New version 1.2.4

Fixed CVE-2018-5379 - Double free vulnerability in bgpd when processing
  certain forms of UPDATE message allowing to crash or potentially execute
  arbitrary code
Resolves: rhbz#1546008

Fixed CVE-2018-5380 - bgpd can overrun internal BGP code-to-string
  conversion tables potentially allowing crash
Resolves: rhbz#1546006

Fixed CVE-2018-5381 - Infinite loop issue triggered by invalid OPEN message
  allows denial-of-service
Resolves: rhbz#1546004

Fixed CVE-2018-5378 - bgpd does not properly bounds check the data sent with
  a NOTIFY allowing leak of sensitive data or crash
Resolves: rhbz#1546009

.gitignore

@@ -13,3 +13,7 @@ quagga-0.99.17.tar.gz
 /quagga-1.1.0.tar.gz
 /quagga-1.1.1.tar.gz
 /quagga-1.2.1.tar.gz
+/quagga-1.2.2.tar.gz
+/quagga-1.2.2.tar.gz.asc
+/quagga-1.2.4.tar.gz
+/quagga-1.2.4.tar.gz.asc

quagga.spec

@@ -6,8 +6,8 @@
 %global _hardened_build 1
 
 Name: quagga
-Version: 1.2.1
-Release: 6%{?dist}
+Version: 1.2.4
+Release: 1%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 Group: System Environment/Daemons
@@ -140,7 +140,8 @@ usermod -a -G %vty_group quagga
 %systemd_post ospf6d.service
 %systemd_post ripngd.service
 
-if [ -f %{_infodir}/%{name}.inf* ]; then
+ls %{_infodir}/%{name}.inf* > /dev/null 2>&1
+if [ $? -eq 0 ]; then
     install-info %{_infodir}/quagga.info %{_infodir}/dir || :
 fi
 
@@ -166,7 +167,8 @@ fi
 %systemd_postun_with_restart ospf6d.service
 %systemd_postun_with_restart ripngd.service
 
-if [ -f %{_infodir}/%{name}.inf* ]; then
+ls %{_infodir}/%{name}.inf* > /dev/null 2>&1
+if [ $? -eq 0 ]; then
     install-info --delete %{_infodir}/quagga.info %{_infodir}/dir || :
 fi
 
@@ -223,6 +225,29 @@ fi
 %{_includedir}/quagga/ospfd/*.h
 
 %changelog
+* Fri May 04 2018 Michal Ruprich <mruprich@redhat.com> - 1.2.4-1
+- New version 1.2.4
+
+* Thu Feb 22 2018 Ondřej Lysoněk <olysonek@redhat.com> - 1.2.2-2
+- Fixed CVE-2018-5379 - Double free vulnerability in bgpd when processing
+  certain forms of UPDATE message allowing to crash or potentially execute
+  arbitrary code
+- Resolves: rhbz#1546008
+- Fixed CVE-2018-5380 - bgpd can overrun internal BGP code-to-string
+  conversion tables potentially allowing crash
+- Resolves: rhbz#1546006
+- Fixed CVE-2018-5381 - Infinite loop issue triggered by invalid OPEN message
+  allows denial-of-service
+- Resolves: rhbz#1546004
+- Fixed CVE-2018-5378 - bgpd does not properly bounds check the data sent with
+  a NOTIFY allowing leak of sensitive data or crash
+- Resolves: rhbz#1546009
+
+* Tue Nov 14 2017 Michal Ruprich <mruprich@redhat.com> - 1.2.2-1
+- rebase to 1.2.2(#1504420)
+ - resolves #1462426 - Installing with dnf produces error /var/tmp/rpm-tmp.jMe0EE: line 44 [: too many arguments
+ - resolves #1509292 - CVE-2017-16227 quagga: Incorrect AS_PATH size calculation for long paths
+
 * Fri Aug 11 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.2.1-6
 - Rebuilt after RPM update (№ 3)
 

sources

@@ -1 +1,2 @@
-SHA512 (quagga-1.2.1.tar.gz) = ab7693ccb0cfa0f9ed90cc2b626dcd27aa6cc52e626646a2a37914a01f4b38dd80bf8d0e35d8a6a113718e82024203dbc3704c017f7c5c07bcdc2fe0109e89eb
+SHA512 (quagga-1.2.4.tar.gz) = 3e72440bcccfd3c1a449a62b7ff8623441256399a2bee0a39fa0a19694a5a78ac909c5c2128a24735bc034ea8b0811827293b480a2584a3a4c8ae36be9cf1fcd
+SHA512 (quagga-1.2.4.tar.gz.asc) = 054f6159bf3e2ea396e696d6297b026d1322b17eba31826cf3ac42b5a43e924caef1d87bba481cc3c272b56aa5c64b3d5537a67693f99cafb560d216870fede3