net-misc/quagga: fix quoting in eapply call, security cleanup

Gentoo-Bug: 581526

Package-Manager: portage-2.3.3

7 files changed, 1 insertions, 391 deletions

diff --git a/net-misc/quagga/Manifest b/net-misc/quagga/Manifest
index ee21e467d645..ed50e66e3e3b 100644
--- a/net-misc/quagga/Manifest
+++ b/net-misc/quagga/Manifest
@@ -1,3 +1,2 @@
 DIST ht-20040304-classless-bgp.patch 1581 SHA256 39993890f9e31d662ed0564c732fb22392a901beb45b64261ffeadd9edf27887 SHA512 3df102d8ab88aaee1f109a2310602d6f734f2268252e5e42df752df7db7abeac526e969289481c4abfe905dcd41c35dee65196c48ac320fe9d083305451476e8 WHIRLPOOL cef99d64d52ab8c28bd672fb93dfbd8d716a31c76a5403496a6d104a5ff39531d6085134124d41fe4ff7adf895fa001cbe77b6e42846d849d6c108c81583d04e
-DIST quagga-1.0.20160315.tar.xz 1819488 SHA256 d284af5dd875dbba90ab875d40db5d68fdc9ede17a76f2af525f85344be56767 SHA512 ad633d189017a2cef68cf1653b85e082a0dc4fe146720a985da8cdf2aa4c61f2df8a8339419c986e9d74aa88f7f7109bc6d0c13d9ff4904a23852cee3e112edc WHIRLPOOL 6f0ac5da5fef382cf7a462f8d2c139bb0d8068e7b772cd48b63aa0752098515d6b5eb9a10a4e1fc7021085e0635248f6075d937901c6207d51bd0f284388541c
 DIST quagga-1.1.0.tar.gz 2870278 SHA256 f7a43a9c59bfd3722002210530b2553c8d5cc05bfea5acd56d4f102b9f55dc63 SHA512 3b29a90c4f05593714bda3c702fd2c8886ce48fba2fbfb98f55cc04d1025edd5427944e9a9fb7cd630e5e8ccea388b72a8e611ab65c370e760f3f319d03f090f WHIRLPOOL ee4a78b1d20aa9e7e7aea1f0be2adee83efa0fd47a807a4ec1affb1e059fee156861b612f73716cbf80e96cc6676baed062b9440ea7664198078cd6760380573
diff --git a/net-misc/quagga/files/quagga-1.0.20160315-bgpd-logging-fix.patch b/net-misc/quagga/files/quagga-1.0.20160315-bgpd-logging-fix.patch
deleted file mode 100644
index 7c7f54ccd258..000000000000
--- a/net-misc/quagga/files/quagga-1.0.20160315-bgpd-logging-fix.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
-index 740b0f1..9cbb5b5 100644
---- a/bgpd/bgp_packet.c
-+++ b/bgpd/bgp_packet.c
-@@ -1631,7 +1631,7 @@ bgp_update_receive (struct peer *peer, bgp_size_t size)
-     NLRI_TYPE_MAX,
-   };
-   struct bgp_nlri nlris[NLRI_TYPE_MAX];
--
-+  
-   /* Status must be Established. */
-   if (peer->status != Established) 
-     {
-@@ -1645,6 +1645,7 @@ bgp_update_receive (struct peer *peer, bgp_size_t size)
-   memset (&attr, 0, sizeof (struct attr));
-   memset (&extra, 0, sizeof (struct attr_extra));
-   memset (&nlris, 0, sizeof nlris);
-+  
-   attr.extra = &extra;
- 
-   s = peer->ibuf;
-@@ -1781,6 +1782,8 @@ bgp_update_receive (struct peer *peer, bgp_size_t size)
-   /* Parse any given NLRIs */
-   for (i = NLRI_UPDATE; i < NLRI_TYPE_MAX; i++)
-     {
-+      if (!nlris[i].nlri) continue;
-+      
-       /* We use afi and safi as indices into tables and what not.  It would
-        * be impossible, at this time, to support unknown afi/safis.  And
-        * anyway, the peer needs to be configured to enable the afi/safi
diff --git a/net-misc/quagga/files/quagga-1.0.20160315-ospfd-dangling-pointer-fix.patch b/net-misc/quagga/files/quagga-1.0.20160315-ospfd-dangling-pointer-fix.patch
deleted file mode 100644
index cc24fbad2dce..000000000000
--- a/net-misc/quagga/files/quagga-1.0.20160315-ospfd-dangling-pointer-fix.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From bb01bdd740339b0c07d8ed0786811801b2a79192 Mon Sep 17 00:00:00 2001
-From: Jafar Al-Gharaibeh <jafar@atcorp.com>
-Date: Thu, 21 Apr 2016 21:22:33 +0000
-Subject: ospfd: fix - correct neighbor index on changing/p2p/virtual links
-
-ospfd keeps a list of neighbor routers for each configured interface. This
- list is indexed using the neighbor router id in case of point-to-point and
- virtual link types, otherwise the list is indexed using the neighbor's
- source IP (RFC 2328, page 96). The router adds itself as a "pseudo" neighbor
- on each link, and also keeps a pointer called (nbr_self) to the neighbor
- structure. This takes place when the interface is first configured. Currently
- ospfd adds this pseudo neighbor before the link parameters are fully configure,
- including whether the link type is point-to-point or virtual link. This causes
- the pseudo neighbor to be always indexed using the source IP address regardless
- of th link type. For point-to-point and virtual links, this causes the lookup
- for the pseudo neighbor to always fail because the lookup is done using the
- router id whereas the neighbor was added using its source IP address.
