- Update to 0.99.21

- Security fix for CVE-2012-1820 (obtained from redhat's bugzilla instance/Quagga-RE git repo)
- Convert to OptionsNG
- Fix style issues

PR:		ports/168920
Submitted by:	me
Approved by:	Boris Kovalenko <boris@tagnet.ru> (maintainer)
Security:	1e14d46f-af1f-11e1-b242-00215af774f0

net/quagga/Makefile

@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	quagga
-PORTVERSION=	0.99.20.1
+PORTVERSION=	0.99.21
 CATEGORIES=	net ipv6
 MASTER_SITES=	${MASTER_SITE_SAVANNAH}
 MASTER_SITE_SUBDIR=	quagga
@@ -30,18 +30,21 @@ USE_PERL5_BUILD=yes
 FETCH_ARGS=	-Fpr
 
 MAN1=		vtysh.1
-MAN8=		bgpd.8 ospf6d.8 ospfd.8 ripd.8 ripngd.8 zebra.8
+MAN8=		bgpd.8 ospf6d.8 ospfd.8 ripd.8 ripngd.8 zebra.8 watchquagga.8
 INFO=		quagga
 
-OPTIONS=	ISISD		"Enable experimental ISIS daemon"	off \
+OPTIONS_DEFINE=	ISISD PAM OSPF_OPAQUE_LSA RTADV SNMP TCPSOCKETS DLMALLOC \
-		PAM		"PAM authentication for vtysh"	off \
+		NO_BGP_ANNOUNCE
-		OSPF_NSSA	"NSSA support (RFC1587)"	off \
+
-		OSPF_OPAQUE_LSA	"OSPF Opaque-LSA support (RFC2370)" off \
+ISISD_DESC=		Enable experimental ISIS daemon
-		RTADV		"IPv6 Router Advertisements"	off \
+PAM_DESC=		PAM authentication for vtysh
-		SNMP		"SNMP support"			off \
+OSPF_OPAQUE_LSA_DESC=	OSPF Opaque-LSA support (RFC2370)
-		TCPSOCKETS	"Use TCP/IP sockets for protocol daemons" off \
+RTADV_DESC=		IPv6 Router Advertisements
-		DLMALLOC	"Use dlmalloc (makes bgpd much faster)" off \
+TCPSOCKETS_DESC=	Use TCP/IP sockets for protocol daemons
-		NO_BGP_ANNOUNCE	"Turn off BGP route announcement" off
+DLMALLOC_DESC=		Use dlmalloc (makes bgpd much faster)
+NO_BGP_ANNOUNCE_DESC=	Turn off BGP route announcement
+
+.include <bsd.port.options.mk>
 
 .include <bsd.port.pre.mk>
 
@@ -79,23 +82,19 @@ SCRIPTS_ENV=	PREFIX=${PREFIX} PKG_PREFIX=${PREFIX} \
 		SYSCONF_DIR=${SYSCONF_DIR} SYSSTATE_DIR=${SYSSTATE_DIR} \
 		ENABLE_USER=${ENABLE_USER} ENABLE_GROUP=${ENABLE_GROUP}
 
-.if defined(WITH_ISISD)
+.if ${PORT_OPTIONS:MISISD}
 CONFIGURE_ARGS+=--enable-isisd
+MAN8+=		isisd.8
 PLIST_SUB+=	ISISD=""
 .else
 PLIST_SUB+=	ISISD="@comment "
 .endif
-MAN8+=		isisd.8
 
-.if defined(WITH_PAM)
+.if ${PORT_OPTIONS:MPAM}
 CONFIGURE_ARGS+=--with-libpam
 .endif
 
