commit 8b421abec0591e2761073846b1623245e694c110e580fed093aff666cfcf6fa6 Author: Marcus Rueckert Date: Mon Dec 10 17:04:30 2018 +0000 Accepting request 656862 from home:mnhauke:network Initial package for bird OBS-URL: https://build.opensuse.org/request/show/656862 OBS-URL: https://build.opensuse.org/package/show/network/bird?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/bird-1.6.3_verbose.build.patch b/bird-1.6.3_verbose.build.patch new file mode 100644 index 0000000..e8c18d1 --- /dev/null +++ b/bird-1.6.3_verbose.build.patch @@ -0,0 +1,23 @@ +Index: bird-1.6.3/tools/Rules.in +=================================================================== +--- bird-1.6.3.orig/tools/Rules.in ++++ bird-1.6.3/tools/Rules.in +@@ -68,14 +68,14 @@ subdir: all.o + all.o: $(objs) + # $(LD) -r -o $@ $^ + # Changed to $(CC) because $(LD) has problems with crosscompiling +- @echo LD -r -o $@ $^ +- @$(CC) -nostdlib -r -o $@ $^ ++# @echo LD -r -o $@ $^ ++ $(CC) -nostdlib -r -o $@ $^ + + endif + + %.o: $(src-path)%.c +- @echo CC -o $@ -c $< +- @$(CC) $(CFLAGS) -o $@ -c $< ++# @echo CC -o $@ -c $< ++ $(CC) $(CFLAGS) -o $@ -c $< + + ifndef source-dep + source-dep := $(source) diff --git a/bird-1.6.4.tar.gz b/bird-1.6.4.tar.gz new file mode 100644 index 0000000..7beede6 --- /dev/null +++ b/bird-1.6.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c26b8caae988dba81a9dbbee93502463d4326d1b749d728d62aa5529c605afc0 +size 1018874 diff --git a/bird.changes b/bird.changes new file mode 100644 index 0000000..a2a82e1 --- /dev/null +++ b/bird.changes @@ -0,0 +1,100 @@ +------------------------------------------------------------------- +Thu Dec 6 20:30:33 UTC 2018 - mardnh@gmx.de + +- Specfile cleanup + +------------------------------------------------------------------- +Wed Nov 14 19:22:22 UTC 2018 - mardnh@gmx.de + +- Update to version 1.6.4 + * Basic VRF support + * Simplified autoconf scripts + * BGP: Shutdown communication (RFC 8203) + * BGP: Allow exchanging LOCAL_PREF with eBGP peers + * BGP: Allow to specify interface for regular sessions + * BGP: New option 'disable after cease' + * RAdv: Support for more specific routes (RFC 4191) + * RAdv: Proper handling of prefix retraction + * Filter: Allow silent filter execution + * Filter: Fixed stack overflow in BGP mask expressions. + * Several bug fixes + +------------------------------------------------------------------- +Fri Aug 18 16:41:04 UTC 2017 - mrueckert@suse.de + +- added potential fix for the bufferoverflow issue + bufferoverflow.patch + + We will keep fortify_source 0 until the patch was discussed with + upstream. + +------------------------------------------------------------------- +Fri Aug 18 15:42:27 UTC 2017 - mrueckert@suse.de + +- downgrade to _FORTIFY_SOURCE=0 as 1 still fails on TW + +------------------------------------------------------------------- +Fri Aug 18 15:36:09 UTC 2017 - mrueckert@suse.de + +- ignore some warnings to make the output more readable + +------------------------------------------------------------------- +Fri Aug 18 15:23:57 UTC 2017 - mrueckert@suse.de + +- added bird-1.6.3_verbose.build.patch: + - no longer print false CC lines + - print the actuall gcc calls instead +- properly fix the FORTIFY_SOURCE fix from the earlier commit. + - we just replace the -D_FORTIFY_SOURCE value with what we want + instead of appending another value which leads to warnings + +------------------------------------------------------------------- +Fri Aug 18 15:06:45 UTC 2017 - mrueckert@suse.de + +- update to 1.6.3 + - Large BGP communities + - BFD authentication (MD5, SHA1) + - SHA1 and SHA2 authentication for RIP and OSPF + - Improved documentation + - Several bug fixes +- changes from version 1.6.2 + - Fixes serious bug introduced in the previous version +- changes from version 1.6.1 + - Support for IPv6 ECMP + - Better handling of IPv6 tentative addresses + - Several updates and fixes in Babel protocol + - Filter: New !