Bump version for ST

Replacing crypto of all routing daemons with openssl
Disabling EIGRP crypto because it is broken
Disabling crypto in FIPS mode

.gitignore

@@ -2,7 +2,3 @@
 /frr-7.2.tar.gz
 /frr-7.3.tar.gz
 /remove-babeld-ldpd.sh
-/frr-7.3.1.tar.gz
-/frr-7.4.tar.gz
-/frr-7.5.tar.gz
-/frr-7.5.1.tar.gz

0000-remove-babeld-and-ldpd.patch

@@ -1,8 +1,8 @@
 diff --git a/Makefile.am b/Makefile.am
-index 46e2da395..adac3475a 100644
+index 5be3264..33abc1d 100644
 --- a/Makefile.am
 +++ b/Makefile.am
-@@ -183,8 +183,6 @@ include ospf6d/subdir.am
+@@ -130,8 +130,6 @@ include ospf6d/subdir.am
  include ospfclient/subdir.am
  include isisd/subdir.am
  include nhrpd/subdir.am
@@ -11,7 +11,7 @@ index 46e2da395..adac3475a 100644
  include eigrpd/subdir.am
  include sharpd/subdir.am
  include pimd/subdir.am
-@@ -246,7 +244,6 @@ EXTRA_DIST += \
+@@ -182,7 +180,6 @@ EXTRA_DIST += \
  	snapcraft/defaults \
  	snapcraft/helpers \
  	snapcraft/snap \
@@ -19,7 +19,7 @@ index 46e2da395..adac3475a 100644
  	bgpd/Makefile \
  	bgpd/rfp-example/librfp/Makefile \
  	bgpd/rfp-example/rfptest/Makefile \
-@@ -258,7 +255,6 @@ EXTRA_DIST += \
+@@ -193,7 +190,6 @@ EXTRA_DIST += \
  	fpm/Makefile \
  	grpc/Makefile \
  	isisd/Makefile \

0001-nhrp-Configure-vici-socket-path-using-configure-with.patch

@@ -0,0 +1,68 @@
+From 1280a299c696ed925d02ad93d1af9af9dcf43621 Mon Sep 17 00:00:00 2001
+From: root <root@dm4.st.test2.hr>
+Date: Sat, 25 Jan 2020 19:38:39 +0100
+Subject: [PATCH] nhrp: Configure vici socket path using configure
+ --with-vici-socket=/var/run/charon.vici (default)
+
+---
+ configure.ac       | 8 ++++++++
+ nhrpd/README.nhrpd | 3 ++-
+ nhrpd/vici.c       | 2 +-
+ 3 files changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index c8371f304..2ef1c3fea 100755
+--- a/configure.ac
++++ b/configure.ac
+@@ -139,6 +139,13 @@ AC_ARG_WITH([yangmodelsdir], [AS_HELP_STRING([--with-yangmodelsdir=DIR], [yang m
+ ])
+ AC_SUBST([yangmodelsdir])
+ 
++AC_ARG_WITH([vici-socket], [AS_HELP_STRING([--with-vici-socket=DIR], [vici-socket (/var/run/charon.vici)])], [
++	vici_socket="$withval"
++], [
++	vici_socket="/var/run/charon.vici"
++])
++AC_DEFINE_UNQUOTED([VICI_SOCKET], ["$vici_socket"], [StrongSWAN vici interface])
++
+ AC_ARG_ENABLE(tcmalloc,
+ 	AS_HELP_STRING([--enable-tcmalloc], [Turn on tcmalloc]),
+ [case "${enableval}" in
+@@ -2410,6 +2417,7 @@ group for vty sockets   : ${enable_vty_group}
+ config file mask        : ${enable_configfile_mask}
+ log file mask           : ${enable_logfile_mask}
+ zebra protobuf enabled  : ${enable_protobuf:-no}
++vici socket path        : ${vici_socket}
+ 
+ The above user and group must have read/write access to the state file
+ directory and to the config files in the config file directory."
+diff --git a/nhrpd/README.nhrpd b/nhrpd/README.nhrpd
+index 569b3f446..8bb5f69be 100644
+--- a/nhrpd/README.nhrpd
++++ b/nhrpd/README.nhrpd
+@@ -126,7 +126,8 @@ Integration with strongSwan
+ 
+ Contrary to opennhrp, Quagga/NHRP has tight integration with IKE daemon.
+ Currently strongSwan is supported using the VICI protocol. strongSwan
+-is connected using UNIX socket (hardcoded now as /var/run/charon.vici).
++is connected using UNIX socket (default /var/run/charon.vici use configure
++argument --with-vici-socket= to change).
+ Thus nhrpd needs to be run as user that can open that file.
+ 
+ Currently, you will need patched strongSwan. The working tree is at:
+diff --git a/nhrpd/vici.c b/nhrpd/vici.c
+index d6105b71d..86023e1f8 100644
+--- a/nhrpd/vici.c
++++ b/nhrpd/vici.c
+@@ -478,7 +478,7 @@ static int vici_reconnect(struct thread *t)
+ 	if (vici->fd >= 0)
+ 		return 0;
+ 
+-	fd = sock_open_unix("/var/run/charon.vici");
++	fd = sock_open_unix(VICI_SOCKET);
+ 	if (fd < 0) {
+ 		debugf(NHRP_DEBUG_VICI,
+ 		       "%s: failure connecting VICI socket: %s",
+-- 
+2.24.1
+

