From 23b54fdd21f4c75aa1281233a990029f942290c9 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jul 28 2020 09:22:30 +0000
Subject: import frr-7.0-8.el8


---

diff --git a/SOURCES/0005-igmp-trusted-query.patch b/SOURCES/0005-igmp-trusted-query.patch
new file mode 100644
index 0000000..6d6795d
--- /dev/null
+++ b/SOURCES/0005-igmp-trusted-query.patch
@@ -0,0 +1,36 @@
+From ff4516227cc48b3175106a419f43b8fc9eee3710 Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@cumulusnetworks.com>
+Date: Tue, 25 Jun 2019 00:30:11 -0400
+Subject: [PATCH] pimd: Dissallow query to be received from a non-connected
+ source
+
+When we receive an igmp query on a interface, ensure that the
+source address of the packet is connected to the incoming
+interface.  This will prevent a meanie from crafting a igmp
+packet with a source address less than ours and causing
+us to suspend query activities.
+
+Fixes: #1692
+Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
+---
+ pimd/pim_igmp.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/pimd/pim_igmp.c b/pimd/pim_igmp.c
+index 270f1e3f27..5beabbd8df 100644
+--- a/pimd/pim_igmp.c
++++ b/pimd/pim_igmp.c
+@@ -305,6 +305,13 @@ static int igmp_recv_query(struct igmp_sock *igmp, int query_version,
+ 		return -1;
+ 	}
+ 
++	if (!pim_if_connected_to_source(ifp, from)) {
++		if (PIM_DEBUG_IGMP_PACKETS)
++			zlog_debug("Recv IGMP query on interface: %s from a non-connected source: %s",
++				   ifp->name, from_str);
++		return 0;
++	}
++
+ 	/* Collecting IGMP Rx stats */
+ 	switch (query_version) {
+ 	case 1:
diff --git a/SPECS/frr.spec b/SPECS/frr.spec
index 4d2929b..30445b7 100644
--- a/SPECS/frr.spec
+++ b/SPECS/frr.spec
@@ -9,7 +9,7 @@
 
 Name: frr
 Version: 7.0
-Release: 5%{?checkout}%{?dist}
+Release: 8%{?checkout}%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 URL: http://www.frrouting.org
@@ -29,6 +29,8 @@ Requires: net-snmp ncurses
 Requires(post): systemd /sbin/install-info
 Requires(preun): systemd /sbin/install-info
 Requires(postun): systemd
+Requires: iproute
+Requires: initscripts
 Provides: routingdaemon = %{version}-%{release}
 Obsoletes: frr-sysvinit quagga
 
@@ -37,6 +39,7 @@ Patch0001: 0001-use-python3.patch
 Patch0002: 0002-enable-openssl.patch
 Patch0003: 0003-disable-eigrp-crypto.patch
 Patch0004: 0004-fips-mode.patch
+Patch0005: 0005-igmp-trusted-query.patch
 
 %description
 FRRouting is free software that manages TCP/IP based routing protocols. It takes
@@ -214,6 +217,15 @@ make check PYTHON=%{__python3}
 %{_includedir}/frr/eigrpd/*.h
 
 %changelog
+* Tue May 05 2020 Michal Ruprich <michalruprich@gmail.com> - 7.0-8
+- Resolves: #1819319 - frr fails to start start if the initscripts package is missing
+
+* Mon May 04 2020 Michal Ruprich <michalruprich@gmail.com> - 7.0-7
+- Resolves: #1758544 - IGMPv3 queries may lead to DoS
+
+* Tue Mar 10 2020 Michal Ruprich <mruprich@redhat.com> - 7.0-6
+- Resolves: #1776342 - frr has missing dependency on iproute
+
 * Tue Sep 03 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-5
 - Resolves: #1719465 - Removal of component Frr or its crypto