1 |
This is TOMOYO Linux patch for openSUSE 11.0. |
This is TOMOYO Linux patch for openSUSE 11.0. |
2 |
|
|
3 |
Source code for this patch is http://download.opensuse.org/update/11.0/rpm/i586/kernel-source-2.6.25.20-0.4.i586.rpm |
Source code for this patch is http://download.opensuse.org/update/11.0/rpm/i586/kernel-source-2.6.25.20-0.5.i586.rpm |
4 |
--- |
--- |
5 |
arch/ia64/ia32/sys_ia32.c | 3 +++ |
arch/ia64/ia32/sys_ia32.c | 3 +++ |
6 |
arch/mips/kernel/ptrace32.c | 3 +++ |
arch/mips/kernel/ptrace32.c | 3 +++ |
41 |
security/Makefile | 3 +++ |
security/Makefile | 3 +++ |
42 |
37 files changed, 261 insertions(+), 3 deletions(-) |
37 files changed, 261 insertions(+), 3 deletions(-) |
43 |
|
|
44 |
--- linux-2.6.25.20-0.4.orig/arch/ia64/ia32/sys_ia32.c |
--- linux-2.6.25.20-0.5.orig/arch/ia64/ia32/sys_ia32.c |
45 |
+++ linux-2.6.25.20-0.4/arch/ia64/ia32/sys_ia32.c |
+++ linux-2.6.25.20-0.5/arch/ia64/ia32/sys_ia32.c |
46 |
@@ -50,6 +50,7 @@ |
@@ -50,6 +50,7 @@ |
47 |
#include <asm/types.h> |
#include <asm/types.h> |
48 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
60 |
|
|
61 |
lock_kernel(); |
lock_kernel(); |
62 |
if (request == PTRACE_TRACEME) { |
if (request == PTRACE_TRACEME) { |
63 |
--- linux-2.6.25.20-0.4.orig/arch/mips/kernel/ptrace32.c |
--- linux-2.6.25.20-0.5.orig/arch/mips/kernel/ptrace32.c |
64 |
+++ linux-2.6.25.20-0.4/arch/mips/kernel/ptrace32.c |
+++ linux-2.6.25.20-0.5/arch/mips/kernel/ptrace32.c |
65 |
@@ -35,6 +35,7 @@ |
@@ -35,6 +35,7 @@ |
66 |
#include <asm/system.h> |
#include <asm/system.h> |
67 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
79 |
|
|
80 |
#if 0 |
#if 0 |
81 |
printk("ptrace(r=%d,pid=%d,addr=%08lx,data=%08lx)\n", |
printk("ptrace(r=%d,pid=%d,addr=%08lx,data=%08lx)\n", |
82 |
--- linux-2.6.25.20-0.4.orig/arch/s390/kernel/ptrace.c |
--- linux-2.6.25.20-0.5.orig/arch/s390/kernel/ptrace.c |
83 |
+++ linux-2.6.25.20-0.4/arch/s390/kernel/ptrace.c |
+++ linux-2.6.25.20-0.5/arch/s390/kernel/ptrace.c |
84 |
@@ -41,6 +41,7 @@ |
@@ -41,6 +41,7 @@ |
85 |
#include <asm/system.h> |
#include <asm/system.h> |
86 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
98 |
lock_kernel(); |
lock_kernel(); |
99 |
if (request == PTRACE_TRACEME) { |
if (request == PTRACE_TRACEME) { |
100 |
ret = ptrace_traceme(); |
ret = ptrace_traceme(); |
101 |
--- linux-2.6.25.20-0.4.orig/arch/x86/kernel/ptrace.c |
--- linux-2.6.25.20-0.5.orig/arch/x86/kernel/ptrace.c |
102 |
+++ linux-2.6.25.20-0.4/arch/x86/kernel/ptrace.c |
+++ linux-2.6.25.20-0.5/arch/x86/kernel/ptrace.c |
103 |
@@ -32,6 +32,7 @@ |
@@ -32,6 +32,7 @@ |
104 |
#include <asm/prctl.h> |
#include <asm/prctl.h> |
105 |
#include <asm/proto.h> |
#include <asm/proto.h> |
117 |
|
|
118 |
switch (request) { |
switch (request) { |
119 |
case PTRACE_TRACEME: |
case PTRACE_TRACEME: |
120 |
--- linux-2.6.25.20-0.4.orig/fs/attr.c |
--- linux-2.6.25.20-0.5.orig/fs/attr.c |
121 |
+++ linux-2.6.25.20-0.4/fs/attr.c |
+++ linux-2.6.25.20-0.5/fs/attr.c |
122 |
@@ -14,6 +14,7 @@ |
@@ -14,6 +14,7 @@ |
123 |
#include <linux/fcntl.h> |
#include <linux/fcntl.h> |
124 |
#include <linux/quotaops.h> |
#include <linux/quotaops.h> |
145 |
if (!error) { |
if (!error) { |
146 |
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || |
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || |
147 |
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) |
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) |
148 |
--- linux-2.6.25.20-0.4.orig/fs/compat.c |
--- linux-2.6.25.20-0.5.orig/fs/compat.c |
149 |
+++ linux-2.6.25.20-0.4/fs/compat.c |
+++ linux-2.6.25.20-0.5/fs/compat.c |
150 |
@@ -55,6 +55,7 @@ |
@@ -55,6 +55,7 @@ |
151 |
#include <asm/mmu_context.h> |
#include <asm/mmu_context.h> |
152 |
#include <asm/ioctls.h> |
#include <asm/ioctls.h> |
164 |
if (retval >= 0) { |
if (retval >= 0) { |
165 |
/* execve success */ |
/* execve success */ |
166 |
security_bprm_free(bprm); |
security_bprm_free(bprm); |
167 |
--- linux-2.6.25.20-0.4.orig/fs/compat_ioctl.c |
--- linux-2.6.25.20-0.5.orig/fs/compat_ioctl.c |
168 |
+++ linux-2.6.25.20-0.4/fs/compat_ioctl.c |
+++ linux-2.6.25.20-0.5/fs/compat_ioctl.c |
169 |
@@ -120,6 +120,7 @@ |
@@ -120,6 +120,7 @@ |
170 |
#include <xen/public/privcmd.h> |
#include <xen/public/privcmd.h> |
171 |
#include <xen/compat_ioctl.h> |
#include <xen/compat_ioctl.h> |
194 |
if (filp->f_op && filp->f_op->compat_ioctl) { |
if (filp->f_op && filp->f_op->compat_ioctl) { |
195 |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
196 |
if (error != -ENOIOCTLCMD) |
if (error != -ENOIOCTLCMD) |
197 |
--- linux-2.6.25.20-0.4.orig/fs/exec.c |
--- linux-2.6.25.20-0.5.orig/fs/exec.c |
198 |
+++ linux-2.6.25.20-0.4/fs/exec.c |
+++ linux-2.6.25.20-0.5/fs/exec.c |
199 |
@@ -60,6 +60,8 @@ |
@@ -60,6 +60,8 @@ |
200 |
#include <linux/kmod.h> |
#include <linux/kmod.h> |
201 |
#endif |
#endif |
236 |
if (retval >= 0) { |
if (retval >= 0) { |
237 |
/* execve success */ |
/* execve success */ |
238 |
free_arg_pages(bprm); |
free_arg_pages(bprm); |
239 |
--- linux-2.6.25.20-0.4.orig/fs/fcntl.c |
--- linux-2.6.25.20-0.5.orig/fs/fcntl.c |
240 |
+++ linux-2.6.25.20-0.4/fs/fcntl.c |
+++ linux-2.6.25.20-0.5/fs/fcntl.c |
241 |
@@ -23,6 +23,7 @@ |
@@ -23,6 +23,7 @@ |
242 |
#include <asm/poll.h> |
#include <asm/poll.h> |
243 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
256 |
/* O_NOATIME can only be set by the owner or superuser */ |
/* O_NOATIME can only be set by the owner or superuser */ |
257 |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
258 |
if (!is_owner_or_cap(inode)) |
if (!is_owner_or_cap(inode)) |
259 |
--- linux-2.6.25.20-0.4.orig/fs/ioctl.c |
--- linux-2.6.25.20-0.5.orig/fs/ioctl.c |
260 |
+++ linux-2.6.25.20-0.4/fs/ioctl.c |
