)]}'
{
  "log": [
    {
      "commit": "ba4e58eca8aa9473b44fdfd312f26c4a2e7798b3",
      "tree": "700f8f989f48da480beb83b983637cfd2b5a3f67",
      "parents": [
        "6051e2f4fb68fc8e5343db58fa680ece376f405c"
      ],
      "author": {
        "name": "Gerrit Renker",
        "email": "gerrit@erg.abdn.ac.uk",
        "time": "Mon Nov 27 11:10:57 2006 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Sat Dec 02 21:22:46 2006 -0800"
      },
      "message": "[NET]: Supporting UDP-Lite (RFC 3828) in Linux\n\nThis is a revision of the previously submitted patch, which alters\nthe way files are organized and compiled in the following manner:\n\n\t* UDP and UDP-Lite now use separate object files\n\t* source file dependencies resolved via header files\n\t  net/ipv{4,6}/udp_impl.h\n\t* order of inclusion files in udp.c/udplite.c adapted\n\t  accordingly\n\n[NET/IPv4]: Support for the UDP-Lite protocol (RFC 3828)\n\nThis patch adds support for UDP-Lite to the IPv4 stack, provided as an\nextension to the existing UDPv4 code:\n        * generic routines are all located in net/ipv4/udp.c\n        * UDP-Lite specific routines are in net/ipv4/udplite.c\n        * MIB/statistics support in /proc/net/snmp and /proc/net/udplite\n        * shared API with extensions for partial checksum coverage\n\n[NET/IPv6]: Extension for UDP-Lite over IPv6\n\nIt extends the existing UDPv6 code base with support for UDP-Lite\nin the same manner as per UDPv4. In particular,\n        * UDPv6 generic and shared code is in net/ipv6/udp.c\n        * UDP-Litev6 specific extensions are in net/ipv6/udplite.c\n        * MIB/statistics support in /proc/net/snmp6 and /proc/net/udplite6\n        * support for IPV6_ADDRFORM\n        * aligned the coding style of protocol initialisation with af_inet6.c\n        * made the error handling in udpv6_queue_rcv_skb consistent;\n          to return `-1\u0027 on error on all error cases\n        * consolidation of shared code\n\n[NET]: UDP-Lite Documentation and basic XFRM/Netfilter support\n\nThe UDP-Lite patch further provides\n        * API documentation for UDP-Lite\n        * basic xfrm support\n        * basic netfilter support for IPv4 and IPv6 (LOG target)\n\nSigned-off-by: Gerrit Renker \u003cgerrit@erg.abdn.ac.uk\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "0a69452cb45add0841c2bc1e75c25f6bd4f1d8d9",
      "tree": "17906377f0f55c809126932e3a0e4b9bb972739c",
      "parents": [
        "80246ab36ec8baf7d107254adb166baa555a59f8"
      ],
      "author": {
        "name": "Diego Beltrami",
        "email": "diego.beltrami@gmail.com",
        "time": "Tue Oct 03 23:47:05 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Wed Oct 04 00:31:09 2006 -0700"
      },
      "message": "[XFRM]: BEET mode\n\nThis patch introduces the BEET mode (Bound End-to-End Tunnel) with as\nspecified by the ietf draft at the following link:\n\nhttp://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-06.txt\n\nThe patch provides only single family support (i.e. inner family \u003d\nouter family).\n\nSigned-off-by: Diego Beltrami \u003cdiego.beltrami@gmail.com\u003e\nSigned-off-by: Miika Komu     \u003cmiika@iki.fi\u003e\nSigned-off-by: Herbert Xu     \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: Abhinav Pathak \u003cabhinav.pathak@hiit.fi\u003e\nSigned-off-by: Jeff Ahrenholz \u003cahrenholz@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "00a5020cd51febbb3166ff7a09a2901c47ba251a",
      "tree": "81019d6669d6ee1a69b40ff845ceeb093be9f86a",
      "parents": [
        "4b06a7cf2f3c053e7fc47ca6a4c74553e2291e24"
      ],
      "author": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Wed Sep 27 18:29:47 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Thu Sep 28 18:01:57 2006 -0700"
      },
      "message": "[IPV4]: annotate ipv4 address fields in struct ip_msfilter and struct ip_mreq_source\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "cd360007a0eb8cbf17c006cca42aa884d33f96be",
      "tree": "eafbf11767e33cf247cc9cc7bc6474fe3c483a29",
      "parents": [
        "def42ff4dd6f54ebcf78192579a8ff1f81d8e2e8"
      ],
      "author": {
        "name": "Alexey Dobriyan",
        "email": "adobriyan@gmail.com",
        "time": "Mon Aug 28 23:58:32 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 15:18:29 2006 -0700"
      },
      "message": "[IPV4]: Make struct sockaddr_in::sin_port __be16\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "def42ff4dd6f54ebcf78192579a8ff1f81d8e2e8",
      "tree": "3ad722dea8f5a157ee9fb01725b7b58aae28d5c1",
      "parents": [
        "0719bdf1b5e7eb0d9c3c73ebbd9c9d5d382bb9e1"
      ],
      "author": {
        "name": "Alexey Dobriyan",
        "email": "adobriyan@gmail.com",
        "time": "Mon Aug 28 23:57:56 2006 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Fri Sep 22 15:18:28 2006 -0700"
      },
      "message": "[IPV4]: Make struct in_addr::s_addr __be32\n\nThere will be relatively small increase in sparse endian warnings, but\nthis (and sin_port) patch is a first step to make networking code\nendian clean.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "2c7946a7bf45ae86736ab3b43d0085e43947945c",
      "tree": "b956f301033ebaefe8d2701b257edfd947f537f3",
      "parents": [
        "be33690d8fcf40377f16193c463681170eb6b295"
      ],
      "author": {
        "name": "Catherine Zhang",
        "email": "cxzhang@watson.ibm.com",
        "time": "Mon Mar 20 22:41:23 2006 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Mon Mar 20 22:41:23 2006 -0800"
      },
      "message": "[SECURITY]: TCP/UDP getpeersec\n\nThis patch implements an application of the LSM-IPSec networking\ncontrols whereby an application can determine the label of the\nsecurity association its TCP or UDP sockets are currently connected to\nvia getsockopt and the auxiliary data mechanism of recvmsg.\n\nPatch purpose:\n\nThis patch enables a security-aware application to retrieve the\nsecurity context of an IPSec security association a particular TCP or\nUDP socket is using.  The application can then use this security\ncontext to determine the security context for processing on behalf of\nthe peer at the other end of this connection.  In the case of UDP, the\nsecurity context is for each individual packet.  An example\napplication is the inetd daemon, which could be modified to start\ndaemons running at security contexts dependent on the remote client.\n\nPatch design approach:\n\n- Design for TCP\nThe patch enables the SELinux LSM to set the peer security context for\na socket based on the security context of the IPSec security\nassociation.  The application may retrieve this context using\ngetsockopt.  When called, the kernel determines if the socket is a\nconnected (TCP_ESTABLISHED) TCP socket and, if so, uses the dst_entry\ncache on the socket to retrieve the security associations.  If a\nsecurity association has a security context, the context string is\nreturned, as for UNIX domain sockets.\n\n- Design for UDP\nUnlike TCP, UDP is connectionless.  This requires a somewhat different\nAPI to retrieve the peer security context.  With TCP, the peer\nsecurity context stays the same throughout the connection, thus it can\nbe retrieved at any time between when the connection is established\nand when it is torn down.  With UDP, each read/write can have\ndifferent peer and thus the security context might change every time.\nAs a result the security context retrieval must be done TOGETHER with\nthe packet retrieval.\n\nThe solution is to build upon the existing Unix domain socket API for\nretrieving user credentials.  Linux offers the API for obtaining user\ncredentials via ancillary messages (i.e., out of band/control messages\nthat are bundled together with a normal message).\n\nPatch implementation details:\n\n- Implementation for TCP\nThe security context can be retrieved by applications using getsockopt\nwith the existing SO_PEERSEC flag.  