r2780 - in trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches: . series
Andres Salomon
dilinger-guest@costa.debian.org
Tue, 22 Mar 2005 08:25:37 +0100
Author: dilinger-guest
Date: 2005-03-22 08:25:37 +0100 (Tue, 22 Mar 2005)
New Revision: 2780
Added:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip6_copy_metadata_leak.dpatch
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip_copy_metadata_leak.dpatch
Modified:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-15
Log:
add CAN-2005-0210 fixes
Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip6_copy_metadata_leak.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip6_copy_metadata_leak.dpatch 2005-03-22 07:21:38 UTC (rev 2779)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip6_copy_metadata_leak.dpatch 2005-03-22 07:25:37 UTC (rev 2780)
@@ -0,0 +1,42 @@
+#! /bin/sh -e
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: [IPV6]: Fix ip6_copy_metadata potential dst leak too.
+## DP: Patch author: yoshfuji@linux-ipv6.org
+## DP: Upstream status: backport
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+diff -Naru a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
+--- a/net/ipv6/ip6_output.c 2005-03-21 23:21:49 -08:00
++++ b/net/ipv6/ip6_output.c 2005-03-21 23:21:49 -08:00
+@@ -463,6 +463,7 @@
+ to->priority = from->priority;
+ to->protocol = from->protocol;
+ to->security = from->security;
++ dst_release(to->dst);
+ to->dst = dst_clone(from->dst);
+ to->dev = from->dev;
+
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2005/01/30 20:47:06-08:00 yoshfuji@linux-ipv6.org
+# [IPV6]: Fix ip6_copy_metadata potential dst leak too.
+#
+# Same fix as per ipv4 ip_copy_metadata().
+#
+# Signed-off-by: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
+# net/ipv6/ip6_output.c
+# 2005/01/30 20:46:45-08:00 yoshfuji@linux-ipv6.org +1 -0
+# [IPV6]: Fix ip6_copy_metadata potential dst leak too.
+#
+# Same fix as per ipv4 ip_copy_metadata().
+#
+# Signed-off-by: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip_copy_metadata_leak.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip_copy_metadata_leak.dpatch 2005-03-22 07:21:38 UTC (rev 2779)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip_copy_metadata_leak.dpatch 2005-03-22 07:25:37 UTC (rev 2780)
@@ -0,0 +1,48 @@
+#! /bin/sh -e
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: [IPV4]: Do not leak dst entries in ip_copy_metadata().
+## DP: Patch author: kaber@trash.net
+## DP: Upstream status: backport
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+diff -Naru a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
+--- a/net/ipv4/ip_output.c 2005-03-21 23:22:48 -08:00
++++ b/net/ipv4/ip_output.c 2005-03-21 23:22:48 -08:00
+@@ -389,6 +389,7 @@
+ to->priority = from->priority;
+ to->protocol = from->protocol;
+ to->security = from->security;
++ dst_release(to->dst);
+ to->dst = dst_clone(from->dst);
+ to->dev = from->dev;
+
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2005/01/30 18:24:03-08:00 kaber@trash.net
+# [IPV4]: Do not leak dst entries in ip_copy_metadata().
+#
+# Netfilter conntrack can defragment locally generated
+# packets before they hit ip_fragment(). In this case
+# the fragments have skb->dst set already, so we have to
+# release that existing reference before overwriting
+# skb->dst.
+#
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
+# net/ipv4/ip_output.c
+# 2005/01/30 18:23:28-08:00 kaber@trash.net +1 -0
+# [IPV4]: Do not leak dst entries in ip_copy_metadata().
+#
+# Netfilter conntrack can defragment locally generated
+# packets before they hit ip_fragment(). In this case
+# the fragments have skb->dst set already, so we have to
+# release that existing reference before overwriting
+# skb->dst.
+#
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-15
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-15 2005-03-22 07:21:38 UTC (rev 2779)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-15 2005-03-22 07:25:37 UTC (rev 2780)
@@ -1,3 +1,5 @@
+ radeon-race.dpatch
+ rcu-locking.dpatch
+ drivers-net-ppp_async-fix-dos.dpatch
++ ip_copy_metadata_leak.dpatch
++ ip6_copy_metadata_leak.dpatch