Author: aurel32 Date: 2008-02-12 21:37:08 +0000 (Tue, 12 Feb 2008) New Revision: 2810
Added: glibc-package/trunk/debian/patches/any/cvs-rfc3484.diff Removed: glibc-package/trunk/debian/patches/any/submitted-rfc3484-sortv4.diff Modified: glibc-package/trunk/debian/changelog glibc-package/trunk/debian/patches/series Log: * any/submitted-rfc3484-sortv4.diff: Drop. Replaced by ... * ... any/cvs/rfc3484.diff: patch from upstream to fix various RFC3484 issues: - Fix source IPv4 source address length computation. Closes: bug#456779. - Only apply rule 9 for IPv4 if source and destination addresses are on the same subnet. Closes: bug#438179. Modified: glibc-package/trunk/debian/changelog =================================================================== --- glibc-package/trunk/debian/changelog 2008-02-12 21:07:55 UTC (rev 2809) +++ glibc-package/trunk/debian/changelog 2008-02-12 21:37:08 UTC (rev 2810) @@ -34,11 +34,17 @@ * rules.d/build.mk: build the locales in the build target instead of the install one to workaround a bug in fakeroot. Closes: #464924. * patches/alpha/local-dl-procinfo.diff: fix _dl_string_platform() to accept - NULL pointers, which happens on statically linked binaries. Closes: + NULL pointers, which happens on statically linked binaries. Closes: bug#456260. * local/manpages/gai.conf.5: new manpage. + * any/submitted-rfc3484-sortv4.diff: Drop. Replaced by ... + * ... any/cvs/rfc3484.diff: patch from upstream to fix various RFC3484 + issues: + - Fix source IPv4 source address length computation. Closes: bug#456779. + - Only apply rule 9 for IPv4 if source and destination addresses are on + the same subnet. Closes: bug#438179. - -- Aurelien Jarno <[EMAIL PROTECTED]> Mon, 11 Feb 2008 00:42:32 +0100 + -- Aurelien Jarno <[EMAIL PROTECTED]> Tue, 12 Feb 2008 22:29:56 +0100 glibc (2.7-6) unstable; urgency=low Added: glibc-package/trunk/debian/patches/any/cvs-rfc3484.diff =================================================================== --- glibc-package/trunk/debian/patches/any/cvs-rfc3484.diff (rev 0) +++ glibc-package/trunk/debian/patches/any/cvs-rfc3484.diff 2008-02-12 21:37:08 UTC (rev 2810) @@ -0,0 +1,262 @@ +2007-11-12 Ulrich Drepper <[EMAIL PROTECTED]> + + * sysdeps/posix/getaddrinfo.c (sort_result): Add prefixlen element. + (rfc3484_sort): In rule 9, for IPv4 addresses count only matching + prefix if source and destination address are in the same subnet. + (getaddrinfo): Always call __check_pf. Fill in prefixlen field. + Always look for matching record in in6ai list. + Correct source_addr_len value for IPv6->IPv4 converted records. + +=================================================================== +RCS file: /cvs/glibc/libc/sysdeps/posix/getaddrinfo.c,v +retrieving revision 1.117 +retrieving revision 1.118 +diff -u -r1.117 -r1.118 +--- libc/sysdeps/posix/getaddrinfo.c 2007/10/17 16:05:12 1.117 ++++ libc/sysdeps/posix/getaddrinfo.c 2007/11/12 23:55:45 1.118 +@@ -1006,6 +1006,7 @@ + uint8_t source_addr_len; + bool got_source_addr; + uint8_t source_addr_flags; ++ uint8_t prefixlen; + }; + + +@@ -1223,7 +1224,7 @@ + fls (uint32_t a) + { + uint32_t mask; +- int n = 0; ++ int n; + for (n = 0, mask = 1 << 31; n < 32; mask >>= 1, ++n) + if ((a & mask) != 0) + break; +@@ -1350,20 +1351,31 @@ + assert (a1->source_addr.ss_family == PF_INET); + assert (a2->source_addr.ss_family == PF_INET); + +- struct sockaddr_in *in1_dst; +- struct sockaddr_in *in1_src; +- struct sockaddr_in *in2_dst; +- struct