[kernel/f13/master] add missing files from previous commit

Chuck Ebbert cebbert at fedoraproject.org
Wed Jan 26 14:59:56 UTC 2011 

commit 8cb12224b9a402bbd9656f3ba5f3d93ba9dac477
Author: Chuck Ebbert <cebbert at redhat.com>
Date:   Wed Jan 26 09:59:03 2011 -0500

    add missing files from previous commit

 kernel.spec                               |   22 ++++++++++++++++++++++
 tcp-avoid-a-possible-divide-by-zero.patch |    3 ++-
 2 files changed, 24 insertions(+), 1 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index d6e21b4..52d174b 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -929,6 +929,15 @@ Patch13933: orinoco-fix-tkip-countermeasure-behaviour.patch
 # CVE-2010-4650
 Patch13934: fuse-verify-ioctl-retries.patch
 
+# Networking fixes from 2.6.36.3
+Patch13940: tcp-avoid-a-possible-divide-by-zero.patch
+Patch13941: tcp-bug-fix-in-initialization-of-receive-window.patch
+Patch13942: tcp-don-t-change-unlocked-socket-state-in-tcp_v4_err.patch
+# CVE-2010-4165
+Patch13943: tcp-increase-tcp_maxseg-socket-option-minimum.patch
+Patch13944: tcp-make-tcp_maxseg-minimum-more-correct.patch
+Patch13945: tcp-protect-sysctl_tcp_cookie_size-reads.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1781,6 +1790,15 @@ ApplyPatch orinoco-fix-tkip-countermeasure-behaviour.patch
 # CVE-2010-4650
 ApplyPatch fuse-verify-ioctl-retries.patch
 
+# Networking fixes from 2.6.36.3
+ApplyPatch tcp-avoid-a-possible-divide-by-zero.patch
+ApplyPatch tcp-bug-fix-in-initialization-of-receive-window.patch
+ApplyPatch tcp-don-t-change-unlocked-socket-state-in-tcp_v4_err.patch
+# CVE-2010-4165
+ApplyPatch tcp-increase-tcp_maxseg-socket-option-minimum.patch
+ApplyPatch tcp-make-tcp_maxseg-minimum-more-correct.patch
+ApplyPatch tcp-protect-sysctl_tcp_cookie_size-reads.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2402,6 +2420,10 @@ fi
 
 
 %changelog
+* Wed Jan 26 2011 Chuck Ebbert <cebbert at redhat.com>
+- TCP networking fixes from 2.6.36.3, including one CVE
+  CVE-2010-4165: possible kernel oops from user MSS
+
 * Sat Jan 22 2011 Chuck Ebbert <cebbert at redhat.com>
 - Security updates
   CVE-2010-4346: install_special_mapping skips security_file_mmap check
diff --git a/tcp-avoid-a-possible-divide-by-zero.patch b/tcp-avoid-a-possible-divide-by-zero.patch
index e8642c8..75976da 100644
--- a/tcp-avoid-a-possible-divide-by-zero.patch
+++ b/tcp-avoid-a-possible-divide-by-zero.patch
@@ -7,6 +7,7 @@ Subject: tcp: avoid a possible divide by zero
 From: Eric Dumazet <eric.dumazet at gmail.com>
 
 [ Upstream commit ad9f4f50fe9288bbe65b7dfd76d8820afac6a24c ]
+[ trivial backport to 2.6.34 ]
 
 sysctl_tcp_tso_win_divisor might be set to zero while one cpu runs in
 tcp_tso_should_defer(). Make sure we dont allow a divide by zero by
@@ -27,7 +28,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
  	u32 send_win, cong_win, limit, in_flight;
 +	int win_divisor;
  
- 	if (TCP_SKB_CB(skb)->flags & TCPHDR_FIN)
+ 	if (TCP_SKB_CB(skb)->flags & TCPCB_FLAG_FIN)
  		goto send_now;
 @@ -1549,13 +1550,14 @@ static int tcp_tso_should_defer(struct s
  	if ((skb != tcp_write_queue_tail(sk)) && (limit >= skb->len))

More information about the scm-commits mailing list