dhcp: fix CVE-2019-6470

Upgrade dhcp pkg to dhcp-4.2.5-82.el7.centos.src.rpm Adjust the context of the patch to match to apply the new version. At the same time as the new version depends on the bind-export pacakges, so we also add the dependence package in tools repo. bind-export-libs-9.11.4-26.P2.el7.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7.x86_64.rpm In addition, since the patch dhcp-dhclient_ipv6_prefix.patch set the default prefixlen to 128, which is usually the specifications call for host address and it doesn't include any on-link information. By contrast, 64 indicates that's subnet area, and this vaule is used frequently as usual. So we still use the previous value 64. As a result we don't need to modify the relevant place where every application code needed for the compatibility any more. Depends-On: https://review.opendev.org/c/starlingx/tools/+/772241 Story: 2008532 Task: 41638 Change-Id: I0305711790d8e3fb1adfa69e1077468456b65d84 Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
2021-01-20 21:41:20 -05:00 · 2021-01-20 21:41:20 -05:00 · cb85cff32b
commit cb85cff32b
parent ad02943bb5
6 changed files with 55 additions and 5 deletions
--- a/base/dhcp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
+++ b/base/dhcp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
@ -17,8 +17,8 @@ index 42409f6..70c7a6d 100644
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.2.5
-Release:  68%{?dist}.1
-+Release:  68.el7.centos.1%{?_tis_dist}.%{tis_patch_ver}
+-Release:  82%{?dist}
+Release:  82.el7.centos%{?_tis_dist}.%{tis_patch_ver}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
--- a/base/dhcp/centos/meta_patches/0001-dhcp-set-the-prefixlen-to-64.patch
+++ b/base/dhcp/centos/meta_patches/0001-dhcp-set-the-prefixlen-to-64.patch
@ -0,0 +1,49 @@
+From 54d85d8a0378a6610012adeae7abaefaf01ea9a1 Mon Sep 17 00:00:00 2001
+From: Zhixiong Chi <zhixiong.chi@windriver.com>
+Date: Tue, 9 Feb 2021 18:30:14 -0800
+Subject: [PATCH] WRS: dhcp: set the prefixlen to 64
+
+Drop the patch dhcp-dhclient_ipv6_prefix.patch to keep the default
+value of the prefixlen to 64, since we don't need this patch to set
+the default value 128 as usual, otherwise it will occurs that all hosts
+(controller|compute node) offline after booting off the controller-0,
+or the other usage scenes.
+As usual, 128 is usually the specifications call for host address
+and it doesn't include any on-link information.
+By contrast, 64 indicates that's subnet area, and this vaule is used
+frequently as usual. So we still use the previous vaule 64.
+Meanwhile we don't need to modify the relevant place where every
+application code needed for the compatibility any more.
+
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ SPECS/dhcp.spec | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
+index c893632..f7add1a 100644
+--- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec
+@@ -111,7 +111,8 @@ Patch70:  dhcp-4.2.5-reference_count_overflow.patch
+ Patch71:  dhcp-replay_file_limit.patch
+ Patch72:  dhcp-4.2.5-expiry_before_renewal_v2.patch
+ Patch73:  dhcp-4.2.5-bind-config.patch
+-Patch74:  dhcp-dhclient_ipv6_prefix.patch
+#Drop dhcp-dhclient_ipv6_prefix.patch not to set the default prefixlen 128
+#Patch74:  dhcp-dhclient_ipv6_prefix.patch
+ # Support build with bind 9.11.3+
+ Patch75:  dhcp-4.2.5-isc-util.patch
+ 
+@@ -452,7 +453,8 @@ rm -rf includes/isc-dhcp
+ 
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1647784
+ %patch72 -p1 -b .t2-expirity
+-%patch74 -p1 -b .ipv6-prefix
+# Drop this patch not to set the default prefixlen 128
+#%patch74 -p1 -b .ipv6-prefix
+ 
+ # Support for BIND 9.11
+ %patch73 -p1 -b .bind-config
+-- 
+2.17.0
+
--- a/base/dhcp/centos/meta_patches/PATCH_ORDER
+++ b/base/dhcp/centos/meta_patches/PATCH_ORDER
@ -1,3 +1,4 @@
 spec-include-TiS-patches.patch
 dhclient-dhcp6-set-hostname.patch
+0001-dhcp-set-the-prefixlen-to-64.patch
 0001-Update-package-versioning-for-TIS-format.patch
--- a/base/dhcp/centos/meta_patches/dhclient-dhcp6-set-hostname.patch
+++ b/base/dhcp/centos/meta_patches/dhclient-dhcp6-set-hostname.patch
@ -12,9 +12,9 @@ index 87bad65..fb51eb5 100644
 --- a/SOURCES/dhclient-script
 +++ b/SOURCES/dhclient-script
@@ -653,6 +653,10 @@ dh6config() {
+ 
             add_ipv6_addr_with_DAD
 
-             make_resolv_conf
 +
 +            if [ -n "${new_fqdn_hostname}" ] && need_hostname; then
 +                hostname ${new_fqdn_hostname} || echo "See -nc option in dhclient(8) man page."
--- a/base/dhcp/centos/srpm_path
+++ b/base/dhcp/centos/srpm_path
@ -1 +1 @@
-mirror:Source/dhcp-4.2.5-68.el7.centos.1.src.rpm
+mirror:Source/dhcp-4.2.5-82.el7.centos.src.rpm
--- a/centos_srpms_centos.lst
+++ b/centos_srpms_centos.lst
@ -1,6 +1,6 @@
 anaconda-21.48.22.147-1.el7.centos.src.rpm
 cloud-init-0.7.9-24.el7.centos.1.src.rpm
-dhcp-4.2.5-68.el7.centos.1.src.rpm
+dhcp-4.2.5-82.el7.centos.src.rpm
 dnsmasq-2.76-7.el7.src.rpm
 facter-2.4.4-4.el7.src.rpm
 grub2-2.02-0.86.el7.centos.src.rpm