Backport patch to fix CVE-2013-6051. Signed-off-by: Hu <[email protected]> Signed-off-by: Kai Kang <[email protected]> --- .../quagga/files/quagga-fix-CVE-2013-6051.patch | 29 ++++++++++++++++++++++ .../recipes-protocols/quagga/quagga.inc | 1 + 2 files changed, 30 insertions(+) create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch
diff --git a/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch b/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch new file mode 100644 index 0000000..fde9e0c --- /dev/null +++ b/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch @@ -0,0 +1,29 @@ + +From 8794e8d229dc9fe29ea31424883433d4880ef408 +From: Paul Jakma <[email protected]> +Date: Mon, 13 Feb 2012 13:53:07 +0000 +Subject: bgpd: Fix regression in args consolidation, total should be inited from args + +bgpd: Fix regression in args consolidation, total should be inited from args + +* bgp_attr.c: (bgp_attr_unknown) total should be initialised from the args. + +Upstream-Status: Backport + +Signed-off-by: Kai Kang <[email protected]> +--- + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index 65af824..839f64d 100644 +--- a/bgpd/bgp_attr.c ++++ b/bgpd/bgp_attr.c + +@@ -1646,7 +1646,7 @@ + static bgp_attr_parse_ret_t + bgp_attr_unknown (struct bgp_attr_parser_args *args) + { +- bgp_size_t total; ++ bgp_size_t total = args->total; + struct transit *transit; + struct attr_extra *attre; + struct peer *const peer = args->peer; diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc b/meta-networking/recipes-protocols/quagga/quagga.inc index 65ff040..5e85e55 100644 --- a/meta-networking/recipes-protocols/quagga/quagga.inc +++ b/meta-networking/recipes-protocols/quagga/quagga.inc @@ -26,6 +26,7 @@ QUAGGASUBDIR = "" SRC_URI = "http://download.savannah.gnu.org/releases/quagga${QUAGGASUBDIR}/quagga-${PV}.tar.gz;name=quagga-${PV} \ file://fix-for-lib-inpath.patch \ file://quagga-0.99.17-libcap.patch \ + file://quagga-fix-CVE-2013-6051.patch \ file://Zebra-sync-zebra-routing-table-with-the-kernel-one.patch \ file://quagga.init \ file://quagga.default \ -- 1.8.4 -- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