-.if defined(WITH_OSPFNSSA)
+.if ${PORT_OPTIONS:MOSPF_OPAQUE_LSA}
-CONFIGURE_ARGS+=--enable-nssa
-.endif
-
-.if defined(WITH_OSPF_OPAQUE_LSA)
 CONFIGURE_ARGS+=--enable-opaque-lsa
 PLIST_SUB+=	OSPFAPI=""
 .else
@@ -103,28 +102,28 @@ CONFIGURE_ARGS+=--disable-opaque-lsa
 PLIST_SUB+=	OSPFAPI="@comment "
 .endif
 
-.if defined(WITH_RTADV)
+.if ${PORT_OPTIONS:MRTADV}
 CONFIGURE_ARGS+=--enable-rtadv
 .endif
 
-.if defined(WITH_SNMP)
+.if ${PORT_OPTIONS:MSNMP}
 CONFIGURE_ARGS+=--enable-snmp
-LIB_DEPENDS+=netsnmp:${PORTSDIR}/net-mgmt/net-snmp
+LIB_DEPENDS+=	netsnmp:${PORTSDIR}/net-mgmt/net-snmp
 .endif
 
-.if defined(WITH_TCPSOCKETS)
+.if ${PORT_OPTIONS:MTCPSOCKETS}
 CONFIGURE_ARGS+=--enable-tcp-zebra
 .endif
 
-.if defined(WITH_DLMALLOC)
+.if ${PORT_OPTIONS:MDLMALLOC}
-LIB_DEPENDS+=dlmalloc.2:${PORTSDIR}/devel/libdlmalloc
+LIB_DEPENDS+=	dlmalloc:${PORTSDIR}/devel/libdlmalloc
-LDFLAGS+=-ldlmalloc
+LDFLAGS+=	-ldlmalloc
 SUB_LIST=	RCLDCONFIG=ldconfig
 .else
 SUB_LIST=	RCLDCONFIG=
 .endif
 
-.if defined(WITH_NO_BGP_ANNOUNCE)
+.if ${PORT_OPTIONS:MNO_BGP_ANNOUNCE}
 CONFIGURE_ARGS+=--disable-bgp-announce
 .endif
 
@@ -148,16 +147,6 @@ pre-everything::
 	@${ECHO} "ENABLE_VTY_GROUP  Specify group for vty socket ownership"
 	@${ECHO} "SYSCONF_DIR       Specify directory for Quagga configuration files"
 	@${ECHO} "LOCALSTATE_DIR    Specify directory for Quagga runtime files"
-	@${ECHO}
-	@${ECHO} "The following options may be configured interactively:"
-	@${ECHO} "   WITH_PAM              PAM authentication for vtysh"
-	@${ECHO} "   WITH_OSPF_NSSA        NSSA support (RFC1587)"
-	@${ECHO} "   WITH_OSPF_OPAQUE_LSA  OSPF Opaque-LSA with OSPFAPI support (RFC2370)"
-	@${ECHO} "   WITH_RTADV            IPv6 Router Advertisements"
-	@${ECHO} "   WITH_SNMP             SNMP support"
-	@${ECHO} "   WITH_TCPSOCKETS       Use TCP/IP sockets for protocol daemons"
-	@${ECHO} "   WITH_DLMALLOC         Use dlmalloc (makes bgpd much faster)"
-	@${ECHO} "   WITH_NO_BGP_ANNOUNCE  Turn off BGP route announcement"
 
 post-install:
 	@${MKDIR} ${LOCALSTATE_DIR}

net/quagga/distinfo

@@ -1,2 +1,2 @@
-SHA256 (quagga-0.99.20.1.tar.gz) = de8cac51e723b140abef1126696dcf9c68500546b1db3043cce431ae9d3291f4
+SHA256 (quagga-0.99.21.tar.gz) = 9b8aea9026b4771a28e254a66cbd854723bcd0d71eebd0201d11838d4eb392ee
-SIZE (quagga-0.99.20.1.tar.gz) = 2251259
+SIZE (quagga-0.99.21.tar.gz) = 2297174

