From: David Lamparter Date: Mon, 10 Dec 2018 21:34:49 +0000 (+0100) Subject: debian: make package "official" X-Git-Tag: 7.1_pulled~219^2~35 X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=b3c4c164b5a6652deeddec41502f098846eb63d3;p=mirror%2Ffrr.git debian: make package "official" Move us into place in debian/ Signed-off-by: David Lamparter --- diff --git a/Makefile.am b/Makefile.am index 9e6c53d87c..72db44e190 100644 --- a/Makefile.am +++ b/Makefile.am @@ -124,7 +124,7 @@ include watchfrr/subdir.am include qpb/subdir.am include fpm/subdir.am include tools/subdir.am -include debianpkg/subdir.am +include debian/subdir.am include solaris/subdir.am include bgpd/subdir.am diff --git a/configure.ac b/configure.ac index 710c5e9a52..7a748e9fdf 100755 --- a/configure.ac +++ b/configure.ac @@ -2198,7 +2198,7 @@ AC_CONFIG_FILES([ config.version redhat/frr.spec solaris/Makefile - debianpkg/changelog-auto + debian/changelog-auto alpine/APKBUILD snapcraft/snapcraft.yaml lib/version.h diff --git a/debian/.gitignore b/debian/.gitignore new file mode 100644 index 0000000000..b48b513813 --- /dev/null +++ b/debian/.gitignore @@ -0,0 +1 @@ +/changelog-auto diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000000..47a353310d --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,135 @@ +* SAFETY MEASURES: +================== + +Please consider setting this package "on hold" by typing + echo "frr hold" | dpkg --set-selections +and verifying this using + dpkg --get-selections | grep 'hold$' + +Setting a package "on hold" means that it will not automatically be upgraded. +Instead apt-get only displays a warning saying that a new version would be +available forcing you to explicitly type "apt-get install frr" to upgrade it. + + +* What is frr? +================= + +http://www.frrouting.org/ +FRR is a routing software suite, providing implementations of OSPFv2, +OSPFv3, RIP v1 and v2, RIPng, ISIS, PIM, BGP and LDP for Unix platforms, particularly +FreeBSD and Linux and also NetBSD, to mention a few. FRR is a fork of Quagga +which itself is a fork of Zebra. +Zebra was developed by Kunihiro Ishiguro. + + +* Build Profiles used in the upstream debian/ +============================================= + +The following Build Profiles have been added: + +- pkg.frr.nortrlib (pkg.frr.rtrlib) + controls whether the RPKI module is built. + Will be enabled by default at some point, adds some extra dependencies. + +- pkg.frr.nosnmp (pkg.frr.snmp) + controls whether the SNMP module is built, see below for license issues. + Will remain default-off as long as the license issue persists. + +- pkg.frr.nosystemd + Disables both systemd unit file installation as well as watchfrr sd_notify + support at startup. Removes libsystemd dependency. + +Note that all options have a "no" form; if you want to have your decision +be sticky regardless of changes to what it defaults to, then always use one +of the two. For example, all occurrences of will at some +point be replaced with . + +The main frr package has the exact same contents regardless of rtrlib or snmp +choices. The options only control frr-snmp and frr-rpki-rtrlib packages. + +The main frr package does NOT have the same contents if pkg.frr.nosystemd is +used. This option should only be used for systems that do not have systemd, +e.g. Ubuntu 14.04. + + +* Why has SNMP support been disabled? +===================================== +FRR used to link against the NetSNMP libraries to provide SNMP +support. Those libraries sadly link against the OpenSSL libraries +to provide crypto support for SNMPv3 among others. +OpenSSL now is not compatible with the GNU GENERAL PUBLIC LICENSE (GPL) +licence that FRR is distributed under. For more explanation read: + http://www.gnome.org/~markmc/openssl-and-the-gpl.html + http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs +Updating the licence to explecitly allow linking against OpenSSL +would requite the affirmation of all people that ever contributed +a significant part to Zebra / Quagga or FRR and thus are the collective +"copyright holder". That's too much work. Using a shrinked down +version of NetSNMP without OpenSSL or convincing the NetSNMP people +to change to GnuTLS are maybe good solutions but not reachable +during the last days before the Sarge release :-( + + *BUT* + +It is allowed by the used licence mix that you fetch the sources and +build FRR yourself with SNMP with + # apt-get -b source -Ppkg.frr.snmp frr +Just distributing it in binary form, linked against OpenSSL, is forbidden. + + +* Debian Policy compliance notes +================================ + +- 4.15 Reproducibility + FRR build is reproducible as outlined in version 4.2.1 of the Policy, but + won't be reproducible when the build directory is varied. This is because + configure parameters are burned into the executables which includes CFLAGS + like -fdebug-prefix-map=/build/directory/... + + +* Daemon selection: +=================== + +The Debian package uses /etc/frr/daemons to tell the +initscript which daemons to start. It's in the format += +with no spaces (it's simply source-d into the initscript). +Default is not to start anything, since it can hose your +system's routing table if not set up properly. + +Priorities were suggested by Dancer . +They're used to start the FRR daemons in more than one step +(for example start one or two at network initialization and the +rest later). The number of FRR daemons being small, priorities +must be between 1 and 9, inclusive (or the initscript has to be +changed). /etc/init.d/frr then can be started as + +/etc/init.d/frr > + +where priority 0 is the same as 'stop', priority 10 or 'start' +means 'start all' + + +* Error message "privs_init: initial cap_set_proc failed": +========================================================== + +This error message means that "capability support" has to be built +into the kernel. + + +* Error message "netlink-listen: overrun: No buffer space available": +===================================================================== + +If this message occurs the receive buffer should be increased by adding the +following to /etc/sysctl.conf and "--nl-bufsize" to /etc/frr/daemons. +> net.core.rmem_default = 262144 +> net.core.rmem_max = 262144 +See message #4525 from 2005-05-09 in the quagga-users mailing list. + + +* vtysh immediately exists: +=========================== + +Check /etc/pam.d/frr, it probably denies access to your user. The passwords +configured in /etc/frr/frr.conf are only for telnet access. + diff --git a/debian/README.Maintainer b/debian/README.Maintainer new file mode 100644 index 0000000000..9030022c5e --- /dev/null +++ b/debian/README.Maintainer @@ -0,0 +1,32 @@ +# +# TODO +# + +- check that tests/{control,daemons} actually do something useful and sensible +- /usr/share/doc/frr-doc should be named just frr? +- debian/watch pgpsigurlmangle / signing-key +- multiarch for DSOs? +- frr try-restart + +# +# To check if the patches still apply on new upstream versions: +# +for i in debian/patches/*.diff; do echo -e "#\n# $i\n#"; patch --fuzz=3 --dry-run -p1 < $i; done + +# +# Filename transition from zebra to frr +# + +Files that keep their names + /usr/bin/vtysh + +Files that got an -pj suffix + /etc/default/zebra -> /etc/frr/daemons.conf + /etc/init.d/zebra -> /etc/init.d/frr + /etc/zebra/ -> /etc/frr/ + /usr/share/doc/zebra/ -> /usr/share/doc/frr/ + /var/log/zebra/ -> /var/log/frr/ + /var/run/ -> /var/run/frr/ + +Files that were moved + /usr/sbin/* -> /usr/lib/frr/ diff --git a/debian/changelog b/debian/changelog new file mode 120000 index 0000000000..be6099f8d4 --- /dev/null +++ b/debian/changelog @@ -0,0 +1 @@ +changelog-auto \ No newline at end of file diff --git a/debian/changelog-auto.in b/debian/changelog-auto.in new file mode 100644 index 0000000000..127d7fe147 --- /dev/null +++ b/debian/changelog-auto.in @@ -0,0 +1,1420 @@ +frr (@VERSION@-0) UNRELEASED; urgency=medium + + * autoconf changelog entry -- for git autobuilds only. + remove and replace when creating releases! + (tools/tarsource.sh will handle this) + + -- FRRouting-Dev Thu, 25 Oct 2018 16:36:50 +0200 + +frr (6.0-2) testing; urgency=medium + + * add install-info to build deps + * remove trailing whitespace from control + * cleanup tcp-zebra configure options + * drop unused SMUX client OID MIBs + * remove /proc check + * remove --enable-poll + * remove libtool .la files + * drop texlive-latex-base, texlive-generic-recommended build deps + * consistently allow python2 or python3 + * remove bad USE_* options, add WERROR + * drop libncurses5 dep + * remove backports mechanism + * use better dependency for pythontools (binNMU compatible) + * remove bogus shlib:Depends on frr-dbg + * create frr-snmp and frr-rpki-rtrlib + * make frr-pythontools a "Recommends:" + * use redistclean target + * update to Debian Policy version 4.2.1 + * raise debhelper compat level to 9 + * ditch development-only files + * modernise dh_missing and use fail mode + * disable zeromq and FPM + * always install /etc/init.d/frr + * put frr-doc package in 'doc' section + * install HTML docs, drop tools/ + * fix install for {frr,rfptest,ospfclient} + * add watch file + * change python dependency and shebang to python3:any + * use set -e in maintscripts + * put myself in as maintainer + * update copyright file + * closes: #863249 + + -- David Lamparter Thu, 25 Oct 2018 16:36:50 +0200 + +frr (6.0-1) RELEASED; urgency=medium + + * New Enabled: PIM draft Unnumbered + + -- FRRouting-Dev Wed, 18 Oct 2017 17:01:42 -0700 + +frr (3.0-1) RELEASED; urgency=medium + + * Added Debian 9 Backport + + -- FRRouting-Dev Mon, 16 Oct 2017 03:28:00 -0700 + +frr (3.0-0) RELEASED; urgency=medium + + * New Enabled: BGP Shutdown Message + * New Enabled: BGP Large Community + * New Enabled: BGP RFC 7432 Partial Support w/ Ethernet VPN + * New Enabled: BGP EVPN RT-5 + * New Enabled: LDP RFC 5561 + * New Enabled: LDP RFC 5918 + * New Enabled: LDP RFC 5919 + * New Enabled: LDP RFC 6667 + * New Enabled: LDP RFC 7473 + * New Enabled: OSPF RFC 4552 + * New Enabled: ISIS SPF Backoff draft + * New Enabled: PIM Unnumbered Interfaces + * New Enabled: PIM RFC 4611 + * New Enabled: PIM Sparse Mode + * New Enabled: NHRP RFC 2332 + * New Enabled: Label Manager + * Switched from hardening-wrapper to dpkg-buildflags. + + -- FRRouting-Dev Fri, 13 Oct 2017 16:17:26 -0700 + +frr (2.0-0) RELEASED; urgency=medium + + * Switchover to FRR + + -- FRRouting-Dev Mon, 23 Jan 2017 16:30:22 -0400 + +quagga (0.99.24+cl3u5) RELEASED; urgency=medium + + * Closes: CM-12846 - Resolve Memory leaks in 'show ip bgp neighbor json' + * Closes: CM-5878 - Display all ospf peers with 'show ip ospf neighbor detail all' + * Closes: CM-5794 - Add support for IPv6 static to null0 + * Closes: CM-13060 - Reduce JSON memory usage. + * Closes: CM-10394 - protect 'could not get instance' error messages with debug + * Closes: CM-11173 - Move netlink error messages undeer a debug + * Closes: CM-13328 - Fixes route missing in hardware after reboot + + -- dev-support Fri, 11 Nov 2016 22:13:29 -0400 + +quagga (0.99.24+cl3u4) RELEASED; urgency=medium + + * Closes: CM-12687 - Buffer overflow in zebra RA code + + -- dev-support Wed, 31 Aug 2016 12:36:10 -0400 + +quagga (0.99.24+cl3u3) RELEASED; urgency=medium + + * New Enabled: Merge up-to 0.99.24 code from upstream + * New Enabled: Additional CLI simplification + * New Enabled: Various Bug Fixes + + -- dev-support Thu, 04 Aug 2016 08:43:36 -0700 + +quagga (0.99.23.1-1+cl3u2) RELEASED; urgency=medium + + * New Enabled: VRF - See Documentation for how to use + * New Enabled: Improved interface statistics + * New Enabled: Various vtysh improvements + * New Enabled: Numerous compile warnings and SA fixes + * New Enabled: Improved priviledge handlingA + * New Enabled: Various OSPF CLI fixes + * New Enabled: Prefix-list Performance Improvements. + * New Enabled: Allow more than 1k peers in Quagga + and Performance Improvements + * New Enabled: Systemd integration + * New Enabled: Various ISIS fixes + * New Enabled: BGP MRT improvements + * New Enabled: Lowered default MRAI timers + * New Enabled: Lowered default 'timers connect' + * New Enabled: 'bgp log-neighbor-changes' enabled by default + * New Enabled: BGP default keepalive to 3s and holdtime to 9s + * New Enabled: OSPF spf timers are now '0 50 5000' by default + * New Enabled: BGP hostname is displayed by default + * New Enabled: BGP 'no-as-set' is the default for + 'bgp as-path multipath-relax" + * New Enabled: RA is on by default if using 5549 on an interface + * New Enabled: peer-group restrictions relaxed, update-groups determine + outbund policy anyway + * New Enabled: BGP enabled 'maximum-paths 64' by default + * New Enabled: OSPF "log-adjacency-changes" on by default + * New Enabled: Zebra: Add IPv6 protocol filtering support + * and setting src of IPv6 routes. + * New Enabled: BGP and OSPF JSON commands added. + * New Enabled: BGP Enable multiple instances support by default + * New Enabled: 'banner motd file' command + * New Enabled: Remove bad default passwords from default conf + * New Enabled: BGP addpath TX + * New Enabled: Simplified configuration for BGP Unnumbered + + * New Deprecated: Remove unused 'show memory XXX' functionality + * New Deprecated: Remove babel protocol + + * Closes: CM-10435 Addition on hidden command + "bfd multihop/singlehop" and "ptm-enable" per interface command + * Closes: CM-9974 Get route counts right for show ip route summary + * Closes: CM-9786 BGP memory leak in peer hostname + * Closes: CM-9340 BGP: Ensure correct sequence of processing at exit + * Closes: CM-9270 ripd: Fix crash when a default route is passed to rip + * Closes: CM-9255 BGPD crash around bgp_config_write () + * Closes: CM-9134 ospf6d: Fix for crash when non area 0 network + entered first + * Closes: CM-8934 OSPFv3: Check area before scheduling SPF + * Closes: CM-8514 zebra: Crash upon disabling a link + * Closes: CM-8295 BGP crash in group_announce_route_walkcb + * Closes: CM-8191 BGP: crash in update_subgroup_merge() + * Closes: CM-8015 lib: Memory reporting fails over 2GB + * Closes: CM-7926 BGP: crash from not NULLing freed pointers + + -- dev-support Wed, 04 May 2016 16:22:52 -0700 + +quagga (0.99.23.1-1) unstable; urgency=medium + + * New upstream release + * Added .png figures for info files to quagga-doc package. + * Changed dependency from iproute to iproute2 (thanks to Andreas + Henriksson). Closes: #753736 + * Added texlive-fonts-recommended to build-depends to get ecrm1095 font + (thanks to Christoph Biedl). Closes: #651545 + + -- Christian Brunotte Tue, 30 Sep 2014 00:20:12 +0200 + +quagga (0.99.23-1) unstable; urgency=low + + * New upstream release + * Removed debian/patches/readline-6.3.diff which was already in upstream. + + -- Christian Hammers Tue, 08 Jul 2014 09:15:48 +0200 + +quagga (0.99.22.4-4) unstable; urgency=medium + + * Fix build failure with readline-6.3 (thanks to Matthias Klose). + Closes: #741774 + + -- Christian Hammers Sun, 23 Mar 2014 15:28:42 +0100 + +quagga (0.99.22.4-3) unstable; urgency=low + + * Added status to init script (thanks to Peter J. Holzer). Closes: #730625 + * Init script now sources /lib/lsb/init-functions. + * Switched from hardening-wrapper to dpkg-buildflags. + + -- Christian Hammers Wed, 01 Jan 2014 19:12:01 +0100 + +quagga (0.99.22.4-2) unstable; urgency=low + + * Fixed typo in package description (thanks to Davide Prina). + Closes: #625860 + * Added Italian Debconf translation (thanks to Beatrice Torracca) + Closes: #729798 + + -- Christian Hammers Tue, 26 Nov 2013 00:47:11 +0100 + +quagga (0.99.22.4-1) unstable; urgency=high + + * SECURITY: + "ospfd: CVE-2013-2236, stack overrun in apiserver + + the OSPF API-server (exporting the LSDB and allowing announcement of + Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads + to an exploitable stack overflow. + + For this condition to occur, the following two conditions must be true: + - Quagga is configured with --enable-opaque-lsa + - ospfd is started with the "-a" command line option + + If either of these does not hold, the relevant code is not executed and + the issue does not get triggered." + Closes: #726724 + + * New upstream release + - ospfd: protect vs. VU#229804 (malformed Router-LSA) + (Quagga is said to be non-vulnerable but still adds some protection) + + -- Christian Hammers Thu, 24 Oct 2013 22:58:37 +0200 + +quagga (0.99.22.1-2) unstable; urgency=low + + * Added autopkgtests (thanks to Yolanda Robla). Closes: #710147 + * Added "status" command to init script (thanks to James Andrewartha). + Closes: #690013 + * Added "libsnmp-dev" to Build-Deps. There not needed for the official + builds but for people who compile Quagga themselves to activate the + SNMP feature (which for licence reasons cannot be done by Debian). + Thanks to Ben Winslow). Closes: #694852 + * Changed watchquagga_options to an array so that quotes can finally + be used as expected. Closes: #681088 + * Fixed bug that prevented restarting only the watchquagga daemon + (thanks to Harald Kappe). Closes: #687124 + + -- Christian Hammers Sat, 27 Jul 2013 16:06:25 +0200 + +quagga (0.99.22.1-1) unstable; urgency=low + + * New upstream release + - ospfd restore nexthop IP for p2p interfaces + - ospfd: fix LSA initialization for build without opaque LSA + - ripd: correctly redistribute ifindex routes (BZ#664) + - bgpd: fix lost passwords of grouped neighbors + * Removed 91_ld_as_needed.diff as it was found in the upstream source. + + -- Christian Hammers Mon, 22 Apr 2013 22:21:20 +0200 + +quagga (0.99.22-1) unstable; urgency=low + + * New upstream release. + - [bgpd] The semantics of default-originate route-map have changed. + The route-map is now used to advertise the default route conditionally. + The old behaviour which allowed to set attributes on the originated + default route is no longer supported. + - [bgpd] this version of bgpd implements draft-idr-error-handling. This was + added in 0.99.21 and may not be desirable. If you need a version + without this behaviour, please use 0.99.20.1. There will be a + runtime configuration switch for this in future versions. + - [isisd] is in "beta" state. + - [ospf6d] is in "alpha/experimental" state + - More changes are documented in the upstream changelog! + * debian/watch: Adjusted to new savannah.gnu.org site, thanks to Bart + Martens. + * debian/patches/99_CVE-2012-1820_bgp_capability_orf.diff removed as its + in the changelog. + * debian/patches/99_distribute_list.diff removed as its in the changelog. + * debian/patches/10_doc__Makefiles__makeinfo-force.diff removed as it + was just for Debian woody. + + -- Christian Hammers Thu, 14 Feb 2013 00:22:00 +0100 + +quagga (0.99.21-4) unstable; urgency=medium + + * Fixed regression bug that caused OSPF "distribute-list" statements to be + silently ignored. The patch has already been applied upstream but there + has been no new Quagga release since then. + Thanks to Hans van Kranenburg for reporting. Closes: #697240 + + -- Christian Hammers Sun, 06 Jan 2013 15:50:32 +0100 + +quagga (0.99.21-3) unstable; urgency=high + + * SECURITY: + CVE-2012-1820 - Quagga contained a bug in BGP OPEN message handling. + A denial-of-service condition could be caused by an attacker controlling + one of the pre-configured BGP peers. In most cases this means, that the + attack must be originated from an adjacent network. Closes: #676510 + + -- Christian Hammers Fri, 08 Jun 2012 01:15:32 +0200 + +quagga (0.99.21-2) unstable; urgency=low + + * Renamed babeld.8 to quagga-babeld.8 as it conflicted with the + original mapage of the babeld package which users might want to + install in parallel as it is slightly more capable. Closes: #671916 + + -- Christian Hammers Thu, 10 May 2012 07:53:01 +0200 + +quagga (0.99.21-1) unstable; urgency=low + + * New upstream release + - [bgpd] BGP multipath support has been merged + - [bgpd] SAFI (Multicast topology) support has been extended to propagate + the topology to zebra. + - [bgpd] AS path limit functionality has been removed + - [babeld] a new routing daemon implementing the BABEL ad-hoc mesh routing + protocol has been merged. + - [isisd] a major overhaul has been picked up. Please note that isisd is + STILL NOT SUITABLE FOR PRODUCTION USE. + - a lot of bugs have been fixed + * Added watchquagga daemon. + * Added DEP-3 conforming patch comments. + + -- Christian Hammers Sun, 06 May 2012 15:33:33 +0200 + +quagga (0.99.20.1-1) unstable; urgency=high + + * SECURITY: + CVE-2012-0249 - Quagga ospfd DoS on malformed LS-Update packet + CVE-2012-0250 - Quagga ospfd DoS on malformed Network-LSA data + CVE-2012-0255 - Quagga bgpd DoS on malformed OPEN message + * New upstream release. Closes: #664033 + + -- Christian Hammers Fri, 16 Mar 2012 22:14:05 +0100 + +quagga (0.99.20-4) unstable; urgency=low + + * Switch to dpkg-source 3.0 (quilt) format. + * Switch to changelog-format-1.0. + + -- Christian Hammers Sat, 25 Feb 2012 18:52:06 +0100 + +quagga (0.99.20-3) unstable; urgency=low + + * Added --sysconfdir back to the configure options (thanks to Sven-Haegar + Koch). Closes: #645649 + + -- Christian Hammers Tue, 18 Oct 2011 00:24:37 +0200 + +quagga (0.99.20-2) unstable; urgency=low + + * Bumped standards version to 0.9.2. + * Migrated to "dh" build system. + * Added quagga-dbg package. + + -- Christian Hammers Fri, 14 Oct 2011 23:59:26 +0200 + +quagga (0.99.20-1) unstable; urgency=low + + * New upstream release: + "The primary focus of this release is a fix of SEGV regression in ospfd, + which was introduced in 0.99.19. It also features a series of minor + improvements, including better RFC compliance in bgpd, better support + of FreeBSD and some enhancements to isisd." + * Fixes off-by-one bug (removed 20_ospf6_area_argv.dpatch). Closes: #519488 + + -- Christian Hammers Fri, 30 Sep 2011 00:59:24 +0200 + +quagga (0.99.19-1) unstable; urgency=high + + * SECURITY: + "This release provides security fixes, which address assorted + vulnerabilities in bgpd, ospfd and ospf6d (CVE-2011-3323, + CVE-2011-3324, CVE-2011-3325, CVE-2011-3326 and CVE-2011-3327). + * New upstream release. + * Removed incorporated debian/patches/92_opaque_lsa_enable.dpatch. + * Removed incorporated debian/patches/93_opaque_lsa_fix.dpatch. + * Removed obsolete debian/README.Debian.Woody and README.Debian.MD5. + + -- Christian Hammers Tue, 27 Sep 2011 00:16:27 +0200 + +quagga (0.99.18-1) unstable; urgency=low + + * SECURITY: + "This release fixes 2 denial of services in bgpd, which can be remotely + triggered by malformed AS-Pathlimit or Extended-Community attributes. + These issues have been assigned CVE-2010-1674 and CVE-2010-1675. + Support for AS-Pathlimit has been removed with this release." + * Added Brazilian Portuguese debconf translation. Closes: #617735 + * Changed section for quagga-doc from "doc" to "net". + * Added patch to fix FTBFS with latest GCC. Closes: #614459 + + -- Christian Hammers Tue, 22 Mar 2011 23:13:34 +0100 + +quagga (0.99.17-4) unstable; urgency=low + + * Added comment to init script (thanks to Marc Haber). Closes: #599524 + + -- Christian Hammers Thu, 13 Jan 2011 23:53:29 +0100 + +quagga (0.99.17-3) unstable; urgency=low + + * Fix FTBFS with ld --as-needed (thanks