backport bugfix patch

backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch

@@ -0,0 +1,75 @@
+From f8beda6e00e57b8f875442351f91e5c01530ad8e Mon Sep 17 00:00:00 2001
+From: Maxim Petrov <mmrmaximuzz@gmail.com>
+Date: Tue, 8 Feb 2022 20:20:45 +0300
+Subject: [PATCH] libnetlink: fix socket leak in rtnl_open_byproto()
+
+rtnl_open_byproto() does not close the opened socket in case of
+errors, and the socket is returned to the caller in the `fd` field of
+the struct. However, none of the callers care about the socket, so
+close it in the function immediately to avoid any potential resource
+leaks.
+
+Signed-off-by: Maxim Petrov <mmrmaximuzz@gmail.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+Conflict: NA
+Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=f8beda6e00e
+---
+ lib/libnetlink.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/lib/libnetlink.c b/lib/libnetlink.c
+index 7e977a67..6d1b1187 100644
+--- a/lib/libnetlink.c
++++ b/lib/libnetlink.c
+@@ -210,13 +210,13 @@ int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions,
+ 	if (setsockopt(rth->fd, SOL_SOCKET, SO_SNDBUF,
+ 		       &sndbuf, sizeof(sndbuf)) < 0) {
+ 		perror("SO_SNDBUF");
+-		return -1;
++		goto err;
+ 	}
+ 
+ 	if (setsockopt(rth->fd, SOL_SOCKET, SO_RCVBUF,
+ 		       &rcvbuf, sizeof(rcvbuf)) < 0) {
+ 		perror("SO_RCVBUF");
+-		return -1;
++		goto err;
+ 	}
+ 
+ 	/* Older kernels may no support extended ACK reporting */
+@@ -230,25 +230,28 @@ int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions,
+ 	if (bind(rth->fd, (struct sockaddr *)&rth->local,
+ 		 sizeof(rth->local)) < 0) {
+ 		perror("Cannot bind netlink socket");
+-		return -1;
++		goto err;
+ 	}
+ 	addr_len = sizeof(rth->local);
+ 	if (getsockname(rth->fd, (struct sockaddr *)&rth->local,
+ 			&addr_len) < 0) {
+ 		perror("Cannot getsockname");
+-		return -1;
++		goto err;
+ 	}
+ 	if (addr_len != sizeof(rth->local)) {
+ 		fprintf(stderr, "Wrong address length %d\n", addr_len);
+-		return -1;
++		goto err;
+ 	}
+ 	if (rth->local.nl_family != AF_NETLINK) {
+ 		fprintf(stderr, "Wrong address family %d\n",
+ 			rth->local.nl_family);
+-		return -1;
++		goto err;
+ 	}
+ 	rth->seq = time(NULL);
+ 	return 0;
++err:
++	rtnl_close(rth);
++	return -1;
+ }
+ 
+ int rtnl_open(struct rtnl_handle *rth, unsigned int subscriptions)
+-- 
+2.23.0
+

backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch

@@ -0,0 +1,32 @@
+From cc143bda6bcec20d073f42162f06dde8998551d4 Mon Sep 17 00:00:00 2001
+From: Maxim Petrov <mmrmaximuzz@gmail.com>
+Date: Tue, 15 Feb 2022 23:53:47 +0300
+Subject: [PATCH] lnstat: fix strdup leak in -w argument parsing
+
+'tmp' string is used for safe tokenizing, but it is not required after
+getting all the widths in -w option. As 'tmp' string is obtained by strdup
+call, the caller has to deallocate it to avoid memory leak.
+
+Signed-off-by: Maxim Petrov <mmrmaximuzz@gmail.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+Conflict: NA
+Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=cc143bda6bc
+---
+ misc/lnstat.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/misc/lnstat.c b/misc/lnstat.c
+index 98904d45..c3293a8e 100644
+--- a/misc/lnstat.c
++++ b/misc/lnstat.c
+@@ -331,6 +331,7 @@ int main(int argc, char **argv)
+ 				for (i = 0; i < MAX_FIELDS; i++)
+ 					fp.params[i].print.width = len;
+ 			}
++			free(tmp);
+ 			break;
+ 		default:
+ 			usage(argv[0], 1);
+-- 
+2.23.0
+

backport-tc_util-Fix-parsing-action-control-with-space-and-sl.patch

@@ -0,0 +1,54 @@
+From 7f70eb2a8b2c451683c801b23b25f34071a8882f Mon Sep 17 00:00:00 2001
+From: Roi Dayan <roid@nvidia.com>
+Date: Thu, 3 Feb 2022 14:20:46 +0200
+Subject: [PATCH] tc_util: Fix parsing action control with space and slash
+
+For action police there is an conform-exceed action control
+which can be for example "jump 2 / pipe".
+The current parsing loop is doing one more iteration than necessary
+and results in ok var being 3.
+
+Example filter:
+
+tc filter add dev enp8s0f0_0 ingress protocol ip prio 2 flower \
+    verbose action police rate 100mbit burst 12m \
+    conform-exceed jump 1 / pipe mirred egress redirect dev enp8s0f0_1 action drop
+
+Before this change the command will fail.
+Trying to add another "pipe" before mirred as a workaround for the stopping the loop
+in ok var 3 resulting in result2 not being saved and wrong filter.
+
+... conform-exceed jump 1 / pipe pipe mirred ...
+
+Example dump of the action part:
+... action order 1:  police 0x1 rate 100Mbit burst 12Mb mtu 2Kb action jump 1 overhead 0b  ...
+
+Fix the behavior by removing redundant case 2 handling, either argc is over or breaking.
+
+Example dump of the action part with the fix:
+... action order 1:  police 0x1 rate 100Mbit burst 12Mb mtu 2Kb action jump 1/pipe overhead 0b ...
+
+Signed-off-by: Roi Dayan <roid@nvidia.com>
+Reviewed-by: Maor Dickman <maord@nvidia.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+Conflict: NA
+Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=7f70eb2a8b2
+---
+ tc/tc_util.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/tc/tc_util.c b/tc/tc_util.c
+index 48065897..b82dbd5d 100644
+--- a/tc/tc_util.c
++++ b/tc/tc_util.c
+@@ -476,7 +476,6 @@ static int parse_action_control_slash_spaces(int *argc_p, char ***argv_p,
+ 			NEXT_ARG();
+ 			/* fall-through */
+ 		case 0: /* fall-through */
+-		case 2:
+ 			ret = parse_action_control(&argc, &argv,
+ 						   result_p, allow_num);
+ 			if (ret)
+-- 
+2.23.0
+

iproute.spec

@@ -1,7 +1,7 @@
 #needsrootforbuild
 Name:		iproute
 Version:	5.5.0
-Release:	15
+Release:	16
 Summary:	Linux network configuration utilities
 License:	GPLv2+ and Public Domain
 URL:		https://kernel.org/pub/linux/utils/net/iproute2/
@@ -35,8 +35,11 @@ Patch6002:  backport-tc-em_u32-fix-offset-parsing.patch
 Patch6003:  backport-bridge-Fix-memory-leak-when-doing-fdb-get.patch
 Patch6004:  backport-ip-address-Fix-memory-leak-when-specifying-device.patch
 Patch6005:  backport-ip-neigh-Fix-memory-leak-when-doing-get.patch
+Patch6006:  backport-tc_util-Fix-parsing-action-control-with-space-and-sl.patch
+Patch6007:  backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch
+Patch6008:  backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch
 
-BuildRequires:	gcc bison elfutils-libelf-devel flex iptables-devel libcap-devel
+BuildRequires:	gcc bison elfutils-libelf-devel flex iptables-devel
 BuildRequires:  libmnl-devel libselinux-devel pkgconfig git make sudo
 Requires:       %{name}-help
 
@@ -110,6 +113,15 @@ install -m 0644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a
 %{_mandir}/*
 
 %changelog
+* Thu Dec 14 2023 liubo <liubo335@huawei.com> - 5.5.0-16
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:libnetlink: fix socket leak in rtnl_open_byproto()
+       lnstat: fix strdup leak in -w argument parsing
+       tc_util: Fix parsing action control with space and slash
+       remove libcap dependency
+
 * Sat May 27 2023 gaoxingwang <gaoxingwang1@huawei.com> - 5.5.0-15
 - Type:bugfix
 - ID:NA