Headline
CVE-2022-40302: Releases · FRRouting/frr
An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case.
FRR 8.5.1 Release
We are pleased to announce FRR release 8.5.1
Debian Packages - https://deb.frrouting.org
RPM Packages - https://rpm.frrouting.org
Snaps - https://snapcraft.io/frr
Docker - quay.io/frrouting/frr:v8.5.1
Bug Fixes
bgpd
- Fix crash due to community aliases size
- Aggregate-address memory leak fix
- Bmp fix peer-up ports byte order
- Check 7 bytes for long-lived graceful-restart capability
- Copy the password from the previous peer on peer_xfer_config()
- Do not allow a no router bgp xxx when autoimport is happening
- Do not allow l3vni changes when shutting down
- Do not announce routes immediatelly on filter updates
- Do not call bgp_soft_reconfig_in() twice in a row on policy change
- Evpn-mh esi not active suppress ead-es route
- Fix crash for show bgp … neighbor received-routes detail|prefix
- Fix debug output for route-map names when using a unsuppress-map
- Fix ecommunity parsing for as4
- Fix for ain->attr corruption during path update
- Increase buffer size used for dumping bgp to mrt files
- Limit flowspec to no attribute means a implicit withdrawal
- Prevent null pointer deref when outputting data
lib
- Adjust only any flag for prefix-list entries if destroying
- Destroy any flag when creating a prefix-list entry with prefix
- Fix clear route-map cmd using defpy
- Fix link state memory leak
- Include clippy generated commands for routemap.c
- On bfd peer shutdown actually stop event
ospfd
- Cleanup some memory leaks on shutdown in ospf_apiserver.c
- Fix for vitual-link crash in signal handler
- Fix ospf_lsa memory leak
- Fix ospf_ti_lfa drop of an entire table
- Fixing summary origination after range configuration
- Free up q_space in early return path
- Log adjacency changes with neighbor ip in addition to neighbor id
pbrd
- Fix mismatching in match src-dst
pim6d
- Fixing mroutes not created after disabling and enabling pimv6.
pimd
- Fix use after free issue for ifp’s moving vrfs
- In_multicast needs host order
- Process no-forward bsm packet
ripd
- Fix malformed route-map
- Fix memory leak for ripd’s route-map
staticd
- Tell bfd that we are shutting down
tools
- Fix missing remote-as configuration when reload
- Frr-reload fix list value not present
- Make check flag really work for reload
- Set correct directory of vtysh for frr-reload.py
zebra
- Add link_nsid to zebra interface
- Cleanup ctx leak on shutdown and turn off event
- Evpn mh sync mac install as inactive
- Fix for heap-use-after-free in evpn
- Fix race during shutdown
- Install directly connected route after interface flap
FRR 8.5 Release
We are pleased to announce FRR release 8.5.
FRR 8.5 brings a long list of enhancements and fixes with 947+ commits from 68 developers. Thanks to all contributors.
