v.ims.1 - Bump version

.gitignore

@@ -15,7 +15,3 @@
 /frr-8.4.1.tar.gz
 /frr-8.4.2.tar.gz
 /frr-8.5.tar.gz
-/frr-8.5.1.tar.gz
-/frr-8.5.2.tar.gz
-/frr-8.5.3.tar.gz
-/frr-8.5.4.tar.gz

0010-nhrpd-zebra-Read-GRE-addresses-only-if-sent.patch

@@ -1,49 +0,0 @@
-From 114bd532ac0c3b6d819f516eb41021eb250b65bd Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zoran=20Peri=C4=8Di=C4=87?= <zpericic@netst.org>
-Date: Wed, 15 Sep 2021 19:44:56 +0200
-Subject: [PATCH 10/11] nhrpd, zebra: Read GRE addresses only if sent
-
-GRE addresses are not send if interface is missing in kernel. We
-should first check if they have been sent.
----
- nhrpd/nhrp_route.c | 7 ++++---
- zebra/zapi_msg.c   | 2 --
- 2 files changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/nhrpd/nhrp_route.c b/nhrpd/nhrp_route.c
-index 698c6d0cdf..2e7923bf33 100644
---- a/nhrpd/nhrp_route.c
-+++ b/nhrpd/nhrp_route.c
-@@ -493,12 +493,13 @@ int nhrp_gre_update(ZAPI_CALLBACK_ARGS)
- 	STREAM_GETL(s, gre_info.okey);
- 	STREAM_GETL(s, gre_info.ifindex_link);
- 	STREAM_GETL(s, gre_info.vrfid_link);
--	STREAM_GETL(s, gre_info.vtep_ip.s_addr);
--	STREAM_GETL(s, gre_info.vtep_ip_remote.s_addr);
- 	if (gre_info.ifindex == IFINDEX_INTERNAL)
- 		val = NULL;
--	else
-+	else {
- 		val = hash_lookup(nhrp_gre_list, &gre_info);
-+		STREAM_GETL(s, gre_info.vtep_ip.s_addr);
-+		STREAM_GETL(s, gre_info.vtep_ip_remote.s_addr);
-+	}
- 	if (val) {
- 		if (gre_info.vtep_ip.s_addr != val->vtep_ip.s_addr ||
- 		    gre_info.vrfid_link != val->vrfid_link ||
-diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c
-index 68bb9783f8..72d06d71ea 100644
---- a/zebra/zapi_msg.c
-+++ b/zebra/zapi_msg.c
-@@ -3618,8 +3618,6 @@ static inline void zebra_gre_get(ZAPI_HANDLER_ARGS)
- 		stream_putl(s, 0);
- 		stream_putl(s, IFINDEX_INTERNAL);
- 		stream_putl(s, VRF_UNKNOWN);
--		stream_putl(s, 0);
--		stream_putl(s, 0);
- 	}
- 	/* Write packet size. */
- 	stream_putw_at(s, 0, stream_get_endp(s));
--- 
-2.41.0
-

0011-nhrp-Peer-should-not-be-connected-if-interface-is-ac.patch

@@ -1,92 +0,0 @@
-From f9876d6106263632287fcef2912ba4223b145672 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zoran=20Peri=C4=8Di=C4=87?= <zpericic@netst.org>
-Date: Mon, 20 Sep 2021 23:51:06 +0200
-Subject: [PATCH 11/11] nhrp: Peer should not be connected if interface is
- active
-
----
- nhrpd/nhrp_interface.c |  1 +
- nhrpd/nhrp_nhs.c       | 21 +++++++++++++++++++--
- nhrpd/nhrp_peer.c      |  2 ++
- nhrpd/nhrpd.h          |  1 +
- 4 files changed, 23 insertions(+), 2 deletions(-)
-
-diff --git a/nhrpd/nhrp_interface.c b/nhrpd/nhrp_interface.c
-index 4ac30a7d75..6a8b6e6997 100644
---- a/nhrpd/nhrp_interface.c
-+++ b/nhrpd/nhrp_interface.c
-@@ -461,6 +461,7 @@ int nhrp_ifp_up(struct interface *ifp)
- {
- 	debugf(NHRP_DEBUG_IF, "if-up: %s", ifp->name);
- 	nhrp_interface_update_nbma(ifp, NULL);
-+	nhrp_nhs_interface_add(ifp);
- 
- 	return 0;
- }
-diff --git a/nhrpd/nhrp_nhs.c b/nhrpd/nhrp_nhs.c
-index 03b4b533bb..bd05813d28 100644
---- a/nhrpd/nhrp_nhs.c
-+++ b/nhrpd/nhrp_nhs.c
-@@ -351,8 +351,9 @@ int nhrp_nhs_add(struct interface *ifp, afi_t afi, union sockunion *proto_addr,
- 		.reglist_head = INIT_DLIST(nhs->reglist_head),
- 	};
- 	nhrp_nhslist_add_tail(&nifp->afi[afi].nhslist_head, nhs);
--	thread_add_timer_msec(master, nhrp_nhs_resolve, nhs, 1000,
--			      &nhs->t_resolve);
-+	if (CHECK_FLAG(ifp->status, ZEBRA_INTERFACE_ACTIVE))
-+		thread_add_timer_msec(master, nhrp_nhs_resolve, nhs, 1000,
-+				      &nhs->t_resolve);
- 
- 	return NHRP_OK;
- }
-@@ -394,6 +395,22 @@ int nhrp_nhs_free(struct nhrp_interface *nifp, afi_t afi, struct nhrp_nhs *nhs)
- 	return 0;
- }
- 
-+void nhrp_nhs_interface_add(struct interface *ifp)
-+{
-+	struct nhrp_interface *nifp = ifp->info;
-+	struct nhrp_nhs *nhs;
-+	afi_t afi;
-+
-+	for (afi = 0; afi < AFI_MAX; afi++) {
-+		debugf(NHRP_DEBUG_COMMON, "Adding nhs entries (%zu)",
-+		       nhrp_nhslist_count(&nifp->afi[afi].nhslist_head));
-+		frr_each (nhrp_nhslist, &nifp->afi[afi].nhslist_head, nhs) {
-+			thread_add_timer_msec(master, nhrp_nhs_resolve, nhs, 1000,
-+					      &nhs->t_resolve);
-+		}
-+	}
-+}
-+
- void nhrp_nhs_interface_del(struct interface *ifp)
- {
- 	struct nhrp_interface *nifp = ifp->info;
-diff --git a/nhrpd/nhrp_peer.c b/nhrpd/nhrp_peer.c
-index e7f2eaf5a7..9e76d16db3 100644
---- a/nhrpd/nhrp_peer.c
-+++ b/nhrpd/nhrp_peer.c
-@@ -309,6 +309,8 @@ int nhrp_peer_check(struct nhrp_peer *p, int establish)
- 	struct interface *ifp = p->ifp;
- 	struct nhrp_interface *nifp = ifp->info;
- 
-+	if (!CHECK_FLAG(ifp->status, ZEBRA_INTERFACE_ACTIVE))
-+		return 0;
- 	if (p->online)
- 		return 1;
- 	if (!establish)
-diff --git a/nhrpd/nhrpd.h b/nhrpd/nhrpd.h
-index 753c6e9b22..4850c12b49 100644
---- a/nhrpd/nhrpd.h
-+++ b/nhrpd/nhrpd.h
-@@ -400,6 +400,7 @@ void nhrp_nhs_foreach(struct interface *ifp, afi_t afi,
- 		      void (*cb)(struct nhrp_nhs *, struct nhrp_registration *,
- 				 void *),
- 		      void *ctx);
-+void nhrp_nhs_interface_add(struct interface *ifp);
- void nhrp_nhs_interface_del(struct interface *ifp);
- 
- int nhrp_multicast_add(struct interface *ifp, afi_t afi,
--- 
-2.41.0
-

frr.if

@@ -160,56 +160,3 @@ interface(`frr_admin',`
 		systemd_read_fifo_file_passwd_run($1)
 	')
 ')
-
-########################################
-#
-# Interface compatibility blocks
-#
-# The following definitions ensure compatibility with distribution policy
-# versions that do not contain given interfaces (epel, or older Fedora
-# releases).
-# Each block tests for existence of given interface and defines it if needed.
-#
-
-######################################
-## <summary>
-##	Watch ifconfig_var_run_t directories
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-ifndef(`sysnet_watch_ifconfig_run',`
-	interface(`sysnet_watch_ifconfig_run',`
-		gen_require(`
-			type ifconfig_var_run_t;
-		')
-
-		watch_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-	')
-')
-
-########################################
-## <summary>
-##	Read ifconfig_var_run_t files and link files
-## </summary>
-## <param name="domain">
-##	<summary>
-##      Domain allowed access.
-##	</summary>
-## </param>
-#
-ifndef(`sysnet_read_ifconfig_run',`
-	interface(`sysnet_read_ifconfig_run',`
-		gen_require(`
-			type ifconfig_var_run_t;
-		')
-
-		list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-		read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-		read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
-	')
-')
-

frr.spec

@@ -1,19 +1,17 @@
-%global dist .ims.2%{?dist}
+%global dist .ims.1%{?dist}
 
 %global frr_libdir %{_libexecdir}/frr
 
 %global _hardened_build 1
 %global selinuxtype targeted
 %define _legacy_common_support 1
-
-%bcond grpc %{undefined rhel}
-%bcond selinux 1
+%bcond_without selinux
 
 Name:           frr
-Version:        8.5.4
+Version:        8.5
 Release:        1%{?dist}
 Summary:        Routing daemon
-License:        GPL-2.0-or-later AND ISC AND LGPL-2.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND (GPL-2.0-or-later  OR ISC) AND MIT
+License:        GPLv2+
 URL:            http://www.frrouting.org
 Source0:        https://github.com/FRRouting/frr/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
 Source1:        %{name}-tmpfiles.conf
@@ -28,8 +26,7 @@ Patch0002:      0002-enable-openssl.patch
 Patch0003:      0003-disable-eigrp-crypto.patch
 Patch0004:      0004-fips-mode.patch
 Patch0005:      0005-remove-grpc-test.patch
-Patch0010:      0010-nhrpd-zebra-Read-GRE-addresses-only-if-sent.patch
-Patch0011:      0011-nhrp-Peer-should-not-be-connected-if-interface-is-ac.patch
+
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison >= 2.7
@@ -39,10 +36,8 @@ BuildRequires:  gcc
 BuildRequires:  gcc-c++
 BuildRequires:  git-core
 BuildRequires:  groff
-%if %{with grpc}
 BuildRequires:  grpc-devel
 BuildRequires:  grpc-plugins
-%endif
 BuildRequires:  json-c-devel
 BuildRequires:  libcap-devel
 BuildRequires:  libtool
@@ -83,18 +78,17 @@ FRRouting is free software that manages TCP/IP based routing protocols. It takes
 a multi-server and multi-threaded approach to resolve the current complexity
 of the Internet.
 
-FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR,
-EIGRP and BFD.
+FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
 
 FRRouting is a fork of Quagga.
 
 %if 0%{?with_selinux}
 %package selinux
-Summary:  Selinux policy for FRR
-BuildArch:  noarch
-Requires:  selinux-policy-%{selinuxtype}
-Requires(post):  selinux-policy-%{selinuxtype}
-BuildRequires:  selinux-policy-devel
+Summary:	Selinux policy for FRR
+BuildArch:	noarch
+Requires:	selinux-policy-%{selinuxtype}
+Requires(post):	selinux-policy-%{selinuxtype}
+BuildRequires:	selinux-policy-devel
 %{?selinux_requires}
 
 %description selinux
@@ -107,8 +101,6 @@ SELinux policy modules for FRR package
 #Selinux
 mkdir selinux
 cp -p %{SOURCE3} %{SOURCE4} %{SOURCE5} selinux
-# C++14 or later needed for abseil-cpp 20230125; string_view needs C++17:
-sed -r -i 's/(AX_CXX_COMPILE_STDCXX\(\[)11(\])/\117\2/' configure.ac
 
 %build
 autoreconf -ivf
@@ -137,7 +129,7 @@ autoreconf -ivf
     --with-crypto=openssl \
     --with-vici-socket=/run/strongswan/charon.vici \
     --enable-fpm \
-    %{?with_grpc:--enable-grpc}
+    --enable-grpc
 
 %make_build MAKEINFO="makeinfo --no-split" PYTHON=%{__python3}
 
@@ -178,7 +170,7 @@ install -d -m 775 %{buildroot}/run/frr
 
 %if 0%{?with_selinux}
 install -D -m 644 selinux/%{name}.pp.bz2 \
-  %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
+	%{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
 install -D -m 644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if
 %endif
 
@@ -278,49 +270,9 @@ rm tests/lib/*grpc*
 %endif
 
 %changelog
-* Wed Jan 03 2024 Michal Ruprich <mruprich@redhat.com> - 8.5.4-1
-- New version 8.5.4
-
-* Tue Oct 10 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.3-1
-- New version 8.5.3
-
-* Fri Sep 01 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.2-4
-- Adding a couple of SELinux rules, includes fix for rhbz#2149299
-
-* Wed Aug 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.5.2-3
-- Rebuilt for abseil-cpp 20230802.0
-
-* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.5.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Fri Jun 30 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.2-1
-- New version 8.5.2
-- Fixing some rpmlint warnings
-
-* Mon Jun 26 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.1-4
-- Resolves: #2216073 - SELinux is preventing FRR-Zebra to access to network namespaces.
-
-* Mon Jun 05 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 8.5.1-3
-- Disable grpc in RHEL builds
-
-* Fri May 19 2023 Petr Pisar <ppisar@redhat.com> - 8.5.1-2
-- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19)
-
-* Wed Apr 26 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.1-1
-- New version 8.5.1
-
 * Wed Apr 12 2023 Michal Ruprich <mruprich@redhat.com> - 8.5-1
 - New version 8.5
 
-* Thu Mar 23 2023 Michal Ruprich <mruprich@redhat.com> - 8.4.2-5
-- Rebuilding for new abseil-cpp version
-
-* Wed Mar 22 2023 Michal Ruprich <mruprich@redhat.com> - 8.4.2-4
-- SPDX migration
-
-* Wed Mar 08 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.4.2-3
-- Build as C++17, required by abseil-cpp 20230125
-
 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.4.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 

frr.te

@@ -31,9 +31,9 @@ files_pid_file(frr_var_run_t)
 #
 # frr local policy
 #
-allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
+allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin };
 allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
-allow frr_t self:packet_socket create_socket_perms;
+allow frr_t self:packet_socket { create setopt };
 allow frr_t self:process { setcap setpgid };
 allow frr_t self:rawip_socket create_socket_perms;
 allow frr_t self:tcp_socket { connect connected_stream_socket_perms };
@@ -70,7 +70,6 @@ can_exec(frr_t, frr_exec_t)
 kernel_read_network_state(frr_t)
 kernel_rw_net_sysctls(frr_t)
 kernel_read_system_state(frr_t)
-kernel_request_load_module(frr_t)
 
 auth_use_nsswitch(frr_t)
 
@@ -98,10 +97,6 @@ domain_use_interactive_fds(frr_t)
 fs_read_nsfs_files(frr_t)
 
 sysnet_exec_ifconfig(frr_t)
-sysnet_read_ifconfig_run(frr_t)
-sysnet_watch_ifconfig_run(frr_t)
-
-ipsec_domtrans_mgmt(frr_t)
 
 userdom_read_admin_home_files(frr_t)
 

sources

@@ -1,2 +1,2 @@
-SHA512 (frr-8.5.4.tar.gz) = f234fe73a019db2188e56988dc5cb3807c83d16c6f8723c68cb8f6154e8e63140f3cf8c3adec64a7661dd988089a8253fc3f910b31a1e6505ea1a6fec3df2e14
+SHA512 (frr-8.5.tar.gz) = 26a1bb752130bac684c8f83fb68d33fd16a94054904a37a9550d6028d6181663f757a700e967ae4265ca2a7c6e26b4f0d2fadcfae55a7101c6ce33ac83f2c9b9
 SHA512 (remove-babeld-ldpd.sh) = a5bf67a3722cb20d43cef1dac28f839db68df73a1b7d34d8438e4f9366da3b67d85c1f44281f93434e8dd8ebcb2d3dc258b77eaa5627475b7395d207f020839d