sync some pathes from upstream

(cherry picked from commit f27c2d99edf3a6d3f80f65caeb118146521d7eee)

backport-Revert-ping-use-random-value-for-the-identifier-field.patch

@@ -0,0 +1,155 @@
+From d466aabcadcc2d7fd1f132ea3f580ad102773cf9 Mon Sep 17 00:00:00 2001
+From: Petr Vorel <pvorel@suse.cz>
+Date: Wed, 6 Dec 2023 15:42:16 +0100
+Subject: [PATCH] Revert "ping: use random value for the identifier field"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This reverts commit 5026c2221a15bf13e601eade015c971bf07a27e9.
+
+Unlike TCP and UDP, which use port to uniquely identify the socket to
+deliver data, ICMP use identifier field (ID) to identify the socket.
+
+Therefore if on the same machine, at the same time, two ping processes
+use the same ID, echo reply can be delivered to the wrong socket.
+
+This is known problem due 16 bit ID field (65535). We used to use PID
+to get unique number. The default value of /proc/sys/kernel/pid_max is
+32768 (half).
+
+The problem is not new, but it was hidden until 5f6bec5 ("ping: Print
+reply with wrong source with warning").  5026c22 changed it to use our
+random implementation to increase security. But that actually increases
+the collisions on systems that use ping heavily: e.g. ping run with
+Nagios via Debian specific check-host-alive Nagios plugin:
+
+    $ ping -n -v -D -W 1 -i 1 -c 5 -M 'do' -s 56 -O "$Host")
+
+(75-100 ping instances in the reported issue.)
+
+Because we consider warning from 5f6bec5 useful and not consider leaking
+PID information as a real security issue, we revert 5026c22. getpid() is
+used in other ping implementations:
+
+* fping
+https://github.com/schweikert/fping/blob/develop/src/fping.c#L496
+
+* busybox
+https://git.busybox.net/busybox/tree/networking/ping.c#n376
+
+* FreeBSD
+https://cgit.freebsd.org/src/tree/sbin/ping/ping.c#n632
+
+* inetutils
+https://git.savannah.gnu.org/cgit/inetutils.git/tree/ping/ping.c#n286
+
+* Apple
+https://opensource.apple.com/source/network_cmds/network_cmds-433/ping.tproj/ping.c.auto.html
+
+In case leaking PID *is* a real problem, we could solve this with
+comparing the ICMP optional data.  We could add 128 bit random value to
+check. But we already use struct timeval if packet size is big enough
+for it (>= 16 bits), therefore we could use it for comparing for most of
+the packet sizes (the default is 56 bits).
+
+Fixes: https://github.com/iputils/iputils/issues/489
+Closes: https://github.com/iputils/iputils/pull/503
+Reported-by: Miloslav Hůla <miloslav.hula@gmail.com>
+Suggested-by: Cyril Hrubis <chrubis@suse.cz>
+Acked-by: Johannes Segitz jsegitz@suse.de
+Acked-by: Cyril Hrubis <chrubis@suse.cz>
+Signed-off-by: Petr Vorel <pvorel@suse.cz>
+
+Conflict:NA
+Reference:https://github.com/iputils/iputils/commit/d466aabcadcc2d7fd1f132ea3f580ad102773cf9
+---
+ ping/node_info.c    | 1 +
+ ping/ping.c         | 4 +---
+ ping/ping.h         | 2 +-
+ ping/ping6_common.c | 2 +-
+ ping/ping_common.c  | 4 ++--
+ 5 files changed, 6 insertions(+), 7 deletions(-)
+
+diff --git a/ping/node_info.c b/ping/node_info.c
+index 10a76818..ce392a28 100644
