starlingx/integ
Code Issues Proposed changes

Update Trixie packaging for isc-dhcp and dnsmasq

Browse Source 
This change brings updates from the 'f/trixie' branch into 'master' to
ensure consistent functionality and packaging structure across both
branches.

Test Plan:
PASS  master trixie build

Story: 2011360
Task: 53260

Change-Id: I5f25556564d2c78256961aa95329096cea821222
Signed-off-by: Sai Lakshmi Teja Vanka <SaiLakshmiTeja.Vanka@windriver.com>
This commit is contained in:
Sai Lakshmi Teja Vanka
2025-11-26 11:31:15 -05:00
committed by Abhinav Ayyapasetti
parent 2fb5205a92
commit f1dd710bf1
9 changed files with 24 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
base/dhcp/debian/trixie/deb_patches/0003-Use-prefixlen-for-IPv6-address-operations.patch
View File

@@ -1,32 +1,30 @@
From 42a0e83df41494cc67157f98b18a4087f6853911 Mon Sep 17 00:00:00 2001
From: Andre Fernando Zanella Kantek
<AndreFernandoZanella.Kantek@windriver.com>
Date: Thu, 1 Sep 2022 10:05:09 -0300
From d2bbdbc985a64397eb3c6cf36c99e6674518bbea Mon Sep 17 00:00:00 2001
From: Caio Bruchert <caio.bruchert@windriver.com>
Date: Wed, 8 Oct 2025 14:33:04 -0300
Subject: [PATCH] Use prefixlen for IPv6 address operations
use the prefix length variable available to the script to correctly
set the address passed by the dhclient program.
Use the prefix length variable available to the script to correctly
add and delete the address passed by the dhclient program.
Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Signed-off-by: Caio Bruchert <caio.bruchert@windriver.com>
---
debian/dhclient-script.linux | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/debian/dhclient-script.linux b/debian/dhclient-script.linux
index 8b29988..915cc13 100644
index 3f93fae..f3c0461 100644
--- a/debian/dhclient-script.linux
+++ b/debian/dhclient-script.linux
@@ -403,7 +403,7 @@ case "$reason" in
@@ -406,7 +406,7 @@ case "$reason" in
if [ "${new_ip6_address}" ]; then
# set leased IP
- ip -6 addr add ${new_ip6_address} \
+ ip -6 addr add ${new_ip6_address}/${new_ip6_prefixlen} \
dev ${interface} scope global
- ip -6 addr replace ${new_ip6_address} \
+ ip -6 addr replace ${new_ip6_address}/${new_ip6_prefixlen} \
dev ${interface} scope global valid_lft ${new_max_life} \
preferred_lft ${new_preferred_life}
fi
@@ -429,7 +429,7 @@ case "$reason" in
@@ -433,7 +433,7 @@ case "$reason" in
fi
# delete leased IP
@@ -36,5 +34,5 @@ index 8b29988..915cc13 100644
;;
--
2.17.1
2.34.1

4
base/dhcp/debian/trixie/meta_data.yaml
View File

@@ -1,7 +1,7 @@
---
debver: 4.4.1-2.3
debver: 4.4.3-P1-7
debname: isc-dhcp
archive: https://snapshot.debian.org/archive/debian/20210529T084123Z/pool/main/i/isc-dhcp/
archive: https://snapshot.debian.org/archive/debian/20250522T031058Z/pool/main/i/isc-dhcp/
revision:
dist: $STX_DIST
PKG_GITREVCOUNT: true