- This becomes really problematic if there is a state change that requires a
- rebuild of nbr_self, changing the router id for example. When resetting
- nbr_self, the router first tries to remove the pseudo neighbor form its
- neighbor list on each link by looking it up and resetting any references to it
- before freeing the neighbor structure. since the lookup fails to retrieve any
- references in the case of point-to-point and virtual links the neighbor
- structure is freed leaving dangling references to it. Any access to the
- neighbor list after that is bound to stumble over this dangling pointer
- causing ospfd to crash.
-
-Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
-Tested-by: NetDEF CI System <cisystem@netdef.org>
----
-diff --git a/ospfd/ospf_interface.c b/ospfd/ospf_interface.c
-index f4242b0..d54bc47 100644
---- a/ospfd/ospf_interface.c
-+++ b/ospfd/ospf_interface.c
-@@ -232,8 +232,8 @@ ospf_if_new (struct ospf *ospf, struct interface *ifp, struct prefix *p)
-   /* Set default values. */
-   ospf_if_reset_variables (oi);
- 
--  /* Add pseudo neighbor. */
--  oi->nbr_self = ospf_nbr_new (oi);
-+  /* Set pseudo neighbor to Null */
-+  oi->nbr_self = NULL;
- 
-   oi->ls_upd_queue = route_table_init ();
-   oi->t_ls_upd_event = NULL;
-@@ -902,7 +902,9 @@ ospf_vl_new (struct ospf *ospf, struct ospf_vl_data *vl_data)
-   if (IS_DEBUG_OSPF_EVENT)
-     zlog_debug ("ospf_vl_new(): set associated area to the backbone");
- 
--  ospf_nbr_add_self (voi);
-+  /* Add pseudo neighbor. */
-+  ospf_nbr_self_reset (voi);
-+
-   ospf_area_add_if (voi->area, voi);
- 
-   ospf_if_stream_set (voi);
-diff --git a/ospfd/ospf_neighbor.c b/ospfd/ospf_neighbor.c
-index 862de5e..06e63dd 100644
---- a/ospfd/ospf_neighbor.c
-+++ b/ospfd/ospf_neighbor.c
-@@ -181,6 +181,35 @@ ospf_nbr_delete (struct ospf_neighbor *nbr)
- 
-       route_unlock_node (rn);
-     }
-+  else
-+    {
-+      /*
-+       * This neighbor was not found, but before we move on and
-+       * free the neighbor structre, make sure that it was not
-+       * indexed incorrectly and ended up in the "worng" place
-+       */
-+
-+      /* Reverse the lookup rules */
-+      if (oi->type == OSPF_IFTYPE_VIRTUALLINK ||
-+	  oi->type == OSPF_IFTYPE_POINTOPOINT)
-+	p.u.prefix4 = nbr->src;
-+      else
-+	p.u.prefix4 = nbr->router_id;
-+
-+      rn = route_node_lookup (oi->nbrs, &p);
-+      if (rn){
-+	/* We found the neighbor!