to Matthias Klose at Ubuntu). + Closes: #609555 + + -- Christian Hammers Thu, 13 Jan 2011 23:27:06 +0100 + +quagga (0.99.17-2) unstable; urgency=low + + * Added Danisch Debconf translation (thanks to Joe Dalton). Closes: #596259 + + -- Christian Hammers Sat, 18 Sep 2010 12:20:07 +0200 + +quagga (0.99.17-1) unstable; urgency=high + + * SECURITY: + "This release provides two important bugfixes, which address remote crash + possibility in bgpd discovered by CROSS team.": + 1. Stack buffer overflow by processing certain Route-Refresh messages + CVE-2010-2948 + 2. DoS (crash) while processing certain BGP update AS path messages + CVE-2010-2949 + Closes: #594262 + + -- Christian Hammers Wed, 25 Aug 2010 00:52:48 +0200 + +quagga (0.99.16-1) unstable; urgency=low + + * New upstream release. Closes: #574527 + * Added chrpath to debian/rules to fix rpath problems that lintian spottet. + + -- Christian Hammers Sun, 21 Mar 2010 17:05:40 +0100 + +quagga (0.99.15-2) unstable; urgency=low + + * Applied patch for off-by-one bug in ospf6d that caused a segmentation + fault when using the "area a.b.c.d filter-list prefix" command (thanks + to Steinar H. Gunderson). Closes: 519488 + + -- Christian Hammers Sun, 14 Feb 2010 20:02:03 +0100 + +quagga (0.99.15-1) unstable; urgency=low + + * New upstream release + "This fixes some annoying little ospfd and ospf6d regressions, which made + 0.99.14 a bit of a problem release (...) This release still contains a + regression in the "no ip address ..." command, at least on Linux. + See bug #486, which contains a workaround patch. This release should be + considered a 1.0.0 release candidate. Please test this release as widely + as possible." + * Fixed wrong port number in zebra.8 (thanks to Thijs Kinkhorst). + Closes: #517860 + * Added Russian Debconf tanslation (thanks to Yuri Kozlov). + Closes: #539464 + * Removed so-version in build-dep to libreadline-dev on request of + Matthias Klose. + * Added README.source with reference to dpatch as suggested by lintian. + * Bumped standards versionto 3.8.3. + + -- Christian Hammers Sun, 13 Sep 2009 18:12:06 +0200 + +quagga (0.99.14-1) unstable; urgency=low + + * New upstream release + "This release contains a regression fix for ospf6d, various small fixes + and some hopefully very significant bgpd stability fixes. + This release should be considered a 1.0.0 release candidate. Please test + this release as widely as possible." + * Fixes bug with premature LSA aging in ospf6d. Closes: #535030 + * Fixes section number in zebra.8 manpage. Closes: #517860 + + -- Christian Hammers Sat, 25 Jul 2009 00:40:38 +0200 + +quagga (0.99.13-2) unstable; urgency=low + + * Added Japanese Debconf translation (thanks to Hideki Yamane). + Closes: #510714 + * When checking for obsoleted config options in preinst, print filename + where it occures (thanks to Michael Bussmann). Closes: #339489 + + -- Christian Hammers Sun, 19 Jul 2009 17:13:23 +0200 + +quagga (0.99.13-1) unstable; urgency=low + + * New upstream release + "This release is contains a number of small fixes, for potentially + irritating issues, as well as small enhancements to vtysh and support + for linking to PCRE (a much faster regex library)." + * Added build-dep to gawk as configure required it for memtypes.awk + * Replaced build-dep to gs-gpl with ghostscript as requested by lintian + * Minor changes to copyright and control files to make lintian happy. + + -- Christian Hammers Wed, 24 Jun 2009 17:53:28 +0200 + +quagga (0.99.12-1) unstable; urgency=high + + * New upstream release + "This release fixes an urgent bug in bgpd where it could hit an assert + if it received a long AS_PATH with a 4-byte ASN." Noteworthy bugfixes: + + [bgpd] Fix bgp ipv4/ipv6 accept handling + + [bgpd] AS4 bugfix by Chris Caputo + + [bgpd] Allow accepted peers to progress even if realpeer is in Connect + + [ospfd] Switch Fletcher checksum back to old ospfd version + + -- Christian Hammers Mon, 22 Jun 2009 00:16:33 +0200 + +quagga (0.99.11-1) unstable; urgency=low + + * New upstream release + "Most regressions in 0.99 over 0.98 are now believed to be fixed. This + release should be considered a release-candidate for a new stable series." + + bgpd: Preliminary UI and Linux-IPv4 support for TCP-MD5 merged + + zebra: ignore dead routes in RIB update + + [ospfd] Default route needs to be refreshed after neighbour state change + + [zebra:netlink] Set proto/scope on all route update messages + * Removed debian/patches/20_*bgp*md5*.dpatch due to upstream support. + + -- Christian Hammers Thu, 09 Oct 2008 22:56:38 +0200 + +quagga (0.99.10-1) unstable; urgency=medium + + * New upstream release + + bgpd: 4-Byte AS Number support + + Sessions were incorrectly reset if a partial AS-Pathlimit attribute + was received. + + Advertisement of Multi-Protocol prefixes (i.e. non-IPv4) had been + broken in the 0.99.9 release. Closes: #467656 + + -- Christian Hammers Tue, 08 Jul 2008 23:32:42 +0200 + +quagga (0.99.9-6) unstable; urgency=low + + * Fixed FTBFS by adding a build-dep to libpcre3-dev (thanks to Luk Claes). + Closes: #469891 + + -- Christian Hammers Sat, 12 Apr 2008 12:53:51 +0200 + +quagga (0.99.9-5) unstable; urgency=low + + * C.J. Adams-Collier and Paul Jakma suggested to build against libpcre3 + which is supposed to be faster. + + -- Christian Hammers Sun, 02 Mar 2008 13:19:42 +0100 + +quagga (0.99.9-4) unstable; urgency=low + + * Added hardening-wrapper to the build-deps (thanks to Moritz Muehlenhoff). + + -- Christian Hammers Tue, 29 Jan 2008 22:33:56 +0100 + +quagga (0.99.9-3) unstable; urgency=low + + * Replaced the BGP patch by a new one so that the package builds again + with kernels above 2.6.21! + * debian/control: + + Moved quagga-doc to section doc to make lintian happy. + * Added Spanish debconf translation (thanks to Carlos Galisteo de Cabo). + Closes: #428574 + * debian/control: (thanks to Marco Rodrigues) + + Bump Standards-Version to 3.7.3 (no changes needed). + + Add Homepage field. + + -- Christian Hammers Mon, 28 Jan 2008 22:29:18 +0100 + +quagga (0.99.9-2.1) unstable; urgency=low + + * Non-maintainer upload. + * debian/rules: fixed bashisms. (Closes: #459122) + + -- Miguel Angel Ruiz Manzano Tue, 22 Jan 2008 14:37:21 -0300 + +quagga (0.99.9-2) unstable; urgency=low + + * Added CVE id for the security bug to the last changelog entry. + Closes: 442133 + + -- Christian Hammers Tue, 25 Sep 2007 22:01:31 +0200 + +quagga (0.99.9-1) unstable; urgency=high + + * SECURITY: + "This release fixes two potential DoS conditions in bgpd, reported by Mu + Security, where a bgpd could be crashed if a peer sent a malformed OPEN + message or a malformed COMMUNITY attribute. Only configured peers can do + this, hence we consider these issues to be very low impact." CVE-2007-4826 + + -- Christian Hammers Wed, 12 Sep 2007 21:12:41 +0200 + +quagga (0.99.8-1) unstable; urgency=low + + * New upstream version. + + -- Christian Hammers Fri, 17 Aug 2007 00:07:04 +0200 + +quagga (0.99.7-3) unstable; urgency=medium + + * Applied patch for FTBFS with linux-libc-dev (thanks to Andrew J. Schorr + and Lucas Nussbaum). Closes: #429003 + + -- Christian Hammers Fri, 22 Jun 2007 21:34:55 +0200 + +quagga (0.99.7-2) unstable; urgency=low + + * Added Florian Weimar as co-maintainer. Closes: 421977 + * Added Dutch debconf translation (thanks to Bart Cornelis). + Closes: #420932 + * Added Portuguese debconf translation (thanks to Rui Branco). + Closes: #421185 + * Improved package description (thanks to Reuben Thomas). + Closes: #418933 + * Added CVE Id to 0.99.6-5 changelog entry. + + -- Christian Hammers Wed, 02 May 2007 20:27:12 +0200 + +quagga (0.99.7-1) unstable; urgency=low + + * New upstream release. Closes: #421553 + + -- Christian Hammers Mon, 30 Apr 2007 14:22:34 +0200 + +quagga (0.99.6-6) unstable; urgency=medium + + * Fixes FTBFS with tetex-live. Closes: #420468 + + -- Christian Hammers Mon, 23 Apr 2007 21:34:13 +0200 + +quagga (0.99.6-5) unstable; urgency=high + + * SECURITY: + The bgpd daemon was vulnerable to a Denial-of-Service. Configured peers + could cause a Quagga bgpd to, typically, assert() and abort. The DoS + could be triggered by peers by sending an UPDATE message with a crafted, + malformed Multi-Protocol reachable/unreachable NLRI attribute. + This is CVE-2007-1995 and Quagga Bug#354. Closes: #418323 + + -- Christian Hammers Thu, 12 Apr 2007 23:21:58 +0200 + +quagga (0.99.6-4) unstable; urgency=low + + * Improved note in README.Debian for SNMP self-builders (thanks to Matthias + Wamser). Closes: #414788 + + -- Christian Hammers Wed, 14 Mar 2007 02:18:57 +0100 + +quagga (0.99.6-3) unstable; urgency=low + + * Updated German Debconf translation (thanks to Matthias Julius). + Closes: #409327 + + -- Christian Hammers Sat, 10 Feb 2007 15:06:16 +0100 + +quagga (0.99.6-2) unstable; urgency=low + + * Updated config.guess/config.sub as suggested by lintian. + * Corrected README.Debian text regarding the WANT_SNMP flag. + + -- Christian Hammers Sun, 17 Dec 2006 01:45:37 +0100 + +quagga (0.99.6-1) unstable; urgency=low + + * New upstream release. Closes: #402361 + + -- Christian Hammers Mon, 11 Dec 2006 00:28:09 +0100 + +quagga (0.99.5-5) unstable; urgency=high + + * Changed Depends on adduser to Pre-Depends to avoid uninstallability + in certain cases (thanks to Steve Langasek, Lucas Nussbaum). + Closes: #398562 + + -- Christian Hammers Wed, 15 Nov 2006 17:46:34 +0100 + +quagga (0.99.5-4) unstable; urgency=low + + * Added default PAM file and some explanations regarding PAM authentication + of vtysh which could prevent the start at boot-time when used wrong. + Now PAM permits anybody to access the vtysh tool (a malicious user could + build his own vtysh without PAM anyway) and the access is controled by + the read/write permissions of the vtysh socket which are only granted to + users belonging to the quaggavty group (thanks to Wakko Warner). + Closes: #389496 + * Added "case" to prerm script so that the Debconf question is not called a + second time in e.g. "new-prerm abort-upgrade" after being NACKed in the + old-prerm. + + -- Christian Hammers Fri, 3 Nov 2006 01:22:15 +0100 + +quagga (0.99.5-3) unstable; urgency=medium + + * Backport CVS fix for an OSPF DD Exchange regression (thanks to Matt + Brown). Closes: #391040 + + -- Christian Hammers Wed, 25 Oct 2006 19:47:11 +0200 + +quagga (0.99.5-2) unstable; urgency=medium + + * Added LSB info section to initscript. + * Removed unnecessary depends to libncurses5 to make checklib happy. + The one to libcap should remain though as it is just temporarily + unused. + + -- Christian Hammers Thu, 21 Sep 2006 00:04:07 +0200 + +quagga (0.99.5-1) unstable; urgency=low + + * New upstream release. Closes: #38704 + * Upstream fixes ospfd documentary inconsistency. Closes: #347897 + * Changed debconf question in prerm to "high" (thanks to Rafal Pietrak). + + -- Christian Hammers Mon, 11 Sep 2006 23:43:42 +0200 + +quagga (0.99.4-4) unstable; urgency=low + + * Recreate /var/run if not present because /var is e.g. on a tmpfs + filesystem (thanks to Martin Pitt). Closes: #376142 + * Removed nonexistant option from ospfd.8 manpage (thanks to + David Medberry). Closes: 378274 + + -- Christian Hammers Sat, 15 Jul 2006 20:22:12 +0200 + +quagga (0.99.4-3) unstable; urgency=low + + * Removed invalid semicolon from rules file (thanks to Philippe Gramoulle). + + -- Christian Hammers Tue, 27 Jun 2006 23:36:07 +0200 + +quagga (0.99.4-2) unstable; urgency=high + + * Set urgency to high as 0.99.4-1 fixes a security problem! + * Fixed building of the info file. + + -- Christian Hammers Sun, 14 May 2006 23:04:28 +0200 + +quagga (0.99.4-1) unstable; urgency=low + + * New upstream release to fix a security problem in the telnet interface + of the BGP daemon which could be used for DoS attacks (CVE-2006-2276). + Closes: 366980 + + -- Christian Hammers Sat, 13 May 2006 19:54:40 +0200 + +quagga (0.99.3-3) unstable; urgency=low + + * Added CVE numbers for the security patch in 0.99.3-2. + + -- Christian Hammers Sat, 6 May 2006 17:14:22 +0200 + +quagga (0.99.3-2) unstable; urgency=high + + * SECURITY: + Added security bugfix patch from upstream BTS for security problem + that could lead to injected routes when using RIPv1. + CVE-2006-2223 - missing configuration to disable RIPv1 or require + plaintext or MD5 authentication + CVE-2006-2224 - lack of enforcement of RIPv2 authentication requirements + Closes: #365940 + * First amd64 upload. + + -- Christian Hammers Thu, 4 May 2006 00:22:09 +0200 + +quagga (0.99.3-1) unstable; urgency=low + + * New upstream release + + -- Christian Hammers Wed, 25 Jan 2006 13:37:27 +0100 + +quagga (0.99.2-1) unstable; urgency=low + + * New upstream release + Closes: #330248, #175553 + + -- Christian Hammers Wed, 16 Nov 2005 00:25:52 +0100 + +quagga (0.99.1-7) unstable; urgency=low + + * Changed debian/rules check for mounted /proc directory to check + for /proc/1 as not all systems (e.g. 2.6 arm kernels) have + /proc/kcore which is a optional feature only (thanks to Lennert + Buytenhek). Closes: #335695 + * Added Swedish Debconf translation (thanks to Daniel Nylander). + Closes: #331367 + + -- Christian Hammers Thu, 27 Oct 2005 20:53:19 +0200 + +quagga (0.99.1-6) unstable; urgency=low + + * Fixed debconf dependency as requested by Joey Hess. + + -- Christian Hammers Mon, 26 Sep 2005 20:47:35 +0200 + +quagga (0.99.1-5) unstable; urgency=low + + * Rebuild with libreadline5-dev as build-dep as requested by + Matthias Klose. Closes: #326306 + * Made initscript more fault tolerant against missing lines in + /etc/quagga/daemons (thanks to Ralf Hildebrandt). Closes: #323774 + * Added dependency to adduser. + + -- Christian Hammers Tue, 13 Sep 2005 21:42:17 +0200 + +quagga (0.99.1-4) unstable; urgency=low + + * Added French Debconf translation (thanks to Mohammed Adnene Trojette). + Closes: #319324 + * Added Czech Debconf translation (thanks to Miroslav Kure). + Closes: #318127 + + -- Christian Hammers Sun, 31 Jul 2005 04:19:41 +0200 + +quagga (0.99.1-3) unstable; urgency=low + + * A Debconf question now asks the admin before upgrading if the daemon + should really be stopped as this could lead to the loss of network + connectivity or BGP flaps (thanks to Michael Horn and Achilleas Kotsis). + Also added a hint about setting Quagga "on hold" to README.Debian. + Closes: #315467 + * Added patch to build on Linux/ARM. + + -- Christian Hammers Sun, 10 Jul 2005 22:19:38 +0200 + +quagga (0.99.1-2) unstable; urgency=low + + * Fixed SNMP enabled command in debian/rules (thanks to Christoph Kluenter). + Closes: #306840 + + -- Christian Hammers Sat, 4 Jun 2005 14:04:01 +0200 + +quagga (0.99.1-1) unstable; urgency=low + + * New upstream version. Among others: + - BGP graceful restart and "match ip route-source" added + - support for interface renaming + - improved threading for better responsivness under load + * Switched to dpatch to make diffs cleaner. + * Made autoreconf unnecessary. + * Replaced quagga.dvi and quagga.ps by quagga.pdf in quagga-doc. + (the PostScript would have needed Makefile corrections and PDF + is more preferable anyway) + * Added isisd to the list of daemons in /etc/init.d/quagga (thanks + to Ernesto Elbe). + * Added hint for "netlink-listen: overrun" messages (thanks to + Hasso Tepper). + * Added preinst check that bails out if old smux options are in use + as Quagga would not start up else anyway (thanks to Bjorn Mork). + Closes: #308320 + + -- Christian Hammers Fri, 13 May 2005 01:18:24 +0200 + +quagga (0.98.3-7) unstable; urgency=high + + * Removed SNMP support as linking against NetSNMP introduced a dependency + to OpenSSL which is not compatible to the GPL which governs this + application (thanks to Faidon Liambotis). See README.Debian for more + information. Closes: #306840 + * Changed listening address of ospf6d and ripngd from 127.0.0.1 to "::1". + * Added build-dep to groff to let drafz-zebra-00.txt build correctly. + + -- Christian Hammers Wed, 4 May 2005 20:08:14 +0200 + +quagga (0.98.3-6) testing-proposed-updates; urgency=high + + * Removed "Recommends kernel-image-2.4" as aptitude then + installes a kernel-image for an arbitrary architecture as long + as it fullfill that recommendation which can obviously fatal + at the next reboot :) Also it is a violation of the policy + which mandates a reference to real packages (thanks to Holger Levsen). + Closes: #307281 + + -- Christian Hammers Tue, 3 May 2005 22:53:39 +0200 + +quagga (0.98.3-5) unstable; urgency=high + + * The patch which tried to remove the OpenSSL dependency, which is + not only unneccessary but also a violation of the licence and thus RC, + stopped working a while ago, since autoreconf is no longer run before + building the binaries. So now ./configure is patched directly (thanks + to Faidon Liambotis for reporting). Closes: #306840 + * Raised Debhelper compatibility level from 3 to 4. Nothing changed. + * Added build-dep to texinfo (>= 4.7) to ease work for www.backports.org. + + -- Christian Hammers Fri, 29 Apr 2005 02:31:03 +0200 + +quagga (0.98.3-4) unstable; urgency=low + + * Removed Debconf upgrade note as it was considered a Debconf abuse + and apart from that so obvious that it was not even worth to be + put into NEWS.Debian (thanks to Steve Langasek). Closes: #306384 + + -- Christian Hammers Wed, 27 Apr 2005 00:10:24 +0200 + +quagga (0.98.3-3) unstable; urgency=medium + + * Adding the debconf module due to a lintian suggestion is a very + bad idea if no db_stop is called as the script hangs then (thanks + to Tore Anderson for reporting). Closes: #306324 + + -- Christian Hammers Mon, 25 Apr 2005 21:55:58 +0200 + +quagga (0.98.3-2) unstable; urgency=low + + * Added debconf confmodule to postinst as lintian suggested. + + -- Christian Hammers Sun, 24 Apr 2005 13:16:00 +0200 + +quagga (0.98.3-1) unstable; urgency=low + + * New upstream release. + Mmost notably fixes last regression in bgpd (reannounce of prefixes + with changed attributes works again), race condition in netlink + handling while using IPv6, MTU changes handling in ospfd and several + crashes in ospfd, bgpd and ospf6d. + + -- Christian Hammers Mon, 4 Apr 2005 12:51:24 +0200 + +quagga (0.98.2-2) unstable; urgency=low + + * Added patch to let Quagga compile with gcc-4.0 (thanks to + Andreas Jochens). Closes: #300949 + + -- Christian Hammers Fri, 25 Mar 2005 19:33:30 +0100 + +quagga (0.98.2-1) unstable; urgency=medium + + * Quoting the upstream announcement: + The 0.98.1 release unfortunately was a brown paper bag release with + respect to ospfd. [...] 0.98.2 has been released, with one crucial change + to fix the unfortunate mistake in 0.98.1, which caused problems if + ospfd became DR. + * Note: the upstream tarball had a strange problem, apparently redhat.spec + was twice in it? At least debuild gave a strange error message so I + unpacked it by hand. No changes were made to the .orig.tar.gz! + + -- Christian Hammers Fri, 4 Feb 2005 01:31:36 +0100 + +quagga (0.98.1-1) unstable; urgency=medium + + * New upstream version + "fixing a fatal OSPF + MD5 auth regression, and a non-fatal high-load + regression in bgpd which were present in the 0.98.0 release." + * Upstream version fixes bug in ospfd that could lead to crash when OSPF + packages had a MTU > 1500. Closes: #290566 + * Added notice regarding capability kernel support to README.Debian + (thanks to Florian Weimer). Closes: #291509 + * Changed permission setting in postinst script (thanks to Bastian Blank). + Closes: #292690 + + -- Christian Hammers Tue, 1 Feb 2005 02:01:27 +0100 + +quagga (0.98.0-3) unstable; urgency=low + + * Fixed problem in init script. Closes: #290317 + * Removed obsolete "smux peer enable" patch. + + -- Christian Hammers Fri, 14 Jan 2005 17:37:27 +0100 + +quagga (0.98.0-2) unstable; urgency=low + + * Updated broken TCP MD5 patch for BGP (thanks to John P. Looney + for telling me). + + -- Christian Hammers Thu, 13 Jan 2005 02:03:54 +0100 + +quagga (0.98.0-1) unstable; urgency=low + + * New upstream release + * Added kernel-image-2.6 as alternative to 2.4 to the recommends + (thanks to Faidon Liambotis). Closes: #289530 + + -- Christian Hammers Mon, 10 Jan 2005 19:36:17 +0100 + +quagga (0.97.5-1) unstable; urgency=low + + * New upstream version. + * Added Czech debconf translation (thanks to Miroslav Kure). + Closes: #287293 + * Added Brazilian debconf translation (thanks to Andre Luis Lopes). + Closes: #279352 + + -- Christian Hammers Wed, 5 Jan 2005 23:49:57 +0100 + +quagga (0.97.4-2) unstable; urgency=low + + * Fixed quagga.info build problem. + + -- Christian Hammers Wed, 5 Jan 2005 22:38:01 +0100 + +quagga (0.97.4-1) unstable; urgency=low + + * New upstream release. + + -- Christian Hammers Tue, 4 Jan 2005 01:45:22 +0100 + +quagga (0.97.3-2) unstable; urgency=low + + * Included isisd in the daemon list. + * Wrote an isisd manpage. + * It is now ensured that zebra is always the last daemon to be stopped. + * (Thanks to Hasso Tepper for mailing me a long list of suggestions + which lead to this release) + + -- Christian Hammers Sat, 18 Dec 2004 13:14:55 +0100 + +quagga (0.97.3-1) unstable; urgency=medium + + * New upstream version. + - Fixes important OSPF bug. + * Added ht-20040911-smux.patch regarding Quagga bug #112. + * Updated ht-20041109-0.97.3-bgp-md5.patch for BGP with TCP MD5 + (thanks to Matthias Wamser). + + -- Christian Hammers Tue, 9 Nov 2004 17:45:26 +0100 + +quagga (0.97.2-4) unstable; urgency=low + + * Added Portuguese debconf translation (thanks to Andre Luis Lopes). + Closes: #279352 + * Disabled ospfapi server by default on recommendation of Paul Jakma. + + -- Christian Hammers Sun, 7 Nov 2004 15:07:05 +0100 + +quagga (0.97.2-3) unstable; urgency=low + + * Added Andrew Schorrs VTY Buffer patch from the [quagga-dev 1729]. + + -- Christian Hammers Tue, 2 Nov 2004 00:46:56 +0100 + +quagga (0.97.2-2) unstable; urgency=low + + * Changed file and directory permissions and ownerships according to a + suggestion from Paul Jakma. Still not perfect though. + * Fixed upstream vtysh.conf.sample file. + * "ip ospf network broadcast" is now saved correctly. Closes: #244116 + * Daemon options are now in /etc/quagga/debian.conf to be user + configurable (thanks to Simon Raven and Hasso Tepper). Closes: #266715 + + -- Christian Hammers Tue, 26 Oct 2004 23:35:45 +0200 + +quagga (0.97.2-1) unstable; urgency=low + + * New upstream version. + Closes: #254541 + * Fixed warning on unmodular kernels (thanks to Christoph Biedl). + Closes: #277973 + + -- Christian Hammers Mon, 25 Oct 2004 00:47:04 +0200 + +quagga (0.97.1-2) unstable; urgency=low + + * Version 0.97 introduced shared libraries. They are now included. + (thanks to Raf D'Halleweyn). Closes: #277446 + + -- Christian Hammers Wed, 20 Oct 2004 15:32:06 +0200 + +quagga (0.97.1-1) unstable; urgency=low + + * New upstream version. + * Removed some obsolete files from debian/patches. + * Added patch from upstream bug 113. Closes: #254541 + * Added patch from upstream that fixes a compilation problem in the + ospfclient code (thanks to Hasso Tepper). + * Updated German debconf translation (thanks to Jens Nachtigall) + Closes: #277059 + + -- Christian Hammers Mon, 18 Oct 2004 01:16:35 +0200 + +quagga (0.96.5-11) unstable; urgency=low + + * Fixed /tmp/buildd/* paths in binaries. + For some unknown reason the upstream Makefile modified a .h file at + the end of the "debian/rules build" target. During the following + "make install" one library got thus be re*compiled* - with /tmp/buildd + paths as sysconfdir (thanks to Peder Chr. Norgaard). Closes: #274050 + + -- Christian Hammers Fri, 1 Oct 2004 01:21:02 +0200 + +quagga (0.96.5-10) unstable; urgency=medium + + * The BGP routing daemon might freeze on network disturbances when + their peer is also a Quagga/Zebra router. + Applied patch from http://bugzilla.quagga.net/show_bug.cgi?id=102 + which has been confirmed by the upstream author. + (thanks to Gunther Stammwitz) + * Changed --enable-pam to --with-libpam (thanks to Hasso Tepper). + Closes: #264562 + * Added patch for vtysh (thanks to Hasso Tepper). Closes: #215919 + + -- Christian Hammers Mon, 9 Aug 2004 15:33:02 +0200 + +quagga (0.96.5-9) unstable; urgency=low + + * Rewrote the documentation chapter about SNMP support. Closes: #195653 + * Added MPLS docs. + + -- Christian Hammers Thu, 29 Jul 2004 21:01:52 +0200 + +quagga (0.96.5-8) unstable; urgency=low + + * Adjusted a grep in the initscript to also match a modprobe message + from older modutils packages (thanks to Faidon Paravoid). + + -- Christian Hammers Wed, 28 Jul 2004 21:19:02 +0200 + +quagga (0.96.5-7) unstable; urgency=low + + * Added a "cd /etc/quagga/" to the init script as quagga tries to load + the config file first from the current working dir and then from the + config dir which could lead to confusion (thanks to Marco d'Itri). + Closes: #255078 + * Removed warning regarding problems with the Debian kernels from + README.Debian as they are no longer valid (thanks to Raphael Hertzog). + Closes: #257580 + * Added patch from Hasso Tepper that makes "terminal length 0" work + in vtysh (thanks to Matthias Wamser). Closes: #252579 + + -- Christian Hammers Thu, 8 Jul 2004 21:53:21 +0200 + +quagga (0.96.5-6) unstable; urgency=low + + * Try to load the capability module as it is needed now. + + -- Christian Hammers Tue, 8 Jun 2004 23:25:29 +0200 + +quagga (0.96.5-5) unstable; urgency=low + + * Changed the homedir of the quagga user to /etc/quagga/ to allow + admins to put ~/.ssh/authorized_keys there (thanks to Matthias Wamser). + Closes: #252577 + + -- Christian Hammers Sat, 5 Jun 2004 14:47:31 +0200 + +quagga (0.96.5-4) unstable; urgency=medium + + * Fixed rules file to use the renamed ./configure option --enable-tcp-md5 + (thanks to Matthias Wamser). Closes: #252141 + + -- Christian Hammers Tue, 1 Jun 2004 22:58:32 +0200 + +quagga (0.96.5-3) unstable; urgency=low + + * Provided default binary package name to all build depends that were + virtual packages (thanks to Goswin von Brederlow). Closes: #251625 + + -- Christian Hammers Sat, 29 May 2004 22:48:53 +0200 + +quagga (0.96.5-2) unstable; urgency=low + + * New upstream version. + * New md5 patch version (thanks to Niklas Jakobsson and Hasso Tepper). + Closes: #250985 + * Fixes info file generation (thanks to Peder Chr. Norgaard). + Closes: #250992 + * Added catalan debconf translation (thanks to Aleix Badia i Bosch). + Closes: #250118 + * PATCHES: + This release contains BGP4 MD5 support which requires a kernel patch + to work. See /usr/share/doc/quagga/README.Debian.MD5. + (The patch is ht-20040525-0.96.5-bgp-md5.patch from Hasso Tepper) + + -- Christian Hammers Thu, 27 May 2004 20:09:37 +0200 + +quagga (0.96.5-1) unstable; urgency=low + + * New upstream version. + * PATCHES: + This release contains BGP4 MD5 support which also requires a kernel patch. + See /usr/share/doc/quagga/README.Debian.MD5 and search for CAN-2004-0230. + + -- Christian Hammers Sun, 16 May 2004 17:40:40 +0200 + +quagga (0.96.4x-10) unstable; urgency=low + + * SECURITY: + This release contains support for MD5 for BGP which is one suggested + prevention of the actually long known TCP SYN/RST attacks which got + much news in the last days as ideas were revealed that made them much + easier probable agains especially the BGP sessions than commonly known. + There are a lot of arguments agains the MD5 approach but some ISPs + started to require it. + See: CAN-2004-0230, http://www.us-cert.gov/cas/techalerts/TA04-111A.html + * PATCHES: + This release contains the MD5 patch from Hasso Tepper. It also seems to + required a kernel patch. See /usr/share/doc/quagga/README.Debian.MD5. + + -- Christian Hammers Thu, 29 Apr 2004 01:01:38 +0200 + +quagga (0.96.4x-9) unstable; urgency=low + + * Fixed daemon loading order (thanks to Matt Kemner). + * Fixed typo in init script (thanks to Charlie Brett). Closes: #238582 + + -- Christian Hammers Sun, 4 Apr 2004 15:32:18 +0200 + +quagga (0.96.4x-8) unstable; urgency=low + + * Patched upstream source so that quagga header files end up in + /usr/include/quagga/. Closes: #233792 + + -- Christian Hammers Mon, 23 Feb 2004 01:42:53 +0100 + +quagga (0.96.4x-7) unstable; urgency=low + + * Fixed info file installation (thanks to Holger Dietze). Closes: #227579 + * Added Japanese translation (thanks to Hideki Yamane). Closes: #227812 + + -- Christian Hammers Sun, 18 Jan 2004 17:28:29 +0100 + +quagga (0.96.4x-6) unstable; urgency=low + + * Added dependency to iproute. + * Initscript now checks not only for the pid file but also for the + daemons presence (thanks to Phil Gregory). Closes: #224389 + * Added my patch to configure file permissions. + + -- Christian Hammers Mon, 15 Dec 2003 22:34:29 +0100 + +quagga (0.96.4x-5) unstable; urgency=low + + * Added patch which gives bgpd the CAP_NET_RAW capability to allow it + to bind to special IPv6 link-local interfaces (Thanks to Bastian Blank). + Closes: #222930 + * Made woody backport easier by applying Colin Watsons po-debconf hack. + Thanks to Marc Haber for suggesting it. Closes: #223527 + * Made woody backport easier by applying a patch that removes some + obscure whitespaces inside an C macro. (Thanks to Marc Haber). + Closes: #223529 + * Now uses /usr/bin/pager. Closes: #204070 + * Added note about the "official woody backports" on my homepage. + + -- Christian Hammers Mon, 15 Dec 2003 20:39:06 +0100 + +quagga (0.96.4x-4) unstable; urgency=high + + * SECURITY: + Fixes another bug that was originally reported against Zebra. + . + http://rhn.redhat.com/errata/RHSA-2003-307.html + Herbert Xu reported that Zebra can accept spoofed messages sent on the + kernel netlink interface by other users on the local machine. This could + lead to a local denial of service attack. The Common Vulnerabilities and + Exposures project (cve.mitre.org) has assigned the name CAN-2003-0858 to + this issue. + + * Minor improvements to init script (thanks to Iustin Pop). + Closes: #220938 + + -- Christian Hammers Sat, 22 Nov 2003 13:27:57 +0100 + +quagga (0.96.4x-3) unstable; urgency=low + + * Changed "more" to "/usr/bin/pager" as default pager if $PAGER or + $VTYSH_PAGER is not set (thanks to Bastian Blank). Closes: #204070 + * Made the directory (but not the config/log files!) world accessible + again on user request (thanks to Anand Kumria)). Closes: #213129 + * No longer providing sample configuration in /etc/quagga/. They are + now only available in /usr/share/doc/quagga/ to avoid accidently + using them without changing the adresses (thanks to Marc Haber). + Closes: #215918 + + -- Christian Hammers Sun, 16 Nov 2003 16:59:30 +0100 + +quagga (0.96.4x-2) unstable; urgency=low + + * Fixed permission problem with pidfile (thanks to Kir Kostuchenko). + Closes: #220938 + + -- Christian Hammers Sun, 16 Nov 2003 14:24:08 +0100 + +quagga (0.96.4x-1) unstable; urgency=low + + * Reupload of 0.96.4. Last upload-in-a-hurry produced a totally + crappy .tar.gz file. Closes: #220621 + + -- Christian Hammers Fri, 14 Nov 2003 19:45:57 +0100 + +quagga (0.96.4-1) unstable; urgency=high + + * SECURITY: Remote DoS of protocol daemons. + Fix for a remote triggerable crash in vty layer. The management + ports ("telnet myrouter ospfd") should not be open to the internet! + + * New upstream version. + - OSPF bugfixes. + - Some improvements for bgp and rip. + + -- Christian Hammers Thu, 13 Nov 2003 11:52:27 +0100 + +quagga (0.96.3-3) unstable; urgency=low + + * Fixed pid file generation by substituting the daemons "-d" by the + start-stop-daemon option "--background" (thanks to Micha Gaisser). + Closes: #218103 + + -- Christian Hammers Wed, 29 Oct 2003 05:17:49 +0100 + +quagga (0.96.3-2) unstable; urgency=low + + * Readded GNOME-PRODUCT-ZEBRA-MIB. + + -- Christian Hammers Thu, 23 Oct 2003 06:17:03 +0200 + +quagga (0.96.3-1) unstable; urgency=medium + + * New upstream version. + * Removed -u and -e in postrm due to problems with debhelper and userdel + (thanks to Adam Majer and Jaakko Niemi). Closes: #216770 + * Removed SNMP MIBs as they are now included in libsnmp-base (thanks to + David Engel and Peter Gervai). Closes: #216138, #216086 + * Fixed seq command in init script (thanks to Marc Haber). Closes: #215915 + * Improved /proc check (thanks to Marc Haber). Closes: #212331 + + -- Christian Hammers Thu, 23 Oct 2003 03:42:02 +0200 + +quagga (0.96.2-9) unstable; urgency=medium + + * Removed /usr/share/info/dir.* which were accidently there and prevented + the installation by dpkg (thanks to Simon Raven). Closes: #212614 + * Reworded package description (thanks to Anand Kumria). Closes: #213125 + * Added french debconf translation (thanks to Christian Perrier). + Closes: #212803 + + -- Christian Hammers Tue, 7 Oct 2003 13:26:58 +0200 + +quagga (0.96.2-8) unstable; urgency=low + + * debian/rules now checks if /proc is mounted as ./configure needs + it but just fails with an obscure error message if it is absent. + (Thanks to Norbert Tretkowski). Closes: #212331 + + -- Christian Hammers Tue, 23 Sep 2003 12:57:38 +0200 + +quagga (0.96.2-7) unstable; urgency=low + + * Last build was rejected due to a buggy dpkg-dev version. Rebuild. + + -- Christian Hammers Mon, 22 Sep 2003 20:34:12 +0200 + +quagga (0.96.2-6) unstable; urgency=low + + * Fixed init script so that is is now possible to just start + the bgpd but not the zebra daemon. Also daemons are now actually + started in the order defined their priority. (Thanks to Thomas Kaehn + and Jochen Friedrich) Closes: #210924 + + -- Christian Hammers Fri, 19 Sep 2003 21:17:02 +0200 + +quagga (0.96.2-5) unstable; urgency=low + + * For using quagga as BGP route server or similar, it is not + wanted to have the zebra daemon running too. For this reason + it can now be disabled in /etc/quagga/daemons, too. + (Thanks to Jochen Friedrich). Closes: #210924 + * Attached *unapplied* patch for the ISIS protocol. I did not dare + to apply it as long as upstream does not do it but this way give + users the possibilities to use it if they like to. + (Thanks to Remco van Mook) + + -- Christian Hammers Wed, 17 Sep 2003 19:57:31 +0200 + +quagga (0.96.2-4) unstable; urgency=low + + * Enabled IPV6 router advertisement feature by default on user request + (thanks to Jochen Friedrich and Hasso Tepper). Closes: #210732 + * Updated GNU autoconf to let it build on hppa/parisc64 (thanks to + lamont). Closes: #210492 + + -- Christian Hammers Sat, 13 Sep 2003 14:11:13 +0200 + +quagga (0.96.2-3) unstable; urgency=medium + + * Removed unnecessary "-lcrypto" to avoid dependency against OpenSSL + which would require further copyright addtions. + + -- Christian Hammers Wed, 10 Sep 2003 01:37:28 +0200 + +quagga (0.96.2-2) unstable; urgency=low + + * Added note that config files of quagga are in /etc/quagga and + not /etc/zebra for the zebra users that migrate to quagga. + (Thanks to Roberto Suarez Soto for the idea) + * Fixed setgid rights in /etc/quagga. + + -- Christian Hammers Wed, 27 Aug 2003 14:05:39 +0200 + +quagga (0.96.2-1) unstable; urgency=low + + * This package has formally been known as "zebra-pj"! + * New upstream release. + Fixes "anoying OSPF problem". + * Modified group ownerships so that vtysh can now be used by normal + uses if they are in the quaggavty group. + + -- Christian Hammers Mon, 25 Aug 2003 23:40:14 +0200 + +quagga (0.96.1-1) unstable; urgency=low + + * Zebra-pj, the fork of zebra has been renamed to quagga as the original + upstream author asked the new project membed not to use "zebra" in the + name. zebra-pj is obsolete. + + -- Christian Hammers Mon, 18 Aug 2003 23:37:20 +0200 + +zebra-pj (0.94+cvs20030721-1) unstable; urgency=low + + * New CVS build. + - OSPF changes (integration of the OSPF API?) + - code cleanups (for ipv6?) + * Tightened Build-Deps to gcc-2.95 as 3.x does not compile a stable ospfd. + This is a known problem and has been discussed on the mailing list. + No other solutions so far. + + -- Christian Hammers Mon, 21 Jul 2003 23:52:00 +0200 + +zebra-pj (0.94+cvs20030701-1) unstable; urgency=low + + * Initial Release. + + -- Christian Hammers Tue, 1 Jul 2003 01:58:06 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000000..ec635144f6 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000000..e8dbaf4aaa --- /dev/null +++ b/debian/control @@ -0,0 +1,116 @@ +Source: frr +Section: net +Priority: optional +Maintainer: David Lamparter +Uploaders: FRRouting-dev +Build-Depends: + autotools-dev, + bison, + chrpath, + debhelper (>= 9), + debhelper (>= 9.20160709) | dh-systemd , + dh-autoreconf, + flex, + gawk, + install-info, + libc-ares-dev, + libcap-dev, + libjson0 | libjson-c2 | libjson-c3, + libjson0-dev | libjson-c-dev, + libpam0g-dev | libpam-dev, + libpcre3-dev, + libpython3-dev, + libreadline-dev, + librtr-dev , + libsnmp-dev, + libssh-dev , + libsystemd-dev , + pkg-config, + python3, + python3-sphinx, + texinfo (>= 4.7) +Standards-Version: 4.2.1 +Homepage: https://www.frrouting.org/ +Vcs-Browser: https://github.com/FRRouting/frr/ +Vcs-Git: https://github.com/FRRouting/frr.git + +Package: frr +Architecture: linux-any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, + iproute2 | iproute, + logrotate (>= 3.2-11) +Pre-Depends: adduser +Recommends: frr-pythontools +Suggests: frr-doc +Conflicts: zebra, zebra-pj, quagga +Replaces: zebra, zebra-pj +Description: FRRouting suite of internet protocols (BGP, OSPF, IS-IS, ...) + FRRouting implements the routing protocols commonly used in the + internet and private networks to exchange information between routers. + Both IP and IPv6 are supported, as are BGP, OSPF, IS-IS, BABEL, EIGRP, + RIP, LDP, BFD, PIM and NHRP protocols. + . + These protocols are used to turn your system into a dynamic router, + exchanging information about available connections with other routers + in a standards-compliant way. The actual packet forwarding + functionality is provided by the OS kernel. + . + FRRouting is a fork of Quagga with an open community model. The main + git lives on https://github.com/frrouting/frr.git and the project name + is commonly abbreviated as "FRR." + +Package: frr-snmp +Architecture: linux-any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, + frr (= ${binary:Version}) +Recommends: snmpd +Description: FRRouting suite - SNMP support + Adds SNMP support to FRR's daemons by attaching to net-snmp's snmpd + through the AgentX protocol. Provides read-only access to current + routing state through standard SNMP MIBs. + +Package: frr-rpki-rtrlib +Architecture: linux-any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, + frr (= ${binary:Version}) +Description: FRRouting suite - BGP RPKI support (rtrlib) + Adds RPKI support to FRR's bgpd, allowing validation of BGP routes + against cryptographic information stored in WHOIS databases. This is + used to prevent hijacking of networks on the wider internet. It is only + relevant to internet service providers using their own autonomous system + number. +Build-Profiles: + +Package: frr-doc +Section: doc +Architecture: all +Depends: + ${misc:Depends}, + libjs-jquery, + libjs-underscore +Suggests: frr +Description: FRRouting suite - user manual + This provides the FRR user manual in HTML form. This is the official + manual maintained as part of the package and is also available online + at https://frrouting.readthedocs.io/ + +Package: frr-pythontools +Architecture: all +Depends: + ${misc:Depends}, + frr (<< ${source:Upstream-Version}.0-~), + frr (>= ${source:Version}~), + python3:any +Description: FRRouting suite - Python tools + The FRRouting suite uses a small Python tool to provide configuration + reload functionality, particularly useful when the interactive configuration + shell is not used. + . + Without this package installed, "reload" (as a systemd or init script + invocation) will not work for the FRR daemons. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000000..dbdc6b433c --- /dev/null +++ b/debian/copyright @@ -0,0 +1,258 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Frr +Upstream-Contact: maintainers@frrouting.org, security@frrouting.org +Source: https://www.frrouting.org/ + +Files: * +Copyright: 1996-2003 by the original Zebra authors: + Kunihiro Ishiguro + Toshiaki Takada + Yasuhiro Ohara + 2003-2016 by the Quagga Project + 2016-2018 by the FRRouting Project + Adam Fitzgerald 2017 + Alex Couloumbis 2017 + Alexandre Chappuis 2011 + Alexis Fasquel 2015 + Ali Rezaee 2018 + Ameya Dharkar 2018 + Amritha Nambiar 2015 + Andreas Jaggi 2017 + Andrew Certain 2012 + Andrew J. Schorr 2004-2011 + Andrew Lunn 2017 + Andrey Korolyov 2017-2018 + Ang Way Chuang 2012 + Anuradha Karuppiah 2016-2018 + Arthur Jones 2018 + Avneesh Sachdev 2012, 2016 + Ayan Banerjee 2012 + Balaji G. 2011-2016 + Barry Friedman 2011 + Bartek Kania 2008 + Baruch Siach 2016 + Bingen Eguzkitza 2016-2017 + Boian Bonev 2013 + Boris Yakubov 2013 + Brad Smith 2012 + Brett Ciphery 2013 + Brian Bennett 2015 + Brian Rak 2017 + Chirag Shah 2017-2018 + Chris Caputo 2009-2010 + Chris Hall 2010 + Chris Luke 2011 + Christian Franke 2012-2018 + Christian Hammers 2011 + Christoffer Hansen 2018 + Christoph Dwertmann 2018 + Colin Petrie 2016 + Daniel Kozlowski 2012 + Daniel Ng 2008 + Daniel Walton 2015-2018 + Daniil Baturin 2018 + Dario Wiesner 2018 + Dave Olson 2016-2017 + David BÉRARD 2010 + David Lamparter 2009-2018 + David Lebrun 2016 + David Ward 2009-2012 + David Young 2007 + Denil Vira 2015 + Denis Ovsienko 2007-2012 + Dinesh Dutt 2012-2013 + Dinesh G. Dutt 2013-2017 + Dmitrij Tejblum 2009-2011 + Dmitry Popov 2011 + Don Slice 2016-2018 + Donald Sharp 2015-2018 + Donatas Abraitis 2018 + Dongling Duan 2018 + Donnie Savage 2017 + Doug VanLeuven 2012 + Dylan Hall 2011 + Emanuele Di Pascale 2018 + Eric Pulvino 2017 + Everton Marques 2012-2014 + Evgeny Uskov 2016 + F. Aragon 2018 + Fatih USTA 2017 + Feng Lu 2014-2015 + Fernando Soto 2015 + Francesco Dolcini 2009 + Fredi Raspall 2016-2018 + Fritz Reichmann 2011 + G. Paul Ziemba 2016-2018 + Greg Troxel 2003-2007, 2010-2015 + Hasso Tepper 2003-2007, 2012-2013 + Hiroshi Yokoi 2015 + Hongguang Li 2016 + Hung-Weic Chiu 2017 + Igor Ryzhov 2016 + Ilya Shipitsin 2018 + Ingo Flaschberger 2011 + Ivan Moskalyov 2010 + JR Rivers 2012 + Jafar Al-Gharaibeh 2009, 2015-2018 + Jarad Olson 2018 + Jaroslav Fojtik 2011 + Jeremy Jackson 2008-2009 + Jingjing Duan 2008-2009 + Joachim Nilsson 2012-2013 + Joakim Tjernlund 2008-2014 + Job Snijders 2016 + John Berezovik 2016 + John Glotzer 2014 + John Kemp 2011 + Jon Andersson 2009-2011 + Jorge Boncompte 2012-2013, 2017 + Josh Bailey 2011-2012 + Juergen Kammer 2017 + Julien Courtat 2016 + Juliusz Chroboczek 2012 + Kaloyan Kovachev 2015-2017 + Ken Williams 2014 + Khiruthigai Balasubramanian 2016 + Krisztian Kovacs 2009 + Kunihiro Ishiguro 2018 + Leonard Tracy 2012 + Leonid Rosenboim 2012-2013 + Liu Xiaofeng 2016 + Lou Berger 2013, 2016-2018 + Lu Feng 2014-2015 + Lucian Cristian 2017 + Maitane Zotes 2014 + Manuel Schweizer 2017 + Marcel Röthke 2017-2018 + Mark Stapp 2018 + Martin Buck 2018 + Martin Winter 2015-2018 + Martín Beauchamp 2017 + Mathias Krause 2010 + Mathieu Goessens 2009 + Matthew Smith 2017 + Matthias Ferdinand 2011 + Matthieu Boutier 2012, 2016-2017 + Matti-Oskari Leppänen 2013 + Michael Lambert 2008-2010 + Michael Rossberg 2015 + Michael Zingg 2012 + Michal Sekletar 2014 + Mike Tancsa 2017 + Milan Kocian 2013-2014 + Mitesh Kanjariya 2017-2018 + Mladen Sablic 2017-2018 + Morgan Stewart 2015 + Nathan Van Gheem 2018 + Nick Hilliard 2009-2012 + Nico Golde 2010 + Nicolas Dichtel 2015 + Nigel Kukard 2017 + Nolan Leake 2012 + Oleg A. Arkhangelsky 2011 + Olivier Cochard-Labbé 2014 + Olivier Dugeon 2014-2018 + Ondrej Zajicek 2009 + Pascal Mathis 2018 + Paul Jakma 2002-2016 + Paul P Komkoff Jr 2008 + Pawel Wieczorkiewicz 2016 + Peter Pentchev 2011 + Peter Szilagyi 2011 + Phil Huang 2017 + Phil Laverdiere 2012 + Philippe Guibert 2016-2018 + Piotr Jurkiewicz 2018 + Pradosh Mohapatra 2013-2014 + Quentin Young 2016-2018 + Radhika Mahankali 2015-2017 + Rafael Zalamena 2017-2018 + Rakesh Garimella 2013 + Raymond P. Burkholder 2017 + Remi Gacogne 2013 + Renato Westphal 2012, 2016-2018 + Robert Bays 2010 + Roderick Schertler 2011 + Rodny Molina 2018 + Roman Hoog Antink 2010-2013 + Ruben Kerkhof 2018 + Russ White 2017-2018 + Ryan Hagelstrom 2017 + Sam Tannous 2016-2017 + Sarita Patra 2018 + Sebastian Lohff 2017 + Sergey Fionov 2018 + Sergey Y. Afonin 2011 + Serj Kalichev 2012 + Sid Khot 2016 + Silas McCroskey 2017-2018 + Stephane Litkowski 2017 + Stephen Hemminger 2008-2014 + Stephen Worley 2018 + Steve Hill 2009 + Stig Thormodsrud 2008 + Subbaiah Venkata 2012 + Svata Dedic 2011 + Sébastien Luttringer 2014 + Takashi Sogabe 2009 + Thijs Kinkhorst 2009 + Thomas Gelf 2018 + Thomas Petazzoni 2016 + Thomas Ries 2011 + Thorvald Natvig 2017 + Tigran Martirosyan 2018 + Timo Teräs 2008-2009, 2013-2017 + Timothy Redaelli 2017 + Tom Goff 2009-2011 + Tom Henderson 2009 + Tomasz Pala 2009 + Udaya Shankara KS 2016 + Ulrich Weber 2011-2013 + Vasilis Tsiligiannis 2009 + Vincent Bernat 2012, 2017-2018 + Vincent Jardin 2003-2007, 2014, 2017-2018 + Vipin Kumar 2014-2015 + Vishal Dhingra 2018 + Vishal Kumar 2012 + Vitaliy Senchyshyn 2013 + Vivek Venkatraman 2015-2018 + Vladimir L Ivanov 2010 + Vyacheslav Trushkin 2011-2012 + Vystoropskyi, Sergii 2015 + Wataru Tanitsu 2010 + Wenjian Ma 2015 + Will McLendon 2017 + YAMAMOTO Shigeru 2011 + Yasuhiro Ohara 2009 + Zefan Xu 2018 + dturlupov 2018 + heasley 2009-2011 + jaydom 2017 + jpmondet 2018 + kssoman 2018 + lihongguang 2018 + lyq140 2018 + pcarana 2018 + pogojotz 2017 + tigranmartirosyan 2017 + tmartiro 2017 + vize 2007 + 高鹏 2012 +License: GPL-2+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. diff --git a/debian/frr-dbg.lintian-overrides b/debian/frr-dbg.lintian-overrides new file mode 100644 index 0000000000..b18c555444 --- /dev/null +++ b/debian/frr-dbg.lintian-overrides @@ -0,0 +1,5 @@ +# extra priority is deprecated +frr-dbg binary: debug-package-should-be-priority-extra + +# personal name +spelling-error-in-copyright Ang And diff --git a/debian/frr-doc.doc-base b/debian/frr-doc.doc-base new file mode 100644 index 0000000000..ec7870d7aa --- /dev/null +++ b/debian/frr-doc.doc-base @@ -0,0 +1,23 @@ +Document: frr +Title: FRRouting user manual +Abstract: General user/operator description for the FRRouting suite of + routing protocol daemons. +Section: Network/Communication + +Format: HTML +Index: /usr/share/doc/frr/html/index.html +Files: /usr/share/doc/frr/html/* + +Format: info +Index: /usr/share/info/frr.info.gz +Files: + /usr/share/info/frr.info.gz + /usr/share/info/fig-normal-processing.png + /usr/share/info/fig-rs-processing.png + /usr/share/info/fig-vnc-commercial-route-reflector.png + /usr/share/info/fig-vnc-frr-route-reflector.png + /usr/share/info/fig-vnc-gw.png + /usr/share/info/fig-vnc-mesh.png + /usr/share/info/fig-vnc-redundant-route-reflectors.png + /usr/share/info/fig_topologies_full.png + /usr/share/info/fig_topologies_rs.png diff --git a/debian/frr-doc.info b/debian/frr-doc.info new file mode 100644 index 0000000000..a83255a24f --- /dev/null +++ b/debian/frr-doc.info @@ -0,0 +1 @@ +doc/user/_build/texinfo/frr.info diff --git a/debian/frr-doc.install b/debian/frr-doc.install new file mode 100644 index 0000000000..c48dc5a8db --- /dev/null +++ b/debian/frr-doc.install @@ -0,0 +1,10 @@ +# html docs include RST sources +usr/share/doc/frr/html + +# info + images referenced by it +usr/share/info/ +doc/user/_build/texinfo/*.png usr/share/info + +# other +README.md usr/share/doc/frr +doc/figures/*.png usr/share/doc/frr diff --git a/debian/frr-doc.lintian-overrides b/debian/frr-doc.lintian-overrides new file mode 100644 index 0000000000..d4ada822a5 --- /dev/null +++ b/debian/frr-doc.lintian-overrides @@ -0,0 +1,2 @@ +# personal name +spelling-error-in-copyright Ang And diff --git a/debian/frr-pythontools.install b/debian/frr-pythontools.install new file mode 100644 index 0000000000..28140382f6 --- /dev/null +++ b/debian/frr-pythontools.install @@ -0,0 +1 @@ +usr/lib/frr/frr-reload.py diff --git a/debian/frr-pythontools.lintian-overrides b/debian/frr-pythontools.lintian-overrides new file mode 100644 index 0000000000..d4ada822a5 --- /dev/null +++ b/debian/frr-pythontools.lintian-overrides @@ -0,0 +1,2 @@ +# personal name +spelling-error-in-copyright Ang And diff --git a/debian/frr-rpki-rtrlib.install b/debian/frr-rpki-rtrlib.install new file mode 100644 index 0000000000..0465c0d910 --- /dev/null +++ b/debian/frr-rpki-rtrlib.install @@ -0,0 +1 @@ +usr/lib/*/frr/modules/bgpd_rpki.so diff --git a/debian/frr-rpki-rtrlib.lintian-overrides b/debian/frr-rpki-rtrlib.lintian-overrides new file mode 100644 index 0000000000..3927731760 --- /dev/null +++ b/debian/frr-rpki-rtrlib.lintian-overrides @@ -0,0 +1,5 @@ +# module contains no function calls that can be hardened +frr-rpki-rtrlib binary: hardening-no-fortify-functions * + +# personal name +spelling-error-in-copyright Ang And diff --git a/debian/frr-snmp.install b/debian/frr-snmp.install new file mode 100644 index 0000000000..5517ca7eec --- /dev/null +++ b/debian/frr-snmp.install @@ -0,0 +1,2 @@ +usr/lib/*/frr/libfrrsnmp.* +usr/lib/*/frr/modules/*_snmp.so diff --git a/debian/frr-snmp.lintian-overrides b/debian/frr-snmp.lintian-overrides new file mode 100644 index 0000000000..d4ada822a5 --- /dev/null +++ b/debian/frr-snmp.lintian-overrides @@ -0,0 +1,2 @@ +# personal name +spelling-error-in-copyright Ang And diff --git a/debian/frr.conf b/debian/frr.conf new file mode 100644 index 0000000000..dee3cd849a --- /dev/null +++ b/debian/frr.conf @@ -0,0 +1,2 @@ +# Create the /run/frr directory at boot or from systemd-tmpfiles on install +d /run/frr 0755 frr frr diff --git a/debian/frr.dirs b/debian/frr.dirs new file mode 100644 index 0000000000..4b05c8c907 --- /dev/null +++ b/debian/frr.dirs @@ -0,0 +1,8 @@ +etc/logrotate.d/ +etc/frr/ +etc/iproute2/rt_protos.d/ +usr/share/doc/frr/ +usr/share/doc/frr/examples/ +usr/share/lintian/overrides/ +usr/share/yang/ +var/log/frr/ diff --git a/debian/frr.docs b/debian/frr.docs new file mode 100644 index 0000000000..34dbbd7bc7 --- /dev/null +++ b/debian/frr.docs @@ -0,0 +1,2 @@ +tools/zebra.el +debian/README.Debian diff --git a/debian/frr.install b/debian/frr.install new file mode 100644 index 0000000000..3dff5baae5 --- /dev/null +++ b/debian/frr.install @@ -0,0 +1,17 @@ +etc/frr/ +usr/bin/vtysh +usr/bin/mtracebis +usr/lib/*/frr/libfrr.* +usr/lib/*/frr/libfrrospfapiclient.* +usr/lib/frr/frr +usr/lib/frr/*d +usr/lib/frr/watchfrr +usr/lib/frr/zebra +usr/lib/*/frr/modules/zebra_irdp.so +usr/lib/*/frr/modules/zebra_fpm.so +usr/share/doc/frr/examples +usr/share/man/ +usr/share/yang/ +tools/etc/* etc/ +tools/frr-reload usr/lib/frr/ +debian/frr.conf usr/lib/tmpfiles.d diff --git a/debian/frr.lintian-overrides b/debian/frr.lintian-overrides new file mode 100644 index 0000000000..4df816fa05 --- /dev/null +++ b/debian/frr.lintian-overrides @@ -0,0 +1,14 @@ +# we're a bit special since we provide network connectivity by starting up +# routing protocols. +frr binary: systemd-service-file-refers-to-unusual-wantedby-target lib/systemd/system/frr.service network-online.target + +# function names & co. +frr binary: spelling-error-in-binary usr/lib/*/frr/libfrr.so.0.0.0 writen written +frr binary: spelling-error-in-binary usr/lib/*/frr/libfrrospfapiclient.so.0.0.0 writen written +frr binary: spelling-error-in-binary usr/lib/frr/ospfd writen written +frr binary: spelling-error-in-binary usr/lib/frr/zebra writen written +frr binary: spelling-error-in-binary usr/lib/frr/pimd writen written +frr binary: spelling-error-in-binary usr/lib/frr/pimd iif if + +# personal name +spelling-error-in-copyright Ang And diff --git a/debian/frr.logrotate b/debian/frr.logrotate new file mode 100644 index 0000000000..1dc9122ac4 --- /dev/null +++ b/debian/frr.logrotate @@ -0,0 +1,27 @@ +/var/log/frr/*.log { + size 500k + sharedscripts + missingok + compress + rotate 14 + create 640 frr frrvty + + postrotate + pid=$(lsof -t -a -c /syslog/ /var/log/frr/* 2>/dev/null) + if [ -n "$pid" ] + then # using syslog + kill -HUP $pid + fi + # in case using file logging; if switching back and forth + # between file and syslog, rsyslogd might still have file + # open, as well as the daemons, so always signal the daemons. + # It's safe, a NOP if (only) syslog is being used. + for i in babeld bgpd eigrpd isisd ldpd nhrpd ospf6d ospfd \ + pimd ripd ripngd zebra staticd fabricd; do + if [ -e /var/run/frr/$i.pid ] ; then + pids="$pids $(cat /var/run/frr/$i.pid)" + fi + done + [ -n "$pids" ] && kill -USR1 $pids || true + endscript +} diff --git a/debian/frr.manpages b/debian/frr.manpages new file mode 100644 index 0000000000..f5aa972304 --- /dev/null +++ b/debian/frr.manpages @@ -0,0 +1,16 @@ +doc/manpages/_build/man/frr.1 +doc/manpages/_build/man/bgpd.8 +doc/manpages/_build/man/pimd.8 +doc/manpages/_build/man/eigrpd.8 +doc/manpages/_build/man/ldpd.8 +doc/manpages/_build/man/nhrpd.8 +doc/manpages/_build/man/ospf6d.8 +doc/manpages/_build/man/ospfd.8 +doc/manpages/_build/man/ripd.8 +doc/manpages/_build/man/ripngd.8 +doc/manpages/_build/man/vtysh.1 +doc/manpages/_build/man/zebra.8 +doc/manpages/_build/man/isisd.8 +doc/manpages/_build/man/watchfrr.8 +doc/manpages/_build/man/mtracebis.8 +doc/manpages/_build/man/fabricd.8 diff --git a/debian/frr.pam b/debian/frr.pam new file mode 100644 index 0000000000..2b106d43bc --- /dev/null +++ b/debian/frr.pam @@ -0,0 +1,3 @@ +# Any user may call vtysh but only those belonging to the group frrvty can +# actually connect to the socket and use the program. +auth sufficient pam_permit.so diff --git a/debian/frr.postinst b/debian/frr.postinst new file mode 100644 index 0000000000..130903ca0b --- /dev/null +++ b/debian/frr.postinst @@ -0,0 +1,36 @@ +#!/bin/bash + +set -e + +###################### +frruid=`getent passwd frr | awk -F ":" '{ print $3 }'` +frrgid=`getent group frr | awk -F ":" '{ print $3 }'` +frrvtygid=`getent group frrvty | awk -F ":" '{ print $3 }'` + +[ -n ${frruid} ] || (echo "No uid for frr" && /bin/false) +[ -n ${frrgid} ] || (echo "No gid for frr" && /bin/false) +[ -n ${frrVTYgid} ] || (echo "No gid for frrvty" && /bin/false) + +chown ${frruid}:${frrgid} /etc/frr +chown ${frruid}:${frrgid} /etc/frr/* +touch /etc/frr/vtysh.conf +chgrp ${frrvtygid} /etc/frr/vtysh* +chmod 644 /etc/frr/* + +ENVIRONMENTFILE=/etc/environment +if ! egrep --quiet '^VTYSH_PAGER=' ${ENVIRONMENTFILE}; then + echo "VTYSH_PAGER=/bin/cat" >> ${ENVIRONMENTFILE} +fi +################################################## + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} + +# This is most likely due to the answer "no" to the "really stop the server" +# question in the prerm script. +if [ "$1" = "abort-upgrade" ]; then + exit 0 +fi + +#DEBHELPER# + diff --git a/debian/frr.postrm b/debian/frr.postrm new file mode 100644 index 0000000000..aef06adcb9 --- /dev/null +++ b/debian/frr.postrm @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} +# set -u not because of debhelper + +if [ "$1" = "purge" ]; then + rm -rf /etc/frr /var/run/frr /var/log/frr + userdel frr >/dev/null 2>&1 || true +fi + +#DEBHELPER# diff --git a/debian/frr.preinst b/debian/frr.preinst new file mode 100644 index 0000000000..1c141f37f9 --- /dev/null +++ b/debian/frr.preinst @@ -0,0 +1,81 @@ +#!/bin/bash + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} +set -e +set -u + +# creating frrvty group if it isn't already there +if ! getent group frrvty >/dev/null; then + addgroup --system frrvty >/dev/null +fi + +# creating frr group if it isn't already there +if ! getent group frr >/dev/null; then + addgroup --system frr >/dev/null +fi + +# creating frr user if he isn't already there +if ! getent passwd frr >/dev/null; then + adduser \ + --system \ + --ingroup frr \ + --home /nonexistent \ + --gecos "Frr routing suite" \ + --shell /bin/false \ + frr >/dev/null +fi + +# We may be installing over an older version of +# frr and as such we need to intelligently +# check to see if the frr user is in the frrvty +# group. +if ! id frr | grep &>/dev/null 'frrvty'; then + usermod -a -G frrvty frr >/dev/null +fi + +# Do not change permissions when upgrading as it would violate policy. +if [ "$1" = "install" ]; then + # Logfiles are group readable in case users were put into the frr group. + d=/var/log/frr/ + mkdir -p $d + chown frr:frr $d + chown --quiet frr:frr $d/* | true + chmod u=rwx,go=rx $d + find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= + + # Strict permissions for the sockets. + d=/var/run/frr/ + mkdir -p $d + chown frr:frr $d + chown --quiet frr:frr $d/* | true + chmod u=rwx,go=rx $d + find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,go= + + # Config files. Vtysh does not have access to the individual daemons config file + d=/etc/frr/ + mkdir -p $d + chown frr:frrvty $d + chmod ug=rwx,o=rx $d + find $d -type f -print0 | xargs -0 --no-run-if-empty chown frr:frr + find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= + + # Exceptions for vtysh. + f=$d/vtysh.conf + if [ -f $f ]; then + chown frr:frrvty $f + chmod u=rw,g=r,o= $f + fi + + # Exceptions for vtysh. + f=$d/frr.conf + if [ -f $d/Zebra.conf ]; then + mv $d/Zebra.conf $f + fi + if [ -f $f ]; then + chown frr:frrvty $f + chmod u=rw,g=r,o= $f + fi +fi + +#DEBHELPER# diff --git a/debian/frr.prerm b/debian/frr.prerm new file mode 100644 index 0000000000..090cd5752a --- /dev/null +++ b/debian/frr.prerm @@ -0,0 +1,24 @@ +#!/bin/bash + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} +set -e + +# prerm remove +# old-prerm upgrade new-version +# new-prerm failed-upgrade old-version +# conflictor's-prerm remove in-favour package new-version +# deconfigured's-prerm deconfigure in-favour package-being-installed version removing conflicting-package +case $1 in + remove|upgrade) + ;; + + failed-upgrade) + # If frr/really_stop was negated then this script exits with return + # code 1 and is called again with "failed-upgrade". Well, exit again. + exit 1 + ;; + +esac + +#DEBHELPER# diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 0000000000..1a89f35853 --- /dev/null +++ b/debian/not-installed @@ -0,0 +1,3 @@ +usr/include +usr/lib/frr/ospfclient +usr/lib/frr/rfptest diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000000..c35b46cf4e --- /dev/null +++ b/debian/rules @@ -0,0 +1,107 @@ +#!/usr/bin/make -f + +# standard Debian options & profiles + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +ifneq (,$(filter terse,$(DEB_BUILD_OPTIONS))) + MAKE_SILENT="V=0" + export DH_VERBOSE=0 +else + MAKE_SILENT="V=1" + export DH_VERBOSE=1 + export DH_OPTIONS=-v +endif + +# package-specific build profiles + +ifeq ($(filter pkg.frr.nortrlib,$(DEB_BUILD_PROFILES)),) + CONF_RPKI=--enable-rpki +else + CONF_RPKI=--disable-rpki +endif + +ifeq ($(filter pkg.frr.nosystemd,$(DEB_BUILD_PROFILES)),) + DH_WITH_SYSTEMD=systemd, + CONF_SYSTEMD=--enable-systemd=yes +else + DH_WITH_SYSTEMD= + CONF_SYSTEMD=--enable-systemd=no +endif + +export PYTHON=python3 + +%: + dh $@ --with=$(DH_WITH_SYSTEMD)autoreconf --parallel + +override_dh_auto_configure: + $(shell dpkg-buildflags --export=sh); \ + dh_auto_configure -- \ + --enable-exampledir=/usr/share/doc/frr/examples/ \ + --localstatedir=/var/run/frr \ + --sbindir=/usr/lib/frr \ + --sysconfdir=/etc/frr \ + --with-vtysh-pager=/usr/bin/pager \ + --libdir=/usr/lib/$(DEB_HOST_MULTIARCH)/frr \ + --with-moduledir=/usr/lib/$(DEB_HOST_MULTIARCH)/frr/modules \ + LIBTOOLFLAGS="-rpath /usr/lib/$(DEB_HOST_MULTIARCH)/frr" \ + --disable-dependency-tracking \ + \ + $(CONF_SYSTEMD) \ + $(CONF_RPKI) \ + --with-libpam \ + --enable-doc \ + --enable-doc-html \ + --enable-snmp \ + --enable-fpm \ + --disable-protobuf \ + --disable-zeromq \ + --enable-ospfapi \ + --enable-bgp-vnc \ + --enable-multipath=256 \ + \ + --enable-user=frr \ + --enable-group=frr \ + --enable-vty-group=frrvty \ + --enable-configfile-mask=0640 \ + --enable-logfile-mask=0640 \ + # end + +override_dh_auto_install: + dh_auto_install + + sed -e '1c #!/usr/bin/python3' -i debian/tmp/usr/lib/frr/frr-reload.py + +# let dh_systemd_* and dh_installinit do their thing automatically +ifeq ($(filter pkg.frr.nosystemd,$(DEB_BUILD_PROFILES)),) + cp tools/frr.service debian/frr.service +endif + cp tools/frr debian/frr.init + +# install config files + mkdir -p debian/tmp/etc/frr/ + sed -e 's#^!log file #!log file /var/log/frr/#' -i debian/tmp/usr/share/doc/frr/examples/*sample* + +# drop dev-only files + find debian/tmp -name '*.la' -o -name '*.a' -o -name 'lib*.so' | xargs rm -f + rm -rf debian/tmp/usr/include + +# use installed js libraries + -rm -f debian/tmp/usr/share/doc/frr/html/_static/jquery.js + ln -s /usr/share/javascript/jquery/jquery.js debian/tmp/usr/share/doc/frr/html/_static/jquery.js + -rm -f debian/tmp/usr/share/doc/frr/html/_static/underscore.js + ln -s /usr/share/javascript/underscore/underscore.js debian/tmp/usr/share/doc/frr/html/_static/underscore.js + +override_dh_auto_build: + dh_auto_build -- $(MAKE_SILENT) + +override_dh_makeshlibs: + dh_makeshlibs -n + +override_dh_missing: + dh_missing --fail-missing + +override_dh_auto_clean: +# we generally do NOT want a full distclean since that wipes both +# debian/changelog and config.version + if test -f Makefile; then make redistclean; fi diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000000..af745b310b --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (git) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides new file mode 100644 index 0000000000..cebc81fddf --- /dev/null +++ b/debian/source/lintian-overrides @@ -0,0 +1,5 @@ +# these are for build-compatibility on older distros (e.g. Ubuntu 14.04) +frr source: alternatively-build-depends-on-python-sphinx-and-python3-sphinx + +# Debian Jessie and Ubuntu 16.04 need dh-systemd +frr source: ored-build-depends-on-obsolete-package diff --git a/debian/subdir.am b/debian/subdir.am new file mode 100644 index 0000000000..05dd77e62c --- /dev/null +++ b/debian/subdir.am @@ -0,0 +1,45 @@ +# +# debian +# + +EXTRA_DIST += \ + debian/README.Debian \ + debian/README.Maintainer \ + debian/changelog \ + debian/changelog-auto \ + debian/compat \ + debian/control \ + debian/copyright \ + debian/rules \ + debian/source/format \ + debian/source/lintian-overrides \ + debian/tests/control \ + debian/tests/daemons \ + debian/watchfrr.rc \ + debian/watch \ + \ + debian/frr-dbg.lintian-overrides \ + debian/frr-doc.doc-base \ + debian/frr-doc.info \ + debian/frr-doc.install \ + debian/frr-doc.lintian-overrides \ + debian/frr-pythontools.install \ + debian/frr-pythontools.lintian-overrides \ + debian/frr-rpki-rtrlib.install \ + debian/frr-rpki-rtrlib.lintian-overrides \ + debian/frr-snmp.install \ + debian/frr-snmp.lintian-overrides \ + debian/frr.conf \ + debian/frr.dirs \ + debian/frr.docs \ + debian/frr.install \ + debian/frr.lintian-overrides \ + debian/frr.logrotate \ + debian/frr.manpages \ + debian/frr.pam \ + debian/frr.postinst \ + debian/frr.postrm \ + debian/frr.preinst \ + debian/frr.prerm \ + debian/not-installed \ + # end diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000000..53fd537e2e --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,3 @@ +Tests: daemons +Depends: frr +Restrictions: needs-root diff --git a/debian/tests/daemons b/debian/tests/daemons new file mode 100644 index 0000000000..43966c8347 --- /dev/null +++ b/debian/tests/daemons @@ -0,0 +1,30 @@ +#!/bin/bash +#--------------- +# Testing frr +#--------------- +set -e + +# modify config file to enable all daemons and copy config files +CONFIG_FILE=/etc/frr/daemons +DAEMONS=("zebra" "bgpd" "ospfd" "ospf6d" "ripd" "ripngd" "isisd" "pimd" "fabricd") + +for daemon in "${DAEMONS[@]}" +do + sed -i -e "s/${daemon}=no/${daemon}=yes/g" $CONFIG_FILE + cp /usr/share/doc/frr/examples/${daemon}.conf.sample /etc/frr/${daemon}.conf +done + +# reload frr +/etc/init.d/frr restart > /dev/null 2>&1 + +# check daemons +for daemon in "${DAEMONS[@]}" +do + echo -n "check $daemon - " + if pidof -x $daemon > /dev/null; then + echo "${daemon} OK" + else + echo "ERROR: ${daemon} IS NOT RUNNING" + exit 1 + fi +done diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000000..c286392d7e --- /dev/null +++ b/debian/watch @@ -0,0 +1,4 @@ +version=4 + +https://github.com/FRRouting/frr/releases/ \ + download/frr-(?:\d[\d.]*)/frr-(\d[\d.]*)\.tar\.xz debian uupdate diff --git a/debian/watchfrr.rc b/debian/watchfrr.rc new file mode 100644 index 0000000000..4110b86399 --- /dev/null +++ b/debian/watchfrr.rc @@ -0,0 +1,4 @@ +check process watchfrr with pidfile /var/run/frr/watchfrr.pid + start program = "/etc/init.d/frr start watchfrr" with timeout 120 seconds + stop program = "/etc/init.d/frr stop watchfrr" + if 3 restarts within 10 cycles then timeout diff --git a/debianpkg/.gitignore b/debianpkg/.gitignore deleted file mode 100644 index b48b513813..0000000000 --- a/debianpkg/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/changelog-auto diff --git a/debianpkg/README.Debian b/debianpkg/README.Debian deleted file mode 100644 index 6d6c60bef1..0000000000 --- a/debianpkg/README.Debian +++ /dev/null @@ -1,135 +0,0 @@ -* SAFETY MEASURES: -================== - -Please consider setting this package "on hold" by typing - echo "frr hold" | dpkg --set-selections -and verifying this using - dpkg --get-selections | grep 'hold$' - -Setting a package "on hold" means that it will not automatically be upgraded. -Instead apt-get only displays a warning saying that a new version would be -available forcing you to explicitly type "apt-get install frr" to upgrade it. - - -* What is frr? -================= - -http://www.frrouting.org/ -FRR is a routing software suite, providing implementations of OSPFv2, -OSPFv3, RIP v1 and v2, RIPng, ISIS, PIM, BGP and LDP for Unix platforms, particularly -FreeBSD and Linux and also NetBSD, to mention a few. FRR is a fork of Quagga -which itself is a fork of Zebra. -Zebra was developed by Kunihiro Ishiguro. - - -* Build Profiles used in the upstream debianpkg/ -================================================ - -The following Build Profiles have been added: - -- pkg.frr.nortrlib (pkg.frr.rtrlib) - controls whether the RPKI module is built. - Will be enabled by default at some point, adds some extra dependencies. - -- pkg.frr.nosnmp (pkg.frr.snmp) - controls whether the SNMP module is built, see below for license issues. - Will remain default-off as long as the license issue persists. - -- pkg.frr.nosystemd - Disables both systemd unit file installation as well as watchfrr sd_notify - support at startup. Removes libsystemd dependency. - -Note that all options have a "no" form; if you want to have your decision -be sticky regardless of changes to what it defaults to, then always use one -of the two. For example, all occurrences of will at some -point be replaced with . - -The main frr package has the exact same contents regardless of rtrlib or snmp -choices. The options only control frr-snmp and frr-rpki-rtrlib packages. - -The main frr package does NOT have the same contents if pkg.frr.nosystemd is -used. This option should only be used for systems that do not have systemd, -e.g. Ubuntu 14.04. - - -* Why has SNMP support been disabled? -===================================== -FRR used to link against the NetSNMP libraries to provide SNMP -support. Those libraries sadly link against the OpenSSL libraries -to provide crypto support for SNMPv3 among others. -OpenSSL now is not compatible with the GNU GENERAL PUBLIC LICENSE (GPL) -licence that FRR is distributed under. For more explanation read: - http://www.gnome.org/~markmc/openssl-and-the-gpl.html - http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs -Updating the licence to explecitly allow linking against OpenSSL -would requite the affirmation of all people that ever contributed -a significant part to Zebra / Quagga or FRR and thus are the collective -"copyright holder". That's too much work. Using a shrinked down -version of NetSNMP without OpenSSL or convincing the NetSNMP people -to change to GnuTLS are maybe good solutions but not reachable -during the last days before the Sarge release :-( - - *BUT* - -It is allowed by the used licence mix that you fetch the sources and -build FRR yourself with SNMP with - # apt-get -b source -Ppkg.frr.snmp frr -Just distributing it in binary form, linked against OpenSSL, is forbidden. - - -* Debian Policy compliance notes -================================ - -- 4.15 Reproducibility - FRR build is reproducible as outlined in version 4.2.1 of the Policy, but - won't be reproducible when the build directory is varied. This is because - configure parameters are burned into the executables which includes CFLAGS - like -fdebug-prefix-map=/build/directory/... - - -* Daemon selection: -=================== - -The Debian package uses /etc/frr/daemons to tell the -initscript which daemons to start. It's in the format -= -with no spaces (it's simply source-d into the initscript). -Default is not to start anything, since it can hose your -system's routing table if not set up properly. - -Priorities were suggested by Dancer . -They're used to start the FRR daemons in more than one step -(for example start one or two at network initialization and the -rest later). The number of FRR daemons being small, priorities -must be between 1 and 9, inclusive (or the initscript has to be -changed). /etc/init.d/frr then can be started as - -/etc/init.d/frr > - -where priority 0 is the same as 'stop', priority 10 or 'start' -means 'start all' - - -* Error message "privs_init: initial cap_set_proc failed": -========================================================== - -This error message means that "capability support" has to be built -into the kernel. - - -* Error message "netlink-listen: overrun: No buffer space