deleted file mode 100644
@@ -1,33 +0,0 @@
-From a82d704b1ec6ece47b01d12e0e067d4b62b10894 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Wed, 9 Nov 2022 20:24:45 +0100
-Subject: [PATCH] m4/ax_python.m4: check for python-x.y-emded.pc, not
- python-x.y.pc
-
-Only the embed version includes necessary linker flags to link
-with libpython.
-
-Upstream-Status: Backport
-[https://github.com/FRRouting/frr/commit/a82d704b1ec6ece47b01d12e0e067d4b62b10894]
-
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- m4/ax_python.m4 | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/m4/ax_python.m4 b/m4/ax_python.m4
-index 91d12b99b..f5e603b96 100644
---- a/m4/ax_python.m4
-+++ b/m4/ax_python.m4
-@@ -206,7 +206,7 @@ AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
- AC_MSG_CHECKING([whether pkg-config python-${tryver} is available])
- unset PYTHON_CFLAGS
- unset PYTHON_LIBS
-- pkg="python-${tryver}"
-+ pkg="python-${tryver}-embed"
- pkg="${pkg%-}"
- _PKG_CONFIG([PYTHON_CFLAGS], [cflags], [${pkg}])
- _PKG_CONFIG([PYTHON_LIBS], [libs], [${pkg}])
-2.25.1
-
deleted file mode 100644
@@ -1,54 +0,0 @@
-From e61593f2ded104c4c7f01eb93e2b404e93e0c560 Mon Sep 17 00:00:00 2001
-From: harryreps <harryreps@gmail.com>
-Date: Fri, 3 Mar 2023 23:17:14 +0000
-Subject: [PATCH] babeld: fix #11808 to avoid infinite loops
-
-Replacing continue in loops to goto done so that index of packet buffer
-increases.
-
-Signed-off-by: harryreps <harryreps@gmail.com>
-
-CVE: CVE-2023-3748
-
-Upstream-Status: Backport
-[https://github.com/FRRouting/frr/commit/ae1e0e1fed77716bc06f181ad68c4433fb5523d0]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- babeld/message.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/babeld/message.c b/babeld/message.c
-index 7d45d91bf..2bf233796 100644
---- a/babeld/message.c
-+++ b/babeld/message.c
-@@ -439,7 +439,7 @@ parse_packet(const unsigned char *from, struct interface *ifp,
- debugf(BABEL_DEBUG_COMMON,
- "Received Hello from %s on %s that does not have all 0's in the unused section of flags, ignoring",
- format_address(from), ifp->name);
-- continue;
-+ goto done;
- }
-
- /*
-@@ -451,7 +451,7 @@ parse_packet(const unsigned char *from, struct interface *ifp,
- debugf(BABEL_DEBUG_COMMON,
- "Received Unicast Hello from %s on %s that FRR is not prepared to understand yet",
- format_address(from), ifp->name);
-- continue;
-+ goto done;
- }
-
- DO_NTOHS(seqno, message + 4);
-@@ -469,7 +469,7 @@ parse_packet(const unsigned char *from, struct interface *ifp,
- debugf(BABEL_DEBUG_COMMON,
- "Received hello from %s on %s should be ignored as that this version of FRR does not know how to properly handle interval == 0",
- format_address(from), ifp->name);
-- continue;
-+ goto done;
- }
-
- changed = update_neighbour(neigh, seqno, interval);
-2.25.1
-
deleted file mode 100644
@@ -1,106 +0,0 @@
-From 9efd9a47db4f13ebf88c2ffe14301d7441bcb40d Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Tue, 22 Aug 2023 22:52:04 +0300
-Subject: [PATCH 1/2] bgpd: Do not process NLRIs if the attribute length is
- zero
-
-```
-3 0x00007f423aa42476 in __GI_raise (sig=sig@entry=11) at ../sysdeps/posix/raise.c:26
