conntrack-tools-1.4.8-3

- Backport fixes from upstream

Resolves: RHEL-66056
This commit is contained in:
Phil Sutter 2024-11-15 18:44:04 +01:00
parent 2535f18583
commit 71462585ba
8 changed files with 591 additions and 7 deletions

View File

@ -0,0 +1,39 @@
From 580de3da8866cf647afb877f8109613c00286408 Mon Sep 17 00:00:00 2001
From: Stephan Brunner <s.brunner@stephan-brunner.net>
Date: Mon, 15 Jul 2024 16:13:42 +0200
Subject: [PATCH] conntrack: tcp: fix parsing of tuple-port-src and
tuple-port-dst
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
As seen in the parsing code above, L4PROTO should be set to IPPROTO_TCP, not the port number itself.
Fixes: 40efc1ebb15b ("conntrack: cleanup command line tool protocol extensions")
Co-Developed-by: Reinhard Nißl <reinhard.nissl@fee.de>
Signed-off-by: Stephan Brunner <s.brunner@stephan-brunner.net>
(cherry picked from commit 8a251ddc8c9da5b04e95eaba23cde6ab6576b7ca)
---
extensions/libct_proto_tcp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c
index 27f583379d325..4681693598ae8 100644
--- a/extensions/libct_proto_tcp.c
+++ b/extensions/libct_proto_tcp.c
@@ -165,13 +165,13 @@ static int parse_options(char c,
case '8':
port = htons(atoi(optarg));
nfct_set_attr_u16(exptuple, ATTR_ORIG_PORT_SRC, port);
- nfct_set_attr_u8(exptuple, ATTR_ORIG_L4PROTO, port);
+ nfct_set_attr_u8(exptuple, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
*flags |= CT_TCP_EXPTUPLE_SPORT;
break;
case '9':
port = htons(atoi(optarg));
nfct_set_attr_u16(exptuple, ATTR_ORIG_PORT_DST, port);
- nfct_set_attr_u8(exptuple, ATTR_ORIG_L4PROTO, port);
+ nfct_set_attr_u8(exptuple, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
*flags |= CT_TCP_EXPTUPLE_DPORT;
break;
}

View File

@ -0,0 +1,46 @@
From 22d290c9122a6b78db0ef3b6d1b29e3560dd615d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ahelenia=20Ziemia=C5=84ska?=
<nabijaczleweli@nabijaczleweli.xyz>
Date: Tue, 3 Sep 2024 04:16:21 +0200
Subject: [PATCH] conntrack: -L doesn't take a value, so don't discard one
(same for -IUDGEFA)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The manual says
COMMANDS
These options specify the particular operation to perform.
Only one of them can be specified at any given time.
-L --dump
List connection tracking or expectation table
So, naturally, "conntrack -Lo extended" should work,
but it doesn't, it's equivalent to "conntrack -L",
and you need "conntrack -L -o extended".
This violates user expectations (borne of the Utility Syntax Guidelines)
and contradicts the manual.
optarg is unused, anyway. Unclear why any of these were :: at all?
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 33f030f7d4e64d3ee20f76330c50e02e9c92932c)
---
src/conntrack.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index 0d713520b9020..9fa49869b5534 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -337,7 +337,7 @@ static struct option original_opts[] = {
{0, 0, 0, 0}
};
-static const char *getopt_str = ":L::I::U::D::G::E::F::A::hVs:d:r:q:"
+static const char *getopt_str = ":LIUDGEFAhVs:d:r:q:"
"p:t:u:e:a:z[:]:{:}:m:i:f:o:n::"
"g::c:b:C::Sj::w:l:<:>::(:):";

