From ef738c2300863a948e8927a1cfecdc439b988797 Mon Sep 17 00:00:00 2001 From: sthen Date: Sat, 26 Mar 2011 12:00:53 +0000 Subject: [PATCH] - SECURITY update to 0.99.18 (pointed out by Brad) CVE-2010-1674 null pointer deref with malformed BGP Extended Communities CVE-2010-1675 BGP session reset with malformed AS-path - install info documentation - patches added: build fixes from upstream --- net/quagga/Makefile | 7 +-- net/quagga/distinfo | 10 ++-- net/quagga/patches/patch-bgpd_bgp_attr_c | 18 +++++++ net/quagga/patches/patch-doc_Makefile_in | 10 ++-- net/quagga/patches/patch-ospfd_ospf_lsa_h | 17 +++++++ net/quagga/patches/patch-ospfd_ospf_nsm_c | 16 ++++++ net/quagga/patches/patch-ospfd_ospf_opaque_c | 53 ++++++++++++++++++++ net/quagga/patches/patch-ospfd_ospf_opaque_h | 25 +++++++++ net/quagga/pkg/PLIST | 3 +- 9 files changed, 145 insertions(+), 14 deletions(-) create mode 100644 net/quagga/patches/patch-bgpd_bgp_attr_c create mode 100644 net/quagga/patches/patch-ospfd_ospf_lsa_h create mode 100644 net/quagga/patches/patch-ospfd_ospf_nsm_c create mode 100644 net/quagga/patches/patch-ospfd_ospf_opaque_c create mode 100644 net/quagga/patches/patch-ospfd_ospf_opaque_h diff --git a/net/quagga/Makefile b/net/quagga/Makefile index 3546ed34619..fdd3e7cac96 100644 --- a/net/quagga/Makefile +++ b/net/quagga/Makefile @@ -1,8 +1,8 @@ -# $OpenBSD: Makefile,v 1.18 2010/11/19 22:31:37 espie Exp $ +# $OpenBSD: Makefile,v 1.19 2011/03/26 12:00:53 sthen Exp $ COMMENT= multi-threaded routing daemon -DISTNAME= quagga-0.99.17 +DISTNAME= quagga-0.99.18 SHARED_LIBS= ospf 0.0 \ zebra 0.0 CATEGORIES= net @@ -32,8 +32,8 @@ CONFIGURE_ARGS+=--includedir=${LOCALBASE}/include/quagga \ --localstatedir=${STATEDIR} \ --enable-user=_quagga \ --enable-group=_quagga \ + --enable-vty-group=_quagga \ --enable-vtysh \ - --enable-vtysh-group=_quagga \ --mandir=${LOCALBASE}/man \ --infodir=${LOCALBASE}/info CONFIGURE_ENV= LIBS=-lcurses @@ -57,5 +57,6 @@ post-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/quagga ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/quagga ${INSTALL_DATA} ${WRKSRC}/SERVICES ${PREFIX}/share/doc/quagga + ${INSTALL_DATA} ${WRKSRC}/doc/quagga.info* ${PREFIX}/info .include diff --git a/net/quagga/distinfo b/net/quagga/distinfo index 83a4ceb81d7..9b326221a1a 100644 --- a/net/quagga/distinfo +++ b/net/quagga/distinfo @@ -1,5 +1,5 @@ -MD5 (quagga-0.99.17.tar.gz) = N7kCKtygSwOGPS15eH5kPw== -RMD160 (quagga-0.99.17.tar.gz) = 8AvwGTD3ga4N6f6ZgcdOe64HmLU= -SHA1 (quagga-0.99.17.tar.gz) = MfQvqfTZaq3xv5fD2b8zCOsNVsE= -SHA256 (quagga-0.99.17.tar.gz) = HXffEhozTpUEtF5InufONb9HjifTPNJ5OiMoC1nZ79Q= -SIZE (quagga-0.99.17.tar.gz) = 2202151 +MD5 (quagga-0.99.18.tar.gz) = WeMG6TpKHOFnYPIOkHXUcw== +RMD160 (quagga-0.99.18.tar.gz) = jBPeh+ybc7SJfkOHp/rr28tsuCY= +SHA1 (quagga-0.99.18.tar.gz) = NIaoRSISUV9CnfriytXtVBs9iNg= +SHA256 (quagga-0.99.18.tar.gz) = DNvkuQB19Jl8puzHHvaDoHtKjKPHGAgP6D9LytvMTZM= +SIZE (quagga-0.99.18.tar.gz) = 2199014 diff --git a/net/quagga/patches/patch-bgpd_bgp_attr_c b/net/quagga/patches/patch-bgpd_bgp_attr_c new file mode 100644 index 00000000000..e14fc82e582 --- /dev/null +++ b/net/quagga/patches/patch-bgpd_bgp_attr_c @@ -0,0 +1,18 @@ +$OpenBSD: patch-bgpd_bgp_attr_c,v 1.3 2011/03/26 12:00:53 sthen Exp $ + +bgpd: attribute jhash call should use a standard interface to in6_addr data +http://code.