From bec4186490a0bbe707bc3d25f9c72823aab096f0 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Thu, 18 Mar 2021 00:12:31 +0000 Subject: dnsmasq-devel: add test release 2.85rc1 This is to fix a port randomization flaw that subjects dnsmasq to a cache poisoning attack. ChangeLog: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=CHANGELOG;h=155fc966f9542259596b41594f4b85775d1f9c9a;hb=023ace8e54c2e83e88082a1073a281d659f2a860#l1 Add CONFLICTS_INSTALL markers. Security: CVE-2021-3448 Security: 5b72b1ff-877c-11eb-bd4f-2f1d57dafe46 --- dns/Makefile | 1 + dns/dnsmasq-devel/Makefile | 146 +++++++++++++++++++++++++++++++++ dns/dnsmasq-devel/distinfo | 3 + dns/dnsmasq-devel/files/dnsmasq.in | 99 ++++++++++++++++++++++ dns/dnsmasq-devel/files/pkg-message.in | 18 ++++ dns/dnsmasq-devel/pkg-descr | 14 ++++ dns/dnsmasq-devel/pkg-plist | 18 ++++ dns/dnsmasq/Makefile | 4 +- 8 files changed, 302 insertions(+), 1 deletion(-) create mode 100644 dns/dnsmasq-devel/Makefile create mode 100644 dns/dnsmasq-devel/distinfo create mode 100644 dns/dnsmasq-devel/files/dnsmasq.in create mode 100644 dns/dnsmasq-devel/files/pkg-message.in create mode 100644 dns/dnsmasq-devel/pkg-descr create mode 100644 dns/dnsmasq-devel/pkg-plist (limited to 'dns') diff --git a/dns/Makefile b/dns/Makefile index afc8e3f4ee11..7fa0217f84aa 100644 --- a/dns/Makefile +++ b/dns/Makefile @@ -48,6 +48,7 @@ SUBDIR += dnshistory SUBDIR += dnsjava SUBDIR += dnsmasq + SUBDIR += dnsmasq-devel SUBDIR += dnsmax-perl SUBDIR += dnsproxy SUBDIR += dnsrecon diff --git a/dns/dnsmasq-devel/Makefile b/dns/dnsmasq-devel/Makefile new file mode 100644 index 000000000000..4d7bab8d9337 --- /dev/null +++ b/dns/dnsmasq-devel/Makefile @@ -0,0 +1,146 @@ +# Created by: Steven Honson +# $FreeBSD$ + +PORTNAME= dnsmasq +DISTVERSION= 2.85rc1 +# Leave the PORTREVISION in even if 0 to avoid accidental PORTEPOCH bumps: +PORTREVISION= 0 +PORTEPOCH= 1 +CATEGORIES= dns +MASTER_SITES= https://www.thekelleys.org.uk/dnsmasq/release-candidates/ \ + LOCAL/mandree/ +PKGNAMESUFFIX= -devel + +MAINTAINER= mandree@FreeBSD.org +COMMENT= Lightweight DNS forwarder, DHCP, and TFTP server + +LICENSE= GPLv2 + +USES= cpe shebangfix tar:xz +CPE_VENDOR= thekelleys + +SHEBANG_FILES= contrib/dnslist/dnslist.pl \ + contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl + +MAKE_ARGS= CC="${CC}" \ + CFLAGS="${CFLAGS}" \ + COPTS="${CFLAGS}" \ + LIBS="${LDFLAGS}" \ + PREFIX="${PREFIX}" \ + RPM_OPT_FLAGS="${CPPFLAGS}" +CFLAGS+= -Wall -Wno-unused-function -Wno-unused-parameter \ + -Wno-unused-value -Wno-unused-variable +CPPFLAGS+= -I${LOCALBASE}/include + +CONFLICTS_INSTALL= dnsmasq-2* +PATCH_STRIP= -p1 +SUB_FILES= pkg-message + +PORTDOCS= CHANGELOG CHANGELOG.archive FAQ doc.html setup.html + +OPTIONS_DEFINE= DBUS DNSSEC DOCS IPSET IPV6 LUA +OPTIONS_DEFAULT= DNSSEC IPSET +OPTIONS_RADIO= INTL +OPTIONS_RADIO_INTL= IDN NLS +OPTIONS_EXCLUDE+= EXAMPLES + +DNSSEC_DESC= Enable DNSSEC caching and validation (needs nettle) +IDN_DESC= IDN: Int'l Domain Names WITHOUT full NLS +INTL_DESC= Internationalization Support Level +IPSET_DESC= Dynamic firewall management of resolved names (needs PF) +LUA_DESC= Support lease-change scripts written in Lua +NLS_DESC= IDN+NLS: Int'l Domain Names & National Language support + +IPSET_CFLAGS_OFF= -DNO_IPSET +IPV6_CFLAGS_OFF= -DNO_IPV6 + +.include + +.if ${PORT_OPTIONS:MNLS} +USES+= gettext gmake iconv pkgconfig +CFLAGS+= -DHAVE_LIBIDN2 +LIB_DEPENDS+= libidn2.so:dns/libidn2 +PLIST_SUB+= NLS="" +ALL_TARGET= all-i18n +_intllibs= -lidn2 -lintl +.else +_intllibs= +PLIST_SUB+= NLS="@comment " +.if ${PORT_OPTIONS:MIDN} +USES+= iconv +CFLAGS+= -DHAVE_LIBIDN2 +LIB_DEPENDS+= libidn2.so:dns/libidn2 +_intllibs+= -lidn2 +.endif +.endif + +.if ${PORT_OPTIONS:MDBUS} +LIB_DEPENDS+= libdbus-1.so:devel/dbus +USES+= pkgconfig +CPPFLAGS+= `pkg-config --cflags dbus-1` +CFLAGS+= -DHAVE_DBUS +LDFLAGS+= `pkg-config --libs dbus-1` +.endif + +.if ${PORT_OPTIONS:MLUA} +CPPFLAGS+= -I${LUA_INCDIR} +CFLAGS+= -DHAVE_LUASCRIPT +LDFLAGS+= -L${LUA_LIBDIR} -llua-${LUA_VER} +USES+= lua pkgconfig +.endif + +.if ${PORT_OPTIONS:MDNSSEC} +CFLAGS+= -DHAVE_DNSSEC -I${LOCALBASE}/include +USES+= pkgconfig +LIB_DEPENDS+= libgmp.so:math/gmp \ + libnettle.so:security/nettle +.endif + +USE_RC_SUBR= dnsmasq + +.include + +LDFLAGS+= -L${LOCALBASE}/lib ${_intllibs} ${ICONV_LIB} + +post-patch: + ${REINPLACE_CMD} -e '/^lua_/s/lua5\.2/lua-${LUA_VER}/' ${WRKSRC}/Makefile + ${REINPLACE_CMD} -e 's/ifr\.ifr_ifindex/ifr.ifr_index/' ${WRKSRC}/src/network.c + +pre-configure: pretty-print-config +.if ${PORT_OPTIONS:MIDN} +.if empty(PORT_OPTIONS:MNLS) + @if ${READELF} -d ${LOCALBASE}/lib/libidn2.so \ + | ${EGREP} -q '\.*\[libintl\.so' ; \ + then ${ECHO} ; ${ECHO} 'WARNING: dns/libidn2 was compiled with NLS support!' ; \ + ${ECHO} 'Recompile libidn2 WITHOUT_NLS to get rid of NLS dependencies.' ; ${ECHO} ; \ + fi +.else + @${ECHO} 'WARNING: IDN and NLS enabled, building IDN WITH NLS.' +.endif +.endif + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/src/dnsmasq ${STAGEDIR}${PREFIX}/sbin + ${INSTALL_DATA} ${WRKSRC}/dnsmasq.conf.example ${STAGEDIR}${PREFIX}/etc/dnsmasq.conf.sample + ${REINPLACE_CMD} -i '' 's}%%PREFIX%%}${PREFIX}}' ${STAGEDIR}${PREFIX}/etc/dnsmasq.conf.sample + ${INSTALL_MAN} ${WRKSRC}/man/${PORTNAME}.8 ${STAGEDIR}${PREFIX}/man/man8 + ${MKDIR} ${STAGEDIR}${DATADIR} + ${INSTALL_DATA} ${WRKSRC}/trust-anchors.conf ${STAGEDIR}${DATADIR}/ +.if ${PORT_OPTIONS:MDOCS} + @${MKDIR} ${STAGEDIR}${DOCSDIR} + cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR} +.endif +.if ${PORT_OPTIONS:MNLS} +.for i in de es fi fr id it no pl pt_BR ro + ${MKDIR} ${STAGEDIR}${PREFIX}/share/locale/${i}/LC_MESSAGES + ${INSTALL_DATA} ${WRKSRC}/src/${i}.mo \ + ${STAGEDIR}${PREFIX}/share/locale/${i}/LC_MESSAGES/${PORTNAME}.mo +.endfor +.endif + ${MKDIR} ${STAGEDIR}${EXAMPLESDIR}/dynamic-dnsmasq ${STAGEDIR}${EXAMPLESDIR}/dnslist + ${INSTALL_SCRIPT} ${WRKSRC}/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl ${STAGEDIR}${EXAMPLESDIR}/dynamic-dnsmasq/ + ${INSTALL_SCRIPT} ${WRKSRC}/contrib/dnslist/dnslist.pl ${STAGEDIR}${EXAMPLESDIR}/dnslist/ + ${INSTALL_DATA} ${WRKSRC}/contrib/dnslist/dhcp.css ${STAGEDIR}${EXAMPLESDIR}/dnslist/ + ${INSTALL_DATA} ${WRKSRC}/contrib/dnslist/dnslist.tt2 ${STAGEDIR}${EXAMPLESDIR}/dnslist/ + +.include diff --git a/dns/dnsmasq-devel/distinfo b/dns/dnsmasq-devel/distinfo new file mode 100644 index 000000000000..925def555089 --- /dev/null +++ b/dns/dnsmasq-devel/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1616024487 +SHA256 (dnsmasq-2.85rc1.tar.xz) = 97bf5b606f0a5a9e439b464ac5d2296f64b0b19723985e5bc330beda6407a09a +SIZE (dnsmasq-2.85rc1.tar.xz) = 537632 diff --git a/dns/dnsmasq-devel/files/dnsmasq.in b/dns/dnsmasq-devel/files/dnsmasq.in new file mode 100644 index 000000000000..de9da9249b40 --- /dev/null +++ b/dns/dnsmasq-devel/files/dnsmasq.in @@ -0,0 +1,99 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: dnsmasq +# REQUIRE: SERVERS ldconfig +# BEFORE: DAEMON named +# KEYWORD: shutdown +# +# Start before named so as not to break named_wait if named is +# enabled and /etc/resolv.conf points to ourselves (dnsmasq). +# +# +# Please add the following line to /etc/rc.conf.local or /etc/rc.conf to +# enable the dnsmasq service(s): +# +# dnsmasq_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable dnsmasq at boot. +# +# Further settings you can change in /etc/rc.conf if desired: +# +# dnsmasq_conf (path): Set to %%PREFIX%%/etc/dnsmasq.conf by default. +# Set it to another configuration file if you want. +# +# dnsmasq_flags (string): Empty by default. Set it to additional command +# line arguments if desired. +# +# dnsmasq_restart (bool): Set to "YES" by default. +# If "YES", a "reload" action will trigger a "restart" +# if the configuration file has changed, to work +# around a dnsmasq(8) limitation. +# +# +# Additional actions supported by this script: +# +# reload Reload database files by sending SIGHUP and SIGUSR2. +# However, if dnsmasq_restart is true (see above) and the +# configuration file has changed since this rc script has +# started dnsmasq, restart it instead. +# +# logstats Dump statistics information to where dnsmasq is configured to +# log (syslog by default). This sends SIGUSR1 to dnsmasq. +# + +. /etc/rc.subr + +name=dnsmasq +rcvar=dnsmasq_enable + +command="%%PREFIX%%/sbin/${name}" +pidfile="/var/run/${name}.pid" +# timestamp (below) is used to check if "reload" should be a "restart" instead +timestamp="/var/run/${name}.stamp" + +load_rc_config "${name}" + +: ${dnsmasq_enable="NO"} +: ${dnsmasq_conf="%%PREFIX%%/etc/${name}.conf"} +: ${dnsmasq_restart="YES"} + +command_args="-x $pidfile -C $dnsmasq_conf" + +required_files="${dnsmasq_conf}" +extra_commands="reload logstats" + +reload_precmd="reload_pre" +reload_postcmd="reload_post" +start_postcmd="timestampconf" +stop_precmd="rmtimestamp" +logstats_cmd="logstats" + +reload_pre() { + if [ "$dnsmasq_conf" -nt "${timestamp}" ] ; then + if checkyesno dnsmasq_restart ; then + info "restart: $dnsmasq_conf changed" + exec "$0" restart + else + warn "restart required, $dnsmasq_conf changed" + fi + fi +} + +reload_post() { + kill -USR2 ${rc_pid} +} + +logstats() { + kill -USR1 ${rc_pid} +} + +timestampconf() { + touch -r "${dnsmasq_conf}" "${timestamp}" +} + +rmtimestamp() { + rm -f "${timestamp}" +} + +run_rc_command "$1" diff --git a/dns/dnsmasq-devel/files/pkg-message.in b/dns/dnsmasq-devel/files/pkg-message.in new file mode 100644 index 000000000000..ea0fda8b3e92 --- /dev/null +++ b/dns/dnsmasq-devel/files/pkg-message.in @@ -0,0 +1,18 @@ +[ +{ +message: <