aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking
diff options
context:
space:
mode:
authorRoy Li <rongqing.li@windriver.com>2014-08-12 17:01:19 +0800
committerMartin Jansa <Martin.Jansa@gmail.com>2014-08-13 23:28:06 +0200
commit8a428b570d7fbad8b36b1b4061ea51248a83d7c5 (patch)
tree405b1e43e230c8857154943f04b78557efc7a698 /meta-networking
parent8afe9200c45110eb2166e09bdce739fa170c08cb (diff)
downloadmeta-openembedded-contrib-8a428b570d7fbad8b36b1b4061ea51248a83d7c5.tar.gz
meta-openembedded-contrib-8a428b570d7fbad8b36b1b4061ea51248a83d7c5.tar.bz2
meta-openembedded-contrib-8a428b570d7fbad8b36b1b4061ea51248a83d7c5.zip
quagga: uprev it to 0.99.23
uprev it to 0.99.23 remove patches which have been in the latest version Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-networking')
-rw-r--r--meta-networking/recipes-protocols/quagga/files/0001-bgpd-CVE-2012-1820-DoS-in-bgp_capability_orf.patch87
-rw-r--r--meta-networking/recipes-protocols/quagga/files/0001-bgpd-relax-ORF-capability-length-handling.patch42
-rw-r--r--meta-networking/recipes-protocols/quagga/files/0001-doc-fix-makeinfo-errors-and-one-warning.patch61
-rw-r--r--meta-networking/recipes-protocols/quagga/files/0001-ospfd-CVE-2013-2236-stack-overrun-in-apiserver.patch106
-rw-r--r--meta-networking/recipes-protocols/quagga/files/build-fix-extract.pl-for-cross-compilation.patch31
-rw-r--r--meta-networking/recipes-protocols/quagga/files/fix-for-lib-inpath.patch19
-rw-r--r--meta-networking/recipes-protocols/quagga/files/lingering-IP-address-after-deletion-BZ-486.patch64
-rw-r--r--meta-networking/recipes-protocols/quagga/files/quagga-0.99.17-libcap.patch64
-rw-r--r--meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch29
-rw-r--r--meta-networking/recipes-protocols/quagga/files/work-with-new-readline.patch34
-rw-r--r--meta-networking/recipes-protocols/quagga/quagga.inc13
-rw-r--r--meta-networking/recipes-protocols/quagga/quagga_0.99.21.bb16
-rw-r--r--meta-networking/recipes-protocols/quagga/quagga_0.99.23.bb9
13 files changed, 12 insertions, 563 deletions
diff --git a/meta-networking/recipes-protocols/quagga/files/0001-bgpd-CVE-2012-1820-DoS-in-bgp_capability_orf.patch b/meta-networking/recipes-protocols/quagga/files/0001-bgpd-CVE-2012-1820-DoS-in-bgp_capability_orf.patch
deleted file mode 100644
index 5a2ee1b2ca..0000000000
--- a/meta-networking/recipes-protocols/quagga/files/0001-bgpd-CVE-2012-1820-DoS-in-bgp_capability_orf.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-From fe9bb6459afe0d55e56619cdc5061d8407cd1f15 Mon Sep 17 00:00:00 2001
-From: Denis Ovsienko <infrastation@yandex.ru>
-Date: Thu, 19 Apr 2012 20:34:13 +0400
-Subject: [PATCH] bgpd: CVE-2012-1820, DoS in bgp_capability_orf()
-
-Upstream-Status: Backport
-
-An ORF (code 3) capability TLV is defined to contain exactly one
-AFI/SAFI block. Function bgp_capability_orf(), which parses ORF
-capability TLV, uses do-while cycle to call its helper function
-bgp_capability_orf_entry(), which actually processes the AFI/SAFI data
-block. The call is made at least once and repeated as long as the input
-buffer has enough data for the next call.
-
-The helper function, bgp_capability_orf_entry(), uses "Number of ORFs"
-field of the provided AFI/SAFI block to verify, if it fits the input
-buffer. However, the check is made based on the total length of the ORF
-TLV regardless of the data already consumed by the previous helper
-function call(s). This way, the check condition is only valid for the
-first AFI/SAFI block inside an ORF capability TLV.
