From 2768e80d28adfcaa25ee8dd7374de6cc2cffb874 Mon Sep 17 00:00:00 2001 From: Jiri Skala Date: Sep 29 2011 08:05:16 +0000 Subject: updated to 0.99.19, fixes for CVE-2011-332{3..7} --- diff --git a/.gitignore b/.gitignore index 9c9366e..871c1da 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ quagga-0.99.16.tar.gz quagga-0.99.17.tar.gz /quagga-0.99.18.tar.gz +/quagga-0.99.19.tar.gz diff --git a/quagga-0.99.18-opaque-enable.patch b/quagga-0.99.18-opaque-enable.patch deleted file mode 100644 index 3eb92c3..0000000 --- a/quagga-0.99.18-opaque-enable.patch +++ /dev/null @@ -1,47 +0,0 @@ -commit 36de261b57eab7a7539fb6527a1f02f3898cbafd -Author: Paul Jakma -Date: Tue Mar 22 10:18:05 2011 +0000 - - build: change sense of opaque-{lsa,te} enable args to enable by default - - * configure.ac: (AC_ARG_ENABLE({ospf-te,opaque-lsa})) reverse the sense to - --disable - (enable_{opaque_lsa,ospf_te}) treat as enabled unless explicitly disabled. - -diff --git a/configure.ac b/configure.ac -index 4409d20..27d26ef 100755 ---- a/configure.ac -+++ b/configure.ac -@@ -219,15 +219,14 @@ AC_ARG_WITH(libpam, - AC_ARG_ENABLE(tcp-zebra, - [ --enable-tcp-zebra enable TCP/IP socket connection between zebra and protocol daemon]) - AC_ARG_ENABLE(opaque-lsa, --[ --enable-opaque-lsa enable OSPF Opaque-LSA with OSPFAPI support (RFC2370)]) -+ AC_HELP_STRING([--disable-opaque-lsa],[do not build OSPF Opaque-LSA with OSPFAPI support (RFC2370)])) - AC_ARG_ENABLE(ospfapi, --[ --disable-ospfapi do not build OSPFAPI to access the OSPF LSA Database, -- (this is the default if --enable-opaque-lsa is not set)]) -+[ --disable-ospfapi do not build OSPFAPI to access the OSPF LSA Database]) - AC_ARG_ENABLE(ospfclient, - [ --disable-ospfclient do not build OSPFAPI client for OSPFAPI, - (this is the default if --disable-ospfapi is set)]) - AC_ARG_ENABLE(ospf-te, --[ --enable-ospf-te enable Traffic Engineering Extension to OSPF]) -+ AC_HELP_STRING([--disable-ospf-te],[disable Traffic Engineering Extension to OSPF])) - AC_ARG_ENABLE(multipath, - [ --enable-multipath=ARG enable multipath function, ARG must be digit]) - AC_ARG_ENABLE(user, -@@ -292,11 +291,11 @@ if test "${enable_tcp_zebra}" = "yes"; then - AC_DEFINE(HAVE_TCP_ZEBRA,,Use TCP for zebra communication) - fi - --if test "${enable_opaque_lsa}" = "yes"; then -+if test "${enable_opaque_lsa}" != "no"; then - AC_DEFINE(HAVE_OPAQUE_LSA,,OSPF Opaque LSA) - fi - --if test "${enable_ospf_te}" = "yes"; then -+if test "${enable_ospf_te}" != "no"; then - AC_DEFINE(HAVE_OPAQUE_LSA,,OSPF Opaque LSA) - AC_DEFINE(HAVE_OSPF_TE,,OSPF TE) - fi diff --git a/quagga-0.99.18-opaque-refresh-fixes.patch b/quagga-0.99.18-opaque-refresh-fixes.patch deleted file mode 100644 index 3179d29..0000000 --- a/quagga-0.99.18-opaque-refresh-fixes.patch +++ /dev/null @@ -1,99 +0,0 @@ -diff --git a/ospfd/ospf_lsa.h b/ospfd/ospf_lsa.h -index fee3470..72e2f8a 100644 ---- a/ospfd/ospf_lsa.h -+++ b/ospfd/ospf_lsa.h -@@ -114,6 +114,9 @@ struct ospf_lsa - - /* Refreshement List or Queue */ - int refresh_list; -+ -+ /* For Type-9 Opaque-LSAs */ -+ struct ospf_interface *oi; - }; - - /* OSPF LSA Link Type. */ -diff --git a/ospfd/ospf_nsm.c b/ospfd/ospf_nsm.c -index 279d2a0..cbc3171 100644 ---- a/ospfd/ospf_nsm.c -+++ b/ospfd/ospf_nsm.c -@@ -216,7 +216,7 @@ ospf_db_summary_add (struct ospf_neighbor *nbr, struct ospf_lsa *lsa) - { - case OSPF_OPAQUE_LINK_LSA: - /* Exclude type-9 LSAs that does not have the same "oi" with "nbr". */ -- if (lsa->oi != nbr->oi) -+ if (nbr->oi && ospf_if_exists (lsa->oi) != nbr->oi) - return 0; - break; - case OSPF_OPAQUE_AREA_LSA: -diff --git a/ospfd/ospf_opaque.c b/ospfd/ospf_opaque.c -index 6e90011..aa126e1 100644 ---- a/ospfd/ospf_opaque.c -+++ b/ospfd/ospf_opaque.c -@@ -251,7 +251,7 @@ struct ospf_opaque_functab - void (* config_write_debug )(struct vty *vty); - void (* show_opaque_info )(struct vty *vty, struct ospf_lsa *lsa); - int (* lsa_originator)(void *arg); -- void (* lsa_refresher )(struct ospf_lsa *lsa); -+ struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa); - int (* new_lsa_hook)(struct ospf_lsa *lsa); - int (* del_lsa_hook)(struct ospf_lsa *lsa); - }; -@@ -354,7 +354,7 @@ ospf_register_opaque_functab ( - void (* config_write_debug )(struct vty *vty), - void (* show_opaque_info )(struct vty *vty, struct ospf_lsa *lsa), - int (* lsa_originator)(void *arg), -- void (* lsa_refresher )(struct ospf_lsa *lsa), -+ struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa), - int (* new_lsa_hook)(struct ospf_lsa *lsa), - int (* del_lsa_hook)(struct ospf_lsa *lsa)) - { -@@ -1608,12 +1608,13 @@ out: - return new; - } - --void -+struct ospf_lsa * - ospf_opaque_lsa_refresh (struct ospf_lsa *lsa) - { - struct ospf *ospf; - struct ospf_opaque_functab *functab; -- -+ struct ospf_lsa *new = NULL; -+ - ospf = ospf_lookup (); - - if ((functab = ospf_opaque_functab_lookup (lsa)) == NULL -@@ -1633,9 +1634,9 @@ ospf_opaque_lsa_refresh (struct ospf_lsa *lsa) - ospf_lsa_flush (ospf, lsa); - } - else -- (* functab->lsa_refresher)(lsa); -+ new = (* functab->lsa_refresher)(lsa); - -- return; -+ return new; - } - - /*------------------------------------------------------------------------* -diff --git a/ospfd/ospf_opaque.h b/ospfd/ospf_opaque.h -index f49fe46..2273064 100644 ---- a/ospfd/ospf_opaque.h -+++ b/ospfd/ospf_opaque.h -@@ -120,7 +120,7 @@ ospf_register_opaque_functab ( - void (* config_write_debug )(struct vty *vty), - void (* show_opaque_info )(struct vty *vty, struct ospf_lsa *lsa), - int (* lsa_originator)(void *arg), -- void (* lsa_refresher )(struct ospf_lsa *lsa), -+ struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa), - int (* new_lsa_hook)(struct ospf_lsa *lsa), - int (* del_lsa_hook)(struct ospf_lsa *lsa) - ); -@@ -143,7 +143,7 @@ extern void ospf_opaque_lsa_originate_schedule (struct ospf_interface *oi, - int *init_delay); - extern struct ospf_lsa *ospf_opaque_lsa_install (struct ospf_lsa *, - int rt_recalc); --extern void ospf_opaque_lsa_refresh (struct ospf_lsa *lsa); -+extern struct ospf_lsa *ospf_opaque_lsa_refresh (struct ospf_lsa *lsa); - - extern void ospf_opaque_lsa_reoriginate_schedule (void *lsa_type_dependent, - u_char lsa_type, diff --git a/quagga.spec b/quagga.spec index 4afecc5..54f9d92 100644 --- a/quagga.spec +++ b/quagga.spec @@ -31,8 +31,8 @@ Summary: Routing daemon Name: quagga -Version: 0.99.18 -Release: 2%{?dist} +Version: 0.99.19 +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Daemons Source0: http://www.quagga.net/download/%{name}-%{version}.tar.gz @@ -40,8 +40,6 @@ Source1: quagga-filter-perl-requires.sh Source2: quagga-tmpfs.conf # upstream patches -Patch1: quagga-0.99.18-opaque-enable.patch -Patch2: quagga-0.99.18-opaque-refresh-fixes.patch # Fedora patches Patch101: quagga-0.99.15-perl_pth.patch @@ -107,9 +105,6 @@ developing OSPF-API and quagga applications. %prep %setup -q -%patch1 -p1 -b .opaque-enable -%patch2 -p1 -b .opaque-refresh-fixes - %patch101 -p1 -b .perl_pth %patch102 -p1 -b .posix %patch103 -p1 -b .man @@ -358,6 +353,10 @@ rm -rf $RPM_BUILD_ROOT %endif %changelog +* Thu Sep 29 2011 Jiri Skala - 0.99.19-1 +- fixes #741343 - CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 +- fixes #741580 - updated to latest upstream version 0.99.19 + * Thu Mar 31 2011 Jiri Skala - 0.99.18-2 - fixes #692219 - quagga tempfile typo causes system to fail to boot diff --git a/sources b/sources index ba567da..5d3c10a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -59e306e93a4a1ce16760f20e9075d473 quagga-0.99.18.tar.gz +b0738f86bac24aad76a7d5934bcabce0 quagga-0.99.19.tar.gz