diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-05-23 06:45:11 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-05-23 06:56:16 +0000 |
commit | 55bed09ef364d3268dad8a067181f00a0e0c8789 (patch) | |
tree | fd3b9070888b90ea69f1e5d6b3fa2b423c33a4de /main/linux-grsec | |
parent | 8d76e45926bc425e8a05e5ba749efa9c3e4f9916 (diff) | |
download | aports-55bed09ef364d3268dad8a067181f00a0e0c8789.tar.bz2 aports-55bed09ef364d3268dad8a067181f00a0e0c8789.tar.xz |
main/linux-grsec: fix gre+xfrm+gso crashes
fixes #1925
Diffstat (limited to 'main/linux-grsec')
-rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
-rw-r--r-- | main/linux-grsec/ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch | 44 |
2 files changed, 49 insertions, 1 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index dda2694820..215678fa53 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -7,7 +7,7 @@ case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -21,6 +21,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch leds-leds-gpio-reserve-gpio-before-using-it.patch + ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch kernelconfig.x86 kernelconfig.x86_64 @@ -149,6 +150,7 @@ md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz e881cf0db639205660f237ceea58f708 grsecurity-2.9.1-3.9.3-201305201732.patch 699e92148cc9a55b6fc4d7d81e476717 v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch 83db7136608d8101ae130728539dc376 leds-leds-gpio-reserve-gpio-before-using-it.patch +ac9a50bdbe91ba6e5205e83f7e734ff5 ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch fd6fd35309c0e8c1f05cb725df958f22 kernelconfig.x86 fd61ff58d25155997c0d6f73e7ca7a7d kernelconfig.x86_64" sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz @@ -156,6 +158,7 @@ sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 li c1b4310085ff07200131dc841a0a22f84a7f166c3b25464e27dd2694584bc72c grsecurity-2.9.1-3.9.3-201305201732.patch 8e2f41605937eecd47cefe62daefd372dbf1e63cf956ab3ced3213ac2b508ee3 v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch 13676bc5610a8d03e788ac76734babd1338b023bb39559452ee54652b046e6f4 leds-leds-gpio-reserve-gpio-before-using-it.patch +ab0dcb52342990ad05af5ce21acd1e95fb65cc7e76ec98e45c7ece7433bc9f23 ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch b44c6671b344ddae1da94e6c051a0e708af8609c1f2ff40d962301ed5023c83a kernelconfig.x86 7a6700a6db89f8c2c7f8cce7d77f4ddb3fcad889d72c709c2833af795ef1bc79 kernelconfig.x86_64" sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz @@ -163,5 +166,6 @@ ae2bca3f0d274281d7ae88bb835d129a036350dfd3e9e941d7a0175194b2cbccffb5f8b5a20e5a74 d6aa751d1fac8c4d758f9479bc6b08f70d8725c6c74b63446def044f42260a8beb1f540ae4473ec57f42538513d3ccb42de41c8cc721b9b85d8cfbaef7ab85d5 grsecurity-2.9.1-3.9.3-201305201732.patch 772c847cd74b12ed22266042c0902d8a3cf09c897b6e1c01148dfcd2f01aed331f292e82c34bb718090dc0898e1ef364196272bff885a32378f7fbc8bfc06a9b v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch 10d2cf4fb308d1bc8cb5b9df3f9a6d7b9cef453244673bcbe66bd9b64af410a498e203d4dfa51f53461362ad981736eadc46537616b2c0514f57f4d8864c830d leds-leds-gpio-reserve-gpio-before-using-it.patch +769291e92f2f5ae5375d98b80bf8790b089c87437f1660cf8d5e9d45d7221280b6824bcb1d2564cbe12310a88df48443c56ecc9ce5468858829088221aa80327 ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch 2516c47145f53cfa5624a9a8839b3590fd16a980aa4c8c48af4db025960d33abe855a5c698ee701a0d3704a96a9a3f93cd6c3cc8c9b8fdf73f230c15ad2f7611 kernelconfig.x86 0a3739e5e1fe29fcce8c686d8ac223316467a2efaaa18cb3d1abf6c7a66dc86be12c26755dff1aef6d0f5a028ce4f6dfc5664ab42b484046949f401f3b9198f9 kernelconfig.x86_64" diff --git a/main/linux-grsec/ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch b/main/linux-grsec/ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch new file mode 100644 index 0000000000..7cb0dade7c --- /dev/null +++ b/main/linux-grsec/ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch @@ -0,0 +1,44 @@ +From patchwork Wed May 22 11:40:47 2013 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Subject: [ipsec] xfrm: properly handle invalid states as an error +Date: Wed, 22 May 2013 01:40:47 -0000 +From: =?utf-8?q?Timo_Ter=C3=A4s?= <timo.teras@iki.fi> +X-Patchwork-Id: 245594 +Message-Id: <1369222847-8542-1-git-send-email-timo.teras@iki.fi> +To: netdev@vger.kernel.org +Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>, + Li RongQing <roy.qing.li@gmail.com>, + Steffen Klassert <steffen.klassert@secunet.com> + +The error exit path needs err explicitly set. Otherwise it +returns success and the only caller, xfrm_output_resume(), +would oops in skb_dst(skb)->ops derefence as skb_dst(skb) is +NULL. + +Bug introduced in commit bb65a9cb (xfrm: removes a superfluous +check and add a statistic). + +Signed-off-by: Timo Teräs <timo.teras@iki.fi> +Cc: Li RongQing <roy.qing.li@gmail.com> +Cc: Steffen Klassert <steffen.klassert@secunet.com> + +--- +Should go also to 3.9-stable. + + net/xfrm/xfrm_output.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c +index bcfda89..0cf003d 100644 +--- a/net/xfrm/xfrm_output.c ++++ b/net/xfrm/xfrm_output.c +@@ -64,6 +64,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err) + + if (unlikely(x->km.state != XFRM_STATE_VALID)) { + XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEINVALID); ++ err = -EINVAL; + goto error; + } + |