Fixes build error
Building dns library in /home/bernd/buildroot/br4/output/build/dhcp-4.4.3-
P1/bind/bind-9.11.36/lib/dns
./gen: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not found
(required by ./gen)
make[4]: *** [Makefile:601: include/dns/enumtype.h] Error 1
make[3]: *** [Makefile:595: include] Error 2
with this defconfig
BR2_x86_64=y
BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y
BR2_PACKAGE_DHCP=y
Please note that this build error only occurs when the target and the
host system have the same arch. For example this defconfig builds fine:
BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y
BR2_PACKAGE_DHCP=y
on a Debian 12 x86_64 host using glibc-2.36:
$ /lib/ld-linux.so.2 --version
ld.so (Debian GLIBC 2.36-9+deb12u1) stable release version 2.36.
The error occurs since buildroot commit 34f8d874ee which bumped glibc
from 2.37 to 2.38.
This patch is inspired by the Yocto Project:
https://patchwork.yoctoproject.org/project/oe/patch/20230715212159.3265080-1-raj.khem@gmail.com/
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Corrected a reference count leak that occurs when the server builds
responses to leasequery packets. Thanks to VictorV of Cyber Kunlun
Lab for reporting the issue.
[Gitlab #253]
CVE: CVE-2022-2928
- Corrected a memory leak that occurs when unpacking a packet that has an
FQDN option (81) that contains a label with length greater than 63 bytes.
Thanks to VictorV of Cyber Kunlun Lab for reporting the issue.
[Gitlab #254]
CVE: CVE-2022-2929
https://kb.isc.org/docs/cve-2022-2928https://kb.isc.org/docs/cve-2022-2929https://ftp.isc.org/isc/dhcp/4.4.3-P1/dhcp-4.4.3-P1-RELNOTES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure without atomic raised since commit
fde2197942:
/nvmedata/autobuild/instance-25/output-1/host/lib/gcc/mipsel-buildroot-linux-uclibc/10.3.0/../../../../mipsel-buildroot-linux-uclibc/bin/ld: cannot find -latomic: No such file or directory
Fixes:
- http://autobuild.buildroot.org/results/db6/db6923915e36bcdb2953a3cdd2b450fa10794631
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commits 4db37c663c (dhcp: add config option for delayed-ack feature
of dhcp server) and 40f7adae3c (package/dhcp: add security options to
DHCP server) forgot to explicit disable the option when not requested.
Fix that now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Andreas Ehmanns <universeiii@gmx.de>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Thomas De Schampheleire <patrickdepinguin+buildroot@gmail.com>
Cc: Jan Havran <havran.jan@email.cz>
Cc: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
I was trying to make the ISC dhcp daemon more secure by using the
-user and -group option to let dhcp server run as non-root user.
Unfortunately these options are not available when building ISC dhcp
server with buildroot.
The reason is, that the configure script must be called with the
option --enable-paranoia to activate these options. But this option
is not set in the dhcp.mk file.
To be backward compatible I added a new option to the dhcp's Config.in
file to enable this feature when desired and parse this option in
dhcp.mk.
Signed-off-by: Andreas Ehmanns <universeiii@gmx.de>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Like was done in 700674b45c (package/bind: disable backtrace support)
for the up-to-date, official, upstream bind, also disable backtrace on
dhcp's internal bind to avoid the following build failure since commit
0c8dd6ebd6 (package/dhcp: use internal bind):
/nvmedata/autobuild/instance-15/output-1/host/lib/gcc/armeb-buildroot-linux-uclibcgnueabi/10.3.0/../../../../armeb-buildroot-linux-uclibcgnueabi/bin/ld: /nvmedata/autobuild/instance-15/output-1/build/dhcp-4.4.3/bind/bind-9.11.36/lib/isc/.libs/libisc.so: undefined reference to `_Unwind_GetIP'
Fixes:
- http://autobuild.buildroot.org/results/074786f3f1e7ffc858dcb1de1855ee138793869e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Untar internal bind so libtool patches will be applied on bind's
libtool. This will fix:
- installation of some libraries such as libisccfg. Indeed, if libtool
is not patched those libraries will be "relinked" and so not
installed.
