commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2019-04-26 22:55:30
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new.5536 (New)
Package is "quagga"
Fri Apr 26 22:55:30 2019 rev:55 rq:698175 version:1.2.4
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2018-11-26
10:27:36.265218161 +0100
+++ /work/SRC/openSUSE:Factory/.quagga.new.5536/quagga.changes 2019-04-26
22:55:33.145272517 +0200
@@ -1,0 +2,5 @@
+Fri Apr 26 10:55:02 UTC 2019 - mvet...@suse.com
+
+- bsc#1130588: Require shadow instead of old pwdutils
+
+---
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.orjG69/_old 2019-04-26 22:55:33.985271976 +0200
+++ /var/tmp/diff_new_pack.orjG69/_new 2019-04-26 22:55:33.989271973 +0200
@@ -1,7 +1,7 @@
#
# spec file for package quagga
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -67,8 +67,8 @@
BuildRequires: xz
Requires(post): %fillup_prereq
Requires(post): %{install_info_prereq}
-# pwdutils for useradd and groupadd
-Requires(pre): pwdutils
+# shadow for useradd and groupadd
+Requires(pre): shadow
Recommends: logrotate
Provides: zebra = %{version}
Obsoletes: zebra < %{version}
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2018-11-26 10:24:55
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new.19453 (New)
Package is "quagga"
Mon Nov 26 10:24:55 2018 rev:54 rq:650573 version:1.2.4
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2018-02-16
21:45:16.633778681 +0100
+++ /work/SRC/openSUSE:Factory/.quagga.new.19453/quagga.changes 2018-11-26
10:27:36.265218161 +0100
@@ -1,0 +2,39 @@
+Wed Nov 14 15:32:47 UTC 2018 - mar...@gmx.de
+
+- Update to version 1.2.4
+ Bugfix release
+ See http://mirror.easyname.at/nongnu/quagga/quagga-1.2.4.changelog.txt
+ for complete changelog.
+- Update to version 1.2.3
+ Bugfix and security release
+ See http://mirror.easyname.at/nongnu/quagga/quagga-1.2.3.changelog.txt
+ for complete changelog.
+ * Security related changes:
++ Fixes CVE-2018-5278
++ Fixes CVE-2018-5279
++ Fixes CVE-2018-5280
++ Fixes CVE-2018-5281
+- Update to version 1.2.2
+ Bugfix and security release
+ See http://mirror.easyname.at/nongnu/quagga/quagga-1.2.2.changelog.txt
+ for complete changelog.
+ * Security related changes:
++ Fixes CVE-2017-16227
+- Update to version 1.2.1
+ Bugfix release
+ See http://mirror.easyname.at/nongnu/quagga/quagga-1.2.1.changelog.txt
+ for complete changelog.
+- Update to version 1.2.0
+ Bugfix release
+ See http://mirror.easyname.at/nongnu/quagga/quagga-1.2.0.changelog.txt
+ for complete changelog.
+- Rebase patch:
+ * 0001-systemd-change-the-WantedBy-target.patch
+- Removed patches (fixed upstream):
+ * Quagga-2018-0543-bgpd.bsc1079798.patch
+ * Quagga-2018-1114-bgpd.bsc1079799.patch
+ * Quagga-2018-1550-bgpd-bsc1079800.patch
+ * Quagga-2018-1975-bdpd.bsc1079801.patch
+ * quagga-CVE-2017-16227-bgpd-Fix-AS_PATH-size-calculation.patch
+
+---
Old:
Quagga-2018-0543-bgpd.bsc1079798.patch
Quagga-2018-1114-bgpd.bsc1079799.patch
Quagga-2018-1550-bgpd-bsc1079800.patch
Quagga-2018-1975-bdpd.bsc1079801.patch
quagga-1.1.1.tar.gz
quagga-1.1.1.tar.gz.asc
quagga-CVE-2017-16227-bgpd-Fix-AS_PATH-size-calculation.patch
New:
quagga-1.2.4.tar.gz
quagga-1.2.4.tar.gz.asc
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.i6l6dD/_old 2018-11-26 10:27:36.933217377 +0100
+++ /var/tmp/diff_new_pack.i6l6dD/_new 2018-11-26 10:27:36.933217377 +0100
@@ -37,10 +37,10 @@
%define quagga_statedir %{_localstatedir}/run/%{name}
%endif
Name: quagga
-Version:1.1.1
+Version:1.2.4
Release:0
Summary:Routing Software for BGP, OSPF and RIP
-License:LGPL-2.1+
+License:LGPL-2.1-or-later
Group: Productivity/Networking/Routing
Url:http://www.quagga.net
Source:
http://download.savannah.gnu.org/releases/quagga/%{name}-%{version}.tar.gz
@@ -57,13 +57,9 @@
Patch1: %{name}-add-ospf6_main-return-value.patch
Patch2: %{name}-add-table_test-return-value.patch
Patch3: 0001-systemd-change-the-WantedBy-target.patch
-Patch4: quagga-CVE-2017-16227-bgpd-Fix-AS_PATH-size-calculation.patch
-Patch5: Quagga-2018-0543-bgpd.bsc1079798.patch
-Patch6: Quagga-2018-1114-bgpd.bsc1079799.patch
-Patch7: Quagga-2018-1550-bgpd-bsc1079800.patch
-Patch8: Quagga-2018-1975-bdpd.bsc1079801.patch
BuildRequires: autoconf >= 2.6
BuildRequires: automake >= 1.6
+BuildRequires: c-ares-devel
BuildRequires: libtool
BuildRequires: net-snmp-devel
BuildRequires: pam-devel
@@ -153,11 +149,6 @@
%patch1 -p 1
%patch2 -p 1
%patch3 -p 1
-%patch4 -p 1
-%patch5 -p 1
-%patch6 -p 1
-%patch7 -p 1
-%patch8 -p 1
%build
export CFLAGS="%{optflags} -fno-strict-aliasing"
++ 0001-systemd-change-the-WantedBy-target.patch ++
--- /var/tmp/diff_new_pack.i6l6dD/_old 2018-11-26 10:27:36.949217358 +0100
+++ /var/tmp/diff_new_pack.i6l6dD/_new 2018-11-26 10:27:36.949217358 +0100
@@ -1,161 +1,138 @@
diff --git a/redhat/bgpd.service b/redhat/bgpd.service
-index 5040284..af923df 100644
+index a50bfff..9ebabbd 100644
--- a/redhat/bgpd.service
+++ b/redhat/bgpd.service
-@@ -1,14 +1,15 @@
- [Unit]
+@@ -2,13 +2,14 @@
Description=BGP routing daemon
--BindTo=zebra.service
--After=syslog.target network.target zebra.service
-+BindsTo=zebra.service
+ BindsTo=zebra.service
+ Wants=network.target
+-After=zebra.service network-pre.target
+After=zebra.service
+ Before=network.target
ConditionPathExists=/etc/quagga/bgpd.conf
+ Documentation=man:bgpd
[Service]
Type=forking
+PIDFile=/run/quagga/bgpd.pid
EnvironmentFile=/etc/sysconfig/quagga
-
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2018-02-16 21:45:15
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is "quagga"
Fri Feb 16 21:45:15 2018 rev:53 rq:577176 version:1.1.1
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2017-11-25
08:43:34.356260511 +0100
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2018-02-16
21:45:16.633778681 +0100
@@ -1,0 +2,19 @@
+Fri Feb 9 14:05:21 UTC 2018 - m...@suse.de
+
+- Applied security fix for bgpd DoS via specially crafted BGP
+ UPDATE messages (CVE-2017-16227,bsc#1065641)
+ [+ quagga-CVE-2017-16227-bgpd-Fix-AS_PATH-size-calculation.patch]
+- Applied security fix for bgpd bounds check issue via attribute
+ length (CVE-2018-5378,Quagga-2018-0543,bsc#1079798)
+ [+ Quagga-2018-0543-bgpd.bsc1079798.patch]
+- Applied security fix for bgpd double free when processing UPDATE
+ message (CVE-2018-5379,Quagga-2018-1114,bsc#1079799)
+ [+ Quagga-2018-1114-bgpd.bsc1079799.patch]
+- Applied security fix for bgpd code-to-string conversion tables
+ overrun (CVE-2018-5380,Quagga-2018-1550,bsc#1079800)
+ [+ Quagga-2018-1550-bgpd-bsc1079800.patch]
+- Applied security fix for bgpd infinite loop on certain invalid
+ OPEN messages (CVE-2018-5381,Quagga-2018-1975,bsc#1079801)
+ [+ Quagga-2018-1975-bdpd.bsc1079801.patch]
+
+---
New:
Quagga-2018-0543-bgpd.bsc1079798.patch
Quagga-2018-1114-bgpd.bsc1079799.patch
Quagga-2018-1550-bgpd-bsc1079800.patch
Quagga-2018-1975-bdpd.bsc1079801.patch
quagga-CVE-2017-16227-bgpd-Fix-AS_PATH-size-calculation.patch
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.KRvhcY/_old 2018-02-16 21:45:17.701740164 +0100
+++ /var/tmp/diff_new_pack.KRvhcY/_new 2018-02-16 21:45:17.705740020 +0100
@@ -1,7 +1,7 @@
#
# spec file for package quagga
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -57,6 +57,11 @@
Patch1: %{name}-add-ospf6_main-return-value.patch
Patch2: %{name}-add-table_test-return-value.patch
Patch3: 0001-systemd-change-the-WantedBy-target.patch
+Patch4: quagga-CVE-2017-16227-bgpd-Fix-AS_PATH-size-calculation.patch
+Patch5: Quagga-2018-0543-bgpd.bsc1079798.patch
+Patch6: Quagga-2018-1114-bgpd.bsc1079799.patch
+Patch7: Quagga-2018-1550-bgpd-bsc1079800.patch
+Patch8: Quagga-2018-1975-bdpd.bsc1079801.patch
BuildRequires: autoconf >= 2.6
BuildRequires: automake >= 1.6
BuildRequires: libtool
@@ -148,6 +153,11 @@
%patch1 -p 1
%patch2 -p 1
%patch3 -p 1
+%patch4 -p 1
+%patch5 -p 1
+%patch6 -p 1
+%patch7 -p 1
+%patch8 -p 1
%build
export CFLAGS="%{optflags} -fno-strict-aliasing"
++ Quagga-2018-0543-bgpd.bsc1079798.patch ++
>From 6dde85082ca004d590030b2762bd59b0fbd74c93 Mon Sep 17 00:00:00 2001
From: Paul Jakma
Date: Wed, 3 Jan 2018 23:57:33 +
Upstream: yes
References: CVE-2018-5378,Quagga-2018-0543,bsc#1079798
Subject: bgpd/security: invalid attr length sends NOTIFY with data overrun
Security issue: Quagga-2018-0543
See: https://www.quagga.net/security/Quagga-2018-0543.txt
* bgpd/bgp_attr.c: (bgp_attr_parse) An invalid attribute length is correctly
checked, and a NOTIFY prepared. The NOTIFY can include the incorrect
received data with the NOTIFY, for debug purposes. Commit
c69698704806a9ac5 modified the code to do that just, and also send the
malformed attr with the NOTIFY. However, the invalid attribute length was
used as the length of the data to send back.
