pool/iproute2
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 733095 from home:mkubecek:branches:security:netfilter

Browse Source 
- Update to new upstream release 5.3
- fix SLE12 build

OBS-URL: https://build.opensuse.org/request/show/733095
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iproute2?expand=0&rev=179
This commit is contained in:
Jan Engelhardt 2019-09-28 04:29:00 +00:00 committed by Git OBS Bridge
parent 3c6e5e84ef
commit 2a76b835f9
9 changed files with 89 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
bpf-bss-section-poc.patch
View File

@ -1,9 +1,7 @@
From 8f256b14edf9fdba3e0c688b76a4124d8627cde1 Mon Sep 17 00:00:00 2001
From: Joe Stringer <joe@wand.net.nz>
Date: Thu, 24 Jan 2019 20:55:39 -0800
Subject: [PATCH iproute2-next 2/2] bpf: bss section poc
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: netdev@vger.kernel.org, daniel@iogearbox.net
Subject: bpf: bss section poc
Patch-mainline: No, status unknown, seems to be implemented in libbpf instead
References: none
The .bss section denotes uninitialized data, which is for instance what
clang will generate if a static variable is set to zero by default.
@ -15,11 +13,9 @@ Signed-off-by: Joe Stringer <joe@wand.net.nz>
lib/bpf.c | 37 +++++++++++++++++++++++++++++++++++--
1 file changed, 35 insertions(+), 2 deletions(-)
diff --git a/lib/bpf.c b/lib/bpf.c
index eb208275ebaa..69eaa5ee732d 100644
--- a/lib/bpf.c
+++ b/lib/bpf.c
@@ -1159,6 +1159,7 @@ struct bpf_elf_ctx {
@@ -1164,6 +1164,7 @@ struct bpf_elf_ctx {
int sec_text;
int sec_btf;
int sec_data;
@ -27,7 +23,7 @@ index eb208275ebaa..69eaa5ee732d 100644
char license[ELF_MAX_LICENSE_LEN];
enum bpf_prog_type type;
__u32 ifindex;
@@ -2048,6 +2049,14 @@ static int bpf_fetch_data(struct bpf_elf_ctx *ctx, int section,
@@ -2068,6 +2069,14 @@ static int bpf_fetch_data(struct bpf_elf_ctx *ctx, int section,
return 0;
}
@ -42,7 +38,7 @@ index eb208275ebaa..69eaa5ee732d 100644
static void bpf_btf_report(int fd, struct bpf_elf_ctx *ctx)
{
fprintf(stderr, "\nBTF debug data section \'.BTF\' %s%s (%d)!\n",
@@ -2262,6 +2271,11 @@ static bool bpf_has_glob_data(const struct bpf_elf_ctx *ctx)
@@ -2286,6 +2295,11 @@ static bool bpf_has_glob_data(const struct bpf_elf_ctx *ctx)
return ctx->sec_data;
}
@ -54,7 +50,7 @@ index eb208275ebaa..69eaa5ee732d 100644
static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
{
struct bpf_elf_sec_data data;
@@ -2286,6 +2300,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
@@ -2310,6 +2324,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
else if (data.sec_hdr.sh_type == SHT_PROGBITS &&
!strcmp(data.sec_name, ".data"))
ret = bpf_fetch_data(ctx, i, &data);
@ -64,7 +60,7 @@ index eb208275ebaa..69eaa5ee732d 100644
else if (data.sec_hdr.sh_type == SHT_SYMTAB &&
!strcmp(data.sec_name, ".symtab"))
ret = bpf_fetch_symtab(ctx, i, &data);
@@ -2414,6 +2431,19 @@ static int bpf_apply_relo_glob(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *pro
@@ -2438,6 +2455,19 @@ static int bpf_apply_relo_glob(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *pro
return 0;
}
@ -84,7 +80,7 @@ index eb208275ebaa..69eaa5ee732d 100644
static int bpf_apply_relo_call(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
GElf_Rel *relo, GElf_Sym *sym,
struct bpf_relo_props *props)
@@ -2470,10 +2500,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx,
@@ -2494,10 +2524,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx,
ret = bpf_apply_relo_map(ctx, prog, &relo, &sym, props);
else if (sym.st_shndx == ctx->sec_data)
ret = bpf_apply_relo_glob(ctx, prog, &relo, &sym, props);
@ -98,7 +94,7 @@ index eb208275ebaa..69eaa5ee732d 100644
relo_ent, sym.st_shndx);
if (ret < 0)
return ret;
@@ -2569,7 +2601,8 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section)
@@ -2593,7 +2625,8 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section)
return ret;
}
@ -108,6 +104,3 @@ index eb208275ebaa..69eaa5ee732d 100644
ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen, &prog);
if (ret < 0 && !lderr)
ret = bpf_fetch_prog(ctx, section, &sseen);
--
2.19.1

