Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: grpc

grpc (1.16.1-1ubuntu1) focal; urgency=medium * gettid-in-glibc.patch: Backport commit to fix FTBFS with glibc 2.30. -- Adam Conrad <adconrad@ubuntu.com> Mon, 21 Oct 2019 11:32:38 -0600 grpc (1.16.1-1build1) focal; urgency=medium * No-change rebuild to build with python3.8. -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 18:40:48 +0000

Modifications :
  1. Download patch debian/control

    --- 1.16.1-1/debian/control 2018-11-27 16:58:17.000000000 +0000 +++ 1.16.1-1ubuntu1/debian/control 2019-10-21 17:32:38.000000000 +0000 @@ -1,6 +1,7 @@ Source: grpc Priority: optional -Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Uploaders: Andrew Pollock <apollock@debian.org> Build-Depends: debhelper (>= 11~), zlib1g-dev, libssl-dev, libprotobuf-dev, protobuf-compiler (>= 3.6.1~), libgflags-dev, libgtest-dev, libgoogle-perftools-dev, python, libprotoc-dev (>= 3.6.1~), libc-ares-dev, gem2deb, ruby-google-protobuf (>= 3.6.1~), ruby-googleauth (>= 0.5.1~), ruby-googleapis-common-protos-types, ruby-rspec, ruby-simplecov,
  2. Download patch debian/patches/gettid-in-glibc.patch

    --- 1.16.1-1/debian/patches/gettid-in-glibc.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.16.1-1ubuntu1/debian/patches/gettid-in-glibc.patch 2019-10-21 17:32:38.000000000 +0000 @@ -0,0 +1,80 @@ +Backported from 57586a1ca7f17b1916aed3dea4ff8de872dbf853 to apply to 1.61.1 + +From 57586a1ca7f17b1916aed3dea4ff8de872dbf853 Mon Sep 17 00:00:00 2001 +From: Benjamin Peterson <benjamin@dropbox.com> +Date: Fri, 3 May 2019 08:11:00 -0700 +Subject: [PATCH] Rename gettid() functions. + +glibc 2.30 will declare its own gettid; see https://sourceware.org/git/?p=glibc.git;a=commit;h=1d0fc213824eaa2a8f8c4385daaa698ee8fb7c92. Rename the grpc versions to avoid naming conflicts. +--- + src/core/lib/gpr/log_linux.cc | 6 ++---- + src/core/lib/gpr/log_posix.cc | 4 ++-- + src/core/lib/iomgr/ev_epollex_linux.cc | 4 ++-- + 3 files changed, 6 insertions(+), 8 deletions(-) + +diff --git a/src/core/lib/gpr/log_linux.cc b/src/core/lib/gpr/log_linux.cc +index 81026e5689b..8b597b4cf2f 100644 +--- a/src/core/lib/gpr/log_linux.cc ++++ b/src/core/lib/gpr/log_linux.cc +@@ -40,7 +40,7 @@ + #include <time.h> + #include <unistd.h> + +-static long gettid(void) { return syscall(__NR_gettid); } ++static long sys_gettid(void) { return syscall(__NR_gettid); } + + void gpr_log(const char* file, int line, gpr_log_severity severity, + const char* format, ...) { +@@ -72,7 +70,7 @@ void gpr_default_log(gpr_log_func_args* args) { + gpr_timespec now = gpr_now(GPR_CLOCK_REALTIME); + struct tm tm; + static __thread long tid = 0; +- if (tid == 0) tid = gettid(); ++ if (tid == 0) tid = sys_gettid(); + + timer = static_cast<time_t>(now.tv_sec); + final_slash = strrchr(args->file, '/'); +diff --git a/src/core/lib/gpr/log_posix.cc b/src/core/lib/gpr/log_posix.cc +index b6edc14ab6b..2f7c6ce3760 100644 +--- a/src/core/lib/gpr/log_posix.cc ++++ b/src/core/lib/gpr/log_posix.cc +@@ -31,7 +31,7 @@ + #include <string.h> + #include <time.h> + +-static intptr_t gettid(void) { return (intptr_t)pthread_self(); } ++static intptr_t sys_gettid(void) { return (intptr_t)pthread_self(); } + + void gpr_log(const char* file, int line, gpr_log_severity severity, + const char* format, ...) { +@@ -86,7 +86,7 @@ void gpr_default_log(gpr_log_func_args* args) { + char* prefix; + gpr_asprintf(&prefix, "%s%s.%09d %7tu %s:%d]", + gpr_log_severity_string(args->severity), time_buffer, +- (int)(now.tv_nsec), gettid(), display_file, args->line); ++ (int)(now.tv_nsec), sys_gettid(), display_file, args->line); + + fprintf(stderr, "%-70s %s\n", prefix, args->message); + gpr_free(prefix); +diff --git a/src/core/lib/iomgr/ev_epollex_linux.cc b/src/core/lib/iomgr/ev_epollex_linux.cc +index c2d80c08ddb..4a83cb6c215 100644 +--- a/src/core/lib/iomgr/ev_epollex_linux.cc ++++ b/src/core/lib/iomgr/ev_epollex_linux.cc +@@ -1077,7 +1077,7 @@ static void end_worker(grpc_pollset* pollset, grpc_pollset_worker* worker, + } + + #ifndef NDEBUG +-static long gettid(void) { return syscall(__NR_gettid); } ++static long sys_gettid(void) { return syscall(__NR_gettid); } + #endif + + /* pollset->mu lock must be held by the caller before calling this. +@@ -1097,7 +1097,7 @@ static grpc_error* pollset_work(grpc_pollset* pollset, + #define WORKER_PTR (&worker) + #endif + #ifndef NDEBUG +- WORKER_PTR->originator = gettid(); ++ WORKER_PTR->originator = sys_gettid(); + #endif + if (grpc_polling_trace.enabled()) { + gpr_log(GPR_INFO,
  3. Download patch debian/patches/series

    --- 1.16.1-1/debian/patches/series 2018-10-23 18:04:22.000000000 +0000 +++ 1.16.1-1ubuntu1/debian/patches/series 2019-10-21 17:31:59.000000000 +0000 @@ -11,3 +11,4 @@ use-system-grpc.patch fix-protoc-path.patch add_grpc_libdir.patch libgrpcpp_channelz_symlink.patch +gettid-in-glibc.patch

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: isc-dhcp

isc-dhcp (4.4.1-2ubuntu5) eoan; urgency=medium * Apply patch from Alkis Georgopoulos to generate correct net{,6}-${iface}.conf files when DHCP supplies multiple DNS servers. (LP: #1840965). -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 03 Sep 2019 10:10:56 +1200 isc-dhcp (4.4.1-2ubuntu4) disco; urgency=medium * Write pidfile before informing parent of success. (LP: #1819747) -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Wed, 13 Mar 2019 14:26:56 +1300 isc-dhcp (4.4.1-2ubuntu3) disco; urgency=medium * Drop redundant calls to dh_installinit, we aren't installing extra init scripts and we aren't installing any upstart jobs. * Build-depend on debhelper (>= 9.20160709) instead of dh-systemd. -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 11 Feb 2019 16:04:33 -0800 isc-dhcp (4.4.1-2ubuntu2) disco; urgency=medium * debian/patches/system-bind.patch: restore Ubuntu delta required for building with -Wl,--as-needed. -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 11 Feb 2019 15:21:32 -0800 isc-dhcp (4.4.1-2ubuntu1) disco; urgency=low * Merge from Debian unstable. Remaining changes: - debian/control: Add libcap-dev build dependency. - Apparmor profiles for dhclient and dhcpd. - Apport hook for isc-dhcp-client and isc-dhcp-server. - Add systemd units for -server and -relay. - If /etc/ltsp/dhcpd.conf exists, use that instead of /etc/dhcp/dhcpd.conf. - Create user/group dhcpd and make isc-dhcp-server depend on adduser. - isc-dhcp-server: Suggest policycoreutils instead of recommending it. - Create /etc/dhcp/ddns-keys/ for DDNS updates. - Increase the timeout to 300 seconds for dhclient.conf (following the default added by dhclient-safer-timeout). - Sanitize environment in dhclient-script.linux. - add IPv6 initramfs support. - Separate default file for isc-dhcp-relay6. - Drop isc-dhcp-server/new_auth_behavior question from high to medium - dhclient-script.linux: handle empty case also when waiting for ipv6 link local DAD. - debian/initramfs-tools/lib/etc/dhcp/dhclient-enter-hooks.d/config: fix the logic for handling search domains to also write it to the output file when only the domain name is provided by the DHCP server. Copied code from debian/dhclient-script.linux. - Remaining Ubuntu patches: + dhclient-fix-backoff + revert-next-server + multi-ip-addr-per-if + dhclient-safer-timeout + onetry_retry_after_initial_success + dhcp-lpf-ib.patch + dhcp-improved-xid.patch + dhcp-gpxe-cid.patch + dhcp-improved-xid-correct-byte-order.patch + dhcp-4.2.4-dhclient-options-changed.patch + ubuntu-dhcpd-conf.patch * Dropped changes, included upstream: - debian/patches/CVE-2018-573x.patch * Dropped changes, included in Debian: - debian/patches/system-bind.patch - debian/patches/bind-includes.patch * Drop pre-bionic upstart migration. -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 08 Feb 2019 10:46:53 -0800

Modifications :
  1. Download patch debian/isc-dhcp-client.install

    --- 4.4.1-2/debian/isc-dhcp-client.install 2018-11-18 06:13:45.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/isc-dhcp-client.install 2018-08-13 02:11:16.000000000 +0000 @@ -3,3 +3,8 @@ dhclient sbin debian/dhclient.conf etc/dhcp debian/debug etc/dhcp + +debian/apparmor/sbin.dhclient etc/apparmor.d + +debian/initramfs-tools/share/hooks/zz-dhclient usr/share/initramfs-tools/hooks +debian/initramfs-tools/lib/etc usr/lib/initramfs-tools/
  2. Download patch debian/patches/system-bind.patch