0001-use-python3.patch

@@ -1,5 +1,5 @@
 diff --git a/tools/frr-reload.py b/tools/frr-reload.py
-index a45c17858..23817824a 100755
+index 208fb11..0692adc 100755
 --- a/tools/frr-reload.py
 +++ b/tools/frr-reload.py
 @@ -1,4 +1,4 @@
@@ -8,3 +8,13 @@ index a45c17858..23817824a 100755
  # Frr Reloader
  # Copyright (C) 2014 Cumulus Networks, Inc.
  #
+diff --git a/tools/generate_support_bundle.py b/tools/generate_support_bundle.py
+index 540b7a1..0876ebb 100755
+--- a/tools/generate_support_bundle.py
++++ b/tools/generate_support_bundle.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/python3
+ 
+ ########################################################
+ ### Python Script to generate the FRR support bundle ###

0002-enable-openssl.patch

@@ -1,5 +1,41 @@
+diff --git a/lib/subdir.am b/lib/subdir.am
+index 0b7af18..0533e24 100644
+--- a/lib/subdir.am
++++ b/lib/subdir.am
+@@ -41,7 +41,6 @@ lib_libfrr_la_SOURCES = \
+ 	lib/linklist.c \
+ 	lib/log.c \
+ 	lib/log_vty.c \
+-	lib/md5.c \
+ 	lib/memory.c \
+ 	lib/mlag.c \
+ 	lib/module.c \
+@@ -64,7 +64,6 @@ lib_libfrr_la_SOURCES = \
+ 	lib/routemap.c \
+ 	lib/sbuf.c \
+ 	lib/seqlock.c \
+-	lib/sha256.c \
+ 	lib/sigevent.c \
+ 	lib/skiplist.c \
+ 	lib/sockopt.c \
+@@ -170,7 +170,6 @@ pkginclude_HEADERS += \
+ 	lib/linklist.h \
+ 	lib/log.h \
+ 	lib/log_vty.h \
+-	lib/md5.h \
+ 	lib/memory.h \
+ 	lib/module.h \
+ 	lib/monotime.h \
+@@ -191,7 +190,6 @@ pkginclude_HEADERS += \
+ 	lib/routemap.h \
+ 	lib/sbuf.h \
+ 	lib/seqlock.h \
+-	lib/sha256.h \
+ 	lib/sigevent.h \
+ 	lib/skiplist.h \
+ 	lib/smux.h \
 diff --git a/isisd/isis_lsp.c b/isisd/isis_lsp.c
-index 5c013d634..938b752de 100644
+index 1991666..2e4fe55 100644
 --- a/isisd/isis_lsp.c
 +++ b/isisd/isis_lsp.c
 @@ -35,7 +35,9 @@
@@ -13,7 +49,7 @@ index 5c013d634..938b752de 100644
  #include "srcdest_table.h"
  #include "lib_errors.h"
 diff --git a/isisd/isis_pdu.c b/isisd/isis_pdu.c
-index 7256fcbbc..43e123b03 100644
+index 9c63311..7cf594c 100644
 --- a/isisd/isis_pdu.c
 +++ b/isisd/isis_pdu.c
 @@ -33,7 +33,9 @@
@@ -27,10 +63,10 @@ index 7256fcbbc..43e123b03 100644
  
  #include "isisd/isis_constants.h"
 diff --git a/isisd/isis_te.c b/isisd/isis_te.c
-index 8daa2b36b..fdb2bb92a 100644
+index 4ea6c2c..72ff0d2 100644
 --- a/isisd/isis_te.c
 +++ b/isisd/isis_te.c
-@@ -39,7 +39,9 @@
+@@ -38,7 +38,9 @@
  #include "if.h"
  #include "vrf.h"
  #include "checksum.h"
@@ -40,39 +76,3 @@ index 8daa2b36b..fdb2bb92a 100644
  #include "sockunion.h"
  #include "network.h"
  #include "sbuf.h"
-diff --git a/lib/subdir.am b/lib/subdir.am
-index 75f3d91b9..1944adcc2 100644
---- a/lib/subdir.am
-+++ b/lib/subdir.am
-@@ -53,7 +53,6 @@ lib_libfrr_la_SOURCES = \
- 	lib/log.c \
- 	lib/log_filter.c \
- 	lib/log_vty.c \
--	lib/md5.c \
- 	lib/memory.c \
- 	lib/mlag.c \
- 	lib/module.c \
-@@ -82,7 +81,6 @@ lib_libfrr_la_SOURCES = \
- 	lib/routemap_northbound.c \
- 	lib/sbuf.c \
- 	lib/seqlock.c \
--	lib/sha256.c \
- 	lib/sigevent.c \
- 	lib/skiplist.c \
- 	lib/sockopt.c \
-@@ -220,7 +218,6 @@ pkginclude_HEADERS += \
- 	lib/link_state.h \
- 	lib/log.h \
- 	lib/log_vty.h \
--	lib/md5.h \
- 	lib/memory.h \
- 	lib/module.h \
- 	lib/monotime.h \
-@@ -249,7 +246,6 @@ pkginclude_HEADERS += \
- 	lib/routemap.h \
- 	lib/sbuf.h \
- 	lib/seqlock.h \
--	lib/sha256.h \
- 	lib/sigevent.h \
- 	lib/skiplist.h \
- 	lib/smux.h \

frr-tmpfiles.conf

@@ -1 +0,0 @@
-d /run/frr 0755 frr frr -

frr.spec

@@ -1,29 +1,28 @@
-%global frrbaseversion	8.0
+%global frrversion	7.3
 %global frr_libdir /usr/lib/frr
-# global checkout 20210714-09-g5f3b23256
-%global imsversion .st.87
+%global checkout .st.1
 
 %global _hardened_build 1
 %define _legacy_common_support 1
 
 Name: frr
-Version: %{frrbaseversion}.1
-Release: 1%{?imsversion}%{?dist}
+Version: 7.3
+Release: 1%{?checkout}%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 URL: http://www.frrouting.org
-Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{frrbaseversion}/%{name}-%{version}%{?checkout:-%{checkout}}.tar.xz
-Source1: %{name}-tmpfiles.conf
+Source0: https://github.com/FRRouting/frr/releases/download/%{name}-%{frrversion}/%{name}-%{frrversion}.tar.gz
 BuildRequires: perl-generators
+BuildRequires: systemd
 BuildRequires: gcc
 BuildRequires: net-snmp-devel
-BuildRequires: texinfo libcap-devel autoconf automake libtool patch groff
+BuildRequires: texinfo libcap-devel texi2html autoconf automake libtool patch groff
 BuildRequires: readline readline-devel ncurses ncurses-devel
 BuildRequires: git pam-devel c-ares-devel
 BuildRequires: json-c-devel bison >= 2.7 flex perl-XML-LibXML
 BuildRequires: python3-devel python3-sphinx python3-pytest
 BuildRequires: systemd systemd-devel
-BuildRequires: libyang2-devel >= 2.0.0
+BuildRequires: libyang-devel >= 0.16.74
 Requires: net-snmp ncurses
 Requires(post): systemd /sbin/install-info
 Requires(preun): systemd /sbin/install-info
@@ -37,6 +36,8 @@ Patch0002: 0002-enable-openssl.patch
 Patch0003: 0003-disable-eigrp-crypto.patch
 Patch0004: 0004-fips-mode.patch
 
+Patch0006: 0001-nhrp-Configure-vici-socket-path-using-configure-with.patch
+
 %description
 FRRouting is free software that manages TCP/IP based routing protocols. It takes
 a multi-server and multi-threaded approach to resolve the current complexity
@@ -47,7 +48,7 @@ FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP
 FRRouting is a fork of Quagga.
 
