1 |
commit: be946042b4fe11abaac43300d2165e224215d3c9 |
2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue May 7 11:19:21 2019 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue May 7 11:19:47 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be946042 |
7 |
|
8 |
net-misc/dhcpcd: Security bump to version 7.1.1-r3 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/685264 |
11 |
Package-Manager: Portage-2.3.66, Repoman-2.3.12 |
12 |
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> |
13 |
|
14 |
net-misc/dhcpcd/dhcpcd-7.1.1-r3.ebuild | 154 +++++++++++++++++++++ |
15 |
.../files/dhcpcd-7.1.1-v6_read_overflow.patch | 120 ++++++++++++++++ |
16 |
2 files changed, 274 insertions(+) |
17 |
|
18 |
diff --git a/net-misc/dhcpcd/dhcpcd-7.1.1-r3.ebuild b/net-misc/dhcpcd/dhcpcd-7.1.1-r3.ebuild |
19 |
new file mode 100644 |
20 |
index 00000000000..755eefee08f |
21 |
--- /dev/null |
22 |
+++ b/net-misc/dhcpcd/dhcpcd-7.1.1-r3.ebuild |
23 |
@@ -0,0 +1,154 @@ |
24 |
+# Copyright 1999-2019 Gentoo Authors |
25 |
+# Distributed under the terms of the GNU General Public License v2 |
26 |
+ |
27 |
+EAPI=6 |
28 |
+ |
29 |
+inherit systemd toolchain-funcs |
30 |
+ |
31 |
+if [[ ${PV} == "9999" ]]; then |
32 |
+ inherit git-r3 |
33 |
+ EGIT_REPO_URI="https://roy.marples.name/git/dhcpcd.git" |
34 |
+else |
35 |
+ MY_P="${P/_alpha/-alpha}" |
36 |
+ MY_P="${MY_P/_beta/-beta}" |
37 |
+ MY_P="${MY_P/_rc/-rc}" |
38 |
+ SRC_URI="https://roy.marples.name/downloads/${PN}/${MY_P}.tar.xz" |
39 |
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" |
40 |
+ S="${WORKDIR}/${MY_P}" |
41 |
+fi |
42 |
+ |
43 |
+DESCRIPTION="A fully featured, yet light weight RFC2131 compliant DHCP client" |
44 |
+HOMEPAGE="https://roy.marples.name/projects/dhcpcd" |
45 |
+LICENSE="BSD-2" |
46 |
+SLOT="0" |
47 |
+IUSE="elibc_glibc +embedded ipv6 kernel_linux +udev" |
48 |
+ |
49 |
+COMMON_DEPEND="udev? ( virtual/udev )" |
50 |
+DEPEND="${COMMON_DEPEND}" |
51 |
+RDEPEND="${COMMON_DEPEND}" |
52 |
+ |
53 |
+PATCHES=( |
54 |
+ "${FILESDIR}"/${P}-disable_inet6_fix.patch #677508 |
55 |
+ "${FILESDIR}"/${P}-overflows.patch #684430 |
56 |
+ "${FILESDIR}"/${P}-v6_read_overflow.patch #685264 |
57 |
+) |
58 |
+ |
59 |
+src_configure() { |
60 |
+ local dev hooks=() rundir |
61 |
+ use udev || dev="--without-dev --without-udev" |
62 |
+ hooks=( --with-hook=ntp.conf ) |
63 |
+ use elibc_glibc && hooks+=( --with-hook=yp.conf ) |
64 |
+ use kernel_linux && rundir="--rundir=${EPREFIX}/run" |
65 |
+ local myeconfargs=( |
66 |
+ --prefix="${EPREFIX}" |
67 |
+ --libexecdir="${EPREFIX}/lib/dhcpcd" |
68 |
+ --dbdir="${EPREFIX}/var/lib/dhcpcd" |
69 |
+ --localstatedir="${EPREFIX}/var" |
70 |
+ ${rundir} |
71 |
+ $(use_enable embedded) |
72 |
+ $(use_enable ipv6) |
73 |
+ ${dev} |
74 |
+ CC="$(tc-getCC)" |
75 |
+ ${hooks[@]} |
76 |
+ ) |
77 |
+ econf "${myeconfargs[@]}" |
