diff --git a/.gitignore b/.gitignore index 70178d6..3cb8593 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ /iproute2-4.14.1.tar.xz /iproute2-4.15.0.tar.xz /iproute2-4.16.0.tar.xz +/iproute2-4.17.0.tar.xz diff --git a/0002-rdma-Ignore-unknown-netlink-attributes.patch b/0002-rdma-Ignore-unknown-netlink-attributes.patch deleted file mode 100644 index d788856..0000000 --- a/0002-rdma-Ignore-unknown-netlink-attributes.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 1264732c29782e314d02ac3fb494909d8815fa02 Mon Sep 17 00:00:00 2001 -From: Leon Romanovsky -Date: Tue, 3 Apr 2018 10:28:42 +0300 -Subject: [PATCH] rdma: Ignore unknown netlink attributes - -The check if netlink attributes supplied more than maximum supported -is to strict and may lead to backward compatibility issues with old -application with a newer kernel that supports new attribute. - -CC: Steve Wise -Fixes: 74bd75c2b68d ("rdma: Add basic infrastructure for RDMA tool") -Signed-off-by: Leon Romanovsky -Reviewed-by: Steve Wise -Signed-off-by: Stephen Hemminger -(cherry picked from commit fda0a61dde744abe69d4227f62b66238460c9011) -Signed-off-by: Phil Sutter ---- - rdma/utils.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/rdma/utils.c b/rdma/utils.c -index f9460162ce369..910b3800eade5 100644 ---- a/rdma/utils.c -+++ b/rdma/utils.c -@@ -383,7 +383,8 @@ int rd_attr_cb(const struct nlattr *attr, void *data) - int type; - - if (mnl_attr_type_valid(attr, RDMA_NLDEV_ATTR_MAX) < 0) -- return MNL_CB_ERROR; -+ /* We received uknown attribute */ -+ return MNL_CB_OK; - - type = mnl_attr_get_type(attr); - --- -2.17.0 - diff --git a/0003-bridge-fix-typo-in-hairpin-error-message.patch b/0003-bridge-fix-typo-in-hairpin-error-message.patch deleted file mode 100644 index 97e6f29..0000000 --- a/0003-bridge-fix-typo-in-hairpin-error-message.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c302ef700895f0808bb107a2fa560c14c8f3e643 Mon Sep 17 00:00:00 2001 -From: Guillaume Nault -Date: Fri, 6 Apr 2018 13:33:49 +0200 -Subject: [PATCH] bridge: fix typo in hairpin error message - -No 'g' to hairpin. - -Fixes: 64108901b737 ("bridge: Add support for setting bridge port attributes") -Signed-off-by: Guillaume Nault -Signed-off-by: Stephen Hemminger -(cherry picked from commit ef3671781644bd1722e55db4ad9d31047da0e42d) -Signed-off-by: Phil Sutter ---- - bridge/link.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bridge/link.c b/bridge/link.c -index 870ebe0504777..a19bc1097024e 100644 ---- a/bridge/link.c -+++ b/bridge/link.c -@@ -304,7 +304,7 @@ static int brlink_modify(int argc, char **argv) - return -1; - } else if (strcmp(*argv, "hairpin") == 0) { - NEXT_ARG(); -- if (!on_off("hairping", &hairpin, *argv)) -+ if (!on_off("hairpin", &hairpin, *argv)) - return -1; - } else if (strcmp(*argv, "fastleave") == 0) { - NEXT_ARG(); --- -2.17.0 - diff --git a/0004-utils-Do-not-reset-family-for-default-any-all-addres.patch b/0004-utils-Do-not-reset-family-for-default-any-all-addres.patch deleted file mode 100644 index aa7bda2..0000000 --- a/0004-utils-Do-not-reset-family-for-default-any-all-addres.