commit: 20a70440a3d662b3f1fe250f5b9194aab0f3eae9
Author: Sergey Popov <pinkbyte <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 24 10:34:13 2017 +0000
Commit: Sergey Popov <pinkbyte <AT> gentoo <DOT> org>
CommitDate: Tue Jan 24 10:35:52 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20a70440
net-misc/quagga: fix quoting in eapply call, security cleanup
Gentoo-Bug: 581526
Package-Manager: portage-2.3.3
net-misc/quagga/Manifest | 1 -
.../quagga-1.0.20160315-bgpd-logging-fix.patch | 30 -----
...a-1.0.20160315-ospfd-dangling-pointer-fix.patch | 134 --------------------
...quagga-1.0.20160315-ripd-null-pointer-fix.patch | 40 ------
...uagga-1.0.20160315-zebra-ipv6-ra-overflow.patch | 48 --------
net-misc/quagga/quagga-1.0.20160315-r4.ebuild | 137 ---------------------
net-misc/quagga/quagga-1.1.0-r2.ebuild | 2 +-
7 files changed, 1 insertion(+), 391 deletions(-)
diff --git a/net-misc/quagga/Manifest b/net-misc/quagga/Manifest
index ee21e46..ed50e66 100644
--- a/net-misc/quagga/Manifest
+++ b/net-misc/quagga/Manifest
@@ -1,3 +1,2 @@
DIST ht-20040304-classless-bgp.patch 1581 SHA256
39993890f9e31d662ed0564c732fb22392a901beb45b64261ffeadd9edf27887 SHA512
3df102d8ab88aaee1f109a2310602d6f734f2268252e5e42df752df7db7abeac526e969289481c4abfe905dcd41c35dee65196c48ac320fe9d083305451476e8
WHIRLPOOL
cef99d64d52ab8c28bd672fb93dfbd8d716a31c76a5403496a6d104a5ff39531d6085134124d41fe4ff7adf895fa001cbe77b6e42846d849d6c108c81583d04e
-DIST quagga-1.0.20160315.tar.xz 1819488 SHA256
d284af5dd875dbba90ab875d40db5d68fdc9ede17a76f2af525f85344be56767 SHA512
ad633d189017a2cef68cf1653b85e082a0dc4fe146720a985da8cdf2aa4c61f2df8a8339419c986e9d74aa88f7f7109bc6d0c13d9ff4904a23852cee3e112edc
WHIRLPOOL
6f0ac5da5fef382cf7a462f8d2c139bb0d8068e7b772cd48b63aa0752098515d6b5eb9a10a4e1fc7021085e0635248f6075d937901c6207d51bd0f284388541c
DIST quagga-1.1.0.tar.gz 2870278 SHA256
f7a43a9c59bfd3722002210530b2553c8d5cc05bfea5acd56d4f102b9f55dc63 SHA512
3b29a90c4f05593714bda3c702fd2c8886ce48fba2fbfb98f55cc04d1025edd5427944e9a9fb7cd630e5e8ccea388b72a8e611ab65c370e760f3f319d03f090f
WHIRLPOOL
ee4a78b1d20aa9e7e7aea1f0be2adee83efa0fd47a807a4ec1affb1e059fee156861b612f73716cbf80e96cc6676baed062b9440ea7664198078cd6760380573
diff --git a/net-misc/quagga/files/quagga-1.0.20160315-bgpd-logging-fix.patch
b/net-misc/quagga/files/quagga-1.0.20160315-bgpd-logging-fix.patch
deleted file mode 100644
index 7c7f54c..00000000
--- a/net-misc/quagga/files/quagga-1.0.20160315-bgpd-logging-fix.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
-index 740b0f1..9cbb5b5 100644
---- a/bgpd/bgp_packet.c
-+++ b/bgpd/bgp_packet.c
-@@ -1631,7 +1631,7 @@ bgp_update_receive (struct peer *peer, bgp_size_t size)
- NLRI_TYPE_MAX,
- };
- struct bgp_nlri nlris[NLRI_TYPE_MAX];
--
-+
- /* Status must be Established. */
- if (peer->status != Established)
- {
-@@ -1645,6 +1645,7 @@ bgp_update_receive (struct peer *peer, bgp_size_t size)
- memset (&attr, 0, sizeof (struct attr));
- memset (&extra, 0, sizeof (struct attr_extra));
- memset (&nlris, 0, sizeof nlris);
-+
- attr.extra = &extra;
-
- s = peer->ibuf;
-@@ -1781,6 +1782,8 @@ bgp_update_receive (struct peer *peer, bgp_size_t size)
- /* Parse any given NLRIs */
- for (i = NLRI_UPDATE; i < NLRI_TYPE_MAX; i++)
- {
-+ if (!nlris[i].nlri) continue;
-+
- /* We use afi and safi as indices into tables and what not. It would
- * be impossible, at this time, to support unknown afi/safis. And
- * anyway, the peer needs to be configured to enable the afi/safi
diff --git
a/net-misc/quagga/files/quagga-1.0.20160315-ospfd-dangling-pointer-fix.patch
b/net-misc/quagga/files/quagga-1.0.20160315-ospfd-dangling-pointer-fix.patch
