[gentoo-commits] repo/gentoo:master commit in: net-misc/quagga/, net-misc/quagga/files/

2017-02-22 Thread Sergey Popov 
commit: dc5b408f07d67d6b88fe33e42c43ad8b62917c43
Author: Sergey Popov  gentoo  org>
AuthorDate: Wed Feb 22 08:41:30 2017 +
Commit: Sergey Popov  gentoo  org>
CommitDate: Wed Feb 22 08:41:51 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc5b408f

net-misc/quagga: security cleanup

Gentoo-Bug: 607212

Package-Manager: portage-2.3.3

 net-misc/quagga/Manifest   |   1 -
 .../quagga-1.1.0-supress-dev-build-logs.patch  |  25 
 net-misc/quagga/quagga-1.1.0-r2.ebuild | 135 -
 3 files changed, 161 deletions(-)

diff --git a/net-misc/quagga/Manifest b/net-misc/quagga/Manifest
index d043043998..66cdb2380e 100644
--- a/net-misc/quagga/Manifest
+++ b/net-misc/quagga/Manifest
@@ -1,3 +1,2 @@
 DIST ht-20040304-classless-bgp.patch 1581 SHA256 
39993890f9e31d662ed0564c732fb22392a901beb45b64261ffeadd9edf27887 SHA512 
3df102d8ab88aaee1f109a2310602d6f734f2268252e5e42df752df7db7abeac526e969289481c4abfe905dcd41c35dee65196c48ac320fe9d083305451476e8
 WHIRLPOOL 
cef99d64d52ab8c28bd672fb93dfbd8d716a31c76a5403496a6d104a5ff39531d6085134124d41fe4ff7adf895fa001cbe77b6e42846d849d6c108c81583d04e
-DIST quagga-1.1.0.tar.gz 2870278 SHA256 
f7a43a9c59bfd3722002210530b2553c8d5cc05bfea5acd56d4f102b9f55dc63 SHA512 
3b29a90c4f05593714bda3c702fd2c8886ce48fba2fbfb98f55cc04d1025edd5427944e9a9fb7cd630e5e8ccea388b72a8e611ab65c370e760f3f319d03f090f
 WHIRLPOOL 
ee4a78b1d20aa9e7e7aea1f0be2adee83efa0fd47a807a4ec1affb1e059fee156861b612f73716cbf80e96cc6676baed062b9440ea7664198078cd6760380573
 DIST quagga-1.1.1.tar.gz 2871705 SHA256 
b5a94e5bdad3062e04595a5692b8cc435f0a85102f75dfdca0a06d093b4ef63f SHA512 
51eb64ada07b42c663705cedf56be5b8b54143a5543b472e3dc7c703a4ab0542f39cfbeed64d1c33ceee6a15ea8d25ef84616fa40b6bf9cc32023f7241c18c58
 WHIRLPOOL 
795aa54b7930c441cbbc40a67db75865ccecada523164c906dd4a1b385b51820bff061ca58265fc67d1a814c8162d8b6e6758a4aab47ba54dab58cf846cb28be

diff --git a/net-misc/quagga/files/quagga-1.1.0-supress-dev-build-logs.patch 
b/net-misc/quagga/files/quagga-1.1.0-supress-dev-build-logs.patch
deleted file mode 100644
index e0d27d0fd1..00
--- a/net-misc/quagga/files/quagga-1.1.0-supress-dev-build-logs.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-commit 92193665 warns about duplicate node installs.  This should only be
-enabled for dev builds beacuse it causes unwanted noise on production
-builds.  I've enclosed the relevant commands in #ifdef DEV_BUILD, which may
-or may not be appropriate.  If there's a more appropriate compile-time
-option available, that could be used instead.
-

- lib/command.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/lib/command.c b/lib/command.c
-index ab46fc4..bff86e5 100644
 a/lib/command.c
-+++ b/lib/command.c
-@@ -638,9 +638,11 @@ install_element (enum node_type ntype, struct cmd_element 
*cmd)
-   
-   if (hash_lookup (cnode->cmd_hash, cmd) != NULL)
- {
-+#ifdef DEV_BUILD
-   fprintf (stderr, 
-"Multiple command installs to node %d of command:\n%s\n",
-ntype, cmd->string);
-+#endif
-   return;
- }

diff --git a/net-misc/quagga/quagga-1.1.0-r2.ebuild 
b/net-misc/quagga/quagga-1.1.0-r2.ebuild
deleted file mode 100644
index a152fb2fa0..00
--- a/net-misc/quagga/quagga-1.1.0-r2.ebuild
+++ /dev/null
@@ -1,135 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-CLASSLESS_BGP_PATCH=ht-20040304-classless-bgp.patch
-
-inherit autotools eutils flag-o-matic multilib pam readme.gentoo-r1 systemd 
user
-
-DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and 
BGP"
-HOMEPAGE="http://quagga.net/;
-SRC_URI="mirror://nongnu/${PN}/${P}.tar.gz
-   bgpclassless? ( 
http://hasso.linux.ee/stuff/patches/quagga/${CLASSLESS_BGP_PATCH} )"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ppc ~s390 sparc x86"
-
-IUSE="bgpclassless caps doc elibc_glibc ipv6 multipath ospfapi pam protobuf 
+readline snmp tcp-zebra"
-
-COMMON_DEPEND="
-   caps? ( sys-libs/libcap )
-   protobuf? ( dev-libs/protobuf-c:0= )
-   readline? (
-   sys-libs/readline:0=
-   pam? ( sys-libs/pam )
-   )
-   snmp? ( net-analyzer/net-snmp )
-   !elibc_glibc? ( dev-libs/libpcre )"
-DEPEND="${COMMON_DEPEND}
-   sys-apps/gawk
-   sys-devel/libtool:2"
-RDEPEND="${COMMON_DEPEND}
-   sys-apps/iproute2"
-
-PATCHES=(
-   "${FILESDIR}/${PN}-0.99.22.4-ipctl-forwarding.patch"
-   "${FILESDIR}/${P}-supress-dev-build-logs.patch"
-)
-
-DISABLE_AUTOFORMATTING=1
-DOC_CONTENTS="Sample configuration files can be found in 
/usr/share/doc/${PF}/samples
-You have to create config files in /etc/quagga before
-starting one of the daemons.
-
-You can pass additional options to the daemon by setting the EXTRA_OPTS
-variable in their respective file in /etc/conf.d"
-
-pkg_setup() {
-   enewgroup quagga
-

[gentoo-commits] repo/gentoo:master commit in: net-misc/quagga/, net-misc/quagga/files/

2016-12-15 Thread Sergey Popov 
commit: c56e561a155c8b1abeb567bc5c94caca3126b2eb
Author: Sergey Popov  gentoo  org>
AuthorDate: Thu Dec 15 15:16:47 2016 +
Commit: Sergey Popov  gentoo  org>
CommitDate: Thu Dec 15 15:16:47 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c56e561a

net-misc/quagga: revision bump

Supress excessive warning logs, useful only for developers

Package-Manager: portage-2.3.2

 .../quagga-1.1.0-supress-dev-build-logs.patch  |  25 
 net-misc/quagga/quagga-1.1.0-r1.ebuild | 135 +
 2 files changed, 160 insertions(+)

diff --git a/net-misc/quagga/files/quagga-1.1.0-supress-dev-build-logs.patch 
b/net-misc/quagga/files/quagga-1.1.0-supress-dev-build-logs.patch
new file mode 100644
index ..e0d27d0
--- /dev/null
+++ b/net-misc/quagga/files/quagga-1.1.0-supress-dev-build-logs.patch
@@ -0,0 +1,25 @@
+commit 92193665 warns about duplicate node installs.  This should only be
+enabled for dev builds beacuse it causes unwanted noise on production
+builds.  I've enclosed the relevant commands in #ifdef DEV_BUILD, which may
+or may not be appropriate.  If there's a more appropriate compile-time
+option available, that could be used instead.
+
+---
+ lib/command.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/command.c b/lib/command.c
+index ab46fc4..bff86e5 100644
+--- a/lib/command.c
 b/lib/command.c
+@@ -638,9 +638,11 @@ install_element (enum node_type ntype, struct cmd_element 
*cmd)
+   
+   if (hash_lookup (cnode->cmd_hash, cmd) != NULL)
+ {
++#ifdef DEV_BUILD
+   fprintf (stderr, 
+"Multiple command installs to node %d of command:\n%s\n",
+ntype, cmd->string);
++#endif
+   return;
+ }

diff --git a/net-misc/quagga/quagga-1.1.0-r1.ebuild 
b/net-misc/quagga/quagga-1.1.0-r1.ebuild
new file mode 100644
index ..086618e
--- /dev/null
+++ b/net-misc/quagga/quagga-1.1.0-r1.ebuild
@@ -0,0 +1,135 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+CLASSLESS_BGP_PATCH=ht-20040304-classless-bgp.patch
+
+inherit autotools eutils flag-o-matic multilib pam readme.gentoo-r1 systemd 
user
+
+DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and 
BGP"
+HOMEPAGE="http://quagga.net/;
+SRC_URI="mirror://nongnu/${PN}/${P}.tar.gz
+   bgpclassless? ( 
http://hasso.linux.ee/stuff/patches/quagga/${CLASSLESS_BGP_PATCH} )"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~s390 ~sparc ~x86"
+
+IUSE="bgpclassless caps doc elibc_glibc ipv6 multipath ospfapi pam protobuf 
+readline snmp tcp-zebra"
+
+COMMON_DEPEND="
+   caps? ( sys-libs/libcap )
+   protobuf? ( dev-libs/protobuf:0= )
+   readline? (
+   sys-libs/readline:0=
+   pam? ( sys-libs/pam )
+   )
+   snmp? ( net-analyzer/net-snmp )
+   !elibc_glibc? ( dev-libs/libpcre )"
+DEPEND="${COMMON_DEPEND}
+   sys-apps/gawk
+   sys-devel/libtool:2"
+RDEPEND="${COMMON_DEPEND}
+   sys-apps/iproute2"
+
+PATCHES=(
+   "${FILESDIR}/${PN}-0.99.22.4-ipctl-forwarding.patch"
+   "${FILESDIR}/${P}-supress-dev-build-logs.patch"
+)
+
+DISABLE_AUTOFORMATTING=1
+DOC_CONTENTS="Sample configuration files can be found in 
/usr/share/doc/${PF}/samples
+You have to create config files in /etc/quagga before
+starting one of the daemons.
+
+You can pass additional options to the daemon by setting the EXTRA_OPTS
+variable in their respective file in /etc/conf.d"
+
+pkg_setup() {
+   enewgroup quagga
+   enewuser quagga -1 -1 /var/empty quagga
+}
+
+src_prepare() {
+   # Classless prefixes for BGP
+   # http://hasso.linux.ee/doku.php/english:network:quagga
+   use bgpclassless && eapply -p0 "${DISTDIR}/${CLASSLESS_BGP_PATCH}"
+
+   eapply ${PATCHES[@]}
+   eapply_user
+   eautoreconf
+}
+
+src_configure() {
+   append-flags -fno-strict-aliasing
+
+   # do not build PDF docs
+   export ac_cv_prog_PDFLATEX=no
+   export ac_cv_prog_LATEXMK=no
+
+   econf \
+   --enable-exampledir=/usr/share/doc/${PF}/samples \
+   --enable-irdp \
+   --enable-isisd \
+   --enable-isis-topology \
+   --enable-pimd \
+   --enable-user=quagga \
+   --enable-group=quagga \
+   --enable-vty-group=quagga \
+   --with-cflags="${CFLAGS}" \
+   --with-pkg-extra-version="-gentoo" \
+   --sysconfdir=/etc/quagga \
+   --localstatedir=/run/quagga \
+   --disable-static \
+   $(use_enable caps capabilities) \
+   $(usex snmp '--enable-snmp' '' '' '') \
+   $(use_enable !elibc_glibc pcreposix) \
+   $(use_enable tcp-zebra) \
+   $(use_enable doc) \
+   $(usex multipath $(use_enable multipath) '' '=0' '') \
+   $(usex

[gentoo-commits] repo/gentoo:master commit in: net-misc/quagga/, net-misc/quagga/files/

2016-10-18 Thread Sergey Popov 
commit: 5a041e0100b705ec223a925e656373b9b0e40fa7
Author: Sergey Popov  gentoo  org>
AuthorDate: Tue Oct 18 15:25:41 2016 +
Commit: Sergey Popov  gentoo  org>
CommitDate: Tue Oct 18 15:35:50 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a041e01

net-misc/quagga: revision bump

Backport upstream security fix for stack overrun
in IPv6 RA receive code in zebra daemon.

