commit: 4d631c77987ca3619e81c2f7311a33f2e252d030 Author: Hinnerk van Bruinehsen <h.v.bruinehsen <AT> fu-berlin <DOT> de> AuthorDate: Mon May 18 23:53:17 2015 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Tue May 19 21:44:46 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-dev.git/commit/?id=4d631c77
=sys-apps/iproute2-4.0.0: fix build with musl .../files/iproute2-4.0.0-fix-build-with-musl.patch | 24 ++++ .../iproute2-4.0.0-tc-show-buffer-overflow.patch | 62 ++++++++++ sys-apps/iproute2/iproute2-4.0.0-r99.ebuild | 126 +++++++++++++++++++++ 3 files changed, 212 insertions(+) diff --git a/sys-apps/iproute2/files/iproute2-4.0.0-fix-build-with-musl.patch b/sys-apps/iproute2/files/iproute2-4.0.0-fix-build-with-musl.patch new file mode 100644 index 0000000..5281be3 --- /dev/null +++ b/sys-apps/iproute2/files/iproute2-4.0.0-fix-build-with-musl.patch @@ -0,0 +1,24 @@ +diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h +index 913bd8e..260d1e0 100644 +--- a/include/linux/if_bridge.h ++++ b/include/linux/if_bridge.h +@@ -15,7 +15,6 @@ + + #include <linux/types.h> + #include <linux/if_ether.h> +-#include <linux/in6.h> + + #define SYSFS_BRIDGE_ATTR "bridge" + #define SYSFS_BRIDGE_FDB "brforward" +diff --git a/lib/namespace.c b/lib/namespace.c +index c03a103..f121eaa 100644 +--- a/lib/namespace.c ++++ b/lib/namespace.c +@@ -9,6 +9,7 @@ + + #include <fcntl.h> + #include <dirent.h> ++#include <sys/param.h> + + #include "utils.h" + #include "namespace.h" diff --git a/sys-apps/iproute2/files/iproute2-4.0.0-tc-show-buffer-overflow.patch b/sys-apps/iproute2/files/iproute2-4.0.0-tc-show-buffer-overflow.patch new file mode 100644 index 0000000..6c6c9a5 --- /dev/null +++ b/sys-apps/iproute2/files/iproute2-4.0.0-tc-show-buffer-overflow.patch @@ -0,0 +1,62 @@ +https://bugs.gentoo.org/546928 + +From 46679bbbe89699016d31486de7599590d02a5054 Mon Sep 17 00:00:00 2001 +From: Vadim Kochan <[email protected]> +Date: Mon, 20 Apr 2015 08:33:32 +0300 +Subject: [PATCH] tc util: Fix possible buffer overflow when print class id + +Use correct handle buffer length. + +Signed-off-by: Vadim Kochan <[email protected]> +--- + tc/tc_util.c | 19 ++++++++++--------- + 1 file changed, 10 insertions(+), 9 deletions(-) + +diff --git a/tc/tc_util.c b/tc/tc_util.c +index 1d3153d..dc2b70f 100644 +--- a/tc/tc_util.c ++++ b/tc/tc_util.c +@@ -128,30 +128,31 @@ ok: + return 0; + } + +-int print_tc_classid(char *buf, int len, __u32 h) ++int print_tc_classid(char *buf, int blen, __u32 h) + { +- char handle[40] = {}; ++ SPRINT_BUF(handle) = {}; ++ int hlen = SPRINT_BSIZE - 1; + + if (h == TC_H_ROOT) + sprintf(handle, "root"); + else if (h == TC_H_UNSPEC) +- snprintf(handle, len, "none"); ++ snprintf(handle, hlen, "none"); + else if (TC_H_MAJ(h) == 0) +- snprintf(handle, len, ":%x", TC_H_MIN(h)); ++ snprintf(handle, hlen, ":%x", TC_H_MIN(h)); + else if (TC_H_MIN(h) == 0) +- snprintf(handle, len, "%x:", TC_H_MAJ(h) >> 16); ++ snprintf(handle, hlen, "%x:", TC_H_MAJ(h) >> 16); + else +- snprintf(handle, len, "%x:%x", TC_H_MAJ(h) >> 16, TC_H_MIN(h)); ++ snprintf(handle, hlen, "%x:%x", TC_H_MAJ(h) >> 16, TC_H_MIN(h)); + + if (use_names) { + char clname[IDNAME_MAX] = {}; + + if (id_to_name(cls_names, h, clname)) +- snprintf(buf, len, "%s#%s", clname, handle); ++ snprintf(buf, blen, "%s#%s", clname, handle); + else +- snprintf(buf, len, "%s", handle); ++ snprintf(buf, blen, "%s", handle); + } else { +- snprintf(buf, len, "%s", handle); ++ snprintf(buf, blen, "%s", handle); + } + + return 0; +-- +2.3.5 + diff --git a/sys-apps/iproute2/iproute2-4.0.0-r99.ebuild b/sys-apps/iproute2/iproute2-4.0.0-r99.ebuild new file mode 100644 index 0000000..0ee21b5 --- /dev/null +++ b/sys-apps/iproute2/iproute2-4.0.0-r99.ebuild @@ -0,0 +1,126 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/iproute2/iproute2-4.0.0-r1.ebuild,v 1.1 2015/04/20 20:51:18 vapier Exp $ + +EAPI="5" + +inherit eutils toolchain-funcs flag-o-matic multilib + +if [[ ${PV} == "9999" ]] ; then + EGIT_REPO_URI="git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git" + inherit git-2 +else + SRC_URI="mirror://kernel/linux/utils/net/${PN}/${P}.tar.xz" + KEYWORDS="amd64 ~arm ~mips ~ppc x86" +fi + +DESCRIPTION="kernel routing and traffic control utilities" +HOMEPAGE="http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2"; + +LICENSE="GPL-2" +SLOT="0" +IUSE="atm berkdb +iptables ipv6 minimal selinux" + +RDEPEND="!net-misc/arpd + iptables? ( >=net-firewall/iptables-1.4.20:= ) + !minimal? ( berkdb? ( sys-libs/db:= ) ) + atm? ( net-dialup/linux-atm ) + selinux? ( sys-libs/libselinux )" +DEPEND="${RDEPEND} + app-arch/xz-utils + iptables? ( virtual/pkgconfig ) + sys-devel/bison + sys-devel/flex + >=sys-kernel/linux-headers-2.6.27 + elibc_glibc? ( >=sys-libs/glibc-2.7 )" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-3.1.0-mtu.patch #291907 + epatch "${FILESDIR}"/${P}-tc-show-buffer-overflow.patch #546928 + use ipv6 || epatch "${FILESDIR}"/${PN}-3.10.0-no-ipv6.patch #326849 + epatch "${FILESDIR}"/${PN}-4.0.0-fix-build-with-musl.patch + + sed -i \ + -e '/^CC =/d' \ + -e "/^LIBDIR/s:=.*:=/$(get_libdir):" \ + -e "s:-O2:${CFLAGS} ${CPPFLAGS}:" \ + -e "/^HOSTCC/s:=.*:= $(tc-getBUILD_CC):" \ + -e "/^WFLAGS/s:-Werror::" \ + -e "/^DBM_INCLUDE/s:=.*:=${T}:" \ + Makefile || die + + # Use /run instead of /var/run. + sed -i \ + -e 's:/var/run:/run:g' \ + ip/ipnetns.c \ + man/man8/ip-netns.8 || die + + # build against system headers + rm -r include/netinet #include/linux include/ip{,6}tables{,_common}.h include/libiptc + sed -i 's:TCPI_OPT_ECN_SEEN:16:' misc/ss.c || die + + # don't build arpd if USE=-berkdb #81660 + use berkdb || sed -i '/^TARGETS=/s: arpd : :' misc/Makefile + + use minimal && sed -i -e '/^SUBDIRS=/s:=.*:=lib tc:' Makefile +} + +src_configure() { + tc-export AR CC PKG_CONFIG + + # This sure is ugly. Should probably move into toolchain-funcs at some point. + local setns + pushd "${T}" >/dev/null + echo 'main(){return setns();};' > test.c + ${CC} ${CFLAGS} ${LDFLAGS} test.c >&/dev/null && setns=y || setns=n + echo 'main(){};' > test.c + ${CC} ${CFLAGS} ${LDFLAGS} test.c -lresolv >&/dev/null || sed -i '/^LDLIBS/s:-lresolv::' "${S}"/Makefile + popd >/dev/null + + cat <<-EOF > Config + TC_CONFIG_ATM := $(usex atm y n) + TC_CONFIG_XT := $(usex iptables y n) + HAVE_SELINUX := $(usex selinux y n) + IP_CONFIG_SETNS := ${setns} + # Use correct iptables dir, #144265 #293709 + IPT_LIB_DIR := $(use iptables && ${PKG_CONFIG} xtables --variable=xtlibdir) + EOF +} + +src_install() { + if use minimal ; then + into / + dosbin tc/tc + return 0 + fi + + emake \ + DESTDIR="${D}" \ + LIBDIR="${EPREFIX}"/$(get_libdir) \ + SBINDIR="${EPREFIX}"/sbin \ + CONFDIR="${EPREFIX}"/etc/iproute2 \ + DOCDIR="${EPREFIX}"/usr/share/doc/${PF} \ + MANDIR="${EPREFIX}"/usr/share/man \ + ARPDDIR="${EPREFIX}"/var/lib/arpd \ + install + + rm "${ED}"/usr/share/doc/${PF}/*.{sgml,tex} || die #455988 + + dodir /bin + mv "${ED}"/{s,}bin/ip || die #330115 + + dolib.a lib/libnetlink.a + insinto /usr/include + doins include/libnetlink.h + # This local header pulls in a lot of linux headers it + # doesn't directly need. Delete this header that requires + # linux-headers-3.8 until that goes stable. #467716 + sed -i '/linux\/netconf.h/d' "${ED}"/usr/include/libnetlink.h || die + + if use berkdb ; then + dodir /var/lib/arpd + # bug 47482, arpd doesn't need to be in /sbin + dodir /usr/bin + mv "${ED}"/sbin/arpd "${ED}"/usr/bin/ || die + fi +}
