[quagga-dev 16706] Quagga 1.2.3 release: BGP security fixes

Paul Jakma paul at jakma.org
Thu Feb 15 21:40:53 GMT 2018


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Quagga 1.2.3 has been released, available from the usual place:

https://download.savannah.gnu.org/releases/quagga/

This release contains a number of fixes, including potentially important 
BGP security fixes.

This includes a fix in bgpd for a double-free that can be triggered by 
UPDATE messages with transitive attributes, which could be sent by a BGP 
speaker many hops away. The severity of this issue is unknown and 
depends on implementations details of the system malloc library. The 
issue may have little impact on some systems, but also could trigger a 
crash, or even be remotely exploitable.

Advisories for the security fixes will appear at:

* https://www.quagga.net/security/Quagga-2018-0543.txt
* https://www.quagga.net/security/Quagga-2018-1114.txt
* https://www.quagga.net/security/Quagga-2018-1550.txt
* https://www.quagga.net/security/Quagga-2018-1975.txt

This release contains a candidate fix for Bug#870, affecting IPv6 
advertisement. It is reported to fix issues for some users, but other 
users still report problems. Please see:

* https://bugzilla.quagga.net/show_bug.cgi?id=870

With thanks to Alban Browaeys, Balaji Gurudoss, Borg, Scott Leggett and 
Debian QA Group, Eugene Bogomazov, Evgeny Uskov, Gerrie Roos, Mathieu 
Jadin, Pier Carlo Chiodi, and Rolf Eike Beer.

The change-list overview:

* doc/security: Security announcements for 4 issues
* doc/security: Add a doc/security folder and template for announcements
* doc: Add commit message template,  suitable for commit.template
* bgpd: remove stream_pnt use for notify data
* lib/privs: Remove of CAP_NET_BROADCAST forgot to decrement array count
* bgpd/security: debug print of received NOTIFY data can over-read msg array
* bgpd/security: fix infinite loop on certain invalid OPEN messages
* bgpd/security: Fix double free of unknown attribute
* bgpd/security: invalid attr length sends NOTIFY with data overrun
* zebra/redistribute: Implicit withdraw needs to be explicit if update isn't sent
* doc: 'match aspath' should be 'match as-path'
* bgpd: fix SIGBUS
* bgpd: Fix mistake in NHT of connected IPv6 next-hops preventing route advertisement
* Updated the protocol supported list
* lib/command: make config file robust more robust and kinder to system
* doc: Bring documentation on Zserv header up to date.
* bgpd: distance comment
* doc: Fix small but important logical mistake in community-list example
* doc: document that changing bgp distance needs a hard clear of routes
* bgpd: malformed attribute handling: don't pass on, and add missing notify
* lib/filter: change add/delete callback hooks to robustly delete
* Revert "lib: Fix Free Pointer dereference in lib/filter.c"
* Revert "lib: call filter delete hook before freeing access list"
* infra/buildbot: allow bots to be picked out by installed compiler.
* infra/buildbot: Add bots, add JSON "env" config variable, poll all git branches
* lib: ptr macro arg may need brackets in some cases
* distro/systemd: add man page ref and set config file permissions
* doc: Fix manpage number for ospfclient.
* vtysh: Fix spelling errors in strings flagged by lintian.
* doc: Tweak grammar in zebra manpage to keep lintian happy.
* vtysh: print error if PAM auth does not succeed
* lib/thread: get rid of the shallow-copy thread_fetch add a sane thread_main
* buildbot/master: use a helper generator for make cmd string list
* buildbot/master: fix the common steps
* buildbot/master: Add OBSD bot, and support for environment variable config
* build: AC_EGREPP_CPP actions wrong way around, worked by accident mostly.
* build: Work around illumos still shipping a prehistoric AWK as default
* tests: Remove DejaGNU, automake already supports tallying exit based tests
* build: LT_INIT obsoletes AC_PROG_RANLIB
* doc: tweak CSS to Quagga colours
* bgpd: fix file descriptor leaks in vty_close
* Fix wrong command persisted by vtysh
* Fix malformed AS_SEQUENCE segments for long as path

