SHA256
1
0
forked from pool/frr
Commit Graph

34 Commits

Author SHA256 Message Date
Martin Hauke
cee0900b9b Accepting request 1111550 from home:mtomaschewski:frr
- Apply upstream fix for NULL pointer dereference due to processing
  of malformed requests with no attributes in bgp_nlri_parse_flowspec
  (CVE-2023-41909,bsc#1215065,cfd04dcb3e).
  [+ 0012-bgpd-Limit-flowspec-to-no-attribute-means-a-implicit.patch]

OBS-URL: https://build.opensuse.org/request/show/1111550
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=53
2023-09-15 12:32:32 +00:00
Martin Hauke
fbadf37a51 Accepting request 1108163 from home:mtomaschewski:frr
- Removed protobuf-c BuildRequires (source package name) breaking
  build-system setup with libprotobuf-c-devel 1.3.2 updates.
- Apply upstream fix for bgpd: Don't read initial byte of the ORF
  header in an ahead-of-stream situation (CVE-2023-41360,
  bsc#1214739,https://github.com/FRRouting/frr/pull/14245)
  [+ 0008-bgpd-Don-t-read-the-first-byte-of-ORF-header-if-we-a.patch]
- Apply upstream fix for bgpd: Do not process NLRIs if the attribute
  length is zero (CVE-2023-41358,bsc#1214735,
  https://github.com/FRRouting/frr/pull/14260)
  [+ 0009-bgpd-Do-not-process-NLRIs-if-the-attribute-length-is.patch]
- Apply upstream fix bgpd: Use treat-as-withdraw for tunnel encapsulation
  attribute instead of session reset (CVE-2023-38802,bsc#1213284,
  https://github.com/FRRouting/frr/pull/14290)
  [+ 0010-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch]
- Apply upstream fix babeld: avoid infinite loops (CVE-2023-3748,bsc#1213434,
  gh#FRRouting/frr#11808,https://github.com/FRRouting/frr/pull/12952)
  [+ 0011-babeld-fix-11808-to-avoid-infinite-loops.patch]

OBS-URL: https://build.opensuse.org/request/show/1108163
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=51
2023-09-03 14:42:25 +00:00
694815f1d3 Accepting request 1088895 from home:mtomaschewski:branches:network
- Apply upstream fix for denial of service via the bgp_capability_llgr()
  function (bsc#1211248,CVE-2023-31489,gh#FRRouting/frr#13098).
  [+ 0006-bgpd-Check-7-bytes-for-Long-lived-Graceful-Restart-c.patch]
- Apply upstream fix for denial of service via the bgp_attr_psid_sub()
  function (bsc#1211249,CVE-2023-31490,gh#FRRouting/frr#13099).
  [+ 0007-bgpd-Ensure-stream-received-has-enough-data.patch]

OBS-URL: https://build.opensuse.org/request/show/1088895
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=49
2023-06-01 10:02:15 +00:00
Martin Hauke
addf7abe6b Accepting request 1077182 from home:mtomaschewski:branches:network
- Enable pim6d providing PIMv6 support (bsc#1206234)

OBS-URL: https://build.opensuse.org/request/show/1077182
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=47
2023-04-04 15:27:10 +00:00
Martin Hauke
3ffde6cb9b Accepting request 1058229 from home:schubi2:pam_usr_etc
- Migration of PAM settings to /usr/lib/pam.d.

