aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/APKBUILD6
-rw-r--r--main/linux-grsec/CVE-2013-4348.patch35
2 files changed, 40 insertions, 1 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 10511c93c8..5e3559ab6e 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -7,7 +7,7 @@ case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
-pkgrel=1
+pkgrel=2
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -27,6 +27,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
fix-memory-map-for-PIE-applications.patch
sysctl_lxc.patch
+ CVE-2013-4348.patch
kernelconfig.x86
kernelconfig.x86_64
@@ -161,6 +162,7 @@ aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-p
1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
b3c0153d53e508e03d73b94d15b24a96 sysctl_lxc.patch
+09ae7985af988c75ff35ed503558eb8b CVE-2013-4348.patch
cb5c938dccbee36cfb8bb7ee3546b8af kernelconfig.x86
daa81b89f18254155ac33c5239abf3a4 kernelconfig.x86_64"
sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz
@@ -174,6 +176,7 @@ ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-
fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
9ba55b0f45d5aa97503e376a13be6d249a10f32e36687055b2fa1e5a39fa0584 sysctl_lxc.patch
+39acdfc0bb2298e3a9ba62ee42ac2b6556fc31d8eaa2c085f84897cdeaa1a996 CVE-2013-4348.patch
3e6c4101bfb90b6a30173ef81cd0d0bea51d6a995fc045ca67db7fed271d969d kernelconfig.x86
da67ef700372d080bffb12a86f0a16c987dc79e18fdfb1a88d2704660239e5f0 kernelconfig.x86_64"
sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz
@@ -187,5 +190,6 @@ d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d71
249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
41071e21c59997604a380575d3c4171d35a12eaae6ddcf158d95e4fd5ccc69d61753cbd38b7bd08d879cce5bfea3fed2df15e5a3dca944f6f7cbd95d5d2daa23 sysctl_lxc.patch
+6c5165692519c630cb96a254088e55d4d7412bd0f45920c0bf514dd9c68d24625da91798158fe502b6c214a7b8d44ae6b2e49b39aed6da3c1344f816f90405a3 CVE-2013-4348.patch
e81d6780a33f00d5ee03b069fc3610da2eda3ba43e515707ae67cd2d609a226b18e9ec446eeacd2afaafe6aa480bb30b9908cce41e0d90f1a3b41e7daf2034c5 kernelconfig.x86
01e38549e92a98f041cb7ee1fec04a35d55322eff718fce6cd5774b60d0db287478ca034309e3dbd06b0194a2ec4b67584ef281018c16681a0ac7ac0fdc7c3ba kernelconfig.x86_64"
diff --git a/main/linux-grsec/CVE-2013-4348.patch b/main/linux-grsec/CVE-2013-4348.patch
new file mode 100644
index 0000000000..cce1592eb8
--- /dev/null
+++ b/main/linux-grsec/CVE-2013-4348.patch
@@ -0,0 +1,35 @@
+From 6f092343855a71e03b8d209815d8c45bf3a27fcd Mon Sep 17 00:00:00 2001
+From: Jason Wang <jasowang@redhat.com>
+Date: Fri, 01 Nov 2013 07:01:10 +0000
+Subject: net: flow_dissector: fail on evil iph->ihl
+
+We don't validate iph->ihl which may lead a dead loop if we meet a IPIP
+skb whose iph->ihl is zero. Fix this by failing immediately when iph->ihl
+is evil (less than 5).
+
+This issue were introduced by commit ec5efe7946280d1e84603389a1030ccec0a767ae
+(rps: support IPIP encapsulation).
+
+Cc: Eric Dumazet <edumazet@google.com>
+Cc: Petr Matousek <pmatouse@redhat.com>
+Cc: Michael S. Tsirkin <mst@redhat.com>
+Cc: Daniel Borkmann <dborkman@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
+index 8d7d0dd..143b6fd 100644
+--- a/net/core/flow_dissector.c
++++ b/net/core/flow_dissector.c
+@@ -40,7 +40,7 @@ again:
+ struct iphdr _iph;
+ ip:
+ iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
+- if (!iph)
++ if (!iph || iph->ihl < 5)
+ return false;
+
+ if (ip_is_fragment(iph))
+--
+cgit v0.9.2