Hello community,
here is the log from the commit of package dhcp for openSUSE:Factory
checked in at Wed Aug 31 10:47:54 CEST 2011.
--------
--- dhcp/dhcp.changes 2011-05-12 10:43:04.000000000 +0200
+++ /mounts/work_src_done/STABLE/dhcp/dhcp.changes 2011-08-29 17:37:52.000000000 +0200
@@ -1,0 +2,47 @@
+Mon Aug 29 15:15:44 UTC 2011 - mt@suse.de
+
+- Updated to ISC dhcp-4.2.2 release, providing two security fixes
+ (CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that
+ allowed remote attackers to cause a denial of service (a daemon
+ exit) via crafted BOOTP packets. Further also DNS update fix to
+ detect overlapping pools or misconfigured fixed-address entries,
+ that caused a server crash during DNS update and other fixes.
+ For a complete list, please see the RELNOTES file provided in
+ the package and also available online at http://www.isc.org/.
+- Merged/adopted dhclient option-checks, send-hostname-rml, ldap
+ patch, xen-checksum, close-on-exec patches and removed obsolete
+ in6_pktinfo-prototype and relay-no-ip-on-interface patches.
+- Moved server pid files into chroot directory even chroot is
+ not used and create a link in /var/run, so it can write one
+ when started as user without chroot and avoid stop problems
+ when the chroot sysconfig setting changed (bnc#712438).
+- Disabled log-info level messages in dhclient(6) quiet mode to
+ avoid excessive logging of non-critical messages (bnc#711420).
+- Fixed dhclient-script to not remove alias IP when it didn't
+ changed to not wipe out iptables connmark when renewing the
+ lease (bnc#700771). Thanks to James Carter for the patch.
+- Fixed DDNS-howto.txt reference in the config file; it has been
+ moved to the dhcp-doc package (bnc#697279).
+- Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz
+ to ensure, they're not used to build non-GPL dhcp (bnc#714004).
+- Changed to apply strict-aliasing/RELRO for >= 12.x only
+
+-------------------------------------------------------------------
+Wed Jul 20 18:53:07 UTC 2011 - crrodriguez@opensuse.org
+
+- Correct previous change.
+
+-------------------------------------------------------------------
+Wed Jul 20 04:45:40 UTC 2011 - crrodriguez@opensuse.org
+
+- THis is a long running network daemon, link with
+ full RELRO security enhancements.
+- remove -fno-strict-aliasing from CFLAGS, no longer needed.
+
+-------------------------------------------------------------------
+Tue May 17 03:58:24 UTC 2011 - crrodriguez@opensuse.org
+
+- Import redhat's patch to open all needed FDs with O_CLOEXEC
+ so they dont leak.
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
dhcp-4.1.1-P1-relay-no-ip-on-interface.diff
dhcp-4.1.1-in6_pktinfo-prototype.diff
dhcp-4.1.1-man-includes.diff
dhcp-4.2.0-xen-checksum.patch
dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff
dhcp-4.2.1-P1-ldap-patch-mt01.diff.bz2
dhcp-4.2.1-P1.tar.bz2
dhcp-4.2.1-dhclient-send-hostname-rml.diff
New:
----
dhcp-4.2.2-close-on-exec.diff
dhcp-4.2.2-dhclient-option-checks.bnc675052.diff
dhcp-4.2.2-dhclient-send-hostname-rml.diff
dhcp-4.2.2-ldap-patch-mt01.diff.bz2
dhcp-4.2.2-man-includes.diff
dhcp-4.2.2-quiet-dhclient.bnc711420.diff
dhcp-4.2.2-xen-checksum.diff
dhcp-4.2.2.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dhcp.spec ++++++
--- /var/tmp/diff_new_pack.57d6Rw/_old 2011-08-31 10:47:04.000000000 +0200
+++ /var/tmp/diff_new_pack.57d6Rw/_new 2011-08-31 10:47:04.000000000 +0200
@@ -17,7 +17,7 @@
# norootforbuild
-%define isc_version 4.2.1-P1
+%define isc_version 4.2.2
%define susefw2dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%define omc_prefix /usr/share/omc
%define omc_svcdir %{omc_prefix}/svcinfo.d
@@ -39,8 +39,8 @@
License: BSD3c(or similar)
Group: Productivity/Networking/Boot/Servers
AutoReqProv: on
-Version: 4.2.1.P1
-Release: 5
+Version: 4.2.2
+Release: 1
Summary: Common Files Used by ISC DHCP Software
Url: http://www.isc.org/software/dhcp
Source0: dhcp-%{isc_version}.tar.bz2
@@ -75,18 +75,18 @@
# paranoia patch is included now, but not the
# additional patch by thomas@suse.de not ...
Patch11: dhcp-4.1.1-paranoia.diff
-Patch12: dhcp-4.1.1-man-includes.diff
+Patch12: dhcp-4.2.2-man-includes.diff
Patch13: dhcp-4.1.1-tmpfile.diff
-Patch14: dhcp-4.1.1-in6_pktinfo-prototype.diff
Patch15: contrib-lease-path.diff
Patch20: dhcp-4.1.1-dhclient-exec-filedes.diff
-Patch21: dhcp-4.2.1-dhclient-send-hostname-rml.diff
-## patch lives here: http://www.suse.de/~mt/git/dhcp-ldap.git/
-Patch30: dhcp-4.2.1-P1-ldap-patch-mt01.diff.bz2
+Patch21: dhcp-4.2.2-dhclient-send-hostname-rml.diff
+## patch repo lives here: http://www.suse.de/~mt/git/dhcp-ldap.git/
+Patch30: dhcp-4.2.2-ldap-patch-mt01.diff.bz2
Patch40: dhcp-4.1.1-P1-lpf-bind-msg-fix.diff
-Patch41: dhcp-4.1.1-P1-relay-no-ip-on-interface.diff
-Patch44: dhcp-4.2.0-xen-checksum.patch
-Patch45: dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff
+Patch44: dhcp-4.2.2-xen-checksum.diff
+Patch45: dhcp-4.2.2-dhclient-option-checks.bnc675052.diff
+Patch46: dhcp-4.2.2-close-on-exec.diff
+Patch47: dhcp-4.2.2-quiet-dhclient.bnc711420.diff
##
PreReq: /bin/touch /sbin/chkconfig sysconfig
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -216,7 +216,6 @@
%patch11 -p1
%patch12 -p1
%patch13 -p1
-%patch14 -p1
%patch15 -p0
%patch20 -p1
%patch21 -p1
@@ -224,15 +223,26 @@
%patch30 -p1
%endif
%patch40 -p1
-%patch41 -p1
%patch44 -p1
%patch45 -p1
+%patch46 -p1
+%patch47 -p1
##
find . -type f -name \*.cat\* -exec rm -f {} \;
dos2unix contrib/ms2isc/*
%build
-CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing -Wno-unused"
+# Remove GPL licensed files to make sure,
+# they're not used to build (bnc#714004).
