Hello community, here is the log from the commit of package mipv6d for openSUSE:Factory checked in at Mon Jan 10 13:41:07 CET 2011. -------- --- mipv6d/mipv6d.changes 2009-08-05 15:10:53.000000000 +0200 +++ /mounts/work_src_done/STABLE/mipv6d/mipv6d.changes 2010-09-10 13:50:42.000000000 +0200 @@ -1,0 +2,7 @@ +Thu Sep 9 13:32:06 UTC 2010 - mt@suse.de + +- security fixes (bnc#424311): + * CVE-2010-2522 mipv6 daemon local message spoofing + * CVE-2010-2523 mipv6 daemon remote buffer overflow + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- bug-424311_mipv6-daemon-0.5rc1.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mipv6d.spec ++++++ --- /var/tmp/diff_new_pack.FWrnmi/_old 2011-01-10 13:40:39.000000000 +0100 +++ /var/tmp/diff_new_pack.FWrnmi/_new 2011-01-10 13:40:39.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package mipv6d (Version 2.0.2) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,16 +21,17 @@ Name: mipv6d BuildRequires: bison flex indent libnl-devel openssl-devel Url: http://www.mobile-ipv6.org -License: GPL v2 only ; GPL v2 or later +License: GPLv2 ; GPLv2+ BuildRoot: %{_tmppath}/%{name}-%{version}-build AutoReqProv: on Group: Productivity/Networking/Other Summary: MIPL - Mobile IPv6 for Linux Version: 2.0.2 -Release: 3 +Release: 10 Source0: mipv6-daemon.tar.bz2 Patch0: mipv6-daemon-umip-0.4-nepl-20080108.patch Patch1: mipv6d-build.patch +Patch2: bug-424311_mipv6-daemon-0.5rc1.diff %description MIPL Mobile IPv6 for Linux is an implementation of the Mobility Support @@ -59,6 +60,7 @@ %setup -q -n mipv6-daemon %patch0 -p1 %patch1 -p0 +%patch2 -p1 %build aclocal ++++++ bug-424311_mipv6-daemon-0.5rc1.diff ++++++ Should apply to git.linux-ipv6.org/gitroot/mipv6-daemon.git c4a8e574785794dcc9022f8f39f087999c5f8f41 diff -ruN mipv6-daemon.orig/src/ha.c mipv6-daemon/src/ha.c --- mipv6-daemon.orig/src/ha.c 2010-07-06 14:50:34.000000000 +0200 +++ mipv6-daemon/src/ha.c 2010-07-06 14:53:00.000000000 +0200 @@ -104,6 +104,8 @@ if (opt[0] == ND_OPT_PREFIX_INFORMATION) { struct nd_opt_prefix_info *p; + if (olen < sizeof(struct nd_opt_prefix_info)) + return; p = (struct nd_opt_prefix_info *)opt; if (p->nd_opt_pi_prefix_len > 128) return; @@ -117,6 +119,8 @@ } else if (opt[0] == ND_OPT_HOME_AGENT_INFO && ra->nd_ra_flags_reserved & ND_RA_FLAG_HOME_AGENT) { struct nd_opt_homeagent_info *hainfo; + if (olen < sizeof(struct nd_opt_homeagent_info)) + return; hainfo = (struct nd_opt_homeagent_info *)opt; pref = ntohs(hainfo->nd_opt_hai_preference); life = ntohs(hainfo->nd_opt_hai_lifetime); diff -ruN mipv6-daemon.orig/src/mn.c mipv6-daemon/src/mn.c --- mipv6-daemon.orig/src/mn.c 2010-07-06 14:50:34.000000000 +0200 +++ mipv6-daemon/src/mn.c 2010-07-06 14:54:12.000000000 +0200 @@ -1646,9 +1646,10 @@ iif = pkt_info.ipi6_ifindex; na = (struct nd_neighbor_advert *)msg; - if (iif != ifindex || - hoplimit < 255 || na->nd_na_code != 0 || - len < sizeof(struct nd_neighbor_advert) || + if (iif != ifindex || + hoplimit < 255 || + len < sizeof(struct nd_neighbor_advert) || + na->nd_na_code != 0 || IN6_IS_ADDR_MULTICAST(&na->nd_na_target) || (na->nd_na_flags_reserved & ND_NA_FLAG_SOLICITED && IN6_IS_ADDR_MULTICAST(daddr))) diff -ruN mipv6-daemon.orig/src/movement.c mipv6-daemon/src/movement.c --- mipv6-daemon.orig/src/movement.c 2010-07-06 14:50:34.000000000 +0200 +++ mipv6-daemon/src/movement.c 2010-07-06 14:56:44.000000000 +0200 @@ -818,6 +818,11 @@ struct nlmsghdr *n, void *arg) { pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); + + /* only accept messages from kernel */ + if (who->nl_pid) + goto out; + switch (n->nlmsg_type) { case RTM_NEWLINK: case RTM_DELLINK: @@ -837,6 +842,8 @@ /* To do: listen to changes in default and prefix routes(?) */ break; } + +out: pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL); return 0; } diff -ruN mipv6-daemon.orig/src/xfrm.c mipv6-daemon/src/xfrm.c --- mipv6-daemon.orig/src/xfrm.c 2010-07-06 14:50:34.000000000 +0200 +++ mipv6-daemon/src/xfrm.c 2010-07-06 14:57:38.000000000 +0200 @@ -1939,6 +1939,11 @@ static int xfrm_rcv(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) { pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); + + /* only accept messages from kernel */ + if (who->nl_pid) + goto out; + switch (n->nlmsg_type) { case XFRM_MSG_ACQUIRE: /* Start RO or send BRR */ @@ -1949,6 +1954,9 @@ parse_report(n); break; } + + +out: pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL); return 0; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org