frr/frr.changes

-------------------------------------------------------------------
Fri Nov 11 13:04:52 UTC 2022 - Marius Tomaschewski <mt@suse.com>

- Migration to /usr/etc: Conditionally moved /etc/logrotate.d/frr
  file to vendor specific directory /usr/etc/logrotate.d and added
  saving of user changed configuration files in /etc and restoring
  them while an RPM update.
- Declare root as sufficient also in the pam account verification;
  without vtysh use causes to log a pam frr:account warnings
  (https://github.com/FRRouting/frr/pull/12308)
  [+ 0005-root-ok-in-account-frr.pam.patch]
- Applied fix removing a not needed backslash causing to log a warning
  (https://github.com/FRRouting/frr/pull/12307)
  [+ 0004-tools-remove-backslash-from-declare-check-regex.patch]
- Applied upstream fixes for frrinit.sh to avoid a privilege escalation
  from frr to root in frr config creation (bsc#1204124,CVE-2022-42917,
  https://github.com/FRRouting/frr/pull/12157).
  [+ 0003-tools-Run-as-FRR_USER-install-chown-commands-to-avoi.patch]
- Removed obsolete patches provided in the 8.4 source archive:
  [- 0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch,
   - 0004-babeld-fix-10502-10503-by-repairing-the-checks-on-le.patch,
   - 0005-isisd-fix-router-capability-TLV-parsing-issues.patch,
   - 0006-isisd-fix-10505-using-base64-encoding.patch,
   - 0007-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch,
   - 0008-isisd-Ensure-rcap-is-freed-in-error-case.patch]
- Update to version 8.4, see https://frrouting.org/release/8.4/
  * New BGP command (neighbor PEER soo) to configure SoO to prevent
    routing loops and suboptimal routing on dual-homed sites.
  * Command debug bgp allow-martian replaced to bgp allow-martian-nexthop
    because previously we allowed using martian next-hops when debug is
    turned on.
  * Implement BGP Prefix Origin Validation State Extended Community rfc8097
  *  Implement Route Leak Prevention and Detection Using Roles in UPDATE
     and OPEN Messages rfc9234
  * BMP L3VPN support
  * PIMv6 support
  * MLD support
  * New command to enable using reserved IPv4 ranges as normal addresses
    for BGP next-hops, interface addresses, etc.
  * As usual, lots of bugs and memory leaks were fixed \m/
    such as a fix for a possible use-after-free due to a race
    condition related to bgp_notify_send_with_data() and
    bgp_process_packet() in bgp_packet.c. This could lead to
    Remote Code Execution or Information Disclosure by sending
    crafted BGP packets (CVE-2022-37035,bsc#1202085).
- Update to version 8.3, see https://frrouting.org/release/8.3/
  * Notification Message support for BGP Graceful Restart
  * BGP Cease Notification Subcode For BFD
  * Send Hold Timer for BGP
  * RFC5424 syslog support
  * PIM passive command
- Update to version 8.2.2, see https://frrouting.org/release/8.2.2/
  * BGP Long-lived graceful restart capability
  * BGP Extended Optional Parameters Length for BGP OPEN Message
  * BGP Extended BGP Administrative Shutdown Communication
  * IS-IS Link State Traffic Engineering support
  * OSPFv3 Support for NSSA Type-7 address ranges
  * PBR VLAN actions support

-------------------------------------------------------------------
Mon Sep  5 11:48:25 UTC 2022 - Marius Tomaschewski <mt@suse.com>

- Apply upstream fix for out-of-bounds read in the BGP daemon
  that may lead to information disclosure or denial of service
  (bsc#1202023,CVE-2022-37032)
  [+ 0007-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch]
- Apply upstream fix for a memory leak in the IS-IS daemon that
  may lead to server memory exhaustion (bsc#1202022,CVE-2019-25074)
  [+ 0008-isisd-Ensure-rcap-is-freed-in-error-case.patch]

-------------------------------------------------------------------
Thu Mar 17 11:45:00 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>

- Make build a bit cheaper: do only BuildRequire the primary python
  interpreter and its modules (python3-FOO) instead of all
  available versions as done using %{python_module FOO}

-------------------------------------------------------------------
Mon Feb 28 11:05:48 UTC 2022 - Marius Tomaschewski <mt@suse.com>

