rpms/frr
7
0
Fork 0
Code Issues Pull Requests Releases Activity
115 Commits 10 Branches 55 Tags 608 KiB
c10s
Commit Graph

115 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michal Ruprich
5b883435de Resolves: RHEL-54674 - Function bgpd/bgp_attr.c does not check the actual remaining stream length 2024-11-05 17:08:30 +01:00
Troy Dawson
c97c185242 Bump release for October 2024 mass rebuild: 
Resolves: RHEL-64018
 2024-10-29 08:24:57 -07:00
Michal Ruprich
376f9052c5 Resolves: RHEL-59899 - Replace NetworkManager patch in the current version 2024-10-23 10:48:11 +02:00
Michal Ruprich
095fe15928 Resolves: RHEL-56074 - frr AVCs after rebase to 10.1 2024-09-09 16:11:57 +02:00
Michal Ruprich
8d3b48941e Related: RHEL-55747 - Adding libs_manage_lib_dirs for handling lib_t 2024-08-26 14:09:03 +02:00
Michal Ruprich
74379a7796 Related: RHEL-55747 - Adding new selinux rules 2024-08-26 06:27:29 +02:00
Michal Ruprich
3428d44f6b New version 10.1 2024-08-22 11:57:51 +02:00
Troy Dawson
2592b6a870 Bump release for June 2024 mass rebuild 2024-06-24 08:42:52 -07:00
Michal Ruprich
2d1a531a5b Resolves: RHEL-32134 - buffer overflow and daemon crash in ospf_te_parse_ri 2024-06-12 09:28:42 +02:00
Michal Ruprich
cdeacb4fe0 Resolves: RHEL-32138 - buffer overflow in ospf_te_parse_ext_link 2024-06-12 09:26:35 +02:00
Michal Ruprich
c2bc5c9c4f Resolves: RHEL-34911 - null pointer via get_edge() function can trigger a denial of service 2024-06-12 09:24:25 +02:00
Michal Ruprich
832ce93ff8 Resolves: RHEL-38834 - Missing selinux rules for .history_frr file for FRR 2024-05-28 17:02:10 +02:00
František Hrdina
69652b9863 Update of fmf plans and gating for c10s 2024-05-22 09:59:40 +02:00
František Hrdina
30586274ae Add ci.fmf 2024-04-19 15:00:35 +02:00
Michal Ruprich
8b24d2e071 Resolves: RHEL-32128 - infinite loop 2024-04-18 12:43:05 +02:00
Michal Ruprich
3536ef0396 Resolves: #RHEL-32125 - bgpd daemon crash 2024-04-18 12:40:54 +02:00
Michal Ruprich
238ae38814 Moving yang modules to an frr specific directory to avoid conflicts 
Adding rpminspect.yaml
 2024-04-16 10:46:29 +02:00
František Hrdina
0349f42aa5 Updating tier plans and gating.yaml 2024-04-12 12:18:04 +00:00
Michal Ruprich
5c54b0a175 Resolves: RHEL-32502 - frr fails to start: SELinux is preventing watchfrr from create access on the sock_file 2024-04-11 11:26:46 +02:00
Benjamin A. Beasley
14d3b39746 Rebuilt for abseil-cpp-20240116.0 2024-02-04 11:26:57 -05:00
Michal Ruprich
f10270279b New version 9.1 2024-01-25 14:43:24 +01:00
Vit Mojzis
9c91b908e1 SELinux: rename ifconfig_run interfaces to be more specific 
The change has no functional impact on the policy. It is just to keep it
in sync with the interfaces shipped in selinux-policy-* packages.

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
 2024-01-25 12:51:35 +00:00
Fedora Release Engineering
2228c29472 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-24 12:05:55 +00:00
Fedora Release Engineering
9bf8cfe430 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-19 19:51:00 +00:00
Michal Ruprich
30f4eb8e8e New version 9.0.1 2023-10-16 09:44:02 +02:00
Michal Ruprich
ca06a43267 Adding a couple of SELinux rules, includes fix for rhbz#2149299 2023-09-01 13:15:04 +02:00
Benjamin A. Beasley
4405129034 Rebuilt for abseil-cpp 20230802.0 2023-08-30 07:50:46 -04:00
Zdenek Pytela
a302f6117d Update SELinux rule to allow frr daemons create and use packet socket 
The commit addresses the following AVC denial:
type=PROCTITLE msg=audit(07/27/2023 11:26:31.692:622) : proctitle=/usr/libexec/frr/bfdd -d -F traditional -A 127.0.0.1
type=SOCKADDR msg=audit(07/27/2023 11:26:31.692:622) : saddr={ saddr_fam=packet (unsupported) }
type=SYSCALL msg=audit(07/27/2023 11:26:31.692:622) : arch=x86_64 syscall=bind success=no exit=EACCES(Permission denied) a0=0xf a1=0x7ffeb8c5a000 a2=0x14 a3=0x7ffeb8c59ff0 items=0 ppid=7818 pid=7903 auid=unset uid=frr gid=frr euid=frr suid=frr fsuid=frr egid=frr sgid=frr fsgid=frr tty=(none) ses=unset comm=bfdd exe=/usr/libexec/frr/bfdd subj=system_u:system_r:frr_t:s0 key=(null)
type=AVC msg=audit(07/27/2023 11:26:31.692:622) : avc:  denied  { bind } for  pid=7903 comm=bfdd scontext=system_u:system_r:frr_t:s0 tcontext=system_u:system_r:frr_t:s0 tclass=packet_socket permissive=0

