diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 14143c3037c61..7ac0fc579bb02 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -435,6 +435,8 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi - `services.archisteamfarm` no longer uses the abbreviation `asf` for its state directory (`/var/lib/asf`), user and group (both `asf`). Instead the long name `archisteamfarm` is used. Configurations with `system.stateVersion` 23.11 or earlier, default to the old stateDirectory until the 24.11 release and must either set the option explicitly or move the data to the new directory. +- `frr` was updated to 10.0, which introduces the default of `enforce-first-as` for BGP. Please disable again if needed. + - `services.aria2.rpcSecret` has been replaced with `services.aria2.rpcSecretFile`. This was done so that secrets aren't stored in the world-readable nix store. To migrate, you will have to create a file with the same exact string, and change diff --git a/pkgs/servers/frr/default.nix b/pkgs/servers/frr/default.nix index d4adb5ed34faa..ba1f46414f6a1 100644 --- a/pkgs/servers/frr/default.nix +++ b/pkgs/servers/frr/default.nix @@ -86,24 +86,15 @@ lib.warnIf (!(stdenv.buildPlatform.canExecute stdenv.hostPlatform)) stdenv.mkDerivation rec { pname = "frr"; - version = "9.1"; + version = "10.0"; src = fetchFromGitHub { owner = "FRRouting"; repo = pname; rev = "${pname}-${version}"; - hash = "sha256-oDPr51vI+tlT1IiUPufmZh/UE0TNKWrn4RqpnGoGxNo="; + hash = "sha256-vvh9z2hmjvAA7OXgrUmlcrrTE5MRedZzfmhX5FEDKwE="; }; - patches = [ - # fixes crash in OSPF TE parsing - (fetchpatch { - name = "CVE-2024-27913.patch"; - url = "https://github.com/FRRouting/frr/commit/541503eecd302d2cc8456167d130014cd2cf1134.patch"; - hash = "sha256-7NxPlQK/6lbLs/NqNi4OZ2uBWfXw99SiXDR6okNvJlg="; - }) - ]; - nativeBuildInputs = [ autoreconfHook bison