forked from jengelh/iptables
Accepting request 691534 from security:netfilter
OBS-URL: https://build.opensuse.org/request/show/691534 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/iptables?expand=0&rev=67
This commit is contained in:
commit
865978d153
24
iptables-1.8.2-dont_read_garbage.patch
Normal file
24
iptables-1.8.2-dont_read_garbage.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
From: Fabian Vogt <fvogt@suse.com>
|
||||||
|
Date: 2019-04-04 13:41:59 +0200
|
||||||
|
Subject: 'iptables -L' reads garbage
|
||||||
|
References: [bsc#1106751]
|
||||||
|
Upstream: reported (https://bugzilla.netfilter.org/show_bug.cgi?id=1331)
|
||||||
|
|
||||||
|
This patch fixes a situation where 'iptables -L' reads garbage
|
||||||
|
from the struct as the kernel never filled it in the bugged case.
|
||||||
|
This can lead to issues like mapping a few TiB of memory
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Index: iptables-1.8.2/libiptc/libiptc.c
|
||||||
|
===================================================================
|
||||||
|
--- iptables-1.8.2.orig/libiptc/libiptc.c
|
||||||
|
+++ iptables-1.8.2/libiptc/libiptc.c
|
||||||
|
@@ -1305,6 +1305,7 @@ TC_INIT(const char *tablename)
|
||||||
|
{
|
||||||
|
struct xtc_handle *h;
|
||||||
|
STRUCT_GETINFO info;
|
||||||
|
+ memset(&info, 0, sizeof(info));
|
||||||
|
unsigned int tmp;
|
||||||
|
socklen_t s;
|
||||||
|
int sockfd;
|
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 4 11:44:31 UTC 2019 - Kristýna Streitová <kstreitova@suse.com>
|
||||||
|
|
||||||
|
- Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation
|
||||||
|
where 'iptables -L' reads garbage from the struct as the kernel
|
||||||
|
never filled it in the bugged case. This can lead to issues like
|
||||||
|
mapping a few TiB of memory [bsc#1106751].
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Nov 13 12:09:24 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
|
Tue Nov 13 12:09:24 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package iptables
|
# spec file for package iptables
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -22,14 +22,15 @@ Release: 0
|
|||||||
Summary: IP packet filter administration utilities
|
Summary: IP packet filter administration utilities
|
||||||
License: GPL-2.0-only AND Artistic-2.0
|
License: GPL-2.0-only AND Artistic-2.0
|
||||||
Group: Productivity/Networking/Security
|
Group: Productivity/Networking/Security
|
||||||
Url: http://netfilter.org/projects/iptables/
|
URL: https://netfilter.org/projects/iptables/
|
||||||
#Git-Clone: git://git.netfilter.org/iptables
|
#Git-Clone: git://git.netfilter.org/iptables
|
||||||
Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
|
Source: https://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
|
||||||
Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
|
Source2: https://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
|
||||||
Source3: %name.keyring
|
Source3: %name.keyring
|
||||||
Patch3: iptables-batch.patch
|
Patch3: iptables-batch.patch
|
||||||
Patch4: iptables-apply-mktemp-fix.patch
|
Patch4: iptables-apply-mktemp-fix.patch
|
||||||
Patch5: iptables-batch-lock.patch
|
Patch5: iptables-batch-lock.patch
|
||||||
|
Patch6: iptables-1.8.2-dont_read_garbage.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
#git#BuildRequires: autoconf, automake >= 1.10
|
#git#BuildRequires: autoconf, automake >= 1.10
|
||||||
@ -140,8 +141,7 @@ Link your extension (iptables plugins) with $(pkg-config xtables
|
|||||||
xtables --variable=xtlibdir).
|
xtables --variable=xtlibdir).
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%autosetup -p1
|
||||||
%patch -P 3 -P 4 -P 5 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# We have the iptables-batch patch, so always regenerate.
|
# We have the iptables-batch patch, so always regenerate.
|
||||||
|
Loading…
Reference in New Issue
Block a user