4.2.1b1: fix for CVE-2011-0413 (#672996)

This commit is contained in:
Jiri Popelka 2011-01-27 17:06:55 +01:00
parent b909aab049
commit 45c037153f
15 changed files with 525 additions and 1319 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
/dhcp-4.2.0-P2.tar.gz /dhcp-4.2.1b1.tar.gz

View File

@ -1,215 +0,0 @@
diff -up dhcp-4.2.0-P1/common/dispatch.c.64-bit_lease_parse dhcp-4.2.0-P1/common/dispatch.c
--- dhcp-4.2.0-P1/common/dispatch.c.64-bit_lease_parse 2010-12-13 11:06:36.000000000 +0100
+++ dhcp-4.2.0-P1/common/dispatch.c 2010-12-13 10:56:59.000000000 +0100
@@ -174,6 +174,7 @@ isclib_timer_callback(isc_task_t *taskp
/* maximum value for usec */
#define USEC_MAX 1000000
+#define DHCP_SEC_MAX 0xFFFFFFFF
void add_timeout (when, where, what, ref, unref)
struct timeval *when;
@@ -185,7 +186,8 @@ void add_timeout (when, where, what, ref
struct timeout *t, *q;
int usereset = 0;
isc_result_t status;
- int sec, usec;
+ int64_t sec;
+ int usec;
isc_interval_t interval;
isc_time_t expires;
@@ -231,9 +233,49 @@ void add_timeout (when, where, what, ref
q->what = what;
}
- /* We don't really need this, but keep it for now */
- q->when.tv_sec = when->tv_sec;
- q->when.tv_usec = when->tv_usec;
+ /*
+ * The value passed in is a time from an epoch but we need a relative
+ * time so we need to do some math to try and recover the period.
+ * This is complicated by the fact that not all of the calls cared
+ * about the usec value, if it's zero we assume the caller didn't care.
+ *
+ * The ISC timer library doesn't seem to like negative values
+ * and can't accept any values above 4G-1 seconds so we limit
+ * the values to 0 <= value < 4G-1. We do it before
+ * checking the trace option so that both the trace code and
+ * the working code use the same values.
+ */
+
+ sec = when->tv_sec - cur_tv.tv_sec;
+ usec = when->tv_usec - cur_tv.tv_usec;
+
+ if ((when->tv_usec != 0) && (usec < 0)) {
+ sec--;
+ usec += USEC_MAX;
+ }
+
+ if (sec < 0) {
+ sec = 0;
+ usec = 0;
+ } else if (sec > DHCP_SEC_MAX) {
+ log_error("Timeout requested too large %lld "
+ "reducing to 2^^32-1", sec);
+ sec = DHCP_SEC_MAX;
+ usec = 0;
+ }
+ else if (usec < 0) {
+ usec = 0;
+ } else if (usec >= USEC_MAX) {
+ usec = USEC_MAX - 1;
+ }
+
+ /*
+ * This is necessary for the tracing code but we put it
+ * here in case we want to compare timing information
+ * for some reason, like debugging.
+ */
+ q->when.tv_sec = cur_tv.tv_sec + (sec & DHCP_SEC_MAX);
+ q->when.tv_usec = usec;
#if defined (TRACING)
if (trace_playback()) {
@@ -283,38 +325,7 @@ void add_timeout (when, where, what, ref
q->next = timeouts;
timeouts = q;
- /*
- * Set up the interval values - The previous timers allowed
- * negative values to be set, the ISC timer library doesn't like
- * that so we make any negative values 0 which sould amount to
- * the same thing.
- */
-
- /*
- * The value passed in is a time from an epoch but we need a relative
- * time so we need to do some math to try and recover the period.
- * This is complicated by the fact that not all of the calls cared
- * about the usec value, if it's zero we assume the caller didn't care.
- */
-
- sec = when->tv_sec - cur_tv.tv_sec;
- usec = when->tv_usec - cur_tv.tv_usec;
-
- if ((when->tv_usec != 0) && (usec < 0)) {
- sec--;
- usec += USEC_MAX;
- }
-
- if (sec < 0) {
- sec = 0;
- usec = 0;
- } else if (usec < 0) {
- usec = 0;
- } else if (usec >= USEC_MAX) {
- usec = USEC_MAX - 1;
- }
-
- isc_interval_set(&interval, sec, usec * 1000);
+ isc_interval_set(&interval, sec & 0xFFFFFFFF, usec * 1000);
status = isc_time_nowplusinterval(&expires, &interval);
if (status != ISC_R_SUCCESS) {
/*
diff -up dhcp-4.2.0-P1/common/parse.c.64-bit_lease_parse dhcp-4.2.0-P1/common/parse.c
--- dhcp-4.2.0-P1/common/parse.c.64-bit_lease_parse 2009-10-28 05:12:29.000000000 +0100
+++ dhcp-4.2.0-P1/common/parse.c 2010-12-13 11:06:36.000000000 +0100
@@ -905,8 +905,8 @@ TIME
parse_date_core(cfile)
struct parse *cfile;
{
- int guess;
- int tzoff, wday, year, mon, mday, hour, min, sec;
+ TIME guess;
+ long int tzoff, wday, year, mon, mday, hour, min, sec;
const char *val;
enum dhcp_token token;
static int months [11] = { 31, 59, 90, 120, 151, 181,
@@ -931,7 +931,7 @@ parse_date_core(cfile)
return (TIME)0;
}
- guess = atoi(val);
+ guess = atol(val);
if (!parse_semi(cfile))
return (TIME)0;
@@ -945,7 +945,7 @@ parse_date_core(cfile)
skip_to_semi (cfile);
return (TIME)0;
}
- wday = atoi (val);
+ wday = atol (val);
/* Year... */
token = next_token (&val, (unsigned *)0, cfile);
@@ -960,7 +960,7 @@ parse_date_core(cfile)
somebody invents a time machine, I think we can safely disregard
it. This actually works around a stupid Y2K bug that was present
in a very early beta release of dhcpd. */
- year = atoi (val);
+ year = atol (val);
if (year > 1900)
year -= 1900;
@@ -982,7 +982,7 @@ parse_date_core(cfile)
skip_to_semi (cfile);
return (TIME)0;
}
- mon = atoi (val) - 1;
+ mon = atol (val) - 1;
/* Slash separating month from day... */
token = next_token (&val, (unsigned *)0, cfile);
@@ -1002,7 +1002,7 @@ parse_date_core(cfile)
skip_to_semi (cfile);
return (TIME)0;
}
- mday = atoi (val);
+ mday = atol (val);
/* Hour... */
token = next_token (&val, (unsigned *)0, cfile);
@@ -1012,7 +1012,7 @@ parse_date_core(cfile)
skip_to_semi (cfile);
return (TIME)0;
}
- hour = atoi (val);
+ hour = atol (val);
/* Colon separating hour from minute... */
token = next_token (&val, (unsigned *)0, cfile);
@@ -1032,7 +1032,7 @@ parse_date_core(cfile)
skip_to_semi (cfile);
return (TIME)0;
}
- min = atoi (val);
+ min = atol (val);
/* Colon separating minute from second... */
token = next_token (&val, (unsigned *)0, cfile);
@@ -1052,12 +1052,12 @@ parse_date_core(cfile)
skip_to_semi (cfile);
return (TIME)0;
}
- sec = atoi (val);
+ sec = atol (val);
token = peek_token (&val, (unsigned *)0, cfile);
if (token == NUMBER) {
token = next_token (&val, (unsigned *)0, cfile);
- tzoff = atoi (val);
+ tzoff = atol (val);
} else
tzoff = 0;
@@ -1090,7 +1090,7 @@ TIME
parse_date(cfile)
struct parse *cfile;
{
- int guess;
+ TIME guess;
guess = parse_date_core(cfile);
/* Make sure the date ends in a semicolon... */

View File

@ -1,16 +0,0 @@
diff -up dhcp-4.2.0/client/dhclient.conf.supersede dhcp-4.2.0/client/dhclient.conf
--- dhcp-4.2.0/client/dhclient.conf.supersede 2009-07-07 01:29:51.000000000 +0200
+++ dhcp-4.2.0/client/dhclient.conf 2010-07-21 14:47:27.000000000 +0200
@@ -1,10 +1,10 @@
send host-name = pick-first-value(gethostname(), "ISC-dhclient");
send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
send dhcp-lease-time 3600;
-supersede domain-name "fugue.com home.vix.com";
+supersede domain-search "fugue.com", "home.vix.com";
prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
- domain-name, domain-name-servers, host-name;
+ domain-search, domain-name, domain-name-servers, host-name;
require subnet-mask, domain-name-servers;
timeout 60;
retry 60;