The result is a read past the end of data, which is then written to the
NOTIFY message and sent to the peer.
A configured BGP peer can use this bug to read up to 64 KiB of memory from
the bgpd process, or crash the process if the invalid read is caught by
some means (unmapped page and SEGV, or other mechanism) resulting in a DoS.
This bug _ought_ /not/ be exploitable by anything other than the connected
BGP peer, assuming the underlying TCP transport is secure. For no BGP
peer should send on an UPDATE with this attribute. Quagga will not, as
Quagga always validates the attr header length, regardless of type.
However, it is possible that there are BGP implementations that do not
check lengths on some attributes (e.g. optional/transitive ones of a type
they do not recognise), and might pass such malformed attrs
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2017-11-25 08:43:31
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is "quagga"
Sat Nov 25 08:43:31 2017 rev:52 rq:545122 version:1.1.1
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2017-04-12
18:21:49.206411910 +0200
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2017-11-25
08:43:34.356260511 +0100
@@ -1,0 +2,6 @@
+Thu Nov 23 13:39:02 UTC 2017 - rbr...@suse.com
+
+- Replace references to /var/adm/fillup-templates with new
+ %_fillupdir macro (boo#1069468)
+
+---
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.IV9PhW/_old 2017-11-25 08:43:35.088233842 +0100
+++ /var/tmp/diff_new_pack.IV9PhW/_new 2017-11-25 08:43:35.092233696 +0100
@@ -16,6 +16,11 @@
#
+#Compat macro for new _fillupdir macro introduced in Nov 2017
+%if ! %{defined _fillupdir}
+ %define _fillupdir /var/adm/fillup-templates
+%endif
+
%if 0%{?suse_version} > 1230
%bcond_without systemd
%else
@@ -207,8 +212,8 @@
ln -sf %{_sysconfdir}/init.d/ripngd %{buildroot}%{_sbindir}/rcripngd
ln -sf %{_sysconfdir}/init.d/ripd %{buildroot}%{_sbindir}/rcripd
%endif
-install -d -m 0755 %{buildroot}%{_localstatedir}/adm/fillup-templates/
-install -m 0644 %{SOURCE6}
%{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
+install -d -m 0755 %{buildroot}%{_fillupdir}/
+install -m 0644 %{SOURCE6} %{buildroot}%{_fillupdir}/sysconfig.%{name}
install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/quagga
install -d -m 0750 %{buildroot}%{_localstatedir}/log/quagga
install -d -m 0751 %{buildroot}%{quagga_statedir}
@@ -282,7 +287,7 @@
%dir %attr(750,quagga,quagga) %{_sysconfdir}/quagga/
%config(noreplace) %attr(640,quagga,quagga) %{_sysconfdir}/%{name}/*.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/*
-%{_localstatedir}/adm/fillup-templates/sysconfig.quagga
+%{_fillupdir}/sysconfig.quagga
%if %{with systemd}
%{_unitdir}/*.service
%dir %{_tmpfilesdir}
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2017-04-12 17:37:33
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is "quagga"
Wed Apr 12 17:37:33 2017 rev:51 rq:487325 version:1.1.1
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2017-04-11
09:46:11.920304462 +0200
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2017-04-12
18:21:49.206411910 +0200
@@ -1,0 +2,10 @@
+Tue Apr 11 11:55:39 UTC 2017 - m...@suse.de
+
+- Disabled passwords in default zebra.conf config file, causing
+ to disable vty telnet interface by default. The vty interface
+ is available via "vtysh" utility using pam authentication to
+ permit management access for root without password (bsc#1021669).
+- Changed owner of /etc/quagga to quagga:quagga to permit to manage
+ quagga via vty interface.
+
+---
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.JgBDoZ/_old 2017-04-12 18:21:49.870318029 +0200
+++ /var/tmp/diff_new_pack.JgBDoZ/_new 2017-04-12 18:21:49.874317463 +0200
@@ -215,9 +215,11 @@
install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/quagga
rm -f %{buildroot}%{_sysconfdir}/quagga/*.sample*
cat > %{buildroot}%{_sysconfdir}/quagga/zebra.conf << __EOF__
-hostname quagga
-password quagga
-enable password quagga
+!hostname quagga
+
+!password quagga
+!enable password quagga
+
log file %{_localstatedir}/log/quagga/zebra.log
__EOF__
cat > %{buildroot}%{_sysconfdir}/quagga/vtysh.conf << __EOF__
@@ -277,8 +279,8 @@
%defattr(-,root,root)
%doc */*.sample* AUTHORS COPYING* ChangeLog NEWS README REPORTING-BUGS
SERVICES TODO
%{_sbindir}/*
-%dir %attr(750,root,quagga) %{_sysconfdir}/quagga/
-%config(noreplace) %attr(640,root,quagga) %{_sysconfdir}/%{name}/*.conf
+%dir %attr(750,quagga,quagga) %{_sysconfdir}/quagga/
+%config(noreplace) %attr(640,quagga,quagga) %{_sysconfdir}/%{name}/*.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/*
%{_localstatedir}/adm/fillup-templates/sysconfig.quagga
%if %{with systemd}
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2017-04-11 09:46:08
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is "quagga"
Tue Apr 11 09:46:08 2017 rev:50 rq:485964 version:1.1.1
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2016-11-05
21:25:50.0 +0100
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2017-04-11
09:46:11.920304462 +0200
@@ -1,0 +2,42 @@
+Mon Apr 3 11:22:38 UTC 2017 - tchva...@suse.com
+
+- Remove FIXME's added by spec-cleaner by using proper phases for the
+ prereq deps
+- Remove code checking for the proc mounting (build scripts do that
+ for us anyway) + remove the commented out autoconf
+- Use content of %tmpfiles_create macro rather than 2 lines of checks
+- Use version in zebra provides/obsoletes to avoid rpmlint warning
+
+---
+Thu Mar 30 16:49:01 UTC 2017 - m...@suse.de
+
+- Update to quagga-1.1.1, a security and bug fix release (fate#323168):
+ See http://mirror.easyname.at/nongnu/quagga/quagga-1.1.1.changelog.txt
+ for complete changelog, a digest of the changes:
+ - Telnet 'vty' interface DoS fix due to unbounded memory
+allocation (CVE-2017-5495,bsc#1021669)
+ - revert opsf6d: Update router-LSA when nbr's interface-ID changes
+ See http://mirror.easyname.at/nongnu/quagga/quagga-1.0.20161017.changelog.txt
+ for complete changelog, a digest of the changes:
+- isisd: Fix size of malloc
+- isisd: check for the existance of the correct list
+- ospf6d: fix off-by-one on display of spf reasons
+- ospf6d: don't access nexthops out of bounds
+- bgpd: fix off-by-one in attribute flags handling
+- zebra: stack overrun in IPv6 RA receive code (CVE-2016-1245)
+- bgpd: Fix buffer overflow error in bgp_dump_routes_func
+- Added libfpm_pb0 and libquagga_pb0 shared library sub-packages,
+ adjusted libzebra0 sub-package name to libzebra1.
+- Use tmpfiles_create RPM macro to create quagga rundir and adjust
+ tmpfiles config to contain proper rundir at install time.
+- Removed obsolete patches:
+ quagga-CVE-2016-1245-stack-overrun-in-IPv6-RA-receive.patch
+ quagga-CVE-2016-4049-fix-buf-ovflow-bgp-dump-routes.patch
+ quagga-autoconf-detect-AM_SILENT_RULES.patch
+- Do not enable zebra's tcp interface (port 2600) to use default
+ unix socket for communication between the daemons (fate#323170).
+- Added quagga.log and create and su statemets to logrotate config,
+ changed default zebra log file name from quagga.log to zebra.log.
+- Cleaned up the spec file using spec-cleaner.
+
+---
Old:
quagga-1.0.20160315.tar.asc
quagga-1.0.20160315.tar.xz
quagga-CVE-2016-1245-stack-overrun-in-IPv6-RA-receive.patch
quagga-CVE-2016-4049-fix-buf-ovflow-bgp-dump-routes.patch
quagga-autoconf-detect-AM_SILENT_RULES.patch
New:
quagga-1.1.1.tar.gz
quagga-1.1.1.tar.gz.asc
quagga.logrotate
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.jpdGiQ/_old 2017-04-11 09:46:12.804179603 +0200
+++ /var/tmp/diff_new_pack.jpdGiQ/_new 2017-04-11 09:46:12.808179038 +0200
@@ -1,7 +1,7 @@
#
# spec file for package quagga
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,36 +21,37 @@
%else
%bcond_withsystemd
%endif
-
-%bcond_without tcp_zebra
+%bcond_withtcp_zebra
%bcond_without irdp
%bcond_withisis
%bcond_withisis_topology
%bcond_without pcre
-
+%if %{defined _rundir}
+%define quagga_statedir %{_rundir}/%{name}
+%else
+%define quagga_statedir %{_localstatedir}/run/%{name}
+%endif
Name: quagga
-Version:1.0.20160315
+Version:1.1.1
Release:0
Summary:Routing Software for BGP, OSPF and RIP
License:LGPL-2.1+
Group: Productivity/Networking/Routing
Url:http://www.quagga.net
-Source:
http://download.savannah.gnu.org/releases/quagga/%{name}-%{version}.tar.xz
-Source3:
http://download.savannah.gnu.org/releases/quagga/%{name}-%{version}.tar.asc
+Source:
http://download.savannah.gnu.org/releases/quagga/%{name}-%{version}.tar.gz
+Source1:%{name}-SUSE.tar.bz2
+Source2:%{name}.pam
+Source3:
http://download.savannah.gnu.org/releases/quagga/%{name}-%{version}.tar.gz.asc
# downloaded from:
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2016-11-05 21:25:48
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is "quagga"
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2016-10-20
23:09:55.0 +0200
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2016-11-05
21:25:50.0 +0100
@@ -1,0 +2,7 @@
+Sat Oct 22 17:54:10 UTC 2016 - jeng...@inai.de
+
+- Implement shared library policy
+- Check for user/group before adding them to the system
+- Trim description
+
+---
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.ORCUi0/_old 2016-11-05 21:25:51.0 +0100
+++ /var/tmp/diff_new_pack.ORCUi0/_new 2016-11-05 21:25:51.0 +0100
@@ -31,7 +31,7 @@
Name: quagga
Version:1.0.20160315
Release:0
-Summary:Free Routing Software (for BGP, OSPF and RIP, for example)
+Summary:Routing Software for BGP, OSPF and RIP
License:LGPL-2.1+
Group: Productivity/Networking/Routing
Url:http://www.quagga.net
@@ -87,24 +87,44 @@
%description
Quagga is a routing software suite, providing implementations of
-OSPFv2, OSPFv3, RIP v1 and v2, RIPv3 and BGPv4 for Unix platforms,
-particularly FreeBSD and Linux and also NetBSD, to mention a few.
-Quagga is a fork of GNU Zebra which was developed by Kunihiro Ishiguro.
-The Quagga tree aims to build a more involved community around Quagga
-than the current centralised model of GNU Zebra.
+OSPFv2, OSPFv3, RIP v1 and v2, RIPv3 and BGPv4. Quagga is a fork of
+GNU Zebra.
+
+%package -n libospf0
+Summary:Quagga's implementation of the OSPF protocol
+Group: System/Libraries
+
+%description -n libospf0
+This library contains part of the OSPFv2 implementation of Quagga.
+
+%package -n libospfapiclient0
+Summary:API for Quagga's OSPFv2 implementation
+Group: System/Libraries
+
+%description -n libospfapiclient0
+This library contains part of the OSPFv2 implementation of Quagga.
+
+%package -n libzebra0
+Summary:Quagga utility library
+Group: System/Libraries
+
+%description -n libzebra0
+This library contains various utility functions to Quagga, such as
+data types, buffers and socket handling.
%package devel
-Summary:Free Routing Software (for BGP, OSPF and RIP, for example)
+Summary:Development files for quagga, a routing software for BGP,
OSPF, RIP
Group: Development/Libraries/C and C++
-Requires: %{name} = %{version}
+Requires: libospf0 = %{version}
+Requires: libospfapiclient0 = %{version}
+Requires: libzebra0 = %{version}
%description devel
Quagga is a routing software suite, providing implementations of
-OSPFv2, OSPFv3, RIP v1 and v2, RIPv3 and BGPv4 for Unix platforms,
-particularly FreeBSD and Linux and also NetBSD, to mention a few.
-Quagga is a fork of GNU Zebra which was developed by Kunihiro Ishiguro.
-The Quagga tree aims to build a more involved community around Quagga
-than the current centralised model of GNU Zebra.
+OSPFv2, OSPFv3, RIP v1 and v2, RIPv3 and BGPv4. Quagga is a fork of
+GNU Zebra.
+
+This subpackage contains the headers for the Quagga libraries.
%prep
%setup -q -a 1
@@ -198,16 +218,16 @@
touch %{buildroot}%{_sysconfdir}/quagga/vtysh.conf
%pre
-%{_sbindir}/groupadd -r quagga 2> /dev/null || :
-%{_sbindir}/useradd -r -g quagga -s %{_bindir}/false \
+getent group quagga >/dev/null || %{_sbindir}/groupadd -r quagga || :
+getent passwd quagga >/dev/null || \
+ %{_sbindir}/useradd -r -g quagga -s %{_bindir}/false \
-c "Quagga routing daemon" \
- -d %{quagga_statedir} quagga 2> /dev/null || :
+ -d %{quagga_statedir} quagga || :
%if %{with systemd}
%service_add_pre zebra.service isisd.service ripd.service ospfd.service
bgpd.service ospf6d.service ripngd.service
%endif
%post
-/sbin/ldconfig
%if %{with systemd}
systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || true
%service_add_post zebra.service isisd.service ripd.service ospfd.service
bgpd.service ospf6d.service ripngd.service
@@ -232,7 +252,13 @@
%restart_on_update zebra bgpd ospf6d ospfd ripd ripngd
%insserv_cleanup
%endif
-/sbin/ldconfig
+
+%post -n libospf0 -p /sbin/ldconfig
+%postun -n libospf0 -p /sbin/ldconfig
+%post -n libospfapiclient0 -p /sbin/ldconfig
+%postun -n libospfapiclient0 -p /sbin/ldconfig
+%post -n libzebra0 -p /sbin/ldconfig
+%postun -n libzebra0 -p /sbin/ldconfig
%files
%defattr(-,root,root)
@@ -255,10 +281,21 @@
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2016-10-20 23:09:23
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is "quagga"
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2016-07-12
23:51:56.0 +0200
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2016-10-20
23:09:55.0 +0200
@@ -1,0 +2,7 @@
+Tue Oct 18 10:27:03 UTC 2016 - m...@suse.de
+
+- Add quagga-CVE-2016-1245-stack-overrun-in-IPv6-RA-receive.patch:
+ Fix for a zebra stack overrun in IPv6 RA receive code.
+ (CVE-2016-1245, bsc#1005258)
+
+---
New:
quagga-CVE-2016-1245-stack-overrun-in-IPv6-RA-receive.patch
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.JrqXUd/_old 2016-10-20 23:09:56.0 +0200
+++ /var/tmp/diff_new_pack.JrqXUd/_new 2016-10-20 23:09:56.0 +0200
@@ -50,6 +50,7 @@
Patch3: 0001-systemd-change-the-WantedBy-target.patch
Patch4: %{name}-autoconf-detect-AM_SILENT_RULES.patch
Patch5: %{name}-CVE-2016-4049-fix-buf-ovflow-bgp-dump-routes.patch
+Patch6: %{name}-CVE-2016-1245-stack-overrun-in-IPv6-RA-receive.patch
BuildRequires: autoconf >= 2.6
BuildRequires: automake >= 1.6
BuildRequires: libtool
@@ -112,6 +113,7 @@
%patch3 -p 1
%patch4 -p 1
%patch5 -p 1
+%patch6 -p 1
%build
if ! ls /proc/net/{dev,route,snmp} >/dev/null; then
++ quagga-CVE-2016-1245-stack-overrun-in-IPv6-RA-receive.patch ++
>From cfb1fae25f8c092e0d17073eaf7bd428ce1cd546 Mon Sep 17 00:00:00 2001
References: CVE-2016-1245,bsc#1005258
Upstream: yes
From: David Lamparter
Date: Wed, 31 Aug 2016 13:31:16 +0200
Subject: [PATCH] zebra: stack overrun in IPv6 RA receive code (CVE-2016-1245)
The IPv6 RA code also receives ICMPv6 RS and RA messages.
Unfortunately, by bad coding practice, the buffer size specified on
receiving such messages mixed up 2 constants that in fact have
different values.
The code itself has:
#define RTADV_MSG_SIZE 4096
While BUFSIZ is system-dependent, in my case (x86_64 glibc):
/usr/include/_G_config.h:#define _G_BUFSIZ 8192
/usr/include/libio.h:#define _IO_BUFSIZ _G_BUFSIZ
/usr/include/stdio.h:# define BUFSIZ _IO_BUFSIZ
FreeBSD, OpenBSD, NetBSD and Illumos are not affected, since all of them
have BUFSIZ == 1024.
As the latter is passed to the kernel on recvmsg(), it's possible to
overwrite 4kB of stack -- with ICMPv6 packets that can be globally sent
to any of the system's addresses (using fragmentation to get to 8k).
(The socket has filters installed limiting this to RS and RA packets,
but does not have a filter for source address or TTL.)
Issue discovered by trying to test other stuff, which randomly caused
the stack to be smaller than 8kB in that code location, which then
causes the kernel to report EFAULT (Bad address).
Signed-off-by: David Lamparter
Reviewed-by: Donald Sharp
diff --git a/zebra/rtadv.c b/zebra/rtadv.c
index d4ef1b8..2f62714 100644
--- a/zebra/rtadv.c
+++ b/zebra/rtadv.c
@@ -482,7 +482,7 @@ rtadv_read (struct thread *thread)
/* Register myself. */
rtadv_event (zvrf, RTADV_READ, sock);
- len = rtadv_recv_packet (sock, buf, BUFSIZ, , , );
+ len = rtadv_recv_packet (sock, buf, sizeof (buf), , ,
);
if (len < 0)
{
--
2.6.6
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2016-07-12 23:51:51
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is "quagga"
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2016-05-05
12:12:26.0 +0200
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2016-07-12
23:51:56.0 +0200
@@ -1,0 +2,5 @@
+Tue Jul 5 20:07:50 UTC 2016 - toddrme2...@gmail.com
+
+- Fix Group tag.
+
+---
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.UYsQ4K/_old 2016-07-12 23:51:58.0 +0200
+++ /var/tmp/diff_new_pack.UYsQ4K/_new 2016-07-12 23:51:58.0 +0200
@@ -94,7 +94,7 @@
%package devel
Summary:Free Routing Software (for BGP, OSPF and RIP, for example)
-Group: Development/Networking/Routing
+Group: Development/Libraries/C and C++
Requires: %{name} = %{version}
%description devel
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2016-05-05 12:12:24
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is "quagga"
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2016-04-08
09:39:50.0 +0200
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2016-05-05
12:12:26.0 +0200
@@ -1,0 +2,7 @@
+Wed May 4 13:32:20 UTC 2016 - pwieczorkiew...@suse.com
+
+- Add quagga-CVE-2016-4049-fix-buf-ovflow-bgp-dump-routes.patch
+ Fix for a buffer overflow error in bgp_dump_routes_func.
+ (CVE-2016-4049, bsc#977012)
+
+---
New:
quagga-CVE-2016-4049-fix-buf-ovflow-bgp-dump-routes.patch
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.cXOoVT/_old 2016-05-05 12:12:27.0 +0200
+++ /var/tmp/diff_new_pack.cXOoVT/_new 2016-05-05 12:12:27.0 +0200
@@ -49,6 +49,7 @@
Patch2: %{name}-add-table_test-return-value.patch
Patch3: 0001-systemd-change-the-WantedBy-target.patch
Patch4: %{name}-autoconf-detect-AM_SILENT_RULES.patch
+Patch5: %{name}-CVE-2016-4049-fix-buf-ovflow-bgp-dump-routes.patch
BuildRequires: autoconf >= 2.6
BuildRequires: automake >= 1.6
BuildRequires: libtool
@@ -110,6 +111,7 @@
%patch2 -p 1
%patch3 -p 1
%patch4 -p 1
+%patch5 -p 1
%build
if ! ls /proc/net/{dev,route,snmp} >/dev/null; then
++ quagga-CVE-2016-4049-fix-buf-ovflow-bgp-dump-routes.patch ++
Index: quagga-1.0.20160315/bgpd/bgp_dump.c
===
--- quagga-1.0.20160315.orig/bgpd/bgp_dump.c
+++ quagga-1.0.20160315/bgpd/bgp_dump.c
@@ -297,11 +297,96 @@ bgp_dump_routes_index_table(struct bgp *
}
+static struct bgp_info *
+bgp_dump_route_node_record (int afi, struct bgp_node *rn, struct bgp_info
*info, unsigned int seq)
+{
+ struct stream *obuf;
+ size_t sizep;
+ size_t endp;
+
+ obuf = bgp_dump_obuf;
+ stream_reset(obuf);
+
+ /* MRT header */
+ if (afi == AFI_IP)
+bgp_dump_header (obuf, MSG_TABLE_DUMP_V2, TABLE_DUMP_V2_RIB_IPV4_UNICAST,
+ BGP_DUMP_ROUTES);
+ else if (afi == AFI_IP6)
+bgp_dump_header (obuf, MSG_TABLE_DUMP_V2, TABLE_DUMP_V2_RIB_IPV6_UNICAST,
+ BGP_DUMP_ROUTES);
+
+ /* Sequence number */
+ stream_putl(obuf, seq);
+
+ /* Prefix length */
+ stream_putc (obuf, rn->p.prefixlen);
+
+ /* Prefix */
+ if (afi == AFI_IP)
+ {
+/* We'll dump only the useful bits (those not 0), but have to align on 8
bits */
+stream_write(obuf, (u_char *)>p.u.prefix4, (rn->p.prefixlen+7)/8);
+ }
+ else if (afi == AFI_IP6)
+ {
+/* We'll dump only the useful bits (those not 0), but have to align on 8
bits */
+stream_write (obuf, (u_char *)>p.u.prefix6, (rn->p.prefixlen+7)/8);
+ }
+
+ /* Save where we are now, so we can overwride the entry count later */
+ sizep = stream_get_endp(obuf);
+
+ /* Entry count */
+ uint16_t entry_count = 0;
+
+ /* Entry count, note that this is overwritten later */
+ stream_putw(obuf, 0);
+
+ endp = stream_get_endp(obuf);
+ for (; info; info = info->next)
+ {
+size_t cur_endp;
+
+/* Peer index */
+stream_putw(obuf, info->peer->table_dump_index);
+
+/* Originated */
+#ifdef HAVE_CLOCK_MONOTONIC
+ stream_putl (obuf, time(NULL) - (bgp_clock() - info->uptime));
+#else
+stream_putl (obuf, info->uptime);
+#endif /* HAVE_CLOCK_MONOTONIC */
+
+/* Dump attribute. */
+/* Skip prefix & AFI/SAFI for MP_NLRI */
+bgp_dump_routes_attr (obuf, info->attr, >p);
+
+cur_endp = stream_get_endp(obuf);
+if (cur_endp > BGP_MAX_PACKET_SIZE + BGP_DUMP_MSG_HEADER
+ + BGP_DUMP_HEADER_SIZE)
+{
+ stream_set_endp(obuf, endp);
+ break;
+}
+
+entry_count++;
+endp = cur_endp;
+ }
+
+ /* Overwrite the entry count, now that we know the right number */
+ stream_putw_at (obuf, sizep, entry_count);
+
+ bgp_dump_set_size(obuf, MSG_TABLE_DUMP_V2);
+ fwrite (STREAM_DATA (obuf), stream_get_endp (obuf), 1, bgp_dump_routes.fp);
+
+ return info;
+}
+
+
/* Runs under child process. */
static unsigned int
bgp_dump_routes_func (int afi, int first_run, unsigned int seq)
{
- struct stream *obuf;
struct bgp_info *info;
struct bgp_node *rn;
struct bgp *bgp;
@@ -320,81 +405,17 @@ bgp_dump_routes_func (int afi, int first
if(first_run)
bgp_dump_routes_index_table(bgp);
- obuf = bgp_dump_obuf;
- stream_reset(obuf);
-
/* Walk down each BGP route. */
table = bgp->rib[afi][SAFI_UNICAST];
for (rn = bgp_table_top (table); rn; rn =
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2016-04-08 09:39:48
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is "quagga"
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2015-10-20
00:08:49.0 +0200
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2016-04-08
09:39:50.0 +0200
@@ -1,0 +2,370 @@
+Thu Apr 7 12:03:16 UTC 2016 - meiss...@suse.com
+
+- replace quagga.keyring with the newer upstream keyring.
+
+---
+Fri Apr 1 15:10:23 UTC 2016 - pwieczorkiew...@suse.com
+
+- Add the %{_rundir} macro handling to spec in order to distinguish
+ /run/ vs /var/run distro versions.
+
+---
+Fri Apr 1 10:44:06 UTC 2016 - pwieczorkiew...@suse.com
+
+- Add quagga-autoconf-detect-AM_SILENT_RULES.patch:
+ Fix autoconf issue of missing AM_SILENT_RULES macro.
+- Add build requirement for xz
+
+---
+Thu Mar 31 11:59:39 UTC 2016 - pwieczorkiew...@suse.com
+
+- Disallow unprivileged users to enter config directory /etc/quagga
+ (group: quagga, mode: 750) and read configuration files installed
+ there (group: quagga, mode: 640). (boo#770619)
+- Add sysconfig.quagga:
+ Fillup template for /etc/sysconfig/quagga
+- Update to version 1.0.20160315:
+ See
http://savannah.spinellicreations.com//quagga/quagga-1.0.20160315.changelog.txt
+Remove double read of stream
+- Update to version 1.0.20160309:
+ See
http://savannah.spinellicreations.com//quagga/quagga-1.0.20160309.changelog.txt
+Add code to extract.pl.in to prevent further cli function
+overwrites
+Fixed if_add_update possible null dereference
+Fix _netlink_route_debug message
+Check prefix length from zebra is sensible
+Fix privilege dropping to use system defined groups
+Additional centos 6 -enable-werror fixes
+Fix code to use srandom/random
+Removal of 'show ip mroute'
+*: add/cleanup initialisers, missing includes, VRF ID in the
+ API message header, assorted warning
+ call if_init()/if_terminate() from vrf_init()/vrf_terminate()
+ fix "babeld: Remove babeld from Quagga" (336724d)
+ fix in_addr initialisers and more initialisers (for BSD)
+ fix signedness mix-ups
+ use an ifindex_t type, defined in lib/if.h, for ifindex values
+ use long long to print time_t
+ use void * for printing pointers
+babeld: Remove babeld from Quagga
+bgpd: add back old forms of 'show ' for compatibility
+ add "show ip bgp dampening" command tree
+ add nexthop length to AF macro
+ add some peer_lock/unlock debug code
+ add support for timer commands with peer-group syntax
+ allow using rtt in route-map's set metric
+ bgp_scan shouldn't queue up route_nodes with no routes
+for processing
+ check capability falls on right multiple of size,
+where possible.
