Accepting request 702651 from security:netfilter

OBS-URL: https://build.opensuse.org/request/show/702651
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/iproute2?expand=0&rev=102

Revert-tc-ematch-fix-deprecated-yacc-warning.patch

@@ -0,0 +1,26 @@
+From: Michal Kubecek <mkubecek@suse.cz>
+Date: Mon, 13 May 2019 11:09:08 +0200
+Subject: Revert "tc/ematch: fix deprecated yacc warning"
+Patch-mainline: Never, build fix for older distributions
+
+This reverts commit 38983334f6d59318f40cda5cab771a92c2510695.
+
+For SLE <= 12 and openSUSE 42.3 only. Their bison (version 2.7) does not
+recognize new syntax.
+---
+ tc/emp_ematch.y | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/tc/emp_ematch.y
++++ b/tc/emp_ematch.y
+@@ -8,8 +8,8 @@
+ 
+ %locations
+ %token-table
+-%define parse.error verbose
+-%define api.prefix {ematch_}
++%error-verbose
++%name-prefix "ematch_"
+ 
+ %union {
+ 	unsigned int i;

bpf-bss-section-poc.patch

@@ -0,0 +1,113 @@
+From 8f256b14edf9fdba3e0c688b76a4124d8627cde1 Mon Sep 17 00:00:00 2001
+From: Joe Stringer <joe@wand.net.nz>
+Date: Thu, 24 Jan 2019 20:55:39 -0800
+Subject: [PATCH iproute2-next 2/2] bpf: bss section poc
+To: Stephen Hemminger <stephen@networkplumber.org>
+Cc: netdev@vger.kernel.org, daniel@iogearbox.net
+
+The .bss section denotes uninitialized data, which is for instance what
+clang will generate if a static variable is set to zero by default.
+Teach the bpf library about .bss so that such variables can be properly
+initialized.
+
+Signed-off-by: Joe Stringer <joe@wand.net.nz>
+---
+ lib/bpf.c | 37 +++++++++++++++++++++++++++++++++++--
+ 1 file changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/lib/bpf.c b/lib/bpf.c
+index eb208275ebaa..69eaa5ee732d 100644
+--- a/lib/bpf.c
++++ b/lib/bpf.c
+@@ -1159,6 +1159,7 @@ struct bpf_elf_ctx {
+ 	int			sec_text;
+ 	int			sec_btf;
+ 	int			sec_data;
++	int			sec_bss;
+ 	char			license[ELF_MAX_LICENSE_LEN];
+ 	enum bpf_prog_type	type;
+ 	__u32			ifindex;
+@@ -2048,6 +2049,14 @@ static int bpf_fetch_data(struct bpf_elf_ctx *ctx, int section,
+ 	return 0;
+ }
+ 
++static int bpf_fetch_bss(struct bpf_elf_ctx *ctx, int section,
++			  struct bpf_elf_sec_data *data)
++{
++	ctx->sec_bss = section;
++	ctx->sec_done[section] = true;
++	return 0;
++}
++
+ static void bpf_btf_report(int fd, struct bpf_elf_ctx *ctx)
+ {
+ 	fprintf(stderr, "\nBTF debug data section \'.BTF\' %s%s (%d)!\n",
+@@ -2262,6 +2271,11 @@ static bool bpf_has_glob_data(const struct bpf_elf_ctx *ctx)
+ 	return ctx->sec_data;
+ }
+ 
++static bool bpf_has_bss_data(const struct bpf_elf_ctx *ctx)
++{
++	return ctx->sec_bss;
++}
++
+ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
+ {
+ 	struct bpf_elf_sec_data data;
+@@ -2286,6 +2300,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
+ 		else if (data.sec_hdr.sh_type == SHT_PROGBITS &&
+ 			 !strcmp(data.sec_name, ".data"))
+ 			ret = bpf_fetch_data(ctx, i, &data);
++		else if (data.sec_hdr.sh_type == SHT_NOBITS &&
++			 !strcmp(data.sec_name, ".bss"))
++			ret = bpf_fetch_bss(ctx, i, &data);
+ 		else if (data.sec_hdr.sh_type == SHT_SYMTAB &&
+ 			 !strcmp(data.sec_name, ".symtab"))
+ 			ret = bpf_fetch_symtab(ctx, i, &data);
+@@ -2414,6 +2431,19 @@ static int bpf_apply_relo_glob(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *pro
+ 	return 0;
+ }
+ 
++static int bpf_apply_relo_bss(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
++			      GElf_Rel *relo, GElf_Sym *sym,
++			      struct bpf_relo_props *props)
++{
++	unsigned int insn_off = relo->r_offset / sizeof(struct bpf_insn);
++
++	if (insn_off >= prog->insns_num)
++		return -EINVAL;
++
++	prog->insns[insn_off].imm = 0;
++	return 0;
++}
++
+ static int bpf_apply_relo_call(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
+ 			       GElf_Rel *relo, GElf_Sym *sym,
+ 			       struct bpf_relo_props *props)
+@@ -2470,10 +2500,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx,
+ 			ret = bpf_apply_relo_map(ctx, prog, &relo, &sym, props);
+ 		else if (sym.st_shndx == ctx->sec_data)
+ 			ret = bpf_apply_relo_glob(ctx, prog, &relo, &sym, props);
++		else if (sym.st_shndx == ctx->sec_bss)
++			ret = bpf_apply_relo_bss(ctx, prog, &relo, &sym, props);
+ 		else if (sym.st_shndx == ctx->sec_text)
+ 			ret = bpf_apply_relo_call(ctx, prog, &relo, &sym, props);
+ 		else
+-			fprintf(stderr, "ELF contains non-{map,data,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
++			fprintf(stderr, "ELF contains non-{bss,call,data,map} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
+ 				relo_ent, sym.st_shndx);
+ 		if (ret < 0)
+ 			return ret;
+@@ -2569,7 +2601,8 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section)
+ 			return ret;
+ 	}
+ 
+-	if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) || bpf_has_glob_data(ctx))
++	if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) ||
++	    bpf_has_glob_data(ctx) || bpf_has_bss_data(ctx))
+ 		ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen, &prog);
+ 	if (ret < 0 && !lderr)
+ 		ret = bpf_fetch_prog(ctx, section, &sseen);
+-- 
+2.19.1
+

bpf-data-section-support-poc.patch

@@ -0,0 +1,118 @@
+From 4e0dcb220bd77a5ddf0f8956740281efbf1ead90 Mon Sep 17 00:00:00 2001
+From: Daniel Borkmann <daniel@iogearbox.net>
+Date: Wed, 31 Oct 2018 20:25:22 +0100
+Subject: [PATCH iproute2-next 1/2] bpf: data section support poc
+To: Stephen Hemminger <stephen@networkplumber.org>
+Cc: netdev@vger.kernel.org, daniel@iogearbox.net
+
+Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
+---
+ lib/bpf.c | 40 ++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 38 insertions(+), 2 deletions(-)
+
+diff --git a/lib/bpf.c b/lib/bpf.c
+index 45f279fa4a41..eb208275ebaa 100644
+--- a/lib/bpf.c
++++ b/lib/bpf.c
+@@ -1142,6 +1142,7 @@ struct bpf_elf_ctx {
+ 	Elf_Data		*sym_tab;
+ 	Elf_Data		*str_tab;
+ 	Elf_Data		*btf_data;
++	Elf_Data		*glo_data;
+ 	char			obj_uid[64];
+ 	int			obj_fd;
+ 	int			btf_fd;
+@@ -1157,6 +1158,7 @@ struct bpf_elf_ctx {
+ 	int			sec_maps;
+ 	int			sec_text;
+ 	int			sec_btf;
++	int			sec_data;
+ 	char			license[ELF_MAX_LICENSE_LEN];
+ 	enum bpf_prog_type	type;
+ 	__u32			ifindex;
+@@ -2037,6 +2039,15 @@ static int bpf_fetch_text(struct bpf_elf_ctx *ctx, int section,
+ 	return 0;
+ }
+ 
++static int bpf_fetch_data(struct bpf_elf_ctx *ctx, int section,
++			  struct bpf_elf_sec_data *data)
++{
++	ctx->sec_data = section;
++	ctx->glo_data = data->sec_data;
++	ctx->sec_done[section] = true;
++	return 0;
++}
++
+ static void bpf_btf_report(int fd, struct bpf_elf_ctx *ctx)
+ {
+ 	fprintf(stderr, "\nBTF debug data section \'.BTF\' %s%s (%d)!\n",
+@@ -2246,6 +2257,11 @@ static bool bpf_has_call_data(const struct bpf_elf_ctx *ctx)
+ 	return ctx->sec_text;
+ }
+ 
++static bool bpf_has_glob_data(const struct bpf_elf_ctx *ctx)
++{
++	return ctx->sec_data;
++}
++
+ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
+ {
+ 	struct bpf_elf_sec_data data;
+@@ -2267,6 +2283,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
+ 			 !strcmp(data.sec_name, ".text") &&
+ 			 check_text_sec)
+ 			ret = bpf_fetch_text(ctx, i, &data);
++		else if (data.sec_hdr.sh_type == SHT_PROGBITS &&
++			 !strcmp(data.sec_name, ".data"))
++			ret = bpf_fetch_data(ctx, i, &data);
+ 		else if (data.sec_hdr.sh_type == SHT_SYMTAB &&
+ 			 !strcmp(data.sec_name, ".symtab"))
+ 			ret = bpf_fetch_symtab(ctx, i, &data);
+@@ -2380,6 +2399,21 @@ static int bpf_apply_relo_map(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog
+ 	return 0;
+ }
+ 
++static int bpf_apply_relo_glob(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
++			       GElf_Rel *relo, GElf_Sym *sym,
++			       struct bpf_relo_props *props)
++{
++	unsigned int insn_off = relo->r_offset / sizeof(struct bpf_insn);
++	int *data;
++
++	if (insn_off >= prog->insns_num)
++		return -EINVAL;
++
++	data = ctx->glo_data->d_buf + sym->st_value;
++	prog->insns[insn_off].imm = *data;
++	return 0;
++}
++
+ static int bpf_apply_relo_call(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
+ 			       GElf_Rel *relo, GElf_Sym *sym,
+ 			       struct bpf_relo_props *props)
+@@ -2434,10 +2468,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx,
+ 
+ 		if (sym.st_shndx == ctx->sec_maps)
+ 			ret = bpf_apply_relo_map(ctx, prog, &relo, &sym, props);
++		else if (sym.st_shndx == ctx->sec_data)
++			ret = bpf_apply_relo_glob(ctx, prog, &relo, &sym, props);
+ 		else if (sym.st_shndx == ctx->sec_text)
+ 			ret = bpf_apply_relo_call(ctx, prog, &relo, &sym, props);
+ 		else
+-			fprintf(stderr, "ELF contains non-{map,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
++			fprintf(stderr, "ELF contains non-{map,data,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
+ 				relo_ent, sym.st_shndx);
+ 		if (ret < 0)
+ 			return ret;
+@@ -2533,7 +2569,7 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section)
+ 			return ret;
+ 	}
+ 
+-	if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx))
++	if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) || bpf_has_glob_data(ctx))
+ 		ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen, &prog);
+ 	if (ret < 0 && !lderr)
+ 		ret = bpf_fetch_prog(ctx, section, &sseen);
+-- 
+2.19.1
+

iproute2-4.20.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c8adaa6a40f888476b23acb283cfa30c0dd55f07b5aa20663ed5ba2ef1f6fda8
-size 707016

iproute2-5.1.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dc5a980873eabf6b00c0be976b6e5562b1400d47d1d07d2ac35d5e5acbcf7bcf
+size 722412

iproute2.changes

@@ -1,3 +1,56 @@
+-------------------------------------------------------------------
+Mon May 13 09:28:09 UTC 2019 - Michal Kubecek <mkubecek@suse.cz>
+
+- Revert-tc-ematch-fix-deprecated-yacc-warning.patch:
+  fix build on SLE12 and openSUSE Leap 42.3
+
+-------------------------------------------------------------------
+Mon May 13 08:25:42 UTC 2019 - Michal Kubecek <mkubecek@suse.cz>
+
+- Update to new upstream release 5.1
+  * bridge: fdb: add support for src_vni option
+  * devlink: report cell size
+  * devlink: add dev info and dev flash subcommands
+  * devlink: add health subcommand
+  * ip link: display netrom link type
+  * ip link: bond_slave: add xstats support
+  * ip link: bridge: support mcast to unicast flag
+  * ip netns: add attach subcommand to attach existing netns
+  * ip xfrm: add option to hide keys in state output
+  * ip xfrm: support xfrm interfaces
+  * rdma: add unbound workqueue to list of poll context types
+  * rdma: provide parent context index for all objects except CM_ID
+  * rdma: add prefix for driver attributes
+  * ss: support AF_XDP
+  * tc: add hit counter for matchall
+  * tc: add kind property to csum action
+  * tc: q_cake: support fwmark option
+  * improve batch and dump performance by caching link lookups
+  * more JSON support
+  * many text/JSON output fixes
+
+-------------------------------------------------------------------
+Sat Mar 23 05:39:54 UTC 2019 - seanlew@opensuse.org
+
+- Update to new upstream release 5.0.0
+  * ip route: get print JSON output when -j is given
+  * ip route: print route type in JSON output
+  * tc: m_connmark: fix action error messages
+  * ipaddress: print error messages on stderr
+  * iprule: fix printing hint about unresolved iifname + oofname
+  * man: Document COLORFGBG environment variable
+  * tcpedit: Fix wrong pedit ipv6 structure id
+  * ss: Render buffer to output every time a number of chunks alloc
+  * ss: fix compilation under glibc < 2.18
+
+-------------------------------------------------------------------
+Thu Mar  6 00:59:48 UTC 2019 - Joe Stringer <joe@cilium.io>
+
+- Add patches which enable support of BPF global data section,
+  pulled from https://github.com/cilium/iproute2/tree/static-data
+  * bpf-bss-section-poc.patch
+  * bpf-data-section-support-poc.patch
+
 -------------------------------------------------------------------
 Sat Jan 26 10:39:56 UTC 2019 - mkubecek@suse.cz
 

iproute2.spec

@@ -12,14 +12,14 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 Name:           iproute2
-Version:        4.20
+Version:        5.1
 Release:        0
-%define rversion 4.20.0
+%define rversion 5.1.0
 Summary:        Linux network configuration utilities
 License:        GPL-2.0-only
 Group:          Productivity/Networking/Routing
@@ -37,7 +37,10 @@ Patch3:         add-explicit-typecast-to-avoid-gcc-warning.patch
 Patch4:         xfrm-support-displaying-transformations-used-for-Mob.patch
 Patch6:         split-link-and-compile-steps-for-binaries.patch
 Patch7:         examples-fix-bashisms-in-example-script.patch
+Patch101:       Revert-tc-ematch-fix-deprecated-yacc-warning.patch
 Patch102:       Revert-emp-fix-warning-on-deprecated-bison-directive.patch
+Patch201:       bpf-data-section-support-poc.patch
+Patch202:       bpf-bss-section-poc.patch
 BuildRequires:  bison
 BuildRequires:  db-devel
 BuildRequires:  fdupes
@@ -84,7 +87,10 @@ bash command line completion support for iproute.
 
 %prep
 %setup -qn %name-%rversion
-%patch -P 1 -P 2 -P 3 -P 4 -P 6 -P 7 -p1
+%patch -P 1 -P 2 -P 3 -P 4 -P 6 -P 7 -P 201 -P 202 -p1
+%if 0%{?suse_version} < 1500
+%patch -P 101 -p1
+%endif
 %if 0%{?sles_version} == 11
 %patch -P 102 -p1
 %endif