Debian Packages - https://deb.frrouting.org
RPM Packages - https://rpm.frrouting.org
Snaps - https://snapcraft.io/frr
Docker - quay.io/frrouting/frr:v8.5.0
Release Overview
This release includes several new features, improvements, and bug fixes for various protocols and daemons. Some notable changes include:
- Set the BGP Input/Output Queue limit for all peers when messaging parsing. Increase this only if you have the memory to handle large queues of messages at once. link1 link2
- Add support for per-VRF SRv6 SID. link
- Add BGP labeled-unicast Add-Path functionality
- Implementation of SNMP BGP4v2-MIB. link for better network management and monitoring
- Add BGP new command neighbor path-attribute discard. link
- Add BGP new command neighbor path-attribute treat-as-withdraw. link
- Implement L3 route-target auto/wildcard configuration. link
- Implement BGP ACCEPT_OWN Community Attribute / rfc7611. link
- Implement The Accumulated IGP Metric Attribute for BGP / rfc7311. link
- Implement graceful-shutdown command per neighbor. link
- Add BGP new command to configure TCP keepalives for a peer bgp tcp-keepalive. link
- Traffic control (TC) ZAPI implementation
- SRv6 uSID (microSID) implementation. link
- Start deprecating start-shell …, ssh …, telnet … commands due to security reasons
- Add VRRPv3 an ability to disable IPv4 pseudo-header checksum. link
- BFD integration for static routes. link
- Allow protocols to configure BFD sessions with automatic source selection
- Allow zero-length opaque LSAs for OSPF (rfc5250)
- Add ISIS new command set-overload-bit on-startup. link
- PIMv6 BSM support. link
- A lots of bugs, especially for PIM/PIMv6/BGP
- Many commands got VRF and/or JSON/detail output options support
- Several fixes for memory leaks and race conditions
- Improved the consistency of output for several commands
A full log of changes can be found by browsing the commit history of FRR 8.5 tag here
FRR 8.4.2 Release
We are pleased to announce FRR 8.4.2.
Debian Packages - https://deb.frrouting.org/
RPM Packages - https://rpm.frrouting.org/
Snaps - https://snapcraft.io/frr
Docker - frrouting/frr:v8.4.2
Bug fixes:
- bfdd: fix ipv4 socket source selection
- bgpd : fix crash for set ipv4/ipv6 vpn next-hop command
- bgpd: stop overriding nexthop when bgp unnumbered
- bgpd: fix aggregated routes are withdrawn abnormally
- bgpd: fix a few memory leaks
- build: enable pim6d by default
- build: fix sed regex in lua macro
- doc : add freebsd 13 build docs
- isisd: fix memory leak
- lib: disable vrf before terminating interfaces
- lib: do not log echo ping commands from watchfrr
- ospf6d: fix infinite loop when adding asbr route
- ospfd: fix rfc conformance test cases 25.19 and 27.6
- ospfd: fix typo and report the P2P link name in the warning
- ospfd: report the router IP with opaque capability mismatch
- ospfd: fix memory leak
- pimd: consistently ignore prefix list mask len
- staticd: do not crash when modifying an existing static route with color
- zebra: free all memory associated ctx->u.iptable.interface_name_list
- zebra: fix tracepoint changes for lttng
- zebra: free up route map name memory on vrf deletion event
- zebra: use mpls enable, not mpls when generating a config
FRR 8.4.1 Release
FRR 8.4 Release
We are pleased to announce FRR 8.4.
FRR 8.4 brings a long list of enhancements and fixes with 700+ commits from 66 developers. Thanks to all contributors.
Debian Packages - https://deb.frrouting.org
RPM Packages - https://rpm.frrouting.org
Snaps - https://snapcraft.io/frr
Docker - frrouting/frr:v8.4.0
Release Overview
- New BGP command (neighbor PEER soo) to configure SoO to prevent routing loops and suboptimal routing on dual-homed sites.
- Command debug bgp allow-martian replaced to bgp allow-martian-nexthop because previously we allowed using martian next-hops when debug is turned on.
- Implement BGP Prefix Origin Validation State Extended Community rfc8097
- Implement Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages rfc9234
- BMP L3VPN support
- PIMv6 support
- MLD support
- New command to enable using reserved IPv4 ranges as normal addresses for BGP next-hops, interface addresses, etc.
