diff --git a/kea-CVE-2015-8373.patch b/kea-CVE-2015-8373.patch deleted file mode 100644 index 0ea3597..0000000 --- a/kea-CVE-2015-8373.patch +++ /dev/null @@ -1,185 +0,0 @@ -diff --git a/src/bin/dhcp4/dhcp4_messages.mes b/src/bin/dhcp4/dhcp4_messages.mes -index f8e471b..fc992a0 100644 ---- a/src/bin/dhcp4/dhcp4_messages.mes -+++ b/src/bin/dhcp4/dhcp4_messages.mes -@@ -429,6 +429,11 @@ This error message is issued when preparing an on-wire format of the packet - has failed. The first argument identifies the client and the DHCP transaction. - The second argument includes the error string. - -+% DHCP4_PACKET_PROCESS_EXCEPTION exception occurred during packet processing: %1 -+This error message indicates that an exception was raised during packet processing -+that was not caught by other, more specific exception handlers. This packet will -+be dropped and the server will continue operation. -+ - % DHCP4_PACKET_RECEIVED %1: %2 (type %3) received from %4 to %5 on interface %6 - A debug message noting that the server has received the specified type of - packet on the specified interface. The first argument specifies the -diff --git a/src/bin/dhcp4/dhcp4_srv.cc b/src/bin/dhcp4/dhcp4_srv.cc -index 6ade319..1bdfc9a 100644 ---- a/src/bin/dhcp4/dhcp4_srv.cc -+++ b/src/bin/dhcp4/dhcp4_srv.cc -@@ -358,6 +358,8 @@ Dhcpv4Srv::run() { - Pkt4Ptr rsp; - - try { -+ -+ try { - // The lease database backend may install some timers for which - // the handlers need to be executed periodically. Retrieve the - // maximum interval at which the handlers must be executed from -@@ -716,6 +718,20 @@ Dhcpv4Srv::run() { - .arg(rsp->getLabel()) - .arg(e.what()); - } -+ -+ } catch (const std::exception& e) { -+ // General catch-all exception that are not caught by more specific -+ // catches. This one is for exceptions derived from std::exception. -+ LOG_ERROR(packet4_logger, DHCP4_PACKET_PROCESS_EXCEPTION) -+ .arg(e.what()); -+ } catch (...) { -+ // General catch-all exception that are not caught by more specific -+ // catches. This one is for other exceptions, not derived from -+ // std::exception. -+ LOG_ERROR(packet4_logger, DHCP4_PACKET_PROCESS_EXCEPTION) -+ .arg("an unknown exception not derived from std::exception"); -+ } -+ - } - - return (true); -diff --git a/src/bin/dhcp6/dhcp6_messages.mes b/src/bin/dhcp6/dhcp6_messages.mes -index 5b62bb7..9b84797 100644 ---- a/src/bin/dhcp6/dhcp6_messages.mes -+++ b/src/bin/dhcp6/dhcp6_messages.mes -@@ -413,6 +413,11 @@ This is a general catch-all message indicating that the processing of the - specified packet type from the indicated address failed. The reason is given in the - message. The server will not send a response but will instead ignore the packet. - -+% DHCP6_PACKET_PROCESS_EXCEPTION exception occurred during packet processing: %1 -+This error message indicates that an exception was raised during packet processing -+that was not caught by other, more specific exception handlers. This packet will -+be dropped and the server will continue operation. -+ - % DHCP6_PACKET_RECEIVED %1: %2 (type %3) received from %4 to %5 on interface %6 - A debug message noting that the server has received the specified type of - packet on the specified interface. The first argument specifies the -diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc -index 9f29e9d..33f54a0 100644 ---- a/src/bin/dhcp6/dhcp6_srv.cc -+++ b/src/bin/dhcp6/dhcp6_srv.cc -@@ -315,6 +315,8 @@ bool Dhcpv6Srv::run() { - Pkt6Ptr rsp; - - try { -+ -+ try { - // The lease database backend may install some timers for which - // the handlers need to be executed periodically. Retrieve the - // maximum interval at which the handlers must be executed from -@@ -710,6 +712,13 @@ bool Dhcpv6Srv::run() { - .arg(e.what()); - } - } -+ -+ } catch (const std::exception& e) { -+ // General catch-all exception that are not caught by more specific -+ // catches. -+ LOG_ERROR(packet6_logger, DHCP6_PACKET_PROCESS_EXCEPTION) -+ .arg(e.what()); -+ } - } - - return (true); -diff --git a/src/lib/dhcp/pkt4.cc b/src/lib/dhcp/pkt4.cc -index 44a96ca..2a82969 100644 ---- a/src/lib/dhcp/pkt4.cc -+++ b/src/lib/dhcp/pkt4.cc -@@ -343,15 +343,31 @@ std::string - Pkt4::getLabel() const { - - /// @todo If and when client id is extracted into Pkt4, this method should -- /// the instance member rather than fetch it every time. -+ /// use the instance member rather than fetch it every time. -+ std::string suffix; - ClientIdPtr client_id; - OptionPtr client_opt = getOption(DHO_DHCP_CLIENT_IDENTIFIER); -- if (client_opt ) { -- client_id = ClientIdPtr(new ClientId(client_opt->getData())); -+ if (client_opt) { -+ try { -+ client_id = ClientIdPtr(new ClientId(client_opt->getData())); -+ } catch (...) { -+ // ClientId may throw if the client-id is too short. -+ suffix = " (malformed client-id)"; -+ } - } - -- return makeLabel(hwaddr_, client_id, transid_); -- -+ std::ostringstream label; -+ try { -+ label << makeLabel(hwaddr_, client_id, transid_); -+ } catch (...) { -+ // This should not happen with the current code, but we may add extra -+ // sanity checks in the future that would possibly throw if -+ // the hwaddr length is 0. -+ label << " (malformed hw address)"; -+ } -+ -+ label << suffix; -+ return (label.str()); - } - - std::string -diff --git a/src/lib/dhcp/pkt4.h b/src/lib/dhcp/pkt4.h -index 549be78..12af2cf 100644 ---- a/src/lib/dhcp/pkt4.h -+++ b/src/lib/dhcp/pkt4.h -@@ -103,6 +103,8 @@ public: - /// wrapper around static makeLabel(). See this method for string - /// content. - /// -+ /// This method is exception safe. -+ /// - /// @return string with text representation - std::string getLabel() const; - -diff --git a/src/lib/dhcp/pkt6.cc b/src/lib/dhcp/pkt6.cc -index 7881672..d0fd5e5 100644 ---- a/src/lib/dhcp/pkt6.cc -+++ b/src/lib/dhcp/pkt6.cc -@@ -544,7 +544,18 @@ Pkt6::toText() const { - DuidPtr - Pkt6::getClientId() const { - OptionPtr opt_duid = getOption(D6O_CLIENTID); -- return (opt_duid ? DuidPtr(new DUID(opt_duid->getData())) : DuidPtr()); -+ try { -+ // This will throw if the DUID length is larger than 128 bytes -+ // or is too short. -+ return (opt_duid ? DuidPtr(new DUID(opt_duid->getData())) : DuidPtr()); -+ } catch (...) { -+ // Do nothing. This method is used only by getLabel(), which is -+ // used for logging purposes. We should not throw, but rather -+ // report no DUID. We should not log anything, as we're in the -+ // process of logging something for this packet. So the only -+ // choice left is to return an empty pointer. -+ } -+ return (DuidPtr()); - } - - isc::dhcp::OptionCollection -diff --git a/src/lib/dhcp/pkt6.h b/src/lib/dhcp/pkt6.h -index febb92d..3228dad 100644 ---- a/src/lib/dhcp/pkt6.h -+++ b/src/lib/dhcp/pkt6.h -@@ -217,6 +217,8 @@ public: - - /// @brief Retrieves the DUID from the Client Identifier option. - /// -+ /// This method is