Fri Oct 7 16:34:10 2022 UTC ()
Pullup ticket #6681 - requested by taca
net/isc-dhcp4: security fix

Revisions pulled up:
- net/isc-dhcp4/Makefile.common                                 1.45
- net/isc-dhcp4/distinfo                                        1.34

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Oct  5 16:16:54 UTC 2022

   Modified Files:
   	pkgsrc/net/isc-dhcp4: Makefile.common distinfo

   Log Message:
   net/isc-dhcp4: update to 4.4.3p1

   4.4.3p1 (ISC DHCP 4.4.3-P1), 2022-10-05

   		Changes since 4.4.3 (Bug Fixes)

   ! Corrected a reference count leak that occurs when the server builds
     responses to leasequery packets. Thanks to VictorV of Cyber Kunlun
     Lab for reporting the issue.
     [Gitlab #253]
     CVE: CVE-2022-2928

   ! Corrected a memory leak that occurs when unpacking a packet that has an
     FQDN option (81) that contains a label with length greater than 63 bytes.
     Thanks to VictorV of Cyber Kunlun Lab for reporting the issue.
     [Gitlab #254]
     CVE: CVE-2022-2929


(bsiegert)
diff -r1.44 -r1.44.4.1 pkgsrc/net/isc-dhcp4/Makefile.common
diff -r1.33 -r1.33.6.1 pkgsrc/net/isc-dhcp4/distinfo
cvs diff -r1.44 -r1.44.4.1 pkgsrc/net/isc-dhcp4/Makefile.common (switch to unified diff)

