aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2015-07-06 13:57:54 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2015-07-07 07:11:26 +0000
commit29c90c9cc0f74cb010ffecb016356640a226c489 (patch)
treed3a620dd2ed0dbcbfedb12f5f1e83b7cc547576f
parentee277aa885361e02eac3e5e1076fbdf8edc0a54f (diff)
downloadaports-29c90c9cc0f74cb010ffecb016356640a226c489.tar.bz2
aports-29c90c9cc0f74cb010ffecb016356640a226c489.tar.xz
main/linux-grsec: ugprade to 3.18.17
-rw-r--r--main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch55
-rw-r--r--main/linux-grsec/APKBUILD38
-rw-r--r--main/linux-grsec/config-grsec.armhf3
-rw-r--r--main/linux-grsec/config-grsec.x863
-rw-r--r--main/linux-grsec/config-grsec.x86_643
5 files changed, 82 insertions, 20 deletions
diff --git a/main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch b/main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
new file mode 100644
index 0000000000..5e6f493f52
--- /dev/null
+++ b/main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
@@ -0,0 +1,55 @@
+From 9c889e8df035c6eb7993963a7c80bfc75a61124d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Mon, 6 Jul 2015 09:54:36 +0300
+Subject: [PATCH] ip_tunnel: fix ipv4 pmtu check to honor inner ip header df
+
+Frag needed should be sent only if the inner header asked
+to not fragment. Currently fragmentation is broken if the
+tunnel has df set. The tunnel's df needs to be still checked
+to update internally the pmtu cache.
+
+This got broken in commit 23a3647bc4f93bac and this fixes
+the pmtu check back to the way it was.
+
+Fixes: 23a3647bc4f93bac ("ip_tunnels: Use skb-len to PMTU check.")
+Cc: Pravin B Shelar <pshelar@nicira.com>
+---
+ net/ipv4/ip_tunnel.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
+index 0bb8e14..6822572 100644
+--- a/net/ipv4/ip_tunnel.c
++++ b/net/ipv4/ip_tunnel.c
+@@ -587,7 +587,8 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t,
+ EXPORT_SYMBOL(ip_tunnel_encap);
+
+ static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb,
+- struct rtable *rt, __be16 df)
++ struct rtable *rt, __be16 df,
++ const struct iphdr *inner_iph)
+ {
+ struct ip_tunnel *tunnel = netdev_priv(dev);
+ int pkt_size = skb->len - tunnel->hlen - dev->hard_header_len;
+@@ -604,7 +605,8 @@ static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb,
+
+ if (skb->protocol == htons(ETH_P_IP)) {
+ if (!skb_is_gso(skb) &&
+- (df & htons(IP_DF)) && mtu < pkt_size) {
++ (inner_iph->frag_off & htons(IP_DF)) &&
++ mtu < pkt_size) {
+ memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
+ icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
+ return -E2BIG;
+@@ -738,7 +740,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
+ goto tx_error;
+ }
+
+- if (tnl_update_pmtu(dev, skb, rt, tnl_params->frag_off)) {
++ if (tnl_update_pmtu(dev, skb, rt, tnl_params->frag_off, inner_iph)) {
+ ip_rt_put(rt);
+ goto tx_error;
+ }
+--
+2.4.5
+
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index e6d8acd5be..af94a6669a 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
_mainflavor=grsec
pkgname=linux-$_mainflavor
-pkgver=3.18.16
+pkgver=3.18.17
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -17,9 +17,10 @@ options="!strip"
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- http://dev.alpinelinux.org/~tteras/grsec/grsecurity-3.1-3.18.16-201506082249-alpine.patch
+ http://dev.alpinelinux.org/~tteras/grsec/grsecurity-3.1-3.18.17-201507050832-alpine.patch
fix-memory-map-for-PIE-applications.patch
+ 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
fix-spi-nor-namespace-clash.patch
imx6q-no-unclocked-sleep.patch
@@ -200,35 +201,38 @@ dev() {
}
md5sums="9e854df51ca3fef8bfe566dbd7b89241 linux-3.18.tar.xz
-96aeccef48037aee98911634664af68e patch-3.18.16.xz
-dee848728d351ead91cdc59254175775 grsecurity-3.1-3.18.16-201506082249-alpine.patch
+ff54e954e26589a2a8a237bfe793ac41 patch-3.18.17.xz
+e4775dbac57c80905e2c2d99aedbfa1a grsecurity-3.1-3.18.17-201507050832-alpine.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
+b7f15811ab0ae0a1225c03cc2cc24411 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
b0337a2a9abed17c37eae5db332522d2 fix-spi-nor-namespace-clash.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
-797644a9dda4436978498045ef7095b1 config-grsec.x86
-9476dc4a1d21009764680816fde71152 config-grsec.x86_64
-6af88f5e681a237e3c58e8154a40fb47 config-grsec.armhf
+9c3fdf1aba9dffc9a5ebc16a2ba37735 config-grsec.x86
+2cc37d1ed1e2ebf0aa1a0ace67d6f519 config-grsec.x86_64
+36892e7e94abde237925ab15e9c7752c config-grsec.armhf
18cb4521f9a8847637292f9f4c9e8256 config-virtgrsec.x86
80b45900be93b1183a6382adf710d961 config-virtgrsec.x86_64"
sha256sums="becc413cc9e6d7f5cc52a3ce66d65c3725bc1d1cc1001f4ce6c32b69eb188cbd linux-3.18.tar.xz
-f60602c8de2ae7b1507c538b6af65d5b933727a06f56075898ff64fdcf650313 patch-3.18.16.xz
-920b9f5dd1659656319e45c803f4b28c91d0bfa9a4a51300bdd5f85b3096d4c6 grsecurity-3.1-3.18.16-201506082249-alpine.patch
+190b769580a766add68c3e3a8878a725b36fe6877991f3af0cb4a1d6b5eeccf8 patch-3.18.17.xz
+98fc77df5d82ce127999923dadb203c9024f7539673b1c2efd46917939cb4864 grsecurity-3.1-3.18.17-201507050832-alpine.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
+b4a5d6fc7b1dfe43cee18cf47db3f588a4b8a03e6d474af9a6f9ef487233ba70 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
01279cfb93273d99670c56e2465957ecde3d03693beeb929a743f03afa0b7bdc fix-spi-nor-namespace-clash.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
-096425842c0c84c063fff14108630f49d32f64e970027e0f2050ce76558c05db config-grsec.x86
-18cc34f2d603baf82af7093daaf024d74047506154e53de27fb49ba65a2551d1 config-grsec.x86_64
-c796c15a32c848cfd6b67c2f22273fb3e26872f9325a6564f316b17b947eeaaf config-grsec.armhf
+5fc6db215c9566d937ed5162cea3a554352ba82a7b6754552e46d02ec39368d7 config-grsec.x86
+c30182bf8c312141ef516154cbcf9ae6670dffeafa650126c2f375b5082087f3 config-grsec.x86_64
+03ba6e2ed62e27e5fceb0bc405cccfe3de2e2d3be1486287500f38a1b2ecf786 config-grsec.armhf
47048993111506ab74db24c92d39b536cf5e684975844907d5cb6198c1dfd87f config-virtgrsec.x86
015ce51a03f1337673b47ef996b77c55cf50a28240e37c5ebf7e66f5886d3aef config-virtgrsec.x86_64"
sha512sums="2f0b72466e9bc538a675738aa416573d41bbbd7e3e2ffd5b5b127afde609ebc278cec5a3c37e73479607e957c13f1b4ed9782a3795e0dcc2cf8e550228594009 linux-3.18.tar.xz
-868de9793e67e741dc69d61339f66c25d08d36a7d67b09d5644e855e05faf239c1e6e01299812a68edc52a39e132d7ec459929cb5d8a0936fe6aa580a72af80c patch-3.18.16.xz
-9d423b6edb1a758d3832349c47b4ed70394dac0665e30f1f254e3fa200a9db02a93728faf68d7908f5dd825a94c3dd017b9296d6a4ee90d9f14691338c5163f7 grsecurity-3.1-3.18.16-201506082249-alpine.patch
+03a78cc7b72150570fd0f24ad44f491dc57913e0675f31b7322af8ccbf41deea05a0b04c7058f9c85352cb03a976b3817d3544d8c690cc67e26ec08672c09afa patch-3.18.17.xz