78 |
+} |
79 |
+ |
80 |
+src_install() { |
81 |
+ default |
82 |
+ keepdir /var/lib/dhcpcd |
83 |
+ newinitd "${FILESDIR}"/${PN}.initd ${PN} |
84 |
+ systemd_dounit "${FILESDIR}"/${PN}.service |
85 |
+} |
86 |
+ |
87 |
+pkg_postinst() { |
88 |
+ local dbdir="${EROOT%/}"/var/lib/dhcpcd old_files=() |
89 |
+ |
90 |
+ local old_old_duid="${EROOT%/}"/var/lib/dhcpcd/dhcpcd.duid |
91 |
+ local old_duid="${EROOT%/}"/etc/dhcpcd.duid |
92 |
+ local new_duid="${dbdir}"/duid |
93 |
+ if [[ -e "${old_old_duid}" ]] ; then |
94 |
+ # Upgrade the duid file to the new format if needed |
95 |
+ if ! grep -q '..:..:..:..:..:..' "${old_old_duid}"; then |
96 |
+ sed -i -e 's/\(..\)/\1:/g; s/:$//g' "${old_old_duid}" |
97 |
+ fi |
98 |
+ |
99 |
+ # Move the duid to /etc, a more sensible location |
100 |
+ if [[ ! -e "${old_duid}" ]] ; then |
101 |
+ cp -p "${old_old_duid}" "${new_duid}" |
102 |
+ fi |
103 |
+ old_files+=( "${old_old_duid}" ) |
104 |
+ fi |
105 |
+ |
106 |
+ # dhcpcd-7 moves the files out of /etc |
107 |
+ if [[ -e "${old_duid}" ]] ; then |
108 |
+ if [[ ! -e "${new_duid}" ]] ; then |
109 |
+ cp -p "${old_duid}" "${new_duid}" |
110 |
+ fi |
111 |
+ old_files+=( "${old_duid}" ) |
112 |
+ fi |
113 |
+ local old_secret="${EROOT%/}"/etc/dhcpcd.secret |
114 |
+ local new_secret="${dbdir}"/secret |
115 |
+ if [[ -e "${old_secret}" ]] ; then |
116 |
+ if [[ ! -e "${new_secret}" ]] ; then |
117 |
+ cp -p "${old_secret}" "${new_secret}" |
118 |
+ fi |
119 |
+ old_files+=( "${old_secret}" ) |
120 |
+ fi |
121 |
+ |
122 |
+ # dhcpcd-7 renames some files in /var/lib/dhcpcd |
123 |
+ local old_rdm="${dbdir}"/dhcpcd-rdm.monotonic |
124 |
+ local new_rdm="${dbdir}"/rdm_monotonic |
125 |
+ if [[ -e "${old_rdm}" ]] ; then |
126 |
+ if [[ ! -e "${new_rdm}" ]] ; then |
127 |
+ cp -p "${old_rdm}" "${new_rdm}" |
128 |
+ fi |
129 |
+ old_files+=( "${old_rdm}" ) |
130 |
+ fi |
131 |
+ local lease= |
132 |
+ for lease in "${dbdir}"/dhcpcd-*.lease*; do |
133 |
+ [[ -f "${lease}" ]] || continue |
134 |
+ old_files+=( "${lease}" ) |
135 |
+ local new_lease=$(basename "${lease}" | sed -e "s/dhcpcd-//") |
136 |
+ [[ -e "${dbdir}/${new_lease}" ]] && continue |
137 |
+ cp "${lease}" "${dbdir}/${new_lease}" |
138 |
+ done |
139 |
+ |
140 |
+ # Warn about removing stale files |
141 |
+ if [[ -n "${old_files[@]}" ]] ; then |
142 |
+ elog |
143 |
+ elog "dhcpcd-7 has copied dhcpcd.duid and dhcpcd.secret from" |
144 |
+ elog "${EROOT%/}/etc to ${dbdir}" |
145 |
+ elog "and copied leases in ${dbdir} to new files with the dhcpcd-" |
146 |
+ elog "prefix dropped." |
147 |
+ elog |
148 |
+ elog "You should remove these files if you don't plan on reverting" |
149 |
+ elog "to an older version:" |
150 |
+ local old_file= |
151 |
+ for old_file in ${old_files[@]}; do |
152 |
+ elog " ${old_file}" |
153 |
+ done |
154 |
+ fi |
155 |
+ |
156 |
