CVE-2016-1245
---
main/quagga/APKBUILD | 6 +++++-
main/quagga/CVE-2016-1245.patch | 14 ++++++++++++++
2 files changed, 19 insertions(+), 1 deletion(-)
create mode 100644 main/quagga/CVE-2016-1245.patch
diff --git a/main/quagga/APKBUILD b/main/quagga/APKBUILD
index bbbfa2a..47c6c62 100644
--- a/main/quagga/APKBUILD
+++ b/main/quagga/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=quagga
pkgver=0.99.24.1
-pkgrel=4
+pkgrel=5
pkgdesc="A free routing daemon replacing Zebra supporting RIP, OSPF and BGP."
url="http://quagga.net/"
arch="all"
@@ -17,6 +17,7 @@ source="http://download.savannah.gnu.org/releases/quagga/quagga-$pkgver.tar.xz
dont-hook-core-signals.patch
bgpd-fix-useless-call-in-bgp_mplsvpn.patch
CVE-2016-2342.patch
+ CVE-2016-1245.patch
bgpd.initd
zebra.initd
@@ -78,6 +79,7 @@ md5sums="b168db69435100ee04564c4fb39c7413 quagga-0.99.24.1.tar.xz
1224ba91ea6b6e81f583bad7813aba98 dont-hook-core-signals.patch
92a293e339a971dbee61a7e3532fc07f bgpd-fix-useless-call-in-bgp_mplsvpn.patch
9599aae2fc46e171d6cd1e0ad65bb0b8 CVE-2016-2342.patch
+fb9d9358fecc61ad74a6ff4b033b8697 CVE-2016-1245.patch
09a77e2e84e71c43f5a449738c026261 bgpd.initd
916f1dd1a286ee7b862cda4fe56cbf21 zebra.initd
34e06a1d2bc602ce691abc9ed169dd15 zebra.confd"
@@ -86,6 +88,7 @@ d8d65cc092cf7644b059d4c1b789b223482b0f50ba2cc891da4d71fe083f8cc0 bgpd-route-sel
4b71588e34ac14f8d6e72e6064b5e4ec302f286ebbe43df94c97411cceb66a23 dont-hook-core-signals.patch
e05f1fbec4f495fb257fb11bda4d1a7ceba008f4af4ff40f9093571f65ab6fe2 bgpd-fix-useless-call-in-bgp_mplsvpn.patch
4658d69b1e96d741aff29af72b93440b75fbff280d435614d991667f3cd32bdf CVE-2016-2342.patch
+226167b88b1ee40b2bc765f7efd9c073de27ab5f534d365a192980406155a7ff CVE-2016-1245.patch
aab037454c6a70cd5cb45e14c47b7dfea358f8d81c7d12418edcf7e58a86c679 bgpd.initd
c1d7526581927e990e687cbd5d08447eb060f76a439475572785b5b90c60c460 zebra.initd
f7a52d383f60270a5a8fee5d4ac522c5c0ec2b7c4b5252cff54e260f32d9b323 zebra.confd"
@@ -94,6 +97,7 @@ sha512sums="71c340ce0f4e52c69892d8fed82d30956161b09b029fb0a82ba774664aa2303b4930
5ef5c5e6d70d991b33b13a062e25b6fbde395dceee36aea29384b0640a48d2957ed5f50d416a1f2f770bf69bae2340133e35b1114be7e1fa722eb6d3d021f37a dont-hook-core-signals.patch
ee50d0ad93f3322ffa5842261359bb46cd7d3e609c44ea2dce86ecee03d0b862dac4b18dc70f116481acab6ca9e66a94cc8b22a8efb67df74ad38eab08592c76 bgpd-fix-useless-call-in-bgp_mplsvpn.patch
2cd301e9d63c1f006e8b136b6a781692f50d9a63315b58453096125bbdbd81bdb0e092549e6a496ba2451e7ab44f686faeec4b6eab6ad909c91ace95cbe8eee0 CVE-2016-2342.patch
+30db89839427ca03b24d80b832e270c648f1e6fba5612b1d2ba1b5e3b63dca5443f28ba00984854ecc2008c0882d18786454edbc17fc877b5dbb5dd81307caa4 CVE-2016-1245.patch
13b5b57e10df013bd2d931abc49bf76b8c4dee59dbceab22c9f151ccb988b2c5f7167f2909027d5e0f990b59da8de115667b02484aee9a67d347625700f6cacd bgpd.initd
1638a4a64ffd066b1884f7e5a4243edab68739aabd83bd35ea8c9608af7b8623eece1d59fb08feead84e4386b6d1da4220764ccf5fd7f2a9959a8470d5cce86a zebra.initd
900972c6f98e561dfacf384111251db262326e8764b8c763a5ef639fa11c7949c03eef5e3bce324a4b1964fe45416d2db74ae1b6bc967f7d4ba48c2eeda017c4 zebra.confd"
diff --git a/main/quagga/CVE-2016-1245.patch b/main/quagga/CVE-2016-1245.patch
new file mode 100644
index 0000000..ff3a16c
--- /dev/null
+++ b/main/quagga/CVE-2016-1245.patch
@@ -0,0 +1,14 @@
+CVE-2016-1245
+https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546
+
+--- quagga-0.99.24.1/zebra/rtadv.c.orig
++++ quagga-0.99.24.1/zebra/rtadv.c
+@@ -515,7 +515,7 @@
+ /* Register myself. */
+ rtadv_event (RTADV_READ, sock);
+
+- len = rtadv_recv_packet (sock, buf, BUFSIZ, &from, &ifindex, &hoplimit);
++ len = rtadv_recv_packet (sock, buf, sizeof (buf), &from, &ifindex, &hoplimit);
+
+ if (len < 0)
+ {
--
2.6.6
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---