Commit f9bc751c authored by Ted Trask's avatar Ted Trask

Merge branch '1.9' of git://dev.alpinelinux.org/aports into 1.9

parents 8d943691 10a00b01
From 19b2598f8a52ba8af07eb4904788d0843130b094 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 27 Oct 2009 15:24:18 +0000
Subject: [PATCH] Revert "abuild: minor cleanup"
This commit seems to kill the entire repository
This reverts commit 46aed95754ebeb17a3a367b3b41d0b6424fd18d9.
---
buildrepo.in | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/buildrepo.in b/buildrepo.in
index d719c34..c211789 100755
--- a/buildrepo.in
+++ b/buildrepo.in
@@ -22,9 +22,9 @@ usage() {
listpackages() {
+ cd "$aportsdir/$1"
for i in */APKBUILD; do
- cd "$aportsdir"/$1/${i%/*}
- abuild listpkg
+ APKBUILD=$i abuild listpkg
done
}
--
1.6.5
From 64baa7c5052f1dbbd156932552d1166b5c1d40ae Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Mon, 14 Sep 2009 08:41:55 +0000
Subject: [PATCH] abuild-sign: set permissions on signed index to 644
mktemp set it to 600 so we need to manually set it to 644
---
abuild-sign.in | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/abuild-sign.in b/abuild-sign.in
index 2aa525e..86b3b15 100644
--- a/abuild-sign.in
+++ b/abuild-sign.in
@@ -80,6 +80,7 @@ for f in "$@"; do
cat "$tmptargz" "$i" > "$tmpsigned"
rm -f "$tmptargz"
mv "$tmpsigned" "$i"
+ chmod 644 "$i"
if [ -z "$quiet" ]; then
echo "Signed $i"
fi
--
1.6.4.2
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgdesc="Script to build Alpine Packages"
pkgname=abuild
pkgver=2.0_rc9
pkgrel=1
pkgver=2.0.1
pkgrel=0
url=http://git.alpinelinux.org/cgit/abuild/
source="http://git.alpinelinux.org/cgit/abuild/snapshot/abuild-$pkgver.tar.bz2
0001-abuild-sign-set-permissions-on-signed-index-to-644.patch
"
depends="fakeroot file sudo pax-utils openssl apk-tools"
makedepends="openssl-dev pkgconfig"
......@@ -13,11 +12,10 @@ license=GPL-2
build() {
cd "$srcdir/$pkgname-$pkgver"
patch -p1 -i ../0001-abuild-sign-set-permissions-on-signed-index-to-644.patch || return 1
make
make install DESTDIR="$pkgdir"
install -m 644 abuild.conf "$pkgdir"/etc/abuild.conf
}
md5sums="025f8dfa4114cf6432fdf52f14c2fc5c abuild-2.0_rc9.tar.bz2
512a6f10ffc7a986ea477dcf7ebd1d28 0001-abuild-sign-set-permissions-on-signed-index-to-644.patch"
md5sums="50d4d0552b4ab2a394422b7ff3016124 abuild-2.0.1.tar.bz2"
From cc4644a54e4bb92507f957832647d91f7f91c21b Mon Sep 17 00:00:00 2001
From: Timo Teras <timo.teras@iki.fi>
Date: Mon, 26 Oct 2009 09:33:12 +0200
Subject: [PATCH 1/2] version: fix comparision of pre-suffixes
got broke in 0b9bfa8d52ea7ec2cae562a71932a9cc6e2b9963 which
fixed another corner case. hopefully it's good now. fixes #191.
