import frr-8.0-3.el9

.frr.metadata

@@ -0,0 +1 @@
+5e4505f1289ede3a0d2ce216acfb3f2b2730f09a SOURCES/frr-8.0.tar.gz

.gitignore

@@ -0,0 +1 @@
+SOURCES/frr-8.0.tar.gz

SOURCES/0000-remove-babeld-and-ldpd.patch

@@ -0,0 +1,55 @@
+diff --git a/Makefile.am b/Makefile.am
+index 5be3264..33abc1d 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -130,8 +130,6 @@ include ospf6d/subdir.am
+ include ospfclient/subdir.am
+ include isisd/subdir.am
+ include nhrpd/subdir.am
+-include ldpd/subdir.am
+-include babeld/subdir.am
+ include eigrpd/subdir.am
+ include sharpd/subdir.am
+ include pimd/subdir.am
+@@ -182,7 +180,6 @@ EXTRA_DIST += \
+ 	snapcraft/defaults \
+ 	snapcraft/helpers \
+ 	snapcraft/snap \
+-	babeld/Makefile \
+ 	bgpd/Makefile \
+ 	bgpd/rfp-example/librfp/Makefile \
+ 	bgpd/rfp-example/rfptest/Makefile \
+@@ -193,7 +190,6 @@ EXTRA_DIST += \
+ 	fpm/Makefile \
+ 	grpc/Makefile \
+ 	isisd/Makefile \
+-	ldpd/Makefile \
+ 	lib/Makefile \
+ 	nhrpd/Makefile \
+ 	ospf6d/Makefile \
+diff --git a/tools/etc/frr/daemons b/tools/etc/frr/daemons
+index f6d512b..6d4831d 100644
+--- a/tools/etc/frr/daemons
++++ b/tools/etc/frr/daemons
+@@ -21,10 +21,8 @@ ripd=no
+ ripngd=no
+ isisd=no
+ pimd=no
+-ldpd=no
+ nhrpd=no
+ eigrpd=no
+-babeld=no
+ sharpd=no
+ pbrd=no
+ bfdd=no
+@@ -45,10 +43,8 @@ ripd_options="   -A 127.0.0.1"
+ ripngd_options=" -A ::1"
+ isisd_options="  -A 127.0.0.1"
+ pimd_options="   -A 127.0.0.1"
+-ldpd_options="   -A 127.0.0.1"
+ nhrpd_options="  -A 127.0.0.1"
+ eigrpd_options=" -A 127.0.0.1"
+-babeld_options=" -A 127.0.0.1"
+ sharpd_options=" -A 127.0.0.1"
+ pbrd_options="   -A 127.0.0.1"
+ staticd_options="-A 127.0.0.1"

SOURCES/0002-enable-openssl.patch

@@ -0,0 +1,78 @@
+diff --git a/lib/subdir.am b/lib/subdir.am
+index 0b7af18..0533e24 100644
+--- a/lib/subdir.am
++++ b/lib/subdir.am
+@@ -41,7 +41,6 @@ lib_libfrr_la_SOURCES = \
+ 	lib/log.c \
+ 	lib/log_filter.c \
+ 	lib/log_vty.c \
+-	lib/md5.c \
+ 	lib/memory.c \
+ 	lib/mlag.c \
+ 	lib/module.c \
+@@ -64,7 +64,6 @@ lib_libfrr_la_SOURCES = \
+ 	lib/routemap_northbound.c \
+ 	lib/sbuf.c \
+ 	lib/seqlock.c \
+-	lib/sha256.c \
+ 	lib/sigevent.c \
+ 	lib/skiplist.c \
+ 	lib/sockopt.c \
+@@ -170,7 +170,6 @@ pkginclude_HEADERS += \
+ 	lib/link_state.h \
+ 	lib/log.h \
+ 	lib/log_vty.h \
+-	lib/md5.h \
+ 	lib/memory.h \
+ 	lib/module.h \
+ 	lib/monotime.h \
+@@ -191,7 +190,6 @@ pkginclude_HEADERS += \
+ 	lib/routemap.h \
+ 	lib/sbuf.h \
+ 	lib/seqlock.h \
+-	lib/sha256.h \
+ 	lib/sigevent.h \
+ 	lib/skiplist.h \
+ 	lib/smux.h \
+diff --git a/isisd/isis_lsp.c b/isisd/isis_lsp.c
+index 1991666..2e4fe55 100644
+--- a/isisd/isis_lsp.c
++++ b/isisd/isis_lsp.c
+@@ -35,7 +35,9 @@
+ #include "hash.h"
+ #include "if.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "table.h"
+ #include "srcdest_table.h"
+ #include "lib_errors.h"
+diff --git a/isisd/isis_pdu.c b/isisd/isis_pdu.c
+index 9c63311..7cf594c 100644
+--- a/isisd/isis_pdu.c
++++ b/isisd/isis_pdu.c
+@@ -33,7 +33,9 @@
+ #include "prefix.h"
+ #include "if.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "lib_errors.h"
+ 
+ #include "isisd/isis_constants.h"
+diff --git a/isisd/isis_te.c b/isisd/isis_te.c
+index 4ea6c2c..72ff0d2 100644
+--- a/isisd/isis_te.c
++++ b/isisd/isis_te.c
+@@ -38,7 +38,9 @@
+ #include "if.h"
+ #include "vrf.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "sockunion.h"
+ #include "network.h"
+ #include "sbuf.h"

SOURCES/0003-disable-eigrp-crypto.patch

@@ -0,0 +1,252 @@
+diff --git a/eigrpd/eigrp_packet.c b/eigrpd/eigrp_packet.c
+index bedaf15..8dc09bf 100644
+--- a/eigrpd/eigrp_packet.c
++++ b/eigrpd/eigrp_packet.c
+@@ -40,8 +40,10 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
+ #include "sha256.h"
++#endif
+ #include "lib_errors.h"
+ 
+ #include "eigrpd/eigrp_structs.h"
+@@ -95,8 +97,12 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
+ 	struct key *key = NULL;
+ 	struct keychain *keychain;
+ 
++
+ 	unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN];
++#ifdef CRYPTO_OPENSSL
++#elif CRYPTO_INTERNAL
+ 	MD5_CTX ctx;
++#endif
+ 	uint8_t *ibuf;
+ 	size_t backup_get, backup_end;
+ 	struct TLV_MD5_Authentication_Type *auth_TLV;
+@@ -119,6 +125,9 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
+ 		return EIGRP_AUTH_TYPE_NONE;
+ 	}
+ 
++#ifdef CRYPTO_OPENSSL
++//TBD when this is fixed in upstream
++#elif CRYPTO_INTERNAL
+ 	memset(&ctx, 0, sizeof(ctx));
+ 	MD5Init(&ctx);
+ 
+@@ -146,7 +155,7 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
+ 	}
+ 
+ 	MD5Final(digest, &ctx);
+-
++#endif
+ 	/* Append md5 digest to the end of the stream. */
+ 	memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_MD5_LEN);
+ 
+@@ -162,7 +171,10 @@ int eigrp_check_md5_digest(struct stream *s,
+ 			   struct TLV_MD5_Authentication_Type *authTLV,
+ 			   struct eigrp_neighbor *nbr, uint8_t flags)
+ {
++#ifdef CRYPTO_OPENSSL
++#elif CRYPTO_INTERNAL
+ 	MD5_CTX ctx;
++#endif
+ 	unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN];
+ 	unsigned char orig[EIGRP_AUTH_TYPE_MD5_LEN];
+ 	struct key *key = NULL;
+@@ -203,6 +215,9 @@ int eigrp_check_md5_digest(struct stream *s,
+ 		return 0;
+ 	}
+ 
++#ifdef CRYPTO_OPENSSL
++	//TBD when eigrpd crypto is fixed in upstream
++#elif CRYPTO_INTERNAL
+ 	memset(&ctx, 0, sizeof(ctx));
+ 	MD5Init(&ctx);
+ 
+@@ -230,6 +245,7 @@ int eigrp_check_md5_digest(struct stream *s,
+ 	}
+ 
+ 	MD5Final(digest, &ctx);
++#endif
+ 
+ 	/* compare the two */
+ 	if (memcmp(orig, digest, EIGRP_AUTH_TYPE_MD5_LEN) != 0) {
+@@ -254,7 +270,11 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
+ 	unsigned char digest[EIGRP_AUTH_TYPE_SHA256_LEN];
+ 	unsigned char buffer[1 + PLAINTEXT_LENGTH + 45 + 1] = {0};
+ 
++#ifdef CRYPTO_OPENSSL
++	//TBD when eigrpd crypto is fixed in upstream
++#elif CRYPTO_INTERNAL
+ 	HMAC_SHA256_CTX ctx;
++#endif
+ 	void *ibuf;
+ 	size_t backup_get, backup_end;
+ 	struct TLV_SHA256_Authentication_Type *auth_TLV;
+@@ -283,6 +303,9 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
+ 
+ 	inet_ntop(AF_INET, &ei->address.u.prefix4, source_ip, PREFIX_STRLEN);
+ 
++#ifdef CRYPTO_OPENSSL
++	//TBD when eigrpd crypto is fixed in upstream
++#elif CRYPTO_INTERNAL
+ 	memset(&ctx, 0, sizeof(ctx));
+ 	buffer[0] = '\n';
+ 	memcpy(buffer + 1, key, strlen(key->string));
+@@ -291,7 +314,7 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
+ 			  1 + strlen(key->string) + strlen(source_ip));
+ 	HMAC__SHA256_Update(&ctx, ibuf, strlen(ibuf));
+ 	HMAC__SHA256_Final(digest, &ctx);
+-
++#endif
+ 
+ 	/* Put hmac-sha256 digest to it's place */
+ 	memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_SHA256_LEN);
+diff --git a/eigrpd/eigrp_filter.c b/eigrpd/eigrp_filter.c
+index 93eed94..f1c7347 100644
+--- a/eigrpd/eigrp_filter.c
++++ b/eigrpd/eigrp_filter.c
+@@ -47,7 +47,9 @@
+ #include "if_rmap.h"
+ #include "plist.h"
+ #include "distribute.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "keychain.h"
+ #include "privs.h"
+ #include "vrf.h"
+diff --git a/eigrpd/eigrp_hello.c b/eigrpd/eigrp_hello.c
+index dacd5ca..b232cc5 100644
+--- a/eigrpd/eigrp_hello.c
++++ b/eigrpd/eigrp_hello.c
+@@ -43,7 +43,9 @@
+ #include "sockopt.h"
+ #include "checksum.h"
+ #include "vty.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ 
+ #include "eigrpd/eigrp_structs.h"
+ #include "eigrpd/eigrpd.h"
+diff --git a/eigrpd/eigrp_query.c b/eigrpd/eigrp_query.c
+index 84dcf5e..a2575e3 100644
+--- a/eigrpd/eigrp_query.c
++++ b/eigrpd/eigrp_query.c
+@@ -38,7 +38,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ 
+ #include "eigrpd/eigrp_structs.h"
+diff --git a/eigrpd/eigrp_reply.c b/eigrpd/eigrp_reply.c
+index ccf0496..2902365 100644
+--- a/eigrpd/eigrp_reply.c
++++ b/eigrpd/eigrp_reply.c
+@@ -42,7 +42,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ #include "keychain.h"
+ #include "plist.h"
+diff --git a/eigrpd/eigrp_siaquery.c b/eigrpd/eigrp_siaquery.c
+index ff38325..09b9369 100644
+--- a/eigrpd/eigrp_siaquery.c
++++ b/eigrpd/eigrp_siaquery.c
+@@ -38,7 +38,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ 
+ #include "eigrpd/eigrp_structs.h"
+diff --git a/eigrpd/eigrp_siareply.c b/eigrpd/eigrp_siareply.c
+index d3dd123..f6a2bd6 100644
+--- a/eigrpd/eigrp_siareply.c
++++ b/eigrpd/eigrp_siareply.c
+@@ -37,7 +37,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ 
+ #include "eigrpd/eigrp_structs.h"
+diff --git a/eigrpd/eigrp_snmp.c b/eigrpd/eigrp_snmp.c
+index 21c9238..cfb8890 100644
+--- a/eigrpd/eigrp_snmp.c
++++ b/eigrpd/eigrp_snmp.c
+@@ -42,7 +42,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "keychain.h"
+ #include "smux.h"
+ 
+diff --git a/eigrpd/eigrp_update.c b/eigrpd/eigrp_update.c
+index 8db4903..2a4f0bb 100644
+--- a/eigrpd/eigrp_update.c
++++ b/eigrpd/eigrp_update.c
+@@ -42,7 +42,9 @@
+ #include "log.h"
+ #include "sockopt.h"
+ #include "checksum.h"
++#ifdef CRYPTO_INTERNAL
+ #include "md5.h"
++#endif
+ #include "vty.h"
+ #include "plist.h"
+ #include "plist_int.h"
+diff --git a/eigrpd/eigrp_cli.c b/eigrpd/eigrp_cli.c
+index a93d4c8..b01e121 100644
+--- a/eigrpd/eigrp_cli.c
++++ b/eigrpd/eigrp_cli.c
+@@ -25,6 +25,7 @@
+ #include "lib/command.h"
+ #include "lib/log.h"
+ #include "lib/northbound_cli.h"
++#include "lib/libfrr.h"
+ 
+ #include "eigrp_structs.h"
+ #include "eigrpd.h"
+@@ -726,6 +726,20 @@ DEFPY(
+ 	"Keyed message digest\n"
+ 	"HMAC SHA256 algorithm \n")
+ {
++	//EIGRP authentication is currently broken in FRR
++	switch (frr_get_cli_mode()) {
++	case FRR_CLI_CLASSIC:
++		vty_out(vty, "%% Eigrp Authentication is disabled\n\n");
++		break;
++	case FRR_CLI_TRANSACTIONAL:
++		vty_out(vty,
++			"%% Failed to edit candidate configuration - "
++			"Eigrp Authentication is disabled.\n\n");
++		break;
++	}
++
++	return CMD_WARNING_CONFIG_FAILED;
++
+ 	char xpath[XPATH_MAXLEN], xpath_auth[XPATH_MAXLEN + 64];
+ 
+ 	snprintf(xpath, sizeof(xpath), "./frr-eigrpd:eigrp/instance[asn='%s']",