deleted file mode 100644
index cc24fba..00000000
--- a/net-misc/quagga/files/quagga-1.0.20160315-ospfd-dangling-pointer-fix.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From bb01bdd740339b0c07d8ed0786811801b2a79192 Mon Sep 17 00:00:00 2001
-From: Jafar Al-Gharaibeh <ja...@atcorp.com>
-Date: Thu, 21 Apr 2016 21:22:33 +0000
-Subject: ospfd: fix - correct neighbor index on changing/p2p/virtual links
-
-ospfd keeps a list of neighbor routers for each configured interface. This
- list is indexed using the neighbor router id in case of point-to-point and
- virtual link types, otherwise the list is indexed using the neighbor's
- source IP (RFC 2328, page 96). The router adds itself as a "pseudo" neighbor
- on each link, and also keeps a pointer called (nbr_self) to the neighbor
- structure. This takes place when the interface is first configured. Currently
- ospfd adds this pseudo neighbor before the link parameters are fully
configure,
- including whether the link type is point-to-point or virtual link. This causes
- the pseudo neighbor to be always indexed using the source IP address
regardless
- of th link type. For point-to-point and virtual links, this causes the lookup
- for the pseudo neighbor to always fail because the lookup is done using the
- router id whereas the neighbor was added using its source IP address.
- This becomes really problematic if there is a state change that requires a
- rebuild of nbr_self, changing the router id for example. When resetting
- nbr_self, the router first tries to remove the pseudo neighbor form its
- neighbor list on each link by looking it up and resetting any references to it
- before freeing the neighbor structure. since the lookup fails to retrieve any
- references in the case of point-to-point and virtual links the neighbor
- structure is freed leaving dangling references to it. Any access to the
- neighbor list after that is bound to stumble over this dangling pointer
- causing ospfd to crash.
-
-Signed-off-by: Jafar Al-Gharaibeh <ja...@atcorp.com>
-Tested-by: NetDEF CI System <cisys...@netdef.org>
----
-diff --git a/ospfd/ospf_interface.c b/ospfd/ospf_interface.c
-index f4242b0..d54bc47 100644
---- a/ospfd/ospf_interface.c
-+++ b/ospfd/ospf_interface.c
-@@ -232,8 +232,8 @@ ospf_if_new (struct ospf *ospf, struct interface *ifp,
struct prefix *p)
- /* Set default values. */
- ospf_if_reset_variables (oi);
-
-- /* Add pseudo neighbor. */
-- oi->nbr_self = ospf_nbr_new (oi);
-+ /* Set pseudo neighbor to Null */
-+ oi->nbr_self = NULL;
-
- oi->ls_upd_queue = route_table_init ();
- oi->t_ls_upd_event = NULL;
-@@ -902,7 +902,9 @@ ospf_vl_new (struct ospf *ospf, struct ospf_vl_data
*vl_data)
- if (IS_DEBUG_OSPF_EVENT)
- zlog_debug ("ospf_vl_new(): set associated area to the backbone");
-
-- ospf_nbr_add_self (voi);
-+ /* Add pseudo neighbor. */
-+ ospf_nbr_self_reset (voi);
-+
- ospf_area_add_if (voi->area, voi);
-
- ospf_if_stream_set (voi);
-diff --git a/ospfd/ospf_neighbor.c b/ospfd/ospf_neighbor.c
-index 862de5e..06e63dd 100644
---- a/ospfd/ospf_neighbor.c
-+++ b/ospfd/ospf_neighbor.c
-@@ -181,6 +181,35 @@ ospf_nbr_delete (struct ospf_neighbor *nbr)
-
- route_unlock_node (rn);
- }
-+ else
-+ {
-+ /*
-+ * This neighbor was not found, but before we move on and
-+ * free the neighbor structre, make sure that it was not
-+ * indexed incorrectly and ended up in the "worng" place
-+ */
-+
-+ /* Reverse the lookup rules */
-+ if (oi->type == OSPF_IFTYPE_VIRTUALLINK ||
-+ oi->type == OSPF_IFTYPE_POINTOPOINT)
-+ p.u.prefix4 = nbr->src;
-+ else
-+ p.u.prefix4 = nbr->router_id;
-+
-+ rn = route_node_lookup (oi->nbrs, &p);
-+ if (rn){
-+ /* We found the neighbor!
