Commit Graph

163 Commits

Author SHA1 Message Date
Michal Ruprich
00dea8c3ed Adding conflict with frr 2019-07-21 15:23:36 +02:00
Igor Gnatenko
9f75513639 Rebuild for readline 8.0 2019-02-17 09:30:52 +01:00
Fedora Release Engineering
8b99b98621 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-02 10:51:51 +00:00
Igor Gnatenko
2fa4fa5707 Remove obsolete Group tag
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:24:44 +01:00
Igor Gnatenko
424a5c64c4
Remove obsolete scriptlets
References: https://fedoraproject.org/wiki/Changes/RemoveObsoleteScriptlets
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2019-01-27 19:40:14 +01:00
Björn Esser
a9e623e5af
Rebuilt for libcrypt.so.2 (#1666033) 2019-01-14 19:14:38 +01:00
Michal Ruprich
5705b1be77 Resolves: #1611589 - Need to use {} around the environment variables in unit files 2018-12-10 12:29:30 +01:00
Michal Ruprich
bffe5f096a Removing tetex from dependencies
Adding gcc to BuildRequires
2018-07-25 09:12:16 +02:00
Fedora Release Engineering
86794cc8fd - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-14 03:14:32 +00:00
Jason Tibbitts
7f2c4dc729 Remove needless use of %defattr 2018-07-10 01:31:48 -05:00
Michal Ruprich
7ba3ea9c42 New version 1.2.4 2018-05-04 17:46:57 +02:00
Ondřej Lysoněk
ba3a7a25ca Fix CVE-2018-5379, CVE-2018-5380, CVE-2018-5381, CVE-2018-5378
Fixed CVE-2018-5379 - Double free vulnerability in bgpd when processing
  certain forms of UPDATE message allowing to crash or potentially execute
  arbitrary code
Resolves: rhbz#1546008

Fixed CVE-2018-5380 - bgpd can overrun internal BGP code-to-string
  conversion tables potentially allowing crash
Resolves: rhbz#1546006

Fixed CVE-2018-5381 - Infinite loop issue triggered by invalid OPEN message
  allows denial-of-service
Resolves: rhbz#1546004

Fixed CVE-2018-5378 - bgpd does not properly bounds check the data sent with
  a NOTIFY allowing leak of sensitive data or crash
Resolves: rhbz#1546009
2018-02-22 11:59:51 +01:00
Igor Gnatenko
029751315e
Escape macros in %changelog
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-09 09:05:53 +01:00
Björn Esser
5d78a5f28f
Rebuilt for switch to libxcrypt 2018-01-20 23:07:46 +01:00
Michal Ruprich
bb6bcef925 rebase to 1.2.2(#1504420)
resolves #1462426 - Installing with dnf produces error /var/tmp/rpm-tmp.jMe0EE: line 44 [: too many arguments
 resolves #1509292 - CVE-2017-16227 quagga: Incorrect AS_PATH size calculation for long paths
2017-11-14 13:01:31 +01:00
Igor Gnatenko
153581c73b Rebuilt after RPM update (№ 3)
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
2017-08-11 11:07:30 +02:00
Igor Gnatenko
bc5fd2e3dd Rebuilt for RPM soname bump
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
2017-08-10 22:12:51 +02:00
Igor Gnatenko
45a84398f5 Rebuilt for RPM soname bump
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
2017-08-10 20:32:21 +02:00
Fedora Release Engineering
731c1ff373 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-03 07:26:09 +00:00
Fedora Release Engineering
1f87050e31 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 12:49:24 +00:00
Michal Ruprich
51fde2f824 rebase to 1.2.1(#1431309)
added quagga to quaggavt group - resolves #1434028
enabled pimd and nhrpd
fix bogus date in changelog
2017-05-30 14:15:29 +02:00
Fedora Release Engineering
541f305fae - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 11:25:43 +00:00
Michal Sekletar
20ea4a204e Rebase to quagga-1.1.1
Note that rebased package contains fix for CVE-2017-5495

Resolves: #1415873, #1416017
2017-02-01 11:33:55 +01:00
Igor Gnatenko
18d014af52 Rebuild for readline 7.x
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
2017-01-12 17:30:38 +01:00
Michal Sekletar
230ed3d5c0 Update sources 2016-10-26 14:17:00 +02:00
Michal Sekletar
a955835699 Rebase to 1.1.0
This rebases fixes following security issues:
  - CVE-2016-2342 quagga: VPNv4 NLRI parses memcpys to stack on unchecked length (#1316572)
  - CVE-2016-4049 quagga: denial of service vulnerability in BGP routing daemon (#1331373)
  - CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling (#1386110)

Also babeld was dropped by upstream.

Resolves: #1316324, #1316572, #1331373, #1386110, #1387654
2016-10-24 17:31:54 +02:00
Petr Písař
f951d03fd8 Mandatory Perl build-requires added <https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl> 2016-06-24 10:44:31 +02:00
Fedora Release Engineering
d82f87e8a2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 21:50:44 +00:00
Richard W.M. Jones
33c2f5e934 Bump version to rebuild against new RPM in Rawhide.
This package links against librpm:

linker flags            : -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -rdynamic -lcrypt  -Wl,-z,relro -Wl,-z,now -L/usr/lib64 -lnetsnmpmibs -lsensors -ldl -lrpm -lrpmio -lnetsnmpagent -lwrap -Wl,--enable-new-dtags -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -lnetsnmp -lssl -lssl -lcrypto -lm -lrt -lcap  -ltermcap -lreadline -lm

and so requires rebuilding because there has been a librpm
SONAME bump in Rawhide.
2015-07-27 14:02:21 +01:00
Michal Sekletar
0e55b15e01 Update to 0.99.24.1 2015-06-29 14:40:34 +02:00
Dennis Gilmore
dc4f9265f0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-18 21:55:45 +00:00
Peter Robinson
8f015eac43 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 23:05:29 +00:00
Dennis Gilmore
edd56b08f4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 20:33:23 -05:00
Michal Sekletar
63f996c821 zebra: raise the privileges before calling socket()
Because of recent changes when creating AF_NETLINK socket, kernel will
cache capabilities of the caller and if file descriptor is used or
otherwise handed to another process it will check that current user has
necessary capabilities to use the socket. Hence we need to ensure we
have necessary capabilities when creating the socket and at the time we
use the socket.

See: http://www.spinics.net/lists/netdev/msg280198.html
Resolves: #1097684
2014-05-26 16:28:05 +02:00
Michal Sekletar
2e3aea77a2 spec: fix date in the changelog 2014-01-29 13:49:50 +01:00
Michal Sekletar
671d207c61 spec: fix source url
tarballs for official upstream releases are stored at
http://download.savannah.gnu.org/releases/quagga/
2014-01-29 13:47:24 +01:00
Michal Sekletar
cd7585ea4d spec: it is 2014 already 2014-01-06 13:25:40 +01:00
Michal Sekletar
935ba739d0 systemd: reference pidfiles in service files
quagga daemons don't remove pidfiles before exit. Previously it was done by
init script, now pidfiles stay around after daemon is stopped. If they are
referenced in service files systemd will remove them automatically after service
is stopped.

Also fix typo, there is no BindTo dependency, change to BindsTo.
2014-01-06 13:21:59 +01:00
Michal Sekletar
278464f2ec spec: update to 0.99.22.4 2013-09-13 18:00:11 +02:00
Petr Písař
5f75efbaed Perl 5.18 rebuild 2013-08-03 15:49:11 +02:00
Michal Sekletar
9479f8bfb8 spec: update to 0.99.22.3
This release fixes failing build on FreeBSD. Once again, not really
needed but for consistency sake we'll just do it anyway.
2013-07-30 19:06:51 +02:00
Michal Sekletar
6d1f50934b spec: fix copy-paste error in NVR in changelog 2013-07-30 16:52:14 +02:00
Michal Sekletar
9de1505d36 spec: enable hardened build
rpm-checksec revealed that ospfd is not compiled as PIE. We enable
hardened build in specfile, this should not break anything and it should
take care of enabling security related compiler options.
2013-07-30 16:46:43 +02:00
Michal Sekletar
30871293d5 spec: add systemd to BuildRequires
We install tmpfiles configuration fragment and %{_tmpfilesdir} macro is
provided by systemd. Let's please this save and add systemd explicitly
as build requirement.
2013-07-30 16:30:18 +02:00
Michal Sekletar
6130a74175 spec: update to 0.99.22.2
Update to the latest upstream. 0.99.22.2 delivers only the fix for
CVE-2013-2236. We have ospfapi and ospfclient disabled, but in order
to be consistent we push update anyway.

Resolves: #990015

http://nongnu.askapache.com//quagga/quagga-0.99.22.2.changelog.txt
2013-07-30 16:21:06 +02:00
Michal Sekletar
eb8f08ba5e spec: fix bogus dates in changelog 2013-07-23 14:13:06 +02:00
Michal Sekletar
c17c7f3c42 ospfd: disable ospfapi and ospfclient
Disable those features during configuration of package build since they
present security risk and never really worked properly anyway.

http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html
2013-07-23 14:13:04 +02:00
Petr Písař
843dacf9cf Perl 5.18 rebuild 2013-07-18 02:56:23 +02:00
Michal Sekletar
fe94d73489 systemd: change the WantedBy target
Previously with configuration WantedBy=network.target it could happen
that after enabling let's say zebra and bgpd and restarting the server
services won't be started. In case when no service pulls in
network.target quagga daemons won't start, because they are enabled
under network.target. This might be the case when only zebra is used
for configuring interfaces and other services like NM and initscripts
are disabled.

This commit also removes ordering dependency on syslog.target, since
this is redundant these days, because systemd-journald is early boot
service.
2013-06-21 20:34:02 +02:00
Michal Sekletar
a0891a693d spec: fix rpm scripts handling documentation in info format 2013-06-10 15:10:40 +02:00