diff options
author | Roy Li <rongqing.li@windriver.com> | 2014-08-12 17:01:19 +0800 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2014-08-13 23:28:06 +0200 |
commit | 8a428b570d7fbad8b36b1b4061ea51248a83d7c5 (patch) | |
tree | 405b1e43e230c8857154943f04b78557efc7a698 /meta-networking | |
parent | 8afe9200c45110eb2166e09bdce739fa170c08cb (diff) | |
download | meta-openembedded-8a428b570d7fbad8b36b1b4061ea51248a83d7c5.tar.gz |
quagga: uprev it to 0.99.23
uprev it to 0.99.23
remove patches which have been in the latest version
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-networking')
13 files changed, 12 insertions, 563 deletions
diff --git a/meta-networking/recipes-protocols/quagga/files/0001-bgpd-CVE-2012-1820-DoS-in-bgp_capability_orf.patch b/meta-networking/recipes-protocols/quagga/files/0001-bgpd-CVE-2012-1820-DoS-in-bgp_capability_orf.patch deleted file mode 100644 index 5a2ee1b2c..000000000 --- a/meta-networking/recipes-protocols/quagga/files/0001-bgpd-CVE-2012-1820-DoS-in-bgp_capability_orf.patch +++ /dev/null | |||
@@ -1,87 +0,0 @@ | |||
1 | From fe9bb6459afe0d55e56619cdc5061d8407cd1f15 Mon Sep 17 00:00:00 2001 | ||
2 | From: Denis Ovsienko <infrastation@yandex.ru> | ||
3 | Date: Thu, 19 Apr 2012 20:34:13 +0400 | ||
4 | Subject: [PATCH] bgpd: CVE-2012-1820, DoS in bgp_capability_orf() | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | An ORF (code 3) capability TLV is defined to contain exactly one | ||
9 | AFI/SAFI block. Function bgp_capability_orf(), which parses ORF | ||
10 | capability TLV, uses do-while cycle to call its helper function | ||
11 | bgp_capability_orf_entry(), which actually processes the AFI/SAFI data | ||
12 | block. The call is made at least once and repeated as long as the input | ||
13 | buffer has enough data for the next call. | ||
14 | |||
15 | The helper function, bgp_capability_orf_entry(), uses "Number of ORFs" | ||
16 | field of the provided AFI/SAFI block to verify, if it fits the input | ||
17 | buffer. However, the check is made based on the total length of the ORF | ||
18 | TLV regardless of the data already consumed by the previous helper | ||
19 | function call(s). This way, the check condition is only valid for the | ||
20 | first AFI/SAFI block inside an ORF capability TLV. | ||
21 | |||
22 | For the subsequent calls of the helper function, if any are made, the | ||
23 | check condition may erroneously tell, that the current "Number of ORFs" | ||
24 | field fits the buffer boundary, where in fact it does not. This makes it | ||
25 | possible to trigger an assertion by feeding an OPEN message with a | ||
26 | specially-crafted malformed ORF capability TLV. | ||
27 | |||
28 | This commit fixes the vulnerability by making the implementation follow | ||
29 | the spec. | ||
30 | --- | ||
31 | bgpd/bgp_open.c | 26 ++------------------------ | ||
32 | 1 files changed, 2 insertions(+), 24 deletions(-) | ||
33 | |||
34 | diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c | ||
35 | index d045dde..af711cc 100644 | ||
36 | --- a/bgpd/bgp_open.c | ||
37 | +++ b/bgpd/bgp_open.c | ||
38 | @@ -230,7 +230,7 @@ bgp_capability_orf_entry (struct peer *peer, struct capability_header *hdr) | ||
39 | } | ||
40 | |||
41 | /* validate number field */ | ||
42 | - if (sizeof (struct capability_orf_entry) + (entry.num * 2) > hdr->length) | ||
43 | + if (sizeof (struct capability_orf_entry) + (entry.num * 2) != hdr->length) | ||
44 | { | ||
45 | zlog_info ("%s ORF Capability entry length error," | ||
46 | " Cap length %u, num %u", | ||
47 | @@ -334,28 +334,6 @@ bgp_capability_orf_entry (struct peer *peer, struct capability_header *hdr) | ||
48 | } | ||
49 | |||
50 | static int | ||
51 | -bgp_capability_orf (struct peer *peer, struct capability_header *hdr) | ||
52 | -{ | ||
53 | - struct stream *s = BGP_INPUT (peer); | ||
54 | - size_t end = stream_get_getp (s) + hdr->length; | ||
55 | - | ||
56 | - assert (stream_get_getp(s) + sizeof(struct capability_orf_entry) <= end); | ||
57 | - | ||
58 | - /* We must have at least one ORF entry, as the caller has already done | ||
59 | - * minimum length validation for the capability code - for ORF there must | ||
60 | - * at least one ORF entry (header and unknown number of pairs of bytes). | ||
61 | - */ | ||
62 | - do | ||
63 | - { | ||
64 | - if (bgp_capability_orf_entry (peer, hdr) == -1) | ||
65 | - return -1; | ||
66 | - } | ||
67 | - while (stream_get_getp(s) + sizeof(struct capability_orf_entry) < end); | ||
68 | - | ||
69 | - return 0; | ||
70 | -} | ||
71 | - | ||
72 | -static int | ||
73 | bgp_capability_restart (struct peer *peer, struct capability_header *caphdr) | ||
74 | { | ||
75 | struct stream *s = BGP_INPUT (peer); | ||
76 | @@ -573,7 +551,7 @@ bgp_capability_parse (struct peer *peer, size_t length, int *mp_capability, | ||
77 | break; | ||
78 | case CAPABILITY_CODE_ORF: | ||
79 | case CAPABILITY_CODE_ORF_OLD: | ||
80 | - if (bgp_capability_orf (peer, &caphdr)) | ||
81 | + if (bgp_capability_orf_entry (peer, &caphdr)) | ||
82 | return -1; | ||
83 | break; | ||
84 | case CAPABILITY_CODE_RESTART: | ||
85 | -- | ||
86 | 1.7.5.4 | ||
87 | |||
diff --git a/meta-networking/recipes-protocols/quagga/files/0001-bgpd-relax-ORF-capability-length-handling.patch b/meta-networking/recipes-protocols/quagga/files/0001-bgpd-relax-ORF-capability-length-handling.patch deleted file mode 100644 index 0ec02dc86..000000000 --- a/meta-networking/recipes-protocols/quagga/files/0001-bgpd-relax-ORF-capability-length-handling.patch +++ /dev/null | |||
@@ -1,42 +0,0 @@ | |||
1 | From 5e728e929942d39ce5a4ab3d01c33f7b688c4e3f Mon Sep 17 00:00:00 2001 | ||
2 | From: David Lamparter <equinox@opensourcerouting.org> | ||
3 | Date: Wed, 23 Jan 2013 05:50:24 +0100 | ||
4 | Subject: [PATCH] bgpd: relax ORF capability length handling | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | commit fe9bb64... "bgpd: CVE-2012-1820, DoS in bgp_capability_orf()" | ||
9 | made the length test in bgp_capability_orf_entry() stricter and is now | ||
10 | causing us to refuse (with CEASE) ORF capabilites carrying any excess | ||
11 | data. This does not conform to the robustness principle as laid out by | ||
12 | RFC1122 ("be liberal in what you accept"). | ||
13 | |||
14 | Even worse, RFC5291 is quite unclear on how to use the ORF capability | ||
15 | with multiple AFI/SAFIs. It can be interpreted as either "use one | ||
16 | instance, stuff everything in" but also as "use multiple instances". | ||
17 | So, if not for applying robustness, we end up clearing sessions from | ||
18 | implementations going by the former interpretation. (or if anyone dares | ||
19 | add a byte of padding...) | ||
20 | |||
21 | Cc: Denis Ovsienko <infrastation@yandex.ru> | ||
22 | Signed-off-by: David Lamparter <equinox@opensourcerouting.org> | ||
23 | --- | ||
24 | bgpd/bgp_open.c | 2 +- | ||
25 | 1 files changed, 1 insertions(+), 1 deletions(-) | ||
26 | |||
27 | diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c | ||
28 | index af711cc..7bf3501 100644 | ||
29 | --- a/bgpd/bgp_open.c | ||
30 | +++ b/bgpd/bgp_open.c | ||
31 | @@ -230,7 +230,7 @@ bgp_capability_orf_entry (struct peer *peer, struct capability_header *hdr) | ||
32 | } | ||
33 | |||
34 | /* validate number field */ | ||
35 | - if (sizeof (struct capability_orf_entry) + (entry.num * 2) != hdr->length) | ||
36 | + if (sizeof (struct capability_orf_entry) + (entry.num * 2) > hdr->length) | ||
37 | { | ||
38 | zlog_info ("%s ORF Capability entry length error," | ||
39 | " Cap length %u, num %u", | ||
40 | -- | ||
41 | 1.7.5.4 | ||
42 | |||
diff --git a/meta-networking/recipes-protocols/quagga/files/0001-doc-fix-makeinfo-errors-and-one-warning.patch b/meta-networking/recipes-protocols/quagga/files/0001-doc-fix-makeinfo-errors-and-one-warning.patch deleted file mode 100644 index 24fdac505..000000000 --- a/meta-networking/recipes-protocols/quagga/files/0001-doc-fix-makeinfo-errors-and-one-warning.patch +++ /dev/null | |||
@@ -1,61 +0,0 @@ | |||
1 | From d6cbd8bbc34529a1aff74b5ee73366b89526c961 Mon Sep 17 00:00:00 2001 | ||
2 | From: Joe MacDonald <joe@deserted.net> | ||
3 | Date: Fri, 22 Mar 2013 08:54:44 +0000 | ||
