From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1717295-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits))
(No client certificate requested)
by finch.gentoo.org (Postfix) with ESMTPS id 541D61582EF
for <garchives@archives.gentoo.org>; Wed, 12 Feb 2025 12:18:59 +0000 (UTC)
Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits))
(No client certificate requested)
(Authenticated sender: relay-lists.gentoo.org@gentoo.org)
by smtp.gentoo.org (Postfix) with ESMTPSA id 3D15A343108
for <garchives@archives.gentoo.org>; Wed, 12 Feb 2025 12:18:59 +0000 (UTC)
Received: from bobolink.gentoo.org (localhost [127.0.0.1])
by bobolink.gentoo.org (Postfix) with ESMTP id 6E000110471;
Wed, 12 Feb 2025 12:18:55 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits))
(No client certificate requested)
by bobolink.gentoo.org (Postfix) with ESMTPS id 68AC8110471
for <gentoo-commits@lists.gentoo.org>; Wed, 12 Feb 2025 12:18:55 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id 12786343122
for <gentoo-commits@lists.gentoo.org>; Wed, 12 Feb 2025 12:18:55 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
by oystercatcher.gentoo.org (Postfix) with ESMTP id 4116D279A
for <gentoo-commits@lists.gentoo.org>; Wed, 12 Feb 2025 12:18:53 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1739362687.9c3456de3f37fe68b6ebf07f65ae60f1bb91e8f3.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/dhcpcd/, net-misc/dhcpcd/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-misc/dhcpcd/dhcpcd-10.1.0-r1.ebuild net-misc/dhcpcd/files/dhcpcd-10.1.0-seccomp-glibc-2.41.patch
X-VCS-Directories: net-misc/dhcpcd/ net-misc/dhcpcd/files/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 9c3456de3f37fe68b6ebf07f65ae60f1bb91e8f3
X-VCS-Branch: master
Date: Wed, 12 Feb 2025 12:18:53 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 02a05658-cf2a-4ec1-b646-e8377a355cf1
X-Archives-Hash: 39e445c8a242f33b4bd708b16e7f0467
commit: 9c3456de3f37fe68b6ebf07f65ae60f1bb91e8f3
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 12 12:18:07 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb 12 12:18:07 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c3456de
net-misc/dhcpcd: backport glibc-2.41 seccomp fix
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/dhcpcd/dhcpcd-10.1.0-r1.ebuild | 173 +++++++++++++++++++++
.../files/dhcpcd-10.1.0-seccomp-glibc-2.41.patch | 28 ++++
2 files changed, 201 insertions(+)
diff --git a/net-misc/dhcpcd/dhcpcd-10.1.0-r1.ebuild b/net-misc/dhcpcd/dhcpcd-10.1.0-r1.ebuild
new file mode 100644
index 000000000000..559a1d24fc22
--- /dev/null
+++ b/net-misc/dhcpcd/dhcpcd-10.1.0-r1.ebuild
@@ -0,0 +1,173 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd optfeature toolchain-funcs
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/NetworkConfiguration/dhcpcd.git"
+else
+ MY_P="${P/_alpha/-alpha}"
+ MY_P="${MY_P/_beta/-beta}"
+ MY_P="${MY_P/_rc/-rc}"
+ SRC_URI="https://github.com/NetworkConfiguration/dhcpcd/releases/download/v${PV}/${MY_P}.tar.xz"
+ S="${WORKDIR}/${MY_P}"
+
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+fi
+
+DESCRIPTION="A fully featured, yet light weight RFC2131 compliant DHCP client"
+HOMEPAGE="https://github.com/NetworkConfiguration/dhcpcd/ https://roy.marples.name/projects/dhcpcd/"
+
+LICENSE="BSD-2 BSD ISC MIT"
+SLOT="0"
+IUSE="debug +embedded ipv6 privsep +udev"
+
+DEPEND="
+ app-crypt/libmd
+ udev? ( virtual/udev )
+"
+RDEPEND="
+ ${DEPEND}
+ privsep? (
+ acct-group/dhcpcd
+ acct-user/dhcpcd
+ )
+"
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ # These don't exist on Linux/glibc (bug #900264)
+ memset_explicit
+ memset_s
+ setproctitle
+ strtoi
+ consttime_memequal
+ SHA256_Init
+ hmac
+ # These may exist on some glibc versions, but the checks fail due to
+ # -Werror / undefined reference no matter what. bug #924825
+ arc4random
+ arc4random_uniform
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-10.0.6-fix-lib-check.patch
+ "${FILESDIR}"/${P}-seccomp-glibc-2.41.patch
+)
+
+src_configure() {
+ local myeconfargs=(
+ --dbdir="${EPREFIX}/var/lib/dhcpcd"
+ --libexecdir="${EPREFIX}/lib/dhcpcd"
+ --localstatedir="${EPREFIX}/var"
+ --prefix="${EPREFIX}"
+ --with-hook=ntp.conf
+ $(use_enable debug)
+ $(use_enable embedded)
+ $(use_enable ipv6)
+ $(use_enable privsep)
+ $(usex elibc_glibc '--with-hook=yp.conf' '')
+ --rundir=$(usex kernel_linux "${EPREFIX}/run/dhcpcd" "${EPREFIX}/var/run/dhcpcd")
