From bf0248730f41647884683cebede2127ec4702d32 Mon Sep 17 00:00:00 2001 From: Alexandre Derumier Date: Tue, 16 Oct 2018 05:46:40 +0200 Subject: [PATCH] import debianpkg directory as debian --- debian/.gitignore | 1 + debian/Makefile.am | 47 + debian/README.Debian | 97 ++ debian/README.Maintainer | 22 + debian/backports/.gitignore | 2 + debian/backports/README | 28 + debian/backports/debian8/debian/source/format | 1 + debian/backports/debian8/exclude | 0 debian/backports/debian8/versionext | 1 + debian/backports/debian9/debian/source/format | 1 + debian/backports/debian9/exclude | 0 debian/backports/debian9/versionext | 1 + debian/backports/rules | 137 ++ debian/backports/ubuntu12.04/debian/control | 56 + .../backports/ubuntu12.04/debian/frr.install | 1 + .../backports/ubuntu12.04/debian/frr.postinst | 1 + .../backports/ubuntu12.04/debian/frr.postrm | 1 + debian/backports/ubuntu12.04/debian/rules | 162 ++ .../ubuntu12.04/debian/source/format | 1 + debian/backports/ubuntu12.04/exclude | 0 debian/backports/ubuntu12.04/versionext | 1 + debian/backports/ubuntu14.04/debian/control | 56 + .../backports/ubuntu14.04/debian/frr.install | 11 + .../backports/ubuntu14.04/debian/frr.postinst | 38 + .../backports/ubuntu14.04/debian/frr.postrm | 14 + debian/backports/ubuntu14.04/debian/rules | 203 +++ .../ubuntu14.04/debian/source/format | 1 + debian/backports/ubuntu14.04/exclude | 0 debian/backports/ubuntu14.04/versionext | 1 + .../ubuntu16.04/debian/source/format | 1 + debian/backports/ubuntu16.04/exclude | 0 debian/backports/ubuntu16.04/versionext | 1 + debian/backports/ubuntu17.10/debian/control | 54 + .../ubuntu17.10/debian/source/format | 1 + debian/backports/ubuntu17.10/exclude | 0 debian/backports/ubuntu17.10/versionext | 1 + debian/backports/ubuntu18.04/debian/control | 54 + .../ubuntu18.04/debian/source/format | 1 + debian/backports/ubuntu18.04/exclude | 0 debian/backports/ubuntu18.04/versionext | 1 + debian/changelog.in | 1429 +++++++++++++++++ debian/compat | 1 + debian/control | 54 + debian/copyright | 29 + debian/frr-dbg.lintian-overrides | 1 + debian/frr-doc.docs | 5 + debian/frr-doc.info | 1 + debian/frr-doc.install | 1 + debian/frr-doc.lintian-overrides | 1 + debian/frr-pythontools.install | 1 + debian/frr.conf | 2 + debian/frr.dirs | 8 + debian/frr.docs | 2 + debian/frr.install | 12 + debian/frr.lintian-overrides | 6 + debian/frr.logrotate | 27 + debian/frr.manpages | 15 + debian/frr.pam | 3 + debian/frr.postinst | 37 + debian/frr.postrm | 12 + debian/frr.preinst | 81 + debian/frr.prerm | 23 + debian/rules | 229 +++ debian/source/format | 1 + debian/tests/control | 3 + debian/tests/daemons | 30 + debian/watchfrr.rc | 4 + 67 files changed, 3017 insertions(+) create mode 100644 debian/.gitignore create mode 100644 debian/Makefile.am create mode 100644 debian/README.Debian create mode 100644 debian/README.Maintainer create mode 100644 debian/backports/.gitignore create mode 100644 debian/backports/README create mode 100644 debian/backports/debian8/debian/source/format create mode 100644 debian/backports/debian8/exclude create mode 100644 debian/backports/debian8/versionext create mode 100644 debian/backports/debian9/debian/source/format create mode 100644 debian/backports/debian9/exclude create mode 100644 debian/backports/debian9/versionext create mode 100755 debian/backports/rules create mode 100644 debian/backports/ubuntu12.04/debian/control create mode 120000 debian/backports/ubuntu12.04/debian/frr.install create mode 120000 debian/backports/ubuntu12.04/debian/frr.postinst create mode 120000 debian/backports/ubuntu12.04/debian/frr.postrm create mode 100755 debian/backports/ubuntu12.04/debian/rules create mode 100644 debian/backports/ubuntu12.04/debian/source/format create mode 100644 debian/backports/ubuntu12.04/exclude create mode 100644 debian/backports/ubuntu12.04/versionext create mode 100644 debian/backports/ubuntu14.04/debian/control create mode 100644 debian/backports/ubuntu14.04/debian/frr.install create mode 100644 debian/backports/ubuntu14.04/debian/frr.postinst create mode 100644 debian/backports/ubuntu14.04/debian/frr.postrm create mode 100755 debian/backports/ubuntu14.04/debian/rules create mode 100644 debian/backports/ubuntu14.04/debian/source/format create mode 100644 debian/backports/ubuntu14.04/exclude create mode 100644 debian/backports/ubuntu14.04/versionext create mode 100644 debian/backports/ubuntu16.04/debian/source/format create mode 100644 debian/backports/ubuntu16.04/exclude create mode 100644 debian/backports/ubuntu16.04/versionext create mode 100644 debian/backports/ubuntu17.10/debian/control create mode 100644 debian/backports/ubuntu17.10/debian/source/format create mode 100644 debian/backports/ubuntu17.10/exclude create mode 100644 debian/backports/ubuntu17.10/versionext create mode 100644 debian/backports/ubuntu18.04/debian/control create mode 100644 debian/backports/ubuntu18.04/debian/source/format create mode 100644 debian/backports/ubuntu18.04/exclude create mode 100644 debian/backports/ubuntu18.04/versionext create mode 100644 debian/changelog.in create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/frr-dbg.lintian-overrides create mode 100644 debian/frr-doc.docs create mode 100644 debian/frr-doc.info create mode 100644 debian/frr-doc.install create mode 100644 debian/frr-doc.lintian-overrides create mode 100644 debian/frr-pythontools.install create mode 100644 debian/frr.conf create mode 100644 debian/frr.dirs create mode 100644 debian/frr.docs create mode 100644 debian/frr.install create mode 100644 debian/frr.lintian-overrides create mode 100644 debian/frr.logrotate create mode 100644 debian/frr.manpages create mode 100644 debian/frr.pam create mode 100644 debian/frr.postinst create mode 100644 debian/frr.postrm create mode 100644 debian/frr.preinst create mode 100644 debian/frr.prerm create mode 100755 debian/rules create mode 100644 debian/source/format create mode 100644 debian/tests/control create mode 100644 debian/tests/daemons create mode 100644 debian/watchfrr.rc diff --git a/debian/.gitignore b/debian/.gitignore new file mode 100644 index 0000000..6d10dce --- /dev/null +++ b/debian/.gitignore @@ -0,0 +1 @@ +changelog diff --git a/debian/Makefile.am b/debian/Makefile.am new file mode 100644 index 0000000..e7ae4bb --- /dev/null +++ b/debian/Makefile.am @@ -0,0 +1,47 @@ + +EXTRA_DIST = README.Debian README.Maintainer \ + changelog compat control copyright \ + rules source/format tests/control \ + tests/daemons watchfrr.rc \ + backports/README backports/rules \ + backports/debian8/debian/source/format \ + backports/debian8/exclude \ + backports/debian8/versionext \ + backports/debian9/debian/source/format \ + backports/debian9/exclude \ + backports/debian9/versionext \ + backports/ubuntu12.04/debian/control \ + backports/ubuntu12.04/debian/frr.install \ + backports/ubuntu12.04/debian/frr.postinst \ + backports/ubuntu12.04/debian/frr.postrm \ + backports/ubuntu12.04/debian/rules \ + backports/ubuntu12.04/debian/source/format \ + backports/ubuntu12.04/exclude \ + backports/ubuntu12.04/versionext \ + backports/ubuntu14.04/debian/control \ + backports/ubuntu14.04/debian/frr.install \ + backports/ubuntu14.04/debian/frr.postinst \ + backports/ubuntu14.04/debian/frr.postrm \ + backports/ubuntu14.04/debian/rules \ + backports/ubuntu14.04/debian/source/format \ + backports/ubuntu14.04/exclude \ + backports/ubuntu14.04/versionext \ + backports/ubuntu16.04/debian/source/format \ + backports/ubuntu16.04/exclude \ + backports/ubuntu16.04/versionext \ + backports/ubuntu17.10/debian/control \ + backports/ubuntu17.10/debian/source/format \ + backports/ubuntu17.10/exclude \ + backports/ubuntu17.10/versionext \ + backports/ubuntu18.04/debian/control \ + backports/ubuntu18.04/debian/source/format \ + backports/ubuntu18.04/exclude \ + backports/ubuntu18.04/versionext \ + frr-doc.docs frr-doc.info frr-doc.install \ + frr-doc.lintian-overrides frr.conf \ + frr-dbg.lintian-overrides \ + frr.dirs frr.docs frr.install \ + frr.lintian-overrides frr.logrotate \ + frr.manpages frr.pam frr.postinst frr.postrm \ + frr.preinst frr.prerm \ + frr-pythontools.install diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..1b04803 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,97 @@ +* SAFETY MEASURES: +================== + +Please consider setting this package "on hold" by typing + echo "frr hold" | dpkg --set-selections +and verifying this using + dpkg --get-selections | grep 'hold$' + +Setting a package "on hold" means that it will not automatically be upgraded. +Instead apt-get only displays a warning saying that a new version would be +available forcing you to explicitly type "apt-get install frr" to upgrade it. + + +* What is frr? +================= + +http://www.frrouting.org/ +FRR is a routing software suite, providing implementations of OSPFv2, +OSPFv3, RIP v1 and v2, RIPng, ISIS, PIM, BGP and LDP for Unix platforms, particularly +FreeBSD and Linux and also NetBSD, to mention a few. FRR is a fork of Quagga +which itself is a fork of Zebra. +Zebra was developed by Kunihiro Ishiguro. + + +* Why has SNMP support been disabled? +===================================== +FRR used to link against the NetSNMP libraries to provide SNMP +support. Those libraries sadly link against the OpenSSL libraries +to provide crypto support for SNMPv3 among others. +OpenSSL now is not compatible with the GNU GENERAL PUBLIC LICENSE (GPL) +licence that FRR is distributed under. For more explanation read: + http://www.gnome.org/~markmc/openssl-and-the-gpl.html + http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs +Updating the licence to explecitly allow linking against OpenSSL +would requite the affirmation of all people that ever contributed +a significant part to Zebra / Quagga or FRR and thus are the collective +"copyright holder". That's too much work. Using a shrinked down +version of NetSNMP without OpenSSL or convincing the NetSNMP people +to change to GnuTLS are maybe good solutions but not reachable +during the last days before the Sarge release :-( + + *BUT* + +It is allowed by the used licence mix that you fetch the sources and +build FRR yourself with SNMP with + + # export WANT_SNMP=1 + # apt-get -b source frr +Just distributing it in binary form, linked against OpenSSL, is forbidden. + + +* Daemon selection: +=================== + +The Debian package uses /etc/frr/daemons to tell the +initscript which daemons to start. It's in the format += +with no spaces (it's simply source-d into the initscript). +Default is not to start anything, since it can hose your +system's routing table if not set up properly. + +Priorities were suggested by Dancer . +They're used to start the FRR daemons in more than one step +(for example start one or two at network initialization and the +rest later). The number of FRR daemons being small, priorities +must be between 1 and 9, inclusive (or the initscript has to be +changed). /etc/init.d/frr then can be started as + +/etc/init.d/frr > + +where priority 0 is the same as 'stop', priority 10 or 'start' +means 'start all' + + +* Error message "privs_init: initial cap_set_proc failed": +========================================================== + +This error message means that "capability support" has to be built +into the kernel. + + +* Error message "netlink-listen: overrun: No buffer space available": +===================================================================== + +If this message occurs the receive buffer should be increased by adding the +following to /etc/sysctl.conf and "--nl-bufsize" to /etc/frr/daemons.conf. +> net.core.rmem_default = 262144 +> net.core.rmem_max = 262144 +See message #4525 from 2005-05-09 in the quagga-users mailing list. + + +* vtysh immediately exists: +=========================== + +Check /etc/pam.d/frr, it probably denies access to your user. The passwords +configured in /etc/frr/frr.conf are only for telnet access. + diff --git a/debian/README.Maintainer b/debian/README.Maintainer new file mode 100644 index 0000000..84b68e1 --- /dev/null +++ b/debian/README.Maintainer @@ -0,0 +1,22 @@ +# +# To check if the patches still apply on new upstream versions: +# +for i in debian/patches/*.diff; do echo -e "#\n# $i\n#"; patch --fuzz=3 --dry-run -p1 < $i; done + +# +# Filename transition from zebra to frr +# + +Files that keep their names + /usr/bin/vtysh + +Files that got an -pj suffix + /etc/default/zebra -> /etc/frr/daemons.conf + /etc/init.d/zebra -> /etc/init.d/frr + /etc/zebra/ -> /etc/frr/ + /usr/share/doc/zebra/ -> /usr/share/doc/frr/ + /var/log/zebra/ -> /var/log/frr/ + /var/run/ -> /var/run/frr/ + +Files that were moved + /usr/sbin/* -> /usr/lib/frr/ diff --git a/debian/backports/.gitignore b/debian/backports/.gitignore new file mode 100644 index 0000000..3b20d26 --- /dev/null +++ b/debian/backports/.gitignore @@ -0,0 +1,2 @@ +*/*.dirhash +*/debian/changelog diff --git a/debian/backports/README b/debian/backports/README new file mode 100644 index 0000000..efd322e --- /dev/null +++ b/debian/backports/README @@ -0,0 +1,28 @@ +This directory contains the debian directories for backports to other debian +platforms. These are built via the `3.0 (custom)' source format, which +allows one to build a source package directly out of tarballs (e.g. an +orig.tar.gz tarball and a debian.tar.gz file), at which point the format can +be changed to a real format (e.g. `3.0 (quilt)'). + +Source packages are assembled via targets of the same name as the system to +which the backport is done (e.g. `precise'), included in debian/rules. + +To create a new debian backport: + +* Add its name to `KNOWN_BACKPORTS', defined in debian/rules. +* Create a directory of the same name in debian/backports. +* Add the files `exclude', `versionext', and `debian/source/format' under + this directory: + * `exclude' contains whitespace-separated paths (relative to the root of + the source dir) that should be excluded from the source package (e.g. + debian/patches). + * `versionext' contains the suffix added to the version number for this + backport's build. Distributions often have guidelines for what this + should be. If left empty, no new debian/changelog entry is created. + * `debian/source/format' should contain the source format of the resulting + source package. As of of the writing of this document the only supported + format is `3.0 (quilt)'. +* Add appropriate files under the `debian/' subdirectory. These will be + included in the source package, overriding any top-level `debian/' files + with equivalent paths. + diff --git a/debian/backports/debian8/debian/source/format b/debian/backports/debian8/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/backports/debian8/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/backports/debian8/exclude b/debian/backports/debian8/exclude new file mode 100644 index 0000000..e69de29 diff --git a/debian/backports/debian8/versionext b/debian/backports/debian8/versionext new file mode 100644 index 0000000..4824521 --- /dev/null +++ b/debian/backports/debian8/versionext @@ -0,0 +1 @@ +-1~debian8+1 diff --git a/debian/backports/debian9/debian/source/format b/debian/backports/debian9/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/backports/debian9/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/backports/debian9/exclude b/debian/backports/debian9/exclude new file mode 100644 index 0000000..e69de29 diff --git a/debian/backports/debian9/versionext b/debian/backports/debian9/versionext new file mode 100644 index 0000000..db85932 --- /dev/null +++ b/debian/backports/debian9/versionext @@ -0,0 +1 @@ +-1~debian9+1 diff --git a/debian/backports/rules b/debian/backports/rules new file mode 100755 index 0000000..d0c6dcc --- /dev/null +++ b/debian/backports/rules @@ -0,0 +1,137 @@ +.PHONY: backports $(KNOWN_BACKPORTS) + +# error out if these files are missing +required_files = $(foreach backport,$(KNOWN_BACKPORTS), \ + $(addprefix debian/backports/$(backport)/, \ + debian/source/format \ + versionext \ + exclude)) +$(if $(filter-out $(wildcard $(required_files)),$(required_files)), \ + $(error missing required backports files: \ + $(filter-out $(wildcard $(required_files)),$(required_files)). \ + see debian/backports/README) \ +) + +TARBALLDIR ?= $(shell dh_testdir debian/changelog && realpath .) + +define backports-targets +# if this file is empty, no automatic changelog entry is created +VERSIONEXT_$(1) ?= $(strip \ + $(shell cat $(wildcard debian/backports/$(1)/versionext))) +DEBIAN_VERSION_$(1) = $(DEBIAN_VERSION)$$(VERSIONEXT_$(1)) +BACKPORTDIR_$(1) = $(realpath debian/backports/$(1)) + +# as of right now, must be '3.0 (quilt)' +SOURCEFORMAT_$(1) ?= $(strip \ + $(shell cat debian/backports/$(1)/debian/source/format)) + +# files checked for the dirhash (see below) +FINDCMD_$(1) = find -L debian/backports/$(1)/debian \ + -type f \ + ! -path debian/backports/$(1)/debian/changelog + +# files *not* pulled from the root debian directory into the backport tarball: +# debian/changelog (copied and edited for backport version entry) +# debian/backports itself (relevant contents are copied out separately) +# anything provided in the current backports debian dir +# anything specified in the 'exclude' file in the current backports debian dir +EXCLUDEROOT_$(1) = debian/changelog debian/backports \ + $$(subst debian/backports/$(1)/,,$$(shell $$(FINDCMD_$(1)))) \ + $$(shell cat debian/backports/$(1)/exclude) + +EXCLUDEROOT_TAR_$(1) = $$(foreach file,$$(EXCLUDEROOT_$(1)),--exclude $$(file)) +EXCLUDEROOT_FIND_$(1) = $$(foreach file,$$(EXCLUDEROOT_$(1)),-o -path $$(file)) + +# find command resulting in all files that *will* be pulled into the backport +# tarball. +FINDCMDROOT_$(1) = find -L debian/ \ + '(' -false $$(EXCLUDEROOT_FIND_$(1)) ')' -prune -o \ + -type f -a '!' '(' -false $$(EXCLUDEROOT_FIND_$(1)) ')' + +# usually using `find' output for dependencies has the downfall of not tracking +# file removal. Work around that by introducing a dependency on a file whose +# name contains the hash of `find' output, so that the name will change when a +# file is deleted. +DIRHASH_$(1) = \ + $$(shell $$(FINDCMD_$(1)) | sha1sum | sed -r 's/^(......).*/\1/') +DIRHASHROOT_$(1) = \ + $$(shell $$(FINDCMDROOT_$(1)) | sha1sum | sed -r 's/^(......).*/\1/') + +CONTROL_$(1) = $$(strip \ + $$(if $$(wildcard $$(BACKPORTDIR_$(1))/debian/control), \ + $$(BACKPORTDIR_$(1))/debian/control, \ + $(realpath debian/control) \ + )) + +# TARGETS: + +$(1): $(TARBALLDIR)/$(SRCPKG)_$$(DEBIAN_VERSION_$(1)).dsc ; + +# we use 3.0 (custom) to build a source package directly from tarballs, +# bypassing the usual checks (which wouldn't like our combination-of- +# directories approach) +$(TARBALLDIR)/$(SRCPKG)_$$(DEBIAN_VERSION_$(1)).dsc: + dpkg-source -l$$(BACKPORTDIR_$(1))/debian/changelog \ + -c$$(CONTROL_$(1)) \ + --format='3.0 (custom)' \ + --target-format='$$(SOURCEFORMAT_$(1))' \ + -b . $$^ + mv $(TARBALLDIR)/../$$(notdir $$@) $$@ + +ifeq ($$(SOURCEFORMAT_$(1)),3.0 (quilt)) +# this target depends on the orig.tar.gz file, for which there is no target in +# this makefile. It is assumed to either already exist or be built by a target +# provided elsewhere in debian/rules (e.g. via pristine-tar) +$$(if $$(findstring $(ORIG_VERSION),$$(DEBIAN_VERSION_$(1))), \ + $$(info downstream version matches upstream version (good)), \ + $$(error quilt format expects downstream version \ + ($$(DEBIAN_VERSION_$(1))) to contain upstream version \ + ($(ORIG_VERSION)). Make a new debian/changelog entry \ + to reflect the new upstream release) \ +) + +$(TARBALLDIR)/$(SRCPKG)_$$(DEBIAN_VERSION_$(1)).dsc: \ + $(TARBALLDIR)/$(SRCPKG)_$(ORIG_VERSION).orig.tar.gz \ + $(TARBALLDIR)/$(SRCPKG)_$$(DEBIAN_VERSION_$(1)).debian.tar.xz +else +$$(error unsupported source format for $(1) backport: $$(SOURCEFORMAT_$(1))) +endif #SOURCEFORMAT_$(1) + +# for 3.0 (quilt) +$(TARBALLDIR)/$(SRCPKG)_$$(DEBIAN_VERSION_$(1)).debian.tar.xz: \ + $$(BACKPORTDIR_$(1))/debian/changelog \ + $$(shell $$(FINDCMD_$(1))) \ + $$(BACKPORTDIR_$(1))/$$(DIRHASH_$(1)).backport.dirhash \ + $$(shell $$(FINDCMDROOT_$(1))) \ + $$(BACKPORTDIR_$(1))/$$(DIRHASHROOT_$(1)).root.dirhash \ + $$(BACKPORTDIR_$(1))/exclude + rm -f $$(subst .tar.xz,.tar,$$@) $$@ + tar -chf $$(subst .tar.xz,.tar,$$@) \ + --exclude-vcs $$(EXCLUDEROOT_TAR_$(1)) debian/ + cd debian/backports/$(1) && tar -uhf $$(subst .tar.xz,.tar,$$@) \ + --exclude-vcs debian/ + xz $$(subst .tar.xz,.tar,$$@) + +$$(BACKPORTDIR_$(1))/debian/changelog: \ + debian/changelog \ + debian/backports/$(1)/versionext + rm -f debian/backports/$(1)/debian/changelog + cp $$< $$@ + $(if $$(VERSIONEXT_$(1)), \ + dch -c $$@ -v '$$(DEBIAN_VERSION_$(1))' -b \ + 'backport to $(1) systems', \ + ) + +$$(BACKPORTDIR_$(1))/$$(DIRHASH_$(1)).backport.dirhash: + rm -f debian/backports/$(1)/*.backport.dirhash + touch $$@ + +$$(BACKPORTDIR_$(1))/$$(DIRHASHROOT_$(1)).root.dirhash: + rm -f debian/backports/$(1)/*.root.dirhash + touch $$@ + +endef # backports-targets +$(foreach backport,$(KNOWN_BACKPORTS),$(eval \ + $(call backports-targets,$(backport)))) + +backports: $(KNOWN_BACKPORTS) diff --git a/debian/backports/ubuntu12.04/debian/control b/debian/backports/ubuntu12.04/debian/control new file mode 100644 index 0000000..9bae348 --- /dev/null +++ b/debian/backports/ubuntu12.04/debian/control @@ -0,0 +1,56 @@ +Source: frr +Section: net +Priority: optional +Maintainer: Nobody +Uploaders: Nobody +XSBC-Original-Maintainer: +Build-Depends: debhelper (>= 7.0.50~), libncurses5-dev, libreadline-dev, texlive-latex-base, texlive-generic-recommended, libpam0g-dev | libpam-dev, libcap-dev, texinfo (>= 4.7), imagemagick, ghostscript, groff, autotools-dev, libpcre3-dev, gawk, chrpath, libsnmp-dev, git, dh-autoreconf, libjson0, libjson0-dev, pkg-config, python (>= 2.7), python-ipaddr +Standards-Version: 3.9.6 +Homepage: http://www.frrouting.org/ +XS-Testsuite: autopkgtest + +Package: frr +Architecture: any +Depends: ${shlibs:Depends}, logrotate (>= 3.2-11), ${misc:Depends} +Pre-Depends: adduser +Conflicts: zebra, zebra-pj, quagga +Replaces: zebra, zebra-pj +Suggests: snmpd +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon forked from Quagga + FRR is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, RIPng, + PIM and LDP as well as the IPv6 versions of these. + . + FRR is a fork of Quagga with an open community model. The main git + lives on https://github.com/frrouting/frr.git + +Package: frr-dbg +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, frr (= ${binary:Version}) +Priority: extra +Section: debug +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon (debug symbols) + This package provides debugging symbols for all binary packages built + from frr source package. It's highly recommended to have this package + installed before reporting any FRR crashes to either FRR developers or + Debian package maintainers. + +Package: frr-doc +Section: net +Architecture: all +Depends: ${misc:Depends} +Suggests: frr +Description: documentation files for FRR + This package includes info files for frr, a free software which manages + TCP/IP based routing protocols. It supports BGP4, BGP4+, OSPFv2, OSPFv3, + IS-IS, RIPv1, RIPv2, RIPng, PIM and LDP as well as the IPv6 versions of these. + +Package: frr-pythontools +Section: net +Architecture: all +Depends: ${misc:Depends}, frr (= ${binary:Version}), python (>= 2.7), python-ipaddr +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon (Python Tools) + This package includes info files for frr, a free software which manages + TCP/IP based routing protocols. It supports BGP4, BGP4+, OSPFv2, OSPFv3, + IS-IS, RIPv1, RIPv2, RIPng, PIM and LDP as well as the IPv6 versions of these. + diff --git a/debian/backports/ubuntu12.04/debian/frr.install b/debian/backports/ubuntu12.04/debian/frr.install new file mode 120000 index 0000000..83ecca5 --- /dev/null +++ b/debian/backports/ubuntu12.04/debian/frr.install @@ -0,0 +1 @@ +../../ubuntu14.04/debian/frr.install \ No newline at end of file diff --git a/debian/backports/ubuntu12.04/debian/frr.postinst b/debian/backports/ubuntu12.04/debian/frr.postinst new file mode 120000 index 0000000..eb98053 --- /dev/null +++ b/debian/backports/ubuntu12.04/debian/frr.postinst @@ -0,0 +1 @@ +../../ubuntu14.04/debian/frr.postinst \ No newline at end of file diff --git a/debian/backports/ubuntu12.04/debian/frr.postrm b/debian/backports/ubuntu12.04/debian/frr.postrm new file mode 120000 index 0000000..4f43808 --- /dev/null +++ b/debian/backports/ubuntu12.04/debian/frr.postrm @@ -0,0 +1 @@ +../../ubuntu14.04/debian/frr.postrm \ No newline at end of file diff --git a/debian/backports/ubuntu12.04/debian/rules b/debian/backports/ubuntu12.04/debian/rules new file mode 100755 index 0000000..7495db8 --- /dev/null +++ b/debian/backports/ubuntu12.04/debian/rules @@ -0,0 +1,162 @@ +#!/usr/bin/make -f + +# FRRouting Configuration options +###################################### +# +# WANT_xxxx --> Set to 1 for enable, 0 for disable +# The following are the defaults. They can be overridden by setting a +# env variable to a different value + +WANT_LDP ?= 1 +WANT_PIM ?= 1 +WANT_OSPFAPI ?= 1 +WANT_BGP_VNC ?= 1 +WANT_CUMULUS_MODE ?= 0 +WANT_MULTIPATH ?= 1 +WANT_SNMP ?= 0 + +# NOTES: +# +# If multipath is enabled (WANT_MULTIPATH=1), then set number of multipaths here +# Please be aware that 0 is NOT disabled, but treated as unlimited + +MULTIPATH ?= 256 + +# Set the following to the value required (or leave alone for the default below) +# WANT_FRR_USER is used for the username and groupname of the FRR user account + +WANT_FRR_USER ?= frr +WANT_FRR_VTY_GROUP ?= frrvty + +# Don't build PDF docs by default +GENERATE_PDF ?= 0 + +# +#################################### + +export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +export DH_OPTIONS=-v + +ifeq ($(WANT_SNMP), 1) + USE_SNMP=--enable-snmp + $(warning "DEBIAN: SNMP enabled, sorry for your inconvenience") +else + USE_SNMP=--disable-snmp + $(warning "DEBIAN: SNMP disabled, see README.Debian") +endif + +ifeq ($(WANT_LDP), 1) + USE_LDP=--enable-ldpd +else + USE_LDP=--disable-ldpd +endif + +ifeq ($(WANT_PIM), 1) + USE_PIM=--enable-pimd +else + USE_PIM=--disable-pimd +endif + +ifeq ($(WANT_OSPFAPI), 1) + USE_OSPFAPI=--enable-ospfapi=yes +else + USE_OSPFAPI=--enable-ospfapi=no +endif + +ifeq ($(WANT_BGP_VNC), 1) + USE_BGP_VNC=--enable-bgp-vnc=yes +else + USE_BGP_VNC=--enable-bgp-vnc=no +endif + +USE_FRR_USER=--enable-user=$(WANT_FRR_USER) +USE_FRR_GROUP=--enable-group=$(WANT_FRR_USER) +USE_FRR_VTY_GROUP=--enable-vty-group=$(WANT_FRR_VTY_GROUP) + +ifeq ($(WANT_MULTIPATH), 1) + USE_MULTIPATH=--enable-multipath=$(MULTIPATH) +else + USE_MULTIPATH=--disable-multipath +endif + +ifeq ($(WANT_CUMULUS_MODE), 1) + USE_CUMULUS=--enable-cumulus=yes +else + USE_CUMULUS=--enable-cumulus=no +endif + +ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + DEBIAN_JOBS := $(subst parallel=,,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +endif + +ifdef DEBIAN_JOBS +MAKEFLAGS += -j$(DEBIAN_JOBS) +endif + +%: + dh $@ --with=autoreconf --parallel --dbg-package=frr-dbg --list-missing + +override_dh_auto_configure: + # Frr needs /proc to check some BSD vs Linux specific stuff. + # Else it fails with an obscure error message pointing out that + # IPCTL_FORWARDING is an undefined symbol which is not very helpful. + @if ! [ -d /proc/1 ]; then \ + echo "./configure needs a mounted /proc"; \ + exit 1; \ + fi + + if ! [ -e config.status ]; then \ + dh_auto_configure -- \ + --enable-exampledir=/usr/share/doc/frr/examples/ \ + --localstatedir=/var/run/frr \ + --sbindir=/usr/lib/frr \ + --sysconfdir=/etc/frr \ + $(USE_SNMP) \ + $(USE_OSPFAPI) \ + $(USE_MULTIPATH) \ + $(USE_LDP) \ + --enable-fpm \ + $(USE_FRR_USER) $(USE_FRR_GROUP) \ + $(USE_FRR_VTY_GROUP) \ + --enable-configfile-mask=0640 \ + --enable-logfile-mask=0640 \ + --with-libpam \ + --enable-systemd=no \ + --enable-poll=yes \ + $(USE_CUMULUS) \ + $(USE_PIM) \ + --disable-bfdd \ + --enable-dependency-tracking \ + $(USE_BGP_VNC) \ + $(shell dpkg-buildflags --export=configure); \ + fi + +override_dh_auto_build: +ifeq ($(GENERATE_PDF), 1) + dh_auto_build -- -C doc pdf +endif + rm -vf doc/user/_build/texinfo/frr.info + dh_auto_build -- -C doc info + +override_dh_auto_test: + +override_dh_auto_install: + dh_auto_install + + # installed in frr-pythontools + rm debian/tmp/usr/lib/frr/frr-reload.py + + # cleaning up the info dir + rm -f debian/tmp/usr/share/info/dir* + + # install config files + mkdir -p debian/tmp/etc/frr/ + perl -pi -e 's#^!log file #!log file /var/log/frr/#' debian/tmp/usr/share/doc/frr/examples/*sample* + + # leftover from previously shipping SMUX client OID MIB + mkdir -p debian/tmp/usr/share/snmp/mibs + + # cleaning .la files + sed -i "/dependency_libs/ s/'.*'/''/" debian/tmp/usr/lib/*.la + sed -i "/dependency_libs/ s/'.*'/''/" debian/tmp/usr/lib/frr/modules/*.la diff --git a/debian/backports/ubuntu12.04/debian/source/format b/debian/backports/ubuntu12.04/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/backports/ubuntu12.04/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/backports/ubuntu12.04/exclude b/debian/backports/ubuntu12.04/exclude new file mode 100644 index 0000000..e69de29 diff --git a/debian/backports/ubuntu12.04/versionext b/debian/backports/ubuntu12.04/versionext new file mode 100644 index 0000000..159e2e4 --- /dev/null +++ b/debian/backports/ubuntu12.04/versionext @@ -0,0 +1 @@ +-1~ubuntu12.04+1 diff --git a/debian/backports/ubuntu14.04/debian/control b/debian/backports/ubuntu14.04/debian/control new file mode 100644 index 0000000..3f31f18 --- /dev/null +++ b/debian/backports/ubuntu14.04/debian/control @@ -0,0 +1,56 @@ +Source: frr +Section: net +Priority: optional +Maintainer: Nobody +Uploaders: Nobody +XSBC-Original-Maintainer: +Build-Depends: debhelper (>= 7.0.50~), libncurses5-dev, libreadline-dev, texlive-latex-base, texlive-generic-recommended, libpam0g-dev | libpam-dev, libcap-dev, texinfo (>= 4.7), imagemagick, ghostscript, groff, autotools-dev, libpcre3-dev, gawk, chrpath, libsnmp-dev, git, dh-autoreconf, libjson-c-dev, libjson-c2, pkg-config, python (>= 2.7), python-ipaddr +Standards-Version: 3.9.6 +Homepage: http://www.frrouting.org/ +XS-Testsuite: autopkgtest + +Package: frr +Architecture: any +Depends: ${shlibs:Depends}, logrotate (>= 3.2-11), ${misc:Depends} +Pre-Depends: adduser +Conflicts: zebra, zebra-pj, quagga +Replaces: zebra, zebra-pj +Suggests: snmpd +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon forked from Quagga + FRR is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, RIPng, + PIM and LDP as well as the IPv6 versions of these. + . + FRR is a fork of Quagga with an open community model. The main git + lives on https://github.com/frrouting/frr.git + +Package: frr-dbg +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, frr (= ${binary:Version}) +Priority: extra +Section: debug +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon (debug symbols) + This package provides debugging symbols for all binary packages built + from frr source package. It's highly recommended to have this package + installed before reporting any FRR crashes to either FRR developers or + Debian package maintainers. + +Package: frr-doc +Section: net +Architecture: all +Depends: ${misc:Depends} +Suggests: frr +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon (documentation) + This package includes info files for frr, a free software which manages + TCP/IP based routing protocols. It supports BGP4, BGP4+, OSPFv2, OSPFv3, + IS-IS, RIPv1, RIPv2, RIPng, PIM and LDP as well as the IPv6 versions of these. + +Package: frr-pythontools +Section: net +Architecture: all +Depends: ${misc:Depends}, frr (= ${binary:Version}), python (>= 2.7), python-ipaddr +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon (Python Tools) + This package includes info files for frr, a free software which manages + TCP/IP based routing protocols. It supports BGP4, BGP4+, OSPFv2, OSPFv3, + IS-IS, RIPv1, RIPv2, RIPng, PIM and LDP as well as the IPv6 versions of these. + diff --git a/debian/backports/ubuntu14.04/debian/frr.install b/debian/backports/ubuntu14.04/debian/frr.install new file mode 100644 index 0000000..0b0d953 --- /dev/null +++ b/debian/backports/ubuntu14.04/debian/frr.install @@ -0,0 +1,11 @@ +etc/frr/ +usr/bin/vtysh +usr/bin/mtracebis +usr/include/frr/ +usr/lib/ +tools/frr etc/init.d/ +usr/share/doc/frr/ +usr/share/snmp/mibs/ +tools/etc/* etc/ +tools/*.service lib/systemd/system +debian/frr.conf usr/lib/tmpfiles.d diff --git a/debian/backports/ubuntu14.04/debian/frr.postinst b/debian/backports/ubuntu14.04/debian/frr.postinst new file mode 100644 index 0000000..5a14e51 --- /dev/null +++ b/debian/backports/ubuntu14.04/debian/frr.postinst @@ -0,0 +1,38 @@ +#!/bin/bash -e + +###################### +PASSWDFILE=/etc/passwd +GROUPFILE=/etc/group + +frruid=`egrep "^frr:" $PASSWDFILE | awk -F ":" '{ print $3 }'` +frrgid=`egrep "^frr:" $GROUPFILE | awk -F ":" '{ print $3 }'` +frrvtygid=`egrep "^frrvty:" $GROUPFILE | awk -F ":" '{ print $3 }'` + +[ -n ${frruid} ] || (echo "No uid for frr in ${PASSWDFILE}" && /bin/false) +[ -n ${frrgid} ] || (echo "No gid for frr in ${GROUPFILE}" && /bin/false) +[ -n ${frrVTYgid} ] || (echo "No gid for frrvty in ${GROUPFILE}" && /bin/false) + +chown -R ${frruid}:${frrgid} /etc/frr +touch /etc/frr/vtysh.conf +chgrp ${frrvtygid} /etc/frr/vtysh* +chmod 644 /etc/frr/* + +ENVIRONMENTFILE=/etc/environment +if ! egrep --quiet '^VTYSH_PAGER=' ${ENVIRONMENTFILE}; then + echo "VTYSH_PAGER=/bin/cat" >> ${ENVIRONMENTFILE} +fi +################################################## + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} + +# This is most likely due to the answer "no" to the "really stop the server" +# question in the prerm script. +if [ "$1" = "abort-upgrade" ]; then + exit 0 +fi + +update-rc.d frr defaults > /dev/null + +#DEBHELPER# + diff --git a/debian/backports/ubuntu14.04/debian/frr.postrm b/debian/backports/ubuntu14.04/debian/frr.postrm new file mode 100644 index 0000000..48c2332 --- /dev/null +++ b/debian/backports/ubuntu14.04/debian/frr.postrm @@ -0,0 +1,14 @@ +#!/bin/bash -e + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} +# set -u not because of debhelper + +update-rc.d -f frr remove >> /dev/null + +if [ "$1" = "purge" ]; then + rm -rf /etc/frr /var/run/frr /var/log/frr + userdel frr >/dev/null 2>&1 || true +fi + +#DEBHELPER# diff --git a/debian/backports/ubuntu14.04/debian/rules b/debian/backports/ubuntu14.04/debian/rules new file mode 100755 index 0000000..c955d0c --- /dev/null +++ b/debian/backports/ubuntu14.04/debian/rules @@ -0,0 +1,203 @@ +#!/usr/bin/make -f + +# FRRouting Configuration options +###################################### +# +# WANT_xxxx --> Set to 1 for enable, 0 for disable +# The following are the defaults. They can be overridden by setting a +# env variable to a different value + +WANT_LDP ?= 1 +WANT_PIM ?= 1 +WANT_OSPFAPI ?= 1 +WANT_BGP_VNC ?= 1 +WANT_CUMULUS_MODE ?= 0 +WANT_MULTIPATH ?= 1 +WANT_SNMP ?= 0 +WANT_RPKI ?= 0 +WANT_BFD ?= 1 + +# NOTES: +# +# If you use WANT_RPKI, then there is a new dependency for librtr0 package +# and a build dependency of the librtr-dev package. +# While the librtr0 is added to the depenencies automatically, the build +# dependency can't be changed dynamically and building will fail if the +# librtr-dev isn't installed during package build +# Tested versions of both packages can be found at +# https://ci1.netdef.org/browse/RPKI-RTRLIB/latestSuccessful/artifact +# +# If multipath is enabled (WANT_MULTIPATH=1), then set number of multipaths here +# Please be aware that 0 is NOT disabled, but treated as unlimited + +MULTIPATH ?= 256 + +# Set the following to the value required (or leave alone for the default below) +# WANT_FRR_USER is used for the username and groupname of the FRR user account + +WANT_FRR_USER ?= frr +WANT_FRR_VTY_GROUP ?= frrvty + +# Don't build PDF docs by default +GENERATE_PDF ?= 0 + +# +#################################### + +export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +export DH_OPTIONS=-v + +ifeq ($(WANT_SNMP), 1) + USE_SNMP=--enable-snmp + $(warning "DEBIAN: SNMP enabled, sorry for your inconvenience") +else + USE_SNMP=--disable-snmp + $(warning "DEBIAN: SNMP disabled, see README.Debian") +endif + +ifeq ($(WANT_LDP), 1) + USE_LDP=--enable-ldpd +else + USE_LDP=--disable-ldpd +endif + +ifeq ($(WANT_PIM), 1) + USE_PIM=--enable-pimd +else + USE_PIM=--disable-pimd +endif + +ifeq ($(WANT_OSPFAPI), 1) + USE_OSPFAPI=--enable-ospfapi=yes +else + USE_OSPFAPI=--enable-ospfapi=no +endif + +ifeq ($(WANT_BGP_VNC), 1) + USE_BGP_VNC=--enable-bgp-vnc=yes +else + USE_BGP_VNC=--enable-bgp-vnc=no +endif + +USE_FRR_USER=--enable-user=$(WANT_FRR_USER) +USE_FRR_GROUP=--enable-group=$(WANT_FRR_USER) +USE_FRR_VTY_GROUP=--enable-vty-group=$(WANT_FRR_VTY_GROUP) + +ifeq ($(WANT_MULTIPATH), 1) + USE_MULTIPATH=--enable-multipath=$(MULTIPATH) +else + USE_MULTIPATH=--disable-multipath +endif + +ifeq ($(WANT_CUMULUS_MODE), 1) + USE_CUMULUS=--enable-cumulus=yes +else + USE_CUMULUS=--enable-cumulus=no +endif + +ifeq ($(WANT_RPKI), 1) + USE_RPKI=--enable-rpki +else + USE_RPKI=--disable-rpki +endif + +ifeq ($(WANT_BFD), 1) + USE_BFD=--enable-bfdd +else + USE_BFD=--disable-bfdd +endif + +ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + DEBIAN_JOBS := $(subst parallel=,,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +endif + +ifdef DEBIAN_JOBS +MAKEFLAGS += -j$(DEBIAN_JOBS) +endif + +%: + dh $@ --with=autoreconf --parallel --dbg-package=frr-dbg --list-missing + +override_dh_gencontrol: +ifeq ($(WANT_RPKI), 1) + dh_gencontrol -- -Vdist:Depends="librtr0 (>= 0.5)" +else + dh_gencontrol +endif + +override_dh_auto_configure: + # Frr needs /proc to check some BSD vs Linux specific stuff. + # Else it fails with an obscure error message pointing out that + # IPCTL_FORWARDING is an undefined symbol which is not very helpful. + @if ! [ -d /proc/1 ]; then \ + echo "./configure needs a mounted /proc"; \ + exit 1; \ + fi + + if ! [ -e config.status ]; then \ + dh_auto_configure -- \ + --enable-exampledir=/usr/share/doc/frr/examples/ \ + --localstatedir=/var/run/frr \ + --sbindir=/usr/lib/frr \ + --sysconfdir=/etc/frr \ + $(USE_SNMP) \ + $(USE_OSPFAPI) \ + $(USE_MULTIPATH) \ + $(USE_LDP) \ + --enable-fpm \ + $(USE_FRR_USER) $(USE_FRR_GROUP) \ + $(USE_FRR_VTY_GROUP) \ + --enable-configfile-mask=0640 \ + --enable-logfile-mask=0640 \ + --with-libpam \ + --enable-systemd=no \ + --enable-poll=yes \ + $(USE_CUMULUS) \ + $(USE_PIM) \ + --enable-dependency-tracking \ + $(USE_BGP_VNC) \ + $(USE_RPKI) \ + $(USE_BFD) \ + $(shell dpkg-buildflags --export=configure); \ + fi + +override_dh_auto_build: + #dh_auto_build + $(MAKE) + + # doc/ is a bit crazy +ifeq ($(GENERATE_PDF), 1) + dh_auto_build -- -C doc pdf +endif + rm -vf doc/_build/texinfo/frr.info + dh_auto_build -- -C doc info + +override_dh_auto_test: + +override_dh_auto_install: + dh_auto_install + + # installed in frr-pythontools + rm debian/tmp/usr/lib/frr/frr-reload.py + + # cleaning up the info dir + rm -f debian/tmp/usr/share/info/dir* + + # install config files + mkdir -p debian/tmp/etc/frr/ + perl -pi -e 's#^!log file #!log file /var/log/frr/#' debian/tmp/usr/share/doc/frr/examples/*sample* + + # leftover from previously shipping SMUX client OID MIB + mkdir -p debian/tmp/usr/share/snmp/mibs/ + + # cleaning .la files + sed -i "/dependency_libs/ s/'.*'/''/" debian/tmp/usr/lib/*.la + sed -i "/dependency_libs/ s/'.*'/''/" debian/tmp/usr/lib/frr/modules/*.la + +override_dh_systemd_start: + dh_systemd_start frr.service + +override_dh_systemd_enable: + dh_systemd_enable frr.service + diff --git a/debian/backports/ubuntu14.04/debian/source/format b/debian/backports/ubuntu14.04/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/backports/ubuntu14.04/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/backports/ubuntu14.04/exclude b/debian/backports/ubuntu14.04/exclude new file mode 100644 index 0000000..e69de29 diff --git a/debian/backports/ubuntu14.04/versionext b/debian/backports/ubuntu14.04/versionext new file mode 100644 index 0000000..c5be065 --- /dev/null +++ b/debian/backports/ubuntu14.04/versionext @@ -0,0 +1 @@ +-1~ubuntu14.04+1 diff --git a/debian/backports/ubuntu16.04/debian/source/format b/debian/backports/ubuntu16.04/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/backports/ubuntu16.04/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/backports/ubuntu16.04/exclude b/debian/backports/ubuntu16.04/exclude new file mode 100644 index 0000000..e69de29 diff --git a/debian/backports/ubuntu16.04/versionext b/debian/backports/ubuntu16.04/versionext new file mode 100644 index 0000000..dc33d97 --- /dev/null +++ b/debian/backports/ubuntu16.04/versionext @@ -0,0 +1 @@ +-1~ubuntu16.04+1 diff --git a/debian/backports/ubuntu17.10/debian/control b/debian/backports/ubuntu17.10/debian/control new file mode 100644 index 0000000..1bc3c4e --- /dev/null +++ b/debian/backports/ubuntu17.10/debian/control @@ -0,0 +1,54 @@ +Source: frr +Section: net +Priority: optional +Maintainer: Nobody +Uploaders: Nobody +XSBC-Original-Maintainer: +Build-Depends: debhelper (>= 7.0.50~), libncurses5-dev, libreadline-dev, texlive-latex-base, texlive-generic-recommended, libpam0g-dev | libpam-dev, libcap-dev, texinfo (>= 4.7), imagemagick, ghostscript, groff, autotools-dev, libpcre3-dev, gawk, chrpath, libsnmp-dev, git, dh-autoreconf, libjson-c-dev, libjson-c2 | libjson-c3, dh-systemd, libsystemd-dev, bison, flex, libc-ares-dev, pkg-config, python (>= 2.7), python-ipaddr, libpython-dev +Standards-Version: 3.9.6 +Homepage: http://www.frrouting.org/ + +Package: frr +Architecture: any +Depends: ${shlibs:Depends}, logrotate (>= 3.2-11), iproute2 | iproute, ${misc:Depends}, libc-ares2 +Pre-Depends: adduser +Conflicts: zebra, zebra-pj, quagga +Replaces: zebra, zebra-pj +Suggests: snmpd +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon forked from Quagga + FRR is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, RIPng, + PIM and LDP as well as the IPv6 versions of these. + . + FRR is a fork of Quagga with an open community model. The main git + lives on https://github.com/frrouting/frr.git + +Package: frr-dbg +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, frr (= ${binary:Version}) +Priority: optional +Section: debug +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon (debug symbols) + This package provides debugging symbols for all binary packages built + from frr source package. It's highly recommended to have this package + installed before reporting any FRR crashes to either FRR developers or + Debian package maintainers. + +Package: frr-doc +Section: net +Architecture: all +Depends: ${misc:Depends} +Suggests: frr +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon (documentation) + This package includes info files for frr, a free software which manages + TCP/IP based routing protocols. It supports BGP4, BGP4+, OSPFv2, OSPFv3, + IS-IS, RIPv1, RIPv2, RIPng, PIM and LDP as well as the IPv6 versions of these. + +Package: frr-pythontools +Section: net +Architecture: all +Depends: ${misc:Depends}, frr (= ${binary:Version}), python (>= 2.7), python-ipaddr +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon (Python Tools) + This package includes info files for frr, a free software which manages + TCP/IP based routing protocols. It supports BGP4, BGP4+, OSPFv2, OSPFv3, + IS-IS, RIPv1, RIPv2, RIPng, PIM and LDP as well as the IPv6 versions of these. diff --git a/debian/backports/ubuntu17.10/debian/source/format b/debian/backports/ubuntu17.10/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/backports/ubuntu17.10/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/backports/ubuntu17.10/exclude b/debian/backports/ubuntu17.10/exclude new file mode 100644 index 0000000..e69de29 diff --git a/debian/backports/ubuntu17.10/versionext b/debian/backports/ubuntu17.10/versionext new file mode 100644 index 0000000..bfbeccd --- /dev/null +++ b/debian/backports/ubuntu17.10/versionext @@ -0,0 +1 @@ +-1~ubuntu17.10+1 diff --git a/debian/backports/ubuntu18.04/debian/control b/debian/backports/ubuntu18.04/debian/control new file mode 100644 index 0000000..1e31ad6 --- /dev/null +++ b/debian/backports/ubuntu18.04/debian/control @@ -0,0 +1,54 @@ +Source: frr +Section: net +Priority: optional +Maintainer: Nobody +Uploaders: Nobody +XSBC-Original-Maintainer: +Build-Depends: debhelper (>= 7.0.50~), libncurses5-dev, libreadline-dev, texlive-latex-base, texlive-generic-recommended, libpam0g-dev | libpam-dev, libcap-dev, texinfo (>= 4.7), imagemagick, ghostscript, groff, autotools-dev, libpcre3-dev, gawk, chrpath, libsnmp-dev, git, dh-autoreconf, libjson-c-dev, libjson-c2 | libjson-c3, dh-systemd, libsystemd-dev, bison, flex, libc-ares-dev, pkg-config, python (>= 2.7), python-ipaddr, python-sphinx, libpython-dev +Standards-Version: 3.9.6 +Homepage: http://www.frrouting.org/ + +Package: frr +Architecture: any +Depends: ${shlibs:Depends}, logrotate (>= 3.2-11), iproute2 | iproute, ${misc:Depends}, libc-ares2 +Pre-Depends: adduser +Conflicts: zebra, zebra-pj, quagga +Replaces: zebra, zebra-pj +Suggests: snmpd +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon forked from Quagga + FRR is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, RIPng, + PIM and LDP as well as the IPv6 versions of these. + . + FRR is a fork of Quagga with an open community model. The main git + lives on https://github.com/frrouting/frr.git + +Package: frr-dbg +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, frr (= ${binary:Version}) +Priority: optional +Section: debug +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon (debug symbols) + This package provides debugging symbols for all binary packages built + from frr source package. It's highly recommended to have this package + installed before reporting any FRR crashes to either FRR developers or + Debian package maintainers. + +Package: frr-doc +Section: net +Architecture: all +Depends: ${misc:Depends} +Suggests: frr +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon (documentation) + This package includes info files for frr, a free software which manages + TCP/IP based routing protocols. It supports BGP4, BGP4+, OSPFv2, OSPFv3, + IS-IS, RIPv1, RIPv2, RIPng, PIM and LDP as well as the IPv6 versions of these. + +Package: frr-pythontools +Section: net +Architecture: all +Depends: ${misc:Depends}, frr (= ${binary:Version}), python (>= 2.7), python-ipaddr +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon (Python Tools) + This package includes info files for frr, a free software which manages + TCP/IP based routing protocols. It supports BGP4, BGP4+, OSPFv2, OSPFv3, + IS-IS, RIPv1, RIPv2, RIPng, PIM and LDP as well as the IPv6 versions of these. diff --git a/debian/backports/ubuntu18.04/debian/source/format b/debian/backports/ubuntu18.04/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/backports/ubuntu18.04/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/backports/ubuntu18.04/exclude b/debian/backports/ubuntu18.04/exclude new file mode 100644 index 0000000..e69de29 diff --git a/debian/backports/ubuntu18.04/versionext b/debian/backports/ubuntu18.04/versionext new file mode 100644 index 0000000..832fb4c --- /dev/null +++ b/debian/backports/ubuntu18.04/versionext @@ -0,0 +1 @@ +-1~ubuntu18.04+1 diff --git a/debian/changelog.in b/debian/changelog.in new file mode 100644 index 0000000..67d3480 --- /dev/null +++ b/debian/changelog.in @@ -0,0 +1,1429 @@ +frr (@VERSION@) RELEASED; urgency=medium + + * Staticd: New daemon responsible for management of static routes + * ISISd: Implement dst-src routing as per draft-ietf-isis-ipv6-dst-src-routing + * BFDd: new daemon for BFD (Bidrectional Forwarding Detection). Responsible + for notifying link changes to make routing protocols converge faster. + * various bug fixes + + -- FRRouting-Dev Sun, 7 Oct 2018 08:10:00 -0700 + +frr (5.0.1-0) RELEASED; urgency=medium + + * Support Automake 1.16.1 + * BGPd: Support for flowspec ICMP, DSCP, packet length, fragment and tcp flags + * BGPd: fix rpki validation for ipv6 + * VRF: Workaround for kernel bug on Linux 4.14 and newer + * Zebra: Fix interface based routes from zebra not marked up + * Zebra: Fix large zebra memory usage when redistribute between protocols + * Zebra: Allow route-maps to match on source instance + * BGPd: Backport peer-attr overrides, peer-level enforce-first-as and filtered-routes fix + * BGPd: fix for crash during display of filtered-routes + * BGPd: Actually display labeled unicast routes received + * Label Manager: Fix to work correctly behind a label manager proxy + * Debian Pkg: Fix build dependency for install-info + + -- FRRouting-Dev Thu, 5 Jul 2018 00:38:00 -0700 + +frr (5.0-0) RELEASED; urgency=medium + + * PIM: Add a Multicast Trace Command draft-ietf-idmr-traceroute-ipm-05 + * IS-IS: Implement Three-Way Handshake as per RFC5303 + * BGPD: Implement VPN-VRF route leaking per RFC4364. + * BGPD: Implement VRF with NETNS backend + * BGPD: Flowspec + * PBRD: Add a new Policy Based Routing Daemon + + -- FRRouting-Dev Thu, 7 Jun 2018 17:47:00 -0700 + +frr (4.0-0) RELEASED; urgency=medium + + * ISIS-MT - https://tools.ietf.org/html/rfc5120 + * BGP - RPKI (RFC 6810) + * BGP - v4 labeled unicast as per RFC 3107 + * BGP/Zebra - Type 2 and 3 EVPN with symmetric and asymmetric routing + * EIGRP - https://tools.ietf.org/html/rfc7868 + * FRR - Tab completion for iface names, prefix-lists, route-maps, BGP peers + * BABEL - https://tools.ietf.org/html/rfc6126 + * PIM VRF - Added the ability to work with VRF’s to PIM + * OSPFv2 VRF - Added the ability to work with VRF’s to OSPFv2 + * OSPFv2 Experimental SR - draft-ietf-ospf-segment-routing-extensions-24 + * ZEBRA - Add ability to create a static route that leaks across VRF’s. + + -- FRRouting-Dev Sun, 11 Mar 2018 17:22:20 -0700 + +frr (3.0.3-1) RELEASED; urgency=medium + + * New Enabled: PIM draft Unnumbered + + -- FRRouting-Dev Wed, 18 Oct 2017 17:01:42 -0700 + +frr (3.0-1) RELEASED; urgency=medium + + * Added Debian 9 Backport + + -- FRRouting-Dev Mon, 16 Oct 2017 03:28:00 -0700 + +frr (3.0-0) RELEASED; urgency=medium + + * New Enabled: BGP Shutdown Message + * New Enabled: BGP Large Community + * New Enabled: BGP RFC 7432 Partial Support w/ Ethernet VPN + * New Enabled: BGP EVPN RT-5 + * New Enabled: LDP RFC 5561 + * New Enabled: LDP RFC 5918 + * New Enabled: LDP RFC 5919 + * New Enabled: LDP RFC 6667 + * New Enabled: LDP RFC 7473 + * New Enabled: OSPF RFC 4552 + * New Enabled: ISIS SPF Backoff draft + * New Enabled: PIM Unnumbered Interfaces + * New Enabled: PIM RFC 4611 + * New Enabled: PIM Sparse Mode + * New Enabled: NHRP RFC 2332 + * New Enabled: Label Manager + * Switched from hardening-wrapper to dpkg-buildflags. + + -- FRRouting-Dev Fri, 13 Oct 2017 16:17:26 -0700 + +frr (2.0-0) RELEASED; urgency=medium + + * Switchover to FRR + + -- FRRouting-Dev Mon, 23 Jan 2017 16:30:22 -0400 + +quagga (0.99.24+cl3u5) RELEASED; urgency=medium + + * Closes: CM-12846 - Resolve Memory leaks in 'show ip bgp neighbor json' + * Closes: CM-5878 - Display all ospf peers with 'show ip ospf neighbor detail all' + * Closes: CM-5794 - Add support for IPv6 static to null0 + * Closes: CM-13060 - Reduce JSON memory usage. + * Closes: CM-10394 - protect 'could not get instance' error messages with debug + * Closes: CM-11173 - Move netlink error messages undeer a debug + * Closes: CM-13328 - Fixes route missing in hardware after reboot + + -- dev-support Fri, 11 Nov 2016 22:13:29 -0400 + +quagga (0.99.24+cl3u4) RELEASED; urgency=medium + + * Closes: CM-12687 - Buffer overflow in zebra RA code + + -- dev-support Wed, 31 Aug 2016 12:36:10 -0400 + +quagga (0.99.24+cl3u3) RELEASED; urgency=medium + + * New Enabled: Merge up-to 0.99.24 code from upstream + * New Enabled: Additional CLI simplification + * New Enabled: Various Bug Fixes + + -- dev-support Thu, 04 Aug 2016 08:43:36 -0700 + +quagga (0.99.23.1-1+cl3u2) RELEASED; urgency=medium + + * New Enabled: VRF - See Documentation for how to use + * New Enabled: Improved interface statistics + * New Enabled: Various vtysh improvements + * New Enabled: Numerous compile warnings and SA fixes + * New Enabled: Improved priviledge handlingA + * New Enabled: Various OSPF CLI fixes + * New Enabled: Prefix-list Performance Improvements. + * New Enabled: Allow more than 1k peers in Quagga + and Performance Improvements + * New Enabled: Systemd integration + * New Enabled: Various ISIS fixes + * New Enabled: BGP MRT improvements + * New Enabled: Lowered default MRAI timers + * New Enabled: Lowered default 'timers connect' + * New Enabled: 'bgp log-neighbor-changes' enabled by default + * New Enabled: BGP default keepalive to 3s and holdtime to 9s + * New Enabled: OSPF spf timers are now '0 50 5000' by default + * New Enabled: BGP hostname is displayed by default + * New Enabled: BGP 'no-as-set' is the default for + 'bgp as-path multipath-relax" + * New Enabled: RA is on by default if using 5549 on an interface + * New Enabled: peer-group restrictions relaxed, update-groups determine + outbund policy anyway + * New Enabled: BGP enabled 'maximum-paths 64' by default + * New Enabled: OSPF "log-adjacency-changes" on by default + * New Enabled: Zebra: Add IPv6 protocol filtering support + * and setting src of IPv6 routes. + * New Enabled: BGP and OSPF JSON commands added. + * New Enabled: BGP Enable multiple instances support by default + * New Enabled: 'banner motd file' command + * New Enabled: Remove bad default passwords from default conf + * New Enabled: BGP addpath TX + * New Enabled: Simplified configuration for BGP Unnumbered + + * New Deprecated: Remove unused 'show memory XXX' functionality + * New Deprecated: Remove babel protocol + + * Closes: CM-10435 Addition on hidden command + "bfd multihop/singlehop" and "ptm-enable" per interface command + * Closes: CM-9974 Get route counts right for show ip route summary + * Closes: CM-9786 BGP memory leak in peer hostname + * Closes: CM-9340 BGP: Ensure correct sequence of processing at exit + * Closes: CM-9270 ripd: Fix crash when a default route is passed to rip + * Closes: CM-9255 BGPD crash around bgp_config_write () + * Closes: CM-9134 ospf6d: Fix for crash when non area 0 network + entered first + * Closes: CM-8934 OSPFv3: Check area before scheduling SPF + * Closes: CM-8514 zebra: Crash upon disabling a link + * Closes: CM-8295 BGP crash in group_announce_route_walkcb + * Closes: CM-8191 BGP: crash in update_subgroup_merge() + * Closes: CM-8015 lib: Memory reporting fails over 2GB + * Closes: CM-7926 BGP: crash from not NULLing freed pointers + + -- dev-support Wed, 04 May 2016 16:22:52 -0700 + +quagga (0.99.23.1-1) unstable; urgency=medium + + * New upstream release + * Added .png figures for info files to quagga-doc package. + * Changed dependency from iproute to iproute2 (thanks to Andreas + Henriksson). Closes: #753736 + * Added texlive-fonts-recommended to build-depends to get ecrm1095 font + (thanks to Christoph Biedl). Closes: #651545 + + -- Christian Brunotte Tue, 30 Sep 2014 00:20:12 +0200 + +quagga (0.99.23-1) unstable; urgency=low + + * New upstream release + * Removed debian/patches/readline-6.3.diff which was already in upstream. + + -- Christian Hammers Tue, 08 Jul 2014 09:15:48 +0200 + +quagga (0.99.22.4-4) unstable; urgency=medium + + * Fix build failure with readline-6.3 (thanks to Matthias Klose). + Closes: #741774 + + -- Christian Hammers Sun, 23 Mar 2014 15:28:42 +0100 + +quagga (0.99.22.4-3) unstable; urgency=low + + * Added status to init script (thanks to Peter J. Holzer). Closes: #730625 + * Init script now sources /lib/lsb/init-functions. + * Switched from hardening-wrapper to dpkg-buildflags. + + -- Christian Hammers Wed, 01 Jan 2014 19:12:01 +0100 + +quagga (0.99.22.4-2) unstable; urgency=low + + * Fixed typo in package description (thanks to Davide Prina). + Closes: #625860 + * Added Italian Debconf translation (thanks to Beatrice Torracca) + Closes: #729798 + + -- Christian Hammers Tue, 26 Nov 2013 00:47:11 +0100 + +quagga (0.99.22.4-1) unstable; urgency=high + + * SECURITY: + "ospfd: CVE-2013-2236, stack overrun in apiserver + + the OSPF API-server (exporting the LSDB and allowing announcement of + Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads + to an exploitable stack overflow. + + For this condition to occur, the following two conditions must be true: + - Quagga is configured with --enable-opaque-lsa + - ospfd is started with the "-a" command line option + + If either of these does not hold, the relevant code is not executed and + the issue does not get triggered." + Closes: #726724 + + * New upstream release + - ospfd: protect vs. VU#229804 (malformed Router-LSA) + (Quagga is said to be non-vulnerable but still adds some protection) + + -- Christian Hammers Thu, 24 Oct 2013 22:58:37 +0200 + +quagga (0.99.22.1-2) unstable; urgency=low + + * Added autopkgtests (thanks to Yolanda Robla). Closes: #710147 + * Added "status" command to init script (thanks to James Andrewartha). + Closes: #690013 + * Added "libsnmp-dev" to Build-Deps. There not needed for the official + builds but for people who compile Quagga themselves to activate the + SNMP feature (which for licence reasons cannot be done by Debian). + Thanks to Ben Winslow). Closes: #694852 + * Changed watchquagga_options to an array so that quotes can finally + be used as expected. Closes: #681088 + * Fixed bug that prevented restarting only the watchquagga daemon + (thanks to Harald Kappe). Closes: #687124 + + -- Christian Hammers Sat, 27 Jul 2013 16:06:25 +0200 + +quagga (0.99.22.1-1) unstable; urgency=low + + * New upstream release + - ospfd restore nexthop IP for p2p interfaces + - ospfd: fix LSA initialization for build without opaque LSA + - ripd: correctly redistribute ifindex routes (BZ#664) + - bgpd: fix lost passwords of grouped neighbors + * Removed 91_ld_as_needed.diff as it was found in the upstream source. + + -- Christian Hammers Mon, 22 Apr 2013 22:21:20 +0200 + +quagga (0.99.22-1) unstable; urgency=low + + * New upstream release. + - [bgpd] The semantics of default-originate route-map have changed. + The route-map is now used to advertise the default route conditionally. + The old behaviour which allowed to set attributes on the originated + default route is no longer supported. + - [bgpd] this version of bgpd implements draft-idr-error-handling. This was + added in 0.99.21 and may not be desirable. If you need a version + without this behaviour, please use 0.99.20.1. There will be a + runtime configuration switch for this in future versions. + - [isisd] is in "beta" state. + - [ospf6d] is in "alpha/experimental" state + - More changes are documented in the upstream changelog! + * debian/watch: Adjusted to new savannah.gnu.org site, thanks to Bart + Martens. + * debian/patches/99_CVE-2012-1820_bgp_capability_orf.diff removed as its + in the changelog. + * debian/patches/99_distribute_list.diff removed as its in the changelog. + * debian/patches/10_doc__Makefiles__makeinfo-force.diff removed as it + was just for Debian woody. + + -- Christian Hammers Thu, 14 Feb 2013 00:22:00 +0100 + +quagga (0.99.21-4) unstable; urgency=medium + + * Fixed regression bug that caused OSPF "distribute-list" statements to be + silently ignored. The patch has already been applied upstream but there + has been no new Quagga release since then. + Thanks to Hans van Kranenburg for reporting. Closes: #697240 + + -- Christian Hammers Sun, 06 Jan 2013 15:50:32 +0100 + +quagga (0.99.21-3) unstable; urgency=high + + * SECURITY: + CVE-2012-1820 - Quagga contained a bug in BGP OPEN message handling. + A denial-of-service condition could be caused by an attacker controlling + one of the pre-configured BGP peers. In most cases this means, that the + attack must be originated from an adjacent network. Closes: #676510 + + -- Christian Hammers Fri, 08 Jun 2012 01:15:32 +0200 + +quagga (0.99.21-2) unstable; urgency=low + + * Renamed babeld.8 to quagga-babeld.8 as it conflicted with the + original mapage of the babeld package which users might want to + install in parallel as it is slightly more capable. Closes: #671916 + + -- Christian Hammers Thu, 10 May 2012 07:53:01 +0200 + +quagga (0.99.21-1) unstable; urgency=low + + * New upstream release + - [bgpd] BGP multipath support has been merged + - [bgpd] SAFI (Multicast topology) support has been extended to propagate + the topology to zebra. + - [bgpd] AS path limit functionality has been removed + - [babeld] a new routing daemon implementing the BABEL ad-hoc mesh routing + protocol has been merged. + - [isisd] a major overhaul has been picked up. Please note that isisd is + STILL NOT SUITABLE FOR PRODUCTION USE. + - a lot of bugs have been fixed + * Added watchquagga daemon. + * Added DEP-3 conforming patch comments. + + -- Christian Hammers Sun, 06 May 2012 15:33:33 +0200 + +quagga (0.99.20.1-1) unstable; urgency=high + + * SECURITY: + CVE-2012-0249 - Quagga ospfd DoS on malformed LS-Update packet + CVE-2012-0250 - Quagga ospfd DoS on malformed Network-LSA data + CVE-2012-0255 - Quagga bgpd DoS on malformed OPEN message + * New upstream release. Closes: #664033 + + -- Christian Hammers Fri, 16 Mar 2012 22:14:05 +0100 + +quagga (0.99.20-4) unstable; urgency=low + + * Switch to dpkg-source 3.0 (quilt) format. + * Switch to changelog-format-1.0. + + -- Christian Hammers Sat, 25 Feb 2012 18:52:06 +0100 + +quagga (0.99.20-3) unstable; urgency=low + + * Added --sysconfdir back to the configure options (thanks to Sven-Haegar + Koch). Closes: #645649 + + -- Christian Hammers Tue, 18 Oct 2011 00:24:37 +0200 + +quagga (0.99.20-2) unstable; urgency=low + + * Bumped standards version to 0.9.2. + * Migrated to "dh" build system. + * Added quagga-dbg package. + + -- Christian Hammers Fri, 14 Oct 2011 23:59:26 +0200 + +quagga (0.99.20-1) unstable; urgency=low + + * New upstream release: + "The primary focus of this release is a fix of SEGV regression in ospfd, + which was introduced in 0.99.19. It also features a series of minor + improvements, including better RFC compliance in bgpd, better support + of FreeBSD and some enhancements to isisd." + * Fixes off-by-one bug (removed 20_ospf6_area_argv.dpatch). Closes: #519488 + + -- Christian Hammers Fri, 30 Sep 2011 00:59:24 +0200 + +quagga (0.99.19-1) unstable; urgency=high + + * SECURITY: + "This release provides security fixes, which address assorted + vulnerabilities in bgpd, ospfd and ospf6d (CVE-2011-3323, + CVE-2011-3324, CVE-2011-3325, CVE-2011-3326 and CVE-2011-3327). + * New upstream release. + * Removed incorporated debian/patches/92_opaque_lsa_enable.dpatch. + * Removed incorporated debian/patches/93_opaque_lsa_fix.dpatch. + * Removed obsolete debian/README.Debian.Woody and README.Debian.MD5. + + -- Christian Hammers Tue, 27 Sep 2011 00:16:27 +0200 + +quagga (0.99.18-1) unstable; urgency=low + + * SECURITY: + "This release fixes 2 denial of services in bgpd, which can be remotely + triggered by malformed AS-Pathlimit or Extended-Community attributes. + These issues have been assigned CVE-2010-1674 and CVE-2010-1675. + Support for AS-Pathlimit has been removed with this release." + * Added Brazilian Portuguese debconf translation. Closes: #617735 + * Changed section for quagga-doc from "doc" to "net". + * Added patch to fix FTBFS with latest GCC. Closes: #614459 + + -- Christian Hammers Tue, 22 Mar 2011 23:13:34 +0100 + +quagga (0.99.17-4) unstable; urgency=low + + * Added comment to init script (thanks to Marc Haber). Closes: #599524 + + -- Christian Hammers Thu, 13 Jan 2011 23:53:29 +0100 + +quagga (0.99.17-3) unstable; urgency=low + + * Fix FTBFS with ld --as-needed (thanks to Matthias Klose at Ubuntu). + Closes: #609555 + + -- Christian Hammers Thu, 13 Jan 2011 23:27:06 +0100 + +quagga (0.99.17-2) unstable; urgency=low + + * Added Danisch Debconf translation (thanks to Joe Dalton). Closes: #596259 + + -- Christian Hammers Sat, 18 Sep 2010 12:20:07 +0200 + +quagga (0.99.17-1) unstable; urgency=high + + * SECURITY: + "This release provides two important bugfixes, which address remote crash + possibility in bgpd discovered by CROSS team.": + 1. Stack buffer overflow by processing certain Route-Refresh messages + CVE-2010-2948 + 2. DoS (crash) while processing certain BGP update AS path messages + CVE-2010-2949 + Closes: #594262 + + -- Christian Hammers Wed, 25 Aug 2010 00:52:48 +0200 + +quagga (0.99.16-1) unstable; urgency=low + + * New upstream release. Closes: #574527 + * Added chrpath to debian/rules to fix rpath problems that lintian spottet. + + -- Christian Hammers Sun, 21 Mar 2010 17:05:40 +0100 + +quagga (0.99.15-2) unstable; urgency=low + + * Applied patch for off-by-one bug in ospf6d that caused a segmentation + fault when using the "area a.b.c.d filter-list prefix" command (thanks + to Steinar H. Gunderson). Closes: 519488 + + -- Christian Hammers Sun, 14 Feb 2010 20:02:03 +0100 + +quagga (0.99.15-1) unstable; urgency=low + + * New upstream release + "This fixes some annoying little ospfd and ospf6d regressions, which made + 0.99.14 a bit of a problem release (...) This release still contains a + regression in the "no ip address ..." command, at least on Linux. + See bug #486, which contains a workaround patch. This release should be + considered a 1.0.0 release candidate. Please test this release as widely + as possible." + * Fixed wrong port number in zebra.8 (thanks to Thijs Kinkhorst). + Closes: #517860 + * Added Russian Debconf tanslation (thanks to Yuri Kozlov). + Closes: #539464 + * Removed so-version in build-dep to libreadline-dev on request of + Matthias Klose. + * Added README.source with reference to dpatch as suggested by lintian. + * Bumped standards versionto 3.8.3. + + -- Christian Hammers Sun, 13 Sep 2009 18:12:06 +0200 + +quagga (0.99.14-1) unstable; urgency=low + + * New upstream release + "This release contains a regression fix for ospf6d, various small fixes + and some hopefully very significant bgpd stability fixes. + This release should be considered a 1.0.0 release candidate. Please test + this release as widely as possible." + * Fixes bug with premature LSA aging in ospf6d. Closes: #535030 + * Fixes section number in zebra.8 manpage. Closes: #517860 + + -- Christian Hammers Sat, 25 Jul 2009 00:40:38 +0200 + +quagga (0.99.13-2) unstable; urgency=low + + * Added Japanese Debconf translation (thanks to Hideki Yamane). + Closes: #510714 + * When checking for obsoleted config options in preinst, print filename + where it occures (thanks to Michael Bussmann). Closes: #339489 + + -- Christian Hammers Sun, 19 Jul 2009 17:13:23 +0200 + +quagga (0.99.13-1) unstable; urgency=low + + * New upstream release + "This release is contains a number of small fixes, for potentially + irritating issues, as well as small enhancements to vtysh and support + for linking to PCRE (a much faster regex library)." + * Added build-dep to gawk as configure required it for memtypes.awk + * Replaced build-dep to gs-gpl with ghostscript as requested by lintian + * Minor changes to copyright and control files to make lintian happy. + + -- Christian Hammers Wed, 24 Jun 2009 17:53:28 +0200 + +quagga (0.99.12-1) unstable; urgency=high + + * New upstream release + "This release fixes an urgent bug in bgpd where it could hit an assert + if it received a long AS_PATH with a 4-byte ASN." Noteworthy bugfixes: + + [bgpd] Fix bgp ipv4/ipv6 accept handling + + [bgpd] AS4 bugfix by Chris Caputo + + [bgpd] Allow accepted peers to progress even if realpeer is in Connect + + [ospfd] Switch Fletcher checksum back to old ospfd version + + -- Christian Hammers Mon, 22 Jun 2009 00:16:33 +0200 + +quagga (0.99.11-1) unstable; urgency=low + + * New upstream release + "Most regressions in 0.99 over 0.98 are now believed to be fixed. This + release should be considered a release-candidate for a new stable series." + + bgpd: Preliminary UI and Linux-IPv4 support for TCP-MD5 merged + + zebra: ignore dead routes in RIB update + + [ospfd] Default route needs to be refreshed after neighbour state change + + [zebra:netlink] Set proto/scope on all route update messages + * Removed debian/patches/20_*bgp*md5*.dpatch due to upstream support. + + -- Christian Hammers Thu, 09 Oct 2008 22:56:38 +0200 + +quagga (0.99.10-1) unstable; urgency=medium + + * New upstream release + + bgpd: 4-Byte AS Number support + + Sessions were incorrectly reset if a partial AS-Pathlimit attribute + was received. + + Advertisement of Multi-Protocol prefixes (i.e. non-IPv4) had been + broken in the 0.99.9 release. Closes: #467656 + + -- Christian Hammers Tue, 08 Jul 2008 23:32:42 +0200 + +quagga (0.99.9-6) unstable; urgency=low + + * Fixed FTBFS by adding a build-dep to libpcre3-dev (thanks to Luk Claes). + Closes: #469891 + + -- Christian Hammers Sat, 12 Apr 2008 12:53:51 +0200 + +quagga (0.99.9-5) unstable; urgency=low + + * C.J. Adams-Collier and Paul Jakma suggested to build against libpcre3 + which is supposed to be faster. + + -- Christian Hammers Sun, 02 Mar 2008 13:19:42 +0100 + +quagga (0.99.9-4) unstable; urgency=low + + * Added hardening-wrapper to the build-deps (thanks to Moritz Muehlenhoff). + + -- Christian Hammers Tue, 29 Jan 2008 22:33:56 +0100 + +quagga (0.99.9-3) unstable; urgency=low + + * Replaced the BGP patch by a new one so that the package builds again + with kernels above 2.6.21! + * debian/control: + + Moved quagga-doc to section doc to make lintian happy. + * Added Spanish debconf translation (thanks to Carlos Galisteo de Cabo). + Closes: #428574 + * debian/control: (thanks to Marco Rodrigues) + + Bump Standards-Version to 3.7.3 (no changes needed). + + Add Homepage field. + + -- Christian Hammers Mon, 28 Jan 2008 22:29:18 +0100 + +quagga (0.99.9-2.1) unstable; urgency=low + + * Non-maintainer upload. + * debian/rules: fixed bashisms. (Closes: #459122) + + -- Miguel Angel Ruiz Manzano Tue, 22 Jan 2008 14:37:21 -0300 + +quagga (0.99.9-2) unstable; urgency=low + + * Added CVE id for the security bug to the last changelog entry. + Closes: 442133 + + -- Christian Hammers Tue, 25 Sep 2007 22:01:31 +0200 + +quagga (0.99.9-1) unstable; urgency=high + + * SECURITY: + "This release fixes two potential DoS conditions in bgpd, reported by Mu + Security, where a bgpd could be crashed if a peer sent a malformed OPEN + message or a malformed COMMUNITY attribute. Only configured peers can do + this, hence we consider these issues to be very low impact." CVE-2007-4826 + + -- Christian Hammers Wed, 12 Sep 2007 21:12:41 +0200 + +quagga (0.99.8-1) unstable; urgency=low + + * New upstream version. + + -- Christian Hammers Fri, 17 Aug 2007 00:07:04 +0200 + +quagga (0.99.7-3) unstable; urgency=medium + + * Applied patch for FTBFS with linux-libc-dev (thanks to Andrew J. Schorr + and Lucas Nussbaum). Closes: #429003 + + -- Christian Hammers Fri, 22 Jun 2007 21:34:55 +0200 + +quagga (0.99.7-2) unstable; urgency=low + + * Added Florian Weimar as co-maintainer. Closes: 421977 + * Added Dutch debconf translation (thanks to Bart Cornelis). + Closes: #420932 + * Added Portuguese debconf translation (thanks to Rui Branco). + Closes: #421185 + * Improved package description (thanks to Reuben Thomas). + Closes: #418933 + * Added CVE Id to 0.99.6-5 changelog entry. + + -- Christian Hammers Wed, 02 May 2007 20:27:12 +0200 + +quagga (0.99.7-1) unstable; urgency=low + + * New upstream release. Closes: #421553 + + -- Christian Hammers Mon, 30 Apr 2007 14:22:34 +0200 + +quagga (0.99.6-6) unstable; urgency=medium + + * Fixes FTBFS with tetex-live. Closes: #420468 + + -- Christian Hammers Mon, 23 Apr 2007 21:34:13 +0200 + +quagga (0.99.6-5) unstable; urgency=high + + * SECURITY: + The bgpd daemon was vulnerable to a Denial-of-Service. Configured peers + could cause a Quagga bgpd to, typically, assert() and abort. The DoS + could be triggered by peers by sending an UPDATE message with a crafted, + malformed Multi-Protocol reachable/unreachable NLRI attribute. + This is CVE-2007-1995 and Quagga Bug#354. Closes: #418323 + + -- Christian Hammers Thu, 12 Apr 2007 23:21:58 +0200 + +quagga (0.99.6-4) unstable; urgency=low + + * Improved note in README.Debian for SNMP self-builders (thanks to Matthias + Wamser). Closes: #414788 + + -- Christian Hammers Wed, 14 Mar 2007 02:18:57 +0100 + +quagga (0.99.6-3) unstable; urgency=low + + * Updated German Debconf translation (thanks to Matthias Julius). + Closes: #409327 + + -- Christian Hammers Sat, 10 Feb 2007 15:06:16 +0100 + +quagga (0.99.6-2) unstable; urgency=low + + * Updated config.guess/config.sub as suggested by lintian. + * Corrected README.Debian text regarding the WANT_SNMP flag. + + -- Christian Hammers Sun, 17 Dec 2006 01:45:37 +0100 + +quagga (0.99.6-1) unstable; urgency=low + + * New upstream release. Closes: #402361 + + -- Christian Hammers Mon, 11 Dec 2006 00:28:09 +0100 + +quagga (0.99.5-5) unstable; urgency=high + + * Changed Depends on adduser to Pre-Depends to avoid uninstallability + in certain cases (thanks to Steve Langasek, Lucas Nussbaum). + Closes: #398562 + + -- Christian Hammers Wed, 15 Nov 2006 17:46:34 +0100 + +quagga (0.99.5-4) unstable; urgency=low + + * Added default PAM file and some explanations regarding PAM authentication + of vtysh which could prevent the start at boot-time when used wrong. + Now PAM permits anybody to access the vtysh tool (a malicious user could + build his own vtysh without PAM anyway) and the access is controled by + the read/write permissions of the vtysh socket which are only granted to + users belonging to the quaggavty group (thanks to Wakko Warner). + Closes: #389496 + * Added "case" to prerm script so that the Debconf question is not called a + second time in e.g. "new-prerm abort-upgrade" after being NACKed in the + old-prerm. + + -- Christian Hammers Fri, 3 Nov 2006 01:22:15 +0100 + +quagga (0.99.5-3) unstable; urgency=medium + + * Backport CVS fix for an OSPF DD Exchange regression (thanks to Matt + Brown). Closes: #391040 + + -- Christian Hammers Wed, 25 Oct 2006 19:47:11 +0200 + +quagga (0.99.5-2) unstable; urgency=medium + + * Added LSB info section to initscript. + * Removed unnecessary depends to libncurses5 to make checklib happy. + The one to libcap should remain though as it is just temporarily + unused. + + -- Christian Hammers Thu, 21 Sep 2006 00:04:07 +0200 + +quagga (0.99.5-1) unstable; urgency=low + + * New upstream release. Closes: #38704 + * Upstream fixes ospfd documentary inconsistency. Closes: #347897 + * Changed debconf question in prerm to "high" (thanks to Rafal Pietrak). + + -- Christian Hammers Mon, 11 Sep 2006 23:43:42 +0200 + +quagga (0.99.4-4) unstable; urgency=low + + * Recreate /var/run if not present because /var is e.g. on a tmpfs + filesystem (thanks to Martin Pitt). Closes: #376142 + * Removed nonexistant option from ospfd.8 manpage (thanks to + David Medberry). Closes: 378274 + + -- Christian Hammers Sat, 15 Jul 2006 20:22:12 +0200 + +quagga (0.99.4-3) unstable; urgency=low + + * Removed invalid semicolon from rules file (thanks to Philippe Gramoulle). + + -- Christian Hammers Tue, 27 Jun 2006 23:36:07 +0200 + +quagga (0.99.4-2) unstable; urgency=high + + * Set urgency to high as 0.99.4-1 fixes a security problem! + * Fixed