# Maintainer: Natanael Copa # Contributor: Jakub Jirutka # # secfixes: # 2.76-r6: # - CVE-2017-15107 # 2.76-r5: # - CVE-2017-14491 # - CVE-2017-14492 # - CVE-2017-14493 # - CVE-2017-14494 # - CVE-2017-14495 # - CVE-2017-14496 # pkgname=dnsmasq pkgver=2.76 pkgrel=7 pkgdesc="A lightweight DNS, DHCP, RA, TFTP and PXE server" url="http://www.thekelleys.org.uk/dnsmasq/" arch="all" license="GPL2" depends="!$pkgname-dnssec" makedepends="linux-headers nettle-dev" install="$pkgname.pre-install $pkgname.pre-upgrade" subpackages="$pkgname-doc $pkgname-dnssec" source="http://www.thekelleys.org.uk/dnsmasq/$pkgname-$pkgver.tar.gz CVE-2017-14491.patch CVE-2017-14492.patch CVE-2017-14493.patch CVE-2017-14494.patch CVE-2017-14496.patch CVE-2017-14495.patch CVE-2017-14491-2.patch $pkgname.initd $pkgname.confd uncomment-conf-dir.patch CVE-2017-15107.patch " builddir="$srcdir/$pkgname-$pkgver" build() { cd "$builddir" make CFLAGS="$CFLAGS" COPTS="-DHAVE_DNSSEC" all || return 1 mv src/dnsmasq src/dnsmasq~dnssec || return 1 make CFLAGS="$CFLAGS" clean all } # dnsmasq doesn't provide any test suite (shame on them!), so just check that # the binary isn't totally broken... check() { cd "$builddir" ./src/dnsmasq --help >/dev/null } package() { cd "$builddir" make PREFIX=/usr DESTDIR="$pkgdir" install || return 1 install -D -m755 "$srcdir"/$pkgname.initd \ "$pkgdir"/etc/init.d/$pkgname || return 1 install -D -m644 "$srcdir"/$pkgname.confd \ "$pkgdir"/etc/conf.d/$pkgname || return 1 install -m644 dnsmasq.conf.example "$pkgdir"/etc/dnsmasq.conf || return 1 install -d -m755 "$pkgdir"/etc/dnsmasq.d } dnssec() { pkgdesc="$pkgdesc with DNSSEC support" depends="!$pkgname" cd "$builddir" install -D -m 755 src/dnsmasq~dnssec \ "$subpkgdir"/usr/sbin/dnsmasq || return 1 install -D -m 644 trust-anchors.conf \ "$subpkgdir"/usr/share/$pkgname/trust-anchors.conf || return 1 cp -r "$pkgdir"/etc "$subpkgdir"/etc } sha512sums="c22627a8d864671096d3b3428ec4f879b513e1f1e7f79be3ab89444c56234e748fbfa6b6b4f9e521984fea95d363f4aa2ca6243f0dfc12ffb74bed0648ae21c5 dnsmasq-2.76.tar.gz aa82a4d07f22dfc4913aaefb678890b0523f89f5283b1bab97c9e8540aafaa3be436a205f4e442c51336209e81e6236325ede5f1d5ba0de671bb1cbcd8979a14 CVE-2017-14491.patch a3fbde8c902ccab61b279f6977dddc46c7e2ae9c5cd2c9e0b297bbbe2965cd9a5d254bc4a0fcabc53db0dc3e945f77f85ffd798c2d181c8c0ad48391754f3781 CVE-2017-14492.patch 083ce54a4e1a41f60302cdd3f353f1ba9ea84a3f474d1ce0b9f2d88c14c36bb83a314775260b83788f89866575199391d2f40b773224798bdd4ad09f847e20b1 CVE-2017-14493.patch 3aed0e80eb1d0bcc1639e83668ac49fced2681d907ab70a00ded50fb987cc2ade6f264016877666075b8a9efc542df57badbe4e1aa89d60b792a13c00029041a CVE-2017-14494.patch d63f2ed7b34796ff42891813084c56df1ce7e7da1ea2485a029b8c7b5dfda2110fdf8c217564a77571562a9b4778e777f9dec6de8c1e9ffb52f6e85fb6cc566c CVE-2017-14496.patch d3ffcd4451a52930a9499047559853f7a3b653a26254d3abeb972dd9ed663c406db3cc415cf5b3d5eeb44e37ff21573eaa6bc92415e8e97d13ff9890c4a0683f CVE-2017-14495.patch ae665e0545038f1660eb8b67db71b403a3bdcc1b6915438f6e0eaec5c0d7c43dc49b72bb68c2204882d3c2fd280313ee2035a699ff2308d23e8ade65ef87a323 CVE-2017-14491-2.patch af841b23b123618c80e736776590a983f744a65b71ae90ac9aea48988e9f2f6527710540bffad2470f22f46ff75af304829332aadfd7084e87763f08575ecf29 dnsmasq.initd 9a401bfc408bf1638645c61b8ca734bea0a09ef79fb36648ec7ef21666257234254bbe6c73c82cc23aa1779ddcdda0e6baa2c041866f16dfb9c4e0ba9133eab8 dnsmasq.confd d01077f39e1240041a6700137810f254daf683b2d58dafecb6b162e94d694992e57d45964a57993b298f97c2b589eedcf9fb1506692730a38b7f06b5f55ba8d8 uncomment-conf-dir.patch 289270b10bb85bf310adf82bb49e919afd86cb82b742dce5213bf446e047793dbb86af29cda01356426b4d1c10669e0586940c59c9f96b324bc7a45e3a2f386b CVE-2017-15107.patch"