+ check rtt later after the real peer is known
+ cleanup vty bgp_node_afi/safi utils
+ compile fix for clearing-completion FSM fix, using
+workqueue helper.
+ configured suppress value cannot be less than the reuse
+value in bgp dampening
+ crash from not NULLing freed pointers
+ display of configured dampening parameters
+ do not allow a timers connect of 0
+ drop machineparse / random "show" improvements
+ enable "bgp log-neighbor-changes" by default
+ encap: add attribute handling, add encap SAFI (RFC5512),
+ extend extcommunity handling, encap show commands
+ fix: bgp_btoa to compile,
+ crash reported by NetDEF CI,
+ ecommunity_token initialiser,
+ graceful restart capability minsize,
+ memory leak in bgpd/bgp_route.c,
+ Null pointer dereference in bgp_info_mpath_update,
+ race in clearing completion,
+ small memory leak in str2prefix_rd,
+ SNMP write support
+ 'struct peer' memory leaks
+ useless call in bgpd/bgp_mplsvpn.c
+ using of two pointers for struct thread_master *
+ VU#270232, VPNv4 NLRI parser memcpys to stack on
+ unchecked length (bsc#970952, CVE-2016-2342)
+ general MP/SAFI improvements
+ handle AS4 and EOI route distinguishers
+ if route-map does not exist DENY for redistribute
+statements
+ ignore stale entry candidates during bestpath selection.
+
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2015-10-19 22:53:46
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is "quagga"
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2015-03-27
09:40:36.0 +0100
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2015-10-20
00:08:49.0 +0200
@@ -1,0 +2,5 @@
+Sat Oct 17 14:42:59 UTC 2015 - mrueck...@suse.de
+
+- run systemd-tmpfiles in %post to get the directory set up.
+
+---
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.iSqVuo/_old 2015-10-20 00:08:51.0 +0200
+++ /var/tmp/diff_new_pack.iSqVuo/_new 2015-10-20 00:08:51.0 +0200
@@ -190,6 +190,7 @@
%post
/sbin/ldconfig
%if %{with systemd}
+systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || true
%service_add_post zebra.service isisd.service ripd.service ospfd.service
bgpd.service babeld.service ospf6d.service ripngd.service
%{fillup_only}
%else
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2015-03-27 09:40:34
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is quagga
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2014-07-31
21:50:55.0 +0200
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2015-03-27
09:40:36.0 +0100
@@ -1,0 +2,17 @@
+Sat Mar 21 12:11:13 UTC 2015 - p.drou...@gmail.com
+
+- Fix build for openSUSE 13.1/SLE12
+
+---
+Sat Mar 14 01:07:11 UTC 2015 - p.drou...@gmail.com
+
+- Update to version 0.99.24.1
+ * zebra: don't print uninitialized string (3b02fe8)
+This crept in as part of the MRIB improvements and I missed the compiler
+warning between other noise. Unfortunately, printing an uninitialised
+variable can in fact make zebra crash, so this is not trivial.
+- Use systemd for openSUSE 12.3
+- Add patch from Fedora
+ * 0001-systemd-change-the-WantedBy-target.patch
+
+---
Old:
quagga-0.99.23.tar.asc
quagga-0.99.23.tar.xz
New:
0001-systemd-change-the-WantedBy-target.patch
quagga-0.99.24.1.tar.asc
quagga-0.99.24.1.tar.xz
quagga-tmpfs.conf
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.NtfGbT/_old 2015-03-27 09:40:36.0 +0100
+++ /var/tmp/diff_new_pack.NtfGbT/_new 2015-03-27 09:40:36.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package quagga
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,6 +15,11 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
+%if 0%{?suse_version} 1230
+%bcond_without systemd
+%else
+%bcond_withsystemd
+%endif
%bcond_without tcp_zebra
%bcond_without irdp
@@ -23,7 +28,7 @@
%bcond_without pcre
Name: quagga
-Version:0.99.23
+Version:0.99.24.1
Release:0
Summary:Free Routing Software (for BGP, OSPF and RIP, for example)
License:LGPL-2.1+
@@ -35,8 +40,10 @@
Source4:quagga.keyring
Source1:%{name}-SUSE.tar.bz2
Source2:%{name}.pam
+Source5:%{name}-tmpfs.conf
Patch1: %{name}-add-ospf6_main-return-value.patch
Patch2: %{name}-add-table_test-return-value.patch
+Patch3: 0001-systemd-change-the-WantedBy-target.patch
BuildRequires: libtool
BuildRequires: net-snmp-devel
BuildRequires: pam-devel
@@ -47,8 +54,13 @@
%if 0%{suse_version} 1220
BuildRequires: makeinfo
%endif
-PreReq: %fillup_prereq
+%if %{with systemd}
+%{?systemd_requires}
+BuildRequires: systemd-rpm-macros
+%else
PreReq: %insserv_prereq
+%endif
+PreReq: %fillup_prereq
PreReq: %install_info_prereq
# pwdutils for useradd and groupadd
PreReq: pwdutils
@@ -82,6 +94,7 @@
%setup -q -a 1
%patch1 -p 1
%patch2 -p 1
+%patch3 -p1
%build
if ! ls /proc/net/{dev,route,snmp} /dev/null; then
@@ -121,19 +134,41 @@
%install
rm -r doc/quagga.info
make DESTDIR=%{buildroot} install
-rm -rf %{buildroot}%{_libdir}/lib{ospf,zebra}.la
+rm -rf %{buildroot}%{_libdir}/*.la
install -d %{buildroot}%{_sysconfdir}/{init.d,quagga,pam.d,logrotate.d}
+%if %{with systemd}
+install -d %{buildroot}%{_unitdir}
+install -p -m 644 redhat/zebra.service %{buildroot}%{_unitdir}/zebra.service
+ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rczebra
+install -p -m 644 redhat/isisd.service %{buildroot}%{_unitdir}/isisd.service
+ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rcisisd
+install -p -m 644 redhat/ripd.service %{buildroot}%{_unitdir}/ripd.service
+ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rcripd
+install -p -m 644 redhat/ospfd.service %{buildroot}%{_unitdir}/ospfd.service
+ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rcospfd
+install -p -m 644 redhat/bgpd.service %{buildroot}%{_unitdir}/bgpd.service
+ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rcbgpd
+install -p -m 644 redhat/babeld.service %{buildroot}%{_unitdir}/babeld.service
+ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rcbabeld
+install -p -m 644 redhat/ospf6d.service %{buildroot}%{_unitdir}/ospf6d.service
+ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rcospf6d
+install -p -m 644 redhat/ripngd.service %{buildroot}%{_unitdir}/ripngd.service
+ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rcripngd
+install -d -m 755 %{buildroot}/%{_tmpfilesdir}
commit quagga for openSUSE:Factory
Hello community, here is the log from the commit of package quagga for openSUSE:Factory checked in at 2014-07-31 21:50:36 Comparing /work/SRC/openSUSE:Factory/quagga (Old) and /work/SRC/openSUSE:Factory/.quagga.new (New) Package is quagga Changes: --- /work/SRC/openSUSE:Factory/quagga/quagga.changes2013-07-20 09:03:45.0 +0200 +++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2014-07-31 21:50:55.0 +0200 @@ -1,0 +2,164 @@ +Wed Jul 30 15:45:24 UTC 2014 - sfal...@opensuse.org + +- Update to 0.99.23 + See http://savannah.spinellicreations.com//quagga/quagga-0.99.23.changelog.txt + minor fixes: +bgpd: Fix condition allowas-in in rsclient code + support TTL-security with iBGP, factor out TTL setting + factor out eBGP multihop check + fix fast external fallover behavior + increase TCP socket buffer size + fix O_NONBLOCK on outgoing + send notify in OpenSent when stopping manually + display multipath status in show ip bgp + track correct originator-id in reflected routes + add 'bgp bestpath as-path multipath-relax' + fix crash when allowas-in is done on inactive peer + efficient NLRI packing for AFs != ipv4-unicast + don't compare next-hop to router-id + use ATTR_FLAG_BIT() for BGP_ATTR_ values + fix some DEFUN definitions + bgpd-set-v4-nexthop-for-v6-peering.patch + support NEXTHOP_IPV4_IFINDEX in bgp import check + honor PEER_FLAG_DISABLE_CONNECTED_CHECK on bgp_scan + write NOTIFY non-blockingly + prevent double address delete on shutdown + stricter packet handling in OpenSent + fix lost passwords of grouped neighbors +*: nuke ^L (page feed) +isisd: ignore the unrecognized TLVs +ripd: fix show ip rip status documentation + avoid the zero interface metric + correctly redistribute ifindex routes (BZ#664) +zebra: raise the privileges before calling socket() + Change the mechanism for comparing route ID's. + fix some DEFUN definitions + apply syntactic sugar to rib_dump() + set metric for directly connected routes via netlink to 0 + log routes w/o gateway in rib_delete_ipv4 + match gateway when deleting NEXTHOP_IPV4_IFINDEX routes + make rib_dump() compatible with IPv6 RIB + apply route-maps for interface routes + fix recursive-routes via ifindex routes + implement NEXTHOP_FLAG_ONLINK + handle blackholes encountered in recursive resolution + rework recursive route resolution + improve interface shutdown behaviour + don't change connected state from zebra/interface.c + add ZEBRA_IFC_QUEUED to keep track of kernel state + warn if advertising connected with _REAL unset + consolidate connected_implicit_withdraw + clear ZEBRA_IFC_CONFIGURED on no ipv6 addr + make if_subnet_delete a bit more strict + process information about new addresses (BZ#486)` + support NEXTHOP_IPV4_IFINDEX in bgp import check + improve display of NEXTHOP_IPV4_IFINDEX in show ip route + don't printf to stdout on ZEBRA_IPV6_NEXTHOP_LOOKU + use SO_RCVBUFFORCE for netlink socket +ospfd: add debug messages for router lsa-generation + For an ABR, ensure the right LSID is MaxAge'd + clarify indentation and comments in ospf_lsa_maxage_delete + fix a reference counting issue introduced by commit 4de8bf0011 + check the LS-Ack's recentness instead of only comparing the #seq + don't allow to set network type on loopback interfaces + run DR election prior to LSA regeneration + ospfd/ospf_vty.c: use keyword cmd style + fix some DEFUN definitions + fixup log message in ospf_zebra_delete + refactor some common defines + protect vs. VU#229804 (malformed Router-LSA) + CVE-2013-2236, stack overrun in apiserver + fix flooding procedure + make ospf_maxage_lsa_remover actually yield + restore nexthop IP for p2p interfaces + fix LSA initialization for build without opaque LSA +lib: use heap to manage timers + remove unused thread_master_debug function + lib/command.c: rewrite command matching/parsing + fix possible off-by-one in stream_put_prefix() + fix for dynamically grown hashes + fix backtraces broken by 837d16c... + unconditionally include stddef.h + register vtysh socket in server socket vector (BZ#754) +ospf6d: fix refcounting in ospf6_asbr_lsa_remove +add auto-cost reference-bandwidth command +
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2013-07-20 09:03:43
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is quagga
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2012-09-14
12:36:30.0 +0200
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2013-07-20
09:03:45.0 +0200
@@ -1,0 +2,30 @@
+Wed Jul 17 13:22:25 UTC 2013 - meiss...@suse.com
+
+- fixed source url, added tar.asc and keyring url (unchecked)
+
+---
+Wed Jul 17 05:41:04 UTC 2013 - boy...@suse.com
+
+- Add return value for table_test.c.
