Package: l7-filter-userspace
Version: 0.11-4
Severity: important
Tags: patch
--- Please enter the report below this line. ---
There have been some community fixes not yet applied to this package.
I've attached a patch against mercurial repository that includes them
under debian/patches.
You can see these changes in l7-filter project SVN [0] and its bug
tracker ([1] and [2])
Applied patches summary:
+ Added l7_connections map access locking patch from James King.
+ Applied getopt patch from Gavin Pryke. [fixed tracker #10]
+ Applied memory leak during pattern loading from Florian Westphal.
[tracker fixed #7]
Another option is to release a new package version based on upstream SVN.
[0] svn://svn.clearfoundation.com/l7-filter
[1] http://l7-filter.clearfoundation.com/tracker/view.php?id=7
[2] http://l7-filter.clearfoundation.com/tracker/view.php?id=10
<http://l7-filter.clearfoundation.com/tracker/view.php?id=7>
Best regards
--
Carlos Pérez-Aradros Herce - Developer
The Linux small business server
www.zentyal.com
diff -r 42a97ac5d3a7 debian/changelog
--- a/debian/changelog Sun May 30 13:12:02 2010 +0200
+++ b/debian/changelog Tue Jan 25 16:26:44 2011 +0100
@@ -1,5 +1,13 @@
l7-filter-userspace (0.11-5) UNRELEASED; urgency=low
+ [ Carlos Pérez-Aradros Herce ]
+ * Added l7_connections map access locking patch from James King.
+ See l7-filter repository rev 322.
+ * Added getopt patch from Gavin Pryke.
+ See http://l7-filter.clearfoundation.com/tracker/view.php?id=10
+ * Added memory leak patch during pattern loading from Florian Westphal.
+ See http://l7-filter.clearfoundation.com/tracker/view.php?id=7
+
[ Jakub Wilk ]
* Update my e-mail address.
* Update Maintainer and Source fields in debian/copyright and Homepage field
diff -r 42a97ac5d3a7 debian/patches/connection-map-mutex-lock.diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/debian/patches/connection-map-mutex-lock.diff Tue Jan 25 16:26:44 2011 +0100
@@ -0,0 +1,68 @@
+diff --git a/THANKS b/THANKS
+index 05355a5..f282fbd 100644
+--- a/THANKS
++++ b/THANKS
+@@ -68,4 +68,5 @@ Matthew Strait. Over the years, we've also gotten help from (as of 2008
+ * Beat Weisskopf (patterns, metadata)
+ * lonely wolf (translation)
+ * wsgtrsys (patterns)
++ * James King (bug fix)
+
+diff --git a/l7-conntrack.cpp b/l7-conntrack.cpp
+index 87164a4..7308695 100644
+--- a/l7-conntrack.cpp
++++ b/l7-conntrack.cpp
+@@ -198,10 +198,12 @@ static int l7_handle_conntrack_event(enum nf_conntrack_msg_type type, nf_conntra
+ l7_conntrack::~l7_conntrack()
+ {
+ nfct_close(cth);
++ pthread_mutex_destroy(&map_mutex);
+ }
+
+ l7_conntrack::l7_conntrack(void* l7_classifier_in)
+ {
++ pthread_mutex_init(&map_mutex, NULL);
+ l7_classifier = (l7_classify *)l7_classifier_in;
+
+ // Now open a handler that is subscribed to all possible events
+@@ -214,19 +216,27 @@ l7_conntrack::l7_conntrack(void* l7_classifier_in)
+
+ l7_connection *l7_conntrack::get_l7_connection(const string key)
+ {
+- return l7_connections[key];
++ l7_connection *conn;
++ pthread_mutex_lock(&map_mutex);
++ conn = l7_connections[key];
++ pthread_mutex_unlock(&map_mutex);
++ return conn;
+ }
+
+ void l7_conntrack::add_l7_connection(l7_connection* connection,
+ const string key)
+ {
++ pthread_mutex_lock(&map_mutex);
+ l7_connections[key] = connection;
++ pthread_mutex_unlock(&map_mutex);
+ }
+
+ void l7_conntrack::remove_l7_connection(const string key)
+ {
++ pthread_mutex_lock(&map_mutex);
+ delete l7_connections[key];
+ l7_connections.erase(l7_connections.find(key));
++ pthread_mutex_unlock(&map_mutex);
+ }
+
+ void l7_conntrack::start()
+diff --git a/l7-conntrack.h b/l7-conntrack.h
+index 18245e7..7865e85 100644
+--- a/l7-conntrack.h
++++ b/l7-conntrack.h
+@@ -51,6 +51,7 @@ class l7_conntrack {
+ private:
+ l7_map l7_connections;
+ struct nfct_handle *cth; // the callback
++ pthread_mutex_t map_mutex;
+
+ public:
+ l7_conntrack(void * foo);
diff -r 42a97ac5d3a7 debian/patches/getopt-help-screen.diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/debian/patches/getopt-help-screen.diff Tue Jan 25 16:26:44 2011 +0100
@@ -0,0 +1,33 @@
+Index: l7-filter-userspace-0.11/THANKS
+===================================================================
+--- l7-filter-userspace-0.11.orig/THANKS 2011-01-25 13:34:01.084366647 +0100
++++ l7-filter-userspace-0.11/THANKS 2011-01-25 13:34:15.064378352 +0100
+@@ -69,4 +69,5 @@
+ * lonely wolf (translation)
+ * wsgtrsys (patterns)
+ * James King (bug fix)
++ * Gavin Pryke (bug fix)
+
+Index: l7-filter-userspace-0.11/l7-filter.cpp
+===================================================================
+--- l7-filter-userspace-0.11.orig/l7-filter.cpp 2011-01-25 13:33:00.344364368 +0100
++++ l7-filter-userspace-0.11/l7-filter.cpp 2011-01-25 13:33:52.417392848 +0100
+@@ -186,15 +186,11 @@
+ conffilename = "";
+ const char *opts = "f:q:vh?sb:dn:p:m:cz";
+
+- int done = 0;
+- while(!done)
++ int c;
++ while((c = getopt (argc, argv, opts)) != -1)
+ {
+- char c;
+- switch(c = getopt(argc, argv, opts))
++ switch(c)
+ {
+- case -1:
+- done = 1;
+- break;
+ case 'f':
+ conffilename = optarg;
+ break;
diff -r 42a97ac5d3a7 debian/patches/pattern-loading-leak.diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/debian/patches/pattern-loading-leak.diff Tue Jan 25 16:26:44 2011 +0100
@@ -0,0 +1,22 @@
+Index: l7-filter-userspace-0.11/THANKS
+===================================================================
+--- l7-filter-userspace-0.11.orig/THANKS 2011-01-25 13:46:24.172364146 +0100
++++ l7-filter-userspace-0.11/THANKS 2011-01-25 13:46:30.201402127 +0100
+@@ -70,4 +70,5 @@
+ * wsgtrsys (patterns)
+ * James King (bug fix)
+ * Gavin Pryke (bug fix)
++ * Florian Westphal (bug fix)
+
+Index: l7-filter-userspace-0.11/l7-classify.cpp
+===================================================================
+--- l7-filter-userspace-0.11.orig/l7-classify.cpp 2011-01-25 13:45:00.652365514 +0100
++++ l7-filter-userspace-0.11/l7-classify.cpp 2011-01-25 13:45:17.864377312 +0100
+@@ -59,6 +59,7 @@
+ cerr << "error compiling " << name << " -- " << pattern_string << endl;
+ exit(1);
+ }
++ free(preprocessed);
+ }
+
+
diff -r 42a97ac5d3a7 debian/patches/series
--- a/debian/patches/series Sun May 30 13:12:02 2010 +0200
+++ b/debian/patches/series Tue Jan 25 16:26:44 2011 +0100
@@ -1,2 +1,5 @@
netfilter-conntrack-0.100.diff
hyphen-used-as-minus-sign.diff
+connection-map-mutex-lock.diff
+getopt-help-screen.diff
+pattern-loading-leak.diff
