Change log for frr package in Debian

frr (10.0-2) unstable; urgency=medium

  * fix build on hppa
  * only use libunwind on architectures where it is available
  * remove /var/lib/frr on purge
  * drop some ancient dependency alternates

 -- David Lamparter <email address hidden>  Fri, 03 May 2024 14:53:50 +0200

frr (10.0-1) unstable; urgency=medium

  * IRDP module is no longer packaged (slated to be removed upstream)
  * added mkdir+chown /var/lib/frr which is now used by FRR
  * sysconfdir and localstatedir configure args are no longer needed
  * NB: refer to never-released 8.5.2-1 changes below!
  * Link libatomic unconditionally (closes: #1067077)
  * known to not build on hppa due to struct.calcsize python exception

 -- David Lamparter <email address hidden>  Tue, 30 Apr 2024 19:36:44 +0200

frr (10.0-0.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Linking with atomic like armel to fix FTBFS.

 -- Daniel Baumann <email address hidden>  Sat, 27 Apr 2024 07:44:24 +0200

frr (9.1-0.1) unstable; urgency=high

  * Non-maintainer upload.
  * New upstream release (Closes: #1042473, #1055852):
    - CVE-2023-3748: parsing certain babeld unicast hello messages that are
      intended to be ignored. This issue may allow an attacker to send specially
      crafted hello messages with the unicast flag set, the interval field set
      to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to
      enter an infinite loop and cause a denial of service.
    - CVE-2023-38407: bgpd/bgp_label.c attempts to read beyond the end of the
      stream during labeled unicast parsing.
    - CVE-2023-41361: bgpd/bgp_open.c does not check for an overly large
      length of the rcv software version.
    - CVE-2023-46752: It mishandles malformed MP_REACH_NLRI data, leading to a
      crash.
    - CVE-2023-46753: A crash can occur for a crafted BGP UPDATE message
      without mandatory attributes, e.g., one with only an unknown transit
      attribute.
    - CVE-2023-47234: A crash can occur when processing a crafted BGP UPDATE
      message with a MP_UNREACH_NLRI attribute and additional NLRI data (that
      lacks mandatory path attributes).
    - CVE-2023-47235: A crash can occur when a malformed BGP UPDATE message
      with an EOR is processed, because the presence of EOR does not lead to a
      treat-as-withdraw outcome.
  * Updating patches:
    - removing CVE-2023-38802.patch, included upstream.
    - removing CVE-2023-41358.patch, included upstream.
    - removing CVE-2023-41360.patch, included upstream.
    - removing unapplied CVE-2023-41361.patch, included upstream.
    - adding CVE-2024-27913.patch from upstream:
      ospf_te_parse_te in ospfd/ospf_te.c allows remote attackers to cause a
      denial of service (ospfd daemon crash) via a malformed OSPF LSA packet,
      because of an attempted access to a missing attribute field (Closes:
      #1065144).
  * Updating build-depends:
    - adding now required protobuf-c-compiler to build-depends.
    - adding now required libprotobuf-c-dev to build-depends.
    - adding new libmgmt_be_nb.so to frr.install.
    - removing obsolete lsb-base.
    - prefering new pkgconf over old pkg-config.
  * Updating override_dh_auto_clean to fix FTBFS when built twice in a row
    (Closes: #1044470):
    - call dh_auto_clean which is safe to run now.
    - remove tests/.pytest_cache.
  * Removing obsolete doc-base.

 -- Daniel Baumann <email address hidden>  Fri, 08 Mar 2024 23:21:21 +0100

frr (7.5.1-1.1+deb11u2) bullseye-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2022-36440, CVE-2022-40302, CVE-2022-40318, CVE-2022-43681:
    Denial of service with maliciously construct BGP OPEN packet
    (Closes: #1035829).
  * CVE-2023-31490: Denial of service caused by malformed SRv6 L3
    service attribute (Closes: #1036062).
  * CVE-2023-38802: Denial of service caused by corrupted
    Tunnel Encapsulation attribute.
  * CVE-2023-41358: Denial of service while processing NLRIs with
    zero length attribute.

 -- Aron Xu <email address hidden>  Fri, 01 Sep 2023 12:27:31 +0800

frr (8.4.4-1.1~deb12u1) bookworm-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Update to upstream 8.4.4 stable point release.

 -- Aron Xu <email address hidden>  Tue, 05 Sep 2023 16:04:06 +0800

frr (8.4.4-1.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Upstream fixes for CVE-2023-38802, CVE-2023-41358, CVE-2023-41360

 -- Aron Xu <email address hidden>  Fri, 01 Sep 2023 16:57:41 +0800

frr (8.4.4-1) unstable; urgency=medium

  * new upstream release FRR 8.4.4
  * upstream fix CVE-2023-31489 (closes: #1036061)
  * upstream fix CVE-2023-31490 (closes: #1036062)
  * correctly use sphinxdoc:Built-Using
  * point watch file at git tarball, no more upstream dist tarballs

 -- David Lamparter <email address hidden>  Wed, 12 Jul 2023 14:28:34 +0200

frr (7.5.1-1.1+deb11u1) bullseye-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2022-37032: out-of-bounds read in BGP daemon that could lead to
    segmentation fault and denial of service.

 -- Aron Xu <email address hidden>  Fri, 24 Feb 2023 17:14:19 +0800

frr (8.4.2-1) unstable; urgency=medium

  * new upstream release FRR 8.4.2
  * drop all patches in debian/patches/, they got merged upstream

 -- David Lamparter <email address hidden>  Mon, 23 Jan 2023 17:32:02 +0100

frr (8.4.1-2) unstable; urgency=medium

  * commit to git tarball as source instead of dist tarball
  * ditch unneeded sphinx missing files patch
  * fix clippy symbol lookup issue (build SEGV on mips64el)
  * correctly mark :native for libelf-dev & libpython3-dev to fix cross-build
  * use mutex for zserv stats (atomic uint64_t is too wide for 32-bit archs)

 -- David Lamparter <email address hidden>  Fri, 06 Jan 2023 14:59:57 +0100

frr (8.4.1-1) unstable; urgency=medium

  * New upstream release FRR 8.4.1 (closes: #1017518)
  * New frr@ systemd service unit to run inside network namespace
  * egrep to grep -E
  * upstream fix ospfd crash (PR 8876) (closes: #981139)
  * upstream fix isisd parsing issues CVE-2022-26125, CVE-2022-26126 and
    babeld parsing issues CVE-2022-26127, CVE-2022-26128, CVE-2022-26129
    (closes: #1008010)
  * upstream fix bgpd out-of-bounds read CVE-2022-37032 (closes: #1021016)
  * upstream fix bgpd UAF CVE-2022-37035 (closes: #1016978)
  * libyang-related pcre3 dep replaced with pcre2 (closes: #1000032)
  * disable ELF magic on mips64el
  * fixed texinfo figure installation directory
  * enable dh_sphinxdoc to get rid of embedded javascript in frr-doc
  * removed bogus iproute dependency choice

 -- David Lamparter <email address hidden>  Mon, 02 Jan 2023 14:46:06 +0100

frr (8.1-1) unstable; urgency=medium

  * New upstream release FRR 8.1
  * Upload to unstable.

 -- Ondřej Surý <email address hidden>  Sat, 13 Nov 2021 13:32:48 +0100

Available diffs

• diff from 7.5.1-1.1 to 8.1-1 (3.9 MiB)

frr (7.5.1-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Backport upstream fix for compatibility with the bullseye
    libyang1. (Closes: #990585)

 -- Adrian Bunk <email address hidden>  Sun, 11 Jul 2021 19:15:04 +0300

Available diffs

• diff from 7.5.1-1 to 7.5.1-1.1 (1.1 KiB)

frr (7.5.1-1) unstable; urgency=medium

  * Update the d/gbp.conf for 7.5.1 release
  * Use wrap-and-sort -a to unify debian/ wrapping and sorting
  * Work around the sphinx-build error that doesn't copy images to texinfo
  * Change the upstream-tag in d/gbp.conf to track the upstream tarballs

 -- Ondřej Surý <email address hidden>  Mon, 08 Mar 2021 09:40:19 +0100

Available diffs

• diff from 7.5-1build1 (in Ubuntu) to 7.5.1-1 (77.1 KiB)

frr (7.5-1) unstable; urgency=medium

  * New upstream version 7.5

 -- Ondřej Surý <email address hidden>  Sun, 14 Feb 2021 21:38:50 +0100

Available diffs

• diff from 7.4-2 to 7.5-1 (1.9 MiB)

frr (7.4-2) unstable; urgency=medium

  * Bump libyang dependency to >= 1.0.184-1~
  * Make the autopkgtest more resilient (Closes: #980111)
  * Adjust the ax_python.m4 to hardcode python3.9

