Ubuntu
isc-dhcp package

Merge ~utkarsh/ubuntu/+source/isc-dhcp:lp1894172-fix-env-bionic into ubuntu/+source/isc-dhcp:ubuntu/bionic

  1. Git
  2. lp:~utkarsh/ubuntu/+source/isc-dhcp
  3. lp1894172-fix-env-bionic
  4. Merge into ubuntu/bionic
Proposed by Utkarsh Gupta
Status: Superseded
Proposed branch: ~utkarsh/ubuntu/+source/isc-dhcp:lp1894172-fix-env-bionic
Merge into: ubuntu/+source/isc-dhcp:ubuntu/bionic
Diff against target: 288 lines (+242/-2)
5 files modified
debian/changelog (+19/-0)
debian/isc-dhcp-server.isc-dhcp-server.service (+2/-1)
debian/isc-dhcp-server.isc-dhcp-server6.service (+2/-1)
debian/patches/CVE-2019-6470.patch (+218/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Utkarsh Gupta (community) Needs Fixing
Canonical Server Pending
Canonical Server packageset reviewers Pending
git-ubuntu developers Pending
Review via email: mp+399438@code.launchpad.net

This proposal has been superseded by a proposal from 2021-03-10.

Description of the change

This MR fixes env variables for $INTERFACES (LP: #1894172).

PPA: https://launchpad.net/~utkarsh/+archive/ubuntu/experimental-dump/

Unfortunately there weren't any tests in this package but the change is trivial and I've done a manual test of this.

Should you need any more details, let me know. Requesting you to please review and sponsor the upload.

To post a comment you must log in.
Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Ugh, oh no! I checked out from ubuntu/bionic-devel and it had the security upload and it pulled it in for this MP as well. I am not sure where to rebase this from or how? Please let me know about this so I can get this fixed at the earliest. TIA!

review: Needs Fixing

Unmerged commits

854bd9f... by Utkarsh Gupta

changelog

Signed-off-by: Utkarsh Gupta <email address hidden>

9b8ebcd... by Utkarsh Gupta

  * Fix env variable for INTERFACES (LP: #1894172)
    - d/isc-dhcp-server.isc-dhcp-server{,6}.service: Replace $INTERFACES
      variable with $INTERFACEv4 and $INTERFACESv6, respectively, for
      respective services file.

Signed-off-by: Utkarsh Gupta <email address hidden>

2a0352d... by Marc Deslauriers

4.3.5-3ubuntu7.1 (patches unapplied)

