Accepting request 215343 from network:utilities

- Fixed ping segfaults (bnc#860616,bnc#860655)
  * Removed iputils-pingnamelookuponce.diff (forwarded request 215339 from hreinecke)

OBS-URL: https://build.opensuse.org/request/show/215343
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/iputils?expand=0&rev=32
This commit is contained in:
Stephan Kulow 2014-01-29 06:15:09 +00:00 committed by Git OBS Bridge
commit aa81defeb7
10 changed files with 93 additions and 229 deletions

View File

@ -1,61 +0,0 @@
diff -ur iputils/ping.c iputils.new/ping.c
--- ping.c 2004-03-17 12:36:43.000000000 +0100
+++ ping.c 2004-03-17 12:35:49.000000000 +0100
@@ -1141,15 +1141,24 @@
char *
pr_addr(__u32 addr)
{
- struct hostent *hp;
+ struct hostent *hp = NULL;
+ static __u32 last_addr;
static char buf[4096];
- if ((options & F_NUMERIC) ||
- !(hp = gethostbyaddr((char *)&addr, 4, AF_INET)))
- sprintf(buf, "%s", inet_ntoa(*(struct in_addr *)&addr));
- else
+ if (!(options & F_NUMERIC)) {
+ if (buf[0] && addr == last_addr)
+ return buf;
+ hp = gethostbyaddr((char *)&addr, 4, AF_INET);
+ }
+
+ if (hp) {
snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name,
inet_ntoa(*(struct in_addr *)&addr));
+ } else {
+ sprintf(buf, "%s", inet_ntoa(*(struct in_addr *)&addr));
+ }
+
+ last_addr = addr;
return(buf);
}
diff -ur iputils/ping6.c iputils.new/ping6.c
--- ping6.c 2004-03-17 12:36:43.000000000 +0100
+++ ping6.c 2004-03-17 12:36:29.000000000 +0100
@@ -898,11 +898,22 @@
char * pr_addr(struct in6_addr *addr)
{
struct hostent *hp = NULL;
+ static struct in6_addr last_addr;
+ static char buf[1024];
- if (!(options&F_NUMERIC))
+ if (!(options&F_NUMERIC)) {
+ if (buf[0] && !memcmp(&last_addr, addr, sizeof(*addr)))
+ return buf;
hp = gethostbyaddr((__u8*)addr, sizeof(struct in6_addr), AF_INET6);
+ }
- return hp ? hp->h_name : pr_addr_n(addr);
+ if (hp && strlen(hp->h_name) < sizeof(buf)) {
+ strcpy(buf, hp->h_name);
+ } else {
+ inet_ntop(AF_INET6, addr, buf, sizeof(buf));
+ }
+ last_addr = *addr;
+ return buf;
}
char * pr_addr_n(struct in6_addr *addr)

View File

@ -1,11 +0,0 @@
--- ping.c 2011-05-31 10:02:27.076182828 +0200
+++ ping.c 2011-05-31 10:02:34.513776200 +0200
@@ -699,7 +699,7 @@
void pr_echo_reply(__u8 *_icp, int len)
{
struct icmphdr *icp = (struct icmphdr *)_icp;
- printf(" icmp_req=%u", ntohs(icp->un.echo.sequence));
+ printf(" icmp_seq=%u", ntohs(icp->un.echo.sequence));
}
int

View File

@ -1,118 +0,0 @@
From 584838c9d4a496c4329e4c9a3d35520db00abb99 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Wed, 3 Nov 2010 17:43:42 +0100
Subject: [PATCH iputils] drop capabilities
dropping capabilities makes sure that ping also gets rid of privileges
gained via fscaps. Capabilities are also dropped when called as root so
the running ping process has no special privileges anymore at all even
in that case. Capabilities need to be dropped after setuid() otherwise a
setuid ping would not have the privileges to drop root privileges anymore!
---
Makefile | 6 ++++++
ping.c | 16 ++++++++++++++++
ping6.c | 16 ++++++++++++++++
3 files changed, 38 insertions(+), 0 deletions(-)
diff --git a/Makefile b/Makefile
index d9a5ca5..6629ebf 100644
--- a/Makefile
+++ b/Makefile
@@ -6,6 +6,12 @@ DEFINES=
#options if you have a bind>=4.9.4 libresolv (or, maybe, glibc)
LDLIBS=
ADDLIB=
+CAPABILITIES=
+
+ifeq ($(CAPABILITIES),1)
+DEFINES += -DHAVE_CAPABILITIES
+LDLIBS += -lcap
+endif
#options if you compile with libc5, and without a bind>=4.9.4 libresolv
# NOT AVAILABLE. Please, use libresolv.
diff --git a/ping.c b/ping.c
index eacb29d..fa91163 100644
--- a/ping.c
+++ b/ping.c
@@ -62,6 +62,9 @@ char copyright[] =
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
+#ifdef HAVE_CAPABILITIES
+#include <sys/capability.h>
+#endif
#ifndef ICMP_FILTER
#define ICMP_FILTER 1
@@ -122,6 +125,9 @@ main(int argc, char **argv)
u_char *packet;
char *target, hnamebuf[MAX_HOSTNAMELEN];
char rspace[3 + 4 * NROUTES + 1]; /* record route space */
+#ifdef HAVE_CAPABILITIES
+ cap_t caps;
+#endif
icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
socket_errno = errno;
@@ -132,6 +138,16 @@ main(int argc, char **argv)
exit(-1);
}
+#ifdef HAVE_CAPABILITIES
+ /* drop all capabilities unconditionally so even root isn't special anymore */
+ caps = cap_init();
+ if (cap_set_proc(caps) < 0) {
+ perror("ping: cap_set_proc");
+ exit(-1);
+ }
+ cap_free(caps);
+#endif
+
source.sin_family = AF_INET;
preload = 1;
diff --git a/ping6.c b/ping6.c
index c5ff881..bfc0769 100644
--- a/ping6.c
+++ b/ping6.c
@@ -72,6 +72,9 @@ char copyright[] =
#include <netinet/ip6.h>
#include <netinet/icmp6.h>
#include <resolv.h>
+#ifdef HAVE_CAPABILITIES
+#include <sys/capability.h>
+#endif
#include "ping6_niquery.h"
@@ -528,6 +531,9 @@ int main(int argc, char *argv[])
int csum_offset, sz_opt;
#endif
static uint32_t scope_id = 0;
+#ifdef HAVE_CAPABILITIES
+ cap_t caps;
+#endif
icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
socket_errno = errno;
@@ -538,6 +544,16 @@ int main(int argc, char *argv[])
exit(-1);
}
+#ifdef HAVE_CAPABILITIES
+ /* drop all capabilities unconditionally so even root isn't special anymore */
+ caps = cap_init();
+ if (cap_set_proc(caps) < 0) {
+ perror("ping: cap_set_proc");
+ exit(-1);
+ }
+ cap_free(caps);
+#endif
+
source.sin6_family = AF_INET6;
memset(&firsthop, 0, sizeof(firsthop));
firsthop.sin6_family = AF_INET6;
--
1.7.1

View File

@ -1,6 +1,18 @@
--- ping.c 2013-07-23 11:15:15.851715020 +0200 From 41e442fea26f20ceb815306777d36361575825cc Mon Sep 17 00:00:00 2001
+++ ping.c 2013-07-23 11:15:28.075824028 +0200 From: Hannes Reinecke <hare@suse.de>
@@ -103,6 +103,7 @@ Date: Mon, 26 Aug 2013 13:05:01 +0200
Subject: Allow ping to be interrupted
Signed-off-by: Hannes Reinecke <hare@suse.de>
---
ping.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/ping.c b/ping.c
index 0357c3d..83a7aad 100644
--- a/ping.c
+++ b/ping.c
@@ -103,6 +103,7 @@ static void usage(void) __attribute__((noreturn));
static u_short in_cksum(const u_short *addr, int len, u_short salt); static u_short in_cksum(const u_short *addr, int len, u_short salt);
static void pr_icmph(__u8 type, __u8 code, __u32 info, struct icmphdr *icp); static void pr_icmph(__u8 type, __u8 code, __u32 info, struct icmphdr *icp);
static int parsetos(char *str); static int parsetos(char *str);
@ -8,7 +20,7 @@
static struct { static struct {
struct cmsghdr cm; struct cmsghdr cm;
@@ -266,6 +267,8 @@ @@ -262,6 +263,8 @@ main(int argc, char **argv)
options |= F_SOURCEROUTE; options |= F_SOURCEROUTE;
} }
} }
@ -17,8 +29,8 @@
while (argc > 0) { while (argc > 0) {
target = *argv; target = *argv;
@@ -1273,3 +1276,9 @@ @@ -1398,3 +1401,9 @@ void usage(void)
" [-T tstamp-options] [-Q tos] [hop1 ...] destination\n"); );
exit(2); exit(2);
} }
+ +
@ -27,3 +39,6 @@
+ exit (1); + exit (1);
+} +}
+ +
--
1.8.1.4

View File

@ -1,8 +1,27 @@
--- ping.c 2013-07-23 11:02:26.364843595 +0200 From bf83678619dd0286f7a66f2ab02763751b0e8ca9 Mon Sep 17 00:00:00 2001
+++ ping.c 2013-07-23 11:02:32.740900627 +0200 From: Hannes Reinecke <hare@suse.de>
@@ -129,6 +129,16 @@ Date: Mon, 26 Aug 2013 13:02:36 +0200
cap_t caps; Subject: Block SIGALRM in ping.c
#endif MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
ping depends on SIGALRM to exit eventually, so we need to mask
it with UNBLOCK.
Signed-off-by: Marcus Schäfer <ms@suse.de>
Signed-off-by: Hannes Reinecke <hare@suse.de>
---
ping.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/ping.c b/ping.c
index 71b445d..0357c3d 100644
--- a/ping.c
+++ b/ping.c
@@ -139,6 +139,16 @@ main(int argc, char **argv)
enable_capability_raw();
+ /* + /*
+ * ping depend on SIGALARM to exit sometimes, + * ping depend on SIGALARM to exit sometimes,
@ -17,3 +36,6 @@
icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
socket_errno = errno; socket_errno = errno;
--
1.8.1.4

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fd3af46c80ebb99607c2ca1f2a3608b6fe828e25bbec6e54f2afd25f6ddb6ee7
size 94386

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:450f549fc5b620c23c5929aa6d54b7ddfc7ee1cb1e8efdc5e8bb21d8d0c5319f
size 155344

View File

@ -1,6 +1,18 @@
--- traceroute6.c From 9c60c5877436c2feabe55ff91f6d279564fe1a31 Mon Sep 17 00:00:00 2001
+++ traceroute6.c 2004/09/03 09:38:22 From: Hannes Reinecke <hare@suse.de>
@@ -230,6 +230,7 @@ Date: Thu, 23 Jan 2014 10:32:36 +0100
Subject: traceroute6: Include stdint.h
Signed-off-by: Hannes Reinecke <hare@suse.de>
---
traceroute6.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/traceroute6.c b/traceroute6.c
index 0538d4b..7205fa3 100644
--- a/traceroute6.c
+++ b/traceroute6.c
@@ -230,6 +230,7 @@ char copyright[] =
* Tue Dec 20 03:50:13 PST 1988 * Tue Dec 20 03:50:13 PST 1988
*/ */
@ -8,3 +20,6 @@
#include <sys/param.h> #include <sys/param.h>
#include <sys/time.h> #include <sys/time.h>
#include <sys/socket.h> #include <sys/socket.h>
--
1.8.1.4

View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Tue Jan 28 08:13:46 CET 2014 - hare@suse.de
- Fixed ping segfaults (bnc#860616,bnc#860655)
* Removed iputils-pingnamelookuponce.diff
-------------------------------------------------------------------
Thu Jan 23 11:02:06 CET 2014 - hare@suse.de
- Update to upstream version s20121221 (FATE#316211)
- See RELNOTES for full changelog
- Removed merges patches:
* iputils-pingtypo.diff
* iputils-s20101006-capabilities.diff
- Updated patches for apply
- Remove libsysfs dependency (FATE#316211)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Nov 13 14:43:36 UTC 2013 - meissner@suse.com Wed Nov 13 14:43:36 UTC 2013 - meissner@suse.com

View File

@ -1,7 +1,7 @@
# #
# spec file for package iputils # spec file for package iputils
# #
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -19,29 +19,21 @@
Name: iputils Name: iputils
BuildRequires: docbook_3 BuildRequires: docbook_3
BuildRequires: iso_ent BuildRequires: iso_ent
BuildRequires: libcap-devel
BuildRequires: libopenssl-devel BuildRequires: libopenssl-devel
BuildRequires: opensp BuildRequires: opensp
BuildRequires: perl-SGMLS BuildRequires: perl-SGMLS
%if 0%{?suse_version} > 1130
BuildRequires: sysfsutils-devel
%else
BuildRequires: sysfsutils
%endif
BuildRequires: libcap-devel
Summary: IPv4 and IPv6 Networking Utilities Summary: IPv4 and IPv6 Networking Utilities
License: BSD-3-Clause and GPL-2.0+ License: BSD-3-Clause and GPL-2.0+
Group: Productivity/Networking/Other Group: Productivity/Networking/Other
Version: s20101006 Version: s20121221
Release: 0 Release: 0
Url: http://www.skbuff.net/iputils Url: http://www.skbuff.net/iputils
Source: http://www.skbuff.net/iputils/iputils-%{version}.tar.bz2 Source: http://www.skbuff.net/iputils/iputils-%{version}.tar.bz2
# XXX: from linux/Documentation/networking/ifenslave.c # XXX: from linux/Documentation/networking/ifenslave.c
Source1: ifenslave.c Source1: ifenslave.c
Patch1: iputils-pingnamelookuponce.diff
Patch2: iputils-traceroute6-stdint.diff Patch2: iputils-traceroute6-stdint.diff
Patch3: iputils-ifenslave.diff Patch3: iputils-ifenslave.diff
Patch6: iputils-s20101006-capabilities.diff
Patch7: iputils-pingtypo.diff
Patch8: iputils-s20101006-sec-ping-unblock.diff Patch8: iputils-s20101006-sec-ping-unblock.diff
Patch9: iputils-s20101006-ping-interrupt.diff Patch9: iputils-s20101006-ping-interrupt.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -54,23 +46,16 @@ rdisc, ping6, traceroute6, tracepath, and tracepath6.
%prep %prep
%setup -q %setup -q
cp -a %SOURCE1 . cp -a %SOURCE1 .
%patch1 %patch2 -p1
%patch2
%patch3 %patch3
#patch4 %patch8 -p1
#patch5 %patch9 -p1
%patch6 -p1
%patch7
%patch8
%patch9
mkdir linux
touch linux/autoconf.h
%build %build
make %{?_smp_mflags} KERNEL_INCLUDE=$PWD \ make %{?_smp_mflags} KERNEL_INCLUDE=$PWD \
CCOPT='%optflags -fno-strict-aliasing -fpie -D_GNU_SOURCE' \ CCOPT='%optflags -fno-strict-aliasing -fpie -D_GNU_SOURCE' \
LDLIBS='-Wl,-z,relro,-z,now -pie -lcap -lresolv' \ LDLIBS='-Wl,-z,relro,-z,now -pie -lcap -lresolv' \
CAPABILITIES=1 CAPABILITIES=1 LDFLAG_GNUTLS='-lcrypto -lssl'
gcc $RPM_OPT_FLAGS -o ifenslave ifenslave.c gcc $RPM_OPT_FLAGS -o ifenslave ifenslave.c
make man make man