+++ linux-2.6.25.20-0.5/fs/ioctl.c |
261 |
@@ -15,6 +15,7 @@ |
@@ -15,6 +15,7 @@ |
262 |
#include <linux/uaccess.h> |
#include <linux/uaccess.h> |
263 |
|
|
284 |
if (error) |
if (error) |
285 |
goto out_fput; |
goto out_fput; |
286 |
|
|
287 |
--- linux-2.6.25.20-0.4.orig/fs/namei.c |
--- linux-2.6.25.20-0.5.orig/fs/namei.c |
288 |
+++ linux-2.6.25.20-0.4/fs/namei.c |
+++ linux-2.6.25.20-0.5/fs/namei.c |
289 |
@@ -35,6 +35,8 @@ |
@@ -35,6 +35,8 @@ |
290 |
|
|
291 |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
398 |
error = vfs_rename(old_dir->d_inode, old_dentry, oldnd.path.mnt, |
error = vfs_rename(old_dir->d_inode, old_dentry, oldnd.path.mnt, |
399 |
new_dir->d_inode, new_dentry, newnd.path.mnt); |
new_dir->d_inode, new_dentry, newnd.path.mnt); |
400 |
exit5: |
exit5: |
401 |
--- linux-2.6.25.20-0.4.orig/fs/namespace.c |
--- linux-2.6.25.20-0.5.orig/fs/namespace.c |
402 |
+++ linux-2.6.25.20-0.4/fs/namespace.c |
+++ linux-2.6.25.20-0.5/fs/namespace.c |
403 |
@@ -30,6 +30,7 @@ |
@@ -30,6 +30,7 @@ |
404 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
405 |
#include "pnode.h" |
#include "pnode.h" |
486 |
if (error) { |
if (error) { |
487 |
path_put(&old_nd.path); |
path_put(&old_nd.path); |
488 |
goto out1; |
goto out1; |
489 |
--- linux-2.6.25.20-0.4.orig/fs/open.c |
--- linux-2.6.25.20-0.5.orig/fs/open.c |
490 |
+++ linux-2.6.25.20-0.4/fs/open.c |
+++ linux-2.6.25.20-0.5/fs/open.c |
491 |
@@ -27,6 +27,7 @@ |
@@ -27,6 +27,7 @@ |
492 |
#include <linux/rcupdate.h> |
#include <linux/rcupdate.h> |
493 |
#include <linux/audit.h> |
#include <linux/audit.h> |
593 |
if (capable(CAP_SYS_TTY_CONFIG)) { |
if (capable(CAP_SYS_TTY_CONFIG)) { |
594 |
/* XXX: this needs locking */ |
/* XXX: this needs locking */ |
595 |
tty_vhangup(current->signal->tty); |
tty_vhangup(current->signal->tty); |
596 |
--- linux-2.6.25.20-0.4.orig/fs/proc/proc_misc.c |
--- linux-2.6.25.20-0.5.orig/fs/proc/proc_misc.c |
597 |
+++ linux-2.6.25.20-0.4/fs/proc/proc_misc.c |
+++ linux-2.6.25.20-0.5/fs/proc/proc_misc.c |
598 |
@@ -1021,4 +1021,5 @@ void __init proc_misc_init(void) |
@@ -1021,4 +1021,5 @@ void __init proc_misc_init(void) |
599 |
entry->proc_fops = &proc_sysrq_trigger_operations; |
entry->proc_fops = &proc_sysrq_trigger_operations; |
600 |
} |
} |
601 |
#endif |
#endif |
602 |
+ printk(KERN_INFO "Hook version: 2.6.25.20-0.4 2009/08/20\n"); |
+ printk(KERN_INFO "Hook version: 2.6.25.20-0.5 2009/08/23\n"); |
603 |
} |
} |
604 |
--- linux-2.6.25.20-0.4.orig/include/linux/init_task.h |
--- linux-2.6.25.20-0.5.orig/include/linux/init_task.h |
605 |
+++ linux-2.6.25.20-0.4/include/linux/init_task.h |
+++ linux-2.6.25.20-0.5/include/linux/init_task.h |
606 |
@@ -133,6 +133,14 @@ extern struct group_info init_groups; |
@@ -133,6 +133,14 @@ extern struct group_info init_groups; |
607 |
# define CAP_INIT_BSET CAP_INIT_EFF_SET |
# define CAP_INIT_BSET CAP_INIT_EFF_SET |
608 |