Imported using git-ubuntu import.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index a90e4a9..67ac715 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,22 @@
6+isc-dhcp (4.3.5-3ubuntu8) bionic; urgency=medium
7+
8+ * Fix env variable for INTERFACES (LP: #1894172)
9+ - d/isc-dhcp-server.isc-dhcp-server{,6}.service: Replace $INTERFACES
10+ variable with $INTERFACEv4 and $INTERFACESv6, respectively, for
11+ respective services file.
12+
13+ -- Utkarsh Gupta <utkarsh.gupta@canonical.com> Wed, 10 Mar 2021 19:57:51 +0530
14+
15+isc-dhcp (4.3.5-3ubuntu7.1) bionic-security; urgency=medium
16+
17+ * SECURITY UPDATE: DoS via change in bind behaviour (LP: #1781699)
18+ - debian/patches/CVE-2019-6470.patch: use 0 instead of -1 to indicate
19+ empty heap index in includes/dhcpd.h, server/mdb6.c,
20+ server/tests/mdb6_unittest.c.
21+ - CVE-2019-6470
22+
23+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 06 May 2019 09:00:01 -0400
24+
25 isc-dhcp (4.3.5-3ubuntu7) bionic; urgency=medium
26
27 * bind-includes.patch: Copied from Debian to fix build with bind
28diff --git a/debian/isc-dhcp-server.isc-dhcp-server.service b/debian/isc-dhcp-server.isc-dhcp-server.service
29index b3e2794..4e7fe42 100644
30--- a/debian/isc-dhcp-server.isc-dhcp-server.service
31+++ b/debian/isc-dhcp-server.isc-dhcp-server.service
32@@ -18,7 +18,8 @@ ExecStart=/bin/sh -ec '\
33 [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
34 chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
35 chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
36- exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf $CONFIG_FILE $INTERFACES'
37+ if test -n "$INTERFACES" -a -z "$INTERFACESv4"; then INTERFACESv4="$INTERFACES"; fi; \
38+ exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf $CONFIG_FILE $INTERFACESv4'
39
40 [Install]
41 WantedBy=multi-user.target
42diff --git a/debian/isc-dhcp-server.isc-dhcp-server6.service b/debian/isc-dhcp-server.isc-dhcp-server6.service
43index e3b0828..8593fda 100644
44--- a/debian/isc-dhcp-server.isc-dhcp-server6.service
45+++ b/debian/isc-dhcp-server.isc-dhcp-server6.service
46@@ -18,7 +18,8 @@ ExecStart=/bin/sh -ec '\
47 [ -e /var/lib/dhcp/dhcpd6.leases ] || touch /var/lib/dhcp/dhcpd6.leases; \
48 chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd6.leases; \
49 chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd6.leases; \
50- exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/dhcp-server/dhcpd6.pid -cf $CONFIG_FILE $INTERFACES'
51+ if test -n "$INTERFACES" -a -z "$INTERFACESv6"; then INTERFACESv6="$INTERFACES"; fi; \
52+ exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/dhcp-server/dhcpd6.pid -cf $CONFIG_FILE $INTERFACESv6'
53
54 [Install]
55 WantedBy=multi-user.target
56diff --git a/debian/patches/CVE-2019-6470.patch b/debian/patches/CVE-2019-6470.patch
57new file mode 100644
58index 0000000..b431817
59--- /dev/null
60+++ b/debian/patches/CVE-2019-6470.patch
61@@ -0,0 +1,218 @@
62+From abacf8ad0d8844685e5cd76645a34ef2b8da3253 Mon Sep 17 00:00:00 2001
63+From: Thomas Markwalder <tmark@isc.org>
64+Date: Fri, 1 Dec 2017 09:13:26 -0500
65+Subject: [PATCH] [master] Use 0 instead of -1 to indicate empty heap index
66+
67+ Merges in rt46719.
68+---
69+ RELNOTES | 5 +++++
70+ includes/dhcpd.h | 5 +++--
71+ server/mdb6.c | 42 ++++++++++++++++++++++--------------------
72+ server/tests/mdb6_unittest.c | 9 +++++++--
73+ 4 files changed, 37 insertions(+), 24 deletions(-)
74+
75+#diff --git a/RELNOTES b/RELNOTES
76+#index ececd89e..b93af612 100644
77+#--- a/RELNOTES
78+#+++ b/RELNOTES
79+#@@ -1176,6 +1176,11 @@ dhcp-users@lists.isc.org.
80+# in the lease file causing issues with DDNS and so forth.
81+# [ISC-bugs #43786]
82+#
83+#+- Replaced iasubopt::heap_index with separate values for active and inactive
84+#+ heaps: iasubopt::active_index and iasubopt::inactive_index. This was done
85+#+ to accomodate a change in behavior in BIND9 isc_heap_delete().
86+#+ [ISC-bugs #46719]
87+#+
88+# Changes since 4.2.0 (new features)
89+#
