main/linux-grsec: ugprade to 3.18.17

5 files changed, 82 insertions, 20 deletions

diff --git a/main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch b/main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
new file mode 100644
index 0000000000..5e6f493f52
--- /dev/null
+++ b/main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
@@ -0,0 +1,55 @@
+From 9c889e8df035c6eb7993963a7c80bfc75a61124d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Mon, 6 Jul 2015 09:54:36 +0300
+Subject: [PATCH] ip_tunnel: fix ipv4 pmtu check to honor inner ip header df
+
+Frag needed should be sent only if the inner header asked
+to not fragment. Currently fragmentation is broken if the
+tunnel has df set. The tunnel's df needs to be still checked
+to update internally the pmtu cache.
+
+This got broken in commit 23a3647bc4f93bac and this fixes
+the pmtu check back to the way it was.
+
+Fixes: 23a3647bc4f93bac ("ip_tunnels: Use skb-len to PMTU check.")
+Cc: Pravin B Shelar <pshelar@nicira.com>
+---
+ net/ipv4/ip_tunnel.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
+index 0bb8e14..6822572 100644
+--- a/net/ipv4/ip_tunnel.c
++++ b/net/ipv4/ip_tunnel.c
+@@ -587,7 +587,8 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t,
+ EXPORT_SYMBOL(ip_tunnel_encap);
+ 
+ static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb,
+-			    struct rtable *rt, __be16 df)
++			    struct rtable *rt, __be16 df,
++			    const struct iphdr *inner_iph)
+ {
+ 	struct ip_tunnel *tunnel = netdev_priv(dev);
+ 	int pkt_size = skb->len - tunnel->hlen - dev->hard_header_len;
+@@ -604,7 +605,8 @@ static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb,
+ 
+ 	if (skb->protocol == htons(ETH_P_IP)) {
+ 		if (!skb_is_gso(skb) &&
+-		    (df & htons(IP_DF)) && mtu < pkt_size) {
++		    (inner_iph->frag_off & htons(IP_DF)) &&
++		    mtu < pkt_size) {
+ 			memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
+ 			icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
+ 			return -E2BIG;
+@@ -738,7 +740,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
+ 		goto tx_error;
+ 	}
+ 
+-	if (tnl_update_pmtu(dev, skb, rt, tnl_params->frag_off)) {
++	if (tnl_update_pmtu(dev, skb, rt, tnl_params->frag_off, inner_iph)) {
+ 		ip_rt_put(rt);
+ 		goto tx_error;
+ 	}
+-- 
+2.4.5
+
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index e6d8acd5be..af94a6669a 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
 
 _mainflavor=grsec
 pkgname=linux-$_mainflavor
-pkgver=3.18.16
+pkgver=3.18.17
 case $pkgver in
 *.*.*)	_kernver=${pkgver%.*};;
 *.*)	_kernver=${pkgver};;
@@ -17,9 +17,10 @@ options="!strip"
 install=
 source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
 	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
-	http://dev.alpinelinux.org/~tteras/grsec/grsecurity-3.1-3.18.16-201506082249-alpine.patch
+	http://dev.alpinelinux.org/~tteras/grsec/grsecurity-3.1-3.18.17-201507050832-alpine.patch
 
 	fix-memory-map-for-PIE-applications.patch
+	0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
 	fix-spi-nor-namespace-clash.patch
 	imx6q-no-unclocked-sleep.patch
 