-
-For the subsequent calls of the helper function, if any are made, the
-check condition may erroneously tell, that the current "Number of ORFs"
-field fits the buffer boundary, where in fact it does not. This makes it
-possible to trigger an assertion by feeding an OPEN message with a
-specially-crafted malformed ORF capability TLV.
-
-This commit fixes the vulnerability by making the implementation follow
-the spec.
----
- bgpd/bgp_open.c | 26 ++------------------------
- 1 files changed, 2 insertions(+), 24 deletions(-)
-
-diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
-index d045dde..af711cc 100644
---- a/bgpd/bgp_open.c
-+++ b/bgpd/bgp_open.c
-@@ -230,7 +230,7 @@ bgp_capability_orf_entry (struct peer *peer, struct capability_header *hdr)
- }
-
- /* validate number field */
-- if (sizeof (struct capability_orf_entry) + (entry.num * 2) > hdr->length)
-+ if (sizeof (struct capability_orf_entry) + (entry.num * 2) != hdr->length)
- {
- zlog_info ("%s ORF Capability entry length error,"
- " Cap length %u, num %u",
-@@ -334,28 +334,6 @@ bgp_capability_orf_entry (struct peer *peer, struct capability_header *hdr)
- }
-
- static int
--bgp_capability_orf (struct peer *peer, struct capability_header *hdr)
--{
-- struct stream *s = BGP_INPUT (peer);
-- size_t end = stream_get_getp (s) + hdr->length;
--
-- assert (stream_get_getp(s) + sizeof(struct capability_orf_entry) <= end);
--
-- /* We must have at least one ORF entry, as the caller has already done
-- * minimum length validation for the capability code - for ORF there must
-- * at least one ORF entry (header and unknown number of pairs of bytes).
-- */
-- do
-- {
-- if (bgp_capability_orf_entry (peer, hdr) == -1)
-- return -1;
-- }
-- while (stream_get_getp(s) + sizeof(struct capability_orf_entry) < end);
--
-- return 0;
--}
--
--static int
- bgp_capability_restart (struct peer *peer, struct capability_header *caphdr)
- {
- struct stream *s = BGP_INPUT (peer);
-@@ -573,7 +551,7 @@ bgp_capability_parse (struct peer *peer, size_t length, int *mp_capability,
- break;
- case CAPABILITY_CODE_ORF:
- case CAPABILITY_CODE_ORF_OLD:
-- if (bgp_capability_orf (peer, &caphdr))
-+ if (bgp_capability_orf_entry (peer, &caphdr))
- return -1;
- break;
- case CAPABILITY_CODE_RESTART:
---
-1.7.5.4
-
diff --git a/meta-networking/recipes-protocols/quagga/files/0001-bgpd-relax-ORF-capability-length-handling.patch b/meta-networking/recipes-protocols/quagga/files/0001-bgpd-relax-ORF-capability-length-handling.patch
deleted file mode 100644
index 0ec02dc861..0000000000
--- a/meta-networking/recipes-protocols/quagga/files/0001-bgpd-relax-ORF-capability-length-handling.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 5e728e929942d39ce5a4ab3d01c33f7b688c4e3f Mon Sep 17 00:00:00 2001
-From: David Lamparter <equinox@opensourcerouting.org>
-Date: Wed, 23 Jan 2013 05:50:24 +0100
-Subject: [PATCH] bgpd: relax ORF capability length handling
-
-Upstream-Status: Backport
-
-commit fe9bb64... "bgpd: CVE-2012-1820, DoS in bgp_capability_orf()"
-made the length test in bgp_capability_orf_entry() stricter and is now
-causing us to refuse (with CEASE) ORF capabilites carrying any excess
-data. This does not conform to the robustness principle as laid out by
-RFC1122 ("be liberal in what you accept").
-
-Even worse, RFC5291 is quite unclear on how to use the ORF capability
-with multiple AFI/SAFIs. It can be interpreted as either "use one
-instance, stuff everything in" but also as "use multiple instances".
-So, if not for applying robustness, we end up clearing sessions from
-implementations going by the former interpretation. (or if anyone dares
-add a byte of padding...)
-
-Cc: Denis Ovsienko <infrastation@yandex.ru>
-Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
----
- bgpd/bgp_open.c | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
-index af711cc..7bf3501 100644
---- a/bgpd/bgp_open.c
-+++ b/bgpd/bgp_open.c
-@@ -230,7 +230,7 @@ bgp_capability_orf_entry (struct peer *peer, struct capability_header *hdr)
- }
-
- /* validate number field */
-- if (sizeof (struct capability_orf_entry) + (entry.num * 2) != hdr->length)
-+ if (sizeof (struct capability_orf_entry) + (entry.num * 2) > hdr->length)
- {
- zlog_info ("%s ORF Capability entry length error,"
- " Cap length %u, num %u",
---
-1.7.5.4
-
diff --git a/meta-networking/recipes-protocols/quagga/files/0001-doc-fix-makeinfo-errors-and-one-warning.patch b/meta-networking/recipes-protocols/quagga/files/0001-doc-fix-makeinfo-errors-and-one-warning.patch
deleted file mode 100644
index 24fdac505a..0000000000
--- a/meta-networking/recipes-protocols/quagga/files/0001-doc-fix-makeinfo-errors-and-one-warning.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From d6cbd8bbc34529a1aff74b5ee73366b89526c961 Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe@deserted.net>
-Date: Fri, 22 Mar 2013 08:54:44 +0000
-Subject: [PATCH] doc: fix makeinfo errors and one warning
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit 4afa50b added few lines that are syntactically incorrect
-with leading plus sign.
-
-Upstream-Status: Backport [http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commit;h=b58c90807c9d0bfa9601704c7490a16070906004]
-
-Cc: Denis Ovsienko <infrastation@yandex.ru>
-Signed-off-by: Timo Teräs <timo.teras@iki.fi>
-Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
-Signed-off-by: Joe MacDonald <joe@deserted.net>
----
- doc/ipv6.texi | 4 ++--
- doc/quagga.texi | 6 +++---
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/doc/ipv6.texi b/doc/ipv6.texi
-index b6cc437..2482c1c 100644
---- a/doc/ipv6.texi
-+++ b/doc/ipv6.texi
-@@ -136,8 +136,8 @@ for the lowest preference possible.
- Default: 0
- @end deffn
-
--+@deffn {Interface Command} {ipv6 nd home-agent-lifetime <0-65520>} {}
--+@deffnx {Interface Command} {no ipv6 nd home-agent-lifetime [<0-65520>]} {}
-+@deffn {Interface Command} {ipv6 nd home-agent-lifetime <0-65520>} {}
-+@deffnx {Interface Command} {no ipv6 nd home-agent-lifetime [<0-65520>]} {}
- The value to be placed in Home Agent Option, when Home Agent config flag is set,
- which indicates to hosts Home Agent Lifetime. The default value of 0 means to
- place the current Router Lifetime value.
-diff --git a/doc/quagga.texi b/doc/quagga.texi
-index ff913aa..b4105ac 100644
---- a/doc/quagga.texi
-+++ b/doc/quagga.texi
-@@ -1,13 +1,13 @@
- \input texinfo @c -*- texinfo -*-
-+@c Set variables - sourced from defines.texi
-+@include defines.texi
-+
- @c %**start of header
- @setchapternewpage odd
- @settitle @uref{http://www.quagga.net,,@value{PACKAGE_NAME}}
- @setfilename quagga.info
- @c %**end of header
-
--@c Set variables - sourced from defines.texi
--@include defines.texi
--
- @c automake will automatically generate version.texi
- @c and set EDITION, VERSION, UPDATED and UPDATED-MONTH
- @include version.texi
---
-1.7.10.4
-
diff --git a/meta-networking/recipes-protocols/quagga/files/0001-ospfd-CVE-2013-2236-stack-overrun-in-apiserver.patch b/meta-networking/recipes-protocols/quagga/files/0001-ospfd-CVE-2013-2236-stack-overrun-in-apiserver.patch
deleted file mode 100644
index 30b05c262f..0000000000
--- a/meta-networking/recipes-protocols/quagga/files/0001-ospfd-CVE-2013-2236-stack-overrun-in-apiserver.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-Subject: [PATCH] ospfd: CVE-2013-2236, stack overrun in apiserver
-
-Upstream-Status: Backport
-
-the OSPF API-server (exporting the LSDB and allowing announcement of
-Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads
-to an exploitable stack overflow.
-
-For this condition to occur, the following two conditions must be true:
-- Quagga is configured with --enable-opaque-lsa
-- ospfd is started with the "-a" command line option
-
-If either of these does not hold, the relevant code is not executed and
-the issue does not get triggered.
-
-Since the issue occurs on receiving large LSAs (larger than 1488 bytes),
-it is possible for this to happen during normal operation of a network.
-In particular, if there is an OSPF router with a large number of
-interfaces, the Router-LSA of that router may exceed 1488 bytes and
-trigger this, leading to an ospfd crash.
-
-For an attacker to exploit this, s/he must be able to inject valid LSAs
-into the OSPF domain. Any best-practice protection measure (using
-crypto authentication, restricting OSPF to internal interfaces, packet
-filtering protocol 89, etc.) will prevent exploitation. On top of that,
-remote (not on an OSPF-speaking network segment) attackers will have
-difficulties bringing up the adjacency needed to inject a LSA.
-
-This patch only performs minimal changes to remove the possibility of a
-stack overrun. The OSPF API in general is quite ugly and needs a
-rewrite.
-
-Reported-by: Ricky Charlet <ricky.charlet@hp.com>
-Cc: Florian Weimer <fweimer@redhat.com>
-Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
----
- ospfd/ospf_api.c | 25 ++++++++++++++++++-------
- 1 files changed, 18 insertions(+), 7 deletions(-)
-
-diff --git a/ospfd/ospf_api.c b/ospfd/ospf_api.c
-index 74a49e3..fae942e 100644
---- a/ospfd/ospf_api.c
-+++ b/ospfd/ospf_api.c
-@@ -472,6 +472,9 @@ new_msg_register_event (u_int32_t seqnum, struct lsa_filter_type *filter)
- emsg->filter.typemask = htons (filter->typemask);
- emsg->filter.origin = filter->origin;
- emsg->filter.num_areas = filter->num_areas;
-+ if (len > sizeof (buf))
-+ len = sizeof(buf);
-+ /* API broken - missing memcpy to fill data */
- return msg_new (MSG_REGISTER_EVENT, emsg, seqnum, len);
- }
-
-@@ -488,6 +491,9 @@ new_msg_sync_lsdb (u_int32_t seqnum, struct lsa_filter_type *filter)
- smsg->filter.typemask = htons (filter->typemask);
- smsg->filter.origin = filter->origin;
- smsg->filter.num_areas = filter->num_areas;
-+ if (len > sizeof (buf))
-+ len = sizeof(buf);
-+ /* API broken - missing memcpy to fill data */
- return msg_new (MSG_SYNC_LSDB, smsg, seqnum, len);
- }
-
-@@ -501,13 +507,15 @@ new_msg_originate_request (u_int32_t seqnum,
- int omsglen;
- char buf[OSPF_API_MAX_MSG_SIZE];
-
-- omsglen = sizeof (struct msg_originate_request) - sizeof (struct lsa_header)
-- + ntohs (data->length);
--
- omsg = (struct msg_originate_request *) buf;
- omsg->ifaddr = ifaddr;
- omsg->area_id = area_id;
-- memcpy (&omsg->data, data, ntohs (data->length));
-+
-+ omsglen = ntohs (data->length);
-+ if (omsglen > sizeof (buf) - offsetof (struct msg_originate_request, data))
-+ omsglen = sizeof (buf) - offsetof (struct msg_originate_request, data);
-+ memcpy (&omsg->data, data, omsglen);
-+ omsglen += sizeof (struct msg_originate_request) - sizeof (struct lsa_header);
-
- return msg_new (MSG_ORIGINATE_REQUEST, omsg, seqnum, omsglen);
- }
-@@ -627,13 +635,16 @@ new_msg_lsa_change_notify (u_char msgtype,
- assert (data);
-
- nmsg = (struct msg_lsa_change_notify *) buf;
-- len = ntohs (data->length) + sizeof (struct msg_lsa_change_notify)
-- - sizeof (struct lsa_header);
- nmsg->ifaddr = ifaddr;
- nmsg->area_id = area_id;
- nmsg->is_self_originated = is_self_originated;
- memset (&nmsg->pad, 0, sizeof (nmsg->pad));
-- memcpy (&nmsg->data, data, ntohs (data->length));
-+
-+ len = ntohs (data->length);
-+ if (len > sizeof (buf) - offsetof (struct msg_lsa_change_notify, data))
-+ len = sizeof (buf) - offsetof (struct msg_lsa_change_notify, data);
-+ memcpy (&nmsg->data, data, len);
-+ len += sizeof (struct msg_lsa_change_notify) - sizeof (struct lsa_header);
-
- return msg_new (msgtype, nmsg, seqnum, len);
- }
---
-1.7.5.4
-
diff --git a/meta-networking/recipes-protocols/quagga/files/build-fix-extract.pl-for-cross-compilation.patch b/meta-networking/recipes-protocols/quagga/files/build-fix-extract.pl-for-cross-compilation.patch
deleted file mode 100644
index 7e5beef30d..0000000000
--- a/meta-networking/recipes-protocols/quagga/files/build-fix-extract.pl-for-cross-compilation.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Upstream-Status: Backport
-
-From ed6e297972318a0070ad4d973401fbc6e0def558 Mon Sep 17 00:00:00 2001
-From: Serj Kalichev <serj.kalichev@gmail.com>
-Date: Fri, 7 Sep 2012 13:29:42 +0400
-Subject: [PATCH] build: fix extract.pl for cross compilation
-
-extract.pl should invoke the C preprocessor for the target system, not the
-host.
