420 Patch10: 0010-dhcp-4.2.2-quiet-dhclient.patch -# PATCH-FIX-UPSTREAM use-getifaddrs bnc#791289,ISC-Bugs#31992 -Patch11: 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch # PATCH-FIX-OPENSUSE dhcp-4.2.x-chown-server-leases bnc#868253 Patch12: 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch # PATCH-FIX-SLE dhcp-4.2.x-dhcpv6-decline-on-DAD-failure bnc#872609 @@ -111,10 +109,7 @@ # PATCH-FIX-SLE client-fail-on-script-pre-init-error bsc#912098 Patch18: 0018-client-fail-on-script-pre-init-error-bsc-912098.patch # PATCH-FIX-SLE dhcp-4.2.4-P1-interval bsc#947780 -Patch19: 0019-dhcp-4.2.4-P1-interval.patch Patch20: 0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch -Patch21: 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch -Patch22: 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch ## PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -239,20 +234,16 @@ %patch6 -p1 %patch7 -p1 %patch8 -p1 -%patch9 -p1 +%patch9 %patch10 -p1 -%patch11 -p1 %patch12 -p1 %patch13 -p1 -%patch14 -p1 +%patch14 %patch15 -p1 -%patch16 -p1 +%patch16 %patch17 -p1 %patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 +%patch20 ## find . -type f -name \*.cat\* -exec rm -f {} \; dos2unix contrib/ms2isc/* ++++++ 0009-dhcp-4.2.6-close-on-exec.patch ++++++ --- /var/tmp/diff_new_pack.DpUF1a/_old 2018-03-24 16:12:30.253717722 +0100 +++ /var/tmp/diff_new_pack.DpUF1a/_new 2018-03-24 16:12:30.253717722 +0100 @@ -8,11 +8,9 @@ References: bnc#732910 Signed-off-by: Marius Tomaschewski <[email protected]> -diff --git a/client/clparse.c b/client/clparse.c -index 320c42f..b7e4251 100644 ---- a/client/clparse.c -+++ b/client/clparse.c -@@ -221,7 +221,7 @@ int read_client_conf_file (const char *name, struct interface_info *ip, +--- client/clparse.c.orig ++++ client/clparse.c +@@ -262,7 +262,7 @@ int read_client_conf_file (const char *n int token; isc_result_t status; @@ -21,7 +19,7 @@ return uerr2isc (errno); cfile = NULL; -@@ -297,7 +297,7 @@ void read_client_leases () +@@ -338,7 +338,7 @@ void read_client_leases () /* Open the lease file. If we can't open it, just return - we can safely trust the server to remember our state. */ @@ -30,11 +28,9 @@ return; cfile = NULL; -diff --git a/client/dhclient.c b/client/dhclient.c -index a077b48..ac36e3d 100644 ---- a/client/dhclient.c -+++ b/client/dhclient.c -@@ -438,7 +438,7 @@ main(int argc, char **argv) { +--- client/dhclient.c.orig ++++ client/dhclient.c +@@ -565,7 +565,7 @@ main(int argc, char **argv) { long temp; int e; @@ -43,7 +39,7 @@ e = fscanf(pidfd, "%ld\n", &temp); oldpid = (pid_t)temp; -@@ -2840,7 +2840,7 @@ void rewrite_client_leases () +@@ -3403,7 +3403,7 @@ void rewrite_client_leases () if (leaseFile != NULL) fclose (leaseFile); @@ -52,7 +48,7 @@ if (leaseFile == NULL) { log_error ("can't create %s: %m", path_dhclient_db); return; -@@ -3033,7 +3033,7 @@ write_duid(struct data_string *duid) +@@ -3598,7 +3598,7 @@ write_duid(struct data_string *duid) return DHCP_R_INVALIDARG; if (leaseFile == NULL) { /* XXX? */ @@ -61,7 +57,7 @@ if (leaseFile == NULL) { log_error("can't create %s: %m", path_dhclient_db); return ISC_R_IOERROR; -@@ -3081,7 +3081,7 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease, +@@ -3643,7 +3643,7 @@ write_client6_lease(struct client_state return DHCP_R_INVALIDARG; if (leaseFile == NULL) { /* XXX? */ @@ -70,7 +66,7 @@ if (leaseFile == NULL) { log_error("can't create %s: %m", path_dhclient_db); return ISC_R_IOERROR; -@@ -3213,7 +3213,7 @@ int write_client_lease (client, lease, rewrite, makesure) +@@ -3802,7 +3802,7 @@ int write_client_lease (client, lease, r