[quagga-dev 4135] Re: Patch snippet for CVE-2006-2276 (bgpd DoS) for backporting?

Paul Jakma paul at clubi.ie
Sun May 14 07:36:35 BST 2006


Hi Christian,

On Sat, 13 May 2006, Christian Hammers wrote:

> To prepare security update packages for quagga-0.98.3 which was 
> released with Debian 3.1, I need a small-as-possible patch. Can 
> someone point me to the corresponding CVS commit? The diff between 
> 0.98.5 and 0.98.6 is too big to figure out what is necessary.

The following URL[2] might be of help:

  http://cvs.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=shortlog;h=quagga_0_98_stable

You want this commit:

  http://cvs.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=0b179e88111c53b065a5b33e6071f3ad26231d8c

The 'plain' hyper-link gets you the raw diff.

The following is probably also required (same area), but is not in 
0.98 yet:

  http://cvs.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=7843f3c9dd257f9c90d39160ca8c92e74d8b4443

> (I already have patches for the two ripd problems)

Note that you also need:

 	http://lists.quagga.net/pipermail/quagga-users/2006-May/006884.html

for the backwards compatibility issues to work as I had intended (and 
documented) in 0.98. There may be a 0.98.7 to further deal with 
configuration backwards-compatiblity[1].

1. Still awaiting comments on that thread from anyone as to how ripd 
/ought/ to behave..

2. And no, the other maintainers don't use git, so the git repository 
above may lag slightly from CVS, depending on when I sync it with 
CVS. It's very useful none the less.

regards,
-- 
Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
Fortune:
backup tape overwritten with copy of system manager's favourite CD



More information about the Quagga-dev mailing list