File frr.changes of Package frr.30538

-------------------------------------------------------------------
Tue Sep 12 13:40:19 UTC 2023 - Marius Tomaschewski <mt@suse.com>

- Apply upstream fix for NULL pointer dereference due to processing
  of malformed requests with no attributes in bgp_nlri_parse_flowspec
  (CVE-2023-41909,bsc#1215065,https://github.com/FRRouting/frr/pull/13222/commits/cfd04dcb3e689754a72507d086ba3b9709fc5ed8).
  [+ 0014-bgpd-Limit-flowspec-to-no-attribute-means-a-implicit.patch]

-------------------------------------------------------------------
Fri Sep  1 10:11:38 UTC 2023 - Marius Tomaschewski <mt@suse.com>

- Removed protobuf-c BuildRequires (source package name) breaking
  build-system setup with libprotobuf-c-devel 1.3.2 updates.
- Apply upstream fix for bgpd: Do not process NLRIs if the attribute
  length is zero (CVE-2023-41358,bsc#1214735,
  https://github.com/FRRouting/frr/pull/14260)
  [+ 0012-bgpd-Do-not-process-NLRIs-if-the-attribute-length-is.patch]
- Apply upstream fix bgpd: Use treat-as-withdraw for tunnel encapsulation
  attribute instead of session reset (CVE-2023-38802,bsc#1213284,
  https://github.com/FRRouting/frr/pull/14290)
  [+ 0013-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch]

-------------------------------------------------------------------
Wed Nov  2 11:47:48 UTC 2022 - Marius Tomaschewski <mt@suse.com>

- Applied upstream fix for a possible use-after-free due to a race
  condition related to bgp_notify_send_with_data() and
  bgp_process_packet() in bgp_packet.c. This could lead to Remote
  Code Execution or Information Disclosure by sending crafted BGP
  packets (CVE-2022-37035,bsc#1202085).
  [+ 0011-bgpd-avoid-notify-race-between-io-and-main-pthreads.patch]
- Apply upstream fixes for frrinit.sh to avoid a privilege escalation
  from frr to root in frr config creation (bsc#1204124,CVE-2022-42917).
  [+ 0009-tools-Use-install-instead-of-touch-chown-combination.patch,
   + 0010-tools-Run-as-FRR_USER-install-chown-commands-to-avoi.patch]

-------------------------------------------------------------------
Mon Sep  5 11:48:25 UTC 2022 - Marius Tomaschewski <mt@suse.com>

- Apply upstream fix for out-of-bounds read in the BGP daemon
  that may lead to information disclosure or denial of service
  (bsc#1202023,CVE-2022-37032)
  [+ 0007-bgpd-Make-sure-hdr-length-is-at-a-minimum-of-what-is.patch]
- Apply upstream fix for a memory leak in the IS-IS daemon that
  may lead to server memory exhaustion (bsc#1202022,CVE-2019-25074)
  [+ 0008-isisd-Ensure-rcap-is-freed-in-error-case.patch]

-------------------------------------------------------------------
Mon Mar  7 17:07:49 UTC 2022 - Marius Tomaschewski <mt@suse.com>

- Apply backport fix for a buffer overflow in isisd due to the use of strdup
  with a non-zero-terminated binary string (bsc#1196506,CVE-2022-26126)
  [+ 0006-isisd-fix-10505-using-base64-encoding.patch]
- Apply backport fix for a buffer overflow in isisd due to wrong checks on
  the input packet length (bsc#1196505,CVE-2022-26125) with workaround
  for the GIT binary patch to tests/isisd/test_fuzz_isis_tlv_tests.h.gz
  [+ 0005-isisd-fix-router-capability-TLV-parsing-issues.patch]
- Apply fix for a buffer overflow in babeld due to wrong checks on
  the input packet length in the packet_examin and subtlv parsing
  (bsc#1196504,bsc#1196507,CVE-2022-26128,CVE-2022-26129)
  [+ 0004-babeld-fix-10502-10503-by-repairing-the-checks-on-le.patch]
- Apply fix for a heap buffer overflow in babeld due to missing check
  on the input packet length (bsc#1196503,CVE-2022-26127)
  [+ 0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch]

-------------------------------------------------------------------
Fri Apr 23 03:05:06 UTC 2021 - Marius Tomaschewski <mt@suse.com>

- Use skip, not xfail in 0001-disable-zmq-test.patch to disable
  zmq test as it is not expected to fail but hangs (bsc#1180217)

-------------------------------------------------------------------
Mon Dec 21 16:31:44 UTC 2020 - Rubén Torrero Marijnissen <rtorreromarijnissen@suse.com>

- Disable ZeroMQ tests due to sporadic timeouts during package builds (bsc#1180217)
  [+ 0001-disable-zmq-test.patch]

-------------------------------------------------------------------
Fri Oct  2 12:38:25 UTC 2020 - Marius Tomaschewski <mt@suse.com>

- add build condition disabling mininet build require by default,
  needed by the optional topology tests.
- removed one occurrence of vrrpd binary listed twice in file list

-------------------------------------------------------------------
Wed Jul  1 12:21:24 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 7.4
  * Upstream does not provide a changelog
- Drop patch (fixed upstream):
  * 0001-build-use-configfile-mode-in-init-script.patch

-------------------------------------------------------------------
Sun May 31 22:40:46 UTC 2020 - Erico Mendonca <erico.mendonca@suse.com>

- 0001-build-use-configfile-mode-in-init-script.patch: Fix CVE-2020-12831 (boo#1171658).

-------------------------------------------------------------------
Wed May  6 16:07:32 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 7.3.1
  Bugfix/maintenance release
  * Upstream does not provide a changelog

-------------------------------------------------------------------
Tue Apr  7 21:38:12 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>

- enable verbose make rules 
- enable grpc support. new subpackage libfrrgrpc_pb0, new BR:
  pkgconfig(grpc)
- enable config rollbacks. new BR: pkgconfig(sqlite3)
- enable realms support
- enable shell access
- make sure we use system openssl
- fix shebang line of the frr-reload.py and
  generate_support_bundle.py script so we dont pull python2
- do not delete users and groups.
- add Requires for libyang-extentions

-------------------------------------------------------------------
Sat Feb 15 21:27:22 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 7.3
  * Upstream does not provide a changelog this time
- Remove patch:
  * fix_tests.patch (not longer needed)

-------------------------------------------------------------------
Sat Jan 18 20:25:42 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 7.2.1:
  BGPd
  * Fix Addpath issue
  * Do not apply eBGP policy for iBGP peers
  * Show ip and fqdn in json output for show [ip] bgp <route> json
  * Fix large route-distinguisher's format
  * Fix no bgp listen range ... configuration command
  * Autocomplete neighbor for clear bgp
  * Reflect the distance in RIB when it is changed for an
    arbitrary afi/safi
  * Notify "Peer De-configured" after entering 'no neighbor cmd
  * Fix per afi/safi addpath peer counting
  * Rework BGP dampening to be per AFI/SAFI
  * Do not send next-hop as :: in MP_REACH_NLRI if no link-local
    exists
  * Override peer's TTL only if peer-group is configured with TTL
  * Remove error message for unkown afi/safi combination
  * Keep the session down if maximum-prefix is reached
  OSPFd
  * Fix BFD down not tearing down OSPF adjacency for
    point-to-point net
  BFDd
  * Fix multiple VRF handling
  * VRF security improvement
  PIMd
  * Fix rp crash
  NHRPd
  * Make sure no ip nhrp map <something> works as expected
  LDPd
  * Add missing sanity check in the parsing of label messages
  Zebra
  * Use correct state when installing evpn macs
  * Capture dplane plugin flags
  lib
  * Fix interface config when vrf changes
  * Fix Interface Infinite Loop Walk (for special interfaces such
    as bond)
  Others
  * Rename man pages (to avoid conflicts with other packages)
  * Various other fixes for code cleanup and memory leaks

-------------------------------------------------------------------
Fri Jan 17 21:07:45 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Fix license tag

-------------------------------------------------------------------
Wed Jan 15 20:34:50 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Build with support for pcre, protobuf, rpki and zeromq by default

-------------------------------------------------------------------
Wed Jan 15 14:34:59 UTC 2020 - Ismail Dönmez <idonmez@suse.com>

- Cleanup spec file 

-------------------------------------------------------------------
Sun Jan 12 09:40:39 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Fix build-time dependencies
- Remove superflous comments

-------------------------------------------------------------------
Wed Dec 11 23:18:06 UTC 2019 - Erico Mendonca <erico.mendonca@suse.com>

- fix_tests.patch: correct syntax for Python 3 imports in tests.
- Enabling tests

-------------------------------------------------------------------
Wed Dec 11 02:37:42 UTC 2019 - erico.mendonca@suse.com

- Update to version frr7.2:
  * zebra: use correct state when installing evpn macs
  * lib: set entry to xpath in if_update_to_new_vrf
  * zebra: capture dplane plugin flags
  * bgpd: Autocomplete neighbor for clear bgp
  * ospfd,eigrpd: don't take address of packed struct member
  * bgpd: Prevent crash in bgp_table_range_lookup
  * bgpd: Fix memory leak in json output of show commands
  * tests: Test if `distance bgp (1-255) (1-255) (1-255)` works
  * bgpd: Reflect the distance in RIB when it is changed for an arbitrary afi/safi
  * bfdd: fix multiple VRF handling

-------------------------------------------------------------------
Tue Dec 10 12:58:21 UTC 2019 - Erico Mendonca <erico.mendonca@suse.com>

- Updating to version 7.2
- Adding systemd scripts
- Fixing build and permission issues

-------------------------------------------------------------------
Tue Jun 18 08:59:05 UTC 2019 - Martin Hauke <mardnh@gmx.de>

- Update to version 7.0.1

-------------------------------------------------------------------
Sat Feb  2 13:50:16 UTC 2019 - mardnh@gmx.de

- Initial package, version 6.0.2
openSUSE Build Service is sponsored by