90+# - If a client renews before 'dhcp-cache-threshold' percent of its lease
91+Index: isc-dhcp-4.3.5/includes/dhcpd.h
92+===================================================================
93+--- isc-dhcp-4.3.5.orig/includes/dhcpd.h 2019-05-06 08:57:34.738578132 -0400
94++++ isc-dhcp-4.3.5/includes/dhcpd.h 2019-05-06 08:57:34.734578119 -0400
95+@@ -1624,8 +1624,9 @@ struct iasubopt {
96+ */
97+ #define EXPIRED_IPV6_CLEANUP_TIME (60*60)
98+
99+- int heap_index; /* index into heap, or -1
100+- (internal use only) */
101++ /* index into heaps, or -1 (internal use only) */
102++ int active_index;
103++ int inactive_index;
104+
105+ /*
106+ * A pointer to the state of the ddns update for this lease.
107+Index: isc-dhcp-4.3.5/server/mdb6.c
108+===================================================================
109+--- isc-dhcp-4.3.5.orig/server/mdb6.c 2019-05-06 08:57:34.738578132 -0400
110++++ isc-dhcp-4.3.5/server/mdb6.c 2019-05-06 08:57:34.734578119 -0400
111+@@ -216,7 +216,8 @@ iasubopt_allocate(struct iasubopt **iasu
112+
113+ tmp->refcnt = 1;
114+ tmp->state = FTS_FREE;
115+- tmp->heap_index = -1;
116++ tmp->active_index = 0;
117++ tmp->inactive_index = 0;
118+ tmp->plen = 255;
119+
120+ *iasubopt = tmp;
121+@@ -600,14 +601,18 @@ lease_older(void *a, void *b) {
122+ }
123+
124+ /*
125+- * Helper function for lease address/prefix heaps.
126++ * Helper functions for lease address/prefix heaps.
127+ * Callback when an address's position in the heap changes.
128+ */
129+ static void
130+-lease_index_changed(void *iasubopt, unsigned int new_heap_index) {
131+- ((struct iasubopt *)iasubopt)-> heap_index = new_heap_index;
132++active_changed(void *iasubopt, unsigned int new_heap_index) {
133++ ((struct iasubopt *)iasubopt)->active_index = new_heap_index;
134+ }
135+
136++static void
137++inactive_changed(void *iasubopt, unsigned int new_heap_index) {
138++ ((struct iasubopt *)iasubopt)->inactive_index = new_heap_index;
139++}
140+
141+ /*!
142+ *
143+@@ -660,13 +665,13 @@ ipv6_pool_allocate(struct ipv6_pool **po
144+ dfree(tmp, file, line);
145+ return ISC_R_NOMEMORY;
146+ }
147+- if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed,
148++ if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, active_changed,
149+ 0, &(tmp->active_timeouts)) != ISC_R_SUCCESS) {
150+ iasubopt_free_hash_table(&(tmp->leases), file, line);
151+ dfree(tmp, file, line);
152+ return ISC_R_NOMEMORY;
153+ }
154+- if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed,
155++ if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, inactive_changed,
156+ 0, &(tmp->inactive_timeouts)) != ISC_R_SUCCESS) {
157+ isc_heap_destroy(&(tmp->active_timeouts));
158+ iasubopt_free_hash_table(&(tmp->leases), file, line);
159+@@ -1186,7 +1191,7 @@ cleanup_lease6(ia_hash_t *ia_table,
160+ * Remove the old lease from the active heap and from the hash table
161+ * then remove the lease from the IA and clean up the IA if necessary.
162+ */
163+- isc_heap_delete(pool->active_timeouts, test_iasubopt->heap_index);
164++ isc_heap_delete(pool->active_timeouts, test_iasubopt->active_index);
165+ pool->num_active--;
166+ if (pool->ipv6_pond)
167+ pool->ipv6_pond->num_active--;
168+@@ -1259,7 +1264,7 @@ add_lease6(struct ipv6_pool *pool, struc
169+ if ((test_iasubopt->state == FTS_ACTIVE) ||
170+ (test_iasubopt->state == FTS_ABANDONED)) {
171+ isc_heap_delete(pool->active_timeouts,
172+- test_iasubopt->heap_index);
173++ test_iasubopt->active_index);
174+ pool->num_active--;
175+ if (pool->ipv6_pond)
176+ pool->ipv6_pond->num_active--;
177+@@ -1271,7 +1276,7 @@ add_lease6(struct ipv6_pool *pool, struc
178+ }
179+ } else {
180+ isc_heap_delete(pool->inactive_timeouts,
181+- test_iasubopt->heap_index);
182++ test_iasubopt->inactive_index);
183+ pool->num_inactive--;
184+ }
185+
186+@@ -1392,14 +1397,13 @@ lease6_usable(struct iasubopt *lease) {
187+ static isc_result_t
188+ move_lease_to_active(struct ipv6_pool *pool, struct iasubopt *lease) {
189+ isc_result_t insert_result;
190+- int old_heap_index;
191+
192+- old_heap_index = lease->heap_index;
193+ insert_result = isc_heap_insert(pool->active_timeouts, lease);
194+ if (insert_result == ISC_R_SUCCESS) {
195+ iasubopt_hash_add(pool->leases, &lease->addr,
196+ sizeof(lease->addr), lease, MDL);
197+- isc_heap_delete(pool->inactive_timeouts, old_heap_index);
198++ isc_heap_delete(pool->inactive_timeouts,
199++ lease->inactive_index);
200+ pool->num_active++;
201+ pool->num_inactive--;
202+ lease->state = FTS_ACTIVE;
203+@@ -1449,16 +1453,16 @@ renew_lease6(struct ipv6_pool *pool, str
204+ if (lease->state == FTS_ACTIVE) {
205+ if (old_end_time <= lease->hard_lifetime_end_time) {
206+ isc_heap_decreased(pool->active_timeouts,
207+- lease->heap_index);
208++ lease->active_index);
209+ } else {
210+ isc_heap_increased(pool->active_timeouts,
211+- lease->heap_index);
212++ lease->active_index);
213+ }
214+ return ISC_R_SUCCESS;
215+ } else if (lease->state == FTS_ABANDONED) {
216+ char tmp_addr[INET6_ADDRSTRLEN];
217+ lease->state = FTS_ACTIVE;
218+- isc_heap_increased(pool->active_timeouts, lease->heap_index);
219++ isc_heap_increased(pool->active_timeouts, lease->active_index);
220+ log_info("Reclaiming previously abandoned address %s",
221+ inet_ntop(AF_INET6, &(lease->addr), tmp_addr,
222+ sizeof(tmp_addr)));
223+@@ -1480,9 +1484,7 @@ static isc_result_t
224+ move_lease_to_inactive(struct ipv6_pool *pool, struct iasubopt *lease,
225+ binding_state_t state) {
226+ isc_result_t insert_result;
227+- int old_heap_index;
228+
229+- old_heap_index = lease->heap_index;
230+ insert_result = isc_heap_insert(pool->inactive_timeouts, lease);
231+ if (insert_result == ISC_R_SUCCESS) {
232+ /*
233+@@ -1533,7 +1535,7 @@ move_lease_to_inactive(struct ipv6_pool
234+
235+ iasubopt_hash_delete(pool->leases,
236+ &lease->addr, sizeof(lease->addr), MDL);
237+- isc_heap_delete(pool->active_timeouts, old_heap_index);
238++ isc_heap_delete(pool->active_timeouts, lease->active_index);
239+ lease->state = state;
240+ pool->num_active--;
241+ pool->num_inactive++;
242+@@ -1611,7 +1613,7 @@ decline_lease6(struct ipv6_pool *pool, s
243+ pool->ipv6_pond->num_abandoned++;
244+
245+ lease->hard_lifetime_end_time = MAX_TIME;
246+- isc_heap_decreased(pool->active_timeouts, lease->heap_index);
247++ isc_heap_decreased(pool->active_timeouts, lease->active_index);
248+ return ISC_R_SUCCESS;
249+ }
250+
251+@@ -1884,7 +1886,7 @@ cleanup_old_expired(struct ipv6_pool *po
252+ break;
253+ }
254+
255+- isc_heap_delete(pool->inactive_timeouts, tmp->heap_index);
256++ isc_heap_delete(pool->inactive_timeouts, tmp->inactive_index);
257+ pool->num_inactive--;
258+
259+ if (tmp->ia != NULL) {
260+Index: isc-dhcp-4.3.5/server/tests/mdb6_unittest.c
261+===================================================================
262+--- isc-dhcp-4.3.5.orig/server/tests/mdb6_unittest.c 2019-05-06 08:57:34.738578132 -0400
263++++ isc-dhcp-4.3.5/server/tests/mdb6_unittest.c 2019-05-06 08:57:34.734578119 -0400
264+@@ -65,8 +65,13 @@ ATF_TC_BODY(iaaddr_basic, tc)
265+ if (iaaddr->state != FTS_FREE) {
266+ atf_tc_fail("ERROR: bad state %s:%d", MDL);
267+ }
268+- if (iaaddr->heap_index != -1) {
269+- atf_tc_fail("ERROR: bad heap_index %s:%d", MDL);
270++ if (iaaddr->active_index != 0) {
271++ atf_tc_fail("ERROR: bad active_index :%d %s:%d",
272++ iaaddr->active_index, MDL);
273++ }
274++ if (iaaddr->inactive_index != 0) {
275++ atf_tc_fail("ERROR: bad inactive_index %d %s:%d",
276++ iaaddr->inactive_index, MDL);
277+ }
278+ if (iasubopt_reference(&iaaddr_copy, iaaddr, MDL) != ISC_R_SUCCESS) {
279+ atf_tc_fail("ERROR: iasubopt_reference() %s:%d", MDL);
280diff --git a/debian/patches/series b/debian/patches/series
281index 3a343a3..d1dd46e 100644
282--- a/debian/patches/series
283+++ b/debian/patches/series
284@@ -34,3 +34,4 @@ dhcp-improved-xid-correct-byte-order.patch
285 dhcp-4.2.4-dhclient-options-changed.patch
286 ubuntu-dhcpd-conf.patch
287 CVE-2018-573x.patch
288+CVE-2019-6470.patch

Subscribers

People subscribed via source and target branches