@@ -200,35 +201,38 @@ dev() {
 }
 
 md5sums="9e854df51ca3fef8bfe566dbd7b89241  linux-3.18.tar.xz
-96aeccef48037aee98911634664af68e  patch-3.18.16.xz
-dee848728d351ead91cdc59254175775  grsecurity-3.1-3.18.16-201506082249-alpine.patch
+ff54e954e26589a2a8a237bfe793ac41  patch-3.18.17.xz
+e4775dbac57c80905e2c2d99aedbfa1a  grsecurity-3.1-3.18.17-201507050832-alpine.patch
 c6a4ae7e8ca6159e1631545515805216  fix-memory-map-for-PIE-applications.patch
+b7f15811ab0ae0a1225c03cc2cc24411  0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
 b0337a2a9abed17c37eae5db332522d2  fix-spi-nor-namespace-clash.patch
 1a307fc1d63231bf01d22493a4f14378  imx6q-no-unclocked-sleep.patch
-797644a9dda4436978498045ef7095b1  config-grsec.x86
-9476dc4a1d21009764680816fde71152  config-grsec.x86_64
-6af88f5e681a237e3c58e8154a40fb47  config-grsec.armhf
+9c3fdf1aba9dffc9a5ebc16a2ba37735  config-grsec.x86
+2cc37d1ed1e2ebf0aa1a0ace67d6f519  config-grsec.x86_64
+36892e7e94abde237925ab15e9c7752c  config-grsec.armhf
 18cb4521f9a8847637292f9f4c9e8256  config-virtgrsec.x86
 80b45900be93b1183a6382adf710d961  config-virtgrsec.x86_64"
 sha256sums="becc413cc9e6d7f5cc52a3ce66d65c3725bc1d1cc1001f4ce6c32b69eb188cbd  linux-3.18.tar.xz
-f60602c8de2ae7b1507c538b6af65d5b933727a06f56075898ff64fdcf650313  patch-3.18.16.xz
-920b9f5dd1659656319e45c803f4b28c91d0bfa9a4a51300bdd5f85b3096d4c6  grsecurity-3.1-3.18.16-201506082249-alpine.patch
+190b769580a766add68c3e3a8878a725b36fe6877991f3af0cb4a1d6b5eeccf8  patch-3.18.17.xz
+98fc77df5d82ce127999923dadb203c9024f7539673b1c2efd46917939cb4864  grsecurity-3.1-3.18.17-201507050832-alpine.patch
 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7  fix-memory-map-for-PIE-applications.patch
+b4a5d6fc7b1dfe43cee18cf47db3f588a4b8a03e6d474af9a6f9ef487233ba70  0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
 01279cfb93273d99670c56e2465957ecde3d03693beeb929a743f03afa0b7bdc  fix-spi-nor-namespace-clash.patch
 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3  imx6q-no-unclocked-sleep.patch
-096425842c0c84c063fff14108630f49d32f64e970027e0f2050ce76558c05db  config-grsec.x86
-18cc34f2d603baf82af7093daaf024d74047506154e53de27fb49ba65a2551d1  config-grsec.x86_64
-c796c15a32c848cfd6b67c2f22273fb3e26872f9325a6564f316b17b947eeaaf  config-grsec.armhf
+5fc6db215c9566d937ed5162cea3a554352ba82a7b6754552e46d02ec39368d7  config-grsec.x86
+c30182bf8c312141ef516154cbcf9ae6670dffeafa650126c2f375b5082087f3  config-grsec.x86_64
+03ba6e2ed62e27e5fceb0bc405cccfe3de2e2d3be1486287500f38a1b2ecf786  config-grsec.armhf
 47048993111506ab74db24c92d39b536cf5e684975844907d5cb6198c1dfd87f  config-virtgrsec.x86
 015ce51a03f1337673b47ef996b77c55cf50a28240e37c5ebf7e66f5886d3aef  config-virtgrsec.x86_64"
 sha512sums="2f0b72466e9bc538a675738aa416573d41bbbd7e3e2ffd5b5b127afde609ebc278cec5a3c37e73479607e957c13f1b4ed9782a3795e0dcc2cf8e550228594009  linux-3.18.tar.xz
-868de9793e67e741dc69d61339f66c25d08d36a7d67b09d5644e855e05faf239c1e6e01299812a68edc52a39e132d7ec459929cb5d8a0936fe6aa580a72af80c  patch-3.18.16.xz
-9d423b6edb1a758d3832349c47b4ed70394dac0665e30f1f254e3fa200a9db02a93728faf68d7908f5dd825a94c3dd017b9296d6a4ee90d9f14691338c5163f7  grsecurity-3.1-3.18.16-201506082249-alpine.patch
+03a78cc7b72150570fd0f24ad44f491dc57913e0675f31b7322af8ccbf41deea05a0b04c7058f9c85352cb03a976b3817d3544d8c690cc67e26ec08672c09afa  patch-3.18.17.xz
+0f0fec207e67fa96587159316fbc0be4b4559a9c437fdaeb8747d50ec59f34a6650c146f38138941489e364ea29e94aad72ff1f3d6ef92cccc0028b9514d12f6  grsecurity-3.1-3.18.17-201507050832-alpine.patch
