gentoo auto-resync : 27:03:2024 - 07:01:35

author: V3n3RiX <venerix@koprulu.sector> 2024-03-27 07:01:35 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2024-03-27 07:01:35 +0000
commit: e5558bb40ba46b03d0c8e82ae60dce9a32933989 (patch)
tree: 85455876dea191e90114ff262f0d971533de9cd0 /net-dialup
parent: 0b8b325c6d134a9f66de2ba751280e6480e609af (diff)
4 files changed, 171 insertions, 2 deletions
diff --git a/net-dialup/Manifest.gz b/net-dialup/Manifest.gz
index 73d6013ce274..f117eef04357 100644
--- a/net-dialup/Manifest.gz
+++ b/net-dialup/Manifest.gz
diff --git a/net-dialup/ppp/Manifest b/net-dialup/ppp/Manifest
index 08297c81d062..5bf79c3568b7 100644
--- a/net-dialup/ppp/Manifest
+++ b/net-dialup/ppp/Manifest
@@ -8,6 +8,7 @@ AUX ppp-2.5.0-openssl-pkgconfig.patch 3183 BLAKE2B c628ab91a1b564b27c50a9cc10dc7
 AUX ppp-2.5.0-pam-pkgconfig.patch 2754 BLAKE2B ecb36f0e1ca3aebfd8a8c5d4d91a0c1d41ccebf9ee90fdbb842331bdd4d4d43269d12c405872d5d110c614d6410a228983bfa87cb7c0bd1fd48763541ae84be6 SHA512 e962f9c37830b5702ae10d833dc6eadac377b4de66517c5976812927e2b983c75e33a1617622f022a585ac7acfe131cfb12a18fa5d4e90b2afcc9c0e2a9ac731
 AUX ppp-2.5.0-passwordfd-read-early.patch 2423 BLAKE2B e0393149fcd0468be000ab125c8318a4f295c5343525b1cad17ec8eb4f87b2b759bdb898bf1fc56304ed6f06418f1536e15209df18dfe719ff9865a3ff3f02c6 SHA512 52fc5d0e7f2540c7eb01101cd8e10abd5b0eaacde007b3480c27136d439527c70c568f63139590d00cab5450edfa1a63d06b7aac078f7d4ed9d0cddad106bc66
 AUX ppp-2.5.0-pidfile.patch 1257 BLAKE2B 220ada7acaf45c2cd614d2ce8883fb91c282d18a729e871316dae5209b8c97a5a7990e7c673a7ca80dd8a8116782eb46efcd94ee4d27c111b839750fd0be9d0a SHA512 cedce4514bd055b5c0600c012b87312d30f24e086750d81d218db2eb5a8a509904de99f5e1cfa7fd018533cdd45ebbe86ebbdfdfda8fa8109128ae857f3e38ec
+AUX ppp-2.5.0-radius-mppe.patch 5444 BLAKE2B 63b72701d72e1a6508b79c67b68e4ae51b28a4ee4ae77f1b6fdb0565f3dfde7928dada3a87babaa495589d93569091c692ad0985d00a9f057611778f2ebe8950 SHA512 39a1049155eeaa46ef0f2a45121f97a5b6448c86f0190263a26e90fadc213fc29bcaae0e4c0df79b29fa989266167988bf7af3ef4fdf1696aeca59bdc0a25b16
 AUX ppp-2.5.0-radiusclient.conf-parsing.patch 1466 BLAKE2B 48bd7ac24e2988f7346d4d01209ed04f37a82569a4085d7389c139755642515c6f607d3f73d57c4856aab23cba8ee4f1d0fd612be445b610948e3ce3d8dbbe60 SHA512 3f36c68e480600ea590844cd46176e7597a8bba0d8bf977c4aa697269872a493cd9ec3317a32ccc8a76f1b65b208df0deddd18f651b275164c44b052923c448f
 AUX pppd.tmpfiles 45 BLAKE2B 00daff2cb2f359640b41f8e13b08817754fa77e7a743910fb3e3cf100fffc77ea8bc38739c90123ac6bf44b417f25feedd0b2e2c91ead98b7affb7c92d22eed9 SHA512 8cb2aef7c17481f891cef981d47aceb879bbc64fe0766d193f23824484299414f0a576c45215ceaea18d39291b5ffe4c80aa4c00f0c68d88aeb924ace2ad5a8c
