diff --git a/.gitignore b/.gitignore index c6103c9..9c9366e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ quagga-0.99.16.tar.gz quagga-0.99.17.tar.gz +/quagga-0.99.18.tar.gz diff --git a/quagga-0.99.18-opaque-enable.patch b/quagga-0.99.18-opaque-enable.patch new file mode 100644 index 0000000..3eb92c3 --- /dev/null +++ b/quagga-0.99.18-opaque-enable.patch @@ -0,0 +1,47 @@ +commit 36de261b57eab7a7539fb6527a1f02f3898cbafd +Author: Paul Jakma +Date: Tue Mar 22 10:18:05 2011 +0000 + + build: change sense of opaque-{lsa,te} enable args to enable by default + + * configure.ac: (AC_ARG_ENABLE({ospf-te,opaque-lsa})) reverse the sense to + --disable + (enable_{opaque_lsa,ospf_te}) treat as enabled unless explicitly disabled. + +diff --git a/configure.ac b/configure.ac +index 4409d20..27d26ef 100755 +--- a/configure.ac ++++ b/configure.ac +@@ -219,15 +219,14 @@ AC_ARG_WITH(libpam, + AC_ARG_ENABLE(tcp-zebra, + [ --enable-tcp-zebra enable TCP/IP socket connection between zebra and protocol daemon]) + AC_ARG_ENABLE(opaque-lsa, +-[ --enable-opaque-lsa enable OSPF Opaque-LSA with OSPFAPI support (RFC2370)]) ++ AC_HELP_STRING([--disable-opaque-lsa],[do not build OSPF Opaque-LSA with OSPFAPI support (RFC2370)])) + AC_ARG_ENABLE(ospfapi, +-[ --disable-ospfapi do not build OSPFAPI to access the OSPF LSA Database, +- (this is the default if --enable-opaque-lsa is not set)]) ++[ --disable-ospfapi do not build OSPFAPI to access the OSPF LSA Database]) + AC_ARG_ENABLE(ospfclient, + [ --disable-ospfclient do not build OSPFAPI client for OSPFAPI, + (this is the default if --disable-ospfapi is set)]) + AC_ARG_ENABLE(ospf-te, +-[ --enable-ospf-te enable Traffic Engineering Extension to OSPF]) ++ AC_HELP_STRING([--disable-ospf-te],[disable Traffic Engineering Extension to OSPF])) + AC_ARG_ENABLE(multipath, + [ --enable-multipath=ARG enable multipath function, ARG must be digit]) + AC_ARG_ENABLE(user, +@@ -292,11 +291,11 @@ if test "${enable_tcp_zebra}" = "yes"; then + AC_DEFINE(HAVE_TCP_ZEBRA,,Use TCP for zebra communication) + fi + +-if test "${enable_opaque_lsa}" = "yes"; then ++if test "${enable_opaque_lsa}" != "no"; then + AC_DEFINE(HAVE_OPAQUE_LSA,,OSPF Opaque LSA) + fi + +-if test "${enable_ospf_te}" = "yes"; then ++if test "${enable_ospf_te}" != "no"; then + AC_DEFINE(HAVE_OPAQUE_LSA,,OSPF Opaque LSA) + AC_DEFINE(HAVE_OSPF_TE,,OSPF TE) + fi diff --git a/quagga-0.99.18-opaque-refresh-fixes.patch b/quagga-0.99.18-opaque-refresh-fixes.patch new file mode 100644 index 0000000..3179d29 --- /dev/null +++ b/quagga-0.99.18-opaque-refresh-fixes.patch @@ -0,0 +1,99 @@ +diff --git a/ospfd/ospf_lsa.h b/ospfd/ospf_lsa.h +index fee3470..72e2f8a 100644 +--- a/ospfd/ospf_lsa.h ++++ b/ospfd/ospf_lsa.h +@@ -114,6 +114,9 @@ struct ospf_lsa + + /* Refreshement List or Queue */ + int refresh_list; ++ ++ /* For Type-9 Opaque-LSAs */ ++ struct ospf_interface *oi; + }; + + /* OSPF LSA Link Type. */ +diff --git a/ospfd/ospf_nsm.c b/ospfd/ospf_nsm.c +index 279d2a0..cbc3171 100644 +--- a/ospfd/ospf_nsm.c ++++ b/ospfd/ospf_nsm.c +@@ -216,7 +216,7 @@ ospf_db_summary_add (struct ospf_neighbor *nbr, struct ospf_lsa *lsa) + { + case OSPF_OPAQUE_LINK_LSA: + /* Exclude type-9 LSAs that does not have the same "oi" with "nbr". */ +- if (lsa->oi != nbr->oi) ++ if (nbr->oi && ospf_if_exists (lsa->oi) != nbr->oi) + return 0; + break; + case OSPF_OPAQUE_AREA_LSA: +diff --git a/ospfd/ospf_opaque.c b/ospfd/ospf_opaque.c +index 6e90011..aa126e1 100644 +--- a/ospfd/ospf_opaque.c ++++ b/ospfd/ospf_opaque.c +@@ -251,7 +251,7 @@ struct ospf_opaque_functab + void (* config_write_debug )(struct vty *vty); + void (* show_opaque_info )(struct vty *vty, struct ospf_lsa *lsa); + int (* lsa_originator)(void *arg); +- void (* lsa_refresher )(struct ospf_lsa *lsa); ++ struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa); + int (* new_lsa_hook)(struct ospf_lsa *lsa); + int (* del_lsa_hook)(struct ospf_lsa *lsa); + }; +@@ -354,7 +354,7 @@ ospf_register_opaque_functab ( + void (* config_write_debug )(struct vty *vty), + void (* show_opaque_info )(struct vty *vty, struct ospf_lsa *lsa), + int (* lsa_originator)(void *arg), +- void (* lsa_refresher )(struct ospf_lsa *lsa), ++ struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa), + int (* new_lsa_hook)(struct ospf_lsa *lsa), + int (* del_lsa_hook)(struct ospf_lsa *lsa)) + { +@@ -1608,12 +1608,13 @@ out: + return new; + } + +-void ++struct ospf_lsa * + ospf_opaque_lsa_refresh (struct ospf_lsa *lsa) + { + struct ospf *ospf; + struct ospf_opaque_functab *functab; +- ++ struct ospf_lsa *new = NULL; ++ + ospf = ospf_lookup (); + + if ((functab = ospf_opaque_functab_lookup (lsa)) == NULL +@@ -1633,9 +1634,9 @@ ospf_opaque_lsa_refresh (struct ospf_lsa *lsa) + ospf_lsa_flush (ospf, lsa); + } + else +- (* functab->lsa_refresher)(lsa); ++ new = (* functab->lsa_refresher)(lsa); + +- return; ++ return new; + } + + /*------------------------------------------------------------------------* +diff --git a/ospfd/ospf_opaque.h b/ospfd/ospf_opaque.h +index f49fe46..2273064 100644 +--- a/ospfd/ospf_opaque.h ++++ b/ospfd/ospf_opaque.h +@@ -120,7 +120,7 @@ ospf_register_opaque_functab ( + void (* config_write_debug )(struct vty *vty), + void (* show_opaque_info )(struct vty *vty, struct ospf_lsa *lsa), + int (* lsa_originator)(void *arg), +- void (* lsa_refresher )(struct ospf_lsa *lsa), ++ struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa), + int (* new_lsa_hook)(struct ospf_lsa *lsa), + int (* del_lsa_hook)(struct ospf_lsa *lsa) + ); +@@ -143,7 +143,7 @@ extern void ospf_opaque_lsa_originate_schedule (struct ospf_interface *oi, + int *init_delay); + extern struct ospf_lsa *ospf_opaque_lsa_install (struct ospf_lsa *, + int rt_recalc); +-extern void ospf_opaque_lsa_refresh (struct ospf_lsa *lsa); ++extern struct ospf_lsa *ospf_opaque_lsa_refresh (struct ospf_lsa *lsa); + + extern void ospf_opaque_lsa_reoriginate_schedule (void *lsa_type_dependent, + u_char lsa_type, diff --git a/quagga-tmpfs.conf b/quagga-tmpfs.conf index ca67d53..221d8cc 100644 --- a/quagga-tmpfs.conf +++ b/quagga-tmpfs.conf @@ -1 +1 @@ -d /var/run/quagga 0751 root root +d /var/run/quagga 0755 quagga guagga diff --git a/quagga.spec b/quagga.spec index 71f5aff..727dc6f 100644 --- a/quagga.spec +++ b/quagga.spec @@ -31,17 +31,22 @@ Summary: Routing daemon Name: quagga -Version: 0.99.17 -Release: 5%{?dist} +Version: 0.99.18 +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Daemons Source0: http://www.quagga.net/download/%{name}-%{version}.tar.gz Source1: quagga-filter-perl-requires.sh Source2: quagga-tmpfs.conf -Patch1: quagga-0.99.15-perl_pth.patch -Patch2: quagga-0.99.16-posix.patch -Patch3: quagga-0.99.16-man.patch +# upstream patches +Patch1: quagga-0.99.18-opaque-enable.patch +Patch2: quagga-0.99.18-opaque-refresh-fixes.patch + +# Fedora patches +Patch101: quagga-0.99.15-perl_pth.patch +Patch102: quagga-0.99.16-posix.patch +Patch103: quagga-0.99.16-man.patch URL: http://www.quagga.net %if %with_snmp @@ -102,9 +107,12 @@ developing OSPF-API and quagga applications. %prep %setup -q -%patch1 -p1 -b .perl_pth -%patch2 -p1 -b .posix -%patch3 -p1 -b .man +%patch1 -p1 -b .opaque-enable +%patch2 -p1 -b .opaque-refresh-fixes + +%patch101 -p1 -b .perl_pth +%patch102 -p1 -b .posix +%patch103 -p1 -b .man %build # FC5+ automatic -fstack-protector-all switch @@ -350,6 +358,11 @@ rm -rf $RPM_BUILD_ROOT %endif %changelog +* Wed Mar 23 2011 Jiri Skala - 0.99.18-1 +- fixes #689852 - CVE-2010-1674 CVE-2010-1675 quagga various flaws +- fixes #690087 - ripd fails to start +- fixes #689763 - updated to latest upstream version 0.99.18 + * Tue Feb 08 2011 Fedora Release Engineering - 0.99.17-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild diff --git a/sources b/sources index 9fc162b..ba567da 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -37b9022adca04b03863d2d79787e643f quagga-0.99.17.tar.gz +59e306e93a4a1ce16760f20e9075d473 quagga-0.99.18.tar.gz