-4 0x00007f423aef9740 in core_handler (signo=11, siginfo=0x7fffc414deb0, context=<optimized out>) at lib/sigevent.c:246
-5 <signal handler called>
-6 0x0000564dea2fc71e in route_set_aspath_prepend (rule=0x564debd66d50, prefix=0x7fffc414ea30, object=0x7fffc414e400)
- at bgpd/bgp_routemap.c:2258
-7 0x00007f423aeec7e0 in route_map_apply_ext (map=<optimized out>, prefix=prefix@entry=0x7fffc414ea30,
- match_object=match_object@entry=0x7fffc414e400, set_object=set_object@entry=0x7fffc414e400, pref=pref@entry=0x0) at lib/routemap.c:2690
-8 0x0000564dea2d277e in bgp_input_modifier (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, attr=attr@entry=0x7fffc414e770,
- afi=afi@entry=AFI_IP, safi=safi@entry=SAFI_UNICAST, rmap_name=rmap_name@entry=0x0, label=0x0, num_labels=0, dest=0x564debdd5130)
- at bgpd/bgp_route.c:1772
-9 0x0000564dea2df762 in bgp_update (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, addpath_id=addpath_id@entry=0,
- attr=0x7fffc414eb50, afi=afi@entry=AFI_IP, safi=<optimized out>, safi@entry=SAFI_UNICAST, type=9, sub_type=0, prd=0x0, label=0x0,
- num_labels=0, soft_reconfig=0, evpn=0x0) at bgpd/bgp_route.c:4374
-10 0x0000564dea2e2047 in bgp_nlri_parse_ip (peer=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50, packet=0x7fffc414eaf0)
- at bgpd/bgp_route.c:6249
-11 0x0000564dea2c5a58 in bgp_nlri_parse (peer=peer@entry=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50,
- packet=packet@entry=0x7fffc414eaf0, mp_withdraw=mp_withdraw@entry=false) at bgpd/bgp_packet.c:339
-12 0x0000564dea2c5d66 in bgp_update_receive (peer=peer@entry=0x7f4238f59010, size=size@entry=109) at bgpd/bgp_packet.c:2024
-13 0x0000564dea2c901d in bgp_process_packet (thread=<optimized out>) at bgpd/bgp_packet.c:2933
-14 0x00007f423af0bf71 in event_call (thread=thread@entry=0x7fffc414ee40) at lib/event.c:1995
-15 0x00007f423aebb198 in frr_run (master=0x564deb73c670) at lib/libfrr.c:1213
-16 0x0000564dea261b83 in main (argc=<optimized out>, argv=<optimized out>) at bgpd/bgp_main.c:505
-```
-
-With the configuration:
-
-```
-frr version 9.1-dev-MyOwnFRRVersion
-frr defaults traditional
-hostname ip-172-31-13-140
-log file /tmp/debug.log
-log syslog
-service integrated-vtysh-config
-!
-debug bgp keepalives
-debug bgp neighbor-events
-debug bgp updates in
-debug bgp updates out
-!
-router bgp 100
- bgp router-id 9.9.9.9
- no bgp ebgp-requires-policy
- bgp bestpath aigp
- neighbor 172.31.2.47 remote-as 200
- !
- address-family ipv4 unicast
- neighbor 172.31.2.47 default-originate
- neighbor 172.31.2.47 route-map RM_IN in
- exit-address-family
-exit
-!
-route-map RM_IN permit 10
- set as-path prepend 200
-exit
-!
-```
-
-The issue is that we try to process NLRIs even if the attribute length is 0.
-
-Later bgp_update() will handle route-maps and a crash occurs because all the
-attributes are NULL, including aspath, where we dereference.
-
-According to the RFC 4271:
-
-A value of 0 indicates that neither the Network Layer
- Reachability Information field nor the Path Attribute field is
- present in this UPDATE message.
-
-But with a fuzzed UPDATE message this can be faked. I think it's reasonable
-to skip processing NLRIs if both update_len and attribute_len are 0.