OBS-URL: https://build.opensuse.org/request/show/1058229
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=45
2023-01-13 18:50:56 +00:00
Martin Hauke
729276ccdc Accepting request 1035289 from home:mtomaschewski:branches:network
- Migration to /usr/etc: Conditionally moved /etc/logrotate.d/frr
  file to vendor specific directory /usr/etc/logrotate.d and added
  saving of user changed configuration files in /etc and restoring
  them while an RPM update.
- Declare root as sufficient also in the pam account verification;
  without vtysh use causes to log a pam frr:account warnings
  (https://github.com/FRRouting/frr/pull/12308)
  [+ 0005-root-ok-in-account-frr.pam.patch]
- Applied fix removing a not needed backslash causing to log a warning
  (https://github.com/FRRouting/frr/pull/12307)
  [+ 0004-tools-remove-backslash-from-declare-check-regex.patch]
- Applied upstream fixes for frrinit.sh to avoid a privilege escalation
  from frr to root in frr config creation (bsc#1204124,CVE-2022-42917,
  https://github.com/FRRouting/frr/pull/12157).
  [+ 0003-tools-Run-as-FRR_USER-install-chown-commands-to-avoi.patch]
- Removed obsolete patches provided in the 8.4 source archive:
  [- 0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch,
   - 0004-babeld-fix-10502-10503-by-repairing-the-checks-on-le.patch,
   - 0005-isisd-fix-router-capability-TLV-parsing-issues.patch,
   - 0006-isisd-fix-10505-using-base64-encoding.patch,
   - 0007-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch,
   - 0008-isisd-Ensure-rcap-is-freed-in-error-case.patch]
- Update to version 8.4, see https://frrouting.org/release/8.4/
  * New BGP command (neighbor PEER soo) to configure SoO to prevent
    routing loops and suboptimal routing on dual-homed sites.
  * Command debug bgp allow-martian replaced to bgp allow-martian-nexthop
    because previously we allowed using martian next-hops when debug is
    turned on.
  * Implement BGP Prefix Origin Validation State Extended Community rfc8097
  *  Implement Route Leak Prevention and Detection Using Roles in UPDATE

OBS-URL: https://build.opensuse.org/request/show/1035289
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=43
2022-11-15 14:31:19 +00:00
Martin Hauke
9b537df10f Accepting request 1001489 from home:mtomaschewski:frr
Fixed bug number in changes file to:
 - Apply upstream fix for a memory leak in the IS-IS daemon that
   may lead to server memory exhaustion (bsc#1202022,CVE-2019-25074)
   [+ 0008-isisd-Ensure-rcap-is-freed-in-error-case.patch]

OBS-URL: https://build.opensuse.org/request/show/1001489
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=41
2022-09-06 19:33:51 +00:00
Martin Hauke
35f367fe53 Accepting request 1001418 from home:mtomaschewski:frr
- Apply upstream fix for out-of-bounds read in the BGP daemon
  that may lead to information disclosure or denial of service
  (bsc#1202023,CVE-2022-37032)
  [+ 0007-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch]
- Apply upstream fix for a memory leak in the IS-IS daemon that
  may lead to server memory exhaustion (bsc#1202023,CVE-2019-25074)
  [+ 0008-isisd-Ensure-rcap-is-freed-in-error-case.patch]

OBS-URL: https://build.opensuse.org/request/show/1001418
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=40
2022-09-06 12:14:05 +00:00
f8566d7d81 Accepting request 962454 from home:dimstar:Factory
- Make build a bit cheaper: do only BuildRequire the primary python
  interpreter and its modules (python3-FOO) instead of all
  available versions as done using %{python_module FOO}

OBS-URL: https://build.opensuse.org/request/show/962454
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=38
2022-03-21 07:45:03 +00:00
Martin Hauke
96a81d154e Accepting request 958040 from home:mtomaschewski:frr
- Apply fix for a buffer overflow in isisd due to the use of strdup
  with a non-zero-terminated binary string (bsc#1196506,CVE-2022-26126)
  [+ 0006-isisd-fix-10505-using-base64-encoding.patch]
- Apply fix for a buffer overflow in isisd due to wrong checks on
  the input packet length (bsc#1196505,CVE-2022-26125) with workaround
  for the GIT binary patch to tests/isisd/test_fuzz_isis_tlv_tests.h.gz
  [+ 0005-isisd-fix-router-capability-TLV-parsing-issues.patch]
- Apply fix for a buffer overflow in babeld due to wrong checks on
  the input packet length in the packet_examin and subtlv parsing
  (bsc#1196504,bsc#1196507,CVE-2022-26128,CVE-2022-26129)
  [+ 0004-babeld-fix-10502-10503-by-repairing-the-checks-on-le.patch]
- Apply fix for a heap buffer overflow in babeld due to missing check
  on the input packet length (bsc#1196503,CVE-2022-26127)
  [+ 0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch]

OBS-URL: https://build.opensuse.org/request/show/958040
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=37
2022-02-28 19:21:42 +00:00
Martin Hauke
2fc51f9063 Accepting request 937520 from home:jsegitz:branches:systemdhardening:network
- Add ReadWritePaths=/etc/frr to harden_frr.service.patch (bsc#1181400).

