summaryrefslogtreecommitdiff
path: root/libre/linux-libre-lts
diff options
context:
space:
mode:
authorAndré Fabian Silva Delgado <emulatorman@parabola.nu>2017-02-26 18:07:42 -0300
committerAndré Fabian Silva Delgado <emulatorman@parabola.nu>2017-02-26 18:36:20 -0300
commit9ab3dff5d35025f8ccdb6d3ee8f2398b4d7b92ac (patch)
tree3d60197afc7fe3afc356d3fcc8371899572ff8b2 /libre/linux-libre-lts
parentefa2afdf227ea5f566ffe86680acfa86a0db10d1 (diff)
downloadabslibre-9ab3dff5d35025f8ccdb6d3ee8f2398b4d7b92ac.tar.gz
abslibre-9ab3dff5d35025f8ccdb6d3ee8f2398b4d7b92ac.tar.bz2
abslibre-9ab3dff5d35025f8ccdb6d3ee8f2398b4d7b92ac.zip
linux-libre-lts-4.4.51_gnu-1: updating version
Diffstat (limited to 'libre/linux-libre-lts')
-rw-r--r--libre/linux-libre-lts/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch47
-rw-r--r--libre/linux-libre-lts/PKGBUILD11
2 files changed, 55 insertions, 3 deletions
diff --git a/libre/linux-libre-lts/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch b/libre/linux-libre-lts/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch
new file mode 100644
index 000000000..9adaf0b30
--- /dev/null
+++ b/libre/linux-libre-lts/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch
@@ -0,0 +1,47 @@
+From 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 Mon Sep 17 00:00:00 2001
+From: Andrey Konovalov <andreyknvl@google.com>
+Date: Thu, 16 Feb 2017 17:22:46 +0100
+Subject: [PATCH] dccp: fix freeing skb too early for IPV6_RECVPKTINFO
+
+In the current DCCP implementation an skb for a DCCP_PKT_REQUEST packet
+is forcibly freed via __kfree_skb in dccp_rcv_state_process if
+dccp_v6_conn_request successfully returns.
+
+However, if IPV6_RECVPKTINFO is set on a socket, the address of the skb
+is saved to ireq->pktopts and the ref count for skb is incremented in
+dccp_v6_conn_request, so skb is still in use. Nevertheless, it gets freed
+in dccp_rcv_state_process.
+
+Fix by calling consume_skb instead of doing goto discard and therefore
+calling __kfree_skb.
+
+Similar fixes for TCP:
+
+fb7e2399ec17f1004c0e0ccfd17439f8759ede01 [TCP]: skb is unexpectedly freed.
+0aea76d35c9651d55bbaf746e7914e5f9ae5a25d tcp: SYN packets are now
+simply consumed
+
+Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/dccp/input.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/net/dccp/input.c b/net/dccp/input.c
+index ba347184bda9b3fe..8fedc2d497709b3d 100644
+--- a/net/dccp/input.c
++++ b/net/dccp/input.c
+@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+ if (inet_csk(sk)->icsk_af_ops->conn_request(sk,
+ skb) < 0)
+ return 1;
+- goto discard;
++ consume_skb(skb);
++ return 0;
+ }
+ if (dh->dccph_type == DCCP_PKT_RESET)
+ goto discard;
+--
+2.11.1
+
diff --git a/libre/linux-libre-lts/PKGBUILD b/libre/linux-libre-lts/PKGBUILD
index 50910067a..d5046c66a 100644
--- a/libre/linux-libre-lts/PKGBUILD
+++ b/libre/linux-libre-lts/PKGBUILD
@@ -10,7 +10,7 @@
pkgbase=linux-libre-lts
_pkgbasever=4.4-gnu
-_pkgver=4.4.50-gnu
+_pkgver=4.4.51-gnu
