[packages/kernel/LINUX_4_1] - up to 4.1.32

arekm arekm at pld-linux.org
Tue Sep 6 23:05:13 CEST 2016 

commit 0a2b7ca35e997c101965c518f649f7205c6365aa
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Tue Sep 6 23:05:05 2016 +0200

    - up to 4.1.32

 kernel-small_fixes.patch | 80 ------------------------------------------------
 kernel.spec              |  4 +--
 2 files changed, 2 insertions(+), 82 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index fde2de5..6446cab 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -70,7 +70,7 @@
 
 %define		rel		1
 %define		basever		4.1
-%define		postver		.30
+%define		postver		.32
 
 # define this to '-%{basever}' for longterm branch
 %define		versuffix	-%{basever}
@@ -119,7 +119,7 @@ Source0:	http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{basever}.tar.xz
 # Source0-md5:	fe9dc0f6729f36400ea81aa41d614c37
 %if "%{postver}" != ".0"
 Patch0:		http://www.kernel.org/pub/linux/kernel/v4.x/patch-%{version}.xz
-# Patch0-md5:	c24bf5095a53863c5c28e33d0d606f95
+# Patch0-md5:	bc9ad9c3602cee0223d4a3b23f4ce44a
 %endif
 Source1:	kernel.sysconfig
 
diff --git a/kernel-small_fixes.patch b/kernel-small_fixes.patch
index f785fa9..83a0b12 100644
--- a/kernel-small_fixes.patch
+++ b/kernel-small_fixes.patch
@@ -114,84 +114,4 @@ index 29531ec..65fbfb7 100644
  		goto out_destroy_log;
  
 
-From 75ff39ccc1bd5d3c455b6822ab09e533c551f758 Mon Sep 17 00:00:00 2001
-From: Eric Dumazet <edumazet at google.com>
-Date: Sun, 10 Jul 2016 10:04:02 +0200
-Subject: tcp: make challenge acks less predictable
-
-Yue Cao claims that current host rate limiting of challenge ACKS
-(RFC 5961) could leak enough information to allow a patient attacker
-to hijack TCP sessions. He will soon provide details in an academic
-paper.
-
-This patch increases the default limit from 100 to 1000, and adds
-some randomization so that the attacker can no longer hijack
-sessions without spending a considerable amount of probes.
-
-Based on initial analysis and patch from Linus.
-
-Note that we also have per socket rate limiting, so it is tempting
-to remove the host limit in the future.
-
-v2: randomize the count of challenge acks per second, not the period.
-
-Fixes: 282f23c6ee34 ("tcp: implement RFC 5961 3.2")
-Reported-by: Yue Cao <ycao009 at ucr.edu>
-Signed-off-by: Eric Dumazet <edumazet at google.com>
-Suggested-by: Linus Torvalds <torvalds at linux-foundation.org>
-Cc: Yuchung Cheng <ycheng at google.com>
-Cc: Neal Cardwell <ncardwell at google.com>
-Acked-by: Neal Cardwell <ncardwell at google.com>
-Acked-by: Yuchung Cheng <ycheng at google.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/ipv4/tcp_input.c | 15 ++++++++++-----
- 1 file changed, 10 insertions(+), 5 deletions(-)
-
-diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index d6c8f4cd0..91868bb 100644
---- a/net/ipv4/tcp_input.c
-+++ b/net/ipv4/tcp_input.c
-@@ -87,7 +87,7 @@ int sysctl_tcp_adv_win_scale __read_mostly = 1;
- EXPORT_SYMBOL(sysctl_tcp_adv_win_scale);
- 
- /* rfc5961 challenge ack rate limiting */
--int sysctl_tcp_challenge_ack_limit = 100;
-+int sysctl_tcp_challenge_ack_limit = 1000;
- 
- int sysctl_tcp_stdurg __read_mostly;
- int sysctl_tcp_rfc1337 __read_mostly;
-@@ -3458,7 +3458,7 @@ static void tcp_send_challenge_ack(struct sock *sk, const struct sk_buff *skb)
- 	static u32 challenge_timestamp;
- 	static unsigned int challenge_count;
- 	struct tcp_sock *tp = tcp_sk(sk);
--	u32 now;
-+	u32 count, now;
- 
- 	/* First check our per-socket dupack rate limit. */
- 	if (tcp_oow_rate_limited(sock_net(sk), skb,
-@@ -3466,13 +3466,18 @@ static void tcp_send_challenge_ack(struct sock *sk, const struct sk_buff *skb)
- 				 &tp->last_oow_ack_time))
- 		return;
- 
--	/* Then check the check host-wide RFC 5961 rate limit. */
-+	/* Then check host-wide RFC 5961 rate limit. */
- 	now = jiffies / HZ;
- 	if (now != challenge_timestamp) {
-+		u32 half = (sysctl_tcp_challenge_ack_limit + 1) >> 1;
-+
- 		challenge_timestamp = now;
--		challenge_count = 0;
-+		WRITE_ONCE(challenge_count, half +
-+			   prandom_u32_max(sysctl_tcp_challenge_ack_limit));
- 	}
--	if (++challenge_count <= sysctl_tcp_challenge_ack_limit) {
-+	count = READ_ONCE(challenge_count);
-+	if (count > 0) {
-+		WRITE_ONCE(challenge_count, count - 1);
- 		NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK);
- 		tcp_send_ack(sk);
- 	}
--- 
-cgit v1.0-17-g0c1e3
 
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/kernel.git/commitdiff/0a2b7ca35e997c101965c518f649f7205c6365aa

More information about the pld-cvs-commit mailing list