Ubuntu
iproute2 package

Merge ~rafaeldtinoco/ubuntu/+source/iproute2:lp1913187-bionic into ubuntu/+source/iproute2:ubuntu/devel

  1. Git
  2. lp:~rafaeldtinoco/ubuntu/+source/iproute2
  3. lp1913187-bionic
  4. Merge into ubuntu/devel
Proposed by Rafael David Tinoco
Status: Superseded
Proposed branch: ~rafaeldtinoco/ubuntu/+source/iproute2:lp1913187-bionic
Merge into: ubuntu/+source/iproute2:ubuntu/devel
Diff against target: 813 lines (+543/-0) (has conflicts)
10 files modified
debian/changelog (+28/-0)
debian/compat (+4/-0)
debian/patches/1000-ubuntu-poc-fan-driver.patch (+54/-0)
debian/patches/1001-ubuntu-poc-fan-driver-v3.patch (+54/-0)
debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch (+67/-0)
debian/patches/CVE-2019-20795.patch (+71/-0)
debian/patches/lp1873961-tc-fix-bugs-for-tcp_flags-and-ip_attr-hex-output.patch (+150/-0)
debian/patches/lp1913187-ss-fix-NULL-dereference-when-rendering.patch (+40/-0)
debian/patches/netns-allow-negative-nsid (+65/-0)
debian/patches/series (+10/-0)
Conflict in debian/changelog
Conflict in debian/compat
Conflict in debian/patches/1000-ubuntu-poc-fan-driver.patch
Conflict in debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
Conflict in debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
Conflict in debian/patches/series
Reviewer Review Type Date Requested Status
Canonical Server Pending
Canonical Server Core Reviewers Pending
Review via email: mp+396920@code.launchpad.net
To post a comment you must log in.

Unmerged commits

967975d... by Rafael David Tinoco <email address hidden>

changelog

48054b6... by Rafael David Tinoco <email address hidden>

* Fix: NULL dereference when rendering without header

BugLink: https://bugs.launchpad.net/bugs/1913187

e21ddc1... by Stefan Bader

release: 4.15.0-2ubuntu1.2

Signed-off-by: Stefan Bader <email address hidden>

3ce3589... by Stefan Bader

Fix: tc filter show tcp_flags wrong mask value

BugLink: https://bugs.launchpad.net/bugs/1873961

Signed-off-by: Stefan Bader <email address hidden>

16880b4... by Leonidas S. Barbosa

4.15.0-2ubuntu1.1 (patches unapplied)

Imported using git-ubuntu import.

0ca2f6d... by Stefan Bader

4.15.0-2ubuntu1 (patches unapplied)

Imported using git-ubuntu import.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 04dda06..b06b572 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,4 @@
6+<<<<<<< debian/changelog
7 iproute2 (5.10.0-2ubuntu1) hirsute; urgency=low
8
9 * Merge from Debian unstable. Remaining changes:
10@@ -428,6 +429,30 @@ iproute2 (4.15.0-3) unstable; urgency=medium
11 (Closes: #891511)
12
13 -- Luca Boccassi <bluca@debian.org> Mon, 12 Mar 2018 22:46:24 +0000
14+=======
15+iproute2 (4.15.0-2ubuntu1.3) bionic; urgency=medium
16+
17+ * Fix: NULL dereference when rendering without header (LP: #1913187)
18+ - d/p/lp1913187-ss-fix-NULL-dereference-when-rendering.patch
19+
20+ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Tue, 26 Jan 2021 13:33:08 +0000
21+
22+iproute2 (4.15.0-2ubuntu1.2) bionic; urgency=medium
23+
24+ * tc filter show tcp_flags wrong mask value (LP: #1873961)
25+ - d/p/lp1873961-tc-fix-bugs-for-tcp_flags-and-ip_attr-hex-output.patch
26+
27+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 15 Jul 2020 17:16:31 +0200
28+
29+iproute2 (4.15.0-2ubuntu1.1) bionic-security; urgency=medium
30+
31+ * SECURITY UPDATE: Use-after-free
32+ - debian/patches/CVE-2019-20795.patch: fix a user-after-free in
33+ ip/ipnetns.c in get_netnsid_from_name.
34+ - CVE-2019-20795
35+
36+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Mon, 11 May 2020 11:40:47 -0300
37+>>>>>>> debian/changelog
38
39 iproute2 (4.15.0-2ubuntu1) bionic; urgency=medium
40
41@@ -1892,7 +1917,10 @@ iproute (961225-1) unstable; urgency=low
42
43 -- Tom Lees <tom@lpsg.demon.co.uk> Mon, 30 Dec 1996 11:12:23 +0000
44
45+<<<<<<< debian/changelog
46 Local variables:
47 mode: debian-changelog
48 End:
49
50+=======
51+>>>>>>> debian/changelog
52diff --git a/debian/compat b/debian/compat
53new file mode 100644
54index 0000000..42f1baf
55--- /dev/null
56+++ b/debian/compat
57@@ -0,0 +1,4 @@
58+<<<<<<< debian/compat
59+=======
60+10
61+>>>>>>> debian/compat
62diff --git a/debian/patches/1000-ubuntu-poc-fan-driver.patch b/debian/patches/1000-ubuntu-poc-fan-driver.patch
63index 4e62c03..4f19b27 100644
64--- a/debian/patches/1000-ubuntu-poc-fan-driver.patch
65+++ b/debian/patches/1000-ubuntu-poc-fan-driver.patch
66@@ -2,6 +2,7 @@ Description: POC fan driver support
67 POC Fan driver support
68 Author: Jay Vosburgh <jay.vosburgh@canonical.com>
69
70+<<<<<<< debian/patches/1000-ubuntu-poc-fan-driver.patch
71 Index: iproute2-5.5.0/ip/link_iptnl.c
72 ===================================================================
73 --- iproute2-5.5.0.orig/ip/link_iptnl.c
74@@ -39,10 +40,41 @@ Index: iproute2-5.5.0/ip/link_iptnl.c
75 + if (is_addrtype_inet(&underlay))
76 + addattr_l(n, 1024, IFLA_IPTUN_FAN_UNDERLAY,
77 + underlay.data, underlay.bytelen);
78+=======
79+Index: iproute2/ip/link_iptnl.c
80+===================================================================
81+--- iproute2.orig/ip/link_iptnl.c
82++++ iproute2/ip/link_iptnl.c
83+@@ -91,6 +91,7 @@ static int iptunnel_parse_opt(struct lin
84+ __u32 link = 0;
85+ __u32 laddr = 0;
86+ __u32 raddr = 0;
87++ __u32 underlay = 0;
88+ __u8 ttl = 0;
89+ __u8 tos = 0;
90+ __u8 pmtudisc = 1;
91+@@ -195,6 +196,9 @@ get_failed:
92+ if (strcmp(*argv, "remote") == 0) {
93+ NEXT_ARG();
94+ raddr = get_addr32(*argv);
95++ } else if (strcmp(*argv, "underlay") == 0) {
96++ NEXT_ARG();
97++ underlay = get_addr32(*argv);
98+ } else if (strcmp(*argv, "local") == 0) {
99+ NEXT_ARG();
100+ laddr = get_addr32(*argv);
101+@@ -356,6 +360,9 @@ get_failed:
102+ }
103+ }
104+
105++ if (underlay)
106++ addattr32(n, 1024, IFLA_IPTUN_FAN_UNDERLAY, underlay);
107+>>>>>>> debian/patches/1000-ubuntu-poc-fan-driver.patch
108 +
109 return 0;
110 }
111
112+<<<<<<< debian/patches/1000-ubuntu-poc-fan-driver.patch
113 @@ -391,6 +400,14 @@
114 tnl_print_endpoint("remote", tb[IFLA_IPTUN_REMOTE], AF_INET);
115 tnl_print_endpoint("local", tb[IFLA_IPTUN_LOCAL], AF_INET);
116@@ -63,6 +95,28 @@ Index: iproute2-5.5.0/include/uapi/linux/if_tunnel.h
117 --- iproute2-5.5.0.orig/include/uapi/linux/if_tunnel.h
118 +++ iproute2-5.5.0/include/uapi/linux/if_tunnel.h
119 @@ -77,6 +77,9 @@
120+=======
121+@@ -409,6 +416,14 @@ static void iptunnel_print_opt(struct li
122+
123+ print_string(PRINT_ANY, "local", "local %s ", local);
124+
125++ if (tb[IFLA_IPTUN_FAN_UNDERLAY]) {
126++ unsigned addr = rta_getattr_u32(tb[IFLA_IPTUN_FAN_UNDERLAY]);
127++
128++ if (addr)
129++ print_string(PRINT_ANY, "underlay", "underlay %s ",
130++ format_host(AF_INET, 4, &addr));
131++ }
132++
133+ if (tb[IFLA_IPTUN_LINK]) {
134+ unsigned int link = rta_getattr_u32(tb[IFLA_IPTUN_LINK]);
135+
136+Index: iproute2/include/uapi/linux/if_tunnel.h
137+===================================================================
138+--- iproute2.orig/include/uapi/linux/if_tunnel.h
139++++ iproute2/include/uapi/linux/if_tunnel.h
140+@@ -77,6 +77,9 @@ enum {
141+>>>>>>> debian/patches/1000-ubuntu-poc-fan-driver.patch
142 IFLA_IPTUN_ENCAP_DPORT,
143 IFLA_IPTUN_COLLECT_METADATA,
144 IFLA_IPTUN_FWMARK,
145diff --git a/debian/patches/1001-ubuntu-poc-fan-driver-v3.patch b/debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
146index 8c7d4c3..ff2eecf 100644
147--- a/debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
148+++ b/debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
149@@ -1,11 +1,19 @@
150 Description: Fan driver support v3
151 Fan driver support v3
152 Author: Jay Vosburgh <jay.vosburgh@canonical.com>
153+<<<<<<< debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
154 Index: iproute2-5.5.0-1ubuntu1/include/uapi/linux/if_tunnel.h
155 ===================================================================
156 --- iproute2-5.5.0-1ubuntu1.orig/include/uapi/linux/if_tunnel.h
157 +++ iproute2-5.5.0-1ubuntu1/include/uapi/linux/if_tunnel.h
158 @@ -79,6 +79,7 @@
159+=======
160+Index: iproute2/include/uapi/linux/if_tunnel.h
161+===================================================================
162+--- iproute2.orig/include/uapi/linux/if_tunnel.h
163++++ iproute2/include/uapi/linux/if_tunnel.h
164+@@ -79,6 +79,7 @@ enum {
165+>>>>>>> debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
166 IFLA_IPTUN_FWMARK,
167
168 IFLA_IPTUN_FAN_UNDERLAY = 32,
169@@ -13,10 +21,18 @@ Index: iproute2-5.5.0-1ubuntu1/include/uapi/linux/if_tunnel.h
170
171 __IFLA_IPTUN_MAX,
172 };
173+<<<<<<< debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
174 @@ -164,6 +165,21 @@
175
176 #define IFLA_VTI_MAX (__IFLA_VTI_MAX - 1)
177
178+=======
179+@@ -160,4 +161,20 @@ enum {
180+ };
181+
182+ #define IFLA_VTI_MAX (__IFLA_VTI_MAX - 1)
183++
184+>>>>>>> debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
185 +enum {
186 + IFLA_FAN_UNSPEC,
187 + IFLA_FAN_MAPPING,
188@@ -26,6 +42,7 @@ Index: iproute2-5.5.0-1ubuntu1/include/uapi/linux/if_tunnel.h
189 +#define IFLA_FAN_MAX (__IFLA_FAN_MAX - 1)
190 +
191 +struct ip_tunnel_fan_map {
192+<<<<<<< debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
193 + __be32 underlay;
194 + __be32 overlay;
195 + __u16 underlay_prefix;
196@@ -42,6 +59,22 @@ Index: iproute2-5.5.0-1ubuntu1/ip/link_iptnl.c
197 @@ -63,6 +63,42 @@
198 " MARK := { 0x0..0xffffffff }\n",
199 lu->id, mode);
200+=======
201++ __be32 underlay;
202++ __be32 overlay;
203++ __u16 underlay_prefix;
204++ __u16 overlay_prefix;
205++};
206++
207+ #endif /* _IF_TUNNEL_H_ */
208+Index: iproute2/ip/link_iptnl.c
209+===================================================================
210+--- iproute2.orig/ip/link_iptnl.c
211++++ iproute2/ip/link_iptnl.c
212+@@ -68,6 +68,42 @@ static void usage(int sit)
213+ print_usage(stderr, sit);
214+ exit(-1);
215+>>>>>>> debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
216 }
217 +static int fan_parse_map(int *argcp, char ***argvp, struct nlmsghdr *n)
218 +{
219@@ -82,18 +115,30 @@ Index: iproute2-5.5.0-1ubuntu1/ip/link_iptnl.c
220
221 static int iptunnel_parse_opt(struct link_util *lu, int argc, char **argv,
222 struct nlmsghdr *n)
223+<<<<<<< debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
224 @@ -217,6 +253,10 @@
225 } else if (strcmp(*argv, "underlay") == 0) {
226 NEXT_ARG();
227 get_addr(&underlay, *argv, AF_INET);
228+=======
229+@@ -199,6 +235,10 @@ get_failed:
230+ } else if (strcmp(*argv, "underlay") == 0) {
231+ NEXT_ARG();
232+ underlay = get_addr32(*argv);
233+>>>>>>> debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
234 + } else if (strcmp(*argv, "fan-map") == 0) {
235 + NEXT_ARG();
236 + if (fan_parse_map(&argc, &argv, n))
237 + invarg("invalid fan-map", *argv);
238 } else if (strcmp(*argv, "local") == 0) {
239 NEXT_ARG();
240+<<<<<<< debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
241 get_addr(&saddr, *argv, AF_INET);
242 @@ -365,6 +405,28 @@
243+=======
244+ laddr = get_addr32(*argv);
245+@@ -366,6 +406,28 @@ get_failed:
246+>>>>>>> debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
247 return 0;
248 }
249
250@@ -122,13 +167,22 @@ Index: iproute2-5.5.0-1ubuntu1/ip/link_iptnl.c
251 static void iptunnel_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
252 {
253 char s2[64];
254+<<<<<<< debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
255 @@ -408,6 +470,9 @@
256 format_host(AF_INET, addr.bytelen, addr.data));
257+=======
258+@@ -424,6 +486,9 @@ static void iptunnel_print_opt(struct li
259+ format_host(AF_INET, 4, &addr));
260+>>>>>>> debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
261 }
262
263 + if (tb[IFLA_IPTUN_FAN_MAP])
264 + fan_print_map(f, tb[IFLA_IPTUN_FAN_MAP]);
265 +
266 if (tb[IFLA_IPTUN_LINK]) {
267+<<<<<<< debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
268 __u32 link = rta_getattr_u32(tb[IFLA_IPTUN_LINK]);
269+=======
270+ unsigned int link = rta_getattr_u32(tb[IFLA_IPTUN_LINK]);
271+>>>>>>> debian/patches/1001-ubuntu-poc-fan-driver-v3.patch
272
273diff --git a/debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch b/debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
274index 35ca391..4a473bf 100644
275--- a/debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
276+++ b/debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
277@@ -1,16 +1,37 @@
278 Description: Fan driver support VXLAN (p4)
279 Fan driver setup support for vxlan interfaces.
280
281+<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
282 Index: iproute2-5.5.0/include/uapi/linux/if_tunnel.h
283 ===================================================================
284 --- iproute2-5.5.0.orig/include/uapi/linux/if_tunnel.h
285 +++ iproute2-5.5.0/include/uapi/linux/if_tunnel.h
286 @@ -173,7 +173,7 @@
287+=======
288+Index: iproute2/include/uapi/linux/if_link.h
289+===================================================================
290+--- iproute2.orig/include/uapi/linux/if_link.h
291++++ iproute2/include/uapi/linux/if_link.h
292+@@ -511,6 +511,7 @@ enum {
293+ IFLA_VXLAN_COLLECT_METADATA,
294+ IFLA_VXLAN_LABEL,
295+ IFLA_VXLAN_GPE,
296++ IFLA_VXLAN_FAN_MAP = 33,
297+ __IFLA_VXLAN_MAX
298+ };
299+ #define IFLA_VXLAN_MAX (__IFLA_VXLAN_MAX - 1)
300+Index: iproute2/include/uapi/linux/if_tunnel.h
301+===================================================================
302+--- iproute2.orig/include/uapi/linux/if_tunnel.h
303++++ iproute2/include/uapi/linux/if_tunnel.h
304+@@ -170,7 +170,7 @@ enum {
305+>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
306
307 #define IFLA_FAN_MAX (__IFLA_FAN_MAX - 1)
308
309 -struct ip_tunnel_fan_map {
310 +struct ifla_fan_map {
311+<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
312 __be32 underlay;
313 __be32 overlay;
314 __u16 underlay_prefix;
315@@ -18,6 +39,15 @@ Index: iproute2-5.5.0/ip/iplink_vxlan.c
316 ===================================================================
317 --- iproute2-5.5.0.orig/ip/iplink_vxlan.c
318 +++ iproute2-5.5.0/ip/iplink_vxlan.c
319+=======
320+ __be32 underlay;
321+ __be32 overlay;
322+ __u16 underlay_prefix;
323+Index: iproute2/ip/iplink_vxlan.c
324+===================================================================
325+--- iproute2.orig/ip/iplink_vxlan.c
326++++ iproute2/ip/iplink_vxlan.c
327+>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
328 @@ -15,7 +15,10 @@
329 #include <net/if.h>
330 #include <linux/ip.h>
331@@ -29,7 +59,11 @@ Index: iproute2-5.5.0/ip/iplink_vxlan.c
332
333 #include "rt_names.h"
334 #include "utils.h"
335+<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
336 @@ -73,6 +76,45 @@
337+=======
338+@@ -71,6 +74,45 @@ static void check_duparg(__u64 *attrs, i
339+>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
340 duparg2(key, argv);
341 }
342
343@@ -75,7 +109,11 @@ Index: iproute2-5.5.0/ip/iplink_vxlan.c
344 static int vxlan_parse_opt(struct link_util *lu, int argc, char **argv,
345 struct nlmsghdr *n)
346 {
347+<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
348 @@ -330,6 +372,11 @@
349+=======
350+@@ -329,6 +371,11 @@ static int vxlan_parse_opt(struct link_u
351+>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
352 } else if (!matches(*argv, "gpe")) {
353 check_duparg(&attrs, IFLA_VXLAN_GPE, *argv, *argv);
354 addattr_l(n, 1024, IFLA_VXLAN_GPE, NULL, 0);
355@@ -87,7 +125,11 @@ Index: iproute2-5.5.0/ip/iplink_vxlan.c
356 } else if (matches(*argv, "help") == 0) {
357 explain();
358 return -1;
359+<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
360 @@ -406,6 +453,28 @@
361+=======
362+@@ -391,6 +438,28 @@ static int vxlan_parse_opt(struct link_u
363+>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
364 return 0;
365 }
366
367@@ -116,7 +158,11 @@ Index: iproute2-5.5.0/ip/iplink_vxlan.c
368 static void vxlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
369 {
370 __u32 vni;
371+<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
372 @@ -466,6 +535,9 @@
373+=======
374+@@ -445,6 +514,9 @@ static void vxlan_print_opt(struct link_
375+>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
376 }
377 }
378
379@@ -126,6 +172,7 @@ Index: iproute2-5.5.0/ip/iplink_vxlan.c
380 if (tb[IFLA_VXLAN_LOCAL]) {
381 __be32 addr = rta_getattr_u32(tb[IFLA_VXLAN_LOCAL]);
382
383+<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
384 Index: iproute2-5.5.0/ip/link_iptnl.c
385 ===================================================================
386 --- iproute2-5.5.0.orig/ip/link_iptnl.c
387@@ -133,6 +180,15 @@ Index: iproute2-5.5.0/ip/link_iptnl.c
388 @@ -63,10 +63,11 @@
389 " MARK := { 0x0..0xffffffff }\n",
390 lu->id, mode);
391+=======
392+Index: iproute2/ip/link_iptnl.c
393+===================================================================
394+--- iproute2.orig/ip/link_iptnl.c
395++++ iproute2/ip/link_iptnl.c
396+@@ -68,10 +68,11 @@ static void usage(int sit)
397+ print_usage(stderr, sit);
398+ exit(-1);
399+>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
400 }
401 +
402 static int fan_parse_map(int *argcp, char ***argvp, struct nlmsghdr *n)
403@@ -143,7 +199,11 @@ Index: iproute2-5.5.0/ip/link_iptnl.c
404 struct rtattr *nest;
405 char **argv = *argvp;
406 int argc = *argcp;
407+<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
408 @@ -75,8 +76,10 @@
409+=======
410+@@ -80,8 +81,10 @@ static int fan_parse_map(int *argcp, cha
411+>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
412 while (argc > 0) {
413 char *colon = strchr(*argv, ':');
414
415@@ -155,7 +215,11 @@ Index: iproute2-5.5.0/ip/link_iptnl.c
416 *colon = '\0';
417
418 if (get_prefix(&overlay, *argv, AF_INET))
419+<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
420 @@ -408,7 +411,7 @@
421+=======
422+@@ -409,7 +412,7 @@ get_failed:
423+>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
424 static void fan_print_map(FILE *f, struct rtattr *attr)
425 {
426 char b1[INET_ADDRSTRLEN], b2[INET_ADDRSTRLEN];
427@@ -164,6 +228,7 @@ Index: iproute2-5.5.0/ip/link_iptnl.c
428 struct rtattr *i;
429 int rem;
430 int p;
431+<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
432 Index: iproute2-5.5.0/include/uapi/linux/if_link.h
433 ===================================================================
434 --- iproute2-5.5.0.orig/include/uapi/linux/if_link.h
435@@ -176,3 +241,5 @@ Index: iproute2-5.5.0/include/uapi/linux/if_link.h
436 __IFLA_VXLAN_MAX
437 };
438 #define IFLA_VXLAN_MAX (__IFLA_VXLAN_MAX - 1)
439+=======
440+>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch
441diff --git a/debian/patches/CVE-2019-20795.patch b/debian/patches/CVE-2019-20795.patch
442new file mode 100644
443index 0000000..2c83bb1
444--- /dev/null
445+++ b/debian/patches/CVE-2019-20795.patch
446@@ -0,0 +1,71 @@
447+From 9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10 Mon Sep 17 00:00:00 2001
448+From: Zhiqiang Liu <liuzhiqiang26@huawei.com>
449+Date: Sun, 5 May 2019 09:59:51 +0800
450+Subject: ipnetns: use-after-free problem in get_netnsid_from_name func
451+
452+Follow the following steps:
453+ # ip netns add net1
454+ # export MALLOC_MMAP_THRESHOLD_=0
455+ # ip netns list
456+then Segmentation fault (core dumped) will occur.
457+
458+In get_netnsid_from_name func, answer is freed before
459+rta_getattr_u32(tb[NETNSA_NSID]), where tb[] refers to answer`s
460+content. If we set MALLOC_MMAP_THRESHOLD_=0, mmap will be adoped to
461+malloc memory, which will be freed immediately after calling free
462+func. So reading tb[NETNSA_NSID] will access the released memory
463+after free(answer).
464+
465+Here, we will call get_netnsid_from_name(tb[NETNSA_NSID]) before free(answer).
466+
467+Fixes: 86bf43c7c2f ("lib/libnetlink: update rtnl_talk to support malloc buff at run time")
468+Reported-by: Huiying Kou <kouhuiying@huawei.com>
469+Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
470+Acked-by: Phil Sutter <phil@nwl.cc>
471+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
472+---
473+ ip/ipnetns.c | 13 ++++++-------
474+ 1 file changed, 6 insertions(+), 7 deletions(-)
475+
476+Index: iproute2-4.15.0/ip/ipnetns.c
477+===================================================================
478+--- iproute2-4.15.0.orig/ip/ipnetns.c
479++++ iproute2-4.15.0/ip/ipnetns.c
480+@@ -105,7 +105,7 @@ static int get_netnsid_from_name(const c
481+ struct nlmsghdr *answer;
482+ struct rtattr *tb[NETNSA_MAX + 1];
483+ struct rtgenmsg *rthdr;
484+- int len, fd;
485++ int len, fd, ret = -1;
486+
487+ fd = netns_get_fd(name);
488+ if (fd < 0)
489+@@ -120,23 +120,22 @@ static int get_netnsid_from_name(const c
490+
491+ /* Validate message and parse attributes */
492+ if (answer->nlmsg_type == NLMSG_ERROR)
493+- goto err_out;
494++ goto out;
495+
496+ rthdr = NLMSG_DATA(answer);
497+ len = answer->nlmsg_len - NLMSG_SPACE(sizeof(*rthdr));
498+ if (len < 0)
499+- goto err_out;
500++ goto out;
501+
502+ parse_rtattr(tb, NETNSA_MAX, NETNS_RTA(rthdr), len);
503+
504+ if (tb[NETNSA_NSID]) {
505+- free(answer);
506+- return rta_getattr_u32(tb[NETNSA_NSID]);
507++ ret = rta_getattr_u32(tb[NETNSA_NSID]);
508+ }
509+
510+-err_out:
511++out:
512+ free(answer);
513+- return -1;
514++ return ret;
515+ }
516+
517+ struct nsid_cache {
518diff --git a/debian/patches/lp1873961-tc-fix-bugs-for-tcp_flags-and-ip_attr-hex-output.patch b/debian/patches/lp1873961-tc-fix-bugs-for-tcp_flags-and-ip_attr-hex-output.patch
519new file mode 100644
520index 0000000..9cc7daa
521--- /dev/null
522+++ b/debian/patches/lp1873961-tc-fix-bugs-for-tcp_flags-and-ip_attr-hex-output.patch
523@@ -0,0 +1,150 @@
524+From e8bd395508cead5a81c2bebd9d3705a9e41ea8bc Mon Sep 17 00:00:00 2001
525+From: Keara Leibovitz <kleib@mojatatu.com>
526+Date: Thu, 26 Jul 2018 09:45:30 -0400
527+Subject: [PATCH] tc: fix bugs for tcp_flags and ip_attr hex output
528+
529+Fix hex output for both the ip_attr and tcp_flags print functions.
530+
531+Sample usage:
532+
533+$ $TC qdisc add dev lo ingress
534+$ $TC filter add dev lo parent ffff: prio 3 proto ip flower ip_tos 0x8/32
535+$ $TC fitler add dev lo parent ffff: prio 5 proto ip flower ip_proto tcp \
536+ tcp_flags 0x909/f00
537+
538+$ $TC filter show dev lo parent ffff:
539+
540+filter protocol ip pref 3 flower chain 0
541+filter protocol ip pref 3 flower chain 0 handle 0x1
542+ eth_type ipv4
543+ ip_tos 0x8/32
544+ not_in_hw
545+filter protocol ip pref 5 flower chain 0
546+filter protocol ip pref 5 flower chain 0 handle 0x1
547+ eth_type ipv4
548+ ip_proto tcp
549+ tcp_flags 0x909/f00
550+ not_in_hw
551+
552+$ $TC -j filter show dev lo parent ffff:
553+
554+[{
555+ "protocol":"ip",
556+ "pref":3,
557+ "kind":"flower",
558+ "chain":0
559+},{
560+ "protocol":"ip",
561+ "pref":3,
562+ "kind":"flower",
563+ "chain":0,
564+ "options": {
565+ "handle":1,
566+ "keys": {
567+ "eth_type":"ipv4",
568+ "ip_tos":"0x8/32"
569+ },
570+ "not_in_hw":true
571+ }
572+},{
573+ "protocol":"ip",
574+ "pref":5,
575+ "kind":"flower",
576+ "chain":0
577+},{
578+ "protocol":"ip",
579+ "pref":5,
580+ "kind":"flower",
581+ "chain":0,
582+ "options": {
583+ "handle":1,
584+ "keys": {
585+ "eth_type":"ipv4",
586+ "ip_proto":"tcp",
587+ "tcp_flags":"0x909/f00"
588+ },
589+ "not_in_hw":true
590+ }
591+}]
592+
593+Signed-off-by: Keara Leibovitz <kleib@mojatatu.com>
594+Signed-off-by: David Ahern <dsahern@gmail.com>
595+
596+BugLink: https://bugs.launchpad.net/bugs/1873961
597+
598+(backported from commit e8bd395508cead5a81c2bebd9d3705a9e41ea8bc
599+ git://git.kernel.org/pub/scm/network/iproute2/iproute2.git)
600+[smb: adjust for context in hunk #2 and additional static definition
601+ of _SL_ in tc.c. This was added there for -o[oneline] support
602+ which do not want to retrofit.]
603+Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
604+---
605+ tc/f_flower.c | 16 +++++++++-------
606+ 1 file changed, 9 insertions(+), 7 deletions(-)
607+
608+Index: iproute2/tc/f_flower.c
609+===================================================================
610+--- iproute2.orig/tc/f_flower.c
611++++ iproute2/tc/f_flower.c
612+@@ -1117,7 +1117,7 @@ static void flower_print_ip_proto(__u8 *
613+ *p_ip_proto = ip_proto;
614+ }
615+
616+-static void flower_print_ip_attr(char *name, struct rtattr *key_attr,
617++static void flower_print_ip_attr(const char *name, struct rtattr *key_attr,
618+ struct rtattr *mask_attr)
619+ {
620+ SPRINT_BUF(namefrm);
621+@@ -1127,11 +1127,12 @@ static void flower_print_ip_attr(char *n
622+ if (!key_attr)
623+ return;
624+
625+- done = sprintf(out, "%x", rta_getattr_u8(key_attr));
626++ done = sprintf(out, "0x%x", rta_getattr_u8(key_attr));
627+ if (mask_attr)
628+ sprintf(out + done, "/%x", rta_getattr_u8(mask_attr));
629+
630+- sprintf(namefrm, "\n %s %%x", name);
631++ print_string(PRINT_FP, NULL, "%s ", _SL_);
632++ sprintf(namefrm, "%s %%s", name);
633+ print_string(PRINT_ANY, name, namefrm, out);
634+ }
635+
636+@@ -1236,7 +1237,7 @@ static void flower_print_port(char *name
637+ print_uint(PRINT_ANY, name, namefrm, rta_getattr_be16(attr));
638+ }
639+
640+-static void flower_print_tcp_flags(char *name, struct rtattr *flags_attr,
641++static void flower_print_tcp_flags(const char *name, struct rtattr *flags_attr,
642+ struct rtattr *mask_attr)
643+ {
644+ SPRINT_BUF(namefrm);
645+@@ -1246,11 +1247,12 @@ static void flower_print_tcp_flags(char
646+ if (!flags_attr)
647+ return;
648+
649+- done = sprintf(out, "%x", rta_getattr_be16(flags_attr));
650++ done = sprintf(out, "0x%x", rta_getattr_be16(flags_attr));
651+ if (mask_attr)
652+- sprintf(out + done, "%x", rta_getattr_be16(flags_attr));
653++ sprintf(out + done, "/%x", rta_getattr_be16(mask_attr));
654+
655+- sprintf(namefrm, "\n %s %%s", name);
656++ print_string(PRINT_FP, NULL, "%s ", _SL_);
657++ sprintf(namefrm, "%s %%s", name);
658+ print_string(PRINT_ANY, name, namefrm, out);
659+ }
660+
661+Index: iproute2/tc/tc.c
662+===================================================================
663+--- iproute2.orig/tc/tc.c
664++++ iproute2/tc/tc.c
665+@@ -43,6 +43,8 @@ int force;
666+ bool use_names;
667+ int json;
668+
669++const char *_SL_ = "\n";
670++
671+ static char *conf_file;
672+
673+ struct rtnl_handle rth;
674diff --git a/debian/patches/lp1913187-ss-fix-NULL-dereference-when-rendering.patch b/debian/patches/lp1913187-ss-fix-NULL-dereference-when-rendering.patch
675new file mode 100644
676index 0000000..a6521a1
677--- /dev/null
678+++ b/debian/patches/lp1913187-ss-fix-NULL-dereference-when-rendering.patch
679@@ -0,0 +1,40 @@
680+Description: ss: fix NULL dereference when rendering without header
681+
682+fix NULL dereference when rendering without header
683+
684+When ss is invoked with the no-header flag, if the query doesn't return
685+any result, render() is called with 'buffer' uninitialized. This
686+currently leads to a segfault. Ensure that buffer is initialized before
687+rendering.
688+
689+The bug can be triggered with: ss -H sport = 100000
690+
691+Signed-off-by: Jean-Philippe Brucker <jphilippe.brucker@gmail.com>
692+Acked-by: Stefano Brivio <sbrivio@redhat.com>
693+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
694+
695+Author: Jean-Philippe Brucker <jphilippe.brucker@gmail.com>
696+Origin: upstream, https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=eb8559eff124221bfbafe934c4dbfe30f20604c0
697+Bug-Ubuntu: https://launchpad.net/bugs/1913187
698+Reviewed-By: Rafael David Tinoco <rafaeldtinoco@ubuntu.com>
699+Last-Update: 2021-01-26
700+
701+--- iproute2-4.15.0.orig/misc/ss.c
702++++ iproute2-4.15.0/misc/ss.c
703+@@ -1196,10 +1196,15 @@ newline:
704+ /* Render buffered output with spacing and delimiters, then free up buffers */
705+ static void render(int screen_width)
706+ {
707+- struct buf_token *token = (struct buf_token *)buffer.head->data;
708++ struct buf_token *token;
709+ int printed, line_started = 0;
710+ struct column *f;
711+
712++ if (!buffer.head)
713++ return;
714++
715++ token = (struct buf_token *)buffer.head->data;
716++
717+ /* Ensure end alignment of last token, it wasn't necessarily flushed */
718+ buffer.tail->end += buffer.cur->len % 2;
719+
720diff --git a/debian/patches/netns-allow-negative-nsid b/debian/patches/netns-allow-negative-nsid
721new file mode 100644
722index 0000000..d296022
723--- /dev/null
724+++ b/debian/patches/netns-allow-negative-nsid
725@@ -0,0 +1,65 @@
726+From: Christian Brauner <christian.brauner@ubuntu.com>
727+Date: Tue, 6 Feb 2018 19:39:31 +0100
728+Subject: netns: allow negative nsid
729+
730+If the kernel receives a negative nsid it will automatically assign
731+the next available nsid. In this case alloc_netid() will set min and
732+max to 0 for ird_alloc(). And when max == 0 idr_alloc() will interpret
733+this as the maximum range, i.e. specific to nsids it will try to find
734+an id in the range [0,INT_MAX). This is intentionally supported in the
735+kernel for nsids.
736+
737+Commit acbe9118ce80 ("ip netns: use strtol() instead of atoi()")
738+regressed ip netns in that respect although previously the use-case
739+was either accidentally supported or opaquely supported such that it
740+triggered the original commit. From what I can gather it went as
741+follows before: atoi() was called with a string indicating a negative
742+value which caused it to return -1 which was passed to the
743+kernel. Let's make it less opaque by introducing the keyword "auto":
744+
745+ip netns set <netns-name> auto
746+
747+will cause nsid to be set to -1 and the kernel will select an available
748+nsid.
749+
750+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
751+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
752+
753+Origin: upstream, https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/patch/?id=375d51caaaa7a381dbeab8fb622d3c6ff9597be7
754+Last-Update: 2018-02-15
755+---
756+ ip/ipnetns.c | 5 ++++-
757+ man/man8/ip-netns.8 | 1 +
758+ 2 files changed, 5 insertions(+), 1 deletion(-)
759+
760+diff --git a/ip/ipnetns.c b/ip/ipnetns.c
761+index 059a422..631794b 100644
762+--- a/ip/ipnetns.c
763++++ b/ip/ipnetns.c
764+@@ -718,7 +718,10 @@ static int netns_set(int argc, char **argv)
765+ return -1;
766+ }
767+ name = argv[0];
768+- if (get_unsigned(&nsid, argv[1], 0))
769++ /* If a negative nsid is specified the kernel will select the nsid. */
770++ if (strcmp(argv[1], "auto") == 0)
771++ nsid = -1;
772++ else if (get_unsigned(&nsid, argv[1], 0))
773+ invarg("Invalid \"netnsid\" value\n", argv[1]);
774+
775+ snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
776+diff --git a/man/man8/ip-netns.8 b/man/man8/ip-netns.8
777+index c5310e2..d539f18 100644
778+--- a/man/man8/ip-netns.8
779++++ b/man/man8/ip-netns.8
780+@@ -137,6 +137,7 @@ $ ip netns del net0
781+ .sp
782+ This command assigns a id to a peer network namespace. This id is valid
783+ only in the current network namespace.
784++If the keyword "auto" is specified an available nsid will be chosen.
785+ This id will be used by the kernel in some netlink messages. If no id is
786+ assigned when the kernel needs it, it will be automatically assigned by
787+ the kernel.
788+--
789+cgit v1.1
790+
791diff --git a/debian/patches/series b/debian/patches/series
792index cac1fd7..3562f5a 100644
793--- a/debian/patches/series
794+++ b/debian/patches/series
795@@ -1,4 +1,5 @@
796 0004-sync-iptables-header.patch
797+<<<<<<< debian/patches/series
798 0005-iproute2-add-check_libbpf-and-get_libbpf_version.patch
799 0006-lib-make-ipvrf-able-to-use-libbpf-and-fix-function-n.patch
800 0007-lib-add-libbpf-support.patch
801@@ -10,3 +11,12 @@
802 1000-ubuntu-poc-fan-driver.patch
803 1001-ubuntu-poc-fan-driver-v3.patch
804 1002-ubuntu-poc-fan-driver-vxlan.patch
805+=======
806+1000-ubuntu-poc-fan-driver.patch
807+1001-ubuntu-poc-fan-driver-v3.patch
808+1002-ubuntu-poc-fan-driver-vxlan.patch
809+netns-allow-negative-nsid
810+CVE-2019-20795.patch
811+lp1873961-tc-fix-bugs-for-tcp_flags-and-ip_attr-hex-output.patch
812+lp1913187-ss-fix-NULL-dereference-when-rendering.patch
813+>>>>>>> debian/patches/series

Subscribers

People subscribed via source and target branches