FRR release 10.2.1

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr

Fixed CVE-2024-55553

More details: https://frrouting.org/security/cve-2024-55553

Bug Fixes

bfdd

• retain remote dplane client socket

bgpd

• Fix to pop items off zebra_announce FIFO for few EVPN triggers
• Check if as_type is not specified when peer is a peer-group member
• Do not reset peers on suppress-fib toggling
• Fix bgp core with a possible Intf delete
• Fix enforce-first-as per peer-group removal
• Fix evpn bestpath calculation when path is not established
• Fix graceful-restart for peer-groups
• Fix memory leak when creating BMP connection with a source interface
• Fix memory leak when reconfiguring a route distinguisher
• Fix unconfigure asdot neighbor
• Fix use single whitespace when displaying flowspec entries
• Fix version attribute is an int, not a string
• Import allowed routes with self AS if desired
• Initialize as_type for peer-group as AS_UNSPECIFIED
• Use gracefulRestart JSON field
• Validate both nexthop information (NEXTHOP and NLRI)
• Validate only affected RPKI prefixes instead of a full RIB
• When calling bgp_process, prevent infinite loop

lib

• Allow setsockopt functions to return size set
• Fix session re-establishment
• Take ge/le into consideration when checking the prefix with the prefix-list
• Use backoff setsockopt option for freebsd

ospfd

• OSPF multi-instance default origination fixes

pimd

• Fix access-list memory leak in pimd
• Free igmp proxy joins on interface deletion
• igmp proxy joins should not be written as part of config
• Prevent crash of pim when auto-rp's socket is not initialized

FRR release 10.1.2

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr

Fixed CVE-2024-55553

More details: https://frrouting.org/security/cve-2024-55553

Bug Fixes

babeld

• Do not remove route when replacing
• Send the route's metric down to zebra.

bfdd

• Add no variants to interval configurations
• Retain remote dplane client socket

bgpd

• Actually make --v6-with-v4-nexthops it work
• Add bgp ipv6-auto-ra command
• Allow value 0 in aigp-metric setting
• Avoid use-after-free when doing no router bgp with auto created instances
• Fix to pop items off zebra_announce FIFO for few EVPN triggers
• Clear all paths including addpath once GR expires
• Compare aigp after local route check in bgp_path_info_cmp()
• Do not filter no-export community for BGP OAD (one administration domain)
• Do not reset peers on suppress-fib toggling
• EVPN fix per rd specific type-2 json output
• Fix bgp core with a possible Intf delete
• Fix blank line in running-config with bmp listener cmd
• Fix crash when polling bgp4v2PathAttrTable
• Fix display of local label in show bgp
• Fix enforce-first-as per peer-group removal
• Fix evpn bestpath calculation when path is not established
• Fix evpn mh esi flap remove local routes
• Fix for match source-protocol in route-map for redistribute cmd
• Fix memory leak when creating BMP connection with a source interface
• Fix memory leak when reconfiguring a route distinguisher
• Fix printfrr_bp for non initialized peers
• Fix resolvedPrefix in show nexthop json output
• Fix route selection with AIGP
• Fix several issues in sourcing AIGP attribute
• Fix unconfigure asdot neighbor
• Fix use single whitespace when displaying flowspec entries
• Fix version attribute is an int, not a string
• Include structure when installing End.DT4/6 SID
• Include structure when installing End.DT46 SID
• Include structure when removing End.DT4/6 SID
• Include structure when removing End.DT46 SID
• Move some non BGP-specific route-map functions to lib
• Set LLGR stale routes for all the paths including addpath
• Treat numbered community-list only if it's in a range 1-500
• Validate both nexthop information (NEXTHOP and NLRI)
• Validate only affected RPKI prefixes instead of a full RIB

isisd

• Fix change flex-algorithm number from uint32 to uint8
• Fix memory leaks when the transition of neighbor state from non-UP to DOWN
• Fix rcap tlv double-free crash
• Fix wrong check for MT commands

lib

• Attach stdout to child only if --log=stdout and stdout FD is a tty
• Include SID structure in seg6local nexthop
• Take ge/le into consideration when checking the prefix with the prefix-list
• Keep zebra on-rib-process script in frr.conf

nhrpd

• Fixes duplicate auth extension

ospfd

• Add a hidden command for old no router-id
• Fix heap corruption vulnerability when parsing SR-Algorithm TLV
• Fix missing '[no]ip ospf graceful-restart hello-delay ' commands
• Interface 'ip ospf neighbor-filter' startup config not applied.
• Use router_id what Zebra has if we remove a static router_id

pimd

• Allow resolving bsr via directly connected secondary address
• Fix access-list memory leak in pimd

vrrpd

• Iterate over all ancillary messages

zebra

• Add missing new line for help string
• Add missing proto translations
• Correctly report metrics
• Fix crash during reconnect
• Fix heap-use-after free on ns shutdown
• Fix snmp walk of zebra rib
• Let's use memset instead of walking bytes and setting to 0
• Separate zebra ZAPI server open and accept
• Unlock node only after operation in zebra_free_rnh()

