diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2017-11-23 10:21:55 +0100 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-11-23 10:27:23 +0100 |
commit | 6e3ecd37f497c0cfbe5ce695900164b2b2d5c1c7 (patch) | |
tree | 53fe1bea02aef78bff9d4eccf4e07bcce1e98d7b | |
parent | 034e674e49645d85932b71a01caec44bbcce3bc2 (diff) |
main/quagga: fix CVE-2017-16227
fixes #8086
-rw-r--r-- | main/quagga/APKBUILD | 9 | ||||
-rw-r--r-- | main/quagga/CVE-2017-16227.patch | 31 |
2 files changed, 39 insertions, 1 deletions
diff --git a/main/quagga/APKBUILD b/main/quagga/APKBUILD index 47c6c62577d..5f61dd3c0c2 100644 --- a/main/quagga/APKBUILD +++ b/main/quagga/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=quagga pkgver=0.99.24.1 -pkgrel=5 +pkgrel=6 pkgdesc="A free routing daemon replacing Zebra supporting RIP, OSPF and BGP." url="http://quagga.net/" arch="all" @@ -18,11 +18,15 @@ source="http://download.savannah.gnu.org/releases/quagga/quagga-$pkgver.tar.xz bgpd-fix-useless-call-in-bgp_mplsvpn.patch CVE-2016-2342.patch CVE-2016-1245.patch + CVE-2017-16227.patch bgpd.initd zebra.initd zebra.confd " +# secfixes: +# 0.99.24.1-r6: +# - CVE-2017-16227 _builddir="$srcdir"/$pkgname-$pkgver prepare() { @@ -80,6 +84,7 @@ md5sums="b168db69435100ee04564c4fb39c7413 quagga-0.99.24.1.tar.xz 92a293e339a971dbee61a7e3532fc07f bgpd-fix-useless-call-in-bgp_mplsvpn.patch 9599aae2fc46e171d6cd1e0ad65bb0b8 CVE-2016-2342.patch fb9d9358fecc61ad74a6ff4b033b8697 CVE-2016-1245.patch +e090eaee979456655099647d09625fc5 CVE-2017-16227.patch 09a77e2e84e71c43f5a449738c026261 bgpd.initd 916f1dd1a286ee7b862cda4fe56cbf21 zebra.initd 34e06a1d2bc602ce691abc9ed169dd15 zebra.confd" @@ -89,6 +94,7 @@ d8d65cc092cf7644b059d4c1b789b223482b0f50ba2cc891da4d71fe083f8cc0 bgpd-route-sel e05f1fbec4f495fb257fb11bda4d1a7ceba008f4af4ff40f9093571f65ab6fe2 bgpd-fix-useless-call-in-bgp_mplsvpn.patch 4658d69b1e96d741aff29af72b93440b75fbff280d435614d991667f3cd32bdf CVE-2016-2342.patch 226167b88b1ee40b2bc765f7efd9c073de27ab5f534d365a192980406155a7ff CVE-2016-1245.patch +6fa3066acd1fa938321ea4375355a756d70b942397dc3713aea4b1668e8e4bd6 CVE-2017-16227.patch aab037454c6a70cd5cb45e14c47b7dfea358f8d81c7d12418edcf7e58a86c679 bgpd.initd c1d7526581927e990e687cbd5d08447eb060f76a439475572785b5b90c60c460 zebra.initd f7a52d383f60270a5a8fee5d4ac522c5c0ec2b7c4b5252cff54e260f32d9b323 zebra.confd" @@ -98,6 +104,7 @@ sha512sums="71c340ce0f4e52c69892d8fed82d30956161b09b029fb0a82ba774664aa2303b4930 ee50d0ad93f3322ffa5842261359bb46cd7d3e609c44ea2dce86ecee03d0b862dac4b18dc70f116481acab6ca9e66a94cc8b22a8efb67df74ad38eab08592c76 bgpd-fix-useless-call-in-bgp_mplsvpn.patch 2cd301e9d63c1f006e8b136b6a781692f50d9a63315b58453096125bbdbd81bdb0e092549e6a496ba2451e7ab44f686faeec4b6eab6ad909c91ace95cbe8eee0 CVE-2016-2342.patch 30db89839427ca03b24d80b832e270c648f1e6fba5612b1d2ba1b5e3b63dca5443f28ba00984854ecc2008c0882d18786454edbc17fc877b5dbb5dd81307caa4 CVE-2016-1245.patch +3404f74622f80fb4269a8bbda9e4ebdff2211a0a4aabb10d317b4e97e24d14961bd3cfe12e0cf3abf812185f4fbab06194ab90e1b6a0b376fc78461f77e6e9e0 CVE-2017-16227.patch 13b5b57e10df013bd2d931abc49bf76b8c4dee59dbceab22c9f151ccb988b2c5f7167f2909027d5e0f990b59da8de115667b02484aee9a67d347625700f6cacd bgpd.initd 1638a4a64ffd066b1884f7e5a4243edab68739aabd83bd35ea8c9608af7b8623eece1d59fb08feead84e4386b6d1da4220764ccf5fd7f2a9959a8470d5cce86a zebra.initd 900972c6f98e561dfacf384111251db262326e8764b8c763a5ef639fa11c7949c03eef5e3bce324a4b1964fe45416d2db74ae1b6bc967f7d4ba48c2eeda017c4 zebra.confd" diff --git a/main/quagga/CVE-2017-16227.patch b/main/quagga/CVE-2017-16227.patch new file mode 100644 index 00000000000..17a7c7e0f6f --- /dev/null +++ b/main/quagga/CVE-2017-16227.patch @@ -0,0 +1,31 @@ +From 7a42b78be9a4108d98833069a88e6fddb9285008 Mon Sep 17 00:00:00 2001 +From: Andreas Jaggi <aj@open.ch> +Date: Mon, 2 Oct 2017 19:38:43 +0530 +Subject: bgpd: Fix AS_PATH size calculation for long paths + +If you have an AS_PATH with more entries than +what can be written into a single AS_SEGMENT_MAX +it needs to be broken up. The code that noticed +that the AS_PATH needs to be broken up was not +correctly calculating the size of the resulting +message. This patch addresses this issue. +--- + bgpd/bgp_aspath.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bgpd/bgp_aspath.c b/bgpd/bgp_aspath.c +index b7af5e8..d813bfb 100644 +--- a/bgpd/bgp_aspath.c ++++ b/bgpd/bgp_aspath.c +@@ -903,7 +903,7 @@ aspath_put (struct stream *s, struct aspath *as, int use32bit ) + assegment_header_put (s, seg->type, AS_SEGMENT_MAX); + assegment_data_put (s, seg->as, AS_SEGMENT_MAX, use32bit); + written += AS_SEGMENT_MAX; +- bytes += ASSEGMENT_SIZE (written, use32bit); ++ bytes += ASSEGMENT_SIZE (AS_SEGMENT_MAX, use32bit); + } + + /* write the final segment, probably is also the first */ +-- +cgit v1.0-41-gc330 + |