34 changed files with 367 additions and 1622 deletions
--- a/.frr.metadata
+++ b/.frr.metadata
@ -0,0 +1 @@
+5f46099a744058de374dbbf5240d1c4292a143f2 SOURCES/frr-8.5.3.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/frr-7.5.1.tar.gz
+SOURCES/frr-8.5.3.tar.gz
--- a/SOURCES/0000-remove-babeld-and-ldpd.patch
+++ b/SOURCES/0000-remove-babeld-and-ldpd.patch
@ -28,13 +28,13 @@ index 5be3264..33abc1d 100644
 	nhrpd/Makefile \
 	ospf6d/Makefile \
 diff --git a/tools/etc/frr/daemons b/tools/etc/frr/daemons
-index f6d512b..6d4831d 100644
+index 8aa0887..c92dcca 100644
 --- a/tools/etc/frr/daemons
 +++ b/tools/etc/frr/daemons
-@@ -21,10 +21,8 @@ ripd=no
- ripngd=no
+@@ -22,10 +22,8 @@ ripngd=no
 isisd=no
 pimd=no
+ pim6d=no
 -ldpd=no
 nhrpd=no
 eigrpd=no
@ -42,10 +42,10 @@ index f6d512b..6d4831d 100644
 sharpd=no
 pbrd=no
 bfdd=no
-@@ -45,10 +43,8 @@ ripd_options="   -A 127.0.0.1"
- ripngd_options=" -A ::1"
+@@ -48,10 +46,8 @@ ripngd_options=" -A ::1"
 isisd_options="  -A 127.0.0.1"
 pimd_options="   -A 127.0.0.1"
+ pim6d_options="  -A ::1"
 -ldpd_options="   -A 127.0.0.1"
 nhrpd_options="  -A 127.0.0.1"
 eigrpd_options=" -A 127.0.0.1"
--- a/SOURCES/0001-use-python3.patch
+++ b/SOURCES/0001-use-python3.patch
@ -1,20 +0,0 @@
-diff --git a/tools/frr-reload.py b/tools/frr-reload.py
-index 208fb11..0692adc 100755
--- a/tools/frr-reload.py
-+++ b/tools/frr-reload.py
-@@ -1,4 +1,4 @@
-#!/usr/bin/python
-+#!/usr/bin/python3
- # Frr Reloader
- # Copyright (C) 2014 Cumulus Networks, Inc.
- #
-diff --git a/tools/generate_support_bundle.py b/tools/generate_support_bundle.py
-index 540b7a1..0876ebb 100755
--- a/tools/generate_support_bundle.py
-+++ b/tools/generate_support_bundle.py
-@@ -1,4 +1,4 @@
-#!/usr/bin/python
-+#!/usr/bin/python3
- 
- ########################################################
- ### Python Script to generate the FRR support bundle ###
--- a/SOURCES/0002-enable-openssl.patch
+++ b/SOURCES/0002-enable-openssl.patch
@ -10,22 +10,6 @@ index 0b7af18..0533e24 100644
 	lib/memory.c \
 	lib/mlag.c \
 	lib/module.c \
-diff --git a/lib/subdir.am b/lib/subdir.am
-index 0533e24..b3d3700 100644
--- a/lib/subdir.am
-+++ b/lib/subdir.am
-@@ -170,7 +170,6 @@ pkginclude_HEADERS += \
- 	lib/linklist.h \
- 	lib/log.h \
- 	lib/log_vty.h \
-	lib/md5.h \
- 	lib/memory.h \
- 	lib/module.h \
- 	lib/monotime.h \
-diff --git a/lib/subdir.am b/lib/subdir.am
-index 53f7115..cea866f 100644
--- a/lib/subdir.am
-+++ b/lib/subdir.am
@@ -64,7 +64,6 @@ lib_libfrr_la_SOURCES = \
 	lib/routemap_northbound.c \
 	lib/sbuf.c \
@ -34,8 +18,16 @@ index 53f7115..cea866f 100644
 	lib/sigevent.c \
 	lib/skiplist.c \
 	lib/sockopt.c \
+@@ -170,7 +170,6 @@ pkginclude_HEADERS += \
+ 	lib/link_state.h \
+ 	lib/log.h \
+ 	lib/log_vty.h \
+-	lib/md5.h \
+ 	lib/memory.h \
+ 	lib/module.h \
+ 	lib/monotime.h \
@@ -191,7 +190,6 @@ pkginclude_HEADERS += \
- 	lib/routemap.h \
+ 	lib/route_opaque.h \
 	lib/sbuf.h \
 	lib/seqlock.h \
 -	lib/sha256.h \
--- a/SOURCES/0004-fips-mode.patch
+++ b/SOURCES/0004-fips-mode.patch
@ -101,3 +101,15 @@ index 5bb81ef..02a09ef 100644
 	nb_cli_enqueue_change(vty, "./authentication-scheme/mode", NB_OP_MODIFY,
 			      strmatch(mode, "md5") ? "md5" : "plain-text");
 	if (strmatch(mode, "md5"))
+diff --git a/lib/zebra.h b/lib/zebra.h
+index 53ae5b4..930307f 100644
+--- a/lib/zebra.h
+++ b/lib/zebra.h
+@@ -114,6 +114,7 @@
+ #ifdef CRYPTO_OPENSSL
+ #include <openssl/evp.h>
+ #include <openssl/hmac.h>
+#include <openssl/fips.h>
+ #endif
+
+ #include "openbsd-tree.h"
--- a/SOURCES/0005-CVE-2023-47235.patch
+++ b/SOURCES/0005-CVE-2023-47235.patch
@ -1,7 +1,7 @@
-From 6814f2e0138a6ea5e1f83bdd9085d9a77999900b Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Fri, 27 Oct 2023 11:56:45 +0300
-Subject: [PATCH] bgpd: Treat EOR as withdrawn to avoid unwanted handling of
+From 71422bfe269e34b69d78f9fb02f30426f2fdef48 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 13 Dec 2023 16:59:46 +0100
+Subject: [PATCH] bgpd: Treat EOR as withdrawn to avoid unwanted handling of 
 malformed attrs

 Treat-as-withdraw, otherwise if we just ignore it, we will pass it to be
@ -65,15 +65,17 @@ s.close()

 Reported-by: Iggy Frankovic <iggyfran@amazon.com>
 Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+
+(cherry picked from commit 6814f2e0138a6ea5e1f83bdd9085d9a77999900b)
 ---
 bgpd/bgp_attr.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

 diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
-index cf2dbe65b805..1473dc772502 100644
+index a121911..12a6953 100644
 --- a/bgpd/bgp_attr.c
 +++ b/bgpd/bgp_attr.c
-@@ -3391,9 +3391,12 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr,
+@@ -3079,9 +3079,12 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr)
 	uint8_t type = 0;
 
 	/* BGP Graceful-Restart End-of-RIB for IPv4 unicast is signaled as an
@ -86,20 +88,23 @@ index cf2dbe65b805..1473dc772502 100644
 -		return BGP_ATTR_PARSE_PROCEED;
 +		return BGP_ATTR_PARSE_WITHDRAW;
 
- 	if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGIN)))
- 		type = BGP_ATTR_ORIGIN;
-@@ -3273,7 +3276,13 @@ done:
- 		aspath_unintern(&as4_path);
- 	}
+ 	/* "An UPDATE message that contains the MP_UNREACH_NLRI is not required
+ 	   to carry any other path attributes.", though if MP_REACH_NLRI or NLRI
+@@ -3507,7 +3510,13 @@ done:
+ 	aspath_unintern(&as4_path);
 
+ 	transit = bgp_attr_get_transit(attr);
 -	if (ret != BGP_ATTR_PARSE_ERROR) {
 +	/* If we received an UPDATE with mandatory attributes, then
-+	* the unrecognized transitive optional attribute of that
-+	* path MUST be passed. Otherwise, it's an error, and from
-+	* security perspective it might be very harmful if we continue
-+	* here with the unrecognized attributes.
-+	*/
+	 * the unrecognized transitive optional attribute of that
+	 * path MUST be passed. Otherwise, it's an error, and from
+	 * security perspective it might be very harmful if we continue
+	 * here with the unrecognized attributes.
+	 */
 +	if (ret == BGP_ATTR_PARSE_PROCEED) {
 		/* Finally intern unknown attribute. */
- 		if (attr->transit)
- 			attr->transit = transit_intern(attr->transit);
+ 		if (transit)
+ 			bgp_attr_set_transit(attr, transit_intern(transit));
+-- 
+2.43.0
+
--- a/SOURCES/0006-CVE-2020-12831.patch
+++ b/SOURCES/0006-CVE-2020-12831.patch
@ -1,17 +0,0 @@
-diff --git a/tools/frr.in b/tools/frr.in
-index b860797..eb64a93 100755
--- a/tools/frr.in
-+++ b/tools/frr.in
-@@ -105,10 +105,12 @@ check_daemon()
- 			if [ ! -r "$C_PATH/$1-$2.conf" ]; then
- 				touch "$C_PATH/$1-$2.conf"
- 				chownfrr "$C_PATH/$1-$2.conf"
-+				chmod 0600 "$C_PATH/$1-$2.conf"
- 			fi
- 		elif [ ! -r "$C_PATH/$1.conf" ]; then
- 			touch "$C_PATH/$1.conf"
- 			chownfrr "$C_PATH/$1.conf"
-+			chmod 0600 "$C_PATH/$1.conf"
- 		fi
- 	fi
- 	return 0
--- a/SOURCES/0006-CVE-2023-47234.patch
+++ b/SOURCES/0006-CVE-2023-47234.patch
@ -1,6 +1,6 @@
-From c37119df45bbf4ef713bc10475af2ee06e12f3bf Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Sun, 29 Oct 2023 22:44:45 +0200
+From 7fe95b24333cceb6cd04595694cd502fcd3666f6 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 13 Dec 2023 18:25:48 +0100
 Subject: [PATCH] bgpd: Ignore handling NLRIs if we received MP_UNREACH_NLRI

 If we receive MP_UNREACH_NLRI, we should stop handling remaining NLRIs if
@ -14,6 +14,9 @@ handle that.

 Reported-by: Iggy Frankovic <iggyfran@amazon.com>
 Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+Signed-off-by: Christian Breunig <christian@breunig.cc>
+
+(cherry picked from commit c37119df45bbf4ef713bc10475af2ee06e12f3bf)
 ---
 bgpd/bgp_attr.c   | 19 ++++++++++---------
 bgpd/bgp_attr.h   |  1 +
@ -21,12 +24,12 @@ Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
 3 files changed, 17 insertions(+), 10 deletions(-)

 diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
-index 1473dc772502..75aa2ac7cce6 100644
+index 12a6953..8b02f2c 100644
 --- a/bgpd/bgp_attr.c
 +++ b/bgpd/bgp_attr.c
-@@ -3399,15 +3399,6 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr,
+@@ -3086,15 +3086,6 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr)
 	if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag)
- 		return BGP_ATTR_PARSE_PROCEED;
+ 		return BGP_ATTR_PARSE_WITHDRAW;
 
 -	/* "An UPDATE message that contains the MP_UNREACH_NLRI is not required
 -	   to carry any other path attributes.", though if MP_REACH_NLRI or NLRI
@ -40,7 +43,7 @@ index 1473dc772502..75aa2ac7cce6 100644
 	if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGIN)))
 		type = BGP_ATTR_ORIGIN;
 
-@@ -3426,6 +3417,16 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr,
+@@ -3113,6 +3104,16 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr)
 	    && !CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_LOCAL_PREF)))
 		type = BGP_ATTR_LOCAL_PREF;
 
@ -58,26 +61,26 @@ index 1473dc772502..75aa2ac7cce6 100644
 	 * in an UPDATE message, then "treat-as-withdraw" MUST be used.
 	 */
 diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h
-index fc347e7a1b4b..d30155e6dba0 100644
+index 06f350b..b9dfec9 100644
 --- a/bgpd/bgp_attr.h
 +++ b/bgpd/bgp_attr.h
-@@ -364,6 +364,7 @@ enum bgp_attr_parse_ret {
- 	   */
+@@ -379,6 +379,7 @@ enum bgp_attr_parse_ret {
+ 	 */
 	BGP_ATTR_PARSE_ERROR_NOTIFYPLS = -3,
 	BGP_ATTR_PARSE_EOR = -4,
-+	BGP_ATTR_PARSE_MISSING_MANDATORY = -4,
- } bgp_attr_parse_ret_t;
+	BGP_ATTR_PARSE_MISSING_MANDATORY = -5,
+ };
 
 struct bpacket_attr_vec_arr;
 diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
-index a7514a26aa64..5dc35157ebf6 100644
+index a5f065a..cdf0734 100644
 --- a/bgpd/bgp_packet.c
 +++ b/bgpd/bgp_packet.c
-@@ -2359,7 +2359,12 @@ static int bgp_update_receive(struct peer_connection *connection,
+@@ -1873,7 +1873,12 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size)
 	/* Network Layer Reachability Information. */
 	update_len = end - stream_pnt(s);
 