    --- 4.4.1-2/debian/patches/system-bind.patch 2018-11-18 06:13:45.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/patches/system-bind.patch 2019-03-11 20:25:26.000000000 +0000 @@ -1,9 +1,11 @@ description: link against system bind libraries author: Michael Gilbert <mgilbert@debian.org> ---- a/client/Makefile.am -+++ b/client/Makefile.am -@@ -14,9 +14,7 @@ dhclient_SOURCES = client_tables.c clpar +Index: isc-dhcp-4.4.1/client/Makefile.am +=================================================================== +--- isc-dhcp-4.4.1.orig/client/Makefile.am ++++ isc-dhcp-4.4.1/client/Makefile.am +@@ -14,9 +14,8 @@ scripts/netbsd scripts/nextstep scripts/openbsd \ scripts/solaris scripts/openwrt dhclient_LDADD = ../common/libdhcp.@A@ ../omapip/libomapi.@A@ \ @@ -11,13 +13,16 @@ author: Michael Gilbert <mgilbert@debian - @BINDLIBDNSDIR@/libdns.@A@ \ - @BINDLIBISCCFGDIR@/libisccfg.@A@ \ - @BINDLIBISCDIR@/libisc.@A@ ++ -lirs-export \ + -ldns-export \ + -lisc-export man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 EXTRA_DIST = $(man_MANS) ---- a/dhcpctl/Makefile.am -+++ b/dhcpctl/Makefile.am -@@ -11,16 +11,12 @@ EXTRA_DIST = $(man_MANS) +Index: isc-dhcp-4.4.1/dhcpctl/Makefile.am +=================================================================== +--- isc-dhcp-4.4.1.orig/dhcpctl/Makefile.am ++++ isc-dhcp-4.4.1/dhcpctl/Makefile.am +@@ -11,16 +11,14 @@ omshell_SOURCES = omshell.c omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ @@ -25,6 +30,7 @@ author: Michael Gilbert <mgilbert@debian - $(BINDLIBDNSDIR)/libdns.a \ - $(BINDLIBISCCFGDIR)/libisccfg.a \ - $(BINDLIBISCDIR)/libisc.a ++ -lirs-export \ + -ldns-export \ + -lisc-export @@ -36,11 +42,14 @@ author: Michael Gilbert <mgilbert@debian - $(BINDLIBDNSDIR)/libdns.a \ - $(BINDLIBISCCFGDIR)/libisccfg.a \ - $(BINDLIBISCDIR)/libisc.a ++ -lirs-export \ + -ldns-export \ + -lisc-export ---- a/omapip/Makefile.am -+++ b/omapip/Makefile.am -@@ -16,7 +16,5 @@ EXTRA_DIST = $(man_MANS) +Index: isc-dhcp-4.4.1/omapip/Makefile.am +=================================================================== +--- isc-dhcp-4.4.1.orig/omapip/Makefile.am ++++ isc-dhcp-4.4.1/omapip/Makefile.am +@@ -16,7 +16,6 @@ svtest_SOURCES = test.c svtest_LDADD = libomapi.a \ @@ -48,11 +57,14 @@ author: Michael Gilbert <mgilbert@debian - $(BINDLIBDNSDIR)/libdns.a \ - $(BINDLIBISCCFGDIR)/libisccfg.a \ - $(BINDLIBISCDIR)/libisc.a ++ -lirs-export \ + -ldns-export \ + -lisc-export ---- a/relay/Makefile.am -+++ b/relay/Makefile.am -@@ -3,10 +3,8 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst +Index: isc-dhcp-4.4.1/relay/Makefile.am +=================================================================== +--- isc-dhcp-4.4.1.orig/relay/Makefile.am ++++ isc-dhcp-4.4.1/relay/Makefile.am +@@ -3,10 +3,9 @@ sbin_PROGRAMS = dhcrelay dhcrelay_SOURCES = dhcrelay.c dhcrelay_LDADD = ../common/libdhcp.@A@ ../omapip/libomapi.@A@ \ @@ -60,14 +72,17 @@ author: Michael Gilbert <mgilbert@debian - @BINDLIBDNSDIR@/libdns.@A@ \ - @BINDLIBISCCFGDIR@/libisccfg.@A@ \ - @BINDLIBISCDIR@/libisc.@A@ ++ -lirs-export \ + -ldns-export \ + -lisc-export man_MANS = dhcrelay.8 EXTRA_DIST = $(man_MANS) ---- a/server/Makefile.am -+++ b/server/Makefile.am -@@ -15,10 +15,9 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c +Index: isc-dhcp-4.4.1/server/Makefile.am +=================================================================== +--- isc-dhcp-4.4.1.orig/server/Makefile.am ++++ isc-dhcp-4.4.1/server/Makefile.am +@@ -15,10 +15,10 @@ dhcpd_CFLAGS = $(LDAP_CFLAGS) dhcpd_LDADD = ../common/libdhcp.@A@ ../omapip/libomapi.@A@ \ ../dhcpctl/libdhcpctl.@A@ \ @@ -75,15 +90,18 @@ author: Michael Gilbert <mgilbert@debian - $(BINDLIBDNSDIR)/libdns.@A@ \ - $(BINDLIBISCCFGDIR)/libisccfg.@A@ \ - $(BINDLIBISCDIR)/libisc.@A@ $(LDAP_LIBS) ++ -lirs-export \ + -ldns-export \ + -lisc-export \ + $(LDAP_LIBS) man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 EXTRA_DIST = $(man_MANS) ---- a/Makefile.am -+++ b/Makefile.am -@@ -38,7 +38,7 @@ endif +Index: isc-dhcp-4.4.1/Makefile.am +=================================================================== +--- isc-dhcp-4.4.1.orig/Makefile.am ++++ isc-dhcp-4.4.1/Makefile.am +@@ -38,7 +38,7 @@ # Use an autoconf substitution vs an automake conditional here # to fool automake when the bind directory does not exist. @@ -92,9 +110,11 @@ author: Michael Gilbert <mgilbert@debian nobase_include_HEADERS = dhcpctl/dhcpctl.h ---- a/configure.ac -+++ b/configure.ac -@@ -789,7 +789,6 @@ no) +Index: isc-dhcp-4.4.1/configure.ac +=================================================================== +--- isc-dhcp-4.4.1.orig/configure.ac ++++ isc-dhcp-4.4.1/configure.ac +@@ -789,7 +789,6 @@ bindversion=${MAJORVER}.${MINORVER}.${PATCHVER}${RELEASETYPE}${RELEASEVER} BINDSRCDIR="${my_abs_srcdir}/bind/bind-$bindversion" fi @@ -102,7 +122,7 @@ author: Michael Gilbert <mgilbert@debian BINDLIBIRSDIR="$BINDSRCDIR/lib/irs" BINDLIBDNSDIR="$BINDSRCDIR/lib/dns" -@@ -800,17 +799,6 @@ no) +@@ -800,17 +799,6 @@ if test ! -d "$use_libbind"; then AC_MSG_ERROR([Cannot find bind directory at $use_libbind]) fi @@ -120,7 +140,7 @@ author: Michael Gilbert <mgilbert@debian BINDDIR="$use_libbind" BINDLIBIRSDIR="$BINDDIR/lib" BINDLIBDNSDIR="$BINDDIR/lib" -@@ -851,20 +839,6 @@ AC_ARG_ENABLE(libtool, +@@ -851,20 +839,6 @@ [use GNU libtool for dynamic shared libraries (default is no).]), want_libtool="$enableval")
  3. Download patch debian/isc-dhcp-server.postinst

    --- 4.4.1-2/debian/isc-dhcp-server.postinst 2018-11-18 06:13:45.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/isc-dhcp-server.postinst 2018-08-13 02:11:16.000000000 +0000 @@ -8,7 +8,13 @@ set -e case "$1" in configure) - # continue below + # create system dhcpd user and group + adduser --system --quiet --no-create-home --home /var/run --group dhcpd + # create ddns keys directory + if [ ! -e /etc/dhcp/ddns-keys/ ]; then + mkdir -m 750 /etc/dhcp/ddns-keys/ + chown root:dhcpd /etc/dhcp/ddns-keys/ + fi ;; abort-upgrade|abort-remove|abort-deconfigure)
  4. Download patch debian/isc-dhcp-relay.isc-dhcp-relay6.service

    --- 4.4.1-2/debian/isc-dhcp-relay.isc-dhcp-relay6.service 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/isc-dhcp-relay.isc-dhcp-relay6.service 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,21 @@ +[Unit] +Description=ISC DHCP IPv6 relay +Documentation=man:dhcrelay(8) +Wants=network-online.target +After=network-online.target +After=time-sync.target +ConditionPathExists=/etc/default/isc-dhcp-relay6 + +[Service] +EnvironmentFile=/etc/default/isc-dhcp-relay6 +ExecStart=/bin/sh -ec '\ + if [ -z "$LOWER_INTERFACES" ] || [ -z "$UPPER_INTERFACES" ]; then \ + echo "No interface defined in /etc/default/isc-dhcp-relay6! - Aborting..."; \ + exit 0; \ + fi; \ + for I in $LOWER_INTERFACES; do IFCMD="$IFCMD -l $I"; done; \ + for I in $UPPER_INTERFACES; do IFCMD="$IFCMD -u $I"; done; \ + exec /usr/sbin/dhcrelay -d -6 $OPTIONS $IFCMD' + +[Install] +WantedBy=multi-user.target
  5. Download patch debian/patches/dhclient-write-pidfile-earlier.patch

    --- 4.4.1-2/debian/patches/dhclient-write-pidfile-earlier.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/patches/dhclient-write-pidfile-earlier.patch 2019-09-02 22:05:08.000000000 +0000 @@ -0,0 +1,32 @@ +Description: write the client pidfile before informing parent of success + dhclient (by default) forks and waits for the child process to report its + success/failure via a pipe. The child writes to the pipe before writing the + pidfile, meaning the parent can exit before the pidfile is present, which + breaks the attempt to kill dhclient process run in the initramfs to handle + ip=dhcp. +Author: Michael Hudson-Doyle <michael.hudson@ubuntu.com> +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1819747 +Forwarded: no +Last-Update: 2019-03-13 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -4575,6 +4575,8 @@ + if (dfd[0] == -1 || dfd[1] == -1) + return; + ++ write_client_pid_file (); ++ + /* Signal parent we started successfully. */ + if (write(dfd[1], &buf, 1) != 1) + log_fatal("write to parent: %m"); +@@ -4597,8 +4599,6 @@ + (void) open("/dev/null", O_RDWR); + (void) open("/dev/null", O_RDWR); + +- write_client_pid_file (); +- + IGNORE_RET (chdir("/")); + + }
  6. Download patch debian/initramfs-tools/lib/etc/dhcp/dhclient.conf

    --- 4.4.1-2/debian/initramfs-tools/lib/etc/dhcp/dhclient.conf 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/initramfs-tools/lib/etc/dhcp/dhclient.conf 2019-03-11 20:19:32.000000000 +0000 @@ -0,0 +1,10 @@ +option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; + +send host-name = gethostname(); +request subnet-mask, broadcast-address, time-offset, routers, + domain-name, domain-name-servers, domain-search, host-name, + dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers, + netbios-name-servers, netbios-scope, interface-mtu, + rfc3442-classless-static-routes, ntp-servers; + +timeout 30;
  7. Download patch debian/rules

