Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu
Hi, the package rdnssd (from src:ndisc6) provides a daemon that listens to IPv6 RA messages containing RDNSS (recursive DNS servers) information, and adds this information to /etc/resolv.conf. It is automatically installed by d-i if this information is found during installation. If resolvconf is installed managing and merging of /etc/resolv.conf is handed over to it. However, if it is not installed the version in Jessie simply overwrites /etc/resolv.conf, which drops all search list information as well as IPv4 nameservers. This often leads to severe breakage of the installed system. This is tracked in Bug#767071 The proposed fix for Jessie will adjust the merge script to be the same as in current upstream and Stretch. The package builds a udeb, but the hook is only included in the "real" package. Best Regards, Bernhard
diffstat for ndisc6_1.0.1-1 ndisc6_1.0.1-1+deb8u1 debian/changelog | 7 +++++++ rdnssd/merge-hook.in | 51 ++++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 55 insertions(+), 3 deletions(-) diff -u ndisc6-1.0.1/debian/changelog ndisc6-1.0.1/debian/changelog --- ndisc6-1.0.1/debian/changelog +++ ndisc6-1.0.1/debian/changelog @@ -1,3 +1,10 @@ +ndisc6 (1.0.1-1+deb8u1) jessie; urgency=medium + + * Use upstream default merge hook when resolvconf is not available + (Closes: #767071) + + -- Bernhard Schmidt <be...@debian.org> Tue, 04 Apr 2017 00:24:32 +0200 + ndisc6 (1.0.1-1) unstable; urgency=low * New upstream release: diff -u ndisc6-1.0.1/rdnssd/merge-hook.in ndisc6-1.0.1/rdnssd/merge-hook.in --- ndisc6-1.0.1/rdnssd/merge-hook.in +++ ndisc6-1.0.1/rdnssd/merge-hook.in @@ -20,9 +20,54 @@ -PATH=/sbin:/bin INPUT="/var/run/rdnssd/resolv.conf" +# Debian modification, use resolvconf if available if [ -x /sbin/resolvconf ]; then /sbin/resolvconf -a 000.rdnssd < "$INPUT" -else - cat -- "$INPUT" > "/etc/resolv.conf" + exit 0 fi +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +# Max number of nameserver options taken into account. Should be as +# defined in <resolv.h> +MAXNS=3 + +# This script tries to share available nameserver slots with IPv4 +# entries, for example to allow fallback to IPv4 if IPv6 fails. If +# there is not enough room for all IPv6 and IPv4 entries, this script +# will limit the IPv6 entries it adds to $RDNSS_LIMIT only. +RDNSS_LIMIT=$(($MAXNS - 1)) + +sysconfdir='@SYSCONFDIR@' +localstatedir='@LOCALSTATEDIR@' +resolvconf="$sysconfdir/resolv.conf" +myresolvconf="$localstatedir/run/rdnssd/resolv.conf" + +# These should be POSIX-compliant BREs +RE_NSV4='^nameserver *\([0-9]\{1,3\}\.\)\{3,3\}[0-9]\{1,3\} *$' +RE_NSV4OR6='^nameserver *[a-fA-F0-9:\.]\{1,46\}\(%[a-zA-Z0-9]\{1,\}\)\{,1\} *$' + +# Count how many IPv6 nameservers we can fit + +limit=$RDNSS_LIMIT + +nnsv4=`grep -c "$RE_NSV4" $resolvconf || [ $? -le 1 ]` +room=$(($MAXNS - $nnsv4)) + +if [ $limit -lt $room ]; then + limit=$room +fi + +# Merge and write the result. Let rdnssd assume ownership of all IPv6 +# nameservers, and remove extraneous IPv6 entries as expired. However +# DHCPv4 most often sets up search list entries, and rdnssd cannot +# clobber these lest it causes counterintuitive breakage. There is no +# easy way to properly merge and manage DNSSL entries here, so just drop +# them. +{ + sed -e "/$RE_NSV4OR6/d" < $resolvconf + grep -m $limit "$RE_NSV4OR6" < $myresolvconf || [ $? -le 1 ] + sed -ne "/$RE_NSV4/p" < $resolvconf +} > $resolvconf.tmp + +mv -f $resolvconf.tmp $resolvconf +