Hello community,
here is the log from the commit of package iptables for openSUSE:Factory checked in at 2019-04-08 10:33:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/iptables (Old)
and /work/SRC/openSUSE:Factory/.iptables.new.3908 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "iptables"
Mon Apr 8 10:33:00 2019 rev:67 rq:691534 version:1.8.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/iptables/iptables.changes 2018-11-18 23:21:57.490225944 +0100
+++ /work/SRC/openSUSE:Factory/.iptables.new.3908/iptables.changes 2019-04-08 10:33:03.123222724 +0200
@@ -1,0 +2,8 @@
+Thu Apr 4 11:44:31 UTC 2019 - Kristýna Streitová
+
+- Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation
+ where 'iptables -L' reads garbage from the struct as the kernel
+ never filled it in the bugged case. This can lead to issues like
+ mapping a few TiB of memory [bsc#1106751].
+
+-------------------------------------------------------------------
New:
----
iptables-1.8.2-dont_read_garbage.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ iptables.spec ++++++
--- /var/tmp/diff_new_pack.ww4iGI/_old 2019-04-08 10:33:04.135221437 +0200
+++ /var/tmp/diff_new_pack.ww4iGI/_new 2019-04-08 10:33:04.139221432 +0200
@@ -1,7 +1,7 @@
#
# spec file for package iptables
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,14 +22,15 @@
Summary: IP packet filter administration utilities
License: GPL-2.0-only AND Artistic-2.0
Group: Productivity/Networking/Security
-Url: http://netfilter.org/projects/iptables/
+URL: https://netfilter.org/projects/iptables/
#Git-Clone: git://git.netfilter.org/iptables
-Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
-Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
+Source: https://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
+Source2: https://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
Source3: %name.keyring
Patch3: iptables-batch.patch
Patch4: iptables-apply-mktemp-fix.patch
Patch5: iptables-batch-lock.patch
+Patch6: iptables-1.8.2-dont_read_garbage.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
#git#BuildRequires: autoconf, automake >= 1.10
@@ -140,8 +141,7 @@
xtables --variable=xtlibdir).
%prep
-%setup -q
-%patch -P 3 -P 4 -P 5 -p1
+%autosetup -p1
%build
# We have the iptables-batch patch, so always regenerate.
++++++ iptables-1.8.2-dont_read_garbage.patch ++++++
From: Fabian Vogt
Date: 2019-04-04 13:41:59 +0200
Subject: 'iptables -L' reads garbage
References: [bsc#1106751]
Upstream: reported (https://bugzilla.netfilter.org/show_bug.cgi?id=1331)
This patch fixes a situation where 'iptables -L' reads garbage
from the struct as the kernel never filled it in the bugged case.
This can lead to issues like mapping a few TiB of memory
---
Index: iptables-1.8.2/libiptc/libiptc.c
===================================================================
--- iptables-1.8.2.orig/libiptc/libiptc.c
+++ iptables-1.8.2/libiptc/libiptc.c
@@ -1305,6 +1305,7 @@ TC_INIT(const char *tablename)
{
struct xtc_handle *h;
STRUCT_GETINFO info;
+ memset(&info, 0, sizeof(info));
unsigned int tmp;
socklen_t s;
int sockfd;