4 | Subject: [PATCH] doc: fix makeinfo errors and one warning | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | commit 4afa50b added few lines that are syntactically incorrect | ||
10 | with leading plus sign. | ||
11 | |||
12 | Upstream-Status: Backport [http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commit;h=b58c90807c9d0bfa9601704c7490a16070906004] | ||
13 | |||
14 | Cc: Denis Ovsienko <infrastation@yandex.ru> | ||
15 | Signed-off-by: Timo Teräs <timo.teras@iki.fi> | ||
16 | Signed-off-by: David Lamparter <equinox@opensourcerouting.org> | ||
17 | Signed-off-by: Joe MacDonald <joe@deserted.net> | ||
18 | --- | ||
19 | doc/ipv6.texi | 4 ++-- | ||
20 | doc/quagga.texi | 6 +++--- | ||
21 | 2 files changed, 5 insertions(+), 5 deletions(-) | ||
22 | |||
23 | diff --git a/doc/ipv6.texi b/doc/ipv6.texi | ||
24 | index b6cc437..2482c1c 100644 | ||
25 | --- a/doc/ipv6.texi | ||
26 | +++ b/doc/ipv6.texi | ||
27 | @@ -136,8 +136,8 @@ for the lowest preference possible. | ||
28 | Default: 0 | ||
29 | @end deffn | ||
30 | |||
31 | -+@deffn {Interface Command} {ipv6 nd home-agent-lifetime <0-65520>} {} | ||
32 | -+@deffnx {Interface Command} {no ipv6 nd home-agent-lifetime [<0-65520>]} {} | ||
33 | +@deffn {Interface Command} {ipv6 nd home-agent-lifetime <0-65520>} {} | ||
34 | +@deffnx {Interface Command} {no ipv6 nd home-agent-lifetime [<0-65520>]} {} | ||
35 | The value to be placed in Home Agent Option, when Home Agent config flag is set, | ||
36 | which indicates to hosts Home Agent Lifetime. The default value of 0 means to | ||
37 | place the current Router Lifetime value. | ||
38 | diff --git a/doc/quagga.texi b/doc/quagga.texi | ||
39 | index ff913aa..b4105ac 100644 | ||
40 | --- a/doc/quagga.texi | ||
41 | +++ b/doc/quagga.texi | ||
42 | @@ -1,13 +1,13 @@ | ||
43 | \input texinfo @c -*- texinfo -*- | ||
44 | +@c Set variables - sourced from defines.texi | ||
45 | +@include defines.texi | ||
46 | + | ||
47 | @c %**start of header | ||
48 | @setchapternewpage odd | ||
49 | @settitle @uref{http://www.quagga.net,,@value{PACKAGE_NAME}} | ||
50 | @setfilename quagga.info | ||
51 | @c %**end of header | ||
52 | |||
53 | -@c Set variables - sourced from defines.texi | ||
54 | -@include defines.texi | ||
55 | - | ||
56 | @c automake will automatically generate version.texi | ||
57 | @c and set EDITION, VERSION, UPDATED and UPDATED-MONTH | ||
58 | @include version.texi | ||
59 | -- | ||
60 | 1.7.10.4 | ||
61 | |||
diff --git a/meta-networking/recipes-protocols/quagga/files/0001-ospfd-CVE-2013-2236-stack-overrun-in-apiserver.patch b/meta-networking/recipes-protocols/quagga/files/0001-ospfd-CVE-2013-2236-stack-overrun-in-apiserver.patch deleted file mode 100644 index 30b05c262..000000000 --- a/meta-networking/recipes-protocols/quagga/files/0001-ospfd-CVE-2013-2236-stack-overrun-in-apiserver.patch +++ /dev/null | |||
@@ -1,106 +0,0 @@ | |||
1 | Subject: [PATCH] ospfd: CVE-2013-2236, stack overrun in apiserver | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | |||
5 | the OSPF API-server (exporting the LSDB and allowing announcement of | ||
6 | Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads | ||
7 | to an exploitable stack overflow. | ||
8 | |||
9 | For this condition to occur, the following two conditions must be true: | ||
10 | - Quagga is configured with --enable-opaque-lsa | ||
11 | - ospfd is started with the "-a" command line option | ||
12 | |||
13 | If either of these does not hold, the relevant code is not executed and | ||
14 | the issue does not get triggered. | ||
15 | |||
16 | Since the issue occurs on receiving large LSAs (larger than 1488 bytes), | ||
17 | it is possible for this to happen during normal operation of a network. | ||
18 | In particular, if there is an OSPF router with a large number of | ||
19 | interfaces, the Router-LSA of that router may exceed 1488 bytes and | ||
20 | trigger this, leading to an ospfd crash. | ||
21 | |||
22 | For an attacker to exploit this, s/he must be able to inject valid LSAs | ||
23 | into the OSPF domain. Any best-practice protection measure (using | ||
24 | crypto authentication, restricting OSPF to internal interfaces, packet | ||
