Compare commits
No commits in common. "imports/c8-beta/dhcp-4.3.6-40.el8" and "c8" have entirely different histories.
imports/c8
...
c8
|
@ -1,19 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
INTERFACE=$1 # The interface which is brought up or down
|
||||
STATUS=$2 # The new state of the interface
|
||||
|
||||
# whenever interface is brought up by NM (rhbz #565921)
|
||||
if [ "$STATUS" = "up" ]; then
|
||||
# wait a few seconds to allow interface startup to complete
|
||||
# (important at boot time without this the service still fails
|
||||
# time-out for dispatcher script is 3s (rhbz#1003695#8)
|
||||
sleep 2
|
||||
# restart the services
|
||||
# In case this dispatcher script is called several times in a short period of time, it might happen that
|
||||
# systemd refuses to further restart the units. Therefore we use reset-failed command to prevent it.
|
||||
systemctl -q is-enabled dhcpd.service && systemctl restart dhcpd.service && systemctl reset-failed dhcpd.service
|
||||
systemctl -q is-enabled dhcpd6.service && systemctl restart dhcpd6.service && systemctl reset-failed dhcpd6.service
|
||||
fi
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,32 @@
|
|||
diff --git a/common/options.c b/common/options.c
|
||||
index ed8ac38..addc65a 100644
|
||||
--- a/common/options.c
|
||||
+++ b/common/options.c
|
||||
@@ -4397,6 +4397,8 @@ add_option(struct option_state *options,
|
||||
if (!option_cache_allocate(&oc, MDL)) {
|
||||
log_error("No memory for option cache adding %s (option %d).",
|
||||
option->name, option_num);
|
||||
+ /* Get rid of reference created during hash lookup. */
|
||||
+ option_dereference(&option, MDL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -4408,6 +4410,8 @@ add_option(struct option_state *options,
|
||||
MDL)) {
|
||||
log_error("No memory for constant data adding %s (option %d).",
|
||||
option->name, option_num);
|
||||
+ /* Get rid of reference created during hash lookup. */
|
||||
+ option_dereference(&option, MDL);
|
||||
option_cache_dereference(&oc, MDL);
|
||||
return 0;
|
||||
}
|
||||
@@ -4416,6 +4420,9 @@ add_option(struct option_state *options,
|
||||
save_option(&dhcp_universe, options, oc);
|
||||
option_cache_dereference(&oc, MDL);
|
||||
|
||||
+ /* Get rid of reference created during hash lookup. */
|
||||
+ option_dereference(&option, MDL);
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
diff --git a/common/options.c b/common/options.c
|
||||
index addc65a..3e6383a 100644
|
||||
--- a/common/options.c
|
||||
+++ b/common/options.c
|
||||
@@ -435,16 +435,16 @@ int fqdn_universe_decode (struct option_state *options,
|
||||
while (s < &bp -> data[0] + length + 2) {
|
||||
len = *s;
|
||||
if (len > 63) {
|
||||
- log_info ("fancy bits in fqdn option");
|
||||
- return 0;
|
||||
+ log_info ("label length exceeds 63 in fqdn option");
|
||||
+ goto bad;
|
||||
}
|
||||
if (len == 0) {
|
||||
terminated = 1;
|
||||
break;
|
||||
}
|
||||
if (s + len > &bp -> data [0] + length + 3) {
|
||||
- log_info ("fqdn tag longer than buffer");
|
||||
- return 0;
|
||||
+ log_info ("fqdn label longer than buffer");
|
||||
+ goto bad;
|
||||
}
|
||||
|
||||
if (first_len == 0) {
|
|
@ -0,0 +1,12 @@
|
|||
diff --git a/common/options.c b/common/options.c
|
||||
index 3e6383a..9216ae4 100644
|
||||
--- a/common/options.c
|
||||
+++ b/common/options.c
|
||||
@@ -1122,7 +1122,6 @@ store_options6(char *buf, int buflen,
|
||||
*/
|
||||
if (code == vsio_option_code) {
|
||||
vsio_wanted = 1;
|
||||
- continue;
|
||||
}
|
||||
|
||||
/*
|
|
@ -0,0 +1,200 @@
|
|||
From e6ffc27f24321017a5ad9af3707f4e2e54bbac74 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Markwalder <tmark@isc.org>
|
||||
Date: Mon, 11 Dec 2017 07:19:43 -0500
|
||||
Subject: [PATCH] [master] Adds key-algorithm statement to omshell
|
||||
|
||||
Merges in rt46771.
|
||||
---
|
||||
RELNOTES | 7 +++++++
|
||||
common/conflex.c | 2 ++
|
||||
dhcpctl/omshell.1 | 32 ++++++++++++++++++++++++--------
|
||||
dhcpctl/omshell.c | 38 +++++++++++++++++++++++++++++++++++---
|
||||
includes/dhctoken.h | 3 ++-
|
||||
5 files changed, 70 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/common/conflex.c b/common/conflex.c
|
||||
index 8ce024af..045b655d 100644
|
||||
--- a/common/conflex.c
|
||||
+++ b/common/conflex.c
|
||||
@@ -1104,6 +1104,8 @@ intern(char *atom, enum dhcp_token dfv) {
|
||||
}
|
||||
if (!strcasecmp (atom + 1, "ey"))
|
||||
return KEY;
|
||||
+ if (!strcasecmp (atom + 1, "ey-algorithm"))
|
||||
+ return KEY_ALGORITHM;
|
||||
break;
|
||||
case 'l':
|
||||
if (!strcasecmp (atom + 1, "case"))
|
||||
diff --git a/dhcpctl/omshell.1 b/dhcpctl/omshell.1
|
||||
index 4846272a..2f55e965 100644
|
||||
--- a/dhcpctl/omshell.1
|
||||
+++ b/dhcpctl/omshell.1
|
||||
@@ -1,7 +1,6 @@
|
||||
.\" $Id: omshell.1,v 1.6 2009/11/24 02:06:56 sar Exp $
|
||||
.\"
|
||||
-.\" Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
|
||||
-.\" Copyright (c) 2004,2009 by Internet Systems Consortium, Inc. ("ISC")
|
||||
+.\" Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (c) 2001-2003 by Internet Software Consortium
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and distribute this software for any
|
||||
@@ -81,7 +80,24 @@ where number is the port that OMAPI listens on. By default, this is 7911.
|
||||
This specifies the TSIG key to use to authenticate the OMAPI transactions.
|
||||
\fIname\fR is the name of a key defined in \fIdhcpd.conf\fR with the
|
||||
\fBomapi-key\fR statement. The \fIsecret\fR is the secret key generated from
|
||||
-\fBdnssec-keygen\fR or another key generation program.
|
||||
+\fBdnssec-keygen\fR or another key generation program. The key algorithm is
|
||||
+assumed to be HMAC-MD5 key. If a different algorithm was specified in dhcpd.conf
|
||||
+file for the key, then it must be specified via the \fIkey-algorithm\fR statement.
|
||||
+.RE
|
||||
+.PP
|
||||
+.B key-algorithm \fIalgorithm\fR
|
||||
+.RS 0.5i
|
||||
+This specifies the cryptographic algorithm for the key used when authenticating OMAPI
|
||||
+transactions. Supported values for \fIalgorithm\fR are:
|
||||
+.nf
|
||||
+ HMAC-MD5
|
||||
+ HMAC-SHA1
|
||||
+ HMAC-SHA224
|
||||
+ HMAC-SHA256
|
||||
+ HMAC-SHA384
|
||||
+ HMAC-SHA512
|
||||
+fi
|
||||
+The default is HMAC-MD5. (Value is not case sensitive).
|
||||
.RE
|
||||
.PP
|
||||
.B connect
|
||||
@@ -253,7 +269,7 @@ name = "some-host"
|
||||
hardware-address = 00:80:c7:84:b1:94
|
||||
hardware-type = 00:00:00:01
|
||||
ip-address = c0:a8:04:28
|
||||
->
|
||||
+>
|
||||
.fi
|
||||
.PP
|
||||
Your dhcpd.leases file would then have an entry like this in it:
|
||||
@@ -267,7 +283,7 @@ host some-host {
|
||||
.fi
|
||||
.PP
|
||||
The \fIdynamic;\fR line is to denote that this host entry did not come from
|
||||
-dhcpd.conf, but was created dynamically via OMAPI.
|
||||
+dhcpd.conf, but was created dynamically via OMAPI.
|
||||
.SH RESETTING ATTRIBUTES
|
||||
.PP
|
||||
If you want to remove an attribute from an object, you can do this with the
|
||||
@@ -288,7 +304,7 @@ name = "some-host"
|
||||
hardware-address = 00:80:c7:84:b1:94
|
||||
hardware-type = 00:00:00:01
|
||||
ip-address = <null>
|
||||
->
|
||||
+>
|
||||
.fi
|
||||
.SH REFRESHING OBJECTS
|
||||
.PP
|
||||
@@ -300,7 +316,7 @@ particularly useful for hosts.
|
||||
.PP
|
||||
Any remote object that can be created can also be destroyed. This is done by
|
||||
creating a new local object, setting attributes, associating the local and
|
||||
-remote object using \fBopen\fR, and then using the \fBremove\fR command.
|
||||
+remote object using \fBopen\fR, and then using the \fBremove\fR command.
|
||||
If the host "some-host" from before was created in error, this could be
|
||||
corrected as follows:
|
||||
.nf
|
||||
@@ -312,7 +328,7 @@ hardware-type = 00:00:00:01
|
||||
ip-address = c0:a8:04:28
|
||||
> remove
|
||||
obj: <null>
|
||||
->
|
||||
+>
|
||||
.fi
|
||||
.SH HELP
|
||||
.PP
|
||||
diff --git a/dhcpctl/omshell.c b/dhcpctl/omshell.c
|
||||
index c42bab1a..9233f50e 100644
|
||||
--- a/dhcpctl/omshell.c
|
||||
+++ b/dhcpctl/omshell.c
|
||||
@@ -321,12 +321,42 @@ main(int argc, char **argv) {
|
||||
}
|
||||
break;
|
||||
|
||||
+ case KEY_ALGORITHM:
|
||||
+ /* Algorithm is optional */
|
||||
+ token = next_token (&val, (unsigned *)0, cfile);
|
||||
+ if (token != NAME || !is_identifier(token)) {
|
||||
+ printf ("missing or invalid algorithm name\n");
|
||||
+ printf ("usage: key-algoritm <algorithm name>\n");
|
||||
+ skip_to_semi (cfile);
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ s = dmalloc (strlen (val) + 1, MDL);
|
||||
+ if (!s) {
|
||||
+ printf ("no memory for algorithm name.\n");
|
||||
+ skip_to_semi (cfile);
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ strcpy (s, val);
|
||||
+ algorithm = s;
|
||||
+
|
||||
+ token = next_token (&val, (unsigned *)0, cfile);
|
||||
+ if (token != END_OF_FILE && token != EOL) {
|
||||
+ printf ("extra information after %s\n", algorithm);
|
||||
+ printf ("usage: key-algorithm <algorithm name>\n");
|
||||
+ skip_to_semi (cfile);
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ break;
|
||||
+
|
||||
case KEY:
|
||||
token = peek_token(&val, (unsigned *)0, cfile);
|
||||
if (token == STRING) {
|
||||
token = next_token (&val, (unsigned *)0, cfile);
|
||||
if (!is_identifier (token)) {
|
||||
- printf ("usage: key <name> <value>\n");
|
||||
+ printf ("usage: key <name> <value>\n");
|
||||
skip_to_semi (cfile);
|
||||
break;
|
||||
}
|
||||
@@ -340,7 +370,7 @@ main(int argc, char **argv) {
|
||||
} else {
|
||||
s = parse_host_name(cfile);
|
||||
if (s == NULL) {
|
||||
- printf ("usage: key <name> <value>\n");
|
||||
+ printf ("usage: key <name> <value>\n");
|
||||
skip_to_semi(cfile);
|
||||
break;
|
||||
}
|
||||
@@ -352,12 +382,14 @@ main(int argc, char **argv) {
|
||||
skip_to_semi (cfile);
|
||||
break;
|
||||
}
|
||||
+
|
||||
token = next_token (&val, (unsigned *)0, cfile);
|
||||
if (token != END_OF_FILE && token != EOL) {