+pushd bind
+gunzip -c bind.tar.gz | tar xf -
+rm -rf bind-*/contrib/dbus
+popd
+%if %suse_version >= 1210
+CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -W -Wall -Wno-unused"
+%else
+CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -W -Wall -fno-strict-aliasing -Wno-unused"
+%endif
%ifarch ppc ppc64 s390x
# bugs 134590, 171532
CFLAGS="$CFLAGS -fsigned-char"
@@ -242,7 +252,11 @@
%else
CFLAGS="$CFLAGS -fpie"
%endif
+%if %suse_version >= 1210
+LDFLAGS="-Wl,-z,relro,-z,now -pie"
+%else
LDFLAGS="-pie"
+%endif
FFLAGS="$CFLAGS"
CXXFLAGS="$CFLAGS"
export RPM_OPT_FLAGS LDFLAGS
++++++ dhclient-script ++++++
--- /var/tmp/diff_new_pack.57d6Rw/_old 2011-08-31 10:47:04.000000000 +0200
+++ /var/tmp/diff_new_pack.57d6Rw/_new 2011-08-31 10:47:04.000000000 +0200
@@ -400,8 +400,8 @@
BOUND|RENEW|REBIND|REBOOT)
####################################################################
- if [ x$old_ip_address != x -a x$alias_ip_address != x ] && \
- [ x$alias_ip_address != x$old_ip_address ] ;
+ if [ x$alias_ip_address != x -a x$alias_ip_address != x$old_ip_address -a \
+ x$new_ip_address != x$old_ip_address ] ;
then
# Possible new alias. Remove old alias.
/sbin/ip addr del $alias_ip_address/$alias_subnet_mask dev $interface
@@ -426,7 +426,8 @@
set_ipv4_routes
fi
- if [ x$new_ip_address != x$alias_ip_address -a x$alias_ip_address != x ];
+ if [ x$new_ip_address != x$alias_ip_address -a x$alias_ip_address != x \
+ -a x$new_ip_address != x$old_ip_address ];
then
/sbin/ip addr add $alias_ip_address/$alias_subnet_mask \
dev $interface
++++++ dhcp-4.2.2-close-on-exec.diff ++++++
diff --git a/client/clparse.c b/client/clparse.c
index 9de4ce2..ca24ba6 100644
--- a/client/clparse.c
+++ b/client/clparse.c
@@ -220,7 +220,7 @@ int read_client_conf_file (const char *name, struct interface_info *ip,
int token;
isc_result_t status;
- if ((file = open (name, O_RDONLY)) < 0)
+ if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0)
return uerr2isc (errno);
cfile = NULL;
@@ -257,7 +257,7 @@ void read_client_leases ()
/* Open the lease file. If we can't open it, just return -
we can safely trust the server to remember our state. */
- if ((file = open (path_dhclient_db, O_RDONLY)) < 0)
+ if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0)
return;
cfile = NULL;
diff --git a/client/dhclient.c b/client/dhclient.c
index 82c26bb..a1cab01 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -131,11 +131,11 @@ main(int argc, char **argv) {
/* Make sure that file descriptors 0 (stdin), 1, (stdout), and
2 (stderr) are open. To do this, we assume that when we
open a file the lowest available file descriptor is used. */
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 0)
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 1)
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 2)
log_perror = 0; /* No sense logging to /dev/null. */
else if (fd != -1)
@@ -423,7 +423,7 @@ main(int argc, char **argv) {
int e;
oldpid = 0;
- if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) {
+ if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) {
e = fscanf(pidfd, "%ld\n", &temp);
oldpid = (pid_t)temp;
@@ -2689,7 +2689,7 @@ void rewrite_client_leases ()
if (leaseFile != NULL)
fclose (leaseFile);
- leaseFile = fopen (path_dhclient_db, "w");
+ leaseFile = fopen (path_dhclient_db, "we");
if (leaseFile == NULL) {
log_error ("can't create %s: %m", path_dhclient_db);
return;
@@ -2799,7 +2799,7 @@ write_duid(struct data_string *duid)
return DHCP_R_INVALIDARG;
if (leaseFile == NULL) { /* XXX? */
- leaseFile = fopen(path_dhclient_db, "w");
+ leaseFile = fopen(path_dhclient_db, "we");
if (leaseFile == NULL) {
log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR;
@@ -2847,7 +2847,7 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease,
return DHCP_R_INVALIDARG;
if (leaseFile == NULL) { /* XXX? */
- leaseFile = fopen(path_dhclient_db, "w");
+ leaseFile = fopen(path_dhclient_db, "we");
if (leaseFile == NULL) {
log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR;
@@ -2979,7 +2979,7 @@ int write_client_lease (client, lease, rewrite, makesure)
return 1;
if (leaseFile == NULL) { /* XXX */
- leaseFile = fopen (path_dhclient_db, "w");
+ leaseFile = fopen (path_dhclient_db, "we");
if (leaseFile == NULL) {
log_error ("can't create %s: %m", path_dhclient_db);
return 0;
@@ -3472,9 +3472,9 @@ void go_daemon ()
close(2);
/* Reopen them on /dev/null. */
- open("/dev/null", O_RDWR);
- open("/dev/null", O_RDWR);
- open("/dev/null", O_RDWR);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
write_client_pid_file ();
diff --git a/common/bpf.c b/common/bpf.c
index 8bd5727..7b8f1d4 100644
--- a/common/bpf.c
+++ b/common/bpf.c
@@ -94,7 +94,7 @@ int if_register_bpf (info)
for (b = 0; 1; b++) {
/* %Audit% 31 bytes max. %2004.06.17,Safe% */
sprintf(filename, BPF_FORMAT, b);
- sock = open (filename, O_RDWR, 0);
+ sock = open (filename, O_RDWR | O_CLOEXEC, 0);
if (sock < 0) {
if (errno == EBUSY) {
continue;
diff --git a/common/discover.c b/common/discover.c
index 1d84219..93a278e 100644
--- a/common/discover.c
+++ b/common/discover.c
@@ -421,7 +421,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) {
int len;
int i;
- ifaces->fp = fopen("/proc/net/dev", "r");
+ ifaces->fp = fopen("/proc/net/dev", "re");
if (ifaces->fp == NULL) {
log_error("Error opening '/proc/net/dev' to list interfaces");
return 0;
@@ -456,7 +456,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) {
#ifdef DHCPv6
if (local_family == AF_INET6) {
- ifaces->fp6 = fopen("/proc/net/if_inet6", "r");
+ ifaces->fp6 = fopen("/proc/net/if_inet6", "re");
if (ifaces->fp6 == NULL) {
log_error("Error opening '/proc/net/if_inet6' to "
"list IPv6 interfaces; %m");
diff --git a/common/dlpi.c b/common/dlpi.c
index b9eb1d3..c044ec6 100644
--- a/common/dlpi.c
+++ b/common/dlpi.c
@@ -806,7 +806,7 @@ dlpiopen(const char *ifname) {
}
*dp = '\0';
- return open (devname, O_RDWR, 0);
+ return open (devname, O_RDWR | O_CLOEXEC, 0);
}
/*
diff --git a/common/nit.c b/common/nit.c
index 0da9c36..896cbb6 100644
--- a/common/nit.c
+++ b/common/nit.c
@@ -81,7 +81,7 @@ int if_register_nit (info)
struct strioctl sio;
/* Open a NIT device */
- sock = open ("/dev/nit", O_RDWR);
+ sock = open ("/dev/nit", O_RDWR | O_CLOEXEC);
if (sock < 0)
log_fatal ("Can't open NIT device for %s: %m", info -> name);
diff --git a/common/resolv.c b/common/resolv.c
index b29d4cf..d946ccc 100644
--- a/common/resolv.c
+++ b/common/resolv.c
@@ -49,7 +49,7 @@ void read_resolv_conf (parse_time)
struct domain_search_list *dp, *dl, *nd;
isc_result_t status;
- if ((file = open (path_resolv_conf, O_RDONLY)) < 0) {
+ if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) {
log_error ("Can't open %s: %m", path_resolv_conf);
return;
}
diff --git a/common/upf.c b/common/upf.c
index fff3949..4f9318e 100644
--- a/common/upf.c
+++ b/common/upf.c
@@ -77,7 +77,7 @@ int if_register_upf (info)
/* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */
sprintf(filename, "/dev/pf/pfilt%d", b);
- sock = open (filename, O_RDWR, 0);
+ sock = open (filename, O_RDWR | O_CLOEXEC, 0);
if (sock < 0) {
if (errno == EBUSY) {
continue;
diff --git a/dst/dst_api.c b/dst/dst_api.c
index 8925c66..fa4eb5f 100644
--- a/dst/dst_api.c
+++ b/dst/dst_api.c
@@ -437,7 +437,7 @@ dst_s_write_private_key(const DST_KEY *key)
PRIVATE_KEY, PATH_MAX);
/* Do not overwrite an existing file */
- if ((fp = dst_s_fopen(file, "w", 0600)) != NULL) {
+ if ((fp = dst_s_fopen(file, "we", 0600)) != NULL) {
int nn;
if ((nn = fwrite(encoded_block, 1, len, fp)) != len) {
EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n",
@@ -494,7 +494,7 @@ dst_s_read_public_key(const char *in_name, const unsigned in_id, int in_alg)
* flags, proto, alg stored as decimal (or hex numbers FIXME).
