From c7bd11c48c06afb4a3ea51aad170ef001e3dfae2 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 01 2017 03:35:15 +0000 Subject: import iputils-20160308-10.el7 --- diff --git a/SOURCES/iputils-arping-network-down.patch b/SOURCES/iputils-arping-network-down.patch new file mode 100644 index 0000000..7594e9b --- /dev/null +++ b/SOURCES/iputils-arping-network-down.patch @@ -0,0 +1,21 @@ +commit 66b793822d475bb40aa370c9ef7fc0499b22a5e2 +Author: Jan Synacek +Date: Thu Feb 23 12:59:46 2017 +0100 + + arping: exit if network disappears while running + + Originally reported at https://bugzilla.redhat.com/show_bug.cgi?id=1387542 + +diff --git a/arping.c b/arping.c +index 1a3f40b..dce8f7b 100644 +--- a/arping.c ++++ b/arping.c +@@ -1227,6 +1227,8 @@ main(int argc, char **argv) + if ((cc = recvfrom(s, packet, sizeof(packet), 0, + (struct sockaddr *)&from, &alen)) < 0) { + perror("arping: recvfrom"); ++ if (errno == ENETDOWN) ++ exit(2); + continue; + } + diff --git a/SOURCES/iputils-bind-I-interface.patch b/SOURCES/iputils-bind-I-interface.patch new file mode 100644 index 0000000..d35ce33 --- /dev/null +++ b/SOURCES/iputils-bind-I-interface.patch @@ -0,0 +1,36 @@ +commit fd79cc90c4af117e3fa41466151cdd289e460569 +Author: Jan Synacek +Date: Fri Sep 9 08:52:45 2016 +0200 + + ping: fix ping -6 -I + + ping passes the device variable to ping6_common.c, but it's not visible + there. + + Original patch by Xin Long . + +diff --git a/ping.c b/ping.c +index 34eb436..43acc2f 100644 +--- a/ping.c ++++ b/ping.c +@@ -106,7 +106,7 @@ static struct { + int cmsg_len; + + static struct sockaddr_in source = { .sin_family = AF_INET }; +-static char *device; ++char *device; + static int pmtudisc = -1; + + static void create_socket(socket_st *sock, int family, int socktype, int protocol, int requisite) +diff --git a/ping.h b/ping.h +index 6f5d64c..749f3ff 100644 +--- a/ping.h ++++ b/ping.h +@@ -167,6 +167,7 @@ extern volatile int exiting; + extern volatile int status_snapshot; + extern int confirm; + extern int confirm_flag; ++extern char *device; + + extern volatile int in_pr_addr; /* pr_addr() is executing */ + extern jmp_buf pr_addr_jmp; diff --git a/SOURCES/iputils-fix-ping-t-multicast.patch b/SOURCES/iputils-fix-ping-t-multicast.patch new file mode 100644 index 0000000..ca2fff4 --- /dev/null +++ b/SOURCES/iputils-fix-ping-t-multicast.patch @@ -0,0 +1,29 @@ +commit c5932dc918040504880258e777c9428331269291 +Author: Jan Synacek +Date: Wed Feb 22 10:29:33 2017 +0100 + + fix multicast setsockopt calls on big endian + + Originally reported at https://bugzilla.redhat.com/show_bug.cgi?id=1373333. + +diff --git a/ping.c b/ping.c +index 6f67d2d..45cca8d 100644 +--- a/ping.c ++++ b/ping.c +@@ -850,14 +850,14 @@ int ping4_run(int argc, char **argv, struct addrinfo *ai, socket_st *sock) + + if (options & F_NOLOOP) { + int loop = 0; +- if (setsockopt(sock->fd, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, 1) == -1) { ++ if (setsockopt(sock->fd, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, sizeof loop) == -1) { + perror ("ping: can't disable multicast loopback"); + exit(2); + } + } + if (options & F_TTL) { + int ittl = ttl; +- if (setsockopt(sock->fd, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, 1) == -1) { ++ if (setsockopt(sock->fd, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof ttl) == -1) { + perror ("ping: can't set multicast time-to-live"); + exit(2); + } diff --git a/SOURCES/iputils-fix-ping6-return-value.patch b/SOURCES/iputils-fix-ping6-return-value.patch new file mode 100644 index 0000000..5dbe784 --- /dev/null +++ b/SOURCES/iputils-fix-ping6-return-value.patch @@ -0,0 +1,23 @@ +commit e25568f5e580d5631f533ae8474bcca40a011690 +Author: Jan Synacek +Date: Thu Aug 4 11:20:25 2016 +0200 + + correctly initialize first hop + + When the sin6_family was set to 0, the initial probe connect() + could have succeeded instead of failing. + + Fixes #57. + +diff --git a/ping6_common.c b/ping6_common.c +index fa01292..d6965dc 100644 +--- a/ping6_common.c ++++ b/ping6_common.c +@@ -805,6 +805,7 @@ int ping6_run(int argc, char **argv, struct addrinfo *ai, struct socket_st *sock + } + disable_capability_raw(); + } ++ firsthop.sin6_family = AF_INET6; + firsthop.sin6_port = htons(1025); + if (connect(probe_fd, (struct sockaddr*)&firsthop, sizeof(firsthop)) == -1) { + perror("connect"); diff --git a/SOURCES/iputils-fix-pmtu.patch b/SOURCES/iputils-fix-pmtu.patch new file mode 100644 index 0000000..1ebe5db --- /dev/null +++ b/SOURCES/iputils-fix-pmtu.patch @@ -0,0 +1,63 @@ +Resolves: #1444281 + +commit f3c189e26b3ba803b703d724e831e59390d0af13 +Author: Jan Synacek +Date: Mon May 15 12:07:59 2017 +0200 + + ping: fix pmtu discovery for ipv6 + + Fixes: #40 + +diff --git a/ping.c b/ping.c +index 45cca8d..fade2c9 100644 +--- a/ping.c ++++ b/ping.c +@@ -107,7 +107,7 @@ int cmsg_len; + + static struct sockaddr_in source = { .sin_family = AF_INET }; + char *device; +-static int pmtudisc = -1; ++int pmtudisc = -1; + + static void create_socket(socket_st *sock, int family, int socktype, int protocol, int requisite) + { +@@ -498,8 +498,14 @@ main(int argc, char **argv) + enable_capability_raw(); + if (hints.ai_family != AF_INET6) + create_socket(&sock4, AF_INET, hints.ai_socktype, IPPROTO_ICMP, hints.ai_family == AF_INET); +- if (hints.ai_family != AF_INET) ++ if (hints.ai_family != AF_INET) { + create_socket(&sock6, AF_INET6, hints.ai_socktype, IPPROTO_ICMPV6, sock4.fd == -1); ++ /* This may not be needed if both protocol versions always had the same value, but ++ * since I don't know that, it's better to be safe than sorry. */ ++ pmtudisc = pmtudisc == IP_PMTUDISC_DO ? IPV6_PMTUDISC_DO : ++ pmtudisc == IP_PMTUDISC_DONT ? IPV6_PMTUDISC_DONT : ++ pmtudisc == IP_PMTUDISC_WANT ? IPV6_PMTUDISC_WANT : pmtudisc; ++ } + disable_capability_raw(); + + /* Limit address family on single-protocol systems */ +diff --git a/ping.h b/ping.h +index 1253fa0..78e3853 100644 +--- a/ping.h ++++ b/ping.h +@@ -168,6 +168,7 @@ extern volatile int status_snapshot; + extern int confirm; + extern int confirm_flag; + extern char *device; ++extern int pmtudisc; + + extern volatile int in_pr_addr; /* pr_addr() is executing */ + extern jmp_buf pr_addr_jmp; +diff --git a/ping6_common.c b/ping6_common.c +index a5627ae..f5c81fd 100644 +--- a/ping6_common.c ++++ b/ping6_common.c +@@ -101,7 +101,6 @@ void ping6_usage(unsigned) __attribute((noreturn)); + + struct sockaddr_in6 source6 = { .sin6_family = AF_INET6 }; + char *device; +-int pmtudisc=-1; + + #if defined(USE_GCRYPT) || defined(USE_OPENSSL) || defined(USE_NETTLE) + #include "iputils_md5dig.h" diff --git a/SOURCES/iputils-fix-possible-double-free.patch b/SOURCES/iputils-fix-possible-double-free.patch new file mode 100644 index 0000000..11de205 --- /dev/null +++ b/SOURCES/iputils-fix-possible-double-free.patch @@ -0,0 +1,20 @@ +commit df7d2d83345e2e547c2cb3a83d3a8a099339a742 +Author: Jan Synacek +Date: Fri Jan 6 13:28:04 2017 +0100 + + ping: prevent possible double free after cap_free() + + Original bugreport: https://bugzilla.redhat.com/show_bug.cgi?id=1410114 + +diff --git a/ping_common.c b/ping_common.c +index 0b32d6a..b0825e3 100644 +--- a/ping_common.c ++++ b/ping_common.c +@@ -159,6 +159,7 @@ int modify_capability(cap_value_t cap, cap_flag_value_t on) + } + + cap_free(cap_p); ++ cap_p = NULL; + + rc = 0; + out: diff --git a/SOURCES/iputils-ping-eacces.patch b/SOURCES/iputils-ping-eacces.patch new file mode 100644 index 0000000..5c1b035 --- /dev/null +++ b/SOURCES/iputils-ping-eacces.patch @@ -0,0 +1,26 @@ +commit 6702a95f2ea1a6a5b7c94437a87c1be6d0677733 +Author: Jan Synacek +Date: Mon Sep 12 12:50:58 2016 +0200 + + ping: fix error message when getting EACCES from connect() + + According to man connect(2), EACCES can be set either when pinging a + broadcast address, or when a local firewall rule is in place. + + Easily reproduced by running "ip route add prohibit " and then + trying to ping the address. + +diff --git a/ping.c b/ping.c +index 34eb436..52b0f0e 100644 +--- a/ping.c ++++ b/ping.c +@@ -655,7 +655,8 @@ int ping4_run(int argc, char **argv, struct addrinfo *ai, socket_st *sock) + if (connect(probe_fd, (struct sockaddr*)&dst, sizeof(dst)) == -1) { + if (errno == EACCES) { + if (broadcast_pings == 0) { +- fprintf(stderr, "Do you want to ping broadcast? Then -b\n"); ++ fprintf(stderr, ++ "Do you want to ping broadcast? Then -b. If not, check your local firewall rules.\n"); + exit(2); + } + fprintf(stderr, "WARNING: pinging broadcast address\n"); diff --git a/SPECS/iputils.spec b/SPECS/iputils.spec index 247666d..354e545 100644 --- a/SPECS/iputils.spec +++ b/SPECS/iputils.spec @@ -3,7 +3,7 @@ Summary: Network monitoring tools including ping Name: iputils Version: 20160308 -Release: 8%{?dist} +Release: 10%{?dist} # some parts are under the original BSD (ping.c) # some are under GPLv2+ (tracepath.c) License: BSD and GPLv2+ @@ -26,6 +26,13 @@ Patch5: iputils-reorder-I-parsing.patch Patch6: iputils-fix-I-setsockopt.patch Patch7: iputils-ping-hang.patch Patch8: iputils-arping-doc.patch +Patch9: iputils-fix-ping6-return-value.patch +Patch10: iputils-bind-I-interface.patch +Patch11: iputils-fix-possible-double-free.patch +Patch12: iputils-ping-eacces.patch +Patch13: iputils-fix-ping-t-multicast.patch +Patch14: iputils-arping-network-down.patch +Patch15: iputils-fix-pmtu.patch BuildRequires: docbook-utils perl-SGMLSpm BuildRequires: glibc-kernheaders >= 2.4-8.19 @@ -82,6 +89,13 @@ Queries. %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 %build %ifarch s390 s390x @@ -189,6 +203,17 @@ mv -f RELNOTES.tmp RELNOTES %attr(644,root,root) %{_mandir}/man8/ninfod.8.gz %changelog +* Mon May 22 2017 Jan Synáček - 20160308-10 +- fix pmtu discovery for ipv6 (#1444281) + +* Tue Feb 21 2017 Jan Synáček - 20160308-9 +- IPv4 vs IPv6 inconsistency on return value of ping (#1362388) +- ping6 does not use device specified with -I parameter (#1371824, #1424965) +- double cap_free call in ping_common.c (#1410114) +- ping assumes EACCESS errors are due to broadcast addresses (#1387315) +- ping -t with multicast address without effect on ppc64 (#1373333) +- arping -c does not exit when the device is deleted (#1387542) + * Mon Sep 5 2016 Jan Synáček - 20160308-8 - arping documentation inconsistency (#1351704)