Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
aports
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
651
Issues
651
List
Boards
Labels
Service Desk
Milestones
Merge Requests
216
Merge Requests
216
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alpine
aports
Commits
3665f899
Commit
3665f899
authored
Dec 10, 2009
by
Ted Trask
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch '1.9' of
git://dev.alpinelinux.org/aports
into 1.9
parents
ebca8139
31fd43b5
Changes
13
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
13 changed files
with
87 additions
and
49941 deletions
+87
-49941
main/dahdi-linux-grsec/APKBUILD
main/dahdi-linux-grsec/APKBUILD
+1
-1
main/ipsec-tools/APKBUILD
main/ipsec-tools/APKBUILD
+6
-2
main/ipsec-tools/initial-contact-fix.diff
main/ipsec-tools/initial-contact-fix.diff
+71
-0
main/iscsitarget-grsec/APKBUILD
main/iscsitarget-grsec/APKBUILD
+1
-1
main/kqemu-grsec/APKBUILD
main/kqemu-grsec/APKBUILD
+1
-1
main/linux-grsec/APKBUILD
main/linux-grsec/APKBUILD
+2
-2
main/pingu/APKBUILD
main/pingu/APKBUILD
+4
-4
main/pingu/commit-queue
main/pingu/commit-queue
+0
-1
main/xtables-addons-grsec/APKBUILD
main/xtables-addons-grsec/APKBUILD
+1
-1
testing/linux-grsec/APKBUILD
testing/linux-grsec/APKBUILD
+0
-126
testing/linux-grsec/grsecurity-2.1.14-2.6.30.8-200909262311.patch
...linux-grsec/grsecurity-2.1.14-2.6.30.8-200909262311.patch
+0
-45257
testing/linux-grsec/kernelconfig
testing/linux-grsec/kernelconfig
+0
-4449
testing/linux-grsec/net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
...xt-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
+0
-96
No files found.
main/dahdi-linux-grsec/APKBUILD
View file @
3665f899
...
...
@@ -14,7 +14,7 @@ _realname=dahdi-linux
pkgname
=
${
_realname
}
-
${
_flavor
}
pkgver
=
2.2.0
pkgrel
=
19
pkgrel
=
20
pkgdesc
=
"Digium Asterisk Hardware Device Interface drivers"
url
=
"http://www.asterisk.org"
license
=
"GPL"
...
...
main/ipsec-tools/APKBUILD
View file @
3665f899
...
...
@@ -2,7 +2,7 @@
pkgname
=
ipsec-tools
pkgver
=
0.8_alpha20090903
_myver
=
0.8-alpha20090903
pkgrel
=
2
pkgrel
=
4
pkgdesc
=
"User-space IPsec tools for various IPsec implementations"
url
=
"http://ipsec-tools.sourceforge.net/"
license
=
"BSD"
...
...
@@ -14,6 +14,7 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz
racoon.confd
50-reverse-connect.patch
60-debug-quick.patch
initial-contact-fix.diff
"
build
()
{
...
...
@@ -22,6 +23,8 @@ build() {
msg
"Applying
$i
..."
patch
-p1
-i
$i
||
return
1
done
patch
-p0
-i
"
$srcdir
"
/initial-contact-fix.diff
||
return
1
sed
-i
's:-Werror::g'
configure
./configure
--prefix
=
/usr
\
...
...
