diff --git a/arping-Fix-exit-code-on-w-option.patch b/arping-Fix-exit-code-on-w-option.patch deleted file mode 100644 index e94d30f9992b3171dbfb64f57f1af7ee1b85230f..0000000000000000000000000000000000000000 --- a/arping-Fix-exit-code-on-w-option.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 4c2dd9f020df2749bdff294756b04aafa99ad624 Mon Sep 17 00:00:00 2001 -From: eaglegai -Date: Fri, 18 Mar 2022 19:32:21 +0800 -Subject: [PATCH] arping: Fix exit code on -w option when count * interval > - timeout - -Signed-off-by: eaglegai ---- - arping.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arping.c b/arping.c -index 20b0554b..fe79d2f8 100644 ---- a/arping.c -+++ b/arping.c -@@ -850,7 +850,7 @@ static int event_loop(struct run_state *ctl) - else if (ctl->dad && ctl->quit_on_reply) - /* Duplicate address detection mode return value */ - rc |= !(ctl->brd_sent != ctl->received); -- else if (ctl->timeout && !(ctl->count > 0)) -+ else if (ctl->timeout && (!(ctl->count > 0) || (ctl->interval > ctl->timeout / ctl->count))) - rc |= !(ctl->received > 0); - else - rc |= (ctl->sent != ctl->received); diff --git a/backport-arping-exit-0-if-running-in-deadline-mode-and-we-see-replies.patch b/backport-arping-exit-0-if-running-in-deadline-mode-and-we-see-replies.patch deleted file mode 100644 index 1cd8cb0221e48c9684d8ca38a3ba39d19220e81d..0000000000000000000000000000000000000000 --- a/backport-arping-exit-0-if-running-in-deadline-mode-and-we-see-replies.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 854873bdd28fcdd9cc3fe0c2d29c083a07d07a86 Mon Sep 17 00:00:00 2001 -From: Noah Meyerhans -Date: Wed, 16 Feb 2022 22:27:49 -0800 -Subject: [PATCH] arping: exit 0 if running in deadline mode and we see replies - -The arping behavior when running in deadline mode without a packet -count (-w without -c) should match that of ping: any replies indicate -that the host is up and should result in a zero (success) exit status. - -Fixes: https://github.com/iputils/iputils/issues/392 -Closes: https://github.com/iputils/iputils/pull/395 - -Reviewed-by: Petr Vorel -Signed-off-by: Noah Meyerhans ---- - arping.c | 2 ++ - doc/arping.xml | 14 +++++++------- - 2 files changed, 9 insertions(+), 7 deletions(-) - -diff --git a/arping.c b/arping.c -index efe3f53..c41ec74 100644 ---- a/arping.c -+++ b/arping.c -@@ -822,6 +822,8 @@ static int event_loop(struct run_state *ctl) - else if (ctl->dad && ctl->quit_on_reply) - /* Duplicate address detection mode return value */ - rc |= !(ctl->brd_sent != ctl->received); -+ else if (ctl->timeout && !(ctl->count > 0)) -+ rc |= !(ctl->received > 0); - else - rc |= (ctl->sent != ctl->received); - return rc; -diff --git a/doc/arping.xml b/doc/arping.xml -index 711718f..9adbc0c 100644 ---- a/doc/arping.xml -+++ b/doc/arping.xml -@@ -202,13 +202,13 @@ xml:id="man.arping"> - - Specify a timeout, in seconds, before - arping exits regardless of how many -- packets have been sent or received. In this case -- arping does not stop after -- count packet are sent, it -- waits either for -- deadline expire or until -- count probes are -- answered. -+ packets have been sent or received. If any replies are -+ received, exit with status 0, otherwise status 1. When -+ combined with the count -+ option, exit with status 0 if count replies are received before the -+ deadline expiration, otherwise status 1. -+ - - - --- -2.27.0 - diff --git a/backport-arping-fix-typo-in-error-checking.patch b/backport-arping-fix-typo-in-error-checking.patch deleted file mode 100644 index dc4a74c5a071d06ca3d4e39aecbbd0720d11db82..0000000000000000000000000000000000000000 --- a/backport-arping-fix-typo-in-error-checking.