From 046128dcdd7a98b9816b37a3a4c6f4385a7d309c Mon Sep 17 00:00:00 2001
From: zouzhimin <zouzhimin@kylinos.cn>
Date: Fri, 15 Aug 2025 14:15:21 +0800
Subject: [PATCH] Check returns from setsockopt() calls, also fix doxygen
 comment for qb_util_timespec_from_epoch_get()

(cherry picked from commit 6888e95ff51d0e03daf5ed028927c663d7bac4ad)
---
 ...-Check-returns-from-setsockopt-calls.patch | 116 ++++++++++++++++++
 libqb.spec                                    |  14 ++-
 2 files changed, 125 insertions(+), 5 deletions(-)
 create mode 100644 backport-Check-returns-from-setsockopt-calls.patch

diff --git a/backport-Check-returns-from-setsockopt-calls.patch b/backport-Check-returns-from-setsockopt-calls.patch
new file mode 100644
index 0000000..88605aa
--- /dev/null
+++ b/backport-Check-returns-from-setsockopt-calls.patch
@@ -0,0 +1,116 @@
+From afcfda4e26919ba1685717e8d7eaf4ca4d7d2e2e Mon Sep 17 00:00:00 2001
+From: Chrissie Caulfield <ccaulfie@redhat.com>
+Date: Wed, 25 Jun 2025 11:22:57 +0100
+Subject: [PATCH] Check returns from setsockopt() calls (#498)
+
+Also, fix doxygen comment for qb_util_timespec_from_epoch_get()
+---
+ include/qb/qbutil.h |  1 -
+ lib/ipc_setup.c     | 37 +++++++++++++++++++++++++++++++------
+ 2 files changed, 31 insertions(+), 7 deletions(-)
+
+diff --git a/include/qb/qbutil.h b/include/qb/qbutil.h
+index 59bf145..b27da9d 100644
+--- a/include/qb/qbutil.h
++++ b/include/qb/qbutil.h
+@@ -185,7 +185,6 @@ uint64_t qb_util_nano_from_epoch_get(void);
+ /**
+  * Get the time in timespec since epoch.
+  * @param ts (out) the timespec
+- * @return status (0 == ok, -errno on error)
+  */
+ void qb_util_timespec_from_epoch_get(struct timespec *ts);
+ 
+diff --git a/lib/ipc_setup.c b/lib/ipc_setup.c
+index 73b4e37..cec92f4 100644
+--- a/lib/ipc_setup.c
++++ b/lib/ipc_setup.c
+@@ -455,8 +455,14 @@ qb_ipcc_us_setup_connect(struct qb_ipcc_connection *c,
+ 		return res;
+ 	}
+ #ifdef QB_LINUX
+-	setsockopt(c->setup.u.us.sock, SOL_SOCKET, SO_PASSCRED, &on,
+-		   sizeof(on));
++	res = setsockopt(c->setup.u.us.sock, SOL_SOCKET, SO_PASSCRED, &on,
++			 sizeof(on));
++	if (res != 0) {
++		int err = errno;
++		qb_ipcc_us_sock_close(c->setup.u.us.sock);
++		errno = err;
++		return res;
++	}
+ #endif
+ 
+ 	memset(&request, 0, sizeof(request));
+@@ -481,6 +487,7 @@ int qb_ipcc_setup_connect_continue(struct qb_ipcc_connection *c, struct qb_ipc_c
+ {
+ 	struct ipc_auth_data *data;
+ 	int32_t res;
++	int res1;
+ 	int retry_count = 0;
+ #ifdef QB_LINUX
+ 	int off = 0;
+@@ -500,8 +507,14 @@ retry:
+ 	}
+ 
+ #ifdef QB_LINUX
+-	setsockopt(c->setup.u.us.sock, SOL_SOCKET, SO_PASSCRED, &off,
+-		   sizeof(off));
++	res1 = setsockopt(c->setup.u.us.sock, SOL_SOCKET, SO_PASSCRED, &off,
++			 sizeof(off));
++	if (res1 != 0) {
++		int err = errno;
++		destroy_ipc_auth_data(data);
++		errno = err;
++		return res;
++	}
+ #endif
+ 
+ 	if (res != data->len) {
+@@ -793,6 +806,7 @@ process_auth(int32_t fd, int32_t revents, void *d)
+ 	struct ipc_auth_data *data = (struct ipc_auth_data *) d;
+ 
+ 	int32_t res = 0;
++	int res1;
+ #ifdef SO_PASSCRED
+ 	int off = 0;
+ #endif
+@@ -832,7 +846,13 @@ process_auth(int32_t fd, int32_t revents, void *d)
+ 
+ cleanup_and_return:
+ #ifdef SO_PASSCRED
+-	setsockopt(data->sock, SOL_SOCKET, SO_PASSCRED, &off, sizeof(off));
++	res1 = setsockopt(data->sock, SOL_SOCKET, SO_PASSCRED, &off, sizeof(off));
++	if (res1 != 0) {
++		int err = errno;
++		close(data->sock);
++		errno = err;
++		return res;
++	}
+ #endif
+ 
+ 	(void)data->s->poll_fns.dispatch_del(data->sock);
+@@ -853,6 +873,7 @@ static void
+ qb_ipcs_uc_recv_and_auth(int32_t sock, struct qb_ipcs_service *s)
+ {
+ 	int res = 0;
++	int res1;
+ 	struct ipc_auth_data *data = NULL;
+ #ifdef SO_PASSCRED
+ 	int on = 1;
+@@ -869,7 +890,11 @@ qb_ipcs_uc_recv_and_auth(int32_t sock, struct qb_ipcs_service *s)
+ 	qb_ipcs_ref(data->s);
+ 
+ #ifdef SO_PASSCRED
+-	setsockopt(sock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on));
++	res1 = setsockopt(sock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on));
++	if (res1 != 0) {
++		close(sock);
++		return;
++	}
+ #endif
+ 
+ 	res = s->poll_fns.dispatch_add(s->poll_priority,
+-- 
+2.25.1
+
diff --git a/libqb.spec b/libqb.spec
index 65cd641..caf70a9 100644
--- a/libqb.spec
+++ b/libqb.spec
@@ -1,14 +1,15 @@
 Name:                libqb
 Version:             2.0.8
-Release:             4
+Release:             5
 Summary:             Library providing high performance logging, tracing, ipc, and poll
 License:             LGPLv2+
 URL:                 https://github.com/ClusterLabs/libqb
 Source0:             https://github.com/ClusterLabs/libqb/releases/download/v%{version}/%{name}-%{version}.tar.xz
-Patch0: 	     Change-assert-in-ringbuffer-to-a-return-code-492.patch
-Patch1:		     Make-some-logs-less-noisy-495.patch
-Patch2:        backport-doxygen2man-Include-libxml-parser.h-494.patch
-Patch3:        backport-doxygen2man-Fix-typos-and-inconsistencies-in-help-te.patch
+Patch0:              Change-assert-in-ringbuffer-to-a-return-code-492.patch
+Patch1:              Make-some-logs-less-noisy-495.patch
+Patch2:              backport-doxygen2man-Include-libxml-parser.h-494.patch
+Patch3:              backport-doxygen2man-Fix-typos-and-inconsistencies-in-help-te.patch
+Patch4:              backport-Check-returns-from-setsockopt-calls.patch
 BuildRequires:       autoconf automake libtool check-devel doxygen gcc procps pkgconfig(glib-2.0)
 BuildRequires:       git-core
 # For doxygen2man
@@ -77,6 +78,9 @@ This package contains a program to create nicely-formatted man pages from Doxyge
 %{_mandir}/man1/doxygen2man.1.gz
 
 %changelog
+* Fri Aug 15 2025 zouzhimin <zouzhimin@kylinos.cn> - 2.0.8-5
+- Check returns from setsockopt() calls, also fix doxygen comment for qb_util_timespec_from_epoch_get()
+
 * Thu Dec 05 2024 bixiaoyan <bixiaoyan@kylinos.cn> - 2.0.8-4
 - doxygen2man: Include libxml/parser.h
 - doxygen2man: Fix typos and inconsistencies in help text
-- 
Gitee