Commit Graph

36 Commits

Author SHA1 Message Date
Ankur Tyagi fdd887bc29 frr: patch CVE-2026-28532
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-28532

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-05-21 08:57:45 +05:30
Ankur Tyagi 31777981d7 frr: patch multiple CVEs
Details:
https://nvd.nist.gov/vuln/detail/CVE-2025-61099
https://nvd.nist.gov/vuln/detail/CVE-2025-61100
https://nvd.nist.gov/vuln/detail/CVE-2025-61101
https://nvd.nist.gov/vuln/detail/CVE-2025-61102
https://nvd.nist.gov/vuln/detail/CVE-2025-61103
https://nvd.nist.gov/vuln/detail/CVE-2025-61104
https://nvd.nist.gov/vuln/detail/CVE-2025-61105
https://nvd.nist.gov/vuln/detail/CVE-2025-61106
https://nvd.nist.gov/vuln/detail/CVE-2025-61107

The PR[1] mentioned in nvd got closed without merge due to unresolved
code review comments but another PR[2] fixed them and changes were merged.

[1] https://github.com/FRRouting/frr/pull/19480
[2] https://github.com/FRRouting/frr/pull/19983

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-19 12:15:48 +05:30
Ankur Tyagi c0c54373e9 frr: ignore CVE-2024-44070
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-44070

The PR[1] fixing this CVE was backported[2] to stable/9.1 and commit[3]
exists in the current version so we can ignore it.

$ git tag --contains 21cd931 | grep frr-9.1.3
frr-9.1.3

[1] https://github.com/FRRouting/frr/pull/16497
[2] https://github.com/FRRouting/frr/pull/16504
[3] https://github.com/FRRouting/frr/commit/21cd931a5f9303e12104c72ce31ca383c0c57514

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:51:58 +05:30
Zhang Peng e656a5b181 frr: fix CVE-2024-55553
CVE-2024-55553:
In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size
of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes.
An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing
more than this number of updates during an update interval (usually 30 minutes).
Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this
to trigger route validation continuously. Given that routers with large full tables may need
more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers
of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally.
Additionally, the re-validation will cause heightened BMP traffic to ingestors.
Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-55553]

Upstream patches:
[https://github.com/FRRouting/frr/commit/b0800bfdf04b4fcf48504737ebfe4ba7f05268d3]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-21 11:06:13 +05:30
Ankur Tyagi 1d9c04fea8 frr: upgrade 9.1 -> 9.1.3
Dropped patches which are part of this release.

Release Notes:
https://github.com/FRRouting/frr/releases/tag/frr-9.1.1
https://github.com/FRRouting/frr/releases/tag/frr-9.1.2
https://github.com/FRRouting/frr/releases/tag/frr-9.1.3

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:14:57 +05:30
Ankur Tyagi 4bb1da31d5 frr: patch CVE-2024-44070
Details https://nvd.nist.gov/vuln/detail/CVE-2024-44070

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-30 14:43:33 +08:00
Zhang Peng df0a87ca52 frr: fix CVE-2024-31949
CVE-2024-31949:
In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR
capability as a dynamic capability because malformed data results in a pointer not advancing.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31949]

Upstream patches:
[https://github.com/FRRouting/frr/commit/30a332dad86fafd2b0b6c61d23de59ed969a219b]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-12-15 13:57:40 -05:00
Zhang Peng 2d7769f90b frr: fix CVE-2024-31948
CVE-2024-31948:
In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute
in a BGP UPDATE packet can cause the bgpd daemon to crash.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31948]

Upstream patches:
[https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138]
[https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-12-15 13:57:37 -05:00
Zhang Peng 483946a97b frr: fix CVE-2024-31951
CVE-2024-31951:
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a
buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during
an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31951]

Upstream patches:
[https://github.com/FRRouting/frr/commit/5557a289acdaeec8cc63ffc97b5c2abf6dee7b3a]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-12-15 13:57:33 -05:00
Zhang Peng 327470f000 frr: fix CVE-2024-31950
CVE-2024-31950:
In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in
ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs
(their size is not validated).