* (FIXME: handle parentheses for line continuation.)
*/
- if ((fp = dst_s_fopen(name, "r", 0)) == NULL) {
+ if ((fp = dst_s_fopen(name, "re", 0)) == NULL) {
EREPORT(("dst_read_public_key(): Public Key not found %s\n",
name));
return (NULL);
@@ -620,7 +620,7 @@ dst_s_write_public_key(const DST_KEY *key)
return (0);
}
/* create public key file */
- if ((fp = dst_s_fopen(filename, "w+", 0644)) == NULL) {
+ if ((fp = dst_s_fopen(filename, "w+e", 0644)) == NULL) {
EREPORT(("DST_write_public_key: open of file:%s failed (errno=%d)\n",
filename, errno));
return (0);
@@ -854,7 +854,7 @@ dst_s_read_private_key_file(char *name, DST_KEY *pk_key, unsigned in_id,
return (0);
}
/* first check if we can find the key file */
- if ((fp = dst_s_fopen(filename, "r", 0)) == NULL) {
+ if ((fp = dst_s_fopen(filename, "re", 0)) == NULL) {
EREPORT(("dst_s_read_private_key_file: Could not open file %s in directory %s\n",
filename, dst_path[0] ? dst_path :
(char *) getcwd(NULL, PATH_MAX - 1)));
diff --git a/dst/prandom.c b/dst/prandom.c
index 4de3fe4..fbbe07c 100644
--- a/dst/prandom.c
+++ b/dst/prandom.c
@@ -269,7 +269,7 @@ get_dev_random(u_char *output, unsigned size)
s = stat("/dev/random", &st);
if (s == 0 && S_ISCHR(st.st_mode)) {
- if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) {
+ if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK | O_CLOEXEC)) != -1) {
if ((n = read(fd, output, size)) < 0)
n = 0;
close(fd);
@@ -480,7 +480,7 @@ digest_file(dst_work *work)
work->file_digest = dst_free_key(work->file_digest);
return (0);
}
- if ((fp = fopen(name, "r")) == NULL)
+ if ((fp = fopen(name, "re")) == NULL)
return (0);
for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0;
no += i)
diff --git a/omapip/trace.c b/omapip/trace.c
index 9fd3fb5..9c4e11e 100644
--- a/omapip/trace.c
+++ b/omapip/trace.c
@@ -141,10 +141,10 @@ isc_result_t trace_begin (const char *filename,
return DHCP_R_INVALIDARG;
}
- traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600);
+ traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600);
if (traceoutfile < 0 && errno == EEXIST) {
log_error ("WARNING: Overwriting trace file \"%s\"", filename);
- traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC,
+ traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC | O_CLOEXEC,
0600);
}
@@ -431,7 +431,7 @@ void trace_file_replay (const char *filename)
isc_result_t result;
int len;
- traceinfile = fopen (filename, "r");
+ traceinfile = fopen (filename, "re");
if (!traceinfile) {
log_error("Can't open tracefile %s: %m", filename);
return;
diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
index f21f16f..d2aa90e 100644
--- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
@@ -183,11 +183,11 @@ main(int argc, char **argv) {
/* Make sure that file descriptors 0(stdin), 1,(stdout), and
2(stderr) are open. To do this, we assume that when we
open a file the lowest available file descriptor is used. */
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 0)
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 1)
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 2)
log_perror = 0; /* No sense logging to /dev/null. */
else if (fd != -1)
@@ -540,13 +540,14 @@ main(int argc, char **argv) {
if (no_pid_file == ISC_FALSE) {
pfdesc = open(path_dhcrelay_pid,
- O_CREAT | O_TRUNC | O_WRONLY, 0644);
+ O_CREAT | O_TRUNC | O_WRONLY |
+ O_CLOEXEC, 0644);
if (pfdesc < 0) {
log_error("Can't create %s: %m",
path_dhcrelay_pid);
} else {
- pf = fdopen(pfdesc, "w");
+ pf = fdopen(pfdesc, "we");
if (!pf)
log_error("Can't fdopen %s: %m",
path_dhcrelay_pid);
diff --git a/server/confpars.c b/server/confpars.c
index c0742d4..62568e9 100644
--- a/server/confpars.c
+++ b/server/confpars.c
@@ -116,7 +116,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
}
#endif
- if ((file = open (filename, O_RDONLY)) < 0) {
+ if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) {
if (leasep) {
log_error ("Can't open lease database %s: %m --",
path_dhcpd_db);
diff --git a/server/db.c b/server/db.c
index dc75321..be5db26 100644
--- a/server/db.c
+++ b/server/db.c
@@ -1035,7 +1035,7 @@ void db_startup (testp)
}
#endif
if (!testp) {
- db_file = fopen (path_dhcpd_db, "a");
+ db_file = fopen (path_dhcpd_db, "ae");
if (!db_file)
log_fatal ("Can't open %s for append.", path_dhcpd_db);
expire_all_pools ();
@@ -1074,7 +1074,7 @@ int new_lease_file ()
db_validity = lease_file_is_corrupt;
snprintf (newfname, sizeof(newfname), "%s.XXXXXX", path_dhcpd_db);
- db_fd = mkstemp (newfname);
+ db_fd = mkostemp (newfname, O_CLOEXEC);
if (db_fd < 0) {
log_error ("Can't create new lease file: %m");
return 0;
@@ -1083,7 +1083,7 @@ int new_lease_file ()
log_error ("Can't fchmod new lease file: %m");
goto fail;
}
- if ((new_db_file = fdopen(db_fd, "w")) == NULL) {
+ if ((new_db_file = fdopen(db_fd, "we")) == NULL) {
log_error("Can't fdopen new lease file: %m");
close(db_fd);
goto fdfail;
diff --git a/server/dhcpd.c b/server/dhcpd.c
index 27e04e4..9233d26 100644
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -274,11 +274,11 @@ main(int argc, char **argv) {
/* Make sure that file descriptors 0 (stdin), 1, (stdout), and
2 (stderr) are open. To do this, we assume that when we
open a file the lowest available file descriptor is used. */
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 0)
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 1)
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 2)
log_perror = 0; /* No sense logging to /dev/null. */
else if (fd != -1)
@@ -809,7 +809,7 @@ main(int argc, char **argv) {
*/
if (no_pid_file == ISC_FALSE) {
/*Read previous pid file. */
- if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) {
+ if ((i = open (path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) {
status = read(i, pbuf, (sizeof pbuf) - 1);
close (i);
if (status > 0) {
@@ -828,7 +828,7 @@ main(int argc, char **argv) {
}
/* Write new pid file. */
- i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644);
+ i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644);
if (i >= 0) {
sprintf(pbuf, "%d\n", (int) getpid());
IGNORE_RET (write(i, pbuf, strlen(pbuf)));
@@ -856,9 +856,9 @@ main(int argc, char **argv) {
close(2);
/* Reopen them on /dev/null. */
- open("/dev/null", O_RDWR);
- open("/dev/null", O_RDWR);
- open("/dev/null", O_RDWR);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
log_perror = 0; /* No sense logging to /dev/null. */
IGNORE_RET (chdir("/"));
diff --git a/server/ldap.c b/server/ldap.c
index 68acbbb..77efe26 100644
--- a/server/ldap.c
+++ b/server/ldap.c
@@ -1098,7 +1098,7 @@ ldap_start (void)
if (ldap_debug_file != NULL && ldap_debug_fd == -1)
{
- if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY,
+ if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC,
S_IRUSR | S_IWUSR)) < 0)
log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file,
strerror (errno));
--
1.7.3.4
++++++ dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff -> dhcp-4.2.2-dhclient-option-checks.bnc675052.diff ++++++
--- dhcp/dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff 2011-04-27 16:22:54.000000000 +0200
+++ /mounts/work_src_done/STABLE/dhcp/dhcp-4.2.2-dhclient-option-checks.bnc675052.diff 2011-08-29 17:37:14.000000000 +0200
@@ -1,25 +1,8 @@
-From 7c0b7ae289a0f25853bd4bb660f3dd34b5c1ce88 Mon Sep 17 00:00:00 2001
-From: Marius Tomaschewski
-Date: Wed, 27 Apr 2011 13:56:47 +0200
-Subject: [PATCH] dhclient string option checks
-
-Merged dhclient pretty escape and string option checks.
