OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 13-Nov-2003 20:11:54
Branch: HEAD Handle: 2003111319115201
Modified files:
openpkg-src/zebra zebra.patch zebra.spec
openpkg-web news.txt
Log:
include a bunch of RedHat patches, including two security bugfixes
Summary:
Revision Changes Path
1.5 +250 -119 openpkg-src/zebra/zebra.patch
1.45 +1 -1 openpkg-src/zebra/zebra.spec
1.7390 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/zebra/zebra.patch
============================================================================
$ cvs diff -u -r1.4 -r1.5 zebra.patch
--- openpkg-src/zebra/zebra.patch 24 Jul 2003 21:03:08 -0000 1.4
+++ openpkg-src/zebra/zebra.patch 13 Nov 2003 19:11:53 -0000 1.5
@@ -1,65 +1,42 @@
---- ripd/ripd.c
-+++ ripd/ripd.c
-@@ -51,6 +51,10 @@
-
- /* RIP queries. */
- long rip_global_queries = 0;
-+
-+/* Should we trust netmasks or rather apply_classful_mask_ipv4()
-+ in rip_output_process() ? */
-+char rip_should_trust_netmasks = 0;
- �
- /* Prototypes. */
- void rip_event (enum rip_event, int);
-@@ -1963,7 +1967,9 @@
- zlog_info("%s/%d before RIPv1 mask check ",
- inet_ntoa (classfull.prefix), classfull.prefixlen);
-
-- apply_classful_mask_ipv4 (&classfull);
-+ if (!rip_should_trust_netmasks)
-+ apply_classful_mask_ipv4 (&classfull);
-+
- p = &classfull;
+Index: lib/vty.h
+--- lib/vty.h.orig 2002-08-18 16:34:00.000000000 +0200
++++ lib/vty.h 2003-11-13 20:03:55.000000000 +0100
+@@ -128,7 +128,7 @@
+ };
- if (IS_RIP_DEBUG_PACKET)
-@@ -2705,6 +2711,26 @@
+ /* Integrated configuration file. */
+-#define INTEGRATE_DEFAULT_CONFIG "Zebra.conf"
++#define INTEGRATE_DEFAULT_CONFIG "zebra.conf.integrate"
- return CMD_SUCCESS;
- }
-+
-+DEFUN (rip_trust_netmasks,
-+ rip_trust_netmasks_cmd,
-+ "trust netmasks",
-+ "Tell Zebra to trust netmasks and not to recalculate them.\n"
-+ "Netmasks will be trusted.\n")
-+{
-+ rip_should_trust_netmasks = 1;
-+ return CMD_SUCCESS;
-+}
+ /* Small macro to determine newline is newline only or linefeed needed. */
+ #define VTY_NEWLINE ((vty->type == VTY_TERM) ? "\r\n" : "\n")
+Index: lib/vty.c
+--- lib/vty.c.orig 2003-11-13 20:03:55.000000000 +0100
++++ lib/vty.c 2003-11-13 20:04:59.000000000 +0100
+@@ -1138,13 +1138,16 @@
+ break;
+ case SE:
+ {
+- char *buffer = (char *)vty->sb_buffer->head->data;
+- int length = vty->sb_buffer->length;
++ char *buffer;
++ int length;
+
+- if (buffer == NULL)
++ if (!vty->iac_sb_in_progress)
+ return 0;
+
+- if (!vty->iac_sb_in_progress)
++ buffer = (char *)vty->sb_buffer->head->data;
++ length = vty->sb_buffer->length;
+
-+DEFUN (no_rip_trust_netmasks,
-+ no_rip_trust_netmasks_cmd,
-+ "no trust netmasks",
-+ "Tell Zebra not to trust netmasks and recalculate them.\n"
-+ "Netmasks will be recalculated.\n")
-+{
-+ rip_should_trust_netmasks = 0;
-+ return CMD_SUCCESS;
-+}
- �
- struct route_table *rip_distance_table;
-
-@@ -3503,6 +3529,8 @@
- install_element (RIP_NODE, &no_rip_distance_source_cmd);
- install_element (RIP_NODE, &rip_distance_source_access_list_cmd);
- install_element (RIP_NODE, &no_rip_distance_source_access_list_cmd);
-+ install_element (RIP_NODE, &rip_trust_netmasks_cmd);