25 | filtering protocol 89, etc.) will prevent exploitation. On top of that, | ||
26 | remote (not on an OSPF-speaking network segment) attackers will have | ||
27 | difficulties bringing up the adjacency needed to inject a LSA. | ||
28 | |||
29 | This patch only performs minimal changes to remove the possibility of a | ||
30 | stack overrun. The OSPF API in general is quite ugly and needs a | ||
31 | rewrite. | ||
32 | |||
33 | Reported-by: Ricky Charlet <ricky.charlet@hp.com> | ||
34 | Cc: Florian Weimer <fweimer@redhat.com> | ||
35 | Signed-off-by: David Lamparter <equinox@opensourcerouting.org> | ||
36 | --- | ||
37 | ospfd/ospf_api.c | 25 ++++++++++++++++++------- | ||
38 | 1 files changed, 18 insertions(+), 7 deletions(-) | ||
39 | |||
40 | diff --git a/ospfd/ospf_api.c b/ospfd/ospf_api.c | ||
41 | index 74a49e3..fae942e 100644 | ||
42 | --- a/ospfd/ospf_api.c | ||
43 | +++ b/ospfd/ospf_api.c | ||
44 | @@ -472,6 +472,9 @@ new_msg_register_event (u_int32_t seqnum, struct lsa_filter_type *filter) | ||
45 | emsg->filter.typemask = htons (filter->typemask); | ||
46 | emsg->filter.origin = filter->origin; | ||
47 | emsg->filter.num_areas = filter->num_areas; | ||
48 | + if (len > sizeof (buf)) | ||
49 | + len = sizeof(buf); | ||
50 | + /* API broken - missing memcpy to fill data */ | ||
51 | return msg_new (MSG_REGISTER_EVENT, emsg, seqnum, len); | ||
52 | } | ||
53 | |||
54 | @@ -488,6 +491,9 @@ new_msg_sync_lsdb (u_int32_t seqnum, struct lsa_filter_type *filter) | ||
55 | smsg->filter.typemask = htons (filter->typemask); | ||
56 | smsg->filter.origin = filter->origin; | ||
57 | smsg->filter.num_areas = filter->num_areas; | ||
58 | + if (len > sizeof (buf)) | ||
59 | + len = sizeof(buf); | ||
60 | + /* API broken - missing memcpy to fill data */ | ||
61 | return msg_new (MSG_SYNC_LSDB, smsg, seqnum, len); | ||
62 | } | ||
63 | |||
64 | @@ -501,13 +507,15 @@ new_msg_originate_request (u_int32_t seqnum, | ||
65 | int omsglen; | ||
66 | char buf[OSPF_API_MAX_MSG_SIZE]; | ||
67 | |||
68 | - omsglen = sizeof (struct msg_originate_request) - sizeof (struct lsa_header) | ||
69 | - + ntohs (data->length); | ||
70 | - | ||
71 | omsg = (struct msg_originate_request *) buf; | ||
72 | omsg->ifaddr = ifaddr; | ||
73 | omsg->area_id = area_id; | ||
74 | - memcpy (&omsg->data, data, ntohs (data->length)); | ||
75 | + | ||
76 | + omsglen = ntohs (data->length); | ||
77 | + if (omsglen > sizeof (buf) - offsetof (struct msg_originate_request, data)) | ||
78 | + omsglen = sizeof (buf) - offsetof (struct msg_originate_request, data); | ||
79 | + memcpy (&omsg->data, data, omsglen); | ||
80 | + omsglen += sizeof (struct msg_originate_request) - sizeof (struct lsa_header); | ||
81 | |||
82 | return msg_new (MSG_ORIGINATE_REQUEST, omsg, seqnum, omsglen); | ||
83 | } | ||
84 | @@ -627,13 +635,16 @@ new_msg_lsa_change_notify (u_char msgtype, | ||
85 | assert (data); | ||
86 | |||
87 | nmsg = (struct msg_lsa_change_notify *) buf; | ||
88 | - len = ntohs (data->length) + sizeof (struct msg_lsa_change_notify) | ||
89 | - - sizeof (struct lsa_header); | ||
90 | nmsg->ifaddr = ifaddr; | ||
91 | nmsg->area_id = area_id; | ||
92 | nmsg->is_self_originated = is_self_originated; | ||
93 | memset (&nmsg->pad, 0, sizeof (nmsg->pad)); | ||
94 | - memcpy (&nmsg->data, data, ntohs (data->length)); | ||
95 | + | ||
96 | + len = ntohs (data->length); | ||
97 | + if (len > sizeof (buf) - offsetof (struct msg_lsa_change_notify, data)) | ||
98 | + len = sizeof (buf) - offsetof (struct msg_lsa_change_notify, data); | ||
99 | + memcpy (&nmsg->data, data, len); | ||
100 | + len += sizeof (struct msg_lsa_change_notify) - sizeof (struct lsa_header); | ||
101 | |||
102 | return msg_new (msgtype, nmsg, seqnum, len); | ||
103 | } | ||
104 | -- | ||
105 | 1.7.5.4 | ||
106 | |||
diff --git a/meta-networking/recipes-protocols/quagga/files/build-fix-extract.pl-for-cross-compilation.patch b/meta-networking/recipes-protocols/quagga/files/build-fix-extract.pl-for-cross-compilation.patch deleted file mode 100644 index 7e5beef30..000000000 --- a/meta-networking/recipes-protocols/quagga/files/build-fix-extract.pl-for-cross-compilation.patch +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | From ed6e297972318a0070ad4d973401fbc6e0def558 Mon Sep 17 00:00:00 2001 | ||
