v10.3.1

Signed-off-by: Björn Esser <besser82@fedoraproject.org>

.gitignore

@@ -17,3 +17,10 @@
 /frr-8.5.tar.gz
 /frr-8.5.1.tar.gz
 /frr-8.5.2.tar.gz
+/frr-9.0.1.tar.gz
+/frr-9.1.tar.gz
+/frr-10.0.1.tar.gz
+/frr-10.1.tar.gz
+/frr-10.2.tar.gz
+/frr-10.2.1.tar.gz
+/frr-10.3.tar.gz

0000-remove-babeld-and-ldpd.patch

@@ -16,9 +16,9 @@ index 5be3264..33abc1d 100644
  	snapcraft/helpers \
  	snapcraft/snap \
 -	babeld/Makefile \
+ 	mgmtd/Makefile \
  	bgpd/Makefile \
  	bgpd/rfp-example/librfp/Makefile \
- 	bgpd/rfp-example/rfptest/Makefile \
 @@ -193,7 +190,6 @@ EXTRA_DIST += \
  	fpm/Makefile \
  	grpc/Makefile \

0002-enable-openssl.patch

@@ -8,8 +8,8 @@ index 0b7af18..0533e24 100644
  	lib/log_vty.c \
 -	lib/md5.c \
  	lib/memory.c \
- 	lib/mlag.c \
+ 	lib/mgmt_be_client.c \
- 	lib/module.c \
+ 	lib/mgmt_fe_client.c \
 @@ -64,7 +64,6 @@ lib_libfrr_la_SOURCES = \
  	lib/routemap_northbound.c \
  	lib/sbuf.c \
@@ -24,8 +24,8 @@ index 0b7af18..0533e24 100644
  	lib/log_vty.h \
 -	lib/md5.h \
  	lib/memory.h \
- 	lib/module.h \
+ 	lib/mgmt.pb-c.h \
- 	lib/monotime.h \
+ 	lib/mgmt_be_client.h \
 @@ -191,7 +190,6 @@ pkginclude_HEADERS += \
  	lib/route_opaque.h \
  	lib/sbuf.h \

0004-fips-mode.patch

@@ -2,9 +2,20 @@ diff --git a/ospfd/ospf_vty.c b/ospfd/ospf_vty.c
 index 631465f..e084ff3 100644
 --- a/ospfd/ospf_vty.c
 +++ b/ospfd/ospf_vty.c
-@@ -1136,6 +1136,11 @@ DEFUN (ospf_area_vlink,
+@@ -7,6 +7,10 @@
+ #include <zebra.h>
+ #include <string.h>
  
- 	if (argv_find(argv, argc, "message-digest", &idx)) {
++#ifdef CRYPTO_OPENSSL
++#include <openssl/fips.h>
++#endif
++
+ #include "printfrr.h"
+ #include "monotime.h"
+ #include "memory.h"
+@@ -1136,6 +1136,11 @@ DEFUN (ospf_area_vlink,
+ 		vl_config.keychain = argv[idx+1]->arg;
+ 	} else if (argv_find(argv, argc, "message-digest", &idx)) {
  		/* authentication message-digest */
 +		if(FIPS_mode())
 +		{
@@ -41,7 +52,7 @@ index 631465f..e084ff3 100644
 +		}
  		SET_IF_PARAM(params, auth_type);
  		params->auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
- 		return CMD_SUCCESS;
+ 		UNSET_IF_PARAM(params, keychain_name);
 @@ -6971,6 +6990,11 @@ DEFUN (ip_ospf_message_digest_key,
         "The OSPF password (key)\n"
         "Address of interface\n")
@@ -58,6 +69,17 @@ diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c
 index 81b4b39..cce33d9 100644
 --- a/isisd/isis_circuit.c
 +++ b/isisd/isis_circuit.c
+@@ -13,6 +13,10 @@
+ #include <netinet/if_ether.h>
+ #endif
+ 
++#ifdef CRYPTO_OPENSSL
++#include <openssl/fips.h>
++#endif
++
+ #include "log.h"
+ #include "memory.h"
+ #include "vrf.h"
 @@ -1318,6 +1318,10 @@ static int isis_circuit_passwd_set(struct isis_circuit *circuit,
  		return ferr_code_bug(
  			"circuit password too long (max 254 chars)");
@@ -73,6 +95,17 @@ diff --git a/isisd/isisd.c b/isisd/isisd.c
 index 419127c..a6c36af 100644
 --- a/isisd/isisd.c
 +++ b/isisd/isisd.c
+@@ -9,6 +9,10 @@
+ 
+ #include <zebra.h>
+ 
++#ifdef CRYPTO_OPENSSL
++#include <openssl/fips.h>
++#endif
++
+ #include "frrevent.h"
+ #include "vty.h"
+ #include "command.h"
 @@ -1638,6 +1638,10 @@ static int isis_area_passwd_set(struct isis_area *area, int level,
  		if (len > 254)
  			return -1;
@@ -88,6 +121,17 @@ diff --git a/ripd/rip_cli.c b/ripd/rip_cli.c
 index 5bb81ef..02a09ef 100644
 --- a/ripd/rip_cli.c
 +++ b/ripd/rip_cli.c
+@@ -7,6 +7,10 @@
+ 
+ #include <zebra.h>
+ 
++#ifdef CRYPTO_OPENSSL
++#include <openssl/fips.h>
++#endif
++
+ #include "if.h"
+ #include "if_rmap.h"
+ #include "vrf.h"
 @@ -796,6 +796,12 @@ DEFPY (ip_rip_authentication_mode,
  			value = "20";
  	}
@@ -101,15 +145,3 @@ index 5bb81ef..02a09ef 100644
  	nb_cli_enqueue_change(vty, "./authentication-scheme/mode", NB_OP_MODIFY,
  			      strmatch(mode, "md5") ? "md5" : "plain-text");
  	if (strmatch(mode, "md5"))
-diff --git a/lib/zebra.h b/lib/zebra.h
-index 53ae5b4..930307f 100644
---- a/lib/zebra.h
-+++ b/lib/zebra.h
-@@ -114,6 +114,7 @@
- #ifdef CRYPTO_OPENSSL
- #include <openssl/evp.h>
- #include <openssl/hmac.h>
-+#include <openssl/fips.h>
- #endif
-
- #include "openbsd-tree.h"

0005-remove-grpc-test.patch

@@ -2,12 +2,12 @@ diff --git a/tests/lib/subdir.am b/tests/lib/subdir.am
 index 7b5eaa4..5c82f69 100644
 --- a/tests/lib/subdir.am
 +++ b/tests/lib/subdir.am
-@@ -18,18 +18,6 @@ tests_lib_test_frrscript_SOURCES = tests/lib/test_frrscript.c
+@@ -18,22 +18,6 @@ tests_lib_test_frrscript_SOURCES = tests/lib/test_frrscript.c
- EXTRA_DIST += tests/lib/test_frrscript.py
+ 	test -e tests/lib/script1.lua || \
- 
+ 	$(INSTALL_SCRIPT) $< tests/lib/script1.lua
  
 -##############################################################################
--GRPC_TESTS_LDADD = staticd/libstatic.a grpc/libfrrgrpc_pb.la -lgrpc++ -lprotobuf $(ALL_TESTS_LDADD) $(LIBYANG_LIBS) -lm
+-GRPC_TESTS_LDADD = mgmtd/libmgmt_be_nb.la staticd/libstatic.a grpc/libfrrgrpc_pb.la $(GRPC_LIBS) $(ALL_TESTS_LDADD) $(LIBYANG_LIBS) -lm
 -
 -if GRPC
 -check_PROGRAMS += tests/lib/test_grpc
@@ -16,6 +16,10 @@ index 7b5eaa4..5c82f69 100644
 -tests_lib_test_grpc_CPPFLAGS = $(TESTS_CPPFLAGS)
 -tests_lib_test_grpc_LDADD = $(GRPC_TESTS_LDADD)
 -tests_lib_test_grpc_SOURCES = tests/lib/test_grpc.cpp
+-nodist_tests_lib_test_grpc_SOURCES = \
+-	yang/frr-bfdd.yang.c \
+-	yang/frr-staticd.yang.c \
+-	# end
 -
 -
  ##############################################################################

0006-s390x-endianness-test.patch

@@ -0,0 +1,16 @@
+diff --git a/tests/lib/northbound/test_oper_data.c b/tests/lib/northbound/test_oper_data.c
+index 0b334c6..f66b78d 100644
+--- a/tests/lib/northbound/test_oper_data.c
++++ b/tests/lib/northbound/test_oper_data.c
+@@ -253,9 +253,10 @@ static enum nb_error frr_test_module_c2cont_c2value_get(const struct nb_node *nb
+ 							struct lyd_node *parent)
+ {
+ 	const struct lysc_node *snode = nb_node->snode;
+-	uint32_t value = 0xAB010203;
++	uint32_t value = htole32(0xAB010203);
+ 	LY_ERR err;
+ 
++	/* Note that this api expects 'value' to be in little-endian form */
+ 	err = lyd_new_term_bin(parent, snode->module, snode->name, &value, sizeof(value),
+ 			       LYD_NEW_PATH_UPDATE, NULL);
+ 	assert(err == LY_SUCCESS);

frr.fc

@@ -6,24 +6,25 @@
 
 /var/log/frr(/.*)?              gen_context(system_u:object_r:frr_log_t,s0)
 /var/tmp/frr(/.*)?              gen_context(system_u:object_r:frr_tmp_t,s0)
+/var/lib/frr(/.*)?              gen_context(system_u:object_r:frr_var_lib_t,s0)
 
-/var/lock/subsys/bfdd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/bfdd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/bgpd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/bgpd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/eigrpd     --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/eigrpd     --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/fabricd    --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/fabricd    --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/isisd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/isisd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/nhrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/nhrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/ospf6d     --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/ospf6d     --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/ospfd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/ospfd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/pbrd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/pbrd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/pimd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/pimd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/ripd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/ripd       --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/ripngd     --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/ripngd     --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/staticd    --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/staticd    --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/zebra      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/zebra      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/vrrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/vrrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
-/var/lock/subsys/pathd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/pathd      --  gen_context(system_u:object_r:frr_lock_t,s0)
 
-/var/run/frr(/.*)?              gen_context(system_u:object_r:frr_var_run_t,s0)
+/run/frr(/.*)?              gen_context(system_u:object_r:frr_var_run_t,s0)
 
 /usr/bin/vtysh              --  gen_context(system_u:object_r:frr_exec_t,s0)

frr.if

@@ -181,8 +181,8 @@ interface(`frr_admin',`
 ##	</summary>
 ## </param>
 #
-ifndef(`sysnet_watch_ifconfig_run',`
+ifndef(`sysnet_watch_ifconfig_run_dirs',`
-	interface(`sysnet_watch_ifconfig_run',`
+	interface(`sysnet_watch_ifconfig_run_dirs',`
 		gen_require(`
 			type ifconfig_var_run_t;
 		')
@@ -201,8 +201,8 @@ ifndef(`sysnet_watch_ifconfig_run',`
 ##	</summary>
 ## </param>
 #
-ifndef(`sysnet_read_ifconfig_run',`
+ifndef(`sysnet_read_ifconfig_run_files',`
-	interface(`sysnet_read_ifconfig_run',`
+	interface(`sysnet_read_ifconfig_run_files',`
 		gen_require(`
 			type ifconfig_var_run_t;
 		')
@@ -212,4 +212,3 @@ ifndef(`sysnet_read_ifconfig_run',`
 		read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
 	')
 ')
-

frr.spec

@@ -1,3 +1,5 @@
+%global dist .ims.1%{?dist}
+
 %global frr_libdir %{_libexecdir}/frr
 
 %global _hardened_build 1
@@ -8,8 +10,8 @@
 %bcond selinux 1
 
 Name:           frr
-Version:        8.5.2
+Version:        10.3.1
-Release:        2%{?dist}
+Release:        1%{?dist}
 Summary:        Routing daemon
 License:        GPL-2.0-or-later AND ISC AND LGPL-2.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND (GPL-2.0-or-later  OR ISC) AND MIT
 URL:            http://www.frrouting.org
@@ -26,6 +28,12 @@ Patch0002:      0002-enable-openssl.patch
 Patch0003:      0003-disable-eigrp-crypto.patch
 Patch0004:      0004-fips-mode.patch
 Patch0005:      0005-remove-grpc-test.patch
+Patch0006:      0006-s390x-endianness-test.patch
+
+# https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval
+%if %{undefined fc40} && %{undefined fc41}
+ExcludeArch:       %{ix86}
+%endif
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -43,6 +51,7 @@ BuildRequires:  grpc-plugins
 BuildRequires:  json-c-devel
 BuildRequires:  libcap-devel
 BuildRequires:  libtool
+BuildRequires:  libxcrypt-devel
 BuildRequires:  libyang-devel >= 2.0.0
 BuildRequires:  make
 BuildRequires:  ncurses
@@ -59,6 +68,7 @@ BuildRequires:  readline-devel
 BuildRequires:  systemd-devel
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  texinfo
+BuildRequires:  protobuf-c-devel
 
 Requires:       ncurses
 Requires:       net-snmp
@@ -108,6 +118,8 @@ cp -p %{SOURCE3} %{SOURCE4} %{SOURCE5} selinux
 sed -r -i 's/(AX_CXX_COMPILE_STDCXX\(\[)11(\])/\117\2/' configure.ac
 
 %build
+#hopefully just temporary due to rhbz#2327314
+export LDFLAGS="%{build_ldflags} -Wl,-z,noseparate-code"
 autoreconf -ivf
 
 %configure \
@@ -115,7 +127,7 @@ autoreconf -ivf
     --sysconfdir=%{_sysconfdir}/frr \
     --libdir=%{_libdir}/frr \
     --libexecdir=%{_libexecdir}/frr \
-    --localstatedir=/run/frr \
+    --localstatedir=/var \
     --enable-multipath=64 \
     --enable-vtysh=yes \
     --disable-ospfclient \
@@ -131,7 +143,9 @@ autoreconf -ivf
     --disable-ldpd \
     --disable-babeld \
     --with-moduledir=%{_libdir}/frr/modules \
+    --with-yangmodelsdir=%{_datadir}/frr-yang/ \
     --with-crypto=openssl \
+    --with-vici-socket=/run/strongswan/charon.vici \
     --enable-fpm \
     %{?with_grpc:--enable-grpc}
 
@@ -261,8 +275,8 @@ rm tests/lib/*grpc*
 %config(noreplace) %attr(644,frr,frr) %{_sysconfdir}/frr/daemons
 %config(noreplace) %{_sysconfdir}/pam.d/frr
 %{_unitdir}/*.service
-%dir %{_datadir}/yang
+%dir %{_datadir}/frr-yang
-%{_datadir}/yang/*.yang
+%{_datadir}/frr-yang/*.yang
 %{_tmpfilesdir}/%{name}.conf
 %{_sysusersdir}/%{name}.conf
 
@@ -274,6 +288,74 @@ rm tests/lib/*grpc*
 %endif
 
 %changelog
+* Mon Jun 02 2025 Michal Ruprich <mruprich@redhat.com> - 10.3
+- New version 10.3
+
+* Sat Feb 01 2025 Björn Esser <besser82@fedoraproject.org> - 10.2.1-2
+- Add explicit BR: libxcrypt-devel
+
+* Thu Jan 30 2025 Michal Ruprich <mruprich@redhat.com> - 10.2.1-1
+- New version 10.2.1
+
+* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 10.2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Sat Jan 04 2025 Benjamin A. Beasley <code@musicinmybrain.net> - 10.2-3
+- Drop i686 support (leaf package)
+
+* Thu Dec 05 2024 Michal Ruprich <mruprich@redhat.com> - 10.2-2
+- Resolves: rhbz#2329643 - upgrading frr to 10.2 causes pimd crashes
+
+* Fri Nov 22 2024 Michal Ruprich <mruprich@redhat.com> - 10.2-1
+- New version 10.2
+
+* Tue Sep 10 2024 Michal Ruprich <mruprich@redhat.com> - 10.1-4
+- Resolves: #2311119 - Multiple AVCs for accessing lib_t in FRR-10.1
+- Resolves: #2311120 - AVCs for using a netlink socket in FRR
+
+* Sun Aug 25 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 10.1-3
+- Rebuilt for abseil-cpp-20240722.0
+
+* Thu Aug 15 2024 Michal Ruprich <mruprich@redhat.com> - 10.1-2
+- Rebuilding for the libre soname bump
+
+* Mon Aug 12 2024 Michal Ruprich <mruprich@redhat.com> - 10.1-1
+- New version 10.1
+
+* Wed Jul 31 2024 Michal Ruprich <mruprich@redhat.com> - 10.0.1-1
+- New version 10.0.1
+
+* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Wed Apr 17 2024 Michal Ruprich <mruprich@redhat.com> - 9.1-4
+- Moving yang modules to frr specific dir to avoid conflicts
+- Adding rpminspect.yaml
+
+* Sat Feb 24 2024 Paul Wouters <paul.wouters@aiven.io> - 9.1-3
+- Rebuild for libre2.so.11 bump
+
+* Sun Feb 04 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1-2
+- Rebuilt for abseil-cpp-20240116.0
+
+* Thu Jan 25 2024 Michal Ruprich <mruprich@redhat.com> - 9.1-1
+- New version 9.1
+
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Oct 16 2023 Michal Ruprich <mruprich@redhat.com> - 9.0.1-1
+- New version 9.0.1
+
+* Fri Sep 01 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.2-4
+- Adding a couple of SELinux rules, includes fix for rhbz#2149299
+
+* Wed Aug 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.5.2-3
+- Rebuilt for abseil-cpp 20230802.0
+
 * Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.5.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 

frr.te

@@ -27,12 +27,20 @@ systemd_unit_file(frr_unit_file_t)
 type frr_var_run_t;
 files_pid_file(frr_var_run_t)
 
+type frr_var_lib_t;
+files_type(frr_var_lib_t)
+
 ########################################
 #
 # frr local policy
 #
 allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
 allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
+allow frr_t self:netlink_generic_socket create;
+allow frr_t self:netlink_generic_socket setopt;
+allow frr_t self:netlink_generic_socket getopt;
+allow frr_t self:netlink_generic_socket getattr;
+allow frr_t self:netlink_generic_socket bind;
 allow frr_t self:packet_socket create_socket_perms;
 allow frr_t self:process { setcap setpgid };
 allow frr_t self:rawip_socket create_socket_perms;
@@ -49,6 +57,10 @@ manage_files_pattern(frr_t, frr_log_t, frr_log_t)
 manage_lnk_files_pattern(frr_t, frr_log_t, frr_log_t)
 logging_log_filetrans(frr_t, frr_log_t, { dir file lnk_file })
 
+manage_dirs_pattern(frr_t, frr_var_lib_t, frr_var_lib_t)
+manage_files_pattern(frr_t, frr_var_lib_t, frr_var_lib_t)
+files_var_lib_filetrans(frr_t, frr_var_lib_t, { dir file })
+
 allow frr_t frr_tmp_t:file map;
 manage_dirs_pattern(frr_t, frr_tmp_t, frr_tmp_t)
 manage_files_pattern(frr_t, frr_tmp_t, frr_tmp_t)
@@ -70,6 +82,7 @@ can_exec(frr_t, frr_exec_t)
 kernel_read_network_state(frr_t)
 kernel_rw_net_sysctls(frr_t)
 kernel_read_system_state(frr_t)
+kernel_request_load_module(frr_t)
 
 auth_use_nsswitch(frr_t)
 
@@ -85,20 +98,25 @@ corenet_tcp_bind_cmadmin_port(frr_t)
 corenet_udp_bind_cmadmin_port(frr_t)
 corenet_tcp_bind_firepower_port(frr_t)
 corenet_tcp_bind_generic_port(frr_t)
+corenet_udp_bind_generic_port(frr_t)
 corenet_tcp_bind_priority_e_com_port(frr_t)
 corenet_udp_bind_router_port(frr_t)
 corenet_tcp_bind_qpasa_agent_port(frr_t)
 corenet_tcp_bind_smntubootstrap_port(frr_t)
 corenet_tcp_bind_versa_tek_port(frr_t)
 corenet_tcp_bind_zebra_port(frr_t)
+# general reserved port for pimd
+corenet_tcp_bind_reserved_port(frr_t)
 
 domain_use_interactive_fds(frr_t)
 
 fs_read_nsfs_files(frr_t)
 
 sysnet_exec_ifconfig(frr_t)
-sysnet_read_ifconfig_run(frr_t)
+sysnet_read_ifconfig_run_files(frr_t)
-sysnet_watch_ifconfig_run(frr_t)
+sysnet_watch_ifconfig_run_dirs(frr_t)
+
+ipsec_domtrans_mgmt(frr_t)
 
 userdom_read_admin_home_files(frr_t)
 

rpminspect.yaml

@@ -0,0 +1,7 @@
+---
+runpath:
+    allowed_paths:
+        - /usr/lib64/frr
+        - /usr/lib/frr
+inspections:
+    badfuncs: off

sources

@@ -1,2 +1,2 @@
-SHA512 (frr-8.5.2.tar.gz) = a5eadd8c88966b58ebc0e7b92311bda16b391abe727861eed772ded678f5a84d84421fbfd4b23c4a2b18ab3d2dcd5b2c9099491dab6958b63c39a9c67c4508d2
+SHA512 (frr-10.3.tar.gz) = 6ea651f20c3957f5a7523e7cb316327ac5914154a31ed92e8ac5bb55e75eab2e1da3ddf255de5e669906946caa5c82b78bb769c3869e2f800f5bd3782963198c
 SHA512 (remove-babeld-ldpd.sh) = a5bf67a3722cb20d43cef1dac28f839db68df73a1b7d34d8438e4f9366da3b67d85c1f44281f93434e8dd8ebcb2d3dc258b77eaa5627475b7395d207f020839d