-+	 * Now make sure it is not the exact same neighbor
-+	 * structure that we are about to free
-+	 */
-+	if (nbr == rn->info){
-+	  /* Same neighbor, drop the reference to it */
-+	  rn->info = NULL;
-+	  route_unlock_node (rn);
-+	}
-+	route_unlock_node (rn);
-+      }
-+    }
- 
-   /* Free ospf_neighbor structure. */
-   ospf_nbr_free (nbr);
-@@ -207,7 +236,9 @@ ospf_nbr_bidirectional (struct in_addr *router_id,
- void
- ospf_nbr_self_reset (struct ospf_interface *oi)
- {
--  ospf_nbr_delete (oi->nbr_self);
-+  if (oi->nbr_self)
-+    ospf_nbr_delete (oi->nbr_self);
-+
-   oi->nbr_self = ospf_nbr_new (oi);
-   ospf_nbr_add_self (oi);
- }
-diff --git a/ospfd/ospfd.c b/ospfd/ospfd.c
-index c9fcdc3..cc76e9e 100644
---- a/ospfd/ospfd.c
-+++ b/ospfd/ospfd.c
-@@ -754,9 +754,6 @@ add_ospf_interface (struct connected *co, struct ospf_area *area)
-   oi->params = ospf_lookup_if_params (co->ifp, oi->address->u.prefix4);
-   oi->output_cost = ospf_if_get_output_cost (oi);
- 
--  /* Add pseudo neighbor. */
--  ospf_nbr_add_self (oi);
--
-   /* Relate ospf interface to ospf instance. */
-   oi->ospf = area->ospf;
- 
-@@ -765,6 +762,9 @@ add_ospf_interface (struct connected *co, struct ospf_area *area)
-      skip network type setting. */
-   oi->type = IF_DEF_PARAMS (co->ifp)->type;
- 
-+  /* Add pseudo neighbor. */
-+  ospf_nbr_self_reset (oi);
-+
-   ospf_area_add_if (oi->area, oi);
- 
-   /* if router_id is not configured, dont bring up
---
-cgit v0.9.0.2
-
diff --git a/net-misc/quagga/files/quagga-1.0.20160315-ripd-null-pointer-fix.patch b/net-misc/quagga/files/quagga-1.0.20160315-ripd-null-pointer-fix.patch
deleted file mode 100644
index e48c30410c7a..000000000000
--- a/net-misc/quagga/files/quagga-1.0.20160315-ripd-null-pointer-fix.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-The rip_output_process function dereferenced a NULL
-pointer.  Core file examination showed that tmp_rinfo
-was NULL on line 2435.  Looking at the last diff
-associated with this commit, it was obvious that
-a formating mistake had been made in the loop over
-the route nodes list of possible paths.
-
-Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
-Reported-by: Sebastian Kricner <sebastian.kricner@tuxwave.net>
----
- ripd/ripd.c | 14 ++++++++------
- 1 file changed, 8 insertions(+), 6 deletions(-)
-
-diff --git a/ripd/ripd.c b/ripd/ripd.c
-index 82b1ada..0beb0e6 100644
---- a/ripd/ripd.c
-+++ b/ripd/ripd.c
-@@ -2429,12 +2429,14 @@ rip_output_process (struct connected *ifc, struct sockaddr_in *to,
- 	  struct rip_info *tmp_rinfo = NULL;
- 
- 	  for (ALL_LIST_ELEMENTS_RO (list, listnode, tmp_rinfo))
--	    if (tmp_rinfo->type == ZEBRA_ROUTE_RIP  &&
--	        tmp_rinfo->ifindex == ifc->ifp->ifindex)
--	      rinfo->metric_out = RIP_METRIC_INFINITY;
--	  if (tmp_rinfo->type == ZEBRA_ROUTE_CONNECT &&
--              prefix_match((struct prefix *)p, ifc->address))
--	    rinfo->metric_out = RIP_METRIC_INFINITY;
-+            {
-+	      if (tmp_rinfo->type == ZEBRA_ROUTE_RIP  &&
-+	          tmp_rinfo->ifindex == ifc->ifp->ifindex)
-+	        rinfo->metric_out = RIP_METRIC_INFINITY;
-+	      if (tmp_rinfo->type == ZEBRA_ROUTE_CONNECT &&
-+                prefix_match((struct prefix *)p, ifc->address))
-+	        rinfo->metric_out = RIP_METRIC_INFINITY;
-+            }
- 	}
- 	
- 	/* Prepare preamble, auth headers, if needs be */
--- 
-1.9.1
diff --git a/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch b/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch
deleted file mode 100644
index 74b8add40c18..000000000000
--- a/net-misc/quagga/files/quagga-1.0.20160315-zebra-ipv6-ra-overflow.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-commit cfb1fae25f8c092e0d17073eaf7bd428ce1cd546
-Author: David Lamparter <equinox@opensourcerouting.org>
-Date:   Wed Aug 31 13:31:16 2016 +0200
-
-    zebra: stack overrun in IPv6 RA receive code (CVE-2016-1245)
-    
-    The IPv6 RA code also receives ICMPv6 RS and RA messages.