return 1; if (leaseFile == NULL) { /* XXX */ @@ -79,11 +75,9 @@ if (leaseFile == NULL) { log_error ("can't create %s: %m", path_dhclient_db); return 0; -diff --git a/common/bpf.c b/common/bpf.c -index 39d4f45..df9facc 100644 ---- a/common/bpf.c -+++ b/common/bpf.c -@@ -95,7 +95,7 @@ int if_register_bpf (info) +--- common/bpf.c.orig ++++ common/bpf.c +@@ -94,7 +94,7 @@ int if_register_bpf (info) for (b = 0; 1; b++) { /* %Audit% 31 bytes max. %2004.06.17,Safe% */ sprintf(filename, BPF_FORMAT, b); @@ -92,33 +86,9 @@ if (sock < 0) { if (errno == EBUSY) { continue; -diff --git a/common/discover.c b/common/discover.c -index 3cd64a7..37af780 100644 ---- a/common/discover.c -+++ b/common/discover.c -@@ -415,7 +415,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) { - int len; - int i; - -- ifaces->fp = fopen("/proc/net/dev", "r"); -+ ifaces->fp = fopen("/proc/net/dev", "re"); - if (ifaces->fp == NULL) { - log_error("Error opening '/proc/net/dev' to list interfaces"); - return 0; -@@ -450,7 +450,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) { - - #ifdef DHCPv6 - if (local_family == AF_INET6) { -- ifaces->fp6 = fopen("/proc/net/if_inet6", "r"); -+ ifaces->fp6 = fopen("/proc/net/if_inet6", "re"); - if (ifaces->fp6 == NULL) { - log_error("Error opening '/proc/net/if_inet6' to " - "list IPv6 interfaces; %m"); -diff --git a/common/dlpi.c b/common/dlpi.c -index c34adc3..944f21c 100644 ---- a/common/dlpi.c -+++ b/common/dlpi.c -@@ -804,7 +804,7 @@ dlpiopen(const char *ifname) { +--- common/dlpi.c.orig ++++ common/dlpi.c +@@ -813,7 +813,7 @@ dlpiopen(const char *ifname) { } *dp = '\0'; @@ -127,10 +97,8 @@ } /* -diff --git a/common/nit.c b/common/nit.c -index 316e85f..6aa778b 100644 ---- a/common/nit.c -+++ b/common/nit.c +--- common/nit.c.orig ++++ common/nit.c @@ -75,7 +75,7 @@ int if_register_nit (info) struct strioctl sio; @@ -140,10 +108,8 @@ if (sock < 0) log_fatal ("Can't open NIT device for %s: %m", info -> name); -diff --git a/common/resolv.c b/common/resolv.c -index 526cebf..2ac8d43 100644 ---- a/common/resolv.c -+++ b/common/resolv.c +--- common/resolv.c.orig ++++ common/resolv.c @@ -44,7 +44,7 @@ void read_resolv_conf (parse_time) struct domain_search_list *dp, *dl, *nd; isc_result_t status; @@ -153,10 +119,8 @@ log_error ("Can't open %s: %m", path_resolv_conf); return; } -diff --git a/common/upf.c b/common/upf.c -index 34011eb..77d5878 100644 ---- a/common/upf.c -+++ b/common/upf.c +--- common/upf.c.orig ++++ common/upf.c @@ -71,7 +71,7 @@ int if_register_upf (info) /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ sprintf(filename, "/dev/pf/pfilt%d", b); @@ -166,11 +130,9 @@ if (sock < 0) { if (errno == EBUSY) { continue; -diff --git a/omapip/trace.c b/omapip/trace.c -index f4115c1..4410c35 100644 ---- a/omapip/trace.c -+++ b/omapip/trace.c -@@ -138,10 +138,10 @@ isc_result_t trace_begin (const char *filename, +--- omapip/trace.c.orig ++++ omapip/trace.c +@@ -138,10 +138,10 @@ isc_result_t trace_begin (const char *fi return DHCP_R_INVALIDARG; } @@ -183,7 +145,7 @@ 0600); } -@@ -429,7 +429,7 @@ void trace_file_replay (const char *filename) +@@ -429,7 +429,7 @@ void trace_file_replay (const char *file isc_result_t result; int len; @@ -192,11 +154,9 @@ if (!traceinfile) { log_error("Can't open tracefile %s: %m", filename); return; -diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c -index 15b4997..9d39fae 100644 ---- a/relay/dhcrelay.c -+++ b/relay/dhcrelay.c -@@ -558,13 +558,14 @@ main(int argc, char **argv) { +--- relay/dhcrelay.c.orig ++++ relay/dhcrelay.c +@@ -659,13 +659,14 @@ main(int argc, char **argv) { if (no_pid_file == ISC_FALSE) { pfdesc = open(path_dhcrelay_pid, @@ -213,11 +173,9 @@ if (!pf) log_error("Can't fdopen %s: %m", path_dhcrelay_pid); -diff --git a/server/confpars.c b/server/confpars.c -index 4b2907d..6aa5b3f 100644 ---- a/server/confpars.c -+++ b/server/confpars.c -@@ -111,7 +111,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group, +--- server/confpars.c.orig ++++ server/confpars.c +@@ -118,7 +118,7 @@ isc_result_t read_conf_file (const char } #endif @@ -226,11 +184,9 @@ if (leasep) { log_error ("Can't open lease database %s: %m --", path_dhcpd_db); -diff --git a/server/db.c b/server/db.c -index 0c642ad..e9a38fe 100644 ---- a/server/db.c -+++ b/server/db.c -@@ -1072,7 +1072,7 @@ void db_startup (testp) +--- server/db.c.orig ++++ server/db.c +@@ -1081,7 +1081,7 @@ void db_startup (testp) } #endif if (!testp) { @@ -239,7 +195,7 @@ if (!db_file) log_fatal ("Can't open %s for append.", path_dhcpd_db); expire_all_pools (); -@@ -1120,7 +1120,7 @@ int new_lease_file () +@@ -1129,7 +1129,7 @@ int new_lease_file () path_dhcpd_db) >= sizeof newfname) log_fatal("new_lease_file: lease file path too long"); @@ -248,7 +204,7 @@ if (db_fd < 0) { log_error ("Can't create new lease file: %m"); return 0; -@@ -1145,7 +1145,7 @@ int new_lease_file () +@@ -1154,7 +1154,7 @@ int new_lease_file () } #endif /* PARANOIA */ @@ -257,11 +213,9 @@ log_error("Can't fdopen new lease file: %m"); close(db_fd); goto fdfail; -diff --git a/server/dhcpd.c b/server/dhcpd.c -index eecc89b..afef390 100644 ---- a/server/dhcpd.c -+++ b/server/dhcpd.c -@@ -658,7 +658,7 @@ main(int argc, char **argv) { +--- server/dhcpd.c.orig ++++ server/dhcpd.c +@@ -760,7 +760,7 @@ main(int argc, char **argv) { */ if ((lftest == 0) && (no_pid_file == ISC_FALSE)) { /*Read previous pid file. */ @@ -270,7 +224,7 @@ status = read(i, pbuf, (sizeof pbuf) - 1); close(i); if (status > 0) { -@@ -758,7 +758,7 @@ main(int argc, char **argv) { +@@ -878,7 +878,7 @@ main(int argc, char **argv) { * appropriate. */ if (no_pid_file == ISC_FALSE) { @@ -279,11 +233,9 @@ if (i >= 0) { sprintf(pbuf, "%d\n", (int) getpid()); IGNORE_RET(write(i, pbuf, strlen(pbuf))); -diff --git a/server/ldap.c b/server/ldap.c -index 2893b82..9530d9d 100644 ---- a/server/ldap.c -+++ b/server/ldap.c -@@ -1442,7 +1442,7 @@ ldap_start (void) +--- server/ldap.c.orig ++++ server/ldap.c +@@ -1446,7 +1446,7 @@ ldap_start (void) if (ldap_debug_file != NULL && ldap_debug_fd == -1) { @@ -292,6 +244,3 @@ S_IRUSR | S_IWUSR)) < 0) log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, strerror (errno)); --- -2.1.4 - ++++++ 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch ++++++ --- /var/tmp/diff_new_pack.DpUF1a/_old 2018-03-24 16:12:30.281716713 +0100 +++ /var/tmp/diff_new_pack.DpUF1a/_new 2018-03-24 16:12:30.281716713 +0100 @@ -9,11 +9,9 @@ References: bsc#926159 -diff --git a/client/dhc6.c b/client/dhc6.c -index bec1c87..e4a85fc 100644 ---- a/client/dhc6.c -+++ b/client/dhc6.c -@@ -3877,8 +3877,8 @@ dhc6_marshall_values(const char *prefix, struct client_state *client, +--- client/dhc6.c.orig ++++ client/dhc6.c +@@ -4344,8 +4344,8 @@ dhc6_marshall_values(const char *prefix, client_envadd(client, prefix, "ip6_type", "temporary"); } @@ -24,7 +22,7 @@ client_envadd(client, prefix, "preferred_life", "%u", addr->preferred_life); client_envadd(client, prefix, "max_life", "%u", -@@ -3889,8 +3889,8 @@ dhc6_marshall_values(const char *prefix, struct client_state *client, +@@ -4356,8 +4356,8 @@ dhc6_marshall_values(const char *prefix, if (ia != NULL) { client_envadd(client, prefix, "iaid", "%s", print_hex_1(4, ia->iaid, 