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 8a6a2ce3cd0cdf69f0551a3a1e598a191561d18e Mon Sep 17 00:00:00 2001 -From: Noah Meyerhans -Date: Wed, 16 Feb 2022 22:25:30 -0800 -Subject: [PATCH] arping: fix typo in error checking - -When attempting to check the return value of timerfd_create(), we were -not checking the value of the variable containing the return value. - -Fixes: e594ca5 ("arping: use additional timerfd to control when timeout happens") - -Reviewed-by: Petr Vorel -Signed-off-by: Noah Meyerhans ---- - arping.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arping.c b/arping.c -index 53fdbb4..efe3f53 100644 ---- a/arping.c -+++ b/arping.c -@@ -733,7 +733,7 @@ static int event_loop(struct run_state *ctl) - - /* timeout timerfd */ - timeoutfd = timerfd_create(CLOCK_MONOTONIC, 0); -- if (tfd == -1) { -+ if (timeoutfd == -1) { - error(0, errno, "timerfd_create failed"); - return 1; - } --- -2.27.0 - diff --git a/backport-fix-ARP-protocol-field-for-AX.25-and-NETROM.patch b/backport-fix-ARP-protocol-field-for-AX.25-and-NETROM.patch deleted file mode 100644 index 77e1af6a40112f7a1fb47f7ff4dd84e21ea15899..0000000000000000000000000000000000000000 --- a/backport-fix-ARP-protocol-field-for-AX.25-and-NETROM.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 4646703f6d8eb46355752ec033945405ca482d4e Mon Sep 17 00:00:00 2001 -From: Ralf Baechle -Date: Tue, 7 Feb 2017 22:10:51 +0100 -Subject: [PATCH] arping: Fix ARP protocol field for AX.25 and NETROM - -Conflict:NA -Reference:https://github.com/iputils/iputils/commit/4646703f6d8eb46355752ec033945405ca482d4e.patch - -AX.25 and NETROM differ from other, more ethernet-like protocols in that -they are not using a DIX protocol number but the AX.25 PID. The arping code -doesn't handle this special case resulting in invalid ARP packets being sent. - -The interface bpq0 is an AX.25-over-ethernet interface. Without this -fix: - - # arping -c 1 -I bpq0 172.20.1.3 - ARPING 172.20.1.3 from 172.20.1.2 bpq0 - Sent 1 probes (1 broadcast(s)) - Received 0 response(s) - -With this fix: - - # arping -c 1 -I bpq0 172.20.1.3 - ARPING 172.20.1.3 from 172.20.1.2 bpq0 - Unicast reply from 172.20.1.3 [88:98:60:A0:92:40:02] 1.402ms - Sent 1 probes (1 broadcast(s)) - Received 1 response(s) - -Closes: https://github.com/iputils/iputils/pull/360 - -Reviewed-by: Petr Vorel -Signed-off-by: Ralf Baechle -[ pvorel: add new lines for readability ] -Signed-off-by: Petr Vorel ---- - arping.c | 32 +++++++++++++++++++++++++++++--- - 1 file changed, 29 insertions(+), 3 deletions(-) - -diff --git a/arping.c b/arping.c -index 53fdbb48..5df6d9f0 100644 ---- a/arping.c -+++ b/arping.c -@@ -37,6 +37,14 @@ - - #include "iputils_common.h" - -+/* -+ * As of July 2021 AX.25 PID values are not currently defined in any -+ * userspace headers. -+ */ -+#ifndef AX25_P_IP -+# define AX25_P_IP 0xcc /* ARPA Internet Protocol */ -+#endif -+ - #ifdef DEFAULT_DEVICE - # define DEFAULT_DEVICE_STR DEFAULT_DEVICE - #else -@@ -248,7 +256,17 @@ static int send_pack(struct run_state *ctl) - ah->ar_hrd = htons(ME->sll_hatype); - if (ah->ar_hrd == htons(ARPHRD_FDDI)) - ah->ar_hrd = htons(ARPHRD_ETHER); -- ah->ar_pro = htons(ETH_P_IP); -+ -+ /* -+ * Exceptions everywhere. AX.25 uses the AX.25 PID value not the -+ * DIX code for the protocol. Make these device structure fields. -+ */ -+ if (ah->ar_hrd == htons(ARPHRD_AX25) || -+ ah->ar_hrd == htons(ARPHRD_NETROM)) -+ ah->ar_pro = htons(AX25_P_IP); -+ else -+ ah->ar_pro = htons(ETH_P_IP); -+ - ah->ar_hln = ME->sll_halen; - ah->ar_pln = 4; - ah->ar_op = ctl->advert ? htons(ARPOP_REPLY) : htons(ARPOP_REQUEST); -@@ -341,9 +359,17 @@ static int recv_pack(struct run_state *ctl, unsigned char *buf, ssize_t len, - (FROM->sll_hatype != ARPHRD_FDDI || ah->ar_hrd != htons(ARPHRD_ETHER))) - return 0; - -- /* Protocol must be IP. */ -- if (ah->ar_pro != htons(ETH_P_IP)) -+ /* -+ * Protocol must be IP - but exceptions everywhere. AX.25 and NETROM -+ * use the AX.25 PID value not the DIX code for the protocol. -+ */ -+ if (ah->ar_hrd == htons(ARPHRD_AX25) || -+ ah->ar_hrd == htons(ARPHRD_NETROM)) { -+ if (ah->ar_pro != htons(AX25_P_IP)) -+ return 0; -+ } else if (ah->ar_pro != htons(ETH_P_IP)) - return 0; -+ - if (ah->ar_pln != 4) - return 0; - if (ah->ar_hln != ((struct sockaddr_ll *)&ctl->me)->sll_halen) diff --git a/backport-ping-Fix-ping6-binding-to-VRF-and-address.patch b/backport-ping-Fix-ping6-binding-to-VRF-and-address.patch deleted file mode 100644 index 47a421a6febc4ac14a6b67bd7589b11b9242d2a6..0000000000000000000000000000000000000000 --- a/backport-ping-Fix-ping6-binding-to-VRF-and-address.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 7c65999f98bc4a1984594b7fad1af0eaf0b9d34b Mon Sep 17 00:00:00 2001 -From: Lahav Schlesinger -Date: Wed, 30 Jun 2021 13:06:13 +0300 -Subject: [PATCH] ping: Fix ping6 binding to VRF and address - -Since Linux kernel commit 1893ff20275b ("net/ipv6: Add l3mdev check to -ipv6_chk_addr_and_flags") from v4.17-rc1 ping fails when trying to -create IPv6 SOCK_RAW socket (e.g. if net.ipv4.ping_group_range = 1 0) -and passing both -I and -I . -It works for IPv4 SOCK_RAW socket. - - # ip netns add tmp_ns - # ip -n tmp_ns link add vrf_1 type vrf table 10001 - # ip -n tmp_ns link add lo10 type dummy - # ip -n tmp_ns link set lo10 master vrf_1 - # ip -n tmp_ns link set vrf_1 up - # ip -n tmp_ns link set lo10 up - # ip -n tmp_ns link set lo up - # ip -n tmp_ns addr add 1:2::3:4/128 dev lo10 - # ip -n tmp_ns addr add 1.2.3.4/32 dev lo10 - - # ip netns exec tmp_ns ping -6 1:2::3:4 -I vrf_1 -I 1:2::3:4 -c 1 # IPv6 broken - ping: bind icmp socket: Cannot assign requested address - - # ping 1.2.3.4 -I vrf_1 -I 1.2.3.4 -c 1 # IPv4 working - PING 1.2.3.4 (1.2.3.4) from 1.2.3.4 vrf_1: 56(84) bytes of data. - 64 bytes from 1.2.3.4: icmp_seq=1 ttl=64 time=0.090 ms - - --- 1.2.3.4 ping statistics --- - 1 packets transmitted, 1 received, 0% packet loss, time 0ms - rtt min/avg/max/mdev = 0.090/0.090/0.090/0.000 ms - -ping fails because it doesn't actually bind to the VRF interface, while -after 1893ff20275b, binding to an IPv6 address searches only on the same -l3mdev as the device the function receives. If the socket wasn't -SO_BINDTODEVICE-ed, then the kernel will only search for devices that -are not ensalved to an l3mdev device (= in the default VRF), which will -cause the bind() to fail. - -Only SOCK_RAW socket is affected. SOCK_DGRAM is not affected because -Linux kernel doesn't check the device the socket was SO_BINDTODEVICE-ed -to, but only the device from addr->sin6_scope_id (which if none is -passed, it will again only search devices in the default VRF). - -NOTE: creating network namespace to reproduce the issue is needed just -on systems with net.ipv4.ping_group_range = 0 2147483647 (e.g. current -Fedora, openSUSE, Ubuntu), which causes to use SOCK_DGRAM socket. -Alternatively to force SOCK_RAW to it'd be enough just to properly set -net.ipv4.ping_group_range: - - # echo "1 0" > /proc/sys/net/ipv4/ping_group_range - -Closes: https://github.com/iputils/iputils/pull/344 - -Reviewed-by: Petr Vorel -Signed-off-by: Lahav Schlesinger -[ pvorel: adjusted commit message ] -Signed-off-by: Petr Vorel - -Conflict:NA -Reference: https://github.com/iputils/iputils/commit/7c65999f98bc4a1984594b7fad1af0eaf0b9d34b.patch - ---- - ping/ping6_common.