127
base/dhcp/debian/trixie/patches/CVE-2022-2928.patch
View File

@@ -1,127 +0,0 @@
From 8f1212b200fd44f9fc0ff8e35b1f2f98cc9d91b6 Mon Sep 17 00:00:00 2001
From: Zhixiong Chi <zhixiong.chi@windriver.com>
Date: Tue, 22 Nov 2022 03:55:10 -0800
Subject: [PATCH] CVE-2022-2928
Description: An option refcount overflow exists in dhcpd
Origin: upstream
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-2928
Forwarded: not-needed
Last-Update: 2022-10-04
The upstream patch is only in diff format without a git header which I
have created here.
[Backport patch from https://sources.debian.org/src/isc-dhcp/4.4.1-2.3%252Bdeb11u1/debian/patches/CVE-2022-2928.patch]
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
common/options.c | 7 +++++
common/tests/option_unittest.c | 54 ++++++++++++++++++++++++++++++++++
2 files changed, 61 insertions(+)
diff --git a/common/options.c b/common/options.c
index fc0e088..253cbc1 100644
--- a/common/options.c
+++ b/common/options.c
@@ -4366,6 +4366,8 @@ add_option(struct option_state *options,
if (!option_cache_allocate(&oc, MDL)) {
log_error("No memory for option cache adding %s (option %d).",
option->name, option_num);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
return 0;
}
@@ -4377,6 +4379,8 @@ add_option(struct option_state *options,
MDL)) {
log_error("No memory for constant data adding %s (option %d).",
option->name, option_num);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
option_cache_dereference(&oc, MDL);
return 0;
}
@@ -4385,6 +4389,9 @@ add_option(struct option_state *options,
save_option(&dhcp_universe, options, oc);
option_cache_dereference(&oc, MDL);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
+
return 1;
}
diff --git a/common/tests/option_unittest.c b/common/tests/option_unittest.c
index cd52cfb..690704d 100644
--- a/common/tests/option_unittest.c
+++ b/common/tests/option_unittest.c
@@ -130,6 +130,59 @@ ATF_TC_BODY(pretty_print_option, tc)
}
+ATF_TC(add_option_ref_cnt);
+
+ATF_TC_HEAD(add_option_ref_cnt, tc)
+{
+ atf_tc_set_md_var(tc, "descr",
+ "Verify add_option() does not leak option ref counts.");
+}
+
+ATF_TC_BODY(add_option_ref_cnt, tc)
+{
+ struct option_state *options = NULL;
+ struct option *option = NULL;
+ unsigned int cid_code = DHO_DHCP_CLIENT_IDENTIFIER;
+ char *cid_str = "1234";
+ int refcnt_before = 0;
+
+ // Look up the option we're going to add.
+ initialize_common_option_spaces();
+ if (!option_code_hash_lookup(&option, dhcp_universe.code_hash,
+ &cid_code, 0, MDL)) {
+ atf_tc_fail("cannot find option definition?");
+ }
+
+ // Get the option's reference count before we call add_options.
+ refcnt_before = option->refcnt;
+
+ // Allocate a option_state to which to add an option.
+ if (!option_state_allocate(&options, MDL)) {
+ atf_tc_fail("cannot allocat options state");
+ }
+
+ // Call add_option() to add the option to the option state.
+ if (!add_option(options, cid_code, cid_str, strlen(cid_str))) {
+ atf_tc_fail("add_option returned 0");
+ }
+
+ // Verify that calling add_option() only adds 1 to the option ref count.
+ if (option->refcnt != (refcnt_before + 1)) {
+ atf_tc_fail("after add_option(), count is wrong, before %d, after: %d",
+ refcnt_before, option->refcnt);
+ }
+
+ // Derefrence the option_state, this should reduce the ref count to
+ // it's starting value.
+ option_state_dereference(&options, MDL);
+
+ // Verify that dereferencing option_state restores option ref count.
+ if (option->refcnt != refcnt_before) {
+ atf_tc_fail("after state deref, count is wrong, before %d, after: %d",
+ refcnt_before, option->refcnt);
+ }
+}
+
/* This macro defines main() method that will call specified
test cases. tp and simple_test_case names can be whatever you want
as long as it is a valid variable identifier. */
@@ -137,6 +190,7 @@ ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, option_refcnt);
ATF_TP_ADD_TC(tp, pretty_print_option);
+ ATF_TP_ADD_TC(tp, add_option_ref_cnt);
return (atf_no_error());
}
--
2.34.1

47
base/dhcp/debian/trixie/patches/CVE-2022-2929.patch
View File

@@ -1,47 +0,0 @@
From 10c175968fbbabc20316b85b85185f946499ec40 Mon Sep 17 00:00:00 2001
From: Zhixiong Chi <zhixiong.chi@windriver.com>
Date: Mon, 13 Nov 2023 18:12:08 -0800
Subject: [PATCH] CVE-2022-2929
Description: DHCP memory leak
Origin: upstream
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-2929
Forwarded: not-needed
Last-Update: 2022-10-04
The upstream patch is only in diff format without a git header which I
have created here.
[Backport patch from https://sources.debian.org/src/isc-dhcp/4.4.1-2.3%252Bdeb11u2/debian/patches/CVE-2022-2929.patch]
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
common/options.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/common/options.c b/common/options.c
index 253cbc1..c70a8ac 100644
--- a/common/options.c
+++ b/common/options.c
@@ -449,16 +449,16 @@ int fqdn_universe_decode (struct option_state *options,
while (s < &bp -> data[0] + length + 2) {
len = *s;
if (len > 63) {
- log_info ("fancy bits in fqdn option");
- return 0;
+ log_info ("label length exceeds 63 in fqdn option");
+ goto bad;
}
if (len == 0) {
terminated = 1;
break;
}
if (s + len > &bp -> data [0] + length + 3) {
- log_info ("fqdn tag longer than buffer");
- return 0;
+ log_info ("fqdn label longer than buffer");
+ goto bad;
}
if (first_len == 0) {
--
2.42.0