SOURCES/0004-fips-mode.patch

@@ -0,0 +1,103 @@
+diff --git a/ospfd/ospf_vty.c b/ospfd/ospf_vty.c
+index 631465f..e084ff3 100644
+--- a/ospfd/ospf_vty.c
++++ b/ospfd/ospf_vty.c
+@@ -1136,6 +1136,11 @@ DEFUN (ospf_area_vlink,
+ 
+ 	if (argv_find(argv, argc, "message-digest", &idx)) {
+ 		/* authentication message-digest */
++		if(FIPS_mode())
++		{
++			vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
++			return CMD_WARNING_CONFIG_FAILED;
++		}
+ 		vl_config.auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
+ 	} else if (argv_find(argv, argc, "null", &idx)) {
+ 		/* "authentication null" */
+@@ -1993,6 +1998,15 @@ DEFUN (ospf_area_authentication_message_digest,
+ 				  ? OSPF_AUTH_NULL
+ 				  : OSPF_AUTH_CRYPTOGRAPHIC;
+ 
++	if(area->auth_type == OSPF_AUTH_CRYPTOGRAPHIC)
++	{
++		if(FIPS_mode())
++		{
++			vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
++			return CMD_WARNING_CONFIG_FAILED;
++		}
++	}
++
+ 	return CMD_SUCCESS;
+ }
+ 
+@@ -6665,6 +6679,11 @@ DEFUN (ip_ospf_authentication_args,
+ 
+ 	/* Handle message-digest authentication */
+ 	if (argv[idx_encryption]->arg[0] == 'm') {
++		if(FIPS_mode())
++		{
++			vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
++			return CMD_WARNING_CONFIG_FAILED;
++		}
+ 		SET_IF_PARAM(params, auth_type);
+ 		params->auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
+ 		return CMD_SUCCESS;
+@@ -6971,6 +6990,11 @@ DEFUN (ip_ospf_message_digest_key,
+        "The OSPF password (key)\n"
+        "Address of interface\n")
+ {
++	if(FIPS_mode())
++	{
++		vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n");
++		return CMD_WARNING_CONFIG_FAILED;
++	}
+ 	VTY_DECLVAR_CONTEXT(interface, ifp);
+ 	struct crypt_key *ck;
+ 	uint8_t key_id;
+diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c
+index 81b4b39..cce33d9 100644
+--- a/isisd/isis_circuit.c
++++ b/isisd/isis_circuit.c
+@@ -1318,6 +1318,10 @@ static int isis_circuit_passwd_set(struct isis_circuit *circuit,
+ 		return ferr_code_bug(
+ 			"circuit password too long (max 254 chars)");
+ 
++	//When in FIPS mode, the password never gets set in MD5
++	if((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && FIPS_mode())
++		return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
++
+ 	circuit->passwd.len = len;
+ 	strlcpy((char *)circuit->passwd.passwd, passwd,
+ 		sizeof(circuit->passwd.passwd));
+diff --git a/isisd/isisd.c b/isisd/isisd.c
+index 419127c..a6c36af 100644
+--- a/isisd/isisd.c
++++ b/isisd/isisd.c
+@@ -1638,6 +1638,10 @@ static int isis_area_passwd_set(struct isis_area *area, int level,
+ 		if (len > 254)
+ 			return -1;
+ 
++		//When in FIPS mode, the password never get set in MD5
++		if ((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && (FIPS_mode()))
++			return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
++
+ 		modified.len = len;
+ 		strlcpy((char *)modified.passwd, passwd,
+ 			sizeof(modified.passwd));
+diff --git a/ripd/rip_cli.c b/ripd/rip_cli.c
+index 5bb81ef..02a09ef 100644
+--- a/ripd/rip_cli.c
++++ b/ripd/rip_cli.c
+@@ -796,6 +796,12 @@ DEFPY (ip_rip_authentication_mode,
+ 			value = "20";
+ 	}
+ 
++	if(strmatch(mode, "md5") && FIPS_mode())
++	{
++		vty_out(vty, "FIPS mode is enabled, md5 authentication id disabled\n");
++		return CMD_WARNING_CONFIG_FAILED;
++	}
++
+ 	nb_cli_enqueue_change(vty, "./authentication-scheme/mode", NB_OP_MODIFY,
+ 			      strmatch(mode, "md5") ? "md5" : "plain-text");
+ 	if (strmatch(mode, "md5"))

SOURCES/0005-use-python3.patch

@@ -0,0 +1,10 @@
+diff --git a/tools/frr-reload.py b/tools/frr-reload.py
+index c28a971..72ac201 100755
+--- a/tools/frr-reload.py
++++ b/tools/frr-reload.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/python3
+ # Frr Reloader
+ # Copyright (C) 2014 Cumulus Networks, Inc.
+ #

SOURCES/0006-prefix-list-duplication.patch

@@ -0,0 +1,343 @@
+From 667dcc277c15c0bddc785f9b949d658f8d815818 Mon Sep 17 00:00:00 2001
+From: Igor Ryzhov <iryzhov@nfware.com>
+Date: Tue, 10 Aug 2021 21:46:37 +0300
+Subject: [PATCH] lib: fix prefix-list duplication check
+
+Currently, when we check the new prefix-list entry for duplication, we
+only take filled in fields into account and ignore optional fields.
+For example, if we already have `ip prefix-list A 0.0.0.0/0 le 32` and
+we try to add `ip prefix-list A 0.0.0.0/0`, it is treated as duplicate.
+We should always compare all prefix-list fields when doing the check.
+
+Fixes #9355.
+
+Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
+---
+ lib/filter.h     |   9 ++---
+ lib/filter_cli.c | 102 ++++++++++-------------------------------------
+ lib/filter_nb.c  |  85 ++++++++++++++++++++++-----------------
+ 3 files changed, 74 insertions(+), 122 deletions(-)
+
+diff --git a/lib/filter.h b/lib/filter.h
+index 941fabd38b8..d1956ec019f 100644
+--- a/lib/filter.h
++++ b/lib/filter.h
+@@ -207,11 +207,10 @@ struct plist_dup_args {
+ 	/** Entry action. */
+ 	const char *pda_action;
+ 
+-#define PDA_MAX_VALUES 4
+-	/** Entry XPath for value. */
+-	const char *pda_xpath[PDA_MAX_VALUES];
+-	/** Entry value to match. */
+-	const char *pda_value[PDA_MAX_VALUES];
++	bool any;
++	struct prefix prefix;
++	int ge;
++	int le;
+ 
+ 	/** Duplicated entry found in list? */
+ 	bool pda_found;
+diff --git a/lib/filter_cli.c b/lib/filter_cli.c
+index f030ce1b335..45c7544a3b4 100644
+--- a/lib/filter_cli.c
++++ b/lib/filter_cli.c
+@@ -1196,11 +1196,9 @@ static int plist_remove_if_empty(struct vty *vty, const char *iptype,
+ 
+ static int plist_remove(struct vty *vty, const char *iptype, const char *name,
+ 			const char *seq, const char *action,
+-			const char *prefix_str, const char *ge_str,
+-			const char *le_str)
++			union prefixconstptr prefix, int ge, int le)
+ {
+ 	int64_t sseq;
+-	int arg_idx = 0;
+ 	struct plist_dup_args pda = {};
+ 	char xpath[XPATH_MAXLEN];
+ 	char xpath_entry[XPATH_MAXLEN + 32];
+@@ -1225,43 +1223,13 @@ static int plist_remove(struct vty *vty, const char *iptype, const char *name,
+ 	pda.pda_type = iptype;
+ 	pda.pda_name = name;
+ 	pda.pda_action = action;
+-	if (prefix_str) {
+-		if (strmatch(iptype, "ipv4")) {
+-			pda.pda_xpath[arg_idx] = "./ipv4-prefix";
+-			pda.pda_value[arg_idx] = prefix_str;
+-			arg_idx++;
+-			if (ge_str) {
+-				pda.pda_xpath[arg_idx] =
+-					"./ipv4-prefix-length-greater-or-equal";
+-				pda.pda_value[arg_idx] = ge_str;
+-				arg_idx++;
+-			}
+-			if (le_str) {
+-				pda.pda_xpath[arg_idx] =
+-					"./ipv4-prefix-length-lesser-or-equal";
+-				pda.pda_value[arg_idx] = le_str;
+-				arg_idx++;
+-			}
+-		} else {
+-			pda.pda_xpath[arg_idx] = "./ipv6-prefix";
+-			pda.pda_value[arg_idx] = prefix_str;
+-			arg_idx++;
+-			if (ge_str) {
+-				pda.pda_xpath[arg_idx] =
+-					"./ipv6-prefix-length-greater-or-equal";
+-				pda.pda_value[arg_idx] = ge_str;
+-				arg_idx++;
+-			}
+-			if (le_str) {
+-				pda.pda_xpath[arg_idx] =
+-					"./ipv6-prefix-length-lesser-or-equal";
+-				pda.pda_value[arg_idx] = le_str;
+-				arg_idx++;
+-			}
+-		}
++	if (prefix.p) {
++		prefix_copy(&pda.prefix, prefix);
