[docker-dhcp-relay]: convert dhcp-relay docker to buster (#4671)

Upgrade isc-dhcp to 4.4.1-2 (buster version) Update libevent dependency for dhcpmon to 2.1-6 Signed-off-by: Joyas Joseph <joyas_joseph@dell.com>
2020-06-22 15:34:21 -07:00 · 2020-06-22 15:34:21 -07:00 · b48d274f69
commit b48d274f69
parent 67987e9c0e
16 changed files with 125 additions and 448 deletions
--- a/dockers/docker-dhcp-relay/Dockerfile.j2
+++ b/dockers/docker-dhcp-relay/Dockerfile.j2
@ -1,5 +1,5 @@
 {% from "dockers/dockerfile-macros.j2" import install_debian_packages, install_python_wheels, copy_files %}
-FROM docker-config-engine-stretch
+FROM docker-config-engine-buster
 ARG docker_container_name
 RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf
--- a/rules/docker-dhcp-relay.mk
+++ b/rules/docker-dhcp-relay.mk
@ -7,20 +7,18 @@ DOCKER_DHCP_RELAY_DBG = $(DOCKER_DHCP_RELAY_STEM)-$(DBG_IMAGE_MARK).gz
 $(DOCKER_DHCP_RELAY)_PATH = $(DOCKERS_PATH)/$(DOCKER_DHCP_RELAY_STEM)
 $(DOCKER_DHCP_RELAY)_DEPENDS += $(ISC_DHCP_RELAY) $(REDIS_TOOLS) $(SONIC_DHCPMON)
-$(DOCKER_DHCP_RELAY)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_STRETCH)_DBG_DEPENDS)
+$(DOCKER_DHCP_RELAY)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_BUSTER)_DBG_DEPENDS)
 $(DOCKER_DHCP_RELAY)_DBG_DEPENDS += $(ISC_DHCP_RELAY_DBG)
-$(DOCKER_DHCP_RELAY)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_STRETCH)_DBG_IMAGE_PACKAGES)
+$(DOCKER_DHCP_RELAY)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_BUSTER)_DBG_IMAGE_PACKAGES)
-$(DOCKER_DHCP_RELAY)_LOAD_DOCKERS = $(DOCKER_CONFIG_ENGINE_STRETCH)
+$(DOCKER_DHCP_RELAY)_LOAD_DOCKERS = $(DOCKER_CONFIG_ENGINE_BUSTER)
 SONIC_DOCKER_IMAGES += $(DOCKER_DHCP_RELAY)
 SONIC_INSTALL_DOCKER_IMAGES += $(DOCKER_DHCP_RELAY)
 SONIC_STRETCH_DOCKERS += $(DOCKER_DHCP_RELAY)
 SONIC_DOCKER_DBG_IMAGES += $(DOCKER_DHCP_RELAY_DBG)
 SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_DHCP_RELAY_DBG)
 SONIC_STRETCH_DBG_DOCKERS += $(DOCKER_DHCP_RELAY_DBG)
 $(DOCKER_DHCP_RELAY)_CONTAINER_NAME = dhcp_relay
 $(DOCKER_DHCP_RELAY)_RUN_OPT += --privileged -t
--- a/rules/isc-dhcp.mk
+++ b/rules/isc-dhcp.mk
@ -1,12 +1,15 @@
 # isc-dhcp packages
-ISC_DHCP_VERSION = 4.3.5-2
+ISC_DHCP_VERSION = 4.4.1
 ISC_DHCP_VERSION_FULL = ${ISC_DHCP_VERSION}-2
-export ISC_DHCP_VERSION
+export ISC_DHCP_VERSION ISC_DHCP_VERSION_FULL
-ISC_DHCP_RELAY = isc-dhcp-relay_$(ISC_DHCP_VERSION)_$(CONFIGURED_ARCH).deb
+ISC_DHCP_RELAY = isc-dhcp-relay_$(ISC_DHCP_VERSION_FULL)_$(CONFIGURED_ARCH).deb
 $(ISC_DHCP_RELAY)_SRC_PATH = $(SRC_PATH)/isc-dhcp
 SONIC_MAKE_DEBS += $(ISC_DHCP_RELAY)
-ISC_DHCP_RELAY_DBG = isc-dhcp-relay-dbgsym_$(ISC_DHCP_VERSION)_$(CONFIGURED_ARCH).deb
+ISC_DHCP_RELAY_DBG = isc-dhcp-relay-dbgsym_$(ISC_DHCP_VERSION_FULL)_$(CONFIGURED_ARCH).deb
 $(eval $(call add_derived_package,$(ISC_DHCP_RELAY),$(ISC_DHCP_RELAY_DBG)))
 export ISC_DHCP_RELAY ISC_DHCP_RELAY_DBG
--- a/src/dhcpmon/debian/control
+++ b/src/dhcpmon/debian/control
@ -12,5 +12,5 @@ Package: sonic-dhcpmon
 Architecture: any
 Built-Using: ${misc:Built-Using}
 Depends: libexplain51,
-         libevent-2.0-5
+         libevent-2.1-6
 Description: SONiC DHCP Monitor
--- a/src/isc-dhcp/Makefile
+++ b/src/isc-dhcp/Makefile
@ -2,8 +2,8 @@
 SHELL = /bin/bash
 .SHELLFLAGS += -e
-MAIN_TARGET = isc-dhcp-relay_$(ISC_DHCP_VERSION)_$(CONFIGURED_ARCH).deb
+MAIN_TARGET = $(ISC_DHCP_RELAY)
-DERIVED_TARGETS = isc-dhcp-relay-dbgsym_$(ISC_DHCP_VERSION)_$(CONFIGURED_ARCH).deb
+DERIVED_TARGETS = $(ISC_DHCP_RELAY_DBG)
 $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
 	# Remove any stale files
@ -16,7 +16,7 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
 	# Reset HEAD to the commit of the proper tag
 	# NOTE: Using "git checkout <tag_name>" here detaches our HEAD,
 	# which stg doesn't like, so we use this method instead
-	git reset --hard debian/$(ISC_DHCP_VERSION)
+	git reset --hard debian/$(ISC_DHCP_VERSION_FULL)
 	# Apply patches
 	stg init
--- a/src/isc-dhcp/patch/0002-Customizable-Option-82-circuit-ID-and-remote-ID-fiel.patch
+++ b/src/isc-dhcp/patch/0002-Customizable-Option-82-circuit-ID-and-remote-ID-fiel.patch
@ -8,7 +8,7 @@ Subject: [PATCH] Customizable Option 82 circuit ID and remote ID fields
