--- quagga-0.99.10.orig/debian/patches/80_vtysh__vtysh.c__privs.dpatch +++ quagga-0.99.10/debian/patches/80_vtysh__vtysh.c__privs.dpatch @@ -0,0 +1,51 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 100_vtysh__vtysh.c__privs.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: vtysh__vtysh.c__privs + +@DPATCH@ + +--- old/vtysh/vtysh.c.orig 2004-10-30 23:16:08.000000000 +0200 ++++ new/vtysh/vtysh.c 2004-10-30 23:16:41.000000000 +0200 +@@ -26,6 +26,8 @@ + #include + #include + #include ++#include ++#include + + #include + #include +@@ -1638,6 +1646,9 @@ + FILE *fp; + char *integrate_sav = NULL; + ++ /* Setting file permissions */ ++ struct group *quagga_vty_group; ++ + integrate_sav = malloc (strlen (integrate_default) + + strlen (CONF_BACKUP_EXT) + 1); + strcpy (integrate_sav, integrate_default); +@@ -1669,6 +1680,21 @@ + vtysh_config_dump (fp); + + fclose (fp); ++ ++ errno = 0; ++ if ((quagga_vty_group = getgrnam(VTY_GROUP)) == NULL) ++ { ++ fprintf (stdout, "%% Can't get group %s: %s (%d)\n", ++ VTY_GROUP, strerror(errno), errno); ++ return CMD_WARNING; ++ } ++ ++ if ((chown(integrate_default, -1, quagga_vty_group->gr_gid)) != 0) ++ { ++ fprintf (stdout,"%% Can't chown configuration file %s: %s (%d)\n", ++ integrate_default, strerror(errno), errno); ++ return CMD_WARNING; ++ } + + if (chmod (integrate_default, CONFIGFILE_MASK) != 0) + { --- quagga-0.99.10.orig/debian/patches/00list +++ quagga-0.99.10/debian/patches/00list @@ -0,0 +1,8 @@ +10_doc__Makefiles__makeinfo-force.dpatch +20_md5_bsd_linux_v10.dpatch +30_doc__ospfd.8__nolog.dpatch +50_vtysh__vtysh.conf.sample.dpatch +75_vtysh__vtysh.c__PAGER.dpatch +80_vtysh__vtysh.c__privs.dpatch +82_vtysh__vtysh_user.c__pam.dpatch +90_configure_ncurses.dpatch --- quagga-0.99.10.orig/debian/patches/50_vtysh__vtysh.conf.sample.dpatch +++ quagga-0.99.10/debian/patches/50_vtysh__vtysh.conf.sample.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 50_vtysh__vtysh.conf.sample.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: vtysh__vtysh.conf.sample + +@DPATCH@ + +--- old/vtysh/vtysh.conf.sample.orig 2004-10-30 23:07:40.000000000 +0200 ++++ new/vtysh/vtysh.conf.sample 2004-10-30 23:08:24.000000000 +0200 +@@ -1,7 +1,7 @@ + ! + ! Sample configuration file for vtysh. + ! +-!service integrated-vtysh-config ++service integrated-vtysh-config + !hostname quagga-router +-!username root nopassword ++username root nopassword + ! --- quagga-0.99.10.orig/debian/patches/82_vtysh__vtysh_user.c__pam.dpatch +++ quagga-0.99.10/debian/patches/82_vtysh__vtysh_user.c__pam.dpatch @@ -0,0 +1,15 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 99-unnamed.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Adds explanation why vtysh does not work if PAM fails. + +@DPATCH@ + +--- old/vtysh/vtysh_user.c.orig 2006-11-03 01:53:58.000000000 +0100 ++++ new/vtysh/vtysh_user.c 2006-11-03 01:59:02.000000000 +0100 +@@ -60,2 +60,4 @@ vtysh_pam (const char *user) + ret = pam_authenticate (pamh, 0); ++ if (ret != PAM_SUCCESS) ++ printf("Not authenticated. Check /etc/pam.d/quagga.\n"); + /* printf ("ret %d\n", ret); */ --- quagga-0.99.10.orig/debian/patches/90_configure_ncurses.dpatch +++ quagga-0.99.10/debian/patches/90_configure_ncurses.dpatch @@ -0,0 +1,51 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 99-unnamed.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: To make checklib happy. See: +## DP: http://rerun.lefant.net/checklib/log.quagga_0.99.5-1.html + +@DPATCH@ + +--- old/configure 2006-09-26 01:23:53.000000000 +0200 ++++ new/configure 2006-09-26 01:51:59.000000000 +0200 +@@ -11031,7 +11036,8 @@ + echo $ECHO_N "(cached) $ECHO_C" >&6 + else + ac_check_lib_save_LIBS=$LIBS +-LIBS="-ltermcap $LIBS" ++#42#DEBIAN# LIBS="-ltermcap $LIBS" ++LIBS="$LIBS" + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ + _ACEOF +@@ -11090,7 +11096,8 @@ + echo "$as_me:$LINENO: result: $ac_cv_lib_termcap_tputs" >&5 + echo "${ECHO_T}$ac_cv_lib_termcap_tputs" >&6 + if test $ac_cv_lib_termcap_tputs = yes; then +- LIBREADLINE="$LIBREADLINE -ltermcap" ++ #42#DEBIAN# LIBREADLINE="$LIBREADLINE -ltermcap" ++ LIBREADLINE="$LIBREADLINE " + else + echo "$as_me:$LINENO: checking for tputs in -ltinfo" >&5 + echo $ECHO_N "checking for tputs in -ltinfo... $ECHO_C" >&6 +@@ -11165,7 +11172,8 @@ + echo $ECHO_N "(cached) $ECHO_C" >&6 + else + ac_check_lib_save_LIBS=$LIBS +-LIBS="-lcurses $LIBS" ++#42#DEBIAN# LIBS="-lcurses $LIBS" ++LIBS="$LIBS" + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ + _ACEOF +@@ -11291,7 +11299,8 @@ + echo "$as_me:$LINENO: result: $ac_cv_lib_ncurses_tputs" >&5 + echo "${ECHO_T}$ac_cv_lib_ncurses_tputs" >&6 + if test $ac_cv_lib_ncurses_tputs = yes; then +- LIBREADLINE="$LIBREADLINE -lncurses" ++ #42#DEBIAN# LIBREADLINE="$LIBREADLINE -lncurses" ++ LIBREADLINE="$LIBREADLINE" + fi + + --- quagga-0.99.10.orig/debian/patches/75_vtysh__vtysh.c__PAGER.dpatch +++ quagga-0.99.10/debian/patches/75_vtysh__vtysh.c__PAGER.dpatch @@ -0,0 +1,30 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 75_vtysh__vtysh.c__PAGER.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: vtysh__vtysh.c__PAGER + +@DPATCH@ + +--- old/vtysh/vtysh.c.orig 2004-10-18 01:23:16.000000000 +0200 ++++ new/vtysh/vtysh.c 2004-10-18 01:25:15.000000000 +0200 +@@ -240,10 +240,16 @@ + + pager_defined = getenv ("VTYSH_PAGER"); + +- if (pager_defined) ++ if (pager_defined) { + vtysh_pager_name = strdup (pager_defined); +- else +- vtysh_pager_name = strdup ("more"); ++ } else { ++ struct stat pager_stat; ++ if (stat("/usr/bin/pager", &pager_stat) == 0) { ++ vtysh_pager_name = strdup ("/usr/bin/pager"); ++ } else { ++ vtysh_pager_name = strdup ("more"); ++ } ++ } + } + + /* Command execution over the vty interface. */ --- quagga-0.99.10.orig/debian/patches/20_md5_bsd_linux_v10.dpatch +++ quagga-0.99.10/debian/patches/20_md5_bsd_linux_v10.dpatch @@ -0,0 +1,633 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 99-unnamed.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: [quagga-users 9315] New md5 signature patch for bgp... quagga_md5_bsd_linux_v9.diff +## DP: http://www.wittsend.com/mhw/md5sig/quagga_md5_bsd_linux_v10.diff +## DP: Removed configure.ac part (insert corresponding diff to configure if not there) +## DP: as that works better for the Debian build process which does not run aclocal. + +@DPATCH@ + +diff -ruN quagga-0.99.10/bgpd/bgpd.c quagga-0.99.10-v10/bgpd/bgpd.c +--- quagga-0.99.10/bgpd/bgpd.c 2007-11-01 10:29:11.000000000 -0400 ++++ quagga-0.99.10-v10/bgpd/bgpd.c 2008-06-11 15:34:06.000000000 -0400 +@@ -788,6 +788,7 @@ + peer->status = Idle; + peer->ostatus = Idle; + peer->weight = 0; ++ peer->password = NULL; + peer->bgp = bgp; + peer = peer_lock (peer); /* initial reference */ + +@@ -1202,8 +1203,21 @@ + peer->last_reset = PEER_DOWN_NEIGHBOR_DELETE; + bgp_stop (peer); + bgp_fsm_change_status (peer, Deleted); ++ ++#if defined(HAVE_TCP_MD5SIG) ++ /* Password configuration */ ++ if (peer->password) ++ { ++ free (peer->password); ++ peer->password = NULL; ++ ++ if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) ++ bgp_md5_set_passive (&peer->su, NULL); ++ } ++#endif /* HAVE_TCP_MD5SIG */ ++ + bgp_timer_set (peer); /* stops all timers for Deleted */ +- ++ + /* Delete from all peer list. */ + if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) + { +@@ -1417,6 +1431,19 @@ + else + peer->v_routeadv = BGP_DEFAULT_EBGP_ROUTEADV; + ++#if defined(HAVE_TCP_MD5SIG) ++ /* password apply */ ++ free (peer->password); ++ ++ if (CHECK_FLAG (conf->flags, PEER_FLAG_PASSWORD)) ++ peer->password = strdup (conf->password); ++ else ++ peer->password = NULL; ++ ++ bgp_md5_set_passive (&peer->su, peer->password); ++ ++#endif /* HAVE_TCP_MD5SIG */ ++ + /* maximum-prefix */ + peer->pmax[afi][safi] = conf->pmax[afi][safi]; + peer->pmax_threshold[afi][safi] = conf->pmax_threshold[afi][safi]; +@@ -3379,9 +3406,120 @@ + return 0; + } + ++#if defined(HAVE_TCP_MD5SIG) ++/* Set password for authenticating with the peer. */ ++int ++peer_password_set (struct peer *peer, const char *password) ++{ ++ struct peer_group *group; ++ struct listnode *nn, *nnode; ++ int len = password ? strlen(password) : 0; ++ ++ if ((len < PEER_PASSWORD_MINLEN) || (len > PEER_PASSWORD_MAXLEN)) ++ return BGP_ERR_INVALID_VALUE; ++ ++ if (peer->password && strcmp (peer->password, password) == 0 ++ && ! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) ++ return 0; ++ ++ SET_FLAG (peer->flags, PEER_FLAG_PASSWORD); ++ free (peer->password); ++ peer->password = strdup (password); ++ ++ if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) ++ { ++ if (peer->status == Established) ++ bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); ++ else ++ BGP_EVENT_ADD (peer, BGP_Stop); ++ ++ bgp_md5_set_passive (&peer->su, peer->password); ++ ++ return 0; ++ } ++ ++ group = peer->group; ++ /* #42# LIST_LOOP (group->peer, peer, nn) */ ++ for (ALL_LIST_ELEMENTS (group->peer, nn, nnode, peer)) ++ { ++ if (peer->password && strcmp (peer->password, password) == 0) ++ continue; ++ ++ SET_FLAG (peer->flags, PEER_FLAG_PASSWORD); ++ free (peer->password); ++ peer->password = strdup (password); ++ ++ if (peer->status == Established) ++ bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); ++ else ++ BGP_EVENT_ADD (peer, BGP_Stop); ++ ++ bgp_md5_set_passive (&peer->su, peer->password); ++ } ++ ++ return 0; ++} ++ ++int ++peer_password_unset (struct peer *peer) ++{ ++ struct peer_group *group; ++ struct listnode *nn, *nnode; ++ ++ if (! CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD) ++ && ! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) ++ return 0; ++ ++ if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) ++ { ++ if (peer_group_active (peer) ++ && CHECK_FLAG (peer->group->conf->flags, PEER_FLAG_PASSWORD)) ++ return BGP_ERR_PEER_GROUP_HAS_THE_FLAG; ++ ++ if (peer->status == Established) ++ bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); ++ else ++ BGP_EVENT_ADD (peer, BGP_Stop); ++ ++ bgp_md5_set_passive (&peer->su, NULL); ++ ++ UNSET_FLAG (peer->flags, PEER_FLAG_PASSWORD); ++ free (peer->password); ++ peer->password = NULL; ++ ++ return 0; ++ } ++ ++ UNSET_FLAG (peer->flags, PEER_FLAG_PASSWORD); ++ free (peer->password); ++ peer->password = NULL; ++ ++ group = peer->group; ++ /* #42# LIST_LOOP (group->peer, peer, nn) */ ++ for (ALL_LIST_ELEMENTS (group->peer, nn, nnode, peer)) ++ { ++ if (! CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD)) ++ continue; ++ ++ if (peer->status == Established) ++ bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); ++ else ++ BGP_EVENT_ADD (peer, BGP_Stop); ++ ++ bgp_md5_set_passive (&peer->su, NULL); ++ ++ UNSET_FLAG (peer->flags, PEER_FLAG_PASSWORD); ++ free (peer->password); ++ peer->password = NULL; ++ } ++ ++ return 0; ++} ++#endif /* HAVE_TCP_MD5SIG */ ++ + /* Set distribute list to the peer. */ + int +-peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct, ++peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct, + const char *name) + { + struct bgp_filter *filter; +@@ -4416,9 +4554,19 @@ + ! CHECK_FLAG (g_peer->flags, PEER_FLAG_SHUTDOWN)) + vty_out (vty, " neighbor %s shutdown%s", addr, VTY_NEWLINE); + ++#if defined(HAVE_TCP_MD5SIG) ++ /* Password. */ ++ if (CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD)) ++ if (! peer_group_active (peer) ++ || ! CHECK_FLAG (g_peer->flags, PEER_FLAG_PASSWORD) ++ || strcmp (peer->password, g_peer->password) != 0) ++ vty_out (vty, " neighbor %s password %s%s", addr, peer->password, ++ VTY_NEWLINE); ++#endif /* HAVE_TCP_MD5SIG */ ++ + /* BGP port. */ + if (peer->port != BGP_PORT_DEFAULT) +- vty_out (vty, " neighbor %s port %d%s", addr, peer->port, ++ vty_out (vty, " neighbor %s port %d%s", addr, peer->port, + VTY_NEWLINE); + + /* Local interface name. */ +@@ -4951,6 +5099,12 @@ + bm->port = BGP_PORT_DEFAULT; + bm->master = thread_master_create (); + bm->start_time = time (NULL); ++#if defined(HAVE_TCP_MD5SIG) ++ bm->sock = -1; ++#if defined(HAVE_IPV6) ++ bm->sock6 = -1; ++#endif ++#endif /* HAVE_TCP_MD5SIG */ + } + + +diff -ruN quagga-0.99.10/bgpd/bgpd.h quagga-0.99.10-v10/bgpd/bgpd.h +--- quagga-0.99.10/bgpd/bgpd.h 2007-11-01 10:29:11.000000000 -0400 ++++ quagga-0.99.10-v10/bgpd/bgpd.h 2008-06-11 15:34:06.000000000 -0400 +@@ -56,6 +56,14 @@ + #define BGP_OPT_NO_FIB (1 << 0) + #define BGP_OPT_MULTIPLE_INSTANCE (1 << 1) + #define BGP_OPT_CONFIG_CISCO (1 << 2) ++ ++#if defined(HAVE_TCP_MD5SIG) ++ /* bgp receive socket */ ++ int sock; ++#if defined(HAVE_IPV6) ++ int sock6; ++#endif ++#endif /* HAVE_TCP_MD5SIG */ + }; + + /* BGP instance structure. */ +@@ -355,6 +363,7 @@ + #define PEER_FLAG_DYNAMIC_CAPABILITY (1 << 5) /* dynamic capability */ + #define PEER_FLAG_DISABLE_CONNECTED_CHECK (1 << 6) /* disable-connected-check */ + #define PEER_FLAG_LOCAL_AS_NO_PREPEND (1 << 7) /* local-as no-prepend */ ++#define PEER_FLAG_PASSWORD (1 << 9) /* password */ + + /* NSF mode (graceful restart) */ + u_char nsf[AFI_MAX][SAFI_MAX]; +@@ -377,7 +386,10 @@ + #define PEER_FLAG_ORF_PREFIX_RM (1 << 13) /* orf capability receive-mode */ + #define PEER_FLAG_MAX_PREFIX (1 << 14) /* maximum prefix */ + #define PEER_FLAG_MAX_PREFIX_WARNING (1 << 15) /* maximum prefix warning-only */ +-#define PEER_FLAG_NEXTHOP_LOCAL_UNCHANGED (1 << 16) /* leave link-local nexthop unchanged */ ++#define PEER_FLAG_NEXTHOP_LOCAL_UNCHANGED (1 << 16) /* leave link-local nexthop unchanged */ ++ ++ /* MD5 password */ ++ char *password; + + /* default-originate route-map. */ + struct +@@ -534,6 +546,13 @@ + #define PEER_RMAP_TYPE_EXPORT (1 << 7) /* neighbor route-map export */ + }; + ++#if defined(HAVE_TCP_MD5SIG) ++ ++#define PEER_PASSWORD_MINLEN (1) ++#define PEER_PASSWORD_MAXLEN (80) ++ ++#endif /* HAVE_TCP_MD5SIG */ ++ + /* This structure's member directly points incoming packet data + stream. */ + struct bgp_nlri +@@ -924,6 +943,11 @@ + extern int peer_route_map_unset (struct peer *, afi_t, safi_t, int); + + extern int peer_unsuppress_map_set (struct peer *, afi_t, safi_t, const char *); ++#if defined(HAVE_TCP_MD5SIG) ++extern int peer_password_set (struct