diff options
| author | gdt <gdt> | 2016-03-21 13:40:28 +0000 |
|---|---|---|
| committer | gdt <gdt> | 2016-03-21 13:40:28 +0000 |
| commit | d25e4d9667db74d1fe7e1e1759e5ffc352dca775 (patch) | |
| tree | 98cf67d3ced04fa78fb45fa97543477fe124a9e2 /net | |
| parent | 1d04ee656163651178b276f50590e3afdf0332be (diff) | |
| download | pkgsrc-d25e4d9667db74d1fe7e1e1759e5ffc352dca775.tar.gz | |
Update to 1.0.20160315
This is an update to address security issues, but contains more changes.
Packaging changes include:
remove lib/privs.c patch (integrated upstream)
opaque LSA no longer an option (always on)
pimd enabled by default upstream and hence in the package
Upstream changes from http://savannah.nongnu.org/news/?group=quagga
Quagga 1.0.20160315 Released
Quagga 1.0.20160309 has been released, and is available at
http://download.savannah.gnu.org/releases/quagga/
This is a bug fix release. It addresses a crash in protocols with a
redistribute statement.
Quagga 1.0.20160309 Released
Quagga 1.0.20160309 has been released, and is available at
http://download.savannah.gnu.org/releases/quagga/
This release addresses Security Vulnerability VU #270232.
Users using VPNv4 to untrusted peers and zebra that have
untrusted clients talking to it are advised to upgrade to
this release. For further details see the CERT Vulnerability note:
https://www.kb.cert.org/vuls/id/270232
Major user-visible changes:
[quagga] - Namespace VRF Support has been added.
[lib] - Add 'show commandtree'
[bgpd] - vpnv4 and vpnv6 handling has been included.
[bgpd] - Add 'set metric (rtt|+rtt|-rtt)' to route map handling.
[bgpd] - Addition of 'show ip bgp dampening' command tree.
[bgpd] - If route-map does not exist default to DENY for redistribute
statements
[bgpd] - Lower default 'timers connect' in BGP to 10 seconds.
[bgpd] - Enable "bgp log-neighbor-changes" by default
[bgpd] - Add support for timer commands with peer-group syntax
[bgpd] - Extend Dump to allow Extended Time Format
[babeld] - Removed from the distribution.
[isisd] - Allow the adjustment of lsp-mtu
[isisd] - Allow the import of routes from other protocols
[ospfd] - Add per interface 'ip ospf area' command
[ospfd] - Lower the default OSPF spf timers to '0 50 5000'
[ripngd] - Add ECMP support
[pimd] - Add multicast static routes.
[pimd] - Add ability to set DR priority for an interface
[pimd] - Add ability to modify hello and hold timers per interface
[vtysh] - Add 'show thread cpu ..' and 'show work-queues'
[vtysh] - Add 'show run <protocol>' command
[vtysh] - Fix history handling
Diffstat (limited to 'net')
| -rw-r--r-- | net/quagga/Makefile | 5 | ||||
| -rw-r--r-- | net/quagga/PLIST | 15 | ||||
| -rw-r--r-- | net/quagga/PLIST.opaquelsa | 5 | ||||
| -rw-r--r-- | net/quagga/distinfo | 11 | ||||
| -rw-r--r-- | net/quagga/options.mk | 14 | ||||
| -rw-r--r-- | net/quagga/patches/patch-lib_privs.c | 162 |
6 files changed, 20 insertions, 192 deletions
diff --git a/net/quagga/Makefile b/net/quagga/Makefile index 079067535d1..3d4a4683591 100644 --- a/net/quagga/Makefile +++ b/net/quagga/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.53 2016/01/27 13:48:01 jperkin Exp $ +# $NetBSD: Makefile,v 1.54 2016/03/21 13:40:28 gdt Exp $ # -DISTNAME= quagga-0.99.24.1 -PKGREVISION= 2 +DISTNAME= quagga-1.0.20160315 CATEGORIES= net MASTER_SITES= http://download.savannah.gnu.org/releases/quagga/ diff --git a/net/quagga/PLIST b/net/quagga/PLIST index 17acd375f17..a33f22799a2 100644 --- a/net/quagga/PLIST +++ b/net/quagga/PLIST @@ -1,8 +1,11 @@ -@comment $NetBSD: PLIST,v 1.16 2015/03/10 16:46:51 gdt Exp $ +@comment $NetBSD: PLIST,v 1.17 2016/03/21 13:40:28 gdt Exp $ +bin/bgp_btoa +bin/test_igmpv3_join include/quagga/buffer.h include/quagga/checksum.h include/quagga/command.h include/quagga/distribute.h +include/quagga/fifo.h include/quagga/filter.h include/quagga/getopt.h include/quagga/hash.h @@ -17,6 +20,7 @@ include/quagga/md5.h include/quagga/memory.h include/quagga/memtypes.h include/quagga/network.h +include/quagga/ospfapi/ospf_apiclient.h include/quagga/ospfd/ospf_api.h include/quagga/ospfd/ospf_asbr.h include/quagga/ospfd/ospf_dump.h @@ -42,6 +46,7 @@ include/quagga/table.h include/quagga/thread.h include/quagga/vector.h include/quagga/version.h +include/quagga/vrf.h include/quagga/vty.h include/quagga/workqueue.h include/quagga/zassert.h @@ -49,18 +54,22 @@ include/quagga/zclient.h include/quagga/zebra.h info/quagga.info lib/libospf.la +lib/libospfapiclient.la lib/libzebra.la man/man1/vtysh.1 man/man8/bgpd.8 man/man8/isisd.8 +man/man8/ospfclient.8 man/man8/ospfd.8 +man/man8/pimd.8 man/man8/ripd.8 man/man8/watchquagga.8 man/man8/zebra.8 -sbin/babeld sbin/bgpd sbin/isisd +sbin/ospfclient sbin/ospfd +sbin/pimd sbin/ripd sbin/watchquagga sbin/zebra @@ -70,11 +79,11 @@ share/doc/quagga/mpls/ChangeLog.opaque.txt share/doc/quagga/mpls/cli_summary.txt share/doc/quagga/mpls/opaque_lsa.txt share/doc/quagga/mpls/ospfd.conf -share/examples/quagga/babeld.conf.sample share/examples/quagga/bgpd.conf.sample share/examples/quagga/bgpd.conf.sample2 share/examples/quagga/isisd.conf.sample share/examples/quagga/log_syslog.conf share/examples/quagga/ospfd.conf.sample +share/examples/quagga/pimd.conf.sample share/examples/quagga/ripd.conf.sample share/examples/quagga/zebra.conf.sample diff --git a/net/quagga/PLIST.opaquelsa b/net/quagga/PLIST.opaquelsa deleted file mode 100644 index fba4a8cea72..00000000000 --- a/net/quagga/PLIST.opaquelsa +++ /dev/null @@ -1,5 +0,0 @@ -@comment $NetBSD: PLIST.opaquelsa,v 1.3 2012/06/07 23:38:16 gdt Exp $ -include/quagga/ospfapi/ospf_apiclient.h -lib/libospfapiclient.la -man/man8/ospfclient.8 -sbin/ospfclient diff --git a/net/quagga/distinfo b/net/quagga/distinfo index 163f8823371..d45409e23f3 100644 --- a/net/quagga/distinfo +++ b/net/quagga/distinfo @@ -1,8 +1,7 @@ -$NetBSD: distinfo,v 1.25 2016/01/27 13:48:01 jperkin Exp $ +$NetBSD: distinfo,v 1.26 2016/03/21 13:40:28 gdt Exp $ -SHA1 (quagga-0.99.24.1.tar.gz) = da5d4b1b6f524becb217355f95f99076b7a969d5 -RMD160 (quagga-0.99.24.1.tar.gz) = a6b5c6d93b2d129aa4f627ae0359fa6539de6645 -SHA512 (quagga-0.99.24.1.tar.gz) = 6b15aa3ed961081eba4878ba4a6fb5fd03dd8fc16684f28cf7176f0636c33ed734da8787edf9352c108d9e528dd7ba74e2ee0113e782adc4465945cdae88ec51 -Size (quagga-0.99.24.1.tar.gz) = 2683800 bytes -SHA1 (patch-lib_privs.c) = d86ec56c9f57f38af6cce5285fb95759efc7c8e9 +SHA1 (quagga-1.0.20160315.tar.gz) = 1d7168e2a5b33a1fd6bf89673e4c8f32c7f56ae8 +RMD160 (quagga-1.0.20160315.tar.gz) = dae1a9de36482c0b6306840d375577c300a58f4d +SHA512 (quagga-1.0.20160315.tar.gz) = f17191facc4d5b0bee2d00cc3ecc4d546c6472ce5b081d79458cacca3536bd6dcea10aef480ae117f4a7f466dd88257bf2a3e37ccbe3b3b55f27ef18ead6107f +Size (quagga-1.0.20160315.tar.gz) = 2788131 bytes SHA1 (patch-solaris_quagga.init.in) = 446f9c1efc47d54cb1af0eba47193571b63d91c0 diff --git a/net/quagga/options.mk b/net/quagga/options.mk index 776513483fb..0674291f2da 100644 --- a/net/quagga/options.mk +++ b/net/quagga/options.mk @@ -1,11 +1,9 @@ -# $NetBSD: options.mk,v 1.8 2013/08/07 14:05:15 gdt Exp $ +# $NetBSD: options.mk,v 1.9 2016/03/21 13:40:28 gdt Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.quagga PKG_SUPPORTED_OPTIONS= inet6 -PKG_SUPPORTED_OPTIONS+= quagga-ospf-opaque-lsa PKG_SUPPORTED_OPTIONS+= quagga-vtysh PKG_SUGGESTED_OPTIONS= inet6 -PKG_SUGGESTED_OPTIONS+= quagga-ospf-opaque-lsa PKG_SUGGESTED_OPTIONS+= quagga-vtysh .include "../../mk/bsd.options.mk" @@ -37,13 +35,3 @@ PLIST_CAT+= ${PKGDIR}/PLIST.vtysh .else CONFIGURE_ARGS+= --disable-vtysh .endif - -### -### Include Opaque LSA support in OSPF (RFC2370). -### -.if !empty(PKG_OPTIONS:Mquagga-ospf-opaque-lsa) -# opaque-lsa is now the upstream default. -PLIST_CAT+= ${PKGDIR}/PLIST.opaquelsa -.else -CONFIGURE_ARGS+= --disable-opaque-lsa -.endif diff --git a/net/quagga/patches/patch-lib_privs.c b/net/quagga/patches/patch-lib_privs.c deleted file mode 100644 index c65d89b1bb9..00000000000 --- a/net/quagga/patches/patch-lib_privs.c +++ /dev/null @@ -1,162 +0,0 @@ -$NetBSD: patch-lib_privs.c,v 1.1 2015/01/25 22:14:05 fhajny Exp $ - -Fix minimum privileges setup, makes Quagga work on SunOS. -https://github.com/illumos/illumos-userland/blob/master/components/quagga/patches/75-privs-basicprivset.patch ---- lib/privs.c.orig 2014-08-25 16:56:53.000000000 +0000 -+++ lib/privs.c -@@ -2,7 +2,7 @@ - * Zebra privileges. - * - * Copyright (C) 2003 Paul Jakma. -- * Copyright (C) 2005 Sun Microsystems, Inc. -+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. - * - * This file is part of GNU Zebra. - * -@@ -348,6 +348,26 @@ zprivs_caps_terminate (void) - * - http://blogs.sun.com/roller/page/gbrunett?entry=privilege_enabling_set_id_programs1 - */ - -+static pset_t * -+zprivs_caps_minimal () -+{ -+ pset_t *minimal; -+ -+ if ((minimal = priv_str_to_set("basic", ",", NULL)) == NULL) -+ { -+ fprintf (stderr, "%s: couldn't get basic set!\n", __func__); -+ exit (1); -+ } -+ -+ /* create a minimal privilege set from the basic set */ -+ (void) priv_delset(minimal, PRIV_PROC_EXEC); -+ (void) priv_delset(minimal, PRIV_PROC_INFO); -+ (void) priv_delset(minimal, PRIV_PROC_SESSION); -+ (void) priv_delset(minimal, PRIV_FILE_LINK_ANY); -+ -+ return minimal; -+} -+ - /* convert zebras privileges to system capabilities */ - static pset_t * - zcaps2sys (zebra_capabilities_t *zcaps, int num) -@@ -376,26 +396,34 @@ zcaps2sys (zebra_capabilities_t *zcaps, - int - zprivs_change_caps (zebra_privs_ops_t op) - { -+ pset_t *privset; - - /* should be no possibility of being called without valid caps */ - assert (zprivs_state.syscaps_p); - if (!zprivs_state.syscaps_p) - { -+ fprintf (stderr, "%s: Eek, missing privileged caps!", __func__); -+ exit (1); -+ } -+ -+ assert (zprivs_state.caps); -+ if (!zprivs_state.caps) -+ { - fprintf (stderr, "%s: Eek, missing caps!", __func__); - exit (1); - } -- -- /* to raise: copy original permitted into our working effective set -- * to lower: just clear the working effective set -+ -+ /* to raise: copy original permitted as our working effective set -+ * to lower: copy regular effective set stored in zprivs_state.caps - */ - if (op == ZPRIVS_RAISE) -- priv_copyset (zprivs_state.syscaps_p, zprivs_state.caps); -+ privset = zprivs_state.syscaps_p; - else if (op == ZPRIVS_LOWER) -- priv_emptyset (zprivs_state.caps); -+ privset = zprivs_state.caps; - else - return -1; - -- if (setppriv (PRIV_SET, PRIV_EFFECTIVE, zprivs_state.caps) != 0) -+ if (setppriv (PRIV_SET, PRIV_EFFECTIVE, privset) != 0) - return -1; - - return 0; -@@ -423,15 +451,15 @@ zprivs_state_caps (void) - } - else - { -- if (priv_isemptyset (effective) == B_TRUE) -+ if (priv_isequalset (effective, zprivs_state.syscaps_p)) -+ result = ZPRIVS_RAISED; -+ else if (priv_isequalset (effective, zprivs_state.caps)) - result = ZPRIVS_LOWERED; - else -- result = ZPRIVS_RAISED; -+ result = ZPRIVS_UNKNOWN; - } - -- if (effective) -- priv_freeset (effective); -- -+ priv_freeset (effective); - return result; - } - -@@ -439,7 +467,7 @@ static void - zprivs_caps_init (struct zebra_privs_t *zprivs) - { - pset_t *basic; -- pset_t *empty; -+ pset_t *minimal; - - /* the specified sets */ - zprivs_state.syscaps_p = zcaps2sys (zprivs->caps_p, zprivs->cap_num_p); -@@ -467,14 +495,6 @@ zprivs_caps_init (struct zebra_privs_t * - priv_union (basic, zprivs_state.syscaps_p); - priv_freeset (basic); - -- /* we need an empty set for 'effective', potentially for inheritable too */ -- if ( (empty = priv_allocset()) == NULL) -- { -- fprintf (stderr, "%s: couldn't get empty set!\n", __func__); -- exit (1); -- } -- priv_emptyset (empty); -- - /* Hey kernel, we know about privileges! - * this isn't strictly required, use of setppriv should have same effect - */ -@@ -517,16 +537,19 @@ zprivs_caps_init (struct zebra_privs_t * - exit (1); - } - -- /* now clear the effective set and we're ready to go */ -- if (setppriv (PRIV_SET, PRIV_EFFECTIVE, empty)) -+ /* we need a minimal basic set for 'effective', potentially for inheritable too */ -+ minimal = zprivs_caps_minimal(); -+ -+ /* now set the effective set with a subset of basic privileges */ -+ if (setppriv (PRIV_SET, PRIV_EFFECTIVE, minimal)) - { - fprintf (stderr, "%s: error setting effective set!, %s\n", __func__, - safe_strerror (errno) ); - exit (1); - } - -- /* we'll use this as our working-storage privset */ -- zprivs_state.caps = empty; -+ /* we'll use the minimal set as our working-storage privset */ -+ zprivs_state.caps = minimal; - - /* set methods for the caller to use */ - zprivs->change = zprivs_change_caps; -@@ -538,8 +561,7 @@ zprivs_caps_terminate (void) - { - assert (zprivs_state.caps); - -- /* clear all capabilities */ -- priv_emptyset (zprivs_state.caps); -+ /* clear all capabilities by using working-storage privset */ - setppriv (PRIV_SET, PRIV_EFFECTIVE, zprivs_state.caps); - setppriv (PRIV_SET, PRIV_PERMITTED, zprivs_state.caps); - setppriv (PRIV_SET, PRIV_INHERITABLE, zprivs_state.caps); |