rpms
/
iputils
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:i9c
rpms:c9
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9-beta
rpms:i8c
rpms:c8
rpms:i9c-beta
rpms:c9-beta
...
pull from: rpms:c9
Branches Tags
rpms:i9c
rpms:c9
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9-beta
rpms:i8c
rpms:c8
rpms:i9c-beta
rpms:c9-beta

No commits in common. 'c8' and 'c9' have entirely different histories.
c8 ... c9

16 changed files with 543 additions and 491 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1,2 +1,2 @@
SOURCES/ifenslave.tar.gz SOURCES/ifenslave.tar.gz
SOURCES/iputils-s20180629.tar.gz SOURCES/iputils-20210202.tar.gz

2
.iputils.metadata
Unescape View File

@ -1,2 +1,2 @@
1e2652cb1d1e29a8ebed1209131924a6eb864daf SOURCES/ifenslave.tar.gz 1e2652cb1d1e29a8ebed1209131924a6eb864daf SOURCES/ifenslave.tar.gz
353df20691bf027ad35fcaaf6894b122c39d8f2d SOURCES/iputils-s20180629.tar.gz 4e552cd0478388e1551853020b60efda18592028 SOURCES/iputils-20210202.tar.gz

20
SOURCES/0000-iputils-rh.patch
Unescape View File

@ -1,20 +0,0 @@
--- iputils-s20160308/Makefile 2016-03-08 13:58:56.000000000 +0100
+++ iputils-s20160308-new/Makefile 2016-03-09 10:09:02.295409179 +0100
@@ -36,7 +36,7 @@ WITHOUT_IFADDRS=no
ARPING_DEFAULT_DEVICE=
# nettle library for ipv6 ping [yes|no|static]
-USE_NETTLE=yes
+USE_NETTLE=no
# libgcrypt library for ipv6 ping [no|yes|static]
USE_GCRYPT=no
# Crypto library for ping6 [shared|static|no]
@@ -53,7 +53,7 @@ ENABLE_RDISC_SERVER=no
# What a pity, all new gccs are buggy and -Werror does not work. Sigh.
# CFLAGS+=-fno-strict-aliasing -Wstrict-prototypes -Wall -Werror -g
CFLAGS?=-O3 -g
-CFLAGS+=-fno-strict-aliasing -Wstrict-prototypes -Wall
+CFLAGS+=$(RPM_OPT_FLAGS) -fno-strict-aliasing -Wstrict-prototypes -Wall
CPPFLAGS+=-D_GNU_SOURCE
LDLIB=

14
SOURCES/0002-iputils-freeaddrinfo.patch
Unescape View File

@ -1,14 +0,0 @@
--- a/ping.c 2018-06-29 20:00:46.000000000 +0200
+++ b/ping.c 2019-07-10 09:50:06.653039073 +0200
@@ -589,8 +589,10 @@ int ping4_run(int argc, char **argv, str
strncpy(hnamebuf, ai->ai_canonname, sizeof hnamebuf - 1);
hostname = hnamebuf;
- if (result)
+ if (result) {
freeaddrinfo(result);
+ ai = NULL;
+ }
}
if (argc > 1)
route[nroute++] = whereto.sin_addr.s_addr;

25
SOURCES/0003-fix-incorrect-statistics.patch
Unescape View File

@ -1,25 +0,0 @@
From 445826446c32035b3c8e8a7780c4e4b885f0f98f Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Mon, 7 Dec 2020 15:08:14 +0100
Subject: [PATCH] ping: Fix incorrect statistics
---
ping_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ping_common.c b/ping_common.c
index 040bf23..02cb5e1 100644
--- a/ping_common.c
+++ b/ping_common.c
@@ -934,7 +934,7 @@ void finish(void)
printf(", %g%% packet loss",
(float) ((((long long)(ntransmitted - nreceived)) * 100.0) /
ntransmitted));
- printf(", time %ldms", (1000*tv.tv_sec+tv.tv_usec+500)/1000);
+ printf(", time %ldms", 1000*tv.tv_sec+(tv.tv_usec+500)/1000);
}
putchar('\n');
--
2.28.0

38
SOURCES/0004-tracepath-fix-copying-input-ipv6-address.patch
Unescape View File

@ -1,38 +0,0 @@
From e0baf20067a75f093d690bd51a6db3f5afabca77 Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Tue, 17 Jul 2018 17:56:10 +0200
Subject: [PATCH] tracepath: Fix copying input IPv6 address
Commit e669c86 broke copying input IPv6 address.
tracepath recover from it, but it's slower.
Previously was address too short:
strace ./tracepath -6 fe80::8895:e2af:e96e:fd8f
sendto(3, "\1\0\0\0\0\0\0\0\307\36N[\0\0\0\0w_\f\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 127952, 0, {sa_family=AF_INET6, sin6_port=htons(44444), inet_pton(AF_INET6, "fe80::", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EMSGSIZE (Message too long)
After fix is correct:
sendto(3, "\1\0\0\0\0\0\0\0\300\36N[\0\0\0\0'B\3\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 127952, 0, {sa_family=AF_INET6, sin6_port=htons(44444), inet_pton(AF_INET6, "fe80::8895:e2af:e96e:fd8f", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EMSGSIZE (Message too long)
Bug found by LTP test.
Fixes: e669c86 tracepath: fix heap-buffer-overflow [asan]
Fixes: #137
---
tracepath.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tracepath.c b/tracepath.c
index 53bda16f..539a7a11 100644
--- a/tracepath.c
+++ b/tracepath.c
@@ -475,7 +475,7 @@ int main(int argc, char **argv)
fd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (fd < 0)
continue;
- memcpy(&target, ai->ai_addr, sizeof(*ai->ai_addr));
+ memcpy(&target, ai->ai_addr, ai->ai_addrlen);
targetlen = ai->ai_addrlen;
break;
}

