From owner-svn-ports-all@freebsd.org  Sun May 31 14:25:04 2020
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 08AFB335E4D;
 Sun, 31 May 2020 14:25:04 +0000 (UTC)
 (envelope-from woodsb02@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49ZgYq6PlKz4BBD;
 Sun, 31 May 2020 14:25:03 +0000 (UTC)
 (envelope-from woodsb02@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D735C1B6B3;
 Sun, 31 May 2020 14:25:03 +0000 (UTC)
 (envelope-from woodsb02@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04VEP36X004862;
 Sun, 31 May 2020 14:25:03 GMT (envelope-from woodsb02@FreeBSD.org)
Received: (from woodsb02@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04VEP2Ks004857;
 Sun, 31 May 2020 14:25:02 GMT (envelope-from woodsb02@FreeBSD.org)
Message-Id: <202005311425.04VEP2Ks004857@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: woodsb02 set sender to
 woodsb02@FreeBSD.org using -f
From: Ben Woods <woodsb02@FreeBSD.org>
Date: Sun, 31 May 2020 14:25:02 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r537164 - in head/net/dhcpcd: . files
X-SVN-Group: ports-head
X-SVN-Commit-Author: woodsb02
X-SVN-Commit-Paths: in head/net/dhcpcd: . files
X-SVN-Commit-Revision: 537164
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 31 May 2020 14:25:04 -0000

Author: woodsb02
Date: Sun May 31 14:25:02 2020
New Revision: 537164
URL: https://svnweb.freebsd.org/changeset/ports/537164

Log:
  net/dhcpcd: Update to 9.1.0
  
  Now with privilege separation and capsicumized.
  
  Changes this release:
    https://roy.marples.name/archives/dhcpcd-discuss/0003007.html
    https://roy.marples.name/archives/dhcpcd-discuss/0002881.html

Modified:
  head/net/dhcpcd/Makefile
  head/net/dhcpcd/distinfo
  head/net/dhcpcd/files/dhcpcd.in
  head/net/dhcpcd/pkg-descr
  head/net/dhcpcd/pkg-plist

Modified: head/net/dhcpcd/Makefile
==============================================================================
--- head/net/dhcpcd/Makefile	Sun May 31 13:52:53 2020	(r537163)
+++ head/net/dhcpcd/Makefile	Sun May 31 14:25:02 2020	(r537164)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	dhcpcd
-PORTVERSION=	8.1.9
+PORTVERSION=	9.1.0
 CATEGORIES=	net
 MASTER_SITES=	https://roy.marples.name/downloads/dhcpcd/ \
 		https://cflags.cc/roy/dhcpcd/
@@ -19,12 +19,14 @@ USES=		compiler:c11 cpe tar:xz
 
 CPE_VENDOR=	dhcpcd_project
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS=	--datadir=${PREFIX}/share/examples
+CONFIGURE_ARGS=	--datadir=${PREFIX}/share/examples \
+		--privsepuser="_dhcp"
 USE_RC_SUBR=	dhcpcd
 
 post-install:
 	${MV} ${STAGEDIR}${PREFIX}/etc/dhcpcd.conf \
 		${STAGEDIR}${PREFIX}/share/examples/dhcpcd
 	@${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/dhcpcd
+	${MKDIR} ${STAGEDIR}/var/db/dhcpcd
 
 .include <bsd.port.mk>

Modified: head/net/dhcpcd/distinfo
==============================================================================
--- head/net/dhcpcd/distinfo	Sun May 31 13:52:53 2020	(r537163)
+++ head/net/dhcpcd/distinfo	Sun May 31 14:25:02 2020	(r537164)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1589539562
-SHA256 (dhcpcd-8.1.9.tar.xz) = 8e2a505eb2bd8007d7c6fd855fcb4dd28cced8fc28886c7ce41fb4fc5630fbcf
-SIZE (dhcpcd-8.1.9.tar.xz) = 230288
+TIMESTAMP = 1590934886
+SHA256 (dhcpcd-9.1.0.tar.xz) = 2d51bbf1780824cfb41c30d391ddeea43ab515a874bb2e74508939169ba93bf7
+SIZE (dhcpcd-9.1.0.tar.xz) = 247460

Modified: head/net/dhcpcd/files/dhcpcd.in
==============================================================================
--- head/net/dhcpcd/files/dhcpcd.in	Sun May 31 13:52:53 2020	(r537163)
+++ head/net/dhcpcd/files/dhcpcd.in	Sun May 31 14:25:02 2020	(r537164)
@@ -16,7 +16,7 @@ if [ -n "$ifn" ]; then
 	if [ -z "$flags" -a -n "$specific" ]; then
 		rc_flags="$specific"
 	fi
-	pidfile="/var/run/dhcpcd-$ifn.pid"
+	pidfile="/var/run/dhcpcd/dhcpcd-$ifn.pid"
 else
 	pidfile="$($command -P $rc_flags)"
 	: ${dhcpcd_enable:=NO}

Modified: head/net/dhcpcd/pkg-descr
==============================================================================
--- head/net/dhcpcd/pkg-descr	Sun May 31 13:52:53 2020	(r537163)
+++ head/net/dhcpcd/pkg-descr	Sun May 31 14:25:02 2020	(r537164)
@@ -2,4 +2,12 @@ dhcpcd is a DHCP/IPv4LL/IPv6RS/DHCPv6 client.
 It can also act as a network manager, responding to new interfaces,
 listening for carrier up/down events and managing routes.
 
+dhcpcd-9 introduces a number of security improvements:
+- privilege separation
+  operations are performed across multiple processes, and those which do
+  not require root privileges are run as the unprivileged _dhcp user
+- sanboxed with capsicum(4)
+  processes run in capability mode, limiting their access and therefore
+  the potential impact of security vulnerabilities
+
 WWW: https://roy.marples.name/projects/dhcpcd

Modified: head/net/dhcpcd/pkg-plist
==============================================================================
--- head/net/dhcpcd/pkg-plist	Sun May 31 13:52:53 2020	(r537163)
+++ head/net/dhcpcd/pkg-plist	Sun May 31 14:25:02 2020	(r537164)
@@ -1,5 +1,4 @@
 libexec/dhcpcd-hooks/01-test
-libexec/dhcpcd-hooks/02-dump
 libexec/dhcpcd-hooks/20-resolv.conf
 libexec/dhcpcd-hooks/30-hostname
 libexec/dhcpcd-hooks/50-ntp.conf
@@ -12,5 +11,5 @@ sbin/dhcpcd
 %%EXAMPLESDIR%%/hooks/15-timezone
 %%EXAMPLESDIR%%/hooks/29-lookup-hostname
 %%EXAMPLESDIR%%/hooks/50-ypbind
-@dir /var/db/dhcpcd
 @sample %%EXAMPLESDIR%%/dhcpcd.conf etc/dhcpcd.conf
+@dir(_dhcp,_dhcp,) /var/db/dhcpcd