-Use relaxed domain-name option check causing a regression, when the
-server is misusing it to provide a domain list and does not provide
-it via the domain-search option; pretty escape semicolon as well
-(bnc#675052, CVE-2011-0997).
-
-Signed-off-by: Marius Tomaschewski
----
- client/dhclient.c | 8 ++++----
- common/options.c | 2 +-
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
diff --git a/client/dhclient.c b/client/dhclient.c
-index 970b935..93db494 100644
+index 9fd7ccc..82c26bb 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
-@@ -3142,7 +3142,7 @@ void script_write_params (client, prefix, lease)
+@@ -3251,7 +3251,7 @@ void script_write_params (client, prefix, lease)
} else {
log_error("suspect value in %s "
"option - discarded",
@@ -28,7 +11,7 @@
}
}
-@@ -3155,7 +3155,7 @@ void script_write_params (client, prefix, lease)
+@@ -3264,7 +3264,7 @@ void script_write_params (client, prefix, lease)
} else {
log_error("suspect value in %s "
"option - discarded",
@@ -37,7 +20,7 @@
}
}
-@@ -4077,7 +4077,7 @@ static int check_domain_name(const char *ptr, size_t len, int dots)
+@@ -4193,7 +4193,7 @@ static int check_domain_name(const char *ptr, size_t len, int dots)
const char *p;
/* not empty or complete length not over 255 characters */
@@ -46,21 +29,8 @@
return(-1);
/* consists of [[:alnum:]-]+ labels separated by [.] */
-@@ -4140,11 +4140,11 @@ static int check_option_values(struct universe *universe,
- if ((universe == NULL) || (universe == &dhcp_universe)) {
- switch(opt) {
- case DHO_HOST_NAME:
-- case DHO_DOMAIN_NAME:
- case DHO_NIS_DOMAIN:
- case DHO_NETBIOS_SCOPE:
- return check_domain_name(ptr, len, 0);
- break;
-+ case DHO_DOMAIN_NAME: /* accept a list for compatibiliy */
- case DHO_DOMAIN_SEARCH:
- return check_domain_name_list(ptr, len, 0);
- break;
diff --git a/common/options.c b/common/options.c
-index c26f88c..8b4be65 100644
+index 80fd8db..6b95f3b 100644
--- a/common/options.c
+++ b/common/options.c
@@ -3916,7 +3916,7 @@ pretty_escape(char **dst, char *dend, const unsigned char **src,
++++++ dhcp-4.2.1-dhclient-send-hostname-rml.diff -> dhcp-4.2.2-dhclient-send-hostname-rml.diff ++++++
--- dhcp/dhcp-4.2.1-dhclient-send-hostname-rml.diff 2011-03-30 17:57:23.000000000 +0200
+++ /mounts/work_src_done/STABLE/dhcp/dhcp-4.2.2-dhclient-send-hostname-rml.diff 2011-08-29 17:37:14.000000000 +0200
@@ -1,34 +1,34 @@
diff --git a/client/dhclient.8 b/client/dhclient.8
-index 7a3c154..e284210 100644
+index 6306b08..1394c38 100644
--- a/client/dhclient.8
+++ b/client/dhclient.8
-@@ -64,6 +64,10 @@ dhclient - Dynamic Host Configuration Protocol Client
- .I port
+@@ -60,6 +60,10 @@ dhclient - Dynamic Host Configuration Protocol Client
+ .I LL|LLT
]
[
+.B -H
+.I hostname
+]
+[
- .B -d
+ .B -p
+ .I port
]
- [
-@@ -305,6 +309,10 @@ If a different port is specified on which the client should listen and
- transmit, the client will also use a different destination port -
- one less than the specified port.
+@@ -299,6 +303,10 @@ PID file. When shutdown via this method
+ .B dhclient-script(8)
+ will be executed with the specific reason for calling the script set.
.TP
+.BI \-H \ hostname
+This flag may be used to specify a client hostname that should be sent to
+the DHCP server. Note, that this option is a SUSE/Novell extension.
+.TP
- .BI \-s \ server
- Specify the server IP address or fully qualified domain name to use as
- a destination for DHCP protocol messages before
+ .BI \-p \ port
+ The UDP port number on which the DHCP client should listen and transmit.
