ports/149940: security update for Quagga

mike tancsa mike at sentex.net
Tue Aug 24 15:50:02 UTC 2010 

>Number:         149940
>Category:       ports
>Synopsis:       security update for Quagga
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 24 15:50:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     mike tancsa
>Release:        RELENG_8
>Organization:
sentex
>Environment:
8.1-STABLE FreeBSD 8.1-STABLE #1: Fri Aug  6 09:20:04 EDT 2010 
>Description:
Full changelog is at 
http://www.quagga.net/download/quagga-0.99.17.changelog.txt
"This release provides two important bugfixes, which address remote crash possibility in bgpd discovered by CROSS team."

The patch in files/patch-lib-sockopt.c
fixes the bug in

http://www.freebsd.org/cgi/query-pr.cgi?pr=148238

which prevents ripng and ospfd from working on FreeBSD

>How-To-Repeat:
install the previous version of the port
>Fix:
# cat files/patch-lib-sockopt.c
--- lib/sockopt.c.orig  2008-01-11 16:47:21.000000000 +0300
+++ lib/sockopt.c       2008-01-11 16:47:57.000000000 +0300
@@ -23,6 +23,10 @@
 #include "log.h"
 #include "sockopt.h"
 
+#ifdef HAVE_STRUCT_IP_MREQN_IMR_IFINDEX
+#undef HAVE_STRUCT_IP_MREQN_IMR_IFINDEX
+#endif
+
 int
 setsockopt_so_recvbuf (int sock, int size)
 {


--- Makefile.prev       2010-08-24 11:00:10.000000000 -0400
+++ Makefile    2010-08-24 11:00:18.000000000 -0400
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=      quagga
-PORTVERSION=   0.99.16
+PORTVERSION=   0.99.17
 CATEGORIES=    net ipv6
 MASTER_SITES=  http://quagga.net/download/ \
                http://www.ru.quagga.net/download/ \


# diff -u distinfo.prev distinfo
--- distinfo.prev       2010-08-24 11:00:07.000000000 -0400
+++ distinfo    2010-08-24 11:01:09.000000000 -0400
@@ -1,3 +1,3 @@
-MD5 (quagga-0.99.16.tar.gz) = 350fb150be526cdfc4d2b093cb4d69a7
-SHA256 (quagga-0.99.16.tar.gz) = 840e376bf42a3c5ee1069eedddb195749b1ebadeef6cacd9fee24ed6f44c35c5
-SIZE (quagga-0.99.16.tar.gz) = 2168417
+MD5 (quagga-0.99.17.tar.gz) = 37b9022adca04b03863d2d79787e643f
+SHA256 (quagga-0.99.17.tar.gz) = 1d77df121a334e9504b45e489ee7ce35bf478e27d33cd2793a23280b59d9efd4
+SIZE (quagga-0.99.17.tar.gz) = 2202151


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list