Ankur Tyagi
fdd887bc29
frr: patch CVE-2026-28532
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-28532
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-05-21 08:57:45 +05:30
Ankur Tyagi
31777981d7
frr: patch multiple CVEs
...
Details:
https://nvd.nist.gov/vuln/detail/CVE-2025-61099
https://nvd.nist.gov/vuln/detail/CVE-2025-61100
https://nvd.nist.gov/vuln/detail/CVE-2025-61101
https://nvd.nist.gov/vuln/detail/CVE-2025-61102
https://nvd.nist.gov/vuln/detail/CVE-2025-61103
https://nvd.nist.gov/vuln/detail/CVE-2025-61104
https://nvd.nist.gov/vuln/detail/CVE-2025-61105
https://nvd.nist.gov/vuln/detail/CVE-2025-61106
https://nvd.nist.gov/vuln/detail/CVE-2025-61107
The PR[1] mentioned in nvd got closed without merge due to unresolved
code review comments but another PR[2] fixed them and changes were merged.
[1] https://github.com/FRRouting/frr/pull/19480
[2] https://github.com/FRRouting/frr/pull/19983
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-19 12:15:48 +05:30
Ankur Tyagi
c0c54373e9
frr: ignore CVE-2024-44070
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-44070
The PR[1] fixing this CVE was backported[2] to stable/9.1 and commit[3]
exists in the current version so we can ignore it.
$ git tag --contains 21cd931 | grep frr-9.1.3
frr-9.1.3
[1] https://github.com/FRRouting/frr/pull/16497
[2] https://github.com/FRRouting/frr/pull/16504
[3] https://github.com/FRRouting/frr/commit/21cd931a5f9303e12104c72ce31ca383c0c57514
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-12 07:51:58 +05:30
Zhang Peng
e656a5b181
frr: fix CVE-2024-55553
...
CVE-2024-55553:
In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size
of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes.
An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing
more than this number of updates during an update interval (usually 30 minutes).
Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this
to trigger route validation continuously. Given that routers with large full tables may need
more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers
of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally.
Additionally, the re-validation will cause heightened BMP traffic to ingestors.
Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-55553 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/b0800bfdf04b4fcf48504737ebfe4ba7f05268d3 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-11-21 11:06:13 +05:30
Ankur Tyagi
1d9c04fea8
frr: upgrade 9.1 -> 9.1.3
...
Dropped patches which are part of this release.
Release Notes:
https://github.com/FRRouting/frr/releases/tag/frr-9.1.1
https://github.com/FRRouting/frr/releases/tag/frr-9.1.2
https://github.com/FRRouting/frr/releases/tag/frr-9.1.3
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-11-12 11:14:57 +05:30
Ankur Tyagi
4bb1da31d5
frr: patch CVE-2024-44070
...
Details https://nvd.nist.gov/vuln/detail/CVE-2024-44070
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:33 +08:00
Zhang Peng
df0a87ca52
frr: fix CVE-2024-31949
...
CVE-2024-31949:
In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR
capability as a dynamic capability because malformed data results in a pointer not advancing.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31949 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/30a332dad86fafd2b0b6c61d23de59ed969a219b ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 13:57:40 -05:00
Zhang Peng
2d7769f90b
frr: fix CVE-2024-31948
...
CVE-2024-31948:
In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute
in a BGP UPDATE packet can cause the bgpd daemon to crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31948 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138 ]
[https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 13:57:37 -05:00
Zhang Peng
483946a97b
frr: fix CVE-2024-31951
...
CVE-2024-31951:
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a
buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during
an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31951 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/5557a289acdaeec8cc63ffc97b5c2abf6dee7b3a ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 13:57:33 -05:00
Zhang Peng
327470f000
frr: fix CVE-2024-31950
...
CVE-2024-31950:
In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in
ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs
(their size is not validated).
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31950 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/f69d1313b19047d3d83fc2b36a518355b861dfc4 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 13:57:29 -05:00
Zhang Peng
9c352814e4
frr: fix CVE-2024-34088
...