48
SOURCES/0005-ninfod-change-variable-name-to-avoid-colliding-with-function-name.patch
Unescape View File

@ -1,48 +0,0 @@
From 18f9a84e0e702841d6cc4d5f593de4fbd1348e83 Mon Sep 17 00:00:00 2001
From: Sami Kerola <kerolasa@iki.fi>
Date: Sat, 28 Dec 2019 17:16:27 +0000
Subject: [PATCH] ninfod: change variable name to avoid colliding with function
name
The sys/capability.h header has 'extern int cap_setuid(uid_t uid);'
function prototype.
Addresses: https://github.com/iputils/iputils/issues/246
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
ninfod/ninfod.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/ninfod/ninfod.c b/ninfod/ninfod.c
index 26112d0d..95583de4 100644
--- a/ninfod/ninfod.c
+++ b/ninfod/ninfod.c
@@ -455,7 +455,7 @@ static void do_daemonize(void)
/* --------- */
#ifdef HAVE_LIBCAP
static const cap_value_t cap_net_raw = CAP_NET_RAW;
-static const cap_value_t cap_setuid = CAP_SETUID;
+static const cap_value_t cap_setuserid = CAP_SETUID;
static cap_flag_value_t cap_ok;
#else
static uid_t euid;
@@ -487,7 +487,7 @@ static void limit_capabilities(void)
cap_get_flag(cap_cur_p, CAP_SETUID, CAP_PERMITTED, &cap_ok);
if (cap_ok != CAP_CLEAR)
- cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuid, CAP_SET);
+ cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuserid, CAP_SET);
if (cap_set_proc(cap_p) < 0) {
DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno));
@@ -520,8 +520,8 @@ static void drop_capabilities(void)
/* setuid / setuid */
if (cap_ok != CAP_CLEAR) {
- cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuid, CAP_SET);
- cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap_setuid, CAP_SET);
+ cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuserid, CAP_SET);
+ cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap_setuserid, CAP_SET);
if (cap_set_proc(cap_p) < 0) {
DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno));

113
SOURCES/0006-ping-Fix-unwanted-bell-on-unreachable-address.patch
Unescape View File

@ -1,113 +0,0 @@
From dc4f836759887a6edf141aa55adbdb9bc63f5e69 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 22 Mar 2022 12:59:21 +0100
Subject: [PATCH] ping: Fix unwanted bell on unreachable address
Commit 4471ac629cf2603f4b8b45e042e072c992ce25a5 caused regression for IPv6
that ping -a IP6_ADDR beeps also on wrong address (i.e. when "Address
unreachable"):
$ ping -a -c1 fd00:1:1:1::15
PING fd00:1:1:1::15(fd00:1:1:1::15) 56 data bytes
From fd00:1:1:1::2 icmp_seq=1 Destination unreachable: Address unreachable
--- fd00:1:1:1::15 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0m
It should only bell when ping returns correctly.
Another (fixed) regression was that ping after exit printed error "pipe N",
where N is number of counts. Error was result of code from ping_common.c:
printf("%spipe %d", comma, pipesize);
4471ac6 was wrong that code for sock->working_recverr == 1 should stay,
sock->working_recverr should be removed.
Thus changes:
* ping.c: put back "stronger filter" for raw socket but (unlike before
4471ac6) exit with 2 if setsockopt(ICMP_FILTER) fails
* ping6_common.c: put back setsockopt(IPV6_RECVERR), but (unlike before
4471ac6) exit with 2 if it fails
* ping6_common.c: remove ICMP6_FILTER_SETPASS calls. These caused error "pipe N".
* ping6_common.c: return 0 after acknowledge() in ping6_parse_reply
Fixes: 4471ac6 ("ping: Remove workaround for bug in IP_RECVERR on raw sockets")
Fixes: https://github.com/iputils/iputils/issues/182
Reported-by: Luiz Angelo Daros de Luca <luizluca@tre-sc.jus.br>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Sami Kerola <kerolasa@iki.fi>
---
Patch has been adjusted to be applicable to RHEL8 codebase
Resolves: #2057570
---
ping.c | 11 +++++++++++
ping6_common.c | 15 +++------------
2 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/ping.c b/ping.c
index d9a3f5d..c870390 100644
--- a/ping.c
+++ b/ping.c
@@ -949,6 +949,17 @@ int ping4_receive_error_msg(socket_st *sock)
acknowledge(ntohs(icmph.un.echo.sequence));
+ if (sock->socktype == SOCK_RAW)
+ {
+ struct icmp_filter filt;
+
+ filt.data = ~((1 << ICMP_SOURCE_QUENCH) |
+ (1 << ICMP_REDIRECT) |
+ (1 << ICMP_ECHOREPLY));
+ if (setsockopt(sock->fd, SOL_RAW, ICMP_FILTER, (const void *)&filt,
+ sizeof(filt)) == -1)
+ error(2, errno, "setsockopt(ICMP_FILTER)");
+ }
net_errors++;
nerrors++;
if (options & F_QUIET)
diff --git a/ping6_common.c b/ping6_common.c
index 5991c2a..1181341 100644
--- a/ping6_common.c
+++ b/ping6_common.c
@@ -879,6 +879,8 @@ int ping6_run(int argc, char **argv, struct addrinfo *ai, struct socket_st *sock
}
hold = 1;
+ if (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_RECVERR, (const void *)&hold, sizeof hold))
+ error(2, errno, "IPV6_RECVERR");
/* Estimate memory eaten by single packet. It is rough estimate.
* Actually, for small datalen's it depends on kernel side a lot. */
@@ -906,11 +908,6 @@ int ping6_run(int argc, char **argv, struct addrinfo *ai, struct socket_st *sock
ICMP6_FILTER_SETBLOCKALL(&filter);
- ICMP6_FILTER_SETPASS(ICMP6_DST_UNREACH, &filter);
- ICMP6_FILTER_SETPASS(ICMP6_PACKET_TOO_BIG, &filter);
- ICMP6_FILTER_SETPASS(ICMP6_TIME_EXCEEDED, &filter);
- ICMP6_FILTER_SETPASS(ICMP6_PARAM_PROB, &filter);
-
if (niquery_is_enabled())
ICMP6_FILTER_SETPASS(ICMPV6_NI_REPLY, &filter);
else
@@ -1437,13 +1434,7 @@ ping6_parse_reply(socket_st *sock, struct msghdr *msg, int cc, void *addr, struc
!is_ours(sock, icmph1->icmp6_id))
return 1;
acknowledge(ntohs(icmph1->icmp6_seq));
- nerrors++;
- if (options & F_FLOOD) {
- write_stdout("\bE", 2);
- return 0;
- }
- print_timestamp();
- printf("From %s: icmp_seq=%u ", pr_addr(from, sizeof *from), ntohs(icmph1->icmp6_seq));
+ return 0;
} else {
/* We've got something other than an ECHOREPLY */
if (!(options & F_VERBOSE) || uid)
--
2.35.1