-+ install_element (RIP_NODE, &no_rip_trust_netmasks_cmd);
++ if (buffer == NULL)
+ return 0;
- /* Debug related init. */
- rip_debug_init ();
---- zebra/ioctl.c.orig Tue Oct 23 11:31:29 2001
-+++ zebra/ioctl.c Fri Oct 4 19:45:04 2002
+ if (buffer[0] == '\0')
+Index: zebra/ioctl.c
+--- zebra/ioctl.c.orig 2001-10-23 10:31:29.000000000 +0200
++++ zebra/ioctl.c 2003-11-13 20:03:55.000000000 +0100
@@ -349,6 +349,7 @@
int ret;
struct ifreq ifreq;
@@ -86,20 +63,81 @@
addreq.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
addreq.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME;
---- lib/vty.h.orig Sun Aug 18 16:34:00 2002
-+++ lib/vty.h Wed Mar 12 11:10:05 2003
-@@ -128,7 +128,7 @@
- };
+Index: zebra/rt_netlink.c
+--- zebra/rt_netlink.c.orig 2002-09-10 11:01:35.000000000 +0200
++++ zebra/rt_netlink.c 2003-11-13 20:04:35.000000000 +0100
+@@ -46,9 +46,8 @@
+ int seq;
+ struct sockaddr_nl snl;
+ char *name;
+-} netlink = { -1, 0, {0}, "netlink-listen" }, /* kernel messages */
+- netlink_cmd = { -1, 0, {0}, "netlink-cmd" }, /* command channel */
+- netlink_addr = {-1, 0, {0}, "netlink-addr" }; /* address channel */
++} netlink_sock ={ -1, 0, {0}, "netlink-listen" }, /* kernel messages */
++ netlink_cmd = { -1, 0, {0}, "netlink-cmd" }; /* command channel */
- /* Integrated configuration file. */
--#define INTEGRATE_DEFAULT_CONFIG "Zebra.conf"
-+#define INTEGRATE_DEFAULT_CONFIG "zebra.conf.integrate"
+ struct message nlmsg_str[] =
+ {
+@@ -206,6 +205,13 @@
+ return -1;
+ }
+
++ /* JF: Ignore messages that aren't from the kernel */
++ if ( snl.nl_pid != 0 )
++ {
++ zlog ( NULL, LOG_ERR, "Ignoring message from pid %u", snl.nl_pid );
++ continue;
++ }
++
+ for (h = (struct nlmsghdr *) buf; NLMSG_OK (h, status);
+ h = NLMSG_NEXT (h, status))
+ {
+@@ -1108,7 +1114,7 @@
+ snl.nl_family = AF_NETLINK;
+
+ /* Talk to netlink socket. */
+- ret = netlink_talk (&req.n, &netlink);
++ ret = netlink_talk (&req.n, &netlink_sock);
+ if (ret < 0)
+ return -1;
+
+@@ -1342,7 +1348,7 @@
+ if (family == AF_INET)
+ nl = &netlink_cmd;
+ else
+- nl = &netlink;
++ nl = &netlink_sock;
+
+ /* Talk to netlink socket. */
+ return netlink_talk (&req.n, nl);
+@@ -1456,8 +1462,8 @@
+ int sock;
+
+ sock = THREAD_FD (thread);
+- ret = netlink_parse_info (netlink_information_fetch, &netlink);
+- thread_add_read (master, kernel_read, NULL, netlink.sock);
++ ret = netlink_parse_info (netlink_information_fetch, &netlink_sock);
++ thread_add_read (master, kernel_read, NULL, netlink_sock.sock);
- /* Small macro to determine newline is newline only or linefeed needed. */
- #define VTY_NEWLINE ((vty->type == VTY_TERM) ? "\r\n" : "\n")
+ return 0;
+ }
+@@ -1473,10 +1479,10 @@
+ #ifdef HAVE_IPV6
+ groups |= RTMGRP_IPV6_ROUTE|RTMGRP_IPV6_IFADDR;
+ #endif /* HAVE_IPV6 */
+- netlink_socket (&netlink, groups);
++ netlink_socket (&netlink_sock, groups);
+ netlink_socket (&netlink_cmd, 0);
+
+ /* Register kernel socket. */
+- if (netlink.sock > 0)
+- thread_add_read (master, kernel_read, NULL, netlink.sock);
++ if (netlink_sock.sock > 0)
++ thread_add_read (master, kernel_read, NULL, netlink_sock.sock);
+ }
Index: bgpd/bgp_aspath.c
---- bgpd/bgp_aspath.c 19 Jun 2002 09:04:48 -0000 1.63
-+++ bgpd/bgp_aspath.c 23 Oct 2002 09:24:47 -0000 1.64
+--- bgpd/bgp_aspath.c.orig 2002-06-19 10:58:03.000000000 +0200
++++ bgpd/bgp_aspath.c 2003-11-13 20:09:33.000000000 +0100
@@ -1117,13 +1117,16 @@
{
unsigned int key = 0;
@@ -121,9 +159,27 @@
return key;
}
+@@ -1143,7 +1146,7 @@
+ void
+ aspath_init ()
+ {
+- ashash = hash_create (aspath_key_make, aspath_cmp);
++ ashash = hash_create_size (131072, aspath_key_make, aspath_cmp);
+ }
+ �
+ /* return and as path value */
+@@ -1167,7 +1170,7 @@
+
+ as = (struct aspath *) backet->data;
+
+- vty_out (vty, "[%p:%d] (%ld) ", backet, backet->key, as->refcnt);
++ vty_out (vty, "[%p:%u] (%ld) ", backet, backet->key, as->refcnt);
+ vty_out (vty, "%s%s", as->str, VTY_NEWLINE);
+ }
+
Index: bgpd/bgp_packet.c
---- bgpd/bgp_packet.c 21 Aug 2002 03:44:34 -0000 1.163
-+++ bgpd/bgp_packet.c 19 Mar 2003 11:11:11 -0000 1.165
+--- bgpd/bgp_packet.c.orig 2002-08-20 17:31:54.000000000 +0200
++++ bgpd/bgp_packet.c 2003-11-13 20:03:55.000000000 +0100
@@ -238,7 +238,6 @@
bgp_packet_set_size (s);
packet = bgp_packet_dup (s);
@@ -133,8 +189,8 @@
return packet;
}
Index: bgpd/bgp_route.c
---- bgpd/bgp_route.c 21 Aug 2002 03:44:34 -0000 1.402
-+++ bgpd/bgp_route.c 28 Feb 2003 22:24:45 -0000 1.404
+--- bgpd/bgp_route.c.orig 2002-08-20 17:06:41.000000000 +0200
++++ bgpd/bgp_route.c 2003-11-13 20:03:55.000000000 +0100
@@ -620,7 +620,10 @@
if (transparent || reflect
|| (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_NEXTHOP_UNCHANGED)
@@ -166,8 +222,8 @@
bgp_unlock_node (child);
}
Index: bgpd/bgpd.c
---- bgpd/bgpd.c 18 Aug 2002 14:10:29 -0000 1.342
-+++ bgpd/bgpd.c 6 Feb 2003 15:47:50 -0000 1.345
+--- bgpd/bgpd.c.orig 2002-08-21 05:53:35.000000000 +0200
++++ bgpd/bgpd.c 2003-11-13 20:03:55.000000000 +0100
@@ -797,6 +797,13 @@
type = peer_sort (peer);
peer->as = as;
@@ -182,50 +238,125 @@
/* Advertisement-interval reset */
if (peer_sort (peer) == BGP_PEER_IBGP)
peer->v_routeadv = BGP_DEFAULT_IBGP_ROUTEADV;
-Index: ospfd/ospf_packet.c
---- ospfd/ospf_packet.c.orig Thu Jul 4 05:06:41 2002
-+++ ospfd/ospf_packet.c Fri Mar 28 00:05:26 2003
-@@ -276,7 +276,7 @@
-
- /* check crypto seqnum. */
- nbr = ospf_nbr_lookup_by_routerid (oi->nbrs, &ospfh->router_id);
-- if (nbr && ntohl(nbr->crypt_seqnum) >= ntohl(ospfh->u.crypt.crypt_seqnum))
-+ if (nbr && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum))
- return 0;
-
- /* Generate a digest for the ospf packet - their digest + our digest. */
-
-On systems which do not HAVE_IPV6 or where configure was run with
---disable-ipv6 zebra 0.93b ignores the hostname specified with the -A
-option and only recognizes the port specified with the -P option. This
-happens with FreeBSD as mentioned by Mike Tancsa in his posting
-http://marc.theaimsgroup.com/?l=zebra&m=105118701805977 on the zebra
-mailing list but the issue is not limited to this OS. This patch enables
-the specification of hostname on systems which HAVE_GETADDRINFO
-regardless of the IP version. This fixes the problem on FreeBSD and
-possibly other OSs. Tested on FreeBSD 4.8, RedHat 9 and Solaris 9.
-2003-07-24 [EMAIL PROTECTED]
-
---- lib/vty.c.orig 2002-08-18 16:49:50.000000000 +0200
-+++ lib/vty.c 2003-07-24 21:41:24.000000000 +0200
-@@ -1700,7 +1700,7 @@
- return 0;
+Index: ripd/ripd.c
+--- ripd/ripd.c.orig 2002-07-01 02:57:22.000000000 +0200
++++ ripd/ripd.c 2003-11-13 20:03:55.000000000 +0100
+@@ -51,6 +51,10 @@
+
+ /* RIP queries. */
+ long rip_global_queries = 0;
++
++/* Should we trust netmasks or rather apply_classful_mask_ipv4()
++ in rip_output_process() ? */
++char rip_should_trust_netmasks = 0;
+ �
+ /* Prototypes. */
+ void rip_event (enum rip_event, int);
+@@ -1963,7 +1967,9 @@
+ zlog_info("%s/%d before RIPv1 mask check ",
+ inet_ntoa (classfull.prefix), classfull.prefixlen);
+
+- apply_classful_mask_ipv4 (&classfull);
++ if (!rip_should_trust_netmasks)
++ apply_classful_mask_ipv4 (&classfull);
++
+ p = &classfull;
+
+ if (IS_RIP_DEBUG_PACKET)
+@@ -2705,6 +2711,26 @@
+
+ return CMD_SUCCESS;
}
++
++DEFUN (rip_trust_netmasks,
++ rip_trust_netmasks_cmd,
++ "trust netmasks",
++ "Tell Zebra to trust netmasks and not to recalculate them.\n"
++ "Netmasks will be trusted.\n")
++{
++ rip_should_trust_netmasks = 1;
++ return CMD_SUCCESS;
++}
++
++DEFUN (no_rip_trust_netmasks,
++ no_rip_trust_netmasks_cmd,
++ "no trust netmasks",
++ "Tell Zebra not to trust netmasks and recalculate them.\n"
++ "Netmasks will be recalculated.\n")
++{
++ rip_should_trust_netmasks = 0;
++ return CMD_SUCCESS;
++}
+ �
+ struct route_table *rip_distance_table;
--#if defined(HAVE_IPV6) && !defined(NRL)
-+#if (defined(HAVE_IPV6) && !defined(NRL)) || defined (HAVE_GETADDRINFO)
- void
- vty_serv_sock_addrinfo (const char *hostname, unsigned short port)
- {
-@@ -1972,7 +1972,11 @@
- vty_serv_sock_addrinfo (hostname, port);
- #endif /* NRL*/
- #else /* ! HAVE_IPV6 */
-+#ifdef HAVE_GETADDRINFO
-+ vty_serv_sock_addrinfo (hostname, port);
-+#else /* ! HAVE_GETADDRINFO */
- vty_serv_sock_family (port, AF_INET);
-+#endif /* HAVE_GETADDRINFO */
- #endif /* HAVE_IPV6 */
- }
+@@ -3503,6 +3529,8 @@
+ install_element (RIP_NODE, &no_rip_distance_source_cmd);
+ install_element (RIP_NODE, &rip_distance_source_access_list_cmd);
+ install_element (RIP_NODE, &no_rip_distance_source_access_list_cmd);
++ install_element (RIP_NODE, &rip_trust_netmasks_cmd);
++ install_element (RIP_NODE, &no_rip_trust_netmasks_cmd);
+ /* Debug related init. */
+ rip_debug_init ();
+Index: ospfd/ospf_packet.c
+--- ospfd/ospf_packet.c.orig 2003-11-13 20:05:23.000000000 +0100
++++ ospfd/ospf_packet.c 2003-11-13 20:05:41.000000000 +0100
+@@ -312,6 +312,7 @@
+ struct md5_ctx ctx;
+ void *ibuf;
+ unsigned long oldputp;
++ u_int32_t t;
+ struct crypt_key *ck;
+ char *auth_key;
+
+@@ -323,7 +324,9 @@
+
+ /* We do this here so when we dup a packet, we don't have to
