diff options
| author | Koen Vandeputte <koen.vandeputte@ncentric.com> | 2019-08-05 12:21:47 +0200 |
|---|---|---|
| committer | Koen Vandeputte <koen.vandeputte@ncentric.com> | 2019-08-06 11:56:18 +0200 |
| commit | 958411aa611582d9482ae6d319e1a986f195a596 (patch) | |
| tree | a9d01e8707ce38022ec5e6c349bc1b8fd75f643b /target/linux/generic/backport-4.14 | |
| parent | 2807f84b629c1a05304e4b39447973084889d9de (diff) | |
| download | upstream-958411aa611582d9482ae6d319e1a986f195a596.tar.gz upstream-958411aa611582d9482ae6d319e1a986f195a596.tar.bz2 upstream-958411aa611582d9482ae6d319e1a986f195a596.zip | |
kernel: bump 4.14 to 4.14.136
Refreshed all patches.
Altered patches:
- 306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch
Remove upstreamed:
- 505-arm64-dts-marvell-Fix-A37xx-UART0-register-size
Fixes:
- CVE-2019-13648
- CVE-2019-10207
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Diffstat (limited to 'target/linux/generic/backport-4.14')
5 files changed, 8 insertions, 8 deletions
diff --git a/target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch b/target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch index 5e339865d3..aad588f19b 100644 --- a/target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch +++ b/target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch @@ -159,7 +159,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter", --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c -@@ -202,6 +202,23 @@ repeat: +@@ -206,6 +206,23 @@ repeat: return NF_ACCEPT; } @@ -183,7 +183,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* Caller must hold rcu read-side lock */ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) { -@@ -217,12 +234,12 @@ void nf_reinject(struct nf_queue_entry * +@@ -221,12 +238,12 @@ void nf_reinject(struct nf_queue_entry * net = entry->state.net; pf = entry->state.pf; diff --git a/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch b/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch index b27b02f506..41675c3494 100644 --- a/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch +++ b/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch @@ -152,7 +152,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #endif --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c -@@ -205,8 +205,10 @@ repeat: +@@ -209,8 +209,10 @@ repeat: static struct nf_hook_entries *nf_hook_entries_head(const struct net *net, u8 pf, u8 hooknum) { switch (pf) { diff --git a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch index b02ad8a0d7..943b3eed30 100644 --- a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch +++ b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch @@ -212,10 +212,10 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, const struct nf_hook_entries *entries, unsigned int index, unsigned int queuenum) -@@ -144,7 +175,16 @@ static int __nf_queue(struct sk_buff *sk +@@ -148,7 +179,16 @@ static int __nf_queue(struct sk_buff *sk + }; nf_queue_entry_get_refs(entry); - skb_dst_force(skb); - afinfo->saveroute(skb, entry); + + switch (entry->state.pf) { diff --git a/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch b/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch index 9303a0b777..810f57ca19 100644 --- a/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch +++ b/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch @@ -171,7 +171,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c -@@ -267,7 +267,6 @@ void nf_reinject(struct nf_queue_entry * +@@ -271,7 +271,6 @@ void nf_reinject(struct nf_queue_entry * const struct nf_hook_entry *hook_entry; const struct nf_hook_entries *hooks; struct sk_buff *skb = entry->skb; @@ -179,7 +179,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct net *net; unsigned int i; int err; -@@ -294,8 +293,7 @@ void nf_reinject(struct nf_queue_entry * +@@ -298,8 +297,7 @@ void nf_reinject(struct nf_queue_entry * verdict = nf_hook_entry_hookfn(hook_entry, skb, &entry->state); if (verdict == NF_ACCEPT) { diff --git a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch index b4a13dd539..20820e40ca 100644 --- a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch +++ b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch @@ -83,7 +83,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (!entry) { status = -ENOMEM; goto err; -@@ -170,7 +180,7 @@ static int __nf_queue(struct sk_buff *sk +@@ -175,7 +185,7 @@ static int __nf_queue(struct sk_buff *sk .skb = skb, .state = *state, .hook_index = index, |