Gentoo Archives: gentoo-commits

From: Lars Wendler <polynomial-c@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/dhcpcd/, net-misc/dhcpcd/files/
Date: Tue, 07 May 2019 11:20:01
Message-Id: 1557227987.be946042b4fe11abaac43300d2165e224215d3c9.polynomial-c@gentoo
1 commit: be946042b4fe11abaac43300d2165e224215d3c9
2 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3 AuthorDate: Tue May 7 11:19:21 2019 +0000
4 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5 CommitDate: Tue May 7 11:19:47 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be946042
7
8 net-misc/dhcpcd: Security bump to version 7.1.1-r3
9
10 Bug: https://bugs.gentoo.org/685264
11 Package-Manager: Portage-2.3.66, Repoman-2.3.12
12 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
13
14 net-misc/dhcpcd/dhcpcd-7.1.1-r3.ebuild | 154 +++++++++++++++++++++
15 .../files/dhcpcd-7.1.1-v6_read_overflow.patch | 120 ++++++++++++++++
16 2 files changed, 274 insertions(+)
17
18 diff --git a/net-misc/dhcpcd/dhcpcd-7.1.1-r3.ebuild b/net-misc/dhcpcd/dhcpcd-7.1.1-r3.ebuild
19 new file mode 100644
20 index 00000000000..755eefee08f
21 --- /dev/null
22 +++ b/net-misc/dhcpcd/dhcpcd-7.1.1-r3.ebuild
23 @@ -0,0 +1,154 @@
24 +# Copyright 1999-2019 Gentoo Authors
25 +# Distributed under the terms of the GNU General Public License v2
26 +
27 +EAPI=6
28 +
29 +inherit systemd toolchain-funcs
30 +
31 +if [[ ${PV} == "9999" ]]; then
32 + inherit git-r3
33 + EGIT_REPO_URI="https://roy.marples.name/git/dhcpcd.git"
34 +else
35 + MY_P="${P/_alpha/-alpha}"
36 + MY_P="${MY_P/_beta/-beta}"
37 + MY_P="${MY_P/_rc/-rc}"
38 + SRC_URI="https://roy.marples.name/downloads/${PN}/${MY_P}.tar.xz"
39 + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux"
40 + S="${WORKDIR}/${MY_P}"
41 +fi
42 +
43 +DESCRIPTION="A fully featured, yet light weight RFC2131 compliant DHCP client"
44 +HOMEPAGE="https://roy.marples.name/projects/dhcpcd"
45 +LICENSE="BSD-2"
46 +SLOT="0"
47 +IUSE="elibc_glibc +embedded ipv6 kernel_linux +udev"
48 +
49 +COMMON_DEPEND="udev? ( virtual/udev )"
50 +DEPEND="${COMMON_DEPEND}"
51 +RDEPEND="${COMMON_DEPEND}"
52 +
53 +PATCHES=(
54 + "${FILESDIR}"/${P}-disable_inet6_fix.patch #677508
55 + "${FILESDIR}"/${P}-overflows.patch #684430
56 + "${FILESDIR}"/${P}-v6_read_overflow.patch #685264
57 +)
58 +
59 +src_configure() {
60 + local dev hooks=() rundir
61 + use udev || dev="--without-dev --without-udev"
62 + hooks=( --with-hook=ntp.conf )
63 + use elibc_glibc && hooks+=( --with-hook=yp.conf )
64 + use kernel_linux && rundir="--rundir=${EPREFIX}/run"
65 + local myeconfargs=(
66 + --prefix="${EPREFIX}"
67 + --libexecdir="${EPREFIX}/lib/dhcpcd"
68 + --dbdir="${EPREFIX}/var/lib/dhcpcd"
69 + --localstatedir="${EPREFIX}/var"
70 + ${rundir}
71 + $(use_enable embedded)
72 + $(use_enable ipv6)
73 + ${dev}
74 + CC="$(tc-getCC)"
75 + ${hooks[@]}
76 + )
77 + econf "${myeconfargs[@]}"
78 +}
79 +
80 +src_install() {
81 + default
82 + keepdir /var/lib/dhcpcd
83 + newinitd "${FILESDIR}"/${PN}.initd ${PN}
84 + systemd_dounit "${FILESDIR}"/${PN}.service
85 +}
86 +
87 +pkg_postinst() {
88 + local dbdir="${EROOT%/}"/var/lib/dhcpcd old_files=()
89 +
90 + local old_old_duid="${EROOT%/}"/var/lib/dhcpcd/dhcpcd.duid
91 + local old_duid="${EROOT%/}"/etc/dhcpcd.duid
92 + local new_duid="${dbdir}"/duid
93 + if [[ -e "${old_old_duid}" ]] ; then
94 + # Upgrade the duid file to the new format if needed
95 + if ! grep -q '..:..:..:..:..:..' "${old_old_duid}"; then
96 + sed -i -e 's/\(..\)/\1:/g; s/:$//g' "${old_old_duid}"
97 + fi
98 +
99 + # Move the duid to /etc, a more sensible location
