diff --git a/backport-devlink-fix-devlink-health-dump-command-without-arg.patch b/backport-devlink-fix-devlink-health-dump-command-without-arg.patch deleted file mode 100644 index 2c4133655dedd9431442896cfcb83ecff0db06b4..0000000000000000000000000000000000000000 --- a/backport-devlink-fix-devlink-health-dump-command-without-arg.patch +++ /dev/null @@ -1,68 +0,0 @@ -From e81fd551a1a0ffa7983d25f5e756a5c5b6cb4a9a Mon Sep 17 00:00:00 2001 -From: Jiri Pirko -Date: Tue, 19 Apr 2022 19:15:11 +0200 -Subject: [PATCH] devlink: fix "devlink health dump" command without arg - -Fix bug when user calls "devlink health dump" without "show" or "clear": -$ devlink health dump -Command "(null)" not found - -Put the dump command into a separate helper as it is usual in the rest -of the code. Also, treat no cmd as "show", as it is common for other -devlink objects. - -Fixes: 041e6e651a8e ("devlink: Add devlink health dump show command") -Signed-off-by: Jiri Pirko -Signed-off-by: Stephen Hemminger -Conflict: NA -Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=e81fd551a1a ---- - devlink/devlink.c | 25 ++++++++++++++++++------- - 1 file changed, 18 insertions(+), 7 deletions(-) - -diff --git a/devlink/devlink.c b/devlink/devlink.c -index da9f9778..aab739f7 100644 ---- a/devlink/devlink.c -+++ b/devlink/devlink.c -@@ -8526,6 +8526,23 @@ static void cmd_health_help(void) - pr_err(" [ auto_dump { true | false } ]\n"); - } - -+static int cmd_health_dump(struct dl *dl) -+{ -+ if (dl_argv_match(dl, "help")) { -+ cmd_health_help(); -+ return 0; -+ } else if (dl_argv_match(dl, "show") || -+ dl_argv_match(dl, "list") || dl_no_arg(dl)) { -+ dl_arg_inc(dl); -+ return cmd_health_dump_show(dl); -+ } else if (dl_argv_match(dl, "clear")) { -+ dl_arg_inc(dl); -+ return cmd_health_dump_clear(dl); -+ } -+ pr_err("Command \"%s\" not found\n", dl_argv(dl)); -+ return -ENOENT; -+} -+ - static int cmd_health(struct dl *dl) - { - if (dl_argv_match(dl, "help")) { -@@ -8546,13 +8563,7 @@ static int cmd_health(struct dl *dl) - return cmd_health_test(dl); - } else if (dl_argv_match(dl, "dump")) { - dl_arg_inc(dl); -- if (dl_argv_match(dl, "show")) { -- dl_arg_inc(dl); -- return cmd_health_dump_show(dl); -- } else if (dl_argv_match(dl, "clear")) { -- dl_arg_inc(dl); -- return cmd_health_dump_clear(dl); -- } -+ return cmd_health_dump(dl); - } else if (dl_argv_match(dl, "set")) { - dl_arg_inc(dl); - return cmd_health_set_params(dl); --- -2.23.0 - diff --git a/backport-ip-Fix-size_columns-for-very-large-values.patch b/backport-ip-Fix-size_columns-for-very-large-values.patch deleted file mode 100644 index d3910fe3b8eea5f57a1de315382679b38681a827..0000000000000000000000000000000000000000 --- a/backport-ip-Fix-size_columns-for-very-large-values.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 024103923a5c826e40c993be4ee2ada5536cb66a Mon Sep 17 00:00:00 2001 -From: Petr Machata -Date: Mon, 27 Jun 2022 15:18:21 +0200 -Subject: [PATCH] ip: Fix size_columns() for very large values - -For values near the 64-bit boundary, the iterative application of -powi *= 10 causes powi to overflow without the termination condition of -powi >= val having ever been satisfied. Instead, when determining the -length of the number, iterate val /= 10 and terminate when it's a single -digit. - -Fixes: 49437375b6c1 ("ip: dynamically size columns when printing stats") -CC: Tariq Toukan -CC: Itay Aveksis -Signed-off-by: Petr Machata -Signed-off-by: Stephen Hemminger -Conflict: void size_columns to static void size_colunms -Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=024103923a5 ---- - ip/ipaddress.