5
base/dhcp/debian/trixie/patches/dhclient-ipv6-bind-to-interface.patch
View File

@@ -36,10 +36,11 @@ index f30c171..b236c4a 100644
- if ((local_family != AF_INET6) && (info->ifp != NULL) &&
- setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE,
- (char *)(info -> ifp), sizeof(*(info -> ifp))) < 0) {
- log_fatal("setsockopt: SO_BINDTODEVICE: %m");
- log_fatal("Can't set SO_BINDTODEVICE on dhcp socket for"
- " %s : %m", (char *)(info->ifp));
- }
-#endif
-
/* IP_BROADCAST_IF instructs the kernel which interface to send
* IP packets whose destination address is 255.255.255.255. These
* will be treated as subnet broadcasts on the interface identified

2
base/dhcp/debian/trixie/patches/series
View File

@@ -2,5 +2,3 @@ dhclient-restrict-interfaces-to-command-line.patch
dhclient-ipv6-bind-to-interface.patch
dhclient-ipv6-conditionally-set-hostname.patch
dhclient-set-the-default-prefix-length-to-64.patch
CVE-2022-2928.patch
CVE-2022-2929.patch

43
base/dnsmasq/debian/trixie/deb_patches/0001-Disable-systemd-for-dnsmasq.patch
View File

@@ -1,43 +0,0 @@
From 55cae4e85d59b5c6cbfd00257833ccaab2b76982 Mon Sep 17 00:00:00 2001
From: Charles Short <charles.short@windriver.com>
Date: Wed, 13 Jul 2022 10:04:57 -0400
Subject: [PATCH] Disable systemd for dnsmasq
Disable systemd from starting at boot since its managed by the
sm service.
Signed-off-by: Charles Short <charles.short@windriver.com>
---
debian/postinst | 16 ----------------
1 file changed, 16 deletions(-)
diff --git a/debian/postinst b/debian/postinst
index 8c93160..38c2a07 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -4,22 +4,6 @@ set -e
# /usr/share/doc/dnsmasq was a symlink in versions < 2.81-1 (see #985282)
dpkg-maintscript-helper symlink_to_dir /usr/share/doc/dnsmasq dnsmasq-base 2.84-1.2~ dnsmasq -- "$@"
-# Code copied from dh_systemd_enable ----------------------
-# This will only remove masks created by d-s-h on package removal.
-deb-systemd-helper unmask dnsmasq.service >/dev/null || true
-
-# was-enabled defaults to true, so new installations run enable.
-if deb-systemd-helper --quiet was-enabled dnsmasq.service; then
- # Enables the unit on first installation, creates new
- # symlinks on upgrades if the unit file has changed.
- deb-systemd-helper enable dnsmasq.service >/dev/null || true
-else
- # Update the statefile to add new symlinks (if any), which need to be
- # cleaned up on purge. Also remove old symlinks.
- deb-systemd-helper update-state dnsmasq.service >/dev/null || true
-fi
-# End code copied from dh_systemd_enable ------------------
-
if [ -x /etc/init.d/dnsmasq ]; then
update-rc.d dnsmasq defaults 15 85 >/dev/null
--
2.25.1

1
base/dnsmasq/debian/trixie/deb_patches/series
View File

@@ -1 +0,0 @@
0001-Disable-systemd-for-dnsmasq.patch

4
base/dnsmasq/debian/trixie/meta_data.yaml
View File

@@ -1,6 +1,6 @@
---
debver: 2.85-1+deb11u1
archive: https://snapshot.debian.org/archive/debian-security/20241129T154347Z/pool/updates/main/d/dnsmasq/
debver: 2.91-1
archive: https://snapshot.debian.org/archive/debian/20250720T024121Z/pool/main/d/dnsmasq/
revision:
dist: $STX_DIST
PKG_GITREVCOUNT: true