@@ -48,4 +51,5 @@ md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd ipsec-tools-0.8-alpha20090903.tar.gz
860e8ca1d8c793dc3055b94fd88f02a3 racoon.initd
2d00250cf72da7f2f559c91b65a48747 racoon.confd
13bda94a598aabf593280e04ea16065d 50-reverse-connect.patch
baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch"
baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch
69e06c5cc3a0c1cc8b10ddc89d1e644b initial-contact-fix.diff"
main/ipsec-tools/initial-contact-fix.diff
0 → 100644
View file @
3665f899
Index: src/racoon/admin.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v
retrieving revision 1.32
diff -u -r1.32 admin.c
--- src/racoon/admin.c 3 Sep 2009 09:29:07 -0000 1.32
+++ src/racoon/admin.c 10 Dec 2009 14:38:47 -0000
@@ -299,9 +299,8 @@
break;
case ADMIN_DELETE_SA: {
- struct ph1handle *iph1;
- struct ph1selector sel;
char *loc, *rem;
+ struct ph1selector sel;
memset(&sel, 0, sizeof(sel));
sel.local = (struct sockaddr *)
@@ -319,6 +318,7 @@
plog(LLV_INFO, LOCATION, NULL,
"admin delete-sa %s %s\n", loc, rem);
enumph1(&sel, admin_ph1_delete_sa, NULL);
+ remcontacted(sel.remote);
racoon_free(loc);
racoon_free(rem);
Index: src/racoon/handler.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.c,v
retrieving revision 1.31
diff -u -r1.31 handler.c
--- src/racoon/handler.c 22 Nov 2009 19:34:55 -0000 1.31
+++ src/racoon/handler.c 10 Dec 2009 14:38:48 -0000
@@ -966,6 +966,22 @@
}
void
+remcontacted(remote)
+ struct sockaddr *remote;
+{
+ struct contacted *p;
+
+ LIST_FOREACH(p, &ctdtree, chain) {
+ if (cmpsaddr(remote, p->remote) == 0) {
+ LIST_REMOVE(p, chain);
+ racoon_free(p->remote);
+ racoon_free(p);
+ break;
+ }
+ }
+}
+
+void
initctdtree()
{
LIST_INIT(&ctdtree);
Index: src/racoon/handler.h
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v
retrieving revision 1.22
diff -u -r1.22 handler.h
--- src/racoon/handler.h 3 Sep 2009 09:29:07 -0000 1.22
+++ src/racoon/handler.h 10 Dec 2009 14:38:48 -0000
@@ -518,6 +518,7 @@
extern struct contacted *getcontacted __P((struct sockaddr *));
extern int inscontacted __P((struct sockaddr *));
+extern void remcontacted __P((struct sockaddr *));
extern void initctdtree __P((void));
extern int check_recvdpkt __P((struct sockaddr *,
main/iscsitarget-grsec/APKBUILD
View file @
3665f899
...
...
@@ -15,7 +15,7 @@ if [ -f ../iscsitarget/APKBUILD ]; then
fi
pkgname
=
${
_realname
}
-
${
_flavor
}
pkgver
=
${
pkgver
:-
0
.4.17
}
pkgrel
=
1
7
pkgrel
=
1
8
pkgdesc
=
"
$_flavor
kernel modules for iscsitarget"
url
=
"http://iscsitarget.sourceforge.net/"
license
=
"GPL-2"
...
...
main/kqemu-grsec/APKBUILD
View file @
3665f899
...
...
@@ -12,7 +12,7 @@ _abi_release=$pkgver-${_flavor}
pkgname
=
${
_realname
}
-
${
_flavor
}
pkgver
=
1.4.0_pre1
_realver
=
1.4.0pre1
pkgrel
=
1
0
pkgrel
=
1
1
pkgdesc
=
"
$_flavor
kernel modules for kemu"
url
=
"http://www.nongnu.org/qemu/"
license
=
"GPL"
...
...
main/linux-grsec/APKBUILD
View file @
3665f899
...
...
@@ -2,7 +2,7 @@
_flavor
=
grsec
pkgname
=
linux-
${
_flavor
}
pkgver
=
2.6.30.
8
pkgver
=
2.6.30.
10
_kernver
=
2.6.30
pkgrel
=
0
pkgdesc
=
"Linux kernel with grsecurity"
...
...
@@ -120,7 +120,7 @@ firmware() {
}
md5sums
=
"7a80058a6382e5108cdb5554d1609615 linux-2.6.30.tar.bz2
7e9b405b840bf5ecc70d208bfccee5f9 patch-2.6.30.8
.bz2
6485fe0cf0f0220493647505bfd2f7b0 patch-2.6.30.10
.bz2
287a382cfb72043867d8092996875f5d grsecurity-2.1.14-2.6.30.8-200909262311.patch
ca05fd252783b82e01610e775cf56498 net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
9f41d910914f5a516072f0aa500fa117 kernelconfig"
main/pingu/APKBUILD
View file @
3665f899
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname
=
pingu
pkgver
=
0.
3
pkgrel
=
3
pkgver
=
0.
4.1
pkgrel
=
0
pkgdesc
=
"Small daemon that pings hosts and executes a script when status change"
url
=
"http://git.alpinelinux.org/cgit/pingu"
license
=
"GPL"
...
...
@@ -16,9 +16,9 @@ build() {
make
||
return
1
make
BINDIR
=
/usr/sbin
DESTDIR
=
"
$pkgdir
"
install
install
-m644
-D
pingu.conf
"
$pkgdir
"
/etc/pingu.conf
install
-m644
-D
pingu.conf
"
$pkgdir
"
/etc/pingu
/pingu
.conf
install
-m755
-D
"
$srcdir
"
/
$pkgname
.initd
"
$pkgdir
"
/etc/init.d/
$pkgname
}
md5sums
=
"
59f9c927a80c71d85f2363e314a25197 pingu-0.3
.tar.bz2
md5sums
=
"
257abb7c434ae2cda5c029c30584aa88 pingu-0.4.1
.tar.bz2
318110763cc8ba23a61455d16cb23f97 pingu.initd"
main/pingu/commit-queue
deleted
100644 → 0
View file @
ebca8139
pingu
main/xtables-addons-grsec/APKBUILD
View file @
3665f899
...
...
@@ -16,7 +16,7 @@ fi
pkgname
=
${
_realname
}
-
${
_flavor
}
pkgver
=
${
pkgver
:-
1
.17
}
pkgrel
=
1
5
pkgrel
=
1
6
pkgdesc
=
"Iptables extensions kernel modules"
url
=
"http://xtables-addons.sourceforge.net/"
license
=
"GPL"
...
...
testing/linux-grsec/APKBUILD
deleted
100644 → 0
View file @
ebca8139
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
_flavor
=
grsec
pkgname
=
linux-
${
_flavor
}
pkgver
=
2.6.30.10
_kernver
=
2.6.30
pkgrel
=
0
pkgdesc
=
"Linux kernel with grsecurity"
url
=
http://grsecurity.net
depends
=
"mkinitfs linux-firmware"
makedepends
=
"perl installkernel"
_config
=
${
config
:-
kernelconfig
}
install
=
source
=
"ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-
$_kernver
.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-
$pkgver
.bz2
grsecurity-2.1.14-2.6.30.8-200909262311.patch
net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
$_config
"
subpackages
=
"
$pkgname
-dev linux-firmware:firmware"
license
=
"GPL-2"
_abi_release
=
${
pkgver
}
-
${
_flavor
}
_prepare
()
{
cd
"
$srcdir
"
/linux-
$_kernver
if
[
"
$_kernver
"
!=
"
$pkgver
"
]
;
then
bunzip2
-c
< ../patch-
$pkgver
.bz2 | patch
-p1
-N
||
return
1
fi
for
i
in
../
*
.diff ../
*
.patch
;
do
[
-f
$i
]
||
continue
msg
"Applying
$i
..."
