PR#6: Upgrade EPEL 6 to 1.6.6 - rpms/bird

rpms / bird

#6 Upgrade EPEL 6 to 1.6.6

Merged 5 years ago by ersin. Opened 5 years ago by robert.

Unknown source el6 into el6

- Upgrade to 1.6.6 (CVE-2018-12066)

Robert Scheck • 5 years ago

8383efa

.gitignore

file modified

+1 -1

		`@@ -1,1 +1,1 @@`
		`- /bird-1.4.5.tar.gz`
		`+ /bird-*.tar.gz`

0001-Fixes-a-bug-in-locking-code.patch

file removed

-29

		`@@ -1,29 +0,0 @@`
		`- From ab006391305165c805f75e3a2ce20946748233c9 Mon Sep 17 00:00:00 2001`
		`- From: Ondrej Zajicek <santiago@crfreenet.org>`
		`- Date: Sat, 21 Feb 2015 12:27:05 +0100`
		`- Subject: [PATCH] Fixes a bug in locking code.`
		`-`
		`- When multiple protocols have a lock for the same IP address, it crashes`
		`- under some circumstances.`
		`-`
		`- Thanks to Matthias Schiffer for the bugreport.`
		`- ---`
		`- nest/locks.c \| 2 +-`
		`- 1 file changed, 1 insertion(+), 1 deletion(-)`
		`-`
		`- diff --git a/nest/locks.c b/nest/locks.c`
		`- index c74f2f4..ad2af49 100644`
		`- --- a/nest/locks.c`
		`- +++ b/nest/locks.c`
		`- @@ -70,7 +70,7 @@ olock_free(resource *r)`
		`- DBG("olock: -> %p becomes locked\n", n);`
		`- q = SKIP_BACK(struct object_lock, n, n);`
		`- rem_node(n);`
		`- - add_tail_list(&l->waiters, &q->waiters);`
		`- + add_tail_list(&q->waiters, &l->waiters);`
		`- q->state = OLOCK_STATE_EVENT;`
		`- add_head(&olock_list, n);`
		`- ev_schedule(olock_event);`
		`- --`
		`- 2.4.3`
		`-`

bird-1.6.6-runstatedir.patch

file added

+62

		`@@ -0,0 +1,62 @@`
		`+ As per http://trubka.network.cz/pipermail/bird-users/2019-March/013240.html`
		`+ a workaround suggested by upstream until bird >= 1.6.7 is released.`
		`+`
		`+ --- bird-1.6.6/configure 2019-03-01 00:13:27.000000000 +0100`
		`+ +++ bird-1.6.6/configure.runstatedir 2019-03-01 00:13:27.000000000 +0100`
		`+ @@ -652,7 +652,6 @@`
		`+ CONTROL_SOCKET`
		`+ CONFIG_FILE`
		`+ SUFFIX`
		`+ -runstatedir`
		`+ srcdir_rel_mf`
		`+ exedir`
		`+ objdir`
		`+ @@ -678,6 +677,7 @@`
		`+ docdir`
		`+ oldincludedir`
		`+ includedir`
		`+ +runstatedir`
		`+ localstatedir`
		`+ sharedstatedir`
		`+ sysconfdir`
		`+ @@ -761,6 +761,7 @@`
		`+ sysconfdir='${prefix}/etc'`
		`+ sharedstatedir='${prefix}/com'`
		`+ localstatedir='${prefix}/var'`
		`+ +runstatedir='${localstatedir}/run'`
		`+ includedir='${prefix}/include'`
		`+ oldincludedir='/usr/include'`
		`+ docdir='${datarootdir}/doc/${PACKAGE}'`
		`+ @@ -1013,6 +1014,15 @@`
		`+ \| -silent \| --silent \| --silen \| --sile \| --sil)`
		`+ silent=yes ;;`
		`+`
		`+ + -runstatedir \| --runstatedir \| --runstatedi \| --runstated \`
		`+ + \| --runstate \| --runstat \| --runsta \| --runst \| --runs \`
		`+ + \| --run \| --ru \| --r)`
		`+ + ac_prev=runstatedir ;;`
		`+ + -runstatedir=* \| --runstatedir=* \| --runstatedi=* \| --runstated=* \`
		`+ + \| --runstate=* \| --runstat=* \| --runsta=* \| --runst=* \| --runs=* \`
		`+ + \| --run=* \| --ru=* \| --r=*)`
		`+ + runstatedir=$ac_optarg ;;`
		`+ +`
		`+ -sbindir \| --sbindir \| --sbindi \| --sbind \| --sbin \| --sbi \| --sb)`
		`+ ac_prev=sbindir ;;`
		`+ -sbindir=* \| --sbindir=* \| --sbindi=* \| --sbind=* \| --sbin=* \`
		`+ @@ -1150,7 +1160,7 @@`
		`+ for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \`
		`+ datadir sysconfdir sharedstatedir localstatedir includedir \`
		`+ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \`
		`+ - libdir localedir mandir`
		`+ + libdir localedir mandir runstatedir`
		`+ do`
		`+ eval ac_val=\$$ac_var`
		`+ # Remove trailing slashes.`
		`+ @@ -1303,6 +1313,7 @@`
		`+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]`
		`+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]`
		`+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]`
		`+ + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]`
		`+ --libdir=DIR object code libraries [EPREFIX/lib]`
		`+ --includedir=DIR C header files [PREFIX/include]`
		`+ --oldincludedir=DIR C header files for non-gcc [/usr/include]`

