diff options
| author |   Robert Buchholz <rbu@gentoo.org> | 2009-07-14 22:22:55 +0000 |
|---|---|---|
| committer | Robert Buchholz <rbu@gentoo.org> | 2009-07-14 22:22:55 +0000 |
| commit | c9a1877855940933ff0421a8ef57ebb2630328c3 (patch) | |
| tree | ef01d6af52d64351c80153aee033a5abe19651fa /net-misc/dhcp | |
| parent | Fix manifest for 2.6.29-r6 (diff) | |
| download | historical-c9a1877855940933ff0421a8ef57ebb2630328c3.tar.gz historical-c9a1877855940933ff0421a8ef57ebb2630328c3.tar.bz2 historical-c9a1877855940933ff0421a8ef57ebb2630328c3.zip | |
Add new upstream version with the official fix for CVE-2009-0692, fix DoS issue in dhcpd (CVE-2009-1892), bug #275231.
Package-Manager: portage-2.1.6.13/cvs/Linux x86_64
Diffstat (limited to 'net-misc/dhcp')
| -rw-r--r-- | net-misc/dhcp/ChangeLog | 9 | ||||
| -rw-r--r-- | net-misc/dhcp/Manifest | 15 | ||||
| -rw-r--r-- | net-misc/dhcp/dhcp-3.1.2_p1.ebuild | 243 | ||||
| -rw-r--r-- | net-misc/dhcp/files/dhcp-3.1.2_p1-CVE-2009-1892.patch | 12 |
4 files changed, 267 insertions, 12 deletions
diff --git a/net-misc/dhcp/ChangeLog b/net-misc/dhcp/ChangeLog index 027da3d4ee57..584d6201c743 100644 --- a/net-misc/dhcp/ChangeLog +++ b/net-misc/dhcp/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-misc/dhcp # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/dhcp/ChangeLog,v 1.156 2009/07/14 17:35:54 chainsaw Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/dhcp/ChangeLog,v 1.157 2009/07/14 22:22:55 rbu Exp $ + +*dhcp-3.1.2_p1 (14 Jul 2009) + + 14 Jul 2009; Robert Buchholz <rbu@gentoo.org> + +files/dhcp-3.1.2_p1-CVE-2009-1892.patch, +dhcp-3.1.2_p1.ebuild: + Add new upstream version with the official fix for CVE-2009-0692, fix + DoS issue in dhcpd (CVE-2009-1892), bug #275231. *dhcp-3.1.1-r1 (14 Jul 2009) diff --git a/net-misc/dhcp/Manifest b/net-misc/dhcp/Manifest index a46c8a394a6a..58b4b4739cc3 100644 --- a/net-misc/dhcp/Manifest +++ b/net-misc/dhcp/Manifest @@ -1,6 +1,3 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - AUX dhcp-3.0-ddns-example.patch 401 RMD160 0188ae91fb58fc6f8c0d1b5bcbed58582dfed099 SHA1 c9e0f4c9ccbf1ff89076ff1bec37fb6d1276b7f0 SHA256 cf136ce92ea8f3337b9ded9c6f4f019db9782a68c63a3e8b712d26a04c2c9584 AUX dhcp-3.0-fix-perms.patch 485 RMD160 3857270dffed5feee95609aeb37d0c9ef8844945 SHA1 1217265a8a7f1416b781e9f79e8dfb8304268e6c SHA256 a805a60b36e148886887aebb797e80f642386b3e55ef4a0b5132f96a2877e018 AUX dhcp-3.0-paranoia.patch 5366 RMD160 7c64e3dac5b07ff3859fcaa7a8b0e52a0c50446c SHA1 a30103c138e480766f84644fffb1d0897709c27d SHA256 a8db9eb98397a9c1b3a0de07fc107c39dc4f6a4a331d404fc6fcc4a8dbc7aeae @@ -21,6 +18,7 @@ AUX dhcp-3.0.4-dhclient-stdin-conf.patch 