diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2019-08-02 19:14:55 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2019-08-02 19:14:55 +0100 |
commit | b24bd25253fe093f722ab576d29fdc41d04cb1ee (patch) | |
tree | 0fcf2afd9f852c4d4c291cf8afaa2c244d598105 /net-misc/dhcpcd | |
parent | 121ed4eec41fbf03e1998d09eede1bf449da63b9 (diff) |
gentoo resync : 02.08.2019
Diffstat (limited to 'net-misc/dhcpcd')
-rw-r--r-- | net-misc/dhcpcd/Manifest | 13 | ||||
-rw-r--r-- | net-misc/dhcpcd/dhcpcd-7.1.1-r3.ebuild | 154 | ||||
-rw-r--r-- | net-misc/dhcpcd/dhcpcd-7.2.3.ebuild | 2 | ||||
-rw-r--r-- | net-misc/dhcpcd/dhcpcd-8.0.2.ebuild (renamed from net-misc/dhcpcd/dhcpcd-7.2.2.ebuild) | 30 | ||||
-rw-r--r-- | net-misc/dhcpcd/dhcpcd-9999.ebuild | 2 | ||||
-rw-r--r-- | net-misc/dhcpcd/files/dhcpcd-7.1.1-disable_inet6_fix.patch | 24 | ||||
-rw-r--r-- | net-misc/dhcpcd/files/dhcpcd-7.1.1-overflows.patch | 213 | ||||
-rw-r--r-- | net-misc/dhcpcd/files/dhcpcd-7.1.1-v6_read_overflow.patch | 120 |
8 files changed, 19 insertions, 539 deletions
diff --git a/net-misc/dhcpcd/Manifest b/net-misc/dhcpcd/Manifest index bc68dcdae283..a3708d2efc93 100644 --- a/net-misc/dhcpcd/Manifest +++ b/net-misc/dhcpcd/Manifest @@ -1,13 +1,8 @@ -AUX dhcpcd-7.1.1-disable_inet6_fix.patch 609 BLAKE2B f69a5465f8750cba0a57b151b70c178e11576d4645d6fdc6c3f943cd2c98131af0742c48505624fb24d9a940dd523f98cb66bae51e38820c49aa9fdc6084bbfc SHA512 66fcf76affa35f2174e7bc0dd9964a67fde07144aedea30dfcd4f7280b841db344872da56a10d7d2474542c840e75d5323f994989bb96b803076e7e3d37d228d -AUX dhcpcd-7.1.1-overflows.patch 5390 BLAKE2B 4c06a34b2cc5c1753b643987818a1e5d8b2deedacf90e80d9822a03bcf67d25d9f25adcdf6342792073811a428786789edc2b11c97f03df8fd48b697581b4b90 SHA512 2ea96d9faf1abd35345cf10c84f772a2fc56da33e0f0df93346536b1487d840c1d692a7c5118ebb504c30c8ffc0ac9c7792da0287e31584c10f0e9d11c5ffb1a -AUX dhcpcd-7.1.1-v6_read_overflow.patch 3359 BLAKE2B 665506fa9c9839b66e86af39ffe22446e967e2de746f4e6c5f6157d5be7bf40d1467808205569b2dea293852ff32bf3cbdacbd89f72ef9699abf2f163671fac7 SHA512 153423dc621867f75cec01657e07a16c161f981f6e24aff2be95828c0c6a725804708e69afe083276156fea1dab6d8124cd6ea1e29952698da58f7f0dc07b5d2 AUX dhcpcd.initd 328 BLAKE2B 72ef6bb16e4f80b440890112cd399eca1057ae42ddc96ee1a29482a048682dd34e065bb68876329ecfe2f1db4c084e320f4185b3029b89c2328d6ab27a1a7e80 SHA512 6d3220155f2d9ed3e3a00afd378eeb70d435e19804201f8bb35498f1f7f3dfdaeaa2f4a01a18f5e96b457d9c173bc6a206b3e67ebf6d95da7e7b350dcd153fde AUX dhcpcd.service 227 BLAKE2B e24aa85c15d0211856b02508b681f7e3c1f8b8b1743f31ced9600c2c33da04b61f2166cad7696776ae81ce1be5701cae2691f6dfd86aaf8679f20e459e87c7e5 SHA512 4a030dc291fa7deba9c1f33d61dafdda710247ef7f3743c28e46b767a190e359e468433147bda23c82fae9c93ec31cd68905bfdb51cb8c2d9176ea789b31b14e -DIST dhcpcd-7.1.1.tar.xz 211788 BLAKE2B 984ec97ffdcb15883f57f9e2a699a7c8f006b2630e7651ab9d55e7a980045f8891f09d9f7be420969203a59671d097a1ed76621fe4a62ff26a5020fc8becfe69 SHA512 8791e718d65ef8ae23a16b98e82824860fa91914e6eb0a42cdbbca28236c1c38005ada44214bde33aac57152fe675debebdb5d141b67dcfc82012996d8337bb4 -DIST dhcpcd-7.2.2.tar.xz 213600 BLAKE2B ae36cc44d32c034b41f9c970fdb154ef2935b53ae9a81d76dfe8143882170cb8f4ea9c2048ebbfc2d94096061626e93d5890565192115d2953506a7d1e4ee6f2 SHA512 a774c4788efbb9712be04d3f29943b801043f9ec1ea1925282330afa00b9f3db5c29a85969ef004bf85b20045b4cc6ab241ceaae050a18051079d396845845e8 DIST dhcpcd-7.2.3.tar.xz 213552 BLAKE2B 5f89e11424b85702b05da6207ec346480c029de1416cc8892471de428ca0a4395a8915700e2237bfa2b133648973bc2a7c7d15aa2d0ba492f96fbf3908d7f613 SHA512 271cca422fad10eaf842acfd5b590c0ad537f5f23ee919a3928d8ad98463ab03bde21c0bc08741ea9618ee31095160a7c00066155eae2c74b17c49af65ba566f -EBUILD dhcpcd-7.1.1-r3.ebuild 4641 BLAKE2B 4bf2bc06ab5ad509960e4730a91ac6cedebb2109ffb285cdc3381e3fcdec239e63d1ec26bb5037fbcb745e7532bfbb57673627a0165d197315da97326e8c63d0 SHA512 06fdb570c0f55e13091f6b12b014304b4e9036fb81194944fe7f53fd4809aa6376fa77e0e6d6cdec77d3649336a18363aa13ba4e921247ce20aa5ac37c688c95 -EBUILD dhcpcd-7.2.2.ebuild 4493 BLAKE2B c327b61bba6c17aa24689b793f929e588d079bcf6385aed24614ac39864f28119841efa86631802589a4f8f66abb9f29f6970cd1904bfefa41c9bf94ae73ed8d SHA512 0d7ce59d11435e7703a12ec2de957a532d2ccb8ef8e579ceb57af6615c37537bb47b7fb393c34a1cf2f174d5119036e9f1706dab331cc35ada64af3f79bb8ac5 -EBUILD dhcpcd-7.2.3.ebuild 4414 BLAKE2B 62980ec1533101bf751b0d0b32a1280609f641e56f24ad0707739b4d29d52f25e9b9ac2d74d48466cad85b3b97b6c0b073245812159792f4d72cd25ddda9491e SHA512 09cad2c66e2d9250fa6163a12e4412303fea585b11ca6f41634f348b61b9ee085bb87ce30da483409d4d36f90417a2a3eb91d9e381cc19ba799988638e06b95f -EBUILD dhcpcd-9999.ebuild 4414 BLAKE2B 62980ec1533101bf751b0d0b32a1280609f641e56f24ad0707739b4d29d52f25e9b9ac2d74d48466cad85b3b97b6c0b073245812159792f4d72cd25ddda9491e SHA512 09cad2c66e2d9250fa6163a12e4412303fea585b11ca6f41634f348b61b9ee085bb87ce30da483409d4d36f90417a2a3eb91d9e381cc19ba799988638e06b95f +DIST dhcpcd-8.0.2.tar.xz 222408 BLAKE2B fb27a33cd64c7aeedb28e05c885c860618d923ac857895b9fdc7daa608f433587bea1e6630fd9897426b371a45b8a336e1edaa804d76eda6e9fc2adc1411aed2 SHA512 a6e3aa66800adc8b209324bae02a6e373e2623735bf0695ffec4a7c972d65c3498f55e4da62f93df0bc6cddb4bee8ab667b3743b5b25cd5f4cc9da4d1f8e15c4 +EBUILD dhcpcd-7.2.3.ebuild 4407 BLAKE2B 6f5df954ec0be66be6a4f4c1b63a1dee87e78d5cab8de8cbe935bd0d2a82caf70c5dc8d513ddc69b6e317a3d44c2a527529420da71ecf1489a71cdc2f4384eb5 SHA512 aa591926ec797c71c9d28d91a64257eaee76e2fae6853925e0b0fdf9001fd6279bdae68bdd2727f500661b8142c96b3c66ab28b055fb8887c4b7d96162d42843 +EBUILD dhcpcd-8.0.2.ebuild 4420 BLAKE2B d1788540e773dc7708565dd2343989522004ad307e0ae24fad827f9ecc8ebf181d47bc34e16179f50a16ece7105761f9177cb4e310a586b0ed11a5343dc97b03 SHA512 207fb14d4e3c6089d1f4ac5816fd3635c2e38d74e0f1dd19d41aa482d5b399f90a8b352e77eec7153019168746d7f1c63499a741430a8df95f3734bf7cfd878b +EBUILD dhcpcd-9999.ebuild 4420 BLAKE2B d1788540e773dc7708565dd2343989522004ad307e0ae24fad827f9ecc8ebf181d47bc34e16179f50a16ece7105761f9177cb4e310a586b0ed11a5343dc97b03 SHA512 207fb14d4e3c6089d1f4ac5816fd3635c2e38d74e0f1dd19d41aa482d5b399f90a8b352e77eec7153019168746d7f1c63499a741430a8df95f3734bf7cfd878b MISC metadata.xml 569 BLAKE2B 