Linux

[ガラケー版(QRコード)]
アクセス記録[推移 / PV内訳(過去1日 / 過去1週間) / 外部アクセス元 (昨日 / 過去1週間) / ログイン論客足跡]
プロフィール私書(メール)
   /   /送済
評価(一覧   /)
投票   /共:   /
ファン登録
作品/情報/
DB構築()
ブログ
[書く]
攻略記事リンク集
My Play List
 作成日時分類記事タイトル
12015/02/15LinuxWget::ソースからのインストール..
22012/12/26Linuxベンチマーク::unixbench..
32011/10/02Linuxmod_evasive::IPだけでなく指定User..
42011/03/22LinuxSubversion::インストール..
52010/05/31LinuxOS::CentOS5.5リリース&本日4:..
=>古記事
 反応日時来客名来客者の最近のメッセージ
12017/02/25Merciこんばんは。サーバー移転後からだと思いますが、以前は見られた..
22017/02/17ねこじゃらしブログ投稿やコメントをしようとすると、たまにエラーになります..
32017/02/16Barnirunお世話になっております。https対応の影響か(またはhtm..
42016/11/10伏魔の剣こんばんわ。形式変更お疲れ様でした。 ところでこの改定につい..
52016/10/31雪霞いつもありがとうございます。ところで、ログアウトした時にポッ..
その他最近のコメント
1.
2015/02/15(下げ記事) Linux > Wget > ソースからのインストール」
[この書込みのみ表示(記事URL紹介用) / 編集 / 削除 / トラバ送信 / 共有分類に追加(タグ付け)]

SSLのエラーが出るようになったので、手動でソースから最新版を入れてみる事に。

VERSION=1.16;
wget http://ftp.gnu.org/gnu/wget/wget-$VERSION.tar.gz;
tar xvfz wget-$VERSION.tar.gz;
cd wget-$VERSION;
./configure --with-ssl=openssl;
make;
make install;
/usr/local/bin/wget --version;

コメントする

2.
2012/12/26 Linux > ベンチマーク > unixbench」
[この書込みのみ表示(記事URL紹介用) / 編集 / 削除 / トラバ送信 / 共有分類に追加(タグ付け)]

1. CentOSの場合
2. Ubuntuの場合

1. CentOSの場合

yum install -y perl;
yum install -y gcc;
yum install -y git;
yum install -y wget;
yum install -y libXext-devel;
yum install -y freeglut freeglut-devel;
yum install -y make;
yum install -y cpan;
yum install -y perl-Time-HiRes;
yum install -y perl-YAML;

mkdir ~/bench;
cd ~/bench;
git clone https://github.com/kdlucas/byte-unixbench.git;
cd ~/bench/byte-unixbench/UnixBench;
rm -f nohup.out;
nohup ./Run &
tail -f nohup.out
2. Ubuntuの場合

apt-get update;

apt-get install -y gcc;

apt-get install -y wget;

apt-get install -y make;

apt-get install -y git;

mkdir ~/bench;

cd ~/bench;

git clone https://github.com/kdlucas/byte-unixbench.git;

cd ~/bench/byte-unixbench/UnixBench;

rm -y nohup.out;

nohup ./Run &

tail -f nohup.out

コメントする

3.
2011/10/02 Linux > mod_evasive > IPだけでなく指定UserAgentとURLも例外(whitelist)に入れる」
[この書込みのみ表示(記事URL紹介用) / 編集 / 削除 / トラバ送信 / 共有分類に追加(タグ付け)]拍手:1個

1. 過重リクエスト除外apacheモジュールmod_evasiveに改変が必要な理由
2. 改変&インストールの手順
3. 差分(Diff)
4. mod_evasive20.cのソース丸ごと

1. 過重リクエスト除外apacheモジュールmod_evasiveに改変が必要な理由

mod_evasiveは同一IPから指定秒数内に、
1. 同一ページに何回リクエストがあったか
2. サイト全体として何回リクエストがあったか
に基づいて、それぞれ指定した値を超えたユーザーのリクエストを「攻撃」と判定して、指定秒数サーバーから正常な反応を返させなくするapacheモジュールです。

こうした判定の除外をhttpd.confでIP指定をすることで出来ますが(localhostからのリクエストなどを定義する)、
[例]
<IfModule mod_evasive20.c>
 DOSHashTableSize 3097
 DOSPageCount 3
 DOSSiteCount 5
 DOSPageInterval 1
 DOSSiteInterval 1 
 DOSBlockingPeriod 20
DOSWhitelist 127.0.0.1 49.132.*
</IfModule>
IPによる指定だけではWHITELIST機能は不十分です。

ケース1) Googlebotは1日に30万リクエスト以上とか、一番多くリクエストしてきますが、それが人間だったら攻撃と見なして除外するパターンですが、Googlebotを弾いてしまうとGoogleとかの検索結果から出てこなくなってしまうので弾くわけにはいきません(分かってる...けど、耐えろ...耐えるんだ!)。

ケース2) 画像やCSS、JSファイルへのリクエストもカウントするので、そうしたページ内に埋め込むファイル数を増やすと、その度にhttpd.confの値を調整しないといけません。
しかし、それはとても手間ですし、ページ毎にその状況も異なるので、最適な設定にする事ができなくなってしまいます。

ということで、指定されたUserAgentとリクエストされたURLもWhitelist扱いする処理を元々のソースコードに追加してみました。
ソースの方に定義も書いてあるやっつけ仕事ですが。
2. 改変&インストールの手順

改変はその影響を理解/想像した上で、自己責任でお願い致します。

# オリジナルのソースのダウンロード
VERSION=1.10.1
wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_$VERSION.tar.gz
tar xvfz mod_evasive_$VERSION.tar.gz

mv mod_evasive mod_evasive_edited
cd mod_evasive_edited

#ここで↓下記改変を行う
#その後インストール

apxs -i -a -c mod_evasive20.c;

# apxsが無い場合
# rpm -q httpd-devel としてパッケージのインストールを確認。入っていなければインストール

# 稼働中のapacheに反映
apachectl -t; # エラーが出ないか確認
apachectl restart;

3. 差分(Diff)

2,5d1
<  edited by hajime kurita
<  added uri, ua filter
< */
< /*
115,119d110
< /* added */
< int is_whitelisted_ua(const char *ua);
< int is_whitelisted_uri(const char *uri);
< static char *lookup_header(request_rec *r, const char *name);

153,156d143
<       
<       if (is_whitelisted_uri(r->uri)){
<         return OK;
<       }
158,161d144
<       if (is_whitelisted_ua(lookup_header(r, "User-Agent"))){ 
<         return OK;
<       }
<         
314,338d296
< int is_whitelisted_uri(const char *uri) {
<  if(strstr(uri, ".css")!=NULL || 
<   strstr(uri, ".js")!=NULL || 
<   strstr(uri, ".gif")!=NULL || 
<   strstr(uri, ".jpg")!=NULL || 
<   strstr(uri, ".png")!=NULL || 
<   strstr(uri, "favicon.ico")!=NULL || 
<   strstr(uri, "/redir")!=NULL){
<   return 1;
<  }
<  else{
<   return 0;
<  }
< }

< int is_whitelisted_ua(const char *ua) {
<  if(strstr(ua, "Googlebot")!=NULL){
<   return 1;
<  }
<  else{
<   return 0;
<  }
< }


742,761d699

< static char *lookup_header(request_rec *r, const char *name)
< {
<     const apr_array_header_t *hdrs_arr;
<     const apr_table_entry_t *hdrs;
<     int i;
<     
<     hdrs_arr = apr_table_elts(r->headers_in);
<     hdrs = (const apr_table_entry_t *)hdrs_arr->elts;
<     for (i = 0; i < hdrs_arr->nelts; ++i) {
<         if (hdrs[i].key == NULL) {
<             continue;
<         }
<         if (strcasecmp(hdrs[i].key, name) == 0) {
<             return hdrs[i].val;
<         }
<     }
<     return NULL;
< }

4. mod_evasive20.cのソース丸ごと

/*
 edited by hajime kurita
 added uri, ua filter
*/
/*
mod_evasive for Apache 2
Copyright (c) by Jonathan A. Zdziarski

LICENSE
                                                                                
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
                                                                                
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
                                                                                
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

*/

#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <time.h>
#include <syslog.h>
#include <errno.h>

#include "httpd.h"
#include "http_core.h"
#include "http_config.h"
#include "http_log.h"
#include "http_request.h"

module AP_MODULE_DECLARE_DATA evasive20_module;

/* BEGIN DoS Evasive Maneuvers Definitions */

#define MAILER "/bin/mail %s"
#define  LOG( A, ... ) { openlog("mod_evasive", LOG_PID, LOG_DAEMON); syslog( A, __VA_ARGS__ ); closelog(); }

#define DEFAULT_HASH_TBL_SIZE   3097ul  // Default hash table size
#define DEFAULT_PAGE_COUNT      2       // Default maximum page hit count per interval
#define DEFAULT_SITE_COUNT      50      // Default maximum site hit count per interval
#define DEFAULT_PAGE_INTERVAL   1       // Default 1 Second page interval
#define DEFAULT_SITE_INTERVAL   1       // Default 1 Second site interval
#define DEFAULT_BLOCKING_PERIOD 10      // Default for Detected IPs; blocked for 10 seconds
#define DEFAULT_LOG_DIR  "/tmp"  // Default temp directory

/* END DoS Evasive Maneuvers Definitions */

/* BEGIN NTT (Named Timestamp Tree) Headers */

enum { ntt_num_primes = 28 };

/* ntt root tree */
struct ntt {
    long size;
    long items;
    struct ntt_node **tbl;
};

/* ntt node (entry in the ntt root tree) */
struct ntt_node {
    char *key;
    time_t timestamp;
    long count;
    struct ntt_node *next;
};

/* ntt cursor */
struct ntt_c {
  long iter_index;
  struct ntt_node *iter_next;
};

struct ntt *ntt_create(long size);
int ntt_destroy(struct ntt *ntt);
struct ntt_node *ntt_find(struct ntt *ntt, const char *key);
struct ntt_node *ntt_insert(struct ntt *ntt, const char *key, time_t timestamp);
int ntt_delete(struct ntt *ntt, const char *key);
long ntt_hashcode(struct ntt *ntt, const char *key); 
struct ntt_node *c_ntt_first(struct ntt *ntt, struct ntt_c *c);
struct ntt_node *c_ntt_next(struct ntt *ntt, struct ntt_c *c);

/* END NTT (Named Timestamp Tree) Headers */


/* BEGIN DoS Evasive Maneuvers Globals */

struct ntt *hit_list; // Our dynamic hash table

static unsigned long hash_table_size = DEFAULT_HASH_TBL_SIZE;
static int page_count = DEFAULT_PAGE_COUNT;
static int page_interval = DEFAULT_PAGE_INTERVAL;
static int site_count = DEFAULT_SITE_COUNT;
static int site_interval = DEFAULT_SITE_INTERVAL;
static int blocking_period = DEFAULT_BLOCKING_PERIOD;
static char *email_notify = NULL;
static char *log_dir = NULL;
static char *system_command = NULL;
static const char *whitelist(cmd_parms *cmd, void *dconfig, const char *ip);
int is_whitelisted(const char *ip);

/* added */
int is_whitelisted_ua(const char *ua);
int is_whitelisted_uri(const char *uri);
static char *lookup_header(request_rec *r, const char *name);

/* END DoS Evasive Maneuvers Globals */

static void * create_hit_list(apr_pool_t *p, server_rec *s) 
{
    /* Create a new hit list for this listener */

    hit_list = ntt_create(hash_table_size);
}

static const char *whitelist(cmd_parms *cmd, void *dconfig, const char *ip)
{
  char entry[128];
  snprintf(entry, sizeof(entry), "WHITELIST_%s", ip);
  ntt_insert(hit_list, entry, time(NULL));
  
  return NULL;
}


static int access_checker(request_rec *r) 
{
    int ret = OK;

    /* BEGIN DoS Evasive Maneuvers Code */

    if (r->prev == NULL && r->main == NULL && hit_list != NULL) {
      char hash_key[2048];
      struct ntt_node *n;
      time_t t = time(NULL);

      /* Check whitelist */
      if (is_whitelisted(r->connection->remote_ip)) 
        return OK;
      
      if (is_whitelisted_uri(r->uri)){
        return OK;
      }

      if (is_whitelisted_ua(lookup_header(r, "User-Agent"))){ 
        return OK;
      }
        
      /* First see if the IP itself is on "hold" */
      n = ntt_find(hit_list, r->connection->remote_ip);

      if (n != NULL && t-n->timestamp<blocking_period) {

/* If the IP is on "hold", make it wait longer in 403 land */
ret = HTTP_FORBIDDEN;
n->timestamp = time(NULL);

      /* Not on hold, check hit stats */
      } else {

        /* Has URI been hit too much? */
        snprintf(hash_key, 2048, "%s_%s", r->connection->remote_ip, r->uri);
        n = ntt_find(hit_list, hash_key);
        if (n != NULL) {

          /* If URI is being hit too much, add to "hold" list and 403 */
          if (t-n->timestamp<page_interval && n->count>=page_count) {
            ret = HTTP_FORBIDDEN;
            ntt_insert(hit_list, r->connection->remote_ip, time(NULL));
          } else {

            /* Reset our hit count list as necessary */
            if (t-n->timestamp>=page_interval) {
              n->count=0;
            }
          }
          n->timestamp = t;
          n->count++;
        } else {
          ntt_insert(hit_list, hash_key, t);
        }

        /* Has site been hit too much? */
        snprintf(hash_key, 2048, "%s_SITE", r->connection->remote_ip);
        n = ntt_find(hit_list, hash_key);
        if (n != NULL) {

          /* If site is being hit too much, add to "hold" list and 403 */
          if (t-n->timestamp<site_interval && n->count>=site_count) {
            ret = HTTP_FORBIDDEN;
            ntt_insert(hit_list, r->connection->remote_ip, time(NULL));
          } else {

