diff options
| -rw-r--r-- | alpine/APKBUILD.in | 2 | ||||
| -rw-r--r-- | bgpd/bgp_attr.c | 8 | ||||
| -rw-r--r-- | bgpd/bgp_rpki.c | 3 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rwxr-xr-x | docker/alpine/libyang/APKBUILD | 1 | ||||
| -rw-r--r-- | isisd/isis_te.c | 2 | ||||
| -rw-r--r-- | ospfd/ospf_sr.c | 3 | ||||
| -rw-r--r-- | redhat/frr.spec.in | 12 | ||||
| -rw-r--r-- | tools/frrinit.sh.in | 2 | ||||
| -rw-r--r-- | zebra/dplane_fpm_nl.c | 2 | ||||
| -rw-r--r-- | zebra/zebra_snmp.c | 30 |
12 files changed, 51 insertions, 22 deletions
diff --git a/alpine/APKBUILD.in b/alpine/APKBUILD.in index fef7a61ccc..8869a44b93 100644 --- a/alpine/APKBUILD.in +++ b/alpine/APKBUILD.in @@ -33,6 +33,8 @@ _localstatedir=/var/run/frr _user=frr build() { + export ABUILD_APK_INDEX_OPTS="--allow-untrusted" + cd "$builddir" ./configure \ diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index 006047bf87..e75d85b6cd 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -2725,6 +2725,14 @@ static int bgp_attr_encap(struct bgp_attr_parser_args *args) args->total); } + if (STREAM_READABLE(BGP_INPUT(peer)) < sublength) { + zlog_err("Tunnel Encap attribute sub-tlv length %d exceeds remaining stream length %zu", + sublength, STREAM_READABLE(BGP_INPUT(peer))); + return bgp_attr_malformed(args, + BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, + args->total); + } + /* alloc and copy sub-tlv */ /* TBD make sure these are freed when attributes are released */ tlv = XCALLOC(MTYPE_ENCAP_TLV, diff --git a/bgpd/bgp_rpki.c b/bgpd/bgp_rpki.c index 73c6fe0c47..496f97004f 100644 --- a/bgpd/bgp_rpki.c +++ b/bgpd/bgp_rpki.c @@ -279,7 +279,8 @@ static void rpki_delete_all_cache_nodes(void) struct cache *cache; for (ALL_LIST_ELEMENTS(cache_list, cache_node, cache_next, cache)) { - rtr_mgr_remove_group(rtr_config, cache->preference); + if (is_running()) + rtr_mgr_remove_group(rtr_config, cache->preference); listnode_delete(cache_list, cache); } } diff --git a/configure.ac b/configure.ac index 9b1815fc08..4d6798ca92 100644 --- a/configure.ac +++ b/configure.ac @@ -7,7 +7,7 @@ ## AC_PREREQ([2.69]) -AC_INIT([frr], [8.5.5], [https://github.com/frrouting/frr/issues]) +AC_INIT([frr], [8.5.6], [https://github.com/frrouting/frr/issues]) PACKAGE_URL="https://frrouting.org/" AC_SUBST([PACKAGE_URL]) PACKAGE_FULLNAME="FRRouting" diff --git a/debian/changelog b/debian/changelog index abbd033722..f14a40ea66 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +frr (8.5.6-0) unstable; urgency=medium + + * New upstream release FRR 8.5.6 + + -- Donatas Abraitis <donatas@opensourcerouting.org> Wed, 11 Sep 2024 10:40:00 +0300 + frr (8.5.5-0) unstable; urgency=medium * New upstream release FRR 8.5.5 diff --git a/docker/alpine/libyang/APKBUILD b/docker/alpine/libyang/APKBUILD index aa792e7f0b..622b163f0d 100755 --- a/docker/alpine/libyang/APKBUILD +++ b/docker/alpine/libyang/APKBUILD @@ -21,6 +21,7 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/CESNET/libyang/archive/v$pkg # - CVE-2021-28906 build() { + export ABUILD_APK_INDEX_OPTS="--allow-untrusted" if [ "$CBUILD" != "$CHOST" ]; then CMAKE_CROSSOPTS="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_HOST_SYSTEM_NAME=Linux" fi diff --git a/isisd/isis_te.c b/isisd/isis_te.c index 155d1e6fed..a6cab03660 100644 --- a/isisd/isis_te.c +++ b/isisd/isis_te.c @@ -194,7 +194,7 @@ void isis_link_params_update(struct isis_circuit *circuit, return; /* Sanity Check */ - if ((ifp == NULL) || (circuit->state != C_STATE_UP)) + if (ifp == NULL) return; te_debug("ISIS-TE(%s): Update circuit parameters for interface %s", diff --git a/ospfd/ospf_sr.c b/ospfd/ospf_sr.c index 3a71e55710..419702b794 100644 --- a/ospfd/ospf_sr.c +++ b/ospfd/ospf_sr.c @@ -1474,7 +1474,8 @@ void ospf_sr_ri_lsa_update(struct ospf_lsa *lsa) /* Update Algorithm, SRLB and MSD if present */ if (algo != NULL) { int i; - for (i = 0; i < ntohs(algo->header.length); i++) + for (i = 0; + i < ntohs(algo->header.length) && i < ALGORITHM_COUNT; i++) srn->algo[i] = algo->value[0]; for (; i < ALGORITHM_COUNT; i++) srn->algo[i] = SR_ALGORITHM_UNSET; diff --git a/redhat/frr.spec.in b/redhat/frr.spec.in index d1e0288a5b..31c5551216 100644 --- a/redhat/frr.spec.in +++ b/redhat/frr.spec.in @@ -793,7 +793,17 @@ sed -i 's/ -M rpki//' %{_sysconfdir}/frr/daemons %changelog -* Thu Jun 06 2024 Martin Winter <mwinter@opensourcerouting.org> - %{version} +* Wed Sep 11 2024 Martin Winter <mwinter@opensourcerouting.org> - %{version} + +* Wed Sep 11 2024 Donatas Abraitis <donatas@opensourcerouting.org> - 8.5.6 +- isisd +- Fix update link params after circuit is up +- bgpd +- Fix crash at no rpki +- Fix for CVE-2024-44070 +- Ignore RFC8212 for BGP Confederations +- tools +- Ignore errors for frr reload stuff * Thu Jun 06 2024 Jafar Al-Gharaibeh <jafar@atcorp.com> - 8.5.5 - bgpd diff --git a/tools/frrinit.sh.in b/tools/frrinit.sh.in index 42adefb9ea..428d57c55b 100644 --- a/tools/frrinit.sh.in +++ b/tools/frrinit.sh.in @@ -123,7 +123,7 @@ reload) NEW_CONFIG_FILE="${2:-$C_PATH/frr.conf}" [ ! -r $NEW_CONFIG_FILE ] && log_failure_msg "Unable to read new configuration file $NEW_CONFIG_FILE" && exit 1 "$RELOAD_SCRIPT" --reload --bindir "$B_PATH" --confdir "$C_PATH" --rundir "$V_PATH" "$NEW_CONFIG_FILE" `echo $nsopt` - exit $? + exit 0 ;; *) diff --git a/zebra/dplane_fpm_nl.c b/zebra/dplane_fpm_nl.c index d08887ab0f..68a9e18af8 100644 --- a/zebra/dplane_fpm_nl.c +++ b/zebra/dplane_fpm_nl.c @@ -1223,7 +1223,7 @@ static void fpm_enqueue_l3vni_table(struct hash_bucket *bucket, void *arg) struct zebra_l3vni *zl3vni = bucket->data; fra->zl3vni = zl3vni; - hash_iterate(zl3vni->rmac_table, fpm_enqueue_rmac_table, zl3vni); + hash_iterate(zl3vni->rmac_table, fpm_enqueue_rmac_table, fra); } static void fpm_rmac_send(struct thread *t) diff --git a/zebra/zebra_snmp.c b/zebra/zebra_snmp.c index 6fe24dfa54..13409417c4 100644 --- a/zebra/zebra_snmp.c +++ b/zebra/zebra_snmp.c @@ -242,6 +242,8 @@ static int proto_trans(int type) return 3; /* static route */ case ZEBRA_ROUTE_RIP: return 8; /* rip */ + case ZEBRA_ROUTE_ISIS: + return 9; case ZEBRA_ROUTE_RIPNG: return 1; /* shouldn't happen */ case ZEBRA_ROUTE_OSPF: @@ -250,6 +252,8 @@ static int proto_trans(int type) return 1; /* shouldn't happen */ case ZEBRA_ROUTE_BGP: return 14; /* bgp */ + case ZEBRA_ROUTE_EIGRP: + return 16; default: return 1; /* other */ } @@ -266,9 +270,11 @@ static void check_replace(struct route_node *np2, struct route_entry *re2, return; } - if (prefix_cmp(&(*np)->p, &np2->p) < 0) + if (in_addr_cmp((uint8_t *)&(*np)->p.u.prefix4, + (uint8_t *)&np2->p.u.prefix4) < 0) return; - if (prefix_cmp(&(*np)->p, &np2->p) > 0) { + if (in_addr_cmp((uint8_t *)&(*np)->p.u.prefix4, + (uint8_t *)&np2->p.u.prefix4) > 0) { *np = np2; *re = re2; return; @@ -311,14 +317,8 @@ static void get_fwtable_route_node(struct variable *v, oid objid[], int i; /* Init index variables */ - - pnt = (uint8_t *)&dest; - for (i = 0; i < 4; i++) - *pnt++ = 0; - - pnt = (uint8_t *)&nexthop; - for (i = 0; i < 4; i++) - *pnt++ = 0; + memset(&dest, 0, sizeof(dest)); + memset(&nexthop, 0, sizeof(nexthop)); proto = 0; policy = 0; @@ -509,23 +509,23 @@ static uint8_t *ipFwTable(struct variable *v, oid objid[], size_t *objid_len, *val_len = sizeof(int); return (uint8_t *)&result; case IPFORWARDMETRIC1: - result = 0; + result = re->metric; *val_len = sizeof(int); return (uint8_t *)&result; case IPFORWARDMETRIC2: - result = 0; + result = -1; *val_len = sizeof(int); return (uint8_t *)&result; case IPFORWARDMETRIC3: - result = 0; + result = -1; *val_len = sizeof(int); return (uint8_t *)&result; case IPFORWARDMETRIC4: - result = 0; + result = -1; *val_len = sizeof(int); return (uint8_t *)&result; case IPFORWARDMETRIC5: - result = 0; + result = -1; *val_len = sizeof(int); return (uint8_t *)&result; default: |