diff --git a/2583fb77dd57c5183998177a3fa13a680b573005.patch b/2583fb77dd57c5183998177a3fa13a680b573005.patch deleted file mode 100644 index 3010c06..0000000 --- a/2583fb77dd57c5183998177a3fa13a680b573005.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff --git a/ping/ping.c b/ping/ping.c -index e277697..d96298e 100644 ---- a/ping/ping.c -+++ b/ping/ping.c -@@ -1314,8 +1314,11 @@ int ping4_receive_error_msg(struct ping_rts *rts, socket_st *sock) - msg.msg_controllen = sizeof(cbuf); - - res = recvmsg(sock->fd, &msg, MSG_ERRQUEUE | MSG_DONTWAIT); -- if (res < 0) -+ if (res < 0) { -+ if (errno == EAGAIN || errno == EINTR) -+ local_errors++; - goto out; -+ } - - e = NULL; - for (cmsgh = CMSG_FIRSTHDR(&msg); cmsgh; cmsgh = CMSG_NXTHDR(&msg, cmsgh)) { -diff --git a/ping/ping6_common.c b/ping/ping6_common.c -index 279c533..459f63e 100644 ---- a/ping/ping6_common.c -+++ b/ping/ping6_common.c -@@ -481,8 +481,11 @@ int ping6_receive_error_msg(struct ping_rts *rts, socket_st *sock) - msg.msg_controllen = sizeof(cbuf); - - res = recvmsg(sock->fd, &msg, MSG_ERRQUEUE | MSG_DONTWAIT); -- if (res < 0) -+ if (res < 0) { -+ if (errno == EAGAIN || errno == EINTR) -+ local_errors++; - goto out; -+ } - - e = NULL; - for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) { diff --git a/950d36f8ba5a669cbc34a7972db611b675725fb5.patch b/950d36f8ba5a669cbc34a7972db611b675725fb5.patch deleted file mode 100644 index 3aa03a5..0000000 --- a/950d36f8ba5a669cbc34a7972db611b675725fb5.patch +++ /dev/null @@ -1,69 +0,0 @@ -diff --git a/meson.build b/meson.build -index aff75a2..7281ccb 100644 ---- a/meson.build -+++ b/meson.build -@@ -40,8 +40,10 @@ localedir = join_paths(prefix, get_option('localedir')) - sbindir = join_paths(prefix, get_option('sbindir')) - - systemd = dependency('systemd', required : false) -+install_systemd_units = systemd.found() or get_option('INSTALL_SYSTEMD_UNITS') -+ - systemdunitdir = get_option('systemdunitdir') --if systemdunitdir == '' and systemd.found() -+if systemdunitdir == '' and install_systemd_units - systemdunitdir = systemd.get_pkgconfig_variable('systemdsystemunitdir') - endif - -@@ -280,7 +282,7 @@ if build_rdisc == true - install_dir: sbindir, - link_with : [libcommon], - install: true) -- if systemd.found() -+ if install_systemd_units - subs = configuration_data() - subs.set('sbindir', sbindir) - unit_file = configure_file( -@@ -316,7 +318,7 @@ if build_rarpd == true - install_dir: sbindir, - link_with : [libcommon], - install: true) -- if systemd.found() -+ if install_systemd_units - subs = configuration_data() - subs.set('sbindir', sbindir) - unit_file = configure_file( -@@ -359,7 +361,7 @@ output += '\nCONFIGURATION\n' - output += 'Capatiblity (with libcap): ' + cap.to_string() + '\n' - output += 'IDN (with libidn2): ' + idn.to_string() + '\n' - output += 'I18N (with gettext): ' + gettext.to_string() + '\n' --output += 'systemd: ' + systemd.found().to_string() + '\n' -+output += 'systemd: ' + install_systemd_units.to_string() + '\n' - - output += '\nSYSTEM PATHS\n' - output += 'prefix: ' + prefix + '\n' -diff --git a/meson_options.txt b/meson_options.txt -index aade675..c806d80 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -64,5 +64,8 @@ option('ARPING_DEFAULT_DEVICE', type : 'string', value : '', - option('systemdunitdir', type: 'string', value: '', - description: 'Directory for systemd units') - -+option('INSTALL_SYSTEMD_UNITS', type: 'boolean', value: false, -+ description: 'Install generated systemd unit files') -+ - option('USE_GETTEXT', type: 'boolean', value: true, - description: 'Enable I18N') -diff --git a/ninfod/meson.build b/ninfod/meson.build -index 80b0a44..770169a 100644 ---- a/ninfod/meson.build -+++ b/ninfod/meson.build -@@ -18,7 +18,7 @@ executable('ninfod', [ninfod_sources, git_version_h], - conf_data = configuration_data() - conf_data.set('prefix', prefix) - --if systemd.found() -+if install_systemd_units - subs = configuration_data() - subs.set('sbindir', sbindir) - unit_file = configure_file( diff --git a/bugfix-arpping-make-update-neighbours-work-again.patch b/bugfix-arpping-make-update-neighbours-work-again.patch deleted file mode 100644 index 7a1425a..0000000 --- a/bugfix-arpping-make-update-neighbours-work-again.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 86ed08936d49e2c81ef49dfbd02aca1c74d0c098 Mon Sep 17 00:00:00 2001 -From: lac-0073 <61903197+lac-0073@users.noreply.github.com> -Date: Mon, 26 Oct 2020 09:45:42 +0800 -Subject: [PATCH] arpping: make update neighbours work again - -The arping is using inconsistent sender_ip_addr and target_ip_addr in -messages. This causes the client receiving the arp message not to update -the arp table entries. - -The specific performance is as follows: - -There is a machine 2 with IP 10.20.30.3 configured on eth0:0 that is in the -same IP subnet as eth0. This IP was originally used on another machine 1, -and th IP needs to be changed back to the machine 1. When using the arping -command to announce what ethernet address has IP 10.20.30.3, the arp table -on machine 3 is not updated. - -Machine 3 original arp table: - - 10.20.30.3 machine 2 eth0:0 00:00:00:00:00:02 - 10.20.30.2 machine 2 eth0 00:00:00:00:00:02 - 10.20.30.1 machine 1 eth0 00:00:00:00:00:01 - -Create interface eth0:0 on machine 1, and use the arping command to send arp -packets. Expected outcome on machine 3: - - 10.20.30.3 machine 1 eth0:0 00:00:00:00:00:01 - 10.20.30.2 machine 2 eth0 00:00:00:00:00:02 - 10.20.30.1 machine 1 eth0 00:00:00:00:00:01 - -Actual results on machine 3: - - 10.20.30.3 machine 2 eth0:0 00:00:00:00:00:02 - 10.20.30.2 machine 2 eth0 00:00:00:00:00:02 - 10.20.30.1 machine 1 eth0 00:00:00:00:00:01 - -Fixes: https://github.com/iputils/iputils/issues/298 -Fixes: 68f12fc4a0dbef4ae4c404da24040d22c5a14339 -Signed-off-by: Aichun Li ---- - arping.c | 16 +++++++++------- - 1 file changed, 9 insertions(+), 7 deletions(-) - -diff --git a/arping.c b/arping.c -index a002786..53fdbb4 100644 ---- a/arping.c -+++ b/arping.c -@@ -968,7 +968,7 @@ int main(int argc, char **argv) - } - memset(&saddr, 0, sizeof(saddr)); - saddr.sin_family = AF_INET; -- if (!ctl.unsolicited && (ctl.source || ctl.gsrc.s_addr)) { -+ if (ctl.source || ctl.gsrc.s_addr) { - saddr.sin_addr = ctl.gsrc; - if (bind(probe_fd, (struct sockaddr *)&saddr, sizeof(saddr)) == -1) - error(2, errno, "bind"); -@@ -979,12 +979,14 @@ int main(int argc, char **argv) - saddr.sin_port = htons(1025); - saddr.sin_addr = ctl.gdst; - -- if (setsockopt(probe_fd, SOL_SOCKET, SO_DONTROUTE, (char *)&on, sizeof(on)) == -1) -- error(0, errno, _("WARNING: setsockopt(SO_DONTROUTE)")); -- if (connect(probe_fd, (struct sockaddr *)&saddr, sizeof(saddr)) == -1) -- error(2, errno, "connect"); -- if (getsockname(probe_fd, (struct sockaddr *)&saddr, &alen) == -1) -- error(2, errno, "getsockname"); -+ if (!ctl.unsolicited) { -+ if (setsockopt(probe_fd, SOL_SOCKET, SO_DONTROUTE, (char *)&on, sizeof(on)) == -1) -+ error(0, errno, _("WARNING: setsockopt(SO_DONTROUTE)")); -+ if (connect(probe_fd, (struct sockaddr *)&saddr, sizeof(saddr)) == -1) -+ error(2, errno, "connect"); -+ if (getsockname(probe_fd, (struct sockaddr *)&saddr, &alen) == -1) -+ error(2, errno, "getsockname"); -+ } - ctl.gsrc = saddr.sin_addr; - } - close(probe_fd); diff --git a/iputils-20210202.tar.gz b/iputils-20210202.tar.gz new file mode 100644 index 0000000..d9b39a9 Binary files /dev/null and b/iputils-20210202.tar.gz differ diff --git a/iputils-ifenslave-CWE-170.patch b/iputils-ifenslave-CWE-170.patch new file mode 100644 index 0000000..eb632ed --- /dev/null +++ b/iputils-ifenslave-CWE-170.patch @@ -0,0 +1,88 @@ +From a38091c8eb0c515441080806975856ee09d2edc7 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Tue, 23 Mar 2021 08:10:10 +0100 +Subject: [PATCH] ifenslave: fix CWE-170: Improper Null Termination + +--- + ifenslave.c | 24 ++++++++++++++++-------- + 1 file changed, 16 insertions(+), 8 deletions(-) + +diff --git a/ifenslave.c b/ifenslave.c +index ddd82ec..1efe4f1 100644 +--- a/ifenslave.c ++++ b/ifenslave.c +@@ -509,21 +509,24 @@ static int if_getconfig(char *ifname) + struct sockaddr dstaddr, broadaddr, netmask; + unsigned char *hwaddr; + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFFLAGS, &ifr) < 0) + return -1; + mif_flags = ifr.ifr_flags; + printf("The result of SIOCGIFFLAGS on %s is %x.