sync some patches from upstream

2025-02-13 06:19:15 +00:00 · 2025-02-13 06:19:15 +00:00 · 3a2591c5ff
commit 3a2591c5ff
parent 33841ce719
9 changed files with 480 additions and 1 deletions
--- a/backport-Revert-ping-use-random-value-for-the-identifier-field.patch
+++ b/backport-Revert-ping-use-random-value-for-the-identifier-field.patch
@ -0,0 +1,155 @@
 From d466aabcadcc2d7fd1f132ea3f580ad102773cf9 Mon Sep 17 00:00:00 2001
 From: Petr Vorel <pvorel@suse.cz>
 Date: Wed, 6 Dec 2023 15:42:16 +0100
 Subject: [PATCH] Revert "ping: use random value for the identifier field"
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 This reverts commit 5026c2221a15bf13e601eade015c971bf07a27e9.
 Unlike TCP and UDP, which use port to uniquely identify the socket to
 deliver data, ICMP use identifier field (ID) to identify the socket.
 Therefore if on the same machine, at the same time, two ping processes
 use the same ID, echo reply can be delivered to the wrong socket.
 This is known problem due 16 bit ID field (65535). We used to use PID
 to get unique number. The default value of /proc/sys/kernel/pid_max is
 32768 (half).
 The problem is not new, but it was hidden until 5f6bec5 ("ping: Print
 reply with wrong source with warning").  5026c22 changed it to use our
 random implementation to increase security. But that actually increases
 the collisions on systems that use ping heavily: e.g. ping run with
 Nagios via Debian specific check-host-alive Nagios plugin:
    $ ping -n -v -D -W 1 -i 1 -c 5 -M 'do' -s 56 -O "$Host")
 (75-100 ping instances in the reported issue.)
 Because we consider warning from 5f6bec5 useful and not consider leaking
 PID information as a real security issue, we revert 5026c22. getpid() is
 used in other ping implementations:
 * fping
 https://github.com/schweikert/fping/blob/develop/src/fping.c#L496
 * busybox
 https://git.busybox.net/busybox/tree/networking/ping.c#n376
 * FreeBSD
 https://cgit.freebsd.org/src/tree/sbin/ping/ping.c#n632
 * inetutils
 https://git.savannah.gnu.org/cgit/inetutils.git/tree/ping/ping.c#n286
 * Apple
 https://opensource.apple.com/source/network_cmds/network_cmds-433/ping.tproj/ping.c.auto.html
 In case leaking PID *is* a real problem, we could solve this with
 comparing the ICMP optional data.  We could add 128 bit random value to
 check. But we already use struct timeval if packet size is big enough
 for it (>= 16 bits), therefore we could use it for comparing for most of
 the packet sizes (the default is 56 bits).
 Fixes: https://github.com/iputils/iputils/issues/489
 Closes: https://github.com/iputils/iputils/pull/503
 Reported-by: Miloslav Hůla <miloslav.hula@gmail.com>
 Suggested-by: Cyril Hrubis <chrubis@suse.cz>
 Acked-by: Johannes Segitz jsegitz@suse.de
 Acked-by: Cyril Hrubis <chrubis@suse.cz>
 Signed-off-by: Petr Vorel <pvorel@suse.cz>
 Conflict:NA
 Reference:https://github.com/iputils/iputils/commit/d466aabcadcc2d7fd1f132ea3f580ad102773cf9
 ---
 ping/node_info.c    | 1 +
 ping/ping.c         | 4 +---
 ping/ping.h         | 2 +-
 ping/ping6_common.c | 2 +-
 ping/ping_common.c  | 4 ++--
 5 files changed, 6 insertions(+), 7 deletions(-)
 diff --git a/ping/node_info.c b/ping/node_info.c
 index 10a76818..ce392a28 100644
 --- a/ping/node_info.c
 +++ b/ping/node_info.c
@@ -91,6 +91,7 @@ int niquery_is_enabled(struct ping_ni *ni)
 void niquery_init_nonce(struct ping_ni *ni)
 {
 #if PING6_NONCE_MEMORY
 +	iputils_srand();
 	ni->nonce_ptr = calloc(NI_NONCE_SIZE, MAX_DUP_CHK);
 	if (!ni->nonce_ptr)
 		error(2, errno, "calloc");
 diff --git a/ping/ping.c b/ping/ping.c
 index f4707104..0ff5a487 100644
 --- a/ping/ping.c
 +++ b/ping/ping.c
@@ -569,8 +569,6 @@ main(int argc, char **argv)
 	if (!argc)
 		error(1, EDESTADDRREQ, "usage error");
 -	iputils_srand();
 -
 	target = argv[argc - 1];
 	rts.outpack = malloc(rts.datalen + 28);
@@ -1527,7 +1525,7 @@ in_cksum(const unsigned short *addr, int len, unsigned short csum)
 /*
  * pinger --
  * 	Compose and transmit an ICMP ECHO REQUEST packet.  The IP packet
 - * will be added on by the kernel.  The ID field is a random number,
 + * will be added on by the kernel.  The ID field is our UNIX process ID,
  * and the sequence number is an ascending integer.  The first several bytes
  * of the data portion are used to hold a UNIX "timeval" struct in VAX
  * byte-order, to compute the round-trip time.
 diff --git a/ping/ping.h b/ping/ping.h
 index 04b2ccf4..7799395f 100644
 --- a/ping/ping.h
 +++ b/ping/ping.h
@@ -159,7 +159,7 @@ struct ping_rts {
 	size_t datalen;
 	char *hostname;
 	uid_t uid;
 -	int ident;			/* random id to identify our packets */
 +	int ident;			/* process id to identify our packets */
 	int sndbuf;
 	int ttl;
 diff --git a/ping/ping6_common.c b/ping/ping6_common.c
 index 7b2bf158..5e78f852 100644
 --- a/ping/ping6_common.c
 +++ b/ping/ping6_common.c
@@ -583,7 +583,7 @@ int ping6_receive_error_msg(struct ping_rts *rts, socket_st *sock)
 /*
  * pinger --
  * 	Compose and transmit an ICMP ECHO REQUEST packet.  The IP packet
 - * will be added on by the kernel.  The ID field is a random number,
 + * will be added on by the kernel.  The ID field is our UNIX process ID,
  * and the sequence number is an ascending integer.  The first several bytes
  * of the data portion are used to hold a UNIX "timeval" struct in VAX
  * byte-order, to compute the round-trip time.
 diff --git a/ping/ping_common.c b/ping/ping_common.c
 index ed4fee87..6eb1aa4e 100644
 --- a/ping/ping_common.c
 +++ b/ping/ping_common.c
@@ -303,7 +303,7 @@ void print_timestamp(struct ping_rts *rts)
 /*
  * pinger --
  * 	Compose and transmit an ICMP ECHO REQUEST packet.  The IP packet
 - * will be added on by the kernel.  The ID field is a random number,
 + * will be added on by the kernel.  The ID field is our UNIX process ID,
  * and the sequence number is an ascending integer.  The first several bytes
  * of the data portion are used to hold a UNIX "timeval" struct in VAX
  * byte-order, to compute the round-trip time.
@@ -536,7 +536,7 @@ void setup(struct ping_rts *rts, socket_st *sock)
 	}
 	if (sock->socktype == SOCK_RAW && rts->ident == -1)
 -		rts->ident = rand() & IDENTIFIER_MAX;
 +		rts->ident = htons(getpid() & 0xFFFF);
 	set_signal(SIGINT, sigexit);
 	set_signal(SIGALRM, sigexit);
--- a/backport-ping-Fix-the-errno-handling-for-strtod.patch
+++ b/backport-ping-Fix-the-errno-handling-for-strtod.patch
@ -0,0 +1,64 @@
 From 33e78be2e60ed9ac918dec13271d1bd9dce6e94e Mon Sep 17 00:00:00 2001
 From: Jacek Tomasiak <jtomasiak@arista.com>
 Date: Mon, 6 Feb 2023 13:39:44 +0100
 Subject: [PATCH] ping: Fix the errno handling for strtod
 The setlocale(LC_ALL, "") following the strtod() for the '-i' option
 can fail if the LC_CTYPE is invalid.
 Hence the errno check following the setlocale(LC_ALL, "") thinks
 wrongly that strtod() failed with the errno and prints a warning:
 $ LC_ALL=XXX ping -i 1.9 -c1 8.8.8.8
 ping: option argument contains garbage:
 ping: this will become fatal error in the future
 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
 64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=1.34 ms
 The errno got from the execution of strtod() is saved and restored
 after setlocale() to be checked for any errors.
 The problem is only on Fedora/CentOS/RHEL with applied patch [1]
 from 2012 for glibc bug #14247.
 [1] https://src.fedoraproject.org/rpms/glibc/blob/rawhide/f/glibc-rh827510.patch
 Link: https://sourceware.org/bugzilla/show_bug.cgi?id=14247
 Closes: https://github.com/iputils/iputils/pull/450
 Reference:https://github.com/iputils/iputils/commit/33e78be2e60ed9ac918dec13271d1bd9dce6e94e
 Conflict:NA
 Fixes: 918e824 ("ping: add support for sub-second timeouts")
 Co-Developed-by: Sriram Rajagopalan <sriramr@arista.com>
 Reviewed-by: Petr Vorel <pvorel@suse.cz>
 [ pvorel: mention glibc bug and Fedora/CentOS/RHEL ]
 Signed-off-by: Sriram Rajagopalan <sriramr@arista.com>
 Signed-off-by: Jacek Tomasiak <jtomasiak@arista.com>
 ---
 ping/ping.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/ping/ping.c b/ping/ping.c
 index 89b0fa19..8f442037 100644
 --- a/ping/ping.c
 +++ b/ping/ping.c
@@ -214,6 +214,7 @@ static double ping_strtod(const char *str, const char *err_msg)
 {
 	double num;
 	char *end = NULL;
 +	int strtod_errno = 0;
 	if (str == NULL || *str == '\0')
 		goto err;
@@ -225,7 +226,10 @@ static double ping_strtod(const char *str, const char *err_msg)
 	 */
 	setlocale(LC_ALL, "C");
 	num = strtod(str, &end);
 +	strtod_errno = errno;
 	setlocale(LC_ALL, "");
 +	/* Ignore setlocale() errno (e.g. invalid locale in env). */
 +	errno = strtod_errno;
 	if (errno || str == end || (end && *end)) {
 		error(0, 0, _("option argument contains garbage: %s"), end);
--- a/backport-ping-Handle-interval-correctly-in-the-second-after-booting.patch
+++ b/backport-ping-Handle-interval-correctly-in-the-second-after-booting.patch
@ -0,0 +1,36 @@
 From 7448c33af407636e66ac90deb828764df51835d4 Mon Sep 17 00:00:00 2001
 From: Josh Triplett <josh@joshtriplett.org>
 Date: Mon, 20 Nov 2023 19:09:06 -0800
 Subject: [PATCH] ping: Handle interval correctly in the second after booting
 ping assumes that if a timespec has tv_sec == 0, it hasn't been
 initialized yet. However, in the second after booting up, tv_sec will
 legitimately be 0. This causes ping to send pings one after another
 without waiting.
 Check that tv_nsec is 0 as well.
