rpms
/
frr
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import frr-8.3.1-5.el9

Browse Source
c9-beta imports/c9-beta/frr-8.3.1-5.el9
CentOS Sources 2 years ago committed by MSVSphere Packaging Team
commit 7ffefebdf7
16 changed files with 1282 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
.frr.metadata
Unescape View File

@ -0,0 +1,2 @@
467835eb73a6018948fd667663ce68282cf6d16b SOURCES/frr-8.3.1.tar.gz
e25979fad0e873cd0196e528cae570ba18c11a8f SOURCES/frr.if

2
.gitignore vendored
Unescape View File

@ -0,0 +1,2 @@
SOURCES/frr-8.3.1.tar.gz
SOURCES/frr.if

55
SOURCES/0000-remove-babeld-and-ldpd.patch
Unescape View File

@ -0,0 +1,55 @@
diff --git a/Makefile.am b/Makefile.am
index 5be3264..33abc1d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -130,8 +130,6 @@ include ospf6d/subdir.am
include ospfclient/subdir.am
include isisd/subdir.am
include nhrpd/subdir.am
-include ldpd/subdir.am
-include babeld/subdir.am
include eigrpd/subdir.am
include sharpd/subdir.am
include pimd/subdir.am
@@ -182,7 +180,6 @@ EXTRA_DIST += \
snapcraft/defaults \
snapcraft/helpers \
snapcraft/snap \
- babeld/Makefile \
bgpd/Makefile \
bgpd/rfp-example/librfp/Makefile \
bgpd/rfp-example/rfptest/Makefile \
@@ -193,7 +190,6 @@ EXTRA_DIST += \
fpm/Makefile \
grpc/Makefile \
isisd/Makefile \
- ldpd/Makefile \
lib/Makefile \
nhrpd/Makefile \
ospf6d/Makefile \
diff --git a/tools/etc/frr/daemons b/tools/etc/frr/daemons
index f6d512b..6d4831d 100644
--- a/tools/etc/frr/daemons
+++ b/tools/etc/frr/daemons
@@ -21,10 +21,8 @@ ripd=no
ripngd=no
isisd=no
pimd=no
-ldpd=no
nhrpd=no
eigrpd=no
-babeld=no
sharpd=no
pbrd=no
bfdd=no
@@ -45,10 +43,8 @@ ripd_options=" -A 127.0.0.1"
ripngd_options=" -A ::1"
isisd_options=" -A 127.0.0.1"
pimd_options=" -A 127.0.0.1"
-ldpd_options=" -A 127.0.0.1"
nhrpd_options=" -A 127.0.0.1"
eigrpd_options=" -A 127.0.0.1"
-babeld_options=" -A 127.0.0.1"
sharpd_options=" -A 127.0.0.1"
pbrd_options=" -A 127.0.0.1"
staticd_options="-A 127.0.0.1"

78
SOURCES/0002-enable-openssl.patch
Unescape View File

@ -0,0 +1,78 @@
diff --git a/lib/subdir.am b/lib/subdir.am
index 0b7af18..0533e24 100644
--- a/lib/subdir.am
+++ b/lib/subdir.am
@@ -41,7 +41,6 @@ lib_libfrr_la_SOURCES = \
lib/log.c \
lib/log_filter.c \
lib/log_vty.c \
- lib/md5.c \
lib/memory.c \
lib/mlag.c \
lib/module.c \
@@ -64,7 +64,6 @@ lib_libfrr_la_SOURCES = \
lib/routemap_northbound.c \
lib/sbuf.c \
lib/seqlock.c \
- lib/sha256.c \
lib/sigevent.c \
lib/skiplist.c \
lib/sockopt.c \
@@ -170,7 +170,6 @@ pkginclude_HEADERS += \
lib/link_state.h \
lib/log.h \
lib/log_vty.h \
- lib/md5.h \
lib/memory.h \
lib/module.h \
lib/monotime.h \
@@ -191,7 +190,6 @@ pkginclude_HEADERS += \
lib/route_opaque.h \
lib/sbuf.h \
lib/seqlock.h \
- lib/sha256.h \
lib/sigevent.h \
lib/skiplist.h \
lib/smux.h \
diff --git a/isisd/isis_lsp.c b/isisd/isis_lsp.c
index 1991666..2e4fe55 100644
--- a/isisd/isis_lsp.c
+++ b/isisd/isis_lsp.c
@@ -35,7 +35,9 @@
#include "hash.h"
#include "if.h"
#include "checksum.h"
+#ifdef CRYPTO_INTERNAL
#include "md5.h"
+#endif
#include "table.h"
#include "srcdest_table.h"
#include "lib_errors.h"
diff --git a/isisd/isis_pdu.c b/isisd/isis_pdu.c
index 9c63311..7cf594c 100644
--- a/isisd/isis_pdu.c
+++ b/isisd/isis_pdu.c
@@ -33,7 +33,9 @@
#include "prefix.h"
#include "if.h"
#include "checksum.h"
+#ifdef CRYPTO_INTERNAL
#include "md5.h"
+#endif
#include "lib_errors.h"
#include "isisd/isis_constants.h"
diff --git a/isisd/isis_te.c b/isisd/isis_te.c
index 4ea6c2c..72ff0d2 100644
--- a/isisd/isis_te.c
+++ b/isisd/isis_te.c
@@ -38,7 +38,9 @@
#include "if.h"
#include "vrf.h"
#include "checksum.h"
+#ifdef CRYPTO_INTERNAL
#include "md5.h"
+#endif
#include "sockunion.h"
#include "network.h"
#include "sbuf.h"

