From: Florian Westphal <fwestpha@xxxxxxxxxx> redhat: disable dccp conntrack support DCCP is already disabled in RHEL. Judging from activity on the upstream development mailing list and the "syszkaller" dccp related reports there are no real users of this protocol. Disable dccp conntrack support. We've had use-after-free and out-of-bounds acesses (now fixed) in this code in the past, its clear that this is only "used" by fuzzers. Signed-off-by: Florian Westphal <fwestpha@xxxxxxxxxx> diff --git a/redhat/configs/common/generic/CONFIG_NF_CT_PROTO_DCCP b/redhat/configs/common/generic/CONFIG_NF_CT_PROTO_DCCP index blahblah..blahblah 100644 --- a/redhat/configs/common/generic/CONFIG_NF_CT_PROTO_DCCP +++ b/redhat/configs/common/generic/CONFIG_NF_CT_PROTO_DCCP @@ -1 +1 @@ -CONFIG_NF_CT_PROTO_DCCP=y +# CONFIG_NF_CT_PROTO_DCCP is not set -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2823 -- _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