View File

@ -0,0 +1,74 @@
From c553627f6ae3b4ad3166e9a79e6eea8979d4972a Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 1 Oct 2024 14:22:34 +0200
Subject: [PATCH] tests: conntrack: missing space before option
Recent updates make the conntrack parser slightly more robust. A few
test lines include:
... -w 11-s 2001:DB8::1.1.1.1 ...
where space is missing. These are typos rather than valid input.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 3d79708c99d95bfaaad70c7b1efe5c36e85196f4)
---
tests/conntrack/testsuite/09dumpopt | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/tests/conntrack/testsuite/09dumpopt b/tests/conntrack/testsuite/09dumpopt
index c1e0e6ed376d5..9dcd51f816384 100644
--- a/tests/conntrack/testsuite/09dumpopt
+++ b/tests/conntrack/testsuite/09dumpopt
@@ -25,7 +25,7 @@
# delete reverse
-D -w 11 -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 ; OK
# delete v6 conntrack
--D -w 11-s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
+-D -w 11 -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
# delete icmp ping request entry
-D -w 11 -u SEEN_REPLY -s 1.1.1.1 -d 2.2.2.2 -r 2.2.2.2 -q 1.1.1.1 -p icmp --icmp-type 8 --icmp-code 0 --icmp-id 1226 ; OK
# delete old entries
@@ -33,7 +33,7 @@
# delete reverse
-D -w 10 -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 ; OK
# delete v6 conntrack
--D -w 10-s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
+-D -w 10 -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
# delete icmp ping request entry
-D -w 10 -u SEEN_REPLY -s 1.1.1.1 -d 2.2.2.2 -r 2.2.2.2 -q 1.1.1.1 -p icmp --icmp-type 8 --icmp-code 0 --icmp-id 1226 ; OK
#
@@ -64,7 +64,7 @@
# delete reverse
-D -w 11 -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 ; OK
# delete v6 conntrack
--D -w 11-s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
+-D -w 11 -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
# delete icmp ping request entry
-D -w 11 -u SEEN_REPLY -s 1.1.1.1 -d 2.2.2.2 -r 2.2.2.2 -q 1.1.1.1 -p icmp --icmp-type 8 --icmp-code 0 --icmp-id 1226 ; OK
# delete old entries
@@ -72,7 +72,7 @@
# delete reverse
-D -w 10 -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 ; BAD
# delete v6 conntrack
--D -w 10-s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; BAD
+-D -w 10 -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p tcp --sport 10 --dport 20 ; BAD
# delete icmp ping request entry
-D -w 10 -u SEEN_REPLY -s 1.1.1.1 -d 2.2.2.2 -r 2.2.2.2 -q 1.1.1.1 -p icmp --icmp-type 8 --icmp-code 0 --icmp-id 1226 ; BAD
#
@@ -161,13 +161,13 @@
# IGMP
-D -w 10 -s 0.0.0.0 -d 224.0.0.22 -r 224.0.0.22 -q 0.0.0.0 -p 2 ; OK
# Some fency protocol
--D -w 10 -s 0.0.0.0 -d 224.0.0.22 -r 224.0.0.22 -q 0.0.0.0 -p 200 ; OK
+-D -w 10 -s 0.0.0.0 -d 224.0.0.22 -r 224.0.0.22 -q 0.0.0.0 -p 200 ; OK
# Some fency protocol with IPv6
-D -w 10 -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p 200 ; OK
# Delete stuff in zone 11, should succeed
# IGMP
-D -w 11 -s 0.0.0.0 -d 224.0.0.22 -r 224.0.0.22 -q 0.0.0.0 -p 2 ; OK
# Some fency protocol
--D -w 11 -s 0.0.0.0 -d 224.0.0.22 -r 224.0.0.22 -q 0.0.0.0 -p 200 ; OK
+-D -w 11 -s 0.0.0.0 -d 224.0.0.22 -r 224.0.0.22 -q 0.0.0.0 -p 200 ; OK
# Some fency protocol with IPv6
-D -w 11 -s 2001:DB8::1.1.1.1 -d 2001:DB8::2.2.2.2 -p 200 ; OK

