Commit Graph

94 Commits

Author SHA1 Message Date
Michal Ruprich
2d1a531a5b Resolves: RHEL-32134 - buffer overflow and daemon crash in ospf_te_parse_ri 2024-06-12 09:28:42 +02:00
Michal Ruprich
cdeacb4fe0 Resolves: RHEL-32138 - buffer overflow in ospf_te_parse_ext_link 2024-06-12 09:26:35 +02:00
Michal Ruprich
c2bc5c9c4f Resolves: RHEL-34911 - null pointer via get_edge() function can trigger a denial of service 2024-06-12 09:24:25 +02:00
Michal Ruprich
832ce93ff8 Resolves: RHEL-38834 - Missing selinux rules for .history_frr file for FRR 2024-05-28 17:02:10 +02:00
Michal Ruprich
8b24d2e071 Resolves: RHEL-32128 - infinite loop 2024-04-18 12:43:05 +02:00
Michal Ruprich
3536ef0396 Resolves: #RHEL-32125 - bgpd daemon crash 2024-04-18 12:40:54 +02:00
Michal Ruprich
238ae38814 Moving yang modules to an frr specific directory to avoid conflicts
Adding rpminspect.yaml
2024-04-16 10:46:29 +02:00
Michal Ruprich
5c54b0a175 Resolves: RHEL-32502 - frr fails to start: SELinux is preventing watchfrr from create access on the sock_file 2024-04-11 11:26:46 +02:00
Benjamin A. Beasley
14d3b39746 Rebuilt for abseil-cpp-20240116.0 2024-02-04 11:26:57 -05:00
Michal Ruprich
f10270279b New version 9.1 2024-01-25 14:43:24 +01:00
Fedora Release Engineering
2228c29472 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-24 12:05:55 +00:00
Fedora Release Engineering
9bf8cfe430 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-19 19:51:00 +00:00
Michal Ruprich
30f4eb8e8e New version 9.0.1 2023-10-16 09:44:02 +02:00
Michal Ruprich
ca06a43267 Adding a couple of SELinux rules, includes fix for rhbz#2149299 2023-09-01 13:15:04 +02:00
Benjamin A. Beasley
4405129034 Rebuilt for abseil-cpp 20230802.0 2023-08-30 07:50:46 -04:00
Fedora Release Engineering
73b57e75c1 Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-19 20:19:19 +00:00
Michal Ruprich
b6998f1514 New version 8.5.2 2023-06-30 15:51:23 +02:00
Michal Ruprich
de8d85febb frr-8.5.1-4
Selinux policy changes:
- Allow watch,read on /var/run/netns directory and its content
- Add sys_admin capability

It seems like sys_admin is needed because frr is using setns function to change the actual namespace. Full log here:
type=PROCTITLE msg=audit(06/29/2023 03:42:07.692:559) : proctitle=/usr/libexec/frr/zebra -d -F traditional -A 127.0.0.1 -s 90000000 -n
type=SYSCALL msg=audit(06/29/2023 03:42:07.692:559) : arch=x86_64 syscall=setns success=no exit=EPERM(Operation not permitted) a0=0x11 a1=CLONE_NEWNET a2=0x0 a3=0x0 items=0 ppid=3692 pid=3701 auid=unset uid=frr gid=frr euid=frr suid=frr fsuid=frr egid=frr sgid=frr fsgid=frr tty=(none) ses=unset comm=zebra exe=/usr/libexec/frr/zebra subj=system_u:system_r:frr_t:s0 key=(null)
type=AVC msg=audit(06/29/2023 03:42:07.692:559) : avc: denied { sys_admin } for pid=3701 comm=zebra capability=sys_admin scontext=system_u:system_r:frr_t:s0 tcontext=system_u:system_r:frr_t:s0 tclass=capability permissive=0

Resolves: #2216073 - SELinux is preventing FRR-Zebra to access to network namespaces
2023-06-29 15:54:02 +02:00
Yaakov Selkowitz
7f0775ec07 Disable grpc in RHEL builds
This is based on c9s:

bb27be6ef6
2023-06-05 19:29:36 -04:00
Petr Písař
eee04cae3d Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19) 2023-05-19 15:11:46 +02:00
Michal Ruprich
58b91e7bdb New version 8.5.1 2023-04-26 13:21:40 +02:00
Michal Ruprich
a5fc21e539 New version 8.5 2023-04-12 14:07:11 +02:00
Michal Ruprich
12b88485f2 Rebuilding for new abseil-cpp version 2023-03-23 13:33:53 +01:00
Michal Ruprich
f062556435 SPDX migration 2023-03-22 13:05:16 +01:00
Benjamin A. Beasley
28e257ed71 Build as C++17, required by abseil-cpp 20230125 2023-03-08 18:06:40 -05:00
Fedora Release Engineering
777829246b Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-19 03:57:19 +00:00
Michal Ruprich
0d70491296 New version 8.4.2 2023-01-12 12:55:39 +01:00
Michal Ruprich
1787b2810b New version 8.4.1
Fix for rhbz #2140705
2022-11-25 18:02:48 +01:00
Michal Ruprich
5301cdd961 New version 8.4 2022-11-10 09:57:42 +01:00
Michal Ruprich
3905b5274d Adding SELinux rule to enable zebra to write to sysctl_net_t
Adding SELinux rule to enable bgpd to call name_connect to bgp_port_t
2022-09-16 16:00:15 +02:00
Michal Ruprich
41a038e1d1 Fixing an error in post scriptlet 2022-09-09 19:14:38 +02:00
Michal Ruprich
a7b3783ddc Resolves: #2124254 - frr can no longer update routes 2022-09-09 16:14:11 +02:00
Michal Ruprich
a2ffd90d49 Resolves: #2124253 - SELinux is preventing zebra from setattr access on the directory frr
Better handling FRR files during upgrade
2022-09-07 11:28:59 +02:00
Michal Ruprich
6e63bc125e New version 8.3.1 2022-09-06 12:38:38 +02:00
Michal Ruprich
b2c9845f51 Rebuilding for new abseil-cpp and grpc updates 2022-08-22 14:09:39 +02:00
Michal Ruprich
d0157c4cbf Adding vrrpd and pathd to the policy 2022-08-10 12:03:08 +02:00
Michal Ruprich
40f863faec Finalizing SELinux policy 2022-08-10 10:36:08 +02:00
Michal Ruprich
4a6900f6dc Fixing wrong path for vtysh in frr.fc 2022-08-02 09:58:48 +02:00
Benjamin A. Beasley
15e17067ee Rebuild with abseil-cpp-20211102.0-4.fc37 (RHBZ#2108658)
The file absl_random_internal_randen_hwaes_impl.pc shipped in
abseil-cpp-devel incorrectly specified -maes -msse4.1 in its CFLAGS,
causing any packages which used pkgconfig to compile against abseil to
require SSE4.1 instructions to run. This affected frr in F37/Rawhide.
2022-07-29 12:54:46 -04:00
Michal Ruprich
9408b0b09e Packaging SELinux policy for FRR 2022-07-28 13:35:19 +02:00
Fedora Release Engineering
cba62cd207 Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-21 03:41:16 +00:00
Michal Ruprich
0c5e4dac6b Rebuild for grpc-1.46.1 2022-05-17 09:24:20 +02:00
Michal Ruprich
38e840d2af Fix for CVE-2022-16126 2022-04-11 12:00:54 +02:00
Michal Ruprich
4519d663ea New version 8.2.2 2022-03-15 14:49:25 +01:00
Michal Ruprich
46c4cd45bd Rebuild for abseil-cpp 20211102.0 2022-03-10 14:40:05 +01:00
Michal Ruprich
4ed096d9e0 New version 8.2 (rhbz#2020439)
Resolves: #2011868 - systemctl frr reload does not stop daemons that are not enabled in /etc/frr/daemons
2022-03-09 15:19:46 +01:00
Michal Ruprich
efd1a71f65 Rebuilding for FTBFS in Rawhide(rhbz#2045399) 2022-02-01 07:31:08 +01:00
Fedora Release Engineering
b2d9986308 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 03:28:53 +00:00
Miro Hrončok
48fc52869f Rebuilt for libre2.so.9 2022-01-08 11:41:45 +01:00
Adrian Reber
6ff7ded7f0
Rebuilt for protobuf 3.19.0 2021-11-06 10:18:25 +01:00