Date: Sunday, February 26, 2017 @ 21:24:48 Author: andyrtr Revision: 289571
upgpkg: linux-lts 4.4.52-1 upstream update 4.4.52 Modified: linux-lts/trunk/PKGBUILD Deleted: linux-lts/trunk/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch ----------------------------------------------------------------+ 0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch | 47 ---------- PKGBUILD | 13 -- 2 files changed, 4 insertions(+), 56 deletions(-) Deleted: 0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch =================================================================== --- 0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch 2017-02-26 21:10:33 UTC (rev 289570) +++ 0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch 2017-02-26 21:24:48 UTC (rev 289571) @@ -1,47 +0,0 @@ -From 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 Mon Sep 17 00:00:00 2001 -From: Andrey Konovalov <andreyk...@google.com> -Date: Thu, 16 Feb 2017 17:22:46 +0100 -Subject: [PATCH] dccp: fix freeing skb too early for IPV6_RECVPKTINFO - -In the current DCCP implementation an skb for a DCCP_PKT_REQUEST packet -is forcibly freed via __kfree_skb in dccp_rcv_state_process if -dccp_v6_conn_request successfully returns. - -However, if IPV6_RECVPKTINFO is set on a socket, the address of the skb -is saved to ireq->pktopts and the ref count for skb is incremented in -dccp_v6_conn_request, so skb is still in use. Nevertheless, it gets freed -in dccp_rcv_state_process. - -Fix by calling consume_skb instead of doing goto discard and therefore -calling __kfree_skb. - -Similar fixes for TCP: - -fb7e2399ec17f1004c0e0ccfd17439f8759ede01 [TCP]: skb is unexpectedly freed. -0aea76d35c9651d55bbaf746e7914e5f9ae5a25d tcp: SYN packets are now -simply consumed - -Signed-off-by: Andrey Konovalov <andreyk...@google.com> -Acked-by: Eric Dumazet <eduma...@google.com> -Signed-off-by: David S. Miller <da...@davemloft.net> ---- - net/dccp/input.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/net/dccp/input.c b/net/dccp/input.c -index ba347184bda9b3fe..8fedc2d497709b3d 100644 ---- a/net/dccp/input.c -+++ b/net/dccp/input.c -@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb, - if (inet_csk(sk)->icsk_af_ops->conn_request(sk, - skb) < 0) - return 1; -- goto discard; -+ consume_skb(skb); -+ return 0; - } - if (dh->dccph_type == DCCP_PKT_RESET) - goto discard; --- -2.11.1 - Modified: PKGBUILD =================================================================== --- PKGBUILD 2017-02-26 21:10:33 UTC (rev 289570) +++ PKGBUILD 2017-02-26 21:24:48 UTC (rev 289571) @@ -4,7 +4,7 @@ pkgbase=linux-lts #pkgbase=linux-lts-custom _srcname=linux-4.4 -pkgver=4.4.51 +pkgver=4.4.52 pkgrel=1 arch=('i686' 'x86_64') url="https://www.kernel.org/" @@ -20,12 +20,11 @@ # standard config files for mkinitcpio ramdisk linux-lts.preset change-default-console-loglevel.patch - 0001-sdhci-revert.patch - 0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch) + 0001-sdhci-revert.patch) # https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc sha256sums=('401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2' 'SKIP' - 'dded5f71d8533a38e8aafad224e0fe5f7d3a4eed1cfc1a79c321581e148821e8' + '96dfdcb3144509275bba3b3f8ad925b18f31a22dcab5abfd5a4b816977a4e8c3' 'SKIP' 'b11702727b1503e5a613946790978481d34d8ecc6870337fadd3ce1ef084a8e2' '68c7296ff2f5f55d69e83aa4d20f925df740b1eb1e6bdb0f13e8a170360ed09f' @@ -32,8 +31,7 @@ '834bd254b56ab71d73f59b3221f056c72f559553c04718e350ab2a3e2991afe0' '1f036f7464da54ae510630f0edb69faa115287f86d9f17641197ffda8cfd49e0' '1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99' - '5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375' - '85954ac18da9dc1bec5df28e2f097d13016e39fa9631074f85b6364af340fcd9') + '5313df7cb5b4d005422bd4cd0dae956b2dadba8f3db904275aaf99ac53894375') validpgpkeys=('ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds <torva...@linux-foundation.org> '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman (Linux kernel stable release signing key) <g...@kroah.com> ) @@ -45,9 +43,6 @@ # add upstream patch patch -p1 -i "${srcdir}/patch-${pkgver}" - # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074 - patch -p1 -i "${srcdir}/0001-dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch" - # add latest fixes from stable queue, if needed # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git