 -- Ondřej Surý <email address hidden>  Sun, 07 Feb 2021 13:15:07 +0100

Available diffs

• diff from 7.4-1.1 to 7.4-2 (1.7 KiB)

frr (7.4-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Backport upstream fix for FTBFS with Python 3.9. (Closes: #972767)

 -- Adrian Bunk <email address hidden>  Thu, 21 Jan 2021 16:06:12 +0200

Available diffs

• diff from 7.4-1ubuntu1 (in Ubuntu) to 7.4-1.1 (1.2 KiB)

frr (7.4-1) unstable; urgency=medium

  [ Ondřej Surý ]
  * Use dh_installinit capabilities to install frr.tmpfile
  * Remove unused debian/watchfrr.rc file
  * Add missing lsof dependency
  * Remove mention of pkg.frr.snmp build profile from debian/README.Debian
  * Make lsb-base a hard dependency
  * Update gbp.conf for 7.4 release
  * Update and simplify d/watch
  * Change the debian source format from 3.0 (git) to 3.0 (quilt)
  * Convert the package to dh compat level 10
  * Add myself to Uploaders
  * Bump standards version to 4.5.0.2 (latest) - no change
  * Use wrap-and-sort -a to unify debian/ wrapping and sorting
  * Work around the sphinx-build error that doesn't copy images to texinfo
    (Properly closes: #955067)
  * Depend on debhelper >= 9.20160709 and drop dh-systemd dependency
    (Closes: #958626)

 -- Ondřej Surý <email address hidden>  Mon, 10 Aug 2020 11:50:45 +0200

Available diffs

• diff from 7.2.1-1 to 7.4-1 (2.2 MiB)
• diff from 7.3.1-1build1 (in Ubuntu) to 7.4-1 (1.0 MiB)

frr (7.3.1-1) unstable; urgency=medium

  [ David Lamparter ]
  * allow cross-compile with sbuild --host

  [ Ondřej Surý ]
  * Add myself to Uploaders
  * Add d/gbp.conf
  * Update changelog for 7.3.1-1~1.gbp2292a4 release
  * Change the source format from git to quilt to use git-buildpackage
  * Don't install frr-doc texinfo images, they are gone (Closes: #955067)
  * Bump the dh_compat to 10

 -- Ondřej Surý <email address hidden>  Mon, 01 Jun 2020 08:41:03 +0200

frr (6.0.2-2+deb10u1) buster; urgency=medium

  * extended next hop capability not working: add upstream patches:
    - Add_peer_action_for_PEER_FLAG_IFPEER_V6ONLY_flag.patch.
    - interface_based_peers_should_automatically_override_it_s_peer_group.patch

 -- Thomas Goirand <email address hidden>  Tue, 07 Jan 2020 13:21:50 +0100

frr (7.2.1-1) unstable; urgency=medium

  * new upstream release
  * daemon man pages renamed to frr-* (closes: #944392)
  * fix/improve multi-arch markers on doc
  * fix git URLs to point to debian branch

 -- David Lamparter <email address hidden>  Mon, 20 Jan 2020 17:06:21 +0100

Available diffs

• diff from 7.2-1ubuntu2 (in Ubuntu) to 7.2.1-1 (117.6 KiB)

frr (7.2-1) unstable; urgency=medium

  * New upstream release

 -- Jafar Al-Gharaibeh <email address hidden>  Sun, 03 Nov 2019 18:45:23 +0100

frr (6.0.2-2) unstable; urgency=medium

  * remove bogus libjson0 build-dep (closes: #921349)
  * fix broken systemd dependency spec
  * add proper Conflicts: for quagga and pimd (closes: #921376)

 -- David Lamparter <email address hidden>  Mon, 04 Feb 2019 22:16:07 +0100

Available diffs

• diff from 6.0.2-1 to 6.0.2-2 (1.6 KiB)

frr (6.0.2-1) unstable; urgency=medium

  * Packaging has been more or less completely reworked, based off the old
    Quagga packaging that hung around in git.  Refer to "changelog-auto.in"
    in the source root directory for the old changelog.
  * Initial release of FRR for Debian. (closes: #863249)

 -- David Lamparter <email address hidden>  Sun, 27 Jan 2019 17:27:02 +0100