kumquat-buildroot/package/dhcp/dhcp.mk
Fabrice Fontaine 99a570ee2b package/dhcp: security bump to version 4.4.3-P1
- Corrected a reference count leak that occurs when the server builds
  responses to leasequery packets. Thanks to VictorV of Cyber Kunlun
  Lab for reporting the issue.
  [Gitlab #253]
  CVE: CVE-2022-2928

- Corrected a memory leak that occurs when unpacking a packet that has an
  FQDN option (81) that contains a label with length greater than 63 bytes.
  Thanks to VictorV of Cyber Kunlun Lab for reporting the issue.
  [Gitlab #254]
  CVE: CVE-2022-2929

https://kb.isc.org/docs/cve-2022-2928
https://kb.isc.org/docs/cve-2022-2929
https://ftp.isc.org/isc/dhcp/4.4.3-P1/dhcp-4.4.3-P1-RELNOTES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-10-17 10:37:50 +02:00

164 lines
4.7 KiB
Makefile

################################################################################
#
# dhcp
#
################################################################################
DHCP_VERSION = 4.4.3-P1
DHCP_SITE = https://ftp.isc.org/isc/dhcp/$(DHCP_VERSION)
DHCP_INSTALL_STAGING = YES
DHCP_LICENSE = MPL-2.0
DHCP_LICENSE_FILES = LICENSE
DHCP_DEPENDENCIES = host-gawk
DHCP_CPE_ID_VENDOR = isc
# internal bind does not support parallel builds.
DHCP_MAKE = $(MAKE1)
# untar internal bind so libtool patches will be applied on bind's libtool
define DHCP_UNTAR_INTERNAL_BIND
$(TAR) xf $(@D)/bind/bind.tar.gz -C $(@D)/bind/
endef
DHCP_POST_EXTRACT_HOOKS = DHCP_UNTAR_INTERNAL_BIND
# use libtool-enabled configure.ac
define DHCP_LIBTOOL_AUTORECONF
cp $(@D)/configure.ac+lt $(@D)/configure.ac
endef
DHCP_CONF_ENV = \
CPPFLAGS='-D_PATH_DHCPD_CONF=\"/etc/dhcp/dhcpd.conf\" \
-D_PATH_DHCLIENT_CONF=\"/etc/dhcp/dhclient.conf\"' \
CFLAGS='$(TARGET_CFLAGS) -DISC_CHECK_NONE=1'
DHCP_BIND_EXTRA_CONFIG = \
BUILD_CC='$(HOSTCC)' \
BUILD_CFLAGS='$(HOST_CFLAGS)' \
BUILD_CPPFLAGS='$(HOST_CPPFLAGS)' \
BUILD_LDFLAGS='$(HOST_LDFLAGS)' \
RANLIB='$(TARGET_RANLIB)' \
--disable-backtrace
DHCP_CONF_ENV += ac_cv_prog_AWK=$(HOST_DIR)/bin/gawk
DHCP_CONF_OPTS = \
--with-bind-extra-config="$(DHCP_BIND_EXTRA_CONFIG)" \
--with-randomdev=/dev/random \
--with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \
--with-srv6-lease-file=/var/lib/dhcp/dhcpd6.leases \
--with-cli-lease-file=/var/lib/dhcp/dhclient.leases \
--with-cli6-lease-file=/var/lib/dhcp/dhclient6.leases \
--with-srv-pid-file=/var/run/dhcpd.pid \
--with-srv6-pid-file=/var/run/dhcpd6.pid \
--with-cli-pid-file=/var/run/dhclient.pid \
--with-cli6-pid-file=/var/run/dhclient6.pid \
--with-relay-pid-file=/var/run/dhcrelay.pid \
--with-relay6-pid-file=/var/run/dhcrelay6.pid
ifeq ($(BR2_PACKAGE_ZLIB),y)
DHCP_BIND_EXTRA_CONFIG += --with-zlib=$(STAGING_DIR)/usr
DHCP_DEPENDENCIES += zlib
else
DHCP_BIND_EXTRA_CONFIG += --without-zlib