---
src/version.c | 17 ++++++++++++++---
1 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/src/version.c b/src/version.c
index 97b87a6..4253042 100644
--- a/src/version.c
+++ b/src/version.c
@@ -207,12 +207,23 @@ int apk_version_compare_blob(apk_blob_t a, apk_blob_t b)
if (av > bv)
return APK_VERSION_GREATER;
- /* at and bt are the next expected token type */
+ /* both have TOKEN_END or TOKEN_INVALID next? */
if (at == bt)
return APK_VERSION_EQUAL;
- if (at < bt || bt == TOKEN_INVALID)
+
+ /* leading version components and their values are equal,
+ * now the non-terminating version is greater unless it's a suffix
+ * indicating pre-release */
+ if (at == TOKEN_SUFFIX && get_token(&at, &a) < 0)
+ return APK_VERSION_LESS;
+ if (bt == TOKEN_SUFFIX && get_token(&bt, &b) < 0)
return APK_VERSION_GREATER;
- return APK_VERSION_LESS;
+ if (at == TOKEN_END)
+ return APK_VERSION_LESS;
+ if (bt == TOKEN_END)
+ return APK_VERSION_GREATER;
+
+ return APK_VERSION_EQUAL;
}
int apk_version_compare(const char *str1, const char *str2)
--
1.6.5
From a7360395ea963334e80fb49d3fc36789d6f40685 Mon Sep 17 00:00:00 2001
From: Timo Teras <timo.teras@iki.fi>
Date: Mon, 26 Oct 2009 09:46:09 +0200
Subject: [PATCH 2/2] db: fix migration and pruning of symlinks to dirs
the old code treated a symlink to directory as file; it tried
to calculate regular has of it. fix this by: 1) using no follow
on migration and pruning stats, and 2) the helper function to
check if it's point to directory and not calculate hash in that
case. fixes #188.
---
src/database.c | 6 ++++--
src/io.c | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/database.c b/src/database.c
index 16f8bb8..5b1d6bb 100644
--- a/src/database.c
+++ b/src/database.c
@@ -1810,7 +1810,7 @@ static void apk_db_purge_pkg(struct apk_database *db,
if (!(diri->dir->flags & APK_DBDIRF_PROTECTED) ||
(apk_flags & APK_PURGE) ||
(file->csum.type != APK_CHECKSUM_NONE &&
- apk_file_get_info(db->root_fd, name, file->csum.type, &fi) == 0 &&
+ apk_file_get_info(db->root_fd, name, APK_FI_NOFOLLOW | file->csum.type, &fi) == 0 &&
apk_checksum_compare(&file->csum, &fi.csum) == 0))
unlinkat(db->root_fd, name, 0);
if (apk_verbosity >= 3)
@@ -1868,6 +1868,7 @@ static void apk_db_migrate_files(struct apk_database *db,
if (ofile != NULL &&
(diri->dir->flags & APK_DBDIRF_PROTECTED))
cstype = ofile->csum.type;
+ cstype |= APK_FI_NOFOLLOW;
r = apk_file_get_info(db->root_fd, name, cstype, &fi);
if ((diri->dir->flags & APK_DBDIRF_PROTECTED) &&
@@ -1882,7 +1883,8 @@ static void apk_db_migrate_files(struct apk_database *db,
* existing file */
if (ofile == NULL ||
ofile->csum.type != file->csum.type)
- apk_file_get_info(db->root_fd, name, file->csum.type, &fi);
+ apk_file_get_info(db->root_fd, name,
+ APK_FI_NOFOLLOW | file->csum.type, &fi);
if ((apk_flags & APK_CLEAN_PROTECTED) ||
(file->csum.type != APK_CHECKSUM_NONE &&
apk_checksum_compare(&file->csum, &fi.csum) == 0))
diff --git a/src/io.c b/src/io.c
index 40590a2..3e292a7 100644
--- a/src/io.c
+++ b/src/io.c
@@ -487,7 +487,7 @@ int apk_file_get_info(int atfd, const char *filename, unsigned int flags,
.device = st.st_dev,
};
