* [Buildroot] [PATCH] quagga: security bump to version 1.0.20160309
@ 2016-03-15 16:12 Baruch Siach
2016-03-15 19:56 ` Peter Korsgaard
2016-03-16 8:21 ` Peter Korsgaard
0 siblings, 2 replies; 4+ messages in thread
From: Baruch Siach @ 2016-03-15 16:12 UTC (permalink / raw)
To: buildroot
Fixes CVE-2016-2342 (AKA VU#270232): Quagga bgpd with BGP peers enabled for
VPNv4 contains a buffer overflow vulnerability.
Remove the --enable-babeld and --enable-opaque-lsa configure options that were
removed in this release.
See the release announcement at
https://lists.quagga.net/pipermail/quagga-dev/2016-March/014938.html.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
package/quagga/Config.in | 9 ---------
package/quagga/quagga.hash | 2 +-
package/quagga/quagga.mk | 4 +---
3 files changed, 2 insertions(+), 13 deletions(-)
diff --git a/package/quagga/Config.in b/package/quagga/Config.in
index 89ff6f25df16..56b8cad93c62 100644
--- a/package/quagga/Config.in
+++ b/package/quagga/Config.in
@@ -24,11 +24,6 @@ config BR2_PACKAGE_QUAGGA_TCP_ZEBRA
You'll want this enabled if zebra and the protocol daemon(s) run
on different hosts.
-config BR2_PACKAGE_QUAGGA_BABELD
- bool "BABEL protocol"
- help
- Build babeld daemon.
-
config BR2_PACKAGE_QUAGGA_BGPD
bool "BPGv4+ protocol"
help
@@ -48,10 +43,6 @@ config BR2_PACKAGE_QUAGGA_OSPFD
help
Build ospfd daemon.
-config BR2_PACKAGE_QUAGGA_OPAQUE_LSA
- bool "OSPF Opaque-LSA with OSPFAPI support (RFC2370)"
- depends on BR2_PACKAGE_QUAGGA_OSPFD
-
config BR2_PACKAGE_QUAGGA_OSPF6D
bool "OSPFv3 (IPv6) protocol"
help
diff --git a/package/quagga/quagga.hash b/package/quagga/quagga.hash
index ba293c414d38..fdc7472d7506 100644
--- a/package/quagga/quagga.hash
+++ b/package/quagga/quagga.hash
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
-sha256 6fd6baadb136a801c29c1dd72d0fe69da9f19ae498e87bff7057778361e43b14 quagga-0.99.24.1.tar.xz
+sha256 034e21f87164f44f1c4c89d8fafed4acede298fe3fafbf9277f079544178c66b quagga-1.0.20160309.tar.xz
diff --git a/package/quagga/quagga.mk b/package/quagga/quagga.mk
index 4a5559401c05..93c01f9c37f4 100644
--- a/package/quagga/quagga.mk
+++ b/package/quagga/quagga.mk
@@ -4,7 +4,7 @@
#
################################################################################
-QUAGGA_VERSION = 0.99.24.1
+QUAGGA_VERSION = 1.0.20160309
QUAGGA_SOURCE = quagga-$(QUAGGA_VERSION).tar.xz
QUAGGA_SITE = http://download.savannah.gnu.org/releases/quagga
QUAGGA_DEPENDENCIES = host-gawk
@@ -22,7 +22,6 @@ QUAGGA_CONF_OPTS += --disable-capabilities
endif
QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_ZEBRA),--enable-zebra,--disable-zebra)
-QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_BABELD),--enable-babeld,--disable-babeld)
QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_BGPD),--enable-bgpd,--disable-bgpd)
QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_RIPD),--enable-ripd,--disable-ripd)
QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_RIPNGD),--enable-ripngd,--disable-ripngd)
@@ -33,7 +32,6 @@ QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_WATCHQUAGGA),--enable-watchquagga,
QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_ISISD),--enable-isisd,--disable-isisd)
QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_BGP_ANNOUNCE),--enable-bgp-announce,--disable-bgp-announce)
QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_TCP_ZERBRA),--enable-tcp-zebra,--disable-tcp-zebra)
-QUAGGA_CONF_OPTS += $(if $(BR2_PACKAGE_QUAGGA_OPAQUE_LSA),--enable-opaque-lsa,--disable-opaque-lsa)
ifeq ($(BR2_PACKAGE_QUAGGA_SNMP),y)
QUAGGA_CONF_ENV += ac_cv_path_NETSNMP_CONFIG=$(STAGING_DIR)/usr/bin/net-snmp-config
--
2.7.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] quagga: security bump to version 1.0.20160309
2016-03-15 16:12 [Buildroot] [PATCH] quagga: security bump to version 1.0.20160309 Baruch Siach
@ 2016-03-15 19:56 ` Peter Korsgaard
2016-03-16 8:21 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2016-03-15 19:56 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Fixes CVE-2016-2342 (AKA VU#270232): Quagga bgpd with BGP peers enabled for
> VPNv4 contains a buffer overflow vulnerability.
> Remove the --enable-babeld and --enable-opaque-lsa configure options that were
> removed in this release.
> See the release announcement at
> https://lists.quagga.net/pipermail/quagga-dev/2016-March/014938.html.
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] quagga: security bump to version 1.0.20160309
2016-03-15 16:12 [Buildroot] [PATCH] quagga: security bump to version 1.0.20160309 Baruch Siach
2016-03-15 19:56 ` Peter Korsgaard
@ 2016-03-16 8:21 ` Peter Korsgaard
2016-03-16 8:23 ` Baruch Siach
1 sibling, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2016-03-16 8:21 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Fixes CVE-2016-2342 (AKA VU#270232): Quagga bgpd with BGP peers enabled for
> VPNv4 contains a buffer overflow vulnerability.
> Remove the --enable-babeld and --enable-opaque-lsa configure options that were
> removed in this release.
> See the release announcement at
> https://lists.quagga.net/pipermail/quagga-dev/2016-March/014938.html.
This unfortunately causes some new build errors:
http://autobuild.buildroot.net/?reason=quagga-1.0.20160309
make[3]: *** No rule to make target `../ospfd/libospf.la', needed by `libospfapiclient.la'. Stop.
Perhaps a parallel build issue? Care to take a look?
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] quagga: security bump to version 1.0.20160309
2016-03-16 8:21 ` Peter Korsgaard
@ 2016-03-16 8:23 ` Baruch Siach
0 siblings, 0 replies; 4+ messages in thread
From: Baruch Siach @ 2016-03-16 8:23 UTC (permalink / raw)
To: buildroot
Hi Peter,
On Wed, Mar 16, 2016 at 09:21:03AM +0100, Peter Korsgaard wrote:
> >>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
>
> > Fixes CVE-2016-2342 (AKA VU#270232): Quagga bgpd with BGP peers enabled for
> > VPNv4 contains a buffer overflow vulnerability.
>
> > Remove the --enable-babeld and --enable-opaque-lsa configure options that were
> > removed in this release.
>
> > See the release announcement at
> > https://lists.quagga.net/pipermail/quagga-dev/2016-March/014938.html.
>
> This unfortunately causes some new build errors:
>
> http://autobuild.buildroot.net/?reason=quagga-1.0.20160309
>
> make[3]: *** No rule to make target `../ospfd/libospf.la', needed by `libospfapiclient.la'. Stop.
>
> Perhaps a parallel build issue? Care to take a look?
I noticed that. I'll look into it later today.
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-03-16 8:23 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-03-15 16:12 [Buildroot] [PATCH] quagga: security bump to version 1.0.20160309 Baruch Siach
2016-03-15 19:56 ` Peter Korsgaard
2016-03-16 8:21 ` Peter Korsgaard
2016-03-16 8:23 ` Baruch Siach
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox