rpms
/
iputils
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:c9
Branches Tags
rpms:i9c
rpms:c9
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9-beta
rpms:i8c
rpms:c8
rpms:i9c-beta
rpms:c9-beta
..
compare: rpms:c10-beta
Branches Tags
rpms:i9c
rpms:c9
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9-beta
rpms:i8c
rpms:c8
rpms:i9c-beta
rpms:c9-beta

No commits in common. 'c9' and 'c10-beta' have entirely different histories.
c9 ... c10-beta

8 changed files with 70 additions and 305 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1,2 +1,2 @@
SOURCES/ifenslave.tar.gz
SOURCES/iputils-20210202.tar.gz
SOURCES/iputils-20240117.tar.gz

2
.iputils.metadata
Unescape View File

@ -1,2 +1,2 @@
1e2652cb1d1e29a8ebed1209131924a6eb864daf SOURCES/ifenslave.tar.gz
4e552cd0478388e1551853020b60efda18592028 SOURCES/iputils-20210202.tar.gz
d0df29f63e63ac3b2c564c40b82c5904c0ccb05c SOURCES/iputils-20240117.tar.gz

51
SOURCES/001-ping-remove-unsupported-IPv6-warning-on-disabled-IPv6.patch
Unescape View File

@ -1,51 +0,0 @@
From 79d713eab6181e219bf932b404706f6f59ff2539 Mon Sep 17 00:00:00 2001
From: Byron Stanoszek <gandalf@winds.org>
Date: Thu, 16 Sep 2021 23:38:54 +0200
Subject: [PATCH] ping: Remove 'unsupported IPv6' warning on disabled IPv6
Regression was introduced in d141cb6 as introduced condition
if ((errno == EAFNOSUPPORT && socktype == AF_INET6) || options & F_VERBOSE || requisite)
was wrong, it should have been:
if ((errno == EAFNOSUPPORT && family == AF_INET6 && requisite) || options & F_VERBOSE)
but bug was hidden as `family == AF_INET6' was always false until
otherwise correct fix 904cdb6 ("ping: AF_INET6 is address family not
socket type [lgtm scan]") propagated the error.
Tested on kernel booted with ipv6.disable=1 (disabling via sysctl, i.e.
sysctl -w net.ipv6.conf.all.disable_ipv6=1; sysctl -w net.ipv6.conf.default.disable_ipv6=1
does not trigger the issue as it exit with "socket: Address family not
supported by protocol" - errno EADDRNOTAVAIL).
Fixes: d141cb6 ("ping: work with older kernels that don't support ping sockets")
Closes: https://github.com/iputils/iputils/issues/293
Closes: https://github.com/iputils/iputils/pull/370
Reported-by: lekto <lekto@o2.pl>
Reviewed-by: Andrew Clayton <andrew@digital-domain.net>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Byron Stanoszek <gandalf@winds.org>
[ pvorel: create commit from Byron's patch on the issue, do analysis and wrote commit message ]
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
ping/ping.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ping/ping.c b/ping/ping.c
index 6fcb44f2..0655bf4a 100644
--- a/ping/ping.c
+++ b/ping/ping.c
@@ -150,8 +150,8 @@ static void create_socket(struct ping_rts *rts, socket_st *sock, int family,
/* Report error related to disabled IPv6 only when IPv6 also failed or in
* verbose mode. Report other errors always.
*/
- if ((errno == EAFNOSUPPORT && family == AF_INET6) ||
- rts->opt_verbose || requisite)
+ if ((errno == EAFNOSUPPORT && family == AF_INET6 && requisite) ||
+ rts->opt_verbose)
error(0, errno, "socket");
if (requisite)
exit(2);

