Accepting request 626868 from home:mkubecek:branches:security:netfilter

- Update to new upstream release 4.17

OBS-URL: https://build.opensuse.org/request/show/626868
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iproute2?expand=0&rev=162

adjust-installation-directories-for-openSUSE-SLE.patch

@@ -5,25 +5,23 @@ Patch-mainline: Never, SUSE specific
 
 Match the directory layout of openSUSE and SLE.
 ---
- Makefile       |    4 ++--
+ Makefile       | 4 ++--
- netem/Makefile |    5 +++--
+ netem/Makefile | 5 +++--
- tc/q_netem.c   |    2 +-
+ tc/q_netem.c   | 2 +-
  3 files changed, 6 insertions(+), 5 deletions(-)
 
-Index: iproute2-4.14.1/Makefile
+--- a/Makefile
-===================================================================
++++ b/Makefile
---- iproute2-4.14.1.orig/Makefile
+@@ -14,7 +14,7 @@ endif
-+++ iproute2-4.14.1/Makefile
-@@ -6,7 +6,7 @@ endif
  
  PREFIX?=/usr
  LIBDIR?=$(PREFIX)/lib
 -SBINDIR?=/sbin
 +SBINDIR?=/usr/sbin
  CONFDIR?=/etc/iproute2
- DATADIR?=$(PREFIX)/share
+ NETNS_RUN_DIR?=/var/run/netns
- HDRDIR?=$(PREFIX)/include/iproute2
+ NETNS_ETC_DIR?=/etc/netns
-@@ -21,7 +21,7 @@ DBM_INCLUDE:=$(DESTDIR)/usr/include
+@@ -31,7 +31,7 @@ DBM_INCLUDE:=$(DESTDIR)/usr/include
  
  SHARED_LIBS = y
  
@@ -32,11 +30,9 @@ Index: iproute2-4.14.1/Makefile
  ifneq ($(SHARED_LIBS),y)
  DEFINES+= -DNO_SHARED_LIBS
  endif
-Index: iproute2-4.14.1/netem/Makefile
+--- a/netem/Makefile
-===================================================================
++++ b/netem/Makefile
---- iproute2-4.14.1.orig/netem/Makefile
+@@ -7,6 +7,7 @@ DISTDATA = normal.dist pareto.dist paretonormal.dist experimental.dist
-+++ iproute2-4.14.1/netem/Makefile
-@@ -6,6 +6,7 @@ DISTDATA = normal.dist pareto.dist paret
  HOSTCC ?= $(CC)
  CCOPTS  = $(CBUILD_CFLAGS)
  LDLIBS += -lm
@@ -44,7 +40,7 @@ Index: iproute2-4.14.1/netem/Makefile
  
  all: $(DISTGEN) $(DISTDATA)
  
-@@ -22,9 +23,9 @@ stats: stats.c
+@@ -23,9 +24,9 @@ stats: stats.c
  	$(HOSTCC) $(CCOPTS) -I../include -o $@ $@.c -lm
  
  install: all
@@ -56,11 +52,9 @@ Index: iproute2-4.14.1/netem/Makefile
  	done
  
  clean:
-Index: iproute2-4.14.1/tc/q_netem.c
+--- a/tc/q_netem.c
-===================================================================
++++ b/tc/q_netem.c
---- iproute2-4.14.1.orig/tc/q_netem.c
+@@ -96,7 +96,7 @@ static int get_distribution(const char *type, __s16 *data, int maxdata)
-+++ iproute2-4.14.1/tc/q_netem.c
-@@ -113,7 +113,7 @@ static int get_distribution(const char *
  	char *line = NULL;
  	char name[128];
  

iproute2-4.16.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0c5c24020fd7349fe25728c5edee9fb6a1bc8a38f08e23be5c57a6301e55ee0a
-size 661336

iproute2-4.17.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6fa991b092315887775b9e47dc6a89af7ae09dd3ad4ccff754d055c566b4be6e
+size 675268

iproute2.changes

@@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Wed Aug  1 08:28:16 UTC 2018 - mkubecek@suse.cz
+
+- Update to new upstream release 4.17
+  * use netlink rather than proc and sysfs for tunnels
+  * man: document -json and -pretty options
+  * ip, tc: JSON and color output for more subcommands
+  * bridge: implement JSON and color output
+  * tc: implement color output
+  * rdma: Add batch command support
+  * ss: print skmeminfo for packet sockets
+  * ip: link_gre6.c: Support IP6_TNL_F_ALLOW_LOCAL_REMOTE flag
+  * tc: support the ipt ematch
+  * ip rule: let user see and use protocol keyword
+  * rdma: update device capabilities flags (PCI write end padding)
+  * tc: f_flower: Add support for matching first frag packets
+  * bridge: add option extern_learn
+  * ss: Add support for TIPC socket diag
+  * tipc: introduce command for handling a new 128-bit node
+    identity
+  * tc: add oneline mode
+  * rdma: ad PD, MR, CQ and CM_ID resource tracking information
+  * rdma: Ignore unknown netlink attributes
+  * ip/l2tp: remove offset and peer-offset options
+  * ss: drop slabinfo based statistics
+  * ip: don't lookup interface index until needed
+  * rt_protos: drop old experimental gated names
+  * ip: IFLA_NEW_NETNSID/IFLA_NEW_IFINDEX support
+  * devlink: do not require NETLINK_{CAP,EXT}_ACK
+  * ip: display netns name instead of nsid
+  * ip link: enable to specify a name for the link-netns
+- rdma-sync-some-IP-headers-with-glibc.patch:
+  fix build on Leap 42.3 and SLE12
+- utils-Do-not-reset-family-for-default-any-all-addres.patch:
+  drop (present in 4.17)
+- adjust-installation-directories-for-openSUSE-SLE.patch:
+  refresh
+- split-link-and-compile-steps-for-binaries.patch:
+  refresh
+
 -------------------------------------------------------------------
 Wed May  2 06:13:55 UTC 2018 - mkubecek@suse.cz
 

iproute2.spec

@@ -17,9 +17,9 @@
 
 
 Name:           iproute2
-Version:        4.16
+Version:        4.17
 Release:        0
-%define rversion 4.16.0
+%define rversion 4.17.0
 Summary:        Linux network configuration utilities
 License:        GPL-2.0-only
 Group:          Productivity/Networking/Routing
@@ -37,7 +37,7 @@ Patch3:         add-explicit-typecast-to-avoid-gcc-warning.patch
 Patch4:         xfrm-support-displaying-transformations-used-for-Mob.patch
 Patch6:         split-link-and-compile-steps-for-binaries.patch
 Patch7:         examples-fix-bashisms-in-example-script.patch
-Patch8:         utils-Do-not-reset-family-for-default-any-all-addres.patch
+Patch8:         rdma-sync-some-IP-headers-with-glibc.patch
 Patch102:       Revert-emp-fix-warning-on-deprecated-bison-directive.patch
 BuildRequires:  bison
 BuildRequires:  db-devel

rdma-sync-some-IP-headers-with-glibc.patch

@@ -0,0 +1,33 @@
+From: Hoang Le <hoang.h.le@dektech.com.au>
+Date: Wed, 13 Jun 2018 11:09:56 +0700
+Subject: rdma: sync some IP headers with glibc
+Patch-mainline: v4.18.0
+Git-commit: 5887ff0922a06d978d3271df9f01fcb04fadc75f
+
+In the commit 9a362cc71a45, new userspace header:
+  (i.e rdma/rdma_user_cm.h -> linux/in6.h)
+is included before the kernel space header:
+  (i.e utils.h -> resolv.h -> netinet/in.h).
+
+This leads to unsynchronous some IP headers and compiler got failure
+with error: redefinition of some structs IP.
+
+In this commit, just reorder this including to make them in-sync.
+
+Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
+Acked-by: Leon Romanovsky <leonro@mellanox.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+---
+ rdma/rdma.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/rdma/rdma.h
++++ b/rdma/rdma.h
+@@ -15,6 +15,7 @@
+ #include <string.h>
+ #include <errno.h>
+ #include <getopt.h>
++#include <netinet/in.h>
+ #include <libmnl/libmnl.h>
+ #include <rdma/rdma_netlink.h>
+ #include <rdma/rdma_user_cm.h>

split-link-and-compile-steps-for-binaries.patch

@@ -7,14 +7,12 @@ Do not compile and link in one step so that CFLAGS and LDFLAGS are only
 applied to the phase they are intended for. This is needed for PIE default
 to work.
 ---
- misc/Makefile |   17 +++++++++--------
+ misc/Makefile | 17 +++++++++--------
  1 file changed, 9 insertions(+), 8 deletions(-)
 
-Index: iproute2-4.14.1/misc/Makefile
+--- a/misc/Makefile
-===================================================================
++++ b/misc/Makefile
---- iproute2-4.14.1.orig/misc/Makefile
+@@ -9,23 +9,24 @@ include ../config.mk
-+++ iproute2-4.14.1/misc/Makefile
-@@ -8,23 +8,24 @@ include ../config.mk
  ifeq ($(HAVE_BERKELEY_DB),y)
  	TARGETS += arpd
  endif
@@ -41,9 +39,9 @@ Index: iproute2-4.14.1/misc/Makefile
 +	$(QUIET_CC)$(CC) $(LDFLAGS) -o rtacct rtacct.o $(LDLIBS) -lm
  
 -arpd: arpd.c
--	$(QUIET_CC)$(CC) $(CFLAGS) -I$(DBM_INCLUDE) $(LDFLAGS) -o arpd arpd.c $(LDLIBS) -ldb -lpthread
+-	$(QUIET_CC)$(CC) $(CFLAGS) -I$(DBM_INCLUDE) $(LDFLAGS) -o arpd arpd.c $(LDLIBS) -ldb
 +arpd: arpd.o
-+	$(QUIET_CC)$(CC) $(LDFLAGS) -o arpd arpd.o $(LDLIBS) -ldb -lpthread
++	$(QUIET_CC)$(CC) $(LDFLAGS) -o arpd arpd.o $(LDLIBS) -ldb
  
  ssfilter.c: ssfilter.y
  	$(QUIET_YACC)bison ssfilter.y -o ssfilter.c

utils-Do-not-reset-family-for-default-any-all-addres.patch

@@ -1,50 +0,0 @@
-From: David Ahern <dsahern@gmail.com>
-Date: Fri, 13 Apr 2018 09:36:33 -0700
-Subject: utils: Do not reset family for default, any, all addresses
-Patch-mainline: v4.17.0
-Git-commit: d42c7891d26e4d5616a55aac9fe10813767fcf9c
-References: bsc#1091603
-
-Thomas reported a change in behavior with respect to autodectecting
-address families. Specifically, 'ip ro add default via fe80::1'
-syntax was failing to treat fe80::1 as an IPv6 address as it did in
-prior releases. The root causes appears to be a change in family when
-the default keyword is parsed.
-
-'default', 'any' and 'all' are relevant outside of AF_INET. Leave the
-family arg as is for these when setting addr.
-
-Fixes: 93fa12418dc6 ("utils: Always specify family and ->bytelen in get_prefix_1()")
-Reported-by: Thomas Deutschmann <whissi@gentoo.org>
-Signed-off-by: David Ahern <dsahern@gmail.com>
-Cc: Serhey Popovych <serhe.popovych@gmail.com>
-
----
- lib/utils.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/utils.c b/lib/utils.c
-index b9e9a6caaf54..803bcc45f2f2 100644
---- a/lib/utils.c
-+++ b/lib/utils.c
-@@ -566,7 +566,7 @@ static int __get_addr_1(inet_prefix *addr, const char *name, int family)
- 	if (strcmp(name, "default") == 0) {
- 		if ((family == AF_DECnet) || (family == AF_MPLS))
- 			return -1;
--		addr->family = (family != AF_UNSPEC) ? family : AF_INET;
-+		addr->family = family;
- 		addr->bytelen = af_byte_len(addr->family);
- 		addr->bitlen = -2;
- 		addr->flags |= PREFIXLEN_SPECIFIED;
-@@ -577,7 +577,7 @@ static int __get_addr_1(inet_prefix *addr, const char *name, int family)
- 	    strcmp(name, "any") == 0) {
- 		if ((family == AF_DECnet) || (family == AF_MPLS))
- 			return -1;
--		addr->family = AF_UNSPEC;
-+		addr->family = family;
- 		addr->bytelen = 0;
- 		addr->bitlen = -2;
- 		return 0;
--- 
-2.16.3
-