2176 RMD160 fae08899f6b57da3ec7ab0068e2 AUX dhcp-3.0.5-bpf-nofallback.patch 1473 RMD160 1a5ece77cb481416935b0d2eea53e85dc4c4ee93 SHA1 d4cad638075a98606e07c633551c8a1d2f78f2e7 SHA256 b215c5ff4a282b475f28168250c05bbbc85e7c37e7af92616571d499b8c14da6 AUX dhcp-3.1.0a1-dhclient-resolvconf.patch 10316 RMD160 183bedd1660bf5a5f9dc7d002199e76aec12341c SHA1 1e0332ea31cfdbe92f3053405587f08117de8f8b SHA256 112b2ed44aab92592eb3810c61ada7f30d9d01fe43b647667326972a37b412a1 AUX dhcp-3.1.1-CVE-2009-0692.patch 494 RMD160 42d3490a34b9559a9c0f335c2a3b8c8a2105d55f SHA1 e1c6da730672194b1771f0729c7d9f08073dfa6e SHA256 df77ad202d11e21355ed92bf015286fcd2f28ae21302283ab570ea4d9b9632af +AUX dhcp-3.1.2_p1-CVE-2009-1892.patch 427 RMD160 fe7daa6834faa0f6078ef125525f6a2db0c05f37 SHA1 eb6dcedecef536f743e97e7d0b5eea0a08f5e55a SHA256 55bb136138b76d6fa9c9165b348fb2c6975b935b3bba72ea551fc8bcae4fcc9b AUX dhcp-4.0-dhclient-metric.patch 8100 RMD160 cd599d5523be30809024b8e0f81cd84e4d932317 SHA1 ba9ff19cc5274b0e3e8408eba4725e0546413954 SHA256 a1c5589ac1c57ba7fe66336646f4286ebd7112f05abf5ae59b69ff26e7409afc AUX dhcp-4.0-dhclient-ntp.patch 7966 RMD160 d6dd1c3363f06712a82231eae1eb559f5a45bbb5 SHA1 3c1b373c6649c1ccb44f205fbee116c134514f4e SHA256 e93bda7f2baae9163f96ab0408bfbe885caa96a8698f9e566b8a9dc04de9359b AUX dhcp-4.0-dhclient-resolvconf.patch 14516 RMD160 0a53cbb795c4d4989f5632b6314b69be5bd94611 SHA1 e1db8ecca4de1c45fcec7e93fb13d186931d74f6 SHA256 1cdbb9ed297426b2d44063ffb8642c9c5cdf54dc2f9c3c8f59100f4ab2c40986 @@ -39,19 +37,14 @@ AUX dhcrelay.conf 421 RMD160 456edbc9bcc8d3a44db5bb6dbf0c3003c3e7419c SHA1 78ecd AUX dhcrelay.init 736 RMD160 04566b87bd6dbb8bb754b26409ca30b878ef3ca3 SHA1 72742b308314b2e1476b27e94212fbf4d179adc4 SHA256 cfdaff3a723be3935d06c14e171d4008f2ad3329bd05ac2e49c19bc0e14bc59c DIST dhcp-3.1.1.tar.gz 798228 RMD160 08ed15d26ca64928e1d3b07c631cbbfa9a3dc8cb SHA1 3f7e013cb62aed0f3af45bdd97424d8b63e9c280 SHA256 129024c7545e3e8d37e75cd5d534b50c53955592c4935189a57916e216355f6d DIST dhcp-3.1.2.tar.gz 799626 RMD160 026ac48b176ec273397fafa8a834a21fd6331681 SHA1 a60cccec2402a35025ddaafc8ac896595188560e SHA256 80daba1e4ac220a0945778aa3c1c9eb7860c4426645660bebb8ed35a3231a2fb +DIST dhcp-3.1.2p1.tar.gz 792355 RMD160 53434f8404c69e8e113cad030ec975cf13b467cc SHA1 730214fa6e70d187f1492aa3d4f1c2868ffcc8de SHA256 e0cb405e0fef0ecebec7aaed294032a06178ff28be87498596e6069ccda4341e DIST dhcp-4.0.1.tar.gz 1050570 RMD160 a9764a76d105778362fe4b58e77783331ee3448a SHA1 7d813740ab4a64e474f1c01b1395617987532ed1 SHA256 965d09a7759250eff7d6d06d37425ea085c14edb5b405f8357ef5ec72ded28ef DIST dhcp-4.1.0.tar.gz 1086815 RMD160 bf96fa9d135a65b4d9b27f8caf4f3744f0636c80 