Don't listen on random port (#962950)

dhcp-dhclient-ddns_lazy.patch

@@ -0,0 +1,136 @@
+diff --git a/common/dns.c b/common/dns.c
+index 0f8be80..37878bc 100644
+--- a/common/dns.c
++++ b/common/dns.c
+@@ -2132,6 +2132,41 @@ void ddns_interlude(isc_task_t  *taskp,
+ }
+ 
+ /*
++ * Moved here from omapip/isclib.c, function dhcp_context_create.
++ * Create dnsclient only before the first use.
++ */
++static isc_result_t
++dns_client_lazy() {
++	isc_result_t result;
++	if (dhcp_gbl_ctx.dnsclient == NULL){
++		result = dns_client_createx2(dhcp_gbl_ctx.mctx,
++					     dhcp_gbl_ctx.actx,
++					     dhcp_gbl_ctx.taskmgr,
++					     dhcp_gbl_ctx.socketmgr,
++					     dhcp_gbl_ctx.timermgr,
++					     0,
++					     &dhcp_gbl_ctx.dnsclient,
++					     dhcp_gbl_ctx.local4_ptr,
++					     dhcp_gbl_ctx.local6_ptr);
++		if (result != ISC_R_SUCCESS)
++			return result;
++		/*
++		 * If we can't set up the servers we may not be able to
++		 * do DDNS but we should continue to try and perform
++		 * our basic functions and let the user sort it out.
++		 */
++		result = dhcp_dns_client_setservers();
++		if (result != ISC_R_SUCCESS) {
++			log_error("Unable to set resolver from resolv.conf; "
++				  "startup continuing but DDNS support "
++				  "may be affected");
++		}
++	};
++	return ISC_R_SUCCESS;
++}
++
++
++/*
+  * This routine does the generic work for sending a ddns message to
+  * modify the forward record (A or AAAA) and calls one of a set of
+  * routines to build the specific message.
+@@ -2154,6 +2189,10 @@ ddns_modify_fwd(dhcp_ddns_cb_t *ddns_cb, const char *file, int line)
+ 	/* Get a pointer to the clientname to make things easier. */
+ 	clientname = (unsigned char *)ddns_cb->fwd_name.data;
+ 
++	result = dns_client_lazy();
++	if (result != ISC_R_SUCCESS)
++		return result;
++
+ 	/* Extract and validate the type of the address. */
+ 	if (ddns_cb->address.len == 4) {
+ 		ddns_cb->address_type = dns_rdatatype_a;
+@@ -2359,6 +2398,10 @@ ddns_modify_ptr(dhcp_ddns_cb_t *ddns_cb, const char *file, int line)
+ 	unsigned char buf[256];
+ 	int buflen;
+ 
++	result = dns_client_lazy();
++	if (result != ISC_R_SUCCESS)
++		return result;
++
+ 	/*
+ 	 * Try to lookup the zone in the zone cache.  As with the forward
+ 	 * case it's okay if we don't have one, the DNS code will try to
+diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
+index caa388a..7f2719b 100644
+--- a/includes/omapip/isclib.h
++++ b/includes/omapip/isclib.h
+@@ -98,6 +98,8 @@ typedef struct dhcp_context {
+ 	isc_timermgr_t	*timermgr;
+ #if defined (NSUPDATE)
+   	dns_client_t    *dnsclient;
++	isc_sockaddr_t  *local4_ptr;
++	isc_sockaddr_t  *local6_ptr;
+ #endif
+ } dhcp_context_t;
+ 
+diff --git a/omapip/isclib.c b/omapip/isclib.c
+index 13f0d3e..36b399d 100644
+--- a/omapip/isclib.c
++++ b/omapip/isclib.c
+@@ -220,40 +220,22 @@ dhcp_context_create(int flags,
+ 	}
+ 
+ #if defined (NSUPDATE)
++        /*
++        * Setting addresses only.
++        * All real work will be done later on if needed to avoid listening 
++        * on ddns port if client/server was compiled with ddns support 
++        * but not using it.
++        */
+ 	if ((flags & DHCP_CONTEXT_POST_DB) != 0) {
+-		isc_sockaddr_t localaddr4, *localaddr4_ptr = NULL;
+-		isc_sockaddr_t localaddr6, *localaddr6_ptr = NULL;
++		isc_sockaddr_t localaddr4;
++		isc_sockaddr_t localaddr6;
+ 		if (local4 != NULL) {
+ 			isc_sockaddr_fromin(&localaddr4, local4, 0);
+-			localaddr4_ptr = &localaddr4;
++			dhcp_gbl_ctx.local4_ptr = &localaddr4;
+ 		}
+ 		if (local6 != NULL) {
+ 			isc_sockaddr_fromin6(&localaddr6, local6, 0);
+-			localaddr6_ptr = &localaddr6;
+-		}
+-
+-		result = dns_client_createx2(dhcp_gbl_ctx.mctx,
+-					     dhcp_gbl_ctx.actx,
+-					     dhcp_gbl_ctx.taskmgr,
+-					     dhcp_gbl_ctx.socketmgr,
+-					     dhcp_gbl_ctx.timermgr,
+-					     0,
+-					     &dhcp_gbl_ctx.dnsclient,
+-					     localaddr4_ptr,
+-					     localaddr6_ptr);
+-		if (result != ISC_R_SUCCESS)
+-			goto cleanup;
+-
+-		/*
+-		 * If we can't set up the servers we may not be able to
+-		 * do DDNS but we should continue to try and perform
+-		 * our basic functions and let the user sort it out.
+-		 */
+-		result = dhcp_dns_client_setservers();
+-		if (result != ISC_R_SUCCESS) {
+-			log_error("Unable to set resolver from resolv.conf; "
+-				  "startup continuing but DDNS support "
+-				  "may be affected");
++			dhcp_gbl_ctx.local6_ptr = &localaddr6;
+ 		}
+ 	}
+ #endif

dhcp.spec

@@ -19,7 +19,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.3.5
-Release:  5%{?dist}
+Release:  7%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -77,6 +77,9 @@ Patch34:  dhcp-sd_notify.patch
 Patch36:  dhcp-option97-pxe-client-id.patch
 Patch37:  dhcp-stateless-DUID-LLT.patch
 Patch38:  dhcp-dhclient-preinit6s.patch
+Patch39:  dhcp-dhclient-ddns_lazy.patch
+
+
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -343,6 +346,9 @@ rm bind/bind.tar.gz
 # dhclient: make sure link-local address is ready in stateless mode (#1263466)
 %patch38 -p1 -b .preinit6s
 
+# [ISC-BUGS] #33377.
+%patch39 -p1 -b .ddnsport
+
 # DHCLIENT_DEFAULT_PREFIX_LEN  64 -> 128
 # https://bugzilla.gnome.org/show_bug.cgi?id=656610
 sed -i -e 's|DHCLIENT_DEFAULT_PREFIX_LEN 64|DHCLIENT_DEFAULT_PREFIX_LEN 128|g' includes/site.h
@@ -670,6 +676,9 @@ done
 %endif
 
 %changelog
+* Tue May 23 2017 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.5-7
+- Don't open ddns port until it's needed. Credits to Petr Menšík for the original idea
+
 * Wed Apr 19 2017 Dominika Hodovska <dhodovsk@redhat.com> - 12:4.3.5-5
 - don't build doxygen documentation during modular build