252
SOURCES/0003-disable-eigrp-crypto.patch
Unescape View File

@ -0,0 +1,252 @@
diff --git a/eigrpd/eigrp_packet.c b/eigrpd/eigrp_packet.c
index bedaf15..8dc09bf 100644
--- a/eigrpd/eigrp_packet.c
+++ b/eigrpd/eigrp_packet.c
@@ -40,8 +40,10 @@
#include "log.h"
#include "sockopt.h"
#include "checksum.h"
+#ifdef CRYPTO_INTERNAL
#include "md5.h"
#include "sha256.h"
+#endif
#include "lib_errors.h"
#include "eigrpd/eigrp_structs.h"
@@ -95,8 +97,12 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
struct key *key = NULL;
struct keychain *keychain;
+
unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN];
+#ifdef CRYPTO_OPENSSL
+#elif CRYPTO_INTERNAL
MD5_CTX ctx;
+#endif
uint8_t *ibuf;
size_t backup_get, backup_end;
struct TLV_MD5_Authentication_Type *auth_TLV;
@@ -119,6 +125,9 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
return EIGRP_AUTH_TYPE_NONE;
}
+#ifdef CRYPTO_OPENSSL
+//TBD when this is fixed in upstream
+#elif CRYPTO_INTERNAL
memset(&ctx, 0, sizeof(ctx));
MD5Init(&ctx);
@@ -146,7 +155,7 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
}
MD5Final(digest, &ctx);
-
+#endif
/* Append md5 digest to the end of the stream. */
memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_MD5_LEN);
@@ -162,7 +171,10 @@ int eigrp_check_md5_digest(struct stream *s,
struct TLV_MD5_Authentication_Type *authTLV,
struct eigrp_neighbor *nbr, uint8_t flags)
{
+#ifdef CRYPTO_OPENSSL
+#elif CRYPTO_INTERNAL
MD5_CTX ctx;
+#endif
unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN];
unsigned char orig[EIGRP_AUTH_TYPE_MD5_LEN];
struct key *key = NULL;
@@ -203,6 +215,9 @@ int eigrp_check_md5_digest(struct stream *s,
return 0;
}
+#ifdef CRYPTO_OPENSSL
+ //TBD when eigrpd crypto is fixed in upstream
+#elif CRYPTO_INTERNAL
memset(&ctx, 0, sizeof(ctx));
MD5Init(&ctx);
@@ -230,6 +245,7 @@ int eigrp_check_md5_digest(struct stream *s,
}
MD5Final(digest, &ctx);
+#endif
/* compare the two */
if (memcmp(orig, digest, EIGRP_AUTH_TYPE_MD5_LEN) != 0) {
@@ -254,7 +270,11 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
unsigned char digest[EIGRP_AUTH_TYPE_SHA256_LEN];
unsigned char buffer[1 + PLAINTEXT_LENGTH + 45 + 1] = {0};
+#ifdef CRYPTO_OPENSSL
+ //TBD when eigrpd crypto is fixed in upstream
+#elif CRYPTO_INTERNAL
HMAC_SHA256_CTX ctx;
+#endif
void *ibuf;
size_t backup_get, backup_end;
struct TLV_SHA256_Authentication_Type *auth_TLV;
@@ -283,6 +303,9 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
inet_ntop(AF_INET, &ei->address.u.prefix4, source_ip, PREFIX_STRLEN);
+#ifdef CRYPTO_OPENSSL
+ //TBD when eigrpd crypto is fixed in upstream
+#elif CRYPTO_INTERNAL
memset(&ctx, 0, sizeof(ctx));
buffer[0] = '\n';
memcpy(buffer + 1, key, strlen(key->string));
@@ -291,7 +314,7 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
1 + strlen(key->string) + strlen(source_ip));
HMAC__SHA256_Update(&ctx, ibuf, strlen(ibuf));
HMAC__SHA256_Final(digest, &ctx);
-
+#endif
/* Put hmac-sha256 digest to it's place */
memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_SHA256_LEN);
diff --git a/eigrpd/eigrp_filter.c b/eigrpd/eigrp_filter.c
index 93eed94..f1c7347 100644
--- a/eigrpd/eigrp_filter.c
+++ b/eigrpd/eigrp_filter.c
@@ -47,7 +47,9 @@
#include "if_rmap.h"
#include "plist.h"
#include "distribute.h"
+#ifdef CRYPTO_INTERNAL
#include "md5.h"
+#endif
#include "keychain.h"
#include "privs.h"
#include "vrf.h"
diff --git a/eigrpd/eigrp_hello.c b/eigrpd/eigrp_hello.c
index dacd5ca..b232cc5 100644
--- a/eigrpd/eigrp_hello.c
+++ b/eigrpd/eigrp_hello.c
@@ -43,7 +43,9 @@
#include "sockopt.h"
#include "checksum.h"
#include "vty.h"
+#ifdef CRYPTO_INTERNAL
#include "md5.h"
+#endif
#include "eigrpd/eigrp_structs.h"
#include "eigrpd/eigrpd.h"
diff --git a/eigrpd/eigrp_query.c b/eigrpd/eigrp_query.c
index 84dcf5e..a2575e3 100644
--- a/eigrpd/eigrp_query.c
+++ b/eigrpd/eigrp_query.c
@@ -38,7 +38,9 @@
#include "log.h"
#include "sockopt.h"
#include "checksum.h"
+#ifdef CRYPTO_INTERNAL
#include "md5.h"
+#endif
#include "vty.h"
#include "eigrpd/eigrp_structs.h"
diff --git a/eigrpd/eigrp_reply.c b/eigrpd/eigrp_reply.c
index ccf0496..2902365 100644
--- a/eigrpd/eigrp_reply.c
+++ b/eigrpd/eigrp_reply.c
@@ -42,7 +42,9 @@
#include "log.h"
#include "sockopt.h"
#include "checksum.h"
+#ifdef CRYPTO_INTERNAL
#include "md5.h"
+#endif
#include "vty.h"
#include "keychain.h"
#include "plist.h"
diff --git a/eigrpd/eigrp_siaquery.c b/eigrpd/eigrp_siaquery.c
index ff38325..09b9369 100644
--- a/eigrpd/eigrp_siaquery.c
+++ b/eigrpd/eigrp_siaquery.c
@@ -38,7 +38,9 @@
#include "log.h"
#include "sockopt.h"
#include "checksum.h"
+#ifdef CRYPTO_INTERNAL
#include "md5.h"
+#endif
#include "vty.h"
#include "eigrpd/eigrp_structs.h"
diff --git a/eigrpd/eigrp_siareply.c b/eigrpd/eigrp_siareply.c
index d3dd123..f6a2bd6 100644
--- a/eigrpd/eigrp_siareply.c
+++ b/eigrpd/eigrp_siareply.c
@@ -37,7 +37,9 @@
#include "log.h"
#include "sockopt.h"
#include "checksum.h"
+#ifdef CRYPTO_INTERNAL
#include "md5.h"
+#endif
#include "vty.h"
#include "eigrpd/eigrp_structs.h"
diff --git a/eigrpd/eigrp_snmp.c b/eigrpd/eigrp_snmp.c
index 21c9238..cfb8890 100644
--- a/eigrpd/eigrp_snmp.c
+++ b/eigrpd/eigrp_snmp.c
@@ -42,7 +42,9 @@
#include "log.h"
#include "sockopt.h"
#include "checksum.h"
+#ifdef CRYPTO_INTERNAL
#include "md5.h"
+#endif
#include "keychain.h"
#include "smux.h"
diff --git a/eigrpd/eigrp_update.c b/eigrpd/eigrp_update.c
index 8db4903..2a4f0bb 100644
--- a/eigrpd/eigrp_update.c
+++ b/eigrpd/eigrp_update.c
@@ -42,7 +42,9 @@
#include "log.h"
#include "sockopt.h"
#include "checksum.h"
+#ifdef CRYPTO_INTERNAL
#include "md5.h"
+#endif
#include "vty.h"
#include "plist.h"
#include "plist_int.h"
diff --git a/eigrpd/eigrp_cli.c b/eigrpd/eigrp_cli.c
index a93d4c8..b01e121 100644
--- a/eigrpd/eigrp_cli.c
+++ b/eigrpd/eigrp_cli.c
@@ -25,6 +25,7 @@
#include "lib/command.h"
#include "lib/log.h"
#include "lib/northbound_cli.h"
+#include "lib/libfrr.h"
#include "eigrp_structs.h"
#include "eigrpd.h"
@@ -726,6 +726,20 @@ DEFPY(
"Keyed message digest\n"
"HMAC SHA256 algorithm \n")
{
+ //EIGRP authentication is currently broken in FRR
+ switch (frr_get_cli_mode()) {
+ case FRR_CLI_CLASSIC:
+ vty_out(vty, "%% Eigrp Authentication is disabled\n\n");
+ break;
+ case FRR_CLI_TRANSACTIONAL:
+ vty_out(vty,
+ "%% Failed to edit candidate configuration - "
+ "Eigrp Authentication is disabled.\n\n");
+ break;
+ }
+
+ return CMD_WARNING_CONFIG_FAILED;
+
char xpath[XPATH_MAXLEN], xpath_auth[XPATH_MAXLEN + 64];
snprintf(xpath, sizeof(xpath), "./frr-eigrpd:eigrp/instance[asn='%s']",

