Rebase to 1.1.0

This rebases fixes following security issues: - CVE-2016-2342 quagga: VPNv4 NLRI parses memcpys to stack on unchecked length (#1316572) - CVE-2016-4049 quagga: denial of service vulnerability in BGP routing daemon (#1331373) - CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling (#1386110) Also babeld was dropped by upstream. Resolves: #1316324, #1316572, #1331373, #1386110, #1387654
2016-10-20 17:00:11 +02:00 · 2016-10-20 17:00:11 +02:00 · a955835699
commit a955835699
parent f951d03fd8
3 changed files with 192 additions and 196 deletions
--- a/0001-systemd-change-the-WantedBy-target.patch
+++ b/0001-systemd-change-the-WantedBy-target.patch
@ -1,184 +0,0 @@
-diff --git a/redhat/babeld.service b/redhat/babeld.service
-index b1ea943..a7ea7fe 100644
--- a/redhat/babeld.service
-+++ b/redhat/babeld.service
-@@ -1,14 +1,15 @@
- [Unit]
- Description=Babel routing daemon
-BindTo=zebra.service
-After=syslog.target network.target zebra.service
-+BindsTo=zebra.service
-+After=zebra.service
- ConditionPathExists=/etc/quagga/babeld.conf
- 
- [Service]
- Type=forking
-+PIDFile=/run/quagga/babeld.pid
- EnvironmentFile=/etc/sysconfig/quagga
- ExecStart=/usr/sbin/babeld -d $BABELD_OPTS -f /etc/quagga/babeld.conf
- Restart=on-abort
- 
- [Install]
-WantedBy=network.target
-+WantedBy=multi-user.target
-diff --git a/redhat/bgpd.service b/redhat/bgpd.service
-index 5040284..af923df 100644
--- a/redhat/bgpd.service
-+++ b/redhat/bgpd.service
-@@ -1,14 +1,15 @@
- [Unit]
- Description=BGP routing daemon
-BindTo=zebra.service
-After=syslog.target network.target zebra.service
-+BindsTo=zebra.service
-+After=zebra.service
- ConditionPathExists=/etc/quagga/bgpd.conf
- 
- [Service]
- Type=forking
-+PIDFile=/run/quagga/bgpd.pid
- EnvironmentFile=/etc/sysconfig/quagga
- ExecStart=/usr/sbin/bgpd -d $BGPD_OPTS -f /etc/quagga/bgpd.conf
- Restart=on-abort
- 
- [Install]
-WantedBy=network.target
-+WantedBy=multi-user.target
-diff --git a/redhat/isisd.service b/redhat/isisd.service
-index 4cdf67d..8687601 100644
--- a/redhat/isisd.service
-+++ b/redhat/isisd.service
-@@ -1,14 +1,15 @@
- [Unit]
- Description=IS-IS routing daemon
-BindTo=zebra.service
-After=syslog.target network.target zebra.service
-+BindsTo=zebra.service
-+After=zebra.service
- ConditionPathExists=/etc/quagga/isisd.conf
- 
- [Service]
- Type=forking
-+PIDFile=/run/quagga/isisd.pid
- EnvironmentFile=/etc/sysconfig/quagga
- ExecStart=/usr/sbin/isisd -d $ISISD_OPTS -f /etc/quagga/isisd.conf
- Restart=on-abort
- 
- [Install]
-WantedBy=network.target
-+WantedBy=multi-user.target
-diff --git a/redhat/ospf6d.service b/redhat/ospf6d.service
-index 3c9c466..d13e970 100644
--- a/redhat/ospf6d.service
-+++ b/redhat/ospf6d.service
-@@ -1,14 +1,15 @@
- [Unit]
- Description=OSPF routing daemon for IPv6
-BindTo=zebra.service
-After=syslog.target network.target zebra.service
-+BindsTo=zebra.service
-+After=zebra.service
- ConditionPathExists=/etc/quagga/ospf6d.conf
- 
- [Service]
- Type=forking
-+PIDFile=/run/quagga/ospf6d.pid
- EnvironmentFile=/etc/sysconfig/quagga
- ExecStart=/usr/sbin/ospf6d -d $OSPF6D_OPTS -f /etc/quagga/ospf6d.conf
- Restart=on-abort
- 
- [Install]
-WantedBy=network.target
-+WantedBy=multi-user.target
-diff --git a/redhat/ospfd.service b/redhat/ospfd.service
-index 5e3de23..959e649 100644
--- a/redhat/ospfd.service
-+++ b/redhat/ospfd.service
-@@ -1,14 +1,15 @@
- [Unit]
- Description=OSPF routing daemon
-BindTo=zebra.service
-After=syslog.target network.target zebra.service
-+BindsTo=zebra.service
-+After=zebra.service
- ConditionPathExists=/etc/quagga/ospfd.conf
- 
- [Service]
- Type=forking
-+PIDFile=/run/quagga/ospfd.pid
- EnvironmentFile=/etc/sysconfig/quagga
- ExecStart=/usr/sbin/ospfd -d $OSPFD_OPTS -f /etc/quagga/ospfd.conf
- Restart=on-abort
- 
- [Install]
-WantedBy=network.target
-+WantedBy=multi-user.target
-diff --git a/redhat/ripd.service b/redhat/ripd.service
-index d35dc47..8e7290e 100644
--- a/redhat/ripd.service
-+++ b/redhat/ripd.service
-@@ -1,14 +1,15 @@
- [Unit]
- Description=RIP routing daemon
-BindTo=zebra.service
-After=syslog.target network.target zebra.service
-+BindsTo=zebra.service
-+After=zebra.service
- ConditionPathExists=/etc/quagga/ripd.conf
- 
- [Service]
- Type=forking
-+PIDFile=/run/quagga/ripd.pid
- EnvironmentFile=/etc/sysconfig/quagga
- ExecStart=/usr/sbin/ripd -d $RIPD_OPTS -f /etc/quagga/ripd.conf
- Restart=on-abort
- 
- [Install]
-WantedBy=network.target
-+WantedBy=multi-user.target
-diff --git a/redhat/ripngd.service b/redhat/ripngd.service
-index 567e888..1ba6dcf 100644
--- a/redhat/ripngd.service
-+++ b/redhat/ripngd.service
-@@ -1,14 +1,15 @@
- [Unit]
- Description=RIP routing daemon for IPv6
-BindTo=zebra.service
-After=syslog.target network.target zebra.service
-+BindsTo=zebra.service
-+After=zebra.service
- ConditionPathExists=/etc/quagga/ripngd.conf
- 
- [Service]
- Type=forking
-+PIDFile=/run/quagga/ripngd.pid
- EnvironmentFile=/etc/sysconfig/quagga
- ExecStart=/usr/sbin/ripngd -d $RIPNGD_OPTS -f /etc/quagga/ripngd.conf
- Restart=on-abort
- 
- [Install]
-WantedBy=network.target
-+WantedBy=multi-user.target
-diff --git a/redhat/zebra.service b/redhat/zebra.service
-index 27c3a52..259fc20 100644
--- a/redhat/zebra.service
-+++ b/redhat/zebra.service
-@@ -1,14 +1,16 @@
- [Unit]
- Description=GNU Zebra routing manager
-After=syslog.target network.target
-+Wants=network.target
-+Before=network.target
- ConditionPathExists=/etc/quagga/zebra.conf
- 
- [Service]
- Type=forking
-+PIDFile=/run/quagga/zebra.pid
- EnvironmentFile=-/etc/sysconfig/quagga
- ExecStartPre=/sbin/ip route flush proto zebra
- ExecStart=/usr/sbin/zebra -d $ZEBRA_OPTS -f /etc/quagga/zebra.conf
- Restart=on-abort
- 
- [Install]
-WantedBy=network.target
-+WantedBy=multi-user.target
