From: Brett Parker Date: Sat, 17 Mar 2018 15:30:39 +0000 (+0000) Subject: Merge tag 'upstream/1.2.4' X-Git-Tag: debian/1.2.4-1~3 X-Git-Url: https://git.sommitrealweird.co.uk/quagga-debian.git/commitdiff_plain/6d6685a82d5e1bbc9c2324ba777c937053770780?hp=d2771ca93ba9461a823240e3f3b7be9f4af12f65 Merge tag 'upstream/1.2.4' Upstream version 1.2.4 --- diff --git a/debian/README.Maintainer b/debian/README.Maintainer new file mode 100644 index 0000000..0caafe2 --- /dev/null +++ b/debian/README.Maintainer @@ -0,0 +1,33 @@ +# +# Filename transition from zebra to quagga +# + +Files that keep their names + /usr/bin/vtysh + +Files that got an -pj suffix + /etc/default/zebra -> /etc/quagga/debian.conf + /etc/init.d/zebra -> /etc/init.d/quagga + /etc/zebra/ -> /etc/quagga/ + /usr/share/doc/zebra/ -> /usr/share/doc/quagga/ + /var/log/zebra/ -> /var/log/quagga/ + /var/run/ -> /var/run/quagga/ + +Files that were moved + /usr/sbin/* -> /usr/lib/quagga/ + +# Generate symbols +dpkg-deb -x libfoo_-.deb /tmp/libquagga +dpkg-gensymbols -v1.1.0 -plibquagga0 -P/tmp/libquagga -Odebian/libquagga0.symbols + +# set up repository after clone +git remote add upstream git://git.savannah.nongnu.org/quagga.git +git branch -u upstream/master upstream + +# verify upstream tags +gpg2 --recv 0x909B071D17A4A64B +git tag -v quagga-1.1.0 + +# run tests +# NOTE: I use a VM; for tests to run, need sudo installed and ssh key access. +autopkgtest -d ../build-area/quagga_1.1.0-1_amd64.changes -- ssh -H root@192.168.122.119 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..c2b24dc --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1389 @@ +quagga (1.2.2-1) unstable; urgency=medium + + * New upstream release (Closes: #879474, #857187). + * Rework patches to apply against new upstream version. + * Change zebra daemon GID to allow writing to /run/quagga (Closes: #880522). + * Change group permissions on Quagga.conf (Closes: #847106). + * Add missing build-dep on libc-ares-dev. + * Add patch for documentation fixes (Closes: #879971). + + -- Scott Leggett Sun, 05 Nov 2017 22:11:44 +1100 + +quagga (1.1.1-3) unstable; urgency=medium + + * Fix upgrade file conflict with old quagga packages (Closes: #859581). + + -- Scott Leggett Wed, 05 Apr 2017 21:41:14 +1000 + +quagga (1.1.1-2) unstable; urgency=medium + + * Remove libquagga0 and libquagga-dev binary packages (Closes: #856936). + - Move shared objects into quagga-core, as they are currently intended + by upstream to be private. + - Avoid shipping headers and static libraries at all. + - Upstream plans to ship with a stable API/ABI in future, and these + changes will be reviewed then. + + -- Scott Leggett Sun, 26 Mar 2017 23:04:32 +1100 + +quagga (1.1.1-1) unstable; urgency=low + + * SECURITY: + - New upstream bugfix release, fixes CVE-2017-5495 (Closes: #852454). + * Remove patch disabling debug print statements; fixed upstream. + * Update libquagga0.symbols for libzebra SONAME bump. + + -- Scott Leggett Fri, 27 Jan 2017 10:48:50 +1100 + +quagga (1.1.0-3) unstable; urgency=low + + * Update .service file patch (Closes: #849953). + + -- Scott Leggett Tue, 03 Jan 2017 22:07:12 +0800 + +quagga (1.1.0-2) unstable; urgency=low + + * Fix autopkgtests. + * Check for existing dpkg-statoverride on /etc/quagga (Closes: #847355). + + -- Scott Leggett Fri, 09 Dec 2016 22:56:55 +1100 + +quagga (1.1.0-1) unstable; urgency=low + + * New upstream release (Closes: #774760, #516226, #830515) + * Import packaging from the last debian release 1.0.20160315-3. + * Remove dump_fix.patch applied upstream. + * Remove patch which is no longer relevant. + * Remove patch for CVE-2016-1245 fixed upstream. + * Rely on automatic -dbgsym package rather than deprecated -dbg. + * Remove deprecated XS-testsuite header in debian/control. + * Remove template comment from debian/watch. + * Add patch to fix spelling and grammar errors. + * Register quagga-doc with doc-base. + * Add patch to fix ospfclient(8) manpage numbering. + * Added patch to avoid debug print statements on vtysh startup. + * Adopt package, set myself as maintainer (Closes: #836418). + * Add quagga user to quaggavty group in preinst. + * Drop patch for Debian pager default in vtysh (Closes: #788243). + * Update debian/copyright. + * Bump compat level to 10 (Closes: #534833). + * Use systemd .service files rather than init.d scripts (Closes: #678946, + #805840, #839819, #412483). + * Split quagga package out into multiple packages (Closes: #705306). + * Remove debconf question which left packages in inconsistent state. + * Add patch for manpage versioning. + * Update README.Debian, README.Maintainer. + * Removed patch on vtysh.conf. + * Add NEWS.Debian about the major changes to the package. + + -- Scott Leggett Mon, 21 Nov 2016 21:30:12 +1100 + +quagga (1.0.20160315-3) unstable; urgency=high + + * Apply patch to fix CVE-2016-1245. Closes: #841162. + + -- Florian Weimer Tue, 18 Oct 2016 22:06:18 +0200 + +quagga (1.0.20160315-2) unstable; urgency=high + + * QA upload. + * Run wrap-and-sort. + * debian/control: + - Set QA group as maintainer, as Christian orphaned the package (see + #837358). + - Bump Standards-Version to 3.9.8. + * SECURITY: + - CVE-2016-4049: Missing size check in bgp_dump_routes_func in + bgpd/bgp_dump.c allowing DoS (Closes: #822787). + - CVE-2016-4036: World readable sensitive files in /etc/quagga + (Closes: #835223). + + -- Hugo Lefeuvre Sun, 11 Sep 2016 21:37:00 +0200 + +quagga (1.0.20160315-1) unstable; urgency=high + + * SECURITY: + CVE-2016-2342: VPNv4 NLRI parses memcpys to stack on unchecked length + (Closes: #819179) + * New upstream release + * babeld has been removed from the Quagga upstream project. + There is a implementation available in the Debian "babeld" package. + * Removed no longer recognized configure options: --enable-ospf-te, + --enable-opaque-lsa and --enable-ipv6 + * Removed configure options that are now default: --enable-pimd and + --enable-vtysh + + -- Christian Brunotte Wed, 30 Mar 2016 23:34:33 +0200 + +quagga (0.99.24.1-2) unstable; urgency=low + + * Renamed manpage pim.8 to quagga-pim.8 as the former name is already used + by the pimd package. Closes: 780252 + + -- Christian Brunotte Thu, 12 Mar 2015 22:37:41 +0100 + +quagga (0.99.24.1-1) unstable; urgency=low + + * New upstream release + * Upstream fix for Zebra crash. + + -- Christian Brunotte Sun, 08 Mar 2015 02:04:18 +0100 + +quagga (0.99.24-1) unstable; urgency=low + + * New upstream release + + -- Christian Brunotte Wed, 04 Mar 2015 22:15:50 +0100 + +quagga (0.99.23.1-1) unstable; urgency=medium + + * New upstream release + * Added .png figures for info files to quagga-doc package. + * Changed dependency from iproute to iproute2 (thanks to Andreas + Henriksson). Closes: #753736 + * Added texlive-fonts-recommended to build-depends to get ecrm1095 font + (thanks to Christoph Biedl). Closes: #651545 + + -- Christian Brunotte Tue, 30 Sep 2014 00:20:12 +0200 + +quagga (0.99.23-1) unstable; urgency=low + + * New upstream release + * Removed debian/patches/readline-6.3.diff which was already in upstream. + + -- Christian Hammers Tue, 08 Jul 2014 09:15:48 +0200 + +quagga (0.99.22.4-4) unstable; urgency=medium + + * Fix build failure with readline-6.3 (thanks to Matthias Klose). + Closes: #741774 + + -- Christian Hammers Sun, 23 Mar 2014 15:28:42 +0100 + +quagga (0.99.22.4-3) unstable; urgency=low + + * Added status to init script (thanks to Peter J. Holzer). Closes: #730625 + * Init script now sources /lib/lsb/init-functions. + * Switched from hardening-wrapper to dpkg-buildflags. + + -- Christian Hammers Wed, 01 Jan 2014 19:12:01 +0100 + +quagga (0.99.22.4-2) unstable; urgency=low + + * Fixed typo in package description (thanks to Davide Prina). + Closes: #625860 + * Added Italian Debconf translation (thanks to Beatrice Torracca) + Closes: #729798 + + -- Christian Hammers Tue, 26 Nov 2013 00:47:11 +0100 + +quagga (0.99.22.4-1) unstable; urgency=high + + * SECURITY: + "ospfd: CVE-2013-2236, stack overrun in apiserver + + the OSPF API-server (exporting the LSDB and allowing announcement of + Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads + to an exploitable stack overflow. + + For this condition to occur, the following two conditions must be true: + - Quagga is configured with --enable-opaque-lsa + - ospfd is started with the "-a" command line option + + If either of these does not hold, the relevant code is not executed and + the issue does not get triggered." + Closes: #726724 + + * New upstream release + - ospfd: protect vs. VU#229804 (malformed Router-LSA) + (Quagga is said to be non-vulnerable but still adds some protection) + + -- Christian Hammers Thu, 24 Oct 2013 22:58:37 +0200 + +quagga (0.99.22.1-2) unstable; urgency=low + + * Added autopkgtests (thanks to Yolanda Robla). Closes: #710147 + * Added "status" command to init script (thanks to James Andrewartha). + Closes: #690013 + * Added "libsnmp-dev" to Build-Deps. There not needed for the official + builds but for people who compile Quagga themselves to activate the + SNMP feature (which for licence reasons cannot be done by Debian). + Thanks to Ben Winslow). Closes: #694852 + * Changed watchquagga_options to an array so that quotes can finally + be used as expected. Closes: #681088 + * Fixed bug that prevented restarting only the watchquagga daemon + (thanks to Harald Kappe). Closes: #687124 + + -- Christian Hammers Sat, 27 Jul 2013 16:06:25 +0200 + +quagga (0.99.22.1-1) unstable; urgency=low + + * New upstream release + - ospfd restore nexthop IP for p2p interfaces + - ospfd: fix LSA initialization for build without opaque LSA + - ripd: correctly redistribute ifindex routes (BZ#664) + - bgpd: fix lost passwords of grouped neighbors + * Removed 91_ld_as_needed.diff as it was found in the upstream source. + + -- Christian Hammers Mon, 22 Apr 2013 22:21:20 +0200 + +quagga (0.99.22-1) unstable; urgency=low + + * New upstream release. + - [bgpd] The semantics of default-originate route-map have changed. + The route-map is now used to advertise the default route conditionally. + The old behaviour which allowed to set attributes on the originated + default route is no longer supported. + - [bgpd] this version of bgpd implements draft-idr-error-handling. This was + added in 0.99.21 and may not be desirable. If you need a version + without this behaviour, please use 0.99.20.1. There will be a + runtime configuration switch for this in future versions. + - [isisd] is in "beta" state. + - [ospf6d] is in "alpha/experimental" state + - More changes are documented in the upstream changelog! + * debian/watch: Adjusted to new savannah.gnu.org site, thanks to Bart + Martens. + * debian/patches/99_CVE-2012-1820_bgp_capability_orf.diff removed as its + in the changelog. + * debian/patches/99_distribute_list.diff removed as its in the changelog. + * debian/patches/10_doc__Makefiles__makeinfo-force.diff removed as it + was just for Debian woody. + + -- Christian Hammers Thu, 14 Feb 2013 00:22:00 +0100 + +quagga (0.99.21-4) unstable; urgency=medium + + * Fixed regression bug that caused OSPF "distribute-list" statements to be + silently ignored. The patch has already been applied upstream but there + has been no new Quagga release since then. + Thanks to Hans van Kranenburg for reporting. Closes: #697240 + + -- Christian Hammers Sun, 06 Jan 2013 15:50:32 +0100 + +quagga (0.99.21-3) unstable; urgency=high + + * SECURITY: + CVE-2012-1820 - Quagga contained a bug in BGP OPEN message handling. + A denial-of-service condition could be caused by an attacker controlling + one of the pre-configured BGP peers. In most cases this means, that the + attack must be originated from an adjacent network. Closes: #676510 + + -- Christian Hammers Fri, 08 Jun 2012 01:15:32 +0200 + +quagga (0.99.21-2) unstable; urgency=low + + * Renamed babeld.8 to quagga-babeld.8 as it conflicted with the + original mapage of the babeld package which users might want to + install in parallel as it is slightly more capable. Closes: #671916 + + -- Christian Hammers Thu, 10 May 2012 07:53:01 +0200 + +quagga (0.99.21-1) unstable; urgency=low + + * New upstream release + - [bgpd] BGP multipath support has been merged + - [bgpd] SAFI (Multicast topology) support has been extended to propagate + the topology to zebra. + - [bgpd] AS path limit functionality has been removed + - [babeld] a new routing daemon implementing the BABEL ad-hoc mesh routing + protocol has been merged. + - [isisd] a major overhaul has been picked up. Please note that isisd is + STILL NOT SUITABLE FOR PRODUCTION USE. + - a lot of bugs have been fixed + * Added watchquagga daemon. + * Added DEP-3 conforming patch comments. + + -- Christian Hammers Sun, 06 May 2012 15:33:33 +0200 + +quagga (0.99.20.1-1) unstable; urgency=high + + * SECURITY: + CVE-2012-0249 - Quagga ospfd DoS on malformed LS-Update packet + CVE-2012-0250 - Quagga ospfd DoS on malformed Network-LSA data + CVE-2012-0255 - Quagga bgpd DoS on malformed OPEN message + * New upstream release. Closes: #664033 + + -- Christian Hammers Fri, 16 Mar 2012 22:14:05 +0100 + +quagga (0.99.20-4) unstable; urgency=low + + * Switch to dpkg-source 3.0 (quilt) format. + * Switch to changelog-format-1.0. + + -- Christian Hammers Sat, 25 Feb 2012 18:52:06 +0100 + +quagga (0.99.20-3) unstable; urgency=low + + * Added --sysconfdir back to the configure options (thanks to Sven-Haegar + Koch). Closes: #645649 + + -- Christian Hammers Tue, 18 Oct 2011 00:24:37 +0200 + +quagga (0.99.20-2) unstable; urgency=low + + * Bumped standards version to 0.9.2. + * Migrated to "dh" build system. + * Added quagga-dbg package. + + -- Christian Hammers Fri, 14 Oct 2011 23:59:26 +0200 + +quagga (0.99.20-1) unstable; urgency=low + + * New upstream release: + "The primary focus of this release is a fix of SEGV regression in ospfd, + which was introduced in 0.99.19. It also features a series of minor + improvements, including better RFC compliance in bgpd, better support + of FreeBSD and some enhancements to isisd." + * Fixes off-by-one bug (removed 20_ospf6_area_argv.dpatch). Closes: #519488 + + -- Christian Hammers Fri, 30 Sep 2011 00:59:24 +0200 + +quagga (0.99.19-1) unstable; urgency=high + + * SECURITY: + "This release provides security fixes, which