aboutsummaryrefslogtreecommitdiffstats
path: root/main/dnsmasq/APKBUILD
blob: be89d141df62e8bddce00e8c35b29e66ee8cd9ef (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
pkgname=dnsmasq
pkgver=2.86
pkgrel=5
pkgdesc="A lightweight DNS, DHCP, RA, TFTP and PXE server"
url="https://www.thekelleys.org.uk/dnsmasq/"
arch="all"
license="GPL-2.0-only OR GPL-3.0-only"
depends="$pkgname-common=$pkgver-r$pkgrel"
makedepends="
	coreutils
	dbus-dev
	linux-headers
	nettle-dev
	"
install="
	$pkgname.pre-install
	$pkgname.pre-upgrade
	$pkgname-dnssec.pre-install
	$pkgname-dnssec.pre-upgrade
	"
subpackages="
	$pkgname-doc
	$pkgname-dnssec
	$pkgname-dnssec-dbus
	$pkgname-openrc
	$pkgname-common::noarch
	"
source="https://www.thekelleys.org.uk/dnsmasq/dnsmasq-$pkgver.tar.xz
	0000-underflow.patch
	0001-Retry-on-interrupted-error-in-tftp.patch
	0002-Add-safety-checks-to-places-pointed-by-Coverity.patch
	0003-Small-safeguard-to-unexpected-data.patch
	0004-Fix-bunch-of-warnings-in-auth.c.patch
	0005-Fix-few-coverity-warnings-in-lease-tools.patch
	0006-Fix-coverity-formats-issues-in-blockdata.patch
	0007-Retry-dhcp6-ping-on-interrupts.patch
	0008-Fix-coverity-warnings-on-dbus.patch
	0009-Address-coverity-issues-detected-in-util.c.patch
	0010-Fix-coverity-detected-issues-in-option.c.patch
	0011-Fix-coverity-detected-issue-in-radv.c.patch
	0012-Fix-coverity-detected-issues-in-cache.c.patch
	0013-Fix-coverity-issues-detected-in-domain-match.c.patch
	0014-Fix-coverity-detected-issues-in-dnsmasq.c.patch
	0015-Fix-coverity-issues-in-dnssec.c.patch
	0020-fix-domain-match-local.patch
	0021-build_server_array.patch
	0022-Fix-problems-with-upper-case-in-domain-match.patch
	0023-Optimize-inserting-records-into-server-list.patch
	0024-Fix-massive-confusion-on-server-reload.patch
	0025-reuse-server.patch
	CVE-2022-0934.patch

	config.h.patch
	dnsmasq.conf.patch
	$pkgname.initd
	$pkgname.confd
	"

# secfixes:
#   2.86-r1:
#     - CVE-2022-0934
#   2.85-r0:
#     - CVE-2021-3448
#   2.83-r0:
#     - CVE-2020-25681
#     - CVE-2020-25682
#     - CVE-2020-25683
#     - CVE-2020-25684
#     - CVE-2020-25685
#     - CVE-2020-25686
#     - CVE-2020-25687
#   2.80-r5:
#     - CVE-2019-14834
#   2.79-r0:
#     - CVE-2017-15107
#   2.78-r0:
#     - CVE-2017-13704
#     - CVE-2017-14491
#     - CVE-2017-14492
#     - CVE-2017-14493
#     - CVE-2017-14494
#     - CVE-2017-14495
#     - CVE-2017-14496

build() {
	make CFLAGS="$CFLAGS" COPTS="-DHAVE_DNSSEC" all
	mv src/dnsmasq src/dnsmasq~dnssec

	make CFLAGS="$CFLAGS" COPTS="-DHAVE_DNSSEC -DHAVE_DBUS" all
	mv src/dnsmasq src/dnsmasq~dbus

	make CFLAGS="$CFLAGS" clean all
}

# dnsmasq doesn't provide any test suite (shame on them!), so just check that
# the binary isn't totally broken...
check() {
	./src/dnsmasq --help >/dev/null
}

package() {
	provider_priority=100  # highest (other providers are dnsmasq-dnssec, dnsmasq-dnssec-dbus)

	make PREFIX=/usr DESTDIR="$pkgdir" install

	install -D -m755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
	install -D -m644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
}

dnssec() {
	pkgdesc="$pkgdesc with DNSSEC support"
	provides="$pkgname=$pkgver-r$pkgrel"
	provider_priority=20  # middle (other providers are dnsmasq, dnsmasq-dnssec-dbus)