-	if (update_len) {
+-	if (update_len && attribute_len) {
 +	/* If we received MP_UNREACH_NLRI attribute, but also NLRIs, then
 +	 * NLRIs should be handled as a new data. Though, if we received
 +	 * NLRIs without mandatory attributes, they should be ignored.
@ -87,3 +90,6 @@ index a7514a26aa64..5dc35157ebf6 100644
 		/* Set NLRI portion to structure. */
 		nlris[NLRI_UPDATE].afi = AFI_IP;
 		nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
+-- 
+2.43.0
+
--- a/SOURCES/0007-CVE-2023-46752.patch
+++ b/SOURCES/0007-CVE-2023-46752.patch
@ -44,11 +44,11 @@ index 961e5f122470..fc347e7a1b4b 100644
 +++ b/bgpd/bgp_attr.h
@@ -364,7 +364,6 @@ enum bgp_attr_parse_ret {
 	/* only used internally, send notify + convert to BGP_ATTR_PARSE_ERROR
- 	   */
+ 	 */
 	BGP_ATTR_PARSE_ERROR_NOTIFYPLS = -3,
 -	BGP_ATTR_PARSE_EOR = -4,
- 	BGP_ATTR_PARSE_MISSING_MANDATORY = -4,
- } bgp_attr_parse_ret_t;
+ 	BGP_ATTR_PARSE_MISSING_MANDATORY = -5,
+ };
 
 diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
 index b585591e2f69..5ecf343b6657 100644
--- a/SOURCES/0007-frrinit.patch
+++ b/SOURCES/0007-frrinit.patch
@ -1,31 +0,0 @@
-diff --git a/tools/frrinit.sh.in b/tools/frrinit.sh.in
-index 539ab7d..d27d1be 100644
--- a/tools/frrinit.sh.in
-+++ b/tools/frrinit.sh.in
-@@ -43,7 +43,7 @@ fi
- case "$1" in
- start)
- 	daemon_list daemons
-	watchfrr_options="$watchfrr_options $daemons"
-+	watchfrr_options="$daemons"
- 	daemon_start watchfrr
- 	;;
- stop)
-@@ -57,7 +57,7 @@ restart|force-reload)
- 	all_stop --reallyall
- 
- 	daemon_list daemons
-	watchfrr_options="$watchfrr_options $daemons"
-+	watchfrr_options="$daemons"
- 	daemon_start watchfrr
- 	;;
- 
-@@ -87,7 +87,7 @@ reload)
- 	# restart watchfrr to pick up added daemons.
- 	# NB: This will NOT cause the other daemons to be restarted.
- 	daemon_list daemons
-	watchfrr_options="$watchfrr_options $daemons"
-+	watchfrr_options="$daemons"
- 	daemon_stop watchfrr && \
- 		daemon_start watchfrr
- 
--- a/SOURCES/0008-CVE-2023-46753.patch
+++ b/SOURCES/0008-CVE-2023-46753.patch
@ -41,7 +41,7 @@ index 26fd3de..bcc4424 100644
 
 	if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGIN)))
@@ -3462,7 +3464,7 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr,
- 	bgp_attr_parse_ret_t ret;
+ 	enum bgp_attr_parse_ret ret;
 	uint8_t flag = 0;
 	uint8_t type = 0;
 -	bgp_size_t length;
@ -49,12 +49,12 @@ index 26fd3de..bcc4424 100644
 	uint8_t *startp, *endp;
 	uint8_t *attr_endp;
 	uint8_t seen[BGP_ATTR_BITMAP_SIZE];
-@@ -3216,7 +3218,7 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr,
+@@ -3785,7 +3787,7 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr,
 	}
 
 	/* Check all mandatory well-known attributes are present */
-	if ((ret = bgp_attr_check(peer, attr)) < 0)
-+	if ((ret = bgp_attr_check(peer, attr, length)) < 0)
+-	ret = bgp_attr_check(peer, attr);
+	ret = bgp_attr_check(peer, attr, length);
+ 	if (ret < 0)
 		goto done;
 