available": -===================================================================== - -If this message occurs the receive buffer should be increased by adding the -following to /etc/sysctl.conf and "--nl-bufsize" to /etc/frr/daemons. -> net.core.rmem_default = 262144 -> net.core.rmem_max = 262144 -See message #4525 from 2005-05-09 in the quagga-users mailing list. - - -* vtysh immediately exists: -=========================== - -Check /etc/pam.d/frr, it probably denies access to your user. The passwords -configured in /etc/frr/frr.conf are only for telnet access. - diff --git a/debianpkg/README.Maintainer b/debianpkg/README.Maintainer deleted file mode 100644 index 9030022c5e..0000000000 --- a/debianpkg/README.Maintainer +++ /dev/null @@ -1,32 +0,0 @@ -# -# TODO -# - -- check that tests/{control,daemons} actually do something useful and sensible -- /usr/share/doc/frr-doc should be named just frr? -- debian/watch pgpsigurlmangle / signing-key -- multiarch for DSOs? -- frr try-restart - -# -# To check if the patches still apply on new upstream versions: -# -for i in debian/patches/*.diff; do echo -e "#\n# $i\n#"; patch --fuzz=3 --dry-run -p1 < $i; done - -# -# Filename transition from zebra to frr -# - -Files that keep their names - /usr/bin/vtysh - -Files that got an -pj suffix - /etc/default/zebra -> /etc/frr/daemons.conf - /etc/init.d/zebra -> /etc/init.d/frr - /etc/zebra/ -> /etc/frr/ - /usr/share/doc/zebra/ -> /usr/share/doc/frr/ - /var/log/zebra/ -> /var/log/frr/ - /var/run/ -> /var/run/frr/ - -Files that were moved - /usr/sbin/* -> /usr/lib/frr/ diff --git a/debianpkg/changelog b/debianpkg/changelog deleted file mode 120000 index be6099f8d4..0000000000 --- a/debianpkg/changelog +++ /dev/null @@ -1 +0,0 @@ -changelog-auto \ No newline at end of file diff --git a/debianpkg/changelog-auto.in b/debianpkg/changelog-auto.in deleted file mode 100644 index 127d7fe147..0000000000 --- a/debianpkg/changelog-auto.in +++ /dev/null @@ -1,1420 +0,0 @@ -frr (@VERSION@-0) UNRELEASED; urgency=medium - - * autoconf changelog entry -- for git autobuilds only. - remove and replace when creating releases! - (tools/tarsource.sh will handle this) - - -- FRRouting-Dev Thu, 25 Oct 2018 16:36:50 +0200 - -frr (6.0-2) testing; urgency=medium - - * add install-info to build deps - * remove trailing whitespace from control - * cleanup tcp-zebra configure options - * drop unused SMUX client OID MIBs - * remove /proc check - * remove --enable-poll - * remove libtool .la files - * drop texlive-latex-base, texlive-generic-recommended build deps - * consistently allow python2 or python3 - * remove bad USE_* options, add WERROR - * drop libncurses5 dep - * remove backports mechanism - * use better dependency for pythontools (binNMU compatible) - * remove bogus shlib:Depends on frr-dbg - * create frr-snmp and frr-rpki-rtrlib - * make frr-pythontools a "Recommends:" - * use redistclean target - * update to Debian Policy version 4.2.1 - * raise debhelper compat level to 9 - * ditch development-only files - * modernise dh_missing and use fail mode - * disable zeromq and FPM - * always install /etc/init.d/frr - * put frr-doc package in 'doc' section - * install HTML docs, drop tools/ - * fix install for {frr,rfptest,ospfclient} - * add watch file - * change python dependency and shebang to python3:any - * use set -e in maintscripts - * put myself in as maintainer - * update copyright file - * closes: #863249 - - -- David Lamparter Thu, 25 Oct 2018 16:36:50 +0200 - -frr (6.0-1) RELEASED; urgency=medium - - * New Enabled: PIM draft Unnumbered - - -- FRRouting-Dev Wed, 18 Oct 2017 17:01:42 -0700 - -frr (3.0-1) RELEASED; urgency=medium - - * Added Debian 9 Backport - - -- FRRouting-Dev Mon, 16 Oct 2017 03:28:00 -0700 - -frr (3.0-0) RELEASED; urgency=medium - - * New Enabled: BGP Shutdown Message - * New Enabled: BGP Large Community - * New Enabled: BGP RFC 7432 Partial Support w/ Ethernet VPN - * New Enabled: BGP EVPN RT-5 - * New Enabled: LDP RFC 5561 - * New Enabled: LDP RFC 5918 - * New Enabled: LDP RFC 5919 - * New Enabled: LDP RFC 6667 - * New Enabled: LDP RFC 7473 - * New Enabled: OSPF RFC 4552 - * New Enabled: ISIS SPF Backoff draft - * New Enabled: PIM Unnumbered Interfaces - * New Enabled: PIM RFC 4611 - * New Enabled: PIM Sparse Mode - * New Enabled: NHRP RFC 2332 - * New Enabled: Label Manager - * Switched from hardening-wrapper to dpkg-buildflags. - - -- FRRouting-Dev Fri, 13 Oct 2017 16:17:26 -0700 - -frr (2.0-0) RELEASED; urgency=medium - - * Switchover to FRR - - -- FRRouting-Dev Mon, 23 Jan 2017 16:30:22 -0400 - -quagga (0.99.24+cl3u5) RELEASED; urgency=medium - - * Closes: CM-12846 - Resolve Memory leaks in 'show ip bgp neighbor json' - * Closes: CM-5878 - Display all ospf peers with 'show ip ospf neighbor detail all' - * Closes: CM-5794 - Add support for IPv6 static to null0 - * Closes: CM-13060 - Reduce JSON memory usage. - * Closes: CM-10394 - protect 'could not get instance' error messages with debug - * Closes: CM-11173 - Move netlink error messages undeer a debug - * Closes: CM-13328 - Fixes route missing in hardware after reboot - - -- dev-support Fri, 11 Nov 2016 22:13:29 -0400 - -quagga (0.99.24+cl3u4) RELEASED; urgency=medium - - * Closes: CM-12687 - Buffer overflow in zebra RA code - - -- dev-support Wed, 31 Aug 2016 12:36:10 -0400 - -quagga (0.99.24+cl3u3) RELEASED; urgency=medium - - * New Enabled: Merge up-to 0.99.24 code from upstream - * New Enabled: Additional CLI simplification - * New Enabled: Various Bug Fixes - - -- dev-support Thu, 04 Aug 2016 08:43:36 -0700 - -quagga (0.99.23.1-1+cl3u2) RELEASED; urgency=medium - - * New Enabled: VRF - See Documentation for how to use - * New Enabled: Improved interface statistics - * New Enabled: Various vtysh improvements - * New Enabled: Numerous compile warnings and SA fixes - * New Enabled: Improved priviledge handlingA - * New Enabled: Various OSPF CLI fixes - * New Enabled: Prefix-list Performance Improvements. - * New Enabled: Allow more than 1k peers in Quagga - and Performance Improvements - * New Enabled: Systemd integration - * New Enabled: Various ISIS fixes - * New Enabled: BGP MRT improvements - * New Enabled: Lowered default MRAI timers - * New Enabled: Lowered default 'timers connect' - * New Enabled: 'bgp log-neighbor-changes' enabled by default - * New Enabled: BGP default keepalive to 3s and holdtime to 9s - * New Enabled: OSPF spf timers are now '0 50 5000' by default - * New Enabled: BGP hostname is displayed by default - * New Enabled: BGP 'no-as-set' is the default for - 'bgp as-path multipath-relax" - * New Enabled: RA is on by default if using 5549 on an interface - * New Enabled: peer-group restrictions relaxed, update-groups determine - outbund policy anyway - * New Enabled: BGP enabled 'maximum-paths 64' by default - * New Enabled: OSPF "log-adjacency-changes" on by default - * New Enabled: Zebra: Add IPv6 protocol filtering support - * and setting src of IPv6 routes. - * New Enabled: BGP and OSPF JSON commands added. - * New Enabled: BGP Enable multiple instances support by default - * New Enabled: 'banner motd file' command - * New Enabled: Remove bad default passwords from default conf - * New Enabled: BGP addpath TX - * New Enabled: Simplified configuration for BGP Unnumbered - - * New Deprecated: Remove unused 'show memory XXX' functionality - * New Deprecated: Remove babel protocol - - * Closes: CM-10435 Addition on hidden command - "bfd multihop/singlehop" and "ptm-enable" per interface command - * Closes: CM-9974 Get route counts right for show ip route summary - * Closes: CM-9786 BGP memory leak in peer hostname - * Closes: CM-9340 BGP: Ensure correct sequence of processing at exit - * Closes: CM-9270 ripd: Fix crash when a default route is passed to rip - * Closes: CM-9255 BGPD crash around bgp_config_write () - * Closes: CM-9134 ospf6d: Fix for crash when non area 0 network - entered first - * Closes: CM-8934 OSPFv3: Check area before scheduling SPF - * Closes: CM-8514 zebra: Crash upon disabling a link - * Closes: CM-8295 BGP crash in group_announce_route_walkcb - * Closes: CM-8191 BGP: crash in update_subgroup_merge() - * Closes: CM-8015 lib: Memory reporting fails over 2GB - * Closes: CM-7926 BGP: crash from not NULLing freed pointers - - -- dev-support Wed, 04 May 2016 16:22:52 -0700 - -quagga (0.99.23.1-1) unstable; urgency=medium - - * New upstream release - * Added .png figures for info files to quagga-doc package. - * Changed dependency from iproute to iproute2 (thanks to Andreas - Henriksson). Closes: #753736 - * Added texlive-fonts-recommended to build-depends to get ecrm1095 font - (thanks to Christoph Biedl). Closes: #651545 - - -- Christian Brunotte Tue, 30 Sep 2014 00:20:12 +0200 - -quagga (0.99.23-1) unstable; urgency=low - - * New upstream release - * Removed debian/patches/readline-6.3.diff which was already in upstream. - - -- Christian Hammers Tue, 08 Jul 2014 09:15:48 +0200 - -quagga (0.99.22.4-4) unstable; urgency=medium - - * Fix build failure with readline-6.3 (thanks to Matthias Klose). - Closes: #741774 - - -- Christian Hammers Sun, 23 Mar 2014 15:28:42 +0100 - -quagga (0.99.22.4-3) unstable; urgency=low - - * Added status to init script (thanks to Peter J. Holzer). Closes: #730625 - * Init script now sources /lib/lsb/init-functions. - * Switched from hardening-wrapper to dpkg-buildflags. - - -- Christian Hammers Wed, 01 Jan 2014 19:12:01 +0100 - -quagga (0.99.22.4-2) unstable; urgency=low - - * Fixed typo in package description (thanks to Davide Prina). - Closes: #625860 - * Added Italian Debconf translation (thanks to Beatrice Torracca) - Closes: #729798 - - -- Christian Hammers Tue, 26 Nov 2013 00:47:11 +0100 - -quagga (0.99.22.4-1) unstable; urgency=high - - * SECURITY: - "ospfd: CVE-2013-2236, stack overrun in apiserver - - the OSPF API-server (exporting the LSDB and allowing announcement of - Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads - to an exploitable stack overflow. - - For this condition to occur, the following two conditions must be true: - - Quagga is configured with --enable-opaque-lsa - - ospfd is started with the "-a" command line option - - If either of these does not hold, the relevant code is not executed and - the issue does not get triggered." - Closes: #726724 - - * New upstream release - - ospfd: protect vs. VU#229804 (malformed Router-LSA) - (Quagga is said to be non-vulnerable but still adds some protection) - - -- Christian Hammers Thu, 24 Oct 2013 22:58:37 +0200 - -quagga (0.99.22.1-2) unstable; urgency=low - - * Added autopkgtests (thanks to Yolanda Robla). Closes: #710147 - * Added "status" command to init script (thanks to James Andrewartha). - Closes: #690013 - * Added "libsnmp-dev" to Build-Deps. There not needed for the official - builds but for people who compile Quagga themselves to activate the - SNMP feature (which for licence reasons cannot be done by Debian). - Thanks to Ben Winslow). Closes: #694852 - * Changed watchquagga_options to an array so that quotes can finally - be used as expected. Closes: #681088 - * Fixed bug that prevented restarting only the watchquagga daemon - (thanks to Harald Kappe). Closes: #687124 - - -- Christian Hammers Sat, 27 Jul 2013 16:06:25 +0200 - -quagga (0.99.22.1-1) unstable; urgency=low - - * New upstream release - - ospfd restore nexthop IP for p2p interfaces - - ospfd: fix LSA initialization for build without opaque LSA - - ripd: correctly redistribute ifindex routes (BZ#664) - - bgpd: fix lost passwords of grouped neighbors - * Removed 91_ld_as_needed.diff as it was found in the upstream source. - - -- Christian Hammers Mon, 22 Apr 2013 22:21:20 +0200 - -quagga (0.99.22-1) unstable; urgency=low - - * New upstream release. - - [bgpd] The semantics of default-originate route-map have changed. - The route-map is now used to advertise the default route conditionally. - The old behaviour which allowed to set attributes on the originated - default route is no longer supported. - - [bgpd] this version of bgpd implements draft-idr-error-handling. This was - added in 0.99.21 and may not be desirable. If you need a version - without this behaviour, please use 0.99.20.1. There will be a - runtime configuration switch for this in future versions. - - [isisd] is in "beta" state. - - [ospf6d] is in "alpha/experimental" state - - More changes are documented in the upstream changelog! - * debian/watch: Adjusted to new savannah.gnu.org site, thanks to Bart - Martens. - * debian/patches/99_CVE-2012-1820_bgp_capability_orf.diff removed as its - in the changelog. - * debian/patches/99_distribute_list.diff removed as its in the changelog. - * debian/patches/10_doc__Makefiles__makeinfo-force.diff removed as it - was just for Debian woody. - - -- Christian Hammers Thu, 14 Feb 2013 00:22:00 +0100 - -quagga (0.99.21-4) unstable; urgency=medium - - * Fixed regression bug that caused OSPF "distribute-list" statements to be - silently ignored. The patch has already been applied upstream but there - has been no new Quagga release since then. - Thanks to Hans van Kranenburg for reporting. Closes: #697240 - - -- Christian Hammers Sun, 06 Jan 2013 15:50:32 +0100 - -quagga (0.99.21-3) unstable; urgency=high - - * SECURITY: - CVE-2012-1820 - Quagga contained a bug in BGP OPEN message handling. - A denial-of-service condition could be caused by an attacker controlling - one of the pre-configured BGP peers. In most cases this means, that the - attack must be originated from an adjacent network. Closes: #676510 - - -- Christian Hammers Fri, 08 Jun 2012 01:15:32 +0200 - -quagga (0.99.21-2) unstable; urgency=low - - * Renamed babeld.8 to quagga-babeld.8 as it conflicted with the - original mapage of the babeld package which users might want to - install in parallel as it is slightly more capable. Closes: #671916 - - -- Christian Hammers Thu, 10 May 2012 07:53:01 +0200 - -quagga (0.99.21-1) unstable; urgency=low - - * New upstream release - - [bgpd] BGP multipath support has been merged - - [bgpd] SAFI (Multicast topology) support has been extended to propagate - the topology to zebra. - - [bgpd] AS path limit functionality has been removed - - [babeld] a new routing daemon implementing the BABEL ad-hoc mesh routing - protocol has been merged. - - [isisd] a major overhaul has been picked up. Please note that isisd is - STILL NOT SUITABLE FOR PRODUCTION USE. - - a lot of bugs have been fixed - * Added watchquagga daemon. - * Added DEP-3 conforming patch comments. - - -- Christian Hammers Sun, 06 May 2012 15:33:33 +0200 - -quagga (0.99.20.1-1) unstable; urgency=high - - * SECURITY: - CVE-2012-0249 - Quagga ospfd DoS on malformed LS-Update packet - CVE-2012-0250 - Quagga ospfd DoS on malformed Network-LSA data - CVE-2012-0255 - Quagga bgpd DoS on malformed OPEN message - * New upstream release. Closes: #664033 - - -- Christian Hammers Fri, 16 Mar 2012 22:14:05 +0100 - -quagga (0.99.20-4) unstable; urgency=low - - * Switch to dpkg-source 3.0 (quilt) format. - * Switch to changelog-format-1.0. - - -- Christian Hammers Sat, 25 Feb 2012 18:52:06 +0100 - -quagga (0.99.20-3) unstable; urgency=low - - * Added --sysconfdir back to the configure options (thanks to Sven-Haegar - Koch). Closes: #645649 - - -- Christian Hammers Tue, 18 Oct 2011 00:24:37 +0200 - -quagga (0.99.20-2) unstable; urgency=low - - * Bumped standards version to 0.9.2. - * Migrated to "dh" build system. - * Added quagga-dbg package. - - -- Christian Hammers Fri, 14 Oct 2011 23:59:26 +0200 - -quagga (0.99.20-1) unstable; urgency=low - - * New upstream release: - "The primary focus of this release is a fix of SEGV regression in ospfd, - which was introduced in 0.99.19. It also features a series of minor - improvements, including better RFC compliance in bgpd, better support - of FreeBSD and some enhancements to isisd." - * Fixes off-by-one bug (removed 20_ospf6_area_argv.dpatch). Closes: #519488 - - -- Christian Hammers Fri, 30 Sep 2011 00:59:24 +0200 - -quagga (0.99.19-1) unstable; urgency=high - - * SECURITY: - "This release provides security fixes, which address assorted - vulnerabilities in bgpd, ospfd and ospf6d (CVE-2011-3323, - CVE-2011-3324, CVE-2011-3325, CVE-2011-3326 and CVE-2011-3327). - * New upstream release. - * Removed incorporated debian/patches/92_opaque_lsa_enable.dpatch. - * Removed incorporated debian/patches/93_opaque_lsa_fix.dpatch. - * Removed obsolete debian/README.Debian.Woody and README.Debian.MD5. - - -- Christian Hammers Tue, 27 Sep 2011 00:16:27 +0200 - -quagga (0.99.18-1) unstable; urgency=low - - * SECURITY: - "This release fixes 2 denial of services in bgpd, which can be remotely - triggered by malformed AS-Pathlimit or Extended-Community attributes. - These issues have been assigned CVE-2010-1674 and CVE-2010-1675. - Support for AS-Pathlimit has been removed with this release." - * Added Brazilian Portuguese debconf translation. Closes: #617735 - * Changed section for quagga-doc from "doc" to "net". - * Added patch to fix FTBFS with latest GCC. Closes: #614459 - - -- Christian Hammers Tue, 22 Mar 2011 23:13:34 +0100 - -quagga (0.99.17-4) unstable; urgency=low - - * Added comment to init script (thanks to Marc Haber). Closes: #599524 - - -- Christian Hammers Thu, 13 Jan 2011 23:53:29 +0100 - -quagga (0.99.17-3) unstable; urgency=low - - * Fix FTBFS with ld --as-needed (thanks to Matthias Klose at Ubuntu). - Closes: #609555 - - -- Christian Hammers Thu, 13 Jan 2011 23:27:06 +0100 - -quagga (0.99.17-2) unstable; urgency=low - - * Added Danisch Debconf translation (thanks to Joe Dalton). Closes: #596259 - - -- Christian Hammers Sat, 18 Sep 2010 12:20:07 +0200 - -quagga (0.99.17-1) unstable; urgency=high - - * SECURITY: - "This release provides two important bugfixes, which address remote crash - possibility in bgpd discovered by CROSS team.": - 1. Stack buffer overflow by processing certain Route-Refresh messages - CVE-2010-2948 - 2. DoS (crash) while processing certain BGP update AS path messages - CVE-2010-2949 - Closes: #594262 - - -- Christian Hammers Wed, 25 Aug 2010 00:52:48 +0200 - -quagga (0.99.16-1) unstable; urgency=low - - * New upstream release. Closes: #574527 - * Added chrpath to debian/rules to fix rpath problems that lintian spottet. - - -- Christian Hammers Sun, 21 Mar 2010 17:05:40 +0100 - -quagga (0.99.15-2) unstable; urgency=low - - * Applied patch for off-by-one bug in ospf6d that caused a segmentation - fault when using the "area a.b.c.d filter-list prefix" command (thanks - to Steinar H. Gunderson). Closes: 519488 - - -- Christian Hammers Sun, 14 Feb 2010 20:02:03 +0100 - -quagga (0.99.15-1) unstable; urgency=low - - * New upstream release - "This fixes some annoying little ospfd and ospf6d regressions, which made - 0.99.14 a bit of a problem release (...) This release still contains a - regression in the "no ip address ..." command, at least on Linux. - See bug #486, which contains a workaround patch. This release should be - considered a 1.0.0 release candidate. Please test this release as widely - as possible." - * Fixed wrong port number in zebra.8 (thanks to Thijs Kinkhorst). - Closes: #517860 - * Added Russian Debconf tanslation (thanks to Yuri Kozlov). - Closes: #539464 - * Removed so-version in build-dep to libreadline-dev on request of - Matthias Klose. - * Added README.source with reference to dpatch as suggested by lintian. - * Bumped standards versionto 3.8.3. - - -- Christian Hammers Sun, 13 Sep 2009 18:12:06 +0200 - -quagga (0.99.14-1) unstable; urgency=low - - * New upstream release - "This release contains a regression fix for ospf6d, various small fixes - and some hopefully very significant bgpd stability fixes. - This release should be considered a 1.0.0 release candidate. Please test - this release as widely as possible." - * Fixes bug with premature LSA aging in ospf6d. Closes: #535030 - * Fixes section number in zebra.8 manpage. Closes: #517860 - - -- Christian Hammers Sat, 25 Jul 2009 00:40:38 +0200 - -quagga (0.99.13-2) unstable; urgency=low - - * Added Japanese Debconf translation (thanks to Hideki Yamane). - Closes: #510714 - * When checking for obsoleted config options in preinst, print filename - where it occures (thanks to Michael Bussmann). Closes: #339489 - - -- Christian Hammers Sun, 19 Jul 2009 17:13:23 +0200 - -quagga (0.99.13-1) unstable; urgency=low - - * New upstream release - "This release is contains a number of small fixes, for potentially - irritating issues, as well as small enhancements to vtysh and support - for linking to PCRE (a much faster regex library)." - * Added build-dep to gawk as configure required it for memtypes.awk - * Replaced build-dep to gs-gpl with ghostscript as requested by lintian - * Minor changes to copyright and control files to make lintian happy. - - -- Christian Hammers Wed, 24 Jun 2009 17:53:28 +0200 - -quagga (0.99.12-1) unstable; urgency=high - - * New upstream release - "This release fixes an urgent bug in bgpd where it could hit an assert - if it received a long AS_PATH with a 4-byte ASN." Noteworthy bugfixes: - + [bgpd] Fix bgp ipv4/ipv6 accept handling - + [bgpd] AS4 bugfix by Chris Caputo - + [bgpd] Allow accepted peers to progress even if realpeer is in Connect - + [ospfd] Switch Fletcher checksum back to old ospfd version - - -- Christian Hammers Mon, 22 Jun 2009 00:16:33 +0200 - -quagga (0.99.11-1) unstable; urgency=low - - * New upstream release - "Most regressions in 0.99 over 0.98 are now believed to be fixed. This - release should be considered a release-candidate for a new stable series." - + bgpd: Preliminary UI and Linux-IPv4 support for TCP-MD5 merged - + zebra: ignore dead routes in RIB update - + [ospfd] Default route needs to be refreshed after neighbour state change - + [zebra:netlink] Set proto/scope on all route update messages - * Removed debian/patches/20_*bgp*md5*.dpatch due to upstream support. - - -- Christian Hammers Thu, 09 Oct 2008 22:56:38 +0200 - -quagga (0.99.10-1) unstable; urgency=medium - - * New upstream release - + bgpd: 4-Byte AS Number support - + Sessions were incorrectly reset if a partial AS-Pathlimit attribute - was received. - + Advertisement of Multi-Protocol prefixes (i.e. non-IPv4) had been - broken in the 0.99.9 release. Closes: #467656 - - -- Christian Hammers Tue, 08 Jul 2008 23:32:42 +0200 - -quagga (0.99.9-6) unstable; urgency=low - - * Fixed FTBFS by adding a build-dep to libpcre3-dev (thanks to Luk Claes). - Closes: #469891 - - -- Christian Hammers Sat, 12 Apr 2008 12:53:51 +0200 - -quagga (0.99.9-5) unstable; urgency=low - - * C.J. Adams-Collier and Paul Jakma suggested to build against libpcre3 - which is supposed to be faster. - - -- Christian Hammers Sun, 02 Mar 2008 13:19:42 +0100 - -quagga (0.99.9-4) unstable; urgency=low - - * Added hardening-wrapper to the build-deps (thanks to Moritz Muehlenhoff). - - -- Christian Hammers Tue, 29 Jan 2008 22:33:56 +0100 - -quagga (0.99.9-3) unstable; urgency=low - - * Replaced the BGP patch by a new one so that the package builds again - with kernels above 2.6.21! - * debian/control: - + Moved quagga-doc to section doc to make lintian happy. - * Added Spanish debconf translation (thanks to Carlos Galisteo de Cabo). - Closes: #428574 - * debian/control: (thanks to Marco Rodrigues) - + Bump Standards-Version to 3.7.3 (no changes needed). - + Add Homepage field. - - -- Christian Hammers Mon, 28 Jan 2008 22:29:18 +0100 - -quagga (0.99.9-2.1) unstable; urgency=low - - * Non-maintainer upload. - * debian/rules: fixed bashisms. (Closes: #459122) - - -- Miguel Angel Ruiz Manzano Tue, 22 Jan 2008 14:37:21 -0300 - -quagga (0.99.9-2) unstable; urgency=low - - * Added CVE id for the security bug to the last changelog entry. - Closes: 442133 - - -- Christian Hammers Tue, 25 Sep 2007 22:01:31 +0200 - -quagga (0.99.9-1) unstable; urgency=high - - * SECURITY: - "This release fixes two potential DoS conditions in bgpd, reported by Mu - Security, where a bgpd could be crashed if a peer sent a malformed OPEN - message or a malformed COMMUNITY attribute. Only configured peers can do - this, hence we consider these issues to be very low impact." CVE-2007-4826 - - -- Christian Hammers Wed, 12 Sep 2007 21:12:41 +0200 - -quagga (0.99.8-1) unstable; urgency=low - - * New upstream version. - - -- Christian Hammers Fri, 17 Aug 2007 00:07:04 +0200 - -quagga (0.99.7-3) unstable; urgency=medium - - * Applied patch for FTBFS with linux-libc-dev (thanks to Andrew J. Schorr - and Lucas Nussbaum). Closes: #429003 - - -- Christian Hammers Fri, 22 Jun 2007 21:34:55 +0200 - -quagga (0.99.7-2) unstable; urgency=low - - * Added Florian Weimar as co-maintainer. Closes: 421977 - * Added Dutch debconf translation (thanks to Bart Cornelis). - Closes: #420932 - * Added Portuguese debconf translation (thanks to Rui Branco). - Closes: #421185 - * Improved package description (thanks to Reuben Thomas). - Closes: #418933 - * Added CVE Id to 0.99.6-5 changelog entry. - - -- Christian Hammers Wed, 02 May 2007 20:27:12 +0200 - -quagga (0.99.7-1) unstable; urgency=low - - * New upstream release. Closes: #421553 - - -- Christian Hammers Mon, 30 Apr 2007 14:22:34 +0200 - -quagga (0.99.6-6) unstable; urgency=medium - - * Fixes FTBFS with tetex-live. Closes: #420468 - - -- Christian Hammers Mon, 23 Apr 2007 21:34:13 +0200 - -quagga (0.99.6-5) unstable; urgency=high - - * SECURITY: - The bgpd daemon was vulnerable to a Denial-of-Service. Configured peers - could cause a Quagga bgpd to, typically, assert() and abort. The DoS - could be triggered by peers by sending an UPDATE message with a crafted, - malformed Multi-Protocol reachable/unreachable NLRI attribute. - This is CVE-2007-1995 and Quagga Bug#354. Closes: #418323 - - -- Christian Hammers Thu, 12 Apr 2007 23:21:58 +0200 - -quagga (0.99.6-4) unstable; urgency=low - - * Improved note in README.Debian for SNMP self-builders (thanks to Matthias - Wamser). Closes: #414788 - - -- Christian Hammers Wed, 14 Mar 2007 02:18:57 +0100 - -quagga (0.99.6-3) unstable; urgency=low - - * Updated German Debconf translation (thanks to Matthias Julius). - Closes: #409327 - - -- Christian Hammers Sat, 10 Feb 2007 15:06:16 +0100 - -quagga (0.99.6-2) unstable; urgency=low - - * Updated config.guess/config.sub as suggested by lintian. - * Corrected README.Debian text regarding the WANT_SNMP flag. - - -- Christian Hammers Sun, 17 Dec 2006 01:45:37 +0100 - -quagga (0.99.6-1) unstable; urgency=low - - * New upstream release. Closes: #402361 - - -- Christian Hammers Mon, 11 Dec 2006 00:28:09 +0100 - -quagga (0.99.5-5) unstable; urgency=high - - * Changed Depends on adduser to Pre-Depends to avoid uninstallability - in certain cases (thanks to Steve Langasek, Lucas Nussbaum). - Closes: #398562 - - -- Christian Hammers Wed, 15 Nov 2006 17:46:34 +0100 - -quagga (0.99.5-4) unstable; urgency=low - - * Added default PAM file and some explanations regarding PAM authentication - of vtysh which could prevent the start at boot-time when used wrong. - Now PAM permits anybody to access the vtysh tool (a malicious user could - build his own vtysh without PAM anyway) and the access is controled by - the read/write permissions of the vtysh socket which are only granted to - users belonging to the quaggavty group (thanks to Wakko Warner). - Closes: #389496 - * Added "case" to prerm script so that the Debconf question is not called a - second time in e.g. "new-prerm abort-upgrade" after being NACKed in the - old-prerm. - - -- Christian Hammers Fri, 3 Nov 2006 01:22:15 +0100 - -quagga (0.99.5-3) unstable; urgency=medium - - * Backport CVS fix for an OSPF DD Exchange regression (thanks to Matt - Brown). Closes: #391040 - - -- Christian Hammers Wed, 25 Oct 2006 19:47:11 +0200 - -quagga (0.99.5-2) unstable; urgency=medium - - * Added LSB info section to initscript. - * Removed unnecessary depends to libncurses5 to make checklib happy. - The one to libcap should remain though as it is just temporarily - unused. - - -- Christian Hammers Thu, 21 Sep 2006 00:04:07 +0200 - -quagga (0.99.5-1) unstable; urgency=low - - * New upstream release. Closes: #38704 - * Upstream fixes ospfd documentary inconsistency. Closes: #347897 - * Changed debconf question in prerm to "high" (thanks to Rafal Pietrak). - - -- Christian Hammers Mon, 11 Sep 2006 23:43:42 +0200 - -quagga (0.99.4-4) unstable; urgency=low - - * Recreate /var/run if not present because /var is e.g. on a tmpfs - filesystem (thanks to Martin Pitt). Closes: #376142 - * Removed nonexistant option from ospfd.8 manpage (thanks to - David Medberry). Closes: 378274 - - -- Christian Hammers Sat, 15 Jul 2006 20:22:12 +0200 - -quagga (0.99.4-3) unstable; urgency=low - - * Removed invalid semicolon from rules file (thanks to Philippe Gramoulle). - - -- Christian Hammers Tue, 27 Jun 2006 23:36:07 +0200 - -quagga (0.99.4-2) unstable; urgency=high - - * Set urgency to high as 0.99.4-1 fixes a security problem! - * Fixed building of the info file. - - -- Christian Hammers Sun, 14 May 2006 23:04:28 +0200 - -quagga (0.99.4-1) unstable; urgency=low - - * New upstream release to fix a security problem in the telnet interface - of the BGP daemon which could be used for DoS attacks (CVE-2006-2276). - Closes: 366980 - - -- Christian Hammers Sat, 13 May 2006 19:54:40 +0200 - -quagga (0.99.3-3) unstable; urgency=low - - * Added CVE numbers for the security patch in 0.99.3-2. - - -- Christian Hammers Sat, 6 May 2006 17:14:22 +0200 - -quagga (0.99.3-2) unstable; urgency=high - - * SECURITY: - Added security bugfix patch from upstream BTS for security problem - that could lead to injected routes when using RIPv1. - CVE-2006-2223 - missing configuration to disable RIPv1 or require - plaintext or MD5 authentication - CVE-2006-2224 - lack of enforcement of RIPv2 authentication requirements - Closes: #365940 - * First amd64 upload. - - -- Christian Hammers Thu, 4 May 2006 00:22:09 +0200 - -quagga (0.99.3-1) unstable; urgency=low - - * New upstream release - - -- Christian Hammers Wed, 25 Jan 2006 13:37:27 +0100 - -quagga (0.99.2-1) unstable; urgency=low - - * New upstream release - Closes: #330248, #175553 - - -- Christian Hammers Wed, 16 Nov 2005 00:25:52 +0100 - -quagga (0.99.1-7) unstable; urgency=low - - * Changed debian/rules check for mounted /proc directory to check - for /proc/1 as not all systems (e.g. 2.6 arm kernels) have - /proc/kcore which is a optional feature only (thanks to Lennert - Buytenhek). Closes: #335695 - * Added Swedish Debconf translation (thanks to Daniel Nylander). - Closes: #331367 - - -- Christian Hammers Thu, 27 Oct 2005 20:53:19 +0200 - -quagga (0.99.1-6) unstable; urgency=low - - * Fixed debconf dependency as requested by Joey Hess. - - -- Christian Hammers Mon, 26 Sep 2005 20:47:35 +0200 - -quagga (0.99.1-5) unstable; urgency=low - - * Rebuild with libreadline5-dev as build-dep as requested by - Matthias Klose. Closes: #326306 - * Made initscript more fault tolerant against missing lines in - /etc/quagga/daemons (thanks to Ralf Hildebrandt). Closes: #323774 - * Added dependency to adduser. - - -- Christian Hammers Tue, 13 Sep 2005 21:42:17 +0200 - -quagga (0.99.1-4) unstable; urgency=low - - * Added French Debconf translation (thanks to Mohammed Adnene Trojette). - Closes: #319324 - * Added Czech Debconf translation (thanks to Miroslav Kure). - Closes: #318127 - - -- Christian Hammers Sun, 31 Jul 2005 04:19:41 +0200 - -quagga (0.99.1-3) unstable; urgency=low - - * A Debconf question now asks the admin before upgrading if the daemon - should really be stopped as this could lead to the loss of network - connectivity or BGP flaps (thanks to Michael Horn and Achilleas Kotsis). - Also added a hint about setting Quagga "on hold" to README.Debian. - Closes: #315467 - * Added patch to build on Linux/ARM. - - -- Christian Hammers Sun, 10 Jul 2005 22:19:38 +0200 - -quagga (0.99.1-2) unstable; urgency=low - - * Fixed SNMP enabled command in debian/rules (thanks to Christoph Kluenter). - Closes: #306840 - - -- Christian Hammers Sat, 4 Jun 2005 14:04:01 +0200 - -quagga (0.99.1-1) unstable; urgency=low - - * New upstream version. Among others: - - BGP graceful restart and "match ip route-source" added - - support for interface renaming - - improved threading for better responsivness under load - * Switched to dpatch to make diffs cleaner. - * Made autoreconf unnecessary. - * Replaced quagga.dvi and quagga.ps by quagga.pdf in quagga-doc. - (the PostScript would have needed Makefile corrections and PDF - is more preferable anyway) - * Added isisd to the list of daemons in /etc/init.d/quagga (thanks - to Ernesto Elbe). - * Added hint for "netlink-listen: overrun" messages (thanks to - Hasso Tepper). - * Added preinst check that bails out if old smux options are in use - as Quagga would not start up else anyway (thanks to Bjorn Mork). - Closes: #308320 - - -- Christian Hammers Fri, 13 May 2005 01:18:24 +0200 - -quagga (0.98.3-7) unstable; urgency=high - - * Removed SNMP support as linking against NetSNMP introduced a dependency - to OpenSSL which is not compatible to the GPL which governs this - application (thanks to Faidon Liambotis). See README.Debian for more - information. Closes: #306840 - * Changed listening address of ospf6d and ripngd from 127.0.0.1 to "::1". - * Added build-dep to groff to let drafz-zebra-00.txt build correctly. - - -- Christian Hammers Wed, 4 May 2005 20:08:14 +0200 - -quagga (0.98.3-6) testing-proposed-updates; urgency=high - - * Removed "Recommends kernel-image-2.4" as aptitude then - installes a kernel-image for an arbitrary architecture as long - as it fullfill that recommendation which can obviously fatal - at the next reboot :) Also it is a violation of the policy - which mandates a reference to real packages (thanks to Holger Levsen). - Closes: #307281 - - -- Christian Hammers Tue, 3 May 2005 22:53:39 +0200 - -quagga (0.98.3-5) unstable; urgency=high - - * The patch which tried to remove the OpenSSL dependency, which is - not only unneccessary but also a violation of the licence and thus RC, - stopped working a while ago, since autoreconf is no longer run before - building the binaries. So now ./configure is patched directly (thanks - to Faidon Liambotis for reporting). Closes: #306840 - * Raised Debhelper compatibility level from 3 to 4. Nothing changed. - * Added build-dep to texinfo (>= 4.7) to ease work for www.backports.org. - - -- Christian Hammers Fri, 29 Apr 2005 02:31:03 +0200 - -quagga (0.98.3-4) unstable; urgency=low - - * Removed Debconf upgrade note as it was considered a Debconf abuse - and apart from that so obvious that it was not even worth to be - put into NEWS.Debian (thanks to Steve Langasek). Closes: #306384 - - -- Christian Hammers Wed, 27 Apr 2005 00:10:24 +0200 - -quagga (0.98.3-3) unstable; urgency=medium - - * Adding the debconf module due to a lintian suggestion is a very - bad idea if no db_stop is called as the script hangs then (thanks - to Tore Anderson for reporting). Closes: #306324 - - -- Christian Hammers Mon, 25 Apr 2005 21:55:58 +0200 - -quagga (0.98.3-2) unstable; urgency=low - - * Added debconf confmodule to postinst as lintian suggested. - - -- Christian Hammers Sun, 24 Apr 2005 13:16:00 +0200 - -quagga (0.98.3-1) unstable; urgency=low - - * New upstream release. - Mmost notably fixes last regression in bgpd (reannounce of prefixes - with changed attributes works again), race condition in netlink - handling while using IPv6, MTU changes handling in ospfd and several - crashes in ospfd, bgpd and ospf6d. - - -- Christian Hammers Mon, 4 Apr 2005 12:51:24 +0200 - -quagga (0.98.2-2) unstable; urgency=low - - * Added patch to let Quagga compile with gcc-4.0 (thanks to - Andreas Jochens). Closes: #300949 - - -- Christian Hammers Fri, 25 Mar 2005 19:33:30 +0100 - -quagga (0.98.2-1) unstable; urgency=medium - - * Quoting the upstream announcement: - The 0.98.1 release unfortunately was a brown paper bag release with - respect to ospfd. [...] 0.98.2 has been released, with one crucial change - to fix the unfortunate mistake in 0.98.1, which caused problems if - ospfd became DR. - * Note: the upstream tarball had a strange problem, apparently redhat.spec - was twice in it? At least debuild gave a strange error message so I - unpacked it by hand. No changes were made to the .orig.tar.gz! - - -- Christian Hammers Fri, 4 Feb 2005 01:31:36 +0100 - -quagga (0.98.1-1) unstable; urgency=medium - - * New upstream version - "fixing a fatal OSPF + MD5 auth regression, and a non-fatal high-load - regression in bgpd which were present in the 0.98.0 release." - * Upstream version fixes bug in ospfd that could lead to crash when OSPF - packages had a MTU > 1500. Closes: #290566 - * Added notice regarding capability kernel support to README.Debian - (thanks to Florian Weimer). Closes: #291509 - * Changed permission setting in postinst script (thanks to Bastian Blank). - Closes: #292690 - - -- Christian Hammers Tue, 1 Feb 2005 02:01:27 +0100 - -quagga (0.98.0-3) unstable; urgency=low - - * Fixed problem in init script. Closes: #290317 - * Removed obsolete "smux peer enable" patch. - - -- Christian Hammers Fri, 14 Jan 2005 17:37:27 +0100 - -quagga (0.98.0-2) unstable; urgency=low - - * Updated broken TCP MD5 patch for BGP (thanks to John P. Looney - for telling me). - - -- Christian Hammers Thu, 13 Jan 2005 02:03:54 +0100 - -quagga (0.98.0-1) unstable; urgency=low - - * New upstream release - * Added kernel-image-2.6 as alternative to 2.4 to the recommends - (thanks to Faidon Liambotis). Closes: #289530 - - -- Christian Hammers Mon, 10 Jan 2005 19:36:17 +0100 - -quagga (0.97.5-1) unstable; urgency=low - - * New upstream version. - * Added Czech debconf translation (thanks to Miroslav Kure). - Closes: #287293 - * Added Brazilian debconf translation (thanks to Andre Luis Lopes). - Closes: #279352 - - -- Christian Hammers Wed, 5 Jan 2005 23:49:57 +0100 - -quagga (0.97.4-2) unstable; urgency=low - - * Fixed quagga.info build problem. - - -- Christian Hammers Wed, 5 Jan 2005 22:38:01 +0100 - -quagga (0.97.4-1) unstable; urgency=low - - * New upstream release. - - -- Christian Hammers Tue, 4 Jan 2005 01:45:22 +0100 - -quagga (0.97.3-2) unstable; urgency=low - - * Included isisd in the daemon list. - * Wrote an isisd manpage. - * It is now ensured that zebra is always the last daemon to be stopped. - * (Thanks to Hasso Tepper for mailing me a long list of suggestions - which lead to this release) - - -- Christian Hammers Sat, 18 Dec 2004 13:14:55 +0100 - -quagga (0.97.3-1) unstable; urgency=medium - - * New upstream version. - - Fixes important OSPF bug. - * Added ht-20040911-smux.patch regarding Quagga bug #112. - * Updated ht-20041109-0.97.3-bgp-md5.patch for BGP with TCP MD5 - (thanks to Matthias Wamser). - - -- Christian Hammers Tue, 9 Nov 2004 17:45:26 +0100 - -quagga (0.97.2-4) unstable; urgency=low - - * Added Portuguese debconf translation (thanks to Andre Luis Lopes). - Closes: #279352 - * Disabled ospfapi server by default on recommendation of Paul Jakma. - - -- Christian Hammers Sun, 7 Nov 2004 15:07:05 +0100 - -quagga (0.97.2-3) unstable; urgency=low - - * Added Andrew Schorrs VTY Buffer patch from the [quagga-dev 1729]. - - -- Christian Hammers Tue, 2 Nov 2004 00:46:56 +0100 - -quagga (0.97.2-2) unstable; urgency=low - - * Changed file and directory permissions and ownerships according to a - suggestion from Paul Jakma. Still not perfect though. - * Fixed upstream vtysh.conf.sample file. - * "ip ospf network broadcast" is now saved correctly. Closes: #244116 - * Daemon options are now in /etc/quagga/debian.conf to be user - configurable (thanks to Simon Raven and Hasso Tepper). Closes: #266715 - - -- Christian Hammers Tue, 26 Oct 2004 23:35:45 +0200 - -quagga (0.97.2-1) unstable; urgency=low - - * New upstream version. - Closes: #254541 - * Fixed warning on unmodular kernels (thanks to Christoph Biedl). - Closes: #277973 - - -- Christian Hammers Mon, 25 Oct 2004 00:47:04 +0200 - -quagga (0.97.1-2) unstable; urgency=low - - * Version 0.97 introduced shared libraries. They are now included. - (thanks to Raf D'Halleweyn). Closes: #277446 - - -- Christian Hammers Wed, 20 Oct 2004 15:32:06 +0200 - -quagga (0.97.1-1) unstable; urgency=low - - * New upstream version. - * Removed some obsolete files from debian/patches. - * Added patch from upstream bug 113. Closes: #254541 - * Added patch from upstream that fixes a compilation problem in the - ospfclient code (thanks to Hasso Tepper). - * Updated German debconf translation (thanks to Jens Nachtigall) - Closes: #277059 - - -- Christian Hammers Mon, 18 Oct 2004 01:16:35 +0200 - -quagga (0.96.5-11) unstable; urgency=low - - * Fixed /tmp/buildd/* paths in binaries. - For some unknown reason the upstream Makefile modified a .h file at - the end of the "debian/rules build" target. During the following - "make install" one library got thus be re*compiled* - with /tmp/buildd - paths as sysconfdir (thanks to Peder Chr. Norgaard). Closes: #274050 - - -- Christian Hammers Fri, 1 Oct 2004 01:21:02 +0200 - -quagga (0.96.5-10) unstable; urgency=medium - - * The BGP routing daemon might freeze on network disturbances when - their peer is also a Quagga/Zebra router. - Applied patch from http://bugzilla.quagga.net/show_bug.cgi?id=102 - which has been confirmed by the upstream author. - (thanks to Gunther Stammwitz) - * Changed --enable-pam to --with-libpam (thanks to Hasso Tepper). - Closes: #264562 - * Added patch for vtysh (thanks to Hasso Tepper). Closes: #215919 - - -- Christian Hammers Mon, 9 Aug 2004 15:33:02 +0200 - -quagga (0.96.5-9) unstable; urgency=low - - * Rewrote the documentation chapter about SNMP support. Closes: #195653 - * Added MPLS docs. - - -- Christian Hammers Thu, 29 Jul 2004 21:01:52 +0200 - -quagga (0.96.5-8) unstable; urgency=low - - * Adjusted a grep in the initscript to also match a modprobe message - from older modutils packages (thanks to Faidon Paravoid). - - -- Christian Hammers Wed, 28 Jul 2004 21:19:02 +0200 - -quagga (0.96.5-7) unstable; urgency=low - - * Added a "cd /etc/quagga/" to the init script as quagga tries to load - the config file first from the current working dir and then from the - config dir which could lead to confusion (thanks to Marco d'Itri). - Closes: #255078 - * Removed warning regarding problems with the Debian kernels from - README.Debian as they are no longer valid (thanks to Raphael Hertzog). - Closes: #257580 - * Added patch from Hasso Tepper that makes "terminal length 0" work - in vtysh (thanks to Matthias Wamser). Closes: #252579 - - -- Christian Hammers Thu, 8 Jul 2004 21:53:21 +0200 - -quagga (0.96.5-6) unstable; urgency=low - - * Try to load the capability module as it is needed now. - - -- Christian Hammers Tue, 8 Jun 2004 23:25:29 +0200 - -quagga (0.96.5-5) unstable; urgency=low - - * Changed the homedir of the quagga user to /etc/quagga/ to allow - admins to put ~/.ssh/authorized_keys there (thanks to Matthias Wamser). - Closes: #252577 - - -- Christian Hammers Sat, 5 Jun 2004 14:47:31 +0200 - -quagga (0.96.5-4) unstable; urgency=medium - - * Fixed rules file to use the renamed ./configure option --enable-tcp-md5 - (thanks to Matthias Wamser). Closes: #252141 - - -- Christian Hammers Tue, 1 Jun 2004 22:58:32 +0200 - -quagga (0.96.5-3) unstable; urgency=low - - * Provided default binary package name to all build depends that were - virtual packages (thanks to Goswin von Brederlow). Closes: #251625 - - -- Christian Hammers Sat, 29 May 2004 22:48:53 +0200 - -quagga (0.96.5-2) unstable; urgency=low - - * New upstream version. - * New md5 patch version (thanks to Niklas Jakobsson and Hasso Tepper). - Closes: #250985 - * Fixes info file generation (thanks to Peder Chr. Norgaard). - Closes: #250992 - * Added catalan debconf translation (thanks to Aleix Badia i Bosch). - Closes: #250118 - * PATCHES: - This release contains BGP4 MD5 support which requires a kernel patch - to work. See /usr/share/doc/quagga/README.Debian.MD5. - (The patch is ht-20040525-0.96.5-bgp-md5.patch from Hasso Tepper) - - -- Christian Hammers Thu, 27 May 2004 20:09:37 +0200 - -quagga (0.96.5-1) unstable; urgency=low - - * New upstream version. - * PATCHES: - This release contains BGP4 MD5 support which also requires a kernel patch. - See /usr/share/doc/quagga/README.Debian.MD5 and search for CAN-2004-0230. - - -- Christian Hammers Sun, 16 May 2004 17:40:40 +0200 - -quagga (0.96.4x-10) unstable; urgency=low - - * SECURITY: - This release contains support for MD5 for BGP which is one suggested - prevention of the actually long known TCP SYN/RST attacks which got - much news in the last days as ideas were revealed that made them much - easier probable agains especially the BGP sessions than commonly known. - There are a lot of arguments agains the MD5 approach but some ISPs - started to require it. - See: CAN-2004-0230, http://www.us-cert.gov/cas/techalerts/TA04-111A.html - * PATCHES: - This release contains the MD5 patch from Hasso Tepper. It also seems to - required a kernel patch. See /usr/share/doc/quagga/README.Debian.MD5. - - -- Christian Hammers Thu, 29 Apr 2004 01:01:38 +0200 - -quagga (0.96.4x-9) unstable; urgency=low - - * Fixed daemon loading order (thanks to Matt Kemner). - * Fixed typo in init script (thanks to Charlie Brett). Closes: #238582 - - -- Christian Hammers Sun, 4 Apr 2004 15:32:18 +0200 - -quagga (0.96.4x-8) unstable; urgency=low - - * Patched upstream source so that quagga header files end up in - /usr/include/quagga/. Closes: #233792 - - -- Christian Hammers Mon, 23 Feb 2004 01:42:53 +0100 - -quagga (0.96.4x-7) unstable; urgency=low - - * Fixed info file installation (thanks to Holger Dietze). Closes: #227579 - * Added Japanese translation (thanks to Hideki Yamane). Closes: #227812 - - -- Christian Hammers Sun, 18 Jan 2004 17:28:29 +0100 - -quagga (0.96.4x-6) unstable; urgency=low - - * Added dependency to iproute. - * Initscript now checks not only for the pid file but also for the - daemons presence (thanks to Phil Gregory). Closes: #224389 - * Added my patch to configure file permissions. - - -- Christian Hammers Mon, 15 Dec 2003 22:34:29 +0100 - -quagga (0.96.4x-5) unstable; urgency=low - - * Added patch which gives bgpd the CAP_NET_RAW capability to allow it - to bind to special IPv6 link-local interfaces (Thanks to Bastian Blank). - Closes: #222930 - * Made woody backport easier by applying Colin Watsons po-debconf hack. - Thanks to Marc Haber for suggesting it. Closes: #223527 - * Made woody backport easier by applying a patch that removes some - obscure whitespaces inside an C macro. (Thanks to Marc Haber). - Closes: #223529 - * Now uses /usr/bin/pager. Closes: #204070 - * Added note about the "official woody backports" on my homepage. - - -- Christian Hammers Mon, 15 Dec 2003 20:39:06 +0100 - -quagga (0.96.4x-4) unstable; urgency=high - - * SECURITY: - Fixes another bug that was originally reported against Zebra. - . - http://rhn.redhat.com/errata/RHSA-2003-307.html - Herbert Xu reported that Zebra can accept spoofed messages sent on the - kernel netlink interface by other users on the local machine. This could - lead to a local denial of service attack. The Common Vulnerabilities and - Exposures project (cve.mitre.org) has assigned the name CAN-2003-0858 to - this issue. - - * Minor improvements to init script (thanks to Iustin Pop). - Closes: #220938 - - -- Christian Hammers Sat, 22 Nov 2003 13:27:57 +0100 - -quagga (0.96.4x-3) unstable; urgency=low - - * Changed "more" to "/usr/bin/pager" as default pager if $PAGER or - $VTYSH_PAGER is not set (thanks to Bastian Blank). Closes: #204070 - * Made the directory (but not the config/log files!) world accessible - again on user request (thanks to Anand Kumria)). Closes: #213129 - * No longer providing sample configuration in /etc/quagga/. They are - now only available in /usr/share/doc/quagga/ to avoid accidently - using them without changing the adresses (thanks to Marc Haber). - Closes: #215918 - - -- Christian Hammers Sun, 16 Nov 2003 16:59:30 +0100 - -quagga (0.96.4x-2) unstable; urgency=low - - * Fixed permission problem with pidfile (thanks to Kir Kostuchenko). - Closes: #220938 - - -- Christian Hammers Sun, 16 Nov 2003 14:24:08 +0100 - -quagga (0.96.4x-1) unstable; urgency=low - - * Reupload of 0.96.4. Last upload-in-a-hurry produced a totally - crappy .tar.gz file. Closes: #220621 - - -- Christian Hammers Fri, 14 Nov 2003 19:45:57 +0100 - -quagga (0.96.4-1) unstable; urgency=high - - * SECURITY: Remote DoS of protocol daemons. - Fix for a remote triggerable crash in vty layer. The management - ports ("telnet myrouter ospfd") should not be open to the internet! - - * New upstream version. - - OSPF bugfixes. - - Some improvements for bgp and rip. - - -- Christian Hammers Thu, 13 Nov 2003 11:52:27 +0100 - -quagga (0.96.3-3) unstable; urgency=low - - * Fixed pid file generation by substituting the daemons "-d" by the - start-stop-daemon option "--background" (thanks to Micha Gaisser). - Closes: #218103 - - -- Christian Hammers Wed, 29 Oct 2003 05:17:49 +0100 - -quagga (0.96.3-2) unstable; urgency=low - - * Readded GNOME-PRODUCT-ZEBRA-MIB. - - -- Christian Hammers Thu, 23 Oct 2003 06:17:03 +0200 - -quagga (0.96.3-1) unstable; urgency=medium - - * New upstream version. - * Removed -u and -e in postrm due to problems with debhelper and userdel - (thanks to Adam Majer and Jaakko Niemi). Closes: #216770 - * Removed SNMP MIBs as they are now included in libsnmp-base (thanks to - David Engel and Peter Gervai). Closes: #216138, #216086 - * Fixed seq command in init script (thanks to Marc Haber). Closes: #215915 - * Improved /proc check (thanks to Marc Haber). Closes: #212331 - - -- Christian Hammers Thu, 23 Oct 2003 03:42:02 +0200 - -quagga (0.96.2-9) unstable; urgency=medium - - * Removed /usr/share/info/dir.* which were accidently there and prevented - the installation by dpkg (thanks to Simon Raven). Closes: #212614 - * Reworded package description (thanks to Anand Kumria). Closes: #213125 - * Added french debconf translation (thanks to Christian Perrier). - Closes: #212803 - - -- Christian Hammers Tue, 7 Oct 2003 13:26:58 +0200 - -quagga (0.96.2-8) unstable; urgency=low - - * debian/rules now checks if /proc is mounted as ./configure needs - it but just fails with an obscure error message if it is absent. - (Thanks to Norbert Tretkowski). Closes: #212331 - - -- Christian Hammers Tue, 23 Sep 2003 12:57:38 +0200 - -quagga (0.96.2-7) unstable; urgency=low - - * Last build was rejected due to a buggy dpkg-dev version. Rebuild. - - -- Christian Hammers Mon, 22 Sep 2003 20:34:12 +0200 - -quagga (0.96.2-6) unstable; urgency=low - - * Fixed init script so that is is now possible to just start - the bgpd but not the zebra daemon. Also daemons are now actually - started in the order defined their priority. (Thanks to Thomas Kaehn - and Jochen Friedrich) Closes: #210924 - - -- Christian Hammers Fri, 19 Sep 2003 21:17:02 +0200 - -quagga (0.96.2-5) unstable; urgency=low - - * For using quagga as BGP route server or similar, it is not - wanted to have the zebra daemon running too. For this reason - it can now be disabled in /etc/quagga/daemons, too. - (Thanks to Jochen Friedrich). Closes: #210924 - * Attached *unapplied* patch for the ISIS protocol. I did not dare - to apply it as long as upstream does not do it but this way give - users the possibilities to use it if they like to. - (Thanks to Remco van Mook) - - -- Christian Hammers Wed, 17 Sep 2003 19:57:31 +0200 - -quagga (0.96.2-4) unstable; urgency=low - - * Enabled IPV6 router advertisement feature by default on user request - (thanks to Jochen Friedrich and Hasso Tepper). Closes: #210732 - * Updated GNU autoconf to let it build on hppa/parisc64 (thanks to - lamont). Closes: #210492 - - -- Christian Hammers Sat, 13 Sep 2003 14:11:13 +0200 - -quagga (0.96.2-3) unstable; urgency=medium - - * Removed unnecessary "-lcrypto" to avoid dependency against OpenSSL - which would require further copyright addtions. - - -- Christian Hammers Wed, 10 Sep 2003 01:37:28 +0200 - -quagga (0.96.2-2) unstable; urgency=low - - * Added note that config files of quagga are in /etc/quagga and - not /etc/zebra for the zebra users that migrate to quagga. - (Thanks to Roberto Suarez Soto for the idea) - * Fixed setgid rights in /etc/quagga. - - -- Christian Hammers Wed, 27 Aug 2003 14:05:39 +0200 - -quagga (0.96.2-1) unstable; urgency=low - - * This package has formally been known as "zebra-pj"! - * New upstream release. - Fixes "anoying OSPF problem". - * Modified group ownerships so that vtysh can now be used by normal - uses if they are in the quaggavty group. - - -- Christian Hammers Mon, 25 Aug 2003 23:40:14 +0200 - -quagga (0.96.1-1) unstable; urgency=low - - * Zebra-pj, the fork of zebra has been renamed to quagga as the original - upstream author asked the new project membed not to use "zebra" in the - name. zebra-pj is obsolete. - - -- Christian Hammers Mon, 18 Aug 2003 23:37:20 +0200 - -zebra-pj (0.94+cvs20030721-1) unstable; urgency=low - - * New CVS build. - - OSPF changes (integration of the OSPF API?) - - code cleanups (for ipv6?) - * Tightened Build-Deps to gcc-2.95 as 3.x does not compile a stable ospfd. - This is a known problem and has been discussed on the mailing list. - No other solutions so far. - - -- Christian Hammers Mon, 21 Jul 2003 23:52:00 +0200 - -zebra-pj (0.94+cvs20030701-1) unstable; urgency=low - - * Initial Release. - - -- Christian Hammers Tue, 1 Jul 2003 01:58:06 +0200 diff --git a/debianpkg/compat b/debianpkg/compat deleted file mode 100644 index ec635144f6..0000000000 --- a/debianpkg/compat +++ /dev/null @@ -1 +0,0 @@ -9 diff --git a/debianpkg/control b/debianpkg/control deleted file mode 100644 index e8dbaf4aaa..0000000000 --- a/debianpkg/control +++ /dev/null @@ -1,116 +0,0 @@ -Source: frr -Section: net -Priority: optional -Maintainer: David Lamparter -Uploaders: FRRouting-dev -Build-Depends: - autotools-dev, - bison, - chrpath, - debhelper (>= 9), - debhelper (>= 9.20160709) | dh-systemd , - dh-autoreconf, - flex, - gawk, - install-info, - libc-ares-dev, - libcap-dev, - libjson0 | libjson-c2 | libjson-c3, - libjson0-dev | libjson-c-dev, - libpam0g-dev | libpam-dev, - libpcre3-dev, - libpython3-dev, - libreadline-dev, - librtr-dev , - libsnmp-dev, - libssh-dev , - libsystemd-dev , - pkg-config, - python3, - python3-sphinx, - texinfo (>= 4.7) -Standards-Version: 4.2.1 -Homepage: https://www.frrouting.org/ -Vcs-Browser: https://github.com/FRRouting/frr/ -Vcs-Git: https://github.com/FRRouting/frr.git - -Package: frr -Architecture: linux-any -Depends: - ${misc:Depends}, - ${shlibs:Depends}, - iproute2 | iproute, - logrotate (>= 3.2-11) -Pre-Depends: adduser -Recommends: frr-pythontools -Suggests: frr-doc -Conflicts: zebra, zebra-pj, quagga -Replaces: zebra, zebra-pj -Description: FRRouting suite of internet protocols (BGP, OSPF, IS-IS, ...) - FRRouting implements the routing protocols commonly used in the - internet and private networks to exchange information between routers. - Both IP and IPv6 are supported, as are BGP, OSPF, IS-IS, BABEL, EIGRP, - RIP, LDP, BFD, PIM and NHRP protocols. - . - These protocols are used to turn your system into a dynamic router, - exchanging information about available connections with other routers - in a standards-compliant way. The actual packet forwarding - functionality is provided by the OS kernel. - . - FRRouting is a fork of Quagga with an open community model. The main - git lives on https://github.com/frrouting/frr.git and the project name - is commonly abbreviated as "FRR." - -Package: frr-snmp -Architecture: linux-any -Depends: - ${misc:Depends}, - ${shlibs:Depends}, - frr (= ${binary:Version}) -Recommends: snmpd -Description: FRRouting suite - SNMP support - Adds SNMP support to FRR's daemons by attaching to net-snmp's snmpd - through the AgentX protocol. Provides read-only access to current - routing state through standard SNMP MIBs. - -Package: frr-rpki-rtrlib -Architecture: linux-any -Depends: - ${misc:Depends}, - ${shlibs:Depends}, - frr (= ${binary:Version}) -Description: FRRouting suite - BGP RPKI support (rtrlib) - Adds RPKI support to FRR's bgpd, allowing validation of BGP routes - against cryptographic information stored in WHOIS databases. This is - used to prevent hijacking of networks on the wider internet. It is only - relevant to internet service providers using their own autonomous system - number. -Build-Profiles: - -Package: frr-doc -Section: doc -Architecture: all -Depends: - ${misc:Depends}, - libjs-jquery, - libjs-underscore -Suggests: frr -Description: FRRouting suite - user manual - This provides the FRR user manual in HTML form. This is the official - manual maintained as part of the package and is also available online - at https://frrouting.readthedocs.io/ - -Package: frr-pythontools -Architecture: all -Depends: - ${misc:Depends}, - frr (<< ${source:Upstream-Version}.0-~), - frr (>= ${source:Version}~), - python3:any -Description: FRRouting suite - Python tools - The FRRouting suite uses a small Python tool to provide configuration - reload functionality, particularly useful when the interactive configuration - shell is not used. - . - Without this package installed, "reload" (as a systemd or init script - invocation) will not work for the FRR daemons. diff --git a/debianpkg/copyright b/debianpkg/copyright deleted file mode 100644 index dbdc6b433c..0000000000 --- a/debianpkg/copyright +++ /dev/null @@ -1,258 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: Frr -Upstream-Contact: maintainers@frrouting.org, security@frrouting.org -Source: https://www.frrouting.org/ - -Files: * -Copyright: 1996-2003 by the original Zebra authors: - Kunihiro Ishiguro - Toshiaki Takada - Yasuhiro Ohara - 2003-2016 by the Quagga Project - 2016-2018 by the FRRouting Project - Adam Fitzgerald 2017 - Alex Couloumbis 2017 - Alexandre Chappuis 2011 - Alexis Fasquel 2015 - Ali Rezaee 2018 - Ameya Dharkar 2018 - Amritha Nambiar 2015 - Andreas Jaggi 2017 - Andrew Certain 2012 - Andrew J. Schorr 2004-2011 - Andrew Lunn 2017 - Andrey Korolyov 2017-2018 - Ang Way Chuang 2012 - Anuradha Karuppiah 2016-2018 - Arthur Jones 2018 - Avneesh Sachdev 2012, 2016 - Ayan Banerjee 2012 - Balaji G. 2011-2016 - Barry Friedman 2011 - Bartek Kania 2008 - Baruch Siach 2016 - Bingen Eguzkitza 2016-2017 - Boian Bonev 2013 - Boris Yakubov 2013 - Brad Smith 2012 - Brett Ciphery 2013 - Brian Bennett 2015 - Brian Rak 2017 - Chirag Shah 2017-2018 - Chris Caputo 2009-2010 - Chris Hall 2010 - Chris Luke 2011 - Christian Franke 2012-2018 - Christian Hammers 2011 - Christoffer Hansen 2018 - Christoph Dwertmann 2018 - Colin Petrie 2016 - Daniel Kozlowski 2012 - Daniel Ng 2008 - Daniel Walton 2015-2018 - Daniil Baturin 2018 - Dario Wiesner 2018 - Dave Olson 2016-2017 - David BÉRARD 2010 - David Lamparter 2009-2018 - David Lebrun 2016 - David Ward 2009-2012 - David Young 2007 - Denil Vira 2015 - Denis Ovsienko 2007-2012 - Dinesh Dutt 2012-2013 - Dinesh G. Dutt 2013-2017 - Dmitrij Tejblum 2009-2011 - Dmitry Popov 2011 - Don Slice 2016-2018 - Donald Sharp 2015-2018 - Donatas Abraitis 2018 - Dongling Duan 2018 - Donnie Savage 2017 - Doug VanLeuven 2012 - Dylan Hall 2011 - Emanuele Di Pascale 2018 - Eric Pulvino 2017 - Everton Marques 2012-2014 - Evgeny Uskov 2016 - F. Aragon 2018 - Fatih USTA 2017 - Feng Lu 2014-2015 - Fernando Soto 2015 - Francesco Dolcini 2009 - Fredi Raspall 2016-2018 - Fritz Reichmann 2011 - G. Paul Ziemba 2016-2018 - Greg Troxel 2003-2007, 2010-2015 - Hasso Tepper 2003-2007, 2012-2013 - Hiroshi Yokoi 2015 - Hongguang Li 2016 - Hung-Weic Chiu 2017 - Igor Ryzhov 2016 - Ilya Shipitsin 2018 - Ingo Flaschberger 2011 - Ivan Moskalyov 2010 - JR Rivers 2012 - Jafar Al-Gharaibeh 2009, 2015-2018 - Jarad Olson 2018 - Jaroslav Fojtik 2011 - Jeremy Jackson 2008-2009 - Jingjing Duan 2008-2009 - Joachim Nilsson 2012-2013 - Joakim Tjernlund 2008-2014 - Job Snijders 2016 - John Berezovik 2016 - John Glotzer 2014 - John Kemp 2011 - Jon Andersson 2009-2011 - Jorge Boncompte 2012-2013, 2017 - Josh Bailey 2011-2012 - Juergen Kammer 2017 - Julien Courtat 2016 - Juliusz Chroboczek 2012 - Kaloyan Kovachev 2015-2017 - Ken Williams 2014 - Khiruthigai Balasubramanian 2016 - Krisztian Kovacs 2009 - Kunihiro Ishiguro 2018 - Leonard Tracy 2012 - Leonid Rosenboim 2012-2013 - Liu Xiaofeng 2016 - Lou Berger 2013, 2016-2018 - Lu Feng 2014-2015 - Lucian Cristian 2017 - Maitane Zotes 2014 - Manuel Schweizer 2017 - Marcel Röthke 2017-2018 - Mark Stapp 2018 - Martin Buck 2018 - Martin Winter 2015-2018 - Martín Beauchamp 2017 - Mathias Krause 2010 - Mathieu Goessens 2009 - Matthew Smith 2017 - Matthias Ferdinand 2011 - Matthieu Boutier 2012, 2016-2017 - Matti-Oskari Leppänen 2013 - Michael Lambert 2008-2010 - Michael Rossberg 2015 - Michael Zingg 2012 - Michal Sekletar 2014 - Mike Tancsa 2017 - Milan Kocian 2013-2014 - Mitesh Kanjariya 2017-2018 - Mladen Sablic 2017-2018 - Morgan Stewart 2015 - Nathan Van Gheem 2018 - Nick Hilliard 2009-2012 - Nico Golde 2010 - Nicolas Dichtel 2015 - Nigel Kukard 2017 - Nolan Leake 2012 - Oleg A. Arkhangelsky 2011 - Olivier Cochard-Labbé 2014 - Olivier Dugeon 2014-2018 - Ondrej Zajicek 2009 - Pascal Mathis 2018 - Paul Jakma 2002-2016 - Paul P Komkoff Jr 2008 - Pawel Wieczorkiewicz 2016 - Peter Pentchev 2011 - Peter Szilagyi 2011 - Phil Huang 2017 - Phil Laverdiere 2012 - Philippe Guibert 2016-2018 - Piotr Jurkiewicz 2018 - Pradosh Mohapatra 2013-2014 - Quentin Young 2016-2018 - Radhika Mahankali 2015-2017 - Rafael Zalamena 2017-2018 - Rakesh Garimella 2013 - Raymond P. Burkholder 2017 - Remi Gacogne 2013 - Renato Westphal 2012, 2016-2018 - Robert Bays 2010 - Roderick Schertler 2011 - Rodny Molina 2018 - Roman Hoog Antink 2010-2013 - Ruben Kerkhof 2018 - Russ White 2017-2018 - Ryan Hagelstrom 2017 - Sam Tannous 2016-2017 - Sarita Patra 2018 - Sebastian Lohff 2017 - Sergey Fionov 2018 - Sergey Y. Afonin 2011 - Serj Kalichev 2012 - Sid Khot 2016 - Silas McCroskey 2017-2018 - Stephane Litkowski 2017 - Stephen Hemminger 2008-2014 - Stephen Worley 2018 - Steve Hill 2009 - Stig Thormodsrud 2008 - Subbaiah Venkata 2012 - Svata Dedic 2011 - Sébastien Luttringer 2014 - Takashi Sogabe 2009 - Thijs Kinkhorst 2009 - Thomas Gelf 2018 - Thomas Petazzoni 2016 - Thomas Ries 2011 - Thorvald Natvig 2017 - Tigran Martirosyan 2018 - Timo Teräs 2008-2009, 2013-2017 - Timothy Redaelli 2017 - Tom Goff 2009-2011 - Tom Henderson 2009 - Tomasz Pala 2009 - Udaya Shankara KS 2016 - Ulrich Weber 2011-2013 - Vasilis Tsiligiannis 2009 - Vincent Bernat 2012, 2017-2018 - Vincent Jardin 2003-2007, 2014, 2017-2018 - Vipin Kumar 2014-2015 - Vishal Dhingra 2018 - Vishal Kumar 2012 - Vitaliy Senchyshyn 2013 - Vivek Venkatraman 2015-2018 - Vladimir L Ivanov 2010 - Vyacheslav Trushkin 2011-2012 - Vystoropskyi, Sergii 2015 - Wataru Tanitsu 2010 - Wenjian Ma 2015 - Will McLendon 2017 - YAMAMOTO Shigeru 2011 - Yasuhiro Ohara 2009 - Zefan Xu 2018 - dturlupov 2018 - heasley 2009-2011 - jaydom 2017 - jpmondet 2018 - kssoman 2018 - lihongguang 2018 - lyq140 2018 - pcarana 2018 - pogojotz 2017 - tigranmartirosyan 2017 - tmartiro 2017 - vize 2007 - 高鹏 2012 -License: GPL-2+ - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - . - On Debian systems, the full text of the GNU General Public - License version 2 can be found in the file - `/usr/share/common-licenses/GPL-2'. diff --git a/debianpkg/frr-dbg.lintian-overrides b/debianpkg/frr-dbg.lintian-overrides deleted file mode 100644 index b18c555444..0000000000 --- a/debianpkg/frr-dbg.lintian-overrides +++ /dev/null @@ -1,5 +0,0 @@ -# extra priority is deprecated -frr-dbg binary: debug-package-should-be-priority-extra - -# personal name -spelling-error-in-copyright Ang And diff --git a/debianpkg/frr-doc.doc-base b/debianpkg/frr-doc.doc-base deleted file mode 100644 index ec7870d7aa..0000000000 --- a/debianpkg/frr-doc.doc-base +++ /dev/null @@ -1,23 +0,0 @@ -Document: frr -Title: FRRouting user manual -Abstract: General user/operator description for the FRRouting suite of - routing protocol daemons. -Section: Network/Communication - -Format: HTML -Index: /usr/share/doc/frr/html/index.html -Files: /usr/share/doc/frr/html/* - -Format: info -Index: /usr/share/info/frr.info.gz -Files: - /usr/share/info/frr.info.gz - /usr/share/info/fig-normal-processing.png - /usr/share/info/fig-rs-processing.png - /usr/share/info/fig-vnc-commercial-route-reflector.png - /usr/share/info/fig-vnc-frr-route-reflector.png - /usr/share/info/fig-vnc-gw.png - /usr/share/info/fig-vnc-mesh.png - /usr/share/info/fig-vnc-redundant-route-reflectors.png - /usr/share/info/fig_topologies_full.png - /usr/share/info/fig_topologies_rs.png diff --git a/debianpkg/frr-doc.info b/debianpkg/frr-doc.info deleted file mode 100644 index a83255a24f..0000000000 --- a/debianpkg/frr-doc.info +++ /dev/null @@ -1 +0,0 @@ -doc/user/_build/texinfo/frr.info diff --git a/debianpkg/frr-doc.install b/debianpkg/frr-doc.install deleted file mode 100644 index c48dc5a8db..0000000000 --- a/debianpkg/frr-doc.install +++ /dev/null @@ -1,10 +0,0 @@ -# html docs include RST sources -usr/share/doc/frr/html - -# info + images referenced by it -usr/share/info/ -doc/user/_build/texinfo/*.png usr/share/info - -# other -README.md usr/share/doc/frr -doc/figures/*.png usr/share/doc/frr diff --git a/debianpkg/frr-doc.lintian-overrides b/debianpkg/frr-doc.lintian-overrides deleted file mode 100644 index d4ada822a5..0000000000 --- a/debianpkg/frr-doc.lintian-overrides +++ /dev/null @@ -1,2 +0,0 @@ -# personal name -spelling-error-in-copyright Ang And diff --git a/debianpkg/frr-pythontools.install b/debianpkg/frr-pythontools.install deleted file mode 100644 index 28140382f6..0000000000 --- a/debianpkg/frr-pythontools.install +++ /dev/null @@ -1 +0,0 @@ -usr/lib/frr/frr-reload.py diff --git a/debianpkg/frr-pythontools.lintian-overrides b/debianpkg/frr-pythontools.lintian-overrides deleted file mode 100644 index d4ada822a5..0000000000 --- a/debianpkg/frr-pythontools.lintian-overrides +++ /dev/null @@ -1,2 +0,0 @@ -# personal name -spelling-error-in-copyright Ang And diff --git a/debianpkg/frr-rpki-rtrlib.install b/debianpkg/frr-rpki-rtrlib.install deleted file mode 100644 index 0465c0d910..0000000000 --- a/debianpkg/frr-rpki-rtrlib.install +++ /dev/null @@ -1 +0,0 @@ -usr/lib/*/frr/modules/bgpd_rpki.so diff --git a/debianpkg/frr-rpki-rtrlib.lintian-overrides b/debianpkg/frr-rpki-rtrlib.lintian-overrides deleted file mode 100644 index 3927731760..0000000000 --- a/debianpkg/frr-rpki-rtrlib.lintian-overrides +++ /dev/null @@ -1,5 +0,0 @@ -# module contains no function calls that can be hardened -frr-rpki-rtrlib binary: hardening-no-fortify-functions * - -# personal name -spelling-error-in-copyright Ang And diff --git a/debianpkg/frr-snmp.install b/debianpkg/frr-snmp.install deleted file mode 100644 index 5517ca7eec..0000000000 --- a/debianpkg/frr-snmp.install +++ /dev/null @@ -1,2 +0,0 @@ -usr/lib/*/frr/libfrrsnmp.* -usr/lib/*/frr/modules/*_snmp.so diff --git a/debianpkg/frr-snmp.lintian-overrides b/debianpkg/frr-snmp.lintian-overrides deleted file mode 100644 index d4ada822a5..0000000000 --- a/debianpkg/frr-snmp.lintian-overrides +++ /dev/null @@ -1,2 +0,0 @@ -# personal name -spelling-error-in-copyright Ang And diff --git a/debianpkg/frr.conf b/debianpkg/frr.conf deleted file mode 100644 index dee3cd849a..0000000000 --- a/debianpkg/frr.conf +++ /dev/null @@ -1,2 +0,0 @@ -# Create the /run/frr directory at boot or from systemd-tmpfiles on install -d /run/frr 0755 frr frr diff --git a/debianpkg/frr.dirs b/debianpkg/frr.dirs deleted file mode 100644 index 4b05c8c907..0000000000 --- a/debianpkg/frr.dirs +++ /dev/null @@ -1,8 +0,0 @@ -etc/logrotate.d/ -etc/frr/ -etc/iproute2/rt_protos.d/ -usr/share/doc/frr/ -usr/share/doc/frr/examples/ -usr/share/lintian/overrides/ -usr/share/yang/ -var/log/frr/ diff --git a/debianpkg/frr.docs b/debianpkg/frr.docs deleted file mode 100644 index 34dbbd7bc7..0000000000 --- a/debianpkg/frr.docs +++ /dev/null @@ -1,2 +0,0 @@ -tools/zebra.el -debian/README.Debian diff --git a/debianpkg/frr.install b/debianpkg/frr.install deleted file mode 100644 index 3dff5baae5..0000000000 --- a/debianpkg/frr.install +++ /dev/null @@ -1,17 +0,0 @@ -etc/frr/ -usr/bin/vtysh -usr/bin/mtracebis -usr/lib/*/frr/libfrr.* -usr/lib/*/frr/libfrrospfapiclient.* -usr/lib/frr/frr -usr/lib/frr/*d -usr/lib/frr/watchfrr -usr/lib/frr/zebra -usr/lib/*/frr/modules/zebra_irdp.so -usr/lib/*/frr/modules/zebra_fpm.so -usr/share/doc/frr/examples -usr/share/man/ -usr/share/yang/ -tools/etc/* etc/ -tools/frr-reload usr/lib/frr/ -debian/frr.conf usr/lib/tmpfiles.d diff --git a/debianpkg/frr.lintian-overrides b/debianpkg/frr.lintian-overrides deleted file mode 100644 index 4df816fa05..0000000000 --- a/debianpkg/frr.lintian-overrides +++ /dev/null @@ -1,14 +0,0 @@ -# we're a bit special since we provide network connectivity by starting up -# routing protocols. -frr binary: systemd-service-file-refers-to-unusual-wantedby-target lib/systemd/system/frr.service network-online.target - -# function names & co. -frr binary: spelling-error-in-binary usr/lib/*/frr/libfrr.so.0.0.0 writen written -frr binary: spelling-error-in-binary usr/lib/*/frr/libfrrospfapiclient.so.0.0.0 writen written -frr binary: spelling-error-in-binary usr/lib/frr/ospfd writen written -frr binary: spelling-error-in-binary usr/lib/frr/zebra writen written -frr binary: spelling-error-in-binary usr/lib/frr/pimd writen written -frr binary: spelling-error-in-binary usr/lib/frr/pimd iif if - -# personal name -spelling-error-in-copyright Ang And diff --git a/debianpkg/frr.logrotate b/debianpkg/frr.logrotate deleted file mode 100644 index 1dc9122ac4..0000000000 --- a/debianpkg/frr.logrotate +++ /dev/null @@ -1,27 +0,0 @@ -/var/log/frr/*.log { - size 500k - sharedscripts - missingok - compress - rotate 14 - create 640 frr frrvty - - postrotate - pid=$(lsof -t -a -c /syslog/ /var/log/frr/* 2>/dev/null) - if [ -n "$pid" ] - then # using syslog - kill -HUP $pid - fi - # in case using file logging; if switching back and forth - # between file and syslog, rsyslogd might still have file - # open, as well as the daemons, so always signal the daemons. - # It's safe, a NOP if (only) syslog is being used. - for i in babeld bgpd eigrpd isisd ldpd nhrpd ospf6d ospfd \ - pimd ripd ripngd zebra staticd fabricd; do - if [ -e /var/run/frr/$i.pid ] ; then - pids="$pids $(cat /var/run/frr/$i.pid)" - fi - done - [ -n "$pids" ] && kill -USR1 $pids || true - endscript -} diff --git a/debianpkg/frr.manpages b/debianpkg/frr.manpages deleted file mode 100644 index f5aa972304..0000000000 --- a/debianpkg/frr.manpages +++ /dev/null @@ -1,16 +0,0 @@ -doc/manpages/_build/man/frr.1 -doc/manpages/_build/man/bgpd.8 -doc/manpages/_build/man/pimd.8 -doc/manpages/_build/man/eigrpd.8 -doc/manpages/_build/man/ldpd.8 -doc/manpages/_build/man/nhrpd.8 -doc/manpages/_build/man/ospf6d.8 -doc/manpages/_build/man/ospfd.8 -doc/manpages/_build/man/ripd.8 -doc/manpages/_build/man/ripngd.8 -doc/manpages/_build/man/vtysh.1 -doc/manpages/_build/man/zebra.8 -doc/manpages/_build/man/isisd.8 -doc/manpages/_build/man/watchfrr.8 -doc/manpages/_build/man/mtracebis.8 -doc/manpages/_build/man/fabricd.8 diff --git a/debianpkg/frr.pam b/debianpkg/frr.pam deleted file mode 100644 index 2b106d43bc..0000000000 --- a/debianpkg/frr.pam +++ /dev/null @@ -1,3 +0,0 @@ -# Any user may call vtysh but only those belonging to the group frrvty can -# actually connect to the socket and use the program. -auth sufficient pam_permit.so diff --git a/debianpkg/frr.postinst b/debianpkg/frr.postinst deleted file mode 100644 index 130903ca0b..0000000000 --- a/debianpkg/frr.postinst +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -set -e - -###################### -frruid=`getent passwd frr | awk -F ":" '{ print $3 }'` -frrgid=`getent group frr | awk -F ":" '{ print $3 }'` -frrvtygid=`getent group frrvty | awk -F ":" '{ print $3 }'` - -[ -n ${frruid} ] || (echo "No uid for frr" && /bin/false) -[ -n ${frrgid} ] || (echo "No gid for frr" && /bin/false) -[ -n ${frrVTYgid} ] || (echo "No gid for frrvty" && /bin/false) - -chown ${frruid}:${frrgid} /etc/frr -chown ${frruid}:${frrgid} /etc/frr/* -touch /etc/frr/vtysh.conf -chgrp ${frrvtygid} /etc/frr/vtysh* -chmod 644 /etc/frr/* - -ENVIRONMENTFILE=/etc/environment -if ! egrep --quiet '^VTYSH_PAGER=' ${ENVIRONMENTFILE}; then - echo "VTYSH_PAGER=/bin/cat" >> ${ENVIRONMENTFILE} -fi -################################################## - -if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi -${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} - -# This is most likely due to the answer "no" to the "really stop the server" -# question in the prerm script. -if [ "$1" = "abort-upgrade" ]; then - exit 0 -fi - -#DEBHELPER# - diff --git a/debianpkg/frr.postrm b/debianpkg/frr.postrm deleted file mode 100644 index aef06adcb9..0000000000 --- a/debianpkg/frr.postrm +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -set -e - -if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi -${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} -# set -u not because of debhelper - -if [ "$1" = "purge" ]; then - rm -rf /etc/frr /var/run/frr /var/log/frr - userdel frr >/dev/null 2>&1 || true -fi - -#DEBHELPER# diff --git a/debianpkg/frr.preinst b/debianpkg/frr.preinst deleted file mode 100644 index 1c141f37f9..0000000000 --- a/debianpkg/frr.preinst +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash - -if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi -${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} -set -e -set -u - -# creating frrvty group if it isn't already there -if ! getent group frrvty >/dev/null; then - addgroup --system frrvty >/dev/null -fi - -# creating frr group if it isn't already there -if ! getent group frr >/dev/null; then - addgroup --system frr >/dev/null -fi - -# creating frr user if he isn't already there -if ! getent passwd frr >/dev/null; then - adduser \ - --system \ - --ingroup frr \ - --home /nonexistent \ - --gecos "Frr routing suite" \ - --shell /bin/false \ - frr >/dev/null -fi - -# We may be installing over an older version of -# frr and as such we need to intelligently -# check to see if the frr user is in the frrvty -# group. -if ! id frr | grep &>/dev/null 'frrvty'; then - usermod -a -G frrvty frr >/dev/null -fi - -# Do not change permissions when upgrading as it would violate policy. -if [ "$1" = "install" ]; then - # Logfiles are group readable in case users were put into the frr group. - d=/var/log/frr/ - mkdir -p $d - chown frr:frr $d - chown --quiet frr:frr $d/* | true - chmod u=rwx,go=rx $d - find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= - - # Strict permissions for the sockets. - d=/var/run/frr/ - mkdir -p $d - chown frr:frr $d - chown --quiet frr:frr $d/* | true - chmod u=rwx,go=rx $d - find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,go= - - # Config files. Vtysh does not have access to the individual daemons config file - d=/etc/frr/ - mkdir -p $d - chown frr:frrvty $d - chmod ug=rwx,o=rx $d - find $d -type f -print0 | xargs -0 --no-run-if-empty chown frr:frr - find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= - - # Exceptions for vtysh. - f=$d/vtysh.conf - if [ -f $f ]; then - chown frr:frrvty $f - chmod u=rw,g=r,o= $f - fi - - # Exceptions for vtysh. - f=$d/frr.conf - if [ -f $d/Zebra.conf ]; then - mv $d/Zebra.conf $f - fi - if [ -f $f ]; then - chown frr:frrvty $f - chmod u=rw,g=r,o= $f - fi -fi - -#DEBHELPER# diff --git a/debianpkg/frr.prerm b/debianpkg/frr.prerm deleted file mode 100644 index 090cd5752a..0000000000 --- a/debianpkg/frr.prerm +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi -${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} -set -e - -# prerm remove -# old-prerm upgrade new-version -# new-prerm failed-upgrade old-version -# conflictor's-prerm remove in-favour package new-version -# deconfigured's-prerm deconfigure in-favour package-being-installed version removing conflicting-package -case $1 in - remove|upgrade) - ;; - - failed-upgrade) - # If frr/really_stop was negated then this script exits with return - # code 1 and is called again with "failed-upgrade". Well, exit again. - exit 1 - ;; - -esac - -#DEBHELPER# diff --git a/debianpkg/not-installed b/debianpkg/not-installed deleted file mode 100644 index 1a89f35853..0000000000 --- a/debianpkg/not-installed +++ /dev/null @@ -1,3 +0,0 @@ -usr/include -usr/lib/frr/ospfclient -usr/lib/frr/rfptest diff --git a/debianpkg/rules b/debianpkg/rules deleted file mode 100755 index bc7d4de269..0000000000 --- a/debianpkg/rules +++ /dev/null @@ -1,107 +0,0 @@ -#!/usr/bin/make -f - -# standard Debian options & profiles - -export DEB_BUILD_MAINT_OPTIONS = hardening=+all - -ifneq (,$(filter terse,$(DEB_BUILD_OPTIONS))) - MAKE_SILENT="V=0" - export DH_VERBOSE=0 -else - MAKE_SILENT="V=1" - export DH_VERBOSE=1 - export DH_OPTIONS=-v -endif - -# package-specific build profiles - -ifeq ($(filter pkg.frr.nortrlib,$(DEB_BUILD_PROFILES)),) - CONF_RPKI=--enable-rpki -else - CONF_RPKI=--disable-rpki -endif - -ifeq ($(filter pkg.frr.nosystemd,$(DEB_BUILD_PROFILES)),) - DH_WITH_SYSTEMD=systemd, - CONF_SYSTEMD=--enable-systemd=yes -else - DH_WITH_SYSTEMD= - CONF_SYSTEMD=--enable-systemd=no -endif - -export PYTHON=python3 - -%: - dh $@ --with=$(DH_WITH_SYSTEMD)autoreconf --parallel - -override_dh_auto_configure: - $(shell dpkg-buildflags --export=sh); \ - dh_auto_configure -- \ - --enable-exampledir=/usr/share/doc/frr/examples/ \ - --localstatedir=/var/run/frr \ - --sbindir=/usr/lib/frr \ - --sysconfdir=/etc/frr \ - --with-vtysh-pager=/usr/bin/pager \ - --libdir=/usr/lib/$(DEB_HOST_MULTIARCH)/frr \ - --with-moduledir=/usr/lib/$(DEB_HOST_MULTIARCH)/frr/modules \ - LIBTOOLFLAGS="-rpath /usr/lib/$(DEB_HOST_MULTIARCH)/frr" \ - --disable-dependency-tracking \ - \ - $(CONF_SYSTEMD) \ - $(CONF_RPKI) \ - --with-libpam \ - --enable-doc \ - --enable-doc-html \ - --enable-snmp \ - --enable-fpm \ - --disable-protobuf \ - --disable-zeromq \ - --enable-ospfapi \ - --enable-bgp-vnc \ - --enable-multipath=256 \ - \ - --enable-user=frr \ - --enable-group=frr \ - --enable-vty-group=frrvty \ - --enable-configfile-mask=0640 \ - --enable-logfile-mask=0640 \ - # end - -override_dh_auto_install: - dh_auto_install - - sed -e '1c #!/usr/bin/python3' -i debian/tmp/usr/lib/frr/frr-reload.py - -# let dh_systemd_* and dh_installinit do their thing automatically -ifeq ($(filter pkg.frr.nosystemd,$(DEB_BUILD_PROFILES)),) - cp tools/frr.service debian/frr.service -endif - cp tools/frr debian/frr.init - -# install config files - mkdir -p debian/tmp/etc/frr/ - sed -e 's#^!log file #!log file /var/log/frr/#' -i debian/tmp/usr/share/doc/frr/examples/*sample* - -# drop dev-only files - find debian/tmp -name '*.la' -o -name '*.a' -o -name 'lib*.so' | xargs rm -f - rm -rf debian/tmp/usr/include - -# use installed js libraries - -rm -f debian/tmp/usr/share/doc/frr/html/_static/jquery.js - ln -s /usr/share/javascript/jquery/jquery.js debian/tmp/usr/share/doc/frr/html/_static/jquery.js - -rm -f debian/tmp/usr/share/doc/frr/html/_static/underscore.js - ln -s /usr/share/javascript/underscore/underscore.js debian/tmp/usr/share/doc/frr/html/_static/underscore.js - -override_dh_auto_build: - dh_auto_build -- $(MAKE_SILENT) - -override_dh_makeshlibs: - dh_makeshlibs -n - -override_dh_missing: - dh_missing --fail-missing - -override_dh_auto_clean: -# we generally do NOT want a full distclean since that wipes both -# debianpkg/changelog and config.version - if test -f Makefile; then make redistclean; fi diff --git a/debianpkg/source/format b/debianpkg/source/format deleted file mode 100644 index af745b310b..0000000000 --- a/debianpkg/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (git) diff --git a/debianpkg/source/lintian-overrides b/debianpkg/source/lintian-overrides deleted file mode 100644 index cebc81fddf..0000000000 --- a/debianpkg/source/lintian-overrides +++ /dev/null @@ -1,5 +0,0 @@ -# these are for build-compatibility on older distros (e.g. Ubuntu 14.04) -frr source: alternatively-build-depends-on-python-sphinx-and-python3-sphinx - -# Debian Jessie and Ubuntu 16.04 need dh-systemd -frr source: ored-build-depends-on-obsolete-package diff --git a/debianpkg/subdir.am b/debianpkg/subdir.am deleted file mode 100644 index 196363c68b..0000000000 --- a/debianpkg/subdir.am +++ /dev/null @@ -1,45 +0,0 @@ -# -# debianpkg -# - -EXTRA_DIST += \ - debianpkg/README.Debian \ - debianpkg/README.Maintainer \ - debianpkg/changelog \ - debianpkg/changelog-auto \ - debianpkg/compat \ - debianpkg/control \ - debianpkg/copyright \ - debianpkg/rules \ - debianpkg/source/format \ - debianpkg/source/lintian-overrides \ - debianpkg/tests/control \ - debianpkg/tests/daemons \ - debianpkg/watchfrr.rc \ - debianpkg/watch \ - \ - debianpkg/frr-dbg.lintian-overrides \ - debianpkg/frr-doc.doc-base \ - debianpkg/frr-doc.info \ - debianpkg/frr-doc.install \ - debianpkg/frr-doc.lintian-overrides \ - debianpkg/frr-pythontools.install \ - debianpkg/frr-pythontools.lintian-overrides \ - debianpkg/frr-rpki-rtrlib.install \ - debianpkg/frr-rpki-rtrlib.lintian-overrides \ - debianpkg/frr-snmp.install \ - debianpkg/frr-snmp.lintian-overrides \ - debianpkg/frr.conf \ - debianpkg/frr.dirs \ - debianpkg/frr.docs \ - debianpkg/frr.install \ - debianpkg/frr.lintian-overrides \ - debianpkg/frr.logrotate \ - debianpkg/frr.manpages \ - debianpkg/frr.pam \ - debianpkg/frr.postinst \ - debianpkg/frr.postrm \ - debianpkg/frr.preinst \ - debianpkg/frr.prerm \ - debianpkg/not-installed \ - # end diff --git a/debianpkg/tests/control b/debianpkg/tests/control deleted file mode 100644 index 53fd537e2e..0000000000 --- a/debianpkg/tests/control +++ /dev/null @@ -1,3 +0,0 @@ -Tests: daemons -Depends: frr -Restrictions: needs-root diff --git a/debianpkg/tests/daemons b/debianpkg/tests/daemons deleted file mode 100644 index 43966c8347..0000000000 --- a/debianpkg/tests/daemons +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -#--------------- -# Testing frr -#--------------- -set -e - -# modify config file to enable all daemons and copy config files -CONFIG_FILE=/etc/frr/daemons -DAEMONS=("zebra" "bgpd" "ospfd" "ospf6d" "ripd" "ripngd" "isisd" "pimd" "fabricd") - -for daemon in "${DAEMONS[@]}" -do - sed -i -e "s/${daemon}=no/${daemon}=yes/g" $CONFIG_FILE - cp /usr/share/doc/frr/examples/${daemon}.conf.sample /etc/frr/${daemon}.conf -done - -# reload frr -/etc/init.d/frr restart > /dev/null 2>&1 - -# check daemons -for daemon in "${DAEMONS[@]}" -do - echo -n "check $daemon - " - if pidof -x $daemon > /dev/null; then - echo "${daemon} OK" - else - echo "ERROR: ${daemon} IS NOT RUNNING" - exit 1 - fi -done diff --git a/debianpkg/watch b/debianpkg/watch deleted file mode 100644 index c286392d7e..0000000000 --- a/debianpkg/watch +++ /dev/null @@ -1,4 +0,0 @@ -version=4 - -https://github.com/FRRouting/frr/releases/ \ - download/frr-(?:\d[\d.]*)/frr-(\d[\d.]*)\.tar\.xz debian uupdate diff --git a/debianpkg/watchfrr.rc b/debianpkg/watchfrr.rc deleted file mode 100644 index 4110b86399..0000000000 --- a/debianpkg/watchfrr.rc +++ /dev/null @@ -1,4 +0,0 @@ -check process watchfrr with pidfile /var/run/frr/watchfrr.pid - start program = "/etc/init.d/frr start watchfrr" with timeout 120 seconds - stop program = "/etc/init.d/frr stop watchfrr" - if 3 restarts within 10 cycles then timeout diff --git a/doc/developer/maintainer-release-build.rst b/doc/developer/maintainer-release-build.rst index 85aaa5365a..7792173034 100644 --- a/doc/developer/maintainer-release-build.rst +++ b/doc/developer/maintainer-release-build.rst @@ -37,7 +37,7 @@ Release Build Procedure for FRR Maintainers 4. Update Changelog for Debian Packages: - Edit :file:`debianpkg/changelog.in`: + Edit :file:`debian/changelog-auto.in`: - Change last (top of list) entry from ``@VERSION@`` to previous fixed version number, i.e.:: diff --git a/doc/developer/packaging-debian.rst b/doc/developer/packaging-debian.rst index c812a38212..1ace8f5f78 100644 --- a/doc/developer/packaging-debian.rst +++ b/doc/developer/packaging-debian.rst @@ -1,29 +1,16 @@ Packaging Debian ================ -(Tested on Ubuntu 12.04, 14.04, 16.04, 17.10, 18.04, Debian 8 and 9) - -.. note:: - - If you try to build for a different distro, then it will most likely fail - because of the missing backport. See :ref:`deb-backports` about adding a new - backport. +(Tested on Ubuntu 14.04, 16.04, 17.10, 18.04, Debian jessie, stretch and +buster.) 1. Install build dependencies for your platform as outlined in :ref:`building`. -2. Install the following additional packages: - - - on Ubuntu 12.04, 14.04, 16.04, 17.10, Debian 8 and 9: - - .. code-block:: shell - - apt-get install realpath equivs groff fakeroot debhelper devscripts - - - on Ubuntu 18.04: (realpath is now part of preinstalled by coreutils) +2. Install the general Debian package building tools: .. code-block:: shell - apt-get install equivs groff fakeroot debhelper devscripts + apt-get install equivs fakeroot debhelper devscripts 3. Checkout FRR under a **unprivileged** user account: @@ -38,13 +25,21 @@ Packaging Debian git checkout -4. Run ``bootstrap.sh`` and make a dist tarball: +4. Build Debian package dependencies and install them as needed. + + .. code-block:: shell + + sudo mk-build-deps --install debian/control + +5. Run ``bootstrap.sh``: + + (This step should be omitted if you are using a "debian" branch, as opposed + to the "master", a "stable/X.X" or any other non-"debian" branch.) .. code-block:: shell ./bootstrap.sh ./configure --with-pkg-extra-version=-MyDebPkgVersion - make dist .. note:: @@ -52,48 +47,7 @@ Packaging Debian except the `with-pkg-extra-version` if you want to give the Debian package a specific name to mark your own unoffical build. -5. Edit :file:`debianpkg/rules` and set the configuration as needed. - - Look for section ``dh_auto_configure`` to modify the configure options as - needed. Options might be different between the top-level ``rules``` and - :file:`backports/XXXX/debian/rules`. Please adjust as needed on all files. - -6. Create backports debian sources - - Rename the :file:`debianpkg` directory to :file:`debian` and create the - backports (Debian requires to not ship a :file:`debian` directory inside the - source directory to avoid build conflicts with the reserved ``debian`` - subdirectory name during the build): - - .. code-block:: shell - - mv debianpkg debian - make -f debian/rules backports - - This will create a :file:`frr_*.orig.tar.gz` with the source (same as the - dist tarball), as well as multiple :file:`frr_*.debian.tar.xz` and - :file:`frr_*.dsc` corresponding to each distribution for which a backport is - available. - -7. Create a new directory to build the package and populate with package - source. - - .. code-block:: shell - - mkdir frrpkg - cd frrpkg - tar xf ~/frr/frr_*.orig.tar.gz - cd frr* - . /etc/os-release - tar xf ~/frr/frr_*${ID}${VERSION_ID}*.debian.tar.xz - -8. Build Debian package dependencies and install them as needed. - - .. code-block:: shell - - sudo mk-build-deps --install debian/control - -9. Build Debian Package +6. Build Debian Package Building with standard options: @@ -101,80 +55,9 @@ Packaging Debian debuild -b -uc -us - Or change some options (see `rules` file for available options): - - .. code-block:: shell - - debuild --set-envvar=WANT_BGP_VNC=1 --set-envvar=WANT_CUMULUS_MODE=1 -b -uc -us - - To build with RPKI: - - - Download the librtr packages from - https://ci1.netdef.org/browse/RPKI-RTRLIB/latestSuccessful/artifact - - - install librtr-dev on the build server +7. Done! - Then build with: - - .. code-block:: shell - - debuild --set-envvar=WANT_RPKI=1 -b -uc -us - - RPKI packages have an additonal dependency of ``librtr0`` which can be found - at the same URL. - -10. Done! - -If all worked correctly, then you should end up with the Debian packages under -:file:`frrpkg`. If distributed, please make sure you distribute it together -with the sources (``frr_*.orig.tar.gz``, ``frr_*.debian.tar.xz`` and +If all worked correctly, then you should end up with the Debian packages in +the parent directory. If distributed, please make sure you distribute it +together with the sources (``frr_*.orig.tar.gz``, ``frr_*.debian.tar.xz`` and ``frr_*.dsc``) - -The build procedure can also be executed automatically using the ``tools/build-debian-package.sh`` -script. For example: - -.. code-block:: shell - - EXTRA_VERSION="-myversion" WANT_SNMP=1 WANT_CUMULUS_MODE=1 tools/build-debian-package.sh - -.. _deb-backports: - -Debian Backports ----------------- - -The :file:`debianpkg/backports` directory contains the Debian directories for -backports to other Debian platforms. These are built via the ``3.0 (custom)`` -source format, which allows one to build a source package directly out of -tarballs (e.g. an orig.tar.gz tarball and a debian.tar.gz file), at which point -the format can be changed to a real format (e.g. ``3.0 (quilt)``). - -Source packages are assembled via targets of the same name as the system to -which the backport is done (e.g. ``precise``), included in :file:`debian/rules`. - -To create a new Debian backport: - -- Add its name to ``KNOWN_BACKPORTS``, defined in :file:`debian/rules`. -- Create a directory of the same name in :file:`debian/backports`. -- Add the files ``exclude``, ``versionext``, and ``debian/source/format`` under - this directory. - -For the last point, these files should contain the following: - -``exclude`` - Contains whitespace-separated paths (relative to the root of the source dir) - that should be excluded from the source package (e.g. - :file:`debian/patches`). - -``versionext`` - Contains the suffix added to the version number for this backport's build. - Distributions often have guidelines for what this should be. If left empty, - no new :file:`debian/changelog` entry is created. - -``debian/source/format`` - Contains the source format of the resulting source package. As of of the - writing of this document the only supported format is ``3.0 (quilt)``. - -- Add appropriate files under the :file:`debian/` subdirectory. These will be - included in the source package, overriding any top-level :file:`debian/` - files with equivalent paths. - diff --git a/tools/tarsource.sh b/tools/tarsource.sh index a40a597ba4..78efae3577 100755 --- a/tools/tarsource.sh +++ b/tools/tarsource.sh @@ -165,7 +165,7 @@ if test -d "$src/.git"; then # if there have been changes to packaging or tests, it's still the # same release changes="`git diff --name-only "$gittag" $commit | \ - egrep -v '\.git|^m4/|^config|^README|^alpine/|^debianpkg/|^pkgsrc/|^ports/|^redhat/|^snapcraft/|^solaris/|^tests/|^gdb/|^docker/|^\.' | \ + egrep -v '\.git|^m4/|^config|^README|^alpine/|^debian/|^pkgsrc/|^ports/|^redhat/|^snapcraft/|^solaris/|^tests/|^tools/|^gdb/|^docker/|^\.' | \ wc -l`" if test "$changes" -eq 0; then adjchangelog=true @@ -206,7 +206,7 @@ if test -d "$src/.git"; then test $extraset = false -a -f "$tmpdir/.gitpr" && extraver="-PR`cat \"$tmpdir/.gitpr\"`$extraver" fi - debsrc="( git ls-files debianpkg/; echo debianpkg/changelog )" + debsrc="git ls-files debian/" else if $nongit; then echo -e "\033[31;1mWARNING: this script should be executed from a git tree\033[m" >&2 @@ -214,7 +214,7 @@ else echo -e "\033[31;1mERROR: this script should be executed from a git tree\033[m" >&2 exit 1 fi - debsrc="echo debianpkg" + debsrc="echo debian" fi if $writeversion; then @@ -265,22 +265,21 @@ lsfiles="frr-${PACKAGE_VERSION}.tar.$zip" if $debian; then mkdir -p "$tmpdir/debian/source" - cp debianpkg/changelog "$tmpdir/debian/changelog" + cat debian/changelog > "$tmpdir/debian/changelog" if $adjchangelog; then - if grep -q 'autoconf changelog entry' debianpkg/changelog; then - tail -n +9 debianpkg/changelog > "$tmpdir/debian/changelog" + if grep -q 'autoconf changelog entry' debian/changelog; then + tail -n +9 debian/changelog > "$tmpdir/debian/changelog" fi fi echo '3.0 (quilt)' > "$tmpdir/debian/source/format" DEBVER="`dpkg-parsechangelog -l\"$tmpdir/debian/changelog\" -SVersion`" - # rename debianpkg to debian while tar'ing eval $debsrc | tar -cho $taropt \ - --exclude-vcs --exclude debianpkg/source/format \ - --exclude debianpkg/changelog \ - --exclude debianpkg/changelog.in \ - --exclude debianpkg/subdir.am \ - --transform 's%^debianpkg%debian%' \ + --exclude-vcs --exclude debian/source/format \ + --exclude debian/changelog \ + --exclude debian/changelog-auto \ + --exclude debian/changelog-auto.in \ + --exclude debian/subdir.am \ -T - -f ../frr_${DEBVER}.debian.tar # add specially prepared files from above tar -uf ../frr_${DEBVER}.debian.tar $taropt -C "$tmpdir" debian/source/format debian/changelog @@ -290,7 +289,7 @@ if $debian; then # pack up debian files proper ln -s "$outdir/frr-${PACKAGE_VERSION}.tar.$zip" ../frr_${PACKAGE_VERSION}.orig.tar.$zip - dpkg-source -l"$tmpdir/debian/changelog" -c"`pwd`/debianpkg/control" \ + dpkg-source -l"$tmpdir/debian/changelog" \ --format='3.0 (custom)' --target-format='3.0 (quilt)' \ -b . frr_${PACKAGE_VERSION}.orig.tar.$zip frr_${DEBVER}.debian.tar.$zip