|
||||
- printf ("usage: key <name> <secret>\n");
|
||||
+ printf ("usage: key <name> <value> {algorithm}\n");
|
||||
skip_to_semi (cfile);
|
||||
break;
|
||||
}
|
||||
+
|
||||
break;
|
||||
|
||||
case CONNECT:
|
||||
diff --git a/includes/dhctoken.h b/includes/dhctoken.h
|
||||
index 6fc4df3..ca24d4c 100644
|
||||
--- a/includes/dhctoken.h
|
||||
+++ b/includes/dhctoken.h
|
||||
@@ -374,8 +374,9 @@ enum dhcp_token {
|
||||
LEASE_ID_FORMAT = 676,
|
||||
TOKEN_HEX = 677,
|
||||
TOKEN_OCTAL = 678,
|
||||
- BOOTP_BROADCAST_ALWAYS = 679,
|
||||
- DESTINATION_DESCRIPTOR = 680
|
||||
+ KEY_ALGORITHM = 679,
|
||||
+ BOOTP_BROADCAST_ALWAYS = 680,
|
||||
+ DESTINATION_DESCRIPTOR = 681
|
||||
};
|
||||
|
||||
#define is_identifier(x) ((x) >= FIRST_TOKEN && \
|
|
@ -0,0 +1,155 @@
|
|||
diff --git a/omapip/connection.c b/omapip/connection.c
|
||||
index a74becc..56826a5 100644
|
||||
--- a/omapip/connection.c
|
||||
+++ b/omapip/connection.c
|
||||
@@ -46,6 +46,9 @@ extern omapi_array_t *trace_listeners;
|
||||
#endif
|
||||
static isc_result_t omapi_connection_connect_internal (omapi_object_t *);
|
||||
|
||||
+static isc_result_t ctring_from_attribute(omapi_object_t *obj, char *attr_name,
|
||||
+ char **cstr);
|
||||
+
|
||||
OMAPI_OBJECT_ALLOC (omapi_connection,
|
||||
omapi_connection_object_t, omapi_type_connection)
|
||||
|
||||
@@ -765,64 +768,41 @@ isc_result_t omapi_connection_reaper (omapi_object_t *h)
|
||||
}
|
||||
|
||||
static isc_result_t make_dst_key (dst_key_t **dst_key, omapi_object_t *a) {
|
||||
- omapi_value_t *name = (omapi_value_t *)0;
|
||||
- omapi_value_t *algorithm = (omapi_value_t *)0;
|
||||
- omapi_value_t *key = (omapi_value_t *)0;
|
||||
- char *name_str = NULL;
|
||||
+ omapi_value_t *key = 0;
|
||||
+ char *name_str = 0;
|
||||
+ char *algorithm_str = 0;
|
||||
isc_result_t status = ISC_R_SUCCESS;
|
||||
|
||||
- if (status == ISC_R_SUCCESS)
|
||||
- status = omapi_get_value_str
|
||||
- (a, (omapi_object_t *)0, "name", &name);
|
||||
-
|
||||
- if (status == ISC_R_SUCCESS)
|
||||
- status = omapi_get_value_str
|
||||
- (a, (omapi_object_t *)0, "algorithm", &algorithm);
|
||||
-
|
||||
- if (status == ISC_R_SUCCESS)
|
||||
- status = omapi_get_value_str
|
||||
- (a, (omapi_object_t *)0, "key", &key);
|
||||
-
|
||||
+ /* Get the key name as a C string. */
|
||||
+ status = ctring_from_attribute(a, "name", &name_str);
|
||||
if (status == ISC_R_SUCCESS) {
|
||||
- if ((algorithm->value->type != omapi_datatype_data &&
|
||||
- algorithm->value->type != omapi_datatype_string) ||
|
||||
- strncasecmp((char *)algorithm->value->u.buffer.value,
|
||||
- NS_TSIG_ALG_HMAC_MD5 ".",
|
||||
- algorithm->value->u.buffer.len) != 0) {
|
||||
- status = DHCP_R_INVALIDARG;
|
||||
+ /* Get the algorithm name as a C string. */
|
||||
+ status = ctring_from_attribute(a, "algorithm", &algorithm_str);
|
||||
+ if (status == ISC_R_SUCCESS) {
|
||||
+ /* Get the key secret value */
|
||||
+ status = omapi_get_value_str(a, 0, "key", &key);
|
||||
+ if (status == ISC_R_SUCCESS) {
|
||||
+ /* Now let's try and create the key */
|