-
-* vtysh/extract.pl.in: use @CPP@ to get target cpp
----
- vtysh/extract.pl.in | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/vtysh/extract.pl.in b/vtysh/extract.pl.in
-index 7612aff..4c3a47f 100755
---- a/vtysh/extract.pl.in
-+++ b/vtysh/extract.pl.in
-@@ -63,7 +63,7 @@ $ignore{'"show history"'} = "ignore";
- foreach (@ARGV) {
- $file = $_;
-
-- open (FH, "cpp -DHAVE_CONFIG_H -DVTYSH_EXTRACT_PL -DHAVE_IPV6 -I@top_builddir@ -I@srcdir@/ -I@srcdir@/.. -I@top_srcdir@/lib -I@top_srcdir@/isisd/topology @SNMP_INCLUDES@ @CPPFLAGS@ $file |");
-+ open (FH, "@CPP@ -DHAVE_CONFIG_H -DVTYSH_EXTRACT_PL -DHAVE_IPV6 -I@top_builddir@ -I@srcdir@/ -I@srcdir@/.. -I@top_srcdir@/lib -I@top_srcdir@/isisd/topology @SNMP_INCLUDES@ @CPPFLAGS@ $file |");
- local $/; undef $/;
- $line = <FH>;
- close (FH);
---
-1.7.1
-
diff --git a/meta-networking/recipes-protocols/quagga/files/fix-for-lib-inpath.patch b/meta-networking/recipes-protocols/quagga/files/fix-for-lib-inpath.patch
deleted file mode 100644
index 50f0ad502f..0000000000
--- a/meta-networking/recipes-protocols/quagga/files/fix-for-lib-inpath.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-At first this worked, then I tried a clean build in a directory that
-contained lib in it (oe/build/titan-glibc) and vtysh no longer
-worked. It's test for the lib directory was excepting anything
-containing lib.
-
-With this patch you still cannot have lib in the path anywhere, but
-at least things containing lib will now work.
-
---- quagga-0.99.2/vtysh/extract.pl.in 2005/11/16 04:12:04 1.1
-+++ quagga-0.99.2/vtysh/extract.pl.in 2005/11/16 04:12:16
-@@ -89,7 +89,7 @@
- $cmd =~ s/\s+$//g;
-
- # $protocol is VTYSH_PROTO format for redirection of user input
-- if ($file =~ /lib/) {
-+ if ($file =~ /\/lib\//) {
- if ($file =~ /keychain.c/) {
- $protocol = "VTYSH_RIPD";
- }
diff --git a/meta-networking/recipes-protocols/quagga/files/lingering-IP-address-after-deletion-BZ-486.patch b/meta-networking/recipes-protocols/quagga/files/lingering-IP-address-after-deletion-BZ-486.patch
deleted file mode 100644
index 42bdc20fcb..0000000000
--- a/meta-networking/recipes-protocols/quagga/files/lingering-IP-address-after-deletion-BZ-486.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 7f062c217b262e362a3362c677dea6c5e820adf1 Mon Sep 17 00:00:00 2001
-From: David Lamparter <equinox@diac24.net>
-Date: Mon, 1 Feb 2010 16:41:26 +0100
-Subject: [PATCH] zebra: lingering IP address after deletion (BZ#486)
-
-Upstream-status: Backport
-
-zebra address bookkeeping is a mess. this is just a workaround to have
-IPv4 address deletion somewhat working on Linux.