 1 file changed, 147 insertions(+), 24 deletions(-)
 diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
-index 344cee7..7b4c1ef 100644
+index 0cb2ef6..418b943 100644
 --- a/relay/dhcrelay.c
 +++ b/relay/dhcrelay.c
@@ -75,6 +75,8 @@ int bad_circuit_id = 0;		/* Circuit ID option in matching RAI option
@ -19,8 +19,8 @@ index 344cee7..7b4c1ef 100644
 +const char *agent_remote_id_fmt = NULL;  /* Remote ID custom format string. */
 int max_hop_count = 10;		/* Maximum hop count */
- #ifdef DHCPv6
+ int no_daemon = 0;
-@@ -148,9 +150,19 @@ static const char url[] =
+@@ -151,10 +153,20 @@ static const char url[] =
 char *progname;
@ -35,35 +35,66 @@ index 344cee7..7b4c1ef 100644
 +"  %%I  DHCP relay agent IP Address\n" \
 +
 #ifdef DHCPv6
 #ifdef RELAY_PORT
 #define DHCRELAY_USAGE \
-"Usage: %s [-4] [-d] [-q] [-a] [-D]\n"\
+-"Usage: %s [-4] [-d] [-q] [-a] [-D]\n" \
 +"Usage: %s [-4] [-d] [-q] [-a <circuit_id> <remote_id>] [-D]\n"\
 "                     [-A <length>] [-c <hops>]\n" \
 "                     [-p <port> | -rp <relay-port>]\n" \
 "                     [-pf <pid-file>] [--no-pid]\n"\
@@ -171,11 +183,11 @@ char *progname;
 "                     -l lower0 [ ... -l lowerN]\n" \
 "                     -u upper0 [ ... -u upperN]\n" \
 "           lower (client link): [address%%]interface[#index]\n" \
 -"           upper (server link): [address%%]interface\n\n" \
 +"           upper (server link): [address%%]interface\n\n" DHCRELAY_OPTION82_USAGE \
 "       %s {--version|--help|-h}"
 #else
 #define DHCRELAY_USAGE \
 -"Usage: %s [-4] [-d] [-q] [-a] [-D]\n" \
 +"Usage: %s [-4] [-d] [-q] [-a <circuit_id> <remote_id>] [-D]\n"\
 "                     [-A <length>] [-c <hops>] [-p <port>]\n" \
 "                     [-pf <pid-file>] [--no-pid]\n"\
 "                     [-m append|replace|forward|discard]\n" \
-@@ -165,17 +177,18 @@ char *progname;
+@@ -190,13 +202,13 @@ char *progname;
 "                     -l lower0 [ ... -l lowerN]\n" \
 "                     -u upper0 [ ... -u upperN]\n" \
 "           lower (client link): [address%%]interface[#index]\n" \
-"       upper (server link): [address%%]interface"
+-"           upper (server link): [address%%]interface\n\n" \
-+"       upper (server link): [address%%]interface\n\n" DHCRELAY_OPTION82_USAGE
+"           upper (server link): [address%%]interface\n\n" DHCRELAY_OPTION82_USAGE \
 "       %s {--version|--help|-h}"
 #endif
 #else /* !DHCPv6 */
 #ifdef RELAY_PORT
 #define DHCRELAY_USAGE \
 -"Usage: %s [-d] [-q] [-a] [-D] [-A <length>] [-c <hops>]\n" \
 +"Usage: %s [-d] [-q] [-a <circuit_id> <remote_id>] [-D] [-A <length>] [-c <hops>]\n" \
 "                [-p <port> | -rp <relay-port>]\n" \
 "                [-pf <pid-file>] [--no-pid]\n" \
 "                [-m append|replace|forward|discard]\n" \
@@ -204,18 +216,18 @@ char *progname;
 "                [-iu interface0 [ ... -iu interfaceN]\n" \
 "                [-id interface0 [ ... -id interfaceN]\n" \
 "                [-U interface]\n" \
 -"                server0 [ ... serverN]\n\n" \
 +"                server0 [ ... serverN]\n\n" DHCRELAY_OPTION82_USAGE \
 "       %s {--version|--help|-h}"
 #else
 #define DHCRELAY_USAGE \
 -"Usage: %s [-d] [-q] [-a] [-D] [-A <length>] [-c <hops>] [-p <port>]\n" \
-+"Usage: %s [-d] [-q] [-a <circuit_id> <remote_id>] [-D]\n" \
+"Usage: %s [-d] [-q] [-a <circuit_id> <remote_id>] [-D] [-A <length>] [-c <hops>] [-p <port>]\n" \
 +"                [-A <length>] [-c <hops>] [-p <port>]\n" \
 "                [-pf <pid-file>] [--no-pid]\n" \
 "                [-m append|replace|forward|discard]\n" \
 "                [-i interface0 [ ... -i interfaceN]\n" \
 "                [-iu interface0 [ ... -iu interfaceN]\n" \
 "                [-id interface0 [ ... -id interfaceN]\n" \
 "                [-U interface]\n" \
-"                server0 [ ... serverN]\n\n"
+-"                server0 [ ... serverN]\n\n" \
-+"                server0 [ ... serverN]\n\n" DHCRELAY_OPTION82_USAGE
+"                server0 [ ... serverN]\n\n" DHCRELAY_OPTION82_USAGE \
 "       %s {--version|--help|-h}"
 #endif
- 
+ #endif
- /*!