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2216912
 2023-08-01 09:40:29 +02:00
Fedora Release Engineering
73b57e75c1 Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-07-19 20:19:19 +00:00
Michal Ruprich
b6998f1514 New version 8.5.2 2023-06-30 15:51:23 +02:00
Michal Ruprich
de8d85febb frr-8.5.1-4 
Selinux policy changes:
- Allow watch,read on /var/run/netns directory and its content
- Add sys_admin capability

It seems like sys_admin is needed because frr is using setns function to change the actual namespace. Full log here:
type=PROCTITLE msg=audit(06/29/2023 03:42:07.692:559) : proctitle=/usr/libexec/frr/zebra -d -F traditional -A 127.0.0.1 -s 90000000 -n
type=SYSCALL msg=audit(06/29/2023 03:42:07.692:559) : arch=x86_64 syscall=setns success=no exit=EPERM(Operation not permitted) a0=0x11 a1=CLONE_NEWNET a2=0x0 a3=0x0 items=0 ppid=3692 pid=3701 auid=unset uid=frr gid=frr euid=frr suid=frr fsuid=frr egid=frr sgid=frr fsgid=frr tty=(none) ses=unset comm=zebra exe=/usr/libexec/frr/zebra subj=system_u:system_r:frr_t:s0 key=(null)
type=AVC msg=audit(06/29/2023 03:42:07.692:559) : avc: denied { sys_admin } for pid=3701 comm=zebra capability=sys_admin scontext=system_u:system_r:frr_t:s0 tcontext=system_u:system_r:frr_t:s0 tclass=capability permissive=0

Resolves: #2216073 - SELinux is preventing FRR-Zebra to access to network namespaces
 2023-06-29 15:54:02 +02:00
Yaakov Selkowitz
7f0775ec07 Disable grpc in RHEL builds 
This is based on c9s:

bb27be6ef6
 2023-06-05 19:29:36 -04:00
Petr Písař
eee04cae3d Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19) 2023-05-19 15:11:46 +02:00
Michal Ruprich
58b91e7bdb New version 8.5.1 2023-04-26 13:21:40 +02:00
Michal Ruprich
a5fc21e539 New version 8.5 2023-04-12 14:07:11 +02:00
Michal Ruprich
12b88485f2 Rebuilding for new abseil-cpp version 2023-03-23 13:33:53 +01:00
Michal Ruprich
f062556435 SPDX migration 2023-03-22 13:05:16 +01:00
Benjamin A. Beasley
28e257ed71 Build as C++17, required by abseil-cpp 20230125 2023-03-08 18:06:40 -05:00
Fedora Release Engineering
777829246b Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-01-19 03:57:19 +00:00
Michal Ruprich
a0c4fb9063 Adding an include for fips 2023-01-12 15:50:47 +01:00
Michal Ruprich
0d70491296 New version 8.4.2 2023-01-12 12:55:39 +01:00
Michal Ruprich
1787b2810b New version 8.4.1 
Fix for rhbz #2140705
 2022-11-25 18:02:48 +01:00
Michal Ruprich
d506655fff AVC when running the reload script for FRR 2022-11-23 09:13:27 +01:00
Michal Ruprich
5301cdd961 New version 8.4 2022-11-10 09:57:42 +01:00
Michal Ruprich
3905b5274d Adding SELinux rule to enable zebra to write to sysctl_net_t 
Adding SELinux rule to enable bgpd to call name_connect to bgp_port_t
 2022-09-16 16:00:15 +02:00
Michal Ruprich
41a038e1d1 Fixing an error in post scriptlet 2022-09-09 19:14:38 +02:00
Michal Ruprich
a7b3783ddc Resolves: #2124254 - frr can no longer update routes 2022-09-09 16:14:11 +02:00
Michal Ruprich
a2ffd90d49 Resolves: #2124253 - SELinux is preventing zebra from setattr access on the directory frr 
Better handling FRR files during upgrade
 2022-09-07 11:28:59 +02:00
Michal Ruprich
db09f8886c Adding sources 2022-09-06 12:48:05 +02:00
Michal Ruprich
6e63bc125e New version 8.3.1 2022-09-06 12:38:38 +02:00