patch
-p1
-N
<
$i
||
return
1
done
mkdir
-p
"
$srcdir
"
/build
cp
"
$srcdir
"
/
$_config
"
$srcdir
"
/build/.config
make
-C
"
$srcdir
"
/linux-
$_kernver
O
=
"
$srcdir
"
/build
HOSTCC
=
"
$CC
"
\
silentoldconfig
}
# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig
()
{
_prepare
cd
"
$srcdir
"
/build
make menuconfig
cp
.config
"
$startdir
"
/
$_config
}
build
()
{
_prepare
||
return
1
cd
"
$srcdir
"
/build
make
CC
=
"
$CC
"
||
return
1
mkdir
-p
"
$pkgdir
"
/boot
"
$pkgdir
"
/lib/modules
make modules_install
install
\
INSTALL_MOD_PATH
=
"
$pkgdir
"
\
INSTALL_PATH
=
"
$pkgdir
"
/boot
# ln -s vmlinuz-${_abi_release} "${pkgdir}"/boot/$_flavor
rm
-f
"
$pkgdir
"
/lib/modules/
${
_abi_release
}
/build
\
"
$pkgdir
"
/lib/modules/
${
_abi_release
}
/source
install
-D
include/config/kernel.release
\
"
$pkgdir
"
/usr/share/kernel/
$_flavor
/kernel.release
}
dev
()
{
# copy the only the parts that we really need for build 3rd party
# kernel modules and install those as /usr/src/linux-headers,
# simlar to what ubuntu does
#
# this way you dont need to install the 300-400 kernel sources to
# build a tiny kernel module
#
pkgdesc
=
"Headers and script for third party modules for grsec kernel"
local dir
=
"
$subpkgdir
"
/usr/src/linux-headers-
${
_abi_release
}
# first we import config, run prepare to set up for building
# external modules, and create the scripts
mkdir
-p
"
$dir
"
cp
"
$srcdir
"
/kernelconfig
"
$dir
"
/.config
make
-j1
-C
"
$srcdir
"
/linux-
$_kernver
O
=
"
$dir
"
HOSTCC
=
"
$CC
"
\
silentoldconfig prepare scripts
# remove the stuff that poits to real sources. we want 3rd party
# modules to believe this is the soruces
rm
"
$dir
"
/Makefile
"
$dir
"
/source
# copy the needed stuff from real sources
#
# this is taken from ubuntu kernel build script
# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
cd
"
$srcdir
"
/linux-
$_kernver
find
.
-path
'./include/*'
-prune
-o
-path
'./scripts/*'
-prune
\
-o
-type
f
\(
-name
'Makefile*'
-o
-name
'Kconfig*'
\
-o
-name
'Kbuild*'
-o
-name
'*.sh'
-o
-name
'*.pl'
\
-o
-name
'*.lds'
\)
| cpio
-pdm
"
$dir
"
cp
-a
drivers/media/dvb/dvb-core/
*
.h
"
$dir
"
/drivers/media/dvb/dvb-core
cp
-a
drivers/media/video/
*
.h
"
$dir
"
/drivers/media/video
cp
-a
drivers/media/dvb/frontends/
*
.h
"
$dir
"
/drivers/media/dvb/frontends
cp
-a
scripts include
"
$dir
"
find
$(
find
arch
-name
include
-type
d
-print
)
-type
f
\
| cpio
-pdm
"
$dir
"
install
-Dm644
"
$srcdir
"
/build/Module.symvers
\
"
$dir
"
/Module.symvers
mkdir
-p
"
$subpkgdir
"
/lib/modules/
${
_abi_release
}
ln
-sf
/usr/src/linux-headers-
${
_abi_release
}
\
"
$subpkgdir
"
/lib/modules/
${
_abi_release
}
/build
}
firmware
()
{
pkgdesc
=
"Firmware for linux kernel"
replaces
=
"linux-grsec linux-vserver"
mkdir
-p
"
$subpkgdir
"
/lib
mv
"
$pkgdir
"
/lib/firmware
"
$subpkgdir
"
/lib/
}
md5sums
=
"7a80058a6382e5108cdb5554d1609615 linux-2.6.30.tar.bz2
6485fe0cf0f0220493647505bfd2f7b0 patch-2.6.30.10.bz2
287a382cfb72043867d8092996875f5d grsecurity-2.1.14-2.6.30.8-200909262311.patch
ca05fd252783b82e01610e775cf56498 net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
9f41d910914f5a516072f0aa500fa117 kernelconfig"
testing/linux-grsec/grsecurity-2.1.14-2.6.30.8-200909262311.patch
deleted
100644 → 0
View file @
ebca8139
This diff is collapsed.
