diff options
| author | Chuck Ebbert <cebbert@redhat.com> | 2010-11-20 09:48:42 -0500 |
|---|---|---|
| committer | Chuck Ebbert <cebbert@redhat.com> | 2010-11-20 09:48:42 -0500 |
| commit | eaa431c101ff69612a09f7f6ffaf41d102a2195d (patch) | |
| tree | 7f98a5de8abe71782600c6c2868fc1b8b2415783 | |
| parent | 1ef87abd797fabe88b6e403388d4541779862f07 (diff) | |
| parent | 49d23722dfbdeca9a8cb66ba87104e31bb98e62f (diff) | |
| download | kernel-eaa431c101ff69612a09f7f6ffaf41d102a2195d.tar.gz kernel-eaa431c101ff69612a09f7f6ffaf41d102a2195d.tar.xz kernel-eaa431c101ff69612a09f7f6ffaf41d102a2195d.zip | |
Merge branch 'master' of ssh://pkgs.fedoraproject.org/kernel
Fix up conflicts:
kernel.spec
| -rw-r--r-- | kernel.spec | 10 | ||||
| -rw-r--r-- | secmark-do-not-return-early-if-there-was-no-error.patch | 33 |
2 files changed, 43 insertions, 0 deletions
diff --git a/kernel.spec b/kernel.spec index 385f7f375..fb3f4e66e 100644 --- a/kernel.spec +++ b/kernel.spec @@ -724,6 +724,8 @@ Patch12303: dmar-disable-when-ricoh-multifunction.patch Patch12305: xhci_hcd-suspend-resume.patch +Patch12306: secmark-do-not-return-early-if-there-was-no-error.patch + %endif BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root @@ -1342,6 +1344,8 @@ ApplyPatch dmar-disable-when-ricoh-multifunction.patch ApplyPatch xhci_hcd-suspend-resume.patch +#ApplyPatch secmark-do-not-return-early-if-there-was-no-error.patch + # END OF PATCH APPLICATIONS %endif @@ -1957,6 +1961,12 @@ fi %changelog * Sat Nov 20 2010 Chuck Ebbert <cebbert@redhat.com> 2.6.36.1-6.rc1 - Linux 2.6.36.1-rc1 +- Comment out upstreamed patches: + secmark-do-not-return-early-if-there-was-no-error.patch + +* Sat Nov 20 2010 Kyle McMartin <kyle@redhat.com> +- secmark-do-not-return-early-if-there-was-no-error.patch: requested + by eparis@. (Fixes a BUG when using secmark.) * Wed Nov 17 2010 Kyle McMartin <kyle@redhat.com> 2.6.36-5 - Disable drm/intel rebase until it can be fixed. diff --git a/secmark-do-not-return-early-if-there-was-no-error.patch b/secmark-do-not-return-early-if-there-was-no-error.patch new file mode 100644 index 000000000..6515bd043 --- /dev/null +++ b/secmark-do-not-return-early-if-there-was-no-error.patch @@ -0,0 +1,33 @@ +From 15714f7b58011cf3948cab2988abea560240c74f Mon Sep 17 00:00:00 2001 +From: Eric Paris <eparis@redhat.com> +Date: Tue, 12 Oct 2010 11:40:08 -0400 +Subject: [PATCH] secmark: do not return early if there was no error + +Commit 4a5a5c73 attempted to pass decent error messages back to userspace for +netfilter errors. In xt_SECMARK.c however the patch screwed up and returned +on 0 (aka no error) early and didn't finish setting up secmark. This results +in a kernel BUG if you use SECMARK. + +Signed-off-by: Eric Paris <eparis@redhat.com> +Acked-by: Paul Moore <paul.moore@hp.com> +Signed-off-by: James Morris <jmorris@namei.org> +--- + net/netfilter/xt_SECMARK.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c +index 23b2d6c..364ad16 100644 +--- a/net/netfilter/xt_SECMARK.c ++++ b/net/netfilter/xt_SECMARK.c +@@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par) + switch (info->mode) { + case SECMARK_MODE_SEL: + err = checkentry_selinux(info); +- if (err <= 0) ++ if (err) + return err; + break; + +-- +1.7.3.2 + |