Debian Patches
Status for bird2/2.17.1-1+deb13u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| backport-01-8f5b2196 | Conf: Fix invalid check in text_or_ipa grammar Can cause crash when a bad expression is used. |
Ondrej Zajicek <santiago@crfreenet.org> | no | 2025-05-06 | ||
| backport-02-067f361d | Nest: Function aspa_check() should return ASPA_INVALID for paths containing AS_SET The aspa_check() uses as_path_getlen() to estimate the size of a buffer, which does not work for AS_SET segments, because as_path_getlen() returns length 1 for them regardless of their length. This may cause buffer overflow and crash. As AS_SET segments are not valid for ASPA verification, we can just handle them explicitly. See https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-aspa-verification#section-6 Minor changes by committer. |
Evann DREUMONT <53308142+LeGmask@users.noreply.github.com> | no | 2025-09-02 | ||
| backport-03-f8770e81 | BMP: Fix crash when exporting a route with non-bgp attributes | Maria Matejka <mq@ucw.cz> | no | 2025-11-20 | ||
| backport-04-c4d54c21 | RAdv: Fix flags for deprecated prefixes When a prefix is deprecated (valid_lifetime == 0), it should be announced with the same flags as before. The old code announced it without any flags, which leads to being ignored by recipients. Note that a prefix could be depreacted for two reason - it is removed from the interface, or it is deconfigured in BIRD configuration. Thanks to Michael Saxl for the bugreport. |
Ondrej Zajicek <santiago@crfreenet.org> | no | 2025-11-27 | ||
| backport-05-1867ffa | Netlink: Fix handling of RTAX_CC_ALGO netlink attribute The kernel-provided congestion control algorithm (RTAX_CC_ALGO) is stored in an EAF_TYPE_STRING adata blob without the terminating NULL. When exporting metrics back to netlink, the value is treated as a C string and passed to nl_add_attr_str(), which uses strlen(str)+1. This may read past the allocated adata and leak adjacent memory or crash. Minor change by committer. diff --git a/sysdep/linux/netlink.c b/sysdep/linux/netlink.c index 299f132fe..8be5112c4 100644 |
Joshua Rogers <MegaManSec@users.noreply.github.com> | no | 2026-02-10 | ||
| backport-06-9c7d028 | Lib: Fix mem_hash_mix_str() infinite loop/OOB read diff --git a/lib/hash.h b/lib/hash.h index 3c173958f..41409e47e 100644 |
Joshua Rogers <MegaManSec@users.noreply.github.com> | no | 2026-02-10 | ||
| backport-07-cad5353 | Filter: Fix string ordering Function strcmp() returns negative / 0 / positive, but val_compare() is expected to return -1 / 0 / 1. diff --git a/filter/data.c b/filter/data.c index f5a9e5eec..a685aa1a4 100644 |
Ondrej Zajicek <santiago@crfreenet.org> | no | 2026-02-10 | ||
| backport-08-b143f6e | Filter: Fix definition after label diff --git a/filter/data.c b/filter/data.c index a685aa1a4..eb0612c63 100644 |
Ondrej Zajicek <santiago@crfreenet.org> | no | 2026-02-10 | ||
| backport-09-f7eb6f1 | Nest: Fix route update after preference change The route preference was ignored in route comparison, therefore if a protocol changed it and then reloaded routes, they were ignored and routes with the old prefernce were kept. The bug was introduced 5 years ago, when preference was moved from struct rte to struct rta. diff --git a/nest/rt-attr.c b/nest/rt-attr.c index 7c49af174..e10e1ecbf 100644 |
Ondrej Zajicek <santiago@crfreenet.org> | no | 2025-05-29 | ||
| backport-10-87a77ae | BGP: Do route refresh after preference change Reconfiguration of preference is handled by nest code by asking for reload, but in case of BGP with import table, that just reloaded routes with the old preference. In BGP, we can handle that by triggering full route refresh. Although, it would be probably better to set preference in nest, when a route is propagated from the import table. diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c index c8f90fadb..203715258 100644 |
Ondrej Zajicek <santiago@crfreenet.org> | no | 2025-06-03 | ||
| backport-11-3c83997 | BGP: Restart if route refresh is impossible on attribute change In previous commit, we force route refresh when some protocol attributes change. Yet, when the neighbor doesn't support route refresh, we have to restart the session, not send an unsupported request. enabled, we keep the stale routes until the neighbor converges again. Related to #268 diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c index 203715258..d38666fab 100644 |
Maria Matejka <mq@ucw.cz> | no | 2025-06-04 | ||
| backport-12-de64c80 | BGP: restart on outgoing next hop setting change When next hop self / keep / address changed, BGP only reloaded the exports but it didn't apply the changes. To fix this problem before actually implementing a proper change detection algorithm, we restart the protocol if this setting changes. Fixes #280. diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c index d38666fab..d8a4a69eb 100644 |
Maria Matejka <mq@ucw.cz> | no | 2025-06-25 | ||
| backport-13-b4e228d | BGP: Do not restart when next hop keep/self is changed The change in dade7147eb6b62b2d58d478a370baef513d96975 forces BGP to restart even if next hop self and next hop keep changes, which can be updated just by reloading export, while explicit next hop address can not. Related to #280. diff --git a/doc/bird.sgml b/doc/bird.sgml index 3e024f4c1..6595dc327 100644 |
Maria Matejka <mq@ucw.cz> | no | 2025-07-29 | ||
| backport-14-4be9672 | Filter: Document and extend ASPA verification tests These extensions minimalistically replicate the downstream bug reported by Evann DREUMONT. (See next commit.) diff --git a/filter/test.conf b/filter/test.conf index 3df9b6975..18a531ada 100644 |
Maria Matejka <mq@ucw.cz> | no | 2026-03-14 | ||
| backport-15-650e2fa | ASPA: Finish official test case coverage This commit implements missing test cases based on the official ASPA path verification examples to expand coverage. Also, one of the custom test was incorrect, because while there is no valid ASPA this could be seen, from a downstream perspective, as peering. This commit was originally a complete fix of the ASPA verification. Reduced significantly by committer. diff --git a/filter/test.conf b/filter/test.conf index 18a531ada..c21d74614 100644 |
Evann DREUMONT <evann@grifon.fr> | no | 2026-02-07 | ||
| backport-16-3beb709 | ASPA: Fix downstream check for two-point apex The ASPA algorithm is quite complex if one wants to execute it fast. Most notably, the performance-critical part is looking up the ASPA records, and we are trying to reduce that to minimum. Yet, in that effort, we missed the fact that in the downstream algorithm, the down-ramp and up-ramp may touch, i.e. their top ends have a lateral peering. The original idea was to find the point where the down-ramp is impossible to be extended, and from there on, the algorithm is basically just the upstream algorithm. But it isn't, most notably with the lateral peering scenario it is much more complex than this. This issue was discovered by several people, and got a fix submitted by Evann DREUMONT. That fix was correct but replaced the algorithm too deeply. We don't want to do such large changes (including semantics) inside the stable versions, and we have some more plans with all of this considering performance, as soon as more ASPA records emerge. This patch therefore simply removes the force_upstream shortcut from where the down ramp is terminated, fixes the downstream code so that it works without that shortcut, and explicitly allows the two-apex downstream scenario. diff --git a/nest/rt-table.c b/nest/rt-table.c index ed364d351..1d50e5d05 100644 |
Maria Matejka <mq@ucw.cz> | no | 2026-03-14 | ||
| backport-17-954b305 | Log: Set a reasonable lower bound for the log file size limit The log rotation needs a minimal file size. The 16 kB limit imposed by this commit effectively allows about 150 lines to fit into one file, and by that all the accompanying log messages (e.g. with debug latency) fit into there and don't cause another rotation. diff --git a/sysdep/unix/config.Y b/sysdep/unix/config.Y index f4e70d198..be85848de 100644 |
Maria Matejka <mq@ucw.cz> | no | 2026-03-19 |
All known versions for source package 'bird2'
- 2.18.1-1 (forky, sid)
- 2.17.1-1+deb13u2 (trixie)
- 2.0.12-7 (bookworm)