peer *, const char *); ++extern int peer_password_unset (struct peer *); ++#endif /* HAVE_TCP_MD5SIG */ ++ + extern int peer_unsuppress_map_unset (struct peer *, afi_t, safi_t); + + extern int peer_maximum_prefix_set (struct peer *, afi_t, safi_t, u_int32_t, u_char, int, u_int16_t); +diff -ruN quagga-0.99.10/bgpd/bgp_network.c quagga-0.99.10-v10/bgpd/bgp_network.c +--- quagga-0.99.10/bgpd/bgp_network.c 2008-01-29 12:26:34.000000000 -0500 ++++ quagga-0.99.10-v10/bgpd/bgp_network.c 2008-06-11 15:34:06.000000000 -0400 +@@ -22,6 +22,7 @@ + + #include "thread.h" + #include "sockunion.h" ++#include "sockopt.h" + #include "memory.h" + #include "log.h" + #include "if.h" +@@ -38,6 +39,71 @@ + extern struct zebra_privs_t bgpd_privs; + + ++#if defined(HAVE_TCP_MD5SIG) ++/* ++ * Set MD5 key for the socket, for the given IPv4 peer address. ++ * If the password is NULL or zero-length, the option will be disabled. ++ */ ++int ++bgp_md5_set (int sock, union sockunion *su, const char *password) ++{ ++ int ret, en; ++ ++ if ( bgpd_privs.change (ZPRIVS_RAISE) ) ++ zlog_err ("bgp_md5_set: could not raise privs"); ++ ++ ret = sockopt_tcp_signature (sock, su, password); ++ en = errno; ++ ++ if (bgpd_privs.change (ZPRIVS_LOWER) ) ++ zlog_err ("bgp_md5_set: could not lower privs"); ++ ++ if (ret < 0) ++ zlog (NULL, LOG_WARNING, "can't set TCP_MD5SIG option on socket %d: %s", ++ sock, safe_strerror (en)); ++ ++ return ret; ++} ++ ++int ++bgp_md5_set_passive (union sockunion *su, const char *password) ++{ ++ int sock; ++#if defined(HAVE_IPV6) ++ union sockunion su2; ++ ++ sock = -1; ++ ++ switch (su->sa.sa_family) ++ { ++ case AF_INET: ++ if (bm->sock < 0) ++ { ++ sock = bm->sock6; ++ memset (&su2, 0, sizeof (su2)); ++ su2.sin6.sin6_family = AF_INET6; ++ su2.sin6.sin6_addr.s6_addr[8] = 0xff; ++ su2.sin6.sin6_addr.s6_addr[9] = 0xff; ++ su2.sin6.sin6_addr.s6_addr[10] = 0xff; ++ su2.sin6.sin6_addr.s6_addr[11] = 0xff; ++ memcpy (((char *)&su->sin6.sin6_addr) + 12, &su->sin.sin_addr, 4); ++ su = &su2; ++ } ++ else ++ sock = bm->sock; ++ break; ++ case AF_INET6: ++ sock = bm->sock6; ++ break; ++ } ++#else ++ sock = bm->sock; ++#endif ++ return bgp_md5_set(sock, su, password); ++} ++ ++#endif /* HAVE_TCP_MD5SIG */ ++ + /* Accept bgp connection. */ + static int + bgp_accept (struct thread *thread) +@@ -238,6 +304,11 @@ + sockopt_reuseaddr (peer->fd); + sockopt_reuseport (peer->fd); + ++#if defined(HAVE_TCP_MD5SIG) ++ if (CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD)) ++ bgp_md5_set (peer->fd, &peer->su, peer->password); ++#endif /* HAVE_TCP_MD5SIG */ ++ + /* Bind socket. */ + bgp_bind (peer); + +@@ -320,9 +391,34 @@ + continue; + } + ++#if defined(HAVE_TCP_MD5SIG) ++ if (ainfo->ai_family == AF_INET) ++ bm->sock = sock; ++#if defined(HAVE_IPV6) ++ else if (ainfo->ai_family == AF_INET6) ++ bm->sock6 = sock; ++#endif ++#endif ++ + sockopt_reuseaddr (sock); + sockopt_reuseport (sock); +- ++ ++#if defined(IPV6_V6ONLY) ++ if (ainfo->ai_family == AF_INET6) ++ { ++ int on = 1; ++ ++ /* Try to mark this one for IPv6 only */ ++ ret = setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY, ++ (void *) &on, sizeof (on)); ++ if (ret < 0) ++ { ++ en = errno; ++ zlog_err ("setsockopt V6ONLY: %s", safe_strerror (en)); ++ } ++ } ++#endif ++ + if (bgpd_privs.change (ZPRIVS_RAISE) ) + zlog_err ("bgp_socket: could not raise privs"); + +@@ -413,6 +509,9 @@ + close (sock); + return ret; + } ++#if defined(HAVE_TCP_MD5SIG) ++ bm->sock = sock; ++#endif /* HAVE_TCP_MD5SIG */ + + thread_add_read (bm->master, bgp_accept, bgp, sock); + +diff -ruN quagga-0.99.10/bgpd/bgp_network.h quagga-0.99.10-v10/bgpd/bgp_network.h +--- quagga-0.99.10/bgpd/bgp_network.h 2007-11-01 10:29:11.000000000 -0400 ++++ quagga-0.99.10-v10/bgpd/bgp_network.h 2008-06-11 15:34:06.000000000 -0400 +@@ -25,4 +25,9 @@ + extern int bgp_connect (struct peer *); + extern void bgp_getsockname (struct peer *); + ++#if defined(HAVE_TCP_MD5SIG) ++extern int bgp_md5_set (int, union sockunion *, const char *); ++extern int bgp_md5_set_passive (union sockunion *, const char *); ++#endif /* HAVE_TCP_MD5SIG */ ++ + #endif /* _QUAGGA_BGP_NETWORK_H */ +diff -ruN quagga-0.99.10/bgpd/bgp_vty.c quagga-0.99.10-v10/bgpd/bgp_vty.c +--- quagga-0.99.10/bgpd/bgp_vty.c 2007-10-14 18:32:21.000000000 -0400 ++++ quagga-0.99.10-v10/bgpd/bgp_vty.c 2008-06-11 15:34:06.000000000 -0400 +@@ -1479,6 +1479,46 @@ + "AS number used as local AS\n" + "Do not prepend local-as to updates from ebgp peers\n") + ++#if defined(HAVE_TCP_MD5SIG) ++DEFUN (neighbor_password, ++ neighbor_password_cmd, ++ NEIGHBOR_CMD2 "password LINE", ++ NEIGHBOR_STR ++ NEIGHBOR_ADDR_STR2 ++ "Set a password\n" ++ "The password\n") ++{ ++ struct peer *peer; ++ int ret; ++ ++ peer = peer_and_group_lookup_vty (vty, argv[0]); ++ if (! peer) ++ return CMD_WARNING; ++ ++ ret = peer_password_set (peer, argv[1]); ++ return bgp_vty_return (vty, ret); ++} ++ ++DEFUN (no_neighbor_password, ++ no_neighbor_password_cmd, ++ NO_NEIGHBOR_CMD2 "password", ++ NO_STR ++ NEIGHBOR_STR ++ NEIGHBOR_ADDR_STR2 ++ "Set a password\n") ++{ ++ struct peer *peer; ++ int ret; ++ ++ peer = peer_and_group_lookup_vty (vty, argv[0]); ++ if (! peer) ++ return CMD_WARNING; ++ ++ ret = peer_password_unset (peer); ++ return bgp_vty_return (vty, ret); ++} ++#endif /* HAVE_TCP_MD5SIG */ ++ + DEFUN (neighbor_activate, + neighbor_activate_cmd, + NEIGHBOR_CMD2 "activate", +@@ -8897,6 +8937,12 @@ + install_element (BGP_NODE, &no_neighbor_local_as_val_cmd); + install_element (BGP_NODE, &no_neighbor_local_as_val2_cmd); + ++#if defined(HAVE_TCP_MD5SIG) ++ /* "neighbor password" commands. */ ++ install_element (BGP_NODE, &neighbor_password_cmd); ++ install_element (BGP_NODE, &no_neighbor_password_cmd); ++#endif /* HAVE_TCP_MD5SIG */ ++ + /* "neighbor activate" commands. */ + install_element (BGP_NODE, &neighbor_activate_cmd); + install_element (BGP_IPV4_NODE, &neighbor_activate_cmd); +diff -ruN quagga-0.99.10/config.h.in quagga-0.99.10-v10/config.h.in +--- quagga-0.99.10/config.h.in 2008-06-10 16:54:56.000000000 -0400 ++++ quagga-0.99.10-v10/config.h.in 2008-06-11 15:34:06.000000000 -0400 +@@ -490,6 +490,9 @@ + /* Define to 1 if you have that is POSIX.1 compatible. */ + #undef HAVE_SYS_WAIT_H + ++/* Enable TCP MD5 Signatures */ ++#undef HAVE_TCP_MD5SIG ++ + /* Use TCP for zebra communication */ + #undef HAVE_TCP_ZEBRA + +diff -ruN quagga-0.99.10/configure quagga-0.99.10-v10/configure +--- quagga-0.99.10/configure 2008-06-10 16:55:00.000000000 -0400 ++++ quagga-0.99.10-v10/configure 2008-06-11 15:38:20.000000000 -0400 +@@ -1545,6 +1545,7 @@ + --enable-broken-aliases enable aliases as distinct interfaces for Linux 2.2.X + --enable-snmp enable SNMP support + --enable-tcp-zebra enable TCP/IP socket connection between zebra and protocol daemon ++ --enable-tcp-md5 enable TCP/IP MD5 signature in BGPd + --enable-opaque-lsa enable OSPF Opaque-LSA with OSPFAPI support (RFC2370) + --disable-ospfapi do not build OSPFAPI to access the OSPF LSA Database, + (this is the default if --enable-opaque-lsa is not set) +@@ -20012,6 +20013,11 @@ + enableval=$enable_tcp_zebra; + fi + ++# Check whether --enable-tcp-md5 was given. ++if test "${enable_tcp_md5+set}" = set; then ++ enableval=$enable_tcp_md5; ++fi ++ + # Check whether --enable-opaque-lsa was given. + if test "${enable_opaque_lsa+set}" = set; then + enableval=$enable_opaque_lsa; +@@ -20151,6 +20157,14 @@ + + fi + ++if test "${enable_tcp_md5}" = "yes"; then ++ ++cat >>confdefs.h <<\_ACEOF ++#define HAVE_TCP_MD5SIG 1 ++_ACEOF ++ ++fi ++ + if test "${enable_opaque_lsa}" = "yes"; then + + cat >>confdefs.h <<\_ACEOF + +diff -ruN quagga-0.99.10/lib/sockopt.c quagga-0.99.10-v10/lib/sockopt.c +--- quagga-0.99.10/lib/sockopt.c 2007-08-21 12:32:56.000000000 -0400 ++++ quagga-0.99.10-v10/lib/sockopt.c 2008-06-11 15:34:06.000000000 -0400 +@@ -22,6 +22,7 @@ + #include + #include "log.h" + #include "sockopt.h" ++#include "sockunion.h" + + int + setsockopt_so_recvbuf (int sock, int size) +@@ -480,3 +481,27 @@ + + iph->ip_id = ntohs(iph->ip_id); + } ++ ++#if defined(HAVE_TCP_MD5SIG) ++int ++sockopt_tcp_signature (int sock, union sockunion *su, const char *password) ++{ ++#ifndef GNU_LINUX ++ /* ++ * XXX Need to do PF_KEY operation here to add/remove an SA entry, ++ * and add/remove an SP entry for this peer's packet flows also. ++ */ ++ int md5sig = password && *password ? 1 : 0; ++#else ++ int keylen = password ? strlen (password) : 0; ++ struct tcp_md5sig md5sig; ++ ++ memset (&md5sig, 0, sizeof (md5sig)); ++ memcpy (&md5sig.tcpm_addr, su, sizeof (*su)); ++ md5sig.tcpm_keylen = keylen; ++ if (keylen) ++ memcpy (md5sig.tcpm_key, password, keylen); ++#endif ++ return setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG, &md5sig, sizeof md5sig); ++} ++#endif /* HAVE_TCP_MD5SIG */ +diff -ruN quagga-0.99.10/lib/sockopt.h quagga-0.99.10-v10/lib/sockopt.h +--- quagga-0.99.10/lib/sockopt.h 2007-08-21 12:32:56.000000000 -0400 ++++ quagga-0.99.10-v10/lib/sockopt.h 2008-06-11 15:34:06.000000000 -0400 +@@ -22,6 +22,8 @@ + #ifndef _ZEBRA_SOCKOPT_H + #define _ZEBRA_SOCKOPT_H + ++#include "sockunion.h" ++ + extern int setsockopt_so_recvbuf (int sock, int size); + extern int setsockopt_so_sendbuf (const int sock, int size); + extern int getsockopt_so_sendbuf (const int sock); +@@ -98,4 +100,27 @@ + extern void sockopt_iphdrincl_swab_htosys (struct ip *iph); + extern void sockopt_iphdrincl_swab_systoh (struct ip *iph); + ++#if defined(HAVE_TCP_MD5SIG) ++ ++#if defined(GNU_LINUX) && !defined(TCP_MD5SIG) ++ ++/* XXX these will come from eventually */ ++#define TCP_MD5SIG 14 ++#define TCP_MD5SIG_MAXKEYLEN 80 ++ ++struct tcp_md5sig { ++ struct sockaddr_storage tcpm_addr; /* address associated */ ++ __u16 __tcpm_pad1; /* zero */ ++ __u16 tcpm_keylen; /* key length */ ++ __u32 __tcpm_pad2; /* zero */ ++ __u8 tcpm_key[TCP_MD5SIG_MAXKEYLEN]; /* key (binary) */ ++}; ++ ++#endif /* defined(GNU_LINUX) && !defined(TCP_MD5SIG) */ ++ ++extern int sockopt_tcp_signature(int sock, union sockunion *su, ++ const char *password); ++ ++#endif /* HAVE_TCP_MD5SIG */ ++ + #endif /*_ZEBRA_SOCKOPT_H */ --- quagga-0.99.10.orig/debian/patches/30_doc__ospfd.8__nolog.dpatch +++ quagga-0.99.10/debian/patches/30_doc__ospfd.8__nolog.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 30_doc__ospfd.8__nolog.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Removes documentation of nonexistant option. + +@DPATCH@ + +--- old/doc/ospfd.8 2006-07-15 20:27:52.000000000 +0200 ++++ new/doc/ospfd.8 2006-07-15 20:28:09.000000000 +0200 +@@ -52,9 +52,6 @@ + \fB\fIpid-file\fR. The init system uses the recorded PID to stop or + restart ospfd. The likely default is \fB\fI/var/run/ospfd.pid\fR. + .TP +-\fB\-l\fR, \fB\-\-log_mode\fR +-Turn verbose logging on. +-.TP + \fB\-P\fR, \fB\-\-vty_port \fR\fIport-number\fR + Specify the port that the ospfd VTY will listen on. This defaults to + 2604, as specified in \fB\fI/etc/services\fR. --- quagga-0.99.10.orig/debian/patches/10_doc__Makefiles__makeinfo-force.dpatch +++ quagga-0.99.10/debian/patches/10_doc__Makefiles__makeinfo-force.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 10_doc__Makefiles__makeinfo-force.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: makeinfo + +@DPATCH@ + +# +# This patch is just for the Woody Backport. +# +--- /tmp/Makefile.in 2005-01-05 22:37:02.000000000 +0100 ++++ new/doc/Makefile.in 2005-01-05 23:03:33.000000000 +0100 +@@ -191,6 +191,7 @@ + sysconfdir = @sysconfdir@ + target_alias = @target_alias@ + EPSTOPDF = epstopdf ++MAKEINFOFLAGS = --force + + # rather twisted logic because we have to build PDFs of the EPS figures + # and yet build one PDF, quagga.pdf, from texi source. Which means we cant --- quagga-0.99.10.orig/debian/quagga.prerm +++ quagga-0.99.10/debian/quagga.prerm @@ -0,0 +1,38 @@ +#!/bin/bash -e + +. /usr/share/debconf/confmodule + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} + +# prerm remove +# old-prerm upgrade new-version +# new-prerm failed-upgrade old-version +# conflictor's-prerm remove in-favour package new-version +# deconfigured's-prerm deconfigure in-favour package-being-installed version removing conflicting-package +case $1 in + remove|upgrade) + # Trying to prevents the user from cutting his network connection if + # one or more servers seem to be started. + if [ -n "`ls /var/run/quagga/*.pid 2>/dev/null`" ]; then + db_fset quagga/really_stop seen false || true + db_input high quagga/really_stop || true + db_go || true + db_get quagga/really_stop || true + if [ "$RET" = "false" ]; then + db_stop + echo "*** As requested via Debconf, the Quagga daemon will not stop! ***" 1>&2 + exit 1 + fi + fi + ;; + + failed-upgrade) + # If quagga/really_stop was negated then this script exits with return + # code 1 and is called again with "failed-upgrade". Well, exit again. + exit 1 + ;; + +esac + +#DEBHELPER# --- quagga-0.99.10.orig/debian/quagga-doc.info +++ quagga-0.99.10/debian/quagga-doc.info @@ -0,0 +1 @@ +doc/quagga.info* --- quagga-0.99.10.orig/debian/quagga.dirs +++ quagga-0.99.10/debian/quagga.dirs @@ -0,0 +1,8 @@ +etc/logrotate.d/ +etc/quagga/ +usr/share/doc/quagga/ +usr/share/doc/quagga/examples/ +usr/share/lintian/overrides/ +usr/share/snmp/mibs/ +var/log/quagga/ +var/run/quagga/ --- quagga-0.99.10.orig/debian/control +++ quagga-0.99.10/debian/control @@ -0,0 +1,39 @@ +Source: quagga +Section: net +Priority: optional +Maintainer: Christian Hammers +Uploaders: Christian Hammers , Florian Weimer +Build-Depends: debhelper (>= 4.1.16), libncurses5-dev, libreadline5-dev | libreadline-dev, texlive-latex-base, texlive-generic-recommended, libpam0g-dev | libpam-dev, libcap-dev, texinfo (>= 4.7), dpatch, imagemagick, gs-gpl, groff, po-debconf, autotools-dev, libpcre3-dev +Standards-Version: 3.7.3 +Homepage: http://www.quagga.net/ + +Package: quagga +Architecture: any +Depends: ${shlibs:Depends}, logrotate (>= 3.2-11), iproute, ${misc:Depends} +Pre-Depends: adduser +Conflicts: zebra, zebra-pj +Replaces: zebra, zebra-pj +Suggests: snmpd +Description: BGP/OSPF/RIP routing daemon + GNU Quagga is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, and RIPng as + well as the IPv6 versions of these. + . + As the precessor Zebra has been considered orphaned, the Quagga project + has been formed by members of the zebra mailing list and the former + zebra-pj project to continue developing. + . + Quagga uses threading if the kernel supports it, but can also run on + kernels that do not support threading. Each protocol has its own daemon. + . + It is more than a routed replacement, it can be used as a Route Server and + a Route Reflector. + +Package: quagga-doc +Section: doc +Architecture: all +Suggests: quagga +Description: documentation files for quagga + This package includes info files for quagga, a free software which manages + TCP/IP based routing protocols. It supports BGP4, BGP4+, OSPFv2, OSPFv3, + IS-IS, RIPv1, RIPv2, and RIPng as well as the IPv6 versions of these. --- quagga-0.99.10.orig/debian/watch +++ quagga-0.99.10/debian/watch @@ -0,0 +1,6 @@ +# Example watch control file for uscan +# Rename this file to "watch" and then you can run the "uscan" command +# to check for upstream updates and more. +# Site Directory Pattern Version Script +version=2 +http://www.quagga.net/download/quagga-(.