building of the info file. + + -- Christian Hammers Sun, 14 May 2006 23:04:28 +0200 + +quagga (0.99.4-1) unstable; urgency=low + + * New upstream release to fix a security problem in the telnet interface + of the BGP daemon which could be used for DoS attacks (CVE-2006-2276). + Closes: 366980 + + -- Christian Hammers Sat, 13 May 2006 19:54:40 +0200 + +quagga (0.99.3-3) unstable; urgency=low + + * Added CVE numbers for the security patch in 0.99.3-2. + + -- Christian Hammers Sat, 6 May 2006 17:14:22 +0200 + +quagga (0.99.3-2) unstable; urgency=high + + * SECURITY: + Added security bugfix patch from upstream BTS for security problem + that could lead to injected routes when using RIPv1. + CVE-2006-2223 - missing configuration to disable RIPv1 or require + plaintext or MD5 authentication + CVE-2006-2224 - lack of enforcement of RIPv2 authentication requirements + Closes: #365940 + * First amd64 upload. + + -- Christian Hammers Thu, 4 May 2006 00:22:09 +0200 + +quagga (0.99.3-1) unstable; urgency=low + + * New upstream release + + -- Christian Hammers Wed, 25 Jan 2006 13:37:27 +0100 + +quagga (0.99.2-1) unstable; urgency=low + + * New upstream release + Closes: #330248, #175553 + + -- Christian Hammers Wed, 16 Nov 2005 00:25:52 +0100 + +quagga (0.99.1-7) unstable; urgency=low + + * Changed debian/rules check for mounted /proc directory to check + for /proc/1 as not all systems (e.g. 2.6 arm kernels) have + /proc/kcore which is a optional feature only (thanks to Lennert + Buytenhek). Closes: #335695 + * Added Swedish Debconf translation (thanks to Daniel Nylander). + Closes: #331367 + + -- Christian Hammers Thu, 27 Oct 2005 20:53:19 +0200 + +quagga (0.99.1-6) unstable; urgency=low + + * Fixed debconf dependency as requested by Joey Hess. + + -- Christian Hammers Mon, 26 Sep 2005 20:47:35 +0200 + +quagga (0.99.1-5) unstable; urgency=low + + * Rebuild with libreadline5-dev as build-dep as requested by + Matthias Klose. Closes: #326306 + * Made initscript more fault tolerant against missing lines in + /etc/quagga/daemons (thanks to Ralf Hildebrandt). Closes: #323774 + * Added dependency to adduser. + + -- Christian Hammers Tue, 13 Sep 2005 21:42:17 +0200 + +quagga (0.99.1-4) unstable; urgency=low + + * Added French Debconf translation (thanks to Mohammed Adnene Trojette). + Closes: #319324 + * Added Czech Debconf translation (thanks to Miroslav Kure). + Closes: #318127 + + -- Christian Hammers Sun, 31 Jul 2005 04:19:41 +0200 + +quagga (0.99.1-3) unstable; urgency=low + + * A Debconf question now asks the admin before upgrading if the daemon + should really be stopped as this could lead to the loss of network + connectivity or BGP flaps (thanks to Michael Horn and Achilleas Kotsis). + Also added a hint about setting Quagga "on hold" to README.Debian. + Closes: #315467 + * Added patch to build on Linux/ARM. + + -- Christian Hammers Sun, 10 Jul 2005 22:19:38 +0200 + +quagga (0.99.1-2) unstable; urgency=low + + * Fixed SNMP enabled command in debian/rules (thanks to Christoph Kluenter). + Closes: #306840 + + -- Christian Hammers Sat, 4 Jun 2005 14:04:01 +0200 + +quagga (0.99.1-1) unstable; urgency=low + + * New upstream version. Among others: + - BGP graceful restart and "match ip route-source" added + - support for interface renaming + - improved threading for better responsivness under load + * Switched to dpatch to make diffs cleaner. + * Made autoreconf unnecessary. + * Replaced quagga.dvi and quagga.ps by quagga.pdf in quagga-doc. + (the PostScript would have needed Makefile corrections and PDF + is more preferable anyway) + * Added isisd to the list of daemons in /etc/init.d/quagga (thanks + to Ernesto Elbe). + * Added hint for "netlink-listen: overrun" messages (thanks to + Hasso Tepper). + * Added preinst check that bails out if old smux options are in use + as Quagga would not start up else anyway (thanks to Bjorn Mork). + Closes: #308320 + + -- Christian Hammers Fri, 13 May 2005 01:18:24 +0200 + +quagga (0.98.3-7) unstable; urgency=high + + * Removed SNMP support as linking against NetSNMP introduced a dependency + to OpenSSL which is not compatible to the GPL which governs this + application (thanks to Faidon Liambotis). See README.Debian for more + information. Closes: #306840 + * Changed listening address of ospf6d and ripngd from 127.0.0.1 to "::1". + * Added build-dep to groff to let drafz-zebra-00.txt build correctly. + + -- Christian Hammers Wed, 4 May 2005 20:08:14 +0200 + +quagga (0.98.3-6) testing-proposed-updates; urgency=high + + * Removed "Recommends kernel-image-2.4" as aptitude then + installes a kernel-image for an arbitrary architecture as long + as it fullfill that recommendation which can obviously fatal + at the next reboot :) Also it is a violation of the policy + which mandates a reference to real packages (thanks to Holger Levsen). + Closes: #307281 + + -- Christian Hammers Tue, 3 May 2005 22:53:39 +0200 + +quagga (0.98.3-5) unstable; urgency=high + + * The patch which tried to remove the OpenSSL dependency, which is + not only unneccessary but also a violation of the licence and thus RC, + stopped working a while ago, since autoreconf is no longer run before + building the binaries. So now ./configure is patched directly (thanks + to Faidon Liambotis for reporting). Closes: #306840 + * Raised Debhelper compatibility level from 3 to 4. Nothing changed. + * Added build-dep to texinfo (>= 4.7) to ease work for www.backports.org. + + -- Christian Hammers Fri, 29 Apr 2005 02:31:03 +0200 + +quagga (0.98.3-4) unstable; urgency=low + + * Removed Debconf upgrade note as it was considered a Debconf abuse + and apart from that so obvious that it was not even worth to be + put into NEWS.Debian (thanks to Steve Langasek). Closes: #306384 + + -- Christian Hammers Wed, 27 Apr 2005 00:10:24 +0200 + +quagga (0.98.3-3) unstable; urgency=medium + + * Adding the debconf module due to a lintian suggestion is a very + bad idea if no db_stop is called as the script hangs then (thanks + to Tore Anderson for reporting). Closes: #306324 + + -- Christian Hammers Mon, 25 Apr 2005 21:55:58 +0200 + +quagga (0.98.3-2) unstable; urgency=low + + * Added debconf confmodule to postinst as lintian suggested. + + -- Christian Hammers Sun, 24 Apr 2005 13:16:00 +0200 + +quagga (0.98.3-1) unstable; urgency=low + + * New upstream release. + Mmost notably fixes last regression in bgpd (reannounce of prefixes + with changed attributes works again), race condition in netlink + handling while using IPv6, MTU changes handling in ospfd and several + crashes in ospfd, bgpd and ospf6d. + + -- Christian Hammers Mon, 4 Apr 2005 12:51:24 +0200 + +quagga (0.98.2-2) unstable; urgency=low + + * Added patch to let Quagga compile with gcc-4.0 (thanks to + Andreas Jochens). Closes: #300949 + + -- Christian Hammers Fri, 25 Mar 2005 19:33:30 +0100 + +quagga (0.98.2-1) unstable; urgency=medium + + * Quoting the upstream announcement: + The 0.98.1 release unfortunately was a brown paper bag release with + respect to ospfd. [...] 0.98.2 has been released, with one crucial change + to fix the unfortunate mistake in 0.98.1, which caused problems if + ospfd became DR. + * Note: the upstream tarball had a strange problem, apparently redhat.spec + was twice in it? At least debuild gave a strange error message so I + unpacked it by hand. No changes were made to the .orig.tar.gz! + + -- Christian Hammers Fri, 4 Feb 2005 01:31:36 +0100 + +quagga (0.98.1-1) unstable; urgency=medium + + * New upstream version + "fixing a fatal OSPF + MD5 auth regression, and a non-fatal high-load + regression in bgpd which were present in the 0.98.0 release." + * Upstream version fixes bug in ospfd that could lead to crash when OSPF + packages had a MTU > 1500. Closes: #290566 + * Added notice regarding capability kernel support to README.Debian + (thanks to Florian Weimer). Closes: #291509 + * Changed permission setting in postinst script (thanks to Bastian Blank). + Closes: #292690 + + -- Christian Hammers Tue, 1 Feb 2005 02:01:27 +0100 + +quagga (0.98.0-3) unstable; urgency=low + + * Fixed problem in init script. Closes: #290317 + * Removed obsolete "smux peer enable" patch. + + -- Christian Hammers Fri, 14 Jan 2005 17:37:27 +0100 + +quagga (0.98.0-2) unstable; urgency=low + + * Updated broken TCP MD5 patch for BGP (thanks to John P. Looney + for telling me). + + -- Christian Hammers Thu, 13 Jan 2005 02:03:54 +0100 + +quagga (0.98.0-1) unstable; urgency=low + + * New upstream release + * Added kernel-image-2.6 as alternative to 2.4 to the recommends + (thanks to Faidon Liambotis). Closes: #289530 + + -- Christian Hammers Mon, 10 Jan 2005 19:36:17 +0100 + +quagga (0.97.5-1) unstable; urgency=low + + * New upstream version. + * Added Czech debconf translation (thanks to Miroslav Kure). + Closes: #287293 + * Added Brazilian debconf translation (thanks to Andre Luis Lopes). + Closes: #279352 + + -- Christian Hammers Wed, 5 Jan 2005 23:49:57 +0100 + +quagga (0.97.4-2) unstable; urgency=low + + * Fixed quagga.info build problem. + + -- Christian Hammers Wed, 5 Jan 2005 22:38:01 +0100 + +quagga (0.97.4-1) unstable; urgency=low + + * New upstream release. + + -- Christian Hammers Tue, 4 Jan 2005 01:45:22 +0100 + +quagga (0.97.3-2) unstable; urgency=low + + * Included isisd in the daemon list. + * Wrote an isisd manpage. + * It is now ensured that zebra is always the last daemon to be stopped. + * (Thanks to Hasso Tepper for mailing me a long list of suggestions + which lead to this release) + + -- Christian Hammers Sat, 18 Dec 2004 13:14:55 +0100 + +quagga (0.97.3-1) unstable; urgency=medium + + * New upstream version. + - Fixes important OSPF bug. + * Added ht-20040911-smux.patch regarding Quagga bug #112. + * Updated ht-20041109-0.97.3-bgp-md5.patch for BGP with TCP MD5 + (thanks to Matthias Wamser). + + -- Christian Hammers Tue, 9 Nov 2004 17:45:26 +0100 + +quagga (0.97.2-4) unstable; urgency=low + + * Added Portuguese debconf translation (thanks to Andre Luis Lopes). + Closes: #279352 + * Disabled ospfapi server by default on recommendation of Paul Jakma. + + -- Christian Hammers Sun, 7 Nov 2004 15:07:05 +0100 + +quagga (0.97.2-3) unstable; urgency=low + + * Added Andrew Schorrs VTY Buffer patch from the [quagga-dev 1729]. + + -- Christian Hammers Tue, 2 Nov 2004 00:46:56 +0100 + +quagga (0.97.2-2) unstable; urgency=low + + * Changed file and directory permissions and ownerships according to a + suggestion from Paul Jakma. Still not perfect though. + * Fixed upstream vtysh.conf.sample file. + * "ip ospf network broadcast" is now saved correctly. Closes: #244116 + * Daemon options are now in /etc/quagga/debian.conf to be user + configurable (thanks to Simon Raven and Hasso Tepper). Closes: #266715 + + -- Christian Hammers Tue, 26 Oct 2004 23:35:45 +0200 + +quagga (0.97.2-1) unstable; urgency=low + + * New upstream version. + Closes: #254541 + * Fixed warning on unmodular kernels (thanks to Christoph Biedl). + Closes: #277973 + + -- Christian Hammers Mon, 25 Oct 2004 00:47:04 +0200 + +quagga (0.97.1-2) unstable; urgency=low + + * Version 0.97 introduced shared libraries. They are now included. + (thanks to Raf D'Halleweyn). Closes: #277446 + + -- Christian Hammers Wed, 20 Oct 2004 15:32:06 +0200 + +quagga (0.97.1-1) unstable; urgency=low + + * New upstream version. + * Removed some obsolete files from debian/patches. + * Added patch from upstream bug 113. Closes: #254541 + * Added patch from upstream that fixes a compilation problem in the + ospfclient code (thanks to Hasso Tepper). + * Updated German debconf translation (thanks to Jens Nachtigall) + Closes: #277059 + + -- Christian Hammers Mon, 18 Oct 2004 01:16:35 +0200 + +quagga (0.96.5-11) unstable; urgency=low + + * Fixed /tmp/buildd/* paths in binaries. + For some unknown reason the upstream Makefile modified a .h file at + the end of the "debian/rules build" target. During the following + "make install" one library got thus be re*compiled* - with /tmp/buildd + paths as sysconfdir (thanks to Peder Chr. Norgaard). Closes: #274050 + + -- Christian Hammers Fri, 1 Oct 2004 01:21:02 +0200 + +quagga (0.96.5-10) unstable; urgency=medium + + * The BGP routing daemon might freeze on network disturbances when + their peer is also a Quagga/Zebra router. + Applied patch from http://bugzilla.quagga.net/show_bug.cgi?id=102 + which has been confirmed by the upstream author. + (thanks to Gunther Stammwitz) + * Changed --enable-pam to --with-libpam (thanks to Hasso Tepper). + Closes: #264562 + * Added patch for vtysh (thanks to Hasso Tepper). Closes: #215919 + + -- Christian Hammers Mon, 9 Aug 2004 15:33:02 +0200 + +quagga (0.96.5-9) unstable; urgency=low + + * Rewrote the documentation chapter about SNMP support. Closes: #195653 + * Added MPLS docs. + + -- Christian Hammers Thu, 29 Jul 2004 21:01:52 +0200 + +quagga (0.96.5-8) unstable; urgency=low + + * Adjusted a grep in the initscript to also match a modprobe message + from older modutils packages (thanks to Faidon Paravoid). + + -- Christian Hammers Wed, 28 Jul 2004 21:19:02 +0200 + +quagga (0.96.5-7) unstable; urgency=low + + * Added a "cd /etc/quagga/" to the init script as quagga tries to load + the config file first from the current working dir and then from the + config dir which could lead to confusion (thanks to Marco d'Itri). + Closes: #255078 + * Removed warning regarding problems with the Debian kernels from + README.Debian as they are no longer valid (thanks to Raphael Hertzog). + Closes: #257580 + * Added patch from Hasso Tepper that makes "terminal length 0" work + in vtysh (thanks to Matthias Wamser). Closes: #252579 + + -- Christian Hammers Thu, 8 Jul 2004 21:53:21 +0200 + +quagga (0.96.5-6) unstable; urgency=low + + * Try to load the capability module as it is needed now. + + -- Christian Hammers Tue, 8 Jun 2004 23:25:29 +0200 + +quagga (0.96.5-5) unstable; urgency=low + + * Changed the homedir of the quagga user to /etc/quagga/ to allow + admins to put ~/.ssh/authorized_keys there (thanks to Matthias Wamser). + Closes: #252577 + + -- Christian Hammers Sat, 5 Jun 2004 14:47:31 +0200 + +quagga (0.96.5-4) unstable; urgency=medium + + * Fixed rules file to use the renamed ./configure option --enable-tcp-md5 + (thanks to Matthias Wamser). Closes: #252141 + + -- Christian Hammers Tue, 1 Jun 2004 22:58:32 +0200 + +quagga (0.96.5-3) unstable; urgency=low + + * Provided default binary package name to all build depends that were + virtual packages (thanks to Goswin von Brederlow). Closes: #251625 + + -- Christian Hammers Sat, 29 May 2004 22:48:53 +0200 + +quagga (0.96.5-2) unstable; urgency=low + + * New upstream version. + * New md5 patch version (thanks to Niklas Jakobsson and Hasso Tepper). + Closes: #250985 + * Fixes info file generation (thanks to Peder Chr. Norgaard). + Closes: #250992 + * Added catalan debconf translation (thanks to Aleix Badia i Bosch). + Closes: #250118 + * PATCHES: + This release contains BGP4 MD5 support which requires a kernel patch + to work. See /usr/share/doc/quagga/README.Debian.MD5. + (The patch is ht-20040525-0.96.5-bgp-md5.patch from Hasso Tepper) + + -- Christian Hammers Thu, 27 May 2004 20:09:37 +0200 + +quagga (0.96.5-1) unstable; urgency=low + + * New upstream version. + * PATCHES: + This release contains BGP4 MD5 support which also requires a kernel patch. + See /usr/share/doc/quagga/README.Debian.MD5 and search for CAN-2004-0230. + + -- Christian Hammers Sun, 16 May 2004 17:40:40 +0200 + +quagga (0.96.4x-10) unstable; urgency=low + + * SECURITY: + This release contains support for MD5 for BGP which is one suggested + prevention of the actually long known TCP SYN/RST attacks which got + much news in the last days as ideas were revealed that made them much + easier probable agains especially the BGP sessions than commonly known. + There are a lot of arguments agains the MD5 approach but some ISPs + started to require it. + See: CAN-2004-0230, http://www.us-cert.gov/cas/techalerts/TA04-111A.html + * PATCHES: + This release contains the MD5 patch from Hasso Tepper. It also seems to + required a kernel patch. See /usr/share/doc/quagga/README.Debian.MD5. + + -- Christian Hammers Thu, 29 Apr 2004 01:01:38 +0200 + +quagga (0.96.4x-9) unstable; urgency=low + + * Fixed daemon loading order (thanks to Matt Kemner). + * Fixed typo in init script (thanks to Charlie Brett). Closes: #238582 + + -- Christian Hammers Sun, 4 Apr 2004 15:32:18 +0200 + +quagga (0.96.4x-8) unstable; urgency=low + + * Patched upstream source so that quagga header files end up in + /usr/include/quagga/. Closes: #233792 + + -- Christian Hammers Mon, 23 Feb 2004 01:42:53 +0100 + +quagga (0.96.4x-7) unstable; urgency=low + + * Fixed info file installation (thanks to Holger Dietze). Closes: #227579 + * Added Japanese translation (thanks to Hideki Yamane). Closes: #227812 + + -- Christian Hammers Sun, 18 Jan 2004 17:28:29 +0100 + +quagga (0.96.4x-6) unstable; urgency=low + + * Added dependency to iproute. + * Initscript now checks not only for the pid file but also for the + daemons presence (thanks to Phil Gregory). Closes: #224389 + * Added my patch to configure file permissions. + + -- Christian Hammers Mon, 15 Dec 2003 22:34:29 +0100 + +quagga (0.96.4x-5) unstable; urgency=low + + * Added patch which gives bgpd the CAP_NET_RAW capability to allow it + to bind to special IPv6 link-local interfaces (Thanks to Bastian Blank). + Closes: #222930 + * Made woody backport easier by applying Colin Watsons po-debconf hack. + Thanks to Marc Haber for suggesting it. Closes: #223527 + * Made woody backport easier by applying a patch that removes some + obscure whitespaces inside an C macro. (Thanks to Marc Haber). + Closes: #223529 + * Now uses /usr/bin/pager. Closes: #204070 + * Added note about the "official woody backports" on my homepage. + + -- Christian Hammers Mon, 15 Dec 2003 20:39:06 +0100 + +quagga (0.96.4x-4) unstable; urgency=high + + * SECURITY: + Fixes another bug that was originally reported against Zebra. + . + http://rhn.redhat.com/errata/RHSA-2003-307.html + Herbert Xu reported that Zebra can accept spoofed messages sent on the + kernel netlink interface by other users on the local machine. This could + lead to a local denial of service attack. The Common Vulnerabilities and + Exposures project (cve.mitre.org) has assigned the name CAN-2003-0858 to + this issue. + + * Minor improvements to init script (thanks to Iustin Pop). + Closes: #220938 + + -- Christian Hammers Sat, 22 Nov 2003 13:27:57 +0100 + +quagga (0.96.4x-3) unstable; urgency=low + + * Changed "more" to "/usr/bin/pager" as default pager if $PAGER or + $VTYSH_PAGER is not set (thanks to Bastian Blank). Closes: #204070 + * Made the directory (but not the config/log files!) world accessible + again on user request (thanks to Anand Kumria)). Closes: #213129 + * No longer providing sample configuration in /etc/quagga/. They are + now only available in /usr/share/doc/quagga/ to avoid accidently + using them without changing the adresses (thanks to Marc Haber). + Closes: #215918 + + -- Christian Hammers Sun, 16 Nov 2003 16:59:30 +0100 + +quagga (0.96.4x-2) unstable; urgency=low + + * Fixed permission problem with pidfile (thanks to Kir Kostuchenko). + Closes: #220938 + + -- Christian Hammers Sun, 16 Nov 2003 14:24:08 +0100 + +quagga (0.96.4x-1) unstable; urgency=low + + * Reupload of 0.96.4. Last upload-in-a-hurry produced a totally + crappy .tar.gz file. Closes: #220621 + + -- Christian Hammers Fri, 14 Nov 2003 19:45:57 +0100 + +quagga (0.96.4-1) unstable; urgency=high + + * SECURITY: Remote DoS of protocol daemons. + Fix for a remote triggerable crash in vty layer. The management + ports ("telnet myrouter ospfd") should not be open to the internet! + + * New upstream version. + - OSPF bugfixes. + - Some improvements for bgp and rip. + + -- Christian Hammers Thu, 13 Nov 2003 11:52:27 +0100 + +quagga (0.96.3-3) unstable; urgency=low + + * Fixed pid file generation by substituting the daemons "-d" by the + start-stop-daemon option "--background" (thanks to Micha Gaisser). + Closes: #218103 + + -- Christian Hammers Wed, 29 Oct 2003 05:17:49 +0100 + +quagga (0.96.3-2) unstable; urgency=low + + * Readded GNOME-PRODUCT-ZEBRA-MIB. + + -- Christian Hammers Thu, 23 Oct 2003 06:17:03 +0200 + +quagga (0.96.3-1) unstable; urgency=medium + + * New upstream version. + * Removed -u and -e in postrm due to problems with debhelper and userdel + (thanks to Adam Majer and Jaakko Niemi). Closes: #216770 + * Removed SNMP MIBs as they are now included in libsnmp-base (thanks to + David Engel and Peter Gervai). Closes: #216138, #216086 + * Fixed seq command in init script (thanks to Marc Haber). Closes: #215915 + * Improved /proc check (thanks to Marc Haber). Closes: #212331 + + -- Christian Hammers Thu, 23 Oct 2003 03:42:02 +0200 + +quagga (0.96.2-9) unstable; urgency=medium + + * Removed /usr/share/info/dir.* which were accidently there and prevented + the installation by dpkg (thanks to Simon Raven). Closes: #212614 + * Reworded package description (thanks to Anand Kumria). Closes: #213125 + * Added french debconf translation (thanks to Christian Perrier). + Closes: #212803 + + -- Christian Hammers Tue, 7 Oct 2003 13:26:58 +0200 + +quagga (0.96.2-8) unstable; urgency=low + + * debian/rules now checks if /proc is mounted as ./configure needs + it but just fails with an obscure error message if it is absent. + (Thanks to Norbert Tretkowski). Closes: #212331 + + -- Christian Hammers Tue, 23 Sep 2003 12:57:38 +0200 + +quagga (0.96.2-7) unstable; urgency=low + + * Last build was rejected due to a buggy dpkg-dev version. Rebuild. + + -- Christian Hammers Mon, 22 Sep 2003 20:34:12 +0200 + +quagga (0.96.2-6) unstable; urgency=low + + * Fixed init script so that is is now possible to just start + the bgpd but not the zebra daemon. Also daemons are now actually + started in the order defined their priority. (Thanks to Thomas Kaehn + and Jochen Friedrich) Closes: #210924 + + -- Christian Hammers Fri, 19 Sep 2003 21:17:02 +0200 + +quagga (0.96.2-5) unstable; urgency=low + + * For using quagga as BGP route server or similar, it is not + wanted to have the zebra daemon running too. For this reason + it can now be disabled in /etc/quagga/daemons, too. + (Thanks to Jochen Friedrich). Closes: #210924 + * Attached *unapplied* patch for the ISIS protocol. I did not dare + to apply it as long as upstream does not do it but this way give + users the possibilities to use it if they like to. + (Thanks to Remco van Mook) + + -- Christian Hammers Wed, 17 Sep 2003 19:57:31 +0200 + +quagga (0.96.2-4) unstable; urgency=low + + * Enabled IPV6 router advertisement feature by default on user request + (thanks to Jochen Friedrich and Hasso Tepper). Closes: #210732 + * Updated GNU autoconf to let it build on hppa/parisc64 (thanks to + lamont). Closes: #210492 + + -- Christian Hammers Sat, 13 Sep 2003 14:11:13 +0200 + +quagga (0.96.2-3) unstable; urgency=medium + + * Removed unnecessary "-lcrypto" to avoid dependency against OpenSSL + which would require further copyright addtions. + + -- Christian Hammers Wed, 10 Sep 2003 01:37:28 +0200 + +quagga (0.96.2-2) unstable; urgency=low + + * Added note that config files of quagga are in /etc/quagga and + not /etc/zebra for the zebra users that migrate to quagga. + (Thanks to Roberto Suarez Soto for the idea) + * Fixed setgid rights in /etc/quagga. + + -- Christian Hammers Wed, 27 Aug 2003 14:05:39 +0200 + +quagga (0.96.2-1) unstable; urgency=low + + * This package has formally been known as "zebra-pj"! + * New upstream release. + Fixes "anoying OSPF problem". + * Modified group ownerships so that vtysh can now be used by normal + uses if they are in the quaggavty group. + + -- Christian Hammers Mon, 25 Aug 2003 23:40:14 +0200 + +quagga (0.96.1-1) unstable; urgency=low + + * Zebra-pj, the fork of zebra has been renamed to quagga as the original + upstream author asked the new project membed not to use "zebra" in the + name. zebra-pj is obsolete. + + -- Christian Hammers Mon, 18 Aug 2003 23:37:20 +0200 + +zebra-pj (0.94+cvs20030721-1) unstable; urgency=low + + * New CVS build. + - OSPF changes (integration of the OSPF API?) + - code cleanups (for ipv6?) + * Tightened Build-Deps to gcc-2.95 as 3.x does not compile a stable ospfd. + This is a known problem and has been discussed on the mailing list. + No other solutions so far. + + -- Christian Hammers Mon, 21 Jul 2003 23:52:00 +0200 + +zebra-pj (0.94+cvs20030701-1) unstable; urgency=low + + * Initial Release. + + -- Christian Hammers Tue, 1 Jul 2003 01:58:06 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..7f8f011 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +7 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..71c412a --- /dev/null +++ b/debian/control @@ -0,0 +1,54 @@ +Source: frr +Section: net +Priority: optional +Maintainer: Nobody +Uploaders: Nobody +XSBC-Original-Maintainer: +Build-Depends: debhelper (>= 7.0.50~), libncurses5-dev, libreadline-dev, texlive-latex-base, texlive-generic-recommended, libpam0g-dev | libpam-dev, libcap-dev, texinfo (>= 4.7), autotools-dev, libpcre3-dev, gawk, chrpath, libsnmp-dev, git, dh-autoreconf, libjson-c-dev, libjson-c2 | libjson-c3, dh-systemd, libsystemd-dev, bison, flex, libc-ares-dev, pkg-config, python (>= 2.7), python-ipaddr, python-sphinx, libpython-dev, install-info +Standards-Version: 3.9.6 +Homepage: http://www.frrouting.org/ + +Package: frr +Architecture: any +Depends: ${shlibs:Depends}, logrotate (>= 3.2-11), iproute2 | iproute, ${misc:Depends}, libc-ares2 +Pre-Depends: adduser +Conflicts: zebra, zebra-pj, quagga +Replaces: zebra, zebra-pj +Suggests: snmpd +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon forked from Quagga + FRR is free software which manages TCP/IP based routing protocols. + It supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, RIPng, + PIM and LDP as well as the IPv6 versions of these. + . + FRR is a fork of Quagga with an open community model. The main git + lives on https://github.com/frrouting/frr.git + +Package: frr-dbg +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, frr (= ${binary:Version}) +Priority: extra +Section: debug +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon (debug symbols) + This package provides debugging symbols for all binary packages built + from frr source package. It's highly recommended to have this package + installed before reporting any FRR crashes to either FRR developers or + Debian package maintainers. + +Package: frr-doc +Section: net +Architecture: all +Depends: ${misc:Depends} +Suggests: frr +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon (documentation) + This package includes info files for frr, a free software which manages + TCP/IP based routing protocols. It supports BGP4, BGP4+, OSPFv2, OSPFv3, + IS-IS, RIPv1, RIPv2, RIPng, PIM and LDP as well as the IPv6 versions of these. + +Package: frr-pythontools +Section: net +Architecture: all +Depends: ${misc:Depends}, frr (= ${binary:Version}), python (>= 2.7), python-ipaddr +Description: BGP/OSPF/RIP/RIPng/ISIS/PIM/LDP routing daemon (Python Tools) + This package includes info files for frr, a free software which manages + TCP/IP based routing protocols. It supports BGP4, BGP4+, OSPFv2, OSPFv3, + IS-IS, RIPv1, RIPv2, RIPng, PIM and LDP as well as the IPv6 versions of these. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..7b873ab --- /dev/null +++ b/debian/copyright @@ -0,0 +1,29 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Frr +Upstream-Contact: maintainers@frrouting.org, security@frrouting.org +Source: http://www.frrouting.org/ + +Files: * +Copyright: 1996-2003 by the original Zebra authors: + Kunihiro Ishiguro + Toshiaki Takada + Yasuhiro Ohara + 2003-2012 by the Quagga Project, mostly Paul Jakma +License: GPL-2+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. diff --git a/debian/frr-dbg.lintian-overrides b/debian/frr-dbg.lintian-overrides new file mode 100644 index 0000000..7880bba --- /dev/null +++ b/debian/frr-dbg.lintian-overrides @@ -0,0 +1 @@ +frr-dbg: debug-file-with-no-debug-symbols usr/lib/debug/usr/lib/libfrrfpm_pb.so.0.0.0 diff --git a/debian/frr-doc.docs b/debian/frr-doc.docs new file mode 100644 index 0000000..d2218d0 --- /dev/null +++ b/debian/frr-doc.docs @@ -0,0 +1,5 @@ +AUTHORS +NEWS +README +doc/user/*.rst +doc/figures/*.png diff --git a/debian/frr-doc.info b/debian/frr-doc.info new file mode 100644 index 0000000..a83255a --- /dev/null +++ b/debian/frr-doc.info @@ -0,0 +1 @@ +doc/user/_build/texinfo/frr.info diff --git a/debian/frr-doc.install b/debian/frr-doc.install new file mode 100644 index 0000000..8854b2c --- /dev/null +++ b/debian/frr-doc.install @@ -0,0 +1 @@ +doc/user/_build/texinfo/*.png usr/share/info diff --git a/debian/frr-doc.lintian-overrides b/debian/frr-doc.lintian-overrides new file mode 100644 index 0000000..1fe64ff --- /dev/null +++ b/debian/frr-doc.lintian-overrides @@ -0,0 +1 @@ +frr-doc: wrong-section-according-to-package-name frr-doc => doc diff --git a/debian/frr-pythontools.install b/debian/frr-pythontools.install new file mode 100644 index 0000000..aee093c --- /dev/null +++ b/debian/frr-pythontools.install @@ -0,0 +1 @@ +tools/frr-reload.py usr/lib/frr/ diff --git a/debian/frr.conf b/debian/frr.conf new file mode 100644 index 0000000..dee3cd8 --- /dev/null +++ b/debian/frr.conf @@ -0,0 +1,2 @@ +# Create the /run/frr directory at boot or from systemd-tmpfiles on install +d /run/frr 0755 frr frr diff --git a/debian/frr.dirs b/debian/frr.dirs new file mode 100644 index 0000000..56699b2 --- /dev/null +++ b/debian/frr.dirs @@ -0,0 +1,8 @@ +etc/logrotate.d/ +etc/frr/ +etc/iproute2/rt_protos.d/ +usr/share/doc/frr/ +usr/share/doc/frr/examples/ +usr/share/lintian/overrides/ +usr/share/snmp/mibs/ +var/log/frr/ diff --git a/debian/frr.docs b/debian/frr.docs new file mode 100644 index 0000000..f72aae1 --- /dev/null +++ b/debian/frr.docs @@ -0,0 +1,2 @@ +tools +debian/README.Debian diff --git a/debian/frr.install b/debian/frr.install new file mode 100644 index 0000000..20a58bb --- /dev/null +++ b/debian/frr.install @@ -0,0 +1,12 @@ +etc/frr/ +usr/bin/vtysh +usr/bin/mtracebis +usr/include/frr/ +usr/lib/ +tools/frr usr/lib/frr +usr/share/doc/frr/ +usr/share/snmp/mibs/ +tools/etc/* etc/ +tools/*.service lib/systemd/system +tools/frr-reload usr/lib/frr/ +debian/frr.conf usr/lib/tmpfiles.d diff --git a/debian/frr.lintian-overrides b/debian/frr.lintian-overrides new file mode 100644 index 0000000..2e9888e --- /dev/null +++ b/debian/frr.lintian-overrides @@ -0,0 +1,6 @@ +frr: non-dev-pkg-with-shlib-symlink usr/lib/libfrrospfapiclient.so.0.0.0 usr/lib/libfrrospfapiclient.so +frr: non-dev-pkg-with-shlib-symlink usr/lib/libfrr.so.0.0.0 usr/lib/libfrr.so +frr: non-dev-pkg-with-shlib-symlink usr/lib/libfrrfpm_pb.so.0.0.0 usr/lib/libfrrfpm_pb.so +frr: package-name-doesnt-match-sonames libfrr0 libfrrfpm-pb0 libfrrospfapiclient0 +frr: systemd-service-file-refers-to-unusual-wantedby-target lib/systemd/system/frr.service network-online.target +frr: shared-lib-without-dependency-information usr/lib/libfrrfpm_pb.so.0.0.0 diff --git a/debian/frr.logrotate b/debian/frr.logrotate new file mode 100644 index 0000000..750b9ae --- /dev/null +++ b/debian/frr.logrotate @@ -0,0 +1,27 @@ +/var/log/frr/*.log { + size 500k + sharedscripts + missingok + compress + rotate 14 + create 640 frr frrvty + + postrotate + pid=$(lsof -t -a -c /syslog/ /var/log/frr/* 2>/dev/null) + if [ -n "$pid" ] + then # using syslog + kill -HUP $pid + fi + # in case using file logging; if switching back and forth + # between file and syslog, rsyslogd might still have file + # open, as well as the daemons, so always signal the daemons. + # It's safe, a NOP if (only) syslog is being used. + for i in babeld bgpd eigrpd isisd ldpd nhrpd ospf6d ospfd \ + pimd ripd ripngd zebra staticd ; do + if [ -e /var/run/frr/$i.pid ] ; then + pids="$pids $(cat /var/run/frr/$i.pid)" + fi + done + [ -n "$pids" ] && kill -USR1 $pids || true + endscript +} diff --git a/debian/frr.manpages b/debian/frr.manpages new file mode 100644 index 0000000..d4bb920 --- /dev/null +++ b/debian/frr.manpages @@ -0,0 +1,15 @@ +doc/manpages/_build/man/frr.1 +doc/manpages/_build/man/bgpd.8 +doc/manpages/_build/man/pimd.8 +doc/manpages/_build/man/eigrpd.8 +doc/manpages/_build/man/ldpd.8 +doc/manpages/_build/man/nhrpd.8 +doc/manpages/_build/man/ospf6d.8 +doc/manpages/_build/man/ospfd.8 +doc/manpages/_build/man/ripd.8 +doc/manpages/_build/man/ripngd.8 +doc/manpages/_build/man/vtysh.1 +doc/manpages/_build/man/zebra.8 +doc/manpages/_build/man/isisd.8 +doc/manpages/_build/man/watchfrr.8 +doc/manpages/_build/man/mtracebis.8 diff --git a/debian/frr.pam b/debian/frr.pam new file mode 100644 index 0000000..2b106d4 --- /dev/null +++ b/debian/frr.pam @@ -0,0 +1,3 @@ +# Any user may call vtysh but only those belonging to the group frrvty can +# actually connect to the socket and use the program. +auth sufficient pam_permit.so diff --git a/debian/frr.postinst b/debian/frr.postinst new file mode 100644 index 0000000..32af741 --- /dev/null +++ b/debian/frr.postinst @@ -0,0 +1,37 @@ +#!/bin/bash -e + +###################### +PASSWDFILE=/etc/passwd +GROUPFILE=/etc/group + +frruid=`egrep "^frr:" $PASSWDFILE | awk -F ":" '{ print $3 }'` +frrgid=`egrep "^frr:" $GROUPFILE | awk -F ":" '{ print $3 }'` +frrvtygid=`egrep "^frrvty:" $GROUPFILE | awk -F ":" '{ print $3 }'` + +[ -n ${frruid} ] || (echo "No uid for frr in ${PASSWDFILE}" && /bin/false) +[ -n ${frrgid} ] || (echo "No gid for frr in ${GROUPFILE}" && /bin/false) +[ -n ${frrVTYgid} ] || (echo "No gid for frrvty in ${GROUPFILE}" && /bin/false) + +chown ${frruid}:${frrgid} /etc/frr +chown ${frruid}:${frrgid} /etc/frr/* +touch /etc/frr/vtysh.conf +chgrp ${frrvtygid} /etc/frr/vtysh* +chmod 644 /etc/frr/* + +ENVIRONMENTFILE=/etc/environment +if ! egrep --quiet '^VTYSH_PAGER=' ${ENVIRONMENTFILE}; then + echo "VTYSH_PAGER=/bin/cat" >> ${ENVIRONMENTFILE} +fi +################################################## + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} + +# This is most likely due to the answer "no" to the "really stop the server" +# question in the prerm script. +if [ "$1" = "abort-upgrade" ]; then + exit 0 +fi + +#DEBHELPER# + diff --git a/debian/frr.postrm b/debian/frr.postrm new file mode 100644 index 0000000..26576fd --- /dev/null +++ b/debian/frr.postrm @@ -0,0 +1,12 @@ +#!/bin/bash -e + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} +# set -u not because of debhelper + +if [ "$1" = "purge" ]; then + rm -rf /etc/frr /var/run/frr /var/log/frr + userdel frr >/dev/null 2>&1 || true +fi + +#DEBHELPER# diff --git a/debian/frr.preinst b/debian/frr.preinst new file mode 100644 index 0000000..477e690 --- /dev/null +++ b/debian/frr.preinst @@ -0,0 +1,81 @@ +#!/bin/bash + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} +set -e +set -u + +# creating frrvty group if it isn't already there +if ! getent group frrvty >/dev/null; then + addgroup --system frrvty >/dev/null +fi + +# creating frr group if it isn't already there +if ! getent group frr >/dev/null; then + addgroup --system frr >/dev/null +fi + +# creating frr user if he isn't already there +if ! getent passwd frr >/dev/null; then + adduser \ + --system \ + --ingroup frr \ + --home /var/run/frr/ \ + --gecos "Frr routing suite" \ + --shell /bin/false \ + frr >/dev/null +fi + +# We may be installing over an older version of +# frr and as such we need to intelligently +# check to see if the frr user is in the frrvty +# group. +if ! id frr | grep &>/dev/null 'frrvty'; then + usermod -a -G frrvty frr >/dev/null +fi + +# Do not change permissions when upgrading as it would violate policy. +if [ "$1" = "install" ]; then + # Logfiles are group readable in case users were put into the frr group. + d=/var/log/frr/ + mkdir -p $d + chown frr:frr $d + chown --quiet frr:frr $d/* | true + chmod u=rwx,go=rx $d + find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= + + # Strict permissions for the sockets. + d=/var/run/frr/ + mkdir -p $d + chown frr:frr $d + chown --quiet frr:frr $d/* | true + chmod u=rwx,go=rx $d + find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,go= + + # Config files. Vtysh does not have access to the individual daemons config file + d=/etc/frr/ + mkdir -p $d + chown frr:frrvty $d + chmod ug=rwx,o=rx $d + find $d -type f -print0 | xargs -0 --no-run-if-empty chown frr:frr + find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= + + # Exceptions for vtysh. + f=$d/vtysh.conf + if [ -f $f ]; then + chown frr:frrvty $f + chmod u=rw,g=r,o= $f + fi + + # Exceptions for vtysh. + f=$d/frr.conf + if [ -f $d/Zebra.conf ]; then + mv $d/Zebra.conf $f + fi + if [ -f $f ]; then + chown frr:frrvty $f + chmod u=rw,g=r,o= $f + fi +fi + +#DEBHELPER# diff --git a/debian/frr.prerm b/debian/frr.prerm new file mode 100644 index 0000000..4b71202 --- /dev/null +++ b/debian/frr.prerm @@ -0,0 +1,23 @@ +#!/bin/bash -e + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} + +# prerm remove +# old-prerm upgrade new-version +# new-prerm failed-upgrade old-version +# conflictor's-prerm remove in-favour package new-version +# deconfigured's-prerm deconfigure in-favour package-being-installed version removing conflicting-package +case $1 in + remove|upgrade) + ;; + + failed-upgrade) + # If frr/really_stop was negated then this script exits with return + # code 1 and is called again with "failed-upgrade". Well, exit again. + exit 1 + ;; + +esac + +#DEBHELPER# diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..811d45b --- /dev/null +++ b/debian/rules @@ -0,0 +1,229 @@ +#!/usr/bin/make -f + +# FRRouting Configuration options +###################################### +# +# WANT_xxxx --> Set to 1 for enable, 0 for disable +# The following are the defaults. They can be overridden by setting a +# env variable to a different value + +WANT_LDP ?= 1 +WANT_PIM ?= 1 +WANT_OSPFAPI ?= 1 +WANT_BGP_VNC ?= 1 +WANT_CUMULUS_MODE ?= 0 +WANT_MULTIPATH ?= 1 +WANT_SNMP ?= 0 +WANT_RPKI ?= 0 +WANT_BFD ?= 1 + +# NOTES: +# +# If you use WANT_RPKI, then there is a new dependency for librtr0 package +# and a build dependency of the librtr-dev package. +# While the librtr0 is added to the depenencies automatically, the build +# dependency can't be changed dynamically and building will fail if the +# librtr-dev isn't installed during package build +# Tested versions of both packages can be found at +# https://ci1.netdef.org/browse/RPKI-RTRLIB/latestSuccessful/artifact +# +# If multipath is enabled (WANT_MULTIPATH=1), then set number of multipaths here +# Please be aware that 0 is NOT disabled, but treated as unlimited + +MULTIPATH ?= 256 + +# Set the following to the value required (or leave alone for the default below) +# WANT_FRR_USER is used for the username and groupname of the FRR user account + +WANT_FRR_USER ?= frr +WANT_FRR_VTY_GROUP ?= frrvty + +# Don't build PDF docs by default +GENERATE_PDF ?= 0 + +# +#################################### + +export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +export DH_OPTIONS=-v + +ifeq ($(WANT_SNMP), 1) + USE_SNMP=--enable-snmp + $(warning "DEBIAN: SNMP enabled, sorry for your inconvenience") +else + USE_SNMP=--disable-snmp + $(warning "DEBIAN: SNMP disabled, see README.Debian") +endif + +ifeq ($(WANT_LDP), 1) + USE_LDP=--enable-ldpd +else + USE_LDP=--disable-ldpd +endif + +ifeq ($(WANT_PIM), 1) + USE_PIM=--enable-pimd +else + USE_PIM=--disable-pimd +endif + +ifeq ($(WANT_OSPFAPI), 1) + USE_OSPFAPI=--enable-ospfapi=yes +else + USE_OSPFAPI=--enable-ospfapi=no +endif + +ifeq ($(WANT_BGP_VNC), 1) + USE_BGP_VNC=--enable-bgp-vnc=yes +else + USE_BGP_VNC=--enable-bgp-vnc=no +endif + +USE_FRR_USER=--enable-user=$(WANT_FRR_USER) +USE_FRR_GROUP=--enable-group=$(WANT_FRR_USER) +USE_FRR_VTY_GROUP=--enable-vty-group=$(WANT_FRR_VTY_GROUP) + +ifeq ($(WANT_MULTIPATH), 1) + USE_MULTIPATH=--enable-multipath=$(MULTIPATH) +else + USE_MULTIPATH=--disable-multipath +endif + +ifeq ($(WANT_CUMULUS_MODE), 1) + USE_CUMULUS=--enable-cumulus=yes +else + USE_CUMULUS=--enable-cumulus=no +endif + +ifeq ($(WANT_RPKI), 1) + USE_RPKI=--enable-rpki +else + USE_RPKI=--disable-rpki +endif + +ifeq ($(WANT_BFD), 1) + USE_BFD=--enable-bfdd +else + USE_BFD=--disable-bfdd +endif + +ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + DEBIAN_JOBS := $(subst parallel=,,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +endif + +ifdef DEBIAN_JOBS +MAKEFLAGS += -j$(DEBIAN_JOBS) +endif + +%: + dh $@ --with=systemd,autoreconf --parallel --dbg-package=frr-dbg --list-missing + +override_dh_gencontrol: +ifeq ($(WANT_RPKI), 1) + dh_gencontrol -- -Vdist:Depends="librtr0 (>= 0.5)" +else + dh_gencontrol +endif + +override_dh_auto_configure: + # Frr needs /proc to check some BSD vs Linux specific stuff. + # Else it fails with an obscure error message pointing out that + # IPCTL_FORWARDING is an undefined symbol which is not very helpful. + @if ! [ -d /proc/1 ]; then \ + echo "./configure needs a mounted /proc"; \ + exit 1; \ + fi + + if ! [ -e config.status ]; then \ + dh_auto_configure -- \ + --enable-exampledir=/usr/share/doc/frr/examples/ \ + --localstatedir=/var/run/frr \ + --sbindir=/usr/lib/frr \ + --sysconfdir=/etc/frr \ + $(USE_SNMP) \ + $(USE_OSPFAPI) \ + $(USE_MULTIPATH) \ + $(USE_LDP) \ + --enable-fpm \ + $(USE_FRR_USER) $(USE_FRR_GROUP) \ + $(USE_FRR_VTY_GROUP) \ + --enable-configfile-mask=0640 \ + --enable-logfile-mask=0640 \ + --enable-werror \ + --with-libpam \ + --enable-systemd=yes \ + --enable-poll=yes \ + $(USE_CUMULUS) \ + $(USE_PIM) \ + --enable-dependency-tracking \ + $(USE_BGP_VNC) \ + $(USE_RPKI) \ + $(USE_BFD) \ + $(shell dpkg-buildflags --export=configure); \ + fi + +override_dh_auto_build: + # doc/ is a bit crazy +ifeq ($(GENERATE_PDF), 1) + dh_auto_build -- -C doc pdf +endif + rm -vf doc/user/_build/texinfo/frr.info + dh_auto_build -- -C doc info + +override_dh_auto_test: + +override_dh_auto_install: + dh_auto_install + + # installed in frr-pythontools + rm debian/tmp/usr/lib/frr/frr-reload.py + + # cleaning up the info dir + rm -f debian/tmp/usr/share/info/dir* + + # install config files + mkdir -p debian/tmp/etc/frr/ + perl -pi -e 's#^!log file #!log file /var/log/frr/#' debian/tmp/usr/share/doc/frr/examples/*sample* + + # leftover from previously shipping SMUX client OID MIB + mkdir -p debian/tmp/usr/share/snmp/mibs/ + + # cleaning .la files + sed -i "/dependency_libs/ s/'.*'/''/" debian/tmp/usr/lib/*.la + sed -i "/dependency_libs/ s/'.*'/''/" debian/tmp/usr/lib/frr/modules/*.la + +override_dh_systemd_start: + dh_systemd_start frr.service + +override_dh_systemd_enable: + dh_systemd_enable frr.service + +# backports +SRCPKG = frr +KNOWN_BACKPORTS = debian8 debian9 ubuntu12.04 ubuntu14.04 ubuntu16.04 ubuntu17.10 ubuntu18.04 +DEBIAN_VERSION := $(shell dh_testdir && \ + dpkg-parsechangelog -c1 < debian/changelog | \ + sed -rn 's/^Version: ?//p') +ORIG_VERSION := $(DEBIAN_VERSION) +-include debian/backports/rules + +ifneq ($(TARBALLDIR),) +ifeq ($(wildcard frr-$(ORIG_VERSION).tar.gz),frr-$(ORIG_VERSION).tar.gz) + +$(TARBALLDIR)/$(SRCPKG)_$(ORIG_VERSION).orig.tar.gz: \ + frr-$(ORIG_VERSION).tar.gz + cp $< $@ + +else # wildcard frr-$(ORIG_VERSION).tar.gz + +# better error message on missing .orig.tar.gz +$(TARBALLDIR)/$(SRCPKG)_$(ORIG_VERSION).orig.tar.gz: + @ echo "\`$(TARBALLDIR)/$(SRCPKG)-$(ORIG_VERSION).tar.gz'" not \ + found and not generated by debian/rules. Provided you have the \ + necessary packages installed, you can generate it yourself via \ + "\"./bootstrap.sh && ./configure && make dist\"". + exit 1 + +endif # wildcard frr-$(ORIG_VERSION).tar.gz +endif # TARBALLDIR nonempty diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..af745b3 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (git) diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..53fd537 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,3 @@ +Tests: daemons +Depends: frr +Restrictions: needs-root diff --git a/debian/tests/daemons b/debian/tests/daemons new file mode 100644 index 0000000..ac35ecd --- /dev/null +++ b/debian/tests/daemons @@ -0,0 +1,30 @@ +#!/bin/bash +#--------------- +# Testing frr +#--------------- +set -e + +# modify config file to enable all daemons and copy config files +CONFIG_FILE=/etc/frr/daemons +DAEMONS=("zebra" "bgpd" "ospfd" "ospf6d" "ripd" "ripngd" "isisd" "pimd") + +for daemon in "${DAEMONS[@]}" +do + sed -i -e "s/${daemon}=no/${daemon}=yes/g" $CONFIG_FILE + cp /usr/share/doc/frr/examples/${daemon}.conf.sample /etc/frr/${daemon}.conf +done + +# reload frr +/etc/init.d/frr restart > /dev/null 2>&1 + +# check daemons +for daemon in "${DAEMONS[@]}" +do + echo -n "check $daemon - " + if pidof -x $daemon > /dev/null; then + echo "${daemon} OK" + else + echo "ERROR: ${daemon} IS NOT RUNNING" + exit 1 + fi +done diff --git a/debian/watchfrr.rc b/debian/watchfrr.rc new file mode 100644 index 0000000..4110b86 --- /dev/null +++ b/debian/watchfrr.rc @@ -0,0 +1,4 @@ +check process watchfrr with pidfile /var/run/frr/watchfrr.pid + start program = "/etc/init.d/frr start watchfrr" with timeout 120 seconds + stop program = "/etc/init.d/frr stop watchfrr" + if 3 restarts within 10 cycles then timeout -- 2.39.2