Merge frr from Debian unstable for kinetic
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
frr (Ubuntu) |
Incomplete
|
Undecided
|
Andreas Hasenack |
Bug Description
Upstream: tbd
Debian: 8.1-1
Ubuntu: 8.1-1ubuntu1
Debian typically updates frr every 2 months on average, but it was last updated 21.11 and looks overdue. Check back in on this monthly.
Based on Upstream's release history for frr we should have expected a new upstream update around 2022.04. Presumably it could come any time now.
### New Debian Changes ###
frr (8.1-1) unstable; urgency=medium
* New upstream release FRR 8.1
* Upload to unstable.
-- Ondřej Surý <email address hidden> Sat, 13 Nov 2021 13:32:48 +0100
frr (8.1-0) unstable; urgency=medium
* New upstream release FRR 8.1
-- Jafar Al-Gharaibeh <email address hidden> Tue, 02 Nov 2021 14:00:00 +0500
frr (8.0-0) unstable; urgency=medium
* New upstream release FRR 8.0
-- Martin Winter <email address hidden> Wed, 21 Jul 2021 13:42:00 +0200
frr (7.5.1-1) unstable; urgency=medium
* Update the d/gbp.conf for 7.5.1 release
* Use wrap-and-sort -a to unify debian/ wrapping and sorting
* Work around the sphinx-build error that doesn't copy images to texinfo
* Change the upstream-tag in d/gbp.conf to track the upstream tarballs
-- Ondřej Surý <email address hidden> Mon, 08 Mar 2021 09:40:19 +0100
frr (7.5-1) unstable; urgency=medium
* New upstream version 7.5
-- Ondřej Surý <email address hidden> Sun, 14 Feb 2021 21:38:50 +0100
frr (7.4-2) unstable; urgency=medium
* Bump libyang dependency to >= 1.0.184-1~
* Make the autopkgtest more resilient (Closes: #980111)
* Adjust the ax_python.m4 to hardcode python3.9
-- Ondřej Surý <email address hidden> Sun, 07 Feb 2021 13:15:07 +0100
frr (7.4-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Backport upstream fix for FTBFS with Python 3.9. (Closes: #972767)
-- Adrian Bunk <email address hidden> Thu, 21 Jan 2021 16:06:12 +0200
frr (7.4-1) unstable; urgency=medium
[ Ondřej Surý ]
* Use dh_installinit capabilities to install frr.tmpfile
* Remove unused debian/watchfrr.rc file
* Add missing lsof dependency
* Remove mention of pkg.frr.snmp build profile from debian/
* Make lsb-base a hard dependency
* Update gbp.conf for 7.4 release
* Update and simplify d/watch
* Change the debian source format from 3.0 (git) to 3.0 (quilt)
* Convert the package to dh compat level 10
* Add myself to Uploaders
* Bump standards version to 4.5.0.2 (latest) - no change
* Use wrap-and-sort -a to unify debian/ wrapping and sorting
* Work around the sphinx-build error that doesn't copy images to texinfo
(Properly closes: #955067)
* Depend on debhelper >= 9.20160709 and drop dh-systemd dependency
(Closes: #958626)
-- Ondřej Surý <email address hidden> Mon, 10 Aug 2020 11:50:45 +0200
frr (7.3.1-1) unstable; urgency=medium
[ David Lamparter ]
* allow cross-compile with sbuild --host
[ Ondřej Surý ]
* Add myself to Uploaders
* Add d/gbp.conf
* Update changelog for 7.3.1-1~1.gbp2292a4 release
* Change the source format from git to quilt to use git-buildpackage
* Don't install frr-doc texinfo images, they are gone (Closes: #955067)
* Bump the dh_compat to 10
-- Ondřej Surý <email address hidden> Mon, 01 Jun 2020 08:41:03 +0200
frr (7.3-1) unstable; urgency=medium
* new upstream release
-- David Lamparter <email address hidden> Tue, 25 Feb 2020 17:45:16 +0100
frr (7.2.1-1) unstable; urgency=medium
* new upstream release
* daemon man pages renamed to frr-* (closes: #944392)
* fix/improve multi-arch markers on doc
* fix git URLs to point to debian branch
-- David Lamparter <email address hidden> Mon, 20 Jan 2020 17:06:21 +0100
### Old Ubuntu Delta ###
frr (8.1-1ubuntu1) jammy; urgency=medium
* SECURITY UPDATE: overflow via input packet length
- debian/
parsing issues in isisd/isis_tlvs.*.
- debian/
the security update changed expected results in
tests/
- CVE-2022-26125
* SECURITY UPDATE: overflow via use of strdup with binary string
- debian/
isisd/
lib/
- CVE-2022-26126
* SECURITY UPDATE: overflow via missing check on the input packet length
- debian/
babeld/
- CVE-2022-26127
* SECURITY UPDATE: overflow via wrong checks
- debian/
babeld/
- CVE-2022-26128
- CVE-2022-26129
-- Marc Deslauriers <email address hidden> Fri, 11 Mar 2022 07:33:41 -0500
Changed in frr (Ubuntu): | |
milestone: | none → ubuntu-22.06 |
status: | New → Incomplete |
Changed in frr (Ubuntu): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
LP: #1959896 can be considered with this merge. Upstream implemented a fix for this bug which landed in git, so may be included with the release and thus can be closed during merge.
However, might want to take a closer look at the fix (https:/ /github. com/FRRouting/ frr/pull/ 10485) because it is changing from strncmp to strcmp. I can see how this addresses the warning, but I wonder if strncmp might be preferable to strcmp from a security POV?