            /* Reset our hit count list as necessary */
            if (t-n->timestamp>=site_interval) {
              n->count=0;
            }
          }
          n->timestamp = t;
          n->count++;
        } else {
          ntt_insert(hit_list, hash_key, t);
        }
      }

      /* Perform email notification and system functions */
      if (ret == HTTP_FORBIDDEN) {
        char filename[1024];
        struct stat s;
        FILE *file;

        snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, r->connection->remote_ip);
        if (stat(filename, &s)) {
          file = fopen(filename, "w");
          if (file != NULL) {
            fprintf(file, "%ld\n", getpid());
            fclose(file);

            LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", r->connection->remote_ip);
            if (email_notify != NULL) {
              snprintf(filename, sizeof(filename), MAILER, email_notify);
              file = popen(filename, "w");
              if (file != NULL) {
                fprintf(file, "To: %s\n", email_notify);
                fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", r->connection->remote_ip);
                fprintf(file, "mod_evasive HTTP Blacklisted %s\n", r->connection->remote_ip);
                pclose(file);
              }
            }

            if (system_command != NULL) {
              snprintf(filename, sizeof(filename), system_command, r->connection->remote_ip);
              system(filename);
            }
 
          } else {
            LOG(LOG_ALERT, "Couldn't open logfile %s: %s",filename, strerror(errno));
   }

        } /* if (temp file does not exist) */

      } /* if (ret == HTTP_FORBIDDEN) */

    } /* if (r->prev == NULL && r->main == NULL && hit_list != NULL) */

    /* END DoS Evasive Maneuvers Code */

    if (ret == HTTP_FORBIDDEN
 && (ap_satisfies(r) != SATISFY_ANY || !ap_some_auth_required(r))) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
            "client denied by server configuration: %s",
            r->filename);
    }

    return ret;
}

int is_whitelisted(const char *ip) {
  char hashkey[128];
  char octet[4][4];
  char *dip;
  char *oct;
  int i = 0;

  memset(octet, 0, 16);
  dip = strdup(ip);
  if (dip == NULL)
    return 0;

  oct = strtok(dip, ".");
  while(oct != NULL && i<4) {
if (strlen(oct)<=3)
strcpy(octet[i], oct);
i++;
oct = strtok(NULL, ".");
}
free(dip);

/* Exact Match */
snprintf(hashkey, sizeof(hashkey), "WHITELIST_%s", ip);
if (ntt_find(hit_list, hashkey)!=NULL)
return 1;

/* IPv4 Wildcards */
snprintf(hashkey, sizeof(hashkey), "WHITELIST_%s.*.*.*", octet[0]);
if (ntt_find(hit_list, hashkey)!=NULL)
return 1;

snprintf(hashkey, sizeof(hashkey), "WHITELIST_%s.%s.*.*", octet[0], octet[1]);
if (ntt_find(hit_list, hashkey)!=NULL)
return 1;

snprintf(hashkey, sizeof(hashkey), "WHITELIST_%s.%s.%s.*", octet[0], octet[1], octet[2]);
if (ntt_find(hit_list, hashkey)!=NULL)
return 1;

/* No match */
return 0;
}

int is_whitelisted_uri(const char *uri) {
if(strstr(uri, ".css")!=NULL ||
strstr(uri, ".js")!=NULL ||
strstr(uri, ".gif")!=NULL ||
strstr(uri, ".jpg")!=NULL ||
strstr(uri, ".png")!=NULL ||
strstr(uri, "favicon.ico")!=NULL ||
strstr(uri, "/redir")!=NULL){
return 1;
}
else{
return 0;
}
}

int is_whitelisted_ua(const char *ua) {
if(strstr(ua, "Googlebot")!=NULL){
return 1;
}
else{
return 0;
}
}


static apr_status_t destroy_hit_list(void *not_used) {
ntt_destroy(hit_list);
free(email_notify);
free(system_command);
}


/* BEGIN NTT (Named Timestamp Tree) Functions */

static unsigned long ntt_prime_list[ntt_num_primes] =
{
53ul, 97ul, 193ul, 389ul, 769ul,
1543ul, 3079ul, 6151ul, 12289ul, 24593ul,
49157ul, 98317ul, 196613ul, 393241ul, 786433ul,
1572869ul, 3145739ul, 6291469ul, 12582917ul, 25165843ul,
50331653ul, 100663319ul, 201326611ul, 402653189ul, 805306457ul,
1610612741ul, 3221225473ul, 4294967291ul
};


/* Find the numeric position in the hash table based on key and modulus */

long ntt_hashcode(struct ntt *ntt, const char *key) {
unsigned long val = 0;
for (; *key; ++key) val = 5 * val + *key;
return(val % ntt->size);
}

/* Creates a single node in the tree */

struct ntt_node *ntt_node_create(const char *key) {
    char *node_key;
    struct ntt_node* node;

    node = (struct ntt_node *) malloc(sizeof(struct ntt_node));
    if (node == NULL) {
 return NULL;
    }
    if ((node_key = strdup(key)) == NULL) {
        free(node);
 return NULL;
    }
    node->key = node_key;
    node->timestamp = time(NULL);
    node->next = NULL;
    return(node);
}

/* Tree initializer */

struct ntt *ntt_create(long size) {
    long i = 0;
    struct ntt *ntt = (struct ntt *) malloc(sizeof(struct ntt));

    if (ntt == NULL)
        return NULL;
    while (ntt_prime_list[i] < size) { i++; }
    ntt->size  = ntt_prime_list[i];
    ntt->items = 0;
    ntt->tbl   = (struct ntt_node **) calloc(ntt->size, sizeof(struct ntt_node *));
    if (ntt->tbl == NULL) {
        free(ntt);
        return NULL;
    }
    return(ntt);
}

/* Find an object in the tree */

struct ntt_node *ntt_find(struct ntt *ntt, const char *key) {
    long hash_code;
    struct ntt_node *node;

    if (ntt == NULL) return NULL;

    hash_code = ntt_hashcode(ntt, key);
    node = ntt->tbl[hash_code];

    while (node) {
        if (!strcmp(key, node->key)) {
            return(node);
        }
        node = node->next;
    }
    return((struct ntt_node *)NULL);
}

/* Insert a node into the tree */

struct ntt_node *ntt_insert(struct ntt *ntt, const char *key, time_t timestamp) {
    long hash_code;
    struct ntt_node *parent;
    struct ntt_node *node;
    struct ntt_node *new_node = NULL;

    if (ntt == NULL) return NULL;

    hash_code = ntt_hashcode(ntt, key);
    parent = NULL;
    node = ntt->tbl[hash_code];

    while (node != NULL) {
        if (strcmp(key, node->key) == 0) { 
            new_node = node;
            node = NULL;
        }

 if (new_node == NULL) {
          parent = node;
          node = node->next;
        }
    }

    if (new_node != NULL) {
        new_node->timestamp = timestamp;
        new_node->count = 0;
        return new_node; 
    }

    /* Create a new node */
    new_node = ntt_node_create(key);
    new_node->timestamp = timestamp;
    new_node->timestamp = 0;

    ntt->items++;

    /* Insert */
    if (parent) {  /* Existing parent */
 parent->next = new_node;
        return new_node;  /* Return the locked node */
    }

    /* No existing parent; add directly to hash table */
    ntt->tbl[hash_code] = new_node;
    return new_node;
}

/* Tree destructor */

int ntt_destroy(struct ntt *ntt) {
    struct ntt_node *node, *next;
    struct ntt_c c;

    if (ntt == NULL) return -1;

    node = c_ntt_first(ntt, &c);
    while(node != NULL) {
        next = c_ntt_next(ntt, &c);
        ntt_delete(ntt, node->key);
        node = next;
    }

    free(ntt->tbl);
    free(ntt);
    ntt = (struct ntt *) NULL;

    return 0;
}

/* Delete a single node in the tree */

int ntt_delete(struct ntt *ntt, const char *key) {
    long hash_code;
    struct ntt_node *parent = NULL;
    struct ntt_node *node;
    struct ntt_node *del_node = NULL;

    if (ntt == NULL) return -1;

    hash_code = ntt_hashcode(ntt, key);
    node        = ntt->tbl[hash_code];

    while (node != NULL) {
        if (strcmp(key, node->key) == 0) {
            del_node = node;
            node = NULL;
        }

        if (del_node == NULL) {
          parent = node;
          node = node->next;
        }
    }

    if (del_node != NULL) {

        if (parent) {
            parent->next = del_node->next;
        } else {
            ntt->tbl[hash_code] = del_node->next;
        }

        free(del_node->key);
        free(del_node);
        ntt->items--;

        return 0;
    }

    return -5;
}

/* Point cursor to first item in tree */

struct ntt_node *c_ntt_first(struct ntt *ntt, struct ntt_c *c) {

    c->iter_index = 0;
    c->iter_next = (struct ntt_node *)NULL;
    return(c_ntt_next(ntt, c));
}

/* Point cursor to next iteration in tree */

struct ntt_node *c_ntt_next(struct ntt *ntt, struct ntt_c *c) {
    long index;
    struct ntt_node *node = c->iter_next;

    if (ntt == NULL) return NULL;

    if (node) {
        if (node != NULL) {
            c->iter_next = node->next;
            return (node);
        }
    }

    if (! node) {
        while (c->iter_index < ntt->size) {
            index = c->iter_index++;

            if (ntt->tbl[index]) {
                c->iter_next = ntt->tbl[index]->next;
                return(ntt->tbl[index]);
            }
        }
    }
    return((struct ntt_node *)NULL);
}

/* END NTT (Named Pointer Tree) Functions */


/* BEGIN Configuration Functions */

static const char *
get_hash_tbl_size(cmd_parms *cmd, void *dconfig, const char *value) {
  long n = strtol(value, NULL, 0);

  if (n<=0) {
    hash_table_size = DEFAULT_HASH_TBL_SIZE;
  } else  {
    hash_table_size = n;
  }

  return NULL;
}

static const char *
get_page_count(cmd_parms *cmd, void *dconfig, const char *value) {
  long n = strtol(value, NULL, 0);
  if (n<=0) {
    page_count = DEFAULT_PAGE_COUNT;
  } else {
    page_count = n;
  }

  return NULL;
}

static const char *
get_site_count(cmd_parms *cmd, void *dconfig, const char *value) {
  long n = strtol(value, NULL, 0);
  if (n<=0) {
    site_count = DEFAULT_SITE_COUNT;
  } else {
    site_count = n;
  }

  return NULL;
}

static const char *
get_page_interval(cmd_parms *cmd, void *dconfig, const char *value) {
  long n = strtol(value, NULL, 0);
  if (n<=0) {
    page_interval = DEFAULT_PAGE_INTERVAL;
  } else {
    page_interval = n;
  }

  return NULL;
}

static const char *
get_site_interval(cmd_parms *cmd, void *dconfig, const char *value) {
  long n = strtol(value, NULL, 0);
  if (n<=0) {
    site_interval = DEFAULT_SITE_INTERVAL;
  } else {
    site_interval = n;
  }

  return NULL;
}

static const char *
get_blocking_period(cmd_parms *cmd, void *dconfig, const char *value) {
  long n = strtol(value, NULL, 0);
  if (n<=0) {
    blocking_period = DEFAULT_BLOCKING_PERIOD;
  } else {
    blocking_period = n;
  }

  return NULL;
}

static const char *
get_log_dir(cmd_parms *cmd, void *dconfig, const char *value) {
  if (value != NULL && value[0] != 0) {
    if (log_dir != NULL)
      free(log_dir);
    log_dir = strdup(value);
  }

  return NULL;
}

static const char *
get_email_notify(cmd_parms *cmd, void *dconfig, const char *value) {
  if (value != NULL && value[0] != 0) {
    if (email_notify != NULL)
      free(email_notify);
    email_notify = strdup(value);
  }

  return NULL;
}

static const char *
get_system_command(cmd_parms *cmd, void *dconfig, const char *value) {
  if (value != NULL && value[0] != 0) {
    if (system_command != NULL)
      free(system_command);
    system_command = strdup(value);
  }
 
  return NULL;


/* END Configuration Functions */

static const command_rec access_cmds[] =
{
 AP_INIT_TAKE1("DOSHashTableSize", get_hash_tbl_size, NULL, RSRC_CONF, 
  "Set size of hash table"),

        AP_INIT_TAKE1("DOSPageCount", get_page_count, NULL, RSRC_CONF,
  "Set maximum page hit count per interval"),

        AP_INIT_TAKE1("DOSSiteCount", get_site_count, NULL, RSRC_CONF,
  "Set maximum site hit count per interval"),

        AP_INIT_TAKE1("DOSPageInterval", get_page_interval, NULL, RSRC_CONF,
  "Set page interval"),

 AP_INIT_TAKE1("DOSSiteInterval", get_site_interval, NULL, RSRC_CONF,
  "Set site interval"),

        AP_INIT_TAKE1("DOSBlockingPeriod", get_blocking_period, NULL, RSRC_CONF,
  "Set blocking period for detected DoS IPs"),

 AP_INIT_TAKE1("DOSEmailNotify", get_email_notify, NULL, RSRC_CONF,
  "Set email notification"),

 AP_INIT_TAKE1("DOSLogDir", get_log_dir, NULL, RSRC_CONF,
  "Set log dir"),

 AP_INIT_TAKE1("DOSSystemCommand", get_system_command, NULL, RSRC_CONF,
  "Set system command on DoS"),

        AP_INIT_ITERATE("DOSWhitelist", whitelist, NULL, RSRC_CONF,
                "IP-addresses wildcards to whitelist"),

 { NULL }
};

static void register_hooks(apr_pool_t *p) {
  ap_hook_access_checker(access_checker, NULL, NULL, APR_HOOK_MIDDLE);
  apr_pool_cleanup_register(p, NULL, apr_pool_cleanup_null, destroy_hit_list);
};

module AP_MODULE_DECLARE_DATA evasive20_module =
{
    STANDARD20_MODULE_STUFF,
    NULL,
    NULL,
    create_hit_list,
    NULL,
    access_cmds,
    register_hooks
};


static char *lookup_header(request_rec *r, const char *name)
{
    const apr_array_header_t *hdrs_arr;
    const apr_table_entry_t *hdrs;
    int i;
    
    hdrs_arr = apr_table_elts(r->headers_in);
    hdrs = (const apr_table_entry_t *)hdrs_arr->elts;
    for (i = 0; i < hdrs_arr->nelts; ++i) {
        if (hdrs[i].key == NULL) {
            continue;
        }
        if (strcasecmp(hdrs[i].key, name) == 0) {
            return hdrs[i].val;
        }
    }
    return NULL;
}

