diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-03-13 14:32:29 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-03-13 14:32:29 +0000 |
commit | 1bd1c9963fd4ef85364ed6e47bdf80fe47d3c184 (patch) | |
tree | a4cba53faba948522e7e767f40e26c5943c90be1 /main/linux-grsec | |
parent | 7adbaea091e2cdd57b0f3009759a7adbf452633e (diff) | |
download | aports-1bd1c9963fd4ef85364ed6e47bdf80fe47d3c184.tar.bz2 aports-1bd1c9963fd4ef85364ed6e47bdf80fe47d3c184.tar.xz |
main/linux-grsec: fix ip_gre regression and enable xfrm statistics
Diffstat (limited to 'main/linux-grsec')
4 files changed, 63 insertions, 9 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index b489b0576..342447a8c 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=3.8.2 _kernver=3.8 -pkgrel=1 +pkgrel=3 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -18,6 +18,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 0004-arp-flush-arp-cache-on-device-change.patch usb-ehci-revert-remove-ass-pss-polling-timeout.patch + Revert-ip_gre-make-ipgre_tunnel_xmit-not-parse-network-header-as-IP-unconditionally.patch kernelconfig.x86 kernelconfig.x86_64 @@ -146,19 +147,22 @@ e282fcff76e975e121e0636018e31a56 patch-3.8.2.xz 1bd92bea4325cafd07daa470810f1ea3 grsecurity-2.9.1-3.8.2-201303111845.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch eb332f6769f785a1c6b54b1f49ffd01a usb-ehci-revert-remove-ass-pss-polling-timeout.patch -3bcafb0c6230e2279930027e48162d0a kernelconfig.x86 -653949f92e603ec35e072fbdc58a414b kernelconfig.x86_64" +dc52c70012b707fa8ebbfe9222960b1f Revert-ip_gre-make-ipgre_tunnel_xmit-not-parse-network-header-as-IP-unconditionally.patch +2ae3dad7ae18b1d6aca01c433be78bf7 kernelconfig.x86 +d9ae40bc906e3ab1968ce784d879419e kernelconfig.x86_64" sha256sums="e070d1bdfbded5676a4f374721c63565f1c969466c5a3e214004a136b583184b linux-3.8.tar.xz 2bd1a39db4608a03250bfef11d3b7894ab1f0ebcb5316bafeeed23535822fd9c patch-3.8.2.xz c969b85daf641db52925344b66527d92395b50011c17b889cea36ce753e0f7a0 grsecurity-2.9.1-3.8.2-201303111845.patch e2d2d1503f53572c6a2e21da729a13a430dd01f510405ffb3a33b29208860bde 0004-arp-flush-arp-cache-on-device-change.patch 949393b84740cfe8a0d72d391ca2a89d24aa425df27c031f121fec7f7f331eed usb-ehci-revert-remove-ass-pss-polling-timeout.patch -f4f752af87b802ddfa201392906c4b7ec14a2239e994abd3fb08068824477cb4 kernelconfig.x86 -07e8251d7348414ee534d822fdf6561545309be87821032115d0161c443ad000 kernelconfig.x86_64" +82687b6a369370359bab20fcd00e7e6ca55221d9777843d6df857f7e808d9916 Revert-ip_gre-make-ipgre_tunnel_xmit-not-parse-network-header-as-IP-unconditionally.patch +07357ba122b72516fa8add2e549bc65fddb10df85a91a6f1a1f7db2f62eb4b98 kernelconfig.x86 +ce5b69db73b452985d41aab188f1f5bf73c6b1ab633c264d72ba9289fe5e91cd kernelconfig.x86_64" sha512sums="10a7983391af907d8aec72bdb096d1cabd4911985715e9ea13d35ff09095c035db15d4ab08b92eda7c10026cc27348cb9728c212335f7fcdcda7c610856ec30f linux-3.8.tar.xz 752a122646261461da9238feeacc61ab787bea9999f066b056226387ce718da57592e536eb1c6aa28b949f0a7ad1fa97cc97204fdc3e8f3939d9b0d3b9517d03 patch-3.8.2.xz faff701455d4985cc7c54e4b41cb87a44382b567c5adaa0ffa5182c0e4a629660b08715205f982d668f12697550da8ce6ea07da4636d60789e8fc1833cce084a grsecurity-2.9.1-3.8.2-201303111845.patch b6fdf376009f0f0f3fa194cb11be97343e4d394cf5d3547de6cfca8ad619c5bd3f60719331fd8cfadc47f09d22be8376ba5f871b46b24887ea73fe47e233a54e 0004-arp-flush-arp-cache-on-device-change.patch bb4576df6b5e029747975f5ed9d04c807d1bfd5e73f5418375f164a03342c15b2ca918e68bb6ff5bd0dc2fa8364e022aee18b254528210d2e24f8e06e6521609 usb-ehci-revert-remove-ass-pss-polling-timeout.patch -9a37f22bbab39e7a2a35258a5004ad52e7ec40d1cb7e0e61df3e7c278fd1e0163f196fbb0110ef34b1984c5fae409c57b870e689f955c8520c2b27aa0afe8247 kernelconfig.x86 -e77717d46bdbb4bdf7d59a8ee9a9cf62f08b50f0e0b6dc3bf78cf007fce355b19a824205d1341bbb730708f5651f0b244d90d3b771b968b16af7ba4ca7ae8d58 kernelconfig.x86_64" +86658aab1274eb7b273dc13473e3bd21d2c8cc8253002adf175dd0e0fd3b407c0ec85546f018597bbf5ad1b47b426a03c3be7b7a5d19991c46c7bd5afddf9929 Revert-ip_gre-make-ipgre_tunnel_xmit-not-parse-network-header-as-IP-unconditionally.patch +cd55284606d7d6e4e643a35638e3f4db547c9eb23e5e030d7c722df24910e57749a21af245f9eee82f08daf3b3563ed6b366759cffd42e7d8926ca14a4f60b4e kernelconfig.x86 +88cce5dc8ec880b8ff48ea6f6dc5d41957717c4057e13bbfed75c921ad7a6061591ce23cce69f4c9816f56cafa59114bb8454a3d7d552fccd8eb3ddb81fe3e2c kernelconfig.x86_64" diff --git a/main/linux-grsec/Revert-ip_gre-make-ipgre_tunnel_xmit-not-parse-network-header-as-IP-unconditionally.patch b/main/linux-grsec/Revert-ip_gre-make-ipgre_tunnel_xmit-not-parse-network-header-as-IP-unconditionally.patch new file mode 100644 index 000000000..39277d52c --- /dev/null +++ b/main/linux-grsec/Revert-ip_gre-make-ipgre_tunnel_xmit-not-parse-network-header-as-IP-unconditionally.patch @@ -0,0 +1,49 @@ +From patchwork Wed Mar 13 12:37:49 2013 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Subject: Revert "ip_gre: make ipgre_tunnel_xmit() not parse network header as + IP unconditionally" +Date: Wed, 13 Mar 2013 02:37:49 -0000 +From: =?utf-8?b?VGltbyBUZXLDpHMgPHRpbW8udGVyYXNAaWtpLmZpPg==?= +X-Patchwork-Id: 227266 +Message-Id: <1363178269-27553-1-git-send-email-timo.teras@iki.fi> +To: netdev@vger.kernel.org, Isaku Yamahata <yamahata@valinux.co.jp>, + Eric Dumazet <edumazet@google.com>, "David S. Miller" <davem@davemloft.net> +Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> + +This reverts commit 412ed94744d16806fbec3bd250fd94e71cde5a1f. + +The commit is wrong as tiph points to the outer IPv4 header which is +installed at ipgre_header() and not the inner one which is protocol dependant. + +This commit broke succesfully opennhrp which use PF_PACKET socket with +ETH_P_NHRP protocol. Additionally ssl_addr is set to the link-layer +IPv4 address. This address is written by ipgre_header() to the skb +earlier, and this is the IPv4 header tiph should point to - regardless +of the inner protocol payload. + +Signed-off-by: Timo Teräs <timo.teras@iki.fi> + +--- +net/ipv4/ip_gre.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +This commit appeared in 3.8.x. So should go to 3.8.x-stable. + +diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c +index d0ef0e6..91d66db 100644 +--- a/net/ipv4/ip_gre.c ++++ b/net/ipv4/ip_gre.c +@@ -798,10 +798,7 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev + + if (dev->header_ops && dev->type == ARPHRD_IPGRE) { + gre_hlen = 0; +- if (skb->protocol == htons(ETH_P_IP)) +- tiph = (const struct iphdr *)skb->data; +- else +- tiph = &tunnel->parms.iph; ++ tiph = (const struct iphdr *)skb->data; + } else { + gre_hlen = tunnel->hlen; + tiph = &tunnel->parms.iph; diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86 index cd2cd898e..d82a3391f 100644 --- a/main/linux-grsec/kernelconfig.x86 +++ b/main/linux-grsec/kernelconfig.x86 @@ -654,7 +654,7 @@ CONFIG_XFRM_ALGO=m CONFIG_XFRM_USER=m CONFIG_XFRM_SUB_POLICY=y CONFIG_XFRM_MIGRATE=y -# CONFIG_XFRM_STATISTICS is not set +CONFIG_XFRM_STATISTICS=y CONFIG_XFRM_IPCOMP=m CONFIG_NET_KEY=m CONFIG_NET_KEY_MIGRATE=y @@ -3774,6 +3774,7 @@ CONFIG_DVB_S5H1411=m # ISDB-T (terrestrial) frontends # CONFIG_DVB_DIB8000=m +CONFIG_DVB_MB86A20S=m # # Digital terrestrial only tuners/PLL diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index 05e9586c7..6db460780 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 @@ -628,7 +628,7 @@ CONFIG_XFRM_ALGO=m CONFIG_XFRM_USER=m CONFIG_XFRM_SUB_POLICY=y CONFIG_XFRM_MIGRATE=y -# CONFIG_XFRM_STATISTICS is not set +CONFIG_XFRM_STATISTICS=y CONFIG_XFRM_IPCOMP=m CONFIG_NET_KEY=m CONFIG_NET_KEY_MIGRATE=y |