bird.init

file modified

+41 -28

		`@@ -1,27 +1,48 @@`
		`- #!/bin/sh`
		`+ #!/bin/bash`
		`#`
		`- # BIRD Internet Routing Daemon`
		`+ # BIRD_PROGNAME - BIRD Internet Routing Daemon`
		`#`
		`- # chkconfig: - 20 80`
		`- # description: BIRD is dynamic routing daemon supporting \`
		`- # routing protocols BGP, RIP and OSPF.`
		`+ # chkconfig: - 80 20`
		`+ # description: BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border \`
		`+ # Gateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open \`
		`+ # Shortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babel), \`
		`+ # Bidirectional Forwarding Detection (BFD), IPv6 router advertisements, static \`
		`+ # routes, inter-table protocol, command-line interface allowing on-line control \`
		`+ # and inspection of the status of the daemon, soft reconfiguration as well as a \`
		`+ # powerful language for route filtering.`
		`+ # config: /etc/BIRD_PROGNAME.conf`
		`+`
		`+ ### BEGIN INIT INFO`
		`+ # Provides: BIRD_PROGNAME`
		`+ # Required-Start: $local_fs $network $remote_fs`
		`+ # Required-Stop: $local_fs $network $remote_fs`
		`+ # Default-Start:`
		`+ # Default-Stop: 0 1 6`
		`+ # Short-Description: BIRD Internet Routing Daemon`
		`+ # Description: BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border`
		`+ # Gateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open`
		`+ # Shortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babel),`
		`+ # Bidirectional Forwarding Detection (BFD), IPv6 router advertisements, static`
		`+ # routes, inter-table protocol, command-line interface allowing on-line control`
		`+ # and inspection of the status of the daemon, soft reconfiguration as well as a`
		`+ # powerful language for route filtering.`
		`+ ### END INIT INFO`

		`# Source function library.`
		`. /etc/rc.d/init.d/functions`

		`prog="BIRD_PROGNAME"`
		`exec="/usr/sbin/$prog"`
		`- config="/etc/$prog.conf"`
		`+ user="BIRD_PROGNAME"`
		`+ lockfile="/var/lock/subsys/$prog"`

		`[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog`

		`- lockfile=/var/lock/subsys/$prog`
		`-`
		`start() {`
		`[ -x $exec ] \|\| exit 5`
		`[ -f $config ] \|\| exit 6`
		`echo -n $"Starting $prog: "`
		`- daemon $exec`
		`+ daemon $exec -u $user -g $user $OPTIONS`
		`retval=$?`
		`echo`
		`[ $retval -eq 0 ] && touch $lockfile`
		`@@ -30,40 +51,29 @@`

		`stop() {`
		`echo -n $"Stopping $prog: "`
		`- killproc $prog`
		`+ killproc $exec`
		`retval=$?`
		`echo`
		`- [ $retval -eq 0 ] && rm -f $lockfile`
		`+ [ $retval -eq 0 ] && rm -f $lockfile`
		`return $retval`
		`}`

