From 1e477c0b84f87803746de70314a75c20a244c6ac654cd57203f685e1a0396244 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Wed, 23 Mar 2011 19:38:37 +0000
Subject: [PATCH] Accepting request 65040 from
 home:philipsb:branches:security:netfilter

OBS-URL: https://build.opensuse.org/request/show/65040
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iproute2?expand=0&rev=23
---
 iproute2-flushcheckuid.diff   |  30 ---
 iproute2-iptunnel-fclose.diff |  18 --
 iproute2-skbedit-memset.diff  |  17 --
 iproute2-ss-pclose.diff       |  66 -------
 iproute2-warnings.diff        | 355 ----------------------------------
 iproute2.changes              |  15 ++
 iproute2.spec                 |  12 +-
 7 files changed, 16 insertions(+), 497 deletions(-)
 delete mode 100644 iproute2-flushcheckuid.diff
 delete mode 100644 iproute2-iptunnel-fclose.diff
 delete mode 100644 iproute2-skbedit-memset.diff
 delete mode 100644 iproute2-ss-pclose.diff
 delete mode 100644 iproute2-warnings.diff

diff --git a/iproute2-flushcheckuid.diff b/iproute2-flushcheckuid.diff
deleted file mode 100644
index 24b4e78..0000000
--- a/iproute2-flushcheckuid.diff
+++ /dev/null
@@ -1,30 +0,0 @@
---- ip/ipaddress.c	2009-03-24 22:40:54.000000000 +0000
-+++ ip/ipaddress.c	2009-11-11 09:30:07.000000000 +0000
-@@ -692,6 +692,12 @@
- 	if (flush) {
- 		int round = 0;
- 		char flushb[4096-512];
-+		uid_t uid = geteuid();
-+
-+		if(uid) {
-+			fprintf(stderr, "Not sufficient rights to flush\n");
-+			exit(EXIT_FAILURE);
-+		}
- 
- 		filter.flushb = flushb;
- 		filter.flushp = 0;
---- ip/iproute.c	2009-11-11 09:30:07.000000000 +0000
-+++ ip/iproute.c	2009-11-11 09:35:23.000000000 +0000
-@@ -1212,6 +1212,12 @@
- 		int round = 0;
- 		char flushb[4096-512];
- 		time_t start = time(0);
-+		uid_t uid = geteuid();
-+       
-+		if(uid) {
-+			fprintf(stderr, "Not sufficient rights to flush\n");
-+			exit(EXIT_FAILURE);
-+		}
- 
- 		if (filter.cloned) {
- 			if (do_ipv6 != AF_INET6) {
diff --git a/iproute2-iptunnel-fclose.diff b/iproute2-iptunnel-fclose.diff
deleted file mode 100644
index 7028ed5..0000000
--- a/iproute2-iptunnel-fclose.diff
+++ /dev/null
@@ -1,18 +0,0 @@
---- ip/iptunnel.c	2009-07-28 13:28:59.000000000 +0200
-+++ ip/iptunnel.c	2009-07-28 13:29:29.000000000 +0200
-@@ -400,6 +400,7 @@
- 		if ((ptr = strchr(buf, ':')) == NULL ||
- 		    (*ptr++ = 0, sscanf(buf, "%s", name) != 1)) {
- 			fprintf(stderr, "Wrong format of /proc/net/dev. Sorry.\n");
-+			fclose (fp);
- 			return -1;
- 		}
- 		if (sscanf(ptr, "%ld%ld%ld%ld%ld%ld%ld%*d%ld%ld%ld%ld%ld%ld%ld",
-@@ -438,6 +439,7 @@
- 		}
- 		printf("\n");
- 	}
-+	fclose (fp);
- 	return 0;
- }
- 
diff --git a/iproute2-skbedit-memset.diff b/iproute2-skbedit-memset.diff
deleted file mode 100644
index e026938..0000000
--- a/iproute2-skbedit-memset.diff
+++ /dev/null
@@ -1,17 +0,0 @@
