diff options
| author |   Roy Marples <uberlord@gentoo.org> | 2007-05-10 10:24:54 +0000 |
|---|---|---|
| committer | Roy Marples <uberlord@gentoo.org> | 2007-05-10 10:24:54 +0000 |
| commit | b822c2885ba1abfe251d71aea12d9cbb735d8d19 (patch) | |
| tree | 0e05548e001841ab395667a13d20fa31a233dba6 /sys-freebsd/freebsd-sources/files | |
| parent | removed doc use flag as not used in ebuild and build.xml (diff) | |
| download | historical-b822c2885ba1abfe251d71aea12d9cbb735d8d19.tar.gz historical-b822c2885ba1abfe251d71aea12d9cbb735d8d19.tar.bz2 historical-b822c2885ba1abfe251d71aea12d9cbb735d8d19.zip | |
Add a security fix to disable IPv6 source routing headers.
Package-Manager: portage-2.1.2.7
Diffstat (limited to 'sys-freebsd/freebsd-sources/files')
| -rw-r--r-- | sys-freebsd/freebsd-sources/files/digest-freebsd-sources-6.2-r1 | 3 | ||||
| -rw-r--r-- | sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-ipv6.patch | 66 |
2 files changed, 69 insertions, 0 deletions
diff --git a/sys-freebsd/freebsd-sources/files/digest-freebsd-sources-6.2-r1 b/sys-freebsd/freebsd-sources/files/digest-freebsd-sources-6.2-r1 new file mode 100644 index 000000000000..f15ec910fc83 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/digest-freebsd-sources-6.2-r1 @@ -0,0 +1,3 @@ +MD5 79c16213744e76d3bf13a9ac21ede56d freebsd-sys-6.2.tar.bz2 18344936 +RMD160 784230e22ccaf09933ef3f053ff29cc3e579786a freebsd-sys-6.2.tar.bz2 18344936 +SHA256 a754371d88601aaab7152bb3d127bd3777db912e13a26a866e13ba34934c5e5b freebsd-sys-6.2.tar.bz2 18344936 diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-ipv6.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-ipv6.patch new file mode 100644 index 000000000000..1f4c0e7664d0 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-ipv6.patch @@ -0,0 +1,66 @@ +Index: sys/netinet6/in6.h +=================================================================== +RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/in6.h,v +retrieving revision 1.36.2.7 +diff -u -r1.36.2.7 in6.h +--- sys/netinet6/in6.h 20 Aug 2006 19:28:43 -0000 1.36.2.7 ++++ sys/netinet6/in6.h 24 Apr 2007 03:11:29 -0000 +@@ -574,5 +574,6 @@ + #define IPV6CTL_STEALTH 45 +-#define IPV6CTL_MAXID 46 ++#define IPV6CTL_RTHDR0_ALLOWED 46 ++#define IPV6CTL_MAXID 47 + #endif /* __BSD_VISIBLE */ + + /* +Index: sys/netinet6/in6_proto.c +=================================================================== +RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/in6_proto.c,v +retrieving revision 1.32.2.5 +diff -u -r1.32.2.5 in6_proto.c +--- sys/netinet6/in6_proto.c 16 Oct 2006 15:11:18 -0000 1.32.2.5 ++++ sys/netinet6/in6_proto.c 24 Apr 2007 07:46:54 -0000 +@@ -376,6 +376,8 @@ + #ifdef IPSTEALTH + int ip6stealth = 0; + #endif ++int ip6_rthdr0_allowed = 0; /* Disallow use of routing header 0 */ ++ /* by default. */ + + /* icmp6 */ + /* +@@ -519,6 +521,9 @@ + SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW, + &ip6stealth, 0, ""); + #endif ++SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTHDR0_ALLOWED, ++ rthdr0_allowed, CTLFLAG_RW, &ip6_rthdr0_allowed, 0, ""); ++ + + /* net.inet6.icmp6 */ + SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, +Index: sys/netinet6/route6.c +=================================================================== +RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/route6.c,v +retrieving revision 1.11.2.1 +diff -u -r1.11.2.1 route6.c +--- sys/netinet6/route6.c 4 Nov 2005 20:26:15 -0000 1.11.2.1 ++++ sys/netinet6/route6.c 24 Apr 2007 08:06:00 -0000 +@@ -49,6 +49,8 @@ + + #include <netinet/icmp6.h> + ++extern int ip6_rthdr0_allowed; ++ + static int ip6_rthdr0 __P((struct mbuf *, struct ip6_hdr *, + struct ip6_rthdr0 *)); + +@@ -88,6 +90,8 @@ + + switch (rh->ip6r_type) { + case IPV6_RTHDR_TYPE_0: ++ if (!ip6_rthdr0_allowed) ++ return (IPPROTO_DONE); + rhlen = (rh->ip6r_len + 1) << 3; + #ifndef PULLDOWN_TEST + /* |