131
SOURCES/0007-ping-allow-user-to-specify-VRF-and-source-IP.patch
Unescape View File

@ -1,131 +0,0 @@
From 2cc34ea408602f84fe102598ca258126531736c9 Mon Sep 17 00:00:00 2001
From: Jon Harrison <jon.harrison@metaswitch.com>
Date: Tue, 9 Jul 2019 16:48:07 +0100
Subject: [PATCH] ping: allow user to specify VRF and source IP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Without this, the options for sending a ping in the context of a VRF are
limited.
We can send a ping with a specific source IP address. For example:
ping 10.1.1.3 -I 10.1.1.2
We can send a ping in the context of a Linux VRF. For example:
ping 10.1.1.3 -I vrf_red
However, when pinging in the context of a VRF, Linux does not always choose
a sensible source IP address the source IP might not belong to the VRF.
As a result, the ping wont get a response. As a result, we want to be able
to specify both a VRF and a source IP address when initiating a ping. For
example:
ping 10.1.1.3 -I vrf_red -I 10.1.1.2
Ping reads in the command line parameters fine and sets up the 'source' and
'device' variables, but currently ignores the device if the source IP
address is non-zero. This commit adds a branch to ping.c that does the
socket bind to the device even in the case where the source IP is non-zero.
This branch is based on the existing case where source IP is zero, but
simplified a bit because we've already got a source IP address to use.
(cherry picked from commit 9e08707d743b29e853df81bd7def1729e3afe55d)
---
doc/ping.xml | 15 ++++++++++-----
ping.c | 44 +++++++++++++++++++++++++++++++++++++++++---
2 files changed, 51 insertions(+), 8 deletions(-)
diff --git a/doc/ping.xml b/doc/ping.xml
index bdf07b3..034e40c 100644
--- a/doc/ping.xml
+++ b/doc/ping.xml
@@ -158,11 +158,16 @@ to values less than 0.2 seconds.</para>
<varlistentry>
<term><option>-I </option><emphasis remap='I'>interface</emphasis></term>
<listitem>
-<para><emphasis remap='I'>interface</emphasis> is either an address, or an interface name.
-If <emphasis remap='I'>interface</emphasis> is an address, it sets source address
-to specified interface address.
-If <emphasis remap='I'>interface</emphasis> in an interface name, it sets
-source interface to specified interface.
+<para><emphasis remap='I'>interface</emphasis> is either an
+address, an interface name or a VRF name. If
+<emphasis remap="I">interface</emphasis> is an address, it
+sets source address to specified interface address. If
+<emphasis remap="I">interface</emphasis> is an interface
+name, it sets source interface to specified interface.
+If <emphasis remap="I">interface</emphasis> is a VRF
+name, each packet is routed using the corresponding
+routing table; in this case, the <option>-I</option> option
+can be repeated to specify a source address.
NOTE: For IPv6, when doing ping to a link-local scope
address, link specification (by the '%'-notation in
<emphasis remap='I'>destination</emphasis>, or by this option)
diff --git a/ping.c b/ping.c
index c870390..0f87723 100644
--- a/ping.c
+++ b/ping.c
@@ -705,7 +705,43 @@ int ping4_run(int argc, char **argv, struct addrinfo *ai, socket_st *sock)
}
#endif
close(probe_fd);
- } while (0);
+
+ } else if (device) {
+ struct sockaddr_in dst = whereto;
+ struct ifreq ifr;
+ int fd = sock->fd;
+ int rc;
+ int errno_save;
+
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, device, IFNAMSIZ - 1);
+
+ enable_capability_raw();
+ rc = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, device, strlen(device) + 1);
+ errno_save = errno;
+ disable_capability_raw();
+
+ if (rc == -1) {
+ if (IN_MULTICAST(ntohl(dst.sin_addr.s_addr))) {
+ struct ip_mreqn imr;
+
+ if (ioctl(fd, SIOCGIFINDEX, &ifr) < 0) {
+ fprintf(stderr, "ping: %s: %s\n", "(\"unknown interface\")", device);
+ exit(2);
+ }
+ memset(&imr, 0, sizeof(imr));
+ imr.imr_ifindex = ifr.ifr_ifindex;
+ if (setsockopt(fd, SOL_IP, IP_MULTICAST_IF,
+ &imr, sizeof(imr)) == -1) {
+ fprintf(stderr, "ping: IP_MULTICAST_IF: %s\n", strerror(errno));
+ exit(2);
+ }
+ } else {
+ fprintf(stderr, "ping: SO_BINDTODEVICE %s: %s\n", device, strerror(errno_save));
+ exit(2);
+ }
+ }
+ }
if (whereto.sin_addr.s_addr == 0)
whereto.sin_addr.s_addr = source.sin_addr.s_addr;
@@ -957,8 +993,10 @@ int ping4_receive_error_msg(socket_st *sock)
(1 << ICMP_REDIRECT) |
(1 << ICMP_ECHOREPLY));
if (setsockopt(sock->fd, SOL_RAW, ICMP_FILTER, (const void *)&filt,
- sizeof(filt)) == -1)
- error(2, errno, "setsockopt(ICMP_FILTER)");
+ sizeof(filt)) == -1) {
+ fprintf(stderr, "ping: setsockopt(ICMP_FILTER): %s\n", strerror(errno));
+ exit(2);
+ }
}
net_errors++;
nerrors++;
--
2.40.1

51
SOURCES/001-ping-remove-unsupported-IPv6-warning-on-disabled-IPv6.patch
Unescape View File

@ -0,0 +1,51 @@
From 79d713eab6181e219bf932b404706f6f59ff2539 Mon Sep 17 00:00:00 2001
From: Byron Stanoszek <gandalf@winds.org>
Date: Thu, 16 Sep 2021 23:38:54 +0200
Subject: [PATCH] ping: Remove 'unsupported IPv6' warning on disabled IPv6
Regression was introduced in d141cb6 as introduced condition
if ((errno == EAFNOSUPPORT && socktype == AF_INET6) || options & F_VERBOSE || requisite)
was wrong, it should have been:
if ((errno == EAFNOSUPPORT && family == AF_INET6 && requisite) || options & F_VERBOSE)
but bug was hidden as `family == AF_INET6' was always false until
otherwise correct fix 904cdb6 ("ping: AF_INET6 is address family not
socket type [lgtm scan]") propagated the error.
Tested on kernel booted with ipv6.disable=1 (disabling via sysctl, i.e.
sysctl -w net.ipv6.conf.all.disable_ipv6=1; sysctl -w net.ipv6.conf.default.disable_ipv6=1
does not trigger the issue as it exit with "socket: Address family not
supported by protocol" - errno EADDRNOTAVAIL).
Fixes: d141cb6 ("ping: work with older kernels that don't support ping sockets")
Closes: https://github.com/iputils/iputils/issues/293
Closes: https://github.com/iputils/iputils/pull/370
Reported-by: lekto <lekto@o2.pl>
Reviewed-by: Andrew Clayton <andrew@digital-domain.net>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Byron Stanoszek <gandalf@winds.org>
[ pvorel: create commit from Byron's patch on the issue, do analysis and wrote commit message ]
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
ping/ping.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ping/ping.c b/ping/ping.c
index 6fcb44f2..0655bf4a 100644
--- a/ping/ping.c
+++ b/ping/ping.c
@@ -150,8 +150,8 @@ static void create_socket(struct ping_rts *rts, socket_st *sock, int family,
/* Report error related to disabled IPv6 only when IPv6 also failed or in
* verbose mode. Report other errors always.
*/
- if ((errno == EAFNOSUPPORT && family == AF_INET6) ||
- rts->opt_verbose || requisite)
+ if ((errno == EAFNOSUPPORT && family == AF_INET6 && requisite) ||
+ rts->opt_verbose)
error(0, errno, "socket");
if (requisite)
exit(2);

95
SOURCES/002-ping-Fix-ping6-binding-to-VRF-and-address.patch
Unescape View File

@ -0,0 +1,95 @@
From 36580e1d539b4bb7c187d4cf9ccc63afad9edbb1 Mon Sep 17 00:00:00 2001
From: Lahav Schlesinger <lschlesinger@drivenets.com>
Date: Wed, 30 Jun 2021 13:06:13 +0300
Subject: [PATCH 1/2] ping: Fix ping6 binding to VRF and address
Since Linux kernel commit 1893ff20275b ("net/ipv6: Add l3mdev check to
ipv6_chk_addr_and_flags") from v4.17-rc1 ping fails when trying to
create IPv6 SOCK_RAW socket (e.g. if net.ipv4.ping_group_range = 1 0)
and passing both -I <vrf_interface> and -I <local_ipv6_addr>.
It works for IPv4 SOCK_RAW socket.
# ip netns add tmp_ns
# ip -n tmp_ns link add vrf_1 type vrf table 10001
# ip -n tmp_ns link add lo10 type dummy
# ip -n tmp_ns link set lo10 master vrf_1
# ip -n tmp_ns link set vrf_1 up
# ip -n tmp_ns link set lo10 up
# ip -n tmp_ns link set lo up
# ip -n tmp_ns addr add 1:2::3:4/128 dev lo10
# ip -n tmp_ns addr add 1.2.3.4/32 dev lo10
# ip netns exec tmp_ns ping -6 1:2::3:4 -I vrf_1 -I 1:2::3:4 -c 1 # IPv6 broken
ping: bind icmp socket: Cannot assign requested address
# ping 1.2.3.4 -I vrf_1 -I 1.2.3.4 -c 1 # IPv4 working
PING 1.2.3.4 (1.2.3.4) from 1.2.3.4 vrf_1: 56(84) bytes of data.
64 bytes from 1.2.3.4: icmp_seq=1 ttl=64 time=0.090 ms
--- 1.2.3.4 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.090/0.090/0.090/0.000 ms
ping fails because it doesn't actually bind to the VRF interface, while
after 1893ff20275b, binding to an IPv6 address searches only on the same
l3mdev as the device the function receives. If the socket wasn't
SO_BINDTODEVICE-ed, then the kernel will only search for devices that
are not ensalved to an l3mdev device (= in the default VRF), which will
cause the bind() to fail.
Only SOCK_RAW socket is affected. SOCK_DGRAM is not affected because
Linux kernel doesn't check the device the socket was SO_BINDTODEVICE-ed
to, but only the device from addr->sin6_scope_id (which if none is
passed, it will again only search devices in the default VRF).
NOTE: creating network namespace to reproduce the issue is needed just
on systems with net.ipv4.ping_group_range = 0 2147483647 (e.g. current
Fedora, openSUSE, Ubuntu), which causes to use SOCK_DGRAM socket.
Alternatively to force SOCK_RAW to it'd be enough just to properly set
net.ipv4.ping_group_range:
# echo "1 0" > /proc/sys/net/ipv4/ping_group_range
Closes: https://github.com/iputils/iputils/pull/344
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Lahav Schlesinger <lschlesinger@drivenets.com>
[ pvorel: adjusted commit message ]
Signed-off-by: Petr Vorel <pvorel@suse.cz>
(cherry picked from commit 7c65999f98bc4a1984594b7fad1af0eaf0b9d34b)
---
ping/ping6_common.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
index 4712928..98b5adb 100644
--- a/ping/ping6_common.c
+++ b/ping/ping6_common.c
@@ -223,6 +223,8 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
if (rts->device) {
struct cmsghdr *cmsg;
struct in6_pktinfo *ipi;
+ int rc;
+ int errno_save;
cmsg = (struct cmsghdr *)(rts->cmsgbuf + rts->cmsglen);
rts->cmsglen += CMSG_SPACE(sizeof(*ipi));
@@ -233,6 +235,15 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
ipi = (struct in6_pktinfo *)CMSG_DATA(cmsg);
memset(ipi, 0, sizeof(*ipi));
ipi->ipi6_ifindex = if_name2index(rts->device);
+
+ enable_capability_raw();
+ rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
+ rts->device, strlen(rts->device) + 1);
+ errno_save = errno;
+ disable_capability_raw();
+
+ if (rc == -1)
+ error(2, errno_save, "SO_BINDTODEVICE %s", rts->device);
}
if (IN6_IS_ADDR_MULTICAST(&rts->whereto6.sin6_addr)) {
--
2.46.0