SHA1 46e161892140a3b60cd56e62b442f48f51bc605f SHA256 688741e970410efdb177513550f8cd1ee52032eb109313ab316a852f40310914 EBUILD dhcp-3.1.1-r1.ebuild 7585 RMD160 1716a17f3666c46d4f1ec3a6e8ccd417c720e592 SHA1 4a8410bf4962ad6cbb44d2cdb33f5662046640b2 SHA256 9ae786ffce4d66b4e9ec91478f983078b77a7b2237fa99ab91b8d1a32f8d6bad EBUILD dhcp-3.1.1.ebuild 7431 RMD160 34ec0d733c3d424877748970a92c9f38fbd18730 SHA1 39a0cb8773100a2b436007a6196d65bb4519b29a SHA256 d040e4ee5f081bd585d17fb62136ab3d4aaa95b0044672eafe3364ae26b2fe32 EBUILD dhcp-3.1.2.ebuild 7474 RMD160 78d2bdccab808591b1c0ba6adc5d788dc71b95dc SHA1 4777e8b4da41bb19a0b7581190804cce9dae4b6c SHA256 5605c8e752bd1b4d338d3cba623f648ec672b25e99f75fd3f1d3ece397a13bbc +EBUILD dhcp-3.1.2_p1.ebuild 7615 RMD160 6670e86bf6af22faaac5e609bac11090b578844c SHA1 0e629520c441a0dbe2aff19f889ea0755e3e5536 SHA256 5ab4eabcab8351b31d68f98c74bb2b3221fb4dc4d383c3027df30bfa149e0c3e EBUILD dhcp-4.0.1.ebuild 6748 RMD160 65a827140787fd302acb9970930d14576a0b5ba6 SHA1 27fcb9e7a64f1d5f7b4a96f6d2c8f3aa5f0b1679 SHA256 43d87d271aeaaf23095e601359d49eb9253c91b07376d7720b5d03e1530ffe6c EBUILD dhcp-4.1.0.ebuild 6707 RMD160 e8d9c13d570cdce1b3f57c595be6de5fffd5659b SHA1 c6c03fd3d3555524ffa8d7b8a1dee0c65f62fbc2 SHA256 5ee24d452738644c0213970e9d2ba1cb8ccb946de41f2e2627481acd99f58828 -MISC ChangeLog 26965 RMD160 2ebdc315065ae1a23edd8d7aa29c19bc43a658fa SHA1 afb63808cb26d3ef7783b2858ccf8d76a347eca6 SHA256 3b09cbfc2f91b75e2912d8aef360aff4ebc25195006f92000f6a0d5ae397a1c4 +MISC ChangeLog 27229 RMD160 743f0a07039bf2e66a74bcef5781d09c40572f44 SHA1 8b5d4e3ab8672177cecf17916c75be6ea7d3f24b SHA256 0bb7d7859f3e03aaeecfb4d0e5de1268042441d7ccf7694123ccdc3e5c5f949c MISC metadata.xml 358 RMD160 97ecd4b6ee0a24352a71a66d5ad4fd82481156b4 SHA1 d80da2cf7c6892cdad6b681fda29e46472d68871 SHA256 8665f24cdfcc09576b595f8bd257333ff5f9ea7ee0ca2925ba6fb74d90e12415 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.11 (GNU/Linux) - -iEYEARECAAYFAkpcwfoACgkQp5vW4rUFj5oEfgCgsJwAd40nNx43YqpMTHVFzMby -MhgAoLOpU+KGFM4OPZUOqIMCRc24Ynso -=/nsc ------END PGP SIGNATURE----- diff --git a/net-misc/dhcp/dhcp-3.1.2_p1.ebuild b/net-misc/dhcp/dhcp-3.1.2_p1.ebuild new file mode 100644 index 000000000000..992bc0cc7972 --- /dev/null +++ b/net-misc/dhcp/dhcp-3.1.2_p1.ebuild @@ -0,0 +1,243 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/dhcp/dhcp-3.1.2_p1.ebuild,v 1.1 2009/07/14 22:22:55 rbu Exp $ + +inherit eutils flag-o-matic multilib toolchain-funcs + +MY_PV="${PV//_alpha/a}" +MY_PV="${MY_PV//_beta/b}" +MY_PV="${MY_PV//_rc/rc}" +MY_PV="${MY_PV//_p/p}" +MY_P="${PN}-${MY_PV}" +DESCRIPTION="ISC Dynamic Host Configuration