コメントする1個

4.
2011/03/22 Linux > Subversion > インストール」
[この書込みのみ表示(記事URL紹介用) / 編集 / 削除 / トラバ送信 / 共有分類に追加(タグ付け)]

1. 前書き
2. Apache経由でSVN Repositoryにアクセスするようにインストール
        1. yum
        2. apache関連のconfig
3. SVNレポジトリーの作成
4. svnを実際に使ってみる

1. 前書き

Gitを近頃はちょこちょこと使っていたけど、Subversionに仕事合わせでバージョン管理を移行してみる。
後、Macを使うようになってから気づいたけど、色々開発エディターがSVNに対応しているのはメリットかな。
SVNを使えるようにするにあたっては、環境によってはセキュリティを気にしなくてはいけない。
ここでは
・Digest認証
・特異なポート
・HTTPSでのアクセスのみ許可
といった所まで行う。
2. Apache経由でSVN Repositoryにアクセスするようにインストール

インストールする前提環境は
/usr/local/apache2
で動いているソース経由インストールのapacheと
/usr/sbin/httpd
のyum管理下のhttpdがある環境。
yum管理下のapacheの方をsvn用に使ってみる。
      1. yum

yumでインストールされる方に作ってみる。
まず、root権限でyumで関連モジュールをインストール。
yum install subversion
yum install mod_dav_svn

      2. apache関連のconfig

まずhttpd.conf。

vi /etc/httpd/conf/httpd.conf
で、SVN用にListen するポートを設定。
なるべく普通ではないポートが良い。
そして、
Include /etc/httpd/conf.d/subversion.conf
を追加
後、Subversion専用ならあまりクライアント数とかは必要無いので、そこら辺を調整

vi /etc/httpd/conf.d/subversion.conf
# subversionをapache経由で使うのに必須なモジュールの設定
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

# ssl.confをコピーして編集したもの /基本的にDirectory指定とPort指定の部分を外すだけで良い
Include conf.d/ssl.conf2

# 適当にSVNのディレクトリをネーミング。デフォルトとは違うパス名にするのが良い
<Location /repository_list>
DAV svn
# 例:このディレクトリ以下にレポジトリーを置いておくのなら
SVNParentPath /usr/local/svn
# Forbiddenの代わりにレポジトリーの一覧を表示するようにする
SVNListParentPath On

# Basic認証ではなくDigest認証を使おう
AuthType Digest
AuthName DAV-upload

# You can use the htdigest program to create the password database:
# htdigest -c "/usr/local/svn/user.passwd" DAV-upload admin
# SVNにアクセス出来るユーザーを定義
AuthUserFile "/usr/local/svn/user.passwd"
AuthDigestProvider file
# 正しいアカウント情報を入れたユーザーのみアクセス可能
Require valid-user

# httpsでのみアクセスが可能
SSLRequireSSL
</Location>

あとは
cd /etc/httpd/conf.d
cp ssl.conf ssl.conf2
して
vi ssl.conf2

必要のない所を削る。
そのままで良ければそれでも良いが。
3. SVNレポジトリーの作成

例えばwww_repositoryというレポジトリーを作るとすると
root権限で
mkdir /usr/local/svn/www_repository
svnadmin create /usr/local/svn/www_repository
chown -R apache:apache /usr/local/svn/www_repository

https://svn_server:port/repository_list/www_repository
にアクセスして正常に動作している事を確認。

ユーザー権限で
svn mkdir https://svn_server_name/repository_list/www_repository/trunk -m "trunk作成。本筋開発用"
svn mkdir https://svn_server_name/repository_list/www_repository/branches -m "branches作成。ブランチ用"
svn mkdir https://svn_server_name/repository_list/www_repository/tags -m "tags作成。タグ付け用"

4. svnを実際に使ってみる

svnクライアントが入っている環境で
svn co https://svn_server_name/repository_list/www_repository
し、その中にファイルを追加していき、
svn add
でファイルを追加し
svn commit
で反映しきる。
登録したファイルだけ吐き出させるには
svn export https://svn_server_name/repository_list/www_repository

編集履歴を見るには
svn log 対象ファイル
その為にもコメントは残しておく

コメントする

5.
2010/05/31 Linux > OS > CentOS5.5リリース&本日4:30 AMにサーバーを再起動」
[この書込みのみ表示(記事URL紹介用) / 編集 / 削除 / トラバ送信 / 共有分類に追加(タグ付け)]

1. CentOS5.5へのアップグレード
2. ChangeLog(旧版との変更履歴差分)
        1. httpd
        2. kernel

1. CentOS5.5へのアップグレード

作品DB、最速一括検索、皆声.jp等のウェブサーバーで使っているOSのCentOSに、新版の5.5が今月14日に出ました(リリースノート)。
OSの更新となると、サーバーの再起動が必要になるので、本日4:30 AMにその対応でサーバーを一回再起動する予定です。
5分程度繋がらなくなる事が考えられますので、宜しくお願い致します。
また、毎日の定期更新処理(アクセス履歴等)も、その再起動が終わってから走らせるので、いつもよりかは反映が遅れます。

なお、

主に関係するアップデート
旧版
新版
ウェブサーバー(httpd)2.2.3-31.el5.centos.42.2.3-43.el5.centos
OS(kernel)2.6.18-164.6.1.el52.6.18-194.3.1.el5

といった具合にアップデートされます。
CentOS5.5からはファイルシステムとしては、ext4が使えるようですが、現行機での移行作業は危険と判断して、とりあえずOSのアップデートだけする事にします。

追記: OS更新作業終了しました。
2. ChangeLog(旧版との変更履歴差分)


      1. httpd

Mon Apr 5 00:00:00 2010 Karanbir Sing - 2.2.3-43.el5.centos
- Roll in CentOS Branding

Thu Mar 4 23:00:00 2010 Joe Orton - 2.2.3-43
- add security fixes for CVE-2010-0408, CVE-2010-0434 (#570441)

Tue Feb 23 23:00:00 2010 Joe Orton - 2.2.3-42
- require and BR a version of OpenSSL with the secure reneg API (#566659)

Tue Feb 23 23:00:00 2010 Joe Orton - 2.2.3-41
- mod_ssl: add SSLInsecureRenegotiation (#566659)

Mon Feb 1 23:00:00 2010 Joe Orton - 2.2.3-40
- mod_ssl: further fix for OID() handling (#552942)

Thu Jan 28 23:00:00 2010 Joe Orton - 2.2.3-39
- prevent use of rsync during \"make install\" (#557049)

Thu Jan 28 23:00:00 2010 Joe Orton - 2.2.3-38
- mod_ssl: fix additional case for OID() handling (#552942)
- mod_authnz_ldap: fix handling of empty filter in group defn (#252038)

Tue Jan 19 23:00:00 2010 Joe Orton - 2.2.3-37
- mod_ssl: use ASN1_STRING_print() in SSLRequire\'s OID() (#552942)

Sun Dec 20 23:00:00 2009 Joe Orton - 2.2.3-36
- mod_ssl: add further mitigation for CVE-2009-3555 (#534042)
- add mod_substitute (#539256)

Fri Dec 18 23:00:00 2009 Joe Orton - 2.2.3-35.el5
- mod_authnz_ldap: dynamic group fixes (#252038)

Thu Dec 17 23:00:00 2009 Joe Orton - 2.2.3-34.el5
- mod_authnz_ldap: add support for dynamic group lookup (#252038)

Wed Dec 16 23:00:00 2009 Joe Orton - 2.2.3-33.el5
- add security fixes for CVE-2009-3555, CVE-2009-3094,
CVE-2009-3095 (#534042)

Wed Dec 2 23:00:00 2009 Joe Orton - 2.2.3-32.el5
- fix hard-coded default pidfile to match default config (#505002)
- mod_ssl: fix potential hang in renegotiation (#510515)
- drop legacy X-Pad header from short responses (#526110)
- mod_proxy_ajp: fix handling of large uploads (#528640)
- mod_authnz_ldap: add AuthLDAPRemoteUserAttribute directive (#520838)
- mod_rewrite: add DiscardPathInfo flag (#517500)
- mod_authnz_ldap: don\'t fail authz if no ldap-* configured (#448350)
- disable keepalive for Expect: 100-continue and error response (#533407)

      2. kernel

Fri May 14 00:00:00 2010 Karanbir Singh [2.6.18-194.3.1.el5.centos]
- Roll in CentOS gpg key

Mon May 3 00:00:00 2010 Jiri Pirko [2.6.18-194.3.1.el5]
- [net] bnx2: fix lost MSI-X problem on 5709 NICs (John Feeney) [587799 511368]

Thu Apr 22 00:00:00 2010 Jiri Pirko [2.6.18-194.2.1.el5]
- [cpu] fix boot crash in 32-bit install on AMD cpus (Bhavna Sarathy) [580846 575799]

Wed Apr 14 00:00:00 2010 Jiri Pirko [2.6.18-194.1.1.el5]
- [xen] arpl on MMIO area crashes the guest (Paolo Bonzini) [572979 572982] {CVE-2010-0730}
- [mm] fix boot on s390x after bootmem overlap patch (Amerigo Wang) [580838 550974]
- [net] bnx2: avoid restarting cnic in some contexts (Andy Gospodarek) [581148 554706]
- [iscsi] fix slow failover times (Mike Christie) [580840 570681]
- [misc] kernel: fix elf load DoS on x86_64 (Danny Feng) [560552 560553] {CVE-2010-0307}
- [netlink] connector: delete buggy notification code (Jiri Olsa) [561684 561685] {CVE-2010-0410}
- [sound] hda_intel: avoid divide by zero in azx devices (Jaroslav Kysela) [567171 567172] {CVE-2010-1085}
- [dvb] fix endless loop when decoding ULE at dvb-core (Mauro Carvalho Chehab) [569241 569242] {CVE-2010-1086}
- [scsi] fnic: fix tx queue handling (Mike Christie) [580829 576709]
- [fusion] mptsas: fix event_data alignment (Tomas Henzl) [580832 570000]
- [edac] fix internal error message in amd64_edac driver (Bhavna Sarathy) [580836 569938]
- [x86_64] fix floating point state corruption after signal (Oleg Nesterov) [580841 560891]
- [mm] don\'t let reserved memory overlap bootmem_map (Amerigo Wang) [580838 550974]
- [s390] kernel: correct TLB flush of page table entries (Hendrik Brueckner) [580839 545527]
- [xen] iommu: clear IO-APIC pins on boot and shutdown (Paolo Bonzini) [580199 548201]
- [xen] vtd: fix ioapic pin array (Don Dugger) [581150 563546]

Tue Mar 16 23:00:00 2010 Jarod Wilson [2.6.18-194.el5]
- [net] mlx4: pass attributes down to vlan interfaces (Doug Ledford) [573098]
- [block] cfq-iosched: fix sequential read perf regression (Jeff Moyer) [571818]

Mon Mar 15 23:00:00 2010 Jarod Wilson [2.6.18-193.el5]
- [fs] gfs2: locking fix for potential dos (Steven Whitehouse) [572390] {CVE-2010-0727}
- [acpi] power_meter: avoid oops on driver load (Matthew Garrett) [566575]
- [net] r8169: fix assignments in backported net_device_ops (Ivan Vecera) [568040]
- [net] virtio_net: refill rx buffer on out-of-memory (Herbert Xu) [554078]

Tue Mar 9 23:00:00 2010 Jarod Wilson [2.6.18-192.el5]
- [cpu] fix amd l3 cache disable functionality (Jarod Wilson) [517586]
- [misc] backport upstream strict_strto* functions (Jarod Wilson) [517586]
- [wireless] rt2x00: fix work cancel race conditions (Stanislaw Gruszka) [562972]
- [net] igb: fix DCA support for 82580 NICs (Stefan Assmann) [513712]
- Revert: [ia64] kdump: fix a deadlock while redezvousing (Neil Horman) [506694]
- [block] cfq: kick busy queues w/o waiting for merged req (Jeff Moyer) [570814]
- [fs] cifs: max username len check in setup does not match (Jeff Layton) [562947]
- [fs] cifs: CIFS shouldn\'t make mountpoints shrinkable (Jeff Layton) [562947]
- [fs] cifs: fix dentry hash for case-insensitive mounts (Jeff Layton) [562947]
- [fs] cifs: fix len for converted unicode readdir names (Jeff Layton) [562947]
- [x86_64] xen: fix missing 32-bit syscalls on 64-bit Xen (Christopher Lalancette) [559410]
- [fs] gfs2: fix kernel BUG when using fiemap (Abhijith Das) [569610]
- [net] sctp: backport cleanups for ootb handling (Neil Horman) [555667] {CVE-2010-0008}
- [xen] vtd: ignore unknown DMAR entries (Don Dugger) [563900]

Mon Mar 1 23:00:00 2010 Jarod Wilson [2.6.18-191.el5]
- [wireless] iwlwifi: fix dual band N-only use on 5x00 (Stanislaw Gruszka) [566696]
- [net] be2net: critical bugfix from upstream (Ivan Vecera) [567718]
- [net] tg3: fix 5717 and 57765 asic revs panic under load (John Feeney) [565964]
- [net] bnx2x: use single tx queue (Stanislaw Gruszka) [567979]
- [net] igb: fix WoL initialization when disabled in eeprom (Stefan Assmann) [564102]
- [net] igb: fix warning in igb_ethtool.c (Stefan Assmann) [561076]
- [net] s2io: restore ability to tx/rx vlan traffic (Neil Horman) [562732]
- [net] ixgbe: stop unmapping DMA buffers too early (Andy Gospodarek) [568153]
- [net] e1000e: disable NFS filtering capabilites in ICH hw (Andy Gospodarek) [558809]
- [net] bnx2: update firmware and version to 2.0.8 (Andy Gospodarek) [561578]
- [net] mlx4: fix broken SRIOV code (Doug Ledford) [567730]
- [net] mlx4: pass eth attributes down to vlan interfaces (Doug Ledford) [557109]
- [x86_64] fix missing 32 bit syscalls on 64 bit (Wade Mealing) [559410]
- [s390] zcrypt: Do not remove coprocessor on error 8/72 (Hendrik Brueckner) [561067]
- [misc] usb-serial: add support for Qualcomm modems (Pete Zaitcev) [523888]
- [scsi] mpt2sas: fix missing initialization (Tomas Henzl) [565637]
- [i386] mce: avoid deadlocks during MCE broadcasts (Prarit Bhargava) [562862]
- [x86_64] k8: do not mark early_is_k8_nb as _init (Paolo Bonzini) [567275]
- [ia64] kdump: fix a deadlock while redezvousing (Neil Horman) [506694]
- [dm] raid45: constructor error path oops fix (Heinz Mauelshagen) [565494]
- [mm] prevent severe performance degradation hang fix (Dave Anderson) [544448]
- [net] cxgb3: memory barrier addition fixup (Steve Best) [561957]

Mon Feb 22 23:00:00 2010 Jarod Wilson [2.6.18-190.el5]
- [x86_64] mce: avoid deadlocks during MCE broadcasts (Prarit Bhargava) [562866]
- [scsi] device_handler: add netapp to alua dev list (Mike Christie) [562080]
- [misc] wacom: add Intuos4 support (Don Zickus) [502708]
- [scsi] be2iscsi: fix eh bugs and enable new hw support (Mike Christie) [564145]
- [net] ixgbe: initial support of ixgbe PF and VF drivers (Andy Gospodarek) [525577]
- [fs] ext4: avoid divide by 0 when mounting corrupted fs (Eric Sandeen) [547253]
- [net] bnx2x: update to 1.52.1-6 firmware (Stanislaw Gruszka) [560556]
- [net] bnx2x: update to 1.52.1-6 (Stanislaw Gruszka) [560556]
- [misc] hvc_iucv: alloc send/receive buffers in DMA zone (Hendrik Brueckner) [566202]
- [net] ixgbe: prevent speculatively processing descriptors (Steve Best) [566309]
- [fs] fix randasys crashes x86_64 systems regression (Peter Bogdanovic) [562857]
- [scsi] fix bugs in fnic and libfc (Mike Christie) [565594]
- [net] tg3: fix 57765 LED (John Feeney) [566016]
- [net] tg3: fix race condition with 57765 devices (John Feeney) [565965]
- [fs] gfs2: use correct GFP for alloc page on write (Steven Whitehouse) [566221]
- [scsi] lpfc: update version for 8.2.0.63.3p release (Rob Evers) [564506]
- [scsi] lpfc: fix driver build issues in rhel5.5 (Rob Evers) [564506]
- [scsi] lpfc: relax event queue field checking (Rob Evers) [564506]
- [scsi] lpfc: implement the PORT_CAPABITIES mailbox cmd (Rob Evers) [564506]
- [scsi] lpfc: fix a merge issue (Rob Evers) [564506]
- [scsi] lpfc: Add support for new SLI features (Rob Evers) [564506]
- [scsi] lpfc: Add support for 64-bit PCI BAR region 0 (Rob Evers) [564506]
- [nfs] fix a deadlock in the sunrpc code (Steve Dickson) [548846]
- [fs] ecryptfs: fix metadata in xattr feature regression (Eric Sandeen) [553670]
- [scsi] qla2xxx: return FAILED if abort command fails (Rob Evers) [559972]
- [virtio] fix module loading for virtio-balloon module (Anthony Liguori) [564361]
- [mm] xen: make mmap() with PROT_WRITE (Andrew Jones) [562761]
- [hwmon] w83627hf: fix data to platform_device_add_data (Dean Nelson) [557172]
- [hwmon] smsc47m1: fix data to platform_device_add_data (Dean Nelson) [560944]
- [hwmon] it87: fix sio_data to platform_device_add_data (Dean Nelson) [559950]
- [hwmon] f71805f: fix sio_data to platform_device_add_data (Dean Nelson) [564399]
- [base] make platform_device_add_data accept const pointer (Dean Nelson) [557172 559950 560944 564399]
- [net] forcedeth: fix putting system into S4 (Matthew Garrett) [513203]
- [net] netfilter: allow changing queue length via netlink (Steve Best) [562945]
- [mm] i386: fix iounmap\'s use of vm_struct\'s size field (Danny Feng) [549465]
- [ppc] fix sched while atomic error in alignment handler (Steve Best) [543637]
- [pci] aer: disable advanced error reporting by default (Prarit Bhargava) [559978]
- [s390] qeth: set default BLKT settings by OSA hw level (Hendrik Brueckner) [559621]
- [net] e1000e: fix deadlock unloading module on some ICH8 (Andy Gospodarek) [555818]
- [misc] rwsem: fix a bug in rwsem_is_locked() (Amerigo Wang) [526092]
- [s390] clear high-order bits after switch to 64-bit mode (Hendrik Brueckner) [546302]

Tue Feb 16 23:00:00 2010 Jarod Wilson [2.6.18-189.el5]
- [net] wireless fixes from 2.6.32.7 (John Linville) [559711]
- [net] wireless fixes from 2.6.32.4 (John Linville) [559711]
- [net] wireless fixes through 2.6.32.3 (John Linville) [559711]
- [net] wireless fixes from 2.6.32.2 (John Linville) [559711]

Mon Feb 15 23:00:00 2010 Jarod Wilson [2.6.18-188.el5]
- [net] be2net: latest bugfixes from upstream for rhel5.5 (Ivan Vecera) [561322]
- [infiniband] fix bitmask handling from QP control block (Steve Best) [561953]
- [infiniband] fix issue w/sleep in interrupt ehca handler (Steve Best) [561952]
- [char] ipmi: fix ipmi_watchdog deadlock (Tony Camuso) [552675]
- [net] cnic: additional fixes for rhel5.5 update (Mike Christie) [517378]
- [net] cxgb3: add memory barriers (Steve Best) [561957]
- [fs] nfsv4: distinguish expired from stale stateid (Wade Mealing) [514654]
- [net] igb: fix msix_other interrupt masking (Stefan Assmann) [552348]
- [net] niu: fix deadlock when using bonding (Andy Gospodarek) [547943]
- [x86] xen: invalidate dom0 pages before starting guest (Christopher Lalancette) [466681]
- [cpufreq] powernow-k8: fix crash on AMD family 0x11 procs (Bhavna Sarathy) [555180]
- [misc] ptrace: PTRACE_KILL hangs in 100% cpu loop (Vitaly Mayatskikh) [544138]
- [scsi] megaraid: fix 32-bit apps on 64-bit kernel (Tomas Henzl) [518243]
- [misc] fix APIC and TSC reads for guests (Prarit Bhargava) [562006]
- [mm] fix sys_move_pages infoleak (Eugene Teo) [562590] {CVE-2010-0415}
- [fs] aio: fix .5% OLTP perf regression from eventfd (Jeff Moyer) [548565]
- [net] sky2: fix initial link state errors (Andy Gospodarek) [559329]
- [x86_64] wire up compat sched_rr_get_interval (Danny Feng) [557092]
- [net] netfilter: enforce CAP_NET_ADMIN in ebtables (Danny Feng) [555243] {CVE-2010-0007}
- [misc] fix kernel info leak with print-fatal-signals=1 (Danny Feng) [554584] {CVE-2010-0003}
- [fs] gfs2: don\'t withdraw on partial rindex entries (Benjamin Marzinski) [553447]
- [net] ipv6: fix OOPS in ip6_dst_lookup_tail (Thomas Graf) [552354]
- [misc] khungtaskd: set PF_NOFREEZE flag to fix suspend (Amerigo Wang) [550014]
- [block] loop: fix aops check for GFS (Josef Bacik) [549397]

Mon Feb 8 23:00:00 2010 Jarod Wilson [2.6.18-187.el5]
- [misc] EDAC driver fix for non-MMCONFIG systems (Bhavna Sarathy) [550123]
- [misc] audit: fix breakage and leaks in audit_tree.c (Alexander Viro) [549750]
- [mm] prevent hangs during memory reclaim on large systems (Larry Woodman) [546428]
- [usb] support more Huawei modems (Pete Zaitcev) [517454]
- [x86] fix AMD M-C boot inside xen on pre-5.5 hypervisor (Paolo Bonzini) [560013]
- [kvm] pvclock on i386 suffers from double registering (Glauber Costa) [557095]
- [md] fix kernel panic releasing bio after recovery failed (Takahiro Yasui) [555171]
- [md] fix deadlock at suspending mirror device (Takahiro Yasui) [555120]
- [pci] VF can\'t be enabled in dom0 (Don Dutile) [547980]
- [acpi] fix NULL pointer panic in acpi_run_os (Prarit Bhargava) [547733]
- [kvm] kvmclock won\'t restore properly after resume (Glauber Costa) [539521]
- [x86_64] export additional features in cpuinfo for xen (Prarit Bhargava) [517928]
- [fs] proc: make smaps readable even after setuid (Dave Anderson) [322881]
- [net] iptables: fix routing of REJECT target packets (Jiri Olsa) [548079]
- [net] niu: fix the driver to be functional with vlans (Jiri Pirko) [538649]
- [mm] prevent performance hit for 32-bit apps on x86_64 (Larry Woodman) [544448]
- [mm] mmap: don\'t ENOMEM when mapcount is temp exceeded (Danny Feng) [552648]
- [fs] proc: make errno values consistent when race occurs (Danny Feng) [556545]
- [net] igb: update driver to support End Point DCA (Stefan Assmann) [513712]
- [scsi] qla2xxx: FCP2 update, dpc bug, fast mailbox read (Rob Evers) [550286]
- [scsi] qla2xxx: fix timeout value for CT passthru cmds (Rob Evers) [552327]
- [scsi] lpfc: update to version 8.2.0.63.p2 (Rob Evers) [557792]
- [scsi] lpfc: update driver to version 8.2.0.63.1p FC/FCoE (Rob Evers) [555604]
- [scsi] be2iscsi: upstream driver refresh for rhel5.5 (Mike Christie) [554545]
- [pci] add ids for intel b43 graphics controller (John Villalovos) [523637]
- [misc] support Nehalem-EX processors in Oprofile (John Villalovos) [521992]
- [scsi] scsi_dh: make rdac hw handler\'s activate() async (Rob Evers) [537514]
- [scsi] scsi_dh: change scsidh_activate interface to async (Rob Evers) [537514]
- [alsa] support Creative X-Fi EMU20K1 and EMU20K2 chips (Jaroslav Kysela) [523786]
- [net] tg3: update to version 3.106 for 57765 asic support (John Feeney) [545135]
- [net] bonding: fix alb mode locking regression (Andy Gospodarek) [533496]
- [scsi] stex: don\'t try to scan a nonexistent lun (David Milburn) [531488]
- [scsi] bnx2i: additional fixes for rhel5.5 update (Mike Christie) [517378]
- [misc] hpilo: fix build warning in ilo_isr (Tony Camuso) [515010]
- [scsi] qla2xxx: add AER support (Rob Evers) [513927]
- [x86] relocate initramfs so we can increase vmalloc space (Neil Horman) [499253]
- [mm] memory mapped files not updating timestamps (Peter Staubach) [452129]

Wed Jan 27 23:00:00 2010 Jarod Wilson [2.6.18-186.el5]
- [net] emergency route cache flushing fixes (Thomas Graf) [545663] {CVE-2009-4272}
- [fs] fasync: split \'fasync_helper()\' into separate add/remove functions (Danny Feng) [548657] {CVE-2009-4141}
- [scsi] qla2xxx: NPIV vport management pseudofiles are world writable (Tom Coughlan) [537318] {CVE-2009-3556}
- [net] ipv6: fix ipv6_hop_jumbo remote system crash (Amerigo Wang) [548643] {CVE-2007-4567}
- [net] e1000e: fix broken wol (Andy Gospodarek) [557974]
- [net] r8169: add missing hunk from frame length filtering fix (Jarod Wilson) [552438]

Thu Jan 14 23:00:00 2010 Jarod Wilson [2.6.18-185.el5]
- [net] e1000e: fix rx length check errors (Amerigo Wang) [551223] {CVE-2009-4538}
- [net] e1000: fix rx length check errors (Neil Horman) [552138] {CVE-2009-4536}
- [net] r8169: improved frame length filtering (Neil Horman) [550915] {CVE-2009-4537}
- kabi: fix dma_async_register symbol move (Jarod Wilson) [526342]
- [kabi] add {napi,vlan}_gro_receive and intel dca symbols (Jon Masters) [526342]
- Revert: amd64_edac: fix access to pci conf space type 1 (Jarod Wilson) [479070]

