import frr-7.0-8.el8
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
df12a09141
commit
d0746fd7ff
36
SOURCES/0005-igmp-trusted-query.patch
Normal file
36
SOURCES/0005-igmp-trusted-query.patch
Normal file
@ -0,0 +1,36 @@
|
||||
From ff4516227cc48b3175106a419f43b8fc9eee3710 Mon Sep 17 00:00:00 2001
|
||||
From: Donald Sharp <sharpd@cumulusnetworks.com>
|
||||
Date: Tue, 25 Jun 2019 00:30:11 -0400
|
||||
Subject: [PATCH] pimd: Dissallow query to be received from a non-connected
|
||||
source
|
||||
|
||||
When we receive an igmp query on a interface, ensure that the
|
||||
source address of the packet is connected to the incoming
|
||||
interface. This will prevent a meanie from crafting a igmp
|
||||
packet with a source address less than ours and causing
|
||||
us to suspend query activities.
|
||||
|
||||
Fixes: #1692
|
||||
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
||||
---
|
||||
pimd/pim_igmp.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/pimd/pim_igmp.c b/pimd/pim_igmp.c
|
||||
index 270f1e3f27..5beabbd8df 100644
|
||||
--- a/pimd/pim_igmp.c
|
||||
+++ b/pimd/pim_igmp.c
|
||||
@@ -305,6 +305,13 @@ static int igmp_recv_query(struct igmp_sock *igmp, int query_version,
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (!pim_if_connected_to_source(ifp, from)) {
|
||||
+ if (PIM_DEBUG_IGMP_PACKETS)
|
||||
+ zlog_debug("Recv IGMP query on interface: %s from a non-connected source: %s",
|
||||
+ ifp->name, from_str);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
/* Collecting IGMP Rx stats */
|
||||
switch (query_version) {
|
||||
case 1:
|
||||
@ -9,7 +9,7 @@
|
||||
|
||||
Name: frr
|
||||
Version: 7.0
|
||||
Release: 5%{?checkout}%{?dist}
|
||||
Release: 8%{?checkout}%{?dist}
|
||||
Summary: Routing daemon
|
||||
License: GPLv2+
|
||||
URL: http://www.frrouting.org
|
||||
@ -29,6 +29,8 @@ Requires: net-snmp ncurses
|
||||
Requires(post): systemd /sbin/install-info
|
||||
Requires(preun): systemd /sbin/install-info
|
||||
Requires(postun): systemd
|
||||
Requires: iproute
|
||||
Requires: initscripts
|
||||
Provides: routingdaemon = %{version}-%{release}
|
||||
Obsoletes: frr-sysvinit quagga
|
||||
|
||||
@ -37,6 +39,7 @@ Patch0001: 0001-use-python3.patch
|
||||
Patch0002: 0002-enable-openssl.patch
|
||||
Patch0003: 0003-disable-eigrp-crypto.patch
|
||||
Patch0004: 0004-fips-mode.patch
|
||||
Patch0005: 0005-igmp-trusted-query.patch
|
||||
|
||||
%description
|
||||
FRRouting is free software that manages TCP/IP based routing protocols. It takes
|
||||
@ -214,6 +217,15 @@ make check PYTHON=%{__python3}
|
||||
%{_includedir}/frr/eigrpd/*.h
|
||||
|
||||
%changelog
|
||||
* Tue May 05 2020 Michal Ruprich <michalruprich@gmail.com> - 7.0-8
|
||||
- Resolves: #1819319 - frr fails to start start if the initscripts package is missing
|
||||
|
||||
* Mon May 04 2020 Michal Ruprich <michalruprich@gmail.com> - 7.0-7
|
||||
- Resolves: #1758544 - IGMPv3 queries may lead to DoS
|
||||
|
||||
* Tue Mar 10 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-6
|
||||
- Resolves: #1776342 - frr has missing dependency on iproute
|
||||
|
||||
* Tue Sep 03 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-5
|
||||
- Resolves: #1719465 - Removal of component Frr or its crypto
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user