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/ping/ping6_common.c b/ping/ping6_common.c -index fee11891..f40d279d 100644 ---- a/ping/ping6_common.c -+++ b/ping/ping6_common.c -@@ -224,6 +224,8 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai, - if (rts->device) { - struct cmsghdr *cmsg; - struct in6_pktinfo *ipi; -+ int rc; -+ int errno_save; - - cmsg = (struct cmsghdr *)(rts->cmsgbuf + rts->cmsglen); - rts->cmsglen += CMSG_SPACE(sizeof(*ipi)); -@@ -234,6 +236,15 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai, - ipi = (struct in6_pktinfo *)CMSG_DATA(cmsg); - memset(ipi, 0, sizeof(*ipi)); - ipi->ipi6_ifindex = if_name2index(rts->device); -+ -+ enable_capability_raw(); -+ rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE, -+ rts->device, strlen(rts->device) + 1); -+ errno_save = errno; -+ disable_capability_raw(); -+ -+ if (rc == -1) -+ error(2, errno_save, "SO_BINDTODEVICE %s", rts->device); - } - - if (IN6_IS_ADDR_MULTICAST(&rts->whereto6.sin6_addr)) { diff --git a/backport-ping-Fix-potential-memory-leakage.patch b/backport-ping-Fix-potential-memory-leakage.patch deleted file mode 100644 index c7b5988e057bc36c578808b0953f002f1b48871e..0000000000000000000000000000000000000000 --- a/backport-ping-Fix-potential-memory-leakage.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 626ea66f3d54ba6e749230d3aa0ce8f4ddfded9c Mon Sep 17 00:00:00 2001 -From: lvgenggeng -Date: Tue, 31 May 2022 08:37:38 +0800 -Subject: [PATCH] ping: Fix potential memory leakage - -If user use '-p' opt multi-times, the previous pointer generated by -strdup() will be discarded. - -Closes: https://github.com/iputils/iputils/pull/409 - -Reviewed-by: Cyril Hrubis -Reviewed-by: Petr Vorel -Signed-off-by: lvgenggeng ---- - ping/ping.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/ping/ping.c b/ping/ping.c -index 8a7f701..10f2cf3 100644 ---- a/ping/ping.c -+++ b/ping/ping.c -@@ -449,6 +449,7 @@ main(int argc, char **argv) - break; - case 'p': - rts.opt_pingfilled = 1; -+ free(outpack_fill); - outpack_fill = strdup(optarg); - if (!outpack_fill) - error(2, errno, _("memory allocation failed")); --- -2.27.0 - diff --git a/backport-ping-Print-reply-from-Subnet-Router-anycast-address.patch b/backport-ping-Print-reply-from-Subnet-Router-anycast-address.patch deleted file mode 100644 index 6089eab3660e294cf9e0efb1d120fde5990ba6b2..0000000000000000000000000000000000000000 --- a/backport-ping-Print-reply-from-Subnet-Router-anycast-address.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 15a5e5c7aace5a7a782ff802988e04ed4c1148a5 Mon Sep 17 00:00:00 2001 -From: Petr Vorel -Date: Mon, 18 Oct 2021 15:13:44 +0200 -Subject: [PATCH] ping: Print reply from Subnet-Router anycast address - -by detecting Subnet-Router address for 64 bit prefix and suppress -address comparison check. - -5e052ad ("ping: discard packets with wrong source address") correctly -hid replies with wrong source address to comply RFC 1122 (Section -3.2.1.3: "The IP source address in an ICMP Echo Reply MUST be the same -as the specific-destination address"). - -While change in 5e052ad works for broadcast and multicast addresses and -some of anycast addresses, it does not work for (at least) Subnet-Router -anycast address): - - # VETH1_IPV6=fd00:dead:beef:1234::1 - # VPEER1_IPV6=fd00:dead:beef:1234::2 - # ip netns add ns-ipv6 - # ip li add name veth1 type veth peer name vpeer1 - # ip -6 addr add $VETH1_IPV6/64 dev veth1 - # ip li set dev veth1 up - # ip li set dev vpeer1 netns ns-ipv6 - # ip netns exec ns-ipv6 ip li set dev lo up - # ip netns exec ns-ipv6 ip -6 addr add $VPEER1_IPV6/64 dev vpeer1 - # ip netns exec ns-ipv6 ip li set vpeer1 up - # ip netns exec ns-ipv6 ip -6 route add default dev vpeer1 via $VETH1_IPV6 - # sysctl -w net.ipv6.conf.all.forwarding=1 - - $ ping -c1 ff02::1 # anycast - all nodes - PING ff02::1(ff02::1) 56 data bytes - 64 bytes from fe80::9c9c:ffff:fe14:e9d2%vpeer1: icmp_seq=1 ttl=64 time=0.064 ms - - $ ping -c1 ff02::2 # anycast - all routers - PING ff02::2(ff02::2) 56 data bytes - 64 bytes from fe80::5496:9ff:fef5:8f01%vpeer1: icmp_seq=1 ttl=64 time=0.088 ms - - $ ping -c1 -W5 fd00:dead:beef:1234:: # Subnet-Router anycast - PING fd00:dead:beef:1234::(fd00:dead:beef:1234::) 56 data bytes - -Subnet-Router anycast address works for both busybox ping (without -printing the real source address) and fping: - - $ busybox ping -c1 fd00:dead:beef:1234:: - PING fd00:dead:beef:1234:: (fd00:dead:beef:1234::): 56 data bytes - 64 bytes from fd00:dead:beef:1234::1: seq=0 ttl=64 time=0.122 ms - - $ fping -c1 fd00:dead:beef:1234:: - [<- fd00:dead:beef:1234::1]fd00:dead:beef:1234:: : [0], 64 bytes, 0.096 ms (0.096 avg, 0% loss) - -RFC 4291 specifies Subnet-Router anycast address as [1]: - - The Subnet-Router anycast address is predefined. Its format is as - follows: - | n bits | 128-n bits | - +------------------------------------------------+----------------+ - | subnet prefix | 00000000000000 | - +------------------------------------------------+----------------+ - - The "subnet prefix" in an anycast address is the prefix that - identifies a specific link. This anycast address is syntactically - the same as a unicast address for an interface on the link with the - interface identifier set to zero. - -=> to detect Subnet-Router anycast address we need to know prefix, which -we don't know, thus detect it for prefix 64 (the default IPv6 prefix). - -[1] https://datatracker.ietf.org/doc/html/rfc4291#section-2.6.1 - -Fixes: 5e052ad ("ping: discard packets with wrong source address") -Closes: https://github.com/iputils/iputils/issues/371 - -Reported-by: Tim Sandquist -Signed-off-by: Petr Vorel ---- - ping/ping.h | 1 + - ping/ping6_common.c | 12 +++++++++++- - 2 files changed, 12 insertions(+), 1 deletion(-) - -diff --git a/ping/ping.h b/ping/ping.h -index 1be4df58..ce1d719d 100644 ---- a/ping/ping.h -+++ b/ping/ping.h -@@ -212,6 +212,7 @@ struct ping_rts { - #endif - - /* Used only in ping6_common.c */ -+ int subnet_router_anycast; /* Subnet-Router anycast (RFC 4291) */ - struct sockaddr_in6 firsthop; - unsigned char cmsgbuf[4096]; - size_t cmsglen; -diff --git a/ping/ping6_common.c b/ping/ping6_common.c -index 986210b6..e807070e 100644 ---- a/ping/ping6_common.c -+++ b/ping/ping6_common.c -@@ -102,6 +102,7 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai, - struct socket_st *sock) - { - int hold, packlen; -+ size_t i; - unsigned char *packet; - char *target; - struct icmp6_filter filter; -@@ -248,6 +249,15 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai, - rts->pmtudisc = IPV6_PMTUDISC_DO; - } - -+ /* detect Subnet-Router anycast at least for the default prefix 64 */ -+ rts->subnet_router_anycast = 1; -+ for (i = 8; i < sizeof(struct in6_addr); i++) { -+ if (rts->whereto6.sin6_addr.s6_addr[i]) { -+ rts->subnet_router_anycast = 0; -+ break; -+ } -+ } -+ - if (rts->pmtudisc >= 0) { - if (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, &rts->pmtudisc, - sizeof rts->pmtudisc) == -1) -@@ -819,7 +829,7 @@ int ping6_parse_reply(struct ping_rts *rts, socket_st *sock, - } - - if (icmph->icmp6_type == ICMP6_ECHO_REPLY) { -- if (!rts->multicast && -+ if (!rts->multicast && !rts->subnet_router_anycast && - memcmp(&from->sin6_addr.s6_addr, &rts->whereto6.sin6_addr.s6_addr, 16)) - return 1; - if (!is_ours(rts, sock, icmph->icmp6_id)) diff --git a/backport-ping-Print-reply-with-wrong-source-with-warning.patch b/backport-ping-Print-reply-with-wrong-source-with-warning.patch deleted file mode 100644 index 665b9de7afd9cf19bf0e3597cf511f5ed2c5afda..0000000000000000000000000000000000000000 --- a/backport-ping-Print-reply-with-wrong-source-with-warning.patch +++ /dev/null @@ -1,145 +0,0 @@ -From 5f6bec5ab57cc8beaa78f5756a0ffbdf01f28d36 Mon Sep 17 00:00:00 2001 -From: Petr Vorel -Date: Fri, 15 Oct 2021 17:38:51 +0200 -Subject: [PATCH] ping: Print reply with wrong source with warning - -5e052ad ("ping: discard packets with wrong source address") correctly -hid replies with wrong source address to comply RFC 1122 (Section -3.2.1.3: "The IP source address in an ICMP Echo Reply MUST be the same -as the specific-destination address"). - -This caused to hide reply when pinging Subnet-Router anycast address. -Although it was fixed in the previous commit, relax this to admit the -reply but print warning "DIFFERENT ADDRESS!". ping is diagnostic program, -with insisting on RFC we force people to use tcpdump to see replies. - -Link: https://github.com/iputils/iputils/issues/371 - -Reviewed-by: Matteo Croce -Signed-off-by: Petr Vorel ---- - ping/ping.c | 10 ++++++---- - ping/ping.h | 3 ++- - ping/ping6_common.c | 13 ++++++++----- - ping/ping_common.c | 6 +++++- - 4 files changed, 21 insertions(+), 11 deletions(-) - -diff --git a/ping/ping.c b/ping/ping.c -index 0655bf4a..81ee7c86 100644 ---- a/ping/ping.c -+++ b/ping/ping.c -@@ -1504,6 +1504,7 @@ int ping4_parse_reply(struct ping_rts *rts, struct socket_st *sock, - int reply_ttl; - uint8_t *opts, *tmp_ttl; - int olen; -+ int wrong_source = 0; - - /* Check the IP header */ - ip = (struct iphdr *)buf; -@@ -1544,15 +1545,16 @@ int ping4_parse_reply(struct ping_rts *rts, struct socket_st *sock, - csfailed = in_cksum((unsigned short *)icp, cc, 0); - - if (icp->type == ICMP_ECHOREPLY) { -- if (!rts->broadcast_pings && !rts->multicast && -- from->sin_addr.s_addr != rts->whereto.sin_addr.s_addr) -- return 1; - if (!is_ours(rts, sock, icp->un.echo.id)) - return 1; /* 'Twas not our ECHO */ -+ -+ if (!rts->broadcast_pings && !rts->multicast && -+ from->sin_addr.s_addr != rts->whereto.sin_addr.s_addr) -+ wrong_source = 1; - if (gather_statistics(rts, (uint8_t *)icp, sizeof(*icp), cc, - ntohs(icp->un.echo.sequence), - reply_ttl, 0, tv, pr_addr(rts, from, sizeof *from), -- pr_echo_reply, rts->multicast)) { -+ pr_echo_reply, rts->multicast, wrong_source)) { - fflush(stdout); - return 0; - } -diff --git a/ping/ping.h b/ping/ping.h -index ce1d719d..1697c3ec 100644 ---- a/ping/ping.h -+++ b/ping/ping.h -@@ -389,7 +389,8 @@ extern void common_options(int ch); - extern int gather_statistics(struct ping_rts *rts, uint8_t *icmph, int icmplen, - int cc, uint16_t seq, int hops, - int csfailed, struct timeval *tv, char *from, -- void (*pr_reply)(uint8_t *ptr, int cc), int multicast); -+ void (*pr_reply)(uint8_t *ptr, int cc), int multicast, -+ int wrong_source); - extern void print_timestamp(struct ping_rts *rts); - void fill(struct ping_rts *rts, char *patp, unsigned char *packet, size_t packet_size); - -diff --git a/ping/ping6_common.c b/ping/ping6_common.c -index e807070e..fee11891 100644 ---- a/ping/ping6_common.c -+++ b/ping/ping6_common.c -@@ -803,6 +803,7 @@ int ping6_parse_reply(struct ping_rts *rts, socket_st *sock, - struct cmsghdr *c; - struct icmp6_hdr *icmph; - int hops = -1; -+ int wrong_source = 0; - - for (c = CMSG_FIRSTHDR(msg); c; c = CMSG_NXTHDR(msg, c)) { - if (c->cmsg_level != IPPROTO_IPV6) -@@ -829,16 +830,18 @@ int ping6_parse_reply(struct ping_rts *rts, socket_st *sock, - } - - if (icmph->icmp6_type == ICMP6_ECHO_REPLY) { -- if (!rts->multicast && !rts->subnet_router_anycast && -- memcmp(&from->sin6_addr.s6_addr, &rts->whereto6.sin6_addr.s6_addr, 16)) -- return 1; - if (!is_ours(rts, sock, icmph->icmp6_id)) - return 1; -+ -+ if (!rts->multicast && !rts->subnet_router_anycast && -+ memcmp(&from->sin6_addr.s6_addr, &rts->whereto6.sin6_addr.s6_addr, 16)) -+ wrong_source = 1; -+ - if (gather_statistics(rts, (uint8_t *)icmph, sizeof(*icmph), cc, - ntohs(icmph->icmp6_seq), - hops, 0, tv, pr_addr(rts, from, sizeof *from), - pr_echo_reply, -- rts->multicast)) { -+ rts->multicast, wrong_source)) { - fflush(stdout); - return 0; - } -@@ -851,7 +854,7 @@ int ping6_parse_reply(struct ping_rts *rts, socket_st *sock, - seq, - hops, 0, tv, pr_addr(rts, from, sizeof *from), - pr_niquery_reply, -- rts->multicast)) -+ rts->multicast, 0)) - return 0; - } else { - int nexthdr; -diff --git a/ping/ping_common.c b/ping/ping_common.c -index 357c39d7..03362590 100644 ---- a/ping/ping_common.c -+++ b/ping/ping_common.c -@@ -711,7 +711,8 @@ int main_loop(struct ping_rts *rts, ping_func_set_st *fset, socket_st *sock, - int gather_statistics(struct ping_rts *rts, uint8_t *icmph, int icmplen, - int cc, uint16_t seq, int hops, - int csfailed, struct timeval *tv, char *from, -- void (*pr_reply)(uint8_t *icmph, int cc), int multicast) -+ void (*pr_reply)(uint8_t *icmph, int cc), int multicast, -+ int wrong_source) - { - int dupflag = 0; - long triptime = 0; -@@ -804,10 +805,13 @@ int gather_statistics(struct ping_rts *rts, uint8_t *icmph, int icmplen, - printf(_(" time=%ld.%03ld ms"), triptime / 1000, - triptime % 1000); - } -+ - if (dupflag && (!multicast || rts->opt_verbose)) - printf(_(" (DUP!)")); - if (csfailed) - printf(_(" (BAD CHECKSUM!)")); -+ if (wrong_source) -+ printf(_(" (DIFFERENT ADDRESS!)")); - - /* check the data */ - cp = ((unsigned char *)ptr) + sizeof(struct timeval); diff --git a/backport-ping6-Avoid-binding-to-non-VRF.patch b/backport-ping6-Avoid-binding-to-non-VRF.patch deleted file mode 100644 index 88c79fe28733a94e41b2fd202fdf31c9745afb77..0000000000000000000000000000000000000000 --- a/backport-ping6-Avoid-binding-to-non-VRF.patch +++ /dev/null @@ -1,54 +0,0 @@ -From f52b582248f1f870e870a9973621805d969906b4 Mon Sep 17 00:00:00 2001 -From: Petr Vorel -Date: Tue, 9 Nov 2021 02:39:56 +0100 -Subject: [PATCH] ping6: Avoid binding to non-VRF - -This fixes permission issue when specifying just address (without VRF) -unless having CAP_NET_ADMIN (i.e. root) permission: - - $ ./builddir/ping/ping -c1 -I lo ::1 - ./builddir/ping/ping: SO_BINDTODEVICE lo: Operation not permitted - -because setsockopt() SO_BINDTODEVICE (similar to bind()) can be only done on -opt_strictsource. - -Fixes: 7c65999 ("ping: Fix ping6 binding to VRF and address") - -Signed-off-by: Petr Vorel - -Conflict:NA -Reference: https://github.com/iputils/iputils/commit/f52b582248f1f870e870a9973621805d969906b4.patch - ---- - ping/ping6_common.c | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/ping/ping6_common.c b/ping/ping6_common.c -index f40d279d..7a43ef6a 100644 ---- a/ping/ping6_common.c -+++ b/ping/ping6_common.c -@@ -237,14 +237,16 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai, - memset(ipi, 0, sizeof(*ipi)); - ipi->ipi6_ifindex = if_name2index(rts->device); - -- enable_capability_raw(); -- rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE, -- rts->device, strlen(rts->device) + 1); -- errno_save = errno; -- disable_capability_raw(); -- -- if (rc == -1) -- error(2, errno_save, "SO_BINDTODEVICE %s", rts->device); -+ if (rts->opt_strictsource) { -+ enable_capability_raw(); -+ rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE, -+ rts->device, strlen(rts->device) + 1); -+ errno_save = errno; -+ disable_capability_raw(); -+ -+ if (rc == -1) -+ error(2, errno_save, "SO_BINDTODEVICE %s", rts->device); -+ } - } - - if (IN6_IS_ADDR_MULTICAST(&rts->whereto6.sin6_addr)) { diff --git a/bugfix-rdisc-remove-PrivateUsers=yes-from-systemd-service-file.patch b/bugfix-rdisc-remove-PrivateUsers=yes-from-systemd-service-file.patch deleted file mode 100644 index 1fc75769da0bda4f0849aade8d422abbb9fa774f..0000000000000000000000000000000000000000 --- a/bugfix-rdisc-remove-PrivateUsers=yes-from-systemd-service-file.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 21d0826711b750367edaf01645aac1d03b3b7611 Mon Sep 17 00:00:00 2001 -From: Sami Kerola -Date: Wed, 3 Mar 2021 20:51:18 +0000 -Subject: [PATCH] rdisc: remove PrivateUsers=yes from systemd service file - -Quoting systemd.exec(5) manual page 'Specifically this means that the -process will have zero process capabilities on the host's user namespace'. -That does not combine will with CAP_NET_RAW that needs to take effect host's -namespace. - -Secondly add CapabilityBoundingSet that is will ensure capabilities are -limited to the one and only capability it needs. - -Fixes: https://github.com/iputils/iputils/issues/314 -Reference: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateUsers= -Signed-off-by: Sami Kerola ---- - systemd/rdisc.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/systemd/rdisc.service.in b/systemd/rdisc.service.in -index 4e2a1ec..6ef7fc3 100644 ---- a/systemd/rdisc.service.in -+++ b/systemd/rdisc.service.in -@@ -9,8 +9,8 @@ EnvironmentFile=-/etc/sysconfig/rdisc - ExecStart=@sbindir@/rdisc -f -t $OPTIONS $SEND_ADDRESS $RECEIVE_ADDRESS - - AmbientCapabilities=CAP_NET_RAW -+CapabilityBoundingSet=CAP_NET_RAW - PrivateTmp=yes --PrivateUsers=yes - ProtectSystem=strict - ProtectHome=yes - ProtectControlGroups=yes --- -2.23.0 - diff --git a/iputils-20211215.tar.gz b/iputils-20211215.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..186cc87785205f66eccbe5d12e0e8a7f9db9cfb5 Binary files /dev/null and b/iputils-20211215.tar.gz differ diff --git a/iputils-s20210722.tar.gz b/iputils-s20210722.tar.gz deleted file mode 100644 index 6e6e784bc6242cb436f587e526e388b0b6141fcb..0000000000000000000000000000000000000000 Binary files a/iputils-s20210722.tar.gz and /dev/null differ diff --git a/iputils.spec b/iputils.spec index 78d0741935e82f0eaec95fb7e225368bce81ad85..0379935ca7b62d51c228430f689ace98f6ba0edf 100644 --- a/iputils.spec +++ b/iputils.spec @@ -1,11 +1,11 @@ Name: iputils -Version: 20210722 -Release: 6 +Version: 20211215 +Release: 1 Summary: Network monitoring tools including ping License: BSD and GPLv2+ URL: https://github.com/iputils/iputils -Source0: https://github.com/iputils/iputils/archive/s%{version}.tar.gz#/%{name}-s%{version}.tar.gz +Source0: https://github.com/iputils/iputils/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: ifenslave.tar.gz Source2: rdisc.service Source3: ninfod.service @@ -14,15 +14,6 @@ Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt Patch0000: iputils-ifenslave.patch Patch0001: iputils-ifenslave-CWE-170.patch -Patch0002: backport-arping-exit-0-if-running-in-deadline-mode-and-we-see-replies.patch -Patch0003: backport-arping-fix-typo-in-error-checking.patch -Patch0004: backport-fix-ARP-protocol-field-for-AX.25-and-NETROM.patch -Patch0005: backport-ping-Fix-ping6-binding-to-VRF-and-address.patch -Patch0006: backport-ping6-Avoid-binding-to-non-VRF.patch -Patch0007: arping-Fix-exit-code-on-w-option.patch -Patch0008: backport-ping-Print-reply-from-Subnet-Router-anycast-address.patch -Patch0009: backport-ping-Print-reply-with-wrong-source-with-warning.patch -Patch0010: backport-ping-Fix-potential-memory-leakage.patch BuildRequires: gcc meson libidn2-devel openssl-devel libcap-devel libxslt BuildRequires: docbook5-style-xsl systemd iproute glibc-kernheaders gettext @@ -56,7 +47,7 @@ cp %{SOURCE4} %{SOURCE5} . export CFLAGS="-fpie" export LDFLAGS="-pie -Wl,-z,relro,-z,now" -%meson -DBUILD_TFTPD=false +%meson %meson_build gcc -Wall $RPM_OPT_FLAGS $CFLAGS $RPM_LD_FLAGS $LDFLAGS ifenslave.c -o ifenslave @@ -121,6 +112,12 @@ install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/ %{_unitdir}/ninfod.service %changelog +* Mon Jul 11 2022 yinyongkang - 20211215-1 +- Type:requirements +- ID:NA +- SUG:NA +- DESC: update iputils to 20211215 + * Mon Jun 20 2022 lvgenggeng - 20210722-6 - Type:bugfix - ID:NA