Bump version for ST

Fixes a couple of bugs(#1832259, #1835039, #1830815, #1830808, #1830806, #1830800, #1830798, #1814773)

.gitignore

@@ -4,5 +4,3 @@
 /remove-babeld-ldpd.sh
 /frr-7.3.1.tar.gz
 /frr-7.4.tar.gz
-/frr-7.5.tar.gz
-/frr-7.5.1.tar.gz

0001-nhrp-Make-vici-socket-path-configurable.patch

@@ -0,0 +1,93 @@
+From 354196c027e81affb05163a6c3676eef1ba06dd9 Mon Sep 17 00:00:00 2001
+From: Zoran Pericic <zpericic@netst.org>
+Date: Sat, 25 Jan 2020 19:38:39 +0100
+Subject: [PATCH] nhrp: Make vici socket path configurable
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+nhrp: Configure vici socket path using
+
+configure --with-vici-socket=/var/run/charon.vici
+
+If not specified default to /var/run/charon.vici
+
+Signed-off-by: Zoran Peričić <zpericic@netst.org>
+---
+ configure.ac              | 8 ++++++++
+ doc/user/installation.rst | 4 ++++
+ nhrpd/README.nhrpd        | 3 ++-
+ nhrpd/vici.c              | 2 +-
+ 4 files changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 3cc74c411..8e86ba87f 100755
+--- a/configure.ac
++++ b/configure.ac
+@@ -139,6 +139,13 @@ AC_ARG_WITH([yangmodelsdir], [AS_HELP_STRING([--with-yangmodelsdir=DIR], [yang m
+ ])
+ AC_SUBST([yangmodelsdir])
+ 
++AC_ARG_WITH([vici-socket], [AS_HELP_STRING([--with-vici-socket=PATH], [vici-socket (/var/run/charon.vici)])], [
++	vici_socket="$withval"
++], [
++	vici_socket="/var/run/charon.vici"
++])
++AC_DEFINE_UNQUOTED([VICI_SOCKET], ["$vici_socket"], [StrongSWAN vici socket path])
++
+ AC_ARG_ENABLE(tcmalloc,
+ 	AS_HELP_STRING([--enable-tcmalloc], [Turn on tcmalloc]),
+ [case "${enableval}" in
+@@ -2512,6 +2519,7 @@ group for vty sockets   : ${enable_vty_group}
+ config file mask        : ${enable_configfile_mask}
+ log file mask           : ${enable_logfile_mask}
+ zebra protobuf enabled  : ${enable_protobuf:-no}
++vici socket path        : ${vici_socket}
+ 
+ The above user and group must have read/write access to the state file
+ directory and to the config files in the config file directory."
+diff --git a/doc/user/installation.rst b/doc/user/installation.rst
+index 0fd33eace..ee06578b7 100644
+--- a/doc/user/installation.rst
++++ b/doc/user/installation.rst
+@@ -380,6 +380,10 @@ options to the configuration script.
+    Look for YANG modules in `dir` [`prefix`/share/yang]. Note that the FRR
+    YANG modules will be installed here.
+ 
++.. option:: --with-vici-socket <path>
++
++   Set StrongSWAN vici interface socket path [/var/run/charon.vici].
++
+ Python dependency, documentation and tests
+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ 
+diff --git a/nhrpd/README.nhrpd b/nhrpd/README.nhrpd
+index 569b3f446..8bb5f69be 100644
+--- a/nhrpd/README.nhrpd
++++ b/nhrpd/README.nhrpd
+@@ -126,7 +126,8 @@ Integration with strongSwan
+ 
+ Contrary to opennhrp, Quagga/NHRP has tight integration with IKE daemon.
+ Currently strongSwan is supported using the VICI protocol. strongSwan
+-is connected using UNIX socket (hardcoded now as /var/run/charon.vici).
++is connected using UNIX socket (default /var/run/charon.vici use configure
++argument --with-vici-socket= to change).
+ Thus nhrpd needs to be run as user that can open that file.
+ 
+ Currently, you will need patched strongSwan. The working tree is at:
+diff --git a/nhrpd/vici.c b/nhrpd/vici.c
+index 2dc05a4aa..86554f53d 100644
+--- a/nhrpd/vici.c
++++ b/nhrpd/vici.c
+@@ -478,7 +478,7 @@ static int vici_reconnect(struct thread *t)
+ 	if (vici->fd >= 0)
+ 		return 0;
+ 
+-	fd = sock_open_unix("/var/run/charon.vici");
++	fd = sock_open_unix(VICI_SOCKET);
+ 	if (fd < 0) {
+ 		debugf(NHRP_DEBUG_VICI,
+ 		       "%s: failure connecting VICI socket: %s", __func__,
+-- 
+2.26.2
+