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=98e30f5db6dea65a5d6a176065cd0b60eb7bb001 + +--- bgpd/bgp_attr.c.orig Mon Mar 21 14:32:49 2011 ++++ bgpd/bgp_attr.c Sat Mar 26 11:16:31 2011 +@@ -373,8 +373,8 @@ attrhash_key_make (void *p) + + #ifdef HAVE_IPV6 + MIX(attr->extra->mp_nexthop_len); +- key = jhash2(attr->extra->mp_nexthop_global.s6_addr32, 4, key); +- key = jhash2(attr->extra->mp_nexthop_local.s6_addr32, 4, key); ++ key = jhash2(attr->extra->mp_nexthop_global.s6_addr, 16, key); ++ key = jhash2(attr->extra->mp_nexthop_local.s6_addr, 16, key); + #endif /* HAVE_IPV6 */ + } + diff --git a/net/quagga/patches/patch-doc_Makefile_in b/net/quagga/patches/patch-doc_Makefile_in index 81dff6ba91a..a92c89c7f84 100644 --- a/net/quagga/patches/patch-doc_Makefile_in +++ b/net/quagga/patches/patch-doc_Makefile_in @@ -1,6 +1,6 @@ -$OpenBSD: patch-doc_Makefile_in,v 1.7 2010/09/24 09:30:04 sthen Exp $ ---- doc/Makefile.in.orig Thu Aug 19 10:43:02 2010 -+++ doc/Makefile.in Wed Sep 1 12:08:39 2010 +$OpenBSD: patch-doc_Makefile_in,v 1.8 2011/03/26 12:00:53 sthen Exp $ +--- doc/Makefile.in.orig Mon Mar 21 14:46:22 2011 ++++ doc/Makefile.in Sat Mar 26 10:21:55 2011 @@ -152,6 +152,7 @@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ @@ -9,7 +9,7 @@ $OpenBSD: patch-doc_Makefile_in,v 1.7 2010/09/24 09:30:04 sthen Exp $ MKDIR_P = @MKDIR_P@ MULTIPATH_NUM = @MULTIPATH_NUM@ NM = @NM@ -@@ -373,7 +374,7 @@ clean-libtool: +@@ -372,7 +373,7 @@ clean-libtool: .texi.dvi: TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \ @@ -18,7 +18,7 @@ $OpenBSD: patch-doc_Makefile_in,v 1.7 2010/09/24 09:30:04 sthen Exp $ $(TEXI2DVI) $< .texi.pdf: -@@ -749,7 +750,7 @@ install-info-am: $(INFO_DEPS) +@@ -748,7 +749,7 @@ install-info-am: $(INFO_DEPS) case $$file in \ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ esac; \ diff --git a/net/quagga/patches/patch-ospfd_ospf_lsa_h b/net/quagga/patches/patch-ospfd_ospf_lsa_h new file mode 100644 index 00000000000..a5a6d4e51ae --- /dev/null +++ b/net/quagga/patches/patch-ospfd_ospf_lsa_h @@ -0,0 +1,17 @@ +$OpenBSD: patch-ospfd_ospf_lsa_h,v 1.1 2011/03/26 12:00:53 sthen Exp $ + +ospfd: Compile fix for opaque support +http://code.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=d71ea65270408a45e4bec036671ec73b24b994b4 + +--- ospfd/ospf_lsa.h.orig Mon Mar 21 11:09:13 2011 ++++ ospfd/ospf_lsa.h Sat Mar 26 11:18:46 2011 +@@ -114,6 +114,9 @@ struct ospf_lsa + + /* Refreshement List or Queue */ + int refresh_list; ++ ++ /* For Type-9 Opaque-LSAs */ ++ struct ospf_interface *oi; + }; + + /* OSPF LSA Link Type. */ diff --git a/net/quagga/patches/patch-ospfd_ospf_nsm_c b/net/quagga/patches/patch-ospfd_ospf_nsm_c new file mode 100644 index 00000000000..a06926225ea --- /dev/null +++ b/net/quagga/patches/patch-ospfd_ospf_nsm_c @@ -0,0 +1,16 @@ +$OpenBSD: patch-ospfd_ospf_nsm_c,v 1.1 2011/03/26 12:00:53 sthen Exp $ + +ospfd: Compile fix for opaque support +http://code.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=d71ea65270408a45e4bec036671ec73b24b994b4 + +--- ospfd/ospf_nsm.c.orig Mon Mar 21 09:43:52 2011 ++++ ospfd/ospf_nsm.c Sat Mar 26 11:18:46 2011 +@@ -216,7 +216,7 @@ ospf_db_summary_add (struct ospf_neighbor *nbr, struct + { + case OSPF_OPAQUE_LINK_LSA: + /* Exclude type-9 LSAs that does not have the same "oi" with "nbr". */ +- if (lsa->oi != nbr->oi) ++ if (nbr->oi && ospf_if_exists (lsa->oi) != nbr->oi) + return 0; + break; + case OSPF_OPAQUE_AREA_LSA: diff --git a/net/quagga/patches/patch-ospfd_ospf_opaque_c b/net/quagga/patches/patch-ospfd_ospf_opaque_c new file mode 100644 index 00000000000..07e78b757c2 --- /dev/null +++ b/net/quagga/patches/patch-ospfd_ospf_opaque_c @@ -0,0 +1,53 @@ +$OpenBSD: patch-ospfd_ospf_opaque_c,v 1.1 2011/03/26 12:00:53 sthen Exp $ + +ospfd: Compile fix for opaque support +http://code.