From c7db6fe936f7346c6c414f34c0f4581532ed4d6f Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 13 Nov 2024 23:57:15 +0100 Subject: [PATCH] ipset-7.11-10 - Fix patch "Parse port before trying by service name" Resolves: RHEL-67098 --- 0001-Add-deprecation-notice-to-ipset.8.patch | 3 - ...-split-parser-from-command-execution.patch | 3 - ...b-Detach-restore-routine-from-parser.patch | 3 - ...-nftables-translation-infrastructure.patch | 3 - 0005-tests-add-tests-ipset-to-nftables.patch | 3 - ...Fix-typo-in-ipset-translate-man-page.patch | 3 - 0007-Fix-IPv6-sets-nftables-translation.patch | 3 - ...late-allow-invoking-with-a-path-name.patch | 3 - 0009-Fix-all-debug-mode-warnings.patch | 3 - ...tion-to-libipset.map-and-bump-librar.patch | 3 - ...e-port-before-trying-by-service-name.patch | 132 ++++++++++++++++++ ipset.spec | 6 +- 12 files changed, 137 insertions(+), 31 deletions(-) create mode 100644 0011-Fix-patch-Parse-port-before-trying-by-service-name.patch diff --git a/0001-Add-deprecation-notice-to-ipset.8.patch b/0001-Add-deprecation-notice-to-ipset.8.patch index 92ba754..ee6dad7 100644 --- a/0001-Add-deprecation-notice-to-ipset.8.patch +++ b/0001-Add-deprecation-notice-to-ipset.8.patch @@ -43,6 +43,3 @@ index 97cece9fb04b5..d68e9bbc22891 100644 .SH "AUTHORS" Jozsef Kadlecsik wrote ipset, which is based on ippool by Joakim Axelsson, Patrick Schaaf and Martin Josefsson. --- -2.31.1 - diff --git a/0002-lib-split-parser-from-command-execution.patch b/0002-lib-split-parser-from-command-execution.patch index fb5ae8e..413c86d 100644 --- a/0002-lib-split-parser-from-command-execution.patch +++ b/0002-lib-split-parser-from-command-execution.patch @@ -79,6 +79,3 @@ index 6729919657707..3077f9793f841 100644 ret = ipset_cmd(session, cmd, ipset->restore_line); D("ret %d", ret); /* In the case of warning, the return code is success */ --- -2.38.0 - diff --git a/0003-lib-Detach-restore-routine-from-parser.patch b/0003-lib-Detach-restore-routine-from-parser.patch index 0cd4cbf..5480d97 100644 --- a/0003-lib-Detach-restore-routine-from-parser.patch +++ b/0003-lib-Detach-restore-routine-from-parser.patch @@ -39,6 +39,3 @@ index 3077f9793f841..5232d8b76c46f 100644 ret = ipset_cmd(session, cmd, ipset->restore_line); D("ret %d", ret); /* In the case of warning, the return code is success */ --- -2.38.0 - diff --git a/0004-add-ipset-to-nftables-translation-infrastructure.patch b/0004-add-ipset-to-nftables-translation-infrastructure.patch index 140699d..aa78afc 100644 --- a/0004-add-ipset-to-nftables-translation-infrastructure.patch +++ b/0004-add-ipset-to-nftables-translation-infrastructure.patch @@ -820,6 +820,3 @@ index ee36a06e595de..6d42b60d2fe9d 100644 ipset_fini(ipset); --- -2.38.0 - diff --git a/0005-tests-add-tests-ipset-to-nftables.patch b/0005-tests-add-tests-ipset-to-nftables.patch index c93986e..9375138 100644 --- a/0005-tests-add-tests-ipset-to-nftables.patch +++ b/0005-tests-add-tests-ipset-to-nftables.patch @@ -181,6 +181,3 @@ index 0000000000000..96eba3b0175ea +add element inet global bp1 { 22 } +add set inet global bim1 { type ipv4_addr . ether_addr; } +add element inet global bim1 { 1.1.1.1 . aa:bb:cc:dd:ee:ff } --- -2.38.0 - diff --git a/0006-Fix-typo-in-ipset-translate-man-page.patch b/0006-Fix-typo-in-ipset-translate-man-page.patch index 1ecbfab..b2bd9b4 100644 --- a/0006-Fix-typo-in-ipset-translate-man-page.patch +++ b/0006-Fix-typo-in-ipset-translate-man-page.patch @@ -27,6 +27,3 @@ index bb4e737e14806..55ce2a99f2cf2 100644 .SH USAGE The \fBipset-translate\fP tool reads an IP sets file in the syntax produced by --- -2.38.0 - diff --git a/0007-Fix-IPv6-sets-nftables-translation.patch b/0007-Fix-IPv6-sets-nftables-translation.patch index 86b6371..16c3d39 100644 --- a/0007-Fix-IPv6-sets-nftables-translation.patch +++ b/0007-Fix-IPv6-sets-nftables-translation.patch @@ -87,6 +87,3 @@ index 96eba3b0175ea..0152a30811258 100644 add element inet global bim1 { 1.1.1.1 . aa:bb:cc:dd:ee:ff } +add set inet global hn6 { type ipv6_addr; flags interval; } +add element inet global hn6 { fe80::/64 } --- -2.38.0 - diff --git a/0008-ipset-translate-allow-invoking-with-a-path-name.patch b/0008-ipset-translate-allow-invoking-with-a-path-name.patch index 3cb85e9..4c05454 100644 --- a/0008-ipset-translate-allow-invoking-with-a-path-name.patch +++ b/0008-ipset-translate-allow-invoking-with-a-path-name.patch @@ -42,6 +42,3 @@ index 6d42b60d2fe9d..162f477d49cd0 100644 ret = ipset_xlate_argv(ipset, argc, argv); } else { ret = ipset_parse_argv(ipset, argc, argv); --- -2.38.0 - diff --git a/0009-Fix-all-debug-mode-warnings.patch b/0009-Fix-all-debug-mode-warnings.patch index 4fb3cc2..c90aee0 100644 --- a/0009-Fix-all-debug-mode-warnings.patch +++ b/0009-Fix-all-debug-mode-warnings.patch @@ -166,6 +166,3 @@ index 50f86aee045bc..f57b07413cba5 100644 fclose(f); return ret; --- -2.38.0 - diff --git a/0010-Add-missing-function-to-libipset.map-and-bump-librar.patch b/0010-Add-missing-function-to-libipset.map-and-bump-librar.patch index 8771094..448d74c 100644 --- a/0010-Add-missing-function-to-libipset.map-and-bump-librar.patch +++ b/0010-Add-missing-function-to-libipset.map-and-bump-librar.patch @@ -39,6 +39,3 @@ index 12d16a4faf53c..c380f9cde2edc 100644 + ipset_xlate_argv; +} LIBIPSET_4.10; + --- -2.38.0 - diff --git a/0011-Fix-patch-Parse-port-before-trying-by-service-name.patch b/0011-Fix-patch-Parse-port-before-trying-by-service-name.patch new file mode 100644 index 0000000..199f1c1 --- /dev/null +++ b/0011-Fix-patch-Parse-port-before-trying-by-service-name.patch @@ -0,0 +1,132 @@ +From f10989a4eef5dbf3f53033f2a418c5339f50200c Mon Sep 17 00:00:00 2001 +From: Jozsef Kadlecsik +Date: Sat, 26 Jun 2021 22:14:38 +0200 +Subject: [PATCH] Fix patch "Parse port before trying by service name" + +The patch broke parsing service names: number parsing failures +are hard errors which erase data, thus making impossible to +parse input as a string. Fix it by enabling soft (warning) +failures in the case of port number parsing. + +Signed-off-by: Jozsef Kadlecsik +(cherry picked from commit fd7d97c57e9dbe215c71be5a2fe049a1f905fddb) +--- + lib/parse.c | 36 ++++++++++++++++++++++-------------- + 1 file changed, 22 insertions(+), 14 deletions(-) + +diff --git a/lib/parse.c b/lib/parse.c +index f3f2d113457af..9cba252f33129 100644 +--- a/lib/parse.c ++++ b/lib/parse.c +@@ -41,6 +41,9 @@ + #define syntax_err(fmt, args...) \ + ipset_err(session, "Syntax error: " fmt , ## args) + ++#define syntax_err_ll(errtype, fmt, args...) \ ++ ipset_session_report(session, errtype, "Syntax error: " fmt , ## args) ++ + static char * + ipset_strchr(const char *str, const char *sep) + { +@@ -87,7 +90,8 @@ string_to_number_ll(struct ipset_session *session, + const char *str, + unsigned long long min, + unsigned long long max, +- unsigned long long *ret) ++ unsigned long long *ret, ++ enum ipset_err_type errtype) + { + unsigned long long number = 0; + char *end; +@@ -104,13 +108,13 @@ string_to_number_ll(struct ipset_session *session, + errno = ERANGE; + } + if (errno == ERANGE && max) +- return syntax_err("'%s' is out of range %llu-%llu", +- str, min, max); ++ return syntax_err_ll(errtype, "'%s' is