0005-icc-options.patch

@@ -1,52 +0,0 @@
-From 4e90d19ea3de6b8938d097d84f6df3fcf6eb0422 Mon Sep 17 00:00:00 2001
-From: Mark Stapp <mjs@voltanet.io>
-Date: Mon, 15 Feb 2021 13:59:02 -0500
-Subject: [PATCH] build: detect ICC, only try ICC options if ICC
-
-Some ICC command-line options can cause confusion for other
-compilers; test for ICC specifically, and only try to use those
-options if ICC is being used.
-
-Signed-off-by: Mark Stapp <mjs@voltanet.io>
----
- configure.ac | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 266f37a1129..f3d1f38986a 100755
---- a/configure.ac
-+++ b/configure.ac
-@@ -191,6 +191,11 @@ CXXFLAGS="$orig_cxxflags"
- AC_PROG_CC_C99
- dnl NB: see C11 below
- 
-+dnl Some special handling for ICC later on
-+if test "$CC" = "icc"; then
-+    cc_is_icc="yes"
-+fi
-+
- PKG_PROG_PKG_CONFIG
- 
- dnl it's 2019, sed is sed.
-@@ -252,7 +257,9 @@ AC_DEFUN([AC_LINK_IFELSE_FLAGS], [{
- 
- dnl ICC won't bail on unknown options without -diag-error 10006
- dnl need to do this first so we get useful results for the other options
--AC_C_FLAG([-diag-error 10006])
-+if test "$cc_is_icc" = "yes"; then
-+    AC_C_FLAG([-diag-error 10006])
-+fi
- 
- dnl AC_PROG_CC_C99 may change CC to include -std=gnu99 or something
- ac_cc="$CC"
-@@ -335,7 +342,9 @@ AC_SUBST([CXX_COMPAT_CFLAGS])
- dnl ICC emits a broken warning for const char *x = a ? "b" : "c";
- dnl for some reason the string consts get 'promoted' to char *,
- dnl triggering a const to non-const conversion warning.
--AC_C_FLAG([-diag-disable 3179])
-+if test "$cc_is_icc" = "yes"; then
-+    AC_C_FLAG([-diag-disable 3179])
-+fi
- 
- if test "$enable_werror" = "yes" ; then
-   WERROR="-Werror"

0006-move-to-libexec.patch

@@ -1,17 +0,0 @@
-diff --git a/tools/frr.service b/tools/frr.service
-index aa45f42..402def8 100644
---- a/tools/frr.service
-+++ b/tools/frr.service
-@@ -17,9 +17,9 @@ WatchdogSec=60s
- RestartSec=5
- Restart=on-abnormal
- LimitNOFILE=1024
--ExecStart=/usr/lib/frr/frrinit.sh start
--ExecStop=/usr/lib/frr/frrinit.sh stop
--ExecReload=/usr/lib/frr/frrinit.sh reload
-+ExecStart=/usr/libexec/frr/frrinit.sh start
-+ExecStop=/usr/libexec/frr/frrinit.sh stop
-+ExecReload=/usr/libexec/frr/frrinit.sh reload
- 
- [Install]
- WantedBy=multi-user.target

0006-python-version.patch

@@ -0,0 +1,14 @@
+diff --git a/m4/ax_python.m4 b/m4/ax_python.m4
+index d293da525..9f43ea0ab 100644
+--- a/m4/ax_python.m4
++++ b/m4/ax_python.m4
+@@ -186,7 +186,8 @@ AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+       AC_MSG_RESULT([yes])
+ 
+       PYTHON_CFLAGS="`\"$pycfg\" --includes`"
+-      if test x"${py_ver}" = x"3.8" || test x"{py_ver}" = x"3.9"; then
++      minor_ver=${py_ver#*\.}
++      if test $((minor_ver)) -gt 7; then
+         PYTHON_LIBS="`\"$pycfg\" --ldflags --embed`"
+       else
+         PYTHON_LIBS="`\"$pycfg\" --ldflags`"

0007-ospfd-crash.patch

@@ -1,108 +0,0 @@
-From 4f08c715db6893ff439d0a39bf4506cd26256d13 Mon Sep 17 00:00:00 2001
-From: Igor Ryzhov <iryzhov@nfware.com>
-Date: Fri, 18 Jun 2021 13:06:13 +0300
-Subject: [PATCH] lib: remove pure attribute from functions that modify memory
-
-Almost all functions currently marked with pure attribute acquire a
-route_node lock. By marking them pure we allow compiler to optimize the
-code and not call them when it already knows the return value. This is
-completely incorrect.
-
-Only two of eleven functions can be marked as pure. And they still won't
-be optimized because they are never called from the same function twice.
-Let's remove the ext_pure macro completely to reduce the chance of
-repeating this mistake in the future.
-
-Fixes #8866, #8809, #8595, #6992.
-
-Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
----
- lib/compiler.h |  9 ---------
- lib/table.h    | 44 ++++++++++++++++++++------------------------
- 2 files changed, 20 insertions(+), 33 deletions(-)
-
-diff --git a/lib/compiler.h b/lib/compiler.h
-index bbfe01b569c..e805eb8be48 100644
---- a/lib/compiler.h
-+++ b/lib/compiler.h
-@@ -123,15 +123,6 @@ extern "C" {
- #define assume(x)
- #endif
- 
--/* pure = function does not modify memory & return value is the same if
-- * memory hasn't changed (=> allows compiler to optimize)
-- *
-- * Mostly autodetected by the compiler if function body is available (i.e.
-- * static inline functions in headers).  Since that implies it should only be
-- * used in headers for non-inline functions, the "extern" is included here.
-- */
--#define ext_pure	extern __attribute__((pure))
--
- /* for helper functions defined inside macros */
- #define macro_inline	static inline __attribute__((unused))
- #define macro_pure	static inline __attribute__((unused, pure))
-diff --git a/lib/table.h b/lib/table.h
-index 7e383dce808..5dec69ee7ea 100644
---- a/lib/table.h
-+++ b/lib/table.h
-@@ -197,29 +197,25 @@ static inline void route_table_set_info(struct route_table *table, void *d)
- 	table->info = d;
- }
- 
--/* ext_pure => extern __attribute__((pure))
-- *   does not modify memory (but depends on mem), allows compiler to optimize
-- */
--
- extern void route_table_finish(struct route_table *table);
--ext_pure struct route_node *route_top(struct route_table *table);
--ext_pure struct route_node *route_next(struct route_node *node);
--ext_pure struct route_node *route_next_until(struct route_node *node,
--					     const struct route_node *limit);
-+extern struct route_node *route_top(struct route_table *table);
-+extern struct route_node *route_next(struct route_node *node);
-+extern struct route_node *route_next_until(struct route_node *node,
-+					   const struct route_node *limit);
- extern struct route_node *route_node_get(struct route_table *table,
- 					 union prefixconstptr pu);
--ext_pure struct route_node *route_node_lookup(struct route_table *table,
--					      union prefixconstptr pu);
--ext_pure struct route_node *route_node_lookup_maynull(struct route_table *table,
--						      union prefixconstptr pu);
--ext_pure struct route_node *route_node_match(struct route_table *table,
--					     union prefixconstptr pu);
--ext_pure struct route_node *route_node_match_ipv4(struct route_table *table,
--						  const struct in_addr *addr);
--ext_pure struct route_node *route_node_match_ipv6(struct route_table *table,
--						  const struct in6_addr *addr);
--
--ext_pure unsigned long route_table_count(struct route_table *table);
-+extern struct route_node *route_node_lookup(struct route_table *table,
-+					    union prefixconstptr pu);
-+extern struct route_node *route_node_lookup_maynull(struct route_table *table,
-+						    union prefixconstptr pu);
-+extern struct route_node *route_node_match(struct route_table *table,
-+					   union prefixconstptr pu);
-+extern struct route_node *route_node_match_ipv4(struct route_table *table,
-+						const struct in_addr *addr);
-+extern struct route_node *route_node_match_ipv6(struct route_table *table,
-+						const struct in6_addr *addr);
-+
-+extern unsigned long route_table_count(struct route_table *table);
- 
- extern struct route_node *route_node_create(route_table_delegate_t *delegate,
- 					    struct route_table *table);
-@@ -228,10 +224,10 @@ extern void route_node_destroy(route_table_delegate_t *delegate,
- 			       struct route_table *table,
- 			       struct route_node *node);
- 
--ext_pure struct route_node *route_table_get_next(struct route_table *table,
--						 union prefixconstptr pu);
--ext_pure int route_table_prefix_iter_cmp(const struct prefix *p1,
--					 const struct prefix *p2);
-+extern struct route_node *route_table_get_next(struct route_table *table,
-+					       union prefixconstptr pu);
-+extern int route_table_prefix_iter_cmp(const struct prefix *p1,
-+				       const struct prefix *p2);
- 
- /*
-  * Iterator functions.

