diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2010-08-14 05:41:57 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2010-08-14 05:41:57 +0000 |
| commit | bef62957eb92c3e1c5155dabc580e65b74470941 (patch) | |
| tree | ee61724562fe1ce55573d24668a1afcdc6496ac8 /net-misc | |
| parent | mask dev-libs/linux-fusion for removal (diff) | |
| download | gentoo-2-bef62957eb92c3e1c5155dabc580e65b74470941.tar.gz gentoo-2-bef62957eb92c3e1c5155dabc580e65b74470941.tar.bz2 gentoo-2-bef62957eb92c3e1c5155dabc580e65b74470941.zip | |
Version bump #306101 by Andrew Brouwers. Add fix for ping CVE-2010-2529 #332527 by Tim Sammut.
(Portage version: 2.2_rc67/cvs/Linux x86_64)
Diffstat (limited to 'net-misc')
| -rw-r--r-- | net-misc/iputils/ChangeLog | 12 | ||||
| -rw-r--r-- | net-misc/iputils/files/iputils-20100418-aliasing.patch | 93 | ||||
| -rw-r--r-- | net-misc/iputils/files/iputils-20100418-makefile.patch | 35 | ||||
| -rw-r--r-- | net-misc/iputils/files/iputils-20100418-ping-CVE-2010-2529.patch | 22 | ||||
| -rw-r--r-- | net-misc/iputils/files/iputils-20100418-printf-size.patch | 62 | ||||
| -rw-r--r-- | net-misc/iputils/iputils-20100418.ebuild | 66 |
6 files changed, 289 insertions, 1 deletions
diff --git a/net-misc/iputils/ChangeLog b/net-misc/iputils/ChangeLog index 6d517199ddbe..7d1b6a814c33 100644 --- a/net-misc/iputils/ChangeLog +++ b/net-misc/iputils/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for net-misc/iputils # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/iputils/ChangeLog,v 1.77 2010/01/07 15:52:15 fauli Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/iputils/ChangeLog,v 1.78 2010/08/14 05:41:57 vapier Exp $ + +*iputils-20100418 (14 Aug 2010) + + 14 Aug 2010; Mike Frysinger <vapier@gentoo.org> +iputils-20100418.ebuild, + +files/iputils-20100418-aliasing.patch, + +files/iputils-20100418-makefile.patch, + +files/iputils-20100418-ping-CVE-2010-2529.patch, + +files/iputils-20100418-printf-size.patch: + Version bump #306101 by Andrew Brouwers. Add fix for ping CVE-2010-2529 + #332527 by Tim Sammut. 07 Jan 2010; Christian Faulhammer <fauli@gentoo.org> iputils-20071127-r2.ebuild: diff --git a/net-misc/iputils/files/iputils-20100418-aliasing.patch b/net-misc/iputils/files/iputils-20100418-aliasing.patch new file mode 100644 index 000000000000..48fb4d3bc2c2 --- /dev/null +++ b/net-misc/iputils/files/iputils-20100418-aliasing.patch @@ -0,0 +1,93 @@ +From f36fbe8c85223def663f46499d0b6b9a75939aaa Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Sat, 14 Aug 2010 01:34:13 -0400 +Subject: [PATCH] fix up strict-aliasing warnings + +Current build of some tools results in gcc warning about strict-aliasing +violations. So change those freaky casts to memcpy's. When the pointer +types work out, gcc will optimize this away anyways. + +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + ping6.c | 13 +++++++++---- + tracepath.c | 2 +- + tracepath6.c | 2 +- + 3 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/ping6.c b/ping6.c +index c5ff881..86f9216 100644 +--- a/ping6.c ++++ b/ping6.c +@@ -1104,18 +1104,21 @@ int build_niquery(__u8 *_nih) + { + struct ni_hdr *nih; + int cc; ++ __u16 this_nonce; + + nih = (struct ni_hdr *)_nih; + nih->ni_cksum = 0; + +- CLR(ntohs((*(__u16*)(nih->ni_nonce))) % mx_dup_ck); ++ memcpy(&this_nonce, &nih->ni_nonce, sizeof(this_nonce)); ++ CLR(ntohs(this_nonce) % mx_dup_ck); + + nih->ni_type = ICMPV6_NI_QUERY; + cc = sizeof(*nih); + datalen = 0; + + memcpy(nih->ni_nonce, ni_nonce, sizeof(nih->ni_nonce)); +- *(__u16*)(nih->ni_nonce) = htons(ntransmitted + 1); ++ this_nonce = htons(ntransmitted + 1); ++ memcpy(&nih->ni_nonce, &this_nonce, sizeof(this_nonce)); + + nih->ni_code = ni_subject_type; + nih->ni_qtype = htons(ni_query); +@@ -1331,7 +1334,7 @@ parse_reply(struct msghdr *msg, int cc, void *addr, struct timeval *tv) + #endif + if (c->cmsg_len < CMSG_LEN(sizeof(int))) + continue; +- hops = *(int*)CMSG_DATA(c); ++ memcpy(&hops, CMSG_DATA(c), sizeof(int)); + } + } + +@@ -1355,7 +1358,9 @@ parse_reply(struct msghdr *msg, int cc, void *addr, struct timeval *tv) + return 0; + } else if (icmph->icmp6_type == ICMPV6_NI_REPLY) { + struct ni_hdr *nih = (struct ni_hdr *)icmph; +- __u16 seq = ntohs(*(__u16 *)nih->ni_nonce); ++ __u16 seq; ++ memcpy(&seq, &nih->ni_nonce, sizeof(seq)); ++ seq = ntohs(seq); + if (memcmp(&nih->ni_nonce[2], &ni_nonce[2], sizeof(ni_nonce) - sizeof(__u16))) + return 1; + if (gather_statistics((__u8*)icmph, sizeof(*icmph), cc, +diff --git a/tracepath.c b/tracepath.c +index ca84a69..0a14b1b 100644 +--- a/tracepath.c ++++ b/tracepath.c +@@ -142,7 +142,7 @@ restart: + if (cmsg->cmsg_type == IP_RECVERR) { + e = (struct sock_extended_err *) CMSG_DATA(cmsg); + } else if (cmsg->cmsg_type == IP_TTL) { +- rethops = *(int*)CMSG_DATA(cmsg); ++ memcpy(&rethops, CMSG_DATA(cmsg), sizeof(int)); + } else { + printf("cmsg:%d\n ", cmsg->cmsg_type); + } +diff --git a/tracepath6.c b/tracepath6.c +index 5c2db8f..77a3563 100644 +--- a/tracepath6.c ++++ b/tracepath6.c +@@ -170,7 +170,7 @@ restart: + #ifdef IPV6_2292HOPLIMIT + case IPV6_2292HOPLIMIT: + #endif +- rethops = *(int*)CMSG_DATA(cmsg); ++ memcpy(&rethops, CMSG_DATA(cmsg), sizeof(int)); + break; + default: + printf("cmsg6:%d\n ", cmsg->cmsg_type); +-- +1.7.1.1 + diff --git a/net-misc/iputils/files/iputils-20100418-makefile.patch b/net-misc/iputils/files/iputils-20100418-makefile.patch new file mode 100644 index 000000000000..50a0e81c1307 --- /dev/null +++ b/net-misc/iputils/files/iputils-20100418-makefile.patch @@ -0,0 +1,35 @@ +--- Makefile ++++ Makefile +@@ -1,20 +1,17 @@ + # Path to parent kernel include files directory + LIBC_INCLUDE=/usr/include + +-DEFINES= +- + #options if you have a bind>=4.9.4 libresolv (or, maybe, glibc) + LDLIBS= +-ADDLIB= + + #options if you compile with libc5, and without a bind>=4.9.4 libresolv + # NOT AVAILABLE. Please, use libresolv. + +-CC=gcc + # What a pity, all new gccs are buggy and -Werror does not work. Sigh. + #CCOPT=-D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -g -Werror +-CCOPT=-D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -g +-CFLAGS=$(CCOPT) $(GLIBCFIX) $(DEFINES) ++CFLAGS ?= -O2 -g ++CFLAGS += -Wstrict-prototypes -Wall ++CPPFLAGS += -D_GNU_SOURCE + + IPV4_TARGETS=tracepath ping clockdiff rdisc arping tftpd rarpd + IPV6_TARGETS=tracepath6 traceroute6 ping6 +@@ -35,7 +32,7 @@ + rdisc_srv: rdisc_srv.o + + rdisc_srv.o: rdisc.c +- $(CC) $(CFLAGS) -DRDISC_SERVER -o rdisc_srv.o rdisc.c ++ $(CC) $(CFLAGS) $(CPPFLAGS) -DRDISC_SERVER -o rdisc_srv.o rdisc.c + + + check-kernel: diff --git a/net-misc/iputils/files/iputils-20100418-ping-CVE-2010-2529.patch b/net-misc/iputils/files/iputils-20100418-ping-CVE-2010-2529.patch new file mode 100644 index 000000000000..e9ffb04e85f3 --- /dev/null +++ b/net-misc/iputils/files/iputils-20100418-ping-CVE-2010-2529.patch @@ -0,0 +1,22 @@ +https://bugs.gentoo.org/332527 + +--- iputils-s20100418/ping.c ++++ iputils-s20100418/ping.c +@@ -1083,7 +1083,7 @@ void pr_options(unsigned char * cp, int + i = j; + i -= IPOPT_MINOFF; + if (i <= 0) +- continue; ++ break; + if (i == old_rrlen + && !strncmp((char *)cp, old_rr, i) + && !(options & F_FLOOD)) { +@@ -1120,7 +1120,7 @@ void pr_options(unsigned char * cp, int + i = j; + i -= 5; + if (i <= 0) +- continue; ++ break; + flags = *++cp; + printf("\nTS: "); + cp++; diff --git a/net-misc/iputils/files/iputils-20100418-printf-size.patch b/net-misc/iputils/files/iputils-20100418-printf-size.patch new file mode 100644 index 000000000000..edde65b5914d --- /dev/null +++ b/net-misc/iputils/files/iputils-20100418-printf-size.patch @@ -0,0 +1,62 @@ +From 6ccd3b91c18d8b13bc468ef962a9ef9dfc6c4515 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Sat, 14 Aug 2010 01:16:42 -0400 +Subject: [PATCH] tracepath: re-use printf return in print_host + +The printf funcs take an int for field widths, not a size_t. Also, since +the printf funcs already return the length of chars displayed, use that +value instead of re-calculating the length with strlen. + +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + tracepath.c | 11 ++++------- + tracepath6.c | 11 ++++------- + 2 files changed, 8 insertions(+), 14 deletions(-) + +diff --git a/tracepath.c b/tracepath.c +index 81c22e9..ca84a69 100644 +--- a/tracepath.c ++++ b/tracepath.c +@@ -68,13 +68,10 @@ void data_wait(int fd) + + void print_host(const char *a, const char *b, int both) + { +- size_t plen = 0; +- printf("%s", a); +- plen = strlen(a); +- if (both) { +- printf(" (%s)", b); +- plen += strlen(b) + 3; +- } ++ int plen; ++ plen = printf("%s", a); ++ if (both) ++ plen += printf(" (%s)", b); + if (plen >= HOST_COLUMN_SIZE) + plen = HOST_COLUMN_SIZE - 1; + printf("%*s", HOST_COLUMN_SIZE - plen, ""); +diff --git a/tracepath6.c b/tracepath6.c +index 5cc7424..5c2db8f 100644 +--- a/tracepath6.c ++++ b/tracepath6.c +@@ -80,13 +80,10 @@ void data_wait(int fd) + + void print_host(const char *a, const char *b, int both) + { +- size_t plen = 0; +- printf("%s", a); +- plen = strlen(a); +- if (both) { +- printf(" (%s)", b); +- plen += strlen(b) + 3; +- } ++ int plen; ++ plen = printf("%s", a); ++ if (both) ++ plen += printf(" (%s)", b); + if (plen >= HOST_COLUMN_SIZE) + plen = HOST_COLUMN_SIZE - 1; + printf("%*s", HOST_COLUMN_SIZE - plen, ""); +-- +1.7.1.1 + diff --git a/net-misc/iputils/iputils-20100418.ebuild b/net-misc/iputils/iputils-20100418.ebuild new file mode 100644 index 000000000000..da2c564c9e30 --- /dev/null +++ b/net-misc/iputils/iputils-20100418.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/iputils/iputils-20100418.ebuild,v 1.1 2010/08/14 05:41:57 vapier Exp $ + +inherit flag-o-matic eutils toolchain-funcs + +DESCRIPTION="Network monitoring tools including ping and ping6" +HOMEPAGE="http://www.linux-foundation.org/en/Net:Iputils" +SRC_URI="http://www.skbuff.net/iputils/iputils-s${PV}.tar.bz2 + mirror://gentoo/iputils-s${PV}-manpages.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-linux ~x86-linux" +IUSE="doc idn ipv6 SECURITY_HAZARD static" + +RDEPEND="!net-misc/rarpd + idn? ( net-dns/libidn )" +DEPEND="${RDEPEND} + virtual/os-headers" + +S=${WORKDIR}/${PN}-s${PV} + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}"/021109-uclibc-no-ether_ntohost.patch + epatch "${FILESDIR}"/${PN}-20100418-makefile.patch + epatch "${FILESDIR}"/${PN}-20100418-printf-size.patch + epatch "${FILESDIR}"/${PN}-20100418-aliasing.patch + epatch "${FILESDIR}"/${PN}-20071127-kernel-ifaddr.patch + epatch "${FILESDIR}"/${PN}-20070202-idn.patch #218638 + epatch "${FILESDIR}"/${PN}-20100418-ping-CVE-2010-2529.patch #332527 + use SECURITY_HAZARD && epatch "${FILESDIR}"/${PN}-20071127-nonroot-floodping.patch + use static && append-ldflags -static + use ipv6 || sed -i -e 's:IPV6_TARGETS=:#IPV6_TARGETS=:' Makefile + export IDN=$(use idn && echo yes) +} + +src_compile() { + tc-export CC + emake || die "make main failed" +} + +src_install() { + into / + dobin ping || die "ping" + use ipv6 && dobin ping6 + dosbin arping || die "arping" + into /usr + dosbin tracepath || die "tracepath" + use ipv6 && dosbin trace{path,route}6 + dosbin clockdiff rarpd rdisc ipg tftpd || die "misc sbin" + + fperms 4711 /bin/ping + use ipv6 && fperms 4711 /bin/ping6 /usr/sbin/traceroute6 + + dodoc INSTALL RELNOTES + use ipv6 \ + && dosym ping.8 /usr/share/man/man8/ping6.8 \ + || rm -f doc/*6.8 + rm -f doc/setkey.8 + doman doc/*.8 + + use doc && dohtml doc/*.html +} |