[pkg-dhcp-commits] [isc-dhcp] 03/04: refresh patches for 4.3.4~b1
Michael Gilbert
mgilbert at moszumanska.debian.org
Sat Mar 26 04:03:52 UTC 2016
This is an automated email from the git hooks/post-receive script.
mgilbert pushed a commit to branch experimental
in repository isc-dhcp.
commit 2b0f10e8299e08922dd8fc8c137aac2598420966
Author: Michael Gilbert <mgilbert at debian.org>
Date: Sat Mar 26 04:00:35 2016 +0000
refresh patches for 4.3.4~b1
---
debian/patches/CVE-2015-8605.patch | 91 ------------------------
debian/patches/dhclient-dividebyzero.patch | 4 +-
debian/patches/dhclient-exit-hook.patch | 2 +-
debian/patches/dhclient-more-detail.patch | 24 +++----
debian/patches/dhclient-script-exit-status.patch | 2 +-
debian/patches/dhcpd-leaselist.patch | 2 +-
debian/patches/dhcrelay-listen.patch | 8 +--
debian/patches/fix-manpage-error.patch | 11 +++
debian/patches/series | 3 +-
debian/patches/system-bind.patch | 78 ++++++++------------
10 files changed, 61 insertions(+), 164 deletions(-)
diff --git a/debian/patches/CVE-2015-8605.patch b/debian/patches/CVE-2015-8605.patch
deleted file mode 100644
index 53ba221..0000000
--- a/debian/patches/CVE-2015-8605.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-description: fix remotely triggered crash
-author: ISC
-
---- a/common/packet.c
-+++ b/common/packet.c
-@@ -220,7 +220,28 @@ ssize_t decode_hw_header (interface, buf
- }
- }
-
--/* UDP header and IP header decoded together for convenience. */
-+/*!
-+ *
-+ * \brief UDP header and IP header decoded together for convenience.
-+ *
-+ * Attempt to decode the UDP and IP headers and, if necessary, checksum
-+ * the packet.
-+ *
-+ * \param inteface - the interface on which the packet was recevied
-+ * \param buf - a pointer to the buffer for the received packet
-+ * \param bufix - where to start processing the buffer, previous
-+ * routines may have processed parts of the buffer already
-+ * \param from - space to return the address of the packet sender
-+ * \param buflen - remaining length of the buffer, this will have been
-+ * decremented by bufix by the caller
-+ * \param rbuflen - space to return the length of the payload from the udp
-+ * header
-+ * \param csum_ready - indication if the checksum is valid for use
-+ * non-zero indicates the checksum should be validated
-+ *
-+ * \return - the index to the first byte of the udp payload (that is the
-+ * start of the DHCP packet
-+ */
-
- ssize_t
- decode_udp_ip_header(struct interface_info *interface,
-@@ -231,7 +252,7 @@ decode_udp_ip_header(struct interface_in
- unsigned char *data;
- struct ip ip;
- struct udphdr udp;
-- unsigned char *upp, *endbuf;
-+ unsigned char *upp;
- u_int32_t ip_len, ulen, pkt_len;
- static unsigned int ip_packets_seen = 0;
- static unsigned int ip_packets_bad_checksum = 0;
-@@ -241,11 +262,8 @@ decode_udp_ip_header(struct interface_in
- static unsigned int udp_packets_length_overflow = 0;
- unsigned len;
-
-- /* Designate the end of the input buffer for bounds checks. */
-- endbuf = buf + bufix + buflen;
--
- /* Assure there is at least an IP header there. */
-- if ((buf + bufix + sizeof(ip)) > endbuf)
-+ if (sizeof(ip) > buflen)
- return -1;
-
- /* Copy the IP header into a stack aligned structure for inspection.
-@@ -257,13 +275,17 @@ decode_udp_ip_header(struct interface_in
- ip_len = (*upp & 0x0f) << 2;
- upp += ip_len;
-
-- /* Check the IP packet length. */
-+ /* Check packet lengths are within the buffer:
-+ * first the ip header (ip_len)
-+ * then the packet length from the ip header (pkt_len)
-+ * then the udp header (ip_len + sizeof(udp)
-+ * We are liberal in what we accept, the udp payload should fit within
-+ * pkt_len, but we only check against the full buffer size.
-+ */
- pkt_len = ntohs(ip.ip_len);
-- if (pkt_len > buflen)
-- return -1;
--
-- /* Assure after ip_len bytes that there is enough room for a UDP header. */
-- if ((upp + sizeof(udp)) > endbuf)
-+ if ((ip_len > buflen) ||
-+ (pkt_len > buflen) ||
-+ ((ip_len + sizeof(udp)) > buflen))
- return -1;
-
- /* Copy the UDP header into a stack aligned structure for inspection. */
-@@ -284,7 +306,8 @@ decode_udp_ip_header(struct interface_in
- return -1;
-
- udp_packets_length_checked++;
-- if ((upp + ulen) > endbuf) {
-+ /* verify that the payload length from the udp packet fits in the buffer */
-+ if ((ip_len + ulen) > buflen) {
- udp_packets_length_overflow++;
- if (((udp_packets_length_checked > 4) &&
- (udp_packets_length_overflow != 0)) &&
diff --git a/debian/patches/dhclient-dividebyzero.patch b/debian/patches/dhclient-dividebyzero.patch
index e2fb49a..82e4e27 100644
--- a/debian/patches/dhclient-dividebyzero.patch
+++ b/debian/patches/dhclient-dividebyzero.patch
@@ -5,7 +5,7 @@ Author: Kees Cook <kees at ubuntu.com>
--- a/client/dhclient.c
+++ b/client/dhclient.c
-@@ -1929,9 +1929,12 @@ void send_discover (cpp)
+@@ -2251,9 +2251,12 @@ void send_discover (cpp)
client->interval += random() % (2 * client->interval);
/* Don't backoff past cutoff. */
@@ -21,7 +21,7 @@ Author: Kees Cook <kees at ubuntu.com>
} else if (!client->interval)
client->interval = client->config->initial_interval;
-@@ -2178,11 +2181,13 @@ void send_request (cpp)
+@@ -2517,11 +2520,13 @@ void send_request (cpp)
/* Don't backoff past cutoff. */
if (client -> interval >
diff --git a/debian/patches/dhclient-exit-hook.patch b/debian/patches/dhclient-exit-hook.patch
index b916dc4..9be4933 100644
--- a/debian/patches/dhclient-exit-hook.patch
+++ b/debian/patches/dhclient-exit-hook.patch
@@ -4,7 +4,7 @@ Bug-Debian: http://bugs.debian.org/486520
--- a/client/dhclient.c
+++ b/client/dhclient.c
-@@ -2074,6 +2074,8 @@ void state_panic (cpp)
+@@ -2413,6 +2413,8 @@ void state_panic (cpp)
if (!quiet)
log_info ("Unable to obtain a lease on first try.%s",
" Exiting.");
diff --git a/debian/patches/dhclient-more-detail.patch b/debian/patches/dhclient-more-detail.patch
index ec8385a..ee6bd57 100644
--- a/debian/patches/dhclient-more-detail.patch
+++ b/debian/patches/dhclient-more-detail.patch
@@ -5,7 +5,7 @@ bug-debian: http://bugs.debian.org/486611
--- a/client/dhclient.c
+++ b/client/dhclient.c
-@@ -1069,6 +1069,7 @@ void dhcpack (packet)
+@@ -1208,6 +1208,7 @@ void dhcpack (packet)
struct interface_info *ip = packet -> interface;
struct client_state *client;
struct client_lease *lease;
@@ -13,7 +13,7 @@ bug-debian: http://bugs.debian.org/486611
struct option_cache *oc;
struct data_string ds;
-@@ -1099,13 +1100,16 @@ void dhcpack (packet)
+@@ -1238,13 +1239,16 @@ void dhcpack (packet)
return;
}
@@ -32,7 +32,7 @@ bug-debian: http://bugs.debian.org/486611
client -> new = lease;
-@@ -1537,6 +1541,7 @@ void dhcpoffer (packet)
+@@ -1859,6 +1863,7 @@ void dhcpoffer (packet)
struct interface_info *ip = packet -> interface;
struct client_state *client;
struct client_lease *lease, *lp;
@@ -40,7 +40,7 @@ bug-debian: http://bugs.debian.org/486611
struct option **req;
int i;
int stop_selecting;
-@@ -1615,6 +1620,10 @@ void dhcpoffer (packet)
+@@ -1937,6 +1942,10 @@ void dhcpoffer (packet)
log_info ("%s: packet_to_lease failed.", obuf);
return;
}
@@ -51,15 +51,15 @@ bug-debian: http://bugs.debian.org/486611
/* If this lease was acquired through a BOOTREPLY, record that
fact. */
-@@ -2229,7 +2238,10 @@ void send_request (cpp)
- client -> packet.secs = htons (65535);
- }
-
+@@ -2573,7 +2582,10 @@ void send_request (cpp)
+ log_info ("DHCPREQUEST");
+ } else
+ #endif
- log_info ("DHCPREQUEST on %s to %s port %d",
-+ log_info ("DHCPREQUEST of %s on %s to %s port %d",
-+ piaddr ((client -> state == S_BOUND || client -> state ==
-+ S_RENEWING || client -> state == S_REBINDING) ?
-+ client -> active -> address : client -> requested_address),
++ log_info ("DHCPREQUEST of %s on %s to %s port %d",
++ piaddr ((client -> state == S_BOUND || client -> state ==
++ S_RENEWING || client -> state == S_REBINDING) ?
++ client -> active -> address : client -> requested_address),
client -> name ? client -> name : client -> interface -> name,
inet_ntoa (destination.sin_addr),
ntohs (destination.sin_port));
diff --git a/debian/patches/dhclient-script-exit-status.patch b/debian/patches/dhclient-script-exit-status.patch
index ed85b45..b49c233 100644
--- a/debian/patches/dhclient-script-exit-status.patch
+++ b/debian/patches/dhclient-script-exit-status.patch
@@ -2,7 +2,7 @@ description: check that exit status is 2
--- a/client/dhclient.c
+++ b/client/dhclient.c
-@@ -1256,7 +1256,7 @@ void bind_lease (client)
+@@ -1395,7 +1395,7 @@ void bind_lease (client)
/* If the BOUND/RENEW code detects another machine using the
offered address, it exits nonzero. We need to send a
DHCPDECLINE and toss the lease. */
diff --git a/debian/patches/dhcpd-leaselist.patch b/debian/patches/dhcpd-leaselist.patch
index 7933440..a2d461c 100644
--- a/debian/patches/dhcpd-leaselist.patch
+++ b/debian/patches/dhcpd-leaselist.patch
@@ -3,7 +3,7 @@ author: Michael Gilbert <mgilbert at debian.org>
--- a/contrib/dhcp-lease-list.pl
+++ b/contrib/dhcp-lease-list.pl
-@@ -19,7 +19,7 @@ use strict;
+@@ -22,7 +22,7 @@ use strict;
use warnings;
use POSIX qw(strftime);
diff --git a/debian/patches/dhcrelay-listen.patch b/debian/patches/dhcrelay-listen.patch
index 7495cd8..c74be20 100644
--- a/debian/patches/dhcrelay-listen.patch
+++ b/debian/patches/dhcrelay-listen.patch
@@ -3,7 +3,7 @@ author: Steinar H. Gunderson <sgunderson at bigfoot.com>
--- a/common/discover.c
+++ b/common/discover.c
-@@ -1102,9 +1102,9 @@ discover_interfaces(int state) {
+@@ -1104,9 +1104,9 @@ discover_interfaces(int state) {
INTERFACE_REQUESTED);
#ifdef DHCPv6
@@ -17,7 +17,7 @@ author: Steinar H. Gunderson <sgunderson at bigfoot.com>
log_fatal ("%s: not found", tmp -> name);
--- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
-@@ -705,6 +705,11 @@ do_relay4(struct interface_info *ip, str
+@@ -787,6 +787,11 @@ do_relay4(struct interface_info *ip, str
if (out)
return;
@@ -27,5 +27,5 @@ author: Steinar H. Gunderson <sgunderson at bigfoot.com>
+ return;
+
/* Add relay agent options if indicated. If something goes wrong,
- drop the packet. */
- if (!(length = add_relay_agent_options(ip, packet, length,
+ * drop the packet. Note this may set packet->giaddr if RFC3527
+ * is enabled. */
diff --git a/debian/patches/fix-manpage-error.patch b/debian/patches/fix-manpage-error.patch
new file mode 100644
index 0000000..6769d5d
--- /dev/null
+++ b/debian/patches/fix-manpage-error.patch
@@ -0,0 +1,11 @@
+--- a/server/dhcpd.conf.5
++++ b/server/dhcpd.conf.5
+@@ -3056,7 +3056,7 @@ server will use dhcp-renewal-time and dh
+ A value of zero tells the client it may choose its own value.
+
+ When those options are not defined then values will be set to zero unless the
+-global \fIdhcpv6-set-tee-times\R is enabled. When this option is enabled the
++global \fIdhcpv6-set-tee-times\fR is enabled. When this option is enabled the
+ times are calculated as recommended by RFC 3315, Section 22.4:
+
+ T1 will be set to 0.5 times the shortest preferred lifetime
diff --git a/debian/patches/series b/debian/patches/series
index 96b3bcf..4ab7075 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,10 +10,9 @@ dhcpd-conf.patch
fix-exit-hook-manpage.patch
fix-manpage-macro.patch
+fix-manpage-error.patch
fix-spelling-error.patch
disable-nsupdate.patch
system-bind.patch
-
-CVE-2015-8605.patch
diff --git a/debian/patches/system-bind.patch b/debian/patches/system-bind.patch
index a4c13a8..03c8dec 100644
--- a/debian/patches/system-bind.patch
+++ b/debian/patches/system-bind.patch
@@ -3,110 +3,88 @@ author: Michael Gilbert <mgilbert at debian.org>
--- a/client/Makefile.am
+++ b/client/Makefile.am
-@@ -10,8 +10,8 @@ dhclient_SOURCES = clparse.c dhclient.c
+@@ -15,7 +15,6 @@ dhclient_SOURCES = clparse.c dhclient.c
scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
scripts/netbsd scripts/nextstep scripts/openbsd \
scripts/solaris scripts/openwrt
--dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../bind/lib/libirs.a \
-- ../bind/lib/libdns.a ../bind/lib/libisccfg.a ../bind/lib/libisc.a
+-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
+dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a -ldns-export -lisc-export
-+
man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
EXTRA_DIST = $(man_MANS)
-
--- a/dhcpctl/Makefile.am
+++ b/dhcpctl/Makefile.am
-@@ -5,13 +5,10 @@ man_MANS = omshell.1 dhcpctl.3
- EXTRA_DIST = $(man_MANS)
+@@ -8,12 +8,10 @@ EXTRA_DIST = $(man_MANS)
omshell_SOURCES = omshell.c
--omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
-- ../bind/lib/libirs.a ../bind/lib/libdns.a \
-- ../bind/lib/libisccfg.a ../bind/lib/libisc.a
-+omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a -ldns-export -lisc-export
+ omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
+- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \
+- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++ -ldns-export -lisc-export
libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c
cltest_SOURCES = cltest.c
cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
-- ../bind/lib/libirs.a ../bind/lib/libdns.a \
-- ../bind/lib/libisccfg.a ../bind/lib/libisc.a
+- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \
+- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
+ -lirs-export -ldns-export -lisc-export
--- a/omapip/Makefile.am
+++ b/omapip/Makefile.am
-@@ -10,6 +10,4 @@ man_MANS = omapi.3
+@@ -12,6 +12,4 @@ man_MANS = omapi.3
EXTRA_DIST = $(man_MANS)
svtest_SOURCES = test.c
--svtest_LDADD = libomapi.a ../bind/lib/libirs.a ../bind/lib/libdns.a \
-- ../bind/lib/libisccfg.a ../bind/lib/libisc.a
+-svtest_LDADD = libomapi.a $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \
+- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
-
+svtest_LDADD = libomapi.a -lirs-export -ldns-export -lisc-export
--- a/relay/Makefile.am
+++ b/relay/Makefile.am
-@@ -2,9 +2,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
-
+@@ -5,8 +5,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
sbin_PROGRAMS = dhcrelay
dhcrelay_SOURCES = dhcrelay.c
--dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
-- ../bind/lib/libirs.a ../bind/lib/libdns.a \
-- ../bind/lib/libisccfg.a ../bind/lib/libisc.a
-+dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a -ldns-export -lisc-export
+ dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
+- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \
+- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++ -ldns-export -lisc-export
man_MANS = dhcrelay.8
EXTRA_DIST = $(man_MANS)
--- a/server/Makefile.am
+++ b/server/Makefile.am
-@@ -14,8 +14,7 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
+@@ -16,9 +16,7 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
dhcpd_CFLAGS = $(LDAP_CFLAGS)
dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
-- ../dhcpctl/libdhcpctl.a ../bind/lib/libirs.a \
-- ../bind/lib/libdns.a ../bind/lib/libisccfg.a ../bind/lib/libisc.a \
-+ ../dhcpctl/libdhcpctl.a -ldns-export -lisc-export \
- $(LDAP_LIBS)
+- ../dhcpctl/libdhcpctl.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a \
+- $(BINDLIBDIR)/libisc.a $(LDAP_LIBS)
++ ../dhcpctl/libdhcpctl.a -ldns-export -lisc-export $(LDAP_LIBS)
man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
+ EXTRA_DIST = $(man_MANS)
--- a/Makefile.am
+++ b/Makefile.am
-@@ -22,10 +22,9 @@ EXTRA_DIST = RELNOTES LICENSE \
+@@ -23,10 +23,9 @@ EXTRA_DIST = RELNOTES LICENSE \
doc/devel/arch.dox doc/devel/atf.dox doc/devel/contrib.dox \
doc/devel/debug.dox doc/devel/isc-logo.jpg doc/devel/mainpage.dox \
doc/devel/omapi.dox doc/devel/qa.dox util/bindvar.sh \
- bind/Makefile.in bind/bind.tar.gz bind/version.tmp \
common/tests/Atffile server/tests/Atffile
--SUBDIRS = bind includes tests common omapip client dhcpctl relay server
+-SUBDIRS = @BINDSRCDIR@ includes tests common omapip client dhcpctl relay server
+SUBDIRS = includes tests common omapip client dhcpctl relay server
nobase_include_HEADERS = dhcpctl/dhcpctl.h
--- a/configure.ac
+++ b/configure.ac
-@@ -699,9 +699,6 @@ fi
- # AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[],[]) & etc).
- CFLAGS="$CFLAGS $STD_CWARNINGS"
-
--# Try to add the bind include directory
--CFLAGS="$CFLAGS -I$libbind/include"
--
- case "$host" in
- *-darwin*)
- CFLAGS="$CFLAGS -D__APPLE_USE_RFC_3542" ;;
-@@ -711,7 +708,6 @@ AC_C_FLEXIBLE_ARRAY_MEMBER
+@@ -805,7 +805,6 @@ AC_C_FLEXIBLE_ARRAY_MEMBER
AC_CONFIG_FILES([
Makefile
-- bind/Makefile
+- $srcdir/bind/Makefile
client/Makefile
client/tests/Makefile
common/Makefile
-@@ -728,8 +724,6 @@ AC_CONFIG_FILES([
- ])
- AC_OUTPUT
-
--sh util/bindvar.sh
--
- cat > config.report << END
-
- ISC DHCP source configure results:
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-dhcp/isc-dhcp.git
More information about the pkg-dhcp-commits
mailing list