| 1 |
commit: 1fcf255e57f136a173040ef65caa2bdc4f12ef4d |
| 2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Mon Jun 11 21:16:58 2018 +0000 |
| 4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Mon Jun 11 21:18:02 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1fcf255e |
| 7 |
|
| 8 |
net-dialup/ppp: Security revbump fixing pppd EAP-TLS buffer overflow |
| 9 |
|
| 10 |
(CVE-2018-11574) |
| 11 |
|
| 12 |
Bug: https://bugs.gentoo.org/657656 |
| 13 |
Package-Manager: Portage-2.3.40, Repoman-2.3.9 |
| 14 |
|
| 15 |
net-dialup/ppp/Manifest | 1 + |
| 16 |
net-dialup/ppp/ppp-2.4.7-r6.ebuild | 222 +++++++++++++++++++++++++++++++++++++ |
| 17 |
2 files changed, 223 insertions(+) |
| 18 |
|
| 19 |
diff --git a/net-dialup/ppp/Manifest b/net-dialup/ppp/Manifest |
| 20 |
index 4d3ce3942a1..4ba1d0eff35 100644 |
| 21 |
--- a/net-dialup/ppp/Manifest |
| 22 |
+++ b/net-dialup/ppp/Manifest |
| 23 |
@@ -1,4 +1,5 @@ |
| 24 |
DIST ppp-2.4.7-patches-4.tar.xz 37308 BLAKE2B a53ab7c230fac7fea38910c5d9bb89b8ecb8728e899ed938292040e788b43ab8566797256329c9326ab1e6d7a02bf231df035a6e7b427f187eab554d600a7822 SHA512 f217f7272a791605101e0f1885350db8ff8b580a647e670461b81fe0026ee9050ce68b9b9635edee89ec1ada7adf000c7e6b3aa5a5dafec875ce715a9dfb84d2 |
| 25 |
DIST ppp-2.4.7-patches-5.tar.xz 38680 BLAKE2B 56e4d3a5bc2486144791adf6ffb8a6cf0735f16fa8038a588f551d0fe7a71a15fe0d0630e4b5e3c4e0001ad161e22b660274885342807053277da14105958a69 SHA512 f8cdbb8fd4bf10eb5b4e911f1e8415f24d02297280aa6f5e63617c0533af41525bd54932eb050728320a2697efe5206d869f014bcfb8f8f3723ecefed1976adc |
| 26 |
+DIST ppp-2.4.7-patches-6.tar.xz 39420 BLAKE2B 22754af6f266ff43f6b3cc2931ca33e9d0865ce08b8eed6961740a3a06ec69b6406c702a86e7f4a7b2f7dc9e2a751581ae58cd4398cff5e6646e53ee069e08d7 SHA512 16342010515e6d69d446656b52208e3f034c47aad8643a1e2f48fa410343f8a2e0bc8b5223b4bdc381050d9dc49a7b7ac6bc74b37380072eb91214b216d8afa2 |
| 27 |
DIST ppp-2.4.7.tar.gz 688117 BLAKE2B e1c94ce31d98674536929d19e956e4013eb2b02c20c34e6184c0b99b50262ad1cd7fb6f4a1ed302872527a0c164af340e15ad1e2eaf191392c3f6ae2de21f5dd SHA512 e34ce24020af6a73e7a26c83c4f73a9c83fa455b7b363794dba27bf01f70368be06bff779777843949bd77f4bc9385d6ad455ea48bf8fff4e0d73cc8fef16ae2 |
| 28 |
DIST ppp-dhcpc.tgz 33497 BLAKE2B ca59130012f007cf45af6bcfa468c112b0d521c8b11f42d42c566dd9de55bd6d6f1b1ceb83cbae18cfe79cb5cb36ba6c6858a4718915acc6987295008aca53da SHA512 aeaf791b14f5a09c0e2079072a157e65132cbff46e608bc0724e6a5827a01da934f5006e2774eb7105f83e607a52cb4987238f4385cf6f5cc86cbe305a556738 |
| 29 |
|
| 30 |
diff --git a/net-dialup/ppp/ppp-2.4.7-r6.ebuild b/net-dialup/ppp/ppp-2.4.7-r6.ebuild |
| 31 |
new file mode 100644 |
| 32 |
index 00000000000..e0179693dca |
| 33 |
--- /dev/null |
| 34 |
+++ b/net-dialup/ppp/ppp-2.4.7-r6.ebuild |
| 35 |
@@ -0,0 +1,222 @@ |
| 36 |
+# Copyright 1999-2018 Gentoo Foundation |
| 37 |
+# Distributed under the terms of the GNU General Public License v2 |
| 38 |
+ |
| 39 |
+EAPI=6 |
| 40 |
+ |
| 41 |
