diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9319e13 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/ifenslave.tar.gz +SOURCES/iputils-20210202.tar.gz diff --git a/.iputils.metadata b/.iputils.metadata new file mode 100644 index 0000000..59163e8 --- /dev/null +++ b/.iputils.metadata @@ -0,0 +1,2 @@ +1e2652cb1d1e29a8ebed1209131924a6eb864daf SOURCES/ifenslave.tar.gz +4e552cd0478388e1551853020b60efda18592028 SOURCES/iputils-20210202.tar.gz diff --git a/SOURCES/bsd.txt b/SOURCES/bsd.txt new file mode 100644 index 0000000..b40b49c --- /dev/null +++ b/SOURCES/bsd.txt @@ -0,0 +1,36 @@ +/* + * Copyright (c) 1989 The Regents of the University of California. + * All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Mike Muuss. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + diff --git a/SOURCES/gpl-2.0.txt b/SOURCES/gpl-2.0.txt new file mode 100644 index 0000000..d159169 --- /dev/null +++ b/SOURCES/gpl-2.0.txt @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/SOURCES/iputils-ifenslave-CWE-170-2.patch b/SOURCES/iputils-ifenslave-CWE-170-2.patch new file mode 100644 index 0000000..67e6a5e --- /dev/null +++ b/SOURCES/iputils-ifenslave-CWE-170-2.patch @@ -0,0 +1,154 @@ +From bea19fd9a86dd2c601681ff2ef4a9c1afab1e34d Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Tue, 8 Jun 2021 15:41:58 +0200 +Subject: [PATCH] ifenslave: fix CWE-170: Improper Null Termination + +Resolves: #1938746 +--- + ifenslave.c | 43 +++++++++++++++++++++++++++---------------- + 1 file changed, 27 insertions(+), 16 deletions(-) + +diff --git a/ifenslave.c b/ifenslave.c +index 1efe4f1..59bce4c 100644 +--- a/ifenslave.c ++++ b/ifenslave.c +@@ -619,7 +619,7 @@ static int get_drv_info(char *master_ifname) + char *endptr; + + memset(&ifr, 0, sizeof(ifr)); +- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ); ++ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1); + ifr.ifr_data = (caddr_t)&info; + + info.cmd = ETHTOOL_GDRVINFO; +@@ -664,8 +664,9 @@ static int change_active(char *master_ifname, char *slave_ifname) + return 1; + } + +- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ); +- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1); ++ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1); + if ((ioctl(skfd, SIOCBONDCHANGEACTIVE, &ifr) < 0) && + (ioctl(skfd, BOND_CHANGE_ACTIVE_OLD, &ifr) < 0)) { + saved_errno = errno; +@@ -806,8 +807,9 @@ static int enslave(char *master_ifname, char *slave_ifname) + } + + /* Do the real thing */ +- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ); +- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1); ++ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1); + if ((ioctl(skfd, SIOCBONDENSLAVE, &ifr) < 0) && + (ioctl(skfd, BOND_ENSLAVE_OLD, &ifr) < 0)) { + saved_errno = errno; +@@ -847,8 +849,9 @@ static int release(char *master_ifname, char *slave_ifname) + return 1; + } + +- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ); +- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1); ++ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1); + if ((ioctl(skfd, SIOCBONDRELEASE, &ifr) < 0) && + (ioctl(skfd, BOND_RELEASE_OLD, &ifr) < 0)) { + saved_errno = errno; +@@ -880,7 +883,8 @@ static int get_if_settings(char *ifname, struct dev_ifr ifra[]) + int res = 0; + + for (i = 0; ifra[i].req_ifr; i++) { +- strncpy(ifra[i].req_ifr->ifr_name, ifname, IFNAMSIZ); ++ strncpy(ifra[i].req_ifr->ifr_name, ifname, IFNAMSIZ - 1); ++ ifra[i].req_ifr->ifr_name[IFNAMSIZ - 1] = '\0'; + res = ioctl(skfd, ifra[i].req_type, ifra[i].req_ifr); + if (res < 0) { + saved_errno = errno; +@@ -899,7 +903,8 @@ static int get_slave_flags(char *slave_ifname) + { + int res = 0; + +- strncpy(slave_flags.ifr_name, slave_ifname, IFNAMSIZ); ++ strncpy(slave_flags.ifr_name, slave_ifname, IFNAMSIZ - 1); ++ slave_flags.ifr_name[IFNAMSIZ - 1] = '\0'; + res = ioctl(skfd, SIOCGIFFLAGS, &slave_flags); + if (res < 0) { + saved_errno = errno; +@@ -919,7 +924,8 @@ static int set_master_hwaddr(char *master_ifname, struct sockaddr *hwaddr) + struct ifreq ifr; + int res = 0; + +- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1); + memcpy(&(ifr.ifr_hwaddr), hwaddr, sizeof(struct sockaddr)); + res = ioctl(skfd, SIOCSIFHWADDR, &ifr); + if (res < 0) { +@@ -943,7 +949,8 @@ static int set_slave_hwaddr(char *slave_ifname, struct sockaddr *hwaddr) + struct ifreq ifr; + int res = 0; + +- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1); + memcpy(&(ifr.ifr_hwaddr), hwaddr, sizeof(struct sockaddr)); + res = ioctl(skfd, SIOCSIFHWADDR, &ifr); + if (res < 0) { +@@ -980,8 +987,9 @@ static int set_slave_mtu(char *slave_ifname, int mtu) + struct ifreq ifr; + int res = 0; + ++ memset(&ifr, 0, sizeof(ifr)); + ifr.ifr_mtu = mtu; +- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ); ++ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1); + + res = ioctl(skfd, SIOCSIFMTU, &ifr); + if (res < 0) { +@@ -1000,8 +1008,9 @@ static int set_if_flags(char *ifname, short flags) + struct ifreq ifr; + int res = 0; + ++ memset(&ifr, 0, sizeof(ifr)); + ifr.ifr_flags = flags; +- strncpy(ifr.ifr_name, ifname, IFNAMSIZ); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + + res = ioctl(skfd, SIOCSIFFLAGS, &ifr); + if (res < 0) { +@@ -1030,7 +1039,8 @@ static int clear_if_addr(char *ifname) + struct ifreq ifr; + int res = 0; + +- strncpy(ifr.ifr_name, ifname, IFNAMSIZ); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + ifr.ifr_addr.sa_family = AF_INET; + memset(ifr.ifr_addr.sa_data, 0, sizeof(ifr.ifr_addr.sa_data)); + +@@ -1065,8 +1075,9 @@ static int set_if_addr(char *master_ifname, char *slave_ifname) + {NULL, NULL, 0, 0}, + }; + ++ memset(&ifr, 0, sizeof(ifr)); + for (i = 0; ifra[i].req_name; i++) { +- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ); ++ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1); + res = ioctl(skfd, ifra[i].g_ioctl, &ifr); + if (res < 0) { + int saved_errno = errno; +@@ -1080,7 +1091,7 @@ static int set_if_addr(char *master_ifname, char *slave_ifname) + sizeof(ifr.ifr_addr.sa_data)); + } + +- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ); ++ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1); + res = ioctl(skfd, ifra[i].s_ioctl, &ifr); + if (res < 0) { + int saved_errno = errno; +-- +2.31.1 + diff --git a/SOURCES/iputils-ifenslave-CWE-170.patch b/SOURCES/iputils-ifenslave-CWE-170.patch new file mode 100644 index 0000000..c81b700 --- /dev/null +++ b/SOURCES/iputils-ifenslave-CWE-170.patch @@ -0,0 +1,88 @@ +From a38091c8eb0c515441080806975856ee09d2edc7 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Tue, 23 Mar 2021 08:10:10 +0100 +Subject: [PATCH] ifenslave: fix CWE-170: Improper Null Termination + +--- + ifenslave.c | 24 ++++++++++++++++-------- + 1 file changed, 16 insertions(+), 8 deletions(-) + +diff --git a/ifenslave.c b/ifenslave.c +index ddd82ec..1efe4f1 100644 +--- a/ifenslave.c ++++ b/ifenslave.c +@@ -509,21 +509,24 @@ static int if_getconfig(char *ifname) + struct sockaddr dstaddr, broadaddr, netmask; + unsigned char *hwaddr; + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFFLAGS, &ifr) < 0) + return -1; + mif_flags = ifr.ifr_flags; + printf("The result of SIOCGIFFLAGS on %s is %x.\n", + ifname, ifr.ifr_flags); + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFADDR, &ifr) < 0) + return -1; + printf("The result of SIOCGIFADDR is %2.2x.%2.2x.%2.2x.%2.2x.\n", + ifr.ifr_addr.sa_data[2], ifr.ifr_addr.sa_data[3], + ifr.ifr_addr.sa_data[4], ifr.ifr_addr.sa_data[5]); + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFHWADDR, &ifr) < 0) + return -1; + +@@ -534,33 +537,38 @@ static int if_getconfig(char *ifname) + ifr.ifr_hwaddr.sa_family, hwaddr[0], hwaddr[1], + hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5]); + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFMETRIC, &ifr) < 0) { + metric = 0; + } else + metric = ifr.ifr_metric; + printf("The result of SIOCGIFMETRIC is %d\n", metric); + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFMTU, &ifr) < 0) + mtu = 0; + else + mtu = ifr.ifr_mtu; + printf("The result of SIOCGIFMTU is %d\n", mtu); + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFDSTADDR, &ifr) < 0) { + memset(&dstaddr, 0, sizeof(struct sockaddr)); + } else + dstaddr = ifr.ifr_dstaddr; + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFBRDADDR, &ifr) < 0) { + memset(&broadaddr, 0, sizeof(struct sockaddr)); + } else + broadaddr = ifr.ifr_broadaddr; + +- strcpy(ifr.ifr_name, ifname); ++ memset(&ifr, 0, sizeof(ifr)); ++ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); + if (ioctl(skfd, SIOCGIFNETMASK, &ifr) < 0) { + memset(&netmask, 0, sizeof(struct sockaddr)); + } else +-- +2.29.2 + diff --git a/SOURCES/iputils-ifenslave.patch b/SOURCES/iputils-ifenslave.patch new file mode 100644 index 0000000..662d69d --- /dev/null +++ b/SOURCES/iputils-ifenslave.patch @@ -0,0 +1,13 @@ +--- iputils/ifenslave.c.addr 2006-03-29 15:00:24.000000000 +0200 ++++ iputils/ifenslave.c 2006-03-29 15:02:01.000000000 +0200 +@@ -524,8 +524,8 @@ + if (ioctl(skfd, SIOCGIFADDR, &ifr) < 0) + return -1; + printf("The result of SIOCGIFADDR is %2.2x.%2.2x.%2.2x.%2.2x.\n", +- ifr.ifr_addr.sa_data[0], ifr.ifr_addr.sa_data[1], +- ifr.ifr_addr.sa_data[2], ifr.ifr_addr.sa_data[3]); ++ ifr.ifr_addr.sa_data[2], ifr.ifr_addr.sa_data[3], ++ ifr.ifr_addr.sa_data[4], ifr.ifr_addr.sa_data[5]); + + strcpy(ifr.ifr_name, ifname); + if (ioctl(skfd, SIOCGIFHWADDR, &ifr) < 0) diff --git a/SOURCES/ninfod.service b/SOURCES/ninfod.service new file mode 100644 index 0000000..a99cd85 --- /dev/null +++ b/SOURCES/ninfod.service @@ -0,0 +1,11 @@ +[Unit] +Description=Node Information Query Daemon +After=network.target +Documentation=man:ninfod + +[Service] +Type=forking +ExecStart=/usr/sbin/ninfod + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/rdisc.service b/SOURCES/rdisc.service new file mode 100644 index 0000000..7eaaf26 --- /dev/null +++ b/SOURCES/rdisc.service @@ -0,0 +1,11 @@ +[Unit] +Description=rdisc daemon which discovers routers on the local subnet +After=network.target +Documentation=man:rdisc + +[Service] +Type=forking +ExecStart=/sbin/rdisc -s + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/iputils.spec b/SPECS/iputils.spec new file mode 100644 index 0000000..e454f64 --- /dev/null +++ b/SPECS/iputils.spec @@ -0,0 +1,754 @@ +%global _hardened_build 1 + +Summary: Network monitoring tools including ping +Name: iputils +Version: 20210202 +Release: 7%{?dist} +# some parts are under the original BSD (ping.c) +# some are under GPLv2+ (tracepath.c) +License: BSD and GPLv2+ +URL: https://github.com/iputils/iputils + +Source0: https://github.com/iputils/iputils/archive/%{version}/%{name}-%{version}.tar.gz +# ifenslave.tar.gz was taken from kernel 3.10 source at: https://elixir.bootlin.com/linux/v3.10/source/Documentation/networking/ifenslave.c +Source1: ifenslave.tar.gz +Source2: rdisc.service +Source3: ninfod.service +# Taken from ping.c on 2014-07-12 +Source4: bsd.txt +Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + +Patch100: iputils-ifenslave.patch +Patch101: iputils-ifenslave-CWE-170.patch +Patch102: iputils-ifenslave-CWE-170-2.patch + +BuildRequires: gcc +BuildRequires: meson +BuildRequires: gettext +BuildRequires: glibc-kernheaders >= 2.4-8.19 +BuildRequires: libidn2-devel +BuildRequires: openssl-devel +BuildRequires: libcap-devel +BuildRequires: libxslt docbook5-style-xsl +BuildRequires: systemd +%{?systemd_ordering} +Provides: /bin/ping +Provides: /bin/ping6 +Provides: /sbin/arping +Provides: /sbin/rdisc + +%description +The iputils package contains basic utilities for monitoring a network, +including ping. The ping command sends a series of ICMP protocol +ECHO_REQUEST packets to a specified network host to discover whether +the target machine is alive and receiving network traffic. + +%package ninfod +Summary: Node Information Query Daemon +Requires: %{name} = %{version}-%{release} +Provides: %{_sbindir}/ninfod + +%description ninfod +Node Information Query (RFC4620) daemon. Responds to IPv6 Node Information +Queries. + +%prep +%setup -q -a 1 -n %{name}-%{version} +cp %{SOURCE4} %{SOURCE5} . + +%patch100 -p1 +%patch101 -p1 +%patch102 -p1 + +%build +%ifarch s390 s390x + export CFLAGS="-fPIE" +%else + export CFLAGS="-fpie" +%endif +export LDFLAGS="-pie -Wl,-z,relro,-z,now" + +%meson -DBUILD_TFTPD=false +%meson_build +gcc -Wall $RPM_OPT_FLAGS $CFLAGS $RPM_LD_FLAGS $LDFLAGS ifenslave.c -o ifenslave + +%install +%meson_install +%find_lang %{name} + +mkdir -p ${RPM_BUILD_ROOT}%{_bindir} +ln -sf ../bin/ping ${RPM_BUILD_ROOT}%{_sbindir}/ping +ln -sf ../bin/ping ${RPM_BUILD_ROOT}%{_sbindir}/ping6 +ln -sf ../bin/tracepath ${RPM_BUILD_ROOT}%{_sbindir}/tracepath +ln -sf ../bin/tracepath ${RPM_BUILD_ROOT}%{_sbindir}/tracepath6 +ln -sf ../bin/arping ${RPM_BUILD_ROOT}%{_sbindir}/arping +ln -sf ping.