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=d71ea65270408a45e4bec036671ec73b24b994b4 + +--- ospfd/ospf_opaque.c.orig Mon Mar 21 09:43:52 2011 ++++ ospfd/ospf_opaque.c Sat Mar 26 11:18:46 2011 +@@ -251,7 +251,7 @@ struct ospf_opaque_functab + void (* config_write_debug )(struct vty *vty); + void (* show_opaque_info )(struct vty *vty, struct ospf_lsa *lsa); + int (* lsa_originator)(void *arg); +- void (* lsa_refresher )(struct ospf_lsa *lsa); ++ struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa); + int (* new_lsa_hook)(struct ospf_lsa *lsa); + int (* del_lsa_hook)(struct ospf_lsa *lsa); + }; +@@ -354,7 +354,7 @@ ospf_register_opaque_functab ( + void (* config_write_debug )(struct vty *vty), + void (* show_opaque_info )(struct vty *vty, struct ospf_lsa *lsa), + int (* lsa_originator)(void *arg), +- void (* lsa_refresher )(struct ospf_lsa *lsa), ++ struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa), + int (* new_lsa_hook)(struct ospf_lsa *lsa), + int (* del_lsa_hook)(struct ospf_lsa *lsa)) + { +@@ -1608,12 +1608,13 @@ out: + return new; + } + +-void ++struct ospf_lsa * + ospf_opaque_lsa_refresh (struct ospf_lsa *lsa) + { + struct ospf *ospf; + struct ospf_opaque_functab *functab; +- ++ struct ospf_lsa *new = NULL; ++ + ospf = ospf_lookup (); + + if ((functab = ospf_opaque_functab_lookup (lsa)) == NULL +@@ -1633,9 +1634,9 @@ ospf_opaque_lsa_refresh (struct ospf_lsa *lsa) + ospf_lsa_flush (ospf, lsa); + } + else +- (* functab->lsa_refresher)(lsa); ++ new = (* functab->lsa_refresher)(lsa); + +- return; ++ return new; + } + + /*------------------------------------------------------------------------* diff --git a/net/quagga/patches/patch-ospfd_ospf_opaque_h b/net/quagga/patches/patch-ospfd_ospf_opaque_h new file mode 100644 index 00000000000..0d801dfcd84 --- /dev/null +++ b/net/quagga/patches/patch-ospfd_ospf_opaque_h @@ -0,0 +1,25 @@ +$OpenBSD: patch-ospfd_ospf_opaque_h,v 1.1 2011/03/26 12:00:53 sthen Exp $ + +ospfd: Compile fix for opaque support +http://code.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=d71ea65270408a45e4bec036671ec73b24b994b4 + +--- ospfd/ospf_opaque.h.orig Mon Mar 21 09:43:52 2011 ++++ ospfd/ospf_opaque.h Sat Mar 26 11:18:46 2011 +@@ -120,7 +120,7 @@ ospf_register_opaque_functab ( + void (* config_write_debug )(struct vty *vty), + void (* show_opaque_info )(struct vty *vty, struct ospf_lsa *lsa), + int (* lsa_originator)(void *arg), +- void (* lsa_refresher )(struct ospf_lsa *lsa), ++ struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa), + int (* new_lsa_hook)(struct ospf_lsa *lsa), + int (* del_lsa_hook)(struct ospf_lsa *lsa) + ); +@@ -143,7 +143,7 @@ extern void ospf_opaque_lsa_originate_schedule (struct + int *init_delay); + extern struct ospf_lsa *ospf_opaque_lsa_install (struct ospf_lsa *, + int rt_recalc); +-extern void ospf_opaque_lsa_refresh (struct ospf_lsa *lsa); ++extern struct ospf_lsa *ospf_opaque_lsa_refresh (struct ospf_lsa *lsa); + + extern void ospf_opaque_lsa_reoriginate_schedule (void *lsa_type_dependent, + u_char lsa_type, diff --git a/net/quagga/pkg/PLIST b/net/quagga/pkg/PLIST index bb911228160..ca231202719 100644 --- a/net/quagga/pkg/PLIST +++ b/net/quagga/pkg/PLIST @@ -1,4 +1,4 @@ -@comment $OpenBSD: PLIST,v 1.9 2009/02/18 00:37:53 sthen Exp $ +@comment $OpenBSD: PLIST,v 1.10 2011/03/26 12:00:53 sthen Exp $ @conflict zebra-* @newgroup _quagga:525 @newuser _quagga:525:_quagga:daemon:Quagga Account:/nonexistent:/sbin/nologin @@ -54,6 +54,7 @@ include/quagga/quagga/workqueue.h include/quagga/quagga/zassert.h include/quagga/quagga/zclient.h include/quagga/quagga/zebra.h +@info info/quagga.info lib/libospf.a lib/libospf.la lib/libzebra.a