+ $(usex privsep '--privsepuser=dhcpcd' '')
+ $(usex udev '' '--without-dev --without-udev')
+ CC="$(tc-getCC)"
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ default
+ keepdir /var/lib/dhcpcd
+ newinitd "${FILESDIR}"/dhcpcd.initd-r1 dhcpcd
+ systemd_newunit "${FILESDIR}"/dhcpcd.service-r1 dhcpcd.service
+}
+
+pkg_postinst() {
+ local dbdir="${EROOT}"/var/lib/dhcpcd old_files=()
+
+ local old_old_duid="${EROOT}"/var/lib/dhcpcd/dhcpcd.duid
+ local old_duid="${EROOT}"/etc/dhcpcd.duid
+ local new_duid="${dbdir}"/duid
+ if [[ -e "${old_old_duid}" ]] ; then
+ # Upgrade the duid file to the new format if needed
+ if ! grep -q '..:..:..:..:..:..' "${old_old_duid}"; then
+ sed -i -e 's/\(..\)/\1:/g; s/:$//g' "${old_old_duid}"
+ fi
+
+ # Move the duid to /etc, a more sensible location
+ if [[ ! -e "${old_duid}" ]] ; then
+ cp -p "${old_old_duid}" "${new_duid}"
+ fi
+ old_files+=( "${old_old_duid}" )
+ fi
+
+ # dhcpcd-7 moves the files out of /etc
+ if [[ -e "${old_duid}" ]] ; then
+ if [[ ! -e "${new_duid}" ]] ; then
+ cp -p "${old_duid}" "${new_duid}"
+ fi
+ old_files+=( "${old_duid}" )
+ fi
+ local old_secret="${EROOT}"/etc/dhcpcd.secret
+ local new_secret="${dbdir}"/secret
+ if [[ -e "${old_secret}" ]] ; then
+ if [[ ! -e "${new_secret}" ]] ; then
+ cp -p "${old_secret}" "${new_secret}"
+ fi
+ old_files+=( "${old_secret}" )
+ fi
+
+ # dhcpcd-7 renames some files in /var/lib/dhcpcd
+ local old_rdm="${dbdir}"/dhcpcd-rdm.monotonic
+ local new_rdm="${dbdir}"/rdm_monotonic
+ if [[ -e "${old_rdm}" ]] ; then
+ if [[ ! -e "${new_rdm}" ]] ; then
+ cp -p "${old_rdm}" "${new_rdm}"
+ fi
+ old_files+=( "${old_rdm}" )
+ fi
+ local lease=
+ for lease in "${dbdir}"/dhcpcd-*.lease*; do
+ [[ -f "${lease}" ]] || continue
+ old_files+=( "${lease}" )
+ local new_lease=$(basename "${lease}" | sed -e "s/dhcpcd-//")
+ [[ -e "${dbdir}/${new_lease}" ]] && continue
+ cp "${lease}" "${dbdir}/${new_lease}"
+ done
+
+ # Warn about removing stale files
+ if [[ -n "${old_files[@]}" ]] ; then
+ elog
+ elog "dhcpcd-7 has copied dhcpcd.duid and dhcpcd.secret from"
+ elog "${EROOT}/etc to ${dbdir}"
+ elog "and copied leases in ${dbdir} to new files with the dhcpcd-"
+ elog "prefix dropped."
+ elog
+ elog "You should remove these files if you don't plan on reverting"
+ elog "to an older version:"
+ local old_file=
+ for old_file in ${old_files[@]}; do
+ elog " ${old_file}"
+ done
+ fi
+
+ if [ -z "${REPLACING_VERSIONS}" ]; then
+ elog
+ elog "dhcpcd has zeroconf support active by default."
+ elog "This means it will always obtain an IP address even if no"
+ elog "DHCP server can be contacted, which will break any existing"
+ elog "failover support you may have configured in your net configuration."
+ elog "This behaviour can be controlled with the noipv4ll configuration"
+ elog "file option or the -L command line switch."
+ elog "See the dhcpcd and dhcpcd.conf man pages for more details."
+
+ elog
+ elog "Dhcpcd has duid enabled by default, and this may cause issues"
+ elog "with some dhcp servers. For more information, see"
+ elog "https://bugs.gentoo.org/show_bug.cgi?id=477356"
+ fi
+
+ optfeature "lookup-hostname hook" net-dns/bind-tools
+}
diff --git a/net-misc/dhcpcd/files/dhcpcd-10.1.0-seccomp-glibc-2.41.patch b/net-misc/dhcpcd/files/dhcpcd-10.1.0-seccomp-glibc-2.41.patch
new file mode 100644
index 000000000000..6b69b47176d2
--- /dev/null
+++ b/net-misc/dhcpcd/files/dhcpcd-10.1.0-seccomp-glibc-2.41.patch
@@ -0,0 +1,28 @@
+https://github.com/NetworkConfiguration/dhcpcd/commit/e9e40400003db2e4f12dba85acabbaf2212a520f
+
+From e9e40400003db2e4f12dba85acabbaf2212a520f Mon Sep 17 00:00:00 2001
+From: Scott Shambarger <devel@shambarger.net>
+Date: Sat, 7 Dec 2024 16:37:28 +0000
+Subject: [PATCH] linux: Allow the __NR_rt_sigprocmask syscall
+
+Fixes recent glibc changes to getrandom() used by arc4random().
+Fixes #421.
+---
+ src/privsep-linux.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/privsep-linux.c b/src/privsep-linux.c
+index 8357904c..e3485a2e 100644
+--- a/src/privsep-linux.c
++++ b/src/privsep-linux.c
+@@ -409,6 +409,9 @@ static struct sock_filter ps_seccomp_filter[] = {
+ #ifdef __NR_recvmsg
+ SECCOMP_ALLOW(__NR_recvmsg),
+ #endif
++#ifdef __NR_rt_sigprocmask
++ SECCOMP_ALLOW(__NR_rt_sigprocmask),
++#endif
+ #ifdef __NR_rt_sigreturn
+ SECCOMP_ALLOW(__NR_rt_sigreturn),
+ #endif
+