All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts...):
net/radsecproxy/distinfo
The following distfiles could not be fetched (fetched conditionally?):
./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
pkglint --only "https instead of http" -r -F
With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.
This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
Documented upstream in: https://bugzilla.quagga.net/show_bug.cgi?id=1011
The included patches will remedy thread.c shortcomings and add proper safeguards
to detect future thread handling errors.
fixes in the patches:
- add a name to a thread for error messages
- add a list pointer to the thread to track list membership
- add fast check on prev/next pointer invariants
- add check to detect inserting of a thread already in a list
- add check to detect deletion of a thread not in a list
- ignore cancellation requests for the currently running thread (fixes crash)
- fix setting of prey/next pointers on adjecant elements when a head/tail element is
deleted
Upstream changes:
Quagga 1.2.2
Upstream did not publsh NEWS -- basically bug fixes
Quagga 1.2.1
bug fixes and minor improvements
Quagga 1.2.0
This is a feature release, for testing or more adventurous
users. More conservative users may wish to stay with an older
release. This release contains:
Next-Hop Resolution Protocol support from Timo Teräs
BGP Large Community support, thanks to Job Snijders and Keyur Patel
BGP session establishment reworked, for speed and reliability
BGP route-advertisement timer interval default lowered, to 3s for eBGP and 1s for iBGP.
BGP Connect retries made more aggressive, with lower retry timer and a slower-ramping backoff.
Quagga 1.1.1
bug and security fixes
There is a known regression with IPv6 BGP sessions, see Bugzilla #870.
Quagga 1.1.0
This is a release with a number of new features, and many bug fixes.
Notably:
Greatly improved nexthop resolution for recursive routes. (Cumulus)
Event driven nexthop resolution for BGP (Cumulus)
Route tags support (Piotr Chytła, Packet Consulting)
Transport of TE related metrics over OSPF, IS-IS (Olivier Dugeon, Orange)
IPv6 Multipath for zebra and BGP (Ayan Banerjee, Cumulus)
This release also changed the default of 'link-detect' state,
controlling whether zebra will respond to link-state events and
consider an interface to be down when link is down. To retain
current the behavior save your config before updating, otherwise
remove the 'link-detect' flag from your config prior to
updating. There is also a new global 'default link-detect (on|off)'
flag to configure the global default.
Quagga 1.0.20161017
zebra IPv6 RA and BGP MRT dump security fixes
This is an update to address security issues, but contains more changes.
Packaging changes include:
remove lib/privs.c patch (integrated upstream)
opaque LSA no longer an option (always on)
pimd enabled by default upstream and hence in the package
Upstream changes from http://savannah.nongnu.org/news/?group=quagga
Quagga 1.0.20160315 Released
Quagga 1.0.20160309 has been released, and is available at
http://download.savannah.gnu.org/releases/quagga/
This is a bug fix release. It addresses a crash in protocols with a
redistribute statement.
Quagga 1.0.20160309 Released
Quagga 1.0.20160309 has been released, and is available at
http://download.savannah.gnu.org/releases/quagga/
This release addresses Security Vulnerability VU #270232.
Users using VPNv4 to untrusted peers and zebra that have
untrusted clients talking to it are advised to upgrade to
this release. For further details see the CERT Vulnerability note:
https://www.kb.cert.org/vuls/id/270232
Major user-visible changes:
[quagga] - Namespace VRF Support has been added.
[lib] - Add 'show commandtree'
[bgpd] - vpnv4 and vpnv6 handling has been included.
[bgpd] - Add 'set metric (rtt|+rtt|-rtt)' to route map handling.
[bgpd] - Addition of 'show ip bgp dampening' command tree.
[bgpd] - If route-map does not exist default to DENY for redistribute
statements
[bgpd] - Lower default 'timers connect' in BGP to 10 seconds.
[bgpd] - Enable "bgp log-neighbor-changes" by default
[bgpd] - Add support for timer commands with peer-group syntax
[bgpd] - Extend Dump to allow Extended Time Format
[babeld] - Removed from the distribution.
[isisd] - Allow the adjustment of lsp-mtu
[isisd] - Allow the import of routes from other protocols
[ospfd] - Add per interface 'ip ospf area' command
[ospfd] - Lower the default OSPF spf timers to '0 50 5000'
[ripngd] - Add ECMP support
[pimd] - Add multicast static routes.
[pimd] - Add ability to set DR priority for an interface
[pimd] - Add ability to modify hello and hold timers per interface
[vtysh] - Add 'show thread cpu ..' and 'show work-queues'
[vtysh] - Add 'show run <protocol>' command
[vtysh] - Fix history handling
Remove patches that were applied upstream.
isisd is enabled, but pimd isn't yet (only because those are upstream defaults).
Upstream changes since 0.99.23:
User-visible changes:
- [pimd] New daemon: pimd provides IPv4 PIM-SSM multicast routing.
- [bgpd] New feature: "next-hop-self all" to override nexthop on iBGP route
reflector setups.
- [bgpd] route-maps have a new action "set ipv6 next-hop peer-address"
- [bgpd] route-maps have a new action "set as-path prepend last-as"
- [bgpd] Update validity checking (particularly MP-BGP / IPv6 routes) was
touched up significantly. Please report possible bugs.
- [ripd] New feature: RIP for IPv4 now supports equal-cost multipath (ECMP)
- [zebra] Multicast RIB support has been extended. It still is IPv4 only.
- [zebra] "no link-detect" is now printed in configurations since it won't
be the default anymore soon. To retain current behaviour, re-save your
configuration after updating to 0.99.24.
Distributor-visible changes:
- --enable-pimd is added to enable pimd. It is considered experimental, though
unless the distribution target is embedded systems with little flash, there
is no reason to not include it in packages.
- --disable-ipv6 no longer exists as an option. It's 2015, your C library
really needs to have IPv6 support by now.
- --disable-netlink no longer exists as an option. It didn't work anyway.
- --disable-solaris no longer exists as an option. It only controlled some
init scripts.
- --enable-isisd is now the default.
- mrlg.cgi is no longer included (it was severely outdated). It can be found
independently at http://mrlg.op-sec.us/
- build on Linux with the musl C library should now work
Remove a patch which has been incorporated upstream, and one which has
been superceded.
Add a patch to use the system's RT_ROUNDUP macro if defined,
which fixes IPv6 routing on NetBSD 6 (where rtsock alignment has
changed).
Upstream NEWS:
* Changes in Quagga 0.99.23
Known issues:
- [bgpd] setting an extcommunity in a route map on a route that already has
an extcommunity attribute will cause bgpd to crash. This issue will be
fixed in a followup minor release.
User-visible changes:
- [lib] Performance enhancements on hashes and timers.
- [bgpd] New feature: iBGP TTL security.
- [bgpd] New feature: relaxed bestpath criteria for multipath and improved
display of multipath routes in "show ip bgp". Scripts parsing this output
may need to be updated.
- [bgpd] Multiprotocol peerings over IPv6 now try to find a more appropriate
IPv4 nexthop by looking at the interface.
- [ospf6d] A large amount of changes has been merged for ospf6d. Careful
evaluation prior to deployment is recommended.
- [zebra] Recursive route support has been overhauled. Scripts parsing
"show ip route" output may need adaptation.
- [zebra] IPv6 address management has been improved regarding tentative
addresses. This is visible in that a freshly configured address will not
immediately be marked as usable.
- [*] a lot of bugs have been fixed, please refer to the git log
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
Update HOMEPAGE, MASTER_SITES.
Set USE_GNU_READLINE to catch up to 2012Q3 devel/readline builtin detection.
0.99.22.3 basically contains a security bugfix for OSPF-API.
0.99.22.2 was not released.
0.99.22.1 contains a few non-security bugfixes.
Changes in 0.99.22 since 0.99.21:
- [bgpd] The semantics of default-originate route-map have changed.
The route-map is now used to advertise the default route conditionally.
The old behaviour which allowed to set attributes on the originated
default route is no longer supported.
- [bgpd] There is now a replace-as option to neighbor ... local-as ...
no-prepend. For details, refer to the user documentation.
- [zebra] An FPM interface has been added. This provides an alternate
interface to routing information and is geared at OpenFlow & co.
- [snmp] AgentX is now supported; the old smux backend is considered
deprecated. ospf6d has also had OSPFV3-MIB added.
- [*] several issues with configuration save/load/apply have been fixed,
in particular on ospf "max-metric router-lsa administrative" and
"distribute-list", bgpd "no neighbor activate", isisd "metric-style",
- [*] a lot of bugs have been fixed, please refer to the git log
are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
DragonFly can't support the Multicast API so in order for quagga to build
the conftest for ip_mreq needs to return positive for all versions of
DragonFly. The configure script was patched, but this probably could
have been accomplished by overriding the configure cache from the
Maefile. DragonFly successfully buids with this conftest change.