diff options
-rw-r--r-- | main/linux-grsec/APKBUILD | 4 | ||||
-rw-r--r-- | main/linux-grsec/xfrm-fix-policy-unreferencing-on-larval-drop.patch | 14 |
2 files changed, 17 insertions, 1 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 4cbcb41e0d..a529ae86fa 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=2.6.32.12 _kernver=2.6.32 -pkgrel=3 +pkgrel=4 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -31,6 +31,7 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 0016-xfrm-remove-policy-garbage-collection.patch 0017-flow-delayed-deletion-of-flow-cache-entries.patch 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch + xfrm-fix-policy-unreferencing-on-larval-drop.patch kernelconfig.x86 " subpackages="$pkgname-dev linux-firmware:firmware" @@ -154,4 +155,5 @@ c09b82b89a49ba2a3836a0bc3a3312f4 0015-xfrm-cache-bundles-instead-of-policies-fo 41618efb65ab9ddacfb59a1cde9b4edd 0016-xfrm-remove-policy-garbage-collection.patch 3b83f0972ab715819d1119b120a987e7 0017-flow-delayed-deletion-of-flow-cache-entries.patch 45a676c7a1759fec60b724d557b4e295 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch +c7e606c11c05ff03012b21c3fe0ece47 xfrm-fix-policy-unreferencing-on-larval-drop.patch 7f442049b29ab749180e54ff8f20f1d0 kernelconfig.x86" diff --git a/main/linux-grsec/xfrm-fix-policy-unreferencing-on-larval-drop.patch b/main/linux-grsec/xfrm-fix-policy-unreferencing-on-larval-drop.patch new file mode 100644 index 0000000000..25dc0dcdc2 --- /dev/null +++ b/main/linux-grsec/xfrm-fix-policy-unreferencing-on-larval-drop.patch @@ -0,0 +1,14 @@ +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index 31f4ba4..f4ea3a0 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1805,7 +1805,7 @@ restart: + /* EREMOTE tells the caller to generate + * a one-shot blackhole route. */ + dst_release(dst); +- xfrm_pols_put(pols, num_pols); ++ xfrm_pols_put(pols, drop_pols); + XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES); + return -EREMOTE; + } + |