++		apply_mask(&pda.prefix);
++		pda.ge = ge;
++		pda.le = le;
+ 	} else {
+-		pda.pda_xpath[0] = "./any";
+-		pda.pda_value[0] = "";
++		pda.any = true;
+ 	}
+ 
+ 	if (plist_is_dup(vty->candidate_config->dnode, &pda))
+@@ -1298,7 +1266,6 @@ DEFPY_YANG(
+ 	"Maximum prefix length\n")
+ {
+ 	int64_t sseq;
+-	int arg_idx = 0;
+ 	struct plist_dup_args pda = {};
+ 	char xpath[XPATH_MAXLEN];
+ 	char xpath_entry[XPATH_MAXLEN + 128];
+@@ -1312,24 +1279,11 @@ DEFPY_YANG(
+ 		pda.pda_name = name;
+ 		pda.pda_action = action;
+ 		if (prefix_str) {
+-			pda.pda_xpath[arg_idx] = "./ipv4-prefix";
+-			pda.pda_value[arg_idx] = prefix_str;
+-			arg_idx++;
+-			if (ge_str) {
+-				pda.pda_xpath[arg_idx] =
+-					"./ipv4-prefix-length-greater-or-equal";
+-				pda.pda_value[arg_idx] = ge_str;
+-				arg_idx++;
+-			}
+-			if (le_str) {
+-				pda.pda_xpath[arg_idx] =
+-					"./ipv4-prefix-length-lesser-or-equal";
+-				pda.pda_value[arg_idx] = le_str;
+-				arg_idx++;
+-			}
++			prefix_copy(&pda.prefix, prefix);
++			pda.ge = ge;
++			pda.le = le;
+ 		} else {
+-			pda.pda_xpath[0] = "./any";
+-			pda.pda_value[0] = "";
++			pda.any = true;
+ 		}
+ 
+ 		/* Duplicated entry without sequence, just quit. */
+@@ -1408,8 +1362,8 @@ DEFPY_YANG(
+ 	"Maximum prefix length to be matched\n"
+ 	"Maximum prefix length\n")
+ {
+-	return plist_remove(vty, "ipv4", name, seq_str, action, prefix_str,
+-			    ge_str, le_str);
++	return plist_remove(vty, "ipv4", name, seq_str, action,
++			    prefix_str ? prefix : NULL, ge, le);
+ }
+ 
+ DEFPY_YANG(
+@@ -1421,7 +1375,7 @@ DEFPY_YANG(
+ 	PREFIX_LIST_NAME_STR
+ 	ACCESS_LIST_SEQ_STR)
+ {
+-	return plist_remove(vty, "ipv4", name, seq_str, NULL, NULL, NULL, NULL);
++	return plist_remove(vty, "ipv4", name, seq_str, NULL, NULL, 0, 0);
+ }
+ 
+ DEFPY_YANG(
+@@ -1516,7 +1470,6 @@ DEFPY_YANG(
+ 	"Minimum prefix length\n")
+ {
+ 	int64_t sseq;
+-	int arg_idx = 0;
+ 	struct plist_dup_args pda = {};
+ 	char xpath[XPATH_MAXLEN];
+ 	char xpath_entry[XPATH_MAXLEN + 128];
+@@ -1530,24 +1483,11 @@ DEFPY_YANG(
+ 		pda.pda_name = name;
+ 		pda.pda_action = action;
+ 		if (prefix_str) {
+-			pda.pda_xpath[arg_idx] = "./ipv6-prefix";
+-			pda.pda_value[arg_idx] = prefix_str;
+-			arg_idx++;
+-			if (ge_str) {
+-				pda.pda_xpath[arg_idx] =
+-					"./ipv6-prefix-length-greater-or-equal";
+-				pda.pda_value[arg_idx] = ge_str;
+-				arg_idx++;
+-			}
+-			if (le_str) {
+-				pda.pda_xpath[arg_idx] =
+-					"./ipv6-prefix-length-lesser-or-equal";
+-				pda.pda_value[arg_idx] = le_str;
+-				arg_idx++;
+-			}
++			prefix_copy(&pda.prefix, prefix);
++			pda.ge = ge;
++			pda.le = le;
+ 		} else {
+-			pda.pda_xpath[0] = "./any";
+-			pda.pda_value[0] = "";
++			pda.any = true;
+ 		}
+ 
+ 		/* Duplicated entry without sequence, just quit. */
+@@ -1626,8 +1566,8 @@ DEFPY_YANG(
+ 	"Minimum prefix length to be matched\n"
+ 	"Minimum prefix length\n")
+ {
+-	return plist_remove(vty, "ipv6", name, seq_str, action, prefix_str,
+-			    ge_str, le_str);
++	return plist_remove(vty, "ipv6", name, seq_str, action,
++			    prefix_str ? prefix : NULL, ge, le);
+ }
+ 
+ DEFPY_YANG(
+@@ -1639,7 +1579,7 @@ DEFPY_YANG(
+ 	PREFIX_LIST_NAME_STR
+ 	ACCESS_LIST_SEQ_STR)
+ {
+-	return plist_remove(vty, "ipv6", name, seq_str, NULL, NULL, NULL, NULL);
++	return plist_remove(vty, "ipv6", name, seq_str, NULL, NULL, 0, 0);
+ }
+ 
+ DEFPY_YANG(
+diff --git a/lib/filter_nb.c b/lib/filter_nb.c
+index 85805ffa47c..80ea7a57cb2 100644
+--- a/lib/filter_nb.c
++++ b/lib/filter_nb.c
+@@ -387,10 +387,50 @@ static bool acl_zebra_is_dup(const struct lyd_node *dnode,
+ 	return acl_is_dup(entry_dnode, &ada);
+ }
+ 
++static void plist_dnode_to_prefix(const struct lyd_node *dnode, bool *any,
++				  struct prefix *p, int *ge, int *le)
++{
++	*any = false;
++	*ge = 0;
++	*le = 0;
++
++	if (yang_dnode_exists(dnode, "./any")) {
++		*any = true;
++		return;
++	}
++
++	switch (yang_dnode_get_enum(dnode, "../type")) {
++	case YPLT_IPV4:
++		yang_dnode_get_prefix(p, dnode, "./ipv4-prefix");
++		if (yang_dnode_exists(dnode,
++				      "./ipv4-prefix-length-greater-or-equal"))
++			*ge = yang_dnode_get_uint8(
++				dnode, "./ipv4-prefix-length-greater-or-equal");
++		if (yang_dnode_exists(dnode,
++				      "./ipv4-prefix-length-lesser-or-equal"))
++			*le = yang_dnode_get_uint8(
++				dnode, "./ipv4-prefix-length-lesser-or-equal");
++		break;
++	case YPLT_IPV6:
++		yang_dnode_get_prefix(p, dnode, "./ipv6-prefix");
++		if (yang_dnode_exists(dnode,
++				      "./ipv6-prefix-length-greater-or-equal"))
++			*ge = yang_dnode_get_uint8(
++				dnode, "./ipv6-prefix-length-greater-or-equal");
++		if (yang_dnode_exists(dnode,
++				      "./ipv6-prefix-length-lesser-or-equal"))
++			*le = yang_dnode_get_uint8(
++				dnode, "./ipv6-prefix-length-lesser-or-equal");
++		break;
++	}
++}
++
+ static int _plist_is_dup(const struct lyd_node *dnode, void *arg)
+ {
+ 	struct plist_dup_args *pda = arg;
+-	int idx;
++	struct prefix p;
++	int ge, le;
++	bool any;
+ 
+ 	/* This entry is the caller, so skip it. */
+ 	if (pda->pda_entry_dnode
+@@ -400,19 +440,14 @@ static int _plist_is_dup(const struct lyd_node *dnode, void *arg)
+ 	if (strcmp(yang_dnode_get_string(dnode, "action"), pda->pda_action))
+ 		return YANG_ITER_CONTINUE;
+ 
+-	/* Check if all values match. */
+-	for (idx = 0; idx < PDA_MAX_VALUES; idx++) {
+-		/* No more values. */
+-		if (pda->pda_xpath[idx] == NULL)
+-			break;
++	plist_dnode_to_prefix(dnode, &any, &p, &ge, &le);
+ 
+-		/* Not same type, just skip it. */
+-		if (!yang_dnode_exists(dnode, pda->pda_xpath[idx]))
++	if (pda->any) {
++		if (!any)
+ 			return YANG_ITER_CONTINUE;
+-
+-		/* Check if different value. */
+-		if (strcmp(yang_dnode_get_string(dnode, pda->pda_xpath[idx]),
+-			   pda->pda_value[idx]))
++	} else {
++		if (!prefix_same(&pda->prefix, &p) || pda->ge != ge
++		    || pda->le != le)
+ 			return YANG_ITER_CONTINUE;
+ 	}
+ 
+@@ -439,17 +474,6 @@ static bool plist_is_dup_nb(const struct lyd_node *dnode)
+ 	const struct lyd_node *entry_dnode =
+ 		yang_dnode_get_parent(dnode, "entry");
+ 	struct plist_dup_args pda = {};
+-	int idx = 0, arg_idx = 0;
+-	static const char *entries[] = {
+-		"./ipv4-prefix",
+-		"./ipv4-prefix-length-greater-or-equal",
+-		"./ipv4-prefix-length-lesser-or-equal",
+-		"./ipv6-prefix",
+-		"./ipv6-prefix-length-greater-or-equal",
+-		"./ipv6-prefix-length-lesser-or-equal",
+-		"./any",
+-		NULL
+-	};
+ 
+ 	/* Initialize. */
+ 	pda.pda_type = yang_dnode_get_string(entry_dnode, "../type");
+@@ -457,19 +481,8 @@ static bool plist_is_dup_nb(const struct lyd_node *dnode)
+ 	pda.pda_action = yang_dnode_get_string(entry_dnode, "action");
+ 	pda.pda_entry_dnode = entry_dnode;
+ 
+-	/* Load all values/XPaths. */
+-	while (entries[idx] != NULL) {
+-		if (!yang_dnode_exists(entry_dnode, entries[idx])) {
+-			idx++;
+-			continue;
+-		}
+-
+-		pda.pda_xpath[arg_idx] = entries[idx];
+-		pda.pda_value[arg_idx] =
+-			yang_dnode_get_string(entry_dnode, entries[idx]);
+-		arg_idx++;
+-		idx++;
+-	}
++	plist_dnode_to_prefix(entry_dnode, &pda.any, &pda.prefix, &pda.ge,
++			      &pda.le);
+ 
+ 	return plist_is_dup(entry_dnode, &pda);
+ }