+ If unspecified,
diff --git a/client/dhclient.c b/client/dhclient.c
-index dc19e8b..bd02cc9 100644
+index 9b53f07..9fd7ccc 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
-@@ -110,6 +110,7 @@ main(int argc, char **argv) {
+@@ -119,6 +119,7 @@ main(int argc, char **argv) {
int no_dhclient_db = 0;
int no_dhclient_pid = 0;
int no_dhclient_script = 0;
@@ -36,24 +36,30 @@
#ifdef DHCPv6
int local_family_set = 0;
#endif /* DHCPv6 */
-@@ -220,6 +221,16 @@ main(int argc, char **argv) {
+@@ -231,6 +232,22 @@ main(int argc, char **argv) {
if (++i == argc)
usage();
mockup_relay = argv[i];
+ } else if (!strcmp (argv[i], "-H")) {
++ size_t len;
+ if (++i == argc || !argv[i] || *(argv[i]) == '\0')
+ usage ();
-+ if (strlen (argv[i]) > HOST_NAME_MAX) {
++ len = strlen (argv[i]);
++ if (len > HOST_NAME_MAX) {
+ log_error("-H option host-name string \"%s\" is too long:"
+ "maximum length is %d characters",
+ argv[i], HOST_NAME_MAX);
+ exit(1);
++ } else if(check_domain_name(argv[i], len, 0) != 0) {
++ log_error("suspect host-name in -H \"%s\"",
++ argv[i]);
++ exit(1);
+ }
+ dhclient_hostname = argv [i];
} else if (!strcmp(argv[i], "-nw")) {
nowait = 1;
} else if (!strcmp(argv[i], "-n")) {
-@@ -468,6 +479,32 @@ main(int argc, char **argv) {
+@@ -484,6 +501,35 @@ main(int argc, char **argv) {
/* Parse the dhclient.conf file. */
read_client_conf();
@@ -63,10 +69,12 @@
+ char buf[HOST_NAME_MAX + 40];
+ int len;
+
-+ snprintf (buf, sizeof(buf), "send host-name \"%s\";", dhclient_hostname);
++ snprintf (buf, sizeof(buf), "send host-name \"%s\";",
++ dhclient_hostname);
+ len = strlen(buf);
+
-+ status = new_parse (&cfile, -1, buf, len, "host-name option", 0);
++ status = new_parse (&cfile, -1, buf, len,
++ "host-name option", 0);
+ if (status != ISC_R_SUCCESS)
+ log_fatal ("Cannot parse send host-name statement!");
+
@@ -78,7 +86,8 @@
+ if (token == END_OF_FILE)
+ break;
+
-+ parse_client_statement (cfile, NULL, &top_level_config);
++ parse_client_statement (cfile, NULL,
++ &top_level_config);
+ }
+ end_parse (&cfile);
+ }
@@ -86,19 +95,15 @@
/* Parse the lease database. */
read_client_leases();
-@@ -676,12 +713,12 @@ static void usage()
+@@ -708,9 +754,9 @@ static void usage()
- log_error("Usage: dhclient %s %s",
+ log_fatal("Usage: dhclient "
#ifdef DHCPv6
-- "[-4|-6] [-SNTP1dvrx] [-nw] [-p <port>] [-D LL|LLT]",
-+ "[-4|-6] [-SNTP1dvrx] [-nw] [-H <hostname>] [-p <port>] [-D LL|LLT]",
+- "[-4|-6] [-SNTP1dvrx] [-nw] [-p <port>] [-D LL|LLT]\n"
++ "[-4|-6] [-SNTP1dvrx] [-nw] [-H <hostname>] [-p <port>] [-D LL|LLT]\n"
#else /* DHCPv6 */
-- "[-1dvrx] [-nw] [-p <port>]",
-+ "[-1dvrx] [-nw] [-H <hostname>] [-p <port>]",
+- "[-1dvrx] [-nw] [-p <port>]\n"
++ "[-1dvrx] [-nw] [-H <hostname>] [-p <port>]\n"
#endif /* DHCPv6 */
- "[-s server]");
-- log_error(" [-cf config-file] [-lf lease-file]%s",
-+ log_error(" [-cf config-file] [-lf lease-file] %s",
- "[-pf pid-file] [-e VAR=val]");
- log_fatal(" [-sf script-file] [interface]");
- }
+ " [-s server-addr] [-cf config-file] "
+ "[-lf lease-file]\n"
++++++ dhcp-4.2.1-P1-ldap-patch-mt01.diff.bz2 -> dhcp-4.2.2-ldap-patch-mt01.diff.bz2 ++++++
Files dhcp/dhcp-4.2.1-P1-ldap-patch-mt01.diff.bz2 and /mounts/work_src_done/STABLE/dhcp/dhcp-4.2.2-ldap-patch-mt01.diff.bz2 differ
++++++ dhcp-4.1.1-man-includes.diff -> dhcp-4.2.2-man-includes.diff ++++++
--- dhcp/dhcp-4.1.1-man-includes.diff 2010-05-07 16:12:26.000000000 +0200
+++ /mounts/work_src_done/STABLE/dhcp/dhcp-4.2.2-man-includes.diff 2011-08-29 17:37:15.000000000 +0200
@@ -1,26 +1,28 @@
diff --git a/dhcpctl/dhcpctl.3 b/dhcpctl/dhcpctl.3
-index 2e1cb8a..ee44755 100644
+index 9aa1851..7497612 100644
--- a/dhcpctl/dhcpctl.3
+++ b/dhcpctl/dhcpctl.3
-@@ -425,7 +425,7 @@ that most error checking has been ommitted for brevity.
- #include
+@@ -430,8 +430,8 @@ that most error checking has been ommitted for brevity.
#include
+ #include
--#include
-+#include
- #include
+-#include "omapip/result.h"
+-#include "dhcpctl.h"
++#include
++#include
int main (int argc, char **argv) {
+ dhcpctl_data_string ipaddrstring = NULL;
diff --git a/omapip/omapi.3 b/omapip/omapi.3
-index 4673549..8e2503f 100644
+index 4868d7c..23389b0 100644
--- a/omapip/omapi.3
+++ b/omapip/omapi.3
-@@ -87,7 +87,7 @@ the lease ends.
+@@ -88,7 +88,7 @@ the lease ends.
#include
#include
- #include
-+ #include
++ #include
#include
int main (int argc, char **argv) {
++++++ dhcp-4.2.2-quiet-dhclient.bnc711420.diff ++++++
diff --git a/client/dhclient.c b/client/dhclient.c
index a1cab01..ff5ede5 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -444,6 +444,9 @@ main(int argc, char **argv) {
} else {
log_perror = 0;
quiet_interface_discovery = 1;
+#if !defined(DEBUG)
+ setlogmask(LOG_UPTO(LOG_NOTICE));
+#endif
}
/* If we're given a relay agent address to insert, for testing
--
1.7.3.4
++++++ dhcp-4.2.2-xen-checksum.diff ++++++
diff --git a/common/bpf.c b/common/bpf.c
index b0ef657..8bd5727 100644
--- a/common/bpf.c
+++ b/common/bpf.c
@@ -485,7 +485,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
offset = decode_udp_ip_header (interface,
interface -> rbuf,
interface -> rbuf_offset,
- from, hdr.bh_caplen, &paylen);
+ from, hdr.bh_caplen, &paylen, 0);
/* If the IP or UDP checksum was bad, skip the packet... */
if (offset < 0) {
diff --git a/common/dlpi.c b/common/dlpi.c
index 8f2c73d..b9eb1d3 100644
--- a/common/dlpi.c
+++ b/common/dlpi.c
@@ -693,7 +693,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
length -= offset;
#endif
offset = decode_udp_ip_header (interface, dbuf, bufix,
- from, length, &paylen);
+ from, length, &paylen, 0);
/*
* If the IP or UDP checksum was bad, skip the packet...