sockaddr_in *in2_src; +- +- in1_dst = (struct sockaddr_in *) a1->dest_addr->ai_addr; +- in1_src = (struct sockaddr_in *) &a1->source_addr; +- in2_dst = (struct sockaddr_in *) a2->dest_addr->ai_addr; +- in2_src = (struct sockaddr_in *) &a2->source_addr; +- +- bit1 = fls (ntohl (in1_dst->sin_addr.s_addr +- ^ in1_src->sin_addr.s_addr)); +- bit2 = fls (ntohl (in2_dst->sin_addr.s_addr +- ^ in2_src->sin_addr.s_addr)); ++ /* Outside of subnets, as defined by the network masks, ++ common address prefixes for IPv4 addresses make no sense. ++ So, define a non-zero value only if source and ++ destination address are on the same subnet. */ ++ struct sockaddr_in *in1_dst ++ = (struct sockaddr_in *) a1->dest_addr->ai_addr; ++ in_addr_t in1_dst_addr = ntohl (in1_dst->sin_addr.s_addr); ++ struct sockaddr_in *in1_src ++ = (struct sockaddr_in *) &a1->source_addr; ++ in_addr_t in1_src_addr = ntohl (in1_src->sin_addr.s_addr); ++ in_addr_t netmask1 = 0xffffffffu << (32 - a1->prefixlen); ++ ++ if ((in1_src_addr & netmask1) == (in1_dst_addr & netmask1)) ++ bit1 = fls (in1_dst_addr ^ in1_src_addr); ++ ++ struct sockaddr_in *in2_dst ++ = (struct sockaddr_in *) a2->dest_addr->ai_addr; ++ in_addr_t in2_dst_addr = ntohl (in2_dst->sin_addr.s_addr); ++ struct sockaddr_in *in2_src ++ = (struct sockaddr_in *) &a2->source_addr; ++ in_addr_t in2_src_addr = ntohl (in2_src->sin_addr.s_addr); ++ in_addr_t netmask2 = 0xffffffffu << (32 - a2->prefixlen); ++ ++ if ((in2_src_addr & netmask2) == (in2_dst_addr & netmask2)) ++ bit2 = fls (in2_dst_addr ^ in2_src_addr); + } + else if (a1->dest_addr->ai_family == PF_INET6) + { +@@ -1799,63 +1811,42 @@ + int sockfd = -1; + pid_t nl_pid; + #endif +- /* We might need information about what kind of interfaces are available. +- But even if AI_ADDRCONFIG is not used, if the user requested IPv6 +- addresses we have to know whether an address is deprecated or +- temporary. */ +- if ((hints->ai_flags & AI_ADDRCONFIG) || hints->ai_family == PF_UNSPEC +- || hints->ai_family == PF_INET6) +- { +- /* Determine whether we have IPv4 or IPv6 interfaces or both. We +- cannot cache the results since new interfaces could be added at +- any time. */ +- __check_pf (&seen_ipv4, &seen_ipv6, &in6ai, &in6ailen); ++ /* We might need information about what interfaces are available. ++ Also determine whether we have IPv4 or IPv6 interfaces or both. We ++ cannot cache the results since new interfaces could be added at ++ any time. */ ++ __check_pf (&seen_ipv4, &seen_ipv6, &in6ai, &in6ailen); + #ifdef HAVE_NETLINK_ROUTE +- if (! __no_netlink_support) +- { +- sockfd = __socket (PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); +- +- struct sockaddr_nl nladdr; +- memset (&nladdr, '\0', sizeof (nladdr)); +- nladdr.nl_family = AF_NETLINK; +- +- socklen_t addr_len = sizeof (nladdr); +- +- if (sockfd >= 0 +- && __bind (fd, (struct sockaddr *) &nladdr, sizeof (nladdr)) == 0 +- && __getsockname (sockfd, (struct sockaddr *) &nladdr, +- &addr_len) == 0 +- && make_request (sockfd, nladdr.nl_pid, &seen_ipv4, &seen_ipv6, +- in6ai, in6ailen) == 0) +- { +- /* It worked. */ +- nl_pid = nladdr.nl_pid; +- goto got_netlink_socket; +- } ++ if (! __no_netlink_support) ++ { ++ sockfd = __socket (PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + +- if (sockfd >= 0) +- close_not_cancel_no_status (sockfd); ++ struct sockaddr_nl nladdr; ++ memset (&nladdr, '\0', sizeof (nladdr)); ++ nladdr.nl_family = AF_NETLINK; ++ ++ socklen_t addr_len = sizeof (nladdr); ++ ++ if (sockfd >= 0 ++ && __bind (fd, (struct sockaddr *) &nladdr, sizeof (nladdr)) == 0 ++ && __getsockname (sockfd, (struct sockaddr *) &nladdr, ++ &addr_len) == 0 ++ && make_request (sockfd, nladdr.nl_pid, &seen_ipv4, &seen_ipv6, ++ in6ai, in6ailen) == 0) ++ { ++ /* It worked. */ ++ nl_pid = nladdr.nl_pid; ++ goto got_netlink_socket; ++ } + +-#if __ASSUME_NETLINK_SUPPORT == 0 +- /* Remember that there is no netlink support. */ +- if (errno != EMFILE && errno != ENFILE) +- __no_netlink_support = 1; +-#else +- else +- { +- if (errno != EMFILE && errno != ENFILE) +- sockfd = -2; ++ if (sockfd >= 0) ++ close_not_cancel_no_status (sockfd); + +- /* We cannot determine what interfaces are available. Be +- pessimistic. */ +- seen_ipv4 = true; +- seen_ipv6 = true; +- return; +- } +-#endif +- } +-#endif ++ /* Remember that there is no netlink support. */ ++ if (errno != EMFILE && errno != ENFILE) ++ __no_netlink_support = 1; + } ++#endif + + #ifdef HAVE_NETLINK_ROUTE + got_netlink_socket: +@@ -1958,7 +1949,6 @@ + for (i = 0, q = p; q != NULL; ++i, last = q, q = q->ai_next) + { + results[i].dest_addr = q; +- results[i].got_source_addr = false; + results[i].service_order = i; + + /* If we just looked up the address for a different +@@ -1971,10 +1961,13 @@ + results[i].source_addr_len = results[i - 1].source_addr_len; + results[i].got_source_addr = results[i - 1].got_source_addr; + results[i].source_addr_flags = results[i - 1].source_addr_flags; ++ results[i].prefixlen = results[i - 1].prefixlen; + } + else + { ++ results[i].got_source_addr = false; + results[i].source_addr_flags = 0; ++ results[i].prefixlen = 0; + + /* We overwrite the type with SOCK_DGRAM since we do not + want connect() to connect to the other side. If we +@@ -2005,22 +1998,39 @@ + results[i].source_addr_len = sl; + results[i].got_source_addr = true; + +- if (q->ai_family == AF_INET6 && in6ai != NULL) ++ if (in6ai != NULL) + { + /* See whether the source address is on the list of + deprecated or temporary addresses. */ + struct in6addrinfo tmp; +- struct sockaddr_in6 *sin6p +- = (struct sockaddr_in6 *) &results[i].source_addr; +- memcpy (tmp.addr, &sin6p->sin6_addr, IN6ADDRSZ); ++ ++ if (q->ai_family == AF_INET && af == AF_INET) ++ { ++ struct sockaddr_in *sinp ++ = (struct sockaddr_in *) &results[i].source_addr; ++ tmp.addr[0] = 0; ++ tmp.addr[1] = 0; ++ tmp.addr[2] = htonl (0xffff); ++ tmp.addr[3] = sinp->sin_addr.s_addr; ++ } ++ else ++ { ++ struct sockaddr_in6 *sin6p ++ = (struct sockaddr_in6 *) &results[i].source_addr; ++ memcpy (tmp.addr, &sin6p->sin6_addr, IN6ADDRSZ); ++ } + + struct in6addrinfo *found + = bsearch (&tmp, in6ai, in6ailen, sizeof (*in6ai), + in6aicmp); + if (found != NULL) +- results[i].source_addr_flags = found->flags; ++ { ++ results[i].source_addr_flags = found->flags; ++ results[i].prefixlen = found->prefixlen; ++ } + } +- else if (q->ai_family == AF_INET && af == AF_INET6) ++ ++ if (q->ai_family == AF_INET && af == AF_INET6) + { + /* We have to convert the address. The socket is + IPv6 and the request is for IPv4. */ +@@ -2029,10 +2039,17 @@ + struct sockaddr_in *sin + = (struct sockaddr_in *) &results[i].source_addr; + assert (IN6_IS_ADDR_V4MAPPED (sin6->sin6_addr.s6_addr32)); ++ sin->sin_family = AF_INET; ++ /* We do not have to initialize sin_port since this ++ fields has the same position and size in the IPv6 ++ structure. */ ++ assert (offsetof (struct sockaddr_in, sin_port) ++ == offsetof (struct sockaddr_in6, sin6_port)); ++ assert (sizeof (sin->sin_port) ++ == sizeof (sin6->sin6_port)); + memcpy (&sin->sin_addr, + &sin6->sin6_addr.s6_addr32[3], INADDRSZ); +- results[i].source_addr_len = INADDRSZ; +- sin->sin_family = AF_INET; ++ results[i].source_addr_len = sizeof (struct sockaddr_in); + } + } + else if (errno == EAFNOSUPPORT && af == AF_INET6 Deleted: glibc-package/trunk/debian/patches/any/submitted-rfc3484-sortv4.diff =================================================================== --- glibc-package/trunk/debian/patches/any/submitted-rfc3484-sortv4.diff 2008-02-12 21:07:55 UTC (rev 2809) +++ glibc-package/trunk/debian/patches/any/submitted-rfc3484-sortv4.diff 2008-02-12 21:37:08 UTC (rev 2810) @@ -1,64 +0,0 @@ -2007-08-16 Aurelien Jarno <[EMAIL PROTECTED]> - - * sysdeps/posix/getaddrinfo.c (gaiconf_reload_flag): Move - to the top of the file. - (gaiconf_mtime): Likewise. - (sortv4): New configuration variable. - (gaiconf_init): Parse the sortv4 option in the configuration - file. - (rfc3484_sort): Ignore rule 9 for IPv4 adresses if sortv4 - is false. - * posix/gai.conf: Add the new sortv4 option. - - ---- posix/gai.conf.orig -+++ posix/gai.conf -@@ -15,6 +15,11 @@ - # changed and if necessary reload. This option should not really be - # used. There are possible runtime problems. The default is no. - # -+# sortv4 <yes|no> -+# If set to no, getaddrinfo(3) will ignore IPv4 adresses in rule 9. See -+# section 6 in RFC 3484. The default is yes. Setting this option to -+# no breaks conformance to RFC 3484. -+# - # label <mask> <value> - # Add another rule to the RFC 3484 label table. See section 2.1 in - # RFC 3484. The default is: ---- sysdeps/posix/getaddrinfo.c.orig -+++ sysdeps/posix/getaddrinfo.c -@@ -79,6 +79,16 @@ - # define UNIX_PATH_MAX 108 - #endif - -+/* Nozero if we are supposed to reload the config file automatically -+ whenever it changed. */ -+static int gaiconf_reload_flag; -+ -+/* Zero if we are supposed to ignore rule 9 for IPv4 addresses */ -+static int gaiconf_sortv4_flag = 1; -+ -+/* Last modification time. */ -+static struct timespec gaiconf_mtime; -+ - struct gaih_service - { - const char *name; -@@ -1345,7 +1355,7 @@ - int bit1 = 0; - int bit2 = 0; - -- if (a1->dest_addr->ai_family == PF_INET) -+ if (gaiconf_sortv4_flag && a1->dest_addr->ai_family == PF_INET) - { - assert (a1->source_addr.ss_family == PF_INET); - assert (a2->source_addr.ss_family == PF_INET); -@@ -1619,6 +1629,8 @@ - if (gaiconf_reload_flag) - gaiconf_reload_flag_ever_set = 1; - } -+ else if (strcmp (cmd, "sortv4") == 0) -+ gaiconf_sortv4_flag = strcmp (val1, "no") != 0; - break; - - case 10: Modified: glibc-package/trunk/debian/patches/series =================================================================== --- glibc-package/trunk/debian/patches/series 2008-02-12 21:07:55 UTC (rev 2809) +++ glibc-package/trunk/debian/patches/series 2008-02-12 21:37:08 UTC (rev 2810) @@ -129,6 +129,7 @@ any/cvs-ether_line.diff -p0 any/cvs-fchmodat.diff -p1 any/cvs-iconv-iso2022jp-loop-bug.diff +any/cvs-rfc3484.diff -p1 any/cvs-sched_h.diff -p0 any/cvs-tzfile.diff -p1 any/cvs-vfscanf.diff -p0 @@ -184,7 +185,6 @@ any/submitted-libgcc_s.so.diff -p0 any/submitted-longdouble.diff -p0 any/submitted-sched_h.diff -p0 -any/submitted-rfc3484-sortv4.diff -p0 any/local-disable-nscd-host-caching.diff #any/submitted-fileops-and-signals.diff any/local-missing-linux_types.h.diff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]