100 + if [[ ! -e "${old_duid}" ]] ; then
101 + cp -p "${old_old_duid}" "${new_duid}"
102 + fi
103 + old_files+=( "${old_old_duid}" )
104 + fi
105 +
106 + # dhcpcd-7 moves the files out of /etc
107 + if [[ -e "${old_duid}" ]] ; then
108 + if [[ ! -e "${new_duid}" ]] ; then
109 + cp -p "${old_duid}" "${new_duid}"
110 + fi
111 + old_files+=( "${old_duid}" )
112 + fi
113 + local old_secret="${EROOT%/}"/etc/dhcpcd.secret
114 + local new_secret="${dbdir}"/secret
115 + if [[ -e "${old_secret}" ]] ; then
116 + if [[ ! -e "${new_secret}" ]] ; then
117 + cp -p "${old_secret}" "${new_secret}"
118 + fi
119 + old_files+=( "${old_secret}" )
120 + fi
121 +
122 + # dhcpcd-7 renames some files in /var/lib/dhcpcd
123 + local old_rdm="${dbdir}"/dhcpcd-rdm.monotonic
124 + local new_rdm="${dbdir}"/rdm_monotonic
125 + if [[ -e "${old_rdm}" ]] ; then
126 + if [[ ! -e "${new_rdm}" ]] ; then
127 + cp -p "${old_rdm}" "${new_rdm}"
128 + fi
129 + old_files+=( "${old_rdm}" )
130 + fi
131 + local lease=
132 + for lease in "${dbdir}"/dhcpcd-*.lease*; do
133 + [[ -f "${lease}" ]] || continue
134 + old_files+=( "${lease}" )
135 + local new_lease=$(basename "${lease}" | sed -e "s/dhcpcd-//")
136 + [[ -e "${dbdir}/${new_lease}" ]] && continue
137 + cp "${lease}" "${dbdir}/${new_lease}"
138 + done
139 +
140 + # Warn about removing stale files
141 + if [[ -n "${old_files[@]}" ]] ; then
142 + elog
143 + elog "dhcpcd-7 has copied dhcpcd.duid and dhcpcd.secret from"
144 + elog "${EROOT%/}/etc to ${dbdir}"
145 + elog "and copied leases in ${dbdir} to new files with the dhcpcd-"
146 + elog "prefix dropped."
147 + elog
148 + elog "You should remove these files if you don't plan on reverting"
149 + elog "to an older version:"
150 + local old_file=
151 + for old_file in ${old_files[@]}; do
152 + elog " ${old_file}"
153 + done
154 + fi
155 +
156 + if [ -z "${REPLACING_VERSIONS}" ]; then
157 + elog
158 + elog "dhcpcd has zeroconf support active by default."
159 + elog "This means it will always obtain an IP address even if no"
160 + elog "DHCP server can be contacted, which will break any existing"
161 + elog "failover support you may have configured in your net configuration."
162 + elog "This behaviour can be controlled with the noipv4ll configuration"
163 + elog "file option or the -L command line switch."
164 + elog "See the dhcpcd and dhcpcd.conf man pages for more details."
165 +
166 + elog
167 + elog "Dhcpcd has duid enabled by default, and this may cause issues"
168 + elog "with some dhcp servers. For more information, see"
169 + elog "https://bugs.gentoo.org/show_bug.cgi?id=477356"
170 + fi
171 +
172 + if ! has_version net-dns/bind-tools; then
173 + elog
174 + elog "If you activate the lookup-hostname hook to look up your hostname"
175 + elog "using the dns, you need to install net-dns/bind-tools."
176 + fi
177 +}
178
179 diff --git a/net-misc/dhcpcd/files/dhcpcd-7.1.1-v6_read_overflow.patch b/net-misc/dhcpcd/files/dhcpcd-7.1.1-v6_read_overflow.patch
180 new file mode 100644
181 index 00000000000..54b559fcd87
182 --- /dev/null
183 +++ b/net-misc/dhcpcd/files/dhcpcd-7.1.1-v6_read_overflow.patch
184 @@ -0,0 +1,120 @@
185 +From c1ebeaafeb324bac997984abdcee2d4e8b61a8a8 Mon Sep 17 00:00:00 2001
186 +From: Roy Marples <roy@×××××××.name>
187 +Date: Fri, 3 May 2019 14:44:06 +0100
188 +Subject: DHCPv6: Fix a potential read overflow with D6_OPTION_PD_EXCLUDE
189 +
190 +dhcpcd only checks that the prefix length of the exclusion
191 +matches the prefix length of the ia and equals the length of the
192 +data in the option.
193 +This could potentially overrun the in6_addr structure.