diff --git a/common/lpf.c b/common/lpf.c
index 16eecc9..4bdb0f1 100644
--- a/common/lpf.c
+++ b/common/lpf.c
@@ -29,19 +29,33 @@
#include "dhcpd.h"
#if defined (USE_LPF_SEND) || defined (USE_LPF_RECEIVE)
#include
+#include
#include
#include
#include
#include
#include
+#include
#include
-#include
#include "includes/netinet/ip.h"
#include "includes/netinet/udp.h"
#include "includes/netinet/if_ether.h"
#include
+#ifndef PACKET_AUXDATA
+#define PACKET_AUXDATA 8
+
+struct tpacket_auxdata
+{
+ __u32 tp_status;
+ __u32 tp_len;
+ __u32 tp_snaplen;
+ __u16 tp_mac;
+ __u16 tp_net;
+};
+#endif
+
/* Reinitializes the specified interface after an address change. This
is not required for packet-filter APIs. */
@@ -67,10 +81,14 @@ int if_register_lpf (info)
struct interface_info *info;
{
int sock;
- struct sockaddr sa;
+ union {
+ struct sockaddr_ll ll;
+ struct sockaddr common;
+ } sa;
+ struct ifreq ifr;
/* Make an LPF socket. */
- if ((sock = socket(PF_PACKET, SOCK_PACKET,
+ if ((sock = socket(PF_PACKET, SOCK_RAW,
htons((short)ETH_P_ALL))) < 0) {
if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT ||
@@ -85,11 +103,16 @@ int if_register_lpf (info)
log_fatal ("Open a socket for LPF: %m");
}
+ memset (&ifr, 0, sizeof ifr);
+ strncpy (ifr.ifr_name, (const char *)info -> ifp, sizeof ifr.ifr_name);
+ if (ioctl (sock, SIOCGIFINDEX, &ifr))
+ log_fatal ("Failed to get interface index: %m");
+
/* Bind to the interface name */
memset (&sa, 0, sizeof sa);
- sa.sa_family = AF_PACKET;
- strncpy (sa.sa_data, (const char *)info -> ifp, sizeof sa.sa_data);
- if (bind (sock, &sa, sizeof sa)) {
+ sa.ll.sll_family = AF_PACKET;
+ sa.ll.sll_ifindex = ifr.ifr_ifindex;
+ if (bind (sock, &sa.common, sizeof sa)) {
if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT ||
errno == EAFNOSUPPORT || errno == EINVAL) {
@@ -171,9 +194,18 @@ static void lpf_gen_filter_setup (struct interface_info *);
void if_register_receive (info)
struct interface_info *info;
{
+ int val;
+
/* Open a LPF device and hang it on this interface... */
info -> rfdesc = if_register_lpf (info);
+ val = 1;
+ if (setsockopt (info -> rfdesc, SOL_PACKET, PACKET_AUXDATA, &val,
+ sizeof val) < 0) {
+ if (errno != ENOPROTOOPT)
+ log_fatal ("Failed to set auxiliary packet data: %m");
+ }
+
#if defined (HAVE_TR_SUPPORT)
if (info -> hw_address.hbuf [0] == HTYPE_IEEE802)
lpf_tr_filter_setup (info);
@@ -295,7 +327,6 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto)
double hh [16];
double ih [1536 / sizeof (double)];
unsigned char *buf = (unsigned char *)ih;
- struct sockaddr_pkt sa;
int result;
int fudge;
@@ -316,17 +347,7 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto)
(unsigned char *)raw, len);
memcpy (buf + ibufp, raw, len);
- /* For some reason, SOCK_PACKET sockets can't be connected,
- so we have to do a sentdo every time. */
- memset (&sa, 0, sizeof sa);
- sa.spkt_family = AF_PACKET;
- strncpy ((char *)sa.spkt_device,
- (const char *)interface -> ifp, sizeof sa.spkt_device);
- sa.spkt_protocol = htons(ETH_P_IP);
-
- result = sendto (interface -> wfdesc,
- buf + fudge, ibufp + len - fudge, 0,
- (const struct sockaddr *)&sa, sizeof sa);
+ result = write (interface -> wfdesc, buf + fudge, ibufp + len - fudge);
if (result < 0)
log_error ("send_packet: %m");
return result;
@@ -343,14 +364,35 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
{
int length = 0;
int offset = 0;
+ int nocsum = 0;
unsigned char ibuf [1536];
unsigned bufix = 0;
unsigned paylen;
-
- length = read (interface -> rfdesc, ibuf, sizeof ibuf);
+ unsigned char cmsgbuf[CMSG_LEN(sizeof(struct tpacket_auxdata))];
+ struct iovec iov = {
+ .iov_base = ibuf,
+ .iov_len = sizeof ibuf,
+ };
+ struct msghdr msg = {
+ .msg_iov = &iov,
+ .msg_iovlen = 1,
+ .msg_control = cmsgbuf,
+ .msg_controllen = sizeof(cmsgbuf),
+ };
+ struct cmsghdr *cmsg;
+
+ length = recvmsg (interface -> rfdesc, &msg, 0);
if (length <= 0)
return length;
+ for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+ if (cmsg->cmsg_level == SOL_PACKET &&
+ cmsg->cmsg_type == PACKET_AUXDATA) {
+ struct tpacket_auxdata *aux = (void *)CMSG_DATA(cmsg);
+ nocsum = aux->tp_status & TP_STATUS_CSUMNOTREADY;
+ }
+ }
+
bufix = 0;
/* Decode the physical header... */
offset = decode_hw_header (interface, ibuf, bufix, hfrom);
@@ -367,7 +409,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
/* Decode the IP and UDP headers... */
offset = decode_udp_ip_header (interface, ibuf, bufix, from,
- (unsigned)length, &paylen);
+ (unsigned)length, &paylen, nocsum);
/* If the IP or UDP checksum was bad, skip the packet... */
if (offset < 0)
diff --git a/common/nit.c b/common/nit.c
index 3822206..0da9c36 100644
--- a/common/nit.c
+++ b/common/nit.c
@@ -369,7 +369,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
/* Decode the IP and UDP headers... */
offset = decode_udp_ip_header (interface, ibuf, bufix,
- from, length, &paylen);
+ from, length, &paylen, 0);
/* If the IP or UDP checksum was bad, skip the packet... */
if (offset < 0)
diff --git a/common/packet.c b/common/packet.c
index 42bca69..fd2d975 100644
--- a/common/packet.c
+++ b/common/packet.c
@@ -211,7 +211,7 @@ ssize_t
decode_udp_ip_header(struct interface_info *interface,
unsigned char *buf, unsigned bufix,
struct sockaddr_in *from, unsigned buflen,
- unsigned *rbuflen)
+ unsigned *rbuflen, int nocsum)
{
unsigned char *data;
struct ip ip;
@@ -322,7 +322,7 @@ decode_udp_ip_header(struct interface_info *interface,
8, IPPROTO_UDP + ulen))));
udp_packets_seen++;
- if (usum && usum != sum) {
+ if (!nocsum && usum && usum != sum) {
udp_packets_bad_checksum++;
if (udp_packets_seen > 4 &&
(udp_packets_seen / udp_packets_bad_checksum) < 2) {
diff --git a/common/upf.c b/common/upf.c
index feb82a2..fff3949 100644
--- a/common/upf.c
+++ b/common/upf.c
@@ -320,7 +320,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
/* Decode the IP and UDP headers... */
offset = decode_udp_ip_header (interface, ibuf, bufix,
- from, length, &paylen);
+ from, length, &paylen, 0);
/* If the IP or UDP checksum was bad, skip the packet... */
if (offset < 0)
diff --git a/includes/dhcpd.h b/includes/dhcpd.h
index adf04cc..ded57a9 100644
--- a/includes/dhcpd.h
+++ b/includes/dhcpd.h
@@ -2793,7 +2793,7 @@ ssize_t decode_hw_header (struct interface_info *, unsigned char *,
unsigned, struct hardware *);
ssize_t decode_udp_ip_header (struct interface_info *, unsigned char *,
unsigned, struct sockaddr_in *,
- unsigned, unsigned *);
+ unsigned, unsigned *, int);
/* ethernet.c */
void assemble_ethernet_header (struct interface_info *, unsigned char *,
--
1.7.3.4
++++++ dhcp-4.2.1-P1.tar.bz2 -> dhcp-4.2.2.tar.bz2 ++++++
dhcp/dhcp-4.2.1-P1.tar.bz2 /mounts/work_src_done/STABLE/dhcp/dhcp-4.2.2.tar.bz2 differ: char 11, line 1
++++++ dhcpd.conf ++++++
--- /var/tmp/diff_new_pack.57d6Rw/_old 2011-08-31 10:47:05.000000000 +0200
+++ /var/tmp/diff_new_pack.57d6Rw/_new 2011-08-31 10:47:05.000000000 +0200
@@ -13,7 +13,7 @@
# if you do not use dynamical DNS updates:
#
# if you want to use dynamical DNS updates, you should first read
-# read /usr/share/doc/packages/dhcp-server/DDNS-howto.txt
+# the manuals and DDNS-howto.txt provided in the dhcp-doc package.
