Commit 3665f899 authored by Ted Trask's avatar Ted Trask

Merge branch '1.9' of git://dev.alpinelinux.org/aports into 1.9

parents ebca8139 31fd43b5
......@@ -14,7 +14,7 @@ _realname=dahdi-linux
pkgname=${_realname}-${_flavor}
pkgver=2.2.0
pkgrel=19
pkgrel=20
pkgdesc="Digium Asterisk Hardware Device Interface drivers"
url="http://www.asterisk.org"
license="GPL"
......
......@@ -2,7 +2,7 @@
pkgname=ipsec-tools
pkgver=0.8_alpha20090903
_myver=0.8-alpha20090903
pkgrel=2
pkgrel=4
pkgdesc="User-space IPsec tools for various IPsec implementations"
url="http://ipsec-tools.sourceforge.net/"
license="BSD"
......@@ -14,6 +14,7 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz
racoon.confd
50-reverse-connect.patch
60-debug-quick.patch
initial-contact-fix.diff
"
build() {
......@@ -22,6 +23,8 @@ build() {
msg "Applying $i..."
patch -p1 -i $i || return 1
done
patch -p0 -i "$srcdir"/initial-contact-fix.diff || return 1
sed -i 's:-Werror::g' configure
./configure --prefix=/usr \
......@@ -48,4 +51,5 @@ md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd ipsec-tools-0.8-alpha20090903.tar.gz
860e8ca1d8c793dc3055b94fd88f02a3 racoon.initd
2d00250cf72da7f2f559c91b65a48747 racoon.confd
13bda94a598aabf593280e04ea16065d 50-reverse-connect.patch
baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch"
baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch
69e06c5cc3a0c1cc8b10ddc89d1e644b initial-contact-fix.diff"
Index: src/racoon/admin.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v
retrieving revision 1.32
diff -u -r1.32 admin.c
--- src/racoon/admin.c 3 Sep 2009 09:29:07 -0000 1.32
+++ src/racoon/admin.c 10 Dec 2009 14:38:47 -0000
@@ -299,9 +299,8 @@
break;
case ADMIN_DELETE_SA: {
- struct ph1handle *iph1;
- struct ph1selector sel;
char *loc, *rem;
+ struct ph1selector sel;
memset(&sel, 0, sizeof(sel));
sel.local = (struct sockaddr *)
@@ -319,6 +318,7 @@
plog(LLV_INFO, LOCATION, NULL,
"admin delete-sa %s %s\n", loc, rem);
enumph1(&sel, admin_ph1_delete_sa, NULL);
+ remcontacted(sel.remote);
racoon_free(loc);
racoon_free(rem);
Index: src/racoon/handler.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.c,v
retrieving revision 1.31
diff -u -r1.31 handler.c
--- src/racoon/handler.c 22 Nov 2009 19:34:55 -0000 1.31
+++ src/racoon/handler.c 10 Dec 2009 14:38:48 -0000
@@ -966,6 +966,22 @@
}
void
+remcontacted(remote)
+ struct sockaddr *remote;
+{
+ struct contacted *p;
+
+ LIST_FOREACH(p, &ctdtree, chain) {
+ if (cmpsaddr(remote, p->remote) == 0) {
+ LIST_REMOVE(p, chain);
+ racoon_free(p->remote);
+ racoon_free(p);
+ break;
+ }
+ }
+}
+
+void
initctdtree()
{
LIST_INIT(&ctdtree);
Index: src/racoon/handler.h
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v
retrieving revision 1.22
diff -u -r1.22 handler.h
--- src/racoon/handler.h 3 Sep 2009 09:29:07 -0000 1.22
+++ src/racoon/handler.h 10 Dec 2009 14:38:48 -0000
@@ -518,6 +518,7 @@
extern struct contacted *getcontacted __P((struct sockaddr *));
extern int inscontacted __P((struct sockaddr *));
+extern void remcontacted __P((struct sockaddr *));
extern void initctdtree __P((void));
extern int check_recvdpkt __P((struct sockaddr *,
......@@ -15,7 +15,7 @@ if [ -f ../iscsitarget/APKBUILD ]; then
fi
pkgname=${_realname}-${_flavor}
pkgver=${pkgver:-0.4.17}
pkgrel=17
pkgrel=18
pkgdesc="$_flavor kernel modules for iscsitarget"
url="http://iscsitarget.sourceforge.net/"
license="GPL-2"
......