Wed Jan 13 23:00:00 2010 Jarod Wilson [2.6.18-184.el5]
- [scsi] lpfc: Update lpfc to version 8.2.0.63 driver release (Rob Evers) [549763]
- [scsi] lpfc: Fix single SCSI buffer not handled on SLI4 (Rob Evers) [549763]
- [scsi] lpfc: Fix Dead FCF not triggering discovery others (Rob Evers) [549763]
- [scsi] lpfc: Fix vport->fc_flag set outside of lock fail (Rob Evers) [549763]
- [scsi] lpfc: Fix processing of failed read fcf record (Rob Evers) [549763]
- [scsi] lpfc: Fix fc header seq_count checks (Rob Evers) [549763]
- [scsi] lpfc: Update to version 8.2.0.62 driver release (Rob Evers) [549763]
- [scsi] lpfc: Fix hbq buff only for sli4 (Rob Evers) [549763]
- [scsi] lpfc: Fix hbq buff adds to receive queue (Rob Evers) [549763]
- [scsi] lpfc: Fix multi-frame sequence response frames (Rob Evers) [549763]
- [scsi] lpfc: Fix adapter reset and off/online stress test (Rob Evers) [549763]
- [scsi] lpfc: Update to version 8.2.0.61 driver release (Rob Evers) [549763]
- [scsi] lpfc: Fix vport register VPI after devloss timeout (Rob Evers) [549763]
- [scsi] lpfc: Fix crash during unload and sli4 abort cmd (Rob Evers) [549763]
- [scsi] lpfc: Blocked all SCSI I/O requests from midlayer (Rob Evers) [549763]
- [scsi] lpfc: Made TigerShark set up and use single FCP EQ (Rob Evers) [549763]
- [scsi] lpfc: Update to 8.2.0.60 driver release (Rob Evers) [549763]
- [scsi] lpfc: Fix vport not logging out when being deleted (Rob Evers) [549763]
- [net] fixup problems with vlans and bonding (Andy Gospodarek) [526976]
- [net] ixgbe: upstream update to include 82599-KR support (Andy Gospodarek) [513707]
- [net] enic: update to upstream version 1.1.0.241a (Andy Gospodarek) [550148]
- [net] be2net: multiple bug fixes (Ivan Vecera) [549460]
- [net] virtio_net: fix tx wakeup race condition (Herbert Xu) [524651]
- [net] add send/receive tracepoints (Neil Horman) [475457]
- [iscsi] fix install panic w/xen iSCSI boot device (Miroslav Rezanina) [512991]
- Revert: [mm] SRAT and NUMA fixes for span and/or is disc (Larry Woodman) [474097]
- [misc] oprofile support for nehalme ep processors (John Villalovos) [498624]
- [scsi] fix duplicate libiscsi symbol and kabi warnings (Jarod Wilson) [515284]
- [edac] amd64_edac: fix access to pci conf space type 1 (Bhavna Sarathy) [479070]
- [misc] do not evaluate WARN_ON condition twice (Hendrik Brueckner) [548653]
- [xen] fix cpu frequency scaling on Intel procs (Christopher Lalancette) [553324]
- [xen] passthrough MSI-X mask bit acceleration V3 (Don Dugger) [537734]
- [xen] change interface of hvm_mmio_access V3 (Don Dugger) [537734]
- [xen] fix msix table fixmap allocation V3 (Don Dugger) [537734]

Mon Dec 21 23:00:00 2009 Jarod Wilson [2.6.18-183.el5]
- [kabi] add scsi_dma_{,un}map (Jon Masters) [533489]
- [kabi] add scsi_nl_{send_vendor_msg,{add,remove}_driver} (Jon Masters) [515812]
- [kabi] add do_settimeofday and _user_walk_fd (Jon Masters) [486205]
- [kabi] add pci_domain_nr (Jon Masters) [450121]
- [sound] alsa hda driver update for rhel5.5 (Jaroslav Kysela) [525390]
- Revert: [pci] avoid disabling acpi to use non-core PCI (Mauro Carvalho Chehab) [504330 547898]
- [net] wireless: fix build when using O=objdir (John Linville) [546712]
- [pci] remove msi-x vector allocation limitation (Stefan Assmann) [531266]
- [net] vxge: avoid netpoll<->NAPI race (Michal Schmidt) [453683]
- [scsi] update fcoe for rhel5.5 (Mike Christie) [526259]
- [net] update tg3 driver to version 3.100 (John Feeney) [515312]
- [block] fix rcu accesses in partition statistics code (Jerome Marchand) [493517]
- [pci] enable acs p2p upstream forwarding (Chris Wright) [518305]
- [net] e1000e: support for 82567V-3 and MTU fixes (Andy Gospodarek) [513706]
- [pci] aer hest disable support (Prarit Bhargava) [547762]
- [pci] aer hest firmware first support (Prarit Bhargava) [547762]
- [block] iosched: fix batching fairness (Jeff Moyer) [462472]
- [block] iosched: reset batch for ordered requests (Jeff Moyer) [462472]
- [net] bonding: allow arp_ip_targets on separate vlan from bond device (Andy Gospodarek) [526976]
- [firewire] ohci: handle receive packets with zero data (Jay Fenlason) [547242] {CVE-2009-4138}
- [drm] intel: add IRONLAKE support to AGP/DRM drivers (Dave Airlie) [547908]
- [xen] mask AMD\'s Node ID MSR (Andrew Jones) [547518]
- Revert: [xen] fix msi-x table fixmap allocation (Don Dugger) [537734]
- Revert: [xen] change interface of hvm_mmio_access (Don Dugger) [537734]
- Revert: [xen] passthrough msi-x mask bit acceleration (Don Dugger) [537734]

Tue Dec 15 23:00:00 2009 Don Zickus [2.6.18-182.el5]
- [x86_64] disable vsyscall in kvm guests (Glauber Costa) [542612]
- [fs] ext3: replace lock_super with explicit resize lock (Eric Sandeen) [525100]
- [net] bonding: add debug module option (Jiri Pirko) [546624]
- [fs] respect flag in do_coredump (Danny Feng) [544189] {CVE-2009-4036}
- [md] fix a race in dm-raid1 (Mikulas Patocka) [502927]
- [misc] timer: add tracepoints (Jason Baron) [534178]
- [net] ipv4: fix possible invalid memory access (Prarit Bhargava) [541213]
- [x86] support AMD L3 cache index disable (Bhavna Sarathy) [517586]
- [scsi] add emc clariion support to scsi_dh modules (Mike Christie) [437107]
- [infiniband] fix iser sg aligment handling (Mike Christie) [540686]
- [scsi] qla2xxx: CT passthrough and link data rate fixes (Marcus Barrow) [543057]
- [scsi] qla2xxx: update to 8.03.01.04.05.05-k (Marcus Barrow) [542834]
- [net] s2io: update driver to current upstream version (Michal Schmidt) [513942]
- [ia64] export cpu_core_map (like i386 and x86_64) (Michal Schmidt) [448856]
- [net] sfc: additional fixes for rhel5.5 (Michal Schmidt) [448856]
- [redhat] configs: enable building of the sfc driver (Michal Schmidt) [448856]
- [net] sfc: add the sfc (Solarflare) driver (Michal Schmidt) [448856]
- [net] vxge: driver update to 2.0.6 (Michal Schmidt) [453683]
- [scsi] ibmvscsi: upstream multipath enhancements for 5.5 (Kevin Monroe) [512203]

Mon Dec 14 23:00:00 2009 Don Zickus [2.6.18-181.el5]
- [vfs] DIO write returns -EIO on try_to_release_page fail (Jeff Moyer) [461100]
- [wireless] enable use of internal regulatory database (John Linville) [546712]
- [wireless] add wireless regulatory rules database (John Linville) [546712]
- [wireless] use internal regulatory database infrastructure (John Linville) [546712]
- [wireless] update old static regulatory domain rules (John Linville) [543723]
- [net] wireless: report reasonable bitrate for 802.11n (John Linville) [546281]
- [net] mac80211: report correct signal for non-dBm values (John Linville) [545899]
- [net] wireless: kill some warning spam (John Linville) [545121]
- [net] mac80211: avoid uninit ptr deref in ieee80211 (John Linville) [545121]
- [net] wireless: avoid deadlock when enabling rfkill (John Linville) [542593]
- [wireless] configuration changes for updates (John Linville) [456943 474328 514661 516859]
- [net] ath9k: backport driver from 2.6.32 (John Linville) [456943]
- [net] wireless: updates of mac80211 etc from 2.6.32 (John Linville) [474328 514661 516859]
- [net] wireless support updates from 2.6.32 (John Linville) [456943 474328 514661 516859]
- [net] bnx2: update to version 2.0.2 (John Feeney) [517377]
- [usb] support lexar expresscard (Pete Zaitcev) [511374]
- [net] cnic: update driver for RHEL5.5 (Stanislaw Gruszka) [517378]
- [net] bnx2x: update to 1.52.1-5 (Stanislaw Gruszka) [515716 522600]
- [net] bnx2x: add mdio support (Stanislaw Gruszka) [515716 522600]
- [net] bnx2x: add firmware version 5.2.7.0 (Stanislaw Gruszka) [515716 522600]
- [net] bnx2x: update to 1.52.1 (Stanislaw Gruszka) [515716 522600]
- [fs] make NR_OPEN tunable (Eric Sandeen) [507159]
- [net] mdio: add mdio module from upstream (Michal Schmidt) [448856]
- [net] ethtool: add more defines for mdio to use (Michal Schmidt) [448856]
- [pci] add and export pci_clear_master (Michal Schmidt) [448856]
- [mm] SRAT and NUMA fixes for span and/or is discontig mem (Larry Woodman) [474097]
- [fs] eventfd: remove fput call from possible IRQ context (Jeff Moyer) [493101]
- [fs] eventfd: kaio integration fix (Jeff Moyer) [493101]
- [fs] eventfd: sanitize anon_inode_getfd() (Jeff Moyer) [493101]
- [fs] eventfd: should #include (Jeff Moyer) [493101]
- [fs] eventfd: clean compile when CONFIG_EVENTFD=n (Jeff Moyer) [493101]
- [s390] wire up signald, timerfd and eventfd syscalls (Jeff Moyer) [493101]
- [fs] eventfd: use waitqueue lock (Jeff Moyer) [493101]
- [ppc] wire up eventfd syscalls (Jeff Moyer) [493101]
- [ia64] wire up {signal, timer, event}fd syscalls (Jeff Moyer) [493101]
- [fs] aio: KAIO eventfd support example (Jeff Moyer) [493101]
- [fs] eventfd: wire up x86 arches (Jeff Moyer) [493101]
- [fs] add eventfd core (Jeff Moyer) [493101]
- [net] r8169: update to latest upstream for rhel5.5 (Ivan Vecera) [540582]
- [net] benet: update driver to latest upstream for rhel5.5 (Ivan Vecera) [515269]
- [net] e1000e: update and fix WOL issues (Andy Gospodarek) [513706 513930 517593 531086]
- [net] e1000: update to latest upstream for rhel5.5 (Dean Nelson) [515524]
- [net] mlx4: update to recent version with SRIOV support (Doug Ledford) [503113 512162 520674 527499 529396 534158]
- [md] raid: deal with soft lockups during resync (Doug Ledford) [501075]
- [x86] amd: add node ID MSR support (Bhavna Sarathy) [530181]
- [net] ipv4: fix an unexpectedly freed skb in tcp (Amerigo Wang) [546402]

Fri Dec 11 23:00:00 2009 Don Zickus [2.6.18-180.el5]
- [fs] ext4: fix insufficient checks in EXT4_IOC_MOVE_EXT (Eric Sandeen) [546105] {CVE-2009-4131}
- [fs] fix possible inode corruption on unlock (Eric Sandeen) [545612]
- [fs] xfs: fix fallocate error return sign (Eric Sandeen) [544349]
- [net] bnx2: fix frags index (Flavio Leitner) [546326]
- [pci] implement public pci_ioremap_bar function (Prarit Bhargava) [546244]
- [trace] add coredump tracepoint (Masami Hiramatsu) [517115]
- [trace] add signal tracepoints (Masami Hiramatsu) [517121]
- [trace] add itimer tracepoints (Jason Baron) [534178]
- [gfs2] make O_APPEND behave as expected (Steven Whitehouse) [544342]
- [gfs2] fix rename locking issue (Steven Whitehouse) [538484]
- [usb] add quirk for iso on amd sb800 (Pete Zaitcev) [537433]
- [mm] add kernel pagefault tracepoint for x86 & x86_64 (Larry Woodman) [517133]
- [ia64] dma_get_required_mask altix workaround (George Beshers) [517192]
- [misc] sysctl: require CAP_SYS_RAWIO to set mmap_min_addr (Amerigo Wang) [534018]
- [pci] intel-iommu: no pagetable validate in passthru mode (Don Dutile) [518103]
- [pci] intel-iommu: set dmar_disabled when DMAR at zero (Don Dutile) [516811 518103]
- [pci] dmar: rhsa entry decode (Don Dutile) [516811 518103]
- [pci] intel-iommu: add hot (un)plug support (Don Dutile) [516811 518103]
- [pci] inte-iommu: alloc_coherent obey coherent_dma_mask (Don Dutile) [516811 518103]
- [pci] dmar: check for DMAR at zero BIOS error earlier (Don Dutile) [516811 518103]
- [pci] intel-iommu: fix for isoch dmar w/no tlb space (Don Dutile) [516811 518103]
- [pci] intel-iommu: add 2.6.32-rc4 sw and hw pass-through (Don Dutile) [516811 518103]
- [pci] intel-iommu: IOTLB flushing mods & ATSR support (Don Dutile) [516811 518103]
- [aio] implement request batching (Jeff Moyer) [532769]
- [net] netxen: further p3 updates for rhel5.5 (Marcus Barrow) [542746]
- [net] netxen: driver updates from 2.6.32 (Marcus Barrow) [516833]
- [net] netxen: driver updates from 2.6.31 (Marcus Barrow) [516833]
- [xen] passthrough msi-x mask bit acceleration (Don Dugger) [537734]
- [xen] change interface of hvm_mmio_access (Don Dugger) [537734]
- [xen] fix msi-x table fixmap allocation (Don Dugger) [537734]
- [xen] fix w/sata set to ide combined mode on amd (Bhavna Sarathy) [544021]
- [xen] domU irq ratelimiting (Don Dugger) [524747]

