summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTony Vroon <chainsaw@gentoo.org>2009-07-14 17:35:55 +0000
committerTony Vroon <chainsaw@gentoo.org>2009-07-14 17:35:55 +0000
commit0c3d46a0e161042daffd68007b1884f5d7d5d83e (patch)
tree0c3325ee1e1c6ddf5aae89e98177945487bb8dc9 /net-misc
parentRemove old version. (diff)
downloadhistorical-0c3d46a0e161042daffd68007b1884f5d7d5d83e.tar.gz
historical-0c3d46a0e161042daffd68007b1884f5d7d5d83e.tar.bz2
historical-0c3d46a0e161042daffd68007b1884f5d7d5d83e.zip
Version bump for CVE-2009-0692 (dhclient stack-based buffer overflow); security bug #277729. Stable keywords approved by arch liaisons.
Package-Manager: portage-2.1.6.13/cvs/Linux x86_64 RepoMan-Options: --force
Diffstat (limited to 'net-misc')
-rw-r--r--net-misc/dhcp/ChangeLog9
-rw-r--r--net-misc/dhcp/Manifest10
-rw-r--r--net-misc/dhcp/dhcp-3.1.1-r1.ebuild242
-rw-r--r--net-misc/dhcp/files/dhcp-3.1.1-CVE-2009-0692.patch14
4 files changed, 270 insertions, 5 deletions
diff --git a/net-misc/dhcp/ChangeLog b/net-misc/dhcp/ChangeLog
index 27c02bf10764..027da3d4ee57 100644
--- a/net-misc/dhcp/ChangeLog
+++ b/net-misc/dhcp/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for net-misc/dhcp
# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/dhcp/ChangeLog,v 1.155 2009/07/09 14:45:21 chainsaw Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/dhcp/ChangeLog,v 1.156 2009/07/14 17:35:54 chainsaw Exp $
+
+*dhcp-3.1.1-r1 (14 Jul 2009)
+
+ 14 Jul 2009; <chainsaw@gentoo.org> +dhcp-3.1.1-r1.ebuild,
+ +files/dhcp-3.1.1-CVE-2009-0692.patch:
+ Version bump for CVE-2009-0692 (dhclient stack-based buffer overflow);
+ security bug #277729. Stable keywords approved by arch liaisons.
*dhcp-4.1.0 (09 Jul 2009)
*dhcp-3.1.2 (09 Jul 2009)
diff --git a/net-misc/dhcp/Manifest b/net-misc/dhcp/Manifest
index e2f73053cd08..a46c8a394a6a 100644
--- a/net-misc/dhcp/Manifest
+++ b/net-misc/dhcp/Manifest
@@ -20,6 +20,7 @@ AUX dhcp-3.0.3-x-option.patch 6478 RMD160 a0fa5b3c7caf2d303a76c3d6fc135783cfa2bb
AUX dhcp-3.0.4-dhclient-stdin-conf.patch 2176 RMD160 fae08899f6b57da3ec7ab0068e288bbdf2fbf2ae SHA1 c10c35dcf4a94f45f4bc98147a70e9dcf3f01dd5 SHA256 80141fe71e52774f1c7b1a02f2cbd49bc646f19753ceefc1c3605104df0cae5f
AUX dhcp-3.0.5-bpf-nofallback.patch 1473 RMD160 1a5ece77cb481416935b0d2eea53e85dc4c4ee93 SHA1 d4cad638075a98606e07c633551c8a1d2f78f2e7 SHA256 b215c5ff4a282b475f28168250c05bbbc85e7c37e7af92616571d499b8c14da6
AUX dhcp-3.1.0a1-dhclient-resolvconf.patch 10316 RMD160 183bedd1660bf5a5f9dc7d002199e76aec12341c SHA1 1e0332ea31cfdbe92f3053405587f08117de8f8b SHA256 112b2ed44aab92592eb3810c61ada7f30d9d01fe43b647667326972a37b412a1
+AUX dhcp-3.1.1-CVE-2009-0692.patch 494 RMD160 42d3490a34b9559a9c0f335c2a3b8c8a2105d55f SHA1 e1c6da730672194b1771f0729c7d9f08073dfa6e SHA256 df77ad202d11e21355ed92bf015286fcd2f28ae21302283ab570ea4d9b9632af
AUX dhcp-4.0-dhclient-metric.patch 8100 RMD160 cd599d5523be30809024b8e0f81cd84e4d932317 SHA1 ba9ff19cc5274b0e3e8408eba4725e0546413954 SHA256 a1c5589ac1c57ba7fe66336646f4286ebd7112f05abf5ae59b69ff26e7409afc
