Upstream changes:
Quagga 1.2.2
Upstream did not publsh NEWS -- basically bug fixes
Quagga 1.2.1
bug fixes and minor improvements
Quagga 1.2.0
This is a feature release, for testing or more adventurous
users. More conservative users may wish to stay with an older
release. This release contains:
Next-Hop Resolution Protocol support from Timo Teräs
BGP Large Community support, thanks to Job Snijders and Keyur Patel
BGP session establishment reworked, for speed and reliability
BGP route-advertisement timer interval default lowered, to 3s for eBGP and 1s for iBGP.
BGP Connect retries made more aggressive, with lower retry timer and a slower-ramping backoff.
Quagga 1.1.1
bug and security fixes
There is a known regression with IPv6 BGP sessions, see Bugzilla #870.
Quagga 1.1.0
This is a release with a number of new features, and many bug fixes.
Notably:
Greatly improved nexthop resolution for recursive routes. (Cumulus)
Event driven nexthop resolution for BGP (Cumulus)
Route tags support (Piotr Chytła, Packet Consulting)
Transport of TE related metrics over OSPF, IS-IS (Olivier Dugeon, Orange)
IPv6 Multipath for zebra and BGP (Ayan Banerjee, Cumulus)
This release also changed the default of 'link-detect' state,
controlling whether zebra will respond to link-state events and
consider an interface to be down when link is down. To retain
current the behavior save your config before updating, otherwise
remove the 'link-detect' flag from your config prior to
updating. There is also a new global 'default link-detect (on|off)'
flag to configure the global default.
Quagga 1.0.20161017
zebra IPv6 RA and BGP MRT dump security fixes
This is an update to address security issues, but contains more changes.
Packaging changes include:
remove lib/privs.c patch (integrated upstream)
opaque LSA no longer an option (always on)
pimd enabled by default upstream and hence in the package
Upstream changes from http://savannah.nongnu.org/news/?group=quagga
Quagga 1.0.20160315 Released
Quagga 1.0.20160309 has been released, and is available at
http://download.savannah.gnu.org/releases/quagga/
This is a bug fix release. It addresses a crash in protocols with a
redistribute statement.
Quagga 1.0.20160309 Released
Quagga 1.0.20160309 has been released, and is available at
http://download.savannah.gnu.org/releases/quagga/
This release addresses Security Vulnerability VU #270232.
Users using VPNv4 to untrusted peers and zebra that have
untrusted clients talking to it are advised to upgrade to
this release. For further details see the CERT Vulnerability note:
https://www.kb.cert.org/vuls/id/270232
Major user-visible changes:
[quagga] - Namespace VRF Support has been added.
[lib] - Add 'show commandtree'
[bgpd] - vpnv4 and vpnv6 handling has been included.
[bgpd] - Add 'set metric (rtt|+rtt|-rtt)' to route map handling.
[bgpd] - Addition of 'show ip bgp dampening' command tree.
[bgpd] - If route-map does not exist default to DENY for redistribute
statements
[bgpd] - Lower default 'timers connect' in BGP to 10 seconds.
[bgpd] - Enable "bgp log-neighbor-changes" by default
[bgpd] - Add support for timer commands with peer-group syntax
[bgpd] - Extend Dump to allow Extended Time Format
[babeld] - Removed from the distribution.
[isisd] - Allow the adjustment of lsp-mtu
[isisd] - Allow the import of routes from other protocols
[ospfd] - Add per interface 'ip ospf area' command
[ospfd] - Lower the default OSPF spf timers to '0 50 5000'
[ripngd] - Add ECMP support
[pimd] - Add multicast static routes.
[pimd] - Add ability to set DR priority for an interface
[pimd] - Add ability to modify hello and hold timers per interface
[vtysh] - Add 'show thread cpu ..' and 'show work-queues'
[vtysh] - Add 'show run <protocol>' command
[vtysh] - Fix history handling
Remove patches that were applied upstream.
isisd is enabled, but pimd isn't yet (only because those are upstream defaults).
Upstream changes since 0.99.23:
User-visible changes:
- [pimd] New daemon: pimd provides IPv4 PIM-SSM multicast routing.
- [bgpd] New feature: "next-hop-self all" to override nexthop on iBGP route
reflector setups.
- [bgpd] route-maps have a new action "set ipv6 next-hop peer-address"
- [bgpd] route-maps have a new action "set as-path prepend last-as"
- [bgpd] Update validity checking (particularly MP-BGP / IPv6 routes) was
touched up significantly. Please report possible bugs.
- [ripd] New feature: RIP for IPv4 now supports equal-cost multipath (ECMP)
- [zebra] Multicast RIB support has been extended. It still is IPv4 only.
- [zebra] "no link-detect" is now printed in configurations since it won't
be the default anymore soon. To retain current behaviour, re-save your
configuration after updating to 0.99.24.
Distributor-visible changes:
- --enable-pimd is added to enable pimd. It is considered experimental, though
unless the distribution target is embedded systems with little flash, there
is no reason to not include it in packages.
- --disable-ipv6 no longer exists as an option. It's 2015, your C library
really needs to have IPv6 support by now.
- --disable-netlink no longer exists as an option. It didn't work anyway.
- --disable-solaris no longer exists as an option. It only controlled some
init scripts.
- --enable-isisd is now the default.
- mrlg.cgi is no longer included (it was severely outdated). It can be found
independently at http://mrlg.op-sec.us/
- build on Linux with the musl C library should now work
Remove a patch which has been incorporated upstream, and one which has
been superceded.
Add a patch to use the system's RT_ROUNDUP macro if defined,
which fixes IPv6 routing on NetBSD 6 (where rtsock alignment has
changed).
Upstream NEWS:
* Changes in Quagga 0.99.23
Known issues:
- [bgpd] setting an extcommunity in a route map on a route that already has
an extcommunity attribute will cause bgpd to crash. This issue will be
fixed in a followup minor release.
User-visible changes:
- [lib] Performance enhancements on hashes and timers.
- [bgpd] New feature: iBGP TTL security.
- [bgpd] New feature: relaxed bestpath criteria for multipath and improved
display of multipath routes in "show ip bgp". Scripts parsing this output
may need to be updated.
- [bgpd] Multiprotocol peerings over IPv6 now try to find a more appropriate
IPv4 nexthop by looking at the interface.
- [ospf6d] A large amount of changes has been merged for ospf6d. Careful
evaluation prior to deployment is recommended.
- [zebra] Recursive route support has been overhauled. Scripts parsing
"show ip route" output may need adaptation.
- [zebra] IPv6 address management has been improved regarding tentative
addresses. This is visible in that a freshly configured address will not
immediately be marked as usable.
- [*] a lot of bugs have been fixed, please refer to the git log
Update HOMEPAGE, MASTER_SITES.
Set USE_GNU_READLINE to catch up to 2012Q3 devel/readline builtin detection.
0.99.22.3 basically contains a security bugfix for OSPF-API.
0.99.22.2 was not released.
0.99.22.1 contains a few non-security bugfixes.
Changes in 0.99.22 since 0.99.21:
- [bgpd] The semantics of default-originate route-map have changed.
The route-map is now used to advertise the default route conditionally.
The old behaviour which allowed to set attributes on the originated
default route is no longer supported.
- [bgpd] There is now a replace-as option to neighbor ... local-as ...
no-prepend. For details, refer to the user documentation.
- [zebra] An FPM interface has been added. This provides an alternate
interface to routing information and is geared at OpenFlow & co.
- [snmp] AgentX is now supported; the old smux backend is considered
deprecated. ospf6d has also had OSPFV3-MIB added.
