From d51461ae3e55eda25ba7b1c7520fb6eac0daa353 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 5 Aug 2024 11:55:47 +0200 Subject: Merging debian version 10.0.1-0.1. Signed-off-by: Daniel Baumann --- debian/README.Maintainer | 32 ++++++++++++++++++++++++++++++++ debian/changelog | 28 ++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 debian/README.Maintainer diff --git a/debian/README.Maintainer b/debian/README.Maintainer new file mode 100644 index 0000000..9030022 --- /dev/null +++ b/debian/README.Maintainer @@ -0,0 +1,32 @@ +# +# TODO +# + +- check that tests/{control,daemons} actually do something useful and sensible +- /usr/share/doc/frr-doc should be named just frr? +- debian/watch pgpsigurlmangle / signing-key +- multiarch for DSOs? +- frr try-restart + +# +# To check if the patches still apply on new upstream versions: +# +for i in debian/patches/*.diff; do echo -e "#\n# $i\n#"; patch --fuzz=3 --dry-run -p1 < $i; done + +# +# Filename transition from zebra to frr +# + +Files that keep their names + /usr/bin/vtysh + +Files that got an -pj suffix + /etc/default/zebra -> /etc/frr/daemons.conf + /etc/init.d/zebra -> /etc/init.d/frr + /etc/zebra/ -> /etc/frr/ + /usr/share/doc/zebra/ -> /usr/share/doc/frr/ + /var/log/zebra/ -> /var/log/frr/ + /var/run/ -> /var/run/frr/ + +Files that were moved + /usr/sbin/* -> /usr/lib/frr/ diff --git a/debian/changelog b/debian/changelog index c5c2bd7..71152e7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,31 @@ +frr (10.0.1-0.1) unstable; urgency=medium + + * Non-maintainer upload. + * New upstream release: + - an attacker using a malformed Prefix SID attribute in a BGP UPDATE + packet can cause the bgpd daemon to crash [CVE-2024-31948] + (Closes: #1072126) + - an infinite loop can occur when receiving a MP/GR capability as a + dynamic capability because malformed data results in a pointer not + advancing [CVE-2024-31949] (Closes: #1072125) + - there can be a buffer overflow and daemon crash in ospf_te_parse_ri for + OSPF LSA packets during an attempt to read Segment Routing subTLVs (their + size is not validated) [CVE-2024-31950] (Closes: #1070377) + - there can be a buffer overflow and daemon crash in + ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read + Segment Routing Adjacency SID subTLVs (lengths are not validated) + [CVE-2024-31951 (Closes: #1070377) + - ospf_te_parse_te in ospfd/ospf_te.c allows remote attackers to cause a + denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, + because of an attempted access to a missing attribute field + [CVE-2024-27913] + - it is possible for the get_edge() function in ospf_te.c in the OSPF + daemon to return a NULL pointer. In cases where calling functions do not + handle the returned NULL value, the OSPF daemon crashes, leading to denial + of service [CVE-2024-34088] (Closes: #1070377) + + -- Daniel Baumann Sat, 27 Jul 2024 02:19:29 +0200 + frr (10.0-2~progress7.99u1) graograman-backports; urgency=medium * Uploading to graograman-backports, remaining changes: -- cgit v1.2.3