_replacesarchkernel=('linux%') # '%' gets replaced with _kernelname
_replacesoldkernels=() # '%' gets replaced with _kernelname
@@ -45,6 +45,7 @@ source=("https://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/l
'linux.preset'
'change-default-console-loglevel.patch'
'0001-sdhci-revert.patch'
+ '0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch'
'0001-drm-radeon-Make-the-driver-load-without-the-firmwares.patch'
'0002-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch'
'0003-fix-Atmel-maXTouch-touchscreen-support.patch'
@@ -62,7 +63,7 @@ source=("https://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/l
'0009-ARM-dts-dove-add-Dove-divider-clocks.patch')
sha512sums=('1fc096b3fad2e97a68f9406c4c9c83a98dd33b2fd1bafc8c637a405e871f16822bc769a928825f2335cf4a1eb69a063f82bbf0ad5e4ef7ceee308e87b07da47e'
'SKIP'
- '4b3132f7267c85c81717acd5523731b90ae62f1619eabd32053c93cde3d89dda32ccbb4f4e96b8189074f37abbd209365d633a5a6dadf18d3dccf9abe61c1391'
+ 'b613936609bddb58b472bdb9857a6410f464d62aa7ec49a685a120ae476c38127a5c7e5b9bf389ae8f710b7a495ff8d6981af171efb388469e3ad40f62b0ac4d'
'SKIP'
'13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3'
'SKIP'
@@ -77,10 +78,11 @@ sha512sums=('1fc096b3fad2e97a68f9406c4c9c83a98dd33b2fd1bafc8c637a405e871f16822bc
'2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf'
'd9d28e02e964704ea96645a5107f8b65cae5f4fb4f537e224e5e3d087fd296cb770c29ac76e0ce95d173bc420ea87fb8f187d616672a60a0cae618b0ef15b8c8'
'be80d7ee558595d4b17b07a5a2b729d9a9503c963ec1b19bac6a87601eaefd28075aea7fb6d9c77e2e15e063fc6a8a2e8744bc1efe63e2a58b8c3ede0d89c821'
+ 'cddd1349c0a7f7ffcd7615f31c8107144eb086326c09121cc9071e95d04d2a30ee8d7a3f5d1fe76e6377803dbf2fcb1791e482e0974b8474155419ad94c0fd2b'
'71d113b43bf543963ec9c4b9ae44bd57196317d59010aa253fe3897a032584980958272fba07751deda700159832444c847c17c2c82eedab0e67f10d358448c4'
'd7b612f3217e4b370eaa6bc928530fcf1cba9f6c5269273b5b5d198c63e128cbb44529fcaed2d732706de1a521a44b0f459f2a3b2695b25666cbfa7a9cb7f058'
'fe62880ef520f2302577c6a76f832324b3a6d42f05d032058892dd4374662ad499727dd0366b45e1087bf650d08a5efa65089c13840b67abdc947fe033c8a275'
- '5cac70bc98e229f647fa43c3544426243649051f61bf4a8bdf2eed4911eba3af7d32caaa1c3d4bdc3dd49cb371f3cd42908b9509967ed6469793a3ed7cd1110f'
+ '904f91a0003be69342addcfeadd0c418fdce33b757b48a62b4bd086e6dd5d5efc1a182838b17477d7a798b1bea54117a8cb696cc632e6cecf2b8dbf38c02f252'
'SKIP'
'835f3a288f85c553f908fd8d9f19614430dd83ade2a5dd1bb10686f38b0f823e5f079a9f014bbb3aa7af2f831af34b918124a826bce73d32a191c53deb37061a'
'1ad04131f7b882ef405a73a3fc8ad21eaf9fa4dd7f160524bfd04f175f6f61379453f7968f34e3d567f6753d1ea74c4714febe70fe85cd37fcfc96f9b078e1ad'
@@ -139,6 +141,9 @@ prepare() {
install -m644 -t drivers/video/logo \
"${srcdir}/logo_linux_"{clut224.ppm,vga16.ppm,mono.pbm}
+ # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074
+ patch -p1 -i "${srcdir}/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch"
+
# add latest fixes from stable queue, if needed
# http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git