		`- restart() {`
		`- stop`
		`- start`
		`- }`
		`-`
		`reload() {`
		`echo -n $"Reloading $prog: "`
		`- killproc $prog -HUP`
		`+ killproc $exec -HUP`
		`retval=$?`
		`echo`
		`return $retval`
		`}`

		`- force_reload() {`
		`- restart`
		`- }`
		`-`
		`rh_status() {`
		`- # run checks to determine if the service is running or use generic status`
		`- status $prog`
		`+ status $exec`
		`}`

		`rh_status_q() {`
		`- rh_status >/dev/null 2>&1`
		`+ rh_status > /dev/null 2>&1`
		`}`

		`-`
		`case "$1" in`
		`start)`
		`rh_status_q && exit 0`
		`@@ -74,24 +84,27 @@`
		`$1`
		`;;`
		`restart)`
		`- $1`
		`+ stop`
		`+ start`
		`;;`
		`reload)`
		`rh_status_q \|\| exit 7`
		`$1`
		`;;`
		`force-reload)`
		`- force_reload`
		`+ restart`
		`;;`
		`status)`
		`rh_status`
		`;;`
		`condrestart\|try-restart)`
		`rh_status_q \|\| exit 0`
		`- restart`
		`+ stop`
		`+ start`
		`;;`
		`*)`
		`echo $"Usage: $0 {start\|stop\|status\|restart\|condrestart\|try-restart\|reload\|force-reload}"`
		`exit 2`
		`esac`
		`+`
		`exit $?`

bird.spec

file modified

+93 -61

		`@@ -1,25 +1,31 @@`
		`%global _hardened_build 1`

		`Name: bird`
		`- Version: 1.4.5`
		`- Release: 2%{?dist}`
		`+ Version: 1.6.6`
		`+ Release: 1%{?dist}`
		`Summary: BIRD Internet Routing Daemon`

		`Group: System Environment/Daemons`
		`License: GPLv2+`
		`- URL: http://bird.network.cz`
		`+ URL: https://bird.network.cz`
		`Source0: ftp://bird.network.cz/pub/bird/bird-%{version}.tar.gz`
		`Source1: bird.init`
		`+ Patch0: bird-1.6.6-runstatedir.patch`

		`- BuildRequires: flex bison ncurses-devel readline-devel sed`
		`- Requires(post): chkconfig`
		`- Requires(preun): chkconfig initscripts`
		`-`
		`- Patch0: 0001-Fixes-a-bug-in-locking-code.patch`
		`+ BuildRequires: flex bison ncurses-devel readline-devel sed gcc`
		`+ Requires(post): /sbin/chkconfig`
		`+ Requires(preun): /sbin/service, /sbin/chkconfig`
		`+ Requires(postun): /sbin/service`
		`+ Requires(pre): shadow-utils`

		`%description`
		`- BIRD is dynamic routing daemon supporting IPv4 and IPv6 versions of routing`
		`- protocols BGP, RIP and OSPF.`
		`+ BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border`
		`+ Gateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open`
		`+ Shortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babel),`
		`+ Bidirectional Forwarding Detection (BFD), IPv6 router advertisements, static`
		`+ routes, inter-table protocol, command-line interface allowing on-line control`
		`+ and inspection of the status of the daemon, soft reconfiguration as well as a`
		`+ powerful language for route filtering.`

		`This package contains IPv4 version.`

		`@@ -27,34 +33,44 @@`
		`%package -n bird6`
		`Summary: BIRD Internet Routing Daemon`
		`Group: System Environment/Daemons`
		`- Requires(post): chkconfig`
		`- Requires(preun): chkconfig initscripts`
		`+ Requires(post): /sbin/chkconfig`
		`+ Requires(preun): /sbin/service, /sbin/chkconfig`
		`+ Requires(postun): /sbin/service`
		`+ Requires(pre): shadow-utils`

		`%description -n bird6`
		`- BIRD is dynamic routing daemon supporting IPv4 and IPv6 versions of routing`
		`- protocols BGP, RIP and OSPF.`
		`+ BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border`
		`+ Gateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open`
		`+ Shortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babel),`
		`+ Bidirectional Forwarding Detection (BFD), IPv6 router advertisements, static`
		`+ routes, inter-table protocol, command-line interface allowing on-line control`
		`+ and inspection of the status of the daemon, soft reconfiguration as well as a`
		`+ powerful language for route filtering.`