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 17341d28..5a3b1cae 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -549,7 +549,7 @@ static void print_vfinfo(FILE *fp, struct ifinfomsg *ifi, struct rtattr *vfinfo) - static void size_columns(unsigned int cols[], unsigned int n, ...) - { - unsigned int i, len; -- uint64_t val, powi; -+ uint64_t val; - va_list args; - - va_start(args, n); -@@ -560,7 +560,7 @@ void size_columns(unsigned int cols[], unsigned int n, ...) - if (human_readable) - continue; - -- for (len = 1, powi = 10; powi < val; len++, powi *= 10) -+ for (len = 1; val > 9; len++, val /= 10) - /* nothing */; - if (len > cols[i]) - cols[i] = len; --- -2.23.0 - diff --git a/backport-ip-Fix-size_columns-invocation-that-passes-a-32-bit-.patch b/backport-ip-Fix-size_columns-invocation-that-passes-a-32-bit-.patch deleted file mode 100644 index cd91ce1b08cd39119e57af6f14b2be004aca8017..0000000000000000000000000000000000000000 --- a/backport-ip-Fix-size_columns-invocation-that-passes-a-32-bit-.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 329fda1861560b06e60a7bd1004647bb65708295 Mon Sep 17 00:00:00 2001 -From: Petr Machata -Date: Tue, 28 Jun 2022 12:17:31 +0200 -Subject: [PATCH] ip: Fix size_columns() invocation that passes a 32-bit - quantity - -In print_stats64(), the last size_columns() invocation passes number of -carrier changes as one of the arguments. The value is decoded as a 32-bit -quantity, but size_columns() expects a 64-bit one. This is undefined -behavior. - -The reason valgrind does not cite this is that the previous size_columns() -invocations prime the ABI area used for the value transfer. When these -other invocations are commented away, valgrind does complain that -"conditional jump or move depends on uninitialised value", as would be -expected. - -Fixes: 49437375b6c1 ("ip: dynamically size columns when printing stats") -Signed-off-by: Petr Machata -Signed-off-by: Stephen Hemminger -Conflict: NA -Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=329fda18615 ---- - ip/ipaddress.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 5a3b1cae..a288341c 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -783,13 +783,15 @@ void print_stats64(FILE *fp, struct rtnl_link_stats64 *s, - s->tx_bytes, s->tx_packets, s->tx_errors, - s->tx_dropped, s->tx_carrier_errors, - s->collisions, s->tx_compressed); -- if (show_stats > 1) -+ if (show_stats > 1) { -+ uint64_t cc = carrier_changes ? -+ rta_getattr_u32(carrier_changes) : 0; -+ - size_columns(cols, ARRAY_SIZE(cols), 0, 0, - s->tx_aborted_errors, s->tx_fifo_errors, - s->tx_window_errors, -- s->tx_heartbeat_errors, -- carrier_changes ? -- rta_getattr_u32(carrier_changes) : 0); -+ s->tx_heartbeat_errors, cc); -+ } - - /* RX stats */ - fprintf(fp, " RX: %*s %*s %*s %*s %*s %*s %*s%s", --- -2.23.0 - diff --git a/backport-ip-address-Fix-memory-leak-when-specifying-device.patch b/backport-ip-address-Fix-memory-leak-when-specifying-device.patch index 44df524b6cbffedcfade6634d2b49acf71c575f3..2cffcefc041cdfbe4405567b80fa2e2805471e6b 