-
-the if_unset_prefix call is synchronous, when it returns success the
-address deletion completed successfully. this is either signaled by a
-netlink ACK or by an OK return value from ioctl().
-
-This version is wrapped by #ifdef HAVE_NETLINK so we don't touch the
-BSDs for now.
-
-* zebra/interface.c: On Linux, update zebra internal state after
- deleting an address.
-
-Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
----
- zebra/interface.c | 21 ++++++++++++++++++---
- 1 file changed, 18 insertions(+), 3 deletions(-)
-
-diff --git a/zebra/interface.c b/zebra/interface.c
-index 2242259..3578b79 100644
---- a/zebra/interface.c
-+++ b/zebra/interface.c
-@@ -1297,13 +1297,28 @@ ip_address_uninstall (struct vty *vty, struct interface *ifp,
- safe_strerror(errno), VTY_NEWLINE);
- return CMD_WARNING;
- }
-+ /* success! call returned that the address deletion went through.
-+ * this is a synchronous operation, so we know it succeeded and can
-+ * now update all internal state. */
-+
-+ /* the HAVE_NETLINK check is only here because, on BSD, although the
-+ * call above is still synchronous, we get a second confirmation later
-+ * through the route socket, and we don't want to touch that behaviour
-+ * for now. It should work without the #ifdef, but why take the risk...
-+ * -- equinox 2012-07-13 */
-+#ifdef HAVE_NETLINK
-+
-+ /* Remove connected route. */
-+ connected_down_ipv4 (ifp, ifc);
-
--#if 0
- /* Redistribute this information. */
- zebra_interface_address_delete_update (ifp, ifc);
-
-- /* Remove connected route. */
-- connected_down_ipv4 (ifp, ifc);
-+ /* IP address propery set. */
-+ UNSET_FLAG (ifc->conf, ZEBRA_IFC_REAL);
-+
-+ /* remove from interface, remark secondaries */
-+ if_subnet_delete (ifp, ifc);
-
- /* Free address information. */
- listnode_delete (ifp->connected, ifc);
---
-1.7.10.4
-
diff --git a/meta-networking/recipes-protocols/quagga/files/quagga-0.99.17-libcap.patch b/meta-networking/recipes-protocols/quagga/files/quagga-0.99.17-libcap.patch
deleted file mode 100644
index 9563ea2f36..0000000000
--- a/meta-networking/recipes-protocols/quagga/files/quagga-0.99.17-libcap.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 63e97633d01908da6d3776ac61e4033e6fa91e5c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Diego=20Elio=20Petten=C3=B2?= <flameeyes@gmail.com>
-Date: Sun, 5 Sep 2010 18:19:09 +0200
-Subject: [PATCH] build: fix linking position for libcap
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
- * lib/Makefile.am: link libzebra to libcap, since it uses symbols
- from there.
- * zebra/Makefile.am: no need to link libcap here now, since it's not
- used directly (libtool with apply transitive dependencies for
- static linking).