----
- tc/m_skbedit.c |    2 ++
- 1 file changed, 2 insertions(+)
-
-Index: tc/m_skbedit.c
-===================================================================
---- tc/m_skbedit.c.orig
-+++ tc/m_skbedit.c
-@@ -60,6 +60,8 @@ parse_skbedit(struct action_util *a, int
- 	__u32 flags = 0, priority, mark;
- 	struct tc_skbedit sel = { 0 };
- 
-+	memset(&sel, 0, sizeof(struct tc_skbedit));
-+
- 	if (matches(*argv, "skbedit") != 0)
- 		return -1;
- 
diff --git a/iproute2-ss-pclose.diff b/iproute2-ss-pclose.diff
deleted file mode 100644
index f3e6911..0000000
--- a/iproute2-ss-pclose.diff
+++ /dev/null
@@ -1,66 +0,0 @@
---- misc/ss.c	2009-10-09 14:26:41.000000000 +0200
-+++ misc/ss.c	2009-10-09 14:30:00.000000000 +0200
-@@ -464,6 +464,7 @@
- 				}
- 			}
- 		}
-+		pclose (fp);
- 	}
- }
- 
---- misc/ss.c	2009-10-09 14:39:14.000000000 +0200
-+++ misc/ss.c	2009-10-09 14:40:25.000000000 +0200
-@@ -1571,10 +1571,12 @@
- 		status = fread(buf, 1, sizeof(*h), fp);
- 		if (status < 0) {
- 			perror("Reading header from $TCPDIAG_FILE");
-+			fclose (fp);
- 			return -1;
- 		}
- 		if (status != sizeof(*h)) {
- 			perror("Unexpected EOF reading $TCPDIAG_FILE");
-+			fclose (fp);
- 			return -1;
- 		}
- 
-@@ -1582,16 +1584,20 @@
- 
- 		if (status < 0) {
- 			perror("Reading $TCPDIAG_FILE");
-+			fclose (fp);
- 			return -1;
- 		}
- 		if (status + sizeof(*h) < h->nlmsg_len) {
- 			perror("Unexpected EOF reading $TCPDIAG_FILE");
-+			fclose (fp);
- 			return -1;
- 		}
- 
- 		/* The only legal exit point */
--		if (h->nlmsg_type == NLMSG_DONE)
-+		if (h->nlmsg_type == NLMSG_DONE) {
-+			fclose (fp);
- 			return 0;
-+		}
- 
- 		if (h->nlmsg_type == NLMSG_ERROR) {
- 			struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h);
-@@ -1601,13 +1607,17 @@
- 				errno = -err->error;
- 				perror("TCPDIAG answered");
- 			}
-+			fclose (fp);
- 			return -1;
- 		}
- 
- 		err = tcp_show_sock(h, f);
--		if (err < 0)
-+		if (err < 0) {
-+			fclose (fp);
- 			return err;
-+		}
- 	}
-+	fclose (fp);
- }
- 
- static int tcp_show(struct filter *f, int socktype)
diff --git a/iproute2-warnings.diff b/iproute2-warnings.diff
deleted file mode 100644
index b7a95fa..0000000
--- a/iproute2-warnings.diff
+++ /dev/null
@@ -1,355 +0,0 @@
----
- ip/ip6tunnel.c     |    5 +++--
- ip/ipmaddr.c       |    3 ++-
- ip/ipmroute.c      |    6 ++++--
- ip/iptunnel.c      |    5 +++--
- ip/rtmon.c         |    6 ++++--
- misc/ifstat.c      |    6 ++++--
- misc/lnstat_util.c |   11 +++++++----
- misc/nstat.c       |    6 ++++--
- misc/rtacct.c      |    6 ++++--
- misc/ss.c          |   39 ++++++++++++++++++++++++++-------------
- netem/maketable.c  |    3 ++-
- 11 files changed, 63 insertions(+), 33 deletions(-)
-
-Index: ip/ip6tunnel.c
-===================================================================
---- ip/ip6tunnel.c.orig