Thu Dec 10 23:00:00 2009 Don Zickus [2.6.18-179.el5]
- [scsi] st: display current settings of option bits (Tom Coughlan) [501030]
- [pci] AER: prevent errors being reported multiple times (Prarit Bhargava) [544923]
- [cifs] NULL out pointers when chasing DFS referrals (Jeff Layton) [544417]
- [fbfront] xenfb: don\'t recreate thread on every restore (Christopher Lalancette) [541325]
- [net] igb: update igb driver to support barton hills (Stefan Assmann) [513710]
- [fs] hfs: fix a potential buffer overflow (Amerigo Wang) [540741] {CVE-2009-4020}
- [fuse] prevent fuse_put_request on invalid pointer (Danny Feng) [538737] {CVE-2009-4021}
- [scsi] lpfc: update version from 8.2.0.58 to 8.2.0.59 (Rob Evers) [529244]
- [scsi] lpfc: update version from 8.2.0.55 to 8.2.0.58 (Rob Evers) [516541 529244]
- [scsi] lpfc: update version from 8.2.0.52 to 8.2.0.55 (Rob Evers) [529244]
- [scsi] pmcraid: minor driver update for rhel5.5 (Rob Evers) [529979]
- [scsi] add pmcraid driver (Rob Evers) [529979]
- [scsi] bfa: brocade bfa fibre-channel/fcoe driver (Rob Evers) [475695]
- [md] support origin size < chunk size (Mikulas Patocka) [502965]
- [md] lock snapshot while reading status (Mikulas Patocka) [543307]
- [md] fix deadlock in device mapper multipath (Mikulas Patocka) [543270]
- [md] raid5: mark cancelled readahead bios with -EIO (Eric Sandeen) [512552]
- [fs] ext2: convert to new aops (Josef Bacik) [513136]
- [fs] jbd: fix race in slab creation/deletion (Josef Bacik) [496847]
- [net] enic: update to upstream version 1.1.0.100 (Andy Gospodarek) [519086]
- [scsi] megaraid: make driver legacy I/O port free (Tomas Henzl) [515863]
- [scsi] megaraid: upgrade to version 4.17-RH1 (Tomas Henzl) [518243]
- [net] ipvs: synchronize closing of connections (Danny Feng) [492942]
- [fs] dlm: fix connection close handling (David Teigland) [521093]
- [hwmon] add support for syleus chip to fschmd driver (Dean Nelson) [513101]
- [s390] dasd: fix DIAG access for read-only devices (Hendrik Brueckner) [537859]
- [acpi] backport support for ACPI 4.0 power metering (Matthew Garrett) [514923]
- [scsi] mpt2sas: use selected regions (Tomas Henzl) [516702]
- [scsi] mpt2sas: upgrade to 01.101.06.00 (Tomas Henzl) [516702]
- [block] blktrace: only tear down our own debug/block (Eric Sandeen) [498489]
- Revert: [scsi] fix inconsistent usage of max_lun (David Milburn) [531488]

Wed Dec 9 23:00:00 2009 Don Zickus [2.6.18-178.el5]
- [x86] fix stale data in shared_cpu_map cpumasks (Prarit Bhargava) [541953]
- [mm] call vfs_check_frozen after unlocking the spinlock (Amerigo Wang) [541956]
- [md] fix data corruption with different chunksizes (Mikulas Patocka) [210490]
- [md] fix snapshot crash on invalidation (Mikulas Patocka) [461506]
- [net] cxgb3: fix port index issue (Doug Ledford) [516948]
- [net] cxgb3: correct hex/decimal error (Doug Ledford) [516948]
- [net] mlx4_en: add a pci id table (Doug Ledford) [508770]
- [infiniband] null out skb pointers on error (Doug Ledford) [531784]
- [infiniband] init neigh->dgid.raw on bonding events (Doug Ledford) [538067]
- [nfs] add an nfsiod workqueue (Ian Kent) [489931]
- [nfs] nfsiod: ensure the asynchronous RPC calls complete (Ian Kent) [489931]
- [nfs] sunrpc: allow rpc_release() CB run on another workq (Ian Kent) [489931]
- [nfs] fix a deadlock with lazy umount -2 (Ian Kent) [489931]
- [nfs] fix a deadlock with lazy umount (Ian Kent) [489931]
- [fs] ext3/4: free journal buffers (Eric Sandeen) [506217]
- [net] resolve issues with vlan creation and filtering (Andy Gospodarek) [521345]
- [scsi] stex: update driver for RHEL-5.5 (David Milburn) [516881]
- [scsi] be2iscsi: add driver to generic config (Mike Christie) [515284]
- [scsi] add be2iscsi driver (Mike Christie) [515284]
- [fs] ext4: update to 2.6.32 codebase (Eric Sandeen) [528054]
- [scsi] disable state transition from OFFLINE to RUNNING (Takahiro Yasui) [516934]
- [scsi] fusion: update mpt driver to 3.4.13rh (Tomas Henzl) [516710]
- [net] gro: fix illegal merging of trailer trash (Herbert Xu) [537876]

Thu Dec 3 23:00:00 2009 Don Zickus [2.6.18-177.el5]
- [scsi] gdth: prevent negative offsets in ioctl (Amerigo Wang) [539421] {CVE-2009-3080}
- [net] ixgbe: add and enable CONFIG_IXGBE_DCA (Andy Gospodarek) [514306]
- [net] ixgbe: update to upstream version 2.0.44-k2 (Andy Gospodarek) [513707 514306 516699]
- [cifs] duplicate data on appending to some samba servers (Jeff Layton) [500838]
- [s390] kernel: fix single stepping on svc0 (Hendrik Brueckner) [540527]
- [fs] gfs2: fix glock ref count issues (Steven Whitehouse) [539240]
- [vbd] xen: fix crash after ballooning (Christopher Lalancette) [540811]
- [block] cfq-iosched: get rid of cfqq hash (Jeff Moyer) [427709 448130 456181]
- [scsi] devinfo update for hitachi entries for RHEL5.5 (Takahiro Yasui) [430631]
- [net] call cond_resched in rt_run_flush (Amerigo Wang) [517588]
- [cifs] update cifs version number (Jeff Layton) [500838]
- [cifs] avoid invalid kfree in cifs_get_tcp_session (Jeff Layton) [500838]
- [cifs] fix broken mounts when a SSH tunnel is used (Jeff Layton) [500838]
- [cifs] fix memory leak in ntlmv2 hash calculation (Jeff Layton) [500838]
- [cifs] fix potential NULL deref in parse_DFS_referrals (Jeff Layton) [500838]
- [cifs] fix read buffer overflow (Jeff Layton) [500838]
- [cifs] free nativeFileSystem before allocating new one (Jeff Layton) [500838]
- [cifs] add addr= mount option alias for ip= (Jeff Layton) [500838]
- [cifs] copy struct *after* setting port, not before (Jeff Layton) [500838]
- [cifs] fix artificial limit on reading symlinks (Jeff Layton) [500838]
- [scsi] megaraid: fix sas permissions in sysfs (Casey Dahlin) [537313] {CVE-2009-3889 CVE-2009-3939}
- [cpufreq] avoid playing with cpus_allowed in powernow-k8 (Alex Chiang) [523505]
- [cpufreq] change cpu freq arrays to per_cpu variables (Alex Chiang) [523505]
- [cpufreq] powernow-k8: get drv data for correct cpu (Alex Chiang) [523505]
- [cpufreq] x86: change NR_CPUS arrays in powernow-k8 (Alex Chiang) [523505]
- [cifs] fix error handling in mount-time dfs referral code (Jeff Layton) [513410]
- [cifs] add loop check when mounting dfs tree (Jeff Layton) [513410]
- [cifs] fix some build warnings (Jeff Layton) [513410]
- [cifs] fix build when dfs support not enabled (Jeff Layton) [513410]
- [cifs] remote dfs root support (Jeff Layton) [513410]
- [cifs] enable dfs submounts to handle remote referrals (Jeff Layton) [513410]
- [edac] i3200_edac: backport driver to RHEL 5.5 (Mauro Carvalho Chehab) [469976]
- [edac] add upstream i3200_edac driver (Mauro Carvalho Chehab) [469976]
- [cifs] no CIFSGetSrvInodeNumber in is_path_accessible (Jeff Layton) [529431]
- [block] blktrace: correctly record block to and from devs (Jason Baron) [515551]
- [sched] enable CONFIG_DETECT_HUNG_TASK support (Amerigo Wang) [506059]
- [xen] fix SRAT check for discontiguous memory (Christopher Lalancette) [519225]
- [xen] implement fully preemptible page table teardown (Christopher Lalancette) [510037]

Tue Dec 1 23:00:00 2009 Don Zickus [2.6.18-176.el5]
- [xen] mask extended topo cpuid feature (Andrew Jones ) [533292]
- [fs] pipe.c null pointer dereference (Jeff Moyer ) [530939] {CVE-2009-3547}
- [xen] cd-rom drive does not recognize new media (Miroslav Rezanina ) [221676]
- [nfs] fix stale nfs_fattr passed to nfs_readdir_lookup (Harshula Jayasuriya ) [531016]
- [spec] s390: enable kernel module signing (Don Zickus ) [483665]
- [nfs] bring nfs4acl into line with mainline code (Jeff Layton ) [479870 530575]
- [ia64] kdump: restore registers in the stack on init (Takao Indoh ) [515753]
- [nfs] nfsd4: do exact check of attribute specified (Jeff Layton ) [512361]
- [net] igb: add support for 82576ns serdes adapter (Stefan Assmann ) [517063]
- [s390] zfcp_scsi: dynamic queue depth adjustment param (Pete Zaitcev ) [508355]
- [scsi] fix inconsistent usage of max lun (David Milburn ) [531488]
- [ipmi] fix ipmi_si modprobe hang (Tony Camuso ) [507402]
- [x86] kvm: don\'t ask HV for tsc khz if not using kvmclock (Glauber Costa ) [531268]
- [net] qlge: updates and fixes for RHEL-5.5 (Marcus Barrow ) [519453]
- [net] igb: fix kexec with igb controller (Stefan Assmann ) [527424]
- [net] qlge: fix crash with kvm guest device passthru (Marcus Barrow ) [507689]
- [misc] hpilo: add polling mechanism (Tony Camuso ) [515010]
- [misc] hpilo: add interrupt handler (Tony Camuso ) [515010]
- [misc] hpilo: staging for interrupt handling (Tony Camuso ) [515010]
- [edac] amd64_edac: enable driver in kernel config (Bhavna Sarathy ) [479070]
- [edac] amd64_edac: remove early hardware probe (Bhavna Sarathy ) [479070]
- [edac] amd64_edac: detect ddr3 support (Bhavna Sarathy ) [479070]
- [edac] amd64_edac: add ddr3 support (Bhavna Sarathy ) [479070]
- [edac] add amd64_edac driver (Bhavna Sarathy ) [479070]
- [net] igb: set vf rlpml must take vlan tag into account (Don Dugger ) [515602]
- [misc] hibernate: increase timeout (Matthew Garrett ) [507331]
- [nfs] make sure dprintk() macro works everywhere (Jeff Layton ) [532701]
- [acpi] include core wmi support and dell-wmi driver (Matthew Garrett ) [516623]
- [powerpc] fix to handle SLB resize during migration (Kevin Monroe ) [524112]
- [mm] oom killer output should display UID (Larry Woodman ) [520419]
- [net] fix race in data receive/select (Amerigo Wang ) [509866]
- [net] augment raw_send_hdrinc to validate ihl in user hdr (Neil Horman ) [500924]
- [i2c] include support for Hudson-2 SMBus controller (Stanislaw Gruszka ) [515125]
- [net] bonding: introduce primary_reselect option (Jiri Pirko ) [471532]
- [net] bonding: ab_arp use std active slave select code (Jiri Pirko ) [471532]
- [net] use netlink notifications to track neighbour states (Danny Feng ) [516589]
- [net] introduce generic function _neigh_notify (Danny Feng ) [516589]
- [fs] skip inodes w/o pages to free in drop_pagecache_sb (Larry Woodman ) [528070]

Fri Nov 20 23:00:00 2009 Don Zickus [2.6.18-175.el5]
- [net] bnx2x: add support for bcm8727 phy (Stanislaw Gruszka ) [515716]
- [net] sched: fix panic in bnx2_poll_work (John Feeney ) [526481]
- [acpi] prevent duplicate dirs in /proc/acpi/processor (Matthew Garrett ) [537395]
- [mm] conditional flush in flush_all_zero_pkmaps (Eric Sandeen ) [484683]
- [fs] ecryptfs: copy lower attrs before dentry instantiate (Eric Sandeen ) [489774]
- [ppc] fix compile warnings in eeh code (Prarit Bhargava ) [538407]
- [md] multiple device failure renders dm-raid1 unfixable (Jonathan E Brassow ) [498532]
- [scsi] ibmvscsi: FCoCEE NPIV support (Steve Best ) [512192]
- [fs] gfs2: fix potential race in glock code (Steven Whitehouse ) [498976]
- [kvm] balloon driver for guests (Peter Bogdanovic ) [522629]
- [sctp] assign tsns earlier to avoid reordering (Neil Horman ) [517504]
- [x86] fix boot crash with < 8-core AMD Magny-cours system (Bhavna Sarathy) [522215]
- [x86] support amd magny-cours power-aware scheduler fix (Bhavna Sarathy ) [513685]
- [x86] cpu: upstream cache fixes needed for amd m-c (Bhavna Sarathy ) [526315]
- [x86_64] set proc id and core id before calling fixup_dcm (Bhavna Sarathy) [526315]
- [x86] disable NMI watchdog on CPU remove (Prarit Bhargava ) [532514]
- [nfsd] don\'t allow setting ctime over v4 (Jeff Layton ) [497909]
- [acpi] bm_check and bm_control update (Luming Yu ) [509422]
- [x86_64] amd: iommu system management erratum 63 fix (Bhavna Sarathy ) [531469]
- [net] bnx2i/cnic: update driver version for RHEL5.5 (Mike Christie ) [516233]
- [x86] fix L1 cache by adding missing break (Bhavna Sarathy ) [526770]
- [x86] amd: fix hot plug cpu issue on 32-bit magny-cours (Bhavna Sarathy ) [526770]
- [acpi] disable ARB_DISABLE on platforms where not needed (Luming Yu ) [509422]
- [s390] do not annotate cmdline as _initdata (Hendrik Brueckner ) [506898]
- [x86_64] fix 32-bit process register leak (Amerigo Wang ) [526798]
- [misc] don\'t call printk while crashing (Mauro Carvalho Chehab ) [497195]
- [x86] mce_amd: fix up threshold_bank4 creation (Bhavna Sarathy ) [526315]
- [pci] fix SR-IOV function dependency link problem (Don Dugger ) [503837]
- [xen] fix numa on magny-cours systems (Bhavna Sarathy ) [526051]
- [xen] add two HP ProLiant DMI quirks to the hypervisor (Paolo Bonzini ) [536677]
- [xen] hook sched rebalance logic to opt_hardvirt (Christopher Lalancette ) [529271]
- [xen] crank the correct stat in the scheduler (Christopher Lalancette ) [529271]
- [xen] whitespace fixups in xen scheduler (Christopher Lalancette ) [529271]
- [xen] fix crash with memory imbalance (Bhavna Sarathy ) [526785]

