Merge branch '1.9' of git://dev.alpinelinux.org/aports into 1.9

main/dahdi-linux-grsec/APKBUILD

@@ -14,7 +14,7 @@ _realname=dahdi-linux
 
 pkgname=${_realname}-${_flavor}
 pkgver=2.2.0
-pkgrel=19
+pkgrel=20
 pkgdesc="Digium Asterisk Hardware Device Interface drivers"
 url="http://www.asterisk.org"
 license="GPL"

main/ipsec-tools/APKBUILD

@@ -2,7 +2,7 @@
 pkgname=ipsec-tools
 pkgver=0.8_alpha20090903
 _myver=0.8-alpha20090903
-pkgrel=2
+pkgrel=4
 pkgdesc="User-space IPsec tools for various IPsec implementations"
 url="http://ipsec-tools.sourceforge.net/"
 license="BSD"
@@ -14,6 +14,7 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz
 	racoon.confd
 	50-reverse-connect.patch
 	60-debug-quick.patch
+	initial-contact-fix.diff
 	"
 
 build() {
@@ -22,6 +23,8 @@ build() {
 		msg "Applying $i..."
 		patch -p1 -i $i || return 1
 	done
+	patch -p0 -i "$srcdir"/initial-contact-fix.diff || return 1
+
 	sed -i 's:-Werror::g' configure
 
 	./configure --prefix=/usr \
@@ -48,4 +51,5 @@ md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd  ipsec-tools-0.8-alpha20090903.tar.gz
 860e8ca1d8c793dc3055b94fd88f02a3  racoon.initd
 2d00250cf72da7f2f559c91b65a48747  racoon.confd
 13bda94a598aabf593280e04ea16065d  50-reverse-connect.patch
-baa13d7f0f48955c792f7fcd42a8587a  60-debug-quick.patch"
+baa13d7f0f48955c792f7fcd42a8587a  60-debug-quick.patch
+69e06c5cc3a0c1cc8b10ddc89d1e644b  initial-contact-fix.diff"

main/ipsec-tools/initial-contact-fix.diff

+Index: src/racoon/admin.c
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v
+retrieving revision 1.32
+diff -u -r1.32 admin.c
+--- src/racoon/admin.c	3 Sep 2009 09:29:07 -0000	1.32
++++ src/racoon/admin.c	10 Dec 2009 14:38:47 -0000
+@@ -299,9 +299,8 @@
+ 		break;
+ 
+ 	case ADMIN_DELETE_SA: {
+-		struct ph1handle *iph1;
+-		struct ph1selector sel;
+ 		char *loc, *rem;
++		struct ph1selector sel;
+ 
+ 		memset(&sel, 0, sizeof(sel));
+ 		sel.local = (struct sockaddr *)
+@@ -319,6 +318,7 @@
+ 		plog(LLV_INFO, LOCATION, NULL,
+ 		     "admin delete-sa %s %s\n", loc, rem);
+ 		enumph1(&sel, admin_ph1_delete_sa, NULL);
++		remcontacted(sel.remote);
+ 
+ 		racoon_free(loc);
+ 		racoon_free(rem);
+Index: src/racoon/handler.c
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.c,v
+retrieving revision 1.31
+diff -u -r1.31 handler.c
+--- src/racoon/handler.c	22 Nov 2009 19:34:55 -0000	1.31
++++ src/racoon/handler.c	10 Dec 2009 14:38:48 -0000
+@@ -966,6 +966,22 @@
+ }
+ 
+ void
++remcontacted(remote)
++	struct sockaddr *remote;
++{
++	struct contacted *p;
++
++	LIST_FOREACH(p, &ctdtree, chain) {
++		if (cmpsaddr(remote, p->remote) == 0) {
++			LIST_REMOVE(p, chain);
++			racoon_free(p->remote);
++			racoon_free(p);
++			break;
++		}
++	}	
++}
++
++void
+ initctdtree()
+ {
+ 	LIST_INIT(&ctdtree);
+Index: src/racoon/handler.h
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v
+retrieving revision 1.22
+diff -u -r1.22 handler.h
+--- src/racoon/handler.h	3 Sep 2009 09:29:07 -0000	1.22
++++ src/racoon/handler.h	10 Dec 2009 14:38:48 -0000
+@@ -518,6 +518,7 @@
+ 
+ extern struct contacted *getcontacted __P((struct sockaddr *));
+ extern int inscontacted __P((struct sockaddr *));
++extern void remcontacted __P((struct sockaddr *));
+ extern void initctdtree __P((void));
+ 
+ extern int check_recvdpkt __P((struct sockaddr *,