View File

@ -0,0 +1,80 @@
From c8ec76ff8f57854cc30fcaad7df890e6127fba71 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 1 Oct 2024 13:46:18 +0200
Subject: [PATCH] conntrack: improve --secmark,--id,--zone parser
strtoul() is called with no error checking at all, add a helper
function to validate input is correct for values less than
UINT32_MAX.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit bd20d768ce9a1433182ac523ab2b6c18bb9a1649)
---
src/conntrack.c | 35 +++++++++++++++++++++++++++++------
1 file changed, 29 insertions(+), 6 deletions(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index 9fa49869b5534..18829dbf79bce 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -1213,6 +1213,26 @@ parse_parameter_mask(const char *arg, unsigned int *status, unsigned int *mask,
exit_error(PARAMETER_PROBLEM, "Bad parameter `%s'", arg);
}
+static int parse_value(const char *str, uint32_t *ret, uint64_t max)
+{
+ char *endptr;
+ uint64_t val;
+
+ assert(max <= UINT32_MAX);
+
+ errno = 0;
+ val = strtoul(str, &endptr, 0);
+ if (endptr == str ||
+ *endptr != '\0' ||
+ (val == ULONG_MAX && errno == ERANGE) ||
+ val > max)
+ return -1;
+
+ *ret = val;
+
+ return 0;
+}
+
static void
parse_u32_mask(const char *arg, struct u32_mask *m)
{
@@ -2918,6 +2938,7 @@ static void do_parse(struct ct_cmd *ct_cmd, int argc, char *argv[])
struct ct_tmpl *tmpl;
int res = 0, partial;
union ct_address ad;
+ uint32_t value;
int c, cmd;
/* we release these objects in the exit_error() path. */
@@ -3078,17 +3099,19 @@ static void do_parse(struct ct_cmd *ct_cmd, int argc, char *argv[])
case 'w':
case '(':
case ')':
+ if (parse_value(optarg, &value, UINT16_MAX) < 0)
+ exit_error(OTHER_PROBLEM, "unexpected value '%s' with -%c option", optarg, c);
+
options |= opt2type[c];
- nfct_set_attr_u16(tmpl->ct,
- opt2attr[c],
- strtoul(optarg, NULL, 0));
+ nfct_set_attr_u16(tmpl->ct, opt2attr[c], value);
break;
case 'i':
case 'c':
+ if (parse_value(optarg, &value, UINT32_MAX) < 0)
+ exit_error(OTHER_PROBLEM, "unexpected value '%s' with -%c option", optarg, c);
+
options |= opt2type[c];
- nfct_set_attr_u32(tmpl->ct,
- opt2attr[c],
- strtoul(optarg, NULL, 0));
+ nfct_set_attr_u32(tmpl->ct, opt2attr[c], value);
break;
case 'm':
options |= opt2type[c];

View File

@ -0,0 +1,71 @@
From 7541be6e37e1b9db4f88852258a8d0d2cefb4a77 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 12 Oct 2024 17:26:40 +0200
Subject: [PATCH] conntrack: improve --mark parser
Enhance helper function to parse mark and mask (if available), bail out
if input is not correct.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 401d91326bc9c3a5bab2fd319acdc844f511bb7e)
---
src/conntrack.c | 34 +++++++++++++++++++++++++++-------
1 file changed, 27 insertions(+), 7 deletions(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index 18829dbf79bce..a51a3ef82fcfc 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -1233,17 +1233,35 @@ static int parse_value(const char *str, uint32_t *ret, uint64_t max)
return 0;
}
-static void
+static int
parse_u32_mask(const char *arg, struct u32_mask *m)
{
- char *end;
+ uint64_t val, mask;
+ char *endptr;
+
+ val = strtoul(arg, &endptr, 0);
+ if (endptr == arg ||
+ (*endptr != '\0' && *endptr != '/') ||
+ (val == ULONG_MAX && errno == ERANGE) ||
+ val > UINT32_MAX)
+ return -1;
- m->value = (uint32_t) strtoul(arg, &end, 0);
+ m->value = val;
- if (*end == '/')
- m->mask = (uint32_t) strtoul(end+1, NULL, 0);
- else
+ if (*endptr == '/') {
+ mask = strtoul(endptr + 1, &endptr, 0);
+ if (endptr == arg ||
+ *endptr != '\0' ||
+ (val == ULONG_MAX && errno == ERANGE) ||
+ val > UINT32_MAX)
+ return -1;
+
+ m->mask = mask;
+ } else {
m->mask = ~0;
+ }
+
+ return 0;
}
static int
@@ -3115,7 +3133,9 @@ static void do_parse(struct ct_cmd *ct_cmd, int argc, char *argv[])
break;
case 'm':
options |= opt2type[c];
- parse_u32_mask(optarg, &tmpl->mark);
+ if (parse_u32_mask(optarg, &tmpl->mark) < 0)
+ exit_error(OTHER_PROBLEM, "unexpected value '%s' with -%c option", optarg, c);
+
tmpl->filter_mark_kernel.val = tmpl->mark.value;
tmpl->filter_mark_kernel.mask = tmpl->mark.mask;
tmpl->filter_mark_kernel_set = true;

View File

@ -0,0 +1,30 @@
From 949818d6444f1692562b29bc0fb8d4d98d435276 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 5 Nov 2024 22:27:34 +0100
Subject: [PATCH] conntrack: Fix for ENOENT in mnl_nfct_delete_cb()
Align behaviour with that of mnl_nfct_update_cb(): Just free the
nf_conntrack object and return. Do not increment counter variable, and
certainly do not try to print an uninitialized buffer.
Fixes: a7abf3f5dc7c4 ("conntrack: skip ENOENT when -U/-D finds a stale conntrack entry")
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit 4220bd83187b6deac7a93d6775aa5e4423b8e2e5)
---
src/conntrack.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index a51a3ef82fcfc..52ba4ac5e44f7 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -2030,7 +2030,7 @@ static int mnl_nfct_delete_cb(const struct nlmsghdr *nlh, void *data)
if (res < 0) {
/* the entry has vanish in middle of the delete */
if (errno == ENOENT)
- goto done;
+ goto destroy_ok;
exit_error(OTHER_PROBLEM,
"Operation failed: %s",
err2str(errno, CT_DELETE));

View File

@ -0,0 +1,233 @@
From 8728a932fb59b9b83e7c10daa1be9791fd7a5527 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 5 Nov 2024 22:51:58 +0100
Subject: [PATCH] src: Eliminate warnings with -Wcalloc-transposed-args
calloc() expects the number of elements in the first parameter, not the
second. Swap them and while at it drop one pointless cast (the function
returns a void pointer anyway).
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Florian Westphal <fw@strlen.de>
(cherry picked from commit 7ab577898f83105e3aa38ac96f3ac70c91ecb2ac)
---
src/channel.c | 4 ++--
src/channel_mcast.c | 2 +-
src/channel_tcp.c | 2 +-
src/channel_udp.c | 2 +-
src/fds.c | 4 ++--
src/filter.c | 2 +-
src/multichannel.c | 2 +-
src/origin.c | 2 +-
src/process.c | 2 +-
src/queue.c | 2 +-
src/tcp.c | 4 ++--
src/udp.c | 4 ++--
src/vector.c | 2 +-
13 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/src/channel.c b/src/channel.c
index acbfa7da5ebe6..0b89391e46fc1 100644
--- a/src/channel.c
+++ b/src/channel.c
@@ -56,7 +56,7 @@ channel_buffer_open(int mtu, int headersiz)
{
struct channel_buffer *b;
- b = calloc(sizeof(struct channel_buffer), 1);
+ b = calloc(1, sizeof(struct channel_buffer));
if (b == NULL)
return NULL;
@@ -94,7 +94,7 @@ channel_open(struct channel_conf *cfg)
if (cfg->channel_flags >= CHANNEL_F_MAX)
return NULL;
- c = calloc(sizeof(struct channel), 1);
+ c = calloc(1, sizeof(struct channel));
if (c == NULL)
return NULL;
diff --git a/src/channel_mcast.c b/src/channel_mcast.c
index 35801d71d48ac..9c9dc62aaf48d 100644
--- a/src/channel_mcast.c
+++ b/src/channel_mcast.c
@@ -19,7 +19,7 @@ static void
struct mcast_channel *m;
struct mcast_conf *c = conf;
- m = calloc(sizeof(struct mcast_channel), 1);
+ m = calloc(1, sizeof(struct mcast_channel));
if (m == NULL)
return NULL;
diff --git a/src/channel_tcp.c b/src/channel_tcp.c
index a84603cec0509..173c47ac1d732 100644
--- a/src/channel_tcp.c
+++ b/src/channel_tcp.c
@@ -21,7 +21,7 @@ static void
struct tcp_channel *m;
struct tcp_conf *c = conf;
- m = calloc(sizeof(struct tcp_channel), 1);
+ m = calloc(1, sizeof(struct tcp_channel));
if (m == NULL)
return NULL;
diff --git a/src/channel_udp.c b/src/channel_udp.c
index a46a2b1c89296..3b3d754552904 100644
--- a/src/channel_udp.c
+++ b/src/channel_udp.c
@@ -19,7 +19,7 @@ static void
struct udp_channel *m;
struct udp_conf *c = conf;
- m = calloc(sizeof(struct udp_channel), 1);
+ m = calloc(1, sizeof(struct udp_channel));
if (m == NULL)
return NULL;
diff --git a/src/fds.c b/src/fds.c
index 0b95437da44ff..d2c8b59615efb 100644
--- a/src/fds.c
+++ b/src/fds.c
