diff options
author | Koen Vandeputte <koen.vandeputte@ncentric.com> | 2020-04-15 15:13:14 +0200 |
---|---|---|
committer | Koen Vandeputte <koen.vandeputte@ncentric.com> | 2020-04-16 13:24:54 +0200 |
commit | 1f0679f54dafa80f54cf8dfa135e94c73b8ff677 (patch) | |
tree | 7e63592f86e43ef93ce0428e491fae5f17ec7e6b /target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch | |
parent | 82c8170cd086d17a08ab29cd7120fb7f94bd7424 (diff) | |
download | openwrt-1f0679f54dafa80f54cf8dfa135e94c73b8ff677.tar.gz openwrt-1f0679f54dafa80f54cf8dfa135e94c73b8ff677.tar.bz2 openwrt-1f0679f54dafa80f54cf8dfa135e94c73b8ff677.zip |
kernel: bump 4.14 to 4.14.176
Refreshed all patches.
Remove upstreamed:
- 0001-net-thunderx-workaround-BGX-TX-Underflow-issue.patch
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
Fixes:
- CVE-2020-8647
- CVE-2020-8648 (potentially)
- CVE-2020-8649
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Diffstat (limited to 'target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch')
-rw-r--r-- | target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch b/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch index de88825802..885d632d22 100644 --- a/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch +++ b/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch @@ -47,7 +47,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c -@@ -960,6 +960,9 @@ static unsigned int early_drop_list(stru +@@ -974,6 +974,9 @@ static unsigned int early_drop_list(stru hlist_nulls_for_each_entry_rcu(h, n, head, hnnode) { tmp = nf_ct_tuplehash_to_ctrack(h); @@ -57,7 +57,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (nf_ct_is_expired(tmp)) { nf_ct_gc_expired(tmp); continue; -@@ -1037,6 +1040,18 @@ static bool gc_worker_can_early_drop(con +@@ -1051,6 +1054,18 @@ static bool gc_worker_can_early_drop(con return false; } @@ -76,7 +76,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static void gc_worker(struct work_struct *work) { unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u); -@@ -1073,6 +1088,11 @@ static void gc_worker(struct work_struct +@@ -1087,6 +1102,11 @@ static void gc_worker(struct work_struct tmp = nf_ct_tuplehash_to_ctrack(h); scanned++; |