6 files changed, 67 insertions, 237 deletions
diff --git a/meta-networking/recipes-protocols/frr/frr/0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch b/meta-networking/recipes-protocols/frr/frr/0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch
deleted file mode 100644
index 872a67c784..0000000000
--- a/meta-networking/recipes-protocols/frr/frr/0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From a82d704b1ec6ece47b01d12e0e067d4b62b10894 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Wed, 9 Nov 2022 20:24:45 +0100
-Subject: [PATCH] m4/ax_python.m4: check for python-x.y-emded.pc, not
- python-x.y.pc
-Only the embed version includes necessary linker flags to link
-with libpython.
-Upstream-Status: Backport
-[https://github.com/FRRouting/frr/commit/a82d704b1ec6ece47b01d12e0e067d4b62b10894]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
- m4/ax_python.m4 | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/m4/ax_python.m4 b/m4/ax_python.m4
-index 91d12b99b..f5e603b96 100644
--- a/m4/ax_python.m4
-+++ b/m4/ax_python.m4
-@@ -206,7 +206,7 @@ AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-     AC_MSG_CHECKING([whether pkg-config python-${tryver} is available])
-     unset PYTHON_CFLAGS
-     unset PYTHON_LIBS
-    pkg="python-${tryver}"
-+    pkg="python-${tryver}-embed"
-     pkg="${pkg%-}"
-     _PKG_CONFIG([PYTHON_CFLAGS], [cflags], [${pkg}])
-     _PKG_CONFIG([PYTHON_LIBS], [libs], [${pkg}])
-- 
-2.25.1
diff --git a/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch b/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch
new file mode 100644
index 0000000000..3e93cf3c47
--- /dev/null
+++ b/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch
@@ -0,0 +1,58 @@
+From 312d5ee1592f8c5b616d330233d1de2643f759e2 Mon Sep 17 00:00:00 2001
+From: Jonas Gorski <jonas.gorski@bisdn.de>
+Date: Thu, 14 Sep 2023 17:04:16 +0200
+Subject: [PATCH] tools: make --quiet actually suppress output
+When calling daemon_stop() with --quiet and e.g. the pidfile is empty,
+it won't return early since while "$fail" is set, "$2" is "--quiet", so
+the if condition isn't met and it will continue executing, resulting
+in error messages in the log:
+> Sep 14 14:48:33 localhost watchfrr[2085]: [YFT0P-5Q5YX] Forked background command [pid 2086]: /usr/lib/frr/watchfrr.sh restart all
+> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
+> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
+> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
+Fix this by moving the --quiet check into the block to log_failure_msg(),
+and also add the check to all other invocations of log_*_msg() to make
+--quiet properly suppress output.
+Fixes: 19a99d89f088 ("tools: suppress unuseful warnings during restarting frr")
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/312d5ee1592f8c5b616d330233d1de2643f759e2]
+---
+ tools/frrcommon.sh.in | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in
+index f1f70119097e..00b63a78e2bc 100755
+--- a/tools/frrcommon.sh.in
+++ b/tools/frrcommon.sh.in
+@@ -207,8 +207,8 @@ daemon_stop() {
+        [ -z "$fail" -a -z "$pid" ] && fail="pid file is empty"
+        [ -n "$fail" ] || kill -0 "$pid" 2>/dev/null || fail="pid $pid not running"
+ 
+-       if [ -n "$fail" ] && [ "$2" != "--quiet" ]; then
+-               log_failure_msg "Cannot stop $dmninst: $fail"
+       if [ -n "$fail" ]; then
+               [ "$2" = "--quiet" ] || log_failure_msg "Cannot stop $dmninst: $fail"
+                return 1
+        fi
+ 
+@@ -220,11 +220,11 @@ daemon_stop() {
+                [ $(( cnt -= 1 )) -gt 0 ] || break
+        done
+        if kill -0 "$pid" 2>/dev/null; then
+-               log_failure_msg "Failed to stop $dmninst, pid $pid still running"
+               [ "$2" = "--quiet" ] || log_failure_msg "Failed to stop $dmninst, pid $pid still running"
+                still_running=1
+                return 1
+        else
+-               log_success_msg "Stopped $dmninst"
+               [ "$2" = "--quiet" ] || log_success_msg "Stopped $dmninst"
+                rm -f "$pidfile"
+                return 0
+        fi
+-- 
+2.42.0
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch
deleted file mode 100644
index 4a8a7e1afd..0000000000
--- a/meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From e61593f2ded104c4c7f01eb93e2b404e93e0c560 Mon Sep 17 00:00:00 2001
-From: harryreps <harryreps@gmail.com>
-Date: Fri, 3 Mar 2023 23:17:14 +0000
-Subject: [PATCH] babeld: fix #11808 to avoid infinite loops
-Replacing continue in loops to goto done so that index of packet buffer
-increases.
-Signed-off-by: harryreps <harryreps@gmail.com>
-CVE: CVE-2023-3748
-Upstream-Status: Backport
-[https://github.com/FRRouting/frr/commit/ae1e0e1fed77716bc06f181ad68c4433fb5523d0]
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- babeld/message.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-diff --git a/babeld/message.c b/babeld/message.c
-index 7d45d91bf..2bf233796 100644
--- a/babeld/message.c
-+++ b/babeld/message.c
-@@ -439,7 +439,7 @@ parse_packet(const unsigned char *from, struct interface *ifp,
-                        debugf(BABEL_DEBUG_COMMON,
-                               "Received Hello from %s on %s that does not have all 0's in the unused section of flags, ignoring",
-                               format_address(from), ifp->name);
-                       continue;
-+                       goto done;
-                }
- 
-                /*
-@@ -451,7 +451,7 @@ parse_packet(const unsigned char *from, struct interface *ifp,
-                        debugf(BABEL_DEBUG_COMMON,
-                               "Received Unicast Hello from %s on %s that FRR is not prepared to understand yet",
-                               format_address(from), ifp->name);
-                       continue;
-+                       goto done;
-                }
- 
-                DO_NTOHS(seqno, message + 4);
-@@ -469,7 +469,7 @@ parse_packet(const unsigned char *from, struct interface *ifp,
-                        debugf(BABEL_DEBUG_COMMON,
-                               "Received hello from %s on %s should be ignored as that this version of FRR does not know how to properly handle interval == 0",
-                               format_address(from), ifp->name);
-                       continue;
-+                       goto done;
-                }
- 
-                changed = update_neighbour(neigh, seqno, interval);
-- 
-2.25.1
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch
deleted file mode 100644
index 59633ef699..0000000000
--- a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 9efd9a47db4f13ebf88c2ffe14301d7441bcb40d Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Tue, 22 Aug 2023 22:52:04 +0300
-Subject: [PATCH 1/2] bgpd: Do not process NLRIs if the attribute length is
- zero
-```
-3  0x00007f423aa42476 in __GI_raise (sig=sig@entry=11) at ../sysdeps/posix/raise.c:26
-4  0x00007f423aef9740 in core_handler (signo=11, siginfo=0x7fffc414deb0, context=<optimized out>) at lib/sigevent.c:246
-5  <signal handler called>
-6  0x0000564dea2fc71e in route_set_aspath_prepend (rule=0x564debd66d50, prefix=0x7fffc414ea30, object=0x7fffc414e400)
-    at bgpd/bgp_routemap.c:2258
-7  0x00007f423aeec7e0 in route_map_apply_ext (map=<optimized out>, prefix=prefix@entry=0x7fffc414ea30,
-    match_object=match_object@entry=0x7fffc414e400, set_object=set_object@entry=0x7fffc414e400, pref=pref@entry=0x0) at lib/routemap.c:2690
-8  0x0000564dea2d277e in bgp_input_modifier (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, attr=attr@entry=0x7fffc414e770,
-    afi=afi@entry=AFI_IP, safi=safi@entry=SAFI_UNICAST, rmap_name=rmap_name@entry=0x0, label=0x0, num_labels=0, dest=0x564debdd5130)
-    at bgpd/bgp_route.c:1772
-9  0x0000564dea2df762 in bgp_update (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, addpath_id=addpath_id@entry=0,
-    attr=0x7fffc414eb50, afi=afi@entry=AFI_IP, safi=<optimized out>, safi@entry=SAFI_UNICAST, type=9, sub_type=0, prd=0x0, label=0x0,
-    num_labels=0, soft_reconfig=0, evpn=0x0) at bgpd/bgp_route.c:4374
-10 0x0000564dea2e2047 in bgp_nlri_parse_ip (peer=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50, packet=0x7fffc414eaf0)
-    at bgpd/bgp_route.c:6249
-11 0x0000564dea2c5a58 in bgp_nlri_parse (peer=peer@entry=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50,
-    packet=packet@entry=0x7fffc414eaf0, mp_withdraw=mp_withdraw@entry=false) at bgpd/bgp_packet.c:339
-12 0x0000564dea2c5d66 in bgp_update_receive (peer=peer@entry=0x7f4238f59010, size=size@entry=109) at bgpd/bgp_packet.c:2024
-13 0x0000564dea2c901d in bgp_process_packet (thread=<optimized out>) at bgpd/bgp_packet.c:2933
-14 0x00007f423af0bf71 in event_call (thread=thread@entry=0x7fffc414ee40) at lib/event.c:1995
-15 0x00007f423aebb198 in frr_run (master=0x564deb73c670) at lib/libfrr.c:1213
-16 0x0000564dea261b83 in main (argc=<optimized out>, argv=<optimized out>) at bgpd/bgp_main.c:505
-```
-With the configuration:
-```
-frr version 9.1-dev-MyOwnFRRVersion
-frr defaults traditional
-hostname ip-172-31-13-140
-log file /tmp/debug.log
-log syslog
-service integrated-vtysh-config
-!
-debug bgp keepalives
-debug bgp neighbor-events
-debug bgp updates in
-debug bgp updates out
-!
-router bgp 100
- bgp router-id 9.9.9.9
- no bgp ebgp-requires-policy
- bgp bestpath aigp
- neighbor 172.31.2.47 remote-as 200
- !
- address-family ipv4 unicast
-  neighbor 172.31.2.47 default-originate
-  neighbor 172.31.2.47 route-map RM_IN in
- exit-address-family
-exit
-!
-route-map RM_IN permit 10
- set as-path prepend 200
-exit
-!
-```
-The issue is that we try to process NLRIs even if the attribute length is 0.
-Later bgp_update() will handle route-maps and a crash occurs because all the
-attributes are NULL, including aspath, where we dereference.
-According to the RFC 4271:
-A value of 0 indicates that neither the Network Layer
-         Reachability Information field nor the Path Attribute field is
-         present in this UPDATE message.
-But with a fuzzed UPDATE message this can be faked. I think it's reasonable
-to skip processing NLRIs if both update_len and attribute_len are 0.
-Reported-by: Iggy Frankovic <iggyfran@amazon.com>
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
-Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/28ccc24d38df1d51ed8a563507e5d6f6171fdd38]
-CVE: CVE-2023-41358
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
- bgpd/bgp_packet.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
-index ec54943f3..3c2e73c59 100644
--- a/bgpd/bgp_packet.c
-+++ b/bgpd/bgp_packet.c
-@@ -1951,7 +1951,7 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size)
-        /* Network Layer Reachability Information. */
-        update_len = end - stream_pnt(s);
- 
-       if (update_len) {
-+       if (update_len && attribute_len) {
-                /* Set NLRI portion to structure. */
-                nlris[NLRI_UPDATE].afi = AFI_IP;
-                nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
-- 
-2.35.5
diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch
deleted file mode 100644
index 8ee3985b42..0000000000
--- a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 9ecacf2176d2bac4b90e17d49facb8712c1b467a Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Sun, 20 Aug 2023 22:15:27 +0300
-Subject: [PATCH 2/2] bgpd: Don't read the first byte of ORF header if we are
- ahead of stream
-Reported-by: Iggy Frankovic iggyfran@amazon.com
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
-Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/9b855a692e68e0d16467e190b466b4ecb6853702]
-CVE: CVE-2023-41360
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
- bgpd/bgp_packet.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
-index 3c2e73c59..f1d0e54c0 100644
--- a/bgpd/bgp_packet.c
-+++ b/bgpd/bgp_packet.c
-@@ -2375,7 +2375,8 @@ static int bgp_route_refresh_receive(struct peer *peer, bgp_size_t size)
-                                 * and 7 bytes of ORF Address-filter entry from
-                                 * the stream
-                                 */
-                               if (*p_pnt & ORF_COMMON_PART_REMOVE_ALL) {
-+                               if (p_pnt < p_end &&
-+                                   *p_pnt & ORF_COMMON_PART_REMOVE_ALL) {
-                                        if (bgp_debug_neighbor_events(peer))
-                                                zlog_debug(
-                                                        "%pBP rcvd Remove-All pfxlist ORF request",
-- 
-2.35.5
diff --git a/meta-networking/recipes-protocols/frr/frr_8.4.4.bb b/meta-networking/recipes-protocols/frr/frr_9.0.1.bb
index 826b687806..bddc08aebb 100644
--- a/meta-networking/recipes-protocols/frr/frr_8.4.4.bb
+++ b/meta-networking/recipes-protocols/frr/frr_9.0.1.bb
@@ -6,18 +6,15 @@ HOMEPAGE = "https://frrouting.org/"
 SECTION = "net"
 LICENSE = "GPL-2.0-only & LGPL-2.1-only"
-LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+LIC_FILES_CHKSUM = "file://doc/licenses/GPL-2.0;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                    file://COPYING-LGPLv2.1;md5=4fbd65380cdd255951079008b364516c"
+                    file://doc/licenses/LGPL-2.1;md5=4fbd65380cdd255951079008b364516c"
-SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.4 \
+SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/9.0 \
           file://frr.pam \
-           file://0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch \
+           file://0001-tools-make-quiet-actually-suppress-output.patch \
-           file://CVE-2023-3748.patch \
-           file://CVE-2023-41358.patch \
-           file://CVE-2023-41360.patch \
           "
-SRCREV = "45e36c0c00a517ad1606135b18c5753e210cfc0d"
+SRCREV = "31ed3dd753d62b5d8916998bc32814007e91364b"
 UPSTREAM_CHECK_GITTAGREGEX = "frr-(?P<pver>\d+(\.\d+)+)$"
@@ -28,7 +25,7 @@ S = "${WORKDIR}/git"
 inherit autotools-brokensep python3native pkgconfig useradd systemd
 DEPENDS:class-native = "bison-native elfutils-native"
-DEPENDS:class-target = "bison-native json-c readline c-ares libyang frr-native"
+DEPENDS:class-target = "bison-native json-c readline c-ares libyang frr-native protobuf-c-native protobuf-c"
 RDEPENDS:${PN}:class-target = "iproute2 python3-core bash"
@@ -64,6 +61,9 @@ EXTRA_OECONF:class-target = "--sbindir=${libdir}/frr \
 CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'"
+# https://github.com/FRRouting/frr/issues/14469
+DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map"
 LDFLAGS:append:mips = " -latomic"
 LDFLAGS:append:mipsel = " -latomic"
 LDFLAGS:append:powerpc = " -latomic"

diff --git a/meta-networking/recipes-protocols/frr/frr/0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch b/meta-networking/recipes-protocols/frr/frr/0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch deleted file mode 100644 index 872a67c784..0000000000 --- a/meta-networking/recipes-protocols/frr/frr/0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch +++ /dev/null
@@ -1,33 +0,0 @@
1	From a82d704b1ec6ece47b01d12e0e067d4b62b10894 Mon Sep 17 00:00:00 2001
2	From: Alexander Kanavin <alex@linutronix.de>
3	Date: Wed, 9 Nov 2022 20:24:45 +0100
4	Subject: [PATCH] m4/ax_python.m4: check for python-x.y-emded.pc, not
5	python-x.y.pc
6
7	Only the embed version includes necessary linker flags to link
8	with libpython.
9
10	Upstream-Status: Backport
11	[https://github.com/FRRouting/frr/commit/a82d704b1ec6ece47b01d12e0e067d4b62b10894]
12
13	Signed-off-by: Alexander Kanavin <alex@linutronix.de>
14	---
15	m4/ax_python.m4 \| 2 +-
16	1 file changed, 1 insertion(+), 1 deletion(-)
17
18	diff --git a/m4/ax_python.m4 b/m4/ax_python.m4
19	index 91d12b99b..f5e603b96 100644
20	--- a/m4/ax_python.m4
21	+++ b/m4/ax_python.m4
22	@@ -206,7 +206,7 @@ AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
23	AC_MSG_CHECKING([whether pkg-config python-${tryver} is available])
24	unset PYTHON_CFLAGS
25	unset PYTHON_LIBS
26	- pkg="python-${tryver}"
27	+ pkg="python-${tryver}-embed"
28	pkg="${pkg%-}"
29	_PKG_CONFIG([PYTHON_CFLAGS], [cflags], [${pkg}])
30	_PKG_CONFIG([PYTHON_LIBS], [libs], [${pkg}])
31	--
32	2.25.1
33


diff --git a/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch b/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch new file mode 100644 index 0000000000..3e93cf3c47 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch
@@ -0,0 +1,58 @@
		1	From 312d5ee1592f8c5b616d330233d1de2643f759e2 Mon Sep 17 00:00:00 2001
		2	From: Jonas Gorski <jonas.gorski@bisdn.de>
		3	Date: Thu, 14 Sep 2023 17:04:16 +0200
		4	Subject: [PATCH] tools: make --quiet actually suppress output
		5
		6	When calling daemon_stop() with --quiet and e.g. the pidfile is empty,
		7	it won't return early since while "$fail" is set, "$2" is "--quiet", so
		8	the if condition isn't met and it will continue executing, resulting
		9	in error messages in the log:
		10
		11	> Sep 14 14:48:33 localhost watchfrr[2085]: [YFT0P-5Q5YX] Forked background command [pid 2086]: /usr/lib/frr/watchfrr.sh restart all
		12	> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
		13	> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
		14	> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
		15
		16	Fix this by moving the --quiet check into the block to log_failure_msg(),
		17	and also add the check to all other invocations of log_*_msg() to make
		18	--quiet properly suppress output.
		19
		20	Fixes: 19a99d89f088 ("tools: suppress unuseful warnings during restarting frr")
		21	Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
		22	Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/312d5ee1592f8c5b616d330233d1de2643f759e2]
		23	---
		24	tools/frrcommon.sh.in \| 8 ++++----
		25	1 file changed, 4 insertions(+), 4 deletions(-)
		26
		27	diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in
		28	index f1f70119097e..00b63a78e2bc 100755
		29	--- a/tools/frrcommon.sh.in
		30	+++ b/tools/frrcommon.sh.in
		31	@@ -207,8 +207,8 @@ daemon_stop() {
		32	[ -z "$fail" -a -z "$pid" ] && fail="pid file is empty"
		33	[ -n "$fail" ] \|\| kill -0 "$pid" 2>/dev/null \|\| fail="pid $pid not running"
		34
		35	- if [ -n "$fail" ] && [ "$2" != "--quiet" ]; then
		36	- log_failure_msg "Cannot stop $dmninst: $fail"
		37	+ if [ -n "$fail" ]; then
		38	+ [ "$2" = "--quiet" ] \|\| log_failure_msg "Cannot stop $dmninst: $fail"
		39	return 1
		40	fi
		41
		42	@@ -220,11 +220,11 @@ daemon_stop() {
		43	[ $(( cnt -= 1 )) -gt 0 ] \|\| break
		44	done
		45	if kill -0 "$pid" 2>/dev/null; then
		46	- log_failure_msg "Failed to stop $dmninst, pid $pid still running"
		47	+ [ "$2" = "--quiet" ] \|\| log_failure_msg "Failed to stop $dmninst, pid $pid still running"
		48	still_running=1
		49	return 1
		50	else
		51	- log_success_msg "Stopped $dmninst"
		52	+ [ "$2" = "--quiet" ] \|\| log_success_msg "Stopped $dmninst"
		53	rm -f "$pidfile"
		54	return 0
		55	fi
		56	--
		57	2.42.0
		58


diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch deleted file mode 100644 index 4a8a7e1afd..0000000000 --- a/meta-networking/recipes-protocols/frr/frr/CVE-2023-3748.patch +++ /dev/null
@@ -1,54 +0,0 @@
1	From e61593f2ded104c4c7f01eb93e2b404e93e0c560 Mon Sep 17 00:00:00 2001
2	From: harryreps <harryreps@gmail.com>
3	Date: Fri, 3 Mar 2023 23:17:14 +0000
4	Subject: [PATCH] babeld: fix #11808 to avoid infinite loops
5
6	Replacing continue in loops to goto done so that index of packet buffer
7	increases.
8
9	Signed-off-by: harryreps <harryreps@gmail.com>
10
11	CVE: CVE-2023-3748
12
13	Upstream-Status: Backport
14	[https://github.com/FRRouting/frr/commit/ae1e0e1fed77716bc06f181ad68c4433fb5523d0]
15
16	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
17	---
18	babeld/message.c \| 6 +++---
19	1 file changed, 3 insertions(+), 3 deletions(-)
20
21	diff --git a/babeld/message.c b/babeld/message.c
22	index 7d45d91bf..2bf233796 100644
23	--- a/babeld/message.c
24	+++ b/babeld/message.c
25	@@ -439,7 +439,7 @@ parse_packet(const unsigned char from, struct interface ifp,
26	debugf(BABEL_DEBUG_COMMON,
27	"Received Hello from %s on %s that does not have all 0's in the unused section of flags, ignoring",
28	format_address(from), ifp->name);
29	- continue;
30	+ goto done;
31	}
32
33	/*
34	@@ -451,7 +451,7 @@ parse_packet(const unsigned char from, struct interface ifp,
35	debugf(BABEL_DEBUG_COMMON,
36	"Received Unicast Hello from %s on %s that FRR is not prepared to understand yet",
37	format_address(from), ifp->name);
38	- continue;
39	+ goto done;
40	}
41
42	DO_NTOHS(seqno, message + 4);
43	@@ -469,7 +469,7 @@ parse_packet(const unsigned char from, struct interface ifp,
44	debugf(BABEL_DEBUG_COMMON,
45	"Received hello from %s on %s should be ignored as that this version of FRR does not know how to properly handle interval == 0",
46	format_address(from), ifp->name);
47	- continue;
48	+ goto done;
49	}
50
51	changed = update_neighbour(neigh, seqno, interval);
52	--
53	2.25.1
54


diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch deleted file mode 100644 index 59633ef699..0000000000 --- a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch +++ /dev/null
@@ -1,106 +0,0 @@
1	From 9efd9a47db4f13ebf88c2ffe14301d7441bcb40d Mon Sep 17 00:00:00 2001
2	From: Donatas Abraitis <donatas@opensourcerouting.org>
3	Date: Tue, 22 Aug 2023 22:52:04 +0300
4	Subject: [PATCH 1/2] bgpd: Do not process NLRIs if the attribute length is
5	zero
6
7	```
8	3 0x00007f423aa42476 in __GI_raise (sig=sig@entry=11) at ../sysdeps/posix/raise.c:26
9	4 0x00007f423aef9740 in core_handler (signo=11, siginfo=0x7fffc414deb0, context=<optimized out>) at lib/sigevent.c:246
10	5 <signal handler called>
11	6 0x0000564dea2fc71e in route_set_aspath_prepend (rule=0x564debd66d50, prefix=0x7fffc414ea30, object=0x7fffc414e400)
12	at bgpd/bgp_routemap.c:2258
13	7 0x00007f423aeec7e0 in route_map_apply_ext (map=<optimized out>, prefix=prefix@entry=0x7fffc414ea30,
14	match_object=match_object@entry=0x7fffc414e400, set_object=set_object@entry=0x7fffc414e400, pref=pref@entry=0x0) at lib/routemap.c:2690
15	8 0x0000564dea2d277e in bgp_input_modifier (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, attr=attr@entry=0x7fffc414e770,
16	afi=afi@entry=AFI_IP, safi=safi@entry=SAFI_UNICAST, rmap_name=rmap_name@entry=0x0, label=0x0, num_labels=0, dest=0x564debdd5130)
17	at bgpd/bgp_route.c:1772
18	9 0x0000564dea2df762 in bgp_update (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, addpath_id=addpath_id@entry=0,
19	attr=0x7fffc414eb50, afi=afi@entry=AFI_IP, safi=<optimized out>, safi@entry=SAFI_UNICAST, type=9, sub_type=0, prd=0x0, label=0x0,
20	num_labels=0, soft_reconfig=0, evpn=0x0) at bgpd/bgp_route.c:4374
21	10 0x0000564dea2e2047 in bgp_nlri_parse_ip (peer=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50, packet=0x7fffc414eaf0)
22	at bgpd/bgp_route.c:6249
23	11 0x0000564dea2c5a58 in bgp_nlri_parse (peer=peer@entry=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50,
24	packet=packet@entry=0x7fffc414eaf0, mp_withdraw=mp_withdraw@entry=false) at bgpd/bgp_packet.c:339
25	12 0x0000564dea2c5d66 in bgp_update_receive (peer=peer@entry=0x7f4238f59010, size=size@entry=109) at bgpd/bgp_packet.c:2024
26	13 0x0000564dea2c901d in bgp_process_packet (thread=<optimized out>) at bgpd/bgp_packet.c:2933
27	14 0x00007f423af0bf71 in event_call (thread=thread@entry=0x7fffc414ee40) at lib/event.c:1995
28	15 0x00007f423aebb198 in frr_run (master=0x564deb73c670) at lib/libfrr.c:1213
29	16 0x0000564dea261b83 in main (argc=<optimized out>, argv=<optimized out>) at bgpd/bgp_main.c:505
30	```
31
32	With the configuration:
33
34	```
35	frr version 9.1-dev-MyOwnFRRVersion
36	frr defaults traditional
37	hostname ip-172-31-13-140
38	log file /tmp/debug.log
39	log syslog
40	service integrated-vtysh-config
41	!
42	debug bgp keepalives
43	debug bgp neighbor-events
44	debug bgp updates in
45	debug bgp updates out
46	!
47	router bgp 100
48	bgp router-id 9.9.9.9
49	no bgp ebgp-requires-policy
50	bgp bestpath aigp
51	neighbor 172.31.2.47 remote-as 200
52	!
53	address-family ipv4 unicast
54	neighbor 172.31.2.47 default-originate
55	neighbor 172.31.2.47 route-map RM_IN in
56	exit-address-family
57	exit
58	!
59	route-map RM_IN permit 10
60	set as-path prepend 200
61	exit
62	!
63	```
64
65	The issue is that we try to process NLRIs even if the attribute length is 0.
66
67	Later bgp_update() will handle route-maps and a crash occurs because all the
68	attributes are NULL, including aspath, where we dereference.
69
70	According to the RFC 4271:
71
72	A value of 0 indicates that neither the Network Layer
73	Reachability Information field nor the Path Attribute field is
74	present in this UPDATE message.
75
76	But with a fuzzed UPDATE message this can be faked. I think it's reasonable
77	to skip processing NLRIs if both update_len and attribute_len are 0.
78
79	Reported-by: Iggy Frankovic <iggyfran@amazon.com>
80	Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
81
82	Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/28ccc24d38df1d51ed8a563507e5d6f6171fdd38]
83
84	CVE: CVE-2023-41358
85
86	Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
87	---
88	bgpd/bgp_packet.c \| 2 +-
89	1 file changed, 1 insertion(+), 1 deletion(-)
90
91	diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
92	index ec54943f3..3c2e73c59 100644
93	--- a/bgpd/bgp_packet.c
94	+++ b/bgpd/bgp_packet.c
95	@@ -1951,7 +1951,7 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size)
96	/* Network Layer Reachability Information. */
97	update_len = end - stream_pnt(s);
98
99	- if (update_len) {
100	+ if (update_len && attribute_len) {
101	/* Set NLRI portion to structure. */
102	nlris[NLRI_UPDATE].afi = AFI_IP;
103	nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
104	--
105	2.35.5
106


diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch deleted file mode 100644 index 8ee3985b42..0000000000 --- a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41360.patch +++ /dev/null
@@ -1,35 +0,0 @@
1	From 9ecacf2176d2bac4b90e17d49facb8712c1b467a Mon Sep 17 00:00:00 2001
2	From: Donatas Abraitis <donatas@opensourcerouting.org>
3	Date: Sun, 20 Aug 2023 22:15:27 +0300
4	Subject: [PATCH 2/2] bgpd: Don't read the first byte of ORF header if we are
5	ahead of stream
6
7	Reported-by: Iggy Frankovic iggyfran@amazon.com
8	Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
9
10	Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/9b855a692e68e0d16467e190b466b4ecb6853702]
11
12	CVE: CVE-2023-41360
13
14	Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
15	---
16	bgpd/bgp_packet.c \| 3 ++-
17	1 file changed, 2 insertions(+), 1 deletion(-)
18
19	diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
20	index 3c2e73c59..f1d0e54c0 100644
21	--- a/bgpd/bgp_packet.c
22	+++ b/bgpd/bgp_packet.c
23	@@ -2375,7 +2375,8 @@ static int bgp_route_refresh_receive(struct peer *peer, bgp_size_t size)
24	* and 7 bytes of ORF Address-filter entry from
25	* the stream
26	*/
27	- if (*p_pnt & ORF_COMMON_PART_REMOVE_ALL) {
28	+ if (p_pnt < p_end &&
29	+ *p_pnt & ORF_COMMON_PART_REMOVE_ALL) {
30	if (bgp_debug_neighbor_events(peer))
31	zlog_debug(
32	"%pBP rcvd Remove-All pfxlist ORF request",
33	--
34	2.35.5
35


diff --git a/meta-networking/recipes-protocols/frr/frr_8.4.4.bb b/meta-networking/recipes-protocols/frr/frr_9.0.1.bb index 826b687806..bddc08aebb 100644 --- a/meta-networking/recipes-protocols/frr/frr_8.4.4.bb +++ b/meta-networking/recipes-protocols/frr/frr_9.0.1.bb
@@ -6,18 +6,15 @@ HOMEPAGE = "https://frrouting.org/"
6	SECTION = "net"	6	SECTION = "net"
7		7
8	LICENSE = "GPL-2.0-only & LGPL-2.1-only"	8	LICENSE = "GPL-2.0-only & LGPL-2.1-only"
9	LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \	9	LIC_FILES_CHKSUM = "file://doc/licenses/GPL-2.0;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
10	file://COPYING-LGPLv2.1;md5=4fbd65380cdd255951079008b364516c"	10	file://doc/licenses/LGPL-2.1;md5=4fbd65380cdd255951079008b364516c"
11		11
12	SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.4 \	12	SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/9.0 \
13	file://frr.pam \	13	file://frr.pam \
14	file://0001-m4-ax_python.m4-check-for-python-x.y-emded.pc-not-py.patch \	14	file://0001-tools-make-quiet-actually-suppress-output.patch \
15	file://CVE-2023-3748.patch \
16	file://CVE-2023-41358.patch \
17	file://CVE-2023-41360.patch \
18	"	15	"
19		16
20	SRCREV = "45e36c0c00a517ad1606135b18c5753e210cfc0d"	17	SRCREV = "31ed3dd753d62b5d8916998bc32814007e91364b"
21		18
22	UPSTREAM_CHECK_GITTAGREGEX = "frr-(?P<pver>\d+(\.\d+)+)$"	19	UPSTREAM_CHECK_GITTAGREGEX = "frr-(?P<pver>\d+(\.\d+)+)$"
23		20
@@ -28,7 +25,7 @@ S = "${WORKDIR}/git"
28	inherit autotools-brokensep python3native pkgconfig useradd systemd	25	inherit autotools-brokensep python3native pkgconfig useradd systemd
29		26
30	DEPENDS:class-native = "bison-native elfutils-native"	27	DEPENDS:class-native = "bison-native elfutils-native"
31	DEPENDS:class-target = "bison-native json-c readline c-ares libyang frr-native"	28	DEPENDS:class-target = "bison-native json-c readline c-ares libyang frr-native protobuf-c-native protobuf-c"
32		29
33	RDEPENDS:${PN}:class-target = "iproute2 python3-core bash"	30	RDEPENDS:${PN}:class-target = "iproute2 python3-core bash"
34		31
@@ -64,6 +61,9 @@ EXTRA_OECONF:class-target = "--sbindir=${libdir}/frr \
64		61
65	CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'"	62	CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'"
66		63
		64	# https://github.com/FRRouting/frr/issues/14469
		65	DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map"
		66
67	LDFLAGS:append:mips = " -latomic"	67	LDFLAGS:append:mips = " -latomic"
68	LDFLAGS:append:mipsel = " -latomic"	68	LDFLAGS:append:mipsel = " -latomic"
69	LDFLAGS:append:powerpc = " -latomic"	69	LDFLAGS:append:powerpc = " -latomic"