-    Unfortunately, by bad coding practice, the buffer size specified on
-    receiving such messages mixed up 2 constants that in fact have
-    different values.
-    
-    The code itself has:
-     #define RTADV_MSG_SIZE 4096
-    While BUFSIZ is system-dependent, in my case (x86_64 glibc):
-     /usr/include/_G_config.h:#define _G_BUFSIZ 8192
-     /usr/include/libio.h:#define _IO_BUFSIZ _G_BUFSIZ
-     /usr/include/stdio.h:# define BUFSIZ _IO_BUFSIZ
-    
-    FreeBSD, OpenBSD, NetBSD and Illumos are not affected, since all of them
-    have BUFSIZ == 1024.
-    
-    As the latter is passed to the kernel on recvmsg(), it's possible to
-    overwrite 4kB of stack -- with ICMPv6 packets that can be globally sent
-    to any of the system's addresses (using fragmentation to get to 8k).
-    
-    (The socket has filters installed limiting this to RS and RA packets,
-    but does not have a filter for source address or TTL.)
-    
-    Issue discovered by trying to test other stuff, which randomly caused
-    the stack to be smaller than 8kB in that code location, which then
-    causes the kernel to report EFAULT (Bad address).
-    
-    Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
-    Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
-
-diff --git a/zebra/rtadv.c b/zebra/rtadv.c
-index d4ef1b8..2f62714 100644
---- a/zebra/rtadv.c
-+++ b/zebra/rtadv.c
-@@ -482,7 +482,7 @@ rtadv_read (struct thread *thread)
-   /* Register myself. */
-   rtadv_event (zvrf, RTADV_READ, sock);
- 
--  len = rtadv_recv_packet (sock, buf, BUFSIZ, &from, &ifindex, &hoplimit);
-+  len = rtadv_recv_packet (sock, buf, sizeof (buf), &from, &ifindex, &hoplimit);
- 
-   if (len < 0) 
-     {
diff --git a/net-misc/quagga/quagga-1.0.20160315-r4.ebuild b/net-misc/quagga/quagga-1.0.20160315-r4.ebuild
deleted file mode 100644
index 009b6d452070..000000000000
--- a/net-misc/quagga/quagga-1.0.20160315-r4.ebuild
+++ /dev/null
@@ -1,137 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-CLASSLESS_BGP_PATCH=ht-20040304-classless-bgp.patch
-
-inherit autotools eutils flag-o-matic multilib pam readme.gentoo-r1 systemd user
-
-DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and BGP"
-HOMEPAGE="http://quagga.net/"
-SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz
-	bgpclassless? ( http://hasso.linux.ee/stuff/patches/quagga/${CLASSLESS_BGP_PATCH} )"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ppc ~s390 sparc x86"
-
-IUSE="bgpclassless caps doc elibc_glibc ipv6 multipath ospfapi pam +readline snmp tcp-zebra"
-
-COMMON_DEPEND="
-	caps? ( sys-libs/libcap )
-	snmp? ( net-analyzer/net-snmp )
-	readline? (
-		sys-libs/readline:0
-		pam? ( sys-libs/pam )
-	)
-	!elibc_glibc? ( dev-libs/libpcre )"
-DEPEND="${COMMON_DEPEND}
-	app-arch/xz-utils
-	sys-apps/gawk
-	sys-devel/libtool:2"
-RDEPEND="${COMMON_DEPEND}
-	sys-apps/iproute2"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-0.99.22.4-ipctl-forwarding.patch"
-	"${FILESDIR}/${P}-ripd-null-pointer-fix.patch"
-	"${FILESDIR}/${P}-ospfd-dangling-pointer-fix.patch"
-	"${FILESDIR}/${P}-bgpd-logging-fix.patch"
-	"${FILESDIR}/${P}-zebra-ipv6-ra-overflow.patch"
-)
-
-DISABLE_AUTOFORMATTING=1
-DOC_CONTENTS="Sample configuration files can be found in /usr/share/doc/${PF}/samples
-You have to create config files in /etc/quagga before
-starting one of the daemons.