\n", + ifname, ifr.ifr_flags); + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFADDR, &ifr) < 0) + return -1; + printf("The result of SIOCGIFADDR is %2.2x.%2.2x.%2.2x.%2.2x.\n", + ifr.ifr_addr.sa_data[2], ifr.ifr_addr.sa_data[3], + ifr.ifr_addr.sa_data[4], ifr.ifr_addr.sa_data[5]); + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFHWADDR, &ifr) < 0) + return -1; + +@@ -534,33 +537,38 @@ static int if_getconfig(char *ifname) + ifr.ifr_hwaddr.sa_family, hwaddr[0], hwaddr[1], + hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5]); + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFMETRIC, &ifr) < 0) { + metric = 0; + } else + metric = ifr.ifr_metric; + printf("The result of SIOCGIFMETRIC is %d\n", metric); + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFMTU, &ifr) < 0) + mtu = 0; + else + mtu = ifr.ifr_mtu; + printf("The result of SIOCGIFMTU is %d\n", mtu); + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFDSTADDR, &ifr) < 0) { + memset(&dstaddr, 0, sizeof(struct sockaddr)); + } else + dstaddr = ifr.ifr_dstaddr; + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFBRDADDR, &ifr) < 0) { + memset(&broadaddr, 0, sizeof(struct sockaddr)); + } else + broadaddr = ifr.ifr_broadaddr; + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFNETMASK, &ifr) < 0) { + memset(&netmask, 0, sizeof(struct sockaddr)); + } else +-- +2.29.2 + diff --git a/iputils-s20200821.tar.gz b/iputils-s20200821.tar.gz deleted file mode 100644 index 1d8d785..0000000 Binary files a/iputils-s20200821.tar.gz and /dev/null differ diff --git a/iputils.spec b/iputils.spec index 4516079..6d2003e 100644 --- a/iputils.spec +++ b/iputils.spec @@ -1,11 +1,11 @@ Name: iputils -Version: 20200821 -Release: 2 +Version: 20210202 +Release: 1 Summary: Network monitoring tools including ping License: BSD and GPLv2+ URL: https://github.com/iputils/iputils -Source0: https://github.com/iputils/iputils/archive/s%{version}.tar.gz#/%{name}-s%{version}.tar.gz +Source0: https://github.com/iputils/iputils/archive/%{version}/%{name}-%{version}.tar.gz Source1: ifenslave.tar.gz Source2: rdisc.service Source3: ninfod.service @@ -14,10 +14,8 @@ Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt Patch0000: iputils-ifenslave.patch Patch0001: bugfix-arping-w-does-not-take-effect.patch -Patch0002: bugfix-arpping-make-update-neighbours-work-again.patch -Patch6000: 2583fb77dd57c5183998177a3fa13a680b573005.patch -Patch6001: 950d36f8ba5a669cbc34a7972db611b675725fb5.patch -Patch6002: bugfix-rdisc-remove-PrivateUsers=yes-from-systemd-service-file.patch +Patch0002: bugfix-rdisc-remove-PrivateUsers=yes-from-systemd-service-file.patch +Patch0003: iputils-ifenslave-CWE-170.patch BuildRequires: gcc meson libidn2-devel openssl-devel libcap-devel libxslt BuildRequires: docbook5-style-xsl systemd glibc-kernheaders gettext @@ -36,7 +34,7 @@ the target machine is alive and receiving network traffic. %package_help %prep -%setup -q -a 1 -n %{name}-s%{version} +%setup -q -a 1 -n %{name}-%{version} cp %{SOURCE4} %{SOURCE5} . %autopatch -p1 @@ -94,6 +92,12 @@ install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/ %{_mandir}/man8/*.8.gz %changelog +* Thu Jul 26 2021 yanglu - 20210202-1 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: update iputils to 20210202 + * Mon Mar 8 2021 xuxiaolong - 20200821-2 - Type:bugfix - ID:NA