54
SOURCES/003-ping6-Avoid-binding-to-non-VRF.patch
Unescape View File

@ -0,0 +1,54 @@
From a2d2428c5fa6bf370486f509b18862c5c7b8b47e Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Tue, 9 Nov 2021 02:39:56 +0100
Subject: [PATCH 2/2] ping6: Avoid binding to non-VRF
This fixes permission issue when specifying just address (without VRF)
unless having CAP_NET_ADMIN (i.e. root) permission:
$ ./builddir/ping/ping -c1 -I lo ::1
./builddir/ping/ping: SO_BINDTODEVICE lo: Operation not permitted
because setsockopt() SO_BINDTODEVICE (similar to bind()) can be only done on
opt_strictsource.
Fixes: 7c65999 ("ping: Fix ping6 binding to VRF and address")
Signed-off-by: Petr Vorel <pvorel@suse.cz>
(cherry picked from commit f52b582248f1f870e870a9973621805d969906b4)
---
ping/ping6_common.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
index 98b5adb..a784be0 100644
--- a/ping/ping6_common.c
+++ b/ping/ping6_common.c
@@ -236,14 +236,16 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
memset(ipi, 0, sizeof(*ipi));
ipi->ipi6_ifindex = if_name2index(rts->device);
- enable_capability_raw();
- rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
- rts->device, strlen(rts->device) + 1);
- errno_save = errno;
- disable_capability_raw();
-
- if (rc == -1)
- error(2, errno_save, "SO_BINDTODEVICE %s", rts->device);
+ if (rts->opt_strictsource) {
+ enable_capability_raw();
+ rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
+ rts->device, strlen(rts->device) + 1);
+ errno_save = errno;
+ disable_capability_raw();
+
+ if (rc == -1)
+ error(2, errno_save, "SO_BINDTODEVICE %s", rts->device);
+ }
}
if (IN6_IS_ADDR_MULTICAST(&rts->whereto6.sin6_addr)) {
--
2.46.0

0
SOURCES/0001-iputils-ifenslave.patch → SOURCES/100-iputils-ifenslave.patch
Unescape View File

88
SOURCES/101-iputils-ifenslave-CWE-170.patch
Unescape View File

@ -0,0 +1,88 @@
From a38091c8eb0c515441080806975856ee09d2edc7 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 23 Mar 2021 08:10:10 +0100
Subject: [PATCH] ifenslave: fix CWE-170: Improper Null Termination
---
ifenslave.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/ifenslave.c b/ifenslave.c
index ddd82ec..1efe4f1 100644
--- a/ifenslave.c
+++ b/ifenslave.c
@@ -509,21 +509,24 @@ static int if_getconfig(char *ifname)
struct sockaddr dstaddr, broadaddr, netmask;
unsigned char *hwaddr;
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFFLAGS, &ifr) < 0)
return -1;
mif_flags = ifr.ifr_flags;
printf("The result of SIOCGIFFLAGS on %s is %x.\n",
ifname, ifr.ifr_flags);
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFADDR, &ifr) < 0)
return -1;
printf("The result of SIOCGIFADDR is %2.2x.%2.2x.%2.2x.%2.2x.\n",
ifr.ifr_addr.sa_data[2], ifr.ifr_addr.sa_data[3],
ifr.ifr_addr.sa_data[4], ifr.ifr_addr.sa_data[5]);
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFHWADDR, &ifr) < 0)
return -1;
@@ -534,33 +537,38 @@ static int if_getconfig(char *ifname)
ifr.ifr_hwaddr.sa_family, hwaddr[0], hwaddr[1],
hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5]);
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFMETRIC, &ifr) < 0) {
metric = 0;
} else
metric = ifr.ifr_metric;
printf("The result of SIOCGIFMETRIC is %d\n", metric);
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFMTU, &ifr) < 0)
mtu = 0;
else
mtu = ifr.ifr_mtu;
printf("The result of SIOCGIFMTU is %d\n", mtu);
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFDSTADDR, &ifr) < 0) {
memset(&dstaddr, 0, sizeof(struct sockaddr));
} else
dstaddr = ifr.ifr_dstaddr;
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFBRDADDR, &ifr) < 0) {
memset(&broadaddr, 0, sizeof(struct sockaddr));
} else
broadaddr = ifr.ifr_broadaddr;
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFNETMASK, &ifr) < 0) {
memset(&netmask, 0, sizeof(struct sockaddr));
} else
--
2.29.2

