From c417d2a49de69fa60b408e6bc9c2a372caffe1f8 Mon Sep 17 00:00:00 2001 From: Lars Wendler Date: Tue, 17 Jan 2017 16:58:30 +0100 Subject: net-misc/dhcp: Security cleanup (bug #576866). Package-Manager: Portage-2.3.3, Repoman-2.3.1 --- net-misc/dhcp/Manifest | 1 - net-misc/dhcp/dhcp-4.3.3_p1.ebuild | 258 ------------- net-misc/dhcp/files/dhcp-4.0-dhclient-ntp.patch | 216 ----------- .../dhcp/files/dhcp-4.2.0-errwarn-message.patch | 31 -- .../files/dhcp-4.2.2-dhclient-resolvconf.patch | 409 --------------------- net-misc/dhcp/files/dhcp-4.3.3-bind-disable.patch | 30 -- 6 files changed, 945 deletions(-) delete mode 100644 net-misc/dhcp/dhcp-4.3.3_p1.ebuild delete mode 100644 net-misc/dhcp/files/dhcp-4.0-dhclient-ntp.patch delete mode 100644 net-misc/dhcp/files/dhcp-4.2.0-errwarn-message.patch delete mode 100644 net-misc/dhcp/files/dhcp-4.2.2-dhclient-resolvconf.patch delete mode 100644 net-misc/dhcp/files/dhcp-4.3.3-bind-disable.patch (limited to 'net-misc') diff --git a/net-misc/dhcp/Manifest b/net-misc/dhcp/Manifest index f3d15ab69550..3341a295d950 100644 --- a/net-misc/dhcp/Manifest +++ b/net-misc/dhcp/Manifest @@ -1,3 +1,2 @@ -DIST dhcp-4.3.3-P1.tar.gz 9204043 SHA256 c11e896dffa1bfbc49462965d3f6dec45534e34068603546d9a236f2aa669921 SHA512 7e14268b4acaa82c807af9d956f76f4327a9a75d36273a244fef74dbd54e7506e8b38ce6035e56f61ab09a19bfc0a40599f76c89dc342514f1048b5ac3b2a0eb WHIRLPOOL a0a6873e2f1625cfa208c328ed2d6ec507e239456d6eba24f5731a83ba16f5fbb36f0d6d99fd33fb9045cbf051116196a57c6c2ded2b36e93964475ad29d2b0e DIST dhcp-4.3.4.tar.gz 9302513 SHA256 f5115aee3dd3e6925de4ba47b80ab732ba48b481c8364b6ebade2d43698d607e SHA512 411c3f0e1effedb2a95f00539d13164530a56b50830008eb78906b3c8bf4070c331cf54a431770aed5d1b6ba214840446964210060674f746781cc97842ad706 WHIRLPOOL ea283592268c8efabd7fec430bd21c45306822b9275c91ee1e604d09e92f9eb3c50941ea11ecd9dcb230caec3b8e6ee94958e8eb6375e0ca0e7a64a8aaf63bce DIST dhcp-4.3.5.tar.gz 10075147 SHA256 eb95936bf15d2393c55dd505bc527d1d4408289cec5a9fa8abb99f7577e7f954 SHA512 aba0e1d361eb9e7ed33fc48c0b0b9288057af9ec51775e40e27feb9ababc182506706fcf39079236ce36b0f7ded391e107474dc29de2e60ed45d37753505e1f0 WHIRLPOOL 85012016d81efb7654ec417e7a0f1a6145e8e143b13d6d9470d0fb7caf37c035441d5b2b8849d332f8ad0a9a6509bb0b931ac8f207f7ba9104e96811c0360124 diff --git a/net-misc/dhcp/dhcp-4.3.3_p1.ebuild b/net-misc/dhcp/dhcp-4.3.3_p1.ebuild deleted file mode 100644 index 60860e60f6d4..000000000000 --- a/net-misc/dhcp/dhcp-4.3.3_p1.ebuild +++ /dev/null @@ -1,258 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 - -inherit eutils systemd toolchain-funcs user - -MY_PV="${PV//_alpha/a}" -MY_PV="${MY_PV//_beta/b}" -MY_PV="${MY_PV//_rc/rc}" -MY_PV="${MY_PV//_p/-P}" -MY_P="${PN}-${MY_PV}" -DESCRIPTION="ISC Dynamic Host Configuration Protocol (DHCP) client/server" -HOMEPAGE="http://www.isc.org/products/DHCP" -SRC_URI="ftp://ftp.isc.org/isc/dhcp/${MY_P}.tar.gz - ftp://ftp.isc.org/isc/dhcp/${MY_PV}/${MY_P}.tar.gz" - -LICENSE="ISC BSD SSLeay GPL-2" # GPL-2 only for init script -SLOT="0" -KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" -IUSE="+client ipv6 kernel_linux ldap libressl selinux +server ssl vim-syntax" - -DEPEND=" - client? ( - kernel_linux? ( - ipv6? ( sys-apps/iproute2 ) - sys-apps/net-tools - ) - ) - ldap? ( - net-nds/openldap - ssl? ( - !libressl? ( dev-libs/openssl:0 ) - libressl? ( dev-libs/libressl ) - ) - )" -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-dhcp ) - vim-syntax? ( app-vim/dhcpd-syntax )" - -S="${WORKDIR}/${MY_P}" - -src_unpack() { - unpack ${A} - # handle local bind hell - cd "${S}"/bind - unpack ./bind.tar.gz -} - -src_prepare() { - # Gentoo patches - these will probably never be accepted upstream - # Fix some permission issues - epatch "${FILESDIR}"/${PN}-3.0-fix-perms.patch - # Enable dhclient to equery NTP servers - epatch "${FILESDIR}"/${PN}-4.0-dhclient-ntp.patch - epatch "${FILESDIR}"/${PN}-4.3.1-dhclient-resolvconf.patch - # Stop downing the interface on Linux as that breaks link daemons - # such as wpa_supplicant and netplug - epatch "${FILESDIR}"/${PN}-3.0.3-dhclient-no-down.patch - # Enable dhclient to get extra configuration from stdin - epatch "${FILESDIR}"/${PN}-4.2.2-dhclient-stdin-conf.patch - epatch "${FILESDIR}"/${PN}-4.2.2-nogateway.patch #265531 - epatch "${FILESDIR}"/${PN}-4.2.4-quieter-ping.patch #296921 - epatch "${FILESDIR}"/${PN}-4.2.4-always-accept-4.patch #437108 - epatch "${FILESDIR}"/${PN}-4.2.5-iproute2-path.patch #480636 - epatch "${FILESDIR}"/${PN}-4.2.5-bindtodevice-inet6.patch #471142 - epatch "${FILESDIR}"/${PN}-4.3.3-ldap-ipv6-client-id.patch #559832 - - # Brand the version with Gentoo - sed -i \ - -e "/VERSION=/s:'$: Gentoo-${PR}':" \ - configure || die - - # Change the hook script locations of the scripts - sed -i \ - -e 's,/etc/dhclient-exit-hooks,/etc/dhcp/dhclient-exit-hooks,g' \ - -e 's,/etc/dhclient-enter-hooks,/etc/dhcp/dhclient-enter-hooks,g' \ - client/scripts/* || die - - # No need for the linux script to force bash #158540 - sed -i -e 's,#!