aboutsummaryrefslogtreecommitdiffstats
path: root/main/quagga
diff options
context:
space:
mode:
Diffstat (limited to 'main/quagga')
-rw-r--r--main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch28
-rw-r--r--main/quagga/APKBUILD26
2 files changed, 47 insertions, 7 deletions
diff --git a/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch b/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch
new file mode 100644
index 00000000000..79ecaebfb3d
--- /dev/null
+++ b/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch
@@ -0,0 +1,28 @@
+From fc6fefacad2a82f1d0470ba73015e117076b6116 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Sun, 19 Jul 2020 18:07:31 +0300
+Subject: [PATCH] nhrpd: change ipsec SA count to 32-bit
+
+Under certain misconfigurations, the SA count can be unusually high
+and wrap 8-bit counter. That leads to premature free, and crash.
+Make the count 32-bit to avoid crash in these rare conditions.
+---
+ nhrpd/nhrpd.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/nhrpd/nhrpd.h b/nhrpd/nhrpd.h
+index 9222ad4e..7c73717f 100644
+--- a/nhrpd/nhrpd.h
++++ b/nhrpd/nhrpd.h
+@@ -123,7 +123,7 @@ enum nhrp_notify_type {
+
+ struct nhrp_vc {
+ struct notifier_list notifier_list;
+- uint8_t ipsec;
++ uint32_t ipsec;
+ uint8_t updating;
+ uint8_t abort_migration;
+
+--
+2.27.0
+
diff --git a/main/quagga/APKBUILD b/main/quagga/APKBUILD
index 381b8fb3074..918febefd0f 100644
--- a/main/quagga/APKBUILD
+++ b/main/quagga/APKBUILD
@@ -1,21 +1,23 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=quagga
pkgver=1.2.4
-pkgrel=3
+pkgrel=9
pkgdesc="A free routing daemon replacing Zebra supporting RIP, OSPF, BGP and NHRP"
-url="http://quagga.net/"
+url="https://www.nongnu.org/quagga/"
arch="all"
license="GPL-2.0-or-later"
+options="!check" # no testsuite
depends="iproute2"
replaces="quagga-nhrp"
provides="quagga-nhrp=$pkgver"
makedepends="linux-headers readline-dev ncurses-dev c-ares-dev net-snmp-dev
gawk texinfo perl"
install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
-subpackages="$pkgname-dev $pkgname-doc $pkgname-dbg"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-dbg $pkgname-openrc"
pkgusers="quagga"
pkggroups="quagga"
-source="https://download.savannah.gnu.org/releases/quagga/quagga-$pkgver.tar.gz
+source="https://github.com/Quagga/quagga/releases/download/quagga-$pkgver/quagga-$pkgver.tar.gz
+ 0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch
1001-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch
dont-hook-core-signals.patch
@@ -28,6 +30,10 @@ source="https://download.savannah.gnu.org/releases/quagga/quagga-$pkgver.tar.gz
# 1.1.1-r0:
# - CVE-2017-5495
+prepare() {
+ default_prepare
+ update_config_sub
+}
build() {
quagga_cv_ipforward_method=proc \
@@ -50,7 +56,9 @@ build() {
--localstatedir=/var/run/quagga
# add CFLAGS to work around textrel issue
- make CFLAGS+="-fPIC"
+ # adding -fcommon as a workaround for multiple __packed definition
+ # same as in Gentoo
+ make CFLAGS="$CFLAGS -fcommon -fPIC"
}
package() {
@@ -66,9 +74,13 @@ package() {
install -Dm644 "$srcdir/zebra.confd" "$pkgdir"/etc/conf.d/zebra
install -o quagga -g quagga -d -m755 "$pkgdir"/etc/quagga
}
-sha512sums="3e72440bcccfd3c1a449a62b7ff8623441256399a2bee0a39fa0a19694a5a78ac909c5c2128a24735bc034ea8b0811827293b480a2584a3a4c8ae36be9cf1fcd quagga-1.2.4.tar.gz
+
+sha512sums="
+3e72440bcccfd3c1a449a62b7ff8623441256399a2bee0a39fa0a19694a5a78ac909c5c2128a24735bc034ea8b0811827293b480a2584a3a4c8ae36be9cf1fcd quagga-1.2.4.tar.gz
+264103030fa8d57e7e7bd8a271b258dd8bae86242e15431060e20827b62de46be6f59617c216161aa7bc141c9e18a5aecbdb342545288340024c40f46c717aa4 0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch
dfa33341119fe51caa7bc33b44256f57361f2e3f8192862cca215b312ceb68e6a8c264dbf2a43d6244e6152bfad110cb0fdbefb065d95dd50389cf613d9720b3 1001-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch
5ef5c5e6d70d991b33b13a062e25b6fbde395dceee36aea29384b0640a48d2957ed5f50d416a1f2f770bf69bae2340133e35b1114be7e1fa722eb6d3d021f37a dont-hook-core-signals.patch
13b5b57e10df013bd2d931abc49bf76b8c4dee59dbceab22c9f151ccb988b2c5f7167f2909027d5e0f990b59da8de115667b02484aee9a67d347625700f6cacd bgpd.initd
7099135b6e20ad81322e7ec5ec4f0734c0ace60a69c282ad458b9700e39258831ecf29d5eaba0cd0f44bf17004283f17a80c0c1d90e8f407ababe89a75e60850 zebra.initd
-900972c6f98e561dfacf384111251db262326e8764b8c763a5ef639fa11c7949c03eef5e3bce324a4b1964fe45416d2db74ae1b6bc967f7d4ba48c2eeda017c4 zebra.confd"
+900972c6f98e561dfacf384111251db262326e8764b8c763a5ef639fa11c7949c03eef5e3bce324a4b1964fe45416d2db74ae1b6bc967f7d4ba48c2eeda017c4 zebra.confd
+"
generated by cgit v1.2.3 (git 2.41.0) at 2024-04-24 03:37:25 +0000