	install -D -m 755 "$builddir"/src/dnsmasq~dnssec "$subpkgdir"/usr/sbin/dnsmasq
}

dbus() {
	pkgdesc="$pkgdesc with DNSSEC and D-Bus support"
	provides="
		$pkgname=$pkgver-r$pkgrel
		$pkgname-dbus=$pkgver-r$pkgrel
		$pkgname-dnssec=$pkgver-r$pkgrel
		"
	provider_priority=10  # lowest (other providers are dnsmasq, dnsmasq-dnssec)

	cd "$builddir"
	install -D -m755 src/dnsmasq~dbus "$subpkgdir"/usr/sbin/dnsmasq
	install -D -m644 dbus/dnsmasq.conf -t "$subpkgdir"/usr/share/dbus-1/system.d/
}

common() {
	pkgdesc="$pkgdesc (common files)"
	depends=""
	replaces="$pkgname<2.86-r1 $pkgname-dnssec<2.86-r3"

	install -D -m644 "$builddir"/dnsmasq.conf.example "$subpkgdir"/etc/dnsmasq.conf
	install -d -m755 "$subpkgdir"/etc/dnsmasq.d

	install -D -m644 "$builddir"/trust-anchors.conf \
		"$subpkgdir"/usr/share/$pkgname/trust-anchors.conf
}

openrc() {
	default_openrc
	install_if="openrc $pkgname-common=$pkgver-r$pkgrel"
}

sha512sums="
487eae0afbc8bb3d5282a729ffb0cb2c9bdc7d8e46e2e8aa114cd7c5d82e0fd66f49926e7fa4028577548d6f57e8a865aca17f33963a589874584d608ab2deaf  dnsmasq-2.86.tar.xz
bae115897d25aa1eec1d7e60f7faa6c1c50685fce7f7decc2296256c2d26cb3cd104935b81bbfc58536ee6c44ae4ba350b022d0f9ea2798b0dc391a498258063  0000-underflow.patch
da45c81c475666936895a582d957495fb16034ee7d474d6f1b5751edc1f2f581eda020401a938aafa70bfd239a551d6acaf545e9c79674b9a6841d2c7f827df0  0001-Retry-on-interrupted-error-in-tftp.patch
9e82f19b808954211c1deb1b2e648236c161fc7b9c8a6796c5ecf3a37e7b13a76b83fe13a2bf5a20f62d78ac789102cae96925c1e40bd13ec2968831805ff9c6  0002-Add-safety-checks-to-places-pointed-by-Coverity.patch
e3d40e71e93b417429c15a6a7d15b9dd7441e8235651f457e66ff509a3fc1144b53ba3e3425b97d909301c38c15091e942ef822e53ab81900472d20ecee30e75  0003-Small-safeguard-to-unexpected-data.patch
990ab720de1940794829e9830e01de71b0c7bf36ccfcf32b109533d0dd25efce63612ba612a611fc065e0634240e9252a905973dc0a5beb614088990c0a5b658  0004-Fix-bunch-of-warnings-in-auth.c.patch
3d24d216dad94f272d7a7b724e14d4a86e9eb2a6d9088a18b8821b5bc61675397acb5134b0349cbce57ae3f42396d922d801b41514202f78bbdfdf785dbeb5bf  0005-Fix-few-coverity-warnings-in-lease-tools.patch
aa558bd2356c3d820425132d1e26039bc8ed1782cde6e421a363ae405c8a7a044253d74bd9bf2b0e3728b06d1f5ca0a1a5102f79fea4ee1f54298111e796f05a  0006-Fix-coverity-formats-issues-in-blockdata.patch
aadb1cb9f7d21b1a083fc664e060a1509cbbe00549ea6466faf92887044e7bca58cf2cbddb82b70cbfe2fbf7a082e7a89d266c8ddc7b7a7dab793c9f99522457  0007-Retry-dhcp6-ping-on-interrupts.patch
ccace656e7abbc97f6709a642e9fb7875bb220f3e8ff89a601e703ac5143401ccb0a365971c7effb11b9a5b710733011bc1d39b4dde7996321053b9d08faca26  0008-Fix-coverity-warnings-on-dbus.patch
39e4b52b25e3223f5803f73f721a597bfe8cb5df96aa5e0fdfda62672380c55301821a610e11e167a0eca44bf2cd4c45f995b79e19e9cd0f2c62d89f8451935b  0009-Address-coverity-issues-detected-in-util.c.patch
462996c6f0f278fad95156f5bae059f34384849f5602af674d073f29b889d2cbf993717641dc6ab02de4e0195fb22d8b440495272271c4969011151068888cf2  0010-Fix-coverity-detected-issues-in-option.c.patch
09167fa3ee06d7686f83639a70fd97d3b50d8ccb8bcef57a99905536fd9f53f00b3019a29b96715bab19ec0129babdc4ebe360d5439f5902f4cddff0a6fc4c54  0011-Fix-coverity-detected-issue-in-radv.c.patch
a60d537ab2f89cff05fbbf02c0b7167b823b0e024b70b80d69828bf111875ea8c238448ffad4ef8f67a1be5cd2be5751ab5a8b489ba34f57f3d3074d5832001e  0012-Fix-coverity-detected-issues-in-cache.c.patch
edc4cbec2b506a995ed454903972aed130577c8dd04c218999023e6c1830ed8ba4b77926b60c7f19a7b03550eed3ba18f4ce68ec4760650ccbbcedfa1f3ea0c7  0013-Fix-coverity-issues-detected-in-domain-match.c.patch
6383a7a4ec6f11468bd416b9b96ecc35fd291f439a80230aa773186aa31894a898d776c651ab68dd8f3517bceebee81536c3523c648d6a795b1207555992deb7  0014-Fix-coverity-detected-issues-in-dnsmasq.c.patch
7af46affcff002361d3412f0448d428b37299e6fda1c335bae4947a9ea29e1709a041df21e5376a474946a6b46ff00994abd2d56fdc4946facb93daffcac42ba  0015-Fix-coverity-issues-in-dnssec.c.patch
dcd8bac303c8988a5096996d395b6ffd1a98ba5e5b48591dac3250bdb95eef7f3e9fe5800150ea49877abb76b588c409db3d4db2f04f28a359a1dd069b2d6c7a  0020-fix-domain-match-local.patch
f511a279c776e125530747c9df3e92b93af39cdfc1861e0ad53ddf7c41e091f09b51aba56ce3dcb06a2e4d60962aee81288d6157d0f4355cc6586f0ef67f6c4f  0021-build_server_array.patch
2b639d3355221eedd462b59a79535b9ce1787be08d88e7f30dc7e7d77d50e5652378acaa297d63dd793cc46d5cf8de6529c9fe9c694ff6edc67358165a6b117b  0022-Fix-problems-with-upper-case-in-domain-match.patch
7a5bbdd0bf8b9ab188f46d3ef4c5aaa860256e48b5e3363bbc4639d1b279d4209490ae54317a1d33e1d238482796e8cc6181fcf80365ce6dfad394eab47c5558  0023-Optimize-inserting-records-into-server-list.patch
6cfd44add1214d4f9d9504edacb2a0ce3ece371b2a44966cda0446884386a70234cafc5aee52ddc15be8252439e3aab15780eb21c48f85ed73d9e858c37aa76f  0024-Fix-massive-confusion-on-server-reload.patch
41e36c721d47799711cd5f8fc6099a3fd53534ce052b59d58d40f457561ab5759ee443d0b043fcb105e0ca1ad0a241fd0a689560ed675a3d586cab4d38c38fc3  0025-reuse-server.patch
b04ad7a5019a64feb9e4237e5fbc4f2dc1b1ae12c092222a5e14099566022f17aa4eb9139f69a5a778166c6a096e311ab5ec6ce44fff8409f7df5f5ab86bdd60  CVE-2022-0934.patch
d0274417019af84911f3f4a850e785797bdc77732fd93504fe21db7317a874d2ab54bf7a211d000a751cdc43e225a30be4c1a315ab2383fc3fcc619e436aed97  config.h.patch
41679e0e889607896dcf7fdeb179b9b7a79095c9f86aebda131ac09c12e3ef2a94cece0018ab33ea08d3e6f6bbae44379e9d6fb8987fae29e68ecad952ccdd45  dnsmasq.conf.patch
0c609a55ca0140d8f31f8f6eb4cb96eca7bc76385d48739998bea926b409f3d72cbfdffc30ad3f9e3a62db4ea3280f7fe6a60a12fc091164814a7cdf6a14b307  dnsmasq.initd
c6ecec498f07916cd3c5ff183ff2a2ec478cf95ee43c0082d164b548d72b13fc9ba7cfbca9fb50e919e146708b5ce7f3b3a6565b36223c4efe1481172214ad93  dnsmasq.confd
"