22517767 Upgrade Solaris' DHCP to version 4.1-ESV-R7-P1
authorBen Chang <Benjamin.Chang@Oracle.COM>
Tue, 12 Jan 2016 17:16:02 -0800
changeset 5261 172253f94ecf
parent 5260 e336bbbceb4f
child 5262 86d81f5e0391
22517767 Upgrade Solaris' DHCP to version 4.1-ESV-R7-P1 22501693 problem in SERVICE/DHCP-SERVER
components/isc-dhcp/Makefile
components/isc-dhcp/dhcp.p5m
components/isc-dhcp/patches/001-dhcp-dynamiclibraries.patch
components/isc-dhcp/patches/002-ignore-client-uids.patch
components/isc-dhcp/patches/003-CVE-2015-8605.patch
components/isc-dhcp/patches/dhcp-dynamiclibraries.patch
components/isc-dhcp/patches/ignore-client-uids.patch
--- a/components/isc-dhcp/Makefile	Tue Jan 12 14:17:49 2016 -0800
+++ b/components/isc-dhcp/Makefile	Tue Jan 12 17:16:02 2016 -0800
@@ -18,13 +18,14 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
 #
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		isc-dhcp
 COMPONENT_VERSION=	4.1-ESV-R7
-IPS_COMPONENT_VERSION=	4.1.0.7
+HUMAN_VERSION=		$(COMPONENT_VERSION)-P1
+IPS_COMPONENT_VERSION=	4.1.0.7.1
 COMPONENT_SRC_NAME=	dhcp
 COMPONENT_SRC=		$(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
--- a/components/isc-dhcp/dhcp.p5m	Tue Jan 12 14:17:49 2016 -0800
+++ b/components/isc-dhcp/dhcp.p5m	Tue Jan 12 17:16:02 2016 -0800
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
 #
 <transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
 set name=pkg.fmri \
@@ -26,6 +26,7 @@
 set name=pkg.summary value="ISC DHCP Server and Relay Agent."
 set name=pkg.description \
     value="ISC DHCP is open source software that implements the Dynamic Host Configuration Protocols for connection to a local network. This package includes the ISC DHCP server, relay agent and the omshell tool."
+set name=pkg.human-version value=$(HUMAN_VERSION)
 set name=com.oracle.info.description value="the ISC DHCP Server and Relay Agent"
 set name=com.oracle.info.tpno value=$(TPNO)
 set name=info.classification value=org.opensolaris.category.2008:System/Services
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/isc-dhcp/patches/001-dhcp-dynamiclibraries.patch	Tue Jan 12 17:16:02 2016 -0800
@@ -0,0 +1,154 @@
+# HG changeset patch
+# User Praveen Kumar Muthuswamy <[email protected]>
+# Date 1428520414 25200
+#      Wed Apr 08 12:13:34 2015 -0700
+# Node ID 045f212982ea4578a9dafb925ad62cf366802dc6
+# Parent  6470d3cc3ce1677a8283cdf15257c2b8c0ab43c9
+/*
+ * This patch file (dhcp-dynamiclibraries.patch) was developed in-house to
+ * allow isc-dhcp to build and package shared objects for libomapi, libdhcpctl,
+ * and libdst. Upstream (ISC) has been made aware of this requirement and the
+ * the patch through a service ticket and they are actively working on
+ * developing the patch.
+ */
+
+diff --git a/client/Makefile.am b/client/Makefile.am
+--- a/client/Makefile.am
++++ b/client/Makefile.am
[email protected]@ -5,7 +5,7 @@
+ 		   scripts/netbsd scripts/nextstep scripts/openbsd \
+ 		   scripts/solaris scripts/openwrt
+ dhclient_LDADD = ../common/libdhcp.a ../minires/libres.a \
+-		 ../omapip/libomapi.a ../dst/libdst.a
++		 ../omapip/libomapi.la ../dst/libdst.la
+ man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
+ EXTRA_DIST = $(man_MANS)
+ 
+diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
+--- a/common/tests/Makefile.am
++++ b/common/tests/Makefile.am
[email protected]@ -13,7 +13,7 @@
+ alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c
+ alloc_unittest_LDADD = $(ATF_LDFLAGS)
+ alloc_unittest_LDADD += ../libdhcp.a  \
+-	../../omapip/libomapi.a ../../dst/libdst.a ../../minires/libres.a
++	../../omapip/libomapi.la ../../dst/libdst.la ../../minires/libres.a
+ 
+ check: $(ATF_TESTS)
+ 	atf-run | atf-report
+diff --git a/configure.ac b/configure.ac
+--- a/configure.ac
++++ b/configure.ac
[email protected]@ -37,7 +37,7 @@
+ # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API.