154
SOURCES/102-iputils-ifenslave-CWE-170-2.patch
Unescape View File

@ -0,0 +1,154 @@
From bea19fd9a86dd2c601681ff2ef4a9c1afab1e34d Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 8 Jun 2021 15:41:58 +0200
Subject: [PATCH] ifenslave: fix CWE-170: Improper Null Termination
Resolves: #1938746
---
ifenslave.c | 43 +++++++++++++++++++++++++++----------------
1 file changed, 27 insertions(+), 16 deletions(-)
diff --git a/ifenslave.c b/ifenslave.c
index 1efe4f1..59bce4c 100644
--- a/ifenslave.c
+++ b/ifenslave.c
@@ -619,7 +619,7 @@ static int get_drv_info(char *master_ifname)
char *endptr;
memset(&ifr, 0, sizeof(ifr));
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
ifr.ifr_data = (caddr_t)&info;
info.cmd = ETHTOOL_GDRVINFO;
@@ -664,8 +664,9 @@ static int change_active(char *master_ifname, char *slave_ifname)
return 1;
}
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
+ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1);
if ((ioctl(skfd, SIOCBONDCHANGEACTIVE, &ifr) < 0) &&
(ioctl(skfd, BOND_CHANGE_ACTIVE_OLD, &ifr) < 0)) {
saved_errno = errno;
@@ -806,8 +807,9 @@ static int enslave(char *master_ifname, char *slave_ifname)
}
/* Do the real thing */
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
+ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1);
if ((ioctl(skfd, SIOCBONDENSLAVE, &ifr) < 0) &&
(ioctl(skfd, BOND_ENSLAVE_OLD, &ifr) < 0)) {
saved_errno = errno;
@@ -847,8 +849,9 @@ static int release(char *master_ifname, char *slave_ifname)
return 1;
}
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
+ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1);
if ((ioctl(skfd, SIOCBONDRELEASE, &ifr) < 0) &&
(ioctl(skfd, BOND_RELEASE_OLD, &ifr) < 0)) {
saved_errno = errno;
@@ -880,7 +883,8 @@ static int get_if_settings(char *ifname, struct dev_ifr ifra[])
int res = 0;
for (i = 0; ifra[i].req_ifr; i++) {
- strncpy(ifra[i].req_ifr->ifr_name, ifname, IFNAMSIZ);
+ strncpy(ifra[i].req_ifr->ifr_name, ifname, IFNAMSIZ - 1);
+ ifra[i].req_ifr->ifr_name[IFNAMSIZ - 1] = '\0';
res = ioctl(skfd, ifra[i].req_type, ifra[i].req_ifr);
if (res < 0) {
saved_errno = errno;
@@ -899,7 +903,8 @@ static int get_slave_flags(char *slave_ifname)
{
int res = 0;
- strncpy(slave_flags.ifr_name, slave_ifname, IFNAMSIZ);
+ strncpy(slave_flags.ifr_name, slave_ifname, IFNAMSIZ - 1);
+ slave_flags.ifr_name[IFNAMSIZ - 1] = '\0';
res = ioctl(skfd, SIOCGIFFLAGS, &slave_flags);
if (res < 0) {
saved_errno = errno;
@@ -919,7 +924,8 @@ static int set_master_hwaddr(char *master_ifname, struct sockaddr *hwaddr)
struct ifreq ifr;
int res = 0;
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
memcpy(&(ifr.ifr_hwaddr), hwaddr, sizeof(struct sockaddr));
res = ioctl(skfd, SIOCSIFHWADDR, &ifr);
if (res < 0) {
@@ -943,7 +949,8 @@ static int set_slave_hwaddr(char *slave_ifname, struct sockaddr *hwaddr)
struct ifreq ifr;
int res = 0;
- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1);
memcpy(&(ifr.ifr_hwaddr), hwaddr, sizeof(struct sockaddr));
res = ioctl(skfd, SIOCSIFHWADDR, &ifr);
if (res < 0) {
@@ -980,8 +987,9 @@ static int set_slave_mtu(char *slave_ifname, int mtu)
struct ifreq ifr;
int res = 0;
+ memset(&ifr, 0, sizeof(ifr));
ifr.ifr_mtu = mtu;
- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ);
+ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1);
res = ioctl(skfd, SIOCSIFMTU, &ifr);
if (res < 0) {
@@ -1000,8 +1008,9 @@ static int set_if_flags(char *ifname, short flags)
struct ifreq ifr;
int res = 0;
+ memset(&ifr, 0, sizeof(ifr));
ifr.ifr_flags = flags;
- strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
res = ioctl(skfd, SIOCSIFFLAGS, &ifr);
if (res < 0) {
@@ -1030,7 +1039,8 @@ static int clear_if_addr(char *ifname)
struct ifreq ifr;
int res = 0;
- strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
ifr.ifr_addr.sa_family = AF_INET;
memset(ifr.ifr_addr.sa_data, 0, sizeof(ifr.ifr_addr.sa_data));
@@ -1065,8 +1075,9 @@ static int set_if_addr(char *master_ifname, char *slave_ifname)
{NULL, NULL, 0, 0},
};
+ memset(&ifr, 0, sizeof(ifr));
for (i = 0; ifra[i].req_name; i++) {
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
res = ioctl(skfd, ifra[i].g_ioctl, &ifr);
if (res < 0) {
int saved_errno = errno;
@@ -1080,7 +1091,7 @@ static int set_if_addr(char *master_ifname, char *slave_ifname)
sizeof(ifr.ifr_addr.sa_data));
}
- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ);
+ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1);
res = ioctl(skfd, ifra[i].s_ioctl, &ifr);
if (res < 0) {
int saved_errno = errno;
--
2.31.1