-
-Signed-off-by: Diego Elio Pettenò <flameeyes@gmail.com>
-
-Imported from Gentoo by Paul Eggleton <paul.eggleton@linux.intel.com>
-Upstream-Status: Pending
-
----
- lib/Makefile.am | 2 +-
- zebra/Makefile.am | 5 ++---
- 2 files changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/lib/Makefile.am b/lib/Makefile.am
-index 315e919..6e69993 100644
---- a/lib/Makefile.am
-+++ b/lib/Makefile.am
-@@ -18,7 +18,7 @@ BUILT_SOURCES = memtypes.h route_types.h
-
- libzebra_la_DEPENDENCIES = @LIB_REGEX@
-
--libzebra_la_LIBADD = @LIB_REGEX@
-+libzebra_la_LIBADD = @LIB_REGEX@ $(LIBCAP)
-
- pkginclude_HEADERS = \
- buffer.h checksum.h command.h filter.h getopt.h hash.h \
-diff --git a/zebra/Makefile.am b/zebra/Makefile.am
-index 542f36f..d09a209 100644
---- a/zebra/Makefile.am
-+++ b/zebra/Makefile.am
-@@ -5,7 +5,6 @@ DEFS = @DEFS@ -DSYSCONFDIR=\"$(sysconfdir)/\" -DMULTIPATH_NUM=@MULTIPATH_NUM@
- INSTALL_SDATA=@INSTALL@ -m 600
-
- LIB_IPV6 = @LIB_IPV6@
--LIBCAP = @LIBCAP@
-
- ipforward = @IPFORWARD@
- if_method = @IF_METHOD@
-@@ -39,9 +38,9 @@ noinst_HEADERS = \
- connected.h ioctl.h rib.h rt.h zserv.h redistribute.h debug.h rtadv.h \
- interface.h ipforward.h irdp.h router-id.h kernel_socket.h
-
--zebra_LDADD = $(otherobj) $(LIBCAP) $(LIB_IPV6) ../lib/libzebra.la
-+zebra_LDADD = $(otherobj) ../lib/libzebra.la $(LIB_IPV6)
-
--testzebra_LDADD = $(LIBCAP) $(LIB_IPV6) ../lib/libzebra.la
-+testzebra_LDADD = ../lib/libzebra.la $(LIB_IPV6)
-
- zebra_DEPENDENCIES = $(otherobj)
-
---
-1.7.2.2
-
diff --git a/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch b/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch
deleted file mode 100644
index fde9e0ca81..0000000000
--- a/meta-networking/recipes-protocols/quagga/files/quagga-fix-CVE-2013-6051.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-
-From 8794e8d229dc9fe29ea31424883433d4880ef408
-From: Paul Jakma <paul@quagga.net>
-Date: Mon, 13 Feb 2012 13:53:07 +0000
-Subject: bgpd: Fix regression in args consolidation, total should be inited from args
-
-bgpd: Fix regression in args consolidation, total should be inited from args
-
-* bgp_attr.c: (bgp_attr_unknown) total should be initialised from the args.
-
-Upstream-Status: Backport
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
----
-
-diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
-index 65af824..839f64d 100644
---- a/bgpd/bgp_attr.c
-+++ b/bgpd/bgp_attr.c
-
-@@ -1646,7 +1646,7 @@
- static bgp_attr_parse_ret_t
- bgp_attr_unknown (struct bgp_attr_parser_args *args)
- {
-- bgp_size_t total;
-+ bgp_size_t total = args->total;
- struct transit *transit;
- struct attr_extra *attre;
- struct peer *const peer = args->peer;
diff --git a/meta-networking/recipes-protocols/quagga/files/work-with-new-readline.patch b/meta-networking/recipes-protocols/quagga/files/work-with-new-readline.patch
deleted file mode 100644
index 2bd333a70a..0000000000
--- a/meta-networking/recipes-protocols/quagga/files/work-with-new-readline.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 66df315d2a270a254c613a4d2e72c0ea47f15a71 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Thu, 27 Mar 2014 09:35:29 +0000
-Subject: [PATCH] vtysh/vtysh.c: works with new readline
-
-The Function and CPPFunction had been removed by in readline 6.3, use
-the new functions to replace them.