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31950]

Upstream patches:
[https://github.com/FRRouting/frr/commit/f69d1313b19047d3d83fc2b36a518355b861dfc4]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-12-15 13:57:29 -05:00
Zhang Peng 9c352814e4 frr: fix CVE-2024-34088
CVE-2024-34088:
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c
in the OSPF daemon to return a NULL pointer. In cases where calling functions do not
handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-34088]

Upstream patches:
[https://github.com/FRRouting/frr/commit/8c177d69e32b91b45bda5fc5da6511fa03dc11ca]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-12-15 13:57:26 -05:00
Khem Raj 3f08151bf4 frr: Fix build on newer musl
provide GNU like basename on non-glibc systems

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-17 13:10:11 -07:00
Khem Raj 704e3e0a3d frr: Upgrade to latest on 9.1 stable
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-17 13:10:10 -07:00
Martin Jansa e722be5fac recipes: Drop remaining PR values from recipes
* as oe-core did in:
  https://git.openembedded.org/openembedded-core/commit/?id=d4c346e8ab

* when people are have to maintain own PRs for recipes in oe-core, they
  might add them for meta-oe recipes at the same time when upgrading
  to next LTS

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-17 13:10:10 -07:00
Wang Mingyu 3449642b58 frr: Fix install conflict when enable multilib.
Error: Transaction test error:
  file /usr/lib/systemd/system/frr.service conflicts between attempted installs of frr-9.1-r1.cortexa57 and lib32-frr-9.1-r1.armv7ahf_neon
  file /usr/lib/systemd/system/frr@.service conflicts between attempted installs of frr-9.1-r1.cortexa57 and lib32-frr-9.1-r1.armv7ahf_neon
  file /usr/include/frr/version.h conflicts between attempted installs of lib32-frr-dev-9.1-r1.armv7ahf_neon and frr-dev-9.1-r1.cortexa57

The differences of version.h are as follows:
@@ -32,7 +32,7 @@
 #define FRR_VER_SHORT   "9.1"
 #define FRR_BUG_ADDRESS "https://github.com/frrouting/frr/issues"
 #define FRR_COPYRIGHT   "Copyright 1996-2005 Kunihiro Ishiguro, et al."
-#define FRR_CONFIG_ARGS "'--build=x86_64-linux' '--host=aarch64-poky-linux' '--target=aarch64-poky-linux' '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec' '--datadir=/usr/share' '--sysconfdir=/etc' '--sharedstatedir=/com' '--localstatedir=/var' '--libdir=/usr/lib64' '--includedir=/usr/include' '--oldincludedir=/usr/include' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--disable-silent-rules' '--disable-dependency-tracking' '--with-libtool-sysroot=' '--sbindir=/usr/lib64/frr' '--sysconfdir=/etc/frr' '--localstatedir=/var/run/frr' '--enable-vtysh' '--enable-multipath=64' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' '--disable-doc' '--with-clippy=/usr/lib/clippy' '--disable-static' '--disable-capabilities' '--disable-cumulus' '--disable-datacenter' '--disable-fpm' '--disable-grpc' '--disable-ospfapi' '--disable-ospfclient' '--without-l
 ibpam' '--disable-protobuf' '--disable-snmp' '--disable-zeromq' 'build_alias=x86_64-linux' 'host_alias=aarch64-poky-linux' 'target_alias=aarch64-poky-linux' 'AR=aarch64-poky-linux-gcc-ar' 'LD=aarch64-poky-linux-ld --sysroot= ' 'OBJCOPY=aarch64-poky-linux-objcopy' 'OBJDUMP=aarch64-poky-linux-objdump' 'RANLIB=aarch64-poky-linux-gcc-ranlib' 'STRIP=aarch64-poky-linux-strip' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig://usr/share/pkgconfig' 'PKG_CONFIG_LIBDIR=/usr/lib64/pkgconfig' 'CC=aarch64-poky-linux-gcc -mcpu=cortex-a57 -march=armv8-a+crc -mbranch-protection=standard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=' 'CPPFLAGS=' 'CPP=aarch64-poky-linux-gcc -E --sysroot= -mcpu=cortex-a57 -march=armv8-a+crc -mbranch-protection=standard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security' 'CXX=aarch64-poky-linux-g++ -mcpu=cortex-a57 -march=armv8-a+crc -mbranch-prot
 ection=standard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=' 'PYTHON=/usr/bin/python3-native/python3'"
+#define FRR_CONFIG_ARGS "'--build=x86_64-linux' '--host=arm-pokymllib32-linux-gnueabi' '--target=arm-pokymllib32-linux-gnueabi' '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec' '--datadir=/usr/share' '--sysconfdir=/etc' '--sharedstatedir=/com' '--localstatedir=/var' '--libdir=/usr/lib' '--includedir=/usr/include' '--oldincludedir=/usr/include' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--disable-silent-rules' '--disable-dependency-tracking' '--with-libtool-sysroot=' '--sbindir=/usr/lib/frr' '--sysconfdir=/etc/frr' '--localstatedir=/var/run/frr' '--enable-vtysh' '--enable-multipath=64' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' '--disable-doc' '--with-clippy=/usr/lib/clippy' '--disable-static' '--disable-capabilities' '--disable-cumulus' '--disable-datacenter' '--disable-fpm' '--disable-grpc' '--disable-ospfapi' '--disable-ospfcl
 ient' '--without-libpam' '--disable-protobuf' '--disable-snmp' '--disable-zeromq' 'build_alias=x86_64-linux' 'host_alias=arm-pokymllib32-linux-gnueabi' 'target_alias=arm-pokymllib32-linux-gnueabi' 'AR=arm-pokymllib32-linux-gnueabi-gcc-ar' 'LD=arm-pokymllib32-linux-gnueabi-ld --sysroot= ' 'OBJCOPY=arm-pokymllib32-linux-gnueabi-objcopy' 'OBJDUMP=arm-pokymllib32-linux-gnueabi-objdump' 'RANLIB=arm-pokymllib32-linux-gnueabi-gcc-ranlib' 'STRIP=arm-pokymllib32-linux-gnueabi-strip' 'PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/share/pkgconfig:/ubinux-dev/ubinux001/contribution/build_xh/tmp/work/armv7ahf-neon-pokymllib32-linux-gnueabi/lib32-frr/9.1/recipe-sysroot//usr/share/pkgconfig' 'PKG_CONFIG_LIBDIR=/usr/lib/pkgconfig' 'CC=arm-pokymllib32-linux-gnueabi-gcc -march=armv7-a -mfpu=neon -mfloat-abi=hard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 --sysroot=' 'CPPFLAGS=' 'CPP=arm-pokymllib32-linux-gnueabi
 -gcc -E --sysroot= -march=armv7-a -mfpu=neon -mfloat-abi=hard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64' 'CXX=arm-pokymllib32-linux-gnueabi-g++ -march=armv7-a -mfpu=neon -mfloat-abi=hard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 --sysroot=' 'PYTHON=/usr/bin/python3-native/python3'"

 #define FRR_DEFAULT_MOTD \
        "\n" \

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-12 08:51:11 -08:00
Wang Mingyu 4ea46a31b9 frr: use update-alternatives for ietf-interfaces.yang
Error: Transaction test error:
  file /usr/share/yang/ietf-interfaces.yang conflicts between attempted installs of libsmi-yang-0.5.0-r0.cortexa57 and frr-9.1-r1.cortexa57

libsmi also uses the doc 'ietf-interfaces.yang'.
libsmi has a priority of 50.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-11 19:50:44 -08:00
Wang Mingyu 94f462ce82 frr: upgrade 9.0.1 -> 9.1
0001-tools-make-quiet-actually-suppress-output.patch
CVE-2023-46752.patch
CVE-2023-46753.patch
CVE-2023-47234.patch
CVE-2023-47235.patch
removed since they're included in 9.1

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-28 08:55:39 -08:00
Jonas Gorski 00e928bcb7 frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5}
Add patches fixing CVE CVE-2023-46752, CVE-2023-46753, CVE-2023-47234,
and CVE-2023-47235 to FRR 9.0.

Patch order is commit order, not CVE numerical order, to avoid fuzz /
need for rebasing of the patches.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-46752
https://nvd.nist.gov/vuln/detail/CVE-2023-46753
https://nvd.nist.gov/vuln/detail/CVE-2023-47234
https://nvd.nist.gov/vuln/detail/CVE-2023-47235

Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-22 06:56:15 -08:00
Jonas Gorski 6f1d32a9bf frr: upgrade 8.4.4 -> 9.0.1
Upgrade FRR to 9.0.1:

* drop all existing patches since they are included in 9.0.1
* add a patch fixing (harmless) error messages in log
* license files moved to doc/licenses
* protobuf-c-native (for protoc) and protobuf-c are now needed

Changelogs:
https://github.com/FRRouting/frr/releases/tag/frr-9.0.1
https://github.com/FRRouting/frr/commit/31ed3dd753d62b5d8916998bc32814007e91364b
https://github.com/FRRouting/frr/releases/tag/frr-9.0
https://github.com/FRRouting/frr/commit/2863e7efbcd0cbfbd41d3be04c660d77df65d0ea

Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-09-22 07:36:16 -07:00
Robert Yang 3ed51f2d3b frr: Fix CVE-2023-41358 and CVE-2023-41360
Backport patches to fix CVE-2023-41358 and CVE-2023-41360.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-41358
https://nvd.nist.gov/vuln/detail/CVE-2023-41360

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-09-07 08:22:43 -07:00
Yi Zhao ee1026ab77 frr: Security fix CVE-2023-3748
CVE-2023-3748:
A flaw was found in FRRouting when parsing certain babeld unicast hello
messages that are intended to be ignored. This issue may allow an
attacker to send specially crafted hello messages with the unicast flag
set, the interval field set to 0, or any TLV that contains a sub-TLV
with the Mandatory flag set to enter an infinite loop and cause a denial
of service.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-3748

Patch from:
https://github.com/FRRouting/frr/commit/ae1e0e1fed77716bc06f181ad68c4433fb5523d0

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-08-28 08:55:26 -07:00
Yi Zhao 50577b639a frr: upgrade 8.4.2 -> 8.4.4
ChangeLog:
https://github.com/FRRouting/frr/releases/tag/frr-8.4.4
https://github.com/FRRouting/frr/commit/45e36c0c00a517ad1606135b18c5753e210cfc0d

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-06-28 13:53:12 -07:00
Chen Qi 10c7793832 frr: add CVE_PRODUCT
The CVE_PRODUCT is frrouting in NVD database.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-08 21:45:53 -07:00
Yi Zhao d7b8c3a9f7 frr: support more arches
Now frr can support more arches as libyang can be built on all arches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-08 07:12:23 -08:00
Yi Zhao 80740b1d3c frr: add UPSTREAM_CHECK_GITTAGREGEX
Add UPSTREAM_CHECK_GITTAGREGEX to check the correct latest stable
verison.

Before the patch:
$ devtool latest-version frr
INFO: Current version: 8.4.2
INFO: Latest version: 9.0
INFO: Latest version's commit: 16c38045b1a84f899da473398779cc593d82d2bd

Version 9.0 is a development tag[1].

After the patch:
$ devtool latest-version frr
INFO: Current version: 8.4.2
INFO: Latest version: 8.4.2
INFO: Latest version's commit: 9e25d07412e92bdcd1f69c4755dc7564b23023c0

[1] https://github.com/FRRouting/frr/tags

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-05 14:34:38 -08:00
Yi Zhao 85aa214ce0 frr: upgrade 8.4.1 -> 8.4.2
ChangeLog:
https://github.com/FRRouting/frr/releases/tag/frr-8.4.2

Per [1], update frr.pam to eliminate the warning issued by pam:
vtysh[485]: pam_warn(frr:account): function=[pam_sm_acct_mgmt] flags=0
service=[frr] terminal=[<unknown>] user=[root] ruser=[<unknown>] rhost=[<unknown>]

[1] https://github.com/FRRouting/frr/commit/6031b8a3224cde14fd1df6e60855310f97942ff9

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-02-07 07:01:21 -08:00
Yi Zhao f9024bf768 frr: upgrade 8.3.1 -> 8.4.1
Drop backport patches.