199
SPECS/iputils.spec
Unescape View File

@ -2,15 +2,15 @@
Summary: Network monitoring tools including ping Summary: Network monitoring tools including ping
Name: iputils Name: iputils
Version: 20180629 Version: 20210202
Release: 11%{?dist} Release: 10%{?dist}
# some parts are under the original BSD (ping.c) # some parts are under the original BSD (ping.c)
# some are under GPLv2+ (tracepath.c) # some are under GPLv2+ (tracepath.c)
License: BSD and GPLv2+ License: BSD and GPLv2+
URL: https://github.com/iputils/iputils URL: https://github.com/iputils/iputils
Group: System Environment/Daemons
Source0: https://github.com/iputils/iputils/archive/s%{version}.tar.gz#/%{name}-s%{version}.tar.gz Source0: https://github.com/iputils/iputils/archive/%{version}/%{name}-%{version}.tar.gz
# ifenslave.tar.gz was taken from kernel 3.10 source at: https://elixir.bootlin.com/linux/v3.10/source/Documentation/networking/ifenslave.c
Source1: ifenslave.tar.gz Source1: ifenslave.tar.gz
Source2: rdisc.service Source2: rdisc.service
Source3: ninfod.service Source3: ninfod.service
@ -18,29 +18,26 @@ Source3: ninfod.service
Source4: bsd.txt Source4: bsd.txt
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
Patch0: 0000-iputils-rh.patch # Upstream patches
Patch1: 0001-iputils-ifenslave.patch Patch001: 001-ping-remove-unsupported-IPv6-warning-on-disabled-IPv6.patch
Patch2: 0002-iputils-freeaddrinfo.patch Patch002: 002-ping-Fix-ping6-binding-to-VRF-and-address.patch
Patch3: 0003-fix-incorrect-statistics.patch Patch003: 003-ping6-Avoid-binding-to-non-VRF.patch
Patch4: 0004-tracepath-fix-copying-input-ipv6-address.patch
Patch5: 0005-ninfod-change-variable-name-to-avoid-colliding-with-function-name.patch
Patch6: 0006-ping-Fix-unwanted-bell-on-unreachable-address.patch
# bz2208409 - [RFE] support VRF with ping command # Downstream-only patches
Patch7: 0007-ping-allow-user-to-specify-VRF-and-source-IP.patch Patch100: 100-iputils-ifenslave.patch
Patch101: 101-iputils-ifenslave-CWE-170.patch
Patch102: 102-iputils-ifenslave-CWE-170-2.patch
%if ! 0%{?_module_build} BuildRequires: gcc
BuildRequires: docbook-utils perl-SGMLSpm BuildRequires: meson
%endif BuildRequires: gettext
BuildRequires: glibc-kernheaders >= 2.4-8.19 BuildRequires: glibc-kernheaders >= 2.4-8.19
BuildRequires: libidn2-devel BuildRequires: libidn2-devel
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: libcap-devel BuildRequires: libcap-devel
BuildRequires: libxslt docbook-style-xsl BuildRequires: libxslt docbook5-style-xsl
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
BuildRequires: systemd BuildRequires: systemd
%{?systemd_ordering}
Provides: /bin/ping Provides: /bin/ping
Provides: /bin/ping6 Provides: /bin/ping6
Provides: /sbin/arping Provides: /sbin/arping
@ -53,7 +50,6 @@ ECHO_REQUEST packets to a specified network host to discover whether
the target machine is alive and receiving network traffic. the target machine is alive and receiving network traffic.
%package ninfod %package ninfod
Group: System Environment/Daemons
Summary: Node Information Query Daemon Summary: Node Information Query Daemon
Requires: %{name} = %{version}-%{release} Requires: %{name} = %{version}-%{release}
Provides: %{_sbindir}/ninfod Provides: %{_sbindir}/ninfod
@ -63,67 +59,30 @@ Node Information Query (RFC4620) daemon. Responds to IPv6 Node Information
Queries. Queries.
%prep %prep
%setup -q -a 1 -n %{name}-s%{version} %setup -q -a 1 -n %{name}-%{version}
cp %{SOURCE4} %{SOURCE5} . cp %{SOURCE4} %{SOURCE5} .
%autopatch -p1
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%build %build
%ifarch s390 s390x %meson -DBUILD_TFTPD=false
export CFLAGS="-fPIE" %meson_build
%else
export CFLAGS="-fpie"
%endif
export LDFLAGS="-pie -Wl,-z,relro,-z,now"
make %{?_smp_mflags} arping clockdiff ping rdisc tracepath ninfod
gcc -Wall $RPM_OPT_FLAGS $CFLAGS $LDFLAGS ifenslave.c -o ifenslave
%if ! 0%{?_module_build}
make -C doc man
%endif
%install gcc $RPM_OPT_FLAGS $CFLAGS $RPM_LD_FLAGS $LDFLAGS ifenslave.c -o ifenslave
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
mkdir -p $RPM_BUILD_ROOT/%{_unitdir}
install -c clockdiff ${RPM_BUILD_ROOT}%{_sbindir}/ %install
install -cp arping ${RPM_BUILD_ROOT}%{_sbindir}/ %meson_install
install -cp ping ${RPM_BUILD_ROOT}%{_bindir}/ %find_lang %{name}
install -cp ifenslave ${RPM_BUILD_ROOT}%{_sbindir}/
install -cp rdisc ${RPM_BUILD_ROOT}%{_sbindir}/
install -cp tracepath ${RPM_BUILD_ROOT}%{_bindir}/
install -cp ninfod/ninfod ${RPM_BUILD_ROOT}%{_sbindir}/
mkdir -p ${RPM_BUILD_ROOT}%{_bindir} mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
ln -sf ../bin/ping ${RPM_BUILD_ROOT}%{_sbindir}/ping ln -sf ../bin/ping ${RPM_BUILD_ROOT}%{_sbindir}/ping
ln -sf ../bin/ping ${RPM_BUILD_ROOT}%{_sbindir}/ping6 ln -sf ../bin/ping ${RPM_BUILD_ROOT}%{_sbindir}/ping6
ln -sf ../bin/tracepath ${RPM_BUILD_ROOT}%{_sbindir}/tracepath ln -sf ../bin/tracepath ${RPM_BUILD_ROOT}%{_sbindir}/tracepath
ln -sf ../bin/tracepath ${RPM_BUILD_ROOT}%{_sbindir}/tracepath6 ln -sf ../bin/tracepath ${RPM_BUILD_ROOT}%{_sbindir}/tracepath6
ln -sf ../bin/arping ${RPM_BUILD_ROOT}%{_sbindir}/arping
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8 ln -sf ping.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/ping6.8.gz
%if ! 0%{?_module_build} ln -sf tracepath.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/tracepath6.8.gz
install -cp doc/clockdiff.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/ install -cp ifenslave ${RPM_BUILD_ROOT}%{_sbindir}/
install -cp doc/arping.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/ install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
install -cp doc/ping.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
install -cp doc/rdisc.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
install -cp doc/tracepath.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
install -cp doc/ninfod.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
ln -s ping.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/ping6.8.gz
ln -s tracepath.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/tracepath6.8.gz
%endif
install -dp ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d
install -m 644 %SOURCE2 ${RPM_BUILD_ROOT}/%{_unitdir}
install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir}
