Ubuntu
frr package

[MIR]: frr

Bug #1951834 reported by Andreas Hasenack
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
frr (Ubuntu)
Fix Released
Critical
Unassigned
Ubuntu ubuntu-22.04-feature-freeze

Bug Description

[Availability]
The package frr is already in Ubuntu universe.
The package builds for the architectures it is designed to work on.
It currently builds and works for architetcures: amd64, arm64, armhf, ppc64el, s390x, riscv64
Link to package: https://launchpad.net/ubuntu/+source/frr

[Rationale]
frr is a fork and replacement for quagga, which is what we have in main but is unmaintained by upstream.
About quagga:
  - we have been carrying the same version since bionic
  - upstream's git repo is gone (http://git.savannah.gnu.org/cgit/quagga.git)
  - git mirror at https://github.com/Quagga/quagga shows last commit in 2018 (https://github.com/Quagga/quagga
  - mailing lists have crickets (https://lists.quagga.net/pipermail/quagga-users/, https://lists.quagga.net/pipermail/quagga-dev/)

The proposal is to demote quagga, and promote ffr, for jammy.

[Security]
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=frr
4 CVEs in older versions (jammy has 8.1)
CVE-2017-15865 - information leak
CVE-2017-5495 - DoS due to memleak
CVE-2019-5892 - DoS
CVE-2020-12831 - (disputed) info leak via an initially empty world readable config file

site:www.openwall.com/lists/oss-security frr
0 hits (the single hit was for the "frr" string in a pgp signature)

Ubuntu:
https://ubuntu.com/security/cve?q=frr&package=&priority=&version=&status=
https://ubuntu.com/security/CVE-2020-12831 needs triage: (disputed) info leak via an initially empty world readable config file
https://ubuntu.com/security/CVE-2017-5495 only affected quagga in ubuntu it seems

- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package installs services:
/lib/systemd/system/frr.service

Right after installation, one daemon runs as root, the other two as "frr":
root 32148 0.0 0.0 7960 2892 ? Ss 14:02 0:00 /usr/lib/frr/watchfrr -d -F traditional zebra staticd
frr 32161 0.0 0.0 242848 7000 ? Ssl 14:02 0:00 /usr/lib/frr/zebra -d -F traditional -A 127.0.0.1 -s 90000000
frr 32166 0.0 0.0 9256 3608 ? Ss 14:02 0:00 /usr/lib/frr/staticd -d -F traditional -A 127.0.0.1

Many more can be run depending on configuration, though. Default list in /etc/frr/daemons:
bgpd=no
ospfd=no
ospf6d=no
ripd=no
ripngd=no
isisd=no
pimd=no
ldpd=no
nhrpd=no
eigrpd=no
babeld=no
sharpd=no
pbrd=no
bfdd=no
fabricd=no
vrrpd=no
pathd=no