- As usual, lots of bugs and memory leaks were fixed \m/
Changelog
babeld
- Ignore Sub-TLV’s with mandatory bit set
- Ignore unicast Hello’s
bfdd
- Add IPv4 BFD Echo support
- Add RTT to BFD IPv4 Echo packet processing
- Allow L3 VRF BFD sessions without UDP leaking
bgpd
- Add mpls bgp forwarding to ease MPLS-VPN EBGP peering
- Add bgp allow-martian-nexthop command (remove debug bgp allow-martian)
- Add neighbor soo command
- Add no rpki command
- Add show bgp access-list command to filter routes by access-list
- Implement rfc8097
- Implement rfc9234
- Add resolution for L3VPN traffic over GRE interfaces
- Allow setting custom port for BGP unnumbered peers
- Allow statistics gathering to give more data about prefix lengths
- Apply conditional advertisements policy to update-group
- Associate appropriate family for redistributed connected addresses
- Avoid notify race between io and main pthreads
- Call a hook when as-path filter is replaced
- Cleanup memory leaks associated with t_deferral_timer
- Do not check if the whole as-path has target asn when using as-override
- Do not print new line for EVPN CLI outputs if it’s a JSON
- Do not show polling_period default value in CLI for RPKI
- Don’t advertise conditionally withdrawn routes
- Drop SSH public key for RPKI CLI option
- Fix show bgp nexthop a.b.c.d
- Fix for aggregate-address summary-only matching-med-only
- Fix inconsistencies with default-originate route-map
- Fix memory leak for as-override
- Fix memory leak for set as-path replace route-map command
- Fix memory leak for community alias
- Fix memory leak for community stuff
- Fix memory leak in SRv6 locator
- Fix memory leak when an SRv6 sid is removed
- Fix memory leak when setting [l]community at the egress
- Fix route-map update and delete route-map
- Fix show bgp l2vpn evpn route rd crash
- Fix the wrong next-hop BGP struct for next-hop validation
- Fixed BMP VPNv4 monitoring are withdrawn instead of updates
- Fixup PBR rule changes that were missed
- Fixup some MAC address token CLI syntax
- Free ecommunity before returning on warning/error
- Free memory for as-path filter if regexp is wrong
- Free memory for BMP listeners when deleting BGP instance
- Generate RPKI CLI config even if no cache servers are configured
- Handle origin validation state extended community via route-map match
- Handle route-refresh requests received before EOR
- Implement retain route-target all behavior
- Improve labelpool performance at scale
- Inconsistencies in snt counters with default-originate
- Prevent memory leak of the listener on shutdown
- Print peer’s hostname for BGP (filtering) messages
- Print source VRF name when leaking to another VRF
- Release RCU lock in BGP keepalive pthread
- Reset BGP sessions when changing the port
- Send route updates when modifying access/aspath/prefix lists
- Set TTL for iBGP/eBGP by checking only if generic TTL security applied
- Show cache server preference in show rpki cache-server output
- Show extended communities memory consumption
- Show TTL value unconditionally for neighbors
- Start conditional advertisement timer instantly
- Stop conditional advertisements thread when terminating
- Stop LLGR thread when deleting a peer and/or gr flags changed
- Treat as withdraw if we receive as path with as_set / as_confed_set
- When specifying listen address for BGP we shouldn’t imply no-fib flag
- Withdraw implicitly old paths from VRFs when import/export list changes
- Ensure that bgp open message stream has enough data to read
- Notify BGP conditional advertisement thread when the peer goes down
bmp
- Add an interface source to BMP connect command
- Add L3VPN support
eigrpd
- VRF variable name hides a parameter of the same name
fabricd
- Turn off excessive logging when peering will not come up
isisd
- Ensure rcap is freed in error case
- Fix crash with xfrm interface type
- Fix memory leak on shutdown with prefix lists
- Fix prefix-sid last-hop-behavior
ldpd
- Check if the thread is scheduled before calling for remained time
lib
- Abstract usage of ‘%pnhs’ so that next-hop groups can use it too
- Add errno details to the sockopt_reuseaddr API
- Add sys_rawio to the capabilities definitions
- Allow downgrade of all caps when none are specified
- Allow using ipv4 (class e) reserved block if enabled
- Check hostname in resolver_resolve
- Cleanup red-herring memleaks in the parent of daemonizing fork
- Ensure ls_msg2edge does not use memory after freeing
- Fix show route-map name json command and memory leak
- Fix memory leak in zclient_send_localsid()
- Fix skip of every other plist deletion
- Fixup workqueue.c to use the proper thread.h semantics
- Function crypt does not need to be declared mid function
- Increase next-hop flags size to 16 bits
- Prevent uninitialized usage of data
- Remove usage of inet_ntop in lib/sockopt.c
- Require at least 2.1.42 version of sysrepo when compiling
- Return 0 as the remaining msec if the thread is not scheduled
- stream_dup memory alloc cannot fail
- Update sysrepo code with the latest API changes
- Use pi4 instead of inet_ntop in sockopt.c
nhrpd
- Use frr_weak_random()
- Use nhrp_interface_update_nbma when source VRF was changed
ospf6d
- Don’t remove the summary route if it is a range
- Ensure that ospf6d does not memcpy beyond the end of the data
- Fix missing cost change
- Permit route delete without next-hops
- Remove ospf6enabled from JSON output
ospfd
- Add how many packets the interface has queued to send
- Add router-id support to OSPF API
- Added CLIs to change default timers for lsa refresh and maxage remove delay.
- Adding per neighbor JSON details to gr helper detail command
- Crash when router acts as gr helper upon a topo change
- Fix show ip ospf neighbour <nbrid> command
- Increase packets sent at one time in ospf_write
- Refactor fifo_flush for the interface
- Remove deprecated command graceful-restart helper-only
- When a neighbor goes down clear the oi->obuf if we can
- Catch and report too small LSAs
- Remove assert on zero length LSA - which is permitted by spec
- Fix bug where acks were not be generated to incoming P2P/P2MP neighbors
pathd
- no mpls-te on command was not working
- Add a zebra stop handler
- Change the vty output, when no ted is enabled on pathd
- Ensure the path is free’d after we no longer need it
- Nai adjacency fix query type f for IPv5
pim6d
- (*,g) mroutes not learnt after pim6d daemon restart
- Lots of CLI changes regarding MLD
- Lots of CLI changes regarding PIMv6
- Clear interface stats on interface shutdown
- Disable pim6d compilation by default
- Don’t enable MLD on pimreg interface
- Fix the code for MLD in the show pim state command
- mroute stuck in register state, multicast traffic getting drops
- Register message getting dropped in the source node, mroute stuck in regj
- Send register msg with IPv6 global address
- Update last_member_query_interval and last_member_query_count
- Use ttable for displaying show commands
- Deleting the memory malloced for JSON
- Adding JSON support for show ipv6 next-hop
- Send register msg via register socket
- Change the show running commands based on the address family
- Set rp to true if the address matches, ignore prefix-length
pimd
- Allow v6 to do non-integrated configuration
- Assign a vty port value for v6
- Cleanup rpf lookup debug to help us figure out what is going on
- Correct the order of show JSON for interface traffic
- During prune pending, behave as noinfo state
- Fix invalid memory access join_timer_stop
- Fix memleak in bfd profile
- Fix PIM interface deletion flow
- Fix static mroute to also take into account the input interface
- Fix the setting of oif_flags in channel oil
- Fix unaligned accesses
- Handle receive of (*,g) register stop with src addr as 0
- Igmp querier election is not correct in lan scenario
- JSON support for next-hop
- Let the end operator know the ifindex as well in t…
FRR 8.3.1 Release
We are pleased to announce FRR 8.3.1.
Debian Packages - https://deb.frrouting.org
RPM Packages - https://rpm.frrouting.org
Snaps - https://snapcraft.io/frr
Docker - frrouting/frr:v8.3.1
Release Overview
- Handle CTRL+Z without exiting the VTY shell
- In the 8.3 release, the CTRL+Z combination exited the VTY shell, it’s back again!
- Ignore end when parsing frr.conf
- If frr.conf has end inside the config, BGP peering starts only after 10 minutes. This is because parsing the end keyword stopped hooks from reaching the end of the configuration and BGP thoughts the configuration is not ready.
Changelog
bgpd
- Do not announce routes that are conditionally withdrawn (a gap between conditional advertisement interval)
- Fix crash for show bgp l2vpn evpn route rd
- Do not overwrite the Link-Local address with another interface for the next-hop cache
- Call a hook when the as-path filter is replaced
- Fix memory leak when cleaning up MPLS labels
isisd
- Fix memory leak when deleting adjacency
ldpd
- Fix crash when hold time is configured to 65535
ospfd
- Fix crash when the router is running in GR helper mode and receives a new LSA
pimd
- Fix memory leak for show ip pim interface
- Allow the same group/source route to be configured on more than one interface
vtysh
- Handle CTRL+Z without exiting the VTY shell
- Ignore end when parsing frr.conf
zebra
- Avoid buffer overflow when parsing nested route attributes for SR-IPv6
- Fix missing VNI transition, e.g.: show evpn vni detail
FRR 8.3 Release
We are pleased to announce FRR 8.3.
FRR 8.3 brings a long list of enhancements and fixes with 1000+ commits from 67 developers. Thanks to all contributors.
Debian Packages - https://deb.frrouting.org
RPM Packages - https://rpm.frrouting.org
Snaps - https://snapcraft.io/frr
Docker - frrouting/frr:v8.3
Release Overview****Features
- Notification Message support for BGP Graceful Restart
(http://docs.frrouting.org/en/latest/bgp.html#clicmd-bgp-graceful-restart-notification) - BGP Cease Notification Subcode For BFD
- Send Hold Timer for BGP
- RFC5424 syslog support
(http://docs.frrouting.org/en/latest/extlog.html?#clicmd-destination-syslog-supports-rfc5424) - PIM passive command
(http://docs.frrouting.org/en/latest/pim.html#clicmd-ip-pim-passive)
Breaking changes
- Require librtr >= 0.8.0 for BGP RPKI
Changelog
General
- Add camelcase json keys in addition to pascalcase (Wrong JSON keys will be depracated)
- Fix corruption when route-map delete/add sequence happens (fast re-add)
- Reworked gRPC
- RFC5424 & journald extended syslog target
bfdd
- Fix broken FSM in active/passive modes
bgpd
- Notification Message Support for BGP Graceful Restart (rfc8538)
- BGP Cease Notification Subcode For BFD
- Send Hold Timer for BGP (own implementation without an additional knob)
- New set as-path replace command for BGP route-map
- New match peer command for BGP route-map
- New ead-es-frag evi-limit command for EVPN
- New match evpn route-type command for EVPN route-map to match Type-1/Type-4
- JSON outputs for all RPKI show commands
- Set attributes via route-map for BGP conditional advertisements
- Pass non-transitive extended communities between RS and RS-clients
- Send MED attribute when aggregate prefix is created
- Require librtr >= 0.8.0 for RPKI to fix connection handling (failover)
- Fix aspath memory leak in aggr_suppress_map_test
- Fix crash for show ip bgp vrf all all neighbors 192.168.0.1 …
- Fix crash for show ip bgp vrf all all
- Fix memory leak for BGP Community Alias in CLI
- Fix memory leak when setting BGP community at egress
- Fix memory leak when setting BGP large-community at egress
- Fix SR color nexthop processing in BGP
- Fix setting local-preference in route-map using +/-
- Fix crash using Lua and route-map to set attributes via scripts
- Fix crash when issuing various forms of bgp no-rib
isisd
- JSON output for show summary command
- Fix crash when MTU mismatch occurs
- Fix crash with xfrm interface type
- Fix infinite loop when parsing LSPs
- Fix router capability TLV parsing issues
vtysh
- New show thread timers command
ospfd6
- Add LSA statistics to LSA database
- Add LSA stats to show area json output
- Show time left in hello timer for show ipv6 ospf6 int
- Permit route deletion without nexthops
- Restart SPF when distance is updated
- Stop refreshing Type-5 from NSSA
- Support keychain for ospf6 authentication
ospfd
- New show ip ospf reachable-routers command
- Restart SPF when distance is updated
- Use consistent JSON keys for show ip ospf neighbor and detail version
pimd
- Add additional IGMP stats
- Add IGMP join sent/failed statistics
- Add IGMP total groups and total source groups to statistics
- New debug igmp trace detail command
- New ip pim passive command
- JSON support added for command show ip igmp sources
- Allow the LPM match work properly with prefix lists and normal RP’s
- Do not allow 224.0.0.0/24 range in IGMP join
- Fix IGMP packet/query check
- Handle PIM join/prune receive flow for IPv6
- Handle receive of (*,G) register stop with source address as 0
- Handle of exclude mode IGMPv3 report messages for SSM-aware group
- Handle of IGMPv2 report message for SSM-aware group range
- Send immediate join with possible sg rpt prune bit set
- Show group-type under show ip pim rp-info
- Show total received messages IGMP stats
staticd
- Capture zebra’s advertised ECMP limit
- Don’t register existing nexthop to Zebra
- Reject route config with too many nexthops
- Track nexthops per-safi
watchfrr
- Add some more information to show watchfrr
- Send operational state to systemd
zebra
- Add ability to know when FRR is not ASIC offloaded
- Add command for setting protodown bit
- Add dplane type for netconf data
- Add ECMP supported to show zebra
- Add EVPN status to show zebra
- Add if v4/v6 forwarding is turned on/off to show zebra
- Add initial zebra tracepoint support
- Add kernel nexthop group support to show zebra
- Add knowledge about ra and rfc 5549 to show zebra
- Add mpls status to show zebra
- Add netlink debug dump for netconf messages
- Add netlink debugs for ip rules
- Add OS and version to show zebra
- Add support for end.dt4
- Add to show zebra the type of vrf devices being used
- Allow *BSD to specify a receive buffer size
- Allow multiple connected routes to be choosen for kernel routes
- Allow system routes to recurse through themselves
- Don’t send RAs w/o link-local v6 or on bridge-ports
- Evpn disable remove l2vni from l3vni list
- Evpn-mh bonds protodown check for set
- Evpn-mh use protodown update reason api
- Fix cleanup of meta queues on vrf disable
- Fix crash in evpn neigh cleanup all
- Fix missing delete vtep during vni transition
- Fix missing vrf change of l2vni on vxlan interface
- Fix rtadv startup when config read in is before interface up
- Fix use after deletion event in FreeBSD
- Fix v6 route replace failure turned into success
- Get zebra graceful restart working when restarting on *BSD
- Handle FreeBSD routing socket enobufs
- Handle protodown netlink for vxlan device
- Include mpls enabled status in interface output
- Include old reason in evpn-mh bond update
- Keep the interface flags safe on multiple ioctl calls
- Let /32 host route with same ip cross vrf
- Make router advertisement warnings show up once every 6 hours
- Prevent crash if zebra_route_all is used for a route type
- Prevent installation of connected multiple times
- Protodown-up event trigger interface up
- Register nht nexthops with proper safi
- Update advertise-svi-ip macips w/ new mac
- When handling unprocessed messages from kernel print usable string
- New show ip nht mrib command
- Handle ENOBUFS errors for FreeBSD
Contributors
- ARShreenidhi
- Abhinay Ramesh
- anlan_cs
- Anuradha Karuppiah
- Balaji Gurudoss
- Bijan
- Carl Baldwin
- Chirag Shah
- Christian Hopps
- Christian Poessinger
- ckishimo
- David Lamparter
- David Schweizer
- Dmitrii Turlupov
- Donald Sharp
- Donatas Abraitis
- Eugene Crosser
- ewlumpkin
- Fabio Antonini
- Francois Dumontet
- G. Paul Ziemba
- Igor Ryzhov
- Iqra Siddiqui
- Jafar Al-Gharaibeh
- Javier Garcia
- Juraj Vijtiuk
- Kuldeep Kashyap
- Loganaden Velvindron
- Louis Scalbert
- lynnemorrison
- Manoj Naragund
- Mark Stapp
- Martin Buck
- Martin Winter
- Mobashshera Rasool
- nguggarigoud
- Nobuhiro MIKI
- nsaigomathi
- Olivier Dugeon
- Pavel Shirshov
- Philippe Guibert
- plsaranya
- Punith Kumar
- qingkaishi
- Quentin Young
- Rafael Zalamena
- Rajesh Varatharaj
- Renato Westphal
- rgirada
- ron
- Ryoga Saito
- Sai Gomathi
- saravanank
- Sarita Patra
- Stephen Worley
- Tomi Salminen
- Trey Aspelund
- vdhingra
- Ville Skyttä
- Volodymyr Huti
- whichbug
- Xiao Liang
- Yash Ranjan
FRR 8.2.2 Release
FRR 8.1.0 Release
FRR 8.0.1 Release
We are pleased to announce FRR 8.0.1
This release is a bugfix release of FRR 8.0.0 and contains the fixes listed below
- Debian Packaging - https://deb.frrouting.org/
- RPM Packaging - https://rpm.frrouting.org/
Snaps will be available within approx another week; when available they will be published here:
- Snap Packaging - https://snapcraft.io/frr
Additional release build logs, artifacts and package sources can also be found on
the CI system at https://ci1.netdef.org/browse/FRR-FRR80-20/artifact
Changelog
(Numbers behind the fix refer to the Github PR)
bgpd
- #9146 associate correct nexthop when using peer link-local
- #9151 BGP dampening JSON fixes
- #9356 bgp_packet_process_error can access peer after deletion
- #9168 Call bgp_dest_unlock_node() inside bgp_adj_in_remove()
- #9263 Clear capabilities field when resetting a bgp neighbor
- #9171 Do not check for NULL values for vni_hash_cmp()
- #9145 Do not delete peer_af structure when deactivating peer-group from an
address-family - #9160 Don’t forget bgp_dest_unlock_node for bgp_static_set()
- #9230 Drop double-pointer for bgp_damp_info_free()
- #9152 Drop unnecessary chars for filtered reason
- #9141 Ensure v6 LL address is available before establishing peering
- #9407 Extended community bandwidth fixes
- #9358 Fix bgp routes filtering by [large]community-list
- #9226 Fix crash in "clear ip bgp dampening "
- #9223 fix double free in dampening code (fixes crash in dampening)
- #9245 fix missing damp info free when cleaning bgp path
- #9233 fix missing list add in dampening
- #9501 fix update-source for ipv6
- #9127 Fix rpki spacing to be 1 for indentation
- #9136 Force process networks on VRF creation
- #9170 hash compare functions never receive null values
- #9311 limit the length of opaque data sent to zebra
- #9221 Mark the node as the correct type for bgp ipv6 unicast
- #9142 nht unresolved with global address next-hop
- #9155 prevent routes loop through itself
- #9149 Reflect changes to pfxSnt when using default-originate
- #9257 Set extended msg size only if we advertised and received
capability - #9398 Stop prepending peer-as if self-originated and last AS
configured - #9161 Unlock bgp_dest for bgp_distance_unset if distance does not
match - #9266 Use strict AS4 capability when processing parsing/generating
pkts - #9320 per-peer dampening revert
fabricd
- #9132 fix running config
isisd
- #9177 argv fixes
- #9139 fix extra space in the mpls-te config output
- #9147 fix setting of the attached bit
- #9137 fix uninitialized variable when searching for LSP
- #9173 update interface_link_params callback to check for change
lib
- #9172 fix interface configuration after vrf change
- #9425 fix prefix-list duplication check
- #9122 remove vrf-interface config when removing the VRF
- #9415 Scan lib/resolver.c only when c-ares is installed
- #9277 Preserve user-configured VRF on netns deletion
nhrp
- #9279 fix display of nhs command
ospf6d
- #9154 always generate default route for stubs
- #9359 Check the cost only when asbr_present for ECMP routes
- #9119 consistent checksum JSON output
- #9296 fix argument processing in the “area … range” command
- #9125 fix backlink check
- #9118 fix route-map config changed, not getting applied on all types of
routes - #9121 fix “show ipv6 ospf6 neighbor” command
- #9117 Max aged LSAs are not getting deleted from DB
- #9124 redistribute command minor fixes
- #9134 Release last dbdesc packet after router dead interval
- #9123 Drop LSA with bad seqnumber
- #9140 use per-vrf router id instead of one global
ospfd
- #9208 don’t exit when VRF socket is not created
- #9421 explicitly exit from the router configuration node
- #9135 fix external lsa handling in opaque capabilities
enable/disable - #9423 fix initialization when vrf doesn’t exist yet
- #9268 fix “no ip ospf passive” command
- #9153 fix ospfd crash while giving ‘clear ip ospf neighbor’
- #9392 ospf redistribute originating LSA internal connected routes
- #9130 show ip ospf route json does not shown metric and tag
- #9433 Summarised External LSA is not flushed in one scenario
- #9173 update interface_link_params callback to check for
change
pathd
- #9329 a couple of cli/doc fixes
- #9156 don’t use localtime
- #9409 fix pcep node-entering commands
pimd
- #9186 fix IGMP VRF handling and PIM RP Prefix-list matching
- #9386 make show ip mroute output consistent
- #9297 memory leak fix and issue fix
ripd
- #9267 fix authentication key length
staticd
- fix bug of Null0 wrongly converted into blackhole in running config
#9144
tools
- #9131 add mac access-list context to frr-reload.py
- #9138 limit bgp route-maps to direct changes only during reload
- #9133 make frr-reload recognize pbr table range lines as single-line
contexts
vtysh
- #9183 another take at “enable” in vtysh user mode
- #9128 Handle end/enable commands better when in -u for vtysh
- #9157 fix exit from link-params and pseudowire nodes
zebra
- #9275 bugfix of error quit of zebra, due to no nexthop ACTIVE
- #9387 clean up nhg allocations in error path
- #9169 fix a couple of coverity warnings
- #9150 fix ifp pointer for groups/recursives
- #9174 Fix pseudowires with backup nexthops
- #9351 Prevent memory leak if route is rejected early
- #9278 remove checks for src address existence when using “set src”
- #9129 Remove unrelated info from evpn rmac json output
- #9159 trigger remove all access vlans info for access port
- #9277 Preserve user-configured VRF on netns deletion
build
- #9158 fix LDFLAGS confusion & gcov
doc
- #9270 bump sphinx version to 4.0.2, remove deprecated API, fix developer
docs not built - #9276 fix bgp user doc colons
- #9274 Fix code-block display for example shell commands
- #9377 move ospf6 area commands to the appropriate section
- #9406 Replace typo BANDIWDTH to BANDWIDTH
redhat
- #9349 Install frr.conf only if no per daemon config exists
snapcraft
- #9430 Snap update to 18.04 base
Related news
Debian Linux Security Advisory 5495-1 - Multiple vulnerabilities were discovered in frr, the FRRouting suite of internet protocols, while processing malformed requests and packets the BGP daemon may have reachable assertions, NULL pointer dereference, out-of-bounds memory access, which may lead to denial of service attack.
Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers. The three vulnerabilities reside in version 8.4 of FRRouting, a popular open source internet routing protocol suite for Linux and Unix platforms. It's currently used by several