+ AC_USE_SYSTEM_EXTENSIONS
+ 
+-AC_PROG_RANLIB
++AC_PROG_LIBTOOL
+ AC_CONFIG_HEADERS([includes/config.h])
+ 
+ # we sometimes need to know byte order for building packets
+diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
+--- a/dhcpctl/Makefile.am
++++ b/dhcpctl/Makefile.am
[email protected]@ -1,15 +1,16 @@
+ bin_PROGRAMS = omshell
+-lib_LIBRARIES = libdhcpctl.a
++lib_LTLIBRARIES = libdhcpctl.la
++libdhcpctl_la_LDFLAGS = -version-info 1
+ noinst_PROGRAMS = cltest
+ man_MANS = omshell.1 dhcpctl.3
+ EXTRA_DIST = $(man_MANS)
+ 
+ omshell_SOURCES = omshell.c
+-omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../minires/libres.a \
+-                ../omapip/libomapi.a ../dst/libdst.a
++omshell_LDADD = libdhcpctl.la ../common/libdhcp.a ../minires/libres.a \
++                ../omapip/libomapi.la ../dst/libdst.la
+ 
+-libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c
++libdhcpctl_la_SOURCES = dhcpctl.c callback.c remote.c
+ 
+ cltest_SOURCES = cltest.c
+-cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../minires/libres.a \
+-               ../omapip/libomapi.a ../dst/libdst.a
++cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../minires/libres.a \
++               ../omapip/libomapi.la ../dst/libdst.la
+diff --git a/dst/Makefile.am b/dst/Makefile.am
+--- a/dst/Makefile.am
++++ b/dst/Makefile.am
[email protected]@ -1,8 +1,9 @@
+ AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5
+ 
+-lib_LIBRARIES = libdst.a
++lib_LTLIBRARIES = libdst.la
++libdst_la_LDFLAGS = -version-info 1
+ 
+-libdst_a_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \
++libdst_la_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \
+ 		   base64.c prandom.c
+ 
+ EXTRA_DIST = dst_internal.h md5.h md5_locl.h
+diff --git a/omapip/Makefile.am b/omapip/Makefile.am
+--- a/omapip/Makefile.am
++++ b/omapip/Makefile.am
[email protected]@ -1,7 +1,8 @@
+-lib_LIBRARIES = libomapi.a
++lib_LTLIBRARIES = libomapi.la
++libomapi_la_LDFLAGS = -version-info 1
+ noinst_PROGRAMS = svtest
+ 
+-libomapi_a_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \
++libomapi_la_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \
+ 		     errwarn.c listener.c dispatch.c generic.c support.c \
+ 		     handle.c message.c convert.c hash.c auth.c inet_addr.c \
+ 		     array.c trace.c mrtrace.c toisc.c iscprint.c
[email protected]@ -9,5 +10,5 @@
+ EXTRA_DIST = $(man_MANS)
+ 
+ svtest_SOURCES = test.c
+-svtest_LDADD = libomapi.a ../dst/libdst.a
++svtest_LDADD = libomapi.la ../dst/libdst.la
+ 
+diff --git a/relay/Makefile.am b/relay/Makefile.am
+--- a/relay/Makefile.am
++++ b/relay/Makefile.am
[email protected]@ -2,7 +2,7 @@
+ 
+ sbin_PROGRAMS = dhcrelay
+ dhcrelay_SOURCES = dhcrelay.c
+-dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../dst/libdst.a ../minires/libres.a
++dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la ../dst/libdst.la ../minires/libres.a
+ man_MANS = dhcrelay.8
+ EXTRA_DIST = $(man_MANS)
+ 
+diff --git a/server/Makefile.am b/server/Makefile.am
+--- a/server/Makefile.am
++++ b/server/Makefile.am
[email protected]@ -13,9 +13,9 @@
+ 		dhcpv6.c mdb6.c
+ 
+ # libomapi.a this is here twice to handle circular library dependencies :(
+-dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../dst/libdst.a \
+-	      ../dhcpctl/libdhcpctl.a ../minires/libres.a \
+-	      ../omapip/libomapi.a
++dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la ../dst/libdst.la \
++	      ../dhcpctl/libdhcpctl.la ../minires/libres.a \
++	      ../omapip/libomapi.la
+ 
+ man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
+ EXTRA_DIST = $(man_MANS)
+diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
+--- a/server/tests/Makefile.am
++++ b/server/tests/Makefile.am
[email protected]@ -17,8 +17,8 @@
+           ../ddns.c ../dhcpleasequery.c ../dhcpv6.c ../mdb6.c        \
+           ../dhcpd.c
+ 
+-DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.a    \
+-          $(top_builddir)/dhcpctl/libdhcpctl.a $(top_builddir)/dst/libdst.a \
++DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.la    \
++          $(top_builddir)/dhcpctl/libdhcpctl.la $(top_builddir)/dst/libdst.la \
+           $(top_builddir)/minires/libres.a
+ 
+ ATF_TESTS =
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/isc-dhcp/patches/002-ignore-client-uids.patch	Tue Jan 12 17:16:02 2016 -0800
@@ -0,0 +1,112 @@
+The following patch is adopted from ISC DHCP version 4.3.0.