95
SOURCES/002-ping-Fix-ping6-binding-to-VRF-and-address.patch
Unescape View File

@ -1,95 +0,0 @@
From 36580e1d539b4bb7c187d4cf9ccc63afad9edbb1 Mon Sep 17 00:00:00 2001
From: Lahav Schlesinger <lschlesinger@drivenets.com>
Date: Wed, 30 Jun 2021 13:06:13 +0300
Subject: [PATCH 1/2] ping: Fix ping6 binding to VRF and address
Since Linux kernel commit 1893ff20275b ("net/ipv6: Add l3mdev check to
ipv6_chk_addr_and_flags") from v4.17-rc1 ping fails when trying to
create IPv6 SOCK_RAW socket (e.g. if net.ipv4.ping_group_range = 1 0)
and passing both -I <vrf_interface> and -I <local_ipv6_addr>.
It works for IPv4 SOCK_RAW socket.
# ip netns add tmp_ns
# ip -n tmp_ns link add vrf_1 type vrf table 10001
# ip -n tmp_ns link add lo10 type dummy
# ip -n tmp_ns link set lo10 master vrf_1
# ip -n tmp_ns link set vrf_1 up
# ip -n tmp_ns link set lo10 up
# ip -n tmp_ns link set lo up
# ip -n tmp_ns addr add 1:2::3:4/128 dev lo10
# ip -n tmp_ns addr add 1.2.3.4/32 dev lo10
# ip netns exec tmp_ns ping -6 1:2::3:4 -I vrf_1 -I 1:2::3:4 -c 1 # IPv6 broken
ping: bind icmp socket: Cannot assign requested address
# ping 1.2.3.4 -I vrf_1 -I 1.2.3.4 -c 1 # IPv4 working
PING 1.2.3.4 (1.2.3.4) from 1.2.3.4 vrf_1: 56(84) bytes of data.
64 bytes from 1.2.3.4: icmp_seq=1 ttl=64 time=0.090 ms
--- 1.2.3.4 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.090/0.090/0.090/0.000 ms
ping fails because it doesn't actually bind to the VRF interface, while
after 1893ff20275b, binding to an IPv6 address searches only on the same
l3mdev as the device the function receives. If the socket wasn't
SO_BINDTODEVICE-ed, then the kernel will only search for devices that
are not ensalved to an l3mdev device (= in the default VRF), which will
cause the bind() to fail.
Only SOCK_RAW socket is affected. SOCK_DGRAM is not affected because
Linux kernel doesn't check the device the socket was SO_BINDTODEVICE-ed
to, but only the device from addr->sin6_scope_id (which if none is
passed, it will again only search devices in the default VRF).
NOTE: creating network namespace to reproduce the issue is needed just
on systems with net.ipv4.ping_group_range = 0 2147483647 (e.g. current
Fedora, openSUSE, Ubuntu), which causes to use SOCK_DGRAM socket.
Alternatively to force SOCK_RAW to it'd be enough just to properly set
net.ipv4.ping_group_range:
# echo "1 0" > /proc/sys/net/ipv4/ping_group_range
Closes: https://github.com/iputils/iputils/pull/344
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Lahav Schlesinger <lschlesinger@drivenets.com>
[ pvorel: adjusted commit message ]
Signed-off-by: Petr Vorel <pvorel@suse.cz>
(cherry picked from commit 7c65999f98bc4a1984594b7fad1af0eaf0b9d34b)
---
ping/ping6_common.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
index 4712928..98b5adb 100644
--- a/ping/ping6_common.c
+++ b/ping/ping6_common.c
@@ -223,6 +223,8 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
if (rts->device) {
struct cmsghdr *cmsg;
struct in6_pktinfo *ipi;
+ int rc;
+ int errno_save;
cmsg = (struct cmsghdr *)(rts->cmsgbuf + rts->cmsglen);
rts->cmsglen += CMSG_SPACE(sizeof(*ipi));
@@ -233,6 +235,15 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
ipi = (struct in6_pktinfo *)CMSG_DATA(cmsg);
memset(ipi, 0, sizeof(*ipi));
ipi->ipi6_ifindex = if_name2index(rts->device);
+
+ enable_capability_raw();
+ rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
+ rts->device, strlen(rts->device) + 1);
+ errno_save = errno;
+ disable_capability_raw();
+
+ if (rc == -1)
+ error(2, errno_save, "SO_BINDTODEVICE %s", rts->device);
}
if (IN6_IS_ADDR_MULTICAST(&rts->whereto6.sin6_addr)) {
--
2.46.0

