diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-08 12:34:33 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-23 12:46:58 +0000 |
commit | 7766fa282ba06cf58345a603599f4860f18b3a4c (patch) | |
tree | 17910bd5ad60a130a920014a399f012d2d7efd94 | |
parent | f1a8748d47bb439b75474fda4775cb2678c62115 (diff) | |
download | alpine_aports-7766fa282ba06cf58345a603599f4860f18b3a4c.tar.bz2 alpine_aports-7766fa282ba06cf58345a603599f4860f18b3a4c.tar.xz alpine_aports-7766fa282ba06cf58345a603599f4860f18b3a4c.zip |
main/linux-grsec: upgrade to 3.10.15 and fix CVE-2013-4387
(cherry picked from commit 87d27c343dcd90ae7d05fe8f921686776fc685f0)
-rw-r--r-- | main/linux-grsec/APKBUILD | 20 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.9.1-3.10.15-unofficial.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.10.14-unofficial.patch) | 32 | ||||
-rw-r--r-- | main/linux-grsec/ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch | 118 |
3 files changed, 146 insertions, 24 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 263348831a..3ec21a29fb 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD | |||
@@ -2,12 +2,12 @@ | |||
2 | 2 | ||
3 | _flavor=grsec | 3 | _flavor=grsec |
4 | pkgname=linux-${_flavor} | 4 | pkgname=linux-${_flavor} |
5 | pkgver=3.10.14 | 5 | pkgver=3.10.15 |
6 | case $pkgver in | 6 | case $pkgver in |
7 | *.*.*) _kernver=${pkgver%.*};; | 7 | *.*.*) _kernver=${pkgver%.*};; |
8 | *.*) _kernver=${pkgver};; | 8 | *.*) _kernver=${pkgver};; |
9 | esac | 9 | esac |
10 | pkgrel=1 | 10 | pkgrel=0 |
11 | pkgdesc="Linux kernel with grsecurity" | 11 | pkgdesc="Linux kernel with grsecurity" |
12 | url=http://grsecurity.net | 12 | url=http://grsecurity.net |
13 | depends="mkinitfs linux-firmware" | 13 | depends="mkinitfs linux-firmware" |
@@ -26,6 +26,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz | |||
26 | 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch | 26 | 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch |
27 | 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch | 27 | 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch |
28 | fix-memory-map-for-PIE-applications.patch | 28 | fix-memory-map-for-PIE-applications.patch |
29 | ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch | ||
29 | 30 | ||
30 | kernelconfig.x86 | 31 | kernelconfig.x86 |
31 | kernelconfig.x86_64 | 32 | kernelconfig.x86_64 |
@@ -150,8 +151,8 @@ dev() { | |||
150 | } | 151 | } |
151 | 152 | ||
152 | md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz | 153 | md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz |
153 | 3c2ce4933f210fef16664dfa16028de1 patch-3.10.14.xz | 154 | 70cc9bd12b04382c3783da96edda4562 patch-3.10.15.xz |
154 | 8a8f3b99d0072aa72681711dab25848b grsecurity-2.9.1-3.10.14-unofficial.patch | 155 | 84a82b973a08abc43cbf74a8935c59ae grsecurity-2.9.1-3.10.15-unofficial.patch |
155 | a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch | 156 | a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch |
156 | 656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch | 157 | 656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch |
157 | aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch | 158 | aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch |
@@ -159,11 +160,12 @@ aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-p | |||
159 | 6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch | 160 | 6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch |
160 | 1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch | 161 | 1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch |
161 | c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch | 162 | c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch |
163 | bbb9f3edd60fd5c53ac98f4eab83641c ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch | ||
162 | 866e6c4daed45d563829804f8ad50ed9 kernelconfig.x86 | 164 | 866e6c4daed45d563829804f8ad50ed9 kernelconfig.x86 |
163 | 272aaddd0a19a5052208bc25551995a3 kernelconfig.x86_64" | 165 | 272aaddd0a19a5052208bc25551995a3 kernelconfig.x86_64" |
164 | sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz | 166 | sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz |
165 | fd5fac477f69b5e3c6506fa04f81157aa753538dca017ef23b26ca36e65df38e patch-3.10.14.xz | 167 | bb0108609a95ddfe5030938e45ad123445af4e29510a0b1bd8cede89de8c013b patch-3.10.15.xz |
166 | 4e61ce7226f2424999e26ccdbdb806f60c6941b63f5be82fc586fa5b8a863107 grsecurity-2.9.1-3.10.14-unofficial.patch | 168 | 02736977e0abd475ba3c463b381186d306fd2f6c264968c47c685f0fce08c820 grsecurity-2.9.1-3.10.15-unofficial.patch |
167 | 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch | 169 | 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch |
168 | dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch | 170 | dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch |
169 | 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch | 171 | 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch |
@@ -171,11 +173,12 @@ dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush | |||
171 | ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch | 173 | ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch |
172 | fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch | 174 | fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch |
173 | 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch | 175 | 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch |
176 | 4e2ac6cf0b5f6ef4c2f468aedb3f4b7a2737ef3abef4cf712492ba5daec4b30d ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch | ||
174 | 7fd28634998ef1fddafed5f2516e902924245d2464b9e86476bfaa55ccfc3bc3 kernelconfig.x86 | 177 | 7fd28634998ef1fddafed5f2516e902924245d2464b9e86476bfaa55ccfc3bc3 kernelconfig.x86 |
175 | f2843ae4f9b3e3c27f3138ce4b740c2803bdab0c7a910c662d951843803b9554 kernelconfig.x86_64" | 178 | f2843ae4f9b3e3c27f3138ce4b740c2803bdab0c7a910c662d951843803b9554 kernelconfig.x86_64" |
176 | sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz | 179 | sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz |
177 | 8bd9af04acec2998d5a6d99e63a84c35802e4affeead51d15cf024020bc326507fee7c59179157b5bd42f5e0633c39ea8f123f02c0262aa50042fea57ed7390d patch-3.10.14.xz | 180 | 41f612dc912df68a69bb44343748be5c7b3c1525654890a1d896f466ef6aa22d35343f59a2c4319cde1858a6407f9366817c762670dd711d9ff2890291fa60cc patch-3.10.15.xz |
178 | 7d17742f5dcce1975dfa9d24fa9e665e9e48dcb3acc962a7699923bdb92477f1b2e352b0e946de664e76ab72798cad77e1d2eafc2e6dc167e3dee2bf91d866e5 grsecurity-2.9.1-3.10.14-unofficial.patch | 181 | 7838f4f43c1259d587979255a403b17be26d687aac91d43084417057267fd12643e99beccfbe21f22ed3d423080d9cdd7086598c8cc7e922ddae1024ce1f8005 grsecurity-2.9.1-3.10.15-unofficial.patch |
179 | 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch | 182 | 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch |
180 | 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch | 183 | 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch |
181 | 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch | 184 | 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch |
@@ -183,5 +186,6 @@ d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d71 | |||
183 | 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch | 186 | 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch |
184 | 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch | 187 | 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch |
185 | 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch | 188 | 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch |
189 | 39fc019ac5ea5ada03c29846f22ddab0735e288bb3ad8d2109628e5d77d24bd09e6972eea6ee912768391399efe069e77c0e53b8a22329328bcc51f09f963f05 ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch | ||
186 | 1721542ff111c8ec550323dae6f6174131db180668cbf14f01dc4c76ffbbb479715919a80c35d8c8ac22a6479dd3b42700be6ddc5ef2a8b6a62de811c7ae86df kernelconfig.x86 | 190 | 1721542ff111c8ec550323dae6f6174131db180668cbf14f01dc4c76ffbbb479715919a80c35d8c8ac22a6479dd3b42700be6ddc5ef2a8b6a62de811c7ae86df kernelconfig.x86 |
187 | d49bf57bd0aae17d762d87d5bf983e48219d71ca44bc0c3120db94d357192c07146a8938cef9d435218e4bb748691ec426387545837be637d47e45cdc4482d71 kernelconfig.x86_64" | 191 | d49bf57bd0aae17d762d87d5bf983e48219d71ca44bc0c3120db94d357192c07146a8938cef9d435218e4bb748691ec426387545837be637d47e45cdc4482d71 kernelconfig.x86_64" |
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.10.14-unofficial.patch b/main/linux-grsec/grsecurity-2.9.1-3.10.15-unofficial.patch index 386c1a5258..bd0f3808e8 100644 --- a/main/linux-grsec/grsecurity-2.9.1-3.10.14-unofficial.patch +++ b/main/linux-grsec/grsecurity-2.9.1-3.10.15-unofficial.patch | |||
@@ -281,7 +281,7 @@ index 2fe6e76..889ee23 100644 | |||
281 | 281 | ||
282 | pcd. [PARIDE] | 282 | pcd. [PARIDE] |
283 | diff --git a/Makefile b/Makefile | 283 | diff --git a/Makefile b/Makefile |
284 | index 129c49f..643835b 100644 | 284 | index 9a77179..052a254 100644 |
285 | --- a/Makefile | 285 | --- a/Makefile |
286 | +++ b/Makefile | 286 | +++ b/Makefile |
287 | @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ | 287 | @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
@@ -25220,7 +25220,7 @@ index 2cb9470..ff1fd80 100644 | |||
25220 | 25220 | ||
25221 | return ret; | 25221 | return ret; |
25222 | diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c | 25222 | diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c |
25223 | index 76fa1e9..abf09ea 100644 | 25223 | index 90fd119..61aa5d2 100644 |
25224 | --- a/arch/x86/kernel/reboot.c | 25224 | --- a/arch/x86/kernel/reboot.c |
25225 | +++ b/arch/x86/kernel/reboot.c | 25225 | +++ b/arch/x86/kernel/reboot.c |
25226 | @@ -36,7 +36,7 @@ void (*pm_power_off)(void); | 25226 | @@ -36,7 +36,7 @@ void (*pm_power_off)(void); |
@@ -25275,7 +25275,7 @@ index 76fa1e9..abf09ea 100644 | |||
25275 | "rm" (real_mode_header->machine_real_restart_asm), | 25275 | "rm" (real_mode_header->machine_real_restart_asm), |
25276 | "a" (type)); | 25276 | "a" (type)); |
25277 | #else | 25277 | #else |
25278 | @@ -531,7 +558,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) | 25278 | @@ -547,7 +574,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) |
25279 | * try to force a triple fault and then cycle between hitting the keyboard | 25279 | * try to force a triple fault and then cycle between hitting the keyboard |
25280 | * controller and doing that | 25280 | * controller and doing that |
25281 | */ | 25281 | */ |
@@ -25284,7 +25284,7 @@ index 76fa1e9..abf09ea 100644 | |||
25284 | { | 25284 | { |
25285 | int i; | 25285 | int i; |
25286 | int attempt = 0; | 25286 | int attempt = 0; |
25287 | @@ -654,13 +681,13 @@ void native_machine_shutdown(void) | 25287 | @@ -670,13 +697,13 @@ void native_machine_shutdown(void) |
25288 | #endif | 25288 | #endif |
25289 | } | 25289 | } |
25290 | 25290 | ||
@@ -25300,7 +25300,7 @@ index 76fa1e9..abf09ea 100644 | |||
25300 | { | 25300 | { |
25301 | pr_notice("machine restart\n"); | 25301 | pr_notice("machine restart\n"); |
25302 | 25302 | ||
25303 | @@ -669,7 +696,7 @@ static void native_machine_restart(char *__unused) | 25303 | @@ -685,7 +712,7 @@ static void native_machine_restart(char *__unused) |
25304 | __machine_emergency_restart(0); | 25304 | __machine_emergency_restart(0); |
25305 | } | 25305 | } |
25306 | 25306 | ||
@@ -25309,7 +25309,7 @@ index 76fa1e9..abf09ea 100644 | |||
25309 | { | 25309 | { |
25310 | /* Stop other cpus and apics */ | 25310 | /* Stop other cpus and apics */ |
25311 | machine_shutdown(); | 25311 | machine_shutdown(); |
25312 | @@ -679,7 +706,7 @@ static void native_machine_halt(void) | 25312 | @@ -695,7 +722,7 @@ static void native_machine_halt(void) |
25313 | stop_this_cpu(NULL); | 25313 | stop_this_cpu(NULL); |
25314 | } | 25314 | } |
25315 | 25315 | ||
@@ -25318,7 +25318,7 @@ index 76fa1e9..abf09ea 100644 | |||
25318 | { | 25318 | { |
25319 | if (pm_power_off) { | 25319 | if (pm_power_off) { |
25320 | if (!reboot_force) | 25320 | if (!reboot_force) |
25321 | @@ -688,9 +715,10 @@ static void native_machine_power_off(void) | 25321 | @@ -704,9 +731,10 @@ static void native_machine_power_off(void) |
25322 | } | 25322 | } |
25323 | /* A fallback in case there is no PM info available */ | 25323 | /* A fallback in case there is no PM info available */ |
25324 | tboot_shutdown(TB_SHUTDOWN_HALT); | 25324 | tboot_shutdown(TB_SHUTDOWN_HALT); |
@@ -39029,10 +39029,10 @@ index c8d16a6..ca71b5e 100644 | |||
39029 | iir = I915_READ(IIR); | 39029 | iir = I915_READ(IIR); |
39030 | 39030 | ||
39031 | diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c | 39031 | diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c |
39032 | index eea5982..eeef407 100644 | 39032 | index 2667d6d..410dc80 100644 |
39033 | --- a/drivers/gpu/drm/i915/intel_display.c | 39033 | --- a/drivers/gpu/drm/i915/intel_display.c |
39034 | +++ b/drivers/gpu/drm/i915/intel_display.c | 39034 | +++ b/drivers/gpu/drm/i915/intel_display.c |
39035 | @@ -8935,13 +8935,13 @@ struct intel_quirk { | 39035 | @@ -8939,13 +8939,13 @@ struct intel_quirk { |
39036 | int subsystem_vendor; | 39036 | int subsystem_vendor; |
39037 | int subsystem_device; | 39037 | int subsystem_device; |
39038 | void (*hook)(struct drm_device *dev); | 39038 | void (*hook)(struct drm_device *dev); |
@@ -39048,7 +39048,7 @@ index eea5982..eeef407 100644 | |||
39048 | 39048 | ||
39049 | static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) | 39049 | static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) |
39050 | { | 39050 | { |
39051 | @@ -8949,18 +8949,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) | 39051 | @@ -8953,18 +8953,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) |
39052 | return 1; | 39052 | return 1; |
39053 | } | 39053 | } |
39054 | 39054 | ||
@@ -39440,7 +39440,7 @@ index 5a82b6b..9e69c73 100644 | |||
39440 | if (regcomp | 39440 | if (regcomp |
39441 | (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { | 39441 | (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { |
39442 | diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c | 39442 | diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c |
39443 | index b0dc0b6..a9bfe9c 100644 | 39443 | index 8df1525..62e95ef 100644 |
39444 | --- a/drivers/gpu/drm/radeon/radeon_device.c | 39444 | --- a/drivers/gpu/drm/radeon/radeon_device.c |
39445 | +++ b/drivers/gpu/drm/radeon/radeon_device.c | 39445 | +++ b/drivers/gpu/drm/radeon/radeon_device.c |
39446 | @@ -1014,7 +1014,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) | 39446 | @@ -1014,7 +1014,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) |
@@ -40213,10 +40213,10 @@ index 6351aba..dc4aaf4 100644 | |||
40213 | int res = 0; | 40213 | int res = 0; |
40214 | 40214 | ||
40215 | diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c | 40215 | diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c |
40216 | index 62c2e32..8f2859a 100644 | 40216 | index 98814d1..9435d05 100644 |
40217 | --- a/drivers/hwmon/applesmc.c | 40217 | --- a/drivers/hwmon/applesmc.c |
40218 | +++ b/drivers/hwmon/applesmc.c | 40218 | +++ b/drivers/hwmon/applesmc.c |
40219 | @@ -1084,7 +1084,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num) | 40219 | @@ -1093,7 +1093,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num) |
40220 | { | 40220 | { |
40221 | struct applesmc_node_group *grp; | 40221 | struct applesmc_node_group *grp; |
40222 | struct applesmc_dev_attr *node; | 40222 | struct applesmc_dev_attr *node; |
@@ -42066,7 +42066,7 @@ index 60bce43..9b997d0 100644 | |||
42066 | pmd->bl_info.value_type.inc = data_block_inc; | 42066 | pmd->bl_info.value_type.inc = data_block_inc; |
42067 | pmd->bl_info.value_type.dec = data_block_dec; | 42067 | pmd->bl_info.value_type.dec = data_block_dec; |
42068 | diff --git a/drivers/md/dm.c b/drivers/md/dm.c | 42068 | diff --git a/drivers/md/dm.c b/drivers/md/dm.c |
42069 | index 33f2010..23fb84c 100644 | 42069 | index 1c13071..4bb0452 100644 |
42070 | --- a/drivers/md/dm.c | 42070 | --- a/drivers/md/dm.c |
42071 | +++ b/drivers/md/dm.c | 42071 | +++ b/drivers/md/dm.c |
42072 | @@ -169,9 +169,9 @@ struct mapped_device { | 42072 | @@ -169,9 +169,9 @@ struct mapped_device { |
@@ -42101,7 +42101,7 @@ index 33f2010..23fb84c 100644 | |||
42101 | wake_up(&md->eventq); | 42101 | wake_up(&md->eventq); |
42102 | } | 42102 | } |
42103 | 42103 | ||
42104 | @@ -2690,18 +2690,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, | 42104 | @@ -2701,18 +2701,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, |
42105 | 42105 | ||
42106 | uint32_t dm_next_uevent_seq(struct mapped_device *md) | 42106 | uint32_t dm_next_uevent_seq(struct mapped_device *md) |
42107 | { | 42107 | { |
@@ -53794,7 +53794,7 @@ index d50bbe5..af3b649 100644 | |||
53794 | goto err; | 53794 | goto err; |
53795 | } | 53795 | } |
53796 | diff --git a/fs/bio.c b/fs/bio.c | 53796 | diff --git a/fs/bio.c b/fs/bio.c |
53797 | index c5eae72..599e3cf 100644 | 53797 | index 5e7507d..418c639 100644 |
53798 | --- a/fs/bio.c | 53798 | --- a/fs/bio.c |
53799 | +++ b/fs/bio.c | 53799 | +++ b/fs/bio.c |
53800 | @@ -1106,7 +1106,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, | 53800 | @@ -1106,7 +1106,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, |
diff --git a/main/linux-grsec/ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch b/main/linux-grsec/ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch new file mode 100644 index 0000000000..a98faca44e --- /dev/null +++ b/main/linux-grsec/ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch | |||
@@ -0,0 +1,118 @@ | |||
1 | From 2811ebac2521ceac84f2bdae402455baa6a7fb47 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hannes Frederic Sowa <hannes@stressinduktion.org> | ||
3 | Date: Sat, 21 Sep 2013 04:27:00 +0000 | ||
4 | Subject: ipv6: udp packets following an UFO enqueued packet need also be handled by UFO | ||
5 | |||
6 | In the following scenario the socket is corked: | ||
7 | If the first UDP packet is larger then the mtu we try to append it to the | ||
8 | write queue via ip6_ufo_append_data. A following packet, which is smaller | ||
9 | than the mtu would be appended to the already queued up gso-skb via | ||
10 | plain ip6_append_data. This causes random memory corruptions. | ||
11 | |||
12 | In ip6_ufo_append_data we also have to be careful to not queue up the | ||
13 | same skb multiple times. So setup the gso frame only when no first skb | ||
14 | is available. | ||
15 | |||
16 | This also fixes a shortcoming where we add the current packet's length to | ||
17 | cork->length but return early because of a packet > mtu with dontfrag set | ||
18 | (instead of sutracting it again). | ||