+http://ftp.isc.org/isc/dhcp/4.3.0/dhcp-4.3.0.tar.gz
+
+--- dhcp-4.1-ESV-R7/server/stables.c.orig	Thu Aug 23 19:23:54 2012
++++ dhcp-4.1-ESV-R7/server/stables.c	Mon Apr 28 16:37:14 2014
[email protected]@ -244,6 +244,7 @@
+ 	{ "delayed-ack", "S",			&server_universe,  58, 1 },
+ 	{ "max-ack-delay", "L",			&server_universe,  59, 1 },
+ #endif
++	{ "ignore-client-uids", "f",		&server_universe,  60, 1 },
+ 	{ NULL, NULL, NULL, 0, 0 }
+ };
+ 
+--- dhcp-4.1-ESV-R7/server/dhcp.c.orig	Thu Aug 23 19:23:54 2012
++++ dhcp-4.1-ESV-R7/server/dhcp.c	Mon Apr 28 16:36:18 2014
[email protected]@ -2304,31 +2304,40 @@
+ 	/* Update Client Last Transaction Time. */
+ 	lt->cltt = cur_time;
+ 
+-	/* Record the uid, if given... */
+-	oc = lookup_option (&dhcp_universe, packet -> options,
+-			    DHO_DHCP_CLIENT_IDENTIFIER);
+-	if (oc &&
+-	    evaluate_option_cache (&d1, packet, lease,
+-				   (struct client_state *)0,
+-				   packet -> options, state -> options,
+-				   &lease -> scope, oc, MDL)) {
+-		if (d1.len <= sizeof lt -> uid_buf) {
+-			memcpy (lt -> uid_buf, d1.data, d1.len);
+-			lt -> uid = lt -> uid_buf;
+-			lt -> uid_max = sizeof lt -> uid_buf;
+-			lt -> uid_len = d1.len;
+-		} else {
+-			unsigned char *tuid;
+-			lt -> uid_max = d1.len;
+-			lt -> uid_len = d1.len;
+-			tuid = (unsigned char *)dmalloc (lt -> uid_max, MDL);
+-			/* XXX inelegant */
+-			if (!tuid)
+-				log_fatal ("no memory for large uid.");
+-			memcpy (tuid, d1.data, lt -> uid_len);
+-			lt -> uid = tuid;
++	/* See if we want to record the uid for this client */
++	oc = lookup_option(&server_universe, state->options,
++	    SV_IGNORE_CLIENT_UIDS);
++	if ((oc == NULL) ||
++	    !evaluate_boolean_option_cache(&ignorep, packet, lease, NULL,
++		packet->options, state->options,
++		&lease->scope, oc, MDL)) {
++
++		/* Record the uid, if given... */
++		oc = lookup_option (&dhcp_universe, packet -> options,
++		    DHO_DHCP_CLIENT_IDENTIFIER);
++		if (oc &&
++		    evaluate_option_cache (&d1, packet, lease,
++			(struct client_state *)0,
++			packet -> options, state -> options,
++			&lease -> scope, oc, MDL)) {
++			if (d1.len <= sizeof lt -> uid_buf) {
++				memcpy (lt -> uid_buf, d1.data, d1.len);
++				lt -> uid = lt -> uid_buf;
++				lt -> uid_max = sizeof lt -> uid_buf;
++				lt -> uid_len = d1.len;
++			} else {
++				unsigned char *tuid;
++				lt -> uid_max = d1.len;
++				lt -> uid_len = d1.len;
++				tuid = (unsigned char *)dmalloc (lt -> uid_max, MDL);
++				/* XXX inelegant */
++				if (!tuid)
++					log_fatal ("no memory for large uid.");
++				memcpy (tuid, d1.data, lt -> uid_len);
++				lt -> uid = tuid;
++			}
++			data_string_forget (&d1, MDL);
+ 		}
+-		data_string_forget (&d1, MDL);
+ 	}
+ 
+ 	if (host) {
+--- dhcp-4.1-ESV-R7/server/dhcpd.conf.5.orig	Wed May  7 18:37:36 2014
++++ dhcp-4.1-ESV-R7/server/dhcpd.conf.5	Wed May  7 18:38:46 2014
[email protected]@ -2302,6 +2302,19 @@
+ must be a constant value.
+ .RE
+ .PP
++The
++.I ignore-client-uids
++statement
++.RS 0.25i
++.PP
++.B ignore-client-uids \fIflag\fB;\fR
++.PP
++If the \fIignore-client-uids\fR statement is present and has a value of
++\fItrue\fR or \fIon\fR, the UID for clients will not be recorded.
++If this statement is not present or has a value of \fIfalse\fR or
++\fIoff\fR, then client UIDs will be recorded.
++.RE
++.PP
+ The
+ .I infinite-is-reserved
+ statement
+--- dhcp-4.1-ESV-R7/includes/dhcpd.h.orig	Thu Aug 23 19:23:53 2012
++++ dhcp-4.1-ESV-R7/includes/dhcpd.h	Mon Apr 28 16:11:17 2014
[email protected]@ -627,6 +627,7 @@
+ #define SV_LIMIT_PREFS_PER_IA		57
+ #define SV_DELAYED_ACK			58
+ #define SV_MAX_ACK_DELAY		59
++#define SV_IGNORE_CLIENT_UIDS		60
+ 
+ #if !defined (DEFAULT_PING_TIMEOUT)
+ # define DEFAULT_PING_TIMEOUT 1
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/isc-dhcp/patches/003-CVE-2015-8605.patch	Tue Jan 12 17:16:02 2016 -0800
@@ -0,0 +1,146 @@
+This patch was derived from ISC source differences between dhcp-4.1-ESV-R12
+and dhcp-4.1-ESV-R12-P1.
+
+--- old/./RELNOTES	Thu Jan  7 21:28:37 2016
++++ new/./RELNOTES	Thu Jan  7 21:28:37 2016
[email protected]@ -1,6 +1,6 @@
+ 	      Internet Systems Consortium DHCP Distribution
+-			    Version 4.1-ESV-R7
+-			     10 September 2012
++			    Version 4.1-ESV-R7-P1
++                              01 January 2016
+ 
+ 			      Release Notes
+ 
[email protected]@ -52,6 +52,13 @@
+ work on other platforms. Please report any problems and suggested fixes to
+ <[email protected]>.
+ 
++			Changes since 4.1-ESV-R7-P1
++
++! Update the bounds checking when receiving a packet.
++  Thanks to Sebastian Poehn from Sophos for the bug report and a suggested
++  patch.
++  [ISC-Bugs #41267]
++
+ 			Changes since 4.1-ESV-R6
+ 
+ - Existing legacy unit-tests have been migrated to Automated Test
+--- old/common/packet.c	Thu Jan  7 21:28:37 2016
++++ new/common/packet.c	Thu Jan  7 21:28:37 2016
[email protected]@ -220,7 +220,28 @@
+ 	}
+ }
+ 
+-/* UDP header and IP header decoded together for convenience. */
++/*!
++ *
++ * \brief UDP header and IP header decoded together for convenience.
++ *
++ * Attempt to decode the UDP and IP headers and, if necessary, checksum
++ * the packet.