#endif |
#endif |
626 |
} |
} |
627 |
|
|
628 |
|
|
629 |
--- linux-2.6.25.20-0.4.orig/include/linux/sched.h |
--- linux-2.6.25.20-0.5.orig/include/linux/sched.h |
630 |
+++ linux-2.6.25.20-0.4/include/linux/sched.h |
+++ linux-2.6.25.20-0.5/include/linux/sched.h |
631 |
@@ -29,6 +29,8 @@ |
@@ -29,6 +29,8 @@ |
632 |
#define CLONE_NEWNET 0x40000000 /* New network namespace */ |
#define CLONE_NEWNET 0x40000000 /* New network namespace */ |
633 |
#define CLONE_IO 0x80000000 /* Clone io context */ |
#define CLONE_IO 0x80000000 /* Clone io context */ |
648 |
}; |
}; |
649 |
|
|
650 |
/* |
/* |
651 |
--- linux-2.6.25.20-0.4.orig/kernel/compat.c |
--- linux-2.6.25.20-0.5.orig/kernel/compat.c |
652 |
+++ linux-2.6.25.20-0.4/kernel/compat.c |
+++ linux-2.6.25.20-0.5/kernel/compat.c |
653 |
@@ -25,6 +25,7 @@ |
@@ -25,6 +25,7 @@ |
654 |
#include <linux/posix-timers.h> |
#include <linux/posix-timers.h> |
655 |
|
|
667 |
|
|
668 |
do_settimeofday(&tv); |
do_settimeofday(&tv); |
669 |
return 0; |
return 0; |
670 |
--- linux-2.6.25.20-0.4.orig/kernel/kexec.c |
--- linux-2.6.25.20-0.5.orig/kernel/kexec.c |
671 |
+++ linux-2.6.25.20-0.4/kernel/kexec.c |
+++ linux-2.6.25.20-0.5/kernel/kexec.c |
672 |
@@ -31,6 +31,7 @@ |
@@ -31,6 +31,7 @@ |
673 |
#include <asm/system.h> |
#include <asm/system.h> |
674 |
#include <asm/semaphore.h> |
#include <asm/semaphore.h> |
686 |
|
|
687 |
/* |
/* |
688 |
* Verify we have a legal set of flags |
* Verify we have a legal set of flags |
689 |
--- linux-2.6.25.20-0.4.orig/kernel/kmod.c |
--- linux-2.6.25.20-0.5.orig/kernel/kmod.c |
690 |
+++ linux-2.6.25.20-0.4/kernel/kmod.c |
+++ linux-2.6.25.20-0.5/kernel/kmod.c |
691 |
@@ -173,6 +173,11 @@ static int ____call_usermodehelper(void |
@@ -173,6 +173,11 @@ static int ____call_usermodehelper(void |
692 |
*/ |
*/ |
693 |
set_user_nice(current, 0); |
set_user_nice(current, 0); |
700 |
retval = kernel_execve(sub_info->path, sub_info->argv, sub_info->envp); |
retval = kernel_execve(sub_info->path, sub_info->argv, sub_info->envp); |
701 |
|
|
702 |
/* Exec failed? */ |
/* Exec failed? */ |
703 |
--- linux-2.6.25.20-0.4.orig/kernel/module.c |
--- linux-2.6.25.20-0.5.orig/kernel/module.c |
704 |
+++ linux-2.6.25.20-0.4/kernel/module.c |
+++ linux-2.6.25.20-0.5/kernel/module.c |
705 |
@@ -47,6 +47,7 @@ |
@@ -47,6 +47,7 @@ |
706 |
#include <asm/cacheflush.h> |
#include <asm/cacheflush.h> |
707 |
#include <linux/license.h> |
#include <linux/license.h> |
728 |
|
|
729 |
/* Only one module load at a time, please */ |
/* Only one module load at a time, please */ |
730 |
if (mutex_lock_interruptible(&module_mutex) != 0) |
if (mutex_lock_interruptible(&module_mutex) != 0) |
731 |
--- linux-2.6.25.20-0.4.orig/kernel/ptrace.c |
--- linux-2.6.25.20-0.5.orig/kernel/ptrace.c |
732 |
+++ linux-2.6.25.20-0.4/kernel/ptrace.c |
+++ linux-2.6.25.20-0.5/kernel/ptrace.c |
733 |
@@ -24,6 +24,7 @@ |
@@ -24,6 +24,7 @@ |
734 |
|
|
735 |
#include <asm/pgtable.h> |
#include <asm/pgtable.h> |
756 |
lock_kernel(); |
lock_kernel(); |
757 |
if (request == PTRACE_TRACEME) { |
if (request == PTRACE_TRACEME) { |
758 |
ret = ptrace_traceme(); |
ret = ptrace_traceme(); |
759 |
--- linux-2.6.25.20-0.4.orig/kernel/sched.c |
--- linux-2.6.25.20-0.5.orig/kernel/sched.c |
760 |
+++ linux-2.6.25.20-0.4/kernel/sched.c |
+++ linux-2.6.25.20-0.5/kernel/sched.c |
761 |
@@ -69,6 +69,7 @@ |
@@ -69,6 +69,7 @@ |
762 |
|
|
763 |
#include <asm/tlb.h> |
#include <asm/tlb.h> |
775 |
|
|
776 |
/* |
/* |
777 |
* Setpriority might change our priority at the same moment. |
* Setpriority might change our priority at the same moment. |
778 |
--- linux-2.6.25.20-0.4.orig/kernel/signal.c |
--- linux-2.6.25.20-0.5.orig/kernel/signal.c |
779 |
+++ linux-2.6.25.20-0.4/kernel/signal.c |
+++ linux-2.6.25.20-0.5/kernel/signal.c |
780 |
@@ -32,6 +32,7 @@ |
@@ -32,6 +32,7 @@ |
781 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
782 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
821 |
|
|
822 |
/* POSIX.1b doesn't mention process groups. */ |
/* POSIX.1b doesn't mention process groups. */ |
823 |
return kill_proc_info(sig, &info, pid); |
return kill_proc_info(sig, &info, pid); |
824 |
--- linux-2.6.25.20-0.4.orig/kernel/sys.c |
--- linux-2.6.25.20-0.5.orig/kernel/sys.c |
825 |
+++ linux-2.6.25.20-0.4/kernel/sys.c |
+++ linux-2.6.25.20-0.5/kernel/sys.c |
826 |
@@ -42,6 +42,7 @@ |
@@ -42,6 +42,7 @@ |
827 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
828 |
#include <asm/io.h> |
#include <asm/io.h> |
869 |
|
|
870 |
down_write(&uts_sem); |
down_write(&uts_sem); |
871 |
errno = -EFAULT; |
errno = -EFAULT; |
872 |
--- linux-2.6.25.20-0.4.orig/kernel/sysctl.c |
--- linux-2.6.25.20-0.5.orig/kernel/sysctl.c |
873 |
+++ linux-2.6.25.20-0.4/kernel/sysctl.c |
+++ linux-2.6.25.20-0.5/kernel/sysctl.c |
874 |
@@ -48,6 +48,7 @@ |
@@ -48,6 +48,7 @@ |
875 |
|
|
876 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
897 |
error = parse_table(name, nlen, oldval, oldlenp, |
error = parse_table(name, nlen, oldval, oldlenp, |
898 |
newval, newlen, head->ctl_table); |
newval, newlen, head->ctl_table); |
899 |
if (error != -ENOTDIR) { |
if (error != -ENOTDIR) { |
900 |
--- linux-2.6.25.20-0.4.orig/kernel/time.c |
--- linux-2.6.25.20-0.5.orig/kernel/time.c |
901 |
+++ linux-2.6.25.20-0.4/kernel/time.c |
+++ linux-2.6.25.20-0.5/kernel/time.c |
902 |
@@ -38,6 +38,7 @@ |
@@ -38,6 +38,7 @@ |
903 |
|
|
904 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
925 |
|
|
926 |
if (tz) { |
if (tz) { |
927 |
/* SMP safe, global irq locking makes it work. */ |
/* SMP safe, global irq locking makes it work. */ |
928 |
--- linux-2.6.25.20-0.4.orig/kernel/time/ntp.c |
--- linux-2.6.25.20-0.5.orig/kernel/time/ntp.c |
929 |
+++ linux-2.6.25.20-0.4/kernel/time/ntp.c |
+++ linux-2.6.25.20-0.5/kernel/time/ntp.c |
930 |
@@ -17,6 +17,7 @@ |
@@ -17,6 +17,7 @@ |
931 |
#include <linux/capability.h> |
#include <linux/capability.h> |
932 |
#include <asm/div64.h> |
#include <asm/div64.h> |
944 |
|
|
945 |
/* Now we validate the data before disabling interrupts */ |
/* Now we validate the data before disabling interrupts */ |
946 |
|
|
947 |
--- linux-2.6.25.20-0.4.orig/net/ipv4/inet_connection_sock.c |
--- linux-2.6.25.20-0.5.orig/net/ipv4/inet_connection_sock.c |
948 |
+++ linux-2.6.25.20-0.4/net/ipv4/inet_connection_sock.c |
+++ linux-2.6.25.20-0.5/net/ipv4/inet_connection_sock.c |
949 |
@@ -23,6 +23,7 @@ |
@@ -23,6 +23,7 @@ |
950 |
#include <net/route.h> |
#include <net/route.h> |
951 |
#include <net/tcp_states.h> |
#include <net/tcp_states.h> |
963 |
inet_bind_bucket_for_each(tb, node, &head->chain) |
inet_bind_bucket_for_each(tb, node, &head->chain) |
964 |
if (tb->ib_net == net && tb->port == rover) |
if (tb->ib_net == net && tb->port == rover) |
965 |
goto next; |
goto next; |
966 |
--- linux-2.6.25.20-0.4.orig/net/ipv4/inet_hashtables.c |
--- linux-2.6.25.20-0.5.orig/net/ipv4/inet_hashtables.c |
967 |
+++ linux-2.6.25.20-0.4/net/ipv4/inet_hashtables.c |
+++ linux-2.6.25.20-0.5/net/ipv4/inet_hashtables.c |
968 |
@@ -22,6 +22,7 @@ |
@@ -22,6 +22,7 @@ |
969 |
#include <net/inet_connection_sock.h> |
#include <net/inet_connection_sock.h> |
970 |
#include <net/inet_hashtables.h> |
#include <net/inet_hashtables.h> |
982 |
head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)]; |
head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)]; |
983 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
984 |
|
|
985 |
--- linux-2.6.25.20-0.4.orig/net/ipv4/raw.c |
--- linux-2.6.25.20-0.5.orig/net/ipv4/raw.c |
986 |
+++ linux-2.6.25.20-0.4/net/ipv4/raw.c |
+++ linux-2.6.25.20-0.5/net/ipv4/raw.c |
987 |
@@ -79,6 +79,7 @@ |
@@ -79,6 +79,7 @@ |
988 |
#include <linux/seq_file.h> |
#include <linux/seq_file.h> |
989 |
#include <linux/netfilter.h> |
#include <linux/netfilter.h> |
1002 |
|
|
1003 |
copied = skb->len; |
copied = skb->len; |
1004 |
if (len < copied) { |
if (len < copied) { |
1005 |
--- linux-2.6.25.20-0.4.orig/net/ipv4/udp.c |
--- linux-2.6.25.20-0.5.orig/net/ipv4/udp.c |
1006 |
+++ linux-2.6.25.20-0.4/net/ipv4/udp.c |
+++ linux-2.6.25.20-0.5/net/ipv4/udp.c |
1007 |
@@ -105,6 +105,7 @@ |
@@ -105,6 +105,7 @@ |
1008 |
#include <net/checksum.h> |
#include <net/checksum.h> |
1009 |
#include <net/xfrm.h> |
#include <net/xfrm.h> |
1039 |
|
|
1040 |
ulen = skb->len - sizeof(struct udphdr); |
ulen = skb->len - sizeof(struct udphdr); |
1041 |
copied = len; |
copied = len; |
1042 |
--- linux-2.6.25.20-0.4.orig/net/ipv6/raw.c |
--- linux-2.6.25.20-0.5.orig/net/ipv6/raw.c |
1043 |
+++ linux-2.6.25.20-0.4/net/ipv6/raw.c |
