[gentoo-commits] repo/gentoo:master commit in: net-dialup/ppp/

["Lars Wendler" <polynomial-c@gentoo.org>]

commit:     1fcf255e57f136a173040ef65caa2bdc4f12ef4d
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 11 21:16:58 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Jun 11 21:18:02 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1fcf255e

net-dialup/ppp: Security revbump fixing pppd EAP-TLS buffer overflow

(CVE-2018-11574)

Bug: https://bugs.gentoo.org/657656
Package-Manager: Portage-2.3.40, Repoman-2.3.9

 net-dialup/ppp/Manifest            |   1 +
 net-dialup/ppp/ppp-2.4.7-r6.ebuild | 222 +++++++++++++++++++++++++++++++++++++
 2 files changed, 223 insertions(+)

diff --git a/net-dialup/ppp/Manifest b/net-dialup/ppp/Manifest
index 4d3ce3942a1..4ba1d0eff35 100644
--- a/net-dialup/ppp/Manifest
+++ b/net-dialup/ppp/Manifest
@@ -1,4 +1,5 @@
 DIST ppp-2.4.7-patches-4.tar.xz 37308 BLAKE2B a53ab7c230fac7fea38910c5d9bb89b8ecb8728e899ed938292040e788b43ab8566797256329c9326ab1e6d7a02bf231df035a6e7b427f187eab554d600a7822 SHA512 f217f7272a791605101e0f1885350db8ff8b580a647e670461b81fe0026ee9050ce68b9b9635edee89ec1ada7adf000c7e6b3aa5a5dafec875ce715a9dfb84d2
 DIST ppp-2.4.7-patches-5.tar.xz 38680 BLAKE2B 56e4d3a5bc2486144791adf6ffb8a6cf0735f16fa8038a588f551d0fe7a71a15fe0d0630e4b5e3c4e0001ad161e22b660274885342807053277da14105958a69 SHA512 f8cdbb8fd4bf10eb5b4e911f1e8415f24d02297280aa6f5e63617c0533af41525bd54932eb050728320a2697efe5206d869f014bcfb8f8f3723ecefed1976adc
+DIST ppp-2.4.7-patches-6.tar.xz 39420 BLAKE2B 22754af6f266ff43f6b3cc2931ca33e9d0865ce08b8eed6961740a3a06ec69b6406c702a86e7f4a7b2f7dc9e2a751581ae58cd4398cff5e6646e53ee069e08d7 SHA512 16342010515e6d69d446656b52208e3f034c47aad8643a1e2f48fa410343f8a2e0bc8b5223b4bdc381050d9dc49a7b7ac6bc74b37380072eb91214b216d8afa2
 DIST ppp-2.4.7.tar.gz 688117 BLAKE2B e1c94ce31d98674536929d19e956e4013eb2b02c20c34e6184c0b99b50262ad1cd7fb6f4a1ed302872527a0c164af340e15ad1e2eaf191392c3f6ae2de21f5dd SHA512 e34ce24020af6a73e7a26c83c4f73a9c83fa455b7b363794dba27bf01f70368be06bff779777843949bd77f4bc9385d6ad455ea48bf8fff4e0d73cc8fef16ae2
 DIST ppp-dhcpc.tgz 33497 BLAKE2B ca59130012f007cf45af6bcfa468c112b0d521c8b11f42d42c566dd9de55bd6d6f1b1ceb83cbae18cfe79cb5cb36ba6c6858a4718915acc6987295008aca53da SHA512 aeaf791b14f5a09c0e2079072a157e65132cbff46e608bc0724e6a5827a01da934f5006e2774eb7105f83e607a52cb4987238f4385cf6f5cc86cbe305a556738

diff --git a/net-dialup/ppp/ppp-2.4.7-r6.ebuild b/net-dialup/ppp/ppp-2.4.7-r6.ebuild
new file mode 100644
index 00000000000..e0179693dca
--- /dev/null
+++ b/net-dialup/ppp/ppp-2.4.7-r6.ebuild
@@ -0,0 +1,222 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit linux-info multilib pam toolchain-funcs
+
+PATCH_VER="6"
+DESCRIPTION="Point-to-Point Protocol (PPP)"
+HOMEPAGE="https://ppp.samba.org/"
+SRC_URI="https://download.samba.org/pub/ppp/${P}.tar.gz
+	https://dev.gentoo.org/~polynomial-c/${P}-patches-${PATCH_VER}.tar.xz
+	http://www.netservers.net.uk/gpl/ppp-dhcpc.tgz"
+
+LICENSE="BSD GPL-2"
+SLOT="0/${PV}"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="activefilter atm dhcp eap-tls gtk ipv6 libressl pam radius"
+
+DEPEND="activefilter? ( net-libs/libpcap )
+	atm? ( net-dialup/linux-atm )
+	pam? ( virtual/pam )
+	gtk? ( x11-libs/gtk+:2 )
+	eap-tls? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)"
+RDEPEND="${DEPEND}"
+PDEPEND="net-dialup/ppp-scripts"
+
+src_prepare() {
+	mv "${WORKDIR}/dhcp" "${S}/pppd/plugins" || die
+
+	if ! use eap-tls ; then
+		rm "${WORKDIR}"/patch/8?_all_eaptls-* || die
+	fi
+	eapply "${WORKDIR}"/patch
+
+	if use atm ; then
+		einfo "Enabling PPPoATM support"
+		sed -i '/^#HAVE_LIBATM=yes/s:#::' \
+			pppd/plugins/pppoatm/Makefile.linux || die
+	fi
+
+	if ! use activefilter ; then
+		einfo "Disabling active filter"
+		sed -i '/^FILTER=y/s:^:#:' pppd/Makefile.linux || die
+	fi
+
+	if use pam ; then
+		einfo "Enabling PAM"
+		sed -i '/^#USE_PAM=y/s:^#::' pppd/Makefile.linux || die
+	fi
+
+	if use ipv6 ; then
+		einfo "Enabling IPv6"
+		sed -i '/#HAVE_INET6/s:#::' pppd/Makefile.linux || die
+		echo "+ipv6" >> etc.ppp/options || die
+	fi
+
+	einfo "Enabling CBCP"
+	sed -i '/^#CBCP=y/s:#::' pppd/Makefile.linux || die
+
+	if use dhcp ; then
+		einfo "Adding ppp-dhcp plugin files"
+		sed \
+			-e '/^SUBDIRS :=/s:$: dhcp:' \
+			-i pppd/plugins/Makefile.linux || die
+	fi
+
+	# Set correct libdir
+	sed -i -e "s:/lib/pppd:/$(get_libdir)/pppd:" \
+		pppd/{pathnames.h,pppd.8} || die
+
+	if use radius ; then
+		#set the right paths in radiusclient.conf
+		sed -e "s:/usr/local/etc:/etc:" \
+			-e "s:/usr/local/sbin:/usr/sbin:" \
+			-i pppd/plugins/radius/etc/radiusclient.conf || die
+		#set config dir to /etc/ppp/radius
+		sed -i -e "s:/etc/radiusclient:/etc/ppp/radius:g" \
+			pppd/plugins/radius/{*.8,*.c,*.h} \
+			pppd/plugins/radius/etc/* || die
+	else
+		einfo "Disabling radius"
+		sed -i -e '/+= radius/s:^:#:' pppd/plugins/Makefile.linux || die
+	fi
+
+	eapply_user #549588
+}
+
+src_compile() {
+	tc-export AR CC
+	emake COPTS="${CFLAGS} -D_GNU_SOURCE"
+
+	# build pppgetpass
+	cd contrib/pppgetpass || die
+	if use gtk ; then
+		emake -f Makefile.linux
+	else
+		emake pppgetpass.vt
+	fi
+}
+
+src_install() {
+	local i
+	for i in chat pppd pppdump pppstats ; do
+		doman ${i}/${i}.8
+		dosbin ${i}/${i}
+	done
+	fperms u+s-w /usr/sbin/pppd
+
+	# Install pppd header files
+	emake -C pppd INSTROOT="${D}" install-devel
+
+	dosbin pppd/plugins/rp-pppoe/pppoe-discovery
+
+	dodir /etc/ppp/peers
+	insinto /etc/ppp
+	insopts -m0600
+	newins etc.ppp/pap-secrets pap-secrets.example
+	newins etc.ppp/chap-secrets chap-secrets.example
+
+	insopts -m0644
+	doins etc.ppp/options
+
+	pamd_mimic_system ppp auth account session
+
+	local PLUGINS_DIR="/usr/$(get_libdir)/pppd/${PV}"
+	# closing " for syntax coloring
+	insinto "${PLUGINS_DIR}"
+	insopts -m0755
+	doins pppd/plugins/minconn.so
+	doins pppd/plugins/passprompt.so
+	doins pppd/plugins/passwordfd.so
+	doins pppd/plugins/winbind.so