AUX dhcp-4.0-dhclient-ntp.patch 7966 RMD160 d6dd1c3363f06712a82231eae1eb559f5a45bbb5 SHA1 3c1b373c6649c1ccb44f205fbee116c134514f4e SHA256 e93bda7f2baae9163f96ab0408bfbe885caa96a8698f9e566b8a9dc04de9359b
AUX dhcp-4.0-dhclient-resolvconf.patch 14516 RMD160 0a53cbb795c4d4989f5632b6314b69be5bd94611 SHA1 e1db8ecca4de1c45fcec7e93fb13d186931d74f6 SHA256 1cdbb9ed297426b2d44063ffb8642c9c5cdf54dc2f9c3c8f59100f4ab2c40986
@@ -40,16 +41,17 @@ DIST dhcp-3.1.1.tar.gz 798228 RMD160 08ed15d26ca64928e1d3b07c631cbbfa9a3dc8cb SH
DIST dhcp-3.1.2.tar.gz 799626 RMD160 026ac48b176ec273397fafa8a834a21fd6331681 SHA1 a60cccec2402a35025ddaafc8ac896595188560e SHA256 80daba1e4ac220a0945778aa3c1c9eb7860c4426645660bebb8ed35a3231a2fb
DIST dhcp-4.0.1.tar.gz 1050570 RMD160 a9764a76d105778362fe4b58e77783331ee3448a SHA1 7d813740ab4a64e474f1c01b1395617987532ed1 SHA256 965d09a7759250eff7d6d06d37425ea085c14edb5b405f8357ef5ec72ded28ef
DIST dhcp-4.1.0.tar.gz 1086815 RMD160 bf96fa9d135a65b4d9b27f8caf4f3744f0636c80 SHA1 46e161892140a3b60cd56e62b442f48f51bc605f SHA256 688741e970410efdb177513550f8cd1ee52032eb109313ab316a852f40310914
+EBUILD dhcp-3.1.1-r1.ebuild 7585 RMD160 1716a17f3666c46d4f1ec3a6e8ccd417c720e592 SHA1 4a8410bf4962ad6cbb44d2cdb33f5662046640b2 SHA256 9ae786ffce4d66b4e9ec91478f983078b77a7b2237fa99ab91b8d1a32f8d6bad
EBUILD dhcp-3.1.1.ebuild 7431 RMD160 34ec0d733c3d424877748970a92c9f38fbd18730 SHA1 39a0cb8773100a2b436007a6196d65bb4519b29a SHA256 d040e4ee5f081bd585d17fb62136ab3d4aaa95b0044672eafe3364ae26b2fe32
EBUILD dhcp-3.1.2.ebuild 7474 RMD160 78d2bdccab808591b1c0ba6adc5d788dc71b95dc SHA1 4777e8b4da41bb19a0b7581190804cce9dae4b6c SHA256 5605c8e752bd1b4d338d3cba623f648ec672b25e99f75fd3f1d3ece397a13bbc
EBUILD dhcp-4.0.1.ebuild 6748 RMD160 65a827140787fd302acb9970930d14576a0b5ba6 SHA1 27fcb9e7a64f1d5f7b4a96f6d2c8f3aa5f0b1679 SHA256 43d87d271aeaaf23095e601359d49eb9253c91b07376d7720b5d03e1530ffe6c
EBUILD dhcp-4.1.0.ebuild 6707 RMD160 e8d9c13d570cdce1b3f57c595be6de5fffd5659b SHA1 c6c03fd3d3555524ffa8d7b8a1dee0c65f62fbc2 SHA256 5ee24d452738644c0213970e9d2ba1cb8ccb946de41f2e2627481acd99f58828
-MISC ChangeLog 26693 RMD160 11a1ed4aa30f499cef461652d9bad544d6a5884b SHA1 819f76397ee1e3383964d220237a4618827e21e4 SHA256 b5ef924b51ffaf82fad8fba0019274333f1098f52be9fd870adfe92060869dce
+MISC ChangeLog 26965 RMD160 2ebdc315065ae1a23edd8d7aa29c19bc43a658fa SHA1 afb63808cb26d3ef7783b2858ccf8d76a347eca6 SHA256 3b09cbfc2f91b75e2912d8aef360aff4ebc25195006f92000f6a0d5ae397a1c4
MISC metadata.xml 358 RMD160 97ecd4b6ee0a24352a71a66d5ad4fd82481156b4 SHA1 d80da2cf7c6892cdad6b681fda29e46472d68871 SHA256 8665f24cdfcc09576b595f8bd257333ff5f9ea7ee0ca2925ba6fb74d90e12415
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
-iEYEARECAAYFAkpWAocACgkQp5vW4rUFj5r3dgCeNQi4yrAYWH948oGAtf+Ex/Sb
-vc0An3ri1vZ+GDQDvxYxybU7PII9VUV5
-=uFWQ
+iEYEARECAAYFAkpcwfoACgkQp5vW4rUFj5oEfgCgsJwAd40nNx43YqpMTHVFzMby
+MhgAoLOpU+KGFM4OPZUOqIMCRc24Ynso
+=/nsc
-----END PGP SIGNATURE-----
diff --git a/net-misc/dhcp/dhcp-3.1.1-r1.ebuild b/net-misc/dhcp/dhcp-3.1.1-r1.ebuild
new file mode 100644
index 000000000000..0dc23e575243
--- /dev/null
+++ b/net-misc/dhcp/dhcp-3.1.1-r1.ebuild
@@ -0,0 +1,242 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/dhcp/dhcp-3.1.1-r1.ebuild,v 1.1 2009/07/14 17:35:54 chainsaw Exp $
+
+inherit eutils flag-o-matic multilib toolchain-funcs
+
+MY_PV="${PV//_alpha/a}"
+MY_PV="${MY_PV//_beta/b}"
+MY_PV="${MY_PV//_rc/rc}"
+MY_P="${PN}-${MY_PV}"
+DESCRIPTION="ISC Dynamic Host Configuration Protocol"
+HOMEPAGE="http://www.isc.org/products/DHCP"
+SRC_URI="ftp://ftp.isc.org/isc/dhcp/${MY_P}.tar.gz"
+
+LICENSE="isc-dhcp"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
+IUSE="doc minimal static selinux kernel_linux"
+
+DEPEND="selinux? ( sec-policy/selinux-dhcp )
+ kernel_linux? ( sys-apps/net-tools )"
+
+PROVIDE="virtual/dhcpc"
+
+S="${WORKDIR}/${MY_P}"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ # Gentoo patches - these will probably never be accepted upstream
+ # Enable chroot support
+ epatch "${FILESDIR}/${PN}"-3.0-paranoia.patch
+ # Fix some permission issues
+ epatch "${FILESDIR}/${PN}"-3.0-fix-perms.patch
+ # Enable dhclient to equery NTP servers
+ epatch "${FILESDIR}/${PN}"-3.0.3-dhclient-ntp.patch
+ # resolvconf support in dhclient-script
+ epatch "${FILESDIR}/${PN}"-3.1.0a1-dhclient-resolvconf.patch
+ # Fix setting hostnames on Linux
+ epatch "${FILESDIR}/${PN}"-3.0.3-dhclient-hostname.patch
+ # Allow mtu settings
+ epatch "${FILESDIR}/${PN}"-3.0.3-dhclient-mtu.patch
+ # Allow dhclient to use IF_METRIC to set route metrics
+ epatch "${FILESDIR}/${PN}"-3.0.3-dhclient-metric.patch
+ # Stop downing the interface on Linux as that breaks link dameons
+ # such as wpa_supplicant and netplug
+ epatch "${FILESDIR}/${PN}"-3.0.3-dhclient-no-down.patch
+ # Quiet the isc blurb
+ epatch "${FILESDIR}/${PN}"-3.0.3-no_isc_blurb.patch
+ # Enable dhclient to get extra configuration from stdin
+ epatch "${FILESDIR}/${PN}"-3.0.4-dhclient-stdin-conf.patch
+ # Disable fallback interfaces when using BPF
+ # This allows more than one dhclient instance on the BSD's
+ epatch "${FILESDIR}/${PN}"-3.0.5-bpf-nofallback.patch
+
+ # General fixes which will probably be accepted upstream eventually
+ # Install libdst, #75544
+ epatch "${FILESDIR}/${PN}"-3.0.3-libdst.patch
+ # Fix building on Gentoo/FreeBSD
+ epatch "${FILESDIR}/${PN}"-3.0.2-gmake.patch
+
+ # NetworkManager support patches
+ # If they fail to apply to future versions they will be dropped
+ # Add dbus support to dhclient
+ epatch "${FILESDIR}/${PN}"-3.0.3-dhclient-dbus.patch
+
+ # CVE-2009-0692: script_write_params() Stack-based buffer overflow in dhclient
+ # bug 275231
+ epatch "${FILESDIR}/${PN}"-3.1.1-CVE-2009-0692.patch
+
+ # Brand the version with Gentoo
+ # include revision if >0
+ local newver="${MY_PV}-Gentoo"
+ [[ ${PR} != "r0" ]] && newver="${newver}-${PR}"
+ sed -i '/^#define DHCP_VERSION[ \t]\+/ s/'"${MY_PV}/${newver}/g" \
+ includes/version.h || die
+
+ # Change the hook script locations of the scripts
+ sed -i -e 's,/etc/dhclient-exit-hooks,/etc/dhcp/dhclient-exit-hooks,g' \
+ -e 's,/etc/dhclient-enter-hooks,/etc/dhcp/dhclient-enter-hooks,g' \
+ client/scripts/* || die
+
+ # No need for the linux script to force bash, #158540.
