diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-08 12:34:33 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-08 13:52:30 +0000 |
commit | 87d27c343dcd90ae7d05fe8f921686776fc685f0 (patch) | |
tree | 369a34fbf568154bfede44164176861c3bdcca08 /main | |
parent | 3af9d39c2284eba6b8ec07cc557d1477ccf04554 (diff) | |
download | aports-87d27c343dcd90ae7d05fe8f921686776fc685f0.tar.bz2 aports-87d27c343dcd90ae7d05fe8f921686776fc685f0.tar.xz |
main/linux-grsec: upgrade to 3.10.15 and fix CVE-2013-4387
Diffstat (limited to 'main')
-rw-r--r-- | main/linux-grsec/APKBUILD | 20 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.9.1-3.10.15-unofficial.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.10.14-unofficial.patch) | 32 | ||||
-rw-r--r-- | main/linux-grsec/ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch | 118 |
3 files changed, 146 insertions, 24 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index ced3d23878..30e2bb7717 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,12 +2,12 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.10.14 +pkgver=3.10.15 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=1 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -26,6 +26,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch fix-memory-map-for-PIE-applications.patch + ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch kernelconfig.x86 kernelconfig.x86_64 @@ -150,8 +151,8 @@ dev() { } md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz -3c2ce4933f210fef16664dfa16028de1 patch-3.10.14.xz -8a8f3b99d0072aa72681711dab25848b grsecurity-2.9.1-3.10.14-unofficial.patch +70cc9bd12b04382c3783da96edda4562 patch-3.10.15.xz +84a82b973a08abc43cbf74a8935c59ae grsecurity-2.9.1-3.10.15-unofficial.patch a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch @@ -159,11 +160,12 @@ aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-p 6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch +bbb9f3edd60fd5c53ac98f4eab83641c ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch 866e6c4daed45d563829804f8ad50ed9 kernelconfig.x86 272aaddd0a19a5052208bc25551995a3 kernelconfig.x86_64" sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz -fd5fac477f69b5e3c6506fa04f81157aa753538dca017ef23b26ca36e65df38e patch-3.10.14.xz -4e61ce7226f2424999e26ccdbdb806f60c6941b63f5be82fc586fa5b8a863107 grsecurity-2.9.1-3.10.14-unofficial.patch +bb0108609a95ddfe5030938e45ad123445af4e29510a0b1bd8cede89de8c013b patch-3.10.15.xz +02736977e0abd475ba3c463b381186d306fd2f6c264968c47c685f0fce08c820 grsecurity-2.9.1-3.10.15-unofficial.patch 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch @@ -171,11 +173,12 @@ dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch +4e2ac6cf0b5f6ef4c2f468aedb3f4b7a2737ef3abef4cf712492ba5daec4b30d ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch 7fd28634998ef1fddafed5f2516e902924245d2464b9e86476bfaa55ccfc3bc3 kernelconfig.x86 f2843ae4f9b3e3c27f3138ce4b740c2803bdab0c7a910c662d951843803b9554 kernelconfig.x86_64" sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz -8bd9af04acec2998d5a6d99e63a84c35802e4affeead51d15cf024020bc326507fee7c59179157b5bd42f5e0633c39ea8f123f02c0262aa50042fea57ed7390d patch-3.10.14.xz -7d17742f5dcce1975dfa9d24fa9e665e9e48dcb3acc962a7699923bdb92477f1b2e352b0e946de664e76ab72798cad77e1d2eafc2e6dc167e3dee2bf91d866e5 grsecurity-2.9.1-3.10.14-unofficial.patch +41f612dc912df68a69bb44343748be5c7b3c1525654890a1d896f466ef6aa22d35343f59a2c4319cde1858a6407f9366817c762670dd711d9ff2890291fa60cc patch-3.10.15.xz +7838f4f43c1259d587979255a403b17be26d687aac91d43084417057267fd12643e99beccfbe21f22ed3d423080d9cdd7086598c8cc7e922ddae1024ce1f8005 grsecurity-2.9.1-3.10.15-unofficial.patch 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch @@ -183,5 +186,6 @@ d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d71 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch +39fc019ac5ea5ada03c29846f22ddab0735e288bb3ad8d2109628e5d77d24bd09e6972eea6ee912768391399efe069e77c0e53b8a22329328bcc51f09f963f05 ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch 1721542ff111c8ec550323dae6f6174131db180668cbf14f01dc4c76ffbbb479715919a80c35d8c8ac22a6479dd3b42700be6ddc5ef2a8b6a62de811c7ae86df kernelconfig.x86 d49bf57bd0aae17d762d87d5bf983e48219d71ca44bc0c3120db94d357192c07146a8938cef9d435218e4bb748691ec426387545837be637d47e45cdc4482d71 kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.9.1-3.10.14-unofficial.patch b/main/linux-grsec/grsecurity-2.9.1-3.10.15-unofficial.patch index 386c1a5258..bd0f3808e8 100644 --- a/main/linux-grsec/grsecurity-2.9.1-3.10.14-unofficial.patch +++ b/main/linux-grsec/grsecurity-2.9.1-3.10.15-unofficial.patch @@ -281,7 +281,7 @@ index 2fe6e76..889ee23 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 129c49f..643835b 100644 +index 9a77179..052a254 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -25220,7 +25220,7 @@ index 2cb9470..ff1fd80 100644 return ret; diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index 76fa1e9..abf09ea 100644 +index 90fd119..61aa5d2 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -36,7 +36,7 @@ void (*pm_power_off)(void); @@ -25275,7 +25275,7 @@ index 76fa1e9..abf09ea 100644 "rm" (real_mode_header->machine_real_restart_asm), "a" (type)); #else -@@ -531,7 +558,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) +@@ -547,7 +574,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) * try to force a triple fault and then cycle between hitting the keyboard * controller and doing that */ @@ -25284,7 +25284,7 @@ index 76fa1e9..abf09ea 100644 { int i; int attempt = 0; -@@ -654,13 +681,13 @@ void native_machine_shutdown(void) +@@ -670,13 +697,13 @@ void native_machine_shutdown(void) #endif } @@ -25300,7 +25300,7 @@ index 76fa1e9..abf09ea 100644 { pr_notice("machine restart\n"); -@@ -669,7 +696,7 @@ static void native_machine_restart(char *__unused) +@@ -685,7 +712,7 @@ static void native_machine_restart(char *__unused) __machine_emergency_restart(0); } @@ -25309,7 +25309,7 @@ index 76fa1e9..abf09ea 100644 { /* Stop other cpus and apics */ machine_shutdown(); -@@ -679,7 +706,7 @@ static void native_machine_halt(void) +@@ -695,7 +722,7 @@ static void native_machine_halt(void) stop_this_cpu(NULL); } @@ -25318,7 +25318,7 @@ index 76fa1e9..abf09ea 100644 { if (pm_power_off) { if (!reboot_force) -@@ -688,9 +715,10 @@ static void native_machine_power_off(void) +@@ -704,9 +731,10 @@ static void native_machine_power_off(void) } /* A fallback in case there is no PM info available */ tboot_shutdown(TB_SHUTDOWN_HALT); @@ -39029,10 +39029,10 @@ index c8d16a6..ca71b5e 100644 iir = I915_READ(IIR); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index eea5982..eeef407 100644 +index 2667d6d..410dc80 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -8935,13 +8935,13 @@ struct intel_quirk { +@@ -8939,13 +8939,13 @@ struct intel_quirk { int subsystem_vendor; int subsystem_device; void (*hook)(struct drm_device *dev); @@ -39048,7 +39048,7 @@ index eea5982..eeef407 100644 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) { -@@ -8949,18 +8949,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) +@@ -8953,18 +8953,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) return 1; } @@ -39440,7 +39440,7 @@ index 5a82b6b..9e69c73 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index b0dc0b6..a9bfe9c 100644 +index 8df1525..62e95ef 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c @@ -1014,7 +1014,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) @@ -40213,10 +40213,10 @@ index 6351aba..dc4aaf4 100644 int res = 0; diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c -index 62c2e32..8f2859a 100644 +index 98814d1..9435d05 100644 --- a/drivers/hwmon/applesmc.c +++ b/drivers/hwmon/applesmc.c -@@ -1084,7 +1084,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num) +@@ -1093,7 +1093,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num) { struct applesmc_node_group *grp; struct applesmc_dev_attr *node; @@ -42066,7 +42066,7 @@ index 60bce43..9b997d0 100644 pmd->bl_info.value_type.inc = data_block_inc; pmd->bl_info.value_type.dec = data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 33f2010..23fb84c 100644 +index 1c13071..4bb0452 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -169,9 +169,9 @@ struct mapped_device { @@ -42101,7 +42101,7 @@ index 33f2010..23fb84c 100644 wake_up(&md->eventq); } -@@ -2690,18 +2690,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +@@ -2701,18 +2701,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, uint32_t dm_next_uevent_seq(struct mapped_device *md) { @@ -53794,7 +53794,7 @@ index d50bbe5..af3b649 100644 goto err; } diff --git a/fs/bio.c b/fs/bio.c -index c5eae72..599e3cf 100644 +index 5e7507d..418c639 100644 --- a/fs/bio.c +++ b/fs/bio.c @@ -1106,7 +1106,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, diff --git a/main/linux-grsec/ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch b/main/linux-grsec/ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch new file mode 100644 index 0000000000..a98faca44e --- /dev/null +++ b/main/linux-grsec/ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch @@ -0,0 +1,118 @@ +From 2811ebac2521ceac84f2bdae402455baa6a7fb47 Mon Sep 17 00:00:00 2001 +From: Hannes Frederic Sowa <hannes@stressinduktion.org> +Date: Sat, 21 Sep 2013 04:27:00 +0000 +Subject: ipv6: udp packets following an UFO enqueued packet need also be handled by UFO + +In the following scenario the socket is corked: +If the first UDP packet is larger then the mtu we try to append it to the +write queue via ip6_ufo_append_data. A following packet, which is smaller +than the mtu would be appended to the already queued up gso-skb via +plain ip6_append_data. This causes random memory corruptions. + +In ip6_ufo_append_data we also have to be careful to not queue up the +same skb multiple times. So setup the gso frame only when no first skb +is available. + +This also fixes a shortcoming where we add the current packet's length to +cork->length but return early because of a packet > mtu with dontfrag set +(instead of sutracting it again). + +Found with trinity. + +Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> +Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> +Reported-by: Dmitry Vyukov <dvyukov@google.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c +index 3a692d5..a54c45c 100644 +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -1015,6 +1015,8 @@ static inline int ip6_ufo_append_data(struct sock *sk, + * udp datagram + */ + if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { ++ struct frag_hdr fhdr; ++ + skb = sock_alloc_send_skb(sk, + hh_len + fragheaderlen + transhdrlen + 20, + (flags & MSG_DONTWAIT), &err); +@@ -1036,12 +1038,6 @@ static inline int ip6_ufo_append_data(struct sock *sk, + skb->protocol = htons(ETH_P_IPV6); + skb->ip_summed = CHECKSUM_PARTIAL; + skb->csum = 0; +- } +- +- err = skb_append_datato_frags(sk,skb, getfrag, from, +- (length - transhdrlen)); +- if (!err) { +- struct frag_hdr fhdr; + + /* Specify the length of each IPv6 datagram fragment. + * It has to be a multiple of 8. +@@ -1052,15 +1048,10 @@ static inline int ip6_ufo_append_data(struct sock *sk, + ipv6_select_ident(&fhdr, rt); + skb_shinfo(skb)->ip6_frag_id = fhdr.identification; + __skb_queue_tail(&sk->sk_write_queue, skb); +- +- return 0; + } +- /* There is not enough support do UPD LSO, +- * so follow normal path +- */ +- kfree_skb(skb); + +- return err; ++ return skb_append_datato_frags(sk, skb, getfrag, from, ++ (length - transhdrlen)); + } + + static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src, +@@ -1227,27 +1218,27 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, + * --yoshfuji + */ + +- cork->length += length; +- if (length > mtu) { +- int proto = sk->sk_protocol; +- if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){ +- ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); +- return -EMSGSIZE; +- } +- +- if (proto == IPPROTO_UDP && +- (rt->dst.dev->features & NETIF_F_UFO)) { ++ if ((length > mtu) && dontfrag && (sk->sk_protocol == IPPROTO_UDP || ++ sk->sk_protocol == IPPROTO_RAW)) { ++ ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); ++ return -EMSGSIZE; ++ } + +- err = ip6_ufo_append_data(sk, getfrag, from, length, +- hh_len, fragheaderlen, +- transhdrlen, mtu, flags, rt); +- if (err) +- goto error; +- return 0; +- } ++ skb = skb_peek_tail(&sk->sk_write_queue); ++ cork->length += length; ++ if (((length > mtu) || ++ (skb && skb_is_gso(skb))) && ++ (sk->sk_protocol == IPPROTO_UDP) && ++ (rt->dst.dev->features & NETIF_F_UFO)) { ++ err = ip6_ufo_append_data(sk, getfrag, from, length, ++ hh_len, fragheaderlen, ++ transhdrlen, mtu, flags, rt); ++ if (err) ++ goto error; ++ return 0; + } + +- if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) ++ if (!skb) + goto alloc_new_skb; + + while (length > 0) { +-- +cgit v0.9.2 |