+	doins pppd/plugins/rp-pppoe/rp-pppoe.so
+	doins pppd/plugins/pppol2tp/openl2tp.so
+	doins pppd/plugins/pppol2tp/pppol2tp.so
+	if use atm ; then
+		doins pppd/plugins/pppoatm/pppoatm.so
+	fi
+	if use dhcp ; then
+		doins pppd/plugins/dhcp/dhcpc.so
+	fi
+	if use radius ; then
+		doins pppd/plugins/radius/rad{ius,attr,realms}.so
+
+		#Copy radiusclient configuration files (#92878)
+		insinto /etc/ppp/radius
+		insopts -m0644
+		doins pppd/plugins/radius/etc/{dictionary*,issue,port-id-map,radiusclient.conf,realms,servers}
+
+		doman pppd/plugins/radius/pppd-rad{ius,attr}.8
+	fi
+
+	insinto /etc/modprobe.d
+	insopts -m0644
+	newins "${FILESDIR}/modules.ppp" ppp.conf
+
+	dodoc PLUGINS README* SETUP Changes-2.3 FAQ
+	dodoc "${FILESDIR}/README.mpls"
+
+	dosbin scripts/p{on,off,log}
+	doman scripts/pon.1
+
+	# Adding misc. specialized scripts to doc dir
+	insinto /usr/share/doc/${PF}/scripts/chatchat
+	doins scripts/chatchat/*
+	insinto /usr/share/doc/${PF}/scripts
+	doins scripts/*
+
+	if use gtk ; then
+		dosbin contrib/pppgetpass/{pppgetpass.vt,pppgetpass.gtk}
+		newsbin contrib/pppgetpass/pppgetpass.sh pppgetpass
+	else
+		newsbin contrib/pppgetpass/pppgetpass.vt pppgetpass
+	fi
+	doman contrib/pppgetpass/pppgetpass.8
+}
+
+pkg_postinst() {
+	if linux-info_get_any_version && linux_config_src_exists ; then
+		echo
+		ewarn "If the following test report contains a missing kernel configuration option that you need,"
+		ewarn "you should reconfigure and rebuild your kernel before running pppd."
+		CONFIG_CHECK="~PPP ~PPP_ASYNC ~PPP_SYNC_TTY"
+		local ERROR_PPP="CONFIG_PPP:\t missing PPP support (REQUIRED)"
+		local ERROR_PPP_ASYNC="CONFIG_PPP_ASYNC:\t missing asynchronous serial line discipline (optional, but highly recommended)"
+		local WARNING_PPP_SYNC_TTY="CONFIG_PPP_SYNC_TTY:\t missing synchronous serial line discipline (optional; used by 'sync' pppd option)"
+		if use activefilter ; then
+			CONFIG_CHECK="${CONFIG_CHECK} ~PPP_FILTER"
+			local ERROR_PPP_FILTER="CONFIG_PPP_FILTER:\t missing PPP filtering support (REQUIRED)"
+		fi
+		CONFIG_CHECK="${CONFIG_CHECK} ~PPP_DEFLATE ~PPP_BSDCOMP ~PPP_MPPE"
+		local ERROR_PPP_DEFLATE="CONFIG_PPP_DEFLATE:\t missing Deflate compression (optional, but highly recommended)"
+		local ERROR_PPP_BSDCOMP="CONFIG_PPP_BSDCOMP:\t missing BSD-Compress compression (optional, but highly recommended)"
+		local WARNING_PPP_MPPE="CONFIG_PPP_MPPE:\t missing MPPE encryption (optional, mostly used by PPTP links)"
+		CONFIG_CHECK="${CONFIG_CHECK} ~PPPOE ~PACKET"
+		local WARNING_PPPOE="CONFIG_PPPOE:\t missing PPPoE support (optional, needed by rp-pppoe plugin)"
+		local WARNING_PACKET="CONFIG_PACKET:\t missing AF_PACKET support (optional, used by rp-pppoe and dhcpc plugins)"
+		if use atm ; then
+			CONFIG_CHECK="${CONFIG_CHECK} ~PPPOATM"
+			local WARNING_PPPOATM="CONFIG_PPPOATM:\t missing PPPoA support (optional, needed by pppoatm plugin)"
+		fi
+		check_extra_config
+	fi
+
+	# create *-secrets files if not exists
+	[ -f "${ROOT}/etc/ppp/pap-secrets" ] || \
+		cp -pP "${ROOT}/etc/ppp/pap-secrets.example" "${ROOT}/etc/ppp/pap-secrets"
+	[ -f "${ROOT}/etc/ppp/chap-secrets" ] || \
+		cp -pP "${ROOT}/etc/ppp/chap-secrets.example" "${ROOT}/etc/ppp/chap-secrets"
+
+	# lib name has changed
+	sed -i -e "s:^pppoe.so:rp-pppoe.so:" "${ROOT}/etc/ppp/options" || die
+
+	echo
+	elog "Pon, poff and plog scripts have been supplied for experienced users."
+	elog "Users needing particular scripts (ssh,rsh,etc.) should check out the"
+	elog "/usr/share/doc/${PF}/scripts directory."
+}