From 65638c152eff112fff752da017febe73b308270a Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 18 2021 06:36:38 +0000 Subject: import dhcp-4.3.6-44.el8 --- diff --git a/README.debrand b/README.debrand deleted file mode 100644 index 01c46d2..0000000 --- a/README.debrand +++ /dev/null @@ -1,2 +0,0 @@ -Warning: This package was configured for automatic debranding, but the changes -failed to apply. diff --git a/SOURCES/12-dhcpd b/SOURCES/12-dhcpd deleted file mode 100644 index e75aa93..0000000 --- a/SOURCES/12-dhcpd +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -INTERFACE=$1 # The interface which is brought up or down -STATUS=$2 # The new state of the interface - -# whenever interface is brought up by NM (rhbz #565921) -if [ "$STATUS" = "up" ]; then - # wait a few seconds to allow interface startup to complete - # (important at boot time without this the service still fails - # time-out for dispatcher script is 3s (rhbz#1003695#8) - sleep 2 - # restart the services - # In case this dispatcher script is called several times in a short period of time, it might happen that - # systemd refuses to further restart the units. Therefore we use reset-failed command to prevent it. - systemctl -q is-enabled dhcpd.service && systemctl restart dhcpd.service && systemctl reset-failed dhcpd.service - systemctl -q is-enabled dhcpd6.service && systemctl restart dhcpd6.service && systemctl reset-failed dhcpd6.service -fi - -exit 0 diff --git a/SOURCES/dhcp-key_algorithm.patch b/SOURCES/dhcp-key_algorithm.patch new file mode 100644 index 0000000..3f29f28 --- /dev/null +++ b/SOURCES/dhcp-key_algorithm.patch @@ -0,0 +1,200 @@ +From e6ffc27f24321017a5ad9af3707f4e2e54bbac74 Mon Sep 17 00:00:00 2001 +From: Thomas Markwalder +Date: Mon, 11 Dec 2017 07:19:43 -0500 +Subject: [PATCH] [master] Adds key-algorithm statement to omshell + + Merges in rt46771. +--- + RELNOTES | 7 +++++++ + common/conflex.c | 2 ++ + dhcpctl/omshell.1 | 32 ++++++++++++++++++++++++-------- + dhcpctl/omshell.c | 38 +++++++++++++++++++++++++++++++++++--- + includes/dhctoken.h | 3 ++- + 5 files changed, 70 insertions(+), 12 deletions(-) + +diff --git a/common/conflex.c b/common/conflex.c +index 8ce024af..045b655d 100644 +--- a/common/conflex.c ++++ b/common/conflex.c +@@ -1104,6 +1104,8 @@ intern(char *atom, enum dhcp_token dfv) { + } + if (!strcasecmp (atom + 1, "ey")) + return KEY; ++ if (!strcasecmp (atom + 1, "ey-algorithm")) ++ return KEY_ALGORITHM; + break; + case 'l': + if (!strcasecmp (atom + 1, "case")) +diff --git a/dhcpctl/omshell.1 b/dhcpctl/omshell.1 +index 4846272a..2f55e965 100644 +--- a/dhcpctl/omshell.1 ++++ b/dhcpctl/omshell.1 +@@ -1,7 +1,6 @@ + .\" $Id: omshell.1,v 1.6 2009/11/24 02:06:56 sar Exp $ + .\" +-.\" Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC") +-.\" Copyright (c) 2004,2009 by Internet Systems Consortium, Inc. ("ISC") ++.\" Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC") + .\" Copyright (c) 2001-2003 by Internet Software Consortium + .\" + .\" Permission to use, copy, modify, and distribute this software for any +@@ -81,7 +80,24 @@ where number is the port that OMAPI listens on. By default, this is 7911. + This specifies the TSIG key to use to authenticate the OMAPI transactions. + \fIname\fR is the name of a key defined in \fIdhcpd.conf\fR with the + \fBomapi-key\fR statement. The \fIsecret\fR is the secret key generated from +-\fBdnssec-keygen\fR or another key generation program. ++\fBdnssec-keygen\fR or another key generation program. The key algorithm is ++assumed to be HMAC-MD5 key. If a different algorithm was specified in dhcpd.conf ++file for the key, then it must be specified via the \fIkey-algorithm\fR statement. ++.RE ++.PP ++.B key-algorithm \fIalgorithm\fR ++.RS 0.5i ++This specifies the cryptographic algorithm for the key used when authenticating OMAPI ++transactions. Supported values for \fIalgorithm\fR are: ++.nf ++ HMAC-MD5 ++ HMAC-SHA1 ++ HMAC-SHA224 ++ HMAC-SHA256 ++ HMAC-SHA384 ++ HMAC-SHA512 ++fi ++The default is HMAC-MD5. (Value is not case sensitive). + .RE + .PP + .B connect +@@ -253,7 +269,7 @@ name = "some-host" + hardware-address = 00:80:c7:84:b1:94 + hardware-type = 00:00:00:01 + ip-address = c0:a8:04:28 +-> ++> + .fi + .PP + Your dhcpd.leases file would then have an entry like this in it: +@@ -267,7 +283,7 @@ host some-host { + .fi + .PP + The \fIdynamic;\fR line is to denote that this host entry did not come from +-dhcpd.conf, but was created dynamically via OMAPI. ++dhcpd.conf, but was created dynamically via OMAPI. + .SH RESETTING ATTRIBUTES + .PP + If you want to remove an attribute from an object, you can do this with the +@@ -288,7 +304,7 @@ name = "some-host" + hardware-address = 00:80:c7:84:b1:94 + hardware-type = 00:00:00:01 + ip-address = +-> ++> + .fi + .SH REFRESHING OBJECTS + .PP +@@ -300,7 +316,7 @@ particularly useful for hosts. + .PP + Any remote object that can be created can also be destroyed. This is done by + creating a new local object, setting attributes, associating the local and +-remote object using \fBopen\fR, and then using the \fBremove\fR command. ++remote object using \fBopen\fR, and then using the \fBremove\fR command. + If the host "some-host" from before was created in error, this could be + corrected as follows: + .nf +@@ -312,7 +328,7 @@ hardware-type = 00:00:00:01 + ip-address = c0:a8:04:28 + > remove + obj: +-> ++> + .fi + .SH HELP + .PP +diff --git a/dhcpctl/omshell.c b/dhcpctl/omshell.c +index c42bab1a..9233f50e 100644 +--- a/dhcpctl/omshell.c ++++ b/dhcpctl/omshell.c +@@ -321,12 +321,42 @@ main(int argc, char **argv) { + } + break; + ++ case KEY_ALGORITHM: ++ /* Algorithm is optional */ ++ token = next_token (&val, (unsigned *)0, cfile); ++ if (token != NAME || !is_identifier(token)) { ++ printf ("missing or invalid algorithm name\n"); ++ printf ("usage: key-algoritm \n"); ++ skip_to_semi (cfile); ++ break; ++ } ++ ++ s = dmalloc (strlen (val) + 1, MDL); ++ if (!s) { ++ printf ("no memory for algorithm name.\n"); ++ skip_to_semi (cfile); ++ break; ++ } ++ ++ strcpy (s, val); ++ algorithm = s; ++ ++ token = next_token (&val, (unsigned *)0, cfile); ++ if (token != END_OF_FILE && token != EOL) { ++ printf ("extra information after %s\n", algorithm); ++ printf ("usage: key-algorithm \n"); ++ skip_to_semi (cfile); ++ break; ++ } ++ ++ break; ++ + case KEY: + token = peek_token(&val, (unsigned *)0, cfile); + if (token == STRING) { + token = next_token (&val, (unsigned *)0, cfile); + if (!is_identifier (token)) { +- printf ("usage: key \n"); ++ printf ("usage: key \n"); + skip_to_semi (cfile); + break; + } +@@ -340,7 +370,7 @@ main(int argc, char **argv) { + } else { + s = parse_host_name(cfile); + if (s == NULL) { +- printf ("usage: key \n"); ++ printf ("usage: key \n"); + skip_to_semi(cfile); + break; + } +@@ -352,12 +382,14 @@ main(int argc, char **argv) { + skip_to_semi (cfile); + break; + } ++ + token = next_token (&val, (unsigned *)0, cfile); + if (token != END_OF_FILE && token != EOL) { +- printf ("usage: key \n"); ++ printf ("usage: key {algorithm}\n"); + skip_to_semi (cfile); + break; + } ++ + break; + + case CONNECT: +diff --git a/includes/dhctoken.h b/includes/dhctoken.h +index 6fc4df3..ca24d4c 100644 +--- a/includes/dhctoken.h ++++ b/includes/dhctoken.h +@@ -374,8 +374,9 @@ enum dhcp_token { + LEASE_ID_FORMAT = 676, + TOKEN_HEX = 677, + TOKEN_OCTAL = 678, +- BOOTP_BROADCAST_ALWAYS = 679, +- DESTINATION_DESCRIPTOR = 680 ++ KEY_ALGORITHM = 679, ++ BOOTP_BROADCAST_ALWAYS = 680, ++ DESTINATION_DESCRIPTOR = 681 + }; + + #define is_identifier(x) ((x) >= FIRST_TOKEN && \ diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec index b626826..568ff26 100644 --- a/SPECS/dhcp.spec +++ b/SPECS/dhcp.spec @@ -16,7 +16,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.3.6 -Release: 41%{?dist} +Release: 44%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -28,7 +28,6 @@ Source0: ftp://ftp.isc.org/isc/dhcp/%{DHCPVERSION}/dhcp-%{DHCPVERSION}.tar.gz Source1: dhclient-script Source2: README.dhclient.d Source3: 11-dhclient -Source4: 12-dhcpd Source5: 56dhclient Source6: dhcpd.service Source7: dhcpd6.service @@ -83,6 +82,7 @@ Patch46: dhcp-dhclient_ipv6_prefix.patch Patch47: dhcp-isc_heap_delete.patch Patch48: dhcp-bind-9.11.patch Patch49: dhcp-detect-system-time-jumps.patch +Patch50: dhcp-key_algorithm.patch BuildRequires: autoconf BuildRequires: automake @@ -358,6 +358,9 @@ rm bind/bind.tar.gz %patch49 -p1 -b .time-change +# https://github.com/isc-projects/dhcp/commit/e6ffc27f24321017a5ad9af3707f4e2e54bbac74 +%patch50 -p1 -b .key-alg + # Update paths in all man pages for page in client/dhclient.conf.5 client/dhclient.leases.5 \ client/dhclient-script.8 client/dhclient.8 ; do @@ -430,8 +433,6 @@ mkdir -p %{buildroot}%{dhcpconfdir}/dhclient.d # NetworkManager dispatcher script mkdir -p %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d install -p -m 0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d -## https://bugzilla.redhat.com/show_bug.cgi?id=1685560 -install -p -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d # pm-utils script to handle suspend/resume and dhclient leases install -D -p -m 0755 %{SOURCE5} %{buildroot}%{_libdir}/pm-utils/sleep.d/56dhclient @@ -631,7 +632,6 @@ done %config(noreplace) %{_sysconfdir}/openldap/schema/dhcp.schema %dir %{_sysconfdir}/NetworkManager %dir %{_sysconfdir}/NetworkManager/dispatcher.d -%{_sysconfdir}/NetworkManager/dispatcher.d/12-dhcpd %attr(0644,root,root) %{_unitdir}/dhcpd.service %attr(0644,root,root) %{_unitdir}/dhcpd6.service %{_sbindir}/dhcpd @@ -694,8 +694,15 @@ done %endif %changelog -* Tue Nov 03 2020 CentOS Sources - 4.3.6-41.el8.centos -- Apply debranding changes +* Fri Dec 11 2020 Pavel Zhukov - 12:4.3.6-44 +- Rebuild with new bind (#1904613) + +* Wed Nov 25 2020 Pavel Zhukov - 12:4.3.6-43 +- Drop 12-dhcp NM dispatchers script (#1898423) + +* Tue Oct 20 2020 Pavel Zhukov - 12:4.3.6-42 +- Add key-algorithm support. +- Resolves: rhbz#1883999 * Mon Apr 20 2020 Artem Egorenkov - 12:4.3.6-41 - Rebuild with bind-9.11.18