net-dialup/ppp: Security revbump to fix CVE-2015-3310 (bug #546554).

Package-Manager: portage-2.3.2

2 files changed, 223 insertions, 0 deletions

diff --git a/net-dialup/ppp/Manifest b/net-dialup/ppp/Manifest
index d8a3fff3e256..3becde7b15fa 100644
--- a/net-dialup/ppp/Manifest
+++ b/net-dialup/ppp/Manifest
@@ -7,5 +7,6 @@ DIST ppp-2.4.6.tar.gz 687744 SHA256 1b33181a03962c8a092c055fb9980e9722728a8d98a4
 DIST ppp-2.4.7-patches-1.tar.xz 38852 SHA256 442e619ab33afe4c8d9999295a221699917604dbc55171cdef6fb2094bf0aaf6 SHA512 105c68cbabcc860498bdb583598fc5838de5f523875ef3e7c35ce3c367d89072b0a52d97c2d500cd225407e2b6d806b45054c19ff1203dd1fad10515980d56da WHIRLPOOL d57aef8666b5189d4d9a69de3097eda41233dfdc07d87ac7a91d5e03bb070f372665d7c39912fc7196504ca079220efd5103cfecc3e5f97136d089e7c4f4e44d
 DIST ppp-2.4.7-patches-2.tar.xz 37484 SHA256 ca2a58bb2af2c2a728cfaefab31386239bda2e750765141f9aae65bde38d58f1 SHA512 91d91820a7171dbe93fc4d9235456dd6eaa821b79fd0d34691bd95ecfeec2f571ed69ef07fa5839c78132dbbcb0f6b347e2ac5f794a0a1385055c7bf9a4637b6 WHIRLPOOL 6ba77ffdcf51fd792439c56dd43bab51cb978db395c1a409019e549fb1481a33f0cd8b8b3aaed93dbecb3b5e4b6916e4ef5a5425a6509b05b874add936632173
 DIST ppp-2.4.7-patches-3.tar.xz 37752 SHA256 ef210be7b8272451770d4f27bfa577220e5f7fc990edb9d74080337faa0dccbc SHA512 22c563843596058dd94b7bc80a2066473314bfd5c5beb7e48bf282d691ad580d58d54a9ba3af3e8696f1f60240e35278036d2c11074b3929be47e93cde1ab67d WHIRLPOOL e46bac31253bb5af573fd85a07dde944603a71c9e32a5ba24077b924625797f993d875429044590d21f855b1127581aa6e306ca0f463488af30392705462baac
+DIST ppp-2.4.7-patches-4.tar.xz 37308 SHA256 afd96003fb50b462852d81f10af344ff23dcf26f626e65301b45dbaaa89f03c4 SHA512 f217f7272a791605101e0f1885350db8ff8b580a647e670461b81fe0026ee9050ce68b9b9635edee89ec1ada7adf000c7e6b3aa5a5dafec875ce715a9dfb84d2 WHIRLPOOL ec8ef47938eac296e1573c8281afbfc0914e4cd2461a082f670a2367f4a77359f09b4986c10c498bf39b6a1441bbf9700529991a82a01854d8e2289a14636e9d
 DIST ppp-2.4.7.tar.gz 688117 SHA256 02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30 SHA512 e34ce24020af6a73e7a26c83c4f73a9c83fa455b7b363794dba27bf01f70368be06bff779777843949bd77f4bc9385d6ad455ea48bf8fff4e0d73cc8fef16ae2 WHIRLPOOL 48f3251e6b955ecfdaf9260b9ea5220d9e355fff836e2f5217ee0b15bf2c93e43f8207005f58bf1f97fb8ff0c76c56df8ecd8536f63c4d84d5940458ba0ba5c3
 DIST ppp-dhcpc.tgz 33497 SHA256 977fd980bb1d285963d8e27a87b7601ea84317faadfdb40989b258d1853db644 SHA512 aeaf791b14f5a09c0e2079072a157e65132cbff46e608bc0724e6a5827a01da934f5006e2774eb7105f83e607a52cb4987238f4385cf6f5cc86cbe305a556738 WHIRLPOOL 74e5e0d7f9bc52d1b9cfeff83fe74c2b38cc10c60636cd9c0f5d67d61dc7da56dbf2bcc84afa29444546792876cb36afbc853a6515ce9b3d83d6de98eacedd1e
diff --git a/net-dialup/ppp/ppp-2.4.7-r3.ebuild b/net-dialup/ppp/ppp-2.4.7-r3.ebuild
new file mode 100644
index 000000000000..a7bff5ac4e83
--- /dev/null
+++ b/net-dialup/ppp/ppp-2.4.7-r3.ebuild
@@ -0,0 +1,222 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils linux-info multilib pam toolchain-funcs
+
+PATCH_VER="4"
+DESCRIPTION="Point-to-Point Protocol (PPP)"
+HOMEPAGE="http://www.samba.org/ppp"
+SRC_URI="ftp://ftp.samba.org/pub/ppp/${P}.tar.gz
+	https://dev.gentoo.org/~polynomial-c/${P}-patches-${PATCH_VER}.tar.xz
+	http://www.netservers.net.uk/gpl/ppp-dhcpc.tgz"
