diff --git a/dhcp-4.0.0-invalid-dhclient-conf.patch b/dhcp-4.0.0-invalid-dhclient-conf.patch new file mode 100644 index 0000000..0501123 --- /dev/null +++ b/dhcp-4.0.0-invalid-dhclient-conf.patch @@ -0,0 +1,16 @@ +diff -up dhcp-4.0.0/client/dhclient.conf.invalid dhcp-4.0.0/client/dhclient.conf +--- dhcp-4.0.0/client/dhclient.conf.invalid 1997-06-02 12:50:44.000000000 -1000 ++++ dhcp-4.0.0/client/dhclient.conf 2008-10-23 10:01:58.000000000 -1000 +@@ -1,10 +1,10 @@ + send host-name "andare.fugue.com"; + send dhcp-client-identifier 1:0:a0:24:ab:fb:9c; + send dhcp-lease-time 3600; +-supersede domain-name "fugue.com home.vix.com"; ++supersede domain-search "fugue.com home.vix.com"; + prepend domain-name-servers 127.0.0.1; + request subnet-mask, broadcast-address, time-offset, routers, +- domain-name, domain-name-servers, host-name; ++ domain-search, domain-name, domain-name-servers, host-name; + require subnet-mask, domain-name-servers; + timeout 60; + retry 60; diff --git a/dhcp-4.0.0-manpages.patch b/dhcp-4.0.0-manpages.patch index 7779145..88b0535 100644 --- a/dhcp-4.0.0-manpages.patch +++ b/dhcp-4.0.0-manpages.patch @@ -1,109 +1,7 @@ -diff -up dhcp-4.0.0/server/dhcpd.conf.5.manpages dhcp-4.0.0/server/dhcpd.conf.5 ---- dhcp-4.0.0/server/dhcpd.conf.5.manpages 2007-11-20 08:34:37.000000000 -1000 -+++ dhcp-4.0.0/server/dhcpd.conf.5 2008-01-02 11:26:38.000000000 -1000 -@@ -513,6 +513,9 @@ pool { - }; - .fi - .PP -+Dynamic BOOTP leases are not compatible with failover, and, as such, -+you need to disallow BOOTP in pools that you are using failover for. -+.PP - The server currently does very little sanity checking, so if you - configure it wrong, it will just fail in odd ways. I would recommend - therefore that you either do failover or don't do failover, but don't -@@ -527,9 +530,9 @@ primary server might look like this: - failover peer "foo" { - primary; - address anthrax.rc.vix.com; -- port 519; -+ port 647; - peer address trantor.rc.vix.com; -- peer port 520; -+ peer port 847; - max-response-delay 60; - max-unacked-updates 10; - mclt 3600; -@@ -588,9 +591,7 @@ statement - .B port \fIport-number\fR\fB;\fR - .PP - The \fBport\fR statement declares the TCP port on which the server --should listen for connections from its failover peer. This statement --may not currently be omitted, because the failover protocol does not --yet have a reserved TCP port number. -+should listen for connections from its failover peer. - .RE - .PP - The -@@ -602,10 +603,8 @@ statement - .PP - The \fBpeer port\fR statement declares the TCP port to which the - server should connect to reach its failover peer for failover --messages. This statement may not be omitted because the failover --protocol does not yet have a reserved TCP port number. The port --number declared in the \fBpeer port\fR statement may be the same as --the port number declared in the \fBport\fR statement. -+messages. The port number declared in the \fBpeer port\fR statement -+may be the same as the port number declared in the \fBport\fR statement. - .RE - .PP - The -@@ -1272,7 +1271,7 @@ the zone containing PTR records - for IS - .PP - .nf - key DHCP_UPDATER { -- algorithm HMAC-MD5.SIG-ALG.REG.INT; -+ algorithm hmac-md5; - secret pRP5FapFoJ95JEL06sv4PQ==; - }; - -@@ -1295,7 +1294,7 @@ dhcpd.conf file: - .PP - .nf - key DHCP_UPDATER { -- algorithm HMAC-MD5.SIG-ALG.REG.INT; -+ algorithm hmac-md5; - secret pRP5FapFoJ95JEL06sv4PQ==; - }; - -@@ -2433,7 +2432,8 @@ statement - The \fInext-server\fR statement is used to specify the host address of - the server from which the initial boot file (specified in the - \fIfilename\fR statement) is to be loaded. \fIServer-name\fR should --be a numeric IP address or a domain name. -+be a numeric IP address or a domain name. If no \fInext-server\fR statement -+applies to a given client, the address 0.0.0.0 is used. - .RE - .PP - The -diff -up dhcp-4.0.0/common/dhcp-options.5.manpages dhcp-4.0.0/common/dhcp-options.5 ---- dhcp-4.0.0/common/dhcp-options.5.manpages 2007-09-17 07:52:01.000000000 -1000 -+++ dhcp-4.0.0/common/dhcp-options.5 2008-01-02 11:26:38.000000000 -1000 -@@ -896,6 +896,21 @@ classless IP routing - it does not inclu - classless IP routing is now the most widely deployed routing standard, - this option is virtually useless, and is not implemented by any of the - popular DHCP clients, for example the Microsoft DHCP client. -+.PP -+NOTE to @PRODUCTNAME@ dhclient users: -+.br -+dhclient-script interprets trailing 0 octets of the target as indicating -+the subnet class of the route, so for the following static-routes value: -+.br -+ option static-routes 172.0.0.0 172.16.2.254, -+.br -+ 192.168.0.0 192.168.2.254; -+.br -+dhclient-script will create routes: -+.br -+ 172/8 via 172.16.2.254 dev $interface -+.br -+ 192.168/16 via 192.168.2.254 dev $interface - .RE - .PP - .nf diff -up dhcp-4.0.0/client/dhclient-script.8.manpages dhcp-4.0.0/client/dhclient-script.8 --- dhcp-4.0.0/client/dhclient-script.8.manpages 2006-02-24 13:16:27.000000000 -1000 -+++ dhcp-4.0.0/client/dhclient-script.8 2008-01-02 11:26:38.000000000 -1000 -@@ -47,7 +47,7 @@ customizations are needed, they should b ++++ dhcp-4.0.0/client/dhclient-script.8 2008-10-23 09:58:40.000000000 -1000 +@@ -47,16 +47,16 @@ customizations are needed, they should b exit hooks provided (see HOOKS for details). These hooks will allow the user to override the default behaviour of the client in creating a .B /etc/resolv.conf @@ -112,71 +10,80 @@ diff -up dhcp-4.0.0/client/dhclient-script.8.manpages dhcp-4.0.0/client/dhclient .PP No standard client script exists for some operating systems, even though the actual client may work, so a pioneering user may well need to create -@@ -91,6 +91,26 @@ present. The - .B ETCDIR/dhclient-exit-hooks + a new script or modify an existing one. In general, customizations specific + to a particular computer should be done in the +-.B ETCDIR/dhclient.conf ++.B /usr/local/etc/dhclient.conf + file. If you find that you can't make such a customization without + customizing +-.B ETCDIR/dhclient.conf ++.B /usr/local/etc/dhclient.conf + or using the enter and exit hooks, please submit a bug report. + .SH HOOKS + When it starts, the client script first defines a shell function, +@@ -68,33 +68,53 @@ the enter hook script. + .PP + On after defining the make_resolv_conf function, the client script checks + for the presence of an executable +-.B ETCDIR/dhclient-enter-hooks ++.B /usr/local/etc/dhclient-enter-hooks + script, and if present, it invokes the script inline, using the Bourne + shell '.' command. The entire environment documented under OPERATION + is available to this script, which may modify the environment if needed + to change the behaviour of the script. If an error occurs during the + execution of the script, it can set the exit_status variable to a nonzero + value, and +-.B CLIENTBINDIR/dhclient-script ++.B /sbin/dhclient-script + will exit with that error code immediately after the client script exits. + .PP + After all processing has completed, +-.B CLIENTBINDIR/dhclient-script ++.B /sbin/dhclient-script + checks for the presence of an executable +-.B ETCDIR/dhclient-exit-hooks ++.B /usr/local/etc/dhclient-exit-hooks + script, which if present is invoked using the '.' command. The exit + status of dhclient-script will be passed to dhclient-exit-hooks in the + exit_status shell variable, and will always be zero if the script + succeeded at the task for