dont-swallow-errors.patch
configure.in-Error-fix.patch
removed since they're not available in 3.14.
configure_in_cross.patch
refreshed for 3.14.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Now frr can support more arches as libyang can be built on all arches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add UPSTREAM_CHECK_GITTAGREGEX to check the correct latest stable
verison.
Before the patch:
$ devtool latest-version frr
INFO: Current version: 8.4.2
INFO: Latest version: 9.0
INFO: Latest version's commit: 16c38045b1a84f899da473398779cc593d82d2bd
Version 9.0 is a development tag[1].
After the patch:
$ devtool latest-version frr
INFO: Current version: 8.4.2
INFO: Latest version: 8.4.2
INFO: Latest version's commit: 9e25d07412e92bdcd1f69c4755dc7564b23023c0
[1] https://github.com/FRRouting/frr/tags
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
configure uses AC_PREPROC_IFELSE to check for certain errors from getaddrinfo()
it user search operation in a preprocessed file
UNIQUEVALS=`sort $ERRVALFILE | uniq | wc -l | awk '{ print $1 }'`
However, line numbers are generated into the preprocesser files and they
get sorted higher than numbers
gaierrval:
# 130 "conftest.c" 3 4
-3
-P ensures that line numbers are not generated into preprocessed files,
so these checks can succeed.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
MDNS_VERSIONSTR_NODTS disables __DATE__ and __TIME__ in the version string,
which are fixed anyway for build reproducibility.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Reinstate and rework patches from @garmin.com dropped in 21afab4609
("mdns: update to version 1096.40.7") as these were the functional
pieces of this series; we should either maintain it as a whole or drop
it in its entirety. With this update and without this series,
steady-state operation is a constant churn of all names being removed
and re-added every few seconds. These were refactored to handle the move
to getifaddrs() from get_ifi_info().
Check and cleanup all the other patches, much of which was redundant.
Move source releases to github which is where the Apple site now
redirects to (though these are still effectively just tarball dumps into
git).
Cleanup the recipe so it doesn't override all the packaging defaults.
Fixup musl installs so they don't fail attempting to patch a
non-existent /etc/nsswitch.conf.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
clang errors out linking lto objects
riscv64-yoe-linux-musl-ld: /tmp/lto-llvm-d497c5.o: can't link soft-float modules with double-float modules
This is something needs to be addressed in clang for riscv
as of now disable lto for rv32/rv64 when using clang
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport patches to fix build error with --disable-ospfapi and
CVE-2022-37035.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Dates and address changed
Link with libtirpc for bindresvport() implementation
Drop krb5 packageconfig, its gone from this version
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The pass-ptest-env.patch uses ${B}/extensions as the EXTENSIONS_DIR at build
time and pass the env variable EXTENSIONS_DIR as ${libdir}/${fd_pkgname} at
run time to fix the run time error. But there still exists buildpaths issue.
So rework the pass-ptest-env.patch to make sure EXTENSIONS_DIR to be
${libdir}/${fd_pkgname} both in build and run time.
Fixes:
WARNING: freediameter-1.4.0-r0 do_package_qa: QA Issue: File /usr/lib/freeDiameter/ptest/testloadext in package freediameter-ptest contains reference to TMPDIR
File /usr/lib/freeDiameter/ptest/testmesg_stress in package freediameter-ptest contains reference to TMPDIR
File /usr/lib/freeDiameter/ptest/CTestTestfile.cmake in package freediameter-ptest contains reference to TMPDIR [buildpaths]
WARNING: freediameter-1.4.0-r0 do_package_qa: QA Issue: File /usr/src/debug/freediameter/1.4.0-r0/build/libfdcore/fdd.tab.c in package freediameter-src contains reference to TMPDIR
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade summary:
----------------
- drop 0002-configure-fix-a-cc-check-issue.patch, as it was replaced with
upstream commit https://github.com/net-snmp/net-snmp/commit/dbb49acfa2af
- drop 0001-snmpd-always-exit-after-displaying-usage.patch backport
- rebase net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch manually
- refresh patches with devtool to get rid of fuzz
Changelog:
----------
*5.9.3*:
security:
- These two CVEs can be exploited by a user with read-only credentials:
- CVE-2022-24805 A buffer overflow in the handling of the INDEX of
NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
- CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
can cause a NULL pointer dereference.
- These CVEs can be exploited by a user with read-write credentials:
- CVE-2022-24806 Improper Input Validation when SETing malformed
OIDs in master agent and subagent simultaneously
- CVE-2022-24807 A malformed OID in a SET request to
SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
out-of-bounds memory access.
- CVE-2022-24808 A malformed OID in a SET request to
NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
- CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
can cause a NULL pointer dereference.
- To avoid these flaws, use strong SNMPv3 credentials and do not share them.
If you must use SNMPv1 or SNMPv2c, use a complex community string
and enhance the protection by restricting access to a given IP address
range.
- Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
reporting the following CVEs that have been fixed in this release, and
to Arista Networks for providing fixes.
Windows:
- WinExtDLL: Fix multiple compiler warnings
- WinExtDLL: Make long strings occupy a single line Make it easier to
look up error messages in the source code by making long strings
occupy a single source code line.
- WinExtDLL: Restore MIB-II support Make winExtDLL work on 64-bit
Windows systems") caused snmpd to skip MIB-II on 64-bit systems.
IF-MIB: Update ifTable entries even if the interface name has changed
At least on Linux a network interface index may be reused for a
network interface with a different name. Hence this patch that
enables replacing network interface information even if the network
interface name has changed.
unspecified:
- Moved transport code into a separate subdirectory in snmplib
- Snmplib: remove inline versions of container funcs".
misc:
- snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is
expanded in ${datarootdir} so datarootdir must be set before
@datadir@ is used.
*5.9.2*:
skipped due to a last minute library versioning found bug -- use 5.9.3 instead
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2015-1611 and CVE-2015-1612 are not referred to our implementation
of openflow as specified by the NVD database, ignore them.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2016-4049 is not affecting our version, so we can ignore it.
This is caused because the CPE in the NVD database doesn't specify
a vulnerable version range.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2018-1078 is not for openflow but in the NVD database the
CVE is for a specific implementation that we don't have so we
can ignore it.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The current version of usrsctp is not a release so cve-check
is not able to find the product version. CVE_VERSION is now set
to 0.9.3.0 that is the nearest version in the past starting from
the revision we have.
This is done because we don't have the complete 0.9.4.0 release.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
18 May 2022: babeld-1.12.1
* Implement separate PC values for unicast and multicast, which avoids
dropping packets protected by MAC when WiFi powersave is active.
* Schedule an interface check just after adding an interface.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
5 May 2022: babeld-1.12
* Implement v4-via-v6 routing (RFC 9229), which allows a router with
IPv4 addresses only to route IPv4.
* Enable extended Netlink acks when available.
* Fix restoring of interface configuration to avoid unbounded memory
consumption.
* Fix handling of deny filters in the install chain.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is a parallel build error in separate build directory:
| /home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/frr/8.2.2-r0/recipe-sysroot-native/usr/lib/clippy ../git/python/clidef.py -o isisd/isis_cli_clippy.c ../git/isisd/isis_cli.c
| Traceback (most recent call last):
| File "../git/python/clidef.py", line 466, in <module>
| clippy.wrdiff(
| File "/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/frr/8.2.2-r0/git/python/clippy/__init__.py", line 78, in wrdiff
| with open(newname, "w") as out:
| FileNotFoundError: [Errno 2] No such file or directory: 'isisd/isis_cli_clippy.c.new-372541'
| make[1]: Leaving directory '/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/frr/8.2.2-r0/build'
| make[1]: *** [Makefile:17386: isisd/isis_cli_clippy.c] Error 1
This is beacuse clidef.py only creates new file but doesn't check if
parent directory exists. Inherit autotools-brokensep can fix this issue
as these parent directories always exist in source directory.
Also set ac_cv_path_PERL to '/usr/bin/env perl' to avoid path too long.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The Forwarding Plane Manager support is optional, make it as
PACKAGECONFIG.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
FRRouting (FRR) is a free and open source Internet routing protocol
suite for Linux and Unix platforms. It implements BGP, OSPF, RIP, IS-IS,
PIM, LDP, BFD, Babel, PBR, OpenFabric and VRRP, with alpha support for
EIGRP and NHRP.
FRRouting is a fork of Quagga. The main git lives on
https://github.com/frrouting/frr.git
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rebuilding net-snmp may cause autotools_preconfigure() to run `make
clean`, which in turn can cause `configure`to be run. However, since
CACHED_CONFIGUREVARS is not set under those circumstances, `configure`
will run with an incorrect configuration and the build will fail with:
checking for /etc/printcap... configure: error: cannot check for
file existence when cross compiling
Avoid the problem by setting CLEANBROKEN = "1".
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Khem Raj
Wang Mingyu
Yi Zhao
Martin Jansa
Narpat Mali
Alex Kiernan
Alexander Kanavin
Vyacheslav Yurkov
Mingli Yu
Ovidiu Panait
Davide Gardenal
Peter Kjellerstedt
Oleksandr Kravchuk
Ross Burton
Richard Purdie