rpms/quagga
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to 0.99.24.1

Browse Source
This commit is contained in:
Michal Sekletar 2015-06-29 14:40:34 +02:00
parent dc4f9265f0
commit 0e55b15e01
4 changed files with 7 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -9,3 +9,4 @@ quagga-0.99.17.tar.gz
/quagga-0.99.22.2.tar.xz
/quagga-0.99.22.3.tar.xz
/quagga-0.99.22.4.tar.xz
/quagga-0.99.24.1.tar.xz

52
0001-zebra-raise-the-privileges-before-calling-socket.patch
View File

@ -1,52 +0,0 @@
From 2f75e4c0a33f61e8514c09c69ce896681476df85 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 15 May 2014 16:24:03 +0200
Subject: [PATCH] zebra: raise the privileges before calling socket()
Because of recent changes when creating AF_NETLINK socket, kernel will
cache capabilities of the caller and if file descriptor is used or
otherwise handed to another process it will check that current user has
necessary capabilities to use the socket. Hence we need to ensure we
have necessary capabilities when creating the socket and at the time we
use the socket.
See: http://www.spinics.net/lists/netdev/msg280198.html
---
zebra/rt_netlink.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/zebra/rt_netlink.c b/zebra/rt_netlink.c
index ba0b0d7..9855c9e 100644
--- a/zebra/rt_netlink.c
+++ b/zebra/rt_netlink.c
@@ -162,6 +162,13 @@ netlink_socket (struct nlsock *nl, unsigned long groups)
int namelen;
int save_errno;
+ /* Bind the socket to the netlink structure for anything. */
+ if (zserv_privs.change (ZPRIVS_RAISE))
+ {
+ zlog (NULL, LOG_ERR, "Can't raise privileges");
+ return -1;
+ }
+
sock = socket (AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
if (sock < 0)
{
@@ -174,13 +181,6 @@ netlink_socket (struct nlsock *nl, unsigned long groups)
snl.nl_family = AF_NETLINK;
snl.nl_groups = groups;
- /* Bind the socket to the netlink structure for anything. */
- if (zserv_privs.change (ZPRIVS_RAISE))
- {
- zlog (NULL, LOG_ERR, "Can't raise privileges");
- return -1;
- }
-
ret = bind (sock, (struct sockaddr *) &snl, sizeof snl);
save_errno = errno;
if (zserv_privs.change (ZPRIVS_LOWER))
--
1.8.3.1

9
quagga.spec
View File

@ -6,8 +6,8 @@
%global _hardened_build 1
Name: quagga
Version: 0.99.22.4
Release: 7%{?dist}
Version: 0.99.24.1
Release: 1%{?dist}
Summary: Routing daemon
License: GPLv2+
Group: System Environment/Daemons
@ -27,7 +27,6 @@ Provides: routingdaemon = %{version}-%{release}
Obsoletes: quagga-sysvinit
Patch0: 0001-systemd-change-the-WantedBy-target.patch
Patch1: 0001-zebra-raise-the-privileges-before-calling-socket.patch
%define __perl_requires %{SOURCE1}
@ -65,7 +64,6 @@ developing OSPF-API and quagga applications.
%setup -q
%patch0 -p1
%patch1 -p1
%build
%configure \
@ -227,6 +225,9 @@ fi
%{_includedir}/quagga/ospfd/*.h
%changelog
* Mon Jun 29 2015 Michal Sekletar <msekleta@redhat.com> - 0.99.24.1-1
- update to 0.99.24.1 (#1114339)
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.99.22.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
03ef24a448be47beba80efa2152f8a28 quagga-0.99.22.4.tar.xz
b168db69435100ee04564c4fb39c7413 quagga-0.99.24.1.tar.xz