From f18377620e0463345963862b2bf9873940e3323c Mon Sep 17 00:00:00 2001 From: Ben Woods Date: Sun, 31 May 2020 14:25:02 +0000 Subject: [PATCH] net/dhcpcd: Update to 9.1.0 Now with privilege separation and capsicumized. Changes this release: https://roy.marples.name/archives/dhcpcd-discuss/0003007.html https://roy.marples.name/archives/dhcpcd-discuss/0002881.html --- net/dhcpcd/Makefile | 6 ++++-- net/dhcpcd/distinfo | 6 +++--- net/dhcpcd/files/dhcpcd.in | 2 +- net/dhcpcd/pkg-descr | 8 ++++++++ net/dhcpcd/pkg-plist | 3 +-- 5 files changed, 17 insertions(+), 8 deletions(-) diff --git a/net/dhcpcd/Makefile b/net/dhcpcd/Makefile index 6c501c3aa687..4fb4055c2f94 100644 --- a/net/dhcpcd/Makefile +++ b/net/dhcpcd/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= dhcpcd -PORTVERSION= 8.1.9 +PORTVERSION= 9.1.0 CATEGORIES= net MASTER_SITES= https://roy.marples.name/downloads/dhcpcd/ \ https://cflags.cc/roy/dhcpcd/ @@ -19,12 +19,14 @@ USES= compiler:c11 cpe tar:xz CPE_VENDOR= dhcpcd_project GNU_CONFIGURE= yes -CONFIGURE_ARGS= --datadir=${PREFIX}/share/examples +CONFIGURE_ARGS= --datadir=${PREFIX}/share/examples \ + --privsepuser="_dhcp" USE_RC_SUBR= dhcpcd post-install: ${MV} ${STAGEDIR}${PREFIX}/etc/dhcpcd.conf \ ${STAGEDIR}${PREFIX}/share/examples/dhcpcd @${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/dhcpcd + ${MKDIR} ${STAGEDIR}/var/db/dhcpcd .include diff --git a/net/dhcpcd/distinfo b/net/dhcpcd/distinfo index 45a022f1dc41..5a65c8fe1bd0 100644 --- a/net/dhcpcd/distinfo +++ b/net/dhcpcd/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1589539562 -SHA256 (dhcpcd-8.1.9.tar.xz) = 8e2a505eb2bd8007d7c6fd855fcb4dd28cced8fc28886c7ce41fb4fc5630fbcf -SIZE (dhcpcd-8.1.9.tar.xz) = 230288 +TIMESTAMP = 1590934886 +SHA256 (dhcpcd-9.1.0.tar.xz) = 2d51bbf1780824cfb41c30d391ddeea43ab515a874bb2e74508939169ba93bf7 +SIZE (dhcpcd-9.1.0.tar.xz) = 247460 diff --git a/net/dhcpcd/files/dhcpcd.in b/net/dhcpcd/files/dhcpcd.in index 6ef6063b9c55..3d6c670f289a 100644 --- a/net/dhcpcd/files/dhcpcd.in +++ b/net/dhcpcd/files/dhcpcd.in @@ -16,7 +16,7 @@ if [ -n "$ifn" ]; then if [ -z "$flags" -a -n "$specific" ]; then rc_flags="$specific" fi - pidfile="/var/run/dhcpcd-$ifn.pid" + pidfile="/var/run/dhcpcd/dhcpcd-$ifn.pid" else pidfile="$($command -P $rc_flags)" : ${dhcpcd_enable:=NO} diff --git a/net/dhcpcd/pkg-descr b/net/dhcpcd/pkg-descr index 43473ca0c43c..8929c135a1ca 100644 --- a/net/dhcpcd/pkg-descr +++ b/net/dhcpcd/pkg-descr @@ -2,4 +2,12 @@ dhcpcd is a DHCP/IPv4LL/IPv6RS/DHCPv6 client. It can also act as a network manager, responding to new interfaces, listening for carrier up/down events and managing routes. +dhcpcd-9 introduces a number of security improvements: +- privilege separation + operations are performed across multiple processes, and those which do + not require root privileges are run as the unprivileged _dhcp user +- sanboxed with capsicum(4) + processes run in capability mode, limiting their access and therefore + the potential impact of security vulnerabilities + WWW: https://roy.marples.name/projects/dhcpcd diff --git a/net/dhcpcd/pkg-plist b/net/dhcpcd/pkg-plist index 40515d9a83cd..891ce7fabc99 100644 --- a/net/dhcpcd/pkg-plist +++ b/net/dhcpcd/pkg-plist @@ -1,5 +1,4 @@ libexec/dhcpcd-hooks/01-test -libexec/dhcpcd-hooks/02-dump libexec/dhcpcd-hooks/20-resolv.conf libexec/dhcpcd-hooks/30-hostname libexec/dhcpcd-hooks/50-ntp.conf @@ -12,5 +11,5 @@ sbin/dhcpcd %%EXAMPLESDIR%%/hooks/15-timezone %%EXAMPLESDIR%%/hooks/29-lookup-hostname %%EXAMPLESDIR%%/hooks/50-ypbind -@dir /var/db/dhcpcd @sample %%EXAMPLESDIR%%/dhcpcd.conf etc/dhcpcd.conf +@dir(_dhcp,_dhcp,) /var/db/dhcpcd