If all are enabled, we get this by default:
frr 1033 0.0 0.0 1722872 9648 ? Ssl 14:42 0:00 /usr/lib/frr/zebra -d -F traditional -A 127.0.0.1 -s 90000000
frr 1038 0.0 0.0 173100 9108 ? Ssl 14:42 0:00 /usr/lib/frr/bgpd -d -F traditional -A 127.0.0.1
frr 1045 0.0 0.0 9916 4192 ? Ss 14:42 0:00 /usr/lib/frr/ripd -d -F traditional -A 127.0.0.1
frr 1048 0.0 0.0 9660 3832 ? Ss 14:42 0:00 /usr/lib/frr/ripngd -d -F traditional -A ::1
frr 1051 0.0 0.0 11852 4900 ? Ss 14:42 0:00 /usr/lib/frr/ospfd -d -F traditional -A 127.0.0.1
frr 1054 0.0 0.0 10828 4632 ? Ss 14:42 0:00 /usr/lib/frr/ospf6d -d -F traditional -A ::1
frr 1057 0.0 0.0 11540 4884 ? Ss 14:42 0:00 /usr/lib/frr/isisd -d -F traditional -A 127.0.0.1
frr 1060 0.0 0.0 9388 3532 ? Ss 14:42 0:00 /usr/lib/frr/babeld -d -F traditional -A 127.0.0.1
frr 1063 0.0 0.0 11540 5088 ? Ss 14:42 0:00 /usr/lib/frr/pimd -d -F traditional -A 127.0.0.1
frr 1071 0.0 0.0 9692 5380 ? S 14:42 0:00 /usr/lib/frr/ldpd -L -u frr -g frr
frr 1072 0.0 0.0 9520 5376 ? S 14:42 0:00 /usr/lib/frr/ldpd -E -u frr -g frr
frr 1074 0.0 0.0 10288 3652 ? Ss 14:42 0:00 /usr/lib/frr/ldpd -d -F traditional -A 127.0.0.1
frr 1078 0.0 0.0 9968 3652 ? Ss 14:42 0:00 /usr/lib/frr/nhrpd -d -F traditional -A 127.0.0.1
frr 1082 0.0 0.0 9812 4000 ? Ss 14:42 0:00 /usr/lib/frr/eigrpd -d -F traditional -A 127.0.0.1
frr 1085 0.0 0.0 9232 3376 ? Ss 14:42 0:00 /usr/lib/frr/pbrd -d -F traditional -A 127.0.0.1
frr 1088 0.0 0.0 9204 3136 ? Ss 14:42 0:00 /usr/lib/frr/staticd -d -F traditional -A 127.0.0.1
frr 1091 0.0 0.0 9496 3596 ? Ss 14:42 0:00 /usr/lib/frr/bfdd -d -F traditional -A 127.0.0.1
frr 1094 0.0 0.0 10460 4052 ? Ss 14:42 0:00 /usr/lib/frr/fabricd -d -F traditional -A 127.0.0.1
frr 1097 0.0 0.0 9256 3472 ? Ss 14:42 0:00 /usr/lib/frr/vrrpd -d -F traditional -A 127.0.0.1
frr 1101 0.0 0.0 9600 3728 ? Ss 14:42 0:00 /usr/lib/frr/pathd -d -F traditional -A 127.0.0.1

- Packages does not open privileged ports (ports < 1024)
The above daemons all listen on unprivileged high ports for the vty interface, but might open privileged ports once configured properly. For example, the RIP routing protocol uses 520/UDP.

- Packages does not contain extensions to security-sensitive software
No. But one could argue that routing is security sensitive.

[Quality assurance - function/usage]
- The package works well right after install
That being said, routing is very site specific. While all the daemons start and run if so requested, definitely some configuration will be needed for them to be useful.

[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has not too many and long term critical bugs open
There are just two open bugs in Ubuntu, filed by me: https://bugs.launchpad.net/ubuntu/+source/frr
- one is this MIR
- the other is LP: #1958162, which I found after trying the package out. I think this one must be fixed, because logging is important.

- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=frr
I would like to highlight this one: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000032: depends on obsolete pcre3 library
The current 8.1-1 upload has a build-depends on libpcre2-dev, replacing libpcre3-dev, so maybe it was fixed. Needs to be checked, as I tried some apt-cache show grepping for pcre and couldn't find any.

- Upstream: https://github.com/FRRouting/frr/issues
Many open and closed bugs, as expected from a busy project. I tried looking for serious ones, but didn't find obvious ones in the first few pages. Going through labels, there wasn't any indicating severity. Using the "security" label returned just one open issue, which might be a corner case and has some technical discussion:
https://github.com/FRRouting/frr/issues/8728

[Quality assurance - testing]
- The package runs a test suite on build time, if it fails
  it makes the build fail, link to build log <TBD>
The build runs a test suite. Last build in jammy:
============================= test session starts ==============================
platform linux -- Python 3.9.8, pytest-6.2.5, py-1.10.0, pluggy-0.13.0 -- /usr/bin/python3
cachedir: .pytest_cache
rootdir: /<<PKGBUILDDIR>>/tests, configfile: pytest.ini
collecting ... collected 440 items

bgpd/test_aspath.py::TestAspath::test_exit_cleanly PASSED [ 0%]
bgpd/test_aspath.py::TestAspath::test_seq1 PASSED [ 0%]
bgpd/test_aspath.py::TestAspath::test_seq2 PASSED [ 0%]
bgpd/test_aspath.py::TestAspath::test_seq3 PASSED [ 0%]
bgpd/test_aspath.py::TestAspath::test_seqset PASSED [ 1%]
bgpd/test_aspath.py::TestAspath::test_seqset2 PASSED [ 1%]
(...)
Link: https://launchpadlibrarian.net/568804185/buildlog_ubuntu-jammy-amd64.frr_8.1-1_BUILDING.txt.gz

There is no dh_auto_test override. I patched a random test to fail, and the build fail accordingly:
self = <test_aspath.TestAspath object at 0x7f6f7bd740a0>
line = 'basic 4-byte as-path'
okfail = re.compile(b'^(?:\\x1b\\[3[12]m)?(?P<ret>OK|failed)', re.MULTILINE)

    def _okfail(self, line, okfail=re_okfail):
        self._onesimple(line)

        m = okfail.search(self.output)
        if m is None:
            raise MultiTestFailure("OK/fail not found")
        self.output = self.output[m.end() :]

        if m.group("ret") != "OK".encode("utf8"):
> raise MultiTestFailure("Test output indicates failure")
E frrtest.MultiTestFailure: Test output indicates failure

helpers/python/frrtest.py:160: MultiTestFailure
---- generated xml file: /home/ubuntu/git/packages/frr/frr/tests/tests.xml -----
=========================== short test summary info ============================
FAILED bgpd/test_aspath.py::TestAspath::test_exit_cleanly - frrtest.MultiTest...
FAILED bgpd/test_aspath.py::TestAspath::test_basic_4_byte_as_path - frrtest.M...
================== 2 failed, 433 passed, 5 skipped in 16.40s ===================
make[1]: *** [Makefile:15534: tests/tests.xml] Error 1
make[1]: Leaving directory '/home/ubuntu/git/packages/frr/frr'
dh_auto_test: error: make -j4 check VERBOSE=1 returned exit code 2
make: *** [debian/rules:33: build] Error 25
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2

The package runs autopkgtests, and is currently passing on all arches but i386, where it's not available: https://autopkgtest.ubuntu.com/packages/frr

[Quality assurance - packaging]
- debian/watch is present and works

lintian is a bit noisy, mostly about documentation issues:
$ lintian -I --pedantic
E: frr changes: bad-distribution-in-changes-file unstable
W: frr-doc: embedded-javascript-library usr/share/doc/frr/html/_static/doctools.js please use sphinx
W: frr-doc: embedded-javascript-library usr/share/doc/frr/html/_static/language_data.js please use sphinx
W: frr-doc: embedded-javascript-library usr/share/doc/frr/html/_static/searchtools.js please use sphinx
W: frr: groff-message usr/share/man/man1/frr.1.gz command exited with status 1: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | groff -mandoc -Z -rLL=117n -rLT=117n -wmac -Tutf8
W: frr: groff-message usr/share/man/man1/vtysh.1.gz command exited with status 1: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | groff -mandoc -Z -rLL=117n -rLT=117n -wmac -Tutf8
W: frr: groff-message usr/share/man/man8/frr-bfdd.8.gz command exited with status 1: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | groff -mandoc -Z -rLL=117n -rLT=117n -wmac -Tutf8
W: frr: groff-message ... use --no-tag-display-limit to see all (or pipe to a file/program)
W: frr-doc: info-document-missing-image-file usr/share/info/frr.info.gz frr-figures/fig-normal-processing.png
W: frr-doc: info-document-missing-image-file usr/share/info/frr.info.gz frr-figures/fig-rs-processing.png
W: frr-doc: info-document-missing-image-file usr/share/info/frr.info.gz frr-figures/fig-vnc-commercial-route-reflector.png
W: frr-doc: info-document-missing-image-file ... use --no-tag-display-limit to see all (or pipe to a file/program)
W: frr: mismatched-override spelling-error-in-binary usr/lib/frr/zebra writen written
W: frr source: possible-new-upstream-release-without-new-version
I: frr: acute-accent-in-manual-page usr/share/man/man8/frr-bfdd.8.gz:120
I: frr: acute-accent-in-manual-page usr/share/man/man8/frr-bfdd.8.gz:211
I: frr: acute-accent-in-manual-page usr/share/man/man8/frr-bfdd.8.gz:213
I: frr: acute-accent-in-manual-page ... use --no-tag-display-limit to see all (or pipe to a file/program)
I: frr: hardening-no-fortify-functions usr/lib/x86_64-linux-gnu/frr/modules/zebra_cumulus_mlag.so
I: frr source: out-of-date-standards-version 4.5.0.3 (released 2020-01-20) (current is 4.5.1)
I: frr: spelling-error-in-binary usr/bin/vtysh configration configuration
I: frr: spelling-error-in-binary usr/bin/vtysh informtion information
I: frr: spelling-error-in-binary usr/lib/frr/bgpd Neighor Neighbor
I: frr: spelling-error-in-binary ... use --no-tag-display-limit to see all (or pipe to a file/program)
I: frr: systemd-service-file-refers-to-var-run lib/systemd/system/frr.service PIDFile /var/run/frr/watchfrr.pid
I: frr: typo-in-manual-page usr/share/man/man1/vtysh.1.gz prefered preferred
I: frr-rpki-rtrlib: unused-override hardening-no-fortify-functions *
P: frr: executable-in-usr-lib usr/lib/frr/babeld
P: frr: executable-in-usr-lib usr/lib/frr/bfdd
P: frr: executable-in-usr-lib usr/lib/frr/bgpd
P: frr: executable-in-usr-lib ... use --no-tag-display-limit to see all (or pipe to a file/program)
P: frr-pythontools: executable-in-usr-lib usr/lib/frr/frr-reload.py
P: frr-pythontools: executable-in-usr-lib usr/lib/frr/generate_support_bundle.py
P: frr source: package-lacks-versioned-build-depends-on-debhelper 10
P: frr source: package-uses-old-debhelper-compat-version 10
P: frr: renamed-tag manpage-without-executable => spare-manual-page in line 10
P: frr source: silent-on-rules-requiring-root
N: 24 hints overridden (24 info); 2 unused overrides

