diff options
Diffstat (limited to 'main/quagga')
-rw-r--r-- | main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch | 28 | ||||
-rw-r--r-- | main/quagga/APKBUILD | 26 |
2 files changed, 47 insertions, 7 deletions
diff --git a/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch b/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch new file mode 100644 index 00000000000..79ecaebfb3d --- /dev/null +++ b/main/quagga/0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch @@ -0,0 +1,28 @@ +From fc6fefacad2a82f1d0470ba73015e117076b6116 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Sun, 19 Jul 2020 18:07:31 +0300 +Subject: [PATCH] nhrpd: change ipsec SA count to 32-bit + +Under certain misconfigurations, the SA count can be unusually high +and wrap 8-bit counter. That leads to premature free, and crash. +Make the count 32-bit to avoid crash in these rare conditions. +--- + nhrpd/nhrpd.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/nhrpd/nhrpd.h b/nhrpd/nhrpd.h +index 9222ad4e..7c73717f 100644 +--- a/nhrpd/nhrpd.h ++++ b/nhrpd/nhrpd.h +@@ -123,7 +123,7 @@ enum nhrp_notify_type { + + struct nhrp_vc { + struct notifier_list notifier_list; +- uint8_t ipsec; ++ uint32_t ipsec; + uint8_t updating; + uint8_t abort_migration; + +-- +2.27.0 + diff --git a/main/quagga/APKBUILD b/main/quagga/APKBUILD index 381b8fb3074..918febefd0f 100644 --- a/main/quagga/APKBUILD +++ b/main/quagga/APKBUILD @@ -1,21 +1,23 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=quagga pkgver=1.2.4 -pkgrel=3 +pkgrel=9 pkgdesc="A free routing daemon replacing Zebra supporting RIP, OSPF, BGP and NHRP" -url="http://quagga.net/" +url="https://www.nongnu.org/quagga/" arch="all" license="GPL-2.0-or-later" +options="!check" # no testsuite depends="iproute2" replaces="quagga-nhrp" provides="quagga-nhrp=$pkgver" makedepends="linux-headers readline-dev ncurses-dev c-ares-dev net-snmp-dev gawk texinfo perl" install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade" -subpackages="$pkgname-dev $pkgname-doc $pkgname-dbg" +subpackages="$pkgname-dev $pkgname-doc $pkgname-dbg $pkgname-openrc" pkgusers="quagga" pkggroups="quagga" -source="https://download.savannah.gnu.org/releases/quagga/quagga-$pkgver.tar.gz +source="https://github.com/Quagga/quagga/releases/download/quagga-$pkgver/quagga-$pkgver.tar.gz + 0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch 1001-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch dont-hook-core-signals.patch @@ -28,6 +30,10 @@ source="https://download.savannah.gnu.org/releases/quagga/quagga-$pkgver.tar.gz # 1.1.1-r0: # - CVE-2017-5495 +prepare() { + default_prepare + update_config_sub +} build() { quagga_cv_ipforward_method=proc \ @@ -50,7 +56,9 @@ build() { --localstatedir=/var/run/quagga # add CFLAGS to work around textrel issue - make CFLAGS+="-fPIC" + # adding -fcommon as a workaround for multiple __packed definition + # same as in Gentoo + make CFLAGS="$CFLAGS -fcommon -fPIC" } package() { @@ -66,9 +74,13 @@ package() { install -Dm644 "$srcdir/zebra.confd" "$pkgdir"/etc/conf.d/zebra install -o quagga -g quagga -d -m755 "$pkgdir"/etc/quagga } -sha512sums="3e72440bcccfd3c1a449a62b7ff8623441256399a2bee0a39fa0a19694a5a78ac909c5c2128a24735bc034ea8b0811827293b480a2584a3a4c8ae36be9cf1fcd quagga-1.2.4.tar.gz + +sha512sums=" +3e72440bcccfd3c1a449a62b7ff8623441256399a2bee0a39fa0a19694a5a78ac909c5c2128a24735bc034ea8b0811827293b480a2584a3a4c8ae36be9cf1fcd quagga-1.2.4.tar.gz +264103030fa8d57e7e7bd8a271b258dd8bae86242e15431060e20827b62de46be6f59617c216161aa7bc141c9e18a5aecbdb342545288340024c40f46c717aa4 0001-nhrpd-change-ipsec-SA-count-to-32-bit.patch dfa33341119fe51caa7bc33b44256f57361f2e3f8192862cca215b312ceb68e6a8c264dbf2a43d6244e6152bfad110cb0fdbefb065d95dd50389cf613d9720b3 1001-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch 5ef5c5e6d70d991b33b13a062e25b6fbde395dceee36aea29384b0640a48d2957ed5f50d416a1f2f770bf69bae2340133e35b1114be7e1fa722eb6d3d021f37a dont-hook-core-signals.patch 13b5b57e10df013bd2d931abc49bf76b8c4dee59dbceab22c9f151ccb988b2c5f7167f2909027d5e0f990b59da8de115667b02484aee9a67d347625700f6cacd bgpd.initd 7099135b6e20ad81322e7ec5ec4f0734c0ace60a69c282ad458b9700e39258831ecf29d5eaba0cd0f44bf17004283f17a80c0c1d90e8f407ababe89a75e60850 zebra.initd -900972c6f98e561dfacf384111251db262326e8764b8c763a5ef639fa11c7949c03eef5e3bce324a4b1964fe45416d2db74ae1b6bc967f7d4ba48c2eeda017c4 zebra.confd" +900972c6f98e561dfacf384111251db262326e8764b8c763a5ef639fa11c7949c03eef5e3bce324a4b1964fe45416d2db74ae1b6bc967f7d4ba48c2eeda017c4 zebra.confd +" |