 Link: https://github.com/iputils/iputils/pull/499
 Reviewed-by: Petr Vorel <pvorel@suse.cz>
 Tested-by: Petr Vorel <pvorel@suse.cz>
 Signed-off-by: Josh Triplett <josh@joshtriplett.org>
 Conflict:NA
 Reference:https://github.com/iputils/iputils/commit/7448c33af407636e66ac90deb828764df51835d4
 ---
 ping/ping_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/ping/ping_common.c b/ping/ping_common.c
 index c8b868b7..5a6c35aa 100644
 --- a/ping/ping_common.c
 +++ b/ping/ping_common.c
@@ -321,7 +321,7 @@ int pinger(struct ping_rts *rts, ping_func_set_st *fset, socket_st *sock)
 		return 1000;
 	/* Check that packets < rate*time + preload */
 -	if (rts->cur_time.tv_sec == 0) {
 +	if (rts->cur_time.tv_sec == 0 && rts->cur_time.tv_nsec == 0) {
 		clock_gettime(CLOCK_MONOTONIC_RAW, &rts->cur_time);
 		tokens = rts->interval * (rts->preload - 1);
 	} else {
--- a/backport-ping-Remove-duplicate-include.patch
+++ b/backport-ping-Remove-duplicate-include.patch
@ -0,0 +1,26 @@
 From bacb69e166106f0125b7288f377299894c8c7e78 Mon Sep 17 00:00:00 2001
 From: Petr Vorel <pvorel@suse.cz>
 Date: Mon, 6 Mar 2023 21:17:09 +0100
 Subject: [PATCH] ping.h: Remove duplicate include
 Reference:https://github.com/iputils/iputils/commit/bacb69e166106f0125b7288f377299894c8c7e78
 Conflict:NA
 Fixes: ba7e8a7 ("ping: merge all ping header files into a single one")
 Signed-off-by: Petr Vorel <pvorel@suse.cz>
 ---
 ping/ping.h | 1 -
 1 file changed, 1 deletion(-)
 diff --git a/ping/ping.h b/ping/ping.h
 index caf79cd1..ef358ad4 100644
 --- a/ping/ping.h
 +++ b/ping/ping.h
@@ -23,7 +23,6 @@
 #include <string.h>
 #include <netdb.h>
 #include <setjmp.h>
 -#include <netinet/icmp6.h>
 #include <asm/byteorder.h>
 #include <sched.h>
 #include <math.h>
--- a/backport-ping-check-return-value-of-write-to-avoid-integer-overflow.patch
+++ b/backport-ping-check-return-value-of-write-to-avoid-integer-overflow.patch
@ -0,0 +1,52 @@
 From 0f12e6d5bb325df4eb9273b1e294a2cf94a53120 Mon Sep 17 00:00:00 2001
 From: Jan Macku <jamacku@redhat.com>
 Date: Tue, 28 May 2024 12:25:57 +0200
 Subject: [PATCH 1/1] ping: check return value of write() to avoid integer
 overflow
 Error: INTEGER_OVERFLOW (CWE-190):
 iputils-20240117/ping/ping.h:291: tainted_data_return: Called function "write(1, str + o, len - o)", and a possible return value may be less than zero.
 iputils-20240117/ping/ping.h:291: assign: Assigning: "cc" = "write(1, str + o, len - o)".
 iputils-20240117/ping/ping.h:292: overflow: The expression "o += cc" might be negative, but is used in a context that treats it as unsigned.
 iputils-20240117/ping/ping.h:291: overflow: The expression "len - o" is deemed underflowed because at least one of its arguments has underflowed.
 iputils-20240117/ping/ping.h:291: overflow_sink: "len - o", which might have underflowed, is passed to "write(1, str + o, len - o)".
  289|           ssize_t cc;
  290|           do {
  291|->                 cc = write(STDOUT_FILENO, str + o, len - o);
  292|                   o += cc;
  293|           } while (len > o || cc < 0);
 Closes: https://github.com/iputils/iputils/pull/545
 Reviewed-by: Petr Vorel <pvorel@suse.cz>
 Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
 Signed-off-by: Jan Macku <jamacku@redhat.com>
 Reference:https://github.com/iputils/iputils/commit/0f12e6d5bb325df4eb9273b1e294a2cf94a53120
 Conflict:NA
 ---
 ping/ping.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
 diff --git a/ping/ping.h b/ping/ping.h
 index 98d035d..3e2e3c3 100644
 --- a/ping/ping.h
 +++ b/ping/ping.h
@@ -290,8 +290,12 @@ static inline void write_stdout(const char *str, size_t len)
 	ssize_t cc;
 	do {
 		cc = write(STDOUT_FILENO, str + o, len - o);
 -		o += cc;
 -	} while (len > o || cc < 0);
 +
 +		if (cc < 0)
 +			break;
 +
 +		o += (size_t) cc;
 +	} while (len > o);
 }
 /*
 -- 
 2.33.0
--- a/backport-ping-fix-IPv4-checksum-check-always-succeeding-once-again.patch
+++ b/backport-ping-fix-IPv4-checksum-check-always-succeeding-once-again.patch
@ -0,0 +1,45 @@
 From bacf1b7bb8555c407d065e97015319abef2a742d Mon Sep 17 00:00:00 2001
 From: Ahmad Fatoum <a.fatoum@pengutronix.de>
 Date: Thu, 4 Apr 2024 21:17:39 +0200
 Subject: [PATCH 1/1] ping: fix IPv4 checksum check always succeeding once
 again
 This issue was fixed once already in commit bff65fbb6f73
 ("fix checksum always success in IPv4 ping."), but was reverted
 shortly after, likely due to a botched rebase.
 Fix this issue again, so ping correctly reports checksum mismatches
 in ICMP ECHO replies.
 This time it was found with barebox v2024.03.0 (or older) which has
 broken checksum on a Raspberry Pi 3b and ping its network interface
 (checksum mismatch verified by Wireshark).
 Closes: https://github.com/iputils/iputils/pull/534
 Fixes: 8b8686794f69 ("warnings: remove variable shadowing")
 Reviewed-by: Petr Vorel <pvorel@suse.cz>
 Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
 Reference:https://github.com/iputils/iputils/commit/bacf1b7bb8555c407d065e97015319abef2a742d
 Conflict:NA
 ---
 ping/ping.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/ping/ping.c b/ping/ping.c
 index d0803fe..1a3e52c 100644
 --- a/ping/ping.c
 +++ b/ping/ping.c
@@ -1654,7 +1654,7 @@ int ping4_parse_reply(struct ping_rts *rts, struct socket_st *sock,
 			wrong_source = 1;
 		if (gather_statistics(rts, (uint8_t *)icp, sizeof(*icp), cc,
 				      ntohs(icp->un.echo.sequence),
 -				      reply_ttl, 0, tv, pr_addr(rts, from, sizeof *from),
 +				      reply_ttl, csfailed, tv, pr_addr(rts, from, sizeof *from),
 				      pr_echo_reply, rts->multicast, wrong_source)) {
 			fflush(stdout);
 			return 0;
 -- 
 2.33.0
--- a/backport-ping6-Fix-support-for-DSCP.patch
+++ b/backport-ping6-Fix-support-for-DSCP.patch
@ -0,0 +1,54 @@
 From 425f711a62f7d7523badd6b917f15ad58ecdb0ae Mon Sep 17 00:00:00 2001
 From: Guillaume Nault <guillaume.nault@wanadoo.fr>
 Date: Thu, 18 May 2023 18:12:54 +0200
 Subject: [PATCH] ping6: Fix support for DSCP (Traffic Class, option -Q)
 Set the IPV6_TCLASS option on probe_fd. Otherwise ip-rule is unaware
 of the DSCP value at connect() time and can lookup the remote address
 in the wrong routing table.
 For example:
  ip route add table main unreachable 2001:db8::10/124
  ip route add table 100 2001:db8::10/124 dev eth0
  ip -6 rule add dsfield 0x04 table 100
  ping -Q 0x04 2001:db8::11
 Without this patch, probe_fd fails to connect to 2001:db8::11 (No route
 to host) since the route lookup is done in the main table instead of
 table 100.
 Note that, to work correctly, this patch also depends on a Linux kernel
 bug fix (see
 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e010ae08c71fda8be3d6bda256837795a0b3ea41).
 That kernel patch has been backported to Linux stable trees and should
 have already reached most distributions.