main/iscsitarget-grsec/APKBUILD

@@ -15,7 +15,7 @@ if [ -f ../iscsitarget/APKBUILD ]; then
 fi
 pkgname=${_realname}-${_flavor}
 pkgver=${pkgver:-0.4.17}
-pkgrel=17
+pkgrel=18
 pkgdesc="$_flavor kernel modules for iscsitarget"
 url="http://iscsitarget.sourceforge.net/"
 license="GPL-2"

main/kqemu-grsec/APKBUILD

@@ -12,7 +12,7 @@ _abi_release=$pkgver-${_flavor}
 pkgname=${_realname}-${_flavor}
 pkgver=1.4.0_pre1
 _realver=1.4.0pre1
-pkgrel=10
+pkgrel=11
 pkgdesc="$_flavor kernel modules for kemu"
 url="http://www.nongnu.org/qemu/"
 license="GPL"

main/linux-grsec/APKBUILD

@@ -2,7 +2,7 @@
 
 _flavor=grsec
 pkgname=linux-${_flavor}
-pkgver=2.6.30.8
+pkgver=2.6.30.10
 _kernver=2.6.30
 pkgrel=0
 pkgdesc="Linux kernel with grsecurity"
@@ -120,7 +120,7 @@ firmware() {
 }
 
 md5sums="7a80058a6382e5108cdb5554d1609615  linux-2.6.30.tar.bz2
-7e9b405b840bf5ecc70d208bfccee5f9  patch-2.6.30.8.bz2
+6485fe0cf0f0220493647505bfd2f7b0  patch-2.6.30.10.bz2
 287a382cfb72043867d8092996875f5d  grsecurity-2.1.14-2.6.30.8-200909262311.patch
 ca05fd252783b82e01610e775cf56498  net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
 9f41d910914f5a516072f0aa500fa117  kernelconfig"

main/pingu/APKBUILD

 # Contributor: Natanael Copa <ncopa@alpinelinux.org>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=pingu
-pkgver=0.3
-pkgrel=3
+pkgver=0.4.1
+pkgrel=0
 pkgdesc="Small daemon that pings hosts and executes a script when status change"
 url="http://git.alpinelinux.org/cgit/pingu"
 license="GPL"
@@ -16,9 +16,9 @@ build() {
 
 	make || return 1
 	make BINDIR=/usr/sbin DESTDIR="$pkgdir" install
-	install -m644 -D pingu.conf "$pkgdir"/etc/pingu.conf
+	install -m644 -D pingu.conf "$pkgdir"/etc/pingu/pingu.conf
 	install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
 }
 
-md5sums="59f9c927a80c71d85f2363e314a25197  pingu-0.3.tar.bz2
+md5sums="257abb7c434ae2cda5c029c30584aa88  pingu-0.4.1.tar.bz2
 318110763cc8ba23a61455d16cb23f97  pingu.initd"

main/pingu/commit-queue

-pingu

main/xtables-addons-grsec/APKBUILD

@@ -16,7 +16,7 @@ fi
 
 pkgname=${_realname}-${_flavor}
 pkgver=${pkgver:-1.17}
-pkgrel=15
+pkgrel=16
 pkgdesc="Iptables extensions kernel modules"
 url="http://xtables-addons.sourceforge.net/"
 license="GPL"

