diff options
author | Timo Teräs <timo.teras@iki.fi> | 2015-07-06 13:57:54 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-07-07 07:11:26 +0000 |
commit | 29c90c9cc0f74cb010ffecb016356640a226c489 (patch) | |
tree | d3a620dd2ed0dbcbfedb12f5f1e83b7cc547576f | |
parent | ee277aa885361e02eac3e5e1076fbdf8edc0a54f (diff) | |
download | aports-29c90c9cc0f74cb010ffecb016356640a226c489.tar.bz2 aports-29c90c9cc0f74cb010ffecb016356640a226c489.tar.xz |
main/linux-grsec: ugprade to 3.18.17
-rw-r--r-- | main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch | 55 | ||||
-rw-r--r-- | main/linux-grsec/APKBUILD | 38 | ||||
-rw-r--r-- | main/linux-grsec/config-grsec.armhf | 3 | ||||
-rw-r--r-- | main/linux-grsec/config-grsec.x86 | 3 | ||||
-rw-r--r-- | main/linux-grsec/config-grsec.x86_64 | 3 |
5 files changed, 82 insertions, 20 deletions
diff --git a/main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch b/main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch new file mode 100644 index 0000000000..5e6f493f52 --- /dev/null +++ b/main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch @@ -0,0 +1,55 @@ +From 9c889e8df035c6eb7993963a7c80bfc75a61124d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Mon, 6 Jul 2015 09:54:36 +0300 +Subject: [PATCH] ip_tunnel: fix ipv4 pmtu check to honor inner ip header df + +Frag needed should be sent only if the inner header asked +to not fragment. Currently fragmentation is broken if the +tunnel has df set. The tunnel's df needs to be still checked +to update internally the pmtu cache. + +This got broken in commit 23a3647bc4f93bac and this fixes +the pmtu check back to the way it was. + +Fixes: 23a3647bc4f93bac ("ip_tunnels: Use skb-len to PMTU check.") +Cc: Pravin B Shelar <pshelar@nicira.com> +--- + net/ipv4/ip_tunnel.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c +index 0bb8e14..6822572 100644 +--- a/net/ipv4/ip_tunnel.c ++++ b/net/ipv4/ip_tunnel.c +@@ -587,7 +587,8 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t, + EXPORT_SYMBOL(ip_tunnel_encap); + + static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb, +- struct rtable *rt, __be16 df) ++ struct rtable *rt, __be16 df, ++ const struct iphdr *inner_iph) + { + struct ip_tunnel *tunnel = netdev_priv(dev); + int pkt_size = skb->len - tunnel->hlen - dev->hard_header_len; +@@ -604,7 +605,8 @@ static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb, + + if (skb->protocol == htons(ETH_P_IP)) { + if (!skb_is_gso(skb) && +- (df & htons(IP_DF)) && mtu < pkt_size) { ++ (inner_iph->frag_off & htons(IP_DF)) && ++ mtu < pkt_size) { + memset(IPCB(skb), 0, sizeof(*IPCB(skb))); + icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); + return -E2BIG; +@@ -738,7 +740,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, + goto tx_error; + } + +- if (tnl_update_pmtu(dev, skb, rt, tnl_params->frag_off)) { ++ if (tnl_update_pmtu(dev, skb, rt, tnl_params->frag_off, inner_iph)) { + ip_rt_put(rt); + goto tx_error; + } +-- +2.4.5 + diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index e6d8acd5be..af94a6669a 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _mainflavor=grsec pkgname=linux-$_mainflavor -pkgver=3.18.16 +pkgver=3.18.17 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -17,9 +17,10 @@ options="!strip" install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - http://dev.alpinelinux.org/~tteras/grsec/grsecurity-3.1-3.18.16-201506082249-alpine.patch + http://dev.alpinelinux.org/~tteras/grsec/grsecurity-3.1-3.18.17-201507050832-alpine.patch fix-memory-map-for-PIE-applications.patch + 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch fix-spi-nor-namespace-clash.patch imx6q-no-unclocked-sleep.patch @@ -200,35 +201,38 @@ dev() { } md5sums="9e854df51ca3fef8bfe566dbd7b89241 linux-3.18.tar.xz -96aeccef48037aee98911634664af68e patch-3.18.16.xz -dee848728d351ead91cdc59254175775 grsecurity-3.1-3.18.16-201506082249-alpine.patch +ff54e954e26589a2a8a237bfe793ac41 patch-3.18.17.xz +e4775dbac57c80905e2c2d99aedbfa1a grsecurity-3.1-3.18.17-201507050832-alpine.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch +b7f15811ab0ae0a1225c03cc2cc24411 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch b0337a2a9abed17c37eae5db332522d2 fix-spi-nor-namespace-clash.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch -797644a9dda4436978498045ef7095b1 config-grsec.x86 -9476dc4a1d21009764680816fde71152 config-grsec.x86_64 -6af88f5e681a237e3c58e8154a40fb47 config-grsec.armhf +9c3fdf1aba9dffc9a5ebc16a2ba37735 config-grsec.x86 +2cc37d1ed1e2ebf0aa1a0ace67d6f519 config-grsec.x86_64 +36892e7e94abde237925ab15e9c7752c config-grsec.armhf 18cb4521f9a8847637292f9f4c9e8256 config-virtgrsec.x86 80b45900be93b1183a6382adf710d961 config-virtgrsec.x86_64" sha256sums="becc413cc9e6d7f5cc52a3ce66d65c3725bc1d1cc1001f4ce6c32b69eb188cbd linux-3.18.tar.xz -f60602c8de2ae7b1507c538b6af65d5b933727a06f56075898ff64fdcf650313 patch-3.18.16.xz -920b9f5dd1659656319e45c803f4b28c91d0bfa9a4a51300bdd5f85b3096d4c6 grsecurity-3.1-3.18.16-201506082249-alpine.patch +190b769580a766add68c3e3a8878a725b36fe6877991f3af0cb4a1d6b5eeccf8 patch-3.18.17.xz +98fc77df5d82ce127999923dadb203c9024f7539673b1c2efd46917939cb4864 grsecurity-3.1-3.18.17-201507050832-alpine.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch +b4a5d6fc7b1dfe43cee18cf47db3f588a4b8a03e6d474af9a6f9ef487233ba70 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch 01279cfb93273d99670c56e2465957ecde3d03693beeb929a743f03afa0b7bdc fix-spi-nor-namespace-clash.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch -096425842c0c84c063fff14108630f49d32f64e970027e0f2050ce76558c05db config-grsec.x86 -18cc34f2d603baf82af7093daaf024d74047506154e53de27fb49ba65a2551d1 config-grsec.x86_64 -c796c15a32c848cfd6b67c2f22273fb3e26872f9325a6564f316b17b947eeaaf config-grsec.armhf +5fc6db215c9566d937ed5162cea3a554352ba82a7b6754552e46d02ec39368d7 config-grsec.x86 +c30182bf8c312141ef516154cbcf9ae6670dffeafa650126c2f375b5082087f3 config-grsec.x86_64 +03ba6e2ed62e27e5fceb0bc405cccfe3de2e2d3be1486287500f38a1b2ecf786 config-grsec.armhf 47048993111506ab74db24c92d39b536cf5e684975844907d5cb6198c1dfd87f config-virtgrsec.x86 015ce51a03f1337673b47ef996b77c55cf50a28240e37c5ebf7e66f5886d3aef config-virtgrsec.x86_64" sha512sums="2f0b72466e9bc538a675738aa416573d41bbbd7e3e2ffd5b5b127afde609ebc278cec5a3c37e73479607e957c13f1b4ed9782a3795e0dcc2cf8e550228594009 linux-3.18.tar.xz -868de9793e67e741dc69d61339f66c25d08d36a7d67b09d5644e855e05faf239c1e6e01299812a68edc52a39e132d7ec459929cb5d8a0936fe6aa580a72af80c patch-3.18.16.xz -9d423b6edb1a758d3832349c47b4ed70394dac0665e30f1f254e3fa200a9db02a93728faf68d7908f5dd825a94c3dd017b9296d6a4ee90d9f14691338c5163f7 grsecurity-3.1-3.18.16-201506082249-alpine.patch +03a78cc7b72150570fd0f24ad44f491dc57913e0675f31b7322af8ccbf41deea05a0b04c7058f9c85352cb03a976b3817d3544d8c690cc67e26ec08672c09afa patch-3.18.17.xz +0f0fec207e67fa96587159316fbc0be4b4559a9c437fdaeb8747d50ec59f34a6650c146f38138941489e364ea29e94aad72ff1f3d6ef92cccc0028b9514d12f6 grsecurity-3.1-3.18.17-201507050832-alpine.