/bin/bash,#!/bin/sh,' client/scripts/linux || die - - # Quiet the freebsd logger a little - sed -i -e '/LOGGER=/ s/-s -p user.notice //g' client/scripts/freebsd || die - - # Remove these options from the sample config - sed -i -r \ - -e "/(script|host-name|domain-name) /d" \ - client/dhclient.conf.example || die - - if use client && ! use server ; then - sed -i -r \ - -e '/^SUBDIRS/s:\<(dhcpctl|relay|server)\>::g' \ - Makefile.in || die - elif ! use client && use server ; then - sed -i -r \ - -e '/^SUBDIRS/s:\::' \ - Makefile.in || die - fi - - # Only install different man pages if we don't have en - if [[ " ${LINGUAS} " != *" en "* ]]; then - # Install Japanese man pages - if [[ " ${LINGUAS} " == *" ja "* && -d doc/ja_JP.eucJP ]]; then - einfo "Installing Japanese documention" - cp doc/ja_JP.eucJP/dhclient* client - cp doc/ja_JP.eucJP/dhcp* common - fi - fi - # Now remove the non-english docs so there are no errors later - rm -rf doc/ja_JP.eucJP - - # make the bind build work - binddir=${S}/bind - cd "${binddir}" || die - cat <<-EOF > bindvar.tmp - binddir=${binddir} - GMAKE=${MAKE:-gmake} - EOF - epatch "${FILESDIR}"/${PN}-4.3.3-bind-disable.patch - cd bind-*/ - epatch "${FILESDIR}"/${PN}-4.2.2-bind-parallel-build.patch #380717 - epatch "${FILESDIR}"/${PN}-4.2.2-bind-build-flags.patch -} - -src_configure() { - # bind defaults to stupid `/usr/bin/ar` - tc-export AR BUILD_CC - export ac_cv_path_AR=${AR} - - # this is tested for by the bind build system, and can cause trouble - # when cross-building; since dhcp itself doesn't make use of libcap, - # simply disable it. - export ac_cv_lib_cap_cap_set_proc=no - - # Use FHS sane paths ... some of these have configure options, - # but not all, so just do it all here. - local e="/etc/dhcp" r="/var/run/dhcp" l="/var/lib/dhcp" - cat <<-EOF >> includes/site.h - #define _PATH_DHCPD_CONF "${e}/dhcpd.conf" - #define _PATH_DHCLIENT_CONF "${e}/dhclient.conf" - #define _PATH_DHCPD_DB "${l}/dhcpd.leases" - #define _PATH_DHCPD6_DB "${l}/dhcpd6.leases" - #define _PATH_DHCLIENT_DB "${l}/dhclient.leases" - #define _PATH_DHCLIENT6_DB "${l}/dhclient6.leases" - #define _PATH_DHCPD_PID "${r}/dhcpd.pid" - #define _PATH_DHCPD6_PID "${r}/dhcpd6.pid" - #define _PATH_DHCLIENT_PID "${r}/dhcpclient.pid" - #define _PATH_DHCLIENT6_PID "${r}/dhcpclient6.pid" - #define _PATH_DHCRELAY_PID "${r}/dhcrelay.pid" - #define _PATH_DHCRELAY6_PID "${r}/dhcrelay6.pid" - EOF - - econf \ - --enable-paranoia \ - --enable-early-chroot \ - --sysconfdir=${e} \ - $(use_enable ipv6 dhcpv6) \ - $(use_with ldap) \ - $(use ldap && use_with ssl ldapcrypto || echo --without-ldapcrypto) - - # configure local bind cruft. symtable option requires - # perl and we don't want to require that #383837. - cd bind/bind-*/ || die - eval econf \ - $(sed -n '/^bindconfig =/,/^$/{:a;N;$!ba;s,^[^-]*,,;s,\\\s*\n\s*--,--,g;s, @[[:upper:]]\+@,,g;P;D}' ../Makefile.in) \ - --disable-symtable \ - --without-make-clean -} - -src_compile() { - # build local bind cruft first - emake -C bind/bind-*/lib/export install - # then build standard dhcp code - emake AR="$(tc-getAR)" -} - -src_install() { - default - - dodoc README RELNOTES doc/{api+protocol,IANA-arp-parameters} - dohtml doc/References.html - - if [[ -e client/dhclient ]] ; then - # move the client to / - dodir /sbin - mv "${D}"/usr/sbin/dhclient "${D}"/sbin/ || die - - exeinto /sbin - if use kernel_linux ; then - newexe "${S}"/client/scripts/linux dhclient-script - else - newexe "${S}"/client/scripts/freebsd dhclient-script - fi - fi - - if [[ -e server/dhcpd ]] ; then - if use ldap ; then - insinto /etc/openldap/schema - doins contrib/ldap/dhcp.