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 0c0499e4ff787ae76f9b1e5e8cb104794c9b8826 Mon Sep 17 00:00:00 2001 -From: David Ahern -Date: Fri, 13 Apr 2018 09:36:33 -0700 -Subject: [PATCH] utils: Do not reset family for default, any, all addresses - -Thomas reported a change in behavior with respect to autodectecting -address families. Specifically, 'ip ro add default via fe80::1' -syntax was failing to treat fe80::1 as an IPv6 address as it did in -prior releases. The root causes appears to be a change in family when -the default keyword is parsed. - -'default', 'any' and 'all' are relevant outside of AF_INET. Leave the -family arg as is for these when setting addr. - -Fixes: 93fa12418dc6 ("utils: Always specify family and ->bytelen in get_prefix_1()") -Reported-by: Thomas Deutschmann -Signed-off-by: David Ahern -Cc: Serhey Popovych -(cherry picked from commit d42c7891d26e4d5616a55aac9fe10813767fcf9c) -Signed-off-by: Phil Sutter ---- - lib/utils.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/utils.c b/lib/utils.c -index b9e9a6caaf548..803bcc45f2f24 100644 ---- a/lib/utils.c -+++ b/lib/utils.c -@@ -566,7 +566,7 @@ static int __get_addr_1(inet_prefix *addr, const char *name, int family) - if (strcmp(name, "default") == 0) { - if ((family == AF_DECnet) || (family == AF_MPLS)) - return -1; -- addr->family = (family != AF_UNSPEC) ? family : AF_INET; -+ addr->family = family; - addr->bytelen = af_byte_len(addr->family); - addr->bitlen = -2; - addr->flags |= PREFIXLEN_SPECIFIED; -@@ -577,7 +577,7 @@ static int __get_addr_1(inet_prefix *addr, const char *name, int family) - strcmp(name, "any") == 0) { - if ((family == AF_DECnet) || (family == AF_MPLS)) - return -1; -- addr->family = AF_UNSPEC; -+ addr->family = family; - addr->bytelen = 0; - addr->bitlen = -2; - return 0; --- -2.17.0 - diff --git a/0005-iplink_geneve-correct-size-of-message-to-avoid-spuri.patch b/0005-iplink_geneve-correct-size-of-message-to-avoid-spuri.patch deleted file mode 100644 index bd3bedc..0000000 --- a/0005-iplink_geneve-correct-size-of-message-to-avoid-spuri.patch +++ /dev/null @@ -1,38 +0,0 @@ -From fa55117da22086855061d9dd87fae15fdbec58e6 Mon Sep 17 00:00:00 2001 -From: Jakub Kicinski -Date: Wed, 18 Apr 2018 11:06:07 -0700 -Subject: [PATCH] iplink_geneve: correct size of message to avoid spurious - errors - -Commit 6c4b672738ac ("iplink_geneve: Get rid of inet_get_addr()") -inadvertently changed the parameter to addattr_l() resulting in: - -addattr_l ERROR: message exceeded bound of 4 - -when remote is specified. - -Fixes: 6c4b672738ac ("iplink_geneve: Get rid of inet_get_addr()") -Signed-off-by: Jakub Kicinski -Reviewed-by: Quentin Monnet -(cherry picked from commit f5393225f947f76523571d6205198112dc4a8e09) -Signed-off-by: Phil Sutter ---- - ip/iplink_geneve.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c -index c66607267f7d1..e49a9adda1072 100644 ---- a/ip/iplink_geneve.c -+++ b/ip/iplink_geneve.c -@@ -199,7 +199,7 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - if (is_addrtype_inet(&daddr)) { - int type = (daddr.family == AF_INET) ? IFLA_GENEVE_REMOTE : - IFLA_GENEVE_REMOTE6; -- addattr_l(n, sizeof(1024), type, daddr.data, daddr.bytelen); -+ addattr_l(n, 1024, type, daddr.data, daddr.bytelen); - } - if (!set_op || GENEVE_ATTRSET(attrs, IFLA_GENEVE_LABEL)) - addattr32(n, 1024, IFLA_GENEVE_LABEL, label); --- -2.17.0 - diff --git a/0006-ip-do-not-drop-capabilities-if-net_admin-i-is-set.patch b/0006-ip-do-not-drop-capabilities-if-net_admin-i-is-set.patch deleted file mode 100644 index dca24ce..0000000 --- a/0006-ip-do-not-drop-capabilities-if-net_admin-i-is-set.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 4264c8481a025fa7b413be1e892d30235237348b Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Fri, 11 May 2018 13:39:56 +0100 -Subject: [PATCH] ip: do not drop capabilities if net_admin=i is set - -Users have reported a regression due to ip now dropping capabilities -unconditionally. -zerotier-one VPN and VirtualBox use ambient capabilities in their -binary and then fork out to ip to set routes and links, and this -does not work anymore. - -As a workaround, do not drop caps if CAP_NET_ADMIN (the most common -capability used by ip) is set with the INHERITABLE flag. -Users that want ip vrf exec to work do not need to set INHERITABLE, -which will then only set when the calling program had privileges to -give itself the ambient capability. - -Fixes: ba2fc55b99f8 ("Drop capabilities if not running ip exec vrf with libcap") - -Signed-off-by: Luca Boccassi -(cherry picked from commit 9b13cc98f5952f62b825461727c8170d37a4037d) -Signed-off-by: Phil Sutter ---- - lib/utils.c | 15 ++++++++++++--- - man/man8/ip-vrf.8 | 4 ++++ - 2 files changed, 16 insertions(+), 3 deletions(-) - -diff --git a/lib/utils.c b/lib/utils.c -index 803bcc45f2f24..7d3fe9c91d3df 100644 ---- a/lib/utils.c -+++ b/lib/utils.c -@@ -1492,14 +1492,23 @@ void drop_cap(void) - /* don't harmstring root/sudo */ - if (getuid() != 0 && geteuid() != 0) { - cap_t capabilities; -+ cap_value_t net_admin = CAP_NET_ADMIN; -+ cap_flag_t inheritable = CAP_INHERITABLE; -+ cap_flag_value_t is_set; - - capabilities = cap_get_proc(); - if (!capabilities) - exit(EXIT_FAILURE); -- if (cap_clear(capabilities) != 0) -- exit(EXIT_FAILURE); -- if (cap_set_proc(capabilities) != 0) -+ if (cap_get_flag(capabilities, net_admin, inheritable, -+ &is_set) != 0) - exit(EXIT_FAILURE); -+ /* apps with ambient caps can fork and call ip */ -+ if (is_set == CAP_CLEAR) { -+ if (cap_clear(capabilities) != 0) -+ exit(EXIT_FAILURE); -+ if (cap_set_proc(capabilities) != 0) -+ exit(EXIT_FAILURE); -+ } - cap_free(capabilities); - } - #endif -diff --git a/man/man8/ip-vrf.8 b/man/man8/ip-vrf.8 -index 1a42cebe1aef4..c1c9b958f6800 100644 ---- a/man/man8/ip-vrf.8 -+++ b/man/man8/ip-vrf.8 -@@ -70,6 +70,10 @@ This command also requires to be ran as root or with the CAP_SYS_ADMIN, - CAP_NET_ADMIN and CAP_DAC_OVERRIDE capabilities. If built with libcap and if - capabilities are added to the ip binary program via setcap, the program will - drop them as the first thing when invoked, unless the command is vrf exec. -+.br -+NOTE: capabilities will NOT be dropped if CAP_NET_ADMIN is set to INHERITABLE -+to avoid breaking programs with ambient capabilities that call ip. -+Do not set the INHERITABLE flag on the ip binary itself. - - .TP - .B ip vrf identify [PID] - Report VRF association for process --- -2.17.0 - diff --git a/0007-tc-allow-0-for-percent-options.patch b/0007-tc-allow-0-for-percent-options.patch deleted file mode 100644 index 77dd0ed..0000000 --- a/0007-tc-allow-0-for-percent-options.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 011d598dc86ad94c0560e1eb7921546daf4f81eb Mon Sep 17 00:00:00 2001 -From: Stephen Hemminger -Date: Thu, 17 May 2018 16:20:50 -0700 -Subject: [PATCH] tc: allow 0% for percent options - -Allowing 0% is sometimes useful for example in netem loss and drop -or perhaps dropping all traffic in a HTB bin. - -Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199745 -Reported-by: stuartmarsden@gmail.com -Fixes: 927e3cfb52b5 ("tc: B.W limits can now be specified in %.") -Signed-off-by: Stephen Hemminger -(cherry picked from commit 405e0c4ffe7a410b09201db42955089fb0033776) -Signed-off-by: Phil Sutter ---- - lib/utils.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/utils.c b/lib/utils.c -index 7d3fe9c91d3df..44ba237e63557 100644 ---- a/lib/utils.c -+++ b/lib/utils.c -@@ -103,7 +103,7 @@ int parse_percent(double *val, const char *str) - *val = strtod(str, &p) / 100.; - if (*val == HUGE_VALF || *val == HUGE_VALL) - return 1; -- if (*val == 0.0 || (*p && strcmp(p, "%"))) -+ if (*p && strcmp(p, "%")) - return -1; - - return 0; --- -2.17.0 - diff --git a/iproute.spec b/iproute.spec index 3cba49b..29b9dcc 100644 --- a/iproute.spec +++ b/iproute.spec @@ -1,7 +1,7 @@ %global cbq_version v0.7.3 Summary: Advanced IP routing and network device configuration tools Name: iproute -Version: 4.16.0 +Version: 4.17.0 Release: 1%{?dist} Group: Applications/System URL: http://kernel.org/pub/linux/utils/net/%{name}2/ @@ -13,13 +13,6 @@ Source2: avpkt # - We ship cbq.init-v0.7.3 as cbq binary, so have a cbq.8 man page which links # to tc-cbq.8. Patch1: 0001-Add-cbq.8-as-an-alias-to-tc-cbq.8.patch -# Suggested backports by Fixes: tag. -Patch2: 0002-rdma-Ignore-unknown-netlink-attributes.patch -Patch3: 0003-bridge-fix-typo-in-hairpin-error-message.patch -Patch4: 0004-utils-Do-not-reset-family-for-default-any-all-addres.patch -Patch5: 0005-iplink_geneve-correct-size-of-message-to-avoid-spuri.patch -Patch6: 0006-ip-do-not-drop-capabilities-if-net_admin-i-is-set.patch -Patch7: 0007-tc-allow-0-for-percent-options.patch License: GPLv2+ and Public Domain BuildRequires: bison @@ -165,6 +158,9 @@ rm -rf '%{buildroot}%{_docdir}' %{_includedir}/iproute2/bpf_elf.h %changelog +* Tue Jun 12 2018 Phil Sutter - 4.17.0-1 +- New version 4.17.0 + * Fri Jun 01 2018 Phil Sutter - 4.16.0-1 - New version 4.16.0 diff --git a/sources b/sources index f3d3ea6..f6cd723 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (iproute2-4.16.0.tar.xz) = a8fbc92665a8d4ca6ee1e894bfb27373cf6b16dac9e2ab3831e418fcc9b895acc7d6fc64efa0b0e37b3affd4ef8eacf4dae5715536138d6a05c65ad49a2becad +SHA512 (iproute2-4.17.0.tar.xz) = ccd7fb70afd58f1fcd4e17c38a24607207da853c4d6118fda423efa6e51faad3ad03c4d6d58a579c40ef9c68aaf13b1c455e12b0c36e155712d3d4db3c2ff4b5