From cb85cff32ba0afc48fbe16ab94dd36edc979fbb4 Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Wed, 20 Jan 2021 21:41:20 -0500 Subject: [PATCH] dhcp: fix CVE-2019-6470 Upgrade dhcp pkg to dhcp-4.2.5-82.el7.centos.src.rpm Adjust the context of the patch to match to apply the new version. At the same time as the new version depends on the bind-export pacakges, so we also add the dependence package in tools repo. bind-export-libs-9.11.4-26.P2.el7.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7.x86_64.rpm In addition, since the patch dhcp-dhclient_ipv6_prefix.patch set the default prefixlen to 128, which is usually the specifications call for host address and it doesn't include any on-link information. By contrast, 64 indicates that's subnet area, and this vaule is used frequently as usual. So we still use the previous value 64. As a result we don't need to modify the relevant place where every application code needed for the compatibility any more. Depends-On: https://review.opendev.org/c/starlingx/tools/+/772241 Story: 2008532 Task: 41638 Change-Id: I0305711790d8e3fb1adfa69e1077468456b65d84 Signed-off-by: Zhixiong Chi --- ...te-package-versioning-for-TIS-format.patch | 4 +- .../0001-dhcp-set-the-prefixlen-to-64.patch | 49 +++++++++++++++++++ base/dhcp/centos/meta_patches/PATCH_ORDER | 1 + .../dhclient-dhcp6-set-hostname.patch | 2 +- base/dhcp/centos/srpm_path | 2 +- centos_srpms_centos.lst | 2 +- 6 files changed, 55 insertions(+), 5 deletions(-) create mode 100644 base/dhcp/centos/meta_patches/0001-dhcp-set-the-prefixlen-to-64.patch diff --git a/base/dhcp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/base/dhcp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index fd0b4941a..c7aa36ca7 100644 --- a/base/dhcp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/base/dhcp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -17,8 +17,8 @@ index 42409f6..70c7a6d 100644 Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.2.5 --Release: 68%{?dist}.1 -+Release: 68.el7.centos.1%{?_tis_dist}.%{tis_patch_ver} +-Release: 82%{?dist} ++Release: 82.el7.centos%{?_tis_dist}.%{tis_patch_ver} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. diff --git a/base/dhcp/centos/meta_patches/0001-dhcp-set-the-prefixlen-to-64.patch b/base/dhcp/centos/meta_patches/0001-dhcp-set-the-prefixlen-to-64.patch new file mode 100644 index 000000000..2d487f14a --- /dev/null +++ b/base/dhcp/centos/meta_patches/0001-dhcp-set-the-prefixlen-to-64.patch @@ -0,0 +1,49 @@ +From 54d85d8a0378a6610012adeae7abaefaf01ea9a1 Mon Sep 17 00:00:00 2001 +From: Zhixiong Chi +Date: Tue, 9 Feb 2021 18:30:14 -0800 +Subject: [PATCH] WRS: dhcp: set the prefixlen to 64 + +Drop the patch dhcp-dhclient_ipv6_prefix.patch to keep the default +value of the prefixlen to 64, since we don't need this patch to set +the default value 128 as usual, otherwise it will occurs that all hosts +(controller|compute node) offline after booting off the controller-0, +or the other usage scenes. +As usual, 128 is usually the specifications call for host address +and it doesn't include any on-link information. +By contrast, 64 indicates that's subnet area, and this vaule is used +frequently as usual. So we still use the previous vaule 64. +Meanwhile we don't need to modify the relevant place where every +application code needed for the compatibility any more. + +Signed-off-by: Zhixiong Chi +--- + SPECS/dhcp.spec | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec +index c893632..f7add1a 100644 +--- a/SPECS/dhcp.spec ++++ b/SPECS/dhcp.spec +@@ -111,7 +111,8 @@ Patch70: dhcp-4.2.5-reference_count_overflow.patch + Patch71: dhcp-replay_file_limit.patch + Patch72: dhcp-4.2.5-expiry_before_renewal_v2.patch + Patch73: dhcp-4.2.5-bind-config.patch +-Patch74: dhcp-dhclient_ipv6_prefix.patch ++#Drop dhcp-dhclient_ipv6_prefix.patch not to set the default prefixlen 128 ++#Patch74: dhcp-dhclient_ipv6_prefix.patch + # Support build with bind 9.11.3+ + Patch75: dhcp-4.2.5-isc-util.patch + +@@ -452,7 +453,8 @@ rm -rf includes/isc-dhcp + + # https://bugzilla.redhat.com/show_bug.cgi?id=1647784 + %patch72 -p1 -b .t2-expirity +-%patch74 -p1 -b .ipv6-prefix ++# Drop this patch not to set the default prefixlen 128 ++#%patch74 -p1 -b .ipv6-prefix + + # Support for BIND 9.11 + %patch73 -p1 -b .bind-config +-- +2.17.0 + diff --git a/base/dhcp/centos/meta_patches/PATCH_ORDER b/base/dhcp/centos/meta_patches/PATCH_ORDER index 2e6cab52b..a61335fa7 100644 --- a/base/dhcp/centos/meta_patches/PATCH_ORDER +++ b/base/dhcp/centos/meta_patches/PATCH_ORDER @@ -1,3 +1,4 @@ spec-include-TiS-patches.patch dhclient-dhcp6-set-hostname.patch +0001-dhcp-set-the-prefixlen-to-64.patch 0001-Update-package-versioning-for-TIS-format.patch diff --git a/base/dhcp/centos/meta_patches/dhclient-dhcp6-set-hostname.patch b/base/dhcp/centos/meta_patches/dhclient-dhcp6-set-hostname.patch index 5e7bf259a..5f043d0c9 100644 --- a/base/dhcp/centos/meta_patches/dhclient-dhcp6-set-hostname.patch +++ b/base/dhcp/centos/meta_patches/dhclient-dhcp6-set-hostname.patch @@ -12,9 +12,9 @@ index 87bad65..fb51eb5 100644 --- a/SOURCES/dhclient-script +++ b/SOURCES/dhclient-script @@ -653,6 +653,10 @@ dh6config() { + add_ipv6_addr_with_DAD - make_resolv_conf + + if [ -n "${new_fqdn_hostname}" ] && need_hostname; then + hostname ${new_fqdn_hostname} || echo "See -nc option in dhclient(8) man page." diff --git a/base/dhcp/centos/srpm_path b/base/dhcp/centos/srpm_path index d40f94d20..1a1fad91e 100644 --- a/base/dhcp/centos/srpm_path +++ b/base/dhcp/centos/srpm_path @@ -1 +1 @@ -mirror:Source/dhcp-4.2.5-68.el7.centos.1.src.rpm +mirror:Source/dhcp-4.2.5-82.el7.centos.src.rpm diff --git a/centos_srpms_centos.lst b/centos_srpms_centos.lst index dc4f0bf68..ac74fe816 100644 --- a/centos_srpms_centos.lst +++ b/centos_srpms_centos.lst @@ -1,6 +1,6 @@ anaconda-21.48.22.147-1.el7.centos.src.rpm cloud-init-0.7.9-24.el7.centos.1.src.rpm -dhcp-4.2.5-68.el7.centos.1.src.rpm +dhcp-4.2.5-82.el7.centos.src.rpm dnsmasq-2.76-7.el7.src.rpm facter-2.4.4-4.el7.src.rpm grub2-2.02-0.86.el7.centos.src.rpm