29
bpf-data-section-support-poc.patch
View File

@ -1,20 +1,16 @@
From 4e0dcb220bd77a5ddf0f8956740281efbf1ead90 Mon Sep 17 00:00:00 2001
From: Daniel Borkmann <daniel@iogearbox.net>
Date: Wed, 31 Oct 2018 20:25:22 +0100
Subject: [PATCH iproute2-next 1/2] bpf: data section support poc
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: netdev@vger.kernel.org, daniel@iogearbox.net
Subject: bpf: data section support poc
Patch-mainline: No, status unknown, seems to be implemented in libbpf instead
References: none
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
lib/bpf.c | 40 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 38 insertions(+), 2 deletions(-)
diff --git a/lib/bpf.c b/lib/bpf.c
index 45f279fa4a41..eb208275ebaa 100644
--- a/lib/bpf.c
+++ b/lib/bpf.c
@@ -1142,6 +1142,7 @@ struct bpf_elf_ctx {
@@ -1147,6 +1147,7 @@ struct bpf_elf_ctx {
Elf_Data *sym_tab;
Elf_Data *str_tab;
Elf_Data *btf_data;
@ -22,7 +18,7 @@ index 45f279fa4a41..eb208275ebaa 100644
char obj_uid[64];
int obj_fd;
int btf_fd;
@@ -1157,6 +1158,7 @@ struct bpf_elf_ctx {
@@ -1162,6 +1163,7 @@ struct bpf_elf_ctx {
int sec_maps;
int sec_text;
int sec_btf;
@ -30,7 +26,7 @@ index 45f279fa4a41..eb208275ebaa 100644
char license[ELF_MAX_LICENSE_LEN];
enum bpf_prog_type type;
__u32 ifindex;
@@ -2037,6 +2039,15 @@ static int bpf_fetch_text(struct bpf_elf_ctx *ctx, int section,
@@ -2057,6 +2059,15 @@ static int bpf_fetch_text(struct bpf_elf_ctx *ctx, int section,
return 0;
}
@ -46,7 +42,7 @@ index 45f279fa4a41..eb208275ebaa 100644
static void bpf_btf_report(int fd, struct bpf_elf_ctx *ctx)
{
fprintf(stderr, "\nBTF debug data section \'.BTF\' %s%s (%d)!\n",
@@ -2246,6 +2257,11 @@ static bool bpf_has_call_data(const struct bpf_elf_ctx *ctx)
@@ -2270,6 +2281,11 @@ static bool bpf_has_call_data(const struct bpf_elf_ctx *ctx)
return ctx->sec_text;
}
@ -58,7 +54,7 @@ index 45f279fa4a41..eb208275ebaa 100644
static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
{
struct bpf_elf_sec_data data;
@@ -2267,6 +2283,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
@@ -2291,6 +2307,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
!strcmp(data.sec_name, ".text") &&
check_text_sec)
ret = bpf_fetch_text(ctx, i, &data);
@ -68,7 +64,7 @@ index 45f279fa4a41..eb208275ebaa 100644
else if (data.sec_hdr.sh_type == SHT_SYMTAB &&
!strcmp(data.sec_name, ".symtab"))
ret = bpf_fetch_symtab(ctx, i, &data);
@@ -2380,6 +2399,21 @@ static int bpf_apply_relo_map(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog
@@ -2404,6 +2423,21 @@ static int bpf_apply_relo_map(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog
return 0;
}
@ -90,7 +86,7 @@ index 45f279fa4a41..eb208275ebaa 100644
static int bpf_apply_relo_call(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
GElf_Rel *relo, GElf_Sym *sym,
struct bpf_relo_props *props)
@@ -2434,10 +2468,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx,
@@ -2458,10 +2492,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx,
if (sym.st_shndx == ctx->sec_maps)
ret = bpf_apply_relo_map(ctx, prog, &relo, &sym, props);
@ -104,7 +100,7 @@ index 45f279fa4a41..eb208275ebaa 100644
relo_ent, sym.st_shndx);
if (ret < 0)
return ret;
@@ -2533,7 +2569,7 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section)
@@ -2557,7 +2593,7 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section)
return ret;
}
@ -113,6 +109,3 @@ index 45f279fa4a41..eb208275ebaa 100644
ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen, &prog);
if (ret < 0 && !lderr)
ret = bpf_fetch_prog(ctx, section, &sseen);
--
2.19.1

BIN
iproute2-5.2.0.tar.sign
View File

Binary file not shown.

3
iproute2-5.2.0.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a5b95dec26353fc71dba9bb403e9343fad2a06bd69fb154a22a2aa2914f74da8
size 729540

BIN
iproute2-5.3.0.tar.sign Normal file
View File

Binary file not shown.

3
iproute2-5.3.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cb1c1e45993a3bd2438543fd4332d70f1726a6e6ff97dc613a8258c993117b3f
size 742660

30
iproute2.changes
View File

@ -1,3 +1,33 @@
-------------------------------------------------------------------
Wed Sep 25 07:07:32 UTC 2019 - Michal Kubeček <mkubecek@suse.cz>
- Update to new upstream release 5.3
* devlink: show devlink port number
* devlink: introduce PCI PF and VF port flavor and attribute
* ip: support for nexthop objects
* ip: add -Numeric option
* ip: bond: support peer notification delay
* rdma: query/set netns sharing sys parameter
* rdma: support setting netns of rdma device
* rdma: support "stat qp show"
* rdma: support per-port counter mode
* rdma: support stat manual mode
* rdma: support default counter statistics
* rdma: support CQ adaptive moderation
* tc: support act_ctinfo action
* tc: skbedit: add mask parameter
* tc: add mpls actions
* tc: stricter parameter parsing
* tc: netem: json output
* tipc: support interface name when activating UDP bearer
* update documentation
- refresh
* xfrm-support-displaying-transformations-used-for-Mob.patch
* bpf-data-section-support-poc.patch
* bpf-bss-section-poc.patch
- use fallback definition %make_build if it is not defined
(fix SLE12 build)
-------------------------------------------------------------------
Mon Aug 12 07:00:32 UTC 2019 - Martin Liška <mliska@suse.cz>

7
iproute2.spec
View File

@ -17,9 +17,9 @@
Name: iproute2
Version: 5.2
Version: 5.3
Release: 0
%define rversion 5.2.0
%define rversion 5.3.0
Summary: Linux network configuration utilities
License: GPL-2.0-only
Group: Productivity/Networking/Routing
@ -102,6 +102,9 @@ find . -name *.orig -delete
# https://bugzilla.novell.com/show_bug.cgi?id=388021
xt_libdir="$(pkg-config xtables --variable=xtlibdir)"
xt_cflags="$(pkg-config xtables --cflags)"
%if 0%{!?make_build:1}
%define make_build make %{?_smp_mflags}
%endif
%make_build CCOPTS="-D_GNU_SOURCE %optflags -Wstrict-prototypes -Wno-error -fPIC -DXT_LIB_DIR=\\\"$xt_libdir\\\" $xt_cflags"
%install