#
ddns-updates off;
++++++ rc.dhcpd ++++++
--- /var/tmp/diff_new_pack.57d6Rw/_old 2011-08-31 10:47:05.000000000 +0200
+++ /var/tmp/diff_new_pack.57d6Rw/_new 2011-08-31 10:47:05.000000000 +0200
@@ -59,6 +59,11 @@
DAEMON_CONF=/etc/dhcpd.conf
DAEMON_STATE=/var/lib/dhcp
DAEMON_LEASES=dhcpd.leases
+# note: $DAEMON_PIDFILE is a symlink to the
+# $DAEMON_STATE$DAEMON_PIDFILE (also
+# while DHCPD_RUN_CHROOTED=no) now,
+# as DHCPD_RUN_AS is not allowed to
+# create pid files in /var/run.
DAEMON_PIDFILE=/var/run/dhcpd.pid
STARTPROC_LOGFILE=/var/log/rc.dhcpd.log
LDAP_CONF=/etc/openldap/ldap.conf
@@ -128,7 +133,7 @@
# remove empty pid files to avoid disturbing warnings by checkproc/killproc
# (these can occur if dhcpd does not start correctly)
test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE
-test -e $CHROOT_PREFIX/$DAEMON_PIDFILE && ! test -s $CHROOT_PREFIX/$DAEMON_PIDFILE && rm $CHROOT_PREFIX/$DAEMON_PIDFILE
+test -e $DAEMON_STATE/$DAEMON_PIDFILE && ! test -s $DAEMON_STATE/$DAEMON_PIDFILE && rm $DAEMON_STATE/$DAEMON_PIDFILE
case "$1" in
start)
@@ -240,33 +245,33 @@
## the chroot jail. Therefore, and old pid file may exist. This is only a problem if it
## incidentally contains the pid of a running process. If this process is not a 'dhcpd',
## we remove the pid. (dhcpd itself only checks whether the pid is alive or not.)
- if test -e $CHROOT_PREFIX/$DAEMON_PIDFILE -a -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then
- p=$(<$CHROOT_PREFIX/$DAEMON_PIDFILE)
+ if test -s $DAEMON_STATE/$DAEMON_PIDFILE; then
+ p=$(<$DAEMON_STATE/$DAEMON_PIDFILE)
if test -n "$p" && grep -qsE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then
echo -n '(already running) '
else
- rm $CHROOT_PREFIX/$DAEMON_PIDFILE
+ rm -f $DAEMON_STATE/$DAEMON_PIDFILE
fi
fi
+ PID_FILE_ARG="$DAEMON_PIDFILE"
else
DHCPD_ARGS="-lf ${DAEMON_STATE}/db/$DAEMON_LEASES"
+ PID_FILE_ARG="$DAEMON_STATE$DAEMON_PIDFILE"
fi
if [ -n "$DHCPD_RUN_AS" ]; then
DHCPD_RUN_AS_GROUP="$(getent group $(getent passwd $DHCPD_RUN_AS | cut -d: -f4) | cut -d: -f1)"
DHCPD_ARGS="$DHCPD_ARGS -user $DHCPD_RUN_AS -group $DHCPD_RUN_AS_GROUP"
- if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
- chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \
- "$CHROOT_PREFIX/${DAEMON_PIDFILE%/*}"
- fi
+ chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \
+ "$DAEMON_STATE/${DAEMON_PIDFILE%/*}"
fi
## check syntax with -t (output to log file) and start only when the syntax is okay
rm -f $STARTPROC_LOGFILE # start log
error=0
- if ! $DAEMON_BIN $DHCPDv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $DAEMON_PIDFILE > $STARTPROC_LOGFILE 2>&1 ; then
+ if ! $DAEMON_BIN $DHCPDv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $PID_FILE_ARG > $STARTPROC_LOGFILE 2>&1 ; then
error=1
else
## Start daemon. If this fails the return value is set appropriate.
@@ -274,19 +279,20 @@
## to match the LSB spec.
test "$2" = "-v" && echo -en \
- "\nexecuting '$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $DAEMON_PIDFILE $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'"
+ "\nexecuting '$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'"
- $DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $DAEMON_PIDFILE $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE
+ $DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE
ret=$?
fi
-
+
if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then
## be verbose
echo ""
- echo -n " please see $STARTPROC_LOGFILE for details ";
+ echo -n " please see $STARTPROC_LOGFILE for details "
## set status to failed
rc_failed
else
+ ln -sf "$DAEMON_STATE$DAEMON_PIDFILE" "$DAEMON_PIDFILE"
[ "$DHCPD_RUN_CHROOTED" = "yes" ] && echo -n "[chroot]" || :
fi
@@ -296,14 +302,29 @@
stop)
echo -n "Shutting down $DAEMON "
+ # Catch the case where daemon is running without chroot,
+ # but sysconfig/dhcp has been changed to use chroot (and
+ # another way around).
+ # In this case is there is no $chroot/$pidfile, but there
+ # should be a /pidfile that we use instead.
+ # We can not kill without pid file or dhcp4 kills dhcp6.
+ PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
+ if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
+ if test ! -s "$DAEMON_STATE$DAEMON_PIDFILE" -a \
+ -s "$DAEMON_PIDFILE" ; then
+ PID_FILE="$DAEMON_PIDFILE"
+ fi
+ else
+ if test ! -s "$DAEMON_PIDFILE" -a \
+ -s "$DAEMON_STATE$DAEMON_PIDFILE" ; then
+ PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
+ fi
+ fi
+
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
-
- killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN
+ killproc -p "$PID_FILE" $DAEMON_BIN
ret=$?