+--- a/ping/node_info.c
++++ b/ping/node_info.c
+@@ -91,6 +91,7 @@ int niquery_is_enabled(struct ping_ni *ni)
+ void niquery_init_nonce(struct ping_ni *ni)
+ {
+ #if PING6_NONCE_MEMORY
++	iputils_srand();
+ 	ni->nonce_ptr = calloc(NI_NONCE_SIZE, MAX_DUP_CHK);
+ 	if (!ni->nonce_ptr)
+ 		error(2, errno, "calloc");
+diff --git a/ping/ping.c b/ping/ping.c
+index f4707104..0ff5a487 100644
+--- a/ping/ping.c
++++ b/ping/ping.c
+@@ -569,8 +569,6 @@ main(int argc, char **argv)
+ 	if (!argc)
+ 		error(1, EDESTADDRREQ, "usage error");
+ 
+-	iputils_srand();
+-
+ 	target = argv[argc - 1];
+ 
+ 	rts.outpack = malloc(rts.datalen + 28);
+@@ -1527,7 +1525,7 @@ in_cksum(const unsigned short *addr, int len, unsigned short csum)
+ /*
+  * pinger --
+  * 	Compose and transmit an ICMP ECHO REQUEST packet.  The IP packet
+- * will be added on by the kernel.  The ID field is a random number,
++ * will be added on by the kernel.  The ID field is our UNIX process ID,
+  * and the sequence number is an ascending integer.  The first several bytes
+  * of the data portion are used to hold a UNIX "timeval" struct in VAX
+  * byte-order, to compute the round-trip time.
+diff --git a/ping/ping.h b/ping/ping.h
+index 04b2ccf4..7799395f 100644
+--- a/ping/ping.h
++++ b/ping/ping.h
+@@ -159,7 +159,7 @@ struct ping_rts {
+ 	size_t datalen;
+ 	char *hostname;
+ 	uid_t uid;
+-	int ident;			/* random id to identify our packets */
++	int ident;			/* process id to identify our packets */
+ 
+ 	int sndbuf;
+ 	int ttl;
+diff --git a/ping/ping6_common.c b/ping/ping6_common.c
+index 7b2bf158..5e78f852 100644
+--- a/ping/ping6_common.c
++++ b/ping/ping6_common.c
+@@ -583,7 +583,7 @@ int ping6_receive_error_msg(struct ping_rts *rts, socket_st *sock)
+ /*
+  * pinger --
+  * 	Compose and transmit an ICMP ECHO REQUEST packet.  The IP packet
+- * will be added on by the kernel.  The ID field is a random number,
++ * will be added on by the kernel.  The ID field is our UNIX process ID,
+  * and the sequence number is an ascending integer.  The first several bytes
+  * of the data portion are used to hold a UNIX "timeval" struct in VAX
+  * byte-order, to compute the round-trip time.
+diff --git a/ping/ping_common.c b/ping/ping_common.c
+index ed4fee87..6eb1aa4e 100644
+--- a/ping/ping_common.c
++++ b/ping/ping_common.c
+@@ -303,7 +303,7 @@ void print_timestamp(struct ping_rts *rts)
+ /*
+  * pinger --
+  * 	Compose and transmit an ICMP ECHO REQUEST packet.  The IP packet
+- * will be added on by the kernel.  The ID field is a random number,
++ * will be added on by the kernel.  The ID field is our UNIX process ID,
+  * and the sequence number is an ascending integer.  The first several bytes
+  * of the data portion are used to hold a UNIX "timeval" struct in VAX
+  * byte-order, to compute the round-trip time.
+@@ -536,7 +536,7 @@ void setup(struct ping_rts *rts, socket_st *sock)
+ 	}
+ 
+ 	if (sock->socktype == SOCK_RAW && rts->ident == -1)
+-		rts->ident = rand() & IDENTIFIER_MAX;
++		rts->ident = htons(getpid() & 0xFFFF);
+ 
+ 	set_signal(SIGINT, sigexit);
+ 	set_signal(SIGALRM, sigexit);

