diff --git a/dhcp-4.2.2-paranoia-pid.patch b/dhcp-4.2.2-paranoia-pid.patch deleted file mode 100644 index c74f4e2..0000000 --- a/dhcp-4.2.2-paranoia-pid.patch +++ /dev/null @@ -1,49 +0,0 @@ -diff -up dhcp-4.2.2/server/dhcpd.c.paranoia-pid dhcp-4.2.2/server/dhcpd.c ---- dhcp-4.2.2/server/dhcpd.c.paranoia-pid 2011-09-12 16:07:01.000000000 +0200 -+++ dhcp-4.2.2/server/dhcpd.c 2011-09-12 16:08:55.680988466 +0200 -@@ -791,22 +791,6 @@ main(int argc, char **argv) { - exit (0); - } - --#if defined (PARANOIA) -- /* change uid to the specified one */ -- -- if (set_gid) { -- if (setgroups (0, (void *)0)) -- log_fatal ("setgroups: %m"); -- if (setgid (set_gid)) -- log_fatal ("setgid(%d): %m", (int) set_gid); -- } -- -- if (set_uid) { -- if (setuid (set_uid)) -- log_fatal ("setuid(%d): %m", (int) set_uid); -- } --#endif /* PARANOIA */ -- - /* - * Deal with pid files. If the user told us - * not to write a file we don't read one either -@@ -843,6 +827,22 @@ main(int argc, char **argv) { - } - } - -+#if defined (PARANOIA) -+ /* change uid to the specified one */ -+ -+ if (set_gid) { -+ if (setgroups (0, (void *)0)) -+ log_fatal ("setgroups: %m"); -+ if (setgid (set_gid)) -+ log_fatal ("setgid(%d): %m", (int) set_gid); -+ } -+ -+ if (set_uid) { -+ if (setuid (set_uid)) -+ log_fatal ("setuid(%d): %m", (int) set_uid); -+ } -+#endif /* PARANOIA */ -+ - /* If we were requested to log to stdout on the command line, - keep doing so; otherwise, stop. */ - if (log_perror == -1) diff --git a/dhcp-4.2.3-paranoia.patch b/dhcp-4.2.3-paranoia.patch new file mode 100644 index 0000000..4139ce9 --- /dev/null +++ b/dhcp-4.2.3-paranoia.patch @@ -0,0 +1,110 @@ +diff -up dhcp-4.2.3/server/dhcpd.c.paranoia dhcp-4.2.3/server/dhcpd.c +--- dhcp-4.2.3/server/dhcpd.c.paranoia 2011-10-26 19:10:08.162925489 +0200 ++++ dhcp-4.2.3/server/dhcpd.c 2011-10-26 19:12:34.541095509 +0200 +@@ -699,11 +699,11 @@ main(int argc, char **argv) { + + group_write_hook = group_writer; + +- /* Start up the database... */ +- db_startup (lftest); +- +- if (lftest) ++ if (lftest) { ++ /* Start up the database... */ ++ db_startup (lftest); + exit (0); ++ } + + /* Discover all the network interfaces and initialize them. */ + discover_interfaces(DISCOVER_SERVER); +@@ -743,24 +743,6 @@ main(int argc, char **argv) { + #if defined (TRACING) + trace_seed_stash (trace_srandom, seed + cur_time); + #endif +- postdb_startup (); +- +-#ifdef DHCPv6 +- /* +- * Set server DHCPv6 identifier. +- * See dhcpv6.c for discussion of setting DUID. +- */ +- if (set_server_duid_from_option() == ISC_R_SUCCESS) { +- write_server_duid(); +- } else { +- if (!server_duid_isset()) { +- if (generate_new_server_duid() != ISC_R_SUCCESS) { +- log_fatal("Unable to set server identifier."); +- } +- write_server_duid(); +- } +- } +-#endif /* DHCPv6 */ + + #ifndef DEBUG + if (daemon) { +@@ -771,22 +753,6 @@ main(int argc, char **argv) { + exit (0); + } + +-#if defined (PARANOIA) +- /* change uid to the specified one */ +- +- if (set_gid) { +- if (setgroups (0, (void *)0)) +- log_fatal ("setgroups: %m"); +- if (setgid (set_gid)) +- log_fatal ("setgid(%d): %m", (int) set_gid); +- } +- +- if (set_uid) { +- if (setuid (set_uid)) +- log_fatal ("setuid(%d): %m", (int) set_uid); +- } +-#endif /* PARANOIA */ +- + /* + * Deal with pid files. If the user told us + * not to write a file we don't read one either +@@ -823,6 +789,42 @@ main(int argc, char **argv) { + } + } + ++#if defined (PARANOIA) ++ /* change uid to the specified one */ ++ ++ if (set_gid) { ++ if (setgroups (0, (void *)0)) ++ log_fatal ("setgroups: %m"); ++ if (setgid (set_gid)) ++ log_fatal ("setgid(%d): %m", (int) set_gid); ++ } ++ ++ if (set_uid) { ++ if (setuid (set_uid)) ++ log_fatal ("setuid(%d): %m", (int) set_uid); ++ } ++#endif /* PARANOIA */ ++ ++ db_startup(lftest); ++ postdb_startup (); ++ ++#ifdef DHCPv6 ++ /* ++ * Set server DHCPv6 identifier. ++ * See dhcpv6.c for discussion of setting DUID. ++ */ ++ if (set_server_duid_from_option() == ISC_R_SUCCESS) { ++ write_server_duid(); ++ } else { ++ if (!server_duid_isset()) { ++ if (generate_new_server_duid() != ISC_R_SUCCESS) { ++ log_fatal("Unable to set server identifier."); ++ } ++ write_server_duid(); ++ } ++ } ++#endif /* DHCPv6 */ ++ + /* If we were requested to log to stdout on the command line, + keep doing so; otherwise, stop. */ + if (log_perror == -1) diff --git a/dhcp.spec b/dhcp.spec index deb720b..714c10f 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -19,7 +19,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.2.3 -Release: 1%{?dist} +Release: 2%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -68,7 +68,7 @@ Patch28: dhcp-4.2.0-noprefixavail.patch Patch29: dhcp-4.2.2-remove-bind.patch Patch30: dhcp-4.2.2-sharedlib.patch Patch31: dhcp-4.2.0-PPP.patch -Patch32: dhcp-4.2.2-paranoia-pid.patch +Patch32: dhcp-4.2.3-paranoia.patch BuildRequires: autoconf BuildRequires: automake @@ -106,8 +106,7 @@ DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it -easier to administer a large network. The dhcp package includes the -ISC DHCP service and relay agent. +easier to administer a large network. To use DHCP on your network, install a DHCP service (or relay agent), and on clients run a DHCP client daemon. The dhcp package provides @@ -304,9 +303,10 @@ rm bind/bind.tar.gz # DHCPv6 over PPP support (#626514) %patch31 -p1 -b .PPP -# Move changing of the effective user/group ID after writing new PID file. +# Write PID file BEFORE changing of the effective user/group ID. # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #25806]) -%patch32 -p1 -b .paranoia-pid +# Write lease file AFTER changing of the effective user/group ID. +%patch32 -p1 -b .paranoia # Copy in the Fedora/RHEL dhclient script %{__install} -p -m 0755 %{SOURCE4} client/scripts/linux @@ -438,7 +438,6 @@ EOF # DHCPv6 Server Configuration file. # see /usr/share/doc/dhcp*/dhcpd6.conf.sample # see dhcpd.conf(5) man page -# run 'service dhcpd6 start' or 'dhcpd -6 -cf /etc/dhcp/dhcpd6.conf' # EOF @@ -642,6 +641,9 @@ fi %{_initddir}/dhcrelay %changelog +* Wed Oct 26 2011 Jiri Popelka - 12:4.2.3-2 +- Write lease file AFTER changing of the effective user/group ID. + * Thu Oct 20 2011 Jiri Popelka - 12:4.2.3-1 - 4.2.3 @@ -657,7 +659,7 @@ fi - Hopefully last tweak of adding of user and group (#699713) * Fri Sep 09 2011 Jiri Popelka - 12:4.2.2-7 -- Move changing of the effective user/group ID after writing new PID file. +- Write PID file BEFORE changing of the effective user/group ID. * Fri Sep 09 2011 Jiri Popelka - 12:4.2.2-6 - PIE-RELRO.patch is not needed anymore, defining _hardened_build does the same