v.ims.1 - Bump version

.gitignore

@@ -15,9 +15,3 @@
 /frr-8.4.1.tar.gz
 /frr-8.4.2.tar.gz
 /frr-8.5.tar.gz
-/frr-8.5.1.tar.gz
-/frr-8.5.2.tar.gz
-/frr-9.0.1.tar.gz
-/frr-9.1.tar.gz
-/frr-10.0.1.tar.gz
-/frr-10.1.tar.gz

0000-remove-babeld-and-ldpd.patch

@@ -16,9 +16,9 @@ index 5be3264..33abc1d 100644
  	snapcraft/helpers \
  	snapcraft/snap \
 -	babeld/Makefile \
- 	mgmtd/Makefile \
  	bgpd/Makefile \
  	bgpd/rfp-example/librfp/Makefile \
+ 	bgpd/rfp-example/rfptest/Makefile \
 @@ -193,7 +190,6 @@ EXTRA_DIST += \
  	fpm/Makefile \
  	grpc/Makefile \

0002-enable-openssl.patch

@@ -8,8 +8,8 @@ index 0b7af18..0533e24 100644
  	lib/log_vty.c \
 -	lib/md5.c \
  	lib/memory.c \
- 	lib/mgmt_be_client.c \
+ 	lib/mlag.c \
- 	lib/mgmt_fe_client.c \
+ 	lib/module.c \
 @@ -64,7 +64,6 @@ lib_libfrr_la_SOURCES = \
  	lib/routemap_northbound.c \
  	lib/sbuf.c \
@@ -24,8 +24,8 @@ index 0b7af18..0533e24 100644
  	lib/log_vty.h \
 -	lib/md5.h \
  	lib/memory.h \
- 	lib/mgmt.pb-c.h \
+ 	lib/module.h \
- 	lib/mgmt_be_client.h \
+ 	lib/monotime.h \
 @@ -191,7 +190,6 @@ pkginclude_HEADERS += \
  	lib/route_opaque.h \
  	lib/sbuf.h \