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/ping6.8.gz +ln -sf tracepath.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/tracepath6.8.gz +install -cp ifenslave ${RPM_BUILD_ROOT}%{_sbindir}/ +install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/ + +%post +%systemd_post rdisc.service + +%preun +%systemd_preun rdisc.service + +%postun +%systemd_postun_with_restart rdisc.service + +%post ninfod +%systemd_post ninfod.service + +%preun ninfod +%systemd_preun ninfod.service + +%postun ninfod +%systemd_postun_with_restart ninfod.service + +%files -f %{name}.lang +%doc README.bonding +%license bsd.txt gpl-2.0.txt +%{_unitdir}/rdisc.service +%attr(0755,root,root) %caps(cap_net_raw=p) %{_bindir}/clockdiff +%attr(0755,root,root) %caps(cap_net_raw=p) %{_bindir}/arping +%attr(0755,root,root) %{_bindir}/ping +%{_sbindir}/ifenslave +%{_sbindir}/rdisc +%{_bindir}/tracepath +%{_sbindir}/ping +%{_sbindir}/ping6 +%{_sbindir}/tracepath +%{_sbindir}/tracepath6 +%{_sbindir}/arping +%attr(644,root,root) %{_mandir}/man8/clockdiff.8.gz +%attr(644,root,root) %{_mandir}/man8/arping.8.gz +%attr(644,root,root) %{_mandir}/man8/ping.8.gz +%{_mandir}/man8/ping6.8.gz +%attr(644,root,root) %{_mandir}/man8/rdisc.8.gz +%attr(644,root,root) %{_mandir}/man8/tracepath.8.gz +%{_mandir}/man8/tracepath6.8.gz +%attr(644,root,root) %{_mandir}/man8/ifenslave.8.gz + +%files ninfod +%attr(0755,root,root) %caps(cap_net_raw=ep) %{_sbindir}/ninfod +%{_unitdir}/ninfod.service +%attr(644,root,root) %{_mandir}/man8/ninfod.8.gz + +%changelog +* Mon Aug 09 2021 Mohan Boddu - 20210202-7 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue Jun 22 2021 Mohan Boddu - 20210202-6 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Mon Jun 14 2021 Jan Macku - 20210202-5 +- spec: Add note about source of ifenslave code (rhbz#1938746) + +* Wed Jun 09 2021 Jan Macku - 20210202-4 +- ifenslave: fix CWE-170 (rhbz#1938746) + +* Fri Apr 16 2021 Mohan Boddu - 20210202-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Mar 23 2021 Jan Macku - 20210202-2 +- ifenslave: fix CWE-170 (related to rhbz#1938746) + +* Tue Feb 02 2021 Kevin Fenzi - 20210202-1 +- Update to 20210202. Fixes rhbz#1923917 + +* Tue Jan 26 2021 Fedora Release Engineering - 20200821-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sat Oct 31 2020 Kevin Fenzi - 20200821-1 +- Update to 20200821 release. Fixes bug #1871310 + +* Tue Jul 28 2020 Fedora Release Engineering - 20190515-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon May 18 2020 Jan Synáček - 20190515-7 +- arping exits with error when should not (#1836607) + +* Mon Mar 2 2020 Jan Synáček - 20190515-6 +- Make ping unprivileged (#1699497) + +* Mon Feb 3 2020 Jan Synáček - 20190515-5 +- Symlink arping to /usr/sbin/arping to maintain backward compatibility (#1797525) + +* Wed Jan 29 2020 Fedora Release Engineering - 20190515-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jul 25 2019 Fedora Release Engineering - 20190515-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Wed May 22 2019 Jan Synáček - 20190515-2 +- Mark localization files correctly (#1712514) + +* Wed May 22 2019 Jan Synáček - 20190515-1 +- Update to s20190515 (#1710647) + +* Thu Mar 28 2019 Jan Synáček - 20190324-1 +- Update to s20190324 (#1692136) + +* Fri Feb 01 2019 Fedora Release Engineering - 20180629-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Jan 23 2019 Bogdan Dobrelya - 20180629-3 +- Use systemd_ordering macro + +* Fri Jul 13 2018 Fedora Release Engineering - 20180629-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jul 3 2018 Jan Synáček - 20180629-1 +- update to s20180629 (#1596893) + +* Wed Feb 07 2018 Fedora Release Engineering - 20161105-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Nov 24 2017 Jan Synáček - 20161105-8 +- switch to libidn2 (#1449149) + +* Wed Aug 02 2017 Fedora Release Engineering - 20161105-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Sun Jul 30 2017 Florian Weimer - 20161105-6 +- Rebuild with binutils fix for ppc64le (#1475636) + +* Thu Jul 27 2017 Jan Synáček - 20161105-5 +- ping does not work in dkr images (#1350019) + +* Wed Jul 26 2017 Fedora Release Engineering - 20161105-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri May 12 2017 Karsten Hopp - 20161105-3 +- don't build docs for module builds to limit dependencies + +* Fri Feb 10 2017 Fedora Release Engineering - 20161105-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Nov 8 2016 Jan Synáček - 20161105-1 +- Update to s20161105 (#1392759) + +* Thu Oct 13 2016 Tomáš Mráz - 20160308-4 +- rebuild with OpenSSL 1.1.0 + +* Wed Jun 22 2016 Jan Synáček - 20160308-3 +- Fix: Failed to bind to device (#1348934) + +* Wed Mar 9 2016 Jan Synáček - 20160308-2 +- Don't build against libnettle + +* Wed Mar 9 2016 Jan Synáček - 20160308-1 +- Update to s20160308 (#1315975) + +* Thu Feb 04 2016 Fedora Release Engineering - 20150815-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Nov 19 2015 Jan Synáček - 20150815-2 +- Fix: Always use POSIX locale when parsing -i (#1283277) + +* Thu Sep 24 2015 Jan Synáček - 20150815-1 +- Update to s20150815 (#617934) + +* Sun Aug 23 2015 Peter Robinson 20140519-6 +- Don't depend on chkconfig, uses systemctl now + +* Wed Jun 17 2015 Fedora Release Engineering - 20140519-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Aug 16 2014 Fedora Release Engineering - 20140519-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jul 12 2014 Tom Callaway - 2040519-3 +- fix license handling + +* Sat Jun 07 2014 Fedora Release Engineering - 20140519-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue May 20 2014 Jan Synáček - 20140519-1 +- Update to iputils-s20140519 (#1096617) + +* Fri Apr 11 2014 Jan Synáček - 20121221-10 +- Fix arping hang if SIGALRM is blocked (#1085971) + +* Wed Mar 26 2014 Jan Synáček - 20121221-9 +- Fix message flood when EPERM is encountered in ping (#1061867) + +* Mon Feb 3 2014 Jan Synáček - 20121221-8 +- reference documentation in the service files +- remove redundant sysconfig-related stuff +- remove sysvinit script + +* Tue Jan 21 2014 Jan Synáček - 20121221-7 +- Build with pie/full RELRO (#1055742) + +* Sun Jan 19 2014 Ville Skyttä - 20121221-6 +- Don't order services after syslog.target. + +* Thu Oct 31 2013 Jan Synáček - 20121221-5 +- Harden the package even more (full RELRO) + +* Sat Aug 03 2013 Fedora Release Engineering - 20121221-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jul 15 2013 Jan Synáček - 20121221-3 +- Harden the package + +* Fri Feb 01 2013 Jan Synáček - 20121221-2 +- Always use posix locale when reading -i (#905840) +- Set correct ninfod capabilities + +* Mon Jan 07 2013 Jan Synáček - 20121221-1 +- Update to iputils-s20121207 (#890397) and remove unnecessary patches + +* Fri Dec 07 2012 Jan Synáček - 20121207-1 +- Update to iputils-s20121207 (#884983) - fixes a ping segfault introduced + by the previous update +- Update ninfod-minor patch +- Renumber patches +- Fix -F switch (flowlabel patch) + +* Thu Dec 06 2012 Jan Synáček - 20121205-1 +- Update to iputils-s20121205 (#884436) and remove unnecessary patches + +* Thu Dec 06 2012 Jan Synáček - 20121125-3 +- Package ninfod (#877530) +- Update systemd requirements + +* Mon Nov 26 2012 Jan Synáček - 20121125-2 +- Comment patches and cleanup +- Update ifaddrs patch +- Call usage() before limiting capabilities +- Correct ifaddrs patch +- Drop corr_type patch (gcc 4.4 build hack) +- Fix missing end tags in sgml documentation + +* Mon Nov 26 2012 Jan Synáček - 20121125-1 +- Update to iputils-s20121125 (#879952) + +* Mon Nov 26 2012 Jan Synáček - 20121121-2 +- Re-fix arping's default device search logic (#879807) + +* Thu Nov 22 2012 Jan Synáček - 20121121-1 +- Update to iputils-s20121121, drop unnecessary patches +- Add capabilities to clockdiff and arping +- Renumber patches +- Fix arping's default device search logic + +* Mon Nov 19 2012 Jan Synáček - 20121112-2 +- Update License field + +* Tue Nov 13 2012 Jan Synáček - 20121112-1 +- Update to iputils-s20121112 (#875767) + + drop unnecessary patches + + update patches + + wrap SO_BINDTODEVICE with the correct capability + + fix incorrect free (hits when -lidn is used) + +* Thu Nov 08 2012 Jan Synáček - 20121106-2 +- Update ifenslave tarball (#859182) + +* Tue