Mon Nov 16 23:00:00 2009 Don Zickus [2.6.18-174.el5]
- [fs] private dentry list to avoid dcache_lock contention (Lachlan McIlroy ) [526612]
- [gfs2] drop rindex glock on grows (Benjamin Marzinski ) [482756]
- [acpi] run events on cpu 0 (Matthew Garrett ) [485016]
- [cpufreq] add option to avoid smi while calibrating (Matthew Garrett ) [513649]
- [acpi] support physical cpu hotplug on x86_64 (Stefan Assmann ) [516999]
- [scsi] qla2xxx: enable msi-x correctly on qlogic 2xxx series (Marcus Barrow ) [531593]
- [apic] fix server c1e spurious lapic timer events (Bhavna Sarathy ) [519422]
- [pci] aer: fix ppc64 compile - no msi support (Prarit Bhargava ) [514442 517093]
- [pci] aer: config changes to enable aer support (Prarit Bhargava ) [514442 517093]
- [pci] aer: fix NULL pointer in aer injection code (Prarit Bhargava ) [514442 517093]
- [pci] aer: add domain support to aer_inject (Prarit Bhargava ) [514442 517093]
- [pci] aer: backport acpi osc functions (Prarit Bhargava ) [517093]
- [pci] aer: pcie support and compile fixes (Prarit Bhargava ) [517093]
- [pci] aer: changes required to compile in RHEL5 (Prarit Bhargava ) [514442 517093]
- [pci] aer: base aer driver support (Prarit Bhargava ) [514442 517093]
- [kvm] use upstream kvm_get_tsc_khz (Glauber Costa ) [531025]
- [cifs] turn oplock breaks into a workqueue job (Jeff Layton ) [531005]
- [cifs] fix oplock request handling in posix codepath (Jeff Layton ) [531005]
- [cifs] have cifsFileInfo hold an extra inode reference (Jeff Layton ) [531005]
- [cifs] take GlobalSMBSes_lock as read-only (Jeff Layton ) [531005]
- [cifs] remove cifsInodeInfo.oplockPending flag (Jeff Layton ) [531005]
- [cifs] replace wrtPending with a real reference count (Jeff Layton ) [531005]
- [cifs] clean up set_cifs_acl interfaces (Jeff Layton ) [531005]
- [cifs] reorganize get_cifs_acl (Jeff Layton ) [531005]
- [cifs] protect GlobalOplock_Q with its own spinlock (Jeff Layton ) [531005]
- [scsi] qla2xxx: updates and fixes for RHEL-5.5 (Marcus Barrow ) [519447]
- [net] vlan: silence multicast debug messages (Danny Feng ) [461442]
- [fs] fix inode_table test in ext{2,3}_check_descriptors (Eric Sandeen ) [504797]
- [net] netlink: fix typo in initialization (Jiri Pirko ) [527906]
- [mm] prevent tmpfs from going readonly during oom kills (Larry Woodman ) [497257]
- [x86] set cpu_llc_id on AMD CPUs (Bhavna Sarathy ) [513684]
- [x86] fix up threshold_bank4 support on AMD Magny-cours (Bhavna Sarathy ) [513684]
- [x86] fix up L3 cache information for AMD Magny-cours (Bhavna Sarathy ) [513684]
- [x86] amd: fix CPU llc_shared_map information (Bhavna Sarathy ) [513684]
- [fs] trim instantiated file blocks on write errors (Eric Sandeen ) [515529]
- [s390] optimize storage key operations for anon pages (Hans-Joachim Picht ) [519977]
- [net] cxgb3: bug fixes from latest upstream version (Doug Ledford ) [510818]
- [misc] saner FASYNC handling on file close (Paolo Bonzini ) [510746]
- [wireless] mac80211: fix reported wireless extensions version (John Linville ) [513430]
- [mm] don\'t oomkill when hugepage alloc fails on node (Larry Woodman ) [498510]
- [xen] iommu-amd: extend loop ctr for polling completion wait (Bhavna Sarathy ) [518474 526766]
- [xen] iommu: add passthrough and no-intremap parameters (Bhavna Sarathy ) [518474 526766]
- [xen] iommu: enable amd iommu debug at run-time (Bhavna Sarathy ) [518474 526766]
- [xen] support interrupt remapping on M-C (Bhavna Sarathy ) [518474 526766]
- [xen] iommu: move iommu_setup() to setup ioapic correctly (Bhavna Sarathy ) [518474 526766]

Mon Nov 9 23:00:00 2009 Don Zickus [2.6.18-173.el5]
- [acpi] thinkpad_acpi: disable ecnvram brightness on some (Matthew Garrett ) [522745]
- [block] cfq-iosched: don\'t delay queue kick for merged req (Jeff Moyer ) [456181 448130 427709]
- [block] cfq-iosched: fix idling interfering with plugging (Jeff Moyer ) [456181 448130 427709]
- [block] cfq: separate merged cfqqs if they stop cooperating (Jeff Moyer ) [456181 448130 427709]
- [block] cfq: change the meaning of the cfqq_coop flag (Jeff Moyer ) [456181 448130 427709]
- [block] cfq: merge cooperating cfq_queues (Jeff Moyer ) [456181 448130 427709]
- [block] cfq: calc seek_mean per cfq_queue not per cfq_io_context (Jeff Moyer ) [456181 448130 427709]
- [block] cfq-iosched: cache prio_tree root in cfqq->p_root (Jeff Moyer ) [456181 448130 427709]
- [block] cfq-iosched: fix aliased req & cooperation detect (Jeff Moyer ) [456181 448130 427709]
- [block] cfq-iosched: default seek when not enough samples (Jeff Moyer ) [456181 448130 427709]
- [block] cfq-iosched: make seek_mean converge more quick (Jeff Moyer ) [456181 448130 427709]
- [block] cfq-iosched: add close cooperator code (Jeff Moyer ) [456181 448130 427709]
- [block] cfq-iosched: development update (Jeff Moyer ) [456181 448130 427709]
- [gfs2] careful unlinking inodes (Steven Whitehouse ) [519049]
- [scsi] arcmsr: add missing parameter (Tomas Henzl ) [521203]
- [nfs] v4: fix setting lock on open file with no state (Jeff Layton ) [533115] {CVE-2009-3726}
- [misc] futex priority based wakeup (Jon Thomas ) [531552]
- [dlm] use GFP_NOFS on all lockspaces (David Teigland ) [530537]
- [gfs2] improve statfs and quota usability (Benjamin Marzinski ) [529796]
- [net] forcedeth: let phy power down when IF is down (Ivan Vecera ) [513692]
- [drm] r128: check for init on all ioctls that require it (Danny Feng ) [529603] {CVE-2009-3620}
- [scsi] htpiop: RocketRAID driver update v1.0 -> v1.6 (Rob Evers ) [519076]
- [ipmi] add HP message handling (Tony Camuso ) [507402]
- [mm] prevent hangs/long pauses when zone_reclaim_mode=1 (Larry Woodman ) [507360]
- [s390] ipl: vmhalt, vmpanic, vmpoff, vmreboot don\'t work (Hans-Joachim Picht ) [518229]
- [nfs] bring putpubfh handling inline with upstream (Wade Mealing ) [515405]

Mon Nov 2 23:00:00 2009 Don Zickus [2.6.18-172.el5]
- [fs] dio: don\'t zero out pages array inside struct dio (Jeff Moyer ) [488161]
- [cifs] libfs: sb->s_maxbytes casts to a signed value (Jeff Layton ) [486092]
- [serial] power7: support the single-port serial device (Kevin Monroe ) [525812]
- [kABI] add pci_{enable,disable}_msi{,x} (Jon Masters ) [521081]
- [scsi] mpt: errata 28 fix on LSI53C1030 (Tomas Henzl ) [518689]
- [scsi] panic at .ipr_sata_reset after device reset (Kevin Monroe ) [528175]
- [scsi] lpfc: update to 8.2.0.52 FC/FCoE (Rob Evers ) [515272]
- [x86] add ability to access Nehalem uncore config space (John Villalovos ) [504330]
- [net] sunrpc: remove flush_workqueue from xs_connect (Jeff Layton ) [495059]
- [xen] ia64: command-line arg to increase the heap size (Paolo Bonzini ) [521865]

Mon Oct 26 23:00:00 2009 Don Zickus [2.6.18-171.el5]
- [security] require root for mmap_min_addr (Eric Paris ) [518143] {CVE-2009-2695}
- [ata] ahci: add AMD SB900 controller device IDs (David Milburn ) [515114]
- [net] lvs: adjust sync protocol handling for ipvsadm -2 (Neil Horman ) [524129]
- Revert: [net] lvs: fix sync protocol handling for timeout values (Neil Horman ) [524129]
- [net] AF_UNIX: deadlock on connecting to shutdown socket (Jiri Pirko ) [529631] {CVE-2009-3621}
- [fs] inotify: remove debug code (Danny Feng ) [499019]
- [fs] inotify: fix race (Danny Feng ) [499019]

Wed Oct 21 00:00:00 2009 Don Zickus [2.6.18-170.el5]
- [net] lvs: fix sync protocol handling for timeout values (Neil Horman ) [524129]
- [net] igb: return PCI_ERS_RESULT_DISCONNECT on failure (Dean Nelson ) [514250]
- [net] e100: return PCI_ERS_RESULT_DISCONNECT on failure (Dean Nelson ) [514250]
- [nfs] knfsd: query fs for v4 getattr of FATTR4_MAXNAME (Jeff Layton ) [469689]
- [block] blkfront: respect elevator=xyz cmd line option (Paolo Bonzini ) [498461]
- [firewire] fw-ohci: fix IOMMU resource exhaustion (Jay Fenlason ) [513827]
- [scsi] cciss: ignore stale commands after reboot (Tomas Henzl ) [525440]
- [scsi] cciss: version change (Tomas Henzl ) [525440]
- [scsi] cciss: switch to using hlist (Tomas Henzl ) [525440]
- [x86] support always running Local APIC (John Villalovos ) [496306]
- [x86_64] fix hugepage memory tracking (Jim Paradis ) [518671]
- [net] bnx2: apply BROKEN_STATS workaround to 5706/5708 (Flavio Leitner ) [527748]
- [pci] pci_dev->is_enabled must be set (Prarit Bhargava ) [527496]
- [audit] dereferencing krule as if it were an audit_watch (Alexander Viro ) [526819]
- [mm] fix spinlock performance issue on large systems (John Villalovos ) [526078]
- [misc] hotplug: add CPU_DYING notifier (Eduardo Habkost ) [510814]
- [misc] hotplug: use cpuset hotplug callback to CPU_DYING (Eduardo Habkost ) [510814]
- [misc] define CPU_DYING and CPU_DYING_FROZEN (Eduardo Habkost ) [510814]
- [misc] hotplug: adapt thermal throttle to CPU_DYING (Eduardo Habkost ) [510814]
- [fs] file truncations when both suid and write perms set (Amerigo Wang ) [486975]
- [x86] finish sysdata conversion (Danny Feng ) [519633]
- [misc] pipe: fix fd leaks (Amerigo Wang ) [509625]
- [x86_64] PCI space below 4GB forces mem remap above 1TB (Larry Woodman ) [523522]
- [pci] pciehp: fix PCIe hotplug slot detection (Michal Schmidt ) [521731]
- [net] syncookies: support for TCP options via timestamps (jolsaAATTredhat.com ) [509062]
- [net] tcp: add IPv6 support to TCP SYN cookies (jolsaAATTredhat.com ) [509062]
- [xen] blkfront: check for out-of-bounds array accesses (Paolo Bonzini ) [517238]
- [xen] fix timeout with PV guest and physical CDROM (Paolo Bonzini ) [506899]
- [net] e1000e: return PCI_ERS_RESULT_DISCONNECT on fail (Dean Nelson ) [508387]
- [x86_64] vsmp: fix bit-wise operator and compile issue (Prarit Bhargava ) [515408]
- [net] e100: add support for 82552 (Dean Nelson ) [475610]
- [net] netfilter: honour source routing for LVS-NAT (Jiri Pirko ) [491010]
- [misc] hwmon: update to latest upstream for RHEL-5.5 (Prarit Bhargava ) [467994 250561 446061]
- [xen] panic in msi_msg_read_remap_rte with acpi=off (Miroslav Rezanina ) [525467]
- [xen] mask out xsave for hvm guests (Andrew Jones ) [524052]
- [xen] allow booting with broken serial hardware (Chris Lalancette ) [518338]
- [xen] mask out more CPUID bits for PV guests (Chris Lalancette ) [502826]
- [xen] x86: fix wrong asm (Paolo Bonzini ) [510686]
- [xen] always inline memcmp (Paolo Bonzini) [510686]
- [xen] i386: handle x87 opcodes in TLS segment fixup (Paolo Bonzini ) [510225]

