[Buildroot] [PATCH 1/4] package/iputils: fix IDN support

[Buildroot] [PATCH 1/4] package/iputils: fix IDN support

[Fabrice Fontaine]

iputils depends on libidn2 since version s20180629 and
https://github.com/iputils/iputils/commit/665fe4d30ff8b6649454ae25e4768b2f23605332

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/iputils/iputils.mk | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk
index f0902c7038..2b326838f7 100644
--- a/package/iputils/iputils.mk
+++ b/package/iputils/iputils.mk
@@ -24,9 +24,9 @@ else
 IPUTILS_CONF_OPTS += -DUSE_CAP=false
 endif
 
-ifeq ($(BR2_PACKAGE_LIBIDN),y)
+ifeq ($(BR2_PACKAGE_LIBIDN2),y)
 IPUTILS_CONF_OPTS += -DUSE_IDN=true
-IPUTILS_DEPENDENCIES += libidn
+IPUTILS_DEPENDENCIES += libidn2
 else
 IPUTILS_CONF_OPTS += -DUSE_IDN=false
 endif
-- 
2.20.1

[Buildroot] [PATCH 2/4] package/iputils: fix build with NLS

[Fabrice Fontaine]

Fixes:
 - http://autobuild.buildroot.org/results/0a8a3efe734ac7fb3a68ba505277681857dc0a3d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 .../0003-meson.build-fix-build-with-NLS.patch | 70 +++++++++++++++++++
 package/iputils/iputils.mk                    |  1 +
 2 files changed, 71 insertions(+)
 create mode 100644 package/iputils/0003-meson.build-fix-build-with-NLS.patch

diff --git a/package/iputils/0003-meson.build-fix-build-with-NLS.patch b/package/iputils/0003-meson.build-fix-build-with-NLS.patch
new file mode 100644
index 0000000000..f6fd737f43
--- /dev/null
+++ b/package/iputils/0003-meson.build-fix-build-with-NLS.patch
@@ -0,0 +1,70 @@
+From 8719555a530a8981214f1a35df4b17838dc5f3e8 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sun, 9 Jun 2019 10:55:35 +0200
+Subject: [PATCH] meson.build: fix build with NLS
+
+With some toolchains, intl is needed for NLS support so search for this
+library and use if needed
+
+Fixes:
+ - http://autobuild.buildroot.org/results/0a8a3efe734ac7fb3a68ba505277681857dc0a3d
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+-[Upstream status: not sent yet]
+---
+ meson.build | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 24bda0c..53a3995 100644
+--- a/meson.build
++++ b/meson.build
+@@ -88,6 +88,9 @@ if opt == true
+ 	subdir ('po')
+ endif
+ 
++# Some systems needs intl for gettext
++intl_dep = cc.find_library('intl', required : false)
++
+ opt = get_option('USE_IDN')
+ if opt == true
+ 	idn_dep = cc.find_library('idn2', required : false)
+@@ -244,7 +247,7 @@ libcommon = static_library(
+ 
+ if build_ping == true
+ 	executable('ping', ['ping.c', 'ping_common.c', 'ping6_common.c', git_version_h],
+-		dependencies : [m_dep, cap_dep, idn_dep, crypto_dep, gpg_error_dep, resolv_dep],
++		dependencies : [m_dep, cap_dep, idn_dep, intl_dep, crypto_dep, gpg_error_dep, resolv_dep],
+ 		link_with : [libcommon],
+ 		install: true)
+ 	meson.add_install_script('build-aux/setcap-setuid.sh',
+@@ -257,7 +260,7 @@ endif
+ 
+ if build_tracepath == true
+ 	executable('tracepath', ['tracepath.c', git_version_h],
+-		dependencies : idn_dep,
++		dependencies : [idn_dep, intl_dep],
+ 		link_with : [libcommon],
+ 		install: true)
+ endif
+@@ -277,7 +280,7 @@ endif
+ 
+ if build_clockdiff == true
+ 	executable('clockdiff', ['clockdiff.c', git_version_h],
+-		dependencies : [cap_dep],
++		dependencies : [cap_dep, intl_dep],
+ 		link_with : [libcommon],
+ 		install: true)
+ 	meson.add_install_script('build-aux/setcap-setuid.sh',
+@@ -307,7 +310,7 @@ endif
+ 
+ if build_arping == true
+ 	executable('arping', ['arping.c', git_version_h],
+-		dependencies : [rt_dep, cap_dep, idn_dep],
++		dependencies : [rt_dep, cap_dep, idn_dep, intl_dep],
+ 		link_with : [libcommon],
+ 		install: true)
+ 	meson.add_install_script('build-aux/setcap-setuid.sh',
+-- 
+2.20.1
+
diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk
index 2b326838f7..6eae32d594 100644
--- a/package/iputils/iputils.mk
+++ b/package/iputils/iputils.mk
@@ -16,6 +16,7 @@ IPUTILS_SITE = $(call github,iputils,iputils,$(IPUTILS_VERSION))
 IPUTILS_LICENSE = GPL-2.0+, BSD-3-Clause, BSD-4-Clause
 # Only includes a license file for BSD
 IPUTILS_LICENSE_FILES = ninfod/COPYING
+IPUTILS_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)
 
 ifeq ($(BR2_PACKAGE_LIBCAP),y)
 IPUTILS_CONF_OPTS += -DUSE_CAP=true
-- 
2.20.1

[Buildroot] [PATCH 3/4] package/iputils: fix license

[Fabrice Fontaine]

- Replace nfinfod/COPYING by LICENSE, Documentation/LICENSE.BSD3 and
  Documentation/LICENSE.GPL2 which are available since version s20180629
  and
  https://github.com/iputils/iputils/commit/686ee13130550aa4cb2937842504b2131f0934c6
- BSD-4-Clause has been removed since version s20180629 and
  https://github.com/iputils/iputils/commit/f69eeac80de413248fd3d7d4d4244af22a81e055

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/iputils/iputils.hash | 4 +++-
 package/iputils/iputils.mk   | 5 ++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/package/iputils/iputils.hash b/package/iputils/iputils.hash
index 57b9ccf6a4..613414ce5c 100644
--- a/package/iputils/iputils.hash
+++ b/package/iputils/iputils.hash
@@ -1,3 +1,5 @@
 # Locally computed
 sha256 9b5125eb5ef9f4e947ad8fdddcf77f538f53b8f47b53eb5bc5347cb16d01c8fd  iputils-s20190515.tar.gz
-sha256 966075293e45785230c19415bcda15bd07c75bead4fe73332d1a4b9c45bb321f  ninfod/COPYING
+sha256 b8ea785d12fa6a44916601104dd746216957e93f13a26d3eb858b3b5a4ad66ab  LICENSE
+sha256 9acc4bc871a4742550158e3696dcb381953172ef808d04ca248184f9f6322712  Documentation/LICENSE.BSD3
+sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  Documentation/LICENSE.GPL2
diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk
index 6eae32d594..d9a51ece2a 100644
--- a/package/iputils/iputils.mk
+++ b/package/iputils/iputils.mk
@@ -13,9 +13,8 @@
 
 IPUTILS_VERSION = s20190515
 IPUTILS_SITE = $(call github,iputils,iputils,$(IPUTILS_VERSION))
-IPUTILS_LICENSE = GPL-2.0+, BSD-3-Clause, BSD-4-Clause
-# Only includes a license file for BSD
-IPUTILS_LICENSE_FILES = ninfod/COPYING
+IPUTILS_LICENSE = GPL-2.0+, BSD-3-Clause
+IPUTILS_LICENSE_FILES = LICENSE Documentation/LICENSE.BSD3 Documentation/LICENSE.GPL2
 IPUTILS_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)
 
 ifeq ($(BR2_PACKAGE_LIBCAP),y)
-- 
2.20.1

[Buildroot] [PATCH 4/4] package/iputils: fix build without setcap

[Fabrice Fontaine]

Fixes:
 - http://autobuild.buildroot.org/results/711718ecf20d6cc28953e089a6e5516cfb4b9031

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 ...uild-sys-Make-setcap-really-optional.patch | 71 +++++++++++++++++++
 1 file changed, 71 insertions(+)
 create mode 100644 package/iputils/0004-build-sys-Make-setcap-really-optional.patch

diff --git a/package/iputils/0004-build-sys-Make-setcap-really-optional.patch b/package/iputils/0004-build-sys-Make-setcap-really-optional.patch
new file mode 100644
index 0000000000..0024f3fa6f
--- /dev/null
+++ b/package/iputils/0004-build-sys-Make-setcap-really-optional.patch
@@ -0,0 +1,71 @@
+From 473be6467f995865244e7e68b2fa587a4ee79551 Mon Sep 17 00:00:00 2001
+From: Michael Weiss <dev.primeos@gmail.com>
+Date: Thu, 16 May 2019 09:44:27 +0000
+Subject: [PATCH] build-sys: Make setcap really optional
+
+The setcap dependency is marked as optional but meson.build depends on
+setcap.path():
+
+meson.build:246:7: ERROR:  add_install_script args must be strings
+
+[Retrieved from:
+https://github.com/iputils/iputils/commit/473be6467f995865244e7e68b2fa587a4ee79551]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ meson.build | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 8af9e18..95c778a 100644
+--- a/meson.build
++++ b/meson.build
+@@ -221,10 +221,13 @@ config_h = configure_file(
+ setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required : false)
+ if get_option('NO_SETCAP_OR_SUID')
+ 	perm_type = 'none'
++	setcap_path = '/dev/null'
+ elif cap_dep.found() and setcap.found()
+ 	perm_type = 'caps'
++	setcap_path = setcap.path()
+ else
+ 	perm_type = 'setuid'
++	setcap_path = '/dev/null'
+ endif
+ 
+ ############################################################
+@@ -243,7 +246,7 @@ if build_ping == true
+ 		join_paths(get_option('prefix'), get_option('bindir')),
+ 		'ping',
+ 		perm_type,
+-		setcap.path()
++		setcap_path
+ 	)
+ endif
+ 
+@@ -263,7 +266,7 @@ if build_traceroute6 == true
+ 		join_paths(get_option('prefix'), get_option('bindir')),
+ 		'traceroute6',
+ 		perm_type,
+-		setcap.path()
++		setcap_path
+ 	)
+ endif
+ 
+@@ -276,7 +279,7 @@ if build_clockdiff == true
+ 		join_paths(get_option('prefix'), get_option('bindir')),
+ 		'clockdiff',
+ 		perm_type,
+-		setcap.path()
++		setcap_path
+ 	)
+ endif
+ 
+@@ -306,7 +309,7 @@ if build_arping == true
+ 		join_paths(get_option('prefix'), get_option('bindir')),
+ 		'arping',
+ 		perm_type,
+-		setcap.path()
++		setcap_path
+ 	)
+ endif
+ 
-- 
2.20.1

[Buildroot] [PATCH 1/4] package/iputils: fix IDN support

[Petr Vorel]

> iputils depends on libidn2 since version s20180629 and
> https://github.com/iputils/iputils/commit/665fe4d30ff8b6649454ae25e4768b2f23605332
Acked-by: Petr Vorel <petr.vorel@gmail.com>

Thanks a lot, Fabrice!

> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/iputils/iputils.mk | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

> diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk
> index f0902c7038..2b326838f7 100644
> --- a/package/iputils/iputils.mk
> +++ b/package/iputils/iputils.mk
> @@ -24,9 +24,9 @@ else
>  IPUTILS_CONF_OPTS += -DUSE_CAP=false
>  endif

> -ifeq ($(BR2_PACKAGE_LIBIDN),y)
> +ifeq ($(BR2_PACKAGE_LIBIDN2),y)
>  IPUTILS_CONF_OPTS += -DUSE_IDN=true
> -IPUTILS_DEPENDENCIES += libidn
> +IPUTILS_DEPENDENCIES += libidn2
>  else
>  IPUTILS_CONF_OPTS += -DUSE_IDN=false
>  endif


Kind regards,
Petr

[Buildroot] [PATCH 4/4] package/iputils: fix build without setcap

[Arnout Vandecappelle]

On 09/06/2019 11:38, Fabrice Fontaine wrote:
> Fixes:
>  - http://autobuild.buildroot.org/results/711718ecf20d6cc28953e089a6e5516cfb4b9031
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

 All four applied to master, thanks.

 I have a question about this one though...

> ---
>  ...uild-sys-Make-setcap-really-optional.patch | 71 +++++++++++++++++++
>  1 file changed, 71 insertions(+)
>  create mode 100644 package/iputils/0004-build-sys-Make-setcap-really-optional.patch
> 
> diff --git a/package/iputils/0004-build-sys-Make-setcap-really-optional.patch b/package/iputils/0004-build-sys-Make-setcap-really-optional.patch
> new file mode 100644
> index 0000000000..0024f3fa6f
> --- /dev/null
> +++ b/package/iputils/0004-build-sys-Make-setcap-really-optional.patch
> @@ -0,0 +1,71 @@
> +From 473be6467f995865244e7e68b2fa587a4ee79551 Mon Sep 17 00:00:00 2001
> +From: Michael Weiss <dev.primeos@gmail.com>
> +Date: Thu, 16 May 2019 09:44:27 +0000
> +Subject: [PATCH] build-sys: Make setcap really optional
> +
> +The setcap dependency is marked as optional but meson.build depends on
> +setcap.path():
> +
> +meson.build:246:7: ERROR:  add_install_script args must be strings
> +
> +[Retrieved from:
> +https://github.com/iputils/iputils/commit/473be6467f995865244e7e68b2fa587a4ee79551]
> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +---
> + meson.build | 11 +++++++----
> + 1 file changed, 7 insertions(+), 4 deletions(-)
> +
> +diff --git a/meson.build b/meson.build
> +index 8af9e18..95c778a 100644
> +--- a/meson.build
> ++++ b/meson.build
> +@@ -221,10 +221,13 @@ config_h = configure_file(
> + setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required : false)

 Clearly, the setcap from the host is not relevant for us...

 I haven't checked, but I assume this would be used to give the executables the
appropriate capabilities for non-root usage at installation time.

 So, three questions:

1. Shouldn't we do the same with an IPUTILS_PERMISSIONS setting?

2. Does this interact in any way with USE_CAP?

> + if get_option('NO_SETCAP_OR_SUID')

3. Shouldn't we set this option, since we probably don't want to use
/sbin/setcap, ever?

 Regards,
 Arnout

> + 	perm_type = 'none'
> ++	setcap_path = '/dev/null'
> + elif cap_dep.found() and setcap.found()
> + 	perm_type = 'caps'
> ++	setcap_path = setcap.path()
> + else
> + 	perm_type = 'setuid'
> ++	setcap_path = '/dev/null'
> + endif
> + 
> + ############################################################
> +@@ -243,7 +246,7 @@ if build_ping == true
> + 		join_paths(get_option('prefix'), get_option('bindir')),
> + 		'ping',
> + 		perm_type,
> +-		setcap.path()
> ++		setcap_path
> + 	)
> + endif
> + 
> +@@ -263,7 +266,7 @@ if build_traceroute6 == true
> + 		join_paths(get_option('prefix'), get_option('bindir')),
> + 		'traceroute6',
> + 		perm_type,
> +-		setcap.path()
> ++		setcap_path
> + 	)
> + endif
> + 
> +@@ -276,7 +279,7 @@ if build_clockdiff == true
> + 		join_paths(get_option('prefix'), get_option('bindir')),
> + 		'clockdiff',
> + 		perm_type,
> +-		setcap.path()
> ++		setcap_path
> + 	)
> + endif
> + 
> +@@ -306,7 +309,7 @@ if build_arping == true
> + 		join_paths(get_option('prefix'), get_option('bindir')),
> + 		'arping',
> + 		perm_type,
> +-		setcap.path()
> ++		setcap_path
> + 	)
> + endif
> + 
> 

[Buildroot] [PATCH 4/4] package/iputils: fix build without setcap

[Petr Vorel]

Hi,

> On 09/06/2019 11:38, Fabrice Fontaine wrote:
> > Fixes:
> >  - http://autobuild.buildroot.org/results/711718ecf20d6cc28953e089a6e5516cfb4b9031

> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

>  All four applied to master, thanks.

>  I have a question about this one though...

...
> > ++++ b/meson.build
> > +@@ -221,10 +221,13 @@ config_h = configure_file(
> > + setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required : false)

>  Clearly, the setcap from the host is not relevant for us...

>  I haven't checked, but I assume this would be used to give the executables the
> appropriate capabilities for non-root usage at installation time.

>  So, three questions:

> 1. Shouldn't we do the same with an IPUTILS_PERMISSIONS setting?
I removed IPUTILS_PERMISSIONS in 9ffcd9279e ("package/iputils: bump to version s20190515"),
but it looks like it's better to use it (thus we don't depend on /sbin/setcap).

> 2. Does this interact in any way with USE_CAP?
No.

> > + if get_option('NO_SETCAP_OR_SUID')

> 3. Shouldn't we set this option, since we probably don't want to use
> /sbin/setcap, ever?
IMHO yes.

>  Regards,
>  Arnout

Kind regards,
Petr

[Buildroot] [PATCH 4/4] package/iputils: fix build without setcap

[Fabrice Fontaine]

Dear Petr,

Le dim. 9 juin 2019 ? 23:45, Petr Vorel <petr.vorel@gmail.com> a ?crit :
>
> Hi,
>
> > On 09/06/2019 11:38, Fabrice Fontaine wrote:
> > > Fixes:
> > >  - http://autobuild.buildroot.org/results/711718ecf20d6cc28953e089a6e5516cfb4b9031
>
> > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>
> >  All four applied to master, thanks.
>
> >  I have a question about this one though...
>
> ...
> > > ++++ b/meson.build
> > > +@@ -221,10 +221,13 @@ config_h = configure_file(
> > > + setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required : false)
>
> >  Clearly, the setcap from the host is not relevant for us...
>
> >  I haven't checked, but I assume this would be used to give the executables the
> > appropriate capabilities for non-root usage at installation time.
>
> >  So, three questions:
>
> > 1. Shouldn't we do the same with an IPUTILS_PERMISSIONS setting?
> I removed IPUTILS_PERMISSIONS in 9ffcd9279e ("package/iputils: bump to version s20190515"),
> but it looks like it's better to use it (thus we don't depend on /sbin/setcap).
>
> > 2. Does this interact in any way with USE_CAP?
> No.
>
> > > + if get_option('NO_SETCAP_OR_SUID')
>
> > 3. Shouldn't we set this option, since we probably don't want to use
> > /sbin/setcap, ever?
> IMHO yes.
Thanks for your help in answering those questions.
Could you send the patch setting back IPUTILS_PERMISSIONS and using
NO_SETCAP_OR_SUID?
From my understanding, permissions should be set to ping and
traceroute6 as done before the dump but also to clockdiff and arping.
>
> >  Regards,
> >  Arnout
>
> Kind regards,
> Petr
Best Regards,

Fabrice

[Buildroot] [PATCH 4/4] package/iputils: fix build without setcap

[Petr Vorel]

Hi,

...
> > >  So, three questions:
> > > 1. Shouldn't we do the same with an IPUTILS_PERMISSIONS setting?
> > I removed IPUTILS_PERMISSIONS in 9ffcd9279e ("package/iputils: bump to version s20190515"),
> > but it looks like it's better to use it (thus we don't depend on /sbin/setcap).

> > > 2. Does this interact in any way with USE_CAP?
> > No.
Sorry, yes, in a sense that if setcap binary is on host and USE_CAP defined
than setcap-setuid.sh script would set cap_net_raw+ep.

> > > > + if get_option('NO_SETCAP_OR_SUID')

> > > 3. Shouldn't we set this option, since we probably don't want to use
> > > /sbin/setcap, ever?
> > IMHO yes.
> Thanks for your help in answering those questions.
> Could you send the patch setting back IPUTILS_PERMISSIONS and using
> NO_SETCAP_OR_SUID?
> From my understanding, permissions should be set to ping and
> traceroute6 as done before the dump but also to clockdiff and arping.
Thanks, good point. Yes, it's in meson.build, socket permission requires that.

Kind regards,
Petr

[Buildroot] [PATCH 4/4] package/iputils: fix build without setcap

[Petr Vorel]

Hi,

> Could you send the patch setting back IPUTILS_PERMISSIONS and using
> NO_SETCAP_OR_SUID?
Going to do it.
> From my understanding, permissions should be set to ping and
> traceroute6 as done before the dump but also to clockdiff and arping.
Also it's needed to create symlink from ping to ping6.
But haven't find a way how.

Kind regards,
Petr

[Buildroot] [PATCH 4/4] package/iputils: fix build without setcap

[Arnout Vandecappelle]

On 10/06/2019 00:39, Petr Vorel wrote:
> Hi,
> 
>> Could you send the patch setting back IPUTILS_PERMISSIONS and using
>> NO_SETCAP_OR_SUID?
> Going to do it.

 I wonder a bit about the setcap though. As I understand it, you would use
*either* setcap *or* setuid. Before the bump, IPUTILS_PERMISSIONS would do
setuid. Clearly, setcap is way better.

 Is there any reason not to use setcap (or actually, xattrs)? Maybe some
filesystems don't support xattrs - iso9660 for example?


>> From my understanding, permissions should be set to ping and
>> traceroute6 as done before the dump but also to clockdiff and arping.
> Also it's needed to create symlink from ping to ping6.
> But haven't find a way how.

 Just do it in a post-install hook, no?

 Regards,
 Arnout

[Buildroot] [PATCH 4/4] package/iputils: fix build without setcap

[Arnout Vandecappelle]

On 10/06/2019 00:34, Petr Vorel wrote:
> Hi,
> 
> ...
>>>>  So, three questions:
>>>> 1. Shouldn't we do the same with an IPUTILS_PERMISSIONS setting?
>>> I removed IPUTILS_PERMISSIONS in 9ffcd9279e ("package/iputils: bump to version s20190515"),
>>> but it looks like it's better to use it (thus we don't depend on /sbin/setcap).
> 
>>>> 2. Does this interact in any way with USE_CAP?
>>> No.
> Sorry, yes, in a sense that if setcap binary is on host and USE_CAP defined
> than setcap-setuid.sh script would set cap_net_raw+ep.

 OK, that's more or less what I meant. So if I understand correctly, we should
use xattr if USE_CAP=true, and setuid if USE_CAP=false?


 Regards,
 Arnout

>>>>> + if get_option('NO_SETCAP_OR_SUID')
> 
>>>> 3. Shouldn't we set this option, since we probably don't want to use
>>>> /sbin/setcap, ever?
>>> IMHO yes.
>> Thanks for your help in answering those questions.
>> Could you send the patch setting back IPUTILS_PERMISSIONS and using
>> NO_SETCAP_OR_SUID?
>> From my understanding, permissions should be set to ping and
>> traceroute6 as done before the dump but also to clockdiff and arping.
> Thanks, good point. Yes, it's in meson.build, socket permission requires that.
> 
> Kind regards,
> Petr
>