which it was invoked. The rest of the + environment as described previously for dhclient-enter-hooks is also + present. The +-.B ETCDIR/dhclient-exit-hooks ++.B /usr/local/etc/dhclient-exit-hooks script can modify the valid of exit_status to change the exit status of dhclient-script. +.PP +Immediately after dhclient brings an interface UP with a new IP address, +subnet mask, and routes, in the REBOOT/BOUND states, it will check for the +existence of an executable -+.B ETCDIR/dhclient-up-hooks ++.B /usr/local/etc/dhclient-up-hooks +script, and source it if found. This script can handle DHCP options in +the environment that are not handled by default. A per-interface. -+.B ETCDIR/dhclient-${IF}-up-hooks ++.B /usr/local/etc/dhclient-${IF}-up-hooks +script will override the generic script and be sourced when interface +$IF has been brought up. +.PP +Immediately before dhclient brings an interface DOWN, removing its IP +address, subnet mask, and routes, in the STOP/RELEASE states, it will +check for the existence of an executable -+.B ETCDIR/dhclient-down-hooks ++.B /usr/local/etc/dhclient-down-hooks +script, and source it if found. This script can handle DHCP options in +the environment that are not handled by default. A per-interface -+.B ETCDIR/dhclient-${IF}-down-hooks ++.B /usr/local/etc/dhclient-${IF}-down-hooks +script will override the generic script and be sourced when interface +$IF is about to be brought down. .SH OPERATION When dhclient needs to invoke the client configuration script, it defines a set of variables in the environment, and then invokes -diff -up dhcp-4.0.0/client/dhclient.conf.5.manpages dhcp-4.0.0/client/dhclient.conf.5 ---- dhcp-4.0.0/client/dhclient.conf.5.manpages 2007-08-23 06:06:08.000000000 -1000 -+++ dhcp-4.0.0/client/dhclient.conf.5 2008-01-02 11:26:38.000000000 -1000 -@@ -186,9 +186,9 @@ responding to the client send the client - options. Only the option names should be specified in the request - statement - not option parameters. By default, the DHCP server - requests the subnet-mask, broadcast-address, time-offset, routers, --domain-name, domain-name-servers and host-name options. Note that if --you enter a 'request' statement, you over-ride this default and these --options will not be requested. -+domain-name, domain-name-servers host-name, nis-domain, nis-servers, -+and ntp-servers options. Note that if you enter a 'request' statement, -+you over-ride this default and these options will not be requested. - .PP - In some cases, it may be desirable to send no parameter request list - at all. To do this, simply write the request statement but specify -@@ -626,6 +626,18 @@ database and will record the media type - Whenever the client tries to renew the lease, it will use that same - media type. The lease must expire before the client will go back to - cycling through media types. -+.PP -+ \fBbootp-broadcast-always;\fR -+.PP -+The -+.B bootp-broadcast-always -+statement instructs dhclient to always set the bootp broadcast flag in -+request packets, so that servers will always broadcast replies. -+This is equivalent to supplying the dhclient -B argument, and has -+the same effect as specifying 'always-broadcast' in the server's dhcpd.conf. -+This option is provided as an extension to enable dhclient to work -+on IBM s390 Linux guests. -+.PP - .SH SAMPLE - The following configuration file is used on a laptop running NetBSD - 1.3. The laptop has an IP alias of 192.5.5.213, and has one +-.B CLIENTBINDIR/dhclient-script. ++.B /sbin/dhclient-script. + In all cases, $reason is set to the name of the reason why the script + has been invoked. The following reasons are currently defined: + MEDIUM, PREINIT, BOUND, RENEW, REBIND, REBOOT, EXPIRE, FAIL, STOP, RELEASE, diff -up dhcp-4.0.0/client/dhclient.8.manpages dhcp-4.0.0/client/dhclient.8 --- dhcp-4.0.0/client/dhclient.8.manpages 2007-10-04 07:13:25.000000000 -1000 -+++ dhcp-4.0.0/client/dhclient.8 2008-01-02 11:26:38.000000000 -1000 ++++ dhcp-4.0.0/client/dhclient.8 2008-10-23 09:58:40.000000000 -1000 @@ -91,6 +91,33 @@ relay .B -w ] @@ -344,19 +251,19 @@ diff -up dhcp-4.0.0/client/dhclient.8.manpages dhcp-4.0.0/client/dhclient.8 +.TP +.BI \-lf\ +Path to the lease database file. If unspecified, the default -+.B DBDIR/dhclient.leases ++.B /private/var/db/dhclient/dhclient.leases +is used. + +.TP +.BI \-pf\ +Path to the process ID file. If unspecified, the default -+.B RUNDIR/dhclient.pid ++.B /private/var/run/dhclient.pid +is used. + +.TP +.BI \-cf\ +Path to the client configuration file. If unspecified, the default -+.B ETCDIR/dhclient.conf ++.B /usr/local/etc/dhclient.conf +is used. + +.TP @@ -364,7 +271,7 @@ diff -up dhcp-4.0.0/client/dhclient.8.manpages dhcp-4.0.0/client/dhclient.8 +Path to the network configuration script invoked by +.B dhclient +when it gets a lease. If unspecified, the default -+.B CLIENTBINDIR/dhclient-script ++.B /sbin/dhclient-script +is used. + +.TP @@ -531,3 +438,205 @@ diff -up dhcp-4.0.0/client/dhclient.8.manpages dhcp-4.0.0/client/dhclient.8 .SH CONFIGURATION The syntax of the dhclient.conf(5) file is discussed separately. .SH OMAPI +@@ -338,9 +421,9 @@ do a DHCPRELEASE. To pause it, set its + resume it, set its state attribute to 4. + .PP + .SH FILES +-.B CLIENTBINDIR/dhclient-script, +-.B ETCDIR/dhclient.conf, DBDIR/dhclient.leases, RUNDIR/dhclient.pid, +-.B DBDIR/dhclient.leases~. ++.B /sbin/dhclient-script, ++.B /usr/local/etc/dhclient.conf, /private/var/db/dhclient/dhclient.leases, /private/var/run/dhclient.pid, ++.B /private/var/db/dhclient/dhclient.leases~. + .SH SEE ALSO + dhcpd(8), dhcrelay(8), dhclient-script(8), dhclient.conf(5), + dhclient.leases(5), dhcp-eval(5). +diff -up dhcp-4.0.0/client/dhclient.conf.5.manpages dhcp-4.0.0/client/dhclient.conf.5 +--- dhcp-4.0.0/client/dhclient.conf.5.manpages 2007-08-23 06:06:08.000000000 -1000 ++++ dhcp-4.0.0/client/dhclient.conf.5 2008-10-23 10:01:34.000000000 -1000 +@@ -186,9 +186,9 @@ responding to the client send the client + options. Only the option names should be specified in the request + statement - not option parameters. By default, the DHCP server + requests the subnet-mask, broadcast-address, time-offset, routers, +-domain-name, domain-name-servers and host-name options. Note that if +-you enter a 'request' statement, you over-ride this default and these +-options will not be requested. ++domain-name, domain-name-servers host-name, nis-domain, nis-servers, ++and ntp-servers options. Note that if you enter a 'request' statement, ++you over-ride this default and these options will not be requested. + .PP + In some cases, it may be desirable to send no parameter request list + at all. To do this, simply write the request statement but specify +@@ -626,6 +626,18 @@ database and will record the media type + Whenever the client tries to renew the lease, it will use that same + media type. The lease must expire before the client will go back to + cycling through media types. ++.PP ++ \fBbootp-broadcast-always;\fR ++.PP ++The ++.B bootp-broadcast-always ++statement instructs dhclient to always set the bootp broadcast flag in ++request packets, so that servers will always broadcast replies. ++This is equivalent to supplying the dhclient -B argument, and has ++the same effect as specifying 'always-broadcast' in the server's dhcpd.conf. ++This option is provided as an extension to enable dhclient to work ++on IBM s390 Linux guests. ++.PP + .SH SAMPLE + The following configuration file is used on a laptop running NetBSD + 1.3. The laptop has an IP alias of 192.5.5.213, and has one +@@ -647,12 +659,12 @@ interface "ep0" { + send host-name "andare.fugue.com"; + send dhcp-client-identifier 1:0:a0:24:ab:fb:9c; + send dhcp-lease-time 3600; +- supersede domain-name "fugue.com rc.vix.com home.vix.com"; ++ supersede domain-search "fugue.com rc.vix.com home.vix.com"; + prepend domain-name-servers 127.0.0.1; + request subnet-mask, broadcast-address, time-offset, routers, +- domain-name, domain-name-servers, host-name; ++ domain-search, domain-name, domain-name-servers, host-name; + require subnet-mask, domain-name-servers; +- script "CLIENTBINDIR/dhclient-script"; ++ script "/sbin/dhclient-script"; + media "media 10baseT/UTP", "media 10base2/BNC"; + } + +diff -up dhcp-4.0.0/common/dhcp-options.5.manpages dhcp-4.0.0/common/dhcp-options.5 +--- dhcp-4.0.0/common/dhcp-options.5.manpages 2007-09-17 07:52:01.000000000 -1000 ++++ dhcp-4.0.0/common/dhcp-options.5 2008-10-23 09:58:40.000000000 -1000 +@@ -896,6 +896,21 @@ classless IP routing - it does not inclu + classless IP routing is now the most widely deployed routing standard, + this option is virtually useless, and is not implemented by any of the + popular DHCP clients, for example the Microsoft DHCP client. ++.PP ++NOTE to Fedora dhclient users: ++.br ++dhclient-script interprets trailing 0 octets of the target as indicating ++the subnet class of the route, so for the following static-routes value: ++.br ++ option static-routes 172.0.0.0 172.16.2.254, ++.br ++ 192.168.0.0 192.168.2.254; ++.br ++dhclient-script will create routes: ++.br ++ 172/8 via 172.16.2.254 dev $interface ++.br ++ 192.168/16 via 192.168.2.254 dev $interface + .RE + .PP + .nf +diff -up dhcp-4.0.0/server/dhcpd.conf.5.manpages dhcp-4.0.0/server/dhcpd.conf.5 +--- dhcp-4.0.0/server/dhcpd.conf.5.manpages 2007-11-20 08:34:37.000000000 -1000 ++++ dhcp-4.0.0/server/dhcpd.conf.5 2008-10-23 09:58:40.000000000 -1000 +@@ -513,6 +513,9 @@ pool { + }; + .fi + .PP ++Dynamic BOOTP leases are not compatible with failover, and, as such, ++you need to disallow BOOTP in pools that you are using failover for. ++.PP + The server currently does very little sanity checking, so if you + configure it wrong, it will just fail in odd ways. I would recommend + therefore that you either do failover or don't do failover, but don't +@@ -527,9 +530,9 @@ primary server might look like this: + failover peer "foo" { + primary; + address anthrax.rc.vix.com; +- port 519; ++ port 647; + peer address trantor.rc.vix.com; +- peer port 520; ++ peer port 847; + max-response-delay 60; + max-unacked-updates 10; + mclt 3600; +@@ -588,9 +591,7 @@ statement + .B port \fIport-number\fR\fB;\fR + .PP + The \fBport\fR statement declares the TCP port on which the server +-should listen for connections from its failover peer. This statement +-may not currently be omitted, because the failover protocol does not +-yet have a reserved TCP port number. ++should listen for connections from its failover peer. + .RE + .PP + The +@@ -602,10 +603,8 @@ statement + .PP + The \fBpeer port\fR statement declares the TCP port to which the + server should connect to reach its failover peer for failover +-messages. This statement may not be omitted because the failover +-protocol does not yet have a reserved TCP port number. The port +-number declared in the \fBpeer port\fR statement may be the same as +-the port number declared in the \fBport\fR statement. ++messages. The port number declared in the \fBpeer port\fR statement ++may be the same as the port number declared in the \fBport\fR statement. + .RE + .PP + The +@@ -1272,7 +1271,7 @@ the zone containing PTR records - for IS + .PP + .nf + key DHCP_UPDATER { +- algorithm HMAC-MD5.SIG-ALG.REG.INT; ++ algorithm hmac-md5; + secret pRP5FapFoJ95JEL06sv4PQ==; + }; + +@@ -1295,7 +1294,7 @@ dhcpd.conf file: + .PP + .nf + key DHCP_UPDATER { +- algorithm HMAC-MD5.SIG-ALG.REG.INT; ++ algorithm hmac-md5; + secret pRP5FapFoJ95JEL06sv4PQ==; + }; + +@@ -2240,7 +2239,7 @@ statement + .PP + .I Name + should be the name of the DHCP server's lease file. By default, this +-is DBDIR/dhcpd.leases. This statement \fBmust\fR appear in the outer ++is /private/var/db/dhcpd/dhcpd.leases. This statement \fBmust\fR appear in the outer + scope of the configuration file - if it appears in some other scope, + it will have no effect. Furthermore, it has no effect if overridden + by the +@@ -2275,7 +2274,7 @@ statement + .PP + .I Name + is the name of the lease file to use if and only if the server is running +-in DHCPv6 mode. By default, this is DBDIR/dhcpd6.leases. This statement, ++in DHCPv6 mode. By default, this is /private/var/db/dhcpd/dhcpd6.leases. This statement, + like + .I lease-file-name, + \fBmust\fR appear in the outer scope of the configuration file. It +@@ -2433,7 +2432,8 @@ statement + The \fInext-server\fR statement is used to specify the host address of + the server from which the initial boot file (specified in the + \fIfilename\fR statement) is to be loaded. \fIServer-name\fR should +-be a numeric IP address or a domain name. ++be a numeric IP address or a domain name. If no \fInext-server\fR statement ++applies to a given client, the address 0.0.0.0 is used. + .RE + .PP + The +@@ -2478,7 +2478,7 @@ statement + .I Name + should be the name of the DHCP server's process ID file. This is the + file in which the DHCP server's process ID is stored when the server +-starts. By default, this is RUNDIR/dhcpd.pid. Like the ++starts. By default, this is /private/var/run/dhcpd.pid. Like the + .I lease-file-name + statement, this statement must appear in the outer scope + of the configuration file. It has no effect if overridden by the +@@ -2496,7 +2496,7 @@ statement + .PP + .I Name + is the name of the pid file to use if and only if the server is running +-in DHCPv6 mode. By default, this is DBDIR/dhcpd6.pid. This statement, ++in DHCPv6 mode. By default, this is /private/var/db/dhcpd/dhcpd6.pid. This statement, + like + .I pid-file-name, + \fBmust\fR appear in the outer scope of the configuration file. It diff --git a/dhcp.spec b/dhcp.spec index 71d8f2e..01639e4 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -4,7 +4,7 @@ Summary: DHCP (Dynamic Host Configuration Protocol) server and relay agent Name: dhcp Version: 4.0.0 -Release: 29%{?dist} +Release: 30%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -48,6 +48,7 @@ Patch18: %{name}-4.0.0-libdhcp4client.patch Patch19: %{name}-4.0.0-inherit-leases.patch Patch20: %{name}-4.0.0-garbage-chars.patch Patch21: %{name}-4.0.0-port-validation.patch +Patch22: %{name}-4.0.0-invalid-dhclient-conf.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: autoconf @@ -208,6 +209,9 @@ client library. # to make sure they are within 1-65535, inclusive. (#438149) %patch21 -p1 +# The sample dhclient.conf should say 'supersede domain-search' (#467955) +%patch22 -p1 + # Copy in documentation and example scripts for LDAP patch to dhcpd %{__install} -p -m 0644 %{SOURCE5} . %{__install} -p -m 0644 %{SOURCE6} doc/ @@ -445,6 +449,10 @@ fi %{_libdir}/libdhcp4client.so %changelog +* Thu Oct 23 2008 David Cantrell - 12:4.0.0-30 +- Fix dhclient.conf man page and sample config file to say 'supersede + domain-search', which is what was actually demonstrated (#467955) + * Wed Oct 01 2008 David Cantrell - 12:4.0.0-29 - Make sure /etc/resolv.conf has restorecon run on it (#451560)