++ *
++ * \param inteface - the interface on which the packet was recevied
++ * \param buf - a pointer to the buffer for the received packet
++ * \param bufix - where to start processing the buffer, previous
++ *                routines may have processed parts of the buffer already
++ * \param from - space to return the address of the packet sender
++ * \param buflen - remaining length of the buffer, this will have been
++ *                 decremented by bufix by the caller
++ * \param rbuflen - space to return the length of the payload from the udp
++ *                  header
++ * \param csum_ready - indication if the checksum is valid for use
++ *                     non-zero indicates the checksum should be validated
++ *
++ * \return - the index to the first byte of the udp payload (that is the
++ *           start of the DHCP packet
++ */
+ 
+ ssize_t
+ decode_udp_ip_header(struct interface_info *interface,
[email protected]@ -231,7 +252,7 @@
+   unsigned char *data;
+   struct ip ip;
+   struct udphdr udp;
+-  unsigned char *upp, *endbuf;
++  unsigned char *upp;
+   u_int32_t ip_len, ulen, pkt_len;
+   u_int32_t sum, usum;
+   static int ip_packets_seen;
[email protected]@ -242,11 +263,8 @@
+   static int udp_packets_length_overflow;
+   unsigned len;
+ 
+-  /* Designate the end of the input buffer for bounds checks. */
+-  endbuf = buf + bufix + buflen;
+-
+   /* Assure there is at least an IP header there. */
+-  if ((buf + bufix + sizeof(ip)) > endbuf)
++  if (sizeof(ip) > buflen)
+ 	  return -1;
+ 
+   /* Copy the IP header into a stack aligned structure for inspection.
[email protected]@ -258,13 +276,17 @@
+   ip_len = (*upp & 0x0f) << 2;
+   upp += ip_len;
+ 
+-  /* Check the IP packet length. */
++  /* Check packet lengths are within the buffer:
++   * first the ip header (ip_len)
++   * then the packet length from the ip header (pkt_len)
++   * then the udp header (ip_len + sizeof(udp)
++   * We are liberal in what we accept, the udp payload should fit within
++   * pkt_len, but we only check against the full buffer size.
++   */
+   pkt_len = ntohs(ip.ip_len);
+-  if (pkt_len > buflen)
+-	return -1;
+-
+-  /* Assure after ip_len bytes that there is enough room for a UDP header. */
+-  if ((upp + sizeof(udp)) > endbuf)
++  if ((ip_len > buflen) ||
++      (pkt_len > buflen) ||
++      ((ip_len + sizeof(udp)) > buflen))
+ 	  return -1;
+ 
+   /* Copy the UDP header into a stack aligned structure for inspection. */
[email protected]@ -285,7 +307,8 @@
+ 	return -1;
+ 
+   udp_packets_length_checked++;
+-  if ((upp + ulen) > endbuf) {
++  /* verify that the payload length from the udp packet fits in the buffer */
++  if ((ip_len + ulen) > buflen) {
+ 	udp_packets_length_overflow++;
+ 	if ((udp_packets_length_checked > 4) &&
+ 	    ((udp_packets_length_checked /
+--- old/./configure	Thu Jan  7 21:28:37 2016
++++ new/./configure	Thu Jan  7 21:28:37 2016
[email protected]@ -574,8 +574,8 @@
+ # Identity of this package.
+ PACKAGE_NAME='DHCP'
+ PACKAGE_TARNAME='dhcp'
+-PACKAGE_VERSION='4.1-ESV-R7'
+-PACKAGE_STRING='DHCP 4.1-ESV-R7'
++PACKAGE_VERSION='4.1-ESV-R7-P1'
++PACKAGE_STRING='DHCP 4.1-ESV-R7-P1'
+ PACKAGE_BUGREPORT='[email protected]'
+ 
+ # Factoring default headers for most tests.
[email protected]@ -2125,7 +2125,7 @@
+ 
+ # Define the identity of the package.