+@@ -471,6 +483,15 @@ main(int argc, char **argv) {
@@ -354,6 +367,15 @@ main(int argc, char **argv) {
 			local_family_set = 1;
 			local_family = AF_INET;
 #endif
@ -79,7 +110,7 @@ index 344cee7..7b4c1ef 100644
 			add_agent_options = 1;
 		} else if (!strcmp(argv[i], "-A")) {
 #ifdef DHCPv6
-@@ -1050,6 +1072,81 @@ find_interface_by_agent_option(struct dhcp_packet *packet,
+@@ -1171,6 +1192,81 @@ find_interface_by_agent_option(struct dhcp_packet *packet,
 	return (-1);
 }
@ -161,7 +192,7 @@ index 344cee7..7b4c1ef 100644
 /*
  * Examine a packet to see if it's a candidate to have a Relay
  * Agent Information option tacked onto its tail.   If it is, tack
-@@ -1059,9 +1156,12 @@ static int
+@@ -1180,9 +1276,12 @@ static int
 add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
 			unsigned length, struct in_addr giaddr) {
 	int is_dhcp = 0, mms;
@ -175,7 +206,7 @@ index 344cee7..7b4c1ef 100644
 	/* If we're not adding agent options to packets, we can skip
 	   this. */
-@@ -1195,17 +1295,40 @@ add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
+@@ -1316,17 +1415,40 @@ add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
 	op = sp;
 #endif
@ -227,7 +258,7 @@ index 344cee7..7b4c1ef 100644
 	}
 	if (adding_link_select) {
-@@ -1224,7 +1347,7 @@ add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
+@@ -1351,7 +1473,7 @@ add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
 	 * If not, forward without adding the option.
 	 */
 	if (max - sp >= optlen + 3) {
@ -236,7 +267,7 @@ index 344cee7..7b4c1ef 100644
 		/* Okay, cons up *our* Relay Agent Information option. */
 		*sp++ = DHO_DHCP_AGENT_OPTIONS;
-@@ -1232,16 +1355,16 @@ add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
+@@ -1359,16 +1481,16 @@ add_relay_agent_options(struct interface_info *ip, struct dhcp_packet *packet,
 		/* Copy in the circuit id... */
 		*sp++ = RAI_CIRCUIT_ID;
--- a/src/isc-dhcp/patch/0003-Support-for-obtaining-name-of-physical-interface-tha.patch
+++ b/src/isc-dhcp/patch/0003-Support-for-obtaining-name-of-physical-interface-tha.patch
@ -9,10 +9,10 @@ Subject: [PATCH] Support for obtaining name of physical interface that is a
 1 file changed, 65 insertions(+), 2 deletions(-)
 diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
-index 4659660..0f7d658 100644
+index db1af9c..f2418e8 100644
 --- a/relay/dhcrelay.c
 +++ b/relay/dhcrelay.c
-@@ -1072,6 +1072,47 @@ find_interface_by_agent_option(struct dhcp_packet *packet,
+@@ -1192,6 +1192,47 @@ find_interface_by_agent_option(struct dhcp_packet *packet,
 	return (-1);
 }
@ -60,7 +60,7 @@ index 4659660..0f7d658 100644
 /*
  * Format the message that will be used by circuit_id and remote_id
  */
-@@ -1104,8 +1145,30 @@ format_relay_agent_rfc3046_msg(const struct interface_info *ip, struct dhcp_pack
+@@ -1224,8 +1265,30 @@ format_relay_agent_rfc3046_msg(const struct interface_info *ip, struct dhcp_pack
 				break;
 				case 'p':  /* Name of interface that we received the request from */
--- a/src/isc-dhcp/patch/0004-Support-for-loading-port-alias-map-file-to-replace-p.patch
+++ b/src/isc-dhcp/patch/0004-Support-for-loading-port-alias-map-file-to-replace-p.patch
@ -9,10 +9,10 @@ Subject: [PATCH] Support for loading port alias map file to replace port name
 1 file changed, 104 insertions(+), 1 deletion(-)
 diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
-index 0f7d658..797dac6 100644
+index 00c81d3..54f132a 100644
 --- a/relay/dhcrelay.c
 +++ b/relay/dhcrelay.c
-@@ -126,6 +126,14 @@ static void setup_streams(void);
+@@ -129,6 +129,14 @@ static void setup_streams(void);
 char *dhcrelay_sub_id = NULL;
 #endif
@ -27,7 +27,7 @@ index 0f7d658..797dac6 100644
 static void do_relay4(struct interface_info *, struct dhcp_packet *,
 	              unsigned int, unsigned int, struct iaddr,
 		      struct hardware *);