*)\.tar\.gz debian uupdate --- quagga-0.99.10.orig/debian/quagga.lintian-overrides +++ quagga-0.99.10/debian/quagga.lintian-overrides @@ -0,0 +1,4 @@ +quagga: non-dev-pkg-with-shlib-symlink usr/lib/libospfapiclient.so.0.0.0 usr/lib/libospfapiclient.so +quagga: non-dev-pkg-with-shlib-symlink usr/lib/libospf.so.0.0.0 usr/lib/libospf.so +quagga: non-dev-pkg-with-shlib-symlink usr/lib/libzebra.so.0.0.0 usr/lib/libzebra.so +quagga: package-name-doesnt-match-sonames libospf0 libospfapiclient0 libzebra0 --- quagga-0.99.10.orig/debian/rules +++ quagga-0.99.10/debian/rules @@ -0,0 +1,207 @@ +#!/usr/bin/make -f + +export DH_VERBOSE=1 +export DEB_BUILD_HARDENING=1 + +T=$(CURDIR)/debian/tmp/ +Z=$(CURDIR)/debian/quagga/ +ZD=$(CURDIR)/debian/quagga-doc/ + +include /usr/share/dpatch/dpatch.make + +ifeq ($(WANT_SNMP), 1) + USE_SNMP=--enable-snmp + $(warning "DEBIAN: SNMP enabled, sorry for your inconvenience") +else + $(warning "DEBIAN: SNMP disabled, see README.Debian") +endif + +configure: patch configure-stamp +configure-stamp: + dh_testdir + + # Quagga needs /proc to check some BSD vs Linux specific stuff. + # Else it fails with an obscure error message pointing out + # that IPCTL_FORWARDING is an undefined symbol which is not very + # helpful. + @if ! [ -d /proc/1 ]; then \ + echo "./configure needs a mounted /proc"; \ + exit 1; \ + fi + + # Update config.* + cp /usr/share/misc/config.guess . + cp /usr/share/misc/config.sub . + + # according to redhad/quagga.spec as of 2003-08-18 with Debian hardening and PCRE-Posix + LIBS=-lpcreposix \ + ./configure \ + --prefix=/usr \ + --libexecdir=/usr/lib/quagga \ + --sbindir=/usr/lib/quagga \ + --sysconfdir=/etc/quagga \ + --localstatedir=/var/run/quagga \ + --enable-exampledir=$(T)/usr/share/doc/quagga/examples/ \ + \ + $(USE_SNMP) \ + --enable-vtysh \ + --enable-isisd \ + --enable-watchquagga \ + --enable-ospf-te \ + --enable-opaque-lsa \ + --enable-ipv6 \ + --enable-ospfclient=yes \ + --enable-ospfapi=yes \ + --enable-multipath=64 \ + --enable-user=quagga \ + --enable-group=quagga \ + --enable-vty-group=quaggavty \ + --enable-configfile-mask=0640 \ + --enable-logfile-mask=0640 \ + --enable-rtadv \ + --enable-tcp-md5 \ + --enable-gcc-rdynamic \ + \ + --with-libpam + + if ! diff -b -IHAVE_SNMP -IHAVE_NETSNMP -IUCD_COMPAT -IGETIFADDR debian/my/config.h.reference config.h; then \ + echo; \ + echo "WARNING: Please compare with debian/my/config.h.reference"; \ + echo; \ + if [ "`hostname`" = "app109" ]; then exit 1; fi; \ + fi + + touch $@ + + +build: configure build-stamp +build-stamp: + @echo "#42# entering build" + dh_testdir + + $(MAKE) + + # doc/ is a bit crazy + $(MAKE) -C doc quagga.pdf + rm -vf doc/quagga.info + $(MAKE) -C doc quagga.info + rm -vf doc/quagga.info.html* + + touch build-stamp + + +clean: clean-patched unpatch +clean-patched: + @echo "#42# entering clean" + dh_testdir + dh_testroot + rm -f configure-stamp build-stamp install-stamp + + # Those will be updated from /usr/share/misc + rm -f config.guess config.sub + + [ ! -f Makefile ] || $(MAKE) distclean + @echo "BEGIN CRUFT" + @rm -vf */Makefile doc/quagga.fns doc/quagga.info doc/quagga.kys doc/quagga.tmp doc/quagga.pdf doc/quagga.info-* + @rm -vf lib/version.c doc/stamp-vti + @rm -vf vtysh/vtysh_cmd.c + @rm -vf doc/fig*.pdf doc/version.texi + @echo "END CRUFT" + + # why? + @if [ -e config.log ]; then echo "CONFIG.LOG STILL THERE"; rm config.log; fi + + debconf-updatepo + dh_clean + + +install: build + @echo "#42# entering install" + dh_testdir + dh_testroot + dh_clean -k + + $(MAKE) install \ + prefix=$(T)/usr \ + libexecdir=$(T)/usr/lib/quagga \ + sbindir=$(T)/usr/lib/quagga \ + sysconfdir=$(T)/etc/quagga \ + mandir=$(T)/usr/share/man \ + localstatedir=$(T)/var/run/quagga \ + infodir=$(T)/usr/share/info + + # cleaning up the info dir + rm -f $(T)/usr/share/info/dir* + + # install config files + mkdir -p $(T)/etc/quagga/ + cp debian/my/debian.conf $(T)/etc/quagga/ + cp debian/my/daemons $(T)/etc/quagga/ + perl -pi -e 's#^!log file #!log file /var/log/quagga/#' $(T)/usr/share/doc/quagga/examples/*sample* + + # installing the Quagga specific SNMP MIB + mkdir -p $(T)/usr/share/snmp/mibs/ + install -m 644 ./zebra/GNOME-PRODUCT-ZEBRA-MIB $(T)/usr/share/snmp/mibs/ + + # make lintian happy + mkdir -p $(T)/usr/share/lintian/overrides/ + cp debian/quagga.lintian-overrides $(T)/usr/share/lintian/overrides/quagga + +# Build architecture-independent files here. +binary-indep: build install + dh_testdir + dh_testroot + + dh_installdirs -i + dh_movefiles -i + dh_link -i + + dh_installchangelogs -i + dh_installdebconf -i + dh_installdocs -i + dh_installexamples -i + dh_installinfo -i + dh_installman -i + + dh_compress -i + dh_fixperms -i + dh_installdeb -i + dh_shlibdeps -i + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + + dh_installdirs -a + dh_movefiles -a + dh_link -a + + dh_installchangelogs -a ChangeLog + dh_installdebconf -a + dh_installdocs -a + dh_installexamples -a + dh_installinit -a + dh_installpam -a + dh_installlogrotate + dh_installman -a + + dh_strip -a + dh_compress -a + dh_fixperms -a + dh_makeshlibs -a + dh_installdeb -a + # dh_shlibdeps: removed "-L quagga" for Woody backport compatibility. + dh_shlibdeps -a -l debian/quagga/usr/lib + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false + +binary: binary-indep binary-arch +.PHONY: clean clean-patched configure build binary binary-indep binary-arch install patch unpatch --- quagga-0.99.10.orig/debian/copyright +++ quagga-0.99.10/debian/copyright @@ -0,0 +1,28 @@ +This package was debianized by Christian Hammers on +2003-07-01 and bases on the original zebra Debian package. + +It was downloaded from http://www.quagga.net/ + +Authors of the original Zebra are + Kunihiro Ishiguro + Toshiaki Takada + Yasuhiro Ohara + +Main patch collector for quagga is + Paul Jakma + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +A copy of the GPL can be found in /usr/share/common-licenses/GPL. --- quagga-0.99.10.orig/debian/README.Maintainer +++ quagga-0.99.10/debian/README.Maintainer @@ -0,0 +1,35 @@ +# +# Apply patches +# +for i in debian/patches/*; do echo -e "#\n# $i\n#"; patch --fuzz=3 --dry-run -p1 < $i; done +for i in debian/patches/*; do echo -e "#\n# $i\n#"; patch --fuzz=3 -p1 < $i; done + +# +# Update GNU autoconf stuff (>= libtool 1.4) according to #176829 +# (Probably no longer neccessary as ltmain is up to date) +# +# libtoolize --force --copy +# ACLOCAL=aclocal-1.8 AUTOMAKE=automake-1.8 autoreconf2.50 + +# +# Filename transition from zebra to quagga +# + +Files that keep their names + /usr/bin/vtysh + +Files that got an -pj suffix + /etc/default/zebra -> /etc/quagga/debian.conf + /etc/init.d/zebra -> /etc/init.d/quagga + /etc/zebra/ -> /etc/quagga/ + /usr/share/doc/zebra/ -> /usr/share/doc/quagga/ + /var/log/zebra/ -> /var/log/quagga/ + /var/run/ -> /var/run/quagga/ + +Files that were moved + /usr/sbin/* -> /usr/lib/quagga/ + +# +# Dependencies +# +Recommends: kernel-image-2.4 (>= 2.4.20) due to bug #225919 --- quagga-0.99.10.orig/debian/README.Debian.Woody +++ quagga-0.99.10/debian/README.Debian.Woody @@ -0,0 +1,5 @@ +I maintain woody backports of Quagga, too. They are available at + + http://www.lathspell.de/linux/debian/ + +-christian- --- quagga-0.99.10.orig/debian/quagga.preinst +++ quagga-0.99.10/debian/quagga.preinst @@ -0,0 +1,77 @@ +#!/bin/bash + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} +set -e +set -u + +# creating quaggavty group if it isn't already there +if ! getent group quaggavty >/dev/null; then + addgroup --system quaggavty >/dev/null +fi + +# creating quagga group if it isn't already there +if ! getent group quagga >/dev/null; then + addgroup --system quagga >/dev/null +fi + +# creating quagga user if he isn't already there +if ! getent passwd quagga >/dev/null; then + adduser \ + --system \ + --ingroup quagga \ + --home /var/run/quagga/ \ + --gecos "Quagga routing suite" \ + --shell /bin/false \ + quagga >/dev/null +fi + +# Do not change permissions when upgrading as it would violate policy. +if [ "$1" = "install" ]; then + # Logfiles are group readable in case users were put into the quagga group. + d=/var/log/quagga/ + mkdir -p $d + chown -R quagga:quagga $d + chmod u=rwx,go=rx $d + find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= + + # Strict permissions for the sockets. + d=/var/run/quagga/ + mkdir -p $d + chown -R quagga:quagga $d + chmod u=rwx,go=rx $d + find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,go= + + # Config files. Vtysh does not have access to the individual daemons config file + d=/etc/quagga/ + mkdir -p $d + chown quagga:quaggavty $d + chmod ug=rwx,o=rx $d + find $d -type f -print0 | xargs -0 --no-run-if-empty chown quagga:quagga + find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= + + # Exceptions for vtysh. + f=$d/vtysh.conf + if [ -f $f ]; then + chown quagga:quaggavty $f + chmod u=rw,g=r,o= $f + fi + + # Exceptions for vtysh. + f=$d/Quagga.conf + if [ -f $d/Zebra.conf ]; then + mv $d/Zebra.conf $f + fi + if [ -f $f ]; then + chown quagga:quaggavty $f + chmod u=rw,g=r,o= $f + fi +fi + +if grep -q ^smux /etc/quagga/*.conf; then + echo "The currently used smux options will no longer work so remove them!" >&2 + echo "See /usr/share/doc/quagga/README.Debian for more information." >&2 + exit 1 +fi + +#DEBHELPER# --- quagga-0.99.10.orig/debian/README.Debian +++ quagga-0.99.10/debian/README.Debian @@ -0,0 +1,109 @@ +* SAFETY MEASURES: +================== + +Please consider setting this package "on hold" by typing + echo "quagga hold" | dpkg --set-selections +and verifying this using + dpkg --get-selections | grep 'hold$' + +Setting a package "on hold" means that it will not automatically be upgraded. +Instead apt-get only displays a warning saying that a new version would be +available forcing you to explicitly type "apt-get install quagga" to upgrade it. + + +* What is quagga? +================= + +http://www.quagga.net/ +> Quagga is a routing software suite, providing implementations of OSPFv2, +> OSPFv3, RIP v1 and v2, RIPv3 and BGPv4 for Unix platforms, particularly +> FreeBSD and Linux and also NetBSD, to mention a few. Quagga is a fork of GNU +> Zebra which was developed by Kunihiro Ishiguro. Development of GNU Zebra +> slowed dramatically to the point where eventually GNU Zebra was forked into +> Quagga. + +> The Quagga tree is an attempt to provide a zebra tree with at least the +> bug-fixes, which have accumulated, applied, while tracking any significant +> changes made to the zebra.org tree. Ultimately, this tree hopes to revitalise +> development of this code base. + +I packaged zebra-pj which was then renamed to quagga to get people used to it +and offer Debian users the choice which versions they like to use. I hope this +brings quagga some feedback and helps it evolving to a good successor of the +orphaned zebra. + + -- Christian Hammers , Jul/Aug 2003 + + +* Why has SNMP support been disabled? +===================================== +Quagga used to link against the NetSNMP libraries to provide SNMP +support. Those libraries sadly link against the OpenSSL libraries +to provide crypto support for SNMPv3 among others. +OpenSSL now is not compatible with the GNU GENERAL PUBLIC LICENSE (GPL) +licence that Quagga is distributed under. For more explanation read: + http://www.gnome.org/~markmc/openssl-and-the-gpl.html + http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs +Updating the licence to explecitly allow linking against OpenSSL +would requite the affirmation of all people that ever contributed +a significant part to Zebra or Quagga and thus are the collective +"copyright holder". That's too much work. Using a shrinked down +version of NetSNMP without OpenSSL or convincing the NetSNMP people +to change to GnuTLS are maybe good solutions but not reachable +during the last days before the Sarge release :-( + + *BUT* + +It is allowed by the used licence mix that you fetch the sources and +build Quagga yourself with SNMP with + + # export WANT_SNMP=1 + # apt-get -b source quagga +Just distributing it in binary form, linked against OpenSSL, is forbidden. + + +* Daemon selection: +=================== + +The Debian package uses /etc/quagga/daemons to tell the +initscript which daemons to start. It's in the format += +with no spaces (it's simply source-d into the initscript). +Default is not to start anything, since it can hose your +system's routing table if not set up properly. + +Priorities were suggested by Dancer . +They're used to start the Quagga daemons in more than one step +(for example start one or two at network initialization and the +rest later). The number of Quagga daemons being small, priorities +must be between 1 and 9, inclusive (or the initscript has to be +changed). /etc/init.d/quagga then can be started as + +/etc/init.d/quagga > + +where priority 0 is the same as 'stop', priority 10 or 'start' +means 'start all' + + +* Error message "privs_init: initial cap_set_proc failed": +========================================================== + +This error message means that "capability support" has to be built +into the kernel. + + +* Error message "netlink-listen: overrun: No buffer space available": +===================================================================== + +If this message occurs the receive buffer should be increased by adding the +following to /etc/sysctl.conf and "--nl-bufsize" to /etc/quagga/debian.conf. +> net.core.rmem_default = 262144 +> net.core.rmem_max = 262144 +See message #4525 from 2005-05-09 in the quagga-users mailing list. + + +* vtysh immediately exists: +=========================== + +Check /etc/pam.d/quagga, it probably denies access to your user. The passwords +configured in /etc/quagga/Quagga.conf are only for telnet access. --- quagga-0.99.10.orig/debian/quagga.postrm +++ quagga-0.99.10/debian/quagga.postrm @@ -0,0 +1,13 @@ +#!/bin/bash + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} +# set -e not because of userdel +# set -u not because of debhelper + +if [ "$1" = "purge" ]; then + rm -rf /etc/quagga /var/run/quagga /var/log/quagga + userdel quagga >/dev/null 2>&1 +fi + +#DEBHELPER# --- quagga-0.99.10.orig/debian/quagga.postinst +++ quagga-0.99.10/debian/quagga.postinst @@ -0,0 +1,17 @@ +#!/bin/bash -e + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} + +# This is most likely due to the answer "no" to the "really stop the server" +# question in the prerm script. +if [ "$1" = "abort-upgrade" ]; then + exit 0 +fi + +. /usr/share/debconf/confmodule + +db_stop + +#DEBHELPER# + --- quagga-0.99.10.orig/debian/quagga.logrotate +++ quagga-0.99.10/debian/quagga.logrotate @@ -0,0 +1,17 @@ +/var/log/quagga/*.log { + daily + sharedscripts + missingok + compress + rotate 14 + create 640 quagga quaggavty + + postrotate + for i in zebra bgpd ripd ospfd ripngd ospf6d isisd; do + if [ -e /var/run/quagga/$i.pid ] ; then + kill -USR1 `cat /var/run/quagga/$i.pid` + fi + + done + endscript +} --- quagga-0.99.10.orig/debian/quagga-doc.docs +++ quagga-0.99.10/debian/quagga-doc.docs @@ -0,0 +1,9 @@ +AUTHORS +NEWS +README +REPORTING-BUGS +doc/quagga.pdf +doc/BGP-TypeCode +doc/draft-zebra-00.txt +doc/mpls/ +bgpd/BGP4-MIB.txt --- quagga-0.99.10.orig/debian/po/templates.pot +++ quagga-0.99.10/debian/po/templates.pot @@ -0,0 +1,31 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: ch@debian.org\n" +"POT-Creation-Date: 2006-07-15 20:31+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "Do you really want to stop the Quagga daemon?" +msgstr "" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "" +"WARNING: The Quagga routing daemon has to be stopped to proceed. This could " +"lead to BGP flaps or loss of network connectivity." +msgstr "" --- quagga-0.99.10.orig/debian/po/de.po +++ quagga-0.99.10/debian/po/de.po @@ -0,0 +1,33 @@ +# translation of po-debconf template to German +# Copyright (C) 2007, Matthias Julius +# This file is distributed under the same license as the quagga package. +# +# Matthias Julius , 2007. +msgid "" +msgstr "" +"Project-Id-Version: quagga 0.99.6-2\n" +"Report-Msgid-Bugs-To: ch@debian.org\n" +"POT-Creation-Date: 2006-07-15 20:31+0200\n" +"PO-Revision-Date: 2007-02-01 19:32-0500\n" +"Last-Translator: Matthias Julius \n" +"Language-Team: German \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "Do you really want to stop the Quagga daemon?" +msgstr "Möchten Sie den Quagga-Daemon wirklich beenden?" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "" +"WARNING: The Quagga routing daemon has to be stopped to proceed. This could " +"lead to BGP flaps or loss of network connectivity." +msgstr "" +"Warnung: Um fortzufahren muss der Quagga-Routing-Daemon beendet werden. Dies " +"könnte zu BGP-Flaps oder Verlust der Netzwerkverbindung führen." --- quagga-0.99.10.orig/debian/po/es.po +++ quagga-0.99.10/debian/po/es.po @@ -0,0 +1,56 @@ +# quagga translation to spanish +# Copyright (C) 2004 Software in the Public Interest +# This file is distributed under the same license as the quagga package. +# +# Changes: +# - Initial translation +# Carlos Galisteo de Cabo , 2007 +# +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentacin de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traduccin al espaol, por favor lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traduccin de Debian al espaol +# http://www.debian.org/intl/spanish/coordinacion +# especialmente las notas de traduccin en +# http://www.debian.org/intl/spanish/notas +# +# - La gua de traduccin de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# + +msgid "" +msgstr "" +"Project-Id-Version: quagga_0.99.7-2\n" +"Report-Msgid-Bugs-To: ch@debian.org\n" +"POT-Creation-Date: 2006-07-15 20:31+0200\n" +"PO-Revision-Date: 2007-05-08 12:39+0200\n" +"Last-Translator: Carlos Galisteo \n" +"Language-Team: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "Do you really want to stop the Quagga daemon?" +msgstr "Est seguro de que quiere detener el servicio Quagga?" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "" +"WARNING: The Quagga routing daemon has to be stopped to proceed. This could " +"lead to BGP flaps or loss of network connectivity." +msgstr "" +"ADVERTENCIA: Debe detenerse el servicio de encaminamiento Quagga para continuar. " +"sto podra provocar intermitencias en BGP o prdidas de conectividad." --- quagga-0.99.10.orig/debian/po/cs.po +++ quagga-0.99.10/debian/po/cs.po @@ -0,0 +1,40 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: quagga\n" +"Report-Msgid-Bugs-To: ch@debian.org\n" +"POT-Creation-Date: 2006-07-15 20:31+0200\n" +"PO-Revision-Date: 2005-07-13 18:52+0200\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "Do you really want to stop the Quagga daemon?" +msgstr "Opravdu chcete zastavit daemon Quagga?" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "" +"WARNING: The Quagga routing daemon has to be stopped to proceed. This could " +"lead to BGP flaps or loss of network connectivity." +msgstr "" +"VAROVÁNÍ: Abyste mohli pokračovat, musí se směrovací daemon Quagga " +"pozastavit. To může vést ke zpanikaření BGP nebo ke ztrátě konektivity." --- quagga-0.99.10.orig/debian/po/pt.po +++ quagga-0.99.10/debian/po/pt.po @@ -0,0 +1,33 @@ +# Portuguese translations for quagga package. +# Copyright (C) 2007 Miguel Figueiredo +# This file is distributed under the same license as the quagga package. +# Miguel Figueiredo , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: quagga 0.99.6-6\n" +"Report-Msgid-Bugs-To: ch@debian.org\n" +"POT-Creation-Date: 2006-07-15 20:31+0200\n" +"PO-Revision-Date: 2007-04-26 23:07+0100\n" +"Last-Translator: Miguel Figueiredo \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "Do you really want to stop the Quagga daemon?" +msgstr "Deseja mesmo parar o daemon Quagga?" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "" +"WARNING: The Quagga routing daemon has to be stopped to proceed. This could " +"lead to BGP flaps or loss of network connectivity." +msgstr "" +"AVISO: O daemon de routing tem de ser parado para continuar. Isto pode levar " +"a distúrbio do BGP ou perda da ligação de rede." --- quagga-0.99.10.orig/debian/po/nl.po +++ quagga-0.99.10/debian/po/nl.po @@ -0,0 +1,30 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: quagga\n" +"Report-Msgid-Bugs-To: ch@debian.org\n" +"POT-Creation-Date: 2006-07-15 20:31+0200\n" +"PO-Revision-Date: 2007-03-15 18:49+0100\n" +"Last-Translator: Bart Cornelis \n" +"Language-Team: debian-l10n-dutch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Dutch\n" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "Do you really want to stop the Quagga daemon?" +msgstr "Bent u zeker dat u de Quagga-achtergronddienst wilt stoppen?" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "WARNING: The Quagga routing daemon has to be stopped to proceed. This could lead to BGP flaps or loss of network connectivity." +msgstr "WAARSCHUWING: De Quagga 'routing'-achtergronddienst dient stopgezet te worden voor u verder gaat. Dit kan BGP-flaps en verliezen van netwerkverbinding veroorzaken." + --- quagga-0.99.10.orig/debian/po/POTFILES.in +++ quagga-0.99.10/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] quagga.templates --- quagga-0.99.10.orig/debian/po/fr.po +++ quagga-0.99.10/debian/po/fr.po @@ -0,0 +1,41 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: quagga 0.99.1-3\n" +"Report-Msgid-Bugs-To: ch@debian.org\n" +"POT-Creation-Date: 2006-07-15 20:31+0200\n" +"PO-Revision-Date: 2005-07-21 10:52+0200\n" +"Last-Translator: Mohammed Adnne Trojette\n" +"Language-Team: French \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "Do you really want to stop the Quagga daemon?" +msgstr "Faut-il vraiment arrter le dmon Quagga?" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "" +"WARNING: The Quagga routing daemon has to be stopped to proceed. This could " +"lead to BGP flaps or loss of network connectivity." +msgstr "" +"Veuillez noter que le dmon de routage Quagga doit tre arrt avant de " +"poursuivre cette installation. Cela peut provoquer des incohrences BGP ou " +"des pertes de connectivit." --- quagga-0.99.10.orig/debian/po/sv.po +++ quagga-0.99.10/debian/po/sv.po @@ -0,0 +1,39 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# , fuzzy +# +# +msgid "" +msgstr "" +"Project-Id-Version: quagga 0.99.1-6\n" +"Report-Msgid-Bugs-To: ch@debian.org\n" +"POT-Creation-Date: 2006-07-15 20:31+0200\n" +"PO-Revision-Date: 2005-10-04 06:56+0200\n" +"Last-Translator: Daniel Nylander \n" +"Language-Team: Swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "Do you really want to stop the Quagga daemon?" +msgstr "Vill du stoppa Quagga-daemonen?" + +#. Type: boolean +#. Description +#: ../quagga.templates:1001 +msgid "" +"WARNING: The Quagga routing daemon has to be stopped to proceed. This could " +"lead to BGP flaps or loss of network connectivity." +msgstr "" +"VARNING: routingdaemonen Quagga mste stoppas fr att fortstta. Detta kan " +"leda till BGP-flaps eller att ntverksfrbindelsen avbryts." --- quagga-0.99.10.orig/debian/my/debian.conf +++ quagga-0.99.10/debian/my/debian.conf @@ -0,0 +1,13 @@ +# +# If this option is set the /etc/init.d/quagga script automatically loads +# the config via "vtysh -b" when the servers are started. +# Check /etc/pam.d/quagga if you intend to use "vtysh"! +# +vtysh_enable=yes +zebra_options=" --daemon -A 127.0.0.1" +bgpd_options=" --daemon -A 127.0.0.1" +ospfd_options=" --daemon -A 127.0.0.1" +ospf6d_options="--daemon -A ::1" +ripd_options=" --daemon -A 127.0.0.1" +ripngd_options="--daemon -A ::1" +isisd_options=" --daemon -A 127.0.0.1" --- quagga-0.99.10.orig/debian/my/daemons +++ quagga-0.99.10/debian/my/daemons @@ -0,0 +1,27 @@ +# This file tells the quagga package which daemons to start. +# +# Entries are in the format: =(yes|no|priority) +# 0, "no" = disabled +# 1, "yes" = highest priority +# 2 .. 10 = lower priorities +# Read /usr/share/doc/quagga/README.Debian for details. +# +# Sample configurations for these daemons can be found in +# /usr/share/doc/quagga/examples/. +# +# ATTENTION: +# +# When activation a daemon at the first time, a config file, even if it is +# empty, has to be present *and* be owned by the user and group "quagga", else +# the daemon will not be started by /etc/init.d/quagga. The permissions should +# be u=rw,g=r,o=. +# When using "vtysh" such a config file is also needed. It should be owned by +# group "quaggavty" and set to ug=rw,o= though. Check /etc/pam.d/quagga, too. +# +zebra=no +bgpd=no +ospfd=no +ospf6d=no +ripd=no +ripngd=no +isisd=no --- quagga-0.99.10.orig/debian/my/config.h.reference +++ quagga-0.99.10/debian/my/config.h.reference @@ -0,0 +1,745 @@ +/* config.h. Generated from config.h.in by configure. */ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* bgpd vty socket */ +#define BGP_VTYSH_PATH "/var/run/quagga/bgpd.vty" + +/* BSDI */ +/* #undef BSDI_NRL */ + +/* Mask for config files */ +#define CONFIGFILE_MASK 0640 + +/* Consumed Time Check */ +#define CONSUMED_TIME_CHECK 5000000 + +/* daemon vty directory */ +#define DAEMON_VTY_DIR "/var/run/quagga" + +/* Disable BGP installation to zebra */ +/* #undef DISABLE_BGP_ANNOUNCE */ + +/* GNU Linux */ +#define GNU_LINUX + +/* Define to 1 if you have the `alarm' function. */ +#define HAVE_ALARM 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_ARPA_INET_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_ASM_TYPES_H 1 + +/* Broken Alias */ +/* #undef HAVE_BROKEN_ALIASES */ + +/* Broken CMSG_FIRSTHDR */ +/* #undef HAVE_BROKEN_CMSG_FIRSTHDR */ + +/* BSD link-detect */ +/* #undef HAVE_BSD_LINK_DETECT */ + +/* Can pass ifindex in struct ip_mreq */ +/* #undef HAVE_BSD_STRUCT_IP_MREQ_HACK */ + +/* capabilities */ +#define HAVE_CAPABILITIES 1 + +/* Define to 1 if your system has a working `chown' function. */ +#define HAVE_CHOWN 1 + +/* Define to 1 if you have the `daemon' function. */ +#define HAVE_DAEMON 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_DLFCN_H 1 + +/* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */ +/* #undef HAVE_DOPRNT */ + +/* Define to 1 if you have the `dup2' function. */ +#define HAVE_DUP2 1 + +/* Define to 1 if you have the `fcntl' function. */ +#define HAVE_FCNTL 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_FCNTL_H 1 + +/* Define to 1 if your system has a working POSIX `fnmatch' function. */ +#define HAVE_FNMATCH 1 + +/* Define to 1 if you have the `fork' function. */ +#define HAVE_FORK 1 + +/* Define to 1 if you have the `ftruncate' function. */ +#define HAVE_FTRUNCATE 1 + +/* Define to 1 if you have the `getaddrinfo' function. */ +#define HAVE_GETADDRINFO 1 + +/* Define to 1 if you have the `getcwd' function. */ +#define HAVE_GETCWD 1 + +/* Define to 1 if you have the `gethostbyname' function. */ +#define HAVE_GETHOSTBYNAME 1 + +/* Define to 1 if you have the `getifaddrs' function. */ +#define HAVE_GETIFADDRS 1 + +/* Define to 1 