address assorted + vulnerabilities in bgpd, ospfd and ospf6d (CVE-2011-3323, + CVE-2011-3324, CVE-2011-3325, CVE-2011-3326 and CVE-2011-3327). + * New upstream release. + * Removed incorporated debian/patches/92_opaque_lsa_enable.dpatch. + * Removed incorporated debian/patches/93_opaque_lsa_fix.dpatch. + * Removed obsolete debian/README.Debian.Woody and README.Debian.MD5. + + -- Christian Hammers Tue, 27 Sep 2011 00:16:27 +0200 + +quagga (0.99.18-1) unstable; urgency=low + + * SECURITY: + "This release fixes 2 denial of services in bgpd, which can be remotely + triggered by malformed AS-Pathlimit or Extended-Community attributes. + These issues have been assigned CVE-2010-1674 and CVE-2010-1675. + Support for AS-Pathlimit has been removed with this release." + * Added Brazilian Portuguese debconf translation. Closes: #617735 + * Changed section for quagga-doc from "doc" to "net". + * Added patch to fix FTBFS with latest GCC. Closes: #614459 + + -- Christian Hammers Tue, 22 Mar 2011 23:13:34 +0100 + +quagga (0.99.17-4) unstable; urgency=low + + * Added comment to init script (thanks to Marc Haber). Closes: #599524 + + -- Christian Hammers Thu, 13 Jan 2011 23:53:29 +0100 + +quagga (0.99.17-3) unstable; urgency=low + + * Fix FTBFS with ld --as-needed (thanks to Matthias Klose at Ubuntu). + Closes: #609555 + + -- Christian Hammers Thu, 13 Jan 2011 23:27:06 +0100 + +quagga (0.99.17-2) unstable; urgency=low + + * Added Danisch Debconf translation (thanks to Joe Dalton). Closes: #596259 + + -- Christian Hammers Sat, 18 Sep 2010 12:20:07 +0200 + +quagga (0.99.17-1) unstable; urgency=high + + * SECURITY: + "This release provides two important bugfixes, which address remote crash + possibility in bgpd discovered by CROSS team.": + 1. Stack buffer overflow by processing certain Route-Refresh messages + CVE-2010-2948 + 2. DoS (crash) while processing certain BGP update AS path messages + CVE-2010-2949 + Closes: #594262 + + -- Christian Hammers Wed, 25 Aug 2010 00:52:48 +0200 + +quagga (0.99.16-1) unstable; urgency=low + + * New upstream release. Closes: #574527 + * Added chrpath to debian/rules to fix rpath problems that lintian spottet. + + -- Christian Hammers Sun, 21 Mar 2010 17:05:40 +0100 + +quagga (0.99.15-2) unstable; urgency=low + + * Applied patch for off-by-one bug in ospf6d that caused a segmentation + fault when using the "area a.b.c.d filter-list prefix" command (thanks + to Steinar H. Gunderson). Closes: 519488 + + -- Christian Hammers Sun, 14 Feb 2010 20:02:03 +0100 + +quagga (0.99.15-1) unstable; urgency=low + + * New upstream release + "This fixes some annoying little ospfd and ospf6d regressions, which made + 0.99.14 a bit of a problem release (...) This release still contains a + regression in the "no ip address ..." command, at least on Linux. + See bug #486, which contains a workaround patch. This release should be + considered a 1.0.0 release candidate. Please test this release as widely + as possible." + * Fixed wrong port number in zebra.8 (thanks to Thijs Kinkhorst). + Closes: #517860 + * Added Russian Debconf tanslation (thanks to Yuri Kozlov). + Closes: #539464 + * Removed so-version in build-dep to libreadline-dev on request of + Matthias Klose. + * Added README.source with reference to dpatch as suggested by lintian. + * Bumped standards versionto 3.8.3. + + -- Christian Hammers Sun, 13 Sep 2009 18:12:06 +0200 + +quagga (0.99.14-1) unstable; urgency=low + + * New upstream release + "This release contains a regression fix for ospf6d, various small fixes + and some hopefully very significant bgpd stability fixes. + This release should be considered a 1.0.0 release candidate. Please test + this release as widely as possible." + * Fixes bug with premature LSA aging in ospf6d. Closes: #535030 + * Fixes section number in zebra.8 manpage. Closes: #517860 + + -- Christian Hammers Sat, 25 Jul 2009 00:40:38 +0200 + +quagga (0.99.13-2) unstable; urgency=low + + * Added Japanese Debconf translation (thanks to Hideki Yamane). + Closes: #510714 + * When checking for obsoleted config options in preinst, print filename + where it occures (thanks to Michael Bussmann). Closes: #339489 + + -- Christian Hammers Sun, 19 Jul 2009 17:13:23 +0200 + +quagga (0.99.13-1) unstable; urgency=low + + * New upstream release + "This release is contains a number of small fixes, for potentially + irritating issues, as well as small enhancements to vtysh and support + for linking to PCRE (a much faster regex library)." + * Added build-dep to gawk as configure required it for memtypes.awk + * Replaced build-dep to gs-gpl with ghostscript as requested by lintian + * Minor changes to copyright and control files to make lintian happy. + + -- Christian Hammers Wed, 24 Jun 2009 17:53:28 +0200 + +quagga (0.99.12-1) unstable; urgency=high + + * New upstream release + "This release fixes an urgent bug in bgpd where it could hit an assert + if it received a long AS_PATH with a 4-byte ASN." Noteworthy bugfixes: + + [bgpd] Fix bgp ipv4/ipv6 accept handling + + [bgpd] AS4 bugfix by Chris Caputo + + [bgpd] Allow accepted peers to progress even if realpeer is in Connect + + [ospfd] Switch Fletcher checksum back to old ospfd version + + -- Christian Hammers Mon, 22 Jun 2009 00:16:33 +0200 + +quagga (0.99.11-1) unstable; urgency=low + + * New upstream release + "Most regressions in 0.99 over 0.98 are now believed to be fixed. This + release should be considered a release-candidate for a new stable series." + + bgpd: Preliminary UI and Linux-IPv4 support for TCP-MD5 merged + + zebra: ignore dead routes in RIB update + + [ospfd] Default route needs to be refreshed after neighbour state change + + [zebra:netlink] Set proto/scope on all route update messages + * Removed debian/patches/20_*bgp*md5*.dpatch due to upstream support. + + -- Christian Hammers Thu, 09 Oct 2008 22:56:38 +0200 + +quagga (0.99.10-1) unstable; urgency=medium + + * New upstream release + + bgpd: 4-Byte AS Number support + + Sessions were incorrectly reset if a partial AS-Pathlimit attribute + was received. + + Advertisement of Multi-Protocol prefixes (i.e. non-IPv4) had been + broken in the 0.99.9 release. Closes: #467656 + + -- Christian Hammers Tue, 08 Jul 2008 23:32:42 +0200 + +quagga (0.99.9-6) unstable; urgency=low + + * Fixed FTBFS by adding a build-dep to libpcre3-dev (thanks to Luk Claes). + Closes: #469891 + + -- Christian Hammers Sat, 12 Apr 2008 12:53:51 +0200 + +quagga (0.99.9-5) unstable; urgency=low + + * C.J. Adams-Collier and Paul Jakma suggested to build against libpcre3 + which is supposed to be faster. + + -- Christian Hammers Sun, 02 Mar 2008 13:19:42 +0100 + +quagga (0.99.9-4) unstable; urgency=low + + * Added hardening-wrapper to the build-deps (thanks to Moritz Muehlenhoff). + + -- Christian Hammers Tue, 29 Jan 2008 22:33:56 +0100 + +quagga (0.99.9-3) unstable; urgency=low + + * Replaced the BGP patch by a new one so that the package builds again + with kernels above 2.6.21! + * debian/control: + + Moved quagga-doc to section doc to make lintian happy. + * Added Spanish debconf translation (thanks to Carlos Galisteo de Cabo). + Closes: #428574 + * debian/control: (thanks to Marco Rodrigues) + + Bump Standards-Version to 3.7.3 (no changes needed). + + Add Homepage field. + + -- Christian Hammers Mon, 28 Jan 2008 22:29:18 +0100 + +quagga (0.99.9-2.1) unstable; urgency=low + + * Non-maintainer upload. + * debian/rules: fixed bashisms. (Closes: #459122) + + -- Miguel Angel Ruiz Manzano Tue, 22 Jan 2008 14:37:21 -0300 + +quagga (0.99.9-2) unstable; urgency=low + + * Added CVE id for the security bug to the last changelog entry. + Closes: 442133 + + -- Christian Hammers Tue, 25 Sep 2007 22:01:31 +0200 + +quagga (0.99.9-1) unstable; urgency=high + + * SECURITY: + "This release fixes two potential DoS conditions in bgpd, reported by Mu + Security, where a bgpd could be crashed if a peer sent a malformed OPEN + message or a malformed COMMUNITY attribute. Only configured peers can do + this, hence we consider these issues to be very low impact." CVE-2007-4826 + + -- Christian Hammers Wed, 12 Sep 2007 21:12:41 +0200 + +quagga (0.99.8-1) unstable; urgency=low + + * New upstream version. + + -- Christian Hammers Fri, 17 Aug 2007 00:07:04 +0200 + +quagga (0.99.7-3) unstable; urgency=medium + + * Applied patch for FTBFS with linux-libc-dev (thanks to Andrew J. Schorr + and Lucas Nussbaum). Closes: #429003 + + -- Christian Hammers Fri, 22 Jun 2007 21:34:55 +0200 + +quagga (0.99.7-2) unstable; urgency=low + + * Added Florian Weimar as co-maintainer. Closes: 421977 + * Added Dutch debconf translation (thanks to Bart Cornelis). + Closes: #420932 + * Added Portuguese debconf translation (thanks to Rui Branco). + Closes: #421185 + * Improved package description (thanks to Reuben Thomas). + Closes: #418933 + * Added CVE Id to 0.99.6-5 changelog entry. + + -- Christian Hammers Wed, 02 May 2007 20:27:12 +0200 + +quagga (0.99.7-1) unstable; urgency=low + + * New upstream release. Closes: #421553 + + -- Christian Hammers Mon, 30 Apr 2007 14:22:34 +0200 + +quagga (0.99.6-6) unstable; urgency=medium + + * Fixes FTBFS with tetex-live. Closes: #420468 + + -- Christian Hammers Mon, 23 Apr 2007 21:34:13 +0200 + +quagga (0.99.6-5) unstable; urgency=high + + * SECURITY: + The bgpd daemon was vulnerable to a Denial-of-Service. Configured peers + could cause a Quagga bgpd to, typically, assert() and abort. The DoS + could be triggered by peers by sending an UPDATE message with a crafted, + malformed Multi-Protocol reachable/unreachable NLRI attribute. + This is CVE-2007-1995 and Quagga Bug#354. Closes: #418323 + + -- Christian Hammers Thu, 12 Apr 2007 23:21:58 +0200 + +quagga (0.99.6-4) unstable; urgency=low + + * Improved note in README.Debian for SNMP self-builders (thanks to Matthias + Wamser). Closes: #414788 + + -- Christian Hammers Wed, 14 Mar 2007 02:18:57 +0100 + +quagga (0.99.6-3) unstable; urgency=low + + * Updated German Debconf translation (thanks to Matthias Julius). + Closes: #409327 + + -- Christian Hammers Sat, 10 Feb 2007 15:06:16 +0100 + +quagga (0.99.6-2) unstable; urgency=low + + * Updated config.guess/config.sub as suggested by lintian. + * Corrected README.Debian text regarding the WANT_SNMP flag. + + -- Christian Hammers Sun, 17 Dec 2006 01:45:37 +0100 + +quagga (0.99.6-1) unstable; urgency=low + + * New upstream release. Closes: #402361 + + -- Christian Hammers Mon, 11 Dec 2006 00:28:09 +0100 + +quagga (0.99.5-5) unstable; urgency=high + + * Changed Depends on adduser to Pre-Depends to avoid uninstallability + in certain cases (thanks to Steve Langasek, Lucas Nussbaum). + Closes: #398562 + + -- Christian Hammers Wed, 15 Nov 2006 17:46:34 +0100 + +quagga (0.99.5-4) unstable; urgency=low + + * Added default PAM file and some explanations regarding PAM authentication + of vtysh which could prevent the start at boot-time when used wrong. + Now PAM permits anybody to access the vtysh tool (a malicious user could + build his own vtysh without PAM anyway) and the access is controled by + the read/write permissions of the vtysh socket which are only granted to + users belonging to the quaggavty group (thanks to Wakko Warner). + Closes: #389496 + * Added "case" to prerm script so that the Debconf question is not called a + second time in e.g. "new-prerm abort-upgrade" after being NACKed in the + old-prerm. + + -- Christian Hammers Fri, 3 Nov 2006 01:22:15 +0100 + +quagga (0.99.5-3) unstable; urgency=medium + + * Backport CVS fix for an OSPF DD Exchange regression (thanks to Matt + Brown). Closes: #391040 + + -- Christian Hammers Wed, 25 Oct 2006 19:47:11 +0200 + +quagga (0.99.5-2) unstable; urgency=medium + + * Added LSB info section to initscript. + * Removed unnecessary depends to libncurses5 to make checklib happy. + The one to libcap should remain though as it is just temporarily + unused. + + -- Christian Hammers Thu, 21 Sep 2006 00:04:07 +0200 + +quagga (0.99.5-1) unstable; urgency=low + + * New upstream release. Closes: #38704 + * Upstream fixes ospfd documentary inconsistency. Closes: #347897 + * Changed debconf question in prerm to "high" (thanks to Rafal Pietrak). + + -- Christian Hammers Mon, 11 Sep 2006 23:43:42 +0200 + +quagga (0.99.4-4) unstable; urgency=low + + * Recreate /var/run if not present because /var is e.g. on a tmpfs + filesystem (thanks to Martin Pitt). Closes: #376142 + * Removed nonexistant option from ospfd.8 manpage (thanks to + David Medberry). Closes: 378274 + + -- Christian Hammers Sat, 15 Jul 2006 20:22:12 +0200 + +quagga (0.99.4-3) unstable; urgency=low + + * Removed invalid semicolon from rules file (thanks to Philippe Gramoulle). + + -- Christian Hammers Tue, 27 Jun 2006 23:36:07 +0200 + +quagga (0.99.4-2) unstable; urgency=high + + * Set urgency to high as 0.99.4-1 fixes a security problem! + * Fixed building of the info file. + + -- Christian Hammers Sun, 14 May 2006 23:04:28 +0200 + +quagga (0.99.4-1) unstable; urgency=low + + * New upstream release to fix a security problem in the telnet interface + of the BGP daemon which could be used for DoS attacks (CVE-2006-2276). + Closes: 366980 + + -- Christian Hammers Sat, 13 May 2006 19:54:40 +0200 + +quagga (0.99.3-3) unstable; urgency=low + + * Added CVE numbers for the security patch in 0.99.3-2. + + -- Christian Hammers Sat, 6 May 2006 17:14:22 +0200 + +quagga (0.99.3-2) unstable; urgency=high + + * SECURITY: + Added security bugfix patch from upstream BTS for security problem + that could lead to injected routes when using RIPv1. + CVE-2006-2223 - missing configuration to disable RIPv1 or require + plaintext or MD5 authentication + CVE-2006-2224 - lack of enforcement of RIPv2 authentication requirements + Closes: #365940 + * First amd64 upload. + + -- Christian Hammers Thu, 4 May 2006 00:22:09 +0200 + +quagga (0.99.3-1) unstable; urgency=low + + * New upstream release + + -- Christian Hammers Wed, 25 Jan 2006 13:37:27 +0100 + +quagga (0.99.2-1) unstable; urgency=low + + * New upstream release + Closes: #330248, #175553 + + -- Christian Hammers Wed, 16 Nov 2005 00:25:52 +0100 + +quagga (0.99.1-7) unstable; urgency=low + + * Changed debian/rules check for mounted /proc directory to check + for /proc/1 as not all systems (e.g. 2.6 arm kernels) have + /proc/kcore which is a