-+++ ip/ip6tunnel.c
-@@ -262,8 +262,9 @@ static int do_tunnels_list(struct ip6_tn
- 	}
- 
- 	/* skip two lines at the begenning of the file */
--	fgets(buf, sizeof(buf), fp);
--	fgets(buf, sizeof(buf), fp);
-+	char* res = 0;
-+	res = fgets(buf, sizeof(buf), fp);
-+	res = fgets(buf, sizeof(buf), fp);
- 
- 	while (fgets(buf, sizeof(buf), fp) != NULL) {
- 		char name[IFNAMSIZ];
-Index: ip/ipmaddr.c
-===================================================================
---- ip/ipmaddr.c.orig
-+++ ip/ipmaddr.c
-@@ -128,7 +128,8 @@ void read_igmp(struct ma_info **result_p
- 	if (!fp)
- 		return;
- 	memset(&m, 0, sizeof(m));
--	fgets(buf, sizeof(buf), fp);
-+	char* res = 0;
-+	res = fgets(buf, sizeof(buf), fp);
- 
- 	m.addr.family = AF_INET;
- 	m.addr.bitlen = 32;
-Index: ip/ipmroute.c
-===================================================================
---- ip/ipmroute.c.orig
-+++ ip/ipmroute.c
-@@ -58,7 +58,8 @@ static void read_viftable(void)
- 	if (!fp)
- 		return;
- 
--	fgets(buf, sizeof(buf), fp);
-+	char* res = 0;
-+	res = fgets(buf, sizeof(buf), fp);
- 
- 	while (fgets(buf, sizeof(buf), fp)) {
- 		int vifi;
-@@ -83,7 +84,8 @@ static void read_mroute_list(FILE *ofp)
- 	if (!fp)
- 		return;
- 
--	fgets(buf, sizeof(buf), fp);
-+	char* res = 0;
-+	res = fgets(buf, sizeof(buf), fp);
- 
- 	while (fgets(buf, sizeof(buf), fp)) {
- 		inet_prefix maddr, msrc;
-Index: ip/iptunnel.c
-===================================================================
---- ip/iptunnel.c.orig
-+++ ip/iptunnel.c
-@@ -407,8 +407,9 @@ static int do_tunnels_list(struct ip_tun
- 		return -1;
- 	}
- 
--	fgets(buf, sizeof(buf), fp);
--	fgets(buf, sizeof(buf), fp);
-+	char* res = 0;
-+	res = fgets(buf, sizeof(buf), fp);
-+	res = fgets(buf, sizeof(buf), fp);
- 
- 	while (fgets(buf, sizeof(buf), fp) != NULL) {
- 		int index, type;
-Index: ip/rtmon.c
-===================================================================
---- ip/rtmon.c.orig
-+++ ip/rtmon.c
-@@ -33,6 +33,7 @@ static void write_stamp(FILE *fp)
- 	char buf[128];
- 	struct nlmsghdr *n1 = (void*)buf;
- 	struct timeval tv;
-+	size_t res;
- 
- 	n1->nlmsg_type = 15;
- 	n1->nlmsg_flags = 0;
-@@ -42,7 +43,7 @@ static void write_stamp(FILE *fp)
- 	gettimeofday(&tv, NULL);
- 	((__u32*)NLMSG_DATA(n1))[0] = tv.tv_sec;
- 	((__u32*)NLMSG_DATA(n1))[1] = tv.tv_usec;
--	fwrite((void*)n1, 1, NLMSG_ALIGN(n1->nlmsg_len), fp);
-+	res = fwrite((void*)n1, 1, NLMSG_ALIGN(n1->nlmsg_len), fp);
- }
- 
- static int dump_msg(const struct sockaddr_nl *who, struct nlmsghdr *n,
-@@ -51,7 +52,8 @@ static int dump_msg(const struct sockadd
- 	FILE *fp = (FILE*)arg;
- 	if (!init_phase)
- 		write_stamp(fp);
--	fwrite((void*)n, 1, NLMSG_ALIGN(n->nlmsg_len), fp);
-+	int res = 0;
-+	res = fwrite((void*)n, 1, NLMSG_ALIGN(n->nlmsg_len), fp);
- 	fflush(fp);
- 	return 0;
- }
-Index: misc/ifstat.c