net/quagga/files/patch-bgpd__bgp_attr.c

@@ -1,10 +0,0 @@
---- ./bgpd/bgp_attr.c.orig	2011-10-18 10:12:39.000000000 -0400
-+++ ./bgpd/bgp_attr.c	2011-10-18 10:13:01.000000000 -0400
-@@ -675,6 +675,7 @@
-     }
- 
-   bgp_attr_unintern_sub (&tmp);
-+  bgp_attr_extra_free (&tmp);
- }
- 
- void

net/quagga/files/patch-bgpd__bgp_open.c

@@ -0,0 +1,49 @@
+--- ./bgpd/bgp_open.c.orig	2012-05-01 12:10:27.000000000 -0400
++++ ./bgpd/bgp_open.c	2012-06-10 09:05:40.000000000 -0400
+@@ -232,7 +232,7 @@
+     }
+   
+   /* validate number field */
+-  if (sizeof (struct capability_orf_entry) + (entry.num * 2) > hdr->length)
++  if (sizeof (struct capability_orf_entry) + (entry.num * 2) != hdr->length)
+     {
+       zlog_info ("%s ORF Capability entry length error,"
+                  " Cap length %u, num %u",
+@@ -336,28 +336,6 @@
+ }
+ 
+ static int
+-bgp_capability_orf (struct peer *peer, struct capability_header *hdr)
+-{
+-  struct stream *s = BGP_INPUT (peer);
+-  size_t end = stream_get_getp (s) + hdr->length;
+-  
+-  assert (stream_get_getp(s) + sizeof(struct capability_orf_entry) <= end);
+-  
+-  /* We must have at least one ORF entry, as the caller has already done
+-   * minimum length validation for the capability code - for ORF there must
+-   * at least one ORF entry (header and unknown number of pairs of bytes).
+-   */
+-  do
+-    {
+-      if (bgp_capability_orf_entry (peer, hdr) == -1)
+-        return -1;
+-    } 
+-  while (stream_get_getp(s) + sizeof(struct capability_orf_entry) < end);
+-  
+-  return 0;
+-}
+-
+-static int
+ bgp_capability_restart (struct peer *peer, struct capability_header *caphdr)
+ {
+   struct stream *s = BGP_INPUT (peer);
+@@ -575,7 +553,7 @@
+             break;
+           case CAPABILITY_CODE_ORF:
+           case CAPABILITY_CODE_ORF_OLD:
+-            if (bgp_capability_orf (peer, &caphdr))
++            if (bgp_capability_orf_entry (peer, &caphdr))
+               return -1;
+             break;
+           case CAPABILITY_CODE_RESTART:

net/quagga/files/patch-ospfd__ospf_packet.c

@@ -1,11 +0,0 @@
---- ospfd/ospf_packet.c.orig	2011-09-29 18:59:32.000000000 +0600
-+++ ospfd/ospf_packet.c	2011-11-12 12:02:58.000000000 +0600
-@@ -2116,7 +2116,7 @@
-   
-   ip_len = iph->ip_len;
-   
--#if !defined(GNU_LINUX) && (OpenBSD < 200311)
-+#if !defined(GNU_LINUX) && (OpenBSD < 200311) && (__FreeBSD_version < 1000000)
-   /*
-    * Kernel network code touches incoming IP header parameters,
-    * before protocol specific processing.

net/quagga/pkg-plist

@@ -1,3 +1,5 @@
+@comment $FreeBSD$
+sbin/babeld
 sbin/bgpd
 %%ISISD%%sbin/isisd
 sbin/ospf6d
@@ -68,6 +70,7 @@ include/quagga/workqueue.h
 include/quagga/zassert.h
 include/quagga/zclient.h
 include/quagga/zebra.h
+%%EXAMPLESDIR%%/babeld.conf.sample
 %%EXAMPLESDIR%%/bgpd.conf.sample
 %%EXAMPLESDIR%%/bgpd.conf.sample2
 %%ISISD%%%%EXAMPLESDIR%%/isisd.conf.sample