+
+LICENSE="BSD GPL-2"
+SLOT="0/${PV}"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="activefilter atm dhcp eap-tls gtk ipv6 libressl pam radius"
+
+DEPEND="activefilter? ( net-libs/libpcap )
+	atm? ( net-dialup/linux-atm )
+	pam? ( virtual/pam )
+	gtk? ( x11-libs/gtk+:2 )
+	eap-tls? (
+		net-misc/curl
+		!libressl? ( dev-libs/openssl:0 )
+		libressl? ( dev-libs/libressl )
+	)"
+RDEPEND="${DEPEND}"
+PDEPEND="net-dialup/ppp-scripts"
+
+src_prepare() {
+	mv "${WORKDIR}/dhcp" "${S}/pppd/plugins" || die
+
+	use eap-tls || EPATCH_EXCLUDE+=" 8?_all_eaptls-*"
+	EPATCH_SUFFIX="patch" \
+	epatch "${WORKDIR}"/patch
+
+	if use atm ; then
+		einfo "Enabling PPPoATM support"
+		sed -i '/^#HAVE_LIBATM=yes/s:#::' \
+			pppd/plugins/pppoatm/Makefile.linux || die
+	fi
+
+	if ! use activefilter ; then
+		einfo "Disabling active filter"
+		sed -i '/^FILTER=y/s:^:#:' pppd/Makefile.linux || die
+	fi
+
+	if use pam ; then
+		einfo "Enabling PAM"
+		sed -i '/^#USE_PAM=y/s:^#::' pppd/Makefile.linux || die
+	fi
+
+	if use ipv6 ; then
+		einfo "Enabling IPv6"
+		sed -i '/#HAVE_INET6/s:#::' pppd/Makefile.linux || die
+	fi
+
+	einfo "Enabling CBCP"
+	sed -i '/^#CBCP=y/s:#::' pppd/Makefile.linux || die
+
+	if use dhcp ; then
+		einfo "Adding ppp-dhcp plugin files"
+		sed -i \
+			-e '/^SUBDIRS :=/s:$: dhcp:' \
+				pppd/plugins/Makefile.linux || die
+	fi
+
+	# Set correct libdir
+	sed -i -e "s:/lib/pppd:/$(get_libdir)/pppd:" \
+		pppd/{pathnames.h,pppd.8} || die
+
+	if use radius ; then
+		#set the right paths in radiusclient.conf
+		sed -i -e "s:/usr/local/etc:/etc:" \
+			-e "s:/usr/local/sbin:/usr/sbin:" \
+				pppd/plugins/radius/etc/radiusclient.conf || die
+		#set config dir to /etc/ppp/radius
+		sed -i -e "s:/etc/radiusclient:/etc/ppp/radius:g" \
+			pppd/plugins/radius/{*.8,*.c,*.h} \
+			pppd/plugins/radius/etc/* || die
+	else
+		einfo "Disabling radius"
+		sed -i -e '/+= radius/s:^:#:' pppd/plugins/Makefile.linux || die
+	fi
+
+	epatch_user # 549588
+}
+
+src_compile() {
+	tc-export AR CC
+	emake COPTS="${CFLAGS} -D_GNU_SOURCE"
+
+	# build pppgetpass
+	cd contrib/pppgetpass || die
+	if use gtk ; then
+		emake -f Makefile.linux
+	else
+		emake pppgetpass.vt
+	fi
+}
+
+src_install() {
+	local i
+	for i in chat pppd pppdump pppstats ; do
+		doman ${i}/${i}.8
+		dosbin ${i}/${i}
+	done
+	fperms u+s-w /usr/sbin/pppd
+
+	# Install pppd header files
+	emake -C pppd INSTROOT="${D}" install-devel
+
+	dosbin pppd/plugins/rp-pppoe/pppoe-discovery
+
+	dodir /etc/ppp/peers
+	insinto /etc/ppp
+	insopts -m0600
+	newins etc.ppp/pap-secrets pap-secrets.example
+	newins etc.ppp/chap-secrets chap-secrets.example
+
+	insopts -m0644
+	doins etc.ppp/options
+
+	pamd_mimic_system ppp auth account session
+
+	local PLUGINS_DIR="/usr/$(get_libdir)/pppd/${PV}"
+	# closing " for syntax coloring
+	insinto "${PLUGINS_DIR}"
+	insopts -m0755
+	doins pppd/plugins/minconn.so
+	doins pppd/plugins/passprompt.so
+	doins pppd/plugins/passwordfd.so
+	doins pppd/plugins/winbind.so
+	doins pppd/plugins/rp-pppoe/rp-pppoe.so
+	doins pppd/plugins/pppol2tp/openl2tp.so
+	doins pppd/plugins/pppol2tp/pppol2tp.so
+	if use atm ; then
+		doins pppd/plugins/pppoatm/pppoatm.so
+	fi
+	if use dhcp ; then
+		doins pppd/plugins/dhcp/dhcpc.so
+	fi
+	if use radius ; then