100644 --- a/backport-ip-address-Fix-memory-leak-when-specifying-device.patch +++ b/backport-ip-address-Fix-memory-leak-when-specifying-device.patch @@ -34,7 +34,7 @@ diff --git a/ip/ipaddress.c b/ip/ipaddress.c index a288341c..59ef1e4b 100644 --- a/ip/ipaddress.c +++ b/ip/ipaddress.c -@@ -2030,8 +2030,10 @@ static int ipaddr_link_get(int index, struct nlmsg_chain *linfo) +@@ -2017,8 +2017,10 @@ if (store_nlmsg(answer, linfo) < 0) { fprintf(stderr, "Failed to process link information\n"); @@ -47,4 +47,3 @@ index a288341c..59ef1e4b 100644 } -- 2.23.0 - diff --git a/backport-l2tp-fix-typo-in-AF_INET6-checksum-JSON-print.patch b/backport-l2tp-fix-typo-in-AF_INET6-checksum-JSON-print.patch deleted file mode 100644 index eb3cc70cdffd29665e1ba395d93f269786582b56..0000000000000000000000000000000000000000 --- a/backport-l2tp-fix-typo-in-AF_INET6-checksum-JSON-print.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 2bb37e90177cae1b92284a943123b0575505141f Mon Sep 17 00:00:00 2001 -From: Andrea Claudi -Date: Tue, 21 Jun 2022 18:53:08 +0200 -Subject: [PATCH] l2tp: fix typo in AF_INET6 checksum JSON print - -In print_tunnel json output, a typo makes it impossible to know the -value of udp6_csum_rx, printing instead udp6_csum_tx two times. - -Fixed getting rid of the typo. - -Fixes: 98453b65800f ("ip/l2tp: add JSON support") -Signed-off-by: Andrea Claudi -Signed-off-by: Stephen Hemminger -Conflict: NA -Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=2bb37e90177 ---- - ip/ipl2tp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/ipl2tp.c b/ip/ipl2tp.c -index 56972358..f1d574de 100644 ---- a/ip/ipl2tp.c -+++ b/ip/ipl2tp.c -@@ -258,7 +258,7 @@ static void print_tunnel(const struct l2tp_data *data) - NULL, p->udp6_csum_tx); - - print_bool(PRINT_JSON, "checksum_rx", -- NULL, p->udp6_csum_tx); -+ NULL, p->udp6_csum_rx); - } else { - printf(" UDP checksum: %s%s%s%s\n", - p->udp6_csum_tx && p->udp6_csum_rx --- -2.23.0 - diff --git a/backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch b/backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch deleted file mode 100644 index 002a09ce5f6d8ddc7740daa31d81e9f17aa12574..0000000000000000000000000000000000000000 --- a/backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch +++ /dev/null @@ -1,75 +0,0 @@ -From f8beda6e00e57b8f875442351f91e5c01530ad8e Mon Sep 17 00:00:00 2001 -From: Maxim Petrov -Date: Tue, 8 Feb 2022 20:20:45 +0300 -Subject: [PATCH] libnetlink: fix socket leak in rtnl_open_byproto() - -rtnl_open_byproto() does not close the opened socket in case of -errors, and the socket is returned to the caller in the `fd` field of -the struct. However, none of the callers care about the socket, so -close it in the function immediately to avoid any potential resource -leaks. - -Signed-off-by: Maxim Petrov -Signed-off-by: Stephen Hemminger -Conflict: NA -Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=f8beda6e00e ---- - lib/libnetlink.c | 15 +++++++++------ - 1 file changed, 9 insertions(+), 6 deletions(-) - -diff --git a/lib/libnetlink.c b/lib/libnetlink.c -index 7e977a67..6d1b1187 100644 ---- a/lib/libnetlink.c -+++ b/lib/libnetlink.c -@@ -210,13 +210,13 @@ int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions, - if (setsockopt(rth->fd, SOL_SOCKET, SO_SNDBUF, - &sndbuf, sizeof(sndbuf)) < 