54
SOURCES/003-ping6-Avoid-binding-to-non-VRF.patch
Unescape View File

@ -1,54 +0,0 @@
From a2d2428c5fa6bf370486f509b18862c5c7b8b47e Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Tue, 9 Nov 2021 02:39:56 +0100
Subject: [PATCH 2/2] ping6: Avoid binding to non-VRF
This fixes permission issue when specifying just address (without VRF)
unless having CAP_NET_ADMIN (i.e. root) permission:
$ ./builddir/ping/ping -c1 -I lo ::1
./builddir/ping/ping: SO_BINDTODEVICE lo: Operation not permitted
because setsockopt() SO_BINDTODEVICE (similar to bind()) can be only done on
opt_strictsource.
Fixes: 7c65999 ("ping: Fix ping6 binding to VRF and address")
Signed-off-by: Petr Vorel <pvorel@suse.cz>
(cherry picked from commit f52b582248f1f870e870a9973621805d969906b4)
---
ping/ping6_common.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
index 98b5adb..a784be0 100644
--- a/ping/ping6_common.c
+++ b/ping/ping6_common.c
@@ -236,14 +236,16 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
memset(ipi, 0, sizeof(*ipi));
ipi->ipi6_ifindex = if_name2index(rts->device);
- enable_capability_raw();
- rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
- rts->device, strlen(rts->device) + 1);
- errno_save = errno;
- disable_capability_raw();
-
- if (rc == -1)
- error(2, errno_save, "SO_BINDTODEVICE %s", rts->device);
+ if (rts->opt_strictsource) {
+ enable_capability_raw();
+ rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
+ rts->device, strlen(rts->device) + 1);
+ errno_save = errno;
+ disable_capability_raw();
+
+ if (rc == -1)
+ error(2, errno_save, "SO_BINDTODEVICE %s", rts->device);
+ }
}
if (IN6_IS_ADDR_MULTICAST(&rts->whereto6.sin6_addr)) {
--
2.46.0

11
SOURCES/ninfod.service
Unescape View File

@ -1,11 +0,0 @@
[Unit]
Description=Node Information Query Daemon
After=network.target
Documentation=man:ninfod
[Service]
Type=forking
ExecStart=/usr/sbin/ninfod
[Install]
WantedBy=multi-user.target

11
SOURCES/rdisc.service
Unescape View File

@ -1,11 +0,0 @@
[Unit]
Description=rdisc daemon which discovers routers on the local subnet
After=network.target
Documentation=man:rdisc
[Service]
Type=forking
ExecStart=/sbin/rdisc -s
[Install]
WantedBy=multi-user.target