- if test -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then
- kill $(<$CHROOT_PREFIX/$DAEMON_PIDFILE) 2>/dev/null
- fi
# umount proc and remove libraries from the chroot jail,
# so they are not left over if the server is deinstalled
@@ -347,8 +368,8 @@
echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then
- killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -HUP $DAEMON_BIN
- #touch $CHROOT_PREFIX/$DAEMON_PIDFILE
+ killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
+ #touch $DAEMON_STATE/$DAEMON_PIDFILE
rc_status -v
else
$0 stop && sleep 3 && $0 start
@@ -362,8 +383,8 @@
echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then
# If it supports signalling:
- killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -HUP $DAEMON_BIN
- #touch $CHROOT_PREFIX/$DAEMON_PIDFILE
+ killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
+ #touch $DAEMON_STATE/$DAEMON_PIDFILE
rc_status -v
else
## Otherwise if it does not support reload:
@@ -383,7 +404,7 @@
# 3 - service not running
# NOTE: checkproc returns LSB compliant status values.
- checkproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN
+ checkproc -p $DAEMON_STATE/$DAEMON_PIDFILE $DAEMON_BIN
rc_status -v
;;
probe)
@@ -392,7 +413,7 @@
rc=0
for i in /etc/sysconfig/dhcpd $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do
- test $i -nt $CHROOT_PREFIX/$DAEMON_PIDFILE && rc=1
+ test $i -nt $DAEMON_STATE/$DAEMON_PIDFILE && rc=1
done
test $rc = 1 && echo restart
;;
++++++ rc.dhcpd6 ++++++
--- /var/tmp/diff_new_pack.57d6Rw/_old 2011-08-31 10:47:05.000000000 +0200
+++ /var/tmp/diff_new_pack.57d6Rw/_new 2011-08-31 10:47:05.000000000 +0200
@@ -63,6 +63,11 @@
DAEMON_CONF=/etc/dhcpd6.conf
DAEMON_STATE=/var/lib/dhcp6
DAEMON_LEASES=dhcpd6.leases
+# note: $DAEMON_PIDFILE is a symlink to the
+# $DAEMON_STATE$DAEMON_PIDFILE (also
+# while DHCPD_RUN_CHROOTED=no) now,
+# as DHCPD_RUN_AS is not allowed to
+# create pid files in /var/run.
DAEMON_PIDFILE=/var/run/dhcpd6.pid
STARTPROC_LOGFILE=/var/log/rc.dhcpd6.log
LDAP_CONF=
@@ -132,7 +137,7 @@
# remove empty pid files to avoid disturbing warnings by checkproc/killproc
# (these can occur if dhcpd does not start correctly)
test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE
-test -e $CHROOT_PREFIX/$DAEMON_PIDFILE && ! test -s $CHROOT_PREFIX/$DAEMON_PIDFILE && rm $CHROOT_PREFIX/$DAEMON_PIDFILE
+test -e $DAEMON_STATE/$DAEMON_PIDFILE && ! test -s $DAEMON_STATE/$DAEMON_PIDFILE && rm $DAEMON_STATE/$DAEMON_PIDFILE
case "$1" in
start)
@@ -244,33 +249,33 @@
## the chroot jail. Therefore, and old pid file may exist. This is only a problem if it
## incidentally contains the pid of a running process. If this process is not a 'dhcpd',
## we remove the pid. (dhcpd itself only checks whether the pid is alive or not.)
- if test -e $CHROOT_PREFIX/$DAEMON_PIDFILE -a -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then
- p=$(<$CHROOT_PREFIX/$DAEMON_PIDFILE)
+ if test -s $DAEMON_STATE/$DAEMON_PIDFILE; then
+ p=$(<$DAEMON_STATE/$DAEMON_PIDFILE)
if test -n "$p" && grep -qsE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then
echo -n '(already running) '
else
- rm $CHROOT_PREFIX/$DAEMON_PIDFILE
+ rm -f $DAEMON_STATE/$DAEMON_PIDFILE
fi
fi
+ PID_FILE_ARG="$DAEMON_PIDFILE"
else
DHCPD_ARGS="-lf ${DAEMON_STATE}/db/$DAEMON_LEASES"
+ PID_FILE_ARG="$DAEMON_STATE$DAEMON_PIDFILE"
fi
if [ -n "$DHCPD_RUN_AS" ]; then
DHCPD_RUN_AS_GROUP="$(getent group $(getent passwd $DHCPD_RUN_AS | cut -d: -f4) | cut -d: -f1)"
DHCPD_ARGS="$DHCPD_ARGS -user $DHCPD_RUN_AS -group $DHCPD_RUN_AS_GROUP"
- if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
- chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \
- "$CHROOT_PREFIX/${DAEMON_PIDFILE%/*}"
- fi
+ chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \
+ "$DAEMON_STATE/${DAEMON_PIDFILE%/*}"
fi
## check syntax with -t (output to log file) and start only when the syntax is okay
rm -f $STARTPROC_LOGFILE # start log
error=0
- if ! $DAEMON_BIN $DHCPDv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $DAEMON_PIDFILE > $STARTPROC_LOGFILE 2>&1 ; then
+ if ! $DAEMON_BIN $DHCPDv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $PID_FILE_ARG > $STARTPROC_LOGFILE 2>&1 ; then
error=1
else
## Start daemon. If this fails the return value is set appropriate.
@@ -278,19 +283,20 @@
## to match the LSB spec.
test "$2" = "-v" && echo -en \
- "\nexecuting '$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $DAEMON_PIDFILE $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'"
+ "\nexecuting '$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'"
- $DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $DAEMON_PIDFILE $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE
+ $DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE
ret=$?
fi
-
- if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then
+
+ if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then
## be verbose
echo ""
echo -n " please see $STARTPROC_LOGFILE for details "
## set status to failed
rc_failed
else
+ ln -sf "$DAEMON_STATE$DAEMON_PIDFILE" "$DAEMON_PIDFILE"
[ "$DHCPD_RUN_CHROOTED" = "yes" ] && echo -n "[chroot]" || :
fi
@@ -300,14 +306,29 @@
stop)
echo -n "Shutting down $DAEMON "
+ # Catch the case where daemon is running without chroot,
+ # but sysconfig/dhcp has been changed to use chroot (and
+ # another way around).
+ # In this case is there is no $chroot/$pidfile, but there
+ # should be a /pidfile that we use instead.
+ # We can not kill without pid file or dhcp4 kills dhcp6.
+ PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
+ if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
+ if test ! -s "$DAEMON_STATE$DAEMON_PIDFILE" -a \
+ -s "$DAEMON_PIDFILE" ; then
+ PID_FILE="$DAEMON_PIDFILE"
+ fi
+ else
+ if test ! -s "$DAEMON_PIDFILE" -a \
+ -s "$DAEMON_STATE$DAEMON_PIDFILE" ; then
+ PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
+ fi
+ fi
+
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
-
- killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN
+ killproc -p "$PID_FILE" $DAEMON_BIN
ret=$?
- if test -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then
- kill $(<$CHROOT_PREFIX/$DAEMON_PIDFILE) 2>/dev/null
- fi
# umount proc and remove libraries from the chroot jail,
# so they are not left over if the server is deinstalled
@@ -351,8 +372,8 @@
echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then
- killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -HUP $DAEMON_BIN
- #touch $CHROOT_PREFIX/$DAEMON_PIDFILE
+ killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
+ #touch $DAEMON_STATE/$DAEMON_PIDFILE
rc_status -v
else
$0 stop && sleep 3 && $0 start
@@ -366,8 +387,8 @@
echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then
# If it supports signalling:
- killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -HUP $DAEMON_BIN
- #touch $CHROOT_PREFIX/$DAEMON_PIDFILE
+ killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
+ #touch $DAEMON_STATE/$DAEMON_PIDFILE
rc_status -v
else
## Otherwise if it does not support reload:
@@ -387,7 +408,7 @@
# 3 - service not running
# NOTE: checkproc returns LSB compliant status values.
- checkproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN
+ checkproc -p $DAEMON_STATE/$DAEMON_PIDFILE $DAEMON_BIN
rc_status -v
;;
probe)
@@ -396,7 +417,7 @@
rc=0
for i in /etc/sysconfig/dhcpd $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do
- test $i -nt $CHROOT_PREFIX/$DAEMON_PIDFILE && rc=1
+ test $i -nt $DAEMON_STATE/$DAEMON_PIDFILE && rc=1
done
test $rc = 1 && echo restart
;;
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org