diff --git a/.gitignore b/.gitignore index 825a634..9a9b9bf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/libnl-3.4.0.tar.gz -SOURCES/libnl-doc-3.4.0.tar.gz +SOURCES/libnl-3.5.0.tar.gz +SOURCES/libnl-doc-3.5.0.tar.gz diff --git a/.libnl3.metadata b/.libnl3.metadata index aba00bc..f62ef88 100644 --- a/.libnl3.metadata +++ b/.libnl3.metadata @@ -1,2 +1,2 @@ -4fc4c3b6812dc7e68ef8acb69287583685266a0b SOURCES/libnl-3.4.0.tar.gz -96c58cb6a5490f6c68838b74f68ec1d7d9a0eb54 SOURCES/libnl-doc-3.4.0.tar.gz +54c476a3103add175a6a055fcf45c0a29d2c0948 SOURCES/libnl-3.5.0.tar.gz +e0857124974053ee7be34fbda6812b57961f0ae8 SOURCES/libnl-doc-3.5.0.tar.gz diff --git a/SOURCES/0001-fix-coverity-issues-rh1606988.patch b/SOURCES/0001-fix-coverity-issues-rh1606988.patch deleted file mode 100644 index 5ba6a0d..0000000 --- a/SOURCES/0001-fix-coverity-issues-rh1606988.patch +++ /dev/null @@ -1,231 +0,0 @@ -From 79712feff47b2c275cf1cb1291863476ac45070a Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Thu, 8 Aug 2019 10:16:54 +0200 -Subject: [PATCH 1/4] route: fix strncpy() warning from coverity about - unterminated string - -Coverity says: - - Error: BUFFER_SIZE_WARNING (CWE-120): [#def1] - libnl-3.4.0/lib/route/cls/ematch/text.c:94: buffer_size_warning: Calling strncpy with a maximum size argument of 16 bytes on destination array "t->cfg.algo" of size 16 bytes might leave the destination string unterminated. - # 92| struct text_data *t = rtnl_ematch_data(e); - # 93| - # 94|-> strncpy(t->cfg.algo, algo, sizeof(t->cfg.algo)); - # 95| } - # 96| - - Error: BUFFER_SIZE_WARNING (CWE-120): [#def11] - libnl-3.4.0/lib/xfrm/sa.c:1192: buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array "auth->alg_name" of size 64 bytes might leave the destination string unterminated. - # 1190| } - # 1191| - # 1192|-> strncpy(auth->alg_name, tmpl->auth->alg_name, sizeof(auth->alg_name)); - # 1193| auth->alg_key_len = tmpl->auth->alg_key_len; - # 1194| memcpy(auth->alg_key, tmpl->auth->alg_key, (tmpl->auth->alg_key_len + 7) / 8); - -(cherry picked from commit f6f163d68e756d7ee69b93b0ccb4ab24f9764f77) ---- - lib/route/cls/ematch/text.c | 1 + - lib/xfrm/sa.c | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/lib/route/cls/ematch/text.c b/lib/route/cls/ematch/text.c -index b14c4abb92a7..12a1e747b48a 100644 ---- a/lib/route/cls/ematch/text.c -+++ b/lib/route/cls/ematch/text.c -@@ -92,6 +92,7 @@ void rtnl_ematch_text_set_algo(struct rtnl_ematch *e, const char *algo) - struct text_data *t = rtnl_ematch_data(e); - - strncpy(t->cfg.algo, algo, sizeof(t->cfg.algo)); -+ t->cfg.algo[sizeof(t->cfg.algo) - 1] = '\0'; - } - - char *rtnl_ematch_text_get_algo(struct rtnl_ematch *e) -diff --git a/lib/xfrm/sa.c b/lib/xfrm/sa.c -index 995df9fd9769..15a3661a9699 100644 ---- a/lib/xfrm/sa.c -+++ b/lib/xfrm/sa.c -@@ -1190,6 +1190,7 @@ static int build_xfrm_sa_message(struct xfrmnl_sa *tmpl, int cmd, int flags, str - } - - strncpy(auth->alg_name, tmpl->auth->alg_name, sizeof(auth->alg_name)); -+ auth->alg_name[sizeof(auth->alg_name) - 1] = '\0'; - auth->alg_key_len = tmpl->auth->alg_key_len; - memcpy(auth->alg_key, tmpl->auth->alg_key, (tmpl->auth->alg_key_len + 7) / 8); - if (nla_put(msg, XFRMA_ALG_AUTH, len, auth) < 0) { --- -2.21.0 - - -From d7b51a8a3d2f0ac0e2c306a77bdf479f64154d43 Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Thu, 8 Aug 2019 10:38:12 +0200 -Subject: [PATCH 2/4] link/sriov: fix memleak in rtnl_link_sriov_clone() - -Found by Coverity. - -(cherry picked from commit f1a085994a78a69abcd583d682b9850bc20ed482) ---- - lib/route/link/sriov.c | 24 ++++++++++++++++++------ - 1 file changed, 18 insertions(+), 6 deletions(-) - -diff --git a/lib/route/link/sriov.c b/lib/route/link/sriov.c -index 5c20ecff68f6..2a87cfe5ff3f 100644 ---- a/lib/route/link/sriov.c -+++ b/lib/route/link/sriov.c -@@ -109,8 +109,10 @@ int rtnl_link_sriov_clone(struct rtnl_link *dst, struct rtnl_link *src) { - - if (s_vf->ce_mask & SRIOV_ATTR_ADDR) { - vf_addr = nl_addr_clone(s_vf->vf_lladdr); -- if (!vf_addr) -+ if (!vf_addr) { -+ rtnl_link_vf_put(d_vf); - return -NLE_NOMEM; -+ } - d_vf->vf_lladdr = vf_addr; - } - -@@ -120,8 +122,10 @@ int rtnl_link_sriov_clone(struct rtnl_link *dst, struct rtnl_link *src) { - - err = rtnl_link_vf_vlan_alloc(&dst_vlans, - src_vlans->size); -- if (err < 0) -+ if (err < 0) { -+ rtnl_link_vf_put(d_vf); - return err; -+ } - dst_vlan_info = dst_vlans->vlans; - memcpy(dst_vlans, src_vlans, sizeof(nl_vf_vlans_t)); - memcpy(dst_vlan_info, src_vlan_info, -@@ -558,8 +562,10 @@ int rtnl_link_sriov_parse_vflist(struct rtnl_link *link, struct nlattr **tb) { - - vf_data->vf_lladdr = nl_addr_build(AF_LLC, - vf_lladdr->mac, 6); -- if (vf_data->vf_lladdr == NULL) -+ if (vf_data->vf_lladdr == NULL) { -+ rtnl_link_vf_put(vf_data); - return -NLE_NOMEM; -+ } - nl_addr_set_family(vf_data->vf_lladdr, AF_LLC); - vf_data->ce_mask |= SRIOV_ATTR_ADDR; - } -@@ -576,8 +582,10 @@ int rtnl_link_sriov_parse_vflist(struct rtnl_link *link, struct nlattr **tb) { - - err = rtnl_link_vf_vlan_info(list_len, vf_vlan_info, - &vf_vlans); -- if (err < 0) -+ if (err < 0) { -+ rtnl_link_vf_put(vf_data); - return err; -+ } - - vf_data->vf_vlans = vf_vlans; - vf_data->ce_mask |= SRIOV_ATTR_VLAN; -@@ -586,8 +594,10 @@ int rtnl_link_sriov_parse_vflist(struct rtnl_link *link, struct nlattr **tb) { - - if (vf_vlan->vlan) { - err = rtnl_link_vf_vlan_alloc(&vf_vlans, 1); -- if (err < 0) -+ if (err < 0) { -+ rtnl_link_vf_put(vf_data); - return err; -+ } - - vf_vlans->vlans[0].vf_vlan = vf_vlan->vlan; - vf_vlans->vlans[0].vf_vlan_qos = vf_vlan->qos; -@@ -649,8 +659,10 @@ int rtnl_link_sriov_parse_vflist(struct rtnl_link *link, struct nlattr **tb) { - err = nla_parse_nested(stb, IFLA_VF_STATS_MAX, - t[IFLA_VF_STATS], - sriov_stats_policy); -- if (err < 0) -+ if (err < 0) { -+ rtnl_link_vf_put(vf_data); - return err; -+ } - - SET_VF_STAT(link, cur, stb, - RTNL_LINK_VF_STATS_RX_PACKETS, --- -2.21.0 - - -From 9f910abd4b39015cfdcc78566915ed1d852c0fd1 Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Tue, 27 Aug 2019 14:43:54 +0200 -Subject: [PATCH 3/4] lib: accept %NULL arguments for nl_addr_cmp() - -Just be more forgiving. Also, this avoids a coverity warning: - - Error: FORWARD_NULL (CWE-476): [#def1] - libnl-3.4.0/lib/route/addr.c:502: var_compare_op: Comparing "a->a_peer" to null implies that "a->a_peer" might be null. - libnl-3.4.0/lib/route/addr.c:513: var_deref_model: Passing null pointer "a->a_peer" to "nl_addr_cmp", which dereferences it. - libnl-3.4.0/lib/addr.c:587:8: deref_parm: Directly dereferencing parameter "a". - # 585| int nl_addr_cmp(const struct nl_addr *a, const struct nl_addr *b) - # 586| { - # 587|-> int d = a->a_family - b->a_family; - # 588| - # 589| if (d == 0) { - -https://bugzilla.redhat.com/show_bug.cgi?id=1606988 -(cherry picked from commit 34708e2ef048f3788f3f2d5018735b27b156d244) ---- - lib/addr.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/lib/addr.c b/lib/addr.c -index c299b402a12b..b43791d52179 100644 ---- a/lib/addr.c -+++ b/lib/addr.c -@@ -584,8 +584,16 @@ int nl_addr_shared(const struct nl_addr *addr) - */ - int nl_addr_cmp(const struct nl_addr *a, const struct nl_addr *b) - { -- int d = a->a_family - b->a_family; -+ int d; -+ -+ if (a == b) -+ return 0; -+ if (!a) -+ return -1; -+ if (!b) -+ return 1; - -+ d = a->a_family - b->a_family; - if (d == 0) { - d = a->a_len - b->a_len; - --- -2.21.0 - - -From 0fd322bb429228a200cc7935a5b597748faaadf8 Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Tue, 27 Aug 2019 14:58:35 +0200 -Subject: [PATCH 4/4] lib: fix error code from nfnl_exp_build_message() - -Otherwise we return success but don't actually set the output -result. This can lead to a crash, in case of out-of-memory. - -Found by Coverity. - -https://bugzilla.redhat.com/show_bug.cgi?id=1606988 -(cherry picked from commit f3d5c44d21243d5eb59bfc2878d4977df2fd1369) ---- - lib/netfilter/exp.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lib/netfilter/exp.c b/lib/netfilter/exp.c -index 24ec55f4c374..947eea0d4bcd 100644 ---- a/lib/netfilter/exp.c -+++ b/lib/netfilter/exp.c -@@ -490,6 +490,8 @@ static int nfnl_exp_build_message(const struct nfnl_exp *exp, int cmd, int flags - return 0; - - nla_put_failure: -+ err = -NLE_NOMEM; -+ - err_out: - nlmsg_free(msg); - return err; --- -2.21.0 - diff --git a/SPECS/libnl3.spec b/SPECS/libnl3.spec index 1f0f5eb..e74a692 100644 --- a/SPECS/libnl3.spec +++ b/SPECS/libnl3.spec @@ -1,6 +1,6 @@ Name: libnl3 -Version: 3.4.0 -Release: 5%{?dist} +Version: 3.5.0 +Release: 1%{?dist} Summary: Convenience library for kernel netlink sockets Group: Development/Libraries License: LGPLv2 @@ -13,7 +13,6 @@ Source: http://www.infradead.org/~tgr/libnl/files/libnl-%{fullversion}.tar.gz Source1: http://www.infradead.org/~tgr/libnl/files/libnl-doc-%{fullversion}.tar.gz #Patch1: some.patch -Patch1: 0001-fix-coverity-issues-rh1606988.patch BuildRequires: flex bison BuildRequires: libtool autoconf automake @@ -68,7 +67,7 @@ Requires: %{name} = %{version}-%{release} %description -n python2-libnl3 Python 2 bindings for libnl3 -%endif # with python2 +%endif %package -n python3-libnl3 Summary: libnl3 binding for Python 3 @@ -98,7 +97,7 @@ CFLAGS="$RPM_OPT_FLAGS" %py3_build %if %{with python2} CFLAGS="$RPM_OPT_FLAGS" %py2_build CFLAGS="$RPM_OPT_FLAGS" %py2_build -%endif # with python2 +%endif popd %install @@ -110,7 +109,7 @@ pushd ./python/ %py3_install %if %{with python2} %py2_install -%endif # with python2 +%endif popd %check @@ -120,7 +119,7 @@ pushd ./python/ %{__python3} setup.py check %if %{with python2} %{__python2} setup.py check -%endif # with python2 +%endif popd %post -p /sbin/ldconfig @@ -163,7 +162,7 @@ popd %defattr(-,root,root,-) %{python2_sitearch}/netlink %{python2_sitearch}/netlink-*.egg-info -%endif # with python2 +%endif %files -n python3-libnl3 %defattr(-,root,root,-) @@ -171,6 +170,9 @@ popd %{python3_sitearch}/netlink-*.egg-info %changelog +* Tue Nov 26 2019 Thomas Haller - 3.5.0-1 +- Update to 3.5.0 + * Tue Aug 27 2019 Thomas Haller - 3.4.0-5 - Fix issues found by coverity (rh #1606988)