-
-Reported-by: Iggy Frankovic <iggyfran@amazon.com>
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
-
-Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/28ccc24d38df1d51ed8a563507e5d6f6171fdd38]
-
-CVE: CVE-2023-41358
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- bgpd/bgp_packet.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
-index ec54943f3..3c2e73c59 100644
---- a/bgpd/bgp_packet.c
-+++ b/bgpd/bgp_packet.c
-@@ -1951,7 +1951,7 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size)
- /* Network Layer Reachability Information. */
- update_len = end - stream_pnt(s);
-
-- if (update_len) {
-+ if (update_len && attribute_len) {
- /* Set NLRI portion to structure. */
- nlris[NLRI_UPDATE].afi = AFI_IP;
- nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
-2.35.5
-
deleted file mode 100644
@@ -1,35 +0,0 @@
-From 9ecacf2176d2bac4b90e17d49facb8712c1b467a Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Sun, 20 Aug 2023 22:15:27 +0300
-Subject: [PATCH 2/2] bgpd: Don't read the first byte of ORF header if we are
- ahead of stream
-
-Reported-by: Iggy Frankovic iggyfran@amazon.com
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
-
-Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/9b855a692e68e0d16467e190b466b4ecb6853702]
-
-CVE: CVE-2023-41360
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- bgpd/bgp_packet.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
-index 3c2e73c59..f1d0e54c0 100644
---- a/bgpd/bgp_packet.c
-+++ b/bgpd/bgp_packet.c
-@@ -2375,7 +2375,8 @@ static int bgp_route_refresh_receive(struct peer *peer, bgp_size_t size)
- * and 7 bytes of ORF Address-filter entry from
- * the stream
- */
-- if (*p_pnt & ORF_COMMON_PART_REMOVE_ALL) {
-+ if (p_pnt < p_end &&
-+ *p_pnt & ORF_COMMON_PART_REMOVE_ALL) {
- if (bgp_debug_neighbor_events(peer))
- zlog_debug(
- "%pBP rcvd Remove-All pfxlist ORF request",
-2.35.5
-
similarity index 91%
rename from meta-networking/recipes-protocols/frr/frr_8.4.4.bb
rename to meta-networking/recipes-protocols/frr/frr_9.0.1.bb
@@ -6,18 +6,15 @@ HOMEPAGE = "https://frrouting.org/"
SECTION = "net"
LICENSE = "GPL-2.0-only & LGPL-2.1-only"
-LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
- file://COPYING-LGPLv2.1;md5=4fbd65380cdd255951079008b364516c"
+LIC_FILES_CHKSUM = "file://doc/licenses/GPL-2.0;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+ file://doc/licenses/LGPL-2.1;md5=4fbd65380cdd255951079008b364516c"
-SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.4 \
+SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/9.0 \
file://frr.pam \
- file://0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch \
- file://CVE-2023-3748.patch \
- file://CVE-2023-41358.patch \
- file://CVE-2023-41360.patch \
+ file://0001-tools-make-quiet-actually-suppress-output.patch \
"
-SRCREV = "45e36c0c00a517ad1606135b18c5753e210cfc0d"
+SRCREV = "31ed3dd753d62b5d8916998bc32814007e91364b"
UPSTREAM_CHECK_GITTAGREGEX = "frr-(?P<pver>\d+(\.\d+)+)$"
@@ -28,7 +25,7 @@ S = "${WORKDIR}/git"
inherit autotools-brokensep python3native pkgconfig useradd systemd
DEPENDS:class-native = "bison-native elfutils-native"
-DEPENDS:class-target = "bison-native json-c readline c-ares libyang frr-native"
+DEPENDS:class-target = "bison-native json-c readline c-ares libyang frr-native protobuf-c-native protobuf-c"
RDEPENDS:${PN}:class-target = "iproute2 python3-core bash"
Upgrade FRR to 9.0.1: * drop all existing patches since they are included in 9.0.1 * add a patch fixing (harmless) error messages in log * license files moved to doc/licenses * protobuf-c-native (for protoc) and protobuf-c are now needed Changelogs: https://github.com/FRRouting/frr/releases/tag/frr-9.0.1 https://github.com/FRRouting/frr/commit/31ed3dd753d62b5d8916998bc32814007e91364b https://github.com/FRRouting/frr/releases/tag/frr-9.0 https://github.com/FRRouting/frr/commit/2863e7efbcd0cbfbd41d3be04c660d77df65d0ea Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> --- Build tested and slightly runtested on x86-64 cve_check reports all CVEs as patched ...check-for-python-x.y-emded.pc-not-py.patch | 33 ------ .../frr/frr/CVE-2023-3748.patch | 54 --------- .../frr/frr/CVE-2023-41358.patch | 106 ------------------ .../frr/frr/CVE-2023-41360.patch | 35 ------ .../frr/{frr_8.4.4.bb => frr_9.0.1.bb} | 15 +-- 5 files changed, 6 insertions(+), 237 deletions(-) delete mode 100644 meta-networking/recipes-protocols/frr/frr/0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch delete mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch delete mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch delete mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch rename meta-networking/recipes-protocols/frr/{frr_8.4.4.bb => frr_9.0.1.bb} (91%)