FRR release 10.0.3

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr

Fixed CVE-2024-55553

More details: https://frrouting.org/security/cve-2024-55553

Bug Fixes

babeld

• Do not remove route when replacing
• Send the route's metric down to zebra.

bfdd

• Add no variants to interval configurations

bgpd

• Actually make --v6-with-v4-nexthops it work
• Add bgp ipv6-auto-ra command
• Allow value 0 in aigp-metric setting
• Clear all paths including addpath once GR expires
• Compare aigp after local route check in bgp_path_info_cmp()
• Do not filter no-export community for BGP OAD (one administration domain)
• Do not reset peers on suppress-fib toggling
• EVPN fix per rd specific type-2 json output
• Fix addressing information of non established outgoing sessions
• Fix bgp core with a possible Intf delete
• Fix blank line in running-config with bmp listener cmd
• Fix crash when polling bgp4v2PathAttrTable
• Fix display of local label in show bgp
• Fix enforce-first-as per peer-group removal
• Fix for match source-protocol in route-map for redistribute cmd
• Fix memory leak when creating BMP connection with a source interface
• Fix memory leak when reconfiguring a route distinguisher
• Fix printfrr_bp for non initialized peers
• Fix route selection with AIGP
• Fix several issues in sourcing AIGP attribute
• Fix unconfigure asdot neighbor
• Fix uninitialized labels
• Fix use single whitespace when displaying flowspec entries
• Fix version attribute is an int, not a string
• Include structure when installing End.DT4/6 SID
• Include structure when installing End.DT46 SID
• Include structure when removing End.DT4/6 SID
• Include structure when removing End.DT46 SID
• Move some non BGP-specific route-map functions to lib
• Remove useless control checks about TCP connection
• Set LLGR stale routes for all the paths including addpath
• Treat numbered community-list only if it's in a range 1-500
• Validate both nexthop information (NEXTHOP and NLRI)
• Validate only affected RPKI prefixes instead of a full RIB

isisd
-Fix change flex-algorithm number from uint32 to uint8

• Fix rcap tlv double-free crash
• Fix wrong check for MT commands

lib

• Attach stdout to child only if --log=stdout and stdout FD is a tty
• Include SID structure in seg6local nexthop
• Take ge/le into consideration when checking the prefix with the prefix-list
• Keep zebra on-rib-process script in frr.conf

nhrpd

• Fixes duplicate auth extension
• Fix show nhrp shortcut json

ospfd

• Add a hidden command for old no router-id
• Fix heap corruption vulnerability when parsing SR-Algorithm TLV
• Fix missing '[no]ip ospf graceful-restart hello-delay ' commands
• Use router_id what Zebra has if we remove a static router_id

pimd

• Allow resolving bsr via directly connected secondary address
• Fix access-list memory leak in pimd

vrrpd

• Iterate over all ancillary messages

zebra

• Add missing new line for help string
• Add missing proto translations
• Correctly report metrics
• Fix crash during reconnect
• Fix heap-use-after free on ns shutdown
• Fix snmp walk of zebra rib
• Let's use memset instead of walking bytes and setting to 0
• Separate zebra ZAPI server open and accept
• Unlock node only after operation in zebra_free_rnh()

FRR Release 10.2

We are pleased to announce FRR release 10.2.

FRR 10.2 brings a long list of enhancements and fixes with 748 commits from 59 developers. Thanks to all contributors.

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr

Release Overview

Breaking changes

• New "router pim" config node now contains all pim commands similar to other protocols. Existing global PIM commands are deprecated, and may be removed in the future. [#16269]

New Features Highlight:

• PIM candidate BSR/RP [#16438]
• Static IGMP join without an IGMP report [#16450]
• PIM AutoRP discovery/announcements [#16634]
• IGMP proxy [#16861]
• SRv6 SID Manager [#15604]
• Add bgp ipv6-auto-ra command [#16354]
• Implement neighbor x remote-as auto for BGP [#16345]
• Implement bgp dual-as for BGP [#16816]
• Implement BGP-wide configuration for graceful restart [#16099]
• Handle kernel routes appropriately (should fix recent NOPREFIXROUTE issue) [#16300]
• Add cisco-authentication password support for NHRP [#16172]

What's Changed

• mgmtd: add notification selection to front-end API by @choppsv1 in #16184
• yang: fix wrong check for isis metric style by @anlancs in #16188
• tests: suppress unused variables at topotests by @y-bharath14 in #16202
• zebra: Use built in data structure counter by @donaldsharp in #16221
• doc: fix one ldp neighbor command by @anlancs in #16225
• ospfd: Drop interfaceIp from show ip ospf neigh json by @ton31337 in #16195
• bgpd: Do not start BGP session if BFD profile is in shutdown state by @ton31337 in #16194
• isisd: fix 'show isis route prefix-sid backup' command by @pguibert6WIND in #16179
• nhrpd: add cisco-authentication password support by @dleroy in #16172
• bgpd: fix do not skip paths with same nexthop by @pguibert6WIND in #16153
• zebra: Set the weight for non-recursive next-hop by @ton31337 in #16236
• isisd: After the router switches IS-IS type several times, the neighbor adjacency cannot be established. by @zhou-run in #16230
• Add support for SRv6 SID Manager by @cscarpitta in #15604
• lib: add json API to dump and override row naming convention by @pguibert6WIND in #16237
• tests: Avoid importing unused modules by @y-bharath14 in #16227
• bgpd: Convert over to using vrf name instead of id by @donaldsharp in #16223
• zebra: Prevent starvation in dplane_thread_loop by @donaldsharp in #16224
• bgpd: backpressure - fix evpn route sync to zebra by @chiragshah6 in #16234
• doc: Document the usage of --enable-undefined-sanitizer by @donaldsharp in #16243
• bgpd: fixed failing to remove VRF if there is a stale l3vni by @kacpekwasny in #16059
• bgpd: fix do not use api.backup_nexthop in ZAPI message by @pguibert6WIND in #16260
• zebra: fix evpn mh bond member proto reinstall by @chiragshah6 in #16252
• ospfd: Improve OSPF neighbor retransmission list granularity and pacing by @aceelindem in #16128
• pimd: Candidate RP/BSR preparation by @eqvinox in #16259
• bgpd: Set last reset reason to admin shutdown if it was manually by @ton31337 in #16242
• bgpd: Check if we have really enough data before doing memcpy for software version by @ton31337 in #16211
• bgpd: Check if we have really enough data before doing memcpy for FQDN capability by @ton31337 in #16213
• bgpd: fix "bgp as-pah access-list" with "set aspath exclude" set/unset issue by @fdumontet6WIND in #15838
• docker: Adopt for Alpine Linux 3.20 by @ton31337 in #16222
• isisd: fix crash in display srv6 sid structure in json by @louis-6wind in #16267
• zebra: clear evpn dup-addr return error-msg when there is no vni by @chiragshah6 in #16261
• zebra: Fix coverity issues by @cscarpitta in #16270
• bgpd: Relax OAD (One-Administration-Domain) for RFC8212 by @ton31337 in #16273
• bgpd: A couple more fixes for Tunnel encapsulation handling by @ton31337 in #16214
• Isis show route paths json by @pguibert6WIND in #16182
• bgpd: avoid clearing routes for peers that were never established by @lsang6WIND in #16271
• pimd: fix misplaced braces/logic error in pim_rp_set_upstream_addr by @eqvinox in #16299
• doc: reformat Sphinx conf.py files by @qlyoung in #16301
• doc: improve table-of-contents organization by @qlyoung in #16297
• doc: add ability to disambiguate clicmds by @qlyoung in #14509
• bgpd: Ignore routes from evpn if VRF is unknown by @piotrsuchy in #16068
• bgpd: Ignore RFC8212 for BGP Confederations by @ton31337 in #16305
• ripd/ripd.c - rip_auth_md5 : Change the start value of sequence 1 to 0 by @T-Nicolas in #16233
• isisd: Fix memory leaks when the transition of neighbor state from non-UP to DOWN by @zhou-run in #15716
• Add option to build pkg with grpc support by @mwinter-osr in #16094
• isisd: fix crash when obtaining the next hop to calculate LFA on LAN links by @zhou-run in #16303
• isisd: Extend IS-IS to communicate with the SRv6 SID Manager to allocate/release SRv6 SIDs by @cscarpitta in #15677
• Implement BGP-wide configuration for graceful restart by @Pdoijode in #16099
• ldpd: fix wrong gtsm count by @anlancs in #16226
• tests: Add basic BGP per-safi dampening topotest by @ton31337 in #16331
• bgpd: Drop memset() before encoding EVPN extended communities by @ton31337 in #16333
• yang: Corrected typo at yang file by @y-bharath14 in #16339
• bgpd: Move sticky, default_gw, router_flag into a single flags variable by @ton31337 in #16334
• bgpd: Implement neighbor X remote-as auto by @ton31337 in #16345
• sharpd: fix set ZAPI_MESSAGE_NEXTHOP in nhg only when nexthops used by @pguibert6WIND in #16346
• isisd: When operating multiple areas, the system ID behaves abnormally. by @zhou-run in #16090
• tests: Extended bgp_remote_as_auto topotest with unnumbered case by @ton31337 in #16348
• ospfd: Fix several problems with direct and delayed acknowledgments by @aceelindem in #16351
• tests: Rename BGP OAD test function by @ton31337 in #16352
• bgpd: Print tableid when sending (add/remove) routes to Zebra by @ton31337 in #16353
• lib, tests: fix some b0rked tests, then fix TSAN warnings by @eqvinox in #16258
• isisd: The neighbor entry still displays the deleted hostname of the neighbor. by @zhou-run in #16241
• Duplicate fib proposal by @pguibert6WIND in #16342
• ripd/ripngd: use common header for display command by @anlancs in #16229
• lib: Discourage usage of deprecated data structures by @donaldsharp in #16140
• yang: Added default value to leaf by @y-bharath14 in #16369
• tests: tweak timers to avoid frequent failures on slow CI hardware by @Jafaral in #16363
• zebra: Fix to avoid two Vrfs with same table ids by @raja-rajasekar in #16350
• staticd: fix missing static routes by @anlancs in #16373
• isisd: fix crash when calculating the neighbor spanning tree based on the fragmented LSP by @zhou-run in #16365
• bgpd: Mark VRF instance as auto created if import vrf is configured for this instance by @ton31337 in #16374
• bgpd: backpressure - fix to properly remove dest for bgp under deletion by @raja-rajasekar in #16368
• ospfd: fix state location mixup by @eqvinox in https://github.com/FRRouting/...

FRR release 8.4.6

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr

Fixed CVE-2024-44070

More details: https://frrouting.org/security/cve-2024-44070

Bug Fixes

isisd

• Fix update link params after circuit is up

bgpd

• Fix crash at no rpki
• Fix for CVE-2024-44070

tools

• Ignore errors for frr reload stuff

FRR Release 9.1.2

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr

Fixed CVE-2024-44070

More details: https://frrouting.org/security/cve-2024-44070

Bug Fixes

bgpd

• Fix crash at no rpki
• Fix, do not access peer->notify.data when it is null
• Fix for CVE-2024-44070
• Ignore RFC8212 for BGP Confederations
• Check if we have really enough data before doing memcpy for software version
• Set last reset reason to admin shutdown if it was manually

isisd

• Fix crash when reading asla
• Add missing exit statement
• Fix update link params after circuit is up
• Fix crash when calculating the neighbor spanning tree based on the fragmented LSP

zebra

• Ensure non-equal id's are not same nhg's

pimd

• Fix msdp setting of sa->rp
• Fix crash on non-existent interface

ospfd

• Fix internal ldp-sync state flags when feature is disabled

zebra

• Fix missing static routes
• Fix to avoid two Vrfs with same table ids
• Fix evpn mh bond member proto reinstall

ldpd

• Fix wrong gtsm count

ripd

• Change the start value of sequence 1 to 0

FRR release 9.0.4

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr

Fixed CVE-2024-44070

More details: https://frrouting.org/security/cve-2024-44070

Bug Fixes

bgpd

• Fix crash at no rpki
• Fix, do not access peer->notify.data when it is null
• Fix for CVE-2024-44070
• Ignore RFC8212 for BGP Confederations
• Set last reset reason to admin shutdown if it was manually

isisd

• Fix crash when reading ASLA
• Fix update link params after circuit is up
• Fix crash when calculating the neighbor spanning tree based on the fragmented LSP

ripd

• Change the start value of sequence 1 to 0

tools

• Ignore errors for frr reload stuff

ospfd

• Fix internal ldp-sync state flags when feature is disabled

pimd

• Fix crash on non-existent interface

zebra

• Fix missing static routes
• Ensure non-equal id's are not same nhg's

ldpd

• Fix wrong gtsm count

FRR release 8.5.6

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr

Fixed CVE-2024-44070

More details: https://frrouting.org/security/cve-2024-44070

Bug Fixes

isisd

• Fix update link params after circuit is up

bgpd

• Fix crash at no rpki
• Fix for CVE-2024-44070
• Ignore RFC8212 for BGP Confederations

tools

• Ignore errors for frr reload stuff

FRR release 10.1.1

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr

Fixed CVE-2024-44070

More details: https://frrouting.org/security/cve-2024-44070

Bug Fixes

bgpd

• Fix as-path exclude modify crash
• Fix labels static-analyser
• Fix, do not access peer->notify.data when it is null
• Fix crash at no rpki
• Fix memory type for static->prd_pretty
• Revert "topotests: add an ebgp 6vpe test"
• Revert "topotests: add bgp_nexthop_mp_ipv4_6 test"
• Revert "bgpd: optimize bgp_interface_address_del"
• Revert "bgpd: fix removing ipv6 global nexhop"
• Revert "bgpd: fix "used" json key on link-local nexthop"
• Revert "tests: ipv6 global removal in bgp_nexthop_mp_ipv4_6"
• Revert "bgpd: set ipv4-mapped ipv6 for ipv4 with ipv6 nexthop"
• Revert "bgpd: prefer link-local to a ipv4-mapped ipv6 global"
• Revert "topotests: update bgp_vrf_leaking_5549_routes"
• Revert "bgpd: optimize bgp_interface_address_add"
• Revert "bgpd: reduce bgp_interface_address_add indentation"
• Revert "bgpd: log new ipv6 global in bgp_interface_address_add"
• Revert "bgpd: fix sending ipv6 local nexthop if global present"

isisd

• Fix crash when reading asla
• Add missing exit statement
• Fix update link params after circuit is up
• Fix crash at flex-algo without mpls-te
• Fix memory handling in isis_adj_process_threeway()

nhrpd

• Fix show nhrp shortcut json
• Fix sending /32 shortcut

pimd

• Fix crash in pimd

mgmtd

• Don't add implicit state data when reading config from file

lib

• Fix distribute-list deletion
• Fix crash on distribute-list delete
• Fix LYD_NEW_PATH_OUTPUT issue to support libyang v3.x

ripd

• Fix show run output for distribute-list

zebra

• Ensure non-equal id's are not same nhg's
• Mimic GNU basename() API for non-glibc library e.g. musl

FRR release 10.0.2

Debian Packages - https://deb.frrouting.org

RPM Packages - https://rpm.frrouting.org

Snaps - https://snapcraft.io/frr

Docker - quay.io/frrouting/frr

Fixed CVE-2024-44070

More details: https://frrouting.org/security/cve-2024-44070

Bug Fixes

bgpd

• Fix as-path exclude modify crash
• Fix, do not access peer->notify.data when it is null
• Fix crash at no rpki
• Ignore RFC8212 for BGP Confederations
• Fix for CVE-2024-44070
• Relax OAD (One-Administration-Domain) for RFC8212
• Fix "bgp as-pah access-list" with "set aspath exclude" set/unset issues
• Check if we have really enough data before doing memcpy for FQDN capability
• Check if we have really enough data before doing memcpy for software version
• Set last reset reason to admin shutdown if it was manually
• Fix do not use api.backup_nexthop in ZAPI message

isisd

• Fix crash when reading asla
• Add missing exit statement
• Fix update link params after circuit is up
• Fix crash at flex-algo without mpls-te
• Fix memory handling in isis_adj_process_threeway()
• Fix crash when calculating the neighbor spanning tree based on the fragmented LSP
• Fix crash when obtaining the next hop to calculate LFA on LAN links
• Fix memory leaks when the transition of neighbor state from non-UP to DOWN
• Fix crash when displaying asla in json

pimd

• Fix crash in pimd
• Fix msdp setting of sa->rp
• Fix crash on non-existent interface

nhrpd

• Fix sending /32 shortcut

mgmtd

• Don't add implicit state data when reading config from file
• Fix too early daemon detach of mgmtd

ripd

• Fix show run output for distribute-list

lib

• Fix distribute-list deletion
• Fix crash on distribute-list delete
• Fix incorrect use of error checking macro

yang

• Added missed prefix to the yang file

ospfd

• Fix internal ldp-sync state flags when feature is disabled

ldpd

• Fix wrong gtsm count

ripd

• Change the start value of sequence 1 to 0

zebra

• Fix evpn mh bond member proto reinstall
• Fix to avoid two Vrfs with same table ids
• Fix missing static routes
• Ensure non-equal id's are not same nhg's