commit 15fe4b715c93db2cd1ad1f4a1cab7da91ba48eb0
Author: David Lamparter <equinox@diac24.net>
Date:   Mon Sep 2 14:58:10 2013 +0200

    release: 0.99.22.4
    
    This is a maintenance release, containing a set of regression fixes plus
    some protective LSA validation in OSPF.
    
    * configure.ac: Bump to 0.99.22.3

commit 05b3325b49cdf3ad862da92415e305282a7b9d2a
Author: Greg Troxel <gdt@ir.bbn.com>
Date:   Wed Aug 7 10:11:46 2013 -0400

    doc: Update NEWS for pending 0.99.22.4 release.

commit 0fb1102198d151532fb65d2271bf8246a21389b1
Author: David Lamparter <equinox@diac24.net>
Date:   Fri Aug 2 07:27:53 2013 +0000

    ospfd: protect vs. VU#229804 (malformed Router-LSA)
    
    VU#229804 reports that, by injecting Router LSAs with the Advertising
    Router ID different from the Link State ID, OSPF implementations can be
    tricked into retaining and using invalid information.
    
    Quagga is not vulnerable to this because it looks up Router LSAs by
    (Router-ID, LS-ID) pair.  The relevant code is in ospf_lsa.c l.3140.
    Note the double "id" parameter at the end.
    
    Still, we can provide an improvement here by discarding such malformed
    LSAs and providing a warning to the administrator.  While we cannot
    prevent such malformed LSAs from entering the OSPF domain, we can
    certainly try to limit their distribution.
    
    cf. http://www.kb.cert.org/vuls/id/229804 for the vulnerability report.
    This issue is a specification issue in the OSPF protocol that was
    discovered by Dr. Gabi Nakibly.
    
    Reported-by: CERT Coordination Center <cert@cert.org>
    Signed-off-by: David Lamparter <equinox@opensourcerouting.org>

commit 7921ecd3a8430bab25a578a218d69e1a79771397
Author: Christian Franke <chris@opensourcerouting.org>
Date:   Sat May 25 14:01:36 2013 +0000

    bgpd, zebra: support NEXTHOP_IPV4_IFINDEX in bgp import check
    
    Signed-off-by: Christian Franke <chris@opensourcerouting.org>
    Signed-off-by: David Lamparter <equinox@opensourcerouting.org>

commit d533f88e4b149cdbfcae5537109d8f7d8b7d2280
Author: Christian Franke <chris@opensourcerouting.org>
Date:   Sat May 25 14:01:35 2013 +0000

    bgpd, zebra: Support NEXTHOP_IPV4_IFINDEX in nexthop_lookup api
    
    Since commit ba281d3d040, ospfd uses NEXTHOP_IPV4_IFINDEX
    routes. The API between zebra and bgpd which is used to query
    nexthops for recursive routes did not support this nexthop
    type and therefore, ospf changes (or any other IGP changes
    which use NEXTHOP_IPV4_IFINDEX) would never trigger any
    recursive route update.
    
    Signed-off-by: Christian Franke <chris@opensourcerouting.org>
    Signed-off-by: David Lamparter <equinox@opensourcerouting.org>

commit 018f4d8dcb28b475b1d1c46ebe0ea3bbf6421f8a
Author: Christian Franke <chris@opensourcerouting.org>
Date:   Sat May 25 14:01:34 2013 +0000

    zebra: improve display of NEXTHOP_IPV4_IFINDEX in show ip route
    
    Signed-off-by: Christian Franke <chris@opensourcerouting.org>
    Signed-off-by: David Lamparter <equinox@opensourcerouting.org>