[oe] [PATCH 2/4] quagga: fix CVE-2013-6051
Kai Kang
kai.kang at windriver.com
Mon Apr 21 06:24:50 UTC 2014
Backport patch to fix CVE-2013-6051.
Signed-off-by: Hu <yadi.hu at windriver.com>
Signed-off-by: Kai Kang <kai.kang at windriver.com>
---
.../quagga/files/quagga-fix-CVE-2013-6051.patch | 29 ++++++++++++++++++++++
.../recipes-protocols/quagga/quagga.inc | 1 +
2 files changed, 30 insertions(+)
create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch
diff --git a/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch b/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch
new file mode 100644
index 0000000..fde9e0c
--- /dev/null
+++ b/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch
@@ -0,0 +1,29 @@
+
+From 8794e8d229dc9fe29ea31424883433d4880ef408
+From: Paul Jakma <paul at quagga.net>
+Date: Mon, 13 Feb 2012 13:53:07 +0000
+Subject: bgpd: Fix regression in args consolidation, total should be inited from args
+
+bgpd: Fix regression in args consolidation, total should be inited from args
+
+* bgp_attr.c: (bgp_attr_unknown) total should be initialised from the args.
+
+Upstream-Status: Backport
+
+Signed-off-by: Kai Kang <kai.kang at windriver.com>
+---
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 65af824..839f64d 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+
+@@ -1646,7 +1646,7 @@
+ static bgp_attr_parse_ret_t
+ bgp_attr_unknown (struct bgp_attr_parser_args *args)
+ {
+- bgp_size_t total;
++ bgp_size_t total = args->total;
+ struct transit *transit;
+ struct attr_extra *attre;
+ struct peer *const peer = args->peer;
diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc b/meta-networking/recipes-protocols/quagga/quagga.inc
index 65ff040..5e85e55 100644
--- a/meta-networking/recipes-protocols/quagga/quagga.inc
+++ b/meta-networking/recipes-protocols/quagga/quagga.inc
@@ -26,6 +26,7 @@ QUAGGASUBDIR = ""
SRC_URI = "http://download.savannah.gnu.org/releases/quagga${QUAGGASUBDIR}/quagga-${PV}.tar.gz;name=quagga-${PV} \
file://fix-for-lib-inpath.patch \
file://quagga-0.99.17-libcap.patch \
+ file://quagga-fix-CVE-2013-6051.patch \
file://Zebra-sync-zebra-routing-table-with-the-kernel-one.patch \
file://quagga.init \
file://quagga.default \
--
1.8.4
More information about the Openembedded-devel
mailing list