+ waste CPU rewriting other headers. */
+- ospfh->u.crypt.crypt_seqnum = htonl (oi->crypt_seqnum++);
++ t = (time(NULL) & 0xFFFFFFFF);
++ oi->crypt_seqnum = ( t > oi->crypt_seqnum ? t : oi->crypt_seqnum++);
++ ospfh->u.crypt.crypt_seqnum = htonl (oi->crypt_seqnum);
+
+ /* Get MD5 Authentication key from auth_key list. */
+ if (list_isempty (OSPF_IF_PARAM (oi, auth_crypt)))
+Index: ospfd/ospf_interface.c
+--- ospfd/ospf_interface.c.orig 2002-07-04 07:06:40.000000000 +0200
++++ ospfd/ospf_interface.c 2003-11-13 20:05:52.000000000 +0100
+@@ -429,6 +429,8 @@
+ if (oi->on_write_q)
+ {
+ listnode_delete (ospf_top->oi_write_q, oi);
++ if (list_isempty(ospf_top->oi_write_q))
++ OSPF_TIMER_OFF (ospf_top->t_write);
+ oi->on_write_q = 0;
+ }
+ }
+Index: ospfd/ospf_vty.c
+--- ospfd/ospf_vty.c.orig 2002-07-12 13:42:02.000000000 +0200
++++ ospfd/ospf_vty.c 2003-11-13 20:06:05.000000000 +0100
+@@ -3764,9 +3764,9 @@
+ #ifdef HAVE_OPAQUE_LSA
+ else if (strncmp (argv[0], "opaque-l", 8) == 0)
+ type = OSPF_OPAQUE_LINK_LSA;
+- else if (strncmp (argv[0], "opaque-a", 8) == 0)
++ else if (strncmp (argv[0], "opaque-ar", 9) == 0)
+ type = OSPF_OPAQUE_AREA_LSA;
+- else if (strncmp (argv[0], "opaque-e", 8) == 0)
++ else if (strncmp (argv[0], "opaque-as", 9) == 0)
+ type = OSPF_OPAQUE_AS_LSA;
+ #endif /* HAVE_OPAQUE_LSA */
+ else
+@@ -3888,9 +3888,9 @@
+ #ifdef HAVE_OPAQUE_LSA
+ else if (strncmp (argv[0], "opaque-l", 8) == 0)
+ type = OSPF_OPAQUE_LINK_LSA;
+- else if (strncmp (argv[0], "opaque-a", 8) == 0)
++ else if (strncmp (argv[0], "opaque-ar", 9) == 0)
+ type = OSPF_OPAQUE_AREA_LSA;
+- else if (strncmp (argv[0], "opaque-e", 8) == 0)
++ else if (strncmp (argv[0], "opaque-as", 9) == 0)
+ type = OSPF_OPAQUE_AS_LSA;
+ #endif /* HAVE_OPAQUE_LSA */
+ else
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/zebra/zebra.spec
============================================================================
$ cvs diff -u -r1.44 -r1.45 zebra.spec
--- openpkg-src/zebra/zebra.spec 1 Oct 2003 08:29:14 -0000 1.44
+++ openpkg-src/zebra/zebra.spec 13 Nov 2003 19:11:53 -0000 1.45
@@ -33,7 +33,7 @@
Group: Network
License: GPL
Version: 0.93b
-Release: 20031001
+Release: 20031113
# list of sources
Source0: ftp://ftp.zebra.org/pub/zebra/zebra-%{version}.tar.gz
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.7389 -r1.7390 news.txt
--- openpkg-web/news.txt 13 Nov 2003 17:36:01 -0000 1.7389
+++ openpkg-web/news.txt 13 Nov 2003 19:11:52 -0000 1.7390
@@ -1,3 +1,4 @@
+13-Nov-2003: Upgraded package: P<zebra-0.93b-20031113>
13-Nov-2003: Upgraded package: P<pound-1.5-20031113>
13-Nov-2003: Upgraded package: P<nessus-tool-2.0.9-20031113>
13-Nov-2003: Upgraded package: P<openvpn-1.4.3-20031113>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