* - dosbin contrib/ldap/dhcpd-conf-to-ldap - fi - - newinitd "${FILESDIR}"/dhcpd.init5 dhcpd - newconfd "${FILESDIR}"/dhcpd.conf2 dhcpd - newinitd "${FILESDIR}"/dhcrelay.init3 dhcrelay - newconfd "${FILESDIR}"/dhcrelay.conf dhcrelay - newinitd "${FILESDIR}"/dhcrelay.init3 dhcrelay6 - newconfd "${FILESDIR}"/dhcrelay6.conf dhcrelay6 - - systemd_newtmpfilesd "${FILESDIR}"/dhcpd.tmpfiles dhcpd.conf - systemd_dounit "${FILESDIR}"/dhcpd4.service - systemd_dounit "${FILESDIR}"/dhcpd6.service - systemd_dounit "${FILESDIR}"/dhcrelay4.service - systemd_dounit "${FILESDIR}"/dhcrelay6.service - systemd_install_serviced "${FILESDIR}"/dhcrelay4.service.conf - systemd_install_serviced "${FILESDIR}"/dhcrelay6.service.conf - - sed -i "s:#@slapd@:$(usex ldap slapd ''):" "${ED}"/etc/init.d/* || die #442560 - fi - - # the default config files aren't terribly useful #384087 - local f - for f in "${ED}"/etc/dhcp/*.conf.example ; do - mv "${f}" "${f%.example}" || die - done - sed -i '/^[^#]/s:^:#:' "${ED}"/etc/dhcp/*.conf || die -} - -pkg_preinst() { - enewgroup dhcp - enewuser dhcp -1 -1 /var/lib/dhcp dhcp - - # Keep the user files over the sample ones. The - # hashing is to ignore the crappy defaults #384087. - local f h - for f in dhclient:da7c8496a96452190aecf9afceef4510 dhcpd:10979e7b71134bd7f04d2a60bd58f070 ; do - h=${f#*:} - f="/etc/dhcp/${f%:*}.conf" - if [ -e "${EROOT}"${f} ] ; then - case $(md5sum "${EROOT}"${f}) in - ${h}*) ;; - *) cp -p "${EROOT}"${f} "${ED}"${f};; - esac - fi - done -} - -pkg_postinst() { - if [[ -e "${ROOT}"/etc/init.d/dhcp ]] ; then - ewarn - ewarn "WARNING: The dhcp init script has been renamed to dhcpd" - ewarn "/etc/init.d/dhcp and /etc/conf.d/dhcp need to be removed and" - ewarn "and dhcp should be removed from the default runlevel" - ewarn - fi -} diff --git a/net-misc/dhcp/files/dhcp-4.0-dhclient-ntp.patch b/net-misc/dhcp/files/dhcp-4.0-dhclient-ntp.patch deleted file mode 100644 index d3f29714b021..000000000000 --- a/net-misc/dhcp/files/dhcp-4.0-dhclient-ntp.patch +++ /dev/null @@ -1,216 +0,0 @@ -diff -uNr dhcp-4.0.0.ORIG/client/clparse.c dhcp-4.0.0/client/clparse.c ---- dhcp-4.0.0.ORIG/client/clparse.c 2008-09-01 11:38:51.000000000 +0100 -+++ dhcp-4.0.0/client/clparse.c 2008-09-01 11:48:17.000000000 +0100 -@@ -37,7 +37,7 @@ - - struct client_config top_level_config; - --#define NUM_DEFAULT_REQUESTED_OPTS 9 -+#define NUM_DEFAULT_REQUESTED_OPTS 10 - struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 1]; - - static void parse_client_default_duid(struct parse *cfile); -@@ -98,15 +98,20 @@ - dhcp_universe.code_hash, &code, 0, MDL); - - /* 8 */ -- code = D6O_NAME_SERVERS; -+ code = DHO_NTP_SERVERS; - option_code_hash_lookup(&default_requested_options[7], -- dhcpv6_universe.code_hash, &code, 0, MDL); -+ dhcp_universe.code_hash, &code, 0, MDL); - - /* 9 */ -- code = D6O_DOMAIN_SEARCH; -+ code = D6O_NAME_SERVERS; - option_code_hash_lookup(&default_requested_options[8], - dhcpv6_universe.code_hash, &code, 0, MDL); - -+ /* 10 */ -+ code = D6O_DOMAIN_SEARCH; -+ option_code_hash_lookup(&default_requested_options[9], -+ dhcpv6_universe.code_hash, &code, 0, MDL); -+ - for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) { - if (default_requested_options[code] == NULL) - log_fatal("Unable to find option definition for " -diff -uNr dhcp-4.0.0.ORIG/client/scripts/bsdos dhcp-4.0.0/client/scripts/bsdos ---- dhcp-4.0.0.ORIG/client/scripts/bsdos 2008-09-01 11:38:51.000000000 +0100 -+++ dhcp-4.0.0/client/scripts/bsdos 2008-09-01 11:39:30.000000000 +0100 -@@ -29,6 +29,26 @@ - - mv /etc/resolv.conf.dhclient6 /etc/resolv.conf - fi -+ # If we're making confs, may as well make an ntp.conf too -+ make_ntp_conf -+} -+ -+make_ntp_conf() { -+ if [ x$PEER_NTP = x ] || [ x$PEER_NTP = xyes ]; then -+ if [ x$new_ntp_servers != x ]; then -+ conf="# Generated by dhclient for interface $interface\n" -+ conf="${conf}restrict default noquery notrust nomodify\n" -+ conf="${conf}restrict 127.0.0.1\n" -+ for ntpserver in $new_ntp_servers; do -+ conf="${conf}restrict $ntpserver nomodify notrap noquery\n" -+ conf="${conf}server $ntpserver\n" -+ done -+ conf="${conf}driftfile /var/lib/ntp/ntp.drift\n" -+ conf="${conf}logfile /var/log/ntp.log\n" -+ printf "${conf}" > /etc/ntp.conf -+ chmod 644 /etc/ntp.conf -+ fi -+ fi - } - - # Must be used on exit. Invokes the local dhcp client exit hooks, if any. -diff -uNr dhcp-4.0.0.ORIG/client/scripts/freebsd dhcp-4.0.0/client/scripts/freebsd ---- dhcp-4.0.0.ORIG/client/scripts/freebsd 2008-09-01 11:38:51.000000000 +0100 -+++ dhcp-4.0.0/client/scripts/freebsd 