OBS-URL: https://build.opensuse.org/request/show/937520
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=36
2021-12-09 09:26:15 +00:00
Martin Hauke
4daa3f80a5 Accepting request 931901 from home:linnaea:branches:network
- Update to version 8.1
  * Graceful Restart for OSPFv2 and OSPFv3
  * OSPFv3 NSSA and NSSA-TSA support
  * OSPFv3 ASBR Summarisation Support
  * BGP SRv6 and Prefix-SID Type 5 improvements
  * BGP EVPN type-5 gateway IP overlay Index
  * Lua hook support
  * See: https://frrouting.org/release/8.1/

OBS-URL: https://build.opensuse.org/request/show/931901
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=35
2021-11-17 23:50:34 +00:00
Martin Hauke
dc346218a1 Accepting request 925455 from home:jsegitz:branches:systemdhardening_protectclock
- Drop ProtectClock hardening, can cause issues if other device acceess is needed

OBS-URL: https://build.opensuse.org/request/show/925455
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=34
2021-10-15 14:54:13 +00:00
Martin Hauke
2f62ce9820 Accepting request 924307 from home:linnaea:branches:network
- Update to version 8.0.1
  * refreshed patch:
    - 0001-disable-zmq-test.patch
    - harden_frr.service.patch
  * LDP gained SNMP support
  * OSPFv3 gained VRF support
  * EVPN Multihoming is now fully supported
  * TI-LFA implemented in IS-IS and OSPS
  * New Segment Routing daemon
  * See: https://frrouting.org/release/8.0/
     and https://github.com/FRRouting/frr/releases/tag/frr-8.0.1

OBS-URL: https://build.opensuse.org/request/show/924307
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=33
2021-10-13 19:19:15 +00:00
Martin Hauke
1ff1676d67 Accepting request 919470 from home:jsegitz:branches:systemdhardening:network
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/919470
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=32
2021-09-27 18:40:19 +00:00
Martin Hauke
9291c97e61 Accepting request 887909 from home:mtomaschewski:frr
- Use skip, not xfail in 0001-disable-zmq-test.patch to disable
  zmq test as it is not expected to fail but hangs (bsc#1180217)

OBS-URL: https://build.opensuse.org/request/show/887909
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=30
2021-04-23 11:44:07 +00:00
9e316ce306 Accepting request 876832 from home:mnhauke:network
- Update to version 7.5.1
  * Maintenance release
    See: https://github.com/FRRouting/frr/blob/stable/7.5/changelog-auto.in

OBS-URL: https://build.opensuse.org/request/show/876832
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=28
2021-03-05 07:54:18 +00:00
5ef36a13ed - Requires libyang 1.0.184
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=26
2021-01-08 09:40:29 +00:00
Martin Hauke
94cb5e92a0 Accepting request 858155 from home:rtorrero:branches:network
- Disable ZeroMQ tests due to sporadic timeouts during package builds (bsc#1180217)
  [+ 0001-disable-zmq-test.patch]

OBS-URL: https://build.opensuse.org/request/show/858155
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=24
2020-12-22 12:46:45 +00:00
Erico Mendonca
c81535df89 Accepting request 846077 from home:mnhauke:network
- Update to version 7.5
  * Upstream does not provide a changelog
- Make grpc support optional and don't enable it by default

OBS-URL: https://build.opensuse.org/request/show/846077
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=22
2020-11-04 20:36:58 +00:00
Martin Hauke
9eb024d08f Accepting request 839160 from home:mtomaschewski:frr
A little cleanup as preparation to add frr to SLE-15-SP3 (jsc#15015)
- add build condition disabling mininet build require by default,
  needed by the optional topology tests.
- removed one occurrence of vrrpd binary listed twice in file list

OBS-URL: https://build.opensuse.org/request/show/839160
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=20
2020-10-02 15:12:56 +00:00
Erico Mendonca
3108c93e06 Accepting request 818116 from home:mnhauke:network
- Update to version 7.4
  * Upstream does not provide a changelog
- Drop patch (fixed upstream):
  * 0001-build-use-configfile-mode-in-init-script.patch

OBS-URL: https://build.opensuse.org/request/show/818116
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=18
2020-07-01 13:21:17 +00:00
Erico Mendonca
92d9b00c17 Accepting request 810508 from home:emendonca:branches:network
- 0001-build-use-configfile-mode-in-init-script.patch: Fix CVE-2020-12831 (boo#1171658).