103
SOURCES/0004-fips-mode.patch
Unescape View File

@ -0,0 +1,103 @@
diff --git a/ospfd/ospf_vty.c b/ospfd/ospf_vty.c
index 631465f..e084ff3 100644
--- a/ospfd/ospf_vty.c
+++ b/ospfd/ospf_vty.c
@@ -1136,6 +1136,11 @@ DEFUN (ospf_area_vlink,
if (argv_find(argv, argc, "message-digest", &idx)) {
/* authentication message-digest */
+ if(FIPS_mode())
+ {
+ vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
vl_config.auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
} else if (argv_find(argv, argc, "null", &idx)) {
/* "authentication null" */
@@ -1993,6 +1998,15 @@ DEFUN (ospf_area_authentication_message_digest,
? OSPF_AUTH_NULL
: OSPF_AUTH_CRYPTOGRAPHIC;
+ if(area->auth_type == OSPF_AUTH_CRYPTOGRAPHIC)
+ {
+ if(FIPS_mode())
+ {
+ vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+ }
+
return CMD_SUCCESS;
}
@@ -6665,6 +6679,11 @@ DEFUN (ip_ospf_authentication_args,
/* Handle message-digest authentication */
if (argv[idx_encryption]->arg[0] == 'm') {
+ if(FIPS_mode())
+ {
+ vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
SET_IF_PARAM(params, auth_type);
params->auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
return CMD_SUCCESS;
@@ -6971,6 +6990,11 @@ DEFUN (ip_ospf_message_digest_key,
"The OSPF password (key)\n"
"Address of interface\n")
{
+ if(FIPS_mode())
+ {
+ vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
VTY_DECLVAR_CONTEXT(interface, ifp);
struct crypt_key *ck;
uint8_t key_id;
diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c
index 81b4b39..cce33d9 100644
--- a/isisd/isis_circuit.c
+++ b/isisd/isis_circuit.c
@@ -1318,6 +1318,10 @@ static int isis_circuit_passwd_set(struct isis_circuit *circuit,
return ferr_code_bug(
"circuit password too long (max 254 chars)");
+ //When in FIPS mode, the password never gets set in MD5
+ if((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && FIPS_mode())
+ return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
+
circuit->passwd.len = len;
strlcpy((char *)circuit->passwd.passwd, passwd,
sizeof(circuit->passwd.passwd));
diff --git a/isisd/isisd.c b/isisd/isisd.c
index 419127c..a6c36af 100644
--- a/isisd/isisd.c
+++ b/isisd/isisd.c
@@ -1638,6 +1638,10 @@ static int isis_area_passwd_set(struct isis_area *area, int level,
if (len > 254)
return -1;
+ //When in FIPS mode, the password never get set in MD5
+ if ((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && (FIPS_mode()))
+ return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
+
modified.len = len;
strlcpy((char *)modified.passwd, passwd,
sizeof(modified.passwd));
diff --git a/ripd/rip_cli.c b/ripd/rip_cli.c
index 5bb81ef..02a09ef 100644
--- a/ripd/rip_cli.c
+++ b/ripd/rip_cli.c
@@ -796,6 +796,12 @@ DEFPY (ip_rip_authentication_mode,
value = "20";
}
+ if(strmatch(mode, "md5") && FIPS_mode())
+ {
+ vty_out(vty, "FIPS mode is enabled, md5 authentication id disabled\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+
nb_cli_enqueue_change(vty, "./authentication-scheme/mode", NB_OP_MODIFY,
strmatch(mode, "md5") ? "md5" : "plain-text");
if (strmatch(mode, "md5"))

25
SOURCES/0005-ospf-api.patch
Unescape View File

@ -0,0 +1,25 @@
diff --git a/ospfd/ospf_spf.c b/ospfd/ospf_spf.c
index 74a5674..aec9037 100644
--- a/ospfd/ospf_spf.c
+++ b/ospfd/ospf_spf.c
@@ -48,7 +48,10 @@
#include "ospfd/ospf_sr.h"
#include "ospfd/ospf_ti_lfa.h"
#include "ospfd/ospf_errors.h"
+
+#ifdef SUPPORT_OSPF_API
#include "ospfd/ospf_apiserver.h"
+#endif
/* Variables to ensure a SPF scheduled log message is printed only once */
@@ -1897,7 +1900,9 @@ static void ospf_spf_calculate_schedule_worker(struct thread *thread)
/* Update all routers routing table */
ospf->oall_rtrs = ospf->all_rtrs;
ospf->all_rtrs = all_rtrs;
+#ifdef SUPPORT_OSPF_API
ospf_apiserver_notify_reachable(ospf->oall_rtrs, ospf->all_rtrs);
+#endif
/* Free old ABR/ASBR routing table */
if (ospf->old_rtrs)

78
SOURCES/0006-graceful-restart.patch
Unescape View File

@ -0,0 +1,78 @@
From 12f9f8472d0f8cfc026352906b8e5342df2846cc Mon Sep 17 00:00:00 2001
From: Donatas Abraitis <donatas@opensourcerouting.org>
Date: Tue, 27 Sep 2022 17:30:16 +0300
Subject: [PATCH] bgpd: Do not send Deconfig/Shutdown message when restarting
We might disable sending unconfig/shutdown notifications when
Graceful-Restart is enabled and negotiated.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
---
bgpd/bgpd.c | 35 ++++++++++++++++++++++++++---------
1 file changed, 26 insertions(+), 9 deletions(-)
diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
index 749e46ebe9d..ae1308db423 100644
--- a/bgpd/bgpd.c
+++ b/bgpd/bgpd.c
@@ -2755,11 +2755,34 @@ int peer_group_remote_as(struct bgp *bgp, const char *group_name, as_t *as,
void peer_notify_unconfig(struct peer *peer)
{
+ if (BGP_PEER_GRACEFUL_RESTART_CAPABLE(peer)) {
+ if (bgp_debug_neighbor_events(peer))
+ zlog_debug(
+ "%pBP configured Graceful-Restart, skipping unconfig notification",
+ peer);
+ return;
+ }
+
if (BGP_IS_VALID_STATE_FOR_NOTIF(peer->status))
bgp_notify_send(peer, BGP_NOTIFY_CEASE,
BGP_NOTIFY_CEASE_PEER_UNCONFIG);
}
+static void peer_notify_shutdown(struct peer *peer)
+{
+ if (BGP_PEER_GRACEFUL_RESTART_CAPABLE(peer)) {
+ if (bgp_debug_neighbor_events(peer))
+ zlog_debug(
+ "%pBP configured Graceful-Restart, skipping shutdown notification",
+ peer);
+ return;
+ }
+
+ if (BGP_IS_VALID_STATE_FOR_NOTIF(peer->status))
+ bgp_notify_send(peer, BGP_NOTIFY_CEASE,
+ BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN);
+}
+
void peer_group_notify_unconfig(struct peer_group *group)
{
struct peer *peer, *other;
@@ -3676,11 +3699,8 @@ int bgp_delete(struct bgp *bgp)
}
/* Inform peers we're going down. */
- for (ALL_LIST_ELEMENTS(bgp->peer, node, next, peer)) {
- if (BGP_IS_VALID_STATE_FOR_NOTIF(peer->status))
- bgp_notify_send(peer, BGP_NOTIFY_CEASE,
- BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN);
- }
+ for (ALL_LIST_ELEMENTS(bgp->peer, node, next, peer))
+ peer_notify_shutdown(peer);
/* Delete static routes (networks). */
bgp_static_delete(bgp);
@@ -8252,10 +8272,7 @@ void bgp_terminate(void)
for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer))
- if (peer_established(peer) || peer->status == OpenSent
- || peer->status == OpenConfirm)
- bgp_notify_send(peer, BGP_NOTIFY_CEASE,
- BGP_NOTIFY_CEASE_PEER_UNCONFIG);
+ peer_notify_unconfig(peer);
BGP_TIMER_OFF(bm->t_rmap_update);

32
SOURCES/0007-cve-2022-37032.patch
Unescape View File

@ -0,0 +1,32 @@
From ff6db1027f8f36df657ff2e5ea167773752537ed Mon Sep 17 00:00:00 2001
From: Donald Sharp <sharpd@nvidia.com>
Date: Thu, 21 Jul 2022 08:11:58 -0400
Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is
expected
Ensure that if the capability length specified is enough data.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
---
bgpd/bgp_packet.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
index dbf6c0b2e99..45752a8ab6d 100644
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@@ -2620,6 +2620,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
"%s CAPABILITY has action: %d, code: %u, length %u",
peer->host, action, hdr->code, hdr->length);
+ if (hdr->length < sizeof(struct capability_mp_data)) {
+ zlog_info(
+ "%pBP Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d",
+ peer, sizeof(struct capability_mp_data),
+ hdr->length);
+ return BGP_Stop;
+ }
+
/* Capability length check. */
if ((pnt + hdr->length + 3) > end) {
zlog_info("%s Capability length error", peer->host);

67
SOURCES/0008-frr-non-root-user.patch
Unescape View File

@ -0,0 +1,67 @@
From 1d42fb941af17a29346b2af03338f8e18470f009 Mon Sep 17 00:00:00 2001
From: Michal Ruprich <michalruprich@gmail.com>
Date: Tue, 22 Nov 2022 12:38:05 +0100
Subject: [PATCH] tools: Enable start of FRR for non-root user
There might be use cases when this would make sense, for example
running FRR in a container as a designated user.
Signed-off-by: Michal Ruprich <mruprich@redhat.com>
---
tools/etc/frr/daemons | 5 +++++
tools/frrcommon.sh.in | 4 ++++
2 files changed, 9 insertions(+)
diff --git a/tools/etc/frr/daemons b/tools/etc/frr/daemons
index 8aa08871e35..2427bfff777 100644
--- a/tools/etc/frr/daemons
+++ b/tools/etc/frr/daemons
@@ -91,6 +91,12 @@ pathd_options=" -A 127.0.0.1"
# say BGP.
#MAX_FDS=1024
+# Uncomment this option if you want to run FRR as a non-root user. Note that
+# you should know what you are doing since most of the daemons need root
+# to work. This could be useful if you want to run FRR in a container
+# for instance.
+# FRR_NO_ROOT="yes"
+
# The list of daemons to watch is automatically generated by the init script.
#watchfrr_options=""
diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in
index 3c16c27c6df..4f095a176e4 100755
--- a/tools/frrcommon.sh.in
+++ b/tools/frrcommon.sh.in
@@ -43,6 +43,10 @@ RELOAD_SCRIPT="$D_PATH/frr-reload.py"
#
is_user_root () {
+ if [[ ! -z $FRR_NO_ROOT && "${FRR_NO_ROOT}" == "yes" ]]; then
+ return 0
+ fi
+
[ "${EUID:-$(id -u)}" -eq 0 ] || {
log_failure_msg "Only users having EUID=0 can start/stop daemons"
return 1
diff --git a/doc/user/setup.rst b/doc/user/setup.rst
index 25934df..51ffd32 100644
--- a/doc/user/setup.rst
+++ b/doc/user/setup.rst
@@ -114,6 +114,16 @@ most operating systems is 1024. If the operator plans to run bgp with
several thousands of peers than this is where we would modify FRR to
allow this to happen.
+::
+
+ FRR_NO_ROOT="yes"
+
+This option allows you to run FRR as a non-root user. Use this option
+only when you know what you are doing since most of the daemons
+in FRR will not be able to run under a regular user. This option
+is useful for example when you run FRR in a container with a designated
+user instead of root.
+
::
zebra_options=" -s 90000000 --daemon -A 127.0.0.1"

4
SOURCES/frr-sysusers.conf
Unescape View File

@ -0,0 +1,4 @@
#Type Name ID GECOS Home directory Shell
g frrvty -
u frr - "FRRouting routing suite" /var/run/frr /sbin/nologin
m frr frrvty

1
SOURCES/frr-tmpfiles.conf
Unescape View File

@ -0,0 +1 @@
d /run/frr 0755 frr frr -

29
SOURCES/frr.fc
Unescape View File

@ -0,0 +1,29 @@
/usr/libexec/frr/(.*)? gen_context(system_u:object_r:frr_exec_t,s0)
/usr/lib/systemd/system/frr.* gen_context(system_u:object_r:frr_unit_file_t,s0)
/etc/frr(/.*)? gen_context(system_u:object_r:frr_conf_t,s0)
/var/log/frr(/.*)? gen_context(system_u:object_r:frr_log_t,s0)
/var/tmp/frr(/.*)? gen_context(system_u:object_r:frr_tmp_t,s0)
/var/lock/subsys/bfdd -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/bgpd -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/eigrpd -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/fabricd -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/isisd -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/nhrpd -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/ospf6d -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/ospfd -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/pbrd -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/pimd -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/ripd -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/ripngd -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/staticd -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/zebra -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/vrrpd -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/lock/subsys/pathd -- gen_context(system_u:object_r:frr_lock_t,s0)
/var/run/frr(/.*)? gen_context(system_u:object_r:frr_var_run_t,s0)
/usr/bin/vtysh -- gen_context(system_u:object_r:frr_exec_t,s0)

123
SOURCES/frr.te
Unescape View File

@ -0,0 +1,123 @@
policy_module(frr, 1.0.0)
########################################
#
# Declarations
#
type frr_t;
type frr_exec_t;
init_daemon_domain(frr_t, frr_exec_t)
type frr_log_t;
logging_log_file(frr_log_t)
type frr_tmp_t;
files_tmp_file(frr_tmp_t)
type frr_lock_t;
files_lock_file(frr_lock_t)
type frr_conf_t;
files_config_file(frr_conf_t)
type frr_unit_file_t;
systemd_unit_file(frr_unit_file_t)
type frr_var_run_t;
files_pid_file(frr_var_run_t)
########################################
#
# frr local policy
#
allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin };
allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
allow frr_t self:packet_socket create;
allow frr_t self:process { setcap setpgid };
allow frr_t self:rawip_socket create_socket_perms;
allow frr_t self:tcp_socket { connect connected_stream_socket_perms };
allow frr_t self:udp_socket create_socket_perms;
allow frr_t self:unix_stream_socket connectto;
allow frr_t frr_conf_t:dir list_dir_perms;
manage_files_pattern(frr_t, frr_conf_t, frr_conf_t)
read_lnk_files_pattern(frr_t, frr_conf_t, frr_conf_t)
manage_dirs_pattern(frr_t, frr_log_t, frr_log_t)
manage_files_pattern(frr_t, frr_log_t, frr_log_t)
manage_lnk_files_pattern(frr_t, frr_log_t, frr_log_t)
logging_log_filetrans(frr_t, frr_log_t, { dir file lnk_file })
allow frr_t frr_tmp_t:file map;
manage_dirs_pattern(frr_t, frr_tmp_t, frr_tmp_t)
manage_files_pattern(frr_t, frr_tmp_t, frr_tmp_t)
files_tmp_filetrans(frr_t, frr_tmp_t, { file dir })
manage_files_pattern(frr_t, frr_lock_t, frr_lock_t)
manage_lnk_files_pattern(frr_t, frr_lock_t, frr_lock_t)
files_lock_filetrans(frr_t, frr_lock_t, { file lnk_file })
manage_dirs_pattern(frr_t, frr_var_run_t, frr_var_run_t)
manage_files_pattern(frr_t, frr_var_run_t, frr_var_run_t)
manage_lnk_files_pattern(frr_t, frr_var_run_t, frr_var_run_t)
manage_sock_files_pattern(frr_t, frr_var_run_t, frr_var_run_t)
files_pid_filetrans(frr_t, frr_var_run_t, { dir file lnk_file })
allow frr_t frr_exec_t:dir search_dir_perms;
can_exec(frr_t, frr_exec_t)
kernel_read_network_state(frr_t)
kernel_rw_net_sysctls(frr_t)
kernel_read_system_state(frr_t)
auth_use_nsswitch(frr_t)
corecmd_exec_bin(frr_t)
corenet_tcp_bind_appswitch_emp_port(frr_t)
corenet_udp_bind_bfd_control_port(frr_t)
corenet_udp_bind_bfd_echo_port(frr_t)
corenet_tcp_bind_bgp_port(frr_t)
corenet_tcp_connect_bgp_port(frr_t)
corenet_udp_bind_all_unreserved_ports(frr_t);
corenet_tcp_bind_generic_port(frr_t)
corenet_tcp_bind_firepower_port(frr_t)
corenet_tcp_bind_priority_e_com_port(frr_t)
corenet_udp_bind_router_port(frr_t)
corenet_tcp_bind_qpasa_agent_port(frr_t)
corenet_tcp_bind_smntubootstrap_port(frr_t)
corenet_tcp_bind_versa_tek_port(frr_t)
corenet_tcp_bind_zebra_port(frr_t)
domain_use_interactive_fds(frr_t)
fs_read_nsfs_files(frr_t)
sysnet_exec_ifconfig(frr_t)
userdom_read_admin_home_files(frr_t)
init_signal(frr_t)
unconfined_server_signull(frr_t)
allow frr_t unconfined_service_t:process signal;
optional_policy(`
logging_send_syslog_msg(frr_t)
')
optional_policy(`
modutils_exec_kmod(frr_t)
modutils_getattr_module_deps(frr_t)
modutils_read_module_config(frr_t)
modutils_read_module_deps_files(frr_t)
')
optional_policy(`
networkmanager_read_state(frr_t)
')
optional_policy(`
userdom_admin_home_dir_filetrans(frr_t, frr_conf_t, file, ".history_frr")
userdom_inherit_append_admin_home_files(frr_t, frr_conf_t, file, ".history_frr")
')

16
SOURCES/remove-babeld-ldpd.sh
Unescape View File

@ -0,0 +1,16 @@
#!/bin/sh
#this script is used to remove babled and ldpd from the tar sources
#Usage: sh remove-babeld-ldpd.sh <VERSION>
#Example: sh remove-babeld-ldpd.sh 7.3.1 - this is for frr-7.3.1.tar.gz file
VERSION=$1
TAR=frr-${VERSION}.tar.gz
DIR=frr-${VERSION}
echo ${VERSION}
echo ${TAR}
echo ${DIR}
tar -xzf ${TAR}
rm -rf ${DIR}/babeld ${DIR}/ldpd
tar -czf ${TAR} ${DIR}

415
SPECS/frr.spec
Unescape View File

@ -0,0 +1,415 @@
%global frr_libdir %{_libexecdir}/frr
%global _hardened_build 1
%define _legacy_common_support 1
%global selinuxtype targeted
%bcond_without selinux
Name: frr
Version: 8.3.1
Release: 5%{?checkout}%{?dist}
Summary: Routing daemon
License: GPLv2+
URL: http://www.frrouting.org
Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
Source1: %{name}-tmpfiles.conf
Source2: frr-sysusers.conf
Source3: frr.fc
Source4: frr.te
Source5: frr.if
Source6: remove-babeld-ldpd.sh
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bison >= 2.7
BuildRequires: c-ares-devel
BuildRequires: flex
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: git-core
BuildRequires: groff
BuildRequires: json-c-devel
BuildRequires: libcap-devel
BuildRequires: libtool
BuildRequires: libyang-devel >= 2.0.0
BuildRequires: make
BuildRequires: ncurses
BuildRequires: ncurses-devel
BuildRequires: net-snmp-devel
BuildRequires: pam-devel
BuildRequires: patch
BuildRequires: perl-XML-LibXML
BuildRequires: perl-generators
BuildRequires: python3-devel
BuildRequires: python3-pytest
BuildRequires: python3-sphinx
BuildRequires: readline-devel
BuildRequires: systemd-devel
BuildRequires: systemd-rpm-macros
BuildRequires: texinfo
Requires: net-snmp
Requires: ncurses
Requires(post): systemd
Requires(post): /sbin/install-info
Requires(post): hostname
Requires(preun): systemd
Requires(preun): /sbin/install-info
Requires(postun): systemd
%if 0%{?with_selinux}
Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
%endif
Conflicts: quagga
Provides: routingdaemon = %{version}-%{release}
Patch0000: 0000-remove-babeld-and-ldpd.patch
Patch0002: 0002-enable-openssl.patch
Patch0003: 0003-disable-eigrp-crypto.patch
Patch0004: 0004-fips-mode.patch
Patch0005: 0005-ospf-api.patch
Patch0006: 0006-graceful-restart.patch
Patch0007: 0007-cve-2022-37032.patch
Patch0008: 0008-frr-non-root-user.patch
%description
FRRouting is free software that manages TCP/IP based routing protocols. It takes
a multi-server and multi-threaded approach to resolve the current complexity
of the Internet.
FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
FRRouting is a fork of Quagga.
%if 0%{?with_selinux}
%package selinux
Summary: Selinux policy for FRR
BuildArch: noarch
Requires: selinux-policy-%{selinuxtype}
Requires(post): selinux-policy-%{selinuxtype}
BuildRequires: selinux-policy-devel
%{?selinux_requires}
%description selinux
SELinux policy modules for FRR package
%endif
%prep
%autosetup -S git
mkdir selinux
cp -p %{SOURCE3} %{SOURCE4} %{SOURCE5} selinux
%build
autoreconf -ivf
%configure \
--sbindir=%{frr_libdir} \
--sysconfdir=%{_sysconfdir}/frr \
--libdir=%{_libdir}/frr \
--libexecdir=%{_libexecdir}/frr \
--localstatedir=%{_localstatedir}/run/frr \
--enable-multipath=64 \
--enable-vtysh=yes \
--disable-ospfclient \
--disable-ospfapi \
--enable-snmp=agentx \
--enable-user=frr \
--enable-group=frr \
--enable-vty-group=frrvty \
--enable-rtadv \
--disable-exampledir \
--enable-systemd=yes \
--enable-static=no \
--disable-ldpd \
--disable-babeld \
--with-moduledir=%{_libdir}/frr/modules \
--with-crypto=openssl \
--enable-fpm
%make_build MAKEINFO="makeinfo --no-split" PYTHON=%{__python3}
pushd doc
make info
popd
%if 0%{?with_selinux}
make -C selinux -f %{_datadir}/selinux/devel/Makefile %{name}.pp
bzip2 -9 selinux/%{name}.pp
%endif
%install
mkdir -p %{buildroot}/etc/{frr,rc.d/init.d,sysconfig,logrotate.d,pam.d,default} \
%{buildroot}/var/log/frr %{buildroot}%{_infodir} \
%{buildroot}%{_unitdir}
mkdir -p -m 0755 %{buildroot}%{_libdir}/frr
mkdir -p %{buildroot}%{_tmpfilesdir}
%make_install
# Remove this file, as it is uninstalled and causes errors when building on RH9
rm -rf %{buildroot}/usr/share/info/dir
install -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf
install -p -m 644 tools/etc/frr/daemons %{buildroot}/etc/frr/daemons
install -p -m 644 tools/frr.service %{buildroot}%{_unitdir}/frr.service
install -p -m 755 tools/frrinit.sh %{buildroot}%{frr_libdir}/frr
install -p -m 755 tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh
install -p -m 755 tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh
install -p -m 644 redhat/frr.logrotate %{buildroot}/etc/logrotate.d/frr
install -p -m 644 redhat/frr.pam %{buildroot}/etc/pam.d/frr
install -d -m 775 %{buildroot}/run/frr
install -p -D -m 0644 %{SOURCE2} ${RPM_BUILD_ROOT}/%{_sysusersdir}/frr.conf
%if 0%{?with_selinux}
install -D -m 644 selinux/%{name}.pp.bz2 \
%{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
install -D -m 644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if
%endif
# Delete libtool archives
find %{buildroot} -type f -name "*.la" -delete -print
#Upstream does not maintain a stable API, these headers from -devel subpackage are no longer needed
rm %{buildroot}%{_libdir}/frr/*.so
rm -r %{buildroot}%{_includedir}/frr/
%pre
%sysusers_create_compat %{SOURCE2}
exit 0
%post
%systemd_post frr.service
if [ -f %{_infodir}/%{name}.inf* ]; then
install-info %{_infodir}/frr.info %{_infodir}/dir || :
fi
# Create dummy files if they don't exist so basic functions can be used.
# Only create frr.conf when first installing, otherwise it can change
# the behavior of the package
if [ $1 -eq 1 ]; then
if [ ! -e %{_sysconfdir}/frr/frr.conf ]; then
echo "hostname `hostname`" > %{_sysconfdir}/frr/frr.conf
chown frr:frr %{_sysconfdir}/frr/frr.conf
chmod 640 %{_sysconfdir}/frr/frr.conf
fi
fi
#still used by vtysh, this way no error is produced when using vtysh
if [ ! -e %{_sysconfdir}/frr/vtysh.conf ]; then
touch %{_sysconfdir}/frr/vtysh.conf
chmod 640 %{_sysconfdir}/frr/vtysh.conf
chown frr:frrvty %{_sysconfdir}/frr/vtysh.conf
fi
%postun
%systemd_postun_with_restart frr.service
%preun
%systemd_preun frr.service
#only when removing frr
if [ $1 -eq 0 ]; then
if [ -f %{_infodir}/%{name}.inf* ]; then
install-info --delete %{_infodir}/frr.info %{_infodir}/dir || :
fi
fi
%if 0%{?with_selinux}
%pre selinux
%selinux_relabel_pre -s %{selinuxtype}
%post selinux
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
%selinux_relabel_post -s %{selinuxtype}
#/var/tmp and /var/run need to be relabeled as well if FRR is running before upgrade
if [ $1 == 2 ]; then
%{_sbindir}/restorecon -R /var/tmp/frr &> /dev/null
%{_sbindir}/restorecon -R /var/run/frr &> /dev/null
fi
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} %{name}
%selinux_relabel_post -s %{selinuxtype}
fi
%endif
%check
make check PYTHON=%{__python3}
%files
%defattr(-,root,root)
%license COPYING
%doc doc/mpls
%dir %attr(750,frr,frr) %{_sysconfdir}/frr
%dir %attr(755,frr,frr) /var/log/frr
%dir %attr(755,frr,frr) /run/frr
%{_infodir}/*info*
%{_mandir}/man*/*
%dir %{frr_libdir}/
%{frr_libdir}/*
%{_bindir}/*
%dir %{_libdir}/frr
%{_libdir}/frr/*.so.*
%dir %{_libdir}/frr/modules
%{_libdir}/frr/modules/*
%config(noreplace) %attr(644,root,root) /etc/logrotate.d/frr
%config(noreplace) %attr(644,frr,frr) /etc/frr/daemons
%config(noreplace) /etc/pam.d/frr
%{_unitdir}/*.service
%dir /usr/share/yang
/usr/share/yang/*.yang
%{_tmpfilesdir}/%{name}.conf
%{_sysusersdir}/frr.conf
%if 0%{?with_selinux}
%files selinux
%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.*
%{_datadir}/selinux/devel/include/distributed/%{name}.if
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
%endif
%changelog
* Mon Nov 28 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-5
- Resolves: #2147522 - It is not possible to run FRR as a non-root user
* Thu Nov 24 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-4
- Resolves: #2144500 - AVC error when reloading FRR with provided reload script
* Wed Oct 19 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-3
- Related: #2129743 - Adding missing rules for vtysh and other daemons
* Mon Oct 17 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-2
- Resolves: #2128738 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service
* Thu Oct 13 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-1
- Resolves: #2129731 - Rebase FRR to the latest version
- Resolves: #2129743 - Add targeted SELinux policy for FRR
- Resolves: #2127494 - BGP incorrectly withdraws routes on graceful restart capable routers
* Tue Jun 14 2022 Michal Ruprich - 8.2.2-4
- Resolves: #2095404 - frr use systemd-sysusers
* Tue May 24 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-3
- Resolves: #2081304 - Enhanced TMT testing for centos-stream
* Mon May 02 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-2
- Resolves: #2069571 - the dynamic routing setup does not work any more
* Mon May 02 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-1
- Resolves: #2069563 - Rebase frr to version 8.2.2
* Tue Nov 16 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-5
- Resolves: #2023318 - Rebuilding for the new json-c library
* Wed Sep 01 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-4
- Resolves: #1997603 - ospfd not running with ospf opaque-lsa option used
* Mon Aug 16 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-3
- Related: #1990858 - Fixing prefix-list duplication check
* Thu Aug 12 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-2
- Related: #1990858 - Frr needs higher version of libyang
* Tue Aug 10 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-1
- Resolves: #1990858 - Possible rebase of frr to version 8.0
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.1-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jul 21 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-6
- Resolves: #1983967 - ospfd crashes in route_node_delete with assertion fail
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.1-5
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Fri Jun 04 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-4
- Resolves: #1958155 - Upgrading frr unconditionally creates /etc/frr/frr.conf, breaking existing configuration
* Fri Apr 23 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-3
- Resolves: #1939456 - /etc/frr permissions are bogus
- Resolves: #1951303 - FTBFS in CentOS Stream
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.1-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Mar 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-1
- New version 7.5.1
- Enabling grpc, adding hostname for post scriptlet
- Moving files to libexec due to selinux issues
* Tue Feb 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-3
- Fixing FTBS - icc options are confusing the new gcc
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Jan 01 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-1
- New version 7.5
* Mon Sep 21 2020 Michal Ruprich <mruprich@redhat.com> - 7.4-1
- New version 7.4
* Thu Aug 27 2020 Josef Řídký <jridky@redhat.com> - 7.3.1-4
- Rebuilt for new net-snmp release
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Jun 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3.1-1
- New version 7.3.1
- Fixes a couple of bugs(#1832259, #1835039, #1830815, #1830808, #1830806, #1830800, #1830798, #1814773)
* Tue May 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-6
- Removing texi2html, it is not available in Rawhide anymore
* Mon May 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-5
- Rebuild for new version of libyang
* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-4
- Rebuild (json-c)
* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-3
- Update json-c-0.14 patch with a solution from upstream
* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-2
- Add support for upcoming json-c 0.14.0
* Wed Feb 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-1
- New version 7.3
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Dec 16 2019 Michal Ruprich <mruprich@redhat.com> - 7.2-1
- New version 7.2
* Tue Nov 12 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-5
- Rebuilding for new version of libyang
* Mon Oct 07 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-4
- Adding noreplace to the /etc/frr/daemons file
* Fri Sep 13 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-3
- New way of finding python version during build
- Replacing crypto of all routing daemons with openssl
- Disabling EIGRP crypto because it is broken
- Disabling crypto in FIPS mode
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jun 25 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-1
- New version 7.1
* Wed Jun 19 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-2
- Initial build
Write Preview
Loading…
Cancel
Save