optional feature only (thanks to Lennert + Buytenhek). Closes: #335695 + * Added Swedish Debconf translation (thanks to Daniel Nylander). + Closes: #331367 + + -- Christian Hammers Thu, 27 Oct 2005 20:53:19 +0200 + +quagga (0.99.1-6) unstable; urgency=low + + * Fixed debconf dependency as requested by Joey Hess. + + -- Christian Hammers Mon, 26 Sep 2005 20:47:35 +0200 + +quagga (0.99.1-5) unstable; urgency=low + + * Rebuild with libreadline5-dev as build-dep as requested by + Matthias Klose. Closes: #326306 + * Made initscript more fault tolerant against missing lines in + /etc/quagga/daemons (thanks to Ralf Hildebrandt). Closes: #323774 + * Added dependency to adduser. + + -- Christian Hammers Tue, 13 Sep 2005 21:42:17 +0200 + +quagga (0.99.1-4) unstable; urgency=low + + * Added French Debconf translation (thanks to Mohammed Adnene Trojette). + Closes: #319324 + * Added Czech Debconf translation (thanks to Miroslav Kure). + Closes: #318127 + + -- Christian Hammers Sun, 31 Jul 2005 04:19:41 +0200 + +quagga (0.99.1-3) unstable; urgency=low + + * A Debconf question now asks the admin before upgrading if the daemon + should really be stopped as this could lead to the loss of network + connectivity or BGP flaps (thanks to Michael Horn and Achilleas Kotsis). + Also added a hint about setting Quagga "on hold" to README.Debian. + Closes: #315467 + * Added patch to build on Linux/ARM. + + -- Christian Hammers Sun, 10 Jul 2005 22:19:38 +0200 + +quagga (0.99.1-2) unstable; urgency=low + + * Fixed SNMP enabled command in debian/rules (thanks to Christoph Kluenter). + Closes: #306840 + + -- Christian Hammers Sat, 4 Jun 2005 14:04:01 +0200 + +quagga (0.99.1-1) unstable; urgency=low + + * New upstream version. Among others: + - BGP graceful restart and "match ip route-source" added + - support for interface renaming + - improved threading for better responsivness under load + * Switched to dpatch to make diffs cleaner. + * Made autoreconf unnecessary. + * Replaced quagga.dvi and quagga.ps by quagga.pdf in quagga-doc. + (the PostScript would have needed Makefile corrections and PDF + is more preferable anyway) + * Added isisd to the list of daemons in /etc/init.d/quagga (thanks + to Ernesto Elbe). + * Added hint for "netlink-listen: overrun" messages (thanks to + Hasso Tepper). + * Added preinst check that bails out if old smux options are in use + as Quagga would not start up else anyway (thanks to Bjorn Mork). + Closes: #308320 + + -- Christian Hammers Fri, 13 May 2005 01:18:24 +0200 + +quagga (0.98.3-7) unstable; urgency=high + + * Removed SNMP support as linking against NetSNMP introduced a dependency + to OpenSSL which is not compatible to the GPL which governs this + application (thanks to Faidon Liambotis). See README.Debian for more + information. Closes: #306840 + * Changed listening address of ospf6d and ripngd from 127.0.0.1 to "::1". + * Added build-dep to groff to let drafz-zebra-00.txt build correctly. + + -- Christian Hammers Wed, 4 May 2005 20:08:14 +0200 + +quagga (0.98.3-6) testing-proposed-updates; urgency=high + + * Removed "Recommends kernel-image-2.4" as aptitude then + installes a kernel-image for an arbitrary architecture as long + as it fullfill that recommendation which can obviously fatal + at the next reboot :) Also it is a violation of the policy + which mandates a reference to real packages (thanks to Holger Levsen). + Closes: #307281 + + -- Christian Hammers Tue, 3 May 2005 22:53:39 +0200 + +quagga (0.98.3-5) unstable; urgency=high + + * The patch which tried to remove the OpenSSL dependency, which is + not only unneccessary but also a violation of the licence and thus RC, + stopped working a while ago, since autoreconf is no longer run before + building the binaries. So now ./configure is patched directly (thanks + to Faidon Liambotis for reporting). Closes: #306840 + * Raised Debhelper compatibility level from 3 to 4. Nothing changed. + * Added build-dep to texinfo (>= 4.7) to ease work for www.backports.org. + + -- Christian Hammers Fri, 29 Apr 2005 02:31:03 +0200 + +quagga (0.98.3-4) unstable; urgency=low + + * Removed Debconf upgrade note as it was considered a Debconf abuse + and apart from that so obvious that it was not even worth to be + put into NEWS.Debian (thanks to Steve Langasek). Closes: #306384 + + -- Christian Hammers Wed, 27 Apr 2005 00:10:24 +0200 + +quagga (0.98.3-3) unstable; urgency=medium + + * Adding the debconf module due to a lintian suggestion is a very + bad idea if no db_stop is called as the script hangs then (thanks + to Tore Anderson for reporting). Closes: #306324 + + -- Christian Hammers Mon, 25 Apr 2005 21:55:58 +0200 + +quagga (0.98.3-2) unstable; urgency=low + + * Added debconf confmodule to postinst as lintian suggested. + + -- Christian Hammers Sun, 24 Apr 2005 13:16:00 +0200 + +quagga (0.98.3-1) unstable; urgency=low + + * New upstream release. + Mmost notably fixes last regression in bgpd (reannounce of prefixes + with changed attributes works again), race condition in netlink + handling while using IPv6, MTU changes handling in ospfd and several + crashes in ospfd, bgpd and ospf6d. + + -- Christian Hammers Mon, 4 Apr 2005 12:51:24 +0200 + +quagga (0.98.2-2) unstable; urgency=low + + * Added patch to let Quagga compile with gcc-4.0 (thanks to + Andreas Jochens). Closes: #300949 + + -- Christian Hammers Fri, 25 Mar 2005 19:33:30 +0100 + +quagga (0.98.2-1) unstable; urgency=medium + + * Quoting the upstream announcement: + The 0.98.1 release unfortunately was a brown paper bag release with + respect to ospfd. [...] 0.98.2 has been released, with one crucial change + to fix the unfortunate mistake in 0.98.1, which caused problems if + ospfd became DR. + * Note: the upstream tarball had a strange problem, apparently redhat.spec + was twice in it? At least debuild gave a strange error message so I + unpacked it by hand. No changes were made to the .orig.tar.gz! + + -- Christian Hammers Fri, 4 Feb 2005 01:31:36 +0100 + +quagga (0.98.1-1) unstable; urgency=medium + + * New upstream version + "fixing a fatal OSPF + MD5 auth regression, and a non-fatal high-load + regression in bgpd which were present in the 0.98.0 release." + * Upstream version fixes bug in ospfd that could lead to crash when OSPF + packages had a MTU > 1500. Closes: #290566 + * Added notice regarding capability kernel support to README.Debian + (thanks to Florian Weimer). Closes: #291509 + * Changed permission setting in postinst script (thanks to Bastian Blank). + Closes: #292690 + + -- Christian Hammers Tue, 1 Feb 2005 02:01:27 +0100 + +quagga (0.98.0-3) unstable; urgency=low + + * Fixed problem in init script. Closes: #290317 + * Removed obsolete "smux peer enable" patch. + + -- Christian Hammers Fri, 14 Jan 2005 17:37:27 +0100 + +quagga (0.98.0-2) unstable; urgency=low + + * Updated broken TCP MD5 patch for BGP (thanks to John P. Looney + for telling me). + + -- Christian Hammers Thu, 13 Jan 2005 02:03:54 +0100 + +quagga (0.98.0-1) unstable; urgency=low + + * New upstream release + * Added kernel-image-2.6 as alternative to 2.4 to the recommends + (thanks to Faidon Liambotis). Closes: #289530 + + -- Christian Hammers Mon, 10 Jan 2005 19:36:17 +0100 + +quagga (0.97.5-1) unstable; urgency=low + + * New upstream version. + * Added Czech debconf translation (thanks to Miroslav Kure). + Closes: #287293 + * Added Brazilian debconf translation (thanks to Andre Luis Lopes). + Closes: #279352 + + -- Christian Hammers Wed, 5 Jan 2005 23:49:57 +0100 + +quagga (0.97.4-2) unstable; urgency=low + + * Fixed quagga.info build problem. + + -- Christian Hammers Wed, 5 Jan 2005 22:38:01 +0100 + +quagga (0.97.4-1) unstable; urgency=low + + * New upstream release. + + -- Christian Hammers Tue, 4 Jan 2005 01:45:22 +0100 + +quagga (0.97.3-2) unstable; urgency=low + + * Included isisd in the daemon list. + * Wrote an isisd manpage. + * It is now ensured that zebra is always the last daemon to be stopped. + * (Thanks to Hasso Tepper for mailing me a long list of suggestions + which lead to this release) + + -- Christian Hammers Sat, 18 Dec 2004 13:14:55 +0100 + +quagga (0.97.3-1) unstable; urgency=medium + + * New upstream version. + - Fixes important OSPF bug. + * Added ht-20040911-smux.patch regarding Quagga bug #112. + * Updated ht-20041109-0.97.3-bgp-md5.patch for BGP with TCP MD5 + (thanks to Matthias Wamser). + + -- Christian Hammers Tue, 9 Nov 2004 17:45:26 +0100 + +quagga (0.97.2-4) unstable; urgency=low + + * Added Portuguese debconf translation (thanks to Andre Luis Lopes). + Closes: #279352 + * Disabled ospfapi server by default on recommendation of Paul Jakma. + + -- Christian Hammers Sun, 7 Nov 2004 15:07:05 +0100 + +quagga (0.97.2-3) unstable; urgency=low + + * Added Andrew Schorrs VTY Buffer patch from the [quagga-dev 1729]. + + -- Christian Hammers Tue, 2 Nov 2004 00:46:56 +0100 + +quagga (0.97.2-2) unstable; urgency=low + + * Changed file and directory permissions and ownerships according to a + suggestion from Paul Jakma. Still not perfect though. + * Fixed upstream vtysh.conf.sample file. + * "ip ospf network broadcast" is now saved correctly. Closes: #244116 + * Daemon options are now in /etc/quagga/debian.conf to be user + configurable (thanks to Simon Raven and Hasso Tepper). Closes: #266715 + + -- Christian Hammers Tue, 26 Oct 2004 23:35:45 +0200 + +quagga (0.97.2-1) unstable; urgency=low + + * New upstream version. + Closes: #254541 + * Fixed warning on unmodular kernels (thanks to Christoph Biedl). + Closes: #277973 + + -- Christian Hammers Mon, 25 Oct 2004 00:47:04 +0200 + +quagga (0.97.1-2) unstable; urgency=low + + * Version 0.97 introduced shared libraries. They are now included. + (thanks to Raf D'Halleweyn). Closes: #277446 + + -- Christian Hammers Wed, 20 Oct 2004 15:32:06 +0200 + +quagga (0.97.1-1) unstable; urgency=low + + * New upstream version. + * Removed some obsolete files from debian/patches. + * Added patch from upstream bug 113. Closes: #254541 + * Added patch from upstream that fixes a compilation problem in the + ospfclient code (thanks to Hasso Tepper). + * Updated German debconf translation (thanks to Jens Nachtigall) + Closes: #277059 + + -- Christian Hammers Mon, 18 Oct 2004 01:16:35 +0200 + +quagga (0.96.5-11) unstable; urgency=low + + * Fixed /tmp/buildd/* paths in binaries. + For some unknown reason the upstream Makefile modified a .h file at + the end of the "debian/rules build" target. During the following + "make install" one library got thus be re*compiled* - with /tmp/buildd + paths as sysconfdir (thanks to Peder Chr. Norgaard). Closes: #274050 + + -- Christian Hammers Fri, 1 Oct 2004 01:21:02 +0200 + +quagga (0.96.5-10) unstable; urgency=medium + + * The BGP routing daemon might freeze on network disturbances when + their peer is also a Quagga/Zebra router. + Applied patch from http://bugzilla.quagga.net/show_bug.cgi?id=102 + which has been confirmed by the upstream author. + (thanks to Gunther Stammwitz) + * Changed --enable-pam to --with-libpam (thanks to Hasso Tepper). + Closes: #264562 + * Added patch for vtysh (thanks to Hasso Tepper). Closes: #215919 + + -- Christian Hammers Mon, 9 Aug 2004 15:33:02 +0200 + +quagga (0.96.5-9) unstable; urgency=low + + * Rewrote the documentation chapter about SNMP support. Closes: #195653 + * Added MPLS docs. + + -- Christian Hammers Thu, 29 Jul 2004 21:01:52 +0200 + +quagga (0.96.5-8) unstable; urgency=low + + * Adjusted a grep in the initscript to also match a modprobe message + from older modutils packages (thanks to Faidon Paravoid). + + -- Christian Hammers Wed, 28 Jul 2004 21:19:02 +0200 + +quagga (0.96.5-7) unstable; urgency=low + + * Added a "cd /etc/quagga/" to the init script as quagga tries to load + the config file first from the current working dir and then from the + config dir which could lead to confusion (thanks to Marco d'Itri). + Closes: #255078 + * Removed warning regarding problems with the Debian kernels from + README.Debian as they are no longer valid (thanks to Raphael Hertzog). + Closes: #257580 + * Added patch from Hasso Tepper that makes "terminal length 0" work + in vtysh (thanks to Matthias Wamser). Closes: #252579 + + -- Christian Hammers Thu, 8 Jul 2004 21:53:21 +0200 + +quagga (0.96.5-6) unstable; urgency=low + + * Try to load the capability module as it is needed now. + + -- Christian Hammers Tue, 8 Jun 2004 23:25:29 +0200 + +quagga (0.96.5-5) unstable; urgency=low + + * Changed the homedir of the quagga user to /etc/quagga/ to allow + admins to put ~/.ssh/authorized_keys there (thanks to Matthias Wamser). + Closes: #252577 + + -- Christian Hammers Sat, 5 Jun 2004 14:47:31 +0200 + +quagga (0.96.5-4) unstable; urgency=medium + + * Fixed rules file to use the renamed ./configure option --enable-tcp-md5 + (thanks to Matthias Wamser). Closes: #252141 + + -- Christian Hammers Tue, 1 Jun 2004 22:58:32 +0200 + +quagga (0.96.5-3) unstable; urgency=low + + * Provided default binary package name to all build depends that were + virtual packages (thanks to Goswin von Brederlow). Closes: #251625 + + -- Christian Hammers Sat, 29 May 2004 22:48:53 +0200 + +quagga (0.96.5-2) unstable; urgency=low + + * New upstream version. + * New md5 patch version (thanks to Niklas Jakobsson and Hasso Tepper). + Closes: #250985 + * Fixes info file generation (thanks to Peder Chr. Norgaard). + Closes: #250992 + * Added catalan debconf translation (thanks to Aleix Badia i Bosch). + Closes: #250118 + * PATCHES: + This release contains BGP4 MD5 support which requires a kernel patch + to work. See /usr/share/doc/quagga/README.Debian.MD5. + (The patch is ht-20040525-0.96.5-bgp-md5.patch from Hasso Tepper) + + -- Christian Hammers Thu, 27 May 2004 20:09:37 +0200 + +quagga (0.96.5-1) unstable; urgency=low + + * New upstream version. + * PATCHES: + This release contains BGP4 MD5 support which also requires a kernel patch. + See /usr/share/doc/quagga/README.Debian.MD5 and search for CAN-2004-0230. + + -- Christian Hammers Sun, 16 May 2004 17:40:40 +0200 + +quagga (0.96.4x-10) unstable; urgency=low + + * SECURITY: + This release contains support for MD5 for BGP which is one suggested + prevention of the actually long known TCP SYN/RST attacks which got + much news in the last days as ideas were revealed that