-
-You can pass additional options to the daemon by setting the EXTRA_OPTS
-variable in their respective file in /etc/conf.d"
-
-pkg_setup() {
-	enewgroup quagga
-	enewuser quagga -1 -1 /var/empty quagga
-}
-
-src_prepare() {
-	# Classless prefixes for BGP
-	# http://hasso.linux.ee/doku.php/english:network:quagga
-	use bgpclassless && eapply -p0 "${DISTDIR}/${CLASSLESS_BGP_PATCH}"
-
-	epatch "${PATCHES[@]}"
-	eapply_user
-	eautoreconf
-}
-
-src_configure() {
-	append-flags -fno-strict-aliasing
-
-	# do not build PDF docs
-	export ac_cv_prog_PDFLATEX=no
-	export ac_cv_prog_LATEXMK=no
-
-	econf \
-		--enable-exampledir=/usr/share/doc/${PF}/samples \
-		--enable-irdp \
-		--enable-isisd \
-		--enable-isis-topology \
-		--enable-pimd \
-		--enable-user=quagga \
-		--enable-group=quagga \
-		--enable-vty-group=quagga \
-		--with-cflags="${CFLAGS}" \
-		--with-pkg-extra-version="-gentoo" \
-		--sysconfdir=/etc/quagga \
-		--localstatedir=/run/quagga \
-		--disable-static \
-		$(use_enable caps capabilities) \
-		$(usex snmp '--enable-snmp' '' '' '') \
-		$(use_enable !elibc_glibc pcreposix) \
-		$(use_enable tcp-zebra) \
-		$(use_enable doc) \
-		$(usex multipath $(use_enable multipath) '' '=0' '') \
-		$(usex ospfapi '--enable-opaque-lsa --enable-ospf-te --enable-ospfclient' '' '' '') \
-		$(use_enable readline vtysh) \
-		$(use_with pam libpam) \
-		$(use_enable ipv6 ripngd) \
-		$(use_enable ipv6 ospf6d) \
-		$(use_enable ipv6 rtadv)
-}
-
-src_install() {
-	default
-	prune_libtool_files
-	readme.gentoo_create_doc
-
-	keepdir /etc/quagga
-	fowners root:quagga /etc/quagga
-	fperms 0770 /etc/quagga
-
-	# Path for PIDs before first reboot should be created here, bug #558194
-	dodir /run/quagga
-	fowners quagga:quagga /run/quagga
-	fperms 0770 /run/quagga
-
-	# Install systemd-related stuff, bug #553136
-	systemd_dotmpfilesd "${FILESDIR}/systemd/quagga.conf"
-	systemd_dounit "${FILESDIR}/systemd/zebra.service"
-
-	# install zebra as a file, symlink the rest
-	newinitd "${FILESDIR}"/quagga-services.init.3 zebra
-
-	for service in bgpd isisd ospfd pimd ripd $(use ipv6 && echo ospf6d ripngd); do
-		dosym zebra /etc/init.d/${service}
-		systemd_dounit "${FILESDIR}/systemd/${service}.service"
-	done
-
-	use readline && use pam && newpamd "${FILESDIR}/quagga.pam" quagga
-
-	insinto /etc/logrotate.d
-	newins redhat/quagga.logrotate quagga
-}
-
-pkg_postinst() {
-	readme.gentoo_print_elog
-}
diff --git a/net-misc/quagga/quagga-1.1.0-r2.ebuild b/net-misc/quagga/quagga-1.1.0-r2.ebuild
index c306fb588dd9..a152fb2fa02c 100644
--- a/net-misc/quagga/quagga-1.1.0-r2.ebuild
+++ b/net-misc/quagga/quagga-1.1.0-r2.ebuild
@@ -57,7 +57,7 @@ src_prepare() {
 	# http://hasso.linux.ee/doku.php/english:network:quagga
 	use bgpclassless && eapply -p0 "${DISTDIR}/${CLASSLESS_BGP_PATCH}"
 
-	eapply ${PATCHES[@]}
+	eapply "${PATCHES[@]}"
 	eapply_user
 	eautoreconf
 }