Michal Ruprich
5b883435de
Resolves: RHEL-54674 - Function bgpd/bgp_attr.c does not check the actual remaining stream length
2024-11-05 17:08:30 +01:00
Troy Dawson
c97c185242
Bump release for October 2024 mass rebuild:
...
Resolves: RHEL-64018
2024-10-29 08:24:57 -07:00
Michal Ruprich
376f9052c5
Resolves: RHEL-59899 - Replace NetworkManager patch in the current version
2024-10-23 10:48:11 +02:00
Michal Ruprich
095fe15928
Resolves: RHEL-56074 - frr AVCs after rebase to 10.1
2024-09-09 16:11:57 +02:00
Michal Ruprich
8d3b48941e
Related: RHEL-55747 - Adding libs_manage_lib_dirs for handling lib_t
2024-08-26 14:09:03 +02:00
Michal Ruprich
74379a7796
Related: RHEL-55747 - Adding new selinux rules
2024-08-26 06:27:29 +02:00
Michal Ruprich
3428d44f6b
New version 10.1
2024-08-22 11:57:51 +02:00
Troy Dawson
2592b6a870
Bump release for June 2024 mass rebuild
2024-06-24 08:42:52 -07:00
Michal Ruprich
2d1a531a5b
Resolves: RHEL-32134 - buffer overflow and daemon crash in ospf_te_parse_ri
2024-06-12 09:28:42 +02:00
Michal Ruprich
cdeacb4fe0
Resolves: RHEL-32138 - buffer overflow in ospf_te_parse_ext_link
2024-06-12 09:26:35 +02:00
Michal Ruprich
c2bc5c9c4f
Resolves: RHEL-34911 - null pointer via get_edge() function can trigger a denial of service
2024-06-12 09:24:25 +02:00
Michal Ruprich
832ce93ff8
Resolves: RHEL-38834 - Missing selinux rules for .history_frr file for FRR
2024-05-28 17:02:10 +02:00
František Hrdina
69652b9863
Update of fmf plans and gating for c10s
2024-05-22 09:59:40 +02:00
František Hrdina
30586274ae
Add ci.fmf
2024-04-19 15:00:35 +02:00
Michal Ruprich
8b24d2e071
Resolves: RHEL-32128 - infinite loop
2024-04-18 12:43:05 +02:00
Michal Ruprich
3536ef0396
Resolves: #RHEL-32125 - bgpd daemon crash
2024-04-18 12:40:54 +02:00
Michal Ruprich
238ae38814
Moving yang modules to an frr specific directory to avoid conflicts
...
Adding rpminspect.yaml
2024-04-16 10:46:29 +02:00
František Hrdina
0349f42aa5
Updating tier plans and gating.yaml
2024-04-12 12:18:04 +00:00
Michal Ruprich
5c54b0a175
Resolves: RHEL-32502 - frr fails to start: SELinux is preventing watchfrr from create access on the sock_file
2024-04-11 11:26:46 +02:00
Benjamin A. Beasley
14d3b39746
Rebuilt for abseil-cpp-20240116.0
2024-02-04 11:26:57 -05:00
Michal Ruprich
f10270279b
New version 9.1
2024-01-25 14:43:24 +01:00
Vit Mojzis
9c91b908e1
SELinux: rename ifconfig_run interfaces to be more specific
...
The change has no functional impact on the policy. It is just to keep it
in sync with the interfaces shipped in selinux-policy-* packages.
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2024-01-25 12:51:35 +00:00
Fedora Release Engineering
2228c29472
Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
2024-01-24 12:05:55 +00:00
Fedora Release Engineering
9bf8cfe430
Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
2024-01-19 19:51:00 +00:00
Michal Ruprich
30f4eb8e8e
New version 9.0.1
2023-10-16 09:44:02 +02:00
Michal Ruprich
ca06a43267
Adding a couple of SELinux rules, includes fix for rhbz#2149299
2023-09-01 13:15:04 +02:00
Benjamin A. Beasley
4405129034
Rebuilt for abseil-cpp 20230802.0
2023-08-30 07:50:46 -04:00
Zdenek Pytela
a302f6117d
Update SELinux rule to allow frr daemons create and use packet socket
...