- if (checksum == APK_CHECKSUM_NONE)
+ if (checksum == APK_CHECKSUM_NONE || S_ISDIR(st.st_mode))
return 0;
if ((flags & APK_FI_NOFOLLOW) && S_ISLNK(st.st_mode)) {
--
1.6.5
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=apk-tools
pkgver=2.0_rc6
pkgver=2.0_rc7
pkgrel=0
pkgdesc="Alpine Package Keeper - package manager for alpine"
subpackages="$pkgname-static"
depends=
makedepends="zlib-dev openssl-dev pkgconfig"
source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2
0001-version-fix-comparision-of-pre-suffixes.patch
0002-db-fix-migration-and-pruning-of-symlinks-to-dirs.patch
"
......@@ -42,6 +40,4 @@ static() {
"$subpkgdir"/sbin/apk.static
}
md5sums="0209128debe2791e2380198af4ef5676 apk-tools-2.0_rc6.tar.bz2
3772c9db20a6d90d355fe89741dd5991 0001-version-fix-comparision-of-pre-suffixes.patch
ff7be1c68ad27a69fbeeae7b9a548270 0002-db-fix-migration-and-pruning-of-symlinks-to-dirs.patch"
md5sums="8654e4e4e32ead79560890567caaea5e apk-tools-2.0_rc7.tar.bz2"
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=iftop
pkgver=0.17
pkgrel=0
pkgdesc="iftop does for network usage what top(1) does for CPU usage"
url="http://www.ex-parrot.com/~pdw/iftop/"
license="GPL"
depends=
makedepends="libpcap-dev>=1 ncurses-dev"
subpackages="$pkgname-doc"
source="http://www.ex-parrot.com/~pdw/$pkgname/download/$pkgname-$pkgver.tar.gz"
build() {
cd "$srcdir/$pkgname-$pkgver"
./configure --prefix=/usr --mandir=/usr/share/man
make
make DESTDIR="$pkgdir" install
}
md5sums="062bc8fb3856580319857326e0b8752d iftop-0.17.tar.gz"
From bf94c9b9aa7884fc50d3110d69e2d28e413159ed Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 24 Nov 2009 12:23:38 +0000
Subject: [PATCH] init: never overwrite existing files
ref #197
---
initramfs-init.in | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/initramfs-init.in b/initramfs-init.in
index 04798de..bd97ace 100755
--- a/initramfs-init.in
+++ b/initramfs-init.in
@@ -372,7 +372,7 @@ if [ -n "$KOPT_chart" ]; then
fi
apkflags="--initdb --quiet --progress --force --no-network"
if [ -z "$KOPT_keep_apk_new" ]; then
- apkflags="$apkflags --clean-protected"
+ apkflags="$apkflags --clean-protected --never-overwrite"
fi
apk add --root $sysroot $repo_opt $apkflags $pkgs >/dev/null
eend $?
--
1.6.5.3
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mkinitfs
pkgver=2.0_rc6
pkgrel=0
pkgrel=1
pkgdesc="Tool to generate initramfs images for Alpine"
url=http://git.alpinelinux.org/cgit/mkinitfs
depends="busybox"
depends="busybox apk-tools>=2.0_rc7"
triggers="$pkgname.trigger:/usr/share/kernel/*"
source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2
0001-init-never-overwrite-existing-files.patch
"
license="GPL-2"
build() {
cd "$srcdir"/$pkgname-$pkgver
patch -p1 -i ../0001-init-never-overwrite-existing-files.patch || return 1
make || return 1
make install DESTDIR="$pkgdir" || return 1
}
md5sums="6b8945b2e3be747caf8cfb29230f180e mkinitfs-2.0_rc6.tar.bz2"
md5sums="6b8945b2e3be747caf8cfb29230f180e mkinitfs-2.0_rc6.tar.bz2
921aadd7e302d5e565e539e611be946e 0001-init-never-overwrite-existing-files.patch"
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openssl
pkgver=0.9.8l
pkgrel=0
pkgrel=1
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url=http://openssl.org
depends=
......@@ -15,6 +15,11 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
openssl-bb-basename.patch
openssl-0.9.8k-quote-cc.patch
openssl-0.9.8k-padlock-sha.patch
openssl-0.9.8l-CVE-2009-1377.patch
openssl-0.9.8l-CVE-2009-1378.patch
openssl-0.9.8l-CVE-2009-1379.patch
openssl-0.9.8l-CVE-2009-1387.patch
openssl-0.9.8l-CVE-2009-2409.patch
"
build() {
......@@ -45,4 +50,9 @@ md5sums="05a0ece1372392a2cf310ebb96333025 openssl-0.9.8l.tar.gz
04a6a88c2ee4badd4f8649792b73eaf3 openssl-0.9.8g-fix_manpages-1.patch
c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch
c838eb8488896cfeb7de957a0cbe04ae openssl-0.9.8k-quote-cc.patch
86b7f1bf50e1f3ba407ec62001a51a0d openssl-0.9.8k-padlock-sha.patch"
86b7f1bf50e1f3ba407ec62001a51a0d openssl-0.9.8k-padlock-sha.patch
36694a8dd1c7164f1021f6f24ef20ab9 openssl-0.9.8l-CVE-2009-1377.patch
80b8c77288a6fde633f8ac3a33e21d31 openssl-0.9.8l-CVE-2009-1378.patch
da60b14279e076a19e783f07d8a60d24 openssl-0.9.8l-CVE-2009-1379.patch
926b151cb1e32dc6e9b1c9a25f218a31 openssl-0.9.8l-CVE-2009-1387.patch
595f5bda14198b3aa83a854b1d4fcfb0 openssl-0.9.8l-CVE-2009-2409.patch"
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
Index: openssl/crypto/pqueue/pqueue.c
RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v
rcsdiff -q -kk '-r1.2.2.4' '-r1.2.2.5' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v' 2>/dev/null
--- a/crypto/pqueue/pqueue.c 2005/06/28 12:53:33 1.2.2.4
+++ b/crypto/pqueue/pqueue.c 2009/05/16 16:18:44 1.2.2.5
@@ -234,3 +234,17 @@
return ret;
}
+
+int
+pqueue_size(pqueue_s *pq)
+{
+ pitem *item = pq->items;
+ int count = 0;
+
+ while(item != NULL)
+ {
+ count++;
+ item = item->next;
+ }
+ return count;
+}
Index: openssl/crypto/pqueue/pqueue.h
RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v
rcsdiff -q -kk '-r1.2.2.1' '-r1.2.2.2' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v' 2>/dev/null
--- a/crypto/pqueue/pqueue.h 2005/05/30 22:34:27 1.2.2.1
+++ b/crypto/pqueue/pqueue.h 2009/05/16 16:18:44 1.2.2.2
@@ -91,5 +91,6 @@
pitem *pqueue_next(piterator *iter);
void pqueue_print(pqueue pq);
+int pqueue_size(pqueue pq);
#endif /* ! HEADER_PQUEUE_H */
Index: openssl/ssl/d1_pkt.c
RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
rcsdiff -q -kk '-r1.4.2.17' '-r1.4.2.18' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null
--- a/ssl/d1_pkt.c 2009/05/16 15:51:59 1.4.2.17
+++ b/ssl/d1_pkt.c 2009/05/16 16:18:45 1.4.2.18
@@ -167,6 +167,10 @@
DTLS1_RECORD_DATA *rdata;
pitem *item;
+ /* Limit the size of the queue to prevent DOS attacks */
+ if (pqueue_size(queue->q) >= 100)
+ return 0;
+
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL)
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
Index: ssl/d1_both.c
===================================================================
--- a/ssl/d1_both.c.orig
+++ b/ssl/d1_both.c
@@ -561,7 +561,16 @@ dtls1_process_out_of_seq_message(SSL *s,
if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
goto err;
- if (msg_hdr->seq <= s->d1->handshake_read_seq)
+ /* Try to find item in queue, to prevent duplicate entries */
