1 files changed, 57 insertions, 0 deletions

diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-1.8-pax-const.patch b/net-firewall/ipt_netflow/files/ipt_netflow-1.8-pax-const.patch
new file mode 100644
index 000000000000..792b68279d0f
--- /dev/null
+++ b/net-firewall/ipt_netflow/files/ipt_netflow-1.8-pax-const.patch
@@ -0,0 +1,57 @@
+Patch by Jeremy Drake, https://bugs.gentoo.org/show_bug.cgi?id=466430
+
+Adds support for building with PaX hardened kernel
+
+--- ipt_NETFLOW.c.orig	2013-06-26 23:02:17.000000000 +0400
++++ ipt_NETFLOW.c	2013-06-26 23:04:52.000000000 +0400
+@@ -371,14 +371,13 @@
+ static int hsize_procctl(ctl_table *ctl, int write, BEFORE2632(struct file *filp,)
+ 			 void __user *buffer, size_t *lenp, loff_t *fpos)
+ {
+-	void *orig = ctl->data;
++	ctl_table_no_const lctl = *ctl;
+ 	int ret, hsize;
+ 
+ 	if (write)
+-		ctl->data = &hsize;
+-	ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
++		lctl.data = &hsize;
++	ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
+ 	if (write) {
+-		ctl->data = orig;
+ 		if (hsize < 1)
+ 			return -EPERM;
+ 		return set_hashsize(hsize)?:ret;
+@@ -391,6 +390,7 @@
+ {
+ 	int ret;
+ 	struct ipt_netflow_sock *usock;
++	ctl_table_no_const lctl = *ctl;
+        
+ 	read_lock(&sock_lock);
+ 	if (list_empty(&usock_list)) {
+@@ -401,8 +401,8 @@
+ 	sndbuf = usock->sock->sk->sk_sndbuf;
+ 	read_unlock(&sock_lock);
+ 
+-	ctl->data = &sndbuf;
+-	ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
++	lctl.data = &sndbuf;
++	ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
+ 	if (!write)
+ 		return ret;
+ 	if (sndbuf < SOCK_MIN_SNDBUF)
+@@ -451,10 +451,11 @@
+ {
+ 	int ret;
+ 	int val;
++	ctl_table_no_const lctl = *ctl;
+ 
+ 	val = 0;
+-	ctl->data = &val;
+-	ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
++	lctl.data = &val;
++	ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
+ 
+ 	if (!write)
+ 		return ret;