[gentoo-commits] repo/gentoo:master commit in: net-misc/quagga/, net-misc/quagga/files/
commit: dc5b408f07d67d6b88fe33e42c43ad8b62917c43 Author: Sergey Popov gentoo org> AuthorDate: Wed Feb 22 08:41:30 2017 + Commit: Sergey Popov gentoo org> CommitDate: Wed Feb 22 08:41:51 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc5b408f net-misc/quagga: security cleanup Gentoo-Bug: 607212 Package-Manager: portage-2.3.3 net-misc/quagga/Manifest | 1 - .../quagga-1.1.0-supress-dev-build-logs.patch | 25 net-misc/quagga/quagga-1.1.0-r2.ebuild | 135 - 3 files changed, 161 deletions(-) diff --git a/net-misc/quagga/Manifest b/net-misc/quagga/Manifest index d043043998..66cdb2380e 100644 --- a/net-misc/quagga/Manifest +++ b/net-misc/quagga/Manifest @@ -1,3 +1,2 @@ DIST ht-20040304-classless-bgp.patch 1581 SHA256 39993890f9e31d662ed0564c732fb22392a901beb45b64261ffeadd9edf27887 SHA512 3df102d8ab88aaee1f109a2310602d6f734f2268252e5e42df752df7db7abeac526e969289481c4abfe905dcd41c35dee65196c48ac320fe9d083305451476e8 WHIRLPOOL cef99d64d52ab8c28bd672fb93dfbd8d716a31c76a5403496a6d104a5ff39531d6085134124d41fe4ff7adf895fa001cbe77b6e42846d849d6c108c81583d04e -DIST quagga-1.1.0.tar.gz 2870278 SHA256 f7a43a9c59bfd3722002210530b2553c8d5cc05bfea5acd56d4f102b9f55dc63 SHA512 3b29a90c4f05593714bda3c702fd2c8886ce48fba2fbfb98f55cc04d1025edd5427944e9a9fb7cd630e5e8ccea388b72a8e611ab65c370e760f3f319d03f090f WHIRLPOOL ee4a78b1d20aa9e7e7aea1f0be2adee83efa0fd47a807a4ec1affb1e059fee156861b612f73716cbf80e96cc6676baed062b9440ea7664198078cd6760380573 DIST quagga-1.1.1.tar.gz 2871705 SHA256 b5a94e5bdad3062e04595a5692b8cc435f0a85102f75dfdca0a06d093b4ef63f SHA512 51eb64ada07b42c663705cedf56be5b8b54143a5543b472e3dc7c703a4ab0542f39cfbeed64d1c33ceee6a15ea8d25ef84616fa40b6bf9cc32023f7241c18c58 WHIRLPOOL 795aa54b7930c441cbbc40a67db75865ccecada523164c906dd4a1b385b51820bff061ca58265fc67d1a814c8162d8b6e6758a4aab47ba54dab58cf846cb28be diff --git a/net-misc/quagga/files/quagga-1.1.0-supress-dev-build-logs.patch b/net-misc/quagga/files/quagga-1.1.0-supress-dev-build-logs.patch deleted file mode 100644 index e0d27d0fd1..00 --- a/net-misc/quagga/files/quagga-1.1.0-supress-dev-build-logs.patch +++ /dev/null @@ -1,25 +0,0 @@ -commit 92193665 warns about duplicate node installs. This should only be -enabled for dev builds beacuse it causes unwanted noise on production -builds. I've enclosed the relevant commands in #ifdef DEV_BUILD, which may -or may not be appropriate. If there's a more appropriate compile-time -option available, that could be used instead. - - lib/command.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lib/command.c b/lib/command.c -index ab46fc4..bff86e5 100644 a/lib/command.c -+++ b/lib/command.c -@@ -638,9 +638,11 @@ install_element (enum node_type ntype, struct cmd_element *cmd) - - if (hash_lookup (cnode->cmd_hash, cmd) != NULL) - { -+#ifdef DEV_BUILD - fprintf (stderr, -"Multiple command installs to node %d of command:\n%s\n", -ntype, cmd->string); -+#endif - return; - } diff --git a/net-misc/quagga/quagga-1.1.0-r2.ebuild b/net-misc/quagga/quagga-1.1.0-r2.ebuild deleted file mode 100644 index a152fb2fa0..00 --- a/net-misc/quagga/quagga-1.1.0-r2.ebuild +++ /dev/null @@ -1,135 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=6 - -CLASSLESS_BGP_PATCH=ht-20040304-classless-bgp.patch - -inherit autotools eutils flag-o-matic