As an example (ignoring error\nchecking):\n\ngetsockopt(sockfd, SOL_SOCKET, SO_PEERSEC, optbuf, \u0026optlen);\nprintf(\"Socket peer context is: %s\\n\", optbuf);\n\nThe SELinux function, selinux_socket_getpeersec, is extended to check\nfor labeled security associations for connected (TCP_ESTABLISHED \u003d\u003d\nsk-\u003esk_state) TCP sockets only.  If so, the socket has a dst_cache of\nstruct dst_entry values that may refer to security associations.  If\nthese have security associations with security contexts, the security\ncontext is returned.\n\ngetsockopt returns a buffer that contains a security context string or\nthe buffer is unmodified.\n\n- Implementation for UDP\nTo retrieve the security context, the application first indicates to\nthe kernel such desire by setting the IP_PASSSEC option via\ngetsockopt.  Then the application retrieves the security context using\nthe auxiliary data mechanism.\n\nAn example server application for UDP should look like this:\n\ntoggle \u003d 1;\ntoggle_len \u003d sizeof(toggle);\n\nsetsockopt(sockfd, SOL_IP, IP_PASSSEC, \u0026toggle, \u0026toggle_len);\nrecvmsg(sockfd, \u0026msg_hdr, 0);\nif (msg_hdr.msg_controllen \u003e sizeof(struct cmsghdr)) {\n    cmsg_hdr \u003d CMSG_FIRSTHDR(\u0026msg_hdr);\n    if (cmsg_hdr-\u003ecmsg_len \u003c\u003d CMSG_LEN(sizeof(scontext)) \u0026\u0026\n        cmsg_hdr-\u003ecmsg_level \u003d\u003d SOL_IP \u0026\u0026\n        cmsg_hdr-\u003ecmsg_type \u003d\u003d SCM_SECURITY) {\n        memcpy(\u0026scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));\n    }\n}\n\nip_setsockopt is enhanced with a new socket option IP_PASSSEC to allow\na server socket to receive security context of the peer.  A new\nancillary message type SCM_SECURITY.\n\nWhen the packet is received we get the security context from the\nsec_path pointer which is contained in the sk_buff, and copy it to the\nancillary message space.  An additional LSM hook,\nselinux_socket_getpeersec_udp, is defined to retrieve the security\ncontext from the SELinux space.  The existing function,\nselinux_socket_getpeersec does not suit our purpose, because the\nsecurity context is copied directly to user space, rather than to\nkernel space.\n\nTesting:\n\nWe have tested the patch by setting up TCP and UDP connections between\napplications on two machines using the IPSec policies that result in\nlabeled security associations being built.  For TCP, we can then\nextract the peer security context using getsockopt on either end.  For\nUDP, the receiving end can retrieve the security context using the\nauxiliary data mechanism of recvmsg.\n\nSigned-off-by: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c",
      "tree": "3cb2732870c9cf8f976cb6fa57e0223f1c648e2a",
      "parents": [
        "c4365c9235f80128c3c3d5993074173941b1c1f0"
      ],
      "author": {
        "name": "Arnaldo Carvalho de Melo",
        "email": "acme@ghostprotocols.net",
        "time": "Tue Aug 09 20:14:34 2005 -0700"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@sunset.davemloft.net",
        "time": "Mon Aug 29 15:49:46 2005 -0700"
      },
      "message": "[DCCP]: Initial implementation\n\nDevelopment to this point was done on a subversion repository at:\n\nhttp://oops.ghostprotocols.net:81/cgi-bin/viewcvs.cgi/dccp-2.6/\n\nThis repository will be kept at this site for the foreseable future,\nso that interested parties can see the history of this code,\nattributions, etc.\n\nIf I ever decide to take this offline I\u0027ll provide the full history at\nsome other suitable place.\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@ghostprotocols.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
      "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d",
      "parents": [],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@ppc970.osdl.org",
        "time": "Sat Apr 16 15:20:36 2005 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@ppc970.osdl.org",
        "time": "Sat Apr 16 15:20:36 2005 -0700"
      },
      "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n"
    }
  ]
}