~ operator + - Filter: ASN ranges in bgpmask + - KRT: New kernel protocol option 'metric' + - KRT: New route attribute 'krt_scope' + - Improved BIRD help messages + - Fixes memory leak in BGP multipath + - Fixes handling of empty path segments in BGP AS_PATH + - Several bug fixes +- drop bird-1.5.0-rip_auth_bufferoverflow.patch + +------------------------------------------------------------------- +Tue Jun 21 20:19:18 UTC 2016 - mardnh@gmx.de + +- update to version 1.6.0 +- if possible use /run instead of /var/run for the runtimedir +- removed patch: bird-1.5.0-rip_auth_bufferoverflow.patch + A similar issue still exists but it's a false positive. + +------------------------------------------------------------------- +Sat Oct 17 15:56:16 UTC 2015 - mrueckert@suse.de + +- add $BIRD_OPTIONS to the service files + +------------------------------------------------------------------- +Sat Oct 17 15:42:42 UTC 2015 - mrueckert@suse.de + +- no longer run as root but as user/group bird. +- add tmpfiles.d file for /var/run/bird +- merged spec file from bird6 again + +------------------------------------------------------------------- +Fri Oct 16 23:24:31 UTC 2015 - mrueckert@suse.de + +- initial package + diff --git a/bird.service b/bird.service new file mode 100644 index 0000000..3259d15 --- /dev/null +++ b/bird.service @@ -0,0 +1,17 @@ +[Unit] +Description=The BIRD Internet Routing Daemon +Documentation=http://bird.network.cz/doc/bird.html +Wants=network.target +After=network.target +ConditionFileIsExecutable=/usr/sbin/bird + +[Service] +Type=simple +ExecStartPre=/usr/sbin/bird -p -u bird -g bird +ExecStart=/usr/sbin/bird -u bird -g bird -f -P /run/bird/bird.pid $BIRD_OPTIONS +ExecReload=/usr/bin/kill -HUP $MAINPID +PIDFile=/run/bird/bird.pid +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/bird.spec b/bird.spec new file mode 100644 index 0000000..75eff4b --- /dev/null +++ b/bird.spec @@ -0,0 +1,185 @@ +# +# spec file for package bird +# +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define bird_user bird +%define bird_group bird +%define bird_home %{_localstatedir}/lib/bird +%define bird_runtimedir %{_rundir}/%{name} +Name: bird +Version: 1.6.4 +Release: 0 +Summary: The BIRD Internet Routing Daemon - IPv4 +License: GPL-2.0-or-later +Group: Productivity/Networking/Routing +URL: https://bird.network.cz/ +Source: ftp://bird.network.cz/pub/bird/bird-%{version}.tar.gz +Source1: bird.service +Source2: bird6.service +Source3: bird.tmpfiles.d +Patch0: bird-1.6.3_verbose.build.patch +Patch1: bufferoverflow.patch +BuildRequires: bison +BuildRequires: flex +BuildRequires: ncurses-devel +BuildRequires: pkgconfig +BuildRequires: readline-devel +BuildRequires: pkgconfig(systemd) +Requires: bird-common + +%description +The BIRD project aims to develop a fully functional dynamic IP routing daemon +primarily targeted on (but not limited to) Linux, FreeBSD and other UNIX-like +systems. + +This package holds the IPv4 binaries. + +%package -n bird6 +# +Summary: The BIRD Internet Routing Daemon - IPv4 +Group: Productivity/Networking/Routing +Requires: bird-common + +%description -n bird6 +The BIRD project aims to develop a fully functional dynamic IP routing daemon +primarily targeted on (but not limited to) Linux, FreeBSD and other UNIX-like +systems. + +This package holds the IPv6 binaries. + +%package common +Summary: The BIRD Internet Routing Daemon - Common directories and files +Group: Productivity/Networking/Routing +Requires(pre): shadow +%{?systemd_requires} + +%description common +The BIRD project aims to develop a fully functional dynamic IP routing daemon +primarily targeted on (but not limited to) Linux, FreeBSD and other UNIX-like +systems. + +This package holds common files and directories. + +%package doc +Summary: The BIRD Internet Routing Daemon - HTML Documentation +Group: Productivity/Networking/Routing + +%description doc +The BIRD project aims to develop a fully functional dynamic IP routing daemon +primarily targeted on (but not limited to) Linux, FreeBSD and other UNIX-like +systems. + +This package holds the HTML documentation. + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 + +%build +# gcc detects overflow in strncpy at proto/rip/packets.c:215:5 +# but it's false alarm, relax gcc (-D_FORTIFY_SOURCE=1) +# see http://bird.network.cz/pipermail/bird-users/2016-May/010380.html +export CFLAGS="${RPM_OPT_FLAGS//-D_FORTIFY_SOURCE=2/-D_FORTIFY_SOURCE=0} -fpic -DPIC -fno-strict-aliasing -Wno-parentheses -Wno-pointer-sign" +export LDFLAGS="-Wl,-z,relro -pie" +%define _configure ../configure +mkdir 4 6 +pushd 4 +%configure \ + --with-runtimedir=%{bird_runtimedir} +make %{?