- [*] several issues with configuration save/load/apply have been fixed,
in particular on ospf "max-metric router-lsa administrative" and
"distribute-list", bgpd "no neighbor activate", isisd "metric-style",
- [*] a lot of bugs have been fixed, please refer to the git log
DragonFly can't support the Multicast API so in order for quagga to build
the conftest for ip_mreq needs to return positive for all versions of
DragonFly. The configure script was patched, but this probably could
have been accomplished by overriding the configure cache from the
Maefile. DragonFly successfully buids with this conftest change.
* Changes in Quagga 0.99.21
- [bgpd] BGP multipath support has been merged
- [bgpd] SAFI (Multicast topology) support has been extended to propagate
the topology to zebra.
- [bgpd] AS path limit functionality has been removed
- [babeld] a new routing daemon implementing the BABEL ad-hoc mesh routing
protocol has been merged.
- [isisd] a major overhaul has been picked up. Please note that isisd is
STILL NOT SUITABLE FOR PRODUCTION USE.
- [*] a lot of bugs have been fixed, please refer to the git log
0.99.20:
The primary focus of this release is a fix of SEGV regression in
ospfd, which was introduced in 0.99.19. It also features a series of
minor improvements, including better RFC compliance in bgpd, better
support of FreeBSD and some enhancements to isisd.
0.99.19:
This release provides security fixes, which address assorted
vulnerabilities in bgpd, ospfd and ospf6d (CVE-2011-3323,
CVE-2011-3324, CVE-2011-3325, CVE-2011-3326 and CVE-2011-3327).
0.99.18:
This release fixes 2 denial of services in bgpd, which can be remotely
triggered by malformed AS-Pathlimit or Extended-Community
attributes. These issues have been assigned CVE-2010-1674 and
CVE-2010-1675. Support for AS-Pathlimit has been removed with this
release.
The release includes a number of bug-fixes and enhancements, primarily
for ospfd, ospf6d and bgpd.
Security:
ripd:
- RIPD unauthenticated route table broadcast:
CVE-2006-2223, OSVDB ID 25224, Secunia SA19910
- RIPD unauthenticated route injection:
CVE-2006-2224, OSVDB ID 25225, Secunia SA19910
[ripd] 0.98 specific command changes, allow no-auth to be set
[ripd] bugs #261, #262: Fix RIPv1 info-leak and unauthenticated route updates
[doc] Add text on 0.98 specific RIP authentication changes
[docs] Update ripd docs on version and authentication, see bugs #261,#262
Thanks to Konstantin V. Gavrilenko for report and testing.
bgpd:
- bgpd Telnet Interface DoS:
OSVDB ID 25245:
http://www.osvdb.org/displayvuln.php?osvdb_id=25245
[quagga-dev 4051]:
http://lists.quagga.net/pipermail/quagga-dev/2006-March/004052.html
[bgpd] Fix infinite loop in community_str2com
[No NEWS entries for 0.98.2 to 0.98.6; many bugfixes]
via PR #29518 with some slight modifications. Also some review
by Greg Troxel (who is a quagga developer). This is based on the
pkgsrc-wip version.
This has many changes. But ChangeLog is incomplete.
This uses USE_LIBTOOL.
Uses rcd scripts provide from quagga distribution (are pkgsrc/NetBSD style).
Adds USE_ZEBRA_OSPF_OPAQUELSA build definition for --enable-opaque-lsa.
All patches removed.
http://lists.quagga.net/pipermail/quagga-users/2003-October/000543.html
- missing rip_enable_apply() which was causing lots of problems in
ripd
- revert of the generic PtP patch. This patch just caused way way too
many problems in its quest to try support FreeSWANs odd handling of
IPSec interfaces, particularly in ospfd.
changes from webpage:
Quagga 0.96.2 has been released, which fixes a small but very
annoying ospfd bug. Also includes Mr. Ohara's command.c newline
fix.
Quagga 0.96.1 has been released, which fixes a small but significant
problem with the privileges code.