--- a/0001-systemd-various-service-file-improvements.patch
+++ b/0001-systemd-various-service-file-improvements.patch
@ -0,0 +1,183 @@
+From 91eddf68ca54ba11a22f58de9a4e8f5deb53cccc Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Thu, 20 Oct 2016 12:56:34 +0200
+Subject: [PATCH] systemd: various service file improvements
+
+(1) network.target is generally used as a synchronization point during
+boot up and not as a "boot target" (target where services are actually
+enabled). Also as per 'man 7 systemd.special', service implementing
+networking should pull network.target into transaction and order itself
+before it. Hence, it doesn't make sense for zebra and friends to be
+enabled in network.target, because they should actively pull in
+network.target into boot transaction. Let's enable them as normal
+services in multi-user.target and order against network{,-pre}.target
+appropriately.
+
+(2) All quagga daemons needs zebra to be running at all times and want
+to restarted/stopped whenever zebra is. This is expressed by BindsTo=
+dependency in a unit file (note "s" in Binds).
+---
+ redhat/bgpd.service   | 8 +++++---
+ redhat/isisd.service  | 8 +++++---
+ redhat/ospf6d.service | 8 +++++---
+ redhat/ospfd.service  | 8 +++++---
+ redhat/ripd.service   | 8 +++++---
+ redhat/ripngd.service | 8 +++++---
+ redhat/zebra.service  | 6 ++++--
+ 7 files changed, 34 insertions(+), 20 deletions(-)
+
+diff --git a/redhat/bgpd.service b/redhat/bgpd.service
+index 5040284..ef24841 100644
+--- a/redhat/bgpd.service
+++ b/redhat/bgpd.service
+@@ -1,7 +1,9 @@
+ [Unit]
+ Description=BGP routing daemon
+-BindTo=zebra.service
+-After=syslog.target network.target zebra.service
+BindsTo=zebra.service
+Wants=network.target
+After=zebra.service network-pre.target
+Before=network.target
+ ConditionPathExists=/etc/quagga/bgpd.conf
+ 
+ [Service]
+@@ -11,4 +13,4 @@ ExecStart=/usr/sbin/bgpd -d $BGPD_OPTS -f /etc/quagga/bgpd.conf
+ Restart=on-abort
+ 
+ [Install]
+-WantedBy=network.target
+WantedBy=multi-user.target
+diff --git a/redhat/isisd.service b/redhat/isisd.service
+index 4cdf67d..edb6eea 100644
+--- a/redhat/isisd.service
+++ b/redhat/isisd.service
+@@ -1,7 +1,9 @@
+ [Unit]
+ Description=IS-IS routing daemon
+-BindTo=zebra.service
+-After=syslog.target network.target zebra.service
+BindsTo=zebra.service
+Wants=network.target
+After=zebra.service network-pre.target
+Before=network.target
+ ConditionPathExists=/etc/quagga/isisd.conf
+ 
+ [Service]
+@@ -11,4 +13,4 @@ ExecStart=/usr/sbin/isisd -d $ISISD_OPTS -f /etc/quagga/isisd.conf
+ Restart=on-abort
+ 
+ [Install]
+-WantedBy=network.target
+WantedBy=multi-user.target
+diff --git a/redhat/ospf6d.service b/redhat/ospf6d.service
+index 3c9c466..b53b970 100644
+--- a/redhat/ospf6d.service
+++ b/redhat/ospf6d.service
+@@ -1,7 +1,9 @@
+ [Unit]
+ Description=OSPF routing daemon for IPv6
+-BindTo=zebra.service
+-After=syslog.target network.target zebra.service
+BindsTo=zebra.service
+Wants=network.target
+After=zebra.service network-pre.target
+Before=network.target
+ ConditionPathExists=/etc/quagga/ospf6d.conf
+ 
+ [Service]
+@@ -11,4 +13,4 @@ ExecStart=/usr/sbin/ospf6d -d $OSPF6D_OPTS -f /etc/quagga/ospf6d.conf
+ Restart=on-abort
+ 
+ [Install]
+-WantedBy=network.target
+WantedBy=multi-user.target
+diff --git a/redhat/ospfd.service b/redhat/ospfd.service
+index 5e3de23..5d6c5bb 100644
+--- a/redhat/ospfd.service
+++ b/redhat/ospfd.service
+@@ -1,7 +1,9 @@
+ [Unit]
+ Description=OSPF routing daemon
+-BindTo=zebra.service
+-After=syslog.target network.target zebra.service
+BindsTo=zebra.service
+Wants=network.target
+After=zebra.service network-pre.target
+Before=network.target
+ ConditionPathExists=/etc/quagga/ospfd.conf
+ 
+ [Service]
+@@ -11,4 +13,4 @@ ExecStart=/usr/sbin/ospfd -d $OSPFD_OPTS -f /etc/quagga/ospfd.conf
+ Restart=on-abort
+ 
+ [Install]
+-WantedBy=network.target
+WantedBy=multi-user.target
+diff --git a/redhat/ripd.service b/redhat/ripd.service
+index d35dc47..ed7f922 100644
+--- a/redhat/ripd.service
+++ b/redhat/ripd.service
+@@ -1,7 +1,9 @@
+ [Unit]
+ Description=RIP routing daemon
+-BindTo=zebra.service
+-After=syslog.target network.target zebra.service
+BindsTo=zebra.service
+Wants=network.target
+After=zebra.service network-pre.target
+Before=network.target
+ ConditionPathExists=/etc/quagga/ripd.conf
+ 
+ [Service]
+@@ -11,4 +13,4 @@ ExecStart=/usr/sbin/ripd -d $RIPD_OPTS -f /etc/quagga/ripd.conf
+ Restart=on-abort
+ 
+ [Install]
+-WantedBy=network.target
+WantedBy=multi-user.target
+diff --git a/redhat/ripngd.service b/redhat/ripngd.service
+index 567e888..2519b31 100644
+--- a/redhat/ripngd.service
+++ b/redhat/ripngd.service
+@@ -1,7 +1,9 @@
+ [Unit]
+ Description=RIP routing daemon for IPv6
+-BindTo=zebra.service
+-After=syslog.target network.target zebra.service
+BindsTo=zebra.service
+Wants=network.target
+After=zebra.service network-pre.target
+Before=network.target
+ ConditionPathExists=/etc/quagga/ripngd.conf
+ 
+ [Service]
+@@ -11,4 +13,4 @@ ExecStart=/usr/sbin/ripngd -d $RIPNGD_OPTS -f /etc/quagga/ripngd.conf
+ Restart=on-abort
+ 
+ [Install]
+-WantedBy=network.target
+WantedBy=multi-user.target
+diff --git a/redhat/zebra.service b/redhat/zebra.service
+index 27c3a52..f9107f1 100644
+--- a/redhat/zebra.service
+++ b/redhat/zebra.service
+@@ -1,6 +1,8 @@
+ [Unit]
+ Description=GNU Zebra routing manager
+-After=syslog.target network.target
+Wants=network.target
+Before=network.target
+After=network-pre.target
+ ConditionPathExists=/etc/quagga/zebra.conf
+ 
+ [Service]
+@@ -11,4 +13,4 @@ ExecStart=/usr/sbin/zebra -d $ZEBRA_OPTS -f /etc/quagga/zebra.conf
+ Restart=on-abort
+ 
+ [Install]
+-WantedBy=network.target
+WantedBy=multi-user.target
+-- 
+2.7.4
+
--- a/quagga.spec
+++ b/quagga.spec
@ -6,13 +6,13 @@
 %global _hardened_build 1

 Name: quagga
-Version: 0.99.24.1
-Release: 3%{?dist}
+Version: 1.1.0
+Release: 1%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://www.quagga.net
-Source0: http://download.savannah.gnu.org/releases/quagga/%{name}-%{version}.tar.xz
+Source0: http://download.savannah.gnu.org/releases/quagga/%{name}-%{version}.tar.gz
 Source1: quagga-filter-perl-requires.sh
 Source2: quagga-tmpfs.conf
 BuildRequires: perl-generators
@ -20,6 +20,7 @@ BuildRequires: systemd
 BuildRequires: net-snmp-devel
 BuildRequires: texinfo tetex libcap-devel texi2html
 BuildRequires: readline readline-devel ncurses ncurses-devel
+BuildRequires: git
 Requires: net-snmp ncurses
 Requires(post): systemd /sbin/install-info
 Requires(preun): systemd /sbin/install-info
@ -27,7 +28,7 @@ Requires(postun): systemd
 Provides: routingdaemon = %{version}-%{release}
 Obsoletes: quagga-sysvinit

-Patch0: 0001-systemd-change-the-WantedBy-target.patch
+Patch0: 0001-systemd-various-service-file-improvements.patch

 %define __perl_requires %{SOURCE1}

@ -62,9 +63,7 @@ The quagga-devel package contains the header and object files necessary for
 developing OSPF-API and quagga applications.

 %prep
-%setup -q
-
-%patch0 -p1
+%autosetup -S git_am

 %build
 %configure \
@ -109,7 +108,6 @@ install -p -m 644 %{_builddir}/%{name}-%{version}/redhat/isisd.service %{buildro
 install -p -m 644 %{_builddir}/%{name}-%{version}/redhat/ripd.service %{buildroot}%{_unitdir}/ripd.service
 install -p -m 644 %{_builddir}/%{name}-%{version}/redhat/ospfd.service %{buildroot}%{_unitdir}/ospfd.service
 install -p -m 644 %{_builddir}/%{name}-%{version}/redhat/bgpd.service %{buildroot}%{_unitdir}/bgpd.service
-install -p -m 644 %{_builddir}/%{name}-%{version}/redhat/babeld.service %{buildroot}%{_unitdir}/babeld.service
 install -p -m 644 %{_builddir}/%{name}-%{version}/redhat/ospf6d.service %{buildroot}%{_unitdir}/ospf6d.service
 install -p -m 644 %{_builddir}/%{name}-%{version}/redhat/ripngd.service %{buildroot}%{_unitdir}/ripngd.service

@ -136,7 +134,6 @@ getent passwd quagga >/dev/null 2>&1 || useradd -u %quagga_uid -g %quagga_gid -M
 %systemd_post ripd.service
 %systemd_post ospfd.service
 %systemd_post bgpd.service
-%systemd_post babeld.service
 %systemd_post ospf6d.service
 %systemd_post ripngd.service

@ -163,7 +160,6 @@ fi
 %systemd_postun_with_restart ripd.service
 %systemd_postun_with_restart ospfd.service
 %systemd_postun_with_restart bgpd.service
-%systemd_postun_with_restart babeld.service
 %systemd_postun_with_restart ospf6d.service
 %systemd_postun_with_restart ripngd.service

@ -177,7 +173,6 @@ fi
 %systemd_preun ripd.service
 %systemd_preun ospfd.service
 %systemd_preun bgpd.service
-%systemd_preun babeld.service
 %systemd_preun ospf6d.service
 %systemd_preun ripngd.service

@ -189,7 +184,6 @@ fi
 %doc ripd/ripd.conf.sample
 %doc bgpd/bgpd.conf.sample*
 %doc ospfd/ospfd.conf.sample
-%doc babeld/babeld.conf.sample
 %doc ospf6d/ospf6d.conf.sample
 %doc ripngd/ripngd.conf.sample
 %doc doc/quagga.html
@ -226,6 +220,9 @@ fi
 %{_includedir}/quagga/ospfd/*.h

 %changelog
+* Thu Oct 20 2016 Michal Sekletar <msekleta@redhat.com> - 1.1.0-1
+- rebase to 1.1.0 (#1316324, #1316572, #1331373, #1386110)
+
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.99.24.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild