Accepting request 56228 from home:dirkmueller:branches:security:netfilter

good

OBS-URL: https://build.opensuse.org/request/show/56228
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iproute2?expand=0&rev=13

iproute2-2.6.29-1-fragtimeout.diff

@@ -1,83 +0,0 @@
---- doc/ip-cref.tex
-+++ doc/ip-cref.tex	2008/05/13 08:23:52
-@@ -1315,7 +1315,11 @@
-     If it is not given, Linux uses the value selected with \verb|sysctl|
-     variable \verb|net/ipv4/tcp_reordering|.
- 
-+\item \verb|fragtimeout NUMBER|
- 
-+--- \threeonly How many seconds to wait before expiring IP fragments
-+    from the destination of this route. If not specified Linux uses
-+    the \verb|sysctl| variable \verb|net/ipv4/ip_frag_timeout|.
- 
- \item \verb|nexthop NEXTHOP|
- 
---- ip/iproute.c
-+++ ip/iproute.c	2008/05/13 08:28:32
-@@ -37,6 +37,14 @@
- #define RTAX_RTTVAR RTAX_HOPS
- #endif
- 
-+#ifndef RTAX_FRAG_TIMEOUT
-+#define RTAX_FRAG_TIMEOUT (RTAX_FEATURES+1)
-+#endif
-+
-+#if RTAX_MAX < RTAX_FRAG_TIMEOUT
-+#undef RTAX_MAX
-+#define RTAX_MAX RTAX_FRAG_TIMEOUT
-+#endif
- 
- static const char *mx_names[RTAX_MAX+1] = {
- 	[RTAX_MTU]	= "mtu",
-@@ -51,6 +59,7 @@
- 	[RTAX_INITCWND] = "initcwnd",
- 	[RTAX_FEATURES] = "features",
- 	[RTAX_RTO_MIN]	= "rto_min",
-+	[RTAX_FRAG_TIMEOUT]="fragtimeout"
- };
- static void usage(void) __attribute__((noreturn));
- 
-@@ -70,9 +79,9 @@
- 	fprintf(stderr, "INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...\n");
- 	fprintf(stderr, "NH := [ via ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGS\n");
- 	fprintf(stderr, "OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ]\n");
--	fprintf(stderr, "           [ rtt TIME ] [ rttvar TIME ]\n");
-+	fprintf(stderr, "           [ rtt TIME ] [ rttvar TIME ] [ fragtimeout seconds ]\n");
- 	fprintf(stderr, "           [ window NUMBER] [ cwnd NUMBER ] [ initcwnd NUMBER ]\n");
--	fprintf(stderr, "           [ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]\n");
-+	fprintf(stderr, "           [ ssthresh NUMBER ] [ reordering NUMBER ] [ realms REALM ]\n");
- 	fprintf(stderr, "           [ rto_min TIME ]\n");
- 	fprintf(stderr, "TYPE := [ unicast | local | broadcast | multicast | throw |\n");
- 	fprintf(stderr, "          unreachable | prohibit | blackhole | nat ]\n");
-@@ -780,6 +789,14 @@
- 				invarg("\"reordering\" value is invalid\n", *argv);
- 			rta_addattr32(mxrta, sizeof(mxbuf), RTAX_REORDERING, reord);
- #endif
-+#ifdef RTAX_FRAG_TIMEOUT
-+		} else if (strcmp(*argv, "fragtimeout") == 0) {
-+			unsigned timeout;
-+			NEXT_ARG();
-+			if (get_unsigned(&timeout, *argv, 0))
-+				invarg("\"timeout\" value is invalid\n", *argv);
-+			rta_addattr32(mxrta, sizeof(mxbuf), RTAX_FRAG_TIMEOUT, timeout);
-+#endif
- 		} else if (strcmp(*argv, "rtt") == 0) {
- 			unsigned rtt;
- 			NEXT_ARG();
---- man/man8/ip.8
-+++ man/man8/ip.8	2008/05/13 08:25:08
-@@ -1487,6 +1487,14 @@
- .BR "net/ipv4/tcp_reordering" .
- 
- .TP
-+.BI fragtimeout " NUMBER " "(SuSE extension currently)"
-+Fragment timeout in seconds for IP fragments arriving from this distination.
-+If it is not given, Linux uses the value selected with
-+.B sysctl
-+variable
-+.BR "net/ipv4/ipfrag_timeout" .
-+
-+.TP
- .BI nexthop " NEXTHOP"
- the nexthop of a multipath route.
- .I NEXTHOP

iproute2.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Dec  3 10:29:55 CET 2010 - ms@suse.de
+
+- removed the fragtimeout patch because it breaks the rto_min
+  setup. The fragtimeout patch also requires a kernel side
+  modification which we don't ship since SLES9 (bnc #656667)
+
 -------------------------------------------------------------------
 Mon Nov 15 22:12:32 UTC 2010 - jengelh@medozas.de
 

iproute2.spec

@@ -33,7 +33,6 @@ Source0:        %name-%rversion.tar.bz2
 Patch0:         %name-2.6.29-1-libdir-1.diff
 Patch1:         %name-2.6.29-1-HZ.diff
 Patch2:         %name-2.6.29-1-pdfdoc.diff
-Patch4:         %name-2.6.29-1-fragtimeout.diff
 Patch5:         %name-2.6.29-1-flushcheckuid.diff
 Patch7:         %name-2.6.29-1-warnings.diff
 Patch8:         %name-2.6.29-1-skbedit-memset.diff
@@ -79,8 +78,6 @@ as well as examples and other outdated files.
 %patch0
 %patch1
 %patch2
-# RTAX_FRAG_TIMEOUT not in kernel at all?
-#%patch4
 %patch5
 %patch7
 %patch8