# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
#   2.80-r4:
#     - CVE-2019-14834
#   2.79-r0:
#     - CVE-2017-15107
#   2.78-r0:
#     - CVE-2017-13704
#     - CVE-2017-14491
#     - CVE-2017-14492
#     - CVE-2017-14493
#     - CVE-2017-14494
#     - CVE-2017-14495
#     - CVE-2017-14496
#
pkgname=dnsmasq
pkgver=2.80
pkgrel=4
pkgdesc="A lightweight DNS, DHCP, RA, TFTP and PXE server"
url="http://www.thekelleys.org.uk/dnsmasq/"
arch="all"
license="GPL-2.0"
depends="!$pkgname-dnssec"
makedepends="linux-headers nettle-dev"
install="$pkgname.pre-install $pkgname.pre-upgrade
	$pkgname-dnssec.pre-install $pkgname-dnssec.pre-upgrade"
subpackages="$pkgname-doc $pkgname-dnssec"
source="http://www.thekelleys.org.uk/dnsmasq/$pkgname-$pkgver.tar.gz
	$pkgname.initd
	$pkgname.confd
	uncomment-conf-dir.patch
	CVE-2019-14834.patch
	"
builddir="$srcdir/$pkgname-$pkgver"

build() {
	cd "$builddir"

	make CFLAGS="$CFLAGS" COPTS="-DHAVE_DNSSEC" all
	mv src/dnsmasq src/dnsmasq~dnssec

	make CFLAGS="$CFLAGS" clean all
}

# dnsmasq doesn't provide any test suite (shame on them!), so just check that
# the binary isn't totally broken...
check() {
	cd "$builddir"
	./src/dnsmasq --help >/dev/null
}

package() {
	cd "$builddir"

	make PREFIX=/usr DESTDIR="$pkgdir" install

	install -D -m755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
	install -D -m644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname

	install -m644 dnsmasq.conf.example "$pkgdir"/etc/dnsmasq.conf
	install -d -m755 "$pkgdir"/etc/dnsmasq.d
}

dnssec() {
	pkgdesc="$pkgdesc with DNSSEC support"
	depends="!$pkgname"

	cd "$builddir"

	install -D -m 755 src/dnsmasq~dnssec "$subpkgdir"/usr/sbin/dnsmasq
	install -D -m 644 trust-anchors.conf \
		"$subpkgdir"/usr/share/$pkgname/trust-anchors.conf

	cp -r "$pkgdir"/etc "$subpkgdir"/etc
}

sha512sums="da50030ac96617fbb7d54d5ef02d2ed1e14ec1ebe0df49bc23a1509381bc1644cf6fb95ff72ed15e0ad1e9bd6aa11ec6e4dcabec8ebb152da0d84f9a4408565b  dnsmasq-2.80.tar.gz
a7d64a838d10f4f69e0f2178cf66f0b3725901696e30df9e8e3e09f2afd7c86e9d95af64d2b63ef66f18b8a637397b7015573938df9ad961e2b36c391c3ac579  dnsmasq.initd
9a401bfc408bf1638645c61b8ca734bea0a09ef79fb36648ec7ef21666257234254bbe6c73c82cc23aa1779ddcdda0e6baa2c041866f16dfb9c4e0ba9133eab8  dnsmasq.confd
01e9e235e667abda07675009fb1947547863e0bb0256393c5a415978e2a49c1007585c7f0b51e8decce79c05e6f2ced3f400b11343feaa4de9b2e524f74a1ee3  uncomment-conf-dir.patch
d4d11945578430da629d7a38b00eb552cd95b1c438a0b85b63ba637ed19b4283623e39692f48146132b7cb5d453eaa3c07680f1514017d8d458e347153215a9b  CVE-2019-14834.patch"