import CS dhcp-4.3.6-50.el8

SOURCES/12-dhcpd

@@ -1,19 +0,0 @@
-#!/bin/bash
-
-INTERFACE=$1 # The interface which is brought up or down
-STATUS=$2 # The new state of the interface
-
-# whenever interface is brought up by NM (rhbz #565921)
-if [ "$STATUS" = "up" ]; then
-    # wait a few seconds to allow interface startup to complete
-    # (important at boot time without this the service still fails
-    # time-out for dispatcher script is 3s (rhbz#1003695#8)
-    sleep 2
-    # restart the services
-    # In case this dispatcher script is called several times in a short period of time, it might happen that
-    # systemd refuses to further restart the units. Therefore we use reset-failed command to prevent it.
-    systemctl -q is-enabled dhcpd.service && systemctl restart dhcpd.service && systemctl reset-failed dhcpd.service
-    systemctl -q is-enabled dhcpd6.service && systemctl restart dhcpd6.service && systemctl reset-failed dhcpd6.service
-fi
-
-exit 0

SOURCES/dhcp-CVE-2022-2928.patch

@@ -0,0 +1,32 @@
+diff --git a/common/options.c b/common/options.c
+index ed8ac38..addc65a 100644
+--- a/common/options.c
++++ b/common/options.c
+@@ -4397,6 +4397,8 @@ add_option(struct option_state *options,
+ 	if (!option_cache_allocate(&oc, MDL)) {
+ 		log_error("No memory for option cache adding %s (option %d).",
+ 			  option->name, option_num);
++		/* Get rid of reference created during hash lookup. */
++		option_dereference(&option, MDL);
+ 		return 0;
+ 	}
+ 
+@@ -4408,6 +4410,8 @@ add_option(struct option_state *options,
+ 			     MDL)) {
+ 		log_error("No memory for constant data adding %s (option %d).",
+ 			  option->name, option_num);
++		/* Get rid of reference created during hash lookup. */
++		option_dereference(&option, MDL);
+ 		option_cache_dereference(&oc, MDL);
+ 		return 0;
+ 	}
+@@ -4416,6 +4420,9 @@ add_option(struct option_state *options,
+ 	save_option(&dhcp_universe, options, oc);
+ 	option_cache_dereference(&oc, MDL);
+ 
++	/* Get rid of reference created during hash lookup. */
++	option_dereference(&option, MDL);
++
+ 	return 1;
+ }
+ 

SOURCES/dhcp-CVE-2022-2929.patch

@@ -0,0 +1,25 @@
+diff --git a/common/options.c b/common/options.c
+index addc65a..3e6383a 100644
+--- a/common/options.c
++++ b/common/options.c
+@@ -435,16 +435,16 @@ int fqdn_universe_decode (struct option_state *options,
+ 		while (s < &bp -> data[0] + length + 2) {
+ 			len = *s;
+ 			if (len > 63) {
+-				log_info ("fancy bits in fqdn option");
+-				return 0;
++				log_info ("label length exceeds 63 in fqdn option");
++				goto bad;
+ 			}
+ 			if (len == 0) {
+ 				terminated = 1;
+ 				break;
+ 			}
+ 			if (s + len > &bp -> data [0] + length + 3) {
+-				log_info ("fqdn tag longer than buffer");
+-				return 0;
++				log_info ("fqdn label longer than buffer");
++				goto bad;
+ 			}
+ 
+ 			if (first_len == 0) {

SOURCES/dhcp-bind-9.11.patch

@@ -0,0 +1,85 @@
+From ffb24c0bbd4d6f2b4718a1a8f4f2da237cc6ed66 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Fri, 14 Sep 2018 13:41:41 -0400
+Subject: [PATCH] [master] Added includes of new BIND9 compatibility headers,
+ updated util/bind.sh
+
+    Merges in rt48072.
+
+(cherry picked from commit 8194daabfd590f17825f0c61e9534bee5c99cc86)
+---
+ includes/omapip/isclib.h |  3 +++
+ includes/omapip/result.h |  1 +
+ server/dhcpv6.c          | 13 +++++++++----
+ 3 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
+index e2963089..fa5d9ad3 100644
+--- a/includes/omapip/isclib.h
++++ b/includes/omapip/isclib.h
+@@ -48,6 +48,9 @@
+ #include <string.h>
+ #include <netdb.h>
+ 
++#include <isc/boolean.h>
++#include <isc/int.h>
++
+ #include <isc/buffer.h>
+ #include <isc/lex.h>
+ #include <isc/lib.h>
+diff --git a/includes/omapip/result.h b/includes/omapip/result.h
+index ae5f7d6a..9c1fab23 100644
+--- a/includes/omapip/result.h
++++ b/includes/omapip/result.h
+@@ -26,6 +26,7 @@
+ #ifndef DHCP_RESULT_H
+ #define DHCP_RESULT_H 1
+ 
++#include <isc/boolean.h>
+ #include <isc/lang.h>
+ #include <isc/resultclass.h>
+ #include <isc/types.h>
+diff --git a/server/dhcpv6.c b/server/dhcpv6.c
+index 74487667..1a6ff241 100644
+--- a/server/dhcpv6.c
++++ b/server/dhcpv6.c
+@@ -1003,7 +1003,8 @@ void check_pool6_threshold(struct reply_state *reply,
+ 				  shared_name,
+ 				  inet_ntop(AF_INET6, &lease->addr,
+ 					    tmp_addr, sizeof(tmp_addr)),
+-				  used, count);
++				  (long long unsigned)(used),
++				  (long long unsigned)(count));
+ 		}
+ 		return;
+ 	}
+@@ -1035,7 +1036,8 @@ void check_pool6_threshold(struct reply_state *reply,
+ 		  "address: %s; high threshold %d%% %llu/%llu.",
+ 		  shared_name,
+ 		  inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
+-		  poolhigh, used, count);
++		  poolhigh, (long long unsigned)(used),
++		  (long long unsigned)(count));
+ 
+ 	/* handle the low threshold now, if we don't
+ 	 * have one we default to 0. */
+@@ -1383,12 +1385,15 @@ pick_v6_address(struct reply_state *reply)
+ 		log_debug("Unable to pick client address: "
+ 			  "no addresses available  - shared network %s: "
+ 			  " 2^64-1 < total, %llu active,  %llu abandoned",
+-			  shared_name, active - abandoned, abandoned);
++			  shared_name, (long long unsigned)(active - abandoned),
++			  (long long unsigned)(abandoned));
+ 	} else {
+ 		log_debug("Unable to pick client address: "
+ 			  "no addresses available  - shared network %s: "
+ 			  "%llu total, %llu active,  %llu abandoned",
+-			  shared_name, total, active - abandoned, abandoned);
++			  shared_name, (long long unsigned)(total),
++			  (long long unsigned)(active - abandoned),
++		          (long long unsigned)(abandoned));
+ 	}
+ 
+ 	return ISC_R_NORESOURCES;
+-- 
+2.14.5

SOURCES/dhcp-detect-system-time-jumps.patch

@@ -0,0 +1,93 @@
+From 41c6032ace65119e6a400365f7e90283c930afd4 Mon Sep 17 00:00:00 2001
+From: Pavel Zhukov <pzhukov@redhat.com>
+Date: Tue, 22 Oct 2019 16:23:01 +0200
+Subject: [PATCH 24/26] Detect system time changes
+Cc: pzhukov@redhat.com
+
+---
+ client/dhclient.c |  6 ++++++
+ common/dispatch.c | 11 ++++++++++-
+ includes/dhcpd.h  |  3 ++-
+ server/dhcpd.c    |  6 ++++++
+ 4 files changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/client/dhclient.c b/client/dhclient.c
+index 9b65438..44d508a 100644
+--- a/client/dhclient.c
++++ b/client/dhclient.c
+@@ -5408,6 +5408,12 @@ isc_result_t dhcp_set_control_state (control_object_state_t oldstate,
+ 		  case server_awaken:
+ 		    state_reboot (client);
+ 		    break;
++
++                  case server_time_changed:
++                    if (client->active){
++                      state_reboot (client);
++                    }
++                    break;
+ 		}
+ 	    }
+ 	}
+diff --git a/common/dispatch.c b/common/dispatch.c
+index d7fe200..8a24499 100644
+--- a/common/dispatch.c
++++ b/common/dispatch.c
+@@ -118,7 +118,6 @@ dispatch(void)
+ 		 * signal. It will return ISC_R_RELOAD in that
+ 		 * case. That is a normal behavior.
+ 		 */
+-
+ 		if (status == ISC_R_RELOAD) {
+ 			/*
+ 			 * dhcp_set_control_state() will do the job.
+@@ -129,6 +128,16 @@ dispatch(void)
+ 			if (status == ISC_R_SUCCESS)
+ 				status = ISC_R_RELOAD;
+ 		}
++
++                
++                if (status == ISC_R_TIMESHIFTED){
++                  status = dhcp_set_control_state(server_time_changed,
++                                                  server_time_changed);
++                  status = ISC_R_RELOAD;
++                  log_info ("System time has been changed. Unable to use existing leases. Restarting");
++                  // do nothing, restart context
++                };
++
+ 	} while (status == ISC_R_RELOAD);
+ 
+ 	log_fatal ("Dispatch routine failed: %s -- exiting",
+diff --git a/includes/dhcpd.h b/includes/dhcpd.h
+index 635c510..ec6c227 100644
+--- a/includes/dhcpd.h
++++ b/includes/dhcpd.h
+@@ -524,7 +524,8 @@ typedef enum {
+ 	server_running = 1,
+ 	server_shutdown = 2,
+ 	server_hibernate = 3,
+-	server_awaken = 4
++	server_awaken = 4,
++        server_time_changed = 5
+ } control_object_state_t;
+ 
+ typedef struct {
+diff --git a/server/dhcpd.c b/server/dhcpd.c
+index 530a923..4aef16b 100644
+--- a/server/dhcpd.c
++++ b/server/dhcpd.c
+@@ -1767,6 +1767,12 @@ isc_result_t dhcp_set_control_state (control_object_state_t oldstate,
+ {
+ 	struct timeval tv;
+ 
++        if (newstate == server_time_changed){
++          log_error ("System time has been changed. Leases information unreliable!");
++          return ISC_R_SUCCESS;
++        }
++
++                
+ 	if (newstate != server_shutdown)
+ 		return DHCP_R_INVALIDARG;
+ 	/* Re-entry. */
+-- 
+2.14.5
+

SOURCES/dhcp-dhcp6-vendor-opts.patch

@@ -0,0 +1,12 @@
+diff --git a/common/options.c b/common/options.c
+index 3e6383a..9216ae4 100644
+--- a/common/options.c
++++ b/common/options.c
+@@ -1122,7 +1122,6 @@ store_options6(char *buf, int buflen,
+ 		 */
+ 		if (code == vsio_option_code) {
+ 			vsio_wanted = 1;
+-			continue;
+ 		}
+ 
+ 		/*

SOURCES/dhcp-key_algorithm.patch

@@ -0,0 +1,200 @@
+From e6ffc27f24321017a5ad9af3707f4e2e54bbac74 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Mon, 11 Dec 2017 07:19:43 -0500
+Subject: [PATCH] [master] Adds key-algorithm statement to omshell
+
+    Merges in rt46771.
+---
+ RELNOTES            |  7 +++++++
+ common/conflex.c    |  2 ++
+ dhcpctl/omshell.1   | 32 ++++++++++++++++++++++++--------
+ dhcpctl/omshell.c   | 38 +++++++++++++++++++++++++++++++++++---
+ includes/dhctoken.h |  3 ++-
+ 5 files changed, 70 insertions(+), 12 deletions(-)
+
+diff --git a/common/conflex.c b/common/conflex.c
+index 8ce024af..045b655d 100644
+--- a/common/conflex.c
++++ b/common/conflex.c
+@@ -1104,6 +1104,8 @@ intern(char *atom, enum dhcp_token dfv) {
+ 		}
+ 		if (!strcasecmp (atom + 1, "ey"))
+ 			return KEY;
++		if (!strcasecmp (atom + 1, "ey-algorithm"))
++			return KEY_ALGORITHM;
+ 		break;
+ 	      case 'l':
+ 		if (!strcasecmp (atom + 1, "case"))
+diff --git a/dhcpctl/omshell.1 b/dhcpctl/omshell.1
+index 4846272a..2f55e965 100644
+--- a/dhcpctl/omshell.1
++++ b/dhcpctl/omshell.1
+@@ -1,7 +1,6 @@
+ .\"	$Id: omshell.1,v 1.6 2009/11/24 02:06:56 sar Exp $
+ .\"
+-.\" Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
+-.\" Copyright (c) 2004,2009 by Internet Systems Consortium, Inc. ("ISC")
++.\" Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
+ .\" Copyright (c) 2001-2003 by Internet Software Consortium
+ .\"
+ .\" Permission to use, copy, modify, and distribute this software for any
+@@ -81,7 +80,24 @@ where number is the port that OMAPI listens on.  By default, this is 7911.
+ This specifies the TSIG key to use to authenticate the OMAPI transactions.
+ \fIname\fR is the name of a key defined in \fIdhcpd.conf\fR with the
+ \fBomapi-key\fR statement.  The \fIsecret\fR is the secret key generated from
+-\fBdnssec-keygen\fR or another key generation program.
++\fBdnssec-keygen\fR or another key generation program.  The key algorithm is
++assumed to be HMAC-MD5 key. If a different algorithm was specified in dhcpd.conf
++file for the key, then it must be specified via the \fIkey-algorithm\fR statement.
++.RE
++.PP
++.B key-algorithm \fIalgorithm\fR
++.RS 0.5i
++This specifies the cryptographic algorithm for the key used when authenticating OMAPI
++transactions. Supported values for \fIalgorithm\fR are:
++.nf
++        HMAC-MD5
++        HMAC-SHA1
++        HMAC-SHA224
++        HMAC-SHA256
++        HMAC-SHA384
++        HMAC-SHA512
++fi
++The default is HMAC-MD5. (Value is not case sensitive).
+ .RE
+ .PP
+ .B connect
+@@ -253,7 +269,7 @@ name = "some-host"
+ hardware-address = 00:80:c7:84:b1:94
+ hardware-type = 00:00:00:01
+ ip-address = c0:a8:04:28
+-> 
++>
+ .fi
+ .PP
+ Your dhcpd.leases file would then have an entry like this in it:
+@@ -267,7 +283,7 @@ host some-host {
+ .fi
+ .PP
+ The \fIdynamic;\fR line is to denote that this host entry did not come from
+-dhcpd.conf, but was created dynamically via OMAPI.  
++dhcpd.conf, but was created dynamically via OMAPI.
+ .SH RESETTING ATTRIBUTES
+ .PP
+ If you want to remove an attribute from an object, you can do this with the
