summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-05 09:55:47 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-05 09:55:47 +0000
commitd51461ae3e55eda25ba7b1c7520fb6eac0daa353 (patch)
tree2ffa760deeda60a254170b5acd73e5a715cecef9
parentMerging upstream version 10.0.1. (diff)
downloadfrr-d51461ae3e55eda25ba7b1c7520fb6eac0daa353.tar.xz
frr-d51461ae3e55eda25ba7b1c7520fb6eac0daa353.zip
Merging debian version 10.0.1-0.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/README.Maintainer32
-rw-r--r--debian/changelog28
2 files changed, 60 insertions, 0 deletions
diff --git a/debian/README.Maintainer b/debian/README.Maintainer
new file mode 100644
index 0000000..9030022
--- /dev/null
+++ b/debian/README.Maintainer
@@ -0,0 +1,32 @@
+#
+# TODO
+#
+
+- check that tests/{control,daemons} actually do something useful and sensible
+- /usr/share/doc/frr-doc should be named just frr?
+- debian/watch pgpsigurlmangle / signing-key
+- multiarch for DSOs?
+- frr try-restart
+
+#
+# To check if the patches still apply on new upstream versions:
+#
+for i in debian/patches/*.diff; do echo -e "#\n# $i\n#"; patch --fuzz=3 --dry-run -p1 < $i; done
+
+#
+# Filename transition from zebra to frr
+#
+
+Files that keep their names
+ /usr/bin/vtysh
+
+Files that got an -pj suffix
+ /etc/default/zebra -> /etc/frr/daemons.conf
+ /etc/init.d/zebra -> /etc/init.d/frr
+ /etc/zebra/ -> /etc/frr/
+ /usr/share/doc/zebra/ -> /usr/share/doc/frr/
+ /var/log/zebra/ -> /var/log/frr/
+ /var/run/ -> /var/run/frr/
+
+Files that were moved
+ /usr/sbin/* -> /usr/lib/frr/
diff --git a/debian/changelog b/debian/changelog
index c5c2bd7..71152e7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,31 @@
+frr (10.0.1-0.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * New upstream release:
+ - an attacker using a malformed Prefix SID attribute in a BGP UPDATE
+ packet can cause the bgpd daemon to crash [CVE-2024-31948]
+ (Closes: #1072126)
+ - an infinite loop can occur when receiving a MP/GR capability as a
+ dynamic capability because malformed data results in a pointer not
+ advancing [CVE-2024-31949] (Closes: #1072125)
+ - there can be a buffer overflow and daemon crash in ospf_te_parse_ri for
+ OSPF LSA packets during an attempt to read Segment Routing subTLVs (their
+ size is not validated) [CVE-2024-31950] (Closes: #1070377)
+ - there can be a buffer overflow and daemon crash in
+ ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read
+ Segment Routing Adjacency SID subTLVs (lengths are not validated)
+ [CVE-2024-31951 (Closes: #1070377)
+ - ospf_te_parse_te in ospfd/ospf_te.c allows remote attackers to cause a
+ denial of service (ospfd daemon crash) via a malformed OSPF LSA packet,
+ because of an attempted access to a missing attribute field
+ [CVE-2024-27913]
+ - it is possible for the get_edge() function in ospf_te.c in the OSPF
+ daemon to return a NULL pointer. In cases where calling functions do not
+ handle the returned NULL value, the OSPF daemon crashes, leading to denial
+ of service [CVE-2024-34088] (Closes: #1070377)
+
+ -- Daniel Baumann <daniel.baumann@progress-linux.org> Sat, 27 Jul 2024 02:19:29 +0200
+
frr (10.0-2~progress7.99u1) graograman-backports; urgency=medium
* Uploading to graograman-backports, remaining changes: