Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package arping2 for openSUSE:Factory checked in at 2026-02-05 18:00:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/arping2 (Old) and /work/SRC/openSUSE:Factory/.arping2.new.1670 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "arping2" Thu Feb 5 18:00:43 2026 rev:26 rq:1331143 version:2.28 Changes: -------- --- /work/SRC/openSUSE:Factory/arping2/arping2.changes 2025-10-17 17:30:06.244913981 +0200 +++ /work/SRC/openSUSE:Factory/.arping2.new.1670/arping2.changes 2026-02-05 18:06:10.598145852 +0100 @@ -1,0 +2,6 @@ +Thu Feb 5 10:38:06 UTC 2026 - Jan Engelhardt <[email protected]> + +- Update to release 2.28 + * Add Linux Landlock support + +------------------------------------------------------------------- Old: ---- arping-2.26.tar.gz arping-2.26.tar.gz.asc New: ---- arping-2.28.tar.gz arping-2.28.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ arping2.spec ++++++ --- /var/tmp/diff_new_pack.2e6AL2/_old 2026-02-05 18:06:11.326176391 +0100 +++ /var/tmp/diff_new_pack.2e6AL2/_new 2026-02-05 18:06:11.334176727 +0100 @@ -17,7 +17,7 @@ Name: arping2 -Version: 2.26 +Version: 2.28 Release: 0 Summary: Layer-2 Ethernet pinger License: GPL-2.0-or-later ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.2e6AL2/_old 2026-02-05 18:06:11.398179412 +0100 +++ /var/tmp/diff_new_pack.2e6AL2/_new 2026-02-05 18:06:11.402179580 +0100 @@ -1,5 +1,5 @@ -mtime: 1760703132 -commit: 665464bf1fdecc54c73829a7dda00f2970469465f9f0f487ceaecdfd92582d3a +mtime: 1770287913 +commit: 84f934dbd55ddc7120660b52ee2a90d45c8958fbcdcbdd936e6bb1370eb614b2 url: https://src.opensuse.org/jengelh/arping2 revision: master ++++++ arping-2.26.tar.gz -> arping-2.28.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/arping-2.26/.github/workflows/openbsd.yml new/arping-2.28/.github/workflows/openbsd.yml --- old/arping-2.26/.github/workflows/openbsd.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/arping-2.28/.github/workflows/openbsd.yml 2025-12-28 09:06:25.000000000 +0100 @@ -0,0 +1,37 @@ +name: OpenBSD + +on: + push: + branches: [ "arping-2.x", "ci" ] + pull_request: + branches: [ "arping-2.x" ] + +jobs: + test: + runs-on: ubuntu-latest + name: Build on OpenBSD + steps: + - uses: actions/checkout@v4 + - name: Test in OpenBSD + id: test + uses: vmactions/openbsd-vm@v1 + with: + usesh: true + prepare: | + pkg_info -Q autoconf | sort -V | tail -1 | xargs pkg_add -v + pkg_info -Q libnet | sort -V | tail -1 | xargs pkg_add -v + pkg_info -Q automake | sort -V | tail -1 | xargs pkg_add -v + + run: | + tree /home/runner/work + pwd + ls -lah + whoami + env + sysctl hw.model + sysctl hw.ncpu + sysctl hw.physmem + sysctl hw.usermem + ./bootstrap.sh + ./configure LDFLAGS=-L/usr/local/lib CPPFLAGS=-I/usr/local/include/libnet-1.1 + make diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/arping-2.26/bootstrap.sh new/arping-2.28/bootstrap.sh --- old/arping-2.26/bootstrap.sh 2025-07-01 21:21:28.000000000 +0200 +++ new/arping-2.28/bootstrap.sh 2025-12-28 09:06:25.000000000 +0100 @@ -1,2 +1,12 @@ #!/bin/sh -autoreconf -i + +if [ "x$(uname -s)" = "xOpenBSD" ]; then + # On OpenBSD, you need to go searching for the autoconf version. + # Sigh. + export AUTOCONF_VERSION=$(/usr/local/bin/autoconf-* --version | sed -n '1s/.* \([0-9.]*\)$/\1/p') + export AUTOMAKE_VERSION=$(/usr/local/bin/automake-* --version | sed -n '1s/.* \([0-9.]*\)$/\1/p') + echo "Autoconf version: ${AUTOCONF_VERSION}" + echo "Automake version: ${AUTOMAKE_VERSION}" +fi + +exec autoreconf -i diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/arping-2.26/config.h.in new/arping-2.28/config.h.in --- old/arping-2.26/config.h.in 2025-07-01 21:21:29.000000000 +0200 +++ new/arping-2.28/config.h.in 2025-12-28 09:06:27.000000000 +0100 @@ -9,6 +9,12 @@ /* Disable seccomp by default */ #undef DEFAULT_SECCOMP +/* Has landlock */ +#undef HAS_LANDLOCK + +/* Has NO_NEW_PRIVS */ +#undef HAS_NO_NEW_PRIVS + /* Define to 1 if you have the <arpa/inet.h> header file. */ #undef HAVE_ARPA_INET_H @@ -69,6 +75,12 @@ /* Define to 1 if you have the `socket' library (-lsocket). */ #undef HAVE_LIBSOCKET +/* Define to 1 if you have the <linux/landlock.h> header file. */ +#undef HAVE_LINUX_LANDLOCK_H + +/* Define to 1 if you have the <linux/prctl.h> header file. */ +#undef HAVE_LINUX_PRCTL_H + /* Define to 1 if you have the `memset' function. */ #undef HAVE_MEMSET @@ -138,6 +150,9 @@ /* Define to 1 if you have the <sys/param.h> header file. */ #undef HAVE_SYS_PARAM_H +/* Define to 1 if you have the <sys/prctl.h> header file. */ +#undef HAVE_SYS_PRCTL_H + /* Define to 1 if you have the <sys/random.h> header file. */ #undef HAVE_SYS_RANDOM_H @@ -150,6 +165,9 @@ /* Define to 1 if you have the <sys/stat.h> header file. */ #undef HAVE_SYS_STAT_H +/* Define to 1 if you have the <sys/syscall.h> header file. */ +#undef HAVE_SYS_SYSCALL_H + /* Define to 1 if you have the <sys/time.h> header file. */ #undef HAVE_SYS_TIME_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/arping-2.26/configure new/arping-2.28/configure --- old/arping-2.26/configure 2025-07-01 21:21:29.000000000 +0200 +++ new/arping-2.28/configure 2025-12-28 09:06:27.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for arping 2.26. +# Generated by GNU Autoconf 2.71 for arping 2.28. # # Report bugs to <[email protected]>. # @@ -611,8 +611,8 @@ # Identity of this package. PACKAGE_NAME='arping' PACKAGE_TARNAME='arping' -PACKAGE_VERSION='2.26' -PACKAGE_STRING='arping 2.26' +PACKAGE_VERSION='2.28' +PACKAGE_STRING='arping 2.28' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1326,7 +1326,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures arping 2.26 to adapt to many kinds of systems. +\`configure' configures arping 2.28 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1398,7 +1398,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of arping 2.26:";; + short | recursive ) echo "Configuration of arping 2.28:";; esac cat <<\_ACEOF @@ -1496,7 +1496,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -arping configure 2.26 +arping configure 2.28 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1861,7 +1861,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by arping $as_me 2.26, which was +It was created by arping $as_me 2.28, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -3250,7 +3250,7 @@ # Define the identity of the package. PACKAGE='arping' - VERSION='2.26' + VERSION='2.28' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -4994,6 +4994,30 @@ printf "%s\n" "#define HAVE_UNISTD_H 1" >>confdefs.h fi +ac_fn_c_check_header_compile "$LINENO" "linux/landlock.h" "ac_cv_header_linux_landlock_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_landlock_h" = xyes +then : + printf "%s\n" "#define HAVE_LINUX_LANDLOCK_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "linux/prctl.h" "ac_cv_header_linux_prctl_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_prctl_h" = xyes +then : + printf "%s\n" "#define HAVE_LINUX_PRCTL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/prctl.h" "ac_cv_header_sys_prctl_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_prctl_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_PRCTL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/syscall.h" "ac_cv_header_sys_syscall_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_syscall_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_SYSCALL_H 1" >>confdefs.h + +fi # Checks for libraries. @@ -5541,6 +5565,77 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if system has landlock" >&5 +printf %s "checking if system has landlock... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #define _GNU_SOURCE + #include<linux/landlock.h> + #include<sys/syscall.h> + #include<unistd.h> + +int +main (void) +{ +syscall(SYS_landlock_create_ruleset, 0, 0, 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define HAS_LANDLOCK 1" >>confdefs.h + + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if NO_NEW_PRIVS exists" >&5 +printf %s "checking if NO_NEW_PRIVS exists... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #define _GNU_SOURCE + #include<linux/prctl.h> + #include<sys/prctl.h> + +int +main (void) +{ +prctl(PR_SET_NO_NEW_PRIVS, 1L, 0L, 0L, 0L); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define HAS_NO_NEW_PRIVS 1" >>confdefs.h + + +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + # Checks for typedefs, structures, and compiler characteristics. { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 printf %s "checking for an ANSI C-conforming const... " >&6; } @@ -7632,7 +7727,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by arping $as_me 2.26, which was +This file was extended by arping $as_me 2.28, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -7700,7 +7795,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -arping config.status 2.26 +arping config.status 2.28 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/arping-2.26/configure.ac new/arping-2.28/configure.ac --- old/arping-2.26/configure.ac 2025-07-01 21:21:28.000000000 +0200 +++ new/arping-2.28/configure.ac 2025-12-28 09:06:25.000000000 +0100 @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT(arping, 2.26, [email protected]) +AC_INIT(arping, 2.28, [email protected]) AC_CANONICAL_SYSTEM AC_CONFIG_SRCDIR([src/arping.c]) AM_INIT_AUTOMAKE @@ -56,7 +56,11 @@ sys/random.h \ net/bpf.h \ pwd.h \ -unistd.h]) +unistd.h \ +linux/landlock.h \ +linux/prctl.h \ +sys/prctl.h \ +sys/syscall.h]) # Checks for libraries. AC_CHECK_LIB([m], [sqrt]) @@ -117,6 +121,41 @@ ], [AC_MSG_RESULT(no)] ) + +AC_MSG_CHECKING([if system has landlock]) +AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [ + #define _GNU_SOURCE + #include<linux/landlock.h> + #include<sys/syscall.h> + #include<unistd.h> + ], + [syscall(SYS_landlock_create_ruleset, 0, 0, 0);] + )], + [ + AC_MSG_RESULT(yes) + AC_DEFINE([HAS_LANDLOCK], [1], [Has landlock]) + ], + [AC_MSG_RESULT(no)] +) + +AC_MSG_CHECKING([if NO_NEW_PRIVS exists]) +AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [ + #define _GNU_SOURCE + #include<linux/prctl.h> + #include<sys/prctl.h> + ], + [prctl(PR_SET_NO_NEW_PRIVS, 1L, 0L, 0L, 0L);] + )], + [ + AC_MSG_RESULT(yes) + AC_DEFINE([HAS_NO_NEW_PRIVS], [1], [Has NO_NEW_PRIVS]) + ], + [AC_MSG_RESULT(no)] +) # Checks for typedefs, structures, and compiler characteristics. AC_C_CONST diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/arping-2.26/extra/pre-commit new/arping-2.28/extra/pre-commit --- old/arping-2.26/extra/pre-commit 2025-07-01 21:21:28.000000000 +0200 +++ new/arping-2.28/extra/pre-commit 2025-12-28 09:06:25.000000000 +0100 @@ -1,7 +1,19 @@ #!/usr/bin/env bash -set -e -make +set -ueo pipefail + +ARPING_TEMPDIR="$(mktemp -d /tmp/arping-test-XXXXXX)" +echo "Set up tempdir ${ARPING_TEMPDIR}" +git archive HEAD | tar -x -C "${ARPING_TEMPDIR}" +git diff --cached --binary | ( + cd "${ARPING_TEMPDIR}" + git apply +) +cd "${ARPING_TEMPDIR}" + +./bootstrap.sh +./configure +make -j$(nproc) make check make distcheck -sudo sudo ./tests/run +sudo ./tests/run diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/arping-2.26/src/Makefile.am new/arping-2.28/src/Makefile.am --- old/arping-2.26/src/Makefile.am 2025-07-01 21:21:28.000000000 +0200 +++ new/arping-2.28/src/Makefile.am 2025-12-28 09:06:25.000000000 +0100 @@ -8,15 +8,15 @@ sbin_PROGRAMS = arping noinst_PROGRAMS = fuzz_pingip -arping_SOURCES = arping.c arping_main.c unix.c cast.c seccomp.c +arping_SOURCES = arping.c arping_main.c unix.c cast.c seccomp.c landlock.c no_new_privs.c arping_LDADD = $(LIBOBJS) -fuzz_pingip_SOURCES = arping.c fuzz_pingip.c unix.c mock_libpcap.c mock_libnet.c cast.c seccomp.c +fuzz_pingip_SOURCES = arping.c fuzz_pingip.c unix.c mock_libpcap.c mock_libnet.c cast.c seccomp.c landlock.c no_new_privs.c fuzz_pingip_LDADD = $(LIBOBJS) TESTS=arping_test check_PROGRAMS=arping_test -arping_test_SOURCES=arping.c arping_test.c unix.c mock_libpcap.c mock_libnet.c cast.c seccomp.c +arping_test_SOURCES=arping.c arping_test.c unix.c mock_libpcap.c mock_libnet.c cast.c seccomp.c landlock.c no_new_privs.c arping_test_LDADD=$(LIBOBJS) -lcheck -lpthread -lsubunit #cast.h cast.c: mkcast.py diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/arping-2.26/src/Makefile.in new/arping-2.28/src/Makefile.in --- old/arping-2.26/src/Makefile.in 2025-07-01 21:21:30.000000000 +0200 +++ new/arping-2.28/src/Makefile.in 2025-12-28 09:06:27.000000000 +0100 @@ -110,17 +110,20 @@ am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(includedir)" PROGRAMS = $(noinst_PROGRAMS) $(sbin_PROGRAMS) am_arping_OBJECTS = arping.$(OBJEXT) arping_main.$(OBJEXT) \ - unix.$(OBJEXT) cast.$(OBJEXT) seccomp.$(OBJEXT) + unix.$(OBJEXT) cast.$(OBJEXT) seccomp.$(OBJEXT) \ + landlock.$(OBJEXT) no_new_privs.$(OBJEXT) arping_OBJECTS = $(am_arping_OBJECTS) arping_DEPENDENCIES = $(LIBOBJS) am_arping_test_OBJECTS = arping.$(OBJEXT) arping_test.$(OBJEXT) \ unix.$(OBJEXT) mock_libpcap.$(OBJEXT) mock_libnet.$(OBJEXT) \ - cast.$(OBJEXT) seccomp.$(OBJEXT) + cast.$(OBJEXT) seccomp.$(OBJEXT) landlock.$(OBJEXT) \ + no_new_privs.$(OBJEXT) arping_test_OBJECTS = $(am_arping_test_OBJECTS) arping_test_DEPENDENCIES = $(LIBOBJS) am_fuzz_pingip_OBJECTS = arping.$(OBJEXT) fuzz_pingip.$(OBJEXT) \ unix.$(OBJEXT) mock_libpcap.$(OBJEXT) mock_libnet.$(OBJEXT) \ - cast.$(OBJEXT) seccomp.$(OBJEXT) + cast.$(OBJEXT) seccomp.$(OBJEXT) landlock.$(OBJEXT) \ + no_new_privs.$(OBJEXT) fuzz_pingip_OBJECTS = $(am_fuzz_pingip_OBJECTS) fuzz_pingip_DEPENDENCIES = $(LIBOBJS) AM_V_P = $(am__v_P_@AM_V@) @@ -143,8 +146,9 @@ $(DEPDIR)/findif_other.Po $(DEPDIR)/findif_sysctl.Po \ ./$(DEPDIR)/arping.Po ./$(DEPDIR)/arping_main.Po \ ./$(DEPDIR)/arping_test.Po ./$(DEPDIR)/cast.Po \ - ./$(DEPDIR)/fuzz_pingip.Po ./$(DEPDIR)/mock_libnet.Po \ - ./$(DEPDIR)/mock_libpcap.Po ./$(DEPDIR)/seccomp.Po \ + ./$(DEPDIR)/fuzz_pingip.Po ./$(DEPDIR)/landlock.Po \ + ./$(DEPDIR)/mock_libnet.Po ./$(DEPDIR)/mock_libpcap.Po \ + ./$(DEPDIR)/no_new_privs.Po ./$(DEPDIR)/seccomp.Po \ ./$(DEPDIR)/unix.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ @@ -506,11 +510,11 @@ AUTOMAKE_OPTIONS = foreign DISTCLEANFILES = *~ include_HEADERS = arping.h -arping_SOURCES = arping.c arping_main.c unix.c cast.c seccomp.c +arping_SOURCES = arping.c arping_main.c unix.c cast.c seccomp.c landlock.c no_new_privs.c arping_LDADD = $(LIBOBJS) -fuzz_pingip_SOURCES = arping.c fuzz_pingip.c unix.c mock_libpcap.c mock_libnet.c cast.c seccomp.c +fuzz_pingip_SOURCES = arping.c fuzz_pingip.c unix.c mock_libpcap.c mock_libnet.c cast.c seccomp.c landlock.c no_new_privs.c fuzz_pingip_LDADD = $(LIBOBJS) -arping_test_SOURCES = arping.c arping_test.c unix.c mock_libpcap.c mock_libnet.c cast.c seccomp.c +arping_test_SOURCES = arping.c arping_test.c unix.c mock_libpcap.c mock_libnet.c cast.c seccomp.c landlock.c no_new_privs.c arping_test_LDADD = $(LIBOBJS) -lcheck -lpthread -lsubunit all: all-am @@ -623,8 +627,10 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arping_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cast.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fuzz_pingip.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/landlock.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mock_libnet.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mock_libpcap.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/no_new_privs.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/seccomp.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix.Po@am__quote@ # am--include-marker @@ -975,8 +981,10 @@ -rm -f ./$(DEPDIR)/arping_test.Po -rm -f ./$(DEPDIR)/cast.Po -rm -f ./$(DEPDIR)/fuzz_pingip.Po + -rm -f ./$(DEPDIR)/landlock.Po -rm -f ./$(DEPDIR)/mock_libnet.Po -rm -f ./$(DEPDIR)/mock_libpcap.Po + -rm -f ./$(DEPDIR)/no_new_privs.Po -rm -f ./$(DEPDIR)/seccomp.Po -rm -f ./$(DEPDIR)/unix.Po -rm -f Makefile @@ -1034,8 +1042,10 @@ -rm -f ./$(DEPDIR)/arping_test.Po -rm -f ./$(DEPDIR)/cast.Po -rm -f ./$(DEPDIR)/fuzz_pingip.Po + -rm -f ./$(DEPDIR)/landlock.Po -rm -f ./$(DEPDIR)/mock_libnet.Po -rm -f ./$(DEPDIR)/mock_libpcap.Po + -rm -f ./$(DEPDIR)/no_new_privs.Po -rm -f ./$(DEPDIR)/seccomp.Po -rm -f ./$(DEPDIR)/unix.Po -rm -f Makefile diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/arping-2.26/src/arping.c new/arping-2.28/src/arping.c --- old/arping-2.26/src/arping.c 2025-07-01 21:21:28.000000000 +0200 +++ new/arping-2.28/src/arping.c 2025-12-28 09:06:25.000000000 +0100 @@ -188,6 +188,14 @@ static char* payload_suffix = NULL; static const size_t payload_suffix_size = 4; +// Must be at least big enough to capture an entire packet. +// Longest possible: +// MAC: 802.1q(16) + IPv4(20) + ICMPv4(4) + timespec(18?) + 4 = 62. +// IP: 802.1q(16) + ARP(8) + 2xaddr_pair = 44. +// 100 is enough. +static const size_t pcap_snaplen = 100; +static const size_t pcap_timeout_ms = 10; + /* If there were any libnet write failures, we return error. */ static size_t libnet_write_failures = 0; @@ -241,6 +249,9 @@ /* Doesn't really need to be volatile, but doesn't hurt. */ static volatile sig_atomic_t time_to_die = 0; +void drop_landlock(); +void drop_no_new_privs(); + static float must_parse_float(const char* in, const char* what) { @@ -597,6 +608,8 @@ gid = must_get_group(drop_group); } drop_fs_root(); + drop_landlock(); + drop_no_new_privs(); drop_uid(uid, gid); drop_capabilities(); #ifdef HAVE_UNVEIL @@ -1656,13 +1669,17 @@ assert(packet); if(verbose>2) { - printf("arping: received response for mac ping\n"); + printf("arping: received response for mac ping len=%d caplen=%d\n", + h->len, h->caplen); } getclock(&arrival); if (vlan_tag >= 0) { - if (h->caplen < LIBNET_ETH_H + LIBNET_IPV4_H + LIBNET_ICMPV4_H) { + if (h->caplen < LIBNET_802_1Q_H + LIBNET_IPV4_H + + LIBNET_ICMPV4_H + + sizeof(struct timespec) + + payload_suffix_size) { return; } veth = (void*)packet; @@ -1671,7 +1688,10 @@ pkt_srcmac = veth->vlan_shost; pkt_dstmac = veth->vlan_dhost; } else { - if (h->caplen < LIBNET_ETH_H + LIBNET_ARP_H + LIBNET_ICMPV4_H) { + if (h->caplen < LIBNET_ETH_H + LIBNET_IPV4_H + + LIBNET_ICMPV4_H + + sizeof(struct timespec) + + payload_suffix_size) { return; } heth = (void*)packet; @@ -1755,10 +1775,10 @@ const char* payload = (char*)hicmp + LIBNET_ICMPV4_ECHO_H; const size_t tmp = cast_ssize_size(payload - (char*)packet, NULL); - if (h->len < tmp) { + if (h->caplen < tmp) { return; } - const size_t payload_size = h->len - tmp; + const size_t payload_size = h->caplen - tmp; if (payload_size < sizeof(struct timespec) + payload_suffix_size) { return; } @@ -2473,7 +2493,8 @@ /* * pcap init */ - if (!(pcap = do_pcap_open_live(ifname, 100, 10, ebuf))) { + if (!(pcap = do_pcap_open_live(ifname, pcap_snaplen, + pcap_timeout_ms, ebuf))) { strip_newline(ebuf); fprintf(stderr, "arping: pcap_open_live(): %s\n", ebuf); exit(1); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/arping-2.26/src/landlock.c new/arping-2.28/src/landlock.c --- old/arping-2.26/src/landlock.c 1970-01-01 01:00:00.000000000 +0100 +++ new/arping-2.28/src/landlock.c 2025-12-28 09:06:25.000000000 +0100 @@ -0,0 +1,116 @@ +/* + * Copyright (C) 2025 Thomas Habets <[email protected]> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#define _GNU_SOURCE +#if HAVE_CONFIG_H +#include "config.h" +#endif + +#include <dirent.h> +#include <stdio.h> +#include <errno.h> +#include <string.h> +#include <unistd.h> + +#if HAVE_LINUX_LANDLOCK_H +#if HAS_LANDLOCK +#include<linux/landlock.h> +#include<sys/syscall.h> +#define ACTUALLY_USE_LANDLOCK 1 +#endif +#endif + +#include "arping.h" + +#ifdef ACTUALLY_USE_LANDLOCK +static int ll_create_ruleset(const struct landlock_ruleset_attr *attr, size_t size, __u32 flags) { + return syscall(SYS_landlock_create_ruleset, attr, size, flags); +} +static int ll_add_rule(int ruleset_fd, enum landlock_rule_type type, const void *rule_attr, __u32 flags) { + return syscall(SYS_landlock_add_rule, ruleset_fd, type, rule_attr, flags); +} +static int ll_restrict_self(int ruleset_fd, __u32 flags) { + return syscall(SYS_landlock_restrict_self, ruleset_fd, flags); +} +#endif + +void +drop_landlock() +{ +#ifdef ACTUALLY_USE_LANDLOCK + struct landlock_ruleset_attr ruleset_attr = { + .handled_access_fs = 0 + | LANDLOCK_ACCESS_FS_WRITE_FILE + | LANDLOCK_ACCESS_FS_READ_FILE + | LANDLOCK_ACCESS_FS_READ_DIR + | LANDLOCK_ACCESS_FS_REMOVE_DIR + | LANDLOCK_ACCESS_FS_REMOVE_FILE + | LANDLOCK_ACCESS_FS_MAKE_CHAR + | LANDLOCK_ACCESS_FS_MAKE_DIR + | LANDLOCK_ACCESS_FS_MAKE_REG + | LANDLOCK_ACCESS_FS_MAKE_SOCK + | LANDLOCK_ACCESS_FS_MAKE_FIFO +#ifdef LANDLOCK_ACCESS_FS_REFER + | LANDLOCK_ACCESS_FS_REFER +#endif + | LANDLOCK_ACCESS_FS_MAKE_BLOCK + | LANDLOCK_ACCESS_FS_MAKE_SYM +#ifdef LANDLOCK_ACCESS_FS_TRUNCATE + | LANDLOCK_ACCESS_FS_TRUNCATE +#endif +#ifdef LANDLOCK_ACCESS_FS_IOCTL_DEV + | LANDLOCK_ACCESS_FS_IOCTL_DEV +#endif + | LANDLOCK_ACCESS_FS_EXECUTE, +#ifdef LANDLOCK_ACCESS_NET_BIND_TCP + .handled_access_net = + LANDLOCK_ACCESS_NET_BIND_TCP + | LANDLOCK_ACCESS_NET_CONNECT_TCP, +#endif +#ifdef LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET + .scoped = + LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET + | LANDLOCK_SCOPE_SIGNAL, +#endif + }; + int ruleset = ll_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0); + if (ruleset < 0) { + fprintf(stderr, "arping: Failed to create landlock ruleset: %s\n", + strerror(errno)); + return; + } + if (ll_restrict_self(ruleset, 0)) { + fprintf(stderr, "arping: Failed to restrict with landlock: %s\n", + strerror(errno)); + close(ruleset); + return; + } + close(ruleset); + DIR *de = opendir("/"); + if (de) { + fprintf(stderr, "arping: landlock failed to take effect\n"); + closedir(de); + } else if (errno != EACCES) { + fprintf(stderr, "arping: landlock caused error not EACCES: \n", + strerror(errno)); + } + if (verbose > 0) { + printf("arping: Landlock enabled\n"); + } +#endif +} + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/arping-2.26/src/no_new_privs.c new/arping-2.28/src/no_new_privs.c --- old/arping-2.26/src/no_new_privs.c 1970-01-01 01:00:00.000000000 +0100 +++ new/arping-2.28/src/no_new_privs.c 2025-12-28 09:06:25.000000000 +0100 @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2025 Thomas Habets <[email protected]> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#define _GNU_SOURCE +#if HAVE_CONFIG_H +#include "config.h" +#endif + +#include <stdio.h> +#include <string.h> +#include <errno.h> + +#if HAVE_LINUX_PRCTL_H +#include <linux/prctl.h> /* Definition of PR_* constants */ +#endif +#if HAVE_SYS_PRCTL_H +#include <sys/prctl.h> +#endif + +#include "arping.h" + +void +drop_no_new_privs() +{ +#ifdef HAS_NO_NEW_PRIVS + if (prctl(PR_SET_NO_NEW_PRIVS, 1L, 0L, 0L, 0L)) { + fprintf(stderr, "arping: setting NO_NEW_PRIVS failed: %s\n", + strerror(errno)); + } + if (verbose > 2) { + printf("arping: Prevented new privs being set\n"); + } +#endif +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/arping-2.26/tests/simple_verbose.out new/arping-2.28/tests/simple_verbose.out --- old/arping-2.26/tests/simple_verbose.out 2025-07-01 21:21:28.000000000 +0200 +++ new/arping-2.28/tests/simple_verbose.out 2025-12-28 09:06:25.000000000 +0100 @@ -1,5 +1,6 @@ arping: Autodetected interface veth0 (arping: chdir\([^)]+\): No such file or directory +)?(arping: Landlock enabled )?This box: Interface: veth0 IP: 192[.]0[.]2[.]100 MAC address: 00:01:02:33:44:00 ARPING 192[.]0[.]2[.]101 42 bytes from 00:01:02:33:44:01 \(192[.]0[.]2[.]101\): index=0 time=\d+[.]\d+ usec ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-02-05 11:39:28.000000000 +0100 @@ -0,0 +1 @@ +.osc
