aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-grsec/APKBUILD4
-rw-r--r--main/linux-grsec/xfrm-fix-policy-unreferencing-on-larval-drop.patch14
2 files changed, 17 insertions, 1 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 4cbcb41e0d..a529ae86fa 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.32.12
_kernver=2.6.32
-pkgrel=3
+pkgrel=4
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -31,6 +31,7 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
0016-xfrm-remove-policy-garbage-collection.patch
0017-flow-delayed-deletion-of-flow-cache-entries.patch
0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
+ xfrm-fix-policy-unreferencing-on-larval-drop.patch
kernelconfig.x86
"
subpackages="$pkgname-dev linux-firmware:firmware"
@@ -154,4 +155,5 @@ c09b82b89a49ba2a3836a0bc3a3312f4 0015-xfrm-cache-bundles-instead-of-policies-fo
41618efb65ab9ddacfb59a1cde9b4edd 0016-xfrm-remove-policy-garbage-collection.patch
3b83f0972ab715819d1119b120a987e7 0017-flow-delayed-deletion-of-flow-cache-entries.patch
45a676c7a1759fec60b724d557b4e295 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
+c7e606c11c05ff03012b21c3fe0ece47 xfrm-fix-policy-unreferencing-on-larval-drop.patch
7f442049b29ab749180e54ff8f20f1d0 kernelconfig.x86"
diff --git a/main/linux-grsec/xfrm-fix-policy-unreferencing-on-larval-drop.patch b/main/linux-grsec/xfrm-fix-policy-unreferencing-on-larval-drop.patch
new file mode 100644
index 0000000000..25dc0dcdc2
--- /dev/null
+++ b/main/linux-grsec/xfrm-fix-policy-unreferencing-on-larval-drop.patch
@@ -0,0 +1,14 @@
+diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
+index 31f4ba4..f4ea3a0 100644
+--- a/net/xfrm/xfrm_policy.c
++++ b/net/xfrm/xfrm_policy.c
+@@ -1805,7 +1805,7 @@ restart:
+ /* EREMOTE tells the caller to generate
+ * a one-shot blackhole route. */
+ dst_release(dst);
+- xfrm_pols_put(pols, num_pols);
++ xfrm_pols_put(pols, drop_pols);
+ XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES);
+ return -EREMOTE;
+ }
+