-@@ -140,6 +148,10 @@ static int strip_relay_agent_options(struct interface_info *,
+@@ -143,6 +151,10 @@ static int strip_relay_agent_options(struct interface_info *,
 static void request_v4_interface(const char* name, int flags);
@ -36,9 +36,9 @@ index 0f7d658..797dac6 100644
 +static void free_interface_alias_map(void);
 +
 static const char copyright[] =
- "Copyright 2004-2016 Internet Systems Consortium.";
+ "Copyright 2004-2018 Internet Systems Consortium.";
 static const char arr[] = "All rights reserved.";
-@@ -155,7 +167,7 @@ char *progname;
+@@ -158,7 +170,7 @@ char *progname;
 "\n" \
 "  %%%%  A single %%\n" \
 "  %%h  Hostname of device\n" \
@ -47,23 +47,23 @@ index 0f7d658..797dac6 100644
 "  %%P  Hardware address of interface that generated the request\n" \
 "  %%C  Client hardware address\n" \
 "  %%I  DHCP relay agent IP Address\n" \
-@@ -166,6 +178,7 @@ char *progname;
+@@ -171,6 +183,7 @@ char *progname;
- "                     [-A <length>] [-c <hops>] [-p <port>]\n" \
+ "                     [-p <port> | -rp <relay-port>]\n" \
 "                     [-pf <pid-file>] [--no-pid]\n"\
 "                     [-m append|replace|forward|discard]\n" \
 +"                     [--name-alias-map-file <name-alias-map-file>]\n" \
 "                     [-i interface0 [ ... -i interfaceN]\n" \
 "                     [-iu interface0 [ ... -iu interfaceN]\n" \
 "                     [-id interface0 [ ... -id interfaceN]\n" \
-@@ -173,6 +186,7 @@ char *progname;
+@@ -179,6 +192,7 @@ char *progname;
- "                     server0 [ ... serverN]\n\n" \
+ "       %s -6   [-d] [-q] [-I] [-c <hops>]\n" \
- "       %s -6   [-d] [-q] [-I] [-c <hops>] [-p <port>]\n" \
+ "                     [-p <port> | -rp <relay-port>]\n" \
 "                     [-pf <pid-file>] [--no-pid]\n" \
 +"                     [--name-alias-map-file <name-alias-map-file>]\n" \
 "                     [-s <subscriber-id>]\n" \
 "                     -l lower0 [ ... -l lowerN]\n" \
 "                     -u upper0 [ ... -u upperN]\n" \
-@@ -503,6 +517,11 @@ main(int argc, char **argv) {
+@@ -619,6 +633,11 @@ main(int argc, char **argv) {
 			no_dhcrelay_pid = ISC_TRUE;
 		} else if (!strcmp(argv[i], "--no-pid")) {
 			no_pid_file = ISC_TRUE;
@ -72,10 +72,10 @@ index 0f7d658..797dac6 100644
 +				usage(use_noarg, argv[i-1]);
 +			if (load_interface_alias_map(argv[i]) != 0)
 +				log_fatal("Failed to load interface name-alias map.");
- 		} else if (!strcmp(argv[i], "--version")) {
+  		} else if (argv[i][0] == '-') {
- 			log_info("isc-dhcrelay-%s", PACKAGE_VERSION);
+ 			usage("Unknown command: %s", argv[i]);
- 			exit(0);
+  		} else {
-@@ -726,6 +745,7 @@ main(int argc, char **argv) {
+@@ -841,6 +860,7 @@ main(int argc, char **argv) {
 	dispatch();
 	/* In fact dispatch() never returns. */
@ -83,7 +83,7 @@ index 0f7d658..797dac6 100644
 	return (0);
 }
-@@ -1151,6 +1171,7 @@ format_relay_agent_rfc3046_msg(const struct interface_info *ip, struct dhcp_pack
+@@ -1271,6 +1291,7 @@ format_relay_agent_rfc3046_msg(const struct interface_info *ip, struct dhcp_pack
 					*/
 					if (packet->htype && !packet->giaddr.s_addr) {
 						int ret = 0, vlanid = 0;
@ -91,7 +91,7 @@ index 0f7d658..797dac6 100644
 						ret = _bridgefdbquery(print_hw_addr(packet->htype, packet->hlen, packet->chaddr),
 											  ifname,
-@@ -1167,6 +1188,18 @@ format_relay_agent_rfc3046_msg(const struct interface_info *ip, struct dhcp_pack
+@@ -1287,6 +1308,18 @@ format_relay_agent_rfc3046_msg(const struct interface_info *ip, struct dhcp_pack
 							strncpy(ifname, ip->name, IFNAMSIZ);
 						}
@ -110,7 +110,7 @@ index 0f7d658..797dac6 100644
 						str = ifname;
 					}
 				break;
-@@ -2096,3 +2129,73 @@ void request_v4_interface(const char* name, int flags) {
+@@ -2313,3 +2346,73 @@ void request_v4_interface(const char* name, int flags) {
         interface_snorf(tmp, (INTERFACE_REQUESTED | flags));