0507986b52ed21277e159089c7f4736602917c44f0577d62e7501d728c348b49ecf3a2c92842c8e32a59402ad2c2e4e5c3fba510e227aca738a3d763b62689fe SHA512 9083c03d22c5753f54d9525ac954df8df0cceaed07c05c14367ea2b8598e7d7ab64711c810dc89a46be8d76cba6b9aa14fa389f0d686ed12792c0bfcbabc266a diff --git a/net-misc/dhcpcd/dhcpcd-7.1.1-r3.ebuild b/net-misc/dhcpcd/dhcpcd-7.1.1-r3.ebuild deleted file mode 100644 index 15d28a114040..000000000000 --- a/net-misc/dhcpcd/dhcpcd-7.1.1-r3.ebuild +++ /dev/null @@ -1,154 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit systemd toolchain-funcs - -if [[ ${PV} == "9999" ]]; then - inherit git-r3 - EGIT_REPO_URI="https://roy.marples.name/git/dhcpcd.git" -else - MY_P="${P/_alpha/-alpha}" - MY_P="${MY_P/_beta/-beta}" - MY_P="${MY_P/_rc/-rc}" - SRC_URI="https://roy.marples.name/downloads/${PN}/${MY_P}.tar.xz" - KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" - S="${WORKDIR}/${MY_P}" -fi - -DESCRIPTION="A fully featured, yet light weight RFC2131 compliant DHCP client" -HOMEPAGE="https://roy.marples.name/projects/dhcpcd" -LICENSE="BSD-2" -SLOT="0" -IUSE="elibc_glibc +embedded ipv6 kernel_linux +udev" - -COMMON_DEPEND="udev? ( virtual/udev )" -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" - -PATCHES=( - "${FILESDIR}"/${P}-disable_inet6_fix.patch #677508 - "${FILESDIR}"/${P}-overflows.patch #684430 - "${FILESDIR}"/${P}-v6_read_overflow.patch #685264 -) - -src_configure() { - local dev hooks=() rundir - use udev || dev="--without-dev --without-udev" - hooks=( --with-hook=ntp.conf ) - use elibc_glibc && hooks+=( --with-hook=yp.conf ) - use kernel_linux && rundir="--rundir=${EPREFIX}/run" - local myeconfargs=( - --prefix="${EPREFIX}" - --libexecdir="${EPREFIX}/lib/dhcpcd" - --dbdir="${EPREFIX}/var/lib/dhcpcd" - --localstatedir="${EPREFIX}/var" - ${rundir} - $(use_enable embedded) - $(use_enable ipv6) - ${dev} - CC="$(tc-getCC)" - ${hooks[@]} - ) - econf "${myeconfargs[@]}" -} - -src_install() { - default - keepdir /var/lib/dhcpcd - newinitd "${FILESDIR}"/${PN}.initd ${PN} - systemd_dounit "${FILESDIR}"/${PN}.service -} - -pkg_postinst() { - local dbdir="${EROOT%/}"/var/lib/dhcpcd old_files=() - - local old_old_duid="${EROOT%/}"/var/lib/dhcpcd/dhcpcd.duid - local old_duid="${EROOT%/}"/etc/dhcpcd.duid - local new_duid="${dbdir}"/duid - if [[ -e "${old_old_duid}" ]] ; then - # Upgrade the duid file to the new format if needed - if ! grep -q '..:..:..:..:..:..' "${old_old_duid}"; then - sed -i -e 's/\(..\)/\1:/g; s/:$//g' "${old_old_duid}" - fi - - # Move the duid to /etc, a more sensible location - if [[ ! -e "${old_duid}" ]] ; then - cp -p "${old_old_duid}" "${new_duid}" - fi - old_files+=( "${old_old_duid}" ) - fi - - # dhcpcd-7 moves the files out of /etc - if [[ -e "${old_duid}" ]] ; then - if [[ ! -e "${new_duid}" ]] ; then - cp -p "${old_duid}" "${new_duid}" - fi - old_files+=( "${old_duid}" ) - fi - local old_secret="${EROOT%/}"/etc/dhcpcd.secret - local new_secret="${dbdir}"/secret - if [[ -e "${old_secret}" ]] ; then - if [[ ! -e "${new_secret}" ]] ; then - cp -p "${old_secret}" "${new_secret}" - fi - old_files+=( "${old_secret}" ) - fi - - # dhcpcd-7 renames some files in /var/lib/dhcpcd - local old_rdm="${dbdir}"/dhcpcd-rdm.monotonic - local new_rdm="${dbdir}"/rdm_monotonic - if [[ -e "${old_rdm}" ]] ; then - if [[ ! -e "${new_rdm}" ]] ; then - cp -p "${old_rdm}" "${new_rdm}" - fi - old_files+=( "${old_rdm}" ) - fi - local lease= - for lease in "${dbdir}"/dhcpcd-*.lease*; do - [[ -f "${lease}" ]] || continue - old_files+=( "${lease}" ) - local new_lease=$(basename "${lease}" | sed -e "s/dhcpcd-//") - [[ -e "${dbdir}/${new_lease}" ]] && continue - cp "${lease}" "${dbdir}/${new_lease}" - done - - # Warn about removing stale files - if [[ -n "${old_files[@]}" ]] ; then - elog - elog "dhcpcd-7 has copied dhcpcd.duid and dhcpcd.secret from" - elog "${EROOT%/}/etc to ${dbdir}" - elog "and copied leases in ${dbdir} to new files with the dhcpcd-" - elog "prefix dropped." - elog - elog "You should remove these files if you don't plan on reverting" - elog "to an older version:" - local old_file= - for old_file in ${old_files[@]}; do - elog " ${old_file}" - done - fi - - if [ -z "${REPLACING_VERSIONS}" ]; then - elog - elog "dhcpcd has zeroconf support active by default." - elog "This means it will always obtain an IP address even if no" - elog "DHCP server can be contacted, which will break any existing" - elog "failover support you may have configured in your net configuration." - elog "This behaviour can be controlled with the noipv4ll configuration" - elog "file option or the -L command line switch." - elog "See the dhcpcd and dhcpcd.conf man pages for more details." - - elog - elog "Dhcpcd has duid enabled by default, and this may cause issues" - elog "with some dhcp servers. For more information, see" - elog "https://bugs.gentoo.org/show_bug.cgi?id=477356" - fi - - if ! has_version net-dns/bind-tools; then - elog - elog "If you activate the lookup-hostname hook to look up your hostname" - elog "using the dns, you need to install net-dns/bind-tools." - fi -} diff --git a/net-misc/dhcpcd/dhcpcd-7.2.3.ebuild b/net-misc/dhcpcd/dhcpcd-7.2.3.ebuild index 491c778680e3..61659ecfc9be 100644 --- a/net-misc/dhcpcd/dhcpcd-7.2.3.ebuild +++ b/net-misc/dhcpcd/dhcpcd-7.2.3.ebuild @@ -13,7 +13,7 @@ else MY_P="${MY_P/_beta/-beta}" MY_P="${MY_P/_rc/-rc}" SRC_URI="https://roy.marples.name/downloads/${PN}/${MY_P}.tar.xz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" + KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" S="${WORKDIR}/${MY_P}" fi diff --git a/net-misc/dhcpcd/dhcpcd-7.2.2.ebuild b/net-misc/dhcpcd/dhcpcd-8.0.2.ebuild index 48ba26275d0c..d8940210a7b5 100644 --- a/net-misc/dhcpcd/dhcpcd-7.2.2.ebuild +++ b/net-misc/dhcpcd/dhcpcd-8.0.2.ebuild @@ -1,7 +1,7 @@ # Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=6 +EAPI=7 inherit systemd toolchain-funcs @@ -13,7 +13,7 @@ else MY_P="${MY_P/_beta/-beta}" MY_P="${MY_P/_rc/-rc}" SRC_URI="https://roy.marples.name/downloads/${PN}/${MY_P}.tar.xz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" S="${WORKDIR}/${MY_P}" fi @@ -28,22 +28,18 @@ DEPEND="${COMMON_DEPEND}" RDEPEND="${COMMON_DEPEND}" src_configure() { - local dev hooks=() rundir - use udev || dev="--without-dev --without-udev" - hooks=( --with-hook=ntp.conf ) - use elibc_glibc && hooks+=( --with-hook=yp.conf ) - use kernel_linux && rundir="--rundir=${EPREFIX}/run" local myeconfargs=( - --prefix="${EPREFIX}" - --libexecdir="${EPREFIX}/lib/dhcpcd" --dbdir="${EPREFIX}/var/lib/dhcpcd" + --libexecdir="${EPREFIX}/lib/dhcpcd" --localstatedir="${EPREFIX}/var" - ${rundir} + --prefix="${EPREFIX}" + --with-hook=ntp.conf $(use_enable embedded) $(use_enable ipv6) - ${dev} + $(usex elibc_glibc '--with-hook=yp.conf' '') + $(usex kernel_linux '--rundir=${EPREFIX}/run' '') + $(usex udev '' '--without-dev --without-udev') CC="$(tc-getCC)" - ${hooks[@]} ) econf "${myeconfargs[@]}" } @@ -56,10 +52,10 @@ src_install() { } pkg_postinst() { - local dbdir="${EROOT%/}"/var/lib/dhcpcd old_files=() + local dbdir="${EROOT}"/var/lib/dhcpcd old_files=() - local old_old_duid="${EROOT%/}"/var/lib/dhcpcd/dhcpcd.duid - local old_duid="${EROOT%/}"/etc/dhcpcd.duid + local old_old_duid="${EROOT}"/var/lib/dhcpcd/dhcpcd.duid + local old_duid="${EROOT}"/etc/dhcpcd.duid local new_duid="${dbdir}"/duid if [[ -e "${old_old_duid}" ]] ; then # Upgrade the duid file to the new format if needed @@ -81,7 +77,7 @@ pkg_postinst() { fi old_files+=( "${old_duid}" ) fi - local old_secret="${EROOT%/}"/etc/dhcpcd.secret + local old_secret="${EROOT}"/etc/dhcpcd.secret local new_secret="${dbdir}"/secret if [[ -e "${old_secret}" ]] ; then if [[ ! -e "${new_secret}" ]] ; then @@ -112,7 +108,7 @@ pkg_postinst() { if [[ -n "${old_files[@]}" ]] ; then elog elog "dhcpcd-7 has copied dhcpcd.duid and dhcpcd.secret from" - elog "${EROOT%/}/etc to ${dbdir}" + elog "${EROOT}/etc to ${dbdir}" elog "and copied leases in ${dbdir} to new files with the dhcpcd-" elog "prefix dropped." elog diff --git a/net-misc/dhcpcd/dhcpcd-9999.ebuild b/net-misc/dhcpcd/dhcpcd-9999.ebuild index 491c778680e3..d8940210a7b5 100644 --- a/net-misc/dhcpcd/dhcpcd-9999.ebuild +++ b/net-misc/dhcpcd/dhcpcd-9999.ebuild @@ -13,7 +13,7 @@ else MY_P="${MY_P/_beta/-beta}" MY_P="${MY_P/_rc/-rc}" SRC_URI="https://roy.marples.name/downloads/${PN}/${MY_P}.tar.xz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" S="${WORKDIR}/${MY_P}" fi diff --git a/net-misc/dhcpcd/files/dhcpcd-7.1.1-disable_inet6_fix.patch b/net-misc/dhcpcd/files/dhcpcd-7.1.1-disable_inet6_fix.patch deleted file mode 100644 index 2fd3a17428fa..000000000000 --- a/net-misc/dhcpcd/files/dhcpcd-7.1.1-disable_inet6_fix.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 6db54edd1427823dcb3924be78c042915a825fb1 Mon Sep 17 00:00:00 2001 -From: Chris Clayton <chris2553@googlemail.com> -Date: Fri, 8 Feb 2019 16:35:36 +0000 -Subject: fix build with --disable-inet6 - ---- - src/dhcpcd.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/dhcpcd.c b/src/dhcpcd.c -index a2cd04e..6fe60ea 100644 ---- a/src/dhcpcd.c -+++ b/src/dhcpcd.c -@@ -54,6 +54,7 @@ const char dhcpcd_copyright[] = "Copyright (c) 2006-2019 Roy Marples"; - #include "dev.h" - #include "dhcp-common.h" - #include "dhcpcd.h" -+#include "dhcp.h" - #include "dhcp6.h" - #include "duid.h" - #include "eloop.h" --- -cgit v1.1 - diff --git a/net-misc/dhcpcd/files/dhcpcd-7.1.1-overflows.patch b/net-misc/dhcpcd/files/dhcpcd-7.1.1-overflows.patch deleted file mode 100644 index 6ec780936a83..000000000000 --- a/net-misc/dhcpcd/files/dhcpcd-7.1.1-overflows.patch +++ /dev/null @@ -1,213 +0,0 @@ -https://roy.marples.name/git/dhcpcd.git/patch/?id=23525884a346ed81c808c1ed90e3c56a8bf0cc68 - -From 8d11b33f6c60e2db257130fa383ba76b6018bcf6 Mon Sep 17 00:00:00 2001 -From: Roy Marples <roy@marples.name> -Date: Fri, 19 Apr 2019 09:45:02 +0100 -Subject: DHCPv6: Fix a potential buffer overflow reading NA/TA addresses - -Only copy upto the size of the address option rather than the -option length. - -Found by Maxime Villard <max@m00nbsd.net> ---- - src/dhcp6.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/dhcp6.c b/src/dhcp6.c -index 99a452b..8fc4f00 100644 ---- a/src/dhcp6.c -+++ b/src/dhcp6.c -@@ -2029,12 +2029,12 @@ dhcp6_findna(struct interface *ifp, uint16_t ot, const uint8_t *iaid, - nd = o + ol; - l -= (size_t)(nd - d); - d = nd; -- if (ol < 24) { -+ if (ol < sizeof(ia)) { - errno = EINVAL; - logerrx("%s: IA Address option truncated", ifp->name); - continue; - } -- memcpy(&ia, o, ol); -+ memcpy(&ia, o, sizeof(ia)); - ia.pltime = ntohl(ia.pltime); - ia.vltime = ntohl(ia.vltime); - /* RFC 3315 22.6 */ --- -cgit v1.1 - - -From 4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8 Mon Sep 17 00:00:00 2001 -From: Roy Marples <roy@marples.name> -Date: Fri, 19 Apr 2019 21:00:19 +0100 -Subject: DHCP: Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED - -This fix basically moves the option length check up and also -corrects an off by one error with it. - -Thanks to Maxime Villard <max@m00nbsd.net> ---- - src/dhcp.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/src/dhcp.c b/src/dhcp.c -index f7cdefc..e13d1b4 100644 ---- a/src/dhcp.c -+++ b/src/dhcp.c -@@ -215,6 +215,12 @@ get_option(struct dhcpcd_ctx *ctx, - } - l = *p++; - -+ /* Check we can read the option data, if present */ -+ if (p + l > e) { -+ errno = EINVAL; -+ return NULL; -+ } -+ - if (o == DHO_OPTSOVERLOADED) { - /* Ensure we only get this option once by setting - * the last bit as well as the value. -@@ -249,10 +255,6 @@ get_option(struct dhcpcd_ctx *ctx, - bp += ol; - } - ol = l; -- if (p + ol >= e) { -- errno = EINVAL; -- return NULL; -- } - op = p; - bl += ol; - } --- -cgit v1.1 - - -From 7121040790b611ca3fbc400a1bbcd4364ef57233 Mon Sep 17 00:00:00 2001 -From: Roy Marples <roy@marples.name> -Date: Fri, 19 Apr 2019 21:40:14 +0100 -Subject: auth: Use consttime_memequal(3) to compare hashes - -This stops any attacker from trying to infer secrets from latency. - -Thanks to Maxime Villard <max@m00nbsd.net> ---- - src/auth.