The full Changelog:

commit 88d6516676cbcefb6ecdc1828cf59ba3a6e5fe7b
Author: Paul Jakma <paul at jakma.org>
Date:   Sun Feb 4 17:34:34 2018 +0000

     release: Quagga 1.2.3

commit cbffa53cc0454bcc4ab95d9363b13fb8c68301d4
Author: Paul Jakma <paul at jakma.org>
Date:   Sun Jan 21 17:02:32 2018 +0000

     doc/security: Security announcements for 4 issues

     * doc/security/Quagga-2018-0543.txt: attr_endp used for NOTIFY data
     * doc/security/Quagga-2018-1114.txt: bgpd double free
     * doc/security/Quagga-2018-1550.txt: debug overrun in notify lookup tables
     * doc/security/Quagga-2018-1975.txt: BGP capability inf. loop

commit f080b436bbddf8d28dd991c967dcac5288272522
Author: Paul Jakma <paul at jakma.org>
Date:   Sun Jan 21 17:01:18 2018 +0000

     doc/security: Add a doc/security folder and template for announcements

     * doc/security: New folder to store Quagga security announcements,
       where they can be revision controlled.
     * doc/security/template.txt: Template for announcements

commit 621d8174d4f30e11cc8fca3324eb9d7579d9c01c
Author: Paul Jakma <paul at jakma.org>
Date:   Sat Jan 20 12:15:40 2018 +0000

     doc: Add commit message template,  suitable for commit.template

     * doc/commit-template.txt: Add git commit template, that can be enabled
       via:

       git config --add commit.template doc/commit-template.txt

commit f1ee20c940a712c685f5435d2d5af212a8f76702
Author: Paul Jakma <paul at jakma.org>
Date:   Thu Jan 4 00:22:53 2018 +0000

     bgpd: remove stream_pnt use for notify data

     * bgp_packet.c: (bgp_open_receive) Remove the stream_pnt introduced
       in c69698704806a9ac50. stream_pnt / BGP_INPUT_PNT / etc. should be avoided
       as much possible, and I/O put through the lib/stream checked buffer as much
       as possible.

       Not really any functional effect here given the fixed size, other than to
       remove something that shouldn't be copied.

commit 5c2cba2d3945b302f4276174dd0f182a5d3dc501
Author: Paul Jakma <paul at jakma.org>
Date:   Wed Jan 3 23:44:30 2018 +0000

     lib/privs: Remove of CAP_NET_BROADCAST forgot to decrement array count

     * lib/privs.c: (cap_map) Removal of Linux CAP_NET_BROADCAST from ZCAP_BIND
       forgot to decrement the array count in the 'num' field. Resulting in an
       overread of memory from zcaps2sys from zprivs_caps_init.

commit 9e5251151894aefdf8e9392a2371615222119ad8
Author: Paul Jakma <paul at jakma.org>
Date:   Sat Jan 6 22:31:52 2018 +0000

     bgpd/security: debug print of received NOTIFY data can over-read msg array

     Security issue: Quagga-2018-1550
     See: https://www.quagga.net/security/Quagga-2018-1550.txt

     * bgpd/bgp_debug.c: (struct message) Nearly every one of the NOTIFY
       code/subcode message arrays has their corresponding size variables off
       by one, as most have 1 as first index.

       This means (bgp_notify_print) can cause mes_lookup to overread the (struct
       message) by 1 pointer value if given an unknown index.

       Fix the bgp_notify_..._msg_max variables to use the compiler to calculate
       the correct sizes.

commit ce07207c50a3d1f05d6dd49b5294282e59749787
Author: Paul Jakma <paul at jakma.org>
Date:   Sat Jan 6 21:20:51 2018 +0000

     bgpd/security: fix infinite loop on certain invalid OPEN messages

     Security issue: Quagga-2018-1975
     See: https://www.quagga.net/security/Quagga-2018-1975.txt

     * bgpd/bgp_packet.c: (bgp_capability_msg_parse) capability parser can infinite
       loop due to checks that issue 'continue' without bumping the input
       pointer.

commit e69b535f92eafb599329bf725d9b4c6fd5d7fded
Author: Paul Jakma <paul at jakma.org>
Date:   Sat Jan 6 19:52:10 2018 +0000

     bgpd/security: Fix double free of unknown attribute

     Security issue: Quagga-2018-1114
     See: https://www.quagga.net/security/Quagga-2018-1114.txt

     It is possible for bgpd to double-free an unknown attribute. This can happen
     via bgp_update_receive receiving an UPDATE with an invalid unknown attribute.
     bgp_update_receive then will call bgp_attr_unintern_sub and bgp_attr_flush,
     and the latter may try free an already freed unknown attr.

     * bgpd/bgp_attr.c: (transit_unintern) Take a pointer to the caller's storage
       for the (struct transit *), so that transit_unintern can NULL out the
       caller's reference if the (struct transit) is freed.
       (cluster_unintern) By inspection, appears to have a similar issue.
       (bgp_attr_unintern_sub) adjust for above.

commit cc2e6770697e343f4af534114ab7e633d5beabec
Author: Paul Jakma <paul at jakma.org>
Date:   Wed Jan 3 23:57:33 2018 +0000

     bgpd/security: invalid attr length sends NOTIFY with data overrun

     Security issue: Quagga-2018-0543

     See: https://www.quagga.net/security/Quagga-2018-0543.txt

     * bgpd/bgp_attr.c: (bgp_attr_parse) An invalid attribute length is correctly
       checked, and a NOTIFY prepared.  The NOTIFY can include the incorrect
       received data with the NOTIFY, for debug purposes.  Commit
       c69698704806a9ac5 modified the code to do that just, and also send the
       malformed attr with the NOTIFY.  However, the invalid attribute length was
       used as the length of the data to send back.

       The result is a read past the end of data, which is then written to the
       NOTIFY message and sent to the peer.

       A configured BGP peer can use this bug to read up to 64 KiB of memory from
       the bgpd process, or crash the process if the invalid read is caught by
       some means (unmapped page and SEGV, or other mechanism) resulting in a DoS.

       This bug _ought_ /not/ be exploitable by anything other than the connected
       BGP peer, assuming the underlying TCP transport is secure.  For no BGP
       peer should send on an UPDATE with this attribute.  Quagga will not, as
       Quagga always validates the attr header length, regardless of type.

       However, it is possible that there are BGP implementations that do not
       check lengths on some attributes (e.g.  optional/transitive ones of a type
       they do not recognise), and might pass such malformed attrs on.  If such
       implementations exists and are common, then this bug might be triggerable
       by BGP speakers further hops away.  Those peers will not receive the
       NOTIFY (unless they sit on a shared medium), however they might then be
       able to trigger a DoS.

       Fix: use the valid bound to calculate the length.

commit 98bdd04e3fdd6790453e0dce13853c2472ce5d15
Author: Gerrie Roos <gerrie at xiplink.com>
Date:   Wed Jan 17 21:16:55 2018 +0000

     zebra/redistribute: Implicit withdraw needs to be explicit if update isn't sent

     * redistribute.{c,h}: (redistribute_add) update of redistributed route is an
       implicit withdraw of the old route. The RIB therefore doesn't bother
       deleting the old route, if doing a redistribute_add. However, if the
       updated route is /not/ sent to a client that received the previous route,
       then such a client is left with bogus state.

       This can happen when the new route is of a type that the client doesn't
       redistibute.

       Fix by passing in the old route, and adding an explicit delete of the old
       route where necessary.

     * zebra_rib.c: (rib_process) pass on the old route too, as per above.
     * redistribute_null.c: testing stub

     See bug #971

     Modification to fix the problem at the redistribute layer instead of the RIB
     suggested by paul at jakma.org.

commit 0bb980bbfbd0292dd69a6af0bfc7306b3ca97fd9
Author: Pier Carlo Chiodi <pc.chiodi at gmail.com>
Date:   Tue Sep 19 09:25:54 2017 +0200

     doc: 'match aspath' should be 'match as-path'

commit adda534f95ec87206c9dfd1b3bae05221dc29730
Author: Rolf Eike Beer <eike at sf-mail.de>
Date:   Mon Dec 4 18:36:21 2017 +0100

     bgpd: fix SIGBUS

     There is one test failure in the testsuite on sparc:

     Running ./bgpd.tests/testbgpcap.exp ...
     failed: testbgpcap ORF: ORF, simple, single entry, single tuple -- testbgpcap  aborted!

     The error is a SIGBUS in bgp_capability_mp_data() because of an unaligned
     memory access.  Use memcpy() instead of direct assignments.  Compilers on
     platforms that support unaligned accesses should be clever enough to
     optimize the function call away and do the direct store, so this should not
     hurt there.

commit 1db1b9baea511995b67a9b282d5c97e87479fe5d
Author: Mathieu Jadin <mathjadin at gmail.com>
Date:   Thu Dec 14 17:53:53 2017 +0100

     bgpd: Fix mistake in NHT of connected IPv6 next-hops preventing route advertisement

     Since quagga-1.2.0, the Next Hop validation for directly connected peers
     using IPv6 does not work.

     In this setup, BGP updates contain two next hops: a global IPv6 address and
     a link-local IPv6 address (a correct behavior according to RFC 2545).  This
     means that the length of the next hop attribute is 32 and not 16.

     The problem comes from the function "make_prefix()" in "bgpd/bgp_nht.c".  It
     refuses to build a prefix structure for a route when the length of the
     [Anext hop attribute is different from 16, even if a valid global IPv6
     address is available.

     The route is mistakenly considered invalid and thus, it is not installed in
     the routing table.

     Details: "make_prefix()" was not modified in quagga-1.2.0 but its
     interpretation was changed in commit
     3dda6b3eccb9a2a88d607372c83c04c796e7daac.  Before this commit, the failure
     of "make_prefix()" was interpreted as a successful validation of the next
     hop.

commit 57fd1a3b237807a9eb8cf977e95a5d66d88a10e5
Author: Balaji Gurudoss <balajig81 at gmail.com>
Date:   Tue May 2 21:50:31 2017 +0530

     Updated the protocol supported list

commit dcfbf4eb452d8483a73e4d487d4d93b46cee1569
Author: Paul Jakma <paul at jakma.org>
Date:   Tue Dec 5 21:09:46 2017 +0000

     lib/command: make config file robust more robust and kinder to system

     * command.c: (config_write_file) Remove two very heavyweights sync()s and
       replace with an fdatasync of just the freshly writen config file data.
       Make the move of the new config into place more robust, by using
       rename instead of unlink/link.

       This should fix a performance issue on systems with slow storage,
       where the syncs were disrupting performance, see bugzilla #966. Should
       also be more robust.

       Problem diagnosed and reported by:

        Patrick Kuijvenhoven <patrick.kuijvenhoven at gmail.com>

       with an initial fix, on which this commit develops, and further work on
       testing.

commit 8d49cd5af30f83af8010c0582561745ef09bdafe
Author: Paul Jakma <paul at jakma.org>
Date:   Sun Jun 4 15:25:22 2017 +0100

     doc: Bring documentation on Zserv header up to date.

commit b720729eab7b531fcdecb6cefe27ae58b799360e
Author: Paul Jakma <paul at jakma.org>
Date:   Wed Apr 26 13:59:40 2017 +0100

     bgpd: distance comment

commit fd52235386e8889244ae22eba9077db9248e05e0
Author: Borg <borg at uu3.net>
Date:   Mon Apr 24 09:51:07 2017 +0100

     doc: Fix small but important logical mistake in community-list example

     * bgpd.texi: Comm-lists must match all communities specified. The text to
       accompany the example however says it is an "or" match, which is wrong
       and very misleading. Fix.

