dhcp: fix CVE-2019-6470

Upgrade dhcp pkg to dhcp-4.2.5-82.el7.centos.src.rpm

Adjust the context of the patch to match to apply the new version.
At the same time as the new version depends on the bind-export
pacakges, so we also add the dependence package in tools repo.
 bind-export-libs-9.11.4-26.P2.el7.x86_64.rpm
 bind-export-devel-9.11.4-26.P2.el7.x86_64.rpm

In addition, since the patch dhcp-dhclient_ipv6_prefix.patch set the
default prefixlen to 128, which is usually the specifications call
for host address and it doesn't include any on-link information.
By contrast, 64 indicates that's subnet area, and this vaule is used
frequently as usual. So we still use the previous value 64.
As a result we don't need to modify the relevant place where every
application code needed for the compatibility any more.

Depends-On: https://review.opendev.org/c/starlingx/tools/+/772241

Story: 2008532
Task: 41638
Change-Id: I0305711790d8e3fb1adfa69e1077468456b65d84
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
This commit is contained in:
Zhixiong Chi 2021-01-20 21:41:20 -05:00
parent ad02943bb5
commit cb85cff32b
6 changed files with 55 additions and 5 deletions

View File

@ -17,8 +17,8 @@ index 42409f6..70c7a6d 100644
Summary: Dynamic host configuration protocol software Summary: Dynamic host configuration protocol software
Name: dhcp Name: dhcp
Version: 4.2.5 Version: 4.2.5
-Release: 68%{?dist}.1 -Release: 82%{?dist}
+Release: 68.el7.centos.1%{?_tis_dist}.%{tis_patch_ver} +Release: 82.el7.centos%{?_tis_dist}.%{tis_patch_ver}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and # dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was. # that's why it is at 12 now. It should have never been used, but it was.

View File

@ -0,0 +1,49 @@
From 54d85d8a0378a6610012adeae7abaefaf01ea9a1 Mon Sep 17 00:00:00 2001
From: Zhixiong Chi <zhixiong.chi@windriver.com>
Date: Tue, 9 Feb 2021 18:30:14 -0800
Subject: [PATCH] WRS: dhcp: set the prefixlen to 64
Drop the patch dhcp-dhclient_ipv6_prefix.patch to keep the default
value of the prefixlen to 64, since we don't need this patch to set
the default value 128 as usual, otherwise it will occurs that all hosts
(controller|compute node) offline after booting off the controller-0,
or the other usage scenes.
As usual, 128 is usually the specifications call for host address
and it doesn't include any on-link information.
By contrast, 64 indicates that's subnet area, and this vaule is used
frequently as usual. So we still use the previous vaule 64.
Meanwhile we don't need to modify the relevant place where every
application code needed for the compatibility any more.
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
SPECS/dhcp.spec | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
index c893632..f7add1a 100644
--- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec
@@ -111,7 +111,8 @@ Patch70: dhcp-4.2.5-reference_count_overflow.patch
Patch71: dhcp-replay_file_limit.patch
Patch72: dhcp-4.2.5-expiry_before_renewal_v2.patch
Patch73: dhcp-4.2.5-bind-config.patch
-Patch74: dhcp-dhclient_ipv6_prefix.patch
+#Drop dhcp-dhclient_ipv6_prefix.patch not to set the default prefixlen 128
+#Patch74: dhcp-dhclient_ipv6_prefix.patch
# Support build with bind 9.11.3+
Patch75: dhcp-4.2.5-isc-util.patch
@@ -452,7 +453,8 @@ rm -rf includes/isc-dhcp
# https://bugzilla.redhat.com/show_bug.cgi?id=1647784
%patch72 -p1 -b .t2-expirity
-%patch74 -p1 -b .ipv6-prefix
+# Drop this patch not to set the default prefixlen 128
+#%patch74 -p1 -b .ipv6-prefix
# Support for BIND 9.11
%patch73 -p1 -b .bind-config
--
2.17.0

View File

@ -1,3 +1,4 @@
spec-include-TiS-patches.patch spec-include-TiS-patches.patch
dhclient-dhcp6-set-hostname.patch dhclient-dhcp6-set-hostname.patch
0001-dhcp-set-the-prefixlen-to-64.patch
0001-Update-package-versioning-for-TIS-format.patch 0001-Update-package-versioning-for-TIS-format.patch

View File

@ -12,9 +12,9 @@ index 87bad65..fb51eb5 100644
--- a/SOURCES/dhclient-script --- a/SOURCES/dhclient-script
+++ b/SOURCES/dhclient-script +++ b/SOURCES/dhclient-script
@@ -653,6 +653,10 @@ dh6config() { @@ -653,6 +653,10 @@ dh6config() {
add_ipv6_addr_with_DAD add_ipv6_addr_with_DAD
make_resolv_conf
+ +
+ if [ -n "${new_fqdn_hostname}" ] && need_hostname; then + if [ -n "${new_fqdn_hostname}" ] && need_hostname; then
+ hostname ${new_fqdn_hostname} || echo "See -nc option in dhclient(8) man page." + hostname ${new_fqdn_hostname} || echo "See -nc option in dhclient(8) man page."

View File

@ -1 +1 @@
mirror:Source/dhcp-4.2.5-68.el7.centos.1.src.rpm mirror:Source/dhcp-4.2.5-82.el7.centos.src.rpm

View File

@ -1,6 +1,6 @@
anaconda-21.48.22.147-1.el7.centos.src.rpm anaconda-21.48.22.147-1.el7.centos.src.rpm
cloud-init-0.7.9-24.el7.centos.1.src.rpm cloud-init-0.7.9-24.el7.centos.1.src.rpm
dhcp-4.2.5-68.el7.centos.1.src.rpm dhcp-4.2.5-82.el7.centos.src.rpm
dnsmasq-2.76-7.el7.src.rpm dnsmasq-2.76-7.el7.src.rpm
facter-2.4.4-4.el7.src.rpm facter-2.4.4-4.el7.src.rpm
grub2-2.02-0.86.el7.centos.src.rpm grub2-2.02-0.86.el7.centos.src.rpm