149
SPECS/iputils.spec
Unescape View File

@ -2,28 +2,19 @@
Summary: Network monitoring tools including ping
Name: iputils
Version: 20210202
Release: 10%{?dist}
Version: 20240117
Release: 6%{?dist}
# some parts are under the original BSD (ping.c)
# some are under GPLv2+ (tracepath.c)
License: BSD and GPLv2+
License: BSD-4-Clause-UC AND GPL-2.0-or-later
URL: https://github.com/iputils/iputils
Source0: https://github.com/iputils/iputils/archive/%{version}/%{name}-%{version}.tar.gz
# ifenslave.tar.gz was taken from kernel 3.10 source at: https://elixir.bootlin.com/linux/v3.10/source/Documentation/networking/ifenslave.c
Source1: ifenslave.tar.gz
Source2: rdisc.service
Source3: ninfod.service
# Taken from ping.c on 2014-07-12
Source4: bsd.txt
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
# Upstream patches
Patch001: 001-ping-remove-unsupported-IPv6-warning-on-disabled-IPv6.patch
Patch002: 002-ping-Fix-ping6-binding-to-VRF-and-address.patch
Patch003: 003-ping6-Avoid-binding-to-non-VRF.patch
# Downstream-only patches
Patch100: 100-iputils-ifenslave.patch
Patch101: 101-iputils-ifenslave-CWE-170.patch
Patch102: 102-iputils-ifenslave-CWE-170-2.patch
@ -37,11 +28,11 @@ BuildRequires: openssl-devel
BuildRequires: libcap-devel
BuildRequires: libxslt docbook5-style-xsl
BuildRequires: systemd
BuildRequires: iproute
%{?systemd_ordering}
Provides: /bin/ping
Provides: /bin/ping6
Provides: /sbin/arping
Provides: /sbin/rdisc
%description
The iputils package contains basic utilities for monitoring a network,
@ -49,118 +40,114 @@ including ping. The ping command sends a series of ICMP protocol
ECHO_REQUEST packets to a specified network host to discover whether
the target machine is alive and receiving network traffic.
%package ninfod
Summary: Node Information Query Daemon
Requires: %{name} = %{version}-%{release}
Provides: %{_sbindir}/ninfod
%description ninfod
Node Information Query (RFC4620) daemon. Responds to IPv6 Node Information
Queries.
%prep
%setup -q -a 1 -n %{name}-%{version}
%autosetup -a 1 -n %{name}-%{version}
cp %{SOURCE4} %{SOURCE5} .
%autopatch -p1
%build
%meson -DBUILD_TFTPD=false
%meson
%meson_build
gcc $RPM_OPT_FLAGS $CFLAGS $RPM_LD_FLAGS $LDFLAGS ifenslave.c -o ifenslave
%install
%meson_install
%find_lang %{name}
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
ln -sf ../bin/ping ${RPM_BUILD_ROOT}%{_sbindir}/ping
ln -sf ../bin/ping ${RPM_BUILD_ROOT}%{_sbindir}/ping6
ln -sf ../bin/tracepath ${RPM_BUILD_ROOT}%{_sbindir}/tracepath
ln -sf ../bin/tracepath ${RPM_BUILD_ROOT}%{_sbindir}/tracepath6
ln -sf ../bin/arping ${RPM_BUILD_ROOT}%{_sbindir}/arping
ln -sf ping.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/ping6.8.gz
ln -sf tracepath.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/tracepath6.8.gz
echo ".so man8/ping.8" > ${RPM_BUILD_ROOT}%{_mandir}/man8/ping6.8
echo ".so man8/tracepath.8" > ${RPM_BUILD_ROOT}%{_mandir}/man8/tracepath6.8
install -cp ifenslave ${RPM_BUILD_ROOT}%{_sbindir}/
install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
%post
%systemd_post rdisc.service
%preun
%systemd_preun rdisc.service
%postun
%systemd_postun_with_restart rdisc.service
%post ninfod
%systemd_post ninfod.service
%preun ninfod
%systemd_preun ninfod.service
%postun ninfod
%systemd_postun_with_restart ninfod.service
%files -f %{name}.lang
%doc README.bonding
%license bsd.txt gpl-2.0.txt
%{_unitdir}/rdisc.service
%attr(0755,root,root) %caps(cap_net_raw=p) %{_bindir}/clockdiff
%attr(0755,root,root) %caps(cap_net_raw=p) %{_bindir}/arping
%attr(0755,root,root) %{_bindir}/ping
%{_sbindir}/ifenslave
%{_sbindir}/rdisc
%{_bindir}/tracepath
%{_sbindir}/ping
%{_sbindir}/ping6
%{_sbindir}/tracepath
%{_sbindir}/tracepath6
%{_sbindir}/arping
%attr(644,root,root) %{_mandir}/man8/clockdiff.8.gz
%attr(644,root,root) %{_mandir}/man8/arping.8.gz
%attr(644,root,root) %{_mandir}/man8/ping.8.gz
%{_mandir}/man8/ping6.8.gz
%attr(644,root,root) %{_mandir}/man8/rdisc.8.gz
%attr(644,root,root) %{_mandir}/man8/tracepath.8.gz
%{_mandir}/man8/tracepath6.8.gz
%attr(644,root,root) %{_mandir}/man8/ifenslave.8.gz
%files ninfod
%attr(0755,root,root) %caps(cap_net_raw=ep) %{_sbindir}/ninfod
%{_unitdir}/ninfod.service
%attr(644,root,root) %{_mandir}/man8/ninfod.8.gz
%attr(644,root,root) %{_mandir}/man8/clockdiff.8*
%attr(644,root,root) %{_mandir}/man8/arping.8*
%attr(644,root,root) %{_mandir}/man8/ping.8*
%{_mandir}/man8/ping6.8*
%attr(644,root,root) %{_mandir}/man8/tracepath.8*
%{_mandir}/man8/tracepath6.8*
%attr(644,root,root) %{_mandir}/man8/ifenslave.8*
%changelog
* Tue Oct 22 2024 Jan Macku <jamacku@redhat.com> - 20210202-10
- ping: Fix ping6 binding to VRF and address (RHEL-63060)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 20240117-6
- Bump release for June 2024 mass rebuild
* Tue May 28 2024 Jan Macku <jamacku@redhat.com> - 20240117-5
- Fix ifenslave defects detected by Coverity
* Wed May 03 2023 Jan Macku <jamacku@redhat.com> - 20210202-9
- ping: Remove 'unsupported IPv6' warning on disabled IPv6 (rhbz#2152511)
* Sun Feb 11 2024 Kevin Fenzi <kevin@scrye.com> - 20240117-4
- Fix sources. Fixes rhbz#2263028
* Fri Nov 25 2022 Jan Macku <jamacku@redhat.com> - 20210202-8
- Build iputils and ifenslave with correct flags (rhbz#2144509)
* Mon Jan 29 2024 Fedora Release Engineering <releng@fedoraproject.org> - 20240117-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 20210202-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 20240117-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 20210202-6
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Sun Jan 21 2024 Kevin Fenzi <kevin@scrye.com> - 20240117-1
- Update to 20240117. Fixes rhbz#2258910
* Mon Jun 14 2021 Jan Macku <jamacku@redhat.com> - 20210202-5
- spec: Add note about source of ifenslave code (rhbz#1938746)
* Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 20231222-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jun 09 2021 Jan Macku <jamacku@redhat.com> - 20210202-4
- ifenslave: fix CWE-170 (rhbz#1938746)
* Wed Dec 27 2023 Kevin Fenzi <kevin@scrye.com> - 20231222-1
- Update to 20231222. Fixes rhbz#2255687
- Fix PatchN warnings
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 20210202-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 20221126-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Mar 23 2021 Jan Macku <jamacku@redhat.com> - 20210202-2
* Wed Apr 12 2023 Lukáš Zaoral <lzaoral@redhat.com> - 20221126-3
- migrate to SPDX license format
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 20221126-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sun Nov 27 2022 Kevin Fenzi <kevin@scrye.com> - 20221126-1
- Update to 20221126. Fixes rhbz#2148690
* Fri Nov 25 2022 Jan Macku <jamacku@redhat.com> - 20211215-4
- Build iputils and ifenslave with correct flags provided by Fedora
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 20211215-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 20211215-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Dec 16 2021 Kevin Fenzi <kevin@scrye.com> - 20211215-1
- Update to 20211215. Fixes rhbz#2033161
* Sun Jul 25 2021 Kevin Fenzi <kevin@scrye.com> - 20210722-1
- Update to 20210722. Fixes rhbz#1985117
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 20210202-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Mar 23 2021 Jan Macku <jamacku@redhat.com> - 20210202-3
- ifenslave: fix CWE-170 (related to rhbz#1938746)
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 20210202-2
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Tue Feb 02 2021 Kevin Fenzi <kevin@scrye.com> - 20210202-1
- Update to 20210202. Fixes rhbz#1923917

Write Preview
Loading…
Cancel
Save