- 	/*
--- a/SOURCES/0008-designated-router.patch
+++ b/SOURCES/0008-designated-router.patch
@ -1,33 +0,0 @@
-diff --git a/ospfd/ospf_vty.c b/ospfd/ospf_vty.c
-index 69a3e4587..57ef6029a 100644
--- a/ospfd/ospf_vty.c
-+++ b/ospfd/ospf_vty.c
-@@ -3737,6 +3737,28 @@ static void show_ip_ospf_interface_sub(struct vty *vty, struct ospf *ospf,
- 				vty_out(vty,
- 					"  No backup designated router on this network\n");
- 		} else {
-+			nbr = ospf_nbr_lookup_by_addr(oi->nbrs, &DR(oi));
-+			if (nbr) {
-+				if (use_json) {
-+					json_object_string_add(
-+						json_interface_sub, "drId",
-+						inet_ntoa(nbr->router_id));
-+					json_object_string_add(
-+						json_interface_sub, "drAddress",
-+						inet_ntoa(nbr->address.u
-+								.prefix4));
-+				} else {
-+					vty_out(vty,
-+						"  Designated Router (ID) %s",
-+						inet_ntoa(nbr->router_id));
-+					vty_out(vty,
-+						" Interface Address %s\n",
-+						inet_ntoa(nbr->address.u
-+								.prefix4));
-+				}
-+			}
-+			nbr = NULL;
-+
- 			nbr = ospf_nbr_lookup_by_addr(oi->nbrs, &BDR(oi));
- 			if (nbr == NULL) {
- 				if (!use_json)
--- a/SOURCES/0009-routemap.patch
+++ b/SOURCES/0009-routemap.patch
@ -1,25 +0,0 @@
-diff --git a/lib/routemap.c b/lib/routemap.c
-index a90443a..0b594b2 100644
--- a/lib/routemap.c
-+++ b/lib/routemap.c
-@@ -1649,9 +1649,9 @@ static struct list *route_map_get_index_list(struct route_node **rn,
-  */
- static struct route_map_index *
- route_map_get_index(struct route_map *map, const struct prefix *prefix,
-		    route_map_object_t type, void *object, uint8_t *match_ret)
-+		    route_map_object_t type, void *object, enum route_map_cmd_result_t *match_ret)
- {
-	int ret = 0;
-+	enum route_map_cmd_result_t ret = RMAP_NOMATCH;
- 	struct list *candidate_rmap_list = NULL;
- 	struct route_node *rn = NULL;
- 	struct listnode *ln = NULL, *nn = NULL;
-@@ -2399,7 +2399,7 @@ route_map_result_t route_map_apply(struct route_map *map,
- 	if ((!map->optimization_disabled)
- 	    && (map->ipv4_prefix_table || map->ipv6_prefix_table)) {
- 		index = route_map_get_index(map, prefix, type, object,
-					    (uint8_t *)&match_ret);
-+					    &match_ret);
- 		if (index) {
- 			if (rmap_debug)
- 				zlog_debug(
--- a/SOURCES/0010-moving-executables.patch
+++ b/SOURCES/0010-moving-executables.patch
@ -1,40 +0,0 @@
-diff --git a/tools/frr.service b/tools/frr.service
-index aa45f42..a3f0103 100644
--- a/tools/frr.service
-+++ b/tools/frr.service
-@@ -17,9 +17,9 @@ WatchdogSec=60s
- RestartSec=5
- Restart=on-abnormal
- LimitNOFILE=1024
-ExecStart=/usr/lib/frr/frrinit.sh start
-ExecStop=/usr/lib/frr/frrinit.sh stop
-ExecReload=/usr/lib/frr/frrinit.sh reload
-+ExecStart=/usr/libexec/frr/frrinit.sh start
-+ExecStop=/usr/libexec/frr/frrinit.sh stop
-+ExecReload=/usr/libexec/frr/frrinit.sh reload
- 
- [Install]
- WantedBy=multi-user.target
-diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in
-index 9a144b2..a334d95 100644
--- a/tools/frrcommon.sh.in
-+++ b/tools/frrcommon.sh.in
-@@ -59,6 +59,9 @@ chownfrr() {
- 	[ -n "$FRR_USER" ] && chown "$FRR_USER" "$1"
- 	[ -n "$FRR_GROUP" ] && chgrp "$FRR_GROUP" "$1"
- 	[ -n "$FRR_CONFIG_MODE" ] && chmod "$FRR_CONFIG_MODE" "$1"
-+	if [ -d "$1" ]; then
-+		chmod gu+x "$1"
-+	fi
- }
- 
- vtysh_b () {
-@@ -152,7 +155,7 @@ daemon_start() {
- 	daemon_prep "$daemon" "$inst" || return 1
- 	if test ! -d "$V_PATH"; then
- 		mkdir -p "$V_PATH"
-		chown frr "$V_PATH"
-+		chownfrr "$V_PATH"
- 	fi
- 
- 	eval wrap="\$${daemon}_wrap"
--- a/SOURCES/0011-reload-bfd-profile.patch
+++ b/SOURCES/0011-reload-bfd-profile.patch
@ -1,77 +0,0 @@
-diff --git a/tools/frr-reload.py b/tools/frr-reload.py
-index 9979c8b..1c24f90 100755
--- a/tools/frr-reload.py
-+++ b/tools/frr-reload.py
-@@ -785,6 +785,48 @@ def line_exist(lines, target_ctx_keys, target_line, exact_match=True):
-                     return True
-     return False
- 
-+def delete_bgp_bfd(lines_to_add, lines_to_del):
-+    """
-+    When 'neighbor <peer> bfd profile <profile>' is present without a
-+    'neighbor <peer> bfd' line, FRR explicitily adds it to the running
-+    configuration. When the new configuration drops the bfd profile
-+    line, the user's intent is to delete any bfd configuration on the
-+    peer. On reload, deleting the bfd profile line after the bfd line
-+    will re-enable BFD with the default BFD profile. Move the bfd line
-+    to the end, if it exists in the new configuration.
-+
-+    Example:
-+
-+     neighbor 10.0.0.1 bfd
-+     neighbor 10.0.0.1 bfd profile bfd-profile-1
-+
-+     Move to end:
-+     neighbor 10.0.0.1 bfd profile bfd-profile-1
-+     ...
-+
-+     neighbor 10.0.0.1 bfd
-+
-+    """
-+    lines_to_del_to_app = []
-+    for (ctx_keys, line) in lines_to_del:
-+        if (
-+            ctx_keys[0].startswith("router bgp")
-+            and line
-+            and line.startswith("neighbor ")
-+        ):
-+            # 'no neighbor [peer] bfd>'
-+            nb_bfd = "neighbor (\S+) .*bfd$"
-+            re_nb_bfd = re.search(nb_bfd, line)
-+            if re_nb_bfd:
-+                lines_to_del_to_app.append((ctx_keys, line))
-+
-+    for (ctx_keys, line) in lines_to_del_to_app:
-+        lines_to_del.remove((ctx_keys, line))
-+        lines_to_del.append((ctx_keys, line))
-+
-+    return (lines_to_add, lines_to_del)
-+
-+
- def check_for_exit_vrf(lines_to_add, lines_to_del):
- 
-     # exit-vrf is a bit tricky.  If the new config is missing it but we
-@@ -1248,6 +1290,7 @@ def compare_context_objects(newconf, running):
-             for line in newconf_ctx.lines:
-                 lines_to_add.append((newconf_ctx_keys, line))
- 
-+    (lines_to_add, lines_to_del) = delete_bgp_bfd(lines_to_add, lines_to_del)
-     (lines_to_add, lines_to_del) = check_for_exit_vrf(lines_to_add, lines_to_del)
-     (lines_to_add, lines_to_del) = ignore_delete_re_add_lines(lines_to_add, lines_to_del)
-     (lines_to_add, lines_to_del) = ignore_unconfigurable_lines(lines_to_add, lines_to_del)
-diff --git a/bgpd/bgp_bfd.c b/bgpd/bgp_bfd.c
-index b566b0e..1bd6249 100644
--- a/bgpd/bgp_bfd.c
-+++ b/bgpd/bgp_bfd.c
-@@ -686,9 +686,9 @@ void bgp_bfd_peer_config_write(struct vty *vty, struct peer *peer, char *addr)
- 
- 	if (!CHECK_FLAG(bfd_info->flags, BFD_FLAG_PARAM_CFG)
- 	    && (bfd_info->type == BFD_TYPE_NOT_CONFIGURED)) {
-		vty_out(vty, " neighbor %s bfd", addr);
-+		vty_out(vty, " neighbor %s bfd\n", addr);
- 		if (bfd_info->profile[0])
-			vty_out(vty, " profile %s", bfd_info->profile);
-+			vty_out(vty, " neighbor %s bfd profile %s", addr, bfd_info->profile);
- 		vty_out(vty, "\n");
- 	}
- 
--- a/SOURCES/0012-graceful-restart.patch
+++ b/SOURCES/0012-graceful-restart.patch
@ -1,79 +0,0 @@
-From 12f9f8472d0f8cfc026352906b8e5342df2846cc Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Tue, 27 Sep 2022 17:30:16 +0300
-Subject: [PATCH] bgpd: Do not send Deconfig/Shutdown message when restarting
-
-We might disable sending unconfig/shutdown notifications when
-Graceful-Restart is enabled and negotiated.
-
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
---
- bgpd/bgpd.c | 35 ++++++++++++++++++++++++++---------
- 1 file changed, 26 insertions(+), 9 deletions(-)
-
-diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
-index 3d4ef7c..f8089c6 100644
--- a/bgpd/bgpd.c
-+++ b/bgpd/bgpd.c
-@@ -2564,11 +2564,34 @@ int peer_group_remote_as(struct bgp *bgp, const char *group_name, as_t *as,
- 
- void peer_notify_unconfig(struct peer *peer)
- {
-+	if (BGP_PEER_GRACEFUL_RESTART_CAPABLE(peer)) {
-+		if (bgp_debug_neighbor_events(peer))
-+			zlog_debug(
-+				"%pBP configured Graceful-Restart, skipping unconfig notification",
-+				peer);
-+		return;
-+	}
-+
- 	if (BGP_IS_VALID_STATE_FOR_NOTIF(peer->status))
- 		bgp_notify_send(peer, BGP_NOTIFY_CEASE,
- 				BGP_NOTIFY_CEASE_PEER_UNCONFIG);
- }
- 
-+static void peer_notify_shutdown(struct peer *peer)
-+{
-+	if (BGP_PEER_GRACEFUL_RESTART_CAPABLE(peer)) {
-+		if (bgp_debug_neighbor_events(peer))
-+			zlog_debug(
-+				"%pBP configured Graceful-Restart, skipping shutdown notification",
-+				peer);
-+		return;
-+	}
-+
-+	if (BGP_IS_VALID_STATE_FOR_NOTIF(peer->status))
-+		bgp_notify_send(peer, BGP_NOTIFY_CEASE,
-+				BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN);
-+}
-+
- void peer_group_notify_unconfig(struct peer_group *group)
- {
- 	struct peer *peer, *other;
-@@ -3380,11 +3403,8 @@ int bgp_delete(struct bgp *bgp)
- 	}
- 
- 	/* Inform peers we're going down. */
-	for (ALL_LIST_ELEMENTS(bgp->peer, node, next, peer)) {
-		if (BGP_IS_VALID_STATE_FOR_NOTIF(peer->status))
-			bgp_notify_send(peer, BGP_NOTIFY_CEASE,
-					BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN);
-	}
-+	for (ALL_LIST_ELEMENTS(bgp->peer, node, next, peer))
-+		peer_notify_shutdown(peer);
- 
- 	/* Delete static routes (networks). */
- 	bgp_static_delete(bgp);
-@@ -7238,11 +7258,7 @@ void bgp_terminate(void)
- 
- 	for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
- 		for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer))
-			if (peer->status == Established
-			    || peer->status == OpenSent
-			    || peer->status == OpenConfirm)
-				bgp_notify_send(peer, BGP_NOTIFY_CEASE,
-						BGP_NOTIFY_CEASE_PEER_UNCONFIG);
-+			peer_notify_unconfig(peer);
- 
- 	if (bm->process_main_queue)
- 		work_queue_free_and_null(&bm->process_main_queue);
--- a/SOURCES/0013-CVE-2022-37032.patch
+++ b/SOURCES/0013-CVE-2022-37032.patch
@ -1,32 +0,0 @@
-From ff6db1027f8f36df657ff2e5ea167773752537ed Mon Sep 17 00:00:00 2001
-From: Donald Sharp <sharpd@nvidia.com>
-Date: Thu, 21 Jul 2022 08:11:58 -0400
-Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is
- expected
-
-Ensure that if the capability length specified is enough data.
-
-Signed-off-by: Donald Sharp <sharpd@nvidia.com>
---
- bgpd/bgp_packet.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
-index dbf6c0b2e99..45752a8ab6d 100644
--- a/bgpd/bgp_packet.c
-+++ b/bgpd/bgp_packet.c
-@@ -2620,6 +2620,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
- 				"%s CAPABILITY has action: %d, code: %u, length %u",
- 				peer->host, action, hdr->code, hdr->length);
- 
-+		if (hdr->length < sizeof(struct capability_mp_data)) {
-+			zlog_info(
-+				"%pBP Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d",
-+				peer, sizeof(struct capability_mp_data),
-+				hdr->length);
-+			return BGP_Stop;
-+		}
-+
- 		/* Capability length check. */
- 		if ((pnt + hdr->length + 3) > end) {
- 			zlog_info("%s Capability length error", peer->host);
--- a/SOURCES/0014-bfd-profile-crash.patch
+++ b/SOURCES/0014-bfd-profile-crash.patch
@ -1,117 +0,0 @@
-From 4b793d1eb35ab5794db12725a28fcdb4fef23af7 Mon Sep 17 00:00:00 2001
-From: Igor Ryzhov <iryzhov@nfware.com>
-Date: Thu, 1 Apr 2021 15:29:18 +0300
-Subject: [PATCH] bfdd: remove profiles when removing bfd node
-
-Fixes #8379.
-
-Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
---
- bfdd/bfd.c            | 8 ++++++++
- bfdd/bfd.h            | 1 +
- bfdd/bfdd_nb_config.c | 1 +
- 3 files changed, 10 insertions(+)
-
-diff --git a/bfdd/bfd.c b/bfdd/bfd.c
-index c966efd8ea71..cf292a836354 100644
--- a/bfdd/bfd.c
-+++ b/bfdd/bfd.c
-@@ -1889,6 +1889,14 @@ void bfd_sessions_remove_manual(void)
- 	hash_iterate(bfd_key_hash, _bfd_session_remove_manual, NULL);
- }
- 
-+void bfd_profiles_remove(void)
-+{
-+	struct bfd_profile *bp;
-+
-+	while ((bp = TAILQ_FIRST(&bplist)) != NULL)
-+		bfd_profile_free(bp);
-+}
-+
- /*
-  * Profile related hash functions.
-  */
-diff --git a/bfdd/bfd.h b/bfdd/bfd.h
-index af3f92d6a8f8..9ee1da728717 100644
--- a/bfdd/bfd.h
-+++ b/bfdd/bfd.h
-@@ -596,6 +596,7 @@ void bfd_session_free(struct bfd_session *bs);
- const struct bfd_session *bfd_session_next(const struct bfd_session *bs,
- 					   bool mhop);
- void bfd_sessions_remove_manual(void);
-+void bfd_profiles_remove(void);
- 
- /**
-  * Set the BFD session echo state.
-diff --git a/bfdd/bfdd_nb_config.c b/bfdd/bfdd_nb_config.c
-index 0046bc625b45..77f8cbd09c07 100644
--- a/bfdd/bfdd_nb_config.c
-+++ b/bfdd/bfdd_nb_config.c
-@@ -203,6 +203,7 @@ int bfdd_bfd_destroy(struct nb_cb_destroy_args *args)
- 
- 	case NB_EV_APPLY:
- 		bfd_sessions_remove_manual();
-+		bfd_profiles_remove();
- 		break;
- 
- 	case NB_EV_ABORT:
-diff --git a/bfdd/bfdd_nb_config.c b/bfdd/bfdd_nb_config.c
-index 77f8cbd09c07..4030e2eefa50 100644
--- a/bfdd/bfdd_nb_config.c
-+++ b/bfdd/bfdd_nb_config.c
-@@ -186,7 +186,15 @@ static int bfd_session_destroy(enum nb_event event,
-  */
- int bfdd_bfd_create(struct nb_cb_create_args *args)
- {
-	/* NOTHING */
-+	if (args->event != NB_EV_APPLY)
-+		return NB_OK;
-+
-+	/*
-+	 * Set any non-NULL value to be able to call
-+	 * nb_running_unset_entry in bfdd_bfd_destroy.
-+	 */
-+	nb_running_set_entry(args->dnode, (void *)0x1);
-+
- 	return NB_OK;
- }
- 
-@@ -202,6 +210,12 @@ int bfdd_bfd_destroy(struct nb_cb_destroy_args *args)
- 		return NB_OK;
- 
- 	case NB_EV_APPLY:
-+		/*
-+		 * We need to call this to unset pointers from
-+		 * the child nodes - sessions and profiles.
-+		 */
-+		nb_running_unset_entry(args->dnode);
-+
- 		bfd_sessions_remove_manual();
- 		bfd_profiles_remove();
- 		break;
-diff --git a/bfdd/bfdd_cli.c b/bfdd/bfdd_cli.c
-index b64e36b36a44..5a844e56e121 100644
--- a/bfdd/bfdd_cli.c
-+++ b/bfdd/bfdd_cli.c
-@@ -486,7 +486,7 @@ void bfd_cli_show_echo_interval(struct vty *vty, struct lyd_node *dnode,
-  * Profile commands.
-  */
- DEFPY_YANG_NOSH(bfd_profile, bfd_profile_cmd,
-	   "profile WORD$name",
-+	   "profile BFDPROF$name",
- 	   BFD_PROFILE_STR
- 	   BFD_PROFILE_NAME_STR)
- {
-diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c
-index 74f13e1a44e8..cf1811bb1f2f 100644
--- a/vtysh/vtysh.c
-+++ b/vtysh/vtysh.c
-@@ -1959,7 +1959,7 @@ DEFUNSH(VTYSH_BFDD, bfd_peer_enter, bfd_peer_enter_cmd,
- }
- 
- DEFUNSH(VTYSH_BFDD, bfd_profile_enter, bfd_profile_enter_cmd,
-	"profile WORD",
-+	"profile BFDPROF",
- 	BFD_PROFILE_STR
- 	BFD_PROFILE_NAME_STR)
- {
--- a/SOURCES/0015-max-ttl-reload.patch
+++ b/SOURCES/0015-max-ttl-reload.patch
@ -1,93 +0,0 @@
-From 767aaa3a80489bfc4ff097f932fc347e3db25b89 Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Mon, 21 Aug 2023 00:01:42 +0300
-Subject: [PATCH] bgpd: Do not explicitly print MAXTTL value for ebgp-multihop
- vty output
-
-1. Create /etc/frr/frr.conf
-```
-frr version 7.5
-frr defaults traditional
-hostname centos8.localdomain
-no ip forwarding
-no ipv6 forwarding
-service integrated-vtysh-config
-line vty
-router bgp 4250001000
-  neighbor 192.168.122.207 remote-as 65512
-  neighbor 192.168.122.207 ebgp-multihop
-```
-
-2. Start FRR
-`# systemctl start frr
-`
-3. Show running configuration. Note that FRR explicitly set and shows the default TTL (225)
-
-```
-Building configuration...
-
-Current configuration:
-!
-frr version 7.5
