FreeBSD Bugzilla – Attachment 125314 Details for
Bug 168920
[update] net/quagga to 0.99.21 + security fix for CVE-2012-1820
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 8.26 KB, created by
Ryan Steinmetz
on 2012-06-10 15:00:26 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Ryan Steinmetz
Created:
2012-06-10 15:00:26 UTC
Size:
8.26 KB
patch
obsolete
>Index: Makefile >=================================================================== >RCS file: /home/ncvs/ports/net/quagga/Makefile,v >retrieving revision 1.118 >diff -u -r1.118 Makefile >--- Makefile 4 Jun 2012 14:15:22 -0000 1.118 >+++ Makefile 10 Jun 2012 13:22:17 -0000 >@@ -6,7 +6,7 @@ > # > > PORTNAME= quagga >-PORTVERSION= 0.99.20.1 >+PORTVERSION= 0.99.21 > CATEGORIES= net ipv6 > MASTER_SITES= ${MASTER_SITE_SAVANNAH} > MASTER_SITE_SUBDIR= quagga >@@ -30,18 +30,21 @@ > FETCH_ARGS= -Fpr > > MAN1= vtysh.1 >-MAN8= bgpd.8 ospf6d.8 ospfd.8 ripd.8 ripngd.8 zebra.8 >+MAN8= bgpd.8 ospf6d.8 ospfd.8 ripd.8 ripngd.8 zebra.8 watchquagga.8 > INFO= quagga > >-OPTIONS= ISISD "Enable experimental ISIS daemon" off \ >- PAM "PAM authentication for vtysh" off \ >- OSPF_NSSA "NSSA support (RFC1587)" off \ >- OSPF_OPAQUE_LSA "OSPF Opaque-LSA support (RFC2370)" off \ >- RTADV "IPv6 Router Advertisements" off \ >- SNMP "SNMP support" off \ >- TCPSOCKETS "Use TCP/IP sockets for protocol daemons" off \ >- DLMALLOC "Use dlmalloc (makes bgpd much faster)" off \ >- NO_BGP_ANNOUNCE "Turn off BGP route announcement" off >+OPTIONS_DEFINE= ISISD PAM OSPF_OPAQUE_LSA RTADV SNMP TCPSOCKETS DLMALLOC \ >+ NO_BGP_ANNOUNCE >+ >+ISISD_DESC= Enable experimental ISIS daemon >+PAM_DESC= PAM authentication for vtysh >+OSPF_OPAQUE_LSA_DESC= OSPF Opaque-LSA support (RFC2370) >+RTADV_DESC= IPv6 Router Advertisements >+TCPSOCKETS_DESC= Use TCP/IP sockets for protocol daemons >+DLMALLOC_DESC= Use dlmalloc (makes bgpd much faster) >+NO_BGP_ANNOUNCE_DESC= Turn off BGP route announcement >+ >+.include <bsd.port.options.mk> > > .include <bsd.port.pre.mk> > >@@ -79,23 +82,19 @@ > SYSCONF_DIR=${SYSCONF_DIR} SYSSTATE_DIR=${SYSSTATE_DIR} \ > ENABLE_USER=${ENABLE_USER} ENABLE_GROUP=${ENABLE_GROUP} > >-.if defined(WITH_ISISD) >+.if ${PORT_OPTIONS:MISISD} > CONFIGURE_ARGS+=--enable-isisd >+MAN8+= isisd.8 > PLIST_SUB+= ISISD="" > .else > PLIST_SUB+= ISISD="@comment " > .endif >-MAN8+= isisd.8 > >-.if defined(WITH_PAM) >+.if ${PORT_OPTIONS:MPAM} > CONFIGURE_ARGS+=--with-libpam > .endif > >-.if defined(WITH_OSPFNSSA) >-CONFIGURE_ARGS+=--enable-nssa >-.endif >- >-.if defined(WITH_OSPF_OPAQUE_LSA) >+.if ${PORT_OPTIONS:MOSPF_OPAQUE_LSA} > CONFIGURE_ARGS+=--enable-opaque-lsa > PLIST_SUB+= OSPFAPI="" > .else >@@ -103,28 +102,28 @@ > PLIST_SUB+= OSPFAPI="@comment " > .endif > >-.if defined(WITH_RTADV) >+.if ${PORT_OPTIONS:MRTADV} > CONFIGURE_ARGS+=--enable-rtadv > .endif > >-.if defined(WITH_SNMP) >+.if ${PORT_OPTIONS:MSNMP} > CONFIGURE_ARGS+=--enable-snmp >-LIB_DEPENDS+=netsnmp:${PORTSDIR}/net-mgmt/net-snmp >+LIB_DEPENDS+= netsnmp:${PORTSDIR}/net-mgmt/net-snmp > .endif > >-.if defined(WITH_TCPSOCKETS) >+.if ${PORT_OPTIONS:MTCPSOCKETS} > CONFIGURE_ARGS+=--enable-tcp-zebra > .endif > >-.if defined(WITH_DLMALLOC) >-LIB_DEPENDS+=dlmalloc.2:${PORTSDIR}/devel/libdlmalloc >-LDFLAGS+=-ldlmalloc >+.if ${PORT_OPTIONS:MDLMALLOC} >+LIB_DEPENDS+= dlmalloc:${PORTSDIR}/devel/libdlmalloc >+LDFLAGS+= -ldlmalloc > SUB_LIST= RCLDCONFIG=ldconfig > .else > SUB_LIST= RCLDCONFIG= > .endif > >-.if defined(WITH_NO_BGP_ANNOUNCE) >+.if ${PORT_OPTIONS:MNO_BGP_ANNOUNCE} > CONFIGURE_ARGS+=--disable-bgp-announce > .endif > >@@ -148,16 +147,6 @@ > @${ECHO} "ENABLE_VTY_GROUP Specify group for vty socket ownership" > @${ECHO} "SYSCONF_DIR Specify directory for Quagga configuration files" > @${ECHO} "LOCALSTATE_DIR Specify directory for Quagga runtime files" >- @${ECHO} >- @${ECHO} "The following options may be configured interactively:" >- @${ECHO} " WITH_PAM PAM authentication for vtysh" >- @${ECHO} " WITH_OSPF_NSSA NSSA support (RFC1587)" >- @${ECHO} " WITH_OSPF_OPAQUE_LSA OSPF Opaque-LSA with OSPFAPI support (RFC2370)" >- @${ECHO} " WITH_RTADV IPv6 Router Advertisements" >- @${ECHO} " WITH_SNMP SNMP support" >- @${ECHO} " WITH_TCPSOCKETS Use TCP/IP sockets for protocol daemons" >- @${ECHO} " WITH_DLMALLOC Use dlmalloc (makes bgpd much faster)" >- @${ECHO} " WITH_NO_BGP_ANNOUNCE Turn off BGP route announcement" > > post-install: > @${MKDIR} ${LOCALSTATE_DIR} >Index: distinfo >=================================================================== >RCS file: /home/ncvs/ports/net/quagga/distinfo,v >retrieving revision 1.29 >diff -u -r1.29 distinfo >--- distinfo 24 Mar 2012 17:31:00 -0000 1.29 >+++ distinfo 10 Jun 2012 12:40:08 -0000 >@@ -1,2 +1,2 @@ >-SHA256 (quagga-0.99.20.1.tar.gz) = de8cac51e723b140abef1126696dcf9c68500546b1db3043cce431ae9d3291f4 >-SIZE (quagga-0.99.20.1.tar.gz) = 2251259 >+SHA256 (quagga-0.99.21.tar.gz) = 9b8aea9026b4771a28e254a66cbd854723bcd0d71eebd0201d11838d4eb392ee >+SIZE (quagga-0.99.21.tar.gz) = 2297174 >Index: pkg-plist >=================================================================== >RCS file: /home/ncvs/ports/net/quagga/pkg-plist,v >retrieving revision 1.16 >diff -u -r1.16 pkg-plist >--- pkg-plist 24 Mar 2012 17:31:00 -0000 1.16 >+++ pkg-plist 10 Jun 2012 13:31:41 -0000 >@@ -1,3 +1,5 @@ >+@comment $FreeBSD$ >+sbin/babeld > sbin/bgpd > %%ISISD%%sbin/isisd > sbin/ospf6d >@@ -68,6 +70,7 @@ > include/quagga/zassert.h > include/quagga/zclient.h > include/quagga/zebra.h >+%%EXAMPLESDIR%%/babeld.conf.sample > %%EXAMPLESDIR%%/bgpd.conf.sample > %%EXAMPLESDIR%%/bgpd.conf.sample2 > %%ISISD%%%%EXAMPLESDIR%%/isisd.conf.sample >Index: files/patch-bgpd__bgp_attr.c >=================================================================== >RCS file: files/patch-bgpd__bgp_attr.c >diff -N files/patch-bgpd__bgp_attr.c >--- files/patch-bgpd__bgp_attr.c 18 Oct 2011 14:43:45 -0000 1.1 >+++ /dev/null 1 Jan 1970 00:00:00 -0000 >@@ -1,10 +0,0 @@ >---- ./bgpd/bgp_attr.c.orig 2011-10-18 10:12:39.000000000 -0400 >-+++ ./bgpd/bgp_attr.c 2011-10-18 10:13:01.000000000 -0400 >-@@ -675,6 +675,7 @@ >- } >- >- bgp_attr_unintern_sub (&tmp); >-+ bgp_attr_extra_free (&tmp); >- } >- >- void >Index: files/patch-bgpd__bgp_open.c >=================================================================== >RCS file: files/patch-bgpd__bgp_open.c >diff -N files/patch-bgpd__bgp_open.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ files/patch-bgpd__bgp_open.c 10 Jun 2012 13:05:55 -0000 >@@ -0,0 +1,49 @@ >+--- ./bgpd/bgp_open.c.orig 2012-05-01 12:10:27.000000000 -0400 >++++ ./bgpd/bgp_open.c 2012-06-10 09:05:40.000000000 -0400 >+@@ -232,7 +232,7 @@ >+ } >+ >+ /* validate number field */ >+- if (sizeof (struct capability_orf_entry) + (entry.num * 2) > hdr->length) >++ if (sizeof (struct capability_orf_entry) + (entry.num * 2) != hdr->length) >+ { >+ zlog_info ("%s ORF Capability entry length error," >+ " Cap length %u, num %u", >+@@ -336,28 +336,6 @@ >+ } >+ >+ static int >+-bgp_capability_orf (struct peer *peer, struct capability_header *hdr) >+-{ >+- struct stream *s = BGP_INPUT (peer); >+- size_t end = stream_get_getp (s) + hdr->length; >+- >+- assert (stream_get_getp(s) + sizeof(struct capability_orf_entry) <= end); >+- >+- /* We must have at least one ORF entry, as the caller has already done >+- * minimum length validation for the capability code - for ORF there must >+- * at least one ORF entry (header and unknown number of pairs of bytes). >+- */ >+- do >+- { >+- if (bgp_capability_orf_entry (peer, hdr) == -1) >+- return -1; >+- } >+- while (stream_get_getp(s) + sizeof(struct capability_orf_entry) < end); >+- >+- return 0; >+-} >+- >+-static int >+ bgp_capability_restart (struct peer *peer, struct capability_header *caphdr) >+ { >+ struct stream *s = BGP_INPUT (peer); >+@@ -575,7 +553,7 @@ >+ break; >+ case CAPABILITY_CODE_ORF: >+ case CAPABILITY_CODE_ORF_OLD: >+- if (bgp_capability_orf (peer, &caphdr)) >++ if (bgp_capability_orf_entry (peer, &caphdr)) >+ return -1; >+ break; >+ case CAPABILITY_CODE_RESTART: >Index: files/patch-ospfd__ospf_packet.c >=================================================================== >RCS file: files/patch-ospfd__ospf_packet.c >diff -N files/patch-ospfd__ospf_packet.c >--- files/patch-ospfd__ospf_packet.c 17 Nov 2011 13:02:07 -0000 1.2 >+++ /dev/null 1 Jan 1970 00:00:00 -0000 >@@ -1,11 +0,0 @@ >---- ospfd/ospf_packet.c.orig 2011-09-29 18:59:32.000000000 +0600 >-+++ ospfd/ospf_packet.c 2011-11-12 12:02:58.000000000 +0600 >-@@ -2116,7 +2116,7 @@ >- >- ip_len = iph->ip_len; >- >--#if !defined(GNU_LINUX) && (OpenBSD < 200311) >-+#if !defined(GNU_LINUX) && (OpenBSD < 200311) && (__FreeBSD_version < 1000000) >- /* >- * Kernel network code touches incoming IP header parameters, >- * before protocol specific processing.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=125314">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 168920
: 125314