+		doins pppd/plugins/radius/rad{ius,attr,realms}.so
+
+		#Copy radiusclient configuration files (#92878)
+		insinto /etc/ppp/radius
+		insopts -m0644
+		doins pppd/plugins/radius/etc/{dictionary*,issue,port-id-map,radiusclient.conf,realms,servers}
+
+		doman pppd/plugins/radius/pppd-rad{ius,attr}.8
+	fi
+
+	insinto /etc/modprobe.d
+	insopts -m0644
+	newins "${FILESDIR}/modules.ppp" ppp.conf
+
+	dodoc PLUGINS README* SETUP Changes-2.3 FAQ
+	dodoc "${FILESDIR}/README.mpls"
+
+	dosbin scripts/p{on,off,log}
+	doman scripts/pon.1
+
+	# Adding misc. specialized scripts to doc dir
+	insinto /usr/share/doc/${PF}/scripts/chatchat
+	doins scripts/chatchat/*
+	insinto /usr/share/doc/${PF}/scripts
+	doins scripts/*
+
+	if use gtk ; then
+		dosbin contrib/pppgetpass/{pppgetpass.vt,pppgetpass.gtk}
+		newsbin contrib/pppgetpass/pppgetpass.sh pppgetpass
+	else
+		newsbin contrib/pppgetpass/pppgetpass.vt pppgetpass
+	fi
+	doman contrib/pppgetpass/pppgetpass.8
+}
+
+pkg_postinst() {
+	if linux-info_get_any_version && linux_config_src_exists ; then
+		echo
+		ewarn "If the following test report contains a missing kernel configuration option that you need,"
+		ewarn "you should reconfigure and rebuild your kernel before running pppd."
+		CONFIG_CHECK="~PPP ~PPP_ASYNC ~PPP_SYNC_TTY"
+		local ERROR_PPP="CONFIG_PPP:\t missing PPP support (REQUIRED)"
+		local ERROR_PPP_ASYNC="CONFIG_PPP_ASYNC:\t missing asynchronous serial line discipline (optional, but highly recommended)"
+		local WARNING_PPP_SYNC_TTY="CONFIG_PPP_SYNC_TTY:\t missing synchronous serial line discipline (optional; used by 'sync' pppd option)"
+		if use activefilter ; then
+			CONFIG_CHECK="${CONFIG_CHECK} ~PPP_FILTER"
+			local ERROR_PPP_FILTER="CONFIG_PPP_FILTER:\t missing PPP filtering support (REQUIRED)"
+		fi
+		CONFIG_CHECK="${CONFIG_CHECK} ~PPP_DEFLATE ~PPP_BSDCOMP ~PPP_MPPE"
+		local ERROR_PPP_DEFLATE="CONFIG_PPP_DEFLATE:\t missing Deflate compression (optional, but highly recommended)"
+		local ERROR_PPP_BSDCOMP="CONFIG_PPP_BSDCOMP:\t missing BSD-Compress compression (optional, but highly recommended)"
+		local WARNING_PPP_MPPE="CONFIG_PPP_MPPE:\t missing MPPE encryption (optional, mostly used by PPTP links)"
+		CONFIG_CHECK="${CONFIG_CHECK} ~PPPOE ~PACKET"
+		local WARNING_PPPOE="CONFIG_PPPOE:\t missing PPPoE support (optional, needed by rp-pppoe plugin)"
+		local WARNING_PACKET="CONFIG_PACKET:\t missing AF_PACKET support (optional, used by rp-pppoe and dhcpc plugins)"
+		if use atm ; then
+			CONFIG_CHECK="${CONFIG_CHECK} ~PPPOATM"
+			local WARNING_PPPOATM="CONFIG_PPPOATM:\t missing PPPoA support (optional, needed by pppoatm plugin)"
+		fi
+		check_extra_config
+	fi
+
+	# create *-secrets files if not exists
+	[ -f "${ROOT}/etc/ppp/pap-secrets" ] || \
+		cp -pP "${ROOT}/etc/ppp/pap-secrets.example" "${ROOT}/etc/ppp/pap-secrets"
+	[ -f "${ROOT}/etc/ppp/chap-secrets" ] || \
+		cp -pP "${ROOT}/etc/ppp/chap-secrets.example" "${ROOT}/etc/ppp/chap-secrets"
+
+	# lib name has changed
+	sed -i -e "s:^pppoe.so:rp-pppoe.so:" "${ROOT}/etc/ppp/options" || die
+
+	echo
+	elog "Pon, poff and plog scripts have been supplied for experienced users."
+	elog "Users needing particular scripts (ssh,rsh,etc.) should check out the"
+	elog "/usr/share/doc/${PF}/scripts directory."
+}