+  PACKAGE='dhcp'
+- VERSION='4.1-ESV-R7'
++ VERSION='4.1-ESV-R7-P1'
+ 
+ 
+ cat >>confdefs.h <<_ACEOF
+--- old/./configure.ac	Thu Jan  7 21:28:37 2016
++++ new/./configure.ac	Thu Jan  7 21:28:37 2016
[email protected]@ -1,4 +1,4 @@
+-AC_INIT([DHCP], [4.1-ESV-R7], [[email protected]])
++AC_INIT([DHCP], [4.1-ESV-R7-P1], [[email protected]])
+ 
+ # we specify "foreign" to avoid having to have the GNU mandated files,
+ # like AUTHORS, COPYING, and such
--- a/components/isc-dhcp/patches/dhcp-dynamiclibraries.patch	Tue Jan 12 14:17:49 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,154 +0,0 @@
-# HG changeset patch
-# User Praveen Kumar Muthuswamy <[email protected]>
-# Date 1428520414 25200
-#      Wed Apr 08 12:13:34 2015 -0700
-# Node ID 045f212982ea4578a9dafb925ad62cf366802dc6
-# Parent  6470d3cc3ce1677a8283cdf15257c2b8c0ab43c9
-/*
- * This patch file (dhcp-dynamiclibraries.patch) was developed in-house to
- * allow isc-dhcp to build and package shared objects for libomapi, libdhcpctl,
- * and libdst. Upstream (ISC) has been made aware of this requirement and the
- * the patch through a service ticket and they are actively working on
- * developing the patch.
- */
-
-diff --git a/client/Makefile.am b/client/Makefile.am
---- a/client/Makefile.am
-+++ b/client/Makefile.am
[email protected]@ -5,7 +5,7 @@
- 		   scripts/netbsd scripts/nextstep scripts/openbsd \
- 		   scripts/solaris scripts/openwrt
- dhclient_LDADD = ../common/libdhcp.a ../minires/libres.a \
--		 ../omapip/libomapi.a ../dst/libdst.a
-+		 ../omapip/libomapi.la ../dst/libdst.la
- man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
- EXTRA_DIST = $(man_MANS)
- 
-diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
---- a/common/tests/Makefile.am
-+++ b/common/tests/Makefile.am
[email protected]@ -13,7 +13,7 @@
- alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c
- alloc_unittest_LDADD = $(ATF_LDFLAGS)
- alloc_unittest_LDADD += ../libdhcp.a  \
--	../../omapip/libomapi.a ../../dst/libdst.a ../../minires/libres.a
-+	../../omapip/libomapi.la ../../dst/libdst.la ../../minires/libres.a
- 
- check: $(ATF_TESTS)
- 	atf-run | atf-report
-diff --git a/configure.ac b/configure.ac
---- a/configure.ac
-+++ b/configure.ac
[email protected]@ -37,7 +37,7 @@
- # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API.
- AC_USE_SYSTEM_EXTENSIONS
- 
--AC_PROG_RANLIB
-+AC_PROG_LIBTOOL
- AC_CONFIG_HEADERS([includes/config.h])
- 
- # we sometimes need to know byte order for building packets
-diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
---- a/dhcpctl/Makefile.am
-+++ b/dhcpctl/Makefile.am
[email protected]@ -1,15 +1,16 @@
- bin_PROGRAMS = omshell
--lib_LIBRARIES = libdhcpctl.a
-+lib_LTLIBRARIES = libdhcpctl.la
-+libdhcpctl_la_LDFLAGS = -version-info 1
- noinst_PROGRAMS = cltest
- man_MANS = omshell.1 dhcpctl.3
- EXTRA_DIST = $(man_MANS)
- 
- omshell_SOURCES = omshell.c
--omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../minires/libres.a \
--                ../omapip/libomapi.a ../dst/libdst.a
-+omshell_LDADD = libdhcpctl.la ../common/libdhcp.a ../minires/libres.a \
-+                ../omapip/libomapi.la ../dst/libdst.la
- 
--libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c
-+libdhcpctl_la_SOURCES = dhcpctl.c callback.c remote.c
- 
- cltest_SOURCES = cltest.c
--cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../minires/libres.a \
