diff options
author | Sergey Popov <pinkbyte@gentoo.org> | 2017-01-24 13:34:13 +0300 |
---|---|---|
committer | Sergey Popov <pinkbyte@gentoo.org> | 2017-01-24 13:35:52 +0300 |
commit | 20a70440a3d662b3f1fe250f5b9194aab0f3eae9 (patch) | |
tree | fca0ef5c79a47b79e1376a20e9fdd987f234f8bf /net-misc | |
parent | dev-lang/mono: bump (diff) | |
download | gentoo-20a70440a3d662b3f1fe250f5b9194aab0f3eae9.tar.gz gentoo-20a70440a3d662b3f1fe250f5b9194aab0f3eae9.tar.bz2 gentoo-20a70440a3d662b3f1fe250f5b9194aab0f3eae9.zip |
net-misc/quagga: fix quoting in eapply call, security cleanup
Gentoo-Bug: 581526
Package-Manager: portage-2.3.3
Diffstat (limited to 'net-misc')
7 files changed, 1 insertions, 391 deletions
diff --git a/net-misc/quagga/Manifest b/net-misc/quagga/Manifest index ee21e467d645..ed50e66e3e3b 100644 --- a/net-misc/quagga/Manifest +++ b/net-misc/quagga/Manifest @@ -1,3 +1,2 @@ DIST ht-20040304-classless-bgp.patch 1581 SHA256 39993890f9e31d662ed0564c732fb22392a901beb45b64261ffeadd9edf27887 SHA512 3df102d8ab88aaee1f109a2310602d6f734f2268252e5e42df752df7db7abeac526e969289481c4abfe905dcd41c35dee65196c48ac320fe9d083305451476e8 WHIRLPOOL cef99d64d52ab8c28bd672fb93dfbd8d716a31c76a5403496a6d104a5ff39531d6085134124d41fe4ff7adf895fa001cbe77b6e42846d849d6c108c81583d04e -DIST quagga-1.0.20160315.tar.xz 1819488 SHA256 d284af5dd875dbba90ab875d40db5d68fdc9ede17a76f2af525f85344be56767 SHA512 ad633d189017a2cef68cf1653b85e082a0dc4fe146720a985da8cdf2aa4c61f2df8a8339419c986e9d74aa88f7f7109bc6d0c13d9ff4904a23852cee3e112edc WHIRLPOOL 6f0ac5da5fef382cf7a462f8d2c139bb0d8068e7b772cd48b63aa0752098515d6b5eb9a10a4e1fc7021085e0635248f6075d937901c6207d51bd0f284388541c DIST quagga-1.1.0.tar.gz 2870278 SHA256 f7a43a9c59bfd3722002210530b2553c8d5cc05bfea5acd56d4f102b9f55dc63 SHA512 3b29a90c4f05593714bda3c702fd2c8886ce48fba2fbfb98f55cc04d1025edd5427944e9a9fb7cd630e5e8ccea388b72a8e611ab65c370e760f3f319d03f090f WHIRLPOOL ee4a78b1d20aa9e7e7aea1f0be2adee83efa0fd47a807a4ec1affb1e059fee156861b612f73716cbf80e96cc6676baed062b9440ea7664198078cd6760380573 diff --git a/net-misc/quagga/files/quagga-1.0.20160315-bgpd-logging-fix.patch b/net-misc/quagga/files/quagga-1.0.20160315-bgpd-logging-fix.patch deleted file mode 100644 index 7c7f54ccd258..000000000000 --- a/net-misc/quagga/files/quagga-1.0.20160315-bgpd-logging-fix.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c -index 740b0f1..9cbb5b5 100644 ---- a/bgpd/bgp_packet.c -+++ b/bgpd/bgp_packet.c -@@ -1631,7 +1631,7 @@ bgp_update_receive (struct peer *peer, bgp_size_t size) - NLRI_TYPE_MAX, - }; - struct bgp_nlri nlris[NLRI_TYPE_MAX]; -- -+ - /* Status must be Established. */ - if (peer->status != Established) - { -@@ -1645,6 +1645,7 @@ bgp_update_receive (struct peer *peer, bgp_size_t size) - memset (&attr, 0, sizeof (struct attr)); - memset (&extra, 0, sizeof (struct attr_extra)); - memset (&nlris, 0, sizeof nlris); -+ - attr.extra = &extra; - - s = peer->ibuf; -@@ -1781,6 +1782,8 @@ bgp_update_receive (struct peer *peer, bgp_size_t size) - /* Parse any given NLRIs */ - for (i = NLRI_UPDATE; i < NLRI_TYPE_MAX; i++) - { -+ if (!nlris[i].nlri) continue; -+ - /* We use afi and safi as indices into tables and what not. It would - * be impossible, at this time, to support unknown afi/safis. And - * anyway, the peer needs to be configured to enable the afi/safi diff --git a/net-misc/quagga/files/quagga-1.0.20160315-ospfd-dangling-pointer-fix.patch b/net-misc/quagga/files/quagga-1.0.20160315-ospfd-dangling-pointer-fix.patch deleted file mode 100644 index cc24fbad2dce..000000000000 --- a/net-misc/quagga/files/quagga-1.0.20160315-ospfd-dangling-pointer-fix.patch +++ /dev/null @@ -1,134 +0,0 @@ -From bb01bdd740339b0c07d8ed0786811801b2a79192 Mon Sep 17 00:00:00 2001 -From: Jafar Al-Gharaibeh <jafar@atcorp.com> -Date: Thu, 21 Apr 2016 21:22:33 +0000 -Subject: ospfd: fix - correct neighbor index on changing/p2p/virtual links - -ospfd keeps a list of neighbor routers for each configured interface. This - list is indexed using the neighbor router id in case of point-to-point and - virtual link types, otherwise the list is indexed using the neighbor's - source IP (RFC 2328, page 96). The router adds itself as a "pseudo" neighbor - on each link, and also keeps a pointer called (nbr_self) to the neighbor - structure. This takes place when the interface is first configured. Currently - ospfd adds this pseudo neighbor before the link parameters are fully configure, - including whether the link type is point-to-point or virtual link. This causes - the pseudo neighbor to be always indexed using the source IP address regardless - of th link type. For point-to-point and virtual links, this causes the lookup - for the pseudo neighbor to always fail because the lookup is done using the - router id whereas the neighbor was added using its source IP address. - This becomes really problematic if there is a state change that requires a - rebuild of nbr_self, changing the router id for example. When resetting - nbr_self, the router first tries to remove the pseudo neighbor form its - neighbor list on each link by looking it up and resetting any references to it - before freeing the neighbor structure. since the lookup fails to retrieve any - references in the case of point-to-point and virtual links the neighbor - structure is freed leaving dangling references to it. Any access to the - neighbor list after that is bound to stumble over this dangling pointer - causing ospfd to crash. - -Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com> -Tested-by: NetDEF CI System <cisystem@netdef.org> ---- -diff --git a/ospfd/ospf_interface.c b/ospfd/ospf_interface.c -index f4242b0..d54bc47 100644 ---- a/ospfd/ospf_interface.c -+++ b/ospfd/ospf_interface.c -@@ -232,8 +232,8 @@ ospf_if_new (struct ospf *ospf, struct interface *ifp, struct prefix *p) - /* Set default values. */ - ospf_if_reset_variables (oi); - -- /* Add pseudo neighbor. */ -- oi->nbr_self = ospf_nbr_new (oi); -+ /* Set pseudo neighbor to Null */ -+ oi->nbr_self = NULL; - - oi->ls_upd_queue = route_table_init (); - oi->t_ls_upd_event = NULL; -@@ -902,7 +902,9 @@ ospf_vl_new (struct ospf *ospf, struct ospf_vl_data *vl_data) - if (IS_DEBUG_OSPF_EVENT) - zlog_debug ("ospf_vl_new(): set associated area to the backbone"); - -- ospf_nbr_add_self (voi); -+ /* Add pseudo neighbor. */ -+ ospf_nbr_self_reset (voi); -+ - ospf_area_add_if (voi->area, voi); - - ospf_if_stream_set (voi); -diff --git a/ospfd/ospf_neighbor.c b/ospfd/ospf_neighbor.c -index 862de5e..06e63dd 100644 ---- a/ospfd/ospf_neighbor.c -+++ b/ospfd/ospf_neighbor.c -@@ -181,6 +181,35 @@ ospf_nbr_delete (struct ospf_neighbor *nbr) - - route_unlock_node (rn); - } -+ else -+ { -+ /* -+ * This neighbor was not found, but before we move on and -+ * free the neighbor structre, make