backport-ping-Fix-the-errno-handling-for-strtod.patch

@@ -0,0 +1,64 @@
+From 33e78be2e60ed9ac918dec13271d1bd9dce6e94e Mon Sep 17 00:00:00 2001
+From: Jacek Tomasiak <jtomasiak@arista.com>
+Date: Mon, 6 Feb 2023 13:39:44 +0100
+Subject: [PATCH] ping: Fix the errno handling for strtod
+
+The setlocale(LC_ALL, "") following the strtod() for the '-i' option
+can fail if the LC_CTYPE is invalid.
+
+Hence the errno check following the setlocale(LC_ALL, "") thinks
+wrongly that strtod() failed with the errno and prints a warning:
+
+$ LC_ALL=XXX ping -i 1.9 -c1 8.8.8.8
+ping: option argument contains garbage:
+ping: this will become fatal error in the future
+PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
+64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=1.34 ms
+
+The errno got from the execution of strtod() is saved and restored
+after setlocale() to be checked for any errors.
+
+The problem is only on Fedora/CentOS/RHEL with applied patch [1]
+from 2012 for glibc bug #14247.
+
+[1] https://src.fedoraproject.org/rpms/glibc/blob/rawhide/f/glibc-rh827510.patch
+
+Link: https://sourceware.org/bugzilla/show_bug.cgi?id=14247
+Closes: https://github.com/iputils/iputils/pull/450
+
+Reference:https://github.com/iputils/iputils/commit/33e78be2e60ed9ac918dec13271d1bd9dce6e94e
+Conflict:NA
+
+Fixes: 918e824 ("ping: add support for sub-second timeouts")
+Co-Developed-by: Sriram Rajagopalan <sriramr@arista.com>
+Reviewed-by: Petr Vorel <pvorel@suse.cz>
+[ pvorel: mention glibc bug and Fedora/CentOS/RHEL ]
+Signed-off-by: Sriram Rajagopalan <sriramr@arista.com>
+Signed-off-by: Jacek Tomasiak <jtomasiak@arista.com>
+---
+ ping/ping.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/ping/ping.c b/ping/ping.c
+index 89b0fa19..8f442037 100644
+--- a/ping/ping.c
++++ b/ping/ping.c
+@@ -214,6 +214,7 @@ static double ping_strtod(const char *str, const char *err_msg)
+ {
+ 	double num;
+ 	char *end = NULL;
++	int strtod_errno = 0;
+ 
+ 	if (str == NULL || *str == '\0')
+ 		goto err;
+@@ -225,7 +226,10 @@ static double ping_strtod(const char *str, const char *err_msg)
+ 	 */
+ 	setlocale(LC_ALL, "C");
+ 	num = strtod(str, &end);
++	strtod_errno = errno;
+ 	setlocale(LC_ALL, "");
++	/* Ignore setlocale() errno (e.g. invalid locale in env). */
++	errno = strtod_errno;
+ 
+ 	if (errno || str == end || (end && *end)) {
+ 		error(0, 0, _("option argument contains garbage: %s"), end);

backport-ping-Handle-interval-correctly-in-the-second-after-booting.patch

@@ -0,0 +1,36 @@
+From 7448c33af407636e66ac90deb828764df51835d4 Mon Sep 17 00:00:00 2001
+From: Josh Triplett <josh@joshtriplett.org>
+Date: Mon, 20 Nov 2023 19:09:06 -0800
+Subject: [PATCH] ping: Handle interval correctly in the second after booting
+
+ping assumes that if a timespec has tv_sec == 0, it hasn't been
+initialized yet. However, in the second after booting up, tv_sec will
+legitimately be 0. This causes ping to send pings one after another
+without waiting.
+
+Check that tv_nsec is 0 as well.
+
+Link: https://github.com/iputils/iputils/pull/499
+Reviewed-by: Petr Vorel <pvorel@suse.cz>
+Tested-by: Petr Vorel <pvorel@suse.cz>
+Signed-off-by: Josh Triplett <josh@joshtriplett.org>
+
+Conflict:NA
+Reference:https://github.com/iputils/iputils/commit/7448c33af407636e66ac90deb828764df51835d4
+---
+ ping/ping_common.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ping/ping_common.c b/ping/ping_common.c
+index c8b868b7..5a6c35aa 100644
+--- a/ping/ping_common.c
++++ b/ping/ping_common.c
+@@ -321,7 +321,7 @@ int pinger(struct ping_rts *rts, ping_func_set_st *fset, socket_st *sock)
+ 		return 1000;
+ 
+ 	/* Check that packets < rate*time + preload */
+-	if (rts->cur_time.tv_sec == 0) {
++	if (rts->cur_time.tv_sec == 0 && rts->cur_time.tv_nsec == 0) {
+ 		clock_gettime(CLOCK_MONOTONIC_RAW, &rts->cur_time);
+ 		tokens = rts->interval * (rts->preload - 1);
+ 	} else {