--               ../omapip/libomapi.a ../dst/libdst.a
-+cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../minires/libres.a \
-+               ../omapip/libomapi.la ../dst/libdst.la
-diff --git a/dst/Makefile.am b/dst/Makefile.am
---- a/dst/Makefile.am
-+++ b/dst/Makefile.am
[email protected]@ -1,8 +1,9 @@
- AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5
- 
--lib_LIBRARIES = libdst.a
-+lib_LTLIBRARIES = libdst.la
-+libdst_la_LDFLAGS = -version-info 1
- 
--libdst_a_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \
-+libdst_la_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \
- 		   base64.c prandom.c
- 
- EXTRA_DIST = dst_internal.h md5.h md5_locl.h
-diff --git a/omapip/Makefile.am b/omapip/Makefile.am
---- a/omapip/Makefile.am
-+++ b/omapip/Makefile.am
[email protected]@ -1,7 +1,8 @@
--lib_LIBRARIES = libomapi.a
-+lib_LTLIBRARIES = libomapi.la
-+libomapi_la_LDFLAGS = -version-info 1
- noinst_PROGRAMS = svtest
- 
--libomapi_a_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \
-+libomapi_la_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \
- 		     errwarn.c listener.c dispatch.c generic.c support.c \
- 		     handle.c message.c convert.c hash.c auth.c inet_addr.c \
- 		     array.c trace.c mrtrace.c toisc.c iscprint.c
[email protected]@ -9,5 +10,5 @@
- EXTRA_DIST = $(man_MANS)
- 
- svtest_SOURCES = test.c
--svtest_LDADD = libomapi.a ../dst/libdst.a
-+svtest_LDADD = libomapi.la ../dst/libdst.la
- 
-diff --git a/relay/Makefile.am b/relay/Makefile.am
---- a/relay/Makefile.am
-+++ b/relay/Makefile.am
[email protected]@ -2,7 +2,7 @@
- 
- sbin_PROGRAMS = dhcrelay
- dhcrelay_SOURCES = dhcrelay.c
--dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../dst/libdst.a ../minires/libres.a
-+dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la ../dst/libdst.la ../minires/libres.a
- man_MANS = dhcrelay.8
- EXTRA_DIST = $(man_MANS)
- 
-diff --git a/server/Makefile.am b/server/Makefile.am
---- a/server/Makefile.am
-+++ b/server/Makefile.am
[email protected]@ -13,9 +13,9 @@
- 		dhcpv6.c mdb6.c
- 
- # libomapi.a this is here twice to handle circular library dependencies :(
--dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../dst/libdst.a \
--	      ../dhcpctl/libdhcpctl.a ../minires/libres.a \
--	      ../omapip/libomapi.a
-+dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la ../dst/libdst.la \
-+	      ../dhcpctl/libdhcpctl.la ../minires/libres.a \
-+	      ../omapip/libomapi.la
- 
- man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
- EXTRA_DIST = $(man_MANS)
-diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
---- a/server/tests/Makefile.am
-+++ b/server/tests/Makefile.am
[email protected]@ -17,8 +17,8 @@
-           ../ddns.c ../dhcpleasequery.c ../dhcpv6.c ../mdb6.c        \
-           ../dhcpd.c
- 
--DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.a    \
--          $(top_builddir)/dhcpctl/libdhcpctl.a $(top_builddir)/dst/libdst.a \
-+DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.la    \
-+          $(top_builddir)/dhcpctl/libdhcpctl.la $(top_builddir)/dst/libdst.la \
-           $(top_builddir)/minires/libres.a
- 
- ATF_TESTS =
--- a/components/isc-dhcp/patches/ignore-client-uids.patch	Tue Jan 12 14:17:49 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,112 +0,0 @@
-The following patch is adopted from ISC DHCP version 4.3.0.
