Skip to content

Commit a3fedc4

Browse files
CBL-Mariner-BotSumynwa
CBL-Mariner-Bot
and
Sumynwa
authored
[AUTO-CHERRYPICK] Bump frr to 8.5.5 to fix CVE-2024-31950 & CVE-2024-31951 - branch main (#10214)
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
1 parent f871a79 commit a3fedc4

3 files changed

Lines changed: 9 additions & 10 deletions

File tree

SPECS/frr/frr.signatures.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"Signatures": {
3-
"frr-8.5.3.tar.gz": "5f0d9e47e2621ad01307764df8a228ed0a4ae18f58e8912d638cb8db2c072d78",
3+
"frr-8.5.5.tar.gz": "efa3a834c4fae6de9144a20d16f3ef5f0aa66f5b171f168413eec725ce269d5f",
44
"frr-sysusers.conf": "c6f5a54402aa5f11e21dac3bd0e6cdeadfbf7937e9b34775b5fd368a9ca96fa4",
55
"frr-tmpfiles.conf": "edd7b01b11f2be66bb6b4531496d1eaf6536add9f4b549c659b27f5a32cdc512"
66
}

SPECS/frr/frr.spec

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@
22

33
Summary: Routing daemon
44
Name: frr
5-
Version: 8.5.3
6-
Release: 6%{?dist}
5+
Version: 8.5.5
6+
Release: 1%{?dist}
77
License: GPL-2.0-or-later
88
Vendor: Microsoft Corporation
99
Distribution: Mariner
@@ -16,11 +16,6 @@ Patch1: 0001-enable-openssl.patch
1616
Patch2: 0002-disable-eigrp-crypto.patch
1717
Patch3: 0003-fips-mode.patch
1818
Patch4: 0004-remove-grpc-test.patch
19-
Patch5: CVE-2023-46752.patch
20-
Patch6: CVE-2023-46753.patch
21-
Patch7: CVE-2023-47235.patch
22-
Patch8: CVE-2023-47234.patch
23-
Patch9: CVE-2024-34088.patch
2419
BuildRequires: autoconf
2520
BuildRequires: automake
2621
BuildRequires: bison
@@ -202,6 +197,10 @@ rm tests/lib/*grpc*
202197
%{_sysusersdir}/%{name}.conf
203198

204199
%changelog
200+
* Tue Aug 06 2024 Sumedh Sharma <sumsharma@microsoft.com> - 8.5.5-1
201+
- Bump version to fix CVE-2024-31950 & CVE-2024-31951
202+
- Remove patches present in sources
203+
205204
* Fri May 03 2024 Henry Beberman <henry.beberman@microsoft.com> - 8.5.3-6
206205
- Patch CVE-2024-34088
207206
- Remove CVE-2024-27913 patch since it's replaced by the CVE-2024-34088 patch

cgmanifest.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3930,8 +3930,8 @@
39303930
"type": "other",
39313931
"other": {
39323932
"name": "frr",
3933-
"version": "8.5.3",
3934-
"downloadUrl": "https://github.com/FRRouting/frr/archive/refs/tags/frr-8.5.3.tar.gz"
3933+
"version": "8.5.5",
3934+
"downloadUrl": "https://github.com/FRRouting/frr/archive/refs/tags/frr-8.5.5.tar.gz"
39353935
}
39363936
}
39373937
},

0 commit comments

Comments
 (0)