 DIST ppp-2.4.9-patches-03.tar.xz 18520 BLAKE2B b3da095672fa57727ba11a5dba761ea3f24ee330f27252f0379dab5761d5381809176faafed86d97a6b89cc8a4cb958baa07f4900e22fe6e76b6c852e0703f0c SHA512 9a035acf1915225340c12e6242f0c5db399b5f5970888d7f1799a5f125cf97b95d9fcb8c9aa2f6bd56c1544d2b10585f772d4fc1025002e3e8403011e3d2c029
@@ -16,5 +17,5 @@ DIST ppp-2.5.0.tar.gz 1170057 BLAKE2B 6a0e9efcbff3cb499705071cc7d0e3411cf4871fd5
 DIST ppp-dhcpc.tgz 33497 BLAKE2B ca59130012f007cf45af6bcfa468c112b0d521c8b11f42d42c566dd9de55bd6d6f1b1ceb83cbae18cfe79cb5cb36ba6c6858a4718915acc6987295008aca53da SHA512 aeaf791b14f5a09c0e2079072a157e65132cbff46e608bc0724e6a5827a01da934f5006e2774eb7105f83e607a52cb4987238f4385cf6f5cc86cbe305a556738
 DIST pppgetpass.8 450 BLAKE2B 4e9805cfecb4d07c302682c1ced42cc5d247d18fae904b909e126874af962cf48bb703cd75b0cefce4e19404f2e757602d3b57f187567fc23d4b93d9598d1486 SHA512 21f6dda908cf73ee27bfa39d2b50e7f76b371e50bd7d5a0586174b30129c119accbd260d7f9e0e6aa6aabfa5ba11a13ba560588a99672c9dd4e9f33254f88836
 EBUILD ppp-2.4.9-r9.ebuild 7866 BLAKE2B e2f6012eb93f27271c775b75fa52e0d1307adee4afdcb09bf8ae78e1ddefe451bd7782c4f5412ef264366c8db4e20bb3621c4c032c1261166c70473a94552880 SHA512 a3931bedeac10a6facc0fe354eee0e26e6c237f21f9e4d69196d657d388d1624e4bf8054c670568c0ba689d859bca87a21410da08f35baf33fc12d39cfe2263e
-EBUILD ppp-2.5.0-r6.ebuild 4172 BLAKE2B da5e5cf1e1f969da6e9b21c80d8db93e00bad52438f928172c9a7bd371d2c1c89cdf70de7beb7f5b212d262b32674b3cb69d5b4b89602850ea70c3d6c95cd5f8 SHA512 aede7f09c9a3e716ab84af2d64d645b3447115af03c2816f0c6fa9c3a0d18c777a4f8d6a3af9a57dc932252e754d0a270640031e50f2746a5e7bf95300b8a258
+EBUILD ppp-2.5.0-r7.ebuild 4220 BLAKE2B 26d8d47ffdcb4f5d1a11fc21d0eb03ab0cb9f4705866978797d649f4eb61f4305c403c1ad3c4bae21812cd1f5f803e327be78b936ba997fc3f96752304409e80 SHA512 95127dc3672f4b41b08a119a4b43e1e05fcba0cea3ea9990fb951402075d87f7b01db7630365bf12a1f3449c37f013cd982af8c07ddcede5204f718bcc553f18
 MISC metadata.xml 1002 BLAKE2B 9ce1dcb685ed4f0d6dfe2e6c885b8feca8d81fd1fea5bde44a40900d65b2f9e9a45bd03f3708d4969c51880bb7ffb791bfbc972d4ec06a3124c4215e2b66424b SHA512 cdfa0b69fab5a530b36093bc84c352da1f8acbdf3d31e2b9a4d58bde7dc7bbbce9c54000d9f874eac2ddcc803bafc89ea2a74b03cac23dca295815ece6cb2157
diff --git a/net-dialup/ppp/files/ppp-2.5.0-radius-mppe.patch b/net-dialup/ppp/files/ppp-2.5.0-radius-mppe.patch
new file mode 100644
index 000000000000..7bb63c964605
--- /dev/null
+++ b/net-dialup/ppp/files/ppp-2.5.0-radius-mppe.patch
@@ -0,0 +1,167 @@
+https://github.com/ppp-project/ppp/pull/463
+https://bugs.gentoo.org/915686
+
+From 77693b89fed6d4110184789f8e7dfd31710f3190 Mon Sep 17 00:00:00 2001
+From: Jaco Kroon <jaco@uls.co.za>
+Date: Thu, 23 Nov 2023 14:54:42 +0200
+Subject: [PATCH] radius: fix the MPPE key decryption for the second-half of
+ the key block.
+
+During he refactor in commit 4cb90c1 the key material used to decrypt
+the second-half of the encrypted block was accidentally updated from:
+
+MD5(radius_secret + crypt[0..15]); to:
+
+MD5(radius_secret + crypt[0..15] + salt)
+
+Which would obviously mismatch.
+
+This also refactors back into what I believe to be a more readable block
+with lower nesting and more comprehensive error reporting.
+
+Closes: #453
+Signed-off-by: Jaco Kroon <jaco@uls.co.za>
+---
+ pppd/plugins/radius/radius.c | 115 +++++++++++++++++------------------
+ 1 file changed, 55 insertions(+), 60 deletions(-)
+
+diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c
+index c73ca0b53..e99bc7511 100644
+--- a/pppd/plugins/radius/radius.c
++++ b/pppd/plugins/radius/radius.c
+@@ -897,80 +897,75 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
+     memcpy(plain, crypt, 32);
+ 
+     ctx = PPP_MD_CTX_new();
+-    if (ctx) {
+-
+-        if (PPP_DigestInit(ctx, PPP_md5())) {
+-
+-            if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
+-
+-                if (PPP_DigestUpdate(ctx, req_info->request_vector, AUTH_VECTOR_LEN)) {
+-
+-                    if (PPP_DigestUpdate(ctx, salt, 2)) {
+-
+-                        buflen = sizeof(buf);
+-                        if (PPP_DigestFinal(ctx, buf, &buflen)) {
+-
+-                            status = 1;
+-                        }
+-                    }
+-                }
+-            }
+-        }
+-
+-        PPP_MD_CTX_free(ctx);
++    if (!ctx) {
++	error("RADIUS: Error creating PPP_MD_CTX for MS-MPPE-%s-Key attribute", type);
++	return -1;
+     }
+ 
+-    if (status) {
+-
+-        for (i = 0; i < 16; i++) {
+-            plain[i] ^= buf[i];
+-        }
++    buflen = sizeof(buf);
++    if (!PPP_DigestInit(ctx, PPP_md5())) {
++	error("RADIUS: Error setting hash algorithm to MD5 for MS-MPPE-%s-Key attribute", type);
++    } else if (!PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
++	error("RADIUS: Error mixing in radius secret for MS-MPPE-%s-Key attribute", type);
++    } else if (!PPP_DigestUpdate(ctx, req_info->request_vector, AUTH_VECTOR_LEN)) {
++	error("RADIUS: Error mixing in request vector for MS-MPPE-%s-Key attribute", type);
++    } else if (!PPP_DigestUpdate(ctx, salt, 2)) {
++	error("RADIUS: Error mixing in salt for MS-MPPE-%s-Key attribute", type);
++    } else if (!PPP_DigestFinal(ctx, buf, &buflen)) {
++	error("RADIUS: Error finalizing key buffer for MS-MPPE-%s-Key attribute", type);
++    } else {
++	status = 1;
++    }
+ 
+-        if (plain[0] != 16) {
+-            error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
+-                  (int) plain[0], type);
+-            return -1;
+-        }
++    PPP_MD_CTX_free(ctx);
+ 
+-        status = 0;
+-        ctx = PPP_MD_CTX_new();
+-        if (ctx) {
+-
+-            if (PPP_DigestInit(ctx, PPP_md5())) {
++    if (!status)
++	return -1;
+ 
+-                if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
++    for (i = 0; i < 16; i++) {
++	plain[i] ^= buf[i];
++    }
+ 
+-                    if (PPP_DigestUpdate(ctx, crypt, 16)) {
++    if (plain[0] != 16) {
++	error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
++		(int) plain[0], type);
++	return -1;
++    }
+ 
+-                        if (PPP_DigestUpdate(ctx, salt, 2)) {
++    status = 0;
++    ctx = PPP_MD_CTX_new();
++    if (!ctx) {
++	error("RADIUS: Error creating PPP_MD_CTX for MS-MPPE-%s-Key(2) attribute", type);
++	return -1;
++    }
+ 
+-                            buflen = sizeof(buf);
+-                            if (PPP_DigestFinal(ctx, buf, &buflen)) {
++    buflen = sizeof(buf);
+ 
+-                                status = 1;
+-                            }
+-                        }
+-                    }
+-                }
+-            }
++    if (!PPP_DigestInit(ctx, PPP_md5())) {
++	error("RADIUS: Error setting hash algorithm to MD5 for MS-MPPE-%s-Key(2) attribute", type);
++    } else if (!PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
++	error("RADIUS: Error mixing in radius secret for MS-MPPE-%s-Key(2) attribute", type);
++    } else if (!PPP_DigestUpdate(ctx, crypt, 16)) {
++	error("RADIUS: Error mixing in crypt vector for MS-MPPE-%s-Key(2) attribute", type);
++    } else if (!PPP_DigestFinal(ctx, buf, &buflen)) {
++	error("RADIUS: Error finalizing key buffer for MS-MPPE-%s-Key(2) attribute", type);
++    } else {
++	status = 1;
++    }
+ 
+-            PPP_MD_CTX_free(ctx);
+-        }
++    PPP_MD_CTX_free(ctx);
+ 
+-        if (status) {
++    if (!status)
++	return -1;
+ 
+-            plain[16] ^= buf[0]; /* only need the first byte */
++    plain[16] ^= buf[0]; /* only need the first byte */
+ 
+-            if (vp->attribute == PW_MS_MPPE_SEND_KEY) {
+-                mppe_set_keys(plain + 1, NULL, 16);
+-            } else {
+-                mppe_set_keys(NULL, plain + 1, 16);
+-            }
+-            return 0;
+-        }
++    if (vp->attribute == PW_MS_MPPE_SEND_KEY) {
++	mppe_set_keys(plain + 1, NULL, 16);
++    } else {
++	mppe_set_keys(NULL, plain + 1, 16);
+     }
+-
+-    return -1;
++    return 0;
+ }
+ #endif /* PPP_WITH_MPPE */
+ 
diff --git a/net-dialup/ppp/ppp-2.5.0-r6.ebuild b/net-dialup/ppp/ppp-2.5.0-r7.ebuild
index 12bcb53cc006..bbe9e3fca683 100644
--- a/net-dialup/ppp/ppp-2.5.0-r6.ebuild
+++ b/net-dialup/ppp/ppp-2.5.0-r7.ebuild
@@ -37,9 +37,10 @@ PDEPEND="net-dialup/ppp-scripts"
 PATCHES=(
 	"${FILESDIR}"/ppp-2.5.0-passwordfd-read-early.patch
 	"${FILESDIR}"/ppp-2.5.0-pidfile.patch
-	"${FILESDIR}"/${P}-radiusclient.conf-parsing.patch
+	"${FILESDIR}"/ppp-2.5.0-radiusclient.conf-parsing.patch
 	"${FILESDIR}"/ppp-2.5.0-openssl-pkgconfig.patch
 	"${FILESDIR}"/ppp-2.5.0-pam-pkgconfig.patch
+	"${FILESDIR}"/ppp-2.5.0-radius-mppe.patch
 )
 
 pkg_setup() {
author	V3n3RiX <venerix@koprulu.sector>	2024-03-27 07:01:35 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2024-03-27 07:01:35 +0000
commit	e5558bb40ba46b03d0c8e82ae60dce9a32933989 (patch)
tree	85455876dea191e90114ff262f0d971533de9cd0 /net-dialup
parent	0b8b325c6d134a9f66de2ba751280e6480e609af (diff)