if you have the `getpagesize' function. */ +#define HAVE_GETPAGESIZE 1 + +/* Define to 1 if you have the `gettimeofday' function. */ +#define HAVE_GETTIMEOFDAY 1 + +/* Glibc backtrace */ +#define HAVE_GLIBC_BACKTRACE + +/* GNU regexp library */ +#define HAVE_GNU_REGEX + +/* Define to 1 if you have the `if_indextoname' function. */ +#define HAVE_IF_INDEXTONAME 1 + +/* Define to 1 if you have the `if_nametoindex' function. */ +#define HAVE_IF_NAMETOINDEX 1 + +/* __inet_aton */ +#define HAVE_INET_ATON 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_INET_ND_H */ + +/* Define to 1 if you have the `inet_ntoa' function. */ +#define HAVE_INET_NTOA 1 + +/* __inet_ntop */ +#define HAVE_INET_NTOP + +/* __inet_pton */ +#define HAVE_INET_PTON + +/* Define to 1 if you have the header file. */ +#define HAVE_INTTYPES_H 1 + +/* Linux IPv6 */ +#define HAVE_IPV6 1 + +/* IRDP */ +#define HAVE_IRDP + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_KVM_H */ + +/* Capabilities */ +#define HAVE_LCAPS 1 + +/* Define to 1 if you have the `crypt' library (-lcrypt). */ +#define HAVE_LIBCRYPT 1 + +/* Define to 1 if you have the `kvm' library (-lkvm). */ +/* #undef HAVE_LIBKVM */ + +/* Have libm */ +#define HAVE_LIBM + +/* Define to 1 if you have the `nsl' library (-lnsl). */ +/* #undef HAVE_LIBNSL */ + +/* Define to 1 if you have the `resolv' library (-lresolv). */ +/* #undef HAVE_LIBRESOLV */ + +/* Define to 1 if you have the `socket' library (-lsocket). */ +/* #undef HAVE_LIBSOCKET */ + +/* Define to 1 if you have the `umem' library (-lumem). */ +/* #undef HAVE_LIBUMEM */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_LIBUTIL_H */ + +/* Define to 1 if you have the `xnet' library (-lxnet). */ +/* #undef HAVE_LIBXNET */ + +/* Define to 1 if you have the header file. */ +#define HAVE_LIMITS_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_LINUX_VERSION_H 1 + +/* mallinfo */ +#define HAVE_MALLINFO + +/* Define to 1 if your system has a GNU libc compatible `malloc' function, and + to 0 otherwise. */ +#define HAVE_MALLOC 1 + +/* Define to 1 if you have the `memchr' function. */ +#define HAVE_MEMCHR 1 + +/* Define to 1 if you have the `memmove' function. */ +#define HAVE_MEMMOVE 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_MEMORY_H 1 + +/* Define to 1 if you have the `memset' function. */ +#define HAVE_MEMSET 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_NETDB_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET6_IN6_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET6_IN6_VAR_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET6_ND6_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_NETINET_ICMP6_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IN6_VAR_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_NETINET_IN_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_NETINET_IN_SYSTM_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IN_VAR_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_NETINET_IP_ICMP_H 1 + +/* netlink */ +#define HAVE_NETLINK + +/* Net SNMP */ +/* #undef HAVE_NETSNMP */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NET_IF_DL_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_NET_IF_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NET_IF_VAR_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NET_NETOPT_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_NET_ROUTE_H 1 + +/* NET_RT_IFLIST */ +/* #undef HAVE_NET_RT_IFLIST */ + +/* OSPF Opaque LSA */ +#define HAVE_OPAQUE_LSA + +/* Have openpam.h */ +/* #undef HAVE_OPENPAM_H */ + +/* OSPF TE */ +#define HAVE_OSPF_TE + +/* Have pam_misc.h */ +#define HAVE_PAM_MISC_H + +/* Define to 1 if you have the `pow' function. */ +#define HAVE_POW 1 + +/* Solaris printstack */ +/* #undef HAVE_PRINTSTACK */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_PRIV_H */ + +/* /proc/net/dev */ +#define HAVE_PROC_NET_DEV + +/* /proc/net/if_inet6 */ +#define HAVE_PROC_NET_IF_INET6 + +/* prctl */ +#define HAVE_PR_SET_KEEPCAPS + +/* Define to 1 if your system has a GNU libc compatible `realloc' function, + and to 0 otherwise. */ +#define HAVE_REALLOC 1 + +/* Enable IPv6 Routing Advertisement support */ +#define HAVE_RTADV + +/* rusage */ +#define HAVE_RUSAGE + +/* Define to 1 if you have the `select' function. */ +#define HAVE_SELECT 1 + +/* Have setproctitle */ +/* #undef HAVE_SETPROCTITLE */ + +/* Define to 1 if you have the header file. */ +#define HAVE_SIGNAL_H 1 + +/* SNMP */ +/* #undef HAVE_SNMP */ + +/* Define to 1 if you have the `snprintf' function. */ +#define HAVE_SNPRINTF 1 + +/* Define to 1 if you have the `socket' function. */ +#define HAVE_SOCKET 1 + +/* Define to 1 if the system has the type `socklen_t'. */ +#define HAVE_SOCKLEN_T 1 + +/* getpflags */ +/* #undef HAVE_SOLARIS_CAPABILITIES */ + +/* Stack symbol decoding */ +#define HAVE_STACK_TRACE + +/* Define to 1 if `stat' has the bug that it succeeds when given the + zero-length file name argument. */ +/* #undef HAVE_STAT_EMPTY_STRING_BUG */ + +/* Define to 1 if you have the header file. */ +#define HAVE_STDDEF_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDINT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the `strcasecmp' function. */ +#define HAVE_STRCASECMP 1 + +/* Define to 1 if you have the `strchr' function. */ +#define HAVE_STRCHR 1 + +/* Define to 1 if you have the `strcspn' function. */ +#define HAVE_STRCSPN 1 + +/* Define to 1 if you have the `strdup' function. */ +#define HAVE_STRDUP 1 + +/* Define to 1 if you have the `strerror' function. */ +#define HAVE_STRERROR 1 + +/* Define to 1 if you have the `strftime' function. */ +#define HAVE_STRFTIME 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRINGS_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the `strlcat' function. */ +/* #undef HAVE_STRLCAT */ + +/* Define to 1 if you have the `strlcpy' function. */ +/* #undef HAVE_STRLCPY */ + +/* Define to 1 if you have the `strncasecmp' function. */ +#define HAVE_STRNCASECMP 1 + +/* Define to 1 if you have the `strndup' function. */ +#define HAVE_STRNDUP 1 + +/* Define to 1 if you have the `strnlen' function. */ +#define HAVE_STRNLEN 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STROPTS_H 1 + +/* Define to 1 if you have the `strrchr' function. */ +#define HAVE_STRRCHR 1 + +/* Define to 1 if you have the `strspn' function. */ +#define HAVE_STRSPN 1 + +/* Define to 1 if you have the `strstr' function. */ +#define HAVE_STRSTR 1 + +/* Define to 1 if you have the `strtol' function. */ +#define HAVE_STRTOL 1 + +/* Define to 1 if you have the `strtoul' function. */ +#define HAVE_STRTOUL 1 + +/* Define to 1 if the system has the type `struct icmphdr'. */ +#define HAVE_STRUCT_ICMPHDR 1 + +/* Define to 1 if the system has the type `struct if6_aliasreq'. */ +/* #undef HAVE_STRUCT_IF6_ALIASREQ */ + +/* Define to 1 if `ifra_lifetime' is member of `struct if6_aliasreq'. */ +/* #undef HAVE_STRUCT_IF6_ALIASREQ_IFRA_LIFETIME */ + +/* Define to 1 if the system has the type `struct ifaliasreq'. */ +/* #undef HAVE_STRUCT_IFALIASREQ */ + +/* Define to 1 if `ifm_status' is member of `struct ifmediareq'. */ +/* #undef HAVE_STRUCT_IFMEDIAREQ_IFM_STATUS */ + +/* Define to 1 if the system has the type `struct in6_aliasreq'. */ +/* #undef HAVE_STRUCT_IN6_ALIASREQ */ + +/* Define to 1 if the system has the type `struct in_pktinfo'. */ +#define HAVE_STRUCT_IN_PKTINFO 1 + +/* Define to 1 if `imr_ifindex' is member of `struct ip_mreqn'. */ +#define HAVE_STRUCT_IP_MREQN_IMR_IFINDEX 1 + +/* Define to 1 if the system has the type `struct nd_opt_adv_interval'. */ +#define HAVE_STRUCT_ND_OPT_ADV_INTERVAL 1 + +/* Define to 1 if `nd_opt_ai_type' is member of `struct nd_opt_adv_interval'. + */ +/* #undef HAVE_STRUCT_ND_OPT_ADV_INTERVAL_ND_OPT_AI_TYPE */ + +/* Define to 1 if the system has the type `struct nd_opt_homeagent_info'. */ +/* #undef HAVE_STRUCT_ND_OPT_HOMEAGENT_INFO */ + +/* Define to 1 if the system has the type `struct rt_addrinfo'. */ +/* #undef HAVE_STRUCT_RT_ADDRINFO */ + +/* Define to 1 if the system has the type `struct sockaddr'. */ +#define HAVE_STRUCT_SOCKADDR 1 + +/* Define to 1 if the system has the type `struct sockaddr_dl'. */ +/* #undef HAVE_STRUCT_SOCKADDR_DL */ + +/* Define to 1 if the system has the type `struct sockaddr_in'. */ +#define HAVE_STRUCT_SOCKADDR_IN 1 + +/* Define to 1 if the system has the type `struct sockaddr_in6'. */ +#define HAVE_STRUCT_SOCKADDR_IN6 1 + +/* Define to 1 if `sin6_scope_id' is member of `struct sockaddr_in6'. */ +#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1 + +/* Define to 1 if `sin_len' is member of `struct sockaddr_in'. */ +/* #undef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */ + +/* Define to 1 if `sa_len' is member of `struct sockaddr'. */ +/* #undef HAVE_STRUCT_SOCKADDR_SA_LEN */ + +/* Define to 1 if the system has the type `struct sockaddr_un'. */ +#define HAVE_STRUCT_SOCKADDR_UN 1 + +/* Define to 1 if `sun_len' is member of `struct sockaddr_un'. */ +/* #undef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN */ + +/* Define to 1 if you have the header file. */ +#define HAVE_SYSLOG_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_CAPABILITY_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_CONF_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_IOCTL_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_KSYM_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_PARAM_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_SELECT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_SOCKET_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_SOCKIO_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_SYSCTL_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_TIMES_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_TIME_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_TYPES_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_UN_H 1 + +/* Define to 1 if you have that is POSIX.1 compatible. */ +#define HAVE_SYS_WAIT_H 1 + +/* Enable TCP MD5 Signatures */ +#define HAVE_TCP_MD5SIG 1 + +/* Use TCP for zebra communication */ +/* #undef HAVE_TCP_ZEBRA */ + +/* Define to 1 if you have the header file. */ +#define HAVE_UCONTEXT_H 1 + +/* Define to 1 if you have the `uname' function. */ +#define HAVE_UNAME 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_UNISTD_H 1 + +/* Define to 1 if you have the `vfork' function. */ +#define HAVE_VFORK 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_VFORK_H */ + +/* Define to 1 if you have the `vprintf' function. */ +#define HAVE_VPRINTF 1 + +/* Define to 1 if you have the `vsnprintf' function. */ +#define HAVE_VSNPRINTF 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_WCHAR_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_WCTYPE_H 1 + +/* Define to 1 if `fork' works. */ +#define HAVE_WORKING_FORK 1 + +/* Define to 1 if `vfork' works. */ +#define HAVE_WORKING_VFORK 1 + +/* INRIA IPv6 */ +/* #undef INRIA_IPV6 */ + +/* IRIX 6.5 */ +/* #undef IRIX_65 */ + +/* isisd vty socket */ +#define ISIS_VTYSH_PATH "/var/run/quagga/isisd.vty" + +/* KAME IPv6 stack */ +/* #undef KAME */ + +/* Linux IPv6 stack */ +#define LINUX_IPV6 1 + +/* Mask for log files */ +#define LOGFILE_MASK 0640 + +/* Define to 1 if `lstat' dereferences a symlink specified with a trailing + slash. */ +#define LSTAT_FOLLOWS_SLASHED_SYMLINK 1 + +/* Musica IPv6 stack */ +/* #undef MUSICA */ + +/* NRL */ +/* #undef NRL */ + +/* OpenBSD */ +/* #undef OPEN_BSD */ + +/* ospf6d vty socket */ +#define OSPF6_VTYSH_PATH "/var/run/quagga/ospf6d.vty" + +/* ospfd vty socket */ +#define OSPF_VTYSH_PATH "/var/run/quagga/ospfd.vty" + +/* Name of package */ +#define PACKAGE "quagga" + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "http://bugzilla.quagga.net" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "Quagga" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "Quagga 0.99.10" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "quagga" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "0.99.10" + +/* Have openpam_ttyconv */ +#define PAM_CONV_FUNC misc_conv + +/* bgpd PID */ +#define PATH_BGPD_PID "/var/run/quagga/bgpd.pid" + +/* isisd PID */ +#define PATH_ISISD_PID "/var/run/quagga/isisd.pid" + +/* ospf6d PID */ +#define PATH_OSPF6D_PID "/var/run/quagga/ospf6d.pid" + +/* ospfd PID */ +#define PATH_OSPFD_PID "/var/run/quagga/ospfd.pid" + +/* ripd PID */ +#define PATH_RIPD_PID "/var/run/quagga/ripd.pid" + +/* ripngd PID */ +#define PATH_RIPNGD_PID "/var/run/quagga/ripngd.pid" + +/* watchquagga PID */ +#define PATH_WATCHQUAGGA_PID "/var/run/quagga/watchquagga.pid" + +/* zebra PID */ +#define PATH_ZEBRA_PID "/var/run/quagga/zebra.pid" + +/* Quagga Group */ +#define QUAGGA_GROUP "quagga" + +/* Hide deprecated interfaces */ +#define QUAGGA_NO_DEPRECATED_INTERFACES 1 + +/* Quagga User */ +#define QUAGGA_USER "quagga" + +/* Define as the return type of signal handlers (`int' or `void'). */ +#define RETSIGTYPE void + +/* ripng vty socket */ +#define RIPNG_VTYSH_PATH "/var/run/quagga/ripngd.vty" + +/* rip vty socket */ +#define RIP_VTYSH_PATH "/var/run/quagga/ripd.vty" + +/* Define to the type of arg 1 for `select'. */ +#define SELECT_TYPE_ARG1 int + +/* Define to the type of args 2, 3 and 4 for `select'. */ +#define SELECT_TYPE_ARG234 (fd_set *) + +/* Define to the type of arg 5 for `select'. */ +#define SELECT_TYPE_ARG5 (struct timeval *) + +/* Solaris IPv6 */ +/* #undef SOLARIS_IPV6 */ + +/* Define to 1 if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* SunOS 5 */ +/* #undef SUNOS_5 */ + +/* SunOS 5.6 to 5.7 */ +/* #undef SUNOS_56 */ + +/* SunOS 5.8 up */ +/* #undef SUNOS_59 */ + +/* OSPFAPI */ +#define SUPPORT_OSPF_API + +/* Define to 1 if you can safely include both and . */ +#define TIME_WITH_SYS_TIME 1 + +/* Define to 1 if your declares `struct tm'. */ +/* #undef TM_IN_SYS_TIME */ + +/* Enable IS-IS topology generator code */ +/* #undef TOPOLOGY_GENERATE */ + +/* Use PAM for authentication */ +#define USE_PAM + +/* Version number of package */ +#define VERSION "0.99.10" + +/* VTY shell */ +#define VTYSH + +/* VTY