[kernel] r16990 - in dists/squeeze/linux-2.6/debian: . patches/bugfix/all patches/series

Ben Hutchings benh at alioth.debian.org
Sun Mar 6 16:03:39 UTC 2011 

Author: benh
Date: Sun Mar  6 16:03:35 2011
New Revision: 16990

Log:
ipv6: Silence privacy extensions initialization (Closes: #590653)

Added:
   dists/squeeze/linux-2.6/debian/patches/bugfix/all/ipv6-Silence-privacy-extensions-initialization.patch
Modified:
   dists/squeeze/linux-2.6/debian/changelog
   dists/squeeze/linux-2.6/debian/patches/series/31

Modified: dists/squeeze/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze/linux-2.6/debian/changelog	Sun Mar  6 00:36:36 2011	(r16989)
+++ dists/squeeze/linux-2.6/debian/changelog	Sun Mar  6 16:03:35 2011	(r16990)
@@ -41,6 +41,7 @@
     (Closes: 602444)
   * drm/i915: Overlay on gen2 can't address above 1G
   * drm/i915: Fix memory corruption with GM965 and >4GB RAM
+  * ipv6: Silence privacy extensions initialization (Closes: #590653)
 
   [ dann frazier ]
   * xfs: Fix information leak using stale NFS handle (CVE-2010-2943)

Added: dists/squeeze/linux-2.6/debian/patches/bugfix/all/ipv6-Silence-privacy-extensions-initialization.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/ipv6-Silence-privacy-extensions-initialization.patch	Sun Mar  6 16:03:35 2011	(r16990)
@@ -0,0 +1,42 @@
+From: Romain Francoise <romain at orebokech.com>
+Date: Mon, 17 Jan 2011 07:59:18 +0000
+Subject: [PATCH] ipv6: Silence privacy extensions initialization
+
+commit 2fdc1c8093255f9da877d7b9ce3f46c2098377dc upstream.
+
+When a network namespace is created (via CLONE_NEWNET), the loopback
+interface is automatically added to the new namespace, triggering a
+printk in ipv6_add_dev() if CONFIG_IPV6_PRIVACY is set.
+
+This is problematic for applications which use CLONE_NEWNET as
+part of a sandbox, like Chromium's suid sandbox or recent versions of
+vsftpd. On a busy machine, it can lead to thousands of useless
+"lo: Disabled Privacy Extensions" messages appearing in dmesg.
+
+It's easy enough to check the status of privacy extensions via the
+use_tempaddr sysctl, so just removing the printk seems like the most
+sensible solution.
+
+Signed-off-by: Romain Francoise <romain at orebokech.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/ipv6/addrconf.c |    3 ---
+ 1 files changed, 0 insertions(+), 3 deletions(-)
+
+diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
+index 5b189c9..24a1cf1 100644
+--- a/net/ipv6/addrconf.c
++++ b/net/ipv6/addrconf.c
+@@ -420,9 +420,6 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
+ 	    dev->type == ARPHRD_TUNNEL6 ||
+ 	    dev->type == ARPHRD_SIT ||
+ 	    dev->type == ARPHRD_NONE) {
+-		printk(KERN_INFO
+-		       "%s: Disabled Privacy Extensions\n",
+-		       dev->name);
+ 		ndev->cnf.use_tempaddr = -1;
+ 	} else {
+ 		in6_dev_hold(ndev);
+-- 
+1.7.4.1
+

Modified: dists/squeeze/linux-2.6/debian/patches/series/31
==============================================================================
--- dists/squeeze/linux-2.6/debian/patches/series/31	Sun Mar  6 00:36:36 2011	(r16989)
+++ dists/squeeze/linux-2.6/debian/patches/series/31	Sun Mar  6 16:03:35 2011	(r16990)
@@ -53,3 +53,4 @@
 + bugfix/all/brcm80211-bugfix-for-softmac-crash-on-multi-cpu-configurations.patch
 + bugfix/all/drm-i915-overlay-on-gen2-can-t-address-above-1G.patch
 + bugfix/all/drm-i915-fix-memory-corruption-with-GM965-and-4GB-RAM.patch
++ bugfix/all/ipv6-Silence-privacy-extensions-initialization.patch

More information about the Kernel-svn-changes mailing list