		`This package contains IPv6 version.`


		`%package doc`
		`- Summary: BIRD Internet Routing Daemon`
		`- Group: System Environment/Daemons`
		`+ Summary: Documentation for BIRD Internet Routing Daemon`
		`+ Group: Documentation`
		`+ BuildRequires: linuxdoc-tools sgml-common`
		`+ BuildArch: noarch`

		`%description doc`
		`- BIRD is dynamic routing daemon supporting IPv4 and IPv6 versions of routing`
		`- protocols BGP, RIP and OSPF.`
		`+ Documentation for users and programmers of the BIRD Internet Routing Daemon.`

		`- This package contains documentation.`
		`+ BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border`
		`+ Gateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open`
		`+ Shortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babel),`
		`+ Bidirectional Forwarding Detection (BFD), IPv6 router advertisements, static`
		`+ routes, inter-table protocol, command-line interface allowing on-line control`
		`+ and inspection of the status of the daemon, soft reconfiguration as well as a`
		`+ powerful language for route filtering.`


		`%prep`
		`%setup -q`
		`-`
		`- %patch0 -p1`
		`-`
		`- #Don't strip executables`
		`- sed -i 's/\$(INSTALL_PROGRAM) -s/\$(INSTALL_PROGRAM)/' tools/Makefile.in`
		`+ %patch0 -p1 -b .runstatedir`


		`%build`
		`@@ -62,88 +78,104 @@`
		`tar c --exclude ipv6 . \| tar x -C ipv6`

		`cd ipv6`
		`- %configure --prefix=%{_prefix} \`
		`- --sysconfdir=%{_sysconfdir} \`
		`- --localstatedir=%{_localstatedir} \`
		`- --enable-ipv6`
		`- make %{?_smp_mflags}`
		`+ %configure --runstatedir=%{_localstatedir}/run/bird6 --enable-ipv6`
		`+ %make_build all`
		`cd ..`

		`- %configure --prefix=%{_prefix} \`
		`- --sysconfdir=%{_sysconfdir} \`
		`- --localstatedir=%{_localstatedir}`
		`- make %{?_smp_mflags}`
		`+ %configure --runstatedir=%{_localstatedir}/run/bird`
		`+ %make_build all docs`


		`%install`
		`- rm -rf %{buildroot}`
		`-`
		`- make install DESTDIR=%{buildroot}`
		`+ %make_install`

		`cd ipv6`
		`- make install DESTDIR=%{buildroot}`
		`+ %make_install`
		`cd ..`

		`- install -d $RPM_BUILD_ROOT%{_initddir}`
		`- sed 's/BIRD_PROGNAME/bird/' %SOURCE1 > $RPM_BUILD_ROOT%{_initddir}/bird`
		`- sed 's/BIRD_PROGNAME/bird6/' %SOURCE1 > $RPM_BUILD_ROOT%{_initddir}/bird6`
		`+ install -d %{buildroot}{%{_initddir},%{_localstatedir}/{lib,run}/bird{,6}}`
		`+ sed 's/BIRD_PROGNAME/bird/' %{SOURCE1} > $RPM_BUILD_ROOT%{_initddir}/bird`
		`+ sed 's/BIRD_PROGNAME/bird6/' %{SOURCE1} > $RPM_BUILD_ROOT%{_initddir}/bird6`
		`+`

		`- %clean`
		`- rm -rf %{buildroot}`
		`+ %pre`
		`+ getent group bird >/dev/null \|\| groupadd -r bird`
		`+ getent passwd bird >/dev/null \|\| \`
		`+ useradd -r -g bird -d %{_localstatedir}/lib/bird -s /sbin/nologin \`
		`+ -c "BIRD daemon user" bird`
		`+ exit 0`

		`%post`
		`- /sbin/chkconfig --add %{name}`
		`+ /sbin/chkconfig --add bird`

		`%preun`
		`if [ $1 -eq 0 ]; then`
		`- /sbin/service %{name} stop >/dev/null 2>&1`
		`- /sbin/chkconfig --del %{name}`
		`+ /sbin/service bird stop > /dev/null 2>&1 \|\| :`
		`+ /sbin/chkconfig --del bird`
		`fi`