 %prep
-%autosetup -S git -n %{name}-%{version}%{?checkout:-%{checkout}}
+%autosetup -S git
 
 %build
 autoreconf -ivf
@@ -89,22 +90,20 @@ mkdir -p %{buildroot}/etc/{frr,rc.d/init.d,sysconfig,logrotate.d,pam.d,default}
          %{buildroot}%{_unitdir}
 
 mkdir -p -m 0755 %{buildroot}%{_libdir}/frr
-mkdir -p %{buildroot}%{_tmpfilesdir}
 
 %make_install
 
 # Remove this file, as it is uninstalled and causes errors when building on RH9
 rm -rf %{buildroot}/usr/share/info/dir
 
-install -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf
-install -p -m 644 %{_builddir}/%{name}-%{version}/tools/etc/frr/daemons %{buildroot}/etc/frr/daemons
-install -p -m 644 %{_builddir}/%{name}-%{version}/tools/frr.service %{buildroot}%{_unitdir}/frr.service
-install -p -m 755 %{_builddir}/%{name}-%{version}/tools/frrinit.sh %{buildroot}%{frr_libdir}/frr
-install -p -m 755 %{_builddir}/%{name}-%{version}/tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh
-install -p -m 755 %{_builddir}/%{name}-%{version}/tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh
+install -p -m 644 %{_builddir}/%{name}-%{frrversion}/tools/etc/frr/daemons %{buildroot}/etc/frr/daemons
+install -p -m 644 %{_builddir}/%{name}-%{frrversion}/tools/frr.service %{buildroot}%{_unitdir}/frr.service
+install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/frrinit.sh %{buildroot}%{frr_libdir}/frr
+install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh
+install -p -m 755 %{_builddir}/%{name}-%{frrversion}/tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh
 
-install -p -m 644 %{_builddir}/%{name}-%{version}/redhat/frr.logrotate %{buildroot}/etc/logrotate.d/frr
-install -p -m 644 %{_builddir}/%{name}-%{version}/redhat/frr.pam %{buildroot}/etc/pam.d/frr
+install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.logrotate %{buildroot}/etc/logrotate.d/frr
+install -p -m 644 %{_builddir}/%{name}-%{frrversion}/redhat/frr.pam %{buildroot}/etc/pam.d/frr
 install -d -m 775 %{buildroot}/run/frr
 
 rm %{buildroot}%{_libdir}/frr/*.la
@@ -135,13 +134,6 @@ if [ ! -e %{_sysconfdir}/frr/frr.conf ]; then
     chmod 640 %{_sysconfdir}/frr/frr.conf
 fi
 
-#still used by vtysh, this way no error is produced when using vtysh
-if [ ! -e %{_sysconfdir}/frr/vtysh.conf ]; then
-    touch %{_sysconfdir}/frr/vtysh.conf 
-    chmod 640 %{_sysconfdir}/frr/vtysh.conf
-    chown frr:frrvty %{_sysconfdir}/frr/vtysh.conf
-fi
-
 %postun
 %systemd_postun_with_restart frr.service
 
@@ -156,83 +148,44 @@ if [ $1 -eq 0 ]; then
 fi
 
 %check
-#make check PYTHON=%{__python3}
+make check PYTHON=%{__python3}
 
 %files
 %defattr(-,root,root)
 %license COPYING
+%doc zebra/zebra.conf.sample
+%doc isisd/isisd.conf.sample
+%doc ripd/ripd.conf.sample
+%doc bgpd/bgpd.conf.sample*
+%doc ospfd/ospfd.conf.sample
+%doc ospf6d/ospf6d.conf.sample
+%doc ripngd/ripngd.conf.sample
+%doc pimd/pimd.conf.sample
 %doc doc/mpls
-%dir %attr(750,frr,frr) %{_sysconfdir}/frr
+%dir %attr(755,frr,frr) %{_sysconfdir}/frr
 %dir %attr(755,frr,frr) /var/log/frr
 %dir %attr(755,frr,frr) /run/frr
 %{_infodir}/*info*
 %{_mandir}/man*/*
-%dir %{frr_libdir}/
 %{frr_libdir}/*
 %{_bindir}/*
 %dir %{_libdir}/frr
 %{_libdir}/frr/*.so.*
-%dir %{_libdir}/frr/modules
 %{_libdir}/frr/modules/*
 %config(noreplace) %attr(644,root,root) /etc/logrotate.d/frr
-%config(noreplace) %attr(644,frr,frr) /etc/frr/daemons
+%config(noreplace) /etc/frr/daemons
 %config(noreplace) /etc/pam.d/frr
 %{_unitdir}/*.service
-%dir /usr/share/yang
 /usr/share/yang/*.yang
-%{_tmpfilesdir}/%{name}.conf
+#%%{_libdir}/frr/frr/libyang_plugins/*
 
 %changelog
-* Fri Apr 23 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-2
-- Fixing permissions on config files in /etc/frr
-- Enabling integrated configuration option for frr
-
-* Tue Mar 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-1
-- New version 7.5.1
-
-* Fri Jan 01 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-1
-- New version 7.5
-
-* Mon Sep 21 2020 Michal Ruprich <mruprich@redhat.com> - 7.4-1
-- New version 7.4
-
-* Thu Aug 27 2020 Josef Řídký <jridky@redhat.com> - 7.3.1-4
-- Rebuilt for new net-snmp release
-
-* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.1-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Thu Jun 18 2020 Michal Ruprich <mruprich@redhat.com.com> - 7.3.1-1
-- New version 7.3.1
-- Fixes a couple of bugs(#1832259, #1835039, #1830815, #1830808, #1830806, #1830800, #1830798, #1814773)
-
-* Tue May 19 2020 Michal Ruprich <mruprich@redhat.com.com> - 7.3-6
-- Removing texi2html, it is not available in Rawhide anymore
-
-* Mon May 18 2020 Michal Ruprich <mruprich@redhat.com.com> - 7.3-5
-- Rebuild for new version of libyang
-
-* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-4
-- Rebuild (json-c)
-
-* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-3
-- Update json-c-0.14 patch with a solution from upstream
-
-* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-2
-- Add support for upcoming json-c 0.14.0
-
 * Wed Feb 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-1
 - New version 7.3
 
-* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Mon Dec 16 2019 Michal Ruprich <mruprich@redhat.com> - 7.2-1
+* Wed Jan 08 2020 Michal Ruprich <mruprich@redhat.com> - 7.2-1
 - New version 7.2
 
-* Tue Nov 12 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-5
-- Rebuilding for new version of libyang
-
 * Mon Oct 07 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-4
 - Adding noreplace to the /etc/frr/daemons file
 

sources

@@ -1,2 +1,2 @@
-SHA512 (frr-7.5.1.tar.gz) = 1c27420594e52647090da3556e5c62d6f916903c4fa86e5110f1e86152f07d3ce4252bc859d36c9d218dc96a80b245c8b9eee97f370d818cb39be187b6c3546e
-SHA512 (remove-babeld-ldpd.sh) = a5bf67a3722cb20d43cef1dac28f839db68df73a1b7d34d8438e4f9366da3b67d85c1f44281f93434e8dd8ebcb2d3dc258b77eaa5627475b7395d207f020839d
+SHA512 (frr-7.3.tar.gz) = 51d41ea00c91a98ef4152c1650238fa0a6bdc45151917ed7a90f9441ddad8af2d206579b0c8693abcbe890379ec7d8eca47930f9a795e96d8e1cdc513e293237
+SHA512 (remove-babeld-ldpd.sh) = 9cf3040bfac3620d97c323cc64e35ce2afaf943f6398d0b4187af7756897f2a4e68afedf5dc495f735132e577479aa1c142e6c111575ea6cd931295a7f6f1557