From 412d061bfbf23d1e908eed3f8405b1af46fb1ba8 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 17 Jul 2012 00:01:52 +0000 Subject: Tue Jul 17 00:01:52 UTC 2012 --- community/quagga/0002-CVE-2012-1820.patch | 74 +++++++++++++++++++++++++++++++ community/quagga/PKGBUILD | 60 +++++++++++++++++++------ community/quagga/babeld.service | 12 +++++ community/quagga/bgpd.service | 12 +++++ community/quagga/isisd.service | 12 +++++ community/quagga/ospf6d.service | 12 +++++ community/quagga/ospfd.service | 12 +++++ community/quagga/ripd.service | 12 +++++ community/quagga/ripngd.service | 12 +++++ community/quagga/zebra.service | 12 +++++ 10 files changed, 217 insertions(+), 13 deletions(-) create mode 100644 community/quagga/0002-CVE-2012-1820.patch create mode 100644 community/quagga/babeld.service create mode 100644 community/quagga/bgpd.service create mode 100644 community/quagga/isisd.service create mode 100644 community/quagga/ospf6d.service create mode 100644 community/quagga/ospfd.service create mode 100644 community/quagga/ripd.service create mode 100644 community/quagga/ripngd.service create mode 100644 community/quagga/zebra.service (limited to 'community/quagga') diff --git a/community/quagga/0002-CVE-2012-1820.patch b/community/quagga/0002-CVE-2012-1820.patch new file mode 100644 index 000000000..aae2d7b18 --- /dev/null +++ b/community/quagga/0002-CVE-2012-1820.patch @@ -0,0 +1,74 @@ +@@ -, +, @@ + bgpd: CVE-2012-1820, DoS in bgp_capability_orf() + + An ORF (code 3) capability TLV is defined to contain exactly one + AFI/SAFI block. Function bgp_capability_orf(), which parses ORF + capability TLV, uses do-while cycle to call its helper function + bgp_capability_orf_entry(), which actually processes the AFI/SAFI data + block. The call is made at least once and repeated as long as the input + buffer has enough data for the next call. + + The helper function, bgp_capability_orf_entry(), uses "Number of ORFs" + field of the provided AFI/SAFI block to verify, if it fits the input + buffer. However, the check is made based on the total length of the ORF + TLV regardless of the data already consumed by the previous helper + function call(s). This way, the check condition is only valid for the + first AFI/SAFI block inside an ORF capability TLV. + + For the subsequent calls of the helper function, if any are made, the + check condition may erroneously tell, that the current "Number of ORFs" + field fits the buffer boundary, where in fact it does not. This makes it + possible to trigger an assertion by feeding an OPEN message with a + specially-crafted malformed ORF capability TLV. + + This commit fixes the vulnerability by making the implementation follow + the spec. +--- a/bgpd/bgp_open.c ++++ a/bgpd/bgp_open.c +@@ -231,7 +231,7 @@ bgp_capability_orf_entry (struct peer *peer, struct capability_header *hdr) + } + + /* validate number field */ +- if (sizeof (struct capability_orf_entry) + (entry.num * 2) > hdr->length) ++ if (sizeof (struct capability_orf_entry) + (entry.num * 2) != hdr->length) + { + zlog_info ("%s ORF Capability entry length error," + " Cap length %u, num %u", +@@ -335,28 +335,6 @@ bgp_capability_orf_entry (struct peer *peer, struct capability_header *hdr) + } + + static int +-bgp_capability_orf (struct peer *peer, struct capability_header *hdr) +-{ +- struct stream *s = BGP_INPUT (peer); +- size_t end = stream_get_getp (s) + hdr->length; +- +- assert (stream_get_getp(s) + sizeof(struct capability_orf_entry) <= end); +- +- /* We must have at least one ORF entry, as the caller has already done +- * minimum length validation for the capability code - for ORF there must +- * at least one ORF entry (header and unknown number of pairs of bytes). +- */ +- do +- { +- if (bgp_capability_orf_entry (peer, hdr) == -1) +- return -1; +- } +- while (stream_get_getp(s) + sizeof(struct capability_orf_entry) < end); +- +- return 0; +-} +- +-static int + bgp_capability_restart (struct peer *peer, struct capability_header *caphdr) + { + struct stream *s = BGP_INPUT (peer); +@@ -573,7 +551,7 @@ bgp_capability_parse (struct peer *peer, size_t length, int *mp_capability, + break; + case CAPABILITY_CODE_ORF: + case CAPABILITY_CODE_ORF_OLD: +- if (bgp_capability_orf (peer, &caphdr)) ++ if (bgp_capability_orf_entry (peer, &caphdr)) + return -1; + break; + case CAPABILITY_CODE_RESTART: diff --git a/community/quagga/PKGBUILD b/community/quagga/PKGBUILD index 68590da61..d24c91df3 100644 --- a/community/quagga/PKGBUILD +++ b/community/quagga/PKGBUILD @@ -1,9 +1,9 @@ -# $Id: PKGBUILD 72737 2012-06-21 19:55:00Z seblu $ +# $Id: PKGBUILD 73818 2012-07-15 23:51:42Z seblu $ # Maintainer: Sébastien Luttringer pkgname=quagga pkgver=0.99.21 -pkgrel=1 +pkgrel=2 pkgdesc='BGP/OSPF/ISIS/RIP/RIPNG routing daemon suite' arch=('i686' 'x86_64') url='http://www.quagga.net' @@ -15,16 +15,41 @@ install=quagga.install source=("http://download.savannah.gnu.org/releases/$pkgname/$pkgname-$pkgver.tar.gz" 'quagga.rc' 'quagga.conf' - '0001-isisd-fix-typo-in-topology-generator-BZ-731.patch') + 'babeld.service' + 'bgpd.service' + 'isisd.service' + 'ospf6d.service' + 'ospfd.service' + 'ripd.service' + 'ripngd.service' + 'zebra.service' + '0001-isisd-fix-typo-in-topology-generator-BZ-731.patch' + '0002-CVE-2012-1820.patch') md5sums=('99840adbe57047c90dfba6b6ed9aec7f' '71d474228a1e02d698cd24e9fd55ca38' '0c4f2dd13c7dac1b73de923d1d5e4e17' - 'c80174f7bdd32cd84550d52451e8f495') + '45d8bf56a426b0e7ebe429547be8a27a' + 'ab31ed8dafd7a92137f4f00ad0937b4f' + '4c05d0105cd0db23a2583bd75a1bde4d' + 'd087dce5eeba78ac64541157c7e04dfd' + 'c5f8a729685cebf8fc5b1a1552d37b6d' + 'e721b334bb0b31983642b307033c63d0' + 'effeb26ff78ffcafe7808596ddc5d3fc' + 'a4bf0a090747bd7dc4094a1e6e96e6ad' + 'c80174f7bdd32cd84550d52451e8f495' + '44f39016d81f3b13b2744f7dcd93289d') build() { cd $pkgname-$pkgver - patch -p 1 -i "$srcdir/0001-isisd-fix-typo-in-topology-generator-BZ-731.patch" - ./configure --prefix=/usr --sysconfdir=/etc/quagga --localstatedir=/run/quagga \ + shopt -s nullglob + for _p in "$srcdir"/*.patch; do + msg2 "Applying ${_p##*/}" + patch -p 1 -i "$_p" + done + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc/quagga \ + --localstatedir=/run/quagga \ --enable-exampledir=/usr/share/doc/quagga/examples \ --enable-vtysh \ --enable-isisd \ @@ -35,28 +60,37 @@ build() { --enable-irdp \ --enable-pcreposix \ --enable-multipath=64 \ - --enable-user=nobody \ - --enable-group=nobody \ + --enable-user=quagga \ + --enable-group=quagga \ --enable-configfile-mask=0640 \ --enable-logfile-mask=0640 make } package() { + # upstream install + cd $pkgname-$pkgver + make DESTDIR="$pkgdir" install + + # logrotate stuff + install -D -m 644 redhat/$pkgname.logrotate "$pkgdir/etc/logrotate.d/$pkgname" + sed -ri 's,/var/run/quagga,/run/quagga,g' "$pkgdir/etc/logrotate.d/$pkgname" + # initscripts files - for d in zebra ripd ripngd bgpd ospfd ospf6d isisd; do + cd "$srcdir" + for d in zebra ripd ripngd bgpd ospfd ospf6d isisd babeld; do install -D -m 755 $pkgname.rc "$pkgdir/etc/rc.d/$d" install -D -m 644 $pkgname.conf "$pkgdir/etc/conf.d/$d" backup+=("etc/conf.d/$d") done - # create /run/quagga directory at startup + # systemd stuff + for d in zebra ripd ripngd bgpd ospfd ospf6d isisd babeld; do + install -D -m 644 $d.service "$pkgdir/usr/lib/systemd/system/$d.service" + done install -D -m 644 /dev/null "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf" echo "d /run/$pkgname 0750 $pkgname $pkgname" > "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf" - # soft - cd $pkgname-$pkgver - make DESTDIR="$pkgdir" install } # vim:set ts=2 sw=2 ft=sh et: diff --git a/community/quagga/babeld.service b/community/quagga/babeld.service new file mode 100644 index 000000000..5b2848042 --- /dev/null +++ b/community/quagga/babeld.service @@ -0,0 +1,12 @@ +[Unit] +Description=Babel routing daemon +BindTo=zebra.service +After=network.target zebra.service +ConditionPathExists=/etc/quagga/babeld.conf + +[Service] +ExecStart=/usr/sbin/babeld +Restart=on-abort + +[Install] +WantedBy=multi-user.target diff --git a/community/quagga/bgpd.service b/community/quagga/bgpd.service new file mode 100644 index 000000000..21ac18c8a --- /dev/null +++ b/community/quagga/bgpd.service @@ -0,0 +1,12 @@ +[Unit] +Description=BGP routing daemon +BindTo=zebra.service +After=network.target zebra.service +ConditionPathExists=/etc/quagga/bgpd.conf + +[Service] +ExecStart=/usr/sbin/bgpd +Restart=on-abort + +[Install] +WantedBy=multi-user.target diff --git a/community/quagga/isisd.service b/community/quagga/isisd.service new file mode 100644 index 000000000..298946998 --- /dev/null +++ b/community/quagga/isisd.service @@ -0,0 +1,12 @@ +[Unit] +Description=IS-IS routing daemon +BindTo=zebra.service +After=network.target zebra.service +ConditionPathExists=/etc/quagga/isisd.conf + +[Service] +ExecStart=/usr/sbin/isisd +Restart=on-abort + +[Install] +WantedBy=multi-user.target diff --git a/community/quagga/ospf6d.service b/community/quagga/ospf6d.service new file mode 100644 index 000000000..31194fc6e --- /dev/null +++ b/community/quagga/ospf6d.service @@ -0,0 +1,12 @@ +[Unit] +Description=OSPF routing daemon for IPv6 +BindTo=zebra.service +After=network.target zebra.service +ConditionPathExists=/etc/quagga/ospf6d.conf + +[Service] +ExecStart=/usr/sbin/ospf6d +Restart=on-abort + +[Install] +WantedBy=multi-user.target diff --git a/community/quagga/ospfd.service b/community/quagga/ospfd.service new file mode 100644 index 000000000..f864aa258 --- /dev/null +++ b/community/quagga/ospfd.service @@ -0,0 +1,12 @@ +[Unit] +Description=OSPF routing daemon +BindTo=zebra.service +After=network.target zebra.service +ConditionPathExists=/etc/quagga/ospfd.conf + +[Service] +ExecStart=/usr/sbin/ospfd +Restart=on-abort + +[Install] +WantedBy=multi-user.target diff --git a/community/quagga/ripd.service b/community/quagga/ripd.service new file mode 100644 index 000000000..22716e2c9 --- /dev/null +++ b/community/quagga/ripd.service @@ -0,0 +1,12 @@ +[Unit] +Description=RIP routing daemon +BindTo=zebra.service +After=network.target zebra.service +ConditionPathExists=/etc/quagga/ripd.conf + +[Service] +ExecStart=/usr/sbin/ripd +Restart=on-abort + +[Install] +WantedBy=multi-user.target diff --git a/community/quagga/ripngd.service b/community/quagga/ripngd.service new file mode 100644 index 000000000..9ac51bd1c --- /dev/null +++ b/community/quagga/ripngd.service @@ -0,0 +1,12 @@ +[Unit] +Description=RIP routing daemon for IPv6 +BindTo=zebra.service +After=network.target zebra.service +ConditionPathExists=/etc/quagga/ripngd.conf + +[Service] +ExecStart=/usr/sbin/ripngd +Restart=on-abort + +[Install] +WantedBy=multi-user.target diff --git a/community/quagga/zebra.service b/community/quagga/zebra.service new file mode 100644 index 000000000..e0f87f9bc --- /dev/null +++ b/community/quagga/zebra.service @@ -0,0 +1,12 @@ +[Unit] +Description=GNU Zebra routing manager +After=network.target +ConditionPathExists=/etc/quagga/zebra.conf + +[Service] +ExecStartPre=/sbin/ip route flush proto zebra +ExecStart=/usr/sbin/zebra +Restart=on-abort + +[Install] +WantedBy=multi-user.target -- cgit v1.2.3-54-g00ecf