import CS frr10-10.4.3-1.el9

.fmf/version

@@ -1 +0,0 @@
-1

.frr10.metadata

@@ -0,0 +1 @@
+24282b6b36b24a9f70139bd271d2e02894dd4bd0 SOURCES/frr-10.4.3.tar.gz

.gitignore

@@ -1,2 +1 @@
-/frr-10.4.1.tar.gz
-/frr-10.4.3.tar.gz
+SOURCES/frr-10.4.3.tar.gz

0015-fix-CVE-2026-37457.patch

@@ -1,42 +0,0 @@
-From 0e6882bc72c0278988a47b2f0f73b7a91099a25c Mon Sep 17 00:00:00 2001
-From: Jafar Al-Gharaibeh <jafar@atcorp.com>
-Date: Mon, 9 Mar 2026 14:36:22 -0500
-Subject: [PATCH] bgpd: fix off-by-one error in FlowSpec operator array bounds
- check
-
-Change loop > BGP_PBR_MATCH_VAL_MAX to loop >= BGP_PBR_MATCH_VAL_MAX
-in bgp_flowspec_op_decode() and bgp_flowspec_bitmask_decode() to
-prevent writing one element past the end of the mval[] array when
-more than 5 chained operators are present in a FlowSpec component.
-
-Reported-by: Jiahao Lei
-Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
----
- bgpd/bgp_flowspec_util.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/bgpd/bgp_flowspec_util.c b/bgpd/bgp_flowspec_util.c
-index f2da778c2e66..5528a4f6a0e3 100644
---- a/bgpd/bgp_flowspec_util.c
-+++ b/bgpd/bgp_flowspec_util.c
-@@ -274,8 +274,10 @@ int bgp_flowspec_op_decode(enum bgp_flowspec_util_nlri_t type,
- 	}
- 
- 	do {
--		if (loop > BGP_PBR_MATCH_VAL_MAX)
-+		if (loop >= BGP_PBR_MATCH_VAL_MAX) {
- 			*error = -2;
-+			return offset;
-+		}
- 
- 		if (offset >= max_len) {
- 			*error = -1;
-@@ -397,7 +399,7 @@ int bgp_flowspec_bitmask_decode(enum bgp_flowspec_util_nlri_t type,
- 	}
- 
- 	do {
--		if (loop > BGP_PBR_MATCH_VAL_MAX) {
-+		if (loop >= BGP_PBR_MATCH_VAL_MAX) {
- 			*error = -2;
- 			return offset;
- 		}

0016-fix-CVE-2026-37459.patch

@@ -1,30 +0,0 @@
-From 693a2e02687cdc9d16501275e05136edea9650d9 Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Tue, 10 Mar 2026 20:16:10 +0200
-Subject: [PATCH] bgpd: Check if the NHC length is enough to fill TLV value +
- TLV header
-
-BGP_NHC_TLV_MIN_LEN is 4 bytes (TLV code + TLV length), and when we parse TLVs,
-we subtract BGP_NHC_TLV_MIN_LEN as well, so we should include BGP_NHC_TLV_MIN_LEN
-when checking the remaining length too.
-
-Reported-by: Jiahao Lei
-
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
----
- bgpd/bgp_attr.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
-index 6bcf5f690613..b707e0531e94 100644
---- a/bgpd/bgp_attr.c
-+++ b/bgpd/bgp_attr.c
-@@ -3887,7 +3887,7 @@ static int bgp_attr_nhc(struct bgp_attr_parser_args *args)
- 		tlv_code = stream_getw(s);
- 		tlv_length = stream_getw(s);
- 
--		if (length < tlv_length) {
-+		if (length < tlv_length + BGP_NHC_TLV_MIN_LEN) {
- 			zlog_err("%pBP rcvd BGP NHC TLV length %d exceeds remaining length %d",
- 				 peer, tlv_length, length);
- 			bgp_nhc_free(nhc);

SPECS/frr10.spec

@@ -8,7 +8,7 @@
 
 Name: frr10
 Version: 10.4.3
-Release: 3%{?checkout}%{?dist}
+Release: 1%{?checkout}%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 URL: http://www.frrouting.org
@@ -73,10 +73,6 @@ Patch0003: 0003-disable-eigrp-crypto.patch
 Patch0004: 0004-fips-mode.patch
 # Turn off one fuzz test that fails with the new glibc
 Patch0014: 0014-isisd-fuzz-test.patch
-# https://github.com/FRRouting/frr/commit/0e6882bc
-Patch0015: 0015-fix-CVE-2026-37457.patch
-# https://github.com/FRRouting/frr/commit/693a2e02
-Patch0016: 0016-fix-CVE-2026-37459.patch
 
 %description
 FRRouting is free software that manages TCP/IP based routing protocols. It takes
@@ -285,12 +281,6 @@ make check PYTHON=%{__python3}
 %endif
 
 %changelog
-* Thu May 21 2026 Michal Ruprich <mruprich@redhat.com> - 10.4.3-3
-- Resolves: RHEL-174696 - denial of service via crafted BGP UPDATE message
-
-* Thu May 21 2026 Michal Ruprich <mruprich@redhat.com> - 10.4.3-2
-- Resolves: RHEL-174678 - denial of service via crafted FlowSpec component
-
 * Thu Apr 09 2026 Michal Ruprich <mruprich@redhat.com> - 10.4.3-1
 - Resolves: RHEL-157859 - Bump FRR to 10.4.3 to fix EVPN problems
 

ci.fmf

@@ -1 +0,0 @@
-resultsdb-testcase: separate

gating.yaml

@@ -1,25 +0,0 @@
---- !Policy
-product_versions:
-  - fedora-*
-decision_context: bodhi_update_push_testing
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
- 
-#Rawhide
---- !Policy
-product_versions:
-  - fedora-*
-decision_context: bodhi_update_push_stable
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
- 
-#gating rhel
---- !Policy
-product_versions:
-  - rhel-*
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-public.functional}
-  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}

plans.fmf

@@ -1,38 +0,0 @@
-environment+:
-  PACKAGE: frr10
-
-/tier1-internal:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/frr.git
-      name: /plans/frr10/tier1/internal
-
-/tier1-public:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/frr.git
-      name: /plans/frr10/tier1/public
-
-/tier2-tier3-internal:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/frr.git
-      name: /plans/frr10/tier2-tier3/internal
-
-/tier2-tier3-public:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/frr.git
-      name: /plans/frr10/tier2-tier3/public
-
-/others-internal:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/frr.git
-      name: /plans/frr10/others/internal
-
-/others-public:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/frr.git
-      name: /plans/frr10/others/public

rpminspect.yaml

@@ -1,7 +0,0 @@
----
-runpath:
-    allowed_paths:
-        - /usr/lib64/frr
-        - /usr/lib/frr
-inspections:
-    badfuncs: off

sources

@@ -1 +0,0 @@
-SHA512 (frr-10.4.3.tar.gz) = 680227d34c8f55e1336e9c08e14831361128cb5ffdfb20adcf9c0ddcd7b9bb510d5bb9cb4ec16f004faa63c7cb4404367711d7971f7b17037f4f3b1a1f4b53e3