Sockets Group */ +#define VTY_GROUP "quaggavty" + +/* Define to 1 if your processor stores words with the most significant byte + first (like Motorola and SPARC, unlike Intel and VAX). */ +/* #undef WORDS_BIGENDIAN */ + +/* zebra api socket */ +#define ZEBRA_SERV_PATH "/var/run/quagga/zserv.api" + +/* zebra vty socket */ +#define ZEBRA_VTYSH_PATH "/var/run/quagga/zebra.vty" + +/* Define to 1 if on AIX 3. + System headers sometimes define this. + We just want to avoid a redefinition error message. */ +#ifndef _ALL_SOURCE +/* # undef _ALL_SOURCE */ +#endif + +/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE 1 +#endif + +/* Define to empty if `const' does not conform to ANSI C. */ +/* #undef const */ + +/* Define to `int' if doesn't define. */ +/* #undef gid_t */ + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +/* #undef inline */ +#endif + +/* Define to rpl_malloc if the replacement function should be used. */ +/* #undef malloc */ + +/* Define to `int' if does not define. */ +/* #undef mode_t */ + +/* Define to `int' if does not define. */ +/* #undef pid_t */ + +/* Define to rpl_realloc if the replacement function should be used. */ +/* #undef realloc */ + +/* Define to equivalent of C99 restrict keyword, or to nothing if this is not + supported. Do not define if restrict is supported directly. */ +/* #undef restrict */ + +/* Old readline */ +/* #undef rl_completion_matches */ + +/* Define to `unsigned int' if does not define. */ +/* #undef size_t */ + +/* Define to `int' if doesn't define. */ +/* #undef uid_t */ + +/* Define as `fork' if `vfork' does not work. */ +/* #undef vfork */ + +/* Define to empty if the keyword `volatile' does not work. Warning: valid + code using `volatile' can become incorrect without. Disable with care. */ +/* #undef volatile */ --- quagga-0.99.10.orig/debian/quagga.manpages +++ quagga-0.99.10/debian/quagga.manpages @@ -0,0 +1,8 @@ +doc/bgpd.8 +doc/ospf6d.8 +doc/ospfd.8 +doc/ripd.8 +doc/ripngd.8 +doc/vtysh.1 +doc/zebra.8 +doc/isisd.8 --- quagga-0.99.10.orig/debian/quagga.init.d +++ quagga-0.99.10/debian/quagga.init.d @@ -0,0 +1,256 @@ +#!/bin/bash +# +### BEGIN INIT INFO +# Provides: quagga +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: start and stop the Quagga routing suite +# Description: Quagga is a routing suite for IP routing protocols like +# BGP, OSPF, RIP and others. This script contols the main +# daemon "quagga" as well as the individual protocol daemons. +### END INIT INFO +# + +PATH=/bin:/usr/bin:/sbin:/usr/sbin +D_PATH=/usr/lib/quagga +C_PATH=/etc/quagga +DAEMONS="zebra bgpd ripd ripngd ospfd ospf6d isisd" # keep zebra first! + +# Print the name of the pidfile. +pidfile() +{ + echo "/var/run/quagga/$1.pid" +} + +# Check if daemon is started by using the pidfile. +started() +{ + [ -e `pidfile $1` ] && kill -0 `cat \`pidfile $1\`` 2> /dev/null && return 0 + return 1 +} + +# Loads the config via vtysh -b if configured to do so. +vtysh_b () +{ + # Rember, that all variables have been incremented by 1 in convert_daemon_prios() + if [ "$vtysh_enable" = 2 -a -f $C_PATH/Quagga.conf ]; then + /usr/bin/vtysh -b + fi +} + +# Check if the daemon is activated and if its executable and config files +# are in place. +# params: daemon name +# returns: 0=ok, 1=error +check_daemon() +{ + # If the integrated config file is used the others are not checked. + if [ -r "$C_PATH/Quagga.conf" ]; then + return 0 + fi + + # vtysh_enable has no config file nor binary so skip check. + # (What is this good for? IIRC it was a "daemons" entry somewhen) + if [ $1 != "vtysh_enable" ]; then + # check for daemon binary + if [ ! -x "$D_PATH/$1" ]; then return 1; fi + + # check for config file + if [ ! -r "$C_PATH/$1.conf" ]; then + echo -n " (not started without config file)" + return 1 + fi + fi + return 0 +} + +# Starts the server if it's not alrady running according to the pid file. +# The Quagga daemons creates the pidfile when starting. +start() +{ + echo -n " $1" + if ! check_daemon $1; then return; fi + + start-stop-daemon \ + --start \ + --pidfile=`pidfile $1` \ + --exec "$D_PATH/$1" \ + -- \ + `eval echo "$""$1""_options"` + +} + +# Stop the daemon given in the parameter, printing its name to the terminal. +stop() +{ + if ! started "$1" ; then + echo -n " ($1)" + return 0 + else + PIDFILE=`pidfile $1` + PID=`cat $PIDFILE 2>/dev/null` + start-stop-daemon --stop --quiet --oknodo --exec "$D_PATH/$1" + # + # Now we have to wait until $DAEMON has _really_ stopped. + # + if test -n "$PID" && kill -0 $PID 2>/dev/null; then + echo -n " (waiting) ." + cnt=0 + while kill -0 $PID 2>/dev/null; do + cnt=`expr $cnt + 1` + if [ $cnt -gt 60 ]; then + # Waited 120 secs now, fail. + echo -n "Failed.. " + break + fi + sleep 2 + echo -n "." + done + fi + echo -n " $1" + rm -f `pidfile $1` + fi +} + +# Converts values from /etc/quagga/daemons to all-numeric values. +convert_daemon_prios() +{ + for name in $DAEMONS zebra vtysh_enable; do + # First, assign the value set by the user to $value + eval value=\$$name + + # Daemon not activated or entry missing? + if [ "$value" = "no" -o "$value" = "" ]; then value=0; fi + + # These strings parsed for backwards compatibility. + if [ "$value" = "yes" -o "$value" = "true" ]; then value=1; fi + + # Zebra is threatened special. It must be between 0=off and the first + # user assigned value "1" so we increase all other enabled daemons' values. + if [ "$name" != "zebra" -a "$value" -gt 0 ]; then value=`expr "$value" + 1`; fi + + # If e.g. name is zebra then we set "zebra=yes". + eval $name=$value + done +} + +# Stops all daemons that have a lower level of priority than the given. +# (technically if daemon_prio >= wanted_prio) +stop_prio() +{ + local wanted_prio + local daemon_prio + local daemon_list + + wanted_prio=$1 + daemon_list=${2:-$DAEMONS} + + echo -n "Stopping Quagga daemons (prio:$wanted_prio):" + + for prio_i in `seq 10 -1 $wanted_prio`; do + for daemon_name in $daemon_list; do + eval daemon_prio=\$$daemon_name + if [ $daemon_prio -eq $prio_i ]; then + stop "$daemon_name" + fi + done + done + echo "." +} + +# Starts all daemons that have a higher level of priority than the given. +# (technically if daemon_prio <= wanted_prio) +start_prio() +{ + local wanted_prio + local daemon_prio + local daemon_list + + wanted_prio=$1 + daemon_list=${2:-$DAEMONS} + + echo -n "Starting Quagga daemons (prio:$wanted_prio):" + + for prio_i in `seq 1 $wanted_prio`; do + for daemon_name in $daemon_list; do + eval daemon_prio=\$$daemon_name + if [ $daemon_prio -eq $prio_i ]; then + start "$daemon_name" + fi + done + done + echo "." +} + +######################################################### +# Main program # +######################################################### + +# Config broken but script must exit silently. +[ ! -r "$C_PATH/daemons" ] && exit 0 + +# Load configuration +. "$C_PATH/daemons" +. "$C_PATH/debian.conf" + +# Set priority of un-startable daemons to 'no' and substitute 'yes' to '0' +convert_daemon_prios + +# Just for me :-) +if [ "$DEBIAN_SCRIPT_DEBUG" != "" ]; then + for name in $DAEMONS zebra vtysh_enable; do + echo -n "$name="; eval echo \$$name + done +fi + +if [ ! -d /var/run/quagga ]; then + mkdir -p /var/run/quagga + chown quagga:quagga /var/run/quagga + chmod 755 /var/run/quagga +fi + +case "$1" in + start) + # Try to load this necessary (at least for 2.6) module. + if [ -d /lib/modules/`uname -r` ] ; then + echo "Loading capability module if not yet done." + set +e; LC_ALL=C modprobe -a capability 2>&1 | egrep -v "(not found|Can't locate)"; set -e + fi + # Start all daemons + cd $C_PATH/ + start_prio 10 $2 + vtysh_b + ;; + + 1|2|3|4|5|6|7|8|9|10) + # Stop/start daemons for the appropriate priority level + stop_prio $1 + start_prio $1 + vtysh_b + ;; + + stop|0) + # Stop all daemons at level '0' or 'stop' + stop_prio 0 $2 + + echo "Removing all routes made by zebra." + ip route flush proto zebra + ;; + + restart|force-reload) + $0 stop $2 + sleep 1 + $0 start $2 + ;; + + *) + echo "Usage: /etc/init.d/quagga {start|stop|restart|force-reload|} [daemon]" + echo " E.g. '/etc/init.d/quagga 5' would start all daemons with a prio 1-5." + echo " Read /usr/share/doc/quagga/README.Debian for details." + exit 1 + ;; +esac + +exit 0 --- quagga-0.99.10.orig/debian/quagga.pam +++ quagga-0.99.10/debian/quagga.pam @@ -0,0 +1,3 @@ +# Any user may call vtysh but only those belonging to the group quaggavty can +# actually connect to the socket and use the program. +auth sufficient pam_permit.so --- quagga-0.99.10.orig/debian/compat +++ quagga-0.99.10/debian/compat @@ -0,0 +1 @@ +4 --- quagga-0.99.10.orig/debian/quagga.docs +++ quagga-0.99.10/debian/quagga.docs @@ -0,0 +1,4 @@ +tools +debian/README.Debian +debian/README.Debian.Woody +debian/README.Debian.MD5 --- quagga-0.99.10.orig/debian/quagga.config +++ quagga-0.99.10/debian/quagga.config @@ -0,0 +1,4 @@ +#!/bin/bash -e + +. /usr/share/debconf/confmodule + --- quagga-0.99.10.orig/debian/quagga-doc.files +++ quagga-0.99.10/debian/quagga-doc.files @@ -0,0 +1 @@ +usr/share/info --- quagga-0.99.10.orig/debian/quagga.templates +++ quagga-0.99.10/debian/quagga.templates @@ -0,0 +1,6 @@ +Template: quagga/really_stop +Type: boolean +Default: false +_Description: Do you really want to stop the Quagga daemon? + WARNING: The Quagga routing daemon has to be stopped to proceed. This + could lead to BGP flaps or loss of network connectivity. --- quagga-0.99.10.orig/debian/quagga.files +++ quagga-0.99.10/debian/quagga.files @@ -0,0 +1,16 @@ +etc/quagga/ +usr/bin/vtysh +usr/include/quagga/ +usr/lib/ +usr/share/doc/quagga/ +usr/share/lintian/overrides/ +usr/share/man/man1/vtysh.1 +usr/share/man/man8 +usr/share/man/man8/bgpd.8 +usr/share/man/man8/ospf6d.8 +usr/share/man/man8/ospfd.8 +usr/share/man/man8/ripd.8 +usr/share/man/man8/ripngd.8 +usr/share/man/man8/zebra.8 +usr/share/man/man8/isisd.8 +usr/share/snmp/mibs/ --- quagga-0.99.10.orig/debian/changelog +++ quagga-0.99.10/debian/changelog @@ -0,0 +1,904 @@ +quagga (0.99.10-1~bpo40+1) etch-backports; urgency=medium + + * Etch Backport. + + -- Christian Hammers Sun, 20 Jul 2008 16:58:25 +0200 + +quagga (0.99.10-1) unstable; urgency=medium + + * New upstream release + + bgpd: 4-Byte AS Number support + + Sessions were incorrectly reset if a partial AS-Pathlimit attribute + was received. + + Advertisement of Multi-Protocol prefixes (i.e. non-IPv4) had been + broken in the 0.99.9 release. Closes: #467656 + + -- Christian Hammers Tue, 08 Jul 2008 23:32:42 +0200 + +quagga (0.99.9-6) unstable; urgency=low + + * Fixed FTBFS by adding a build-dep to libpcre3-dev (thanks to Luk Claes). + Closes: #469891 + + -- Christian Hammers Sat, 12 Apr 2008 12:53:51 +0200 + +quagga (0.99.9-5) unstable; urgency=low + + * C.J. Adams-Collier and Paul Jakma suggested to build against libpcre3 + which is supposed to be faster. + + -- Christian Hammers Sun, 02 Mar 2008 13:19:42 +0100 + +quagga (0.99.9-4) unstable; urgency=low + + * Added hardening-wrapper to the build-deps (thanks to Moritz Muehlenhoff). + + -- Christian Hammers Tue, 29 Jan 2008 22:33:56 +0100 + +quagga (0.99.9-3) unstable; urgency=low + + * Replaced the BGP patch by a new one so that the package builds again + with kernels above 2.6.21! + * debian/control: + + Moved quagga-doc to section doc to make lintian happy. + * Added Spanish debconf translation (thanks to Carlos Galisteo de Cabo). + Closes: #428574 + * debian/control: (thanks to Marco Rodrigues) + + Bump Standards-Version to 3.7.3 (no changes needed). + + Add Homepage field. + + -- Christian Hammers Mon, 28 Jan 2008 22:29:18 +0100 + +quagga (0.99.9-2.1) unstable; urgency=low + + * Non-maintainer upload. + * debian/rules: fixed bashisms. (Closes: #459122) + + -- Miguel Angel Ruiz Manzano Tue, 22 Jan 2008 14:37:21 -0300 + +quagga (0.99.9-2) unstable; urgency=low + + * Added CVE id for the security bug to the last changelog entry. + Closes: 442133 + + -- Christian Hammers Tue, 25 Sep 2007 22:01:31 +0200 + +quagga (0.99.9-1) unstable; urgency=high + + * SECURITY: + "This release fixes two potential DoS conditions in bgpd, reported by Mu + Security, where a bgpd could be crashed if a peer sent a malformed OPEN + message or a malformed COMMUNITY attribute. Only configured peers can do + this, hence we consider these issues to be very low impact." CVE-2007-4826 + + -- Christian Hammers Wed, 12 Sep 2007 21:12:41 +0200 + +quagga (0.99.8-1) unstable; urgency=low + + * New upstream version. + + -- Christian Hammers Fri, 17 Aug 2007 00:07:04 +0200 + +quagga (0.99.7-3) unstable; urgency=medium + + * Applied patch for FTBFS with linux-libc-dev (thanks to Andrew J. Schorr + and Lucas Nussbaum). Closes: #429003 + + -- Christian Hammers Fri, 22 Jun 2007 21:34:55 +0200 + +quagga (0.99.7-2) unstable; urgency=low + + * Added Florian Weimar as co-maintainer. Closes: 421977 + * Added Dutch debconf translation (thanks to Bart Cornelis). + Closes: #420932 + * Added Portuguese debconf translation (thanks to Rui Branco). + Closes: #421185 + * Improved package description (thanks to Reuben Thomas). + Closes: #418933 + * Added CVE Id to 0.99.6-5 changelog entry. + + -- Christian Hammers Wed, 02 May 2007 20:27:12 +0200 + +quagga (0.99.7-1) unstable; urgency=low + + * New upstream release. Closes: #421553 + + -- Christian Hammers Mon, 30 Apr 2007 14:22:34 +0200 + +quagga (0.99.6-6) unstable; urgency=medium + + * Fixes FTBFS with tetex-live. Closes: #420468 + + -- Christian Hammers Mon, 23 Apr 2007 21:34:13 +0200 + +quagga (0.99.6-5) unstable; urgency=high + + * SECURITY: + The bgpd daemon was vulnerable to a Denial-of-Service. Configured peers + could cause a Quagga bgpd to, typically, assert() and abort. The DoS + could be triggered by peers by sending an UPDATE message with a crafted, + malformed Multi-Protocol reachable/unreachable NLRI attribute. + This is CVE-2007-1995 and Quagga Bug#354. Closes: #418323 + + -- Christian Hammers Thu, 12 Apr 2007 23:21:58 +0200 + +quagga (0.99.6-4) unstable; urgency=low + + * Improved note in README.Debian for SNMP self-builders (thanks to Matthias + Wamser). Closes: #414788 + + -- Christian Hammers Wed, 14 Mar 2007 02:18:57 +0100 + +quagga (0.99.6-3) unstable; urgency=low + + * Updated German Debconf translation (thanks to Matthias Julius). + Closes: #409327 + + -- Christian Hammers Sat, 10 Feb 2007 15:06:16 +0100 + +quagga (0.99.6-2) unstable; urgency=low + + * Updated config.guess/config.sub as suggested by lintian. + * Corrected README.Debian text regarding the WANT_SNMP flag. + + -- Christian Hammers Sun, 17 Dec 2006 01:45:37 +0100 + +quagga (0.99.6-1) unstable; urgency=low + + * New upstream release. Closes: #402361 + + -- Christian Hammers Mon, 11 Dec 2006 00:28:09 +0100 + +quagga (0.99.5-5) unstable; urgency=high + + * Changed Depends on adduser to Pre-Depends to avoid uninstallability + in certain cases (thanks to Steve Langasek, Lucas Nussbaum). + Closes: #398562 + + -- Christian Hammers Wed, 15 Nov 2006 17:46:34 +0100 + +quagga (0.99.5-4) unstable; urgency=low + + * Added default PAM file and some explanations regarding PAM authentication + of vtysh which could prevent the start at boot-time when used wrong. + Now PAM permits anybody to access the vtysh tool (a malicious user could + build his own vtysh without PAM anyway) and the access is controled by + the read/write permissions of the vtysh socket which are only granted to + users belonging to the quaggavty group (thanks to Wakko Warner). + Closes: #389496 + * Added "case" to prerm script so that the Debconf question is not called a + second time in e.g. "new-prerm abort-upgrade" after being NACKed in the + old-prerm. + + -- Christian Hammers Fri, 3 Nov 2006 01:22:15 +0100 + +quagga (0.99.5-3) unstable; urgency=medium + + * Backport CVS fix for an OSPF DD Exchange regression (thanks to Matt + Brown). Closes: #391040 + + -- Christian Hammers Wed, 25 Oct 2006 19:47:11 +0200 + +quagga (0.99.5-2) unstable; urgency=medium + + * Added LSB info section to initscript. + * Removed unnecessary depends to libncurses5 to make checklib happy. + The one to libcap should remain though as it is just temporarily + unused. + + -- Christian Hammers Thu, 21 Sep 2006 00:04:07 +0200 + +quagga (0.99.5-1) unstable; urgency=low + + * New upstream release. Closes: #38704 + * Upstream fixes ospfd documentary inconsistency. Closes: #347897 + * Changed debconf question in prerm to "high" (thanks to Rafal Pietrak). + + -- Christian Hammers Mon, 11 Sep 2006 23:43:42 +0200 + +quagga (0.99.4-4) unstable; urgency=low + + * Recreate /var/run if not present because /var is e.g. on a tmpfs + filesystem (thanks to Martin Pitt). Closes: #376142 + * Removed nonexistant option from ospfd.8 manpage (thanks to + David Medberry). Closes: 378274 + + -- Christian Hammers Sat, 15 Jul 2006 20:22:12 +0200 + +quagga (0.99.4-3) unstable; urgency=low + + * Removed invalid semicolon from rules file (thanks to Philippe Gramoulle). + + -- Christian Hammers Tue, 27 Jun 2006 23:36:07 +0200 + +quagga (0.99.4-2) unstable; urgency=high + + * Set urgency to high as 0.99.4-1 fixes a security problem! + * Fixed building of the info file. + + -- Christian Hammers Sun, 14 May 2006 23:04:28 +0200 + +quagga (0.99.4-1) unstable; urgency=low + + * New upstream release to fix a security problem in the telnet interface + of the BGP daemon which could be used for DoS attacks (CVE-2006-2276). + Closes: 366980 + + -- Christian Hammers Sat, 13 May 2006 19:54:40 +0200 + +quagga (0.99.3-3) unstable; urgency=low + + * Added CVE numbers for the security patch in 0.99.3-2. + + -- Christian Hammers Sat, 6 May 2006 17:14:22 +0200 + +quagga (0.99.3-2) unstable; urgency=high + + * SECURITY: + Added security bugfix patch from upstream BTS for security problem + that could lead to injected routes when using RIPv1. + CVE-2006-2223 - missing configuration to disable RIPv1 or require + plaintext or MD5 authentication + CVE-2006-2224 - lack of enforcement of RIPv2 authentication requirements + Closes: #365940 + * First amd64 upload. + + -- Christian Hammers Thu, 4 May 2006 00:22:09 +0200 + +quagga (0.99.3-1) unstable; urgency=low + + * New upstream release + + -- Christian Hammers Wed, 25 Jan 2006 13:37:27 +0100 + +quagga (0.99.2-1) unstable; urgency=low + + * New upstream release + Closes: #330248, #175553 + + -- Christian Hammers Wed, 16 Nov 2005 00:25:52 +0100 + +quagga (0.99.1-7) unstable; urgency=low + + * Changed debian/rules check for mounted /proc directory to check + for /proc/1 as not all systems (e.g. 2.6 arm kernels) have + /proc/kcore which is a optional feature only (thanks to Lennert + Buytenhek). Closes: #335695 + * Added Swedish Debconf translation (thanks to Daniel Nylander). + Closes: #331367 + + -- Christian Hammers Thu, 27 Oct 2005 20:53:19 +0200 + +quagga (0.99.1-6) unstable; urgency=low + + * Fixed debconf dependency as requested by Joey Hess. + + -- Christian Hammers Mon, 26 Sep 2005 20:47:35 +0200 + +quagga (0.99.1-5) unstable; urgency=low + + * Rebuild with libreadline5-dev as build-dep as requested by + Matthias Klose. Closes: #326306 + * Made initscript more fault tolerant against missing lines in + /etc/quagga/daemons (thanks to Ralf Hildebrandt). Closes: #323774 + * Added dependency to adduser. + + -- Christian Hammers Tue, 13 Sep 2005 21:42:17 +0200 + +quagga (0.99.1-4) unstable; urgency=low + + * Added French Debconf translation (thanks to Mohammed Adnene Trojette). + Closes: #319324 + * Added Czech Debconf translation (thanks to Miroslav Kure). + Closes: #318127 + + -- Christian Hammers Sun, 31 Jul 2005 04:19:41 +0200 + +quagga (0.99.1-3) unstable; urgency=low + + * A Debconf question now asks the admin before upgrading if the daemon + should really be stopped as this could lead to the loss of network + connectivity or BGP flaps (thanks to Michael Horn and Achilleas Kotsis). + Also added a hint about setting Quagga "on hold" to README.Debian. + Closes: #315467 + * Added patch to build on Linux/ARM. + + -- Christian Hammers Sun, 10 Jul 2005 22:19:38 +0200 + +quagga (0.99.1-2) unstable; urgency=low + + * Fixed SNMP enabled command in debian/rules (thanks to Christoph Kluenter). + Closes: #306840 + + -- Christian Hammers Sat, 4 Jun 2005 14:04:01 +0200 + +quagga (0.99.1-1) unstable; urgency=low + + * New upstream version. Among others: + - BGP graceful restart and "match ip route-source" added + - support for interface renaming + - improved threading for better responsivness under load + * Switched to dpatch to make diffs cleaner. + * Made autoreconf unnecessary. + * Replaced quagga.dvi and quagga.ps by quagga.pdf in quagga-doc. + (the PostScript would have needed Makefile corrections and PDF + is more preferable anyway) + * Added isisd to the list of daemons in /etc/init.d/quagga (thanks + to Ernesto Elbe). + * Added hint for "netlink-listen: overrun" messages (thanks to + Hasso Tepper). + * Added preinst check that bails out if old smux options are in use + as Quagga would not start up else anyway (thanks to Bjorn Mork). + Closes: #308320 + + -- Christian Hammers Fri, 13 May 2005 01:18:24 +0200 + +quagga (0.98.3-7) unstable; urgency=high + + * Removed SNMP support as linking against NetSNMP introduced a dependency + to OpenSSL which is not compatible to the GPL which governs this + application (thanks to Faidon Liambotis). See README.Debian for more + information. Closes: #306840 + * Changed listening address of ospf6d and ripngd from 127.0.0.1 to "::1". + * Added build-dep to groff to let drafz-zebra-00.txt build correctly. + + -- Christian Hammers Wed, 4 May 2005 20:08:14 +0200 + +quagga (0.98.3-6) testing-proposed-updates; urgency=high + + * Removed "Recommends kernel-image-2.4" as aptitude then + installes a kernel-image for an arbitrary architecture as long + as it fullfill that recommendation which can obviously fatal + at the next reboot :) Also it is a violation of the policy + which mandates a reference to real packages (thanks to Holger Levsen). + Closes: #307281 + + -- Christian Hammers Tue, 3 May 2005 22:53:39 +0200 + +quagga (0.98.3-5) unstable; urgency=high + + * The patch which tried to remove the OpenSSL dependency, which is + not only unneccessary but also a violation of the licence and thus RC, + stopped working a while ago, since autoreconf is no longer run before + building the binaries. So now ./configure is patched directly (thanks + to Faidon Liambotis for reporting). Closes: #306840 + * Raised Debhelper compatibility level from 3 to 4. Nothing changed. + * Added build-dep to texinfo (>= 4.7) to ease work for www.backports.org. + + -- Christian Hammers Fri, 29 Apr 2005 02:31:03 +0200 + +quagga (0.98.3-4) unstable; urgency=low + + * Removed Debconf upgrade note as it was considered a Debconf abuse + and apart from that so obvious that it was not even worth to be + put into NEWS.Debian (thanks to Steve Langasek). Closes: #306384 + + -- Christian Hammers Wed, 27 Apr 2005 00:10:24 +0200 + +quagga (0.98.3-3) unstable; urgency=medium + + * Adding the debconf module due to a lintian suggestion is a very + bad idea if no db_stop is called as the script hangs then (thanks + to Tore Anderson for reporting). Closes: #306324 + + -- Christian Hammers Mon, 25 Apr 2005 21:55:58 +0200 + +quagga (0.98.3-2) unstable; urgency=low + + * Added debconf confmodule to postinst as lintian suggested. + + -- Christian Hammers Sun, 24 Apr 2005 13:16:00 +0200 + +quagga (0.98.3-1) unstable; urgency=low + + * New upstream release. + Mmost notably fixes last regression in bgpd (reannounce of prefixes + with changed attributes works again), race condition in netlink + handling while using IPv6, MTU changes handling in ospfd and several + crashes in ospfd, bgpd and ospf6d. + + -- Christian Hammers Mon, 4 Apr 2005 12:51:24 +0200 + +quagga (0.98.2-2) unstable; urgency=low + + * Added patch to let Quagga compile with gcc-4.0 (thanks to + Andreas Jochens). Closes: #300949 + + -- Christian Hammers Fri, 25 Mar 2005 19:33:30 +0100 + +quagga (0.98.2-1) unstable; urgency=medium + + * Quoting the upstream announcement: + The 0.98.1 release unfortunately was a brown paper bag release with + respect to ospfd. [...] 0.98.2 has been released, with one crucial change + to fix the unfortunate mistake in 0.98.1, which caused problems if + ospfd became DR. + * Note: the upstream tarball had a strange problem, apparently redhat.spec + was twice in it? At least debuild gave a strange error message so I + unpacked it by hand. No changes were made to the .orig.tar.gz! + + -- Christian Hammers Fri, 4 Feb 2005 01:31:36 +0100 + +quagga (0.98.1-1) unstable; urgency=medium + + * New upstream version + "fixing a fatal OSPF + MD5 auth regression, and a non-fatal high-load + regression in bgpd which were present in the 0.98.0 release." + * Upstream version fixes bug in ospfd that could lead to crash when OSPF + packages had a MTU > 1500. Closes: #290566 + * Added notice regarding capability kernel support to README.Debian + (thanks to Florian Weimer). Closes: #291509 + * Changed permission setting in postinst script (thanks to Bastian Blank). + Closes: #292690 + + -- Christian Hammers Tue, 1 Feb 2005 02:01:27 +0100 + +quagga (0.98.0-3) unstable; urgency=low + + * Fixed problem in init script. Closes: #290317 + * Removed obsolete "smux peer enable" patch. + + -- Christian Hammers Fri, 14 Jan 2005 17:37:27 +0100 + +quagga (0.98.0-2) unstable; urgency=low + + * Updated broken TCP MD5 patch for BGP (thanks to John P. Looney + for telling me). + + -- Christian Hammers Thu, 13 Jan 2005 02:03:54 +0100 + +quagga (0.98.0-1) unstable; urgency=low + + * New upstream release + * Added kernel-image-2.6 as alternative to 2.4 to the recommends + (thanks to Faidon Liambotis). Closes: #289530 + + -- Christian Hammers Mon, 10 Jan 2005 19:36:17 +0100 + +quagga (0.97.5-1) unstable; urgency=low + + * New upstream version. + * Added Czech debconf translation (thanks to Miroslav Kure). + Closes: #287293 + * Added Brazilian debconf translation (thanks to Andre Luis Lopes). + Closes: #279352 + + -- Christian Hammers Wed, 5 Jan 2005 23:49:57 +0100 + +quagga (0.97.4-2) unstable; urgency=low + + * Fixed quagga.info build problem. + + -- Christian Hammers Wed, 5 Jan 2005 22:38:01 +0100 + +quagga (0.97.4-1) unstable; urgency=low + + * New upstream release. + + -- Christian Hammers Tue, 4 Jan 2005 01:45:22 +0100 + +quagga (0.97.3-2) unstable; urgency=low + + * Included isisd in the daemon list. + * Wrote an isisd manpage. + * It is now ensured that zebra is always the last daemon to be stopped. + * (Thanks to Hasso Tepper for mailing me a long list of suggestions + which lead to this release) + + -- Christian Hammers Sat, 18 Dec 2004 13:14:55 +0100 + +quagga (0.97.3-1) unstable; urgency=medium + + * New upstream version. + - Fixes important OSPF bug. + * Added ht-20040911-smux.patch regarding Quagga bug #112. + * Updated ht-20041109-0.97.3-bgp-md5.patch for BGP with TCP MD5 + (thanks to Matthias Wamser). + + -- Christian Hammers Tue, 9 Nov 2004 17:45:26 +0100 + +quagga (0.97.2-4) unstable; urgency=low + + * Added Portuguese debconf translation (thanks to Andre Luis Lopes). + Closes: #279352 + * Disabled ospfapi server by default on recommendation of Paul Jakma. + + -- Christian Hammers Sun, 7 Nov 2004 15:07:05 +0100 + +quagga (0.97.2-3) unstable; urgency=low + + * Added Andrew Schorrs VTY Buffer patch from the [quagga-dev 1729]. + + -- Christian Hammers Tue, 2 Nov 2004 00:46:56 +0100 + +quagga (0.97.2-2) unstable; urgency=low + + * Changed file and directory permissions and ownerships according to a + suggestion from Paul Jakma. Still not perfect though. + * Fixed upstream vtysh.conf.sample file. + * "ip ospf network broadcast" is now saved correctly. Closes: #244116 + * Daemon options are now in /etc/quagga/debian.conf to be user + configurable (thanks to Simon Raven and Hasso Tepper). Closes: #266715 + + -- Christian Hammers Tue, 26 Oct 2004 23:35:45 +0200 + +quagga (0.97.2-1) unstable; urgency=low + + * New upstream version. + Closes: #254541 + * Fixed warning on unmodular kernels (thanks to Christoph Biedl). + Closes: #277973 + + -- Christian Hammers Mon, 25 Oct 2004 00:47:04 +0200 + +quagga (0.97.1-2) unstable; urgency=low + + * Version 0.97 introduced shared libraries. They are now included. + (thanks to Raf D'Halleweyn). Closes: #277446 + + -- Christian Hammers Wed, 20 Oct 2004 15:32:06 +0200 + +quagga (0.97.1-1) unstable; urgency=low + + * New upstream version. + * Removed some obsolete files from debian/patches. + * Added patch from upstream bug 113. Closes: #254541 + * Added patch from upstream that fixes a compilation problem in the + ospfclient code (thanks to Hasso Tepper). + * Updated German debconf translation (thanks to Jens Nachtigall) + Closes: #277059 + + -- Christian Hammers Mon, 18 Oct 2004 01:16:35 +0200 + +quagga (0.96.5-11) unstable; urgency=low + + * Fixed /tmp/buildd/* paths in binaries. + For some unknown reason the upstream Makefile modified a .h file at + the end of the "debian/rules build" target. During the following + "make install" one library got thus be re*compiled* - with /tmp/buildd + paths as sysconfdir (thanks to Peder Chr. Norgaard). Closes: #274050 + + -- Christian Hammers Fri, 1 Oct 2004 01:21:02 +0200 + +quagga (0.96.5-10) unstable; urgency=medium + + * The BGP routing daemon might freeze on network disturbances when + their peer is also a Quagga/Zebra router. + Applied patch from http://bugzilla.quagga.net/show_bug.cgi?id=102 + which has been confirmed by the upstream author. + (thanks to Gunther Stammwitz) + * Changed --enable-pam to --with-libpam (thanks to Hasso Tepper). + Closes: #264562 + * Added patch for vtysh (thanks to Hasso Tepper). Closes: #215919 + + -- Christian Hammers Mon, 9 Aug 2004 15:33:02 +0200 + +quagga (0.96.5-9) unstable; urgency=low + + * Rewrote the documentation chapter about SNMP support. Closes: #195653 + * Added MPLS docs. + + -- Christian Hammers Thu, 29 Jul 2004 21:01:52 +0200 + +quagga (0.96.5-8) unstable; urgency=low + + * Adjusted a grep in the initscript to also match a modprobe message + from older modutils packages (thanks to Faidon Paravoid). + + -- Christian Hammers Wed, 28 Jul 2004 21:19:02 +0200 + +quagga (0.96.5-7) unstable; urgency=low + + * Added a "cd /etc/quagga/" to the init script as quagga tries to load + the config file first from the current working dir and then from the + config dir which could lead to confusion (thanks to Marco d'Itri). + Closes: #255078 + * Removed warning regarding problems with the Debian kernels from + README.Debian as they are no longer valid (thanks to Raphael Hertzog). + Closes: #257580 + * Added patch from Hasso Tepper that makes "terminal length 0" work + in vtysh (thanks to Matthias Wamser). Closes: #252579 + + -- Christian Hammers Thu, 8 Jul 2004 21:53:21 +0200 + +quagga (0.96.5-6) unstable; urgency=low + + * Try to load the capability module as it is needed now. + + -- Christian Hammers Tue, 8 Jun 2004 23:25:29 +0200 + +quagga (0.96.5-5) unstable; urgency=low + + * Changed the homedir of the quagga user to /etc/quagga/ to allow + admins to put ~/.ssh/authorized_keys there (thanks to Matthias Wamser). + Closes: #252577 + + -- Christian Hammers Sat, 5 Jun 2004 14:47:31 +0200 + +quagga (0.96.5-4) unstable; urgency=medium + + * Fixed rules file to use the renamed ./configure option --enable-tcp-md5 + (thanks to Matthias Wamser). Closes: #252141 + + -- Christian Hammers Tue, 1 Jun 2004 22:58:32 +0200 + +quagga (0.96.5-3) unstable; urgency=low + + * Provided default binary package name to all build depends that were + virtual packages (thanks to Goswin von Brederlow). Closes: #251625 + + -- Christian Hammers Sat, 29 May 2004 22:48:53 +0200 + +quagga (0.96.5-2) unstable; urgency=low + + * New upstream version. + * New md5 patch version (thanks to Niklas Jakobsson and Hasso Tepper). + Closes: #250985 + * Fixes info file generation (thanks to Peder Chr. Norgaard). + Closes: #250992 + * Added catalan debconf translation (thanks to Aleix Badia i Bosch). + Closes: #250118 + * PATCHES: + This release contains BGP4 MD5 support which requires a kernel patch + to work. See /usr/share/doc/quagga/README.Debian.MD5. + (The patch is ht-20040525-0.96.5-bgp-md5.patch from Hasso Tepper) + + -- Christian Hammers Thu, 27 May 2004 20:09:37 +0200 + +quagga (0.96.5-1) unstable; urgency=low + + * New upstream version. + * PATCHES: + This release contains BGP4 MD5 support which also requires a kernel patch. + See /usr/share/doc/quagga/README.Debian.MD5 and search for CAN-2004-0230. + + -- Christian Hammers Sun, 16 May 2004 17:40:40 +0200 + +quagga (0.96.4x-10) unstable; urgency=low + + * SECURITY: + This release contains support for MD5 for BGP which is one suggested + prevention of the actually long known TCP SYN/RST attacks which got + much news in the last days as ideas were revealed that made them much + easier probable agains especially the BGP sessions than commonly known. + There are a lot of arguments agains the MD5 approach but some ISPs + started to require it. + See: CAN-2004-0230, http://www.us-cert.gov/cas/techalerts/TA04-111A.html + * PATCHES: + This release contains the MD5 patch from Hasso Tepper. It also seems to + required a kernel patch. See /usr/share/doc/quagga/README.Debian.MD5. + + -- Christian Hammers Thu, 29 Apr 2004 01:01:38 +0200 + +quagga (0.96.4x-9) unstable; urgency=low + + * Fixed daemon loading order (thanks to Matt Kemner). + * Fixed typo in init script (thanks to Charlie Brett). Closes: #238582 + + -- Christian Hammers Sun, 4 Apr 2004 15:32:18 +0200 + +quagga (0.96.4x-8) unstable; urgency=low + + * Patched upstream source so that quagga header files end up in + /usr/include/quagga/. Closes: #233792 + + -- Christian Hammers Mon, 23 Feb 2004 01:42:53 +0100 + +quagga (0.96.4x-7) unstable; urgency=low + + * Fixed info file installation (thanks to Holger Dietze). Closes: #227579 + * Added Japanese translation (thanks to Hideki Yamane). Closes: #227812 + + -- Christian Hammers Sun, 18 Jan 2004 17:28:29 +0100 + +quagga (0.96.4x-6) unstable; urgency=low + + * Added dependency to iproute. + * Initscript now checks not only for the pid file but also for the + daemons presence (thanks to Phil Gregory). Closes: #224389 + * Added my patch to configure file permissions. + + -- Christian Hammers Mon, 15 Dec 2003 22:34:29 +0100 + +quagga (0.96.4x-5) unstable; urgency=low + + * Added patch which gives bgpd the CAP_NET_RAW capability to allow it + to bind to special IPv6 link-local interfaces (Thanks to Bastian Blank). + Closes: #222930 + * Made woody backport easier by applying Colin Watsons po-debconf hack. + Thanks to Marc Haber for suggesting it. Closes: #223527 + * Made woody backport easier by applying a patch that removes some + obscure whitespaces inside an C macro. (Thanks to Marc Haber). + Closes: #223529 + * Now uses /usr/bin/pager. Closes: #204070 + * Added note about the "official woody backports" on my homepage. + + -- Christian Hammers Mon, 15 Dec 2003 20:39:06 +0100 + +quagga (0.96.4x-4) unstable; urgency=high + + * SECURITY: + Fixes another bug that was originally reported against Zebra. + . + http://rhn.redhat.com/errata/RHSA-2003-307.html + Herbert Xu reported that Zebra can accept spoofed messages sent on the + kernel netlink interface by other users on the local machine. This could + lead to a local denial of service attack. The Common Vulnerabilities and + Exposures project (cve.mitre.org) has assigned the name CAN-2003-0858 to + this issue. + + * Minor improvements to init script (thanks to Iustin Pop). + Closes: #220938 + + -- Christian Hammers Sat, 22 Nov 2003 13:27:57 +0100 + +quagga (0.96.4x-3) unstable; urgency=low + + * Changed "more" to "/usr/bin/pager" as default pager if $PAGER or + $VTYSH_PAGER is not set (thanks to Bastian Blank). Closes: #204070 + * Made the directory (but not the config/log files!) world accessible + again on user request (thanks to Anand Kumria)). Closes: #213129 + * No longer providing sample configuration in /etc/quagga/. They are + now only available in /usr/share/doc/quagga/ to avoid accidently + using them without changing the adresses (thanks to Marc Haber). + Closes: #215918 + + -- Christian Hammers Sun, 16 Nov 2003 16:59:30 +0100 + +quagga (0.96.4x-2) unstable; urgency=low + + * Fixed permission problem with pidfile (thanks to Kir Kostuchenko). + Closes: #220938 + + -- Christian Hammers Sun, 16 Nov 2003 14:24:08 +0100 + +quagga (0.96.4x-1) unstable; urgency=low + + * Reupload of 0.96.4. Last upload-in-a-hurry produced a totally + crappy .tar.gz file. Closes: #220621 + + -- Christian Hammers Fri, 14 Nov 2003 19:45:57 +0100 + +quagga (0.96.4-1) unstable; urgency=high + + * SECURITY: Remote DoS of protocol daemons. + Fix for a remote triggerable crash in vty layer. The management + ports ("telnet myrouter ospfd") should not be open to the internet! + + * New upstream version. + - OSPF bugfixes. + - Some improvements for bgp and rip. + + -- Christian Hammers Thu, 13 Nov 2003 11:52:27 +0100 + +quagga (0.96.3-3) unstable; urgency=low + + * Fixed pid file generation by substituting the daemons "-d" by the + start-stop-daemon option "--background" (thanks to Micha Gaisser). + Closes: #218103 + + -- Christian Hammers Wed, 29 Oct 2003 05:17:49 +0100 + +quagga (0.96.3-2) unstable; urgency=low + + * Readded GNOME-PRODUCT-ZEBRA-MIB. + + -- Christian Hammers Thu, 23 Oct 2003 06:17:03 +0200 + +quagga (0.96.3-1) unstable; urgency=medium + + * New upstream version. + * Removed -u and -e in postrm due to problems with debhelper and userdel + (thanks to Adam Majer and Jaakko Niemi). Closes: #216770 + * Removed SNMP MIBs as they are now included in libsnmp-base (thanks to + David Engel and Peter Gervai). Closes: #216138, #216086 + * Fixed seq command in init script (thanks to Marc Haber). Closes: #215915 + * Improved /proc check (thanks to Marc Haber). Closes: #212331 + + -- Christian Hammers Thu, 23 Oct 2003 03:42:02 +0200 + +quagga (0.96.2-9) unstable; urgency=medium + + * Removed /usr/share/info/dir.* which were accidently there and prevented + the installation by dpkg (thanks to Simon Raven). Closes: #212614 + * Reworded package description (thanks to Anand Kumria). Closes: #213125 + * Added french debconf translation (thanks to Christian Perrier). + Closes: #212803 + + -- Christian Hammers Tue, 7 Oct 2003 13:26:58 +0200 + +quagga (0.96.2-8) unstable; urgency=low + + * debian/rules now checks if /proc is mounted as ./configure needs + it but just fails with an obscure error message if it is absent. + (Thanks to Norbert Tretkowski). Closes: #212331 + + -- Christian Hammers Tue, 23 Sep 2003 12:57:38 +0200 + +quagga (0.96.2-7) unstable; urgency=low + + * Last build was rejected due to a buggy dpkg-dev version. Rebuild. + + -- Christian Hammers Mon, 22 Sep 2003 20:34:12 +0200 + +quagga (0.96.2-6) unstable; urgency=low + + * Fixed init script so that is is now possible to just start + the bgpd but not the zebra daemon. Also daemons are now actually + started in the order defined their priority. (Thanks to Thomas Kaehn + and Jochen Friedrich) Closes: #210924 + + -- Christian Hammers Fri, 19 Sep 2003 21:17:02 +0200 + +quagga (0.96.2-5) unstable; urgency=low + + * For using quagga as BGP route server or similar, it is not + wanted to have the zebra daemon running too. For this reason + it can now be disabled in /etc/quagga/daemons, too. + (Thanks to Jochen Friedrich). Closes: #210924 + * Attached *unapplied* patch for the ISIS protocol. I did not dare + to apply it as long as upstream does not do it but this way give + users the possibilities to use it if they like to. + (Thanks to Remco van Mook) + + -- Christian Hammers Wed, 17 Sep 2003 19:57:31 +0200 + +quagga (0.96.2-4) unstable; urgency=low + + * Enabled IPV6 router advertisement feature by default on user request + (thanks to Jochen Friedrich and Hasso Tepper). Closes: #210732 + * Updated GNU autoconf to let it build on hppa/parisc64 (thanks to + lamont). Closes: #210492 + + -- Christian Hammers Sat, 13 Sep 2003 14:11:13 +0200 + +quagga (0.96.2-3) unstable; urgency=medium + + * Removed unnecessary "-lcrypto" to avoid dependency against OpenSSL + which would require further copyright addtions. + + -- Christian Hammers Wed, 10 Sep 2003 01:37:28 +0200 + +quagga (0.96.2-2) unstable; urgency=low + + * Added note that config files of quagga are in /etc/quagga and + not /etc/zebra for the zebra users that migrate to quagga. + (Thanks to Roberto Suarez Soto for the idea) + * Fixed setgid rights in /etc/quagga. + + -- Christian Hammers Wed, 27 Aug 2003 14:05:39 +0200 + +quagga (0.96.2-1) unstable; urgency=low + + * This package has formally been known as "zebra-pj"! + * New upstream release. + Fixes "anoying OSPF problem". + * Modified group ownerships so that vtysh can now be used by normal + uses if they are in the quaggavty group. + + -- Christian Hammers Mon, 25 Aug 2003 23:40:14 +0200 + +quagga (0.96.1-1) unstable; urgency=low + + * Zebra-pj, the fork of zebra has been renamed to quagga as the original + upstream author asked the new project membed not to use "zebra" in the + name. zebra-pj is obsolete. + + -- Christian Hammers Mon, 18 Aug 2003 23:37:20 +0200 + +zebra-pj (0.94+cvs20030721-1) unstable; urgency=low + + * New CVS build. + - OSPF changes (integration of the OSPF API?) + - code cleanups (for ipv6?) + * Tightened Build-Deps to gcc-2.95 as 3.x does not compile a stable ospfd. + This is a known problem and has been discussed on the mailing list. + No other solutions so far. + + -- Christian Hammers Mon, 21 Jul 2003 23:52:00 +0200 + +zebra-pj (0.94+cvs20030701-1) unstable; urgency=low + + * Initial Release. + + -- Christian Hammers Tue, 1 Jul 2003 01:58:06 +0200 --- quagga-0.99.10.orig/debian/README.Debian.MD5 +++ quagga-0.99.10/debian/README.Debian.MD5 @@ -0,0 +1,9 @@ +The MD5 patch was made by Hasso Tepper and downloaded from his web site + http://hasso.linux.ee/quagga/bgp-md5.en.php + +According to this site you also have to patch your kernel to make it work. + +For further background information read: + http://www.faqs.org/rfcs/rfc2385.html + http://www.kerneltraffic.net/kernel-traffic/kt20020401_160.html#1 + http://www.us-cert.gov/cas/techalerts/TA04-111A.html