-frr defaults traditional
-hostname centos8.localdomain
-no ip forwarding
-no ipv6 forwarding
-service integrated-vtysh-config
-!
-router bgp 4250001000
- neighbor 192.168.122.207 remote-as 65512
- neighbor 192.168.122.207 ebgp-multihop 255
-!
-line vty
-!
-end
-```
-4. Copy initial frr.conf to frr.conf.new (no changes)
-`# cp /etc/frr/frr.conf /root/frr.conf.new
-`
-5. Run frr-reload.sh:
-
-```
-$ /usr/lib/frr/frr-reload.py --test  /root/frr.conf.new
-2023-08-20 20:15:48,050  INFO: Called via "Namespace(bindir='/usr/bin', confdir='/etc/frr', daemon='', debug=False, filename='/root/frr.conf.new', input=None, log_level='info', overwrite=False, pathspace=None, reload=False, rundir='/var/run/frr', stdout=False, test=True, vty_socket=None)"
-2023-08-20 20:15:48,050  INFO: Loading Config object from file /root/frr.conf.new
-2023-08-20 20:15:48,124  INFO: Loading Config object from vtysh show running
-
-Lines To Delete
-===============
-router bgp 4250001000
- no neighbor 192.168.122.207 ebgp-multihop 255
-
-Lines To Add
-============
-router bgp 4250001000
- neighbor 192.168.122.207 ebgp-multihop
-```
-
-Closes https://github.com/FRRouting/frr/issues/14242
-
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
---
- bgpd/bgp_vty.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
-index be0fe4283747..c9a9255f3392 100644
--- a/bgpd/bgp_vty.c
-+++ b/bgpd/bgp_vty.c
-@@ -17735,8 +17735,12 @@ static void bgp_config_write_peer_global(struct vty *vty, struct bgp *bgp,
- 	    && !(peer->gtsm_hops != BGP_GTSM_HOPS_DISABLED
- 		 && peer->ttl == MAXTTL)) {
- 		if (!peer_group_active(peer) || g_peer->ttl != peer->ttl) {
-			vty_out(vty, " neighbor %s ebgp-multihop %d\n", addr,
-				peer->ttl);
-+			if (peer->ttl != MAXTTL)
-+				vty_out(vty, " neighbor %s ebgp-multihop %d\n",
-+					addr, peer->ttl);
-+			else
-+				vty_out(vty, " neighbor %s ebgp-multihop\n",
-+					addr);
- 		}
- 	}
- 
--- a/SOURCES/0016-CVE-2023-38802.patch
+++ b/SOURCES/0016-CVE-2023-38802.patch
@ -1,129 +0,0 @@
-From 46817adab03802355c3cce7b753c7a735bdcc5ae Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Thu, 13 Jul 2023 22:32:03 +0300
-Subject: [PATCH] bgpd: Use treat-as-withdraw for tunnel encapsulation
- attribute
-
-Before this path we used session reset method, which is discouraged by rfc7606.
-
-Handle this as rfc requires.
-
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
-(cherry picked from commit bcb6b58d9530173df41d3a3cbc4c600ee0b4b186)
---
- bgpd/bgp_attr.c | 61 ++++++++++++++++++++-----------------------------
- 1 file changed, 25 insertions(+), 36 deletions(-)
-
-diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
-index 058fae23cbd..1c0803cfd8e 100644
--- a/bgpd/bgp_attr.c
-+++ b/bgpd/bgp_attr.c
-@@ -1301,6 +1301,7 @@ bgp_attr_malformed(struct bgp_attr_parser_args *args, uint8_t subcode,
- 	case BGP_ATTR_LARGE_COMMUNITIES:
- 	case BGP_ATTR_ORIGINATOR_ID:
- 	case BGP_ATTR_CLUSTER_LIST:
-+	case BGP_ATTR_ENCAP:
- 		return BGP_ATTR_PARSE_WITHDRAW;
- 	case BGP_ATTR_MP_REACH_NLRI:
- 	case BGP_ATTR_MP_UNREACH_NLRI:
-@@ -2434,26 +2435,21 @@ bgp_attr_ipv6_ext_communities(struct bgp_attr_parser_args *args)
- }
- 
- /* Parse Tunnel Encap attribute in an UPDATE */
-static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
-			  bgp_size_t length, /* IN: attr's length field */
-			  struct attr *attr, /* IN: caller already allocated */
-			  uint8_t flag,      /* IN: attr's flags field */
-			  uint8_t *startp)
-+static int bgp_attr_encap(struct bgp_attr_parser_args *args)
- {
-	bgp_size_t total;
- 	uint16_t tunneltype = 0;
-
-	total = length + (CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN) ? 4 : 3);
-+	struct peer *const peer = args->peer;
-+	struct attr *const attr = args->attr;
-+	bgp_size_t length = args->length;
-+	uint8_t type = args->type;
-+	uint8_t flag = args->flags;
- 
- 	if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_TRANS)
- 	    || !CHECK_FLAG(flag, BGP_ATTR_FLAG_OPTIONAL)) {
-		zlog_info(
-			"Tunnel Encap attribute flag isn't optional and transitive %d",
-			flag);
-		bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR,
-					  BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR,
-					  startp, total);
-		return -1;
-+		zlog_err("Tunnel Encap attribute flag isn't optional and transitive %d",
-+			 flag);
-+		return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
-+					  args->total);
- 	}
- 
- 	if (BGP_ATTR_ENCAP == type) {
-@@ -2461,12 +2457,11 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
- 		uint16_t tlv_length;
- 
- 		if (length < 4) {
-			zlog_info(
-+			zlog_err(
- 				"Tunnel Encap attribute not long enough to contain outer T,L");
-			bgp_notify_send_with_data(
-				peer, BGP_NOTIFY_UPDATE_ERR,
-				BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total);
-			return -1;
-+			return bgp_attr_malformed(args,
-+						  BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
-+						  args->total);
- 		}
- 		tunneltype = stream_getw(BGP_INPUT(peer));
- 		tlv_length = stream_getw(BGP_INPUT(peer));
-@@ -2496,13 +2491,11 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
- 		}
- 
- 		if (sublength > length) {
-			zlog_info(
-				"Tunnel Encap attribute sub-tlv length %d exceeds remaining length %d",
-				sublength, length);
-			bgp_notify_send_with_data(
-				peer, BGP_NOTIFY_UPDATE_ERR,
-				BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total);
-			return -1;
-+			zlog_err("Tunnel Encap attribute sub-tlv length %d exceeds remaining length %d",
-+				 sublength, length);
-+			return bgp_attr_malformed(args,
-+						  BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
-+						  args->total);
- 		}
- 
- 		/* alloc and copy sub-tlv */
-@@ -2550,13 +2543,10 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */
- 
- 	if (length) {
- 		/* spurious leftover data */
-		zlog_info(
-			"Tunnel Encap attribute length is bad: %d leftover octets",
-			length);
-		bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR,
-					  BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
-					  startp, total);
-		return -1;
-+		zlog_err("Tunnel Encap attribute length is bad: %d leftover octets",
-+			 length);
-+		return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
-+					  args->total);
- 	}
- 
- 	return 0;
-@@ -3396,8 +3386,7 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr,
- 		case BGP_ATTR_VNC:
- #endif
- 		case BGP_ATTR_ENCAP:
-			ret = bgp_attr_encap(type, peer, length, attr, flag,
-					     startp);
-+			ret = bgp_attr_encap(&attr_args);
- 			break;
- 		case BGP_ATTR_PREFIX_SID:
- 			ret = bgp_attr_prefix_sid(&attr_args);
--- a/SOURCES/0017-fix-crash-in-plist-update.patch
+++ b/SOURCES/0017-fix-crash-in-plist-update.patch
@ -1,48 +0,0 @@
-From 0f9e4c4a36cf2b0dd585a7ef97acccb8eebdf7bd Mon Sep 17 00:00:00 2001
-From: Chirag Shah <chirag@nvidia.com>
-Date: Mon, 25 Jan 2021 11:44:56 -0800
-Subject: [PATCH] lib: fix a crash in plist update
-
-Problem:
-Prefix-list with mulitiple rules, an update to
-a rule/sequence with different prefix/prefixlen
-reset prefix-list next-base pointer to avoid
-having stale value.
-
-In some case the old next-bast's reference leads
-to an assert in tri (trie_install_fn ) add.
-
-bt:
-(object=0x55576a4c8a00, updptr=0x55576a4b97e0) at lib/plist.c:560
-(plist=0x55576a4a1770, pentry=0x55576a4c8a00) at lib/plist.c:585
-(ple=0x55576a4c8a00) at lib/plist.c:745
-(args=0x7fffe04beb50) at lib/filter_nb.c:1181
-
-Solution:
-Reset prefix-list next-base pointer whenver a
-sequence/rule is updated.
-
-Ticket:CM-33109
-Testing Done:
-
-Signed-off-by: Chirag Shah <chirag@nvidia.com>
-Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
-(cherry picked from commit f7f101156eb0e225f375f12cf4f863ebbe3fed03)
---
- lib/plist.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/lib/plist.c b/lib/plist.c
-index 981e86e2a..c746d1946 100644
--- a/lib/plist.c
-+++ b/lib/plist.c
-@@ -684,6 +684,7 @@ void prefix_list_entry_update_start(struct prefix_list_entry *ple)
- 	if (pl->head || pl->tail || pl->desc)
- 		pl->master->recent = pl;
- 
-+	ple->next_best = NULL;
- 	ple->installed = false;
- }
- 
-- 
-2.41.0
--- a/SOURCES/0018-CVE-2023-38406.patch
+++ b/SOURCES/0018-CVE-2023-38406.patch
@ -1,34 +0,0 @@
-From 0b999c886e241c52bd1f7ef0066700e4b618ebb3 Mon Sep 17 00:00:00 2001
-From: Donald Sharp <sharpd@nvidia.com>
-Date: Thu, 23 Feb 2023 13:29:32 -0500
-Subject: [PATCH] bgpd: Flowspec overflow issue
-
-According to the flowspec RFC 8955 a flowspec nlri is <length, <nlri data>>
-Specifying 0 as a length makes BGP get all warm on the inside.  Which
-in this case is not a good thing at all.  Prevent warmth, stay cold
-on the inside.
-
-Reported-by: Iggy Frankovic <iggyfran@amazon.com>
-Signed-off-by: Donald Sharp <sharpd@nvidia.com>
---
- bgpd/bgp_flowspec.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
-index 8d5ca5e77779..f9debe43cd45 100644
--- a/bgpd/bgp_flowspec.c
-+++ b/bgpd/bgp_flowspec.c
-@@ -127,6 +127,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
- 				psize);
- 			return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
- 		}
-+
-+		if (psize == 0) {
-+			flog_err(EC_BGP_FLOWSPEC_PACKET,
-+				 "Flowspec NLRI length 0 which makes no sense");
-+			return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
-+		}
-+
- 		if (bgp_fs_nlri_validate(pnt, psize, afi) < 0) {
- 			flog_err(
- 				EC_BGP_FLOWSPEC_PACKET,
--- a/SOURCES/0019-CVE-2023-38407.patch
+++ b/SOURCES/0019-CVE-2023-38407.patch
@ -1,54 +0,0 @@
-From 7404a914b0cafe046703c8381903a80d3def8f8b Mon Sep 17 00:00:00 2001
-From: Donald Sharp <sharpd@nvidia.com>
-Date: Fri, 3 Mar 2023 21:58:33 -0500
-Subject: [PATCH] bgpd: Fix use beyond end of stream of labeled unicast parsing
-
-Fixes a couple crashes associated with attempting to read
-beyond the end of the stream.
-
-Reported-by: Iggy Frankovic <iggyfran@amazon.com>
-Signed-off-by: Donald Sharp <sharpd@nvidia.com>
---
- bgpd/bgp_label.c | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/bgpd/bgp_label.c b/bgpd/bgp_label.c
-index 0cad119af101..c4a5277553ba 100644
--- a/bgpd/bgp_label.c
-+++ b/bgpd/bgp_label.c
-@@ -297,6 +297,9 @@ static int bgp_nlri_get_labels(struct peer *peer, uint8_t *pnt, uint8_t plen,
- 	uint8_t llen = 0;
- 	uint8_t label_depth = 0;
- 
-+	if (plen < BGP_LABEL_BYTES)
-+		return 0;
-+
- 	for (; data < lim; data += BGP_LABEL_BYTES) {
- 		memcpy(label, data, BGP_LABEL_BYTES);
- 		llen += BGP_LABEL_BYTES;
-@@ -359,6 +362,9 @@ int bgp_nlri_parse_label(struct peer *peer, struct attr *attr,
- 			memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN);
- 			addpath_id = ntohl(addpath_id);
- 			pnt += BGP_ADDPATH_ID_LEN;
-+
-+			if (pnt >= lim)
-+				return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
- 		}
- 
- 		/* Fetch prefix length. */
-@@ -377,6 +383,15 @@ int bgp_nlri_parse_label(struct peer *peer, struct attr *attr,
- 
- 		/* Fill in the labels */
- 		llen = bgp_nlri_get_labels(peer, pnt, psize, &label);
-+		if (llen == 0) {
-+			flog_err(
-+				EC_BGP_UPDATE_RCV,
-+				"%s [Error] Update packet error (wrong label length 0)",
-+				peer->host);
-+			bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR,
-+					BGP_NOTIFY_UPDATE_INVAL_NETWORK);
-+			return BGP_NLRI_PARSE_ERROR_LABEL_LENGTH;
-+		}
- 		p.prefixlen = prefixlen - BSIZE(llen);
- 
- 		/* There needs to be at least one label */
--- a/SOURCES/0022-route-map-event.patch
+++ b/SOURCES/0022-route-map-event.patch
@ -1,47 +0,0 @@
-From 4fc5dafd1c8167a98e3a5f51efc1ea5092513364 Mon Sep 17 00:00:00 2001
-From: rgirada <rgirada@vmware.com>
-Date: Thu, 18 Feb 2021 20:15:40 -0800
-Subject: [PATCH] lib: Routemap is not getting applied upon changing the
- routemap action
-
-Description:
-	This looks broken after NB changes in routemap. When routemap
-	action modified from permit to deny, it is expected to apply
-	the new action on the filtered routes before the action in the
-	routemap data structure has been changed. But currently this is
-	not handled by the corresponding northbound API.
-
-Signed-off-by: Rajesh Girada <rgirada@vmware.com>
---
- lib/routemap_northbound.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/lib/routemap_northbound.c b/lib/routemap_northbound.c
-index db06e9caac75..3473ca2aea8c 100644
--- a/lib/routemap_northbound.c
-+++ b/lib/routemap_northbound.c
-@@ -271,6 +271,7 @@ lib_route_map_entry_description_destroy(struct nb_cb_destroy_args *args)
- static int lib_route_map_entry_action_modify(struct nb_cb_modify_args *args)
- {
- 	struct route_map_index *rmi;
-+	struct route_map *map;
- 
- 	switch (args->event) {
- 	case NB_EV_VALIDATE:
-@@ -281,7 +282,15 @@ static int lib_route_map_entry_action_modify(struct nb_cb_modify_args *args)
- 	case NB_EV_APPLY:
- 		rmi = nb_running_get_entry(args->dnode, NULL, true);
- 		rmi->type = yang_dnode_get_enum(args->dnode, NULL);
-		/* TODO: notify? */
-+		map = rmi->map;
-+
-+		/* Execute event hook. */
-+		if (route_map_master.event_hook) {
-+			(*route_map_master.event_hook)(map->name);
-+			route_map_notify_dependencies(map->name,
-+						      RMAP_EVENT_CALL_ADDED);
-+		}
-+
- 		break;
- 	}
- 
--- a/SOURCES/0025-CVE-2023-31490.patch
+++ b/SOURCES/0025-CVE-2023-31490.patch
@ -1,150 +0,0 @@
-From 06431bfa7570f169637ebb5898f0b0cc3b010802 Mon Sep 17 00:00:00 2001
-From: Donald Sharp <sharpd@nvidia.com>
-Date: Tue, 6 Dec 2022 10:23:11 -0500
-Subject: [PATCH] bgpd: Ensure stream received has enough data
-
-BGP_PREFIX_SID_SRV6_L3_SERVICE attributes must not
-fully trust the length value specified in the nlri.
-Always ensure that the amount of data we need to read
-can be fullfilled.
-
-Reported-by: Iggy Frankovic <iggyfran@amazon.com>
-Signed-off-by: Donald Sharp <sharpd@nvidia.com>
---
- bgpd/bgp_attr.c | 79 ++++++++++++++++---------------------------------
- 1 file changed, 25 insertions(+), 54 deletions(-)
-
-diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
-index c35e45275c9b..5b06bc391375 100644
--- a/bgpd/bgp_attr.c
-+++ b/bgpd/bgp_attr.c
-@@ -2927,9 +2927,21 @@ bgp_attr_psid_sub(uint8_t type, uint16_t length,
- 	uint16_t endpoint_behavior;
- 	char buf[BUFSIZ];
- 
-+	/*
-+	 * Check that we actually have at least as much data as
-+	 * specified by the length field
-+	 */
-+	if (STREAM_READABLE(peer->curr) < length) {
-+		flog_err(
-+			EC_BGP_ATTR_LEN,
-+			"Prefix SID specifies length %hu, but only %zu bytes remain",
-+			length, STREAM_READABLE(peer->curr));
-+		return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
-+					  args->total);
-+	}
-+
- 	if (type == BGP_PREFIX_SID_LABEL_INDEX) {
-		if (STREAM_READABLE(peer->curr) < length
-		    || length != BGP_PREFIX_SID_LABEL_INDEX_LENGTH) {
-+		if (length != BGP_PREFIX_SID_LABEL_INDEX_LENGTH) {
- 			flog_err(EC_BGP_ATTR_LEN,
- 				 "Prefix SID label index length is %hu instead of %u",
- 				 length, BGP_PREFIX_SID_LABEL_INDEX_LENGTH);
-@@ -2951,12 +2963,8 @@ bgp_attr_psid_sub(uint8_t type, uint16_t length,
- 		/* Store label index; subsequently, we'll check on
- 		 * address-family */
- 		attr->label_index = label_index;
-	}
-
-	/* Placeholder code for the IPv6 SID type */
-	else if (type == BGP_PREFIX_SID_IPV6) {
-		if (STREAM_READABLE(peer->curr) < length
-		    || length != BGP_PREFIX_SID_IPV6_LENGTH) {
-+	} else if (type == BGP_PREFIX_SID_IPV6) {
-+		if (length != BGP_PREFIX_SID_IPV6_LENGTH) {
- 			flog_err(EC_BGP_ATTR_LEN,
- 				 "Prefix SID IPv6 length is %hu instead of %u",
- 				 length, BGP_PREFIX_SID_IPV6_LENGTH);
-@@ -2970,10 +2978,7 @@ bgp_attr_psid_sub(uint8_t type, uint16_t length,
- 		stream_getw(peer->curr);
- 
- 		stream_get(&ipv6_sid, peer->curr, 16);
-	}
-
-	/* Placeholder code for the Originator SRGB type */
-	else if (type == BGP_PREFIX_SID_ORIGINATOR_SRGB) {
-+	} else if (type == BGP_PREFIX_SID_ORIGINATOR_SRGB) {
- 		/*
- 		 * ietf-idr-bgp-prefix-sid-05:
- 		 *     Length is the total length of the value portion of the
-@@ -2998,19 +3003,6 @@ bgp_attr_psid_sub(uint8_t type, uint16_t length,
- 				args->total);
- 		}
- 
-		/*
-		 * Check that we actually have at least as much data as
-		 * specified by the length field
-		 */
-		if (STREAM_READABLE(peer->curr) < length) {
-			flog_err(EC_BGP_ATTR_LEN,
-				 "Prefix SID Originator SRGB specifies length %hu, but only %zu bytes remain",
-				 length, STREAM_READABLE(peer->curr));
-			return bgp_attr_malformed(
-				args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
-				args->total);
-		}
-
- 		/*
- 		 * Check that the portion of the TLV containing the sequence of
- 		 * SRGBs corresponds to a multiple of the SRGB size; to get
-@@ -3034,12 +3026,8 @@ bgp_attr_psid_sub(uint8_t type, uint16_t length,
- 			stream_get(&srgb_base, peer->curr, 3);
- 			stream_get(&srgb_range, peer->curr, 3);
- 		}
-	}
-
-	/* Placeholder code for the VPN-SID Service type */
-	else if (type == BGP_PREFIX_SID_VPN_SID) {
-		if (STREAM_READABLE(peer->curr) < length
-		    || length != BGP_PREFIX_SID_VPN_SID_LENGTH) {
-+	} else if (type == BGP_PREFIX_SID_VPN_SID) {
-+		if (length != BGP_PREFIX_SID_VPN_SID_LENGTH) {
- 			flog_err(EC_BGP_ATTR_LEN,
- 				 "Prefix SID VPN SID length is %hu instead of %u",
- 				 length, BGP_PREFIX_SID_VPN_SID_LENGTH);
-@@ -2601,18 +2589,13 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length,
- 					 sizeof(struct bgp_attr_srv6_vpn));
- 		attr->srv6_vpn->sid_flags = sid_flags;
- 		sid_copy(&attr->srv6_vpn->sid, &ipv6_sid);
-	}
-
-	/* Placeholder code for the SRv6 L3 Service type */
-	else if (type == BGP_PREFIX_SID_SRV6_L3_SERVICE) {
-		if (STREAM_READABLE(peer->curr) < length
-		    || length != BGP_PREFIX_SID_SRV6_L3_SERVICE_LENGTH) {
-			flog_err(EC_BGP_ATTR_LEN,
-				 "Prefix SID SRv6 L3-Service length is %hu instead of %u",
-				 length, BGP_PREFIX_SID_SRV6_L3_SERVICE_LENGTH);
-			return bgp_attr_malformed(args,
-				 BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
-				 args->total);
-+		} else if (type == BGP_PREFIX_SID_SRV6_L3_SERVICE) {
-+			if (STREAM_READABLE(peer->curr) < 1) {
-+				flog_err(EC_BGP_ATTR_LEN,
-+				"Prefix SID SRV6 L3 Service not enough data left, it must be at least 1 byte");
-+			return bgp_attr_malformed(
-+				args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
-+				args->total);
- 		}
- 
- 		/* Parse L3-SERVICE Sub-TLV */
-@@ -2647,17 +2630,6 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length,
- 
- 	/* Placeholder code for Unsupported TLV */
- 	else {
-
-		if (STREAM_READABLE(peer->curr) < length) {
-			flog_err(
-				EC_BGP_ATTR_LEN,
-				"Prefix SID SRv6 length is %hu - too long, only %zu remaining in this UPDATE",
-				length, STREAM_READABLE(peer->curr));
-			return bgp_attr_malformed(
-				args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
-				args->total);
-		}
-
- 		if (bgp_debug_update(peer, NULL, NULL, 1))
- 			zlog_debug(
- 				"%s attr Prefix-SID sub-type=%u is not supported, skipped",
--- a/SOURCES/0026-CVE-2023-41909.patch
+++ b/SOURCES/0026-CVE-2023-41909.patch
@ -1,34 +0,0 @@
-From cfd04dcb3e689754a72507d086ba3b9709fc5ed8 Mon Sep 17 00:00:00 2001
-From: Donald Sharp <sharpd@nvidia.com>
-Date: Wed, 5 Apr 2023 14:57:05 -0400
-Subject: [PATCH] bgpd: Limit flowspec to no attribute means a implicit
- withdrawal
-
-All other parsing functions done from bgp_nlri_parse() assume
-no attributes == an implicit withdrawal.  Let's move
-bgp_nlri_parse_flowspec() into the same alignment.
-
-Reported-by: Matteo Memelli <mmemelli@amazon.it>
-Signed-off-by: Donald Sharp <sharpd@nvidia.com>
---
- bgpd/bgp_flowspec.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c
-index f9debe43cd45..5e1be21402dc 100644
--- a/bgpd/bgp_flowspec.c
-+++ b/bgpd/bgp_flowspec.c
-@@ -98,6 +98,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr,
- 	afi = packet->afi;
- 	safi = packet->safi;
- 
-+	/*
-+	 * All other AFI/SAFI's treat no attribute as a implicit
-+	 * withdraw.  Flowspec should as well.
-+	 */
-+	if (!attr)
-+		withdraw = 1;
-+
- 	if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) {
- 		flog_err(EC_BGP_FLOWSPEC_PACKET,
- 			 "BGP flowspec nlri length maximum reached (%u)",
--- a/SOURCES/0027-dynamic-netlink-buffer.patch
+++ b/SOURCES/0027-dynamic-netlink-buffer.patch
@ -1,267 +0,0 @@
-From 2cf7651f0b1b0123dc5568ebad00ac84a9b3c348 Mon Sep 17 00:00:00 2001
-From: Donald Sharp <sharpd@nvidia.com>
-Date: Wed, 2 Feb 2022 13:28:42 -0500
-Subject: [PATCH] zebra: Make netlink buffer reads resizeable when needed
-
-Currently when the kernel sends netlink messages to FRR
-the buffers to receive this data is of fixed length.
-The kernel, with certain configurations, will send
-netlink messages that are larger than this fixed length.
-This leads to situations where, on startup, zebra gets
-really confused about the state of the kernel.  Effectively
-the current algorithm is this:
-
-read up to buffer in size
-while (data to parse)
-     get netlink message header, look at size
-        parse if you can
-
-The problem is that there is a 32k buffer we read.
-We get the first message that is say 1k in size,
-subtract that 1k to 31k left to parse.  We then
-get the next header and notice that the length
-of the message is 33k.  Which is obviously larger
-than what we read in.  FRR has no recover mechanism
-nor is there a way to know, a priori, what the maximum
-size the kernel will send us.
-
-Modify FRR to look at the kernel message and see if the
-buffer is large enough, if not, make it large enough to
-read in the message.
-
-This code has to be per netlink socket because of the usage
-of pthreads.  So add to `struct nlsock` the buffer and current
-buffer length.  Growing it as necessary.
-
-Fixes: #10404
-Signed-off-by: Donald Sharp <sharpd@nvidia.com>
---
- zebra/kernel_netlink.c | 68 +++++++++++++++++++++++++-----------------
- zebra/kernel_netlink.h |  2 +-
- zebra/zebra_dplane.c   |  4 +++
- zebra/zebra_ns.h       |  3 ++
- 4 files changed, 49 insertions(+), 28 deletions(-)
-
-diff --git a/zebra/kernel_netlink.h b/zebra/kernel_netlink.h
-index ae88f3372b1c..9421ea1c611a 100644
--- a/zebra/kernel_netlink.h
-+++ b/zebra/kernel_netlink.h
-@@ -96,7 +96,7 @@ extern const char *nl_family_to_str(uint8_t family);
- extern const char *nl_rttype_to_str(uint8_t rttype);
- 
- extern int netlink_parse_info(int (*filter)(struct nlmsghdr *, ns_id_t, int),
-			      const struct nlsock *nl,
-+			      struct nlsock *nl,
- 			      const struct zebra_dplane_info *dp_info,
- 			      int count, int startup);
- extern int netlink_talk_filter(struct nlmsghdr *h, ns_id_t ns, int startup);
-diff --git a/zebra/zebra_ns.h b/zebra/zebra_ns.h
-index 0519e1d5b33d..7a0ffbc1ee6f 100644
--- a/zebra/zebra_ns.h
-+++ b/zebra/zebra_ns.h
-@@ -39,6 +39,9 @@ struct nlsock {
- 	int seq;
- 	struct sockaddr_nl snl;
- 	char name[64];
-+
-+	uint8_t *buf;
-+	size_t buflen;
- };
- #endif
- 
-diff --git a/zebra/kernel_netlink.c b/zebra/kernel_netlink.c
-index b8eaeb1..14a40a9 100644
--- a/zebra/kernel_netlink.c
-+++ b/zebra/kernel_netlink.c
-@@ -90,8 +90,6 @@
-  */
- #define NL_DEFAULT_BATCH_SEND_THRESHOLD (15 * NL_PKT_BUF_SIZE)
- 
-#define NL_BATCH_RX_BUFSIZE NL_RCV_PKT_BUF_SIZE
-
- static const struct message nlmsg_str[] = {{RTM_NEWROUTE, "RTM_NEWROUTE"},
- 					   {RTM_DELROUTE, "RTM_DELROUTE"},
- 					   {RTM_GETROUTE, "RTM_GETROUTE"},
-@@ -164,8 +162,6 @@ DEFINE_MTYPE_STATIC(ZEBRA, NL_BUF, "Zebra Netlink buffers")
- size_t nl_batch_tx_bufsize;
- char *nl_batch_tx_buf;
- 
-char nl_batch_rx_buf[NL_BATCH_RX_BUFSIZE];
-
- _Atomic uint32_t nl_batch_bufsize = NL_DEFAULT_BATCH_BUFSIZE;
- _Atomic uint32_t nl_batch_send_threshold = NL_DEFAULT_BATCH_SEND_THRESHOLD;
- 
-@@ -322,6 +318,9 @@ static int netlink_socket(struct nlsock *nl, unsigned long groups,
- 
- 	nl->snl = snl;
- 	nl->sock = sock;
-+	nl->buflen = NL_RCV_PKT_BUF_SIZE;
-+	nl->buf = XMALLOC(MTYPE_NL_BUF, nl->buflen);
-+
- 	return ret;
- }
- 
-@@ -729,19 +728,29 @@ static ssize_t netlink_send_msg(const struct nlsock *nl, void *buf,
-  *
-  * Returns -1 on error, 0 if read would block or the number of bytes received.
-  */
-static int netlink_recv_msg(const struct nlsock *nl, struct msghdr msg,
-			    void *buf, size_t buflen)
-+static int netlink_recv_msg(struct nlsock *nl, struct msghdr *msg)
- {
- 	struct iovec iov;
- 	int status;
- 
-	iov.iov_base = buf;
-	iov.iov_len = buflen;
-	msg.msg_iov = &iov;
-	msg.msg_iovlen = 1;
-+	iov.iov_base = nl->buf;
-+	iov.iov_len = nl->buflen;
-+	msg->msg_iov = &iov;
-+	msg->msg_iovlen = 1;
- 
- 	do {
-		status = recvmsg(nl->sock, &msg, 0);
-+		int bytes;
-+
-+		bytes = recv(nl->sock, NULL, 0, MSG_PEEK | MSG_TRUNC);
-+
-+		if (bytes >= 0 && (size_t)bytes > nl->buflen) {
-+			nl->buf = XREALLOC(MTYPE_NL_BUF, nl->buf, bytes);
-+			nl->buflen = bytes;
-+			iov.iov_base = nl->buf;
-+			iov.iov_len = nl->buflen;
-+		}
-+
-+		status = recvmsg(nl->sock, msg, 0);
- 	} while (status == -1 && errno == EINTR);
- 
- 	if (status == -1) {
-@@ -761,10 +770,10 @@ static int netlink_recv_msg(const struct nlsock *nl, struct msghdr msg,
- 		return -1;
- 	}
- 
-	if (msg.msg_namelen != sizeof(struct sockaddr_nl)) {
-+	if (msg->msg_namelen != sizeof(struct sockaddr_nl)) {
- 		flog_err(EC_ZEBRA_NETLINK_LENGTH_ERROR,
- 			 "%s sender address length error: length %d", nl->name,
-			 msg.msg_namelen);
-+			 msg->msg_namelen);
- 		return -1;
- 	}
- 
-@@ -873,8 +882,7 @@ static int netlink_parse_error(const struct nlsock *nl, struct nlmsghdr *h,
-  *            the filter.
-  */
- int netlink_parse_info(int (*filter)(struct nlmsghdr *, ns_id_t, int),
-		       const struct nlsock *nl,
-		       const struct zebra_dplane_info *zns,
-+		       struct nlsock *nl, const struct zebra_dplane_info *zns,
- 		       int count, int startup)
- {
- 	int status;
-@@ -883,7 +891,6 @@ int netlink_parse_info(int (*filter)(struct nlmsghdr *, ns_id_t, int),
- 	int read_in = 0;
- 
- 	while (1) {
-		char buf[NL_RCV_PKT_BUF_SIZE];
- 		struct sockaddr_nl snl;
- 		struct msghdr msg = {.msg_name = (void *)&snl,
- 				     .msg_namelen = sizeof(snl)};
-@@ -892,14 +899,14 @@ int netlink_parse_info(int (*filter)(struct nlmsghdr *, ns_id_t, int),
- 		if (count && read_in >= count)
- 			return 0;
- 
-		status = netlink_recv_msg(nl, msg, buf, sizeof(buf));
-+		status = netlink_recv_msg(nl, &msg);
- 		if (status == -1)
- 			return -1;
- 		else if (status == 0)
- 			break;
- 
- 		read_in++;
-		for (h = (struct nlmsghdr *)buf;
-+		for (h = (struct nlmsghdr *)nl->buf;
- 		     (status >= 0 && NLMSG_OK(h, (unsigned int)status));
- 		     h = NLMSG_NEXT(h, status)) {
- 			/* Finish of reading. */
-@@ -976,10 +983,10 @@ int netlink_parse_info(int (*filter)(struct nlmsghdr *, ns_id_t, int),
-  */
- static int
- netlink_talk_info(int (*filter)(struct nlmsghdr *, ns_id_t, int startup),
-		  struct nlmsghdr *n, const struct zebra_dplane_info *dp_info,
-+		  struct nlmsghdr *n, struct zebra_dplane_info *dp_info,
- 		  int startup)
- {
-	const struct nlsock *nl;
-+	struct nlsock *nl;
- 
- 	nl = &(dp_info->nls);
- 	n->nlmsg_seq = nl->seq;
-@@ -1067,12 +1074,11 @@ static int nl_batch_read_resp(struct nl_batch *bth)
- 	 * message at a time.
- 	 */
- 	while (true) {
-		status = netlink_recv_msg(nl, msg, nl_batch_rx_buf,
-					  sizeof(nl_batch_rx_buf));
-+		status = netlink_recv_msg(nl, &msg);
- 		if (status == -1 || status == 0)
- 			return status;
- 
-		h = (struct nlmsghdr *)nl_batch_rx_buf;
-+		h = (struct nlmsghdr *)nl->buf;
- 		ignore_msg = false;
- 		seq = h->nlmsg_seq;
- 		/*
-@@ -1506,11 +1512,15 @@ void kernel_terminate(struct zebra_ns *zns, bool complete)
- 	if (zns->netlink.sock >= 0) {
- 		close(zns->netlink.sock);
- 		zns->netlink.sock = -1;
-+		XFREE(MTYPE_NL_BUF, zns->netlink.buf);
-+		zns->netlink.buflen = 0;
- 	}
- 
- 	if (zns->netlink_cmd.sock >= 0) {
- 		close(zns->netlink_cmd.sock);
- 		zns->netlink_cmd.sock = -1;
-+		XFREE(MTYPE_NL_BUF, zns->netlink_cmd.buf);
-+		zns->netlink_cmd.buflen = 0;
- 	}
- 
- 	/* During zebra shutdown, we need to leave the dataplane socket
-@@ -1520,6 +1530,8 @@ void kernel_terminate(struct zebra_ns *zns, bool complete)
- 		if (zns->netlink_dplane.sock >= 0) {
- 			close(zns->netlink_dplane.sock);
- 			zns->netlink_dplane.sock = -1;
-+			XFREE(MTYPE_NL_BUF, zns->netlink_dplane.buf);
-+			zns->netlink_dplane.buflen = 0;
- 		}
- 	}
- }
-diff --git a/zebra/kernel_netlink.c b/zebra/kernel_netlink.c
-index 14a40a9..2b566d4 100644
--- a/zebra/kernel_netlink.c
-+++ b/zebra/kernel_netlink.c
-@@ -779,7 +779,7 @@ static int netlink_recv_msg(struct nlsock *nl, struct msghdr *msg)
- 
- 	if (IS_ZEBRA_DEBUG_KERNEL_MSGDUMP_RECV) {
- 		zlog_debug("%s: << netlink message dump [recv]", __func__);
-		zlog_hexdump(buf, status);
-+		zlog_hexdump(nl->buf, status);
- 	}
- 
- 	return status;
-diff --git a/zebra/kernel_netlink.c b/zebra/kernel_netlink.c
-index 2b566d4..0564a6b 100644
--- a/zebra/kernel_netlink.c
-+++ b/zebra/kernel_netlink.c
-@@ -1060,7 +1060,7 @@ static int nl_batch_read_resp(struct nl_batch *bth)
- 	struct sockaddr_nl snl;
- 	struct msghdr msg = {};
- 	int status, seq;
-	const struct nlsock *nl;
-+	struct nlsock *nl;
- 	struct zebra_dplane_ctx *ctx;
- 	bool ignore_msg;
- 
--- a/SOURCES/frr-sysusers.conf
+++ b/SOURCES/frr-sysusers.conf
@ -0,0 +1,4 @@
+#Type Name   ID     GECOS                        Home directory  Shell
+g     frrvty -
+u     frr    -      "FRRouting routing suite"    /var/run/frr    /sbin/nologin
+m     frr    frrvty
--- a/SOURCES/frr.fc
+++ b/SOURCES/frr.fc
@ -1,4 +1,4 @@
-/usr/libexec/frr/(.*)?        	gen_context(system_u:object_r:frr_exec_t,s0)
+/usr/libexec/frr/(.*)?              gen_context(system_u:object_r:frr_exec_t,s0)