4 | From: Serj Kalichev <serj.kalichev@gmail.com> | ||
5 | Date: Fri, 7 Sep 2012 13:29:42 +0400 | ||
6 | Subject: [PATCH] build: fix extract.pl for cross compilation | ||
7 | |||
8 | extract.pl should invoke the C preprocessor for the target system, not the | ||
9 | host. | ||
10 | |||
11 | * vtysh/extract.pl.in: use @CPP@ to get target cpp | ||
12 | --- | ||
13 | vtysh/extract.pl.in | 2 +- | ||
14 | 1 files changed, 1 insertions(+), 1 deletions(-) | ||
15 | |||
16 | diff --git a/vtysh/extract.pl.in b/vtysh/extract.pl.in | ||
17 | index 7612aff..4c3a47f 100755 | ||
18 | --- a/vtysh/extract.pl.in | ||
19 | +++ b/vtysh/extract.pl.in | ||
20 | @@ -63,7 +63,7 @@ $ignore{'"show history"'} = "ignore"; | ||
21 | foreach (@ARGV) { | ||
22 | $file = $_; | ||
23 | |||
24 | - open (FH, "cpp -DHAVE_CONFIG_H -DVTYSH_EXTRACT_PL -DHAVE_IPV6 -I@top_builddir@ -I@srcdir@/ -I@srcdir@/.. -I@top_srcdir@/lib -I@top_srcdir@/isisd/topology @SNMP_INCLUDES@ @CPPFLAGS@ $file |"); | ||
25 | + open (FH, "@CPP@ -DHAVE_CONFIG_H -DVTYSH_EXTRACT_PL -DHAVE_IPV6 -I@top_builddir@ -I@srcdir@/ -I@srcdir@/.. -I@top_srcdir@/lib -I@top_srcdir@/isisd/topology @SNMP_INCLUDES@ @CPPFLAGS@ $file |"); | ||
26 | local $/; undef $/; | ||
27 | $line = <FH>; | ||
28 | close (FH); | ||
29 | -- | ||
30 | 1.7.1 | ||
31 | |||
diff --git a/meta-networking/recipes-protocols/quagga/files/fix-for-lib-inpath.patch b/meta-networking/recipes-protocols/quagga/files/fix-for-lib-inpath.patch deleted file mode 100644 index 50f0ad502..000000000 --- a/meta-networking/recipes-protocols/quagga/files/fix-for-lib-inpath.patch +++ /dev/null | |||
@@ -1,19 +0,0 @@ | |||
1 | At first this worked, then I tried a clean build in a directory that | ||
2 | contained lib in it (oe/build/titan-glibc) and vtysh no longer | ||
3 | worked. It's test for the lib directory was excepting anything | ||
4 | containing lib. | ||
5 | |||
6 | With this patch you still cannot have lib in the path anywhere, but | ||
7 | at least things containing lib will now work. | ||
8 | |||
9 | --- quagga-0.99.2/vtysh/extract.pl.in 2005/11/16 04:12:04 1.1 | ||
10 | +++ quagga-0.99.2/vtysh/extract.pl.in 2005/11/16 04:12:16 | ||
11 | @@ -89,7 +89,7 @@ | ||
12 | $cmd =~ s/\s+$//g; | ||
13 | |||
14 | # $protocol is VTYSH_PROTO format for redirection of user input | ||
15 | - if ($file =~ /lib/) { | ||
16 | + if ($file =~ /\/lib\//) { | ||
17 | if ($file =~ /keychain.c/) { | ||
18 | $protocol = "VTYSH_RIPD"; | ||
19 | } | ||
diff --git a/meta-networking/recipes-protocols/quagga/files/lingering-IP-address-after-deletion-BZ-486.patch b/meta-networking/recipes-protocols/quagga/files/lingering-IP-address-after-deletion-BZ-486.patch deleted file mode 100644 index 42bdc20fc..000000000 --- a/meta-networking/recipes-protocols/quagga/files/lingering-IP-address-after-deletion-BZ-486.patch +++ /dev/null | |||
@@ -1,64 +0,0 @@ | |||
1 | From 7f062c217b262e362a3362c677dea6c5e820adf1 Mon Sep 17 00:00:00 2001 | ||
2 | From: David Lamparter <equinox@diac24.net> | ||
3 | Date: Mon, 1 Feb 2010 16:41:26 +0100 | ||
4 | Subject: [PATCH] zebra: lingering IP address after deletion (BZ#486) | ||
5 | |||
6 | Upstream-status: Backport | ||
7 | |||
8 | zebra address bookkeeping is a mess. this is just a workaround to have | ||
9 | IPv4 address deletion somewhat working on Linux. | ||
10 | |||
11 | the if_unset_prefix call is synchronous, when it returns success the | ||
12 | address deletion completed successfully. this is either signaled by a | ||
13 | netlink ACK or by an OK return value from ioctl(). | ||
14 | |||
15 | This version is wrapped by #ifdef HAVE_NETLINK so we don't touch the | ||
16 | BSDs for now. | ||
17 | |||
18 | * zebra/interface.c: On Linux, update zebra internal state after | ||
19 | deleting an address. | ||
20 | |||
21 | Signed-off-by: David Lamparter <equinox@opensourcerouting.org> | ||
22 | --- | ||
23 | zebra/interface.c | 21 ++++++++++++++++++--- | ||
24 | 1 file changed, 18 insertions(+), 3 deletions(-) | ||
25 | |||
26 | diff --git a/zebra/interface.c b/zebra/interface.c | ||
27 | index 2242259..3578b79 100644 | ||
28 | --- a/zebra/interface.c | ||
29 | +++ b/zebra/interface.c | ||
30 | @@ -1297,13 +1297,28 @@ ip_address_uninstall (struct vty *vty, struct interface *ifp, | ||
31 | safe_strerror(errno), VTY_NEWLINE); | ||
32 | return CMD_WARNING; | ||
33 | } | ||
34 | + /* success! call returned that the address deletion went through. | ||
35 | + * this is a synchronous operation, so we know it succeeded and can | ||
36 | + * now update all internal state. */ | ||
37 | + | ||
38 | + /* the HAVE_NETLINK check is only here because, on BSD, although the | ||
39 | + * call above is still synchronous, we get a second confirmation later | ||
40 | + * through the route socket, and we don't want to touch that behaviour | ||
41 | + * for now. It should work without the #ifdef, but why take the risk... | ||
42 | + * -- equinox 2012-07-13 */ | ||
43 | +#ifdef HAVE_NETLINK | ||
44 | + | ||
45 | + /* Remove connected route. */ | ||
46 | + connected_down_ipv4 (ifp, ifc); | ||
47 | |||
48 | -#if 0 | ||
49 | /* Redistribute this information. */ | ||
50 | zebra_interface_address_delete_update (ifp, ifc); | ||
51 | |||
52 | - /* Remove connected route. */ | ||
53 | - connected_down_ipv4 (ifp, ifc); | ||
54 | + /* IP address propery set. */ | ||
55 | + UNSET_FLAG (ifc->conf, ZEBRA_IFC_REAL); | ||
56 | + | ||
57 | + /* remove from interface, remark secondaries */ | ||
58 | + if_subnet_delete (ifp, ifc); | ||
59 | |||
60 | /* Free address information. */ | ||
61 | listnode_delete (ifp->connected, ifc); | ||
62 | -- | ||
63 | 1.7.10.4 | ||
64 | |||
diff --git a/meta-networking/recipes-protocols/quagga/files/quagga-0.99.17-libcap.patch b/meta-networking/recipes-protocols/quagga/files/quagga-0.99.17-libcap.patch deleted file mode 100644 index 9563ea2f3..000000000 --- a/meta-networking/recipes-protocols/quagga/files/quagga-0.99.17-libcap.patch +++ /dev/null | |||
@@ -1,64 +0,0 @@ | |||
1 | From 63e97633d01908da6d3776ac61e4033e6fa91e5c Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Diego=20Elio=20Petten=C3=B2?= <flameeyes@gmail.com> | ||
3 | Date: Sun, 5 Sep 2010 18:19:09 +0200 | ||
4 | Subject: [PATCH] build: fix linking position for libcap | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | * lib/Makefile.am: link libzebra to libcap, since it uses symbols | ||
10 | from there. | ||
11 | * zebra/Makefile.am: no need to link libcap here now, since it's not | ||
12 | used directly (libtool with apply transitive dependencies for | ||
13 | static linking). | ||
14 | |||
15 | Signed-off-by: Diego Elio Pettenò <flameeyes@gmail.com> | ||
16 | |||
17 | Imported from Gentoo by Paul Eggleton <paul.eggleton@linux.intel.com> | ||
18 | Upstream-Status: Pending | ||
19 | |||
20 | --- | ||
21 | lib/Makefile.am | 2 +- | ||
22 | zebra/Makefile.am | 5 ++--- | ||
23 | 2 files changed, 3 insertions(+), 4 deletions(-) | ||
24 | |||
25 | diff --git a/lib/Makefile.am b/lib/Makefile.am | ||
26 | index 315e919..6e69993 100644 | ||
27 | --- a/lib/Makefile.am | ||
28 | +++ b/lib/Makefile.am | ||
29 | @@ -18,7 +18,7 @@ BUILT_SOURCES = memtypes.h route_types.h | ||
30 | |||
31 | libzebra_la_DEPENDENCIES = @LIB_REGEX@ | ||
32 | |||
33 | -libzebra_la_LIBADD = @LIB_REGEX@ | ||
34 | +libzebra_la_LIBADD = @LIB_REGEX@ $(LIBCAP) | ||
35 | |||
36 | pkginclude_HEADERS = \ | ||
37 | buffer.h checksum.h command.h filter.h getopt.h hash.h \ | ||
38 | diff --git a/zebra/Makefile.am b/zebra/Makefile.am | ||
39 | index 542f36f..d09a209 100644 | ||
40 | --- a/zebra/Makefile.am | ||
41 | +++ b/zebra/Makefile.am | ||
42 | @@ -5,7 +5,6 @@ DEFS = @DEFS@ -DSYSCONFDIR=\"$(sysconfdir)/\" -DMULTIPATH_NUM=@MULTIPATH_NUM@ | ||
43 | INSTALL_SDATA=@INSTALL@ -m 600 | ||
44 | |||
45 | LIB_IPV6 = @LIB_IPV6@ | ||
46 | -LIBCAP = @LIBCAP@ | ||
47 | |||
48 | ipforward = @IPFORWARD@ | ||
49 | if_method = @IF_METHOD@ | ||
50 | @@ -39,9 +38,9 @@ noinst_HEADERS = \ | ||
51 | connected.h ioctl.h rib.h rt.h zserv.h redistribute.h debug.h rtadv.h \ | ||
52 | interface.h ipforward.h irdp.h router-id.h kernel_socket.h | ||
53 | |||