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
+ item = pqueue_find(s->d1->buffered_messages, seq64);
+ pq_64bit_free(&seq64);
+
+ /* Discard the message if sequence number was already there, is
+ * too far in the future or the fragment is already in the queue */
+ if (msg_hdr->seq <= s->d1->handshake_read_seq ||
+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
{
unsigned char devnull [256];
Index: openssl/ssl/d1_both.c
RCS File: /v/openssl/cvs/openssl/ssl/d1_both.c,v
rcsdiff -q -kk '-r1.14.2.6' '-r1.14.2.7' -u '/v/openssl/cvs/openssl/ssl/d1_both.c,v' 2>/dev/null
--- a/ssl/d1_both.c 2009/04/22 12:17:02 1.14.2.6
+++ b/ssl/d1_both.c 2009/05/13 11:51:30 1.14.2.7
@@ -519,6 +519,7 @@
if ( s->d1->handshake_read_seq == frag->msg_header.seq)
{
+ unsigned long frag_len = frag->msg_header.frag_len;
pqueue_pop(s->d1->buffered_messages);
al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
@@ -536,7 +537,7 @@
if (al==0)
{
*ok = 1;
- return frag->msg_header.frag_len;
+ return frag_len;
}
ssl3_send_alert(s,SSL3_AL_FATAL,al);
http://bugs.gentoo.org/270305
fix from upstream
Index: ssl/d1_both.c
===================================================================
RCS file: /usr/local/src/openssl/CVSROOT/openssl/ssl/d1_both.c,v
retrieving revision 1.4.2.7
retrieving revision 1.4.2.8
diff -u -p -r1.4.2.7 -r1.4.2.8
--- a/ssl/d1_both.c 17 Oct 2007 21:17:49 -0000 1.4.2.7
+++ b/ssl/d1_both.c 2 Apr 2009 22:12:13 -0000 1.4.2.8
@@ -575,30 +575,31 @@ dtls1_process_out_of_seq_message(SSL *s,
}
}
- frag = dtls1_hm_fragment_new(frag_len);
- if ( frag == NULL)
- goto err;
+ if (frag_len)
+ {
+ frag = dtls1_hm_fragment_new(frag_len);
+ if ( frag == NULL)
+ goto err;
- memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+ memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
- if (frag_len)
- {
- /* read the body of the fragment (header has already been read */
+ /* read the body of the fragment (header has already been read) */
i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
frag->fragment,frag_len,0);
if (i<=0 || (unsigned long)i!=frag_len)
goto err;
- }
- pq_64bit_init(&seq64);
- pq_64bit_assign_word(&seq64, msg_hdr->seq);
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
- item = pitem_new(seq64, frag);
- pq_64bit_free(&seq64);
- if ( item == NULL)
- goto err;
+ item = pitem_new(seq64, frag);
+ pq_64bit_free(&seq64);
+ if ( item == NULL)
+ goto err;
+
+ pqueue_insert(s->d1->buffered_messages, item);
+ }
- pqueue_insert(s->d1->buffered_messages, item);
return DTLS1_HM_FRAGMENT_RETRY;
err:
http://bugs.gentoo.org/280591
fix from upstream
http://cvs.openssl.org/chngview?cn=18260
Index: openssl/crypto/x509/x509_vfy.c
RCS File: /v/openssl/cvs/openssl/crypto/x509/x509_vfy.c,v
rcsdiff -q -kk '-r1.77.2.8' '-r1.77.2.9' -u '/v/openssl/cvs/openssl/crypto/x509/x509_vfy.c,v' 2>/dev/null
--- a/crypto/x509/x509_vfy.c 2008/07/13 14:33:15 1.77.2.8
+++ b/crypto/x509/x509_vfy.c 2009/06/15 14:52:38 1.77.2.9
@@ -986,7 +986,11 @@
while (n >= 0)
{
ctx->error_depth=n;
- if (!xs->valid)
+
+ /* Skip signature check for self signed certificates. It
+ * doesn't add any security and just wastes time.
