fixes #689852 - CVE-2010-1674 CVE-2010-1675 quagga various flaws

fixes #690087 - ripd fails to start
fixes #689763 - updated to latest upstream version 0.99.18

.gitignore

@@ -1,2 +1,3 @@
 quagga-0.99.16.tar.gz
 quagga-0.99.17.tar.gz
+/quagga-0.99.18.tar.gz

quagga-0.99.18-opaque-enable.patch

@@ -0,0 +1,47 @@
+commit 36de261b57eab7a7539fb6527a1f02f3898cbafd
+Author: Paul Jakma <paul@quagga.net>
+Date:   Tue Mar 22 10:18:05 2011 +0000
+
+    build: change sense of opaque-{lsa,te} enable args to enable by default
+    
+    * configure.ac: (AC_ARG_ENABLE({ospf-te,opaque-lsa})) reverse the sense to
+      --disable
+      (enable_{opaque_lsa,ospf_te}) treat as enabled unless explicitly disabled.
+
+diff --git a/configure.ac b/configure.ac
+index 4409d20..27d26ef 100755
+--- a/configure.ac
++++ b/configure.ac
+@@ -219,15 +219,14 @@ AC_ARG_WITH(libpam,
+ AC_ARG_ENABLE(tcp-zebra,
+ [  --enable-tcp-zebra      enable TCP/IP socket connection between zebra and protocol daemon])
+ AC_ARG_ENABLE(opaque-lsa,
+-[  --enable-opaque-lsa     enable OSPF Opaque-LSA with OSPFAPI support (RFC2370)])
++  AC_HELP_STRING([--disable-opaque-lsa],[do not build OSPF Opaque-LSA with OSPFAPI support (RFC2370)]))
+ AC_ARG_ENABLE(ospfapi,
+-[  --disable-ospfapi       do not build OSPFAPI to access the OSPF LSA Database, 
+-                          (this is the default if --enable-opaque-lsa is not set)])
++[  --disable-ospfapi       do not build OSPFAPI to access the OSPF LSA Database])
+ AC_ARG_ENABLE(ospfclient,
+ [  --disable-ospfclient    do not build OSPFAPI client for OSPFAPI, 
+                           (this is the default if --disable-ospfapi is set)])
+ AC_ARG_ENABLE(ospf-te,
+-[  --enable-ospf-te        enable Traffic Engineering Extension to OSPF])
++  AC_HELP_STRING([--disable-ospf-te],[disable Traffic Engineering Extension to OSPF]))
+ AC_ARG_ENABLE(multipath,
+ [  --enable-multipath=ARG  enable multipath function, ARG must be digit])
+ AC_ARG_ENABLE(user,
+@@ -292,11 +291,11 @@ if test "${enable_tcp_zebra}" = "yes"; then
+   AC_DEFINE(HAVE_TCP_ZEBRA,,Use TCP for zebra communication)
+ fi
+ 
+-if test "${enable_opaque_lsa}" = "yes"; then
++if test "${enable_opaque_lsa}" != "no"; then
+   AC_DEFINE(HAVE_OPAQUE_LSA,,OSPF Opaque LSA)
+ fi
+ 
+-if test "${enable_ospf_te}" = "yes"; then
++if test "${enable_ospf_te}" != "no"; then
+   AC_DEFINE(HAVE_OPAQUE_LSA,,OSPF Opaque LSA)
+   AC_DEFINE(HAVE_OSPF_TE,,OSPF TE)
+ fi

quagga-0.99.18-opaque-refresh-fixes.patch

@@ -0,0 +1,99 @@
+diff --git a/ospfd/ospf_lsa.h b/ospfd/ospf_lsa.h
+index fee3470..72e2f8a 100644
+--- a/ospfd/ospf_lsa.h
++++ b/ospfd/ospf_lsa.h
+@@ -114,6 +114,9 @@ struct ospf_lsa
+ 
+   /* Refreshement List or Queue */
+   int refresh_list;
++  
++  /* For Type-9 Opaque-LSAs */
++  struct ospf_interface *oi;
+ };
+ 
+ /* OSPF LSA Link Type. */
+diff --git a/ospfd/ospf_nsm.c b/ospfd/ospf_nsm.c
+index 279d2a0..cbc3171 100644
+--- a/ospfd/ospf_nsm.c
++++ b/ospfd/ospf_nsm.c
+@@ -216,7 +216,7 @@ ospf_db_summary_add (struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
+     {
+     case OSPF_OPAQUE_LINK_LSA:
+       /* Exclude type-9 LSAs that does not have the same "oi" with "nbr". */
+-      if (lsa->oi != nbr->oi)
++      if (nbr->oi && ospf_if_exists (lsa->oi) != nbr->oi)
+           return 0;
+       break;
+     case OSPF_OPAQUE_AREA_LSA:
+diff --git a/ospfd/ospf_opaque.c b/ospfd/ospf_opaque.c
+index 6e90011..aa126e1 100644
+--- a/ospfd/ospf_opaque.c
++++ b/ospfd/ospf_opaque.c
+@@ -251,7 +251,7 @@ struct ospf_opaque_functab
+   void (* config_write_debug )(struct vty *vty);
+   void (* show_opaque_info   )(struct vty *vty, struct ospf_lsa *lsa);
+   int  (* lsa_originator)(void *arg);
+-  void (* lsa_refresher )(struct ospf_lsa *lsa);
++  struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa);
+   int (* new_lsa_hook)(struct ospf_lsa *lsa);
+   int (* del_lsa_hook)(struct ospf_lsa *lsa);
+ };
+@@ -354,7 +354,7 @@ ospf_register_opaque_functab (
+   void (* config_write_debug )(struct vty *vty),
+   void (* show_opaque_info   )(struct vty *vty, struct ospf_lsa *lsa),
+   int  (* lsa_originator)(void *arg),
+-  void (* lsa_refresher )(struct ospf_lsa *lsa),
++  struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa),
+   int (* new_lsa_hook)(struct ospf_lsa *lsa),
+   int (* del_lsa_hook)(struct ospf_lsa *lsa))
+ {
+@@ -1608,12 +1608,13 @@ out:
+   return new;
+ }
+ 
+-void
++struct ospf_lsa *
+ ospf_opaque_lsa_refresh (struct ospf_lsa *lsa)
+ {
+   struct ospf *ospf;
+   struct ospf_opaque_functab *functab;
+-
++  struct ospf_lsa *new = NULL;
++  
+   ospf = ospf_lookup ();
+ 
+   if ((functab = ospf_opaque_functab_lookup (lsa)) == NULL
+@@ -1633,9 +1634,9 @@ ospf_opaque_lsa_refresh (struct ospf_lsa *lsa)
+       ospf_lsa_flush (ospf, lsa);
+     }
+   else
+-    (* functab->lsa_refresher)(lsa);
++    new = (* functab->lsa_refresher)(lsa);
+ 
+-  return;
++  return new;
+ }
+ 
+ /*------------------------------------------------------------------------*
+diff --git a/ospfd/ospf_opaque.h b/ospfd/ospf_opaque.h
+index f49fe46..2273064 100644
+--- a/ospfd/ospf_opaque.h
++++ b/ospfd/ospf_opaque.h
+@@ -120,7 +120,7 @@ ospf_register_opaque_functab (
+   void (* config_write_debug )(struct vty *vty),
+   void (* show_opaque_info   )(struct vty *vty, struct ospf_lsa *lsa),
+   int  (* lsa_originator)(void *arg),
+-  void (* lsa_refresher )(struct ospf_lsa *lsa),
++  struct ospf_lsa *(* lsa_refresher )(struct ospf_lsa *lsa),
+   int (* new_lsa_hook)(struct ospf_lsa *lsa),
+   int (* del_lsa_hook)(struct ospf_lsa *lsa)
+ );
+@@ -143,7 +143,7 @@ extern void ospf_opaque_lsa_originate_schedule (struct ospf_interface *oi,
+ 						int *init_delay);
+ extern struct ospf_lsa *ospf_opaque_lsa_install (struct ospf_lsa *,
+ 						 int rt_recalc);
+-extern void ospf_opaque_lsa_refresh (struct ospf_lsa *lsa);
++extern struct ospf_lsa *ospf_opaque_lsa_refresh (struct ospf_lsa *lsa);
+ 
+ extern void ospf_opaque_lsa_reoriginate_schedule (void *lsa_type_dependent,
+ 						  u_char lsa_type,

quagga-tmpfs.conf

@@ -1 +1 @@
-d	/var/run/quagga	0751 root root
+d	/var/run/quagga	0755 quagga quagga

quagga.spec

@@ -31,17 +31,22 @@
 
 Summary:    Routing daemon
 Name:		quagga
-Version:	0.99.17
+Version:	0.99.18
-Release:    5%{?dist}
+Release:    1%{?dist}
 License:	GPLv2+
 Group:      System Environment/Daemons
 Source0:    http://www.quagga.net/download/%{name}-%{version}.tar.gz
 Source1:    quagga-filter-perl-requires.sh
 Source2:    quagga-tmpfs.conf
 
-Patch1:     quagga-0.99.15-perl_pth.patch
+# upstream patches
-Patch2:     quagga-0.99.16-posix.patch
+Patch1:     quagga-0.99.18-opaque-enable.patch
-Patch3:     quagga-0.99.16-man.patch
+Patch2:     quagga-0.99.18-opaque-refresh-fixes.patch
+
+# Fedora patches
+Patch101:     quagga-0.99.15-perl_pth.patch
+Patch102:     quagga-0.99.16-posix.patch
+Patch103:     quagga-0.99.16-man.patch
 
 URL:		http://www.quagga.net
 %if %with_snmp
@@ -102,9 +107,12 @@ developing OSPF-API and quagga applications.
 %prep
 %setup  -q
 
-%patch1 -p1 -b .perl_pth
+%patch1 -p1 -b .opaque-enable
-%patch2 -p1 -b .posix
+%patch2 -p1 -b .opaque-refresh-fixes
-%patch3 -p1 -b .man
+
+%patch101 -p1 -b .perl_pth
+%patch102 -p1 -b .posix
+%patch103 -p1 -b .man
 
 %build
 # FC5+ automatic -fstack-protector-all switch
@@ -350,6 +358,11 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Wed Mar 23 2011 Jiri Skala <jskala@redhat.com> - 0.99.18-1
+- fixes #689852 - CVE-2010-1674 CVE-2010-1675 quagga various flaws
+- fixes #690087 - ripd fails to start
+- fixes #689763 - updated to latest upstream version 0.99.18
+
 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.99.17-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 

sources

@@ -1 +1 @@
-37b9022adca04b03863d2d79787e643f  quagga-0.99.17.tar.gz
+59e306e93a4a1ce16760f20e9075d473  quagga-0.99.18.tar.gz