diff options
| author |   Alin Năstac <mrness@gentoo.org> | 2007-04-12 07:38:33 +0000 |
|---|---|---|
| committer | Alin Năstac <mrness@gentoo.org> | 2007-04-12 07:38:33 +0000 |
| commit | cd2b7218a01d49ec2b1a26579a6e44c8f77633fa (patch) | |
| tree | e3295af4fdea6e824162880a1cbb73c0de20ea49 /net-misc/quagga | |
| parent | keyworded ~amd64, bug 172699 (diff) | |
| download | gentoo-2-cd2b7218a01d49ec2b1a26579a6e44c8f77633fa.tar.gz gentoo-2-cd2b7218a01d49ec2b1a26579a6e44c8f77633fa.tar.bz2 gentoo-2-cd2b7218a01d49ec2b1a26579a6e44c8f77633fa.zip | |
Fix security bug #174206.
(Portage version: 2.1.2.3)
Diffstat (limited to 'net-misc/quagga')
| -rw-r--r-- | net-misc/quagga/ChangeLog | 9 | ||||
| -rw-r--r-- | net-misc/quagga/files/digest-quagga-0.98.6-r2 | 6 | ||||
| -rw-r--r-- | net-misc/quagga/files/digest-quagga-0.99.6-r1 | 6 | ||||
| -rw-r--r-- | net-misc/quagga/quagga-0.98.6-r2.ebuild | 142 | ||||
| -rw-r--r-- | net-misc/quagga/quagga-0.99.6-r1.ebuild | 122 |
5 files changed, 284 insertions, 1 deletions
diff --git a/net-misc/quagga/ChangeLog b/net-misc/quagga/ChangeLog index adb3be759060..aa0b922b89aa 100644 --- a/net-misc/quagga/ChangeLog +++ b/net-misc/quagga/ChangeLog @@ -2,7 +2,14 @@ # Copyright 1999-2007 Gentoo Foundation # Copyright 2003-2004 DataCore GmbH # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/ChangeLog,v 1.49 2007/03/18 08:45:03 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/ChangeLog,v 1.50 2007/04/12 07:38:33 mrness Exp $ + +*quagga-0.99.6-r1 (12 Apr 2007) +*quagga-0.98.6-r2 (12 Apr 2007) + + 12 Apr 2007; Alin Năstac <mrness@gentoo.org> +quagga-0.98.6-r2.ebuild, + +quagga-0.99.6-r1.ebuild: + Fix security bug #174206. 18 Mar 2007; Alin Năstac <mrness@gentoo.org> -quagga-0.99.5.ebuild: Remove obsolete testing version. diff --git a/net-misc/quagga/files/digest-quagga-0.98.6-r2 b/net-misc/quagga/files/digest-quagga-0.98.6-r2 new file mode 100644 index 000000000000..040cbeeb22f3 --- /dev/null +++ b/net-misc/quagga/files/digest-quagga-0.98.6-r2 @@ -0,0 +1,6 @@ +MD5 edcad599d250b3533770a99b9087a7fd quagga-0.98.6-patches-20070412.tar.gz 21339 +RMD160 25263a2f4393f6610076f4292003e7bf83ef1b3a quagga-0.98.6-patches-20070412.tar.gz 21339 +SHA256 d5f713f1720b59910731236b2b5babe8d2a7bc1074114c16e00e41d504a4c01e quagga-0.98.6-patches-20070412.tar.gz 21339 +MD5 b0d4132039953a0214256873b7d23d68 quagga-0.98.6.tar.gz 2019992 +RMD160 e15cd93b5d321660d7e29fc27174352967342879 quagga-0.98.6.tar.gz 2019992 +SHA256 a84e1aac4e666929abd1942fa8958d9ef0d0bbf605f47d5c2a09f6be716987a1 quagga-0.98.6.tar.gz 2019992 diff --git a/net-misc/quagga/files/digest-quagga-0.99.6-r1 b/net-misc/quagga/files/digest-quagga-0.99.6-r1 new file mode 100644 index 000000000000..383937ea0ffc --- /dev/null +++ b/net-misc/quagga/files/digest-quagga-0.99.6-r1 @@ -0,0 +1,6 @@ +MD5 e36462c874d2ba0f71c830db87292fb1 quagga-0.99.6-patches-20070412.tar.gz 18681 +RMD160 98522ee7c8ac9233458c855781c9a29c81706f44 quagga-0.99.6-patches-20070412.tar.gz 18681 +SHA256 3f6886a00cb2591f909c4f180a9e258ada78721b5267ef9dc61484c58b62cde7 quagga-0.99.6-patches-20070412.tar.gz 18681 +MD5 78137ecaa66ff4c3780bd05f60e51cf5 quagga-0.99.6.tar.gz 2324051 +RMD160 0dbeedc6d64ea7266677e88f951adc2f63d02935 quagga-0.99.6.tar.gz 2324051 +SHA256 a22c927f9ceb7152b0c45c939ccb81217c8d614f3c411c86781b24520f2ec15a quagga-0.99.6.tar.gz 2324051 diff --git a/net-misc/quagga/quagga-0.98.6-r2.ebuild b/net-misc/quagga/quagga-0.98.6-r2.ebuild new file mode 100644 index 000000000000..7c35d7d668a8 --- /dev/null +++ b/net-misc/quagga/quagga-0.98.6-r2.ebuild @@ -0,0 +1,142 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.98.6-r2.ebuild,v 1.1 2007/04/12 07:38:33 mrness Exp $ + +WANT_AUTOMAKE="latest" +WANT_AUTOCONF="latest" + +inherit eutils multilib autotools + +DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Includes OSPFAPI, NET-SNMP and IPV6 support." +HOMEPAGE="http://quagga.net/" +SRC_URI="http://www.quagga.net/download/${P}.tar.gz + mirror://gentoo/${P}-patches-20070412.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~s390 ~sparc ~x86" +IUSE="ipv6 snmp pam tcpmd5 bgpclassless ospfapi realms fix-connected-rt multipath tcp-zebra" +RESTRICT="userpriv" + +DEPEND=">=sys-libs/libcap-1.10-r5 + snmp? ( net-analyzer/net-snmp ) + pam? ( sys-libs/pam )" +RDEPEND="${DEPEND} + sys-apps/iproute2" + +src_unpack() { + unpack ${A} || die "failed to unpack sources" + + cd "${S}" || die "source dir not found" + # Fix security quagga bug 355 + epatch "${WORKDIR}/patch/bgpd-bug-355.diff" + #Patch to fix RIP authentication problem in 0.98.6 (#132353) + #DO NOT USE IT IN ANY OTHER VERSIONS! + epatch "${WORKDIR}/patch/ripd-show-ifaces.diff" + + # TCP MD5 for BGP patch for Linux (RFC 2385) - http://hasso.linux.ee/doku.php/english:network:rfc2385 + use tcpmd5 && epatch "${WORKDIR}/patch/ht-20050321-0.98.2-bgp-md5.patch" + + # Classless prefixes for BGP - http://hasso.linux.ee/doku.php/english:network:quagga + use bgpclassless && epatch "${WORKDIR}/patch/ht-20040304-classless-bgp.patch" + + # Connected route fix (Amir Guindehi) - http://voidptr.sboost.org/quagga/amir-connected-route.patch.bz2 + # Dependant on the use flag 'fix-connected-rt' because it seems that more peoples have troubles + # with this than having a benefit. + # This patch fixes a bad behavior of the Linux kernel routing packets to interfaces which are + # down. Folks with PtP interfaces and VLans report troubles with this patch. Enable it again + # if you get a problem because your kernel routes packets to a downed interface. + use fix-connected-rt && epatch "${WORKDIR}/patch/amir-connected-route.patch" + + # Realms support (Calin Velea) - http://vcalinus.gemenii.ro/quaggarealms.html + use realms && epatch "${WORKDIR}/patch/${P}-realms.diff" + + # regenerate configure and co if we touch .ac or .am files + eautoreconf +} + +src_compile() { + local myconf="--disable-static --enable-dynamic" + + use ipv6 \ + && myconf="${myconf} --enable-ipv6 --enable-ripng --enable-ospf6d --enable-rtadv" \ + || myconf="${myconf} --disable-ipv6 --disable-ripngd --disable-ospf6d" + use ospfapi \ + && myconf="${myconf} --enable-opaque-lsa --enable-ospf-te --enable-ospfclient" + use snmp && myconf="${myconf} --enable-snmp" + use pam && myconf="${myconf} --with-libpam" + use tcpmd5 && myconf="${myconf} --enable-tcp-md5" + use realms && myconf="${myconf} --enable-realms" + use multipath && myconf="${myconf} --enable-multipath=0" + use tcp-zebra && myconf="${myconf} --enable-tcp-zebra" + + econf \ + --enable-nssa \ + --enable-user=quagga \ + --enable-group=quagga \ + --enable-vty-group=quagga \ + --with-cflags="${CFLAGS}" \ + --enable-vtysh \ + --sysconfdir=/etc/quagga \ + --enable-exampledir=/etc/quagga/samples \ + --localstatedir=/var/run/quagga \ + --libdir=/usr/$(get_libdir)/quagga \ + ${myconf} \ + || die "configure failed" + emake || die "make failed" +} + +src_install() { + einstall \ + localstatedir="${D}/var/run/quagga" \ + sysconfdir="${D}/etc/quagga" \ + exampledir="${D}/etc/quagga/samples" \ + libdir="${D}/usr/$(get_libdir)/quagga" || die "make install failed" + + keepdir /var/run/quagga || die + + local i MY_SERVICES_LIST="zebra ripd ospfd bgpd" + use ipv6 && MY_SERVICES_LIST="${MY_SERVICES_LIST} ripngd ospf6d" + for i in ${MY_SERVICES_LIST} ; do + newinitd "${FILESDIR}/${i}.init" ${i} || die "failed to install ${i} init.d script" + done + newconfd "${FILESDIR}/zebra.conf" zebra || die "failed to install zebra conf.d script" + + if use pam; then + insinto /etc/pam.d + newins "${FILESDIR}/quagga.pam" quagga + fi + + newenvd "${FILESDIR}/quagga.env" 99quagga +} + +pkg_preinst() { + enewgroup quagga + enewuser quagga -1 -1 /var/empty quagga +} + +pkg_postinst() { + # empty dir for pid files for the new priv separation auth + #set proper owner/group/perms even if dir already existed + install -d -m0770 -o root -g quagga "${ROOT}/etc/quagga" + install -d -m0755 -o quagga -g quagga "${ROOT}/var/run/quagga" + + einfo "Sample configuration files can be found in /etc/quagga/samples." + einfo "You have to create config files in /etc/quagga before" + einfo "starting one of the daemons." + + if use tcpmd5; then + echo + ewarn "TCP MD5 for BGP needs a patched kernel!" + einfo "See http://hasso.linux.ee/doku.php/english:network:rfc2385 for more info." + fi + + if use ipv6; then + echo + ewarn "This version of quagga contains a netlink race condition fix that triggered a kernel bug" + ewarn "which affects IPv6 users who have a kernel version < 2.6.13-rc6." + einfo "See following links for more info:" + einfo " http://lists.quagga.net/pipermail/quagga-dev/2005-June/003507.html" + einfo " http://bugzilla.quagga.net/show_bug.cgi?id=196" + fi +} diff --git a/net-misc/quagga/quagga-0.99.6-r1.ebuild b/net-misc/quagga/quagga-0.99.6-r1.ebuild new file mode 100644 index 000000000000..ad23d4e1023c --- /dev/null +++ b/net-misc/quagga/quagga-0.99.6-r1.ebuild @@ -0,0 +1,122 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.99.6-r1.ebuild,v 1.1 2007/04/12 07:38:33 mrness Exp $ + +WANT_AUTOMAKE="latest" +WANT_AUTOCONF="latest" + +inherit eutils multilib autotools + +DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Includes OSPFAPI, NET-SNMP and IPV6 support." +HOMEPAGE="http://quagga.net/" +SRC_URI="http://www.quagga.net/download/${P}.tar.gz + mirror://gentoo/${P}-patches-20070412.