Rebase package on top of iproute2-4.17.0

This commit is contained in:
Phil Sutter 2018-06-12 21:08:06 +02:00
parent ec833118f5
commit 27df2f2db4
9 changed files with 6 additions and 275 deletions

1
.gitignore vendored
View File

@ -8,3 +8,4 @@
/iproute2-4.14.1.tar.xz
/iproute2-4.15.0.tar.xz
/iproute2-4.16.0.tar.xz
/iproute2-4.17.0.tar.xz

View File

@ -1,37 +0,0 @@
From 1264732c29782e314d02ac3fb494909d8815fa02 Mon Sep 17 00:00:00 2001
From: Leon Romanovsky <leonro@mellanox.com>
Date: Tue, 3 Apr 2018 10:28:42 +0300
Subject: [PATCH] rdma: Ignore unknown netlink attributes
The check if netlink attributes supplied more than maximum supported
is to strict and may lead to backward compatibility issues with old
application with a newer kernel that supports new attribute.
CC: Steve Wise <swise@opengridcomputing.com>
Fixes: 74bd75c2b68d ("rdma: Add basic infrastructure for RDMA tool")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
(cherry picked from commit fda0a61dde744abe69d4227f62b66238460c9011)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
rdma/utils.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/rdma/utils.c b/rdma/utils.c
index f9460162ce369..910b3800eade5 100644
--- a/rdma/utils.c
+++ b/rdma/utils.c
@@ -383,7 +383,8 @@ int rd_attr_cb(const struct nlattr *attr, void *data)
int type;
if (mnl_attr_type_valid(attr, RDMA_NLDEV_ATTR_MAX) < 0)
- return MNL_CB_ERROR;
+ /* We received uknown attribute */
+ return MNL_CB_OK;
type = mnl_attr_get_type(attr);
--
2.17.0

View File

@ -1,32 +0,0 @@
From c302ef700895f0808bb107a2fa560c14c8f3e643 Mon Sep 17 00:00:00 2001
From: Guillaume Nault <g.nault@alphalink.fr>
Date: Fri, 6 Apr 2018 13:33:49 +0200
Subject: [PATCH] bridge: fix typo in hairpin error message
No 'g' to hairpin.
Fixes: 64108901b737 ("bridge: Add support for setting bridge port attributes")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
(cherry picked from commit ef3671781644bd1722e55db4ad9d31047da0e42d)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
bridge/link.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bridge/link.c b/bridge/link.c
index 870ebe0504777..a19bc1097024e 100644
--- a/bridge/link.c
+++ b/bridge/link.c
@@ -304,7 +304,7 @@ static int brlink_modify(int argc, char **argv)
return -1;
} else if (strcmp(*argv, "hairpin") == 0) {
NEXT_ARG();
- if (!on_off("hairping", &hairpin, *argv))
+ if (!on_off("hairpin", &hairpin, *argv))
return -1;
} else if (strcmp(*argv, "fastleave") == 0) {
NEXT_ARG();
--
2.17.0

View File

@ -1,49 +0,0 @@
From 0c0499e4ff787ae76f9b1e5e8cb104794c9b8826 Mon Sep 17 00:00:00 2001
From: David Ahern <dsahern@gmail.com>
Date: Fri, 13 Apr 2018 09:36:33 -0700
Subject: [PATCH] utils: Do not reset family for default, any, all addresses
Thomas reported a change in behavior with respect to autodectecting
address families. Specifically, 'ip ro add default via fe80::1'
syntax was failing to treat fe80::1 as an IPv6 address as it did in
prior releases. The root causes appears to be a change in family when
the default keyword is parsed.
'default', 'any' and 'all' are relevant outside of AF_INET. Leave the
family arg as is for these when setting addr.
Fixes: 93fa12418dc6 ("utils: Always specify family and ->bytelen in get_prefix_1()")
Reported-by: Thomas Deutschmann <whissi@gentoo.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Cc: Serhey Popovych <serhe.popovych@gmail.com>
(cherry picked from commit d42c7891d26e4d5616a55aac9fe10813767fcf9c)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
lib/utils.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/utils.c b/lib/utils.c
index b9e9a6caaf548..803bcc45f2f24 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -566,7 +566,7 @@ static int __get_addr_1(inet_prefix *addr, const char *name, int family)
if (strcmp(name, "default") == 0) {
if ((family == AF_DECnet) || (family == AF_MPLS))
return -1;
- addr->family = (family != AF_UNSPEC) ? family : AF_INET;
+ addr->family = family;
addr->bytelen = af_byte_len(addr->family);
addr->bitlen = -2;
addr->flags |= PREFIXLEN_SPECIFIED;
@@ -577,7 +577,7 @@ static int __get_addr_1(inet_prefix *addr, const char *name, int family)
strcmp(name, "any") == 0) {
if ((family == AF_DECnet) || (family == AF_MPLS))
return -1;
- addr->family = AF_UNSPEC;
+ addr->family = family;
addr->bytelen = 0;
addr->bitlen = -2;
return 0;
--
2.17.0