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch +c5f7bda0a5bf88d7ce5de8c405ee5a018b652d70def2a5c6eea8e718b39efc0fed860bb61c70d950ba42cb11e0c264ee5ddd9a1505b7b60d19a56322ece894b6 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch 4e3aeb70712f9838afea75fe9e6c1389414d833a89286ea55441d6a8d54ce74b0e39b565721e3153443af0a614bff57c767251b7e5b81faa5e0784eddfcd2164 fix-spi-nor-namespace-clash.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch -ee88d6b3984a97f18d721d49ae76b302a80d4c0f8779d580199d35869358423e22895b1245725d345b6c99714844444ab9c433281f129347e4d5510336ca9cff config-grsec.x86 -20ba11b7b2d874a354aa4c364cac6885863deddd4c166ad98e0d5dcb24d102b0e3875eef60a252e1bedb1526fd25e11721c78e6ca50baf5fc4a9ec58e1c3b1a2 config-grsec.x86_64 -a54a297c3e0700242b1745d5377fa16585bec0b2d9e94b0bf3a4afee04a193413441e850e1233664d2692833245f7994ce5166fe99513d9a8247c9cdf9f87200 config-grsec.armhf +1c8861bd213f2ed5a5d4b6205ca3453958f110ad0245940c824a3ef3983a10a937adf7e401f087d7cc6e6d0054cbb187139ef426b6e00d7fa707aab20f1d2666 config-grsec.x86 +4dc18ddfd90167d5c00717fb3b4a8d8429af3613bcb6ad53e7660dd9c936e89cffbe97bc3177e655508f1bde603c18d4d4159e2de8a9b104377b74eae6eeca72 config-grsec.x86_64 +025cd3689f2c1a469d855deccbab34a56e6cbcaaf59648c04af7257779136a6b4bbb96584d70ff2e2713af33da56e2b8f7eb59490ccf30eaa4b62a15051a4806 config-grsec.armhf c6bebe64953a444bc7d13f932e44d081665c253121189a3ccca9d7f6145b4460e32dc0f21f4700bf6607c5c0cb79de5c8576e4da0c815d60cff0d3b90879c1d9 config-virtgrsec.x86 47f93ae57dc923efe81132b00a8c0a5f4aa029a5f64e411110b1ef99dc018f9d7d8af1632ea7ea42693e847388484b149f666db7dd7f423b5b1ad3baed83d75f config-virtgrsec.x86_64" diff --git a/main/linux-grsec/config-grsec.armhf b/main/linux-grsec/config-grsec.armhf index 1da850be63..f1e9544d57 100644 --- a/main/linux-grsec/config-grsec.armhf +++ b/main/linux-grsec/config-grsec.armhf @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 3.18.12 Kernel Configuration +# Linux/arm 3.18.17 Kernel Configuration # CONFIG_ARM=y CONFIG_ARM_HAS_SG_CHAIN=y @@ -4397,6 +4397,7 @@ CONFIG_HID_LCPOWER=m # CONFIG_HID_LENOVO is not set CONFIG_HID_LOGITECH=m CONFIG_HID_LOGITECH_DJ=m +CONFIG_HID_LOGITECH_HIDPP=m CONFIG_LOGITECH_FF=y CONFIG_LOGIRUMBLEPAD2_FF=y CONFIG_LOGIG940_FF=y diff --git a/main/linux-grsec/config-grsec.x86 b/main/linux-grsec/config-grsec.x86 index 118d1502c9..5cc2d6e9e6 100644 --- a/main/linux-grsec/config-grsec.x86 +++ b/main/linux-grsec/config-grsec.x86 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.18.11 Kernel Configuration +# Linux/x86 3.18.17 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -4781,6 +4781,7 @@ CONFIG_HID_LCPOWER=m CONFIG_HID_LENOVO=m CONFIG_HID_LOGITECH=m CONFIG_HID_LOGITECH_DJ=m +CONFIG_HID_LOGITECH_HIDPP=m CONFIG_LOGITECH_FF=y CONFIG_LOGIRUMBLEPAD2_FF=y CONFIG_LOGIG940_FF=y diff --git a/main/linux-grsec/config-grsec.x86_64 b/main/linux-grsec/config-grsec.x86_64 index 7b6d4ed809..27fef539d8 100644 --- a/main/linux-grsec/config-grsec.x86_64 +++ b/main/linux-grsec/config-grsec.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.18.11 Kernel Configuration +# Linux/x86 3.18.17 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -4620,6 +4620,7 @@ CONFIG_HID_LCPOWER=m CONFIG_HID_LENOVO=m CONFIG_HID_LOGITECH=m CONFIG_HID_LOGITECH_DJ=m +CONFIG_HID_LOGITECH_HIDPP=m CONFIG_LOGITECH_FF=y CONFIG_LOGIRUMBLEPAD2_FF=y CONFIG_LOGIG940_FF=y |