         interface_dereference(&tmp, MDL);
 }
--- a/src/isc-dhcp/patch/0005-Add-enable-use-sockets-to-configure-flags-in-debian-.patch
+++ b/src/isc-dhcp/patch/0005-Add-enable-use-sockets-to-configure-flags-in-debian-.patch
@ -9,15 +9,15 @@ Subject: [PATCH 1/3] Add --enable-use-sockets to configure flags in
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/debian/rules b/debian/rules
-index 114606b..9919237 100755
+index d3fcc1d..2a7219d 100755
 --- a/debian/rules
 +++ b/debian/rules
-@@ -23,7 +23,7 @@ CFLAGS+=-D_PATH_DHCLIENT_CONF='\"/etc/dhcp/dhclient.conf\"'
+@@ -24,7 +24,7 @@ CFLAGS+=-D_PATH_DHCLIENT_CONF='\"/etc/dhcp/dhclient.conf\"'
 CFLAGS+=-D_PATH_DHCLIENT_DB='\"$(LEASE_PATH)/dhclient.leases\"'
 CFLAGS+=-D_PATH_DHCLIENT6_DB='\"$(LEASE_PATH)/dhclient6.leases\"'
-CONFFLAGS=--prefix=/usr --enable-log-pid --enable-paranoia
+-CONFFLAGS=--prefix=/usr --with-libbind=/usr --enable-log-pid --enable-paranoia
-+CONFFLAGS=--prefix=/usr --enable-log-pid --enable-paranoia --enable-use-sockets
+CONFFLAGS=--prefix=/usr --with-libbind=/usr --enable-log-pid --enable-paranoia --enable-use-sockets
 # cross-architecture building
 ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE))
--- a/src/isc-dhcp/patch/0007-If-destination-of-BOOTREQUEST-is-directed-broadcast-.patch
+++ b/src/isc-dhcp/patch/0007-If-destination-of-BOOTREQUEST-is-directed-broadcast-.patch
@ -12,10 +12,10 @@ Subject: [PATCH 3/3] If destination of BOOTREQUEST is directed broadcast,
 3 files changed, 131 insertions(+), 16 deletions(-)
 diff --git a/common/discover.c b/common/discover.c
-index 8e7f632..73eb8a9 100644
+index 98ac46a..53afecc 100644
 --- a/common/discover.c
 +++ b/common/discover.c
-@@ -227,6 +227,7 @@ struct iface_conf_list {
+@@ -236,6 +236,7 @@ struct iface_conf_list {
 struct iface_info {
 	char name[IF_NAMESIZE+1];	/* name of the interface, e.g. "bge0" */
 	struct sockaddr_storage addr;	/* address information */
@ -23,17 +23,9 @@ index 8e7f632..73eb8a9 100644
 	isc_uint64_t flags;		/* interface flags, e.g. IFF_LOOPBACK */
 };
-@@ -401,6 +402,7 @@ struct iface_conf_list {
+@@ -367,6 +368,17 @@ next_iface(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
 struct iface_info {
 	char name[IFNAMSIZ];		/* name of the interface, e.g. "eth0" */
 	struct sockaddr_storage addr;	/* address information */
 +    struct sockaddr_storage netmask;    /* netmask information */
 	isc_uint64_t flags;		/* interface flags, e.g. IFF_LOOPBACK */
 };
@@ -576,6 +578,17 @@ next_iface4(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
 	}
- 		memcpy(&info->addr, &tmp.ifr_addr, sizeof(tmp.ifr_addr));
+ 	info->flags = tmp.lifr_flags;
 +	if (ioctl(ifaces->sock, SIOCGIFNETMASK, &tmp) < 0) {
 +		if (errno == EADDRNOTAVAIL) {
@ -46,10 +38,10 @@ index 8e7f632..73eb8a9 100644
 +	}
 +	memcpy(&info->netmask, &tmp.ifr_netmask, sizeof(tmp.ifr_netmask));
 +
- 		memset(&tmp, 0, sizeof(tmp));
+ 	ifaces->next++;
- 		strncpy(tmp.ifr_name, name, sizeof(tmp.ifr_name) - 1);
+ 	*err = 0;
- 		if (ioctl(ifaces->sock, SIOCGIFFLAGS, &tmp) < 0) {
+ 	return 1;
-@@ -780,6 +793,7 @@ struct iface_conf_list {
+@@ -410,6 +422,7 @@ struct iface_conf_list {
 struct iface_info {
 	char name[IFNAMSIZ];		/* name of the interface, e.g. "bge0" */
 	struct sockaddr_storage addr;	/* address information */
@ -57,7 +49,7 @@ index 8e7f632..73eb8a9 100644
 	isc_uint64_t flags;		/* interface flags, e.g. IFF_LOOPBACK */
 };
-@@ -840,7 +854,8 @@ end_iface_scan(struct iface_conf_list *ifaces) {
+@@ -487,7 +500,8 @@ end_iface_scan(struct iface_conf_list *ifaces) {
 /* XXX: perhaps create drealloc() rather than do it manually */
 void
 add_ipv4_addr_to_interface(struct interface_info *iface, 
@ -67,11 +59,10 @@ index 8e7f632..73eb8a9 100644
 	/*
 	 * We don't expect a lot of addresses per IPv4 interface, so
 	 * we use 4, as our "chunk size" for collecting addresses.
-@@ -851,6 +866,12 @@ add_ipv4_addr_to_interface(struct interface_info *iface,
+@@ -498,6 +512,11 @@ add_ipv4_addr_to_interface(struct interface_info *iface,
 			log_fatal("Out of memory saving IPv4 address "
 			          "on interface.");
 		}
 +
 +		iface->netmasks = dmalloc(4 * sizeof(struct in_addr), MDL);
 +		if (iface->netmasks == NULL) {
 +			log_fatal("Out of memory saving IPv4 netmask "
@ -80,14 +71,7 @@ index 8e7f632..73eb8a9 100644
 		iface->address_count = 0;
 		iface->address_max = 4;
 	} else if (iface->address_count >= iface->address_max) {
-@@ -863,14 +884,28 @@ add_ipv4_addr_to_interface(struct interface_info *iface,
+@@ -515,9 +534,23 @@ add_ipv4_addr_to_interface(struct interface_info *iface,
 			log_fatal("Out of memory saving IPv4 address "
 			          "on interface.");
 		}
 -		memcpy(tmp, 
 -		       iface->addresses, 
 +		memcpy(tmp,
 +		       iface->addresses,
 		       iface->address_max * sizeof(struct in_addr));
 		dfree(iface->addresses, MDL);
 		iface->addresses = tmp;
@ -112,7 +96,7 @@ index 8e7f632..73eb8a9 100644
 }
 #ifdef DHCPv6
-@@ -1005,6 +1040,7 @@ discover_interfaces(int state) {
+@@ -656,6 +689,7 @@ discover_interfaces(int state) {
 		if ((info.addr.ss_family == AF_INET) && 
 		    (local_family == AF_INET)) {
 			struct sockaddr_in *a = (struct sockaddr_in*)&info.addr;
@ -120,7 +104,7 @@ index 8e7f632..73eb8a9 100644
 			struct iaddr addr;
 			/* We don't want the loopback interface. */
-@@ -1019,7 +1055,7 @@ discover_interfaces(int state) {
+@@ -670,7 +704,7 @@ discover_interfaces(int state) {
 			if (a->sin_addr.s_addr != htonl(INADDR_ANY))
 				tmp->configured = 1;
@ -130,10 +114,10 @@ index 8e7f632..73eb8a9 100644
 			/* invoke the setup hook */
 			addr.len = 4;
 diff --git a/includes/dhcpd.h b/includes/dhcpd.h
-index 261714d..89bfe82 100644
+index df3da59..2c7f059 100644
 --- a/includes/dhcpd.h
 +++ b/includes/dhcpd.h
-@@ -1347,6 +1347,9 @@ struct interface_info {
+@@ -1369,6 +1369,9 @@ struct interface_info {
 	struct in_addr *addresses;	/* Addresses associated with this
 					 * interface.
 					 */
@ -144,7 +128,7 @@ index 261714d..89bfe82 100644
 	int address_max;		/* Size of addresses buffer. */
 	struct in6_addr *v6addresses;	/* IPv6 addresses associated with
 diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
-index c9b6d8e..8aac4b3 100644
+index 54f132a..beae977 100644
 --- a/relay/dhcrelay.c
 +++ b/relay/dhcrelay.c
@@ -30,6 +30,7 @@
@ -155,7 +139,7 @@ index c9b6d8e..8aac4b3 100644
 #include <isc/file.h>
 TIME default_lease_time = 43200; /* 12 hours... */
-@@ -881,20 +882,95 @@ do_relay4(struct interface_info *ip, struct dhcp_packet *packet,
+@@ -1001,20 +1002,95 @@ do_relay4(struct interface_info *ip, struct dhcp_packet *packet,
 	/* Otherwise, it's a BOOTREQUEST, so forward it to all the
 	   servers. */
 	for (sp = servers; sp; sp = sp->next) {
--- a/src/isc-dhcp/patch/0008-CVE-2017-3144.patch
+++ b/src/isc-dhcp/patch/0008-CVE-2017-3144.patch
@ -1,47 +0,0 @@
 From: Thomas Markwalder <tmark@isc.org>
 Date: Thu, 7 Dec 2017 11:23:36 -0500
 Subject: [master] Plugs a socket descriptor leak in OMAPI
 Origin: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894
 Bug: https://bugs.isc.org/Public/Bug/Display.html?id=46767
 Bug-Debian: https://bugs.debian.org/887413
 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-3144
    Merges in rt46767.
 ---
 diff --git a/omapip/buffer.c b/omapip/buffer.c
 index 6e0621b5..a21f0a80 100644
 --- a/omapip/buffer.c
 +++ b/omapip/buffer.c
@@ -565,6 +565,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
 			omapi_buffer_dereference (&buffer, MDL);
 		}
 	}
 +
 +	/* If we had data left to write when we're told to disconnect,
 +	* we need recall disconnect, now that we're done writing.
 +	* See rt46767. */
 +	if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
 +		omapi_disconnect (h, 1);
 +		return ISC_R_SHUTTINGDOWN;
 +	}
 +
 	return ISC_R_SUCCESS;
 }
 diff --git a/omapip/message.c b/omapip/message.c
 index ee15d821..37abbd25 100644
 --- a/omapip/message.c
 +++ b/omapip/message.c
@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
 }
 #ifdef DEBUG_PROTOCOL
 -static const char *omapi_message_op_name(int op) {
 +const char *omapi_message_op_name(int op) {
 	switch (op) {
 	case OMAPI_OP_OPEN:    return "OMAPI_OP_OPEN";
 	case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
 -- 
 2.16.2
--- a/src/isc-dhcp/patch/0008-Don-t-skip-down-interfaces-when-discovering-interfac.patch
+++ b/src/isc-dhcp/patch/0008-Don-t-skip-down-interfaces-when-discovering-interfac.patch
--- a/src/isc-dhcp/patch/0008-interface-name-maxlen-crash.patch
+++ b/src/isc-dhcp/patch/0008-interface-name-maxlen-crash.patch
@ -1,13 +0,0 @@
 diff --git a/common/discover.c b/common/discover.c
 index 3cd64a7..c85d18c 100644
 --- a/common/discover.c
 +++ b/common/discover.c
@@ -547,7 +547,7 @@ next_iface4(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
 				log_error("Interface name '%s' too long", name);
 				return 0;
 			}
 -			strncpy(info->name, name, sizeof(info->name) - 1);
 +			strncpy(info->name, name, sizeof(info->name));
 #ifdef ALIAS_NAMED_PERMUTED
 			/* interface aliases look like "eth0:1" or "wlan1:3" */
--- a/src/isc-dhcp/patch/0009-CVE-2018-5733.patch
+++ b/src/isc-dhcp/patch/0009-CVE-2018-5733.patch
@ -1,131 +0,0 @@
 From: Thomas Markwalder <tmark@isc.org>
 Date: Fri, 9 Feb 2018 14:46:08 -0500
 Subject: [master] Corrected refcnt loss in option parsing
 Origin: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=197b26f25309f947b97a83b8fdfc414b767798f8
 Bug: https://bugs.isc.org/Public/Bug/Display.html?id=47140
 Bug-Debian: https://bugs.debian.org/891785
 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-5733
    Merges in 47140.
