diff --git a/dhcp-3.0.5-selinux.patch b/dhcp-3.0.5-selinux.patch deleted file mode 100644 index f412b25..0000000 --- a/dhcp-3.0.5-selinux.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- dhcp-3.0.5/client/dhclient.c.selinux 2007-03-30 16:11:54.000000000 -0400 -+++ dhcp-3.0.5/client/dhclient.c 2007-03-30 16:12:27.000000000 -0400 -@@ -3009,6 +3009,8 @@ - wstatus = 0; - } - } else { -+ if (leaseFile) -+ fclose(leaseFile); - execve (scriptName, argv, envp); - log_error ("execve (%s, ...): %m", scriptName); - exit (0); diff --git a/dhcp-4.0.0-selinux.patch b/dhcp-4.0.0-selinux.patch new file mode 100644 index 0000000..ebcf51a --- /dev/null +++ b/dhcp-4.0.0-selinux.patch @@ -0,0 +1,48 @@ +diff -up dhcp-4.0.0//client/dhclient.c.selinux dhcp-4.0.0//client/dhclient.c +--- dhcp-4.0.0//client/dhclient.c.selinux 2008-05-16 13:42:18.000000000 -1000 ++++ dhcp-4.0.0//client/dhclient.c 2008-05-16 13:57:54.000000000 -1000 +@@ -2908,6 +2908,11 @@ void rewrite_client_leases () + return; + } + ++ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { ++ log_error ("failed to set close-on-exec for %s", path_dhclient_db); ++ return; ++ } ++ + /* If there is a default duid, write it out. */ + if (default_duid.len != 0) + write_duid(&default_duid); +@@ -3011,6 +3016,10 @@ write_duid(struct data_string *duid) + log_error("can't create %s: %m", path_dhclient_db); + return ISC_R_IOERROR; + } ++ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { ++ log_error ("failed to set close-on-exec for %s", path_dhclient_db); ++ return ISC_R_IOERROR; ++ } + } + + /* It would make more sense to write this as a hex string, +@@ -3058,6 +3067,10 @@ write_client6_lease(struct client_state + log_error("can't create %s: %m", path_dhclient_db); + return ISC_R_IOERROR; + } ++ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { ++ log_error ("failed to set close-on-exec for %s", path_dhclient_db); ++ return ISC_R_IOERROR; ++ } + } + + stat = fprintf(leaseFile, "lease6 {\n"); +@@ -3161,6 +3174,10 @@ int write_client_lease (client, lease, r + log_error ("can't create %s: %m", path_dhclient_db); + return 0; + } ++ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { ++ log_error ("failed to set close-on-exec for %s", path_dhclient_db); ++ return ISC_R_IOERROR; ++ } + } + + errno = 0; diff --git a/dhcp.spec b/dhcp.spec index 70116cb..0442a4d 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -4,7 +4,7 @@ Summary: DHCP (Dynamic Host Configuration Protocol) server and relay agent Name: dhcp Version: 4.0.0 -Release: 14%{?dist} +Release: 15%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -43,7 +43,8 @@ Patch13: %{name}-4.0.0-dhclient-anycast.patch Patch14: %{name}-4.0.0-manpages.patch Patch15: %{name}-4.0.0-paths.patch Patch16: %{name}-4.0.0-NetworkManager-crash.patch -Patch17: %{name}-4.0.0-libdhcp4client.patch +Patch17: %{name}-4.0.0-selinux.patch +Patch18: %{name}-4.0.0-libdhcp4client.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: autoconf @@ -187,9 +188,12 @@ client library. # Avoid crash when dhclient is run with NetworkManager %patch16 -p1 -# Add the libdhcp4client target (library version of dhclient) +# Set close-on-exec for dhclient.leases for SELinux (#446632) %patch17 -p1 +# Add the libdhcp4client target (library version of dhclient) +%patch18 -p1 + # Copy in documentation and example scripts for LDAP patch to dhcpd %{__install} -p -m 0644 %{SOURCE5} . %{__install} -p -m 0644 %{SOURCE6} doc/ @@ -418,6 +422,9 @@ fi %{_libdir}/libdhcp4client.so %changelog +* Fri May 16 2008 David Cantrell - 12:4.0.0-15 +- Set close-on-exec on dhclient.leases for SELinux (#446632) + * Tue Apr 01 2008 David Cantrell - 12:4.0.0-14 - Avoid dhclient crash when run via NetworkManager (#439796)