Reported-by: Agostino Sarubbo  gentoo.org>
Gentoo-Bug: 597410

Package-Manager: portage-2.3.2

 ...uagga-1.0.20160315-zebra-ipv6-ra-overflow.patch |  48 
 net-misc/quagga/quagga-1.0.20160315-r4.ebuild  | 137 +
 2 files changed, 185 insertions(+)

diff --git 
a/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch 
b/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch
new file mode 100644
index ..74b8add
--- /dev/null
+++ b/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch
@@ -0,0 +1,48 @@
+commit cfb1fae25f8c092e0d17073eaf7bd428ce1cd546
+Author: David Lamparter 
+Date:   Wed Aug 31 13:31:16 2016 +0200
+
+zebra: stack overrun in IPv6 RA receive code (CVE-2016-1245)
+
+The IPv6 RA code also receives ICMPv6 RS and RA messages.
+Unfortunately, by bad coding practice, the buffer size specified on
+receiving such messages mixed up 2 constants that in fact have
+different values.
+
+The code itself has:
+ #define RTADV_MSG_SIZE 4096
+While BUFSIZ is system-dependent, in my case (x86_64 glibc):
+ /usr/include/_G_config.h:#define _G_BUFSIZ 8192
+ /usr/include/libio.h:#define _IO_BUFSIZ _G_BUFSIZ
+ /usr/include/stdio.h:# define BUFSIZ _IO_BUFSIZ
+
+FreeBSD, OpenBSD, NetBSD and Illumos are not affected, since all of them
+have BUFSIZ == 1024.
+
+As the latter is passed to the kernel on recvmsg(), it's possible to
+overwrite 4kB of stack -- with ICMPv6 packets that can be globally sent
+to any of the system's addresses (using fragmentation to get to 8k).
+
+(The socket has filters installed limiting this to RS and RA packets,
+but does not have a filter for source address or TTL.)
+
+Issue discovered by trying to test other stuff, which randomly caused
+the stack to be smaller than 8kB in that code location, which then
+causes the kernel to report EFAULT (Bad address).
+
+Signed-off-by: David Lamparter 
+Reviewed-by: Donald Sharp 
+
+diff --git a/zebra/rtadv.c b/zebra/rtadv.c
+index d4ef1b8..2f62714 100644
+--- a/zebra/rtadv.c
 b/zebra/rtadv.c
+@@ -482,7 +482,7 @@ rtadv_read (struct thread *thread)
+   /* Register myself. */
+   rtadv_event (zvrf, RTADV_READ, sock);
+ 
+-  len = rtadv_recv_packet (sock, buf, BUFSIZ, , , );
++  len = rtadv_recv_packet (sock, buf, sizeof (buf), , , 
);
+ 
+   if (len < 0) 
+ {

diff --git a/net-misc/quagga/quagga-1.0.20160315-r4.ebuild 
b/net-misc/quagga/quagga-1.0.20160315-r4.ebuild
new file mode 100644
index ..b6af57e
--- /dev/null
+++ b/net-misc/quagga/quagga-1.0.20160315-r4.ebuild
@@ -0,0 +1,137 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+CLASSLESS_BGP_PATCH=ht-20040304-classless-bgp.patch
+
+inherit autotools eutils flag-o-matic multilib pam readme.gentoo-r1 systemd 
user
+
+DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and 
BGP"
+HOMEPAGE="http://quagga.net/;
+SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz
+   bgpclassless? ( 
http://hasso.linux.ee/stuff/patches/quagga/${CLASSLESS_BGP_PATCH} )"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~s390 ~sparc ~x86"
+
+IUSE="bgpclassless caps doc elibc_glibc ipv6 multipath ospfapi pam +readline 
snmp tcp-zebra"
+
+COMMON_DEPEND="
+   caps? ( sys-libs/libcap )
+   snmp? ( net-analyzer/net-snmp )
+   readline? (
+   sys-libs/readline:0
+   pam? ( sys-libs/pam )
+   )
+   !elibc_glibc? ( dev-libs/libpcre )"
+DEPEND="${COMMON_DEPEND}
+   app-arch/xz-utils
+   sys-apps/gawk
+   sys-devel/libtool:2"
+RDEPEND="${COMMON_DEPEND}
+   sys-apps/iproute2"
+
+PATCHES=(
+   "${FILESDIR}/${PN}-0.99.22.4-ipctl-forwarding.patch"
+   "${FILESDIR}/${P}-ripd-null-pointer-fix.patch"
+   "${FILESDIR}/${P}-ospfd-dangling-pointer-fix.patch"
+   "${FILESDIR}/${P}-bgpd-logging-fix.patch"
+   "${FILESDIR}/${P}-zebra-ipv6-ra-overflow.patch"
+)
+
+DISABLE_AUTOFORMATTING=1
+DOC_CONTENTS="Sample configuration files can be found in 
/usr/share/doc/${PF}/samples
+You have to create config files in /etc/quagga before
+starting one of the daemons.
+
+You can pass additional options to the daemon by setting the EXTRA_OPTS
+variable in their respective file in /etc/conf.d"
+
+pkg_setup() {
+   enewgroup quagga
+   enewuser