%post %post
%systemd_post rdisc.service %systemd_post rdisc.service
@ -143,13 +102,12 @@ install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir}
%postun ninfod %postun ninfod
%systemd_postun_with_restart ninfod.service %systemd_postun_with_restart ninfod.service
%files %files -f %{name}.lang
%doc README.bonding %doc README.bonding
%{!?_licensedir:%global license %%doc}
%license bsd.txt gpl-2.0.txt %license bsd.txt gpl-2.0.txt
%{_unitdir}/rdisc.service %{_unitdir}/rdisc.service
%attr(0755,root,root) %caps(cap_net_raw=p) %{_sbindir}/clockdiff %attr(0755,root,root) %caps(cap_net_raw=p) %{_bindir}/clockdiff
%attr(0755,root,root) %caps(cap_net_raw=p) %{_sbindir}/arping %attr(0755,root,root) %caps(cap_net_raw=p) %{_bindir}/arping
%attr(0755,root,root) %{_bindir}/ping %attr(0755,root,root) %{_bindir}/ping
%{_sbindir}/ifenslave %{_sbindir}/ifenslave
%{_sbindir}/rdisc %{_sbindir}/rdisc
@ -158,7 +116,7 @@ install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir}
%{_sbindir}/ping6 %{_sbindir}/ping6
%{_sbindir}/tracepath %{_sbindir}/tracepath
%{_sbindir}/tracepath6 %{_sbindir}/tracepath6
%if ! 0%{?_module_build} %{_sbindir}/arping
%attr(644,root,root) %{_mandir}/man8/clockdiff.8.gz %attr(644,root,root) %{_mandir}/man8/clockdiff.8.gz
%attr(644,root,root) %{_mandir}/man8/arping.8.gz %attr(644,root,root) %{_mandir}/man8/arping.8.gz
%attr(644,root,root) %{_mandir}/man8/ping.8.gz %attr(644,root,root) %{_mandir}/man8/ping.8.gz
@ -167,47 +125,88 @@ install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir}
%attr(644,root,root) %{_mandir}/man8/tracepath.8.gz %attr(644,root,root) %{_mandir}/man8/tracepath.8.gz
%{_mandir}/man8/tracepath6.8.gz %{_mandir}/man8/tracepath6.8.gz
%attr(644,root,root) %{_mandir}/man8/ifenslave.8.gz %attr(644,root,root) %{_mandir}/man8/ifenslave.8.gz
%endif
%files ninfod %files ninfod
%attr(0755,root,root) %caps(cap_net_raw=ep) %{_sbindir}/ninfod %attr(0755,root,root) %caps(cap_net_raw=ep) %{_sbindir}/ninfod
%{_unitdir}/ninfod.service %{_unitdir}/ninfod.service
%if ! 0%{?_module_build}
%attr(644,root,root) %{_mandir}/man8/ninfod.8.gz %attr(644,root,root) %{_mandir}/man8/ninfod.8.gz
%endif
%changelog %changelog
* Thu Jun 08 2023 Jan Macku <jamacku@redhat.com> - 20180629-11 * Tue Oct 22 2024 Jan Macku <jamacku@redhat.com> - 20210202-10
- Add support for VRF with ping command (#2208409) - ping: Fix ping6 binding to VRF and address (RHEL-63060)
* Wed May 03 2023 Jan Macku <jamacku@redhat.com> - 20210202-9
- ping: Remove 'unsupported IPv6' warning on disabled IPv6 (rhbz#2152511)
* Fri Nov 25 2022 Jan Macku <jamacku@redhat.com> - 20210202-8
- Build iputils and ifenslave with correct flags (rhbz#2144509)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 20210202-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 20210202-6
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Mon Jun 14 2021 Jan Macku <jamacku@redhat.com> - 20210202-5
- spec: Add note about source of ifenslave code (rhbz#1938746)
* Wed Jun 09 2021 Jan Macku <jamacku@redhat.com> - 20210202-4
- ifenslave: fix CWE-170 (rhbz#1938746)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 20210202-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Mar 23 2021 Jan Macku <jamacku@redhat.com> - 20210202-2
- ifenslave: fix CWE-170 (related to rhbz#1938746)
* Tue Feb 02 2021 Kevin Fenzi <kevin@scrye.com> - 20210202-1
- Update to 20210202. Fixes rhbz#1923917
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 20200821-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Oct 31 2020 Kevin Fenzi <kevin@scrye.com> - 20200821-1
- Update to 20200821 release. Fixes bug #1871310
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20190515-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon May 18 2020 Jan Synáček <jsynacek@redhat.com> - 20190515-7
- arping exits with error when should not (#1836607)
* Mon Mar 2 2020 Jan Synáček <jsynacek@redhat.com> - 20190515-6
- Make ping unprivileged (#1699497)
* Tue Mar 22 2022 Jan Macku <jamacku@redhat.com> - 20180629-10 * Mon Feb 3 2020 Jan Synáček <jsynacek@redhat.com> - 20190515-5
- Fix regression of output when pinging unreachable IPv6 host (#2057570) - Symlink arping to /usr/sbin/arping to maintain backward compatibility (#1797525)
* Thu Feb 03 2022 Jan Macku <jamacku@redhat.com> - 20180629-9 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20190515-4
- Fix copying input IPv6 address (#2047659) - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 03 2022 Jan Macku <jamacku@redhat.com> - 20180629-8 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20190515-3
- Make ping unprivileged (#2030107) - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Feb 17 2021 Jan Macku <jamacku@redhat.com> - 20180629-7 * Wed May 22 2019 Jan Synáček <jsynacek@redhat.com> - 20190515-2
- Revert patch introduced by #1852638 (#1928179) - Mark localization files correctly (#1712514)
* Tue Dec 15 2020 Jan Macku <jamacku@redhat.com> - 20180629-6 * Wed May 22 2019 Jan Synáček <jsynacek@redhat.com> - 20190515-1
- Exit on error (#1852638) - Update to s20190515 (#1710647)
* Thu Dec 10 2020 Jan Macku <jamacku@redhat.com> - 20180629-5 * Thu Mar 28 2019 Jan Synáček <jsynacek@redhat.com> - 20190324-1
- Change error() -> fprintf() reported by covscan (#1852638) - Update to s20190324 (#1692136)
* Wed Dec 09 2020 Jan Macku <jamacku@redhat.com> - 20180629-4 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20180629-4
- Fix infinite loop caused by subsecond timeouts (#1852638) - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Dec 08 2020 Jan Macku <jamacku@redhat.com> - 20180629-3 * Wed Jan 23 2019 Bogdan Dobrelya <bdobreli@redhat.com> - 20180629-3
- Fix incorrect ping statistics (#1901780) - Use systemd_ordering macro
* Wed Jul 10 2019 Jan Synáček <jsynacek@redhat.com> - 20180629-2 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20180629-2
- covscan fix (#1606968) - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 03 2018 Jan Synáček <jsynacek@redhat.com> - 20180629-1 * Tue Jul 3 2018 Jan Synáček <jsynacek@redhat.com> - 20180629-1
- update to s20180629 (#1596893) - update to s20180629 (#1596893)
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20161105-9 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20161105-9

Write Preview
Loading…
Cancel
Save