- Switch to logrotate config correcting log file empty issue
(gh#FRRouting/frr/issues/15818) depending if syslog or file
logging is used in the frr.conf.
- Fix /var/run leftovers in logrotate config and service file,
create /var/log and /var/lib via tmpfiles.d (jsc#PED-14796).
- Adjust rpm requires for service macros and log rotation (lsof).
- Apply upstream ospfd NULL Pointer Dereference fixes.
The vulnerability allowed attackers to cause a Denial of Service
(DoS) via crafted OSPF packets
(bsc#1252838,bsc#1252829,bsc#1252833,bsc#1252835,bsc#1252810,
bsc#1252811,bsc#1252761,bsc#1252812,bsc#1252813,CVE-2025-61099,
CVE-2025-61100,CVE-2025-61101,CVE-2025-61102,CVE-2025-61103,
CVE-2025-61104,CVE-2025-61105,CVE-2025-61106,CVE-2025-61107,
https://github.com/FRRouting/frr/pull/19983)
[+ 0003-ospfd-NULL-Pointer-Dereference-fixes.patch]
- Add -Wno-error=declaration-after-statement to avoid C90 errors;
frr requires C11 compiler with atomic support and sets -std=gnu11
OBS-URL: https://build.opensuse.org/request/show/1333301
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/frr?expand=0&rev=41
(gh#FRRouting/frr/issues/15818) depending if syslog or file
logging is used in the frr.conf.
- Fix /var/run leftovers in logrotate config and service file.
- Adjust rpm requires for service macros and log rotation (lsof).
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=89
The vulnerability allowed attackers to cause a Denial of Service
(DoS) via crafted OSPF packets
(bsc#1252838,bsc#1252829,bsc#1252833,bsc#1252835,bsc#1252810,
bsc#1252811,bsc#1252761,bsc#1252812,bsc#1252813,CVE-2025-61099,
CVE-2025-61100,CVE-2025-61101,CVE-2025-61102,CVE-2025-61103,
CVE-2025-61104,CVE-2025-61105,CVE-2025-61106,CVE-2025-61107,
https://github.com/FRRouting/frr/pull/19983)
[+ 0003-ospfd-NULL-Pointer-Dereference-fixes.patch]
- Add -Wno-error=declaration-after-statement to avoid C90 errors;
frr requires C11 compiler with atomic support and sets -std=gnu11
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=88
- Update to frr 10.2.1 release providing fix for a Denial of Service
scenario due to RIB revalidation (CVE-2024-55553,bsc#1235237) and
other fixes, see https://frrouting.org/release/10.2.1/
The 10.2 version provides new features and many enhancements, see
https://frrouting.org/release/10.2/
- Add new fpm_listener daemon binary to rpm file lists.
- Remove --localstatedir configure parameter causing to use /run/lib
instead of /var/lib prefix for the northbound databases and added
the /var/lib/frr directory to the rpm file list.
- Adjust to set permissions in rpm attr macros (rpmlint suggestion)
and use frr_group instead of frr_user in group parameter.
OBS-URL: https://build.opensuse.org/request/show/1236218
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=81
- Apply upstream fix for crash in bgp_attr_encap that were missing
a check of the actual remaining stream length before taking the
TLV value (CVE-2024-44070,bsc#1229438,gh#FRRouting/frr#16502):
+ 0002-bgpd-Check-the-actual-remaining-stream-length-before.patch
- Re-added 0001-disable-zmq-test.patch to avoid (sporadic or arch
specific, e.g. aarch64) "make check" test failures (bsc#1180217).
+ 0001-disable-zmq-test.patch
- Re-added hardening patch for systemd service(s) (bsc#1181400):
+ harden_frr.service.patch
- Cleanup unknown --enable-systemd and correct the --sysconfdir
and --localstatedir configure options to not end in …/frr.
OBS-URL: https://build.opensuse.org/request/show/1195553
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=72
- Apply upstream fix solving ospfd denial of service via get_edge()
function returning a NULL pointer (CVE-2024-34088,bsc#1223786,
gh#FRRouting/frr#16088).
[+ 0023-ospfd-protect-call-to-get_edge-in-ospf_te.c.patch]
- Apply upstream fix solving ospfd buffer overflow and daemon crash
in ospf_te_parse_ext_link for OSPF LSA packets during an attempt
to read Segment Routing Adjacency SID subTLVs (CVE-2024-31951,
bsc#1222528,gh#FRRouting/frr#16088).
[+ 0022-ospfd-Correct-Opaque-LSA-Extended-parser.patch]
- Apply upstream fix solving ospfd buffer overflow and daemon crash
in RI parsing with OSPF TE (CVE-2024-31950,bsc#1222526,
gh#FRRouting/frr#16088).
[+ 0021-ospfd-Solved-crash-in-RI-parsing-with-OSPF-TE.patch]
OBS-URL: https://build.opensuse.org/request/show/1178686
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=67
- Apply upstream fix for a crash on malformed BGP UPDATE message
with an EOR, because the presence of EOR does not lead to a
treat-as-withdraw outcome (CVE-2023-47235,1216896,6814f2e013)
[+ 0015-bgpd-Treat-EOR-as-withdrawn-to-avoid-unwanted-handli.patch]
- Apply upstream fix for a crash on crafted BGP UPDATE message with
a MP_UNREACH_NLRI attribute and additional NLRI data (CVE-2023-47234,
bsc#1216897,ttps://github.com/FRRouting/frr/pull/14716/commits/c37119df45bbf4ef713bc10475af2ee06e12f3bf)
[+ 0016-bgpd-Ignore-handling-NLRIs-if-we-received-MP_UNREACH.patch]
- Apply upstream fix for attempts to read beyond the end of the
stream during labeled unicast parsing (CVE-2023-38407,bsc#1216899,ab362eae68)
[+ 0017-bgpd-Fix-use-beyond-end-of-stream-of-labeled-unicast.patch]
- Apply upstream fix for an nlri length of zero mishandling, aka
"flowspec overflow" (CVE-2023-38406,bsc#1216900,0b999c886e)
[+ 0018-bgpd-Flowspec-overflow-issue.patch]
OBS-URL: https://build.opensuse.org/request/show/1130736
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=57
- Apply upstream fix for denial of service via the bgp_capability_llgr()
function (bsc#1211248,CVE-2023-31489,gh#FRRouting/frr#13098).
[+ 0006-bgpd-Check-7-bytes-for-Long-lived-Graceful-Restart-c.patch]
- Apply upstream fix for denial of service via the bgp_attr_psid_sub()
function (bsc#1211249,CVE-2023-31490,gh#FRRouting/frr#13099).
[+ 0007-bgpd-Ensure-stream-received-has-enough-data.patch]
OBS-URL: https://build.opensuse.org/request/show/1088895
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=49
- Migration to /usr/etc: Conditionally moved /etc/logrotate.d/frr
file to vendor specific directory /usr/etc/logrotate.d and added
saving of user changed configuration files in /etc and restoring
them while an RPM update.
- Declare root as sufficient also in the pam account verification;
without vtysh use causes to log a pam frr:account warnings
(https://github.com/FRRouting/frr/pull/12308)
[+ 0005-root-ok-in-account-frr.pam.patch]
- Applied fix removing a not needed backslash causing to log a warning
(https://github.com/FRRouting/frr/pull/12307)
[+ 0004-tools-remove-backslash-from-declare-check-regex.patch]
- Applied upstream fixes for frrinit.sh to avoid a privilege escalation
from frr to root in frr config creation (bsc#1204124,CVE-2022-42917,
https://github.com/FRRouting/frr/pull/12157).
[+ 0003-tools-Run-as-FRR_USER-install-chown-commands-to-avoi.patch]
- Removed obsolete patches provided in the 8.4 source archive:
[- 0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch,
- 0004-babeld-fix-10502-10503-by-repairing-the-checks-on-le.patch,
- 0005-isisd-fix-router-capability-TLV-parsing-issues.patch,
- 0006-isisd-fix-10505-using-base64-encoding.patch,
- 0007-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch,
- 0008-isisd-Ensure-rcap-is-freed-in-error-case.patch]
- Update to version 8.4, see https://frrouting.org/release/8.4/
* New BGP command (neighbor PEER soo) to configure SoO to prevent
routing loops and suboptimal routing on dual-homed sites.
* Command debug bgp allow-martian replaced to bgp allow-martian-nexthop
because previously we allowed using martian next-hops when debug is
turned on.
* Implement BGP Prefix Origin Validation State Extended Community rfc8097
* Implement Route Leak Prevention and Detection Using Roles in UPDATE
OBS-URL: https://build.opensuse.org/request/show/1035289
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=43