+inherit linux-info multilib pam toolchain-funcs |
| 42 |
+ |
| 43 |
+PATCH_VER="6" |
| 44 |
+DESCRIPTION="Point-to-Point Protocol (PPP)" |
| 45 |
+HOMEPAGE="https://ppp.samba.org/" |
| 46 |
+SRC_URI="https://download.samba.org/pub/ppp/${P}.tar.gz |
| 47 |
+ https://dev.gentoo.org/~polynomial-c/${P}-patches-${PATCH_VER}.tar.xz |
| 48 |
+ http://www.netservers.net.uk/gpl/ppp-dhcpc.tgz" |
| 49 |
+ |
| 50 |
+LICENSE="BSD GPL-2" |
| 51 |
+SLOT="0/${PV}" |
| 52 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
| 53 |
+IUSE="activefilter atm dhcp eap-tls gtk ipv6 libressl pam radius" |
| 54 |
+ |
| 55 |
+DEPEND="activefilter? ( net-libs/libpcap ) |
| 56 |
+ atm? ( net-dialup/linux-atm ) |
| 57 |
+ pam? ( virtual/pam ) |
| 58 |
+ gtk? ( x11-libs/gtk+:2 ) |
| 59 |
+ eap-tls? ( |
| 60 |
+ !libressl? ( dev-libs/openssl:0= ) |
| 61 |
+ libressl? ( dev-libs/libressl:= ) |
| 62 |
+ )" |
| 63 |
+RDEPEND="${DEPEND}" |
| 64 |
+PDEPEND="net-dialup/ppp-scripts" |
| 65 |
+ |
| 66 |
+src_prepare() { |
| 67 |
+ mv "${WORKDIR}/dhcp" "${S}/pppd/plugins" || die |
| 68 |
+ |
| 69 |
+ if ! use eap-tls ; then |
| 70 |
+ rm "${WORKDIR}"/patch/8?_all_eaptls-* || die |
| 71 |
+ fi |
| 72 |
+ eapply "${WORKDIR}"/patch |
| 73 |
+ |
| 74 |
+ if use atm ; then |
| 75 |
+ einfo "Enabling PPPoATM support" |
| 76 |
+ sed -i '/^#HAVE_LIBATM=yes/s:#::' \ |
| 77 |
+ pppd/plugins/pppoatm/Makefile.linux || die |
| 78 |
+ fi |
| 79 |
+ |
| 80 |
+ if ! use activefilter ; then |
| 81 |
+ einfo "Disabling active filter" |
| 82 |
+ sed -i '/^FILTER=y/s:^:#:' pppd/Makefile.linux || die |
| 83 |
+ fi |
| 84 |
+ |
| 85 |
+ if use pam ; then |
| 86 |
+ einfo "Enabling PAM" |
| 87 |
+ sed -i '/^#USE_PAM=y/s:^#::' pppd/Makefile.linux || die |
| 88 |
+ fi |
| 89 |
+ |
| 90 |
+ if use ipv6 ; then |
| 91 |
+ einfo "Enabling IPv6" |
| 92 |
+ sed -i '/#HAVE_INET6/s:#::' pppd/Makefile.linux || die |
| 93 |
+ echo "+ipv6" >> etc.ppp/options || die |
| 94 |
+ fi |
| 95 |
+ |
| 96 |
+ einfo "Enabling CBCP" |
| 97 |
+ sed -i '/^#CBCP=y/s:#::' pppd/Makefile.linux || die |
| 98 |
+ |
| 99 |
+ if use dhcp ; then |
| 100 |
+ einfo "Adding ppp-dhcp plugin files" |
| 101 |
+ sed \ |
| 102 |
+ -e '/^SUBDIRS :=/s:$: dhcp:' \ |
| 103 |
+ -i pppd/plugins/Makefile.linux || die |
| 104 |
+ fi |
| 105 |
+ |
| 106 |
+ # Set correct libdir |
| 107 |
+ sed -i -e "s:/lib/pppd:/$(get_libdir)/pppd:" \ |
| 108 |
+ pppd/{pathnames.h,pppd.8} || die |
| 109 |
+ |
| 110 |
+ if use radius ; then |
| 111 |
+ #set the right paths in radiusclient.conf |
| 112 |
+ sed -e "s:/usr/local/etc:/etc:" \ |
| 113 |
+ -e "s:/usr/local/sbin:/usr/sbin:" \ |
| 114 |
+ -i pppd/plugins/radius/etc/radiusclient.conf || die |
| 115 |
+ #set config dir to /etc/ppp/radius |
| 116 |
+ sed -i -e "s:/etc/radiusclient:/etc/ppp/radius:g" \ |
| 117 |
+ pppd/plugins/radius/{*.8,*.c,*.h} \ |
| 118 |
+ pppd/plugins/radius/etc/* || die |
| 119 |
+ else |
| 120 |
+ einfo "Disabling radius" |
| 121 |
+ sed -i -e '/+= radius/s:^:#:' pppd/plugins/Makefile.linux || die |