frr.spec

@@ -1,12 +1,13 @@
-%global frrversion	7.5.1
-%global frr_libdir /usr/libexec/frr
+%global frrversion	7.4
+%global frr_libdir /usr/lib/frr
+%global checkout .st.1
 
 %global _hardened_build 1
 %define _legacy_common_support 1
 
 Name: frr
-Version: 7.5.1
-Release: 3%{?checkout}%{?dist}
+Version: 7.4
+Release: 1%{?checkout}%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 URL: http://www.frrouting.org
@@ -14,37 +15,16 @@ Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{frrversion
 Source1: %{name}-tmpfiles.conf
 BuildRequires: perl-generators
 BuildRequires: gcc
-BuildRequires: gcc-c++
 BuildRequires: net-snmp-devel
-BuildRequires: texinfo 
-BuildRequires: libcap-devel
-BuildRequires: autoconf
-BuildRequires: automake
-BuildRequires: libtool
-BuildRequires: patch
-BuildRequires: groff
-BuildRequires: readline-devel
-BuildRequires: ncurses
-BuildRequires: ncurses-devel
-BuildRequires: pam-devel
-BuildRequires: c-ares-devel
-BuildRequires: bison >= 2.7
-BuildRequires: flex
-BuildRequires: perl-XML-LibXML
-BuildRequires: python3-devel
-BuildRequires: python3-sphinx
-BuildRequires: python3-pytest
-BuildRequires: systemd-devel
-BuildRequires: grpc-plugins
-BuildRequires: grpc-devel
-BuildRequires: readline
-BuildRequires: git-core
-BuildRequires: json-c-devel
-BuildRequires: systemd
+BuildRequires: texinfo libcap-devel texi2html autoconf automake libtool patch groff
+BuildRequires: readline readline-devel ncurses ncurses-devel
+BuildRequires: git pam-devel c-ares-devel
+BuildRequires: json-c-devel bison >= 2.7 flex perl-XML-LibXML
+BuildRequires: python3-devel python3-sphinx python3-pytest
+BuildRequires: systemd systemd-devel
 BuildRequires: libyang-devel >= 0.16.74
-BuildRequires: make
 Requires: net-snmp ncurses
-Requires(post): systemd /sbin/install-info hostname
+Requires(post): systemd /sbin/install-info
 Requires(preun): systemd /sbin/install-info
 Requires(postun): systemd
 Provides: routingdaemon = %{version}-%{release}
@@ -55,9 +35,8 @@ Patch0001: 0001-use-python3.patch
 Patch0002: 0002-enable-openssl.patch
 Patch0003: 0003-disable-eigrp-crypto.patch
 Patch0004: 0004-fips-mode.patch
-Patch0005: 0005-icc-options.patch
-Patch0006: 0006-move-to-libexec.patch
-Patch0007: 0007-ospfd-crash.patch
+Patch0006: 0006-python-version.patch
+Patch0060: 0001-nhrp-Make-vici-socket-path-configurable.patch
 
 %description
 FRRouting is free software that manages TCP/IP based routing protocols. It takes
@@ -96,8 +75,8 @@ autoreconf -ivf
     --disable-babeld \
     --with-moduledir=%{_libdir}/frr/modules \
     --with-crypto=openssl \
-    --enable-fpm \
-    --enable-grpc
+    --with-vici-socket=/run/strongswan/charon.vici \
+    --enable-fpm
 
 %make_build MAKEINFO="makeinfo --no-split" PYTHON=%{__python3}
 
@@ -157,14 +136,6 @@ if [ ! -e %{_sysconfdir}/frr/frr.conf ]; then
     chmod 640 %{_sysconfdir}/frr/frr.conf
 fi
 
-#still used by vtysh, this way no error is produced when using vtysh
-if [ ! -e %{_sysconfdir}/frr/vtysh.conf ]; then
-    touch %{_sysconfdir}/frr/vtysh.conf
-    chmod 640 %{_sysconfdir}/frr/vtysh.conf
-    chown frr:frrvty %{_sysconfdir}/frr/vtysh.conf
-fi
-
-
 %postun
 %systemd_postun_with_restart frr.service
 
@@ -193,7 +164,7 @@ make check PYTHON=%{__python3}
 %doc ripngd/ripngd.conf.sample
 %doc pimd/pimd.conf.sample
 %doc doc/mpls
-%dir %attr(750,frr,frr) %{_sysconfdir}/frr
+%dir %attr(640,frr,frr) %{_sysconfdir}/frr
 %dir %attr(755,frr,frr) /var/log/frr
 %dir %attr(755,frr,frr) /run/frr
 %{_infodir}/*info*
@@ -212,57 +183,16 @@ make check PYTHON=%{__python3}
 %dir /usr/share/yang
 /usr/share/yang/*.yang
 %{_tmpfilesdir}/%{name}.conf
+#%%{_libdir}/frr/frr/libyang_plugins/*
 
 %changelog
-* Tue Jul 20 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-3
-- Resolves: #1983278 - ospfd crashes in route_node_delete with assertion fail
-
-* Fri Apr 23 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-2
-- Fixing permissions on config files in /etc/frr
-- Enabling integrated configuration option for frr
-
-* Tue Mar 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-1
-- New version 7.5.1
-- Enabling grpc, adding hostname for post scriptlet
-- Moving files to libexec due to selinux issues
-
-* Tue Feb 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-3
-- Fixing FTBS - icc options are confusing the new gcc
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.5-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Fri Jan 01 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-1
-- New version 7.5
-
 * Mon Sep 21 2020 Michal Ruprich <mruprich@redhat.com> - 7.4-1
-- New version 7.4
+- New version
 
-* Thu Aug 27 2020 Josef Řídký <jridky@redhat.com> - 7.3.1-4
-- Rebuilt for new net-snmp release
-
-* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.1-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Thu Jun 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3.1-1
+* Thu Jun 18 2020 Michal Ruprich <michalruprich@gmail.com> - 7.3.1-1
 - New version 7.3.1
 - Fixes a couple of bugs(#1832259, #1835039, #1830815, #1830808, #1830806, #1830800, #1830798, #1814773)
 
-* Tue May 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-6
-- Removing texi2html, it is not available in Rawhide anymore
-
-* Mon May 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-5
-- Rebuild for new version of libyang
-
-* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-4
-- Rebuild (json-c)
-
-* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-3
-- Update json-c-0.14 patch with a solution from upstream
-
-* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-2
-- Add support for upcoming json-c 0.14.0
-
 * Wed Feb 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-1
 - New version 7.3
 

sources

@@ -1,2 +1,2 @@
-SHA512 (frr-7.5.1.tar.gz) = 1c27420594e52647090da3556e5c62d6f916903c4fa86e5110f1e86152f07d3ce4252bc859d36c9d218dc96a80b245c8b9eee97f370d818cb39be187b6c3546e
+SHA512 (frr-7.4.tar.gz) = 3342eac15483631c772eb83af0eabb33ecaafe8ba6d3cf9e2a390a50fb23a0238a2767961a0eef40a1e9c3a1f255dc5a578b927616030cf51867114b74aa24c8
 SHA512 (remove-babeld-ldpd.sh) = a5bf67a3722cb20d43cef1dac28f839db68df73a1b7d34d8438e4f9366da3b67d85c1f44281f93434e8dd8ebcb2d3dc258b77eaa5627475b7395d207f020839d