The commit addresses the following AVC denial:
type=PROCTITLE msg=audit(07/27/2023 11:26:31.692:622) : proctitle=/usr/libexec/frr/bfdd -d -F traditional -A 127.0.0.1
type=SOCKADDR msg=audit(07/27/2023 11:26:31.692:622) : saddr={ saddr_fam=packet (unsupported) }
type=SYSCALL msg=audit(07/27/2023 11:26:31.692:622) : arch=x86_64 syscall=bind success=no exit=EACCES(Permission denied) a0=0xf a1=0x7ffeb8c5a000 a2=0x14 a3=0x7ffeb8c59ff0 items=0 ppid=7818 pid=7903 auid=unset uid=frr gid=frr euid=frr suid=frr fsuid=frr egid=frr sgid=frr fsgid=frr tty=(none) ses=unset comm=bfdd exe=/usr/libexec/frr/bfdd subj=system_u:system_r:frr_t:s0 key=(null)
type=AVC msg=audit(07/27/2023 11:26:31.692:622) : avc: denied { bind } for pid=7903 comm=bfdd scontext=system_u:system_r:frr_t:s0 tcontext=system_u:system_r:frr_t:s0 tclass=packet_socket permissive=0
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2216912
2023-08-01 09:40:29 +02:00
Fedora Release Engineering
73b57e75c1
Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-19 20:19:19 +00:00
Michal Ruprich
b6998f1514
New version 8.5.2
2023-06-30 15:51:23 +02:00
Michal Ruprich
de8d85febb
frr-8.5.1-4
...
Selinux policy changes:
- Allow watch,read on /var/run/netns directory and its content
- Add sys_admin capability
It seems like sys_admin is needed because frr is using setns function to change the actual namespace. Full log here:
type=PROCTITLE msg=audit(06/29/2023 03:42:07.692:559) : proctitle=/usr/libexec/frr/zebra -d -F traditional -A 127.0.0.1 -s 90000000 -n
type=SYSCALL msg=audit(06/29/2023 03:42:07.692:559) : arch=x86_64 syscall=setns success=no exit=EPERM(Operation not permitted) a0=0x11 a1=CLONE_NEWNET a2=0x0 a3=0x0 items=0 ppid=3692 pid=3701 auid=unset uid=frr gid=frr euid=frr suid=frr fsuid=frr egid=frr sgid=frr fsgid=frr tty=(none) ses=unset comm=zebra exe=/usr/libexec/frr/zebra subj=system_u:system_r:frr_t:s0 key=(null)
type=AVC msg=audit(06/29/2023 03:42:07.692:559) : avc: denied { sys_admin } for pid=3701 comm=zebra capability=sys_admin scontext=system_u:system_r:frr_t:s0 tcontext=system_u:system_r:frr_t:s0 tclass=capability permissive=0
Resolves : #2216073 - SELinux is preventing FRR-Zebra to access to network namespaces
2023-06-29 15:54:02 +02:00
Yaakov Selkowitz
7f0775ec07
Disable grpc in RHEL builds
...
This is based on c9s:
bb27be6ef6
2023-06-05 19:29:36 -04:00
Petr Písař
eee04cae3d
Rebuild against rpm-4.19 ( https://fedoraproject.org/wiki/Changes/RPM-4.19 )
2023-05-19 15:11:46 +02:00
Michal Ruprich
58b91e7bdb
New version 8.5.1
2023-04-26 13:21:40 +02:00
Michal Ruprich
a5fc21e539
New version 8.5
2023-04-12 14:07:11 +02:00
Michal Ruprich
12b88485f2
Rebuilding for new abseil-cpp version
2023-03-23 13:33:53 +01:00
Michal Ruprich
f062556435
SPDX migration
2023-03-22 13:05:16 +01:00
Benjamin A. Beasley
28e257ed71
Build as C++17, required by abseil-cpp 20230125
2023-03-08 18:06:40 -05:00
Fedora Release Engineering
777829246b
Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-19 03:57:19 +00:00
Michal Ruprich
a0c4fb9063
Adding an include for fips
2023-01-12 15:50:47 +01:00
Michal Ruprich
0d70491296
New version 8.4.2
2023-01-12 12:55:39 +01:00
Michal Ruprich
1787b2810b
New version 8.4.1
...
Fix for rhbz #2140705
2022-11-25 18:02:48 +01:00
Michal Ruprich
d506655fff
AVC when running the reload script for FRR
2022-11-23 09:13:27 +01:00
Michal Ruprich
5301cdd961
New version 8.4
2022-11-10 09:57:42 +01:00
Michal Ruprich
3905b5274d
Adding SELinux rule to enable zebra to write to sysctl_net_t
...
Adding SELinux rule to enable bgpd to call name_connect to bgp_port_t
2022-09-16 16:00:15 +02:00
Michal Ruprich
41a038e1d1
Fixing an error in post scriptlet
2022-09-09 19:14:38 +02:00
Michal Ruprich
a7b3783ddc
Resolves : #2124254 - frr can no longer update routes
2022-09-09 16:14:11 +02:00
Michal Ruprich
a2ffd90d49
Resolves : #2124253 - SELinux is preventing zebra from setattr access on the directory frr
...
Better handling FRR files during upgrade
2022-09-07 11:28:59 +02:00
Michal Ruprich
db09f8886c
Adding sources
2022-09-06 12:48:05 +02:00
Michal Ruprich
6e63bc125e
New version 8.3.1
2022-09-06 12:38:38 +02:00