import iputils-20180629-9.el8

SOURCES/ninfod-change-variable-name-to-avoid-colliding-with-function-name.patch

@@ -0,0 +1,48 @@
+From 18f9a84e0e702841d6cc4d5f593de4fbd1348e83 Mon Sep 17 00:00:00 2001
+From: Sami Kerola <kerolasa@iki.fi>
+Date: Sat, 28 Dec 2019 17:16:27 +0000
+Subject: [PATCH] ninfod: change variable name to avoid colliding with function
+ name
+
+The sys/capability.h header has 'extern int cap_setuid(uid_t uid);'
+function prototype.
+
+Addresses: https://github.com/iputils/iputils/issues/246
+Signed-off-by: Sami Kerola <kerolasa@iki.fi>
+---
+ ninfod/ninfod.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/ninfod/ninfod.c b/ninfod/ninfod.c
+index 26112d0d..95583de4 100644
+--- a/ninfod/ninfod.c
++++ b/ninfod/ninfod.c
+@@ -455,7 +455,7 @@ static void do_daemonize(void)
+ /* --------- */
+ #ifdef HAVE_LIBCAP
+ static const cap_value_t cap_net_raw = CAP_NET_RAW;
+-static const cap_value_t cap_setuid =  CAP_SETUID; 
++static const cap_value_t cap_setuserid = CAP_SETUID;
+ static cap_flag_value_t cap_ok;
+ #else
+ static uid_t euid;
+@@ -487,7 +487,7 @@ static void limit_capabilities(void)
+ 
+ 	cap_get_flag(cap_cur_p, CAP_SETUID, CAP_PERMITTED, &cap_ok);
+ 	if (cap_ok != CAP_CLEAR)
+-		cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuid, CAP_SET);
++		cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuserid, CAP_SET);
+ 
+ 	if (cap_set_proc(cap_p) < 0) {
+ 		DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno));
+@@ -520,8 +520,8 @@ static void drop_capabilities(void)
+ 
+ 	/* setuid / setuid */
+ 	if (cap_ok != CAP_CLEAR) {
+-		cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuid, CAP_SET);
+-		cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap_setuid, CAP_SET);
++		cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuserid, CAP_SET);
++		cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap_setuserid, CAP_SET);
+ 
+ 		if (cap_set_proc(cap_p) < 0) {
+ 			DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno));

SOURCES/tracepath-fix-copying-input-ipv6-address.patch

@@ -0,0 +1,38 @@
+From e0baf20067a75f093d690bd51a6db3f5afabca77 Mon Sep 17 00:00:00 2001
+From: Petr Vorel <pvorel@suse.cz>
+Date: Tue, 17 Jul 2018 17:56:10 +0200
+Subject: [PATCH] tracepath: Fix copying input IPv6 address
+
+Commit e669c86 broke copying input IPv6 address.
+tracepath recover from it, but it's slower.
+
+Previously was address too short:
+
+    strace ./tracepath -6 fe80::8895:e2af:e96e:fd8f
+    sendto(3, "\1\0\0\0\0\0\0\0\307\36N[\0\0\0\0w_\f\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 127952, 0, {sa_family=AF_INET6, sin6_port=htons(44444), inet_pton(AF_INET6, "fe80::", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EMSGSIZE (Message too long)
+
+After fix is correct:
+
+    sendto(3, "\1\0\0\0\0\0\0\0\300\36N[\0\0\0\0'B\3\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 127952, 0, {sa_family=AF_INET6, sin6_port=htons(44444), inet_pton(AF_INET6, "fe80::8895:e2af:e96e:fd8f", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EMSGSIZE (Message too long)
+
+Bug found by LTP test.
+
+Fixes: e669c86 tracepath: fix heap-buffer-overflow [asan]
+Fixes: #137
+---
+ tracepath.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tracepath.c b/tracepath.c
+index 53bda16f..539a7a11 100644
+--- a/tracepath.c
++++ b/tracepath.c
+@@ -475,7 +475,7 @@ int main(int argc, char **argv)
+ 		fd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+ 		if (fd < 0)
+ 			continue;
+-		memcpy(&target, ai->ai_addr, sizeof(*ai->ai_addr));
++		memcpy(&target, ai->ai_addr, ai->ai_addrlen);
+ 		targetlen = ai->ai_addrlen;
+ 		break;
+ 	}

SPECS/iputils.spec

@@ -3,7 +3,7 @@
 Summary: Network monitoring tools including ping
 Name: iputils
 Version: 20180629
-Release: 7%{?dist}
+Release: 9%{?dist}
 # some parts are under the original BSD (ping.c)
 # some are under GPLv2+ (tracepath.c)
 License: BSD and GPLv2+
@@ -22,6 +22,8 @@ Patch0: iputils-rh.patch
 Patch1: iputils-ifenslave.patch
 Patch2: iputils-freeaddrinfo.patch
 Patch3: fix-incorrect-statistics.patch
+Patch4: tracepath-fix-copying-input-ipv6-address.patch
+Patch5: ninfod-change-variable-name-to-avoid-colliding-with-function-name.patch
 
 %if ! 0%{?_module_build}
 BuildRequires: docbook-utils perl-SGMLSpm
@@ -64,6 +66,8 @@ cp %{SOURCE4} %{SOURCE5} .
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
+%patch5 -p1
 
 %build
 %ifarch s390 s390x
@@ -140,7 +144,7 @@ install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir}
 %{_unitdir}/rdisc.service
 %attr(0755,root,root) %caps(cap_net_raw=p) %{_sbindir}/clockdiff
 %attr(0755,root,root) %caps(cap_net_raw=p) %{_sbindir}/arping
-%attr(0755,root,root) %caps(cap_net_raw=p cap_net_admin=p) %{_bindir}/ping
+%attr(0755,root,root) %{_bindir}/ping
 %{_sbindir}/ifenslave
 %{_sbindir}/rdisc
 %{_bindir}/tracepath
@@ -167,6 +171,12 @@ install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir}
 %endif
 
 %changelog
+* Thu Feb 03 2022 Jan Macku <jamacku@redhat.com> - 20180629-9
+- Fix copying input IPv6 address (#2047659)
+
+* Mon Jan 03 2022 Jan Macku <jamacku@redhat.com> - 20180629-8
+- Make ping unprivileged (#2030107)
+
 * Wed Feb 17 2021 Jan Macku <jamacku@redhat.com> - 20180629-7
 - Revert patch introduced by #1852638 (#1928179)