-http://ftp.isc.org/isc/dhcp/4.3.0/dhcp-4.3.0.tar.gz
-
---- dhcp-4.1-ESV-R7/server/stables.c.orig	Thu Aug 23 19:23:54 2012
-+++ dhcp-4.1-ESV-R7/server/stables.c	Mon Apr 28 16:37:14 2014
[email protected]@ -244,6 +244,7 @@
- 	{ "delayed-ack", "S",			&server_universe,  58, 1 },
- 	{ "max-ack-delay", "L",			&server_universe,  59, 1 },
- #endif
-+	{ "ignore-client-uids", "f",		&server_universe,  60, 1 },
- 	{ NULL, NULL, NULL, 0, 0 }
- };
- 
---- dhcp-4.1-ESV-R7/server/dhcp.c.orig	Thu Aug 23 19:23:54 2012
-+++ dhcp-4.1-ESV-R7/server/dhcp.c	Mon Apr 28 16:36:18 2014
[email protected]@ -2304,31 +2304,40 @@
- 	/* Update Client Last Transaction Time. */
- 	lt->cltt = cur_time;
- 
--	/* Record the uid, if given... */
--	oc = lookup_option (&dhcp_universe, packet -> options,
--			    DHO_DHCP_CLIENT_IDENTIFIER);
--	if (oc &&
--	    evaluate_option_cache (&d1, packet, lease,
--				   (struct client_state *)0,
--				   packet -> options, state -> options,
--				   &lease -> scope, oc, MDL)) {
--		if (d1.len <= sizeof lt -> uid_buf) {
--			memcpy (lt -> uid_buf, d1.data, d1.len);
--			lt -> uid = lt -> uid_buf;
--			lt -> uid_max = sizeof lt -> uid_buf;
--			lt -> uid_len = d1.len;
--		} else {
--			unsigned char *tuid;
--			lt -> uid_max = d1.len;
--			lt -> uid_len = d1.len;
--			tuid = (unsigned char *)dmalloc (lt -> uid_max, MDL);
--			/* XXX inelegant */
--			if (!tuid)
--				log_fatal ("no memory for large uid.");
--			memcpy (tuid, d1.data, lt -> uid_len);
--			lt -> uid = tuid;
-+	/* See if we want to record the uid for this client */
-+	oc = lookup_option(&server_universe, state->options,
-+	    SV_IGNORE_CLIENT_UIDS);
-+	if ((oc == NULL) ||
-+	    !evaluate_boolean_option_cache(&ignorep, packet, lease, NULL,
-+		packet->options, state->options,
-+		&lease->scope, oc, MDL)) {
-+
-+		/* Record the uid, if given... */
-+		oc = lookup_option (&dhcp_universe, packet -> options,
-+		    DHO_DHCP_CLIENT_IDENTIFIER);
-+		if (oc &&
-+		    evaluate_option_cache (&d1, packet, lease,
-+			(struct client_state *)0,
-+			packet -> options, state -> options,
-+			&lease -> scope, oc, MDL)) {
-+			if (d1.len <= sizeof lt -> uid_buf) {
-+				memcpy (lt -> uid_buf, d1.data, d1.len);
-+				lt -> uid = lt -> uid_buf;
-+				lt -> uid_max = sizeof lt -> uid_buf;
-+				lt -> uid_len = d1.len;
-+			} else {
-+				unsigned char *tuid;
-+				lt -> uid_max = d1.len;
-+				lt -> uid_len = d1.len;
-+				tuid = (unsigned char *)dmalloc (lt -> uid_max, MDL);
-+				/* XXX inelegant */
-+				if (!tuid)
-+					log_fatal ("no memory for large uid.");
-+				memcpy (tuid, d1.data, lt -> uid_len);
-+				lt -> uid = tuid;
-+			}
-+			data_string_forget (&d1, MDL);
- 		}
--		data_string_forget (&d1, MDL);
- 	}
- 
- 	if (host) {
---- dhcp-4.1-ESV-R7/server/dhcpd.conf.5.orig	Wed May  7 18:37:36 2014
-+++ dhcp-4.1-ESV-R7/server/dhcpd.conf.5	Wed May  7 18:38:46 2014
[email protected]@ -2302,6 +2302,19 @@
- must be a constant value.
- .RE
- .PP
-+The
-+.I ignore-client-uids
-+statement
-+.RS 0.25i
-+.PP
-+.B ignore-client-uids \fIflag\fB;\fR
-+.PP
-+If the \fIignore-client-uids\fR statement is present and has a value of
-+\fItrue\fR or \fIon\fR, the UID for clients will not be recorded.
-+If this statement is not present or has a value of \fIfalse\fR or
-+\fIoff\fR, then client UIDs will be recorded.
-+.RE
-+.PP
- The
- .I infinite-is-reserved
- statement
---- dhcp-4.1-ESV-R7/includes/dhcpd.h.orig	Thu Aug 23 19:23:53 2012
-+++ dhcp-4.1-ESV-R7/includes/dhcpd.h	Mon Apr 28 16:11:17 2014
[email protected]@ -627,6 +627,7 @@
- #define SV_LIMIT_PREFS_PER_IA		57
- #define SV_DELAYED_ACK			58
- #define SV_MAX_ACK_DELAY		59
-+#define SV_IGNORE_CLIENT_UIDS		60
- 
- #if !defined (DEFAULT_PING_TIMEOUT)
- # define DEFAULT_PING_TIMEOUT 1