testing/linux-grsec/APKBUILD

-# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
-
-_flavor=grsec
-pkgname=linux-${_flavor}
-pkgver=2.6.30.10
-_kernver=2.6.30
-pkgrel=0
-pkgdesc="Linux kernel with grsecurity"
-url=http://grsecurity.net
-depends="mkinitfs linux-firmware"
-makedepends="perl installkernel"
-_config=${config:-kernelconfig}
-install=
-source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
-	ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
-	grsecurity-2.1.14-2.6.30.8-200909262311.patch
-	net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
-	$_config
-	"
-subpackages="$pkgname-dev linux-firmware:firmware"
-license="GPL-2"
-
-_abi_release=${pkgver}-${_flavor}
-
-_prepare() {
-	cd "$srcdir"/linux-$_kernver
-	if [ "$_kernver" != "$pkgver" ]; then
-		bunzip2 -c < ../patch-$pkgver.bz2 | patch -p1 -N || return 1
-	fi
-
-	for i in ../*.diff ../*.patch; do
-		[ -f $i ] || continue
-		msg "Applying $i..."
-		patch -p1 -N < $i || return 1
-	done
-
-	mkdir -p "$srcdir"/build
-	cp "$srcdir"/$_config "$srcdir"/build/.config
-	make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="$CC" \
-		silentoldconfig
-}
-
-# this is so we can do: 'abuild menuconfig' to reconfigure kernel
-menuconfig() {
-	_prepare
-	cd "$srcdir"/build
-	make menuconfig
-	cp .config "$startdir"/$_config
-}
-
-build() {
-	_prepare || return 1
-	cd "$srcdir"/build
-	make CC="$CC" || return 1
-
-	mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
-	make modules_install install \
-		INSTALL_MOD_PATH="$pkgdir" \
-		INSTALL_PATH="$pkgdir"/boot
-
-#	ln -s vmlinuz-${_abi_release} "${pkgdir}"/boot/$_flavor
-
-	rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
-		"$pkgdir"/lib/modules/${_abi_release}/source
-	install -D include/config/kernel.release \
-		"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
-}
-
-dev() {
-	# copy the only the parts that we really need for build 3rd party
-	# kernel modules and install those as /usr/src/linux-headers,
-	# simlar to what ubuntu does
-	#
-	# this way you dont need to install the 300-400 kernel sources to 
-	# build a tiny kernel module
-	#
-	pkgdesc="Headers and script for third party modules for grsec kernel"
-	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
-
-	# first we import config, run prepare to set up for building 
-	# external modules, and create the scripts
-	mkdir -p "$dir"
-	cp "$srcdir"/kernelconfig "$dir"/.config
-	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="$CC" \
-		silentoldconfig prepare scripts
-
-	# remove the stuff that poits to real sources. we want 3rd party
-	# modules to believe this is the soruces
-	rm "$dir"/Makefile "$dir"/source
-
-	# copy the needed stuff from real sources
-	#
-	# this is taken from ubuntu kernel build script
-	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
-	cd "$srcdir"/linux-$_kernver
-	find . -path './include/*' -prune -o -path './scripts/*' -prune \
-		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
-		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
-		-o -name '*.lds' \) | cpio -pdm "$dir"
-	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
-	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
-	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
-	cp -a scripts include "$dir"
-	find $(find arch -name include -type d -print) -type f \
-		| cpio -pdm "$dir"
-
-	install -Dm644 "$srcdir"/build/Module.symvers \
-		"$dir"/Module.symvers
-
-	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
-	ln -sf /usr/src/linux-headers-${_abi_release} \
-		"$subpkgdir"/lib/modules/${_abi_release}/build
-}
-
-firmware() {
-	pkgdesc="Firmware for linux kernel"
-	replaces="linux-grsec linux-vserver"
-	mkdir -p "$subpkgdir"/lib
-	mv "$pkgdir"/lib/firmware "$subpkgdir"/lib/
-}
-
-md5sums="7a80058a6382e5108cdb5554d1609615  linux-2.6.30.tar.bz2
-6485fe0cf0f0220493647505bfd2f7b0  patch-2.6.30.10.bz2
-287a382cfb72043867d8092996875f5d  grsecurity-2.1.14-2.6.30.8-200909262311.patch
-ca05fd252783b82e01610e775cf56498  net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
-9f41d910914f5a516072f0aa500fa117  kernelconfig"