CVE-2024-34088:
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c
in the OSPF daemon to return a NULL pointer. In cases where calling functions do not
handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-34088 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/8c177d69e32b91b45bda5fc5da6511fa03dc11ca ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 13:57:26 -05:00
Khem Raj
3f08151bf4
frr: Fix build on newer musl
...
provide GNU like basename on non-glibc systems
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2024-03-17 13:10:11 -07:00
Khem Raj
704e3e0a3d
frr: Upgrade to latest on 9.1 stable
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2024-03-17 13:10:10 -07:00
Martin Jansa
e722be5fac
recipes: Drop remaining PR values from recipes
...
* as oe-core did in:
https://git.openembedded.org/openembedded-core/commit/?id=d4c346e8ab
* when people are have to maintain own PRs for recipes in oe-core, they
might add them for meta-oe recipes at the same time when upgrading
to next LTS
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2024-03-17 13:10:10 -07:00
Wang Mingyu
3449642b58
frr: Fix install conflict when enable multilib.
...
Error: Transaction test error:
file /usr/lib/systemd/system/frr.service conflicts between attempted installs of frr-9.1-r1.cortexa57 and lib32-frr-9.1-r1.armv7ahf_neon
file /usr/lib/systemd/system/frr@.service conflicts between attempted installs of frr-9.1-r1.cortexa57 and lib32-frr-9.1-r1.armv7ahf_neon
file /usr/include/frr/version.h conflicts between attempted installs of lib32-frr-dev-9.1-r1.armv7ahf_neon and frr-dev-9.1-r1.cortexa57
The differences of version.h are as follows:
@@ -32,7 +32,7 @@
#define FRR_VER_SHORT "9.1"
#define FRR_BUG_ADDRESS "https://github.com/frrouting/frr/issues "
#define FRR_COPYRIGHT "Copyright 1996-2005 Kunihiro Ishiguro, et al."
-#define FRR_CONFIG_ARGS "'--build=x86_64-linux' '--host=aarch64-poky-linux' '--target=aarch64-poky-linux' '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec' '--datadir=/usr/share' '--sysconfdir=/etc' '--sharedstatedir=/com' '--localstatedir=/var' '--libdir=/usr/lib64' '--includedir=/usr/include' '--oldincludedir=/usr/include' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--disable-silent-rules' '--disable-dependency-tracking' '--with-libtool-sysroot=' '--sbindir=/usr/lib64/frr' '--sysconfdir=/etc/frr' '--localstatedir=/var/run/frr' '--enable-vtysh' '--enable-multipath=64' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' '--disable-doc' '--with-clippy=/usr/lib/clippy' '--disable-static' '--disable-capabilities' '--disable-cumulus' '--disable-datacenter' '--disable-fpm' '--disable-grpc' '--disable-ospfapi' '--disable-ospfclient' '--without-l
ibpam' '--disable-protobuf' '--disable-snmp' '--disable-zeromq' 'build_alias=x86_64-linux' 'host_alias=aarch64-poky-linux' 'target_alias=aarch64-poky-linux' 'AR=aarch64-poky-linux-gcc-ar' 'LD=aarch64-poky-linux-ld --sysroot= ' 'OBJCOPY=aarch64-poky-linux-objcopy' 'OBJDUMP=aarch64-poky-linux-objdump' 'RANLIB=aarch64-poky-linux-gcc-ranlib' 'STRIP=aarch64-poky-linux-strip' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig://usr/share/pkgconfig' 'PKG_CONFIG_LIBDIR=/usr/lib64/pkgconfig' 'CC=aarch64-poky-linux-gcc -mcpu=cortex-a57 -march=armv8-a+crc -mbranch-protection=standard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=' 'CPPFLAGS=' 'CPP=aarch64-poky-linux-gcc -E --sysroot= -mcpu=cortex-a57 -march=armv8-a+crc -mbranch-protection=standard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security' 'CXX=aarch64-poky-linux-g++ -mcpu=cortex-a57 -march=armv8-a+crc -mbranch-prot