View File

@ -1,38 +0,0 @@
From fa55117da22086855061d9dd87fae15fdbec58e6 Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Wed, 18 Apr 2018 11:06:07 -0700
Subject: [PATCH] iplink_geneve: correct size of message to avoid spurious
errors
Commit 6c4b672738ac ("iplink_geneve: Get rid of inet_get_addr()")
inadvertently changed the parameter to addattr_l() resulting in:
addattr_l ERROR: message exceeded bound of 4
when remote is specified.
Fixes: 6c4b672738ac ("iplink_geneve: Get rid of inet_get_addr()")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com>
(cherry picked from commit f5393225f947f76523571d6205198112dc4a8e09)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
ip/iplink_geneve.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c
index c66607267f7d1..e49a9adda1072 100644
--- a/ip/iplink_geneve.c
+++ b/ip/iplink_geneve.c
@@ -199,7 +199,7 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv,
if (is_addrtype_inet(&daddr)) {
int type = (daddr.family == AF_INET) ? IFLA_GENEVE_REMOTE :
IFLA_GENEVE_REMOTE6;
- addattr_l(n, sizeof(1024), type, daddr.data, daddr.bytelen);
+ addattr_l(n, 1024, type, daddr.data, daddr.bytelen);
}
if (!set_op || GENEVE_ATTRSET(attrs, IFLA_GENEVE_LABEL))
addattr32(n, 1024, IFLA_GENEVE_LABEL, label);
--
2.17.0

View File

@ -1,76 +0,0 @@
From 4264c8481a025fa7b413be1e892d30235237348b Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Fri, 11 May 2018 13:39:56 +0100
Subject: [PATCH] ip: do not drop capabilities if net_admin=i is set
Users have reported a regression due to ip now dropping capabilities
unconditionally.
zerotier-one VPN and VirtualBox use ambient capabilities in their
binary and then fork out to ip to set routes and links, and this
does not work anymore.
As a workaround, do not drop caps if CAP_NET_ADMIN (the most common
capability used by ip) is set with the INHERITABLE flag.
Users that want ip vrf exec to work do not need to set INHERITABLE,
which will then only set when the calling program had privileges to
give itself the ambient capability.
Fixes: ba2fc55b99f8 ("Drop capabilities if not running ip exec vrf with libcap")
Signed-off-by: Luca Boccassi <bluca@debian.org>
(cherry picked from commit 9b13cc98f5952f62b825461727c8170d37a4037d)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
lib/utils.c | 15 ++++++++++++---
man/man8/ip-vrf.8 | 4 ++++
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/lib/utils.c b/lib/utils.c
index 803bcc45f2f24..7d3fe9c91d3df 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -1492,14 +1492,23 @@ void drop_cap(void)
/* don't harmstring root/sudo */
if (getuid() != 0 && geteuid() != 0) {
cap_t capabilities;
+ cap_value_t net_admin = CAP_NET_ADMIN;
+ cap_flag_t inheritable = CAP_INHERITABLE;
+ cap_flag_value_t is_set;
capabilities = cap_get_proc();
if (!capabilities)
exit(EXIT_FAILURE);
- if (cap_clear(capabilities) != 0)
- exit(EXIT_FAILURE);
- if (cap_set_proc(capabilities) != 0)
+ if (cap_get_flag(capabilities, net_admin, inheritable,
+ &is_set) != 0)
exit(EXIT_FAILURE);
+ /* apps with ambient caps can fork and call ip */
+ if (is_set == CAP_CLEAR) {
+ if (cap_clear(capabilities) != 0)
+ exit(EXIT_FAILURE);
+ if (cap_set_proc(capabilities) != 0)
+ exit(EXIT_FAILURE);
+ }
cap_free(capabilities);
}
#endif
diff --git a/man/man8/ip-vrf.8 b/man/man8/ip-vrf.8
index 1a42cebe1aef4..c1c9b958f6800 100644
--- a/man/man8/ip-vrf.8
+++ b/man/man8/ip-vrf.8
@@ -70,6 +70,10 @@ This command also requires to be ran as root or with the CAP_SYS_ADMIN,
CAP_NET_ADMIN and CAP_DAC_OVERRIDE capabilities. If built with libcap and if
capabilities are added to the ip binary program via setcap, the program will
drop them as the first thing when invoked, unless the command is vrf exec.
+.br
+NOTE: capabilities will NOT be dropped if CAP_NET_ADMIN is set to INHERITABLE
+to avoid breaking programs with ambient capabilities that call ip.
+Do not set the INHERITABLE flag on the ip binary itself.
.TP
.B ip vrf identify [PID] - Report VRF association for process
--
2.17.0