 ---
 --- a/common/options.c
 +++ b/common/options.c
@@ -177,6 +177,8 @@ int parse_option_buffer (options, buffer
 		/* If the length is outrageous, the options are bad. */
 		if (offset + len > length) {
 +			/* Avoid reference count overflow */
 +			option_dereference(&option, MDL);
 			reason = "option length exceeds option buffer length";
 		      bogus:
 			log_error("parse_option_buffer: malformed option "
 --- a/common/tests/Makefile.am
 +++ b/common/tests/Makefile.am
@@ -10,7 +10,8 @@ ATF_TESTS =
 if HAVE_ATF
 -ATF_TESTS += alloc_unittest dns_unittest misc_unittest ns_name_unittest
 +ATF_TESTS += alloc_unittest dns_unittest misc_unittest ns_name_unittest \
 +	option_unittest
 alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c
 alloc_unittest_LDADD = $(ATF_LDFLAGS)
@@ -36,6 +37,14 @@ ns_name_unittest_LDADD += ../libdhcp.a
 	../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \
 	$(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a  $(BINDLIBDIR)/libisc.a
 +option_unittest_SOURCES = option_unittest.c $(top_srcdir)/tests/t_api_dhcp.c
 +option_unittest_LDADD = $(ATF_LDFLAGS)
 +option_unittest_LDADD += ../libdhcp.@A@ ../../omapip/libomapi.@A@ \
 +	@BINDLIBIRSDIR@/libirs.@A@ \
 +	@BINDLIBDNSDIR@/libdns.@A@ \
 +	@BINDLIBISCCFGDIR@/libisccfg.@A@  \
 +	@BINDLIBISCDIR@/libisc.@A@
 +
 check: $(ATF_TESTS)
 	@if test $(top_srcdir) != ${top_builddir}; then \
 		cp $(top_srcdir)/common/tests/Atffile Atffile; \
 --- /dev/null
 +++ b/common/tests/option_unittest.c
@@ -0,0 +1,79 @@
 +/*
 + * Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC")
 + *
 + * This Source Code Form is subject to the terms of the Mozilla Public
 + * License, v. 2.0. If a copy of the MPL was not distributed with this
 + * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 + *
 + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 + * AND FITNESS.	 IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 + * PERFORMANCE OF THIS SOFTWARE.
 + */
 +
 +#include <config.h>
 +#include <atf-c.h>
 +#include "dhcpd.h"
 +
 +ATF_TC(option_refcnt);
 +
 +ATF_TC_HEAD(option_refcnt, tc)
 +{
 +    atf_tc_set_md_var(tc, "descr",
 +		      "Verify option reference count does not overflow.");
 +}
 +
 +/* This test does a simple check to see if option reference count is
 + * decremented even an error path exiting parse_option_buffer()
 + */
 +ATF_TC_BODY(option_refcnt, tc)
 +{
 +    struct option_state *options;
 +    struct option *option;
 +    unsigned code;
 +    int refcnt;
 +    unsigned char buffer[3] = { 15, 255, 0 };
 +
 +    initialize_common_option_spaces();
 +
 +    options = NULL;
 +    if (!option_state_allocate(&options, MDL)) {
 +	atf_tc_fail("can't allocate option state");
 +    }
 +    
 +    option = NULL;
 +    code = 15; /* domain-name */
 +    if (!option_code_hash_lookup(&option, dhcp_universe.code_hash,
 +				 &code, 0, MDL)) {
 +	atf_tc_fail("can't find option 15");
 +    }
 +    if (option == NULL) {
 +	atf_tc_fail("option is NULL");
 +    }
 +    refcnt = option->refcnt;
 +
 +    buffer[0] = 15;
 +    buffer[1] = 255; /* invalid */
 +    buffer[2] = 0;
 +
 +    if (parse_option_buffer(options, buffer, 3, &dhcp_universe)) {
 +	atf_tc_fail("parse_option_buffer is expected to fail");
 +    }
 +
 +    if (refcnt != option->refcnt) {
 +	atf_tc_fail("refcnt changed from %d to %d", refcnt, option->refcnt);
 +    }
 +}
 +
 +/* This macro defines main() method that will call specified
 +   test cases. tp and simple_test_case names can be whatever you want
 +   as long as it is a valid variable identifier. */
 +ATF_TP_ADD_TCS(tp)
 +{
 +    ATF_TP_ADD_TC(tp, option_refcnt);
 +
 +    return (atf_no_error());
 +}
--- a/src/isc-dhcp/patch/0010-CVE-2018-5732.patch
+++ b/src/isc-dhcp/patch/0010-CVE-2018-5732.patch
@ -1,144 +0,0 @@
 From: Thomas Markwalder <tmark@isc.org>
 Date: Sat, 10 Feb 2018 12:15:27 -0500
 Subject: [master] Correct buffer overrun in pretty_print_option
 Origin: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=c5931725b48b121d232df4ba9e45bc41e0ba114d
 Bug: https://bugs.isc.org/Public/Bug/Display.html?id=47139
 Bug-Debian: https://bugs.debian.org/891786
 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-5732
    Merges in rt47139.