ection=standard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=' 'PYTHON=/usr/bin/python3-native/python3'"
+#define FRR_CONFIG_ARGS "'--build=x86_64-linux' '--host=arm-pokymllib32-linux-gnueabi' '--target=arm-pokymllib32-linux-gnueabi' '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec' '--datadir=/usr/share' '--sysconfdir=/etc' '--sharedstatedir=/com' '--localstatedir=/var' '--libdir=/usr/lib' '--includedir=/usr/include' '--oldincludedir=/usr/include' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--disable-silent-rules' '--disable-dependency-tracking' '--with-libtool-sysroot=' '--sbindir=/usr/lib/frr' '--sysconfdir=/etc/frr' '--localstatedir=/var/run/frr' '--enable-vtysh' '--enable-multipath=64' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' '--disable-doc' '--with-clippy=/usr/lib/clippy' '--disable-static' '--disable-capabilities' '--disable-cumulus' '--disable-datacenter' '--disable-fpm' '--disable-grpc' '--disable-ospfapi' '--disable-ospfcl
ient' '--without-libpam' '--disable-protobuf' '--disable-snmp' '--disable-zeromq' 'build_alias=x86_64-linux' 'host_alias=arm-pokymllib32-linux-gnueabi' 'target_alias=arm-pokymllib32-linux-gnueabi' 'AR=arm-pokymllib32-linux-gnueabi-gcc-ar' 'LD=arm-pokymllib32-linux-gnueabi-ld --sysroot= ' 'OBJCOPY=arm-pokymllib32-linux-gnueabi-objcopy' 'OBJDUMP=arm-pokymllib32-linux-gnueabi-objdump' 'RANLIB=arm-pokymllib32-linux-gnueabi-gcc-ranlib' 'STRIP=arm-pokymllib32-linux-gnueabi-strip' 'PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/share/pkgconfig:/ubinux-dev/ubinux001/contribution/build_xh/tmp/work/armv7ahf-neon-pokymllib32-linux-gnueabi/lib32-frr/9.1/recipe-sysroot//usr/share/pkgconfig' 'PKG_CONFIG_LIBDIR=/usr/lib/pkgconfig' 'CC=arm-pokymllib32-linux-gnueabi-gcc -march=armv7-a -mfpu=neon -mfloat-abi=hard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 --sysroot=' 'CPPFLAGS=' 'CPP=arm-pokymllib32-linux-gnueabi
-gcc -E --sysroot= -march=armv7-a -mfpu=neon -mfloat-abi=hard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64' 'CXX=arm-pokymllib32-linux-gnueabi-g++ -march=armv7-a -mfpu=neon -mfloat-abi=hard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 --sysroot=' 'PYTHON=/usr/bin/python3-native/python3'"
#define FRR_DEFAULT_MOTD \
"\n" \
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2024-01-12 08:51:11 -08:00
Wang Mingyu
4ea46a31b9
frr: use update-alternatives for ietf-interfaces.yang
...
Error: Transaction test error:
file /usr/share/yang/ietf-interfaces.yang conflicts between attempted installs of libsmi-yang-0.5.0-r0.cortexa57 and frr-9.1-r1.cortexa57
libsmi also uses the doc 'ietf-interfaces.yang'.
libsmi has a priority of 50.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2024-01-11 19:50:44 -08:00
Wang Mingyu
94f462ce82
frr: upgrade 9.0.1 -> 9.1
...
0001-tools-make-quiet-actually-suppress-output.patch
CVE-2023-46752.patch
CVE-2023-46753.patch
CVE-2023-47234.patch
CVE-2023-47235.patch
removed since they're included in 9.1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2023-11-28 08:55:39 -08:00
Jonas Gorski
00e928bcb7
frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5}
...
Add patches fixing CVE CVE-2023-46752, CVE-2023-46753, CVE-2023-47234,
and CVE-2023-47235 to FRR 9.0.
Patch order is commit order, not CVE numerical order, to avoid fuzz /
need for rebasing of the patches.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-46752
https://nvd.nist.gov/vuln/detail/CVE-2023-46753
https://nvd.nist.gov/vuln/detail/CVE-2023-47234
https://nvd.nist.gov/vuln/detail/CVE-2023-47235
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2023-11-22 06:56:15 -08:00
Jonas Gorski
6f1d32a9bf
frr: upgrade 8.4.4 -> 9.0.1
...
Upgrade FRR to 9.0.1:
* drop all existing patches since they are included in 9.0.1
* add a patch fixing (harmless) error messages in log
* license files moved to doc/licenses
* protobuf-c-native (for protoc) and protobuf-c are now needed
Changelogs:
https://github.com/FRRouting/frr/releases/tag/frr-9.0.1
https://github.com/FRRouting/frr/commit/31ed3dd753d62b5d8916998bc32814007e91364b
https://github.com/FRRouting/frr/releases/tag/frr-9.0
https://github.com/FRRouting/frr/commit/2863e7efbcd0cbfbd41d3be04c660d77df65d0ea
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2023-09-22 07:36:16 -07:00
Robert Yang
3ed51f2d3b
frr: Fix CVE-2023-41358 and CVE-2023-41360
...
Backport patches to fix CVE-2023-41358 and CVE-2023-41360.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-41358
https://nvd.nist.gov/vuln/detail/CVE-2023-41360
Signed-off-by: Robert Yang <liezhi.yang@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2023-09-07 08:22:43 -07:00
Yi Zhao
ee1026ab77
frr: Security fix CVE-2023-3748
...
CVE-2023-3748:
A flaw was found in FRRouting when parsing certain babeld unicast hello
messages that are intended to be ignored. This issue may allow an
attacker to send specially crafted hello messages with the unicast flag
set, the interval field set to 0, or any TLV that contains a sub-TLV
with the Mandatory flag set to enter an infinite loop and cause a denial
of service.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-3748
Patch from:
https://github.com/FRRouting/frr/commit/ae1e0e1fed77716bc06f181ad68c4433fb5523d0
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2023-08-28 08:55:26 -07:00
Yi Zhao
50577b639a
frr: upgrade 8.4.2 -> 8.4.4
...
ChangeLog:
https://github.com/FRRouting/frr/releases/tag/frr-8.4.4
https://github.com/FRRouting/frr/commit/45e36c0c00a517ad1606135b18c5753e210cfc0d
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2023-06-28 13:53:12 -07:00
Chen Qi
10c7793832
frr: add CVE_PRODUCT
...
The CVE_PRODUCT is frrouting in NVD database.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2023-05-08 21:45:53 -07:00
Yi Zhao
d7b8c3a9f7
frr: support more arches
...
Now frr can support more arches as libyang can be built on all arches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2023-03-08 07:12:23 -08:00
Yi Zhao
80740b1d3c
frr: add UPSTREAM_CHECK_GITTAGREGEX
...
Add UPSTREAM_CHECK_GITTAGREGEX to check the correct latest stable
verison.
Before the patch:
$ devtool latest-version frr
INFO: Current version: 8.4.2
INFO: Latest version: 9.0
INFO: Latest version's commit: 16c38045b1a84f899da473398779cc593d82d2bd
Version 9.0 is a development tag[1].
After the patch:
$ devtool latest-version frr
INFO: Current version: 8.4.2
INFO: Latest version: 8.4.2
INFO: Latest version's commit: 9e25d07412e92bdcd1f69c4755dc7564b23023c0
[1] https://github.com/FRRouting/frr/tags
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2023-03-05 14:34:38 -08:00
Yi Zhao
85aa214ce0
frr: upgrade 8.4.1 -> 8.4.2
...
ChangeLog:
https://github.com/FRRouting/frr/releases/tag/frr-8.4.2
Per [1], update frr.pam to eliminate the warning issued by pam:
vtysh[485]: pam_warn(frr:account): function=[pam_sm_acct_mgmt] flags=0
service=[frr] terminal=[<unknown>] user=[root] ruser=[<unknown>] rhost=[<unknown>]
[1] https://github.com/FRRouting/frr/commit/6031b8a3224cde14fd1df6e60855310f97942ff9
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2023-02-07 07:01:21 -08:00
Yi Zhao
f9024bf768
frr: upgrade 8.3.1 -> 8.4.1
...
Drop backport patches.