+
+---
+Fri Apr 19 09:14:03 UTC 2013 - boy...@suse.com
+
+- Update to 0.99.22.1
+ major regressions:
+ospfd: restore nexthop IP for p2p interfaces
+ minor fixes:
+bgpd: fix lost passwords of grouped neighbors
+lib/vty: register vtysh socket in server socket vector (BZ#754)
+ospfd: fix LSA initialization for build without opaque LSA
+ripd: correctly redistribute ifindex routes (BZ#664)
+ build issues:
+build: fix minimal mixup in gitinfo suffix
+build: reference libcap from libzebra (BZ#393,626)
+build: update quagga.spec.in
+doc: fix makeinfo errors and one warning
+tests: make --disable-bgpd kill bgpd tests too
+vtysh: fix false lib path matching in extract.pl.in
+
+
+---
Old:
a47c5838e9f445ab887ad927706b11ccbb181364.patch
quagga-0.99.21.tar.gz
quagga-0.99.21_isis_undefined_operations.patch
New:
quagga-0.99.22.1.tar.asc
quagga-0.99.22.1.tar.gz
quagga-add-table_test-return-value.patch
quagga.keyring
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.KtJhx1/_old 2013-07-20 09:03:46.0 +0200
+++ /var/tmp/diff_new_pack.KtJhx1/_new 2013-07-20 09:03:46.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package quagga
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -23,18 +23,20 @@
%bcond_without pcre
Name: quagga
-Version:0.99.21
+Version:0.99.22.1
Release:0
Summary:Free Routing Software (for BGP, OSPF and RIP, for example)
License:LGPL-2.1+
Group: Productivity/Networking/Routing
Url:http://www.quagga.net
-Source: http://www.quagga.net/download/%{name}-%{version}.tar.gz
+Source:
http://download.savannah.gnu.org/releases/quagga/quagga-0.99.22.1.tar.gz
+Source3:
http://download.savannah.gnu.org/releases/quagga/quagga-0.99.22.1.tar.asc
+# downloaded from:
http://download.savannah.gnu.org/releases/quagga/pgp-54CD2E60.asc
+Source4:quagga.keyring
Source1:%{name}-SUSE.tar.bz2
Source2:%{name}.pam
Patch1: %{name}-add-ospf6_main-return-value.patch
-Patch2: quagga-0.99.21_isis_undefined_operations.patch
-Patch3: a47c5838e9f445ab887ad927706b11ccbb181364.patch
+Patch2: %{name}-add-table_test-return-value.patch
BuildRequires: libtool
BuildRequires: net-snmp-devel
BuildRequires: pam-devel
@@ -79,8 +81,7 @@
%prep
%setup -q -a 1
%patch1 -p 1
-%patch2
-%patch3 -p 1
+%patch2 -p 1
%build
if ! ls /proc/net/{dev,route,snmp} /dev/null; then
++ quagga-0.99.21.tar.gz - quagga-0.99.22.1.tar.gz ++
28371 lines of diff (skipped)
++ quagga-add-table_test-return-value.patch ++
commit cd3a2b78ed940d87948b3a60f6739808e62b4ad0
Author: Bo Yang boy...@suse.com
Date: Wed Jul 17 13:37:29 2013 +0800
Add return value for table_test.c.
Signed-off-by: Bo Yang boy...@suse.com
diff --git a/tests/table_test.c b/tests/table_test.c
index fc9cc3d..996f060 100644
--- a/tests/table_test.c
+++ b/tests/table_test.c
@@ -552,4 +552,5 @@ int
main (void)
{
run_tests ();
+ return 0;
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2012-09-14 12:35:41
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is quagga, Maintainer is boy...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2012-08-12
15:28:09.0 +0200
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2012-09-14
12:36:30.0 +0200
@@ -1,0 +2,5 @@
+Wed Sep 12 13:45:12 UTC 2012 - co...@suse.com
+
+- add makeinfo as explicit buildrequire
+
+---
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.Kji2iC/_old 2012-09-14 12:36:41.0 +0200
+++ /var/tmp/diff_new_pack.Kji2iC/_new 2012-09-14 12:36:41.0 +0200
@@ -15,6 +15,7 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
+
%bcond_without tcp_zebra
%bcond_without irdp
%bcond_withisis
@@ -23,11 +24,11 @@
Name: quagga
Version:0.99.21
-Release:1
-License:LGPL-2.1+
+Release:0
Summary:Free Routing Software (for BGP, OSPF and RIP, for example)
-Url:http://www.quagga.net
+License:LGPL-2.1+
Group: Productivity/Networking/Routing
+Url:http://www.quagga.net
Source: http://www.quagga.net/download/%{name}-%{version}.tar.gz
Source1:%{name}-SUSE.tar.bz2
Source2:%{name}.pam
@@ -41,6 +42,9 @@
%if %{with pcre}
BuildRequires: pcre-devel
%endif
+%if 0%{suse_version} 1220
+BuildRequires: makeinfo
+%endif
PreReq: %fillup_prereq
PreReq: %insserv_prereq
PreReq: %install_info_prereq
@@ -60,7 +64,6 @@
than the current centralised model of GNU Zebra.
%package devel
-License:LGPL-2.1+
Summary:Free Routing Software (for BGP, OSPF and RIP, for example)
Group: Productivity/Networking/Routing
Requires: %{name} = %{version}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2012-08-12 15:28:07
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is quagga, Maintainer is boy...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2012-01-09
15:21:06.0 +0100
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2012-08-12
15:28:09.0 +0200
@@ -1,0 +2,35 @@
+Thu Aug 9 11:30:56 UTC 2012 - mrueck...@suse.de
+
+- Update to 0.99.21
+ There are some major user-visible changes:
+ [bgpd] BGP multipath support has been merged
+ [bgpd] SAFI (Multicast topology) support has been extended to
+ propagate the topology to zebra.
+ [bgpd] AS path limit functionality has been removed
+ [babeld] a new routing daemon implementing the BABEL ad-hoc mesh
+ routing protocol has been merged.
+ [isisd] a major overhaul has been picked up. Please note that
+ isisd is STILL NOT SUITABLE FOR PRODUCTION USE.
+ [*] a lot of bugs have been fixed, please refer to the git log
+ The number of bugfixes and changes in this release is quite large
+ at 446 commits, though some commits are counted twice due to a
+ merge of Denis
+ Ovsienko's RE branch some time ago. (Previous releases had around
+ 50 commits each.)
+- additional changes from 0.99.20.1
+ This is a security-fix release that addresses 3 pending CVEs, one
+ in bgpd and two in ospfd. The CVEs will be linked once released.
+- added quagga-0.99.21_isis_undefined_operations.patch:
+ fix compiler warning about undefined operations
+- a47c5838e9f445ab887ad927706b11ccbb181364.patch
+ Fix typo in isis topology code. Taken from git.
+- drop quagga-0.99.20-fix-bgpd-attr-memleak.patch:
+ Included upstream
+- added options to build tcp-zebra, irdp and pcre:
+ all enabled by default
+ pcre change might cause problems in edge cases with bgp
+ new buildrequires: pcre-devel
+- added option to build with isis and isis-topology:
+ disabled by default
+
+---
Old:
quagga-0.99.20-fix-bgpd-attr-memleak.patch
quagga-0.99.20.tar.gz
New:
a47c5838e9f445ab887ad927706b11ccbb181364.patch
quagga-0.99.21.tar.gz
quagga-0.99.21_isis_undefined_operations.patch
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.p7h6EE/_old 2012-08-12 15:28:11.0 +0200
+++ /var/tmp/diff_new_pack.p7h6EE/_new 2012-08-12 15:28:11.0 +0200
@@ -15,10 +15,14 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-
+%bcond_without tcp_zebra
+%bcond_without irdp
+%bcond_withisis
+%bcond_withisis_topology
+%bcond_without pcre
Name: quagga
-Version:0.99.20
+Version:0.99.21
Release:1
License:LGPL-2.1+
Summary:Free Routing Software (for BGP, OSPF and RIP, for example)
@@ -27,13 +31,16 @@
Source: http://www.quagga.net/download/%{name}-%{version}.tar.gz
Source1:%{name}-SUSE.tar.bz2
Source2:%{name}.pam
-#this patch will be in a future version, so if we increase version, we don't
want this
-Patch0: %{name}-%{version}-fix-bgpd-attr-memleak.patch
Patch1: %{name}-add-ospf6_main-return-value.patch
+Patch2: quagga-0.99.21_isis_undefined_operations.patch
+Patch3: a47c5838e9f445ab887ad927706b11ccbb181364.patch
BuildRequires: libtool
BuildRequires: net-snmp-devel
BuildRequires: pam-devel
BuildRequires: readline-devel
+%if %{with pcre}
+BuildRequires: pcre-devel
+%endif
PreReq: %fillup_prereq
PreReq: %insserv_prereq
PreReq: %install_info_prereq
@@ -68,8 +75,9 @@
%prep
%setup -q -a 1
-%patch0 -p 1
%patch1 -p 1
+%patch2
+%patch3 -p 1
%build
if ! ls /proc/net/{dev,route,snmp} /dev/null; then
@@ -86,6 +94,21 @@
--enable-ipv6 \
--with-libpam \
--enable-netlink \
+%if %{with isis}
+--enable-isisd \
+%endif
+%if %{with isis_topology}
+--enable-isis-topology \
+%endif
+%if %{with tcp_zebra}
+--enable-tcp-zebra \
+%endif
+%if %{with irdp}
+--enable-irdp \
+%endif
+%if %{with pcre}
+--enable-pcreposix \
+%endif
--sysconfdir=%{_sysconfdir}/quagga \
--localstatedir=%{_localstatedir}/run/quagga \
--enable-multipath=0
++ a47c5838e9f445ab887ad927706b11ccbb181364.patch ++
commit a47c5838e9f445ab887ad927706b11ccbb181364
Author: David Lamparter equi...@opensourcerouting.org
Date: Thu Jun 21 09:55:38 2012 +0200
isisd: fix typo in topology generator (BZ#731)
There was a lsp- missing before level in line 2416.
(introduced by git commit
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2012-01-09 15:21:04
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is quagga, Maintainer is boy...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes2011-11-25
10:14:05.0 +0100
+++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2012-01-09
15:21:06.0 +0100
@@ -1,0 +2,6 @@
+Tue Dec 6 23:44:46 UTC 2011 - oli...@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa
+
+- Update package to quagga-0.99.20, remove stale patches.
+ added upstream patch to resolve a bgpd memleak
+
+---
Old:
bug-718056_quagga-0.99.18-514840.patch
bug-718058_quagga-master-514839.patch
bug-718059_quagga-master-514838.1.patch
bug-718059_quagga-master-514838.2.patch
bug-718061_quagga-master-514837.patch
bug-718062_quagga-master-513254.patch
quagga-0.99.17-CVE-2010-1674.patch
quagga-0.99.17-CVE-2010-1675.patch
quagga-0.99.17.tar.gz
New:
quagga-0.99.20-fix-bgpd-attr-memleak.patch
quagga-0.99.20.tar.gz
quagga-add-ospf6_main-return-value.patch
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.G5IZ6j/_old 2012-01-09 15:21:07.0 +0100
+++ /var/tmp/diff_new_pack.G5IZ6j/_new 2012-01-09 15:21:07.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package quagga
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,8 +18,8 @@
Name: quagga
-Version:0.99.17
-Release:8
+Version:0.99.20
+Release:1
License:LGPL-2.1+
Summary:Free Routing Software (for BGP, OSPF and RIP, for example)
Url:http://www.quagga.net
@@ -27,18 +27,13 @@
Source: http://www.quagga.net/download/%{name}-%{version}.tar.gz
Source1:%{name}-SUSE.tar.bz2
Source2:%{name}.pam
-Patch0: %{name}-0.99.17-CVE-2010-1674.patch
-Patch1: %{name}-0.99.17-CVE-2010-1675.patch
-Patch2: bug-718056_quagga-0.99.18-514840.patch
-Patch3: bug-718058_quagga-master-514839.patch
-Patch4: bug-718059_quagga-master-514838.1.patch
-Patch5: bug-718059_quagga-master-514838.2.patch
-Patch6: bug-718061_quagga-master-514837.patch
-Patch7: bug-718062_quagga-master-513254.patch
+#this patch will be in a future version, so if we increase version, we don't
want this
+Patch0: %{name}-%{version}-fix-bgpd-attr-memleak.patch
+Patch1: %{name}-add-ospf6_main-return-value.patch
+BuildRequires: libtool
BuildRequires: net-snmp-devel
BuildRequires: pam-devel
BuildRequires: readline-devel
-BuildRequires: libtool
PreReq: %fillup_prereq
PreReq: %insserv_prereq
PreReq: %install_info_prereq
@@ -75,12 +70,6 @@
%setup -q -a 1
%patch0 -p 1
%patch1 -p 1
-%patch2 -p 1
-%patch3 -p 1
-%patch4 -p 1
-%patch5 -p 1
-%patch6 -p 1
-%patch7 -p 1
%build
if ! ls /proc/net/{dev,route,snmp} /dev/null; then
@@ -168,9 +157,12 @@
%files devel
%defattr(644,root,root,755)
%{_libdir}/*.so
+%{_libdir}/*.la
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/*.h
%dir %{_includedir}/%{name}/ospfd
%{_includedir}/%{name}/ospfd/*.h
+%dir %{_includedir}/%{name}/ospfapi
+%{_includedir}/%{name}/ospfapi/*.h
%changelog
++ quagga-0.99.20-fix-bgpd-attr-memleak.patch ++
Index: quagga-0.99.20/bgpd/bgp_attr.c
===
--- quagga-0.99.20.orig/bgpd/bgp_attr.c
+++ quagga-0.99.20/bgpd/bgp_attr.c
@@ -675,6 +675,7 @@ bgp_attr_unintern (struct attr **attr)
}
bgp_attr_unintern_sub (tmp);
+ bgp_attr_extra_free (tmp);
}
void
++ quagga-0.99.17.tar.gz - quagga-0.99.20.tar.gz ++
46092 lines of diff (skipped)
++ quagga-add-ospf6_main-return-value.patch ++
Index: quagga-0.99.20/ospf6d/ospf6_main.c
===
--- quagga-0.99.20.orig/ospf6d/ospf6_main.c
+++ quagga-0.99.20/ospf6d/ospf6_main.c
@@ -343,6 +343,8 @@
/* Not reached. */
ospf6_exit (0);
+
+ return 1;
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked
in at 2011-12-06 18:59:14
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new (New)
Package is quagga, Maintainer is boy...@suse.com
Changes:
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.NmDF95/_old 2011-12-06 19:31:41.0 +0100
+++ /var/tmp/diff_new_pack.NmDF95/_new 2011-12-06 19:31:41.0 +0100
@@ -20,7 +20,7 @@
Name: quagga
Version:0.99.17
Release:8
-License:LGPLv2.1+
+License:LGPL-2.1+
Summary:Free Routing Software (for BGP, OSPF and RIP, for example)
Url:http://www.quagga.net
Group: Productivity/Networking/Routing
@@ -58,7 +58,7 @@
than the current centralised model of GNU Zebra.
%package devel
-License:LGPLv2.1+
+License:LGPL-2.1+
Summary:Free Routing Software (for BGP, OSPF and RIP, for example)
Group: Productivity/Networking/Routing
Requires: %{name} = %{version}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit quagga for openSUSE:Factory
Hello community, here is the log from the commit of package quagga for openSUSE:Factory checked in at 2011-11-25 11:13:38 Comparing /work/SRC/openSUSE:Factory/quagga (Old) and /work/SRC/openSUSE:Factory/.quagga.new (New) Package is quagga, Maintainer is boy...@suse.com Changes: --- /work/SRC/openSUSE:Factory/quagga/quagga.changes2011-10-16 12:58:47.0 +0200 +++ /work/SRC/openSUSE:Factory/.quagga.new/quagga.changes 2011-11-25 10:14:05.0 +0100 @@ -1,0 +2,5 @@ +Wed Nov 23 21:13:40 UTC 2011 - co...@suse.com + +- add libtool as buildrequire to avoid implicit dependency + +--- Other differences: -- ++ quagga.spec ++ --- /var/tmp/diff_new_pack.y7UsRE/_old 2011-11-25 10:14:06.0 +0100 +++ /var/tmp/diff_new_pack.y7UsRE/_new 2011-11-25 10:14:06.0 +0100 @@ -38,6 +38,7 @@ BuildRequires: net-snmp-devel BuildRequires: pam-devel BuildRequires: readline-devel +BuildRequires: libtool PreReq: %fillup_prereq PreReq: %insserv_prereq PreReq: %install_info_prereq -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit quagga for openSUSE:Factory
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory
checked in at Sun Oct 16 12:56:51 CEST 2011.
