Hello community, here is the log from the commit of package smcroute for openSUSE:Factory checked in at 2019-02-27 17:27:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/smcroute (Old) and /work/SRC/openSUSE:Factory/.smcroute.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "smcroute" Wed Feb 27 17:27:32 2019 rev:3 rq:673592 version:2.4.4 Changes: -------- --- /work/SRC/openSUSE:Factory/smcroute/smcroute.changes 2018-11-26 10:22:38.193568393 +0100 +++ /work/SRC/openSUSE:Factory/.smcroute.new.28833/smcroute.changes 2019-02-27 17:27:33.271355086 +0100 @@ -1,0 +2,16 @@ +Tue Feb 12 09:18:48 UTC 2019 - Martin Hauke <[email protected]> + +- Update to version 2.4.4 + Changes + * Allow same outbound interface as inbound for routes, only warn user + * systemd unit file hardening, recommended by Debian + Fixes + * IGMP header checksum missing from mrdisc frames + * Unblock *all* matching, and currently blocked, (S,G) to a + newly installed (*,G) route, only the first know was unblocked + * Timer nanosecond bug causing loss of address refresh on DHCP + interfaces. Interface monitoring feature introduced in v2.4.3 + * Calling init script with `stop` does not stop `smcrouted` + * ifindex in UNIX/POSIX is an interger, not unsigned short + +------------------------------------------------------------------- Old: ---- smcroute-2.4.3.tar.gz New: ---- smcroute-2.4.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ smcroute.spec ++++++ --- /var/tmp/diff_new_pack.fNGDSQ/_old 2019-02-27 17:27:34.531354634 +0100 +++ /var/tmp/diff_new_pack.fNGDSQ/_new 2019-02-27 17:27:34.563354623 +0100 @@ -1,7 +1,7 @@ # # spec file for package smcroute # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018, Martin Hauke <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -18,7 +18,7 @@ Name: smcroute -Version: 2.4.3 +Version: 2.4.4 Release: 0 Summary: Static multicast routing for UNIX License: GPL-3.0-only ++++++ smcroute-2.4.3.tar.gz -> smcroute-2.4.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smcroute-2.4.3/ChangeLog.md new/smcroute-2.4.4/ChangeLog.md --- old/smcroute-2.4.3/ChangeLog.md 2018-11-07 01:34:48.000000000 +0100 +++ new/smcroute-2.4.4/ChangeLog.md 2019-02-11 20:41:03.000000000 +0100 @@ -3,8 +3,26 @@ All notable changes to the project are documented in this file. -[v2.4.3][] ----------- +[v2.4.4][] - 2019-02-11 +----------------------- + +### Changes +- Allow same outbound interface as inbound for routes, only warn user +- systemd unit file hardening, recommended by Debian +- Discontinued GPG signing, unused and signed with only one dev key + +### Fixes +- Fix #104: IGMP header checksum missing from mrdisc frames +- Fix #105: Unblock *all* matching, and currently blocked, (S,G) to a + newly installed (*,G) route, only the first know was unblocked +- Fix #106: Timer nanosecond bug causing loss of address refresh on DHCP + interfaces. Interface monitoring feature introduced in v2.4.3 +- Fix #108: Calling init script with `stop` does not stop `smcrouted` +- Fix #109: ifindex in UNIX/POSIX is an interger, not unsigned short + + +[v2.4.3][] - 2018-11-06 +----------------------- The Lyon release. @@ -473,8 +491,9 @@ [mrdisc]: https://github.com/troglobit/mrdisc [RFC4286]: https://tools.ietf.org/html/rfc4286 -[UNRELEASED]: https://github.com/troglobit/smcroute/compare/2.4.3...HEAD -[v2.4.2]: https://github.com/troglobit/smcroute/compare/2.4.2...2.4.3 +[UNRELEASED]: https://github.com/troglobit/smcroute/compare/2.4.4...HEAD +[v2.4.4]: https://github.com/troglobit/smcroute/compare/2.4.3...2.4.4 +[v2.4.3]: https://github.com/troglobit/smcroute/compare/2.4.2...2.4.3 [v2.4.2]: https://github.com/troglobit/smcroute/compare/2.4.1...2.4.2 [v2.4.1]: https://github.com/troglobit/smcroute/compare/2.4.1...2.4.1 [v2.4.0]: https://github.com/troglobit/smcroute/compare/2.3.1...2.4.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smcroute-2.4.3/Makefile.am new/smcroute-2.4.4/Makefile.am --- old/smcroute-2.4.3/Makefile.am 2018-11-07 01:34:48.000000000 +0100 +++ new/smcroute-2.4.4/Makefile.am 2019-02-11 20:41:03.000000000 +0100 @@ -27,18 +27,11 @@ $(RM) $(DESTDIR)$(mandir)/$$file; \ done -## Generate detached signature file (ascii-armored), like OpenVPN does -GPG = gpg -gpg-dist: - for file in $(DIST_ARCHIVES); do \ - $(GPG) -ba $$file; \ - done - ## Generate MD5 checksum file MD5 = md5sum md5-dist: @for file in $(DIST_ARCHIVES); do \ - $(MD5) $$file > $$file.md5; \ + $(MD5) $$file > ../$$file.md5; \ done ## Check if tagged in git @@ -60,13 +53,12 @@ fi ## Target to run when building a release -release: distcheck release-hook md5-dist gpg-dist +release: distcheck release-hook md5-dist + @mv $(DIST_ARCHIVES) ../ @echo @echo "Resulting release files:" @echo "=================================================================" @for file in $(DIST_ARCHIVES); do \ printf "$$file \tDistribution tarball\n"; \ - printf "$$file.md5\t"; cat $$file.md5 | cut -f1 -d' '; \ - printf "$$file.asc\tGPG signature "; gpg --verify $$file.asc 2>&1 \ - | grep 'key ID' | sed 's/.*using \(.*\)/\1/'; echo; \ + printf "$$file.md5\t"; cat ../$$file.md5 | cut -f1 -d' '; \ done diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smcroute-2.4.3/configure.ac new/smcroute-2.4.4/configure.ac --- old/smcroute-2.4.3/configure.ac 2018-11-07 01:34:48.000000000 +0100 +++ new/smcroute-2.4.4/configure.ac 2019-02-11 20:41:03.000000000 +0100 @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT(SMCRoute, 2.4.3, https://github.com/troglobit/smcroute/issues, smcroute, http://troglobit.com/smcroute.html) +AC_INIT(SMCRoute, 2.4.4, https://github.com/troglobit/smcroute/issues, smcroute, http://troglobit.com/smcroute.html) AM_INIT_AUTOMAKE([1.11 foreign dist-xz]) AM_SILENT_RULES([yes]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smcroute-2.4.3/smcroute.8 new/smcroute-2.4.4/smcroute.8 --- old/smcroute-2.4.3/smcroute.8 2018-11-07 01:34:48.000000000 +0100 +++ new/smcroute-2.4.4/smcroute.8 2019-02-11 20:41:03.000000000 +0100 @@ -231,8 +231,8 @@ .Ar INIFNAME and .Ar OUTIFNAME -can be any network interface as listed by 'ifconfig' or 'ip link -list' (incl. tunnel interfaces), but not the loopback interface. +can be any multicast capable network interface as listed by 'ifconfig' +or 'ip link list' (incl. tunnel interfaces), including loopback. .Pp To add a (*,G) route, either leave .Ar SOURCE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smcroute-2.4.3/smcroute.init new/smcroute-2.4.4/smcroute.init --- old/smcroute-2.4.3/smcroute.init 2018-11-07 01:34:48.000000000 +0100 +++ new/smcroute-2.4.4/smcroute.init 2019-02-11 20:41:03.000000000 +0100 @@ -18,6 +18,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/smcrouted +DAEMONCTL=/usr/sbin/smcroutectl DAEMON_OPTS= NAME=smcrouted DESC="static multicast router daemon" @@ -50,7 +51,7 @@ local error local result log_begin_msg "Stopping $DESC: $NAME" - error=$($DAEMON -k 2>&1) + error=$($DAEMONCTL kill 2>&1) result=$? log_progress_msg ${error#ERRO: } log_end_msg $result diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smcroute-2.4.3/smcroute.service.in new/smcroute-2.4.4/smcroute.service.in --- old/smcroute-2.4.3/smcroute.service.in 2018-11-07 01:34:48.000000000 +0100 +++ new/smcroute-2.4.4/smcroute.service.in 2019-02-11 20:41:03.000000000 +0100 @@ -11,5 +11,11 @@ Type=simple ExecStart=@SBINDIR@/smcrouted -n -s +# Hardening settings +NoNewPrivileges=true +ProtectControlGroups=true +ProtectSystem=full +ProtectHome=true + [Install] WantedBy=multi-user.target diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smcroute-2.4.3/src/conf.c new/smcroute-2.4.4/src/conf.c --- old/smcroute-2.4.3/src/conf.c 2018-11-07 01:34:48.000000000 +0100 +++ new/smcroute-2.4.4/src/conf.c 