endif
ifeq ($(BR2_TOOLCHAIN_HAS_ATOMIC),y)
DHCP_BIND_EXTRA_CONFIG += --enable-atomic
ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
DHCP_CONF_ENV += LIBS=-latomic
endif
else
DHCP_BIND_EXTRA_CONFIG += --disable-atomic
endif
ifeq ($(BR2_STATIC_LIBS),y)
DHCP_CONF_OPTS += --disable-libtool
else
DHCP_POST_EXTRACT_HOOKS += DHCP_LIBTOOL_AUTORECONF
DHCP_AUTORECONF = YES
DHCP_CONF_OPTS += --enable-libtool
endif
ifeq ($(BR2_PACKAGE_DHCP_SERVER_DELAYED_ACK),y)
DHCP_CONF_OPTS += --enable-delayed-ack
else
DHCP_CONF_OPTS += --disable-delayed-ack
endif
ifeq ($(BR2_PACKAGE_DHCP_SERVER_ENABLE_PARANOIA),y)
DHCP_CONF_OPTS += --enable-paranoia
else
DHCP_CONF_OPTS += --disable-paranoia
endif
define DHCP_INSTALL_LIBS
$(MAKE) -C $(@D)/bind install-bind DESTDIR=$(TARGET_DIR)
$(MAKE) -C $(@D)/common install-exec DESTDIR=$(TARGET_DIR)
$(MAKE) -C $(@D)/omapip install-exec DESTDIR=$(TARGET_DIR)
endef
ifeq ($(BR2_PACKAGE_DHCP_SERVER),y)
define DHCP_INSTALL_CTL_LIBS
$(MAKE) -C $(@D)/dhcpctl install-exec DESTDIR=$(TARGET_DIR)
endef
define DHCP_INSTALL_SERVER
mkdir -p $(TARGET_DIR)/var/lib
(cd $(TARGET_DIR)/var/lib; ln -snf /tmp dhcp)
$(MAKE) -C $(@D)/server DESTDIR=$(TARGET_DIR) install-sbinPROGRAMS
$(INSTALL) -m 0644 -D package/dhcp/dhcpd.conf \
$(TARGET_DIR)/etc/dhcp/dhcpd.conf
endef
endif
ifeq ($(BR2_PACKAGE_DHCP_RELAY),y)
define DHCP_INSTALL_RELAY
mkdir -p $(TARGET_DIR)/var/lib
(cd $(TARGET_DIR)/var/lib; ln -snf /tmp dhcp)
$(MAKE) -C $(@D)/relay DESTDIR=$(TARGET_DIR) install-sbinPROGRAMS
endef
endif
ifeq ($(BR2_PACKAGE_DHCP_CLIENT),y)
define DHCP_INSTALL_CLIENT
mkdir -p $(TARGET_DIR)/var/lib
(cd $(TARGET_DIR)/var/lib; ln -snf /tmp dhcp)
$(MAKE) -C $(@D)/client DESTDIR=$(TARGET_DIR) sbindir=/sbin \
install-sbinPROGRAMS
$(INSTALL) -m 0644 -D package/dhcp/dhclient.conf \
$(TARGET_DIR)/etc/dhcp/dhclient.conf
$(INSTALL) -m 0755 -D package/dhcp/dhclient-script \
$(TARGET_DIR)/sbin/dhclient-script
endef
endif
# Options don't matter, scripts won't start if binaries aren't there
define DHCP_INSTALL_INIT_SYSV
$(INSTALL) -m 0755 -D package/dhcp/S80dhcp-server \
$(TARGET_DIR)/etc/init.d/S80dhcp-server
$(INSTALL) -m 0755 -D package/dhcp/S80dhcp-relay \
$(TARGET_DIR)/etc/init.d/S80dhcp-relay
endef
ifeq ($(BR2_PACKAGE_DHCP_SERVER),y)
define DHCP_INSTALL_INIT_SYSTEMD
$(INSTALL) -D -m 644 package/dhcp/dhcpd.service \
$(TARGET_DIR)/usr/lib/systemd/system/dhcpd.service
mkdir -p $(TARGET_DIR)/usr/lib/tmpfiles.d
echo "d /var/lib/dhcp 0755 - - - -" > \
$(TARGET_DIR)/usr/lib/tmpfiles.d/dhcpd.conf
echo "f /var/lib/dhcp/dhcpd.leases - - - - -" >> \
$(TARGET_DIR)/usr/lib/tmpfiles.d/dhcpd.conf
endef
endif
define DHCP_INSTALL_TARGET_CMDS
$(DHCP_INSTALL_LIBS)
$(DHCP_INSTALL_CTL_LIBS)
$(DHCP_INSTALL_RELAY)
$(DHCP_INSTALL_SERVER)
$(DHCP_INSTALL_CLIENT)
endef
$(eval $(autotools-package))