||||
+ status = isclib_make_dst_key(
|
||||
+ name_str,
|
||||
+ algorithm_str,
|
||||
+ key->value->u.buffer.value,
|
||||
+ key->value->u.buffer.len,
|
||||
+ dst_key);
|
||||
+
|
||||
+ if (*dst_key == NULL) {
|
||||
+ status = ISC_R_NOMEMORY;
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
- if (status == ISC_R_SUCCESS) {
|
||||
- name_str = dmalloc (name -> value -> u.buffer.len + 1, MDL);
|
||||
- if (!name_str)
|
||||
- status = ISC_R_NOMEMORY;
|
||||
- }
|
||||
-
|
||||
- if (status == ISC_R_SUCCESS) {
|
||||
- memcpy (name_str,
|
||||
- name -> value -> u.buffer.value,
|
||||
- name -> value -> u.buffer.len);
|
||||
- name_str [name -> value -> u.buffer.len] = 0;
|
||||
-
|
||||
- status = isclib_make_dst_key(name_str,
|
||||
- DHCP_HMAC_MD5_NAME,
|
||||
- key->value->u.buffer.value,
|
||||
- key->value->u.buffer.len,
|
||||
- dst_key);
|
||||
-
|
||||
- if (*dst_key == NULL)
|
||||
- status = ISC_R_NOMEMORY;
|
||||
- }
|
||||
-
|
||||
if (name_str)
|
||||
dfree (name_str, MDL);
|
||||
+ if (algorithm_str)
|
||||
+ dfree (algorithm_str, MDL);
|
||||
if (key)
|
||||
omapi_value_dereference (&key, MDL);
|
||||
- if (algorithm)
|
||||
- omapi_value_dereference (&algorithm, MDL);
|
||||
- if (name)
|
||||
- omapi_value_dereference (&name, MDL);
|
||||
|
||||
return status;
|
||||
}
|
||||
@@ -1105,3 +1085,50 @@ isc_result_t omapi_connection_stuff_values (omapi_object_t *c,
|
||||
m -> inner);
|
||||
return ISC_R_SUCCESS;
|
||||
}
|
||||
+
|
||||
+/* @brief Fetches the value of an attribute in an object as an allocated
|
||||
+ * C string
|
||||
+ *
|
||||
+ * @param obj ompapi object containing the desire attribute
|
||||
+ * @param attr_name name of the desired attribute
|
||||
+ * @param[out] cstr pointer in which to place the allocated C string's address
|
||||
+ *
|
||||
+ * Caller is responsible for freeing (via dfree) the allocated string.
|
||||
+ *
|
||||
+ * @return ISC_R_SUCCESS if successful, otherwise indicates the type of failure
|
||||
+*/
|
||||
+static isc_result_t ctring_from_attribute(omapi_object_t *obj, char *attr_name,
|
||||
+ char **cstr) {
|
||||
+ isc_result_t status = ISC_R_SUCCESS;
|
||||
+ omapi_value_t *attr = 0;
|
||||
+
|
||||
+ /* Find the attribute in the object. */
|
||||
+ status = omapi_get_value_str(obj, (omapi_object_t *)0, attr_name,
|
||||
+ &attr);
|
||||
+ if (status != ISC_R_SUCCESS) {
|
||||
+ return (status);
|
||||
+ }
|
||||
+
|
||||
+ /* Got it, let's make sure it's either data or string type. */
|
||||
+ if (attr->value->type != omapi_datatype_data &&
|
||||
+ attr->value->type != omapi_datatype_string) {
|
||||
+ return (DHCP_R_INVALIDARG);
|
||||
+ }
|
||||
+
|
||||
+ /* Make a C string from the attribute value. */
|
||||
+ *cstr = dmalloc (attr->value->u.buffer.len + 1, MDL);
|
||||
+ if (!(*cstr)) {
|
||||
+ status = ISC_R_NOMEMORY;
|
||||
+ } else {
|
||||
+ memcpy (*cstr, attr->value->u.buffer.value,
|
||||
+ attr->value->u.buffer.len);
|
||||
+ (*cstr)[attr->value->u.buffer.len] = 0;
|
||||
+ }
|
||||
+
|
||||
+ /* Get rid of the attribute reference */
|
||||
+ if (attr) {
|
||||
+ omapi_value_dereference (&attr, MDL);
|
||||
+ }
|
||||
+
|
||||
+ return (status);
|
||||
+}
|
|
@ -0,0 +1,21 @@
|
|||
diff --git a/common/parse.c b/common/parse.c
|
||||
index e78223c2..656b378b 100644
|
||||
--- a/common/parse.c
|
||||
+++ b/common/parse.c
|
||||
@@ -5790,13 +5790,14 @@ int parse_X (cfile, buf, max)
|
||||
skip_to_semi (cfile);
|
||||
return 0;
|
||||
}
|
||||
- convert_num (cfile, &buf [len], val, 16, 8);
|
||||
- if (len++ > max) {
|
||||
+ if (len >= max) {
|
||||
parse_warn (cfile,
|
||||
"hexadecimal constant too long.");
|
||||
skip_to_semi (cfile);
|
||||
return 0;
|
||||
}
|
||||
+ convert_num (cfile, &buf [len], val, 16, 8);
|
||||
+ len++;
|
||||
token = peek_token (&val, (unsigned *)0, cfile);
|
||||
if (token == COLON)
|
||||
token = next_token (&val,
|
|
@ -12,11 +12,14 @@
|
|||
#global patchver P1
|
||||
%global DHCPVERSION %{version}%{?prever}%{?patchver:-%{patchver}}
|
||||
|
||||
# bind has changed ABI with CVE-2023-50387 fixes. Require compatible build
|
||||
%global BIND_MINVER 9.11.36-14
|
||||
|
||||
|
||||
Summary: Dynamic host configuration protocol software
|
||||
Name: dhcp
|
||||
Version: 4.3.6
|
||||
Release: 40%{?dist}
|
||||
Release: 50%{?dist}
|
||||
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
|
||||
# dcantrell maintaining the package) made incorrect use of the epoch and
|
||||
# that's why it is at 12 now. It should have never been used, but it was.
|
||||
|
@ -28,7 +31,6 @@ Source0: ftp://ftp.isc.org/isc/dhcp/%{DHCPVERSION}/dhcp-%{DHCPVERSION}.tar.gz
|
|||
Source1: dhclient-script
|
||||
Source2: README.dhclient.d
|
||||
Source3: 11-dhclient
|
||||
Source4: 12-dhcpd
|
||||
Source5: 56dhclient
|
||||
Source6: dhcpd.service
|
||||
Source7: dhcpd6.service
|
||||
|
@ -83,6 +85,12 @@ Patch46: dhcp-dhclient_ipv6_prefix.patch
|
|||
Patch47: dhcp-isc_heap_delete.patch
|
||||
Patch48: dhcp-bind-9.11.patch
|
||||
Patch49: dhcp-detect-system-time-jumps.patch
|
||||
Patch50: dhcp-key_algorithm.patch
|
||||
Patch51: dhcp-statement_parser.patch
|
||||
Patch52: dhcp-omshell-hmac-sha512-support.patch
|
||||
Patch53: dhcp-CVE-2022-2928.patch
|
||||
Patch54: dhcp-CVE-2022-2929.patch
|
||||
Patch55: dhcp-dhcp6-vendor-opts.patch
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
|
@ -92,7 +100,7 @@ BuildRequires: openldap-devel
|
|||
BuildRequires: krb5-devel
|
||||
BuildRequires: libcap-ng-devel
|
||||
# https://fedorahosted.org/fpc/ticket/502#comment:3
|
||||
BuildRequires: bind-export-devel >= 9.11.11
|
||||
BuildRequires: bind-export-devel >= %{BIND_MINVER}
|
||||
BuildRequires: systemd systemd-devel
|
||||
# dhcp-sd_notify.patch
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
|
@ -117,6 +125,7 @@ DHCP (Dynamic Host Configuration Protocol)
|
|||
Summary: Provides the ISC DHCP server
|
||||
Requires: %{name}-common = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: bind-export-libs >= %{BIND_MINVER}
|
||||
Requires(pre): shadow-utils
|
||||
Requires(post): coreutils grep sed
|
||||
Requires(post): systemd
|
||||
|
@ -136,6 +145,7 @@ This package provides the ISC DHCP server.
