1 |
commit: 68fa06b8bd629857ef0dc03a983f6eb299cd6b69 |
2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed May 26 21:48:41 2021 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed May 26 21:48:53 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68fa06b8 |
7 |
|
8 |
net-misc/dhcp: Security bump to version 4.4.2_p1 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/792324 |
11 |
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> |
12 |
|
13 |
net-misc/dhcp/Manifest | 1 + |
14 |
net-misc/dhcp/dhcp-4.4.2_p1.ebuild | 277 +++++++++++++++++++++++++++++++++++++ |
15 |
2 files changed, 278 insertions(+) |
16 |
|
17 |
diff --git a/net-misc/dhcp/Manifest b/net-misc/dhcp/Manifest |
18 |
index 8f08b4e4503..ccdfdad09e7 100644 |
19 |
--- a/net-misc/dhcp/Manifest |
20 |
+++ b/net-misc/dhcp/Manifest |
21 |
@@ -1 +1,2 @@ |
22 |
+DIST dhcp-4.4.2-P1.tar.gz 9898311 BLAKE2B 7cc40dfbe578bee13c7dd7868a25d0d88358bf82b02539e933a4eba06039a43f0d99b3ef6ce811b60ed3a991b222844f4a5bd9e597c11d83b09ff551ba0380a6 SHA512 924e8b44f288361dbe837987869e57b929c73cb5e4af37cb2d7b19bca5ea8594048fb41c0792fede003188185f61b25befbc2ccda42f1f68e6b6bc22ef44b040 |
23 |
DIST dhcp-4.4.2.tar.gz 9906235 BLAKE2B b2233aafdefebc2d907dc83acbefc8df8aeb35791261343e2880168a59056d4b92ef030745fac16dd9a0c2f088d90cf8d420b1c2a7b0fc53d5ed11cffd4b8f18 SHA512 c3dee2cf6e4b43d519d4bc89e9b8b12a6e3747d8c4edc0f83d4a88355a483b91a5f7d2353a3c0a2f37f88704fd2f64478ac5161ca72b10c42cebcb92907afa40 |
24 |
|
25 |
diff --git a/net-misc/dhcp/dhcp-4.4.2_p1.ebuild b/net-misc/dhcp/dhcp-4.4.2_p1.ebuild |
26 |
new file mode 100644 |
27 |
index 00000000000..1a0e0a3d7f5 |
28 |
--- /dev/null |
29 |
+++ b/net-misc/dhcp/dhcp-4.4.2_p1.ebuild |
30 |
@@ -0,0 +1,277 @@ |
31 |
+# Copyright 1999-2021 Gentoo Authors |
32 |
+# Distributed under the terms of the GNU General Public License v2 |
33 |
+ |
34 |
+EAPI=7 |
35 |
+ |
36 |
+inherit systemd toolchain-funcs flag-o-matic tmpfiles |
37 |
+ |
38 |
+MY_PV="${PV//_alpha/a}" |
39 |
+MY_PV="${MY_PV//_beta/b}" |
40 |
+MY_PV="${MY_PV//_rc/rc}" |
41 |
+MY_PV="${MY_PV//_p/-P}" |
42 |
+MY_P="${PN}-${MY_PV}" |
43 |
+ |
44 |
+DESCRIPTION="ISC Dynamic Host Configuration Protocol (DHCP) client/server" |
45 |
+HOMEPAGE="https://www.isc.org/dhcp" |
46 |
+SRC_URI="ftp://ftp.isc.org/isc/dhcp/${MY_P}.tar.gz |
47 |
+ ftp://ftp.isc.org/isc/dhcp/${MY_PV}/${MY_P}.tar.gz" |
48 |
+ |
49 |
+LICENSE="MPL-2.0 BSD SSLeay GPL-2" # GPL-2 only for init script |
50 |
+SLOT="0" |
51 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" |
52 |
+IUSE="+client ipv6 kernel_linux ldap selinux +server ssl vim-syntax" |
53 |
+ |
54 |
+DEPEND=" |
55 |
+ acct-group/dhcp |
56 |
+ acct-user/dhcp |
57 |
+ client? ( |
58 |
+ kernel_linux? ( |
59 |
+ ipv6? ( sys-apps/iproute2 ) |
60 |
+ sys-apps/net-tools |
61 |
+ ) |
62 |
+ ) |
63 |
+ ldap? ( |
64 |
+ net-nds/openldap |
65 |
+ ssl? ( dev-libs/openssl:0= ) |
66 |
+ )" |
67 |
+RDEPEND="${DEPEND} |
68 |
+ selinux? ( sec-policy/selinux-dhcp ) |
69 |
+ vim-syntax? ( app-vim/dhcpd-syntax )" |
70 |
+ |
71 |
+S="${WORKDIR}/${MY_P}" |
72 |
+ |
73 |
+src_unpack() { |
74 |
+ unpack ${A} |
75 |
+ # handle local bind hell |
76 |
+ cd "${S}"/bind |
77 |
+ unpack ./bind.tar.gz |
78 |
+} |
79 |
+ |
80 |
+PATCHES=( |
81 |
+ # Gentoo patches - these will probably never be accepted upstream |
82 |
+ # Fix some permission issues |
83 |
+ "${FILESDIR}/${PN}-3.0-fix-perms.patch" |
84 |
+ |
85 |
+ # Enable dhclient to equery NTP servers |
86 |
+ "${FILESDIR}/${PN}-4.3.6-dhclient-ntp.patch" |
87 |
+ "${FILESDIR}/${PN}-4.3.6-dhclient-resolvconf.patch" |
88 |
+ |
89 |
+ # Enable dhclient to get extra configuration from stdin |
90 |
+ "${FILESDIR}/${PN}-4.2.2-dhclient-stdin-conf.patch" |
91 |
+ "${FILESDIR}/${PN}-4.3.6-nogateway.patch" #265531 |
92 |
+ "${FILESDIR}/${PN}-4.3.6-quieter-ping.patch" #296921 |
93 |
+ "${FILESDIR}/${PN}-4.4.0-always-accept-4.patch" #437108 |
94 |
+ "${FILESDIR}/${PN}-4.3.6-iproute2-path.patch" #480636 |
95 |
+ "${FILESDIR}/${PN}-4.2.5-bindtodevice-inet6.patch" #471142 |
96 |
+ "${FILESDIR}/${PN}-4.3.3-ldap-ipv6-client-id.patch" #559832 |
97 |
+ |
98 |
+ # Possible upstream candidates |
99 |
+ "${FILESDIR}/${PN}-4.4.2-fno-common.patch" #710194 |
100 |
+ "${FILESDIR}/dhcp-4.4.2-variable-name.patch" #752402 |
101 |
+) |
102 |
+ |
103 |
+src_prepare() { |
104 |
+ default |
105 |
+ |
106 |
+ # Brand the version with Gentoo |
107 |
+ sed -i \ |
108 |
+ -e "/VERSION=/s:'$: Gentoo-${PR}':" \ |
109 |
+ configure || die |
110 |
+ |
111 |
+ # Change the hook script locations of the scripts |
112 |
+ sed -i \ |
113 |
+ -e 's,/etc/dhclient-exit-hooks,/etc/dhcp/dhclient-exit-hooks,g' \ |
114 |
+ -e 's,/etc/dhclient-enter-hooks,/etc/dhcp/dhclient-enter-hooks,g' \ |
115 |
+ client/scripts/* || die |
116 |
+ |
117 |
+ # No need for the linux script to force bash #158540 |
118 |
+ sed -i -e 's,#!/bin/bash,#!/bin/sh,' client/scripts/linux || die |
119 |
+ |
120 |
+ # Quiet the freebsd logger a little |
121 |
+ sed -i -e '/LOGGER=/ s/-s -p user.notice //g' client/scripts/freebsd || die |
122 |
+ |
123 |
+ # Remove these options from the sample config |
124 |
+ sed -i -r \ |
125 |
+ -e "/(script|host-name|domain-name) /d" \ |
126 |
+ client/dhclient.conf.example || die |
127 |
+ |
128 |
+ if use client && ! use server ; then |
129 |
+ sed -i -r \ |
130 |
+ -e '/^SUBDIRS/s:\<(dhcpctl|relay|server)\>::g' \ |
131 |
+ Makefile.in || die |
132 |
+ elif ! use client && use server ; then |
133 |
+ sed -i -r \ |
134 |
+ -e '/^SUBDIRS/s:\<client\>::' \ |
135 |
+ Makefile.in || die |
136 |
+ fi |
137 |
+ |
138 |
+ # Only install different man pages if we don't have en |
139 |
+ if [[ " ${LINGUAS} " != *" en "* ]]; then |
140 |
+ # Install Japanese man pages |
141 |
+ if [[ " ${LINGUAS} " == *" ja "* && -d doc/ja_JP.eucJP ]]; then |
142 |
+ einfo "Installing Japanese documention" |
143 |
+ cp doc/ja_JP.eucJP/dhclient* client || die |
144 |
+ cp doc/ja_JP.eucJP/dhcp* common || die |
145 |
+ fi |
146 |
+ fi |
147 |
+ # Now remove the non-english docs so there are no errors later |
148 |
+ rm -r doc/ja_JP.eucJP || die |
149 |
+ |
150 |