19 | |||
20 | Found with trinity. | ||
21 | |||
22 | Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | ||
23 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | ||
24 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | ||
25 | Signed-off-by: David S. Miller <davem@davemloft.net> | ||
26 | --- | ||
27 | diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c | ||
28 | index 3a692d5..a54c45c 100644 | ||
29 | --- a/net/ipv6/ip6_output.c | ||
30 | +++ b/net/ipv6/ip6_output.c | ||
31 | @@ -1015,6 +1015,8 @@ static inline int ip6_ufo_append_data(struct sock *sk, | ||
32 | * udp datagram | ||
33 | */ | ||
34 | if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { | ||
35 | + struct frag_hdr fhdr; | ||
36 | + | ||
37 | skb = sock_alloc_send_skb(sk, | ||
38 | hh_len + fragheaderlen + transhdrlen + 20, | ||
39 | (flags & MSG_DONTWAIT), &err); | ||
40 | @@ -1036,12 +1038,6 @@ static inline int ip6_ufo_append_data(struct sock *sk, | ||
41 | skb->protocol = htons(ETH_P_IPV6); | ||
42 | skb->ip_summed = CHECKSUM_PARTIAL; | ||
43 | skb->csum = 0; | ||
44 | - } | ||
45 | - | ||
46 | - err = skb_append_datato_frags(sk,skb, getfrag, from, | ||
47 | - (length - transhdrlen)); | ||
48 | - if (!err) { | ||
49 | - struct frag_hdr fhdr; | ||
50 | |||
51 | /* Specify the length of each IPv6 datagram fragment. | ||
52 | * It has to be a multiple of 8. | ||
53 | @@ -1052,15 +1048,10 @@ static inline int ip6_ufo_append_data(struct sock *sk, | ||
54 | ipv6_select_ident(&fhdr, rt); | ||
55 | skb_shinfo(skb)->ip6_frag_id = fhdr.identification; | ||
56 | __skb_queue_tail(&sk->sk_write_queue, skb); | ||
57 | - | ||
58 | - return 0; | ||
59 | } | ||
60 | - /* There is not enough support do UPD LSO, | ||
61 | - * so follow normal path | ||
62 | - */ | ||
63 | - kfree_skb(skb); | ||
64 | |||
65 | - return err; | ||
66 | + return skb_append_datato_frags(sk, skb, getfrag, from, | ||
67 | + (length - transhdrlen)); | ||
68 | } | ||
69 | |||
70 | static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src, | ||
71 | @@ -1227,27 +1218,27 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, | ||
72 | * --yoshfuji | ||
73 | */ | ||
74 | |||
75 | - cork->length += length; | ||
76 | - if (length > mtu) { | ||
77 | - int proto = sk->sk_protocol; | ||
78 | - if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){ | ||
79 | - ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); | ||
80 | - return -EMSGSIZE; | ||
81 | - } | ||
82 | - | ||
83 | - if (proto == IPPROTO_UDP && | ||
84 | - (rt->dst.dev->features & NETIF_F_UFO)) { | ||
85 | + if ((length > mtu) && dontfrag && (sk->sk_protocol == IPPROTO_UDP || | ||
86 | + sk->sk_protocol == IPPROTO_RAW)) { | ||
87 | + ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); | ||
88 | + return -EMSGSIZE; | ||
89 | + } | ||
90 | |||
91 | - err = ip6_ufo_append_data(sk, getfrag, from, length, | ||
92 | - hh_len, fragheaderlen, | ||
93 | - transhdrlen, mtu, flags, rt); | ||
94 | - if (err) | ||
95 | - goto error; | ||
96 | - return 0; | ||
97 | - } | ||
98 | + skb = skb_peek_tail(&sk->sk_write_queue); | ||
99 | + cork->length += length; | ||
100 | + if (((length > mtu) || | ||
101 | + (skb && skb_is_gso(skb))) && | ||
102 | + (sk->sk_protocol == IPPROTO_UDP) && | ||
103 | + (rt->dst.dev->features & NETIF_F_UFO)) { | ||
104 | + err = ip6_ufo_append_data(sk, getfrag, from, length, | ||
105 | + hh_len, fragheaderlen, | ||
106 | + transhdrlen, mtu, flags, rt); | ||
107 | + if (err) | ||
108 | + goto error; | ||
109 | + return 0; | ||
110 | } | ||
111 | |||
112 | - if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) | ||
113 | + if (!skb) | ||
114 | goto alloc_new_skb; | ||
115 | |||
116 | while (length > 0) { | ||
117 | -- | ||
118 | cgit v0.9.2 | ||