summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ipv6-Don-t-reduce-hop-limit-for-an-interface.patch46
-rw-r--r--kernel.spec11
-rw-r--r--sources2
3 files changed, 5 insertions, 54 deletions
diff --git a/ipv6-Don-t-reduce-hop-limit-for-an-interface.patch b/ipv6-Don-t-reduce-hop-limit-for-an-interface.patch
deleted file mode 100644
index 9b9448681..000000000
--- a/ipv6-Don-t-reduce-hop-limit-for-an-interface.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From: "D.S. Ljungmark" <ljungmark@modio.se>
-Date: Wed, 25 Mar 2015 09:28:15 +0100
-Subject: [PATCH] ipv6: Don't reduce hop limit for an interface
-
-A local route may have a lower hop_limit set than global routes do.
-
-RFC 3756, Section 4.2.7, "Parameter Spoofing"
-
-> 1. The attacker includes a Current Hop Limit of one or another small
-> number which the attacker knows will cause legitimate packets to
-> be dropped before they reach their destination.
-
-> As an example, one possible approach to mitigate this threat is to
-> ignore very small hop limits. The nodes could implement a
-> configurable minimum hop limit, and ignore attempts to set it below
-> said limit.
-
-Signed-off-by: D.S. Ljungmark <ljungmark@modio.se>
-Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
----
- net/ipv6/ndisc.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
-index 471ed24aabae..14ecdaf06bf7 100644
---- a/net/ipv6/ndisc.c
-+++ b/net/ipv6/ndisc.c
-@@ -1218,7 +1218,14 @@ static void ndisc_router_discovery(struct sk_buff *skb)
- if (rt)
- rt6_set_expires(rt, jiffies + (HZ * lifetime));
- if (ra_msg->icmph.icmp6_hop_limit) {
-- in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
-+ /* Only set hop_limit on the interface if it is higher than
-+ * the current hop_limit.
-+ */
-+ if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
-+ in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
-+ } else {
-+ ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n");
-+ }
- if (rt)
- dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
- ra_msg->icmph.icmp6_hop_limit);
---
-2.1.0
-
diff --git a/kernel.spec b/kernel.spec
index 8ef760032..7dfc2bf28 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -68,7 +68,7 @@ Summary: The Linux kernel
# The rc snapshot level
%define rcrev 6
# The git snapshot level
-%define gitrev 1
+%define gitrev 2
# Set rpm version accordingly
%define rpmversion 4.%{upstream_sublevel}.0
%endif
@@ -634,9 +634,6 @@ Patch26174: Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch
#CVE-2015-2150 rhbz 1196266 1200397
Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
-#CVE-2015-XXXX rhbz 1203712 1208491
-Patch26177: ipv6-Don-t-reduce-hop-limit-for-an-interface.patch
-
# END OF PATCH DEFINITIONS
%endif
@@ -1382,9 +1379,6 @@ ApplyPatch Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch
#CVE-2015-2150 rhbz 1196266 1200397
ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
-#CVE-2015-XXXX rhbz 1203712 1208491
-ApplyPatch ipv6-Don-t-reduce-hop-limit-for-an-interface.patch
-
# END OF PATCH APPLICATIONS
%endif
@@ -2235,6 +2229,9 @@ fi
#
#
%changelog
+* Thu Apr 02 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.0.0-0.rc6.git2.1
+- Linux v4.0-rc6-101-g0a4812798fae
+
* Thu Apr 02 2015 Josh Boyer <jwboyer@fedoraproject.org>
- DoS against IPv6 stacks due to improper handling of RA (rhbz 1203712 1208491)
diff --git a/sources b/sources
index c8ae3cbc9..54c68312a 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
bec0aeeacab2852d9a17ccbfa7e280f8 linux-4.0-rc6.tar.xz
260f7a6cccde97c91b2e79eb93049820 perf-man-4.0-rc6.tar.gz
-1254e2b5f72b55b8df6fc4a4caae2ff1 patch-4.0-rc6-git1.xz
+9c5164f5f19edaf4c78df0b2e7e4a047 patch-4.0-rc6-git2.xz