diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2013-01-17 10:43:40 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-01-17 11:59:38 +0000 |
| commit | 3e8415b972139e5e2487f97a037766b7f60685ca (patch) | |
| tree | ef7af26239eee6b079ab11fadb2b6e17cf882e58 /main/linux-grsec | |
| parent | 50c82405a0505427879d8069d77532d2c05a1c76 (diff) | |
| download | aports-3e8415b972139e5e2487f97a037766b7f60685ca.tar.bz2 aports-3e8415b972139e5e2487f97a037766b7f60685ca.tar.xz | |
main/linux-grsec: backport XFRM PMTU and iptables CLAMPMSS regression fix
ref #1570
Diffstat (limited to 'main/linux-grsec')
| -rw-r--r-- | main/linux-grsec/APKBUILD | 4 | ||||
| -rw-r--r-- | main/linux-grsec/ipv4-remove-output-route-check-in-ipv4_mtu.patch | 38 |
2 files changed, 41 insertions, 1 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index b860ce45f..90eeb7df9 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=3.6.11 _kernver=3.6 -pkgrel=3 +pkgrel=4 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -19,6 +19,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 0004-arp-flush-arp-cache-on-device-change.patch r8169-num-rx-desc.patch xsa40.patch + ipv4-remove-output-route-check-in-ipv4_mtu.patch kernelconfig.x86 kernelconfig.x86_64 @@ -146,5 +147,6 @@ dce5c43ac3b5d8e35e245b35e90e1837 grsecurity-2.9.1-3.6.11-unofficial-1.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch daf2cbb558588c49c138fe9ca2482b64 r8169-num-rx-desc.patch d9de28f8a74fe0347866705b4bd6db85 xsa40.patch +d9b4a528e722d10ba53034ebd440c31b ipv4-remove-output-route-check-in-ipv4_mtu.patch 373db5888708938c6b1baed6da781fcb kernelconfig.x86 190788fb10e79abce9d570d5e87ec3b4 kernelconfig.x86_64" diff --git a/main/linux-grsec/ipv4-remove-output-route-check-in-ipv4_mtu.patch b/main/linux-grsec/ipv4-remove-output-route-check-in-ipv4_mtu.patch new file mode 100644 index 000000000..241f9b352 --- /dev/null +++ b/main/linux-grsec/ipv4-remove-output-route-check-in-ipv4_mtu.patch @@ -0,0 +1,38 @@ +From 38d523e2948162776903349c89d65f7b9370dadb Mon Sep 17 00:00:00 2001 +From: Steffen Klassert <steffen.klassert@secunet.com> +Date: Wed, 16 Jan 2013 20:55:01 +0000 +Subject: [PATCH] ipv4: Remove output route check in ipv4_mtu +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +The output route check was introduced with git commit 261663b0 +(ipv4: Don't use the cached pmtu informations for input routes) +during times when we cached the pmtu informations on the +inetpeer. Now the pmtu informations are back in the routes, +so this check is obsolete. It also had some unwanted side effects, +as reported by Timo Teras and Lukas Tribus. + +Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> +Acked-by: Timo Teräs <timo.teras@iki.fi> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/ipv4/route.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/net/ipv4/route.c b/net/ipv4/route.c +index 844a9ef..6e4a89c 100644 +--- a/net/ipv4/route.c ++++ b/net/ipv4/route.c +@@ -1120,7 +1120,7 @@ static unsigned int ipv4_mtu(const struct dst_entry *dst) + if (!mtu || time_after_eq(jiffies, rt->dst.expires)) + mtu = dst_metric_raw(dst, RTAX_MTU); + +- if (mtu && rt_is_output_route(rt)) ++ if (mtu) + return mtu; + + mtu = dst->dev->mtu; +-- +1.7.6.5 + |