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~s390 ~sparc ~x86" +IUSE="ipv6 snmp pam tcpmd5 bgpclassless ospfapi realms multipath tcp-zebra" +RESTRICT="userpriv" + +DEPEND=">=sys-libs/libcap-1.10-r5 + snmp? ( net-analyzer/net-snmp ) + pam? ( sys-libs/pam )" +RDEPEND="${DEPEND} + sys-apps/iproute2" + +src_unpack() { + unpack ${A} || die "failed to unpack sources" + + cd "${S}" || die "source dir not found" + # Fix security quagga bug 354 + epatch "${WORKDIR}/patch/bgpd-bug-354.diff" + epatch "${WORKDIR}/patch/${P}-link-libcap.patch" + + # TCP MD5 for BGP patch for Linux (RFC 2385) - http://hasso.linux.ee/doku.php/english:network:rfc2385 + use tcpmd5 && epatch "${WORKDIR}/patch/ht-20050321-0.99.6-bgp-md5_adapted.patch" + + # Classless prefixes for BGP - http://hasso.linux.ee/doku.php/english:network:quagga + use bgpclassless && epatch "${WORKDIR}/patch/ht-20040304-classless-bgp_adapted.patch" + + # Realms support (Calin Velea) - http://vcalinus.gemenii.ro/quaggarealms.html + use realms && epatch "${WORKDIR}/patch/${P}-realms.diff" + + eautoreconf +} + +src_compile() { + local myconf="--disable-static --enable-dynamic" + + use ipv6 \ + && myconf="${myconf} --enable-ipv6 --enable-ripng --enable-ospf6d --enable-rtadv" \ + || myconf="${myconf} --disable-ipv6 --disable-ripngd --disable-ospf6d" + use ospfapi \ + && myconf="${myconf} --enable-opaque-lsa --enable-ospf-te --enable-ospfclient" + use snmp && myconf="${myconf} --enable-snmp" + use pam && myconf="${myconf} --with-libpam" + use tcpmd5 && myconf="${myconf} --enable-tcp-md5" + use realms && myconf="${myconf} --enable-realms" + use multipath && myconf="${myconf} --enable-multipath=0" + use tcp-zebra && myconf="${myconf} --enable-tcp-zebra" + + econf \ + --enable-nssa \ + --enable-user=quagga \ + --enable-group=quagga \ + --enable-vty-group=quagga \ + --with-cflags="${CFLAGS}" \ + --enable-vtysh \ + --sysconfdir=/etc/quagga \ + --enable-exampledir=/etc/quagga/samples \ + --localstatedir=/var/run/quagga \ + --libdir=/usr/$(get_libdir)/quagga \ + ${myconf} \ + || die "configure failed" + emake || die "make failed" +} + +src_install() { + einstall \ + localstatedir="${D}/var/run/quagga" \ + sysconfdir="${D}/etc/quagga" \ + exampledir="${D}/etc/quagga/samples" \ + libdir="${D}/usr/$(get_libdir)/quagga" || die "make install failed" + + keepdir /var/run/quagga + + local i MY_SERVICES_LIST="zebra ripd ospfd bgpd" + use ipv6 && MY_SERVICES_LIST="${MY_SERVICES_LIST} ripngd ospf6d" + for i in ${MY_SERVICES_LIST} ; do + newinitd "${FILESDIR}/${i}.init" ${i} || die "failed to install ${i} init.d script" + done + newconfd "${FILESDIR}/zebra.conf" zebra || die "failed to install zebra conf.d script" + + if use pam; then + insinto /etc/pam.d + newins "${FILESDIR}/quagga.pam" quagga + fi + + newenvd "${FILESDIR}/quagga.env" 99quagga +} + +pkg_preinst() { + enewgroup quagga + enewuser quagga -1 -1 /var/empty quagga +} + +pkg_postinst() { + # empty dir for pid files for the new priv separation auth + #set proper owner/group/perms even if dir already existed + install -d -m0770 -o root -g quagga "${ROOT}/etc/quagga" + install -d -m0755 -o quagga -g quagga "${ROOT}/var/run/quagga" + + einfo "Sample configuration files can be found in /etc/quagga/samples." + einfo "You have to create config files in /etc/quagga before" + einfo "starting one of the daemons." + + if use tcpmd5; then + echo + ewarn "TCP MD5 for BGP needs a patched kernel!" + ewarn "See http://hasso.linux.ee/doku.php/english:network:rfc2385 for more info." + fi +} |