@@ -30,7 +30,7 @@ struct fds *create_fds(void)
{
struct fds *fds;
- fds = (struct fds *) calloc(sizeof(struct fds), 1);
+ fds = calloc(1, sizeof(struct fds));
if (fds == NULL)
return NULL;
@@ -60,7 +60,7 @@ int register_fd(int fd, void (*cb)(void *data), void *data, struct fds *fds)
if (fd > fds->maxfd)
fds->maxfd = fd;
- item = calloc(sizeof(struct fds_item), 1);
+ item = calloc(1, sizeof(struct fds_item));
if (item == NULL)
return -1;
diff --git a/src/filter.c b/src/filter.c
index ee316e7a3ca84..e863ea98c150b 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -77,7 +77,7 @@ struct ct_filter *ct_filter_create(void)
int i;
struct ct_filter *filter;
- filter = calloc(sizeof(struct ct_filter), 1);
+ filter = calloc(1, sizeof(struct ct_filter));
if (!filter)
return NULL;
diff --git a/src/multichannel.c b/src/multichannel.c
index 952b5674585f0..25a9908ecc898 100644
--- a/src/multichannel.c
+++ b/src/multichannel.c
@@ -21,7 +21,7 @@ multichannel_open(struct channel_conf *conf, int len)
if (len <= 0 || len > MULTICHANNEL_MAX)
return NULL;
- m = calloc(sizeof(struct multichannel), 1);
+ m = calloc(1, sizeof(struct multichannel));
if (m == NULL)
return NULL;
diff --git a/src/origin.c b/src/origin.c
index 3c65f3da3f3e9..e44ffa050e354 100644
--- a/src/origin.c
+++ b/src/origin.c
@@ -31,7 +31,7 @@ int origin_register(struct nfct_handle *h, int origin_type)
{
struct origin *nlp;
- nlp = calloc(sizeof(struct origin), 1);
+ nlp = calloc(1, sizeof(struct origin));
if (nlp == NULL)
return -1;
diff --git a/src/process.c b/src/process.c
index 08598eeae84de..47f14da272493 100644
--- a/src/process.c
+++ b/src/process.c
@@ -37,7 +37,7 @@ int fork_process_new(int type, int flags, void (*cb)(void *data), void *data)
}
}
}
- c = calloc(sizeof(struct child_process), 1);
+ c = calloc(1, sizeof(struct child_process));
if (c == NULL)
return -1;
diff --git a/src/queue.c b/src/queue.c
index e94dc7c45d1fd..cab754bd482c1 100644
--- a/src/queue.c
+++ b/src/queue.c
@@ -33,7 +33,7 @@ queue_create(const char *name, int max_objects, unsigned int flags)
{
struct queue *b;
- b = calloc(sizeof(struct queue), 1);
+ b = calloc(1, sizeof(struct queue));
if (b == NULL)
return NULL;
diff --git a/src/tcp.c b/src/tcp.c
index 91fe524542013..dca0e09a3dff1 100644
--- a/src/tcp.c
+++ b/src/tcp.c
@@ -31,7 +31,7 @@ struct tcp_sock *tcp_server_create(struct tcp_conf *c)
struct tcp_sock *m;
socklen_t socklen = sizeof(int);
- m = calloc(sizeof(struct tcp_sock), 1);
+ m = calloc(1, sizeof(struct tcp_sock));
if (m == NULL)
return NULL;
@@ -209,7 +209,7 @@ struct tcp_sock *tcp_client_create(struct tcp_conf *c)
{
struct tcp_sock *m;
- m = calloc(sizeof(struct tcp_sock), 1);
+ m = calloc(1, sizeof(struct tcp_sock));
if (m == NULL)
return NULL;
diff --git a/src/udp.c b/src/udp.c
index d0a7f5b546e6b..6102328c649f2 100644
--- a/src/udp.c
+++ b/src/udp.c
@@ -25,7 +25,7 @@ struct udp_sock *udp_server_create(struct udp_conf *conf)
struct udp_sock *m;
socklen_t socklen = sizeof(int);
- m = calloc(sizeof(struct udp_sock), 1);
+ m = calloc(1, sizeof(struct udp_sock));
if (m == NULL)
return NULL;
@@ -97,7 +97,7 @@ struct udp_sock *udp_client_create(struct udp_conf *conf)
struct udp_sock *m;
socklen_t socklen = sizeof(int);
- m = calloc(sizeof(struct udp_sock), 1);
+ m = calloc(1, sizeof(struct udp_sock));
if (m == NULL)
return NULL;
diff --git a/src/vector.c b/src/vector.c
index 92a54367d108a..29e8fbe4fdb52 100644
--- a/src/vector.c
+++ b/src/vector.c
@@ -35,7 +35,7 @@ struct vector *vector_create(size_t size)
{
struct vector *v;
- v = calloc(sizeof(struct vector), 1);
+ v = calloc(1, sizeof(struct vector));
if (v == NULL)
return NULL;