+0f0fec207e67fa96587159316fbc0be4b4559a9c437fdaeb8747d50ec59f34a6650c146f38138941489e364ea29e94aad72ff1f3d6ef92cccc0028b9514d12f6 grsecurity-3.1-3.18.17-201507050832-alpine.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
+c5f7bda0a5bf88d7ce5de8c405ee5a018b652d70def2a5c6eea8e718b39efc0fed860bb61c70d950ba42cb11e0c264ee5ddd9a1505b7b60d19a56322ece894b6 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
4e3aeb70712f9838afea75fe9e6c1389414d833a89286ea55441d6a8d54ce74b0e39b565721e3153443af0a614bff57c767251b7e5b81faa5e0784eddfcd2164 fix-spi-nor-namespace-clash.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
-ee88d6b3984a97f18d721d49ae76b302a80d4c0f8779d580199d35869358423e22895b1245725d345b6c99714844444ab9c433281f129347e4d5510336ca9cff config-grsec.x86
-20ba11b7b2d874a354aa4c364cac6885863deddd4c166ad98e0d5dcb24d102b0e3875eef60a252e1bedb1526fd25e11721c78e6ca50baf5fc4a9ec58e1c3b1a2 config-grsec.x86_64
-a54a297c3e0700242b1745d5377fa16585bec0b2d9e94b0bf3a4afee04a193413441e850e1233664d2692833245f7994ce5166fe99513d9a8247c9cdf9f87200 config-grsec.armhf
+1c8861bd213f2ed5a5d4b6205ca3453958f110ad0245940c824a3ef3983a10a937adf7e401f087d7cc6e6d0054cbb187139ef426b6e00d7fa707aab20f1d2666 config-grsec.x86
+4dc18ddfd90167d5c00717fb3b4a8d8429af3613bcb6ad53e7660dd9c936e89cffbe97bc3177e655508f1bde603c18d4d4159e2de8a9b104377b74eae6eeca72 config-grsec.x86_64
+025cd3689f2c1a469d855deccbab34a56e6cbcaaf59648c04af7257779136a6b4bbb96584d70ff2e2713af33da56e2b8f7eb59490ccf30eaa4b62a15051a4806 config-grsec.armhf
c6bebe64953a444bc7d13f932e44d081665c253121189a3ccca9d7f6145b4460e32dc0f21f4700bf6607c5c0cb79de5c8576e4da0c815d60cff0d3b90879c1d9 config-virtgrsec.x86
47f93ae57dc923efe81132b00a8c0a5f4aa029a5f64e411110b1ef99dc018f9d7d8af1632ea7ea42693e847388484b149f666db7dd7f423b5b1ad3baed83d75f config-virtgrsec.x86_64"
diff --git a/main/linux-grsec/config-grsec.armhf b/main/linux-grsec/config-grsec.armhf
index 1da850be63..f1e9544d57 100644
--- a/main/linux-grsec/config-grsec.armhf
+++ b/main/linux-grsec/config-grsec.armhf
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.18.12 Kernel Configuration
+# Linux/arm 3.18.17 Kernel Configuration
#
CONFIG_ARM=y
CONFIG_ARM_HAS_SG_CHAIN=y
@@ -4397,6 +4397,7 @@ CONFIG_HID_LCPOWER=m
# CONFIG_HID_LENOVO is not set
CONFIG_HID_LOGITECH=m
CONFIG_HID_LOGITECH_DJ=m
+CONFIG_HID_LOGITECH_HIDPP=m
CONFIG_LOGITECH_FF=y
CONFIG_LOGIRUMBLEPAD2_FF=y
CONFIG_LOGIG940_FF=y
diff --git a/main/linux-grsec/config-grsec.x86 b/main/linux-grsec/config-grsec.x86
index 118d1502c9..5cc2d6e9e6 100644
--- a/main/linux-grsec/config-grsec.x86
+++ b/main/linux-grsec/config-grsec.x86
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.18.11 Kernel Configuration
+# Linux/x86 3.18.17 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -4781,6 +4781,7 @@ CONFIG_HID_LCPOWER=m
CONFIG_HID_LENOVO=m
CONFIG_HID_LOGITECH=m
CONFIG_HID_LOGITECH_DJ=m
+CONFIG_HID_LOGITECH_HIDPP=m
CONFIG_LOGITECH_FF=y
CONFIG_LOGIRUMBLEPAD2_FF=y
CONFIG_LOGIG940_FF=y
diff --git a/main/linux-grsec/config-grsec.x86_64 b/main/linux-grsec/config-grsec.x86_64
index 7b6d4ed809..27fef539d8 100644
--- a/main/linux-grsec/config-grsec.x86_64
+++ b/main/linux-grsec/config-grsec.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.18.11 Kernel Configuration
+# Linux/x86 3.18.17 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -4620,6 +4620,7 @@ CONFIG_HID_LCPOWER=m
CONFIG_HID_LENOVO=m
CONFIG_HID_LOGITECH=m
CONFIG_HID_LOGITECH_DJ=m
+CONFIG_HID_LOGITECH_HIDPP=m
CONFIG_LOGITECH_FF=y
CONFIG_LOGIRUMBLEPAD2_FF=y
CONFIG_LOGIG940_FF=y