Security:
ripd:
- RIPD unauthenticated route table broadcast:
CVE-2006-2223, OSVDB ID 25224, Secunia SA19910
- RIPD unauthenticated route injection:
CVE-2006-2224, OSVDB ID 25225, Secunia SA19910
[ripd] 0.98 specific command changes, allow no-auth to be set
[ripd] bugs #261, #262: Fix RIPv1 info-leak and unauthenticated route updates
[doc] Add text on 0.98 specific RIP authentication changes
[docs] Update ripd docs on version and authentication, see bugs #261,#262
Thanks to Konstantin V. Gavrilenko for report and testing.
bgpd:
- bgpd Telnet Interface DoS:
OSVDB ID 25245:
http://www.osvdb.org/displayvuln.php?osvdb_id=25245
[quagga-dev 4051]:
http://lists.quagga.net/pipermail/quagga-dev/2006-March/004052.html
[bgpd] Fix infinite loop in community_str2com
[No NEWS entries for 0.98.2 to 0.98.6; many bugfixes]
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
via PR #29518 with some slight modifications. Also some review
by Greg Troxel (who is a quagga developer). This is based on the
pkgsrc-wip version.
This has many changes. But ChangeLog is incomplete.
This uses USE_LIBTOOL.
Uses rcd scripts provide from quagga distribution (are pkgsrc/NetBSD style).
Adds USE_ZEBRA_OSPF_OPAQUELSA build definition for --enable-opaque-lsa.
All patches removed.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
http://lists.quagga.net/pipermail/quagga-users/2003-October/000543.html
- missing rip_enable_apply() which was causing lots of problems in
ripd
- revert of the generic PtP patch. This patch just caused way way too
many problems in its quest to try support FreeSWANs odd handling of
IPSec interfaces, particularly in ospfd.
changes from webpage:
Quagga 0.96.2 has been released, which fixes a small but very
annoying ospfd bug. Also includes Mr. Ohara's command.c newline
fix.
Quagga 0.96.1 has been released, which fixes a small but significant
problem with the privileges code.
