[quagga/f15/master] fixes #689852 - CVE-2010-1674 CVE-2010-1675 quagga various flaws fixes #690087 - ripd fails to start
Jiri Skala
jskala at fedoraproject.org
Wed Mar 23 12:59:13 UTC 2011
commit 64f1ae6bfd9c42d3a6de6dea56b5e8c4b11bed03
Author: Jiri Skala <jskala at skalniknb.(none)>
Date: Wed Mar 23 13:59:02 2011 +0100
fixes #689852 - CVE-2010-1674 CVE-2010-1675 quagga various flaws
fixes #690087 - ripd fails to start
fixes #689763 - updated to latest upstream version 0.99.18
.gitignore | 1 +
quagga-0.99.18-opaque-enable.patch | 47 ++++++++++++++
quagga-0.99.18-opaque-refresh-fixes.patch | 99 +++++++++++++++++++++++++++++
quagga-tmpfs.conf | 2 +-
quagga.spec | 29 ++++++---
sources | 2 +-
6 files changed, 170 insertions(+), 10 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index c6103c9..9c9366e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
quagga-0.99.16.tar.gz
quagga-0.99.17.tar.gz
+/quagga-0.99.18.tar.gz
diff --git a/quagga-0.99.18-opaque-enable.patch b/quagga-0.99.18-opaque-enable.patch
new file mode 100644
index 0000000..3eb92c3
--- /dev/null
+++ b/quagga-0.99.18-opaque-enable.patch
@@ -0,0 +1,47 @@
+commit 36de261b57eab7a7539fb6527a1f02f3898cbafd
+Author: Paul Jakma <paul at quagga.net>
+Date: Tue Mar 22 10:18:05 2011 +0000
+
+ build: change sense of opaque-{lsa,te} enable args to enable by default
+
+ * configure.ac: (AC_ARG_ENABLE({ospf-te,opaque-lsa})) reverse the sense to
+ --disable
+ (enable_{opaque_lsa,ospf_te}) treat as enabled unless explicitly disabled.
+
+diff --git a/configure.ac b/configure.ac
+index 4409d20..27d26ef 100755
+--- a/configure.ac
++++ b/configure.ac
+@@ -219,15 +219,14 @@ AC_ARG_WITH(libpam,
+ AC_ARG_ENABLE(tcp-zebra,
+ [ --enable-tcp-zebra enable TCP/IP socket connection between zebra and protocol daemon])
+ AC_ARG_ENABLE(opaque-lsa,
+-[ --enable-opaque-lsa enable OSPF Opaque-LSA with OSPFAPI support (RFC2370)])
++ AC_HELP_STRING([--disable-opaque-lsa],[do not build OSPF Opaque-LSA with OSPFAPI support (RFC2370)]))
+ AC_ARG_ENABLE(ospfapi,
+-[ --disable-ospfapi do not build OSPFAPI to access the OSPF LSA Database,
+- (this is the default if --enable-opaque-lsa is not set)])
++[ --disable-ospfapi do not build OSPFAPI to access the OSPF LSA Database])
+ AC_ARG_ENABLE(ospfclient,
+ [ --disable-ospfclient do not build OSPFAPI client for OSPFAPI,
+ (this is the default if --disable-ospfapi is set)])
+ AC_ARG_ENABLE(ospf-te,
+-[ --enable-ospf-te enable Traffic Engineering Extension to OSPF])
++ AC_HELP_STRING([--disable-ospf-te],[disable Traffic Engineering Extension to OSPF]))
+ AC_ARG_ENABLE(multipath,
+ [ --enable-multipath=ARG enable multipath function, ARG must be digit])
+ AC_ARG_ENABLE(user,
+@@ -292,11 +291,11 @@ if test "${enable_tcp_zebra}" = "yes"; then
+ AC_DEFINE(HAVE_TCP_ZEBRA,,Use TCP for zebra communication)
+ fi
+
+-if test "${enable_opaque_lsa}" = "yes"; then
++if test "${enable_opaque_lsa}" != "no"; then
+ AC_DEFINE(HAVE_OPAQUE_LSA,,OSPF Opaque LSA)
+ fi
+
+-if test "${enable_ospf_te}" = "yes"; then
++if test "${enable_ospf_te}" != "no"; then
+ AC_DEFINE(HAVE_OPAQUE_LSA,,OSPF Opaque LSA)
+ AC_DEFINE(HAVE_OSPF_TE,,OSPF TE)
+ fi
diff --git a/quagga-0.99.18-opaque-refresh-fixes.patch b/quagga-0.99.18-opaque-refresh-fixes.patch
new file mode 100644
index 0000000..3179d29
--- /dev/null
+++ b/quagga-0.99.18-opaque-refresh-fixes.patch
@@ -0,0 +1,99 @@
+diff --git a/ospfd/ospf_lsa.h b/ospfd/ospf_lsa.h
+index fee3470..72e2f8a 100644
+--- a/ospfd/ospf_lsa.h
++++ b/ospfd/ospf_lsa.h
+@@ -114,6 +114,9 @@ struct ospf_lsa
+
+ /* Refreshement List or Queue */
+ int refresh_list;
++
++ /* For Type-9 Opaque-LSAs */
++ struct ospf_interface *oi;
+ };
+
+ /* OSPF LSA Link Type. */
+diff --git a/ospfd/ospf_nsm.c b/ospfd/ospf_nsm.c
+index 279d2a0..cbc3171 100644
+--- a/ospfd/ospf_nsm.c
++++ b/ospfd/ospf_nsm.c
+@@ -216,7 +216,7 @@ ospf_db_summary_add (struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
+ {
+ case OSPF_OPAQUE_LINK_LSA:
+ /* Exclude type-9 LSAs that does not have the same "oi" with "nbr". */
+- if (lsa->oi != nbr->oi)
++ if (nbr->oi && ospf_if_exists (lsa->oi) != nbr->oi)
+ return 0;
+ break;
+ case OSPF_OPAQUE_AREA_LSA:
+diff --git a/ospfd/ospf_opaque.c b/ospfd/ospf_opaque.c
+index 6e90011..aa126e1 100644
+--- a/ospfd/ospf_opaque.c
++++ b/ospfd/ospf_opaque.c
+@@ -251,7 +251,7 @@ struct ospf_opaque_functab
+ void (* config_write_debug )(struct vty *vty);
+ void (* show_opaque_info )(struct vty *vty, struct ospf_lsa *lsa);
+ int (* lsa_originator)(void *arg);
+- void (* lsa_refresher )(struct ospf_lsa *lsa);
++ struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa);
+ int (* new_lsa_hook)(struct ospf_lsa *lsa);
+ int (* del_lsa_hook)(struct ospf_lsa *lsa);
+ };
+@@ -354,7 +354,7 @@ ospf_register_opaque_functab (
+ void (* config_write_debug )(struct vty *vty),
+ void (* show_opaque_info )(struct vty *vty, struct ospf_lsa *lsa),
+ int (* lsa_originator)(void *arg),
+- void (* lsa_refresher )(struct ospf_lsa *lsa),
++ struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa),
+ int (* new_lsa_hook)(struct ospf_lsa *lsa),
+ int (* del_lsa_hook)(struct ospf_lsa *lsa))
+ {
+@@ -1608,12 +1608,13 @@ out:
+ return new;
+ }
+
+-void
++struct ospf_lsa *
+ ospf_opaque_lsa_refresh (struct ospf_lsa *lsa)
+ {
+ struct ospf *ospf;
+ struct ospf_opaque_functab *functab;
+-
++ struct ospf_lsa *new = NULL;
++
+ ospf = ospf_lookup ();
+
+ if ((functab = ospf_opaque_functab_lookup (lsa)) == NULL
+@@ -1633,9 +1634,9 @@ ospf_opaque_lsa_refresh (struct ospf_lsa *lsa)
+ ospf_lsa_flush (ospf, lsa);
+ }
+ else
+- (* functab->lsa_refresher)(lsa);
++ new = (* functab->lsa_refresher)(lsa);
+
+- return;
++ return new;
+ }
+
+ /*------------------------------------------------------------------------*
+diff --git a/ospfd/ospf_opaque.h b/ospfd/ospf_opaque.h
+index f49fe46..2273064 100644
+--- a/ospfd/ospf_opaque.h