0) { - perror("SO_SNDBUF"); -- return -1; -+ goto err; - } - - if (setsockopt(rth->fd, SOL_SOCKET, SO_RCVBUF, - &rcvbuf, sizeof(rcvbuf)) < 0) { - perror("SO_RCVBUF"); -- return -1; -+ goto err; - } - - /* Older kernels may no support extended ACK reporting */ -@@ -230,25 +230,28 @@ int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions, - if (bind(rth->fd, (struct sockaddr *)&rth->local, - sizeof(rth->local)) < 0) { - perror("Cannot bind netlink socket"); -- return -1; -+ goto err; - } - addr_len = sizeof(rth->local); - if (getsockname(rth->fd, (struct sockaddr *)&rth->local, - &addr_len) < 0) { - perror("Cannot getsockname"); -- return -1; -+ goto err; - } - if (addr_len != sizeof(rth->local)) { - fprintf(stderr, "Wrong address length %d\n", addr_len); -- return -1; -+ goto err; - } - if (rth->local.nl_family != AF_NETLINK) { - fprintf(stderr, "Wrong address family %d\n", - rth->local.nl_family); -- return -1; -+ goto err; - } - rth->seq = time(NULL); - return 0; -+err: -+ rtnl_close(rth); -+ return -1; - } - - int rtnl_open(struct rtnl_handle *rth, unsigned int subscriptions) --- -2.23.0 - diff --git a/backport-lnstat-fix-buffer-overflow-in-header-output.patch b/backport-lnstat-fix-buffer-overflow-in-header-output.patch deleted file mode 100644 index 48c1ecc16559318247303d5ea653ffb77619c369..0000000000000000000000000000000000000000 --- a/backport-lnstat-fix-buffer-overflow-in-header-output.patch +++ /dev/null @@ -1,37 +0,0 @@ -From be31c2648487596f23096278dacd86bf88305a14 Mon Sep 17 00:00:00 2001 -From: "[200~jiangheng" -Date: Wed, 17 Nov 2021 13:41:10 -0800 -Subject: [PATCH] lnstat: fix buffer overflow in header output - -Running lnstat will cause core dump from reading past end of array. - -Segmentation fault (core dumped) - -The maximum value of th.num_lines is HDR_LINES(10), h should not be equal to th.num_lines, array th.hdr may be out of bounds. - -Signed-off-by jiangheng -Signed-off-by: Stephen Hemminger -Conflict: NA -Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=be31c264848 ---- - misc/lnstat.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/misc/lnstat.c b/misc/lnstat.c -index 89cb0e7e..98904d45 100644 ---- a/misc/lnstat.c -+++ b/misc/lnstat.c -@@ -210,8 +210,9 @@ static struct table_hdr *build_hdr_string(struct lnstat_file *lnstat_files, - } - ofs += width+1; - } -+ - /* fill in spaces */ -- for (h = 1; h <= th.num_lines; h++) { -+ for (h = 1; h < th.num_lines; h++) { - for (i = 0; i < ofs; i++) { - if (th.hdr[h][i] == '\0') - th.hdr[h][i] = ' '; --- -2.23.0 - diff --git a/backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch b/backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch deleted file mode 100644 index e0815a35fde5da33f15872bdceadfced9c5045e9..0000000000000000000000000000000000000000 --- a/backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch +++ /dev/null @@ -1,32 +0,0 @@ -From cc143bda6bcec20d073f42162f06dde8998551d4 Mon Sep 17 00:00:00 2001 -From: Maxim Petrov -Date: Tue, 15 Feb 2022 23:53:47 +0300 -Subject: [PATCH] lnstat: fix strdup leak in -w argument parsing - -'tmp' string is used for safe tokenizing, but it is not required after -getting all the widths in -w option. As 'tmp' string is obtained by strdup -call, the caller has to deallocate it to avoid memory leak. - -Signed-off-by: Maxim Petrov -Signed-off-by: Stephen Hemminger -Conflict: NA -Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=cc143bda6bc ---- - misc/lnstat.