From b3765a1e67cb0bf1d5f8f1d82fd822bf78400be4 Mon Sep 17 00:00:00 2001 From: Dinko Korunic Date: Tue, 23 Feb 2010 14:20:07 +0100 Subject: [PATCH] * #10170: ukloniti konflikte s prethodnim kernelom * #10171: detektirati Layer7 prije upgrade-a * #10172: NEWS.CARNet za ExecShield, Layer7 --- debian/changelog | 8 ++++++++ debian/control | 4 ++-- debian/docs | 1 + debian/postinst | 5 ++--- debian/preinst | 7 +++++++ 5 files changed, 20 insertions(+), 5 deletions(-) create mode 100644 NEWS.CARNet diff --git a/NEWS.CARNet b/NEWS.CARNet new file mode 100644 index 0000000..e69de29 diff --git a/debian/changelog b/debian/changelog index d58be28..d0bc41b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +kernel-2.6-cn (3:2.6.26-6) stable; urgency=low + + * #10170: ukloniti konflikte s prethodnim kernelom + * #10171: detektirati Layer7 prije upgrade-a + * #10172: NEWS.CARNet za ExecShield, Layer7 + + -- Dinko Korunic Mon, 22 Feb 2010 16:23:35 +0100 + kernel-2.6-cn (3:2.6.26-5) stable; urgency=low * depend o opcenitim/generickim kernel paketima umjesto specificnim diff --git a/debian/control b/debian/control index 0b1ccd3..e8690f6 100644 --- a/debian/control +++ b/debian/control @@ -9,8 +9,8 @@ Package: kernel-2.6-cn Architecture: all Section: base Depends: grub (>= 0.97-47lenny2), procps (>= 1:3.2.7-11), udev (>= 0.125-7+lenny1), perl-base, carnet-tools-cn (>= 2.8.2), module-init-tools (>= 3.4-1), mount (>= 2.13.1.1-1), e2fsprogs (>= 1.41.3-1), microcode.ctl (>= 1.17-9), irqbalance (>= 0.55-2.4lenny1), mdadm (>= 2.6.7.2-1), firmware-bnx2 (>= 0.14+lenny1), linux-image-686-bigmem | linux-image-amd64 -Conflicts: iplogger, kernel-cn, kernel-2.4-cn (<< 2.4.33-2), linux-image-2.6.26-2+cn1-686-bigmem, linux-image-2.6.26-2+cn1-amd64 -Replaces: kernel-cn, kernel-2.4-cn, linux-image-2.6.26-2+cn1-686-bigmem, linux-image-2.6.26-2+cn1-amd64 +Conflicts: iplogger, kernel-cn, kernel-2.4-cn (<< 2.4.33-2) +Replaces: kernel-cn, kernel-2.4-cn Provides: kernel-cn Recommends: memtest86+ Description: Linux kernel virtual package for CARNet Linux servers diff --git a/debian/docs b/debian/docs index ef5ce6c..878b263 100644 --- a/debian/docs +++ b/debian/docs @@ -1,2 +1,3 @@ changelog.CARNet README.CARNet +NEWS.CARNet diff --git a/debian/postinst b/debian/postinst index 2167bed..86621d5 100755 --- a/debian/postinst +++ b/debian/postinst @@ -324,9 +324,8 @@ net.ipv4.icmp_echo_ignore_broadcasts=1 net.ipv4.icmp_ignore_bogus_error_responses=1 net.ipv4.ip_forward=0 net.ipv4.ip_local_port_range=10000 65000 -net.ipv4.tcp_congestion_control=cubic net.ipv4.tcp_ecn=0 -net.ipv4.tcp_max_syn_backlog=8192 +net.ipv4.tcp_max_syn_backlog=1024 net.ipv4.tcp_retries1=2 net.ipv4.tcp_rfc1337=1 net.ipv4.tcp_syncookies=1 @@ -335,7 +334,7 @@ EOF # old kernel params if [ -e /etc/sysctl.conf ]; then - egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies|kernel\.exec-shield' \ + egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies|kernel\.exec-shield|net\.ipv4\.tcp_max_syn_backlog|net\.ipv4\.tcp_congestion_control' \ /etc/sysctl.conf >> /etc/sysctl.conf.$$ fi diff --git a/debian/preinst b/debian/preinst index cef0916..01a7582 100755 --- a/debian/preinst +++ b/debian/preinst @@ -45,6 +45,13 @@ for i in $DIVERT_TO; do done echo "." +################################################################################ + +if iptables-save | grep -qs '^-A.* -m layer7 '; then + echo 'CN: Layer7 Netfilter no longer supported, report this to SysHelp!' + exit 1 +fi + # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. -- 1.7.10.4