The existing overrides are well documented. Example:
$ cat debian/frr.lintian-overrides
# function names & co.
frr binary: spelling-error-in-binary usr/lib/*/frr/libfrr.so.0.0.0 writen written
frr binary: spelling-error-in-binary usr/lib/*/frr/libfrrospfapiclient.so.0.0.0 writen written
frr binary: spelling-error-in-binary usr/lib/frr/ospfd writen written
frr binary: spelling-error-in-binary usr/lib/frr/zebra writen written
frr binary: spelling-error-in-binary usr/lib/frr/pimd writen written
frr binary: spelling-error-in-binary usr/lib/frr/pimd iif if

# prefixed man pages for off-PATH daemons
manpage-without-executable

# personal name
spelling-error-in-copyright Ang And

- This package does not rely on obsolete or about to be demoted packages.
There is an open question about PCRE3. The latest upload changed the build-dep on libpcre3-dev to libpcre2-dev, which is what we want since PCRE3 is obsolete. I don't see evidence in the build logs, nor in the final package deps, that PCRE2 was used, though. The configure script checks for "pcreposix", which is part of PCRE3, and it is not found (because we installed libpcre2-dev):

Resulting config.h:
/* Define to 1 if you have the `pcreposix' library (-lpcreposix). */
/* #undef HAVE_LIBPCREPOSIX */

It's only checked for if ./configure is given --enable-pcreposix, which d/rules doesn't:
if test "$enable_pcreposix" = "yes"; then
  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for regexec in -lpcreposix" >&5

$ grep -i pcre debian/control debian/rules config.log
debian/control: libpcre2-dev,
config.log:HAVE_LIBPCREPOSIX=''

- This package has no python2 or GTK2 dependencies

- The package will not be installed by default

- Packaging and build is easy: https://git.launchpad.net/ubuntu/+source/frr/tree/debian/rules

[UI standards]
There are no translations.
It's a server service with sysadmin oriented commands, config file and shell interface (vtysh).

[Dependencies]
There are two, or maybe just one, extra dependencies for which we will need MIRs:
libyang2: https://launchpad.net/ubuntu/+source/libyang2 #1958293
librtr: https://launchpad.net/ubuntu/+source/librtr. This one is used in a separate binary package, and we might get away with keeping just this binary package (frr-rpki-rtrlib) in universe.

[Standards compliance]
This package correctly follows FHS and Debian Policy

[Maintenance/Owner]
Team is already subscribed to the package
This does not use static builds

[Background information]
RULE: - The package descriptions should explain the general purpose and context
RULE: of the package. Additional explanations/justifications should be done in
RULE: the MIR report.
RULE: - If the package was renamed recently, or has a different upstream name,
RULE: this needs to be explained in the MIR report.
The Package description explains the package well
Upstream Name is Free Range Routing (frr)
Link to upstream project https://frrouting.org/

This is a fork and replacement for quagga, which is in main already for quite some time. Unfortunately upstream development stopped, and we should not keep quagga in main anymore. Ubuntu has been shipping the same build for many releases already:
 quagga | 1.2.4-1 | bionic | source, amd64, arm64, armhf, i386, ppc64el, s390x
 quagga | 1.2.4-4build1 | focal | source, amd64, arm64, armhf, ppc64el, riscv64, s390x
 quagga | 1.2.4-4ubuntu1 | hirsute | source, amd64, arm64, armhf, ppc64el, riscv64, s390x
 quagga | 1.2.4-4ubuntu2 | impish | source, amd64, arm64, armhf, ppc64el, riscv64, s390x
 quagga | 1.2.4-4ubuntu2 | jammy | source, amd64, arm64, armhf, ppc64el, riscv64, s390x

See original description
Tags: server-todo
Andreas Hasenack (ahasenack)
Changed in frr (Ubuntu):
status: Triaged → In Progress
Andreas Hasenack (ahasenack)
Changed in frr (Ubuntu):
milestone: none → ubuntu-22.01
Andreas Hasenack (ahasenack)
tags: added: server-todo
Andreas Hasenack (ahasenack)
description: updated
Andreas Hasenack (ahasenack)
Changed in frr (Ubuntu):
assignee: Andreas Hasenack (ahasenack) → nobody
status: In Progress → New
Andreas Hasenack (ahasenack)
description: updated
Didier Roche-Tolomelli (didrocks)
Changed in frr (Ubuntu):
assignee: nobody → Didier Roche (didrocks)
Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :
Download full text (5.4 KiB)

[Summary]

Thanks a lot Andreas for the detailed and high quality MIR, with relevant researches and background information.

I was first tempted to diff between quagga and frr to do a quick assessement. However, there are too many differences to avoid doing a full package checks. Here are my findings:

I can’t give a definitive ack right now until those questions are answered and some few fixes:

Notes/required TODOs:
 * does it need a security review in your opinon? Like, since the first MIR security assessment, a lot of time have passed. Is this the opportunity to benefit from another review or do you think the overall diff from the first MIR in term of security handling is small enough to not justify having a new one?
 * can you give the exact list of binary packages to promote? You mentioned for instance to keep frr-rpki-rtrlib in universe to avoid pulling librtr to main. I think the definitive will help on the AA side.
 * It is on the lto-disabled list. Fix, or the work-around should be directly in the package.
 * There are some compiler warning in the build logs. This is maybe the right time to get them fixed?
 * finally, once this is promoted, how do we explicitely demote quagga? I don’t find it in the seed. What is going to be uploaded to switch to frr?

[Duplication]
Fork of quagga, will replace it and the first one will be demoted.

[Dependencies]
OK:
- no -dev/-debug/-doc packages that need exclusion
- No dependencies in main that are only superficially tested requiring
  more tests now.

Problems:
- new dependencies in main, libyang2: https://launchpad.net/ubuntu/+source/libyang2 #1958293

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
- does not have odd Built-Using entries

[Security]
OK:
- history of CVEs is expected for this kind of daemon and usage, It does not look concerning
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port/socket
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
- does not deal with security attestation (secure boot, tpm, signatures)

Problems:
- one run a daemon as root, as explained in the description

[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
- test suite fails will fail the build upon error from the MIR description. Note that the summary mentions "TOTAL: 0"
- does have a non-trivial test suite that runs as autopkgtest
- no new python2 dependency

[Packaging red flags]

OK:
 Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok (if needed, e.g. non-native)
- Upstream update history is good
- Debian/Ubuntu update history is good
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
  maintained the package
- no massive Lintian warnings (rather pendantic ones)
- d/rules is rather clean

Problems:
- It is on the lto-disabled list. Fix, or the work-around should be directly in the pack...

Read more...

Changed in frr (Ubuntu):
status: New → Incomplete
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

> * It is on the lto-disabled list. Fix, or the work-around should be directly in the package.

Good catch.

I checked and it was incorrectly added to that list, and filed a bug to remove it:

https://bugs.launchpad.net/ubuntu/+source/frr/+bug/1959838

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

> specified bound depends on the length of the source argument [-Wstringop-truncation]

I believe the strncpy warning can be ignored because the buffer was reallocated using that size just before:

static void str_append(char **buf, const char *repr)
{
    if (*buf) {
        *buf = realloc(*buf, strlen(*buf) + strlen(repr) + 1);
        assert(*buf);
        strncpy((*buf) + strlen(*buf), repr, strlen(repr) + 1);
    } else {
        *buf = strdup(repr);
        assert(*buf);
    }
}

And we are copying into the middle of the reallocated buffer, not its start. Furthermore, this is test code.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

For the strncmp() warnings, I filed an upstream bug[1] and it was promptly fixed. I also filed a LP bug for me to fix it in Ubuntu, and forward to Debian.

1. https://github.com/FRRouting/frr/issues/10484
2. https://bugs.launchpad.net/ubuntu/+source/frr/+bug/1959896

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I wonder if it's worth adding a delta with debian for this strncmp() fix, though.

The upstream patch switches to strcmp(), arguing that these buffers are always null terminated. In that case, even the incorrect size_t parameter for strncmp() (source of the warning) won't matter, as the comparison will always stop at the \0.

Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :

Yeah, I don’t think that worths a delta. My general annoyance with this is that when you start having some warnings/errors in a project during build, you start accepting more and more of them until it’s not readable and you miss a valid concern. This is why, I tend to patch and add either linter stenza with explanation or fix the issue to keep something "clean".

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

At least it's fixed upstream.

I'll address the remaining points next week, as I'm on +1 maintenance this week.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

This is requested by security to be in Jammy for reasonable long term support of the routing daemon.
Setting prio critical and milestone to jammy-FF

Changed in frr (Ubuntu):
milestone: ubuntu-22.01 → ubuntu-22.04-feature-freeze
importance: Undecided → Critical
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Seeding is here:

$ grep -Hrn quagga platform-git ubuntu-git/
platform-git/supported-misc-servers:175: * quagga # RobertCollins

Therefore this is what we will change to promote FRR and demote quagga at the same time.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Everything resovled - in the MIR meeting we decided today that for this special case no security re-review is needed.
Setting to "in progress" to reflect that it is ready.
But it has to wait on libyang2 still to fully be ready.

Changed in frr (Ubuntu):
assignee: Didier Roche (didrocks) → nobody
status: Incomplete → In Progress
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

The libyang2 MIR[1] got an ACK from security

1. https://bugs.launchpad.net/ubuntu/+source/libyang2/+bug/1958293

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Archive Admin, please promote src:frr and these binary packages to main:
frr
frr-pythontools (pulled in by frr via Recommends)

Note libyang2 will be pulled in as well, and its MIR (#1958293) was completed and ACKed.

Leave in universe:
frr-snmp
frr-rpki-rtrlib (uses a library that is still in universe)
frr-doc (or not, whatever happens automatically)

frr-snmp I decided to not promote:
- there are quite a large number of bugs filed in the upstream tracker with "snmp" in them that are still open (https://github.com/FRRouting/frr/issues?page=2&q=is%3Aissue+is%3Aopen+snmp)
- the upstream documentation warns that it can be a firehose and lead to crashes and hangs[1] if abused
- snmp is usually hard to troubleshoot, and can be a security nightmare
- it's easier to promote it to main later if deemed necessary, than to demote it after it has been in main in a release

frr was given a special consideration by the security team (see comment #10) and didn't go through the usual security review process. This plus all the above made me decide to keep frr-snmp in universe for now.

1. http://docs.frrouting.org/en/latest/snmp.html

Revision history for this message
Steve Langasek (vorlon) wrote :
Download full text (3.3 KiB)

Override component to main
frr 8.1-1 in jammy amd64: universe/net/optional/100% -> main
frr 8.1-1 in jammy arm64: universe/net/optional/100% -> main
frr 8.1-1 in jammy armhf: universe/net/optional/100% -> main
frr 8.1-1 in jammy ppc64el: universe/net/optional/100% -> main
frr 8.1-1 in jammy riscv64: universe/net/optional/100% -> main
frr 8.1-1 in jammy s390x: universe/net/optional/100% -> main
6 publications overridden.
Override component to main
frr 8.1-1 in jammy: universe/misc -> main
frr 8.1-1 in jammy amd64: main/net/optional/100% -> main
frr 8.1-1 in jammy amd64: universe/net/optional/100% -> main
frr 8.1-1 in jammy arm64: main/net/optional/100% -> main
frr 8.1-1 in jammy arm64: universe/net/optional/100% -> main
frr 8.1-1 in jammy armhf: main/net/optional/100% -> main
frr 8.1-1 in jammy armhf: universe/net/optional/100% -> main
frr 8.1-1 in jammy ppc64el: main/net/optional/100% -> main
frr 8.1-1 in jammy ppc64el: universe/net/optional/100% -> main
frr 8.1-1 in jammy riscv64: main/net/optional/100% -> main
frr 8.1-1 in jammy riscv64: universe/net/optional/100% -> main
frr 8.1-1 in jammy s390x: main/net/optional/100% -> main
frr 8.1-1 in jammy s390x: universe/net/optional/100% -> main
frr-doc 8.1-1 in jammy amd64: universe/doc/optional/100% -> main
frr-doc 8.1-1 in jammy arm64: universe/doc/optional/100% -> main
frr-doc 8.1-1 in jammy armhf: universe/doc/optional/100% -> main
frr-doc 8.1-1 in jammy i386: universe/doc/optional/100% -> main
frr-doc 8.1-1 in jammy ppc64el: universe/doc/optional/100% -> main
frr-doc 8.1-1 in jammy riscv64: universe/doc/optional/100% -> main
frr-doc 8.1-1 in jammy s390x: universe/doc/optional/100% -> main
frr-pythontools 8.1-1 in jammy amd64: universe/net/optional/100% -> main
frr-pythontools 8.1-1 in jammy arm64: universe/net/optional/100% -> main
frr-pythontools 8.1-1 in jammy armhf: universe/net/optional/100% -> main
frr-pythontools 8.1-1 in jammy i386: universe/net/optional/100% -> main
frr-pythontools 8.1-1 in jammy ppc64el: universe/net/optional/100% -> main
frr-pythontools 8.1-1 in jammy riscv64: universe/net/optional/100% -> main
frr-pythontools 8.1-1 in jammy s390x: universe/net/optional/100% -> main
frr-rpki-rtrlib 8.1-1 in jammy amd64: universe/net/optional/100% -> main
frr-rpki-rtrlib 8.1-1 in jammy arm64: universe/net/optional/100% -> main
frr-rpki-rtrlib 8.1-1 in jammy armhf: universe/net/optional/100% -> main
frr-rpki-rtrlib 8.1-1 in jammy ppc64el: universe/net/optional/100% -> main
frr-rpki-rtrlib 8.1-1 in jammy riscv64: universe/net/optional/100% -> main
frr-rpki-rtrlib 8.1-1 in jammy s390x: universe/net/optional/100% -> main
frr-snmp 8.1-1 in jammy amd64: universe/net/optional/100% -> main
frr-snmp 8.1-1 in jammy arm64: universe/net/optional/100% -> main
frr-snmp 8.1-1 in jammy armhf: universe/net/optional/100% -> main
frr-snmp 8.1-1 in jammy ppc64el: universe/net/optional/100% -> main
frr-snmp 8.1-1 in jammy riscv64: universe/net/optional/100% -> main
frr-snmp 8.1-1 in jammy s390x: universe/net/optional/100% -> main
frr 8.1-1 in jammy amd64 remained the same
frr 8.1-1 in jammy arm64 remained the same
frr 8.1-1 in jammy armhf remained the sam...

Read more...

Changed in frr (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.