194 +
195 +This is fixed by enforcing RFC 6603 section 4.2 option limits
196 +more clearly.
197 +
198 +Thanks to Maxime Villard <max@×××××××.net> for finding this.
199 +---
200 + src/dhcp6.c | 44 +++++++++++++++++++++-----------------------
201 + 1 file changed, 21 insertions(+), 23 deletions(-)
202 +
203 +diff --git a/src/dhcp6.c b/src/dhcp6.c
204 +index dee8d4b6..583f3b3f 100644
205 +--- a/src/dhcp6.c
206 ++++ b/src/dhcp6.c
207 +@@ -2166,40 +2166,38 @@ dhcp6_findpd(struct interface *ifp, const uint8_t *iaid,
208 + state->expire = a->prefix_vltime;
209 + i++;
210 +
211 +- o = dhcp6_findoption(o, ol, D6_OPTION_PD_EXCLUDE, &ol);
212 + a->prefix_exclude_len = 0;
213 + memset(&a->prefix_exclude, 0, sizeof(a->prefix_exclude));
214 +-#if 0
215 +- if (ex == NULL) {
216 +- struct dhcp6_option *w;
217 +- uint8_t *wp;
218 +-
219 +- w = calloc(1, 128);
220 +- w->len = htons(2);
221 +- wp = D6_OPTION_DATA(w);
222 +- *wp++ = 64;
223 +- *wp++ = 0x78;
224 +- ex = w;
225 +- }
226 +-#endif
227 ++ o = dhcp6_findoption(o, ol, D6_OPTION_PD_EXCLUDE, &ol);
228 + if (o == NULL)
229 + continue;
230 +- if (ol < 2) {
231 +- logerrx("%s: truncated PD Exclude", ifp->name);
232 ++
233 ++ /* RFC 6603 4.2 says option length MUST be between 2 and 17.
234 ++ * This allows 1 octet for prefix length and 16 for the
235 ++ * subnet ID. */
236 ++ if (ol < 2 || ol > 17) {
237 ++ logerrx("%s: invalid PD Exclude option", ifp->name);
238 + continue;
239 + }
240 +- a->prefix_exclude_len = *o++;
241 +- ol--;
242 +- if (((a->prefix_exclude_len - a->prefix_len - 1) / NBBY) + 1
243 +- != ol)
244 +- {
245 ++
246 ++ /* RFC 6603 4.2 says prefix length MUST be between the
247 ++ * length of the IAPREFIX prefix length + 1 and 128. */
248 ++ if (*o < a->prefix_len + 1 || *o > 128) {
249 ++ logerrx("%s: invalid PD Exclude length", ifp->name);
250 ++ continue;
251 ++ }
252 ++
253 ++ /* Check option length matches prefix length. */
254 ++ if (((*o - a->prefix_len - 1) / NBBY) + 1 != ol) {
255 + logerrx("%s: PD Exclude length mismatch", ifp->name);
256 +- a->prefix_exclude_len = 0;
257 + continue;
258 + }
259 +- nb = a->prefix_len % NBBY;
260 ++
261 ++ a->prefix_exclude_len = *o++;
262 ++ ol--;
263 + memcpy(&a->prefix_exclude, &a->prefix,
264 + sizeof(a->prefix_exclude));
265 ++ nb = a->prefix_len % NBBY;
266 + if (nb)
267 + ol--;
268 + pw = a->prefix_exclude.s6_addr +
269 +--
270 +cgit v1.2.1
271 +
272 +From 896ef4a54b0578985e5e1360b141593f1d62837b Mon Sep 17 00:00:00 2001
273 +From: Roy Marples <roy@×××××××.name>
274 +Date: Sat, 4 May 2019 10:19:02 +0100
275 +Subject: DHCPv6: Fix exclude prefix length check.
276 +
277 +---
278 + src/dhcp6.c | 4 ++--
279 + 1 file changed, 2 insertions(+), 2 deletions(-)
280 +
281 +diff --git a/src/dhcp6.c b/src/dhcp6.c
282 +index 583f3b3f..7f26129f 100644
283 +--- a/src/dhcp6.c
284 ++++ b/src/dhcp6.c
285 +@@ -2187,14 +2187,14 @@ dhcp6_findpd(struct interface *ifp, const uint8_t *iaid,
286 + continue;
287 + }
288 +
289 ++ ol--;
290 + /* Check option length matches prefix length. */
291 + if (((*o - a->prefix_len - 1) / NBBY) + 1 != ol) {
292 + logerrx("%s: PD Exclude length mismatch", ifp->name);
293 + continue;
294 + }
295 +-
296 + a->prefix_exclude_len = *o++;
297 +- ol--;
298 ++
299 + memcpy(&a->prefix_exclude, &a->prefix,
300 + sizeof(a->prefix_exclude));
301 + nb = a->prefix_len % NBBY;
302 +--
303 +cgit v1.2.1
304 +