made them much + easier probable agains especially the BGP sessions than commonly known. + There are a lot of arguments agains the MD5 approach but some ISPs + started to require it. + See: CAN-2004-0230, http://www.us-cert.gov/cas/techalerts/TA04-111A.html + * PATCHES: + This release contains the MD5 patch from Hasso Tepper. It also seems to + required a kernel patch. See /usr/share/doc/quagga/README.Debian.MD5. + + -- Christian Hammers Thu, 29 Apr 2004 01:01:38 +0200 + +quagga (0.96.4x-9) unstable; urgency=low + + * Fixed daemon loading order (thanks to Matt Kemner). + * Fixed typo in init script (thanks to Charlie Brett). Closes: #238582 + + -- Christian Hammers Sun, 4 Apr 2004 15:32:18 +0200 + +quagga (0.96.4x-8) unstable; urgency=low + + * Patched upstream source so that quagga header files end up in + /usr/include/quagga/. Closes: #233792 + + -- Christian Hammers Mon, 23 Feb 2004 01:42:53 +0100 + +quagga (0.96.4x-7) unstable; urgency=low + + * Fixed info file installation (thanks to Holger Dietze). Closes: #227579 + * Added Japanese translation (thanks to Hideki Yamane). Closes: #227812 + + -- Christian Hammers Sun, 18 Jan 2004 17:28:29 +0100 + +quagga (0.96.4x-6) unstable; urgency=low + + * Added dependency to iproute. + * Initscript now checks not only for the pid file but also for the + daemons presence (thanks to Phil Gregory). Closes: #224389 + * Added my patch to configure file permissions. + + -- Christian Hammers Mon, 15 Dec 2003 22:34:29 +0100 + +quagga (0.96.4x-5) unstable; urgency=low + + * Added patch which gives bgpd the CAP_NET_RAW capability to allow it + to bind to special IPv6 link-local interfaces (Thanks to Bastian Blank). + Closes: #222930 + * Made woody backport easier by applying Colin Watsons po-debconf hack. + Thanks to Marc Haber for suggesting it. Closes: #223527 + * Made woody backport easier by applying a patch that removes some + obscure whitespaces inside an C macro. (Thanks to Marc Haber). + Closes: #223529 + * Now uses /usr/bin/pager. Closes: #204070 + * Added note about the "official woody backports" on my homepage. + + -- Christian Hammers Mon, 15 Dec 2003 20:39:06 +0100 + +quagga (0.96.4x-4) unstable; urgency=high + + * SECURITY: + Fixes another bug that was originally reported against Zebra. + . + http://rhn.redhat.com/errata/RHSA-2003-307.html + Herbert Xu reported that Zebra can accept spoofed messages sent on the + kernel netlink interface by other users on the local machine. This could + lead to a local denial of service attack. The Common Vulnerabilities and + Exposures project (cve.mitre.org) has assigned the name CAN-2003-0858 to + this issue. + + * Minor improvements to init script (thanks to Iustin Pop). + Closes: #220938 + + -- Christian Hammers Sat, 22 Nov 2003 13:27:57 +0100 + +quagga (0.96.4x-3) unstable; urgency=low + + * Changed "more" to "/usr/bin/pager" as default pager if $PAGER or + $VTYSH_PAGER is not set (thanks to Bastian Blank). Closes: #204070 + * Made the directory (but not the config/log files!) world accessible + again on user request (thanks to Anand Kumria)). Closes: #213129 + * No longer providing sample configuration in /etc/quagga/. They are + now only available in /usr/share/doc/quagga/ to avoid accidently + using them without changing the adresses (thanks to Marc Haber). + Closes: #215918 + + -- Christian Hammers Sun, 16 Nov 2003 16:59:30 +0100 + +quagga (0.96.4x-2) unstable; urgency=low + + * Fixed permission problem with pidfile (thanks to Kir Kostuchenko). + Closes: #220938 + + -- Christian Hammers Sun, 16 Nov 2003 14:24:08 +0100 + +quagga (0.96.4x-1) unstable; urgency=low + + * Reupload of 0.96.4. Last upload-in-a-hurry produced a totally + crappy .tar.gz file. Closes: #220621 + + -- Christian Hammers Fri, 14 Nov 2003 19:45:57 +0100 + +quagga (0.96.4-1) unstable; urgency=high + + * SECURITY: Remote DoS of protocol daemons. + Fix for a remote triggerable crash in vty layer. The management + ports ("telnet myrouter ospfd") should not be open to the internet! + + * New upstream version. + - OSPF bugfixes. + - Some improvements for bgp and rip. + + -- Christian Hammers Thu, 13 Nov 2003 11:52:27 +0100 + +quagga (0.96.3-3) unstable; urgency=low + + * Fixed pid file generation by substituting the daemons "-d" by the + start-stop-daemon option "--background" (thanks to Micha Gaisser). + Closes: #218103 + + -- Christian Hammers Wed, 29 Oct 2003 05:17:49 +0100 + +quagga (0.96.3-2) unstable; urgency=low + + * Readded GNOME-PRODUCT-ZEBRA-MIB. + + -- Christian Hammers Thu, 23 Oct 2003 06:17:03 +0200 + +quagga (0.96.3-1) unstable; urgency=medium + + * New upstream version. + * Removed -u and -e in postrm due to problems with debhelper and userdel + (thanks to Adam Majer and Jaakko Niemi). Closes: #216770 + * Removed SNMP MIBs as they are now included in libsnmp-base (thanks to + David Engel and Peter Gervai). Closes: #216138, #216086 + * Fixed seq command in init script (thanks to Marc Haber). Closes: #215915 + * Improved /proc check (thanks to Marc Haber). Closes: #212331 + + -- Christian Hammers Thu, 23 Oct 2003 03:42:02 +0200 + +quagga (0.96.2-9) unstable; urgency=medium + + * Removed /usr/share/info/dir.* which were accidently there and prevented + the installation by dpkg (thanks to Simon Raven). Closes: #212614 + * Reworded package description (thanks to Anand Kumria). Closes: #213125 + * Added french debconf translation (thanks to Christian Perrier). + Closes: #212803 + + -- Christian Hammers Tue, 7 Oct 2003 13:26:58 +0200 + +quagga (0.96.2-8) unstable; urgency=low + + * debian/rules now checks if /proc is mounted as ./configure needs + it but just fails with an obscure error message if it is absent. + (Thanks to Norbert Tretkowski). Closes: #212331 + + -- Christian Hammers Tue, 23 Sep 2003 12:57:38 +0200 + +quagga (0.96.2-7) unstable; urgency=low + + * Last build was rejected due to a buggy dpkg-dev version. Rebuild. + + -- Christian Hammers Mon, 22 Sep 2003 20:34:12 +0200 + +quagga (0.96.2-6) unstable; urgency=low + + * Fixed init script so that is is now possible to just start + the bgpd but not the zebra daemon. Also daemons are now actually + started in the order defined their priority. (Thanks to Thomas Kaehn + and Jochen Friedrich) Closes: #210924 + + -- Christian Hammers Fri, 19 Sep 2003 21:17:02 +0200 + +quagga (0.96.2-5) unstable; urgency=low + + * For using quagga as BGP route server or similar, it is not + wanted to have the zebra daemon running too. For this reason + it can now be disabled in /etc/quagga/daemons, too. + (Thanks to Jochen Friedrich). Closes: #210924 + * Attached *unapplied* patch for the ISIS protocol. I did not dare + to apply it as long as upstream does not do it but this way give + users the possibilities to use it if they like to. + (Thanks to Remco van Mook) + + -- Christian Hammers Wed, 17 Sep 2003 19:57:31 +0200 + +quagga (0.96.2-4) unstable; urgency=low + + * Enabled IPV6 router advertisement feature by default on user request + (thanks to Jochen Friedrich and Hasso Tepper). Closes: #210732 + * Updated GNU autoconf to let it build on hppa/parisc64 (thanks to + lamont). Closes: #210492 + + -- Christian Hammers Sat, 13 Sep 2003 14:11:13 +0200 + +quagga (0.96.2-3) unstable; urgency=medium + + * Removed unnecessary "-lcrypto" to avoid dependency against OpenSSL + which would require further copyright addtions. + + -- Christian Hammers Wed, 10 Sep 2003 01:37:28 +0200 + +quagga (0.96.2-2) unstable; urgency=low + + * Added note that config files of quagga are in /etc/quagga and + not /etc/zebra for the zebra users that migrate to quagga. + (Thanks to Roberto Suarez Soto for the idea) + * Fixed setgid rights in /etc/quagga. + + -- Christian Hammers Wed, 27 Aug 2003 14:05:39 +0200 + +quagga (0.96.2-1) unstable; urgency=low + + * This package has formally been known as "zebra-pj"! + * New upstream release. + Fixes "anoying OSPF problem". + * Modified group ownerships so that vtysh can now be used by normal + uses if they are in the quaggavty group. + + -- Christian Hammers Mon, 25 Aug 2003 23:40:14 +0200 + +quagga (0.96.1-1) unstable; urgency=low + + * Zebra-pj, the fork of zebra has been renamed to quagga as the original + upstream author asked the new project membed not to use "zebra" in the + name. zebra-pj is obsolete. + + -- Christian Hammers Mon, 18 Aug 2003 23:37:20 +0200 + +zebra-pj (0.94+cvs20030721-1) unstable; urgency=low + + * New CVS build. + - OSPF changes (integration of the OSPF API?) + - code cleanups (for ipv6?) + * Tightened Build-Deps to gcc-2.95 as 3.x does not compile a stable ospfd. + This is a known problem and has been discussed on the mailing list. + No other solutions so far. + + -- Christian Hammers Mon, 21 Jul 2003 23:52:00 +0200 + +zebra-pj (0.94+cvs20030701-1) unstable; urgency=low + + * Initial Release. + + -- Christian Hammers Tue, 1 Jul 2003 01:58:06 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..73a20cc --- /dev/null +++ b/debian/control @@ -0,0 +1,242 @@ +Source: quagga +Section: net +Priority: optional +Maintainer: Scott Leggett +Build-Depends: + chrpath, + debhelper (>= 10.0.0), + gawk, + ghostscript, + groff, + imagemagick, + libc-ares-dev, + libcap-dev, + libncurses5-dev, + libpam0g-dev | libpam-dev, + libpcre3-dev, + libreadline-dev, + libsnmp-dev, + moreutils, + pkg-config, + po-debconf, + texinfo (>= 4.7), + texlive-fonts-recommended, + texlive-generic-recommended, + texlive-latex-base +Standards-Version: 4.1.1 +Vcs-git: https://gitlab.com/smlx/quagga.git +Vcs-browser: https://gitlab.com/smlx/quagga +Homepage: http://www.quagga.net/ + +Package: quagga +Architecture: any +Depends: + quagga-bgpd (= ${binary:Version}), + quagga-core (= ${binary:Version}), + quagga-isisd (= ${binary:Version}), + quagga-ospf6d (= ${binary:Version}), + quagga-ospfd (= ${binary:Version}), + quagga-pimd (= ${binary:Version}), + quagga-ripd (= ${binary:Version}), + quagga-ripngd (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Description: network routing daemons (metapackage) + GNU Quagga is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, and RIPng as + well as the IPv6 versions of these. + . + As the predecessor Zebra has been considered orphaned, the Quagga project + has been formed by members of the zebra mailing list and the former + zebra-pj project to continue developing. + . + Quagga uses threading if the kernel supports it, but can also run on + kernels that do not support threading. Each protocol has its own daemon. + . + It is more than a routed replacement, it can be used as a Route Server and + a Route Reflector. + . + This metapackage depends on the full suite of Quagga routing daemons. + +Package: quagga-core +Architecture: any +Depends: + iproute2, + ${misc:Depends}, + ${shlibs:Depends} +Pre-Depends: + adduser, + dpkg (>= 1.17.14) +Conflicts: + zebra, + zebra-pj +Replaces: + libquagga0 (<< 1.1.1-2~), + quagga (<< 1.1.0-1), + zebra, + zebra-pj +Breaks: + libquagga0 (<< 1.1.1-2~), + quagga (<< 1.1.0-1) +Suggests: + quagga-bgpd (= ${binary:Version}), + quagga-isisd (= ${binary:Version}), + quagga-ospf6d (= ${binary:Version}), + quagga-ospfd (= ${binary:Version}), + quagga-pimd (= ${binary:Version}), + quagga-ripd (= ${binary:Version}), + quagga-ripngd (= ${binary:Version}), + snmpd +Description: network routing daemons (core abstraction layer) + GNU Quagga is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, and RIPng as + well as the IPv6 versions of these. + . + As the predecessor Zebra has been considered orphaned, the Quagga project + has been formed by members of the zebra mailing list and the former + zebra-pj project to continue developing. + . + Quagga uses threading if the kernel supports it, but can also run on + kernels that do not support threading. Each protocol has its own daemon. + . + It is more than a routed replacement, it can be used as a Route Server and + a Route Reflector. + . + This package provides the zebra daemon, vtysh shell, and framework used by the + protocol-specific daemons. + +Package: quagga-doc +Section: doc +Architecture: all +Depends: + ${misc:Depends}, + ${shlibs:Depends} +Suggests: + quagga +Description: network routing daemons (documentation) + GNU Quagga is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, and RIPng as + well as the IPv6 versions of these. + . + This package contains the extended documentation. + +Package: quagga-bgpd +Architecture: any +Depends: + quagga-core (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Replaces: + quagga (<< 1.1.0-1) +Breaks: + quagga (<< 1.1.0-1) +Description: BGP4/BGP4+ routing daemon + GNU Quagga is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, and RIPng as + well as the IPv6 versions of these. + . + This package contains the BGP4/BGP4+ routing daemon. + +Package: quagga-isisd +Architecture: any +Depends: + quagga-core (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Replaces: + quagga (<< 1.1.0-1) +Breaks: + quagga (<< 1.1.0-1) +Description: IS-IS routing daemon + GNU Quagga is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, and RIPng as + well as the IPv6 versions of these. + . + This package contains the IS-IS routing daemon. + +Package: quagga-ospf6d +Architecture: any +Depends: + quagga-core (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Replaces: + quagga (<< 1.1.0-1) +Breaks: + quagga (<< 1.1.0-1) +Description: OSPF6 routing daemon + GNU Quagga is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, and RIPng as + well as the IPv6 versions of these. + . + This package contains the OSPF6 routing daemon. + +Package: quagga-ospfd +Architecture: any +Depends: + quagga-core (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Replaces: + quagga (<< 1.1.0-1) +Breaks: + quagga (<< 1.1.0-1) +Description: OSPF routing daemon + GNU Quagga is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, and RIPng as + well as the IPv6 versions of these. + . + This package contains the OSPF routing daemon. + +Package: quagga-pimd +Architecture: any +Depends: + quagga-core (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Replaces: + quagga (<< 1.1.0-1) +Breaks: + quagga (<< 1.1.0-1) +Conflicts: + pimd +Description: PIM routing daemon + GNU Quagga is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, and RIPng as + well as the IPv6 versions of these. + . + This package contains the PIM routing daemon. + +Package: quagga-ripd +Architecture: any +Depends: + quagga-core (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Replaces: + quagga (<< 1.1.0-1) +Breaks: + quagga (<< 1.1.0-1) +Description: RIPv1 routing daemon + GNU Quagga is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, and RIPng as + well as the IPv6 versions of these. + . + This package contains the RIPv1/RIPv2 routing daemon. + +Package: quagga-ripngd +Architecture: any +Depends: + quagga-core (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Replaces: + quagga (<< 1.1.0-1) +Breaks: + quagga (<< 1.1.0-1) +Description: RIPng routing daemon + GNU Quagga is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, and RIPng as + well as the IPv6 versions of these. + . + This package contains the RIPng routing daemon. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..89d8834 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,214 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Quagga +Upstream-Contact: maintainers@quagga.net, security@quagga.net +Source: http://www.quagga.net/ + +Files: * +Copyright: 1996-2003 by the original Zebra authors: + Kunihiro Ishiguro + Toshiaki Takada + Yasuhiro Ohara + 2003- by the Quagga Project: + 2002-2006 paul + 2003-2005 gdt + 2003-2005 hasso + 2003-2005 jardin + 2004-2005 ajs + 2005-2006 vincent + 2006-2008, 2011 Andrew J. Schorr + 2006-2007 Greg Troxel + 2006-2009 Paul Jakma + 2007 David Young + 2007-2008 Denis Ovsienko + 2007 Hasso Tepper + 2007 Vincent Jardin + 2007 vize + 2008 Bartek Kania + 2008 Daniel Ng + 2008 Jingjing Duan + 2008-2010, 2012-2015 Joakim Tjernlund + 2008-2011 Michael Lambert + 2008 Paul P Komkoff Jr + 2008 Roy + 2008-2009 Stephen Hemminger + 2008-2009, 2013-2016 Timo Teräs + 2009 Andrew J. Schorr + 2009, 2011 Chris Caputo + 2009-2012 David Ward + 2009-2012 Denis Ovsienko + 2009 Denis Ovsienko + 2009-2010 Dmitry Tejblum + 2009 Francesco Dolcini + 2009 Jeremy Jackson + 2009 Jingjing Duan + 2009 Jon + 2009 Krisztian Kovacs + 2009 Mathieu Goessens + 2009, 2011-2012 Nick Hilliard + 2009 Ondrej Zajicek + 2009-2012, 2014-2015 Paul Jakma + 2009 Stephen Hemminger + 2009-2014 Stephen Hemminger + 2009, 2014 Steve Hill + 2009 Stig Thormodsrud + 2009 Takashi Sogabe + 2009 Thijs Kinkhorst + 2009, 2011-2012 Tom Goff + 2009 Tom Henderson + 2009 Tomasz Pala + 2009 Vasilis Tsiligiannis + 2009, 2011 heasley + 2010 Chris Hall + 2010 David BÉRARD + 2010-2015 David Lamparter + 2010-2011, 2013-2015 Greg Troxel + 2010 Ivan Moskalyov + 2010, 2014 Joakim Tjernlund + 2010 Mathias Krause + 2010 Nico Golde + 2010, 2015-2016 Paul Jakma + 2010-2013, 2016 Roman Hoog Antink + 2010 Vladimir L Ivanov + 2011 Alexandre Chappuis + 2011 Barry Friedman + 2011 CROSS + 2011 Chris Hall + 2011 Chris Luke + 2011 Christian Hammers + 2011-2012 Dmitrij Tejblum + 2011 Dmitry Popov + 2011 Dylan Hall + 2011-2012 Fritz Reichmann + 2011, 2014 Ingo Flaschberger + 2011 Jaroslav Fojtik + 2011 John Kemp + 2011 Jon Andersson + 2011-2012 Josh Bailey + 2011 Oleg A. Arkhangelsky + 2011 Peter Pentchev + 2011-2012 Peter Szilagyi + 2011 Robert Bays + 2011 Roderick Schertler + 2011 Sergey Y. Afonin + 2011 Thomas Ries + 2011-2012 Ulrich Weber + 2011-2012 Vyacheslav Trushkin + 2011 Wataru Tanitsu + 2011 YAMAMOTO Shigeru + 2012-2013 Andrew Certain + 2012 Ang Way Chuang + 2012 Avneesh Sachdev + 2012, 2015 Balaji.G + 2012 Brad Smith + 2012-2016 Christian Franke + 2012 Daniel Kozlowski + 2012-2016 David Lamparter + 2012-2013 Doug VanLeuven + 2012, 2015 Everton Marques + 2012 G.Balaji + 2012-2013 Hasso Tepper + 2012 JR Rivers + 2012, 2014 Joachim Nilsson + 2012-2014 Jorge Boncompte [DTI2] + 2012 Juliusz Chroboczek + 2012 Matthias Ferdinand + 2012 Matthieu Boutier + 2012 Nolan Leake + 2012 Phil Laverdiere + 2012 Renato Westphal + 2012 Serj Kalichev + 2012 Subbaiah Venkata + 2012-2014 Vincent Bernat + 2013, 2016 Ayan Banerjee + 2013, 2016 Dinesh Dutt + 2013-2016 Dinesh G Dutt + 2013 Leonard Tracy + 2013 Leonid Rosenboim + 2013 Leonid Rosenboim + 2013 Matti-Oskari Leppänen + 2013 Rakesh Garimella + 2013 Ulrich Weber + 2013 Vishal Kumar + 2013 高鹏 + 2014-2016 Balaji + 2014, 2016 Boian Bonev + 2014 Brett Ciphery + 2014 John Glotzer + 2014 Ken Williams + 2014-2015 Lu Feng + 2014 Michal Sekletar + 2014-2015 Milan Kocian + 2014 Olivier Cochard-Labbé + 2014-2016 Paul Jakma + 2014, 2016 Pradosh Mohapatra + 2014 Remi Gacogne + 2014 Stephen Hemminger + 2014 Sébastien Luttringer + 2014 Vincent JARDIN + 2014, 2016 Vipin Kumar + 2014 Vitaliy Senchyshyn + 2014 Yasuhiro Ohara + 2015 Alexis Fasquel + 2015 Amritha Nambiar + 2015 Brian Bennett + 2015-2016 Christian Franke + 2015 Daniel Walton + 2015-2016 Daniel Walton + 2015-2016 Denil Vira + 2015-2016 Donald Sharp + 2015 Feng Lu + 2015 Fernando Soto + 2015 Hiroshi Yokoi + 2015-2016 Jafar Al-Gharaibeh + 2015 Kaloyan Kovachev + 2015 Klemen Sladic + 2015 Leonard Herve + 2015 Leonard Herve + 2015-2016 Lou Berger + 2015-2016 Martin Winter + 2015 Michael Rossberg + 2015 Michael Zingg + 2015 Morgan Stewart + 2015 Nicolas Dichtel + 2015-2016 Olivier Dugeon + 2015-2016 Paul Jakma + 2015 Savannah SR#108542 + 2015 User + 2015 Vystoropskyi, Sergii + 2015 Wenjian Ma + 2015-2016 vivek + 2016 Andrej Ota + 2016 Avneesh Sachdev + 2016 Colin Petrie + 2016 Evgeny Uskov + 2016 Gautam Kumar + 2016 Igor Ryzhov + 2016 James Li + 2016 Jonathan Hart + 2016 Matthieu Boutier + 2016 Pawel Wieczorkiewicz + 2016 Philippe Guibert + 2016 Piotr Chytła + 2016 Stas Nichiporovich + 2016 Udaya Shankara KS + 2016 Vivek Venkatraman + 2016 boris yakubov + 2016 kitty +License: GPL-2+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. diff --git a/debian/etc/pam.d/quagga b/debian/etc/pam.d/quagga new file mode 100644 index 0000000..093e172 --- /dev/null +++ b/debian/etc/pam.d/quagga @@ -0,0 +1,3 @@ +# Any user may call vtysh but only those belonging to the group quaggavty can +# actually connect to the socket and use the program. +auth sufficient pam_permit.so diff --git a/debian/patches/0001-82_vtysh__vtysh_user.c__pam.patch b/debian/patches/0001-82_vtysh__vtysh_user.c__pam.patch new file mode 100644 index 0000000..057cb0d --- /dev/null +++ b/debian/patches/0001-82_vtysh__vtysh_user.c__pam.patch @@ -0,0 +1,21 @@ +From: Debian QA Group +Date: Sat, 12 Nov 2016 01:16:08 +1100 +Subject: 82_vtysh__vtysh_user.c__pam + +--- + vtysh/vtysh_user.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/vtysh/vtysh_user.c b/vtysh/vtysh_user.c +index 584b61f..ad0c79d 100644 +--- a/vtysh/vtysh_user.c ++++ b/vtysh/vtysh_user.c +@@ -59,6 +59,8 @@ vtysh_pam (const char *user) + /* Is user really user? */ + if (ret == PAM_SUCCESS) + ret = pam_authenticate (pamh, 0); ++ if (ret != PAM_SUCCESS) ++ printf("Not authenticated. Check /etc/pam.d/quagga.\n"); + /* printf ("ret %d\n", ret); */ + + #if 0 diff --git a/debian/patches/0002-80_vtysh__vtysh.c__privs.patch b/debian/patches/0002-80_vtysh__vtysh.c__privs.patch new file mode 100644 index 0000000..f53bfd1 --- /dev/null +++ b/debian/patches/0002-80_vtysh__vtysh.c__privs.patch @@ -0,0 +1,53 @@ +From: Debian QA Group +Date: Sat, 12 Nov 2016 01:16:08 +1100 +Subject: 80_vtysh__vtysh.c__privs + +--- + vtysh/vtysh.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c +index 9a8aedd..d182363 100644 +--- a/vtysh/vtysh.c ++++ b/vtysh/vtysh.c +@@ -26,6 +26,8 @@ + #include + #include + #include ++#include ++#include + + #include + #include +@@ -2101,6 +2103,9 @@ write_config_integrated(void) + FILE *fp; + char *integrate_sav = NULL; + ++ /* Setting file permissions */ ++ struct group *quagga_vty_group; ++ + integrate_sav = malloc (strlen (integrate_default) + + strlen (CONF_BACKUP_EXT) + 1); + strcpy (integrate_sav, integrate_default); +@@ -2128,6 +2133,21 @@ write_config_integrated(void) + vtysh_config_dump (fp); + + fclose (fp); ++ ++ errno = 0; ++ if ((quagga_vty_group = getgrnam(VTY_GROUP)) == NULL) ++ { ++ fprintf (stdout, "%% Can't get group %s: %s (%d)\n", ++ VTY_GROUP, strerror(errno), errno); ++ return CMD_WARNING; ++ } ++ ++ if ((chown(integrate_default, -1, quagga_vty_group->gr_gid)) != 0) ++ { ++ fprintf (stdout,"%% Can't chown configuration file %s: %s (%d)\n", ++ integrate_default, strerror(errno), errno); ++ return CMD_WARNING; ++ } + + if (chmod (integrate_default, CONFIGFILE_MASK) != 0) + { diff --git a/debian/patches/0003-Tweak-grammar-in-zebra-manpage-to-keep-lintian-happy.patch b/debian/patches/0003-Tweak-grammar-in-zebra-manpage-to-keep-lintian-happy.patch new file mode 100644 index 0000000..db0f0bb --- /dev/null +++ b/debian/patches/0003-Tweak-grammar-in-zebra-manpage-to-keep-lintian-happy.patch @@ -0,0 +1,21 @@ +From: Scott Leggett +Date: Sat, 12 Nov 2016 01:26:10 +1100 +Subject: Tweak grammar in zebra manpage to keep lintian happy. + +--- + doc/zebra.8 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/zebra.8 b/doc/zebra.8 +index 6f70389..da5881c 100644 +--- a/doc/zebra.8 ++++ b/doc/zebra.8 +@@ -80,7 +80,7 @@ handle flood of netlink messages from kernel. If you ever see "recvmsg overrun" + messages in zebra log, you are in trouble. + + Solution is to increase receive buffer of netlink socket. Note that kernel +-< 2.6.14 doesn't allow to increase it over maximum value defined in ++< 2.6.14 doesn't allow increasing it over the maximum value defined in + \fI/proc/sys/net/core/rmem_max\fR. If you want to do it, you have to increase + maximum before starting zebra. + diff --git a/debian/patches/0004-Fix-spelling-errors-in-strings-flagged-by-lintian.patch b/debian/patches/0004-Fix-spelling-errors-in-strings-flagged-by-lintian.patch new file mode 100644 index 0000000..068482c --- /dev/null +++ b/debian/patches/0004-Fix-spelling-errors-in-strings-flagged-by-lintian.patch @@ -0,0 +1,426 @@ +From: Scott Leggett +Date: Sat, 12 Nov 2016 01:58:52 +1100 +Subject: Fix spelling errors in strings flagged by lintian. + +--- + bgpd/bgp_attr.c | 2 +- + bgpd/bgp_damp.c | 2 +- + bgpd/bgp_fsm.c | 2 +- + bgpd/bgp_packet.c | 2 +- + bgpd/bgp_vty.c | 2 +- + isisd/isis_spf.c | 2 +- + lib/command.c | 2 +- + lib/command.h | 2 +- + lib/memory.c | 2 +- + lib/regex.c | 2 +- + lib/sockunion.c | 2 +- + lib/vty.c | 2 +- + lib/vty.h | 2 +- + ospf6d/ospf6_area.c | 6 +++--- + ospfd/ospf_te.h | 2 +- + ripd/ripd.c | 4 ++-- + tests/aspath_test.c | 2 +- + vtysh/vtysh_config.c | 2 +- + zebra/interface.c | 22 +++++++++++----------- + zebra/irdp_packet.c | 4 ++-- + zebra/kernel_socket.c | 2 +- + 21 files changed, 35 insertions(+), 35 deletions(-) + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index a79a03c..7ba8148 100644 +--- a/bgpd/bgp_attr.c ++++ b/bgpd/bgp_attr.c +@@ -2320,7 +2320,7 @@ bgp_attr_parse (struct peer *peer, struct attr *attr, bgp_size_t size, + ret = BGP_ATTR_PARSE_ERROR; + } + +- /* If hard error occured immediately return to the caller. */ ++ /* If hard error occurred immediately return to the caller. */ + if (ret == BGP_ATTR_PARSE_ERROR) + { + zlog (peer->log, LOG_WARNING, +diff --git a/bgpd/bgp_damp.c b/bgpd/bgp_damp.c +index ac64723..aa514ce 100644 +--- a/bgpd/bgp_damp.c ++++ b/bgpd/bgp_damp.c +@@ -663,7 +663,7 @@ bgp_show_dampening_parameters (struct vty *vty, afi_t afi, safi_t safi) + damp->suppress_value, VTY_NEWLINE); + vty_out (vty, "Max suppress time: %ld min%s", + damp->max_suppress_time / 60, VTY_NEWLINE); +- vty_out (vty, "Max supress penalty: %u%s", ++ vty_out (vty, "Max suppress penalty: %u%s", + damp->ceiling, VTY_NEWLINE); + vty_out (vty, "%s", VTY_NEWLINE); + } +diff --git a/bgpd/bgp_fsm.c b/bgpd/bgp_fsm.c +index 4198a8e..1ddd4ce 100644 +--- a/bgpd/bgp_fsm.c ++++ b/bgpd/bgp_fsm.c +@@ -391,7 +391,7 @@ bgp_graceful_stale_timer_expire (struct thread *thread) + return 0; + } + +-/* Called after event occured, this function change status and reset ++/* Called after event occurred, this function change status and reset + read/write and timer thread. */ + void + bgp_fsm_change_status (struct peer *peer, int status) +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index b497e45..b3d601f 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -2476,7 +2476,7 @@ bgp_read_packet (struct peer *peer) + /* Read packet from fd. */ + nbytes = stream_read_try (peer->ibuf, peer->fd, readsize); + +- /* If read byte is smaller than zero then error occured. */ ++ /* If read byte is smaller than zero then error occurred. */ + if (nbytes < 0) + { + /* Transient error should retry */ +diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c +index 0040d62..abd01ce 100644 +--- a/bgpd/bgp_vty.c ++++ b/bgpd/bgp_vty.c +@@ -4340,7 +4340,7 @@ ALIAS (neighbor_allowas_in, + NEIGHBOR_STR + NEIGHBOR_ADDR_STR2 + "Accept as-path with my AS present in it\n" +- "Number of occurances of AS number\n") ++ "Number of occurrences of AS number\n") + + DEFUN (no_neighbor_allowas_in, + no_neighbor_allowas_in_cmd, +diff --git a/isisd/isis_spf.c b/isisd/isis_spf.c +index 6b2456f..82d743b 100644 +--- a/isisd/isis_spf.c ++++ b/isisd/isis_spf.c +@@ -1033,7 +1033,7 @@ isis_spf_preload_tent (struct isis_spftree *spftree, int level, + break; + case ISIS_SYSTYPE_UNKNOWN: + default: +- zlog_warn ("isis_spf_preload_tent unknow adj type"); ++ zlog_warn ("isis_spf_preload_tent unknown adj type"); + } + } + list_delete (adj_list); +diff --git a/lib/command.c b/lib/command.c +index 662f8a3..bcd507b 100644 +--- a/lib/command.c ++++ b/lib/command.c +@@ -1700,7 +1700,7 @@ cmd_element_match(struct cmd_element *cmd_element, + * That vector will contain all struct command_token* of the + * cmd_element which matched against the given vline at the given + * index. +- * @return A code specifying if an error occured. If all went right, it's ++ * @return A code specifying if an error occurred. If all went right, it's + * CMD_SUCCESS. + */ + static int +diff --git a/lib/command.h b/lib/command.h +index cc5dd08..60079b3 100644 +--- a/lib/command.h ++++ b/lib/command.h +@@ -502,7 +502,7 @@ struct cmd_token + #define IN_STR "Filter incoming routing updates\n" + #define V4NOTATION_STR "specify by IPv4 address notation(e.g. 0.0.0.0)\n" + #define OSPF6_NUMBER_STR "Specify by number\n" +-#define INTERFACE_STR "Interface infomation\n" ++#define INTERFACE_STR "Interface information\n" + #define IFNAME_STR "Interface name(e.g. ep0)\n" + #define IP6_STR "IPv6 Information\n" + #define OSPF6_STR "Open Shortest Path First (OSPF) for IPv6\n" +diff --git a/lib/memory.c b/lib/memory.c +index b8305dd..54a8ce4 100644 +--- a/lib/memory.c ++++ b/lib/memory.c +@@ -43,7 +43,7 @@ static const struct message mstr [] = + { 0, NULL }, + }; + +-/* Fatal memory allocation error occured. */ ++/* Fatal memory allocation error occurred. */ + static void __attribute__ ((noreturn)) + zerror (const char *fname, int type, size_t size) + { +diff --git a/lib/regex.c b/lib/regex.c +index 122f447..cedf499 100644 +--- a/lib/regex.c ++++ b/lib/regex.c +@@ -5726,7 +5726,7 @@ regcomp (preg, pattern, cflags) + buffer. */ + if (re_compile_fastmap (preg) == -2) + { +- /* Some error occured while computing the fastmap, just forget ++ /* Some error occurred while computing the fastmap, just forget + about it. */ + free (preg->fastmap); + preg->fastmap = NULL; +diff --git a/lib/sockunion.c b/lib/sockunion.c +index 8e0ec24..9642c1c 100644 +--- a/lib/sockunion.c ++++ b/lib/sockunion.c +@@ -286,7 +286,7 @@ sockunion_log (const union sockunion *su, char *buf, size_t len) + } + + /* sockunion_connect returns +- -1 : error occured ++ -1 : error occurred + 0 : connect success + 1 : connect is in progress */ + enum connect_result +diff --git a/lib/vty.c b/lib/vty.c +index 7ca8354..d28fd27 100644 +--- a/lib/vty.c ++++ b/lib/vty.c +@@ -2432,7 +2432,7 @@ vty_read_file (FILE *confp) + fprintf (stderr, "*** Error reading config: There is no such command.\n"); + break; + } +- fprintf (stderr, "*** Error occured processing line %u, below:\n%s\n", ++ fprintf (stderr, "*** Error occurred processing line %u, below:\n%s\n", + line_num, vty->buf); + vty_close (vty); + exit (1); +diff --git a/lib/vty.h b/lib/vty.h +index 1e3b124..b292db1 100644 +--- a/lib/vty.h ++++ b/lib/vty.h +@@ -168,7 +168,7 @@ do { \ + * The logic below ((TMPL) <= ((MIN) && (TMPL) != (MIN)) is + * done to circumvent the compiler complaining about + * comparing unsigned numbers against zero, if MIN is zero. +- * NB: The compiler isn't smart enough to supress the warning ++ * NB: The compiler isn't smart enough to suprress the warning + * if you write (MIN) != 0 && tmpl < (MIN). + */ + #define VTY_GET_INTEGER_RANGE_HEART(NAME,TMPL,STR,MIN,MAX) \ +diff --git a/ospf6d/ospf6_area.c b/ospf6d/ospf6_area.c +index 1861fe7..6d82e72 100644 +--- a/ospf6d/ospf6_area.c ++++ b/ospf6d/ospf6_area.c +@@ -657,7 +657,7 @@ DEFUN (show_ipv6_ospf6_spf_tree, + SHOW_STR + IP6_STR + OSPF6_STR +- "Shortest Path First caculation\n" ++ "Shortest Path First calculation\n" + "Show SPF tree\n") + { + struct listnode *node; +@@ -694,7 +694,7 @@ DEFUN (show_ipv6_ospf6_area_spf_tree, + OSPF6_STR + OSPF6_AREA_STR + OSPF6_AREA_ID_STR +- "Shortest Path First caculation\n" ++ "Shortest Path First calculation\n" + "Show SPF tree\n") + { + u_int32_t area_id; +@@ -738,7 +738,7 @@ DEFUN (show_ipv6_ospf6_simulate_spf_tree_root, + SHOW_STR + IP6_STR + OSPF6_STR +- "Shortest Path First caculation\n" ++ "Shortest Path First calculation\n" + "Show SPF tree\n" + "Specify root's router-id to calculate another router's SPF tree\n") + { +diff --git a/ospfd/ospf_te.h b/ospfd/ospf_te.h +index 8bb77c4..d80629c 100644 +--- a/ospfd/ospf_te.h ++++ b/ospfd/ospf_te.h +@@ -386,7 +386,7 @@ struct te_link_subtlv + /* Following structure are internal use only. */ + struct ospf_mpls_te + { +- /* Status of MPLS-TE: enable or disbale */ ++ /* Status of MPLS-TE: enable or disable */ + status_t status; + + /* RFC5392 */ +diff --git a/ripd/ripd.c b/ripd/ripd.c +index c073eca..3866624 100644 +--- a/ripd/ripd.c ++++ b/ripd/ripd.c +@@ -2538,14 +2538,14 @@ rip_update_process (int route_type) + ifp = if_lookup_address (p->prefix); + if (! ifp) + { +- zlog_warn ("Neighbor %s doesnt have connected interface!", ++ zlog_warn ("Neighbor %s doesn't have connected interface!", + inet_ntoa (p->prefix)); + continue; + } + + if ( (connected = connected_lookup_address (ifp, p->prefix)) == NULL) + { +- zlog_warn ("Neighbor %s doesnt have connected network", ++ zlog_warn ("Neighbor %s doesn't have connected network", + inet_ntoa (p->prefix)); + continue; + } +diff --git a/tests/aspath_test.c b/tests/aspath_test.c +index 5a0899e..d970211 100644 +--- a/tests/aspath_test.c ++++ b/tests/aspath_test.c +@@ -1037,7 +1037,7 @@ validate (struct aspath *as, const struct test_spec *sp) + fails++; + printf ("firstas: %d, got %d\n", sp->first, + aspath_firstas_check (as,sp->first)); +- printf ("loop does: %d %d, doesnt: %d %d\n", ++ printf ("loop does: %d %d, doesn't: %d %d\n", + sp->does_loop, aspath_loop_check (as, sp->does_loop), + sp->doesnt_loop, aspath_loop_check (as, sp->doesnt_loop)); + printf ("private check: %d %d\n", sp->private_as, +diff --git a/vtysh/vtysh_config.c b/vtysh/vtysh_config.c +index 2834ef4..143aa77 100644 +--- a/vtysh/vtysh_config.c ++++ b/vtysh/vtysh_config.c +@@ -400,7 +400,7 @@ vtysh_read_file (FILE *confp) + fprintf (stderr, "There is no such command.\n"); + break; + } +- fprintf (stderr, "Error occured during reading below line.\n%s\n", ++ fprintf (stderr, "Error occurred during reading below line.\n%s\n", + vty->buf); + exit (1); + } +diff --git a/zebra/interface.c b/zebra/interface.c +index f8b946f..ebb03ae 100644 +--- a/zebra/interface.c ++++ b/zebra/interface.c +@@ -1143,7 +1143,7 @@ DEFUN (show_interface_name, show_interface_name_cmd, + "show interface IFNAME", + SHOW_STR + "Interface status and configuration\n" +- "Inteface name\n") ++ "Interface name\n") + { + struct interface *ifp; + vrf_id_t vrf_id = VRF_DEFAULT; +@@ -1178,7 +1178,7 @@ ALIAS (show_interface_name, + "show interface IFNAME " VRF_CMD_STR, + SHOW_STR + "Interface status and configuration\n" +- "Inteface name\n" ++ "Interface name\n" + VRF_CMD_HELP_STR) + + /* Show specified interface to vty. */ +@@ -1186,7 +1186,7 @@ DEFUN (show_interface_name_vrf_all, show_interface_name_vrf_all_cmd, + "show interface IFNAME " VRF_ALL_CMD_STR, + SHOW_STR + "Interface status and configuration\n" +- "Inteface name\n" ++ "Interface name\n" + VRF_ALL_CMD_HELP_STR) + { + struct interface *ifp; +@@ -1706,7 +1706,7 @@ DEFUN (no_link_params_metric, + no_link_params_metric_cmd, + "no metric", + NO_STR +- "Disbale Link Metric on this interface\n") ++ "Disable Link Metric on this interface\n") + { + struct interface *ifp = (struct interface *) vty->index; + +@@ -1861,7 +1861,7 @@ DEFUN (no_link_params_admin_grp, + no_link_params_admin_grp_cmd, + "no admin-grp", + NO_STR +- "Disbale Administrative group membership on this interface\n") ++ "Disable Administrative group membership on this interface\n") + { + struct interface *ifp = (struct interface *) vty->index; + +@@ -2031,7 +2031,7 @@ DEFUN (no_link_params_delay, + no_link_params_delay_cmd, + "no delay", + NO_STR +- "Disbale Unidirectional Average, Min & Max Link Delay on this interface\n") ++ "Disable Unidirectional Average, Min & Max Link Delay on this interface\n") + { + struct interface *ifp = (struct interface *) vty->index; + struct if_link_params *iflp = if_link_params_get (ifp); +@@ -2072,7 +2072,7 @@ DEFUN (no_link_params_delay_var, + no_link_params_delay_var_cmd, + "no delay-variation", + NO_STR +- "Disbale Unidirectional Delay Variation on this interface\n") ++ "Disable Unidirectional Delay Variation on this interface\n") + { + struct interface *ifp = (struct interface *) vty->index; + +@@ -2112,7 +2112,7 @@ DEFUN (no_link_params_pkt_loss, + no_link_params_pkt_loss_cmd, + "no packet-loss", + NO_STR +- "Disbale Unidirectional Link Packet Loss on this interface\n") ++ "Disable Unidirectional Link Packet Loss on this interface\n") + { + struct interface *ifp = (struct interface *) vty->index; + +@@ -2158,7 +2158,7 @@ DEFUN (no_link_params_res_bw, + no_link_params_res_bw_cmd, + "no res-bw", + NO_STR +- "Disbale Unidirectional Residual Bandwidth on this interface\n") ++ "Disable Unidirectional Residual Bandwidth on this interface\n") + { + struct interface *ifp = (struct interface *) vty->index; + +@@ -2204,7 +2204,7 @@ DEFUN (no_link_params_ava_bw, + no_link_params_ava_bw_cmd, + "no ava-bw", + NO_STR +- "Disbale Unidirectional Available Bandwidth on this interface\n") ++ "Disable Unidirectional Available Bandwidth on this interface\n") + { + struct interface *ifp = (struct interface *) vty->index; + +@@ -2250,7 +2250,7 @@ DEFUN (no_link_params_use_bw, + no_link_params_use_bw_cmd, + "no use-bw", + NO_STR +- "Disbale Unidirectional Utilised Bandwidth on this interface\n") ++ "Disable Unidirectional Utilised Bandwidth on this interface\n") + { + struct interface *ifp = (struct interface *) vty->index; + +diff --git a/zebra/irdp_packet.c b/zebra/irdp_packet.c +index 0d31050..afe035b 100644 +--- a/zebra/irdp_packet.c ++++ b/zebra/irdp_packet.c +@@ -102,7 +102,7 @@ parse_irdp_packet(char *p, + + if (len != iplen) + { +- zlog_err ("IRDP: RX length doesnt match IP length"); ++ zlog_err ("IRDP: RX length doesn't match IP length"); + return; + } + +@@ -113,7 +113,7 @@ parse_irdp_packet(char *p, + return; + } + +- /* XXX: RAW doesnt receive link-layer, surely? ??? */ ++ /* XXX: RAW doesn't receive link-layer, surely? ??? */ + /* Check so we don't checksum packets longer than oure RX_BUF - (ethlen + + len of IP-header) 14+20 */ + if (iplen > IRDP_RX_BUF-34) +diff --git a/zebra/kernel_socket.c b/zebra/kernel_socket.c +index 64c6cbb..9cd6332 100644 +--- a/zebra/kernel_socket.c ++++ b/zebra/kernel_socket.c +@@ -476,7 +476,7 @@ ifm_read (struct if_msghdr *ifm) + if (ifnlen && (strncmp (ifp->name, ifname, IFNAMSIZ) != 0) ) + { + if (IS_ZEBRA_DEBUG_KERNEL) +- zlog_debug ("%s: ifp name %s doesnt match sdl name %s", ++ zlog_debug ("%s: ifp name %s doesn't match sdl name %s", + __func__, ifp->name, ifname); + ifp = NULL; + } diff --git a/debian/patches/0005-Fix-manpage-number-for-ospfclient.patch b/debian/patches/0005-Fix-manpage-number-for-ospfclient.patch new file mode 100644 index 0000000..578f85e --- /dev/null +++ b/debian/patches/0005-Fix-manpage-number-for-ospfclient.patch @@ -0,0 +1,19 @@ +From: Scott Leggett +Date: Sat, 12 Nov 2016 03:27:41 +1100 +Subject: Fix manpage number for ospfclient. + +--- + doc/ospfclient.8 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/ospfclient.8 b/doc/ospfclient.8 +index ccfad1a..4ca14b8 100644 +--- a/doc/ospfclient.8 ++++ b/doc/ospfclient.8 +@@ -1,5 +1,5 @@ + .\" This file was originally generated by help2man 1.36. +-.TH OSPFCLIENT "1" "July 2010" ++.TH OSPFCLIENT "8" "July 2010" + .SH NAME + ospfclient \- an example ospf-api client + .SH SYNOPSIS diff --git a/debian/patches/0006-Patch-.service-files-for-Debian.patch b/debian/patches/0006-Patch-.service-files-for-Debian.patch new file mode 100644 index 0000000..6bbdde3 --- /dev/null +++ b/debian/patches/0006-Patch-.service-files-for-Debian.patch @@ -0,0 +1,210 @@ +From: Scott Leggett +Date: Sun, 5 Nov 2017 15:11:51 +1100 +Subject: Patch .service files for Debian. + +--- + redhat/bgpd.service | 6 ++++-- + redhat/isisd.service | 6 ++++-- + redhat/nhrpd.service | 6 ++++-- + redhat/ospf6d.service | 6 ++++-- + redhat/ospfd.service | 6 ++++-- + redhat/pimd.service | 14 +++++++++----- + redhat/ripd.service | 6 ++++-- + redhat/ripngd.service | 6 ++++-- + redhat/zebra.service | 10 ++++++++-- + 9 files changed, 45 insertions(+), 21 deletions(-) + +diff --git a/redhat/bgpd.service b/redhat/bgpd.service +index ef24841..f1ddfd9 100644 +--- a/redhat/bgpd.service ++++ b/redhat/bgpd.service +@@ -5,11 +5,13 @@ Wants=network.target + After=zebra.service network-pre.target + Before=network.target + ConditionPathExists=/etc/quagga/bgpd.conf ++Documentation=man:bgpd + + [Service] + Type=forking +-EnvironmentFile=/etc/sysconfig/quagga +-ExecStart=/usr/sbin/bgpd -d $BGPD_OPTS -f /etc/quagga/bgpd.conf ++ExecStartPre=-/bin/chmod -f 640 /etc/quagga/bgpd.conf ++ExecStartPre=-/bin/chown -f quagga:quagga /etc/quagga/bgpd.conf ++ExecStart=/usr/sbin/bgpd -d -A 127.0.0.1 -f /etc/quagga/bgpd.conf + Restart=on-abort + + [Install] +diff --git a/redhat/isisd.service b/redhat/isisd.service +index edb6eea..a16b2f8 100644 +--- a/redhat/isisd.service ++++ b/redhat/isisd.service +@@ -5,11 +5,13 @@ Wants=network.target + After=zebra.service network-pre.target + Before=network.target + ConditionPathExists=/etc/quagga/isisd.conf ++Documentation=man:isisd + + [Service] + Type=forking +-EnvironmentFile=/etc/sysconfig/quagga +-ExecStart=/usr/sbin/isisd -d $ISISD_OPTS -f /etc/quagga/isisd.conf ++ExecStartPre=-/bin/chmod -f 640 /etc/quagga/isisd.conf ++ExecStartPre=-/bin/chown -f quagga:quagga /etc/quagga/isisd.conf ++ExecStart=/usr/sbin/isisd -d -A 127.0.0.1 -f /etc/quagga/isisd.conf + Restart=on-abort + + [Install] +diff --git a/redhat/nhrpd.service b/redhat/nhrpd.service +index 63f138c..15680e8 100644 +--- a/redhat/nhrpd.service ++++ b/redhat/nhrpd.service +@@ -5,11 +5,13 @@ Wants=network.target + After=zebra.service network-pre.target + Before=network.target + ConditionPathExists=/etc/quagga/nhrpd.conf ++Documentation=man:nhrpd + + [Service] + Type=forking +-EnvironmentFile=/etc/sysconfig/quagga +-ExecStart=/usr/sbin/nhrpd -d $NHRPD_OPTS -f /etc/quagga/nhrpdd.conf ++ExecStartPre=-/bin/chmod -f 640 /etc/quagga/nhrpd.conf ++ExecStartPre=-/bin/chown -f quagga:quagga /etc/quagga/nhrpd.conf ++ExecStart=/usr/sbin/nhrpd -d -A 127.0.0.1 -f /etc/quagga/nhrpd.conf + Restart=on-abort + + [Install] +diff --git a/redhat/ospf6d.service b/redhat/ospf6d.service +index b53b970..c883e5c 100644 +--- a/redhat/ospf6d.service ++++ b/redhat/ospf6d.service +@@ -5,11 +5,13 @@ Wants=network.target + After=zebra.service network-pre.target + Before=network.target + ConditionPathExists=/etc/quagga/ospf6d.conf ++Documentation=man:ospf6d + + [Service] + Type=forking +-EnvironmentFile=/etc/sysconfig/quagga +-ExecStart=/usr/sbin/ospf6d -d $OSPF6D_OPTS -f /etc/quagga/ospf6d.conf ++ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ospf6d.conf ++ExecStartPre=-/bin/chown -f quagga:quagga /etc/quagga/ospf6d.conf ++ExecStart=/usr/sbin/ospf6d -d -A ::1 -f /etc/quagga/ospf6d.conf + Restart=on-abort + + [Install] +diff --git a/redhat/ospfd.service b/redhat/ospfd.service +index 5d6c5bb..57b3bee 100644 +--- a/redhat/ospfd.service ++++ b/redhat/ospfd.service +@@ -5,11 +5,13 @@ Wants=network.target + After=zebra.service network-pre.target + Before=network.target + ConditionPathExists=/etc/quagga/ospfd.conf ++Documentation=man:ospfd + + [Service] + Type=forking +-EnvironmentFile=/etc/sysconfig/quagga +-ExecStart=/usr/sbin/ospfd -d $OSPFD_OPTS -f /etc/quagga/ospfd.conf ++ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ospfd.conf ++ExecStartPre=-/bin/chown -f quagga:quagga /etc/quagga/ospfd.conf ++ExecStart=/usr/sbin/ospfd -d -A 127.0.0.1 -f /etc/quagga/ospfd.conf + Restart=on-abort + + [Install] +diff --git a/redhat/pimd.service b/redhat/pimd.service +index d62fe64..b2d33f3 100644 +--- a/redhat/pimd.service ++++ b/redhat/pimd.service +@@ -1,14 +1,18 @@ + [Unit] + Description=PIM multicast routing engine +-BindTo=zebra.service +-After=syslog.target network.target zebra.service ++BindsTo=zebra.service ++Wants=network.target ++After=zebra.service network-pre.target ++Before=network.target + ConditionPathExists=/etc/quagga/pimd.conf ++Documentation=man:pimd + + [Service] + Type=forking +-EnvironmentFile=/etc/sysconfig/quagga +-ExecStart=/usr/sbin/pimd -d $PIMD_OPTS -f /etc/quagga/pimd.conf ++ExecStartPre=-/bin/chmod -f 640 /etc/quagga/pimd.conf ++ExecStartPre=-/bin/chown -f quagga:quagga /etc/quagga/pimd.conf ++ExecStart=/usr/sbin/pimd -d -A 127.0.0.1 -f /etc/quagga/pimd.conf + Restart=on-abort + + [Install] +-WantedBy=network.target ++WantedBy=multi-user.target +diff --git a/redhat/ripd.service b/redhat/ripd.service +index ed7f922..d6290e0 100644 +--- a/redhat/ripd.service ++++ b/redhat/ripd.service +@@ -5,11 +5,13 @@ Wants=network.target + After=zebra.service network-pre.target + Before=network.target + ConditionPathExists=/etc/quagga/ripd.conf ++Documentation=man:ripd + + [Service] + Type=forking +-EnvironmentFile=/etc/sysconfig/quagga +-ExecStart=/usr/sbin/ripd -d $RIPD_OPTS -f /etc/quagga/ripd.conf ++ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ripd.conf ++ExecStartPre=-/bin/chown -f quagga:quagga /etc/quagga/ripd.conf ++ExecStart=/usr/sbin/ripd -d -A 127.0.0.1 -f /etc/quagga/ripd.conf + Restart=on-abort + + [Install] +diff --git a/redhat/ripngd.service b/redhat/ripngd.service +index 2519b31..2e4ccb8 100644 +--- a/redhat/ripngd.service ++++ b/redhat/ripngd.service +@@ -5,11 +5,13 @@ Wants=network.target + After=zebra.service network-pre.target + Before=network.target + ConditionPathExists=/etc/quagga/ripngd.conf ++Documentation=man:ripngd + + [Service] + Type=forking +-EnvironmentFile=/etc/sysconfig/quagga +-ExecStart=/usr/sbin/ripngd -d $RIPNGD_OPTS -f /etc/quagga/ripngd.conf ++ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ripngd.conf ++ExecStartPre=-/bin/chown -f quagga:quagga /etc/quagga/ripngd.conf ++ExecStart=/usr/sbin/ripngd -d -A ::1 -f /etc/quagga/ripngd.conf + Restart=on-abort + + [Install] +diff --git a/redhat/zebra.service b/redhat/zebra.service +index f9107f1..39080a0 100644 +--- a/redhat/zebra.service ++++ b/redhat/zebra.service +@@ -4,13 +4,19 @@ Wants=network.target + Before=network.target + After=network-pre.target + ConditionPathExists=/etc/quagga/zebra.conf ++Documentation=man:zebra + + [Service] + Type=forking +-EnvironmentFile=-/etc/sysconfig/quagga + ExecStartPre=/sbin/ip route flush proto zebra +-ExecStart=/usr/sbin/zebra -d $ZEBRA_OPTS -f /etc/quagga/zebra.conf ++ExecStartPre=-/bin/chmod -f 640 /etc/quagga/vtysh.conf /etc/quagga/zebra.conf ++ExecStartPre=-/bin/chown -f quagga:quagga /etc/quagga/zebra.conf ++ExecStartPre=-/bin/chown -f quagga:quaggavty /etc/quagga/vtysh.conf ++ExecStart=/usr/sbin/zebra -d -A 127.0.0.1 -f /etc/quagga/zebra.conf + Restart=on-abort ++RuntimeDirectory=quagga ++RuntimeDirectoryMode=775 ++Group=quagga + + [Install] + WantedBy=multi-user.target diff --git a/debian/patches/0007-Add-correct-QUAGGA_VERSION-to-manpages.patch b/debian/patches/0007-Add-correct-QUAGGA_VERSION-to-manpages.patch new file mode 100644 index 0000000..82dd9e0 --- /dev/null +++ b/debian/patches/0007-Add-correct-QUAGGA_VERSION-to-manpages.patch @@ -0,0 +1,121 @@ +From: Scott Leggett +Date: Sun, 5 Nov 2017 15:13:27 +1100 +Subject: Add correct QUAGGA_VERSION to manpages. + +--- + doc/Makefile.am | 6 ++++++ + doc/bgpd.8 | 2 +- + doc/isisd.8 | 2 +- + doc/ospf6d.8 | 2 +- + doc/ospfd.8 | 2 +- + doc/pimd.8 | 2 +- + doc/ripd.8 | 2 +- + doc/ripngd.8 | 2 +- + doc/vtysh.1 | 2 +- + doc/zebra.8 | 2 +- + 10 files changed, 15 insertions(+), 9 deletions(-) + +diff --git a/doc/Makefile.am b/doc/Makefile.am +index 38920c8..2c08d5c 100644 +--- a/doc/Makefile.am ++++ b/doc/Makefile.am +@@ -123,3 +123,9 @@ DISTCLEANFILES = quagga.info* + # do nothing for DVI, so we don't have to generate or distribute EPS + # figures + dvi: # nothing ++ ++.PHONY: versioned_manpages ++versioned_manpages: $(man_MANS) ++ for man in $^; do \ ++ m4 -DQUAGGA_VERSION=$(QUAGGA_VERSION) $$man | sponge $$man; \ ++ done +diff --git a/doc/bgpd.8 b/doc/bgpd.8 +index e680ddb..d05edf6 100644 +--- a/doc/bgpd.8 ++++ b/doc/bgpd.8 +@@ -1,4 +1,4 @@ +-.TH BGPD 8 "25 November 2004" "Quagga BGPD daemon" "Version 0.97.3" ++.TH BGPD 8 "25 November 2004" "Quagga BGPD daemon" "Version QUAGGA_VERSION" + .SH NAME + bgpd \- a BGPv4, BGPv4\+, BGPv4\- routing engine for use with Quagga routing + software +diff --git a/doc/isisd.8 b/doc/isisd.8 +index 84e6cf5..c014762 100644 +--- a/doc/isisd.8 ++++ b/doc/isisd.8 +@@ -1,4 +1,4 @@ +-.TH IS-IS 8 "25 November 2004" "Quagga IS-IS daemon" "Version 0.97.3" ++.TH IS-IS 8 "25 November 2004" "Quagga IS-IS daemon" "Version QUAGGA_VERSION" + .SH NAME + isisd \- an IS-IS routing engine for use with Quagga routing software. + .SH SYNOPSIS +diff --git a/doc/ospf6d.8 b/doc/ospf6d.8 +index 0643226..9446db1 100644 +--- a/doc/ospf6d.8 ++++ b/doc/ospf6d.8 +@@ -1,4 +1,4 @@ +-.TH OSPF6D 8 "25 November 2004" "Quagga OSPFv3 daemon" "Version 0.97.3" ++.TH OSPF6D 8 "25 November 2004" "Quagga OSPFv3 daemon" "Version QUAGGA_VERSION" + .SH NAME + ospf6d \- an OSPFv3 routing engine for use with Quagga routing software. + .SH SYNOPSIS +diff --git a/doc/ospfd.8 b/doc/ospfd.8 +index 8c819cf..626eab2 100644 +--- a/doc/ospfd.8 ++++ b/doc/ospfd.8 +@@ -1,4 +1,4 @@ +-.TH OSPFD 8 "25 November 2004" "Quagga OSPFv2 daemon" "Version 0.97.3" ++.TH OSPFD 8 "25 November 2004" "Quagga OSPFv2 daemon" "Version QUAGGA_VERSION" + .SH NAME + ospfd \- an OSPFv2 routing engine for use with Quagga routing software. + .SH SYNOPSIS +diff --git a/doc/pimd.8 b/doc/pimd.8 +index 0dd170a..7c89914 100644 +--- a/doc/pimd.8 ++++ b/doc/pimd.8 +@@ -1,4 +1,4 @@ +-.TH PIM 8 "10 December 2008" "Quagga PIM daemon" "Version 0.99.11" ++.TH PIM 8 "10 December 2008" "Quagga PIM daemon" "Version QUAGGA_VERSION" + .SH NAME + pimd \- a PIM routing for use with Quagga Routing Suite. + .SH SYNOPSIS +diff --git a/doc/ripd.8 b/doc/ripd.8 +index 8fa9bf2..d506959 100644 +--- a/doc/ripd.8 ++++ b/doc/ripd.8 +@@ -1,4 +1,4 @@ +-.TH RIPD 8 "25 November 2004" "Quagga RIP daemon" "Version 0.97.3" ++.TH RIPD 8 "25 November 2004" "Quagga RIP daemon" "Version QUAGGA_VERSION" + .SH NAME + ripd \- a RIP routing engine for use with Quagga routing software. + .SH SYNOPSIS +diff --git a/doc/ripngd.8 b/doc/ripngd.8 +index 6e63dc2..c336c89 100644 +--- a/doc/ripngd.8 ++++ b/doc/ripngd.8 +@@ -1,4 +1,4 @@ +-.TH RIPNGD 8 "25 November 2004" "Quagga RIPNG daemon" "Version 0.97.3" ++.TH RIPNGD 8 "25 November 2004" "Quagga RIPNG daemon" "Version QUAGGA_VERSION" + .SH NAME + ripngd \- a RIPNG routing engine for use with Quagga routing software. + .SH SYNOPSIS +diff --git a/doc/vtysh.1 b/doc/vtysh.1 +index a2afa9f..ff672d0 100644 +--- a/doc/vtysh.1 ++++ b/doc/vtysh.1 +@@ -1,4 +1,4 @@ +-.TH VTYSH 1 "27 July 2006" "Quagga VTY shell" "Version 0.96.5" ++.TH VTYSH 1 "27 July 2006" "Quagga VTY shell" "Version QUAGGA_VERSION" + .SH NAME + vtysh \- a integrated shell for Quagga routing software + .SH SYNOPSIS +diff --git a/doc/zebra.8 b/doc/zebra.8 +index da5881c..23cf39e 100644 +--- a/doc/zebra.8 ++++ b/doc/zebra.8 +@@ -1,4 +1,4 @@ +-.TH ZEBRA 8 "25 November 2004" "Zebra daemon" "Version 0.97.3" ++.TH ZEBRA 8 "25 November 2004" "Zebra daemon" "Version QUAGGA_VERSION" + .SH NAME + zebra \- a routing manager for use with associated Quagga components. + .SH SYNOPSIS diff --git a/debian/patches/0008-Remove-duplicated-footnote.patch b/debian/patches/0008-Remove-duplicated-footnote.patch new file mode 100644 index 0000000..88d9b7e --- /dev/null +++ b/debian/patches/0008-Remove-duplicated-footnote.patch @@ -0,0 +1,20 @@ +From: Scott Leggett +Date: Sun, 5 Nov 2017 22:02:51 +1100 +Subject: Remove duplicated footnote. + +--- + doc/bgpd.texi | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/doc/bgpd.texi b/doc/bgpd.texi +index d5aa30c..2452eec 100644 +--- a/doc/bgpd.texi ++++ b/doc/bgpd.texi +@@ -1722,7 +1722,6 @@ Dump all BGP packet and events to @var{path} file. + If @var{interval} is set, a new file will be created for echo @var{interval} of seconds. + The path @var{path} can be set with date and time formatting (strftime). + The type ‘all-et’ enables support for Extended Timestamp Header (@pxref{Packet Binary Dump Format}). +-(@pxref{Packet Binary Dump Format}) + @end deffn + + @deffn Command {dump bgp updates @var{path} [@var{interval}]} {} diff --git a/debian/patches/0009-Fix-typo-in-dump-bgp-help-text.patch b/debian/patches/0009-Fix-typo-in-dump-bgp-help-text.patch new file mode 100644 index 0000000..03f6d00 --- /dev/null +++ b/debian/patches/0009-Fix-typo-in-dump-bgp-help-text.patch @@ -0,0 +1,23 @@ +From: Scott Leggett +Date: Sun, 5 Nov 2017 22:03:17 +1100 +Subject: Fix typo in dump-bgp help text. + +--- + bgpd/bgp_dump.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bgpd/bgp_dump.c b/bgpd/bgp_dump.c +index 01f9b41..2b8513c 100644 +--- a/bgpd/bgp_dump.c ++++ b/bgpd/bgp_dump.c +@@ -741,8 +741,8 @@ DEFUN (dump_bgp_all, + "dump bgp (all|all-et|updates|updates-et|routes-mrt) PATH [INTERVAL]", + "Dump packet\n" + "BGP packet dump\n" +- "Dump all BGP packets\nDump all BGP packets (Extended Tiemstamp Header)\n" +- "Dump BGP updates only\nDump BGP updates only (Extended Tiemstamp Header)\n" ++ "Dump all BGP packets\nDump all BGP packets (Extended Timestamp Header)\n" ++ "Dump BGP updates only\nDump BGP updates only (Extended Timestamp Header)\n" + "Dump whole BGP routing table\n" + "Output filename\n" + "Interval of output\n") diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..1a6f784 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,9 @@ +0001-82_vtysh__vtysh_user.c__pam.patch +0002-80_vtysh__vtysh.c__privs.patch +0003-Tweak-grammar-in-zebra-manpage-to-keep-lintian-happy.patch +0004-Fix-spelling-errors-in-strings-flagged-by-lintian.patch +0005-Fix-manpage-number-for-ospfclient.patch +0006-Patch-.service-files-for-Debian.patch +0007-Add-correct-QUAGGA_VERSION-to-manpages.patch +0008-Remove-duplicated-footnote.patch +0009-Fix-typo-in-dump-bgp-help-text.patch diff --git a/debian/quagga-bgpd.install b/debian/quagga-bgpd.install new file mode 100644 index 0000000..583d91e --- /dev/null +++ b/debian/quagga-bgpd.install @@ -0,0 +1,2 @@ +redhat/bgpd.service /lib/systemd/system/ +usr/sbin/bgpd diff --git a/debian/quagga-bgpd.manpages b/debian/quagga-bgpd.manpages new file mode 100644 index 0000000..8d4aed2 --- /dev/null +++ b/debian/quagga-bgpd.manpages @@ -0,0 +1 @@ +doc/bgpd.8 diff --git a/debian/quagga-core.README.Debian b/debian/quagga-core.README.Debian new file mode 100644 index 0000000..73219c7 --- /dev/null +++ b/debian/quagga-core.README.Debian @@ -0,0 +1,122 @@ +* SAFETY MEASURES: +================== + +The quagga package used to have a debconf option to abort during the upgrade +process to avoid inadvertently dropping routes and/or causing BGP flaps. This +has been removed as it was a violation of Debian Policy. Instead, please +consider setting this package "on hold" after installation by typing: + + # apt-mark hold quagga + +And verifying this using: + + $ apt-mark showhold + +Setting a package "on hold" means that it will not automatically be upgraded. +Instead apt-get only displays a warning saying that a new version would be +available forcing you to explicitly type "apt-get install quagga" to upgrade it. + + +* Daemon Selection and Control: +=============================== + +Each routing daemon can be brought up or down independently. E.g. + + # systemctl start bgpd + +This will also automatically start the `zebra` service, which is a dependency +of all the quagga routing daemons. Restart an individual daemon in the usual +way: + + # systemctl restart bgpd + +And restart or stop all daemons by targeting the `zebra` dependency: + + # systemctl restart zebra + # systemctl stop zebra + +IMPORTANT NOTE: Before starting (and so, by extension, on restart), the `zebra` +service will flush all existing zebra/quagga routes from the kernel routing +table. To override this behaviour, copy /lib/systemd/system/zebra.service to +/etc/systemd/system/zebra.service, and remove the "flush" line. + + +* What is quagga? +================= + +http://www.quagga.net/ +> Quagga is a routing software suite, providing implementations of OSPFv2, +> OSPFv3, RIP v1 and v2, RIPv3 and BGPv4 for Unix platforms, particularly +> FreeBSD and Linux and also NetBSD, to mention a few. Quagga is a fork of GNU +> Zebra which was developed by Kunihiro Ishiguro. Development of GNU Zebra +> slowed dramatically to the point where eventually GNU Zebra was forked into +> Quagga. + +> The Quagga tree is an attempt to provide a zebra tree with at least the +> bug-fixes, which have accumulated, applied, while tracking any significant +> changes made to the zebra.org tree. Ultimately, this tree hopes to revitalise +> development of this code base. + +I packaged zebra-pj which was then renamed to quagga to get people used to it +and offer Debian users the choice which versions they like to use. I hope this +brings quagga some feedback and helps it evolving to a good successor of the +orphaned zebra. + + -- Christian Hammers , Jul/Aug 2003 + + +* Why has SNMP support been disabled? +===================================== +Quagga used to link against the NetSNMP libraries to provide SNMP +support. Those libraries sadly link against the OpenSSL libraries +to provide crypto support for SNMPv3 among others. +OpenSSL now is not compatible with the GNU GENERAL PUBLIC LICENSE (GPL) +licence that Quagga is distributed under. For more explanation read: + http://www.gnome.org/~markmc/openssl-and-the-gpl.html + http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs +Updating