View File

@ -1,6 +1,6 @@
Name: conntrack-tools
Version: 1.4.8
Release: 2%{?dist}
Release: 3%{?dist}
Summary: Manipulate netfilter connection tracking table and run High Availability
License: GPL-2.0-only
URL: http://conntrack-tools.netfilter.org/
@ -9,12 +9,20 @@ Source1: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.t
Source2: NetfilterCoreTeam-OpenGPG-KEY.txt
Source3: conntrackd.service
Source4: conntrackd.conf
Patch001: 0001-conntrack-ct-label-update-requires-proper-ruleset.patch
Patch002: 0002-conntrack-don-t-print-USERSPACE-information-in-case-.patch
Patch003: 0003-conntrackd-prevent-memory-loss-if-reallocation-fails.patch
Patch004: 0004-conntrackd-exit-with-failure-status.patch
Patch005: 0005-conntrackd-Fix-signal-handler-race-condition.patch
Patch006: 0006-conntrackd-helpers-rpc-Don-t-add-expectation-table-e.patch
Patch0001: 0001-conntrack-ct-label-update-requires-proper-ruleset.patch
Patch0002: 0002-conntrack-don-t-print-USERSPACE-information-in-case-.patch
Patch0003: 0003-conntrackd-prevent-memory-loss-if-reallocation-fails.patch
Patch0004: 0004-conntrackd-exit-with-failure-status.patch
Patch0005: 0005-conntrackd-Fix-signal-handler-race-condition.patch
Patch0006: 0006-conntrackd-helpers-rpc-Don-t-add-expectation-table-e.patch
Patch0007: 0007-conntrack-tcp-fix-parsing-of-tuple-port-src-and-tupl.patch
Patch0008: 0008-conntrack-L-doesn-t-take-a-value-so-don-t-discard-on.patch
Patch0009: 0009-tests-conntrack-missing-space-before-option.patch
Patch0010: 0010-conntrack-improve-secmark-id-zone-parser.patch
Patch0011: 0011-conntrack-improve-mark-parser.patch
Patch0012: 0012-conntrack-Fix-for-ENOENT-in-mnl_nfct_delete_cb.patch
Patch0013: 0013-src-Eliminate-warnings-with-Wcalloc-transposed-args.patch
BuildRequires: autoconf
BuildRequires: automake
@ -96,6 +104,9 @@ install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/conntrackd/
%systemd_postun conntrackd.service
%changelog
* Fri Nov 15 2024 Phil Sutter <psutter@redhat.com> - 1.4.8-3
- Backport fixes from upstream
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.4.8-2
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018