commit 4d942820a8291a8bcb8c6c90425bc52fea1cf5ba
Author: Paul Jakma <paul.jakma at hpe.com>
Date:   Thu Apr 13 17:48:55 2017 +0100

     doc: document that changing bgp distance needs a hard clear of routes

commit 409e437a7a8a059adda9e8fc50c91bd8801c0352
Author: Paul Jakma <paul at quagga.net>
Date:   Tue Mar 27 12:11:52 2012 +0100

     bgpd: malformed attribute handling: don't pass on, and add missing notify

     * bgpd/bgp_attr.c: (bgp_attr_malformed) A malformed attribute should
       never be passed on, even if we proceed with parsing the UPDATE.
       The default reset case should send the NOTIFY itself, so the given subcode
       is used.

commit cfbdd869687dc076256bce455d03b2ccf04b4a77
Author: Paul Jakma <paul.jakma at hpe.com>
Date:   Mon Apr 3 22:02:38 2017 +0100

     lib/filter: change add/delete callback hooks to robustly delete

     * Prior band-aids were made to address use-after-frees in lib/filter
       with deletes, but they introduced another error.  They allowed the
       access-list being deleted to be visible by access_list_lookup from
       the users' delete callback, causing deleted access-list references to
       not be removed, leading to different use-after-frees instead.

       Fix in a robust manner within the filter code.

       This bug was reported and debugged by matt at kontoff.com, with an
       initial fix, on which this commit builds.  See
       https://bugzilla.quagga.net/show_bug.cgi?id=945.

     * filter.h: Change the callback hooks to take the access-list name, not
       the access-list reference.  The name can be a weaker, more opaque
       ref.
     * filter.c: Update hooks calls to pass name.
       (access_list_{insert,lookup})
       guard strcmp of name, as name may now potentially be NULL for access-lists
       in process of being deleted.
       (access_list_filter_delete) Transfer ownership of the access-list name
       to a local, so the access-list can be deleted, and the name then passed
       to the callback.
       (no_access_list_all) ditto.
       (no_ipv6_access_list_all) ditto.
       (filter_show) guard name strcmp, shouldn't be possible to see an access-list
       being deleted here, but better safe.
     * ospfd/ospf_zebra.c: (ospf_filter_update) adjust for hook change.
     * bgpd/bgpd.c: (peer_distribute_update) adjust for hook change, not using the
       arg.
     * ripd/ripd.c: (rip_distribute_update_all_wrapper) ditto
     * ripngd/ripngd.c: (ripng_distribute_update_all_wrapper) ditto.

commit 6af87e10d6e7f1f99ce5416b50d352f209ffce25
Author: Paul Jakma <paul at jakma.org>
Date:   Mon Apr 3 17:45:51 2017 +0100

     Revert "lib: Fix Free Pointer dereference in lib/filter.c"

     This reverts commit 4fdb5f401eb277fa54d80e99d241bd9b03895a6a.

     This introduces bugs, as callers are using the same hook for add/delete.
     Using a pattern of looking up the access-list by name, and updating their
     internal references by its result.  With the access-list still active when
     the delete hook is called, this swaps a use-after-free or NULL deref in one
     hook for use-after-frees in many other places.

     See https://bugzilla.quagga.net/show_bug.cgi?id=945

commit 6c1ea424823e7a5039166e98a39c9d312f517019
Author: Paul Jakma <paul at jakma.org>
Date:   Mon Apr 3 17:36:47 2017 +0100

     Revert "lib: call filter delete hook before freeing access list"

     This reverts commit 6a2e0f36b103386e57dbe3a6ee4716e809111198.