 Reference:https://github.com/iputils/iputils/commit/425f711a62f7d7523badd6b917f15ad58ecdb0ae
 Conflict:NA
 Fixes: 33370345c7d8 ("Initial import of iputils")
 Link: https://github.com/iputils/iputils/pull/468
 Reviewed-by: Petr Vorel <pvorel@suse.cz>
 Signed-off-by: Guillaume Nault <guillaume.nault@wanadoo.fr>
 ---
 ping/ping6_common.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/ping/ping6_common.c b/ping/ping6_common.c
 index 21333aa0..e980a152 100644
 --- a/ping/ping6_common.c
 +++ b/ping/ping6_common.c
@@ -182,6 +182,10 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
 			disable_capability_raw();
 		}
 +		if (rts->tclass &&
 +		    setsockopt(probe_fd, IPPROTO_IPV6, IPV6_TCLASS, &rts->tclass, sizeof (rts->tclass)) <0)
 +			error(2, errno, "setsockopt(IPV6_TCLASS)");
 +
 		if (!IN6_IS_ADDR_LINKLOCAL(&rts->firsthop.sin6_addr) &&
 		    !IN6_IS_ADDR_MC_LINKLOCAL(&rts->firsthop.sin6_addr))
 			rts->firsthop.sin6_family = AF_INET6;
--- a/backport-tracepath-Dont-assume-tv_sec-0-means-unset.patch
+++ b/backport-tracepath-Dont-assume-tv_sec-0-means-unset.patch
@ -0,0 +1,32 @@
 From c64bcd8d8eca5c7f66e75e0bc9d42828bc09ba1b Mon Sep 17 00:00:00 2001
 From: Josh Triplett <josh@joshtriplett.org>
 Date: Mon, 20 Nov 2023 19:15:40 -0800
 Subject: [PATCH] tracepath: Don't assume tv_sec == 0 means unset
 A CLOCK_MONOTONIC timespec's tv_sec value can legitimately be 0 during
 the second after booting. Check tv_nsec as well before assuming an unset
 timestamp.
 Closes: https://github.com/iputils/iputils/pull/499
 Reviewed-by: Petr Vorel <pvorel@suse.cz>
 Signed-off-by: Josh Triplett <josh@joshtriplett.org>
 Conflict:NA
 Reference:https://github.com/iputils/iputils/commit/c64bcd8d8eca5c7f66e75e0bc9d42828bc09ba1b
 ---
 tracepath.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/tracepath.c b/tracepath.c
 index 04d77b83..046dc332 100644
 --- a/tracepath.c
 +++ b/tracepath.c
@@ -192,7 +192,7 @@ static int recverr(struct run_state *const ctl)
 		ctl->his[slot].hops = 0;
 	}
 	if (recv_size == sizeof(rcvbuf)) {
 -		if (rcvbuf.ttl == 0 || rcvbuf.ts.tv_sec == 0)
 +		if (rcvbuf.ttl == 0 || (rcvbuf.ts.tv_sec == 0 && rcvbuf.ts.tv_nsec == 0))
 			broken_router = 1;
 		else {
 			sndhops = rcvbuf.ttl;
--- a/iputils.spec
+++ b/iputils.spec
@ -1,6 +1,6 @@
 Name:            iputils
 Version:         20221126
-Release:         5
+Release:         6
 Summary:         Network monitoring tools including ping
 License:         BSD and GPLv2+
 URL:             https://github.com/iputils/iputils
@ -22,6 +22,15 @@ Patch6002:	 backport-tracepath-Restore-the-MTU-probing-behavior.patch
 # reference https://github.com/iputils/iputils/commit/608c62b3967882d31ff9edde97e38de0fcff154b
 Patch6003:       backport-tracepath-Merge-if-clauses.patch
 Patch6004:       backport-ping-Fix-the-errno-handling-for-strtod.patch
 Patch6005:       backport-ping-Remove-duplicate-include.patch
 Patch6006:       backport-ping6-Fix-support-for-DSCP.patch
 Patch6007:       backport-Revert-ping-use-random-value-for-the-identifier-field.patch
 Patch6008:       backport-ping-Handle-interval-correctly-in-the-second-after-booting.patch
 Patch6009:       backport-tracepath-Dont-assume-tv_sec-0-means-unset.patch
 Patch6010:       backport-ping-check-return-value-of-write-to-avoid-integer-overflow.patch
 Patch6011:       backport-ping-fix-IPv4-checksum-check-always-succeeding-once-again.patch
 BuildRequires:   gcc meson libidn2-devel openssl-devel libcap-devel libxslt
 BuildRequires:   docbook5-style-xsl systemd iproute glibc-kernheaders gettext
 %{?systemd_ordering}
@ -91,6 +100,12 @@ install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
 %{_mandir}/man8/*.8.gz
 %changelog
 * Thu Feb 13 2025 yanglu <yanglu72@h-partners.com> - 20221126-6
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:sync some patches from upstream
 * Thu May 16 2024 xiaozai <xiaozai@kylinos.cn> - 20221126-5
 - Type:NA
 - ID:NA