 ---
 diff --git a/common/options.c b/common/options.c
 index 6f23bc15..fc0e0889 100644
 --- a/common/options.c
 +++ b/common/options.c
@@ -1776,7 +1776,8 @@ format_min_length(format, oc)
 /* Format the specified option so that a human can easily read it. */
 -
 +/* Maximum pretty printed size */
 +#define MAX_OUTPUT_SIZE 32*1024
 const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
 	struct option *option;
 	const unsigned char *data;
@@ -1784,8 +1785,9 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
 	int emit_commas;
 	int emit_quotes;
 {
 -	static char optbuf [32768]; /* XXX */
 -	static char *endbuf = &optbuf[sizeof(optbuf)];
 +	/* We add 128 byte pad so we don't have to add checks everywhere. */
 +	static char optbuf [MAX_OUTPUT_SIZE + 128]; /* XXX */
 +	static char *endbuf = optbuf + MAX_OUTPUT_SIZE;
 	int hunksize = 0;
 	int opthunk = 0;
 	int hunkinc = 0;
@@ -2211,7 +2213,14 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
 				log_error ("Unexpected format code %c",
 					   fmtbuf [j]);
 			}
 +
 			op += strlen (op);
 +			if (op >= endbuf) {
 +				log_error ("Option data exceeds"
 +					   " maximum size %d", MAX_OUTPUT_SIZE);
 +					   return ("<error>");
 +			}
 +
 			if (dp == data + len)
 				break;
 			if (j + 1 < numelem && comma != ':')
 diff --git a/common/tests/option_unittest.c b/common/tests/option_unittest.c
 index 36236b84..cd52cfb4 100644
 --- a/common/tests/option_unittest.c
 +++ b/common/tests/option_unittest.c
@@ -43,7 +43,7 @@ ATF_TC_BODY(option_refcnt, tc)
     if (!option_state_allocate(&options, MDL)) {
 	atf_tc_fail("can't allocate option state");
     }
 -    
 +
     option = NULL;
     code = 15; /* domain-name */
     if (!option_code_hash_lookup(&option, dhcp_universe.code_hash,
@@ -68,12 +68,75 @@ ATF_TC_BODY(option_refcnt, tc)
     }
 }
 +ATF_TC(pretty_print_option);
 +
 +ATF_TC_HEAD(pretty_print_option, tc)
 +{
 +    atf_tc_set_md_var(tc, "descr",
 +		      "Verify pretty_print_option does not overrun its buffer.");
 +}
 +
 +
 +/*
 + * This test verifies that pretty_print_option() will not overrun its
 + * internal, static buffer when given large 'x/X' format options.
 + *
 + */
 +ATF_TC_BODY(pretty_print_option, tc)
 +{
 +    struct option *option;
 +    unsigned code;
 +    unsigned char bad_data[32*1024];
 +    unsigned char good_data[] = { 1,2,3,4,5,6 };
 +    int emit_commas = 1;
 +    int emit_quotes = 1;
 +    const char *output_buf;
 +
 +    /* Initialize whole thing to non-printable chars */
 +    memset(bad_data, 0x1f, sizeof(bad_data));
 +
 +    initialize_common_option_spaces();
 +
 +    /* We'll use dhcp_client_identitifer because it happens to be format X */
 +    code = 61;
 +    option = NULL;
 +    if (!option_code_hash_lookup(&option, dhcp_universe.code_hash,
 +				 &code, 0, MDL)) {
 +	    atf_tc_fail("can't find option %d", code);
 +    }
 +
 +    if (option == NULL) {
 +	    atf_tc_fail("option is NULL");
 +    }
 +
 +    /* First we will try a good value we know should fit. */
 +    output_buf = pretty_print_option (option, good_data, sizeof(good_data),
 +                                      emit_commas, emit_quotes);
 +
 +    /* Make sure we get what we expect */
 +    if (!output_buf || strcmp(output_buf, "1:2:3:4:5:6")) {
 +	    atf_tc_fail("pretty_print_option did not return \"<error>\"");
 +    }
 +
 +
 +    /* Now we'll try a data value that's too large */
 +    output_buf = pretty_print_option (option, bad_data, sizeof(bad_data),
 +                                      emit_commas, emit_quotes);
 +
 +    /* Make sure we safely get an error */
 +    if (!output_buf || strcmp(output_buf, "<error>")) {
 +	    atf_tc_fail("pretty_print_option did not return \"<error>\"");
 +    }
 +}
 +
 +
 /* This macro defines main() method that will call specified
    test cases. tp and simple_test_case names can be whatever you want
    as long as it is a valid variable identifier. */
 ATF_TP_ADD_TCS(tp)
 {
     ATF_TP_ADD_TC(tp, option_refcnt);
 +    ATF_TP_ADD_TC(tp, pretty_print_option);
     return (atf_no_error());
 }
 -- 
 2.16.2
--- a/src/isc-dhcp/patch/series
+++ b/src/isc-dhcp/patch/series
@ -6,8 +6,4 @@
 0005-Add-enable-use-sockets-to-configure-flags-in-debian-.patch
 0006-Bugfix-Ensure-HAVE_SO_BINDTODEVICE-has-a-chance-to-b.patch
 0007-If-destination-of-BOOTREQUEST-is-directed-broadcast-.patch
-0008-CVE-2017-3144.patch
+0008-Don-t-skip-down-interfaces-when-discovering-interfac.patch
 0009-CVE-2018-5733.patch
 0010-CVE-2018-5732.patch
 0008-interface-name-maxlen-crash.patch
 0012-Don-t-skip-down-interfaces-when-discovering-interfac.patch