60
xfrm-support-displaying-transformations-used-for-Mob.patch
View File

@ -1,5 +1,4 @@
From: Jan Engelhardt <jengelh@inai.de>
Date: Wed, 21 Jan 2015 22:57:10 +0100
Subject: xfrm: support displaying transformations used for Mobile IPv6
Patch-mainline: No
@ -7,15 +6,13 @@ Patch taken from mip6d-ng c397c3b4a16bb2e31a86f6c5e344a1278d1577c5
and included in openSUSE so as to facilitate mip6d-ng.
---
ip/ipxfrm.c | 2 +-
ip/xfrm_policy.c | 1 +
ip/xfrm_state.c | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
ip/xfrm_policy.c | 3 ++-
ip/xfrm_state.c | 3 ++-
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index d5eb22e25476..b72858d8a210 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -114,7 +114,7 @@ struct typeent {
@@ -103,7 +103,7 @@ struct typeent {
static const struct typeent xfrmproto_types[] = {
{ "esp", IPPROTO_ESP }, { "ah", IPPROTO_AH }, { "comp", IPPROTO_COMP },
{ "route2", IPPROTO_ROUTING }, { "hao", IPPROTO_DSTOPTS },
@ -24,30 +21,33 @@ index d5eb22e25476..b72858d8a210 100644
{ NULL, -1 }
};
diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index de689c4d86c4..6ee2ec6abeba 100644
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -93,6 +93,7 @@ static void usage(void)
fprintf(stderr, "%s | ", strxf_xfrmproto(IPPROTO_ESP));
fprintf(stderr, "%s | ", strxf_xfrmproto(IPPROTO_AH));
fprintf(stderr, "%s | ", strxf_xfrmproto(IPPROTO_COMP));
+ fprintf(stderr, "%s | ", strxf_xfrmproto(IPPROTO_IPV6));
fprintf(stderr, "%s | ", strxf_xfrmproto(IPPROTO_ROUTING));
fprintf(stderr, "%s\n", strxf_xfrmproto(IPPROTO_DSTOPTS));
fprintf(stderr, "MODE := transport | tunnel | beet | ro | in_trigger\n");
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index e11c93bf1c3b..b501e6d04727 100644
@@ -97,10 +97,11 @@ static void usage(void)
"ID := [ src ADDR ] [ dst ADDR ] [ proto XFRM-PROTO ] [ spi SPI ]\n"
"XFRM-PROTO := ");
fprintf(stderr,
- "%s | %s | %s | %s | %s\n",
+ "%s | %s | %s | %s | %s | %s\n",
strxf_xfrmproto(IPPROTO_ESP),
strxf_xfrmproto(IPPROTO_AH),
strxf_xfrmproto(IPPROTO_COMP),
+ strxf_xfrmproto(IPPROTO_IPV6),
strxf_xfrmproto(IPPROTO_ROUTING),
strxf_xfrmproto(IPPROTO_DSTOPTS));
fprintf(stderr,
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -73,6 +73,7 @@ static void usage(void)
fprintf(stderr, "%s | ", strxf_xfrmproto(IPPROTO_ESP));
fprintf(stderr, "%s | ", strxf_xfrmproto(IPPROTO_AH));
fprintf(stderr, "%s | ", strxf_xfrmproto(IPPROTO_COMP));
+ fprintf(stderr, "%s | ", strxf_xfrmproto(IPPROTO_IPV6));
fprintf(stderr, "%s | ", strxf_xfrmproto(IPPROTO_ROUTING));
fprintf(stderr, "%s\n", strxf_xfrmproto(IPPROTO_DSTOPTS));
fprintf(stderr, "ALGO-LIST := [ ALGO-LIST ] ALGO\n");
--
2.14.1
@@ -76,10 +76,11 @@ static void usage(void)
"ID := [ src ADDR ] [ dst ADDR ] [ proto XFRM-PROTO ] [ spi SPI ]\n"
"XFRM-PROTO := ");
fprintf(stderr,
- "%s | %s | %s | %s | %s\n",
+ "%s | %s | %s | %s | %s | %s\n",
strxf_xfrmproto(IPPROTO_ESP),
strxf_xfrmproto(IPPROTO_AH),
strxf_xfrmproto(IPPROTO_COMP),
+ strxf_xfrmproto(IPPROTO_IPV6),
strxf_xfrmproto(IPPROTO_ROUTING),
strxf_xfrmproto(IPPROTO_DSTOPTS));
fprintf(stderr,