diff options
| author | peter <peter@pkgsrc.org> | 2005-01-18 17:35:27 +0000 |
|---|---|---|
| committer | peter <peter@pkgsrc.org> | 2005-01-18 17:35:27 +0000 |
| commit | cfe080c5fe2715275a724eca110058538db2fc40 (patch) | |
| tree | e24b23fdf57f6326032a378ecee71c6ec386e13d /security/pflkm | |
| parent | 942ff705dff422751810aa5c2c40374ea2bfffa1 (diff) | |
| download | pkgsrc-cfe080c5fe2715275a724eca110058538db2fc40.tar.gz | |
Update to 20050118.
Changes:
* Updated the ALTQ patch, now works correctly on NetBSD 2.0 release.
Thanks to Miles Nordin for helping and testing.
* Write struct "pcap_sf_pkthdr" instead of "pcap_pkthdr". Fixes
an LP64 specific problem with reading the pflog with tcpdump(8).
* Applied patch to pf.c from OPENBSD_3_6 branch:
ICMP state entries use the ICMP ID as port for the unique state key. When
checking for a usable key, construct the key in the same way. Otherwise,
a colliding key might be missed or a state insertion might be refused even
though it could be inserted. The second case triggers the endless loop
fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel.
Report and test data by Srebrenko Sehic.
* Applied patch to pf_lkm.c from NetBSD HEAD:
pfil4_wrapper: clear M_CANFASTFWD which is not compatible with pf.
* Applied patch to pf_ioctl.c from OPENBSD_3_6 branch:
replace finer-grained spl locking in pfioctl() with a single broad lock
around the entire body. this resolves the (misleading) panics in
pf_tag_packet() during heavy ioctl operations (like when using authpf)
that occur because softclock can interrupt ioctl on i386 since SMP.
* Applied patch to pf.c from OPENBSD_3_6 branch:
IPv6 packets can contain headers (like options) before the TCP/UDP/ICMP6
header. pf finds the first TCP/UDP/ICMP6 header to filter by traversing
the header chain. In the case where headers are skipped, the protocol
checksum verification used the wrong length (included the skipped headers),
leading to incorrectly mismatching checksums. Such IPv6 packets with
headers were silently dropped. Reported by Bernhard Schmidt.
* Applied patch to pfctl_optimize.c from OPENBSD_3_6 branch:
&&/|| inversion would try to merge IP addresses with non-addresses into a
single table causing a ruleset load error and eventually a double-free.
* Applied patch to pf.c from OPENBSD_3_6 branch:
Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN,
prevents a possible endless loop in pf_get_sport() with 'static-port'
* Fix to if_events.diff from Miles Nordin <carton at Ivy dot NET>:
Call free after removing the element from the list, not before.
Fixes panic with "unaligned access" on Alpha.
Diffstat (limited to 'security/pflkm')
| -rw-r--r-- | security/pflkm/Makefile | 5 | ||||
| -rw-r--r-- | security/pflkm/distinfo | 6 |
2 files changed, 5 insertions, 6 deletions
diff --git a/security/pflkm/Makefile b/security/pflkm/Makefile index aa98f291b88..47aa17b5171 100644 --- a/security/pflkm/Makefile +++ b/security/pflkm/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.4 2005/01/02 15:51:24 peter Exp $ +# $NetBSD: Makefile,v 1.5 2005/01/18 17:35:27 peter Exp $ -DISTNAME= pflkm-20041204 -PKGREVISION= 1 +DISTNAME= pflkm-20050118 CATEGORIES= security ipv6 MASTER_SITES= http://nedbsd.nl/~ppostma/pf/ diff --git a/security/pflkm/distinfo b/security/pflkm/distinfo index 5db423c2095..1017bdd61c4 100644 --- a/security/pflkm/distinfo +++ b/security/pflkm/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.2 2004/12/04 15:01:55 peter Exp $ +$NetBSD: distinfo,v 1.3 2005/01/18 17:35:27 peter Exp $ -SHA1 (pflkm-20041204.tar.gz) = 057af53e5f935e29d576acc822c52467510cda87 -Size (pflkm-20041204.tar.gz) = 893641 bytes +SHA1 (pflkm-20050118.tar.gz) = 1f03fa4656f23594a260dafd6373b289daad4775 +Size (pflkm-20050118.tar.gz) = 886852 bytes |