2008-09-01 11:39:30.000000000 +0100 -@@ -73,6 +73,26 @@ - fi - fi - fi -+ # If we're making confs, may as well make an ntp.conf too -+ make_ntp_conf -+} -+ -+make_ntp_conf() { -+ if [ x$PEER_NTP = x ] || [ x$PEER_NTP = xyes ]; then -+ if [ "x$new_ntp_servers" != x ]; then -+ conf="# Generated by dhclient for interface $interface\n" -+ conf="${conf}restrict default noquery notrust nomodify\n" -+ conf="${conf}restrict 127.0.0.1\n" -+ for ntpserver in $new_ntp_servers; do -+ conf="${conf}restrict $ntpserver nomodify notrap noquery\n" -+ conf="${conf}server $ntpserver\n" -+ done -+ conf="${conf}driftfile /var/lib/ntp/ntp.drift\n" -+ conf="${conf}logfile /var/log/ntp.log\n" -+ printf "${conf}" > /etc/ntp.conf -+ chmod 644 /etc/ntp.conf -+ fi -+ fi - } - - # Must be used on exit. Invokes the local dhcp client exit hooks, if any. -diff -uNr dhcp-4.0.0.ORIG/client/scripts/linux dhcp-4.0.0/client/scripts/linux ---- dhcp-4.0.0.ORIG/client/scripts/linux 2008-09-01 11:38:51.000000000 +0100 -+++ dhcp-4.0.0/client/scripts/linux 2008-09-01 11:39:30.000000000 +0100 -@@ -55,6 +55,26 @@ - - mv /etc/resolv.conf.dhclient6 /etc/resolv.conf - fi -+ # If we're making confs, may as well make an ntp.conf too -+ make_ntp_conf -+} -+ -+make_ntp_conf() { -+ if [ x$PEER_NTP = x ] || [ x$PEER_NTP = xyes ]; then -+ if [ "x$new_ntp_servers" != x ]; then -+ conf="# Generated by dhclient for interface $interface\n" -+ conf="${conf}restrict default noquery notrust nomodify\n" -+ conf="${conf}restrict 127.0.0.1\n" -+ for ntpserver in $new_ntp_servers; do -+ conf="${conf}restrict $ntpserver nomodify notrap noquery\n" -+ conf="${conf}server $ntpserver\n" -+ done -+ conf="${conf}driftfile /var/lib/ntp/ntp.drift\n" -+ conf="${conf}logfile /var/log/ntp.log\n" -+ printf "${conf}" > /etc/ntp.conf -+ chmod 644 /etc/ntp.conf -+ fi -+ fi - } - - # Must be used on exit. Invokes the local dhcp client exit hooks, if any. -diff -uNr dhcp-4.0.0.ORIG/client/scripts/netbsd dhcp-4.0.0/client/scripts/netbsd ---- dhcp-4.0.0.ORIG/client/scripts/netbsd 2008-09-01 11:38:51.000000000 +0100 -+++ dhcp-4.0.0/client/scripts/netbsd 2008-09-01 11:39:30.000000000 +0100 -@@ -29,6 +29,26 @@ - - mv /etc/resolv.conf.dhclient6 /etc/resolv.conf - fi -+ # If we're making confs, may as well make an ntp.conf too -+ make_ntp_conf -+} -+ -+make_ntp_conf() { -+ if [ x$PEER_NTP = x ] || [ x$PEER_NTP = xyes ]; then -+ if [ "x$new_ntp_servers" != x ]; then -+ conf="# Generated by dhclient for interface $interface\n" -+ conf="${conf}restrict default noquery notrust nomodify\n" -+ conf="${conf}restrict 127.0.0.1\n" -+ for ntpserver in $new_ntp_servers; do -+ conf="${conf}restrict $ntpserver nomodify notrap noquery\n" -+ conf="${conf}server $ntpserver\n" -+ done -+ conf="${conf}driftfile /var/lib/ntp/ntp.drift\n" -+ conf="${conf}logfile /var/log/ntp.log\n" -+ printf "${conf}" > /etc/ntp.conf -+ chmod 644 /etc/ntp.conf -+ fi -+ fi - } - - # Must be used on exit. Invokes the local dhcp client exit hooks, if any. -diff -uNr dhcp-4.0.0.ORIG/client/scripts/openbsd dhcp-4.0.0/client/scripts/openbsd ---- dhcp-4.0.0.ORIG/client/scripts/openbsd 2008-09-01 11:38:51.000000000 +0100 -+++ dhcp-4.0.0/client/scripts/openbsd 2008-09-01 11:39:30.000000000 +0100 -@@ -29,6 +29,26 @@ - - mv /etc/resolv.conf.dhclient6 /etc/resolv.conf - fi -+ # If we're making confs, may as well make an ntp.conf too -+ make_ntp_conf -+} -+ -+make_ntp_conf() { -+ if [ x$PEER_NTP = x ] || [ x$PEER_NTP = xyes ]; then -+ if [ "x$new_ntp_servers" != x ]; then -+ conf="# Generated by dhclient for interface $interface\n" -+ conf="${conf}restrict default noquery notrust nomodify\n" -+ conf="${conf}restrict 127.0.0.1\n" -+ for ntpserver in $new_ntp_servers; do -+ conf="${conf}restrict $ntpserver nomodify notrap noquery\n" -+ conf="${conf}server $ntpserver\n" -+ done -+ conf="${conf}driftfile /var/lib/ntp/ntp.drift\n" -+ conf="${conf}logfile /var/log/ntp.log\n" -+ printf "${conf}" > /etc/ntp.conf -+ chmod 644 /etc/ntp.conf -+ fi -+ fi - } - - # Must be used on exit. Invokes the local dhcp client exit hooks, if any. -diff -uNr dhcp-4.0.0.ORIG/client/scripts/solaris dhcp-4.0.0/client/scripts/solaris ---- dhcp-4.0.0.ORIG/client/scripts/solaris 2008-09-01 11:38:51.000000000 +0100 -+++ dhcp-4.0.0/client/scripts/solaris 2008-09-01 11:39:30.000000000 +0100 -@@ -17,6 +17,26 @@ - - mv /etc/resolv.conf.dhclient /etc/resolv.conf - fi -+ # If we're making confs, may as well make an ntp.conf too -+ make_ntp_conf -+} -+ -+make_ntp_conf() { -+ if [ x$PEER_NTP = x ] || [ x$PEER_NTP = xyes ]; then -+ if [ "x$new_ntp_servers" != x ]; then -+ conf="# Generated by dhclient for interface $interface\n" -+ conf="${conf}restrict default noquery notrust nomodify\n" -+ conf="${conf}restrict 127.0.0.1\n" -+ for ntpserver in $new_ntp_servers; do -+ conf="${conf}restrict $ntpserver nomodify notrap noquery\n" -+ conf="${conf}server $ntpserver\n" -+ done -+ conf="${conf}driftfile /var/lib/ntp/ntp.drift\n" -+ conf="${conf}logfile /var/log/ntp.log\n" -+ printf "${conf}" > /etc/ntp.conf -+ chmod 644 /etc/ntp.conf -+ fi -+ fi - } - - # Must be used on exit. Invokes the local dhcp client exit hooks, if any. diff --git a/net-misc/dhcp/files/dhcp-4.2.0-errwarn-message.patch b/net-misc/dhcp/files/dhcp-4.2.0-errwarn-message.patch deleted file mode 100644 index f882a1345f35..000000000000 --- a/net-misc/dhcp/files/dhcp-4.2.0-errwarn-message.patch +++ /dev/null @@ -1,31 +0,0 @@ -ripped from Fedora & tweaked - ---- dhcp-4.2.0/omapip/errwarn.c -+++ dhcp-4.2.0/omapip/errwarn.c -@@ -76,20 +76,13 @@ - - #if !defined (NOMINUM) - log_error ("%s", ""); -- log_error ("If you did not get this software from ftp.isc.org, please"); -- log_error ("get the latest from ftp.isc.org and install that before"); -- log_error ("requesting help."); -+ log_error ("This version of ISC DHCP is based on the release available"); -+ log_error ("on ftp.isc.org. Features have been added and other changes"); -+ log_error ("have been made to the base software release in order to make"); -+ log_error ("it work better with this distribution."); - log_error ("%s", ""); -- log_error ("If you did get this software from ftp.isc.org and have not"); -- log_error ("yet read the README, please read it before requesting help."); -- log_error ("If you intend to request help from the dhcp-server@isc.org"); -- log_error ("mailing list, please read the section on the README about"); -- log_error ("submitting bug reports and requests for help."); -- log_error ("%s", ""); -- log_error ("Please do not under any circumstances send requests for"); -- log_error ("help directly to the authors of this software - please"); -- log_error ("send them to the appropriate mailing list as described in"); -- log_error ("the README file."); -+ log_error ("Please report for this software via the Gentoo Bugzilla site:"); -+ log_error (" http://bugs.gentoo.org/"); - log_error ("%s", ""); - log_error ("exiting."); - #endif diff --git a/net-misc/dhcp/files/dhcp-4.2.2-dhclient-resolvconf.patch b/net-misc/dhcp/files/dhcp-4.2.2-dhclient-resolvconf.patch deleted file mode 100644 index 28080a848d71..000000000000 --- a/net-misc/dhcp/files/dhcp-4.2.2-dhclient-resolvconf.patch +++ /dev/null @@ -1,409 +0,0 @@ ---- a/client/scripts/bsdos -+++ b/client/scripts/bsdos -@@ -1,40 +1,46 @@ - #!/bin/sh - - make_resolv_conf() { -+ if [ x"$PEER_DNS" != x ] && [ x"$PEER_DNS" != xyes ]; then -+ return 0 -+ fi -+ local conf= - if [ x"$new_domain_name_servers" != x ]; then -- cat /dev/null > /etc/resolv.conf.dhclient - if [ "x$new_domain_search" != x ]; then -- echo search $new_domain_search >> /etc/resolv.conf.dhclient -+ conf="${conf}search ${new_domain_search}\n" - elif [ "x$new_domain_name" != x ]; then - # Note that the DHCP 'Domain Name Option' is really just a domain - # name, and that this practice of using the domain name option as - # a search path is both nonstandard and deprecated. -- echo search $new_domain_name >> /etc/resolv.conf.dhclient -+ conf="${conf}search ${new_domain_name}\n" - fi - for nameserver in $new_domain_name_servers; do -- echo nameserver $nameserver >> /etc/resolv.conf.dhclient -+ conf="${conf}nameserver ${nameserver}\n" - done -- -- mv /etc/resolv.conf.dhclient /etc/resolv.conf - elif [ "x${new_dhcp6_name_servers}" != x ] ; then -- cat /dev/null > /etc/resolv.conf.dhclient6 -- chmod 644 /etc/resolv.conf.dhclient6 -- - if [ "x${new_dhcp6_domain_search}" != x ] ; then -- echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6 -+ conf="${conf}search ${new_dhcp6_domain_search}\n" - fi - for nameserver in ${new_dhcp6_name_servers} ; do - # If the nameserver has a link-local address - # add a (interface name) to it. - case $nameserver in - fe80:*) zone_id="%$interface";; - FE80:*) zone_id="%$interface";; - *) zone_id='';; - esac -- echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6 -+ conf="${conf}nameserver ${nameserver}$zone_id\n" - done -+ fi - -- mv /etc/resolv.conf.dhclient6 /etc/resolv.conf -+ if [ x"$conf" != x ]; then -+ conf="# Generated by dhclient or interface $interface\n${conf}" -+ if type resolvconf >/dev/null 2>&1; then -+ printf "${conf}" | resolvconf -a $interface -+ else -+ printf "${conf}" > /etc/resolv.conf -+ chmod 644 /etc/resolv.conf -+ fi - fi - } - ---- a/client/scripts/freebsd -+++ b/client/scripts/freebsd -@@ -11,73 +11,45 @@ - fi - - make_resolv_conf() { -+ if [ x"$PEER_DNS" != x ] && [ x"$PEER_DNS" != xyes ]; then -+ return 0 -+ fi -+ local conf= - if [ x"$new_domain_name_servers" != x ]; then -- ( cat /dev/null > /etc/resolv.conf.dhclient ) -- exit_status=$? -- if [ $exit_status -ne 0 ]; then -- $LOGGER "Unable to create /etc/resolv.conf.dhclient: Error $exit_status" -- else -- if [ "x$new_domain_search" != x ]; then -- ( echo search $new_domain_search >> /etc/resolv.conf.dhclient ) -- exit_status=$? -- elif [ "x$new_domain_name" != x ]; then -- # Note that the DHCP 'Domain Name Option' is really just a domain -- # name, and that this practice of using the domain name option as -- # a search path is both nonstandard and deprecated. -- ( echo search $new_domain_name >> /etc/resolv.conf.dhclient ) -- exit_status=$? -- fi -- for nameserver in $new_domain_name_servers; do -- if [ $exit_status -ne 0 ]; then -- break -- fi -- ( echo nameserver $nameserver >>/etc/resolv.conf.dhclient ) -- exit_status=$? -- done -- -- # If there were no errors, attempt to mv the new file into place. -- if [ $exit_status -eq 0 ]; then -- ( mv /etc/resolv.conf.dhclient /etc/resolv.conf ) -- exit_status=$? -- fi -- -- if [ $exit_status -ne 0 ]; then -- $LOGGER "Error while writing new /etc/resolv.conf." -- fi -+ if [ "x$new_domain_search" != x ]; then -+ conf="${conf}search ${new_domain_search}\n" -+ elif [ "x$new_domain_name" != x ]; then -+ # Note that the DHCP 'Domain Name Option' is really just a domain -+ # name, and that this practice of using the domain name option as -+ # a search path is both nonstandard and deprecated. -+ conf="${conf}search ${new_domain_name}\n" - fi -+ for nameserver in $new_domain_name_servers; do -+ conf="${conf}nameserver ${nameserver}\n" -+ done - elif [ "x${new_dhcp6_name_servers}" != x ] ; then -- ( cat /dev/null > /etc/resolv.conf.dhclient6 ) -- exit_status=$? -- if [ $exit_status -ne 0 ] ; then -- $LOGGER "Unable to create /etc/resolv.conf.dhclient6: Error $exit_status" -- else -- if [ "x${new_dhcp6_domain_search}" != x ] ; then -- ( echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6 ) -- exit_status=$? -- fi -- for nameserver in ${new_dhcp6_name_servers} ; do -- if [ $exit_status -ne 0 ] ; then -- break -- fi - # If the nameserver has a link-local address - # add a (interface name) to it. - case $nameserver in - fe80:*) zone_id="%$interface";; - FE80:*) zone_id="%$interface";; - *) zone_id='';; - esac -- ( echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6 ) -- exit_status=$? -- done -- -- if [ $exit_status -eq 0 ] ; then -- ( mv /etc/resolv.conf.dhclient6 /etc/resolv.conf ) -- exit_status=$? -- fi -+ if [ "x${new_dhcp6_domain_search}" != x ] ; then -+ conf="${conf}search ${new_dhcp6_domain_search}\n" -+ fi -+ for nameserver in ${new_dhcp6_name_servers} ; do -+ conf="${conf}nameserver ${nameserver}$zone_id\n" -+ done -+ fi - -- if [ $exit_status -ne 0 ] ; then -- $LOGGER "Error while writing new /etc/resolv.conf." -- fi -+ if [ x"$conf" != x ]; then -+ conf="# Generated by dhclient or interface $interface\n${conf}" -+ if type resolvconf >/dev/null 2>&1; then -+ printf "${conf}" | resolvconf -a $interface -+ else -+ printf "${conf}" > /etc/resolv.conf -+ chmod 644 /etc/resolv.conf - fi - fi - } ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -26,44 +26,49 @@ - ip=/sbin/ip - - make_resolv_conf() { -+ if [ x"$PEER_DNS" != x ] && [ x"$PEER_DNS" != xyes ]; then -+ return 0 -+ fi -+ local conf= - if [ x"$new_domain_name_servers" != x ]; then -- cat /dev/null > /etc/resolv.conf.dhclient -- chmod 644 /etc/resolv.conf.dhclient -- if [ x"$new_domain_search" != x ]; then -- echo search $new_domain_search >> /etc/resolv.conf.dhclient -- elif [ x"$new_domain_name" != x ]; then -+ if [ "x$new_domain_search" != x ]; then -+ conf="${conf}search ${new_domain_search}\n" -+ elif [ "x$new_domain_name" != x ]; then - # Note that