Fixes the following security issue:
- CVE-2021-25217: A buffer overrun in lease file parsing code can be used to
exploit a common vulnerability shared by dhcpd and dhclient
For details, see the advisory:
https://kb.isc.org/docs/cve-2021-25217
Update the LICENSE hash for a change of copyright years.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
DHCP package may silently fail to install binaries to the target image.
The problem occurs when buildroot output/host and build server provide
different flavors of awk. For instance, mawk on build server and gawk
in buildroot output/host. In this case isc-dhcp configure script detects
gawk in output/host and generates Makefiles specifying gawk without
absolute path. During Buildroot installation phase, those Makefiles
are used to install dhcp binaries. They attempt to use gawk without
absolute path. However build host does not have gawk.
To resolve the issue add host-gawk to dependencies and specify absolute
path to host-gawk in dhcp configure script using DHCP_CONF_ENV.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
On hosts where gawk is not available, it is not possible to build the
package with server option (BR2_PACKAGE_DHCP_SERVER).
The build goes through without errors but the binaries are not created
and installed. The reason is that autotools cannot find gawk.
Fixes: Bug 13781
Reported-by: Kay Jeschonneck <kay.jeschonneck@airbus.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch adds CPE ID information for a significant number of
packages.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed 0001-*.patch as it is included with the maintenance release.
The LICENSE file hash changed due to Copyright year updating to
include 2020.
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
All the packages in this list have the following properties
* units are provided by buildroot in the package directory
* the SYSTEMD_INSTALL_INIT_HOOK is exactly equivalent to what the
[Install] section of the unit does
The fix removes the soflinking in the .mk file
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Document that along with the server we install omshell, an interactive
tool to connect to, query, and possibly change, the server's state via
the Object Management API (OMAPI).
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We don't use "make install" for target installation because we build all
utilities (server, relay, client) but install only the selected ones.
The utilities, however, require the shared libraries to work, so use the
"install-exec" make target to install them. This also installs static
libraries but they are removed later by target-finalize.
With this change the omshell utility is installed if server is selected.
We keep it, since it is small and may be useful at run-time.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12086
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We don't use "make install" for the target installation so we must pick
the executables from the ".libs" directories on which libtool generates
them otherwise we install the automatically generated wrapper scripts.
This was not necessary before the upgrade to version 4.4.1.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=12051
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current URL no longer exists, so update it to what looks like the
main DHCP upstream site.
This issue was noticed by the upstream URL check added by Matt Weber
in the pkg-stats script, whose results are visible at
http://autobuild.buildroot.net/stats/.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select bind instead of using the embedded bind libraries. This will help
managing correctly all the bind dependencies such as zlib
Fixes:
- http://autobuild.buildroot.org/results/a61f24e9f117c81893c58befb20d21179e61b85b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When BR2_PACKAGE_ZLIB=y, we enable zlib support in the bind included
in dhcp, but we forget to add zlib to DHCP_DEPENDENCIES, so it doesn't
get built before dhcp, causing build failures.
Fixes:
http://autobuild.buildroot.net/results/5a33057ceaf3f53e6ba9deab3f214a4c8a644352/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Use --with-bind-extra-config option to:
- add --without-zlib otherwise static build will fail if zlib is found
on host
- Add --without-dlopen otherwise static build will fail
- Drop all patches (already in version)
- Drop autoreconf (not needed anymore)
- Update license to MPL-2.0:
https://www.isc.org/blogs/isc-dhcp-moves-to-mpl-2-0-license
- Update hash of license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2018-5732: The DHCP client incorrectly handled certain malformed
responses. A remote attacker could use this issue to cause the DHCP
client to crash, resulting in a denial of service, or possibly execute
arbitrary code. In the default installation, attackers would be isolated
by the dhclient AppArmor profile.
CVE-2018-5733: The DHCP server incorrectly handled reference counting. A
remote attacker could possibly use this issue to cause the DHCP server
to crash, resulting in a denial of service.
Both issues are fixed in version 4.4.1. But we are close to release, so
backport the fixes instead of bumping version.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The isc assertions from the bundled bind dns library are
using the __FILE__ macro for debug messages (see
dhcp-4.3.5/bind/bind-9.9.9-P3/lib/isc/include/isc/assertions.h).
Disabling the assertions gains:
- reproducible builds (no build time paths in the executable)
- space saving on the target:
dhcpd: 1.9M -> 1.6M
dhcrelay: 1.6M -> 1.3M
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes socket leak that might cause denial of serivce.
https://bugzilla.redhat.com/show_bug.cgi?id=1523547
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
tmpfile support is optional in systemd but the dhcp server install it's
config file in $(TARGET_DIR)/usr/lib/tmpfiles.d directory when systemd
is used as init system.
So it seems that dhcp server require tmpfile support for systemd based
system.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Having the BR2_PACKAGE_BUSYBOX_SHOW_OTHERS dependencies in
package/Config.in is not very practical: it makes this file not very
readable, and puts the dependency away from the package itself, which
can sometimes be confusing. Therefore, this commit moves the dependency
in each package Config.in file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
bind source tar-ball is now embedded into the dhcp source. The embedded
bind tar-ball is extracted after the dhcp source so cross compiling
patches can be applied to the dhcp and bind before the package is built.
The embedded bind configure is called as part of dhcp make instead of
dhcp configure; therefore, needed configure parameters are set in the
make env.
0001-dhcp-cross-compile.patch and 0002-bind-cross-compile.patch have
been submitted upstream as part of a cross compiling enhancement
suggestion to dhcp-suggest@isc.org. Reference ISC-Bugs #41502.
0003-bind-hos-cc.patch is already scheduled for the next dhcp release.
Buildroot thread
http://lists.busybox.net/pipermail/buildroot/2016-January/149079.html
has related information.
Signed-off-by: Doug Kehn <rdkehn@yahoo.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
No sleep is required for the restart and force-reload operations to
succeed.
Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fix various messages displayed by these scripts:
- make start-stop-daemon quiet in order to avoid extra messages like
"stopped /usr/sbin/dhcpd (pid 174)" being output between the command
description and its result,
- fix the script names in the usage strings.
Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The dhcpd daemon does not require network interface names to be
specified on the command line.
>From dhcpd(8):
"The names of the network interfaces on which dhcpd should listen for
broadcasts may be specified on the command line. This should be done
on systems where dhcpd is unable to identify non-broadcast interfaces,
but should not be required on other systems. If no interface names
are specified on the command line dhcpd will identify all network
interfaces which are up, eliminating non-broadcast interfaces if
possible, and listen for DHCP broadcasts on each interface."
dhcpd exits with "Not configured to listen on any interfaces!" only if
no requested (those in INTERFACES, or all if empty) non-broadcast
interfaces matching the subnet declarations in dhcpd.conf are up.
Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add an OPTIONS configuration variable in order to make it possible to
pass custom extra options to dhcpd. This keeps the systemd support
consistent with the SysV init script.
Signed-off-by: Benoît Thébaudeau <benoit.thebaudeau.dev@gmail.com>
Reviewed-by: "Maxime Hadjinlian" <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add an OPTIONS configuration variable in order to make it possible to
pass custom extra options to dhcpd.
Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The S80dhcp-relay init script has configuration variables like
INTERFACES whose contents have to be passed to the daemon. These
variables are initialized as empty strings, but some of them are not
allowed to be empty and there was no means of filling them apart from
creating a root FS overlay to overwrite these scripts.
This commit adds support for reading dhcrelay under /etc/default/ to
set these configuration variables.
[Thomas: adapt to patch only S80dhcp-relay, since S80dhcp-server has
already been changed by previous commits.]
Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit does misc improvements to the S80dhcp-server init script:
- Use more variables: NAME, DAEMON, CFG_FILE
- Read the configuration file in /etc/default/ in a more usual way
(as done in S21rngd for example)
- Remove leftover dhcpd3 string in the stopping action.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
All daemons that read a file from /etc/default/ have it named just
after the name of daemon, without any extension. This commit fixes the
dhcp package to do the same.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Similar to how we do it for dhcpd.service. The file should really have been
named /etc/default/dhcpd instead, but changing it now would break existing
systemd setups so leave it as it is.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
'echo -n' is not a POSIX construct (no flag support), we shoud use
'printf', especially in init script.
This patch was generated by the following command line:
git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/'
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
0001-fix-configure-debug.patch was removed in
commit 68e846d3b2
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that IPv6 is mandatory remove package dependencies and conditionals
for it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add hash file and drop upstreamed patch.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Previous to this patch, if BR2_PACKAGE_DHCP_CLIENT was selected,
dhcpd.service was installed to the target on systemd systems.
On the resultant system, this would mean that systemctl would
show an error starting dhcpd.service, as the requisite files
do not exist. This does not cause issue on sysvinit systems
as the init scripts silently error when the files aren't found.
Fix this by adding a conditional check to the install define.
Signed-off-by: Nathaniel Roach <nroach44@gmail.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The previous no-op dhclient-script is useless and in fact can lead
users to believe things will work.
dhclient-script is supposed to, among many other things, bring the
interface up for dhclient to pump an address, set the interface
address, set resolv.conf appropiately and set the default gateway.
It's a complex script since it has to deal with a lot of details so
let's just use the best fit which is the OpenWRT one since it uses the
"legacy" tools (ifconfig, route, ...) which can be easily provided by
busybox and/or net-tools.
There are newer and more feature-complete versions around but they
require full iproute2 ip and wouldn't fit as well with the busybox-only
approach.
License: likely GPLv2+
Source:
http://git.openwrt.org/?p=packages.git;a=blob;f=net/isc-dhcp/files/dhclient-script;h=4afebc0ad20ebac51c5baae5ed01c6713e3a0fd0;hb=HEAD
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
test a == b is not available in e.g. dash.
Command(s) used for editing:
q=\[\"\'\]
operand="${q}?[$]?[a-zA-Z0-9_\?]+${q}?" ## doesn't detect ${VAR}
test_expr="(\[\s+${operand}\s+)==(\s+${operand}\s+\])"
find . -type f -name '[SK][0-9][0-9]*' | \
xargs sed -r -e "s@${test_expr}@\1=\2@g" -i
Signed-off-by: André Erdmann <dywi@mailerd.de>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It interprets disable as enable and wreaks havoc since it changes the
behaviour of the build, for instance not using configured leases files
paths.
Thanks to Nathaniel Roach for pointing me to this problem.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Nathaniel Roach <nroach44@gmail.com>
Tested-by: Nathaniel Roach <nroach44@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add a systemd service file to start dhcpd.
The network interfaces to listen on can be set via the variable
INTERFACES in /etc/default/dhcpd.conf. Example:
INTERFACES="eth0 eth1"
Also install a tmpfiles.d file to create /var/lib/dhcp/dhcpd.leases
(needed at dhcpd start-up).
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