0004-fips-mode.patch

@@ -2,20 +2,9 @@ diff --git a/ospfd/ospf_vty.c b/ospfd/ospf_vty.c
 index 631465f..e084ff3 100644
 --- a/ospfd/ospf_vty.c
 +++ b/ospfd/ospf_vty.c
-@@ -7,6 +7,10 @@
- #include <zebra.h>
- #include <string.h>
- 
-+#ifdef CRYPTO_OPENSSL
-+#include <openssl/fips.h>
-+#endif
-+
- #include "printfrr.h"
- #include "monotime.h"
- #include "memory.h"
 @@ -1136,6 +1136,11 @@ DEFUN (ospf_area_vlink,
- 		vl_config.keychain = argv[idx+1]->arg;
+ 
- 	} else if (argv_find(argv, argc, "message-digest", &idx)) {
+ 	if (argv_find(argv, argc, "message-digest", &idx)) {
  		/* authentication message-digest */
 +		if(FIPS_mode())
 +		{
@@ -52,7 +41,7 @@ index 631465f..e084ff3 100644
 +		}
  		SET_IF_PARAM(params, auth_type);
  		params->auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
- 		UNSET_IF_PARAM(params, keychain_name);
+ 		return CMD_SUCCESS;
 @@ -6971,6 +6990,11 @@ DEFUN (ip_ospf_message_digest_key,
         "The OSPF password (key)\n"
         "Address of interface\n")
@@ -69,17 +58,6 @@ diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c
 index 81b4b39..cce33d9 100644
 --- a/isisd/isis_circuit.c
 +++ b/isisd/isis_circuit.c
-@@ -13,6 +13,10 @@
- #include <netinet/if_ether.h>
- #endif
- 
-+#ifdef CRYPTO_OPENSSL
-+#include <openssl/fips.h>
-+#endif
-+
- #include "log.h"
- #include "memory.h"
- #include "vrf.h"
 @@ -1318,6 +1318,10 @@ static int isis_circuit_passwd_set(struct isis_circuit *circuit,
  		return ferr_code_bug(
  			"circuit password too long (max 254 chars)");
@@ -95,17 +73,6 @@ diff --git a/isisd/isisd.c b/isisd/isisd.c
 index 419127c..a6c36af 100644
 --- a/isisd/isisd.c
 +++ b/isisd/isisd.c
-@@ -9,6 +9,10 @@
- 
- #include <zebra.h>
- 
-+#ifdef CRYPTO_OPENSSL
-+#include <openssl/fips.h>
-+#endif
-+
- #include "frrevent.h"
- #include "vty.h"
- #include "command.h"
 @@ -1638,6 +1638,10 @@ static int isis_area_passwd_set(struct isis_area *area, int level,
  		if (len > 254)
  			return -1;
@@ -121,17 +88,6 @@ diff --git a/ripd/rip_cli.c b/ripd/rip_cli.c
 index 5bb81ef..02a09ef 100644
 --- a/ripd/rip_cli.c
 +++ b/ripd/rip_cli.c
-@@ -7,6 +7,10 @@
- 
- #include <zebra.h>
- 
-+#ifdef CRYPTO_OPENSSL
-+#include <openssl/fips.h>
-+#endif
-+
- #include "if.h"
- #include "if_rmap.h"
- #include "vrf.h"
 @@ -796,6 +796,12 @@ DEFPY (ip_rip_authentication_mode,
  			value = "20";
  	}
@@ -145,3 +101,15 @@ index 5bb81ef..02a09ef 100644
  	nb_cli_enqueue_change(vty, "./authentication-scheme/mode", NB_OP_MODIFY,
  			      strmatch(mode, "md5") ? "md5" : "plain-text");
  	if (strmatch(mode, "md5"))
+diff --git a/lib/zebra.h b/lib/zebra.h
+index 53ae5b4..930307f 100644
+--- a/lib/zebra.h
++++ b/lib/zebra.h
+@@ -114,6 +114,7 @@
+ #ifdef CRYPTO_OPENSSL
+ #include <openssl/evp.h>
+ #include <openssl/hmac.h>
++#include <openssl/fips.h>
+ #endif
+
+ #include "openbsd-tree.h"

0005-remove-grpc-test.patch

@@ -2,12 +2,12 @@ diff --git a/tests/lib/subdir.am b/tests/lib/subdir.am
 index 7b5eaa4..5c82f69 100644
 --- a/tests/lib/subdir.am
 +++ b/tests/lib/subdir.am
-@@ -18,22 +18,6 @@ tests_lib_test_frrscript_SOURCES = tests/lib/test_frrscript.c
+@@ -18,18 +18,6 @@ tests_lib_test_frrscript_SOURCES = tests/lib/test_frrscript.c
- 	test -e tests/lib/script1.lua || \
+ EXTRA_DIST += tests/lib/test_frrscript.py
- 	$(INSTALL_SCRIPT) $< tests/lib/script1.lua
+ 
  
 -##############################################################################
--GRPC_TESTS_LDADD = mgmtd/libmgmt_be_nb.la staticd/libstatic.a grpc/libfrrgrpc_pb.la $(GRPC_LIBS) $(ALL_TESTS_LDADD) $(LIBYANG_LIBS) -lm
+-GRPC_TESTS_LDADD = staticd/libstatic.a grpc/libfrrgrpc_pb.la -lgrpc++ -lprotobuf $(ALL_TESTS_LDADD) $(LIBYANG_LIBS) -lm
 -
 -if GRPC
 -check_PROGRAMS += tests/lib/test_grpc
@@ -16,10 +16,6 @@ index 7b5eaa4..5c82f69 100644
 -tests_lib_test_grpc_CPPFLAGS = $(TESTS_CPPFLAGS)
 -tests_lib_test_grpc_LDADD = $(GRPC_TESTS_LDADD)
 -tests_lib_test_grpc_SOURCES = tests/lib/test_grpc.cpp
--nodist_tests_lib_test_grpc_SOURCES = \
--	yang/frr-bfdd.yang.c \
--	yang/frr-staticd.yang.c \
--	# end
 -
 -
  ##############################################################################