the licence to explecitly allow linking against OpenSSL +would requite the affirmation of all people that ever contributed +a significant part to Zebra or Quagga and thus are the collective +"copyright holder". That's too much work. + + *BUT* + +It is allowed by the used licence mix that you fetch the sources and +build Quagga yourself with SNMP with + + # export WANT_SNMP=1 + # apt-get -b source quagga +Just distributing it in binary form, linked against OpenSSL, is forbidden. + + +* Error message "privs_init: initial cap_set_proc failed": +========================================================== + +This error message means that "capability support" has to be built +into the kernel. + + +* Error message "netlink-listen: overrun: No buffer space available": +===================================================================== + +If this message occurs the receive buffer should be increased by adding the +following to /etc/sysctl.conf and "--nl-bufsize" to /etc/quagga/debian.conf. +> net.core.rmem_default = 262144 +> net.core.rmem_max = 262144 +See message #4525 from 2005-05-09 in the quagga-users mailing list. + + +* vtysh immediately exists: +=========================== + +Check /etc/pam.d/quagga, it probably denies access to your user. The passwords +configured in /etc/quagga/*.conf are only for telnet access. + + +* /etc/quagga/Quagga.conf has no effect: +======================================== + +Quagga in Debian ignores the integrated configuration file by default (upstream +recommends against using it at all). If you want to use it anyway, please copy +the relevant .service files from /lib/systemd/system/ into /etc/systemd/system/ +and patch out "-f *.conf". diff --git a/debian/quagga-core.dirs b/debian/quagga-core.dirs new file mode 100644 index 0000000..0436e5b --- /dev/null +++ b/debian/quagga-core.dirs @@ -0,0 +1 @@ +/etc/quagga diff --git a/debian/quagga-core.docs b/debian/quagga-core.docs new file mode 100644 index 0000000..ef1aab0 --- /dev/null +++ b/debian/quagga-core.docs @@ -0,0 +1 @@ +tools diff --git a/debian/quagga-core.install b/debian/quagga-core.install new file mode 100644 index 0000000..8d538e5 --- /dev/null +++ b/debian/quagga-core.install @@ -0,0 +1,6 @@ +debian/etc/pam.d/quagga /etc/pam.d/ +redhat/zebra.service /lib/systemd/system/ +usr/bin/vtysh +usr/lib/*/*.so.* +usr/sbin/zebra +usr/share/doc/quagga/* /usr/share/doc/quagga-core/ diff --git a/debian/quagga-core.manpages b/debian/quagga-core.manpages new file mode 100644 index 0000000..ee48398 --- /dev/null +++ b/debian/quagga-core.manpages @@ -0,0 +1,2 @@ +doc/vtysh.1 +doc/zebra.8 diff --git a/debian/quagga-core.postinst b/debian/quagga-core.postinst new file mode 100644 index 0000000..98ae4a1 --- /dev/null +++ b/debian/quagga-core.postinst @@ -0,0 +1,13 @@ +#!/bin/bash +set -eu + +if [ "$1" = "configure" ]; then + # Set permissions to allow quagga daemons and vtysh to write config files. + dpkg-statoverride --list /etc/quagga || \ + dpkg-statoverride --add --update quagga quaggavty 775 /etc/quagga +fi + +# remove symlinks to /etc/init.d/quagga from runlevels +update-rc.d -f quagga remove + +#DEBHELPER# diff --git a/debian/quagga-core.preinst b/debian/quagga-core.preinst new file mode 100644 index 0000000..332bdd3 --- /dev/null +++ b/debian/quagga-core.preinst @@ -0,0 +1,22 @@ +#!/bin/bash +set -eu + +# create quaggavty group +addgroup --system quaggavty > /dev/null + +# create quagga group +addgroup --system quagga > /dev/null + +# create quagga user +adduser \ + --system \ + --ingroup quagga \ + --home /run/quagga/ \ + --no-create-home \ + --gecos "Quagga routing suite" \ + quagga > /dev/null + +# add quagga user to the quaggavty group +adduser quagga quaggavty + +#DEBHELPER# diff --git a/debian/quagga-doc.doc-base.mpls b/debian/quagga-doc.doc-base.mpls new file mode 100644 index 0000000..e6aaf00 --- /dev/null +++ b/debian/quagga-doc.doc-base.mpls @@ -0,0 +1,8 @@ +Document: mpls +Title: MPLS Traffic Engineering documentation +Author: Quagga contributors +Abstract: MPLS Traffic Engineering documentation +Section: Network/Communication + +Format: text +Files: /usr/share/doc/quagga-doc/mpls/* diff --git a/debian/quagga-doc.doc-base.news b/debian/quagga-doc.doc-base.news new file mode 100644 index 0000000..b405b1d --- /dev/null +++ b/debian/quagga-doc.doc-base.news @@ -0,0 +1,8 @@ +Document: news +Title: NEWS +Author: Quagga Contributors +Abstract: List of user-visible changes between versions +Section: Network/Communication + +Format: text +Files: /usr/share/doc/quagga-doc/NEWS.gz diff --git a/debian/quagga-doc.doc-base.quagga b/debian/quagga-doc.doc-base.quagga new file mode 100644 index 0000000..1267852 --- /dev/null +++ b/debian/quagga-doc.doc-base.quagga @@ -0,0 +1,8 @@ +Document: quagga +Title: Quagga Manual +Author: Quagga Contributors +Abstract: This file documents the Quagga Software Routing Suite which manages common TCP/IP routing protocols. +Section: Network/Communication + +Format: pdf +Files: /usr/share/doc/quagga-doc/quagga.pdf.gz diff --git a/debian/quagga-doc.doc-base.readme b/debian/quagga-doc.doc-base.readme new file mode 100644 index 0000000..a61c79a --- /dev/null +++ b/debian/quagga-doc.doc-base.readme @@ -0,0 +1,8 @@ +Document: readme +Title: Quagga README +Author: Quagga Contributors +Abstract: A brief README for Quagga. +Section: Network/Communication + +Format: text +Files: /usr/share/doc/quagga-doc/README diff --git a/debian/quagga-doc.doc-base.reporting-bugs b/debian/quagga-doc.doc-base.reporting-bugs new file mode 100644 index 0000000..ee75221 --- /dev/null +++ b/debian/quagga-doc.doc-base.reporting-bugs @@ -0,0 +1,8 @@ +Document: reporting-bugs +Title: REPORTING-BUGS +Author: Quagga Contributors +Abstract: How to report bugs in the Quagga suite. +Section: Network/Communication + +Format: text +Files: /usr/share/doc/quagga-doc/REPORTING-BUGS diff --git a/debian/quagga-doc.doc-base.zebra-draft-00 b/debian/quagga-doc.doc-base.zebra-draft-00 new file mode 100644 index 0000000..ccb5903 --- /dev/null +++ b/debian/quagga-doc.doc-base.zebra-draft-00 @@ -0,0 +1,8 @@ +Document: zebra-draft-00 +Title: Zebra Protocol Draft +Author: K. Ishiguro +Abstract: The zebra protocol is a communication protocol between kernel routing table manager and routing protocol daemon. +Section: Network/Communication + +Format: text +Files: /usr/share/doc/quagga-doc/draft-zebra-00.txt.gz diff --git a/debian/quagga-doc.docs b/debian/quagga-doc.docs new file mode 100644 index 0000000..64c1944 --- /dev/null +++ b/debian/quagga-doc.docs @@ -0,0 +1,9 @@ +AUTHORS +NEWS +README +REPORTING-BUGS +bgpd/BGP4-MIB.txt +doc/BGP-TypeCode +doc/draft-zebra-00.txt +doc/mpls/ +doc/quagga.pdf diff --git a/debian/quagga-doc.info b/debian/quagga-doc.info new file mode 100644 index 0000000..c9ff0f5 --- /dev/null +++ b/debian/quagga-doc.info @@ -0,0 +1 @@ +doc/quagga.info* diff --git a/debian/quagga-doc.install b/debian/quagga-doc.install new file mode 100644 index 0000000..5ea86bd --- /dev/null +++ b/debian/quagga-doc.install @@ -0,0 +1,3 @@ +# copy figures to where they're expected to be by info +doc/fig*.png /usr/share/info/ +usr/share/info/ diff --git a/debian/quagga-isisd.install b/debian/quagga-isisd.install new file mode 100644 index 0000000..4b0ff40 --- /dev/null +++ b/debian/quagga-isisd.install @@ -0,0 +1,2 @@ +redhat/isisd.service /lib/systemd/system/ +usr/sbin/isisd diff --git a/debian/quagga-isisd.manpages b/debian/quagga-isisd.manpages new file mode 100644 index 0000000..a14db1d --- /dev/null +++ b/debian/quagga-isisd.manpages @@ -0,0 +1 @@ +doc/isisd.8 diff --git a/debian/quagga-ospf6d.install b/debian/quagga-ospf6d.install new file mode 100644 index 0000000..516872b --- /dev/null +++ b/debian/quagga-ospf6d.install @@ -0,0 +1,2 @@ +redhat/ospf6d.service /lib/systemd/system/ +usr/sbin/ospf6d diff --git a/debian/quagga-ospf6d.manpages b/debian/quagga-ospf6d.manpages new file mode 100644 index 0000000..0bd8c51 --- /dev/null +++ b/debian/quagga-ospf6d.manpages @@ -0,0 +1 @@ +doc/ospf6d.8 diff --git a/debian/quagga-ospfd.install b/debian/quagga-ospfd.install new file mode 100644 index 0000000..0111838 --- /dev/null +++ b/debian/quagga-ospfd.install @@ -0,0 +1,3 @@ +redhat/ospfd.service /lib/systemd/system/ +usr/sbin/ospfclient +usr/sbin/ospfd diff --git a/debian/quagga-ospfd.manpages b/debian/quagga-ospfd.manpages new file mode 100644 index 0000000..ec3a2b1 --- /dev/null +++ b/debian/quagga-ospfd.manpages @@ -0,0 +1,2 @@ +doc/ospfclient.8 +doc/ospfd.8 diff --git a/debian/quagga-pimd.install b/debian/quagga-pimd.install new file mode 100644 index 0000000..e8615de --- /dev/null +++ b/debian/quagga-pimd.install @@ -0,0 +1,2 @@ +redhat/pimd.service /lib/systemd/system/ +usr/sbin/pimd diff --git a/debian/quagga-pimd.manpages b/debian/quagga-pimd.manpages new file mode 100644 index 0000000..c32676c --- /dev/null +++ b/debian/quagga-pimd.manpages @@ -0,0 +1 @@ +doc/pimd.8 diff --git a/debian/quagga-ripd.install b/debian/quagga-ripd.install new file mode 100644 index 0000000..2a2e224 --- /dev/null +++ b/debian/quagga-ripd.install @@ -0,0 +1,2 @@ +redhat/ripd.service /lib/systemd/system/ +usr/sbin/ripd diff --git a/debian/quagga-ripd.manpages b/debian/quagga-ripd.manpages new file mode 100644 index 0000000..a61422a --- /dev/null +++ b/debian/quagga-ripd.manpages @@ -0,0 +1 @@ +doc/ripd.8 diff --git a/debian/quagga-ripngd.install b/debian/quagga-ripngd.install new file mode 100644 index 0000000..1b161ef --- /dev/null +++ b/debian/quagga-ripngd.install @@ -0,0 +1,2 @@ +redhat/ripngd.service /lib/systemd/system/ +usr/sbin/ripngd diff --git a/debian/quagga-ripngd.manpages b/debian/quagga-ripngd.manpages new file mode 100644 index 0000000..2472d55 --- /dev/null +++ b/debian/quagga-ripngd.manpages @@ -0,0 +1 @@ +doc/ripngd.8 diff --git a/debian/quagga.NEWS b/debian/quagga.NEWS new file mode 100644 index 0000000..82d4c5d --- /dev/null +++ b/debian/quagga.NEWS @@ -0,0 +1,18 @@ +quagga (1.1.0-1) unstable; urgency=low + + The quagga package has been split into individual routing daemon packages. + All are dependencies of the "quagga" metapackage, so `apt-get install quagga` + installs the same functionality it did before, as does `apt-get upgrade`. + + The quagga package now uses systemd in order to avoid a lot of problems with + the old init scripts and to bring it closer to upstream. Existing daemon + configuration will work, but /etc/quagga/daemons and /etc/quagga/debian.conf + are no longer used. "watchquagga" has been removed from the package, as its + functionality is a subset of that of systemd. + + The debconf question that allowed aborting package upgrades has also been + removed in favour of recommending the "hold" system for packages. + + Please review /usr/share/doc/quagga-core/README.Debian for more information. + + -- Scott Leggett Sat, 19 Nov 2016 23:51:34 +1100 diff --git a/debian/quagga.maintscript b/debian/quagga.maintscript new file mode 100644 index 0000000..040ab60 --- /dev/null +++ b/debian/quagga.maintscript @@ -0,0 +1,4 @@ +rm_conffile /etc/init.d/quagga 1.1.0-1~ quagga +rm_conffile /etc/logrotate.d/quagga 1.1.0-1~ quagga +rm_conffile /etc/quagga/daemons 1.1.0-1~ quagga +rm_conffile /etc/quagga/debian.conf 1.1.0-1~ quagga diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..2c6b89c --- /dev/null +++ b/debian/rules @@ -0,0 +1,49 @@ +#!/usr/bin/make -f + +export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +# Set binary version +include /usr/share/dpkg/pkg-info.mk +export QUAGGA_VERSION = $(DEB_VERSION_UPSTREAM) + +# Filter VCS files +export DH_ALWAYS_EXCLUDE = .gitignore + +%: + dh $@ --parallel --list-missing + +override_dh_auto_configure: + # disable snmp due to openssl licensing issues + # disable watchquagga since we rely on systemd + dh_auto_configure -- \ + --enable-exampledir=/usr/share/doc/quagga/examples/ \ + --localstatedir=/run/quagga \ + --sysconfdir=/etc/quagga \ + --disable-watchquagga \ + --with-libpam \ + --enable-user=quagga \ + --enable-group=quagga \ + --enable-vty-group=quaggavty \ + --enable-configfile-mask=0660 \ + --enable-logfile-mask=0640 \ + --enable-multipath=64 \ + --libdir=/usr/lib/quagga \ + $(shell dpkg-buildflags --export=cmdline) + +override_dh_auto_build: + dh_auto_build + # build useful docs + dh_auto_build -- -C doc/ quagga.pdf draft-zebra-00.txt versioned_manpages + +override_dh_auto_install: + dh_auto_install + # clean .la files for lintian warning non-empty-dependency_libs-in-la-file + sed -i "/dependency_libs/ s/'.*'/''/" debian/tmp/usr/lib/**/*.la + +override_dh_strip: + dh_strip --dbgsym-migration='quagga-dbg (<< 1.1.0-1~)' + +# avoid lintian warning package-has-unnecessary-activation-of-ldconfig-trigger +override_dh_makeshlibs: + dh_makeshlibs --no-scripts diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..150f250 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,3 @@ +Tests: daemons +Depends: quagga, quagga-bgpd, quagga-isisd, quagga-ospf6d, quagga-ospfd, quagga-pimd, quagga-ripd, quagga-ripngd +Restrictions: needs-root diff --git a/debian/tests/daemons b/debian/tests/daemons new file mode 100755 index 0000000..4d02475 --- /dev/null +++ b/debian/tests/daemons @@ -0,0 +1,38 @@ +#!/bin/bash +#--------------- +# Testing quagga +#--------------- +set -eu + +DAEMONS=("bgpd" "isisd" "ospf6d" "ospfd" "pimd" "ripd" "ripngd") + +# configure +for daemon in "${DAEMONS[@]}" zebra +do + cp /usr/share/doc/quagga-core/examples/${daemon}.conf.sample \ + /etc/quagga/${daemon}.conf +done + +# start (no zebra - it's brought up automaticall as a dependency) +for daemon in "${DAEMONS[@]}" +do + systemctl start ${daemon} +done + +# reload quagga by restarting zebra - dependent daemons will restart. +systemctl restart zebra + +# wait for things to settle +sleep 5 + +# check daemons +for daemon in "${DAEMONS[@]}" zebra +do + echo -n "check ${daemon} - " + if systemctl -q is-active ${daemon}; then + echo "${daemon} OK" + else + echo "ERROR: ${daemon} IS NOT RUNNING" + exit 1 + fi +done diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..7c7ec50 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=3 +opts=uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha|b|a)[\-\.]?\d*)$/$1~$2/ \ + http://download.savannah.gnu.org/releases/quagga/quagga-(\d.*)\.(?:tgz|tar\.(?:gz|bz2|xz))