diff --git a/iputils-20100418-dos.patch b/iputils-20100418-dos.patch new file mode 100644 index 0000000..ad23c71 --- /dev/null +++ b/iputils-20100418-dos.patch @@ -0,0 +1,21 @@ +diff -up iputils-s20100418/ping.c.dos iputils-s20100418/ping.c +--- iputils-s20100418/ping.c.dos 2010-07-13 08:53:29.356694202 +0200 ++++ iputils-s20100418/ping.c 2010-07-13 08:53:55.350694373 +0200 +@@ -1083,7 +1083,7 @@ void pr_options(unsigned char * cp, int + i = j; + i -= IPOPT_MINOFF; + if (i <= 0) +- continue; ++ break; + if (i == old_rrlen + && !strncmp((char *)cp, old_rr, i) + && !(options & F_FLOOD)) { +@@ -1120,7 +1120,7 @@ void pr_options(unsigned char * cp, int + i = j; + i -= 5; + if (i <= 0) +- continue; ++ break; + flags = *++cp; + printf("\nTS: "); + cp++; diff --git a/iputils.spec b/iputils.spec index 69cb3f8..d557343 100644 --- a/iputils.spec +++ b/iputils.spec @@ -1,7 +1,7 @@ Summary: Network monitoring tools including ping Name: iputils Version: 20100418 -Release: 2%{?dist} +Release: 3%{?dist} License: BSD URL: http://www.skbuff.net/iputils Group: System Environment/Daemons @@ -24,6 +24,7 @@ Patch10: iputils-20071127-corr_type.patch Patch11: iputils-20071127-infiniband.patch Patch12: iputils-20100418-convtoint.patch Patch13: iputils-20100418-flowlabel.patch +Patch14: iputils-20100418-dos.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: docbook-utils perl-SGMLSpm @@ -58,6 +59,7 @@ the target machine is alive and receiving network traffic. %patch11 -p1 -b .infiniband %patch12 -p1 -b .convtoint %patch13 -p1 -b .flowlabel +%patch14 -p1 -b .dos %build %ifarch s390 s390x @@ -147,6 +149,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_sysconfdir}/rc.d/init.d/rdisc %changelog +* Tue Jul 13 2010 Jiri Skala - 20100418-3 +- applied patch preventing ping against dos attack + * Wed May 19 2010 Jiri Skala - 20100418-2 - fixes #593641 - update bonding files (updated ifenslave tarball)