-+ * Now make sure it is not the exact same neighbor
-+ * structure that we are about to free
-+ */
-+ if (nbr == rn->info){
-+ /* Same neighbor, drop the reference to it */
-+ rn->info = NULL;
-+ route_unlock_node (rn);
-+ }
-+ route_unlock_node (rn);
-+ }
-+ }
-
- /* Free ospf_neighbor structure. */
- ospf_nbr_free (nbr);
-@@ -207,7 +236,9 @@ ospf_nbr_bidirectional (struct in_addr *router_id,
- void
- ospf_nbr_self_reset (struct ospf_interface *oi)
- {
-- ospf_nbr_delete (oi->nbr_self);
-+ if (oi->nbr_self)
-+ ospf_nbr_delete (oi->nbr_self);
-+
- oi->nbr_self = ospf_nbr_new (oi);
- ospf_nbr_add_self (oi);
- }
-diff --git a/ospfd/ospfd.c b/ospfd/ospfd.c
-index c9fcdc3..cc76e9e 100644
---- a/ospfd/ospfd.c
-+++ b/ospfd/ospfd.c
-@@ -754,9 +754,6 @@ add_ospf_interface (struct connected *co, struct ospf_area
*area)
- oi->params = ospf_lookup_if_params (co->ifp, oi->address->u.prefix4);
- oi->output_cost = ospf_if_get_output_cost (oi);
-
-- /* Add pseudo neighbor. */
-- ospf_nbr_add_self (oi);
--
- /* Relate ospf interface to ospf instance. */
- oi->ospf = area->ospf;
-
-@@ -765,6 +762,9 @@ add_ospf_interface (struct connected *co, struct ospf_area
*area)
- skip network type setting. */
- oi->type = IF_DEF_PARAMS (co->ifp)->type;
-
-+ /* Add pseudo neighbor. */
-+ ospf_nbr_self_reset (oi);
-+
- ospf_area_add_if (oi->area, oi);
-
- /* if router_id is not configured, dont bring up
---
-cgit v0.9.0.2
-
diff --git
a/net-misc/quagga/files/quagga-1.0.20160315-ripd-null-pointer-fix.patch
b/net-misc/quagga/files/quagga-1.0.20160315-ripd-null-pointer-fix.patch
deleted file mode 100644
index e48c304..00000000
--- a/net-misc/quagga/files/quagga-1.0.20160315-ripd-null-pointer-fix.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-The rip_output_process function dereferenced a NULL
-pointer. Core file examination showed that tmp_rinfo
-was NULL on line 2435. Looking at the last diff
-associated with this commit, it was obvious that
-a formating mistake had been made in the loop over
-the route nodes list of possible paths.
-
-Signed-off-by: Donald Sharp <sha...@cumulusnetworks.com>
-Reported-by: Sebastian Kricner <sebastian.kric...@tuxwave.net>
----
- ripd/ripd.c | 14 ++++++++------
- 1 file changed, 8 insertions(+), 6 deletions(-)
-
-diff --git a/ripd/ripd.c b/ripd/ripd.c
-index 82b1ada..0beb0e6 100644
---- a/ripd/ripd.c
-+++ b/ripd/ripd.c
-@@ -2429,12 +2429,14 @@ rip_output_process (struct connected *ifc, struct
sockaddr_in *to,
- struct rip_info *tmp_rinfo = NULL;
-
- for (ALL_LIST_ELEMENTS_RO (list, listnode, tmp_rinfo))
-- if (tmp_rinfo->type == ZEBRA_ROUTE_RIP &&
-- tmp_rinfo->ifindex == ifc->ifp->ifindex)
-- rinfo->metric_out = RIP_METRIC_INFINITY;
-- if (tmp_rinfo->type == ZEBRA_ROUTE_CONNECT &&
-- prefix_match((struct prefix *)p, ifc->address))
-- rinfo->metric_out = RIP_METRIC_INFINITY;
-+ {
-+ if (tmp_rinfo->type == ZEBRA_ROUTE_RIP &&
-+ tmp_rinfo->ifindex == ifc->ifp->ifindex)
-+ rinfo->metric_out = RIP_METRIC_INFINITY;
-+ if (tmp_rinfo->type == ZEBRA_ROUTE_CONNECT &&
-+ prefix_match((struct prefix *)p, ifc->address))
-+ rinfo->metric_out = RIP_METRIC_INFINITY;
-+ }
- }
-
- /* Prepare preamble, auth headers, if needs be */
---
-1.9.1
diff --git
a/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch
b/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch
deleted file mode 100644
index 74b8add..00000000
--- a/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-commit cfb1fae25f8c092e0d17073eaf7bd428ce1cd546
-Author: David Lamparter <equi...@opensourcerouting.org>
-Date: Wed Aug 31 13:31:16 2016 +0200
-
- zebra: stack overrun in IPv6 RA receive code (CVE-2016-1245)
-
- The IPv6 RA code also receives ICMPv6 RS and RA messages.