0006-noprefixroute-network-manager.patch

@@ -1,167 +0,0 @@
---- b/tests/topotests/zebra_multiple_connected/test_zebra_multiple_connected.py
-+++ a/tests/topotests/zebra_multiple_connected/test_zebra_multiple_connected.py
-@@ -144,23 +144,6 @@
-     assert result is None, "Kernel route is missing from zebra"
- 
- 
--def test_zebra_noprefix_connected():
--    "Test that a noprefixroute created does not create a connected route"
--
--    tgen = get_topogen()
--    if tgen.routers_have_failure():
--        pytest.skip(tgen.errors)
--
--    router = tgen.gears["r1"]
--    router.run("ip addr add 192.168.44.1/24 dev r1-eth1 noprefixroute")
--    expected = "% Network not in table"
--    test_func = partial(
--        topotest.router_output_cmp, router, "show ip route 192.168.44.0/24", expected
--    )
--    result, diff = topotest.run_and_expect(test_func, "", count=20, wait=1)
--    assert result, "Connected Route should not have been added"
--
--
- if __name__ == "__main__":
-     args = ["-s"] + sys.argv[1:]
-     sys.exit(pytest.main(args))
---- b/zebra/if_netlink.c
-+++ a/zebra/if_netlink.c
-@@ -1423,9 +1423,6 @@
- 	if (kernel_flags & IFA_F_SECONDARY)
- 		dplane_ctx_intf_set_secondary(ctx);
- 
--	if (kernel_flags & IFA_F_NOPREFIXROUTE)
--		dplane_ctx_intf_set_noprefixroute(ctx);
--
- 	/* Label */
- 	if (tb[IFA_LABEL]) {
- 		label = (char *)RTA_DATA(tb[IFA_LABEL]);
---- b/zebra/zebra_dplane.c
-+++ a/zebra/zebra_dplane.c
-@@ -230,7 +230,6 @@
- #define DPLANE_INTF_BROADCAST   (1 << 2)
- #define DPLANE_INTF_HAS_DEST    DPLANE_INTF_CONNECTED
- #define DPLANE_INTF_HAS_LABEL   (1 << 4)
--#define DPLANE_INTF_NOPREFIXROUTE (1 << 5)
- 
- 	/* Interface address/prefix */
- 	struct prefix prefix;
-@@ -2542,13 +2541,6 @@
- 	return (ctx->u.intf.flags & DPLANE_INTF_CONNECTED);
- }
- 
--bool dplane_ctx_intf_is_noprefixroute(const struct zebra_dplane_ctx *ctx)
--{
--	DPLANE_CTX_VALID(ctx);
--
--	return (ctx->u.intf.flags & DPLANE_INTF_NOPREFIXROUTE);
--}
--
- bool dplane_ctx_intf_is_secondary(const struct zebra_dplane_ctx *ctx)
- {
- 	DPLANE_CTX_VALID(ctx);
-@@ -2577,13 +2569,6 @@
- 	ctx->u.intf.flags |= DPLANE_INTF_SECONDARY;
- }
- 
--void dplane_ctx_intf_set_noprefixroute(struct zebra_dplane_ctx *ctx)
--{
--	DPLANE_CTX_VALID(ctx);
--
--	ctx->u.intf.flags |= DPLANE_INTF_NOPREFIXROUTE;
--}
--
- void dplane_ctx_intf_set_broadcast(struct zebra_dplane_ctx *ctx)
- {
- 	DPLANE_CTX_VALID(ctx);
---- b/zebra/zebra_dplane.h
-+++ a/zebra/zebra_dplane.h
-@@ -658,8 +658,6 @@
- void dplane_ctx_intf_set_connected(struct zebra_dplane_ctx *ctx);
- bool dplane_ctx_intf_is_secondary(const struct zebra_dplane_ctx *ctx);
- void dplane_ctx_intf_set_secondary(struct zebra_dplane_ctx *ctx);
--bool dplane_ctx_intf_is_noprefixroute(const struct zebra_dplane_ctx *ctx);
--void dplane_ctx_intf_set_noprefixroute(struct zebra_dplane_ctx *ctx);
- bool dplane_ctx_intf_is_broadcast(const struct zebra_dplane_ctx *ctx);
- void dplane_ctx_intf_set_broadcast(struct zebra_dplane_ctx *ctx);
- const struct prefix *dplane_ctx_get_intf_addr(
---- b/lib/if.h
-+++ a/lib/if.h
-@@ -434,8 +434,6 @@
- #define ZEBRA_IFA_SECONDARY    (1 << 0)
- #define ZEBRA_IFA_PEER         (1 << 1)
- #define ZEBRA_IFA_UNNUMBERED   (1 << 2)
--#define ZEBRA_IFA_NOPREFIXROUTE (1 << 3)
--
- 	/* N.B. the ZEBRA_IFA_PEER flag should be set if and only if
- 	   a peer address has been configured.  If this flag is set,
- 	   the destination field must contain the peer address.
---- b/zebra/connected.c
-+++ a/zebra/connected.c
-@@ -282,15 +282,13 @@
- 			return;
- 	}
- 
-+	rib_add(afi, SAFI_UNICAST, zvrf->vrf->vrf_id, ZEBRA_ROUTE_CONNECT, 0,
-+		flags, &p, NULL, &nh, 0, zvrf->table_id, metric, 0, 0, 0,
-+		false);
--	if (!CHECK_FLAG(ifc->flags, ZEBRA_IFA_NOPREFIXROUTE)) {
--		rib_add(afi, SAFI_UNICAST, zvrf->vrf->vrf_id,
--			ZEBRA_ROUTE_CONNECT, 0, flags, &p, NULL, &nh, 0,
--			zvrf->table_id, metric, 0, 0, 0, false);
- 
-+	rib_add(afi, SAFI_MULTICAST, zvrf->vrf->vrf_id, ZEBRA_ROUTE_CONNECT, 0,
-+		flags, &p, NULL, &nh, 0, zvrf->table_id, metric, 0, 0, 0,
-+		false);
--		rib_add(afi, SAFI_MULTICAST, zvrf->vrf->vrf_id,
--			ZEBRA_ROUTE_CONNECT, 0, flags, &p, NULL, &nh, 0,
--			zvrf->table_id, metric, 0, 0, 0, false);
--	}
- 
- 	if (install_local) {
- 		rib_add(afi, SAFI_UNICAST, zvrf->vrf->vrf_id, ZEBRA_ROUTE_LOCAL,
-@@ -483,15 +481,11 @@
- 	 * Same logic as for connected_up(): push the changes into the
- 	 * head.
- 	 */
-+	rib_delete(afi, SAFI_UNICAST, zvrf->vrf->vrf_id, ZEBRA_ROUTE_CONNECT, 0,
-+		   0, &p, NULL, &nh, 0, zvrf->table_id, 0, 0, false);
--	if (!CHECK_FLAG(ifc->flags, ZEBRA_IFA_NOPREFIXROUTE)) {
--		rib_delete(afi, SAFI_UNICAST, zvrf->vrf->vrf_id,
--			   ZEBRA_ROUTE_CONNECT, 0, 0, &p, NULL, &nh, 0,
--			   zvrf->table_id, 0, 0, false);
- 
-+	rib_delete(afi, SAFI_MULTICAST, zvrf->vrf->vrf_id, ZEBRA_ROUTE_CONNECT,
-+		   0, 0, &p, NULL, &nh, 0, zvrf->table_id, 0, 0, false);
--		rib_delete(afi, SAFI_MULTICAST, zvrf->vrf->vrf_id,
--			   ZEBRA_ROUTE_CONNECT, 0, 0, &p, NULL, &nh, 0,
--			   zvrf->table_id, 0, 0, false);
--	}
- 
- 	if (remove_local) {
- 		rib_delete(afi, SAFI_UNICAST, zvrf->vrf->vrf_id,
---- b/zebra/interface.c
-+++ a/zebra/interface.c
-@@ -1317,9 +1317,6 @@
- 	if (dplane_ctx_intf_is_secondary(ctx))
- 		SET_FLAG(flags, ZEBRA_IFA_SECONDARY);
- 
--	if (dplane_ctx_intf_is_noprefixroute(ctx))
--		SET_FLAG(flags, ZEBRA_IFA_NOPREFIXROUTE);
--
- 	/* Label? */
- 	if (dplane_ctx_intf_has_label(ctx))
- 		label = dplane_ctx_get_intf_label(ctx);
-@@ -2337,12 +2334,6 @@
- 	else if (CHECK_FLAG(connected->flags, ZEBRA_IFA_SECONDARY))
- 		vty_out(vty, " secondary");
- 
--	if (json)
--		json_object_boolean_add(json_addr, "noPrefixRoute",
--					CHECK_FLAG(connected->flags, ZEBRA_IFA_NOPREFIXROUTE));
--	else if (CHECK_FLAG(connected->flags, ZEBRA_IFA_NOPREFIXROUTE))
--		vty_out(vty, " noprefixroute");
--
- 	if (json)
- 		json_object_boolean_add(
- 			json_addr, "unnumbered",

frr.fc

@@ -6,25 +6,24 @@
 
 /var/log/frr(/.*)?              gen_context(system_u:object_r:frr_log_t,s0)
 /var/tmp/frr(/.*)?              gen_context(system_u:object_r:frr_tmp_t,s0)
-/var/lib/frr(/.*)?              gen_context(system_u:object_r:frr_var_lib_t,s0)
 
-/run/lock/subsys/bfdd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/bfdd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/bgpd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/bgpd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/eigrpd     --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/eigrpd     --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/fabricd    --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/fabricd    --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/isisd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/isisd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/nhrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/nhrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/ospf6d     --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/ospf6d     --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/ospfd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/ospfd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/pbrd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/pbrd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/pimd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/pimd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/ripd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/ripd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/ripngd     --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/ripngd     --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/staticd    --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/staticd    --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/zebra      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/zebra      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/vrrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/vrrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/run/lock/subsys/pathd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/var/lock/subsys/pathd      --  gen_context(system_u:object_r:frr_lock_t,s0)
 
-/run/frr(/.*)?              gen_context(system_u:object_r:frr_var_run_t,s0)
+/var/run/frr(/.*)?              gen_context(system_u:object_r:frr_var_run_t,s0)
 
 /usr/bin/vtysh              --  gen_context(system_u:object_r:frr_exec_t,s0)

frr.if

@@ -160,55 +160,3 @@ interface(`frr_admin',`
 		systemd_read_fifo_file_passwd_run($1)
 	')
 ')
-
-########################################
-#
-# Interface compatibility blocks
-#
-# The following definitions ensure compatibility with distribution policy
-# versions that do not contain given interfaces (epel, or older Fedora
-# releases).
-# Each block tests for existence of given interface and defines it if needed.
-#
-
-######################################
-## <summary>
-##	Watch ifconfig_var_run_t directories
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-ifndef(`sysnet_watch_ifconfig_run_dirs',`
-	interface(`sysnet_watch_ifconfig_run_dirs',`
-		gen_require(`
-			type ifconfig_var_run_t;
-		')
-
-		watch_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-	')
-')
-
-########################################
-## <summary>
-##	Read ifconfig_var_run_t files and link files
-## </summary>
-## <param name="domain">
-##	<summary>
-##      Domain allowed access.
-##	</summary>
-## </param>
-#
-ifndef(`sysnet_read_ifconfig_run_files',`
-	interface(`sysnet_read_ifconfig_run_files',`
-		gen_require(`
-			type ifconfig_var_run_t;
-		')
-
-		list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-		read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-		read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-	')
-')

