Merge "dhcp: fix CVE-2019-6470"

base/dhcp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch

@@ -17,8 +17,8 @@ index 42409f6..70c7a6d 100644
  Summary:  Dynamic host configuration protocol software
  Name:     dhcp
  Version:  4.2.5
--Release:  68%{?dist}.1
-+Release:  68.el7.centos.1%{?_tis_dist}.%{tis_patch_ver}
+-Release:  82%{?dist}
++Release:  82.el7.centos%{?_tis_dist}.%{tis_patch_ver}
  # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
  # dcantrell maintaining the package) made incorrect use of the epoch and
  # that's why it is at 12 now.  It should have never been used, but it was.

base/dhcp/centos/meta_patches/0001-dhcp-set-the-prefixlen-to-64.patch

@@ -0,0 +1,49 @@
+From 54d85d8a0378a6610012adeae7abaefaf01ea9a1 Mon Sep 17 00:00:00 2001
+From: Zhixiong Chi <zhixiong.chi@windriver.com>
+Date: Tue, 9 Feb 2021 18:30:14 -0800
+Subject: [PATCH] WRS: dhcp: set the prefixlen to 64
+
+Drop the patch dhcp-dhclient_ipv6_prefix.patch to keep the default
+value of the prefixlen to 64, since we don't need this patch to set
+the default value 128 as usual, otherwise it will occurs that all hosts
+(controller|compute node) offline after booting off the controller-0,
+or the other usage scenes.
+As usual, 128 is usually the specifications call for host address
+and it doesn't include any on-link information.
+By contrast, 64 indicates that's subnet area, and this vaule is used
+frequently as usual. So we still use the previous vaule 64.
+Meanwhile we don't need to modify the relevant place where every
+application code needed for the compatibility any more.
+
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ SPECS/dhcp.spec | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
+index c893632..f7add1a 100644
+--- a/SPECS/dhcp.spec
++++ b/SPECS/dhcp.spec
+@@ -111,7 +111,8 @@ Patch70:  dhcp-4.2.5-reference_count_overflow.patch
+ Patch71:  dhcp-replay_file_limit.patch
+ Patch72:  dhcp-4.2.5-expiry_before_renewal_v2.patch
+ Patch73:  dhcp-4.2.5-bind-config.patch
+-Patch74:  dhcp-dhclient_ipv6_prefix.patch
++#Drop dhcp-dhclient_ipv6_prefix.patch not to set the default prefixlen 128
++#Patch74:  dhcp-dhclient_ipv6_prefix.patch
+ # Support build with bind 9.11.3+
+ Patch75:  dhcp-4.2.5-isc-util.patch
+ 
+@@ -452,7 +453,8 @@ rm -rf includes/isc-dhcp
+ 
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1647784
+ %patch72 -p1 -b .t2-expirity
+-%patch74 -p1 -b .ipv6-prefix
++# Drop this patch not to set the default prefixlen 128
++#%patch74 -p1 -b .ipv6-prefix
+ 
+ # Support for BIND 9.11
+ %patch73 -p1 -b .bind-config
+-- 
+2.17.0
+

base/dhcp/centos/meta_patches/PATCH_ORDER

@@ -1,3 +1,4 @@
 spec-include-TiS-patches.patch
 dhclient-dhcp6-set-hostname.patch
+0001-dhcp-set-the-prefixlen-to-64.patch
 0001-Update-package-versioning-for-TIS-format.patch

base/dhcp/centos/meta_patches/dhclient-dhcp6-set-hostname.patch

@@ -12,9 +12,9 @@ index 87bad65..fb51eb5 100644
 --- a/SOURCES/dhclient-script
 +++ b/SOURCES/dhclient-script
 @@ -653,6 +653,10 @@ dh6config() {
+ 
              add_ipv6_addr_with_DAD
  
-             make_resolv_conf
 +
 +            if [ -n "${new_fqdn_hostname}" ] && need_hostname; then
 +                hostname ${new_fqdn_hostname} || echo "See -nc option in dhclient(8) man page."

base/dhcp/centos/srpm_path

@@ -1 +1 @@
-mirror:Source/dhcp-4.2.5-68.el7.centos.1.src.rpm
+mirror:Source/dhcp-4.2.5-82.el7.centos.src.rpm

centos_srpms_centos.lst

@@ -1,6 +1,6 @@
 anaconda-21.48.22.147-1.el7.centos.src.rpm
 cloud-init-0.7.9-24.el7.centos.1.src.rpm
-dhcp-4.2.5-68.el7.centos.1.src.rpm
+dhcp-4.2.5-82.el7.centos.src.rpm
 dnsmasq-2.76-7.el7.src.rpm
 facter-2.4.4-4.el7.src.rpm
 grub2-2.02-0.86.el7.centos.src.rpm