Refreshed all patches.
Fixes:
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14821
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
LINUX_VERSION-4.9 = .194
LINUX_VERSION-4.14 = .146
-LINUX_VERSION-4.19 = .74
+LINUX_VERSION-4.19 = .75
LINUX_KERNEL_HASH-4.9.194 = d5f4bb7584e461f1faa9a3f94c2ad292246fe692b0e992e072dac255f806c2e3
LINUX_KERNEL_HASH-4.14.146 = a3c54b887ea3e679382bd4c0536e6a281b071dab2258bd3ee8af75baef2023f5
-LINUX_KERNEL_HASH-4.19.74 = 495c2fead329c2c6b17950faa07ad7406e5aa93560e5e58de93a71197579ee82
+LINUX_KERNEL_HASH-4.19.75 = dd5e7147e1e4501560fba5beb86dae6bf6ba843518ab3d4cad283de77b651b78
remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))
*/
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
-@@ -478,7 +478,7 @@ int ipv6_recv_error(struct sock *sk, str
+@@ -480,7 +480,7 @@ int ipv6_recv_error(struct sock *sk, str
ipv6_iface_scope_id(&sin->sin6_addr,
IP6CB(skb)->iif);
} else {
&sin->sin6_addr);
sin->sin6_scope_id = 0;
}
-@@ -828,12 +828,12 @@ int ip6_datagram_send_ctl(struct net *ne
+@@ -830,12 +830,12 @@ int ip6_datagram_send_ctl(struct net *ne
}
if (fl6->flowlabel&IPV6_FLOWINFO_MASK) {
MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
-@@ -211,47 +211,14 @@ static struct nft_expr_type nft_flow_off
+@@ -217,47 +217,14 @@ static struct nft_expr_type nft_flow_off
.owner = THIS_MODULE,
};
}
+ nf_ct_offload_timeout(flow);
- flow->timeout = (u32)jiffies;
+ flow->timeout = (u32)jiffies + NF_FLOW_TIMEOUT;
return 0;
}
@@ -316,6 +335,8 @@ static int nf_flow_offload_gc_step(struc
EXPORT_SYMBOL(default_qdisc_ops);
/* Main transmission queue. */
-@@ -1009,7 +1009,7 @@ static void attach_one_default_qdisc(str
+@@ -1013,7 +1013,7 @@ static void attach_one_default_qdisc(str
void *_unused)
{
struct Qdisc *qdisc;