+@@ -288,7 +304,7 @@ name = "some-host"
+ hardware-address = 00:80:c7:84:b1:94
+ hardware-type = 00:00:00:01
+ ip-address = <null>
+-> 
++>
+ .fi
+ .SH REFRESHING OBJECTS
+ .PP
+@@ -300,7 +316,7 @@ particularly useful for hosts.
+ .PP
+ Any remote object that can be created can also be destroyed.  This is done by
+ creating a new local object, setting attributes, associating the local and
+-remote object using \fBopen\fR, and then using the \fBremove\fR command. 
++remote object using \fBopen\fR, and then using the \fBremove\fR command.
+ If the host "some-host" from before was created in error, this could be
+ corrected as follows:
+ .nf
+@@ -312,7 +328,7 @@ hardware-type = 00:00:00:01
+ ip-address = c0:a8:04:28
+ > remove
+ obj: <null>
+-> 
++>
+ .fi
+ .SH HELP
+ .PP
+diff --git a/dhcpctl/omshell.c b/dhcpctl/omshell.c
+index c42bab1a..9233f50e 100644
+--- a/dhcpctl/omshell.c
++++ b/dhcpctl/omshell.c
+@@ -321,12 +321,42 @@ main(int argc, char **argv) {
+ 		    }
+ 		    break;
+ 
++		  case KEY_ALGORITHM:
++		    /* Algorithm is optional */
++		    token = next_token (&val, (unsigned *)0, cfile);
++		    if (token != NAME || !is_identifier(token)) {
++			printf ("missing or invalid algorithm name\n");
++			printf ("usage: key-algoritm <algorithm name>\n");
++			skip_to_semi (cfile);
++			break;
++		    }
++
++		    s = dmalloc (strlen (val) + 1, MDL);
++		    if (!s) {
++			printf ("no memory for algorithm name.\n");
++			skip_to_semi (cfile);
++			break;
++		    }
++
++		    strcpy (s, val);
++		    algorithm = s;
++
++		    token = next_token (&val, (unsigned *)0, cfile);
++		    if (token != END_OF_FILE && token != EOL) {
++			    printf ("extra information after %s\n", algorithm);
++			    printf ("usage: key-algorithm <algorithm name>\n");
++			    skip_to_semi (cfile);
++			    break;
++		    }
++
++		    break;
++
+ 		  case KEY:
+ 		    token = peek_token(&val, (unsigned *)0, cfile);
+ 		    if (token == STRING) {
+ 			    token = next_token (&val, (unsigned *)0, cfile);
+ 			    if (!is_identifier (token)) {
+-				    printf ("usage: key <name> <value>\n");
++			            printf ("usage: key <name> <value>\n");
+ 				    skip_to_semi (cfile);
+ 				    break;
+ 			    }
+@@ -340,7 +370,7 @@ main(int argc, char **argv) {
+ 		    } else {
+ 			    s = parse_host_name(cfile);
+ 			    if (s == NULL) {
+-				    printf ("usage: key <name> <value>\n");
++			            printf ("usage: key <name> <value>\n");
+ 				    skip_to_semi(cfile);
+ 				    break;
+ 			    }
+@@ -352,12 +382,14 @@ main(int argc, char **argv) {
+ 			    skip_to_semi (cfile);
+ 			    break;
+ 		    }
++
+ 		    token = next_token (&val, (unsigned *)0, cfile);
+ 		    if (token != END_OF_FILE && token != EOL) {
+-			    printf ("usage: key <name> <secret>\n");
++			    printf ("usage: key <name> <value> {algorithm}\n");
+ 			    skip_to_semi (cfile);
+ 			    break;
+ 		    }
++
+ 		    break;
+ 
+ 		  case CONNECT:
+diff --git a/includes/dhctoken.h b/includes/dhctoken.h
+index 6fc4df3..ca24d4c 100644
+--- a/includes/dhctoken.h
++++ b/includes/dhctoken.h
+@@ -374,8 +374,9 @@ enum dhcp_token {
+ 	LEASE_ID_FORMAT = 676,
+ 	TOKEN_HEX = 677,
+ 	TOKEN_OCTAL = 678,
+-	BOOTP_BROADCAST_ALWAYS = 679,
+-	DESTINATION_DESCRIPTOR = 680
++	KEY_ALGORITHM = 679,
++	BOOTP_BROADCAST_ALWAYS = 680,
++	DESTINATION_DESCRIPTOR = 681
+ };
+ 
+ #define is_identifier(x)	((x) >= FIRST_TOKEN &&	\

SOURCES/dhcp-omshell-hmac-sha512-support.patch

@@ -0,0 +1,155 @@
+diff --git a/omapip/connection.c b/omapip/connection.c
+index a74becc..56826a5 100644
+--- a/omapip/connection.c
++++ b/omapip/connection.c
+@@ -46,6 +46,9 @@ extern omapi_array_t *trace_listeners;
+ #endif
+ static isc_result_t omapi_connection_connect_internal (omapi_object_t *);
+ 
++static isc_result_t ctring_from_attribute(omapi_object_t *obj, char *attr_name,
++                                          char **cstr);
++
+ OMAPI_OBJECT_ALLOC (omapi_connection,
+ 		    omapi_connection_object_t, omapi_type_connection)
+ 
+@@ -765,64 +768,41 @@ isc_result_t omapi_connection_reaper (omapi_object_t *h)
+ }
+ 
+ static isc_result_t make_dst_key (dst_key_t **dst_key, omapi_object_t *a) {
+-	omapi_value_t *name      = (omapi_value_t *)0;
+-	omapi_value_t *algorithm = (omapi_value_t *)0;
+-	omapi_value_t *key       = (omapi_value_t *)0;
+-	char *name_str = NULL;
++	omapi_value_t *key = 0;
++	char *name_str = 0;
++	char *algorithm_str = 0;
+ 	isc_result_t status = ISC_R_SUCCESS;
+ 
+-	if (status == ISC_R_SUCCESS)
+-		status = omapi_get_value_str
+-			(a, (omapi_object_t *)0, "name", &name);
+-
+-	if (status == ISC_R_SUCCESS)
+-		status = omapi_get_value_str
+-			(a, (omapi_object_t *)0, "algorithm", &algorithm);
+-
+-	if (status == ISC_R_SUCCESS)
+-		status = omapi_get_value_str
+-			(a, (omapi_object_t *)0, "key", &key);
+-
++	/* Get the key name as a C string. */
++	status = ctring_from_attribute(a, "name", &name_str);
+ 	if (status == ISC_R_SUCCESS) {
+-		if ((algorithm->value->type != omapi_datatype_data &&
+-		     algorithm->value->type != omapi_datatype_string) ||
+-		    strncasecmp((char *)algorithm->value->u.buffer.value,
+-				NS_TSIG_ALG_HMAC_MD5 ".",
+-				algorithm->value->u.buffer.len) != 0) {
+-			status = DHCP_R_INVALIDARG;
++		/* Get the algorithm name as a C string. */
++		status = ctring_from_attribute(a, "algorithm", &algorithm_str);
++		if (status == ISC_R_SUCCESS) {
++			/* Get the key secret value */
++			status = omapi_get_value_str(a, 0, "key", &key);
++			if (status == ISC_R_SUCCESS) {
++				/* Now let's try and create the key */
++				status = isclib_make_dst_key(
++						name_str,
++						algorithm_str,
++						key->value->u.buffer.value,
++						key->value->u.buffer.len,
++						dst_key);
++
++				if (*dst_key == NULL) {
++					status = ISC_R_NOMEMORY;
++				}
++			}
+ 		}
+ 	}
+ 
+-	if (status == ISC_R_SUCCESS) {
+-		name_str = dmalloc (name -> value -> u.buffer.len + 1, MDL);
+-		if (!name_str)
+-			status = ISC_R_NOMEMORY;
+-	}
+-
+-	if (status == ISC_R_SUCCESS) {
+-		memcpy (name_str,
+-			name -> value -> u.buffer.value,
+-			name -> value -> u.buffer.len);
+-		name_str [name -> value -> u.buffer.len] = 0;
+-
+-		status = isclib_make_dst_key(name_str,
+-					     DHCP_HMAC_MD5_NAME,
+-					     key->value->u.buffer.value,
+-					     key->value->u.buffer.len,
+-					     dst_key);
+-
+-		if (*dst_key == NULL)
+-			status = ISC_R_NOMEMORY;
+-	}
+-
+ 	if (name_str)
+ 		dfree (name_str, MDL);
++	if (algorithm_str)
++		dfree (algorithm_str, MDL);
+ 	if (key)
+ 		omapi_value_dereference (&key, MDL);
+-	if (algorithm)
+-		omapi_value_dereference (&algorithm, MDL);
+-	if (name)
+-		omapi_value_dereference (&name, MDL);
+ 
+ 	return status;
+ }
+@@ -1105,3 +1085,50 @@ isc_result_t omapi_connection_stuff_values (omapi_object_t *c,
+ 								m -> inner);
+ 	return ISC_R_SUCCESS;
+ }
++
++/* @brief Fetches the value of an attribute in an object as an allocated
++ * C string
++ *
++ * @param obj ompapi object containing the desire attribute
++ * @param attr_name  name of the desired attribute
++ * @param[out] cstr pointer in which to place the allocated C string's address
++ *
++ * Caller is responsible for freeing (via dfree) the allocated string.
++ *
++ * @return ISC_R_SUCCESS if successful, otherwise indicates the type of failure
++*/
++static isc_result_t ctring_from_attribute(omapi_object_t *obj, char *attr_name,
++                                          char **cstr) {
++	isc_result_t status = ISC_R_SUCCESS;
++	omapi_value_t *attr = 0;
++
++	/* Find the attribute in the object. */
++	status = omapi_get_value_str(obj, (omapi_object_t *)0, attr_name,
++                                 &attr);
++	if (status != ISC_R_SUCCESS) {
++		return (status);
++	}
++
++	/* Got it, let's make sure it's either data or string type. */
++	if (attr->value->type != omapi_datatype_data &&
++            attr->value->type != omapi_datatype_string) {
++		return (DHCP_R_INVALIDARG);
++        }
++
++	/* Make a C string from the attribute value. */
++	*cstr = dmalloc (attr->value->u.buffer.len + 1, MDL);
++	if (!(*cstr)) {
++		status = ISC_R_NOMEMORY;
++        } else {
++	        memcpy (*cstr, attr->value->u.buffer.value,
++		            attr->value->u.buffer.len);
++	        (*cstr)[attr->value->u.buffer.len] = 0;
++	}
++
++	/* Get rid of the attribute reference */
++	if (attr) {
++		omapi_value_dereference (&attr, MDL);
++	}
++
++	return (status);
++}

SOURCES/dhcp-replay_file_limit.patch

@@ -1,5 +1,5 @@
 diff --git a/server/confpars.c b/server/confpars.c
-index d79489b..c20d618 100644
+index d79489b..2b1e393 100644
 --- a/server/confpars.c
 +++ b/server/confpars.c
 @@ -134,6 +134,11 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
@@ -7,39 +7,38 @@ index d79489b..c20d618 100644
  	cfile = (struct parse *)0;
  #if defined (TRACING)
 +	// No need to dmalloc huge memory region if we're not going to re-play
-+	if (!trace_playback()){
++	if (!trace_record()){
 +		status = new_parse(&cfile, file, NULL, 0, filename, 0);
 +		goto noreplay;
 +	};
  	flen = lseek (file, (off_t)0, SEEK_END);
  	if (flen < 0) {
  	      boom:
-@@ -174,6 +179,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
+@@ -165,7 +170,6 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
+ 	if (result != ulen)
+ 		log_fatal ("%s: short read of %d bytes instead of %d.",
+ 			   filename, ulen, result);
+-	close (file);
+       memfile:
+ 	/* If we're recording, write out the filename and file contents. */
+ 	if (trace_record ())
+@@ -174,6 +178,9 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
  #else
  	status = new_parse(&cfile, file, NULL, 0, filename, 0);
  #endif
 +      noreplay:
++	if (!trace_playback())
++		close (file);
  	if (status != ISC_R_SUCCESS || cfile == NULL)
  		return status;
  
-diff --git a/server/confpars.c b/server/confpars.c
-index 3aecd05..5be4ab1 100644
---- a/server/confpars.c
-+++ b/server/confpars.c
-@@ -176,6 +176,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
- 	if (trace_record ())
- 		trace_write_packet (ttype, ulen + tflen + 1, dbuf, MDL);
- 	status = new_parse(&cfile, -1, fbuf, ulen, filename, 0); /* XXX */
-+	dfree(dbuf, MDL);
- #else
- 	status = new_parse(&cfile, file, NULL, 0, filename, 0);
- #endif
-@@ -188,9 +189,6 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
- 	else
+@@ -183,7 +190,8 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
  		status = conf_file_subparse (cfile, group, group_type);
  	end_parse (&cfile);
--#if defined (TRACING)
+ #if defined (TRACING)
 -	dfree (dbuf, MDL);
--#endif
++	if (trace_record())
++	    dfree (dbuf, MDL);
+ #endif
  	return status;
  }

SOURCES/dhcp-statement_parser.patch

@@ -0,0 +1,21 @@
+diff --git a/common/parse.c b/common/parse.c
+index e78223c2..656b378b 100644
+--- a/common/parse.c
++++ b/common/parse.c
+@@ -5790,13 +5790,14 @@ int parse_X (cfile, buf, max)
+ 				skip_to_semi (cfile);
+ 				return 0;
+ 			}
+-			convert_num (cfile, &buf [len], val, 16, 8);
+-			if (len++ > max) {
++			if (len >= max) {
+ 				parse_warn (cfile,
+ 					    "hexadecimal constant too long.");
+ 				skip_to_semi (cfile);
+ 				return 0;
+ 			}
++			convert_num (cfile, &buf [len], val, 16, 8);
++			len++;
+ 			token = peek_token (&val, (unsigned *)0, cfile);
+ 			if (token == COLON)
+ 				token = next_token (&val,

SPECS/dhcp.spec

@@ -12,11 +12,14 @@
 #global patchver P1
 %global DHCPVERSION %{version}%{?prever}%{?patchver:-%{patchver}}
 
+# bind has changed ABI with CVE-2023-50387 fixes. Require compatible build
+%global BIND_MINVER 9.11.36-14
+
 
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.3.6
-Release:  34%{?dist}
+Release:  50%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -28,7 +31,6 @@ Source0:  ftp://ftp.isc.org/isc/dhcp/%{DHCPVERSION}/dhcp-%{DHCPVERSION}.tar.gz
 Source1:  dhclient-script
 Source2:  README.dhclient.d
 Source3:  11-dhclient
-Source4:  12-dhcpd
 Source5:  56dhclient
 Source6:  dhcpd.service
 Source7:  dhcpd6.service
@@ -81,6 +83,14 @@ Patch44:  dhcp-replay_file_limit.patch
 Patch45:  dhcp-4.2.5-expiry_before_renewal_v2.patch
 Patch46:  dhcp-dhclient_ipv6_prefix.patch
 Patch47:  dhcp-isc_heap_delete.patch
+Patch48:  dhcp-bind-9.11.patch
+Patch49:  dhcp-detect-system-time-jumps.patch
+Patch50:  dhcp-key_algorithm.patch
+Patch51:  dhcp-statement_parser.patch
+Patch52:  dhcp-omshell-hmac-sha512-support.patch
+Patch53:  dhcp-CVE-2022-2928.patch
+Patch54:  dhcp-CVE-2022-2929.patch
+Patch55:  dhcp-dhcp6-vendor-opts.patch
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -90,7 +100,7 @@ BuildRequires: openldap-devel
 BuildRequires: krb5-devel
 BuildRequires: libcap-ng-devel
 # https://fedorahosted.org/fpc/ticket/502#comment:3
-BuildRequires: bind-export-devel
+BuildRequires: bind-export-devel >= %{BIND_MINVER}
 BuildRequires: systemd systemd-devel
 # dhcp-sd_notify.patch
 BuildRequires: pkgconfig(libsystemd)
@@ -115,6 +125,7 @@ DHCP (Dynamic Host Configuration Protocol)
 Summary: Provides the ISC DHCP server
 Requires: %{name}-common = %{epoch}:%{version}-%{release}
 Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: bind-export-libs >= %{BIND_MINVER}
 Requires(pre): shadow-utils
 Requires(post): coreutils grep sed
 Requires(post): systemd
@@ -134,6 +145,7 @@ This package provides the ISC DHCP server.
 Summary: Provides the ISC DHCP relay agent
 Requires: %{name}-common = %{epoch}:%{version}-%{release}
 Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: bind-export-libs >= %{BIND_MINVER}
 Requires(post): grep sed
 Requires(post): systemd
 Requires(preun): systemd
@@ -156,6 +168,7 @@ Obsoletes: dhclient < %{epoch}:%{version}-%{release}
 Requires: coreutils gawk grep ipcalc iproute iputils sed systemd
 Requires: %{name}-common = %{epoch}:%{version}-%{release}
 Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: bind-export-libs >= %{BIND_MINVER}
 