2019-02-11 20:41:03.000000000 +0100 @@ -31,6 +31,8 @@ #define MAX_LINE_LEN 512 #define DEBUG(fmt, args...) \ smclog(LOG_DEBUG, "%s:%02d: " fmt, conf, lineno, ##args) +#define INFO(fmt, args...) \ + smclog(LOG_INFO, "%s:%02d: " fmt, conf, lineno, ##args) #define WARN(fmt, args...) \ smclog(LOG_WARNING, "%s:%02d: " fmt, conf, lineno, ##args) @@ -166,13 +168,9 @@ iface_match_init(&state_out); while ((mif = iface_match_mif_by_name(outbound[i], &state_out, &iface)) >= 0) { if (mif == mroute.inbound) { - state_out.match_count--; - /* In case of wildcard matches, in==out is - * quite normal, so don't complain - */ + /* In case of wildcard match in==out is normal, so don't complain */ if (!ifname_is_wildcard(ifname) && !ifname_is_wildcard(outbound[i])) - WARN("Same outbound IPv6 interface (%s) as inbound (%s)?", outbound[i], ifname); - continue; + INFO("Same outbound IPv6 interface (%s) as inbound (%s) may cause routing loops.", outbound[i], ifname); } /* Use a TTL threshold to indicate the list of outbound interfaces. */ @@ -237,13 +235,9 @@ iface_match_init(&state_out); while ((vif = iface_match_vif_by_name(outbound[i], &state_out, &iface)) >= 0) { if (vif == mroute.inbound) { - state_out.match_count--; + /* In case of wildcard match in==out is normal, so don't complain */ if (!ifname_is_wildcard(ifname) && !ifname_is_wildcard(outbound[i])) - /* In case of wildcard matches, in==out is - * quite normal, so don't complain - */ - WARN("Same outbound IPv4 interface (%s) as inbound (%s)?", outbound[i], ifname); - continue; + INFO("Same outbound IPv4 interface (%s) as inbound (%s) may cause routing loops.", outbound[i], ifname); } /* Use a TTL threshold to indicate the list of outbound interfaces. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smcroute-2.4.3/src/ifvc.h new/smcroute-2.4.4/src/ifvc.h --- old/smcroute-2.4.3/src/ifvc.h 2018-11-07 01:34:48.000000000 +0100 +++ new/smcroute-2.4.4/src/ifvc.h 2019-02-11 20:41:03.000000000 +0100 @@ -11,7 +11,7 @@ struct iface { char name[IFNAMSIZ + 1]; struct in_addr inaddr; /* == 0 for non IP interfaces */ - u_short ifindex; /* Physical interface index */ + int ifindex; /* Physical interface index */ short flags; short vif; short mif; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smcroute-2.4.3/src/inet.c new/smcroute-2.4.4/src/inet.c --- old/smcroute-2.4.3/src/inet.c 2018-11-07 01:34:48.000000000 +0100 +++ new/smcroute-2.4.4/src/inet.c 2019-02-11 20:41:03.000000000 +0100 @@ -36,6 +36,37 @@ #define MC_ALL_SNOOPERS "224.0.0.106" +/* Checksum routine for Internet Protocol family headers */ +static unsigned short in_cksum(unsigned short *addr, int len) +{ + unsigned short *w = addr; + unsigned short answer = 0; + int nleft = len; + int sum = 0; + + /* + * Our algorithm is simple, using a 32 bit accumulator (sum), we add + * sequential 16 bit words to it, and at the end, fold back all the + * carry bits from the top 16 bits into the lower 16 bits. + */ + while (nleft > 1) { + sum += *w++; + nleft -= 2; + } + + /* mop up an odd byte, if necessary */ + if (nleft == 1) { + *(unsigned char *)(&answer) = *(unsigned char *)w; + sum += answer; + } + + /* add back carry outs from top 16 bits to low 16 bits */ + sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ + sum += (sum >> 16); /* add carry */ + answer = ~sum; /* truncate to 16 bits */ + + return answer; +} int inet_open(char *ifname) { @@ -121,7 +152,7 @@ memset(&igmp, 0, sizeof(igmp)); igmp.igmp_type = type; igmp.igmp_code = interval; - igmp.igmp_cksum = 0; + igmp.igmp_cksum = in_cksum((unsigned short *)&igmp, sizeof(igmp)); compose_addr((struct sockaddr_in *)&dest, MC_ALL_SNOOPERS); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smcroute-2.4.3/src/mroute.c new/smcroute-2.4.4/src/mroute.c --- old/smcroute-2.4.3/src/mroute.c 2018-11-07 01:34:48.000000000 +0100 +++ new/smcroute-2.4.4/src/mroute.c 2019-02-11 20:41:03.000000000 +0100 @@ -240,7 +240,7 @@ /* Initialize virtual interface table */ memset(&vif_list, 0, sizeof(vif_list)); - /* Create virtual interfaces (VIFs) for all non-loopback interfaces supporting multicast */ + /* Create virtual interfaces (VIFs) for all IFF_MULTICAST interfaces */ if (do_vifs) { for (iface = iface_iterator(1); iface; iface = iface_iterator(0)) mroute4_add_vif(iface); @@ -744,10 +744,16 @@ /* Also, immediately expire any currently blocked traffic */ LIST_FOREACH_SAFE(dyn, &mroute4_dyn_list, link, tmp) { if (!is_active4(dyn) && is_match4(entry, dyn)) { + char origin[INET_ADDRSTRLEN], group[INET_ADDRSTRLEN]; + + inet_ntop(AF_INET, &dyn->group, group, INET_ADDRSTRLEN); + inet_ntop(AF_INET, &dyn->source, origin, INET_ADDRSTRLEN); + smclog(LOG_DEBUG, "Flushing (%s,%s) on VIF %d, new matching (*,G) rule ...", + origin, group, dyn->inbound); + kern_del4(dyn, 0); LIST_REMOVE(dyn, link); free(dyn); - break; } } @@ -947,7 +953,7 @@ } } #endif - /* Create virtual interfaces, IPv6 MIFs, for all non-loopback interfaces */ + /* Create virtual interfaces, IPv6 MIFs, for all IFF_MULTICAST interfaces */ if (do_vifs) { for (iface = iface_iterator(1); iface; iface = iface_iterator(0)) mroute6_add_mif(iface); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smcroute-2.4.3/src/msg.c new/smcroute-2.4.4/src/msg.c --- old/smcroute-2.4.3/src/msg.c 2018-11-07 01:34:48.000000000 +0100 +++ new/smcroute-2.4.4/src/msg.c 2019-02-11 20:41:03.000000000 +0100 @@ -179,13 +179,9 @@ iface_match_init(&state_out); while ((vif = iface_match_vif_by_name(ifname_out, &state_out, NULL)) >= 0) { if (vif == mroute.inbound) { - state_out.match_count--; - /* In case of wildcard matches, in==out is - * quite normal, so don't complain - */ + /* In case of wildcard match in==out is normal, so don't complain */ if (!ifname_is_wildcard(ifname_in) && !ifname_is_wildcard(ifname_out) && !errmsg++) - smclog(LOG_WARNING, "Same outbound interface (%s) as inbound (%s)?", ifname_out, ifname_in); - continue; + smclog(LOG_WARNING, "Same outbound interface (%s) as inbound (%s) may cause routing loops.", ifname_out, ifname_in); } mroute.ttl[vif] = 1; /* Use a TTL threshold */ total++; @@ -267,13 +263,9 @@ iface_match_init(&state_out); while ((mif = iface_match_mif_by_name(ifname_out, &state_out, NULL)) >= 0) { if (mif == mroute.inbound) { - state_out.match_count--; - /* In case of wildcard matches, in==out is - * quite normal, so don't complain - */ + /* In case of wildcard match in==out is normal, so don't complain */ if (!ifname_is_wildcard(ifname_in) && !ifname_is_wildcard(ifname_out) && !errmsg++) - smclog(LOG_WARNING, "Same outbound interface (%s) as inbound (%s)?", ifname_out, ifname_in); - continue; + smclog(LOG_INFO, "Same outbound interface (%s) as inbound (%s) may cause routing loops.", ifname_out, ifname_in); } mroute.ttl[mif] = 1; /* Use a TTL threshold */ total++; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/smcroute-2.4.3/src/timer.c new/smcroute-2.4.4/src/timer.c --- old/smcroute-2.4.3/src/timer.c 2018-11-07 01:34:48.000000000 +0100 +++ new/smcroute-2.4.4/src/timer.c 2019-02-11 20:41:03.000000000 +0100 @@ -58,10 +58,13 @@ static int expired(struct timer *t, struct timespec *now) { + long round_nsec = now->tv_nsec + 250000000; + round_nsec = round_nsec > 999999999 ? 999999999 : round_nsec; + if (t->timeout.tv_sec < now->tv_sec) return 1; - if (t->timeout.tv_sec == now->tv_sec && t->timeout.tv_nsec <= now->tv_nsec) + if (t->timeout.tv_sec == now->tv_sec && t->timeout.tv_nsec <= round_nsec) return 1; return 0; @@ -108,7 +111,7 @@ memset(&it, 0, sizeof(it)); it.it_value.tv_sec = next->timeout.tv_sec - now->tv_sec; - it.it_value.tv_nsec = 0; + it.it_value.tv_nsec = next->timeout.tv_nsec - now->tv_nsec; timer_settime(timer, 0, &it, NULL); return 0;