Nov 06 2012 Jan Synáček - 20121106-1 +- Update to iputils-s20121106 (#873571) and update patches + +* Mon Oct 15 2012 Jan Synáček - 20121011-1 +- Update to iputils-s20121011 + + drop unnecessary patches + + update patches + + improve spec + +* Wed Aug 22 2012 Jan Synáček - 20101006-18 +- Improve spec for fedora +- Add systemd-rpm macros (#850167) + +* Mon Jul 23 2012 Jan Synáček 20101006-17 +- Minor update: capabilities patch + +* Fri Jul 20 2012 Jan Synáček 20101006-16 +- Make fedora-review friendly + +* Thu Jul 19 2012 Fedora Release Engineering - 20101006-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 25 2012 Jan Synáček 20101006-15 +- Ping fixes: + + enable marking packets when the correct capabilities are set (#802197) + + integer overflow (#834661) + + Fallback to numeric addresses while exiting (#834661) + +* Wed Jan 25 2012 Harald Hoyer 20101006-14 +- install everything in /usr + https://fedoraproject.org/wiki/Features/UsrMove + +* Fri Jan 13 2012 Fedora Release Engineering - 20101006-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Nov 24 2011 Jiri Skala - 20101006-12 +- fixes #756439 - ping Record Route report incorrect (same route) + +* Thu Nov 10 2011 Jiri Skala - 20101006-11 +- fixes #752397 - arping uses eth0 as default interface + +* Mon Aug 01 2011 Jiri Skala - 20101006-10 +- rebuild for libcap + +* Mon Jun 27 2011 Jiri Skala - 20101006-9 +- fixes #697532 - The SysV initscript should be packaged into subpackage + +* Tue Mar 29 2011 Jiri Skala - 20101006-8 +- fixes #663734 - ping/ping6 man page fixes +- fixes #673831 - tracepath/tracepath6 manpage fixes + +* Wed Feb 09 2011 Jiri Skala - 20101006-7 +- fixes build errors due to unused variables + +* Wed Feb 09 2011 Fedora Release Engineering - 20101006-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 19 2011 Jiri Skala - 20101006-5 +- fixes #670380 - added /etc/sysconfig/rdisc, modified initscript +- initscript moved to git + +* Wed Dec 15 2010 Jiri Skala - 20101006-4 +- fixes #662720 - Providing native systemd file +- freeing memory when capabilities are dropped + +* Mon Nov 08 2010 Jiri Skala - 20101006-3 +- applied patch dropping capabilities of Ludwig Nussel +- fixes building ping, pinpg6 with -pie option +- moves most CFLAGS options from spec to Makefile + +* Wed Oct 27 2010 Jiri Skala - 20101006-2 +- fixes #646444 - Replace SETUID in spec file with the correct file capabilities + +* Mon Oct 11 2010 Jiri Skala - 20101006-1 +- update to latest upstream + +* Tue Jul 13 2010 Jiri Skala - 20100418-3 +- applied patch preventing ping against dos attack + +* Wed May 19 2010 Jiri Skala - 20100418-2 +- fixes #593641 - update bonding files (updated ifenslave tarball) + +* Tue Apr 20 2010 Jiri Skala - 20100418-1 +- update to latest upstream +- enables flowlabel feature (-F option) + +* Fri Mar 05 2010 Jiri Skala - 20071127-10 +- fixes #557308 - arping ignores the deadline option + +* Fri Jul 24 2009 Fedora Release Engineering - 20071127-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Jiri Skala - 20071127-8 +- remake type conversions to gcc4.4 requirements + +* Wed Feb 25 2009 Fedora Release Engineering - 20071127-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Sep 26 2008 Jiri Skala - 20071127-6 +- #455713 not accepted - suid is back + +* Fri Aug 15 2008 Jiri Skala - 20071127-5 +- removed a dependency on libsysfs library in arping + +* Wed Aug 06 2008 Jiri Skala - 20071127-4 +- Resolves: #455713 remove suid from ping +- corrected typing error in man + +* Tue Jun 03 2008 Martin Nagy - 20071127-3 +- major patch cleanup so it will be easier to get patches upstream +- fix for #68212, previous fix actually didn't work for ping6 +- renewed the ia64 align patches +- update README.bonding +- clear up the code from warnings +- spec file cleanup + +* Tue Mar 25 2008 Martin Nagy - 20071127-2 +- fix inconsistent behaviour of ping (#360881) + +* Mon Feb 25 2008 Martin Nagy - 20071127-1 +- update to new upstream version + +* Mon Feb 18 2008 Martin Nagy - 20070202-9 +- rebuild + +* Mon Feb 18 2008 Martin Nagy - 20070202-8 +- correctly fix the -w option and return code of arping (#387881) + +* Fri Feb 01 2008 Martin Nagy - 20070202-7 +- fix -Q option of ping6 (#213544) + +* Mon Jan 14 2008 Martin Nagy - 20070202-6 +- fix absolute symlinks and character encoding for RELNOTES (#225909) +- preserve file timestamps (#225909) +- use %%{?