testing/linux-grsec/net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch

-From: Timo Teras <timo.teras@iki.fi>
-Date: Thu, 11 Jun 2009 11:16:28 +0000 (-0700)
-Subject: neigh: fix state transition INCOMPLETE->FAILED via Netlink request
-X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet-next-2.6.git;a=commitdiff_plain;h=5ef12d98a19254ee5dc851bd83e214b43ec1f725;hp=2b85a34e911bf483c27cfdd124aeb1605145dc80
-
-neigh: fix state transition INCOMPLETE->FAILED via Netlink request
-
-The current code errors out the INCOMPLETE neigh entry skb queue only from
-the timer if maximum probes have been attempted and there has been no reply.
-This also causes the transtion to FAILED state.
-
-However, the neigh entry can be also updated via Netlink to inform that the
-address is unavailable.  Currently, neigh_update() just stops the timers and
-leaves the pending skb's unreleased. This results that the clean up code in
-the timer callback is never called, preventing also proper garbage collection.
-
-This fixes neigh_update() to process the pending skb queue immediately if
-INCOMPLETE -> FAILED state transtion occurs due to a Netlink request.
-
-Signed-off-by: Timo Teras <timo.teras@iki.fi>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
-
-diff --git a/net/core/neighbour.c b/net/core/neighbour.c
-index c54229b..163b4f5 100644
---- a/net/core/neighbour.c
-+++ b/net/core/neighbour.c
-@@ -771,6 +771,28 @@ static __inline__ int neigh_max_probes(struct neighbour *n)
- 		p->ucast_probes + p->app_probes + p->mcast_probes);
- }
- 
-+static void neigh_invalidate(struct neighbour *neigh)
-+{
-+	struct sk_buff *skb;
-+
-+	NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
-+	NEIGH_PRINTK2("neigh %p is failed.\n", neigh);
-+	neigh->updated = jiffies;
-+
-+	/* It is very thin place. report_unreachable is very complicated
-+	   routine. Particularly, it can hit the same neighbour entry!
-+
-+	   So that, we try to be accurate and avoid dead loop. --ANK
-+	 */
-+	while (neigh->nud_state == NUD_FAILED &&
-+	       (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
-+		write_unlock(&neigh->lock);
-+		neigh->ops->error_report(neigh, skb);
-+		write_lock(&neigh->lock);
-+	}
-+	skb_queue_purge(&neigh->arp_queue);
-+}
-+
- /* Called when a timer expires for a neighbour entry. */
- 
- static void neigh_timer_handler(unsigned long arg)
-@@ -835,26 +857,9 @@ static void neigh_timer_handler(unsigned long arg)
- 
- 	if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
- 	    atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
--		struct sk_buff *skb;
--
- 		neigh->nud_state = NUD_FAILED;
--		neigh->updated = jiffies;
- 		notify = 1;
--		NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
--		NEIGH_PRINTK2("neigh %p is failed.\n", neigh);
--
--		/* It is very thin place. report_unreachable is very complicated
--		   routine. Particularly, it can hit the same neighbour entry!
--
--		   So that, we try to be accurate and avoid dead loop. --ANK
--		 */
--		while (neigh->nud_state == NUD_FAILED &&
--		       (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
--			write_unlock(&neigh->lock);
--			neigh->ops->error_report(neigh, skb);
--			write_lock(&neigh->lock);
--		}
--		skb_queue_purge(&neigh->arp_queue);
-+		neigh_invalidate(neigh);
- 	}
- 
- 	if (neigh->nud_state & NUD_IN_TIMER) {
-@@ -1001,6 +1006,11 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
- 		neigh->nud_state = new;
- 		err = 0;
- 		notify = old & NUD_VALID;
-+		if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
-+		    (new & NUD_FAILED)) {
-+			neigh_invalidate(neigh);
-+			notify = 1;
-+		}
- 		goto out;
- 	}
-