- build failures with riscv and or1k:
Invalid configuration `riscv64-buildroot-linux-musl': machine `riscv64-buildroot' not recognized
Invalid configuration `or1k-buildroot-linux-uclibc': machine `or1k-buildroot' not recognized
Fixes:
- http://autobuild.buildroot.org/results/d25b76e628ffe5293c6bc1fd467a6b8966cb1bc2
- http://autobuild.buildroot.org/results/ba3258d8df00a7626784189125f0202fb161c40e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Jan Havran <havran.jan@email.cz>
Tested-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Internal bind libraries are not installed to target since commit
0c8dd6ebd6 resulting in the following
runtime failure:
Starting DHCP server: /usr/sbin/dhcpd: error while loading shared libraries: libirs.so.161: cannot open shared object file: No such file or directory
RANLIB must also be set to avoid the following build failure at install
step:
libtool: install: arceb-buildroot-linux-uclibc-ranlib /home/fabrice/buildroot/output/per-package/dhcp/target/usr/lib/libisccfg.a
/home/fabrice/buildroot/output/build/dhcp-4.4.3/bind/bind-9.11.36/libtool: line 1719: arceb-buildroot-linux-uclibc-ranlib: command not found
Fixes:
- No autobuilder failures (reported by Eugen.Hristev@microchip.com)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Security vulnerabilies will be fixed by bumping internal bind from
9.11.14 to 9.11.36
- Drop patch (already in version)
- This bump will also fix the following build failure on platforms
without stdatomic lock free thanks to
261c84d91d
stats.c: In function 'setcounter':
stats.c:300:29: error: 'val' undeclared (first use in this function); did you mean 'value'?
300 | stats->counters[counter] = val;
| ^~~
| value
- Update hash of license file (ISC address updated and preamble removed:
429a56d73cee868403d0)
https://gitlab.isc.org/isc-projects/dhcp/-/blob/v4_4_3/RELNOTES
Fixes:
- http://autobuild.buildroot.org/results/e4d027b5bcda852d0b5a54035de5ed37499a4ef0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Building gen tool of the internal (bundled) bind needs to be for host, not target
Switch to use internal build in commit 0c8dd6ebd6
overlooked this.
Building dns library in /home/autobuild/autobuild/instance-13/output-1/build/dhcp-4.4.2-P1/bind/bind-9.11.14/lib/dns
/bin/sh: line 1: ./gen: cannot execute binary file: Exec format error
Thus, we need to set not just CC, but also CFLAGS etc. otherwise the
target CFLAGS etc. will be inherited from top-level configure.
Fixes:
- http://autobuild.buildroot.org/results/da6fd904d1a6bae73b6ff89dd008de1f459bb7d7/
Signed-off-by: Tim Hammer <Tim.Hammer@orolia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
internal bind is in version 9.11 and so doesn't support pkg-config
like bind 9.16 resulting in the following build failure since commit
0c8dd6ebd6:
configure: error: include/zlib.h not found.
Fixes:
- http://autobuild.buildroot.org/results/7a5cdf30881d208807976cf98960c5fe2abfed50
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use internal bind as dhcp doesn't build since bump of bind to version
9.16.26 in commit 8adeaec8af and upstream
doesn't plan to fix it any time soon:
https://gitlab.isc.org/isc-projects/dhcp/-/issues/233#note_276883
In file included from ../includes/dhcpd.h:91,
from ctrace.c:29:
../includes/omapip/isclib.h:51:10: fatal error: isc/boolean.h: No such file or directory
51 | #include <isc/boolean.h>
| ^~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/d18b006dce7b46631ce8f4c72fb97eb861993939
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
this tool and service is pretty much expected to be enabled,
making this a certainty will enable future improvements.
The config variable BR2_PACKAGE_SYSTEMD_TMPFILES is still
availabe and always set.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issue:
- CVE-2021-25217: A buffer overrun in lease file parsing code can be used to
exploit a common vulnerability shared by dhcpd and dhclient
For details, see the advisory:
https://kb.isc.org/docs/cve-2021-25217
Update the LICENSE hash for a change of copyright years.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
DHCP package may silently fail to install binaries to the target image.
The problem occurs when buildroot output/host and build server provide
different flavors of awk. For instance, mawk on build server and gawk
in buildroot output/host. In this case isc-dhcp configure script detects
gawk in output/host and generates Makefiles specifying gawk without
absolute path. During Buildroot installation phase, those Makefiles
are used to install dhcp binaries. They attempt to use gawk without
absolute path. However build host does not have gawk.
To resolve the issue add host-gawk to dependencies and specify absolute
path to host-gawk in dhcp configure script using DHCP_CONF_ENV.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
On hosts where gawk is not available, it is not possible to build the
package with server option (BR2_PACKAGE_DHCP_SERVER).
The build goes through without errors but the binaries are not created
and installed. The reason is that autotools cannot find gawk.
Fixes: Bug 13781
Reported-by: Kay Jeschonneck <kay.jeschonneck@airbus.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch adds CPE ID information for a significant number of
packages.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed 0001-*.patch as it is included with the maintenance release.
The LICENSE file hash changed due to Copyright year updating to
include 2020.
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
All the packages in this list have the following properties
* units are provided by buildroot in the package directory
* the SYSTEMD_INSTALL_INIT_HOOK is exactly equivalent to what the
[Install] section of the unit does
The fix removes the soflinking in the .mk file
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Document that along with the server we install omshell, an interactive
tool to connect to, query, and possibly change, the server's state via
the Object Management API (OMAPI).
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We don't use "make install" for target installation because we build all
utilities (server, relay, client) but install only the selected ones.
The utilities, however, require the shared libraries to work, so use the
"install-exec" make target to install them. This also installs static
libraries but they are removed later by target-finalize.
With this change the omshell utility is installed if server is selected.
We keep it, since it is small and may be useful at run-time.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12086
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We don't use "make install" for the target installation so we must pick
the executables from the ".libs" directories on which libtool generates
them otherwise we install the automatically generated wrapper scripts.
This was not necessary before the upgrade to version 4.4.1.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=12051
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current URL no longer exists, so update it to what looks like the
main DHCP upstream site.
This issue was noticed by the upstream URL check added by Matt Weber
in the pkg-stats script, whose results are visible at
http://autobuild.buildroot.net/stats/.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select bind instead of using the embedded bind libraries. This will help
managing correctly all the bind dependencies such as zlib
Fixes:
- http://autobuild.buildroot.org/results/a61f24e9f117c81893c58befb20d21179e61b85b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When BR2_PACKAGE_ZLIB=y, we enable zlib support in the bind included
in dhcp, but we forget to add zlib to DHCP_DEPENDENCIES, so it doesn't
get built before dhcp, causing build failures.
Fixes:
http://autobuild.buildroot.net/results/5a33057ceaf3f53e6ba9deab3f214a4c8a644352/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Use --with-bind-extra-config option to:
- add --without-zlib otherwise static build will fail if zlib is found
on host
- Add --without-dlopen otherwise static build will fail
- Drop all patches (already in version)
- Drop autoreconf (not needed anymore)
- Update license to MPL-2.0:
https://www.isc.org/blogs/isc-dhcp-moves-to-mpl-2-0-license
- Update hash of license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2018-5732: The DHCP client incorrectly handled certain malformed
responses. A remote attacker could use this issue to cause the DHCP
client to crash, resulting in a denial of service, or possibly execute
arbitrary code. In the default installation, attackers would be isolated
by the dhclient AppArmor profile.
CVE-2018-5733: The DHCP server incorrectly handled reference counting. A
remote attacker could possibly use this issue to cause the DHCP server
to crash, resulting in a denial of service.