- Unfortunately, by bad coding practice, the buffer size specified on
- receiving such messages mixed up 2 constants that in fact have
- different values.
-
- The code itself has:
- #define RTADV_MSG_SIZE 4096
- While BUFSIZ is system-dependent, in my case (x86_64 glibc):
- /usr/include/_G_config.h:#define _G_BUFSIZ 8192
- /usr/include/libio.h:#define _IO_BUFSIZ _G_BUFSIZ
- /usr/include/stdio.h:# define BUFSIZ _IO_BUFSIZ
-
- FreeBSD, OpenBSD, NetBSD and Illumos are not affected, since all of them
- have BUFSIZ == 1024.
-
- As the latter is passed to the kernel on recvmsg(), it's possible to
- overwrite 4kB of stack -- with ICMPv6 packets that can be globally sent
- to any of the system's addresses (using fragmentation to get to 8k).
-
- (The socket has filters installed limiting this to RS and RA packets,
- but does not have a filter for source address or TTL.)
-
- Issue discovered by trying to test other stuff, which randomly caused
- the stack to be smaller than 8kB in that code location, which then
- causes the kernel to report EFAULT (Bad address).
-
- Signed-off-by: David Lamparter <equi...@opensourcerouting.org>
- Reviewed-by: Donald Sharp <sha...@cumulusnetworks.com>
-
-diff --git a/zebra/rtadv.c b/zebra/rtadv.c
-index d4ef1b8..2f62714 100644
---- a/zebra/rtadv.c
-+++ b/zebra/rtadv.c
-@@ -482,7 +482,7 @@ rtadv_read (struct thread *thread)
- /* Register myself. */
- rtadv_event (zvrf, RTADV_READ, sock);
-
-- len = rtadv_recv_packet (sock, buf, BUFSIZ, &from, &ifindex, &hoplimit);
-+ len = rtadv_recv_packet (sock, buf, sizeof (buf), &from, &ifindex,
&hoplimit);
-
- if (len < 0)
- {
diff --git a/net-misc/quagga/quagga-1.0.20160315-r4.ebuild
b/net-misc/quagga/quagga-1.0.20160315-r4.ebuild
deleted file mode 100644
index 009b6d4..00000000
--- a/net-misc/quagga/quagga-1.0.20160315-r4.ebuild
+++ /dev/null
@@ -1,137 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-CLASSLESS_BGP_PATCH=ht-20040304-classless-bgp.patch
-
-inherit autotools eutils flag-o-matic multilib pam readme.gentoo-r1 systemd
user
-
-DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and
BGP"
-HOMEPAGE="http://quagga.net/";
-SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz
- bgpclassless? (
http://hasso.linux.ee/stuff/patches/quagga/${CLASSLESS_BGP_PATCH} )"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ppc ~s390 sparc x86"
-
-IUSE="bgpclassless caps doc elibc_glibc ipv6 multipath ospfapi pam +readline
snmp tcp-zebra"
-
-COMMON_DEPEND="
- caps? ( sys-libs/libcap )
- snmp? ( net-analyzer/net-snmp )
- readline? (
- sys-libs/readline:0
- pam? ( sys-libs/pam )
- )
- !elibc_glibc? ( dev-libs/libpcre )"
-DEPEND="${COMMON_DEPEND}
- app-arch/xz-utils
- sys-apps/gawk
- sys-devel/libtool:2"
-RDEPEND="${COMMON_DEPEND}
- sys-apps/iproute2"
-
-PATCHES=(
- "${FILESDIR}/${PN}-0.99.22.4-ipctl-forwarding.patch"
- "${FILESDIR}/${P}-ripd-null-pointer-fix.patch"
- "${FILESDIR}/${P}-ospfd-dangling-pointer-fix.patch"
- "${FILESDIR}/${P}-bgpd-logging-fix.patch"
- "${FILESDIR}/${P}-zebra-ipv6-ra-overflow.patch"
-)
-
-DISABLE_AUTOFORMATTING=1
-DOC_CONTENTS="Sample configuration files can be found in
/usr/share/doc/${PF}/samples
-You have to create config files in /etc/quagga before
-starting one of the daemons.