......@@ -12,7 +12,7 @@ _abi_release=$pkgver-${_flavor}
pkgname=${_realname}-${_flavor}
pkgver=1.4.0_pre1
_realver=1.4.0pre1
pkgrel=10
pkgrel=11
pkgdesc="$_flavor kernel modules for kemu"
url="http://www.nongnu.org/qemu/"
license="GPL"
......
......@@ -2,7 +2,7 @@
_flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.30.8
pkgver=2.6.30.10
_kernver=2.6.30
pkgrel=0
pkgdesc="Linux kernel with grsecurity"
......@@ -120,7 +120,7 @@ firmware() {
}
md5sums="7a80058a6382e5108cdb5554d1609615 linux-2.6.30.tar.bz2
7e9b405b840bf5ecc70d208bfccee5f9 patch-2.6.30.8.bz2
6485fe0cf0f0220493647505bfd2f7b0 patch-2.6.30.10.bz2
287a382cfb72043867d8092996875f5d grsecurity-2.1.14-2.6.30.8-200909262311.patch
ca05fd252783b82e01610e775cf56498 net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
9f41d910914f5a516072f0aa500fa117 kernelconfig"
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=pingu
pkgver=0.3
pkgrel=3
pkgver=0.4.1
pkgrel=0
pkgdesc="Small daemon that pings hosts and executes a script when status change"
url="http://git.alpinelinux.org/cgit/pingu"
license="GPL"
......@@ -16,9 +16,9 @@ build() {
make || return 1
make BINDIR=/usr/sbin DESTDIR="$pkgdir" install
install -m644 -D pingu.conf "$pkgdir"/etc/pingu.conf
install -m644 -D pingu.conf "$pkgdir"/etc/pingu/pingu.conf
install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
}
md5sums="59f9c927a80c71d85f2363e314a25197 pingu-0.3.tar.bz2
md5sums="257abb7c434ae2cda5c029c30584aa88 pingu-0.4.1.tar.bz2
318110763cc8ba23a61455d16cb23f97 pingu.initd"
......@@ -16,7 +16,7 @@ fi
pkgname=${_realname}-${_flavor}
pkgver=${pkgver:-1.17}
pkgrel=15
pkgrel=16
pkgdesc="Iptables extensions kernel modules"
url="http://xtables-addons.sourceforge.net/"
license="GPL"
......
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
_flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.30.10
_kernver=2.6.30
pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
makedepends="perl installkernel"
_config=${config:-kernelconfig}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
grsecurity-2.1.14-2.6.30.8-200909262311.patch
net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
$_config
"
subpackages="$pkgname-dev linux-firmware:firmware"
license="GPL-2"
_abi_release=${pkgver}-${_flavor}
_prepare() {
cd "$srcdir"/linux-$_kernver
if [ "$_kernver" != "$pkgver" ]; then
bunzip2 -c < ../patch-$pkgver.bz2 | patch -p1 -N || return 1
fi
for i in ../*.diff ../*.patch; do
[ -f $i ] || continue
msg "Applying $i..."
patch -p1 -N < $i || return 1
done
mkdir -p "$srcdir"/build
cp "$srcdir"/$_config "$srcdir"/build/.config
make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="$CC" \
silentoldconfig
}
# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig() {
_prepare
cd "$srcdir"/build
make menuconfig
cp .config "$startdir"/$_config
}
build() {
_prepare || return 1
cd "$srcdir"/build
make CC="$CC" || return 1
mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
make modules_install install \
INSTALL_MOD_PATH="$pkgdir" \
INSTALL_PATH="$pkgdir"/boot
# ln -s vmlinuz-${_abi_release} "${pkgdir}"/boot/$_flavor
rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
"$pkgdir"/lib/modules/${_abi_release}/source
install -D include/config/kernel.release \
"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
}
dev() {
# copy the only the parts that we really need for build 3rd party
# kernel modules and install those as /usr/src/linux-headers,
# simlar to what ubuntu does
#
# this way you dont need to install the 300-400 kernel sources to
# build a tiny kernel module
#
pkgdesc="Headers and script for third party modules for grsec kernel"
local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
# first we import config, run prepare to set up for building
# external modules, and create the scripts
mkdir -p "$dir"
cp "$srcdir"/kernelconfig "$dir"/.config
make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="$CC" \
silentoldconfig prepare scripts
# remove the stuff that poits to real sources. we want 3rd party
# modules to believe this is the soruces
rm "$dir"/Makefile "$dir"/source
# copy the needed stuff from real sources
#
# this is taken from ubuntu kernel build script
# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
cd "$srcdir"/linux-$_kernver
find . -path './include/*' -prune -o -path './scripts/*' -prune \
-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
-o -name '*.lds' \) | cpio -pdm "$dir"
cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
cp -a drivers/media/video/*.h "$dir"/drivers/media/video
cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
cp -a scripts include "$dir"
find $(find arch -name include -type d -print) -type f \
| cpio -pdm "$dir"
install -Dm644 "$srcdir"/build/Module.symvers \
"$dir"/Module.symvers
mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
ln -sf /usr/src/linux-headers-${_abi_release} \
"$subpkgdir"/lib/modules/${_abi_release}/build
}
firmware() {
pkgdesc="Firmware for linux kernel"
replaces="linux-grsec linux-vserver"
mkdir -p "$subpkgdir"/lib
mv "$pkgdir"/lib/firmware "$subpkgdir"/lib/
}
md5sums="7a80058a6382e5108cdb5554d1609615 linux-2.6.30.tar.bz2
6485fe0cf0f0220493647505bfd2f7b0 patch-2.6.30.10.bz2
287a382cfb72043867d8092996875f5d grsecurity-2.1.14-2.6.30.8-200909262311.patch
ca05fd252783b82e01610e775cf56498 net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
9f41d910914f5a516072f0aa500fa117 kernelconfig"
This source diff could not be displayed because it is too large. You can view the blob instead.
From: Timo Teras <timo.teras@iki.fi>
Date: Thu, 11 Jun 2009 11:16:28 +0000 (-0700)
Subject: neigh: fix state transition INCOMPLETE->FAILED via Netlink request
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet-next-2.6.git;a=commitdiff_plain;h=5ef12d98a19254ee5dc851bd83e214b43ec1f725;hp=2b85a34e911bf483c27cfdd124aeb1605145dc80
neigh: fix state transition INCOMPLETE->FAILED via Netlink request
The current code errors out the INCOMPLETE neigh entry skb queue only from
the timer if maximum probes have been attempted and there has been no reply.
This also causes the transtion to FAILED state.
However, the neigh entry can be also updated via Netlink to inform that the
address is unavailable. Currently, neigh_update() just stops the timers and
leaves the pending skb's unreleased. This results that the clean up code in
the timer callback is never called, preventing also proper garbage collection.
This fixes neigh_update() to process the pending skb queue immediately if
INCOMPLETE -> FAILED state transtion occurs due to a Netlink request.
Signed-off-by: Timo Teras <timo.teras@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index c54229b..163b4f5 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -771,6 +771,28 @@ static __inline__ int neigh_max_probes(struct neighbour *n)
p->ucast_probes + p->app_probes + p->mcast_probes);
}
+static void neigh_invalidate(struct neighbour *neigh)
+{
+ struct sk_buff *skb;
+
+ NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
+ NEIGH_PRINTK2("neigh %p is failed.\n", neigh);
+ neigh->updated = jiffies;
+
+ /* It is very thin place. report_unreachable is very complicated
+ routine. Particularly, it can hit the same neighbour entry!
+
+ So that, we try to be accurate and avoid dead loop. --ANK
+ */
+ while (neigh->nud_state == NUD_FAILED &&
+ (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
+ write_unlock(&neigh->lock);
+ neigh->ops->error_report(neigh, skb);
+ write_lock(&neigh->lock);
+ }
+ skb_queue_purge(&neigh->arp_queue);
+}
+
/* Called when a timer expires for a neighbour entry. */
static void neigh_timer_handler(unsigned long arg)
@@ -835,26 +857,9 @@ static void neigh_timer_handler(unsigned long arg)
if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
- struct sk_buff *skb;
-
neigh->nud_state = NUD_FAILED;
- neigh->updated = jiffies;
notify = 1;
- NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
- NEIGH_PRINTK2("neigh %p is failed.\n", neigh);
-
- /* It is very thin place. report_unreachable is very complicated
- routine. Particularly, it can hit the same neighbour entry!
-
- So that, we try to be accurate and avoid dead loop. --ANK
- */
- while (neigh->nud_state == NUD_FAILED &&
- (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
- write_unlock(&neigh->lock);
- neigh->ops->error_report(neigh, skb);
- write_lock(&neigh->lock);
- }
- skb_queue_purge(&neigh->arp_queue);
+ neigh_invalidate(neigh);
}
if (neigh->nud_state & NUD_IN_TIMER) {
@@ -1001,6 +1006,11 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
neigh->nud_state = new;
err = 0;
notify = old & NUD_VALID;
+ if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
+ (new & NUD_FAILED)) {
+ neigh_invalidate(neigh);
+ notify = 1;
+ }
goto out;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment