• Quagga 1.2.4

    Paul Jakma 4 years ago 3 commits to master since this release

    A brown paper release, to fix an error causing asserts in daemons. See With thanks to Sergey Popov, Andreas Nilsson and Xiami.

    Summary of changes:

    lib: Fix assert in thread_add_unuse if thread_execute was used lib: Avoid re-definition of IPPROTO_IP with some versions of Linux

    Full changelog:

    commit 9d7a49f609 Author: Paul Jakma Date: Mon Feb 19 20:55:20 2018 +0000

    lib: Fix assert in thread_add_unuse if thread_execute was used
    * thread.c: (thread_call) thread_execute passes in a dummy thread, on its
      stack, with a NULL thread master. Those shouldn't be added to the unuse
      list or thread_add_unuse rightly asserts.
      Fix this very dumb bug.
      With thanks to Sergey Popov,, and Andreas Nilsson,, for help with diagnosis and testing.

    commit fed50218de Author: Xiami Date: Sun Feb 4 16:35:42 2018 +0000

    lib: Avoid re-definition of IPPROTO_IP with some versions of Linux
    * Starting from linux-4.11 [commit
      bcb41c6bced1ee778d23c53a6b4807fb08cf5540], linux/mroute.h includes
      linux/in.h , that makes gcc roar a lot of things like "error:
      redeclaration of enumerator 'IPPROTO_IP'" when compiling quagga-1.2.2
      lib/zebra.h includes sys/capability.h first, then includes
      netinet/in.h . In sys/capability.h, it includes linux/xattr.h, and
      that includes linux/libc-compat.h . Since at that time netinet/in.h is
      not included yet, _NETINET_IN_H is not defined, causing libc-compat.h
      set __UAPI_DEF_IN_IPPROTO to 1. Then, a include of netinet/in.h
      defines IPPROTO_IP. Later a include of linux/mroute.h includes
      linux/in.h. Because __UAPI_DEF_IN_IPPROTO is set to non zero,
      IPPROTO_IP is redeclared.
    * lib/zebra.h: Move the privs/capabilities include block to after the
      network block.
  • Quagga 1.2.3, with important BGP security fixes

    Paul Jakma 4 years ago 7 commits to master since this release

    Quagga 1.2.3 has been released, available from the usual place:

    This is a minor release, with a series of bug fixes, including potentially important BGP security fixes.

    This includes a fix in bgpd for a double-free that can be triggered by UPDATE messages with transitive attributes, which could be sent by a BGP speaker many hops away. The severity of this issue is unknown and depends on implementations details of the system malloc library. The issue may have little impact on some systems, but also could trigger a crash, or even be remotely exploitable.

    Advisories for the security fixes will appear at:

    This release contains a candidate fix for Bug#870, affecting IPv6 advertisement. It is reported to fix issues for some users, but other users still report problems. Please see:

    With thanks to Alban Browaeys, Balaji Gurudoss, Borg, Scott Leggett and Debian QA Group, Eugene Bogomazov, Evgeny Uskov, Gerrie Roos, Mathieu Jadin, Pier Carlo Chiodi, and Rolf Eike Beer.

    The change-list overview:

    • doc/security: Security announcements for 4 issues
    • doc/security: Add a doc/security folder and template for announcements
    • doc: Add commit message template, suitable for commit.template
    • bgpd: remove stream_pnt use for notify data
    • lib/privs: Remove of CAP_NET_BROADCAST forgot to decrement array count
    • bgpd/security: debug print of received NOTIFY data can over-read msg array
    • bgpd/security: fix infinite loop on certain invalid OPEN messages
    • bgpd/security: Fix double free of unknown attribute
    • bgpd/security: invalid attr length sends NOTIFY with data overrun
    • zebra/redistribute: Implicit withdraw needs to be explicit if update isn't sent
    • doc: 'match aspath' should be 'match as-path'
    • bgpd: fix SIGBUS
    • bgpd: Fix mistake in NHT of connected IPv6 next-hops preventing route advertisement
    • Updated the protocol supported list
    • lib/command: make config file robust more robust and kinder to system
    • doc: Bring documentation on Zserv header up to date.
    • bgpd: distance comment
    • doc: Fix small but important logical mistake in community-list example
    • doc: document that changing bgp distance needs a hard clear of routes
    • bgpd: malformed attribute handling: don't pass on, and add missing notify
    • lib/filter: change add/delete callback hooks to robustly delete
    • Revert "lib: Fix Free Pointer dereference in lib/filter.c"
    • Revert "lib: call filter delete hook before freeing access list"
    • infra/buildbot: allow bots to be picked out by installed compiler.
    • infra/buildbot: Add bots, add JSON "env" config variable, poll all git branches
    • lib: ptr macro arg may need brackets in some cases
    • distro/systemd: add man page ref and set config file permissions
    • doc: Fix manpage number for ospfclient.
    • vtysh: Fix spelling errors in strings flagged by lintian.
    • doc: Tweak grammar in zebra manpage to keep lintian happy.
    • vtysh: print error if PAM auth does not succeed
    • lib/thread: get rid of the shallow-copy thread_fetch add a sane thread_main
    • buildbot/master: use a helper generator for make cmd string list
    • buildbot/master: fix the common steps
    • buildbot/master: Add OBSD bot, and support for environment variable config
    • build: AC_EGREPP_CPP actions wrong way around, worked by accident mostly.
    • build: Work around illumos still shipping a prehistoric AWK as default
    • tests: Remove DejaGNU, automake already supports tallying exit based tests
    • build: LT_INIT obsoletes AC_PROG_RANLIB
    • doc: tweak CSS to Quagga colours
    • bgpd: fix file descriptor leaks in vty_close
    • Fix wrong command persisted by vtysh
    • Fix malformed AS_SEQUENCE segments for long as path