     This introduces bugs, as callers are using the same hook for add/delete.
     Using a pattern of looking up the access-list by name, and updating their
     internal references by its result.  With the access-list still active when
     the delete hook is called, this swaps a NULL deref in one hook for
     use-after-frees in many other places.

     See https://bugzilla.quagga.net/show_bug.cgi?id=945

commit 0349ff4eb58e2300d77a2715d40818b8191547b3
Author: Paul Jakma <paul at jakma.org>
Date:   Wed Mar 29 11:51:59 2017 +0100

     infra/buildbot: allow bots to be picked out by installed compiler.

     * master.cfg: add "compilers" function to return available compilers.
       Add "ccbots" to select the bots with given compiler tag present.

       workers: Change the compiler info lists from tuples to dicts, so
       the name can be picked out and to allow optional information.

commit 97cd3684deda42f3514e6c97e6b7fa7402e24ad2
Author: Paul Jakma <paul at jakma.org>
Date:   Wed Mar 29 09:10:09 2017 +0100

     infra/buildbot: Add bots, add JSON "env" config variable, poll all git branches

     * master.cfg: Add an "env" key to config, to store environment variables
       to set.  Has to be stored as JSON in order to be able to have the builder
       pass the envs in as a property that the build steps can access later.
       Needed for OpenBSD, where auto* commands are wrappers that redirect to
       auto*-<ver> binaries based on env.

       Add ubuntu bot.

       Scan all branches in upstream git.

       Factor out common steps, to variables that can be re-used in addSteps.

commit bc69d454344c37dcda5d5e5379af88f56ee578fd
Author: Paul Jakma <paul at jakma.org>
Date:   Tue Mar 29 14:06:21 2011 +0100

     lib: ptr macro arg may need brackets in some cases

commit 9d035625fe5aa648d4bece430df24bcd2c04c2f2
Author: Scott Leggett <scott at sl.id.au>
Date:   Thu Mar 23 12:36:15 2017 +0000

     distro/systemd: add man page ref and set config file permissions

     * redhat/*.service: Add "Documentation=man:..." lines.  Chmod and chown the
       config files as appropriate.
     * redhat/quagga.sysconfig: Make configure generated, to substitute in the
       configured user/groups to an Env var, for use in the service files.

     Note: This is partial and edited version of Scott's patch, by Paul Jakma.
     Stupid mistakes will be mine.

     Note2: Would be good to move distro agnostic files, like systemd service files,
     to a neutral dirctory.

commit e2ad1c0d377a4a02504de45c09b5014fceeb2beb
Author: Scott Leggett <scott at sl.id.au>
Date:   Sat Nov 12 03:27:41 2016 +1100

     doc: Fix manpage number for ospfclient.

commit 2b7cf4073db9c8d3af90b44f2d25247918f5e42c
Author: Scott Leggett <scott at sl.id.au>
Date:   Sat Nov 12 01:58:52 2016 +1100

     vtysh: Fix spelling errors in strings flagged by lintian.

commit 0b8c3d6137d5fc811b34c5acb5980fe701040236
Author: Scott Leggett <scott at sl.id.au>
Date:   Sat Nov 12 01:26:10 2016 +1100

     doc: Tweak grammar in zebra manpage to keep lintian happy.

commit 37b67cbf5c54f971beb1d559480fbe47a415d9da
Author: Debian QA Group <packages at qa.debian.org>
Date:   Sat Nov 12 01:16:08 2016 +1100

     vtysh: print error if PAM auth does not succeed

commit 5e13840d7f3e7fcdf7ecff762c019bb56c88965f
Author: Paul Jakma <paul at jakma.org>
Date:   Fri Mar 17 13:30:56 2017 +0000

