Resolves: #1641246 - Do not rely on isc_heap_delete bug

Last BIND release switched from custom types to standard int and bool
types provided by library. Uless DHCP is modified to switch all types as
well, compatibility libraries has to be included. It breaks backward
compatibility.

(cherry picked from commit 546da8152c)

11-dhclient

@@ -7,7 +7,7 @@ ETCDIR=/etc/dhcp
 interface=$1
 
 eval "$(
-declare | LC_ALL=C grep '^DHCP4_[A-Z_]*=' | while read opt; do
+declare | LC_ALL=C grep '^DHCP4_[A-Z_]*=' | while read -r opt; do
     optname=${opt%%=*}
     optname=${optname,,}
     optname=new_${optname#dhcp4_}

dhcp-4.3.6-bind-9.11.5.patch

@@ -0,0 +1,86 @@
+From ffb24c0bbd4d6f2b4718a1a8f4f2da237cc6ed66 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Fri, 14 Sep 2018 13:41:41 -0400
+Subject: [PATCH] [master] Added includes of new BIND9 compatibility headers,
+ updated util/bind.sh
+
+    Merges in rt48072.
+
+(cherry picked from commit 8194daabfd590f17825f0c61e9534bee5c99cc86)
+---
+ includes/omapip/isclib.h |  3 +++
+ includes/omapip/result.h |  1 +
+ server/dhcpv6.c          | 13 +++++++++----
+ 3 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
+index e2963089..fa5d9ad3 100644
+--- a/includes/omapip/isclib.h
++++ b/includes/omapip/isclib.h
+@@ -48,6 +48,9 @@
+ #include <string.h>
+ #include <netdb.h>
+ 
++#include <isc/boolean.h>
++#include <isc/int.h>
++
+ #include <isc/buffer.h>
+ #include <isc/lex.h>
+ #include <isc/lib.h>
+diff --git a/includes/omapip/result.h b/includes/omapip/result.h
+index ae5f7d6a..9c1fab23 100644
+--- a/includes/omapip/result.h
++++ b/includes/omapip/result.h
+@@ -26,6 +26,7 @@
+ #ifndef DHCP_RESULT_H
+ #define DHCP_RESULT_H 1
+ 
++#include <isc/boolean.h>
+ #include <isc/lang.h>
+ #include <isc/resultclass.h>
+ #include <isc/types.h>
+diff --git a/server/dhcpv6.c b/server/dhcpv6.c
+index 74487667..1a6ff241 100644
+--- a/server/dhcpv6.c
++++ b/server/dhcpv6.c
+@@ -1003,7 +1003,8 @@ void check_pool6_threshold(struct reply_state *reply,
+ 				  shared_name,
+ 				  inet_ntop(AF_INET6, &lease->addr,
+ 					    tmp_addr, sizeof(tmp_addr)),
+-				  used, count);
++				  (long long unsigned)(used),
++				  (long long unsigned)(count));
+ 		}
+ 		return;
+ 	}
+@@ -1035,7 +1036,8 @@ void check_pool6_threshold(struct reply_state *reply,
+ 		  "address: %s; high threshold %d%% %llu/%llu.",
+ 		  shared_name,
+ 		  inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
+-		  poolhigh, used, count);
++		  poolhigh, (long long unsigned)(used),
++		  (long long unsigned)(count));
+ 
+ 	/* handle the low threshold now, if we don't
+ 	 * have one we default to 0. */
+@@ -1383,12 +1385,15 @@ pick_v6_address(struct reply_state *reply)
+ 		log_debug("Unable to pick client address: "
+ 			  "no addresses available  - shared network %s: "
+ 			  " 2^64-1 < total, %llu active,  %llu abandoned",
+-			  shared_name, active - abandoned, abandoned);
++			  shared_name, (long long unsigned)(active - abandoned),
++			  (long long unsigned)(abandoned));
+ 	} else {
+ 		log_debug("Unable to pick client address: "
+ 			  "no addresses available  - shared network %s: "
+ 			  "%llu total, %llu active,  %llu abandoned",
+-			  shared_name, total, active - abandoned, abandoned);
++			  shared_name, (long long unsigned)(total),
++			  (long long unsigned)(active - abandoned),
++		          (long long unsigned)(abandoned));
+ 	}
+ 
+ 	return ISC_R_NORESOURCES;
+-- 
+2.14.5
+