-===================================================================
---- misc/ifstat.c.orig
-+++ misc/ifstat.c
-@@ -716,8 +716,9 @@ int main(int argc, char *argv[])
- 				fclose(tfp);
- 			}
- 			if (uptime >= 0 && time(NULL) >= stb.st_mtime+uptime) {
-+				int res = 0;
- 				fprintf(stderr, "ifstat: history is aged out, resetting\n");
--				ftruncate(fileno(hist_fp), 0);
-+				res = ftruncate(fileno(hist_fp), 0);
- 			}
- 		}
- 
-@@ -759,7 +760,8 @@ int main(int argc, char *argv[])
- 			dump_incr_db(stdout);
- 	}
- 	if (!no_update) {
--		ftruncate(fileno(hist_fp), 0);
-+		int res = 0;
-+		res = ftruncate(fileno(hist_fp), 0);
- 		rewind(hist_fp);
- 		dump_raw_db(hist_fp, 1);
- 		fflush(hist_fp);
-Index: misc/lnstat_util.c
-===================================================================
---- misc/lnstat_util.c.orig
-+++ misc/lnstat_util.c
-@@ -49,7 +49,8 @@ static int scan_lines(struct lnstat_file
- 
- 		num_lines++;
- 
--		fgets(buf, sizeof(buf)-1, lf->fp);
-+		char* res = 0;
-+		res = fgets(buf, sizeof(buf)-1, lf->fp);
- 		gettimeofday(&lf->last_read, NULL);
- 
- 		for (j = 0; j < lf->num_fields; j++) {
-@@ -89,12 +90,13 @@ int lnstat_update(struct lnstat_file *ln
- 	for (lf = lnstat_files; lf; lf = lf->next) {
- 		if (time_after(&lf->last_read, &lf->interval, &tv)) {
- 			int i;
-+			char* res = 0;
- 			struct lnstat_field *lfi;
- 
- 			rewind(lf->fp);
- 			if (!lf->compat) {
- 				/* skip first line */
--				fgets(buf, sizeof(buf)-1, lf->fp);
-+				res = fgets(buf, sizeof(buf)-1, lf->fp);
- 			}
- 			scan_lines(lf, 1);
- 
-@@ -108,7 +110,7 @@ int lnstat_update(struct lnstat_file *ln
- 			}
- 
- 			rewind(lf->fp);
--			fgets(buf, sizeof(buf)-1, lf->fp);
-+			res = fgets(buf, sizeof(buf)-1, lf->fp);
- 			scan_lines(lf, 0);
- 		}
- 	}
-@@ -140,9 +142,10 @@ static int __lnstat_scan_fields(struct l
- static int lnstat_scan_fields(struct lnstat_file *lf)
- {
- 	char buf[FGETS_BUF_SIZE];
-+	char* res = 0;
- 
- 	rewind(lf->fp);
--	fgets(buf, sizeof(buf)-1, lf->fp);
-+	res = fgets(buf, sizeof(buf)-1, lf->fp);
- 
- 	return __lnstat_scan_fields(lf, buf);
- }
-Index: misc/nstat.c
-===================================================================
---- misc/nstat.c.orig
-+++ misc/nstat.c
-@@ -567,8 +567,9 @@ int main(int argc, char *argv[])
- 				fclose(tfp);
- 			}
- 			if (uptime >= 0 && time(NULL) >= stb.st_mtime+uptime) {
-+				int res = 0;
- 				fprintf(stderr, "nstat: history is aged out, resetting\n");
--				ftruncate(fileno(hist_fp), 0);
-+				res = ftruncate(fileno(hist_fp), 0);
- 			}
- 		}
- 
-@@ -612,7 +613,8 @@ int main(int argc, char *argv[])
- 			dump_incr_db(stdout);
- 	}
- 	if (!no_update) {
--		ftruncate(fileno(hist_fp), 0);
-+		int res = 0;
-+		res = ftruncate(fileno(hist_fp), 0);
- 		rewind(hist_fp);
- 		dump_kern_db(hist_fp, 1);
- 		fflush(hist_fp);
