Accepting request 691518 from home:kstreitova:branches:security:netfilter

- Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation where 'iptables -L' reads garbage from the struct as the kernel never filled it in the bugged case. This can lead to issues like mapping a few TiB of memory [bsc#1106751]. OBS-URL: https://build.opensuse.org/request/show/691518 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=126
2019-04-04 13:20:38 +00:00
parent 725c31dfd6
commit 87d1cb26b1
3 changed files with 36 additions and 3 deletions
--- a/iptables.spec
+++ b/iptables.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package iptables
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
 #


@@ -30,6 +30,7 @@ Source3:        %name.keyring
 Patch3:         iptables-batch.patch
 Patch4:         iptables-apply-mktemp-fix.patch
 Patch5:         iptables-batch-lock.patch
+Patch6:         iptables-1.8.2-dont_read_garbage.patch

 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 #git#BuildRequires:  autoconf, automake >= 1.10
@@ -141,7 +142,7 @@ xtables --variable=xtlibdir).

 %prep
 %setup -q
-%patch -P 3 -P 4 -P 5 -p1
+%patch -P 3 -P 4 -P 5 -P 6 -p1

 %build
 # We have the iptables-batch patch, so always regenerate.