+ if [ -z "${REPLACING_VERSIONS}" ]; then |
157 |
+ elog |
158 |
+ elog "dhcpcd has zeroconf support active by default." |
159 |
+ elog "This means it will always obtain an IP address even if no" |
160 |
+ elog "DHCP server can be contacted, which will break any existing" |
161 |
+ elog "failover support you may have configured in your net configuration." |
162 |
+ elog "This behaviour can be controlled with the noipv4ll configuration" |
163 |
+ elog "file option or the -L command line switch." |
164 |
+ elog "See the dhcpcd and dhcpcd.conf man pages for more details." |
165 |
+ |
166 |
+ elog |
167 |
+ elog "Dhcpcd has duid enabled by default, and this may cause issues" |
168 |
+ elog "with some dhcp servers. For more information, see" |
169 |
+ elog "https://bugs.gentoo.org/show_bug.cgi?id=477356" |
170 |
+ fi |
171 |
+ |
172 |
+ if ! has_version net-dns/bind-tools; then |
173 |
+ elog |
174 |
+ elog "If you activate the lookup-hostname hook to look up your hostname" |
175 |
+ elog "using the dns, you need to install net-dns/bind-tools." |
176 |
+ fi |
177 |
+} |
178 |
|
179 |
diff --git a/net-misc/dhcpcd/files/dhcpcd-7.1.1-v6_read_overflow.patch b/net-misc/dhcpcd/files/dhcpcd-7.1.1-v6_read_overflow.patch |
180 |
new file mode 100644 |
181 |
index 00000000000..54b559fcd87 |
182 |
--- /dev/null |
183 |
+++ b/net-misc/dhcpcd/files/dhcpcd-7.1.1-v6_read_overflow.patch |
184 |
@@ -0,0 +1,120 @@ |
185 |
+From c1ebeaafeb324bac997984abdcee2d4e8b61a8a8 Mon Sep 17 00:00:00 2001 |
186 |
+From: Roy Marples <roy@×××××××.name> |
187 |
+Date: Fri, 3 May 2019 14:44:06 +0100 |
188 |
+Subject: DHCPv6: Fix a potential read overflow with D6_OPTION_PD_EXCLUDE |
189 |
+ |
190 |
+dhcpcd only checks that the prefix length of the exclusion |
191 |
+matches the prefix length of the ia and equals the length of the |
192 |
+data in the option. |
193 |
+This could potentially overrun the in6_addr structure. |
194 |
+ |
195 |
+This is fixed by enforcing RFC 6603 section 4.2 option limits |
196 |
+more clearly. |
197 |
+ |
198 |
+Thanks to Maxime Villard <max@×××××××.net> for finding this. |
199 |
+--- |
200 |
+ src/dhcp6.c | 44 +++++++++++++++++++++----------------------- |
201 |
+ 1 file changed, 21 insertions(+), 23 deletions(-) |
202 |
+ |
203 |
+diff --git a/src/dhcp6.c b/src/dhcp6.c |
204 |
+index dee8d4b6..583f3b3f 100644 |
205 |
+--- a/src/dhcp6.c |
206 |
++++ b/src/dhcp6.c |
207 |
+@@ -2166,40 +2166,38 @@ dhcp6_findpd(struct interface *ifp, const uint8_t *iaid, |
208 |
+ state->expire = a->prefix_vltime; |
209 |
+ i++; |
210 |
+ |
211 |
+- o = dhcp6_findoption(o, ol, D6_OPTION_PD_EXCLUDE, &ol); |
212 |
+ a->prefix_exclude_len = 0; |
213 |
+ memset(&a->prefix_exclude, 0, sizeof(a->prefix_exclude)); |
214 |
+-#if 0 |
215 |
+- if (ex == NULL) { |
216 |
+- struct dhcp6_option *w; |
217 |
+- uint8_t *wp; |
218 |
+- |
219 |
+- w = calloc(1, 128); |