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/misc/lnstat.c b/misc/lnstat.c -index 98904d45..c3293a8e 100644 ---- a/misc/lnstat.c -+++ b/misc/lnstat.c -@@ -331,6 +331,7 @@ int main(int argc, char **argv) - for (i = 0; i < MAX_FIELDS; i++) - fp.params[i].print.width = len; - } -+ free(tmp); - break; - default: - usage(argv[0], 1); --- -2.23.0 - diff --git a/backport-mptcp-Fix-memory-leak-when-doing-endpoint-show.patch b/backport-mptcp-Fix-memory-leak-when-doing-endpoint-show.patch index 95bb7e42c5930c1ff025ff4c4ee8bc9b54af8081..408efba4ba6c821553ef22d5efd8a090a55f7965 100644 --- a/backport-mptcp-Fix-memory-leak-when-doing-endpoint-show.patch +++ b/backport-mptcp-Fix-memory-leak-when-doing-endpoint-show.patch @@ -36,14 +36,11 @@ diff --git a/ip/ipmptcp.c b/ip/ipmptcp.c index fd042da..763908f 100644 --- a/ip/ipmptcp.c +++ b/ip/ipmptcp.c -@@ -299,7 +299,9 @@ static int mptcp_addr_show(int argc, char **argv) - if (rtnl_talk(&genl_rth, &req.n, &answer) < 0) - return -2; - -- return print_mptcp_addr(answer, stdout); -+ ret = print_mptcp_addr(answer, stdout); +@@ -338,6 +338,7 @@ + ret = print_mptcp_addr(answer, stdout); + delete_json_obj(); + fflush(stdout); + free(answer); -+ return ret; + return ret; } - static int mptcp_addr_flush(int argc, char **argv) diff --git a/backport-q_cake-allow-changing-to-diffserv3.patch b/backport-q_cake-allow-changing-to-diffserv3.patch deleted file mode 100644 index 697aa5456a70aaff1a86fcf1cc61148bbb045998..0000000000000000000000000000000000000000 --- a/backport-q_cake-allow-changing-to-diffserv3.patch +++ /dev/null @@ -1,49 +0,0 @@ -From eb4206ecd0342ff92b1a85b7dae3d4fd1b5be1c6 Mon Sep 17 00:00:00 2001 -From: Kevin Bracey -Date: Thu, 6 Jan 2022 13:16:04 +0200 -Subject: [PATCH] q_cake: allow changing to diffserv3 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -A diffserv3 option (enum value 0) was never sent to the kernel, so it -was not possible to use "tc qdisc change" to select it. - -This also meant that were also relying on the kernel's default being -diffserv3 when adding. If the default were to change, we wouldn't have -been able to request diffserv3 explicitly. - -Signed-off-by: Kevin Bracey -Acked-by: Toke Høiland-Jørgensen -Signed-off-by: Stephen Hemminger -Conflict: NA -Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=eb4206ecd03 ---- - tc/q_cake.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tc/q_cake.c b/tc/q_cake.c -index 4cfc1c00..c438b765 100644 ---- a/tc/q_cake.c -+++ b/tc/q_cake.c -@@ -95,7 +95,7 @@ static int cake_parse_opt(struct qdisc_util *qu, int argc, char **argv, - bool overhead_override = false; - bool overhead_set = false; - unsigned int interval = 0; -- unsigned int diffserv = 0; -+ int diffserv = -1; - unsigned int memlimit = 0; - unsigned int fwmark = 0; - unsigned int target = 0; -@@ -356,7 +356,7 @@ static int cake_parse_opt(struct qdisc_util *qu, int argc, char **argv, - if (bandwidth || unlimited) - addattr_l(n, 1024, TCA_CAKE_BASE_RATE64, &bandwidth, - sizeof(bandwidth)); -- if (diffserv) -+ if (diffserv != -1) - addattr_l(n, 1024, TCA_CAKE_DIFFSERV_MODE, &diffserv, - sizeof(diffserv)); - if (atm != -1) --- -2.23.0 - diff --git a/backport-tc-em_u32-fix-offset-parsing.patch b/backport-tc-em_u32-fix-offset-parsing.patch deleted file mode 100644 index 6929b156e1313a314b37e3eb0efaacd9690d9132..0000000000000000000000000000000000000000 --- a/backport-tc-em_u32-fix-offset-parsing.patch +++ /dev/null @@ -1,63 +0,0 @@ -From b84fc3321c6adaf76f36cf7ef0e17389bdf31500 Mon Sep 17 00:00:00 2001 -From: Andrea Claudi -Date: Fri, 6 May 2022 22:11:46 +0200 -Subject: [PATCH] tc: em_u32: fix offset parsing - -tc u32 ematch offset parsing might fail even if nexthdr offset is -aligned to 4. The issue can be reproduced with the following script: - -tc qdisc del dev dummy0 root -tc qdisc add dev dummy0 root handle 1: htb r2q 1 default 1 -tc class add dev dummy0 parent 1:1 classid 1:108 htb quantum 1000000 \ - rate 1.00mbit ceil 10.00mbit burst 6k - -while true; do -if ! tc filter add dev dummy0 protocol all parent 1: prio 1 basic match \ - "meta(vlan mask 0xfff eq 1)" and "u32(u32 0x20011002 0xffffffff \ - at nexthdr+8)" flowid 1:108; then - exit 0 -fi -done - -which we expect to produce an endless loop. -With the current code, instead, this ends with: - -u32: invalid offset alignment, must be aligned to 4. -... meta(vlan mask 0xfff eq 1) and >>u32(u32 0x20011002 0xffffffff at nexthdr+8)<< ... -... u32(u32 0x20011002 0xffffffff at >>nexthdr+8<<)... -Usage: u32(ALIGN VALUE MASK at [ nexthdr+ ] OFFSET) -where: ALIGN := { u8 | u16 | u32 } - -Example: u32(u16 0x1122 0xffff at nexthdr+4) -Illegal "ematch" - -This is caused by memcpy copying into buf an unterminated string. - -Fix it using strncpy instead of memcpy. - -Fixes: commit 311b41454dc4 ("Add new extended match files.") -Reported-by: Alfred Yang -Signed-off-by: Andrea Claudi -Signed-off-by: Stephen Hemminger -Conflict: NA -Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=b84fc3321c6 ---- - tc/em_u32.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tc/em_u32.c b/tc/em_u32.c -index bc284af4..ea2bf882 100644 ---- a/tc/em_u32.c -+++ b/tc/em_u32.c -@@ -84,7 +84,7 @@ static int u32_parse_eopt(struct nlmsghdr *n, struct tcf_ematch_hdr *hdr, - char buf[a->len - nh_len + 1]; - - offmask = -1; -- memcpy(buf, a->data + nh_len, a->len - nh_len); -+ strncpy(buf, a->data + nh_len, a->len - nh_len + 1); - offset = strtoul(buf, NULL, 0); - } else if (!bstrcmp(a, "nexthdr+")) { - a = bstr_next(a); --- -2.23.0 - diff --git a/backport-tc-flower-Fix-buffer-overflow-on-large-labels.patch b/backport-tc-flower-Fix-buffer-overflow-on-large-labels.patch deleted file mode 100644 index 4bebf76b7937c23f24a2bea7076ae75617d73b93..0000000000000000000000000000000000000000 --- a/backport-tc-flower-Fix-buffer-overflow-on-large-labels.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 73590d9573148804034a88ceb2f6b7ca1545561f Mon Sep 17 00:00:00 2001 -From: Paul Blakey -Date: Sun, 5 Dec 2021 15:20:25 +0200 -Subject: [PATCH] tc: flower: Fix buffer overflow on large labels - -Buffer is 64bytes, but label printing can take 66bytes printing -in hex, and will overflow when setting the string delimiter ('\0'). - -Fix that by increasing the print buffer size. - -Example of overflowing ct_label: -ct_label 11111111111111111111111111111111/11111111111111111111111111111111 - -Fixes: 2fffb1c03056 ("tc: flower: Add matching on conntrack info") -Signed-off-by: Paul Blakey -Signed-off-by: Stephen Hemminger -Conflict: NA -Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=73590d95731 ---- - tc/f_flower.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tc/f_flower.c b/tc/f_flower.c -index 7f78195f..6d70b92a 100644 ---- a/tc/f_flower.c -+++ b/tc/f_flower.c -@@ -2195,7 +2195,7 @@ static void flower_print_ct_label(struct rtattr *attr, - const unsigned char *str; - bool print_mask = false; - int data_len, i; -- SPRINT_BUF(out); -+ char out[128]; - char *p; - - if (!attr) --- -2.23.0 - diff --git a/backport-tc_util-Fix-parsing-action-control-with-space-and-sl.patch b/backport-tc_util-Fix-parsing-action-control-with-space-and-sl.patch deleted file mode 100644 index 1a939961b2c854920f62cfba132ba63ce5730b82..0000000000000000000000000000000000000000 --- a/backport-tc_util-Fix-parsing-action-control-with-space-and-sl.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 7f70eb2a8b2c451683c801b23b25f34071a8882f Mon Sep 17 00:00:00 2001 -From: Roi Dayan -Date: Thu, 3 Feb 2022 14:20:46 +0200 -Subject: [PATCH] tc_util: Fix parsing action control with space and slash - -For action police there is an conform-exceed action control -which can be for example "jump 2 / pipe". -The current parsing loop is doing one more iteration than necessary -and results in ok var being 3. - -Example filter: - -tc filter add dev enp8s0f0_0 ingress protocol ip prio 2 flower \ - verbose action police rate 100mbit burst 12m \ - conform-exceed jump 1 / pipe mirred egress redirect dev enp8s0f0_1 action drop - -Before this change the command will fail. -Trying to add another "pipe" before mirred as a workaround for the stopping the loop -in ok var 3 resulting in result2 not being saved and wrong filter. - -... conform-exceed jump 1 / pipe pipe mirred ... - -Example dump of the action part: -... action order 1: police 0x1 rate 100Mbit burst 12Mb mtu 2Kb action jump 1 overhead 0b ... - -Fix the behavior by removing redundant case 2 handling, either argc is over or breaking. - -Example dump of the action part with the fix: -... action order 1: police 0x1 rate 100Mbit burst 12Mb mtu 2Kb action jump 1/pipe overhead 0b ... - -Signed-off-by: Roi Dayan -Reviewed-by: Maor Dickman -Signed-off-by: Stephen Hemminger -Conflict: NA -Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=7f70eb2a8b2 ---- - tc/tc_util.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/tc/tc_util.c b/tc/tc_util.c -index 48065897..b82dbd5d 100644 ---- a/tc/tc_util.c -+++ b/tc/tc_util.c -@@ -476,7 +476,6 @@ static int parse_action_control_slash_spaces(int *argc_p, char ***argv_p, - NEXT_ARG(); - /* fall-through */ - case 0: /* fall-through */ -- case 2: - ret = parse_action_control(&argc, &argv, - result_p, allow_num); - if (ret) --- -2.23.0 - diff --git a/backport-tipc-fix-keylen-check.patch b/backport-tipc-fix-keylen-check.patch deleted file mode 100644 index 24f2c9ae1363d750bcd5088e04f737b430bc71f7..0000000000000000000000000000000000000000 --- a/backport-tipc-fix-keylen-check.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 4429a6c9b484bc02dfab1e020a9b6f9f77370331 Mon Sep 17 00:00:00 2001 -From: Andrea Claudi -Date: Fri, 13 May 2022 11:52:30 +0200 -Subject: [PATCH] tipc: fix keylen check - -Key length check in str2key() is wrong for hex. Fix this using the -proper hex key length. - -Fixes: 28ee49e5153b ("tipc: bail out if key is abnormally long") -Suggested-by: Xin Long -Signed-off-by: Andrea Claudi -Signed-off-by: Stephen Hemminger -Conflict: NA -Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=4429a6c9b48 ---- - tipc/misc.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/tipc/misc.c b/tipc/misc.c -index 909975d8..6175bf07 100644 ---- a/tipc/misc.c -+++ b/tipc/misc.c -@@ -113,16 +113,15 @@ int str2key(char *str, struct tipc_aead_key *key) - } - } - -- if (len > TIPC_AEAD_KEYLEN_MAX) -+ key->keylen = ishex ? (len + 1) / 2 : len; -+ if (key->keylen > TIPC_AEAD_KEYLEN_MAX) - return -1; - - /* Obtain key: */ - if (!ishex) { -- key->keylen = len; - memcpy(key->key, str, len); - } else { - /* Convert hex string to key */ -- key->keylen = (len + 1) / 2; - for (i = 0; i < key->keylen; i++) { - if (i == 0 && len % 2 != 0) { - if (sscanf(str, "%1hhx", &key->key[0]) != 1) --- -2.23.0 - diff --git a/iproute.spec b/iproute.spec index 5f52be78a31fde029cea1c753f9a4267a039ecb8..4400711d0782883df93bdf490ffb3a636858e5bf 100644 --- a/iproute.spec +++ b/iproute.spec @@ -1,6 +1,6 @@ Name: iproute -Version: 5.15.0 -Release: 5 +Version: 5.18.0 +Release: 1 Summary: Linux network configuration utilities License: GPLv2+ and Public Domain URL: https://kernel.org/pub/linux/utils/net/iproute2/ @@ -9,19 +9,6 @@ Source0: https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-% Patch1: bugfix-iproute2-3.10.0-fix-maddr-show.patch Patch2: bugfix-iproute2-change-proc-to-ipnetnsproc-which-is-private.patch -Patch6000: backport-devlink-fix-devlink-health-dump-command-without-arg.patch -Patch6001: backport-ip-Fix-size_columns-for-very-large-values.patch -Patch6002: backport-ip-Fix-size_columns-invocation-that-passes-a-32-bit-.patch -Patch6003: backport-l2tp-fix-typo-in-AF_INET6-checksum-JSON-print.patch -Patch6004: backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch -Patch6005: backport-lnstat-fix-buffer-overflow-in-header-output.patch -Patch6006: backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch -Patch6007: backport-q_cake-allow-changing-to-diffserv3.patch -Patch6008: backport-tc-em_u32-fix-offset-parsing.patch -Patch6009: backport-tc-flower-Fix-buffer-overflow-on-large-labels.patch -Patch6010: backport-tc_util-Fix-parsing-action-control-with-space-and-sl.patch -Patch6011: backport-tipc-fix-keylen-check.patch - Patch6012: backport-bridge-Fix-memory-leak-when-doing-fdb-get.patch Patch6013: backport-ip-address-Fix-memory-leak-when-specifying-device.patch Patch6014: backport-ip-neigh-Fix-memory-leak-when-doing-get.patch @@ -95,6 +82,12 @@ install -m 0644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a %{_mandir}/* %changelog +* Mon Oct 24 2022 YukariChiba - 5.18.0-1 +- Type:requirements +- ID:NA +- SUG:NA +- DESC: Upgrade version to 5.18.0 and merge some backport patches + * Mon Oct 10 2022 jiangheng - 5.15.0-5 - Type:bugfix - ID:NA diff --git a/iproute2-5.15.0.tar.xz b/iproute2-5.15.0.tar.xz deleted file mode 100644 index 2629ef7ae8d12d0fd3c46b2779621905f163d3fa..0000000000000000000000000000000000000000 Binary files a/iproute2-5.15.0.tar.xz and /dev/null differ diff --git a/iproute2-5.18.0.tar.xz b/iproute2-5.18.0.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..0bdedeffa25e63333835b6912b87049046496426 Binary files /dev/null and b/iproute2-5.18.0.tar.xz differ