sure that it was not -+ * indexed incorrectly and ended up in the "worng" place -+ */ -+ -+ /* Reverse the lookup rules */ -+ if (oi->type == OSPF_IFTYPE_VIRTUALLINK || -+ oi->type == OSPF_IFTYPE_POINTOPOINT) -+ p.u.prefix4 = nbr->src; -+ else -+ p.u.prefix4 = nbr->router_id; -+ -+ rn = route_node_lookup (oi->nbrs, &p); -+ if (rn){ -+ /* We found the neighbor! -+ * Now make sure it is not the exact same neighbor -+ * structure that we are about to free -+ */ -+ if (nbr == rn->info){ -+ /* Same neighbor, drop the reference to it */ -+ rn->info = NULL; -+ route_unlock_node (rn); -+ } -+ route_unlock_node (rn); -+ } -+ } - - /* Free ospf_neighbor structure. */ - ospf_nbr_free (nbr); -@@ -207,7 +236,9 @@ ospf_nbr_bidirectional (struct in_addr *router_id, - void - ospf_nbr_self_reset (struct ospf_interface *oi) - { -- ospf_nbr_delete (oi->nbr_self); -+ if (oi->nbr_self) -+ ospf_nbr_delete (oi->nbr_self); -+ - oi->nbr_self = ospf_nbr_new (oi); - ospf_nbr_add_self (oi); - } -diff --git a/ospfd/ospfd.c b/ospfd/ospfd.c -index c9fcdc3..cc76e9e 100644 ---- a/ospfd/ospfd.c -+++ b/ospfd/ospfd.c -@@ -754,9 +754,6 @@ add_ospf_interface (struct connected *co, struct ospf_area *area) - oi->params = ospf_lookup_if_params (co->ifp, oi->address->u.prefix4); - oi->output_cost = ospf_if_get_output_cost (oi); - -- /* Add pseudo neighbor. */ -- ospf_nbr_add_self (oi); -- - /* Relate ospf interface to ospf instance. */ - oi->ospf = area->ospf; - -@@ -765,6 +762,9 @@ add_ospf_interface (struct connected *co, struct ospf_area *area) - skip network type setting. */ - oi->type = IF_DEF_PARAMS (co->ifp)->type; - -+ /* Add pseudo neighbor. */ -+ ospf_nbr_self_reset (oi); -+ - ospf_area_add_if (oi->area, oi); - - /* if router_id is not configured, dont bring up --- -cgit v0.9.0.2 - diff --git a/net-misc/quagga/files/quagga-1.0.20160315-ripd-null-pointer-fix.patch b/net-misc/quagga/files/quagga-1.0.20160315-ripd-null-pointer-fix.patch deleted file mode 100644 index e48c30410c7a..000000000000 --- a/net-misc/quagga/files/quagga-1.0.20160315-ripd-null-pointer-fix.patch +++ /dev/null @@ -1,40 +0,0 @@ -The rip_output_process function dereferenced a NULL -pointer. Core file examination showed that tmp_rinfo -was NULL on line 2435. Looking at the last diff -associated with this commit, it was obvious that -a formating mistake had been made in the loop over -the route nodes list of possible paths. - -Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> -Reported-by: Sebastian Kricner <sebastian.kricner@tuxwave.net> ---- - ripd/ripd.c | 14 ++++++++------ - 1 file changed, 8 insertions(+), 6 deletions(-) - -diff --git a/ripd/ripd.c b/ripd/ripd.c -index 82b1ada..0beb0e6 100644 ---- a/ripd/ripd.c -+++ b/ripd/ripd.c -@@ -2429,12 +2429,14 @@ rip_output_process (struct connected *ifc, struct sockaddr_in *to, - struct rip_info *tmp_rinfo = NULL; - - for (ALL_LIST_ELEMENTS_RO (list, listnode, tmp_rinfo)) -- if (tmp_rinfo->type == ZEBRA_ROUTE_RIP && -- tmp_rinfo->ifindex == ifc->ifp->ifindex) -- rinfo->metric_out = RIP_METRIC_INFINITY; -- if (tmp_rinfo->type == ZEBRA_ROUTE_CONNECT && -- prefix_match((struct prefix *)p, ifc->address)) -- rinfo->metric_out = RIP_METRIC_INFINITY; -+ { -+ if (tmp_rinfo->type == ZEBRA_ROUTE_RIP && -+ tmp_rinfo->ifindex == ifc->ifp->ifindex) -+ rinfo->metric_out = RIP_METRIC_INFINITY; -+ if (tmp_rinfo->type == ZEBRA_ROUTE_CONNECT && -+ prefix_match((struct prefix *)p, ifc->address)) -+ rinfo->metric_out = RIP_METRIC_INFINITY; -+ } - } - - /* Prepare preamble, auth headers, if needs be */ --- -1.9.1 diff --git a/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch b/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch deleted file mode 100644 index 74b8add40c18..000000000000 --- a/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch +++ /dev/null @@ -1,48 +0,0 @@ -commit cfb1fae25f8c092e0d17073eaf7bd428ce1cd546 -Author: David Lamparter <equinox@opensourcerouting.org> -Date: Wed Aug 31 13:31:16 2016 +0200 - - zebra: stack overrun in IPv6 RA receive code (CVE-2016-1245) - - The IPv6 RA code also receives ICMPv6 RS and RA messages. - Unfortunately, by bad coding practice, the buffer size specified on - receiving such messages mixed up 2 constants that in fact have - different values. - - The code itself has: - #define RTADV_MSG_SIZE 4096 - While BUFSIZ is system-dependent, in my case (x86_64 glibc): - /usr/include/_G_config.h:#define _G_BUFSIZ 8192 - /usr/include/libio.h:#define _IO_BUFSIZ _G_BUFSIZ - /usr/include/stdio.h:# define BUFSIZ _IO_BUFSIZ - - FreeBSD, OpenBSD, NetBSD and Illumos are not affected, since all of them - have BUFSIZ == 1024. - - As the latter is passed to the kernel on recvmsg(), it's possible to - overwrite 4kB of stack -- with ICMPv6 packets that can be globally sent - to any of the system's addresses (using fragmentation to get to 8k). - - (The socket has filters installed limiting this to RS and RA packets, - but does not have a filter for source address or TTL.) - - Issue discovered by trying to test other stuff, which randomly caused - the stack to be smaller than 8kB in that code location, which then - causes the kernel to report EFAULT (Bad address). - - Signed-off-by: David Lamparter <equinox@opensourcerouting.org> - Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com> - -diff --git a/zebra/rtadv.c b/zebra/rtadv.c -index d4ef1b8..2f62714 100644 ---- a/zebra/rtadv.c -+++ b/zebra/rtadv.c -@@ -482,7 +482,7 @@ rtadv_read (struct thread *thread) - /* Register myself. */ - rtadv_event (zvrf, RTADV_READ, sock); - -- len = rtadv_recv_packet (sock, buf, BUFSIZ, &from, &ifindex, &hoplimit); -+ len = rtadv_recv_packet (sock, buf, sizeof (buf), &from, &ifindex, &hoplimit); - - if (len < 0) - { diff --git a/net-misc/quagga/quagga-1.0.20160315-r4.ebuild b/net-misc/quagga/quagga-1.0.20160315-r4.ebuild deleted file mode 100644 index 009b6d452070..000000000000 --- a/net-misc/quagga/quagga-1.0.20160315-r4.ebuild +++ /dev/null @@ -1,137 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=6 - -CLASSLESS_BGP_PATCH=ht-20040304-classless-bgp.patch - -inherit autotools eutils flag-o-matic multilib pam readme.gentoo-r1 systemd user - -DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and BGP" -HOMEPAGE="http://quagga.net/" -SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz - bgpclassless? ( http://hasso.linux.ee/stuff/patches/quagga/${CLASSLESS_BGP_PATCH} )" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ppc ~s390 sparc x86" - -IUSE="bgpclassless caps doc elibc_glibc ipv6 multipath ospfapi pam +readline snmp tcp-zebra" - -COMMON_DEPEND=" - caps? ( sys-libs/libcap ) - snmp? ( net-analyzer/net-snmp ) - readline? ( - sys-libs/readline:0 - pam? ( sys-libs/pam ) - ) - !elibc_glibc? ( dev-libs/libpcre )" -DEPEND="${COMMON_DEPEND} - app-arch/xz-utils - sys-apps/gawk - sys-devel/libtool:2" -RDEPEND="${COMMON_DEPEND} - sys-apps/iproute2" - -PATCHES=( - "${FILESDIR}/${PN}-0.99.22.4-ipctl-forwarding.patch" - "${FILESDIR}/${P}-ripd-null-pointer-fix.patch" - "${FILESDIR}/${P}-ospfd-dangling-pointer-fix.patch" - "${FILESDIR}/${P}-bgpd-logging-fix.patch" - "${FILESDIR}/${P}-zebra-ipv6-ra-overflow.patch" -) - -DISABLE_AUTOFORMATTING=1 -DOC_CONTENTS="Sample configuration files can be found in /usr/share/doc/${PF}/samples -You have to create config files in /etc/quagga before -starting one of the daemons. - -You can pass additional options to the daemon by setting the EXTRA_OPTS -variable in their respective file in /etc/conf.d" - -pkg_setup() { - enewgroup quagga - enewuser quagga -1 -1 /var/empty quagga -} - -src_prepare() { - # Classless prefixes for BGP - # http://hasso.linux.ee/doku.php/english:network:quagga - use bgpclassless && eapply -p0 "${DISTDIR}/${CLASSLESS_BGP_PATCH}" - - epatch "${PATCHES[@]}" - eapply_user - eautoreconf -} - -src_configure() { - append-flags -fno-strict-aliasing - - # do not build PDF docs - export ac_cv_prog_PDFLATEX=no - export ac_cv_prog_LATEXMK=no - - econf \ - --enable-exampledir=/usr/share/doc/${PF}/samples \ - --enable-irdp \ - --enable-isisd \ - --enable-isis-topology \ - --enable-pimd \ - --enable-user=quagga \ - --enable-group=quagga \ - --enable-vty-group=quagga \ - --with-cflags="${CFLAGS}" \ - --with-pkg-extra-version="-gentoo" \ - --sysconfdir=/etc/quagga \ - --localstatedir=/run/quagga \ - --disable-static \ - $(use_enable caps capabilities) \ - $(usex snmp '--enable-snmp' '' '' '') \ - $(use_enable !elibc_glibc pcreposix) \ - $(use_enable tcp-zebra) \ - $(use_enable doc) \ - $(usex multipath $(use_enable multipath) '' '=0' '') \ - $(usex ospfapi '--enable-opaque-lsa --enable-ospf-te --enable-ospfclient' '' '' '') \ - $(use_enable readline vtysh) \ - $(use_with pam libpam) \ - $(use_enable ipv6 ripngd) \ - $(use_enable ipv6 ospf6d) \ - $(use_enable ipv6 rtadv) -} - -src_install() { - default - prune_libtool_files - readme.gentoo_create_doc - - keepdir /etc/quagga - fowners root:quagga /etc/quagga - fperms 0770 /etc/quagga - - # Path for PIDs before first reboot should be created here, bug #558194 - dodir /run/quagga - fowners quagga:quagga /run/quagga - fperms 0770 /run/quagga - - # Install systemd-related stuff, bug #553136 - systemd_dotmpfilesd "${FILESDIR}/systemd/quagga.conf" - systemd_dounit "${FILESDIR}/systemd/zebra.service" - - # install zebra as a file, symlink the rest - newinitd "${FILESDIR}"/quagga-services.init.3 zebra - - for service in bgpd isisd ospfd pimd ripd $(use ipv6 && echo ospf6d ripngd); do - dosym zebra /etc/init.d/${service} - systemd_dounit "${FILESDIR}/systemd/${service}.service" - done - - use readline && use pam && newpamd "${FILESDIR}/quagga.pam" quagga - - insinto /etc/logrotate.d - newins redhat/quagga.logrotate quagga -} - -pkg_postinst() { - readme.gentoo_print_elog -} diff --git a/net-misc/quagga/quagga-1.1.0-r2.ebuild b/net-misc/quagga/quagga-1.1.0-r2.ebuild index c306fb588dd9..a152fb2fa02c 100644 --- a/net-misc/quagga/quagga-1.1.0-r2.ebuild +++ b/net-misc/quagga/quagga-1.1.0-r2.ebuild @@ -57,7 +57,7 @@ src_prepare() { # http://hasso.linux.ee/doku.php/english:network:quagga use bgpclassless && eapply -p0 "${DISTDIR}/${CLASSLESS_BGP_PATCH}" - eapply ${PATCHES[@]} + eapply "${PATCHES[@]}" eapply_user eautoreconf } |