the DHCP 'Domain Name Option' is really just a domain - # name, and that this practice of using the domain name option as - # a search path is both nonstandard and deprecated. -- echo search $new_domain_name >> /etc/resolv.conf.dhclient -+ conf="${conf}search ${new_domain_name}\n" - fi - for nameserver in $new_domain_name_servers; do -- echo nameserver $nameserver >>/etc/resolv.conf.dhclient -+ conf="${conf}nameserver ${nameserver}\n" - done -- -- mv /etc/resolv.conf.dhclient /etc/resolv.conf - elif [ "x${new_dhcp6_name_servers}" != x ] ; then -- cat /dev/null > /etc/resolv.conf.dhclient6 -- chmod 644 /etc/resolv.conf.dhclient6 -- - if [ "x${new_dhcp6_domain_search}" != x ] ; then -- echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6 -+ conf="${conf}search ${new_dhcp6_domain_search}\n" - fi - shopt -s nocasematch - for nameserver in ${new_dhcp6_name_servers} ; do - # If the nameserver has a link-local address - # add a (interface name) to it. - if [[ "$nameserver" =~ ^fe80:: ]] - then - zone_id="%$interface" - else - zone_id= - fi -- echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6 -+ conf="${conf}nameserver ${nameserver}$zone_id\n" - done - shopt -u nocasematch -+ fi - -- mv /etc/resolv.conf.dhclient6 /etc/resolv.conf -+ if [ x"$conf" != x ]; then -+ conf="# Generated by dhclient or interface $interface\n${conf}" -+ if type resolvconf >/dev/null 2>&1; then -+ printf "${conf}" | resolvconf -a $interface -+ else -+ printf "${conf}" > /etc/resolv.conf -+ chmod 644 /etc/resolv.conf -+ fi - fi - } - ---- a/client/scripts/netbsd -+++ b/client/scripts/netbsd -@@ -1,40 +1,46 @@ - #!/bin/sh - - make_resolv_conf() { -- if [ "x$new_domain_name" != x ] && [ x"$new_domain_name_servers" != x ]; then -- cat /dev/null > /etc/resolv.conf.dhclient -- if [ "x$new_domain_search" != x ]; then -- echo search $new_domain_search >> /etc/resolv.conf.dhclient -- elif [ "x$new_domain_name" != x ]; then -+ if [ x"$PEER_DNS" != x ] && [ x"$PEER_DNS" != xyes ]; then -+ return 0 -+ fi -+ local conf= -+ if [ x"$new_domain_name_servers" != x ]; then -+ if [ "x$new_domain_search" != x ]; then -+ conf="${conf}search ${new_domain_search}\n" -+ elif [ "x$new_domain_name" != x ]; then - # Note that the DHCP 'Domain Name Option' is really just a domain - # name, and that this practice of using the domain name option as - # a search path is both nonstandard and deprecated. -- echo search $new_domain_name >> /etc/resolv.conf.dhclient -+ conf="${conf}search ${new_domain_name}\n" - fi - for nameserver in $new_domain_name_servers; do -- echo nameserver $nameserver >>/etc/resolv.conf.dhclient -+ conf="${conf}nameserver ${nameserver}\n" - done -- -- mv /etc/resolv.conf.dhclient /etc/resolv.conf - elif [ "x${new_dhcp6_name_servers}" != x ] ; then -- cat /dev/null > /etc/resolv.conf.dhclient6 -- chmod 644 /etc/resolv.conf.dhclient6 -- - if [ "x${new_dhcp6_domain_search}" != x ] ; then -- echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6 -+ conf="${conf}search ${new_dhcp6_domain_search}\n" - fi - for nameserver in ${new_dhcp6_name_servers} ; do - # If the nameserver has a link-local address - # add a (interface name) to it. - case $nameserver in - fe80:*) zone_id="%$interface";; - FE80:*) zone_id="%$interface";; - *) zone_id='';; - esac -- echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6 -+ conf="${conf}nameserver ${nameserver}$zone_id\n" - done -+ fi - -- mv /etc/resolv.conf.dhclient6 /etc/resolv.conf -+ if [ x"$conf" != x ]; then -+ conf="# Generated by dhclient or interface $interface\n${conf}" -+ if type resolvconf >/dev/null 2>&1; then -+ printf "${conf}" | resolvconf -a $interface -+ else -+ printf "${conf}" > /etc/resolv.conf -+ chmod 644 /etc/resolv.conf -+ fi - fi - } - ---- a/client/scripts/openbsd -+++ b/client/scripts/openbsd -@@ -1,40 +1,46 @@ - #!