View File

@ -1,644 +0,0 @@
diff -up dhcp-4.2.0/client/dhclient.8.man dhcp-4.2.0/client/dhclient.8
--- dhcp-4.2.0/client/dhclient.8.man 2010-07-10 05:25:51.000000000 +0200
+++ dhcp-4.2.0/client/dhclient.8 2010-07-21 14:27:13.000000000 +0200
@@ -115,6 +115,33 @@ relay
.B -w
]
[
+.B -B
+]
+[
+.B -I
+.I dhcp-client-identifier
+]
+[
+.B -H
+.I host-name
+]
+[
+.B -F
+.I fqdn.fqdn
+]
+[
+.B -V
+.I vendor-class-identifier
+]
+[
+.B -R
+.I request-option-list
+]
+[
+.B -timeout
+.I timeout
+]
+[
.B -v
]
[
@@ -142,46 +169,6 @@ important details about the network to w
the location of a default router, the location of a name server, and
so on.
.PP
-If given the
-.B -4
-command line argument (default), dhclient will use the
-DHCPv4 protocol to obtain an IPv4 address and configuration parameters.
-.PP
-If given the
-.B -6
-command line argument, dhclient will use the DHCPv6
-protocol to obtain whatever IPv6 addresses are available along with
-configuration parameters. But with
-.B -S
-it uses Information-request to get only (i.e., without address)
-stateless configuration parameters.
-.PP
-The default DHCPv6 behavior is modified too with
-.B -T
-which asks for IPv6 temporary addresses, one set per
-.B -T
-flag.
-.B -P
-enables the IPv6 prefix delegation.
-As temporary addresses or prefix delegation disables the normal
-address query,
-.B -N
-restores it. Note it is not recommended to mix queries of different types
-together, or even to share the lease file between them.
-.PP
-By default, DHCPv6 dhclient creates an identifier based on the
-link-layer address (DUID-LL) if it is running in stateless mode (with
--S, not requesting an address), or it creates an identifier based on
-the link-layer address plus a timestamp (DUID-LLT) if it is running in
-stateful mode (without -S, requesting an address).
-.B -D
-overrides this default, with a value of either "LL" or "LLT".
-.PP
-If given the
-.B --version
-command line argument, dhclient will print its
-version number and exit.
-.PP
On startup, dhclient reads the
.IR dhclient.conf
for configuration instructions. It then gets a list of all the
@@ -235,141 +222,269 @@ file. If interfaces are specified in t
only configure interfaces that are either specified in the
configuration file or on the command line, and will ignore all other
interfaces.
-.PP
-If the DHCP client should listen and transmit on a port other than the
-standard (port 68), the
-.B -p
-flag may used. It should be followed by the udp port number that
-dhclient should use. This is mostly useful for debugging purposes.
-If a different port is specified for the client to listen on and
-transmit on, the client will also use a different destination port -
-one less than the specified port.
-.PP
-The DHCP client normally transmits any protocol messages it sends
-before acquiring an IP address to, 255.255.255.255, the IP limited
-broadcast address. For debugging purposes, it may be useful to have
-the server transmit these messages to some other address. This can
-be specified with the
-.B -s
-flag, followed by the IP address or domain name of the destination.
-This feature is not supported by DHCPv6.
-.PP
-For testing purposes, the giaddr field of all packets that the client
-sends can be set using the
-.B -g
-flag, followed by the IP address to send. This is only useful for testing,
-and should not be expected to work in any consistent or useful way.
-.PP
-The DHCP client will normally run in the foreground until it has
-configured an interface, and then will revert to running in the
-background. To run force dhclient to always run as a foreground
-process, the
-.B -d
-flag should be specified. This is useful when running the client
-under a debugger, or when running it out of inittab on System V
-systems.
-.PP
-The dhclient daemon creates its own environment when executing the
-dhclient-script to do the grunt work of interface configuration.
-To define extra environment variables and their values, use the
-.B -e
-flag, followed by the environment variable name and value assignment,
-just as one would assign a variable in a shell. Eg:
-.B -e
-.I IF_METRIC=1
-.PP
-The client normally prints no output during its startup sequence. It
-can be made to emit verbose messages displaying the startup sequence events
-until it has acquired an address by supplying the
-.B -v
-command line argument. In either case, the client logs messages using
-the
-.B syslog (3)
-facility. A
-.B -q
-command line argument is provided for backwards compatibility, but since
-dhclient is quiet by default, it has no effect.
-.PP
-The client normally doesn't release the current lease as it is not
-required by the DHCP protocol. Some cable ISPs require their clients
-to notify the server if they wish to release an assigned IP address.
-The
-.B -r
-flag explicitly releases the current lease, and once the lease has been
-released, the client exits.
-.PP
+.SH OPTIONS
+.TP
+.BI \-4
+Use the DHCPv4 protocol to obtain an IPv4 address and configuration
+parameters (default).
+
+.TP
+.BI \-6
+Use the DHCPv6 protocol to obtain whatever IPv6 addresses are available
+along with configuration parameters. The functionality of DHCPv6 mode
+may be modified with the
+.BI \-S
+,
+.BI \-T
+, and
+.BI \-N
+options.
+
+.TP
+.BI \-S
+Perform an information-only request over DHCPv6 to get stateless
+configuration parameters. It is not recommended to combine this option
+with the
+.BI \-N
+,
+.BI \-P
+, or
+.BI \-T
+options or to share lease files between different modes of operation. Only
+valid with the
+.BI \-6
+option.
+
+.TP
+.BI \-N
+Perform a normal (IA_NA) address query over DHCPv6. It is not recommended
+to combine this option with the
+.BI \-P
+,
+.BI \-S
+, or
+.BI \-T
+options or to share lease files between different modes of operation. Only
+valid with the
+.BI \-6
+option.
+
+.TP
+.BI \-T
+Perform a temporary (IA_TA) address query over DHCPv6 (disables normal address
+query). It is not recommended to combine this option with the
+.BI \-N
+,
+.BI \-P
+, or
+.BI \-S
+options or to share lease files between different modes of operation. Only
+valid with the
+.BI \-6
+option.
+
+.TP
+.BI \-P
+Enable IPv6 prefix delegation (disables normal address query). It is not
+not recommended to combine this option with the
+.BI \-N
+,
+.BI \-S
+, or
+.BI \-T
+options or to share lease files between different modes of operation. Only
+valid with the
+.BI \-6
+option.
+
+.TP
+.BI \-D
+By default, DHCPv6 dhclient creates an identifier based on the
+link-layer address (DUID-LL) if it is running in stateless mode (with
+-S, not requesting an address), or it creates an identifier based on
+the link-layer address plus a timestamp (DUID-LLT) if it is running in
+stateful mode (without -S, requesting an address).
+.BI \-D
+overrides this default, with a value of either "LL" or "LLT".
+
+.TP
+.BI \-p\ <port\ number>
+The UDP port number the DHCP client should listen and transmit on. If
+unspecified,
+.B dhclient
+uses the default port 68. This option is mostly useful for debugging
+purposes. If a different port is specified for the client to listen and
+transmit on, the client will also use a different destination port - one
+less than the specified port.
+
+.TP
+.BI \-d
+Force
+.B dhclient
+to run as a foreground process. This is useful when running the client
+under a debugger, or when running it out of inittab on System V systems.
+
+.TP
+.BI \-e\ VAR=value
+Define additional environment variables for the environment where
+dhclient-script executes. You may specify multiplate
+.B \-e
+options on the command line. For example:
+.B \-e IF_METRIC=1
+
+.TP
+.BI \-q
+Suppress all terminal and log output except error messages.
+
+.TP
+.BI \-1
+Try once to get a lease. One failure, exit with code 2.
+
+.TP
+.BI \-r
+Tell
+.B dhclient
+to release the current lease it has from the server. This is not required
+by the DHCP protocol, but some ISPs require their clients to notify the
+server if they wish to release an assigned IP address.
+
+.TP
+.BI \-lf\ <lease-file>
+Path to the lease database file. If unspecified, the default
+.B DBDIR/dhclient.leases
+is used.
+
+.TP
+.BI \-pf\ <pid-file>
+Path to the process ID file. If unspecified, the default
+.B RUNDIR/dhclient.pid
+is used.
+
+.TP
+.BI \-cf\ <config-file>
+Path to the client configuration file. If unspecified, the default
+.B ETCDIR/dhclient.conf
+is used.
+
+.TP
+.BI \-sf\ <script-file>
+Path to the network configuration script invoked by
+.B dhclient
+when it gets a lease. If unspecified, the default
+.B CLIENTBINDIR/dhclient-script
+is used.
+
+.TP
+.BI \-s\ <server>
+Specifiy the server IP address or fully qualified domain name to transmit
+DHCP protocol messages to. Normally,
+.B dhclient
+transmits these messages to 255.255.255.255 (the IP limited broadcast
+address). Overriding this is mostly useful for debugging purposes.
+
+.TP
+.BI \-g\ <relay>
+Only for debugging. Set the giaddr field of all packets the client
+sends to the IP address specified. This should not be expected to work
+in any consistent or useful way.
+
+.TP
+.BI \-n
+Do not configure any interfaces. Most useful combined with the
+.B -w
+option.
+
+.TP
+.BI \-nw
+Become a daemon process immediately (nowait) rather than waiting until an IP
+address has been acquired.
+
+.TP
+.BI \-w
+Keep running even if no network interfaces are found. The
+.B omshell
+program can be used to notify the client when a network interface has been
+added or removed so it can attempt to configure an IP address on that
+interface.
+
+.TP
+.BI \-B
+Set the BOOTP broadcast flag in request packets so servers will always
+broadcast replies.
+
+.TP
+.BI \-I\ <dhcp-client-identifier>
+Specify the dhcp-client-identifier option to send to the DHCP server.
+
+.TP
+.BI \-H\ <host-name>
+Specify the host-name option to send to the DHCP server. The host-name
+string only contains the client's hostname prefix, to which the server will
+append the ddns-domainname or domain-name options, if any, to derive the
+fully qualified domain name of the client. The
+.B -H
+option cannot be used with the
+.B -F
+option.
+
+.TP
+.BI \-F\ <fqdn.fqdn>
+Specify the fqdn.fqdn option to send to the DHCP server. This option cannot
+be used with the
+.B -H
+option. The fqdn.fqdn option must specify the complete domain name of the
+client host, which the server may use for dynamic DNS updates.
+
+.TP
+.BI \-V\ <vendor-class-identifier>
+Specify the vendor-class-identifier option to send to the DHCP server.
+
+.TP
+.BI \-R\ <option>[,<option>...]
+Specify the list of options the client is to request from the server. The
+option list must be a single string consisting of option names separated
+by at least one command and optional space characters. The default option
+list is:
+
+.BR
+ subnet-mask, broadcast-address, time-offset, routers,
+.BR
+ domain-search, domain-name, domain-name-servers, host-name,
+.BR
+ nis-domain, nis-servers, ntp-servers, interface-mtu
+
The
-.B -x
-flag tells any currently running client to exit gracefully without
-releasing leases first.
+.B -R
+option does not append options to the default request, it overrides the
+default request list. Keep this in mind if you want to request an
+additional option besides the default request list. You will have to
+specify all option names for the
+.B -R
+parameter.
+
+.TP
+.BI \-timeout\ <timeout>
+Specify the time after which
+.B dhclient
+will decide that no DHCP servers can be contacted when no responses have been
+received.
+
+.TP
+.BI \-v
+Enable verbose log messages.
+
.PP
-If the client is killed by a signal (for example at shutdown or reboot)
-it won't execute the
+If the client is killed by a signale (for example at shutdown or reboot), it
+will not execute the
.B dhclient-script (8)
-at exit. However if you shut the client down gracefully with
-.B -r
+at exit. However, if you shut the client down gracefully with
+.BI \-r
or
-.B -x
+.BI \-x
it will execute
.B dhclient-script (8)
-at shutdown with the specific reason for calling the script set.
-.PP
-The
-.B -1
-flag will cause dhclient to try once to get a lease. If it fails, dhclient
-exits with exit code two. In DHCPv6 the
-.B -1
-flag sets the max duration of the initial exchange to
-.I timeout
-(from
-.IR dhclient.conf ,
-default sixty seconds).
-.PP
-The DHCP client normally gets its configuration information from
-.B ETCDIR/dhclient.conf,
-its lease database from
-.B DBDIR/dhclient.leases,
-stores its process ID in a file called
-.B RUNDIR/dhclient.pid,
-and configures the network interface using
-.B CLIENTBINDIR/dhclient-script
-To specify different names and/or locations for these files, use the
-.B -cf,
-.B -lf,
-.B -pf
-and
-.B -sf
-flags, respectively, followed by the name of the file. This can be
-particularly useful if, for example,
-.B DBDIR
-or
-.B RUNDIR
-has not yet been mounted when the DHCP client is started.
-.PP
-The DHCP client normally exits if it isn't able to identify any
-network interfaces to configure. On laptop computers and other
-computers with hot-swappable I/O buses, it is possible that a
-broadcast interface may be added after system startup. The
-.B -w
-flag can be used to cause the client not to exit when it doesn't find
-any such interfaces. The
-.B omshell (1)
-program can then be used to notify the client when a network interface
-has been added or removed, so that the client can attempt to configure an IP
-address on that interface.
-.PP
-The DHCP client can be directed not to attempt to configure any interfaces
-using the
-.B -n
-flag. This is most likely to be useful in combination with the
-.B -w
-flag.
-.PP
-The client can also be instructed to become a daemon immediately, rather
-than waiting until it has acquired an IP address. This can be done by
-supplying the
-.B -nw
-flag.
+at shutdown with the specific reason for calling the script set in the
+environment table.
.SH CONFIGURATION
The syntax of the dhclient.conf(5) file is discussed separately.
.SH OMAPI
diff -up dhcp-4.2.0/client/dhclient.conf.5.man dhcp-4.2.0/client/dhclient.conf.5
--- dhcp-4.2.0/client/dhclient.conf.5.man 2010-07-10 05:25:51.000000000 +0200
+++ dhcp-4.2.0/client/dhclient.conf.5 2010-07-21 14:14:00.000000000 +0200
@@ -186,7 +186,8 @@ responding to the client send the client
options. Only the option names should be specified in the request
statement - not option parameters. By default, the DHCPv4 client
requests the subnet-mask, broadcast-address, time-offset, routers,
-domain-name, domain-name-servers and host-name options while the DHCPv6
+domain-search, domain-name, domain-name-servers, host-name, nis-domain,
+nis-servers, ntp-servers and interface-mtu options while the DHCPv6
client requests the dhcp6 name-servers and domain-search options. Note
that if you enter a \'request\' statement, you over-ride these defaults
and these options will not be requested.
@@ -672,6 +673,17 @@ know the DHCP service(s) anycast MAC add
client. The \fIlink-type\fR and \fImac-address\fR parameters are configured
in a similar manner to the \fBhardware\fR statement.
.PP
+ \fBbootp-broadcast-always;\fR
+.PP
+The
+.B bootp-broadcast-always
+statement instructs dhclient to always set the bootp broadcast flag in
+request packets, so that servers will always broadcast replies.
+This is equivalent to supplying the dhclient -B argument, and has
+the same effect as specifying 'always-broadcast' in the server's dhcpd.conf.
+This option is provided as an extension to enable dhclient to work
+on IBM s390 Linux guests.
+.PP
.SH SAMPLE
The following configuration file is used on a laptop running NetBSD
1.3. The laptop has an IP alias of 192.5.5.213, and has one
@@ -694,10 +706,10 @@ interface "ep0" {
hardware ethernet 00:a0:24:ab:fb:9c;
send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
send dhcp-lease-time 3600;
- supersede domain-name "fugue.com rc.vix.com home.vix.com";
+ supersede domain-search "fugue.com", "rc.vix.com", "home.vix.com";
prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
- domain-name, domain-name-servers, host-name;
+ domain-search, domain-name, domain-name-servers, host-name;
require subnet-mask, domain-name-servers;
script "CLIENTBINDIR/dhclient-script";
media "media 10baseT/UTP", "media 10base2/BNC";
diff -up dhcp-4.2.0/client/dhclient-script.8.man dhcp-4.2.0/client/dhclient-script.8
--- dhcp-4.2.0/client/dhclient-script.8.man 2010-07-10 05:25:51.000000000 +0200
+++ dhcp-4.2.0/client/dhclient-script.8 2010-07-21 14:00:16.000000000 +0200
@@ -47,7 +47,7 @@ customizations are needed, they should b
exit hooks provided (see HOOKS for details). These hooks will allow the
user to override the default behaviour of the client in creating a
.B /etc/resolv.conf
-file.
+file, and to handle DHCP options not handled by default.
.PP
No standard client script exists for some operating systems, even though
the actual client may work, so a pioneering user may well need to create
@@ -91,6 +91,26 @@ present. The
.B ETCDIR/dhclient-exit-hooks
script can modify the valid of exit_status to change the exit status
of dhclient-script.
+.PP
+Immediately after dhclient brings an interface UP with a new IP address,
+subnet mask, and routes, in the REBOOT/BOUND states, it will check for the
+existence of an executable
+.B ETCDIR/dhclient-up-hooks
+script, and source it if found. This script can handle DHCP options in
+the environment that are not handled by default. A per-interface.
+.B ETCDIR/dhclient-${IF}-up-hooks
+script will override the generic script and be sourced when interface
+$IF has been brought up.
+.PP
+Immediately before dhclient brings an interface DOWN, removing its IP
+address, subnet mask, and routes, in the STOP/RELEASE states, it will
+check for the existence of an executable
+.B ETCDIR/dhclient-down-hooks
+script, and source it if found. This script can handle DHCP options in
+the environment that are not handled by default. A per-interface
+.B ETCDIR/dhclient-${IF}-down-hooks
+script will override the generic script and be sourced when interface
+$IF is about to be brought down.
.SH OPERATION
When dhclient needs to invoke the client configuration script, it
defines a set of variables in the environment, and then invokes
diff -up dhcp-4.2.0/common/dhcp-options.5.man dhcp-4.2.0/common/dhcp-options.5
--- dhcp-4.2.0/common/dhcp-options.5.man 2010-07-10 05:25:51.000000000 +0200
+++ dhcp-4.2.0/common/dhcp-options.5 2010-07-21 14:00:16.000000000 +0200
@@ -913,6 +913,21 @@ classless IP routing - it does not inclu
classless IP routing is now the most widely deployed routing standard,
this option is virtually useless, and is not implemented by any of the
popular DHCP clients, for example the Microsoft DHCP client.
+.PP
+NOTE to Fedora dhclient users:
+.br
+dhclient-script interprets trailing 0 octets of the target as indicating
+the subnet class of the route, so for the following static-routes value:
+.br
+ option static-routes 172.0.0.0 172.16.2.254,
+.br
+ 192.168.0.0 192.168.2.254;
+.br
+dhclient-script will create routes:
+.br
+ 172/8 via 172.16.2.254 dev $interface
+.br
+ 192.168/16 via 192.168.2.254 dev $interface
.RE
.PP
.nf
diff -up dhcp-4.2.0/server/dhcpd.conf.5.man dhcp-4.2.0/server/dhcpd.conf.5
--- dhcp-4.2.0/server/dhcpd.conf.5.man 2010-07-10 05:25:51.000000000 +0200
+++ dhcp-4.2.0/server/dhcpd.conf.5 2010-07-21 14:00:16.000000000 +0200
@@ -519,6 +519,9 @@ pool {
};
.fi
.PP
+Dynamic BOOTP leases are not compatible with failover, and, as such,
+you need to disallow BOOTP in pools that you are using failover for.
+.PP
The server currently does very little sanity checking, so if you
configure it wrong, it will just fail in odd ways. I would recommend
therefore that you either do failover or don't do failover, but don't
@@ -533,9 +536,9 @@ primary server might look like this:
failover peer "foo" {
primary;
address anthrax.rc.vix.com;
- port 519;
+ port 647;
peer address trantor.rc.vix.com;
- peer port 520;
+ peer port 847;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
@@ -1305,7 +1308,7 @@ the zone containing PTR records - for IS
.PP
.nf
key DHCP_UPDATER {
- algorithm HMAC-MD5.SIG-ALG.REG.INT;
+ algorithm hmac-md5;
secret pRP5FapFoJ95JEL06sv4PQ==;
};
@@ -1328,7 +1331,7 @@ dhcpd.conf file:
.PP
.nf
key DHCP_UPDATER {
- algorithm HMAC-MD5.SIG-ALG.REG.INT;
+ algorithm hmac-md5;
secret pRP5FapFoJ95JEL06sv4PQ==;
};
@@ -2540,7 +2543,8 @@ statement
The \fInext-server\fR statement is used to specify the host address of
the server from which the initial boot file (specified in the
\fIfilename\fR statement) is to be loaded. \fIServer-name\fR should
-be a numeric IP address or a domain name.
+be a numeric IP address or a domain name. If no \fInext-server\fR statement
+applies to a given client, the address 0.0.0.0 is used.
.RE
.PP
The

View File

@ -1,207 +0,0 @@
diff -up dhcp-4.2.0/common/parse.c.parse_date dhcp-4.2.0/common/parse.c
--- dhcp-4.2.0/common/parse.c.parse_date 2010-07-21 16:11:36.000000000 +0200
+++ dhcp-4.2.0/common/parse.c 2010-07-21 16:23:10.000000000 +0200
@@ -913,48 +913,46 @@ parse_date_core(cfile)
212, 243, 273, 304, 334 };
/* Day of week, or "never"... */
- token = next_token (&val, (unsigned *)0, cfile);
+ token = peek_token (&val, (unsigned *)0, cfile);
if (token == NEVER) {
- if (!parse_semi (cfile))
- return 0;
+ next_token (&val, (unsigned *)0, cfile); /* consume NEVER*/
return MAX_TIME;
}
/* This indicates 'local' time format. */
if (token == EPOCH) {
- token = next_token(&val, NULL, cfile);
-
+ next_token(&val, (unsigned *)0, cfile); /* consume EPOCH */
+ token = peek_token (&val, (unsigned *)0, cfile);
if (token != NUMBER) {
parse_warn(cfile, "Seconds since epoch expected.");
if (token != SEMI)
- skip_to_semi(cfile);
+ next_token(&val, (unsigned *)0, cfile);
return (TIME)0;
}
+ next_token(&val, (unsigned *)0, cfile); /* consume seconds */
guess = atol(val);
-
- if (!parse_semi(cfile))
- return (TIME)0;
-
return guess;
}
if (token != NUMBER) {
parse_warn (cfile, "numeric day of week expected.");
if (token != SEMI)
- skip_to_semi (cfile);
+ next_token(&val, (unsigned *)0, cfile);
return (TIME)0;
}
+ next_token(&val, (unsigned *)0, cfile); /* consume day of week */
wday = atol (val);
/* Year... */
- token = next_token (&val, (unsigned *)0, cfile);
+ token = peek_token (&val, (unsigned *)0, cfile);
if (token != NUMBER) {
parse_warn (cfile, "numeric year expected.");
if (token != SEMI)
- skip_to_semi (cfile);
+ next_token(&val, (unsigned *)0, cfile);
return (TIME)0;
}
+ next_token(&val, (unsigned *)0, cfile); /* consume Year*/
/* Note: the following is not a Y2K bug - it's a Y1.9K bug. Until
somebody invents a time machine, I think we can safely disregard
@@ -965,101 +963,113 @@ parse_date_core(cfile)
year -= 1900;
/* Slash separating year from month... */
- token = next_token (&val, (unsigned *)0, cfile);
+ token = peek_token (&val, (unsigned *)0, cfile);
if (token != SLASH) {
parse_warn (cfile,
"expected slash separating year from month.");
if (token != SEMI)
- skip_to_semi (cfile);
+ next_token(&val, (unsigned *)0, cfile);
return (TIME)0;
}
+ token = next_token(&val, (unsigned *)0, cfile); /* consume SLASH */
/* Month... */
- token = next_token (&val, (unsigned *)0, cfile);
+ token = peek_token (&val, (unsigned *)0, cfile);
if (token != NUMBER) {
parse_warn (cfile, "numeric month expected.");
if (token != SEMI)
- skip_to_semi (cfile);
+ next_token(&val, (unsigned *)0, cfile);
return (TIME)0;
}
+ next_token(&val, (unsigned *)0, cfile); /* consume Month */
mon = atol (val) - 1;
/* Slash separating month from day... */
- token = next_token (&val, (unsigned *)0, cfile);
+ token = peek_token (&val, (unsigned *)0, cfile);
if (token != SLASH) {
parse_warn (cfile,
"expected slash separating month from day.");
if (token != SEMI)
- skip_to_semi (cfile);
+ next_token(&val, (unsigned *)0, cfile);
return (TIME)0;
}
+ next_token(&val, (unsigned *)0, cfile); /* consume SLASH */
/* Day of month... */
- token = next_token (&val, (unsigned *)0, cfile);
+ token = peek_token (&val, (unsigned *)0, cfile);
if (token != NUMBER) {
parse_warn (cfile, "numeric day of month expected.");
if (token != SEMI)
- skip_to_semi (cfile);
+ next_token(&val, (unsigned *)0, cfile);
return (TIME)0;
}
+ next_token(&val, (unsigned *)0, cfile); /* consume Day of month */
mday = atol (val);
/* Hour... */
- token = next_token (&val, (unsigned *)0, cfile);
+ token = peek_token (&val, (unsigned *)0, cfile);
if (token != NUMBER) {
parse_warn (cfile, "numeric hour expected.");
if (token != SEMI)
- skip_to_semi (cfile);
+ next_token(&val, (unsigned *)0, cfile);
return (TIME)0;
}
+ next_token(&val, (unsigned *)0, cfile); /* consume Hour */
hour = atol (val);
/* Colon separating hour from minute... */
- token = next_token (&val, (unsigned *)0, cfile);
+ token = peek_token (&val, (unsigned *)0, cfile);
if (token != COLON) {
parse_warn (cfile,
"expected colon separating hour from minute.");
if (token != SEMI)
- skip_to_semi (cfile);
+ next_token(&val, (unsigned *)0, cfile);
return (TIME)0;
}
+ next_token(&val, (unsigned *)0, cfile); /* consume Colon */
/* Minute... */
- token = next_token (&val, (unsigned *)0, cfile);
+ token = peek_token (&val, (unsigned *)0, cfile);
if (token != NUMBER) {
parse_warn (cfile, "numeric minute expected.");
if (token != SEMI)
- skip_to_semi (cfile);
+ next_token(&val, (unsigned *)0, cfile);
return (TIME)0;
}
+ next_token(&val, (unsigned *)0, cfile); /* consume Minute */
min = atol (val);
/* Colon separating minute from second... */
- token = next_token (&val, (unsigned *)0, cfile);
+ token = peek_token (&val, (unsigned *)0, cfile);
if (token != COLON) {
parse_warn (cfile,
"expected colon separating minute from second.");
if (token != SEMI)
- skip_to_semi (cfile);
+ next_token(&val, (unsigned *)0, cfile);
return (TIME)0;
}
+ next_token(&val, (unsigned *)0, cfile); /* consume Colon */
/* Second... */
- token = next_token (&val, (unsigned *)0, cfile);
+ token = peek_token (&val, (unsigned *)0, cfile);
if (token != NUMBER) {
parse_warn (cfile, "numeric second expected.");
if (token != SEMI)
- skip_to_semi (cfile);
+ next_token(&val, (unsigned *)0, cfile);
return (TIME)0;
}
+ next_token(&val, (unsigned *)0, cfile); /* consume Second */
sec = atol (val);
+ tzoff = 0;
token = peek_token (&val, (unsigned *)0, cfile);
if (token == NUMBER) {
- token = next_token (&val, (unsigned *)0, cfile);
+ next_token (&val, (unsigned *)0, cfile); /* consume tzoff */
tzoff = atol (val);
- } else
- tzoff = 0;
+ } else if (token != SEMI) {
+ parse_warn (cfile, "Time zone offset or semicolon expected.");
+ next_token (&val, (unsigned *)0, cfile);
+ }
/* Guess the time value... */
guess = ((((((365 * (year - 70) + /* Days in years since '70 */
@@ -1095,7 +1105,7 @@ parse_date(cfile)
/* Make sure the date ends in a semicolon... */
if (!parse_semi(cfile))
- return 0;
+ return (TIME)0;
return guess;
}

View File

@ -1,46 +0,0 @@
diff -up dhcp-4.2.0/client/dhc6.c.release6-elapsed dhcp-4.2.0/client/dhc6.c
--- dhcp-4.2.0/client/dhc6.c.release6-elapsed 2010-07-21 16:19:52.000000000 +0200
+++ dhcp-4.2.0/client/dhc6.c 2010-07-21 16:21:14.000000000 +0200
@@ -2177,7 +2177,7 @@ do_release6(void *input)
struct client_state *client;
struct data_string ds;
int send_ret;
- struct timeval tv;
+ struct timeval elapsed, tv;
client = input;
@@ -2197,6 +2197,14 @@ do_release6(void *input)
client->start_time.tv_usec = cur_tv.tv_usec;
}
+ /* elapsed = cur - start */
+ elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec;
+ elapsed.tv_usec = cur_tv.tv_usec - client->start_time.tv_usec;
+ if (elapsed.tv_usec < 0) {
+ elapsed.tv_sec -= 1;
+ elapsed.tv_usec += 1000000;
+ }
+
/*
* Don't use unicast as we don't know if we still have an
* available address with enough scope.
@@ -2213,6 +2221,18 @@ do_release6(void *input)
ds.buffer->data[0] = DHCPV6_RELEASE;
memcpy(ds.buffer->data + 1, client->dhcpv6_transaction_id, 3);
+ /* Form an elapsed option. */
+ /* Maximum value is 65535 1/100s coded as 0xffff. */
+ if ((elapsed.tv_sec < 0) || (elapsed.tv_sec > 655) ||
+ ((elapsed.tv_sec == 655) && (elapsed.tv_usec > 350000))) {
+ client->elapsed = 0xffff;
+ } else {
+ client->elapsed = elapsed.tv_sec * 100;
+ client->elapsed += elapsed.tv_usec / 10000;
+ }
+
+ client->elapsed = htons(client->elapsed);
+
log_debug("XMT: Forming Release.");
make_client6_options(client, &client->sent_options,
client->active_lease, DHCPV6_RELEASE);

View File

@ -1,75 +0,0 @@
diff -up dhcp-4.2.0/client/dhc6.c.retransmission dhcp-4.2.0/client/dhc6.c
--- dhcp-4.2.0/client/dhc6.c.retransmission 2010-07-21 16:18:51.000000000 +0200
+++ dhcp-4.2.0/client/dhc6.c 2010-07-21 16:19:52.000000000 +0200
@@ -357,7 +357,7 @@ dhc6_retrans_init(struct client_state *c
static void
dhc6_retrans_advance(struct client_state *client)
{
- struct timeval elapsed;
+ struct timeval elapsed, elapsed_after_RT;
/* elapsed = cur - start */
elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec;
@@ -374,6 +374,8 @@ dhc6_retrans_advance(struct client_state
elapsed.tv_sec += 1;
elapsed.tv_usec -= 1000000;
}
+ elapsed_after_RT.tv_sec = elapsed.tv_sec;
+ elapsed_after_RT.tv_usec = elapsed.tv_usec;
/*
* RT for each subsequent message transmission is based on the previous
@@ -411,13 +413,10 @@ dhc6_retrans_advance(struct client_state
elapsed.tv_usec -= 1000000;
}
if (elapsed.tv_sec >= client->MRD) {
- /*
- * wake at RT + cur = start + MRD
- */
- client->RT = client->MRD +
- (client->start_time.tv_sec - cur_tv.tv_sec);
- client->RT = client->RT * 100 +
- (client->start_time.tv_usec - cur_tv.tv_usec) / 10000;
+ client->RT = client->MRD - elapsed_after_RT.tv_sec;
+ client->RT = client->RT * 100 - elapsed_after_RT.tv_usec / 10000;
+ if (client->RT < 0)
+ client->RT = 0;
}
client->txcount++;
}
@@ -1505,7 +1504,7 @@ do_init6(void *input)
elapsed.tv_usec += 1000000;
}
/* Check if finished (-1 argument). */
- if ((client->MRD != 0) && (elapsed.tv_sec > client->MRD)) {
+ if ((client->MRD != 0) && (elapsed.tv_sec >= client->MRD)) {
log_info("Max retransmission duration exceeded.");
client->state = S_STOPPED;
if (client->active_lease != NULL) {
@@ -1925,7 +1924,7 @@ do_info_request6(void *input)
elapsed.tv_usec += 1000000;
}
/* Check if finished (-1 argument). */
- if ((client->MRD != 0) && (elapsed.tv_sec > client->MRD)) {
+ if ((client->MRD != 0) && (elapsed.tv_sec >= client->MRD)) {
log_info("Max retransmission duration exceeded.");
exit(2);
}
@@ -2046,7 +2045,7 @@ do_confirm6(void *input)
elapsed.tv_sec -= 1;
elapsed.tv_usec += 1000000;
}
- if ((client->MRD != 0) && (elapsed.tv_sec > client->MRD)) {
+ if ((client->MRD != 0) && (elapsed.tv_sec >= client->MRD)) {
log_info("Max retransmission duration exceeded.");
start_bound(client);
return;
@@ -3293,7 +3292,7 @@ do_select6(void *input)
elapsed.tv_sec -= 1;
elapsed.tv_usec += 1000000;
}
- if ((client->MRD != 0) && (elapsed.tv_sec > client->MRD)) {
+ if ((client->MRD != 0) && (elapsed.tv_sec >= client->MRD)) {
log_info("Max retransmission duration exceeded.");
abort = ISC_TRUE;
}

View File

@ -0,0 +1,94 @@
diff -up dhcp-4.2.1b1/common/dispatch.c.64-bit_lease_parse dhcp-4.2.1b1/common/dispatch.c
diff -up dhcp-4.2.1b1/common/parse.c.64-bit_lease_parse dhcp-4.2.1b1/common/parse.c
--- dhcp-4.2.1b1/common/parse.c.64-bit_lease_parse 2010-12-30 00:01:42.000000000 +0100
+++ dhcp-4.2.1b1/common/parse.c 2011-01-28 08:01:10.000000000 +0100
@@ -909,8 +909,8 @@ TIME
parse_date_core(cfile)
struct parse *cfile;
{
- int guess;
- int tzoff, wday, year, mon, mday, hour, min, sec;
+ TIME guess;
+ long int tzoff, wday, year, mon, mday, hour, min, sec;
const char *val;
enum dhcp_token token;
static int months[11] = { 31, 59, 90, 120, 151, 181,
@@ -936,7 +936,7 @@ parse_date_core(cfile)
}
token = next_token(&val, NULL, cfile); /* consume number */
- guess = atoi(val);
+ guess = atol(val);
return((TIME)guess);
}
@@ -948,7 +948,7 @@ parse_date_core(cfile)
return((TIME)0);
}
token = next_token(&val, NULL, cfile); /* consume day of week */
- wday = atoi(val);
+ wday = atol(val);
/* Year... */
token = peek_token(&val, NULL, cfile);
@@ -964,7 +964,7 @@ parse_date_core(cfile)
somebody invents a time machine, I think we can safely disregard
it. This actually works around a stupid Y2K bug that was present
in a very early beta release of dhcpd. */
- year = atoi(val);
+ year = atol(val);
if (year > 1900)
year -= 1900;
@@ -988,7 +988,7 @@ parse_date_core(cfile)
return((TIME)0);
}
token = next_token(&val, NULL, cfile); /* consume month */
- mon = atoi(val) - 1;
+ mon = atol(val) - 1;
/* Slash separating month from day... */
token = peek_token(&val, NULL, cfile);
@@ -1010,7 +1010,7 @@ parse_date_core(cfile)
return((TIME)0);
}
token = next_token(&val, NULL, cfile); /* consume day of month */
- mday = atoi(val);
+ mday = atol(val);
/* Hour... */
token = peek_token(&val, NULL, cfile);
@@ -1021,7 +1021,7 @@ parse_date_core(cfile)
return((TIME)0);
}
token = next_token(&val, NULL, cfile); /* consume hour */
- hour = atoi(val);
+ hour = atol(val);
/* Colon separating hour from minute... */
token = peek_token(&val, NULL, cfile);
@@ -1043,7 +1043,7 @@ parse_date_core(cfile)
return((TIME)0);
}
token = next_token(&val, NULL, cfile); /* consume minute */
- min = atoi(val);
+ min = atol(val);
/* Colon separating minute from second... */
token = peek_token(&val, NULL, cfile);
@@ -1065,13 +1065,13 @@ parse_date_core(cfile)
return((TIME)0);
}
token = next_token(&val, NULL, cfile); /* consume second */
- sec = atoi(val);
+ sec = atol(val);
tzoff = 0;
token = peek_token(&val, NULL, cfile);
if (token == NUMBER) {
token = next_token(&val, NULL, cfile); /* consume tzoff */
- tzoff = atoi(val);
+ tzoff = atol(val);
} else if (token != SEMI) {
token = next_token(&val, NULL, cfile);
parse_warn(cfile,

View File

@ -1,19 +1,19 @@
diff -up dhcp-4.2.0/bind/Makefile.PIE-RELRO dhcp-4.2.0/bind/Makefile diff -up dhcp-4.2.1b1/bind/Makefile.PIE-RELRO dhcp-4.2.1b1/bind/Makefile
--- dhcp-4.2.0/bind/Makefile.PIE-RELRO 2010-07-10 05:26:52.000000000 +0200 --- dhcp-4.2.1b1/bind/Makefile.PIE-RELRO 2011-01-21 01:11:42.000000000 +0100
+++ dhcp-4.2.0/bind/Makefile 2010-09-30 13:38:45.670019545 +0200 +++ dhcp-4.2.1b1/bind/Makefile 2011-01-28 08:50:13.000000000 +0100
@@ -45,7 +45,7 @@ all: @@ -45,7 +45,7 @@ all:
# Currently disable the epoll and devpoll options as they don't interact # Currently disable the epoll and devpoll options as they don't interact
# well with the DHCP code. # well with the DHCP code.
@echo Configuring BIND Export libraries for DHCP. @echo Configuring BIND Export libraries for DHCP.
- @(cd ${bindsrcdir} && ./configure --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib > ${binddir}/configure.log) - @(cd ${bindsrcdir} && ./configure --disable-kqueue --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib > ${binddir}/configure.log)
+ @(cd ${bindsrcdir} && ./configure --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib --with-libtool --with-pic --disable-shared > ${binddir}/configure.log) + @(cd ${bindsrcdir} && ./configure --disable-kqueue --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib --with-libtool --with-pic --disable-shared > ${binddir}/configure.log)
# Build the export libraries # Build the export libraries
@echo Building BIND Export libraries - this takes some time. @echo Building BIND Export libraries - this takes some time.
diff -up dhcp-4.2.0/client/Makefile.am.PIE-RELRO dhcp-4.2.0/client/Makefile.am diff -up dhcp-4.2.1b1/client/Makefile.am.PIE-RELRO dhcp-4.2.1b1/client/Makefile.am
--- dhcp-4.2.0/client/Makefile.am.PIE-RELRO 2010-09-30 13:38:45.630019545 +0200 --- dhcp-4.2.1b1/client/Makefile.am.PIE-RELRO 2011-01-28 08:47:43.000000000 +0100
+++ dhcp-4.2.0/client/Makefile.am 2010-09-30 13:38:45.670019545 +0200 +++ dhcp-4.2.1b1/client/Makefile.am 2011-01-28 08:51:57.000000000 +0100
@@ -4,15 +4,12 @@ dhclient_SOURCES = clparse.c dhclient.c @@ -4,15 +4,11 @@ dhclient_SOURCES = clparse.c dhclient.c
scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
scripts/netbsd scripts/nextstep scripts/openbsd \ scripts/netbsd scripts/nextstep scripts/openbsd \
scripts/solaris scripts/openwrt scripts/solaris scripts/openwrt
@ -25,26 +25,26 @@ diff -up dhcp-4.2.0/client/Makefile.am.PIE-RELRO dhcp-4.2.0/client/Makefile.am
+ +
man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
EXTRA_DIST = $(man_MANS) EXTRA_DIST = $(man_MANS)
-
-dhclient.o: dhclient.c -dhclient.o: dhclient.c
- $(COMPILE) -DCLIENT_PATH='"$(sbindir)"' \ - $(COMPILE) -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
- -DLOCALSTATEDIR='"$(localstatedir)"' -c dhclient.c - -DLOCALSTATEDIR='"$(localstatedir)"' -c dhclient.c
- -
-dhc6.o: dhc6.c -dhc6.o: dhc6.c
- $(COMPILE) -DCLIENT_PATH='"$(sbindir)"' \ - $(COMPILE) -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
- -DLOCALSTATEDIR='"$(localstatedir)"' -c dhc6.c - -DLOCALSTATEDIR='"$(localstatedir)"' -c dhc6.c
diff -up dhcp-4.2.0/common/Makefile.am.PIE-RELRO dhcp-4.2.0/common/Makefile.am diff -up dhcp-4.2.1b1/common/Makefile.am.PIE-RELRO dhcp-4.2.1b1/common/Makefile.am
--- dhcp-4.2.0/common/Makefile.am.PIE-RELRO 2009-10-28 05:12:29.000000000 +0100 --- dhcp-4.2.1b1/common/Makefile.am.PIE-RELRO 2009-10-28 05:12:29.000000000 +0100
+++ dhcp-4.2.0/common/Makefile.am 2010-09-30 13:38:45.670019545 +0200 +++ dhcp-4.2.1b1/common/Makefile.am 2011-01-28 08:47:43.000000000 +0100
@@ -1,4 +1,5 @@ @@ -1,4 +1,5 @@
AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"' AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"'
+AM_CFLAGS = -fpic +AM_CFLAGS = -fpic
noinst_LIBRARIES = libdhcp.a noinst_LIBRARIES = libdhcp.a
libdhcp_a_SOURCES = alloc.c bpf.c comapi.c conflex.c ctrace.c discover.c \ libdhcp_a_SOURCES = alloc.c bpf.c comapi.c conflex.c ctrace.c discover.c \
diff -up dhcp-4.2.0/omapip/Makefile.am.PIE-RELRO dhcp-4.2.0/omapip/Makefile.am diff -up dhcp-4.2.1b1/omapip/Makefile.am.PIE-RELRO dhcp-4.2.1b1/omapip/Makefile.am
--- dhcp-4.2.0/omapip/Makefile.am.PIE-RELRO 2010-02-12 01:13:54.000000000 +0100 --- dhcp-4.2.1b1/omapip/Makefile.am.PIE-RELRO 2010-02-12 01:13:54.000000000 +0100
+++ dhcp-4.2.0/omapip/Makefile.am 2010-09-30 13:39:06.900022975 +0200 +++ dhcp-4.2.1b1/omapip/Makefile.am 2011-01-28 08:47:43.000000000 +0100
@@ -1,3 +1,5 @@ @@ -1,3 +1,5 @@
+AM_CFLAGS = -fpic +AM_CFLAGS = -fpic
+ +
@ -58,9 +58,9 @@ diff -up dhcp-4.2.0/omapip/Makefile.am.PIE-RELRO dhcp-4.2.0/omapip/Makefile.am
+svtest_CFLAGS = -fpie +svtest_CFLAGS = -fpie
svtest_LDADD = libomapi.a ../bind/lib/libdns.a ../bind/lib/libisc.a svtest_LDADD = libomapi.a ../bind/lib/libdns.a ../bind/lib/libisc.a
diff -up dhcp-4.2.0/relay/Makefile.am.PIE-RELRO dhcp-4.2.0/relay/Makefile.am diff -up dhcp-4.2.1b1/relay/Makefile.am.PIE-RELRO dhcp-4.2.1b1/relay/Makefile.am
--- dhcp-4.2.0/relay/Makefile.am.PIE-RELRO 2009-10-28 05:12:30.000000000 +0100 --- dhcp-4.2.1b1/relay/Makefile.am.PIE-RELRO 2009-10-28 05:12:30.000000000 +0100
+++ dhcp-4.2.0/relay/Makefile.am 2010-09-30 13:38:45.670019545 +0200 +++ dhcp-4.2.1b1/relay/Makefile.am 2011-01-28 08:47:43.000000000 +0100
@@ -2,8 +2,11 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst @@ -2,8 +2,11 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
sbin_PROGRAMS = dhcrelay sbin_PROGRAMS = dhcrelay
@ -73,9 +73,9 @@ diff -up dhcp-4.2.0/relay/Makefile.am.PIE-RELRO dhcp-4.2.0/relay/Makefile.am
man_MANS = dhcrelay.8 man_MANS = dhcrelay.8
EXTRA_DIST = $(man_MANS) EXTRA_DIST = $(man_MANS)
diff -up dhcp-4.2.0/server/Makefile.am.PIE-RELRO dhcp-4.2.0/server/Makefile.am diff -up dhcp-4.2.1b1/server/Makefile.am.PIE-RELRO dhcp-4.2.1b1/server/Makefile.am
--- dhcp-4.2.0/server/Makefile.am.PIE-RELRO 2010-03-24 22:49:47.000000000 +0100 --- dhcp-4.2.1b1/server/Makefile.am.PIE-RELRO 2010-03-24 22:49:47.000000000 +0100
+++ dhcp-4.2.0/server/Makefile.am 2010-09-30 13:38:45.670019545 +0200 +++ dhcp-4.2.1b1/server/Makefile.am 2011-01-28 08:47:43.000000000 +0100
@@ -6,10 +6,11 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c @@ -6,10 +6,11 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
omapi.c mdb.c stables.c salloc.c ddns.c dhcpleasequery.c \ omapi.c mdb.c stables.c salloc.c ddns.c dhcpleasequery.c \
dhcpv6.c mdb6.c ldap.c ldap_casa.c dhcpv6.c mdb6.c ldap.c ldap_casa.c

View File

@ -1,18 +1,18 @@
diff -up dhcp-4.2.0/client/dhclient.8.capability dhcp-4.2.0/client/dhclient.8 diff -up dhcp-4.2.1b1/client/dhclient.8.capability dhcp-4.2.1b1/client/dhclient.8
--- dhcp-4.2.0/client/dhclient.8.capability 2010-07-21 14:27:13.000000000 +0200 --- dhcp-4.2.1b1/client/dhclient.8.capability 2011-01-28 08:05:51.000000000 +0100
+++ dhcp-4.2.0/client/dhclient.8 2010-07-21 16:13:02.000000000 +0200 +++ dhcp-4.2.1b1/client/dhclient.8 2011-01-28 08:24:48.000000000 +0100
@@ -109,6 +109,9 @@ relay @@ -115,6 +115,9 @@ dhclient - Dynamic Host Configuration Pr
.B -n .B -w
] ]
[ [
+.B -nc +.B -nc
+] +]
+[ +[
.B -nw .B -B
] ]
[ [
@@ -395,6 +398,32 @@ Do not configure any interfaces. Most u @@ -293,6 +296,32 @@ has been added or removed, so that the c
option. address on that interface.
.TP .TP
+.BI \-nc +.BI \-nc
@ -41,12 +41,12 @@ diff -up dhcp-4.2.0/client/dhclient.8.capability dhcp-4.2.0/client/dhclient.8
+was not compiled with libcap-ng support. +was not compiled with libcap-ng support.
+ +
+.TP +.TP
.BI \-nw .BI \-B
Become a daemon process immediately (nowait) rather than waiting until an IP Set the BOOTP broadcast flag in request packets so servers will always
address has been acquired. broadcast replies.
diff -up dhcp-4.2.0/client/dhclient.c.capability dhcp-4.2.0/client/dhclient.c diff -up dhcp-4.2.1b1/client/dhclient.c.capability dhcp-4.2.1b1/client/dhclient.c
--- dhcp-4.2.0/client/dhclient.c.capability 2010-07-21 14:40:05.000000000 +0200 --- dhcp-4.2.1b1/client/dhclient.c.capability 2011-01-28 08:05:51.000000000 +0100
+++ dhcp-4.2.0/client/dhclient.c 2010-07-21 16:13:52.000000000 +0200 +++ dhcp-4.2.1b1/client/dhclient.c 2011-01-28 08:05:51.000000000 +0100
@@ -39,6 +39,10 @@ @@ -39,6 +39,10 @@
#include <limits.h> #include <limits.h>
#include <dns/result.h> #include <dns/result.h>
@ -58,7 +58,7 @@ diff -up dhcp-4.2.0/client/dhclient.c.capability dhcp-4.2.0/client/dhclient.c
/* /*
* Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define
* that when building ISC code. * that when building ISC code.
@@ -89,6 +93,9 @@ int wanted_ia_ta = 0; @@ -91,6 +95,9 @@ int wanted_ia_ta = 0;
int wanted_ia_pd = 0; int wanted_ia_pd = 0;
char *mockup_relay = NULL; char *mockup_relay = NULL;
int bootp_broadcast_always = 0; int bootp_broadcast_always = 0;
@ -68,7 +68,7 @@ diff -up dhcp-4.2.0/client/dhclient.c.capability dhcp-4.2.0/client/dhclient.c
extern u_int32_t default_requested_options[]; extern u_int32_t default_requested_options[];
@@ -397,6 +404,10 @@ main(int argc, char **argv) { @@ -399,6 +406,10 @@ main(int argc, char **argv) {
} }
dhclient_request_options = argv[i]; dhclient_request_options = argv[i];
@ -79,7 +79,7 @@ diff -up dhcp-4.2.0/client/dhclient.c.capability dhcp-4.2.0/client/dhclient.c
} else if (argv[i][0] == '-') { } else if (argv[i][0] == '-') {
usage(); usage();
} else if (interfaces_requested < 0) { } else if (interfaces_requested < 0) {
@@ -445,6 +456,19 @@ main(int argc, char **argv) { @@ -447,6 +458,19 @@ main(int argc, char **argv) {
path_dhclient_script = s; path_dhclient_script = s;
} }
@ -99,9 +99,9 @@ diff -up dhcp-4.2.0/client/dhclient.c.capability dhcp-4.2.0/client/dhclient.c
/* Set up the initial dhcp option universe. */ /* Set up the initial dhcp option universe. */
initialize_common_option_spaces(); initialize_common_option_spaces();
diff -up dhcp-4.2.0/client/dhclient-script.8.capability dhcp-4.2.0/client/dhclient-script.8 diff -up dhcp-4.2.1b1/client/dhclient-script.8.capability dhcp-4.2.1b1/client/dhclient-script.8
--- dhcp-4.2.0/client/dhclient-script.8.capability 2010-07-21 14:00:16.000000000 +0200 --- dhcp-4.2.1b1/client/dhclient-script.8.capability 2011-01-28 08:05:51.000000000 +0100
+++ dhcp-4.2.0/client/dhclient-script.8 2010-07-21 16:13:02.000000000 +0200 +++ dhcp-4.2.1b1/client/dhclient-script.8 2011-01-28 08:05:51.000000000 +0100
@@ -239,6 +239,16 @@ repeatedly initialized to the values pro @@ -239,6 +239,16 @@ repeatedly initialized to the values pro
the other. Assuming the information provided by both servers is the other. Assuming the information provided by both servers is
valid, this shouldn't cause any real problems, but it could be valid, this shouldn't cause any real problems, but it could be
@ -119,9 +119,9 @@ diff -up dhcp-4.2.0/client/dhclient-script.8.capability dhcp-4.2.0/client/dhclie
.SH SEE ALSO .SH SEE ALSO
dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and
dhclient.leases(5). dhclient.leases(5).
diff -up dhcp-4.2.0/client/Makefile.am.capability dhcp-4.2.0/client/Makefile.am diff -up dhcp-4.2.1b1/client/Makefile.am.capability dhcp-4.2.1b1/client/Makefile.am
--- dhcp-4.2.0/client/Makefile.am.capability 2009-10-28 05:12:29.000000000 +0100 --- dhcp-4.2.1b1/client/Makefile.am.capability 2010-09-15 00:32:36.000000000 +0200
+++ dhcp-4.2.0/client/Makefile.am 2010-07-21 16:15:29.000000000 +0200 +++ dhcp-4.2.1b1/client/Makefile.am 2011-01-28 08:05:51.000000000 +0100
@@ -5,7 +5,7 @@ dhclient_SOURCES = clparse.c dhclient.c @@ -5,7 +5,7 @@ dhclient_SOURCES = clparse.c dhclient.c
scripts/netbsd scripts/nextstep scripts/openbsd \ scripts/netbsd scripts/nextstep scripts/openbsd \
scripts/solaris scripts/openwrt scripts/solaris scripts/openwrt
@ -131,10 +131,10 @@ diff -up dhcp-4.2.0/client/Makefile.am.capability dhcp-4.2.0/client/Makefile.am
man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
EXTRA_DIST = $(man_MANS) EXTRA_DIST = $(man_MANS)
diff -up dhcp-4.2.0/configure.ac.capability dhcp-4.2.0/configure.ac diff -up dhcp-4.2.1b1/configure.ac.capability dhcp-4.2.1b1/configure.ac
--- dhcp-4.2.0/configure.ac.capability 2010-07-10 05:25:51.000000000 +0200 --- dhcp-4.2.1b1/configure.ac.capability 2011-01-28 08:05:51.000000000 +0100
+++ dhcp-4.2.0/configure.ac 2010-07-21 16:13:02.000000000 +0200 +++ dhcp-4.2.1b1/configure.ac 2011-01-28 08:26:11.000000000 +0100
@@ -419,6 +419,41 @@ AC_TRY_LINK( @@ -425,6 +425,41 @@ AC_TRY_LINK(
# Look for optional headers. # Look for optional headers.
AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
@ -173,6 +173,6 @@ diff -up dhcp-4.2.0/configure.ac.capability dhcp-4.2.0/configure.ac
+ AC_MSG_RESULT(no) + AC_MSG_RESULT(no)
+fi +fi
+ +
# find an MD5 library # Solaris needs some libraries for functions
AC_SEARCH_LIBS(MD5_Init, [crypto]) AC_SEARCH_LIBS(socket, [socket])
AC_SEARCH_LIBS(MD5Init, [crypto]) AC_SEARCH_LIBS(inet_ntoa, [nsl])

View File

@ -0,0 +1,12 @@
diff -up dhcp-4.2.1b1/client/dhclient.conf.supersede dhcp-4.2.1b1/client/dhclient.conf
--- dhcp-4.2.1b1/client/dhclient.conf.supersede 2010-09-15 01:03:56.000000000 +0200
+++ dhcp-4.2.1b1/client/dhclient.conf 2011-01-27 18:38:28.000000000 +0100
@@ -4,7 +4,7 @@ send dhcp-lease-time 3600;
supersede domain-search "fugue.com", "home.vix.com";
prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
- domain-name, domain-name-servers, host-name;
+ domain-search, domain-name-servers, host-name;
require subnet-mask, domain-name-servers;
timeout 60;
retry 60;

264
dhcp-4.2.1-manpages.patch Normal file
View File

@ -0,0 +1,264 @@
diff -up dhcp-4.2.1b1/client/dhclient.8.man dhcp-4.2.1b1/client/dhclient.8
--- dhcp-4.2.1b1/client/dhclient.8.man 2010-07-14 22:09:34.000000000 +0200
+++ dhcp-4.2.1b1/client/dhclient.8 2011-01-27 18:19:07.000000000 +0100
@@ -115,6 +115,33 @@ dhclient - Dynamic Host Configuration Pr
.B -w
]
[
+.B -B
+]
+[
+.B -I
+.I dhcp-client-identifier
+]
+[
+.B -H
+.I host-name
+]
+[
+.B -F
+.I fqdn.fqdn
+]
+[
+.B -V
+.I vendor-class-identifier
+]
+[
+.B -R
+.I request-option-list
+]
+[
+.B -timeout
+.I timeout
+]
+[
.B -v
]
[
@@ -264,6 +291,69 @@ not to exit when it doesn't find any suc
program can then be used to notify the client when a network interface
has been added or removed, so that the client can attempt to configure an IP
address on that interface.
+
+.TP
+.BI \-B
+Set the BOOTP broadcast flag in request packets so servers will always
+broadcast replies.
+
+.TP
+.BI \-I\ <dhcp-client-identifier>
+Specify the dhcp-client-identifier option to send to the DHCP server.
+
+.TP
+.BI \-H\ <host-name>
+Specify the host-name option to send to the DHCP server. The host-name
+string only contains the client's hostname prefix, to which the server will
+append the ddns-domainname or domain-name options, if any, to derive the
+fully qualified domain name of the client. The
+.B -H
+option cannot be used with the
+.B -F
+option.
+
+.TP
+.BI \-F\ <fqdn.fqdn>
+Specify the fqdn.fqdn option to send to the DHCP server. This option cannot
+be used with the
+.B -H
+option. The fqdn.fqdn option must specify the complete domain name of the
+client host, which the server may use for dynamic DNS updates.
+
+.TP
+.BI \-V\ <vendor-class-identifier>
+Specify the vendor-class-identifier option to send to the DHCP server.
+
+.TP
+.BI \-R\ <option>[,<option>...]
+Specify the list of options the client is to request from the server. The
+option list must be a single string consisting of option names separated
+by at least one command and optional space characters. The default option
+list is:
+
+.BR
+ subnet-mask, broadcast-address, time-offset, routers,
+.BR
+ domain-search, domain-name, domain-name-servers, host-name,
+.BR
+ nis-domain, nis-servers, ntp-servers, interface-mtu
+
+.TP
+.B -R
+option does not append options to the default request, it overrides the
+default request list. Keep this in mind if you want to request an
+additional option besides the default request list. You will have to
+specify all option names for the
+.B -R
+parameter.
+
+.TP
+.BI \-timeout\ <timeout>
+Specify the time after which
+.B dhclient
+will decide that no DHCP servers can be contacted when no responses have been
+received.
+
.TP
.BI \-n
Do not configure any interfaces. This is most likely to be useful in
diff -up dhcp-4.2.1b1/client/dhclient.conf.5.man dhcp-4.2.1b1/client/dhclient.conf.5
--- dhcp-4.2.1b1/client/dhclient.conf.5.man 2010-09-15 01:03:56.000000000 +0200
+++ dhcp-4.2.1b1/client/dhclient.conf.5 2011-01-27 18:22:56.000000000 +0100
@@ -186,7 +186,8 @@ responding to the client send the client
options. Only the option names should be specified in the request
statement - not option parameters. By default, the DHCPv4 client
requests the subnet-mask, broadcast-address, time-offset, routers,
-domain-name, domain-name-servers and host-name options while the DHCPv6
+domain-search, domain-name, domain-name-servers, host-name, nis-domain,
+nis-servers, ntp-servers and interface-mtu options while the DHCPv6
client requests the dhcp6 name-servers and domain-search options. Note
that if you enter a \'request\' statement, you over-ride these defaults
and these options will not be requested.
@@ -672,6 +673,17 @@ know the DHCP service(s) anycast MAC add
client. The \fIlink-type\fR and \fImac-address\fR parameters are configured
in a similar manner to the \fBhardware\fR statement.
.PP
+ \fBbootp-broadcast-always;\fR
+.PP
+The
+.B bootp-broadcast-always
+statement instructs dhclient to always set the bootp broadcast flag in
+request packets, so that servers will always broadcast replies.
+This is equivalent to supplying the dhclient -B argument, and has
+the same effect as specifying 'always-broadcast' in the server's dhcpd.conf.
+This option is provided as an extension to enable dhclient to work
+on IBM s390 Linux guests.
+.PP
.SH SAMPLE
The following configuration file is used on a laptop running NetBSD
1.3. The laptop has an IP alias of 192.5.5.213, and has one
@@ -697,7 +709,7 @@ interface "ep0" {
supersede domain-search "fugue.com", "rc.vix.com", "home.vix.com";
prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
- domain-name, domain-name-servers, host-name;
+ domain-search, domain-name, domain-name-servers, host-name;
require subnet-mask, domain-name-servers;
script "CLIENTBINDIR/dhclient-script";
media "media 10baseT/UTP", "media 10base2/BNC";
diff -up dhcp-4.2.1b1/client/dhclient-script.8.man dhcp-4.2.1b1/client/dhclient-script.8
--- dhcp-4.2.1b1/client/dhclient-script.8.man 2010-07-06 21:03:11.000000000 +0200
+++ dhcp-4.2.1b1/client/dhclient-script.8 2011-01-27 18:24:44.000000000 +0100
@@ -47,7 +47,7 @@ customizations are needed, they should b
exit hooks provided (see HOOKS for details). These hooks will allow the
user to override the default behaviour of the client in creating a
.B /etc/resolv.conf
-file.
+file, and to handle DHCP options not handled by default.
.PP
No standard client script exists for some operating systems, even though
the actual client may work, so a pioneering user may well need to create
@@ -91,6 +91,26 @@ present. The
.B ETCDIR/dhclient-exit-hooks
script can modify the valid of exit_status to change the exit status
of dhclient-script.
+.PP
+Immediately after dhclient brings an interface UP with a new IP address,
+subnet mask, and routes, in the REBOOT/BOUND states, it will check for the
+existence of an executable
+.B ETCDIR/dhclient-up-hooks
+script, and source it if found. This script can handle DHCP options in
+the environment that are not handled by default. A per-interface.
+.B ETCDIR/dhclient-${IF}-up-hooks
+script will override the generic script and be sourced when interface
+$IF has been brought up.
+.PP
+Immediately before dhclient brings an interface DOWN, removing its IP
+address, subnet mask, and routes, in the STOP/RELEASE states, it will
+check for the existence of an executable
+.B ETCDIR/dhclient-down-hooks
+script, and source it if found. This script can handle DHCP options in
+the environment that are not handled by default. A per-interface
+.B ETCDIR/dhclient-${IF}-down-hooks
+script will override the generic script and be sourced when interface
+$IF is about to be brought down.
.SH OPERATION
When dhclient needs to invoke the client configuration script, it
defines a set of variables in the environment, and then invokes
diff -up dhcp-4.2.1b1/common/dhcp-options.5.man dhcp-4.2.1b1/common/dhcp-options.5
--- dhcp-4.2.1b1/common/dhcp-options.5.man 2010-07-13 22:56:56.000000000 +0200
+++ dhcp-4.2.1b1/common/dhcp-options.5 2011-01-27 18:25:57.000000000 +0100
@@ -913,6 +913,21 @@ classless IP routing - it does not inclu
classless IP routing is now the most widely deployed routing standard,
this option is virtually useless, and is not implemented by any of the
popular DHCP clients, for example the Microsoft DHCP client.
+.PP
+NOTE to Fedora dhclient users:
+.br
+dhclient-script interprets trailing 0 octets of the target as indicating
+the subnet class of the route, so for the following static-routes value:
+.br
+ option static-routes 172.0.0.0 172.16.2.254,
+.br
+ 192.168.0.0 192.168.2.254;
+.br
+dhclient-script will create routes:
+.br
+ 172/8 via 172.16.2.254 dev $interface
+.br
+ 192.168/16 via 192.168.2.254 dev $interface
.RE
.PP
.nf
diff -up dhcp-4.2.1b1/server/dhcpd.conf.5.man dhcp-4.2.1b1/server/dhcpd.conf.5
--- dhcp-4.2.1b1/server/dhcpd.conf.5.man 2010-07-06 21:03:12.000000000 +0200
+++ dhcp-4.2.1b1/server/dhcpd.conf.5 2011-01-27 18:29:12.000000000 +0100
@@ -519,6 +519,9 @@ pool {
};
.fi
.PP
+Dynamic BOOTP leases are not compatible with failover, and, as such,
+you need to disallow BOOTP in pools that you are using failover for.
+.PP
The server currently does very little sanity checking, so if you
configure it wrong, it will just fail in odd ways. I would recommend
therefore that you either do failover or don't do failover, but don't
@@ -533,9 +536,9 @@ primary server might look like this:
failover peer "foo" {
primary;
address anthrax.rc.vix.com;
- port 519;
+ port 647;
peer address trantor.rc.vix.com;
- peer port 520;
+ peer port 847;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
@@ -1305,7 +1308,7 @@ the zone containing PTR records - for IS
.PP
.nf
key DHCP_UPDATER {
- algorithm HMAC-MD5.SIG-ALG.REG.INT;
+ algorithm hmac-md5;
secret pRP5FapFoJ95JEL06sv4PQ==;
};
@@ -1328,7 +1331,7 @@ dhcpd.conf file:
.PP
.nf
key DHCP_UPDATER {
- algorithm HMAC-MD5.SIG-ALG.REG.INT;
+ algorithm hmac-md5;
secret pRP5FapFoJ95JEL06sv4PQ==;
};
@@ -2540,7 +2543,8 @@ statement
The \fInext-server\fR statement is used to specify the host address of
the server from which the initial boot file (specified in the
\fIfilename\fR statement) is to be loaded. \fIServer-name\fR should
-be a numeric IP address or a domain name.
+be a numeric IP address or a domain name. If no \fInext-server\fR statement
+applies to a given client, the address 0.0.0.0 is used.
.RE
.PP
The

View File

@ -0,0 +1,48 @@
diff -up dhcp-4.2.1b1/client/dhc6.c.retransmission dhcp-4.2.1b1/client/dhc6.c
--- dhcp-4.2.1b1/client/dhc6.c.retransmission 2011-01-28 08:40:56.000000000 +0100
+++ dhcp-4.2.1b1/client/dhc6.c 2011-01-28 08:39:22.000000000 +0100
@@ -361,7 +361,7 @@ dhc6_retrans_init(struct client_state *c
static void
dhc6_retrans_advance(struct client_state *client)
{
- struct timeval elapsed;
+ struct timeval elapsed, elapsed_after_RT;
/* elapsed = cur - start */
elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec;
@@ -378,6 +378,8 @@ dhc6_retrans_advance(struct client_state
elapsed.tv_sec += 1;
elapsed.tv_usec -= 1000000;
}
+ elapsed_after_RT.tv_sec = elapsed.tv_sec;
+ elapsed_after_RT.tv_usec = elapsed.tv_usec;
/*
* RT for each subsequent message transmission is based on the previous
@@ -415,13 +417,10 @@ dhc6_retrans_advance(struct client_state
elapsed.tv_usec -= 1000000;
}
if (elapsed.tv_sec >= client->MRD) {
- /*
- * wake at RT + cur = start + MRD
- */
- client->RT = client->MRD +
- (client->start_time.tv_sec - cur_tv.tv_sec);
- client->RT = client->RT * 100 +
- (client->start_time.tv_usec - cur_tv.tv_usec) / 10000;
+ client->RT = client->MRD - elapsed_after_RT.tv_sec;
+ client->RT = client->RT * 100 - elapsed_after_RT.tv_usec / 10000;
+ if (client->RT < 0)
+ client->RT = 0;
}
client->txcount++;
}
@@ -1497,7 +1496,7 @@ check_timing6 (struct client_state *clie
}
/* Check if finished (-1 argument). */
- if ((client->MRD != 0) && (elapsed.tv_sec > client->MRD)) {
+ if ((client->MRD != 0) && (elapsed.tv_sec >= client->MRD)) {
log_info("Max retransmission duration exceeded.");
return(CHK_TIM_MRD_EXCEEDED);
}

111
dhcp.spec
View File

@ -4,15 +4,18 @@
# Where dhcp configuration files are stored # Where dhcp configuration files are stored
%global dhcpconfdir %{_sysconfdir}/dhcp %global dhcpconfdir %{_sysconfdir}/dhcp
# Patch version # Patch version
%global patchver P2 #%global patchver P2
# Pre-Release version
%global prever b1
%global VERSION %{version}-%{patchver} #%define VERSION %{version}-%{patchver}
%global VERSION %{version}%{prever}
Summary: Dynamic host configuration protocol software Summary: Dynamic host configuration protocol software
Name: dhcp Name: dhcp
Version: 4.2.0 Version: 4.2.1
Release: 26.%{patchver}%{?dist} Release: 0.1.%{prever}%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and # dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was. # that's why it is at 12 now. It should have never been used, but it was.
@ -34,7 +37,6 @@ Source9: dhcpd.service
Source10: dhcpd6.service Source10: dhcpd6.service
Source11: dhcrelay.service Source11: dhcrelay.service
Patch0: dhcp-4.2.0-errwarn-message.patch Patch0: dhcp-4.2.0-errwarn-message.patch
Patch1: dhcp-4.2.0-options.patch Patch1: dhcp-4.2.0-options.patch
Patch2: dhcp-4.2.0-release-by-ifup.patch Patch2: dhcp-4.2.0-release-by-ifup.patch
@ -44,33 +46,30 @@ Patch5: dhcp-4.2.0-ldap.patch
Patch6: dhcp-4.2.0-dhclient-usage.patch Patch6: dhcp-4.2.0-dhclient-usage.patch
Patch7: dhcp-4.2.0-default-requested-options.patch Patch7: dhcp-4.2.0-default-requested-options.patch
Patch8: dhcp-4.2.0-xen-checksum.patch Patch8: dhcp-4.2.0-xen-checksum.patch
Patch10: dhcp-4.2.0-manpages.patch Patch10: dhcp-4.2.1-manpages.patch
Patch11: dhcp-4.2.0-paths.patch Patch11: dhcp-4.2.0-paths.patch
Patch12: dhcp-4.2.0-CLOEXEC.patch Patch12: dhcp-4.2.0-CLOEXEC.patch
Patch13: dhcp-4.2.0-inherit-leases.patch Patch13: dhcp-4.2.0-inherit-leases.patch
Patch14: dhcp-4.2.0-garbage-chars.patch Patch14: dhcp-4.2.0-garbage-chars.patch
Patch15: dhcp-4.2.0-invalid-dhclient-conf.patch Patch15: dhcp-4.2.0-missing-ipv6-not-fatal.patch
Patch16: dhcp-4.2.0-missing-ipv6-not-fatal.patch Patch16: dhcp-4.2.0-IFNAMSIZ.patch
Patch17: dhcp-4.2.0-IFNAMSIZ.patch Patch17: dhcp-4.2.0-add_timeout_when_NULL.patch
Patch18: dhcp-4.2.0-add_timeout_when_NULL.patch Patch18: dhcp-4.2.1-64_bit_lease_parse.patch
Patch19: dhcp-4.2.0-P1-64_bit_lease_parse.patch Patch19: dhcp-4.2.1-capability.patch
Patch20: dhcp-4.2.0-capability.patch Patch20: dhcp-4.2.0-logpid.patch
Patch21: dhcp-4.2.0-logpid.patch Patch21: dhcp-4.2.0-UseMulticast.patch
Patch22: dhcp-4.2.0-UseMulticast.patch Patch22: dhcp-4.2.0-sendDecline.patch
Patch23: dhcp-4.2.0-sendDecline.patch Patch23: dhcp-4.2.1-retransmission.patch
Patch24: dhcp-4.2.0-retransmission.patch Patch24: dhcp-4.2.0-initialization-delay.patch
Patch25: dhcp-4.2.0-release6-elapsed.patch Patch25: dhcp-4.2.0-rfc3442-classless-static-routes.patch
Patch26: dhcp-4.2.0-initialization-delay.patch Patch26: dhcp-4.2.1-PIE-RELRO.patch
Patch27: dhcp-4.2.0-parse_date.patch Patch27: dhcp-4.2.0-honor-expired.patch
Patch28: dhcp-4.2.0-rfc3442-classless-static-routes.patch Patch28: dhcp-4.2.0-noprefixavail.patch
Patch29: dhcp-4.2.0-PIE-RELRO.patch Patch29: dhcp420-rh637017.patch
Patch30: dhcp-4.2.0-honor-expired.patch Patch30: dhcp420-sharedlib.patch
Patch31: dhcp-4.2.0-noprefixavail.patch Patch31: dhcp-4.2.0-PPP.patch
Patch32: dhcp420-rh637017.patch Patch32: dhcp-4.2.0-P2-omapi.patch
Patch33: dhcp420-sharedlib.patch Patch33: dhcp-4.2.0-P2-ldap-configuration.patch
Patch34: dhcp-4.2.0-PPP.patch
Patch35: dhcp-4.2.0-P2-omapi.patch
Patch36: dhcp-4.2.0-P2-ldap-configuration.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
@ -223,72 +222,60 @@ rm bind/bind.tar.gz
# Fix 'garbage in format string' error (#450042) # Fix 'garbage in format string' error (#450042)
%patch14 -p1 -b .garbage %patch14 -p1 -b .garbage
# The sample dhclient.conf should say 'supersede domain-search' (#467955)
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19147])
%patch15 -p1 -b .supersede
# If the ipv6 kernel module is missing, do not segfault # If the ipv6 kernel module is missing, do not segfault
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19367]) # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19367])
%patch16 -p1 -b .noipv6 %patch15 -p1 -b .noipv6
# Read only up to IFNAMSIZ characters for the interface name in dhcpd (#441524) # Read only up to IFNAMSIZ characters for the interface name in dhcpd (#441524)
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19617]) # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19617])
%patch17 -p1 -b .ifnamsiz %patch16 -p1 -b .ifnamsiz
# Handle cases in add_timeout() where the function is called with a NULL # Handle cases in add_timeout() where the function is called with a NULL
# value for the 'when' parameter # value for the 'when' parameter
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19867]) # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #19867])
%patch18 -p1 -b .dracut %patch17 -p1 -b .dracut
# Ensure 64-bit platforms parse lease file dates & times correctly (#448615, #628258) # Ensure 64-bit platforms parse lease file dates & times correctly (#448615, #628258)
# (Partly submitted to dhcp-bugs@isc.org - [ISC-Bugs #22033]) # (Partly submitted to dhcp-bugs@isc.org - [ISC-Bugs #22033])
%patch19 -p1 -b .64-bit_lease_parse %patch18 -p1 -b .64-bit_lease_parse
# Drop unnecessary capabilities in dhclient (#517649, #546765) # Drop unnecessary capabilities in dhclient (#517649, #546765)
%patch20 -p1 -b .capability %patch19 -p1 -b .capability
# dhclient logs its pid to make troubleshooting NM managed systems # dhclient logs its pid to make troubleshooting NM managed systems
# with multiple dhclients running easier (#546792) # with multiple dhclients running easier (#546792)
%patch21 -p1 -b .logpid %patch20 -p1 -b .logpid
# Discard unicast Request/Renew/Release/Decline message # Discard unicast Request/Renew/Release/Decline message
# (unless we set unicast option) and respond with Reply # (unless we set unicast option) and respond with Reply
# with UseMulticast Status Code option (#573090) # with UseMulticast Status Code option (#573090)
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #21235]) # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #21235])
%patch22 -p1 -b .UseMulticast %patch21 -p1 -b .UseMulticast
# If any of the bound addresses are found to be in use on the link, # If any of the bound addresses are found to be in use on the link,
# the dhcpv6 client sends a Decline message to the server # the dhcpv6 client sends a Decline message to the server
# as described in section 18.1.7 of RFC-3315 (#559147) # as described in section 18.1.7 of RFC-3315 (#559147)
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #21237]) # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #21237])
%patch23 -p1 -b .sendDecline %patch22 -p1 -b .sendDecline
# In client initiated message exchanges stop retransmission # In client initiated message exchanges stop retransmission
# upon reaching the MRD rather than at some point after it (#559153) # upon reaching the MRD rather than at some point after it (#559153)
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #21238]) # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #21238])
%patch24 -p1 -b .retransmission %patch23 -p1 -b .retransmission
# Fill in Elapsed Time Option in Release message (#582939)
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #21171])
%patch25 -p1 -b .release6-elapsed
# Cut down the 0-4 second delay before sending first DHCPDISCOVER (#587070) # Cut down the 0-4 second delay before sending first DHCPDISCOVER (#587070)
%patch26 -p1 -b .initialization-delay %patch24 -p1 -b .initialization-delay
# Fix parsing of date (#514828)
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #21501])
%patch27 -p1 -b .parse_date
# RFC 3442 - Classless Static Route Option for DHCPv4 (#516325) # RFC 3442 - Classless Static Route Option for DHCPv4 (#516325)
%patch28 -p1 -b .rfc3442 %patch25 -p1 -b .rfc3442
# hardening dhcpd/dhcrelay/dhclient by making them PIE & RELRO # hardening dhcpd/dhcrelay/dhclient by making them PIE & RELRO
%patch29 -p1 -b .PIE-RELRO %patch26 -p1 -b .PIE-RELRO
# check whether there is any unexpired address in previous lease # check whether there is any unexpired address in previous lease
# prior to confirming (INIT-REBOOT) the lease (#585418) # prior to confirming (INIT-REBOOT) the lease (#585418)
# (Submitted to dhcp-suggest@isc.org - [ISC-Bugs #22675]) # (Submitted to dhcp-suggest@isc.org - [ISC-Bugs #22675])
%patch30 -p1 -b .honor-expired %patch27 -p1 -b .honor-expired
# 1) When server has empty pool of addresses/prefixes it must send Advertise with # 1) When server has empty pool of addresses/prefixes it must send Advertise with
# NoAddrsAvail/NoPrefixAvail status in response to clients Solicit. # NoAddrsAvail/NoPrefixAvail status in response to clients Solicit.
@ -299,22 +286,22 @@ rm bind/bind.tar.gz
# Without this patch server ignored client's Solicit in which the client was sending # Without this patch server ignored client's Solicit in which the client was sending
# prefix in IA_PD (as a preference) and this prefix was not in any of server's pools. # prefix in IA_PD (as a preference) and this prefix was not in any of server's pools.
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #22676]) # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #22676])
%patch31 -p1 -b .noprefixavail %patch28 -p1 -b .noprefixavail
# Fire away bundled BIND source. # Fire away bundled BIND source.
%patch32 -p1 -b .rh637017 %patch29 -p1 -b .rh637017
#Build dhcp's libraries as shared libs instead of static libs. #Build dhcp's libraries as shared libs instead of static libs.
%patch33 -p1 -b .sharedlib %patch30 -p1 -b .sharedlib
# DHCPv6 over PPP support (#626514) # DHCPv6 over PPP support (#626514)
%patch34 -p1 -b .PPP %patch31 -p1 -b .PPP
# Fix OMAPI (#666441) # Fix OMAPI (#666441)
%patch35 -p1 -b .omapi %patch32 -p1 -b .omapi
# Fix loading of configuration when LDAP is used (#668276) # Fix loading of configuration when LDAP is used (#668276)
# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #22888]) # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #22888])
%patch36 -p1 -b .ldap-configuration %patch33 -p1 -b .ldap-configuration
# Copy in the Fedora/RHEL dhclient script # Copy in the Fedora/RHEL dhclient script
%{__install} -p -m 0755 %{SOURCE4} client/scripts/linux %{__install} -p -m 0755 %{SOURCE4} client/scripts/linux
@ -663,6 +650,10 @@ fi
%attr(0644,root,root) %{_mandir}/man3/omapi.3.gz %attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
%changelog %changelog
* Thu Jan 27 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.1-0.1.b1
- 4.2.1b1: fix for CVE-2011-0413 (#672996)
- No longer need invalid-dhclient-conf, parse_date and release6-elapsed patches
* Thu Jan 13 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.0-26.P2 * Thu Jan 13 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.0-26.P2
- Fix loading of configuration when LDAP is used (#668276) - Fix loading of configuration when LDAP is used (#668276)

View File

@ -1 +1 @@
a98f4ce3ca651e7e28a5a1ae6398689e dhcp-4.2.0-P2.tar.gz 44c613e8703658588fce1c79da0a2843 dhcp-4.2.1b1.tar.gz