    --- 4.4.1-2/debian/rules 2018-11-18 06:13:45.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/rules 2019-03-11 20:25:26.000000000 +0000 @@ -80,7 +80,18 @@ override_dh_install: -e 's/CLIENTBINDIR/\/sbin/g' \ -e 's/DBDIR/\/var\/lib\/dhcp/g' \ -i debian/tmp/usr/share/man/man*/* + dh_apparmor -pisc-dhcp-client --profile-name=sbin.dhclient + dh_apparmor -pisc-dhcp-server --profile-name=usr.sbin.dhcpd + dh_apport -a override_dh_installinit: dh_installinit -Nisc-dhcp-server - dh_installinit -pisc-dhcp-server --error-handler=true + dh_systemd_enable -pisc-dhcp-server --name isc-dhcp-server + dh_installinit -pisc-dhcp-server --name isc-dhcp-server + dh_systemd_start -pisc-dhcp-server --name isc-dhcp-server + dh_systemd_enable -pisc-dhcp-server --name isc-dhcp-server6 + dh_systemd_start -pisc-dhcp-server --name isc-dhcp-server6 + dh_systemd_enable -pisc-dhcp-relay --name isc-dhcp-relay + dh_systemd_start -pisc-dhcp-relay --name isc-dhcp-relay + dh_systemd_enable -pisc-dhcp-relay --name isc-dhcp-relay6 + dh_systemd_start -pisc-dhcp-relay --name isc-dhcp-relay6
  8. Download patch debian/isc-dhcp-server.install

    --- 4.4.1-2/debian/isc-dhcp-server.install 2018-11-18 06:13:45.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/isc-dhcp-server.install 2018-08-13 02:11:16.000000000 +0000 @@ -4,3 +4,5 @@ usr/bin/omshell debian/tmp/dhcpd.conf etc/dhcp debian/tmp/dhcpd6.conf etc/dhcp + +debian/apparmor/usr.sbin.dhcpd etc/apparmor.d
  9. Download patch debian/apparmor/usr.sbin.dhcpd

    --- 4.4.1-2/debian/apparmor/usr.sbin.dhcpd 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/apparmor/usr.sbin.dhcpd 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,74 @@ +# vim:syntax=apparmor +# Last Modified: Mon Jan 25 11:06:45 2016 +# Author: Jamie Strandboge <jamie@canonical.com> + +#include <tunables/global> + +/usr/sbin/dhcpd { + #include <abstractions/base> + #include <abstractions/nameservice> + #include <abstractions/ssl_keys> + + capability chown, + capability net_bind_service, + capability net_raw, + capability setgid, + capability setuid, + + network inet raw, + network packet packet, + network packet raw, + + @{PROC}/[0-9]*/net/dev r, + @{PROC}/[0-9]*/net/{dev,if_inet6} r, + + /etc/hosts.allow r, + /etc/hosts.deny r, + + /etc/dhcp/ r, + /etc/dhcp/** r, + /etc/dhcpd{,6}.conf r, + /etc/dhcpd{,6}_ldap.conf r, + + /usr/sbin/dhcpd mr, + + /var/lib/dhcp/dhcpd{,6}.leases* lrw, + /var/log/ r, + /var/log/** rw, + /{,var/}run/{,dhcp-server/}dhcpd{,6}.pid rw, + + # isc-dhcp-server-ldap + /etc/ldap/ldap.conf r, + + # LTSP. See: + # http://www.ltsp.org/~sbalneav/LTSPManual.html + # https://wiki.edubuntu.org/ + /etc/ltsp/ r, + /etc/ltsp/** r, + /etc/dhcpd{,6}-k12ltsp.conf r, + /etc/dhcpd{,6}.leases* lrw, + /ltsp/ r, + /ltsp/** r, + + # Eucalyptus + /{,var/}run/eucalyptus/net/ r, + /{,var/}run/eucalyptus/net/** r, + /{,var/}run/eucalyptus/net/*.pid lrw, + /{,var/}run/eucalyptus/net/*.leases* lrw, + /{,var/}run/eucalyptus/net/*.trace lrw, + + # wicd + /var/lib/wicd/* r, + + # access to bind9 keys for dynamic update + # It's expected that users will generate one key per zone and have it + # stored in both /etc/bind9 (for bind to access) and /etc/dhcp/ddns-keys + # (for dhcpd to access). + /etc/dhcp/ddns-keys/** r, + + # allow packages to re-use dhcpd and provide their own specific directories + #include <dhcpd.d> + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.sbin.dhcpd> +}
  10. Download patch debian/control

    --- 4.4.1-2/debian/control 2018-11-18 06:37:43.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/control 2019-03-11 20:25:26.000000000 +0000 @@ -1,16 +1,20 @@ Source: isc-dhcp Section: net Priority: important -Maintainer: Debian ISC DHCP Maintainers <isc-dhcp@packages.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian ISC DHCP Maintainers <isc-dhcp@packages.debian.org> Uploaders: Andrew Pollock <apollock@debian.org>, Michael Gilbert <mgilbert@debian.org> Homepage: http://www.isc.org Build-Depends: dpkg-dev (>= 1.13.2), - debhelper (>= 9.20151220), + debhelper (>= 9.20160709), + dh-apport, + dh-apparmor, dh-autoreconf, groff, pkg-config, po-debconf, + libcap-dev, libldap2-dev, libbind-export-dev (>= 1:9.11.5), Standards-Version: 3.9.8 @@ -25,9 +29,9 @@ Depends: ${shlibs:Depends}, debianutils (>= 2.8.2), lsb-base, + adduser Recommends: isc-dhcp-common, - policycoreutils, Breaks: isc-dhcp-common (<= 4.3.3-1), logcheck-database (<= 1.3.17~) @@ -36,6 +40,7 @@ Replaces: Suggests: policykit-1, isc-dhcp-server-ldap, + policycoreutils, Description: ISC DHCP server for automatic IP address assignment This is the Internet Software Consortium's DHCP server. .
  11. Download patch debian/patches/dhcp-improved-xid.patch

    --- 4.4.1-2/debian/patches/dhcp-improved-xid.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/patches/dhcp-improved-xid.patch 2019-03-11 20:25:26.000000000 +0000 @@ -0,0 +1,153 @@ +Description: Infiniband Support + +Author: Jiri Popelka <jpopelka@redhat.com> +Origin: git://pkgs.fedoraproject.org/dhcp.git, tag: dhcp-4.3.1-18.fc22 +Bug-Ubuntu: https://launchpad.net/bugs/1401141 +Last-Update: 2019-02-11 + +Index: isc-dhcp-4.4.1-2ubuntu1/client/dhclient.c +=================================================================== +--- isc-dhcp-4.4.1-2ubuntu1.orig/client/dhclient.c ++++ isc-dhcp-4.4.1-2ubuntu1/client/dhclient.c +@@ -817,6 +817,26 @@ + } + } + ++ /* We create a backup seed before rediscovering interfaces in order to ++ have a seed built using all of the available interfaces ++ It's interesting if required interfaces doesn't let us defined ++ a really unique seed due to a lack of valid HW addr later ++ (this is the case with DHCP over IB) ++ We only use the last device as using a sum could broke the ++ uniqueness of the seed among multiple nodes ++ */ ++ unsigned backup_seed = 0; ++ for (ip = interfaces; ip; ip = ip -> next) { ++ int junk; ++ if ( ip -> hw_address.hlen <= sizeof seed ) ++ continue; ++ memcpy (&junk, ++ &ip -> hw_address.hbuf [ip -> hw_address.hlen - ++ sizeof seed], sizeof seed); ++ backup_seed = junk; ++ } ++ ++ + /* At this point, all the interfaces that the script thinks + are relevant should be running, so now we once again call + discover_interfaces(), and this time ask it to actually set +@@ -831,14 +851,36 @@ + Not much entropy, but we're booting, so we're not likely to + find anything better. */ + seed = 0; ++ int seed_flag = 0; + for (ip = interfaces; ip; ip = ip->next) { + int junk; ++ if ( ip -> hw_address.hlen <= sizeof seed ) ++ continue; + memcpy(&junk, + &ip->hw_address.hbuf[ip->hw_address.hlen - + sizeof seed], sizeof seed); + seed += junk; ++ seed_flag = 1; + } +- srandom(seed + cur_time + (unsigned)getpid()); ++ if ( seed_flag == 0 ) { ++ if ( backup_seed != 0 ) { ++ seed = backup_seed; ++ log_info ("xid: rand init seed (0x%x) built using all" ++ " available interfaces",seed); ++ } ++ else { ++ seed = cur_time^((unsigned) gethostid()) ; ++ log_info ("xid: warning: no netdev with useable HWADDR found" ++ " for seed's uniqueness enforcement"); ++ log_info ("xid: rand init seed (0x%x) built using gethostid", ++ seed); ++ } ++ /* we only use seed and no current time as a broadcast reply */ ++ /* will certainly be used by the hwaddrless interface */ ++ srandom(seed); ++ } ++ else ++ srandom(seed + cur_time + (unsigned)getpid()); + + /* Setup specific Infiniband options */ + for (ip = interfaces; ip; ip = ip->next) { +@@ -1391,9 +1433,10 @@ + return; + } + +- log_info ("DHCPACK of %s from %s", ++ log_info ("DHCPACK of %s from %s (xid=0x%x)", + inet_ntoa(packet->raw->yiaddr), +- piaddr (packet->client_addr)); ++ piaddr (packet->client_addr), ++ client -> xid); + + lease = packet_to_lease (packet, client); + if (!lease) { +@@ -2313,7 +2356,7 @@ + return; + } + +- log_info ("DHCPNAK from %s", piaddr (packet -> client_addr)); ++ log_info ("DHCPNAK from %s (xid=0x%x)", piaddr (packet -> client_addr), client -> xid); + + if (!client -> active) { + #if defined (DEBUG) +@@ -2453,10 +2496,11 @@ + (long)(client -> interval)); + } else + #endif +- log_info ("DHCPDISCOVER on %s to %s port %d interval %ld", ++ log_info ("DHCPDISCOVER on %s to %s port %d interval %ld (xid=0x%x)", + client -> name ? client -> name : client -> interface -> name, + inet_ntoa (sockaddr_broadcast.sin_addr), +- ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval)); ++ ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval), ++ client -> xid); + + /* Send out a packet. */ + #if defined(DHCPv6) && defined(DHCP4o6) +@@ -2769,10 +2813,10 @@ + } + + strncpy(rip_buf, rip_str, sizeof(rip_buf)-1); +- log_info ("DHCPREQUEST for %s on %s to %s port %d", rip_buf, ++ log_info ("DHCPREQUEST for %s on %s to %s port %d (xid=0x%x)", rip_buf, + client->name ? client->name : client->interface->name, + inet_ntoa(destination.sin_addr), +- ntohs (destination.sin_port)); ++ ntohs (destination.sin_port), client -> xid); + + #if defined(DHCPv6) && defined(DHCP4o6) + if (dhcpv4_over_dhcpv6) { +@@ -2829,11 +2873,11 @@ + log_info ("DHCPDECLINE"); + } else + #endif +- log_info ("DHCPDECLINE of %s on %s to %s port %d", ++ log_info ("DHCPDECLINE of %s on %s to %s port %d (xid=0x%x)", + piaddr(client->requested_address), + (client->name ? client->name : client->interface->name), + inet_ntoa(sockaddr_broadcast.sin_addr), +- ntohs(sockaddr_broadcast.sin_port)); ++ ntohs(sockaddr_broadcast.sin_port), client -> xid); + + /* Send out a packet. */ + #if defined(DHCPv6) && defined(DHCP4o6) +@@ -2892,11 +2936,11 @@ + log_info ("DHCPRELEASE"); + } else + #endif +- log_info ("DHCPRELEASE of %s on %s to %s port %d", ++ log_info ("DHCPRELEASE of %s on %s to %s port %d (xid=0x%x)", + piaddr(client->active->address), + client->name ? client->name : client->interface->name, + inet_ntoa (destination.sin_addr), +- ntohs (destination.sin_port)); ++ ntohs (destination.sin_port), client -> xid); + + #if defined(DHCPv6) && defined(DHCP4o6) + if (dhcpv4_over_dhcpv6) {
  12. Download patch debian/dhclient.conf

    --- 4.4.1-2/debian/dhclient.conf 2018-11-18 06:13:45.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/dhclient.conf 2018-08-13 02:11:16.000000000 +0000 @@ -24,7 +24,7 @@ request subnet-mask, broadcast-address, #supersede domain-name "fugue.com home.vix.com"; #prepend domain-name-servers 127.0.0.1; #require subnet-mask, domain-name-servers; -#timeout 60; +timeout 300; #retry 60; #reboot 10; #select-timeout 5;
  13. Download patch debian/isc-dhcp-server.apport

    --- 4.4.1-2/debian/isc-dhcp-server.apport 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/isc-dhcp-server.apport 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,50 @@ +#!/usr/bin/python + +'''apport hook for dhcp server + +(c) 2010 Canonical Ltd. +Author: Chuck Short <chuck.short@canonical.com> + +This program is free software; you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your +option) any later version. See http://www.gnu.org/copyleft/gpl.html for +the full text of the license. +''' + +from apport.hookutils import * +from os import path +import re + +def dhcp_leases(pattern): + ''' Extract options from '/var/lib/dhcp/dhcpd.leases' which match a regex. + pattern should be a "re" object. ''' + lines = "" + if os.path.exists('/var/lib/dhcp/dhcpd.leases'): + file = '/var/lib/dhcp/dhcpd.leases' + else: + return lines + + for line in open(file): + if pattern.search(line): + lines += line + return lines + +def add_info(report, ui): + response = ui.yesno("The contents of your /etc/dhcp/dhclient.conf file may help developers diagnose your bug more quickly, however, it may contain sensitive information. Do you want to include it in your bug report?") + + if response == None: #user cancelled + raise StopIteration + + elif response == True: + attach_file_if_exists(report, '/etc/dhcp/dhcpd.conf', 'DHCPServerConf') + + attach_mac_events(report, '/usr/sbin/dhcpd') + + attach_related_packages(report, ['apparmor', 'libapparmor1', + 'libapparmor-perl', 'apparmor-utils', 'auditd', 'libaudit0']) + + attach_file(report, '/etc/apparmor.d/usr.sbin.dhcpd') + + leases = re.compile('option|renew|rebind|expire', re.IGNORECASE) + report['DhServerLeases'] = dhcp_leases(leases)
  14. Download patch debian/isc-dhcp-client.links
  15. Download patch debian/isc-dhcp-server.isc-dhcp-server.service

    --- 4.4.1-2/debian/isc-dhcp-server.isc-dhcp-server.service 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/isc-dhcp-server.isc-dhcp-server.service 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,24 @@ +[Unit] +Description=ISC DHCP IPv4 server +Documentation=man:dhcpd(8) +Wants=network-online.target +After=network-online.target +After=time-sync.target +ConditionPathExists=/etc/default/isc-dhcp-server +ConditionPathExists=|/etc/ltsp/dhcpd.conf +ConditionPathExists=|/etc/dhcp/dhcpd.conf + +[Service] +EnvironmentFile=/etc/default/isc-dhcp-server +RuntimeDirectory=dhcp-server +# The leases files need to be root:dhcpd even when dropping privileges +ExecStart=/bin/sh -ec '\ + CONFIG_FILE=/etc/dhcp/dhcpd.conf; \ + if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; fi; \ + [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \ + chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \ + chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \ + exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf $CONFIG_FILE $INTERFACES' + +[Install] +WantedBy=multi-user.target
  16. Download patch debian/isc-dhcp-client.apport

    --- 4.4.1-2/debian/isc-dhcp-client.apport 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/isc-dhcp-client.apport 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,52 @@ +#!/usr/bin/python + +'''apport hook for dhclient + +(c) 2010 Canonical Ltd. +Author: Chuck Short <chuck.short@canonical.com> + +This program is free software; you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your +option) any later version. See http://www.gnu.org/copyleft/gpl.html for +the full text of the license. +''' + +from apport.hookutils import * +from os import path +import re + +def dhcp_leases(pattern): + ''' Extract options from '/var/lib/dhcp/dhclient.leases' which match a regex. + pattern should be a "re" object. ''' + lines = "" + if os.path.exists('/var/lib/dhcp/dhclient.leases'): + file = '/var/lib/dhcp/dhclient.leases' + else: + return lines + + for line in open(file): + if pattern.search(line): + lines += line + return lines + +def add_info(report, ui): + response = ui.yesno("The contents of your /etc/dhcp/dhclient.conf file may help developers diagnose your bug more quickly, however, it may contain sensitive information. Do you want to include it in your bug report?") + + if response == None: #user cancelled + raise StopIteration + + elif response == True: + attach_file_if_exists(report, '/etc/dhcp/dhclient.conf', 'Dhclient') + + attach_mac_events(report, ['/sbin/dhclient', + '/usr/lib/NetworkManager/nm-dhcp-client.action', + '/usr/lib/connman/scripts/dhclient-script']) + + attach_related_packages(report, ['apparmor', 'libapparmor1', + 'libapparmor-perl', 'apparmor-utils', 'auditd', 'libaudit0']) + + attach_file(report, '/etc/apparmor.d/sbin.dhclient') + + leases = re.compile('option|renew|rebind|expire', re.IGNORECASE) + report['DhclientLeases'] = dhcp_leases(leases)
  17. Download patch debian/isc-dhcp-server.postrm

    --- 4.4.1-2/debian/isc-dhcp-server.postrm 2018-11-18 06:13:45.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/isc-dhcp-server.postrm 2019-03-11 20:25:26.000000000 +0000 @@ -19,6 +19,9 @@ case "$1" in # Remove init.d configuration file rm -f /etc/default/isc-dhcp-server + + # remove ddns keys directory + rm -Rf /etc/dhcp/ddns-keys/ ;; upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
  18. Download patch debian/patches/series

    --- 4.4.1-2/debian/patches/series 2018-11-18 06:13:45.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/patches/series 2019-09-02 22:05:08.000000000 +0000 @@ -16,3 +16,17 @@ system-bind.patch bind-includes.patch configure.patch + +# ubuntu patches +dhclient-fix-backoff +revert-next-server +multi-ip-addr-per-if +dhclient-safer-timeout +onetry_retry_after_initial_success +dhcp-lpf-ib.patch +dhcp-improved-xid.patch +dhcp-gpxe-cid.patch +dhcp-improved-xid-correct-byte-order.patch +dhcp-4.2.4-dhclient-options-changed.patch +ubuntu-dhcpd-conf.patch +dhclient-write-pidfile-earlier.patch
  19. Download patch debian/patches/revert-next-server

    --- 4.4.1-2/debian/patches/revert-next-server 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/patches/revert-next-server 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,27 @@ +From: Oliver Grawert <ogra@ubuntu.com> +Subject: Revert the need of the next-server option + +So it points to the own IP again for tftp if the option +is not set (patch by Oliver Grawert; disputed upstream). + +Index: isc-dhcp/server/dhcp.c +=================================================================== +--- isc-dhcp.orig/server/dhcp.c 2012-06-22 14:59:47.015948000 -0400 ++++ isc-dhcp/server/dhcp.c 2012-06-22 15:03:59.898627552 -0400 +@@ -1216,6 +1216,7 @@ + log_info ("%s", msgbuf); + + /* Figure out the address of the boot file server. */ ++ raw.siaddr = from; + if ((oc = + lookup_option (&server_universe, options, SV_NEXT_SERVER))) { + if (evaluate_option_cache (&d1, packet, (struct lease *)0, +@@ -2638,7 +2639,7 @@ + } + + /* Figure out the address of the boot file server. */ +- memset (&state -> siaddr, 0, sizeof state -> siaddr); ++ memcpy (&state -> siaddr, state -> from.iabuf, sizeof state -> siaddr); + if ((oc = + lookup_option (&server_universe, + state -> options, SV_NEXT_SERVER))) {
  20. Download patch debian/patches/dhcp-improved-xid-correct-byte-order.patch

    --- 4.4.1-2/debian/patches/dhcp-improved-xid-correct-byte-order.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/patches/dhcp-improved-xid-correct-byte-order.patch 2019-03-11 20:25:26.000000000 +0000 @@ -0,0 +1,41 @@ +Description: Infiniband Support + +dhcp-improved-xid-correct-byte-order.patch: correct byte order so the +printed xid is the same as in tcpdump/wireshark + +Author: Jiri Popelka <jpopelka@redhat.com> +Origin: git://pkgs.fedoraproject.org/dhcp.git, commit: 96d5a64 +Bug-Ubuntu: https://launchpad.net/bugs/1401141 +Last-Update: 2019-02-11 + +Index: isc-dhcp-4.4.1-2ubuntu1/client/dhclient.c +=================================================================== +--- isc-dhcp-4.4.1-2ubuntu1.orig/client/dhclient.c ++++ isc-dhcp-4.4.1-2ubuntu1/client/dhclient.c +@@ -1480,7 +1480,7 @@ + log_info ("DHCPACK of %s from %s (xid=0x%x)", + inet_ntoa(packet->raw->yiaddr), + piaddr (packet->client_addr), +- client -> xid); ++ ntohl(client -> xid)); + + lease = packet_to_lease (packet, client); + if (!lease) { +@@ -2400,7 +2400,7 @@ + return; + } + +- log_info ("DHCPNAK from %s (xid=0x%x)", piaddr (packet -> client_addr), client -> xid); ++ log_info ("DHCPNAK from %s (xid=0x%x)", piaddr (packet -> client_addr), ntohl(client -> xid)); + + if (!client -> active) { + #if defined (DEBUG) +@@ -2544,7 +2544,7 @@ + client -> name ? client -> name : client -> interface -> name, + inet_ntoa (sockaddr_broadcast.sin_addr), + ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval), +- client -> xid); ++ ntohl(client -> xid)); + + /* Send out a packet. */ + #if defined(DHCPv6) && defined(DHCP4o6)
  21. Download patch debian/isc-dhcp-server.dirs

    --- 4.4.1-2/debian/isc-dhcp-server.dirs 2018-11-18 06:13:45.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/isc-dhcp-server.dirs 2018-08-13 02:11:16.000000000 +0000 @@ -1 +1,2 @@ var/lib/dhcp +etc/apparmor.d/dhcpd.d
  22. Download patch debian/dhclient-script.linux

    --- 4.4.1-2/debian/dhclient-script.linux 2018-12-11 03:55:12.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/dhclient-script.linux 2019-03-11 20:25:26.000000000 +0000 @@ -1,5 +1,17 @@ #!/bin/sh +# Explicitly set the PATH to that of ENV_SUPATH in /etc/login.defs and unset +# various other variables. We need to do this so /sbin/dhclient cannot abuse +# the environment to escape AppArmor confinement via this script +# (LP: #1045986). This can be removed once AppArmor supports environment +# filtering (LP: #1045985) +export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +export ENV= +export BASH_ENV= +export CDPATH= +export GLOBIGNORE= +export BASH_XTRACEFD= + # dhclient-script for Linux. Dan Halbert, March, 1997. # Updated for Linux 2.[12] by Brian J. Murrell, January 1999. # Modified for Debian. Matt Zimmerman and Eloy Paris, December 2003 @@ -12,6 +24,9 @@ # The alias handling in here probably still sucks. -mdz +# log an error. +error() { logger -p daemon.err "$@"; } + # wait for given file to be writable wait_for_rw() { local file=$1 @@ -136,6 +151,41 @@ set_hostname() { fi } +# set the link up and wait for ipv6 link local dad to finish +ipv6_link_up_and_dad() { + local dev=$1 delay=${2:-0.1} attempts=${3:-60} + ip link set up dev "$dev" || + { error "$dev: failed to set link up"; return 1; } + local n=0 + while :; do + n=$((n+1)) + # note: busybox ip does not understand 'tentative' as input + # so we cannot just use the tentative flag and check for empty + out=$(ip -6 -o address show dev "$dev" scope link) || { + error "$dev: checking for link-local addresses failed"; + return 1 + } + # another note: the output may be empty if the link local tentative addr + # isn't up just yet, so we need to make sure there is at least one 'inet6' + # match before returning success. We need to keep checking for both + # 'tentative' case and default (no inet6 address) case. (LP: #1718568) + # Don't reorder tentative/inet6 - we need to check for tentative first. + case " $out " in + *\ dadfailed\ *) + error "$dev: ipv6 dad failed." + return 1;; + *\ tentative\ *) :;; + *\ inet6\ *) return 0;; + *) :;; + esac + [ $n -lt $attempts ] || { + error "$dev: time out waiting for permanent link-local address" + return 1; + } + sleep $delay + done +} + # run given script run_hook() { local script="$1" @@ -385,7 +435,7 @@ case "$reason" in PREINIT6) # ensure interface is up - ip link set ${interface} up + ipv6_link_up_and_dad "$interface" # flush any stale global permanent IPs from interface ip -6 addr flush dev ${interface} scope global permanent
  23. Download patch debian/README.Debian

    --- 4.4.1-2/debian/README.Debian 2018-11-18 06:13:45.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/README.Debian 2018-08-13 02:11:16.000000000 +0000 @@ -24,3 +24,41 @@ http://alioth.debian.org/projects/pkg-dh Andrew Pollock <apollock@debian.org> ISC DHCP Package Maintainers <pkg-dhcp-devel@lists.alioth.debian.org> + + +Apparmor Profile +---------------- +If your system uses apparmor, please note that the shipped enforcing profiles +for isc-dhcp-server and isc-dhcp-client work with the default installation, and +changes in your configuration may require changes to the installed apparmor +profile. Please see https://wiki.ubuntu.com/DebuggingApparmor before filing a +bug against this software. + + +initramfs-tools hook and supplementary files +-------------------------------------------- + +isc-dhcp-client ships a hook for initramfs-tools to install dhclient in the +initramfs, so that systems may bring up IPv4 and IPv6 networking in early +userspace, in order to mount remote filesystems, etc. + +The included "config" script for dhclient-enter-hooks shipping in isc-dhcp- +client for the initramfs is based off the existing "debug" script. The +following variables are made available for scripts in the initramfs: + +It writes out /run/net-$iface.conf and /run/net6-$iface.conf in a format that +is compatible with the old ipconfig format: + + - DEVICE/DEVICE6: the network interface configured. + - PROTO/IPV4PROTO/IPV6PROTO: configuration protocol used (usually DHCP) + - IPV4ADDR/IPV6ADDR: IP address + - IPV4NETMASK/IPV6NETMASK: netmask + - IPV4GATEWAY/IPV6GATEWAY: network gateway + - IPV4DNS0/IPV6DNS0: domain name servers + - ROOTSERVER: next/filesystem server for remote root (IPv4 only) + - HOSTNAME: system hostname + - DNSDOMAIN: DNS domain + - DOMAINSEARCH/IPV6DOMAINSEARCH: search domains + +See http://git.kernel.org/cgit/libs/klibc/klibc.git/tree/usr/kinit/ipconfig/README.ipconfig +
  24. Download patch debian/isc-dhcp-server.config

    --- 4.4.1-2/debian/isc-dhcp-server.config 2018-11-18 06:13:45.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/isc-dhcp-server.config 2018-08-13 02:11:16.000000000 +0000 @@ -21,5 +21,5 @@ db_title "DHCP Server" db_input low isc-dhcp-server/interfaces || true db_go -db_input high isc-dhcp-server/new_auth_behavior || true +db_input medium isc-dhcp-server/new_auth_behavior || true db_go
  25. Download patch debian/isc-dhcp-relay.isc-dhcp-relay6.default

    --- 4.4.1-2/debian/isc-dhcp-relay.isc-dhcp-relay6.default 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/isc-dhcp-relay.isc-dhcp-relay6.default 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,15 @@ +# Defaults for isc-dhcp-relay6 initscript +# sourced by /etc/init/isc-dhcp-relay6.conf + +# +# This is a POSIX shell fragment +# + +# What interfaces should the DHCP relay forward requests to? +UPPER_INTERFACES="" + +# On what interfaces should the DHCP relay (dhrelay) serve DHCP requests? +LOWER_INTERFACES="" + +# Additional options that are passed to the DHCP relay daemon? +OPTIONS=""
  26. Download patch debian/patches/dhcp-gpxe-cid.patch

    --- 4.4.1-2/debian/patches/dhcp-gpxe-cid.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/patches/dhcp-gpxe-cid.patch 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,78 @@ +Description: Infiniband support + +Author: Jiri Popelka <jpopelka@redhat.com> +Origin: git://pkgs.fedoraproject.org/dhcp.git, tag: dhcp-4.3.1-18.fc22 +Bug-Ubuntu: https://launchpad.net/bugs/1401141 +Last-Update: 2015-03-09 + +--- isc-dhcp-4.3.1.orig/client/dhclient.c ++++ isc-dhcp-4.3.1/client/dhclient.c +@@ -49,6 +49,13 @@ static char path_dhclient_script_array[] + char *path_dhclient_script = path_dhclient_script_array; + const char *path_dhclient_duid = NULL; + ++/* Default Prefix */ ++static unsigned char default_prefix[12] = { ++ 0xff, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x02, 0x00, ++ 0x00, 0x02, 0xc9, 0x00 ++}; ++ + /* False (default) => we write and use a pid file */ + isc_boolean_t no_pid_file = ISC_FALSE; + +@@ -934,6 +941,12 @@ int find_subnet (struct subnet **sp, + static void setup_ib_interface(struct interface_info *ip) + { + struct group *g; ++ struct hardware *hw = &ip->hw_address; ++ char client_id[64]; ++ char *arg_conf = NULL; ++ int arg_conf_len = 0; ++ isc_result_t status; ++ struct parse *cfile = (struct parse *)0; + + /* + * Find out if a dhcp-client-identifier option was specified either +@@ -947,8 +960,39 @@ static void setup_ib_interface(struct in + } + } + +- /* No client ID specified */ +- log_fatal("dhcp-client-identifier must be specified for InfiniBand"); ++ /* ++ * No client ID specified, make up one based on a default ++ * "prefix" and the port GUID. ++ * ++ * NOTE: This is compatible with what gpxe does. ++ */ ++ sprintf(client_id, "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x", ++ default_prefix[0], default_prefix[1], default_prefix[2], ++ default_prefix[3], default_prefix[4], default_prefix[5], ++ default_prefix[6], default_prefix[7], default_prefix[8], ++ default_prefix[9], default_prefix[10], default_prefix[11], ++ hw->hbuf[1], hw->hbuf[2], hw->hbuf[3], hw->hbuf[4], ++ hw->hbuf[5], hw->hbuf[6], hw->hbuf[7], hw->hbuf[8]); ++ ++ arg_conf_len = asprintf(&arg_conf, ++ "send dhcp-client-identifier %s;", ++ client_id); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send option dhcp-client-identifier"); ++ ++ status = new_parse(&cfile, -1, arg_conf, arg_conf_len, ++ "Automatic Infiniband client identifier", 0); ++ ++ if ((status != ISC_R_SUCCESS) || (cfile->warnings_occurred)) ++ log_fatal("Failed to parse Infiniband client identifier"); ++ ++ parse_client_statement(cfile, NULL, ip->client->config); ++ ++ if (cfile->warnings_occurred) ++ log_fatal("Failed to parse Infiniband client identifier"); ++ ++ end_parse(&cfile); + } + + /* Individual States:
  27. Download patch debian/isc-dhcp-server.isc-dhcp-server6.service

    --- 4.4.1-2/debian/isc-dhcp-server.isc-dhcp-server6.service 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/isc-dhcp-server.isc-dhcp-server6.service 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,24 @@ +[Unit] +Description=ISC DHCP IPv6 server +Documentation=man:dhcpd(8) +Wants=network-online.target +After=network-online.target +After=time-sync.target +ConditionPathExists=/etc/default/isc-dhcp-server +ConditionPathExists=|/etc/ltsp/dhcpd6.conf +ConditionPathExists=|/etc/dhcp/dhcpd6.conf + +[Service] +EnvironmentFile=/etc/default/isc-dhcp-server +RuntimeDirectory=dhcp-server +# The leases files need to be root:dhcpd even when dropping privileges +ExecStart=/bin/sh -ec '\ + CONFIG_FILE=/etc/dhcp/dhcpd6.conf; \ + if [ -f /etc/ltsp/dhcpd6.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd6.conf; fi; \ + [ -e /var/lib/dhcp/dhcpd6.leases ] || touch /var/lib/dhcp/dhcpd6.leases; \ + chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd6.leases; \ + chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd6.leases; \ + exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/dhcp-server/dhcpd6.pid -cf $CONFIG_FILE $INTERFACES' + +[Install] +WantedBy=multi-user.target
  28. Download patch debian/isc-dhcp-relay.isc-dhcp-relay.service

    --- 4.4.1-2/debian/isc-dhcp-relay.isc-dhcp-relay.service 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/isc-dhcp-relay.isc-dhcp-relay.service 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,16 @@ +[Unit] +Description=ISC DHCP IPv4 relay +Documentation=man:dhcrelay(8) +Wants=network-online.target +After=network-online.target +After=time-sync.target +ConditionPathExists=/etc/default/isc-dhcp-relay + +[Service] +EnvironmentFile=/etc/default/isc-dhcp-relay +ExecStart=/bin/sh -ec '\ + for I in $INTERFACES; do IFCMD="$IFCMD -i $I"; done; \ + exec /usr/sbin/dhcrelay -d -4 $OPTIONS $IFCMD $SERVERS' + +[Install] +WantedBy=multi-user.target
  29. Download patch debian/patches/dhclient-safer-timeout

    --- 4.4.1-2/debian/patches/dhclient-safer-timeout 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/patches/dhclient-safer-timeout 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,78 @@ +From: Steve Langasek <steve.langasek@ubuntu.com> +Subject: Increase default timeout to ensure we don't hit it +Bug-Ubuntu: https://launchpad.net/bugs/838968 + +In some cases, the 60 second client timeout has been shown to be too +low, resulting in ifupdown declaring an interface as 'up' when in fact +the dhclient has simply backgrounded to continue trying. This is +addressed in ifupdown by calling dhclient3 with -1 (exit non-zero +after the timeout), but we don't ever want to *reach* that timeout: +having an interface fail to come up and never be retried is only +slightly better than having ifup say the interface is up before it is. +Now that ifup's dhclient handling is both reliable and highly +parallelized, we can afford to wait longer to be sure we don't hit +the timeout when DHCP is really working, so do this by default. + +--- + client/clparse.c | 2 +- + client/dhclient.conf.5 | 4 ++-- + doc/ja_JP.eucJP/dhclient.conf.5 | 4 ++-- + 3 files changed, 5 insertions(+), 5 deletions(-) + +Index: b/client/clparse.c +=================================================================== +--- a/client/clparse.c ++++ b/client/clparse.c +@@ -124,7 +124,7 @@ isc_result_t read_client_conf () + memset (&top_level_config, 0, sizeof top_level_config); + + /* Set some defaults... */ +- top_level_config.timeout = 60; ++ top_level_config.timeout = 300; + top_level_config.select_interval = 0; + top_level_config.reboot_timeout = 10; + top_level_config.retry_interval = 300; +Index: b/client/dhclient.conf.5 +=================================================================== +--- a/client/dhclient.conf.5 ++++ b/client/dhclient.conf.5 +@@ -71,7 +71,7 @@ The + statement determines the amount of time that must pass between the + time that the client begins to try to determine its address and the + time that it decides that it's not going to be able to contact a +-server. By default, this timeout is sixty seconds. After the ++server. By default, this timeout is 300 seconds. After the + timeout has passed, if there are any static leases defined in the + configuration file, or any leases remaining in the lease database that + have not yet expired, the client will loop through these leases +@@ -695,7 +695,7 @@ laptop does roam to multiple networks. + + .nf + +-timeout 60; ++timeout 300; + retry 60; + reboot 10; + select-timeout 5; +Index: b/doc/ja_JP.eucJP/dhclient.conf.5 +=================================================================== +--- a/doc/ja_JP.eucJP/dhclient.conf.5 ++++ b/doc/ja_JP.eucJP/dhclient.conf.5 +@@ -77,7 +77,7 @@ dhclient.conf ファイルで、クライアントの + 文は、クライアントがアドレスを決める試みを開始してから、 + サーバにアクセスすることが + できないと判断するまでに経過すべき時間を決めます。 +-デフォルトではこのタイムアウト値は 60 秒です。 ++デフォルトではこのタイムアウト値は 300 秒です。 + このタイムアウト値が過ぎた後は、 + もし静的なリースが設定ファイルに定義されているか、 + リースデータベースにまだ期限切れになっていないリースが残っていれば、 +@@ -583,7 +583,7 @@ dhcp クライアントはそのアドレスをリース + + .nf + +-timeout 60; ++timeout 300; + retry 60; + reboot 10; + select-timeout 5;
  30. Download patch debian/patches/ubuntu-dhcpd-conf.patch

    --- 4.4.1-2/debian/patches/ubuntu-dhcpd-conf.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/patches/ubuntu-dhcpd-conf.patch 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,22 @@ +Index: isc-dhcp-4.3.5-3ubuntu1/server/dhcpd.conf.example +=================================================================== +--- isc-dhcp-4.3.5-3ubuntu1.orig/server/dhcpd.conf.example ++++ isc-dhcp-4.3.5-3ubuntu1/server/dhcpd.conf.example +@@ -2,6 +2,9 @@ + # + # Sample configuration file for ISC dhcpd + # ++# Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as ++# configuration file instead of this file. ++# + + # option definitions common to all supported networks... + option domain-name "example.org"; +@@ -51,6 +54,7 @@ + # range 10.5.5.26 10.5.5.30; + # option domain-name-servers ns1.internal.example.org; + # option domain-name "internal.example.org"; ++# option subnet-mask 255.255.255.224; + # option routers 10.5.5.1; + # option broadcast-address 10.5.5.31; + # default-lease-time 600;
  31. Download patch debian/patches/dhclient-fix-backoff

    --- 4.4.1-2/debian/patches/dhclient-fix-backoff 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/patches/dhclient-fix-backoff 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,97 @@ +From: Michel Lespinasse <walken@zoy.org> +Subject: Fix the delays between consecutive requests (the backoff algorithm). + +This algorithm is best explained in the following code comment: + /* If we're supposed to increase the interval, do so. If it's + currently zero (i.e., we haven't sent any packets yet), set + it to initial_interval; otherwise, add to it a random number + between zero and two times itself. On average, this means + that it will double with every transmission. */ +However contrary to what the comment indicates, client->interval has +been initialised, before the first request is sent, to the initial_interval +value rather than to 0. Because of that, the delay between the first two +requests is, on average, double of the initial_interval value, instead of +being equal to the initial_interval value. I'm proposing to change the +initialization value to zero, in order to match the programmers expectations +as documented in that comment, and to have the initial-interval option +in dhclient.conf work as per the documented behavior. + +Additionally, I'm proposing to enforce that the delay between consecutive +requests is always at least one second - this was already the case when +using the default values, but could be messed with if setting an +initial-interval of 0 or a backoff-cutoff of 1. Some people +(see for example http://syn.theti.ca/ ) have been suggesting to use +a backoff-cutoff of 1, so such configurations do exist in the wild. +http://bugs.debian.org/509089 + +Index: isc-dhcp/client/dhclient.c +=================================================================== +--- isc-dhcp.orig/client/dhclient.c 2012-06-22 14:44:21.714594688 -0400 ++++ isc-dhcp/client/dhclient.c 2012-06-22 14:44:30.866594943 -0400 +@@ -894,7 +894,7 @@ + make_request (client, client -> active); + client -> destination = iaddr_broadcast; + client -> first_sending = cur_time; +- client -> interval = client -> config -> initial_interval; ++ client -> interval = 0; + + /* Zap the medium list... */ + client -> medium = NULL; +@@ -920,7 +920,7 @@ + client -> destination = iaddr_broadcast; + client -> state = S_SELECTING; + client -> first_sending = cur_time; +- client -> interval = client -> config -> initial_interval; ++ client -> interval = 0; + + /* Add an immediate timeout to cause the first DHCPDISCOVER packet + to go out. */ +@@ -1001,7 +1001,7 @@ + client -> destination = iaddr_broadcast; + client -> state = S_REQUESTING; + client -> first_sending = cur_time; +- client -> interval = client -> config -> initial_interval; ++ client -> interval = 0; + + /* Make a DHCPREQUEST packet from the lease we picked. */ + make_request (client, picked); +@@ -1286,7 +1286,7 @@ + client -> destination = iaddr_broadcast; + + client -> first_sending = cur_time; +- client -> interval = client -> config -> initial_interval; ++ client -> interval = 0; + client -> state = S_RENEWING; + + /* Send the first packet immediately. */ +@@ -1888,6 +1888,10 @@ + (client -> first_sending + + client -> config -> timeout) - cur_time + 1; + ++ /* Make sure the computed interval is at least one second. */ ++ if (!client->interval) ++ client->interval = 1; ++ + /* Record the number of seconds since we started sending. */ + if (interval < 65536) + client -> packet.secs = htons (interval); +@@ -2129,6 +2133,10 @@ + client -> interval = + client -> active -> expiry - cur_time + 1; + ++ /* Make sure the computed interval is at least one second. */ ++ if (!client->interval) ++ client->interval = 1; ++ + /* If the lease T2 time has elapsed, or if we're not yet bound, + broadcast the DHCPREQUEST rather than unicasting. */ + if (client -> state == S_REQUESTING || +@@ -3525,7 +3533,7 @@ + } else + client -> destination = iaddr_broadcast; + client -> first_sending = cur_time; +- client -> interval = client -> config -> initial_interval; ++ client -> interval = 0; + + /* Zap the medium list... */ + client -> medium = (struct string_list *)0;
  32. Download patch debian/patches/onetry_retry_after_initial_success

    --- 4.4.1-2/debian/patches/onetry_retry_after_initial_success 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/patches/onetry_retry_after_initial_success 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,18 @@ +From: St辿phane Graber <stgraber@ubuntu.com> +Subject: Deal with the fact that the loopback interface isn't checksummed by Linux + +Index: isc-dhcp/client/dhclient.c +=================================================================== +--- isc-dhcp.orig/client/dhclient.c 2012-09-11 16:03:45.859279971 -0400 ++++ isc-dhcp/client/dhclient.c 2012-09-11 18:31:34.347790135 -0400 +@@ -2024,6 +2024,10 @@ + loop = client -> active; + } + ++ /* Ubuntu wants dhclient -1 to still try to get a new lease in the ++ background after a DHCP server failure. */ ++ onetry = 0; ++ + /* No leases were available, or what was available didn't work, so + tell the shell script that we failed to allocate an address, + and try again later. */
  33. Download patch debian/patches/dhcp-4.2.4-dhclient-options-changed.patch

    --- 4.4.1-2/debian/patches/dhcp-4.2.4-dhclient-options-changed.patch 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/patches/dhcp-4.2.4-dhclient-options-changed.patch 2019-03-11 20:25:26.000000000 +0000 @@ -0,0 +1,168 @@ +Description: Added broadcast flag support without config options + +From file called dhcp-4.2.4-dhclient-options-changed.patch I have +backported only the parts responsible for the token: + + BOOTP_BROADCAST_ALWAYS + +set specifically by keyword: "bootp-broadcast-always" in dhcp +client config file. I removed all extra cmdline options added +by the same commit. They would change cmdline behavior adding +extra paremeters (good for IB tests, not suitable for a SRU). + +When backporting file called dhcp-4.2.5-lpf-ib.patch the following +statement was not backported: + + ip->client->config->bootp_broadcast_always = 1; + +when setting ib interface up, since the entire broadcast was +thought not to be mandatory. + +Unfortunately, from: + + * RFC 4390 (https://tools.ietf.org/html/rfc4390) + * Dynamic Host Configuration Protocol (DHCP) over InfiniBand + +""" +2.2. Use of the BROADCAST flag + + A DHCP client on IPoIB MUST set the BROADCAST flag in DHCPDISCOVER + and DHCPREQUEST messages (and set "ciaddr" to zero) to ensure that + the server (or the relay agent) broadcasts its reply to the client. + + Note: As described in [RFC2131], "ciaddr" MUST be filled in with the + client's IP address during BOUND, RENEWING or REBINDING states; + therefore, the BROADCAST flag MUST NOT be set. In these cases, + the DHCP server unicasts DHCPACK message to the address in + "ciaddr". The link address will be resolved by ARP. +""" + +The BROADCAST flag for InfiniBand DHCP REQUEST packets MUST be turned on +(MUST is used in RFC) AND this has to be backported to fix wrong behavior. + +Author: Jiri Popelka <jpopelka@redhat.com> +Origin: git://pkgs.fedoraproject.org/dhcp.git, tag: dhcp-4.2.5-30.fc20 +Bug-Ubuntu: https://launchpad.net/bugs/1529815 +Last-Update: 2019-02-11 +Signed-off-by: Rafael David Tinoco <rafael.tinoco@canonical.com> + +Index: isc-dhcp-4.4.1-2ubuntu1/client/clparse.c +=================================================================== +--- isc-dhcp-4.4.1-2ubuntu1.orig/client/clparse.c ++++ isc-dhcp-4.4.1-2ubuntu1/client/clparse.c +@@ -189,6 +189,7 @@ + /* Requested lease time, used by DHCPv6 (DHCPv4 uses the option cache) + */ + top_level_config.requested_lease = 7200; ++ top_level_config.bootp_broadcast_always = 0; + + group_allocate (&top_level_config.on_receipt, MDL); + if (!top_level_config.on_receipt) +@@ -394,7 +395,8 @@ + interface-declaration | + LEASE client-lease-statement | + ALIAS client-lease-statement | +- KEY key-definition */ ++ KEY key-definition | ++ BOOTP_BROADCAST_ALWAYS */ + + void parse_client_statement (cfile, ip, config) + struct parse *cfile; +@@ -818,6 +820,12 @@ + break; + + ++ case BOOTP_BROADCAST_ALWAYS: ++ token = next_token(&val, (unsigned*)0, cfile); ++ config -> bootp_broadcast_always = 1; ++ parse_semi (cfile); ++ return; ++ + default: + lose = 0; + stmt = (struct executable_statement *)0; +Index: isc-dhcp-4.4.1-2ubuntu1/client/dhclient.c +=================================================================== +--- isc-dhcp-4.4.1-2ubuntu1.orig/client/dhclient.c ++++ isc-dhcp-4.4.1-2ubuntu1/client/dhclient.c +@@ -1201,6 +1201,9 @@ + isc_result_t status; + struct parse *cfile = (struct parse *)0; + ++ /* Set the broadcast flag */ ++ ip->client->config->bootp_broadcast_always = 1; ++ + /* + * Find out if a dhcp-client-identifier option was specified either + * in the config file or on the command line +@@ -3360,7 +3363,8 @@ + client -> packet.xid = random (); + client -> packet.secs = 0; /* filled in by send_discover. */ + +- if (can_receive_unicast_unconfigured (client -> interface)) ++ if ((!(client->config->bootp_broadcast_always)) ++ && can_receive_unicast_unconfigured(client->interface)) + client -> packet.flags = 0; + else + client -> packet.flags = htons (BOOTP_BROADCAST); +@@ -3445,7 +3449,8 @@ + } else { + memset (&client -> packet.ciaddr, 0, + sizeof client -> packet.ciaddr); +- if (can_receive_unicast_unconfigured (client -> interface)) ++ if ((!(client ->config->bootp_broadcast_always)) && ++ can_receive_unicast_unconfigured (client -> interface)) + client -> packet.flags = 0; + else + client -> packet.flags = htons (BOOTP_BROADCAST); +@@ -3508,7 +3513,8 @@ + client -> packet.hops = 0; + client -> packet.xid = client -> xid; + client -> packet.secs = 0; /* Filled in by send_request. */ +- if (can_receive_unicast_unconfigured (client -> interface)) ++ if ((!(client->config-> bootp_broadcast_always)) ++ && can_receive_unicast_unconfigured (client->interface)) + client -> packet.flags = 0; + else + client -> packet.flags = htons (BOOTP_BROADCAST); +Index: isc-dhcp-4.4.1-2ubuntu1/common/conflex.c +=================================================================== +--- isc-dhcp-4.4.1-2ubuntu1.orig/common/conflex.c ++++ isc-dhcp-4.4.1-2ubuntu1/common/conflex.c +@@ -832,6 +832,8 @@ + if (!strcasecmp(atom+1, "ig-endian")) { + return TOKEN_BIG_ENDIAN; + } ++ if (!strcasecmp (atom + 1, "ootp-broadcast-always")) ++ return BOOTP_BROADCAST_ALWAYS; + break; + case 'c': + if (!strcasecmp(atom + 1, "ase")) +Index: isc-dhcp-4.4.1-2ubuntu1/includes/dhcpd.h +=================================================================== +--- isc-dhcp-4.4.1-2ubuntu1.orig/includes/dhcpd.h ++++ isc-dhcp-4.4.1-2ubuntu1/includes/dhcpd.h +@@ -1273,6 +1273,9 @@ + + int lease_id_format; /* format for IDs in lease file, + TOKEN_OCTAL or TOKEN_HEX */ ++ ++ int bootp_broadcast_always; /* If nonzero, always set the BOOTP_BROADCAST ++ flag in requests */ + }; + + /* Per-interface state used in the dhcp client... */ +Index: isc-dhcp-4.4.1-2ubuntu1/includes/dhctoken.h +=================================================================== +--- isc-dhcp-4.4.1-2ubuntu1.orig/includes/dhctoken.h ++++ isc-dhcp-4.4.1-2ubuntu1/includes/dhctoken.h +@@ -376,7 +376,8 @@ + LEASE_ID_FORMAT = 676, + TOKEN_HEX = 677, + TOKEN_OCTAL = 678, +- KEY_ALGORITHM = 679 ++ KEY_ALGORITHM = 679, ++ BOOTP_BROADCAST_ALWAYS = 680 + }; + + #define is_identifier(x) ((x) >= FIRST_TOKEN && \
  34. Download patch debian/patches/multi-ip-addr-per-if

    --- 4.4.1-2/debian/patches/multi-ip-addr-per-if 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/patches/multi-ip-addr-per-if 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,72 @@ +Author: Daniel Nurmi <nurmi@eucalyptus.com>, + Steve Langasek <steve.langasek@ubuntu.com> +Subject: Resolve issue of interfaces not being able to have + more than one IP address assigned. +Bug-Ubuntu: https://launchpad.net/bugs/717166 +Last-Updated: 2017-01-20 + +Index: isc-dhcp-4.3.5/common/discover.c +=================================================================== +--- isc-dhcp-4.3.5.orig/common/discover.c ++++ isc-dhcp-4.3.5/common/discover.c +@@ -596,6 +596,7 @@ + + /* Cycle through the list of interfaces looking for IP addresses. */ + while (next_iface(&info, &err, &ifaces)) { ++ struct ifaddrs *ifaddr, *ifa; + + /* See if we've seen an interface that matches this one. */ + for (tmp = interfaces; tmp; tmp = tmp->next) { +@@ -637,9 +638,20 @@ + (*dhcp_interface_discovery_hook)(tmp); + } + +- if ((info.addr.ss_family == AF_INET) && +- (local_family == AF_INET)) { +- struct sockaddr_in *a = (struct sockaddr_in*)&info.addr; ++ getifaddrs(&ifaddr); ++ for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) { ++ ++ char *s=NULL; ++ ++ s = strchr(ifa->ifa_name, ':'); ++ if (s != NULL) { ++ *s = '\0'; ++ } ++ if (strcmp(ifa->ifa_name, info.name)) ++ continue; ++ if ( (ifa->ifa_addr && ifa->ifa_addr->sa_family == AF_INET) && ++ (local_family == AF_INET)) { ++ struct sockaddr_in *a = (struct sockaddr_in *)ifa->ifa_addr; + struct iaddr addr; + + /* We don't want the loopback interface. */ +@@ -662,12 +674,12 @@ + if (dhcp_interface_setup_hook) { + (*dhcp_interface_setup_hook)(tmp, &addr); + } +- } ++ } + #ifdef DHCPv6 +- else if ((info.addr.ss_family == AF_INET6) && +- (local_family == AF_INET6)) { +- struct sockaddr_in6 *a = +- (struct sockaddr_in6*)&info.addr; ++ else if ((ifa->ifa_addr && ifa->ifa_addr->sa_family == AF_INET6) && ++ (local_family == AF_INET6)) { ++ struct sockaddr_in6 *a = ++ (struct sockaddr_in6*)ifa->ifa_addr; + struct iaddr addr; + + /* We don't want the loopback interface. */ +@@ -690,8 +702,9 @@ + if (dhcp_interface_setup_hook) { + (*dhcp_interface_setup_hook)(tmp, &addr); + } +- } ++ } + #endif /* DHCPv6 */ ++ } + } + + if (err) {
  35. Download patch debian/patches/dhcp-lpf-ib.patch
  36. Download patch debian/initramfs-tools/share/hooks/zz-dhclient

    --- 4.4.1-2/debian/initramfs-tools/share/hooks/zz-dhclient 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/initramfs-tools/share/hooks/zz-dhclient 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,28 @@ +#!/bin/sh + +PREREQ="" + +prereqs() +{ + echo "$PREREQ" +} + +case $1 in +prereqs) + prereqs + exit 0 + ;; +esac + +if [ ! -x /sbin/dhclient ]; then + exit 0 +fi + +. /usr/share/initramfs-tools/scripts/functions +. /usr/share/initramfs-tools/hook-functions + +copy_exec /bin/run-parts +copy_exec /sbin/dhclient +copy_exec /sbin/dhclient-script +cp -a /usr/lib/initramfs-tools/etc/dhcp/ $DESTDIR/etc/dhcp/ +mkdir -p $DESTDIR/var/lib/dhcp/
  37. Download patch debian/initramfs-tools/lib/etc/dhcp/dhclient-enter-hooks.d/config

    --- 4.4.1-2/debian/initramfs-tools/lib/etc/dhcp/dhclient-enter-hooks.d/config 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/initramfs-tools/lib/etc/dhcp/dhclient-enter-hooks.d/config 2019-09-02 22:07:27.000000000 +0000 @@ -0,0 +1,58 @@ +#!/bin/sh + +case "$reason" in +BOUND) + { + echo "DEVICE='$interface'" + echo "PROTO='dhcp'" + echo "IPV4PROTO='dhcp'" + echo "IPV4ADDR='$new_ip_address'" + echo "IPV4NETMASK='$new_subnet_mask'" + echo "IPV4BROADCAST='$new_broadcast_address'" + # Only keep the first router + echo "IPV4GATEWAY='${new_routers%% *}'" + i=0 + for name in $new_domain_name_servers; do + echo "IPV4DNS$i='$name'" + i=$((i+1)) + done + echo "ROOTSERVER='${new_routers%% *}'" + echo "HOSTNAME='$new_host_name'" + echo "DNSDOMAIN='$new_domain_name'" + if [ -n "$new_domain_search" ]; then + if [ -n "$new_domain_name" ]; then + domain_in_search_list="" + for domain in $new_domain_search; do + if [ "$domain" = "${new_domain_name}" ] || + [ "$domain" = "${new_domain_name}." ]; then + domain_in_search_list="Yes" + fi + done + if [ -z "$domain_in_search_list" ]; then + new_domain_search="$new_domain_name $new_domain_search" + fi + fi + echo "DOMAINSEARCH='${new_domain_search}'" + elif [ -n "$new_domain_name" ]; then + echo "DOMAINSEARCH='${new_domain_name}'" + fi + } >"/run/net-$interface.conf" + ;; +BOUND6) + { + echo "DEVICE6='$interface'" + echo "IPV6PROTO='dhcp6'" + echo "IPV6ADDR='$new_ip6_address'" + echo "IPV6NETMASK='$new_ip6_prefixlen'" + i=0 + for name in $new_dhcp6_name_servers; do + echo "IPV6DNS$i='$name'" + i=$((i+1)) + done + if [ -n "$new_dhcp6_domain_search" ]; then + echo "IPV6DOMAINSEARCH='$new_dhcp6_domain_search'" + fi + } >"/run/net6-$interface.conf" + ;; +esac +
  38. Download patch debian/apparmor/sbin.dhclient

    --- 4.4.1-2/debian/apparmor/sbin.dhclient 1970-01-01 00:00:00.000000000 +0000 +++ 4.4.1-2ubuntu5/debian/apparmor/sbin.dhclient 2018-08-13 02:11:16.000000000 +0000 @@ -0,0 +1,105 @@ +# vim:syntax=apparmor +#include <tunables/global> + +/sbin/dhclient flags=(attach_disconnected) { + #include <abstractions/base> + #include <abstractions/nameservice> + #include <abstractions/openssl> + + capability net_bind_service, + capability net_raw, + capability dac_override, + capability net_admin, + + network packet, + network raw, + + @{PROC}/[0-9]*/net/ r, + @{PROC}/[0-9]*/net/** r, + + /{,usr/}sbin/dhclient mr, + # LP: #1197484 and LP: #1202203 - why is this needed? :( + /{,usr/}bin/bash mr, + + /etc/dhclient.conf r, + /etc/dhcp/ r, + /etc/dhcp/** r, + + /var/lib/dhcp{,3}/dhclient* lrw, + /{,var/}run/dhclient*.pid lrw, + /{,var/}run/dhclient*.lease* lrw, + + # NetworkManager + /{,var/}run/nm*conf r, + /{,var/}run/sendsigs.omit.d/network-manager.dhclient*.pid lrw, + /var/lib/NetworkManager/dhclient*.conf lrw, + /var/lib/NetworkManager/dhclient*.lease* lrw, + signal (receive) peer=/usr/sbin/NetworkManager, + ptrace (readby) peer=/usr/sbin/NetworkManager, + + # connman + /{,var/}run/connman/dhclient*.pid lrw, + /{,var/}run/connman/dhclient*.leases lrw, + + # synce-hal + /usr/share/synce-hal/dhclient.conf r, + + # if there is a custom script, let it run unconfined + /etc/dhcp/dhclient-script Uxr, + + # The dhclient-script shell script sources other shell scripts rather than + # executing them, so we can't just use a separate profile for dhclient-script + # with 'Uxr' on the hook scripts. However, for the long-running dhclient3 + # daemon to run arbitrary code via /sbin/dhclient-script, it would need to be + # able to subvert dhclient-script or write to the hooks.d directories. As + # such, if the dhclient3 daemon is subverted, this effectively limits it to + # only being able to run the hooks scripts. + /{,usr/}sbin/dhclient-script Uxr, + + # Run the ELF executables under their own unrestricted profiles + /usr/lib/NetworkManager/nm-dhcp-client.action Pxrm, + /usr/lib/connman/scripts/dhclient-script Pxrm, + + # Support the new executable helper from NetworkManager. + /usr/lib/NetworkManager/nm-dhcp-helper Pxrm, + signal (receive) peer=/usr/lib/NetworkManager/nm-dhcp-helper, + + # Site-specific additions and overrides. See local/README for details. + #include <local/sbin.dhclient> +} + +/usr/lib/NetworkManager/nm-dhcp-client.action { + #include <abstractions/base> + #include <abstractions/dbus> + /usr/lib/NetworkManager/nm-dhcp-client.action mr, + + /var/lib/NetworkManager/*lease r, + signal (receive) peer=/usr/sbin/NetworkManager, + ptrace (readby) peer=/usr/sbin/NetworkManager, + network inet dgram, + network inet6 dgram, +} + +/usr/lib/NetworkManager/nm-dhcp-helper { + #include <abstractions/base> + #include <abstractions/dbus> + /usr/lib/NetworkManager/nm-dhcp-helper mr, + + /run/NetworkManager/private-dhcp rw, + signal (send) peer=/sbin/dhclient, + + /var/lib/NetworkManager/*lease r, + signal (receive) peer=/usr/sbin/NetworkManager, + ptrace (readby) peer=/usr/sbin/NetworkManager, + network inet dgram, + network inet6 dgram, +} + +/usr/lib/connman/scripts/dhclient-script { + #include <abstractions/base> + #include <abstractions/dbus> + /usr/lib/connman/scripts/dhclient-script mr, + network inet dgram, + network inet6 dgram, +} +

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: puppet

puppet (5.4.0-2ubuntu3) bionic; urgency=medium * Revert: - Revert the Ubuntu delta. No changes left. + DEP8 tests fail in the Ubuntu autopkgtest environment without the delta. * d/t/control: fix incorrect merge in 5.4.0-2ubuntu1: - Wrong test was generating the certificate. - Wrong tests were being run for puppet-master-passenger. -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 19 Apr 2018 14:06:40 -0700 puppet (5.4.0-2ubuntu2) bionic; urgency=medium * Revert the Ubuntu delta. No changes left. -- Matthias Klose <doko@ubuntu.com> Thu, 05 Apr 2018 00:03:24 +0200 puppet (5.4.0-2ubuntu1) bionic; urgency=medium * Merge with Debian; remaining changes: - d/t/control: disable sysv-init tests as it does not exist on Ubuntu. - d/t/spec/puppet-master-passenger/zz_puppet3_compat_spec.rb: specify to curl that 'puppet' should not be proxied. - d/t/control: generate a certificate for puppet master if it does not already exist, as it is needed by the tests. -- Matthias Klose <doko@ubuntu.com> Thu, 29 Mar 2018 14:21:28 +0800

Modifications :
  1. Download patch debian/tests/control

    --- 5.4.0-2/debian/tests/control 2018-02-23 00:26:15.000000000 +0000 +++ 5.4.0-2ubuntu3/debian/tests/control 2018-04-19 21:06:40.000000000 +0000 @@ -2,7 +2,7 @@ Test-Command: cd debian/tests && rspec s Depends: puppet,ruby-serverspec Restrictions: needs-root,isolation-container -Test-Command: cd debian/tests && rspec spec/puppet-master/*_spec.rb +Test-Command: cd debian/tests && (puppet cert print $(hostname --fqdn) >/dev/null 2>&1 || puppet cert generate $(hostname --fqdn) --dns_alt_names=puppet) && rspec spec/puppet-master/*_spec.rb Depends: puppet-master,ruby-serverspec Restrictions: needs-root,isolation-container @@ -14,6 +14,6 @@ Test-Command: cd debian/tests && ./servi Depends: puppet, systemd-sysv, ruby-serverspec Restrictions: needs-root, isolation-container -Test-Command: cd debian/tests && ./service-setup sysvinit && rspec spec/service-sysvinit/*_spec.rb -Depends: puppet, sysvinit-core, ruby-serverspec -Restrictions: needs-root, isolation-machine, needs-reboot +#Test-Command: cd debian/tests && ./service-setup sysvinit && rspec spec/service-sysvinit/*_spec.rb +#Depends: puppet, sysvinit-core, ruby-serverspec +#Restrictions: needs-root, isolation-machine, needs-reboot
  2. Download patch debian/control

    --- 5.4.0-2/debian/control 2018-03-13 08:54:34.000000000 +0000 +++ 5.4.0-2ubuntu3/debian/control 2018-04-19 21:06:31.000000000 +0000 @@ -1,7 +1,8 @@ Source: puppet Section: admin Priority: optional -Maintainer: Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org> Uploaders: Micah Anderson <micah@debian.org>, Andrew Pollock <apollock@debian.org>, Stig Sandbeck Mathisen <ssm@debian.org>,
  3. Download patch debian/tests/spec/puppet-master-passenger/zz_puppet3_compat_spec.rb

    --- 5.4.0-2/debian/tests/spec/puppet-master-passenger/zz_puppet3_compat_spec.rb 2018-02-22 23:56:55.000000000 +0000 +++ 5.4.0-2ubuntu3/debian/tests/spec/puppet-master-passenger/zz_puppet3_compat_spec.rb 2018-04-19 21:06:31.000000000 +0000 @@ -1,7 +1,7 @@ require 'spec_helper' # Note that this should run after agent.example.com's certificate has been generated -curl_cmd = 'curl --cert /var/lib/puppet/ssl/certs/agent.example.com.pem --key /var/lib/puppet/ssl/private_keys/agent.example.com.pem --cacert /var/lib/puppet/ssl/certs/ca.pem' +curl_cmd = 'curl --noproxy puppet --cert /var/lib/puppet/ssl/certs/agent.example.com.pem --key /var/lib/puppet/ssl/private_keys/agent.example.com.pem --cacert /var/lib/puppet/ssl/certs/ca.pem' describe command("#{curl_cmd} https://puppet:8140/production/status/test") do its(:exit_status) { should eq 0 }
  1. grpc
  2. isc-dhcp
  3. puppet