| 122 |
+ fi |
| 123 |
+ |
| 124 |
+ eapply_user #549588 |
| 125 |
+} |
| 126 |
+ |
| 127 |
+src_compile() { |
| 128 |
+ tc-export AR CC |
| 129 |
+ emake COPTS="${CFLAGS} -D_GNU_SOURCE" |
| 130 |
+ |
| 131 |
+ # build pppgetpass |
| 132 |
+ cd contrib/pppgetpass || die |
| 133 |
+ if use gtk ; then |
| 134 |
+ emake -f Makefile.linux |
| 135 |
+ else |
| 136 |
+ emake pppgetpass.vt |
| 137 |
+ fi |
| 138 |
+} |
| 139 |
+ |
| 140 |
+src_install() { |
| 141 |
+ local i |
| 142 |
+ for i in chat pppd pppdump pppstats ; do |
| 143 |
+ doman ${i}/${i}.8 |
| 144 |
+ dosbin ${i}/${i} |
| 145 |
+ done |
| 146 |
+ fperms u+s-w /usr/sbin/pppd |
| 147 |
+ |
| 148 |
+ # Install pppd header files |
| 149 |
+ emake -C pppd INSTROOT="${D}" install-devel |
| 150 |
+ |
| 151 |
+ dosbin pppd/plugins/rp-pppoe/pppoe-discovery |
| 152 |
+ |
| 153 |
+ dodir /etc/ppp/peers |
| 154 |
+ insinto /etc/ppp |
| 155 |
+ insopts -m0600 |
| 156 |
+ newins etc.ppp/pap-secrets pap-secrets.example |
| 157 |
+ newins etc.ppp/chap-secrets chap-secrets.example |
| 158 |
+ |
| 159 |
+ insopts -m0644 |
| 160 |
+ doins etc.ppp/options |
| 161 |
+ |
| 162 |
+ pamd_mimic_system ppp auth account session |
| 163 |
+ |
| 164 |
+ local PLUGINS_DIR="/usr/$(get_libdir)/pppd/${PV}" |
| 165 |
+ # closing " for syntax coloring |
| 166 |
+ insinto "${PLUGINS_DIR}" |
| 167 |
+ insopts -m0755 |
| 168 |
+ doins pppd/plugins/minconn.so |
| 169 |
+ doins pppd/plugins/passprompt.so |
| 170 |
+ doins pppd/plugins/passwordfd.so |
| 171 |
+ doins pppd/plugins/winbind.so |
| 172 |
+ doins pppd/plugins/rp-pppoe/rp-pppoe.so |
| 173 |
+ doins pppd/plugins/pppol2tp/openl2tp.so |
| 174 |
+ doins pppd/plugins/pppol2tp/pppol2tp.so |
| 175 |
+ if use atm ; then |
| 176 |
+ doins pppd/plugins/pppoatm/pppoatm.so |
| 177 |
+ fi |
| 178 |
+ if use dhcp ; then |
| 179 |
+ doins pppd/plugins/dhcp/dhcpc.so |
| 180 |
+ fi |
| 181 |
+ if use radius ; then |
| 182 |
+ doins pppd/plugins/radius/rad{ius,attr,realms}.so |
| 183 |
+ |
| 184 |
+ #Copy radiusclient configuration files (#92878) |
| 185 |
+ insinto /etc/ppp/radius |
| 186 |
+ insopts -m0644 |
| 187 |
+ doins pppd/plugins/radius/etc/{dictionary*,issue,port-id-map,radiusclient.conf,realms,servers} |
| 188 |
+ |
| 189 |
+ doman pppd/plugins/radius/pppd-rad{ius,attr}.8 |
| 190 |
+ fi |
| 191 |
+ |
| 192 |
+ insinto /etc/modprobe.d |
| 193 |
+ insopts -m0644 |
| 194 |
+ newins "${FILESDIR}/modules.ppp" ppp.conf |
| 195 |
+ |
| 196 |
+ dodoc PLUGINS README* SETUP Changes-2.3 FAQ |
| 197 |
+ dodoc "${FILESDIR}/README.mpls" |
| 198 |
+ |
| 199 |
+ dosbin scripts/p{on,off,log} |
| 200 |
+ doman scripts/pon.1 |
| 201 |
+ |
| 202 |
+ # Adding misc. specialized scripts to doc dir |
| 203 |
+ insinto /usr/share/doc/${PF}/scripts/chatchat |
| 204 |
+ doins scripts/chatchat/* |
| 205 |
+ insinto /usr/share/doc/${PF}/scripts |
| 206 |
+ doins scripts/* |
| 207 |
+ |
| 208 |
+ if use gtk ; then |
| 209 |