+ */
+ if (!xs->valid && xs != xi)
{
if ((pkey=X509_get_pubkey(xi)) == NULL)
{
@@ -996,13 +1000,6 @@
if (!ok) goto end;
}
else if (X509_verify(xs,pkey) <= 0)
- /* XXX For the final trusted self-signed cert,
- * this is a waste of time. That check should
- * optional so that e.g. 'openssl x509' can be
- * used to detect invalid self-signatures, but
- * we don't verify again and again in SSL
- * handshakes and the like once the cert has
- * been declared trusted. */
{
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
ctx->current_cert=xs;
http://cvs.openssl.org/chngview?cn=18317
Index: openssl/crypto/evp/c_alld.c
RCS File: /v/openssl/cvs/openssl/crypto/evp/c_alld.c,v
rcsdiff -q -kk '-r1.7' '-r1.7.2.1' -u '/v/openssl/cvs/openssl/crypto/evp/c_alld.c,v' 2>/dev/null
--- a/crypto/evp/c_alld.c 2005/04/30 21:51:40 1.7
+++ b/crypto/evp/c_alld.c 2009/07/08 08:33:26 1.7.2.1
@@ -64,9 +64,6 @@
void OpenSSL_add_all_digests(void)
{
-#ifndef OPENSSL_NO_MD2
- EVP_add_digest(EVP_md2());
-#endif
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());
#endif
Index: openssl/ssl/ssl_algs.c
RCS File: /v/openssl/cvs/openssl/ssl/ssl_algs.c,v
rcsdiff -q -kk '-r1.12.2.3' '-r1.12.2.4' -u '/v/openssl/cvs/openssl/ssl/ssl_algs.c,v' 2>/dev/null
--- a/ssl/ssl_algs.c 2007/04/23 23:50:21 1.12.2.3
+++ b/ssl/ssl_algs.c 2009/07/08 08:33:27 1.12.2.4
@@ -92,9 +92,6 @@
EVP_add_cipher(EVP_seed_cbc());
#endif
-#ifndef OPENSSL_NO_MD2
- EVP_add_digest(EVP_md2());
-#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5,"ssl2-md5");
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
_flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.30.10
_kernver=2.6.30
pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
makedepends="perl installkernel"
_config=${config:-kernelconfig}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
grsecurity-2.1.14-2.6.30.8-200909262311.patch
net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
$_config
"
subpackages="$pkgname-dev linux-firmware:firmware"
license="GPL-2"
_abi_release=${pkgver}-${_flavor}
_prepare() {
cd "$srcdir"/linux-$_kernver
if [ "$_kernver" != "$pkgver" ]; then
bunzip2 -c < ../patch-$pkgver.bz2 | patch -p1 -N || return 1
fi
for i in ../*.diff ../*.patch; do
[ -f $i ] || continue
msg "Applying $i..."