Both issues are fixed in version 4.4.1. But we are close to release, so
backport the fixes instead of bumping version.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The isc assertions from the bundled bind dns library are
using the __FILE__ macro for debug messages (see
dhcp-4.3.5/bind/bind-9.9.9-P3/lib/isc/include/isc/assertions.h).
Disabling the assertions gains:
- reproducible builds (no build time paths in the executable)
- space saving on the target:
dhcpd: 1.9M -> 1.6M
dhcrelay: 1.6M -> 1.3M
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes socket leak that might cause denial of serivce.
https://bugzilla.redhat.com/show_bug.cgi?id=1523547
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
tmpfile support is optional in systemd but the dhcp server install it's
config file in $(TARGET_DIR)/usr/lib/tmpfiles.d directory when systemd
is used as init system.
So it seems that dhcp server require tmpfile support for systemd based
system.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Having the BR2_PACKAGE_BUSYBOX_SHOW_OTHERS dependencies in
package/Config.in is not very practical: it makes this file not very
readable, and puts the dependency away from the package itself, which
can sometimes be confusing. Therefore, this commit moves the dependency
in each package Config.in file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
bind source tar-ball is now embedded into the dhcp source. The embedded
bind tar-ball is extracted after the dhcp source so cross compiling
patches can be applied to the dhcp and bind before the package is built.
The embedded bind configure is called as part of dhcp make instead of
dhcp configure; therefore, needed configure parameters are set in the
make env.
0001-dhcp-cross-compile.patch and 0002-bind-cross-compile.patch have
been submitted upstream as part of a cross compiling enhancement
suggestion to dhcp-suggest@isc.org. Reference ISC-Bugs #41502.
0003-bind-hos-cc.patch is already scheduled for the next dhcp release.
Buildroot thread
http://lists.busybox.net/pipermail/buildroot/2016-January/149079.html
has related information.
Signed-off-by: Doug Kehn <rdkehn@yahoo.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
No sleep is required for the restart and force-reload operations to
succeed.
Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fix various messages displayed by these scripts:
- make start-stop-daemon quiet in order to avoid extra messages like
"stopped /usr/sbin/dhcpd (pid 174)" being output between the command
description and its result,
- fix the script names in the usage strings.
Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The dhcpd daemon does not require network interface names to be
specified on the command line.
>From dhcpd(8):
"The names of the network interfaces on which dhcpd should listen for
broadcasts may be specified on the command line. This should be done
on systems where dhcpd is unable to identify non-broadcast interfaces,
but should not be required on other systems. If no interface names
are specified on the command line dhcpd will identify all network
interfaces which are up, eliminating non-broadcast interfaces if
possible, and listen for DHCP broadcasts on each interface."
dhcpd exits with "Not configured to listen on any interfaces!" only if
no requested (those in INTERFACES, or all if empty) non-broadcast
interfaces matching the subnet declarations in dhcpd.conf are up.
Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add an OPTIONS configuration variable in order to make it possible to
pass custom extra options to dhcpd. This keeps the systemd support
consistent with the SysV init script.
Signed-off-by: Benoît Thébaudeau <benoit.thebaudeau.dev@gmail.com>
Reviewed-by: "Maxime Hadjinlian" <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add an OPTIONS configuration variable in order to make it possible to
pass custom extra options to dhcpd.
Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The S80dhcp-relay init script has configuration variables like
INTERFACES whose contents have to be passed to the daemon. These
variables are initialized as empty strings, but some of them are not
allowed to be empty and there was no means of filling them apart from
creating a root FS overlay to overwrite these scripts.
This commit adds support for reading dhcrelay under /etc/default/ to
set these configuration variables.
[Thomas: adapt to patch only S80dhcp-relay, since S80dhcp-server has
already been changed by previous commits.]
Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit does misc improvements to the S80dhcp-server init script:
- Use more variables: NAME, DAEMON, CFG_FILE
- Read the configuration file in /etc/default/ in a more usual way
(as done in S21rngd for example)
- Remove leftover dhcpd3 string in the stopping action.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
All daemons that read a file from /etc/default/ have it named just
after the name of daemon, without any extension. This commit fixes the
dhcp package to do the same.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