- Apply fix for a buffer overflow in isisd due to the use of strdup
  with a non-zero-terminated binary string (bsc#1196506,CVE-2022-26126)
  [+ 0006-isisd-fix-10505-using-base64-encoding.patch]
- Apply fix for a buffer overflow in isisd due to wrong checks on
  the input packet length (bsc#1196505,CVE-2022-26125) with workaround
  for the GIT binary patch to tests/isisd/test_fuzz_isis_tlv_tests.h.gz
  [+ 0005-isisd-fix-router-capability-TLV-parsing-issues.patch]
- Apply fix for a buffer overflow in babeld due to wrong checks on
  the input packet length in the packet_examin and subtlv parsing
  (bsc#1196504,bsc#1196507,CVE-2022-26128,CVE-2022-26129)
  [+ 0004-babeld-fix-10502-10503-by-repairing-the-checks-on-le.patch]
- Apply fix for a heap buffer overflow in babeld due to missing check
  on the input packet length (bsc#1196503,CVE-2022-26127)
  [+ 0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch]

-------------------------------------------------------------------
Thu Dec  9 08:40:11 UTC 2021 - Johannes Segitz <jsegitz@suse.com>

- Add ReadWritePaths=/etc/frr to harden_frr.service.patch (bsc#1181400).

-------------------------------------------------------------------
Wed Nov 17 05:48:12 UTC 2021 - Linnaea Lavia <linnaea@lavia.moe>

- Update to version 8.1
  * Graceful Restart for OSPFv2 and OSPFv3
  * OSPFv3 NSSA and NSSA-TSA support
  * OSPFv3 ASBR Summarisation Support
  * BGP SRv6 and Prefix-SID Type 5 improvements
  * BGP EVPN type-5 gateway IP overlay Index
  * Lua hook support
  * See: https://frrouting.org/release/8.1/

-------------------------------------------------------------------
Fri Oct 15 12:11:50 UTC 2021 - Johannes Segitz <jsegitz@suse.com>

- Drop ProtectClock hardening, can cause issues if other device acceess is needed

-------------------------------------------------------------------
Sat Oct  9 01:58:08 UTC 2021 - Linnaea Lavia <linnaea@lavia.moe>

- Update to version 8.0.1
  * refreshed patch:
    - 0001-disable-zmq-test.patch
    - harden_frr.service.patch
  * LDP gained SNMP support
  * OSPFv3 gained VRF support
  * EVPN Multihoming is now fully supported
  * TI-LFA implemented in IS-IS and OSPS
  * New Segment Routing daemon
  * See: https://frrouting.org/release/8.0/
     and https://github.com/FRRouting/frr/releases/tag/frr-8.0.1

-------------------------------------------------------------------
Thu Sep 16 07:12:55 UTC 2021 - Johannes Segitz <jsegitz@suse.com>

- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
  * harden_frr.service.patch

-------------------------------------------------------------------
Fri Apr 23 03:05:06 UTC 2021 - Marius Tomaschewski <mt@suse.com>

- Use skip, not xfail in 0001-disable-zmq-test.patch to disable
  zmq test as it is not expected to fail but hangs (bsc#1180217)

-------------------------------------------------------------------
Thu Mar  4 21:20:02 UTC 2021 - Martin Hauke <mardnh@gmx.de>

- Update to version 7.5.1
  * Maintenance release
    See: https://github.com/FRRouting/frr/blob/stable/7.5/changelog-auto.in

-------------------------------------------------------------------
Fri Jan  8 08:08:08 UTC 2021 - olaf@aepfle.de

- Requires libyang 1.0.184

-------------------------------------------------------------------
Tue Dec 22 10:54:56 UTC 2020 - Rubén Torrero Marijnissen <rtorreromarijnissen@suse.com>

- Disable ZeroMQ tests due to sporadic timeouts during package builds (bsc#1180217)
  [+ 0001-disable-zmq-test.patch] 

-------------------------------------------------------------------
Wed Nov  4 19:17:10 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 7.5
  * Upstream does not provide a changelog
- Make grpc support optional and don't enable it by default

-------------------------------------------------------------------
Fri Oct  2 12:38:25 UTC 2020 - Marius Tomaschewski <mt@suse.com>

- add build condition disabling mininet build require by default,
  needed by the optional topology tests.
- removed one occurrence of vrrpd binary listed twice in file list

-------------------------------------------------------------------
Wed Jul  1 12:21:24 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 7.4
  * Upstream does not provide a changelog
- Drop patch (fixed upstream):
  * 0001-build-use-configfile-mode-in-init-script.patch

-------------------------------------------------------------------
Sun May 31 22:40:46 UTC 2020 - Erico Mendonca <erico.mendonca@suse.com>

- 0001-build-use-configfile-mode-in-init-script.patch: Fix CVE-2020-12831 (boo#1171658).

-------------------------------------------------------------------
Wed May  6 16:07:32 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 7.3.1
  Bugfix/maintenance release
  * Upstream does not provide a changelog

-------------------------------------------------------------------
Tue Apr  7 21:38:12 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>

- enable verbose make rules 
- enable grpc support. new subpackage libfrrgrpc_pb0, new BR:
  pkgconfig(grpc)
- enable config rollbacks. new BR: pkgconfig(sqlite3)
- enable realms support
- enable shell access
- make sure we use system openssl
- fix shebang line of the frr-reload.py and
  generate_support_bundle.py script so we dont pull python2
- do not delete users and groups.
- add Requires for libyang-extentions

-------------------------------------------------------------------
Sat Feb 15 21:27:22 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 7.3
  * Upstream does not provide a changelog this time
- Remove patch:
  * fix_tests.patch (not longer needed)

-------------------------------------------------------------------
Sat Jan 18 20:25:42 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 7.2.1:
  BGPd
  * Fix Addpath issue
  * Do not apply eBGP policy for iBGP peers
  * Show ip and fqdn in json output for show [ip] bgp <route> json
  * Fix large route-distinguisher's format
  * Fix no bgp listen range ... configuration command
  * Autocomplete neighbor for clear bgp
  * Reflect the distance in RIB when it is changed for an
    arbitrary afi/safi
  * Notify "Peer De-configured" after entering 'no neighbor cmd
  * Fix per afi/safi addpath peer counting
  * Rework BGP dampening to be per AFI/SAFI
  * Do not send next-hop as :: in MP_REACH_NLRI if no link-local
    exists
  * Override peer's TTL only if peer-group is configured with TTL
  * Remove error message for unkown afi/safi combination
  * Keep the session down if maximum-prefix is reached
  OSPFd
  * Fix BFD down not tearing down OSPF adjacency for
    point-to-point net
  BFDd
  * Fix multiple VRF handling
  * VRF security improvement
  PIMd
  * Fix rp crash
  NHRPd
  * Make sure no ip nhrp map <something> works as expected
  LDPd
  * Add missing sanity check in the parsing of label messages
  Zebra
  * Use correct state when installing evpn macs
  * Capture dplane plugin flags
  lib
  * Fix interface config when vrf changes
  * Fix Interface Infinite Loop Walk (for special interfaces such
    as bond)
  Others
  * Rename man pages (to avoid conflicts with other packages)
  * Various other fixes for code cleanup and memory leaks

-------------------------------------------------------------------
Fri Jan 17 21:07:45 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Fix license tag

-------------------------------------------------------------------
Wed Jan 15 20:34:50 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Build with support for pcre, protobuf, rpki and zeromq by default

-------------------------------------------------------------------
Wed Jan 15 14:34:59 UTC 2020 - Ismail Dönmez <idonmez@suse.com>

- Cleanup spec file 

-------------------------------------------------------------------
Sun Jan 12 09:40:39 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Fix build-time dependencies
- Remove superflous comments

-------------------------------------------------------------------
Wed Dec 11 23:18:06 UTC 2019 - Erico Mendonca <erico.mendonca@suse.com>

- fix_tests.patch: correct syntax for Python 3 imports in tests.
- Enabling tests

-------------------------------------------------------------------
Wed Dec 11 02:37:42 UTC 2019 - erico.mendonca@suse.com

- Update to version frr7.2:
  * zebra: use correct state when installing evpn macs
  * lib: set entry to xpath in if_update_to_new_vrf
  * zebra: capture dplane plugin flags
  * bgpd: Autocomplete neighbor for clear bgp
  * ospfd,eigrpd: don't take address of packed struct member
  * bgpd: Prevent crash in bgp_table_range_lookup
  * bgpd: Fix memory leak in json output of show commands
  * tests: Test if `distance bgp (1-255) (1-255) (1-255)` works
  * bgpd: Reflect the distance in RIB when it is changed for an arbitrary afi/safi
  * bfdd: fix multiple VRF handling

-------------------------------------------------------------------
Tue Dec 10 12:58:21 UTC 2019 - Erico Mendonca <erico.mendonca@suse.com>

- Updating to version 7.2
- Adding systemd scripts
- Fixing build and permission issues

-------------------------------------------------------------------
Tue Jun 18 08:59:05 UTC 2019 - Martin Hauke <mardnh@gmx.de>

- Update to version 7.0.1

-------------------------------------------------------------------
Sat Feb  2 13:50:16 UTC 2019 - mardnh@gmx.de

- Initial package, version 6.0.2