Request 1195553 (accepted)

This request supersedes: request 1195294 (Show diff)

Overview

Request 1195553 accepted

- Apply upstream fix for crash in bgp_attr_encap that were missing
a check of the actual remaining stream length before taking the
TLV value (CVE-2024-44070,bsc#1229438,gh#FRRouting/frr#16502):
+ 0002-bgpd-Check-the-actual-remaining-stream-length-before.patch
- Re-added 0001-disable-zmq-test.patch to avoid (sporadic or arch
specific, e.g. aarch64) "make check" test failures (bsc#1180217).
+ 0001-disable-zmq-test.patch
- Re-added hardening patch for systemd service(s) (bsc#1181400):
+ harden_frr.service.patch
- Cleanup unknown --enable-systemd and correct the --sysconfdir
and --localstatedir configure options to not end in …/frr.

Created by mtomaschewski 3 months ago
In state accepted
Package maintainers: emendonca, mnhauke, and mtomaschewski
Supersedes 1195294

Submit frr

Comments for request 1195553 0
Comments for request 1195294 2

Marius Tomaschewski (mtomaschewski) - 3 months ago

author source maintainer target maintainer

Hmm... we still need the 0001-disable-zmq-test.patch as well, see: https://build.opensuse.org/package/live_build_log/network/frr/openSUSE_Factory_ARM/aarch64 [ 5618s] lib/test_zmq.py::TestZMQ::test_refout qemu-system-aarch64: terminating on signal 15 from pid 37425 (fuser)

Marius Tomaschewski (mtomaschewski) - 3 months ago

author source maintainer target maintainer

There is a warning from configure about --enable-systemd, --sysconfdir and --localstatedir options, see e.g. https://build.opensuse.org/build/network/openSUSE_Tumbleweed/x86_64/frr/_log: [ 24s] + ./configure --host=x86_64-suse-linux --build=x86_64-suse-linux --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --disable-silent-rules --sysconfdir=/etc/frr --localstatedir=/run/frr --sbindir=/usr/lib/frr --with-moduledir=/usr/lib64/frr/modules --disable-static --with-vtysh-pager=/usr/bin/less --enable-user=frr --enable-group=frr --enable-vty-group=frrvty --enable-configfile-mask=0640 --enable-logfile-mask=0640 --enable-doc --enable-doc-html --enable-babeld --enable-bfdd --enable-bgpd --enable-bgp-vnc --enable-eigrpd --enable-fpm --enable-irdp --enable-isisd --enable-ldpd --enable-multipath=256 --enable-nhrpd --enable-snmp --enable-zeromq --enable-ospfd --enable-ospf6d --enable-ospfapi --enable-ospfclient --with-libpam --enable-pbrd --enable-pimd --enable-pim6d --enable-protobuf --enable-ripd --enable-ripngd --enable-rpki --enable-rtadv --enable-sharpd --enable-staticd --enable-vtysh --enable-watchfrr --enable-zebra --enable-realms --enable-shell-access --with-crypto=openssl --enable-config-rollbacks --enable-systemd [ 24s] configure: WARNING: unrecognized options: --enable-systemd [ 24s] checking whether --sysconfdir option is FRR-specific... yes, ends in /frr - removing suffix [ 24s] configure: WARNING: Please remove /frr suffix from --sysconfdir="/etc/frr" (it should be /etc in 99% of cases) [ 24s] checking whether --localstatedir option is FRR-specific... yes, ends in /run/frr - removing suffix [ 24s] configure: WARNING: Please remove /run/frr suffix from --localstatedir=/run/frr (it should be /var in 99% of cases) [ 24s] configure: WARNING: ^ [ 24s] configure: WARNING: ^ [ 24s] configure: WARNING: ^ warnings regarding system path configuration were printed above [ 24s] configure: WARNING: ^ paths have been adjusted by temporary workarounds [ 24s] configure: WARNING: ^ please fix your ./configure invocation (remove /frr) so it will work without the workarounds [ 24s] configure: WARNING: ^ [ 24s] configure: WARNING: ^

Request History

mtomaschewski created request 3 months ago

emendonca accepted request 3 months ago

Sorry for the delay, Marius, your patches are definitely needed!

Places

Overview