/bin/sh - - make_resolv_conf() { -- if [ x"$new_domain_name_servers" != x ]; then -- cat /dev/null > /etc/resolv.conf.dhclient -- if [ x"$new_domain_search" != x ]; then -- echo search $new_domain_search >> /etc/resolv.conf.dhclient -- elif [ x"$new_domain_name" != x ]; then -+ if [ x"$PEER_DNS" != x ] && [ x"$PEER_DNS" != xyes ]; then -+ return 0 -+ fi -+ local conf= -+ if [ x"$new_domain_name_servers" != x ]; then -+ if [ "x$new_domain_search" != x ]; then -+ conf="${conf}search ${new_domain_search}\n" -+ elif [ "x$new_domain_name" != x ]; then - # Note that the DHCP 'Domain Name Option' is really just a domain - # name, and that this practice of using the domain name option as - # a search path is both nonstandard and deprecated. -- echo search $new_domain_name >> /etc/resolv.conf.dhclient -+ conf="${conf}search ${new_domain_name}\n" - fi - for nameserver in $new_domain_name_servers; do -- echo nameserver $nameserver >>/etc/resolv.conf.dhclient -+ conf="${conf}nameserver ${nameserver}\n" - done -- -- mv /etc/resolv.conf.dhclient /etc/resolv.conf - elif [ "x${new_dhcp6_name_servers}" != x ] ; then -- cat /dev/null > /etc/resolv.conf.dhclient6 -- chmod 644 /etc/resolv.conf.dhclient6 -- - if [ "x${new_dhcp6_domain_search}" != x ] ; then -- echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6 -+ conf="${conf}search ${new_dhcp6_domain_search}\n" - fi - for nameserver in ${new_dhcp6_name_servers} ; do - # If the nameserver has a link-local address - # add a (interface name) to it. - case $nameserver in - fe80:*) zone_id="%$interface";; - FE80:*) zone_id="%$interface";; - *) zone_id='';; - esac -- echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6 -+ conf="${conf}nameserver ${nameserver}$zone_id\n" - done -+ fi - -- mv /etc/resolv.conf.dhclient6 /etc/resolv.conf -+ if [ x"$conf" != x ]; then -+ conf="# Generated by dhclient or interface $interface\n${conf}" -+ if type resolvconf >/dev/null 2>&1; then -+ printf "${conf}" | resolvconf -a $interface -+ else -+ printf "${conf}" > /etc/resolv.conf -+ chmod 644 /etc/resolv.conf -+ fi - fi - } - ---- a/client/scripts/solaris -+++ b/client/scripts/solaris -@@ -1,21 +1,39 @@ - #!/bin/sh - - make_resolv_conf() { -+ if [ x"$PEER_DNS" != x ] && [ x"$PEER_DNS" != xyes ]; then -+ return 0 -+ fi -+ local conf= - if [ x"$new_domain_name_servers" != x ]; then -- cat /dev/null > /etc/resolv.conf.dhclient -- if [ x"$new_domain_search" != x ]; then -- echo search $new_domain_search >> /etc/resolv.conf.dhclient -- elif [ x"$new_domain_name" != x ]; then -+ if [ "x$new_domain_search" != x ]; then -+ conf="${conf}search ${new_domain_search}\n" -+ elif [ "x$new_domain_name" != x ]; then - # Note that the DHCP 'Domain Name Option' is really just a domain - # name, and that this practice of using the domain name option as - # a search path is both nonstandard and deprecated. -- echo search $new_domain_name >> /etc/resolv.conf.dhclient -+ conf="${conf}search ${new_domain_name}\n" - fi - for nameserver in $new_domain_name_servers; do -- echo nameserver $nameserver >>/etc/resolv.conf.dhclient -+ conf="${conf}nameserver ${nameserver}\n" -+ done -+ elif [ "x${new_dhcp6_name_servers}" != x ] ; then -+ if [ "x${new_dhcp6_domain_search}" != x ] ; then -+ conf="${conf}search ${new_dhcp6_domain_search}\n" -+ fi -+ for nameserver in ${new_dhcp6_name_servers} ; do -+ conf="${conf}nameserver ${nameserver}\n" - done -+ fi - -- mv /etc/resolv.conf.dhclient /etc/resolv.conf -+ if [ x"$conf" != x ]; then -+ conf="# Generated by dhclient or interface $interface\n${conf}" -+ if type resolvconf >/dev/null 2>&1; then -+ printf "${conf}" | resolvconf -a $interface -+ else -+ printf "${conf}" > /etc/resolv.conf -+ chmod 644 /etc/resolv.conf -+ fi - fi - } - diff --git a/net-misc/dhcp/files/dhcp-4.3.3-bind-disable.patch b/net-misc/dhcp/files/dhcp-4.3.3-bind-disable.patch deleted file mode 100644 index 1064bbf8e469..000000000000 --- a/net-misc/dhcp/files/dhcp-4.3.3-bind-disable.patch +++ /dev/null @@ -1,30 +0,0 @@ ---- dhcp-4.3.3/bind/Makefile.in -+++ dhcp-4.3.3/bind/Makefile.in -@@ -40,6 +40,7 @@ - @BIND_ATF_TRUE@all: bind1 atf bind2 - - bind1: -+disable: - # Extract the source from the tarball, if it hasn't been already. - @if test -d ${bindsrcdir} ; then \ - echo ${bindsrcdir} already unpacked... ; \ -@@ -68,6 +69,7 @@ - fi - - atf: -+disable: - # Build and copy the ATF support if not yet installed. - @if test -d ./atf ; then \ - echo ATF support already installed ; \ -@@ -79,6 +81,7 @@ - fi - - bind2: -+disable: - # Build and install the export libraries - # No need to do anything if we already have something installed. - @if test -d ${binddir}/lib ; then \ ---- dhcp-4.3.3/bind/test -+++ dhcp-4.3.3/bind/test -@@ -0,0 +1 @@ -+--disable-kqueue --disable-epoll --disable-devpoll --without-openssl --without-libxml2 --enable-exportlib --with-gssapi=no --enable-threads=no @BINDCONFIG@ --with-export-includedir=${binddir}/include --with-export-libdir=${binddir}/lib -- cgit v1.2.3-65-gdbad