SOURCES/frr-tmpfiles.conf

@@ -0,0 +1 @@
+d /run/frr 0755 frr frr -

SPECS/frr.spec

@@ -0,0 +1,314 @@
+%global frr_libdir %{_libexecdir}/frr
+
+%global _hardened_build 1
+%define _legacy_common_support 1
+
+Name: frr
+Version: 8.0
+Release: 3%{?checkout}%{?dist}
+Summary: Routing daemon
+License: GPLv2+
+URL: http://www.frrouting.org
+Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
+Source1: %{name}-tmpfiles.conf
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  bison >= 2.7
+BuildRequires:  c-ares-devel
+BuildRequires:  flex
+BuildRequires:  gcc
+BuildRequires:  gcc-c++
+BuildRequires:  git-core
+BuildRequires:  groff
+BuildRequires:  json-c-devel
+BuildRequires:  libcap-devel
+BuildRequires:  libtool
+BuildRequires:  libyang-devel >= 2.0.0
+BuildRequires:  make
+BuildRequires:  ncurses
+BuildRequires:  ncurses-devel
+BuildRequires:  net-snmp-devel
+BuildRequires:  pam-devel
+BuildRequires:  patch
+BuildRequires:  perl-XML-LibXML
+BuildRequires:  perl-generators
+BuildRequires:  python3-devel
+BuildRequires:  python3-pytest
+BuildRequires:  python3-sphinx
+BuildRequires:  readline-devel
+BuildRequires:  systemd-devel
+BuildRequires:  systemd-rpm-macros
+BuildRequires:  texinfo
+
+Requires: net-snmp
+Requires: ncurses
+Requires(post): systemd
+Requires(post): /sbin/install-info
+Requires(post): hostname
+Requires(preun): systemd
+Requires(preun): /sbin/install-info
+Requires(postun): systemd
+Conflicts: quagga
+Provides: routingdaemon = %{version}-%{release}
+
+Patch0000: 0000-remove-babeld-and-ldpd.patch
+Patch0002: 0002-enable-openssl.patch
+Patch0003: 0003-disable-eigrp-crypto.patch
+Patch0004: 0004-fips-mode.patch
+Patch0005: 0005-use-python3.patch
+#Adding a patch from frr after rebase
+#We would have hit this surely later, better apply the patch now
+Patch0006: 0006-prefix-list-duplication.patch
+
+%description
+FRRouting is free software that manages TCP/IP based routing protocols. It takes
+a multi-server and multi-threaded approach to resolve the current complexity
+of the Internet.
+
+FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
+
+FRRouting is a fork of Quagga.
+
+%prep
+%autosetup -S git
+
+%build
+autoreconf -ivf
+
+%configure \
+    --sbindir=%{frr_libdir} \
+    --sysconfdir=%{_sysconfdir}/frr \
+    --libdir=%{_libdir}/frr \
+    --libexecdir=%{_libexecdir}/frr \
+    --localstatedir=%{_localstatedir}/run/frr \
+    --enable-multipath=64 \
+    --enable-vtysh=yes \
+    --disable-ospfclient \
+    --disable-ospfapi \
+    --enable-snmp=agentx \
+    --enable-user=frr \
+    --enable-group=frr \
+    --enable-vty-group=frrvty \
+    --enable-rtadv \
+    --disable-exampledir \
+    --enable-systemd=yes \
+    --enable-static=no \
+    --disable-ldpd \
+    --disable-babeld \
+    --with-moduledir=%{_libdir}/frr/modules \
+    --with-crypto=openssl \
+    --enable-fpm
+
+%make_build MAKEINFO="makeinfo --no-split" PYTHON=%{__python3}
+
+pushd doc
+make info
+popd
+
+%install
+mkdir -p %{buildroot}/etc/{frr,rc.d/init.d,sysconfig,logrotate.d,pam.d,default} \
+         %{buildroot}/var/log/frr %{buildroot}%{_infodir} \
+         %{buildroot}%{_unitdir}
+
+mkdir -p -m 0755 %{buildroot}%{_libdir}/frr
+mkdir -p %{buildroot}%{_tmpfilesdir}
+
+%make_install
+
+# Remove this file, as it is uninstalled and causes errors when building on RH9
+rm -rf %{buildroot}/usr/share/info/dir
+
+install -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf
+install -p -m 644 tools/etc/frr/daemons %{buildroot}/etc/frr/daemons
+install -p -m 644 tools/frr.service %{buildroot}%{_unitdir}/frr.service
+install -p -m 755 tools/frrinit.sh %{buildroot}%{frr_libdir}/frr
+install -p -m 755 tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh
+install -p -m 755 tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh
+
+install -p -m 644 redhat/frr.logrotate %{buildroot}/etc/logrotate.d/frr
+install -p -m 644 redhat/frr.pam %{buildroot}/etc/pam.d/frr
+install -d -m 775 %{buildroot}/run/frr
+
+# Delete libtool archives
+find %{buildroot} -type f -name "*.la" -delete -print
+
+#Upstream does not maintain a stable API, these headers from -devel subpackage are no longer needed
+rm %{buildroot}%{_libdir}/frr/*.so
+rm -r %{buildroot}%{_includedir}/frr/
+
+%pre
+getent group frrvty >/dev/null 2>&1 || groupadd -r frrvty >/dev/null 2>&1 || :
+getent group frr >/dev/null 2>&1 || groupadd -r frr >/dev/null 2>&1 || :
+getent passwd frr >/dev/null 2>&1 || useradd -M -r -g frr -s /sbin/nologin \
+ -c "FRRouting routing suite" -d %{_localstatedir}/run/frr frr || :
+usermod -aG frrvty frr
+
+%post
+%systemd_post frr.service
+
+if [ -f %{_infodir}/%{name}.inf* ]; then
+    install-info %{_infodir}/frr.info %{_infodir}/dir || :
+fi
+
+# Create dummy files if they don't exist so basic functions can be used.
+# Only create frr.conf when first installing, otherwise it can change
+# the behavior of the package
+if [ $1 -eq 1 ]; then
+    if [ ! -e %{_sysconfdir}/frr/frr.conf ]; then
