Rebase package on top of iproute2-4.17.0

.gitignore

@@ -8,3 +8,4 @@
 /iproute2-4.14.1.tar.xz
 /iproute2-4.15.0.tar.xz
 /iproute2-4.16.0.tar.xz
+/iproute2-4.17.0.tar.xz

0002-rdma-Ignore-unknown-netlink-attributes.patch

@@ -1,37 +0,0 @@
-From 1264732c29782e314d02ac3fb494909d8815fa02 Mon Sep 17 00:00:00 2001
-From: Leon Romanovsky <leonro@mellanox.com>
-Date: Tue, 3 Apr 2018 10:28:42 +0300
-Subject: [PATCH] rdma: Ignore unknown netlink attributes
-
-The check if netlink attributes supplied more than maximum supported
-is to strict and may lead to backward compatibility issues with old
-application with a newer kernel that supports new attribute.
-
-CC: Steve Wise <swise@opengridcomputing.com>
-Fixes: 74bd75c2b68d ("rdma: Add basic infrastructure for RDMA tool")
-Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
-Reviewed-by: Steve Wise <swise@opengridcomputing.com>
-Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
-(cherry picked from commit fda0a61dde744abe69d4227f62b66238460c9011)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
----
- rdma/utils.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/rdma/utils.c b/rdma/utils.c
-index f9460162ce369..910b3800eade5 100644
---- a/rdma/utils.c
-+++ b/rdma/utils.c
-@@ -383,7 +383,8 @@ int rd_attr_cb(const struct nlattr *attr, void *data)
- 	int type;
- 
- 	if (mnl_attr_type_valid(attr, RDMA_NLDEV_ATTR_MAX) < 0)
--		return MNL_CB_ERROR;
-+		/* We received uknown attribute */
-+		return MNL_CB_OK;
- 
- 	type = mnl_attr_get_type(attr);
- 
--- 
-2.17.0
-

0003-bridge-fix-typo-in-hairpin-error-message.patch

@@ -1,32 +0,0 @@
-From c302ef700895f0808bb107a2fa560c14c8f3e643 Mon Sep 17 00:00:00 2001
-From: Guillaume Nault <g.nault@alphalink.fr>
-Date: Fri, 6 Apr 2018 13:33:49 +0200
-Subject: [PATCH] bridge: fix typo in hairpin error message
-
-No 'g' to hairpin.
-
-Fixes: 64108901b737 ("bridge: Add support for setting bridge port attributes")
-Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
-Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
-(cherry picked from commit ef3671781644bd1722e55db4ad9d31047da0e42d)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
----
- bridge/link.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/bridge/link.c b/bridge/link.c
-index 870ebe0504777..a19bc1097024e 100644
---- a/bridge/link.c
-+++ b/bridge/link.c
-@@ -304,7 +304,7 @@ static int brlink_modify(int argc, char **argv)
- 				return -1;
- 		} else if (strcmp(*argv, "hairpin") == 0) {
- 			NEXT_ARG();
--			if (!on_off("hairping", &hairpin, *argv))
-+			if (!on_off("hairpin", &hairpin, *argv))
- 				return -1;
- 		} else if (strcmp(*argv, "fastleave") == 0) {
- 			NEXT_ARG();
--- 
-2.17.0
-

0004-utils-Do-not-reset-family-for-default-any-all-addres.patch

@@ -1,49 +0,0 @@
-From 0c0499e4ff787ae76f9b1e5e8cb104794c9b8826 Mon Sep 17 00:00:00 2001
-From: David Ahern <dsahern@gmail.com>
-Date: Fri, 13 Apr 2018 09:36:33 -0700
-Subject: [PATCH] utils: Do not reset family for default, any, all addresses
-
-Thomas reported a change in behavior with respect to autodectecting
-address families. Specifically, 'ip ro add default via fe80::1'
-syntax was failing to treat fe80::1 as an IPv6 address as it did in
-prior releases. The root causes appears to be a change in family when
-the default keyword is parsed.
-
-'default', 'any' and 'all' are relevant outside of AF_INET. Leave the
-family arg as is for these when setting addr.
-
-Fixes: 93fa12418dc6 ("utils: Always specify family and ->bytelen in get_prefix_1()")
-Reported-by: Thomas Deutschmann <whissi@gentoo.org>
-Signed-off-by: David Ahern <dsahern@gmail.com>
-Cc: Serhey Popovych <serhe.popovych@gmail.com>
-(cherry picked from commit d42c7891d26e4d5616a55aac9fe10813767fcf9c)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
----
- lib/utils.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/utils.c b/lib/utils.c
-index b9e9a6caaf548..803bcc45f2f24 100644
---- a/lib/utils.c
-+++ b/lib/utils.c
-@@ -566,7 +566,7 @@ static int __get_addr_1(inet_prefix *addr, const char *name, int family)
- 	if (strcmp(name, "default") == 0) {
- 		if ((family == AF_DECnet) || (family == AF_MPLS))
- 			return -1;
--		addr->family = (family != AF_UNSPEC) ? family : AF_INET;
-+		addr->family = family;
- 		addr->bytelen = af_byte_len(addr->family);
- 		addr->bitlen = -2;
- 		addr->flags |= PREFIXLEN_SPECIFIED;
-@@ -577,7 +577,7 @@ static int __get_addr_1(inet_prefix *addr, const char *name, int family)
- 	    strcmp(name, "any") == 0) {
- 		if ((family == AF_DECnet) || (family == AF_MPLS))
- 			return -1;
--		addr->family = AF_UNSPEC;
-+		addr->family = family;
- 		addr->bytelen = 0;
- 		addr->bitlen = -2;
- 		return 0;
--- 
-2.17.0
-

0005-iplink_geneve-correct-size-of-message-to-avoid-spuri.patch

@@ -1,38 +0,0 @@
-From fa55117da22086855061d9dd87fae15fdbec58e6 Mon Sep 17 00:00:00 2001
-From: Jakub Kicinski <jakub.kicinski@netronome.com>
-Date: Wed, 18 Apr 2018 11:06:07 -0700
-Subject: [PATCH] iplink_geneve: correct size of message to avoid spurious
- errors
-
-Commit 6c4b672738ac ("iplink_geneve: Get rid of inet_get_addr()")
-inadvertently changed the parameter to addattr_l() resulting in:
-
-addattr_l ERROR: message exceeded bound of 4
-
-when remote is specified.
-
-Fixes: 6c4b672738ac ("iplink_geneve: Get rid of inet_get_addr()")
-Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
-Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com>
-(cherry picked from commit f5393225f947f76523571d6205198112dc4a8e09)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
----
- ip/iplink_geneve.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c
-index c66607267f7d1..e49a9adda1072 100644
---- a/ip/iplink_geneve.c
-+++ b/ip/iplink_geneve.c
-@@ -199,7 +199,7 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv,
- 	if (is_addrtype_inet(&daddr)) {
- 		int type = (daddr.family == AF_INET) ? IFLA_GENEVE_REMOTE :
- 						       IFLA_GENEVE_REMOTE6;
--		addattr_l(n, sizeof(1024), type, daddr.data, daddr.bytelen);
-+		addattr_l(n, 1024, type, daddr.data, daddr.bytelen);
- 	}
- 	if (!set_op || GENEVE_ATTRSET(attrs, IFLA_GENEVE_LABEL))
- 		addattr32(n, 1024, IFLA_GENEVE_LABEL, label);
--- 
-2.17.0
-

0006-ip-do-not-drop-capabilities-if-net_admin-i-is-set.patch

@@ -1,76 +0,0 @@
-From 4264c8481a025fa7b413be1e892d30235237348b Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Fri, 11 May 2018 13:39:56 +0100
-Subject: [PATCH] ip: do not drop capabilities if net_admin=i is set
-
-Users have reported a regression due to ip now dropping capabilities
-unconditionally.
-zerotier-one VPN and VirtualBox use ambient capabilities in their
-binary and then fork out to ip to set routes and links, and this
-does not work anymore.
-
-As a workaround, do not drop caps if CAP_NET_ADMIN (the most common
-capability used by ip) is set with the INHERITABLE flag.
-Users that want ip vrf exec to work do not need to set INHERITABLE,
-which will then only set when the calling program had privileges to
-give itself the ambient capability.
-
-Fixes: ba2fc55b99f8 ("Drop capabilities if not running ip exec vrf with libcap")
-
-Signed-off-by: Luca Boccassi <bluca@debian.org>
-(cherry picked from commit 9b13cc98f5952f62b825461727c8170d37a4037d)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
----
- lib/utils.c       | 15 ++++++++++++---
- man/man8/ip-vrf.8 |  4 ++++
- 2 files changed, 16 insertions(+), 3 deletions(-)
-
-diff --git a/lib/utils.c b/lib/utils.c
-index 803bcc45f2f24..7d3fe9c91d3df 100644
---- a/lib/utils.c
-+++ b/lib/utils.c
-@@ -1492,14 +1492,23 @@ void drop_cap(void)
- 	/* don't harmstring root/sudo */
- 	if (getuid() != 0 && geteuid() != 0) {
- 		cap_t capabilities;
-+		cap_value_t net_admin = CAP_NET_ADMIN;
-+		cap_flag_t inheritable = CAP_INHERITABLE;
-+		cap_flag_value_t is_set;
- 
- 		capabilities = cap_get_proc();
- 		if (!capabilities)
- 			exit(EXIT_FAILURE);
--		if (cap_clear(capabilities) != 0)
--			exit(EXIT_FAILURE);
--		if (cap_set_proc(capabilities) != 0)
-+		if (cap_get_flag(capabilities, net_admin, inheritable,
-+		    &is_set) != 0)
- 			exit(EXIT_FAILURE);
-+		/* apps with ambient caps can fork and call ip */
-+		if (is_set == CAP_CLEAR) {
-+			if (cap_clear(capabilities) != 0)
-+				exit(EXIT_FAILURE);
-+			if (cap_set_proc(capabilities) != 0)
-+				exit(EXIT_FAILURE);
-+		}
- 		cap_free(capabilities);
- 	}
- #endif
-diff --git a/man/man8/ip-vrf.8 b/man/man8/ip-vrf.8
-index 1a42cebe1aef4..c1c9b958f6800 100644
---- a/man/man8/ip-vrf.8
-+++ b/man/man8/ip-vrf.8
-@@ -70,6 +70,10 @@ This command also requires to be ran as root or with the CAP_SYS_ADMIN,
- CAP_NET_ADMIN and CAP_DAC_OVERRIDE capabilities. If built with libcap and if
- capabilities are added to the ip binary program via setcap, the program will
- drop them as the first thing when invoked, unless the command is vrf exec.
-+.br
-+NOTE: capabilities will NOT be dropped if CAP_NET_ADMIN is set to INHERITABLE
-+to avoid breaking programs with ambient capabilities that call ip.
-+Do not set the INHERITABLE flag on the ip binary itself.
- 
- .TP
- .B ip vrf identify [PID] - Report VRF association for process
--- 
-2.17.0
-

0007-tc-allow-0-for-percent-options.patch

@@ -1,34 +0,0 @@
-From 011d598dc86ad94c0560e1eb7921546daf4f81eb Mon Sep 17 00:00:00 2001
-From: Stephen Hemminger <stephen@networkplumber.org>
-Date: Thu, 17 May 2018 16:20:50 -0700
-Subject: [PATCH] tc: allow 0% for percent options
-
-Allowing 0% is sometimes useful for example in netem loss and drop
-or perhaps dropping all traffic in a HTB bin.
-
-Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199745
-Reported-by: stuartmarsden@gmail.com
-Fixes: 927e3cfb52b5 ("tc: B.W limits can now be specified in %.")
-Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
-(cherry picked from commit 405e0c4ffe7a410b09201db42955089fb0033776)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
----
- lib/utils.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/utils.c b/lib/utils.c
-index 7d3fe9c91d3df..44ba237e63557 100644
---- a/lib/utils.c
-+++ b/lib/utils.c
-@@ -103,7 +103,7 @@ int parse_percent(double *val, const char *str)
- 	*val = strtod(str, &p) / 100.;
- 	if (*val == HUGE_VALF || *val == HUGE_VALL)
- 		return 1;
--	if (*val == 0.0 || (*p && strcmp(p, "%")))
-+	if (*p && strcmp(p, "%"))
- 		return -1;
- 
- 	return 0;
--- 
-2.17.0
-

iproute.spec

@@ -1,7 +1,7 @@
 %global             cbq_version v0.7.3
 Summary:            Advanced IP routing and network device configuration tools
 Name:               iproute
-Version:            4.16.0
+Version:            4.17.0
 Release:            1%{?dist}
 Group:              Applications/System
 URL:                http://kernel.org/pub/linux/utils/net/%{name}2/
@@ -13,13 +13,6 @@ Source2:            avpkt
 # - We ship cbq.init-v0.7.3 as cbq binary, so have a cbq.8 man page which links
 #   to tc-cbq.8.
 Patch1:             0001-Add-cbq.8-as-an-alias-to-tc-cbq.8.patch
-# Suggested backports by Fixes: tag.
-Patch2:             0002-rdma-Ignore-unknown-netlink-attributes.patch
-Patch3:             0003-bridge-fix-typo-in-hairpin-error-message.patch
-Patch4:             0004-utils-Do-not-reset-family-for-default-any-all-addres.patch
-Patch5:             0005-iplink_geneve-correct-size-of-message-to-avoid-spuri.patch
-Patch6:             0006-ip-do-not-drop-capabilities-if-net_admin-i-is-set.patch
-Patch7:             0007-tc-allow-0-for-percent-options.patch
 
 License:            GPLv2+ and Public Domain
 BuildRequires:      bison
@@ -165,6 +158,9 @@ rm -rf '%{buildroot}%{_docdir}'
 %{_includedir}/iproute2/bpf_elf.h
 
 %changelog
+* Tue Jun 12 2018 Phil Sutter <psutter@redhat.com> - 4.17.0-1
+- New version 4.17.0
+
 * Fri Jun 01 2018 Phil Sutter <psutter@redhat.com> - 4.16.0-1
 - New version 4.16.0
 

sources

@@ -1 +1 @@
-SHA512 (iproute2-4.16.0.tar.xz) = a8fbc92665a8d4ca6ee1e894bfb27373cf6b16dac9e2ab3831e418fcc9b895acc7d6fc64efa0b0e37b3affd4ef8eacf4dae5715536138d6a05c65ad49a2becad
+SHA512 (iproute2-4.17.0.tar.xz) = ccd7fb70afd58f1fcd4e17c38a24607207da853c4d6118fda423efa6e51faad3ad03c4d6d58a579c40ef9c68aaf13b1c455e12b0c36e155712d3d4db3c2ff4b5