ChangeLog:
https://github.com/FRRouting/frr/releases/tag/frr-8.4.1
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2022-12-14 08:22:04 -08:00
Alexander Kanavin
4035dfc557
frr: add a patch to correctly check presence of python from pkg-config
...
Signed-off-by: Alexander Kanavin <alex@linutronix.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2022-11-10 10:41:35 -08:00
Yi Zhao
9628ca83c2
frr: Security fix CVE-2022-37032
...
CVE-2022-37032:
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may
lead to a segmentation fault and denial of service. This occurs in
bgp_capability_msg_parse in bgpd/bgp_packet.c.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-37032
Patch from:
https://github.com/FRRouting/frr/commit/066770ac1c69ee5b484bb82581b22ad0423b004d
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2022-10-12 19:19:27 -07:00
Yi Zhao
f684687591
frr: upgrade 8.2.2 -> 8.3.1
...
Backport patches to fix build error with --disable-ospfapi and
CVE-2022-37035.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2022-09-29 13:32:15 -07:00
Khem Raj
d8c94d06cf
frr: Fix configure check for libreadline
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2022-09-01 10:55:23 -07:00
Mingli Yu
8b76b6c8e3
frr: fix buildpaths issue
...
Fixes:
WARNING: frr-8.2.2-r0 do_package_qa: QA Issue: File /usr/lib/libfrr.a in package frr-staticdev contains reference to TMPDIR [buildpaths]
WARNING: frr-8.2.2-r0 do_package_qa: QA Issue: File /usr/src/debug/frr/8.2.2-r0/git/lib/version.h in package frr-src contains reference to TMPDIR [buildpaths]
WARNING: frr-8.2.2-r0 do_package_qa: QA Issue: File /usr/include/frr/version.h in package frr-dev contains reference to TMPDIR [buildpaths]
WARNING: frr-8.2.2-r0 do_package_qa: QA Issue: File /usr/bin/vtysh in package frr contains reference to TMPDIR
File /usr/lib/libfrr.so.0.0.0 in package frr contains reference to TMPDIR [buildpaths]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2022-08-06 09:51:32 -07:00
Yi Zhao
09a97158f8
frr: inherit autotools-brokensep instead of autotools
...
There is a parallel build error in separate build directory:
| /home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/frr/8.2.2-r0/recipe-sysroot-native/usr/lib/clippy ../git/python/clidef.py -o isisd/isis_cli_clippy.c ../git/isisd/isis_cli.c
| Traceback (most recent call last):
| File "../git/python/clidef.py", line 466, in <module>
| clippy.wrdiff(
| File "/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/frr/8.2.2-r0/git/python/clippy/__init__.py", line 78, in wrdiff
| with open(newname, "w") as out:
| FileNotFoundError: [Errno 2] No such file or directory: 'isisd/isis_cli_clippy.c.new-372541'
| make[1]: Leaving directory '/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/frr/8.2.2-r0/build'
| make[1]: *** [Makefile:17386: isisd/isis_cli_clippy.c] Error 1
This is beacuse clidef.py only creates new file but doesn't check if
parent directory exists. Inherit autotools-brokensep can fix this issue
as these parent directories always exist in source directory.
Also set ac_cv_path_PERL to '/usr/bin/env perl' to avoid path too long.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2022-04-29 19:32:47 -07:00
Yi Zhao
57089566e3
frr: add PACKAGECONFIG for fpm
...
The Forwarding Plane Manager support is optional, make it as
PACKAGECONFIG.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2022-04-25 11:00:43 -07:00
Yi Zhao
ee3b2e19a6
frr: install correct initscript
...
Install frrinit.sh as initscript rather than frr.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2022-04-13 19:21:41 -07:00
Yi Zhao
b420d9f221
frr: add recipe
...
FRRouting (FRR) is a free and open source Internet routing protocol
suite for Linux and Unix platforms. It implements BGP, OSPF, RIP, IS-IS,
PIM, LDP, BFD, Babel, PBR, OpenFabric and VRRP, with alpha support for
EIGRP and NHRP.
FRRouting is a fork of Quagga. The main git lives on
https://github.com/frrouting/frr.git
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2022-04-12 09:28:25 -07:00