Click to expand it.
testing/linux-grsec/kernelconfig
deleted
100644 → 0
View file @
ebca8139
This diff is collapsed.
Click to expand it.
testing/linux-grsec/net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
deleted
100644 → 0
View file @
ebca8139
From: Timo Teras <timo.teras@iki.fi>
Date: Thu, 11 Jun 2009 11:16:28 +0000 (-0700)
Subject: neigh: fix state transition INCOMPLETE->FAILED via Netlink request
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet-next-2.6.git;a=commitdiff_plain;h=5ef12d98a19254ee5dc851bd83e214b43ec1f725;hp=2b85a34e911bf483c27cfdd124aeb1605145dc80
neigh: fix state transition INCOMPLETE->FAILED via Netlink request
The current code errors out the INCOMPLETE neigh entry skb queue only from
the timer if maximum probes have been attempted and there has been no reply.
This also causes the transtion to FAILED state.
However, the neigh entry can be also updated via Netlink to inform that the
address is unavailable. Currently, neigh_update() just stops the timers and
leaves the pending skb's unreleased. This results that the clean up code in
the timer callback is never called, preventing also proper garbage collection.
This fixes neigh_update() to process the pending skb queue immediately if
INCOMPLETE -> FAILED state transtion occurs due to a Netlink request.
Signed-off-by: Timo Teras <timo.teras@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index c54229b..163b4f5 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -771,6 +771,28 @@
static __inline__ int neigh_max_probes(struct neighbour *n)
p->ucast_probes + p->app_probes + p->mcast_probes);
}
+static void neigh_invalidate(struct neighbour *neigh)
+{
+ struct sk_buff *skb;
+
+ NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
+ NEIGH_PRINTK2("neigh %p is failed.\n", neigh);
+ neigh->updated = jiffies;
+
+ /* It is very thin place. report_unreachable is very complicated
+ routine. Particularly, it can hit the same neighbour entry!
+
+ So that, we try to be accurate and avoid dead loop. --ANK
+ */
+ while (neigh->nud_state == NUD_FAILED &&
+ (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
+ write_unlock(&neigh->lock);
+ neigh->ops->error_report(neigh, skb);
+ write_lock(&neigh->lock);
+ }
+ skb_queue_purge(&neigh->arp_queue);
+}
+
/* Called when a timer expires for a neighbour entry. */
static void neigh_timer_handler(unsigned long arg)
@@ -835,26 +857,9 @@
static void neigh_timer_handler(unsigned long arg)
if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
- struct sk_buff *skb;
-
neigh->nud_state = NUD_FAILED;
- neigh->updated = jiffies;
notify = 1;
- NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
- NEIGH_PRINTK2("neigh %p is failed.\n", neigh);
-
- /* It is very thin place. report_unreachable is very complicated
- routine. Particularly, it can hit the same neighbour entry!
-
- So that, we try to be accurate and avoid dead loop. --ANK
- */
- while (neigh->nud_state == NUD_FAILED &&
- (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
- write_unlock(&neigh->lock);
- neigh->ops->error_report(neigh, skb);
- write_lock(&neigh->lock);
- }
- skb_queue_purge(&neigh->arp_queue);
+ neigh_invalidate(neigh);
}
if (neigh->nud_state & NUD_IN_TIMER) {
@@ -1001,6 +1006,11 @@
int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
neigh->nud_state = new;
err = 0;
notify = old & NUD_VALID;
+ if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
+ (new & NUD_FAILED)) {
+ neigh_invalidate(neigh);
+ notify = 1;
+ }
goto out;
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment