Merge ~rafaeldtinoco/ubuntu/+source/iproute2:lp1913187-bionic into ubuntu/+source/iproute2:ubuntu/devel
- Git
- lp:~rafaeldtinoco/ubuntu/+source/iproute2
- lp1913187-bionic
- Merge into ubuntu/devel
Proposed by
Rafael David Tinoco
Status: | Superseded |
---|---|
Proposed branch: | ~rafaeldtinoco/ubuntu/+source/iproute2:lp1913187-bionic |
Merge into: | ubuntu/+source/iproute2:ubuntu/devel |
Diff against target: |
813 lines (+543/-0) (has conflicts) 10 files modified
debian/changelog (+28/-0) debian/compat (+4/-0) debian/patches/1000-ubuntu-poc-fan-driver.patch (+54/-0) debian/patches/1001-ubuntu-poc-fan-driver-v3.patch (+54/-0) debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch (+67/-0) debian/patches/CVE-2019-20795.patch (+71/-0) debian/patches/lp1873961-tc-fix-bugs-for-tcp_flags-and-ip_attr-hex-output.patch (+150/-0) debian/patches/lp1913187-ss-fix-NULL-dereference-when-rendering.patch (+40/-0) debian/patches/netns-allow-negative-nsid (+65/-0) debian/patches/series (+10/-0) Conflict in debian/changelog Conflict in debian/compat Conflict in debian/patches/1000-ubuntu-poc-fan-driver.patch Conflict in debian/patches/1001-ubuntu-poc-fan-driver-v3.patch Conflict in debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch Conflict in debian/patches/series |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Canonical Server | Pending | ||
Canonical Server Core Reviewers | Pending | ||
Review via email: mp+396920@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
Unmerged commits
- 967975d... by Rafael David Tinoco <email address hidden>
-
changelog
- 48054b6... by Rafael David Tinoco <email address hidden>
-
* Fix: NULL dereference when rendering without header
- e21ddc1... by Stefan Bader
-
release: 4.15.0-2ubuntu1.2
Signed-off-by: Stefan Bader <email address hidden>
- 3ce3589... by Stefan Bader
-
Fix: tc filter show tcp_flags wrong mask value
BugLink: https:/
/bugs.launchpad .net/bugs/ 1873961 Signed-off-by: Stefan Bader <email address hidden>
- 16880b4... by Leonidas S. Barbosa
-
4.15.0-2ubuntu1.1 (patches unapplied)
Imported using git-ubuntu import.
- 0ca2f6d... by Stefan Bader
-
4.15.0-2ubuntu1 (patches unapplied)
Imported using git-ubuntu import.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 04dda06..b06b572 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,4 @@ |
6 | +<<<<<<< debian/changelog |
7 | iproute2 (5.10.0-2ubuntu1) hirsute; urgency=low |
8 | |
9 | * Merge from Debian unstable. Remaining changes: |
10 | @@ -428,6 +429,30 @@ iproute2 (4.15.0-3) unstable; urgency=medium |
11 | (Closes: #891511) |
12 | |
13 | -- Luca Boccassi <bluca@debian.org> Mon, 12 Mar 2018 22:46:24 +0000 |
14 | +======= |
15 | +iproute2 (4.15.0-2ubuntu1.3) bionic; urgency=medium |
16 | + |
17 | + * Fix: NULL dereference when rendering without header (LP: #1913187) |
18 | + - d/p/lp1913187-ss-fix-NULL-dereference-when-rendering.patch |
19 | + |
20 | + -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Tue, 26 Jan 2021 13:33:08 +0000 |
21 | + |
22 | +iproute2 (4.15.0-2ubuntu1.2) bionic; urgency=medium |
23 | + |
24 | + * tc filter show tcp_flags wrong mask value (LP: #1873961) |
25 | + - d/p/lp1873961-tc-fix-bugs-for-tcp_flags-and-ip_attr-hex-output.patch |
26 | + |
27 | + -- Stefan Bader <stefan.bader@canonical.com> Wed, 15 Jul 2020 17:16:31 +0200 |
28 | + |
29 | +iproute2 (4.15.0-2ubuntu1.1) bionic-security; urgency=medium |
30 | + |
31 | + * SECURITY UPDATE: Use-after-free |
32 | + - debian/patches/CVE-2019-20795.patch: fix a user-after-free in |
33 | + ip/ipnetns.c in get_netnsid_from_name. |
34 | + - CVE-2019-20795 |
35 | + |
36 | + -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Mon, 11 May 2020 11:40:47 -0300 |
37 | +>>>>>>> debian/changelog |
38 | |
39 | iproute2 (4.15.0-2ubuntu1) bionic; urgency=medium |
40 | |
41 | @@ -1892,7 +1917,10 @@ iproute (961225-1) unstable; urgency=low |
42 | |
43 | -- Tom Lees <tom@lpsg.demon.co.uk> Mon, 30 Dec 1996 11:12:23 +0000 |
44 | |
45 | +<<<<<<< debian/changelog |
46 | Local variables: |
47 | mode: debian-changelog |
48 | End: |
49 | |
50 | +======= |
51 | +>>>>>>> debian/changelog |
52 | diff --git a/debian/compat b/debian/compat |
53 | new file mode 100644 |
54 | index 0000000..42f1baf |
55 | --- /dev/null |
56 | +++ b/debian/compat |
57 | @@ -0,0 +1,4 @@ |
58 | +<<<<<<< debian/compat |
59 | +======= |
60 | +10 |
61 | +>>>>>>> debian/compat |
62 | diff --git a/debian/patches/1000-ubuntu-poc-fan-driver.patch b/debian/patches/1000-ubuntu-poc-fan-driver.patch |
63 | index 4e62c03..4f19b27 100644 |
64 | --- a/debian/patches/1000-ubuntu-poc-fan-driver.patch |
65 | +++ b/debian/patches/1000-ubuntu-poc-fan-driver.patch |
66 | @@ -2,6 +2,7 @@ Description: POC fan driver support |
67 | POC Fan driver support |
68 | Author: Jay Vosburgh <jay.vosburgh@canonical.com> |
69 | |
70 | +<<<<<<< debian/patches/1000-ubuntu-poc-fan-driver.patch |
71 | Index: iproute2-5.5.0/ip/link_iptnl.c |
72 | =================================================================== |
73 | --- iproute2-5.5.0.orig/ip/link_iptnl.c |
74 | @@ -39,10 +40,41 @@ Index: iproute2-5.5.0/ip/link_iptnl.c |
75 | + if (is_addrtype_inet(&underlay)) |
76 | + addattr_l(n, 1024, IFLA_IPTUN_FAN_UNDERLAY, |
77 | + underlay.data, underlay.bytelen); |
78 | +======= |
79 | +Index: iproute2/ip/link_iptnl.c |
80 | +=================================================================== |
81 | +--- iproute2.orig/ip/link_iptnl.c |
82 | ++++ iproute2/ip/link_iptnl.c |
83 | +@@ -91,6 +91,7 @@ static int iptunnel_parse_opt(struct lin |
84 | + __u32 link = 0; |
85 | + __u32 laddr = 0; |
86 | + __u32 raddr = 0; |
87 | ++ __u32 underlay = 0; |
88 | + __u8 ttl = 0; |
89 | + __u8 tos = 0; |
90 | + __u8 pmtudisc = 1; |
91 | +@@ -195,6 +196,9 @@ get_failed: |
92 | + if (strcmp(*argv, "remote") == 0) { |
93 | + NEXT_ARG(); |
94 | + raddr = get_addr32(*argv); |
95 | ++ } else if (strcmp(*argv, "underlay") == 0) { |
96 | ++ NEXT_ARG(); |
97 | ++ underlay = get_addr32(*argv); |
98 | + } else if (strcmp(*argv, "local") == 0) { |
99 | + NEXT_ARG(); |
100 | + laddr = get_addr32(*argv); |
101 | +@@ -356,6 +360,9 @@ get_failed: |
102 | + } |
103 | + } |
104 | + |
105 | ++ if (underlay) |
106 | ++ addattr32(n, 1024, IFLA_IPTUN_FAN_UNDERLAY, underlay); |
107 | +>>>>>>> debian/patches/1000-ubuntu-poc-fan-driver.patch |
108 | + |
109 | return 0; |
110 | } |
111 | |
112 | +<<<<<<< debian/patches/1000-ubuntu-poc-fan-driver.patch |
113 | @@ -391,6 +400,14 @@ |
114 | tnl_print_endpoint("remote", tb[IFLA_IPTUN_REMOTE], AF_INET); |
115 | tnl_print_endpoint("local", tb[IFLA_IPTUN_LOCAL], AF_INET); |
116 | @@ -63,6 +95,28 @@ Index: iproute2-5.5.0/include/uapi/linux/if_tunnel.h |
117 | --- iproute2-5.5.0.orig/include/uapi/linux/if_tunnel.h |
118 | +++ iproute2-5.5.0/include/uapi/linux/if_tunnel.h |
119 | @@ -77,6 +77,9 @@ |
120 | +======= |
121 | +@@ -409,6 +416,14 @@ static void iptunnel_print_opt(struct li |
122 | + |
123 | + print_string(PRINT_ANY, "local", "local %s ", local); |
124 | + |
125 | ++ if (tb[IFLA_IPTUN_FAN_UNDERLAY]) { |
126 | ++ unsigned addr = rta_getattr_u32(tb[IFLA_IPTUN_FAN_UNDERLAY]); |
127 | ++ |
128 | ++ if (addr) |
129 | ++ print_string(PRINT_ANY, "underlay", "underlay %s ", |
130 | ++ format_host(AF_INET, 4, &addr)); |
131 | ++ } |
132 | ++ |
133 | + if (tb[IFLA_IPTUN_LINK]) { |
134 | + unsigned int link = rta_getattr_u32(tb[IFLA_IPTUN_LINK]); |
135 | + |
136 | +Index: iproute2/include/uapi/linux/if_tunnel.h |
137 | +=================================================================== |
138 | +--- iproute2.orig/include/uapi/linux/if_tunnel.h |
139 | ++++ iproute2/include/uapi/linux/if_tunnel.h |
140 | +@@ -77,6 +77,9 @@ enum { |
141 | +>>>>>>> debian/patches/1000-ubuntu-poc-fan-driver.patch |
142 | IFLA_IPTUN_ENCAP_DPORT, |
143 | IFLA_IPTUN_COLLECT_METADATA, |
144 | IFLA_IPTUN_FWMARK, |
145 | diff --git a/debian/patches/1001-ubuntu-poc-fan-driver-v3.patch b/debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
146 | index 8c7d4c3..ff2eecf 100644 |
147 | --- a/debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
148 | +++ b/debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
149 | @@ -1,11 +1,19 @@ |
150 | Description: Fan driver support v3 |
151 | Fan driver support v3 |
152 | Author: Jay Vosburgh <jay.vosburgh@canonical.com> |
153 | +<<<<<<< debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
154 | Index: iproute2-5.5.0-1ubuntu1/include/uapi/linux/if_tunnel.h |
155 | =================================================================== |
156 | --- iproute2-5.5.0-1ubuntu1.orig/include/uapi/linux/if_tunnel.h |
157 | +++ iproute2-5.5.0-1ubuntu1/include/uapi/linux/if_tunnel.h |
158 | @@ -79,6 +79,7 @@ |
159 | +======= |
160 | +Index: iproute2/include/uapi/linux/if_tunnel.h |
161 | +=================================================================== |
162 | +--- iproute2.orig/include/uapi/linux/if_tunnel.h |
163 | ++++ iproute2/include/uapi/linux/if_tunnel.h |
164 | +@@ -79,6 +79,7 @@ enum { |
165 | +>>>>>>> debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
166 | IFLA_IPTUN_FWMARK, |
167 | |
168 | IFLA_IPTUN_FAN_UNDERLAY = 32, |
169 | @@ -13,10 +21,18 @@ Index: iproute2-5.5.0-1ubuntu1/include/uapi/linux/if_tunnel.h |
170 | |
171 | __IFLA_IPTUN_MAX, |
172 | }; |
173 | +<<<<<<< debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
174 | @@ -164,6 +165,21 @@ |
175 | |
176 | #define IFLA_VTI_MAX (__IFLA_VTI_MAX - 1) |
177 | |
178 | +======= |
179 | +@@ -160,4 +161,20 @@ enum { |
180 | + }; |
181 | + |
182 | + #define IFLA_VTI_MAX (__IFLA_VTI_MAX - 1) |
183 | ++ |
184 | +>>>>>>> debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
185 | +enum { |
186 | + IFLA_FAN_UNSPEC, |
187 | + IFLA_FAN_MAPPING, |
188 | @@ -26,6 +42,7 @@ Index: iproute2-5.5.0-1ubuntu1/include/uapi/linux/if_tunnel.h |
189 | +#define IFLA_FAN_MAX (__IFLA_FAN_MAX - 1) |
190 | + |
191 | +struct ip_tunnel_fan_map { |
192 | +<<<<<<< debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
193 | + __be32 underlay; |
194 | + __be32 overlay; |
195 | + __u16 underlay_prefix; |
196 | @@ -42,6 +59,22 @@ Index: iproute2-5.5.0-1ubuntu1/ip/link_iptnl.c |
197 | @@ -63,6 +63,42 @@ |
198 | " MARK := { 0x0..0xffffffff }\n", |
199 | lu->id, mode); |
200 | +======= |
201 | ++ __be32 underlay; |
202 | ++ __be32 overlay; |
203 | ++ __u16 underlay_prefix; |
204 | ++ __u16 overlay_prefix; |
205 | ++}; |
206 | ++ |
207 | + #endif /* _IF_TUNNEL_H_ */ |
208 | +Index: iproute2/ip/link_iptnl.c |
209 | +=================================================================== |
210 | +--- iproute2.orig/ip/link_iptnl.c |
211 | ++++ iproute2/ip/link_iptnl.c |
212 | +@@ -68,6 +68,42 @@ static void usage(int sit) |
213 | + print_usage(stderr, sit); |
214 | + exit(-1); |
215 | +>>>>>>> debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
216 | } |
217 | +static int fan_parse_map(int *argcp, char ***argvp, struct nlmsghdr *n) |
218 | +{ |
219 | @@ -82,18 +115,30 @@ Index: iproute2-5.5.0-1ubuntu1/ip/link_iptnl.c |
220 | |
221 | static int iptunnel_parse_opt(struct link_util *lu, int argc, char **argv, |
222 | struct nlmsghdr *n) |
223 | +<<<<<<< debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
224 | @@ -217,6 +253,10 @@ |
225 | } else if (strcmp(*argv, "underlay") == 0) { |
226 | NEXT_ARG(); |
227 | get_addr(&underlay, *argv, AF_INET); |
228 | +======= |
229 | +@@ -199,6 +235,10 @@ get_failed: |
230 | + } else if (strcmp(*argv, "underlay") == 0) { |
231 | + NEXT_ARG(); |
232 | + underlay = get_addr32(*argv); |
233 | +>>>>>>> debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
234 | + } else if (strcmp(*argv, "fan-map") == 0) { |
235 | + NEXT_ARG(); |
236 | + if (fan_parse_map(&argc, &argv, n)) |
237 | + invarg("invalid fan-map", *argv); |
238 | } else if (strcmp(*argv, "local") == 0) { |
239 | NEXT_ARG(); |
240 | +<<<<<<< debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
241 | get_addr(&saddr, *argv, AF_INET); |
242 | @@ -365,6 +405,28 @@ |
243 | +======= |
244 | + laddr = get_addr32(*argv); |
245 | +@@ -366,6 +406,28 @@ get_failed: |
246 | +>>>>>>> debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
247 | return 0; |
248 | } |
249 | |
250 | @@ -122,13 +167,22 @@ Index: iproute2-5.5.0-1ubuntu1/ip/link_iptnl.c |
251 | static void iptunnel_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) |
252 | { |
253 | char s2[64]; |
254 | +<<<<<<< debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
255 | @@ -408,6 +470,9 @@ |
256 | format_host(AF_INET, addr.bytelen, addr.data)); |
257 | +======= |
258 | +@@ -424,6 +486,9 @@ static void iptunnel_print_opt(struct li |
259 | + format_host(AF_INET, 4, &addr)); |
260 | +>>>>>>> debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
261 | } |
262 | |
263 | + if (tb[IFLA_IPTUN_FAN_MAP]) |
264 | + fan_print_map(f, tb[IFLA_IPTUN_FAN_MAP]); |
265 | + |
266 | if (tb[IFLA_IPTUN_LINK]) { |
267 | +<<<<<<< debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
268 | __u32 link = rta_getattr_u32(tb[IFLA_IPTUN_LINK]); |
269 | +======= |
270 | + unsigned int link = rta_getattr_u32(tb[IFLA_IPTUN_LINK]); |
271 | +>>>>>>> debian/patches/1001-ubuntu-poc-fan-driver-v3.patch |
272 | |
273 | diff --git a/debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch b/debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
274 | index 35ca391..4a473bf 100644 |
275 | --- a/debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
276 | +++ b/debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
277 | @@ -1,16 +1,37 @@ |
278 | Description: Fan driver support VXLAN (p4) |
279 | Fan driver setup support for vxlan interfaces. |
280 | |
281 | +<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
282 | Index: iproute2-5.5.0/include/uapi/linux/if_tunnel.h |
283 | =================================================================== |
284 | --- iproute2-5.5.0.orig/include/uapi/linux/if_tunnel.h |
285 | +++ iproute2-5.5.0/include/uapi/linux/if_tunnel.h |
286 | @@ -173,7 +173,7 @@ |
287 | +======= |
288 | +Index: iproute2/include/uapi/linux/if_link.h |
289 | +=================================================================== |
290 | +--- iproute2.orig/include/uapi/linux/if_link.h |
291 | ++++ iproute2/include/uapi/linux/if_link.h |
292 | +@@ -511,6 +511,7 @@ enum { |
293 | + IFLA_VXLAN_COLLECT_METADATA, |
294 | + IFLA_VXLAN_LABEL, |
295 | + IFLA_VXLAN_GPE, |
296 | ++ IFLA_VXLAN_FAN_MAP = 33, |
297 | + __IFLA_VXLAN_MAX |
298 | + }; |
299 | + #define IFLA_VXLAN_MAX (__IFLA_VXLAN_MAX - 1) |
300 | +Index: iproute2/include/uapi/linux/if_tunnel.h |
301 | +=================================================================== |
302 | +--- iproute2.orig/include/uapi/linux/if_tunnel.h |
303 | ++++ iproute2/include/uapi/linux/if_tunnel.h |
304 | +@@ -170,7 +170,7 @@ enum { |
305 | +>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
306 | |
307 | #define IFLA_FAN_MAX (__IFLA_FAN_MAX - 1) |
308 | |
309 | -struct ip_tunnel_fan_map { |
310 | +struct ifla_fan_map { |
311 | +<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
312 | __be32 underlay; |
313 | __be32 overlay; |
314 | __u16 underlay_prefix; |
315 | @@ -18,6 +39,15 @@ Index: iproute2-5.5.0/ip/iplink_vxlan.c |
316 | =================================================================== |
317 | --- iproute2-5.5.0.orig/ip/iplink_vxlan.c |
318 | +++ iproute2-5.5.0/ip/iplink_vxlan.c |
319 | +======= |
320 | + __be32 underlay; |
321 | + __be32 overlay; |
322 | + __u16 underlay_prefix; |
323 | +Index: iproute2/ip/iplink_vxlan.c |
324 | +=================================================================== |
325 | +--- iproute2.orig/ip/iplink_vxlan.c |
326 | ++++ iproute2/ip/iplink_vxlan.c |
327 | +>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
328 | @@ -15,7 +15,10 @@ |
329 | #include <net/if.h> |
330 | #include <linux/ip.h> |
331 | @@ -29,7 +59,11 @@ Index: iproute2-5.5.0/ip/iplink_vxlan.c |
332 | |
333 | #include "rt_names.h" |
334 | #include "utils.h" |
335 | +<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
336 | @@ -73,6 +76,45 @@ |
337 | +======= |
338 | +@@ -71,6 +74,45 @@ static void check_duparg(__u64 *attrs, i |
339 | +>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
340 | duparg2(key, argv); |
341 | } |
342 | |
343 | @@ -75,7 +109,11 @@ Index: iproute2-5.5.0/ip/iplink_vxlan.c |
344 | static int vxlan_parse_opt(struct link_util *lu, int argc, char **argv, |
345 | struct nlmsghdr *n) |
346 | { |
347 | +<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
348 | @@ -330,6 +372,11 @@ |
349 | +======= |
350 | +@@ -329,6 +371,11 @@ static int vxlan_parse_opt(struct link_u |
351 | +>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
352 | } else if (!matches(*argv, "gpe")) { |
353 | check_duparg(&attrs, IFLA_VXLAN_GPE, *argv, *argv); |
354 | addattr_l(n, 1024, IFLA_VXLAN_GPE, NULL, 0); |
355 | @@ -87,7 +125,11 @@ Index: iproute2-5.5.0/ip/iplink_vxlan.c |
356 | } else if (matches(*argv, "help") == 0) { |
357 | explain(); |
358 | return -1; |
359 | +<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
360 | @@ -406,6 +453,28 @@ |
361 | +======= |
362 | +@@ -391,6 +438,28 @@ static int vxlan_parse_opt(struct link_u |
363 | +>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
364 | return 0; |
365 | } |
366 | |
367 | @@ -116,7 +158,11 @@ Index: iproute2-5.5.0/ip/iplink_vxlan.c |
368 | static void vxlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) |
369 | { |
370 | __u32 vni; |
371 | +<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
372 | @@ -466,6 +535,9 @@ |
373 | +======= |
374 | +@@ -445,6 +514,9 @@ static void vxlan_print_opt(struct link_ |
375 | +>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
376 | } |
377 | } |
378 | |
379 | @@ -126,6 +172,7 @@ Index: iproute2-5.5.0/ip/iplink_vxlan.c |
380 | if (tb[IFLA_VXLAN_LOCAL]) { |
381 | __be32 addr = rta_getattr_u32(tb[IFLA_VXLAN_LOCAL]); |
382 | |
383 | +<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
384 | Index: iproute2-5.5.0/ip/link_iptnl.c |
385 | =================================================================== |
386 | --- iproute2-5.5.0.orig/ip/link_iptnl.c |
387 | @@ -133,6 +180,15 @@ Index: iproute2-5.5.0/ip/link_iptnl.c |
388 | @@ -63,10 +63,11 @@ |
389 | " MARK := { 0x0..0xffffffff }\n", |
390 | lu->id, mode); |
391 | +======= |
392 | +Index: iproute2/ip/link_iptnl.c |
393 | +=================================================================== |
394 | +--- iproute2.orig/ip/link_iptnl.c |
395 | ++++ iproute2/ip/link_iptnl.c |
396 | +@@ -68,10 +68,11 @@ static void usage(int sit) |
397 | + print_usage(stderr, sit); |
398 | + exit(-1); |
399 | +>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
400 | } |
401 | + |
402 | static int fan_parse_map(int *argcp, char ***argvp, struct nlmsghdr *n) |
403 | @@ -143,7 +199,11 @@ Index: iproute2-5.5.0/ip/link_iptnl.c |
404 | struct rtattr *nest; |
405 | char **argv = *argvp; |
406 | int argc = *argcp; |
407 | +<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
408 | @@ -75,8 +76,10 @@ |
409 | +======= |
410 | +@@ -80,8 +81,10 @@ static int fan_parse_map(int *argcp, cha |
411 | +>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
412 | while (argc > 0) { |
413 | char *colon = strchr(*argv, ':'); |
414 | |
415 | @@ -155,7 +215,11 @@ Index: iproute2-5.5.0/ip/link_iptnl.c |
416 | *colon = '\0'; |
417 | |
418 | if (get_prefix(&overlay, *argv, AF_INET)) |
419 | +<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
420 | @@ -408,7 +411,7 @@ |
421 | +======= |
422 | +@@ -409,7 +412,7 @@ get_failed: |
423 | +>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
424 | static void fan_print_map(FILE *f, struct rtattr *attr) |
425 | { |
426 | char b1[INET_ADDRSTRLEN], b2[INET_ADDRSTRLEN]; |
427 | @@ -164,6 +228,7 @@ Index: iproute2-5.5.0/ip/link_iptnl.c |
428 | struct rtattr *i; |
429 | int rem; |
430 | int p; |
431 | +<<<<<<< debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
432 | Index: iproute2-5.5.0/include/uapi/linux/if_link.h |
433 | =================================================================== |
434 | --- iproute2-5.5.0.orig/include/uapi/linux/if_link.h |
435 | @@ -176,3 +241,5 @@ Index: iproute2-5.5.0/include/uapi/linux/if_link.h |
436 | __IFLA_VXLAN_MAX |
437 | }; |
438 | #define IFLA_VXLAN_MAX (__IFLA_VXLAN_MAX - 1) |
439 | +======= |
440 | +>>>>>>> debian/patches/1002-ubuntu-poc-fan-driver-vxlan.patch |
441 | diff --git a/debian/patches/CVE-2019-20795.patch b/debian/patches/CVE-2019-20795.patch |
442 | new file mode 100644 |
443 | index 0000000..2c83bb1 |
444 | --- /dev/null |
445 | +++ b/debian/patches/CVE-2019-20795.patch |
446 | @@ -0,0 +1,71 @@ |
447 | +From 9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10 Mon Sep 17 00:00:00 2001 |
448 | +From: Zhiqiang Liu <liuzhiqiang26@huawei.com> |
449 | +Date: Sun, 5 May 2019 09:59:51 +0800 |
450 | +Subject: ipnetns: use-after-free problem in get_netnsid_from_name func |
451 | + |
452 | +Follow the following steps: |
453 | + # ip netns add net1 |
454 | + # export MALLOC_MMAP_THRESHOLD_=0 |
455 | + # ip netns list |
456 | +then Segmentation fault (core dumped) will occur. |
457 | + |
458 | +In get_netnsid_from_name func, answer is freed before |
459 | +rta_getattr_u32(tb[NETNSA_NSID]), where tb[] refers to answer`s |
460 | +content. If we set MALLOC_MMAP_THRESHOLD_=0, mmap will be adoped to |
461 | +malloc memory, which will be freed immediately after calling free |
462 | +func. So reading tb[NETNSA_NSID] will access the released memory |
463 | +after free(answer). |
464 | + |
465 | +Here, we will call get_netnsid_from_name(tb[NETNSA_NSID]) before free(answer). |
466 | + |
467 | +Fixes: 86bf43c7c2f ("lib/libnetlink: update rtnl_talk to support malloc buff at run time") |
468 | +Reported-by: Huiying Kou <kouhuiying@huawei.com> |
469 | +Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com> |
470 | +Acked-by: Phil Sutter <phil@nwl.cc> |
471 | +Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> |
472 | +--- |
473 | + ip/ipnetns.c | 13 ++++++------- |
474 | + 1 file changed, 6 insertions(+), 7 deletions(-) |
475 | + |
476 | +Index: iproute2-4.15.0/ip/ipnetns.c |
477 | +=================================================================== |
478 | +--- iproute2-4.15.0.orig/ip/ipnetns.c |
479 | ++++ iproute2-4.15.0/ip/ipnetns.c |
480 | +@@ -105,7 +105,7 @@ static int get_netnsid_from_name(const c |
481 | + struct nlmsghdr *answer; |
482 | + struct rtattr *tb[NETNSA_MAX + 1]; |
483 | + struct rtgenmsg *rthdr; |
484 | +- int len, fd; |
485 | ++ int len, fd, ret = -1; |
486 | + |
487 | + fd = netns_get_fd(name); |
488 | + if (fd < 0) |
489 | +@@ -120,23 +120,22 @@ static int get_netnsid_from_name(const c |
490 | + |
491 | + /* Validate message and parse attributes */ |
492 | + if (answer->nlmsg_type == NLMSG_ERROR) |
493 | +- goto err_out; |
494 | ++ goto out; |
495 | + |
496 | + rthdr = NLMSG_DATA(answer); |
497 | + len = answer->nlmsg_len - NLMSG_SPACE(sizeof(*rthdr)); |
498 | + if (len < 0) |
499 | +- goto err_out; |
500 | ++ goto out; |
501 | + |
502 | + parse_rtattr(tb, NETNSA_MAX, NETNS_RTA(rthdr), len); |
503 | + |
504 | + if (tb[NETNSA_NSID]) { |
505 | +- free(answer); |
506 | +- return rta_getattr_u32(tb[NETNSA_NSID]); |
507 | ++ ret = rta_getattr_u32(tb[NETNSA_NSID]); |
508 | + } |
509 | + |
510 | +-err_out: |
511 | ++out: |
512 | + free(answer); |
513 | +- return -1; |
514 | ++ return ret; |
515 | + } |
516 | + |
517 | + struct nsid_cache { |
518 | diff --git a/debian/patches/lp1873961-tc-fix-bugs-for-tcp_flags-and-ip_attr-hex-output.patch b/debian/patches/lp1873961-tc-fix-bugs-for-tcp_flags-and-ip_attr-hex-output.patch |
519 | new file mode 100644 |
520 | index 0000000..9cc7daa |
521 | --- /dev/null |
522 | +++ b/debian/patches/lp1873961-tc-fix-bugs-for-tcp_flags-and-ip_attr-hex-output.patch |
523 | @@ -0,0 +1,150 @@ |
524 | +From e8bd395508cead5a81c2bebd9d3705a9e41ea8bc Mon Sep 17 00:00:00 2001 |
525 | +From: Keara Leibovitz <kleib@mojatatu.com> |
526 | +Date: Thu, 26 Jul 2018 09:45:30 -0400 |
527 | +Subject: [PATCH] tc: fix bugs for tcp_flags and ip_attr hex output |
528 | + |
529 | +Fix hex output for both the ip_attr and tcp_flags print functions. |
530 | + |
531 | +Sample usage: |
532 | + |
533 | +$ $TC qdisc add dev lo ingress |
534 | +$ $TC filter add dev lo parent ffff: prio 3 proto ip flower ip_tos 0x8/32 |
535 | +$ $TC fitler add dev lo parent ffff: prio 5 proto ip flower ip_proto tcp \ |
536 | + tcp_flags 0x909/f00 |
537 | + |
538 | +$ $TC filter show dev lo parent ffff: |
539 | + |
540 | +filter protocol ip pref 3 flower chain 0 |
541 | +filter protocol ip pref 3 flower chain 0 handle 0x1 |
542 | + eth_type ipv4 |
543 | + ip_tos 0x8/32 |
544 | + not_in_hw |
545 | +filter protocol ip pref 5 flower chain 0 |
546 | +filter protocol ip pref 5 flower chain 0 handle 0x1 |
547 | + eth_type ipv4 |
548 | + ip_proto tcp |
549 | + tcp_flags 0x909/f00 |
550 | + not_in_hw |
551 | + |
552 | +$ $TC -j filter show dev lo parent ffff: |
553 | + |
554 | +[{ |
555 | + "protocol":"ip", |
556 | + "pref":3, |
557 | + "kind":"flower", |
558 | + "chain":0 |
559 | +},{ |
560 | + "protocol":"ip", |
561 | + "pref":3, |
562 | + "kind":"flower", |
563 | + "chain":0, |
564 | + "options": { |
565 | + "handle":1, |
566 | + "keys": { |
567 | + "eth_type":"ipv4", |
568 | + "ip_tos":"0x8/32" |
569 | + }, |
570 | + "not_in_hw":true |
571 | + } |
572 | +},{ |
573 | + "protocol":"ip", |
574 | + "pref":5, |
575 | + "kind":"flower", |
576 | + "chain":0 |
577 | +},{ |
578 | + "protocol":"ip", |
579 | + "pref":5, |
580 | + "kind":"flower", |
581 | + "chain":0, |
582 | + "options": { |
583 | + "handle":1, |
584 | + "keys": { |
585 | + "eth_type":"ipv4", |
586 | + "ip_proto":"tcp", |
587 | + "tcp_flags":"0x909/f00" |
588 | + }, |
589 | + "not_in_hw":true |
590 | + } |
591 | +}] |
592 | + |
593 | +Signed-off-by: Keara Leibovitz <kleib@mojatatu.com> |
594 | +Signed-off-by: David Ahern <dsahern@gmail.com> |
595 | + |
596 | +BugLink: https://bugs.launchpad.net/bugs/1873961 |
597 | + |
598 | +(backported from commit e8bd395508cead5a81c2bebd9d3705a9e41ea8bc |
599 | + git://git.kernel.org/pub/scm/network/iproute2/iproute2.git) |
600 | +[smb: adjust for context in hunk #2 and additional static definition |
601 | + of _SL_ in tc.c. This was added there for -o[oneline] support |
602 | + which do not want to retrofit.] |
603 | +Signed-off-by: Stefan Bader <stefan.bader@canonical.com> |
604 | +--- |
605 | + tc/f_flower.c | 16 +++++++++------- |
606 | + 1 file changed, 9 insertions(+), 7 deletions(-) |
607 | + |
608 | +Index: iproute2/tc/f_flower.c |
609 | +=================================================================== |
610 | +--- iproute2.orig/tc/f_flower.c |
611 | ++++ iproute2/tc/f_flower.c |
612 | +@@ -1117,7 +1117,7 @@ static void flower_print_ip_proto(__u8 * |
613 | + *p_ip_proto = ip_proto; |
614 | + } |
615 | + |
616 | +-static void flower_print_ip_attr(char *name, struct rtattr *key_attr, |
617 | ++static void flower_print_ip_attr(const char *name, struct rtattr *key_attr, |
618 | + struct rtattr *mask_attr) |
619 | + { |
620 | + SPRINT_BUF(namefrm); |
621 | +@@ -1127,11 +1127,12 @@ static void flower_print_ip_attr(char *n |
622 | + if (!key_attr) |
623 | + return; |
624 | + |
625 | +- done = sprintf(out, "%x", rta_getattr_u8(key_attr)); |
626 | ++ done = sprintf(out, "0x%x", rta_getattr_u8(key_attr)); |
627 | + if (mask_attr) |
628 | + sprintf(out + done, "/%x", rta_getattr_u8(mask_attr)); |
629 | + |
630 | +- sprintf(namefrm, "\n %s %%x", name); |
631 | ++ print_string(PRINT_FP, NULL, "%s ", _SL_); |
632 | ++ sprintf(namefrm, "%s %%s", name); |
633 | + print_string(PRINT_ANY, name, namefrm, out); |
634 | + } |
635 | + |
636 | +@@ -1236,7 +1237,7 @@ static void flower_print_port(char *name |
637 | + print_uint(PRINT_ANY, name, namefrm, rta_getattr_be16(attr)); |
638 | + } |
639 | + |
640 | +-static void flower_print_tcp_flags(char *name, struct rtattr *flags_attr, |
641 | ++static void flower_print_tcp_flags(const char *name, struct rtattr *flags_attr, |
642 | + struct rtattr *mask_attr) |
643 | + { |
644 | + SPRINT_BUF(namefrm); |
645 | +@@ -1246,11 +1247,12 @@ static void flower_print_tcp_flags(char |
646 | + if (!flags_attr) |
647 | + return; |
648 | + |
649 | +- done = sprintf(out, "%x", rta_getattr_be16(flags_attr)); |
650 | ++ done = sprintf(out, "0x%x", rta_getattr_be16(flags_attr)); |
651 | + if (mask_attr) |
652 | +- sprintf(out + done, "%x", rta_getattr_be16(flags_attr)); |
653 | ++ sprintf(out + done, "/%x", rta_getattr_be16(mask_attr)); |
654 | + |
655 | +- sprintf(namefrm, "\n %s %%s", name); |
656 | ++ print_string(PRINT_FP, NULL, "%s ", _SL_); |
657 | ++ sprintf(namefrm, "%s %%s", name); |
658 | + print_string(PRINT_ANY, name, namefrm, out); |
659 | + } |
660 | + |
661 | +Index: iproute2/tc/tc.c |
662 | +=================================================================== |
663 | +--- iproute2.orig/tc/tc.c |
664 | ++++ iproute2/tc/tc.c |
665 | +@@ -43,6 +43,8 @@ int force; |
666 | + bool use_names; |
667 | + int json; |
668 | + |
669 | ++const char *_SL_ = "\n"; |
670 | ++ |
671 | + static char *conf_file; |
672 | + |
673 | + struct rtnl_handle rth; |
674 | diff --git a/debian/patches/lp1913187-ss-fix-NULL-dereference-when-rendering.patch b/debian/patches/lp1913187-ss-fix-NULL-dereference-when-rendering.patch |
675 | new file mode 100644 |
676 | index 0000000..a6521a1 |
677 | --- /dev/null |
678 | +++ b/debian/patches/lp1913187-ss-fix-NULL-dereference-when-rendering.patch |
679 | @@ -0,0 +1,40 @@ |
680 | +Description: ss: fix NULL dereference when rendering without header |
681 | + |
682 | +fix NULL dereference when rendering without header |
683 | + |
684 | +When ss is invoked with the no-header flag, if the query doesn't return |
685 | +any result, render() is called with 'buffer' uninitialized. This |
686 | +currently leads to a segfault. Ensure that buffer is initialized before |
687 | +rendering. |
688 | + |
689 | +The bug can be triggered with: ss -H sport = 100000 |
690 | + |
691 | +Signed-off-by: Jean-Philippe Brucker <jphilippe.brucker@gmail.com> |
692 | +Acked-by: Stefano Brivio <sbrivio@redhat.com> |
693 | +Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> |
694 | + |
695 | +Author: Jean-Philippe Brucker <jphilippe.brucker@gmail.com> |
696 | +Origin: upstream, https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=eb8559eff124221bfbafe934c4dbfe30f20604c0 |
697 | +Bug-Ubuntu: https://launchpad.net/bugs/1913187 |
698 | +Reviewed-By: Rafael David Tinoco <rafaeldtinoco@ubuntu.com> |
699 | +Last-Update: 2021-01-26 |
700 | + |
701 | +--- iproute2-4.15.0.orig/misc/ss.c |
702 | ++++ iproute2-4.15.0/misc/ss.c |
703 | +@@ -1196,10 +1196,15 @@ newline: |
704 | + /* Render buffered output with spacing and delimiters, then free up buffers */ |
705 | + static void render(int screen_width) |
706 | + { |
707 | +- struct buf_token *token = (struct buf_token *)buffer.head->data; |
708 | ++ struct buf_token *token; |
709 | + int printed, line_started = 0; |
710 | + struct column *f; |
711 | + |
712 | ++ if (!buffer.head) |
713 | ++ return; |
714 | ++ |
715 | ++ token = (struct buf_token *)buffer.head->data; |
716 | ++ |
717 | + /* Ensure end alignment of last token, it wasn't necessarily flushed */ |
718 | + buffer.tail->end += buffer.cur->len % 2; |
719 | + |
720 | diff --git a/debian/patches/netns-allow-negative-nsid b/debian/patches/netns-allow-negative-nsid |
721 | new file mode 100644 |
722 | index 0000000..d296022 |
723 | --- /dev/null |
724 | +++ b/debian/patches/netns-allow-negative-nsid |
725 | @@ -0,0 +1,65 @@ |
726 | +From: Christian Brauner <christian.brauner@ubuntu.com> |
727 | +Date: Tue, 6 Feb 2018 19:39:31 +0100 |
728 | +Subject: netns: allow negative nsid |
729 | + |
730 | +If the kernel receives a negative nsid it will automatically assign |
731 | +the next available nsid. In this case alloc_netid() will set min and |
732 | +max to 0 for ird_alloc(). And when max == 0 idr_alloc() will interpret |
733 | +this as the maximum range, i.e. specific to nsids it will try to find |
734 | +an id in the range [0,INT_MAX). This is intentionally supported in the |
735 | +kernel for nsids. |
736 | + |
737 | +Commit acbe9118ce80 ("ip netns: use strtol() instead of atoi()") |
738 | +regressed ip netns in that respect although previously the use-case |
739 | +was either accidentally supported or opaquely supported such that it |
740 | +triggered the original commit. From what I can gather it went as |
741 | +follows before: atoi() was called with a string indicating a negative |
742 | +value which caused it to return -1 which was passed to the |
743 | +kernel. Let's make it less opaque by introducing the keyword "auto": |
744 | + |
745 | +ip netns set <netns-name> auto |
746 | + |
747 | +will cause nsid to be set to -1 and the kernel will select an available |
748 | +nsid. |
749 | + |
750 | +Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> |
751 | +Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> |
752 | + |
753 | +Origin: upstream, https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/patch/?id=375d51caaaa7a381dbeab8fb622d3c6ff9597be7 |
754 | +Last-Update: 2018-02-15 |
755 | +--- |
756 | + ip/ipnetns.c | 5 ++++- |
757 | + man/man8/ip-netns.8 | 1 + |
758 | + 2 files changed, 5 insertions(+), 1 deletion(-) |
759 | + |
760 | +diff --git a/ip/ipnetns.c b/ip/ipnetns.c |
761 | +index 059a422..631794b 100644 |
762 | +--- a/ip/ipnetns.c |
763 | ++++ b/ip/ipnetns.c |
764 | +@@ -718,7 +718,10 @@ static int netns_set(int argc, char **argv) |
765 | + return -1; |
766 | + } |
767 | + name = argv[0]; |
768 | +- if (get_unsigned(&nsid, argv[1], 0)) |
769 | ++ /* If a negative nsid is specified the kernel will select the nsid. */ |
770 | ++ if (strcmp(argv[1], "auto") == 0) |
771 | ++ nsid = -1; |
772 | ++ else if (get_unsigned(&nsid, argv[1], 0)) |
773 | + invarg("Invalid \"netnsid\" value\n", argv[1]); |
774 | + |
775 | + snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name); |
776 | +diff --git a/man/man8/ip-netns.8 b/man/man8/ip-netns.8 |
777 | +index c5310e2..d539f18 100644 |
778 | +--- a/man/man8/ip-netns.8 |
779 | ++++ b/man/man8/ip-netns.8 |
780 | +@@ -137,6 +137,7 @@ $ ip netns del net0 |
781 | + .sp |
782 | + This command assigns a id to a peer network namespace. This id is valid |
783 | + only in the current network namespace. |
784 | ++If the keyword "auto" is specified an available nsid will be chosen. |
785 | + This id will be used by the kernel in some netlink messages. If no id is |
786 | + assigned when the kernel needs it, it will be automatically assigned by |
787 | + the kernel. |
788 | +-- |
789 | +cgit v1.1 |
790 | + |
791 | diff --git a/debian/patches/series b/debian/patches/series |
792 | index cac1fd7..3562f5a 100644 |
793 | --- a/debian/patches/series |
794 | +++ b/debian/patches/series |
795 | @@ -1,4 +1,5 @@ |
796 | 0004-sync-iptables-header.patch |
797 | +<<<<<<< debian/patches/series |
798 | 0005-iproute2-add-check_libbpf-and-get_libbpf_version.patch |
799 | 0006-lib-make-ipvrf-able-to-use-libbpf-and-fix-function-n.patch |
800 | 0007-lib-add-libbpf-support.patch |
801 | @@ -10,3 +11,12 @@ |
802 | 1000-ubuntu-poc-fan-driver.patch |
803 | 1001-ubuntu-poc-fan-driver-v3.patch |
804 | 1002-ubuntu-poc-fan-driver-vxlan.patch |
805 | +======= |
806 | +1000-ubuntu-poc-fan-driver.patch |
807 | +1001-ubuntu-poc-fan-driver-v3.patch |
808 | +1002-ubuntu-poc-fan-driver-vxlan.patch |
809 | +netns-allow-negative-nsid |
810 | +CVE-2019-20795.patch |
811 | +lp1873961-tc-fix-bugs-for-tcp_flags-and-ip_attr-hex-output.patch |
812 | +lp1913187-ss-fix-NULL-dereference-when-rendering.patch |
813 | +>>>>>>> debian/patches/series |