     lib/thread: get rid of the shallow-copy thread_fetch add a sane thread_main

     * thread.h: (thread_{fetch,call}) unexport these functions. thread_fetch
       has a funny "return a cloned, shallow-copied thread struct" semantics that
       are needless.
       thread_call has no users other than the usual main thread loop, which
       should be replaced with:
       (thread_main) encapsulated main thread loop.
     * thread.c: (thread_run) no need for this shallow-copy anymore.
       (thread_add_unuse) no need for a separate master argument. Update
       all callers to match. Setting type to THREAD_UNUSED can be done here.
       (thread_fetch) no need to copy the thread or add to unused _before_
       running it, so return the chosen thread directly.
       (thread_call) This runs the thread, so add_unuse best done here, at end.
       (thread_main) Simple main loop for public use.
     * */*main.c: update to thread_main

commit 671444d81b351ae72a4bc4b2d577b270c6d18f45
Author: Paul Jakma <paul at jakma.org>
Date:   Thu Mar 16 16:32:53 2017 +0000

     buildbot/master: use a helper generator for make cmd string list

commit a9bba93948262c0974f3b590a5793b1e78de0278
Author: Paul Jakma <paul at jakma.org>
Date:   Thu Mar 16 15:22:47 2017 +0000

     buildbot/master: fix the common steps

     * master.cfg: Trailing commas on common steps, left from moving out from a
       list, had made the assignment be of tuples. All kinds of funniness ensued.
       Also, rpm builder, had dropped configure step in using common steps.

commit 2226d4065066beed658a2cc4d1fd31a81bf73137
Author: Paul Jakma <paul at jakma.org>
Date:   Thu Mar 16 13:03:49 2017 +0000

     buildbot/master: Add OBSD bot, and support for environment variable config

     * master.cfg: Add OpenBSD buildbot.
       Add an "env" key to the configuration dictionary, allowing for a
       JSON string of env variables, to be passed into the properties of
       BuildSlaves.
       Add a get_config_env Renderer, to allow build Steps to convert
       JSON env variable property to a python dictionary and give to
       the env= argument of some steps.

commit fa8555562d4bd206b2233bcb3e602814a51f66dc
Author: Paul Jakma <paul at jakma.org>
Date:   Fri Mar 31 17:23:22 2017 +0100

     build: AC_EGREPP_CPP actions wrong way around, worked by accident mostly.

     * configure.ac: Sense of actions wrong way around. Guess it worked by accident
       by virtue of any non-GCC compilers being used having GCC still set, or
       else working with SUNPRO cflags.

commit 17ab96ac9a8c5a9a5ce6ccea19cb07de6ddf740e
Author: Paul Jakma <paul at jakma.org>
Date:   Wed Mar 15 15:30:41 2017 +0000

     build: Work around illumos still shipping a prehistoric AWK as default

     * configure.ac: illumos still ships 'oawk' (old AWK) as the default 'awk'.
       A pre-historic version of AWK, from the mists of Unix history (AT&T System
       V Release 4), which Sun kept around deliberately not updating it or fixing
       non-critical bugs, to ensure bug-for-bug compatibility.

       It doesn't support the -F <regex> argument AWK has had since...  slightly
       less deeper in the mist (e.g.  SysV R4.2, shipped as 'nawk' in Solaris and
       illumos).  Only -Fc.

       Joyent apparently has updated the default awk in SmartOS to nawk +
       extensions, and may upstream it to illumos.

commit 1d4b282f79fdbc8d25404f69d2e90b4ef887de9a
Author: Paul Jakma <paul at jakma.org>
Date:   Wed Mar 15 13:28:09 2017 +0000

     tests: Remove DejaGNU, automake already supports tallying exit based tests

     * Automake already knows how to tally up exit status based tests. There's
       not much point wrapping such unit tests up in a whole ball of tcl and
       expect to scrape the output to determine the same thing and tally.

       Remove the DejaGNU stuff. Run the tests directly from automake, using
       TESTS = ...

       This removes the "check output doesn't differ" testcli and testcommand
       tests from testing, but those were testing exit status of the diff, which
       was succesful anyway.  So would pass even if output differed and should
       fail.