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/auth.c b/src/auth.c -index 9e24998..ce97051 100644 ---- a/src/auth.c -+++ b/src/auth.c -@@ -354,7 +354,7 @@ gottoken: - } - - free(mm); -- if (memcmp(d, &hmac_code, dlen)) { -+ if (!consttime_memequal(d, &hmac_code, dlen)) { - errno = EPERM; - return NULL; - } --- -cgit v1.1 - - -From cfde89ab66cb4e5957b1c4b68ad6a9449e2784da Mon Sep 17 00:00:00 2001 -From: Roy Marples <roy@marples.name> -Date: Fri, 19 Apr 2019 21:42:07 +0100 -Subject: compat: Provide consttime_memequal if not in libc - -Public domain version by Matthias Drochner <drochner@netbsd.org> ---- - configure | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/configure b/configure -index 570e65f..4f58f0f 100755 ---- a/configure -+++ b/configure -@@ -13,6 +13,7 @@ IPV4LL= - INET6= - ARC4RANDOM= - CLOSEFROM= -+CONSTTIME_MEMEQUAL= - STRLCPY= - UDEV= - OS= -@@ -846,6 +847,27 @@ if [ "$STRTOI" = no ]; then - echo "#include \"compat/strtoi.h\"" >>$CONFIG_H - fi - -+if [ -z "$CONSTTIME_MEMEQUAL" ]; then -+ printf "Testing for consttime_memequal ... " -+ cat <<EOF >_consttime_memequal.c -+#include <string.h> -+int main(void) { -+ return consttime_memequal("deadbeef", "deadbeef", 8); -+} -+EOF -+ if $XCC _consttime_memequal.c -o _consttime_memequal 2>&3; then -+ CONSTTIME_MEMEQUAL=yes -+ else -+ CONSTTIME_MEMEQUAL=no -+ fi -+ echo "$CONSTTIME_MEMEQUAL" -+ rm -f _consttime_memequal.c _consttime_memequal -+fi -+if [ "$CONSTTIME_MEMEQUAL" = no ]; then -+ echo "#include \"compat/consttime_memequal.h\"" \ -+ >>$CONFIG_H -+fi -+ - if [ -z "$DPRINTF" ]; then - printf "Testing for dprintf ... " - cat <<EOF >_dprintf.c --- -cgit v1.1 - - -From aee631aadeef4283c8a749c1caf77823304acf5e Mon Sep 17 00:00:00 2001 -From: Roy Marples <roy@marples.name> -Date: Fri, 19 Apr 2019 21:47:37 +0100 -Subject: Really add consttime_memequal - ---- - compat/consttime_memequal.h | 28 ++++++++++++++++++++++++++++ - 1 file changed, 28 insertions(+) - create mode 100644 compat/consttime_memequal.h - -diff --git a/compat/consttime_memequal.h b/compat/consttime_memequal.h -new file mode 100644 -index 0000000..9830648 ---- /dev/null -+++ b/compat/consttime_memequal.h -@@ -0,0 +1,28 @@ -+/* -+ * Written by Matthias Drochner <drochner@NetBSD.org>. -+ * Public domain. -+ */ -+ -+#ifndef CONSTTIME_MEMEQUAL_H -+#define CONSTTIME_MEMEQUAL_H -+inline static int -+consttime_memequal(const void *b1, const void *b2, size_t len) -+{ -+ const unsigned char *c1 = b1, *c2 = b2; -+ unsigned int res = 0; -+ -+ while (len--) -+ res |= *c1++ ^ *c2++; -+ -+ /* -+ * Map 0 to 1 and [1, 256) to 0 using only constant-time -+ * arithmetic. -+ * -+ * This is not simply `!res' because although many CPUs support -+ * branchless conditional moves and many compilers will take -+ * advantage of them, certain compilers generate branches on -+ * certain CPUs for `!res'. -+ */ -+ return (1 & ((res - 1) >> 8)); -+} -+#endif /* CONSTTIME_MEMEQUAL_H */ --- -cgit v1.1 - diff --git a/net-misc/dhcpcd/files/dhcpcd-7.1.1-v6_read_overflow.patch b/net-misc/dhcpcd/files/dhcpcd-7.1.1-v6_read_overflow.patch deleted file mode 100644 index 54b559fcd87f..000000000000 --- a/net-misc/dhcpcd/files/dhcpcd-7.1.1-v6_read_overflow.patch +++ /dev/null @@ -1,120 +0,0 @@ -From c1ebeaafeb324bac997984abdcee2d4e8b61a8a8 Mon Sep 17 00:00:00 2001 -From: Roy Marples <roy@marples.name> -Date: Fri, 3 May 2019 14:44:06 +0100 -Subject: DHCPv6: Fix a potential read overflow with D6_OPTION_PD_EXCLUDE - -dhcpcd only checks that the prefix length of the exclusion -matches the prefix length of the ia and equals the length of the -data in the option. -This could potentially overrun the in6_addr structure. - -This is fixed by enforcing RFC 6603 section 4.2 option limits -more clearly. - -Thanks to Maxime Villard <max@m00nbsd.net> for finding this. ---- - src/dhcp6.c | 44 +++++++++++++++++++++----------------------- - 1 file changed, 21 insertions(+), 23 deletions(-) - -diff --git a/src/dhcp6.c b/src/dhcp6.c -index dee8d4b6..583f3b3f 100644 ---- a/src/dhcp6.c -+++ b/src/dhcp6.c -@@ -2166,40 +2166,38 @@ dhcp6_findpd(struct interface *ifp, const uint8_t *iaid, - state->expire = a->prefix_vltime; - i++; - -- o = dhcp6_findoption(o, ol, D6_OPTION_PD_EXCLUDE, &ol); - a->prefix_exclude_len = 0; - memset(&a->prefix_exclude, 0, sizeof(a->prefix_exclude)); --#if 0 -- if (ex == NULL) { -- struct dhcp6_option *w; -- uint8_t *wp; -- -- w = calloc(1, 128); -- w->len = htons(2); -- wp = D6_OPTION_DATA(w); -- *wp++ = 64; -- *wp++ = 0x78; -- ex = w; -- } --#endif -+ o = dhcp6_findoption(o, ol, D6_OPTION_PD_EXCLUDE, &ol); - if (o == NULL) - continue; -- if (ol < 2) { -- logerrx("%s: truncated PD Exclude", ifp->name); -+ -+ /* RFC 6603 4.2 says option length MUST be between 2 and 17. -+ * This allows 1 octet for prefix length and 16 for the -+ * subnet ID. */ -+ if (ol < 2 || ol > 17) { -+ logerrx("%s: invalid PD Exclude option", ifp->name); - continue; - } -- a->prefix_exclude_len = *o++; -- ol--; -- if (((a->prefix_exclude_len - a->prefix_len - 1) / NBBY) + 1 -- != ol) -- { -+ -+ /* RFC 6603 4.2 says prefix length MUST be between the -+ * length of the IAPREFIX prefix length + 1 and 128. */ -+ if (*o < a->prefix_len + 1 || *o > 128) { -+ logerrx("%s: invalid PD Exclude length", ifp->name); -+ continue; -+ } -+ -+ /* Check option length matches prefix length. */ -+ if (((*o - a->prefix_len - 1) / NBBY) + 1 != ol) { - logerrx("%s: PD Exclude length mismatch", ifp->name); -- a->prefix_exclude_len = 0; - continue; - } -- nb = a->prefix_len % NBBY; -+ -+ a->prefix_exclude_len = *o++; -+ ol--; - memcpy(&a->prefix_exclude, &a->prefix, - sizeof(a->prefix_exclude)); -+ nb = a->prefix_len % NBBY; - if (nb) - ol--; - pw = a->prefix_exclude.s6_addr + --- -cgit v1.2.1 - -From 896ef4a54b0578985e5e1360b141593f1d62837b Mon Sep 17 00:00:00 2001 -From: Roy Marples <roy@marples.name> -Date: Sat, 4 May 2019 10:19:02 +0100 -Subject: DHCPv6: Fix exclude prefix length check. - ---- - src/dhcp6.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/dhcp6.c b/src/dhcp6.c -index 583f3b3f..7f26129f 100644 ---- a/src/dhcp6.c -+++ b/src/dhcp6.c -@@ -2187,14 +2187,14 @@ dhcp6_findpd(struct interface *ifp, const uint8_t *iaid, - continue; - } - -+ ol--; - /* Check option length matches prefix length. */ - if (((*o - a->prefix_len - 1) / NBBY) + 1 != ol) { - logerrx("%s: PD Exclude length mismatch", ifp->name); - continue; - } -- - a->prefix_exclude_len = *o++; -- ol--; -+ - memcpy(&a->prefix_exclude, &a->prefix, - sizeof(a->prefix_exclude)); - nb = a->prefix_len % NBBY; --- -cgit v1.2.1 - |