backport-ping-Remove-duplicate-include.patch

@@ -0,0 +1,26 @@
+From bacb69e166106f0125b7288f377299894c8c7e78 Mon Sep 17 00:00:00 2001
+From: Petr Vorel <pvorel@suse.cz>
+Date: Mon, 6 Mar 2023 21:17:09 +0100
+Subject: [PATCH] ping.h: Remove duplicate include
+
+Reference:https://github.com/iputils/iputils/commit/bacb69e166106f0125b7288f377299894c8c7e78
+Conflict:NA
+
+Fixes: ba7e8a7 ("ping: merge all ping header files into a single one")
+Signed-off-by: Petr Vorel <pvorel@suse.cz>
+---
+ ping/ping.h | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/ping/ping.h b/ping/ping.h
+index caf79cd1..ef358ad4 100644
+--- a/ping/ping.h
++++ b/ping/ping.h
+@@ -23,7 +23,6 @@
+ #include <string.h>
+ #include <netdb.h>
+ #include <setjmp.h>
+-#include <netinet/icmp6.h>
+ #include <asm/byteorder.h>
+ #include <sched.h>
+ #include <math.h>

backport-ping6-Fix-support-for-DSCP.patch

@@ -0,0 +1,54 @@
+From 425f711a62f7d7523badd6b917f15ad58ecdb0ae Mon Sep 17 00:00:00 2001
+From: Guillaume Nault <guillaume.nault@wanadoo.fr>
+Date: Thu, 18 May 2023 18:12:54 +0200
+Subject: [PATCH] ping6: Fix support for DSCP (Traffic Class, option -Q)
+
+Set the IPV6_TCLASS option on probe_fd. Otherwise ip-rule is unaware
+of the DSCP value at connect() time and can lookup the remote address
+in the wrong routing table.
+
+For example:
+
+  ip route add table main unreachable 2001:db8::10/124
+
+  ip route add table 100 2001:db8::10/124 dev eth0
+  ip -6 rule add dsfield 0x04 table 100
+
+  ping -Q 0x04 2001:db8::11
+
+Without this patch, probe_fd fails to connect to 2001:db8::11 (No route
+to host) since the route lookup is done in the main table instead of
+table 100.
+
+Note that, to work correctly, this patch also depends on a Linux kernel
+bug fix (see
+https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e010ae08c71fda8be3d6bda256837795a0b3ea41).
+That kernel patch has been backported to Linux stable trees and should
+have already reached most distributions.
+
+Reference:https://github.com/iputils/iputils/commit/425f711a62f7d7523badd6b917f15ad58ecdb0ae
+Conflict:NA
+
+Fixes: 33370345c7d8 ("Initial import of iputils")
+Link: https://github.com/iputils/iputils/pull/468
+Reviewed-by: Petr Vorel <pvorel@suse.cz>
+Signed-off-by: Guillaume Nault <guillaume.nault@wanadoo.fr>
+---
+ ping/ping6_common.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/ping/ping6_common.c b/ping/ping6_common.c
+index 21333aa0..e980a152 100644
+--- a/ping/ping6_common.c
++++ b/ping/ping6_common.c
+@@ -182,6 +182,10 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
+ 			disable_capability_raw();
+ 		}
+ 
++		if (rts->tclass &&
++		    setsockopt(probe_fd, IPPROTO_IPV6, IPV6_TCLASS, &rts->tclass, sizeof (rts->tclass)) <0)
++			error(2, errno, "setsockopt(IPV6_TCLASS)");
++
+ 		if (!IN6_IS_ADDR_LINKLOCAL(&rts->firsthop.sin6_addr) &&
+ 		    !IN6_IS_ADDR_MC_LINKLOCAL(&rts->firsthop.sin6_addr))
+ 			rts->firsthop.sin6_family = AF_INET6;

