From 9a67067c0e13f99bafe0557cc6ff14eff5fdeccd Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Thu, 16 Sep 2021 02:52:54 +0000
Subject: Thu Sep 16 02:52:54 UTC 2021

a/etc-15.0-x86_64-17.txz:  Rebuilt.
  Added named:named (53:53) user and group.
a/kernel-firmware-20210915_198ac65-noarch-1.txz:  Upgraded.
a/kernel-generic-5.14.4-x86_64-1.txz:  Upgraded.
a/kernel-huge-5.14.4-x86_64-1.txz:  Upgraded.
a/kernel-modules-5.14.4-x86_64-1.txz:  Upgraded.
ap/sudo-1.9.8-x86_64-1.txz:  Upgraded.
d/kernel-headers-5.14.4-x86-1.txz:  Upgraded.
k/kernel-source-5.14.4-noarch-1.txz:  Upgraded.
kde/breeze-icons-5.85.0-noarch-2.txz:  Rebuilt.
  Patched with upstream commit to allow using this icon theme with Xfce.
l/fluidsynth-2.2.3-x86_64-1.txz:  Upgraded.
l/python-charset-normalizer-2.0.5-x86_64-1.txz:  Upgraded.
l/qca-2.3.4-x86_64-1.txz:  Upgraded.
n/NetworkManager-1.32.10-x86_64-3.txz:  Rebuilt.
  Switch to dhcp=internal to avoid problems swimming upstream.
  For those looking for a fix to continue using dhcpcd, a PRIVSEP build
  variable was added to the SlackBuild, and you may produce a fully
  NetworkManager compatible dhcpcd package with this command:
  PRIVSEP=no ./dhcpcd.SlackBuild
  Privilege separation remains the dhcpcd package default as we don't want
  to weaken security for those using rc.inet1 along with dhcpcd.
  Some additional comments about this were added to 00-dhcp-client.conf
  mentioning this and the workaround of killing dhcpcd manually when
  resuming with the stock dhcpcd package.
n/bind-9.16.21-x86_64-1.txz:  Upgraded.
  Fixed call to rndc-confgen in the install script.
  Make /etc/rndc.key owned by named:named.
  Run named as named:named by default (configurable in /etc/default/named).
  rc.bind: chown /run/named and /var/named to configured user:group.
  Thanks to Ressy for prompting this cleanup. :)
n/curl-7.79.0-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  clear the leftovers pointer when sending succeeds.
  do not ignore --ssl-reqd.
  reject STARTTLS server response pipelining.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947
  (* Security fix *)
n/links-2.24-x86_64-1.txz:  Upgraded.
n/wireguard-tools-1.0.20210914-x86_64-1.txz:  Upgraded.
x/libinput-1.19.0-x86_64-1.txz:  Upgraded.
xap/gimp-2.10.28-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
---
 source/n/dhcpcd/dhcpcd.SlackBuild | 30 +++++++++++++++++++++++++++---
 1 file changed, 27 insertions(+), 3 deletions(-)

(limited to 'source/n/dhcpcd/dhcpcd.SlackBuild')

diff --git a/source/n/dhcpcd/dhcpcd.SlackBuild b/source/n/dhcpcd/dhcpcd.SlackBuild
index 2027e5b6d..53cf1be4a 100755
--- a/source/n/dhcpcd/dhcpcd.SlackBuild
+++ b/source/n/dhcpcd/dhcpcd.SlackBuild
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright 2008, 2009, 2010, 2013, 2014, 2017, 2018, 2020  Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2008, 2009, 2010, 2013, 2014, 2017, 2018, 2020, 2021  Patrick J. Volkerding, Sebeka, MN, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -26,6 +26,21 @@ PKGNAM=dhcpcd
 VERSION=${VERSION:-$(echo dhcpcd-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
 BUILD=${BUILD:-1}
 
+# By default, Slackware builds dhcpcd with privilege separation, which improves
+# security by ensuring that any security vulnerabilies such as buffer overflows
+# or shell metacharacter insertion would gain access to an unprivileged user
+# (the dhcpcd user) rather than the root user. However, this creates issues
+# when using dhcpcd with NetworkManager. With privilege separation enabled,
+# the network won't return properly after suspend/resume.
+#
+# If you use dhcpcd with NetworkManager and this functionality is important to
+# you, rebuild dhcpcd with this command:
+#
+# PRIVSEP=no ./dhcpcd.SlackBuild
+#
+# Then upgrade to the generated package.
+PRIVSEP=${PRIVSEP:-yes}
+
 NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
 
 # Automatically determine the architecture we're building on:
@@ -85,6 +100,15 @@ patch -p1 --verbose < $CWD/patches/dhcpcd.conf-request_ntp_server_by_default.pat
 # /etc/rc.d/rc.S, and /var should not be on a network filesystem.  As such,
 # we'll use the FHS layout instead of putting things in /etc/dhcpc 
 
+# Set options to build with or without privsep:
+if [ "$PRIVSEP" = "yes" ]; then
+  PRIVSEP_OPTIONS="--enable-privsep --privsepuser=dhcpcd"
+  unset TAG
+else
+  PRIVSEP_OPTIONS="--disable-privsep"
+  TAG="_noprivsep"
+fi
+
 # Yes, /lib/dhcpcd is correct, even on x86_64.
 CFLAGS="$SLKCFLAGS" \
 ./configure \
@@ -96,6 +120,7 @@ CFLAGS="$SLKCFLAGS" \
   --libexecdir=/lib/dhcpcd \
   --mandir=/usr/man \
   --rundir=/run \
+  $PRIVSEP_OPTIONS \
   --build=$ARCH-slackware-linux || exit 1
 
 make $NUMJOBS || make || exit 1
@@ -138,5 +163,4 @@ cat $CWD/slack-desc > $PKG/install/slack-desc
 zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
 
 cd $PKG
-/sbin/makepkg -l y -c n $TMP/dhcpcd-$VERSION-$ARCH-$BUILD.txz
-
+/sbin/makepkg -l y -c n $TMP/dhcpcd-$VERSION-$ARCH-$BUILD$TAG.txz
-- 
cgit v1.2.3