12)); @@ -35,11 +33,9 @@ client_envadd(client, prefix, "renew", "%u", ia->renew); client_envadd(client, prefix, "rebind", "%u", ia->rebind); } -diff --git a/client/dhclient.c b/client/dhclient.c -index 2eb28db..4d7394d 100644 ---- a/client/dhclient.c -+++ b/client/dhclient.c -@@ -3119,13 +3119,13 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease, +--- client/dhclient.c.orig ++++ client/dhclient.c +@@ -3708,13 +3708,13 @@ write_client6_lease(struct client_state return ISC_R_IOERROR; if (ia->ia_type != D6O_IA_TA) @@ -57,7 +53,7 @@ if (stat <= 0) return ISC_R_IOERROR; -@@ -3142,10 +3142,10 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease, +@@ -3731,10 +3731,10 @@ write_client6_lease(struct client_state if (stat <= 0) return ISC_R_IOERROR; @@ -70,15 +66,3 @@ addr->max_life); if (stat <= 0) return ISC_R_IOERROR; -@@ -3519,7 +3519,7 @@ void script_write_params (client, prefix, lease) - universes [i], - &es, client_option_envadd); - } -- client_envadd (client, prefix, "expiry", "%d", (int)(lease -> expiry)); -+ client_envadd (client, prefix, "expiry", "%ld", (long)(lease -> expiry)); - } - - /* --- -2.1.4 - ++++++ 0016-infiniband-support.patch ++++++ --- /var/tmp/diff_new_pack.DpUF1a/_old 2018-03-24 16:12:30.301715992 +0100 +++ /var/tmp/diff_new_pack.DpUF1a/_new 2018-03-24 16:12:30.301715992 +0100 @@ -49,10 +49,8 @@ References: bnc#870535 -diff --git a/client/dhclient.c b/client/dhclient.c -index 3f2f8b2..40d9fe0 100644 ---- a/client/dhclient.c -+++ b/client/dhclient.c +--- client/dhclient.c.orig ++++ client/dhclient.c @@ -71,6 +71,40 @@ int std_dhcid = 0; assert (state_is == state_shouldbe). */ #define ASSERT_STATE(state_is, state_shouldbe) {} @@ -92,9 +90,9 @@ +} + #ifndef UNIT_TEST - static const char copyright[] = "Copyright 2004-2016 Internet Systems Consortium."; + static const char copyright[] = "Copyright 2004-2018 Internet Systems Consortium."; static const char arr [] = "All rights reserved."; -@@ -756,6 +790,26 @@ main(int argc, char **argv) { +@@ -767,6 +801,26 @@ main(int argc, char **argv) { } } @@ -121,7 +119,7 @@ /* At this point, all the interfaces that the script thinks are relevant should be running, so now we once again call discover_interfaces(), and this time ask it to actually set -@@ -770,19 +824,42 @@ main(int argc, char **argv) { +@@ -781,19 +835,42 @@ main(int argc, char **argv) { Not much entropy, but we're booting, so we're not likely to find anything better. */ seed = 0; @@ -166,7 +164,7 @@ */ if ((local_family == AF_INET6) || ((local_family == AF_INET) && (duid_v4 == 1))) { -@@ -793,6 +870,20 @@ main(int argc, char **argv) { +@@ -804,6 +881,20 @@ main(int argc, char **argv) { form_duid(&default_duid, MDL); write_duid(&default_duid); } @@ -187,7 +185,7 @@ } #if defined(DHCPv6) && defined(DHCP4o6) -@@ -1282,15 +1373,22 @@ void dhcpack (packet) +@@ -1293,15 +1384,22 @@ void dhcpack (packet) if (client -> xid == packet -> raw -> xid) break; } @@ -215,7 +213,7 @@ } if (client -> state != S_REBOOTING && -@@ -1303,7 +1401,7 @@ void dhcpack (packet) +@@ -1314,7 +1412,7 @@ void dhcpack (packet) return; } @@ -224,7 +222,7 @@ lease = packet_to_lease (packet, client); if (!lease) { -@@ -1951,15 +2049,21 @@ void dhcpoffer (packet) +@@ -1969,15 +2067,21 @@ void dhcpoffer (packet) /* If we're not receptive to an offer right now, or if the offer has an unrecognizable transaction id, then just drop it. */ if (!client || @@ -251,7 +249,7 @@ } sprintf (obuf, "%s from %s", name, piaddr (packet -> client_addr)); -@@ -2197,11 +2301,11 @@ void dhcpnak (packet) +@@ -2215,11 +2319,11 @@ void dhcpnak (packet) /* If we're not receptive to an offer right now, or if the offer has an unrecognizable transaction id, then just drop it. */ @@ -268,7 +266,7 @@ #if defined (DEBUG) log_debug ("DHCPNAK in wrong transaction."); #endif -@@ -2216,9 +2320,15 @@ void dhcpnak (packet) +@@ -2234,9 +2338,15 @@ void dhcpnak (packet) log_debug ("DHCPNAK in wrong state."); #endif return; @@ -285,7 +283,7 @@ if (!client -> active) { #if defined (DEBUG) -@@ -2351,11 +2461,11 @@ void send_discover (cpp) +@@ -2369,11 +2479,11 @@ void send_discover (cpp) (long)(client -> interval)); } else #endif @@ -302,7 +300,7 @@ /* Send out a packet. */ #if defined(DHCPv6) && defined(DHCP4o6) if (dhcpv4_over_dhcpv6) { -@@ -2639,10 +2749,10 @@ void send_request (cpp) +@@ -2664,10 +2774,10 @@ void send_request (cpp) log_info ("DHCPREQUEST"); } else #endif @@ -315,7 +313,7 @@ #if defined(DHCPv6) && defined(DHCP4o6) if (dhcpv4_over_dhcpv6) { -@@ -2699,10 +2809,10 @@ void send_decline (cpp) +@@ -2724,10 +2834,10 @@ void send_decline (cpp) log_info ("DHCPDECLINE"); } else #endif @@ -328,7 +326,7 @@ /* Send out a packet. */ #if defined(DHCPv6) && defined(DHCP4o6) -@@ -2761,10 +2871,10 @@ void send_release (cpp) +@@ -2786,10 +2896,10 @@ void send_release (cpp) log_info ("DHCPRELEASE"); } else #endif @@ -341,7 +339,7 @@ #if defined(DHCPv6) && defined(DHCP4o6) if (dhcpv4_over_dhcpv6) { -@@ -3041,10 +3151,17 @@ make_client_options(struct client_state *client, struct client_lease *lease, +@@ -3066,10 +3176,17 @@ make_client_options(struct client_state * This can be overridden by including a client id in the configuration * file. */ @@ -360,7 +358,7 @@ memset(&client_identifier, 0, sizeof(client_identifier)); client_identifier.len = 1 + 4 + default_duid.len; if (!buffer_allocate(&client_identifier.buffer, -@@ -3135,12 +3252,13 @@ void make_discover (client, lease) +@@ -3160,12 +3277,13 @@ void make_discover (client, lease) client -> packet.op = BOOTREQUEST; client -> packet.htype = client -> interface -> hw_address.hbuf [0]; /* Assumes hw_address is known, otherwise a random value may result */ @@ -376,7 +374,7 @@ client -> packet.flags = 0; else client -> packet.flags = htons (BOOTP_BROADCAST); -@@ -3152,7 +3270,7 @@ void make_discover (client, lease) +@@ -3177,7 +3295,7 @@ void make_discover (client, lease) memset (&(client -> packet.siaddr), 0, sizeof client -> packet.siaddr); client -> packet.giaddr = giaddr; @@ -385,7 +383,7 @@ memcpy (client -> packet.chaddr, &client -> interface -> hw_address.hbuf [1], (unsigned)(client -> interface -> hw_address.hlen - 1)); -@@ -3209,7 +3327,8 @@ void make_request (client, lease) +@@ -3234,7 +3352,8 @@ void make_request (client, lease) client -> packet.op = BOOTREQUEST; client -> packet.htype = client -> interface -> hw_address.hbuf [0]; /* Assumes hw_address is known, otherwise a random value may result */ @@ -395,7 +393,7 @@ client -> packet.hops = 0; client -> packet.xid = client -> xid; client -> packet.secs = 0; /* Filled in by send_request. */ -@@ -3241,7 +3360,7 @@ void make_request (client, lease) +@@ -3266,7 +3385,7 @@ void make_request (client, lease) else memset (&client -> packet.giaddr, 0, sizeof client -> packet.giaddr); @@ -404,7 +402,7 @@ memcpy (client -> packet.chaddr, &client -> interface -> hw_address.hbuf [1], (unsigned)(client -> interface -> hw_address.hlen - 1)); -@@ -3284,7 +3403,8 @@ void make_decline (client, lease) +@@ -3309,7 +3428,8 @@ void make_decline (client, lease) client -> packet.op = BOOTREQUEST; client -> packet.htype = client -> interface -> hw_address.hbuf [0]; /* Assumes