 /usr/lib/systemd/system/frr.*   gen_context(system_u:object_r:frr_unit_file_t,s0)

@ -22,6 +22,7 @@
 /var/lock/subsys/staticd    --  gen_context(system_u:object_r:frr_lock_t,s0)
 /var/lock/subsys/zebra      --  gen_context(system_u:object_r:frr_lock_t,s0)
 /var/lock/subsys/vrrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/pathd      --  gen_context(system_u:object_r:frr_lock_t,s0)

 /var/run/frr(/.*)?              gen_context(system_u:object_r:frr_var_run_t,s0)

--- a/SOURCES/frr.if
+++ b/SOURCES/frr.if
@ -162,45 +162,53 @@ interface(`frr_admin',`
 ')

 ########################################
+#
+# Interface compatibility blocks
+#
+# The following definitions ensure compatibility with distribution policy
+# versions that do not contain given interfaces (epel, or older Fedora
+# releases).
+# Each block tests for existence of given interface and defines it if needed.
+#
+
+######################################
 ## <summary>
-##  Read ifconfig_var_run_t files and link files
+##	Watch ifconfig_var_run_t directories
 ## </summary>
 ## <param name="domain">
-##  <summary>
-##      Domain allowed access.
-##  </summary>
+##	<summary>
+##	Domain allowed access.
+##	</summary>
 ## </param>
 #
-ifndef(`sysnet_read_ifconfig_run',`
-  interface(`sysnet_read_ifconfig_run',`
-    gen_require(`
-      type ifconfig_var_run_t;
-    ')
+ifndef(`sysnet_watch_ifconfig_run',`
+	interface(`sysnet_watch_ifconfig_run',`
+		gen_require(`
+			type ifconfig_var_run_t;
+		')

-    manage_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-    list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-    read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-    read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-  ')
+		watch_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+	')
 ')

 ########################################
 ## <summary>
-##  Read unconfined_t files and dirs
+##	Read ifconfig_var_run_t files and link files
 ## </summary>
 ## <param name="domain">
-##  <summary>
+##	<summary>
 ##      Domain allowed access.
-##  </summary>
+##	</summary>
 ## </param>
 #
-ifndef(`unconfined_read_files',`
-  interface(`unconfined_read_files',`
-    gen_require(`
-      type unconfined_t;
-    ')
+ifndef(`sysnet_read_ifconfig_run',`
+	interface(`sysnet_read_ifconfig_run',`
+		gen_require(`
+			type ifconfig_var_run_t;
+		')

-    allow $1 unconfined_t:file read_file_perms;
-    allow $1 unconfined_t:dir list_dir_perms;
-  ')
+		list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+		read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+		read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+	')
 ')
--- a/SOURCES/frr.te
+++ b/SOURCES/frr.te
@ -31,9 +31,9 @@ files_pid_file(frr_var_run_t)
 #
 # frr local policy
 #
-allow frr_t self:capability { fowner fsetid chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
+allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
 allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
-allow frr_t self:packet_socket create;
+allow frr_t self:packet_socket create_socket_perms;
 allow frr_t self:process { setcap setpgid };
 allow frr_t self:rawip_socket create_socket_perms;
 allow frr_t self:tcp_socket { connect connected_stream_socket_perms };
@ -93,25 +93,23 @@ corenet_tcp_bind_zebra_port(frr_t)
 domain_use_interactive_fds(frr_t)

 fs_read_nsfs_files(frr_t)
-fs_search_cgroup_dirs(frr_t)

 sysnet_exec_ifconfig(frr_t)
 sysnet_read_ifconfig_run(frr_t)
+sysnet_watch_ifconfig_run(frr_t)
+
+ipsec_domtrans_mgmt(frr_t)

 userdom_read_admin_home_files(frr_t)

 init_signal(frr_t)
-init_signal_script(frr_t)
-init_signull_script(frr_t)
+unconfined_server_signull(frr_t)
+allow frr_t unconfined_service_t:process signal;

 optional_policy(`
 	logging_send_syslog_msg(frr_t)
 ')

-optional_policy(`
-  unconfined_read_files(frr_t)
-')
-
 optional_policy(`
 	modutils_exec_kmod(frr_t)
 	modutils_getattr_module_deps(frr_t)
--- a/SOURCES/remove-babeld-ldpd.sh
+++ b/SOURCES/remove-babeld-ldpd.sh
@ -0,0 +1,16 @@
+#!/bin/sh
+#this script is used to remove babled and ldpd from the tar sources
+#Usage: sh remove-babeld-ldpd.sh <VERSION>
+#Example: sh remove-babeld-ldpd.sh 7.3.1 - this is for frr-7.3.1.tar.gz file
+
+VERSION=$1
+TAR=frr-${VERSION}.tar.gz
+DIR=frr-${VERSION}
+
+echo ${VERSION}
+echo ${TAR}
+echo ${DIR}
+
+tar -xzf ${TAR}
+rm -rf ${DIR}/babeld ${DIR}/ldpd
+tar -czf ${TAR} ${DIR}
--- a/SPECS/frr.spec
+++ b/SPECS/frr.spec
@ -1,72 +1,76 @@
-%global frrversion	7.5.1
-%global frr_libdir /usr/libexec/frr
+%global frr_libdir %{_libexecdir}/frr