|
|||
Summary: Provides the ISC DHCP relay agent
|
||||
Requires: %{name}-common = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: bind-export-libs >= %{BIND_MINVER}
|
||||
Requires(post): grep sed
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
|
@ -158,6 +168,7 @@ Obsoletes: dhclient < %{epoch}:%{version}-%{release}
|
|||
Requires: coreutils gawk grep ipcalc iproute iputils sed systemd
|
||||
Requires: %{name}-common = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: bind-export-libs >= %{BIND_MINVER}
|
||||
|
||||
%description client
|
||||
DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
|
||||
|
@ -358,6 +369,24 @@ rm bind/bind.tar.gz
|
|||
|
||||
%patch49 -p1 -b .time-change
|
||||
|
||||
# https://github.com/isc-projects/dhcp/commit/e6ffc27f24321017a5ad9af3707f4e2e54bbac74
|
||||
%patch50 -p1 -b .key-alg
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1963807
|
||||
%patch51 -p1
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2016248
|
||||
%patch52 -p1
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2132248
|
||||
%patch53 -p1
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2132245
|
||||
%patch54 -p1
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2142024
|
||||
%patch55 -p1
|
||||
|
||||
# Update paths in all man pages
|
||||
for page in client/dhclient.conf.5 client/dhclient.leases.5 \
|
||||
client/dhclient-script.8 client/dhclient.8 ; do
|
||||
|
@ -430,8 +459,6 @@ mkdir -p %{buildroot}%{dhcpconfdir}/dhclient.d
|
|||
# NetworkManager dispatcher script
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
|
||||
install -p -m 0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
|
||||
## https://bugzilla.redhat.com/show_bug.cgi?id=1685560
|
||||
install -p -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
|
||||
|
||||
# pm-utils script to handle suspend/resume and dhclient leases
|
||||
install -D -p -m 0755 %{SOURCE5} %{buildroot}%{_libdir}/pm-utils/sleep.d/56dhclient
|
||||
|
@ -631,7 +658,6 @@ done
|
|||
%config(noreplace) %{_sysconfdir}/openldap/schema/dhcp.schema
|
||||
%dir %{_sysconfdir}/NetworkManager
|
||||
%dir %{_sysconfdir}/NetworkManager/dispatcher.d
|
||||
%{_sysconfdir}/NetworkManager/dispatcher.d/12-dhcpd
|
||||
%attr(0644,root,root) %{_unitdir}/dhcpd.service
|
||||
%attr(0644,root,root) %{_unitdir}/dhcpd6.service
|
||||
%{_sbindir}/dhcpd
|
||||
|
@ -694,6 +720,39 @@ done
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Mar 05 2024 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-50
|
||||
- Rebuild because of bind ABI changes related to CVE-2023-50387
|
||||
|
||||
* Tue Oct 11 2022 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-49
|
||||
- Fix for CVE-2022-2928
|
||||
- Fix for CVE-2022-2929
|
||||
- send back dhcp6.vendor-opts again (#2142024)
|
||||
|
||||
* Tue May 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-48
|
||||
- omshell: add support for hmac-sha512 algorithm (#2016248)
|
||||
|
||||
* Tue Dec 21 2021 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-47
|
||||
- Rebuilt on a new side-tag (#2022715)
|
||||
|
||||
* Thu Dec 16 2021 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-46
|
||||
- Rebuild with new bind (#2022715)
|
||||
|
||||
* Thu May 27 2021 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-45
|
||||
- Fix for CVE-2021-25217
|
||||
|
||||
* Fri Dec 11 2020 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-44
|
||||
- Rebuild with new bind (#1904613)
|
||||
|
||||
* Wed Nov 25 2020 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-43
|
||||
- Drop 12-dhcp NM dispatchers script (#1898423)
|
||||
|
||||
* Tue Oct 20 2020 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-42
|
||||
- Add key-algorithm support.
|
||||
- Resolves: rhbz#1883999
|
||||
|
||||
* Mon Apr 20 2020 Artem Egorenkov <aegorenk@redhat.com> - 12:4.3.6-41
|
||||
- Rebuild with bind-9.11.18
|
||||
|
||||
* Tue Nov 26 2019 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-40
|
||||
- Rebuild with bind-9.11.13 again
|
||||
|
||||
|
|
Loading…
Reference in New Issue