 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7  fix-memory-map-for-PIE-applications.patch
+c5f7bda0a5bf88d7ce5de8c405ee5a018b652d70def2a5c6eea8e718b39efc0fed860bb61c70d950ba42cb11e0c264ee5ddd9a1505b7b60d19a56322ece894b6  0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
 4e3aeb70712f9838afea75fe9e6c1389414d833a89286ea55441d6a8d54ce74b0e39b565721e3153443af0a614bff57c767251b7e5b81faa5e0784eddfcd2164  fix-spi-nor-namespace-clash.patch
 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221  imx6q-no-unclocked-sleep.patch
-ee88d6b3984a97f18d721d49ae76b302a80d4c0f8779d580199d35869358423e22895b1245725d345b6c99714844444ab9c433281f129347e4d5510336ca9cff  config-grsec.x86
-20ba11b7b2d874a354aa4c364cac6885863deddd4c166ad98e0d5dcb24d102b0e3875eef60a252e1bedb1526fd25e11721c78e6ca50baf5fc4a9ec58e1c3b1a2  config-grsec.x86_64
-a54a297c3e0700242b1745d5377fa16585bec0b2d9e94b0bf3a4afee04a193413441e850e1233664d2692833245f7994ce5166fe99513d9a8247c9cdf9f87200  config-grsec.armhf
+1c8861bd213f2ed5a5d4b6205ca3453958f110ad0245940c824a3ef3983a10a937adf7e401f087d7cc6e6d0054cbb187139ef426b6e00d7fa707aab20f1d2666  config-grsec.x86
+4dc18ddfd90167d5c00717fb3b4a8d8429af3613bcb6ad53e7660dd9c936e89cffbe97bc3177e655508f1bde603c18d4d4159e2de8a9b104377b74eae6eeca72  config-grsec.x86_64
+025cd3689f2c1a469d855deccbab34a56e6cbcaaf59648c04af7257779136a6b4bbb96584d70ff2e2713af33da56e2b8f7eb59490ccf30eaa4b62a15051a4806  config-grsec.armhf
 c6bebe64953a444bc7d13f932e44d081665c253121189a3ccca9d7f6145b4460e32dc0f21f4700bf6607c5c0cb79de5c8576e4da0c815d60cff0d3b90879c1d9  config-virtgrsec.x86
 47f93ae57dc923efe81132b00a8c0a5f4aa029a5f64e411110b1ef99dc018f9d7d8af1632ea7ea42693e847388484b149f666db7dd7f423b5b1ad3baed83d75f  config-virtgrsec.x86_64"
diff --git a/main/linux-grsec/config-grsec.armhf b/main/linux-grsec/config-grsec.armhf
index 1da850be63..f1e9544d57 100644
--- a/main/linux-grsec/config-grsec.armhf
+++ b/main/linux-grsec/config-grsec.armhf
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.18.12 Kernel Configuration
+# Linux/arm 3.18.17 Kernel Configuration
 #
 CONFIG_ARM=y
 CONFIG_ARM_HAS_SG_CHAIN=y
@@ -4397,6 +4397,7 @@ CONFIG_HID_LCPOWER=m
 # CONFIG_HID_LENOVO is not set
 CONFIG_HID_LOGITECH=m
 CONFIG_HID_LOGITECH_DJ=m
+CONFIG_HID_LOGITECH_HIDPP=m
 CONFIG_LOGITECH_FF=y
 CONFIG_LOGIRUMBLEPAD2_FF=y
 CONFIG_LOGIG940_FF=y
diff --git a/main/linux-grsec/config-grsec.x86 b/main/linux-grsec/config-grsec.x86
index 118d1502c9..5cc2d6e9e6 100644
--- a/main/linux-grsec/config-grsec.x86
+++ b/main/linux-grsec/config-grsec.x86
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.18.11 Kernel Configuration
+# Linux/x86 3.18.17 Kernel Configuration
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -4781,6 +4781,7 @@ CONFIG_HID_LCPOWER=m
 CONFIG_HID_LENOVO=m
 CONFIG_HID_LOGITECH=m
 CONFIG_HID_LOGITECH_DJ=m
+CONFIG_HID_LOGITECH_HIDPP=m
 CONFIG_LOGITECH_FF=y
 CONFIG_LOGIRUMBLEPAD2_FF=y
 CONFIG_LOGIG940_FF=y
diff --git a/main/linux-grsec/config-grsec.x86_64 b/main/linux-grsec/config-grsec.x86_64
index 7b6d4ed809..27fef539d8 100644
--- a/main/linux-grsec/config-grsec.x86_64
+++ b/main/linux-grsec/config-grsec.x86_64
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.18.11 Kernel Configuration
+# Linux/x86 3.18.17 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -4620,6 +4620,7 @@ CONFIG_HID_LCPOWER=m
 CONFIG_HID_LENOVO=m
 CONFIG_HID_LOGITECH=m
 CONFIG_HID_LOGITECH_DJ=m
+CONFIG_HID_LOGITECH_HIDPP=m
 CONFIG_LOGITECH_FF=y
 CONFIG_LOGIRUMBLEPAD2_FF=y
 CONFIG_LOGIG940_FF=y