dhcp-isc_heap_delete.patch

@@ -0,0 +1,164 @@
+diff --git a/includes/dhcpd.h b/includes/dhcpd.h
+index aac2c108..c83dc9a6 100644
+--- a/includes/dhcpd.h
++++ b/includes/dhcpd.h
+@@ -1622,8 +1622,9 @@ struct iasubopt {
+  */
+ #define EXPIRED_IPV6_CLEANUP_TIME (60*60)
+ 
+-	int heap_index;				/* index into heap, or -1
+-						   (internal use only) */
++	/* index into heaps, or -1 (internal use only) */
++	int active_index;
++	int inactive_index;
+ 
+ 	/*
+ 	 * A pointer to the state of the ddns update for this lease.
+diff --git a/server/mdb6.c b/server/mdb6.c
+index 1a728eb3..418ff606 100644
+--- a/server/mdb6.c
++++ b/server/mdb6.c
+@@ -216,7 +216,8 @@ iasubopt_allocate(struct iasubopt **iasubopt, const char *file, int line) {
+ 
+ 	tmp->refcnt = 1;
+ 	tmp->state = FTS_FREE;
+-	tmp->heap_index = -1;
++	tmp->active_index = -1;
++	tmp->inactive_index = -1;
+ 	tmp->plen = 255;
+ 
+ 	*iasubopt = tmp;
+@@ -604,10 +605,14 @@ lease_older(void *a, void *b) {
+  * Callback when an address's position in the heap changes.
+  */
+ static void
+-lease_index_changed(void *iasubopt, unsigned int new_heap_index) {
+-	((struct iasubopt *)iasubopt)-> heap_index = new_heap_index;
++active_changed(void *iasubopt, unsigned int new_heap_index) {
++	((struct iasubopt *)iasubopt)-> active_index = new_heap_index;
+ }
+ 
++static void
++inactive_changed(void *iasubopt, unsigned int new_heap_index) {
++	((struct iasubopt *)iasubopt)-> inactive_index = new_heap_index;
++}
+ 
+ /*!
+  *
+@@ -660,13 +665,13 @@ ipv6_pool_allocate(struct ipv6_pool **pool, u_int16_t type,
+ 		dfree(tmp, file, line);
+ 		return ISC_R_NOMEMORY;
+ 	}
+-	if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed,
++	if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, active_changed,
+ 			    0, &(tmp->active_timeouts)) != ISC_R_SUCCESS) {
+ 		iasubopt_free_hash_table(&(tmp->leases), file, line);
+ 		dfree(tmp, file, line);
+ 		return ISC_R_NOMEMORY;
+ 	}
+-	if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, lease_index_changed,
++	if (isc_heap_create(dhcp_gbl_ctx.mctx, lease_older, inactive_changed,
+ 			    0, &(tmp->inactive_timeouts)) != ISC_R_SUCCESS) {
+ 		isc_heap_destroy(&(tmp->active_timeouts));
+ 		iasubopt_free_hash_table(&(tmp->leases), file, line);
+@@ -1361,7 +1366,7 @@ cleanup_lease6(ia_hash_t *ia_table,
+ 	 * Remove the old lease from the active heap and from the hash table
+ 	 * then remove the lease from the IA and clean up the IA if necessary.
+ 	 */
+-	isc_heap_delete(pool->active_timeouts, test_iasubopt->heap_index);
++	isc_heap_delete(pool->active_timeouts, test_iasubopt->active_index);
+ 	pool->num_active--;
+ 	if (pool->ipv6_pond)
+ 		pool->ipv6_pond->num_active--;
+@@ -1434,7 +1439,7 @@ add_lease6(struct ipv6_pool *pool, struct iasubopt *lease,
+ 		if ((test_iasubopt->state == FTS_ACTIVE) ||
+ 		    (test_iasubopt->state == FTS_ABANDONED)) {
+ 			isc_heap_delete(pool->active_timeouts,
+-					test_iasubopt->heap_index);
++					test_iasubopt->active_index);
+ 			pool->num_active--;
+ 			if (pool->ipv6_pond)
+ 				pool->ipv6_pond->num_active--;
+@@ -1446,7 +1451,7 @@ add_lease6(struct ipv6_pool *pool, struct iasubopt *lease,
+ 			}
+ 		} else {
+ 			isc_heap_delete(pool->inactive_timeouts,
+-					test_iasubopt->heap_index);
++					test_iasubopt->inactive_index);
+ 			pool->num_inactive--;
+ 		}
+ 
+@@ -1567,14 +1572,13 @@ lease6_usable(struct iasubopt *lease) {
+ static isc_result_t
+ move_lease_to_active(struct ipv6_pool *pool, struct iasubopt *lease) {
+ 	isc_result_t insert_result;
+-	int old_heap_index;
+ 
+-	old_heap_index = lease->heap_index;
+ 	insert_result = isc_heap_insert(pool->active_timeouts, lease);
+ 	if (insert_result == ISC_R_SUCCESS) {
+        		iasubopt_hash_add(pool->leases, &lease->addr, 
+ 				  sizeof(lease->addr), lease, MDL);
+-		isc_heap_delete(pool->inactive_timeouts, old_heap_index);
++		isc_heap_delete(pool->inactive_timeouts,
++				lease->inactive_index);
+ 		pool->num_active++;
+ 		pool->num_inactive--;
+ 		lease->state = FTS_ACTIVE;
+@@ -1624,16 +1628,16 @@ renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease) {
+ 	if (lease->state == FTS_ACTIVE) {
+ 		if (old_end_time <= lease->hard_lifetime_end_time) {
+ 			isc_heap_decreased(pool->active_timeouts,
+-					   lease->heap_index);
++					   lease->active_index);
+ 		} else {
+ 			isc_heap_increased(pool->active_timeouts,
+-					   lease->heap_index);
++					   lease->active_index);
+ 		}
+ 		return ISC_R_SUCCESS;
+ 	} else if (lease->state == FTS_ABANDONED) {
+ 		char tmp_addr[INET6_ADDRSTRLEN];
+                 lease->state = FTS_ACTIVE;
+-                isc_heap_increased(pool->active_timeouts, lease->heap_index);
++                isc_heap_increased(pool->active_timeouts, lease->active_index);
+ 		log_info("Reclaiming previously abandoned address %s",
+ 			 inet_ntop(AF_INET6, &(lease->addr), tmp_addr,
+ 				   sizeof(tmp_addr)));
+@@ -1655,9 +1659,7 @@ static isc_result_t
+ move_lease_to_inactive(struct ipv6_pool *pool, struct iasubopt *lease, 
+ 		       binding_state_t state) {
+ 	isc_result_t insert_result;
+-	int old_heap_index;
+ 
+-	old_heap_index = lease->heap_index;
+ 	insert_result = isc_heap_insert(pool->inactive_timeouts, lease);
+ 	if (insert_result == ISC_R_SUCCESS) {
+ 		/*
+@@ -1708,7 +1710,7 @@ move_lease_to_inactive(struct ipv6_pool *pool, struct iasubopt *lease,
+ 
+ 		iasubopt_hash_delete(pool->leases, 
+ 				     &lease->addr, sizeof(lease->addr), MDL);
+-		isc_heap_delete(pool->active_timeouts, old_heap_index);
++		isc_heap_delete(pool->active_timeouts, lease->active_index);
+ 		lease->state = state;
+ 		pool->num_active--;
+ 		pool->num_inactive++;
+@@ -1786,7 +1788,7 @@ decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease) {
+ 		pool->ipv6_pond->num_abandoned++;
+ 
+ 	lease->hard_lifetime_end_time = MAX_TIME;
+-	isc_heap_decreased(pool->active_timeouts, lease->heap_index);
++	isc_heap_decreased(pool->active_timeouts, lease->active_index);
+ 	return ISC_R_SUCCESS;
+ }
+ 
+@@ -2059,7 +2061,7 @@ cleanup_old_expired(struct ipv6_pool *pool) {
+ 			break;
+ 		}
+ 
+-		isc_heap_delete(pool->inactive_timeouts, tmp->heap_index);
++		isc_heap_delete(pool->inactive_timeouts, tmp->inactive_index);
+ 		pool->num_inactive--;
+ 
+ 		if (tmp->ia != NULL) {

dhcp.spec

@@ -16,7 +16,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.3.6
-Release:  19%{?dist}
+Release:  23%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -77,6 +77,8 @@ Patch40:  dhcp-4.3.6-omapi-leak.patch
 Patch41:  dhcp-4.3.6-isc-util.patch
 Patch42:  dhcp-4.3.6-options_overflow.patch
 Patch43:  dhcp-4.3.6-reference_count_overflow.patch
+Patch45:  dhcp-4.3.6-bind-9.11.5.patch
+Patch46:  dhcp-isc_heap_delete.patch
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -349,6 +351,12 @@ rm bind/bind.tar.gz
 %patch42 -p1 
 %patch43 -p1
 
+# Build on Bind 9.11.5+
+%patch45 -p1 -b .bind
+
+# https://bugs.isc.org/Public/Bug/Display.html?id=46719#
+%patch46 -p1 -b .heap
+
 # DHCLIENT_DEFAULT_PREFIX_LEN  64 -> 128
 # https://bugzilla.gnome.org/show_bug.cgi?id=656610
 sed -i -e 's|DHCLIENT_DEFAULT_PREFIX_LEN 64|DHCLIENT_DEFAULT_PREFIX_LEN 128|g' includes/site.h
@@ -672,6 +680,18 @@ done
 %endif
 
 %changelog
+* Tue Apr 30 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-23
+- Resolves: #1641246 - Do not rely on isc_heap_delete bug
+
+* Tue Nov 06 2018 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-22
+- Compile on BIND 9.11.5
+
+* Fri Jul 13 2018 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-21
+- Update to bind 9.11.4
+
+* Tue May 15 2018 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-20
+- Fix for CVE-2018-1111
+
 * Wed Mar 21 2018 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-19
 - Don't use run-parts for hooks discovery (#1558612)