From b62226ed35522248b017421a80e04ff78863ac1c Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 10 May 2022 03:19:08 -0400 Subject: [PATCH] import iputils-20180629-9.el8 --- ...o-avoid-colliding-with-function-name.patch | 48 +++++++++++++++++++ ...epath-fix-copying-input-ipv6-address.patch | 38 +++++++++++++++ SPECS/iputils.spec | 14 +++++- 3 files changed, 98 insertions(+), 2 deletions(-) create mode 100644 SOURCES/ninfod-change-variable-name-to-avoid-colliding-with-function-name.patch create mode 100644 SOURCES/tracepath-fix-copying-input-ipv6-address.patch diff --git a/SOURCES/ninfod-change-variable-name-to-avoid-colliding-with-function-name.patch b/SOURCES/ninfod-change-variable-name-to-avoid-colliding-with-function-name.patch new file mode 100644 index 0000000..7f41bbd --- /dev/null +++ b/SOURCES/ninfod-change-variable-name-to-avoid-colliding-with-function-name.patch @@ -0,0 +1,48 @@ +From 18f9a84e0e702841d6cc4d5f593de4fbd1348e83 Mon Sep 17 00:00:00 2001 +From: Sami Kerola +Date: Sat, 28 Dec 2019 17:16:27 +0000 +Subject: [PATCH] ninfod: change variable name to avoid colliding with function + name + +The sys/capability.h header has 'extern int cap_setuid(uid_t uid);' +function prototype. + +Addresses: https://github.com/iputils/iputils/issues/246 +Signed-off-by: Sami Kerola +--- + ninfod/ninfod.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/ninfod/ninfod.c b/ninfod/ninfod.c +index 26112d0d..95583de4 100644 +--- a/ninfod/ninfod.c ++++ b/ninfod/ninfod.c +@@ -455,7 +455,7 @@ static void do_daemonize(void) + /* --------- */ + #ifdef HAVE_LIBCAP + static const cap_value_t cap_net_raw = CAP_NET_RAW; +-static const cap_value_t cap_setuid = CAP_SETUID; ++static const cap_value_t cap_setuserid = CAP_SETUID; + static cap_flag_value_t cap_ok; + #else + static uid_t euid; +@@ -487,7 +487,7 @@ static void limit_capabilities(void) + + cap_get_flag(cap_cur_p, CAP_SETUID, CAP_PERMITTED, &cap_ok); + if (cap_ok != CAP_CLEAR) +- cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuid, CAP_SET); ++ cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuserid, CAP_SET); + + if (cap_set_proc(cap_p) < 0) { + DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno)); +@@ -520,8 +520,8 @@ static void drop_capabilities(void) + + /* setuid / setuid */ + if (cap_ok != CAP_CLEAR) { +- cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuid, CAP_SET); +- cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap_setuid, CAP_SET); ++ cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuserid, CAP_SET); ++ cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap_setuserid, CAP_SET); + + if (cap_set_proc(cap_p) < 0) { + DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno)); diff --git a/SOURCES/tracepath-fix-copying-input-ipv6-address.patch b/SOURCES/tracepath-fix-copying-input-ipv6-address.patch new file mode 100644 index 0000000..c3edb1c --- /dev/null +++ b/SOURCES/tracepath-fix-copying-input-ipv6-address.patch @@ -0,0 +1,38 @@ +From e0baf20067a75f093d690bd51a6db3f5afabca77 Mon Sep 17 00:00:00 2001 +From: Petr Vorel +Date: Tue, 17 Jul 2018 17:56:10 +0200 +Subject: [PATCH] tracepath: Fix copying input IPv6 address + +Commit e669c86 broke copying input IPv6 address. +tracepath recover from it, but it's slower. + +Previously was address too short: + + strace ./tracepath -6 fe80::8895:e2af:e96e:fd8f + sendto(3, "\1\0\0\0\0\0\0\0\307\36N[\0\0\0\0w_\f\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 127952, 0, {sa_family=AF_INET6, sin6_port=htons(44444), inet_pton(AF_INET6, "fe80::", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EMSGSIZE (Message too long) + +After fix is correct: + + sendto(3, "\1\0\0\0\0\0\0\0\300\36N[\0\0\0\0'B\3\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 127952, 0, {sa_family=AF_INET6, sin6_port=htons(44444), inet_pton(AF_INET6, "fe80::8895:e2af:e96e:fd8f", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EMSGSIZE (Message too long) + +Bug found by LTP test. + +Fixes: e669c86 tracepath: fix heap-buffer-overflow [asan] +Fixes: #137 +--- + tracepath.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tracepath.c b/tracepath.c +index 53bda16f..539a7a11 100644 +--- a/tracepath.c ++++ b/tracepath.c +@@ -475,7 +475,7 @@ int main(int argc, char **argv) + fd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + if (fd < 0) + continue; +- memcpy(&target, ai->ai_addr, sizeof(*ai->ai_addr)); ++ memcpy(&target, ai->ai_addr, ai->ai_addrlen); + targetlen = ai->ai_addrlen; + break; + } diff --git a/SPECS/iputils.spec b/SPECS/iputils.spec index 59cbab0..971cd21 100644 --- a/SPECS/iputils.spec +++ b/SPECS/iputils.spec @@ -3,7 +3,7 @@ Summary: Network monitoring tools including ping Name: iputils Version: 20180629 -Release: 7%{?dist} +Release: 9%{?dist} # some parts are under the original BSD (ping.c) # some are under GPLv2+ (tracepath.c) License: BSD and GPLv2+ @@ -22,6 +22,8 @@ Patch0: iputils-rh.patch Patch1: iputils-ifenslave.patch Patch2: iputils-freeaddrinfo.patch Patch3: fix-incorrect-statistics.patch +Patch4: tracepath-fix-copying-input-ipv6-address.patch +Patch5: ninfod-change-variable-name-to-avoid-colliding-with-function-name.patch %if ! 0%{?_module_build} BuildRequires: docbook-utils perl-SGMLSpm @@ -64,6 +66,8 @@ cp %{SOURCE4} %{SOURCE5} . %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 %build %ifarch s390 s390x @@ -140,7 +144,7 @@ install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir} %{_unitdir}/rdisc.service %attr(0755,root,root) %caps(cap_net_raw=p) %{_sbindir}/clockdiff %attr(0755,root,root) %caps(cap_net_raw=p) %{_sbindir}/arping -%attr(0755,root,root) %caps(cap_net_raw=p cap_net_admin=p) %{_bindir}/ping +%attr(0755,root,root) %{_bindir}/ping %{_sbindir}/ifenslave %{_sbindir}/rdisc %{_bindir}/tracepath @@ -167,6 +171,12 @@ install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir} %endif %changelog +* Thu Feb 03 2022 Jan Macku - 20180629-9 +- Fix copying input IPv6 address (#2047659) + +* Mon Jan 03 2022 Jan Macku - 20180629-8 +- Make ping unprivileged (#2030107) + * Wed Feb 17 2021 Jan Macku - 20180629-7 - Revert patch introduced by #1852638 (#1928179)