Tue Oct 13 00:00:00 2009 Don Zickus [2.6.18-169.el5]
- [scsi] export symbol scsilun_to_int (Tomas Henzl ) [528153]
- [fs] eCryptfs: prevent lower dentry from going negative (Eric Sandeen ) [527835] {CVE-2009-2908}
- [nfs] v4: reclaimer thread stuck in an infinite loop (Sachin S. Prabhu ) [526888]
- [scsi] scsi_dh_rdac: changes for rdac debug logging (Rob Evers ) [524335]
- [scsi] scsi_dh_rdac: collect rdac debug info during init (Rob Evers ) [524335]
- [scsi] scsi_dh_rdac: move init code around (Rob Evers ) [524335]
- [scsi] scsi_dh_rdac: return correct mode select cmd info (Rob Evers ) [524335]
- [scsi] scsi_dh_rdac: add support for Dell PV array (Rob Evers ) [524335]
- [scsi] scsi_dh_rdac: add support for SUN devices (Rob Evers ) [524335]
- [scsi] scsi_dh_rdac: support ST2500, ST2510 and ST2530 (Rob Evers ) [524335]
- [s390] cio: boot through XAUTOLOG with conmode 3270 (Hans-Joachim Picht ) [508934]
- [x86] add smp_call_function_many/single functions (Prarit Bhargava ) [526043]
- [s390] iucv: fix output register in iucv_query_maxconn (Hans-Joachim Picht ) [524251]
- [s390] set preferred s390 console based on conmode (Hans-Joachim Picht ) [520461]
- [s390] dasd: add large volume support (Hans-Joachim Picht ) [511972]
- [s390] dasd: fail requests when dev state is not ready (Hans-Joachim Picht ) [523219]
- [s390] cio: failing set online/offline processing (Hans-Joachim Picht ) [523323]
- [x86] oprofile: support arch perfmon (John Villalovos ) [523479]
- [x86] oprofile: fix K8/core2 on multiple cpus (John Villalovos ) [523479]
- [x86] oprofile: utilize perf counter reservation (John Villalovos ) [523479]
- [gfs2] genesis stuck writing to unlinked file (Abhijith Das ) [505331]
- [net] r8169: avoid losing MSI interrupts (Ivan Vecera ) [514589]
- [s390] cio: set correct number of internal I/O retries (Hans-Joachim Picht ) [519814]
- [net] e1000: return PCI_ERS_RESULT_DISCONNECT on fail (Dean Nelson ) [508389]
- [net] ixgbe: return PCI_ERS_RESULT_DISCONNECT on fail (Dean Nelson ) [508388]
- [crypto] s390: enable ansi_cprng config option (Jarod Wilson ) [504667]
- [s390] dasd: dev attr to disable blocking on lost paths (Hans-Joachim Picht ) [503222]
- [s390] qeth: handle VSwitch Port Isolation error codes (Hans-Joachim Picht ) [503232]
- [s390] qeth: improve no_checksumming handling for layer3 (Hans-Joachim Picht ) [503238]
- [gfs2] smbd proccess hangs with flock call (Abhijith Das ) [502531]
- [input] psmouse: reenable mouse on shutdown (Prarit Bhargava ) [501025]
- [xen] x86: make NMI detection work (Miroslav Rezanina ) [494120]

Tue Oct 6 00:00:00 2009 Don Zickus [2.6.18-168.el5]
- [gfs2] mount option: -o errors=withdraw|panic (Bob Peterson ) [518106]
- [net] bonding: set primary param via sysfs (Jiri Pirko ) [499884]
- [scsi] fusion: re-enable mpt_msi_enable option (Tomas Henzl ) [520820]
- [x86] xen: add \'ida\' flag (Prarit Bhargava ) [522846]
- [net] ipt_recent: sanity check hit count (Amerigo Wang ) [523982]
- [acpi] fix syntax in ACPI debug statement (Stefan Assmann ) [524787]
- [s390] AF_IUCV SOCK_SEQPACKET support (Hans-Joachim Picht ) [512006]
- [x86] fix nosmp option (Prarit Bhargava ) [509581]
- [nfs] nfsd4: idmap upcalls should use unsigned uid/gid (Jeff Layton ) [519184]
- [ia64] fix ppoll and pselect syscalls (Prarit Bhargava ) [520867]
- [net] ipv4: ip_append_data handle NULL routing table (Jiri Pirko ) [520297]
- [net] fix drop monitor to not panic on null dev (Neil Horman ) [523279]
- [gfs2] gfs2_delete_inode failing on RO filesystem (Abhijith Das ) [501359]
- [nfs] statfs error-handling fix (Jeff Layton ) [519112]
- [pci] avoid disabling acpi to use non-core PCI devices (Mauro Carvalho Chehab ) [504330]
- [nfs] fix regression in nfs_open_revalidate (Jeff Layton ) [511278]
- [nfs] fix cache invalidation problems in nfs_readdir (Jeff Layton ) [511170]
- [fs] sanitize invalid partition table entries (Stefan Assmann ) [481658]
- [char] fix corrupted intel_rng kernel messages (Jerome Marchand ) [477778]
- [net] ipv6: do not fwd pkts with the unspecified saddr (Jiri Pirko ) [517899]
- [ata] ahci: add device ID for 82801JI sata controller (David Milburn ) [506200]
- [misc] support Intel multi-APIC-cluster systems (Prarit Bhargava ) [507333]
- [ext3] fix online resize bug (Josef Bacik ) [515759]
- [xen] netback: call netdev_features_changed (Herbert Xu ) [493092]
- [net] igbvf: recognize failure to set mac address (Stefan Assmann ) [512469]
- [misc] documentation: fix file-nr definition in fs.txt (Danny Feng ) [497200]
- [misc] cpufreq: don\'t set policy for offline cpus (Prarit Bhargava ) [511211]
- [net] sunrpc client: IF for binding to a local address (Jeff Layton ) [500653]
- [fs] nlm: track local address and bind to it for CBs (Jeff Layton ) [500653]
- [net] sunrpc: set rq_daddr in svc_rqst on socket recv (Jeff Layton ) [500653]
- [cpufreq] P-state limit: limit can never be increased (Stanislaw Gruszka ) [489566]
- [crypto] s390: permit weak keys unless REQ_WEAK_KEY set (Jarod Wilson ) [504667]
- [fs] procfs: fix fill all subdirs as DT_UNKNOWN (Danny Feng ) [509713]
- [block] ll_rw_blk: more flexable read_ahead_kb store (Danny Feng ) [510257]
- [audit] correct the record length of execve (Amerigo Wang ) [509134]
- [net] tcp: do not use TSO/GSO when there is urgent data (Danny Feng ) [502572]
- [net] vxge: new driver for Neterion 10Gb Ethernet (Michal Schmidt ) [453683]
- [net] vxge: Makefile, Kconfig and config additions (Michal Schmidt ) [453683]
- [pci] add PCI Express link status register definitions (Michal Schmidt ) [453683]
- [net] 8139too: RTNL and flush_scheduled_work deadlock (Jiri Pirko ) [487346]
- [x86] suspend-resume: work on large logical CPU systems (John Villalovos ) [499271]
- [gfs2] \'>>\' does not update ctime,mtime on the file (Abhijith Das ) [496716]
- [net] icmp: fix icmp_errors_use_inbound_ifaddr sysctl (Jiri Pirko ) [502822]
- [nfs] fix stripping SUID/SGID flags when chmod/chgrp dir (Peter Staubach ) [485099]
- [net] bonding: allow bond in mode balance-alb to work (Jiri Pirko ) [487763]
- [x86] fix mcp55 apic routing (Neil Horman ) [473404]
- [net] rtl8139: set mac address on running device (Jiri Pirko ) [502491]
- [net] tun: allow group ownership of TUN/TAP devices (Jiri Pirko ) [497955]
- [net] tcp: do not use TSO/GSO when there is urgent data (Jiri Olsa ) [497032]
- [misc] undefined reference to `_udivdi3\' (Amerigo Wang ) [499063]

Thu Oct 1 00:00:00 2009 Don Zickus [2.6.18-167.el5]
- [scsi] st.c: memory use after free after MTSETBLK ioctl (David Jeffery ) [520192]
- [nfs] knfsd: fix NFSv4 O_EXCL creates (Jeff Layton ) [524521] {CVE-2009-3286}
- [net] r8169: balance pci_map/unmap pair, use hw padding (Ivan Vecera ) [515857]
- [net] tc: fix unitialized kernel memory leak (Jiri Pirko ) [520863]
- [misc] kthreads: kthread_create vs kthread_stop() race (Oleg Nesterov ) [440273]
- [net] fix unbalance rtnl locking in rt_secret_reschedule (Neil Horman ) [510067]

Sun Sep 20 00:00:00 2009 Don Zickus [2.6.18-166.el5]
- [x86_64] kvm: bound last_kvm to prevent backwards time (Glauber Costa ) [524076]
- [x86] kvm: fix vsyscall going backwards (Glauber Costa ) [524076]
- [misc] fix RNG to not use first generated random block (Neil Horman ) [522860]
- [x86] kvm: mark kvmclock_init as cpuinit (Glauber Costa ) [523450]
- [x86_64] kvm: allow kvmclock to be overwritten (Glauber Costa ) [523447]
- [x86] kvmclock: fix bogus wallclock value (Glauber Costa ) [519771]
- [scsi] scsi_dh_rdace: add more sun hardware (mchristiAATTredhat.com ) [518496]
- [misc] cprng: fix cont test to be fips compliant (Neil Horman ) [523259]
- [net] bridge: fix LRO crash with tun (Andy Gospodarek ) [483646]
- Revert: [net] atalk/irda: memory leak to user in getname (Don Zickus ) [519310] {CVE-2009-3001 CVE-2009-3002}
- Revert: [x86_64] fix gettimeoday TSC overflow issue - 1 (Don Zickus ) [467942]

Fri Sep 4 00:00:00 2009 Don Zickus [2.6.18-165.el5]
- [net] sky2: revert some phy power refactoring changes (Neil Horman ) [509891]
- [net] atalk/irda: memory leak to user in getname (Danny Feng ) [519310] {CVE-2009-3001 CVE-2009-3002}
- [x86_64] fix gettimeoday TSC overflow issue - 1 (Prarit Bhargava ) [467942]
- [md] prevent crash when accessing suspend_* sysfs attr (Danny Feng ) [518136] {CVE-2009-2849}
- [nfs] nlm_lookup_host: don\'t return invalidated nlm_host (Sachin S. Prabhu ) [507549]
- [net] bonding: tlb/alb: set active slave when enslaving (Jiri Pirko ) [499884]
- [nfs] r/w I/O perf degraded by FLUSH_STABLE page flush (Peter Staubach ) [498433]
- [SELinux] allow preemption b/w transition perm checks (Eric Paris ) [516216]
- [scsi] scsi_transport_fc: fc_user_scan correction (David Milburn ) [515176]
- [net] tg3: refrain from touching MPS (John Feeney ) [516123]
- [net] qlge: fix hangs and read performance (Marcus Barrow ) [517893]
- [scsi] qla2xxx: allow use of MSI when MSI-X disabled (Marcus Barrow ) [517922]
- [net] mlx4_en fix for vlan traffic (Doug Ledford ) [514141]
- [net] mlx4_en device multi-function patch (Doug Ledford ) [500346]
- [net] mlx4_core: fails to load on large systems (Doug Ledford ) [514147]
- [x86] disable kvmclock by default (Glauber Costa ) [476075]
- [x86] disable kvmclock when shuting the machine down (Glauber Costa ) [476075]
- [x86] re-register clock area in prepare_boot_cpu (Glauber Costa ) [476075]
- [x86] kvmclock smp support (Glauber Costa ) [476075]
- [x86] use kvm wallclock (Glauber Costa ) [476075]
- [x86_64] kvm clocksource\'s implementation (Glauber Costa ) [476075]
- [x86] kvm: import kvmclock.c (Glauber Costa ) [476075]
- [x86] kvm: import pvclock.c and headers (Glauber Costa ) [476075]
- [x86] export additional cpu flags in /proc/cpuinfo (Prarit Bhargava ) [517928]
- [x86] detect APIC clock calibration problems (Prarit Bhargava ) [503957]
- [fs] cifs: new opts to disable overriding of ownership (Jeff Layton ) [515252]
- [x86] pnpacpi: fix serial ports on IBM Point-of-Sale HW (Kevin Monroe ) [506799]


コメントする

=>古記事
RSS購読
RSS
ブログ表示スタイル
リスト/携帯(QRコード)
画像/動画/音声/リンク
表示開始年月
分類
全て
1.このサイトについて
2.作品DB開発/運用
3.ホームページ制作技術
4.Perl
5.C言語 / C++
6.検索エンジン&SEO
7.サッカー
8.自分のこと
9Linux
10.旅行
11.思ったこと
12.パソコン
13.Berkeley DB
14.その他技術系
15.企画
16.スマートフォン
17.鑑賞
18.皆声.jpニュース
19.インターネット業界
20.運用マニュアル(自分用)
21.技術系以外実用書
22.料理
23.ALEXA
24.アニメ
25.会計
26.漫画
27.設計書
28.色々サイト作成
29.サーバー
30.自分専用
31.生活
32.OP/ED/PV
33.ゲーム
34.DB整備
35.新規開始作品紹介
36.英語圏の話題
37.大道芸
38.映画
39.PHP
40.ダイエット
41.Mac
42.JavaScript
43.MySQL
44.介護
45.作品DB作品追加作業
46.BI
47.Web API
48.パフォーマンス
49.インターネットの活用方法
50.Riak
51.Androidアプリ開発
52.Cassandra
53.スパム
54.写真
55.iOSアプリ開発
56.AWS
57.マーケティング
58.Web漫画
59.法律
60.mongodb
61.開発環境整備
62.Google Apps Script
63.meteor
64.Pentaho
65.Ansible
66.VPS
67.技術書メモ
68.Vagrant
69.Docker
70.dokuwiki
71.Apple Watch
72.Webサービス
73.セキュリティ
74.Elastic Search
75.Wordpress
76.クラウド
77.英語
78.MVNO
79.シンガポール
80.マレーシア
81.管理人さん
82.管理人さん
日記の主な内容
サイト運営/開発
検索エンジン情報
・技術ネタ(Berkeley DB,
Linux, Perl, サイト作成)等

サイト管理
全まとめ
サーバー管理
定期処理状況
開発予定
削除提案
作品追加依頼
OP/ED追加依頼
OP/ED not found
作品提案承認欄

格言 fromスクライド
この世の理は即ち速さ
20年かければ馬鹿でも
傑作小説を書ける

助けられたら助け返す
それが俺のルール

強くなるには
一番弱い考えをする事だ
そしてその考えに反逆する




右側に何か入れてみるテスト


仕事でのサイト
介護DB
Helpyou
Doctor career
Nurse career
上へ ↑上へ 最速検索作品DB皆声