+ dosbin contrib/pppgetpass/{pppgetpass.vt,pppgetpass.gtk} |
| 210 |
+ newsbin contrib/pppgetpass/pppgetpass.sh pppgetpass |
| 211 |
+ else |
| 212 |
+ newsbin contrib/pppgetpass/pppgetpass.vt pppgetpass |
| 213 |
+ fi |
| 214 |
+ doman contrib/pppgetpass/pppgetpass.8 |
| 215 |
+} |
| 216 |
+ |
| 217 |
+pkg_postinst() { |
| 218 |
+ if linux-info_get_any_version && linux_config_src_exists ; then |
| 219 |
+ echo |
| 220 |
+ ewarn "If the following test report contains a missing kernel configuration option that you need," |
| 221 |
+ ewarn "you should reconfigure and rebuild your kernel before running pppd." |
| 222 |
+ CONFIG_CHECK="~PPP ~PPP_ASYNC ~PPP_SYNC_TTY" |
| 223 |
+ local ERROR_PPP="CONFIG_PPP:\t missing PPP support (REQUIRED)" |
| 224 |
+ local ERROR_PPP_ASYNC="CONFIG_PPP_ASYNC:\t missing asynchronous serial line discipline (optional, but highly recommended)" |
| 225 |
+ local WARNING_PPP_SYNC_TTY="CONFIG_PPP_SYNC_TTY:\t missing synchronous serial line discipline (optional; used by 'sync' pppd option)" |
| 226 |
+ if use activefilter ; then |
| 227 |
+ CONFIG_CHECK="${CONFIG_CHECK} ~PPP_FILTER" |
| 228 |
+ local ERROR_PPP_FILTER="CONFIG_PPP_FILTER:\t missing PPP filtering support (REQUIRED)" |
| 229 |
+ fi |
| 230 |
+ CONFIG_CHECK="${CONFIG_CHECK} ~PPP_DEFLATE ~PPP_BSDCOMP ~PPP_MPPE" |
| 231 |
+ local ERROR_PPP_DEFLATE="CONFIG_PPP_DEFLATE:\t missing Deflate compression (optional, but highly recommended)" |
| 232 |
+ local ERROR_PPP_BSDCOMP="CONFIG_PPP_BSDCOMP:\t missing BSD-Compress compression (optional, but highly recommended)" |
| 233 |
+ local WARNING_PPP_MPPE="CONFIG_PPP_MPPE:\t missing MPPE encryption (optional, mostly used by PPTP links)" |
| 234 |
+ CONFIG_CHECK="${CONFIG_CHECK} ~PPPOE ~PACKET" |
| 235 |
+ local WARNING_PPPOE="CONFIG_PPPOE:\t missing PPPoE support (optional, needed by rp-pppoe plugin)" |
| 236 |
+ local WARNING_PACKET="CONFIG_PACKET:\t missing AF_PACKET support (optional, used by rp-pppoe and dhcpc plugins)" |
| 237 |
+ if use atm ; then |
| 238 |
+ CONFIG_CHECK="${CONFIG_CHECK} ~PPPOATM" |
| 239 |
+ local WARNING_PPPOATM="CONFIG_PPPOATM:\t missing PPPoA support (optional, needed by pppoatm plugin)" |
| 240 |
+ fi |
| 241 |
+ check_extra_config |
| 242 |
+ fi |
| 243 |
+ |
| 244 |
+ # create *-secrets files if not exists |
| 245 |
+ [ -f "${ROOT}/etc/ppp/pap-secrets" ] || \ |
| 246 |
+ cp -pP "${ROOT}/etc/ppp/pap-secrets.example" "${ROOT}/etc/ppp/pap-secrets" |
| 247 |
+ [ -f "${ROOT}/etc/ppp/chap-secrets" ] || \ |
| 248 |
+ cp -pP "${ROOT}/etc/ppp/chap-secrets.example" "${ROOT}/etc/ppp/chap-secrets" |
| 249 |
+ |
| 250 |
+ # lib name has changed |
| 251 |
+ sed -i -e "s:^pppoe.so:rp-pppoe.so:" "${ROOT}/etc/ppp/options" || die |
| 252 |
+ |
| 253 |
+ echo |
| 254 |
+ elog "Pon, poff and plog scripts have been supplied for experienced users." |
| 255 |
+ elog "Users needing particular scripts (ssh,rsh,etc.) should check out the" |
| 256 |
+ elog "/usr/share/doc/${PF}/scripts directory." |
| 257 |
+} |
Archives