		`%postun`
		`- if [ $1 -eq 1 ]; then`
		`- /sbin/service %{name} condrestart >/dev/null 2>&1 \|\| :`
		`+ if [ $1 -ne 0 ]; then`
		`+ /sbin/service bird condrestart > /dev/null 2>&1 \|\| :`
		`fi`

		`+ %pre -n bird6`
		`+ getent group bird6 >/dev/null \|\| groupadd -r bird6`
		`+ getent passwd bird6 >/dev/null \|\| \`
		`+ useradd -r -g bird6 -d %{_localstatedir}/lib/bird6 -s /sbin/nologin \`
		`+ -c "BIRD6 daemon user" bird6`
		`+ exit 0`
		`+`
		`%post -n bird6`
		`/sbin/chkconfig --add bird6`

		`%preun -n bird6`
		`if [ $1 -eq 0 ]; then`
		`- /sbin/service bird6 stop >/dev/null 2>&1`
		`- /sbin/chkconfig --del bird6`
		`+ /sbin/service bird6 stop > /dev/null 2>&1 \|\| :`
		`+ /sbin/chkconfig --del bird6`
		`fi`

		`%postun -n bird6`
		`- if [ $1 -eq 1 ]; then`
		`- /sbin/service bird6 condrestart >/dev/null 2>&1 \|\| :`
		`+ if [ $1 -ne 0 ]; then`
		`+ /sbin/service bird6 condrestart > /dev/null 2>&1 \|\| :`
		`fi`

		`+`
		`%files`
		`- %defattr(-,root,root,-)`
		`- %doc NEWS README TODO`
		`- %config(noreplace) %{_sysconfdir}/bird.conf`
		`- %attr(755,root,root) %{_initddir}/bird`
		`+ %doc NEWS README`
		`+ %attr(0640,root,bird) %config(noreplace) %{_sysconfdir}/bird.conf`
		`+ %attr(0755,root,root) %{_initddir}/bird`
		`%{_sbindir}/bird`
		`%{_sbindir}/birdc`
		`%{_sbindir}/birdcl`
		`+ %dir %attr(0750,bird,bird) %{_localstatedir}/lib/bird`
		`+ %dir %attr(0750,bird,bird) %{_localstatedir}/run/bird`

		`%files -n bird6`
		`- %defattr(-,root,root,-)`
		`- %doc NEWS README TODO`
		`- %config(noreplace) %{_sysconfdir}/bird6.conf`
		`- %attr(755,root,root) %{_initddir}/bird6`
		`+ %doc NEWS README`
		`+ %attr(0640,root,bird6) %config(noreplace) %{_sysconfdir}/bird6.conf`
		`+ %attr(0755,root,root) %{_initddir}/bird6`
		`%{_sbindir}/bird6`
		`%{_sbindir}/birdc6`
		`%{_sbindir}/birdcl6`
		`+ %dir %attr(0750,bird6,bird6) %{_localstatedir}/lib/bird6`
		`+ %dir %attr(0750,bird6,bird6) %{_localstatedir}/run/bird6`

		`%files doc`
		`- %defattr(-,root,root,-)`
		`- %doc NEWS README TODO`
		`+ %doc NEWS README`
		`+ %doc doc/bird.conf.*`
		`%doc doc/bird*.html`
		`+ %doc doc/bird.pdf`
		`+ %doc doc/prog*.html`
		`+ %doc doc/prog.pdf`


		`%changelog`
		`+ * Sat Apr 06 2019 Robert Scheck <robert@fedoraproject.org> - 1.6.6-1`
		`+ - Upgrade to 1.6.6 (CVE-2018-12066)`
		`+ - Modernization and cleanup of spec file`
		`+ - Ensure /etc/bird.conf can be only read by BIRD user`
		`+`
		`* Mon Jun 29 2015 Michal Sekletar <msekleta@redhat.com> - 1.4.5-2`
		`- fix bug in the locking code (#1235219)`

sources

file modified

+1 -1

		`@@ -1,1 +1,1 @@`
		`- a8e5e0a9129ce30fe6102c593bafb763 bird-1.4.5.tar.gz`
		`+ SHA512 (bird-1.6.6.tar.gz) = 2419e487af2c8e75f613892ee1b1ada00085945bcafe17de972d3196f50a32321a6d18c9a3b58c0c58a5273f348a6d6de8b861505ad559269510a0ba69041fd9`