Protocol" +HOMEPAGE="http://www.isc.org/products/DHCP" +SRC_URI="ftp://ftp.isc.org/isc/dhcp/${MY_P}.tar.gz" + +LICENSE="isc-dhcp" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" +IUSE="doc minimal static selinux kernel_linux" + +DEPEND="selinux? ( sec-policy/selinux-dhcp ) + kernel_linux? ( sys-apps/net-tools )" + +PROVIDE="virtual/dhcpc" + +S="${WORKDIR}/${MY_P}" + +src_unpack() { + unpack ${A} + cd "${S}" + + # Gentoo patches - these will probably never be accepted upstream + # Enable chroot support + epatch "${FILESDIR}/${PN}"-3.0-paranoia.patch + # Fix some permission issues + epatch "${FILESDIR}/${PN}"-3.0-fix-perms.patch + # Enable dhclient to equery NTP servers + epatch "${FILESDIR}/${PN}"-3.0.3-dhclient-ntp.patch + # resolvconf support in dhclient-script + epatch "${FILESDIR}/${PN}"-3.1.0a1-dhclient-resolvconf.patch + # Fix setting hostnames on Linux + epatch "${FILESDIR}/${PN}"-3.0.3-dhclient-hostname.patch + # Allow mtu settings + epatch "${FILESDIR}/${PN}"-3.0.3-dhclient-mtu.patch + # Allow dhclient to use IF_METRIC to set route metrics + epatch "${FILESDIR}/${PN}"-3.0.3-dhclient-metric.patch + # Stop downing the interface on Linux as that breaks link dameons + # such as wpa_supplicant and netplug + epatch "${FILESDIR}/${PN}"-3.0.3-dhclient-no-down.patch + # Quiet the isc blurb + epatch "${FILESDIR}/${PN}"-3.0.3-no_isc_blurb.patch + # Enable dhclient to get extra configuration from stdin + epatch "${FILESDIR}/${PN}"-3.0.4-dhclient-stdin-conf.patch + # Disable fallback interfaces when using BPF + # This allows more than one dhclient instance on the BSD's + epatch "${FILESDIR}/${PN}"-3.0.5-bpf-nofallback.patch + + # General fixes which will probably be accepted upstream eventually + # Install libdst, #75544 + epatch "${FILESDIR}/${PN}"-3.0.3-libdst.patch + # Fix building on Gentoo/FreeBSD + epatch "${FILESDIR}/${PN}"-3.0.2-gmake.patch + + # NetworkManager support patches + # If they fail to apply to future versions they will be dropped + # Add dbus support to dhclient + epatch "${FILESDIR}/${PN}"-3.0.3-dhclient-dbus.patch + + # Denial of service through mixed identifier/ethernet host definitions + epatch "${FILESDIR}/${P}"-CVE-2009-1892.patch + + # Brand the version with Gentoo + # include revision if >0 + local newver="${MY_PV}-Gentoo" + [[ ${PR} != "r0" ]] && newver="${newver}-${PR}" + sed -i '/^#define DHCP_VERSION[ \t]\+/ s/'"${MY_PV}/${newver}/g" \ + includes/version.h || die + + # Change the hook script locations of the scripts + sed -i -e 's,/etc/dhclient-exit-hooks,/etc/dhcp/dhclient-exit-hooks,g' \ + -e 's,/etc/dhclient-enter-hooks,/etc/dhcp/dhclient-enter-hooks,g' \ + client/scripts/* || die + + # No need for the linux script to force bash, #158540. + sed -i -e 's,#!/bin/bash,#!/bin/sh,' client/scripts/linux || die + + # Quiet the freebsd logger a little + sed -i -e '/LOGGER=/ s/-s -p user.notice //g' client/scripts/freebsd || die + + # Remove these options from the sample config + sed -i -e "/\(script\|host-name\|domain-name\) / d" \ + client/dhclient.conf || die + + # Build sed man pages as we don't ever support BSD 4.4 and older, #130251. + local x= + for x in Makefile.dist $(ls */Makefile.dist) ; do + sed -i -e 's/$(CATMANPAGES)/$(SEDMANPAGES)/g' "${x}" || die + done + + # Only install different man pages if we don't have en + if [[ " ${LINGUAS} " != *" en "* ]]; then + # Install Japanese man pages + if [[ " ${LINGUAS} " == *" ja "* && -d doc/ja_JP.eucJP ]]; then + einfo "Installing Japanese documention" + cp doc/ja_JP.eucJP/dhclient* client + cp doc/ja_JP.eucJP/dhcp* common + fi + fi + + # Now remove the non-english docs so there are no errors later + [[ -d doc/ja_JP.eucJP ]] && rm -rf doc/ja_JP.eucJP +} + +src_compile() { + use static && append-ldflags -static + + cat <<-END >> includes/site.h + #define _PATH_DHCPD_CONF "/etc/dhcp/dhcpd.conf" + #define _PATH_DHCPD_PID "/var/run/dhcp/dhcpd.pid" + #define _PATH_DHCPD_DB "/var/lib/dhcp/dhcpd.leases" + #define _PATH_DHCLIENT_CONF "/etc/dhcp/dhclient.conf" + #define _PATH_DHCLIENT_DB "/var/lib/dhcp/dhclient.leases" + #define _PATH_DHCLIENT_PID "/var/run/dhcp/dhclient.pid" + #define DHCPD_LOG_FACILITY LOG_LOCAL1 + END + + cat <<-END > site.conf + CC = $(tc-getCC) + LFLAGS = ${LDFLAGS} + LIBDIR = /usr/$(get_libdir) + INCDIR = /usr/include + ETC = /etc/dhcp + VARDB = /var/lib/dhcp + VARRUN = /var/run/dhcp + ADMMANDIR = /usr/share/man/man8 + ADMMANEXT = .8 + FFMANDIR = /usr/share/man/man5 + FFMANEXT = .5 + LIBMANDIR = /usr/share/man/man3 + LIBMANEXT = .3 + USRMANDIR = /usr/share/man/man1 + USRMANEXT = .1 + MANCAT = man + END + + ./configure --copts "-DPARANOIA -DEARLY_CHROOT ${CFLAGS}" \ + || die "configure failed" + + # Remove server support from the Makefile + # We still install some extra crud though + if use minimal ; then + sed -i -e 's/\(server\|relay\|dhcpctl\)/ /g' work.*/Makefile || die + fi + emake || die "compile problem" +} + +src_install() { + make install DESTDIR="${D}" || die + use doc && dodoc README RELNOTES doc/* + + insinto /etc/dhcp + newins client/dhclient.conf dhclient.conf.sample + keepdir /var/{lib,run}/dhcp + keepdir /var/lib/dhclient + + # Install our server files + if ! use minimal ; then + insinto /etc/dhcp + newins server/dhcpd.conf dhcpd.conf.sample + newinitd "${FILESDIR}"/dhcpd.init2 dhcpd + newinitd "${FILESDIR}"/dhcrelay.init