-Index: misc/rtacct.c
-===================================================================
---- misc/rtacct.c.orig
-+++ misc/rtacct.c
-@@ -562,8 +562,10 @@ int main(int argc, char *argv[])
- 			fprintf(stderr, "rtacct: something is so wrong with history file, that I prefer not to proceed.\n");
- 			exit(-1);
- 		}
--		if (stb.st_size != sizeof(*hist_db))
--			write(fd, kern_db, sizeof(*hist_db));
-+		if (stb.st_size != sizeof(*hist_db)) {
-+			ssize_t res = 0;
-+			res = write(fd, kern_db, sizeof(*hist_db));
-+		}
- 
- 		hist_db = mmap(NULL, sizeof(*hist_db),
- 			       PROT_READ|PROT_WRITE,
-Index: misc/ss.c
-===================================================================
---- misc/ss.c.orig
-+++ misc/ss.c
-@@ -290,7 +290,8 @@ static void user_ent_hash_build(void)
- 
- 				snprintf(tmp, sizeof(tmp), "%s/%d/stat", root, pid);
- 				if ((fp = fopen(tmp, "r")) != NULL) {
--					fscanf(fp, "%*d (%[^)])", process);
-+					int res = 0;
-+					res = fscanf(fp, "%*d (%[^)])", process);
- 					fclose(fp);
- 				}
- 			}
-@@ -372,7 +373,8 @@ int get_slabstat(struct slabstat *s)
- 
- 	cnt = sizeof(*s)/sizeof(int);
- 
--	fgets(buf, sizeof(buf), fp);
-+	char* res = 0;
-+	res = fgets(buf, sizeof(buf), fp);
- 	while(fgets(buf, sizeof(buf), fp) != NULL) {
- 		int i;
- 		for (i=0; i<sizeof(slabstat_ids)/sizeof(slabstat_ids[0]); i++) {
-@@ -496,7 +498,8 @@ void init_service_resolver(void)
- 	char buf[128];
- 	FILE *fp = popen("/usr/sbin/rpcinfo -p 2>/dev/null", "r");
- 	if (fp) {
--		fgets(buf, sizeof(buf), fp);
-+		char* res = 0;
-+		res = fgets(buf, sizeof(buf), fp);
- 		while (fgets(buf, sizeof(buf), fp) != NULL) {
- 			unsigned int progn, port;
- 			char proto[128], prog[128];
-@@ -534,7 +537,8 @@ static int is_ephemeral(int port)
- 	if (!ip_local_port_min) {
- 		FILE *f = ephemeral_ports_open();
- 		if (f) {
--			fscanf(f, "%d %d",
-+			int res = 0;
-+			res = fscanf(f, "%d %d",
- 			       &ip_local_port_min, &ip_local_port_max);
- 			fclose(f);
- 		} else {
-@@ -711,7 +715,8 @@ int run_ssfilter(struct ssfilter *f, str
-                 if (!low) {
- 			FILE *fp = ephemeral_ports_open();
- 			if (fp) {
--				fscanf(fp, "%d%d", &low, &high);
-+				int res = 0;
-+				res = fscanf(fp, "%d%d", &low, &high);
- 				fclose(fp);
- 			}
- 		}
-@@ -1555,8 +1560,10 @@ static int tcp_show_netlink(struct filte
- 			return 0;
- 		}
- 
--		if (dump_fp)
--			fwrite(buf, 1, NLMSG_ALIGN(status), dump_fp);
-+		if (dump_fp) {
-+			size_t res = 0;
-+			res = fwrite(buf, 1, NLMSG_ALIGN(status), dump_fp);
-+		}
- 
- 		h = (struct nlmsghdr*)buf;
- 		while (NLMSG_OK(h, status)) {
-@@ -1993,9 +2000,11 @@ int unix_show(struct filter *f)
- 	int  cnt;
- 	struct unixstat *list = NULL;
- 
--	if ((fp = net_unix_open()) == NULL)
-+	if ((fp = net_unix_open()) == NULL) {
- 		return -1;
--	fgets(buf, sizeof(buf)-1, fp);
-+	}
-+	char* res = 0;
-+	res = fgets(buf, sizeof(buf)-1, fp);
- 
- 	if (memcmp(buf, "Peer", 4) == 0)
- 		newformat = 1;
-@@ -2081,9 +2090,11 @@ int packet_show(struct filter *f)
- 	if (!(f->states & (1<<SS_CLOSE)))
- 		return 0;
- 
--	if ((fp = net_packet_open()) == NULL)
-+	if ((fp = net_packet_open()) == NULL) {
- 		return -1;
--	fgets(buf, sizeof(buf)-1, fp);
-+	}
-+	char* res = 0;
-+	res = fgets(buf, sizeof(buf)-1, fp);
- 
- 	while (fgets(buf, sizeof(buf)-1, fp)) {
- 		sscanf(buf, "%llx %*d %d %x %d %d %u %u %u",
-@@ -2154,9 +2165,11 @@ int netlink_show(struct filter *f)
- 	if (!(f->states & (1<<SS_CLOSE)))
- 		return 0;
- 
--	if ((fp = net_netlink_open()) == NULL)
-+	if ((fp = net_netlink_open()) == NULL) {
- 		return -1;
--	fgets(buf, sizeof(buf)-1, fp);
-+	}
-+	char* res = 0;
-+	res = fgets(buf, sizeof(buf)-1, fp);
- 
- 	while (fgets(buf, sizeof(buf)-1, fp)) {
- 		sscanf(buf, "%llx %d %d %x %d %d %llx %d",
-Index: netem/maketable.c
-===================================================================
---- netem/maketable.c.orig
-+++ netem/maketable.c
-@@ -38,7 +38,8 @@ readdoubles(FILE *fp, int *number)
- 	}
- 
- 	for (i=0; i<limit; ++i){
--		fscanf(fp, "%lf", &x[i]);
-+		int res = 0;
-+		res = fscanf(fp, "%lf", &x[i]);
- 		if (feof(fp))
- 			break;
- 		++n;
diff --git a/iproute2.changes b/iproute2.changes
index c2cc5de..4436d05 100644
--- a/iproute2.changes
+++ b/iproute2.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Wed Mar 23 18:57:20 UTC 2011 - bphilips@novell.com
+
+Remove unneeded patches:
+* iproute2-warnings.diff bnc#34714
+  Warnings no longer exist
+* iproute2-iptunnel-fclose.diff
+  Process is dying no need to close file pointers
+* iproute2-ss-pclose.diff
+  Process is dying no need to close file pointers
+* iproute2-flushcheckuid.diff
+  Fixed upstream
+* iproute2-skbedit-memset.diff
+  Fixed upstream 46a6573259f46f86eb0048a2c805b24ff4183fa6
+
 -------------------------------------------------------------------
 Tue Mar 22 08:57:44 CET 2011 - ms@suse.de
 
diff --git a/iproute2.spec b/iproute2.spec
index 8ccec83..dfe32c4 100644
--- a/iproute2.spec
+++ b/iproute2.spec
@@ -33,12 +33,7 @@ Source0:        %name-%rversion.tar.bz2
 Patch0:         %name-libdir-1.diff
 Patch1:         %name-HZ.diff
 Patch2:         %name-pdfdoc.diff
-Patch3:         %name-flushcheckuid.diff
-Patch4:         %name-warnings.diff
-Patch5:         %name-skbedit-memset.diff
-Patch6:         %name-iptunnel-fclose.diff
-Patch7:         %name-ss-pclose.diff
-Patch8:         %name-memleak.diff
+Patch3:         %name-memleak.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -79,11 +74,6 @@ as well as examples and other outdated files.
 %patch1
 %patch2
 %patch3
-%patch4
-%patch5
-%patch6
-%patch7
-%patch8
 find . -name *.orig -print0 | xargs -r0 rm -v
 
 %build