net/dhcpcd: Update to 9.1.0

Now with privilege separation and capsicumized. Changes this release: https://roy.marples.name/archives/dhcpcd-discuss/0003007.html https://roy.marples.name/archives/dhcpcd-discuss/0002881.html
svn path=/head/; revision=537164
2020-05-31 14:25:02 +00:00 · 2020-05-31 14:25:02 +00:00 · f18377620e · 2021-03-31 03:12:20 +00:00
commit f18377620e
parent 8043d23da7
5 changed files with 17 additions and 8 deletions
--- a/net/dhcpcd/Makefile
+++ b/net/dhcpcd/Makefile
@ -2,7 +2,7 @@
 # $FreeBSD$

 PORTNAME=	dhcpcd
-PORTVERSION=	8.1.9
+PORTVERSION=	9.1.0
 CATEGORIES=	net
 MASTER_SITES=	https://roy.marples.name/downloads/dhcpcd/ \
 		https://cflags.cc/roy/dhcpcd/
@ -19,12 +19,14 @@ USES=		compiler:c11 cpe tar:xz

 CPE_VENDOR=	dhcpcd_project
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS=	--datadir=${PREFIX}/share/examples
+CONFIGURE_ARGS=	--datadir=${PREFIX}/share/examples \
+		--privsepuser="_dhcp"
 USE_RC_SUBR=	dhcpcd

 post-install:
 	${MV} ${STAGEDIR}${PREFIX}/etc/dhcpcd.conf \
 		${STAGEDIR}${PREFIX}/share/examples/dhcpcd
 	@${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/dhcpcd
+	${MKDIR} ${STAGEDIR}/var/db/dhcpcd

 .include <bsd.port.mk>
--- a/net/dhcpcd/distinfo
+++ b/net/dhcpcd/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1589539562
-SHA256 (dhcpcd-8.1.9.tar.xz) = 8e2a505eb2bd8007d7c6fd855fcb4dd28cced8fc28886c7ce41fb4fc5630fbcf
-SIZE (dhcpcd-8.1.9.tar.xz) = 230288
+TIMESTAMP = 1590934886
+SHA256 (dhcpcd-9.1.0.tar.xz) = 2d51bbf1780824cfb41c30d391ddeea43ab515a874bb2e74508939169ba93bf7
+SIZE (dhcpcd-9.1.0.tar.xz) = 247460
--- a/net/dhcpcd/files/dhcpcd.in
+++ b/net/dhcpcd/files/dhcpcd.in
@ -16,7 +16,7 @@ if [ -n "$ifn" ]; then
 	if [ -z "$flags" -a -n "$specific" ]; then
 		rc_flags="$specific"
 	fi
-	pidfile="/var/run/dhcpcd-$ifn.pid"
+	pidfile="/var/run/dhcpcd/dhcpcd-$ifn.pid"
 else
 	pidfile="$($command -P $rc_flags)"
 	: ${dhcpcd_enable:=NO}
--- a/net/dhcpcd/pkg-descr
+++ b/net/dhcpcd/pkg-descr
@ -2,4 +2,12 @@ dhcpcd is a DHCP/IPv4LL/IPv6RS/DHCPv6 client.
 It can also act as a network manager, responding to new interfaces,
 listening for carrier up/down events and managing routes.

+dhcpcd-9 introduces a number of security improvements:
+- privilege separation
+  operations are performed across multiple processes, and those which do
+  not require root privileges are run as the unprivileged _dhcp user
+- sanboxed with capsicum(4)
+  processes run in capability mode, limiting their access and therefore
+  the potential impact of security vulnerabilities
+
 WWW: https://roy.marples.name/projects/dhcpcd
--- a/net/dhcpcd/pkg-plist
+++ b/net/dhcpcd/pkg-plist
@ -1,5 +1,4 @@
 libexec/dhcpcd-hooks/01-test
-libexec/dhcpcd-hooks/02-dump
 libexec/dhcpcd-hooks/20-resolv.conf
 libexec/dhcpcd-hooks/30-hostname
 libexec/dhcpcd-hooks/50-ntp.conf
@ -12,5 +11,5 @@ sbin/dhcpcd
 %%EXAMPLESDIR%%/hooks/15-timezone
 %%EXAMPLESDIR%%/hooks/29-lookup-hostname
 %%EXAMPLESDIR%%/hooks/50-ypbind
-@dir /var/db/dhcpcd
@sample %%EXAMPLESDIR%%/dhcpcd.conf etc/dhcpcd.conf
+@dir(_dhcp,_dhcp,) /var/db/dhcpcd