+++ linux-2.6.25.20-0.5/net/ipv6/raw.c |
1044 |
@@ -60,6 +60,7 @@ |
@@ -60,6 +60,7 @@ |
1045 |
|
|
1046 |
#include <linux/proc_fs.h> |
#include <linux/proc_fs.h> |
1059 |
|
|
1060 |
copied = skb->len; |
copied = skb->len; |
1061 |
if (copied > len) { |
if (copied > len) { |
1062 |
--- linux-2.6.25.20-0.4.orig/net/ipv6/udp.c |
--- linux-2.6.25.20-0.5.orig/net/ipv6/udp.c |
1063 |
+++ linux-2.6.25.20-0.4/net/ipv6/udp.c |
+++ linux-2.6.25.20-0.5/net/ipv6/udp.c |
1064 |
@@ -50,6 +50,7 @@ |
@@ -50,6 +50,7 @@ |
1065 |
#include <linux/proc_fs.h> |
#include <linux/proc_fs.h> |
1066 |
#include <linux/seq_file.h> |
#include <linux/seq_file.h> |
1079 |
|
|
1080 |
ulen = skb->len - sizeof(struct udphdr); |
ulen = skb->len - sizeof(struct udphdr); |
1081 |
copied = len; |
copied = len; |
1082 |
--- linux-2.6.25.20-0.4.orig/net/socket.c |
--- linux-2.6.25.20-0.5.orig/net/socket.c |
1083 |
+++ linux-2.6.25.20-0.4/net/socket.c |
+++ linux-2.6.25.20-0.5/net/socket.c |
1084 |
@@ -94,6 +94,8 @@ |
@@ -94,6 +94,8 @@ |
1085 |
#include <net/sock.h> |
#include <net/sock.h> |
1086 |
#include <linux/netfilter.h> |
#include <linux/netfilter.h> |
1153 |
if (err) |
if (err) |
1154 |
goto out_put; |
goto out_put; |
1155 |
|
|
1156 |
--- linux-2.6.25.20-0.4.orig/net/unix/af_unix.c |
--- linux-2.6.25.20-0.5.orig/net/unix/af_unix.c |
1157 |
+++ linux-2.6.25.20-0.4/net/unix/af_unix.c |
+++ linux-2.6.25.20-0.5/net/unix/af_unix.c |
1158 |
@@ -116,6 +116,7 @@ |
@@ -116,6 +116,7 @@ |
1159 |
#include <linux/mount.h> |
#include <linux/mount.h> |
1160 |
#include <net/checksum.h> |
#include <net/checksum.h> |
1173 |
err = vfs_mknod(nd.path.dentry->d_inode, dentry, nd.path.mnt, |
err = vfs_mknod(nd.path.dentry->d_inode, dentry, nd.path.mnt, |
1174 |
mode, 0); |
mode, 0); |
1175 |
if (err) |
if (err) |
1176 |
--- linux-2.6.25.20-0.4.orig/security/Kconfig |
--- linux-2.6.25.20-0.5.orig/security/Kconfig |
1177 |
+++ linux-2.6.25.20-0.4/security/Kconfig |
+++ linux-2.6.25.20-0.5/security/Kconfig |
1178 |
@@ -126,5 +126,7 @@ source security/selinux/Kconfig |
@@ -126,5 +126,7 @@ source security/selinux/Kconfig |
1179 |
source security/smack/Kconfig |
source security/smack/Kconfig |
1180 |
source security/apparmor/Kconfig |
source security/apparmor/Kconfig |
1183 |
+ |
+ |
1184 |
endmenu |
endmenu |
1185 |
|
|
1186 |
--- linux-2.6.25.20-0.4.orig/security/Makefile |
--- linux-2.6.25.20-0.5.orig/security/Makefile |
1187 |
+++ linux-2.6.25.20-0.4/security/Makefile |
+++ linux-2.6.25.20-0.5/security/Makefile |
1188 |
@@ -19,3 +19,6 @@ obj-$(CONFIG_SECURITY_SMACK) += commonc |
@@ -19,3 +19,6 @@ obj-$(CONFIG_SECURITY_SMACK) += commonc |
1189 |
obj-$(CONFIG_SECURITY_APPARMOR) += commoncap.o apparmor/ |
obj-$(CONFIG_SECURITY_APPARMOR) += commoncap.o apparmor/ |
1190 |
obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o |
obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o |