 %global _hardened_build 1
+%define _legacy_common_support 1
 %global selinuxtype targeted
 %bcond_without selinux

 Name: frr
-Version: 7.5.1
-Release: 22%{?checkout}%{?dist}
+Version: 8.5.3
+Release: 4%{?checkout}%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 URL: http://www.frrouting.org
-Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{frrversion}/%{name}-%{frrversion}.tar.gz
+Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
 Source1: %{name}-tmpfiles.conf
-Source2: frr.fc
-Source3: frr.te
-Source4: frr.if
-BuildRequires: perl-generators
-BuildRequires: gcc
-BuildRequires: net-snmp-devel
-BuildRequires: texinfo libcap-devel autoconf automake libtool patch groff
-BuildRequires: readline readline-devel ncurses ncurses-devel
-BuildRequires: git pam-devel c-ares-devel
-BuildRequires: json-c-devel bison >= 2.7 flex perl-XML-LibXML
-BuildRequires: python3-devel python3-sphinx python3-pytest
-BuildRequires: systemd systemd-devel
-BuildRequires: libyang-devel >= 1.0.184
-Requires: net-snmp ncurses
-Requires(post): systemd /sbin/install-info
-Requires(preun): systemd /sbin/install-info
+Source2: frr-sysusers.conf
+Source3: frr.fc
+Source4: frr.te
+Source5: frr.if
+Source6: remove-babeld-ldpd.sh
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  bison >= 2.7
+BuildRequires:  c-ares-devel
+BuildRequires:  flex
+BuildRequires:  gcc
+BuildRequires:  gcc-c++
+BuildRequires:  git-core
+BuildRequires:  groff
+BuildRequires:  json-c-devel
+BuildRequires:  libcap-devel
+BuildRequires:  libtool
+BuildRequires:  libyang-devel >= 2.0.0
+BuildRequires:  make
+BuildRequires:  ncurses
+BuildRequires:  ncurses-devel
+BuildRequires:  net-snmp-devel
+BuildRequires:  pam-devel
+BuildRequires:  patch
+BuildRequires:  perl-XML-LibXML
+BuildRequires:  perl-generators
+BuildRequires:  python3-devel
+BuildRequires:  python3-pytest
+BuildRequires:  python3-sphinx
+BuildRequires:  readline-devel
+BuildRequires:  systemd-devel
+BuildRequires:  systemd-rpm-macros
+BuildRequires:  texinfo
+
+Requires: net-snmp
+Requires: ncurses
+Requires(post): systemd
+Requires(post): /sbin/install-info
+Requires(post): hostname
+Requires(preun): systemd
+Requires(preun): /sbin/install-info
 Requires(postun): systemd
-Requires: iproute
-Requires: initscripts

 %if 0%{?with_selinux}
 Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
 %endif

+Conflicts: quagga
 Provides: routingdaemon = %{version}-%{release}
-Obsoletes: frr-sysvinit quagga frr-contrib

 Patch0000: 0000-remove-babeld-and-ldpd.patch
-Patch0001: 0001-use-python3.patch
 Patch0002: 0002-enable-openssl.patch
 Patch0003: 0003-disable-eigrp-crypto.patch
 Patch0004: 0004-fips-mode.patch
-Patch0006: 0006-CVE-2020-12831.patch
-Patch0007: 0007-frrinit.patch
-Patch0008: 0008-designated-router.patch
-Patch0009: 0009-routemap.patch
-Patch0010: 0010-moving-executables.patch
-Patch0011: 0011-reload-bfd-profile.patch
-Patch0012: 0012-graceful-restart.patch
-Patch0013: 0013-CVE-2022-37032.patch
-Patch0014: 0014-bfd-profile-crash.patch
-Patch0015: 0015-max-ttl-reload.patch
-Patch0016: 0016-CVE-2023-38802.patch
-Patch0017: 0017-fix-crash-in-plist-update.patch
-Patch0018: 0018-CVE-2023-38406.patch
-Patch0019: 0019-CVE-2023-38407.patch
-Patch0020: 0020-CVE-2023-47234.patch
-Patch0021: 0021-CVE-2023-47235.patch
-Patch0022: 0022-route-map-event.patch
-Patch0023: 0023-CVE-2023-46752.patch
-Patch0024: 0024-CVE-2023-46753.patch
-Patch0025: 0025-CVE-2023-31490.patch
-Patch0026: 0026-CVE-2023-41909.patch
-Patch0027: 0027-dynamic-netlink-buffer.patch
+Patch0005: 0005-CVE-2023-47235.patch
+Patch0006: 0006-CVE-2023-47234.patch
+Patch0007: 0007-CVE-2023-46752.patch
+Patch0008: 0008-CVE-2023-46753.patch

 %description
 FRRouting is free software that manages TCP/IP based routing protocols. It takes
@ -79,11 +83,11 @@ FRRouting is a fork of Quagga.

 %if 0%{?with_selinux}
 %package selinux
-Summary:       Selinux policy for FRR
-BuildArch:     noarch
-Requires:      selinux-policy-%{selinuxtype}
-Requires(post):        selinux-policy-%{selinuxtype}
-BuildRequires: selinux-policy-devel
+Summary:        Selinux policy for FRR
+BuildArch:      noarch
+Requires:       selinux-policy-%{selinuxtype}
+Requires(post): selinux-policy-%{selinuxtype}
+BuildRequires:  selinux-policy-devel
 %{?selinux_requires}

 %description selinux
@ -93,9 +97,8 @@ SELinux policy modules for FRR package

 %prep
 %autosetup -S git
-#SELinux
 mkdir selinux
-cp -p %{SOURCE2} %{SOURCE3} %{SOURCE4} selinux
+cp -p %{SOURCE3} %{SOURCE4} %{SOURCE5} selinux

 %build
 autoreconf -ivf
@ -106,11 +109,11 @@ autoreconf -ivf
    --libdir=%{_libdir}/frr \
    --libexecdir=%{_libexecdir}/frr \
    --localstatedir=%{_localstatedir}/run/frr \
-    --enable-snmp=agentx \
    --enable-multipath=64 \
    --enable-vtysh=yes \
-    --enable-ospfclient=no \
-    --enable-ospfapi=no \
+    --disable-ospfclient \
+    --disable-ospfapi \
+    --enable-snmp=agentx \
    --enable-user=frr \
    --enable-group=frr \
    --enable-vty-group=frrvty \
@ -130,7 +133,6 @@ pushd doc
 make info
 popd

-#SELinux policy
 %if 0%{?with_selinux}
 make -C selinux -f %{_datadir}/selinux/devel/Makefile %{name}.pp
 bzip2 -9 selinux/%{name}.pp
@ -150,39 +152,36 @@ mkdir -p %{buildroot}%{_tmpfilesdir}
 rm -rf %{buildroot}/usr/share/info/dir

 install -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf
-install -p -m 644 %{_builddir}/%{name}-%{frrversion}/tools/etc/frr/daemons %{buildroot}/etc/frr/daemons
-install -p -m 644 %{_builddir}/%{name}-%{frrversion}/tools/frr.service %{buildroot}%{_unitdir}/frr.service
-install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/frrinit.sh %{buildroot}%{frr_libdir}/frr
-install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh
-install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh
+install -p -m 644 tools/etc/frr/daemons %{buildroot}/etc/frr/daemons
+install -p -m 644 tools/frr.service %{buildroot}%{_unitdir}/frr.service
+install -p -m 755 tools/frrinit.sh %{buildroot}%{frr_libdir}/frr
+install -p -m 755 tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh
+install -p -m 755 tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh

-install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.logrotate %{buildroot}/etc/logrotate.d/frr
-install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.pam %{buildroot}/etc/pam.d/frr
+install -p -m 644 redhat/frr.logrotate %{buildroot}/etc/logrotate.d/frr
+install -p -m 644 redhat/frr.pam %{buildroot}/etc/pam.d/frr
 install -d -m 775 %{buildroot}/run/frr

+install -p -D -m 0644 %{SOURCE2} ${RPM_BUILD_ROOT}/%{_sysusersdir}/frr.conf
+
 %if 0%{?with_selinux}
 install -D -m 644 selinux/%{name}.pp.bz2 \
-       %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
+        %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
 install -D -m 644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if
 %endif

-rm %{buildroot}%{_libdir}/frr/*.la
-rm %{buildroot}%{_libdir}/frr/modules/*.la
+# Delete libtool archives
+find %{buildroot} -type f -name "*.la" -delete -print

 #Upstream does not maintain a stable API, these headers from -devel subpackage are no longer needed
 rm %{buildroot}%{_libdir}/frr/*.so
 rm -r %{buildroot}%{_includedir}/frr/

 %pre
-getent group fttvty >/dev/null 2>&1 || groupadd -r frrvty >/dev/null 2>&1 || :
-getent group frr >/dev/null 2>&1 || groupadd -r frr >/dev/null 2>&1 || :
-getent passwd frr >/dev/null 2>&1 || useradd -M -r -g frr -s /sbin/nologin \
- -c "FRRouting suite" -d %{_localstatedir}/run/frr frr || :
-usermod -aG frrvty frr
+%sysusers_create_compat %{SOURCE2}
+exit 0

 %post
-#Because we move files to /usr/libexec, we need to reload .service files as well
-/usr/bin/systemctl daemon-reload
 %systemd_post frr.service

 if [ -f %{_infodir}/%{name}.inf* ]; then
@ -190,39 +189,37 @@ if [ -f %{_infodir}/%{name}.inf* ]; then
 fi

 # Create dummy files if they don't exist so basic functions can be used.
-if [ ! -e %{_sysconfdir}/frr/zebra.conf ]; then
-    echo "hostname `hostname`" > %{_sysconfdir}/frr/zebra.conf
-    chown frr:frr %{_sysconfdir}/frr/zebra.conf
-    chmod 640 %{_sysconfdir}/frr/zebra.conf
+# Only create frr.conf when first installing, otherwise it can change
+# the behavior of the package
+if [ $1 -eq 1 ]; then
+    if [ ! -e %{_sysconfdir}/frr/frr.conf ]; then
+        echo "hostname `hostname`" > %{_sysconfdir}/frr/frr.conf
+        chown frr:frr %{_sysconfdir}/frr/frr.conf
+        chmod 640 %{_sysconfdir}/frr/frr.conf
+    fi
 fi

+#still used by vtysh, this way no error is produced when using vtysh
 if [ ! -e %{_sysconfdir}/frr/vtysh.conf ]; then
-    echo 'no service integrated-vtysh-config' > %{_sysconfdir}/frr/vtysh.conf
+    touch %{_sysconfdir}/frr/vtysh.conf
    chmod 640 %{_sysconfdir}/frr/vtysh.conf
    chown frr:frrvty %{_sysconfdir}/frr/vtysh.conf
 fi

-#Making sure that the old format of config file still works
-#Checking whether .rpmnew conf file is present - in that case I want to change the old config
-if [ -e %{_sysconfdir}/frr/daemons.rpmnew ]; then
-    sed -i s'/watchfrr_/#watchfrr_/g' %{_sysconfdir}/frr/daemons
-    sed -i s'/zebra=/#zebra=/g' %{_sysconfdir}/frr/daemons
-fi

 %postun
 %systemd_postun_with_restart frr.service

-#only when removing the package
-if [ $1 -ge 0 ]; then 
+%preun
+%systemd_preun frr.service
+
+#only when removing frr
+if [ $1 -eq 0 ]; then
 	if [ -f %{_infodir}/%{name}.inf* ]; then
    	install-info --delete %{_infodir}/frr.info %{_infodir}/dir || :
 	fi
 fi

-%preun
-%systemd_preun frr.service
-
-#SELinux
 %if 0%{?with_selinux}
 %pre selinux
 %selinux_relabel_pre -s %{selinuxtype}
@ -232,8 +229,8 @@ fi
 %selinux_relabel_post -s %{selinuxtype}
 #/var/tmp and /var/run need to be relabeled as well if FRR is running before upgrade
 if [ $1 == 2 ]; then
-	%{_sbindir}/restorecon -R /var/tmp/frr &> /dev/null
-	%{_sbindir}/restorecon -R /var/run/frr &> /dev/null
+    %{_sbindir}/restorecon -R /var/tmp/frr &> /dev/null
+    %{_sbindir}/restorecon -R /var/run/frr &> /dev/null
 fi

 %postun selinux
@ -241,7 +238,6 @@ if [ $1 -eq 0 ]; then
    %selinux_modules_uninstall -s %{selinuxtype} %{name}
    %selinux_relabel_post -s %{selinuxtype}
 fi
-
 %endif

 %check
@ -250,16 +246,8 @@ make check PYTHON=%{__python3}
 %files
 %defattr(-,root,root)
 %license COPYING
-%doc zebra/zebra.conf.sample
-%doc isisd/isisd.conf.sample
-%doc ripd/ripd.conf.sample
-%doc bgpd/bgpd.conf.sample*
-%doc ospfd/ospfd.conf.sample
-%doc ospf6d/ospf6d.conf.sample
-%doc ripngd/ripngd.conf.sample
-%doc pimd/pimd.conf.sample
 %doc doc/mpls
-%dir %attr(740,frr,frr) %{_sysconfdir}/frr
+%dir %attr(750,frr,frr) %{_sysconfdir}/frr
 %dir %attr(755,frr,frr) /var/log/frr
 %dir %attr(755,frr,frr) /run/frr
 %{_infodir}/*info*
@ -269,7 +257,7 @@ make check PYTHON=%{__python3}
 %{_bindir}/*
 %dir %{_libdir}/frr
 %{_libdir}/frr/*.so.*
-%dir %{_libdir}/frr/modules/
+%dir %{_libdir}/frr/modules
 %{_libdir}/frr/modules/*
 %config(noreplace) %attr(644,root,root) /etc/logrotate.d/frr
 %config(noreplace) %attr(644,frr,frr) /etc/frr/daemons
@ -278,6 +266,7 @@ make check PYTHON=%{__python3}
 %dir /usr/share/yang
 /usr/share/yang/*.yang
 %{_tmpfilesdir}/%{name}.conf
+%{_sysusersdir}/frr.conf

 %if 0%{?with_selinux}
 %files selinux
@ -287,137 +276,177 @@ make check PYTHON=%{__python3}
 %endif

 %changelog
-* Wed Feb 07 2024 Michal Ruprich <mruprich@redhat.com> - 7.5.1-22
- Resolves: RHEL-22303 - Zebra not fetching host routes
+* Mon Feb 05 2024 Michal Ruprich <mruprich@redhat.com> - 8.5.3-4
+- Resolves: RHEL-14825 - crafted BGP UPDATE message leading to a crash

-* Wed Feb 07 2024 Michal Ruprich <mruprich@redhat.com> - 7.5.1-21
- Resolves: RHEL-2216 - NULL pointer dereference
+* Mon Feb 05 2024 Michal Ruprich <mruprich@redhat.com> - 8.5.3-3
+- Resolves: RHEL-14822 - mishandled malformed data leading to a crash

-* Wed Feb 07 2024 Michal Ruprich <mruprich@redhat.com> - 7.5.1-20
- Resolves: RHEL-4797 - missing length check in bgp_attr_psid_sub() can lead do DoS
+* Mon Dec 18 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.3-2
+- Resolves: RHEL-15915 - crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message
+- Resolves: RHEL-15918 - crash from malformed EOR-containing BGP UPDATE message

-* Mon Feb 05 2024 Michal Ruprich <mruprich@redhat.com> - 7.5.1-19
- Resolves: RHEL-14824 - crafted BGP UPDATE message leading to a crash
+* Thu Nov 23 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.3-1
+- Resolves: RHEL-15291 - Rebase FRR to version 8.5.3 in RHEL9

-* Mon Feb 05 2024 Michal Ruprich <mruprich@redhat.com> - 7.5.1-18
- Resolves: RHEL-14821 - mishandled malformed data leading to a crash
+* Fri Oct 13 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-12
+- Resolves: RHEL-3541 - Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router

-* Tue Dec 19 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-17
- Resolves: RHEL-6583 - Routes are not refreshed after changing the inbound route rules from deny to permit
+* Thu Sep 21 2023 Carlos Goncalves <cgoncalves@redhat.com> - 8.3.1-11
+- Resolves: RHEL-2263 - bgpd: Do not explicitly print MAXTTL value for ebgp-multihop vty output

-* Tue Dec 19 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-16
- Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c
- Resolves: RHEL-15919 - Out of bounds read in bgpd/bgp_label.c
- Resolves: RHEL-15869 - crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message
- Resolves: RHEL-15868 - crash from malformed EOR-containing BGP UPDATE message
+* Thu Aug 10 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-10
+- Related: #2216912 - adding sys_admin to capabilities

-* Thu Oct 19 2023 Andreas Karis <akaris@redhat.com> - 7.5.1-15
- Resolves: RHEL-12039 - crash in plist update
+* Tue Aug 08 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-9
+- Resolves: #2215346 - frr policy does not allow the execution of /usr/sbin/ipsec

-* Fri Oct 13 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-14
- Resolves: RHEL-6617 - Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router
+* Mon Aug 07 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-8
+- Resolves: #2216912 - SELinux is preventing FRR-Zebra to access to network namespaces

-* Tue Oct 10 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-13
- Resolves: RHEL-2263 - eBGP multihop peer flapping due to delta miscalculation of new configuration
+* Wed Jun 07 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-7
+- Resolves: #2168855 - BFD not working through VRF

-* Wed Aug 23 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-12
- Resolves: #2216911 - Adding missing sys_admin SELinux call
+* Tue May 23 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-6
+- Resolves: #2184870 - Reachable assertion in peek_for_as4_capability function
+- Resolves: #2196795 - denial of service by crafting a BGP OPEN message with an option of type 0xff
+- Resolves: #2196796 - denial of service by crafting a BGP OPEN message with an option of type 0xff
+- Resolves: #2196794 - out-of-bounds read exists in the BGP daemon of FRRouting

-* Mon Aug 21 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-11
- Related: #2216911 - Adding unconfined_t type to access namespaces
+* Mon Nov 28 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-5
+- Resolves: #2147522 - It is not possible to run FRR as a non-root user

-* Thu Aug 17 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-10
- Related: #2226803 - Adding patch
+* Thu Nov 24 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-4
+- Resolves: #2144500 - AVC error when reloading FRR with provided reload script

-* Wed Aug 16 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-9
- Resolves: #2226803 - BFD crash in FRR running in MetalLB
+* Wed Oct 19 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-3
+- Related: #2129743 - Adding missing rules for vtysh and other daemons

-* Fri Aug 11 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-8
- Resolves: #2216911 - SELinux is preventing FRR-Zebra to access to network namespaces
+* Mon Oct 17 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-2
+- Resolves: #2128738 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service

-* Wed Nov 30 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-7
- Resolves: #2128737 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service
+* Thu Oct 13 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-1
+- Resolves: #2129731 - Rebase FRR to the latest version
+- Resolves: #2129743 - Add targeted SELinux policy for FRR
+- Resolves: #2127494 - BGP incorrectly withdraws routes on graceful restart capable routers 

-* Tue Nov 29 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-6
- Resolves: #1939516 - frr service cannot reload itself, due to executing in the wrong SELinux context
+* Tue Jun 14 2022 Michal Ruprich - 8.2.2-4
+- Resolves: #2095404 - frr use systemd-sysusers

-* Mon Nov 14 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-5
- Resolves: #2127140 - Frr is unable to push routes to the system routing table
+* Tue May 24 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-3
+- Resolves: #2081304 - Enhanced TMT testing for centos-stream

-* Mon Nov 14 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-4
- Resolves: #1948422 - BGP incorrectly withdraws routes on graceful restart capable routers
+* Mon May 02 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-2
+- Resolves: #2069571 - the dynamic routing setup does not work any more

-* Thu Aug 25 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-3
- Resolves: #2054160 - FRR reloader does not disable BFD when unsetting BFD profile
+* Mon May 02 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-1
+- Resolves: #2069563 - Rebase frr to version 8.2.2

-* Wed Aug 24 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-2
- Resolves: #1941765 - AVCs while running frr tests on RHEL 8.4.0 Beta-1.2
- Resolves: #1714984 - SELinux policy (daemons) changes required for package
+* Tue Nov 16 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-5
+- Resolves: #2023318 - Rebuilding for the new json-c library

-* Wed May 11 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-1
- Resolves: #2018451 - Rebase of frr to version 7.5.1
- Resolves: #1975361 - the dynamic routing setup does not work any more
+* Wed Sep 01 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-4
+- Resolves: #1997603 - ospfd not running with ospf opaque-lsa option used

-* Wed Jan 05 2022 Michal Ruprich <mruprich@redhat.com> - 7.5-11
- Resolves: #2034328 - Bfdd crash in metallb CI
+* Mon Aug 16 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-3
+- Related: #1990858 - Fixing prefix-list duplication check

-* Tue Jan 04 2022 Michal Ruprich <mruprich@redhat.com> - 7.5-10
- Resolves: #2020878 - frr ospfd show ip ospf interface does not show designated router info
+* Thu Aug 12 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-2
+- Related: #1990858 - Frr needs higher version of libyang

-* Fri Dec 10 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-9
- Resolves: #2029958 - FRR reloader generating invalid BFD configurations, exits with error
+* Tue Aug 10 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-1
+- Resolves: #1990858 - Possible rebase of frr to version 8.0

-* Tue Nov 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-8
- Resolves: #2021819 - Rebuilding for the new json-c
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.1-7
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688

-* Thu Sep 30 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-7
- Related: #1917269 - Wrong value in gating file
+* Wed Jul 21 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-6
+- Resolves: #1983967 - ospfd crashes in route_node_delete with assertion fail

-* Fri Sep 17 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-6
- Related: #1917269 - Incomplete patch, adding gating rules
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.1-5
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065

-* Thu Sep 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-5
- Resolves: #1979426 - Unable to configure OSPF in multi-instance mode
- Resolves: #1917269 - vtysh running-config output not showing bgp ttl-security hops option
+* Fri Jun 04 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-4
+- Resolves: #1958155 - Upgrading frr unconditionally creates /etc/frr/frr.conf, breaking existing configuration

-* Tue Jan 12 2021 root - 7.5-4
- Related: #1889323 - Fixing start-up with old config file
+* Fri Apr 23 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-3
+- Resolves: #1939456 - /etc/frr permissions are bogus
+- Resolves: #1951303 - FTBFS in CentOS Stream

-* Mon Jan 11 2021 root - 7.5-3
- Related: #1889323 - Reverting to non-integrated cofiguration
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.1-2
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

-* Thu Jan 07 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-2
- Related: #1889323 - Obsoleting frr-contrib
+* Tue Mar 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-1
+- New version 7.5.1
+- Enabling grpc, adding hostname for post scriptlet
+- Moving files to libexec due to selinux issues

-* Thu Jan 07 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-1
- Resolves: #1889323 - [RFE] Rebase FRR to 7.5
+* Tue Feb 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-3
+- Fixing FTBS - icc options are confusing the new gcc

-* Thu Aug 20 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-10
- Resolves: #1867793 - FRR does not conform to the source port range specified in RFC5881
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

-* Thu Aug 20 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-9
- Resolves: #1852476 - default permission issue eases information leaks
+* Fri Jan 01 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-1
+- New version 7.5

-* Tue May 05 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-8
- Resolves: #1819319 - frr fails to start start if the initscripts package is missing
+* Mon Sep 21 2020 Michal Ruprich <mruprich@redhat.com> - 7.4-1
+- New version 7.4

-* Mon May 04 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-7
- Resolves: #1758544 - IGMPv3 queries may lead to DoS
+* Thu Aug 27 2020 Josef Řídký <jridky@redhat.com> - 7.3.1-4
+- Rebuilt for new net-snmp release

-* Tue Mar 10 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-6
- Resolves: #1776342 - frr has missing dependency on iproute
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

-* Tue Sep 03 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-5
- Resolves: #1719465 - Removal of component Frr or its crypto
+* Thu Jun 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3.1-1
+- New version 7.3.1
+- Fixes a couple of bugs(#1832259, #1835039, #1830815, #1830808, #1830806, #1830800, #1830798, #1814773)

-* Wed Jun 19 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-4
- Related: #1657029 - frr-contrib is back, it is breaking the rpmdeplint test
+* Tue May 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-6
+- Removing texi2html, it is not available in Rawhide anymore

-* Wed Jun 19 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-3
- Related: #1657029 - more cleanup, removed frr-contrib, frrvt changed to frrvty
+* Mon May 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-5
+- Rebuild for new version of libyang
+
+* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-4
+- Rebuild (json-c)
+
+* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-3
+- Update json-c-0.14 patch with a solution from upstream
+
+* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-2
+- Add support for upcoming json-c 0.14.0
+
+* Wed Feb 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-1
+- New version 7.3
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Dec 16 2019 Michal Ruprich <mruprich@redhat.com> - 7.2-1
+- New version 7.2
+
+* Tue Nov 12 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-5
+- Rebuilding for new version of libyang
+
+* Mon Oct 07 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-4
+- Adding noreplace to the /etc/frr/daemons file
+
+* Fri Sep 13 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-3
+- New way of finding python version during build
+- Replacing crypto of all routing daemons with openssl
+- Disabling EIGRP crypto because it is broken
+- Disabling crypto in FIPS mode
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Tue Jun 25 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-1
+- New version 7.1

 * Wed Jun 19 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-2
- Related: #1657029 - cleaning specfile, adding Requires on libyang-devel
+- Initial build

-* Wed May 29 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-1
- Resolves: #1657029 - Add FRR as a replacement of Quagga in RHEL 8
				`@ -0,0 +1 @@`
				`5f46099a744058de374dbbf5240d1c4292a143f2 SOURCES/frr-8.5.3.tar.gz`