out of range %llu-%llu", ++ str, min, max); + else if (errno == ERANGE) +- return syntax_err("'%s' is out of range %llu-%llu", +- str, min, ULLONG_MAX); ++ return syntax_err_ll(errtype, "'%s' is out of range %llu-%llu", ++ str, min, ULLONG_MAX); + else +- return syntax_err("'%s' is invalid as number", str); ++ return syntax_err_ll(errtype, "'%s' is invalid as number", str); + } + + static int +@@ -120,7 +124,7 @@ string_to_u8(struct ipset_session *session, + int err; + unsigned long long num = 0; + +- err = string_to_number_ll(session, str, 0, 255, &num); ++ err = string_to_number_ll(session, str, 0, 255, &num, IPSET_ERROR); + *ret = num; + + return err; +@@ -141,12 +145,13 @@ string_to_cidr(struct ipset_session *session, + + static int + string_to_u16(struct ipset_session *session, +- const char *str, uint16_t *ret) ++ const char *str, uint16_t *ret, ++ enum ipset_err_type errtype) + { + int err; + unsigned long long num = 0; + +- err = string_to_number_ll(session, str, 0, USHRT_MAX, &num); ++ err = string_to_number_ll(session, str, 0, USHRT_MAX, &num, errtype); + *ret = num; + + return err; +@@ -159,7 +164,8 @@ string_to_u32(struct ipset_session *session, + int err; + unsigned long long num = 0; + +- err = string_to_number_ll(session, str, 0, UINT_MAX, &num); ++ err = string_to_number_ll(session, str, 0, UINT_MAX, &num, ++ IPSET_ERROR); + *ret = num; + + return err; +@@ -319,7 +325,7 @@ ipset_parse_port(struct ipset_session *session, + assert(opt == IPSET_OPT_PORT || opt == IPSET_OPT_PORT_TO); + assert(str); + +- if (string_to_u16(session, str, &port) == 0) { ++ if (string_to_u16(session, str, &port, IPSET_WARNING) == 0) { + return ipset_session_data_set(session, opt, &port); + } + /* Error is stored as warning in session report */ +@@ -1335,7 +1341,8 @@ ipset_parse_timeout(struct ipset_session *session, + assert(opt == IPSET_OPT_TIMEOUT); + assert(str); + +- err = string_to_number_ll(session, str, 0, (UINT_MAX>>1)/1000, &llnum); ++ err = string_to_number_ll(session, str, 0, (UINT_MAX>>1)/1000, &llnum, ++ IPSET_ERROR); + if (err == 0) { + /* Timeout is expected to be 32bits wide, so we have + to convert it here */ +@@ -1579,7 +1586,8 @@ ipset_parse_uint64(struct ipset_session *session, + assert(session); + assert(str); + +- err = string_to_number_ll(session, str, 0, ULLONG_MAX - 1, &value); ++ err = string_to_number_ll(session, str, 0, ULLONG_MAX - 1, &value, ++ IPSET_ERROR); + if (err) + return err; + +@@ -1623,7 +1631,7 @@ ipset_parse_uint16(struct ipset_session *session, + assert(session); + assert(str); + +- err = string_to_u16(session, str, &value); ++ err = string_to_u16(session, str, &value, IPSET_ERROR); + if (err == 0) + return ipset_session_data_set(session, opt, &value); + diff --git a/ipset.spec b/ipset.spec index 5ac6adb..25b979f 100644 --- a/ipset.spec +++ b/ipset.spec @@ -3,7 +3,7 @@ Name: ipset Version: 7.11 -Release: 9%{?dist} +Release: 10%{?dist} Summary: Manage Linux IP sets License: GPLv2 @@ -24,6 +24,7 @@ Patch7: 0007-Fix-IPv6-sets-nftables-translation.patch Patch8: 0008-ipset-translate-allow-invoking-with-a-path-name.patch Patch9: 0009-Fix-all-debug-mode-warnings.patch Patch10: 0010-Add-missing-function-to-libipset.map-and-bump-librar.patch +Patch11: 0011-Fix-patch-Parse-port-before-trying-by-service-name.patch BuildRequires: libmnl-devel BuildRequires: automake @@ -183,6 +184,9 @@ fi %changelog +* Wed Nov 13 2024 Phil Sutter - 7.11-10 +- Fix patch "Parse port before trying by service name" + * Thu Jun 20 2024 Phil Sutter - 7.11-9 - Fix for wrong comment in ipset-config file