_smp_mflags} +popd +pushd 6 +%configure --enable-ipv6 \ + --with-runtimedir=%{bird_runtimedir} +make %{?_smp_mflags} +popd + +%install +make install DESTDIR=%{buildroot} %{?_smp_mflags} -C 4 +make install DESTDIR=%{buildroot} %{?_smp_mflags} -C 6 + +install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/bird.service +install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/bird6.service +install -D -m 0644 %{SOURCE3} %{buildroot}%{_tmpfilesdir}/%{name}.conf +ln -s -f %{_sbindir}/service %{buildroot}%{_sbindir}/rcbird +ln -s -f %{_sbindir}/service %{buildroot}%{_sbindir}/rcbird6 +install -D -d -m 0750 %{buildroot}%{bird_home} +install -D -d -m 0750 %{buildroot}%{_docdir}/%{name}/ +cp -av NEWS README doc/bird*.html %{buildroot}%{_docdir}/%{name}/ + +%pre common +# Create bird user/group +getent group %{bird_group} >/dev/null || groupadd -r %{bird_group} +getent passwd %{bird_user} >/dev/null || useradd -r -g %{bird_group} -d %{bird_home} -s /sbin/nologin -c "Bird routing daemon" %{bird_user} +exit 0 + +%post common +systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || true + +%pre +%service_add_pre bird.service + +%pre -n bird6 +%service_add_pre bird6.service + +%preun +%service_del_preun bird.service + +%preun -n bird6 +%service_del_preun bird6.service + +%post +%service_add_post bird.service + +%post -n bird6 +%service_add_post bird6.service + +%postun +%service_del_postun bird.service + +%postun -n bird6 +%service_del_postun bird6.service + +%files +%config(noreplace) %attr(0640,root,%{bird_group}) %{_sysconfdir}/bird.conf +%{_sbindir}/bird +%{_sbindir}/birdc +%{_sbindir}/birdcl +%{_sbindir}/rcbird +%{_unitdir}/bird.service + +%files -n bird6 +%config(noreplace) %attr(0640,root,%{bird_group}) %{_sysconfdir}/bird6.conf +%{_sbindir}/bird6 +%{_sbindir}/birdc6 +%{_sbindir}/birdcl6 +%{_sbindir}/rcbird6 +%{_unitdir}/bird6.service + +%files common +%dir %attr(750,%{bird_user},%{bird_group}) %{bird_home} +%{_tmpfilesdir}/%{name}.conf +%dir %attr(-,%{bird_user},%{bird_group}) %ghost %{bird_runtimedir} +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README +%doc %{_docdir}/%{name}/NEWS + +%files doc +%doc %{_docdir}/%{name}/bird*.html + +%changelog diff --git a/bird.tmpfiles.d b/bird.tmpfiles.d new file mode 100644 index 0000000..8a46ab5 --- /dev/null +++ b/bird.tmpfiles.d @@ -0,0 +1,2 @@ +# Type Path Mode UID GID Age Argument +d /run/bird 0755 bird bird diff --git a/bird6.service b/bird6.service new file mode 100644 index 0000000..f4ca2f1 --- /dev/null +++ b/bird6.service @@ -0,0 +1,17 @@ +[Unit] +Description=The BIRD Internet Routing Daemon (IPv6) +Documentation=http://bird.network.cz/doc/bird.html +Wants=network.target +After=network.target +ConditionFileIsExecutable=/usr/sbin/bird6 + +[Service] +Type=simple +ExecStartPre=/usr/sbin/bird6 -p -u bird -g bird +ExecStart=/usr/sbin/bird6 -u bird -g bird -f -P /run/bird/bird6.pid $BIRD_OPTIONS +ExecReload=/usr/bin/kill -HUP $MAINPID +PIDFile=/run/bird/bird6.pid +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/bufferoverflow.patch b/bufferoverflow.patch new file mode 100644 index 0000000..5bbd801 --- /dev/null +++ b/bufferoverflow.patch @@ -0,0 +1,32 @@ +Index: bird-1.6.3/proto/rip/packets.c +=================================================================== +--- bird-1.6.3.orig/proto/rip/packets.c ++++ bird-1.6.3/proto/rip/packets.c +@@ -56,13 +56,20 @@ struct rip_block_auth + { + u16 must_be_ffff; + u16 auth_type; +- char password[0]; +- u16 packet_len; +- u8 key_id; +- u8 auth_len; +- u32 seq_num; +- u32 unused1; +- u32 unused2; ++ /* ++ * use anonymous struct/union to get around a fortify source warnings about overwriting the password buffer ++ */ ++ union { ++ char password[RIP_PASSWD_LENGTH]; ++ struct { ++ u16 packet_len; ++ u8 key_id; ++ u8 auth_len; ++ u32 seq_num; ++ u32 unused1; ++ u32 unused2; ++ } ++ }; + }; + + /* Authentication tail, RFC 4822 */