54 | -zebra_LDADD = $(otherobj) $(LIBCAP) $(LIB_IPV6) ../lib/libzebra.la | ||
55 | +zebra_LDADD = $(otherobj) ../lib/libzebra.la $(LIB_IPV6) | ||
56 | |||
57 | -testzebra_LDADD = $(LIBCAP) $(LIB_IPV6) ../lib/libzebra.la | ||
58 | +testzebra_LDADD = ../lib/libzebra.la $(LIB_IPV6) | ||
59 | |||
60 | zebra_DEPENDENCIES = $(otherobj) | ||
61 | |||
62 | -- | ||
63 | 1.7.2.2 | ||
64 | |||
diff --git a/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch b/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch deleted file mode 100644 index fde9e0ca8..000000000 --- a/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch +++ /dev/null | |||
@@ -1,29 +0,0 @@ | |||
1 | |||
2 | From 8794e8d229dc9fe29ea31424883433d4880ef408 | ||
3 | From: Paul Jakma <paul@quagga.net> | ||
4 | Date: Mon, 13 Feb 2012 13:53:07 +0000 | ||
5 | Subject: bgpd: Fix regression in args consolidation, total should be inited from args | ||
6 | |||
7 | bgpd: Fix regression in args consolidation, total should be inited from args | ||
8 | |||
9 | * bgp_attr.c: (bgp_attr_unknown) total should be initialised from the args. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | |||
13 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
14 | --- | ||
15 | |||
16 | diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c | ||
17 | index 65af824..839f64d 100644 | ||
18 | --- a/bgpd/bgp_attr.c | ||
19 | +++ b/bgpd/bgp_attr.c | ||
20 | |||
21 | @@ -1646,7 +1646,7 @@ | ||
22 | static bgp_attr_parse_ret_t | ||
23 | bgp_attr_unknown (struct bgp_attr_parser_args *args) | ||
24 | { | ||
25 | - bgp_size_t total; | ||
26 | + bgp_size_t total = args->total; | ||
27 | struct transit *transit; | ||
28 | struct attr_extra *attre; | ||
29 | struct peer *const peer = args->peer; | ||
diff --git a/meta-networking/recipes-protocols/quagga/files/work-with-new-readline.patch b/meta-networking/recipes-protocols/quagga/files/work-with-new-readline.patch deleted file mode 100644 index 2bd333a70..000000000 --- a/meta-networking/recipes-protocols/quagga/files/work-with-new-readline.patch +++ /dev/null | |||
@@ -1,34 +0,0 @@ | |||
1 | From 66df315d2a270a254c613a4d2e72c0ea47f15a71 Mon Sep 17 00:00:00 2001 | ||
2 | From: Robert Yang <liezhi.yang@windriver.com> | ||
3 | Date: Thu, 27 Mar 2014 09:35:29 +0000 | ||
4 | Subject: [PATCH] vtysh/vtysh.c: works with new readline | ||
5 | |||
6 | The Function and CPPFunction had been removed by in readline 6.3, use | ||
7 | the new functions to replace them. | ||
8 | |||
9 | Upstream-Status: Pending | ||
10 | |||
11 | Signed-off-by: Robert Yang <liezhi.yang@windriver.com> | ||
12 | --- | ||
13 | vtysh/vtysh.c | 4 ++-- | ||
14 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
15 | |||
16 | diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c | ||
17 | index 431c08e..fdd82fb 100644 | ||
18 | --- a/vtysh/vtysh.c | ||
19 | +++ b/vtysh/vtysh.c | ||
20 | @@ -2212,9 +2212,9 @@ void | ||
21 | vtysh_readline_init (void) | ||
22 | { | ||
23 | /* readline related settings. */ | ||
24 | - rl_bind_key ('?', (Function *) vtysh_rl_describe); | ||
25 | + rl_bind_key ('?', (rl_command_func_t *) vtysh_rl_describe); | ||
26 | rl_completion_entry_function = vtysh_completion_entry_function; | ||
27 | - rl_attempted_completion_function = (CPPFunction *)new_completion; | ||
28 | + rl_attempted_completion_function = (rl_completion_func_t *)new_completion; | ||
29 | /* do not append space after completion. It will be appended | ||
30 | * in new_completion() function explicitly. */ | ||
31 | rl_completion_append_character = '\0'; | ||
32 | -- | ||
33 | 1.8.3.4 | ||
34 | |||
diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc b/meta-networking/recipes-protocols/quagga/quagga.inc index 5ab43b300..7d4211a99 100644 --- a/meta-networking/recipes-protocols/quagga/quagga.inc +++ b/meta-networking/recipes-protocols/quagga/quagga.inc | |||
@@ -12,10 +12,8 @@ DEPENDS = "readline ncurses perl-native" | |||
12 | DEPENDS += "${@base_contains('DISTRO_FEATURES', 'snmp', 'net-snmp', '', d)}" | 12 | DEPENDS += "${@base_contains('DISTRO_FEATURES', 'snmp', 'net-snmp', '', d)}" |