hw_address is known, otherwise a random value may result */ @@ -414,7 +412,7 @@ client -> packet.hops = 0; client -> packet.xid = client -> xid; client -> packet.secs = 0; /* Filled in by send_request. */ -@@ -3301,9 +3421,10 @@ void make_decline (client, lease) +@@ -3326,9 +3446,10 @@ void make_decline (client, lease) memset (&client -> packet.siaddr, 0, sizeof client -> packet.siaddr); client -> packet.giaddr = giaddr; @@ -428,7 +426,7 @@ #ifdef DEBUG_PACKET dump_raw ((unsigned char *)&client -> packet, client -> packet_length); -@@ -3346,7 +3467,8 @@ void make_release (client, lease) +@@ -3371,7 +3492,8 @@ void make_release (client, lease) client -> packet.op = BOOTREQUEST; client -> packet.htype = client -> interface -> hw_address.hbuf [0]; /* Assumes hw_address is known, otherwise a random value may result */ @@ -438,7 +436,7 @@ client -> packet.hops = 0; client -> packet.xid = random (); client -> packet.secs = 0; -@@ -3358,9 +3480,10 @@ void make_release (client, lease) +@@ -3383,9 +3505,10 @@ void make_release (client, lease) memset (&client -> packet.siaddr, 0, sizeof client -> packet.siaddr); client -> packet.giaddr = giaddr; @@ -452,7 +450,7 @@ #ifdef DEBUG_PACKET dump_raw ((unsigned char *)&client -> packet, client -> packet_length); -@@ -3513,17 +3636,13 @@ write_options(struct client_state *client, struct option_state *options, +@@ -3538,17 +3661,13 @@ write_options(struct client_state *clien * is not how it is intended. Upcoming rearchitecting the client should * address this "one daemon model." */ @@ -473,7 +471,7 @@ log_fatal("Impossible condition at %s:%d.", MDL); if ((ip->hw_address.hlen == 0) || -@@ -3573,6 +3692,13 @@ form_duid(struct data_string *duid, const char *file, int line) +@@ -3598,6 +3717,13 @@ form_duid(struct data_string *duid, cons } } @@ -487,7 +485,7 @@ /* Write the default DUID to the lease store. */ static isc_result_t write_duid(struct data_string *duid) -@@ -4946,7 +5072,8 @@ client_dns_update(struct client_state *client, dhcp_ddns_cb_t *ddns_cb) +@@ -5020,7 +5146,8 @@ client_dns_update(struct client_state *c NULL, client, client->sent_options, NULL, &global_scope, oc, MDL)) { @@ -497,10 +495,8 @@ (client_identifier.data[0] == 255)) { /* * This appears to be an embedded DUID, -diff --git a/common/bpf.c b/common/bpf.c -index 34bbd5b..c415c22 100644 ---- a/common/bpf.c -+++ b/common/bpf.c +--- common/bpf.c.orig ++++ common/bpf.c @@ -116,7 +116,7 @@ int if_register_bpf (info) log_fatal ("Can't attach interface %s to bpf device %s: %m", info -> name, filename); @@ -566,11 +562,9 @@ struct ifaddrs *ifa; struct ifaddrs *p; struct sockaddr_dl *sa; -diff --git a/common/discover.c b/common/discover.c -index c48d67b..969ee3e 100644 ---- a/common/discover.c -+++ b/common/discover.c -@@ -1280,7 +1280,7 @@ discover_interfaces(int state) { +--- common/discover.c.orig ++++ common/discover.c +@@ -881,7 +881,7 @@ discover_interfaces(int state) { if_register_send(tmp); } else { /* get_hw_addr() was called by register. */ @@ -579,7 +573,7 @@ } break; #ifdef DHCPv6 -@@ -1293,7 +1293,7 @@ discover_interfaces(int state) { +@@ -894,7 +894,7 @@ discover_interfaces(int state) { so now we have to call it explicitly to not leave the hardware address unknown (some code expects it cannot be. */ @@ -588,10 +582,8 @@ } else { if_register_linklocal6(tmp); } -diff --git a/common/dlpi.c b/common/dlpi.c -index 1014e29..3e6a3d3 100644 ---- a/common/dlpi.c -+++ b/common/dlpi.c +--- common/dlpi.c.orig ++++ common/dlpi.c @@ -1339,7 +1339,9 @@ void maybe_setup_fallback () #endif /* USE_DLPI_SEND */ @@ -603,10 +595,8 @@ int sock, unit; long buf[DLPI_MAXDLBUF]; union DL_primitives *dlp; -diff --git a/common/lpf.c b/common/lpf.c -index 123790d..943d679 100644 ---- a/common/lpf.c -+++ b/common/lpf.c +--- common/lpf.c.orig ++++ common/lpf.c @@ -47,12 +47,22 @@ #include <sys/ioctl.h> #include <sys/socket.h> @@ -803,7 +793,7 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto) struct interface_info *interface; struct packet *packet; -@@ -335,6 +445,10 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto) +@@ -335,6 +445,10 @@ ssize_t send_packet (interface, packet, return send_fallback (interface, packet, raw, len, from, to, hto); @@ -814,7 +804,7 @@ if (hto == NULL && interface->anycast_mac_addr.hlen) hto = &interface->anycast_mac_addr; -@@ -439,7 +553,15 @@ ssize_t receive_packet (interface, buf, len, from, hfrom) +@@ -439,7 +553,15 @@ ssize_t receive_packet (interface, buf, bufix = 0; /* Decode the physical header... */ @@ -894,7 +884,7 @@ break; case ARPHRD_IEEE802: #ifdef ARPHRD_IEEE802_TR -@@ -541,18 +674,37 @@ get_hw_addr(const char *name, struct hardware *hw) { +@@ -541,18 +674,37 @@ get_hw_addr(const char *name, struct har #endif /* ARPHRD_IEEE802_TR */ hw->hlen = 7; hw->hbuf[0] = HTYPE_IEEE802; @@ -936,10 +926,8 @@ + freeifaddrs(ifaddrs); } #endif -diff --git a/common/print.c b/common/print.c -index ce368c4..7dd9f52 100644 ---- a/common/print.c -+++ b/common/print.c +--- common/print.c.orig ++++ common/print.c @@ -173,11 +173,11 @@ char *print_hw_addr (htype, hlen, data) const int hlen; const unsigned char *data; @@ -954,11 +942,9 @@ habuf [0] = 0; else { s = habuf; -diff --git a/common/socket.c b/common/socket.c -index e8851b4..2c6fb1c 100644 ---- a/common/socket.c -+++ b/common/socket.c -@@ -328,7 +328,7 @@ void if_register_send (info) +--- common/socket.c.orig ++++ common/socket.c +@@ -331,7 +331,7 @@ void if_register_send (info) info->wfdesc = if_register_socket(info, AF_INET, 0, NULL); /* If this is a normal IPv4 address, get the hardware address. */ if (strcmp(info->name, "fallback") != 0) @@ -967,7 +953,7 @@ #if defined (USE_SOCKET_FALLBACK) /* Fallback only registers for send, but may need to receive as well. */ -@@ -391,7 +391,7 @@ void if_register_receive (info) +@@ -394,7 +394,7 @@ void if_register_receive (info) #endif /* IP_PKTINFO... */ /* If this is a normal IPv4 address, get the hardware address. */ if (strcmp(info->name, "fallback") != 0) @@ -976,7 +962,7 @@ if (!quiet_interface_discovery) log_info ("Listening on Socket/%s%s%s", -@@ -505,7 +505,7 @@ if_register6(struct interface_info *info, int do_multicast) { +@@ -508,7 +508,7 @@ if_register6(struct interface_info *info if (req_multi) if_register_multicast(info); @@ -985,7 +971,7 @@ if (!quiet_interface_discovery) { if (info->shared_network != NULL) { -@@ -561,7 +561,7 @@ if_register_linklocal6(struct interface_info *info) { +@@ -564,7 +564,7 @@ if_register_linklocal6(struct interface_ info->rfdesc = sock; info->wfdesc = sock; @@ -994,7 +980,7 @@ if (!quiet_interface_discovery) { if (info->shared_network != NULL) { -@@ -1145,7 +1145,9 @@ void maybe_setup_fallback () +@@ -1148,7 +1148,9 @@ void maybe_setup_fallback () #if defined(sun) && defined(USE_V4_PKTINFO) /* This code assumes the existence of SIOCGLIFHWADDR */ void @@ -1005,10 +991,8 @@ struct sockaddr_dl *dladdrp; int sock, i; struct lifreq lifr; -diff --git a/includes/dhcpd.h b/includes/dhcpd.h -index fa7d6fb..e55309e 100644 ---- a/includes/dhcpd.h -+++ b/includes/dhcpd.h +--- includes/dhcpd.h.orig ++++ includes/dhcpd.h @@ -1345,6 +1345,7 @@ struct interface_info { struct shared_network *shared_network; /* Networks connected to this interface. */ @@ -1017,7 +1001,7 @@ struct in_addr *addresses; /* Addresses associated with this * interface. */ -@@ -2583,7 +2584,7 @@ void print_dns_status (int, struct dhcp_ddns_cb *, isc_result_t); +@@ -2584,7 +2585,7 @@ void print_dns_status (int, struct dhcp_ #endif const char *print_time(TIME); @@ -1026,11 +1010,9 @@ char *buf_to_hex (const unsigned char *s, unsigned len, const char *file, int line); char *format_lease_id(const unsigned char *s, unsigned len, int format, -diff --git a/server/dhcp.c b/server/dhcp.c -index c9b3632..effa9b1 100644 ---- a/server/dhcp.c -+++ b/server/dhcp.c -@@ -1967,11 +1967,12 @@ void echo_client_id(packet, lease, in_options, out_options) +--- server/dhcp.c.orig ++++ server/dhcp.c +@@ -1991,11 +1991,12 @@ void echo_client_id(packet, lease, in_op /* Check if echo-client-id is enabled */ oc = lookup_option(&server_universe, in_options, SV_ECHO_CLIENT_ID); @@ -1045,7 +1027,7 @@ struct data_string client_id; unsigned int opcode = DHO_DHCP_CLIENT_IDENTIFIER; -@@ -3766,9 +3767,11 @@ void dhcp_reply (lease) +@@ -3801,9 +3802,11 @@ void dhcp_reply (lease) } else bufs |= 2; /* XXX */ @@ -1060,11 +1042,9 @@ raw.htype = lease -> hardware_addr.hbuf [0]; /* See if this is a Microsoft client that NUL-terminates its -diff --git a/server/dhcpleasequery.c b/server/dhcpleasequery.c -index 75a0e72..6207c31 100644 ---- a/server/dhcpleasequery.c -+++ b/server/dhcpleasequery.c -@@ -299,7 +299,7 @@ dhcpleasequery(struct packet *packet, int ms_nulltp) { +--- server/dhcpleasequery.c.orig ++++ server/dhcpleasequery.c +@@ -299,7 +299,7 @@ dhcpleasequery(struct packet *packet, in assoc_ips, nassoc_ips); @@ -1073,7 +1053,7 @@ if (packet->raw->hlen+1 > sizeof(h.hbuf)) { log_info("%s: hardware length too long, " -@@ -409,11 +409,13 @@ dhcpleasequery(struct packet *packet, int ms_nulltp) { +@@ -409,11 +409,13 @@ dhcpleasequery(struct packet *packet, in * Set the hardware address fields. */ @@ -1091,11 +1071,9 @@ /* * Set client identifier option. -diff --git a/server/mdb.c b/server/mdb.c -index 6af6b63..a143452 100644 ---- a/server/mdb.c -+++ b/server/mdb.c -@@ -618,6 +618,9 @@ int find_hosts_by_haddr (struct host_decl **hp, int htype, +--- server/mdb.c.orig ++++ server/mdb.c +@@ -618,6 +618,9 @@ int find_hosts_by_haddr (struct host_dec return ret; #endif ++++++ 0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch ++++++ --- /var/tmp/diff_new_pack.DpUF1a/_old 2018-03-24 16:12:30.333714838 +0100 +++ /var/tmp/diff_new_pack.DpUF1a/_new 2018-03-24 16:12:30.337714694 +0100 @@ -7,10 +7,8 @@ wordsize and do a proper EOT checking on lease duration. It also fixes integer overflows in the date and time handling code. -diff --git a/common/parse.c b/common/parse.c -index 22e7d58..e9e53a4 100644 ---- a/common/parse.c -+++ b/common/parse.c +--- common/parse.c.orig ++++ common/parse.c @@ -939,7 +939,7 @@ TIME parse_date_core(cfile) struct parse *cfile; @@ -56,16 +54,14 @@ (year - 69) / 4 + /* Leap days since '70 */ (mon /* Days in months this year */ ? months [mon - 1] -diff --git a/includes/dhcpd.h b/includes/dhcpd.h -index 4270edc..1af4c5b 100644 ---- a/includes/dhcpd.h -+++ b/includes/dhcpd.h -@@ -1561,7 +1561,7 @@ typedef unsigned char option_mask [16]; - #define DHCPD_LOG_FACILITY LOG_DAEMON +--- includes/dhcpd.h.orig ++++ includes/dhcpd.h +@@ -1588,7 +1588,7 @@ typedef unsigned char option_mask [16]; #endif --#define MAX_TIME 0x7fffffff + #define INFINITE_TIME 0xffffffff +-#define MAX_TIME 0x7fffffff +#define MAX_TIME LONG_MAX - #define MIN_TIME 0 + #define MIN_TIME 0 #ifdef USE_LOG_PID