OBS-URL: https://build.opensuse.org/request/show/810508
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=16
2020-05-31 22:57:31 +00:00
Erico Mendonca
9b95823f32 Accepting request 800800 from home:mnhauke:network
- Update to version 7.3.1
  Bugfix/maintenance release
  * Upstream does not provide a changelog

OBS-URL: https://build.opensuse.org/request/show/800800
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=14
2020-05-06 19:45:06 +00:00
Erico Mendonca
2a330836ae Accepting request 792552 from home:darix:routing
- enable verbose make rules 
- enable grpc support. new subpackage libfrrgrpc_pb0, new BR:
  pkgconfig(grpc)
- enable config rollbacks. new BR: pkgconfig(sqlite3)
- enable realms support
- enable shell access
- make sure we use system openssl
- fix shebang line of the frr-reload.py and
  generate_support_bundle.py script so we dont pull python2
- do not delete users and groups.
- add Requires for libyang-extentions

OBS-URL: https://build.opensuse.org/request/show/792552
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=12
2020-04-08 22:39:51 +00:00
Erico Mendonca
2c315c1300 Accepting request 791563 from home:mnhauke:network
- Update to version 7.3
  * Upstream does not provide a changelog this time
- Remove patch:
  * fix_tests.patch (not longer needed)

OBS-URL: https://build.opensuse.org/request/show/791563
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=10
2020-04-05 19:29:20 +00:00
Tomáš Chvátal
f9a260ec64 Accepting request 765491 from home:mnhauke:network
- Update to version 7.2.1:
  BGPd
  * Fix Addpath issue
  * Do not apply eBGP policy for iBGP peers
  * Show ip and fqdn in json output for show [ip] bgp <route> json
  * Fix large route-distinguisher's format
  * Fix no bgp listen range ... configuration command
  * Autocomplete neighbor for clear bgp
  * Reflect the distance in RIB when it is changed for an
    arbitrary afi/safi
  * Notify "Peer De-configured" after entering 'no neighbor cmd
  * Fix per afi/safi addpath peer counting
  * Rework BGP dampening to be per AFI/SAFI
  * Do not send next-hop as :: in MP_REACH_NLRI if no link-local
    exists
  * Override peer's TTL only if peer-group is configured with TTL
  * Remove error message for unkown afi/safi combination
  * Keep the session down if maximum-prefix is reached
  OSPFd
  * Fix BFD down not tearing down OSPF adjacency for
    point-to-point net
  BFDd
  * Fix multiple VRF handling
  * VRF security improvement
  PIMd
  * Fix rp crash
  NHRPd
  * Make sure no ip nhrp map <something> works as expected
  LDPd
  * Add missing sanity check in the parsing of label messages

OBS-URL: https://build.opensuse.org/request/show/765491
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=7
2020-01-19 14:43:20 +00:00
Dominique Leuenberger
ba0346c9f4 Accepting request 765390 from network
I want to maintain frr in Factory

OBS-URL: https://build.opensuse.org/request/show/765390
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/frr?expand=0&rev=1
2020-02-04 18:51:44 +00:00
Martin Hauke
161cace62f Accepting request 765389 from home:mnhauke:network
OBS-URL: https://build.opensuse.org/request/show/765389
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=6
2020-01-17 21:10:16 +00:00
Martin Hauke
f3303b39a8 Accepting request 765386 from home:mnhauke:network
- Fix license tag

OBS-URL: https://build.opensuse.org/request/show/765386
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=5
2020-01-17 21:08:35 +00:00
Martin Hauke
17b4236580 Accepting request 764811 from home:mnhauke:network
- Build with support for pcre, protobuf, rpki and zeromq by default

OBS-URL: https://build.opensuse.org/request/show/764811
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=4
2020-01-15 21:40:52 +00:00
Martin Hauke
60a2bf4493 Accepting request 764692 from home:namtrac:branches:network
- Cleanup spec file

OBS-URL: https://build.opensuse.org/request/show/764692
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=3
2020-01-15 14:43:20 +00:00
Erico Mendonca
64ed82ee3e Accepting request 763518 from home:mnhauke:branches:network
- Fix build-time dependencies
- Remove superflous comments

OBS-URL: https://build.opensuse.org/request/show/763518
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=2
2020-01-12 22:10:22 +00:00
caada57228 Accepting request 755955 from home:emendonca:network
Adding working tests; removing _servicedata.

OBS-URL: https://build.opensuse.org/request/show/755955
OBS-URL: https://build.opensuse.org/package/show/network/frr?expand=0&rev=1
2020-01-06 10:18:54 +00:00