220 |
+- w->len = htons(2); |
221 |
+- wp = D6_OPTION_DATA(w); |
222 |
+- *wp++ = 64; |
223 |
+- *wp++ = 0x78; |
224 |
+- ex = w; |
225 |
+- } |
226 |
+-#endif |
227 |
++ o = dhcp6_findoption(o, ol, D6_OPTION_PD_EXCLUDE, &ol); |
228 |
+ if (o == NULL) |
229 |
+ continue; |
230 |
+- if (ol < 2) { |
231 |
+- logerrx("%s: truncated PD Exclude", ifp->name); |
232 |
++ |
233 |
++ /* RFC 6603 4.2 says option length MUST be between 2 and 17. |
234 |
++ * This allows 1 octet for prefix length and 16 for the |
235 |
++ * subnet ID. */ |
236 |
++ if (ol < 2 || ol > 17) { |
237 |
++ logerrx("%s: invalid PD Exclude option", ifp->name); |
238 |
+ continue; |
239 |
+ } |
240 |
+- a->prefix_exclude_len = *o++; |
241 |
+- ol--; |
242 |
+- if (((a->prefix_exclude_len - a->prefix_len - 1) / NBBY) + 1 |
243 |
+- != ol) |
244 |
+- { |
245 |
++ |
246 |
++ /* RFC 6603 4.2 says prefix length MUST be between the |
247 |
++ * length of the IAPREFIX prefix length + 1 and 128. */ |
248 |
++ if (*o < a->prefix_len + 1 || *o > 128) { |
249 |
++ logerrx("%s: invalid PD Exclude length", ifp->name); |
250 |
++ continue; |
251 |
++ } |
252 |
++ |
253 |
++ /* Check option length matches prefix length. */ |
254 |
++ if (((*o - a->prefix_len - 1) / NBBY) + 1 != ol) { |
255 |
+ logerrx("%s: PD Exclude length mismatch", ifp->name); |
256 |
+- a->prefix_exclude_len = 0; |
257 |
+ continue; |
258 |
+ } |
259 |
+- nb = a->prefix_len % NBBY; |
260 |
++ |
261 |
++ a->prefix_exclude_len = *o++; |
262 |
++ ol--; |
263 |
+ memcpy(&a->prefix_exclude, &a->prefix, |
264 |
+ sizeof(a->prefix_exclude)); |
265 |
++ nb = a->prefix_len % NBBY; |
266 |
+ if (nb) |
267 |
+ ol--; |
268 |
+ pw = a->prefix_exclude.s6_addr + |
269 |
+-- |
270 |
+cgit v1.2.1 |
271 |
+ |
272 |
+From 896ef4a54b0578985e5e1360b141593f1d62837b Mon Sep 17 00:00:00 2001 |
273 |
+From: Roy Marples <roy@×××××××.name> |
274 |
+Date: Sat, 4 May 2019 10:19:02 +0100 |
275 |
+Subject: DHCPv6: Fix exclude prefix length check. |
276 |
+ |
277 |
+--- |
278 |
+ src/dhcp6.c | 4 ++-- |
279 |
+ 1 file changed, 2 insertions(+), 2 deletions(-) |
280 |
+ |
281 |
+diff --git a/src/dhcp6.c b/src/dhcp6.c |
282 |
+index 583f3b3f..7f26129f 100644 |
283 |
+--- a/src/dhcp6.c |
284 |
++++ b/src/dhcp6.c |
285 |
+@@ -2187,14 +2187,14 @@ dhcp6_findpd(struct interface *ifp, const uint8_t *iaid, |
286 |
+ continue; |
287 |
+ } |
288 |
+ |
289 |
++ ol--; |
290 |
+ /* Check option length matches prefix length. */ |
291 |
+ if (((*o - a->prefix_len - 1) / NBBY) + 1 != ol) { |
292 |
+ logerrx("%s: PD Exclude length mismatch", ifp->name); |
293 |
+ continue; |
294 |
+ } |
295 |
+- |
296 |
+ a->prefix_exclude_len = *o++; |
297 |
+- ol--; |
298 |
++ |
299 |
+ memcpy(&a->prefix_exclude, &a->prefix, |
300 |
+ sizeof(a->prefix_exclude)); |
301 |
+ nb = a->prefix_len % NBBY; |
302 |
+-- |
303 |
+cgit v1.2.1 |
304 |
+ |