[IPFire-SCM] [git.ipfire.org] IPFire 2.x development tree branch, master, updated. a4ae66837056553ad2dbdcc14ba165892ce16085

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, master has been updated via a4ae66837056553ad2dbdcc14ba165892ce16085 (commit) via b13a80565075897e8ecb3805829294555a152caf (commit) via f47388c4d30cd3794536eb6cafb5cc22fba3be2c (commit) via 313d1c2d9196cf91e7890a69f7c2cbda9d6958b5 (commit) via 4dddf9011711c035180b609ade36ad2cb5901871 (commit) via 7fd474ba25875b28a5801f25337777f4870ce161 (commit) via 464af3ccd35a255bac0fc4c0407c9837a4aff98a (commit) from 73fb1722f01b62aa0c9f7a98448d661f790d8803 (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit a4ae66837056553ad2dbdcc14ba165892ce16085 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Aug 9 05:45:27 2011 +0200

core52: remove sysctl.conf

commit b13a80565075897e8ecb3805829294555a152caf Merge: 73fb172 f47388c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Aug 9 05:44:34 2011 +0200

Merge commit 'origin/core51'

-----------------------------------------------------------------------

Summary of changes: config/rootfiles/core/51/filelists/files | 1 + config/rootfiles/core/52/filelists/files | 1 - lfs/e1000 | 6 +- lfs/e1000e | 6 +- lfs/igb | 6 +- lfs/kvm-kmod | 5 +- lfs/linux | 11 +- ...6_remove_pvclock_scale_delta_redifinition.patch | 45 +++++++ .../linux-2.6.32.43-cve_2011_1767+1768.patch | 137 -------------------- 9 files changed, 62 insertions(+), 156 deletions(-) create mode 100644 src/patches/kvm-kmod-2.6.38.6_remove_pvclock_scale_delta_redifinition.patch delete mode 100644 src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch

Difference in files: diff --git a/config/rootfiles/core/51/filelists/files b/config/rootfiles/core/51/filelists/files index f3cb1f0..ea5e6b1 100644 --- a/config/rootfiles/core/51/filelists/files +++ b/config/rootfiles/core/51/filelists/files @@ -1,2 +1,3 @@ etc/system-release +etc/sysctl.conf var/ipfire/langs/ diff --git a/config/rootfiles/core/52/filelists/files b/config/rootfiles/core/52/filelists/files index 6ecbf76..dca50be 100644 --- a/config/rootfiles/core/52/filelists/files +++ b/config/rootfiles/core/52/filelists/files @@ -1,5 +1,4 @@ etc/system-release var/ipfire/langs/ -etc/sysctl.conf etc/rc.d/init.d/console usr/local/sbin/setup diff --git a/lfs/e1000 b/lfs/e1000 index 1d61e5b..66e4fdd 100644 --- a/lfs/e1000 +++ b/lfs/e1000 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2010 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2011 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -34,7 +34,7 @@ else endif endif

-VER = 8.0.19 +VER = 8.0.30

THISAPP = e1000-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -50,7 +50,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = dc66dcbfd7c2e48af8cfc86f4f174fce +$(DL_FILE)_MD5 = d85a64fdde2987b27ac6fbab5be605a0

install : $(TARGET)

diff --git a/lfs/e1000e b/lfs/e1000e index cce5367..ba46595 100644 --- a/lfs/e1000e +++ b/lfs/e1000e @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2010 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2011 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -34,7 +34,7 @@ else endif endif

-VER = 1.1.19 +VER = 1.3.10a

THISAPP = e1000e-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -50,7 +50,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = 94e86507f139226c1add173dafdbbd52 +$(DL_FILE)_MD5 = 04b8856433d5e582ab41bdd3b24f20a5

install : $(TARGET)

diff --git a/lfs/igb b/lfs/igb index 8305647..678c703 100644 --- a/lfs/igb +++ b/lfs/igb @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2010 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2011 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -34,7 +34,7 @@ else endif endif

-VER = 2.3.4 +VER = 3.0.19

THISAPP = igb-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -50,7 +50,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = b0ea2a70198746b69392ef935b61454a +$(DL_FILE)_MD5 = 8fdc04600bea4a4188672a1a8d0eb73b

install : $(TARGET)

diff --git a/lfs/kvm-kmod b/lfs/kvm-kmod index e443b70..b6418ac 100644 --- a/lfs/kvm-kmod +++ b/lfs/kvm-kmod @@ -34,7 +34,7 @@ else endif endif

-VER = 2.6.34.1 +VER = 2.6.38.6

THISAPP = kvm-kmod-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -50,7 +50,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = c227b58ee33f6035f16abd258bcd92ec +$(DL_FILE)_MD5 = b631ba6ba7b0d3c07de870c6104ffbd5

install : $(TARGET)

@@ -83,6 +83,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/$(THISAPP)_remove_pvclock_scale_delta_redifinition.patch cd $(DIR_APP) && ./configure --kerneldir=/usr/src/linux cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && install -m 644 x86/*.ko \ diff --git a/lfs/linux b/lfs/linux index dd01d9e..0da4313 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,8 +24,8 @@

include Config

-PATCHLEVEL = .43 -VER = 2.6.32.43 +PATCHLEVEL = .44 +VER = 2.6.32.44

THISAPP = linux-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -35,7 +35,7 @@ CFLAGS = CXXFLAGS =

PROG = linux-xen -PAK_VER = 17 +PAK_VER = 18 DEPS = ""

# Normal build or XEN build. @@ -68,7 +68,7 @@ patch-2.6.16-nath323-1.3.bz2 = $(URL_IPFIRE)/patch-2.6.16-nath323-1.3.bz2 reiser4-for-2.6.32.patch.bz2 = $(URL_IPFIRE)/reiser4-for-2.6.32.patch.bz2 xen-patches-2.6.32-2f.tar.bz2 = $(URL_IPFIRE)/xen-patches-2.6.32-2f.tar.bz2

-$(DL_FILE)_MD5 = d6819da012da0d9772ac79da9dce3d63 +$(DL_FILE)_MD5 = 38d43bb91fff88783f57ada146415029 netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f patch-2.6.16-nath323-1.3.bz2_MD5 = f926409ff703a307baf54b57ab75d138 reiser4-for-2.6.32.patch.bz2_MD5 = 3246397973d9271eb8e6d7c97c5d2d91 @@ -125,9 +125,6 @@ else cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32-imq-test2.patch endif

- # Patch CVE 2011-1767 and 1768 dos hole - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch - # Not report deprecated syscall 1.23 (for kudzu) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.25.18-not_report_sysctl_1.23.patch

diff --git a/src/patches/kvm-kmod-2.6.38.6_remove_pvclock_scale_delta_redifinition.patch b/src/patches/kvm-kmod-2.6.38.6_remove_pvclock_scale_delta_redifinition.patch new file mode 100644 index 0000000..331e8a1 --- /dev/null +++ b/src/patches/kvm-kmod-2.6.38.6_remove_pvclock_scale_delta_redifinition.patch @@ -0,0 +1,45 @@ +diff -Naur kvm-kmod-2.6.38.6.org/x86/external-module-compat.h kvm-kmod-2.6.38.6/x86/external-module-compat.h +--- kvm-kmod-2.6.38.6.org/x86/external-module-compat.h 2011-05-15 09:34:48.000000000 +0200 ++++ kvm-kmod-2.6.38.6/x86/external-module-compat.h 2011-05-21 13:30:50.529469540 +0200 +@@ -1064,41 +1064,6 @@ + + #endif /* >= 2.6.36 */ + +-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,37) +-static inline u64 pvclock_scale_delta(u64 delta, u32 mul_frac, int shift) +-{ +- u64 product; +-#ifdef __i386__ +- u32 tmp1, tmp2; +-#endif +- +- if (shift < 0) +- delta >>= -shift; +- else +- delta <<= shift; +- +-#ifdef __i386__ +- __asm__ ( +- "mul %5 ; " +- "mov %4,%%eax ; " +- "mov %%edx,%4 ; " +- "mul %5 ; " +- "xor %5,%5 ; " +- "add %4,%%eax ; " +- "adc %5,%%edx ; " +- : "=A" (product), "=r" (tmp1), "=r" (tmp2) +- : "a" ((u32)delta), "1" ((u32)(delta >> 32)), "2" (mul_frac) ); +-#elif defined(__x86_64__) +- __asm__ ( +- "mul %%rdx ; shrd $32,%%rdx,%%rax" +- : "=a" (product) : "0" (delta), "d" ((u64)mul_frac) ); +-#else +-#error implement me! +-#endif +- +- return product; +-} +-#endif + + #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,34) && \ + LINUX_VERSION_CODE != KERNEL_VERSION(2,6,32) && defined(CONFIG_X86_64) diff --git a/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch b/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch deleted file mode 100644 index 076cce6..0000000 --- a/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch +++ /dev/null @@ -1,137 +0,0 @@ -diff -Naur linux-2.6.32.43.org/net/ipv4/ip_gre.c linux-2.6.32.43/net/ipv4/ip_gre.c ---- linux-2.6.32.43.org/net/ipv4/ip_gre.c 2011-07-13 05:29:43.000000000 +0200 -+++ linux-2.6.32.43/net/ipv4/ip_gre.c 2011-06-20 19:27:06.000000000 +0200 -@@ -1665,14 +1665,16 @@ - - printk(KERN_INFO "GRE over IPv4 tunneling driver\n"); - -- if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) { -- printk(KERN_INFO "ipgre init: can't add protocol\n"); -- return -EAGAIN; -- } -- - err = register_pernet_gen_device(&ipgre_net_id, &ipgre_net_ops); - if (err < 0) -+ goto out; -+ -+ err = inet_add_protocol(&ipgre_protocol, IPPROTO_GRE); -+ if (err < 0) { -+ printk(KERN_INFO "ipgre init: can't add protocol\n"); -+ err = -EAGAIN; - goto gen_device_failed; -+ } - - err = rtnl_link_register(&ipgre_link_ops); - if (err < 0) -@@ -1688,9 +1690,9 @@ - tap_ops_failed: - rtnl_link_unregister(&ipgre_link_ops); - rtnl_link_failed: -- unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops); --gen_device_failed: - inet_del_protocol(&ipgre_protocol, IPPROTO_GRE); -+gen_device_failed: -+ unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops); - goto out; - } - -@@ -1698,9 +1700,10 @@ - { - rtnl_link_unregister(&ipgre_tap_ops); - rtnl_link_unregister(&ipgre_link_ops); -- unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops); - if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) - printk(KERN_INFO "ipgre close: can't remove protocol\n"); -+ -+ unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops); - } - - module_init(ipgre_init); -diff -Naur linux-2.6.32.43.org/net/ipv4/ipip.c linux-2.6.32.43/net/ipv4/ipip.c ---- linux-2.6.32.43.org/net/ipv4/ipip.c 2011-07-13 05:29:43.000000000 +0200 -+++ linux-2.6.32.43/net/ipv4/ipip.c 2011-06-20 19:27:06.000000000 +0200 -@@ -830,15 +830,14 @@ - - printk(banner); - -- if (xfrm4_tunnel_register(&ipip_handler, AF_INET)) { -+ err = register_pernet_gen_device(&ipip_net_id, &ipip_net_ops); -+ if (err < 0) -+ return err; -+ err = xfrm4_tunnel_register(&ipip_handler, AF_INET); -+ if (err < 0) { -+ unregister_pernet_gen_device(ipip_net_id, &ipip_net_ops); - printk(KERN_INFO "ipip init: can't register tunnel\n"); -- return -EAGAIN; - } -- -- err = register_pernet_gen_device(&ipip_net_id, &ipip_net_ops); -- if (err) -- xfrm4_tunnel_deregister(&ipip_handler, AF_INET); -- - return err; - } - -diff -Naur linux-2.6.32.43.org/net/ipv6/ip6_tunnel.c linux-2.6.32.43/net/ipv6/ip6_tunnel.c ---- linux-2.6.32.43.org/net/ipv6/ip6_tunnel.c 2011-07-13 05:29:43.000000000 +0200 -+++ linux-2.6.32.43/net/ipv6/ip6_tunnel.c 2011-06-20 19:27:06.000000000 +0200 -@@ -1466,10 +1465,14 @@ - { - int err; - -+ err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops); -+ if (err < 0) -+ goto out; -+ - if (xfrm6_tunnel_register(&ip4ip6_handler, AF_INET)) { - printk(KERN_ERR "ip6_tunnel init: can't register ip4ip6\n"); - err = -EAGAIN; -- goto out; -+ goto unreg_pernet_dev; - } - - if (xfrm6_tunnel_register(&ip6ip6_handler, AF_INET6)) { -@@ -1478,14 +1481,12 @@ - goto unreg_ip4ip6; - } - -- err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops); -- if (err < 0) -- goto err_pernet; - return 0; --err_pernet: -- xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6); -+ - unreg_ip4ip6: - xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET); -+unreg_pernet_dev: -+ unregister_pernet_gen_device(ip6_tnl_net_id, &ip6_tnl_net_ops); - out: - return err; - } -diff -Naur linux-2.6.32.43.org/net/ipv6/sit.c linux-2.6.32.43/net/ipv6/sit.c ---- linux-2.6.32.43.org/net/ipv6/sit.c 2011-07-13 05:29:43.000000000 +0200 -+++ linux-2.6.32.43/net/ipv6/sit.c 2011-06-20 19:27:06.000000000 +0200 -@@ -1086,15 +1086,17 @@ - - printk(KERN_INFO "IPv6 over IPv4 tunneling driver\n"); - -- if (xfrm4_tunnel_register(&sit_handler, AF_INET6) < 0) { -+ err = register_pernet_gen_device(&sit_net_id, &sit_net_ops); -+ if (err < 0) -+ return err; -+ -+ err = xfrm4_tunnel_register(&sit_handler, AF_INET6); -+ if (err < 0) { -+ unregister_pernet_gen_device(sit_net_id, &sit_net_ops); - printk(KERN_INFO "sit init: Can't add protocol\n"); - return -EAGAIN; - } - -- err = register_pernet_gen_device(&sit_net_id, &sit_net_ops); -- if (err < 0) -- xfrm4_tunnel_deregister(&sit_handler, AF_INET6); -- - return err; - } -

hooks/post-receive -- IPFire 2.x development tree