From 228f5a77a47ab38cb4df787a2bdeb1baba1f6e8b Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Wed, 8 May 2024 21:31:55 +0200
Subject: [PATCH] libnfnetlink-1.0.1-22.el9

- libnfnetlink: Check getsockname() return code
- include: Silence gcc warning in linux_list.h

Resolves: RHEL-5798
---
 ...-Silence-gcc-warning-in-linux_list.h.patch | 33 +++++++++++++++
 ...etlink-Check-getsockname-return-code.patch | 40 +++++++++++++++++++
 libnfnetlink.spec                             | 11 ++++-
 3 files changed, 82 insertions(+), 2 deletions(-)
 create mode 100644 0001-include-Silence-gcc-warning-in-linux_list.h.patch
 create mode 100644 0002-libnfnetlink-Check-getsockname-return-code.patch

diff --git a/0001-include-Silence-gcc-warning-in-linux_list.h.patch b/0001-include-Silence-gcc-warning-in-linux_list.h.patch
new file mode 100644
index 0000000..c94e1db
--- /dev/null
+++ b/0001-include-Silence-gcc-warning-in-linux_list.h.patch
@@ -0,0 +1,33 @@
+From d910da3d3ada3df4059a622a3dd4dbfe71313bcb Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Fri, 25 Mar 2022 18:33:55 +0100
+Subject: [PATCH] include: Silence gcc warning in linux_list.h
+
+Compiler complained about empty prefetch() macro:
+
+| ../include/linux_list.h:385:66: warning: right-hand operand of comma expression has no effect [-Wunused-value]
+|   385 |         for (pos = list_entry((head)->next, typeof(*pos), member),      \
+|       |                                                                  ^
+
+Use nftables' variant instead which gcc seems to like more.
+
+Fixes: 36d2ed3de20a3 ("major cleanup of index2name infrastructure: use linux list (and fix leak in the nlif_close path)")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 90ba6791824ef761f9f397c05b20a2f102dbe74a)
+---
+ include/linux_list.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/linux_list.h b/include/linux_list.h
+index de182a4764706..cf71837f18347 100644
+--- a/include/linux_list.h
++++ b/include/linux_list.h
+@@ -29,7 +29,7 @@
+ 	1; \
+ })
+ 
+-#define prefetch(x)		1
++#define prefetch(x) ((void)0)
+ 
+ /* empty define to make this work in userspace -HW */
+ #ifndef smp_wmb
diff --git a/0002-libnfnetlink-Check-getsockname-return-code.patch b/0002-libnfnetlink-Check-getsockname-return-code.patch
new file mode 100644
index 0000000..13c3195
--- /dev/null
+++ b/0002-libnfnetlink-Check-getsockname-return-code.patch
@@ -0,0 +1,40 @@
+From cebc5fb8352a25acd973dddfc18c48ca2858ac77 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Fri, 25 Mar 2022 18:33:55 +0100
+Subject: [PATCH] libnfnetlink: Check getsockname() return code
+
+The function may return -1 (and set errno). Assume it will leave
+addr_len value unchanged, so checking is necessary to not hide the
+error.
+
+Fixes: 4248314d40187 ("nfnl: fix compilation warning with gcc-4.7")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 3cffa84fa74f40c57e9ef39ea5747d792d697367)
+---
+ src/libnfnetlink.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/libnfnetlink.c b/src/libnfnetlink.c
+index 4b2bcd015b0a6..14a311f2c448b 100644
+--- a/src/libnfnetlink.c
++++ b/src/libnfnetlink.c
+@@ -188,7 +188,8 @@ struct nfnl_handle *nfnl_open(void)
+ 	nfnlh->peer.nl_family = AF_NETLINK;
+ 
+ 	addr_len = sizeof(nfnlh->local);
+-	getsockname(nfnlh->fd, (struct sockaddr *)&nfnlh->local, &addr_len);
++	if (getsockname(nfnlh->fd, (struct sockaddr *)&nfnlh->local, &addr_len))
++		goto err_close;
+ 	if (addr_len != sizeof(nfnlh->local)) {
+ 		errno = EINVAL;
+ 		goto err_close;
+@@ -209,7 +210,8 @@ struct nfnl_handle *nfnl_open(void)
+ 
+ 	/* use getsockname to get the netlink pid that the kernel assigned us */
+ 	addr_len = sizeof(nfnlh->local);
+-	getsockname(nfnlh->fd, (struct sockaddr *)&nfnlh->local, &addr_len);
++	if (getsockname(nfnlh->fd, (struct sockaddr *)&nfnlh->local, &addr_len))
++		goto err_close;
+ 	if (addr_len != sizeof(nfnlh->local)) {
+ 		errno = EINVAL;
+ 		goto err_close;
diff --git a/libnfnetlink.spec b/libnfnetlink.spec
index 3741f14..5e3753e 100644
--- a/libnfnetlink.spec
+++ b/libnfnetlink.spec
@@ -1,6 +1,6 @@
 Name:           libnfnetlink
 Version:        1.0.1
-Release:        21%{?dist}
+Release:        22%{?dist}
 Summary:        Netfilter netlink userspace library
 License:        GPLv2+
 URL:            http://netfilter.org
@@ -9,6 +9,9 @@ BuildRequires:	kernel-headers
 BuildRequires:  automake autoconf libtool pkgconfig
 BuildRequires: make
 
+Patch1:         0001-include-Silence-gcc-warning-in-linux_list.h.patch
+Patch2:         0002-libnfnetlink-Check-getsockname-return-code.patch
+
 %description
 libnfnetlink is a userspace library that provides some low-level
 nfnetlink handling functions.  It is used as a foundation for other, netfilter
@@ -27,7 +30,7 @@ subsystem specific libraries such as libnfnetlink_conntrack, libnfnetlink_log
 and libnfnetlink_queue.
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 %configure --disable-static
@@ -54,6 +57,10 @@ find $RPM_BUILD_ROOT -type f -name "*.la" -exec rm -f {} ';'
 %{_includedir}/libnfnetlink/*.h
 
 %changelog
+* Wed May 08 2024 Phil Sutter <psutter@redhat.com> - 1.0.1-22
+- libnfnetlink: Check getsockname() return code
+- include: Silence gcc warning in linux_list.h
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.1-21
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688