backport-tracepath-Dont-assume-tv_sec-0-means-unset.patch

@@ -0,0 +1,32 @@
+From c64bcd8d8eca5c7f66e75e0bc9d42828bc09ba1b Mon Sep 17 00:00:00 2001
+From: Josh Triplett <josh@joshtriplett.org>
+Date: Mon, 20 Nov 2023 19:15:40 -0800
+Subject: [PATCH] tracepath: Don't assume tv_sec == 0 means unset
+
+A CLOCK_MONOTONIC timespec's tv_sec value can legitimately be 0 during
+the second after booting. Check tv_nsec as well before assuming an unset
+timestamp.
+
+Closes: https://github.com/iputils/iputils/pull/499
+Reviewed-by: Petr Vorel <pvorel@suse.cz>
+Signed-off-by: Josh Triplett <josh@joshtriplett.org>
+
+Conflict:NA
+Reference:https://github.com/iputils/iputils/commit/c64bcd8d8eca5c7f66e75e0bc9d42828bc09ba1b
+---
+ tracepath.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tracepath.c b/tracepath.c
+index 04d77b83..046dc332 100644
+--- a/tracepath.c
++++ b/tracepath.c
+@@ -192,7 +192,7 @@ static int recverr(struct run_state *const ctl)
+ 		ctl->his[slot].hops = 0;
+ 	}
+ 	if (recv_size == sizeof(rcvbuf)) {
+-		if (rcvbuf.ttl == 0 || rcvbuf.ts.tv_sec == 0)
++		if (rcvbuf.ttl == 0 || (rcvbuf.ts.tv_sec == 0 && rcvbuf.ts.tv_nsec == 0))
+ 			broken_router = 1;
+ 		else {
+ 			sndhops = rcvbuf.ttl;

iputils.spec

@@ -1,6 +1,6 @@
 Name:            iputils
 Version:         20221126
-Release:         4
+Release:         5
 Summary:         Network monitoring tools including ping
 License:         BSD and GPLv2+
 URL:             https://github.com/iputils/iputils
@@ -17,8 +17,15 @@ Patch0002:       revert-process-interrupts-in-ping-_receive_error_msg.patch
 Patch0010:       arping-Fix-exit-code-on-w-option.patch
 
 Patch6000:       backport-clockdiff-Set-ppoll-timeout-minimum-to-1ms.patch
-Patch6001:	 backport-ping-fix-overflow-on-negative.patch
-Patch6002:	 backport-tracepath-Restore-the-MTU-probing-behavior.patch
+Patch6001:	     backport-ping-fix-overflow-on-negative.patch
+Patch6002:	     backport-tracepath-Restore-the-MTU-probing-behavior.patch
+
+Patch6003:	     backport-ping-Fix-the-errno-handling-for-strtod.patch
+Patch6004:	     backport-ping-Remove-duplicate-include.patch
+Patch6005:	     backport-ping6-Fix-support-for-DSCP.patch
+Patch6006:	     backport-Revert-ping-use-random-value-for-the-identifier-field.patch
+Patch6007:	     backport-ping-Handle-interval-correctly-in-the-second-after-booting.patch
+Patch6008:	     backport-tracepath-Dont-assume-tv_sec-0-means-unset.patch
 
 BuildRequires:   gcc meson libidn2-devel openssl-devel libcap-devel libxslt
 BuildRequires:   docbook5-style-xsl systemd iproute glibc-kernheaders gettext
@@ -91,6 +98,12 @@ install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
 %{_mandir}/man8/*.8.gz
  
 %changelog
+* Fri Apr 26 2024 suhai <sunhai10@huawei.com> - 20221126-5
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:sync some pathes from upstream
+
 * Fri Sep 15 2023 zhongxuan <zhongxuan2@huawei.com> - 20221126-4
 - Type:bugfix
 - ID:NA