frr.spec

@@ -5,15 +5,13 @@
 %global _hardened_build 1
 %global selinuxtype targeted
 %define _legacy_common_support 1
-
+%bcond_without selinux
-%bcond grpc %{undefined rhel}
-%bcond selinux 1
 
 Name:           frr
-Version:        10.1
+Version:        8.5
-Release:        4%{?dist}
+Release:        1%{?dist}
 Summary:        Routing daemon
-License:        GPL-2.0-or-later AND ISC AND LGPL-2.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND (GPL-2.0-or-later  OR ISC) AND MIT
+License:        GPLv2+
 URL:            http://www.frrouting.org
 Source0:        https://github.com/FRRouting/frr/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
 Source1:        %{name}-tmpfiles.conf
@@ -28,7 +26,6 @@ Patch0002:      0002-enable-openssl.patch
 Patch0003:      0003-disable-eigrp-crypto.patch
 Patch0004:      0004-fips-mode.patch
 Patch0005:      0005-remove-grpc-test.patch
-Patch0006:      0006-noprefixroute-network-manager.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -39,10 +36,8 @@ BuildRequires:  gcc
 BuildRequires:  gcc-c++
 BuildRequires:  git-core
 BuildRequires:  groff
-%if %{with grpc}
 BuildRequires:  grpc-devel
 BuildRequires:  grpc-plugins
-%endif
 BuildRequires:  json-c-devel
 BuildRequires:  libcap-devel
 BuildRequires:  libtool
@@ -62,7 +57,6 @@ BuildRequires:  readline-devel
 BuildRequires:  systemd-devel
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  texinfo
-BuildRequires:  protobuf-c-devel
 
 Requires:       ncurses
 Requires:       net-snmp
@@ -84,18 +78,17 @@ FRRouting is free software that manages TCP/IP based routing protocols. It takes
 a multi-server and multi-threaded approach to resolve the current complexity
 of the Internet.
 
-FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR,
+FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
-EIGRP and BFD.
 
 FRRouting is a fork of Quagga.
 
 %if 0%{?with_selinux}
 %package selinux
-Summary:  Selinux policy for FRR
+Summary:	Selinux policy for FRR
-BuildArch:  noarch
+BuildArch:	noarch
-Requires:  selinux-policy-%{selinuxtype}
+Requires:	selinux-policy-%{selinuxtype}
-Requires(post):  selinux-policy-%{selinuxtype}
+Requires(post):	selinux-policy-%{selinuxtype}
-BuildRequires:  selinux-policy-devel
+BuildRequires:	selinux-policy-devel
 %{?selinux_requires}
 
 %description selinux
@@ -108,8 +101,6 @@ SELinux policy modules for FRR package
 #Selinux
 mkdir selinux
 cp -p %{SOURCE3} %{SOURCE4} %{SOURCE5} selinux
-# C++14 or later needed for abseil-cpp 20230125; string_view needs C++17:
-sed -r -i 's/(AX_CXX_COMPILE_STDCXX\(\[)11(\])/\117\2/' configure.ac
 
 %build
 autoreconf -ivf
@@ -135,11 +126,10 @@ autoreconf -ivf
     --disable-ldpd \
     --disable-babeld \
     --with-moduledir=%{_libdir}/frr/modules \
-    --with-yangmodelsdir=%{_datadir}/frr-yang/ \
     --with-crypto=openssl \
     --with-vici-socket=/run/strongswan/charon.vici \
     --enable-fpm \
-    %{?with_grpc:--enable-grpc}
+    --enable-grpc
 