--- pkgsrc/net/isc-dhcp4/Makefile.common 2022/03/31 09:50:54 1.44
+++ pkgsrc/net/isc-dhcp4/Makefile.common 2022/10/07 16:34:09 1.44.4.1
@@ -1,102 +1,102 @@ @@ -1,102 +1,102 @@
1# $NetBSD: Makefile.common,v 1.44 2022/03/31 09:50:54 jperkin Exp $ 1# $NetBSD: Makefile.common,v 1.44.4.1 2022/10/07 16:34:09 bsiegert Exp $
2# 2#
3# used by net/isc-dhcp4/Makefile 3# used by net/isc-dhcp4/Makefile
4# used by net/isc-dhcpd4/Makefile 4# used by net/isc-dhcpd4/Makefile
5# used by net/isc-dhclient4/Makefile 5# used by net/isc-dhclient4/Makefile
6# used by net/isc-dhcrelay4/Makefile 6# used by net/isc-dhcrelay4/Makefile
7 7
8DISTNAME= dhcp-${VERSION} 8DISTNAME= dhcp-${VERSION}
9DHVER= ${DISTNAME:S/dhcp-//:S/-P/p/} 9DHVER= ${DISTNAME:S/dhcp-//:S/-P/p/}
10CATEGORIES= net 10CATEGORIES= net
11MASTER_SITES= ftp://ftp.isc.org/isc/dhcp/${VERSION}/ 11MASTER_SITES= ftp://ftp.isc.org/isc/dhcp/${VERSION}/
12MASTER_SITES+= http://ftp.isc.org/isc/dhcp/${VERSION}/ 12MASTER_SITES+= http://ftp.isc.org/isc/dhcp/${VERSION}/
13 13
14MAINTAINER= pkgsrc-users@NetBSD.org 14MAINTAINER= pkgsrc-users@NetBSD.org
15HOMEPAGE= https://www.isc.org/dhcp/ 15HOMEPAGE= https://www.isc.org/dhcp/
16LICENSE= mpl-2.0 16LICENSE= mpl-2.0
17 17
18CONFLICTS+= isc-dhcp-base-3.* 18CONFLICTS+= isc-dhcp-base-3.*
19 19
20VERSION= 4.4.3 20VERSION= 4.4.3-P1
21 21
22.include "../../mk/bsd.prefs.mk" 22.include "../../mk/bsd.prefs.mk"
23 23
24GNU_CONFIGURE= yes 24GNU_CONFIGURE= yes
25GNU_CONFIGURE_STRICT= no # has several configure programs 25GNU_CONFIGURE_STRICT= no # has several configure programs
26DHCP_HOME?= ${VARBASE}/db/isc-dhcp 26DHCP_HOME?= ${VARBASE}/db/isc-dhcp
27DHCP_PID?= ${VARBASE}/run/isc-dhcp 27DHCP_PID?= ${VARBASE}/run/isc-dhcp
28PKG_SYSCONFSUBDIR= dhcp 28PKG_SYSCONFSUBDIR= dhcp
29 29
30USE_TOOLS+= gmake gunzip gzip tar 30USE_TOOLS+= gmake gunzip gzip tar
31USE_LANGUAGES+= c99 c++ 31USE_LANGUAGES+= c99 c++
32 32
33PATCHDIR= ${.CURDIR}/../../net/isc-dhcp4/patches 33PATCHDIR= ${.CURDIR}/../../net/isc-dhcp4/patches
34DISTINFO_FILE= ${.CURDIR}/../../net/isc-dhcp4/distinfo 34DISTINFO_FILE= ${.CURDIR}/../../net/isc-dhcp4/distinfo
35EGDIR= ${PREFIX}/share/examples/${PKGBASE} 35EGDIR= ${PREFIX}/share/examples/${PKGBASE}
36BUILD_DEFS+= VARBASE DHCP_HOME DHCP_PID 36BUILD_DEFS+= VARBASE DHCP_HOME DHCP_PID
37 37
38CONFIGURE_ARGS+= --localstatedir=${VARBASE} 38CONFIGURE_ARGS+= --localstatedir=${VARBASE}
39CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} 39CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
40CONFIGURE_ARGS+= --with-srv-lease-file=${DHCP_HOME}/dhcpd.leases 40CONFIGURE_ARGS+= --with-srv-lease-file=${DHCP_HOME}/dhcpd.leases
41CONFIGURE_ARGS+= --with-cli-lease-file=${DHCP_HOME}/dhclient.leases 41CONFIGURE_ARGS+= --with-cli-lease-file=${DHCP_HOME}/dhclient.leases
42CONFIGURE_ARGS+= --with-srv-pid-file=${DHCP_PID}/isc-dhcpd.pid 42CONFIGURE_ARGS+= --with-srv-pid-file=${DHCP_PID}/isc-dhcpd.pid
43CONFIGURE_ARGS+= --with-cli-pid-file=${DHCP_PID}/isc-dhclient.pid 43CONFIGURE_ARGS+= --with-cli-pid-file=${DHCP_PID}/isc-dhclient.pid
44CONFIGURE_ARGS+= --with-relay-pid-file=${DHCP_PID}/isc-dhcrelay.pid 44CONFIGURE_ARGS+= --with-relay-pid-file=${DHCP_PID}/isc-dhcrelay.pid
45CONFIGURE_ARGS+= --with-srv6-lease-file=${DHCP_HOME}/dhcpd6.leases 45CONFIGURE_ARGS+= --with-srv6-lease-file=${DHCP_HOME}/dhcpd6.leases
46CONFIGURE_ARGS+= --with-cli6-lease-file=${DHCP_HOME}/dhclient6.leases 46CONFIGURE_ARGS+= --with-cli6-lease-file=${DHCP_HOME}/dhclient6.leases
47CONFIGURE_ARGS+= --with-srv6-pid-file=${DHCP_PID}/isc-dhcpd6.pid 47CONFIGURE_ARGS+= --with-srv6-pid-file=${DHCP_PID}/isc-dhcpd6.pid
48CONFIGURE_ARGS+= --with-cli6-pid-file=${DHCP_PID}/isc-dhclient6.pid 48CONFIGURE_ARGS+= --with-cli6-pid-file=${DHCP_PID}/isc-dhclient6.pid
49CONFIGURE_ARGS+= --with-relay6-pid-file=${DHCP_PID}/isc-dhcrelay6.pid 49CONFIGURE_ARGS+= --with-relay6-pid-file=${DHCP_PID}/isc-dhcrelay6.pid
50 50