patch -p1 -N < $i || return 1
done
mkdir -p "$srcdir"/build
cp "$srcdir"/$_config "$srcdir"/build/.config
make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="$CC" \
silentoldconfig
}
# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig() {
_prepare
cd "$srcdir"/build
make menuconfig
cp .config "$startdir"/$_config
}
build() {
_prepare || return 1
cd "$srcdir"/build
make CC="$CC" || return 1
mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
make modules_install install \
INSTALL_MOD_PATH="$pkgdir" \
INSTALL_PATH="$pkgdir"/boot
# ln -s vmlinuz-${_abi_release} "${pkgdir}"/boot/$_flavor
rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
"$pkgdir"/lib/modules/${_abi_release}/source
install -D include/config/kernel.release \
"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
}
dev() {
# copy the only the parts that we really need for build 3rd party
# kernel modules and install those as /usr/src/linux-headers,
# simlar to what ubuntu does
#
# this way you dont need to install the 300-400 kernel sources to
# build a tiny kernel module
#
pkgdesc="Headers and script for third party modules for grsec kernel"
local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
# first we import config, run prepare to set up for building
# external modules, and create the scripts
mkdir -p "$dir"
cp "$srcdir"/kernelconfig "$dir"/.config
make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="$CC" \
silentoldconfig prepare scripts
# remove the stuff that poits to real sources. we want 3rd party
# modules to believe this is the soruces
rm "$dir"/Makefile "$dir"/source
# copy the needed stuff from real sources
#
# this is taken from ubuntu kernel build script
# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
cd "$srcdir"/linux-$_kernver
find . -path './include/*' -prune -o -path './scripts/*' -prune \
-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
-o -name '*.lds' \) | cpio -pdm "$dir"
cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
cp -a drivers/media/video/*.h "$dir"/drivers/media/video
cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
cp -a scripts include "$dir"
find $(find arch -name include -type d -print) -type f \
| cpio -pdm "$dir"
install -Dm644 "$srcdir"/build/Module.symvers \
"$dir"/Module.symvers
mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
ln -sf /usr/src/linux-headers-${_abi_release} \
"$subpkgdir"/lib/modules/${_abi_release}/build
}
firmware() {
pkgdesc="Firmware for linux kernel"
replaces="linux-grsec linux-vserver"
mkdir -p "$subpkgdir"/lib
mv "$pkgdir"/lib/firmware "$subpkgdir"/lib/
}
md5sums="7a80058a6382e5108cdb5554d1609615 linux-2.6.30.tar.bz2
6485fe0cf0f0220493647505bfd2f7b0 patch-2.6.30.10.bz2
287a382cfb72043867d8092996875f5d grsecurity-2.1.14-2.6.30.8-200909262311.patch
ca05fd252783b82e01610e775cf56498 net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
9f41d910914f5a516072f0aa500fa117 kernelconfig"
This diff is collapsed.
From: Timo Teras <timo.teras@iki.fi>
Date: Thu, 11 Jun 2009 11:16:28 +0000 (-0700)
Subject: neigh: fix state transition INCOMPLETE->FAILED via Netlink request
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet-next-2.6.git;a=commitdiff_plain;h=5ef12d98a19254ee5dc851bd83e214b43ec1f725;hp=2b85a34e911bf483c27cfdd124aeb1605145dc80
neigh: fix state transition INCOMPLETE->FAILED via Netlink request
The current code errors out the INCOMPLETE neigh entry skb queue only from
the timer if maximum probes have been attempted and there has been no reply.
This also causes the transtion to FAILED state.
However, the neigh entry can be also updated via Netlink to inform that the
address is unavailable. Currently, neigh_update() just stops the timers and
leaves the pending skb's unreleased. This results that the clean up code in
the timer callback is never called, preventing also proper garbage collection.
This fixes neigh_update() to process the pending skb queue immediately if
INCOMPLETE -> FAILED state transtion occurs due to a Netlink request.
Signed-off-by: Timo Teras <timo.teras@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index c54229b..163b4f5 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -771,6 +771,28 @@ static __inline__ int neigh_max_probes(struct neighbour *n)
p->ucast_probes + p->app_probes + p->mcast_probes);
}
+static void neigh_invalidate(struct neighbour *neigh)
+{
+ struct sk_buff *skb;
+
+ NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
+ NEIGH_PRINTK2("neigh %p is failed.\n", neigh);
+ neigh->updated = jiffies;
+
+ /* It is very thin place. report_unreachable is very complicated
+ routine. Particularly, it can hit the same neighbour entry!
+
+ So that, we try to be accurate and avoid dead loop. --ANK
+ */
+ while (neigh->nud_state == NUD_FAILED &&
+ (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
+ write_unlock(&neigh->lock);
+ neigh->ops->error_report(neigh, skb);
+ write_lock(&neigh->lock);