+ sed -i -e 's,#!/bin/bash,#!/bin/sh,' client/scripts/linux || die
+
+ # Quiet the freebsd logger a little
+ sed -i -e '/LOGGER=/ s/-s -p user.notice //g' client/scripts/freebsd || die
+
+ # Remove these options from the sample config
+ sed -i -e "/\(script\|host-name\|domain-name\) / d" \
+ client/dhclient.conf || die
+
+ # Build sed man pages as we don't ever support BSD 4.4 and older, #130251.
+ local x=
+ for x in Makefile.dist $(ls */Makefile.dist) ; do
+ sed -i -e 's/$(CATMANPAGES)/$(SEDMANPAGES)/g' "${x}" || die
+ done
+
+ # Only install different man pages if we don't have en
+ if [[ " ${LINGUAS} " != *" en "* ]]; then
+ # Install Japanese man pages
+ if [[ " ${LINGUAS} " == *" ja "* && -d doc/ja_JP.eucJP ]]; then
+ einfo "Installing Japanese documention"
+ cp doc/ja_JP.eucJP/dhclient* client
+ cp doc/ja_JP.eucJP/dhcp* common
+ fi
+ fi
+
+ # Now remove the non-english docs so there are no errors later
+ [[ -d doc/ja_JP.eucJP ]] && rm -rf doc/ja_JP.eucJP
+}
+
+src_compile() {
+ use static && append-ldflags -static
+
+ cat <<-END >> includes/site.h
+ #define _PATH_DHCPD_CONF "/etc/dhcp/dhcpd.conf"
+ #define _PATH_DHCPD_PID "/var/run/dhcp/dhcpd.pid"
+ #define _PATH_DHCPD_DB "/var/lib/dhcp/dhcpd.leases"
+ #define _PATH_DHCLIENT_CONF "/etc/dhcp/dhclient.conf"
+ #define _PATH_DHCLIENT_DB "/var/lib/dhcp/dhclient.leases"
+ #define _PATH_DHCLIENT_PID "/var/run/dhcp/dhclient.pid"
+ #define DHCPD_LOG_FACILITY LOG_LOCAL1
+ END
+
+ cat <<-END > site.conf
+ CC = $(tc-getCC)
+ LFLAGS = ${LDFLAGS}
+ LIBDIR = /usr/$(get_libdir)
+ INCDIR = /usr/include
+ ETC = /etc/dhcp
+ VARDB = /var/lib/dhcp
+ VARRUN = /var/run/dhcp
+ ADMMANDIR = /usr/share/man/man8
+ ADMMANEXT = .8
+ FFMANDIR = /usr/share/man/man5
+ FFMANEXT = .5
+ LIBMANDIR = /usr/share/man/man3
+ LIBMANEXT = .3
+ USRMANDIR = /usr/share/man/man1
+ USRMANEXT = .1
+ MANCAT = man
+ END
+
+ ./configure --copts "-DPARANOIA -DEARLY_CHROOT ${CFLAGS}" \
+ || die "configure failed"
+
+ # Remove server support from the Makefile
+ # We still install some extra crud though
+ if use minimal ; then
+ sed -i -e 's/\(server\|relay\|dhcpctl\)/ /g' work.*/Makefile || die
+ fi
+ emake || die "compile problem"
+}
+
+src_install() {
+ make install DESTDIR="${D}" || die
+ use doc && dodoc README RELNOTES doc/*
+
+ insinto /etc/dhcp
+ newins client/dhclient.conf dhclient.conf.sample
+ keepdir /var/{lib,run}/dhcp
+
+ # Install our server files
+ if ! use minimal ; then
+ insinto /etc/dhcp
+ newins server/dhcpd.conf dhcpd.conf.sample
+ newinitd "${FILESDIR}"/dhcpd.init dhcpd
+ newinitd "${FILESDIR}"/dhcrelay.init dhcrelay
+ newconfd "${FILESDIR}"/dhcpd.conf dhcpd
+ newconfd "${FILESDIR}"/dhcrelay.conf dhcrelay
+
+ # We never want portage to own this file
+ rm -f "${D}"/var/lib/dhcp/dhcpd.leases
+ fi
+}
+
+pkg_preinst() {
+ if ! use minimal ; then
+ enewgroup dhcp
+ enewuser dhcp -1 -1 /var/lib/dhcp dhcp
+ fi
+}
+
+pkg_postinst() {
+ use minimal && return
+
+ chown dhcp:dhcp "${ROOT}"/var/{lib,run}/dhcp
+
+ if [[ -e "${ROOT}"/etc/init.d/dhcp ]] ; then
+ ewarn
+ ewarn "WARNING: The dhcp init script has been renamed to dhcpd"
+ ewarn "/etc/init.d/dhcp and /etc/conf.d/dhcp need to be removed and"
+ ewarn "and dhcp should be removed from the default runlevel"
+ ewarn
+ fi
+
+ einfo "You can edit /etc/conf.d/dhcpd to customize dhcp settings."
+ einfo
+ einfo "If you would like to run dhcpd in a chroot, simply configure the"
+ einfo "DHCPD_CHROOT directory in /etc/conf.d/dhcpd and then run:"
+ einfo " emerge --config =${PF}"
+}
+
+pkg_config() {
+ if use minimal ; then
+ eerror "${PN} has not been compiled for server support"
+ eerror "emerge ${PN} without the minimal USE flag to use dhcp sever"
+ return 1
+ fi
+
+ local CHROOT="$(
+ sed -n -e 's/^[[:blank:]]\?DHCPD_CHROOT="*\([^#"]\+\)"*/\1/p' \
+ "${ROOT}"/etc/conf.d/dhcpd
+ )"
+
+ if [[ -z ${CHROOT} ]]; then
+ eerror "CHROOT not defined in /etc/conf.d/dhcpd"
+ return 1
+ fi
+
+ CHROOT="${ROOT}/${CHROOT}"
+
+ if [[ -d ${CHROOT} ]] ; then
+ ewarn "${CHROOT} already exists - aborting"
+ return 0
+ fi
+
+ ebegin "Setting up the chroot directory"
+ mkdir -m 0755 -p "${CHROOT}/"{dev,etc,var/lib,var/run/dhcp}
+ cp /etc/{localtime,resolv.conf} "${CHROOT}"/etc
+ cp -R /etc/dhcp "${CHROOT}"/etc
+ cp -R /var/lib/dhcp "${CHROOT}"/var/lib
+ ln -s ../../var/lib/dhcp "${CHROOT}"/etc/dhcp/lib
+ chown -R dhcp:dhcp "${CHROOT}"/var/{lib,run}/dhcp
+ eend 0
+
+ local logger="$(best_version virtual/logger)"
+ einfo "To enable logging from the dhcpd server, configure your"
+ einfo "logger (${logger}) to listen on ${CHROOT}/dev/log"
+}
diff --git a/net-misc/dhcp/files/dhcp-3.1.1-CVE-2009-0692.patch b/net-misc/dhcp/files/dhcp-3.1.1-CVE-2009-0692.patch
new file mode 100644
index 000000000000..b12a616deafd
--- /dev/null
+++ b/net-misc/dhcp/files/dhcp-3.1.1-CVE-2009-0692.patch
@@ -0,0 +1,14 @@
+--- dhcp-3.1.1.orig/client/dhclient.c
++++ dhcp-3.1.1/client/dhclient.c
+@@ -2547,8 +2547,9 @@ void script_write_params (client, prefix
+ (struct option_state *)0,
+ lease -> options,
+ &global_scope, oc, MDL)) {
+- if (data.len > 3) {
+- struct iaddr netmask, subnet, broadcast;
++ struct iaddr netmask;
++ if (data.len > 3 && data.len <= sizeof(netmask.iabuf)) {
++ struct iaddr subnet, broadcast;
+
+ memcpy (netmask.iabuf, data.data, data.len);
+ netmask.len = data.len;