++++ b/ospfd/ospf_opaque.h
+@@ -120,7 +120,7 @@ ospf_register_opaque_functab (
+ void (* config_write_debug )(struct vty *vty),
+ void (* show_opaque_info )(struct vty *vty, struct ospf_lsa *lsa),
+ int (* lsa_originator)(void *arg),
+- void (* lsa_refresher )(struct ospf_lsa *lsa),
++ struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa),
+ int (* new_lsa_hook)(struct ospf_lsa *lsa),
+ int (* del_lsa_hook)(struct ospf_lsa *lsa)
+ );
+@@ -143,7 +143,7 @@ extern void ospf_opaque_lsa_originate_schedule (struct ospf_interface *oi,
+ int *init_delay);
+ extern struct ospf_lsa *ospf_opaque_lsa_install (struct ospf_lsa *,
+ int rt_recalc);
+-extern void ospf_opaque_lsa_refresh (struct ospf_lsa *lsa);
++extern struct ospf_lsa *ospf_opaque_lsa_refresh (struct ospf_lsa *lsa);
+
+ extern void ospf_opaque_lsa_reoriginate_schedule (void *lsa_type_dependent,
+ u_char lsa_type,
diff --git a/quagga-tmpfs.conf b/quagga-tmpfs.conf
index ca67d53..221d8cc 100644
--- a/quagga-tmpfs.conf
+++ b/quagga-tmpfs.conf
@@ -1 +1 @@
-d /var/run/quagga 0751 root root
+d /var/run/quagga 0755 quagga guagga
diff --git a/quagga.spec b/quagga.spec
index 71f5aff..727dc6f 100644
--- a/quagga.spec
+++ b/quagga.spec
@@ -31,17 +31,22 @@
Summary: Routing daemon
Name: quagga
-Version: 0.99.17
-Release: 5%{?dist}
+Version: 0.99.18
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Daemons
Source0: http://www.quagga.net/download/%{name}-%{version}.tar.gz
Source1: quagga-filter-perl-requires.sh
Source2: quagga-tmpfs.conf
-Patch1: quagga-0.99.15-perl_pth.patch
-Patch2: quagga-0.99.16-posix.patch
-Patch3: quagga-0.99.16-man.patch
+# upstream patches
+Patch1: quagga-0.99.18-opaque-enable.patch
+Patch2: quagga-0.99.18-opaque-refresh-fixes.patch
+
+# Fedora patches
+Patch101: quagga-0.99.15-perl_pth.patch
+Patch102: quagga-0.99.16-posix.patch
+Patch103: quagga-0.99.16-man.patch
URL: http://www.quagga.net
%if %with_snmp
@@ -102,9 +107,12 @@ developing OSPF-API and quagga applications.
%prep
%setup -q
-%patch1 -p1 -b .perl_pth
-%patch2 -p1 -b .posix
-%patch3 -p1 -b .man
+%patch1 -p1 -b .opaque-enable
+%patch2 -p1 -b .opaque-refresh-fixes
+
+%patch101 -p1 -b .perl_pth
+%patch102 -p1 -b .posix
+%patch103 -p1 -b .man
%build
# FC5+ automatic -fstack-protector-all switch
@@ -350,6 +358,11 @@ rm -rf $RPM_BUILD_ROOT
%endif
%changelog
+* Wed Mar 23 2011 Jiri Skala <jskala at redhat.com> - 0.99.18-1
+- fixes #689852 - CVE-2010-1674 CVE-2010-1675 quagga various flaws
+- fixes #690087 - ripd fails to start
+- fixes #689763 - updated to latest upstream version 0.99.18
+
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.99.17-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
diff --git a/sources b/sources
index 9fc162b..ba567da 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-37b9022adca04b03863d2d79787e643f quagga-0.99.17.tar.gz
+59e306e93a4a1ce16760f20e9075d473 quagga-0.99.18.tar.gz
More information about the scm-commits
mailing list