13 | SNMP_CONF="${@base_contains('DISTRO_FEATURES', 'snmp', '--enable-snmp', '', d)}" | 13 | SNMP_CONF="${@base_contains('DISTRO_FEATURES', 'snmp', '--enable-snmp', '', d)}" |
14 | 14 | ||
15 | LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b \ | 15 | LIC_FILES_CHKSUM = "file://COPYING;md5=81bcece21748c91ba9992349a91ec11d \ |
16 | file://COPYING.LIB;md5=f30a9716ef3762e3467a2f62bf790f0a" | 16 | file://COPYING.LIB;md5=01ef24401ded36cd8e5d18bfe947240c" |
17 | |||
18 | INC_PR = "r2" | ||
19 | 17 | ||
20 | # the "ip" command from busybox is not sufficient (flush by protocol flushes all routes) | 18 | # the "ip" command from busybox is not sufficient (flush by protocol flushes all routes) |
21 | RDEPENDS_${PN} += "iproute2" | 19 | RDEPENDS_${PN} += "iproute2" |
@@ -23,10 +21,7 @@ RDEPENDS_${PN} += "iproute2" | |||
23 | QUAGGASUBDIR = "" | 21 | QUAGGASUBDIR = "" |
24 | # ${QUAGGASUBDIR} is deal with old versions. Set to "/attic" for old | 22 | # ${QUAGGASUBDIR} is deal with old versions. Set to "/attic" for old |
25 | # versions and leave it empty for recent versions. | 23 | # versions and leave it empty for recent versions. |
26 | SRC_URI = "${SAVANNAH_GNU_MIRROR}/quagga${QUAGGASUBDIR}/quagga-${PV}.tar.gz;name=quagga-${PV} \ | 24 | SRC_URI = "${SAVANNAH_GNU_MIRROR}/quagga${QUAGGASUBDIR}/quagga-${PV}.tar.gz; \ |
27 | file://fix-for-lib-inpath.patch \ | ||
28 | file://quagga-0.99.17-libcap.patch \ | ||
29 | file://quagga-fix-CVE-2013-6051.patch \ | ||
30 | file://Zebra-sync-zebra-routing-table-with-the-kernel-one.patch \ | 25 | file://Zebra-sync-zebra-routing-table-with-the-kernel-one.patch \ |
31 | file://quagga.init \ | 26 | file://quagga.init \ |
32 | file://quagga.default \ | 27 | file://quagga.default \ |
@@ -36,8 +31,6 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/quagga${QUAGGASUBDIR}/quagga-${PV}.tar.gz;name | |||
36 | file://quagga.pam \ | 31 | file://quagga.pam \ |
37 | file://ripd-fix-two-bugs-after-received-SIGHUP.patch \ | 32 | file://ripd-fix-two-bugs-after-received-SIGHUP.patch \ |
38 | file://quagga-Avoid-duplicate-connected-address.patch \ | 33 | file://quagga-Avoid-duplicate-connected-address.patch \ |
39 | file://0001-bgpd-CVE-2012-1820-DoS-in-bgp_capability_orf.patch \ | ||
40 | file://0001-bgpd-relax-ORF-capability-length-handling.patch \ | ||
41 | " | 34 | " |
42 | 35 | ||
43 | PACKAGECONFIG ??= "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" | 36 | PACKAGECONFIG ??= "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" |
diff --git a/meta-networking/recipes-protocols/quagga/quagga_0.99.21.bb b/meta-networking/recipes-protocols/quagga/quagga_0.99.21.bb deleted file mode 100644 index 596d70339..000000000 --- a/meta-networking/recipes-protocols/quagga/quagga_0.99.21.bb +++ /dev/null | |||
@@ -1,16 +0,0 @@ | |||
1 | require quagga.inc | ||
2 | |||
3 | PR = "${INC_PR}.0" | ||
4 | |||
5 | SRC_URI += "file://0001-doc-fix-makeinfo-errors-and-one-warning.patch \ | ||
6 | file://lingering-IP-address-after-deletion-BZ-486.patch \ | ||
7 | file://build-fix-extract.pl-for-cross-compilation.patch \ | ||
8 | file://babel-close-the-stdout-stderr-as-in-other-daemons.patch \ | ||
9 | file://work-with-new-readline.patch \ | ||
10 | file://0001-ospfd-CVE-2013-2236-stack-overrun-in-apiserver.patch \ | ||
11 | " | ||
12 | |||
13 | SRC_URI[quagga-0.99.21.md5sum] = "99840adbe57047c90dfba6b6ed9aec7f" | ||
14 | SRC_URI[quagga-0.99.21.sha256sum] = "9b8aea9026b4771a28e254a66cbd854723bcd0d71eebd0201d11838d4eb392ee" | ||
15 | |||
16 | QUAGGASUBDIR = "" | ||
diff --git a/meta-networking/recipes-protocols/quagga/quagga_0.99.23.bb b/meta-networking/recipes-protocols/quagga/quagga_0.99.23.bb new file mode 100644 index 000000000..a56767e51 --- /dev/null +++ b/meta-networking/recipes-protocols/quagga/quagga_0.99.23.bb | |||
@@ -0,0 +1,9 @@ | |||
1 | require quagga.inc | ||
2 | |||
3 | SRC_URI += "file://babel-close-the-stdout-stderr-as-in-other-daemons.patch \ | ||
4 | " | ||
5 | |||
6 | SRC_URI[md5sum] = "d17145e62b6ea14f0f13bb63f59e5166" | ||
7 | SRC_URI[sha256sum] = "2c7798204f35dc7acea9f206647e8aa3957cae3b21733cdff413b506481a101c" | ||
8 | |||
9 | QUAGGASUBDIR = "" | ||