dhcrelay + newconfd "${FILESDIR}"/dhcpd.conf dhcpd + newconfd "${FILESDIR}"/dhcrelay.conf dhcrelay + + # We never want portage to own this file + rm -f "${D}"/var/lib/dhcp/dhcpd.leases + fi +} + +pkg_preinst() { + if ! use minimal ; then + enewgroup dhcp + enewuser dhcp -1 -1 /var/lib/dhcp dhcp + fi +} + +pkg_postinst() { + use minimal && return + + chown -R dhcp:dhcp "${ROOT}"/var/{lib,run}/dhcp + + if [[ -e "${ROOT}"/etc/init.d/dhcp ]] ; then + ewarn + ewarn "WARNING: The dhcp init script has been renamed to dhcpd" + ewarn "/etc/init.d/dhcp and /etc/conf.d/dhcp need to be removed and" + ewarn "and dhcp should be removed from the default runlevel" + ewarn + fi + + einfo "You can edit /etc/conf.d/dhcpd to customize dhcp settings." + einfo + einfo "If you would like to run dhcpd in a chroot, simply configure the" + einfo "DHCPD_CHROOT directory in /etc/conf.d/dhcpd and then run:" + einfo " emerge --config =${PF}" +} + +pkg_config() { + if use minimal ; then + eerror "${PN} has not been compiled for server support" + eerror "emerge ${PN} without the minimal USE flag to use dhcp sever" + return 1 + fi + + local CHROOT="$( + sed -n -e 's/^[[:blank:]]\?DHCPD_CHROOT="*\([^#"]\+\)"*/\1/p' \ + "${ROOT}"/etc/conf.d/dhcpd + )" + + if [[ -z ${CHROOT} ]]; then + eerror "CHROOT not defined in /etc/conf.d/dhcpd" + return 1 + fi + + CHROOT="${ROOT}/${CHROOT}" + + if [[ -d ${CHROOT} ]] ; then + ewarn "${CHROOT} already exists - aborting" + return 0 + fi + + ebegin "Setting up the chroot directory" + mkdir -m 0755 -p "${CHROOT}/"{dev,etc,var/lib,var/run/dhcp} + cp /etc/{localtime,resolv.conf} "${CHROOT}"/etc + cp -R /etc/dhcp "${CHROOT}"/etc + cp -R /var/lib/dhcp "${CHROOT}"/var/lib + ln -s ../../var/lib/dhcp "${CHROOT}"/etc/dhcp/lib + chown -R dhcp:dhcp "${CHROOT}"/var/{lib,run}/dhcp + eend 0 + + local logger="$(best_version virtual/logger)" + einfo "To enable logging from the dhcpd server, configure your" + einfo "logger (${logger}) to listen on ${CHROOT}/dev/log" +} diff --git a/net-misc/dhcp/files/dhcp-3.1.2_p1-CVE-2009-1892.patch b/net-misc/dhcp/files/dhcp-3.1.2_p1-CVE-2009-1892.patch new file mode 100644 index 000000000000..ae1b92af8a7d --- /dev/null +++ b/net-misc/dhcp/files/dhcp-3.1.2_p1-CVE-2009-1892.patch @@ -0,0 +1,12 @@ +diff -uNr dhcp-3.1.2.ORIG/server/dhcp.c dhcp-3.1.2/server/dhcp.c +--- dhcp-3.1.2.ORIG/server/dhcp.c 2009-07-13 14:26:15.000000000 +0100 ++++ dhcp-3.1.2/server/dhcp.c 2009-07-13 14:26:33.000000000 +0100 +@@ -1747,6 +1747,8 @@ + host_reference (&host, h, MDL); + } + if (!host) { ++ if (hp) ++ host_dereference (&hp, MDL); + find_hosts_by_haddr (&hp, + packet -> raw -> htype, + packet -> raw -> chaddr, |