exception safe. -+ /// - /// @return Pointer to the DUID or NULL if the option doesn't exist. - DuidPtr getClientId() const; - - diff --git a/kea-coroutinepgsql.patch b/kea-coroutinepgsql.patch new file mode 100644 index 0000000..8638483 --- /dev/null +++ b/kea-coroutinepgsql.patch @@ -0,0 +1,24 @@ +diff -up ./ext/coroutine/coroutine.h.coroutinepgsql ./ext/coroutine/coroutine.h +--- ./ext/coroutine/coroutine.h.coroutinepgsql 2015-12-28 13:18:05.000000000 +0100 ++++ ./ext/coroutine/coroutine.h 2016-03-15 14:58:26.344825900 +0100 +@@ -108,7 +108,7 @@ private: + for (_coro_value = __LINE__;;) \ + if (_coro_value == 0) \ + { \ +- case __LINE__: ; \ ++/* case __LINE__: ;*/ \ + break; \ + } \ + else \ +diff -up ./src/lib/dhcpsrv/pgsql_lease_mgr.cc.coroutinepgsql ./src/lib/dhcpsrv/pgsql_lease_mgr.cc +--- ./src/lib/dhcpsrv/pgsql_lease_mgr.cc.coroutinepgsql 2015-12-28 13:18:45.000000000 +0100 ++++ ./src/lib/dhcpsrv/pgsql_lease_mgr.cc 2016-03-15 13:59:06.837391677 +0100 +@@ -1690,7 +1690,7 @@ PgSqlLeaseMgr::getVersion() const { + + PQclear(r); + +- return make_pair(version, minor); ++ return (make_pair(version, minor)); + } + + void diff --git a/kea.spec b/kea.spec index 30c5ba5..3254d06 100644 --- a/kea.spec +++ b/kea.spec @@ -10,13 +10,14 @@ Summary: DHCPv4, DHCPv6 and DDNS server from ISC Name: kea Version: 1.0.0 -Release: 2%{?dist} +Release: 9%{?dist} License: MPLv2.0 and Boost URL: http://kea.isc.org Source0: http://ftp.isc.org/isc/kea/%{VERSION}/kea-%{VERSION}.tar.gz # http://kea.isc.org/ticket/3529 Patch0: kea-systemd.patch +Patch1: kea-coroutinepgsql.patch # autoreconf BuildRequires: autoconf automake libtool @@ -67,6 +68,8 @@ This package contains shared libraries used by Kea DHCP server. %package devel Summary: Development headers and libraries for Kea DHCP server Requires: kea-libs%{?_isa} = %{version}-%{release} +# to build hooks (#1335900) +Requires: boost-devel %description devel Header files and API documentation. @@ -75,6 +78,7 @@ Header files and API documentation. %setup -q -n kea-%{VERSION} %patch0 -p1 -b .systemd +%patch1 -p1 -b .coroutinepgsql # install leases db in /var/lib/kea/ not /var/kea/ # http://kea.isc.org/ticket/3523 @@ -87,6 +91,7 @@ sed -i -e 's|ECHO|YYECHO|g' src/lib/eval/lexer.cc %build autoreconf --verbose --force --install +export CXXFLAGS="%{optflags} -std=gnu++11 -Wno-deprecated-declarations" %configure \ --disable-dependency-tracking \ @@ -98,9 +103,9 @@ autoreconf --verbose --force --install --with-dhcp-mysql \ --with-dhcp-pgsql \ --with-gnu-ld \ - --with-gtest \ --with-log4cplus \ - --with-openssl + --with-openssl \ +# --with-gtest make %{?_smp_mflags} @@ -237,8 +242,26 @@ EOF %{_libdir}/pkgconfig/dns++.pc %changelog -* Wed Jan 06 2016 Jiri Popelka - 1.0.0-2 -- make it build on ppc64(le) +* Fri May 13 2016 Jiri Popelka - 1.0.0-9 +- devel subpackage Requires: boost-devel + +* Wed Mar 23 2016 Zdenek Dohnal - 1.0.0-8 +- Rebuild for log4cplus-1.2.0-2 + +* Wed Mar 23 2016 Zdenek Dohnal - 1.0.0-7 +- Rebuilding kea for log4cplus-1.2.0 + +* Wed Mar 16 2016 Zdenek Dohnal - 1.0.0-6 +- Editing pgsql_lease_mgr.cc according to upstream + +* Fri Mar 11 2016 Zdenek Dohnal - 1.0.0-4 +- Fixing bugs created from new C++ standard + +* Thu Feb 04 2016 Fedora Release Engineering - 1.0.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jan 15 2016 Jonathan Wakely - 1.0.0-2 +- Rebuilt for Boost 1.60 * Tue Dec 29 2015 Jiri Popelka - 1.0.0-1 - 1.0.0