Jonny Robertson reported that Zebra can be remotely crashed if a Zebra
password has been enabled and a remote attacker can connect to the Zebra
telnet management port. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0795 to this issue.
from http://rhn.redhat.com/errata/RHSA-2003-307.html
Bump package name.
ok itojun@ margarida@
- don't change SYSCONFDIR, use CONFDIR/SUBST_VARS instead and if neccessary
use "CONFIGURE_STYLE=gnu old" and explicitly set --sysconfdir=${CONFDIR}
a few more to come...
* Changes in zebra-0.92a
* Changes in bgpd
** Fix "^$" community list bug.
** Below command's Address Family specific configurations are added
nexthop-self
route-reflector-client
route-server-client
soft-reconfiguration inbound
* Changes in zebra
** Treat kernel type routes as EGP routes.
OpenBSD port changes:
FLAVOR=snmp now works
vtysh now works
Also, OpenBD specific fixes not listed below include a patch to correctly
get all interfaces from the kernel.
Changelog from e-mail:
* Changes in zebra-0.92
** Overall security is improved. Default umask is 0077.
* Changes in ripd
** If output interface is in simple password authentication mode,
substruct one from rtemax.
* Changes in bgpd
** IPv4 multicast and IPv6 unicast configuration is changed to so
called new config. All of AFI and SAFI specific configuration is
moved to "address-family" node. When you have many IPv6 only
configuration, you will see many "no neighbor X:X::X:X activate" line
in your configuration to disable IPv4 unicast NLRI exchange. In that
case please use "no bgp default ipv4-unicast" command to suppress the
output. Until zebra-0.93, old config is still left for compatibility.
Old config
==========
router bgp 7675
bgp router-id 10.0.0.1
redistribute connected
network 192.168.0.0/24
neighbor 10.0.0.2 remote-as 7675
ipv6 bgp network 3ffe:506::/33
ipv6 bgp network 3ffe:1800:e800::/40
ipv6 bgp aggregate-address 3ffe:506::/32
ipv6 bgp redistribute connected
ipv6 bgp neighbor 3ffe:506:1000::2 remote-as 1
New config
==========
router bgp 7675
bgp router-id 10.0.0.1
network 192.168.0.0/24
redistribute connected
neighbor 10.0.0.2 remote-as 7675
neighbor 3ffe:506:1000::2 remote-as 1
no neighbor 3ffe:506:1000::2 activate
!
address-family ipv6
network 3ffe:506::/33
network 3ffe:1800:e800::/40
aggregate-address 3ffe:506::/32
redistribute connected
neighbor 3ffe:506:1000::2 activate
exit-address-family
* Changes in ospfd
** Internal interface treatment is changed. Now ospfd can handle
multiple IP address for an interface.
** Redistribution of loopback interface's address works fine.
- mkdir -> ${INSTALL_DATA_DIR}
- install docs in share/doc/zebra and the examples in share/examples/zebra
- ${FOO} -> $FOO in DEINSTALL/INSTALL
- better INSTALL script, don't pointlessly install the samples in
share/examples/zebra and then into /etc/zebra as well. tell the end user
that they're installed in share/examples/zebra and let them deal with it.
In this commit, the configuration files are now to be found in
/etc/zebra rather than /usr/local/lib/zebra. Sample configuration
files are installed by the INSTALL script.
The start of an 'snmp' flavor is included, but the test for libsnmp.a
fails in the configure script. Reported to zebra mailing list.
Update ok-ed by port maintainer.
key changes from webpage:
- Many ospfd related bugs are fixed.
- Now OSPF module becomes very stable.
- BGP's route selection problem is fixed.
- "bgp always-compare-med" command is added.
- exec-timeout bug which cause crush is fixed.
- ip prefix-list default behavior is changed.