+        echo "hostname `hostname`" > %{_sysconfdir}/frr/frr.conf
+        chown frr:frr %{_sysconfdir}/frr/frr.conf
+        chmod 640 %{_sysconfdir}/frr/frr.conf
+    fi
+fi
+
+#still used by vtysh, this way no error is produced when using vtysh
+if [ ! -e %{_sysconfdir}/frr/vtysh.conf ]; then
+    touch %{_sysconfdir}/frr/vtysh.conf
+    chmod 640 %{_sysconfdir}/frr/vtysh.conf
+    chown frr:frrvty %{_sysconfdir}/frr/vtysh.conf
+fi
+
+
+%postun
+%systemd_postun_with_restart frr.service
+
+%preun
+%systemd_preun frr.service
+
+#only when removing frr
+if [ $1 -eq 0 ]; then
+	if [ -f %{_infodir}/%{name}.inf* ]; then
+    	install-info --delete %{_infodir}/frr.info %{_infodir}/dir || :
+	fi
+fi
+
+%check
+make check PYTHON=%{__python3}
+
+%files
+%defattr(-,root,root)
+%license COPYING
+%doc doc/mpls
+%dir %attr(750,frr,frr) %{_sysconfdir}/frr
+%dir %attr(755,frr,frr) /var/log/frr
+%dir %attr(755,frr,frr) /run/frr
+%{_infodir}/*info*
+%{_mandir}/man*/*
+%dir %{frr_libdir}/
+%{frr_libdir}/*
+%{_bindir}/*
+%dir %{_libdir}/frr
+%{_libdir}/frr/*.so.*
+%dir %{_libdir}/frr/modules
+%{_libdir}/frr/modules/*
+%config(noreplace) %attr(644,root,root) /etc/logrotate.d/frr
+%config(noreplace) %attr(644,frr,frr) /etc/frr/daemons
+%config(noreplace) /etc/pam.d/frr
+%{_unitdir}/*.service
+%dir /usr/share/yang
+/usr/share/yang/*.yang
+%{_tmpfilesdir}/%{name}.conf
+
+%changelog
+* Mon Aug 16 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-3
+- Related: #1990858 - Fixing prefix-list duplication check
+
+* Thu Aug 12 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-2
+- Related: #1990858 - Frr needs higher version of libyang
+
+* Tue Aug 10 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-1
+- Resolves: #1990858 - Possible rebase of frr to version 8.0
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.1-7
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Wed Jul 21 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-6
+- Resolves: #1983967 - ospfd crashes in route_node_delete with assertion fail
+
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.1-5
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065
+
+* Fri Jun 04 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-4
+- Resolves: #1958155 - Upgrading frr unconditionally creates /etc/frr/frr.conf, breaking existing configuration
+
+* Fri Apr 23 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-3
+- Resolves: #1939456 - /etc/frr permissions are bogus
+- Resolves: #1951303 - FTBFS in CentOS Stream
+
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.1-2
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Mar 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-1
+- New version 7.5.1
+- Enabling grpc, adding hostname for post scriptlet
+- Moving files to libexec due to selinux issues
+
+* Tue Feb 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-3
+- Fixing FTBS - icc options are confusing the new gcc
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Jan 01 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-1
+- New version 7.5
+
+* Mon Sep 21 2020 Michal Ruprich <mruprich@redhat.com> - 7.4-1
+- New version 7.4
+
+* Thu Aug 27 2020 Josef Řídký <jridky@redhat.com> - 7.3.1-4
+- Rebuilt for new net-snmp release
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu Jun 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3.1-1
+- New version 7.3.1
+- Fixes a couple of bugs(#1832259, #1835039, #1830815, #1830808, #1830806, #1830800, #1830798, #1814773)
+
+* Tue May 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-6
+- Removing texi2html, it is not available in Rawhide anymore
+
+* Mon May 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-5
+- Rebuild for new version of libyang
+
+* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-4
+- Rebuild (json-c)
+
+* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-3
+- Update json-c-0.14 patch with a solution from upstream
+
+* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-2
+- Add support for upcoming json-c 0.14.0
+
+* Wed Feb 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-1
+- New version 7.3
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Dec 16 2019 Michal Ruprich <mruprich@redhat.com> - 7.2-1
+- New version 7.2
+
+* Tue Nov 12 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-5
+- Rebuilding for new version of libyang
+
+* Mon Oct 07 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-4
+- Adding noreplace to the /etc/frr/daemons file
+
+* Fri Sep 13 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-3
+- New way of finding python version during build
+- Replacing crypto of all routing daemons with openssl
+- Disabling EIGRP crypto because it is broken
+- Disabling crypto in FIPS mode
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Tue Jun 25 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-1
+- New version 7.1
+
+* Wed Jun 19 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-2
+- Initial build
+