-
-You can pass additional options to the daemon by setting the EXTRA_OPTS
-variable in their respective file in /etc/conf.d"
-
-pkg_setup() {
- enewgroup quagga
- enewuser quagga -1 -1 /var/empty quagga
-}
-
-src_prepare() {
- # Classless prefixes for BGP
- # http://hasso.linux.ee/doku.php/english:network:quagga
- use bgpclassless && eapply -p0 "${DISTDIR}/${CLASSLESS_BGP_PATCH}"
-
- epatch "${PATCHES[@]}"
- eapply_user
- eautoreconf
-}
-
-src_configure() {
- append-flags -fno-strict-aliasing
-
- # do not build PDF docs
- export ac_cv_prog_PDFLATEX=no
- export ac_cv_prog_LATEXMK=no
-
- econf \
- --enable-exampledir=/usr/share/doc/${PF}/samples \
- --enable-irdp \
- --enable-isisd \
- --enable-isis-topology \
- --enable-pimd \
- --enable-user=quagga \
- --enable-group=quagga \
- --enable-vty-group=quagga \
- --with-cflags="${CFLAGS}" \
- --with-pkg-extra-version="-gentoo" \
- --sysconfdir=/etc/quagga \
- --localstatedir=/run/quagga \
- --disable-static \
- $(use_enable caps capabilities) \
- $(usex snmp '--enable-snmp' '' '' '') \
- $(use_enable !elibc_glibc pcreposix) \
- $(use_enable tcp-zebra) \
- $(use_enable doc) \
- $(usex multipath $(use_enable multipath) '' '=0' '') \
- $(usex ospfapi '--enable-opaque-lsa --enable-ospf-te
--enable-ospfclient' '' '' '') \
- $(use_enable readline vtysh) \
- $(use_with pam libpam) \
- $(use_enable ipv6 ripngd) \
- $(use_enable ipv6 ospf6d) \
- $(use_enable ipv6 rtadv)
-}
-
-src_install() {
- default
- prune_libtool_files
- readme.gentoo_create_doc
-
- keepdir /etc/quagga
- fowners root:quagga /etc/quagga
- fperms 0770 /etc/quagga
-
- # Path for PIDs before first reboot should be created here, bug #558194
- dodir /run/quagga
- fowners quagga:quagga /run/quagga
- fperms 0770 /run/quagga
-
- # Install systemd-related stuff, bug #553136
- systemd_dotmpfilesd "${FILESDIR}/systemd/quagga.conf"
- systemd_dounit "${FILESDIR}/systemd/zebra.service"
-
- # install zebra as a file, symlink the rest
- newinitd "${FILESDIR}"/quagga-services.init.3 zebra
-
- for service in bgpd isisd ospfd pimd ripd $(use ipv6 && echo ospf6d
ripngd); do
- dosym zebra /etc/init.d/${service}
- systemd_dounit "${FILESDIR}/systemd/${service}.service"
- done
-
- use readline && use pam && newpamd "${FILESDIR}/quagga.pam" quagga
-
- insinto /etc/logrotate.d
- newins redhat/quagga.logrotate quagga
-}
-
-pkg_postinst() {
- readme.gentoo_print_elog
-}
diff --git a/net-misc/quagga/quagga-1.1.0-r2.ebuild
b/net-misc/quagga/quagga-1.1.0-r2.ebuild
index c306fb5..a152fb2 100644
--- a/net-misc/quagga/quagga-1.1.0-r2.ebuild
+++ b/net-misc/quagga/quagga-1.1.0-r2.ebuild
@@ -57,7 +57,7 @@ src_prepare() {
# http://hasso.linux.ee/doku.php/english:network:quagga
use bgpclassless && eapply -p0 "${DISTDIR}/${CLASSLESS_BGP_PATCH}"
- eapply ${PATCHES[@]}
+ eapply "${PATCHES[@]}"
eapply_user
eautoreconf
}
