aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-08-06 11:25:28 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2013-08-07 06:56:36 +0000
commit1839235c5a330920f8c52a2722962fefa307661e (patch)
tree6cf1b98461542064958e739b87e667556ec05d1c
parent407aa3d5f3d8f5ac0e2c852b5e651e7a49325641 (diff)
downloadaports-1839235c5a330920f8c52a2722962fefa307661e.tar.bz2
aports-1839235c5a330920f8c52a2722962fefa307661e.tar.xz
main/linux-grsec: fix regression in ip_gre
(cherry picked from commit 21994d76b445fff32c844f1b904e3c5c1e3dd330)
-rw-r--r--main/linux-grsec/APKBUILD6
-rw-r--r--main/linux-grsec/net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch45
2 files changed, 50 insertions, 1 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 18702b1cc0..68ee9f23f5 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -7,7 +7,7 @@ case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
-pkgrel=0
+pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -25,6 +25,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+ net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch
kernelconfig.x86
kernelconfig.x86_64
@@ -157,6 +158,7 @@ aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-p
2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+f0742f10b5e16078f9ea052a0b2665ad net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch
1a111abaeb381bf47d9e979a85fba2ee kernelconfig.x86
1312267644d0c729bd7c7af979b29c8d kernelconfig.x86_64"
sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz
@@ -168,6 +170,7 @@ dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush
260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+df20f03dcc0f129f8bff6dbeefe0c0b9b8edad4906af20f6cf2d83f2dc36a40f net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch
1ef74cf3703dd26201970a2d9f043fed7e03ad2540a20f810cec8add93f81ccd kernelconfig.x86
1c4b4a74d982fdc8d3baddcdaa674ae4b4a3390daba024fca55e85604af74507 kernelconfig.x86_64"
sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz
@@ -179,5 +182,6 @@ e56d207163b8c17bd63564ebbe916458ebcc892016216f98f395f3e208229d6533c2cfbe14634005
d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
+0ca9b0e140a9bdfa3c4e4958de4a6c53fff3d0d11b15cd9868baf49dfde1320e591f89c357b5a690cadb9e6ed48a1a506fea6a37b0b873f8a69f6899ba7967a8 net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch
5d2057cb27362175d85cbe1b79586a3daaa16c1b36baa0bf433b594a85284a02460b28e90ee9dc3f5a8c973a7e8316e0be83099a40a039913e6f1c7036570196 kernelconfig.x86
89b5fe8a4930ef19deb00e18bb8a4ae4c87105bcf29b7e15c677f7e6a4d2618bb5c378da485aed573b5a2342e0cdff4d0ceae60f2b89cde603988de9f3c36929 kernelconfig.x86_64"
diff --git a/main/linux-grsec/net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch b/main/linux-grsec/net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch
new file mode 100644
index 0000000000..aeaeb33d7a
--- /dev/null
+++ b/main/linux-grsec/net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch
@@ -0,0 +1,45 @@
+From patchwork Tue Aug 6 10:45:43 2013
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 8bit
+Subject: [net] ip_gre: fix ipgre_header to return correct offset
+From: =?utf-8?q?Timo_Ter=C3=A4s?= <timo.teras@iki.fi>
+X-Patchwork-Id: 264994
+Message-Id: <1375785943-23908-1-git-send-email-timo.teras@iki.fi>
+To: netdev@vger.kernel.org
+Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>,
+ Pravin B Shelar <pshelar@nicira.com>
+Date: Tue, 6 Aug 2013 13:45:43 +0300
+
+Fix ipgre_header() (header_ops->create) to return the correct
+amount of bytes pushed. Most callers of dev_hard_header() seem
+to care only if it was success, but af_packet.c uses it as
+offset to the skb to copy from userspace only once. In practice
+this fixes packet socket sendto()/sendmsg() to gre tunnels.
+
+Regression introduced in c54419321455631079c7d6e60bc732dd0c5914c5
+("GRE: Refactor GRE tunneling code.")
+
+Cc: Pravin B Shelar <pshelar@nicira.com>
+Signed-off-by: Timo Teräs <timo.teras@iki.fi>
+
+---
+Should go to 3.10-stable too. Without this dmvpn setup does not work
+at all, as opennhrp uses packet sockets to send the nhrp packets.
+
+ net/ipv4/ip_gre.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
+index 855004f..c52fee0 100644
+--- a/net/ipv4/ip_gre.c
++++ b/net/ipv4/ip_gre.c
+@@ -572,7 +572,7 @@ static int ipgre_header(struct sk_buff *skb, struct net_device *dev,
+ if (daddr)
+ memcpy(&iph->daddr, daddr, 4);
+ if (iph->daddr)
+- return t->hlen;
++ return t->hlen + sizeof(*iph);
+
+ return -(t->hlen + sizeof(*iph));
+ }