View File

@ -1,34 +0,0 @@
From 011d598dc86ad94c0560e1eb7921546daf4f81eb Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen@networkplumber.org>
Date: Thu, 17 May 2018 16:20:50 -0700
Subject: [PATCH] tc: allow 0% for percent options
Allowing 0% is sometimes useful for example in netem loss and drop
or perhaps dropping all traffic in a HTB bin.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199745
Reported-by: stuartmarsden@gmail.com
Fixes: 927e3cfb52b5 ("tc: B.W limits can now be specified in %.")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
(cherry picked from commit 405e0c4ffe7a410b09201db42955089fb0033776)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
lib/utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/utils.c b/lib/utils.c
index 7d3fe9c91d3df..44ba237e63557 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -103,7 +103,7 @@ int parse_percent(double *val, const char *str)
*val = strtod(str, &p) / 100.;
if (*val == HUGE_VALF || *val == HUGE_VALL)
return 1;
- if (*val == 0.0 || (*p && strcmp(p, "%")))
+ if (*p && strcmp(p, "%"))
return -1;
return 0;
--
2.17.0

View File

@ -1,7 +1,7 @@
%global cbq_version v0.7.3
Summary: Advanced IP routing and network device configuration tools
Name: iproute
Version: 4.16.0
Version: 4.17.0
Release: 1%{?dist}
Group: Applications/System
URL: http://kernel.org/pub/linux/utils/net/%{name}2/
@ -13,13 +13,6 @@ Source2: avpkt
# - We ship cbq.init-v0.7.3 as cbq binary, so have a cbq.8 man page which links
# to tc-cbq.8.
Patch1: 0001-Add-cbq.8-as-an-alias-to-tc-cbq.8.patch
# Suggested backports by Fixes: tag.
Patch2: 0002-rdma-Ignore-unknown-netlink-attributes.patch
Patch3: 0003-bridge-fix-typo-in-hairpin-error-message.patch
Patch4: 0004-utils-Do-not-reset-family-for-default-any-all-addres.patch
Patch5: 0005-iplink_geneve-correct-size-of-message-to-avoid-spuri.patch
Patch6: 0006-ip-do-not-drop-capabilities-if-net_admin-i-is-set.patch
Patch7: 0007-tc-allow-0-for-percent-options.patch
License: GPLv2+ and Public Domain
BuildRequires: bison
@ -165,6 +158,9 @@ rm -rf '%{buildroot}%{_docdir}'
%{_includedir}/iproute2/bpf_elf.h
%changelog
* Tue Jun 12 2018 Phil Sutter <psutter@redhat.com> - 4.17.0-1
- New version 4.17.0
* Fri Jun 01 2018 Phil Sutter <psutter@redhat.com> - 4.16.0-1
- New version 4.16.0

View File

@ -1 +1 @@
SHA512 (iproute2-4.16.0.tar.xz) = a8fbc92665a8d4ca6ee1e894bfb27373cf6b16dac9e2ab3831e418fcc9b895acc7d6fc64efa0b0e37b3affd4ef8eacf4dae5715536138d6a05c65ad49a2becad
SHA512 (iproute2-4.17.0.tar.xz) = ccd7fb70afd58f1fcd4e17c38a24607207da853c4d6118fda423efa6e51faad3ad03c4d6d58a579c40ef9c68aaf13b1c455e12b0c36e155712d3d4db3c2ff4b5