[pkg-dhcp-commits] [SCM] ISC DHCP packaging for Debian branch, master, updated. debian/4.2.2.dfsg.1-5-5-gc3cdc4c
Andrew Pollock
apollock at debian.org
Sun Jun 10 04:23:55 UTC 2012
The following commit has been merged in the master branch:
commit 73f7c27acfa4679adc585bc73bffb71df5a62123
Author: Andrew Pollock <apollock at debian.org>
Date: Sat Jun 9 20:38:31 2012 -0700
Refit patches for 4.2.4
Remove BIND autoconf patch because the BIND version now shipped by upstream
doesn't require modification
Remove CVE patches, they're upstream now
diff --git a/debian/patches/bind-autoconf b/debian/patches/bind-autoconf
deleted file mode 100644
index 39e3450..0000000
--- a/debian/patches/bind-autoconf
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: isc-dhcp/bind/Makefile
-===================================================================
---- isc-dhcp.orig/bind/Makefile 2012-01-07 20:51:59.887859045 -0800
-+++ isc-dhcp/bind/Makefile 2012-03-14 06:24:51.197110723 -0700
-@@ -45,7 +45,7 @@
- # Currently disable the epoll and devpoll options as they don't interact
- # well with the DHCP code.
- @echo Configuring BIND Export libraries for DHCP.
-- @(cd ${bindsrcdir} && ./configure --disable-kqueue --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib --with-gssapi=no > ${binddir}/configure.log)
-+ @(cd ${bindsrcdir} && autoconf && ./configure --disable-kqueue --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --enable-threads=no --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib --with-gssapi=no > ${binddir}/configure.log)
-
- # Build the export libraries
- @echo Building BIND Export libraries - this takes some time.
diff --git a/debian/patches/cve-2011-4539.patch b/debian/patches/cve-2011-4539.patch
deleted file mode 100644
index dd4f6eb..0000000
--- a/debian/patches/cve-2011-4539.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: Fix cve-2011-4539: error in regular expression handling
-Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4539
-Bug-Debian: http://bugs.debian.org/652259
-
-Index: isc-dhcp/common/tree.c
-===================================================================
---- isc-dhcp.orig/common/tree.c 2012-04-28 15:01:08.000000000 -0400
-+++ isc-dhcp/common/tree.c 2012-04-28 15:02:19.000000000 -0400
-@@ -1120,6 +1120,7 @@
- *result = 0;
- memset(&re, 0, sizeof(re));
- if (bleft && bright &&
-+ (left.data != NULL) && (right.data != NULL) &&
- (regcomp(&re, (char *)right.data, regflags) == 0) &&
- (regexec(&re, (char *)left.data, (size_t)0, NULL, 0) == 0))
- *result = 1;
diff --git a/debian/patches/cve-2011-4868.patch b/debian/patches/cve-2011-4868.patch
deleted file mode 100644
index bc87176..0000000
--- a/debian/patches/cve-2011-4868.patch
+++ /dev/null
@@ -1,262 +0,0 @@
-Description: Fix cve-2011-4868: error in DDNS handling with IPv6
-Bug-Debian: http://bugs.debian.org/655746
-Index: isc-dhcp/includes/dhcpd.h
-===================================================================
---- isc-dhcp.orig/includes/dhcpd.h 2012-04-27 13:33:50.000000000 -0400
-+++ isc-dhcp/includes/dhcpd.h 2012-04-28 15:46:28.000000000 -0400
-@@ -1554,6 +1554,7 @@
- #define DDNS_CLIENT_DID_UPDATE 0x10
- #define DDNS_EXECUTE_NEXT 0x20
- #define DDNS_ABORT 0x40
-+#define DDNS_ACTIVE_LEASE 0x100
-
- /*
- * The following two groups are separate and we could reuse
-@@ -1595,7 +1596,7 @@
- int zone_addr_count;
- struct dns_zone *zone;
-
-- int flags;
-+ u_int16_t flags;
- TIME timeout;
- int state;
- ddns_action_t cur_func;
-@@ -1947,7 +1948,7 @@
- /* ddns.c */
- int ddns_updates(struct packet *, struct lease *, struct lease *,
- struct iasubopt *, struct iasubopt *, struct option_state *);
--int ddns_removals(struct lease *, struct iasubopt *, struct dhcp_ddns_cb *);
-+int ddns_removals(struct lease *, struct iasubopt *, struct dhcp_ddns_cb *, isc_boolean_t);
- #if defined (TRACING)
- void trace_ddns_init(void);
- #endif
-Index: isc-dhcp/server/ddns.c
-===================================================================
---- isc-dhcp.orig/server/ddns.c 2012-04-27 13:33:50.000000000 -0400
-+++ isc-dhcp/server/ddns.c 2012-04-28 15:51:44.000000000 -0400
-@@ -123,8 +123,12 @@
- if (ddns_cb == NULL) {
- return(0);
- }
-- /* assume that we shall update both the A and ptr records */
-- ddns_cb->flags = DDNS_UPDATE_ADDR | DDNS_UPDATE_PTR;
-+ /*
-+ * Assume that we shall update both the A and ptr records and,
-+ * as this is an update, set the active flag
-+ */
-+ ddns_cb->flags = DDNS_UPDATE_ADDR | DDNS_UPDATE_PTR |
-+ DDNS_ACTIVE_LEASE;
-
- if (lease != NULL) {
- scope = &(lease->scope);
-@@ -322,7 +326,7 @@
-
- /* If desired do the removals */
- if (do_remove != 0) {
-- (void) ddns_removals(lease, lease6, NULL);
-+ (void) ddns_removals(lease, lease6, NULL, ISC_TRUE);
- }
- goto out;
- }
-@@ -524,7 +528,7 @@
- * the ddns messages. Currently we don't.
- */
- if (do_remove) {
-- rcode1 = ddns_removals(lease, lease6, ddns_cb);
-+ rcode1 = ddns_removals(lease, lease6, ddns_cb, ISC_TRUE);
- }
- else {
- ddns_fwd_srv_connector(lease, lease6, scope, ddns_cb,
-@@ -725,6 +729,15 @@
- struct in6_addr addr;
- struct data_string lease_dhcid;
-
-+ /*
-+ * If we are processing an expired or released v6 lease
-+ * we don't actually have a scope to update
-+ */
-+ if ((ddns_cb->address.len == 16) &&
-+ ((ddns_cb->flags & DDNS_ACTIVE_LEASE) == 0)) {
-+ return (ISC_R_SUCCESS);
-+ }
-+
- if (inscope != NULL) {
- scope = inscope;
- } else if (ddns_cb->address.len == 4) {
-@@ -1052,6 +1065,15 @@
- file, line, ddns_cb, ddns_address );
- #endif
-
-+ /*
-+ * If we are processing an expired or released v6 lease
-+ * we don't actually have a scope to update
-+ */
-+ if ((ddns_cb->address.len == 16) &&
-+ ((ddns_cb->flags & DDNS_ACTIVE_LEASE) == 0)) {
-+ return (ISC_R_SUCCESS);
-+ }
-+
- if (lease != NULL) {
- safe_lease_update(lease, NULL, ddns_cb, ddns_cb_set,
- file, line);
-@@ -1104,7 +1126,7 @@
- ISC_R_SUCCESS) &&
- (find_ipv6_pool(&pool, D6O_IA_NA, &addr) !=
- ISC_R_SUCCESS)) {
-- inet_ntop(AF_INET6, &lease6->addr, addrbuf,
-+ inet_ntop(AF_INET6, &addr, addrbuf,
- MAX_ADDRESS_STRING_LEN);
- log_error("%s(%d): Pool for lease %s not found.",
- file, line, addrbuf);
-@@ -1124,7 +1146,7 @@
- find_lease6->ddns_cb = ddns_cb_set;
- iasubopt_dereference(&find_lease6, MDL);
- } else {
-- inet_ntop(AF_INET6, &lease6->addr, addrbuf,
-+ inet_ntop(AF_INET6, &addr, addrbuf,
- MAX_ADDRESS_STRING_LEN);
- log_error("%s(%d): Lease %s not found within pool.",
- file, line, addrbuf);
-@@ -1566,12 +1588,18 @@
- * 0 - badness occurred and we weren't able to do what was wanted
- * 1 - we were able to do stuff but it's in progress
- * in both cases any additional block has been passed on to it's handler
-+ *
-+ * active == ISC_TRUE if the lease is still active, and FALSE if the lease
-+ * is inactive. This is used to indicate if the lease is inactive or going
-+ * to inactive in IPv6 so we can avoid trying to update the lease with
-+ * cb pointers and text information.
- */
-
- int
- ddns_removals(struct lease *lease,
- struct iasubopt *lease6,
-- dhcp_ddns_cb_t *add_ddns_cb)
-+ dhcp_ddns_cb_t *add_ddns_cb,
-+ isc_boolean_t active)
- {
- isc_result_t rcode, execute_add = ISC_R_FAILURE;
- struct binding_scope **scope = NULL;
-@@ -1610,6 +1638,16 @@
- } else
- goto cleanup;
-
-+ /*
-+ * Set the flag bit if the lease is active, that is it isn't
-+ * expired or released. This is used in the IPv6 paths to
-+ * determine if we need to update the lease when the response
-+ * from the DNS code is processed.
-+ */
-+ if (active == ISC_TRUE) {
-+ ddns_cb->flags |= DDNS_ACTIVE_LEASE;
-+ }
-+
- /* No scope implies that DDNS has not been performed for this lease. */
- if (*scope == NULL)
- goto cleanup;
-Index: isc-dhcp/server/failover.c
-===================================================================
---- isc-dhcp.orig/server/failover.c 2012-04-27 13:33:50.000000000 -0400
-+++ isc-dhcp/server/failover.c 2012-04-28 15:44:55.000000000 -0400
-@@ -5218,7 +5218,7 @@
- */
- if (msg->binding_status == FTS_ACTIVE &&
- (chaddr_changed || ident_changed)) {
-- ddns_removals(lease, NULL, NULL);
-+ ddns_removals(lease, NULL, NULL, ISC_FALSE);
-
- if (lease->scope != NULL)
- binding_scope_dereference(&lease->scope, MDL);
-Index: isc-dhcp/server/mdb6.c
-===================================================================
---- isc-dhcp.orig/server/mdb6.c 2012-04-27 13:33:50.000000000 -0400
-+++ isc-dhcp/server/mdb6.c 2012-04-28 15:44:55.000000000 -0400
-@@ -1058,7 +1058,7 @@
- #if defined (NSUPDATE)
- /* Process events upon expiration. */
- if (pool->pool_type != D6O_IA_PD) {
-- ddns_removals(NULL, lease, NULL);
-+ ddns_removals(NULL, lease, NULL, ISC_FALSE);
- }
- #endif
-
-@@ -1466,6 +1466,11 @@
- * Note that if there are no leases in the pool,
- * expire_lease6() will return ISC_R_SUCCESS with
- * a NULL lease.
-+ *
-+ * expire_lease6() will call move_lease_to_inactive() which
-+ * calls ddns_removals() do we want that on the standard
-+ * expiration timer or a special 'depref' timer? Original
-+ * query from DH, moved here by SAR.
- */
- lease = NULL;
- if (expire_lease6(&lease, pool, cur_time) != ISC_R_SUCCESS) {
-@@ -1475,18 +1480,6 @@
- break;
- }
-
-- /* Look to see if there were ddns updates, and if
-- * so, drop them.
-- *
-- * DH: Do we want to do this on a special 'depref'
-- * timer rather than expiration timer?
-- */
--#if defined (NSUPDATE)
-- if (pool->pool_type != D6O_IA_PD) {
-- ddns_removals(NULL, lease, NULL);
-- }
--#endif
--
- write_ia(lease->ia);
-
- iasubopt_dereference(&lease, MDL);
-Index: isc-dhcp/server/mdb.c
-===================================================================
---- isc-dhcp.orig/server/mdb.c 2012-04-27 13:33:50.000000000 -0400
-+++ isc-dhcp/server/mdb.c 2012-04-28 15:44:55.000000000 -0400
-@@ -1445,7 +1445,7 @@
- lease -> binding_state == FTS_ACTIVE &&
- lease -> next_binding_state != FTS_RELEASED))) {
- #if defined (NSUPDATE)
-- ddns_removals(lease, NULL, NULL);
-+ ddns_removals(lease, NULL, NULL, ISC_FALSE);
- #endif
- if (lease -> on_expiry) {
- execute_statements ((struct binding_value **)0,
-@@ -1511,7 +1511,7 @@
- * release message. This is not true of expiry, where the
- * peer may have extended the lease.
- */
-- ddns_removals(lease, NULL, NULL);
-+ ddns_removals(lease, NULL, NULL, ISC_FALSE);
- #endif
- if (lease -> on_release) {
- execute_statements ((struct binding_value **)0,
-@@ -1680,7 +1680,7 @@
- /* If there are statements to execute when the lease is
- released, execute them. */
- #if defined (NSUPDATE)
-- ddns_removals(lease, NULL, NULL);
-+ ddns_removals(lease, NULL, NULL, ISC_FALSE);
- #endif
- if (lease -> on_release) {
- execute_statements ((struct binding_value **)0,
-@@ -1754,7 +1754,7 @@
- {
- struct lease *lt = (struct lease *)0;
- #if defined (NSUPDATE)
-- ddns_removals(lease, NULL, NULL);
-+ ddns_removals(lease, NULL, NULL, ISC_FALSE);
- #endif
-
- if (!lease_copy (<, lease, MDL))
-@@ -1786,7 +1786,7 @@
- {
- struct lease *lt = (struct lease *)0;
- #if defined (NSUPDATE)
-- ddns_removals(lease, NULL, NULL);
-+ ddns_removals(lease, NULL, NULL, ISC_FALSE);
- #endif
-
- if (!lease_copy (<, lease, MDL))
diff --git a/debian/patches/series b/debian/patches/series
index f7e4175..930e1f1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,6 +1,3 @@
dhclient-script-exit-status
fix_exit_hook_doc_manpage
no_loopback_checksum
-bind-autoconf
-cve-2011-4539.patch
-cve-2011-4868.patch
--
ISC DHCP packaging for Debian
More information about the pkg-dhcp-commits
mailing list