Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2019-07-26 17:33:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new.4126 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Fri Jul 26 17:33:06 2019 rev:496 rq:717536 version:5.2.2 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2019-07-22 12:18:22.579696076 +0200 +++ /work/SRC/openSUSE:Factory/.kernel-source.new.4126/dtb-aarch64.changes 2019-07-26 17:33:10.440114905 +0200 @@ -1,0 +2,47 @@ +Sun Jul 21 19:42:03 CEST 2019 - [email protected] + +- Revert "netfilter: conntrack: remove helper hook again" + (http://lkml.kernel.org/r/[email protected]). +- commit 8e9a006 + +------------------------------------------------------------------- +Sun Jul 21 10:23:21 CEST 2019 - [email protected] + +- Linux 5.2.2 (bnc#1012628). +- x86/entry/32: Fix ENDPROC of common_spurious (bnc#1012628). +- crypto/NX: Set receive window credits to max number of CRBs + in RxFIFO (bnc#1012628). +- crypto: talitos - fix hash on SEC1 (bnc#1012628). +- crypto: talitos - move struct talitos_edesc into talitos.h + (bnc#1012628). +- s390/qdio: don't touch the dsci in tiqdio_add_input_queues() + (bnc#1012628). +- s390/qdio: (re-)initialize tiqdio list entries (bnc#1012628). +- s390: fix stfle zero padding (bnc#1012628). +- s390/ipl: Fix detection of has_secure attribute (bnc#1012628). +- ARC: hide unused function unw_hdr_alloc (bnc#1012628). +- x86/irq: Seperate unused system vectors from spurious entry + again (bnc#1012628). +- x86/irq: Handle spurious interrupt after shutdown gracefully + (bnc#1012628). +- x86/ioapic: Implement irq_get_irqchip_state() callback + (bnc#1012628). +- genirq: Add optional hardware synchronization for shutdown + (bnc#1012628). +- genirq: Fix misleading synchronize_irq() documentation + (bnc#1012628). +- genirq: Delay deactivation in free_irq() (bnc#1012628). +- firmware: improve LSM/IMA security behaviour (bnc#1012628). +- drivers: base: cacheinfo: Ensure cpu hotplug work is done + before Intel RDT (bnc#1012628). +- nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() + in uapi header (bnc#1012628). +- Input: synaptics - enable SMBUS on T480 thinkpad trackpad + (bnc#1012628). +- e1000e: start network tx queue only when link is up + (bnc#1012628). +- Revert "e1000e: fix cyclic resets at link up with active tx" + (bnc#1012628). +- commit 93f0a54 + +------------------------------------------------------------------- dtb-armv6l.changes: same change dtb-armv7l.changes: same change kernel-64kb.changes: same change kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-kvmsmall.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-vanilla.changes: same change kernel-zfcpdump.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.N8oBKF/_old 2019-07-26 17:33:15.256112928 +0200 +++ /var/tmp/diff_new_pack.N8oBKF/_new 2019-07-26 17:33:15.260112927 +0200 @@ -17,7 +17,7 @@ %define srcversion 5.2 -%define patchversion 5.2.1 +%define patchversion 5.2.2 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: dtb-aarch64 -Version: 5.2.1 +Version: 5.2.2 %if 0%{?is_kotd} -Release: <RELEASE>.gbf5c01b +Release: <RELEASE>.gadfddac %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.N8oBKF/_old 2019-07-26 17:33:15.320112902 +0200 +++ /var/tmp/diff_new_pack.N8oBKF/_new 2019-07-26 17:33:15.324112901 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.2 -%define patchversion 5.2.1 +%define patchversion 5.2.2 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0 Group: System/Kernel -Version: 5.2.1 +Version: 5.2.2 %if 0%{?is_kotd} -Release: <RELEASE>.gbf5c01b +Release: <RELEASE>.gadfddac %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 -Provides: kernel-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: kernel-%build_flavor-base-srchash-adfddac4f7170653097d38112dfc6922cfababd8 +Provides: kernel-srchash-adfddac4f7170653097d38112dfc6922cfababd8 # END COMMON DEPS -Provides: %name-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: %name-srchash-adfddac4f7170653097d38112dfc6922cfababd8 %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz Source2: source-post.sh ++++++ kernel-debug.spec ++++++ --- /var/tmp/diff_new_pack.N8oBKF/_old 2019-07-26 17:33:15.348112890 +0200 +++ /var/tmp/diff_new_pack.N8oBKF/_new 2019-07-26 17:33:15.352112889 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.2 -%define patchversion 5.2.1 +%define patchversion 5.2.2 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: A Debug Version of the Kernel License: GPL-2.0 Group: System/Kernel -Version: 5.2.1 +Version: 5.2.2 %if 0%{?is_kotd} -Release: <RELEASE>.gbf5c01b +Release: <RELEASE>.gadfddac %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 -Provides: kernel-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: kernel-%build_flavor-base-srchash-adfddac4f7170653097d38112dfc6922cfababd8 +Provides: kernel-srchash-adfddac4f7170653097d38112dfc6922cfababd8 # END COMMON DEPS -Provides: %name-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: %name-srchash-adfddac4f7170653097d38112dfc6922cfababd8 %ifarch ppc64 Provides: kernel-kdump = 2.6.28 Obsoletes: kernel-kdump <= 2.6.28 ++++++ kernel-default.spec ++++++ --- /var/tmp/diff_new_pack.N8oBKF/_old 2019-07-26 17:33:15.372112880 +0200 +++ /var/tmp/diff_new_pack.N8oBKF/_new 2019-07-26 17:33:15.372112880 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.2 -%define patchversion 5.2.1 +%define patchversion 5.2.2 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: The Standard Kernel License: GPL-2.0 Group: System/Kernel -Version: 5.2.1 +Version: 5.2.2 %if 0%{?is_kotd} -Release: <RELEASE>.gbf5c01b +Release: <RELEASE>.gadfddac %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 -Provides: kernel-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: kernel-%build_flavor-base-srchash-adfddac4f7170653097d38112dfc6922cfababd8 +Provides: kernel-srchash-adfddac4f7170653097d38112dfc6922cfababd8 # END COMMON DEPS -Provides: %name-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: %name-srchash-adfddac4f7170653097d38112dfc6922cfababd8 %ifarch %ix86 Provides: kernel-smp = 2.6.17 Obsoletes: kernel-smp <= 2.6.17 ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.N8oBKF/_old 2019-07-26 17:33:15.388112874 +0200 +++ /var/tmp/diff_new_pack.N8oBKF/_new 2019-07-26 17:33:15.392112872 +0200 @@ -17,7 +17,7 @@ %define srcversion 5.2 -%define patchversion 5.2.1 +%define patchversion 5.2.2 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -31,9 +31,9 @@ Summary: Kernel Documentation License: GPL-2.0 Group: Documentation/Man -Version: 5.2.1 +Version: 5.2.2 %if 0%{?is_kotd} -Release: <RELEASE>.gbf5c01b +Release: <RELEASE>.gadfddac %else Release: 0 %endif @@ -63,7 +63,7 @@ %endif Url: http://www.kernel.org/ Provides: %name = %version-%source_rel -Provides: %name-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: %name-srchash-adfddac4f7170653097d38112dfc6922cfababd8 BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz ++++++ kernel-kvmsmall.spec ++++++ --- /var/tmp/diff_new_pack.N8oBKF/_old 2019-07-26 17:33:15.408112866 +0200 +++ /var/tmp/diff_new_pack.N8oBKF/_new 2019-07-26 17:33:15.412112864 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.2 -%define patchversion 5.2.1 +%define patchversion 5.2.2 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: The Small Developer Kernel for KVM License: GPL-2.0 Group: System/Kernel -Version: 5.2.1 +Version: 5.2.2 %if 0%{?is_kotd} -Release: <RELEASE>.gbf5c01b +Release: <RELEASE>.gadfddac %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 -Provides: kernel-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: kernel-%build_flavor-base-srchash-adfddac4f7170653097d38112dfc6922cfababd8 +Provides: kernel-srchash-adfddac4f7170653097d38112dfc6922cfababd8 # END COMMON DEPS -Provides: %name-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: %name-srchash-adfddac4f7170653097d38112dfc6922cfababd8 %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz Source2: source-post.sh kernel-lpae.spec: same change ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.N8oBKF/_old 2019-07-26 17:33:15.444112851 +0200 +++ /var/tmp/diff_new_pack.N8oBKF/_new 2019-07-26 17:33:15.448112849 +0200 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 5.2.1 +%define patchversion 5.2.2 %define variant %{nil} %define vanilla_only 0 @@ -45,7 +45,7 @@ %endif %endif %endif -BuildRequires: kernel%kernel_flavor-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +BuildRequires: kernel%kernel_flavor-srchash-adfddac4f7170653097d38112dfc6922cfababd8 %if 0%{?rhel_version} BuildRequires: kernel @@ -64,9 +64,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 5.2.1 +Version: 5.2.2 %if 0%{?is_kotd} -Release: <RELEASE>.gbf5c01b +Release: <RELEASE>.gadfddac %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.N8oBKF/_old 2019-07-26 17:33:15.460112845 +0200 +++ /var/tmp/diff_new_pack.N8oBKF/_new 2019-07-26 17:33:15.468112841 +0200 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 5.2.1 +%define patchversion 5.2.2 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 5.2.1 +Version: 5.2.2 %if 0%{?is_kotd} -Release: <RELEASE>.gbf5c01b +Release: <RELEASE>.gadfddac %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.N8oBKF/_old 2019-07-26 17:33:15.488112833 +0200 +++ /var/tmp/diff_new_pack.N8oBKF/_new 2019-07-26 17:33:15.492112831 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.2 -%define patchversion 5.2.1 +%define patchversion 5.2.2 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 5.2.1 +Version: 5.2.2 %if 0%{?is_kotd} -Release: <RELEASE>.gbf5c01b +Release: <RELEASE>.gadfddac %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 -Provides: kernel-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: kernel-%build_flavor-base-srchash-adfddac4f7170653097d38112dfc6922cfababd8 +Provides: kernel-srchash-adfddac4f7170653097d38112dfc6922cfababd8 # END COMMON DEPS -Provides: %name-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: %name-srchash-adfddac4f7170653097d38112dfc6922cfababd8 %ifarch %ix86 Provides: kernel-bigsmp = 2.6.17 Obsoletes: kernel-bigsmp <= 2.6.17 ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.N8oBKF/_old 2019-07-26 17:33:15.512112823 +0200 +++ /var/tmp/diff_new_pack.N8oBKF/_new 2019-07-26 17:33:15.512112823 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.2 -%define patchversion 5.2.1 +%define patchversion 5.2.2 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 5.2.1 +Version: 5.2.2 %if 0%{?is_kotd} -Release: <RELEASE>.gbf5c01b +Release: <RELEASE>.gadfddac %else Release: 0 %endif @@ -43,7 +43,7 @@ BuildRequires: sed Requires(post): coreutils sed Provides: %name = %version-%source_rel -Provides: %name-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: %name-srchash-adfddac4f7170653097d38112dfc6922cfababd8 Provides: linux Provides: multiversion(kernel) Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.N8oBKF/_old 2019-07-26 17:33:15.532112815 +0200 +++ /var/tmp/diff_new_pack.N8oBKF/_new 2019-07-26 17:33:15.540112812 +0200 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 5.2.1 +Version: 5.2.2 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.gbf5c01b +Release: <RELEASE>.gadfddac %else Release: 0 %endif @@ -55,7 +55,7 @@ %endif Requires: pesign-obs-integration Provides: %name = %version-%source_rel -Provides: %name-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: %name-srchash-adfddac4f7170653097d38112dfc6922cfababd8 Provides: multiversion(kernel) Source: README.KSYMS Requires: kernel-devel%variant = %version-%source_rel ++++++ kernel-vanilla.spec ++++++ --- /var/tmp/diff_new_pack.N8oBKF/_old 2019-07-26 17:33:15.556112805 +0200 +++ /var/tmp/diff_new_pack.N8oBKF/_new 2019-07-26 17:33:15.560112804 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.2 -%define patchversion 5.2.1 +%define patchversion 5.2.2 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: The Standard Kernel - without any SUSE patches License: GPL-2.0 Group: System/Kernel -Version: 5.2.1 +Version: 5.2.2 %if 0%{?is_kotd} -Release: <RELEASE>.gbf5c01b +Release: <RELEASE>.gadfddac %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 -Provides: kernel-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: kernel-%build_flavor-base-srchash-adfddac4f7170653097d38112dfc6922cfababd8 +Provides: kernel-srchash-adfddac4f7170653097d38112dfc6922cfababd8 # END COMMON DEPS -Provides: %name-srchash-bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +Provides: %name-srchash-adfddac4f7170653097d38112dfc6922cfababd8 %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz Source2: source-post.sh kernel-zfcpdump.spec: same change ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 2234 lines of diff (skipped) ++++++ patches.suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/Revert-netfilter-conntrack-remove-helper-hook-again.patch new/patches.suse/Revert-netfilter-conntrack-remove-helper-hook-again.patch --- old/patches.suse/Revert-netfilter-conntrack-remove-helper-hook-again.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/Revert-netfilter-conntrack-remove-helper-hook-again.patch 2019-07-21 19:42:03.000000000 +0200 @@ -0,0 +1,236 @@ +From: Michal Kubecek <[email protected]> +Date: Sun, 21 Jul 2019 19:35:57 +0200 +Subject: Revert "netfilter: conntrack: remove helper hook again" +Patch-mainline: Not yet, upstream discussion not finished +References: http://lkml.kernel.org/r/[email protected] + +This reverts commit 827318feb69cb07ed58bb9b9dd6c2eaa81a116ad. + +This commit was found to break userspace conntrack helpers, see + + http://lkml.kernel.org/r/[email protected] + +Signed-off-by: Michal Kubecek <[email protected]> +--- + net/netfilter/nf_conntrack_proto.c | 142 +++++++++++++++++++++-------- + 1 file changed, 106 insertions(+), 36 deletions(-) + +--- a/net/netfilter/nf_conntrack_proto.c ++++ b/net/netfilter/nf_conntrack_proto.c +@@ -120,55 +120,55 @@ const struct nf_conntrack_l4proto *nf_ct_l4proto_find(u8 l4proto) + }; + EXPORT_SYMBOL_GPL(nf_ct_l4proto_find); + +-static unsigned int nf_confirm(struct sk_buff *skb, +- unsigned int protoff, +- struct nf_conn *ct, +- enum ip_conntrack_info ctinfo) ++static unsigned int ipv4_helper(void *priv, ++ struct sk_buff *skb, ++ const struct nf_hook_state *state) + { ++ struct nf_conn *ct; ++ enum ip_conntrack_info ctinfo; + const struct nf_conn_help *help; ++ const struct nf_conntrack_helper *helper; ++ ++ /* This is where we call the helper: as the packet goes out. */ ++ ct = nf_ct_get(skb, &ctinfo); ++ if (!ct || ctinfo == IP_CT_RELATED_REPLY) ++ return NF_ACCEPT; + + help = nfct_help(ct); +- if (help) { +- const struct nf_conntrack_helper *helper; +- int ret; +- +- /* rcu_read_lock()ed by nf_hook_thresh */ +- helper = rcu_dereference(help->helper); +- if (helper) { +- ret = helper->help(skb, +- protoff, +- ct, ctinfo); +- if (ret != NF_ACCEPT) +- return ret; +- } +- } ++ if (!help) ++ return NF_ACCEPT; + +- if (test_bit(IPS_SEQ_ADJUST_BIT, &ct->status) && +- !nf_is_loopback_packet(skb)) { +- if (!nf_ct_seq_adjust(skb, ct, ctinfo, protoff)) { +- NF_CT_STAT_INC_ATOMIC(nf_ct_net(ct), drop); +- return NF_DROP; +- } +- } ++ /* rcu_read_lock()ed by nf_hook_thresh */ ++ helper = rcu_dereference(help->helper); ++ if (!helper) ++ return NF_ACCEPT; + +- /* We've seen it coming out the other side: confirm it */ +- return nf_conntrack_confirm(skb); ++ return helper->help(skb, skb_network_offset(skb) + ip_hdrlen(skb), ++ ct, ctinfo); + } + + static unsigned int ipv4_confirm(void *priv, + struct sk_buff *skb, + const struct nf_hook_state *state) + { +- enum ip_conntrack_info ctinfo; + struct nf_conn *ct; ++ enum ip_conntrack_info ctinfo; + + ct = nf_ct_get(skb, &ctinfo); + if (!ct || ctinfo == IP_CT_RELATED_REPLY) +- return nf_conntrack_confirm(skb); ++ goto out; + +- return nf_confirm(skb, +- skb_network_offset(skb) + ip_hdrlen(skb), +- ct, ctinfo); ++ /* adjust seqs for loopback traffic only in outgoing direction */ ++ if (test_bit(IPS_SEQ_ADJUST_BIT, &ct->status) && ++ !nf_is_loopback_packet(skb)) { ++ if (!nf_ct_seq_adjust(skb, ct, ctinfo, ip_hdrlen(skb))) { ++ NF_CT_STAT_INC_ATOMIC(nf_ct_net(ct), drop); ++ return NF_DROP; ++ } ++ } ++out: ++ /* We've seen it coming out the other side: confirm it */ ++ return nf_conntrack_confirm(skb); + } + + static unsigned int ipv4_conntrack_in(void *priv, +@@ -216,12 +216,24 @@ static const struct nf_hook_ops ipv4_conntrack_ops[] = { + .hooknum = NF_INET_LOCAL_OUT, + .priority = NF_IP_PRI_CONNTRACK, + }, ++ { ++ .hook = ipv4_helper, ++ .pf = NFPROTO_IPV4, ++ .hooknum = NF_INET_POST_ROUTING, ++ .priority = NF_IP_PRI_CONNTRACK_HELPER, ++ }, + { + .hook = ipv4_confirm, + .pf = NFPROTO_IPV4, + .hooknum = NF_INET_POST_ROUTING, + .priority = NF_IP_PRI_CONNTRACK_CONFIRM, + }, ++ { ++ .hook = ipv4_helper, ++ .pf = NFPROTO_IPV4, ++ .hooknum = NF_INET_LOCAL_IN, ++ .priority = NF_IP_PRI_CONNTRACK_HELPER, ++ }, + { + .hook = ipv4_confirm, + .pf = NFPROTO_IPV4, +@@ -367,21 +379,31 @@ static unsigned int ipv6_confirm(void *priv, + struct nf_conn *ct; + enum ip_conntrack_info ctinfo; + unsigned char pnum = ipv6_hdr(skb)->nexthdr; +- __be16 frag_off; + int protoff; ++ __be16 frag_off; + + ct = nf_ct_get(skb, &ctinfo); + if (!ct || ctinfo == IP_CT_RELATED_REPLY) +- return nf_conntrack_confirm(skb); ++ goto out; + + protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &pnum, + &frag_off); + if (protoff < 0 || (frag_off & htons(~0x7)) != 0) { + pr_debug("proto header not found\n"); +- return nf_conntrack_confirm(skb); ++ goto out; + } + +- return nf_confirm(skb, protoff, ct, ctinfo); ++ /* adjust seqs for loopback traffic only in outgoing direction */ ++ if (test_bit(IPS_SEQ_ADJUST_BIT, &ct->status) && ++ !nf_is_loopback_packet(skb)) { ++ if (!nf_ct_seq_adjust(skb, ct, ctinfo, protoff)) { ++ NF_CT_STAT_INC_ATOMIC(nf_ct_net(ct), drop); ++ return NF_DROP; ++ } ++ } ++out: ++ /* We've seen it coming out the other side: confirm it */ ++ return nf_conntrack_confirm(skb); + } + + static unsigned int ipv6_conntrack_in(void *priv, +@@ -398,6 +420,42 @@ static unsigned int ipv6_conntrack_local(void *priv, + return nf_conntrack_in(skb, state); + } + ++static unsigned int ipv6_helper(void *priv, ++ struct sk_buff *skb, ++ const struct nf_hook_state *state) ++{ ++ struct nf_conn *ct; ++ const struct nf_conn_help *help; ++ const struct nf_conntrack_helper *helper; ++ enum ip_conntrack_info ctinfo; ++ __be16 frag_off; ++ int protoff; ++ u8 nexthdr; ++ ++ /* This is where we call the helper: as the packet goes out. */ ++ ct = nf_ct_get(skb, &ctinfo); ++ if (!ct || ctinfo == IP_CT_RELATED_REPLY) ++ return NF_ACCEPT; ++ ++ help = nfct_help(ct); ++ if (!help) ++ return NF_ACCEPT; ++ /* rcu_read_lock()ed by nf_hook_thresh */ ++ helper = rcu_dereference(help->helper); ++ if (!helper) ++ return NF_ACCEPT; ++ ++ nexthdr = ipv6_hdr(skb)->nexthdr; ++ protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr, ++ &frag_off); ++ if (protoff < 0 || (frag_off & htons(~0x7)) != 0) { ++ pr_debug("proto header not found\n"); ++ return NF_ACCEPT; ++ } ++ ++ return helper->help(skb, protoff, ct, ctinfo); ++} ++ + static const struct nf_hook_ops ipv6_conntrack_ops[] = { + { + .hook = ipv6_conntrack_in, +@@ -411,12 +469,24 @@ static const struct nf_hook_ops ipv6_conntrack_ops[] = { + .hooknum = NF_INET_LOCAL_OUT, + .priority = NF_IP6_PRI_CONNTRACK, + }, ++ { ++ .hook = ipv6_helper, ++ .pf = NFPROTO_IPV6, ++ .hooknum = NF_INET_POST_ROUTING, ++ .priority = NF_IP6_PRI_CONNTRACK_HELPER, ++ }, + { + .hook = ipv6_confirm, + .pf = NFPROTO_IPV6, + .hooknum = NF_INET_POST_ROUTING, + .priority = NF_IP6_PRI_LAST, + }, ++ { ++ .hook = ipv6_helper, ++ .pf = NFPROTO_IPV6, ++ .hooknum = NF_INET_LOCAL_IN, ++ .priority = NF_IP6_PRI_CONNTRACK_HELPER, ++ }, + { + .hook = ipv6_confirm, + .pf = NFPROTO_IPV6, ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.N8oBKF/_old 2019-07-26 17:33:16.352112478 +0200 +++ /var/tmp/diff_new_pack.N8oBKF/_new 2019-07-26 17:33:16.356112477 +0200 @@ -88,6 +88,28 @@ patches.kernel.org/5.2.1-059-staging-bcm2835-camera-Handle-empty-EOS-buffers.patch patches.kernel.org/5.2.1-060-staging-rtl8712-reduce-stack-usage-again.patch patches.kernel.org/5.2.1-061-Linux-5.2.1.patch + patches.kernel.org/5.2.2-001-Revert-e1000e-fix-cyclic-resets-at-link-up-with.patch + patches.kernel.org/5.2.2-002-e1000e-start-network-tx-queue-only-when-link-is.patch + patches.kernel.org/5.2.2-003-Input-synaptics-enable-SMBUS-on-T480-thinkpad-t.patch + patches.kernel.org/5.2.2-004-nilfs2-do-not-use-unexported-cpu_to_le32-le32_t.patch + patches.kernel.org/5.2.2-005-drivers-base-cacheinfo-Ensure-cpu-hotplug-work-.patch + patches.kernel.org/5.2.2-006-firmware-improve-LSM-IMA-security-behaviour.patch + patches.kernel.org/5.2.2-007-genirq-Delay-deactivation-in-free_irq.patch + patches.kernel.org/5.2.2-008-genirq-Fix-misleading-synchronize_irq-documenta.patch + patches.kernel.org/5.2.2-009-genirq-Add-optional-hardware-synchronization-fo.patch + patches.kernel.org/5.2.2-010-x86-ioapic-Implement-irq_get_irqchip_state-call.patch + patches.kernel.org/5.2.2-011-x86-irq-Handle-spurious-interrupt-after-shutdow.patch + patches.kernel.org/5.2.2-012-x86-irq-Seperate-unused-system-vectors-from-spu.patch + patches.kernel.org/5.2.2-013-ARC-hide-unused-function-unw_hdr_alloc.patch + patches.kernel.org/5.2.2-014-s390-ipl-Fix-detection-of-has_secure-attribute.patch + patches.kernel.org/5.2.2-015-s390-fix-stfle-zero-padding.patch + patches.kernel.org/5.2.2-016-s390-qdio-re-initialize-tiqdio-list-entries.patch + patches.kernel.org/5.2.2-017-s390-qdio-don-t-touch-the-dsci-in-tiqdio_add_in.patch + patches.kernel.org/5.2.2-018-crypto-talitos-move-struct-talitos_edesc-into-t.patch + patches.kernel.org/5.2.2-019-crypto-talitos-fix-hash-on-SEC1.patch + patches.kernel.org/5.2.2-020-crypto-NX-Set-receive-window-credits-to-max-num.patch + patches.kernel.org/5.2.2-021-x86-entry-32-Fix-ENDPROC-of-common_spurious.patch + patches.kernel.org/5.2.2-022-Linux-5.2.2.patch ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -258,6 +280,7 @@ # Netfilter ######################################################## patches.suse/netfilter-ip_conntrack_slp.patch + patches.suse/Revert-netfilter-conntrack-remove-helper-hook-again.patch ######################################################## # NFS ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.N8oBKF/_old 2019-07-26 17:33:16.376112468 +0200 +++ /var/tmp/diff_new_pack.N8oBKF/_new 2019-07-26 17:33:16.376112468 +0200 @@ -1,3 +1,3 @@ -2019-07-15 05:32:47 +0000 -GIT Revision: bf5c01b16b957d1f16c9d43a859d3f8111e2ac16 +2019-07-22 10:29:33 +0000 +GIT Revision: adfddac4f7170653097d38112dfc6922cfababd8 GIT Branch: stable
