[arch-commits] Commit in quagga/trunk (3 files)
Sébastien Luttringer
seblu at nymeria.archlinux.org
Sat Feb 23 20:56:19 UTC 2013
Date: Saturday, February 23, 2013 @ 21:56:19
Author: seblu
Revision: 84731
upgpkg: quagga 0.99.22-1
Modified:
quagga/trunk/PKGBUILD
Deleted:
quagga/trunk/0001-isisd-fix-typo-in-topology-generator-BZ-731.patch
quagga/trunk/0002-CVE-2012-1820.patch
--------------------------------------------------------+
0001-isisd-fix-typo-in-topology-generator-BZ-731.patch | 30 ------
0002-CVE-2012-1820.patch | 74 ---------------
PKGBUILD | 14 +-
3 files changed, 5 insertions(+), 113 deletions(-)
Deleted: 0001-isisd-fix-typo-in-topology-generator-BZ-731.patch
===================================================================
--- 0001-isisd-fix-typo-in-topology-generator-BZ-731.patch 2013-02-23 20:47:41 UTC (rev 84730)
+++ 0001-isisd-fix-typo-in-topology-generator-BZ-731.patch 2013-02-23 20:56:19 UTC (rev 84731)
@@ -1,30 +0,0 @@
-From a47c5838e9f445ab887ad927706b11ccbb181364 Mon Sep 17 00:00:00 2001
-From: David Lamparter <equinox at opensourcerouting.org>
-Date: Thu, 21 Jun 2012 09:55:38 +0200
-Subject: [PATCH] isisd: fix typo in topology generator (BZ#731)
-
-There was a "lsp->" missing before "level" in line 2416.
-(introduced by git commit e38e0df)
-
-Reported-by: Seblu <seblu at seblu.net>
-Signed-off-by: David Lamparter <equinox at opensourcerouting.org>
----
- isisd/isis_lsp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/isisd/isis_lsp.c b/isisd/isis_lsp.c
-index 5c1e993..082e9dc 100644
---- a/isisd/isis_lsp.c
-+++ b/isisd/isis_lsp.c
-@@ -2413,7 +2413,7 @@ top_lsp_refresh (struct thread *thread)
- isis_dynhn_insert (lsp->lsp_header->lsp_id, lsp->tlv_data.hostname,
- IS_LEVEL_1);
-
-- lsp->lsp_header->lsp_bits = lsp_bits_generate (level,
-+ lsp->lsp_header->lsp_bits = lsp_bits_generate (lsp->level,
- lsp->area->overload_bit);
- rem_lifetime = lsp_rem_lifetime (lsp->area, IS_LEVEL_1);
- lsp->lsp_header->rem_lifetime = htons (rem_lifetime);
---
-1.7.11
-
Deleted: 0002-CVE-2012-1820.patch
===================================================================
--- 0002-CVE-2012-1820.patch 2013-02-23 20:47:41 UTC (rev 84730)
+++ 0002-CVE-2012-1820.patch 2013-02-23 20:56:19 UTC (rev 84731)
@@ -1,74 +0,0 @@
-@@ -, +, @@
- bgpd: CVE-2012-1820, DoS in bgp_capability_orf()
-
- An ORF (code 3) capability TLV is defined to contain exactly one
- AFI/SAFI block. Function bgp_capability_orf(), which parses ORF
- capability TLV, uses do-while cycle to call its helper function
- bgp_capability_orf_entry(), which actually processes the AFI/SAFI data
- block. The call is made at least once and repeated as long as the input
- buffer has enough data for the next call.
-
- The helper function, bgp_capability_orf_entry(), uses "Number of ORFs"
- field of the provided AFI/SAFI block to verify, if it fits the input
- buffer. However, the check is made based on the total length of the ORF
- TLV regardless of the data already consumed by the previous helper
- function call(s). This way, the check condition is only valid for the
- first AFI/SAFI block inside an ORF capability TLV.
-
- For the subsequent calls of the helper function, if any are made, the
- check condition may erroneously tell, that the current "Number of ORFs"
- field fits the buffer boundary, where in fact it does not. This makes it
- possible to trigger an assertion by feeding an OPEN message with a
- specially-crafted malformed ORF capability TLV.
-
- This commit fixes the vulnerability by making the implementation follow
- the spec.
---- a/bgpd/bgp_open.c
-+++ a/bgpd/bgp_open.c
-@@ -231,7 +231,7 @@ bgp_capability_orf_entry (struct peer *peer, struct capability_header *hdr)
- }
-
- /* validate number field */
-- if (sizeof (struct capability_orf_entry) + (entry.num * 2) > hdr->length)
-+ if (sizeof (struct capability_orf_entry) + (entry.num * 2) != hdr->length)
- {
- zlog_info ("%s ORF Capability entry length error,"
- " Cap length %u, num %u",
-@@ -335,28 +335,6 @@ bgp_capability_orf_entry (struct peer *peer, struct capability_header *hdr)
- }
-
- static int
--bgp_capability_orf (struct peer *peer, struct capability_header *hdr)
--{
-- struct stream *s = BGP_INPUT (peer);
-- size_t end = stream_get_getp (s) + hdr->length;
--
-- assert (stream_get_getp(s) + sizeof(struct capability_orf_entry) <= end);
--
-- /* We must have at least one ORF entry, as the caller has already done
-- * minimum length validation for the capability code - for ORF there must
-- * at least one ORF entry (header and unknown number of pairs of bytes).
-- */
-- do
-- {
-- if (bgp_capability_orf_entry (peer, hdr) == -1)
-- return -1;
-- }
-- while (stream_get_getp(s) + sizeof(struct capability_orf_entry) < end);
--
-- return 0;
--}
--
--static int
- bgp_capability_restart (struct peer *peer, struct capability_header *caphdr)
- {
- struct stream *s = BGP_INPUT (peer);
-@@ -573,7 +551,7 @@ bgp_capability_parse (struct peer *peer, size_t length, int *mp_capability,
- break;
- case CAPABILITY_CODE_ORF:
- case CAPABILITY_CODE_ORF_OLD:
-- if (bgp_capability_orf (peer, &caphdr))
-+ if (bgp_capability_orf_entry (peer, &caphdr))
- return -1;
- break;
- case CAPABILITY_CODE_RESTART:
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2013-02-23 20:47:41 UTC (rev 84730)
+++ PKGBUILD 2013-02-23 20:56:19 UTC (rev 84731)
@@ -2,8 +2,8 @@
# Maintainer: Sébastien Luttringer
pkgname=quagga
-pkgver=0.99.21
-pkgrel=3
+pkgver=0.99.22
+pkgrel=1
pkgdesc='BGP/OSPF/ISIS/RIP/RIPNG routing daemon suite'
arch=('i686' 'x86_64')
url='http://www.quagga.net'
@@ -19,10 +19,8 @@
'ospfd.service'
'ripd.service'
'ripngd.service'
- 'zebra.service'
- '0001-isisd-fix-typo-in-topology-generator-BZ-731.patch'
- '0002-CVE-2012-1820.patch')
-md5sums=('99840adbe57047c90dfba6b6ed9aec7f'
+ 'zebra.service')
+md5sums=('3057bf3a91116a1017dd0df7e5e8ef93'
'45d8bf56a426b0e7ebe429547be8a27a'
'ab31ed8dafd7a92137f4f00ad0937b4f'
'4c05d0105cd0db23a2583bd75a1bde4d'
@@ -30,9 +28,7 @@
'c5f8a729685cebf8fc5b1a1552d37b6d'
'e721b334bb0b31983642b307033c63d0'
'effeb26ff78ffcafe7808596ddc5d3fc'
- 'f0c0b99346b2c373a74158e45f04cf91'
- 'c80174f7bdd32cd84550d52451e8f495'
- '44f39016d81f3b13b2744f7dcd93289d')
+ 'f0c0b99346b2c373a74158e45f04cf91')
build() {
cd $pkgname-$pkgver
More information about the arch-commits
mailing list