multilib pam readme.gentoo-r1 systemd user - -DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and BGP" -HOMEPAGE="http://quagga.net/; -SRC_URI="mirror://nongnu/${PN}/${P}.tar.gz - bgpclassless? ( http://hasso.linux.ee/stuff/patches/quagga/${CLASSLESS_BGP_PATCH} )" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ppc ~s390 sparc x86" - -IUSE="bgpclassless caps doc elibc_glibc ipv6 multipath ospfapi pam protobuf +readline snmp tcp-zebra" - -COMMON_DEPEND=" - caps? ( sys-libs/libcap ) - protobuf? ( dev-libs/protobuf-c:0= ) - readline? ( - sys-libs/readline:0= - pam? ( sys-libs/pam ) - ) - snmp? ( net-analyzer/net-snmp ) - !elibc_glibc? ( dev-libs/libpcre )" -DEPEND="${COMMON_DEPEND} - sys-apps/gawk - sys-devel/libtool:2" -RDEPEND="${COMMON_DEPEND} - sys-apps/iproute2" - -PATCHES=( - "${FILESDIR}/${PN}-0.99.22.4-ipctl-forwarding.patch" - "${FILESDIR}/${P}-supress-dev-build-logs.patch" -) - -DISABLE_AUTOFORMATTING=1 -DOC_CONTENTS="Sample configuration files can be found in /usr/share/doc/${PF}/samples -You have to create config files in /etc/quagga before -starting one of the daemons. - -You can pass additional options to the daemon by setting the EXTRA_OPTS -variable in their respective file in /etc/conf.d" - -pkg_setup() { - enewgroup quagga -
[gentoo-commits] repo/gentoo:master commit in: net-misc/quagga/, net-misc/quagga/files/
commit: c56e561a155c8b1abeb567bc5c94caca3126b2eb Author: Sergey Popov gentoo org> AuthorDate: Thu Dec 15 15:16:47 2016 + Commit: Sergey Popov gentoo org> CommitDate: Thu Dec 15 15:16:47 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c56e561a net-misc/quagga: revision bump Supress excessive warning logs, useful only for developers Package-Manager: portage-2.3.2 .../quagga-1.1.0-supress-dev-build-logs.patch | 25 net-misc/quagga/quagga-1.1.0-r1.ebuild | 135 + 2 files changed, 160 insertions(+) diff --git a/net-misc/quagga/files/quagga-1.1.0-supress-dev-build-logs.patch b/net-misc/quagga/files/quagga-1.1.0-supress-dev-build-logs.patch new file mode 100644 index ..e0d27d0 --- /dev/null +++ b/net-misc/quagga/files/quagga-1.1.0-supress-dev-build-logs.patch @@ -0,0 +1,25 @@ +commit 92193665 warns about duplicate node installs. This should only be +enabled for dev builds beacuse it causes unwanted noise on production +builds. I've enclosed the relevant commands in #ifdef DEV_BUILD, which may +or may not be appropriate. If there's a more appropriate compile-time +option available, that could be used instead. + +--- + lib/command.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/command.c b/lib/command.c +index ab46fc4..bff86e5 100644 +--- a/lib/command.c b/lib/command.c +@@ -638,9 +638,11 @@ install_element (enum node_type ntype, struct cmd_element *cmd) + + if (hash_lookup (cnode->cmd_hash, cmd) != NULL) + { ++#ifdef DEV_BUILD + fprintf (stderr, +"Multiple command installs to node %d of command:\n%s\n", +ntype, cmd->string); ++#endif + return; + } diff --git a/net-misc/quagga/quagga-1.1.0-r1.ebuild b/net-misc/quagga/quagga-1.1.0-r1.ebuild new file mode 100644 index ..086618e --- /dev/null +++ b/net-misc/quagga/quagga-1.1.0-r1.ebuild @@ -0,0 +1,135 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +CLASSLESS_BGP_PATCH=ht-20040304-classless-bgp.patch + +inherit autotools eutils flag-o-matic multilib pam readme.gentoo-r1 systemd user + +DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and BGP" +HOMEPAGE="http://quagga.net/; +SRC_URI="mirror://nongnu/${PN}/${P}.tar.gz + bgpclassless? ( http://hasso.linux.ee/stuff/patches/quagga/${CLASSLESS_BGP_PATCH} )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~s390 ~sparc ~x86" + +IUSE="bgpclassless caps doc elibc_glibc ipv6 multipath ospfapi pam protobuf +readline snmp tcp-zebra" + +COMMON_DEPEND=" + caps? ( sys-libs/libcap ) + protobuf? ( dev-libs/protobuf:0= ) + readline? ( + sys-libs/readline:0= + pam? ( sys-libs/pam ) + ) + snmp? ( net-analyzer/net-snmp ) + !elibc_glibc? ( dev-libs/libpcre )" +DEPEND="${COMMON_DEPEND} + sys-apps/gawk + sys-devel/libtool:2" +RDEPEND="${COMMON_DEPEND} + sys-apps/iproute2" + +PATCHES=( + "${FILESDIR}/${PN}-0.99.22.4-ipctl-forwarding.patch" + "${FILESDIR}/${P}-supress-dev-build-logs.patch" +) + +DISABLE_AUTOFORMATTING=1 +DOC_CONTENTS="Sample configuration files can be found in /usr/share/doc/${PF}/samples +You have to create config files in /etc/quagga before +starting one of the daemons. + +You can pass additional options to the daemon by setting the EXTRA_OPTS +variable in their respective file in /etc/conf.d" + +pkg_setup() { + enewgroup quagga + enewuser quagga -1 -1 /var/empty quagga +} + +src_prepare() { + # Classless prefixes for BGP + # http://hasso.linux.ee/doku.php/english:network:quagga + use bgpclassless && eapply -p0 "${DISTDIR}/${CLASSLESS_BGP_PATCH}" + + eapply ${PATCHES[@]} + eapply_user + eautoreconf +} + +src_configure() { + append-flags -fno-strict-aliasing + + # do not build PDF docs + export ac_cv_prog_PDFLATEX=no + export ac_cv_prog_LATEXMK=no + + econf \ + --enable-exampledir=/usr/share/doc/${PF}/samples \ + --enable-irdp \ + --enable-isisd \ + --enable-isis-topology \ + --enable-pimd \ + --enable-user=quagga \ + --enable-group=quagga \ + --enable-vty-group=quagga \ + --with-cflags="${CFLAGS}" \ + --with-pkg-extra-version="-gentoo" \ + --sysconfdir=/etc/quagga \ + --localstatedir=/run/quagga \ + --disable-static \ + $(use_enable caps capabilities) \ + $(usex snmp '--enable-snmp' '' '' '') \ + $(use_enable !elibc_glibc pcreposix) \ + $(use_enable tcp-zebra) \ + $(use_enable doc) \ + $(usex multipath $(use_enable multipath) '' '=0' '') \ + $(usex
[gentoo-commits] repo/gentoo:master commit in: net-misc/quagga/, net-misc/quagga/files/
commit: 5a041e0100b705ec223a925e656373b9b0e40fa7 Author: Sergey Popov gentoo org> AuthorDate: Tue Oct 18 15:25:41 2016 + Commit: Sergey Popov gentoo org> CommitDate: Tue Oct 18 15:35:50 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a041e01 net-misc/quagga: revision bump Backport upstream security fix for stack overrun in IPv6 RA receive code in zebra daemon. Reported-by: Agostino Sarubbo gentoo.org> Gentoo-Bug: 597410 Package-Manager: portage-2.3.2 ...uagga-1.0.20160315-zebra-ipv6-ra-overflow.patch | 48 net-misc/quagga/quagga-1.0.20160315-r4.ebuild | 137 + 2 files changed, 185 insertions(+) diff --git a/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch b/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch new file mode 100644 index ..74b8add --- /dev/null +++ b/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch @@ -0,0 +1,48 @@ +commit cfb1fae25f8c092e0d17073eaf7bd428ce1cd546 +Author: David Lamparter+Date: Wed Aug 31 13:31:16 2016 +0200 + +zebra: stack overrun in IPv6 RA receive code (CVE-2016-1245) + +The IPv6 RA code also receives ICMPv6 RS and RA messages. +Unfortunately, by bad coding practice, the buffer size specified on +receiving such messages mixed up 2 constants that in fact have +different values. + +The code itself has: + #define RTADV_MSG_SIZE 4096 +While BUFSIZ is system-dependent, in my case (x86_64 glibc): + /usr/include/_G_config.h:#define _G_BUFSIZ 8192 + /usr/include/libio.h:#define _IO_BUFSIZ _G_BUFSIZ + /usr/include/stdio.h:# define BUFSIZ _IO_BUFSIZ + +FreeBSD, OpenBSD, NetBSD and Illumos are not affected, since all of them +have BUFSIZ == 1024. + +As the latter is passed to the kernel on recvmsg(), it's possible to +overwrite 4kB of stack -- with ICMPv6 packets that can be globally sent +to any of the system's addresses (using fragmentation to get to 8k). + +(The socket has filters installed limiting this to RS and RA packets, +but does not have a filter for source address or TTL.) + +Issue discovered by trying to test other stuff, which randomly caused +the stack to be smaller than 8kB in that code location, which then +causes the kernel to report EFAULT (Bad address). + +Signed-off-by: David Lamparter +Reviewed-by: Donald Sharp + +diff --git a/zebra/rtadv.c b/zebra/rtadv.c +index d4ef1b8..2f62714 100644 +--- a/zebra/rtadv.c b/zebra/rtadv.c +@@ -482,7 +482,7 @@ rtadv_read (struct thread *thread) + /* Register myself. */ + rtadv_event (zvrf, RTADV_READ, sock); + +- len = rtadv_recv_packet (sock, buf, BUFSIZ, , , ); ++ len = rtadv_recv_packet (sock, buf, sizeof (buf), , , ); + + if (len < 0) + { diff --git a/net-misc/quagga/quagga-1.0.20160315-r4.ebuild b/net-misc/quagga/quagga-1.0.20160315-r4.ebuild new file mode 100644 index ..b6af57e --- /dev/null +++ b/net-misc/quagga/quagga-1.0.20160315-r4.ebuild @@ -0,0 +1,137 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +CLASSLESS_BGP_PATCH=ht-20040304-classless-bgp.patch + +inherit autotools eutils flag-o-matic multilib pam readme.gentoo-r1 systemd user + +DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and BGP" +HOMEPAGE="http://quagga.net/; +SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz + bgpclassless? ( http://hasso.linux.ee/stuff/patches/quagga/${CLASSLESS_BGP_PATCH} )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~s390 ~sparc ~x86" + +IUSE="bgpclassless caps doc elibc_glibc ipv6 multipath ospfapi pam +readline snmp tcp-zebra" + +COMMON_DEPEND=" + caps? ( sys-libs/libcap ) + snmp? ( net-analyzer/net-snmp ) + readline? ( + sys-libs/readline:0 + pam? ( sys-libs/pam ) + ) + !elibc_glibc? ( dev-libs/libpcre )" +DEPEND="${COMMON_DEPEND} + app-arch/xz-utils + sys-apps/gawk + sys-devel/libtool:2" +RDEPEND="${COMMON_DEPEND} + sys-apps/iproute2" + +PATCHES=( + "${FILESDIR}/${PN}-0.99.22.4-ipctl-forwarding.patch" + "${FILESDIR}/${P}-ripd-null-pointer-fix.patch" + "${FILESDIR}/${P}-ospfd-dangling-pointer-fix.patch" + "${FILESDIR}/${P}-bgpd-logging-fix.patch" + "${FILESDIR}/${P}-zebra-ipv6-ra-overflow.patch" +) + +DISABLE_AUTOFORMATTING=1 +DOC_CONTENTS="Sample configuration files can be found in /usr/share/doc/${PF}/samples +You have to create config files in /etc/quagga before +starting one of the daemons. + +You can pass additional options to the daemon by setting the EXTRA_OPTS +variable in their respective file in /etc/conf.d" + +pkg_setup() { + enewgroup quagga + enewuser