51.if !empty(USE_CROSS_COMPILE:M[yY][eE][sS]) 51.if !empty(USE_CROSS_COMPILE:M[yY][eE][sS])
52CONFIGURE_ENV+= BUILD_CC=${NATIVE_CC:Q} 52CONFIGURE_ENV+= BUILD_CC=${NATIVE_CC:Q}
53# Target will have /dev/random. For whatever reason this package 53# Target will have /dev/random. For whatever reason this package
54# requires you to specify the random device to use, and for native 54# requires you to specify the random device to use, and for native
55# compilation it uses /dev/random, so we'll match that here even though 55# compilation it uses /dev/random, so we'll match that here even though
56# it is almost certainly the case that it should be using /dev/urandom. 56# it is almost certainly the case that it should be using /dev/urandom.
57CONFIGURE_ENV.NetBSD+= ac_cv_file__dev_random=yes 57CONFIGURE_ENV.NetBSD+= ac_cv_file__dev_random=yes
58CONFIGURE_ARGS.NetBSD+= --with-randomdev=/dev/random 58CONFIGURE_ARGS.NetBSD+= --with-randomdev=/dev/random
59.endif 59.endif
60 60
61CPPFLAGS.SunOS+= -D_XOPEN_SOURCE=600 -D__EXTENSIONS__ 61CPPFLAGS.SunOS+= -D_XOPEN_SOURCE=600 -D__EXTENSIONS__
62LDFLAGS.SunOS+= -lnsl 62LDFLAGS.SunOS+= -lnsl
63 63
64SUBST_CLASSES+= config 64SUBST_CLASSES+= config
65SUBST_STAGE.config= pre-configure 65SUBST_STAGE.config= pre-configure
66SUBST_FILES.config= includes/dhcpd.h 66SUBST_FILES.config= includes/dhcpd.h
67SUBST_VARS.config= PREFIX PKG_SYSCONFDIR 67SUBST_VARS.config= PREFIX PKG_SYSCONFDIR
68SUBST_MESSAGE.config= Fixing configuration files. 68SUBST_MESSAGE.config= Fixing configuration files.
69 69
70BUILD_DIRS= ${BUILD_SUBDIR} 70BUILD_DIRS= ${BUILD_SUBDIR}
71INSTALL_DIRS= ${SUBDIR} 71INSTALL_DIRS= ${SUBDIR}
72 72
73# XXX This crap should replaced by a dependency on net/libbind, but 73# XXX This crap should replaced by a dependency on net/libbind, but
74# that seems to be a different version of libbind. 74# that seems to be a different version of libbind.
75post-extract: 75post-extract:
76 cd ${WRKSRC}/bind && ${TAR} -zxf bind.tar.gz 76 cd ${WRKSRC}/bind && ${TAR} -zxf bind.tar.gz
77 77
78BIND_CONFIGURE_ARGS+= --disable-kqueue 78BIND_CONFIGURE_ARGS+= --disable-kqueue
79BIND_CONFIGURE_ARGS+= --disable-epoll 79BIND_CONFIGURE_ARGS+= --disable-epoll
80BIND_CONFIGURE_ARGS+= --disable-devpoll 80BIND_CONFIGURE_ARGS+= --disable-devpoll
81BIND_CONFIGURE_ARGS+= --without-openssl 81BIND_CONFIGURE_ARGS+= --without-openssl
82BIND_CONFIGURE_ARGS+= --without-libxml2 82BIND_CONFIGURE_ARGS+= --without-libxml2
83BIND_CONFIGURE_ARGS+= --enable-exportlib 83BIND_CONFIGURE_ARGS+= --enable-exportlib
84BIND_CONFIGURE_ARGS+= --enable-threads=no 84BIND_CONFIGURE_ARGS+= --enable-threads=no
85BIND_CONFIGURE_ARGS+= --with-export-includedir=${WRKSRC}/bind/include 85BIND_CONFIGURE_ARGS+= --with-export-includedir=${WRKSRC}/bind/include
86BIND_CONFIGURE_ARGS+= --with-export-libdir=${WRKSRC}/bind/lib 86BIND_CONFIGURE_ARGS+= --with-export-libdir=${WRKSRC}/bind/lib
87BIND_CONFIGURE_ARGS+= --with-gssapi=no 87BIND_CONFIGURE_ARGS+= --with-gssapi=no
88BIND_CONFIGURE_ARGS+= --with-python=no 88BIND_CONFIGURE_ARGS+= --with-python=no
89 89
90BIND_WRKSRC= ${WRKSRC}/bind/bind-9.11.36 90BIND_WRKSRC= ${WRKSRC}/bind/bind-9.11.36
91 91
92post-configure: 92post-configure:
93 ${RUN}${_ULIMIT_CMD} \ 93 ${RUN}${_ULIMIT_CMD} \
94 cd ${BIND_WRKSRC} && \ 94 cd ${BIND_WRKSRC} && \
95 ${PKGSRC_SETENV} ${_CONFIGURE_SCRIPT_ENV} \ 95 ${PKGSRC_SETENV} ${_CONFIGURE_SCRIPT_ENV} \
96 ${CONFIG_SHELL} ${CONFIG_SHELL_FLAGS} \ 96 ${CONFIG_SHELL} ${CONFIG_SHELL_FLAGS} \
97 ${CONFIGURE_SCRIPT} \ 97 ${CONFIGURE_SCRIPT} \
98 ${CONFIGURE_ARGS} \ 98 ${CONFIGURE_ARGS} \
99 ${BIND_CONFIGURE_ARGS} 99 ${BIND_CONFIGURE_ARGS}
100 100
101.include "../../devel/zlib/buildlink3.mk" 101.include "../../devel/zlib/buildlink3.mk"
102.include "../../security/openssl/buildlink3.mk" 102.include "../../security/openssl/buildlink3.mk"
cvs diff -r1.33 -r1.33.6.1 pkgsrc/net/isc-dhcp4/distinfo (switch to unified diff)

--- pkgsrc/net/isc-dhcp4/distinfo 2022/03/13 15:24:37 1.33
+++ pkgsrc/net/isc-dhcp4/distinfo 2022/10/07 16:34:09 1.33.6.1
@@ -1,9 +1,9 @@ @@ -1,9 +1,9 @@
1$NetBSD: distinfo,v 1.33 2022/03/13 15:24:37 taca Exp $ 1$NetBSD: distinfo,v 1.33.6.1 2022/10/07 16:34:09 bsiegert Exp $
2 2
3BLAKE2s (dhcp-4.4.3.tar.gz) = 21d9898366e34a4cdede90eb01eee456acdf33937a0e7f1bca7033dd4850c5ee 3BLAKE2s (dhcp-4.4.3-P1.tar.gz) = 7c257ac33cdf8d5fd4be0787fcd98045febe92679acbef2bb88340dd745cdfee
4SHA512 (dhcp-4.4.3.tar.gz) = 4472d6794af80b482560956cee6895889cc1aca39980f851faf56824627e95731f2983cf7c7454bc3decb0a12c874fcbd29bd6c5a9695412def6bc14c6df17e0 4SHA512 (dhcp-4.4.3-P1.tar.gz) = d14dc44d1c015780ae19769816cb01015959927a1ad7a3e84b89e0463253aaf46451af88e3260347196373906d5b438c7c616fee45ec3f128aa82af6702b7154
5Size (dhcp-4.4.3.tar.gz) = 10078953 bytes 5Size (dhcp-4.4.3-P1.tar.gz) = 10081055 bytes
6SHA1 (patch-aa) = da090b3b824f5d437f8d05ce00e2ac4dfc65d6af 6SHA1 (patch-aa) = da090b3b824f5d437f8d05ce00e2ac4dfc65d6af
7SHA1 (patch-ab) = 0683dd2259e48184713559aa0356ee352aa52c39 7SHA1 (patch-ab) = 0683dd2259e48184713559aa0356ee352aa52c39
8SHA1 (patch-ac) = a7e6808a6e1e93c520eb085f31259f6c142750f4 8SHA1 (patch-ac) = a7e6808a6e1e93c520eb085f31259f6c142750f4
9SHA1 (patch-common_dlpi.c) = a4258a6bc7a2b12fab45a10054bca83e235acfbd 9SHA1 (patch-common_dlpi.c) = a4258a6bc7a2b12fab45a10054bca83e235acfbd