[gentoo-commits] repo/gentoo:master commit in: net-misc/quagga/, net-misc/quagga/files/

[Sergey Popov]

commit:     5a041e0100b705ec223a925e656373b9b0e40fa7
Author:     Sergey Popov <pinkbyte <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 18 15:25:41 2016 +0000
Commit:     Sergey Popov <pinkbyte <AT> gentoo <DOT> org>
CommitDate: Tue Oct 18 15:35:50 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a041e01

net-misc/quagga: revision bump

Backport upstream security fix for stack overrun
in IPv6 RA receive code in zebra daemon.

Reported-by: Agostino Sarubbo <ago <AT> gentoo.org>
Gentoo-Bug: 597410

Package-Manager: portage-2.3.2

 ...uagga-1.0.20160315-zebra-ipv6-ra-overflow.patch |  48 ++++++++
 net-misc/quagga/quagga-1.0.20160315-r4.ebuild      | 137 +++++++++++++++++++++
 2 files changed, 185 insertions(+)

diff --git 
a/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch 
b/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch
new file mode 100644
index 00000000..74b8add
--- /dev/null
+++ b/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch
@@ -0,0 +1,48 @@
+commit cfb1fae25f8c092e0d17073eaf7bd428ce1cd546
+Author: David Lamparter <equi...@opensourcerouting.org>
+Date:   Wed Aug 31 13:31:16 2016 +0200
+
+    zebra: stack overrun in IPv6 RA receive code (CVE-2016-1245)
+    
+    The IPv6 RA code also receives ICMPv6 RS and RA messages.
+    Unfortunately, by bad coding practice, the buffer size specified on
+    receiving such messages mixed up 2 constants that in fact have
+    different values.
+    
+    The code itself has:
+     #define RTADV_MSG_SIZE 4096
+    While BUFSIZ is system-dependent, in my case (x86_64 glibc):
+     /usr/include/_G_config.h:#define _G_BUFSIZ 8192
+     /usr/include/libio.h:#define _IO_BUFSIZ _G_BUFSIZ
+     /usr/include/stdio.h:# define BUFSIZ _IO_BUFSIZ
+    
+    FreeBSD, OpenBSD, NetBSD and Illumos are not affected, since all of them
+    have BUFSIZ == 1024.
+    
+    As the latter is passed to the kernel on recvmsg(), it's possible to
+    overwrite 4kB of stack -- with ICMPv6 packets that can be globally sent
+    to any of the system's addresses (using fragmentation to get to 8k).
+    
+    (The socket has filters installed limiting this to RS and RA packets,
+    but does not have a filter for source address or TTL.)
+    
+    Issue discovered by trying to test other stuff, which randomly caused
+    the stack to be smaller than 8kB in that code location, which then
+    causes the kernel to report EFAULT (Bad address).
+    
+    Signed-off-by: David Lamparter <equi...@opensourcerouting.org>
+    Reviewed-by: Donald Sharp <sha...@cumulusnetworks.com>
+
+diff --git a/zebra/rtadv.c b/zebra/rtadv.c
+index d4ef1b8..2f62714 100644
+--- a/zebra/rtadv.c
++++ b/zebra/rtadv.c
+@@ -482,7 +482,7 @@ rtadv_read (struct thread *thread)
+   /* Register myself. */
+   rtadv_event (zvrf, RTADV_READ, sock);
+ 
+-  len = rtadv_recv_packet (sock, buf, BUFSIZ, &from, &ifindex, &hoplimit);
++  len = rtadv_recv_packet (sock, buf, sizeof (buf), &from, &ifindex, 
&hoplimit);
+ 
+   if (len < 0) 
+     {

diff --git a/net-misc/quagga/quagga-1.0.20160315-r4.ebuild 
b/net-misc/quagga/quagga-1.0.20160315-r4.ebuild
new file mode 100644
index 00000000..b6af57e
--- /dev/null
+++ b/net-misc/quagga/quagga-1.0.20160315-r4.ebuild
@@ -0,0 +1,137 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+CLASSLESS_BGP_PATCH=ht-20040304-classless-bgp.patch
+
+inherit autotools eutils flag-o-matic multilib pam readme.gentoo-r1 systemd 
user
+
+DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and 
BGP"
+HOMEPAGE="http://quagga.net/";
+SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz
+       bgpclassless? ( 
http://hasso.linux.ee/stuff/patches/quagga/${CLASSLESS_BGP_PATCH} )"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~s390 ~sparc ~x86"
+
+IUSE="bgpclassless caps doc elibc_glibc ipv6 multipath ospfapi pam +readline 
snmp tcp-zebra"
+
+COMMON_DEPEND="
+       caps? ( sys-libs/libcap )
+       snmp? ( net-analyzer/net-snmp )
+       readline? (
+               sys-libs/readline:0
+               pam? ( sys-libs/pam )
+       )
+       !elibc_glibc? ( dev-libs/libpcre )"
+DEPEND="${COMMON_DEPEND}
+       app-arch/xz-utils
+       sys-apps/gawk
+       sys-devel/libtool:2"
+RDEPEND="${COMMON_DEPEND}
+       sys-apps/iproute2"
+
+PATCHES=(
+       "${FILESDIR}/${PN}-0.99.22.4-ipctl-forwarding.patch"
+       "${FILESDIR}/${P}-ripd-null-pointer-fix.patch"
+       "${FILESDIR}/${P}-ospfd-dangling-pointer-fix.patch"
+       "${FILESDIR}/${P}-bgpd-logging-fix.patch"
+       "${FILESDIR}/${P}-zebra-ipv6-ra-overflow.patch"
+)
+
+DISABLE_AUTOFORMATTING=1
+DOC_CONTENTS="Sample configuration files can be found in 
/usr/share/doc/${PF}/samples
+You have to create config files in /etc/quagga before
+starting one of the daemons.
+
+You can pass additional options to the daemon by setting the EXTRA_OPTS
+variable in their respective file in /etc/conf.d"
+
+pkg_setup() {
+       enewgroup quagga
+       enewuser quagga -1 -1 /var/empty quagga
+}
+
+src_prepare() {
+       # Classless prefixes for BGP
+       # http://hasso.linux.ee/doku.php/english:network:quagga
+       use bgpclassless && eapply -p0 "${DISTDIR}/${CLASSLESS_BGP_PATCH}"
+
+       epatch ${PATCHES[@]}
+       eapply_user
+       eautoreconf
+}
+
+src_configure() {
+       append-flags -fno-strict-aliasing
+
+       # do not build PDF docs
+       export ac_cv_prog_PDFLATEX=no
+       export ac_cv_prog_LATEXMK=no
+
+       econf \
+               --enable-exampledir=/usr/share/doc/${PF}/samples \
+               --enable-irdp \
+               --enable-isisd \
+               --enable-isis-topology \
+               --enable-pimd \
+               --enable-user=quagga \
+               --enable-group=quagga \
+               --enable-vty-group=quagga \
+               --with-cflags="${CFLAGS}" \
+               --with-pkg-extra-version="-gentoo" \
+               --sysconfdir=/etc/quagga \
+               --localstatedir=/run/quagga \
+               --disable-static \
+               $(use_enable caps capabilities) \
+               $(usex snmp '--enable-snmp' '' '' '') \
+               $(use_enable !elibc_glibc pcreposix) \
+               $(use_enable tcp-zebra) \
+               $(use_enable doc) \
+               $(usex multipath $(use_enable multipath) '' '=0' '') \
+               $(usex ospfapi '--enable-opaque-lsa --enable-ospf-te 
--enable-ospfclient' '' '' '') \
+               $(use_enable readline vtysh) \
+               $(use_with pam libpam) \
+               $(use_enable ipv6 ripngd) \
+               $(use_enable ipv6 ospf6d) \
+               $(use_enable ipv6 rtadv)
+}
+
+src_install() {
+       default
+       prune_libtool_files
+       readme.gentoo_create_doc
+
+       keepdir /etc/quagga
+       fowners root:quagga /etc/quagga
+       fperms 0770 /etc/quagga
+
+       # Path for PIDs before first reboot should be created here, bug #558194
+       dodir /run/quagga
+       fowners quagga:quagga /run/quagga
+       fperms 0770 /run/quagga
+
+       # Install systemd-related stuff, bug #553136
+       systemd_dotmpfilesd "${FILESDIR}/systemd/quagga.conf"
+       systemd_dounit "${FILESDIR}/systemd/zebra.service"
+
+       # install zebra as a file, symlink the rest
+       newinitd "${FILESDIR}"/quagga-services.init.3 zebra
+
+       for service in bgpd isisd ospfd pimd ripd $(use ipv6 && echo ospf6d 
ripngd); do
+               dosym zebra /etc/init.d/${service}
+               systemd_dounit "${FILESDIR}/systemd/${service}.service"
+       done
+
+       use readline && use pam && newpamd "${FILESDIR}/quagga.pam" quagga
+
+       insinto /etc/logrotate.d
+       newins redhat/quagga.logrotate quagga
+}
+
+pkg_postinst() {
+       readme.gentoo_print_elog
+}