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- vtysh/vtysh.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c
-index 431c08e..fdd82fb 100644
---- a/vtysh/vtysh.c
-+++ b/vtysh/vtysh.c
-@@ -2212,9 +2212,9 @@ void
- vtysh_readline_init (void)
- {
- /* readline related settings. */
-- rl_bind_key ('?', (Function *) vtysh_rl_describe);
-+ rl_bind_key ('?', (rl_command_func_t *) vtysh_rl_describe);
- rl_completion_entry_function = vtysh_completion_entry_function;
-- rl_attempted_completion_function = (CPPFunction *)new_completion;
-+ rl_attempted_completion_function = (rl_completion_func_t *)new_completion;
- /* do not append space after completion. It will be appended
- * in new_completion() function explicitly. */
- rl_completion_append_character = '\0';
---
-1.8.3.4
-
diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc b/meta-networking/recipes-protocols/quagga/quagga.inc
index 5ab43b300e..7d4211a994 100644
--- a/meta-networking/recipes-protocols/quagga/quagga.inc
+++ b/meta-networking/recipes-protocols/quagga/quagga.inc
@@ -12,10 +12,8 @@ DEPENDS = "readline ncurses perl-native"
DEPENDS += "${@base_contains('DISTRO_FEATURES', 'snmp', 'net-snmp', '', d)}"
SNMP_CONF="${@base_contains('DISTRO_FEATURES', 'snmp', '--enable-snmp', '', d)}"
-LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b \
- file://COPYING.LIB;md5=f30a9716ef3762e3467a2f62bf790f0a"
-
-INC_PR = "r2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=81bcece21748c91ba9992349a91ec11d \
+ file://COPYING.LIB;md5=01ef24401ded36cd8e5d18bfe947240c"
# the "ip" command from busybox is not sufficient (flush by protocol flushes all routes)
RDEPENDS_${PN} += "iproute2"
@@ -23,10 +21,7 @@ RDEPENDS_${PN} += "iproute2"
QUAGGASUBDIR = ""
# ${QUAGGASUBDIR} is deal with old versions. Set to "/attic" for old
# versions and leave it empty for recent versions.
-SRC_URI = "${SAVANNAH_GNU_MIRROR}/quagga${QUAGGASUBDIR}/quagga-${PV}.tar.gz;name=quagga-${PV} \
- file://fix-for-lib-inpath.patch \
- file://quagga-0.99.17-libcap.patch \
- file://quagga-fix-CVE-2013-6051.patch \
+SRC_URI = "${SAVANNAH_GNU_MIRROR}/quagga${QUAGGASUBDIR}/quagga-${PV}.tar.gz; \
file://Zebra-sync-zebra-routing-table-with-the-kernel-one.patch \
file://quagga.init \
file://quagga.default \
@@ -36,8 +31,6 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/quagga${QUAGGASUBDIR}/quagga-${PV}.tar.gz;name
file://quagga.pam \
file://ripd-fix-two-bugs-after-received-SIGHUP.patch \
file://quagga-Avoid-duplicate-connected-address.patch \
- file://0001-bgpd-CVE-2012-1820-DoS-in-bgp_capability_orf.patch \
- file://0001-bgpd-relax-ORF-capability-length-handling.patch \
"
PACKAGECONFIG ??= "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}"
diff --git a/meta-networking/recipes-protocols/quagga/quagga_0.99.21.bb b/meta-networking/recipes-protocols/quagga/quagga_0.99.21.bb
deleted file mode 100644
index 596d703395..0000000000
--- a/meta-networking/recipes-protocols/quagga/quagga_0.99.21.bb
+++ /dev/null
@@ -1,16 +0,0 @@
-require quagga.inc
-
-PR = "${INC_PR}.0"
-
-SRC_URI += "file://0001-doc-fix-makeinfo-errors-and-one-warning.patch \
- file://lingering-IP-address-after-deletion-BZ-486.patch \
- file://build-fix-extract.pl-for-cross-compilation.patch \
- file://babel-close-the-stdout-stderr-as-in-other-daemons.patch \
- file://work-with-new-readline.patch \
- file://0001-ospfd-CVE-2013-2236-stack-overrun-in-apiserver.patch \
-"
-
-SRC_URI[quagga-0.99.21.md5sum] = "99840adbe57047c90dfba6b6ed9aec7f"
-SRC_URI[quagga-0.99.21.sha256sum] = "9b8aea9026b4771a28e254a66cbd854723bcd0d71eebd0201d11838d4eb392ee"
-
-QUAGGASUBDIR = ""
diff --git a/meta-networking/recipes-protocols/quagga/quagga_0.99.23.bb b/meta-networking/recipes-protocols/quagga/quagga_0.99.23.bb
new file mode 100644
index 0000000000..a56767e518
--- /dev/null
+++ b/meta-networking/recipes-protocols/quagga/quagga_0.99.23.bb
@@ -0,0 +1,9 @@
+require quagga.inc
+
+SRC_URI += "file://babel-close-the-stdout-stderr-as-in-other-daemons.patch \
+"
+
+SRC_URI[md5sum] = "d17145e62b6ea14f0f13bb63f59e5166"
+SRC_URI[sha256sum] = "2c7798204f35dc7acea9f206647e8aa3957cae3b21733cdff413b506481a101c"
+
+QUAGGASUBDIR = ""