+ # make the bind build work - do NOT make "binddir" local! |
151 |
+ binddir="${S}/bind" |
152 |
+ cd "${binddir}" || die |
153 |
+ cat <<-EOF > bindvar.tmp |
154 |
+ binddir=${binddir} |
155 |
+ GMAKE=${MAKE:-gmake} |
156 |
+ EOF |
157 |
+ eapply -p2 "${FILESDIR}"/${PN}-4.4.0-bind-disable.patch |
158 |
+ # Only use the relevant subdirs now that ISC |
159 |
+ #removed the lib/export structure in bind. |
160 |
+ sed '/^SUBDIRS/s@=.*$@= isc dns isccfg irs samples@' \ |
161 |
+ -i bind-*/lib/Makefile.in || die |
162 |
+} |
163 |
+ |
164 |
+src_configure() { |
165 |
+ # bind defaults to stupid `/usr/bin/ar` |
166 |
+ tc-export AR BUILD_CC |
167 |
+ export ac_cv_path_AR=${AR} |
168 |
+ |
169 |
+ # this is tested for by the bind build system, and can cause trouble |
170 |
+ # when cross-building; since dhcp itself doesn't make use of libcap, |
171 |
+ # simply disable it. |
172 |
+ export ac_cv_lib_cap_cap_set_proc=no |
173 |
+ |
174 |
+ # Use FHS sane paths ... some of these have configure options, |
175 |
+ # but not all, so just do it all here. |
176 |
+ local e="/etc/dhcp" r="/var/run/dhcp" l="/var/lib/dhcp" |
177 |
+ cat <<-EOF >> includes/site.h |
178 |
+ #define _PATH_DHCPD_CONF "${e}/dhcpd.conf" |
179 |
+ #define _PATH_DHCLIENT_CONF "${e}/dhclient.conf" |
180 |
+ #define _PATH_DHCPD_DB "${l}/dhcpd.leases" |
181 |
+ #define _PATH_DHCPD6_DB "${l}/dhcpd6.leases" |
182 |
+ #define _PATH_DHCLIENT_DB "${l}/dhclient.leases" |
183 |
+ #define _PATH_DHCLIENT6_DB "${l}/dhclient6.leases" |
184 |
+ #define _PATH_DHCPD_PID "${r}/dhcpd.pid" |
185 |
+ #define _PATH_DHCPD6_PID "${r}/dhcpd6.pid" |
186 |
+ #define _PATH_DHCLIENT_PID "${r}/dhcpclient.pid" |
187 |
+ #define _PATH_DHCLIENT6_PID "${r}/dhcpclient6.pid" |
188 |
+ #define _PATH_DHCRELAY_PID "${r}/dhcrelay.pid" |
189 |
+ #define _PATH_DHCRELAY6_PID "${r}/dhcrelay6.pid" |
190 |
+ EOF |
191 |
+ |
192 |
+ # https://bugs.gentoo.org/720806 |
193 |
+ if use ppc || use arm || use hppa; then |
194 |
+ append-libs -latomic |
195 |
+ fi |
196 |
+ |
197 |
+ local myeconfargs=( |
198 |
+ --enable-paranoia |
199 |
+ --enable-early-chroot |
200 |
+ --sysconfdir=${e} |
201 |
+ --with-randomdev=/dev/random |
202 |
+ $(use_enable ipv6 dhcpv6) |
203 |
+ $(use_with ldap) |
204 |
+ $(use ldap && use_with ssl ldapcrypto || echo --without-ldapcrypto) |
205 |
+ LIBS="${LIBS}" |
206 |
+ ) |
207 |
+ econf "${myeconfargs[@]}" |
208 |
+ |
209 |
+ # configure local bind cruft. symtable option requires |
210 |
+ # perl and we don't want to require that #383837. |
211 |
+ cd bind/bind-*/ || die |
212 |
+ local el |
213 |
+ eval econf \ |
214 |
+ $(for el in $(awk '/^bindconfig/,/^$/ {print}' ../Makefile.in) ; do if [[ ${el} =~ ^-- ]] ; then printf ' %s' ${el//\\} ; fi ; done | sed 's,@\([[:alpha:]]\+\)dir@,${binddir}/\1,g') \ |
215 |
+ --with-randomdev=/dev/random \ |
216 |
+ --disable-symtable \ |
217 |
+ --without-make-clean |
218 |
+} |
219 |
+ |
220 |
+src_compile() { |
221 |
+ # build local bind cruft first |
222 |
+ emake -C bind/bind-*/lib install |
223 |
+ # then build standard dhcp code |
224 |
+ emake AR="$(tc-getAR)" |
225 |
+} |
226 |
+ |
227 |
+src_install() { |
228 |
+ default |
229 |
+ |
230 |
+ dodoc README RELNOTES doc/{api+protocol,IANA-arp-parameters} |
231 |
+ docinto html |
232 |
+ dodoc doc/References.html |
233 |
+ |
234 |
+ if [[ -e client/dhclient ]] ; then |
235 |
+ # move the client to / |
236 |
+ dodir /sbin |
237 |
+ mv "${ED}"/usr/sbin/dhclient "${ED}"/sbin/ || die |
238 |
+ |
239 |
+ exeinto /sbin |
240 |
+ if use kernel_linux ; then |
241 |
+ newexe "${S}"/client/scripts/linux dhclient-script |
242 |
+ else |
243 |
+ newexe "${S}"/client/scripts/freebsd dhclient-script |
244 |
+ fi |
245 |
+ fi |
246 |
+ |
247 |
+ if [[ -e server/dhcpd ]] ; then |
248 |
+ if use ldap ; then |
249 |
+ insinto /etc/openldap/schema |
250 |
+ doins contrib/ldap/dhcp.* |
251 |
+ dosbin contrib/ldap/dhcpd-conf-to-ldap |
252 |
+ fi |
253 |
+ |
254 |
+ newinitd "${FILESDIR}"/dhcpd.init5 dhcpd |
255 |
+ newconfd "${FILESDIR}"/dhcpd.conf2 dhcpd |
256 |
+ newinitd "${FILESDIR}"/dhcrelay.init3 dhcrelay |
257 |
+ newconfd "${FILESDIR}"/dhcrelay.conf dhcrelay |
258 |
+ newinitd "${FILESDIR}"/dhcrelay.init3 dhcrelay6 |
259 |
+ newconfd "${FILESDIR}"/dhcrelay6.conf dhcrelay6 |
260 |
+ |
261 |
+ newtmpfiles "${FILESDIR}"/dhcpd.tmpfiles dhcpd.conf |
262 |
+ systemd_dounit "${FILESDIR}"/dhcpd4.service |
263 |
+ systemd_dounit "${FILESDIR}"/dhcpd6.service |
264 |
+ systemd_dounit "${FILESDIR}"/dhcrelay4.service |
265 |
+ systemd_dounit "${FILESDIR}"/dhcrelay6.service |
266 |
+ systemd_install_serviced "${FILESDIR}"/dhcrelay4.service.conf |
267 |
+ systemd_install_serviced "${FILESDIR}"/dhcrelay6.service.conf |
268 |
+ |
269 |
+ sed -i "s:#@slapd@:$(usex ldap slapd ''):" "${ED}"/etc/init.d/* || die #442560 |
270 |
+ fi |
271 |
+ |
272 |
+ # the default config files aren't terribly useful #384087 |
273 |
+ local f |
274 |
+ for f in "${ED}"/etc/dhcp/*.conf.example ; do |
275 |
+ mv "${f}" "${f%.example}" || die |
276 |
+ done |
277 |
+ sed -i '/^[^#]/s:^:#:' "${ED}"/etc/dhcp/*.conf || die |
278 |
+ |
279 |
+ diropts -m0750 -o dhcp -g dhcp |
280 |
+ keepdir /var/lib/dhcp |
281 |
+} |
282 |
+ |
283 |
+pkg_preinst() { |
284 |
+ # Keep the user files over the sample ones. The |
285 |
+ # hashing is to ignore the crappy defaults #384087. |
286 |
+ local f h |
287 |
+ for f in dhclient:da7c8496a96452190aecf9afceef4510 dhcpd:10979e7b71134bd7f04d2a60bd58f070 ; do |
288 |
+ h=${f#*:} |
289 |
+ f="/etc/dhcp/${f%:*}.conf" |
290 |
+ if [ -e "${EROOT}"${f} ] ; then |
291 |
+ case $(md5sum "${EROOT}"${f}) in |
292 |
+ ${h}*) ;; |
293 |
+ *) cp -p "${EROOT}"${f} "${ED}"${f};; |
294 |
+ esac |
295 |
+ fi |
296 |
+ done |
297 |
+} |
298 |
+ |
299 |
+pkg_postinst() { |
300 |
+ if [[ -e "${ROOT}"/etc/init.d/dhcp ]] ; then |
301 |
+ ewarn |
302 |
+ ewarn "WARNING: The dhcp init script has been renamed to dhcpd" |
303 |
+ ewarn "/etc/init.d/dhcp and /etc/conf.d/dhcp need to be removed and" |
304 |
+ ewarn "and dhcp should be removed from the default runlevel" |
305 |
+ ewarn |
306 |
+ fi |
307 |
+} |