_smp_mflags} (#225909) +- fix service rdisc stop removing of lock file + +* Fri Sep 14 2007 Martin Bacovsky - 20070202-5 +- rebuild + +* Fri Aug 3 2007 Martin Bacovsky - 20070202-4 +- resolves: #236725: ping does not work for subsecond intervals for ordinary user +- resolves: #243197: RFE: Please sync ifenslave with current kernel +- resolves: #246954: Initscript Review +- resolves: #251124: can't build rdisc - OPEN_MAX undeclared + +* Fri Apr 6 2007 Martin Bacovsky - 20070202-3 +- resolves: #235374: Update of iputils starts rdisc, breaking connectivity + +* Tue Mar 27 2007 Martin Bacovsky - 20070202-2 +- Resolves: #234060: [PATCH] IDN (umlaut domains) support for ping and ping6 + patch provided by Robert Scheck + +* Thu Mar 15 2007 Martin Bacovsky - 20070202-1 +- upgarde to new upstream iputils-s20070202 +- Resolves: #229995 +- Resolves: #225909 - Merge Review: iputils +- patches revision + +* Thu Feb 22 2007 Martin Bacovsky - 20020927-42 +- Resolves: #218706 - now defines the destination address along RFC3484 +- Resolves: #229630 - ifenslave(8) man page added +- Resolves: #213716 - arping doesn't work on InfiniBand ipoib interfaces + +* Wed Sep 13 2006 Radek Vokal - 20020927-41 +- new ifenslave/bonding documentation + +* Mon Aug 21 2006 Martin Bacovsky - 20020927-40 +- tracepath doesn't continue past destination host (#174032) + previous patch replaced by new one provided by + option -c added + +* Mon Jul 17 2006 Radek Vokal - 20020927-39 +- rebuilt + +* Mon Jul 10 2006 Radek Vokal - 20020927-38 +- tracepath doesn't continue past destination host (#174032) + +* Wed Mar 29 2006 Radek Vokál - 20020927-37 +- fix ifenslave, shows interface addresses +- add RPM_OPT_FLAGS to ifenslave + +* Sun Mar 12 2006 Radek Vokál - 20020927-36 +- fix ifenslave man page (#185223) + +* Fri Feb 24 2006 Radek Vokál - 20020927-35 +- add PreReq: chkconfig (#182799,#182798) + +* Fri Feb 10 2006 Jesse Keating - 20020927-34.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 20020927-34.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Mon Feb 06 2006 Radek Vokál 20020927-34 +- ping clean-up, added new ICMP warning messages + +* Wed Jan 25 2006 Radek Vokál 20020927-33 +- gcc patch, warnings cleaned-up + +* Tue Dec 13 2005 Radek Vokal 20020927-32 +- fix HOPLIMIT option for setsockopt() (#175471) + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Mon Dec 05 2005 Radek Vokal 20020927-31 +- ifenslave.8 from debian.org +- separate ifenslave to its own tarball + +* Tue Nov 08 2005 Radek Vokal 20020927-30 +- don't ship traceroute6, now part of traceroute package + +* Wed Oct 05 2005 Radek Vokal 20020927-29 +- add ping6 and tracepath6 manpages, fix attributes. + +* Fri Sep 30 2005 Radek Vokal 20020927-28 +- memset structure before using it (#168166) + +* Mon Sep 26 2005 Radek Vokal 20020927-27 +- fixed ping -f, flooding works again (#134859,#169141) + +* Thu Sep 08 2005 Radek Vokal 20020927-26 +- tracepath6 and tracepath fix, use getaddrinfo instead of gethostbyname(2) + (#100778,#167735) + +* Fri Aug 12 2005 Radek Vokal 20020927-25 +- fixed arping timeout (#165715) + +* Mon Jul 18 2005 Radek Vokal 20020927-24 +- fixed arping buffer overflow (#163383) + +* Fri May 27 2005 Radek Vokal 20020927-23 +- fixed un-initialized "device" (#158914) + +* Thu Apr 07 2005 Radek Vokal 20020927-22 +- don't start rdisc as default (#154075) + +* Tue Apr 05 2005 Radek Vokal 20020927-21 +- rdisc init script added (#151614) + +* Fri Mar 04 2005 Radek Vokal 20020927-20 +- arping fix for infiniband (#150156) + +* Tue Dec 07 2004 Radek Vokal 20020927-19 +- return values fixed - patch from suse.de + +* Mon Oct 18 2004 Radek Vokal +- ifenslave.c and README.bonding updated from kernel-2.6.8-1.521 (#136059) + +* Mon Oct 11 2004 Radek Vokal +- spec file updated, source fixed (#135193) + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Wed May 12 2004 Phil Knirsch 20020927-15 +- Updated rh patch to enable PIE build of binaries. + +* Thu Apr 22 2004 Phil Knirsch 20020927-14 +- Fixed bug with wrong return code check of inet_pton() in traceroute6 (#100684) + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Thu Oct 02 2003 Phil Knirsch 20020927-12 +- Fixed unaligned access problem on ia64 (#101417) + +* Wed Sep 10 2003 Phil Knirsch 20020927-11 +- Don't use own headers, use glibc and kernheaders. + +* Thu Sep 04 2003 Bill Nottingham 20020927-10 +- fix build with new glibc-kernheaders + +* Wed Sep 03 2003 Phil Knirsch 20020927-9.1 +- rebuilt + +* Wed Sep 03 2003 Phil Knirsch 20020927-9 +- Start icmp_seq from 0 instead of 1 (Conform with debian and Solaris #100609). + +* Thu Jul 31 2003 Phil Knirsch 20020927-8 +- One more update to ifenslave.c + +* Mon Jun 16 2003 Phil Knirsch 20020927-7 +- Updated ifenslave.c and README.bonding to latest version. + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Thu May 15 2003 Phil Knirsch 20020927-5 +- Bumped release and rebuilt + +* Thu May 15 2003 Phil Knirsch 20020927-4 +- Fixed DNS lookup problems (#68212). +- Added warning if binding problem failed on subinterface (#81640). + +* Tue May 13 2003 Phil Knirsch 20020927-3 +- Removed bonding tarball and replaced it with ifenslave.c and README +- FHS compliance for all tools, now to be found in /bin with compat symlinks to + old places. + +* Wed Jan 22 2003 Tim Powers 20020927-2 +- rebuilt + +* Fri Nov 29 2002 Phil Knirsch 20020927-1 +- Updated to latest upstream version. + +* Fri Jun 21 2002 Tim Powers 20020124-8 +- automated rebuild + +* Tue Jun 18 2002 Phil Knirsch 20020124-7 +- Added new BuildPreReqs for docbook-utils and perl-SGMLSpm (#66661) +- Fixed ipv6 error printing problem (#66659). + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Tue May 21 2002 Phil Knirsch +- Added a patch to activate the rdisc server (#64270). +- Display the countermeasures warning only in verbose (#55236) + +* Thu Apr 18 2002 Bill Nottingham +- quit trying to build HTML versions of the man pages + +* Thu Mar 14 2002 Phil Knirsch +- Added fix by Tom "spot" Callaway to fix buffer overflow problems in stats. + +* Wed Feb 27 2002 Phil Knirsch +- Update to iputils-ss020124. + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Mon Aug 27 2001 Philipp Knirsch 20001110-6 +- Fixed buffer overflow problem in traceroute6.c (#51135) + +* Mon Jul 02 2001 Philipp Knirsch +- Made ping6 and traceroute6 setuid (safe as they drop it VERY early) (#46769) + +* Thu Jun 28 2001 Philipp Knirsch +- Fixed ping statistics overflow bug (#43801) + +* Tue Jun 26 2001 Philipp Knirsch +- Fixed a bunch of compiler warnings (#37131) +- Fixed wrong exit code for no packets and deadline (#40323) +- Moved arping to /sbin from /usr/sbin due to ifup call (#45785). Symlink from + /usr/sbin/ provided for backwards compatibility. + +* Mon Apr 30 2001 Preston Brown +- install in.rdisc.8c as rdisc.8 + +* Tue Jan 16 2001 Jeff Johnson +- update to ss001110 +- doco fixes (#23844). + +* Sun Oct 8 2000 Jeff Johnson +- update to ss001007. + +* Tue Aug 8 2000 Tim Waugh +- fix spelling mistake (#15714). + +* Tue Aug 8 2000 Tim Waugh +- turn on -U on machines without TSC (#15223). + +* Tue Aug 1 2000 Jeff Johnson +- better doco patch (#15050). + +* Tue Jul 25 2000 Jakub Jelinek +- fix include-glibc/ to work with new glibc 2.2 resolver headers + +* Thu Jul 13 2000 Prospector +- automatic rebuild + +* Sun Jun 18 2000 Jeff Johnson +- FHS packaging. +- update to ss000418. +- perform reverse DNS lookup only once for same input. + +* Sun Mar 5 2000 Jeff Johnson +- include README.ifenslave doco. +- "ping -i N" was broke for N >= 3 (#9929). +- update to ss000121: +-- clockdiff: preserve raw socket errno. +-- ping: change error exit code to 1 (used to be 92,93, ...) +-- ping,ping6: if -w specified, transmit until -c limit is reached. +-- ping,ping6: exit code non-zero if some packets not received within deadline. + +* Tue Feb 22 2000 Jeff Johnson +- man page corrections (#9690). + +* Wed Feb 9 2000 Jeff Johnson +- add ifenslave. + +* Thu Feb 3 2000 Elliot Lee +- List /usr/sbin/rdisc in %%files list. + +* Thu Jan 27 2000 Jeff Johnson +- add remaining binaries. +- casts to remove compilation warnings. +- terminate if -w deadline is reached exactly (#8724). + +* Fri Dec 24 1999 Jeff Johnson +- create (only ping for now, traceroute et al soon).