ChangeLog:
https://github.com/FRRouting/frr/releases/tag/frr-8.4.1

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-12-14 08:22:04 -08:00
Alexander Kanavin 4035dfc557 frr: add a patch to correctly check presence of python from pkg-config
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-11-10 10:41:35 -08:00
Yi Zhao 9628ca83c2 frr: Security fix CVE-2022-37032
CVE-2022-37032:
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may
lead to a segmentation fault and denial of service. This occurs in
bgp_capability_msg_parse in bgpd/bgp_packet.c.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-37032

Patch from:
https://github.com/FRRouting/frr/commit/066770ac1c69ee5b484bb82581b22ad0423b004d

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-10-12 19:19:27 -07:00
Yi Zhao f684687591 frr: upgrade 8.2.2 -> 8.3.1
Backport patches to fix build error with --disable-ospfapi and
CVE-2022-37035.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-09-29 13:32:15 -07:00
Khem Raj d8c94d06cf frr: Fix configure check for libreadline
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-09-01 10:55:23 -07:00
Mingli Yu 8b76b6c8e3 frr: fix buildpaths issue
Fixes:
  WARNING: frr-8.2.2-r0 do_package_qa: QA Issue: File /usr/lib/libfrr.a in package frr-staticdev contains reference to TMPDIR [buildpaths]
  WARNING: frr-8.2.2-r0 do_package_qa: QA Issue: File /usr/src/debug/frr/8.2.2-r0/git/lib/version.h in package frr-src contains reference to TMPDIR [buildpaths]
  WARNING: frr-8.2.2-r0 do_package_qa: QA Issue: File /usr/include/frr/version.h in package frr-dev contains reference to TMPDIR [buildpaths]
  WARNING: frr-8.2.2-r0 do_package_qa: QA Issue: File /usr/bin/vtysh in package frr contains reference to TMPDIR
  File /usr/lib/libfrr.so.0.0.0 in package frr contains reference to TMPDIR [buildpaths]

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-08-06 09:51:32 -07:00
Yi Zhao 09a97158f8 frr: inherit autotools-brokensep instead of autotools
There is a parallel build error in separate build directory:

| /home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/frr/8.2.2-r0/recipe-sysroot-native/usr/lib/clippy ../git/python/clidef.py -o isisd/isis_cli_clippy.c ../git/isisd/isis_cli.c
| Traceback (most recent call last):
|   File "../git/python/clidef.py", line 466, in <module>
|     clippy.wrdiff(
|   File "/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/frr/8.2.2-r0/git/python/clippy/__init__.py", line 78, in wrdiff
|     with open(newname, "w") as out:
| FileNotFoundError: [Errno 2] No such file or directory: 'isisd/isis_cli_clippy.c.new-372541'
| make[1]: Leaving directory '/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/frr/8.2.2-r0/build'
| make[1]: *** [Makefile:17386: isisd/isis_cli_clippy.c] Error 1

This is beacuse clidef.py only creates new file but doesn't check if
parent directory exists. Inherit autotools-brokensep can fix this issue
as these parent directories always exist in source directory.

Also set ac_cv_path_PERL to '/usr/bin/env perl' to avoid path too long.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-04-29 19:32:47 -07:00
Yi Zhao 57089566e3 frr: add PACKAGECONFIG for fpm
The Forwarding Plane Manager support is optional, make it as
PACKAGECONFIG.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-04-25 11:00:43 -07:00
Yi Zhao ee3b2e19a6 frr: install correct initscript
Install frrinit.sh as initscript rather than frr.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-04-13 19:21:41 -07:00
Yi Zhao b420d9f221 frr: add recipe
FRRouting (FRR) is a free and open source Internet routing protocol
suite for Linux and Unix platforms. It implements BGP, OSPF, RIP, IS-IS,
PIM, LDP, BFD, Babel, PBR, OpenFabric and VRRP, with alpha support for
EIGRP and NHRP.

FRRouting is a fork of Quagga. The main git lives on
https://github.com/frrouting/frr.git

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-04-12 09:28:25 -07:00