diff options
| -rw-r--r-- | kernel.spec | 11 | ||||
| -rw-r--r-- | sources | 2 | ||||
| -rw-r--r-- | xfs-Fix-possible-memory-corruption-in-xfs_readlink.patch | 77 |
3 files changed, 6 insertions, 84 deletions
diff --git a/kernel.spec b/kernel.spec index 5bdb7e21d..60320370a 100644 --- a/kernel.spec +++ b/kernel.spec @@ -54,7 +54,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 2 +%global baserelease 1 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -87,7 +87,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 1 # The git snapshot level -%define gitrev 2 +%define gitrev 3 # Set rpm version accordingly %define rpmversion 3.%{upstream_sublevel}.0 %endif @@ -699,9 +699,6 @@ Patch20000: utrace.patch Patch21000: arm-omap-dt-compat.patch Patch21001: arm-smsc-support-reading-mac-address-from-device-tree.patch -#rhbz 749166 -Patch21050: xfs-Fix-possible-memory-corruption-in-xfs_readlink.patch - Patch21070: oom-fix-integer-overflow-of-points.patch Patch21080: sysfs-msi-irq-per-device.patch @@ -1235,7 +1232,6 @@ ApplyPatch arm-smsc-support-reading-mac-address-from-device-tree.patch # ext4 # xfs -ApplyPatch xfs-Fix-possible-memory-corruption-in-xfs_readlink.patch # btrfs @@ -2057,6 +2053,9 @@ fi # ||----w | # || || %changelog +* Sat Nov 12 2011 Josh Boyer <jwboyer@redhat.com> +- Linux 3.2-rc1-git3 + * Fri Nov 11 2011 Chuck Ebbert <cebbert@redhat.com> - Use the same naming scheme as rawhide for -stable RC kernels (e.g. 3.1.1-0.rc1.1 instead of 3.1.1-1.rc1) @@ -1,3 +1,3 @@ 8d43453f8159b2332ad410b19d86a931 linux-3.1.tar.bz2 c12c4ef15682ca8caa360d013625ea3f patch-3.2-rc1.bz2 -8e934eac3f0e5317b2801c3ef6e9758e patch-3.2-rc1-git2.bz2 +ab4107808a6c22a7ed3058127af416ec patch-3.2-rc1-git3.bz2 diff --git a/xfs-Fix-possible-memory-corruption-in-xfs_readlink.patch b/xfs-Fix-possible-memory-corruption-in-xfs_readlink.patch deleted file mode 100644 index 9e810dba8..000000000 --- a/xfs-Fix-possible-memory-corruption-in-xfs_readlink.patch +++ /dev/null @@ -1,77 +0,0 @@ -X-Spam-Checker-Version: SpamAssassin 3.4.0-r929098 (2010-03-30) on oss.sgi.com -X-Spam-Level: -X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,J_CHICKENPOX_64 - autolearn=no version=3.4.0-r929098 -Received: from cuda.sgi.com (cuda1.sgi.com [192.48.157.11]) - by oss.sgi.com (8.14.3/8.14.3/SuSE Linux 0.8) with ESMTP id p9I1KBVD036341 - for <xfs@oss.sgi.com>; Mon, 17 Oct 2011 20:20:11 -0500 -X-ASG-Debug-ID: 1318901280-3911029d0000-NocioJ -X-Barracuda-URL: http://cuda.sgi.com:80/cgi-bin/mark.cgi -Received: from hades.usersys.redhat.com (localhost [127.0.0.1]) - by cuda.sgi.com (Spam Firewall) with ESMTP id B9D1DF75F0A - for <xfs@oss.sgi.com>; Mon, 17 Oct 2011 18:28:01 -0700 (PDT) -Received: from hades.usersys.redhat.com ([187.60.101.4]) by cuda.sgi.com with ESMTP id 81CuyNdYBqrtvtnD for <xfs@oss.sgi.com>; Mon, 17 Oct 2011 18:28:01 -0700 (PDT) -Received: by hades.usersys.redhat.com (Postfix, from userid 500) - id 5B763E089B; Tue, 18 Oct 2011 02:18:59 -0200 (BRST) -From: Carlos Maiolino <cmaiolino@redhat.com> -To: xfs@oss.sgi.com -Cc: Carlos Maiolino <cmaiolino@redhat.com> -X-ASG-Orig-Subj: [PATCH] Fix possible memory corruption in xfs_readlink -Subject: [PATCH] Fix possible memory corruption in xfs_readlink -Date: Tue, 18 Oct 2011 02:18:58 -0200 -Message-Id: <1318911538-9174-1-git-send-email-cmaiolino@redhat.com> -X-Mailer: git-send-email 1.7.6.2 -X-Barracuda-Connect: UNKNOWN[187.60.101.4] -X-Barracuda-Start-Time: 1318901282 -X-Barracuda-Bayes: INNOCENT GLOBAL 0.0000 1.0000 -2.0210 -X-Barracuda-Virus-Scanned: by cuda.sgi.com at sgi.com -X-Barracuda-Spam-Score: -1.42 -X-Barracuda-Spam-Status: No, SCORE=-1.42 using per-user scores of TAG_LEVEL=2.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=2.1 tests=BSF_SC5_MJ1963, RDNS_NONE -X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.77645 - Rule breakdown below - pts rule name description - ---- ---------------------- -------------------------------------------------- - 0.10 RDNS_NONE Delivered to trusted network by a host with no rDNS - 0.50 BSF_SC5_MJ1963 Custom Rule MJ1963 -X-Virus-Scanned: ClamAV version 0.94.2, clamav-milter version 0.94.2 on oss.sgi.com -X-Virus-Status: Clean - -Fixes a possible memory corruption when the link is larger than -MAXPATHLEN and XFS_DEBUG is not enabled. This also remove the -S_ISLNK assert, since the inode mode is checked previously in -xfs_readlink_by_handle() and via VFS. - -Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com> ---- - fs/xfs/xfs_vnodeops.c | 11 ++++++++--- - 1 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/fs/xfs/xfs_vnodeops.c b/fs/xfs/xfs_vnodeops.c -index 51fc429..c3288be 100644 ---- a/fs/xfs/xfs_vnodeops.c -+++ b/fs/xfs/xfs_vnodeops.c -@@ -123,13 +123,18 @@ xfs_readlink( - - xfs_ilock(ip, XFS_ILOCK_SHARED); - -- ASSERT(S_ISLNK(ip->i_d.di_mode)); -- ASSERT(ip->i_d.di_size <= MAXPATHLEN); -- - pathlen = ip->i_d.di_size; - if (!pathlen) - goto out; - -+ if (pathlen > MAXPATHLEN) { -+ xfs_alert(mp, "%s: inode (%llu) symlink length (%d) too long", -+ __func__, (unsigned long long)ip->i_ino, pathlen); -+ ASSERT(0); -+ return XFS_ERROR(EFSCORRUPTED); -+ } -+ -+ - if (ip->i_df.if_flags & XFS_IFINLINE) { - memcpy(link, ip->i_df.if_u1.if_data, pathlen); - link[pathlen] = '\0'; --- -1.7.6.2 - |