 %make_build MAKEINFO="makeinfo --no-split" PYTHON=%{__python3}
 
@@ -180,7 +170,7 @@ install -d -m 775 %{buildroot}/run/frr
 
 %if 0%{?with_selinux}
 install -D -m 644 selinux/%{name}.pp.bz2 \
-  %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
+	%{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
 install -D -m 644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if
 %endif
 
@@ -267,8 +257,8 @@ rm tests/lib/*grpc*
 %config(noreplace) %attr(644,frr,frr) %{_sysconfdir}/frr/daemons
 %config(noreplace) %{_sysconfdir}/pam.d/frr
 %{_unitdir}/*.service
-%dir %{_datadir}/frr-yang
+%dir %{_datadir}/yang
-%{_datadir}/frr-yang/*.yang
+%{_datadir}/yang/*.yang
 %{_tmpfilesdir}/%{name}.conf
 %{_sysusersdir}/%{name}.conf
 
@@ -280,84 +270,9 @@ rm tests/lib/*grpc*
 %endif
 
 %changelog
-* Tue Sep 10 2024 Michal Ruprich <mruprich@redhat.com> - 10.1-4
-- Resolves: #2311119 - Multiple AVCs for accessing lib_t in FRR-10.1
-- Resolves: #2311120 - AVCs for using a netlink socket in FRR
-
-* Sun Aug 25 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 10.1-3
-- Rebuilt for abseil-cpp-20240722.0
-
-* Thu Aug 15 2024 Michal Ruprich <mruprich@redhat.com> - 10.1-2
-- Rebuilding for the libre soname bump
-
-* Mon Aug 12 2024 Michal Ruprich <mruprich@redhat.com> - 10.1-1
-- New version 10.1
-
-* Wed Jul 31 2024 Michal Ruprich <mruprich@redhat.com> - 10.0.1-1
-- New version 10.0.1
-
-* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.1-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
-
-* Wed Apr 17 2024 Michal Ruprich <mruprich@redhat.com> - 9.1-4
-- Moving yang modules to frr specific dir to avoid conflicts
-- Adding rpminspect.yaml
-
-* Sat Feb 24 2024 Paul Wouters <paul.wouters@aiven.io> - 9.1-3
-- Rebuild for libre2.so.11 bump
-
-* Sun Feb 04 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1-2
-- Rebuilt for abseil-cpp-20240116.0
-
-* Thu Jan 25 2024 Michal Ruprich <mruprich@redhat.com> - 9.1-1
-- New version 9.1
-
-* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.1-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Mon Oct 16 2023 Michal Ruprich <mruprich@redhat.com> - 9.0.1-1
-- New version 9.0.1
-
-* Fri Sep 01 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.2-4
-- Adding a couple of SELinux rules, includes fix for rhbz#2149299
-
-* Wed Aug 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.5.2-3
-- Rebuilt for abseil-cpp 20230802.0
-
-* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.5.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Fri Jun 30 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.2-1
-- New version 8.5.2
-- Fixing some rpmlint warnings
-
-* Mon Jun 26 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.1-4
-- Resolves: #2216073 - SELinux is preventing FRR-Zebra to access to network namespaces.
-
-* Mon Jun 05 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 8.5.1-3
-- Disable grpc in RHEL builds
-
-* Fri May 19 2023 Petr Pisar <ppisar@redhat.com> - 8.5.1-2
-- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19)
-
-* Wed Apr 26 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.1-1
-- New version 8.5.1
-
 * Wed Apr 12 2023 Michal Ruprich <mruprich@redhat.com> - 8.5-1
 - New version 8.5
 
-* Thu Mar 23 2023 Michal Ruprich <mruprich@redhat.com> - 8.4.2-5
-- Rebuilding for new abseil-cpp version
-
-* Wed Mar 22 2023 Michal Ruprich <mruprich@redhat.com> - 8.4.2-4
-- SPDX migration
-
-* Wed Mar 08 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.4.2-3
-- Build as C++17, required by abseil-cpp 20230125
-
 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.4.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 

frr.te

@@ -27,21 +27,13 @@ systemd_unit_file(frr_unit_file_t)
 type frr_var_run_t;
 files_pid_file(frr_var_run_t)
 
-type frr_var_lib_t;
-files_type(frr_var_lib_t)
-
 ########################################
 #
 # frr local policy
 #
-allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
+allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin };
 allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
-allow frr_t self:netlink_generic_socket create;
+allow frr_t self:packet_socket { create setopt };
-allow frr_t self:netlink_generic_socket setopt;
-allow frr_t self:netlink_generic_socket getopt;
-allow frr_t self:netlink_generic_socket getattr;
-allow frr_t self:netlink_generic_socket bind;
-allow frr_t self:packet_socket create_socket_perms;
 allow frr_t self:process { setcap setpgid };
 allow frr_t self:rawip_socket create_socket_perms;
 allow frr_t self:tcp_socket { connect connected_stream_socket_perms };
@@ -57,10 +49,6 @@ manage_files_pattern(frr_t, frr_log_t, frr_log_t)
 manage_lnk_files_pattern(frr_t, frr_log_t, frr_log_t)
 logging_log_filetrans(frr_t, frr_log_t, { dir file lnk_file })
 
-manage_dirs_pattern(frr_t, frr_var_lib_t, frr_var_lib_t)
-manage_files_pattern(frr_t, frr_var_lib_t, frr_var_lib_t)
-files_var_lib_filetrans(frr_t, frr_var_lib_t, { dir file })
-
 allow frr_t frr_tmp_t:file map;
 manage_dirs_pattern(frr_t, frr_tmp_t, frr_tmp_t)
 manage_files_pattern(frr_t, frr_tmp_t, frr_tmp_t)
@@ -82,7 +70,6 @@ can_exec(frr_t, frr_exec_t)
 kernel_read_network_state(frr_t)
 kernel_rw_net_sysctls(frr_t)
 kernel_read_system_state(frr_t)
-kernel_request_load_module(frr_t)
 
 auth_use_nsswitch(frr_t)
 
@@ -110,10 +97,6 @@ domain_use_interactive_fds(frr_t)
 fs_read_nsfs_files(frr_t)
 
 sysnet_exec_ifconfig(frr_t)
-sysnet_read_ifconfig_run_files(frr_t)
-sysnet_watch_ifconfig_run_dirs(frr_t)
-
-ipsec_domtrans_mgmt(frr_t)
 
 userdom_read_admin_home_files(frr_t)
 

rpminspect.yaml

@@ -1,7 +0,0 @@
----
-runpath:
-    allowed_paths:
-        - /usr/lib64/frr
-        - /usr/lib/frr
-inspections:
-    badfuncs: off

sources

@@ -1,2 +1,2 @@
-SHA512 (frr-10.1.tar.gz) = 7484238a502ab12f178e4a210e6e4a33d0ce53edbb49b127fdc3167e31dd61c1122c1ef2d30e4bcb83b7f520b37fb9ad73e2a6a16790b608b1adf2e23b556445
+SHA512 (frr-8.5.tar.gz) = 26a1bb752130bac684c8f83fb68d33fd16a94054904a37a9550d6028d6181663f757a700e967ae4265ca2a7c6e26b4f0d2fadcfae55a7101c6ce33ac83f2c9b9
 SHA512 (remove-babeld-ldpd.sh) = a5bf67a3722cb20d43cef1dac28f839db68df73a1b7d34d8438e4f9366da3b67d85c1f44281f93434e8dd8ebcb2d3dc258b77eaa5627475b7395d207f020839d