--- openSUSE:Factory/quagga/quagga.changes 2011-09-23 12:44:00.0
+0200
+++ /mounts/work_src_done/STABLE/quagga/quagga.changes 2011-09-19
04:11:37.0 +0200
@@ -1,0 +2,28 @@
+Mon Sep 19 02:05:55 UTC 2011 - boy...@suse.com
+
+- DoS while decoding EXTENDED_COMMUNITIES in Quagga's BGP
+ [bnc#718062]
+
+---
+Mon Sep 19 02:05:25 UTC 2011 - boy...@suse.com
+
+- OSPFD DoS while decoding Link State Update [bnc#718061]
+
+---
+Mon Sep 19 02:04:52 UTC 2011 - boy...@suse.com
+
+- OSPFD DoS while decoding Hello packet [bnc#718059]
+
+---
+Mon Sep 19 02:04:08 UTC 2011 - boy...@suse.com
+
+- OSPF6D DoS while decoding Database Description packet
+ [bnc#718058]
+
+---
+Mon Sep 19 02:00:52 UTC 2011 - boy...@suse.com
+
+- OSPF6D buffer overflow while decoding Link State Update with
+ Inter Area Prefix Lsa [bnc#718056]
+
+---
calling whatdependson for head-i586
New:
bug-718056_quagga-0.99.18-514840.patch
bug-718058_quagga-master-514839.patch
bug-718059_quagga-master-514838.1.patch
bug-718059_quagga-master-514838.2.patch
bug-718061_quagga-master-514837.patch
bug-718062_quagga-master-513254.patch
Other differences:
--
++ quagga.spec ++
--- /var/tmp/diff_new_pack.MRv07u/_old 2011-10-16 12:56:46.0 +0200
+++ /var/tmp/diff_new_pack.MRv07u/_new 2011-10-16 12:56:46.0 +0200
@@ -29,6 +29,12 @@
Source2:%{name}.pam
Patch0: %{name}-0.99.17-CVE-2010-1674.patch
Patch1: %{name}-0.99.17-CVE-2010-1675.patch
+Patch2:bug-718056_quagga-0.99.18-514840.patch
+Patch3:bug-718058_quagga-master-514839.patch
+Patch4:bug-718059_quagga-master-514838.1.patch
+Patch5:bug-718059_quagga-master-514838.2.patch
+Patch6:bug-718061_quagga-master-514837.patch
+Patch7:bug-718062_quagga-master-513254.patch
BuildRequires: net-snmp-devel
BuildRequires: pam-devel
BuildRequires: readline-devel
@@ -68,6 +74,12 @@
%setup -q -a 1
%patch0 -p 1
%patch1 -p 1
+%patch2 -p 1
+%patch3 -p 1
+%patch4 -p 1
+%patch5 -p 1
+%patch6 -p 1
+%patch7 -p 1
%build
if ! ls /proc/net/{dev,route,snmp} /dev/null; then
++ bug-718056_quagga-0.99.18-514840.patch ++
793 lines (skipped)
++ bug-718058_quagga-master-514839.patch ++
commit 814a21b1a5af7b942e67ddf49e4b3eb3fd9353a6
Author: Denis Ovsienko infrastat...@yandex.ru
Date: Thu Sep 1 18:48:42 2011 +0400
ospf6d: CERT-FI #514839 (DD LSA assertion)
This vulnerability was reported by CROSS project.
When Database Description LSA header list contains trailing zero octets,
ospf6d tries to process this data as an LSA header. This triggers an
assertion in the code and ospf6d shuts down.
* ospf6_lsa.c
* ospf6_lsa_is_changed(): handle header-only argument(s)
appropriately, do not treat LSA length underrun as a fatal error.
diff --git a/ospf6d/ospf6_lsa.c b/ospf6d/ospf6_lsa.c
index c1db374..a9545c3 100644
--- a/ospf6d/ospf6_lsa.c
+++ b/ospf6d/ospf6_lsa.c
@@ -163,9 +163,19 @@ ospf6_lsa_is_changed (struct ospf6_lsa *lsa1,
return 1;
if (ntohs (lsa1-header-length) != ntohs (lsa2-header-length))
return 1;
+ /* Going beyond LSA headers to compare the payload only makes sense, when
both LSAs aren't header-only. */
+ if (CHECK_FLAG (lsa1-flag, OSPF6_LSA_HEADERONLY) != CHECK_FLAG (lsa2-flag,
OSPF6_LSA_HEADERONLY))
+ {
+zlog_warn (%s: only one of two (%s, %s) LSAs compared is header-only,
__func__, lsa1-name, lsa2-name);
+return 1;
+ }
+ if (CHECK_FLAG (lsa1-flag, OSPF6_LSA_HEADERONLY))
+return 0;
length = OSPF6_LSA_SIZE (lsa1-header) - sizeof (struct ospf6_lsa_header);
- assert (length 0);
+ /* Once upper layer verifies LSAs received, length underrun should become a
warning. */
+ if (length = 0)
+return 0;
return memcmp (OSPF6_LSA_HEADER_END (lsa1-header),
OSPF6_LSA_HEADER_END (lsa2-header), length);
++ bug-718059_quagga-master-514838.1.patch ++
commit 6952d9a10f29b29ae79a7329a882da5938dda553
Author: Denis Ovsienko infrastat...@yandex.ru
Date: Thu Sep 1 18:46:51 2011 +0400
ospfd: CERT-FI #514838.1 (OSPF header underrun)
This vulnerability was reported by CROSS project.
When only 14 first bytes of a Hello packet is delivered, ospfd crashes.
* ospf_packet.c
* ospf_read(): add size check
diff --git a/ospfd/ospf_packet.c
commit quagga for openSUSE:Factory
Hello community, here is the log from the commit of package quagga for openSUSE:Factory checked in at Mon Jun 6 13:24:33 CEST 2011. --- quagga/quagga.changes 2011-03-31 14:14:02.0 +0200 +++ /mounts/work_src_done/STABLE/quagga/quagga.changes 2011-06-02 13:30:16.0 +0200 @@ -1,0 +2,5 @@ +Thu Jun 2 11:25:56 UTC 2011 - boy...@novell.com + +- Fix bnc#680499, zebro and ripd won't start [bnc#680499] + +--- calling whatdependson for head-i586 Other differences: -- ++ quagga.spec ++ --- /var/tmp/diff_new_pack.uqxCfe/_old 2011-06-06 13:23:08.0 +0200 +++ /var/tmp/diff_new_pack.uqxCfe/_new 2011-06-06 13:23:08.0 +0200 @@ -19,7 +19,7 @@ Name: quagga Version:0.99.17 -Release:6 +Release:8 License:LGPLv2.1+ Summary:Free Routing Software (for BGP, OSPF and RIP, for example) Url:http://www.quagga.net ++ quagga-SUSE.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SUSE/bgpd new/SUSE/bgpd --- old/SUSE/bgpd 2010-11-10 14:44:27.0 +0100 +++ new/SUSE/bgpd 2011-06-02 14:02:11.0 +0200 @@ -57,7 +57,7 @@ # NOTE: startproc return 0, even if service is # already running to match LSB spec. -install -d -o quagga -u quagga /var/run/quagga +install -d -o quagga -g quagga /var/run/quagga startproc $BGPD_BIN # Remember status and be verbose diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SUSE/ospf6d new/SUSE/ospf6d --- old/SUSE/ospf6d 2010-11-10 14:44:32.0 +0100 +++ new/SUSE/ospf6d 2011-06-02 14:02:11.0 +0200 @@ -57,7 +57,7 @@ # NOTE: startproc return 0, even if service is # already running to match LSB spec. -install -d -o quagga -u quagga /var/run/quagga +install -d -o quagga -g quagga /var/run/quagga startproc $OSPF6D_BIN -d # Remember status and be verbose diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SUSE/ospfd new/SUSE/ospfd --- old/SUSE/ospfd 2010-11-10 14:44:37.0 +0100 +++ new/SUSE/ospfd 2011-06-02 14:02:11.0 +0200 @@ -57,7 +57,7 @@ # NOTE: startproc return 0, even if service is # already running to match LSB spec. -install -d -o quagga -u quagga /var/run/quagga +install -d -o quagga -g quagga /var/run/quagga startproc $OSPFD_BIN -d # Remember status and be verbose diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SUSE/ripd new/SUSE/ripd --- old/SUSE/ripd 2010-11-10 14:44:40.0 +0100 +++ new/SUSE/ripd 2011-06-02 14:02:11.0 +0200 @@ -57,7 +57,7 @@ # NOTE: startproc return 0, even if service is # already running to match LSB spec. -install -d -o quagga -u quagga /var/run/quagga +install -d -o quagga -g quagga /var/run/quagga startproc $RIPD_BIN -d # Remember status and be verbose diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SUSE/ripngd new/SUSE/ripngd --- old/SUSE/ripngd 2010-11-10 14:44:43.0 +0100 +++ new/SUSE/ripngd 2011-06-02 14:02:11.0 +0200 @@ -57,7 +57,7 @@ # NOTE: startproc return 0, even if service is # already running to match LSB spec. -install -d -o quagga -u quagga /var/run/quagga +install -d -o quagga -g quagga /var/run/quagga startproc $RIPNG_BIN -d # Remember status and be verbose diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SUSE/zebra new/SUSE/zebra --- old/SUSE/zebra 2010-11-10 14:45:02.0 +0100 +++ new/SUSE/zebra 2011-06-02 14:02:11.0 +0200 @@ -57,7 +57,7 @@ # NOTE: startproc return 0, even if service is # already running to match LSB spec. -install -d -o quagga -u quagga /var/run/quagga +install -d -o quagga -g quagga /var/run/quagga startproc $ZEBRA_BIN -d # Remember status and be verbose Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