 %description client
 DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
@@ -351,6 +364,29 @@ rm bind/bind.tar.gz
 # https://bugzilla.redhat.com/show_bug.cgi?id=1704672
 %patch47 -p1 -b .heap-delete
 
+## https://bugzilla.redhat.com/show_bug.cgi?id=1762796
+%patch48 -p1 -b .isc-types
+
+%patch49 -p1 -b .time-change
+
+# https://github.com/isc-projects/dhcp/commit/e6ffc27f24321017a5ad9af3707f4e2e54bbac74
+%patch50 -p1 -b .key-alg
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1963807
+%patch51 -p1
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=2016248
+%patch52 -p1
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=2132248
+%patch53 -p1
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=2132245
+%patch54 -p1
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=2142024
+%patch55 -p1
+
 # Update paths in all man pages
 for page in client/dhclient.conf.5 client/dhclient.leases.5 \
             client/dhclient-script.8 client/dhclient.8 ; do
@@ -423,8 +459,6 @@ mkdir -p %{buildroot}%{dhcpconfdir}/dhclient.d
 # NetworkManager dispatcher script
 mkdir -p %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
 install -p -m 0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
-## https://bugzilla.redhat.com/show_bug.cgi?id=1685560
-install -p -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
 
 # pm-utils script to handle suspend/resume and dhclient leases
 install -D -p -m 0755 %{SOURCE5} %{buildroot}%{_libdir}/pm-utils/sleep.d/56dhclient
@@ -624,7 +658,6 @@ done
 %config(noreplace) %{_sysconfdir}/openldap/schema/dhcp.schema
 %dir %{_sysconfdir}/NetworkManager
 %dir %{_sysconfdir}/NetworkManager/dispatcher.d
-%{_sysconfdir}/NetworkManager/dispatcher.d/12-dhcpd
 %attr(0644,root,root)   %{_unitdir}/dhcpd.service
 %attr(0644,root,root)   %{_unitdir}/dhcpd6.service
 %{_sbindir}/dhcpd
@@ -687,6 +720,57 @@ done
 %endif
 
 %changelog
+* Tue Mar 05 2024 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-50
+- Rebuild because of bind ABI changes related to CVE-2023-50387
+
+* Tue Oct 11 2022 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-49
+- Fix for CVE-2022-2928
+- Fix for CVE-2022-2929
+- send back dhcp6.vendor-opts again (#2142024)
+
+* Tue May 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-48
+- omshell: add support for hmac-sha512 algorithm (#2016248)
+
+* Tue Dec 21 2021 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-47
+- Rebuilt on a new side-tag (#2022715)
+
+* Thu Dec 16 2021 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-46
+- Rebuild with new bind (#2022715)
+
+* Thu May 27 2021 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-45
+- Fix for  CVE-2021-25217
+
+* Fri Dec 11 2020 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-44
+- Rebuild with new bind (#1904613)
+
+* Wed Nov 25 2020 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-43
+- Drop 12-dhcp NM dispatchers script (#1898423)
+
+* Tue Oct 20 2020 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-42
+- Add key-algorithm support.
+- Resolves: rhbz#1883999
+
+* Mon Apr 20 2020 Artem Egorenkov <aegorenk@redhat.com> - 12:4.3.6-41
+- Rebuild with bind-9.11.18
+
+* Tue Nov 26 2019 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-40
+- Rebuild with bind-9.11.13 again
+
+* Tue Nov 26 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-39
+- Resolves: #1757475 - Close replay files properly
+
+* Mon Nov 25 2019 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-38
+- Rebuild with bind-9.11.13
+
+* Wed Nov 20 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-36
+- Resolves: #1729211 - detect system time changes with monotonic timer
+
+* Tue Nov 19 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-36
+- Resolves: #1757475 - fix FD leak in nonreplay mode
+
+* Tue Oct 22 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-35
+- Rebuild with bind-9.11
+
 * Mon May 13 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-34
 - Resolves: #1704672 - Fix crash caused by bind rebase