     * test-cli.c: Add example usage.
     * test-commands.c: ditto. And add missing nodes.

commit 0dde143ffcdda5f644d7025606994f67aec0b2fa
Author: Paul Jakma <paul at jakma.org>
Date:   Tue Mar 14 14:20:13 2017 +0000

     build: LT_INIT obsoletes AC_PROG_RANLIB

commit 8d3b7b8356a5d1cc18aed0157dc7e33a0c036ce9
Author: Paul Jakma <paul at jakma.org>
Date:   Fri Mar 10 17:00:28 2017 +0000

     doc: tweak CSS to Quagga colours

commit 084a4ab85da677f3405038b3b3bd781fd94debb6
Author: Evgeny Uskov <eu at qrator.net>
Date:   Fri Nov 24 16:03:32 2017 +0300

     bgpd: fix file descriptor leaks in vty_close

     In vty_close output file descriptor was not properly closed. It caused
     file descriptor leak each time an updated config file was saved on disk.

commit c1d777f355ebcaf6cfc1b7b6fbd3c7ece2752b0e
Author: Alban Browaeys <alban.browaeys at gmail.com>
Date:   Mon Nov 13 14:32:31 2017 +0100

     Fix wrong command persisted by vtysh

     Fixes invalid syntax when applying integrated configuration a file
     with vtysh -b.

     Commit d8aa4beab72cdd2c2d78f9e624fd4b704eec488f ("vtysh: Fix Quagga.conf file read in.")
     replaced NULL cmd argument but only in one instance of the cmd_execute_command_strict
     call. This patch fixes the second instance.

commit a0a4e6814c250bcd5501be8206695fb8b7f49d18
Author: Eugene Bogomazov <eb at highloadlab.com>
Date:   Fri Oct 13 16:28:34 2017 +0300

     Fix malformed AS_SEQUENCE segments for long as path

regards,
- -- 
Paul Jakma | paul at jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Facts are stubborn, but statistics are more pliable.

-----BEGIN PGP SIGNATURE-----

iQJMBAEBCAA2BQJahf5mLxpodHRwczovL3d3dy5qYWttYS5vcmcvfnBhdWwvcGdw
X3BvbGljeS0xLjEudHh0AAoJEOFGbL/NtBuaesoP/R2byCjS4zs5GV5HoFZ85OYF
OSXmhOLZryNINiwypqlyR+72OFEt2xEDE6S5E9wztTvOM6iNf+jygGXwoMCJLauQ
tLWtjVjB1gV4REtqd3mV5HSSf5H6FYmmbtC+BD2WIamZAe75gnGUCaC++9/UdxpE
Mt5/2oGYSlQbdCKnCKjSPOcRCQhTEWsa0pQoNusuc/CTc1vUVAUIfXuGZdCfsLJx
vHdxHRvfNbNqgQXV+xtu7owHYrMAvHCbgMacqrRzUcNXD9cB3eww3jPvurzuzq+2
pkyUhWWJVFCI2RAaTbX/MNi4XIn4BMEw0S5+6BJn9KqsF/a/O9FLBnsvN1NHNmTp
zQQzKI/SWpLaxW9aS6P65x1UDGOkVDbuMttBWiGHqQX+lsE9cQfPyCGoNX0kHfDr
Yph0eqrwMYCuKT0zBvkCMon7VYwg4s7UoAg7f9TlquHBvSF9cvLJkrnhx8iWlC4d
i18OMb3pm2+0RAJimXiH0cEtj2JLXCRWccQPAFNDQyUTrjdFUOhMDMtFpcQZ8gAV
rrMR2611Sbu3uFUTbmD62lRV3hk+ebWJwmGeo7C0Nkxv7i5Qix+g66bwKhusbWkb
5sR30SgFf8sHq+0mVxUZ/mcIDDVmqWWsXFbIftGCArYFbS/GFz1P9jOfiv0WaJKc
hbfB1/RKF+PhMV7KfB86
=ROKw
-----END PGP SIGNATURE-----


More information about the Quagga-dev mailing list