From fedora-cvs-commits at redhat.com Mon Sep 3 12:57:38 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Mon, 3 Sep 2007 08:57:38 -0400 Subject: rpms/fetchmail/FC-6 fetchmail-6.3.6-CVE-2007-4565.patch, NONE, 1.1 fetchmail.spec, 1.49, 1.50 Message-ID: <200709031257.l83CvcTu000823@cvs.devel.redhat.com> Author: vcrhonek Update of /cvs/dist/rpms/fetchmail/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv806 Modified Files: fetchmail.spec Added Files: fetchmail-6.3.6-CVE-2007-4565.patch Log Message: Fix license, Fix fetchmail NULL pointer dereference (CVE-2007-4565) fetchmail-6.3.6-CVE-2007-4565.patch: sink.c | 2 +- 1 files changed, 1 insertion(+), 1 deletion(-) --- NEW FILE fetchmail-6.3.6-CVE-2007-4565.patch --- --- fetchmail-6.3.6/sink.c_old 2007-09-03 12:41:36.000000000 +0200 +++ fetchmail-6.3.6/sink.c 2007-09-03 12:42:53.000000000 +0200 @@ -262,7 +262,7 @@ const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@"; /* don't bounce in reply to undeliverable bounces */ - if (!msg->return_path[0] || + if (!msg || !msg->return_path[0] || strcmp(msg->return_path, "<>") == 0 || strcasecmp(msg->return_path, md1) == 0 || strncasecmp(msg->return_path, md2, strlen(md2)) == 0) Index: fetchmail.spec =================================================================== RCS file: /cvs/dist/rpms/fetchmail/FC-6/fetchmail.spec,v retrieving revision 1.49 retrieving revision 1.50 diff -u -r1.49 -r1.50 --- fetchmail.spec 22 Jan 2007 23:07:47 -0000 1.49 +++ fetchmail.spec 3 Sep 2007 12:57:35 -0000 1.50 @@ -4,14 +4,16 @@ Summary: A remote mail retrieval and forwarding utility Name: fetchmail Version: 6.3.6 -Release: 2%{?dist} +Release: 3%{?dist} Requires: smtpdaemon Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2 Source1: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2.asc Patch0: fetchmail-6.2.5-addrconf.patch Patch1: fetchmail-6.3.6-kpop.patch +Patch2: fetchmail-6.3.6-CVE-2007-4565.patch URL: http://fetchmail.berlios.de/ -License: GPL +# For a breakdown of the licensing, see COPYING +License: GPL+ and GPLv2 and Public Domain Group: Applications/Internet Buildroot: %{_tmppath}/%{name}-%{version}-root BuildRequires: gettext-devel hesiod-devel krb5-devel openssl-devel @@ -48,6 +50,7 @@ %setup -q %patch0 -p1 -b .addrconf %patch1 -p1 -b .kpop +%patch2 -p1 -b .cve_2007_4565 %build %configure --enable-POP3 --enable-IMAP --with-ssl --with-hesiod \ @@ -85,6 +88,11 @@ %endif %changelog +* Mon Sep 3 2007 Vitezslav Crhonek - 6.3.6-3 +- Fix license +- Fix fetchmail NULL pointer dereference (CVE-2007-4565) + Resolves: #260881 + * Mon Jan 22 2007 Miloslav Trmac - 6.3.6-2 - Let KPOP use PASS again Resolves: #223661 From fedora-cvs-commits at redhat.com Tue Sep 4 14:00:32 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 4 Sep 2007 10:00:32 -0400 Subject: rpms/selinux-policy/FC-6 policy-20061106.patch, 1.53, 1.54 policy-apcupsd.patch, 1.3, 1.4 policy-fusermount.patch, 1.4, 1.5 selinux-policy.spec, 1.373, 1.374 Message-ID: <200709041400.l84E0WAq029672@cvs.devel.redhat.com> Author: dwalsh Update of /cvs/dist/rpms/selinux-policy/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv29656 Modified Files: policy-20061106.patch policy-apcupsd.patch policy-fusermount.patch selinux-policy.spec Log Message: * Sat Sep 1 2007 Dan Walsh 2.4.6-88 - Cleanup of fusermount/mount-ntfs and apcupsd to match rawhide - Allow cimserver to create pegasus_data directories Resolves: #213809 - Allow dmidecode to search sysfs_t Resolves: #263141 policy-20061106.patch: Rules.modular | 10 config/appconfig-strict-mcs/seusers | 1 config/appconfig-strict-mls/default_contexts | 6 config/appconfig-strict-mls/seusers | 1 config/appconfig-strict/seusers | 1 man/man8/kerberos_selinux.8 | 2 policy/flask/access_vectors | 21 policy/flask/security_classes | 8 policy/global_tunables | 94 +++- policy/mls | 31 + policy/modules/admin/acct.te | 1 policy/modules/admin/alsa.fc | 3 policy/modules/admin/alsa.te | 15 policy/modules/admin/amanda.if | 17 policy/modules/admin/amanda.te | 11 policy/modules/admin/amtu.fc | 3 policy/modules/admin/amtu.if | 57 ++ policy/modules/admin/amtu.te | 56 ++ policy/modules/admin/backup.te | 5 policy/modules/admin/bootloader.fc | 5 policy/modules/admin/bootloader.te | 15 policy/modules/admin/consoletype.te | 21 policy/modules/admin/ddcprobe.te | 10 policy/modules/admin/dmesg.te | 7 policy/modules/admin/dmidecode.te | 6 policy/modules/admin/firstboot.if | 24 - policy/modules/admin/kudzu.te | 14 policy/modules/admin/logrotate.te | 5 policy/modules/admin/logwatch.te | 22 policy/modules/admin/netutils.te | 19 policy/modules/admin/portage.te | 5 policy/modules/admin/prelink.te | 25 - policy/modules/admin/quota.fc | 7 policy/modules/admin/quota.te | 24 - policy/modules/admin/readahead.te | 2 policy/modules/admin/rpm.fc | 3 policy/modules/admin/rpm.if | 104 ++++ policy/modules/admin/rpm.te | 49 -- policy/modules/admin/su.if | 38 + policy/modules/admin/su.te | 2 policy/modules/admin/sudo.if | 13 policy/modules/admin/tripwire.te | 11 policy/modules/admin/usbmodules.te | 5 policy/modules/admin/usermanage.if | 2 policy/modules/admin/usermanage.te | 58 ++ policy/modules/admin/vbetool.te | 1 policy/modules/admin/vpn.te | 1 policy/modules/apps/ethereal.te | 5 policy/modules/apps/evolution.if | 107 ++++ policy/modules/apps/evolution.te | 1 policy/modules/apps/games.fc | 1 policy/modules/apps/gnome.fc | 2 policy/modules/apps/gnome.if | 108 ++++ policy/modules/apps/gnome.te | 5 policy/modules/apps/gpg.if | 1 policy/modules/apps/java.fc | 2 policy/modules/apps/java.if | 70 +++ policy/modules/apps/java.te | 2 policy/modules/apps/loadkeys.if | 39 - policy/modules/apps/mozilla.if | 208 +++++++-- policy/modules/apps/mplayer.if | 84 +++ policy/modules/apps/mplayer.te | 1 policy/modules/apps/slocate.te | 7 policy/modules/apps/thunderbird.if | 81 +++ policy/modules/apps/userhelper.if | 20 policy/modules/apps/webalizer.te | 6 policy/modules/apps/wine.fc | 1 policy/modules/apps/yam.te | 5 policy/modules/kernel/corecommands.fc | 30 + policy/modules/kernel/corecommands.if | 77 +++ policy/modules/kernel/corenetwork.if.in | 140 ++++++ policy/modules/kernel/corenetwork.te.in | 16 policy/modules/kernel/devices.fc | 11 policy/modules/kernel/devices.if | 56 ++ policy/modules/kernel/devices.te | 8 policy/modules/kernel/domain.if | 80 +++ policy/modules/kernel/domain.te | 26 + policy/modules/kernel/files.fc | 3 policy/modules/kernel/files.if | 279 +++++++++++- policy/modules/kernel/filesystem.if | 62 ++ policy/modules/kernel/filesystem.te | 30 + policy/modules/kernel/kernel.if | 84 +++ policy/modules/kernel/kernel.te | 22 policy/modules/kernel/mls.if | 28 + policy/modules/kernel/mls.te | 6 policy/modules/kernel/storage.fc | 4 policy/modules/kernel/storage.if | 2 policy/modules/kernel/terminal.fc | 2 policy/modules/kernel/terminal.if | 21 policy/modules/kernel/terminal.te | 1 policy/modules/services/aide.fc | 3 policy/modules/services/aide.te | 11 policy/modules/services/amavis.if | 19 policy/modules/services/amavis.te | 4 policy/modules/services/apache.fc | 18 policy/modules/services/apache.if | 157 ++++++ policy/modules/services/apache.te | 61 ++ policy/modules/services/apm.te | 3 policy/modules/services/arpwatch.te | 5 policy/modules/services/audioentropy.te | 4 policy/modules/services/automount.fc | 1 policy/modules/services/automount.te | 15 policy/modules/services/avahi.if | 40 + policy/modules/services/avahi.te | 10 policy/modules/services/bind.fc | 1 policy/modules/services/bind.te | 12 policy/modules/services/bluetooth.te | 10 policy/modules/services/ccs.fc | 1 policy/modules/services/ccs.te | 25 - policy/modules/services/clamav.te | 3 policy/modules/services/courier.te | 1 policy/modules/services/cron.fc | 6 policy/modules/services/cron.if | 105 ++-- policy/modules/services/cron.te | 58 ++ policy/modules/services/cups.fc | 5 policy/modules/services/cups.te | 19 policy/modules/services/cvs.te | 2 policy/modules/services/cyrus.te | 6 policy/modules/services/dbus.fc | 1 policy/modules/services/dbus.if | 66 ++ policy/modules/services/dbus.te | 4 policy/modules/services/dcc.te | 9 policy/modules/services/dhcp.te | 3 policy/modules/services/dovecot.fc | 2 policy/modules/services/dovecot.if | 44 + policy/modules/services/dovecot.te | 73 ++- policy/modules/services/fail2ban.fc | 3 policy/modules/services/fail2ban.if | 80 +++ policy/modules/services/fail2ban.te | 74 +++ policy/modules/services/ftp.te | 21 policy/modules/services/hal.fc | 14 policy/modules/services/hal.if | 160 ++++++ policy/modules/services/hal.te | 177 +++++++ policy/modules/services/inetd.te | 34 + policy/modules/services/irqbalance.te | 4 policy/modules/services/kerberos.if | 25 + policy/modules/services/kerberos.te | 21 policy/modules/services/ktalk.fc | 3 policy/modules/services/ktalk.te | 5 policy/modules/services/lpd.if | 75 ++- policy/modules/services/lpd.te | 5 policy/modules/services/mailman.if | 20 policy/modules/services/mailman.te | 1 policy/modules/services/mta.fc | 1 policy/modules/services/mta.if | 20 policy/modules/services/mta.te | 3 policy/modules/services/munin.te | 5 policy/modules/services/nagios.fc | 6 policy/modules/services/nagios.te | 14 policy/modules/services/networkmanager.fc | 2 policy/modules/services/networkmanager.te | 2 policy/modules/services/nis.fc | 7 policy/modules/services/nis.if | 8 policy/modules/services/nis.te | 39 + policy/modules/services/nscd.if | 20 policy/modules/services/nscd.te | 31 - policy/modules/services/ntp.te | 10 policy/modules/services/oav.te | 5 policy/modules/services/oddjob.te | 5 policy/modules/services/openca.if | 4 policy/modules/services/openca.te | 2 policy/modules/services/openct.te | 2 policy/modules/services/openvpn.te | 20 policy/modules/services/pcscd.fc | 9 policy/modules/services/pcscd.if | 62 ++ policy/modules/services/pcscd.te | 79 +++ policy/modules/services/pegasus.if | 31 + policy/modules/services/pegasus.te | 13 policy/modules/services/portmap.te | 5 policy/modules/services/portslave.te | 1 policy/modules/services/postfix.fc | 2 policy/modules/services/postfix.if | 45 + policy/modules/services/postfix.te | 94 ++++ policy/modules/services/ppp.te | 2 policy/modules/services/procmail.te | 32 + policy/modules/services/pyzor.if | 18 policy/modules/services/pyzor.te | 13 policy/modules/services/radius.te | 3 policy/modules/services/radvd.te | 2 policy/modules/services/rhgb.if | 76 +++ policy/modules/services/rhgb.te | 3 policy/modules/services/ricci.te | 26 + policy/modules/services/rlogin.te | 11 policy/modules/services/rpc.fc | 1 policy/modules/services/rpc.if | 3 policy/modules/services/rpc.te | 27 - policy/modules/services/rshd.te | 1 policy/modules/services/rsync.te | 1 policy/modules/services/samba.fc | 6 policy/modules/services/samba.if | 101 ++++ policy/modules/services/samba.te | 100 +++- policy/modules/services/sasl.te | 14 policy/modules/services/sendmail.if | 22 policy/modules/services/sendmail.te | 22 policy/modules/services/setroubleshoot.if | 20 policy/modules/services/setroubleshoot.te | 2 policy/modules/services/smartmon.te | 1 policy/modules/services/snmp.if | 17 policy/modules/services/snmp.te | 20 policy/modules/services/soundserver.te | 4 policy/modules/services/spamassassin.fc | 5 policy/modules/services/spamassassin.if | 42 + policy/modules/services/spamassassin.te | 26 - policy/modules/services/squid.fc | 2 policy/modules/services/squid.if | 21 policy/modules/services/squid.te | 16 policy/modules/services/ssh.if | 83 +++ policy/modules/services/ssh.te | 14 policy/modules/services/telnet.te | 3 policy/modules/services/tftp.te | 3 policy/modules/services/uucp.fc | 1 policy/modules/services/uucp.if | 67 ++ policy/modules/services/uucp.te | 44 + policy/modules/services/uwimap.te | 1 policy/modules/services/xserver.fc | 2 policy/modules/services/xserver.if | 211 +++++++++ policy/modules/services/xserver.te | 12 policy/modules/system/authlogin.fc | 1 policy/modules/system/authlogin.if | 180 +++++++ policy/modules/system/authlogin.te | 47 +- policy/modules/system/clock.te | 18 policy/modules/system/fstools.fc | 1 policy/modules/system/fstools.if | 19 policy/modules/system/fstools.te | 18 policy/modules/system/getty.te | 14 policy/modules/system/hostname.te | 19 policy/modules/system/init.if | 75 +++ policy/modules/system/init.te | 51 ++ policy/modules/system/ipsec.fc | 5 policy/modules/system/ipsec.if | 99 ++++ policy/modules/system/ipsec.te | 121 +++++ policy/modules/system/iptables.te | 28 - policy/modules/system/libraries.fc | 44 + policy/modules/system/libraries.te | 11 policy/modules/system/locallogin.if | 37 + policy/modules/system/locallogin.te | 11 policy/modules/system/logging.fc | 5 policy/modules/system/logging.if | 61 ++ policy/modules/system/logging.te | 36 + policy/modules/system/lvm.fc | 2 policy/modules/system/lvm.if | 44 + policy/modules/system/lvm.te | 95 +++- policy/modules/system/miscfiles.fc | 3 policy/modules/system/miscfiles.if | 79 +++ policy/modules/system/modutils.te | 38 + policy/modules/system/mount.te | 37 + policy/modules/system/netlabel.te | 10 policy/modules/system/pcmcia.te | 5 policy/modules/system/raid.te | 16 policy/modules/system/selinuxutil.fc | 10 policy/modules/system/selinuxutil.if | 124 +++++ policy/modules/system/selinuxutil.te | 138 ++--- policy/modules/system/sysnetwork.if | 2 policy/modules/system/sysnetwork.te | 14 policy/modules/system/tzdata.fc | 3 policy/modules/system/tzdata.if | 23 policy/modules/system/tzdata.te | 51 ++ policy/modules/system/udev.te | 22 policy/modules/system/unconfined.fc | 4 policy/modules/system/unconfined.if | 22 policy/modules/system/unconfined.te | 23 policy/modules/system/userdomain.if | 622 +++++++++++++++++++++++---- policy/modules/system/userdomain.te | 117 ++--- policy/modules/system/xen.fc | 2 policy/modules/system/xen.if | 64 ++ policy/modules/system/xen.te | 65 ++ policy/support/*Warnings* | 189 ++++++++ policy/support/file_patterns.spt | 534 +++++++++++++++++++++++ policy/support/misc_macros.spt | 8 policy/support/obj_perm_sets.spt | 144 ++++++ 270 files changed, 8331 insertions(+), 842 deletions(-) Index: policy-20061106.patch =================================================================== RCS file: /cvs/dist/rpms/selinux-policy/FC-6/policy-20061106.patch,v retrieving revision 1.53 retrieving revision 1.54 diff -u -r1.53 -r1.54 --- policy-20061106.patch 17 Jul 2007 20:21:05 -0000 1.53 +++ policy-20061106.patch 4 Sep 2007 14:00:29 -0000 1.54 @@ -363,6 +363,62 @@ type acct_data_t; logging_log_file(acct_data_t) +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.4.6/policy/modules/admin/alsa.fc +--- nsaserefpolicy/policy/modules/admin/alsa.fc 2006-11-29 12:04:48.000000000 -0500 ++++ serefpolicy-2.4.6/policy/modules/admin/alsa.fc 2007-08-24 16:06:30.000000000 -0400 +@@ -1,4 +1,7 @@ + + /etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) ++/etc/asound(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) ++/etc/asound\.state gen_context(system_u:object_r:alsa_etc_rw_t,s0) + + /usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0) ++/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0) +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.4.6/policy/modules/admin/alsa.te +--- nsaserefpolicy/policy/modules/admin/alsa.te 2006-11-29 12:04:48.000000000 -0500 ++++ serefpolicy-2.4.6/policy/modules/admin/alsa.te 2007-08-24 16:05:49.000000000 -0400 +@@ -20,19 +20,26 @@ + # Local policy + # + +-allow alsa_t self:capability { setgid setuid ipc_owner }; ++allow alsa_t self:capability { dac_read_search dac_override setgid setuid ipc_owner }; + dontaudit alsa_t self:capability sys_admin; + allow alsa_t self:sem create_sem_perms; + allow alsa_t self:shm create_shm_perms; + allow alsa_t self:unix_stream_socket create_stream_socket_perms; + allow alsa_t self:unix_dgram_socket create_socket_perms; + ++dev_read_sound(alsa_t) ++dev_write_sound(alsa_t) ++ ++files_etc_filetrans(alsa_t, alsa_etc_rw_t, file) + allow alsa_t alsa_etc_rw_t:dir rw_dir_perms; + allow alsa_t alsa_etc_rw_t:file create_file_perms; + allow alsa_t alsa_etc_rw_t:lnk_file create_lnk_perms; + ++files_search_home(alsa_t) + files_read_etc_files(alsa_t) + ++kernel_read_system_state(alsa_t) ++ + term_use_generic_ptys(alsa_t) + term_dontaudit_use_unallocated_ttys(alsa_t) + +@@ -45,7 +52,13 @@ + + userdom_manage_unpriv_user_semaphores(alsa_t) + userdom_manage_unpriv_user_shared_mem(alsa_t) ++userdom_search_generic_user_home_dirs(alsa_t) + + optional_policy(` + nscd_socket_use(alsa_t) + ') ++ ++optional_policy(` ++ hal_use_fds(alsa_t) ++ hal_write_log(alsa_t) ++') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.if serefpolicy-2.4.6/policy/modules/admin/amanda.if --- nsaserefpolicy/policy/modules/admin/amanda.if 2006-11-29 12:04:48.000000000 -0500 +++ serefpolicy-2.4.6/policy/modules/admin/amanda.if 2007-05-22 12:40:26.000000000 -0400 @@ -584,7 +640,7 @@ /sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.4.6/policy/modules/admin/bootloader.te --- nsaserefpolicy/policy/modules/admin/bootloader.te 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/bootloader.te 2007-07-06 09:36:29.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/admin/bootloader.te 2007-08-24 15:55:40.000000000 -0400 @@ -93,6 +93,8 @@ fs_manage_dos_files(bootloader_t) @@ -604,13 +660,14 @@ # new file system defaults to file_t, granting file_t access is still bad. files_manage_isid_type_dirs(bootloader_t) files_manage_isid_type_files(bootloader_t) -@@ -218,3 +217,12 @@ +@@ -218,3 +217,13 @@ userdom_dontaudit_search_staff_home_dirs(bootloader_t) userdom_dontaudit_search_sysadm_home_dirs(bootloader_t) ') + +optional_policy(` + hal_dontaudit_append_lib_files(bootloader_t) ++ hal_write_log(bootloader_t) +') + +optional_policy(` @@ -714,8 +771,16 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmidecode.te serefpolicy-2.4.6/policy/modules/admin/dmidecode.te --- nsaserefpolicy/policy/modules/admin/dmidecode.te 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/dmidecode.te 2007-05-22 12:40:26.000000000 -0400 -@@ -38,3 +38,8 @@ ++++ serefpolicy-2.4.6/policy/modules/admin/dmidecode.te 2007-08-30 10:26:48.000000000 -0400 +@@ -22,6 +22,7 @@ + + # Allow dmidecode to read /dev/mem + dev_read_raw_memory(dmidecode_t) ++dev_search_sysfs(dmidecode_t) + + mls_file_read_up(dmidecode_t) + +@@ -38,3 +39,8 @@ term_use_generic_ptys(dmidecode_t) term_use_unallocated_ttys(dmidecode_t) ') @@ -959,7 +1024,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.4.6/policy/modules/admin/prelink.te --- nsaserefpolicy/policy/modules/admin/prelink.te 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/prelink.te 2007-07-06 11:23:21.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/admin/prelink.te 2007-08-09 14:23:13.000000000 -0400 @@ -18,31 +18,39 @@ type prelink_log_t; logging_log_file(prelink_log_t) @@ -1003,15 +1068,17 @@ corecmd_manage_all_executables(prelink_t) corecmd_relabel_all_executables(prelink_t) -@@ -57,6 +65,7 @@ +@@ -57,6 +65,9 @@ files_write_non_security_dirs(prelink_t) files_read_etc_files(prelink_t) files_read_etc_runtime_files(prelink_t) +files_dontaudit_read_all_symlinks(prelink_t) ++files_manage_usr_files(prelink_t) ++files_relabelfrom_usr_files(prelink_t) fs_getattr_xattr_fs(prelink_t) -@@ -79,11 +88,15 @@ +@@ -79,11 +90,15 @@ ifdef(`targeted_policy',` term_use_unallocated_ttys(prelink_t) term_use_generic_ptys(prelink_t) @@ -1729,6 +1796,15 @@ rpm_rw_pipes(useradd_t) + rpm_dontaudit_rw_tmp_files(useradd_t) ') +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-2.4.6/policy/modules/admin/vbetool.te +--- nsaserefpolicy/policy/modules/admin/vbetool.te 2006-11-29 12:04:49.000000000 -0500 ++++ serefpolicy-2.4.6/policy/modules/admin/vbetool.te 2007-08-24 16:33:16.000000000 -0400 +@@ -32,4 +32,5 @@ + + optional_policy(` + hal_rw_pid_files(vbetool_t) ++ hal_write_log(vbetool_t) + ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-2.4.6/policy/modules/admin/vpn.te --- nsaserefpolicy/policy/modules/admin/vpn.te 2006-11-29 12:04:48.000000000 -0500 +++ serefpolicy-2.4.6/policy/modules/admin/vpn.te 2007-05-22 12:40:26.000000000 -0400 @@ -3722,8 +3798,16 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.4.6/policy/modules/kernel/files.fc --- nsaserefpolicy/policy/modules/kernel/files.fc 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/kernel/files.fc 2007-05-22 12:40:26.000000000 -0400 -@@ -228,6 +228,8 @@ ++++ serefpolicy-2.4.6/policy/modules/kernel/files.fc 2007-08-28 09:44:16.000000000 -0400 +@@ -45,7 +45,6 @@ + /etc -d gen_context(system_u:object_r:etc_t,s0) + /etc/.* gen_context(system_u:object_r:etc_t,s0) + /etc/\.fstab\.hal\..+ -- gen_context(system_u:object_r:etc_runtime_t,s0) +-/etc/asound\.state -- gen_context(system_u:object_r:etc_runtime_t,s0) + /etc/blkid(/.*)? gen_context(system_u:object_r:etc_runtime_t,s0) + /etc/fstab\.REVOKE -- gen_context(system_u:object_r:etc_runtime_t,s0) + /etc/HOSTNAME -- gen_context(system_u:object_r:etc_runtime_t,s0) +@@ -228,6 +227,8 @@ /var/ftp/etc(/.*)? gen_context(system_u:object_r:etc_t,s0) @@ -3734,7 +3818,7 @@ /var/lib/nfs/rpc_pipefs(/.*)? <> diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.4.6/policy/modules/kernel/files.if --- nsaserefpolicy/policy/modules/kernel/files.if 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/kernel/files.if 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/kernel/files.if 2007-08-27 09:58:30.000000000 -0400 @@ -353,8 +353,7 @@ ######################################## @@ -3810,7 +3894,7 @@ allow $1 mountpoint:file { getattr mounton }; ') -@@ -3242,6 +3276,25 @@ +@@ -3242,6 +3276,80 @@ ######################################## ## @@ -3833,10 +3917,65 @@ + +######################################## +## ++## dontaudit Add and remove entries from /usr directories. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`files_dontaudit_rw_usr_dirs',` ++ gen_require(` ++ type usr_t; ++ ') ++ ++ dontaudit $1 usr_t:dir rw_dir_perms; ++') ++ ++######################################## ++## ++## Create, read, write, and delete files in the /usr directory. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`files_manage_usr_files',` ++ gen_require(` ++ type usr_t; ++ ') ++ ++ manage_files_pattern($1, usr_t, usr_t) ++') ++ ++######################################## ++## ++## Relabel a file from the type used in /usr. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`files_relabelfrom_usr_files',` ++ gen_require(` ++ type usr_t; ++ ') ++ ++ relabelfrom_files_pattern($1,usr_t,usr_t) ++') ++ ++ ++######################################## ++## ## Get the attributes of files in /usr. ## ## -@@ -3543,6 +3596,24 @@ +@@ -3543,6 +3651,24 @@ ######################################## ## @@ -3861,7 +4000,7 @@ ## Do not audit attempts to search ## the contents of /var. ## -@@ -3612,7 +3683,7 @@ +@@ -3612,7 +3738,7 @@ type var_t; ') @@ -3870,7 +4009,7 @@ allow $1 var_t:file r_file_perms; ') -@@ -3823,7 +3894,8 @@ +@@ -3823,7 +3949,8 @@ type var_t, var_lib_t; ') @@ -3880,7 +4019,7 @@ allow $1 var_lib_t:file r_file_perms; ') -@@ -4471,14 +4543,16 @@ +@@ -4471,14 +4598,16 @@ type poly_t; ') @@ -3899,7 +4038,7 @@ # Need to give access to the polyinstantiated subdirectories allow $1 polymember:dir search_dir_perms; -@@ -4491,11 +4565,13 @@ +@@ -4491,11 +4620,13 @@ allow $1 self:process setfscreate; allow $1 polymember: dir { create setattr relabelto }; allow $1 polydir: dir { write add_name }; @@ -3914,7 +4053,7 @@ ') ######################################## -@@ -4559,3 +4635,133 @@ +@@ -4559,3 +4690,133 @@ typealias etc_runtime_t alias $1; ') @@ -4239,7 +4378,7 @@ +fs_associate(noxattrfs) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.4.6/policy/modules/kernel/kernel.if --- nsaserefpolicy/policy/modules/kernel/kernel.if 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/kernel/kernel.if 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/kernel/kernel.if 2007-08-29 06:08:16.000000000 -0400 @@ -1855,6 +1855,26 @@ ######################################## @@ -4709,7 +4848,7 @@ ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.4.6/policy/modules/services/apache.fc --- nsaserefpolicy/policy/modules/services/apache.fc 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/apache.fc 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/apache.fc 2007-08-20 15:02:07.000000000 -0400 @@ -21,7 +21,6 @@ /usr/lib/apache-ssl/.+ -- gen_context(system_u:object_r:httpd_exec_t,s0) @@ -4726,7 +4865,7 @@ /var/cache/php-eaccelerator(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) /var/cache/php-mmcache(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) /var/cache/rt3(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) -@@ -75,8 +75,23 @@ +@@ -75,8 +75,24 @@ ifdef(`strict_policy',` /var/spool/cron/apache -- gen_context(system_u:object_r:user_cron_spool_t,s0) ') @@ -4750,6 +4889,7 @@ +/usr/share/bugzilla(/.*)? -d gen_context(system_u:object_r:httpd_bugzilla_content_t,s0) +/usr/share/bugzilla(/.*)? -- gen_context(system_u:object_r:httpd_bugzilla_script_exec_t,s0) +/var/lib/bugzilla(/.*)? gen_context(system_u:object_r:httpd_bugzilla_script_rw_t,s0) ++/var/www/html/[^/]*/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.4.6/policy/modules/services/apache.if --- nsaserefpolicy/policy/modules/services/apache.if 2006-11-29 12:04:51.000000000 -0500 +++ serefpolicy-2.4.6/policy/modules/services/apache.if 2007-05-22 12:40:26.000000000 -0400 @@ -4937,7 +5077,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.4.6/policy/modules/services/apache.te --- nsaserefpolicy/policy/modules/services/apache.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/apache.te 2007-07-03 10:49:14.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/apache.te 2007-08-27 09:58:14.000000000 -0400 @@ -129,7 +129,7 @@ # Apache server local policy # @@ -5019,7 +5159,41 @@ tunable_policy(`httpd_tty_comm',` # cjp: this is redundant: term_use_controlling_term(httpd_helper_t) -@@ -645,7 +662,8 @@ +@@ -515,7 +532,6 @@ + allow httpd_suexec_t self:capability { setuid setgid }; + allow httpd_suexec_t self:process signal_perms; + allow httpd_suexec_t self:unix_stream_socket create_stream_socket_perms; +-allow httpd_suexec_t self:netlink_route_socket r_netlink_socket_perms; + + ifdef(`targeted_policy',` + gen_tunable(httpd_suexec_disable_trans,false) +@@ -537,6 +553,10 @@ + allow httpd_suexec_t httpd_suexec_tmp_t:file create_file_perms; + files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir }) + ++auth_use_nsswitch(httpd_suexec_t) ++ ++can_exec(httpd_suexec_t, httpd_sys_script_exec_t) ++ + kernel_read_kernel_sysctls(httpd_suexec_t) + kernel_list_proc(httpd_suexec_t) + kernel_read_proc_symlinks(httpd_suexec_t) +@@ -628,14 +648,6 @@ + nagios_domtrans_cgi(httpd_suexec_t) + ') + +-optional_policy(` +- nis_use_ypbind(httpd_suexec_t) +-') +- +-optional_policy(` +- nscd_socket_use(httpd_suexec_t) +-') +- + ######################################## + # + # Apache system script local policy +@@ -645,7 +657,8 @@ dontaudit httpd_sys_script_t httpd_config_t:dir search; @@ -5029,7 +5203,7 @@ allow httpd_sys_script_t squirrelmail_spool_t:dir r_dir_perms; allow httpd_sys_script_t squirrelmail_spool_t:file r_file_perms; -@@ -659,6 +677,8 @@ +@@ -659,6 +672,8 @@ # Should we add a boolean? apache_domtrans_rotatelogs(httpd_sys_script_t) @@ -5038,15 +5212,17 @@ ifdef(`distro_redhat',` allow httpd_sys_script_t httpd_log_t:file { getattr append }; ') -@@ -695,6 +715,7 @@ +@@ -694,7 +709,9 @@ + ') optional_policy(` ++ files_dontaudit_rw_usr_dirs(httpd_t) snmp_dontaudit_read_snmp_var_lib_files(httpd_t) + snmp_dontaudit_write_snmp_var_lib_files(httpd_t) ') ######################################## -@@ -704,6 +725,8 @@ +@@ -704,6 +721,8 @@ allow httpd_rotatelogs_t httpd_log_t:dir rw_dir_perms; allow httpd_rotatelogs_t httpd_log_t:file manage_file_perms; @@ -5055,7 +5231,7 @@ kernel_read_kernel_sysctls(httpd_rotatelogs_t) kernel_dontaudit_list_proc(httpd_rotatelogs_t) -@@ -714,9 +737,27 @@ +@@ -714,9 +733,27 @@ libs_use_ld_so(httpd_rotatelogs_t) libs_use_shared_libs(httpd_rotatelogs_t) @@ -5173,7 +5349,7 @@ # /usr diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.4.6/policy/modules/services/automount.te --- nsaserefpolicy/policy/modules/services/automount.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/automount.te 2007-07-01 21:22:12.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/automount.te 2007-08-21 13:39:00.000000000 -0400 @@ -13,8 +13,7 @@ type automount_var_run_t; files_pid_file(automount_var_run_t) @@ -5219,6 +5395,18 @@ dev_read_urand(automount_t) domain_use_interactive_fds(automount_t) +@@ -190,6 +188,11 @@ + ') + + optional_policy(` ++ samba_read_config(automount_t) ++ samba_read_var_files(automount_t) ++') ++ ++optional_policy(` + seutil_sigchld_newrole(automount_t) + ') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-2.4.6/policy/modules/services/avahi.if --- nsaserefpolicy/policy/modules/services/avahi.if 2006-11-29 12:04:49.000000000 -0500 +++ serefpolicy-2.4.6/policy/modules/services/avahi.if 2007-05-22 12:40:26.000000000 -0400 @@ -5320,8 +5508,28 @@ /var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-2.4.6/policy/modules/services/bind.te --- nsaserefpolicy/policy/modules/services/bind.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/bind.te 2007-05-22 12:40:26.000000000 -0400 -@@ -236,6 +236,7 @@ ++++ serefpolicy-2.4.6/policy/modules/services/bind.te 2007-08-20 15:22:49.000000000 -0400 +@@ -159,6 +159,8 @@ + allow named_t named_zone_t:lnk_file create_lnk_perms; + ') + ++auth_use_nsswitch(named_t) ++ + optional_policy(` + gen_require(` + class dbus send_msg; +@@ -180,6 +182,10 @@ + ') + + optional_policy(` ++ kerberos_use(named_t) ++') ++ ++optional_policy(` + # this seems like fds that arent being + # closed. these should probably be + # dontaudits instead. +@@ -236,6 +242,7 @@ corenet_tcp_sendrecv_all_nodes(ndc_t) corenet_tcp_sendrecv_all_ports(ndc_t) corenet_tcp_connect_rndc_port(ndc_t) @@ -5329,7 +5537,7 @@ corenet_sendrecv_rndc_client_packets(ndc_t) fs_getattr_xattr_fs(ndc_t) -@@ -281,3 +282,8 @@ +@@ -281,3 +288,8 @@ optional_policy(` ppp_dontaudit_use_fds(ndc_t) ') @@ -6054,7 +6262,7 @@ corecmd_exec_sbin(cvs_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-2.4.6/policy/modules/services/cyrus.te --- nsaserefpolicy/policy/modules/services/cyrus.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/cyrus.te 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/cyrus.te 2007-08-20 15:53:13.000000000 -0400 @@ -115,6 +115,7 @@ userdom_use_sysadm_ptys(cyrus_t) @@ -6074,6 +6282,14 @@ ldap_stream_connect(cyrus_t) ') +@@ -144,6 +149,7 @@ + + optional_policy(` + snmp_read_snmp_var_lib_files(cyrus_t) ++ snmp_dontaudit_write_snmp_var_lib_files(cyrus_t) + ') + + optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-2.4.6/policy/modules/services/dbus.fc --- nsaserefpolicy/policy/modules/services/dbus.fc 2006-11-29 12:04:49.000000000 -0500 +++ serefpolicy-2.4.6/policy/modules/services/dbus.fc 2007-05-22 12:40:26.000000000 -0400 @@ -6258,8 +6474,8 @@ optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-2.4.6/policy/modules/services/dovecot.fc --- nsaserefpolicy/policy/modules/services/dovecot.fc 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/dovecot.fc 2007-05-22 12:40:26.000000000 -0400 -@@ -21,6 +21,7 @@ ++++ serefpolicy-2.4.6/policy/modules/services/dovecot.fc 2007-07-23 09:13:01.000000000 -0400 +@@ -21,12 +21,14 @@ ifdef(`distro_redhat', ` /usr/libexec/dovecot/dovecot-auth -- gen_context(system_u:object_r:dovecot_auth_exec_t,s0) @@ -6267,6 +6483,13 @@ ') # + # /var + # + /var/run/dovecot(-login)?(/.*)? gen_context(system_u:object_r:dovecot_var_run_t,s0) ++/var/run/dovecot/login/ssl-parameters.dat -- gen_context(system_u:object_r:dovecot_var_lib_t,s0) + + /var/lib/dovecot(/.*)? gen_context(system_u:object_r:dovecot_var_lib_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-2.4.6/policy/modules/services/dovecot.if --- nsaserefpolicy/policy/modules/services/dovecot.if 2006-11-29 12:04:49.000000000 -0500 +++ serefpolicy-2.4.6/policy/modules/services/dovecot.if 2007-05-22 12:40:26.000000000 -0400 @@ -6320,7 +6543,7 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.4.6/policy/modules/services/dovecot.te --- nsaserefpolicy/policy/modules/services/dovecot.te 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/dovecot.te 2007-05-29 09:07:25.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/dovecot.te 2007-08-13 07:14:07.000000000 -0400 @@ -15,6 +15,12 @@ domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t) role system_r types dovecot_auth_t; @@ -6424,7 +6647,7 @@ files_read_usr_symlinks(dovecot_auth_t) files_search_tmp(dovecot_auth_t) files_read_var_lib_files(dovecot_t) -@@ -195,12 +204,45 @@ +@@ -195,12 +204,54 @@ seutil_dontaudit_search_config(dovecot_auth_t) @@ -6449,6 +6672,15 @@ + postfix_create_pivate_sockets(dovecot_auth_t) +') + ++# for gssapi (kerberos) ++userdom_list_unpriv_users_tmp(dovecot_auth_t) ++userdom_read_unpriv_users_tmp_files(dovecot_auth_t) ++userdom_read_unpriv_users_tmp_symlinks(dovecot_auth_t) ++ ++ifdef(`targeted_policy',` ++ files_manage_generic_tmp_files(dovecot_auth_t) ++') ++ +######################################## +# +# dovecot deliver local policy @@ -6740,7 +6972,7 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-2.4.6/policy/modules/services/hal.if --- nsaserefpolicy/policy/modules/services/hal.if 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/hal.if 2007-07-06 09:29:44.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/hal.if 2007-08-24 16:01:18.000000000 -0400 @@ -15,12 +15,44 @@ type hald_t, hald_exec_t; ') @@ -6929,7 +7161,7 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.4.6/policy/modules/services/hal.te --- nsaserefpolicy/policy/modules/services/hal.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/hal.te 2007-07-06 09:29:37.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/hal.te 2007-08-09 14:46:17.000000000 -0400 @@ -1,5 +1,5 @@ -policy_module(hal,1.4.1) @@ -7054,7 +7286,7 @@ fs_list_auto_mountpoints(hald_t) files_getattr_all_mountpoints(hald_t) -@@ -119,19 +161,18 @@ +@@ -119,19 +161,19 @@ auth_use_nsswitch(hald_t) @@ -7066,6 +7298,7 @@ #hal runs shutdown, probably need a shutdown domain init_rw_utmp(hald_t) +init_telinit(hald_t) ++init_dontaudit_use_fds(hald_t) libs_use_ld_so(hald_t) libs_use_shared_libs(hald_t) @@ -7076,7 +7309,7 @@ logging_send_syslog_msg(hald_t) logging_search_logs(hald_t) -@@ -142,6 +183,7 @@ +@@ -142,6 +184,7 @@ seutil_read_config(hald_t) seutil_read_default_contexts(hald_t) @@ -7084,7 +7317,7 @@ sysnet_read_config(hald_t) -@@ -149,12 +191,16 @@ +@@ -149,12 +192,16 @@ userdom_dontaudit_search_sysadm_home_dirs(hald_t) ifdef(`targeted_policy',` @@ -7102,7 +7335,7 @@ bootloader_domtrans(hald_t) ') -@@ -240,3 +286,103 @@ +@@ -240,3 +287,103 @@ optional_policy(` vbetool_domtrans(hald_t) ') @@ -7674,7 +7907,7 @@ ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.4.6/policy/modules/services/mta.te --- nsaserefpolicy/policy/modules/services/mta.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/mta.te 2007-07-11 15:53:52.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/mta.te 2007-09-01 07:19:50.000000000 -0400 @@ -27,6 +27,7 @@ type sendmail_exec_t; @@ -7713,25 +7946,48 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-2.4.6/policy/modules/services/nagios.fc --- nsaserefpolicy/policy/modules/services/nagios.fc 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/nagios.fc 2007-05-29 10:50:25.000000000 -0400 -@@ -5,12 +5,11 @@ ++++ serefpolicy-2.4.6/policy/modules/services/nagios.fc 2007-09-01 07:24:55.000000000 -0400 +@@ -5,12 +5,14 @@ /usr/bin/nrpe -- gen_context(system_u:object_r:nrpe_exec_t,s0) /usr/lib(64)?/cgi-bin/netsaint/.+ -- gen_context(system_u:object_r:nagios_cgi_exec_t,s0) -/usr/lib(64)?/nagios/cgi/.+ -- gen_context(system_u:object_r:nagios_cgi_exec_t,s0) +/usr/lib(64)?/nagios/cgi-bin/.+ -- gen_context(system_u:object_r:nagios_cgi_exec_t,s0) ++/usr/lib(64)?/cgi-bin/nagios(/.+)? gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0) /var/log/nagios(/.*)? gen_context(system_u:object_r:nagios_log_t,s0) /var/log/netsaint(/.*)? gen_context(system_u:object_r:nagios_log_t,s0) ++/var/spool/nagios(/.*)? gen_context(system_u:object_r:nagios_spool_t,s0) ++ ifdef(`distro_debian',` /usr/sbin/nagios -- gen_context(system_u:object_r:nagios_exec_t,s0) -/usr/lib/cgi-bin/nagios/.+ -- gen_context(system_u:object_r:nagios_cgi_exec_t,s0) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-2.4.6/policy/modules/services/nagios.te --- nsaserefpolicy/policy/modules/services/nagios.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/nagios.te 2007-05-29 10:53:31.000000000 -0400 -@@ -75,8 +75,10 @@ ++++ serefpolicy-2.4.6/policy/modules/services/nagios.te 2007-09-01 07:23:11.000000000 -0400 +@@ -26,6 +26,9 @@ + type nagios_var_run_t; + files_pid_file(nagios_var_run_t) + ++type nagios_spool_t; ++files_type(nagios_spool_t) ++ + type nrpe_t; + type nrpe_exec_t; + init_daemon_domain(nrpe_t,nrpe_exec_t) +@@ -62,6 +65,9 @@ + allow nagios_t nagios_var_run_t:dir rw_dir_perms; + files_pid_filetrans(nagios_t,nagios_var_run_t,file) + ++allow nagios_t nagios_spool_t:dir search_dir_perms; ++allow nagios_t nagios_spool_t:fifo_file rw_file_perms; ++ + kernel_read_system_state(nagios_t) + kernel_read_kernel_sysctls(nagios_t) + +@@ -75,8 +81,10 @@ corenet_udp_sendrecv_all_nodes(nagios_t) corenet_tcp_sendrecv_all_ports(nagios_t) corenet_udp_sendrecv_all_ports(nagios_t) @@ -7742,7 +7998,7 @@ domain_use_interactive_fds(nagios_t) # for ps -@@ -120,14 +122,10 @@ +@@ -120,14 +128,10 @@ netutils_domtrans_ping(nagios_t) netutils_signal_ping(nagios_t) netutils_kill_ping(nagios_t) @@ -8036,25 +8292,42 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.4.6/policy/modules/services/ntp.te --- nsaserefpolicy/policy/modules/services/ntp.te 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/ntp.te 2007-07-17 16:18:58.000000000 -0400 -@@ -36,10 +36,12 @@ ++++ serefpolicy-2.4.6/policy/modules/services/ntp.te 2007-08-24 16:30:10.000000000 -0400 +@@ -36,6 +36,7 @@ dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_nice }; allow ntpd_t self:process { signal_perms setcap setsched setrlimit }; allow ntpd_t self:fifo_file { read write getattr }; -+allow ntpd_t self:shm rw_shm_perms; ++allow ntpd_t self:shm create_shm_perms; allow ntpd_t self:unix_dgram_socket create_socket_perms; allow ntpd_t self:unix_stream_socket create_socket_perms; allow ntpd_t self:tcp_socket create_stream_socket_perms; - allow ntpd_t self:udp_socket create_socket_perms; -+allow ntpd_t self:shm create_shm_perms; +@@ -83,6 +84,8 @@ - allow ntpd_t ntp_drift_t:dir rw_dir_perms; - allow ntpd_t ntp_drift_t:file create_file_perms; -@@ -137,6 +139,7 @@ + fs_getattr_all_fs(ntpd_t) + fs_search_auto_mountpoints(ntpd_t) ++# Necessary to communicate with gpsd devices ++fs_rw_tmpfs_files(ntpd_t) + + term_dontaudit_use_console(ntpd_t) + +@@ -118,6 +121,8 @@ + userdom_list_sysadm_home_dirs(ntpd_t) + userdom_dontaudit_list_sysadm_home_dirs(ntpd_t) + ++term_use_ptmx(ntpd_t) ++ + ifdef(`targeted_policy', ` + term_dontaudit_use_unallocated_ttys(ntpd_t) + term_dontaudit_use_generic_ptys(ntpd_t) +@@ -137,6 +142,11 @@ optional_policy(` firstboot_dontaudit_use_fds(ntpd_t) + firstboot_dontaudit_rw_pipes(ntpd_t) ++') ++ ++optional_policy(` ++ hal_dontaudit_write_log(ntpd_t) ') optional_policy(` @@ -8389,8 +8662,8 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.4.6/policy/modules/services/pegasus.te --- nsaserefpolicy/policy/modules/services/pegasus.te 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/pegasus.te 2007-05-22 12:40:26.000000000 -0400 -@@ -30,13 +30,13 @@ ++++ serefpolicy-2.4.6/policy/modules/services/pegasus.te 2007-09-01 07:02:07.000000000 -0400 +@@ -30,20 +30,20 @@ # Local policy # @@ -8406,6 +8679,14 @@ allow pegasus_t self:tcp_socket create_stream_socket_perms; allow pegasus_t pegasus_conf_t:dir rw_dir_perms; + allow pegasus_t pegasus_conf_t:file { r_file_perms link unlink }; + allow pegasus_t pegasus_conf_t:lnk_file r_file_perms; + +-allow pegasus_t pegasus_data_t:dir rw_dir_perms; ++allow pegasus_t pegasus_data_t:dir create_dir_perms; + allow pegasus_t pegasus_data_t:file create_file_perms; + allow pegasus_t pegasus_data_t:lnk_file create_lnk_perms; + type_transition pegasus_t pegasus_conf_t:{ file dir } pegasus_data_t; @@ -100,13 +100,13 @@ auth_use_nsswitch(pegasus_t) @@ -8952,7 +9233,7 @@ ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-2.4.6/policy/modules/services/radius.te --- nsaserefpolicy/policy/modules/services/radius.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/radius.te 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/radius.te 2007-07-23 10:49:52.000000000 -0400 @@ -36,6 +36,7 @@ allow radiusd_t self:unix_stream_socket create_stream_socket_perms; allow radiusd_t self:tcp_socket create_stream_socket_perms; @@ -8969,6 +9250,14 @@ corecmd_exec_bin(radiusd_t) corecmd_exec_shell(radiusd_t) +@@ -104,6 +106,7 @@ + logging_send_syslog_msg(radiusd_t) + + miscfiles_read_localization(radiusd_t) ++miscfiles_read_certs(radiusd_t) + + sysnet_read_config(radiusd_t) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-2.4.6/policy/modules/services/radvd.te --- nsaserefpolicy/policy/modules/services/radvd.te 2006-11-29 12:04:49.000000000 -0500 +++ serefpolicy-2.4.6/policy/modules/services/radvd.te 2007-05-22 12:40:26.000000000 -0400 @@ -9497,7 +9786,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.4.6/policy/modules/services/samba.te --- nsaserefpolicy/policy/modules/services/samba.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/samba.te 2007-07-03 11:14:53.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/samba.te 2007-08-23 17:07:52.000000000 -0400 @@ -10,6 +10,13 @@ type nmbd_exec_t; init_daemon_domain(nmbd_t,nmbd_exec_t) @@ -9580,10 +9869,14 @@ ifdef(`hide_broken_symptoms', ` files_dontaudit_getattr_default_dirs(smbd_t) files_dontaudit_getattr_boot_dirs(smbd_t) -@@ -302,6 +320,10 @@ +@@ -302,6 +320,14 @@ ') optional_policy(` ++ kerberos_read_keytab(smbd_t) ++') ++ ++optional_policy(` + lpd_exec_lpr(smbd_t) +') + @@ -9591,7 +9884,7 @@ cups_read_rw_config(smbd_t) cups_stream_connect(smbd_t) ') -@@ -348,8 +370,8 @@ +@@ -348,8 +374,8 @@ allow nmbd_t samba_etc_t:dir { search getattr }; allow nmbd_t samba_etc_t:file { getattr read }; @@ -9602,7 +9895,7 @@ allow nmbd_t samba_var_t:dir rw_dir_perms; allow nmbd_t samba_var_t:file { lock unlink create write setattr read getattr rename }; -@@ -374,6 +396,7 @@ +@@ -374,6 +400,7 @@ corenet_udp_bind_nmbd_port(nmbd_t) corenet_sendrecv_nmbd_server_packets(nmbd_t) corenet_sendrecv_nmbd_client_packets(nmbd_t) @@ -9610,7 +9903,7 @@ dev_read_sysfs(nmbd_t) dev_getattr_mtrr_dev(nmbd_t) -@@ -387,6 +410,7 @@ +@@ -387,6 +414,7 @@ files_read_usr_files(nmbd_t) files_read_etc_files(nmbd_t) @@ -9618,7 +9911,7 @@ init_use_fds(nmbd_t) init_use_script_ptys(nmbd_t) -@@ -449,6 +473,8 @@ +@@ -449,6 +477,8 @@ allow smbmount_t samba_var_t:file create_file_perms; allow smbmount_t samba_var_t:lnk_file create_lnk_perms; @@ -9627,7 +9920,7 @@ kernel_read_system_state(smbmount_t) corenet_tcp_sendrecv_all_if(smbmount_t) -@@ -502,7 +528,7 @@ +@@ -502,7 +532,7 @@ userdom_use_sysadm_ttys(smbmount_t) optional_policy(` @@ -9636,7 +9929,7 @@ ') optional_policy(` -@@ -522,10 +548,9 @@ +@@ -522,10 +552,9 @@ allow swat_t self:process signal_perms; allow swat_t self:fifo_file rw_file_perms; allow swat_t self:netlink_tcpdiag_socket r_netlink_socket_perms; @@ -9648,7 +9941,7 @@ allow swat_t nmbd_exec_t:file { execute read }; -@@ -533,7 +558,7 @@ +@@ -533,7 +562,7 @@ allow swat_t samba_etc_t:file { getattr write read }; allow swat_t samba_log_t:dir search; @@ -9657,7 +9950,7 @@ allow swat_t smbd_exec_t:file execute ; -@@ -566,9 +591,8 @@ +@@ -566,9 +595,8 @@ corenet_raw_sendrecv_all_nodes(swat_t) corenet_tcp_sendrecv_all_ports(swat_t) corenet_udp_sendrecv_all_ports(swat_t) @@ -9668,7 +9961,7 @@ dev_read_urand(swat_t) -@@ -578,6 +602,7 @@ +@@ -578,6 +606,7 @@ fs_getattr_xattr_fs(swat_t) auth_domtrans_chk_passwd(swat_t) @@ -9676,7 +9969,7 @@ libs_use_ld_so(swat_t) libs_use_shared_libs(swat_t) -@@ -591,6 +616,7 @@ +@@ -591,6 +620,7 @@ optional_policy(` cups_read_rw_config(swat_t) @@ -9684,7 +9977,7 @@ ') optional_policy(` -@@ -614,15 +640,19 @@ +@@ -614,15 +644,19 @@ # Winbind local policy # @@ -9705,7 +9998,7 @@ allow winbind_t samba_etc_t:dir r_dir_perms; allow winbind_t samba_etc_t:lnk_file { getattr read }; allow winbind_t samba_etc_t:file r_file_perms; -@@ -655,6 +685,8 @@ +@@ -655,6 +689,8 @@ kernel_list_proc(winbind_t) kernel_read_proc_symlinks(winbind_t) @@ -9714,7 +10007,7 @@ corenet_tcp_sendrecv_all_if(winbind_t) corenet_udp_sendrecv_all_if(winbind_t) corenet_raw_sendrecv_all_if(winbind_t) -@@ -676,11 +708,14 @@ +@@ -676,11 +712,14 @@ term_dontaudit_use_console(winbind_t) @@ -9729,7 +10022,7 @@ init_use_fds(winbind_t) init_use_script_ptys(winbind_t) -@@ -692,13 +727,13 @@ +@@ -692,13 +731,13 @@ miscfiles_read_localization(winbind_t) @@ -9746,7 +10039,7 @@ ifdef(`targeted_policy', ` term_dontaudit_use_unallocated_ttys(winbind_t) term_dontaudit_use_generic_ptys(winbind_t) -@@ -710,10 +745,6 @@ +@@ -710,10 +749,6 @@ ') optional_policy(` @@ -9757,7 +10050,7 @@ seutil_sigchld_newrole(winbind_t) ') -@@ -743,6 +774,8 @@ +@@ -743,6 +778,8 @@ domain_use_interactive_fds(winbind_helper_t) @@ -9766,7 +10059,7 @@ libs_use_ld_so(winbind_helper_t) libs_use_shared_libs(winbind_helper_t) -@@ -763,3 +796,24 @@ +@@ -763,3 +800,24 @@ squid_read_log(winbind_helper_t) squid_append_log(winbind_helper_t) ') @@ -9887,8 +10180,50 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-2.4.6/policy/modules/services/sendmail.te --- nsaserefpolicy/policy/modules/services/sendmail.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/sendmail.te 2007-05-22 12:40:26.000000000 -0400 -@@ -140,6 +140,10 @@ ++++ serefpolicy-2.4.6/policy/modules/services/sendmail.te 2007-08-29 06:23:45.000000000 -0400 +@@ -32,7 +32,6 @@ + allow sendmail_t self:unix_dgram_socket create_socket_perms; + allow sendmail_t self:tcp_socket create_stream_socket_perms; + allow sendmail_t self:udp_socket create_socket_perms; +-allow sendmail_t self:netlink_route_socket r_netlink_socket_perms; + + allow sendmail_t sendmail_log_t:file create_file_perms; + allow sendmail_t sendmail_log_t:dir { rw_dir_perms setattr }; +@@ -45,6 +44,8 @@ + allow sendmail_t sendmail_var_run_t:file manage_file_perms; + files_pid_filetrans(sendmail_t,sendmail_var_run_t,file) + ++auth_use_nsswitch(sendmail_t) ++ + kernel_read_kernel_sysctls(sendmail_t) + # for piping mail to a command + kernel_read_system_state(sendmail_t) +@@ -93,9 +94,6 @@ + + miscfiles_read_localization(sendmail_t) + +-sysnet_dns_name_resolve(sendmail_t) +-sysnet_read_config(sendmail_t) +- + userdom_dontaudit_use_unpriv_user_fds(sendmail_t) + userdom_dontaudit_search_sysadm_home_dirs(sendmail_t) + +@@ -115,14 +113,6 @@ + ') + + optional_policy(` +- nis_use_ypbind(sendmail_t) +-') +- +-optional_policy(` +- nscd_socket_use(sendmail_t) +-') +- +-optional_policy(` + postfix_exec_master(sendmail_t) + postfix_read_config(sendmail_t) + postfix_search_spool(sendmail_t) +@@ -140,6 +130,10 @@ udev_read_db(sendmail_t) ') @@ -9899,7 +10234,7 @@ ifdef(`TODO',` allow sendmail_t etc_mail_t:dir rw_dir_perms; allow sendmail_t etc_mail_t:file create_file_perms; -@@ -152,9 +156,5 @@ +@@ -152,9 +146,5 @@ # When sendmail runs as user_mail_domain, it needs some extra permissions # to update /etc/mail/statistics. allow user_mail_domain etc_mail_t:file rw_file_perms; @@ -9966,7 +10301,7 @@ storage_raw_write_fixed_disk(fsdaemon_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-2.4.6/policy/modules/services/snmp.if --- nsaserefpolicy/policy/modules/services/snmp.if 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/snmp.if 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/snmp.if 2007-08-20 15:52:57.000000000 -0400 @@ -65,3 +65,20 @@ dontaudit $1 snmpd_var_lib_t:file r_file_perms; dontaudit $1 snmpd_var_lib_t:lnk_file { getattr read }; @@ -9990,8 +10325,16 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-2.4.6/policy/modules/services/snmp.te --- nsaserefpolicy/policy/modules/services/snmp.te 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/snmp.te 2007-05-22 12:40:26.000000000 -0400 -@@ -77,6 +77,7 @@ ++++ serefpolicy-2.4.6/policy/modules/services/snmp.te 2007-08-29 06:10:08.000000000 -0400 +@@ -51,6 +51,7 @@ + + kernel_read_device_sysctls(snmpd_t) + kernel_read_kernel_sysctls(snmpd_t) ++kernel_read_fs_sysctls(snmpd_t) + kernel_read_net_sysctls(snmpd_t) + kernel_read_proc_symlinks(snmpd_t) + kernel_read_system_state(snmpd_t) +@@ -77,6 +78,7 @@ dev_read_sysfs(snmpd_t) dev_read_urand(snmpd_t) dev_read_rand(snmpd_t) @@ -9999,11 +10342,13 @@ domain_use_interactive_fds(snmpd_t) domain_signull_all_domains(snmpd_t) -@@ -87,9 +88,10 @@ +@@ -85,11 +87,10 @@ + files_read_etc_files(snmpd_t) + files_read_usr_files(snmpd_t) files_read_etc_runtime_files(snmpd_t) - files_search_home(snmpd_t) - files_getattr_boot_dirs(snmpd_t) -+files_dontaudit_getattr_home_dir(snmpd_t) +-files_search_home(snmpd_t) +-files_getattr_boot_dirs(snmpd_t) ++files_getattr_all_dirs(snmpd_t) +fs_getattr_all_dirs(snmpd_t) fs_getattr_all_fs(snmpd_t) @@ -10011,7 +10356,7 @@ fs_search_auto_mountpoints(snmpd_t) storage_dontaudit_read_fixed_disk(snmpd_t) -@@ -138,11 +140,12 @@ +@@ -138,11 +139,12 @@ ') optional_policy(` @@ -10026,7 +10371,7 @@ ') optional_policy(` -@@ -150,9 +153,17 @@ +@@ -150,9 +152,17 @@ ') optional_policy(` @@ -10044,6 +10389,20 @@ +optional_policy(` udev_read_db(snmpd_t) ') +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.te serefpolicy-2.4.6/policy/modules/services/soundserver.te +--- nsaserefpolicy/policy/modules/services/soundserver.te 2006-11-29 12:04:49.000000000 -0500 ++++ serefpolicy-2.4.6/policy/modules/services/soundserver.te 2007-08-24 16:10:31.000000000 -0400 +@@ -112,6 +112,10 @@ + ') + + optional_policy(` ++ alsa_domtrans(soundd_t) ++') ++ ++optional_policy(` + seutil_sigchld_newrole(soundd_t) + ') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-2.4.6/policy/modules/services/spamassassin.fc --- nsaserefpolicy/policy/modules/services/spamassassin.fc 2006-11-29 12:04:49.000000000 -0500 +++ serefpolicy-2.4.6/policy/modules/services/spamassassin.fc 2007-06-18 10:50:37.000000000 -0400 @@ -10481,8 +10840,16 @@ optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-2.4.6/policy/modules/services/tftp.te --- nsaserefpolicy/policy/modules/services/tftp.te 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/tftp.te 2007-05-22 12:40:26.000000000 -0400 -@@ -54,6 +54,8 @@ ++++ serefpolicy-2.4.6/policy/modules/services/tftp.te 2007-08-22 08:29:04.000000000 -0400 +@@ -26,6 +26,7 @@ + allow tftpd_t self:udp_socket create_socket_perms; + allow tftpd_t self:unix_dgram_socket create_socket_perms; + allow tftpd_t self:unix_stream_socket create_stream_socket_perms; ++allow tftpd_t self:netlink_route_socket r_netlink_socket_perms; + dontaudit tftpd_t self:capability sys_tty_config; + + allow tftpd_t tftpdir_t:dir { getattr read search }; +@@ -54,6 +55,8 @@ dev_read_sysfs(tftpd_t) @@ -11313,7 +11680,7 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.4.6/policy/modules/system/authlogin.te --- nsaserefpolicy/policy/modules/system/authlogin.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/authlogin.te 2007-06-04 11:28:31.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/authlogin.te 2007-08-07 09:22:58.000000000 -0400 @@ -9,6 +9,13 @@ attribute can_read_shadow_passwords; attribute can_write_shadow_passwords; @@ -11328,7 +11695,18 @@ type chkpwd_exec_t; corecmd_executable_file(chkpwd_exec_t) -@@ -141,6 +148,7 @@ +@@ -98,7 +105,9 @@ + + kernel_read_system_state(pam_t) + +-fs_search_auto_mountpoints(pam_t) ++fs_list_auto_mountpoints(pam_console_t) ++fs_list_noxattr_fs(pam_console_t) ++fs_getattr_all_fs(pam_console_t) + + term_use_all_user_ttys(pam_t) + term_use_all_user_ptys(pam_t) +@@ -141,6 +150,7 @@ allow pam_console_t pam_var_console_t:lnk_file { getattr read }; allow pam_console_t pam_var_console_t:file r_file_perms; dontaudit pam_console_t pam_var_console_t:file write; @@ -11336,7 +11714,7 @@ kernel_read_kernel_sysctls(pam_console_t) kernel_use_fds(pam_console_t) -@@ -162,6 +170,8 @@ +@@ -162,6 +172,8 @@ dev_setattr_mouse_dev(pam_console_t) dev_getattr_power_mgmt_dev(pam_console_t) dev_setattr_power_mgmt_dev(pam_console_t) @@ -11345,7 +11723,7 @@ dev_getattr_scanner_dev(pam_console_t) dev_setattr_scanner_dev(pam_console_t) dev_getattr_sound_dev(pam_console_t) -@@ -172,8 +182,6 @@ +@@ -172,8 +184,6 @@ dev_setattr_xserver_misc_dev(pam_console_t) dev_read_urand(pam_console_t) @@ -11354,7 +11732,7 @@ mls_file_read_up(pam_console_t) mls_file_write_down(pam_console_t) -@@ -203,6 +211,7 @@ +@@ -203,6 +213,7 @@ files_read_etc_runtime_files(pam_console_t) fs_list_auto_mountpoints(pam_console_t) @@ -11362,7 +11740,7 @@ init_use_fds(pam_console_t) init_use_script_ptys(pam_console_t) -@@ -252,7 +261,7 @@ +@@ -252,7 +263,7 @@ # System check password local policy # @@ -11371,7 +11749,7 @@ allow system_chkpwd_t shadow_t:file { getattr read }; -@@ -265,6 +274,7 @@ +@@ -265,6 +276,7 @@ userdom_dontaudit_use_unpriv_users_ttys(system_chkpwd_t) userdom_dontaudit_use_unpriv_users_ptys(system_chkpwd_t) @@ -11379,7 +11757,7 @@ ######################################## # -@@ -306,3 +316,30 @@ +@@ -306,3 +318,30 @@ xserver_use_xdm_fds(utempter_t) xserver_rw_xdm_pipes(utempter_t) ') @@ -11489,7 +11867,7 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.4.6/policy/modules/system/fstools.te --- nsaserefpolicy/policy/modules/system/fstools.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/fstools.te 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/fstools.te 2007-08-21 13:50:28.000000000 -0400 @@ -9,7 +9,7 @@ type fsadm_t; type fsadm_exec_t; @@ -11517,7 +11895,7 @@ kernel_read_system_state(fsadm_t) kernel_read_kernel_sysctls(fsadm_t) -@@ -190,3 +190,8 @@ +@@ -190,3 +190,15 @@ fs_dontaudit_write_ramfs_pipes(fsadm_t) rhgb_stub(fsadm_t) ') @@ -11526,6 +11904,13 @@ + ssh_sigchld(fsadm_t) + ssh_rw_stream_sockets(fsadm_t) +') ++ ++optional_policy(` ++ xen_append_log(fsadm_t) ++ xen_rw_image_files(fsadm_t) ++') ++ ++fs_manage_nfs_files(fsadm_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-2.4.6/policy/modules/system/getty.te --- nsaserefpolicy/policy/modules/system/getty.te 2006-11-29 12:04:51.000000000 -0500 +++ serefpolicy-2.4.6/policy/modules/system/getty.te 2007-05-22 12:40:26.000000000 -0400 @@ -11603,8 +11988,24 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.4.6/policy/modules/system/init.if --- nsaserefpolicy/policy/modules/system/init.if 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/init.if 2007-06-07 15:57:22.000000000 -0400 -@@ -221,11 +221,14 @@ ++++ serefpolicy-2.4.6/policy/modules/system/init.if 2007-08-10 16:25:06.000000000 -0400 +@@ -110,6 +110,15 @@ + + role system_r types $1; + ++ # daemons started from init will ++ # inherit fds from init for the console ++ init_dontaudit_use_fds($1) ++ term_dontaudit_use_console($1) ++ ++ # init script ptys are the stdin/out/err ++ # when using run_init ++ init_use_script_ptys($1) ++ + ifdef(`direct_sysadm_daemon',` + domain_auto_trans(direct_run_init,$2,$1) + +@@ -221,11 +230,14 @@ gen_require(` type initrc_t; role system_r; @@ -11619,7 +12020,7 @@ role system_r types $1; domain_auto_trans(initrc_t,$2,$1) -@@ -518,6 +521,7 @@ +@@ -518,6 +530,7 @@ dev_list_all_dev_nodes($1) allow $1 initctl_t:fifo_file rw_file_perms; @@ -11627,7 +12028,7 @@ ') ######################################## -@@ -1290,7 +1294,7 @@ +@@ -1290,7 +1303,7 @@ type initrc_var_run_t; ') @@ -11636,7 +12037,7 @@ ') ######################################## -@@ -1311,3 +1315,63 @@ +@@ -1311,3 +1324,63 @@ files_search_pids($1) allow $1 initrc_var_run_t:file create_file_perms; ') @@ -12139,8 +12540,17 @@ +dev_read_urand(racoon_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-2.4.6/policy/modules/system/iptables.te --- nsaserefpolicy/policy/modules/system/iptables.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/iptables.te 2007-05-29 12:04:33.000000000 -0400 -@@ -52,11 +52,12 @@ ++++ serefpolicy-2.4.6/policy/modules/system/iptables.te 2007-07-19 09:15:39.000000000 -0400 +@@ -37,6 +37,8 @@ + + allow iptables_t self:rawip_socket create_socket_perms; + ++auth_use_nsswitch(iptables_t) ++ + kernel_read_system_state(iptables_t) + kernel_read_network_state(iptables_t) + kernel_read_kernel_sysctls(iptables_t) +@@ -52,11 +54,12 @@ mls_file_read_up(iptables_t) @@ -12154,7 +12564,7 @@ init_use_fds(iptables_t) init_use_script_ptys(iptables_t) -@@ -78,14 +79,23 @@ +@@ -78,23 +81,23 @@ userdom_use_all_users_fds(iptables_t) ifdef(`targeted_policy', ` @@ -12164,24 +12574,28 @@ + term_use_generic_ptys(iptables_t) files_dontaudit_read_root_files(iptables_t) + unconfined_rw_pipes(iptables_t) -+') -+ -+optional_policy(` -+ nscd_socket_use(iptables_t) -+') -+ -+optional_policy(` -+ fail2ban_append_log(iptables_t) ') optional_policy(` - firstboot_use_fds(iptables_t) +- firstboot_use_fds(iptables_t) - firstboot_write_pipes(iptables_t) ++ fail2ban_append_log(iptables_t) + ') + + optional_policy(` +- modutils_domtrans_insmod(iptables_t) ++ firstboot_use_fds(iptables_t) + firstboot_rw_pipes(iptables_t) ') optional_policy(` -@@ -104,3 +114,12 @@ +- # for iptables -L +- nis_use_ypbind(iptables_t) ++ modutils_domtrans_insmod(iptables_t) + ') + + optional_policy(` +@@ -104,3 +107,12 @@ optional_policy(` udev_read_db(iptables_t) ') @@ -12196,18 +12610,19 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.4.6/policy/modules/system/libraries.fc --- nsaserefpolicy/policy/modules/system/libraries.fc 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/libraries.fc 2007-05-22 12:40:26.000000000 -0400 -@@ -79,6 +79,9 @@ ++++ serefpolicy-2.4.6/policy/modules/system/libraries.fc 2007-08-07 09:12:46.000000000 -0400 +@@ -79,6 +79,10 @@ /opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /opt/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:shlib_t,s0) /opt/(.*/)?jre/.+\.jar -- gen_context(system_u:object_r:shlib_t,s0) -+/opt/ibm/java2-ppc64-50/jre/bin/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) ++/opt/ibm/java.*/jre/.+\.jar -- gen_context(system_u:object_r:lib_t,s0) ++/opt/ibm/java.*/jre/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/cxoffice/lib/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/f-secure/fspms/libexec/librapi.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) ifdef(`distro_gentoo',` # despite the extensions, they are actually libs -@@ -129,27 +132,36 @@ +@@ -129,27 +133,36 @@ /usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/win32/.* -- gen_context(system_u:object_r:shlib_t,s0) @@ -12246,7 +12661,7 @@ /usr/X11R6/lib/libGL\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/X11R6/lib/libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -157,6 +169,7 @@ +@@ -157,6 +170,7 @@ /usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/xorg/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/xorg/modules/drivers/fglrx_drv\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -12254,7 +12669,7 @@ /usr/lib(64)?/xorg/modules/extensions/nvidia(-[^/]*)?/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) ifdef(`distro_redhat',` -@@ -167,19 +180,15 @@ +@@ -167,19 +181,15 @@ # Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv # HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php @@ -12278,7 +12693,7 @@ /usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -243,9 +252,13 @@ +@@ -243,9 +253,13 @@ /usr/lib(64)?/libmp3lame\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) # Flash plugin, Macromedia @@ -12292,7 +12707,7 @@ # Jai, Sun Microsystems (Jpackage SPRM) /usr/lib(64)?/libmlib_jai\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -258,10 +271,9 @@ +@@ -258,10 +272,9 @@ /usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) # Java, Sun Microsystems (JPackage SRPM) @@ -12306,7 +12721,7 @@ /usr/(local/)?Adobe/(.*/)?intellinux/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(local/)?Adobe/(.*/)?intellinux/sidecars/* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -300,3 +312,6 @@ +@@ -300,3 +313,6 @@ /var/spool/postfix/lib(64)?/lib.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0) /var/spool/postfix/lib(64)?/[^/]*/lib.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0) /var/spool/postfix/lib(64)?/devfsd/.+\.so.* -- gen_context(system_u:object_r:shlib_t,s0) @@ -12514,8 +12929,8 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.4.6/policy/modules/system/logging.te --- nsaserefpolicy/policy/modules/system/logging.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/logging.te 2007-05-22 12:40:26.000000000 -0400 -@@ -53,9 +53,11 @@ ++++ serefpolicy-2.4.6/policy/modules/system/logging.te 2007-08-28 13:43:27.000000000 -0400 +@@ -53,18 +53,19 @@ type var_log_t; logging_log_file(var_log_t) @@ -12527,17 +12942,26 @@ ') ######################################## -@@ -63,8 +65,7 @@ - # Auditd local policy + # +-# Auditd local policy ++# Auditctl local policy # -allow auditctl_t self:capability { audit_write audit_control }; -allow auditctl_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay nlmsg_readpriv }; -+allow auditctl_t self:capability fsetid; ++allow auditctl_t self:capability { fsetid dac_read_search dac_override }; libs_use_ld_so(auditctl_t) libs_use_shared_libs(auditctl_t) -@@ -93,6 +94,7 @@ +@@ -76,6 +77,7 @@ + + # Needed for adding watches + files_getattr_all_dirs(auditctl_t) ++files_getattr_all_files(auditctl_t) + files_read_etc_files(auditctl_t) + + kernel_read_kernel_sysctls(auditctl_t) +@@ -93,6 +95,7 @@ locallogin_dontaudit_use_fds(auditctl_t) @@ -12545,7 +12969,7 @@ logging_send_syslog_msg(auditctl_t) ifdef(`targeted_policy',` -@@ -105,12 +107,11 @@ +@@ -105,12 +108,11 @@ # Auditd local policy # @@ -12559,7 +12983,7 @@ allow auditd_t self:fifo_file rw_file_perms; allow auditd_t auditd_etc_t:dir r_dir_perms; -@@ -156,6 +157,7 @@ +@@ -156,6 +158,7 @@ init_write_initctl(auditd_t) init_dontaudit_use_script_ptys(auditd_t) @@ -12567,7 +12991,7 @@ logging_send_syslog_msg(auditd_t) libs_use_ld_so(auditd_t) -@@ -275,7 +277,7 @@ +@@ -275,7 +278,7 @@ allow syslogd_t self:unix_dgram_socket sendto; allow syslogd_t self:fifo_file rw_file_perms; allow syslogd_t self:udp_socket create_socket_perms; @@ -12576,7 +13000,7 @@ # Create and bind to /dev/log or /var/run/log. allow syslogd_t devlog_t:sock_file create_file_perms; files_pid_filetrans(syslogd_t,devlog_t,sock_file) -@@ -311,6 +313,10 @@ +@@ -311,6 +314,10 @@ fs_search_auto_mountpoints(syslogd_t) @@ -12587,7 +13011,7 @@ term_write_console(syslogd_t) # Allow syslog to a terminal term_write_unallocated_ttys(syslogd_t) -@@ -326,6 +332,18 @@ +@@ -326,6 +333,18 @@ corenet_udp_sendrecv_all_ports(syslogd_t) corenet_udp_bind_all_nodes(syslogd_t) corenet_udp_bind_syslogd_port(syslogd_t) @@ -12606,7 +13030,7 @@ # syslog-ng can send or receive logs corenet_sendrecv_syslogd_client_packets(syslogd_t) corenet_sendrecv_syslogd_server_packets(syslogd_t) -@@ -398,3 +416,8 @@ +@@ -398,3 +417,8 @@ # log to the xconsole xserver_rw_console(syslogd_t) ') @@ -13032,7 +13456,7 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.4.6/policy/modules/system/modutils.te --- nsaserefpolicy/policy/modules/system/modutils.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/modutils.te 2007-07-10 12:27:12.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/modutils.te 2007-08-24 16:32:10.000000000 -0400 @@ -54,6 +54,8 @@ can_exec(insmod_t, insmod_exec_t) @@ -13042,7 +13466,7 @@ kernel_load_module(insmod_t) kernel_read_system_state(insmod_t) kernel_write_proc_files(insmod_t) -@@ -117,10 +119,6 @@ +@@ -117,15 +119,23 @@ kernel_domtrans_to(insmod_t,insmod_exec_t) } @@ -13053,7 +13477,24 @@ ifdef(`targeted_policy',` unconfined_domain(insmod_t) ') -@@ -142,9 +140,16 @@ + + optional_policy(` ++ alsa_domtrans(insmod_t) ++') ++ ++optional_policy(` ++ firstboot_dontaudit_rw_pipes(insmod_t) ++') ++ ++optional_policy(` ++ hal_write_log(insmod_t) ++') ++ ++optional_policy(` + hotplug_search_config(insmod_t) + ') + +@@ -142,9 +152,16 @@ ') optional_policy(` @@ -13070,7 +13511,7 @@ ifdef(`hide_broken_symptoms',` xserver_dontaudit_rw_xdm_xserver_tcp_sockets(insmod_t) -@@ -153,6 +158,7 @@ +@@ -153,6 +170,7 @@ optional_policy(` rpm_rw_pipes(insmod_t) @@ -13078,7 +13519,7 @@ ') optional_policy(` -@@ -179,6 +185,7 @@ +@@ -179,6 +197,7 @@ files_read_kernel_symbol_table(depmod_t) files_read_kernel_modules(depmod_t) @@ -13086,7 +13527,7 @@ fs_getattr_xattr_fs(depmod_t) -@@ -209,6 +216,8 @@ +@@ -209,6 +228,8 @@ ifdef(`targeted_policy', ` term_use_unallocated_ttys(depmod_t) term_use_generic_ptys(depmod_t) @@ -13095,7 +13536,7 @@ ') optional_policy(` -@@ -289,3 +298,12 @@ +@@ -289,3 +310,12 @@ term_use_generic_ptys(update_modules_t) term_use_unallocated_ttys(update_modules_t) ') @@ -13110,7 +13551,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.4.6/policy/modules/system/mount.te --- nsaserefpolicy/policy/modules/system/mount.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/mount.te 2007-07-01 20:54:25.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/mount.te 2007-08-24 16:32:46.000000000 -0400 @@ -9,6 +9,7 @@ type mount_t; type mount_exec_t; @@ -13203,6 +13644,16 @@ ######################################## # # Unconfined mount local policy +@@ -193,3 +202,9 @@ + files_etc_filetrans_etc_runtime(unconfined_mount_t,file) + unconfined_domain(unconfined_mount_t) + ') ++ ++optional_policy(` ++ hal_write_log(mount_t) ++ hal_use_fds(mount_t) ++ hal_rw_pipes(mount_t) ++') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlabel.te serefpolicy-2.4.6/policy/modules/system/netlabel.te --- nsaserefpolicy/policy/modules/system/netlabel.te 2006-11-29 12:04:51.000000000 -0500 +++ serefpolicy-2.4.6/policy/modules/system/netlabel.te 2007-05-22 12:40:26.000000000 -0400 @@ -13766,7 +14217,7 @@ ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.4.6/policy/modules/system/sysnetwork.te --- nsaserefpolicy/policy/modules/system/sysnetwork.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/sysnetwork.te 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/sysnetwork.te 2007-08-22 08:37:23.000000000 -0400 @@ -175,6 +175,8 @@ dbus_connect_system_bus(dhcpc_t) dbus_send_system_bus(dhcpc_t) @@ -13776,7 +14227,15 @@ optional_policy(` networkmanager_dbus_chat(dhcpc_t) ') -@@ -280,6 +282,7 @@ +@@ -270,6 +272,7 @@ + allow ifconfig_t self:sem create_sem_perms; + allow ifconfig_t self:msgq create_msgq_perms; + allow ifconfig_t self:msg { send receive }; ++allow ifconfig_t net_conf_t:file r_file_perms; + + # Create UDP sockets, necessary when called from dhcpc + allow ifconfig_t self:udp_socket create_socket_perms; +@@ -280,6 +283,7 @@ allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read }; allow ifconfig_t self:tcp_socket { create ioctl }; files_read_etc_files(ifconfig_t); @@ -13784,7 +14243,7 @@ kernel_use_fds(ifconfig_t) kernel_read_system_state(ifconfig_t) -@@ -333,6 +336,9 @@ +@@ -333,6 +337,9 @@ ifdef(`targeted_policy',` term_use_generic_ptys(ifconfig_t) term_use_unallocated_ttys(ifconfig_t) @@ -13794,7 +14253,7 @@ ') optional_policy(` -@@ -353,3 +359,10 @@ +@@ -353,3 +360,10 @@ xen_append_log(ifconfig_t) xen_dontaudit_rw_unix_stream_sockets(ifconfig_t) ') @@ -13974,7 +14433,7 @@ ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.4.6/policy/modules/system/unconfined.if --- nsaserefpolicy/policy/modules/system/unconfined.if 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/unconfined.if 2007-06-22 11:15:09.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/unconfined.if 2007-08-15 06:19:32.000000000 -0400 @@ -31,6 +31,7 @@ allow $1 self:nscd *; allow $1 self:dbus *; @@ -14017,7 +14476,7 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.4.6/policy/modules/system/unconfined.te --- nsaserefpolicy/policy/modules/system/unconfined.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/unconfined.te 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/unconfined.te 2007-08-29 06:26:03.000000000 -0400 @@ -48,6 +48,10 @@ userdom_priveleged_home_dir_manager(unconfined_t) @@ -15205,7 +15664,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.4.6/policy/modules/system/xen.fc --- nsaserefpolicy/policy/modules/system/xen.fc 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/xen.fc 2007-05-22 12:40:26.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/xen.fc 2007-08-29 23:03:13.000000000 -0400 @@ -8,6 +8,7 @@ /usr/sbin/xm -- gen_context(system_u:object_r:xm_exec_t,s0) @@ -15214,9 +15673,17 @@ /var/lib/xend(/.*)? gen_context(system_u:object_r:xend_var_lib_t,s0) /var/lib/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_lib_t,s0) +@@ -17,6 +18,7 @@ + /var/log/xend-debug\.log -- gen_context(system_u:object_r:xend_var_log_t,s0) + + /var/run/xenconsoled\.pid -- gen_context(system_u:object_r:xenconsoled_var_run_t,s0) ++/var/run/libvirt(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0) + /var/run/xend(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0) + /var/run/xend\.pid -- gen_context(system_u:object_r:xend_var_run_t,s0) + /var/run/xenstore\.pid -- gen_context(system_u:object_r:xenstored_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.4.6/policy/modules/system/xen.if --- nsaserefpolicy/policy/modules/system/xen.if 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/xen.if 2007-06-15 13:12:08.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/xen.if 2007-07-25 10:36:53.000000000 -0400 @@ -77,6 +77,7 @@ ') @@ -15225,7 +15692,7 @@ allow $1 xend_var_log_t:file { getattr append }; dontaudit $1 xend_var_log_t:file write; ') -@@ -163,3 +164,46 @@ +@@ -163,3 +164,66 @@ allow xm_t $1:fifo_file rw_file_perms; allow xm_t $1:process sigchld; ') @@ -15272,9 +15739,29 @@ + allow $1 xend_var_lib_t:dir search_dir_perms; + read_files_pattern($1,xen_image_t,xen_image_t) +') ++######################################## ++## ++## Allow the specified domain to read/write ++## xend image files. ++## ++## ++## ++## Domain allowed to transition. ++## ++## ++# ++interface(`xen_rw_image_files',` ++ gen_require(` ++ type xen_image_t, xend_var_lib_t; ++ ') ++ ++ files_list_var_lib($1) ++ allow $1 xend_var_lib_t:dir search_dir_perms; ++ rw_files_pattern($1,xen_image_t,xen_image_t) ++') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.4.6/policy/modules/system/xen.te --- nsaserefpolicy/policy/modules/system/xen.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/xen.te 2007-06-15 13:12:32.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/xen.te 2007-08-10 16:23:05.000000000 -0400 @@ -20,12 +20,15 @@ type xenctl_t; files_type(xenctl_t) @@ -15373,7 +15860,7 @@ netutils_domtrans(xend_t) optional_policy(` -@@ -236,6 +255,10 @@ +@@ -236,19 +255,24 @@ files_read_usr_files(xenconsoled_t) @@ -15384,7 +15871,13 @@ term_create_pty(xenconsoled_t,xen_devpts_t); term_use_generic_ptys(xenconsoled_t) term_use_console(xenconsoled_t) -@@ -248,7 +271,7 @@ + + init_use_fds(xenconsoled_t) + init_use_script_ptys(xenconsoled_t) ++init_use_script_fds(xenconsoled_t) + + libs_use_ld_so(xenconsoled_t) + libs_use_shared_libs(xenconsoled_t) miscfiles_read_localization(xenconsoled_t) @@ -15393,7 +15886,7 @@ xen_stream_connect_xenstore(xenconsoled_t) ######################################## -@@ -283,6 +306,12 @@ +@@ -283,6 +307,12 @@ files_read_usr_files(xenstored_t) @@ -15406,7 +15899,13 @@ term_use_generic_ptys(xenstored_t) term_use_console(xenconsoled_t) -@@ -317,6 +346,11 @@ +@@ -312,11 +342,17 @@ + + allow xm_t xend_var_lib_t:dir rw_dir_perms; + allow xm_t xend_var_lib_t:fifo_file create_file_perms; ++allow xm_t xend_var_lib_t:sock_file create_file_perms; + allow xm_t xend_var_lib_t:file create_file_perms; + files_search_var_lib(xm_t) allow xm_t xen_image_t:dir rw_dir_perms; allow xm_t xen_image_t:file r_file_perms; @@ -15418,15 +15917,18 @@ kernel_read_system_state(xm_t) kernel_read_kernel_sysctls(xm_t) -@@ -325,6 +359,7 @@ +@@ -325,7 +361,10 @@ corecmd_exec_bin(xm_t) corecmd_exec_sbin(xm_t) +corecmd_exec_sbin(xm_t) ++corecmd_exec_shell(xm_t) ++corenet_non_ipsec_sendrecv(xm_t) corenet_tcp_sendrecv_generic_if(xm_t) corenet_tcp_sendrecv_all_nodes(xm_t) -@@ -353,3 +388,17 @@ + corenet_tcp_connect_soundd_port(xm_t) +@@ -353,3 +392,17 @@ xen_append_log(xm_t) xen_stream_connect(xm_t) xen_stream_connect_xenstore(xm_t) policy-apcupsd.patch: apcupsd.fc | 10 +++++ apcupsd.if | 108 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ apcupsd.te | 122 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 240 insertions(+) Index: policy-apcupsd.patch =================================================================== RCS file: /cvs/dist/rpms/selinux-policy/FC-6/policy-apcupsd.patch,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- policy-apcupsd.patch 20 Apr 2007 15:31:18 -0000 1.3 +++ policy-apcupsd.patch 4 Sep 2007 14:00:30 -0000 1.4 @@ -1,6 +1,7 @@ ---- serefpolicy-2.4.6/policy/modules/services/apcupsd.te.apcupsd 2007-04-10 14:44:39.000000000 -0400 -+++ serefpolicy-2.4.6/policy/modules/services/apcupsd.te 2007-04-20 09:22:51.000000000 -0400 -@@ -0,0 +1,92 @@ +diff -up /dev/null serefpolicy-2.4.6/policy/modules/services/apcupsd.te +--- /dev/null 2007-09-02 13:37:21.567001794 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/apcupsd.te 2007-09-04 09:40:59.000000000 -0400 +@@ -0,0 +1,122 @@ +policy_module(apcupsd,1.0.0) + +######################################## @@ -10,7 +11,6 @@ + +type apcupsd_t; +type apcupsd_exec_t; -+domain_type(apcupsd_t) +init_daemon_domain(apcupsd_t, apcupsd_exec_t) + +type apcupsd_lock_t; @@ -19,6 +19,9 @@ +type apcupsd_log_t; +logging_log_file(apcupsd_log_t) + ++type apcupsd_tmp_t; ++files_tmp_file(apcupsd_tmp_t) ++ +type apcupsd_var_run_t; +files_pid_file(apcupsd_var_run_t) + @@ -30,46 +33,74 @@ +# Init script handling +init_use_fds(apcupsd_t) +init_use_script_ptys(apcupsd_t) -+domain_use_interactive_fds(apcupsd_t) + ++allow apcupsd_t self:capability { dac_override setgid sys_tty_config }; +allow apcupsd_t self:process signal; +allow apcupsd_t self:fifo_file rw_file_perms; +allow apcupsd_t self:unix_stream_socket create_stream_socket_perms; +allow apcupsd_t self:tcp_socket create_stream_socket_perms; + -+corenet_tcp_bind_apcupsd_port(apcupsd_t) -+corenet_tcp_bind_all_nodes(apcupsd_t) ++allow apcupsd_t apcupsd_lock_t:file manage_file_perms; ++files_lock_filetrans(apcupsd_t,apcupsd_lock_t,file) ++ ++allow apcupsd_t apcupsd_log_t:dir setattr; ++manage_files_pattern(apcupsd_t,apcupsd_log_t,apcupsd_log_t) ++logging_log_filetrans(apcupsd_t,apcupsd_log_t,{ file dir }) ++ ++manage_files_pattern(apcupsd_t,apcupsd_tmp_t,apcupsd_tmp_t) ++files_tmp_filetrans(apcupsd_t,apcupsd_tmp_t,file) ++ ++manage_files_pattern(apcupsd_t,apcupsd_var_run_t,apcupsd_var_run_t) ++files_pid_filetrans(apcupsd_t,apcupsd_var_run_t, file) ++ ++corecmd_exec_bin(apcupsd_t) ++corecmd_exec_shell(apcupsd_t) ++ +corenet_tcp_sendrecv_generic_if(apcupsd_t) +corenet_tcp_sendrecv_all_nodes(apcupsd_t) +corenet_tcp_sendrecv_all_ports(apcupsd_t) ++corenet_tcp_bind_all_nodes(apcupsd_t) ++corenet_tcp_bind_apcupsd_port(apcupsd_t) ++corenet_sendrecv_apcupsd_server_packets(apcupsd_t) ++corenet_tcp_connect_apcupsd_port(apcupsd_t) + +dev_rw_generic_usb_dev(apcupsd_t) + ++# Init script handling ++domain_use_interactive_fds(apcupsd_t) ++ +files_read_etc_files(apcupsd_t) +files_search_locks(apcupsd_t) ++# Creates /etc/nologin ++files_manage_etc_runtime_files(apcupsd_t) ++files_etc_filetrans_etc_runtime(apcupsd_t,file) ++ ++#apcupsd runs shutdown, probably need a shutdown domain ++init_rw_utmp(apcupsd_t) ++init_telinit(apcupsd_t) ++ ++kernel_read_system_state(apcupsd_t) + +libs_use_ld_so(apcupsd_t) +libs_use_shared_libs(apcupsd_t) + ++logging_send_syslog_msg(apcupsd_t) ++ +miscfiles_read_localization(apcupsd_t) + -+ifdef(`targeted_policy',` -+ term_dontaudit_use_unallocated_ttys(apcupsd_t) -+ term_dontaudit_use_generic_ptys(apcupsd_t) -+') ++userdom_use_unpriv_users_ttys(apcupsd_t) ++userdom_use_unpriv_users_ptys(apcupsd_t) + -+allow apcupsd_t apcupsd_lock_t:file manage_file_perms; -+files_lock_filetrans(apcupsd_t,apcupsd_lock_t,file) -+ -+allow apcupsd_t apcupsd_log_t:file manage_file_perms; -+allow apcupsd_t apcupsd_log_t:dir { rw_dir_perms setattr }; -+logging_log_filetrans(apcupsd_t,apcupsd_log_t,{ file dir }) ++term_use_generic_ptys(apcupsd_t) ++term_use_unallocated_ttys(apcupsd_t) + -+allow apcupsd_t apcupsd_var_run_t:file manage_file_perms; -+allow apcupsd_t apcupsd_var_run_t:dir rw_dir_perms; -+files_pid_filetrans(apcupsd_t,apcupsd_var_run_t, file) ++optional_policy(` ++ hostname_exec(apcupsd_t) ++') + -+logging_send_syslog_msg(apcupsd_t) ++optional_policy(` ++ mta_send_mail(apcupsd_t) ++') + +######################################## +# @@ -93,8 +124,9 @@ +corenet_udp_sendrecv_all_nodes(httpd_apcupsd_cgi_script_t) +corenet_udp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t) + ---- serefpolicy-2.4.6/policy/modules/services/apcupsd.if.apcupsd 2007-04-10 14:44:42.000000000 -0400 -+++ serefpolicy-2.4.6/policy/modules/services/apcupsd.if 2007-04-10 14:43:06.000000000 -0400 +diff -up /dev/null serefpolicy-2.4.6/policy/modules/services/apcupsd.if +--- /dev/null 2007-09-02 13:37:21.567001794 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/apcupsd.if 2007-08-10 09:53:24.000000000 -0400 @@ -0,0 +1,108 @@ + +## policy for apcupsd @@ -204,12 +236,14 @@ + allow httpd_apcupsd_cgi_script_t $1:fifo_file rw_file_perms; + allow httpd_apcupsd_cgi_script_t $1:process sigchld; +') ---- serefpolicy-2.4.6/policy/modules/services/apcupsd.fc.apcupsd 2007-04-10 14:44:36.000000000 -0400 -+++ serefpolicy-2.4.6/policy/modules/services/apcupsd.fc 2007-04-10 14:43:06.000000000 -0400 -@@ -0,0 +1,9 @@ +diff -up /dev/null serefpolicy-2.4.6/policy/modules/services/apcupsd.fc +--- /dev/null 2007-09-02 13:37:21.567001794 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/apcupsd.fc 2007-09-04 09:42:18.000000000 -0400 +@@ -0,0 +1,10 @@ + +/usr/sbin/apcupsd -- gen_context(system_u:object_r:apcupsd_exec_t,s0) -+/var/log/apcupsd\.events.* -- gen_context(system_u:object_r:apcupsd_log_t,s0) ++/var/log/apcupsd\.events.* -- gen_context(system_u:object_r:apcupsd_log_t,s0) ++/var/log/apcupsd\.status.* -- gen_context(system_u:object_r:apcupsd_log_t,s0) +/var/run/apcupsd\.pid -- gen_context(system_u:object_r:apcupsd_var_run_t,s0) + +/var/www/apcupsd/multimon.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0) policy-fusermount.patch: kernel/files.fc | 1 + kernel/filesystem.te | 6 ++++++ system/fusermount.fc | 6 ++++++ system/fusermount.if | 41 +++++++++++++++++++++++++++++++++++++++++ system/fusermount.te | 46 ++++++++++++++++++++++++++++++++++++++++++++++ system/mount.fc | 2 -- system/mount.if | 1 + system/mount.te | 44 ++++++++++++++++++++++++++++++++------------ 8 files changed, 133 insertions(+), 14 deletions(-) Index: policy-fusermount.patch =================================================================== RCS file: /cvs/dist/rpms/selinux-policy/FC-6/policy-fusermount.patch,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- policy-fusermount.patch 17 May 2007 17:52:41 -0000 1.4 +++ policy-fusermount.patch 4 Sep 2007 14:00:30 -0000 1.5 @@ -1,5 +1,6 @@ ---- /dev/null 2007-05-03 14:48:40.015638131 -0400 -+++ serefpolicy-2.4.6/policy/modules/system/fusermount.fc 2007-04-03 09:09:12.000000000 -0400 +diff -up /dev/null serefpolicy-2.4.6/policy/modules/system/fusermount.fc +--- /dev/null 2007-09-02 13:37:21.567001794 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/fusermount.fc 2007-08-10 09:53:24.000000000 -0400 @@ -0,0 +1,6 @@ +# fusermount executable will have: +# label: system_u:object_r:fusermount_exec_t @@ -7,20 +8,41 @@ +# MCS categories: + +/usr/bin/fusermount -- gen_context(system_u:object_r:fusermount_exec_t,s0) ---- serefpolicy-2.4.6/policy/modules/system/mount.te.fusermount 2007-04-03 09:09:12.000000000 -0400 -+++ serefpolicy-2.4.6/policy/modules/system/mount.te 2007-05-04 10:36:21.000000000 -0400 -@@ -12,6 +12,10 @@ init_system_domain(mount_t,mount_exec_t) +diff -up serefpolicy-2.4.6/policy/modules/system/mount.te.fusermount serefpolicy-2.4.6/policy/modules/system/mount.te +--- serefpolicy-2.4.6/policy/modules/system/mount.te.fusermount 2007-08-10 09:53:24.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/mount.te 2007-09-04 09:53:42.000000000 -0400 +@@ -12,6 +12,9 @@ init_system_domain(mount_t,mount_exec_t) userdom_executable_file(mount_exec_t) role system_r types mount_t; -+type mount_ntfs_t; -+type mount_ntfs_exec_t; -+init_system_domain(mount_ntfs_t, mount_ntfs_exec_t) ++typealias mount_t alias mount_ntfs_t; ++typealias mount_exec_t alias mount_ntfs_exec_t; + type mount_loopback_t; # customizable files_type(mount_loopback_t) -@@ -66,7 +70,6 @@ fs_rw_tmpfs_chr_files(mount_t) +@@ -30,15 +33,18 @@ ifdef(`targeted_policy',` + # + + # setuid/setgid needed to mount cifs +-allow mount_t self:capability { ipc_lock sys_resource sys_rawio sys_admin dac_override chown sys_tty_config setuid setgid }; ++allow mount_t self:capability { fsetid ipc_lock sys_rawio sys_resource sys_admin dac_override chown sys_tty_config setuid setgid }; + + allow mount_t mount_loopback_t:file r_file_perms; +-allow mount_t self:netlink_route_socket r_netlink_socket_perms; + + allow mount_t mount_tmp_t:file create_file_perms; + allow mount_t mount_tmp_t:dir create_dir_perms; + files_tmp_filetrans(mount_t,mount_tmp_t,{ file dir }) + ++auth_use_nsswitch(mount_t) ++ ++can_exec(mount_t, mount_exec_t) ++ + kernel_read_system_state(mount_t) + kernel_read_kernel_sysctls(mount_t) + kernel_dontaudit_getattr_core_if(mount_t) +@@ -68,7 +74,6 @@ fs_rw_tmpfs_chr_files(mount_t) fs_read_tmpfs_symlinks(mount_t) term_use_all_terms(mount_t) @@ -28,111 +50,72 @@ # required for mount.smbfs corecmd_exec_sbin(mount_t) -@@ -198,3 +201,54 @@ ifdef(`targeted_policy',` +@@ -162,13 +167,8 @@ optional_policy(` + + fs_search_rpc(mount_t) + +- sysnet_dns_name_resolve(mount_t) +- + rpc_stub(mount_t) + +- optional_policy(` +- nis_use_ypbind(mount_t) +- ') + ') + + optional_policy(` +@@ -185,10 +185,6 @@ optional_policy(` + ') + + optional_policy(` +- nscd_socket_use(mount_t) +-') +- +-optional_policy(` + ssh_sigchld(mount_t) + ssh_rw_stream_sockets(mount_t) + ') +@@ -201,4 +197,28 @@ optional_policy(` + ifdef(`targeted_policy',` files_etc_filetrans_etc_runtime(unconfined_mount_t,file) unconfined_domain(unconfined_mount_t) - ') ++ optional_policy(` ++ hal_dbus_chat(unconfined_mount_t) ++ ') ++') + +######################################## +# -+# mount_ntfs local policy ++# ntfs local policy +# -+allow mount_ntfs_t self:capability { setuid sys_admin }; -+allow mount_ntfs_t self:fifo_file { read write }; -+allow mount_ntfs_t self:unix_stream_socket create_stream_socket_perms; -+allow mount_ntfs_t self:unix_dgram_socket { connect create }; -+ -+corecmd_read_bin_symlinks(mount_ntfs_t) -+corecmd_exec_shell(mount_ntfs_t) -+ -+files_read_etc_files(mount_ntfs_t) -+ -+libs_use_ld_so(mount_ntfs_t) -+libs_use_shared_libs(mount_ntfs_t) -+ -+init_dontaudit_use_fds(mount_ntfs_t) ++allow mount_t self:fifo_file { read write }; ++allow mount_t self:unix_stream_socket create_stream_socket_perms; ++allow mount_t self:unix_dgram_socket { connect create }; + -+kernel_read_system_state(mount_ntfs_t) ++corecmd_exec_shell(mount_t) + -+logging_send_syslog_msg(mount_ntfs_t) ++fusermount_domtrans(mount_t) ++fusermount_use_fds(mount_t) + -+miscfiles_read_localization(mount_ntfs_t) -+ -+modutils_domtrans_insmod(mount_ntfs_t) -+ -+mount_ntfs_domtrans(mount_t) -+ -+storage_raw_read_fixed_disk(mount_ntfs_t) -+storage_raw_write_fixed_disk(mount_ntfs_t) ++modutils_domtrans_insmod(mount_t) + +optional_policy(` -+ fusermount_domtrans(mount_ntfs_t) -+ fusermount_use_fds(mount_ntfs_t) -+') -+ -+optional_policy(` -+ nscd_socket_use(mount_ntfs_t) -+') -+ -+optional_policy(` -+ hal_write_log(mount_ntfs_t) -+ hal_use_fds(mount_ntfs_t) -+') -+ -+ifdef(`targeted_policy',` -+ term_use_generic_ptys(mount_ntfs_t) -+') -+ ++ hal_write_log(mount_t) ++ hal_use_fds(mount_t) ++ hal_rw_pipes(mount_t) + ') +diff -up serefpolicy-2.4.6/policy/modules/system/mount.if.fusermount serefpolicy-2.4.6/policy/modules/system/mount.if --- serefpolicy-2.4.6/policy/modules/system/mount.if.fusermount 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/mount.if 2007-04-03 09:09:12.000000000 -0400 -@@ -147,3 +147,44 @@ interface(`mount_domtrans_unconfined',` ++++ serefpolicy-2.4.6/policy/modules/system/mount.if 2007-09-04 09:56:01.000000000 -0400 +@@ -147,3 +147,4 @@ interface(`mount_domtrans_unconfined',` refpolicywarn(`$0($1) has no effect in strict policy.') ') ') + -+######################################## -+## -+## Execute a domain transition to run mount_ntfs. -+## -+## -+## -+## Domain allowed to transition. -+## -+## -+# -+interface(`mount_ntfs_domtrans',` -+ gen_require(` -+ type mount_ntfs_t, mount_ntfs_exec_t; -+ ') -+ -+ domain_auto_trans($1,mount_ntfs_exec_t,mount_ntfs_t) -+ -+ allow mount_ntfs_t $1:fd use; -+ allow mount_ntfs_t $1:fifo_file rw_file_perms; -+ allow mount_ntfs_t $1:process sigchld; -+') -+ -+######################################## -+## -+## Allow the specified domain to read/write to -+## init scripts with a unix domain stream sockets. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`mount_ntfs_rw_stream_sockets',` -+ gen_require(` -+ type mount_ntfs_t; -+ ') -+ -+ allow $1 mount_ntfs_t:unix_stream_socket { read write }; -+') ---- /dev/null 2007-05-03 14:48:40.015638131 -0400 -+++ serefpolicy-2.4.6/policy/modules/system/fusermount.te 2007-04-03 09:09:12.000000000 -0400 -@@ -0,0 +1,45 @@ +diff -up /dev/null serefpolicy-2.4.6/policy/modules/system/fusermount.te +--- /dev/null 2007-09-02 13:37:21.567001794 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/fusermount.te 2007-09-04 09:46:40.000000000 -0400 +@@ -0,0 +1,46 @@ +policy_module(fusermount,1.0.0) + +######################################## @@ -169,17 +152,19 @@ +storage_raw_read_fixed_disk(fusermount_t) +storage_raw_write_fixed_disk(fusermount_t) + -+optional_policy(` -+ mount_ntfs_rw_stream_sockets(fusermount_t) -+') -+ +ifdef(`targeted_policy',` + term_use_generic_ptys(fusermount_t) + term_dontaudit_use_console(fusermount_t) +') + ---- /dev/null 2007-05-03 14:48:40.015638131 -0400 -+++ serefpolicy-2.4.6/policy/modules/system/fusermount.if 2007-04-03 09:09:12.000000000 -0400 ++optional_policy(` ++ hal_write_log(fusermount_t) ++ hal_use_fds(fusermount_t) ++ hal_rw_pipes(fusermount_t) ++') +diff -up /dev/null serefpolicy-2.4.6/policy/modules/system/fusermount.if +--- /dev/null 2007-09-02 13:37:21.567001794 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/fusermount.if 2007-08-10 09:53:24.000000000 -0400 @@ -0,0 +1,41 @@ +## policy for fusermount + @@ -222,17 +207,18 @@ + + allow $1 fusermount_t:fd use; +') +diff -up serefpolicy-2.4.6/policy/modules/system/mount.fc.fusermount serefpolicy-2.4.6/policy/modules/system/mount.fc --- serefpolicy-2.4.6/policy/modules/system/mount.fc.fusermount 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/mount.fc 2007-04-03 09:09:12.000000000 -0400 -@@ -1,4 +1,3 @@ ++++ serefpolicy-2.4.6/policy/modules/system/mount.fc 2007-09-04 09:48:11.000000000 -0400 +@@ -1,4 +1,2 @@ /bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0) /bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0) - -/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0) -+/sbin/mount.ntfs-3g -- gen_context(system_u:object_r:mount_ntfs_exec_t,s0) ---- serefpolicy-2.4.6/policy/modules/kernel/filesystem.te.fusermount 2007-04-03 09:09:12.000000000 -0400 -+++ serefpolicy-2.4.6/policy/modules/kernel/filesystem.te 2007-04-03 09:09:13.000000000 -0400 -@@ -60,6 +60,11 @@ type configfs_t; +diff -up serefpolicy-2.4.6/policy/modules/kernel/filesystem.te.fusermount serefpolicy-2.4.6/policy/modules/kernel/filesystem.te +--- serefpolicy-2.4.6/policy/modules/kernel/filesystem.te.fusermount 2007-08-10 09:53:24.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/kernel/filesystem.te 2007-08-10 09:53:24.000000000 -0400 +@@ -61,6 +61,11 @@ type configfs_t; fs_type(configfs_t) genfscon configfs / gen_context(system_u:object_r:configfs_t,s0) @@ -244,16 +230,17 @@ type eventpollfs_t; fs_type(eventpollfs_t) # change to task SID 20060628 -@@ -69,6 +74,7 @@ type fusefs_t; - fs_type(fusefs_t) +@@ -71,6 +76,7 @@ fs_type(fusefs_t) allow fusefs_t self:filesystem associate; + fs_noxattr_type(fusefs_t) genfscon fuse / gen_context(system_u:object_r:fusefs_t,s0) +genfscon fuseblk / gen_context(system_u:object_r:fusefs_t,s0) type futexfs_t; fs_type(futexfs_t) ---- serefpolicy-2.4.6/policy/modules/kernel/files.fc.fusermount 2007-04-03 09:09:12.000000000 -0400 -+++ serefpolicy-2.4.6/policy/modules/kernel/files.fc 2007-04-03 09:09:13.000000000 -0400 +diff -up serefpolicy-2.4.6/policy/modules/kernel/files.fc.fusermount serefpolicy-2.4.6/policy/modules/kernel/files.fc +--- serefpolicy-2.4.6/policy/modules/kernel/files.fc.fusermount 2007-08-10 09:53:24.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/kernel/files.fc 2007-08-10 09:53:24.000000000 -0400 @@ -54,6 +54,7 @@ ifdef(`distro_suse',` /etc/issue\.net -- gen_context(system_u:object_r:etc_runtime_t,s0) /etc/localtime -l gen_context(system_u:object_r:etc_t,s0) Index: selinux-policy.spec =================================================================== RCS file: /cvs/dist/rpms/selinux-policy/FC-6/selinux-policy.spec,v retrieving revision 1.373 retrieving revision 1.374 diff -u -r1.373 -r1.374 --- selinux-policy.spec 17 Jul 2007 20:21:05 -0000 1.373 +++ selinux-policy.spec 4 Sep 2007 14:00:30 -0000 1.374 @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 2.4.6 -Release: 80%{?dist} +Release: 88%{?dist} License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -358,6 +358,46 @@ %endif %changelog +* Sat Sep 1 2007 Dan Walsh 2.4.6-88 +- Cleanup of fusermount/mount-ntfs and apcupsd to match rawhide +- Allow cimserver to create pegasus_data directories +Resolves: #213809 +- Allow dmidecode to search sysfs_t +Resolves: #263141 + +* Wed Aug 21 2007 Dan Walsh 2.4.6-87 +- Change to context on /var/run/libvirt +Resolves: #249069 + +* Wed Aug 21 2007 Dan Walsh 2.4.6-86 +- More fixes for snmp +Resolves: #246431 + +* Tue Aug 21 2007 Dan Walsh 2.4.6-85 +- Fix duplicate /etc/asound.state +- Allow auditctl to getattr on all files +Resolves: #249754 + +* Mon Aug 20 2007 Dan Walsh 2.4.6-84 +- Allow dovecot read of /tmp files for kerberos +#Resolves:#251841 +- Fix apache policy for virtual hosting +#Resolves #253309 +- Allow Xen to run on nfs +Resolves: #253744 + +* Thu Aug 16 2007 Steve Grubb 2.4.6-83 +- Add set_loginuid permission to ftpd_t +Resolves:#220085 + +* Tue Aug 7 2007 Dan Walsh 2.4.6-82 +- Fix java specifications for IBM +- Fix xen startup problems +Resolves:#249895 + +* Tue Jul 18 2007 Dan Walsh 2.4.6-81 +- Fixes for apcupsd + * Tue Jul 17 2007 Dan Walsh 2.4.6-80 - Allow ntp to create shm From fedora-cvs-commits at redhat.com Tue Sep 4 19:48:02 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 4 Sep 2007 15:48:02 -0400 Subject: rpms/selinux-policy/FC-6 policy-20061106.patch,1.54,1.55 Message-ID: <200709041948.l84Jm27q007322@cvs.devel.redhat.com> Author: dwalsh Update of /cvs/dist/rpms/selinux-policy/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv7307 Modified Files: policy-20061106.patch Log Message: * Sat Sep 1 2007 Dan Walsh 2.4.6-88 - Cleanup of fusermount/mount-ntfs and apcupsd to match rawhide - Allow cimserver to create pegasus_data directories Resolves: #213809 - Allow dmidecode to search sysfs_t Resolves: #263141 policy-20061106.patch: Rules.modular | 10 config/appconfig-strict-mcs/seusers | 1 config/appconfig-strict-mls/default_contexts | 6 config/appconfig-strict-mls/seusers | 1 config/appconfig-strict/seusers | 1 man/man8/kerberos_selinux.8 | 2 policy/flask/access_vectors | 21 policy/flask/security_classes | 8 policy/global_tunables | 94 +++- policy/mls | 31 + policy/modules/admin/acct.te | 1 policy/modules/admin/alsa.fc | 3 policy/modules/admin/alsa.te | 15 policy/modules/admin/amanda.if | 17 policy/modules/admin/amanda.te | 11 policy/modules/admin/amtu.fc | 3 policy/modules/admin/amtu.if | 57 ++ policy/modules/admin/amtu.te | 56 ++ policy/modules/admin/backup.te | 5 policy/modules/admin/bootloader.fc | 5 policy/modules/admin/bootloader.te | 15 policy/modules/admin/consoletype.te | 21 policy/modules/admin/ddcprobe.te | 10 policy/modules/admin/dmesg.te | 7 policy/modules/admin/dmidecode.te | 6 policy/modules/admin/firstboot.if | 24 - policy/modules/admin/kudzu.te | 14 policy/modules/admin/logrotate.te | 5 policy/modules/admin/logwatch.te | 22 policy/modules/admin/netutils.te | 19 policy/modules/admin/portage.te | 5 policy/modules/admin/prelink.te | 25 - policy/modules/admin/quota.fc | 7 policy/modules/admin/quota.te | 24 - policy/modules/admin/readahead.te | 2 policy/modules/admin/rpm.fc | 3 policy/modules/admin/rpm.if | 104 ++++ policy/modules/admin/rpm.te | 49 -- policy/modules/admin/su.if | 38 + policy/modules/admin/su.te | 2 policy/modules/admin/sudo.if | 13 policy/modules/admin/tripwire.te | 11 policy/modules/admin/usbmodules.te | 5 policy/modules/admin/usermanage.if | 2 policy/modules/admin/usermanage.te | 58 ++ policy/modules/admin/vbetool.te | 1 policy/modules/admin/vpn.te | 1 policy/modules/apps/ethereal.te | 5 policy/modules/apps/evolution.if | 107 ++++ policy/modules/apps/evolution.te | 1 policy/modules/apps/games.fc | 1 policy/modules/apps/gnome.fc | 2 policy/modules/apps/gnome.if | 108 ++++ policy/modules/apps/gnome.te | 5 policy/modules/apps/gpg.if | 1 policy/modules/apps/java.fc | 2 policy/modules/apps/java.if | 70 +++ policy/modules/apps/java.te | 2 policy/modules/apps/loadkeys.if | 39 - policy/modules/apps/mozilla.if | 208 +++++++-- policy/modules/apps/mplayer.if | 84 +++ policy/modules/apps/mplayer.te | 1 policy/modules/apps/slocate.te | 7 policy/modules/apps/thunderbird.if | 81 +++ policy/modules/apps/userhelper.if | 20 policy/modules/apps/webalizer.te | 6 policy/modules/apps/wine.fc | 1 policy/modules/apps/yam.te | 5 policy/modules/kernel/corecommands.fc | 30 + policy/modules/kernel/corecommands.if | 77 +++ policy/modules/kernel/corenetwork.if.in | 140 ++++++ policy/modules/kernel/corenetwork.te.in | 17 policy/modules/kernel/devices.fc | 11 policy/modules/kernel/devices.if | 56 ++ policy/modules/kernel/devices.te | 8 policy/modules/kernel/domain.if | 80 +++ policy/modules/kernel/domain.te | 26 + policy/modules/kernel/files.fc | 3 policy/modules/kernel/files.if | 279 +++++++++++- policy/modules/kernel/filesystem.if | 62 ++ policy/modules/kernel/filesystem.te | 30 + policy/modules/kernel/kernel.if | 84 +++ policy/modules/kernel/kernel.te | 22 policy/modules/kernel/mls.if | 28 + policy/modules/kernel/mls.te | 6 policy/modules/kernel/storage.fc | 4 policy/modules/kernel/storage.if | 2 policy/modules/kernel/terminal.fc | 2 policy/modules/kernel/terminal.if | 21 policy/modules/kernel/terminal.te | 1 policy/modules/services/aide.fc | 3 policy/modules/services/aide.te | 11 policy/modules/services/amavis.if | 19 policy/modules/services/amavis.te | 4 policy/modules/services/apache.fc | 18 policy/modules/services/apache.if | 157 ++++++ policy/modules/services/apache.te | 61 ++ policy/modules/services/apm.te | 3 policy/modules/services/arpwatch.te | 5 policy/modules/services/audioentropy.te | 4 policy/modules/services/automount.fc | 1 policy/modules/services/automount.te | 15 policy/modules/services/avahi.if | 40 + policy/modules/services/avahi.te | 10 policy/modules/services/bind.fc | 1 policy/modules/services/bind.te | 12 policy/modules/services/bluetooth.te | 10 policy/modules/services/ccs.fc | 1 policy/modules/services/ccs.te | 25 - policy/modules/services/clamav.te | 3 policy/modules/services/courier.te | 1 policy/modules/services/cron.fc | 6 policy/modules/services/cron.if | 105 ++-- policy/modules/services/cron.te | 58 ++ policy/modules/services/cups.fc | 5 policy/modules/services/cups.te | 19 policy/modules/services/cvs.te | 2 policy/modules/services/cyrus.te | 6 policy/modules/services/dbus.fc | 1 policy/modules/services/dbus.if | 66 ++ policy/modules/services/dbus.te | 4 policy/modules/services/dcc.te | 9 policy/modules/services/dhcp.te | 3 policy/modules/services/dovecot.fc | 2 policy/modules/services/dovecot.if | 44 + policy/modules/services/dovecot.te | 73 ++- policy/modules/services/fail2ban.fc | 3 policy/modules/services/fail2ban.if | 80 +++ policy/modules/services/fail2ban.te | 74 +++ policy/modules/services/ftp.te | 21 policy/modules/services/hal.fc | 14 policy/modules/services/hal.if | 160 ++++++ policy/modules/services/hal.te | 177 +++++++ policy/modules/services/inetd.te | 34 + policy/modules/services/irqbalance.te | 4 policy/modules/services/kerberos.if | 29 + policy/modules/services/kerberos.te | 44 + policy/modules/services/ktalk.fc | 3 policy/modules/services/ktalk.te | 13 policy/modules/services/lpd.if | 75 ++- policy/modules/services/lpd.te | 5 policy/modules/services/mailman.if | 20 policy/modules/services/mailman.te | 1 policy/modules/services/mta.fc | 1 policy/modules/services/mta.if | 20 policy/modules/services/mta.te | 3 policy/modules/services/munin.te | 5 policy/modules/services/nagios.fc | 6 policy/modules/services/nagios.te | 14 policy/modules/services/networkmanager.fc | 2 policy/modules/services/networkmanager.te | 2 policy/modules/services/nis.fc | 7 policy/modules/services/nis.if | 8 policy/modules/services/nis.te | 39 + policy/modules/services/nscd.if | 20 policy/modules/services/nscd.te | 31 - policy/modules/services/ntp.te | 10 policy/modules/services/oav.te | 5 policy/modules/services/oddjob.te | 5 policy/modules/services/openca.if | 4 policy/modules/services/openca.te | 2 policy/modules/services/openct.te | 2 policy/modules/services/openvpn.te | 20 policy/modules/services/pcscd.fc | 9 policy/modules/services/pcscd.if | 62 ++ policy/modules/services/pcscd.te | 79 +++ policy/modules/services/pegasus.if | 31 + policy/modules/services/pegasus.te | 13 policy/modules/services/portmap.te | 5 policy/modules/services/portslave.te | 1 policy/modules/services/postfix.fc | 2 policy/modules/services/postfix.if | 45 + policy/modules/services/postfix.te | 94 ++++ policy/modules/services/ppp.te | 2 policy/modules/services/procmail.te | 32 + policy/modules/services/pyzor.if | 18 policy/modules/services/pyzor.te | 13 policy/modules/services/radius.te | 3 policy/modules/services/radvd.te | 2 policy/modules/services/rhgb.if | 76 +++ policy/modules/services/rhgb.te | 3 policy/modules/services/ricci.te | 26 + policy/modules/services/rlogin.te | 11 policy/modules/services/rpc.fc | 1 policy/modules/services/rpc.if | 3 policy/modules/services/rpc.te | 27 - policy/modules/services/rshd.te | 1 policy/modules/services/rsync.te | 1 policy/modules/services/samba.fc | 6 policy/modules/services/samba.if | 101 ++++ policy/modules/services/samba.te | 100 +++- policy/modules/services/sasl.te | 14 policy/modules/services/sendmail.if | 22 policy/modules/services/sendmail.te | 22 policy/modules/services/setroubleshoot.if | 20 policy/modules/services/setroubleshoot.te | 2 policy/modules/services/smartmon.te | 1 policy/modules/services/snmp.if | 17 policy/modules/services/snmp.te | 20 policy/modules/services/soundserver.te | 4 policy/modules/services/spamassassin.fc | 5 policy/modules/services/spamassassin.if | 42 + policy/modules/services/spamassassin.te | 26 - policy/modules/services/squid.fc | 2 policy/modules/services/squid.if | 21 policy/modules/services/squid.te | 17 policy/modules/services/ssh.if | 83 +++ policy/modules/services/ssh.te | 14 policy/modules/services/telnet.te | 3 policy/modules/services/tftp.te | 3 policy/modules/services/uucp.fc | 1 policy/modules/services/uucp.if | 67 ++ policy/modules/services/uucp.te | 44 + policy/modules/services/uwimap.te | 1 policy/modules/services/xserver.fc | 2 policy/modules/services/xserver.if | 211 +++++++++ policy/modules/services/xserver.te | 12 policy/modules/system/authlogin.fc | 1 policy/modules/system/authlogin.if | 180 +++++++ policy/modules/system/authlogin.te | 47 +- policy/modules/system/clock.te | 18 policy/modules/system/fstools.fc | 1 policy/modules/system/fstools.if | 19 policy/modules/system/fstools.te | 20 policy/modules/system/getty.te | 14 policy/modules/system/hostname.te | 19 policy/modules/system/init.if | 75 +++ policy/modules/system/init.te | 51 ++ policy/modules/system/ipsec.fc | 5 policy/modules/system/ipsec.if | 99 ++++ policy/modules/system/ipsec.te | 121 +++++ policy/modules/system/iptables.te | 28 - policy/modules/system/libraries.fc | 44 + policy/modules/system/libraries.te | 11 policy/modules/system/locallogin.if | 37 + policy/modules/system/locallogin.te | 11 policy/modules/system/logging.fc | 5 policy/modules/system/logging.if | 61 ++ policy/modules/system/logging.te | 36 + policy/modules/system/lvm.fc | 2 policy/modules/system/lvm.if | 44 + policy/modules/system/lvm.te | 95 +++- policy/modules/system/miscfiles.fc | 3 policy/modules/system/miscfiles.if | 79 +++ policy/modules/system/modutils.te | 38 + policy/modules/system/mount.te | 37 + policy/modules/system/netlabel.te | 10 policy/modules/system/pcmcia.te | 5 policy/modules/system/raid.te | 16 policy/modules/system/selinuxutil.fc | 10 policy/modules/system/selinuxutil.if | 124 +++++ policy/modules/system/selinuxutil.te | 138 ++--- policy/modules/system/sysnetwork.if | 2 policy/modules/system/sysnetwork.te | 14 policy/modules/system/tzdata.fc | 3 policy/modules/system/tzdata.if | 23 policy/modules/system/tzdata.te | 51 ++ policy/modules/system/udev.te | 22 policy/modules/system/unconfined.fc | 4 policy/modules/system/unconfined.if | 22 policy/modules/system/unconfined.te | 23 policy/modules/system/userdomain.if | 622 +++++++++++++++++++++++---- policy/modules/system/userdomain.te | 117 ++--- policy/modules/system/xen.fc | 2 policy/modules/system/xen.if | 64 ++ policy/modules/system/xen.te | 65 ++ policy/support/*Warnings* | 189 ++++++++ policy/support/file_patterns.spt | 534 +++++++++++++++++++++++ policy/support/misc_macros.spt | 8 policy/support/obj_perm_sets.spt | 144 ++++++ 270 files changed, 8349 insertions(+), 863 deletions(-) Index: policy-20061106.patch =================================================================== RCS file: /cvs/dist/rpms/selinux-policy/FC-6/policy-20061106.patch,v retrieving revision 1.54 retrieving revision 1.55 diff -u -r1.54 -r1.55 --- policy-20061106.patch 4 Sep 2007 14:00:29 -0000 1.54 +++ policy-20061106.patch 4 Sep 2007 19:47:59 -0000 1.55 @@ -3460,7 +3460,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.4.6/policy/modules/kernel/corenetwork.te.in --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/kernel/corenetwork.te.in 2007-05-31 14:34:21.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/kernel/corenetwork.te.in 2007-09-04 13:42:52.000000000 -0400 @@ -48,6 +48,11 @@ type reserved_port_t, port_type, reserved_port_type; @@ -3504,7 +3504,15 @@ network_port(pegasus_http, tcp,5988,s0) network_port(pegasus_https, tcp,5989,s0) network_port(pop, tcp,106,s0, tcp,109,s0, tcp,110,s0, tcp,143,s0, tcp,220,s0, tcp,993,s0, tcp,995,s0, tcp,1109,s0) -@@ -156,6 +163,9 @@ +@@ -149,6 +156,7 @@ + type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon + network_port(uucpd, tcp,540,s0) + network_port(vnc, tcp,5900,s0) ++network_port(wccp, udp,2048,s0) + network_port(xen, tcp,8002,s0) + network_port(xserver, tcp, 6000, s0, tcp,6001,s0, tcp,6002,s0, tcp,6003,s0, tcp,6004,s0, tcp,6005,s0, tcp,6006,s0, tcp,6007,s0, tcp,6008,s0, tcp,6009,s0, tcp,6010,s0, tcp,6011,s0, tcp,6012,s0, tcp,6013,s0, tcp,6014,s0, tcp,6015,s0, tcp,6016,s0, tcp,6017,s0, tcp,6018,s0, tcp,6019,s0) + network_port(zebra, tcp,2600,s0, tcp,2601,s0, tcp,2602,s0, tcp,2603,s0, tcp,2604,s0, tcp,2606,s0, udp,2600,s0, udp,2601,s0, udp,2602,s0, udp,2603,s0, udp,2604,s0, udp,2606,s0) +@@ -156,6 +164,9 @@ # Defaults for reserved ports. Earlier portcon entries take precedence; # these entries just cover any remaining reserved ports not otherwise declared. @@ -4815,7 +4823,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.4.6/policy/modules/services/amavis.te --- nsaserefpolicy/policy/modules/services/amavis.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/amavis.te 2007-05-31 10:50:34.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/amavis.te 2007-09-01 14:36:03.000000000 -0400 @@ -50,6 +50,7 @@ allow amavis_t self:unix_stream_socket create_stream_socket_perms; allow amavis_t self:unix_dgram_socket create_socket_perms; @@ -7559,16 +7567,20 @@ kernel_rw_irq_sysctls(irqbalance_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-2.4.6/policy/modules/services/kerberos.if --- nsaserefpolicy/policy/modules/services/kerberos.if 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/kerberos.if 2007-05-22 12:40:26.000000000 -0400 -@@ -41,6 +41,7 @@ ++++ serefpolicy-2.4.6/policy/modules/services/kerberos.if 2007-09-04 11:12:19.000000000 -0400 +@@ -41,6 +41,11 @@ allow $1 krb5_conf_t:file { getattr read }; dontaudit $1 krb5_conf_t:file write; dontaudit $1 krb5kdc_conf_t:dir r_dir_perms; + dontaudit $1 krb5kdc_conf_t:file rw_file_perms; ++ ++ #kerberos libraries are attempting to set the correct file context ++ dontaudit $1 self:process setfscreate; ++ seutil_dontaudit_read_file_contexts($1) tunable_policy(`allow_kerberos',` allow $1 self:tcp_socket create_socket_perms; -@@ -57,9 +58,11 @@ +@@ -57,9 +62,11 @@ corenet_udp_bind_all_nodes($1) corenet_tcp_connect_kerberos_port($1) corenet_sendrecv_kerberos_client_packets($1) @@ -7580,7 +7592,7 @@ ') ') -@@ -141,3 +144,25 @@ +@@ -141,3 +148,25 @@ files_search_etc($1) allow $1 krb5_keytab_t:file r_file_perms; ') @@ -7608,17 +7620,41 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-2.4.6/policy/modules/services/kerberos.te --- nsaserefpolicy/policy/modules/services/kerberos.te 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/kerberos.te 2007-06-27 11:42:22.000000000 -0400 -@@ -69,7 +69,7 @@ ++++ serefpolicy-2.4.6/policy/modules/services/kerberos.te 2007-09-04 11:12:41.000000000 -0400 +@@ -55,7 +55,7 @@ + # Use capabilities. Surplus capabilities may be allowed. + allow kadmind_t self:capability { setuid setgid chown fowner dac_override sys_nice }; + dontaudit kadmind_t self:capability sys_tty_config; +-allow kadmind_t self:process signal_perms; ++allow kadmind_t self:process { setfscreate signal_perms }; + allow kadmind_t self:netlink_route_socket r_netlink_socket_perms; + allow kadmind_t self:unix_dgram_socket { connect create write }; + allow kadmind_t self:tcp_socket connected_stream_socket_perms; +@@ -67,25 +67,24 @@ + allow kadmind_t krb5_conf_t:file r_file_perms; + dontaudit kadmind_t krb5_conf_t:file write; - allow kadmind_t krb5kdc_conf_t:dir search; - allow kadmind_t krb5kdc_conf_t:file r_file_perms; +-allow kadmind_t krb5kdc_conf_t:dir search; +-allow kadmind_t krb5kdc_conf_t:file r_file_perms; -dontaudit kadmind_t krb5kdc_conf_t:file write; ++read_files_pattern(kadmind_t,krb5kdc_conf_t,krb5kdc_conf_t) +dontaudit kadmind_t krb5kdc_conf_t:file { write setattr }; allow kadmind_t krb5kdc_principal_t:file { getattr lock read write setattr }; -@@ -86,6 +86,7 @@ + can_exec(kadmind_t, kadmind_exec_t) + +-allow kadmind_t kadmind_tmp_t:dir create_dir_perms; +-allow kadmind_t kadmind_tmp_t:file create_file_perms; ++manage_dirs_pattern(kadmind_t,kadmind_tmp_t,kadmind_tmp_t) ++manage_files_pattern(kadmind_t,kadmind_tmp_t,kadmind_tmp_t) + files_tmp_filetrans(kadmind_t, kadmind_tmp_t, { file dir }) + +-allow kadmind_t kadmind_var_run_t:file create_file_perms; +-allow kadmind_t kadmind_var_run_t:dir rw_dir_perms; ++manage_files_pattern(kadmind_t,kadmind_var_run_t,kadmind_var_run_t) + files_pid_filetrans(kadmind_t,kadmind_var_run_t,file) + kernel_read_kernel_sysctls(kadmind_t) kernel_list_proc(kadmind_t) kernel_read_proc_symlinks(kadmind_t) @@ -7626,7 +7662,7 @@ corenet_non_ipsec_sendrecv(kadmind_t) corenet_tcp_sendrecv_all_if(kadmind_t) -@@ -114,6 +115,9 @@ +@@ -114,6 +113,9 @@ domain_use_interactive_fds(kadmind_t) files_read_etc_files(kadmind_t) @@ -7636,7 +7672,7 @@ init_use_fds(kadmind_t) init_use_script_ptys(kadmind_t) -@@ -126,6 +130,7 @@ +@@ -126,6 +128,7 @@ miscfiles_read_localization(kadmind_t) sysnet_read_config(kadmind_t) @@ -7644,7 +7680,15 @@ userdom_dontaudit_use_unpriv_user_fds(kadmind_t) userdom_dontaudit_search_sysadm_home_dirs(kadmind_t) -@@ -156,14 +161,22 @@ +@@ -142,6 +145,7 @@ + + optional_policy(` + seutil_sigchld_newrole(kadmind_t) ++ seutil_read_file_contexts(kadmind_t) + ') + + optional_policy(` +@@ -156,18 +160,18 @@ # Use capabilities. Surplus capabilities may be allowed. allow krb5kdc_t self:capability { setuid setgid net_admin chown fowner dac_override sys_nice }; dontaudit krb5kdc_t self:capability sys_tty_config; @@ -7655,29 +7699,65 @@ +allow krb5kdc_t self:tcp_socket create_stream_socket_perms; allow krb5kdc_t self:udp_socket create_socket_perms; +allow krb5kdc_t self:fifo_file rw_file_perms; -+ -+files_read_usr_symlinks(krb5kdc_t) -+files_read_var_files(krb5kdc_t) allow krb5kdc_t krb5_conf_t:file r_file_perms; dontaudit krb5kdc_t krb5_conf_t:file write; -+corenet_tcp_connect_ocsp_port(krb5kdc_t) -+corecmd_exec_sbin(krb5kdc_t) -+corecmd_exec_bin(krb5kdc_t) -+ can_exec(krb5kdc_t, krb5kdc_exec_t) - allow krb5kdc_t krb5kdc_conf_t:dir search; -@@ -189,6 +202,7 @@ +-allow krb5kdc_t krb5kdc_conf_t:dir search; +-allow krb5kdc_t krb5kdc_conf_t:file r_file_perms; ++read_files_pattern(krb5kdc_t,krb5kdc_conf_t,krb5kdc_conf_t) + dontaudit krb5kdc_t krb5kdc_conf_t:file write; + + allow krb5kdc_t krb5kdc_log_t:file create_file_perms; +@@ -176,12 +180,11 @@ + allow krb5kdc_t krb5kdc_principal_t:file r_file_perms; + dontaudit krb5kdc_t krb5kdc_principal_t:file write; + +-allow krb5kdc_t krb5kdc_tmp_t:dir create_dir_perms; +-allow krb5kdc_t krb5kdc_tmp_t:file create_file_perms; ++manage_dirs_pattern(krb5kdc_t,krb5kdc_tmp_t,krb5kdc_tmp_t) ++manage_files_pattern(krb5kdc_t,krb5kdc_tmp_t,krb5kdc_tmp_t) + files_tmp_filetrans(krb5kdc_t, krb5kdc_tmp_t, { file dir }) + +-allow krb5kdc_t krb5kdc_var_run_t:file create_file_perms; +-allow krb5kdc_t krb5kdc_var_run_t:dir rw_dir_perms; ++manage_files_pattern(krb5kdc_t,krb5kdc_var_run_t,krb5kdc_var_run_t) + files_pid_filetrans(krb5kdc_t,krb5kdc_var_run_t,file) + + kernel_read_system_state(krb5kdc_t) +@@ -189,6 +192,10 @@ kernel_list_proc(krb5kdc_t) kernel_read_proc_symlinks(krb5kdc_t) kernel_read_network_state(krb5kdc_t) +kernel_search_network_sysctl(krb5kdc_t) ++ ++corecmd_exec_sbin(krb5kdc_t) ++corecmd_exec_bin(krb5kdc_t) corenet_non_ipsec_sendrecv(krb5kdc_t) corenet_tcp_sendrecv_all_if(krb5kdc_t) -@@ -226,6 +240,7 @@ +@@ -201,7 +208,9 @@ + corenet_udp_bind_all_nodes(krb5kdc_t) + corenet_tcp_bind_kerberos_port(krb5kdc_t) + corenet_udp_bind_kerberos_port(krb5kdc_t) ++corenet_tcp_connect_ocsp_port(krb5kdc_t) + corenet_sendrecv_kerberos_server_packets(krb5kdc_t) ++corenet_sendrecv_ocsp_client_packets(krb5kdc_t) + + dev_read_sysfs(krb5kdc_t) + dev_read_urand(krb5kdc_t) +@@ -214,6 +223,8 @@ + domain_use_interactive_fds(krb5kdc_t) + + files_read_etc_files(krb5kdc_t) ++files_read_usr_symlinks(krb5kdc_t) ++files_read_var_files(krb5kdc_t) + + init_use_fds(krb5kdc_t) + init_use_script_ptys(krb5kdc_t) +@@ -226,6 +237,7 @@ miscfiles_read_localization(krb5kdc_t) sysnet_read_config(krb5kdc_t) @@ -7697,16 +7777,33 @@ /var/log/talkd.* -- gen_context(system_u:object_r:ktalkd_log_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-2.4.6/policy/modules/services/ktalk.te --- nsaserefpolicy/policy/modules/services/ktalk.te 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/ktalk.te 2007-05-22 12:40:26.000000000 -0400 -@@ -87,3 +87,8 @@ - optional_policy(` - nscd_socket_use(ktalkd_t) - ') ++++ serefpolicy-2.4.6/policy/modules/services/ktalk.te 2007-09-04 09:21:14.000000000 -0400 +@@ -52,6 +52,8 @@ + allow ktalkd_t ktalkd_var_run_t:dir rw_dir_perms; + files_pid_filetrans(ktalkd_t,ktalkd_var_run_t,file) + ++auth_use_nsswitch(ktalkd_t) + + kernel_read_kernel_sysctls(ktalkd_t) + kernel_read_system_state(ktalkd_t) + kernel_read_network_state(ktalkd_t) +@@ -78,12 +80,9 @@ + + miscfiles_read_localization(ktalkd_t) + +-sysnet_read_config(ktalkd_t) +- +-optional_policy(` +- nis_use_ypbind(ktalkd_t) +ifdef(`targeted_policy',` + term_use_generic_ptys(ktalkd_t) + term_use_unallocated_ttys(ktalkd_t) -+') + ') + +-optional_policy(` +- nscd_socket_use(ktalkd_t) +-') ++term_search_ptys(ktalkd_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-2.4.6/policy/modules/services/lpd.if --- nsaserefpolicy/policy/modules/services/lpd.if 2006-11-29 12:04:51.000000000 -0500 +++ serefpolicy-2.4.6/policy/modules/services/lpd.if 2007-06-06 12:03:44.000000000 -0400 @@ -10325,7 +10422,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-2.4.6/policy/modules/services/snmp.te --- nsaserefpolicy/policy/modules/services/snmp.te 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/snmp.te 2007-08-29 06:10:08.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/snmp.te 2007-09-04 10:39:28.000000000 -0400 @@ -51,6 +51,7 @@ kernel_read_device_sysctls(snmpd_t) @@ -10348,7 +10445,7 @@ files_read_etc_runtime_files(snmpd_t) -files_search_home(snmpd_t) -files_getattr_boot_dirs(snmpd_t) -+files_getattr_all_dirs(snmpd_t) ++auth_read_all_dirs_except_shadow(snmpd_t) +fs_getattr_all_dirs(snmpd_t) fs_getattr_all_fs(snmpd_t) @@ -10620,8 +10717,16 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.4.6/policy/modules/services/squid.te --- nsaserefpolicy/policy/modules/services/squid.te 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/squid.te 2007-07-01 21:13:34.000000000 -0400 -@@ -98,6 +98,8 @@ ++++ serefpolicy-2.4.6/policy/modules/services/squid.te 2007-09-04 13:42:31.000000000 -0400 +@@ -83,6 +83,7 @@ + corenet_tcp_bind_ftp_port(squid_t) + corenet_tcp_bind_gopher_port(squid_t) + corenet_udp_bind_gopher_port(squid_t) ++corenet_udp_bind_wccp_port(squid_t) + corenet_tcp_connect_ftp_port(squid_t) + corenet_tcp_connect_gopher_port(squid_t) + corenet_tcp_connect_http_port(squid_t) +@@ -98,6 +99,8 @@ fs_getattr_all_fs(squid_t) fs_search_auto_mountpoints(squid_t) @@ -10630,7 +10735,7 @@ selinux_dontaudit_getattr_dir(squid_t) -@@ -176,7 +178,13 @@ +@@ -176,7 +179,13 @@ udev_read_db(squid_t) ') @@ -11867,7 +11972,7 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.4.6/policy/modules/system/fstools.te --- nsaserefpolicy/policy/modules/system/fstools.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/fstools.te 2007-08-21 13:50:28.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/fstools.te 2007-09-04 10:56:01.000000000 -0400 @@ -9,7 +9,7 @@ type fsadm_t; type fsadm_exec_t; @@ -11895,6 +12000,15 @@ kernel_read_system_state(fsadm_t) kernel_read_kernel_sysctls(fsadm_t) +@@ -110,7 +110,7 @@ + term_use_console(fsadm_t) + + corecmd_list_bin(fsadm_t) +-corecmd_list_sbin(fsadm_t) ++corecmd_exec_sbin(fsadm_t) + corecmd_read_bin_symlinks(fsadm_t) + corecmd_read_sbin_symlinks(fsadm_t) + #RedHat bug #201164 @@ -190,3 +190,15 @@ fs_dontaudit_write_ramfs_pipes(fsadm_t) rhgb_stub(fsadm_t) From fedora-cvs-commits at redhat.com Wed Sep 5 03:14:52 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 4 Sep 2007 23:14:52 -0400 Subject: rpms/selinux-policy/FC-6 policy-20061106.patch,1.55,1.56 Message-ID: <200709050314.l853Eq05019054@cvs.devel.redhat.com> Author: dwalsh Update of /cvs/dist/rpms/selinux-policy/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv19037 Modified Files: policy-20061106.patch Log Message: * Sat Sep 1 2007 Dan Walsh 2.4.6-88 - Cleanup of fusermount/mount-ntfs and apcupsd to match rawhide - Allow cimserver to create pegasus_data directories Resolves: #213809 - Allow dmidecode to search sysfs_t Resolves: #263141 policy-20061106.patch: Rules.modular | 10 config/appconfig-strict-mcs/seusers | 1 config/appconfig-strict-mls/default_contexts | 6 config/appconfig-strict-mls/seusers | 1 config/appconfig-strict/seusers | 1 man/man8/kerberos_selinux.8 | 2 policy/flask/access_vectors | 21 policy/flask/security_classes | 8 policy/global_tunables | 94 +++- policy/mls | 31 + policy/modules/admin/acct.te | 1 policy/modules/admin/alsa.fc | 3 policy/modules/admin/alsa.te | 15 policy/modules/admin/amanda.if | 17 policy/modules/admin/amanda.te | 11 policy/modules/admin/amtu.fc | 3 policy/modules/admin/amtu.if | 57 ++ policy/modules/admin/amtu.te | 56 ++ policy/modules/admin/backup.te | 5 policy/modules/admin/bootloader.fc | 5 policy/modules/admin/bootloader.te | 15 policy/modules/admin/consoletype.te | 21 policy/modules/admin/ddcprobe.te | 10 policy/modules/admin/dmesg.te | 7 policy/modules/admin/dmidecode.te | 6 policy/modules/admin/firstboot.if | 24 - policy/modules/admin/kudzu.te | 14 policy/modules/admin/logrotate.te | 5 policy/modules/admin/logwatch.te | 22 policy/modules/admin/netutils.te | 19 policy/modules/admin/portage.te | 5 policy/modules/admin/prelink.te | 25 - policy/modules/admin/quota.fc | 7 policy/modules/admin/quota.te | 24 - policy/modules/admin/readahead.te | 2 policy/modules/admin/rpm.fc | 3 policy/modules/admin/rpm.if | 104 ++++ policy/modules/admin/rpm.te | 49 -- policy/modules/admin/su.if | 38 + policy/modules/admin/su.te | 2 policy/modules/admin/sudo.if | 13 policy/modules/admin/tripwire.te | 11 policy/modules/admin/usbmodules.te | 5 policy/modules/admin/usermanage.if | 2 policy/modules/admin/usermanage.te | 58 ++ policy/modules/admin/vbetool.te | 1 policy/modules/admin/vpn.te | 1 policy/modules/apps/ethereal.te | 5 policy/modules/apps/evolution.if | 107 ++++ policy/modules/apps/evolution.te | 1 policy/modules/apps/games.fc | 1 policy/modules/apps/gnome.fc | 2 policy/modules/apps/gnome.if | 108 ++++ policy/modules/apps/gnome.te | 5 policy/modules/apps/gpg.if | 1 policy/modules/apps/java.fc | 2 policy/modules/apps/java.if | 70 +++ policy/modules/apps/java.te | 2 policy/modules/apps/loadkeys.if | 39 - policy/modules/apps/mozilla.if | 208 +++++++-- policy/modules/apps/mplayer.if | 84 +++ policy/modules/apps/mplayer.te | 1 policy/modules/apps/slocate.te | 7 policy/modules/apps/thunderbird.if | 81 +++ policy/modules/apps/userhelper.if | 20 policy/modules/apps/webalizer.te | 6 policy/modules/apps/wine.fc | 1 policy/modules/apps/yam.te | 5 policy/modules/kernel/corecommands.fc | 32 + policy/modules/kernel/corecommands.if | 77 +++ policy/modules/kernel/corenetwork.if.in | 140 ++++++ policy/modules/kernel/corenetwork.te.in | 17 policy/modules/kernel/devices.fc | 11 policy/modules/kernel/devices.if | 56 ++ policy/modules/kernel/devices.te | 8 policy/modules/kernel/domain.if | 80 +++ policy/modules/kernel/domain.te | 26 + policy/modules/kernel/files.fc | 3 policy/modules/kernel/files.if | 279 +++++++++++- policy/modules/kernel/filesystem.if | 62 ++ policy/modules/kernel/filesystem.te | 30 + policy/modules/kernel/kernel.if | 84 +++ policy/modules/kernel/kernel.te | 22 policy/modules/kernel/mls.if | 28 + policy/modules/kernel/mls.te | 6 policy/modules/kernel/storage.fc | 4 policy/modules/kernel/storage.if | 2 policy/modules/kernel/terminal.fc | 2 policy/modules/kernel/terminal.if | 21 policy/modules/kernel/terminal.te | 1 policy/modules/services/aide.fc | 3 policy/modules/services/aide.te | 11 policy/modules/services/amavis.if | 19 policy/modules/services/amavis.te | 4 policy/modules/services/apache.fc | 18 policy/modules/services/apache.if | 157 ++++++ policy/modules/services/apache.te | 61 ++ policy/modules/services/apm.te | 3 policy/modules/services/arpwatch.te | 5 policy/modules/services/audioentropy.te | 4 policy/modules/services/automount.fc | 1 policy/modules/services/automount.te | 15 policy/modules/services/avahi.if | 40 + policy/modules/services/avahi.te | 10 policy/modules/services/bind.fc | 1 policy/modules/services/bind.te | 12 policy/modules/services/bluetooth.te | 10 policy/modules/services/ccs.fc | 1 policy/modules/services/ccs.te | 25 - policy/modules/services/clamav.te | 3 policy/modules/services/courier.te | 1 policy/modules/services/cron.fc | 6 policy/modules/services/cron.if | 105 ++-- policy/modules/services/cron.te | 58 ++ policy/modules/services/cups.fc | 5 policy/modules/services/cups.te | 19 policy/modules/services/cvs.te | 2 policy/modules/services/cyrus.te | 6 policy/modules/services/dbus.fc | 1 policy/modules/services/dbus.if | 66 ++ policy/modules/services/dbus.te | 4 policy/modules/services/dcc.te | 9 policy/modules/services/dhcp.te | 3 policy/modules/services/dovecot.fc | 2 policy/modules/services/dovecot.if | 44 + policy/modules/services/dovecot.te | 73 ++- policy/modules/services/fail2ban.fc | 3 policy/modules/services/fail2ban.if | 80 +++ policy/modules/services/fail2ban.te | 74 +++ policy/modules/services/ftp.te | 21 policy/modules/services/hal.fc | 14 policy/modules/services/hal.if | 160 ++++++ policy/modules/services/hal.te | 177 +++++++ policy/modules/services/inetd.te | 34 + policy/modules/services/irqbalance.te | 4 policy/modules/services/kerberos.if | 29 + policy/modules/services/kerberos.te | 44 + policy/modules/services/ktalk.fc | 3 policy/modules/services/ktalk.te | 13 policy/modules/services/lpd.if | 75 ++- policy/modules/services/lpd.te | 5 policy/modules/services/mailman.if | 20 policy/modules/services/mailman.te | 1 policy/modules/services/mta.fc | 1 policy/modules/services/mta.if | 20 policy/modules/services/mta.te | 3 policy/modules/services/munin.te | 5 policy/modules/services/nagios.fc | 6 policy/modules/services/nagios.te | 14 policy/modules/services/networkmanager.fc | 2 policy/modules/services/networkmanager.te | 2 policy/modules/services/nis.fc | 7 policy/modules/services/nis.if | 8 policy/modules/services/nis.te | 39 + policy/modules/services/nscd.if | 20 policy/modules/services/nscd.te | 31 - policy/modules/services/ntp.te | 10 policy/modules/services/oav.te | 5 policy/modules/services/oddjob.te | 5 policy/modules/services/openca.if | 4 policy/modules/services/openca.te | 2 policy/modules/services/openct.te | 2 policy/modules/services/openvpn.te | 20 policy/modules/services/pcscd.fc | 9 policy/modules/services/pcscd.if | 62 ++ policy/modules/services/pcscd.te | 79 +++ policy/modules/services/pegasus.if | 31 + policy/modules/services/pegasus.te | 13 policy/modules/services/portmap.te | 5 policy/modules/services/portslave.te | 1 policy/modules/services/postfix.fc | 2 policy/modules/services/postfix.if | 46 + policy/modules/services/postfix.te | 98 ++++ policy/modules/services/ppp.te | 2 policy/modules/services/procmail.te | 32 + policy/modules/services/pyzor.if | 18 policy/modules/services/pyzor.te | 13 policy/modules/services/radius.te | 3 policy/modules/services/radvd.te | 2 policy/modules/services/rhgb.if | 76 +++ policy/modules/services/rhgb.te | 3 policy/modules/services/ricci.te | 26 + policy/modules/services/rlogin.te | 11 policy/modules/services/rpc.fc | 1 policy/modules/services/rpc.if | 3 policy/modules/services/rpc.te | 27 - policy/modules/services/rshd.te | 1 policy/modules/services/rsync.te | 1 policy/modules/services/samba.fc | 6 policy/modules/services/samba.if | 101 ++++ policy/modules/services/samba.te | 100 +++- policy/modules/services/sasl.te | 14 policy/modules/services/sendmail.if | 41 + policy/modules/services/sendmail.te | 22 policy/modules/services/setroubleshoot.if | 20 policy/modules/services/setroubleshoot.te | 2 policy/modules/services/smartmon.te | 1 policy/modules/services/snmp.if | 17 policy/modules/services/snmp.te | 20 policy/modules/services/soundserver.te | 4 policy/modules/services/spamassassin.fc | 5 policy/modules/services/spamassassin.if | 42 + policy/modules/services/spamassassin.te | 26 - policy/modules/services/squid.fc | 2 policy/modules/services/squid.if | 21 policy/modules/services/squid.te | 17 policy/modules/services/ssh.if | 83 +++ policy/modules/services/ssh.te | 14 policy/modules/services/telnet.te | 3 policy/modules/services/tftp.te | 3 policy/modules/services/uucp.fc | 1 policy/modules/services/uucp.if | 67 ++ policy/modules/services/uucp.te | 44 + policy/modules/services/uwimap.te | 1 policy/modules/services/xserver.fc | 2 policy/modules/services/xserver.if | 211 +++++++++ policy/modules/services/xserver.te | 12 policy/modules/system/authlogin.fc | 1 policy/modules/system/authlogin.if | 180 +++++++ policy/modules/system/authlogin.te | 47 +- policy/modules/system/clock.te | 18 policy/modules/system/fstools.fc | 1 policy/modules/system/fstools.if | 19 policy/modules/system/fstools.te | 20 policy/modules/system/getty.te | 14 policy/modules/system/hostname.te | 19 policy/modules/system/init.if | 75 +++ policy/modules/system/init.te | 51 ++ policy/modules/system/ipsec.fc | 5 policy/modules/system/ipsec.if | 99 ++++ policy/modules/system/ipsec.te | 121 +++++ policy/modules/system/iptables.te | 28 - policy/modules/system/libraries.fc | 44 + policy/modules/system/libraries.te | 11 policy/modules/system/locallogin.if | 37 + policy/modules/system/locallogin.te | 11 policy/modules/system/logging.fc | 5 policy/modules/system/logging.if | 61 ++ policy/modules/system/logging.te | 36 + policy/modules/system/lvm.fc | 2 policy/modules/system/lvm.if | 44 + policy/modules/system/lvm.te | 95 +++- policy/modules/system/miscfiles.fc | 3 policy/modules/system/miscfiles.if | 79 +++ policy/modules/system/modutils.te | 38 + policy/modules/system/mount.te | 37 + policy/modules/system/netlabel.te | 10 policy/modules/system/pcmcia.te | 5 policy/modules/system/raid.te | 16 policy/modules/system/selinuxutil.fc | 10 policy/modules/system/selinuxutil.if | 146 ++++++ policy/modules/system/selinuxutil.te | 138 ++--- policy/modules/system/sysnetwork.if | 2 policy/modules/system/sysnetwork.te | 14 policy/modules/system/tzdata.fc | 3 policy/modules/system/tzdata.if | 23 policy/modules/system/tzdata.te | 51 ++ policy/modules/system/udev.te | 22 policy/modules/system/unconfined.fc | 4 policy/modules/system/unconfined.if | 22 policy/modules/system/unconfined.te | 23 policy/modules/system/userdomain.if | 622 +++++++++++++++++++++++---- policy/modules/system/userdomain.te | 117 ++--- policy/modules/system/xen.fc | 2 policy/modules/system/xen.if | 64 ++ policy/modules/system/xen.te | 65 ++ policy/support/*Warnings* | 189 ++++++++ policy/support/file_patterns.spt | 534 +++++++++++++++++++++++ policy/support/misc_macros.spt | 8 policy/support/obj_perm_sets.spt | 144 ++++++ 270 files changed, 8397 insertions(+), 863 deletions(-) Index: policy-20061106.patch =================================================================== RCS file: /cvs/dist/rpms/selinux-policy/FC-6/policy-20061106.patch,v retrieving revision 1.55 retrieving revision 1.56 diff -u -r1.55 -r1.56 --- policy-20061106.patch 4 Sep 2007 19:47:59 -0000 1.55 +++ policy-20061106.patch 5 Sep 2007 03:14:49 -0000 1.56 @@ -3102,7 +3102,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.4.6/policy/modules/kernel/corecommands.fc --- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/kernel/corecommands.fc 2007-05-29 11:39:16.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/kernel/corecommands.fc 2007-09-04 15:56:01.000000000 -0400 @@ -1,4 +1,3 @@ - # @@ -3139,7 +3139,16 @@ /usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/cups/cgi-bin/.* -- gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/cups/filter/.* -- gen_context(system_u:object_r:bin_t,s0) -@@ -188,7 +197,12 @@ +@@ -163,6 +172,8 @@ + /usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0) + + /usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:sbin_t,s0) ++/usr/local/Brother/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0) ++/usr/local/Brother/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0) + + /usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0) + +@@ -188,7 +199,12 @@ /usr/lib/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0) /usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0) @@ -3152,7 +3161,7 @@ /usr/share/hwbrowser/hwbrowser -- gen_context(system_u:object_r:bin_t,s0) /usr/share/pwlib/make/ptlib-config -- gen_context(system_u:object_r:bin_t,s0) /usr/share/pydict/pydict\.py -- gen_context(system_u:object_r:bin_t,s0) -@@ -239,6 +253,7 @@ +@@ -239,6 +255,7 @@ /var/ftp/bin/ls -- gen_context(system_u:object_r:ls_exec_t,s0) /usr/lib/yp/.+ -- gen_context(system_u:object_r:bin_t,s0) @@ -3160,7 +3169,7 @@ /var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0) /var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) -@@ -247,3 +262,16 @@ +@@ -247,3 +264,16 @@ ifdef(`distro_suse',` /var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0) ') @@ -8834,13 +8843,16 @@ init_rw_utmp(portslave_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-2.4.6/policy/modules/services/postfix.fc --- nsaserefpolicy/policy/modules/services/postfix.fc 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/postfix.fc 2007-06-14 09:48:37.000000000 -0400 -@@ -9,10 +9,12 @@ - /usr/libexec/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0) - /usr/libexec/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t,s0) - /usr/libexec/postfix/smtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) ++++ serefpolicy-2.4.6/policy/modules/services/postfix.fc 2007-09-04 17:48:34.000000000 -0400 +@@ -3,6 +3,7 @@ + ifdef(`distro_redhat', ` + /usr/libexec/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0) + /usr/libexec/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) +/usr/libexec/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) - /usr/libexec/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) + /usr/libexec/postfix/local -- gen_context(system_u:object_r:postfix_local_exec_t,s0) + /usr/libexec/postfix/master -- gen_context(system_u:object_r:postfix_master_exec_t,s0) + /usr/libexec/postfix/pickup -- gen_context(system_u:object_r:postfix_pickup_exec_t,s0) +@@ -13,6 +14,7 @@ /usr/libexec/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0) /usr/libexec/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0) /usr/libexec/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t,s0) @@ -8850,8 +8862,8 @@ /usr/lib/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-2.4.6/policy/modules/services/postfix.if --- nsaserefpolicy/policy/modules/services/postfix.if 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/postfix.if 2007-06-04 13:46:25.000000000 -0400 -@@ -48,8 +48,6 @@ ++++ serefpolicy-2.4.6/policy/modules/services/postfix.if 2007-09-04 17:39:35.000000000 -0400 +@@ -48,10 +48,9 @@ can_exec(postfix_$1_t, postfix_$1_exec_t) allow postfix_$1_t postfix_exec_t:file rx_file_perms; @@ -8859,8 +8871,11 @@ - allow postfix_$1_t postfix_exec_t:dir r_dir_perms; allow postfix_$1_t postfix_master_t:process sigchld; ++ allow postfix_$1_t postfix_master_t:file read; + + allow postfix_$1_t postfix_spool_t:dir r_dir_perms; -@@ -147,10 +145,8 @@ +@@ -147,10 +146,8 @@ corenet_tcp_connect_all_ports(postfix_$1_t) corenet_sendrecv_all_client_packets(postfix_$1_t) @@ -8872,7 +8887,7 @@ ') ') -@@ -468,6 +464,26 @@ +@@ -468,6 +465,26 @@ ######################################## ## @@ -8899,7 +8914,7 @@ ## Execute postfix user mail programs ## in their respective domains. ## -@@ -484,3 +500,22 @@ +@@ -484,3 +501,22 @@ typeattribute $1 postfix_user_domtrans; ') @@ -8924,7 +8939,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.4.6/policy/modules/services/postfix.te --- nsaserefpolicy/policy/modules/services/postfix.te 2006-11-29 12:04:49.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/postfix.te 2007-06-14 09:55:45.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/services/postfix.te 2007-09-04 17:42:57.000000000 -0400 @@ -84,6 +84,12 @@ type postfix_var_run_t; files_pid_file(postfix_var_run_t) @@ -8967,7 +8982,7 @@ cyrus_stream_connect(postfix_master_t) ') -@@ -186,6 +200,10 @@ +@@ -186,9 +200,17 @@ ') optional_policy(` @@ -8978,7 +8993,14 @@ nis_use_ypbind(postfix_master_t) ') -@@ -222,6 +240,7 @@ ++optional_policy(` ++ sendmail_signal(postfix_master_t) ++') ++ + ########################################################### + # + # Partially converted rules. THESE ARE ONLY TEMPORARY +@@ -222,6 +244,7 @@ allow postfix_bounce_t self:capability dac_read_search; allow postfix_bounce_t self:tcp_socket create_socket_perms; @@ -8986,7 +9008,7 @@ allow postfix_bounce_t postfix_public_t:sock_file write; allow postfix_bounce_t postfix_public_t:dir search; -@@ -240,6 +259,7 @@ +@@ -240,6 +263,7 @@ # allow postfix_cleanup_t self:process setrlimit; @@ -8994,7 +9016,7 @@ # connect to master process allow postfix_cleanup_t postfix_master_t:unix_stream_socket connectto; -@@ -265,6 +285,7 @@ +@@ -265,6 +289,7 @@ allow postfix_local_t self:fifo_file rw_file_perms; allow postfix_local_t self:process { setsched setrlimit }; @@ -9002,7 +9024,7 @@ allow postfix_local_t postfix_local_tmp_t:dir create_dir_perms; allow postfix_local_t postfix_local_tmp_t:file create_file_perms; -@@ -298,6 +319,7 @@ +@@ -298,6 +323,7 @@ optional_policy(` # for postalias mailman_manage_data_files(postfix_local_t) @@ -9010,7 +9032,7 @@ ') optional_policy(` -@@ -382,6 +404,10 @@ +@@ -382,6 +408,10 @@ locallogin_dontaudit_use_fds(postfix_map_t) ') @@ -9021,7 +9043,7 @@ # a "run" interface needs to be # added, and have sysadm_t use it # in a optional_policy block. -@@ -394,6 +420,7 @@ +@@ -394,6 +424,7 @@ allow postfix_pickup_t self:tcp_socket create_socket_perms; allow postfix_pickup_t postfix_master_t:unix_stream_socket connectto; @@ -9029,7 +9051,7 @@ allow postfix_pickup_t postfix_private_t:dir search; allow postfix_pickup_t postfix_private_t:sock_file write; -@@ -412,7 +439,7 @@ +@@ -412,7 +443,7 @@ # Postfix pipe local policy # @@ -9038,7 +9060,7 @@ allow postfix_pipe_t postfix_private_t:dir search; allow postfix_pipe_t postfix_private_t:sock_file write; -@@ -423,6 +450,12 @@ +@@ -423,6 +454,12 @@ allow postfix_pipe_t postfix_spool_t:dir search; allow postfix_pipe_t postfix_spool_t:file rw_file_perms; @@ -9051,7 +9073,7 @@ optional_policy(` procmail_domtrans(postfix_pipe_t) ') -@@ -431,6 +464,14 @@ +@@ -431,6 +468,14 @@ mailman_domtrans_queue(postfix_pipe_t) ') @@ -9066,7 +9088,7 @@ ######################################## # # Postfix postdrop local policy -@@ -468,6 +509,10 @@ +@@ -468,6 +513,10 @@ ') optional_policy(` @@ -9077,7 +9099,7 @@ ppp_use_fds(postfix_postqueue_t) ppp_sigchld(postfix_postqueue_t) ') -@@ -515,6 +560,7 @@ +@@ -515,6 +564,7 @@ # allow postfix_qmgr_t postfix_master_t:unix_stream_socket connectto; @@ -9085,7 +9107,7 @@ allow postfix_qmgr_t postfix_private_t:dir search; allow postfix_qmgr_t postfix_private_t:sock_file rw_file_perms; -@@ -574,9 +620,14 @@ +@@ -574,9 +624,14 @@ allow postfix_smtp_t postfix_master_t:unix_stream_socket connectto; allow postfix_smtp_t { postfix_private_t postfix_public_t }:dir search; allow postfix_smtp_t { postfix_private_t postfix_public_t }:sock_file write; @@ -9100,7 +9122,7 @@ ######################################## # # Postfix smtpd local policy -@@ -594,9 +645,19 @@ +@@ -594,9 +649,19 @@ corecmd_exec_bin(postfix_smtpd_t) @@ -9120,7 +9142,7 @@ optional_policy(` postgrey_stream_connect(postfix_smtpd_t) -@@ -605,3 +666,34 @@ +@@ -605,3 +670,34 @@ optional_policy(` sasl_connect(postfix_smtpd_t) ') @@ -10238,8 +10260,34 @@ ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-2.4.6/policy/modules/services/sendmail.if --- nsaserefpolicy/policy/modules/services/sendmail.if 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/services/sendmail.if 2007-05-22 12:40:26.000000000 -0400 -@@ -76,6 +76,27 @@ ++++ serefpolicy-2.4.6/policy/modules/services/sendmail.if 2007-09-04 17:43:33.000000000 -0400 +@@ -56,6 +56,25 @@ + + allow $1 sendmail_t:tcp_socket { read write }; + ') ++ ++######################################## ++## ++##f allow domain to signal sendmail ++## ++## ++## ++## Domain to not audit. ++## ++## ++# ++interface(`sendmail_signal',` ++ gen_require(` ++ type sendmail_t; ++ ') ++ allow $1 sendmail_t:process signal; ++') ++ ++ + ######################################## + ## + ## Read and write sendmail unix_stream_sockets. +@@ -76,6 +95,27 @@ ######################################## ## @@ -10267,7 +10315,7 @@ ## Create, read, write, and delete sendmail logs. ## ## -@@ -91,6 +112,7 @@ +@@ -91,6 +131,7 @@ ') logging_search_logs($1) @@ -13889,7 +13937,7 @@ # /var/run diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.4.6/policy/modules/system/selinuxutil.if --- nsaserefpolicy/policy/modules/system/selinuxutil.if 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/selinuxutil.if 2007-05-23 10:43:52.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/selinuxutil.if 2007-09-04 16:32:49.000000000 -0400 @@ -471,6 +471,7 @@ role $2 types run_init_t; allow run_init_t $3:chr_file rw_term_perms; @@ -13916,15 +13964,37 @@ allow $1 default_context_t:file manage_file_perms; ') -@@ -821,7 +822,6 @@ +@@ -821,7 +822,28 @@ allow $1 selinux_config_t:dir search; allow $1 file_context_t:dir r_dir_perms; allow $1 file_context_t:file r_file_perms; - allow $1 file_context_t:lnk_file { getattr read }; ++') ++ ++######################################## ++## ++## dontaudit Read the file_contexts files. ++## ++## ++## ++## Domain allowed access. ++## ++## ++## ++# ++interface(`seutil_dontaudit_read_file_contexts',` ++ gen_require(` ++ type selinux_config_t, default_context_t, file_context_t; ++ ') ++ ++ files_search_etc($1) ++ dontaudit $1 { selinux_config_t default_context_t }:dir search_dir_perms; ++ dontaudit $1 file_context_t:dir search_dir_perms; ++ dontaudit $1 file_context_t:file r_file_perms; ') ######################################## -@@ -1014,6 +1014,7 @@ +@@ -1014,6 +1036,7 @@ gen_require(` type semanage_t, semanage_exec_t; ') @@ -13932,7 +14002,7 @@ files_search_usr($1) corecmd_search_bin($1) -@@ -1121,3 +1122,120 @@ +@@ -1121,3 +1144,120 @@ allow $1 selinux_config_t:dir search_dir_perms; allow $1 semanage_trans_lock_t:file rw_file_perms; ') From fedora-cvs-commits at redhat.com Wed Sep 5 03:30:30 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 4 Sep 2007 23:30:30 -0400 Subject: rpms/selinux-policy/FC-6 policy-fusermount.patch,1.5,1.6 Message-ID: <200709050330.l853UUb5019412@cvs.devel.redhat.com> Author: dwalsh Update of /cvs/dist/rpms/selinux-policy/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv19396 Modified Files: policy-fusermount.patch Log Message: * Sat Sep 1 2007 Dan Walsh 2.4.6-88 - Cleanup of fusermount/mount-ntfs and apcupsd to match rawhide - Allow cimserver to create pegasus_data directories Resolves: #213809 - Allow dmidecode to search sysfs_t Resolves: #263141 policy-fusermount.patch: kernel/files.fc | 1 + kernel/filesystem.te | 6 ++++++ system/fusermount.fc | 6 ++++++ system/fusermount.if | 41 +++++++++++++++++++++++++++++++++++++++++ system/fusermount.te | 46 ++++++++++++++++++++++++++++++++++++++++++++++ system/mount.fc | 2 -- system/mount.if | 1 + system/mount.te | 46 ++++++++++++++++++++++++++++++++++------------ 8 files changed, 135 insertions(+), 14 deletions(-) Index: policy-fusermount.patch =================================================================== RCS file: /cvs/dist/rpms/selinux-policy/FC-6/policy-fusermount.patch,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- policy-fusermount.patch 4 Sep 2007 14:00:30 -0000 1.5 +++ policy-fusermount.patch 5 Sep 2007 03:30:28 -0000 1.6 @@ -10,7 +10,7 @@ +/usr/bin/fusermount -- gen_context(system_u:object_r:fusermount_exec_t,s0) diff -up serefpolicy-2.4.6/policy/modules/system/mount.te.fusermount serefpolicy-2.4.6/policy/modules/system/mount.te --- serefpolicy-2.4.6/policy/modules/system/mount.te.fusermount 2007-08-10 09:53:24.000000000 -0400 -+++ serefpolicy-2.4.6/policy/modules/system/mount.te 2007-09-04 09:53:42.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/mount.te 2007-09-04 23:29:48.000000000 -0400 @@ -12,6 +12,9 @@ init_system_domain(mount_t,mount_exec_t) userdom_executable_file(mount_exec_t) role system_r types mount_t; @@ -75,7 +75,7 @@ ssh_sigchld(mount_t) ssh_rw_stream_sockets(mount_t) ') -@@ -201,4 +197,28 @@ optional_policy(` +@@ -201,4 +197,30 @@ optional_policy(` ifdef(`targeted_policy',` files_etc_filetrans_etc_runtime(unconfined_mount_t,file) unconfined_domain(unconfined_mount_t) @@ -94,8 +94,10 @@ + +corecmd_exec_shell(mount_t) + -+fusermount_domtrans(mount_t) -+fusermount_use_fds(mount_t) ++optional_policy(` ++ fusermount_domtrans(mount_t) ++ fusermount_use_fds(mount_t) ++') + +modutils_domtrans_insmod(mount_t) + From fedora-cvs-commits at redhat.com Wed Sep 5 12:10:35 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 5 Sep 2007 08:10:35 -0400 Subject: rpms/gd/FC-6 .cvsignore, 1.11, 1.12 gd-2.0.33-multilib.patch, 1.1, 1.2 gd-sparc64.patch, 1.1, 1.2 gd.spec, 1.38, 1.39 sources, 1.10, 1.11 Message-ID: <200709051210.l85CAZUI032075@cvs.devel.redhat.com> Author: varekova Update of /cvs/dist/rpms/gd/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv32057 Modified Files: .cvsignore gd-2.0.33-multilib.patch gd-sparc64.patch gd.spec sources Log Message: - update to 2.0.35 - fix several vulnerabilities #277421 Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/gd/FC-6/.cvsignore,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- .cvsignore 7 Sep 2005 15:21:28 -0000 1.11 +++ .cvsignore 5 Sep 2007 12:10:33 -0000 1.12 @@ -1 +1 @@ -gd-2.0.33.tar.gz +gd-2.0.35.tar.bz2 gd-2.0.33-multilib.patch: Makefile.in | 14 ++++++++++++-- config/gdlib-config.in | 7 ++++--- config/gdlib.pc.in | 14 ++++++++++++++ configure | 3 ++- 4 files changed, 32 insertions(+), 6 deletions(-) Index: gd-2.0.33-multilib.patch =================================================================== RCS file: /cvs/dist/rpms/gd/FC-6/gd-2.0.33-multilib.patch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- gd-2.0.33-multilib.patch 25 May 2006 08:24:50 -0000 1.1 +++ gd-2.0.33-multilib.patch 5 Sep 2007 12:10:33 -0000 1.2 @@ -1,5 +1,66 @@ ---- gd-2.0.33/config/gdlib-config.in.pom 2004-10-27 16:22:07.000000000 +0200 -+++ gd-2.0.33/config/gdlib-config.in 2006-05-24 15:42:32.000000000 +0200 +--- gd-2.0.34/Makefile.in.pom 2007-02-03 02:41:46.000000000 +0100 ++++ gd-2.0.34/Makefile.in 2007-02-08 13:34:06.000000000 +0100 +@@ -341,6 +341,7 @@ + ACLOCAL_AMFLAGS = -I config + SUBDIRS = config test + bin_SCRIPTS = bdftogd config/gdlib-config ++pkgconf_CFILE = config/gdlib.pc + EXTRA_DIST = README-JPEG.TXT README.TXT configure.pl bdftogd demoin.png err.out index.html install-item makefile.sample readme.jpn entities.html entities.tcl + include_HEADERS = gd.h gdfx.h gd_io.h gdcache.h gdfontg.h gdfontl.h gdfontmb.h gdfonts.h gdfontt.h entities.h + lib_LTLIBRARIES = libgd.la +@@ -553,6 +554,15 @@ + rm -f "$(DESTDIR)$(bindir)/$$f"; \ + done + ++install-pkgconfigCF: ++ $(mkdir_p) "$(DESTDIR)$(libdir)/pkgconfig" ++ echo " cp $(pkgconf_CFILE) $(DESTDIR)$(libdir)/pkgconfig/gdlib.pc" ++ cp $(pkgconf_CFILE) $(DESTDIR)$(libdir)/pkgconfig/gdlib.pc ++ ++uninstall-pkgconfigCF: ++ echo " rm $(DESTDIR)$(libdir)/pkgconfig/gdlib.pc" ++ rm $(DESTDIR)$(libdir)/pkgconfig/gdlib.pc ++ + mostlyclean-compile: + -rm -f *.$(OBJEXT) + +@@ -986,7 +996,7 @@ + + install-data-am: install-includeHEADERS + +-install-exec-am: install-binPROGRAMS install-binSCRIPTS \ ++install-exec-am: install-binPROGRAMS install-binSCRIPTS install-pkgconfigCF\ + install-libLTLIBRARIES + + install-info: install-info-recursive +@@ -1015,7 +1025,7 @@ + + ps-am: + +-uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS \ ++uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS uninstall-pkgconfigCF\ + uninstall-includeHEADERS uninstall-info-am \ + uninstall-libLTLIBRARIES + +--- gd-2.0.34/config/gdlib.pc.in.pom 2007-02-08 13:29:04.000000000 +0100 ++++ gd-2.0.34/config/gdlib.pc.in 2007-01-29 09:51:29.000000000 +0100 +@@ -0,0 +1,14 @@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++libdir=@libdir@ ++includedir=@includedir@ ++bindir=@bindir@ ++ldflags=@LDFLAGS@ ++ ++ ++Name: gd-devel ++Description: A graphics library for quick creation of PNG or JPEG images ++Version: @VERSION@ ++Requires: ++Libs: @LIBS@ ++Cflags: -I at includedir@ +--- gd-2.0.34/config/gdlib-config.in.pom 2007-02-03 02:41:00.000000000 +0100 ++++ gd-2.0.34/config/gdlib-config.in 2007-02-08 13:27:25.000000000 +0100 @@ -7,9 +7,10 @@ # installation directories prefix=@prefix@ @@ -8,7 +69,7 @@ +libdir=`pkg-config gdlib --variable=libdir` includedir=@includedir@ bindir=@bindir@ -+ldflags=`pkg-config gdlib --variable=ldflags` ++ldflags=`pkg-config gdlib --variable=ldflags` usage() { @@ -17,96 +78,35 @@ ;; --ldflags) - echo @LDFLAGS@ -+ echo $ldflags ++ echo $ldflags ;; --libs) - echo @LIBS@ + echo @LIBS@ @LIBICONV@ @@ -83,7 +84,7 @@ echo "GD library @VERSION@" echo "includedir: $includedir" echo "cflags: -I at includedir@" - echo "ldflags: @LDFLAGS@" + echo "ldflags: $ldflags" - echo "libs: @LIBS@" + echo "libs: @LIBS@ @LIBICONV@" echo "libdir: $libdir" echo "features: @FEATURES@" ---- /dev/null 2006-05-22 08:57:38.164651760 +0200 -+++ gd-2.0.33/config/gdlib.pc.in 2006-05-24 15:42:32.000000000 +0200 -@@ -0,0 +1,14 @@ -+prefix=@prefix@ -+exec_prefix=@exec_prefix@ -+libdir=@libdir@ -+includedir=@includedir@ -+bindir=@bindir@ -+ldflags=@LDFLAGS@ -+ -+ -+Name: gd-devel -+Description: A graphics library for quick creation of PNG or JPEG images -+Version: @VERSION@ -+Requires: -+Libs: @LIBS@ -+Cflags: -I at includedir@ ---- gd-2.0.33/configure.pom 2006-05-24 15:42:32.000000000 +0200 -+++ gd-2.0.33/configure 2006-05-24 15:42:32.000000000 +0200 -@@ -12688,7 +12688,7 @@ +--- gd-2.0.34/configure.pom 2007-02-08 13:25:00.000000000 +0100 ++++ gd-2.0.34/configure 2007-02-08 13:31:53.000000000 +0100 +@@ -24672,7 +24672,7 @@ Support for pthreads: $acx_pthread_ok - " >&6 + " >&6; } -- ac_config_files="$ac_config_files Makefile config/Makefile config/gdlib-config test/Makefile" -+ ac_config_files="$ac_config_files Makefile config/Makefile config/gdlib-config config/gdlib.pc test/Makefile" +-ac_config_files="$ac_config_files Makefile config/Makefile config/gdlib-config test/Makefile" ++ac_config_files="$ac_config_files Makefile config/Makefile config/gdlib-config config/gdlib.pc test/Makefile" cat >confcache <<\_ACEOF -@@ -13250,6 +13250,7 @@ - "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; - "config/Makefile" ) CONFIG_FILES="$CONFIG_FILES config/Makefile" ;; - "config/gdlib-config" ) CONFIG_FILES="$CONFIG_FILES config/gdlib-config" ;; -+ "config/gdlib.pc" ) CONFIG_FILES="$CONFIG_FILES config/gdlib.pc" ;; - "test/Makefile" ) CONFIG_FILES="$CONFIG_FILES test/Makefile" ;; - "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; - "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h:config.hin" ;; ---- gd-2.0.33/Makefile.in.pom 2004-11-04 00:14:44.000000000 +0100 -+++ gd-2.0.33/Makefile.in 2006-05-24 15:42:47.000000000 +0200 -@@ -317,6 +317,7 @@ - ACLOCAL_AMFLAGS = -I config - SUBDIRS = config test - bin_SCRIPTS = bdftogd config/gdlib-config -+pkgconf_CFILE = config/gdlib.pc - EXTRA_DIST = README-JPEG.TXT README.TXT configure.pl bdftogd demoin.png err.out index.html install-item makefile.sample readme.jpn entities.html entities.tcl - include_HEADERS = gd.h gdfx.h gd_io.h gdcache.h gdfontg.h gdfontl.h gdfontmb.h gdfonts.h gdfontt.h entities.h - lib_LTLIBRARIES = libgd.la -@@ -528,6 +529,15 @@ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done - -+install-pkgconfigCF: -+ $(mkdir_p) "$(DESTDIR)$(libdir)/pkgconfig" -+ echo " cp $(pkgconf_CFILE) $(DESTDIR)$(libdir)/pkgconfig/gdlib.pc" -+ cp $(pkgconf_CFILE) $(DESTDIR)$(libdir)/pkgconfig/gdlib.pc -+ -+uninstall-pkgconfigCF: -+ echo " rm $(DESTDIR)$(libdir)/pkgconfig/gdlib.pc" -+ rm $(DESTDIR)$(libdir)/pkgconfig/gdlib.pc -+ - mostlyclean-compile: - -rm -f *.$(OBJEXT) - -@@ -949,7 +959,7 @@ - - install-data-am: install-includeHEADERS - --install-exec-am: install-binPROGRAMS install-binSCRIPTS \ -+install-exec-am: install-binPROGRAMS install-binSCRIPTS install-pkgconfigCF \ - install-libLTLIBRARIES - - install-info: install-info-recursive -@@ -978,7 +988,7 @@ - - ps-am: - --uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS \ -+uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS uninstall-pkgconfigCF\ - uninstall-includeHEADERS uninstall-info-am \ - uninstall-libLTLIBRARIES +@@ -25257,6 +25257,7 @@ + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "config/Makefile") CONFIG_FILES="$CONFIG_FILES config/Makefile" ;; + "config/gdlib-config") CONFIG_FILES="$CONFIG_FILES config/gdlib-config" ;; ++ "config/gdlib.pc" ) CONFIG_FILES="$CONFIG_FILES config/gdlib.pc" ;; + "test/Makefile") CONFIG_FILES="$CONFIG_FILES test/Makefile" ;; + *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 gd-sparc64.patch: configure | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Index: gd-sparc64.patch =================================================================== RCS file: /cvs/dist/rpms/gd/FC-6/gd-sparc64.patch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- gd-sparc64.patch 19 Jul 2006 07:59:51 -0000 1.1 +++ gd-sparc64.patch 5 Sep 2007 12:10:33 -0000 1.2 @@ -1,13 +1,13 @@ ---- gd-2.0.33/configure.sparc64 2006-07-14 00:46:04.000000000 -0400 -+++ gd-2.0.33/configure 2006-07-14 00:47:14.000000000 -0400 -@@ -6679,8 +6679,8 @@ +--- gd-2.0.34/configure.sp 2007-02-08 13:44:32.000000000 +0100 ++++ gd-2.0.34/configure 2007-02-08 13:50:39.000000000 +0100 +@@ -9075,8 +9075,8 @@ - *) - if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then -- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' -- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' -+ archive_cmds='$CC $CFLAGS -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' -+ archive_expsym_cmds='$CC $CFLAGS -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - else - ld_shlibs=no - fi + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then +- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' +- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' ++ archive_cmds='$CC $CFLAGS -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' ++ archive_expsym_cmds='$CC $CFLAGS -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi Index: gd.spec =================================================================== RCS file: /cvs/dist/rpms/gd/FC-6/gd.spec,v retrieving revision 1.38 retrieving revision 1.39 diff -u -r1.38 -r1.39 --- gd.spec 29 May 2007 13:11:07 -0000 1.38 +++ gd.spec 5 Sep 2007 12:10:33 -0000 1.39 @@ -1,20 +1,15 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd -Version: 2.0.33 -Release: 11%{?dist} +Version: 2.0.35 +Release: 1%{?dist} Group: System Environment/Libraries License: BSD-style URL: http://www.boutell.com/gd/ -Source0: http://www.boutell.com/gd/http/%{name}-%{version}.tar.gz +Source0: http://www.boutell.com/gd/http/%{name}-%{version}.tar.bz2 Patch0: gd-2.0.33-freetype.patch -Patch1: gd-2.0.33-SetAAPixel.patch -Patch2: gd-2.0.33-security.patch Patch3: gd-2.0.33-multilib.patch Patch4: gd-loop.patch Patch5: gd-sparc64.patch -Patch6: gd-2.0.33-cve-07-0455.patch -Patch7: gd-2.0.33-loop1.patch -Patch8: gd-2.0.33-sf.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: freetype-devel, fontconfig-devel, libX11-devel, libXpm-devel BuildRequires: libjpeg-devel, libpng-devel, zlib-devel, pkgconfig @@ -55,14 +50,9 @@ %prep %setup -q %patch0 -p1 -b .freetype -%patch1 -p1 -b .SetAAPixel -%patch2 -p1 -b .security %patch3 -p1 -b .mlib %patch4 -p1 -b .loop %patch5 -p1 -b .sparc64 -%patch6 -p1 -b .cve-07-0455 -%patch7 -p1 -b .loop1 -%patch8 -p1 -b .sf %build %configure --disable-rpath @@ -102,6 +92,10 @@ %changelog +* Wed Sep 5 2007 Ivana Varekova - 2.0.35-1 +- update to 2.0.35 +- fix several vulnerabilities #277421 + * Tue May 29 2007 Ivana Varekova - 2.0.33-11 - fix problem with potential infinite loop - fix problem with possible stack overflow Index: sources =================================================================== RCS file: /cvs/dist/rpms/gd/FC-6/sources,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- sources 22 Mar 2005 17:58:20 -0000 1.10 +++ sources 5 Sep 2007 12:10:33 -0000 1.11 @@ -1 +1 @@ -be0a6d326cd8567e736fbc75df0a5c45 gd-2.0.33.tar.gz +6c6c3dbb7bf079e0bb5fbbfd3bb8a71c gd-2.0.35.tar.bz2 From fedora-cvs-commits at redhat.com Wed Sep 5 13:07:48 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 5 Sep 2007 09:07:48 -0400 Subject: rpms/dmraid/FC-6 dmraid.spec,1.72,1.73 Message-ID: <200709051307.l85D7mHg000896@cvs.devel.redhat.com> Author: heinzm Update of /cvs/dist/rpms/dmraid/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv881 Modified Files: dmraid.spec Log Message: Fix NVidia metadata format handler segfault Index: dmraid.spec =================================================================== RCS file: /cvs/dist/rpms/dmraid/FC-6/dmraid.spec,v retrieving revision 1.72 retrieving revision 1.73 diff -u -r1.72 -r1.73 --- dmraid.spec 18 Apr 2007 21:05:26 -0000 1.72 +++ dmraid.spec 5 Sep 2007 13:07:43 -0000 1.73 @@ -7,7 +7,7 @@ Summary: dmraid (Device-mapper RAID tool and library) Name: dmraid Version: 1.0.0.rc14 -Release: 2%{?dist} +Release: 3%{?dist} License: GPL Group: System Environment/Base URL: http://people.redhat.com/heinzm/sw/dmraid @@ -16,6 +16,7 @@ Requires: kpartx Source: ftp://people.redhat.com/heinzm/sw/dmraid/src/%{name}-%{version}.tar.bz2 Patch0: dmraid-1.0.0.rc14-jmicron-name.patch +Patch1: dmraid-1.0.0.rc14-nv-segfault.patch %description DMRAID supports RAID device discovery, RAID set activation and display of @@ -32,6 +33,7 @@ %prep %setup -q -n dmraid/%{version} %patch0 -p1 -b .jmicron-name +%patch1 -p0 -b .nv-segfault %build %configure --prefix=${RPM_BUILD_ROOT}/usr --sbindir=${RPM_BUILD_ROOT}/sbin --libdir=${RPM_BUILD_ROOT}/%{_libdir} --mandir=${RPM_BUILD_ROOT}/%{_mandir} --includedir=${RPM_BUILD_ROOT}/%{_includedir} --enable-debug --enable-libselinux --enable-libsepol --enable-static_link @@ -73,6 +75,10 @@ %{_libdir}/libdmraid.so %changelog +* Wed Sep 05 2007 Heinz Mauelshagen - 1.0.0.rc14-3 +- Fix NVIdia metadata format handler segfault +- Resolves 278341 + * Wed Apr 18 2007 Peter Jones - 1.0.0.rc14-2 - Fix jmicron name parsing (#219058) From fedora-cvs-commits at redhat.com Wed Sep 5 13:08:15 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 5 Sep 2007 09:08:15 -0400 Subject: rpms/dmraid/FC-6 dmraid-1.0.0.rc14-nv-segfault.patch,NONE,1.1 Message-ID: <200709051308.l85D8Fdc000930@cvs.devel.redhat.com> Author: heinzm Update of /cvs/dist/rpms/dmraid/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv914 Added Files: dmraid-1.0.0.rc14-nv-segfault.patch Log Message: Fix NVidia metadata format handler segfault dmraid-1.0.0.rc14-nv-segfault.patch: nv.c | 2 +- 1 files changed, 1 insertion(+), 1 deletion(-) --- NEW FILE dmraid-1.0.0.rc14-nv-segfault.patch --- --- ./lib/format/ataraid/nv.c.bigendian 2007-08-16 13:32:05.000000000 +0100 +++ ./lib/format/ataraid/nv.c 2007-08-16 13:32:21.000000000 +0100 @@ -155,7 +155,7 @@ CVT32(nv->unitFlags); CVT32(array->version); - while (i--); + while (i--) CVT32(array->signature[i]); CVT32(array->raidLevel); From fedora-cvs-commits at redhat.com Wed Sep 5 16:18:14 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 5 Sep 2007 12:18:14 -0400 Subject: rpms/kernel/FC-6 kernel-2.6.spec, 1.3017, 1.3018 linux-2.6-utrace-core.patch, 1.4, 1.5 linux-2.6-utrace-ptrace-compat.patch, 1.5, 1.6 linux-2.6-utrace-regset.patch, 1.3, 1.4 Message-ID: <200709051618.l85GIEAE008367@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv8350 Modified Files: kernel-2.6.spec linux-2.6-utrace-core.patch linux-2.6-utrace-ptrace-compat.patch linux-2.6-utrace-regset.patch Log Message: * Wed Sep 05 2007 Chuck Ebbert - Update utrace Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3017 retrieving revision 1.3018 diff -u -r1.3017 -r1.3018 --- kernel-2.6.spec 30 Aug 2007 17:19:56 -0000 1.3017 +++ kernel-2.6.spec 5 Sep 2007 16:18:08 -0000 1.3018 @@ -2239,6 +2239,9 @@ %endif %changelog +* Wed Sep 05 2007 Chuck Ebbert +- Update utrace + * Tue Aug 28 2007 Chuck Ebbert - CFS scheduler v20.5 (plus one bugfix) - Linux 2.6.22.6-rc1 linux-2.6-utrace-core.patch: Documentation/DocBook/Makefile | 2 Documentation/DocBook/utrace.tmpl | 23 Documentation/utrace.txt | 579 +++++++++ include/linux/sched.h | 5 include/linux/tracehook.h | 85 + include/linux/utrace.h | 544 ++++++++ init/Kconfig | 18 kernel/Makefile | 1 kernel/utrace.c | 2344 ++++++++++++++++++++++++++++++++++++++ 9 files changed, 3583 insertions(+), 18 deletions(-) Index: linux-2.6-utrace-core.patch =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/linux-2.6-utrace-core.patch,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- linux-2.6-utrace-core.patch 20 Jul 2007 18:47:39 -0000 1.4 +++ linux-2.6-utrace-core.patch 5 Sep 2007 16:18:09 -0000 1.5 @@ -24,11 +24,11 @@ Documentation/utrace.txt | 579 +++++++++ include/linux/sched.h | 5 include/linux/tracehook.h | 85 + - include/linux/utrace.h | 544 +++++++++ + include/linux/utrace.h | 544 ++++++++ init/Kconfig | 18 kernel/Makefile | 1 - kernel/utrace.c | 2263 ++++++++++++++++++++++++++++++++++++++ - 9 files changed, 3502 insertions(+), 18 deletions(-) + kernel/utrace.c | 2344 ++++++++++++++++++++++++++++++++++++++ + 9 files changed, 3583 insertions(+), 18 deletions(-) create kernel/utrace.c create Documentation/utrace.txt create Documentation/DocBook/utrace.tmpl @@ -50,7 +50,7 @@ =================================================================== --- /dev/null +++ b/kernel/utrace.c -@@ -0,0 +1,2263 @@ +@@ -0,0 +1,2344 @@ +/* + * utrace infrastructure interface for debugging user processes + * @@ -526,7 +526,7 @@ + */ +struct utrace_attached_engine * +utrace_attach(struct task_struct *target, int flags, -+ const struct utrace_engine_ops *ops, void *data) ++ const struct utrace_engine_ops *ops, void *data) +{ + struct utrace *utrace; + struct utrace_attached_engine *engine; @@ -628,10 +628,13 @@ +EXPORT_SYMBOL_GPL(utrace_attach); + +/* -+ * When an engine is detached, the target thread may still see it and make -+ * callbacks until it quiesces. We reset its event flags to just QUIESCE -+ * and install a special ops vector whose callback is dead_engine_delete. -+ * When the target thread quiesces, it can safely free the engine itself. ++ * When an engine is detached, the target thread may still see it ++ * and make callbacks until it quiesces. We install a special ops ++ * vector whose callbacks are all dead_engine_delete. When the ++ * target thread quiesces, it can safely free the engine itself. ++ * We must cover all callbacks in case of races between checking ++ * engine->flags and utrace_detach changing engine->ops. ++ * Only report_reap is never called due to a special case in utrace_reap. + */ +static u32 +dead_engine_delete(struct utrace_attached_engine *engine, @@ -640,9 +643,38 @@ + return UTRACE_ACTION_DETACH; +} + ++/* ++ * Don't use .report_xxx = ... style here because this way makes it easier ++ * to be sure we're forced to have an initializer here for every member. ++ */ +static const struct utrace_engine_ops dead_engine_ops = +{ -+ .report_quiesce = &dead_engine_delete ++ (u32 (*)(struct utrace_attached_engine *, struct task_struct *, ++ unsigned long, struct task_struct *)) &dead_engine_delete, ++ (u32 (*)(struct utrace_attached_engine *, struct task_struct *, ++ pid_t)) &dead_engine_delete, ++ &dead_engine_delete, ++ (u32 (*)(struct utrace_attached_engine *, struct task_struct *, ++ struct pt_regs *, u32, siginfo_t *, ++ const struct k_sigaction *, struct k_sigaction *)) ++ &dead_engine_delete, ++ (u32 (*)(struct utrace_attached_engine *, struct task_struct *, ++ int)) &dead_engine_delete, ++ (u32 (*)(struct utrace_attached_engine *, struct task_struct *, ++ const struct linux_binprm *, struct pt_regs *)) ++ &dead_engine_delete, ++ (u32 (*)(struct utrace_attached_engine *, struct task_struct *, ++ struct pt_regs *)) &dead_engine_delete, ++ (u32 (*)(struct utrace_attached_engine *, struct task_struct *, ++ struct pt_regs *)) &dead_engine_delete, ++ (u32 (*)(struct utrace_attached_engine *, struct task_struct *, ++ long, long *)) &dead_engine_delete, ++ (u32 (*)(struct utrace_attached_engine *, struct task_struct *)) ++ &dead_engine_delete, ++ NULL, /* report_reap */ ++ NULL, /* allow_access_process_vm */ ++ NULL, /* unsafe_exec */ ++ NULL, /* tracer_task */ +}; + + @@ -848,9 +880,32 @@ + return ret; + } + -+ flags = engine->flags; -+ engine->flags = UTRACE_EVENT(QUIESCE) | UTRACE_ACTION_QUIESCE; ++ /* ++ * This must work while the target thread races with us doing: ++ * if (engine->flags & UTRACE_EVENT(x)) REPORT(x, ...); ++ * The REPORT macro uses smp_rmb() between checking engine->flags ++ * and using engine->ops. Here we change engine->ops first, then ++ * use smp_wmb() before changing engine->flags. This ensures it ++ * can check the old flags before using the old ops, or check the ++ * old flags before using the new ops, or check the new flags ++ * before using the new ops, but can never check the new flags ++ * before using the old ops. Hence, dead_engine_ops might be used ++ * with any old flags in place. So, it has report_* callback ++ * pointers for every event type. Since it has to have those ++ * anyway, we enable (for after any potential race) all the events ++ * that have no overhead to enable. We want it to get into that ++ * callback and complete the detach ASAP. ++ */ + rcu_assign_pointer(engine->ops, &dead_engine_ops); ++ smp_wmb(); ++ flags = engine->flags; ++ engine->flags = (UTRACE_EVENT(QUIESCE) ++ | UTRACE_EVENT(CLONE) ++ | UTRACE_EVENT(VFORK_DONE) ++ | UTRACE_EVENT(EXEC) ++ | UTRACE_EVENT(EXIT) ++ | UTRACE_EVENT(JCTL) ++ | UTRACE_ACTION_QUIESCE); + + if (quiesce(target, 1)) { + remove_engine(engine, target, utrace); @@ -975,7 +1030,7 @@ +{ + struct utrace *utrace; + int report; -+ unsigned long old_flags, old_utrace_flags; ++ unsigned long old_flags, old_utrace_flags, set_utrace_flags; + int ret = -EALREADY; + +#ifdef ARCH_HAS_SINGLE_STEP @@ -1009,6 +1064,22 @@ + } + + /* ++ * When it's in TASK_STOPPED state, do not set UTRACE_EVENT(JCTL). ++ * That bit indicates utrace_report_jctl has not run yet and so the ++ * target cannot be considered quiescent. But if the bit wasn't ++ * already set, it can't be in running in there and really is ++ * quiescent now in its existing job control stop. We set ++ * UTRACE_ACTION_QUIESCE to be sure that once it resumes it will ++ * recompute its flags in utrace_quiescent. ++ */ ++ set_utrace_flags = flags; ++ if (((set_utrace_flags &~ old_utrace_flags) & UTRACE_EVENT(JCTL)) ++ && target->state == TASK_STOPPED) { ++ set_utrace_flags &= ~UTRACE_EVENT(JCTL); ++ set_utrace_flags |= UTRACE_ACTION_QUIESCE; ++ } ++ ++ /* + * When setting these flags, it's essential that we really + * synchronize with exit_notify. They cannot be set after + * exit_notify takes the tasklist_lock. By holding the read @@ -1018,20 +1089,20 @@ + * knows positively that utrace_report_death will be called or + * that it won't. + */ -+ if ((flags &~ old_utrace_flags) & (UTRACE_ACTION_NOREAP -+ | DEATH_EVENTS)) { ++ if ((set_utrace_flags &~ old_utrace_flags) & (UTRACE_ACTION_NOREAP ++ | DEATH_EVENTS)) { + read_lock(&tasklist_lock); + if (unlikely(target->exit_state)) { + read_unlock(&tasklist_lock); + spin_unlock(&utrace->lock); + return ret; + } -+ target->utrace_flags |= flags; ++ target->utrace_flags |= set_utrace_flags; + read_unlock(&tasklist_lock); + } + + engine->flags = flags; -+ target->utrace_flags |= flags; ++ target->utrace_flags |= set_utrace_flags; + ret = 0; + + report = 0; @@ -1153,10 +1224,20 @@ + return ret; +} + -+#define REPORT(callback, ...) do { \ -+ u32 ret = (*rcu_dereference(engine->ops)->callback) \ -+ (engine, tsk, ##__VA_ARGS__); \ -+ action = update_action(tsk, utrace, engine, ret); \ ++/* ++ * This macro is always used after checking engine->flags. ++ * The smp_rmb() here pairs with smp_wmb() in utrace_detach. ++ * engine->ops changes before engine->flags, so the flags we ++ * just tested properly enabled this report for the real ops, ++ * or harmlessly enabled it for dead_engine_ops. ++ */ ++#define REPORT(callback, ...) \ ++ do { \ ++ u32 ret; \ ++ smp_rmb(); \ ++ ret = (*rcu_dereference(engine->ops)->callback) \ ++ (engine, tsk, ##__VA_ARGS__); \ ++ action = update_action(tsk, utrace, engine, ret); \ + } while (0) + + @@ -2951,7 +3032,7 @@ struct linux_binprm; struct pt_regs; -@@ -342,6 +343,7 @@ utrace_regset_copyin_ignore(unsigned int +@@ -353,6 +354,7 @@ utrace_regset_copyin_ignore(unsigned int */ static inline void tracehook_init_task(struct task_struct *child) { @@ -2959,7 +3040,7 @@ } /* -@@ -350,6 +352,9 @@ static inline void tracehook_init_task(s +@@ -361,6 +363,9 @@ static inline void tracehook_init_task(s */ static inline void tracehook_release_task(struct task_struct *p) { @@ -2969,7 +3050,7 @@ } /* -@@ -359,7 +364,20 @@ static inline void tracehook_release_tas +@@ -370,7 +375,20 @@ static inline void tracehook_release_tas */ static inline int tracehook_check_released(struct task_struct *p) { @@ -2991,7 +3072,7 @@ } /* -@@ -370,7 +388,7 @@ static inline int tracehook_check_releas +@@ -381,7 +399,7 @@ static inline int tracehook_check_releas static inline int tracehook_notify_cldstop(struct task_struct *tsk, const siginfo_t *info) { @@ -3000,7 +3081,7 @@ } /* -@@ -384,7 +402,11 @@ static inline int tracehook_notify_cldst +@@ -395,7 +413,11 @@ static inline int tracehook_notify_cldst static inline int tracehook_notify_death(struct task_struct *tsk, int *noreap, void **death_cookie) { @@ -3013,7 +3094,7 @@ *noreap = 0; return 0; } -@@ -397,7 +419,8 @@ static inline int tracehook_notify_death +@@ -408,7 +430,8 @@ static inline int tracehook_notify_death static inline int tracehook_consider_fatal_signal(struct task_struct *tsk, int sig) { @@ -3023,7 +3104,7 @@ } /* -@@ -410,7 +433,7 @@ static inline int tracehook_consider_ign +@@ -421,7 +444,7 @@ static inline int tracehook_consider_ign int sig, void __user *handler) { @@ -3032,7 +3113,7 @@ } -@@ -421,7 +444,7 @@ static inline int tracehook_consider_ign +@@ -432,7 +455,7 @@ static inline int tracehook_consider_ign */ static inline int tracehook_induce_sigpending(struct task_struct *tsk) { @@ -3041,7 +3122,7 @@ } /* -@@ -436,6 +459,8 @@ static inline int tracehook_get_signal(s +@@ -447,6 +470,8 @@ static inline int tracehook_get_signal(s siginfo_t *info, struct k_sigaction *return_ka) { @@ -3050,7 +3131,7 @@ return 0; } -@@ -448,6 +473,8 @@ static inline int tracehook_get_signal(s +@@ -459,6 +484,8 @@ static inline int tracehook_get_signal(s */ static inline int tracehook_finish_stop(int last_one) { @@ -3059,7 +3140,7 @@ return 0; } -@@ -459,7 +486,7 @@ static inline int tracehook_finish_stop( +@@ -470,7 +497,7 @@ static inline int tracehook_finish_stop( */ static inline int tracehook_inhibit_wait_stopped(struct task_struct *child) { @@ -3068,7 +3149,7 @@ } /* -@@ -469,7 +496,7 @@ static inline int tracehook_inhibit_wait +@@ -480,7 +507,7 @@ static inline int tracehook_inhibit_wait */ static inline int tracehook_inhibit_wait_zombie(struct task_struct *child) { @@ -3077,7 +3158,7 @@ } /* -@@ -479,7 +506,7 @@ static inline int tracehook_inhibit_wait +@@ -490,7 +517,7 @@ static inline int tracehook_inhibit_wait */ static inline int tracehook_inhibit_wait_continued(struct task_struct *child) { @@ -3086,7 +3167,7 @@ } -@@ -489,13 +516,9 @@ static inline int tracehook_inhibit_wait +@@ -500,13 +527,9 @@ static inline int tracehook_inhibit_wait */ static inline int tracehook_unsafe_exec(struct task_struct *tsk) { @@ -3102,7 +3183,7 @@ } /* -@@ -510,6 +533,8 @@ static inline int tracehook_unsafe_exec( +@@ -521,6 +544,8 @@ static inline int tracehook_unsafe_exec( */ static inline struct task_struct *tracehook_tracer_task(struct task_struct *p) { @@ -3111,7 +3192,7 @@ return NULL; } -@@ -521,6 +546,8 @@ static inline int tracehook_allow_access +@@ -532,6 +557,8 @@ static inline int tracehook_allow_access { if (tsk == current) return 1; @@ -3120,7 +3201,7 @@ return 0; } -@@ -532,7 +559,7 @@ static inline int tracehook_allow_access +@@ -543,7 +570,7 @@ static inline int tracehook_allow_access */ static inline int tracehook_expect_breakpoints(struct task_struct *tsk) { @@ -3129,7 +3210,7 @@ } -@@ -555,6 +582,10 @@ static inline int tracehook_expect_break +@@ -566,6 +593,10 @@ static inline int tracehook_expect_break static inline void tracehook_report_death(struct task_struct *tsk, int exit_state, void *death_cookie) { @@ -3140,7 +3221,7 @@ } /* -@@ -564,14 +595,18 @@ static inline void tracehook_report_deat +@@ -575,14 +606,18 @@ static inline void tracehook_report_deat */ static inline void tracehook_report_delayed_group_leader(struct task_struct *p) { @@ -3160,7 +3241,7 @@ } /* -@@ -580,6 +615,8 @@ static inline void tracehook_report_exec +@@ -591,6 +626,8 @@ static inline void tracehook_report_exec */ static inline void tracehook_report_exit(long *exit_code) { @@ -3169,7 +3250,7 @@ } /* -@@ -594,6 +631,8 @@ static inline void tracehook_report_exit +@@ -605,6 +642,8 @@ static inline void tracehook_report_exit static inline void tracehook_report_clone(unsigned long clone_flags, struct task_struct *child) { @@ -3178,7 +3259,7 @@ } /* -@@ -607,6 +646,8 @@ static inline void tracehook_report_clon +@@ -618,6 +657,8 @@ static inline void tracehook_report_clon pid_t pid, struct task_struct *child) { @@ -3187,7 +3268,7 @@ } /* -@@ -618,6 +659,8 @@ static inline void tracehook_report_clon +@@ -629,6 +670,8 @@ static inline void tracehook_report_clon static inline void tracehook_report_vfork_done(struct task_struct *child, pid_t child_pid) { @@ -3196,7 +3277,7 @@ } /* -@@ -625,6 +668,9 @@ static inline void tracehook_report_vfor +@@ -636,6 +679,9 @@ static inline void tracehook_report_vfor */ static inline void tracehook_report_syscall(struct pt_regs *regs, int is_exit) { @@ -3206,7 +3287,7 @@ } /* -@@ -644,6 +690,11 @@ static inline void tracehook_report_hand +@@ -655,6 +701,11 @@ static inline void tracehook_report_hand const sigset_t *oldset, struct pt_regs *regs) { linux-2.6-utrace-ptrace-compat.patch: arch/i386/kernel/ptrace.c | 40 arch/powerpc/kernel/ptrace.c | 250 ++++ arch/powerpc/kernel/signal_32.c | 52 + arch/powerpc/lib/sstep.c | 3 arch/x86_64/ia32/ia32entry.S | 2 arch/x86_64/ia32/ptrace32.c | 56 - arch/x86_64/kernel/ptrace.c | 46 fs/proc/base.c | 40 include/asm-x86_64/ptrace-abi.h | 3 include/asm-x86_64/tracehook.h | 1 include/linux/ptrace.h | 221 +++- include/linux/sched.h | 4 init/Kconfig | 15 kernel/Makefile | 3 kernel/exit.c | 13 kernel/fork.c | 2 kernel/ptrace.c | 2052 +++++++++++++++++++++++++++++++++++++--- kernel/sys_ni.c | 4 18 files changed, 2633 insertions(+), 174 deletions(-) Index: linux-2.6-utrace-ptrace-compat.patch =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/linux-2.6-utrace-ptrace-compat.patch,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- linux-2.6-utrace-ptrace-compat.patch 20 Jul 2007 18:47:39 -0000 1.5 +++ linux-2.6-utrace-ptrace-compat.patch 5 Sep 2007 16:18:09 -0000 1.6 @@ -28,9 +28,9 @@ kernel/Makefile | 3 kernel/exit.c | 13 kernel/fork.c | 2 - kernel/ptrace.c | 2051 +++++++++++++++++++++++++++++++++++++--- + kernel/ptrace.c | 2052 +++++++++++++++++++++++++++++++++++++--- kernel/sys_ni.c | 4 - 18 files changed, 2632 insertions(+), 174 deletions(-) + 18 files changed, 2633 insertions(+), 174 deletions(-) Index: b/fs/proc/base.c =================================================================== @@ -87,7 +87,7 @@ =================================================================== --- a/arch/i386/kernel/ptrace.c +++ b/arch/i386/kernel/ptrace.c -@@ -735,6 +735,46 @@ const struct utrace_regset_view *utrace_ +@@ -739,6 +739,46 @@ const struct utrace_regset_view *utrace_ return &utrace_i386_native; } @@ -138,7 +138,7 @@ =================================================================== --- a/arch/x86_64/ia32/ptrace32.c +++ b/arch/x86_64/ia32/ptrace32.c -@@ -166,11 +166,6 @@ static int getreg32(struct task_struct * +@@ -167,11 +167,6 @@ static int getreg32(struct task_struct * #undef R32 @@ -150,7 +150,7 @@ static int ia32_genregs_get(struct task_struct *target, const struct utrace_regset *regset, -@@ -600,3 +595,54 @@ const struct utrace_regset_view utrace_i +@@ -604,3 +599,54 @@ const struct utrace_regset_view utrace_i .name = "i386", .e_machine = EM_386, .regsets = ia32_regsets, .n = ARRAY_SIZE(ia32_regsets) }; @@ -222,7 +222,7 @@ =================================================================== --- a/arch/x86_64/kernel/ptrace.c +++ b/arch/x86_64/kernel/ptrace.c -@@ -714,6 +714,52 @@ const struct utrace_regset_view *utrace_ +@@ -717,6 +717,52 @@ const struct utrace_regset_view *utrace_ } @@ -683,7 +683,7 @@ =================================================================== --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -19,194 +19,2007 @@ +@@ -19,194 +19,2008 @@ #include #include #include @@ -746,19 +746,66 @@ +}; + +static const struct utrace_engine_ops ptrace_utrace_ops; /* Initialized below. */ + + /* +- * Check that we have indeed attached to the thing.. ++ * We use this bit in task_struct.exit_code of a ptrace'd task to indicate ++ * a ptrace stop. It must not overlap with any bits used in real exit_code's. ++ * Those are (PTRACE_EVENT_* << 8) | 0xff. + */ +-int ptrace_check_attach(struct task_struct *child, int kill) ++#define PTRACE_TRAPPED_MASK 0x10000 ++ + +static void +ptrace_state_unlink(struct ptrace_state *state) -+{ + { +- return -ENOSYS; + task_lock(state->parent); + list_del_rcu(&state->entry); + task_unlock(state->parent); -+} -+ + } + +-static int may_attach(struct task_struct *task) +static struct ptrace_state * +ptrace_setup(struct task_struct *target, struct utrace_attached_engine *engine, + struct task_struct *parent, u8 options, int cap_sys_ptrace) -+{ + { +- /* May we inspect the given task? +- * This check is used both for attaching with ptrace +- * and for allowing access to sensitive information in /proc. +- * +- * ptrace_attach denies several cases that /proc allows +- * because setting up the necessary parent/child relationship +- * or halting the specified task is impossible. +- */ +- int dumpable = 0; +- /* Don't let security modules deny introspection */ +- if (task == current) +- return 0; +- if (((current->uid != task->euid) || +- (current->uid != task->suid) || +- (current->uid != task->uid) || +- (current->gid != task->egid) || +- (current->gid != task->sgid) || +- (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE)) +- return -EPERM; +- smp_rmb(); +- if (task->mm) +- dumpable = task->mm->dumpable; +- if (!dumpable && !capable(CAP_SYS_PTRACE)) +- return -EPERM; +- +- return security_ptrace(current, task); +-} +- +-int ptrace_may_attach(struct task_struct *task) +-{ +- int err; +- task_lock(task); +- err = may_attach(task); +- task_unlock(task); +- return !err; + struct ptrace_state *state; + + NO_LOCKS; @@ -818,17 +865,14 @@ + BUG_ON(state->rcu.next); + call_rcu(&state->rcu, ptrace_state_free); +} - - /* -- * Check that we have indeed attached to the thing.. ++ ++/* + * Update the tracing engine state to match the new ptrace state. - */ --int ptrace_check_attach(struct task_struct *child, int kill) ++ */ +static int __must_check +ptrace_update(struct task_struct *target, struct ptrace_state *state, + unsigned long flags, int from_stopped) - { -- return -ENOSYS; ++{ + int ret; + + START_CHECK; @@ -893,9 +937,8 @@ + END_CHECK; + + return ret; - } - --static int may_attach(struct task_struct *task) ++} ++ +/* + * This does ptrace_update and also installs state in engine->data. + * Only after utrace_set_flags succeeds (in ptrace_update) inside @@ -907,42 +950,7 @@ + */ +static int __must_check +ptrace_setup_finish(struct task_struct *target, struct ptrace_state *state) - { -- /* May we inspect the given task? -- * This check is used both for attaching with ptrace -- * and for allowing access to sensitive information in /proc. -- * -- * ptrace_attach denies several cases that /proc allows -- * because setting up the necessary parent/child relationship -- * or halting the specified task is impossible. -- */ -- int dumpable = 0; -- /* Don't let security modules deny introspection */ -- if (task == current) -- return 0; -- if (((current->uid != task->euid) || -- (current->uid != task->suid) || -- (current->uid != task->uid) || -- (current->gid != task->egid) || -- (current->gid != task->sgid) || -- (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE)) -- return -EPERM; -- smp_rmb(); -- if (task->mm) -- dumpable = task->mm->dumpable; -- if (!dumpable && !capable(CAP_SYS_PTRACE)) -- return -EPERM; -- -- return security_ptrace(current, task); --} -- --int ptrace_may_attach(struct task_struct *task) --{ -- int err; -- task_lock(task); -- err = may_attach(task); -- task_unlock(task); -- return !err; ++{ + int ret; + + NO_LOCKS; @@ -1087,8 +1095,6 @@ + if (retval) + (void) utrace_detach(task, engine); + else { -+ int stopped = 0; -+ + NO_LOCKS; + + /* @@ -1098,48 +1104,14 @@ + * We cannot call into the signal code if it's dead. + */ + read_lock(&tasklist_lock); -+ if (likely(!task->exit_state)) { ++ if (likely(!task->exit_state)) + force_sig_specific(SIGSTOP, task); -+ -+ spin_lock_irq(&task->sighand->siglock); -+ stopped = (task->state == TASK_STOPPED); -+ spin_unlock_irq(&task->sighand->siglock); -+ } + read_unlock(&tasklist_lock); + -+ if (stopped) { -+ const struct utrace_regset *regset; -+ -+ /* -+ * Set QUIESCE immediately, so we can allow -+ * ptrace requests while he's in TASK_STOPPED. -+ */ -+ retval = ptrace_update(task, state, /* XXX child death+other thread waits race could have freed state already */ -+ UTRACE_ACTION_QUIESCE, 0); -+ if (retval) -+ /* -+ * Anything is possible here. It might not -+ * really have been quiescent yet. It -+ * might have just woken up and died. -+ */ -+ BUG_ON(retval != -ESRCH && retval != -EALREADY); -+ retval = 0; -+ -+ /* -+ * Do now the regset 0 writeback that we do on every -+ * stop, since it's never been done. On register -+ * window machines, this makes sure the user memory -+ * backing the register data is up to date. -+ */ -+ regset = utrace_regset(task, engine, -+ utrace_native_view(task), 0); -+ if (regset->writeback) -+ (*regset->writeback)(task, regset, 1); -+ } -+ + pr_debug("%d ptrace_attach %d complete (%sstopped)" + " state %lu code %x", -+ current->pid, task->pid, stopped ? "" : "not ", ++ current->pid, task->pid, ++ task->state == TASK_STOPPED ? "" : "not ", + task->state, task->exit_code); + } @@ -1488,7 +1460,13 @@ + else + ret = (*regset->get)(target, regset, + pos, n, kdata, udata); -+ } + } +- if (copy_to_user(dst, buf, retval)) +- return -EFAULT; +- copied += retval; +- src += retval; +- dst += retval; +- len -= retval; + + if (kdata) + kdata += n; @@ -1536,7 +1514,8 @@ + if (request == PTRACE_ATTACH) { + ret = ptrace_attach(child); + goto out_tsk; -+ } + } +- return copied; + + rcu_read_lock(); + engine = utrace_attach(child, UTRACE_ATTACH_MATCH_OPS, @@ -1563,13 +1542,7 @@ + if (child->state == TASK_STOPPED) + ret = 0; + unlock_task_sighand(child, &flags); - } -- if (copy_to_user(dst, buf, retval)) -- return -EFAULT; -- copied += retval; -- src += retval; -- dst += retval; -- len -= retval; ++ } + if (ret == 0) { + ret = ptrace_update(child, state, + UTRACE_ACTION_QUIESCE, 0); @@ -1586,8 +1559,7 @@ + } + + ret = -ESRCH; /* Return value for exit_state bail-out. */ - } -- return copied; ++ } + + rcu_read_unlock(); + @@ -1783,11 +1755,7 @@ + if (ret == 0) { + ret = val; + force_successful_syscall_return(); - } -- copied += retval; -- src += retval; -- dst += retval; -- len -= retval; ++ } + goto out_tsk; + } + @@ -1807,8 +1775,7 @@ + break; + ret = put_user(tmp, (unsigned long __user *) data); + break; - } -- return copied; ++ } + + case PTRACE_POKETEXT: /* write the word at location addr. */ + case PTRACE_POKEDATA: @@ -1837,9 +1804,14 @@ + (siginfo_t __user *) data, + sizeof(siginfo_t))) + ret = -EFAULT; -+ } + } +- copied += retval; +- src += retval; +- dst += retval; +- len -= retval; + break; -+ } + } +- return copied; + +out_tsk: + NO_LOCKS; @@ -1936,13 +1908,13 @@ + return ret; } +#endif ++ -/** - * ptrace_traceme -- helper for PTRACE_TRACEME - * - * Performs checks and sets PT_PTRACED. - * Should be used by all ptrace implementations for PTRACE_TRACEME. -+ +/* + * Detach the zombie being reported for wait. */ @@ -2104,7 +2076,29 @@ + * check fails we are sure to get a wakeup if it stops. + */ + exit_code = xchg(&p->exit_code, 0); -+ if (exit_code) ++ if (exit_code & PTRACE_TRAPPED_MASK) ++ goto found; ++ ++ /* ++ * If p was in job-control stop (TASK_STOPPED) rather than ++ * ptrace stop (TASK_TRACED), then SIGCONT can asynchronously ++ * clear it back to TASK_RUNNING. Until it gets scheduled ++ * and clears its own ->exit_code, our xchg below will see ++ * its stop signal. But, we must not report it if it's no ++ * longer in TASK_STOPPED, as vanilla wait would not--the ++ * caller can tell if it sent the SIGCONT before calling ++ * wait. We must somehow distinguish this from the case ++ * where p is in TASK_RUNNING with p->exit_code set because ++ * it is on its way to entering TASK_TRACED (QUIESCE) for our ++ * stop. So, ptrace_report sets the PTRACE_TRAPPED_MASK bit ++ * in exit_code when it's setting QUIESCE. For a job control ++ * control stop, that bit will never have been set. Since ++ * the bit's not set now, we should only report right now if ++ * p is still stopped. For this case we are protected by ++ * races the same wait that vanilla do_wait (exit.c) is: ++ * wait_chldexit is woken after p->state is set to TASK_STOPPED. ++ */ ++ if (p->state == TASK_STOPPED) + goto found; + + // XXX should handle WCONTINUED @@ -2155,6 +2149,7 @@ + } + else { + why = CLD_TRAPPED; ++ exit_code &= ~PTRACE_TRAPPED_MASK; + status = exit_code; + exit_code = (status << 8) | 0x7f; + } @@ -2333,8 +2328,14 @@ + */ + utrace_set_flags(tsk, engine, engine->flags | UTRACE_ACTION_QUIESCE); + ++ /* ++ * The PTRACE_TRAPPED_MASK bit distinguishes to ptrace_do_wait that ++ * this is a ptrace report, so we expect to enter TASK_TRACED but ++ * might not be there yet when examined. ++ */ + BUG_ON(code == 0); -+ tsk->exit_code = code; ++ WARN_ON(code &~ 0x7ff); ++ tsk->exit_code = code | PTRACE_TRAPPED_MASK; + do_notify(tsk, state->parent, CLD_TRAPPED); + + pr_debug("%d ptrace_report quiescing exit_code %x\n", linux-2.6-utrace-regset.patch: arch/powerpc/kernel/ptrace-common.h | 145 ------ arch/powerpc/kernel/ptrace32.c | 443 ------------------- b/arch/i386/kernel/i387.c | 143 +++--- b/arch/i386/kernel/ptrace.c | 826 ++++++++++++++++++++---------------- b/arch/powerpc/kernel/Makefile | 4 b/arch/powerpc/kernel/ptrace.c | 718 +++++++++++++++---------------- b/arch/x86_64/ia32/fpu32.c | 92 +++- b/arch/x86_64/ia32/ptrace32.c | 725 ++++++++++++++++++++----------- b/arch/x86_64/kernel/ptrace.c | 733 +++++++++++++++++++------------ b/include/asm-i386/i387.h | 13 b/include/asm-x86_64/fpu32.h | 3 b/include/asm-x86_64/tracehook.h | 8 b/include/linux/tracehook.h | 255 ++++++++++- b/kernel/ptrace.c | 8 14 files changed, 2147 insertions(+), 1969 deletions(-) Index: linux-2.6-utrace-regset.patch =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/linux-2.6-utrace-regset.patch,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- linux-2.6-utrace-regset.patch 19 Jul 2007 17:46:36 -0000 1.3 +++ linux-2.6-utrace-regset.patch 5 Sep 2007 16:18:09 -0000 1.4 @@ -12,25 +12,27 @@ --- arch/i386/kernel/i387.c | 143 +++--- - arch/i386/kernel/ptrace.c | 822 ++++++++++++++++++++--------------- - arch/x86_64/ia32/ptrace32.c | 719 ++++++++++++++++++++----------- - arch/x86_64/ia32/fpu32.c | 92 +++- - arch/x86_64/kernel/ptrace.c | 730 +++++++++++++++++++------------ + arch/i386/kernel/ptrace.c | 826 ++++++++++++++++++++---------------- arch/powerpc/kernel/Makefile | 4 - arch/powerpc/kernel/ptrace32.c | 443 ------------------- - arch/powerpc/kernel/ptrace.c | 718 +++++++++++++++---------------- arch/powerpc/kernel/ptrace-common.h | 145 ------ - kernel/ptrace.c | 8 - include/linux/tracehook.h | 244 ++++++++++ - include/asm-i386/i387.h | 13 - + arch/powerpc/kernel/ptrace.c | 718 +++++++++++++++---------------- + arch/powerpc/kernel/ptrace32.c | 443 ------------------- + arch/x86_64/ia32/fpu32.c | 92 +++- + arch/x86_64/ia32/ptrace32.c | 725 ++++++++++++++++++++----------- + arch/x86_64/kernel/ptrace.c | 733 +++++++++++++++++++------------ + include/asm-i386/i387.h | 13 include/asm-x86_64/fpu32.h | 3 include/asm-x86_64/tracehook.h | 8 - 14 files changed, 2124 insertions(+), 1968 deletions(-) + include/linux/tracehook.h | 255 ++++++++++- + kernel/ptrace.c | 8 + 14 files changed, 2147 insertions(+), 1969 deletions(-) delete arch/powerpc/kernel/ptrace32.c delete arch/powerpc/kernel/ptrace-common.h ---- linux-2.6/arch/i386/kernel/i387.c -+++ linux-2.6/arch/i386/kernel/i387.c +Index: b/arch/i386/kernel/i387.c +=================================================================== +--- a/arch/i386/kernel/i387.c ++++ b/arch/i386/kernel/i387.c @@ -222,14 +222,10 @@ void set_fpu_twd( struct task_struct *ts * FXSR floating point environment conversions. */ @@ -240,19 +242,22 @@ } /* ---- linux-2.6/arch/i386/kernel/ptrace.c -+++ linux-2.6/arch/i386/kernel/ptrace.c -@@ -17,7 +17,9 @@ +Index: b/arch/i386/kernel/ptrace.c +=================================================================== +--- a/arch/i386/kernel/ptrace.c ++++ b/arch/i386/kernel/ptrace.c +@@ -17,7 +17,10 @@ #include #include #include +#include ++#include +#include #include #include #include -@@ -28,10 +30,6 @@ +@@ -28,10 +31,6 @@ #include #include @@ -263,7 +268,7 @@ /* * Determines which flags the user has access to [1 = access, 0 = no access]. -@@ -40,9 +38,6 @@ +@@ -40,9 +39,6 @@ */ #define FLAG_MASK 0x00050dd5 @@ -273,7 +278,7 @@ /* * Offset of eflags on child stack.. */ -@@ -90,28 +85,35 @@ static int putreg(struct task_struct *ch +@@ -90,28 +86,35 @@ static int putreg(struct task_struct *ch unsigned long regno, unsigned long value) { switch (regno >> 2) { @@ -331,7 +336,7 @@ } if (regno > FS*4) regno -= 1*4; -@@ -125,20 +127,28 @@ static unsigned long getreg(struct task_ +@@ -125,20 +128,28 @@ static unsigned long getreg(struct task_ unsigned long retval = ~0UL; switch (regno >> 2) { @@ -374,7 +379,7 @@ } return retval; } -@@ -230,11 +240,11 @@ void tracehook_enable_single_step(struct +@@ -230,11 +241,11 @@ void tracehook_enable_single_step(struct /* * If TF was already set, don't do anything else */ @@ -388,7 +393,7 @@ /* * ..but if TF is changed by the instruction we will trace, -@@ -255,29 +265,311 @@ void tracehook_disable_single_step(struc +@@ -255,20 +266,300 @@ void tracehook_disable_single_step(struc /* But touch TF only if it was set by us.. */ if (test_and_clear_tsk_thread_flag(child, TIF_FORCED_TF)) { struct pt_regs *regs = get_child_regs(child); @@ -697,6 +702,9 @@ /* * Perform get_thread_area on behalf of the traced child. */ +@@ -273,11 +564,13 @@ void ptrace_disable(struct task_struct * + * Perform get_thread_area on behalf of the traced child. + */ static int -ptrace_get_thread_area(struct task_struct *child, - int idx, struct user_desc __user *user_desc) @@ -712,7 +720,7 @@ /* * Get the current Thread-Local Storage area: -@@ -299,23 +591,29 @@ ptrace_get_thread_area(struct task_struc +@@ -299,23 +592,29 @@ ptrace_get_thread_area(struct task_struc #define GET_PRESENT(desc) (((desc)->b >> 15) & 1) #define GET_USEABLE(desc) (((desc)->b >> 20) & 1) @@ -759,7 +767,7 @@ return 0; } -@@ -324,304 +622,120 @@ ptrace_get_thread_area(struct task_struc +@@ -324,304 +623,123 @@ ptrace_get_thread_area(struct task_struc * Perform set_thread_area on behalf of the traced child. */ static int @@ -1110,16 +1118,19 @@ + */ +static const struct utrace_regset native_regsets[] = { + { ++ .core_note_type = NT_PRSTATUS, + .n = FRAME_SIZE, .size = sizeof(long), .align = sizeof(long), + .get = genregs_get, .set = genregs_set + }, + { ++ .core_note_type = NT_PRFPREG, + .n = sizeof(struct user_i387_struct) / sizeof(long), + .size = sizeof(long), .align = sizeof(long), + .active = fpregs_active, + .get = fpregs_get, .set = fpregs_set + }, + { ++ .core_note_type = NT_PRXFPREG, + .n = sizeof(struct user_fxsr_struct) / sizeof(long), + .size = sizeof(long), .align = sizeof(long), + .active = fpxregs_active, @@ -1160,11 +1171,15 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, int error_code) { struct siginfo info; ---- linux-2.6/arch/x86_64/ia32/ptrace32.c -+++ linux-2.6/arch/x86_64/ia32/ptrace32.c -@@ -16,7 +16,11 @@ +Index: b/arch/x86_64/ia32/ptrace32.c +=================================================================== +--- a/arch/x86_64/ia32/ptrace32.c ++++ b/arch/x86_64/ia32/ptrace32.c +@@ -15,8 +15,13 @@ + #include #include #include ++#include #include +#include +#include @@ -1174,7 +1189,7 @@ #include #include #include -@@ -25,7 +29,8 @@ +@@ -25,7 +30,8 @@ #include #include #include @@ -1184,7 +1199,7 @@ /* * Determines which flags the user has access to [1 = access, 0 = no access]. -@@ -35,34 +40,41 @@ +@@ -35,34 +41,41 @@ #define FLAG_MASK 0x54dd5UL #define R32(l,q) \ @@ -1239,7 +1254,7 @@ if ((val & 3) != 3) return -EIO; stack[offsetof(struct pt_regs, cs)/8] = val & 0xffff; break; -@@ -78,57 +90,16 @@ static int putreg32(struct task_struct * +@@ -78,57 +91,16 @@ static int putreg32(struct task_struct * R32(eip, rip); R32(esp, rsp); @@ -1300,7 +1315,7 @@ } return 0; } -@@ -136,24 +107,33 @@ static int putreg32(struct task_struct * +@@ -136,24 +108,33 @@ static int putreg32(struct task_struct * #undef R32 #define R32(l,q) \ @@ -1347,7 +1362,7 @@ break; R32(cs, cs); -@@ -167,239 +147,456 @@ static int getreg32(struct task_struct * +@@ -167,239 +148,459 @@ static int getreg32(struct task_struct * R32(eax, rax); R32(orig_eax, orig_rax); R32(eip, rip); @@ -1396,7 +1411,7 @@ -static long ptrace32_siginfo(unsigned request, u32 pid, u32 addr, u32 data) +asmlinkage long sys32_ptrace(long request, u32 pid, u32 addr, u32 data) - { ++{ + return -ENOSYS; +} + @@ -1405,7 +1420,7 @@ + const struct utrace_regset *regset, + unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) -+{ + { + if (kbuf) { + u32 *kp = kbuf; + while (count > 0) { @@ -1473,7 +1488,13 @@ + void *kbuf, void __user *ubuf) +{ + struct user_i387_ia32_struct fp; -+ int ret; + int ret; +- compat_siginfo_t __user *si32 = compat_ptr(data); +- siginfo_t ssi; +- siginfo_t __user *si = compat_alloc_user_space(sizeof(siginfo_t)); +- if (request == PTRACE_SETSIGINFO) { +- memset(&ssi, 0, sizeof(siginfo_t)); +- ret = copy_siginfo_from_user32(&ssi, si32); + + if (tsk_used_math(target)) { + if (target == current) @@ -1497,13 +1518,7 @@ + const void *kbuf, const void __user *ubuf) +{ + struct user_i387_ia32_struct fp; - int ret; -- compat_siginfo_t __user *si32 = compat_ptr(data); -- siginfo_t ssi; -- siginfo_t __user *si = compat_alloc_user_space(sizeof(siginfo_t)); -- if (request == PTRACE_SETSIGINFO) { -- memset(&ssi, 0, sizeof(siginfo_t)); -- ret = copy_siginfo_from_user32(&ssi, si32); ++ int ret; + + if (tsk_used_math(target)) { + if (target == current) @@ -1645,41 +1660,33 @@ - else - ret = put_user(val, (unsigned int __user *)datap); - break; -+ target->thread.i387.fxsave.mxcsr &= mxcsr_feature_mask; - +- - case PTRACE_POKEDATA: - case PTRACE_POKETEXT: - ret = 0; - if (access_process_vm(child, addr, &data, sizeof(u32), 1)!=sizeof(u32)) - ret = -EIO; - break; -+ return ret; -+} ++ target->thread.i387.fxsave.mxcsr &= mxcsr_feature_mask; - case PTRACE_PEEKUSR: - ret = getreg32(child, addr, &val); - if (ret == 0) - ret = put_user(val, (__u32 __user *)datap); - break; -+static int -+ia32_dbregs_active(struct task_struct *tsk, const struct utrace_regset *regset) -+{ -+ if (tsk->thread.debugreg6 | tsk->thread.debugreg7) -+ return 8; -+ return 0; ++ return ret; +} - case PTRACE_POKEUSR: - ret = putreg32(child, addr, data); - break; +static int -+ia32_dbregs_get(struct task_struct *target, -+ const struct utrace_regset *regset, -+ unsigned int pos, unsigned int count, -+ void *kbuf, void __user *ubuf) ++ia32_dbregs_active(struct task_struct *tsk, const struct utrace_regset *regset) +{ -+ for (pos >>= 2, count >>= 2; count > 0; --count, ++pos) { -+ u32 val; ++ if (tsk->thread.debugreg6 | tsk->thread.debugreg7) ++ return 8; ++ return 0; ++} - case PTRACE_GETREGS: { /* Get all gp regs from the child. */ - int i; @@ -1692,6 +1699,15 @@ - getreg32(child, i, &val); - ret |= __put_user(val,(u32 __user *)datap); - datap += sizeof(u32); ++static int ++ia32_dbregs_get(struct task_struct *target, ++ const struct utrace_regset *regset, ++ unsigned int pos, unsigned int count, ++ void *kbuf, void __user *ubuf) ++{ ++ for (pos >>= 2, count >>= 2; count > 0; --count, ++pos) { ++ u32 val; ++ + /* + * The hardware updates the status register on a debug trap, + * but do_debug (traps.c) saves it for us when that happens. @@ -1934,8 +1950,8 @@ + put_cpu(); + + return 0; - } - ++} ++ +/* + * Determine how many TLS slots are in use. + */ @@ -1950,8 +1966,8 @@ + break; + } + return i; -+} -+ + } + + +/* + * This should match arch/i386/kernel/ptrace.c:native_regsets. @@ -1959,17 +1975,20 @@ + */ +static const struct utrace_regset ia32_regsets[] = { + { ++ .core_note_type = NT_PRSTATUS, + .n = sizeof(struct user_regs_struct32)/4, + .size = 4, .align = 4, + .get = ia32_genregs_get, .set = ia32_genregs_set + }, + { ++ .core_note_type = NT_PRFPREG, + .n = sizeof(struct user_i387_ia32_struct) / 4, + .size = 4, .align = 4, + .active = ia32_fpregs_active, + .get = ia32_fpregs_get, .set = ia32_fpregs_set + }, + { ++ .core_note_type = NT_PRXFPREG, + .n = sizeof(struct user32_fxsr_struct) / 4, + .size = 4, .align = 4, + .active = ia32_fpxregs_active, @@ -1994,8 +2013,10 @@ + .name = "i386", .e_machine = EM_386, + .regsets = ia32_regsets, .n = ARRAY_SIZE(ia32_regsets) +}; ---- linux-2.6/arch/x86_64/ia32/fpu32.c -+++ linux-2.6/arch/x86_64/ia32/fpu32.c +Index: b/arch/x86_64/ia32/fpu32.c +=================================================================== +--- a/arch/x86_64/ia32/fpu32.c ++++ b/arch/x86_64/ia32/fpu32.c @@ -9,6 +9,7 @@ #include #include @@ -2148,19 +2169,22 @@ + + return 0; +} ---- linux-2.6/arch/x86_64/kernel/ptrace.c -+++ linux-2.6/arch/x86_64/kernel/ptrace.c -@@ -19,7 +19,9 @@ +Index: b/arch/x86_64/kernel/ptrace.c +=================================================================== +--- a/arch/x86_64/kernel/ptrace.c ++++ b/arch/x86_64/kernel/ptrace.c +@@ -19,7 +19,10 @@ #include #include #include +#include ++#include +#include #include #include #include -@@ -30,6 +32,7 @@ +@@ -30,6 +33,7 @@ #include #include #include @@ -2168,7 +2192,7 @@ /* * does not yet catch signals sent when the child dies. -@@ -228,52 +231,61 @@ static int putreg(struct task_struct *ch +@@ -228,52 +232,61 @@ static int putreg(struct task_struct *ch if (test_tsk_thread_flag(child, TIF_IA32)) value &= 0xffffffff; switch (regno) { @@ -2276,7 +2300,7 @@ } put_stack_long(child, regno - sizeof(struct pt_regs), value); return 0; -@@ -282,298 +294,426 @@ static int putreg(struct task_struct *ch +@@ -282,295 +295,380 @@ static int putreg(struct task_struct *ch static unsigned long getreg(struct task_struct *child, unsigned long regno) { unsigned long val; @@ -2906,6 +2930,10 @@ return ret; } +@@ -574,6 +672,51 @@ long arch_ptrace(struct task_struct *chi + return ret; + } + + +/* + * These are our native regset flavors. @@ -2913,10 +2941,12 @@ + */ +static const struct utrace_regset native_regsets[] = { + { ++ .core_note_type = NT_PRSTATUS, + .n = sizeof(struct user_regs_struct)/8, .size = 8, .align = 8, + .get = genregs_get, .set = genregs_set + }, + { ++ .core_note_type = NT_PRFPREG, + .n = sizeof(struct user_i387_struct) / sizeof(long), + .size = sizeof(long), .align = sizeof(long), + .active = fpregs_active, @@ -2952,8 +2982,10 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) { /* do the secure computing check first */ ---- linux-2.6/arch/powerpc/kernel/Makefile -+++ linux-2.6/arch/powerpc/kernel/Makefile +Index: b/arch/powerpc/kernel/Makefile +=================================================================== +--- a/arch/powerpc/kernel/Makefile ++++ b/arch/powerpc/kernel/Makefile @@ -10,12 +10,14 @@ CFLAGS_prom_init.o += -fPIC CFLAGS_btext.o += -fPIC endif @@ -2970,8 +3002,10 @@ paca.o cpu_setup_ppc970.o \ cpu_setup_pa6t.o \ firmware.o sysfs.o nvram_64.o ---- linux-2.6/arch/powerpc/kernel/ptrace32.c -+++ linux-2.6/arch/powerpc/kernel/ptrace32.c +Index: b/arch/powerpc/kernel/ptrace32.c +=================================================================== +--- a/arch/powerpc/kernel/ptrace32.c ++++ /dev/null @@ -1,443 +0,0 @@ -/* - * ptrace for 32-bit processes running on a 64-bit kernel. @@ -3416,8 +3450,10 @@ - unlock_kernel(); - return ret; -} ---- linux-2.6/arch/powerpc/kernel/ptrace.c -+++ linux-2.6/arch/powerpc/kernel/ptrace.c +Index: b/arch/powerpc/kernel/ptrace.c +=================================================================== +--- a/arch/powerpc/kernel/ptrace.c ++++ b/arch/powerpc/kernel/ptrace.c @@ -27,9 +27,8 @@ #include #include @@ -4229,8 +4265,10 @@ void do_syscall_trace_enter(struct pt_regs *regs) { ---- linux-2.6/arch/powerpc/kernel/ptrace-common.h -+++ linux-2.6/arch/powerpc/kernel/ptrace-common.h +Index: b/arch/powerpc/kernel/ptrace-common.h +=================================================================== +--- a/arch/powerpc/kernel/ptrace-common.h ++++ /dev/null @@ -1,145 +0,0 @@ -/* - * Copyright (c) 2002 Stephen Rothwell, IBM Coproration @@ -4377,8 +4415,10 @@ -} - -#endif /* _PPC64_PTRACE_COMMON_H */ ---- linux-2.6/kernel/ptrace.c -+++ linux-2.6/kernel/ptrace.c +Index: b/kernel/ptrace.c +=================================================================== +--- a/kernel/ptrace.c ++++ b/kernel/ptrace.c @@ -99,12 +99,6 @@ int ptrace_detach(struct task_struct *ch if (!valid_signal(data)) return -EIO; @@ -4402,8 +4442,10 @@ return -ENOSYS; } -#endif /* __ARCH_SYS_PTRACE */ ---- linux-2.6/include/linux/tracehook.h -+++ linux-2.6/include/linux/tracehook.h +Index: b/include/linux/tracehook.h +=================================================================== +--- a/include/linux/tracehook.h ++++ b/include/linux/tracehook.h @@ -52,10 +52,10 @@ struct pt_regs; * should be one that can be evaluated in modules, i.e. uses exported symbols. * @@ -4419,7 +4461,7 @@ * Enabling or disabling redundantly is harmless. * * void tracehook_enable_block_step(struct task_struct *tsk); -@@ -93,6 +93,242 @@ struct pt_regs; +@@ -93,6 +93,253 @@ struct pt_regs; */ @@ -4459,6 +4501,17 @@ + unsigned int bias; /* Bias from natural indexing. */ + + /* ++ * If nonzero, this gives the n_type field (NT_* value) of the ++ * core file note in which this regset's data appears. ++ * NT_PRSTATUS is a special case in that the regset data starts ++ * at offsetof(struct elf_prstatus, pr_reg) into the note data; ++ * that is part of the per-machine ELF formats userland knows ++ * about. In other cases, the core file note contains exactly ++ * the whole regset (n*size) and nothing else. ++ */ ++ unsigned int core_note_type; ++ ++ /* + * Return -%ENODEV if not available on the hardware found. + * Return %0 if no interesting state in this thread. + * Return >%0 number of @size units of interesting state. @@ -4662,8 +4715,10 @@ /* * Following are entry points from core code, where the user debugging * support can affect the normal behavior. The locking situation is ---- linux-2.6/include/asm-i386/i387.h -+++ linux-2.6/include/asm-i386/i387.h +Index: b/include/asm-i386/i387.h +=================================================================== +--- a/include/asm-i386/i387.h ++++ b/include/asm-i386/i387.h @@ -130,17 +130,12 @@ extern int save_i387( struct _fpstate __ extern int restore_i387( struct _fpstate __user *buf ); @@ -4686,8 +4741,10 @@ /* * FPU state for core dumps... ---- linux-2.6/include/asm-x86_64/fpu32.h -+++ linux-2.6/include/asm-x86_64/fpu32.h +Index: b/include/asm-x86_64/fpu32.h +=================================================================== +--- a/include/asm-x86_64/fpu32.h ++++ b/include/asm-x86_64/fpu32.h @@ -7,4 +7,7 @@ int restore_i387_ia32(struct task_struct int save_i387_ia32(struct task_struct *tsk, struct _fpstate_ia32 __user *buf, struct pt_regs *regs, int fsave); @@ -4696,8 +4753,10 @@ +int set_fpregs32(struct task_struct *, const struct user_i387_ia32_struct *); + #endif ---- linux-2.6/include/asm-x86_64/tracehook.h -+++ linux-2.6/include/asm-x86_64/tracehook.h +Index: b/include/asm-x86_64/tracehook.h +=================================================================== +--- a/include/asm-x86_64/tracehook.h ++++ b/include/asm-x86_64/tracehook.h @@ -48,4 +48,12 @@ static inline void tracehook_abort_sysca regs->orig_rax = -1L; } From fedora-cvs-commits at redhat.com Thu Sep 6 16:30:54 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 6 Sep 2007 12:30:54 -0400 Subject: rpms/libwnck/FC-6 libwnck-2.8.1-remove-weak-pointers.patch, NONE, 1.1 libwnck.spec, 1.63, 1.64 Message-ID: <200709061630.l86GUscI015865@cvs.devel.redhat.com> Author: rstrode Update of /cvs/dist/rpms/libwnck/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv15841 Modified Files: libwnck.spec Added Files: libwnck-2.8.1-remove-weak-pointers.patch Log Message: - apply patch for crasher that may be cause of bug 277941 libwnck-2.8.1-remove-weak-pointers.patch: tasklist.c | 5 +++++ 1 files changed, 5 insertions(+) --- NEW FILE libwnck-2.8.1-remove-weak-pointers.patch --- --- libwnck-2.8.1/libwnck/tasklist.c +++ libwnck-2.8.1/libwnck/tasklist.c.remove-weak-pointers @@ -492,6 +492,8 @@ if (task->button) { + g_object_remove_weak_pointer (G_OBJECT (task->button), + (void**) &task->button); gtk_widget_destroy (task->button); task->button = NULL; } @@ -542,6 +544,9 @@ if (task->action_menu) { + + g_object_remove_weak_pointer (G_OBJECT (task->action_menu), + (void**) &task->action_menu); g_object_unref (task->action_menu); task->action_menu = NULL; } Index: libwnck.spec =================================================================== RCS file: /cvs/dist/rpms/libwnck/FC-6/libwnck.spec,v retrieving revision 1.63 retrieving revision 1.64 diff -u -r1.63 -r1.64 --- libwnck.spec 31 Jan 2007 19:37:59 -0000 1.63 +++ libwnck.spec 6 Sep 2007 16:30:52 -0000 1.64 @@ -6,7 +6,7 @@ Summary: Window Navigator Construction Kit Name: libwnck Version: 2.16.3 -Release: 1%{?dist} +Release: 2%{?dist} URL: http://ftp.gnome.org/pub/GNOME/sources/libwnck/ Source0: %{name}-%{version}.tar.bz2 License: LGPL @@ -28,6 +28,7 @@ # make the pager visible when running compiz Patch1: libwnck-2.16.0-viewports.patch +Patch2: libwnck-2.8.1-remove-weak-pointers.patch %description @@ -57,6 +58,7 @@ %prep %setup -q %patch1 -p1 -b .viewports +%patch2 -p1 -b .remove-weak-pointers %build @@ -95,6 +97,9 @@ %{_datadir}/gtk-doc/html/libwnck %changelog +* Thu Sep 6 2007 Ray Strode - 2.16.3-2 +- apply patch for crasher that may be cause of bug 277941 + * Wed Jan 31 2007 Matthias Clasen - 2.16.3-1 - Update to 2.16.3 From fedora-cvs-commits at redhat.com Fri Sep 7 19:10:35 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 7 Sep 2007 15:10:35 -0400 Subject: rpms/perl-Net-DNS/FC-6 .cvsignore, 1.13, 1.14 perl-Net-DNS.spec, 1.28, 1.29 sources, 1.13, 1.14 Message-ID: <200709071910.l87JAZJP011878@cvs.devel.redhat.com> Author: rnorwood Update of /cvs/dist/rpms/perl-Net-DNS/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv11851 Modified Files: .cvsignore perl-Net-DNS.spec sources Log Message: Update to 0.61. Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/perl-Net-DNS/FC-6/.cvsignore,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- .cvsignore 23 Jun 2007 15:34:42 -0000 1.13 +++ .cvsignore 7 Sep 2007 19:10:33 -0000 1.14 @@ -1 +1 @@ -Net-DNS-0.60.tar.gz +Net-DNS-0.61.tar.gz Index: perl-Net-DNS.spec =================================================================== RCS file: /cvs/dist/rpms/perl-Net-DNS/FC-6/perl-Net-DNS.spec,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- perl-Net-DNS.spec 23 Jun 2007 15:34:42 -0000 1.28 +++ perl-Net-DNS.spec 7 Sep 2007 19:10:33 -0000 1.29 @@ -1,8 +1,8 @@ Name: perl-Net-DNS -Version: 0.60 +Version: 0.61 Release: 1%{?dist} Summary: DNS resolver modules for Perl -License: GPL or Artistic +License: GPL+ or Artistic Group: Development/Libraries URL: http://www.net-dns.org/ Source0: http://www.cpan.org/authors/id/O/OL/OLAF/Net-DNS-%{version}.tar.gz @@ -52,6 +52,10 @@ %exclude %{_mandir}/man3/Net::DNS::Resolver::Win32.3* %changelog +* Fri Sep 07 2007 Robin Norwood - 0.61-1 +- Ugrade to latest upstream version - 0.61 +- Update license tag + * Sat Jun 23 2007 Robin Norwood - 0.60-1 - Upgrade to latest upstream version - 0.60 - Included changes from 0.59-2 in F-7: Index: sources =================================================================== RCS file: /cvs/dist/rpms/perl-Net-DNS/FC-6/sources,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- sources 23 Jun 2007 15:34:42 -0000 1.13 +++ sources 7 Sep 2007 19:10:33 -0000 1.14 @@ -1 +1 @@ -8ab75a7c4a1b782e5d88b08cc70be945 Net-DNS-0.60.tar.gz +a7d75eb3bdf7aca5d0696b95e3fabf65 Net-DNS-0.61.tar.gz From fedora-cvs-commits at redhat.com Mon Sep 10 21:53:47 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Mon, 10 Sep 2007 17:53:47 -0400 Subject: rpms/xfsprogs/FC-6 .cvsignore, 1.8, 1.9 sources, 1.9, 1.10 xfsprogs.spec, 1.20, 1.21 Message-ID: <200709102153.l8ALrluL028949@cvs.devel.redhat.com> Author: esandeen Update of /cvs/dist/rpms/xfsprogs/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv28933 Modified Files: .cvsignore sources xfsprogs.spec Log Message: * Thu Sep 10 2007 Eric Sandeen 2.9.3-1 - Upgrade to xfsprogs 2.9.2, quota, xfs_repair, and filestreams changes Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/xfsprogs/FC-6/.cvsignore,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- .cvsignore 4 Feb 2007 17:15:30 -0000 1.8 +++ .cvsignore 10 Sep 2007 21:53:44 -0000 1.9 @@ -1 +1 @@ -xfsprogs_2.8.18-1.tar.gz +xfsprogs_2.9.3-1.tar.gz Index: sources =================================================================== RCS file: /cvs/dist/rpms/xfsprogs/FC-6/sources,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- sources 4 Feb 2007 17:15:30 -0000 1.9 +++ sources 10 Sep 2007 21:53:44 -0000 1.10 @@ -1 +1 @@ -6ce9e198cc79ebec6f6fb1f34ffa7709 xfsprogs_2.8.18-1.tar.gz +fd41478ab239c8815961dc13e3d4fa6f xfsprogs_2.9.3-1.tar.gz Index: xfsprogs.spec =================================================================== RCS file: /cvs/dist/rpms/xfsprogs/FC-6/xfsprogs.spec,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- xfsprogs.spec 4 Feb 2007 17:15:30 -0000 1.20 +++ xfsprogs.spec 10 Sep 2007 21:53:44 -0000 1.21 @@ -1,6 +1,6 @@ Summary: Utilities for managing the XFS filesystem Name: xfsprogs -Version: 2.8.18 +Version: 2.9.3 Release: 1%{?dist} License: GPL Group: System Environment/Base @@ -110,6 +110,9 @@ %{_libdir}/*.so %changelog +* Thu Sep 10 2007 Eric Sandeen 2.9.3-1 +- Upgrade to xfsprogs 2.9.2, quota, xfs_repair, and filestreams changes + * Wed Sep 27 2006 Russell Cattelan 2.8.11-3 - bump build version to 3 for a new brew build From fedora-cvs-commits at redhat.com Wed Sep 12 21:44:49 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 12 Sep 2007 17:44:49 -0400 Subject: rpms/kernel/FC-6 linux-2.6-sched-cfs-updates.patch, NONE, 1.1 kernel-2.6.spec, 1.3018, 1.3019 linux-2.6-sched-cfs-v2.6.22.5-v20.5.patch, 1.1, 1.2 linux-2.6-utrace-core.patch, 1.5, 1.6 linux-2.6-utrace-ptrace-compat.patch, 1.6, 1.7 Message-ID: <200709122144.l8CLin94032728@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv32712 Modified Files: kernel-2.6.spec linux-2.6-sched-cfs-v2.6.22.5-v20.5.patch linux-2.6-utrace-core.patch linux-2.6-utrace-ptrace-compat.patch Added Files: linux-2.6-sched-cfs-updates.patch Log Message: * Wed Sep 05 2007 Chuck Ebbert - CFS scheduler updates - utrace update (#248532, #267161, #284311) linux-2.6-sched-cfs-updates.patch: b/kernel/sched.c | 8 ++---- b/kernel/sched_debug.c | 1 b/kernel/sched_fair.c | 2 - kernel/sched.c | 1 kernel/sched_fair.c | 61 +++++++++++++++++++++++++------------------------ 5 files changed, 37 insertions(+), 36 deletions(-) --- NEW FILE linux-2.6-sched-cfs-updates.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a0dc72601d48b171b4870dfdd0824901a2b2b1a9 Commit: a0dc72601d48b171b4870dfdd0824901a2b2b1a9 Parent: 7fd0d2dde929ead79901e389e70dbfb3c6c06986 Author: Ingo Molnar AuthorDate: Wed Sep 5 14:32:49 2007 +0200 Committer: Ingo Molnar CommitDate: Wed Sep 5 14:32:49 2007 +0200 sched: fix niced_granularity() shift fix niced_granularity(). This resulted in under-scheduling for CPU-bound negative nice level tasks (and this in turn caused higher than necessary latencies in nice-0 tasks). Signed-off-by: Ingo Molnar --- kernel/sched_fair.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c index ce39282..810b52d 100644 --- a/kernel/sched_fair.c +++ b/kernel/sched_fair.c @@ -291,7 +291,7 @@ niced_granularity(struct sched_entity *curr, unsigned long granularity) /* * It will always fit into 'long': */ - return (long) (tmp >> WMULT_SHIFT); + return (long) (tmp >> (WMULT_SHIFT-NICE_0_SHIFT)); } static inline void Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7fd0d2dde929ead79901e389e70dbfb3c6c06986 Commit: 7fd0d2dde929ead79901e389e70dbfb3c6c06986 Parent: b21010ed6498391c0f359f2a89c907533fe07fec Author: Suresh Siddha AuthorDate: Wed Sep 5 14:32:48 2007 +0200 Committer: Ingo Molnar CommitDate: Wed Sep 5 14:32:48 2007 +0200 sched: fix MC/HT scheduler optimization, without breaking the FUZZ logic. First fix the check if (*imbalance + SCHED_LOAD_SCALE_FUZZ < busiest_load_per_task) with this if (*imbalance < busiest_load_per_task) As the current check is always false for nice 0 tasks (as SCHED_LOAD_SCALE_FUZZ is same as busiest_load_per_task for nice 0 tasks). With the above change, imbalance was getting reset to 0 in the corner case condition, making the FUZZ logic fail. Fix it by not corrupting the imbalance and change the imbalance, only when it finds that the HT/MC optimization is needed. Signed-off-by: Suresh Siddha Signed-off-by: Ingo Molnar --- kernel/sched.c | 8 +++----- 1 files changed, 3 insertions(+), 5 deletions(-) diff --git a/kernel/sched.c b/kernel/sched.c index b533d6d..c8759ec 100644 --- a/kernel/sched.c +++ b/kernel/sched.c @@ -2512,7 +2512,7 @@ group_next: * a think about bumping its value to force at least one task to be * moved */ - if (*imbalance + SCHED_LOAD_SCALE_FUZZ < busiest_load_per_task) { + if (*imbalance < busiest_load_per_task) { unsigned long tmp, pwr_now, pwr_move; unsigned int imbn; @@ -2564,10 +2564,8 @@ small_imbalance: pwr_move /= SCHED_LOAD_SCALE; /* Move if we gain throughput */ - if (pwr_move <= pwr_now) - goto out_balanced; - - *imbalance = busiest_load_per_task; + if (pwr_move > pwr_now) + *imbalance = busiest_load_per_task; } return busiest; Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a206c07213cf6372289f189c3774c4c3255a7ae1 Commit: a206c07213cf6372289f189c3774c4c3255a7ae1 Parent: a0dc72601d48b171b4870dfdd0824901a2b2b1a9 Author: Ingo Molnar AuthorDate: Wed Sep 5 14:32:49 2007 +0200 Committer: Ingo Molnar CommitDate: Wed Sep 5 14:32:49 2007 +0200 sched: debug: fix cfs_rq->wait_runtime accounting the cfs_rq->wait_runtime debug/statistics counter was not maintained properly - fix this. this also removes some code: text data bss dec hex filename 13420 228 1204 14852 3a04 sched.o.before 13404 228 1204 14836 39f4 sched.o.after Signed-off-by: Ingo Molnar Signed-off-by: Peter Zijlstra --- kernel/sched.c | 1 - kernel/sched_fair.c | 10 +++++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/kernel/sched.c b/kernel/sched.c index c8759ec..97986f1 100644 --- a/kernel/sched.c +++ b/kernel/sched.c @@ -858,7 +858,6 @@ static void dec_nr_running(struct task_struct *p, struct rq *rq) static void set_load_weight(struct task_struct *p) { - task_rq(p)->cfs.wait_runtime -= p->se.wait_runtime; p->se.wait_runtime = 0; if (task_has_rt_policy(p)) { diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c index 810b52d..bac2aff 100644 --- a/kernel/sched_fair.c +++ b/kernel/sched_fair.c @@ -194,6 +194,8 @@ __enqueue_entity(struct cfs_rq *cfs_rq, struct sched_entity *se) update_load_add(&cfs_rq->load, se->load.weight); cfs_rq->nr_running++; se->on_rq = 1; + + schedstat_add(cfs_rq, wait_runtime, se->wait_runtime); } static inline void @@ -205,6 +207,8 @@ __dequeue_entity(struct cfs_rq *cfs_rq, struct sched_entity *se) update_load_sub(&cfs_rq->load, se->load.weight); cfs_rq->nr_running--; se->on_rq = 0; + + schedstat_add(cfs_rq, wait_runtime, -se->wait_runtime); } static inline struct rb_node *first_fair(struct cfs_rq *cfs_rq) @@ -574,7 +578,6 @@ static void __enqueue_sleeper(struct cfs_rq *cfs_rq, struct sched_entity *se) prev_runtime = se->wait_runtime; __add_wait_runtime(cfs_rq, se, delta_fair); - schedstat_add(cfs_rq, wait_runtime, se->wait_runtime); delta_fair = se->wait_runtime - prev_runtime; /* @@ -662,7 +665,6 @@ dequeue_entity(struct cfs_rq *cfs_rq, struct sched_entity *se, int sleep) if (tsk->state & TASK_UNINTERRUPTIBLE) se->block_start = rq_of(cfs_rq)->clock; } - cfs_rq->wait_runtime -= se->wait_runtime; #endif } __dequeue_entity(cfs_rq, se); @@ -1121,10 +1123,8 @@ static void task_new_fair(struct rq *rq, struct task_struct *p) * The statistical average of wait_runtime is about * -granularity/2, so initialize the task with that: */ - if (sysctl_sched_features & SCHED_FEAT_START_DEBIT) { + if (sysctl_sched_features & SCHED_FEAT_START_DEBIT) se->wait_runtime = -(sched_granularity(cfs_rq) / 2); - schedstat_add(cfs_rq, wait_runtime, se->wait_runtime); - } __enqueue_entity(cfs_rq, se); } Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2491b2b89d4646e02ab51c90ab7012d124924ddc Commit: 2491b2b89d4646e02ab51c90ab7012d124924ddc Parent: a206c07213cf6372289f189c3774c4c3255a7ae1 Author: Ingo Molnar AuthorDate: Wed Sep 5 14:32:49 2007 +0200 Committer: Ingo Molnar CommitDate: Wed Sep 5 14:32:49 2007 +0200 sched: debug: fix sum_exec_runtime clearing when cleaning sched-stats also clear prev_sum_exec_runtime. Signed-off-by: Ingo Molnar --- kernel/sched_debug.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/kernel/sched_debug.c b/kernel/sched_debug.c index ab18f45..c3ee38b 100644 --- a/kernel/sched_debug.c +++ b/kernel/sched_debug.c @@ -283,4 +283,5 @@ void proc_sched_set_task(struct task_struct *p) p->se.wait_runtime_overruns = p->se.wait_runtime_underruns = 0; #endif p->se.sum_exec_runtime = 0; + p->se.prev_sum_exec_runtime = 0; } Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c92e54f6f9601cfa9d8894ee248abcf62ed9a1c Commit: 7c92e54f6f9601cfa9d8894ee248abcf62ed9a1c Parent: cf2ab4696ee42f895eed88c2b6e432fe03dda0db Author: Peter Zijlstra AuthorDate: Wed Sep 5 14:32:49 2007 +0200 Committer: Ingo Molnar CommitDate: Wed Sep 5 14:32:49 2007 +0200 sched: simplify __check_preempt_curr_fair() Preparatory patch for fix-ideal-runtime: simplify __check_preempt_curr_fair(): get rid of the integer return. text data bss dec hex filename 13404 228 1204 14836 39f4 sched.o.before 13393 228 1204 14825 39e9 sched.o.after functionality is unchanged. Signed-off-by: Peter Zijlstra Signed-off-by: Ingo Molnar --- kernel/sched_fair.c | 8 +++----- 1 files changed, 3 insertions(+), 5 deletions(-) diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c index bac2aff..f0dd4be 100644 --- a/kernel/sched_fair.c +++ b/kernel/sched_fair.c @@ -673,7 +673,7 @@ dequeue_entity(struct cfs_rq *cfs_rq, struct sched_entity *se, int sleep) /* * Preempt the current task with a newly woken task if needed: */ -static int +static void __check_preempt_curr_fair(struct cfs_rq *cfs_rq, struct sched_entity *se, struct sched_entity *curr, unsigned long granularity) { @@ -686,9 +686,8 @@ __check_preempt_curr_fair(struct cfs_rq *cfs_rq, struct sched_entity *se, */ if (__delta > niced_granularity(curr, granularity)) { resched_task(rq_of(cfs_rq)->curr); - return 1; + curr->prev_sum_exec_runtime = curr->sum_exec_runtime; } - return 0; } static inline void @@ -764,8 +763,7 @@ static void entity_tick(struct cfs_rq *cfs_rq, struct sched_entity *curr) if (delta_exec > ideal_runtime) gran = 0; - if (__check_preempt_curr_fair(cfs_rq, next, curr, gran)) - curr->prev_sum_exec_runtime = curr->sum_exec_runtime; + __check_preempt_curr_fair(cfs_rq, next, curr, gran); } /************************************************** Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4a55b45036a677fac43fe81ddf7fdcd007aaaee7 Commit: 4a55b45036a677fac43fe81ddf7fdcd007aaaee7 Parent: 7c92e54f6f9601cfa9d8894ee248abcf62ed9a1c Author: Peter Zijlstra AuthorDate: Wed Sep 5 14:32:49 2007 +0200 Committer: Ingo Molnar CommitDate: Wed Sep 5 14:32:49 2007 +0200 sched: improve prev_sum_exec_runtime setting Second preparatory patch for fix-ideal runtime: Mark prev_sum_exec_runtime at the beginning of our run, the same spot that adds our wait period to wait_runtime. This seems a more natural location to do this, and it also reduces the code a bit: text data bss dec hex filename 13397 228 1204 14829 39ed sched.o.before 13391 228 1204 14823 39e7 sched.o.after Signed-off-by: Peter Zijlstra Signed-off-by: Ingo Molnar --- kernel/sched_fair.c | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c index f0dd4be..2d01bbc 100644 --- a/kernel/sched_fair.c +++ b/kernel/sched_fair.c @@ -684,10 +684,8 @@ __check_preempt_curr_fair(struct cfs_rq *cfs_rq, struct sched_entity *se, * preempt the current task unless the best task has * a larger than sched_granularity fairness advantage: */ - if (__delta > niced_granularity(curr, granularity)) { + if (__delta > niced_granularity(curr, granularity)) resched_task(rq_of(cfs_rq)->curr); - curr->prev_sum_exec_runtime = curr->sum_exec_runtime; - } } static inline void @@ -703,6 +701,7 @@ set_next_entity(struct cfs_rq *cfs_rq, struct sched_entity *se) update_stats_wait_end(cfs_rq, se); update_stats_curr_start(cfs_rq, se); set_cfs_rq_curr(cfs_rq, se); + se->prev_sum_exec_runtime = se->sum_exec_runtime; } static struct sched_entity *pick_next_entity(struct cfs_rq *cfs_rq) Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1169783085adb9ac969d21103a6885e8435f7ed3 Commit: 1169783085adb9ac969d21103a6885e8435f7ed3 Parent: 4a55b45036a677fac43fe81ddf7fdcd007aaaee7 Author: Peter Zijlstra AuthorDate: Wed Sep 5 14:32:49 2007 +0200 Committer: Ingo Molnar CommitDate: Wed Sep 5 14:32:49 2007 +0200 sched: fix ideal_runtime calculations for reniced tasks fix ideal_runtime: - do not scale it using niced_granularity() it is against sum_exec_delta, so its wall-time, not fair-time. - move the whole check into __check_preempt_curr_fair() so that wakeup preemption can also benefit from the new logic. this also results in code size reduction: text data bss dec hex filename 13391 228 1204 14823 39e7 sched.o.before 13369 228 1204 14801 39d1 sched.o.after Signed-off-by: Peter Zijlstra Signed-off-by: Ingo Molnar --- kernel/sched_fair.c | 38 ++++++++++++++++++++++---------------- 1 files changed, 22 insertions(+), 16 deletions(-) diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c index 2d01bbc..892616b 100644 --- a/kernel/sched_fair.c +++ b/kernel/sched_fair.c @@ -678,11 +678,31 @@ __check_preempt_curr_fair(struct cfs_rq *cfs_rq, struct sched_entity *se, struct sched_entity *curr, unsigned long granularity) { s64 __delta = curr->fair_key - se->fair_key; + unsigned long ideal_runtime, delta_exec; + + /* + * ideal_runtime is compared against sum_exec_runtime, which is + * walltime, hence do not scale. + */ + ideal_runtime = max(sysctl_sched_latency / cfs_rq->nr_running, + (unsigned long)sysctl_sched_min_granularity); + + /* + * If we executed more than what the latency constraint suggests, + * reduce the rescheduling granularity. This way the total latency + * of how much a task is not scheduled converges to + * sysctl_sched_latency: + */ + delta_exec = curr->sum_exec_runtime - curr->prev_sum_exec_runtime; + if (delta_exec > ideal_runtime) + granularity = 0; /* * Take scheduling granularity into account - do not * preempt the current task unless the best task has * a larger than sched_granularity fairness advantage: + * + * scale granularity as key space is in fair_clock. */ if (__delta > niced_granularity(curr, granularity)) resched_task(rq_of(cfs_rq)->curr); @@ -731,7 +751,6 @@ static void put_prev_entity(struct cfs_rq *cfs_rq, struct sched_entity *prev) static void entity_tick(struct cfs_rq *cfs_rq, struct sched_entity *curr) { - unsigned long gran, ideal_runtime, delta_exec; struct sched_entity *next; /* @@ -748,21 +767,8 @@ static void entity_tick(struct cfs_rq *cfs_rq, struct sched_entity *curr) if (next == curr) return; - gran = sched_granularity(cfs_rq); - ideal_runtime = niced_granularity(curr, - max(sysctl_sched_latency / cfs_rq->nr_running, - (unsigned long)sysctl_sched_min_granularity)); - /* - * If we executed more than what the latency constraint suggests, - * reduce the rescheduling granularity. This way the total latency - * of how much a task is not scheduled converges to - * sysctl_sched_latency: - */ - delta_exec = curr->sum_exec_runtime - curr->prev_sum_exec_runtime; - if (delta_exec > ideal_runtime) - gran = 0; - - __check_preempt_curr_fair(cfs_rq, next, curr, gran); + __check_preempt_curr_fair(cfs_rq, next, curr, + sched_granularity(cfs_rq)); } /************************************************** Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3018 retrieving revision 1.3019 diff -u -r1.3018 -r1.3019 --- kernel-2.6.spec 5 Sep 2007 16:18:08 -0000 1.3018 +++ kernel-2.6.spec 12 Sep 2007 21:44:47 -0000 1.3019 @@ -612,7 +612,8 @@ Patch800: linux-2.6-wakeups-hdaps.patch Patch801: linux-2.6-wakeups.patch Patch900: linux-2.6-sched-cfs-v2.6.22.5-v20.5.patch -Patch901: linux-2.6-timekeeping-fixes.patch +Patch901: linux-2.6-sched-cfs-updates.patch +Patch902: linux-2.6-timekeeping-fixes.patch Patch1000: linux-2.6-dmi-based-module-autoloading.patch Patch1030: linux-2.6-nfs-nosharecache.patch Patch1400: linux-2.6-pcspkr-use-the-global-pit-lock.patch @@ -1062,6 +1063,8 @@ # Ingo's new scheduler. ApplyPatch linux-2.6-sched-cfs-v2.6.22.5-v20.5.patch +# CFS updates +ApplyPatch linux-2.6-sched-cfs-updates.patch # timekeeping fixes that were in the Fedora CFS patch ApplyPatch linux-2.6-timekeeping-fixes.patch @@ -2240,6 +2243,10 @@ %changelog * Wed Sep 05 2007 Chuck Ebbert +- CFS scheduler updates +- utrace update (#248532, #267161, #284311) + +* Wed Sep 05 2007 Chuck Ebbert - Update utrace * Tue Aug 28 2007 Chuck Ebbert linux-2.6-sched-cfs-v2.6.22.5-v20.5.patch: Documentation/kernel-parameters.txt | 43 Documentation/sched-design-CFS.txt | 119 + arch/i386/kernel/smpboot.c | 12 arch/i386/kernel/tsc.c | 14 arch/ia64/kernel/setup.c | 6 arch/mips/kernel/smp.c | 11 arch/sparc/kernel/smp.c | 10 arch/sparc64/kernel/smp.c | 27 block/cfq-iosched.c | 3 drivers/acpi/processor_idle.c | 32 fs/proc/array.c | 59 fs/proc/base.c | 71 include/asm-generic/bitops/sched.h | 21 include/linux/cpu.h | 2 include/linux/hardirq.h | 13 include/linux/sched.h | 290 ++ include/linux/topology.h | 15 init/main.c | 5 kernel/delayacct.c | 10 kernel/exit.c | 5 kernel/fork.c | 4 kernel/posix-cpu-timers.c | 34 kernel/sched.c | 3619 +++++++++++++++--------------------- kernel/sched_debug.c | 286 ++ kernel/sched_fair.c | 1179 +++++++++++ kernel/sched_idletask.c | 71 kernel/sched_rt.c | 234 ++ kernel/sched_stats.h | 237 ++ kernel/softirq.c | 1 kernel/sysctl.c | 87 lib/Kconfig.debug | 9 31 files changed, 4233 insertions(+), 2296 deletions(-) Index: linux-2.6-sched-cfs-v2.6.22.5-v20.5.patch =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/linux-2.6-sched-cfs-v2.6.22.5-v20.5.patch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- linux-2.6-sched-cfs-v2.6.22.5-v20.5.patch 30 Aug 2007 17:19:57 -0000 1.1 +++ linux-2.6-sched-cfs-v2.6.22.5-v20.5.patch 12 Sep 2007 21:44:47 -0000 1.2 @@ -8910,48 +8910,3 @@ config SCHEDSTATS bool "Collect scheduler statistics" depends on DEBUG_KERNEL && PROC_FS -Try to fix MC/HT scheduler optimization breakage again, with out breaking -the FUZZ logic. - -First fix the check - if (*imbalance + SCHED_LOAD_SCALE_FUZZ < busiest_load_per_task) -with this - if (*imbalance < busiest_load_per_task) - -As the current check is always false for nice 0 tasks (as SCHED_LOAD_SCALE_FUZZ -is same as busiest_load_per_task for nice 0 tasks). - -With the above change, imbalance was getting reset to 0 in the corner case -condition, making the FUZZ logic fail. Fix it by not corrupting the -imbalance and change the imbalance, only when it finds that the -HT/MC optimization is needed. - -Signed-off-by: Suresh Siddha ---- - -diff --git a/kernel/sched.c b/kernel/sched.c -index 9fe473a..03e5e8d 100644 ---- a/kernel/sched.c -+++ b/kernel/sched.c -@@ -2511,7 +2511,7 @@ group_next: - * a think about bumping its value to force at least one task to be - * moved - */ -- if (*imbalance + SCHED_LOAD_SCALE_FUZZ < busiest_load_per_task) { -+ if (*imbalance < busiest_load_per_task) { - unsigned long tmp, pwr_now, pwr_move; - unsigned int imbn; - -@@ -2563,10 +2563,8 @@ small_imbalance: - pwr_move /= SCHED_LOAD_SCALE; - - /* Move if we gain throughput */ -- if (pwr_move <= pwr_now) -- goto out_balanced; -- -- *imbalance = busiest_load_per_task; -+ if (pwr_move > pwr_now) -+ *imbalance = busiest_load_per_task; - } - - return busiest; linux-2.6-utrace-core.patch: Documentation/DocBook/Makefile | 2 Documentation/DocBook/utrace.tmpl | 23 Documentation/utrace.txt | 579 +++++++++ include/linux/sched.h | 5 include/linux/tracehook.h | 85 + include/linux/utrace.h | 544 ++++++++ init/Kconfig | 18 kernel/Makefile | 1 kernel/utrace.c | 2359 ++++++++++++++++++++++++++++++++++++++ 9 files changed, 3598 insertions(+), 18 deletions(-) Index: linux-2.6-utrace-core.patch =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/linux-2.6-utrace-core.patch,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- linux-2.6-utrace-core.patch 5 Sep 2007 16:18:09 -0000 1.5 +++ linux-2.6-utrace-core.patch 12 Sep 2007 21:44:47 -0000 1.6 @@ -27,8 +27,8 @@ include/linux/utrace.h | 544 ++++++++ init/Kconfig | 18 kernel/Makefile | 1 - kernel/utrace.c | 2344 ++++++++++++++++++++++++++++++++++++++ - 9 files changed, 3583 insertions(+), 18 deletions(-) + kernel/utrace.c | 2359 ++++++++++++++++++++++++++++++++++++++ + 9 files changed, 3598 insertions(+), 18 deletions(-) create kernel/utrace.c create Documentation/utrace.txt create Documentation/DocBook/utrace.tmpl @@ -50,7 +50,7 @@ =================================================================== --- /dev/null +++ b/kernel/utrace.c -@@ -0,0 +1,2344 @@ +@@ -0,0 +1,2359 @@ +/* + * utrace infrastructure interface for debugging user processes + * @@ -2008,13 +2008,28 @@ + */ + if (signal.signr != 0) { + if (signal.return_ka == NULL) { -+ ka = &tsk->sighand->action[signal.signr - 1]; ++ /* ++ * utrace_inject_signal recorded this to have us ++ * use the injected signal's normal sigaction. We ++ * have to perform the SA_ONESHOT work now because ++ * our caller will never touch the real sigaction. ++ */ ++ ka = &tsk->sighand->action[info->si_signo - 1]; ++ *return_ka = *ka; + if (ka->sa.sa_flags & SA_ONESHOT) + ka->sa.sa_handler = SIG_DFL; -+ *return_ka = *ka; + } + else + BUG_ON(signal.return_ka != return_ka); ++ ++ /* ++ * We already processed the SA_ONESHOT work ahead of time. ++ * Once we return nonzero, our caller will only refer to ++ * return_ka. So we must clear the flag to be sure it ++ * doesn't clear return_ka->sa.sa_handler. ++ */ ++ return_ka->sa.sa_flags &= ~SA_ONESHOT; ++ + return signal.signr; + } + linux-2.6-utrace-ptrace-compat.patch: arch/i386/kernel/ptrace.c | 40 arch/powerpc/kernel/ptrace.c | 250 ++++ arch/powerpc/kernel/signal_32.c | 52 + arch/powerpc/lib/sstep.c | 3 arch/x86_64/ia32/ia32entry.S | 2 arch/x86_64/ia32/ptrace32.c | 56 - arch/x86_64/kernel/ptrace.c | 46 fs/proc/base.c | 40 include/asm-x86_64/ptrace-abi.h | 3 include/asm-x86_64/tracehook.h | 1 include/linux/ptrace.h | 221 +++- include/linux/sched.h | 4 init/Kconfig | 15 kernel/Makefile | 3 kernel/exit.c | 13 kernel/fork.c | 2 kernel/ptrace.c | 2053 +++++++++++++++++++++++++++++++++++++--- kernel/sys_ni.c | 4 18 files changed, 2634 insertions(+), 174 deletions(-) Index: linux-2.6-utrace-ptrace-compat.patch =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/linux-2.6-utrace-ptrace-compat.patch,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- linux-2.6-utrace-ptrace-compat.patch 5 Sep 2007 16:18:09 -0000 1.6 +++ linux-2.6-utrace-ptrace-compat.patch 12 Sep 2007 21:44:47 -0000 1.7 @@ -28,9 +28,9 @@ kernel/Makefile | 3 kernel/exit.c | 13 kernel/fork.c | 2 - kernel/ptrace.c | 2052 +++++++++++++++++++++++++++++++++++++--- + kernel/ptrace.c | 2053 +++++++++++++++++++++++++++++++++++++--- kernel/sys_ni.c | 4 - 18 files changed, 2633 insertions(+), 174 deletions(-) + 18 files changed, 2634 insertions(+), 174 deletions(-) Index: b/fs/proc/base.c =================================================================== @@ -683,7 +683,7 @@ =================================================================== --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -19,194 +19,2008 @@ +@@ -19,194 +19,2009 @@ #include #include #include @@ -1131,9 +1131,7 @@ + struct ptrace_state *state) { - if (!valid_signal(data)) -- return -EIO; - -- return -ENOSYS; ++ + int error; + + NO_LOCKS; @@ -1191,29 +1189,20 @@ + spin_unlock_irq(¤t->sighand->siglock); + } + return error; - } - --int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst, int len) ++} ++ + +/* + * This is called when we are exiting. We must stop all our ptracing. + */ +void +ptrace_exit(struct task_struct *tsk) - { -- int copied = 0; ++{ + struct list_head *pos, *n; + int restart; - -- while (len > 0) { -- char buf[128]; -- int this_len, retval; ++ + NO_LOCKS; - -- this_len = (len > sizeof(buf)) ? sizeof(buf) : len; -- retval = access_process_vm(tsk, src, buf, this_len, 0); -- if (!retval) { -- if (copied) ++ + /* + * Taking the task_lock after PF_EXITING is set ensures that a + * child in ptrace_traceme will not put itself on our list when @@ -1226,7 +1215,6 @@ + } + task_unlock(tsk); + -+ restart = 0; + do { + struct ptrace_state *state; + int error; @@ -1235,6 +1223,7 @@ + + rcu_read_lock(); + ++ restart = 0; + list_for_each_safe_rcu(pos, n, &tsk->ptracees) { + state = list_entry(pos, struct ptrace_state, entry); + error = utrace_detach(state->task, state->engine); @@ -1256,7 +1245,7 @@ + wait_task_inactive(p); + put_task_struct(p); + restart = 1; - break; ++ goto loop_unlocked; + } + else { + BUG_ON(error != -ESRCH); @@ -1266,10 +1255,11 @@ + + rcu_read_unlock(); + ++ loop_unlocked: + END_CHECK; + + cond_resched(); -+ } while (restart > 0); ++ } while (unlikely(restart > 0)); + + if (likely(restart == 0)) + /* @@ -1291,8 +1281,9 @@ + return 0; + + if (!valid_signal(signr)) -+ return -EIO; -+ + return -EIO; + +- return -ENOSYS; + if (state->syscall) { + /* + * This is the traditional ptrace behavior when given @@ -1320,22 +1311,32 @@ + } + + return 0; -+} -+ + } + +-int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst, int len) +int +ptrace_regset_access(struct task_struct *target, + struct utrace_attached_engine *engine, + const struct utrace_regset_view *view, + int setno, unsigned long offset, unsigned int size, + void __user *data, int write) -+{ + { +- int copied = 0; + const struct utrace_regset *regset = utrace_regset(target, engine, + view, setno); + int ret; -+ + +- while (len > 0) { +- char buf[128]; +- int this_len, retval; + if (unlikely(regset == NULL)) + return -EIO; -+ + +- this_len = (len > sizeof(buf)) ? sizeof(buf) : len; +- retval = access_process_vm(tsk, src, buf, this_len, 0); +- if (!retval) { +- if (copied) +- break; + if (size == (unsigned int) -1) + size = regset->size * regset->n; + @@ -1460,13 +1461,7 @@ + else + ret = (*regset->get)(target, regset, + pos, n, kdata, udata); - } -- if (copy_to_user(dst, buf, retval)) -- return -EFAULT; -- copied += retval; -- src += retval; -- dst += retval; -- len -= retval; ++ } + + if (kdata) + kdata += n; @@ -1514,8 +1509,7 @@ + if (request == PTRACE_ATTACH) { + ret = ptrace_attach(child); + goto out_tsk; - } -- return copied; ++ } + + rcu_read_lock(); + engine = utrace_attach(child, UTRACE_ATTACH_MATCH_OPS, @@ -1542,7 +1536,13 @@ + if (child->state == TASK_STOPPED) + ret = 0; + unlock_task_sighand(child, &flags); -+ } + } +- if (copy_to_user(dst, buf, retval)) +- return -EFAULT; +- copied += retval; +- src += retval; +- dst += retval; +- len -= retval; + if (ret == 0) { + ret = ptrace_update(child, state, + UTRACE_ACTION_QUIESCE, 0); @@ -1559,7 +1559,8 @@ + } + + ret = -ESRCH; /* Return value for exit_state bail-out. */ -+ } + } +- return copied; + + rcu_read_unlock(); + From fedora-cvs-commits at redhat.com Wed Sep 12 23:17:00 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 12 Sep 2007 19:17:00 -0400 Subject: rpms/kernel/FC-6 linux-2.6-libata-pata-dma-disable-option.patch, NONE, 1.1 linux-2.6-libata-pata_it821x-dma.patch, NONE, 1.1 linux-2.6-libata-pata_via-cable-detect.patch, NONE, 1.1 linux-2.6-lvm-snapshot-deadlock-fix.patch, NONE, 1.1 linux-2.6-scsi-mpt-vmware-fix.patch, NONE, 1.1 linux-2.6-skb_copy_and_csum_datagram_iovec.patch, NONE, 1.1 linux-2.6-usb-storage-initialize-huawei-e220-properly.patch, NONE, 1.1 kernel-2.6.spec, 1.3019, 1.3020 Message-ID: <200709122317.l8CNH0Bk009461@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv9440 Modified Files: kernel-2.6.spec Added Files: linux-2.6-libata-pata-dma-disable-option.patch linux-2.6-libata-pata_it821x-dma.patch linux-2.6-libata-pata_via-cable-detect.patch linux-2.6-lvm-snapshot-deadlock-fix.patch linux-2.6-scsi-mpt-vmware-fix.patch linux-2.6-skb_copy_and_csum_datagram_iovec.patch linux-2.6-usb-storage-initialize-huawei-e220-properly.patch Log Message: * Wed Sep 05 2007 Chuck Ebbert - add option to disable DMA on libata PATA devices - fix DMA on ATAPI devices with it821x - fix cable detection on pata_via - fix vmware's broken SCSI device emulation - fix init of huawei 220 modem - LVM: fix hang and lockups during snapshot (#269541) - net: fix oops with zero-length packet linux-2.6-libata-pata-dma-disable-option.patch: Documentation/kernel-parameters.txt | 6 ++++++ drivers/ata/libata-core.c | 17 +++++++++++++++++ 2 files changed, 23 insertions(+) --- NEW FILE linux-2.6-libata-pata-dma-disable-option.patch --- This is useful when debugging, handling problem systems, or for distributions just to get the system installed so it can be sorted out later. This is a bit smarter than the old IDE one and lets you do libata.pata_dma=0 Disable all PATA DMA like old IDE libata.pata_dma=1 Disk DMA only libata.pata_dma=2 ATAPI DMA only libata.pata_dma=4 CF DMA only (or combinations thereof - 0,1,3 being the useful ones I suspect) (I've split CF as it seems to be a seperate case of pain and suffering different to the others and caused by assorted PIO wired adapters etc) SATA is not affected - for one its not clear it makes sense to disable DMA for SATA if even always possible, for two we've seen no failure evidence to justify needing to support this kind of hammer on SATA. Signed-off-by: Alan Cox --- Documentation/kernel-parameters.txt | 6 ++++++ drivers/ata/libata-core.c | 17 +++++++++++++++++ 2 files changed, 23 insertions(+) --- linux-2.6.22.noarch.orig/drivers/ata/libata-core.c +++ linux-2.6.22.noarch/drivers/ata/libata-core.c @@ -93,6 +93,10 @@ static int ata_ignore_hpa = 0; module_param_named(ignore_hpa, ata_ignore_hpa, int, 0644); MODULE_PARM_DESC(ignore_hpa, "Ignore HPA limit (0=keep BIOS limits, 1=ignore limits, using full disk)"); +static int ata_pata_dma = ATA_DMA_MASK_ATA|ATA_DMA_MASK_ATAPI|ATA_DMA_MASK_CFA; +module_param_named(pata_dma, ata_pata_dma, int, 0644); +MODULE_PARM_DESC(pata_dma, "Use DMA on PATA devices"); + static int ata_probe_timeout = ATA_TMOUT_INTERNAL / HZ; module_param(ata_probe_timeout, int, 0444); MODULE_PARM_DESC(ata_probe_timeout, "Set ATA probing timeout (seconds)"); @@ -2821,16 +2825,29 @@ int ata_do_set_mode(struct ata_port *ap, /* step 1: calculate xfer_mask */ for (i = 0; i < ATA_MAX_DEVICES; i++) { unsigned int pio_mask, dma_mask; + unsigned int mode_mask; dev = &ap->device[i]; if (!ata_dev_enabled(dev)) continue; + mode_mask = ATA_DMA_MASK_ATA; + if (dev->class == ATA_DEV_ATAPI) + mode_mask = ATA_DMA_MASK_ATAPI; + else if (ata_id_is_cfa(dev->id)) + mode_mask = ATA_DMA_MASK_CFA; + ata_dev_xfermask(dev); pio_mask = ata_pack_xfermask(dev->pio_mask, 0, 0); dma_mask = ata_pack_xfermask(0, dev->mwdma_mask, dev->udma_mask); + + if ((ata_pata_dma & mode_mask) || ap->cbl == ATA_CBL_SATA) + dma_mask = ata_pack_xfermask(0, dev->mwdma_mask, dev->udma_mask); + else + dma_mask = 0; + dev->pio_mode = ata_xfer_mask2mode(pio_mask); dev->dma_mode = ata_xfer_mask2mode(dma_mask); --- linux-2.6.22.noarch.orig/Documentation/kernel-parameters.txt +++ linux-2.6.22.noarch/Documentation/kernel-parameters.txt @@ -853,6 +853,12 @@ and is between 256 and 4096 characters. llsc*= [IA64] See function print_params() in arch/ia64/sn/kernel/llsc4.c. + libata.pata_dma= [LIBATA] + libata.pata_dma=0 Disable all PATA DMA like old IDE + libata.pata_dma=1 Disk DMA only + libata.pata_dma=2 ATAPI DMA only + libata.pata_dma=4 CF DMA only + load_ramdisk= [RAM] List of ramdisks to load from floppy See Documentation/ramdisk.txt. linux-2.6-libata-pata_it821x-dma.patch: pata_it821x.c | 4 ++++ 1 files changed, 4 insertions(+) --- NEW FILE linux-2.6-libata-pata_it821x-dma.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bce7d5e0e1fc0c1f1251b7f21a19cb48207408b6 Commit: bce7d5e0e1fc0c1f1251b7f21a19cb48207408b6 Parent: 08ebd43d6b9b63de681b8f255c0fabae8033527c Author: Jeff Norden AuthorDate: Tue Sep 4 11:07:20 2007 -0500 Committer: Jeff Garzik CommitDate: Mon Sep 10 21:53:00 2007 -0400 bz 242229 pata_it821x: fix lost interrupt with atapi devices Fix "lost" interrupt problem when using dma with CD/DVD drives in some configurations. This problem can make installing linux from media impossible for distro's that have switched to libata-only configurations. The simple fix is to eliminate the use of dma for reading drive status, etc, by checking the number of bytes to transferred. This change will only affect the behavior of atapi devices, not disks. There is more info at http://bugzilla.redhat.com/show_bug.cgi?id=242229 This patch is for 2.6.22.1 Signed-off-by: Jeff Norden Reviewed-by: Alan Cox Signed-off-by: Jeff Garzik --- drivers/ata/pata_it821x.c | 4 ++++ 1 file changed, 4 insertions(+) --- linux-2.6.22.noarch.orig/drivers/ata/pata_it821x.c +++ linux-2.6.22.noarch/drivers/ata/pata_it821x.c @@ -533,6 +533,10 @@ static int it821x_check_atapi_dma(struct struct ata_port *ap = qc->ap; struct it821x_dev *itdev = ap->private_data; + /* Only use dma for transfers to/from the media. */ + if (qc->nbytes < 2048) + return -EOPNOTSUPP; + /* No ATAPI DMA in smart mode */ if (itdev->smart) return -EOPNOTSUPP; linux-2.6-libata-pata_via-cable-detect.patch: pata_via.c | 13 ++++++++++--- 1 files changed, 10 insertions(+), 3 deletions(-) --- NEW FILE linux-2.6-libata-pata_via-cable-detect.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=08ebd43d6b9b63de681b8f255c0fabae8033527c Commit: 08ebd43d6b9b63de681b8f255c0fabae8033527c Parent: 897ee77bfba12b83752027427a41009961458ee6 Author: Laurent Riffard AuthorDate: Sun Sep 2 21:01:32 2007 +0200 Committer: Jeff Garzik CommitDate: Mon Sep 10 21:50:24 2007 -0400 Fix broken pata_via cable detection via_do_set_mode overwrites 80-wire cable detection bits. Let's preserve them. Signed-off-by: Laurent Riffard Acked-by: Alan Cox Signed-off-by: Jeff Garzik --- drivers/ata/pata_via.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) --- linux-2.6.22.noarch.orig/drivers/ata/pata_via.c +++ linux-2.6.22.noarch/drivers/ata/pata_via.c @@ -240,7 +240,6 @@ static void via_do_set_mode(struct ata_p int ut; int offset = 3 - (2*ap->port_no) - adev->devno; - /* Calculate the timing values we require */ ata_timing_compute(adev, mode, &t, T, UT); @@ -287,9 +286,17 @@ static void via_do_set_mode(struct ata_p ut = t.udma ? (0xe0 | (FIT(t.udma, 2, 9) - 2)) : 0x07; break; } + /* Set UDMA unless device is not UDMA capable */ - if (udma_type) - pci_write_config_byte(pdev, 0x50 + offset, ut); + if (udma_type) { + u8 cable80_status; + + /* Get 80-wire cable detection bit */ + pci_read_config_byte(pdev, 0x50 + offset, &cable80_status); + cable80_status &= 0x10; + + pci_write_config_byte(pdev, 0x50 + offset, ut | cable80_status); + } } static void via_set_piomode(struct ata_port *ap, struct ata_device *adev) linux-2.6-lvm-snapshot-deadlock-fix.patch: dm-exception-store.c | 48 +++++++++++++++++++++++++++++++++++++++++++----- 1 files changed, 43 insertions(+), 5 deletions(-) --- NEW FILE linux-2.6-lvm-snapshot-deadlock-fix.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fcac03abd325e4f7a4cc8fe05fea2793b1c8eb75 Commit: fcac03abd325e4f7a4cc8fe05fea2793b1c8eb75 Parent: 596f138eede0c113aa655937c8be85fc15ccd61c Author: Milan Broz AuthorDate: Thu Jul 12 17:28:00 2007 +0100 Committer: Linus Torvalds CommitDate: Thu Jul 12 15:01:08 2007 -0700 bz 269541 dm snapshot: fix invalidation deadlock Process persistent exception store metadata IOs in a separate thread. A snapshot may become invalid while inside generic_make_request(). A synchronous write is then needed to update the metadata while still inside that function. Since the introduction of md-dm-reduce-stack-usage-with-stacked-block-devices.patch this has to be performed by a separate thread to avoid deadlock. Signed-off-by: Milan Broz Signed-off-by: Alasdair G Kergon Signed-off-by: Linus Torvalds --- drivers/md/dm-exception-store.c | 48 +++++++++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 5 deletions(-) --- linux-2.6.22.noarch.orig/drivers/md/dm-exception-store.c +++ linux-2.6.22.noarch/drivers/md/dm-exception-store.c @@ -125,6 +125,8 @@ struct pstore { uint32_t callback_count; struct commit_callback *callbacks; struct dm_io_client *io_client; + + struct workqueue_struct *metadata_wq; }; static inline unsigned int sectors_to_pages(unsigned int sectors) @@ -156,10 +158,24 @@ static void free_area(struct pstore *ps) ps->area = NULL; } +struct mdata_req { + struct io_region *where; + struct dm_io_request *io_req; + struct work_struct work; + int result; +}; + +static void do_metadata(struct work_struct *work) +{ + struct mdata_req *req = container_of(work, struct mdata_req, work); + + req->result = dm_io(req->io_req, 1, req->where, NULL); +} + /* * Read or write a chunk aligned and sized block of data from a device. */ -static int chunk_io(struct pstore *ps, uint32_t chunk, int rw) +static int chunk_io(struct pstore *ps, uint32_t chunk, int rw, int metadata) { struct io_region where = { .bdev = ps->snap->cow->bdev, @@ -173,8 +189,23 @@ static int chunk_io(struct pstore *ps, u .client = ps->io_client, .notify.fn = NULL, }; + struct mdata_req req; + + if (!metadata) + return dm_io(&io_req, 1, &where, NULL); - return dm_io(&io_req, 1, &where, NULL); + req.where = &where; + req.io_req = &io_req; + + /* + * Issue the synchronous I/O from a different thread + * to avoid generic_make_request recursion. + */ + INIT_WORK(&req.work, do_metadata); + queue_work(ps->metadata_wq, &req.work); + flush_workqueue(ps->metadata_wq); + + return req.result; } /* @@ -189,7 +220,7 @@ static int area_io(struct pstore *ps, ui /* convert a metadata area index to a chunk index */ chunk = 1 + ((ps->exceptions_per_area + 1) * area); - r = chunk_io(ps, chunk, rw); + r = chunk_io(ps, chunk, rw, 0); if (r) return r; @@ -230,7 +261,7 @@ static int read_header(struct pstore *ps if (r) return r; - r = chunk_io(ps, 0, READ); + r = chunk_io(ps, 0, READ, 1); if (r) goto bad; @@ -292,7 +323,7 @@ static int write_header(struct pstore *p dh->version = cpu_to_le32(ps->version); dh->chunk_size = cpu_to_le32(ps->snap->chunk_size); - return chunk_io(ps, 0, WRITE); + return chunk_io(ps, 0, WRITE, 1); } /* @@ -409,6 +440,7 @@ static void persistent_destroy(struct ex { struct pstore *ps = get_info(store); + destroy_workqueue(ps->metadata_wq); dm_io_client_destroy(ps->io_client); vfree(ps->callbacks); free_area(ps); @@ -589,6 +621,12 @@ int dm_create_persistent(struct exceptio atomic_set(&ps->pending_count, 0); ps->callbacks = NULL; + ps->metadata_wq = create_singlethread_workqueue("ksnaphd"); + if (!ps->metadata_wq) { + DMERR("couldn't start header metadata update thread"); + return -ENOMEM; + } + store->destroy = persistent_destroy; store->read_metadata = persistent_read_metadata; store->prepare_exception = persistent_prepare; linux-2.6-scsi-mpt-vmware-fix.patch: mptbase.c | 15 +++++++++++++-- 1 files changed, 13 insertions(+), 2 deletions(-) --- NEW FILE linux-2.6-scsi-mpt-vmware-fix.patch --- The attached patch is a workaround for a bug in VMWare's emulated LSI Fusion SCSI HBA. The emulated firmware returns zero for the maximum number of attached devices; the real firmware returns a positive number. Therefore, the kernel that boots and works fine on bare metal will fail on VMWare because this firmware value is handed to the SCSI midlayer, which then skips the entire bus scan. F7 bz 241935 The patch below was submitted by Eric Moore of LSI to the linux-scsi mailing list: http://marc.info/?l=linux-scsi&m=117432237404247 then immediately rejected by Christoph Hellwig, who prefers that VMWare fix their emulation instead. --- drivers/message/fusion/mptbase.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) --- linux-2.6.22.noarch.orig/drivers/message/fusion/mptbase.c +++ linux-2.6.22.noarch/drivers/message/fusion/mptbase.c @@ -2573,8 +2573,19 @@ GetPortFacts(MPT_ADAPTER *ioc, int portn pfacts->MaxPersistentIDs = le16_to_cpu(pfacts->MaxPersistentIDs); pfacts->MaxLanBuckets = le16_to_cpu(pfacts->MaxLanBuckets); - max_id = (ioc->bus_type == SAS) ? pfacts->PortSCSIID : - pfacts->MaxDevices; + switch (ioc->bus_type) { + case SAS: + max_id = pfacts->PortSCSIID; + break; + case FC: + max_id = pfacts->MaxDevices; + break; + case SPI: + default: + max_id = MPT_MAX_SCSI_DEVICES; + break; + } + ioc->devices_per_bus = (max_id > 255) ? 256 : max_id; ioc->number_of_buses = (ioc->devices_per_bus < 256) ? 1 : max_id/256; linux-2.6-skb_copy_and_csum_datagram_iovec.patch: datagram.c | 3 +++ 1 files changed, 3 insertions(+) --- NEW FILE linux-2.6-skb_copy_and_csum_datagram_iovec.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ef8aef55ce61fd0e2af798695f7386ac756ae1e7 Commit: ef8aef55ce61fd0e2af798695f7386ac756ae1e7 Parent: 2fbe43f6f631dd7ce19fb1499d6164a5bdb34568 Author: Herbert Xu AuthorDate: Thu Sep 6 14:06:35 2007 +0100 Committer: David S. Miller CommitDate: Tue Sep 11 10:29:07 2007 +0200 [NET]: Do not dereference iov if length is zero When msg_iovlen is zero we shouldn't try to dereference msg_iov. Right now the only thing that tries to do so is skb_copy_and_csum_datagram_iovec. Since the total length should also be zero if msg_iovlen is zero, it's sufficient to check the total length there and simply return if it's zero. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/core/datagram.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/net/core/datagram.c b/net/core/datagram.c index cb056f4..029b93e 100644 --- a/net/core/datagram.c +++ b/net/core/datagram.c @@ -450,6 +450,9 @@ int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, __wsum csum; int chunk = skb->len - hlen; + if (!chunk) + return 0; + /* Skip filled elements. * Pretty silly, look at memcpy_toiovec, though 8) */ linux-2.6-usb-storage-initialize-huawei-e220-properly.patch: initializers.c | 14 ++++++++++++++ initializers.h | 3 +++ unusual_devs.h | 11 +++++++++++ 3 files changed, 28 insertions(+) --- NEW FILE linux-2.6-usb-storage-initialize-huawei-e220-properly.patch --- >From johann.wilhelm at student.tugraz.at Sun Sep 9 08:19:38 2007 From: Johann Wilhelm Date: Wed, 05 Sep 2007 13:49:29 +0200 Subject: USB: usb-storage: Initialize Huawei E220 properly To: linux-usb-devel at lists.sourceforge.net Cc: greg at kroah.com, drussell at redhat.com Message-ID: <20070905134929.5fv51ji2v40gkw0c at webmail.tugraz.at> Content-Disposition: inline bz 253096 From: Johann Wilhelm This is a reworked version of this patch: http://www.mail-archive.com/linux-usb-devel%40lists.sourceforge.net/msg55094/activate_huawei_dev.patch That properly initializes the HUAWEI E220 devices into multi-port mode. Signed-off-by: Johann Wilhelm Signed-off-by: Greg Kroah-Hartman --- drivers/usb/storage/initializers.c | 14 ++++++++++++++ drivers/usb/storage/initializers.h | 3 +++ drivers/usb/storage/unusual_devs.h | 11 +++++++++++ 3 files changed, 28 insertions(+) --- linux-2.6.22.noarch.orig/drivers/usb/storage/initializers.c +++ linux-2.6.22.noarch/drivers/usb/storage/initializers.c @@ -90,3 +90,17 @@ int usb_stor_ucr61s2b_init(struct us_dat return (res ? -1 : 0); } + +/* This places the HUAWEI E220 devices in multi-port mode */ +int usb_stor_huawei_e220_init(struct us_data *us) +{ + int result; + + us->iobuf[0] = 0x1; + result = usb_stor_control_msg(us, us->send_ctrl_pipe, + USB_REQ_SET_FEATURE, + USB_TYPE_STANDARD | USB_RECIP_DEVICE, + 0x01, 0x0, us->iobuf, 0x1, 1000); + US_DEBUGP("usb_control_msg performing result is %d\n", result); + return (result ? 0 : -1); +} --- linux-2.6.22.noarch.orig/drivers/usb/storage/initializers.h +++ linux-2.6.22.noarch/drivers/usb/storage/initializers.h @@ -47,3 +47,6 @@ int usb_stor_euscsi_init(struct us_data /* This function is required to activate all four slots on the UCR-61S2B * flash reader */ int usb_stor_ucr61s2b_init(struct us_data *us); + +/* This places the HUAWEI E220 devices in multi-port mode */ +int usb_stor_huawei_e220_init(struct us_data *us); --- linux-2.6.22.noarch.orig/drivers/usb/storage/unusual_devs.h +++ linux-2.6.22.noarch/drivers/usb/storage/unusual_devs.h @@ -1394,6 +1394,17 @@ UNUSUAL_DEV( 0x1210, 0x0003, 0x0100, 0x US_SC_DEVICE, US_PR_DEVICE, NULL, US_FL_IGNORE_RESIDUE ), +/* Reported by fangxiaozhi + * and by linlei + * Patch reworked by Johann Wilhelm + * This brings the HUAWEI E220 devices into multi-port mode + */ +UNUSUAL_DEV( 0x12d1, 0x1003, 0x0000, 0x0000, + "HUAWEI MOBILE", + "Mass Storage", + US_SC_DEVICE, US_PR_DEVICE, usb_stor_huawei_e220_init, + 0), + /* Reported by Vilius Bilinkevicius +- add option to disable DMA on libata PATA devices +- fix DMA on ATAPI devices with it821x +- fix cable detection on pata_via +- fix vmware's broken SCSI device emulation +- fix init of huawei 220 modem +- LVM: fix hang and lockups during snapshot (#269541) +- net: fix oops with zero-length packet + +* Wed Sep 05 2007 Chuck Ebbert - CFS scheduler updates - utrace update (#248532, #267161, #284311) From fedora-cvs-commits at redhat.com Thu Sep 13 20:50:29 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 13 Sep 2007 16:50:29 -0400 Subject: rpms/kernel/FC-6/configs config-powerpc-generic,1.30,1.31 Message-ID: <200709132050.l8DKoSM6004555@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6/configs In directory cvs.devel.redhat.com:/tmp/cvs-serv4515/configs Modified Files: config-powerpc-generic Log Message: * Thu Sep 13 2007 Chuck Ebbert - Restore ofpath functionality (IDE_PROC_FS=y) Index: config-powerpc-generic =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/configs/config-powerpc-generic,v retrieving revision 1.30 retrieving revision 1.31 diff -u -r1.30 -r1.31 --- config-powerpc-generic 10 Jul 2007 01:23:53 -0000 1.30 +++ config-powerpc-generic 13 Sep 2007 20:50:26 -0000 1.31 @@ -189,7 +189,7 @@ # CONFIG_BLK_DEV_HD is not set # CONFIG_USB_STORAGE_ISD200 is not set CONFIG_MTD_PHYSMAP_OF=m -# CONFIG_IDE_PROC_FS is not set +CONFIG_IDE_PROC_FS=y CONFIG_MACINTOSH_DRIVERS=y # CONFIG_DEBUG_PAGEALLOC is not set From fedora-cvs-commits at redhat.com Thu Sep 13 20:50:28 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 13 Sep 2007 16:50:28 -0400 Subject: rpms/kernel/FC-6 kernel-2.6.spec,1.3020,1.3021 Message-ID: <200709132050.l8DKoSa2004550@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv4515 Modified Files: kernel-2.6.spec Log Message: * Thu Sep 13 2007 Chuck Ebbert - Restore ofpath functionality (IDE_PROC_FS=y) Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3020 retrieving revision 1.3021 diff -u -r1.3020 -r1.3021 --- kernel-2.6.spec 12 Sep 2007 23:16:57 -0000 1.3020 +++ kernel-2.6.spec 13 Sep 2007 20:50:25 -0000 1.3021 @@ -2267,7 +2267,10 @@ %endif %changelog -* Wed Sep 05 2007 Chuck Ebbert +* Thu Sep 13 2007 Chuck Ebbert +- Restore ofpath functionality (IDE_PROC_FS=y) + +* Wed Sep 12 2007 Chuck Ebbert - add option to disable DMA on libata PATA devices - fix DMA on ATAPI devices with it821x - fix cable detection on pata_via @@ -2276,11 +2279,11 @@ - LVM: fix hang and lockups during snapshot (#269541) - net: fix oops with zero-length packet -* Wed Sep 05 2007 Chuck Ebbert +* Wed Sep 12 2007 Chuck Ebbert - CFS scheduler updates - utrace update (#248532, #267161, #284311) -* Wed Sep 05 2007 Chuck Ebbert +* Wed Sep 12 2007 Chuck Ebbert - Update utrace * Tue Aug 28 2007 Chuck Ebbert From fedora-cvs-commits at redhat.com Thu Sep 13 21:20:10 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 13 Sep 2007 17:20:10 -0400 Subject: rpms/kernel/FC-6 patch-2.6.22.6.bz2.sign, NONE, 1.1 .cvsignore, 1.570, 1.571 kernel-2.6.spec, 1.3021, 1.3022 sources, 1.534, 1.535 upstream, 1.454, 1.455 patch-2.6.22.5.bz2.sign, 1.1, NONE patch-2.6.22.6-rc1.patch, 1.1, NONE Message-ID: <200709132120.l8DLKABq006585@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv6566 Modified Files: .cvsignore kernel-2.6.spec sources upstream Added Files: patch-2.6.22.6.bz2.sign Removed Files: patch-2.6.22.5.bz2.sign patch-2.6.22.6-rc1.patch Log Message: * Thu Sep 13 2007 Chuck Ebbert - Linux 2.6.22.6 (official) --- NEW FILE patch-2.6.22.6.bz2.sign --- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://www.kernel.org/signature.html for info iD8DBQBG17R8yGugalF9Dw4RAnFOAJ9oLLhlBcFaSr/lBib0QoQJ+2mhlwCeLrUk j84LtxB51tt2Mxnvkl8kzUU= =/XAz -----END PGP SIGNATURE----- Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/.cvsignore,v retrieving revision 1.570 retrieving revision 1.571 diff -u -r1.570 -r1.571 --- .cvsignore 23 Aug 2007 18:08:47 -0000 1.570 +++ .cvsignore 13 Sep 2007 21:20:07 -0000 1.571 @@ -3,4 +3,4 @@ temp-* kernel-2.6.22 linux-2.6.22.tar.bz2 -patch-2.6.22.5.bz2 +patch-2.6.22.6.bz2 Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3021 retrieving revision 1.3022 diff -u -r1.3021 -r1.3022 --- kernel-2.6.spec 13 Sep 2007 20:50:25 -0000 1.3021 +++ kernel-2.6.spec 13 Sep 2007 21:20:07 -0000 1.3022 @@ -30,7 +30,7 @@ ## If this is a released kernel ## %if 0%{?released_kernel} # Do we have a 2.6.21.y update to apply? -%define stable_update 5 +%define stable_update 6 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev .%{stable_update} @@ -497,7 +497,7 @@ %endif # stable -rc -Patch02: patch-2.6.22.6-rc1.patch +# Patch02: patch-2.6.22.6-rc1.patch %if !%{nopatches} @@ -1066,7 +1066,7 @@ ApplyPatch linux-2.6-build-nonintconfig.patch # stable -rc -ApplyPatch patch-2.6.22.6-rc1.patch +# ApplyPatch patch-2.6.22.6-rc1.patch %if !%{nopatches} @@ -2268,6 +2268,9 @@ %changelog * Thu Sep 13 2007 Chuck Ebbert +- Linux 2.6.22.6 (official) + +* Thu Sep 13 2007 Chuck Ebbert - Restore ofpath functionality (IDE_PROC_FS=y) * Wed Sep 12 2007 Chuck Ebbert Index: sources =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/sources,v retrieving revision 1.534 retrieving revision 1.535 diff -u -r1.534 -r1.535 --- sources 23 Aug 2007 18:08:47 -0000 1.534 +++ sources 13 Sep 2007 21:20:07 -0000 1.535 @@ -1,2 +1,2 @@ 2e230d005c002fb3d38a3ca07c0200d0 linux-2.6.22.tar.bz2 -27544a58763bbd4ce497a77658af744a patch-2.6.22.5.bz2 +f2948e364ab3e4736b9e34f02173472f patch-2.6.22.6.bz2 Index: upstream =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/upstream,v retrieving revision 1.454 retrieving revision 1.455 diff -u -r1.454 -r1.455 --- upstream 23 Aug 2007 18:08:47 -0000 1.454 +++ upstream 13 Sep 2007 21:20:07 -0000 1.455 @@ -1,2 +1,2 @@ linux-2.6.22.tar.bz2 -patch-2.6.22.5.bz2 +patch-2.6.22.6.bz2 --- patch-2.6.22.5.bz2.sign DELETED --- --- patch-2.6.22.6-rc1.patch DELETED --- From fedora-cvs-commits at redhat.com Thu Sep 13 22:21:35 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 13 Sep 2007 18:21:35 -0400 Subject: rpms/kernel/FC-6 linux-2.6-futex-fix-traversal.patch, NONE, 1.1 linux-2.6-usb-allow-1-byte-replies.patch, NONE, 1.1 linux-2.6-usb-fixup-interval-lengths.patch, NONE, 1.1 linux-2.6-usb-linked-list-insertion.patch, NONE, 1.1 kernel-2.6.spec, 1.3022, 1.3023 Message-ID: <200709132221.l8DMLZiu011427@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv11408 Modified Files: kernel-2.6.spec Added Files: linux-2.6-futex-fix-traversal.patch linux-2.6-usb-allow-1-byte-replies.patch linux-2.6-usb-fixup-interval-lengths.patch linux-2.6-usb-linked-list-insertion.patch Log Message: * Thu Sep 13 2007 Chuck Ebbert - USB: three trivial fixes - futex: fix compat list traversal linux-2.6-futex-fix-traversal.patch: futex_compat.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) --- NEW FILE linux-2.6-futex-fix-traversal.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=179c85ea53bef807621f335767e41e23f86f01df Commit: 179c85ea53bef807621f335767e41e23f86f01df Parent: a570ab6f10462b062c28188b64377b8034235761 Author: Arnd Bergmann AuthorDate: Tue Sep 11 15:23:49 2007 -0700 Committer: Linus Torvalds CommitDate: Tue Sep 11 17:21:20 2007 -0700 futex_compat: fix list traversal bugs The futex list traversal on the compat side appears to have a bug. It's loop termination condition compares: while (compat_ptr(uentry) != &head->list) But that can't be right because "uentry" has the special "pi" indicator bit still potentially set at bit 0. This is cleared by fetch_robust_entry() into the "entry" return value. What this seems to mean is that the list won't terminate when list iteration gets back to the the head. And we'll also process the list head like a normal entry, which could cause all kinds of problems. So we should check for equality with "entry". That pointer is of the non-compat type so we have to do a little casting to keep the compiler and sparse happy. The same problem can in theory occur with the 'pending' variable, although that has not been reported from users so far. Based on the original patch from David Miller. Acked-by: Ingo Molnar Cc: Thomas Gleixner Cc: David Miller Signed-off-by: Arnd Bergmann Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- kernel/futex_compat.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c index f792136..7e52eb0 100644 --- a/kernel/futex_compat.c +++ b/kernel/futex_compat.c @@ -61,10 +61,10 @@ void compat_exit_robust_list(struct task_struct *curr) if (fetch_robust_entry(&upending, &pending, &head->list_op_pending, &pip)) return; - if (upending) + if (pending) handle_futex_death((void __user *)pending + futex_offset, curr, pip); - while (compat_ptr(uentry) != &head->list) { + while (entry != (struct robust_list __user *) &head->list) { /* * A pending lock might already be on the list, so * dont process it twice: linux-2.6-usb-allow-1-byte-replies.patch: hub.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) --- NEW FILE linux-2.6-usb-allow-1-byte-replies.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=46dede4690bbb23a2c9d60561e2e4fdc3e6bee61 Commit: 46dede4690bbb23a2c9d60561e2e4fdc3e6bee61 Parent: f095137e799ddb6a7c2bf0e4c73cda193ab9df41 Author: Alan Stern AuthorDate: Tue Aug 14 10:56:10 2007 -0400 Committer: Greg Kroah-Hartman CommitDate: Wed Aug 22 14:27:49 2007 -0700 USB: accept 1-byte Device Status replies, fixing some b0rken devices Some devices have a bug which causes them to send a 1-byte reply to Get-Device-Status requests instead of 2 bytes as required by the spec. This doesn't play well with autosuspend, since we look for a valid status reply to make sure the device is still present when it resumes. Without both bytes, we assume the device has been disconnected. Lack of the second byte shouldn't matter much, since the spec requires it always to be equal to 0. Hence this patch (as959) causes finish_port_resume() to accept a 1-byte reply as valid. Signed-off-by: Alan Stern Acked-by: David Brownell Signed-off-by: Greg Kroah-Hartman [: reworked for 2.6.22] [: made test more careful] --- drivers/usb/core/hub.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- linux-2.6.22.noarch.orig/drivers/usb/core/hub.c +++ linux-2.6.22.noarch/drivers/usb/core/hub.c @@ -1719,7 +1719,7 @@ int usb_port_suspend(struct usb_device * static int finish_port_resume(struct usb_device *udev) { int status; - u16 devstatus; + u16 devstatus = 0; /* caller owns the udev device lock */ dev_dbg(&udev->dev, "finish resume\n"); @@ -1739,7 +1739,7 @@ static int finish_port_resume(struct usb */ status = usb_get_status(udev, USB_RECIP_DEVICE, 0, &devstatus); if (status >= 0) - status = (status == 2 ? 0 : -ENODEV); + status = (status == 2 || status == 1) ? 0 : -ENODEV; if (status) dev_dbg(&udev->dev, linux-2.6-usb-fixup-interval-lengths.patch: config.c | 12 +++++++++--- 1 files changed, 9 insertions(+), 3 deletions(-) --- NEW FILE linux-2.6-usb-fixup-interval-lengths.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=300871cd963e24a68aaa9b762f4a10403697d9be Commit: 300871cd963e24a68aaa9b762f4a10403697d9be Parent: 87d093e25d73249ae92b28ae88db92eaea7df70f Author: Laurent Pinchart AuthorDate: Tue Jun 12 21:47:17 2007 +0200 Committer: Greg Kroah-Hartman CommitDate: Thu Jul 12 16:34:37 2007 -0700 USB: Fix up full-speed bInterval values in high-speed interrupt descriptor Many device manufacturers are using full-speed bInterval values in high-speed interrupt endpoint descriptors. If the bInterval value is greater than 16, assume the device uses full-speed descriptors and fix the value accordingly. Signed-off-by: Laurent Pinchart Acked-by: Alan Stern Signed-off-by: Greg Kroah-Hartman --- drivers/usb/core/config.c | 12 +++++++++--- 1 files changed, 9 insertions(+), 3 deletions(-) diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c index 9152e12..5e113db 100644 --- a/drivers/usb/core/config.c +++ b/drivers/usb/core/config.c @@ -85,15 +85,21 @@ static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum, memcpy(&endpoint->desc, d, n); INIT_LIST_HEAD(&endpoint->urb_list); - /* If the bInterval value is outside the legal range, - * set it to a default value: 32 ms */ + /* Fix up bInterval values outside the legal range. Use 32 ms if no + * proper value can be guessed. */ i = 0; /* i = min, j = max, n = default */ j = 255; if (usb_endpoint_xfer_int(d)) { i = 1; switch (to_usb_device(ddev)->speed) { case USB_SPEED_HIGH: - n = 9; /* 32 ms = 2^(9-1) uframes */ + /* Many device manufacturers are using full-speed + * bInterval values in high-speed interrupt endpoint + * descriptors. Try to fix those and fall back to a + * 32 ms default value otherwise. */ + n = fls(d->bInterval*8); + if (n == 0) + n = 9; /* 32 ms = 2^(9-1) uframes */ j = 16; break; default: /* USB_SPEED_FULL or _LOW */ linux-2.6-usb-linked-list-insertion.patch: driver.c | 2 +- 1 files changed, 1 insertion(+), 1 deletion(-) --- NEW FILE linux-2.6-usb-linked-list-insertion.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e5dd01154c1e9ca2400f4682602d1a4fa54c25dd Commit: e5dd01154c1e9ca2400f4682602d1a4fa54c25dd Parent: ce05916f6bf9906fba88853078715f9a4d300237 Author: Nathael Pajani AuthorDate: Tue Sep 4 11:46:23 2007 +0200 Committer: Greg Kroah-Hartman CommitDate: Tue Sep 11 07:48:15 2007 -0700 USB: fix linked list insertion bugfix for usb core This patch fixes the order of list_add_tail() arguments in usb_store_new_id() so the list can have more than one single element. Signed-off-by: Nathael Pajani Cc: stable Signed-off-by: Greg Kroah-Hartman --- drivers/usb/core/driver.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c index a1ad11d..63b1243 100644 --- a/drivers/usb/core/driver.c +++ b/drivers/usb/core/driver.c @@ -60,7 +60,7 @@ ssize_t usb_store_new_id(struct usb_dynids *dynids, dynid->id.match_flags = USB_DEVICE_ID_MATCH_DEVICE; spin_lock(&dynids->lock); - list_add_tail(&dynids->list, &dynid->node); + list_add_tail(&dynid->node, &dynids->list); spin_unlock(&dynids->lock); if (get_driver(driver)) { Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3022 retrieving revision 1.3023 diff -u -r1.3022 -r1.3023 --- kernel-2.6.spec 13 Sep 2007 21:20:07 -0000 1.3022 +++ kernel-2.6.spec 13 Sep 2007 22:21:31 -0000 1.3023 @@ -617,7 +617,13 @@ Patch742: linux-2.6-sdhci-clear-error-interrupt.patch Patch760: linux-2.6-v4l-dvb-fix-airstar-hd5000-tuner.patch Patch770: linux-2.6-irda-smc-remove-quirk.patch +Patch771: linux-2.6-futex-fix-traversal.patch + Patch780: linux-2.6-usb-storage-initialize-huawei-e220-properly.patch +Patch781: linux-2.6-usb-allow-1-byte-replies.patch +Patch782: linux-2.6-usb-fixup-interval-lengths.patch +Patch783: linux-2.6-usb-linked-list-insertion.patch + Patch800: linux-2.6-wakeups-hdaps.patch Patch801: linux-2.6-wakeups.patch Patch900: linux-2.6-sched-cfs-v2.6.22.5-v20.5.patch @@ -1322,11 +1328,17 @@ ApplyPatch linux-2.6-v4l-dvb-fix-airstar-hd5000-tuner.patch # irda: remove smc quirk that breaks hp 6000 notebooks ApplyPatch linux-2.6-irda-smc-remove-quirk.patch +# futex: fix compat list traveral +ApplyPatch linux-2.6-futex-fix-traversal.patch # USB # # fix init of huawei device ApplyPatch linux-2.6-usb-storage-initialize-huawei-e220-properly.patch +# trivial USB fixes +ApplyPatch linux-2.6-usb-allow-1-byte-replies.patch +ApplyPatch linux-2.6-usb-fixup-interval-lengths.patch +ApplyPatch linux-2.6-usb-linked-list-insertion.patch # timers @@ -2268,6 +2280,10 @@ %changelog * Thu Sep 13 2007 Chuck Ebbert +- USB: three trivial fixes +- futex: fix compat list traversal + +* Thu Sep 13 2007 Chuck Ebbert - Linux 2.6.22.6 (official) * Thu Sep 13 2007 Chuck Ebbert From fedora-cvs-commits at redhat.com Thu Sep 13 22:47:36 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 13 Sep 2007 18:47:36 -0400 Subject: rpms/kernel/FC-6 linux-2.6-libata-pata-dma-disable-option.patch, 1.1, 1.2 Message-ID: <200709132247.l8DMlaEq013586@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv13547 Modified Files: linux-2.6-libata-pata-dma-disable-option.patch Log Message: fix libata DMA patch linux-2.6-libata-pata-dma-disable-option.patch: Documentation/kernel-parameters.txt | 6 ++++++ drivers/ata/libata-core.c | 17 +++++++++++++++++ include/linux/libata.h | 6 ++++++ 3 files changed, 29 insertions(+) Index: linux-2.6-libata-pata-dma-disable-option.patch =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/linux-2.6-libata-pata-dma-disable-option.patch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- linux-2.6-libata-pata-dma-disable-option.patch 12 Sep 2007 23:16:57 -0000 1.1 +++ linux-2.6-libata-pata-dma-disable-option.patch 13 Sep 2007 22:47:32 -0000 1.2 @@ -20,11 +20,22 @@ Signed-off-by: Alan Cox ---- - Documentation/kernel-parameters.txt | 6 ++++++ - drivers/ata/libata-core.c | 17 +++++++++++++++++ - 2 files changed, 23 insertions(+) +--- linux-2.6.22.noarch.orig/include/linux/libata.h ++++ linux-2.6.22.noarch/include/linux/libata.h +@@ -298,6 +298,12 @@ enum { + ATA_HORKAGE_NODMA = (1 << 1), /* DMA problems */ + ATA_HORKAGE_NONCQ = (1 << 2), /* Don't use NCQ */ + ATA_HORKAGE_MAX_SEC_128 = (1 << 3), /* Limit max sects to 128 */ ++ ++ /* DMA mask for user DMA control: User visible values do not ++ renumber */ ++ ATA_DMA_MASK_ATA = (1 << 0), /* DMA on ATA Disk */ ++ ATA_DMA_MASK_ATAPI = (1 << 1), /* DMA on ATAPI */ ++ ATA_DMA_MASK_CFA = (1 << 2), /* DMA on CF Card */ + }; + + enum hsm_task_states { --- linux-2.6.22.noarch.orig/drivers/ata/libata-core.c +++ linux-2.6.22.noarch/drivers/ata/libata-core.c @@ -93,6 +93,10 @@ static int ata_ignore_hpa = 0; From fedora-cvs-commits at redhat.com Mon Sep 17 07:19:25 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Mon, 17 Sep 2007 03:19:25 -0400 Subject: rpms/procps/FC-6 procps-3.2.7-top-cpu0.patch, NONE, 1.1 procps.spec, 1.63, 1.64 Message-ID: <200709170719.l8H7JPWq009818@cvs.devel.redhat.com> Author: tsmetana Update of /cvs/dist/rpms/procps/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv9802 Modified Files: procps.spec Added Files: procps-3.2.7-top-cpu0.patch Log Message: * Mon Sep 17 2007 Tomas Smetana 3.2.7-12 - fix #185994 - top "Cpu0" line never updates when using "Single Cpu = Off" option on single processor machine procps-3.2.7-top-cpu0.patch: top.c | 11 +++++++++-- 1 files changed, 9 insertions(+), 2 deletions(-) --- NEW FILE procps-3.2.7-top-cpu0.patch --- --- procps-3.2.7/top.c.orig 2007-09-07 21:28:41.000000000 +0100 +++ procps-3.2.7/top.c 2007-09-07 21:29:15.000000000 +0100 @@ -959,8 +959,15 @@ // and just in case we're 2.2.xx compiled without SMP support... if (Cpu_tot == 1) { - cpus[1].id = 0; - memcpy(cpus, &cpus[1], sizeof(CPU_t)); + cpus[0].id = cpus[1].id = 0; + cpus[0].u = cpus[1].u; + cpus[0].n = cpus[1].n; + cpus[0].s = cpus[1].s; + cpus[0].i = cpus[1].i; + cpus[0].w = cpus[1].w; + cpus[0].x = cpus[1].x; + cpus[0].y = cpus[1].y; + cpus[0].z = cpus[1].z; } // now value each separate cpu's tics Index: procps.spec =================================================================== RCS file: /cvs/dist/rpms/procps/FC-6/procps.spec,v retrieving revision 1.63 retrieving revision 1.64 diff -u -r1.63 -r1.64 --- procps.spec 18 Jun 2007 10:52:03 -0000 1.63 +++ procps.spec 17 Sep 2007 07:19:23 -0000 1.64 @@ -1,7 +1,7 @@ Summary: System and process monitoring utilities. Name: procps Version: 3.2.7 -Release: 11%{?dist} +Release: 12%{?dist} License: GPL Group: Applications/System Source: http://procps.sourceforge.net/procps-%{version}.tar.gz @@ -58,6 +58,8 @@ Patch27: procps-3.2.7-ps-plussort.patch #244152 - ps truncates eip and esp to 32-bit values on 64-bit systems Patch28: procps-3.2.7-ps-eip64.patch +#185994 - error when using "Single Cpu = Off" option +Patch29: procps-3.2.7-top-cpu0.patch BuildRequires: ncurses-devel @@ -111,6 +113,7 @@ %patch26 -p1 %patch27 -p1 %patch28 -p1 +%patch29 -p1 cp %SOURCE1 . @@ -148,6 +151,10 @@ %attr(0644,root,root) %{_mandir}/man5/* %changelog +* Mon Sep 17 2007 Tomas Smetana 3.2.7-12 +- fix #185994 - top "Cpu0" line never updates when using + "Single Cpu = Off" option on single processor machine + * Mon Jun 18 2007 Tomas Smetana 3.2.7-11 - fix #244152 ps truncates eip and esp to 32-bit values on 64-bit systems From fedora-cvs-commits at redhat.com Mon Sep 17 07:24:19 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Mon, 17 Sep 2007 03:24:19 -0400 Subject: rpms/openoffice.org/FC-6 workspace.tipatch8.patch, NONE, 1.1 openoffice.org.spec, 1.947, 1.948 Message-ID: <200709170724.l8H7OJ8J010296@cvs.devel.redhat.com> Author: jnavrati Update of /cvs/dist/rpms/openoffice.org/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv10276 Modified Files: openoffice.org.spec Added Files: workspace.tipatch8.patch Log Message: Resolves: rhbz#251975 CVE-2007-2834 workspace.tipatch8.patch workspace.tipatch8.patch: itiff.cxx | 54 ++++++++++++++++++++++++++++++++++++------------------ 1 files changed, 36 insertions(+), 18 deletions(-) --- NEW FILE workspace.tipatch8.patch --- Index: source/filter.vcl/itiff/itiff.cxx =================================================================== RCS file: /cvs/graphics/goodies/source/filter.vcl/itiff/itiff.cxx,v retrieving revision 1.13 retrieving revision 1.13.72.1 diff -u -r1.13 -r1.13.72.1 --- openoffice.org.orig/goodies/source/filter.vcl/itiff/itiff.cxx 14 Nov 2006 16:17:15 -0000 1.13 +++ openoffice.org/goodies/source/filter.vcl/itiff/itiff.cxx 20 Jun 2007 14:21:15 -0000 1.13.72.1 @@ -132,7 +132,7 @@ double ReadDoubleData(); void ReadHeader(); - void ReadTagData( USHORT nTagType, ULONG nDataLen ); + void ReadTagData( USHORT nTagType, sal_uInt32 nDataLen ); BOOL ReadMap( ULONG nMinPercent, ULONG nMaxPercent ); // Liesst/dekomprimert die Bitmap-Daten, und fuellt pMap @@ -290,7 +290,7 @@ // --------------------------------------------------------------------------------- -void TIFFReader::ReadTagData( USHORT nTagType, ULONG nDataLen) +void TIFFReader::ReadTagData( USHORT nTagType, sal_uInt32 nDataLen) { if ( bStatus == FALSE ) return; @@ -353,16 +353,25 @@ case 0x0111: { // Strip Offset(s) ULONG nOldNumSO, i, * pOldSO; pOldSO = pStripOffsets; - if ( pOldSO == NULL ) nNumStripOffsets = 0; // Sicherheitshalber + if ( pOldSO == NULL ) + nNumStripOffsets = 0; nOldNumSO = nNumStripOffsets; - nNumStripOffsets += nDataLen; - pStripOffsets = new ULONG[ nNumStripOffsets ]; - for ( i = 0; i < nOldNumSO; i++ ) - pStripOffsets[ i ] = pOldSO[ i ] + nOrigPos; - for ( i = nOldNumSO; i < nNumStripOffsets; i++ ) - pStripOffsets[ i ] = ReadIntData() + nOrigPos; - if ( pOldSO != NULL ) + nDataLen += nOldNumSO; + if ( ( nDataLen > nOldNumSO ) && ( nDataLen < SAL_MAX_UINT32 / sizeof( sal_uInt32 ) ) ) + { + nNumStripOffsets = nDataLen; + pStripOffsets = new ULONG[ nNumStripOffsets ]; + if ( !pStripOffsets ) + nNumStripOffsets = 0; + else + { + for ( i = 0; i < nOldNumSO; i++ ) + pStripOffsets[ i ] = pOldSO[ i ] + nOrigPos; + for ( i = nOldNumSO; i < nNumStripOffsets; i++ ) + pStripOffsets[ i ] = ReadIntData() + nOrigPos; + } delete[] pOldSO; + } OOODEBUG("StripOffsets (Anzahl:)",nDataLen); break; } @@ -384,16 +393,25 @@ case 0x0117: { // Strip Byte Counts ULONG nOldNumSBC, i, * pOldSBC; pOldSBC = pStripByteCounts; - if ( pOldSBC == NULL ) nNumStripByteCounts = 0; // Sicherheitshalber + if ( pOldSBC == NULL ) + nNumStripByteCounts = 0; // Sicherheitshalber nOldNumSBC = nNumStripByteCounts; - nNumStripByteCounts += nDataLen; - pStripByteCounts = new ULONG[ nNumStripByteCounts ]; - for ( i = 0; i < nOldNumSBC; i++ ) - pStripByteCounts[ i ] = pOldSBC[ i ]; - for ( i = nOldNumSBC; i < nNumStripByteCounts; i++) - pStripByteCounts[ i ] = ReadIntData(); - if ( pOldSBC != NULL ) + nDataLen += nOldNumSBC; + if ( ( nDataLen > nOldNumSBC ) && ( nDataLen < SAL_MAX_UINT32 / sizeof( sal_uInt32 ) ) ) + { + nNumStripByteCounts = nDataLen; + pStripByteCounts = new ULONG[ nNumStripByteCounts ]; + if ( !nNumStripByteCounts ) + nNumStripByteCounts = 0; + else + { + for ( i = 0; i < nOldNumSBC; i++ ) + pStripByteCounts[ i ] = pOldSBC[ i ]; + for ( i = nOldNumSBC; i < nNumStripByteCounts; i++) + pStripByteCounts[ i ] = ReadIntData(); + } delete[] pOldSBC; + } OOODEBUG("StripByteCounts (Anzahl:)",nDataLen); break; } Index: openoffice.org.spec =================================================================== RCS file: /cvs/dist/rpms/openoffice.org/FC-6/openoffice.org.spec,v retrieving revision 1.947 retrieving revision 1.948 diff -u -r1.947 -r1.948 --- openoffice.org.spec 1 Jun 2007 11:26:14 -0000 1.947 +++ openoffice.org.spec 17 Sep 2007 07:24:17 -0000 1.948 @@ -1,6 +1,6 @@ %define oootag OOD680 %define ooomilestone 5 -%define rh_rpm_release 5.23 +%define rh_rpm_release 5.24 # gcc#19664# %define stlvisibilityfcked 1 @@ -167,6 +167,7 @@ Patch99: workspace.dba22b.patch Patch100: workspace.cmcfixes34.patch Patch101: openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch +Patch102: workspace.tipatch8.patch %define instdir %{_libdir}/openoffice.org2.0 @@ -1068,6 +1069,7 @@ %patch99 -p1 -b .workspace.dba22b.patch %patch100 -p1 -b .workspace.cmcfixes34.patch %patch101 -p1 -b .ooo77214.rtfprtdata.sw.patch +%patch102 -p1 -b .workspace.tipatch8.patch tar xzf %{SOURCE1} @@ -2597,6 +2599,9 @@ %{instdir}/share/registry/modules/org/openoffice/Office/Scripting/Scripting-python.xcu %changelog +* Mon Seb 17 2007 Jan Navratil - 1:2.0.4-5.5.24 +- Resolves: rhbz#251975 CVE-2007-2834 workspace.tipatch8.patch + * Fri Jun 01 2007 Caolan McNamara - 1:2.0.4-5.5.23 - Resolves: CVE-2007-0245 ooo#77214 rtf prtdata - Resolves: rhbz#240738 workspace.dba22b.patch From fedora-cvs-commits at redhat.com Mon Sep 17 07:47:12 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Mon, 17 Sep 2007 03:47:12 -0400 Subject: rpms/openoffice.org/FC-6 openoffice.org.spec,1.948,1.949 Message-ID: <200709170747.l8H7lCEY011853@cvs.devel.redhat.com> Author: jnavrati Update of /cvs/dist/rpms/openoffice.org/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv11812 Modified Files: openoffice.org.spec Log Message: Resolves: rhbz#251975 CVE-2007-2834 workspace.tipatch8.patch Index: openoffice.org.spec =================================================================== RCS file: /cvs/dist/rpms/openoffice.org/FC-6/openoffice.org.spec,v retrieving revision 1.948 retrieving revision 1.949 diff -u -r1.948 -r1.949 --- openoffice.org.spec 17 Sep 2007 07:24:17 -0000 1.948 +++ openoffice.org.spec 17 Sep 2007 07:47:09 -0000 1.949 @@ -2599,7 +2599,7 @@ %{instdir}/share/registry/modules/org/openoffice/Office/Scripting/Scripting-python.xcu %changelog -* Mon Seb 17 2007 Jan Navratil - 1:2.0.4-5.5.24 +* Mon Sep 17 2007 Jan Navratil - 1:2.0.4-5.5.24 - Resolves: rhbz#251975 CVE-2007-2834 workspace.tipatch8.patch * Fri Jun 01 2007 Caolan McNamara - 1:2.0.4-5.5.23 From fedora-cvs-commits at redhat.com Mon Sep 17 15:07:39 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Mon, 17 Sep 2007 11:07:39 -0400 Subject: rpms/freeradius/FC-6 freeradius-1.1.7-lsb.patch, 1.1, 1.2 freeradius.spec, 1.39, 1.40 Message-ID: <200709171507.l8HF7d6J011394@cvs.devel.redhat.com> Author: twoerner Update of /cvs/dist/rpms/freeradius/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv11376 Modified Files: freeradius-1.1.7-lsb.patch freeradius.spec Log Message: - fixed initscript problem (rhbz#292521) freeradius-1.1.7-lsb.patch: rc.radiusd-redhat | 35 ++++++++++++++++++++++++----------- 1 files changed, 24 insertions(+), 11 deletions(-) Index: freeradius-1.1.7-lsb.patch =================================================================== RCS file: /cvs/dist/rpms/freeradius/FC-6/freeradius-1.1.7-lsb.patch,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- freeradius-1.1.7-lsb.patch 28 Aug 2007 15:55:55 -0000 1.1 +++ freeradius-1.1.7-lsb.patch 17 Sep 2007 15:07:37 -0000 1.2 @@ -1,6 +1,6 @@ diff -up freeradius-1.1.7/redhat/rc.radiusd-redhat.lsb freeradius-1.1.7/redhat/rc.radiusd-redhat --- freeradius-1.1.7/redhat/rc.radiusd-redhat.lsb 2002-09-14 01:13:58.000000000 +0200 -+++ freeradius-1.1.7/redhat/rc.radiusd-redhat 2007-08-28 15:21:59.000000000 +0200 ++++ freeradius-1.1.7/redhat/rc.radiusd-redhat 2007-09-17 17:02:58.000000000 +0200 @@ -20,6 +20,14 @@ # Copyright (C) 2001 The FreeRADIUS Project http://www.freeradius.org # @@ -40,7 +40,7 @@ ln -s /var/run/radiusd/radiusd.pid /var/run/radiusd.pid 2>/dev/null ;; stop) -+ [ $running -ne 0 ] || exit 0 ++ [ $running -eq 0 ] || exit 0 echo -n $"Stopping RADIUS server: " killproc $RADIUSD RETVAL=$? @@ -48,7 +48,7 @@ RETVAL=$? ;; reload) -+ [ $running -ne 0 ] && exit 7 ++ [ $running -eq 0 ] || exit 7 echo -n $"Reloading RADIUS server: " killproc $RADIUSD -HUP RETVAL=$? @@ -69,7 +69,7 @@ - RETVAL=$? - fi + condrestart|try-restart) -+ [ ! -f $LOCKF ] && exit 7 ++ [ $running -eq 0 ] || exit 7 + $0 stop + sleep 3 + $0 start Index: freeradius.spec =================================================================== RCS file: /cvs/dist/rpms/freeradius/FC-6/freeradius.spec,v retrieving revision 1.39 retrieving revision 1.40 diff -u -r1.39 -r1.40 --- freeradius.spec 28 Aug 2007 16:15:13 -0000 1.39 +++ freeradius.spec 17 Sep 2007 15:07:37 -0000 1.40 @@ -1,7 +1,7 @@ Summary: High-performance and highly configurable free RADIUS server Name: freeradius Version: 1.1.7 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Daemons URL: http://www.freeradius.org/ @@ -301,6 +301,9 @@ %changelog +* Mon Sep 17 2007 Thomas Woerner 1.1.7-3 +- fixed initscript problem (rhbz#292521) + * Tue Aug 28 2007 Thomas Woerner 1.1.7-2 - fixed initscript for LSB (rhbz#243671, rhbz#243928) - fixed license tag From fedora-cvs-commits at redhat.com Mon Sep 17 15:19:12 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Mon, 17 Sep 2007 11:19:12 -0400 Subject: rpms/qt/FC-6 qt-3.3.6-bz#292951-CVE-2007-4137.patch, NONE, 1.1 qt.spec, 1.130, 1.131 Message-ID: <200709171519.l8HFJCqW012479@cvs.devel.redhat.com> Author: than Update of /cvs/dist/rpms/qt/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv12441 Modified Files: qt.spec Added Files: qt-3.3.6-bz#292951-CVE-2007-4137.patch Log Message: bz292951, CVE-2007-4137 qt-3.3.6-bz#292951-CVE-2007-4137.patch: qutfcodec.cpp | 2 +- 1 files changed, 1 insertion(+), 1 deletion(-) --- NEW FILE qt-3.3.6-bz#292951-CVE-2007-4137.patch --- --- src/codecs/qutfcodec.cpp +++ src/codecs/qutfcodec.cpp @@ -165,7 +165,7 @@ public: QString toUnicode(const char* chars, int len) { QString result; - result.setLength( len ); // worst case + result.setLength( len + 1 ); // worst case QChar *qch = (QChar *)result.unicode(); uchar ch; int error = -1; Index: qt.spec =================================================================== RCS file: /cvs/dist/rpms/qt/FC-6/qt.spec,v retrieving revision 1.130 retrieving revision 1.131 diff -u -r1.130 -r1.131 --- qt.spec 29 Aug 2007 17:40:52 -0000 1.130 +++ qt.spec 17 Sep 2007 15:19:10 -0000 1.131 @@ -1,7 +1,7 @@ Summary: The shared library for the Qt GUI toolkit. Name: qt Version: 3.3.8 -Release: 1%{?dist}.1 +Release: 2%{?dist} Epoch: 1 License: GPL/QPL Group: System Environment/Libraries @@ -65,6 +65,7 @@ # security patces Patch300: qt3-CVE-2007-3388.patch Patch301: utf8-bug-qt3-CVE-2007-0242.diff +Patch302: qt-3.3.6-bz#292951-CVE-2007-4137.patch %define qt_dirname qt-3.3 %define qtdir %{_libdir}/%{qt_dirname} @@ -291,6 +292,7 @@ # security patches %patch300 -p1 -b .CVE-2007-3388 %patch301 -p0 -b .CVE-2007-0242 +%patch302 -p0 -b .CVE-2007-4137 # convert to UTF-8 iconv -f iso-8859-1 -t utf-8 < doc/man/man3/qdial.3qt > doc/man/man3/qdial.3qt_ @@ -552,6 +554,9 @@ %changelog +* Mon Sep 17 2007 Than Ngo - 1:3.3.8-2.fc6 +- bz292951, CVE-2007-4137 + * Wed Aug 29 2007 Than Ngo - 1:3.3.8-1.fc6.1 - CVE-2007-3388 qt format string flaw - bz#234635, CVE-2007-0242 qt UTF8 improper character expansion From fedora-cvs-commits at redhat.com Mon Sep 17 15:26:50 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Mon, 17 Sep 2007 11:26:50 -0400 Subject: rpms/freeradius/FC-6 freeradius-1.1.7-lsb.patch, 1.2, 1.3 freeradius.spec, 1.40, 1.41 Message-ID: <200709171526.l8HFQoaW013064@cvs.devel.redhat.com> Author: twoerner Update of /cvs/dist/rpms/freeradius/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv13025 Modified Files: freeradius-1.1.7-lsb.patch freeradius.spec Log Message: - made init script fully lsb conform freeradius-1.1.7-lsb.patch: rc.radiusd-redhat | 35 ++++++++++++++++++++++++----------- 1 files changed, 24 insertions(+), 11 deletions(-) Index: freeradius-1.1.7-lsb.patch =================================================================== RCS file: /cvs/dist/rpms/freeradius/FC-6/freeradius-1.1.7-lsb.patch,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- freeradius-1.1.7-lsb.patch 17 Sep 2007 15:07:37 -0000 1.2 +++ freeradius-1.1.7-lsb.patch 17 Sep 2007 15:26:31 -0000 1.3 @@ -1,6 +1,6 @@ diff -up freeradius-1.1.7/redhat/rc.radiusd-redhat.lsb freeradius-1.1.7/redhat/rc.radiusd-redhat --- freeradius-1.1.7/redhat/rc.radiusd-redhat.lsb 2002-09-14 01:13:58.000000000 +0200 -+++ freeradius-1.1.7/redhat/rc.radiusd-redhat 2007-09-17 17:02:58.000000000 +0200 ++++ freeradius-1.1.7/redhat/rc.radiusd-redhat 2007-09-17 17:20:07.000000000 +0200 @@ -20,6 +20,14 @@ # Copyright (C) 2001 The FreeRADIUS Project http://www.freeradius.org # @@ -69,7 +69,7 @@ - RETVAL=$? - fi + condrestart|try-restart) -+ [ $running -eq 0 ] || exit 7 ++ [ $running -eq 0 ] || exit 0 + $0 stop + sleep 3 + $0 start @@ -78,7 +78,7 @@ *) echo $"Usage: $0 {start|stop|status|restart|reload|condrestart}" - exit 1 -+ RETVAL=3 ++ RETVAL=2 esac exit $RETVAL Index: freeradius.spec =================================================================== RCS file: /cvs/dist/rpms/freeradius/FC-6/freeradius.spec,v retrieving revision 1.40 retrieving revision 1.41 diff -u -r1.40 -r1.41 --- freeradius.spec 17 Sep 2007 15:07:37 -0000 1.40 +++ freeradius.spec 17 Sep 2007 15:26:31 -0000 1.41 @@ -1,7 +1,7 @@ Summary: High-performance and highly configurable free RADIUS server Name: freeradius Version: 1.1.7 -Release: 3%{?dist} +Release: 3.1%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Daemons URL: http://www.freeradius.org/ @@ -301,6 +301,9 @@ %changelog +* Mon Sep 17 2007 Thomas Woerner 1.1.7-3.1 +- made init script fully lsb conform + * Mon Sep 17 2007 Thomas Woerner 1.1.7-3 - fixed initscript problem (rhbz#292521) From fedora-cvs-commits at redhat.com Mon Sep 17 15:55:41 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Mon, 17 Sep 2007 11:55:41 -0400 Subject: rpms/sendmail/FC-6 sendmail.init,1.16,1.17 sendmail.spec,1.78,1.79 Message-ID: <200709171555.l8HFtfhs015516@cvs.devel.redhat.com> Author: twoerner Update of /cvs/dist/rpms/sendmail/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv15500 Modified Files: sendmail.init sendmail.spec Log Message: - made init script fully lsb conform Index: sendmail.init =================================================================== RCS file: /cvs/dist/rpms/sendmail/FC-6/sendmail.init,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- sendmail.init 29 Aug 2007 16:29:07 -0000 1.16 +++ sendmail.init 17 Sep 2007 15:55:38 -0000 1.17 @@ -137,12 +137,12 @@ RETVAL=$? ;; stop) - [ $running -ne 0 ] || exit 0 + [ $running -eq 0 ] || exit 0 stop RETVAL=$? ;; reload) - [ $running -ne 0 ] && exit 7 + [ $running -eq 0 ] || exit 7 reload RETVAL=$? ;; @@ -152,7 +152,7 @@ RETVAL=$? ;; condrestart|try-restart) - [ ! -f /var/lock/subsys/sendmail ] && exit 7 + [ $running -eq 0 ] || exit 0 stop start RETVAL=$? @@ -165,7 +165,7 @@ ;; *) echo $"Usage: $0 {start|stop|restart|condrestart|status}" - RETVAL=3 + RETVAL=2 esac exit $RETVAL Index: sendmail.spec =================================================================== RCS file: /cvs/dist/rpms/sendmail/FC-6/sendmail.spec,v retrieving revision 1.78 retrieving revision 1.79 diff -u -r1.78 -r1.79 --- sendmail.spec 29 Aug 2007 16:29:07 -0000 1.78 +++ sendmail.spec 17 Sep 2007 15:55:38 -0000 1.79 @@ -15,7 +15,7 @@ Summary: A widely used Mail Transport Agent (MTA) Name: sendmail Version: 8.14.1 -Release: 4.1%{?dist} +Release: 4.2%{?dist} License: Sendmail Group: System Environment/Daemons URL: http://www.sendmail.org/ @@ -537,6 +537,9 @@ %changelog +* Mon Sep 17 2007 Thomas Woerner 8.14.1-4.2 +- made init script fully lsb conform + * Wed Aug 29 2007 Thomas Woerner 8.14.1-4.1 - fixed condrestart in init script to use exit instead of return - dropped glibc-2.6.90+ patch for FC-6 From fedora-cvs-commits at redhat.com Tue Sep 18 12:59:02 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 18 Sep 2007 08:59:02 -0400 Subject: rpms/php/FC-6 php-5.1.6-CVE-2007-2756.patch, NONE, 1.1 php-5.1.6-CVE-2007-2872.patch, NONE, 1.1 php-5.1.6-CVE-2007-3799.patch, NONE, 1.1 php-5.1.6-CVE-2007-3996.patch, NONE, 1.1 php-5.1.6-CVE-2007-3998.patch, NONE, 1.1 php-5.1.6-CVE-2007-4658.patch, NONE, 1.1 php-5.1.6-CVE-2007-4670.patch, NONE, 1.1 php.spec, 1.127, 1.128 Message-ID: <200709181259.l8ICx2uF010781@cvs.devel.redhat.com> Author: jorton Update of /cvs/dist/rpms/php/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv10748 Modified Files: php.spec Added Files: php-5.1.6-CVE-2007-2756.patch php-5.1.6-CVE-2007-2872.patch php-5.1.6-CVE-2007-3799.patch php-5.1.6-CVE-2007-3996.patch php-5.1.6-CVE-2007-3998.patch php-5.1.6-CVE-2007-4658.patch php-5.1.6-CVE-2007-4670.patch Log Message: * Tue Sep 18 2007 Joe Orton 5.1.6-3.7.fc6 - add security fixes for CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670 - fix mime_content_type (Kir Kolyshkin, #177926) php-5.1.6-CVE-2007-2756.patch: gd_png.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletion(-) --- NEW FILE php-5.1.6-CVE-2007-2756.patch --- --- php-5.1.6/ext/gd/libgd/gd_png.c.cve2756 +++ php-5.1.6/ext/gd/libgd/gd_png.c @@ -71,7 +71,11 @@ static void gdPngErrorHandler (png_struc static void gdPngReadData (png_structp png_ptr, png_bytep data, png_size_t length) { - gdGetBuf(data, length, (gdIOCtx *) png_get_io_ptr(png_ptr)); + int check; + check = gdGetBuf(data, length, (gdIOCtx *) png_get_io_ptr(png_ptr)); + if (check != length) { + png_error(png_ptr, "Read Error: truncated data"); + } } static void gdPngWriteData (png_structp png_ptr, png_bytep data, png_size_t length) php-5.1.6-CVE-2007-2872.patch: string.c | 16 +++++++++++++++- 1 files changed, 15 insertions(+), 1 deletion(-) --- NEW FILE php-5.1.6-CVE-2007-2872.patch --- --- php-5.1.6/ext/standard/string.c.cve2872 +++ php-5.1.6/ext/standard/string.c @@ -1856,11 +1856,25 @@ static char *php_chunk_split(char *src, char *p, *q; int chunks; /* complete chunks! */ int restlen; + int out_len; chunks = srclen / chunklen; restlen = srclen - chunks * chunklen; /* srclen % chunklen */ - dest = safe_emalloc((srclen + (chunks + 1) * endlen + 1), sizeof(char), 0); + if(chunks > INT_MAX - 1) { + return NULL; + } + out_len = chunks + 1; + if(endlen !=0 && out_len > INT_MAX/endlen) { + return NULL; + } + out_len *= endlen; + if(out_len > INT_MAX - srclen - 1) { + return NULL; + } + out_len += srclen + 1; + + dest = safe_emalloc((int)out_len, sizeof(char), 0); for (p = src, q = dest; p < (src + srclen - chunklen + 1); ) { memcpy(q, p, chunklen); php-5.1.6-CVE-2007-3799.patch: session.c | 18 +++++++++++++++--- 1 files changed, 15 insertions(+), 3 deletions(-) --- NEW FILE php-5.1.6-CVE-2007-3799.patch --- --- php-5.1.6/ext/session/session.c.cve3799 +++ php-5.1.6/ext/session/session.c @@ -46,6 +46,7 @@ #include "ext/standard/php_rand.h" /* for RAND_MAX */ #include "ext/standard/info.h" #include "ext/standard/php_smart_str.h" +#include "ext/standard/url.h" #include "mod_files.h" #include "mod_user.h" @@ -1028,6 +1029,7 @@ static void php_session_send_cookie(TSRM { smart_str ncookie = {0}; char *date_fmt = NULL; + char *e_session_name, *e_id; if (SG(headers_sent)) { char *output_start_filename = php_get_output_start_filename(TSRMLS_C); @@ -1041,11 +1043,18 @@ static void php_session_send_cookie(TSRM } return; } + + /* URL encode session_name and id because they might be user supplied */ + e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL); + e_id = php_url_encode(PS(id), strlen(PS(id)), NULL); smart_str_appends(&ncookie, COOKIE_SET_COOKIE); - smart_str_appends(&ncookie, PS(session_name)); + smart_str_appends(&ncookie, e_session_name); smart_str_appendc(&ncookie, '='); - smart_str_appends(&ncookie, PS(id)); + smart_str_appends(&ncookie, e_id); + + efree(e_session_name); + efree(e_id); if (PS(cookie_lifetime) > 0) { struct timeval tv; @@ -1230,8 +1239,11 @@ PHPAPI void php_session_start(TSRMLS_D) char *q; p += lensess + 1; - if ((q = strpbrk(p, "/?\\"))) + if ((q = strpbrk(p, "/?\\"))) { PS(id) = estrndup(p, q - p); + PS(send_cookie) = 0; + } + } /* check whether the current request was referred to by php-5.1.6-CVE-2007-3996.patch: gd.c | 8 ++++++++ libgd/gd.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ libgd/gd_gd.c | 2 +- 3 files changed, 61 insertions(+), 1 deletion(-) --- NEW FILE php-5.1.6-CVE-2007-3996.patch --- --- php-5.1.6/ext/gd/libgd/gd.c.cve3996 +++ php-5.1.6/ext/gd/libgd/gd.c @@ -116,10 +116,34 @@ void php_gd_error(const char *format, .. va_end(args); } +static int overflow2(int a, int b) +{ + if(a < 0 || b < 0) { + php_gd_error("gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n"); + return 1; + } + if(b == 0) + return 0; + if(a > INT_MAX / b) { + php_gd_error("gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n"); + return 1; + } + return 0; +} + gdImagePtr gdImageCreate (int sx, int sy) { int i; gdImagePtr im; + + if (overflow2(sx, sy)) { + return NULL; + } + + if (overflow2(sizeof(unsigned char *), sy)) { + return NULL; + } + im = (gdImage *) gdMalloc(sizeof(gdImage)); memset(im, 0, sizeof(gdImage)); /* Row-major ever since gd 1.3 */ @@ -162,6 +186,19 @@ gdImagePtr gdImageCreateTrueColor (int s { int i; gdImagePtr im; + + if (overflow2(sx, sy)) { + return NULL; + } + + if (overflow2(sizeof(unsigned char *), sy)) { + return NULL; + } + + if (overflow2(sizeof(int), sx)) { + return NULL; + } + im = (gdImage *) gdMalloc(sizeof(gdImage)); memset(im, 0, sizeof(gdImage)); im->tpixels = (int **) gdMalloc(sizeof(int *) * sy); @@ -2340,6 +2377,14 @@ void gdImageCopyResized (gdImagePtr dst, int *stx, *sty; /* We only need to use floating point to determine the correct stretch vector for one line's worth. */ double accum; + + if (overflow2(sizeof(int), srcW)) { + return; + } + if (overflow2(sizeof(int), srcH)) { + return; + } + stx = (int *) gdMalloc (sizeof (int) * srcW); sty = (int *) gdMalloc (sizeof (int) * srcH); accum = 0; @@ -3119,6 +3164,10 @@ void gdImageFilledPolygon (gdImagePtr im return; } + if (overflow2(sizeof(int), n)) { + return; + } + if (c == gdAntiAliased) { fill_color = im->AA_color; } else { @@ -3133,6 +3182,9 @@ void gdImageFilledPolygon (gdImagePtr im while (im->polyAllocated < n) { im->polyAllocated *= 2; } + if (overflow2(sizeof(int), im->polyAllocated)) { + return; + } im->polyInts = (int *) gdRealloc(im->polyInts, sizeof(int) * im->polyAllocated); } miny = p[0].y; --- php-5.1.6/ext/gd/libgd/gd_gd.c.cve3996 +++ php-5.1.6/ext/gd/libgd/gd_gd.c @@ -122,7 +122,7 @@ static gdImagePtr _gdCreateFromFile (gdI } else { im = gdImageCreate(*sx, *sy); } - if (!_gdGetColors(in, im, gd2xFlag)) { + if (im && !_gdGetColors(in, im, gd2xFlag)) { goto fail2; } --- php-5.1.6/ext/gd/gd.c.cve3996 +++ php-5.1.6/ext/gd/gd.c @@ -883,6 +883,10 @@ PHP_FUNCTION(imagecreatetruecolor) im = gdImageCreateTrueColor(Z_LVAL_PP(x_size), Z_LVAL_PP(y_size)); + if (!im) { + RETURN_FALSE; + } + ZEND_REGISTER_RESOURCE(return_value, im, le_gd); } /* }}} */ @@ -1342,6 +1346,10 @@ PHP_FUNCTION(imagecreate) im = gdImageCreate(Z_LVAL_PP(x_size), Z_LVAL_PP(y_size)); + if (!im) { + RETURN_FALSE; + } + ZEND_REGISTER_RESOURCE(return_value, im, le_gd); } /* }}} */ php-5.1.6-CVE-2007-3998.patch: string.c | 5 +++++ 1 files changed, 5 insertions(+) --- NEW FILE php-5.1.6-CVE-2007-3998.patch --- --- php-5.1.6/ext/standard/string.c.cve3998 +++ php-5.1.6/ext/standard/string.c @@ -646,6 +646,11 @@ PHP_FUNCTION(wordwrap) RETURN_EMPTY_STRING(); } + if (breakcharlen == 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Break string cannot be empty"); + RETURN_FALSE; + } + if (linelength == 0 && docut) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't force cut when width is zero."); RETURN_FALSE; php-5.1.6-CVE-2007-4658.patch: string.c | 17 ++++++++++++++++- 1 files changed, 16 insertions(+), 1 deletion(-) --- NEW FILE php-5.1.6-CVE-2007-4658.patch --- --- php-5.1.6/ext/standard/string.c.cve4658 +++ php-5.1.6/ext/standard/string.c @@ -4804,13 +4804,28 @@ PHP_FUNCTION(str_word_count) PHP_FUNCTION(money_format) { int format_len = 0, str_len; - char *format, *str; + char *format, *str, *p, *e; double value; + zend_bool check = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sd", &format, &format_len, &value) == FAILURE) { return; } + p = format; + e = p + format_len; + while ((p = memchr(p, '%', (e - p)))) { + if (*(p + 1) == '%') { + p += 2; + } else if (!check) { + check = 1; + p++; + } else { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Only a single %%i or %%n token can be used"); + RETURN_FALSE; + } + } + str_len = format_len + 1024; str = emalloc(str_len); if ((str_len = strfmon(str, str_len, format, value)) < 0) { php-5.1.6-CVE-2007-4670.patch: php_variables.c | 23 ++++++++++++++++++----- 1 files changed, 18 insertions(+), 5 deletions(-) --- NEW FILE php-5.1.6-CVE-2007-4670.patch --- --- php-5.1.6/main/php_variables.c.cve4670 +++ php-5.1.6/main/php_variables.c @@ -125,10 +125,23 @@ PHPAPI void php_register_variable_ex(cha int new_idx_len = 0; if (++nest_level > PG(max_input_nesting_level)) { - /* too many levels of nesting */ - php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variable nesting level more than allowed %ld (change max_input_nesting_level in php.ini to increase the limit)", PG(max_input_nesting_level)); - } + HashTable *ht; + /* too many levels of nesting */ + + if (track_vars_array) { + ht = Z_ARRVAL_P(track_vars_array); + } else if (PG(register_globals)) { + ht = EG(active_symbol_table); + } + zend_hash_del(ht, var, var_len + 1); + zval_dtor(val); + + if (!PG(display_errors)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variable nesting level more than allowed %ld (change max_input_nesting_level in php.ini to increase the limit)", PG(max_input_nesting_level)); + } + return; + } ip++; index_s = ip; if (isspace(*ip)) { @@ -142,9 +155,9 @@ PHPAPI void php_register_variable_ex(cha /* PHP variables cannot contain '[' in their names, so we replace the character with a '_' */ *(index_s - 1) = '_'; - index_len = var_len = 0; + index_len = 0; if (index) { - index_len = var_len = strlen(index); + index_len = strlen(index); } goto plain_var; return; Index: php.spec =================================================================== RCS file: /cvs/dist/rpms/php/FC-6/php.spec,v retrieving revision 1.127 retrieving revision 1.128 diff -u -r1.127 -r1.128 --- php.spec 9 May 2007 15:39:46 -0000 1.127 +++ php.spec 18 Sep 2007 12:59:00 -0000 1.128 @@ -6,7 +6,7 @@ Summary: The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) Name: php Version: 5.1.6 -Release: 3.6%{?dist} +Release: 3.7%{?dist} License: The PHP License v3.01 Group: Development/Languages URL: http://www.php.net/ @@ -55,6 +55,13 @@ Patch84: php-5.1.6-CVE-2007-1864.patch Patch85: php-5.1.6-soapredir.patch Patch86: php-5.1.6-ftpcrlf.patch +Patch87: php-5.1.6-CVE-2007-2756.patch +Patch88: php-5.1.6-CVE-2007-2872.patch +Patch89: php-5.1.6-CVE-2007-3799.patch +Patch90: php-5.1.6-CVE-2007-3996.patch +Patch91: php-5.1.6-CVE-2007-3998.patch +Patch92: php-5.1.6-CVE-2007-4658.patch +Patch93: php-5.1.6-CVE-2007-4670.patch BuildRoot: %{_tmppath}/%{name}-root @@ -347,6 +354,13 @@ %patch84 -p1 -b .cve1864 %patch85 -p1 -b .soapredir %patch86 -p1 -b .ftpcrlf +%patch87 -p1 -b .cve2756 +%patch88 -p1 -b .cve2872 +%patch89 -p1 -b .cve3799 +%patch90 -p1 -b .cve3996 +%patch91 -p1 -b .cve3998 +%patch92 -p1 -b .cve4658 +%patch93 -p1 -b .cve4670 # Prevent %%doc confusion over LICENSE files cp Zend/LICENSE Zend/ZEND_LICENSE @@ -458,7 +472,7 @@ --enable-calendar \ --enable-dbx \ --enable-dio \ - --with-mime-magic=%{_datadir}/file/magic \ + --with-mime-magic=%{_datadir}/file/magic.mime \ --without-sqlite \ --with-libxml-dir=%{_prefix} \ --with-xml \ @@ -671,6 +685,12 @@ %files pdo -f files.pdo %changelog +* Tue Sep 18 2007 Joe Orton 5.1.6-3.7.fc6 +- add security fixes for CVE-2007-2756, CVE-2007-2872, + CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, + CVE-2007-4670 +- fix mime_content_type (Kir Kolyshkin, #177926) + * Wed May 9 2007 Joe Orton 5.1.6-3.6.fc6 - add security fixes for CVE-2007-1864, CVE-2007-2509, CVE-2007-2510 (#235016) - add README.FastCGI to -cli subpackage (#236555) From fedora-cvs-commits at redhat.com Tue Sep 18 14:57:02 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 18 Sep 2007 10:57:02 -0400 Subject: rpms/httpd/FC-6 httpd-2.2.4-oldflush.patch, NONE, 1.1 httpd-2.2.6-ssllibver.patch, NONE, 1.1 httpd-2.2.6.tar.gz.asc, NONE, 1.1 .cvsignore, 1.18, 1.19 httpd.spec, 1.103, 1.104 sources, 1.15, 1.16 upstream, 1.7, 1.8 httpd-2.0.54.tar.gz.asc, 1.1, NONE httpd-2.2.3-CVE-2006-5752.patch, 1.1, NONE httpd-2.2.3-CVE-2007-1863.patch, 1.1, NONE httpd-2.2.3-CVE-2007-3304.patch, 1.1, NONE httpd-2.2.3.tar.gz.asc, 1.1, NONE httpd-2.2.4-CVE-2007-1862.patch, 1.1, NONE Message-ID: <200709181457.l8IEv2Ge020463@cvs.devel.redhat.com> Author: jorton Update of /cvs/dist/rpms/httpd/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv20440 Modified Files: .cvsignore httpd.spec sources upstream Added Files: httpd-2.2.4-oldflush.patch httpd-2.2.6-ssllibver.patch httpd-2.2.6.tar.gz.asc Removed Files: httpd-2.0.54.tar.gz.asc httpd-2.2.3-CVE-2006-5752.patch httpd-2.2.3-CVE-2007-1863.patch httpd-2.2.3-CVE-2007-3304.patch httpd-2.2.3.tar.gz.asc httpd-2.2.4-CVE-2007-1862.patch Log Message: * Tue Sep 18 2007 Joe Orton 2.2.6-1.fc6 - update to 2.2.6 httpd-2.2.4-oldflush.patch: util_filter.c | 12 +++++++++++- 1 files changed, 11 insertions(+), 1 deletion(-) --- NEW FILE httpd-2.2.4-oldflush.patch --- http://issues.apache.org/bugzilla/show_bug.cgi?id=36780 --- httpd-2.2.4/server/util_filter.c.oldflush +++ httpd-2.2.4/server/util_filter.c @@ -578,8 +578,18 @@ AP_DECLARE_NONSTD(apr_status_t) ap_filte void *ctx) { ap_filter_t *f = ctx; + apr_status_t rv; - return ap_pass_brigade(f, bb); + rv = ap_pass_brigade(f, bb); + + /* apr_brigade_write* require that the flush function ensures that + * the brigade is empty upon return; otherwise the brigade may be + * left with a transient bucket whose contents have fallen out of + * scope. Call cleanup here unconditionally to avoid the issue in + * all cases. */ + apr_brigade_cleanup(bb); + + return rv; } AP_DECLARE(apr_status_t) ap_fflush(ap_filter_t *f, apr_bucket_brigade *bb) httpd-2.2.6-ssllibver.patch: mod_ssl.c | 2 - ssl_engine_vars.c | 56 ++++++++++++++++++++++++++---------------------------- ssl_private.h | 2 - 3 files changed, 29 insertions(+), 31 deletions(-) --- NEW FILE httpd-2.2.6-ssllibver.patch --- --- httpd-2.2.6/modules/ssl/mod_ssl.c.ssllibver +++ httpd-2.2.6/modules/ssl/mod_ssl.c @@ -500,7 +500,7 @@ static void ssl_register_hooks(apr_pool_ ap_hook_insert_filter (ssl_hook_Insert_Filter, NULL,NULL, APR_HOOK_MIDDLE); /* ap_hook_handler (ssl_hook_Upgrade, NULL,NULL, APR_HOOK_MIDDLE); */ - ssl_var_register(); + ssl_var_register(p); APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable); APR_REGISTER_OPTIONAL_FN(ssl_engine_disable); --- httpd-2.2.6/modules/ssl/ssl_engine_vars.c.ssllibver +++ httpd-2.2.6/modules/ssl/ssl_engine_vars.c @@ -58,12 +58,32 @@ static int ssl_is_https(conn_rec *c) return sslconn && sslconn->ssl; } -void ssl_var_register(void) +static const char var_interface[] = "mod_ssl/" MOD_SSL_VERSION; +static char var_library_interface[] = SSL_LIBRARY_TEXT; +static char *var_library = NULL; + +void ssl_var_register(apr_pool_t *p) { + char *cp, *cp2; + APR_REGISTER_OPTIONAL_FN(ssl_is_https); APR_REGISTER_OPTIONAL_FN(ssl_var_lookup); APR_REGISTER_OPTIONAL_FN(ssl_ext_lookup); - return; + + /* Perform once-per-process library version determination: */ + var_library = apr_pstrdup(p, SSL_LIBRARY_DYNTEXT); + + if ((cp = strchr(var_library, ' ')) != NULL) { + *cp = '/'; + if ((cp2 = strchr(cp, ' ')) != NULL) + *cp2 = NUL; + } + + if ((cp = strchr(var_library_interface, ' ')) != NULL) { + *cp = '/'; + if ((cp2 = strchr(cp, ' ')) != NULL) + *cp2 = NUL; + } } /* This function must remain safe to use for a non-SSL connection. */ @@ -635,39 +655,17 @@ static void ssl_var_lookup_ssl_cipher_bi static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var) { - static char interface[] = "mod_ssl/" MOD_SSL_VERSION; - static char library_interface[] = SSL_LIBRARY_TEXT; - static char *library = NULL; - char *result; - - if (!library) { - char *cp, *cp2; - library = apr_pstrdup(p, SSL_LIBRARY_DYNTEXT); - if ((cp = strchr(library, ' ')) != NULL) { - *cp = '/'; - if ((cp2 = strchr(cp, ' ')) != NULL) - *cp2 = NUL; - } - if ((cp = strchr(library_interface, ' ')) != NULL) { - *cp = '/'; - if ((cp2 = strchr(cp, ' ')) != NULL) - *cp2 = NUL; - } - } - if (strEQ(var, "INTERFACE")) { - result = apr_pstrdup(p, interface); + return apr_pstrdup(p, var_interface); } else if (strEQ(var, "LIBRARY_INTERFACE")) { - result = apr_pstrdup(p, library_interface); + return apr_pstrdup(p, var_library_interface); } else if (strEQ(var, "LIBRARY")) { - result = apr_pstrdup(p, library); - } - else { - result = NULL; + return apr_pstrdup(p, var_library); } - return result; + + return NULL; } --- httpd-2.2.6/modules/ssl/ssl_private.h.ssllibver +++ httpd-2.2.6/modules/ssl/ssl_private.h @@ -648,7 +648,7 @@ void ssl_die(void); void ssl_log_ssl_error(const char *, int, int, server_rec *); /** Variables */ -void ssl_var_register(void); +void ssl_var_register(apr_pool_t *p); char *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *); const char *ssl_ext_lookup(apr_pool_t *p, conn_rec *c, int peer, const char *oid); --- NEW FILE httpd-2.2.6.tar.gz.asc --- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQBG3buFizpgHwjJdeURAiQhAJ0UzwL/Sg4PZdw1USvc4CWytBg+kgCeKf83 vNBG4bcFy+gEuU0vVE/HCGM= =dt4x -----END PGP SIGNATURE----- Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/httpd/FC-6/.cvsignore,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- .cvsignore 27 Apr 2007 10:31:14 -0000 1.18 +++ .cvsignore 18 Sep 2007 14:56:59 -0000 1.19 @@ -1,3 +1,3 @@ -httpd-2.2.3.tar.gz -httpd-2.2.4 +httpd-2.2.6.tar.gz +httpd-2.2.6 clog Index: httpd.spec =================================================================== RCS file: /cvs/dist/rpms/httpd/FC-6/httpd.spec,v retrieving revision 1.103 retrieving revision 1.104 diff -u -r1.103 -r1.104 --- httpd.spec 26 Jun 2007 14:05:40 -0000 1.103 +++ httpd.spec 18 Sep 2007 14:56:59 -0000 1.104 @@ -6,8 +6,8 @@ Summary: Apache HTTP Server Name: httpd -Version: 2.2.4 -Release: 2.1%{?dist} +Version: 2.2.6 +Release: 1%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz Source1: index.html @@ -41,11 +41,8 @@ # Bug fixes Patch54: httpd-2.2.0-authnoprov.patch Patch55: httpd-2.2.4-getserver.patch -# Security fixes: -Patch70: httpd-2.2.3-CVE-2006-5752.patch -Patch71: httpd-2.2.3-CVE-2007-1863.patch -Patch72: httpd-2.2.3-CVE-2007-3304.patch -Patch73: httpd-2.2.4-CVE-2007-1862.patch +Patch56: httpd-2.2.4-oldflush.patch +Patch57: httpd-2.2.6-ssllibver.patch License: Apache Software License Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-root @@ -123,12 +120,9 @@ %patch25 -p1 -b .selinux %patch54 -p1 -b .authnoprov -%patch55 -p1 -b .getserver - -%patch70 -p1 -b .cve5752 -%patch71 -p1 -b .cve1863 -%patch72 -p1 -b .cve3304 -%patch73 -p1 -b .cve1862 +%patch55 -p1 -b .getserve +%patch56 -p1 -b .oldflush +%patch57 -p1 -b .ssllibver # Patch in vendor/release string sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1 @@ -496,6 +490,9 @@ %{_libdir}/httpd/build/*.sh %changelog +* Tue Sep 18 2007 Joe Orton 2.2.6-1.fc6 +- update to 2.2.6 + * Tue Jun 26 2007 Joe Orton 2.2.4-2.1.fc6 - add security fixes for CVE-2006-5752, CVE-2007-1862, CVE-2007-1863, CVE-2007-3304 (#244660) Index: sources =================================================================== RCS file: /cvs/dist/rpms/httpd/FC-6/sources,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- sources 23 Mar 2007 10:55:21 -0000 1.15 +++ sources 18 Sep 2007 14:56:59 -0000 1.16 @@ -1 +1 @@ -3add41e0b924d4bb53c2dee55a38c09e httpd-2.2.4.tar.gz +d050a49bd7532ec21c6bb593b3473a5d httpd-2.2.6.tar.gz Index: upstream =================================================================== RCS file: /cvs/dist/rpms/httpd/FC-6/upstream,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- upstream 28 Jul 2006 15:19:20 -0000 1.7 +++ upstream 18 Sep 2007 14:56:59 -0000 1.8 @@ -1 +1 @@ -httpd-2.2.3.tar.gz +httpd-2.2.6.tar.gz --- httpd-2.0.54.tar.gz.asc DELETED --- --- httpd-2.2.3-CVE-2006-5752.patch DELETED --- --- httpd-2.2.3-CVE-2007-1863.patch DELETED --- --- httpd-2.2.3-CVE-2007-3304.patch DELETED --- --- httpd-2.2.3.tar.gz.asc DELETED --- --- httpd-2.2.4-CVE-2007-1862.patch DELETED --- From fedora-cvs-commits at redhat.com Tue Sep 18 15:18:53 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 18 Sep 2007 11:18:53 -0400 Subject: rpms/httpd/FC-6 httpd.spec,1.104,1.105 Message-ID: <200709181518.l8IFIrr7022310@cvs.devel.redhat.com> Author: jorton Update of /cvs/dist/rpms/httpd/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv22292 Modified Files: httpd.spec Log Message: - fix CHANGES trimming Index: httpd.spec =================================================================== RCS file: /cvs/dist/rpms/httpd/FC-6/httpd.spec,v retrieving revision 1.104 retrieving revision 1.105 diff -u -r1.104 -r1.105 --- httpd.spec 18 Sep 2007 14:56:59 -0000 1.104 +++ httpd.spec 18 Sep 2007 15:18:51 -0000 1.105 @@ -144,9 +144,6 @@ # regenerate configure scripts autoheader && autoconf || exit 1 -# Limit size of CHANGES to recent history -echo '1,/Changes with Apache MPM/wq' | ed CHANGES - # Before configure; fix location of build dir in generated apxs %{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \ support/apxs.in From fedora-cvs-commits at redhat.com Wed Sep 19 10:31:02 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 19 Sep 2007 06:31:02 -0400 Subject: rpms/iptables/FC-6 iptables.init,1.12,1.13 iptables.spec,1.44,1.45 Message-ID: <200709191031.l8JAV2YS003620@cvs.devel.redhat.com> Author: twoerner Update of /cvs/dist/rpms/iptables/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv3599 Modified Files: iptables.init iptables.spec Log Message: - dropped lsb header from init script, delayes start after network Index: iptables.init =================================================================== RCS file: /cvs/dist/rpms/iptables/FC-6/iptables.init,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- iptables.init 28 Aug 2007 15:14:25 -0000 1.12 +++ iptables.init 19 Sep 2007 10:30:59 -0000 1.13 @@ -8,15 +8,6 @@ # config: /etc/sysconfig/iptables # config: /etc/sysconfig/iptables-config # -### BEGIN INIT INFO -# Provides: iptables -# Required-Start: $local_fs -# Required-Stop: $local_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: start and stop iptables firewall -# Description: Start, stop and save iptables firewall -### END INIT INFO # Source function library. . /etc/init.d/functions Index: iptables.spec =================================================================== RCS file: /cvs/dist/rpms/iptables/FC-6/iptables.spec,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- iptables.spec 28 Aug 2007 15:14:25 -0000 1.44 +++ iptables.spec 19 Sep 2007 10:30:59 -0000 1.45 @@ -3,7 +3,7 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities Version: 1.3.8 -Release: 2%{?dist} +Release: 2.1%{?dist} Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2 Source1: iptables.init Source2: iptables-config @@ -147,6 +147,9 @@ %endif %changelog +* Wed Sep 19 2007 Thomas Woerner 1.3.8-2.1 +- dropped lsb header from init script, delayes start after network + * Tue Aug 28 2007 Thomas Woerner 1.3.8-2 - FC-6 version From fedora-cvs-commits at redhat.com Wed Sep 19 10:36:40 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 19 Sep 2007 06:36:40 -0400 Subject: rpms/iptables/FC-6 iptables.init,1.13,1.14 iptables.spec,1.45,1.46 Message-ID: <200709191036.l8JAadMH004092@cvs.devel.redhat.com> Author: twoerner Update of /cvs/dist/rpms/iptables/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv4076 Modified Files: iptables.init iptables.spec Log Message: - fixed return values in init scipt Index: iptables.init =================================================================== RCS file: /cvs/dist/rpms/iptables/FC-6/iptables.init,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- iptables.init 19 Sep 2007 10:30:59 -0000 1.13 +++ iptables.init 19 Sep 2007 10:36:37 -0000 1.14 @@ -307,7 +307,7 @@ RETVAL=$? ;; condrestart|try-restart) - [ ! -e "$VAR_SUBSYS_IPTABLES" ] && exit 7 + [ $running -eq 0 ] || exit 0 restart RETVAL=$? ;; @@ -326,7 +326,7 @@ ;; *) echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}" - RETVAL=3 + RETVAL=2 ;; esac Index: iptables.spec =================================================================== RCS file: /cvs/dist/rpms/iptables/FC-6/iptables.spec,v retrieving revision 1.45 retrieving revision 1.46 diff -u -r1.45 -r1.46 --- iptables.spec 19 Sep 2007 10:30:59 -0000 1.45 +++ iptables.spec 19 Sep 2007 10:36:37 -0000 1.46 @@ -149,6 +149,7 @@ %changelog * Wed Sep 19 2007 Thomas Woerner 1.3.8-2.1 - dropped lsb header from init script, delayes start after network +- fixed return values in init scipt * Tue Aug 28 2007 Thomas Woerner 1.3.8-2 - FC-6 version From fedora-cvs-commits at redhat.com Wed Sep 19 13:06:51 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 19 Sep 2007 09:06:51 -0400 Subject: rpms/system-config-printer/FC-6 pycups-1.9.27.tar.bz2.sig, NONE, 1.1 .cvsignore, 1.121, 1.122 sources, 1.125, 1.126 system-config-printer.spec, 1.98, 1.99 pycups-1.9.24.tar.bz2.sig, 1.1, NONE Message-ID: <200709191306.l8JD6pL1014363@cvs.devel.redhat.com> Author: twaugh Update of /cvs/dist/rpms/system-config-printer/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv14329 Modified Files: .cvsignore sources system-config-printer.spec Added Files: pycups-1.9.27.tar.bz2.sig Removed Files: pycups-1.9.24.tar.bz2.sig Log Message: * Wed Sep 19 2007 Tim Waugh - Updated to pycups-1.9.27. --- NEW FILE pycups-1.9.27.tar.bz2.sig --- ?? Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/system-config-printer/FC-6/.cvsignore,v retrieving revision 1.121 retrieving revision 1.122 diff -u -r1.121 -r1.122 --- .cvsignore 9 Aug 2007 15:19:34 -0000 1.121 +++ .cvsignore 19 Sep 2007 13:06:48 -0000 1.122 @@ -101,3 +101,4 @@ pycups-1.9.18.tar.bz2 system-config-printer-0.7.63.2.tar.bz2 system-config-printer-0.7.63.3.tar.bz2 +pycups-1.9.27.tar.bz2 Index: sources =================================================================== RCS file: /cvs/dist/rpms/system-config-printer/FC-6/sources,v retrieving revision 1.125 retrieving revision 1.126 diff -u -r1.125 -r1.126 --- sources 9 Aug 2007 15:19:34 -0000 1.125 +++ sources 19 Sep 2007 13:06:48 -0000 1.126 @@ -1,2 +1,2 @@ -5038e4c6945c5183ad7061d6ee061205 pycups-1.9.24.tar.bz2 3aeb83e328d383c7f57f3311ec9a9a42 system-config-printer-0.7.63.3.tar.bz2 +20b18338b46531b1b28602deb44aa07d pycups-1.9.27.tar.bz2 Index: system-config-printer.spec =================================================================== RCS file: /cvs/dist/rpms/system-config-printer/FC-6/system-config-printer.spec,v retrieving revision 1.98 retrieving revision 1.99 diff -u -r1.98 -r1.99 --- system-config-printer.spec 9 Aug 2007 16:34:54 -0000 1.98 +++ system-config-printer.spec 19 Sep 2007 13:06:48 -0000 1.99 @@ -1,4 +1,4 @@ -%define pycups_version 1.9.24 +%define pycups_version 1.9.27 Summary: A printer administration tool Name: system-config-printer @@ -47,10 +47,6 @@ %prep %setup -q -a 1 -pushd pycups-%{pycups_version} -mkdir examples -mv cupstree.py examples -popd %build %configure @@ -135,6 +131,9 @@ fi %changelog +* Wed Sep 19 2007 Tim Waugh +- Updated to pycups-1.9.27. + * Thu Aug 9 2007 Tim Waugh 0.7.63.3-1 - 0.7.63.3: - Don't allow deletion of browsed printers (bug #250385). --- pycups-1.9.24.tar.bz2.sig DELETED --- From fedora-cvs-commits at redhat.com Wed Sep 19 13:09:13 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 19 Sep 2007 09:09:13 -0400 Subject: rpms/system-config-printer/FC-6 system-config-printer-0.7.63.4.tar.bz2.sig, NONE, 1.1 .cvsignore, 1.122, 1.123 sources, 1.126, 1.127 system-config-printer.spec, 1.99, 1.100 Message-ID: <200709191309.l8JD9DX1014553@cvs.devel.redhat.com> Author: twaugh Update of /cvs/dist/rpms/system-config-printer/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv14534 Modified Files: .cvsignore sources system-config-printer.spec Added Files: system-config-printer-0.7.63.4.tar.bz2.sig Log Message: - 0.7.63.4: - Handle IPP_TAG_NOVALUE attributes (for CUPS 1.3.x). --- NEW FILE system-config-printer-0.7.63.4.tar.bz2.sig --- ?? Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/system-config-printer/FC-6/.cvsignore,v retrieving revision 1.122 retrieving revision 1.123 diff -u -r1.122 -r1.123 --- .cvsignore 19 Sep 2007 13:06:48 -0000 1.122 +++ .cvsignore 19 Sep 2007 13:09:11 -0000 1.123 @@ -102,3 +102,4 @@ system-config-printer-0.7.63.2.tar.bz2 system-config-printer-0.7.63.3.tar.bz2 pycups-1.9.27.tar.bz2 +system-config-printer-0.7.63.4.tar.bz2 Index: sources =================================================================== RCS file: /cvs/dist/rpms/system-config-printer/FC-6/sources,v retrieving revision 1.126 retrieving revision 1.127 diff -u -r1.126 -r1.127 --- sources 19 Sep 2007 13:06:48 -0000 1.126 +++ sources 19 Sep 2007 13:09:11 -0000 1.127 @@ -1,2 +1,2 @@ -3aeb83e328d383c7f57f3311ec9a9a42 system-config-printer-0.7.63.3.tar.bz2 20b18338b46531b1b28602deb44aa07d pycups-1.9.27.tar.bz2 +32e238af2a1e86478df541a407b973ee system-config-printer-0.7.63.4.tar.bz2 Index: system-config-printer.spec =================================================================== RCS file: /cvs/dist/rpms/system-config-printer/FC-6/system-config-printer.spec,v retrieving revision 1.99 retrieving revision 1.100 diff -u -r1.99 -r1.100 --- system-config-printer.spec 19 Sep 2007 13:06:48 -0000 1.99 +++ system-config-printer.spec 19 Sep 2007 13:09:11 -0000 1.100 @@ -2,7 +2,7 @@ Summary: A printer administration tool Name: system-config-printer -Version: 0.7.63.3 +Version: 0.7.63.4 Release: 1%{?dist} License: GPL Group: System Environment/Base @@ -131,8 +131,10 @@ fi %changelog -* Wed Sep 19 2007 Tim Waugh +* Wed Sep 19 2007 Tim Waugh 0.7.63.4-1 - Updated to pycups-1.9.27. +- 0.7.63.4: + - Handle IPP_TAG_NOVALUE attributes (for CUPS 1.3.x). * Thu Aug 9 2007 Tim Waugh 0.7.63.3-1 - 0.7.63.3: From fedora-cvs-commits at redhat.com Thu Sep 20 20:57:38 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 20 Sep 2007 16:57:38 -0400 Subject: rpms/kdegames/FC-6 kdegames-3.5.7-trademarks.patch, NONE, 1.1 kdegames.spec, 1.58, 1.59 Message-ID: <200709202057.l8KKvcKH010697@cvs.devel.redhat.com> Author: than Update of /cvs/dist/rpms/kdegames/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv10671 Modified Files: kdegames.spec Added Files: kdegames-3.5.7-trademarks.patch Log Message: bz248343, removes the Tron and Sokoban trademarks, thanks to Kevin Kofler kdegames-3.5.7-trademarks.patch: README | 10 ++-- doc/katomic/index.docbook | 4 - doc/ksokoban/index.docbook | 38 +++++++-------- doc/ktron/index.docbook | 28 +++++------ katomic/katomic.desktop | 78 +++++++++++++++---------------- ksokoban/AUTHORS | 36 +++----------- ksokoban/Bookmark.cpp | 2 ksokoban/Bookmark.h | 2 ksokoban/History.cpp | 2 ksokoban/History.h | 2 ksokoban/HtmlPrinter.cpp | 2 ksokoban/ImageData.cpp | 2 ksokoban/ImageData.h | 2 ksokoban/InternalCollections.h | 2 ksokoban/LevelCollection.h | 2 ksokoban/LevelMap.cpp | 2 ksokoban/LevelMap.h | 2 ksokoban/MainWindow.cpp | 2 ksokoban/MainWindow.h | 2 ksokoban/Map.cpp | 2 ksokoban/Map.h | 2 ksokoban/MapDelta.cpp | 2 ksokoban/MapDelta.h | 2 ksokoban/ModalLabel.cpp | 2 ksokoban/ModalLabel.h | 2 ksokoban/Move.cpp | 2 ksokoban/Move.h | 2 ksokoban/MoveSequence.cpp | 2 ksokoban/MoveSequence.h | 2 ksokoban/NEWS | 6 +- ksokoban/PathFinder.cpp | 2 ksokoban/PathFinder.h | 2 ksokoban/PlayField.cpp | 2 ksokoban/PlayField.h | 2 ksokoban/Queue.h | 2 ksokoban/README | 6 +- ksokoban/StaticImage.cpp | 2 ksokoban/StaticImage.h | 2 ksokoban/data/ksokoban.desktop | 102 ++++++++++++++++++++--------------------- ksokoban/main.cpp | 6 +- ktron/README | 8 +-- ktron/TODO | 3 - ktron/ktron.cpp | 24 ++++----- ktron/ktron.desktop | 96 +++++++++++++++++++------------------- ktron/ktron.h | 12 ++-- ktron/main.cpp | 8 +-- ktron/player.cpp | 2 ktron/player.h | 2 ktron/tron.cpp | 72 ++++++++++++++-------------- ktron/tron.h | 14 ++--- 50 files changed, 298 insertions(+), 317 deletions(-) --- NEW FILE kdegames-3.5.7-trademarks.patch --- diff -ur kdegames-3.5.7/doc/katomic/index.docbook kdegames-3.5.7-trademarks/doc/katomic/index.docbook --- kdegames-3.5.7/doc/katomic/index.docbook 2006-01-19 17:36:48.000000000 +0100 +++ kdegames-3.5.7-trademarks/doc/katomic/index.docbook 2007-08-04 23:55:07.000000000 +0200 @@ -50,8 +50,8 @@ Introduction Atomic Entertainment is a small game which resembles -Sokoban. The object of the game is to build chemical -molecules on a Sokoban like board. +BoxPush. The object of the game is to build chemical +molecules on a BoxPush like board. diff -ur kdegames-3.5.7/doc/ksokoban/index.docbook kdegames-3.5.7-trademarks/doc/ksokoban/index.docbook --- kdegames-3.5.7/doc/ksokoban/index.docbook 2006-07-22 10:10:04.000000000 +0200 +++ kdegames-3.5.7-trademarks/doc/ksokoban/index.docbook 2007-08-08 07:05:34.000000000 +0200 @@ -1,6 +1,6 @@ + KBoxPush"> @@ -8,7 +8,7 @@ -The &ksokoban; Handbook +The <application>KBoxPush</application> Handbook @@ -33,8 +33,8 @@ -&ksokoban; is a &kde; implementation of the Japanese warehouse keeper -game sokoban. +KBoxPush is a &kde; implementation of the Japanese warehouse keeper +box pushing game. @@ -42,8 +42,8 @@ KDE kdegames game -sokoban -ksokoban +boxpush +kboxpush @@ -51,8 +51,8 @@ Introduction -The first sokoban game was created in 1982 by Hiroyuki Imabayashi at -the Japanese company Thinking Rabbit, Inc. Sokoban is +The first BoxPush game was created in 1982 by Hiroyuki Imabayashi at +the Japanese company Thinking Rabbit, Inc. The original name is japanese for warehouse keeper. The idea is that you are a warehouse keeper trying to push crates to their proper locations in a warehouse. @@ -72,7 +72,7 @@ To make the game more fun for small kids (below 10 years or so), some -collections with easier levels are also included in &ksokoban;. These +collections with easier levels are also included in KBoxPush. These are marked (easy) in the level collection menu. Of course, these levels can be fun for adults too, for example if you don't want to expose yourself to too much mental strain. @@ -138,11 +138,11 @@ Loading external levels -&ksokoban; has the ability to load external sokoban levels from text +KBoxPush has the ability to load external levels from text files. You can load levels using the menu entry Game Load Levels... , or by specifying the level file -&URL; as a command line argument when starting &ksokoban; from a +&URL; as a command line argument when starting KBoxPush from a shell. @@ -193,7 +193,7 @@ Menu Reference -This is a complete guide to the menus of &ksokoban;. +This is a complete guide to the menus of KBoxPush. The <guimenu>Game</guimenu> Menu @@ -250,7 +250,7 @@ Level Collection -Change to a different set of levels. &ksokoban; +Change to a different set of levels. KBoxPush comes with several level sets, and you can load more that you can find on the internet. @@ -286,7 +286,7 @@ Quit -Exit &ksokoban;. +Exit KBoxPush. @@ -354,7 +354,7 @@ Set Bookmark -&ksokoban; allows you to set bookmarks with a level at a +KBoxPush allows you to set bookmarks with a level at a particular state. You might use this to save yourself repeating the same initial steps in a level. You can have up to ten bookmarks at a time, and access them via the @@ -389,9 +389,9 @@ Credits and License -&ksokoban; is copyright © 1998-2000 by &Anders.Widell; +KBoxPush is copyright © 1998-2000 by &Anders.Widell; &Anders.Widell.mail;. For -the latest info on &ksokoban;, see the &ksokoban; home page at +the latest info on KBoxPush, see the KBoxPush home page at http://hem.passagen.se/awl/ksokoban/ @@ -404,8 +404,8 @@ -All the currently included sokoban levels were created by David W. -Skinner sasquatch at bentonrea.com. See his sokoban page +All the currently included levels were created by David W. +Skinner sasquatch at bentonrea.com. See his page at http://users.bentonrea.com/~sasquatch/sokoban/ diff -ur kdegames-3.5.7/doc/ktron/index.docbook kdegames-3.5.7-trademarks/doc/ktron/index.docbook --- kdegames-3.5.7/doc/ktron/index.docbook 2006-07-22 10:10:04.000000000 +0200 +++ kdegames-3.5.7-trademarks/doc/ktron/index.docbook 2007-08-08 07:10:58.000000000 +0200 @@ -1,6 +1,6 @@ + KSnakeDuel"> @@ -8,7 +8,7 @@ -The &ktron; Handbook +The <application>KSnakeDuel</application> Handbook @@ -57,7 +57,7 @@ -&ktron; is a simple Tron clone for &kde;, which you can +KSnakeDuel is a simple SnakeDuel clone for &kde;, which you can play alone or against a friend. @@ -65,9 +65,9 @@ KDE kdegames -KTron +KSnakeDuel game -tron +snakeduel @@ -75,9 +75,9 @@ Introduction -&ktron; is a simple Tron-Clone for the +KSnakeDuel is a simple SnakeDuel-Clone for the K Desktop Environment. You can play -&ktron; against the computer or a friend. +KSnakeDuel against the computer or a friend. @@ -88,7 +88,7 @@ -Playing &ktron; +Playing <application>KSnakeDuel</application> Rules @@ -353,7 +353,7 @@ &Ctrl;Q -Quit &ktron; +Quit KSnakeDuel F1 @@ -395,7 +395,7 @@ Show winner by changing color Enable this box to improve visualizing that the game is over -by making &ktron; change the color of the loser's trail to the color of +by making KSnakeDuel change the color of the loser's trail to the color of the winner. @@ -508,7 +508,7 @@ Credits and License -&ktron; +KSnakeDuel Program Copyright 1999 &Matthias.Kiefer; &Matthias.Kiefer.mail; @@ -538,7 +538,7 @@ Installation -How to obtain &ktron; +How to obtain <application>KSnakeDuel</application> &install.intro.documentation; @@ -548,8 +548,8 @@ Requirements -In order to successfully compile &ktron;, you need &kde; 3.0. All -required libraries as well as &ktron; itself can be found on &kde-ftp;. +In order to successfully compile KSnakeDuel, you need &kde; 3.0. All +required libraries as well as KSnakeDuel itself can be found on &kde-ftp;. diff -ur kdegames-3.5.7/katomic/katomic.desktop kdegames-3.5.7-trademarks/katomic/katomic.desktop --- kdegames-3.5.7/katomic/katomic.desktop 2007-05-14 09:39:12.000000000 +0200 +++ kdegames-3.5.7-trademarks/katomic/katomic.desktop 2007-08-08 07:05:47.000000000 +0200 @@ -21,50 +21,50 @@ Type=Application Exec=katomic %i %m -caption "%c" DocPath=katomic/index.html -GenericName=Sokoban-like Logic Game -GenericName[be]=???????????????? ???????????? ???????? Sokoban +GenericName=BoxPush-like Logic Game +GenericName[be]=???????????????? ???????????? ???????? BoxPush GenericName[bg]=?????????????????? ???????? ?? ?????????? GenericName[bn]=?????????????????????-?????? ?????? ????????????????????? ???????????? -GenericName[bs]=Logi??ka igra nalik na Sokoban -GenericName[ca]=Joc de l??gica similar al Sokoban -GenericName[cs]=Logick?? hra jako Sokoban -GenericName[cy]=G??m Resymeg sy'n debyg i Sokoban -GenericName[da]=Sokoban-lignende logisk spil -GenericName[de]=Logikspiel (??hnlich Sokoban) -GenericName[el]=???????????????? ?????????????? ???????????????? ???? ???? Sokoban -GenericName[es]=Juego de l??gica similar al Sokoban -GenericName[et]=Sokobani moodi loogikam??ng -GenericName[eu]=Sokoban-en antzeko joko logikoa -GenericName[fi]=Sokoban-tyylinen Logiikkapeli -GenericName[fr]=Jeu de logique dans le style de Sokoban -GenericName[ga]=Cluiche Loighce Mar Sokoban -GenericName[he]=?????????? Sokoban, ???????? ???????? -GenericName[hr]=Logi??ka igra poput Sokobana -GenericName[hu]=Sokoban-szer?? logikai -GenericName[is]=Leikur sem l??kist Sokoban -GenericName[it]=Gioco di logica simile a Sokoban -GenericName[ja]=???????????????????????????????????? -GenericName[km]=?????????????????????????????????????????? Sokoban -GenericName[lv]=Sokoban l??dz??ga lo??isk?? sp??le -GenericName[mk]=?????????????? ???????? ???????????? ???? ?????????????? -GenericName[nb]=Sokoban-lignende logikkspill -GenericName[nds]=Sokoban-liek Logikspeel +GenericName[bs]=Logi??ka igra nalik na BoxPush +GenericName[ca]=Joc de l??gica similar al BoxPush +GenericName[cs]=Logick?? hra jako BoxPush +GenericName[cy]=G??m Resymeg sy'n debyg i BoxPush +GenericName[da]=BoxPush-lignende logisk spil +GenericName[de]=Logikspiel (??hnlich BoxPush) +GenericName[el]=???????????????? ?????????????? ???????????????? ???? ???? BoxPush +GenericName[es]=Juego de l??gica similar al BoxPush +GenericName[et]=BoxPushi moodi loogikam??ng +GenericName[eu]=BoxPush-en antzeko joko logikoa +GenericName[fi]=BoxPush-tyylinen Logiikkapeli +GenericName[fr]=Jeu de logique dans le style de BoxPush +GenericName[ga]=Cluiche Loighce Mar BoxPush +GenericName[he]=?????????? BoxPush, ???????? ???????? +GenericName[hr]=Logi??ka igra poput BoxPusha +GenericName[hu]=BoxPush-szer?? logikai +GenericName[is]=Leikur sem l??kist BoxPush +GenericName[it]=Gioco di logica simile a BoxPush +GenericName[ja]=BoxPush??????????????????????????? +GenericName[km]=?????????????????????????????????????????? BoxPush +GenericName[lv]=BoxPush l??dz??ga lo??isk?? sp??le +GenericName[mk]=?????????????? ???????? ???????????? ???? BoxPush +GenericName[nb]=BoxPush-lignende logikkspill +GenericName[nds]=BoxPush-liek Logikspeel GenericName[ne]=????????????????????? ??????????????? ?????????????????????????????? ????????? -GenericName[nl]=Sokoban-achtig logisch spel -GenericName[nn]=Sokoban-liknande logikkspel -GenericName[pl]=Gra logiczna typu Sokoban -GenericName[pt]=Jogo de L??gica tipo Sokoban -GenericName[pt_BR]=Jogo L??gico parecido com Sokoban +GenericName[nl]=BoxPush-achtig logisch spel +GenericName[nn]=BoxPush-liknande logikkspel +GenericName[pl]=Gra logiczna typu BoxPush +GenericName[pt]=Jogo de L??gica tipo BoxPush +GenericName[pt_BR]=Jogo L??gico parecido com BoxPush GenericName[ru]=???????????????? ?????????? -GenericName[se]=Sokoban-l??gan logihkkaspeallu -GenericName[sk]=Logick?? hra ako Sokoban -GenericName[sl]=Logi??na igra podobna Sokobanu -GenericName[sr]=?????????????? ???????? ?????????? ???? Sokoban -GenericName[sr at Latn]=Logi??ka igra nalik na Sokoban -GenericName[sv]=Sokoban-liknande logiskt spel +GenericName[se]=BoxPush-l??gan logihkkaspeallu +GenericName[sk]=Logick?? hra ako BoxPush +GenericName[sl]=Logi??na igra podobna BoxPushu +GenericName[sr]=?????????????? ???????? ?????????? ???? BoxPush +GenericName[sr at Latn]=Logi??ka igra nalik na BoxPush +GenericName[sv]=BoxPush-liknande logiskt spel GenericName[ta]=???????????????????????? ??????????????? ?????????????????? ?????????????????????????????? -GenericName[uk]=?????? ???? ???????????? ?????????????? ???? ???????????????? -GenericName[zh_TW]=?????????(sokoban)?????????????????? +GenericName[uk]=?????? ???? ???????????? ?????????????? ???? BoxPush?? +GenericName[zh_TW]=BoxPush?????????????????? X-KDE-StartupNotify=true X-DCOP-ServiceType=Multi Categories=Qt;KDE;Game;StrategyGame; diff -ur kdegames-3.5.7/ksokoban/AUTHORS kdegames-3.5.7-trademarks/ksokoban/AUTHORS --- kdegames-3.5.7/ksokoban/AUTHORS 2005-09-10 10:18:19.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/AUTHORS 2007-08-08 07:04:20.000000000 +0200 @@ -1,36 +1,15 @@ ------------------------------------------------------------------------ -ksokoban is written by: +KBoxPush is written by: Anders Widell ------------------------------------------------------------------------ -The levels were taken from: - -xsokoban 3.3c for X-windows - www: http://xsokoban.lcs.mit.edu/xsokoban.html - author: Andrew Myers - -MacSokoban 3.0.3 for Macintosh - www: http://www.lysator.liu.se/~ingemar/games.html - author: Ingemar Ragnemalm - -Sokoban 2.4 for Macintosh - www: http://members.aol.com/SokobanMac/ - author: Scott Lindhurst - ------------------------------------------------------------------------- -The levels originally come from: - -Original the 50 original sokoban levels - made by Thinking rabbit Inc. in Japan -Extra some more levels from xsokoban -Still more by J. Franklin Mentzer -MacTommy inventions by a guy called Tommy in Pennsylvania -Yoshio's autogenerated by Yoshio Murase - see http://www.ne.jp/asahi/ai/yoshio/sokoban/main.htm -For the kids by Ross (W.R.) Brown -Simple Sokoban simplified original levels - by Phil Shapiro -Dimitri & Yorick by Jacques Duthen +The included level sets (Sasquatch, Mas Sasquatch, Sasquatch III, +Sasquatch IV and Microban) are the work of: +David W. Skinner +http://users.bentonrea.com/~sasquatch/sokoban/ +From the web page: +> These sets may be freely distributed provided they remain unchanged +> and credited with my name and email address. ------------------------------------------------------------------------ diff -ur kdegames-3.5.7/ksokoban/Bookmark.cpp kdegames-3.5.7-trademarks/ksokoban/Bookmark.cpp --- kdegames-3.5.7/ksokoban/Bookmark.cpp 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/Bookmark.cpp 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/Bookmark.h kdegames-3.5.7-trademarks/ksokoban/Bookmark.h --- kdegames-3.5.7/ksokoban/Bookmark.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/Bookmark.h 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/data/ksokoban.desktop kdegames-3.5.7-trademarks/ksokoban/data/ksokoban.desktop --- kdegames-3.5.7/ksokoban/data/ksokoban.desktop 2007-05-14 09:39:12.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/data/ksokoban.desktop 2007-08-04 23:59:14.000000000 +0200 @@ -1,65 +1,65 @@ [Desktop Entry] Encoding=UTF-8 -Name=KSokoban -Name[af]=Ksokoban -Name[be]=?????????????? +Name=KBoxPush +Name[af]=KBoxPush +Name[be]=BoxPush Name[bn]=??????-????????????????????? -Name[eo]=Sokobano +Name[eo]=BoxPusho Name[hi]=??????-????????????????????? -Name[mk]=???????????????? -Name[nb]=Sokoban +Name[mk]=??BoxPush +Name[nb]=BoxPush Name[ne]=??????????????? ????????????????????? -Name[pl]=Sokoban -Name[sv]=Ksokoban +Name[pl]=BoxPush +Name[sv]=KBoxPush Name[ta]=K???????????????????????? -Name[tg]=K?????????????? -Name[zh_TW]=KSokoban ????????? -Name[zu]=I-KSokoban -GenericName=Sokoban Game -GenericName[be]=???????????? ?????????????? +Name[tg]=KBoxPush +Name[zh_TW]=KBoxPush BoxPush +Name[zu]=I-KBoxPush +GenericName=BoxPush Game +GenericName[be]=???????????? BoxPush GenericName[bg]=?????????????????? ???????? GenericName[bn]=????????????????????? ???????????? -GenericName[bs]=Igra Sokoban -GenericName[ca]=Joc Sokoban -GenericName[cs]=Hra Sokoban -GenericName[cy]=G??m Sokoban -GenericName[da]=Sokoban spil -GenericName[de]=Sokoban Spiel -GenericName[el]=???????????????? Sokoban -GenericName[es]=Juego Sokoban -GenericName[et]=Sokoban -GenericName[eu]=Sokoban jokoa -GenericName[fa]=???????? Sokoban -GenericName[fi]=Sokoban -GenericName[fr]=Jeu Sokoban -GenericName[ga]=Cluiche Sokoban -GenericName[he]=???????? Sokoban -GenericName[hr]=Sokoban -GenericName[hu]=Sokoban -GenericName[is]=Sokoban leikur -GenericName[it]=Gioco del Sokoban -GenericName[ja]=?????????????????? +GenericName[bs]=Igra BoxPush +GenericName[ca]=Joc BoxPush +GenericName[cs]=Hra BoxPush +GenericName[cy]=G??m BoxPush +GenericName[da]=BoxPush spil +GenericName[de]=BoxPush Spiel +GenericName[el]=???????????????? BoxPush +GenericName[es]=Juego BoxPush +GenericName[et]=BoxPush +GenericName[eu]=BoxPush jokoa +GenericName[fa]=???????? BoxPush +GenericName[fi]=BoxPush +GenericName[fr]=Jeu BoxPush +GenericName[ga]=Cluiche BoxPush +GenericName[he]=???????? BoxPush +GenericName[hr]=BoxPush +GenericName[hu]=BoxPush +GenericName[is]=BoxPush leikur +GenericName[it]=Gioco del BoxPush +GenericName[ja]=BoxPush????????? GenericName[km]=??????????????????????????????????????? -GenericName[lv]=Sokoban sp??le -GenericName[mk]=???????? ?????????????? -GenericName[nb]=Sokoban-spill -GenericName[nds]=Sokoban-Speel +GenericName[lv]=BoxPush sp??le +GenericName[mk]=???????? BoxPush +GenericName[nb]=BoxPush-spill +GenericName[nds]=BoxPush-Speel GenericName[ne]=????????????????????? ????????? -GenericName[nl]=Sokobanspel -GenericName[nn]=Sokoban-spel -GenericName[pl]=Sokoban -GenericName[pt]=Jogo de Sokoban -GenericName[pt_BR]=Jogo de Sokoban -GenericName[ru]=?????????????? -GenericName[se]=Sokoban-speallu -GenericName[sk]=Hra Sokoban -GenericName[sl]=Igra Sokobana -GenericName[sr]=???????? Sokoban-?? -GenericName[sr at Latn]=Igra Sokoban-a -GenericName[sv]=Sokoban-spel +GenericName[nl]=BoxPushspel +GenericName[nn]=BoxPush-spel +GenericName[pl]=BoxPush +GenericName[pt]=Jogo de BoxPush +GenericName[pt_BR]=Jogo de BoxPush +GenericName[ru]=BoxPush +GenericName[se]=BoxPush-speallu +GenericName[sk]=Hra BoxPush +GenericName[sl]=Igra BoxPusha +GenericName[sr]=???????? BoxPush-?? +GenericName[sr at Latn]=Igra BoxPush-a +GenericName[sv]=BoxPush-spel GenericName[ta]=???????????????????????? ?????????????????????????????? -GenericName[uk]=?????? Sokoban -GenericName[zh_TW]=??????????????? +GenericName[uk]=?????? BoxPush +GenericName[zh_TW]=BoxPush?????? DocPath=ksokoban/index.html Exec=ksokoban %i %m -caption "%c" Icon=ksokoban diff -ur kdegames-3.5.7/ksokoban/History.cpp kdegames-3.5.7-trademarks/ksokoban/History.cpp --- kdegames-3.5.7/ksokoban/History.cpp 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/History.cpp 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/History.h kdegames-3.5.7-trademarks/ksokoban/History.h --- kdegames-3.5.7/ksokoban/History.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/History.h 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/HtmlPrinter.cpp kdegames-3.5.7-trademarks/ksokoban/HtmlPrinter.cpp --- kdegames-3.5.7/ksokoban/HtmlPrinter.cpp 2005-09-10 10:18:19.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/HtmlPrinter.cpp 2007-08-08 07:06:42.000000000 +0200 @@ -81,7 +81,7 @@ printf ("\ \n\ \n\ -ksokoban level\n\ +KBoxPush level\n\ \n\ \n\ "); diff -ur kdegames-3.5.7/ksokoban/ImageData.cpp kdegames-3.5.7-trademarks/ksokoban/ImageData.cpp --- kdegames-3.5.7/ksokoban/ImageData.cpp 2007-05-14 09:39:12.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/ImageData.cpp 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/ImageData.h kdegames-3.5.7-trademarks/ksokoban/ImageData.h --- kdegames-3.5.7/ksokoban/ImageData.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/ImageData.h 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/InternalCollections.h kdegames-3.5.7-trademarks/ksokoban/InternalCollections.h --- kdegames-3.5.7/ksokoban/InternalCollections.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/InternalCollections.h 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998-2000 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/LevelCollection.h kdegames-3.5.7-trademarks/ksokoban/LevelCollection.h --- kdegames-3.5.7/ksokoban/LevelCollection.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/LevelCollection.h 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998,1999 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/LevelMap.cpp kdegames-3.5.7-trademarks/ksokoban/LevelMap.cpp --- kdegames-3.5.7/ksokoban/LevelMap.cpp 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/LevelMap.cpp 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/LevelMap.h kdegames-3.5.7-trademarks/ksokoban/LevelMap.h --- kdegames-3.5.7/ksokoban/LevelMap.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/LevelMap.h 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/main.cpp kdegames-3.5.7-trademarks/ksokoban/main.cpp --- kdegames-3.5.7/ksokoban/main.cpp 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/main.cpp 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998-2000 Anders Widell * * This program is free software; you can redistribute it and/or modify @@ -42,7 +42,7 @@ int main (int argc, char **argv) { - KAboutData aboutData("ksokoban", I18N_NOOP("KSokoban"), + KAboutData aboutData("ksokoban", I18N_NOOP("KBoxPush"), version, description, KAboutData::License_GPL, "(c) 1998-2001 Anders Widell", 0, "http://hem.passagen.se/awl/ksokoban/"); @@ -50,7 +50,7 @@ "awl at passagen.se", "http://hem.passagen.se/awl/"); aboutData.addCredit("David W. Skinner", - I18N_NOOP("For contributing the Sokoban levels included in this game"), + I18N_NOOP("For contributing the BoxPush levels included in this game"), "sasquatch at bentonrea.com", "http://users.bentonrea.com/~sasquatch/"); KCmdLineArgs::init(argc, argv, &aboutData); diff -ur kdegames-3.5.7/ksokoban/MainWindow.cpp kdegames-3.5.7-trademarks/ksokoban/MainWindow.cpp --- kdegames-3.5.7/ksokoban/MainWindow.cpp 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/MainWindow.cpp 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/MainWindow.h kdegames-3.5.7-trademarks/ksokoban/MainWindow.h --- kdegames-3.5.7/ksokoban/MainWindow.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/MainWindow.h 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/Map.cpp kdegames-3.5.7-trademarks/ksokoban/Map.cpp --- kdegames-3.5.7/ksokoban/Map.cpp 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/Map.cpp 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/MapDelta.cpp kdegames-3.5.7-trademarks/ksokoban/MapDelta.cpp --- kdegames-3.5.7/ksokoban/MapDelta.cpp 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/MapDelta.cpp 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/MapDelta.h kdegames-3.5.7-trademarks/ksokoban/MapDelta.h --- kdegames-3.5.7/ksokoban/MapDelta.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/MapDelta.h 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/Map.h kdegames-3.5.7-trademarks/ksokoban/Map.h --- kdegames-3.5.7/ksokoban/Map.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/Map.h 2007-08-04 23:55:18.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/ModalLabel.cpp kdegames-3.5.7-trademarks/ksokoban/ModalLabel.cpp --- kdegames-3.5.7/ksokoban/ModalLabel.cpp 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/ModalLabel.cpp 2007-08-04 23:55:19.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/ModalLabel.h kdegames-3.5.7-trademarks/ksokoban/ModalLabel.h --- kdegames-3.5.7/ksokoban/ModalLabel.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/ModalLabel.h 2007-08-04 23:55:19.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/Move.cpp kdegames-3.5.7-trademarks/ksokoban/Move.cpp --- kdegames-3.5.7/ksokoban/Move.cpp 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/Move.cpp 2007-08-04 23:55:19.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/Move.h kdegames-3.5.7-trademarks/ksokoban/Move.h --- kdegames-3.5.7/ksokoban/Move.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/Move.h 2007-08-04 23:55:19.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/MoveSequence.cpp kdegames-3.5.7-trademarks/ksokoban/MoveSequence.cpp --- kdegames-3.5.7/ksokoban/MoveSequence.cpp 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/MoveSequence.cpp 2007-08-04 23:55:19.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/MoveSequence.h kdegames-3.5.7-trademarks/ksokoban/MoveSequence.h --- kdegames-3.5.7/ksokoban/MoveSequence.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/MoveSequence.h 2007-08-04 23:55:19.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/NEWS kdegames-3.5.7-trademarks/ksokoban/NEWS --- kdegames-3.5.7/ksokoban/NEWS 2005-09-10 10:18:19.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/NEWS 2007-08-08 07:07:06.000000000 +0200 @@ -52,17 +52,17 @@ * Internationalisation ------------------------------------------------------------------------------- -version 0.1.2: ksokoban imported to CVS. Date 1998-08-30 +version 0.1.2: imported to CVS. Date 1998-08-30 ------------------------------------------------------------------------------- version 0.1.1: bugfix release. Date 1998-08-25 -* BUGFIX: ksokoban now ignores mouseclicks while a move is in progress. +* BUGFIX: now ignores mouseclicks while a move is in progress. Previously such a click would cause a memory leak and a corrupted undo/redo history (or a failed assertion if debugging was turned on). Thanks to Natali Giuliano for reporting this. -* ksokoban should now work with older zlib & Qt libraries. +* should now work with older zlib & Qt libraries. I have tested it with zlib 1.0.3 and Qt 1.33 * Detects the old gcc 2.7 and turns off optimisations if it is found. diff -ur kdegames-3.5.7/ksokoban/PathFinder.cpp kdegames-3.5.7-trademarks/ksokoban/PathFinder.cpp --- kdegames-3.5.7/ksokoban/PathFinder.cpp 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/PathFinder.cpp 2007-08-04 23:55:19.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/PathFinder.h kdegames-3.5.7-trademarks/ksokoban/PathFinder.h --- kdegames-3.5.7/ksokoban/PathFinder.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/PathFinder.h 2007-08-04 23:55:19.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/PlayField.cpp kdegames-3.5.7-trademarks/ksokoban/PlayField.cpp --- kdegames-3.5.7/ksokoban/PlayField.cpp 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/PlayField.cpp 2007-08-04 23:55:19.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/PlayField.h kdegames-3.5.7-trademarks/ksokoban/PlayField.h --- kdegames-3.5.7/ksokoban/PlayField.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/PlayField.h 2007-08-04 23:55:19.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/Queue.h kdegames-3.5.7-trademarks/ksokoban/Queue.h --- kdegames-3.5.7/ksokoban/Queue.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/Queue.h 2007-08-04 23:55:19.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/README kdegames-3.5.7-trademarks/ksokoban/README --- kdegames-3.5.7/ksokoban/README 2005-09-10 10:18:19.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/README 2007-08-08 07:07:25.000000000 +0200 @@ -1,12 +1,12 @@ -ksokoban 0.2.2 - a Sokoban game for KDE +KBoxPush 0.2.2 - a BoxPush game for KDE copyright 1998 Anders Widell -ksokoban is free software; you can redistribute it and/or modify it +KBoxPush is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License. See the file COPYING for details. -See http://hem.passagen.se/awl/ksokoban/ for later versions of ksokoban. +See http://hem.passagen.se/awl/ksokoban/ for later versions of KBoxPush. See the file AUTHORS for details about where the levels come from. ------------------------------------------------------------------------ diff -ur kdegames-3.5.7/ksokoban/StaticImage.cpp kdegames-3.5.7-trademarks/ksokoban/StaticImage.cpp --- kdegames-3.5.7/ksokoban/StaticImage.cpp 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/StaticImage.cpp 2007-08-04 23:55:19.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ksokoban/StaticImage.h kdegames-3.5.7-trademarks/ksokoban/StaticImage.h --- kdegames-3.5.7/ksokoban/StaticImage.h 2005-10-10 16:56:05.000000000 +0200 +++ kdegames-3.5.7-trademarks/ksokoban/StaticImage.h 2007-08-04 23:55:19.000000000 +0200 @@ -1,5 +1,5 @@ /* - * ksokoban - a Sokoban game for KDE + * ksokoban - a BoxPush game for KDE * Copyright (C) 1998 Anders Widell * * This program is free software; you can redistribute it and/or modify diff -ur kdegames-3.5.7/ktron/ktron.cpp kdegames-3.5.7-trademarks/ktron/ktron.cpp --- kdegames-3.5.7/ktron/ktron.cpp 2005-10-10 16:56:04.000000000 +0200 +++ kdegames-3.5.7-trademarks/ktron/ktron.cpp 2007-08-04 06:51:21.000000000 +0200 @@ -1,5 +1,5 @@ /* **************************************************************************** - This file is part of the game 'KTron' + This file is part of the game 'KSnakeDuel' Copyright (C) 1998-2000 by Matthias Kiefer @@ -42,10 +42,10 @@ /** * Constuctor */ -KTron::KTron(QWidget *parent, const char *name) : KMainWindow(parent, name) { +KSnakeDuel::KSnakeDuel(QWidget *parent, const char *name) : KMainWindow(parent, name) { playerPoints[0]=playerPoints[1]=0; - tron=new Tron(this, "Tron"); + tron=new SnakeDuel(this, "SnakeDuel"); connect(tron,SIGNAL(gameEnds(Player)),SLOT(changeStatus(Player))); setCentralWidget(tron); tron->setMinimumSize(200,180); @@ -54,7 +54,7 @@ statusBar()->insertItem("abcdefghijklmnopqrst: 0 ",ID_STATUS_BASE+1); statusBar()->insertItem("abcdefghijklmnopqrst: 0 ",ID_STATUS_BASE+2); - // We match up keyboard events ourselves in Tron::keyPressEvent() + // We match up keyboard events ourselves in SnakeDuel::keyPressEvent() // We must disable the actions, otherwise we don't get the keyPressEvent's KAction *act; act = new KAction(i18n("Player 1 Up"), Key_R, 0, 0, actionCollection(), "Pl1Up"); @@ -90,7 +90,7 @@ loadSettings(); } -void KTron::loadSettings() { +void KSnakeDuel::loadSettings() { playerName[0]=Settings::namePlayer1(); if ( playerName[0].isEmpty() ) playerName[0] = i18n("Player 1"); @@ -101,7 +101,7 @@ updateStatusbar(); } -void KTron::updateStatusbar(){ +void KSnakeDuel::updateStatusbar(){ for(int i=0;i<2;i++){ Player player; player=(i==0?One:Two); @@ -118,7 +118,7 @@ } } -void KTron::changeStatus(Player player) { +void KSnakeDuel::changeStatus(Player player) { // if player=Nobody, then new game if(player==Nobody){ playerPoints[0]=playerPoints[1]=0; @@ -143,18 +143,18 @@ showWinner(Two); } -void KTron::showWinner(Player winner){ +void KSnakeDuel::showWinner(Player winner){ if(tron->isComputer(Both) || (winner != One && winner != Two)) return; - QString loserName = i18n("KTron"); + QString loserName = i18n("KSnakeDuel"); int loser = Two; if(winner == Two) loser = One; if(!tron->isComputer(((Player)loser))) loserName = playerName[loser]; - QString winnerName = i18n("KTron"); + QString winnerName = i18n("KSnakeDuel"); if(!tron->isComputer(winner)) winnerName = playerName[winner]; @@ -169,7 +169,7 @@ tron->newGame(); } -void KTron::paletteChange(const QPalette &/*oldPalette*/){ +void KSnakeDuel::paletteChange(const QPalette &/*oldPalette*/){ update(); tron->updatePixmap(); tron->update(); @@ -178,7 +178,7 @@ /** * Show Settings dialog. */ -void KTron::showSettings(){ +void KSnakeDuel::showSettings(){ if(KConfigDialog::showDialog("settings")) return; diff -ur kdegames-3.5.7/ktron/ktron.desktop kdegames-3.5.7-trademarks/ktron/ktron.desktop --- kdegames-3.5.7/ktron/ktron.desktop 2007-05-14 09:39:12.000000000 +0200 +++ kdegames-3.5.7-trademarks/ktron/ktron.desktop 2007-08-08 07:14:16.000000000 +0200 @@ -4,64 +4,64 @@ Exec=ktron -caption "%c" %i %m Icon=ktron DocPath=ktron/index.html -GenericName=Tron-like Game -GenericName[be]=???????????? ???????? +GenericName=SnakeDuel-like Game +GenericName[be]=???????????? SnakeDuel GenericName[bg]=?????????????????? ???????? GenericName[bn]=????????????-??????????????? ???????????? -GenericName[br]=C'hoari doare Tron -GenericName[bs]=Igra nalik na Tron -GenericName[ca]=Joc a l'estil Tron -GenericName[cs]=Hra podobn?? Tronu -GenericName[cy]=G??m sy'n debyg i Tron -GenericName[da]=Tron-lignende spil -GenericName[de]=Tron-??hnliches Spiel -GenericName[el]=???????????????? ???????????????? ???? ???? Tron -GenericName[es]=Juego similar a Tron -GenericName[et]=Tron -GenericName[eu]=Tron-en antzeko jokoa -GenericName[fa]=???????? ????????Tron -GenericName[fi]=Tron-tyylinen peli -GenericName[fr]=Jeu dans le style de Tron -GenericName[he]=???????? ?????????? Tron -GenericName[hr]=Igra poput Trona -GenericName[hu]=Tron-szer?? -GenericName[is]=Leikur sem l??kist Tron -GenericName[it]=Gioco simile a Tron +GenericName[br]=C'hoari doare SnakeDuel +GenericName[bs]=Igra nalik na SnakeDuel +GenericName[ca]=Joc a l'estil SnakeDuel +GenericName[cs]=Hra podobn?? SnakeDuelu +GenericName[cy]=G??m sy'n debyg i SnakeDuel +GenericName[da]=SnakeDuel-lignende spil +GenericName[de]=SnakeDuel-??hnliches Spiel +GenericName[el]=???????????????? ???????????????? ???? ???? SnakeDuel +GenericName[es]=Juego similar a SnakeDuel +GenericName[et]=SnakeDuel +GenericName[eu]=SnakeDuel-en antzeko jokoa +GenericName[fa]=???????? ????????SnakeDuel +GenericName[fi]=SnakeDuel-tyylinen peli +GenericName[fr]=Jeu dans le style de SnakeDuel +GenericName[he]=???????? ?????????? SnakeDuel +GenericName[hr]=Igra poput SnakeDuela +GenericName[hu]=SnakeDuel-szer?? +GenericName[is]=Leikur sem l??kist SnakeDuel +GenericName[it]=Gioco simile a SnakeDuel GenericName[ja]=?????????????????????????????? -GenericName[km]=??????????????????????????? Tron -GenericName[lv]=Tron l??dz??ga sp??le -GenericName[mk]=???????? ???????????? ???? Tron -GenericName[nb]=Tron-lignende spill -GenericName[nds]=Tron-liek Speel +GenericName[km]=??????????????????????????? SnakeDuel +GenericName[lv]=SnakeDuel l??dz??ga sp??le +GenericName[mk]=???????? ???????????? ???? SnakeDuel +GenericName[nb]=SnakeDuel-lignende spill +GenericName[nds]=SnakeDuel-liek Speel GenericName[ne]=??????????????? ??????????????? ????????? -GenericName[nl]=Tron-achtig spel -GenericName[nn]=Tron-liknande spel -GenericName[pl]=Gra typu Tron -GenericName[pt]=Jogo tipo Tron -GenericName[pt_BR]=Jogo parecido com Tron -GenericName[ru]=???????? -GenericName[se]=Tron-l??gan speallu -GenericName[sk]=Hra typu Tron -GenericName[sl]=Igra podobna Tronu -GenericName[sr]=???????? ?????????? ???? Tron -GenericName[sr at Latn]=Igra nalik na Tron -GenericName[sv]=Tron-liknande spel +GenericName[nl]=SnakeDuel-achtig spel +GenericName[nn]=SnakeDuel-liknande spel +GenericName[pl]=Gra typu SnakeDuel +GenericName[pt]=Jogo tipo SnakeDuel +GenericName[pt_BR]=Jogo parecido com SnakeDuel +GenericName[ru]=SnakeDuel +GenericName[se]=SnakeDuel-l??gan speallu +GenericName[sk]=Hra typu SnakeDuel +GenericName[sl]=Igra podobna SnakeDuelu +GenericName[sr]=???????? ?????????? ???? SnakeDuel +GenericName[sr at Latn]=Igra nalik na SnakeDuel +GenericName[sv]=SnakeDuel-liknande spel GenericName[ta]=?????????????????? ??????????????? ?????????????????????????????? -GenericName[uk]=?????? ?????????? ???? ?????? "????????" -GenericName[zh_TW]=?????? Tron ?????? +GenericName[uk]=?????? ?????????? ???? ?????? "SnakeDuel" +GenericName[zh_TW]=?????? SnakeDuel ?????? Terminal=false -Name=KTron -Name[af]=Ktron -Name[be]=???????? +Name=KSnakeDuel +Name[af]=KSnakeDuel +Name[be]=SnakeDuel Name[bn]=??????-???????????? -Name[eo]=Trono +Name[eo]=SnakeDuelo Name[hi]=??????-??????????????? -Name[nb]=Tron +Name[nb]=SnakeDuel Name[ne]=??????????????? ??????????????? -Name[sv]=Ktron +Name[sv]=KSnakeDuel Name[ta]=K?????????????????? -Name[tg]=K???????? -Name[zu]=I-KTron +Name[tg]=KSnakeDuel +Name[zu]=I-KSnakeDuel X-KDE-StartupNotify=true X-DCOP-ServiceType=Multi Categories=Qt;KDE;Game;ArcadeGame; diff -ur kdegames-3.5.7/ktron/ktron.h kdegames-3.5.7-trademarks/ktron/ktron.h --- kdegames-3.5.7/ktron/ktron.h 2005-10-10 16:56:04.000000000 +0200 +++ kdegames-3.5.7-trademarks/ktron/ktron.h 2007-08-04 06:51:21.000000000 +0200 @@ -1,5 +1,5 @@ /* *************************************************************************** - This file is part of the game 'KTron' + This file is part of the game 'KSnakeDuel' Copyright (C) 1998-2000 by Matthias Kiefer @@ -31,21 +31,21 @@ class KAccel; class KSelectAction; -class Tron; +class SnakeDuel; /** - * @short The main window of KTron + * @short The main window of KSnakeDuel */ -class KTron : public KMainWindow { +class KSnakeDuel : public KMainWindow { Q_OBJECT public: - KTron(QWidget *parent=0, const char *name=0); + KSnakeDuel(QWidget *parent=0, const char *name=0); private: KAccel *accel; - Tron *tron; + SnakeDuel *tron; QString playerName[2]; int playerPoints[2]; void updateStatusbar(); diff -ur kdegames-3.5.7/ktron/main.cpp kdegames-3.5.7-trademarks/ktron/main.cpp --- kdegames-3.5.7/ktron/main.cpp 2005-10-10 16:56:04.000000000 +0200 +++ kdegames-3.5.7-trademarks/ktron/main.cpp 2007-08-04 06:51:21.000000000 +0200 @@ -1,5 +1,5 @@ /****************************************************************************** - This file is part of the game 'KTron' + This file is part of the game 'KSnakeDuel' Copyright (C) 1998-2000 by Matthias Kiefer @@ -34,7 +34,7 @@ int main(int argc, char* argv[]) { - KAboutData aboutData( "ktron", I18N_NOOP("KTron"), + KAboutData aboutData( "ktron", I18N_NOOP("KSnakeDuel"), KTRON_VERSION, description, KAboutData::License_GPL, notice); aboutData.addAuthor("Matthias Kiefer",I18N_NOOP("Original author"), "matthias.kiefer at gmx.de"); aboutData.addAuthor("Benjamin Meyer",I18N_NOOP("Various improvements"), "ben+ktron at meyerhome.net"); @@ -47,10 +47,10 @@ KImageIO::registerFormats(); if(a.isRestored()){ - RESTORE(KTron) + RESTORE(KSnakeDuel) } else { - KTron *ktron = new KTron(); + KSnakeDuel *ktron = new KSnakeDuel(); a.setMainWidget(ktron); ktron->show(); } diff -ur kdegames-3.5.7/ktron/player.cpp kdegames-3.5.7-trademarks/ktron/player.cpp --- kdegames-3.5.7/ktron/player.cpp 2005-10-10 16:56:04.000000000 +0200 +++ kdegames-3.5.7-trademarks/ktron/player.cpp 2007-08-04 06:51:21.000000000 +0200 @@ -1,5 +1,5 @@ /********************************************************************************** - This file is part of the game 'KTron' + This file is part of the game 'KSnakeDuel' Copyright (C) 1998-2000 by Matthias Kiefer diff -ur kdegames-3.5.7/ktron/player.h kdegames-3.5.7-trademarks/ktron/player.h --- kdegames-3.5.7/ktron/player.h 2005-10-10 16:56:04.000000000 +0200 +++ kdegames-3.5.7-trademarks/ktron/player.h 2007-08-04 06:51:21.000000000 +0200 @@ -1,5 +1,5 @@ /* ******************************************************************************** - This file is part of the kde-game 'KTron' + This file is part of the kde-game 'KSnakeDuel' Copyright (C) 1998-2000 by Matthias Kiefer diff -ur kdegames-3.5.7/ktron/README kdegames-3.5.7-trademarks/ktron/README --- kdegames-3.5.7/ktron/README 2005-10-10 16:56:04.000000000 +0200 +++ kdegames-3.5.7-trademarks/ktron/README 2007-08-08 07:13:57.000000000 +0200 @@ -1,6 +1,6 @@ Hello! -KTron is a simple tron-clone for the K Desktop Environment. +KSnakeDuel is a simple snake duel game for the K Desktop Environment. I think it's just nothing to say about the game: avoid running into walls, your own tail, and that of your opponent. @@ -14,15 +14,15 @@ Copyright: -KTron +KSnakeDuel Copyright (C) 1998-2000 by Matthias Kiefer -KTron is free software; you can redistribute it and/or modify +KSnakeDuel is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 or any later version. -KTron is distributed in the hope that it will be useful, +KSnakeDuel is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. diff -ur kdegames-3.5.7/ktron/TODO kdegames-3.5.7-trademarks/ktron/TODO --- kdegames-3.5.7/ktron/TODO 2005-09-10 10:18:12.000000000 +0200 +++ kdegames-3.5.7-trademarks/ktron/TODO 2007-08-04 06:51:21.000000000 +0200 @@ -1,8 +1,8 @@ -KTron in general does everything I wanted it to do. :-) +KSnakeDuel in general does everything I wanted it to do. :-) Plans for the future are: - possibility to create, load, save playfield with walls -- real cool would be to play KTron over the internet +- real cool would be to play KSnakeDuel over the internet ------------------ Matthias Kiefer diff -ur kdegames-3.5.7/ktron/tron.cpp kdegames-3.5.7-trademarks/ktron/tron.cpp --- kdegames-3.5.7/ktron/tron.cpp 2005-10-10 16:56:04.000000000 +0200 +++ kdegames-3.5.7-trademarks/ktron/tron.cpp 2007-08-04 06:51:21.000000000 +0200 @@ -1,5 +1,5 @@ /**************************************************************************** - This file is part of the game 'KTron' + This file is part of the game 'KSnakeDuel' Copyright (C) 1998-2000 by Matthias Kiefer @@ -41,7 +41,7 @@ * init-functions **/ -Tron::Tron(QWidget *parent,const char *name) +SnakeDuel::SnakeDuel(QWidget *parent,const char *name) : QWidget(parent,name) { pixmap=0; @@ -63,7 +63,7 @@ QTimer::singleShot(15000, this,SLOT(showBeginHint())); } -void Tron::loadSettings(){ +void SnakeDuel::loadSettings(){ setPalette(Settings::color_Background()); // Size @@ -107,7 +107,7 @@ setComputerplayer(Two, Settings::computerplayer2()); } -Tron::~Tron() +SnakeDuel::~SnakeDuel() { if(playfield) { @@ -119,7 +119,7 @@ } -void Tron::createNewPlayfield() +void SnakeDuel::createNewPlayfield() { if(playfield) delete [] playfield; @@ -143,7 +143,7 @@ //lookForward=min/4; } -void Tron::newGame() +void SnakeDuel::newGame() { players[0].score=0; players[1].score=0; @@ -153,7 +153,7 @@ QTimer::singleShot(15000,this,SLOT(showBeginHint())); } -void Tron::reset() +void SnakeDuel::reset() { gamePaused=false; stopGame(); @@ -188,7 +188,7 @@ emit gameReset(); } -void Tron::computerStart() +void SnakeDuel::computerStart() { if(isComputer(Both)) { @@ -201,14 +201,14 @@ ** ??? functions ** ** *************************************************************** */ -void Tron::startGame() +void SnakeDuel::startGame() { gameEnded=false; beginHint=false; timer->start(velocity); } -void Tron::stopGame() +void SnakeDuel::stopGame() { timer->stop(); gameEnded=true; @@ -216,7 +216,7 @@ players[1].last_dir = Directions::None; } -void Tron::togglePause() // pause or continue game +void SnakeDuel::togglePause() // pause or continue game { if(!gameEnded) { @@ -235,7 +235,7 @@ } } -void Tron::showWinner(Player player) +void SnakeDuel::showWinner(Player player) { int i,j; @@ -282,7 +282,7 @@ ** paint functions ** ** *************************************************************** */ -void Tron::updatePixmap() +void SnakeDuel::updatePixmap() { int i,j; @@ -302,7 +302,7 @@ QPainter p; p.begin(pixmap); - // alle Pixel pr?fen und evt. zeichnen + // alle Pixel pr???fen und evt. zeichnen for(i=0;ichangeInterval(velocity); } -void Tron::setComputerplayer(Player player, bool flag) { +void SnakeDuel::setComputerplayer(Player player, bool flag) { if(player==One) players[0].setComputer(flag); else if(player==Two) @@ -456,7 +456,7 @@ QTimer::singleShot(1000,this,SLOT(computerStart())); } -bool Tron::isComputer(Player player) +bool SnakeDuel::isComputer(Player player) { if(player==One) return players[0].computer; @@ -475,7 +475,7 @@ ** moving functions ** ** *************************************************************** */ -bool Tron::crashed(int playerNr,int xInc, int yInc) const +bool SnakeDuel::crashed(int playerNr,int xInc, int yInc) const { bool flag; int newX=players[playerNr].xCoordinate+xInc; @@ -490,7 +490,7 @@ return flag; } -void Tron::switchDir(int playerNr,Directions::Direction newDirection) +void SnakeDuel::switchDir(int playerNr,Directions::Direction newDirection) { if(playerNr!=0 && playerNr != 1) { @@ -513,7 +513,7 @@ players[playerNr].dir=newDirection; } -void Tron::updateDirections(int playerNr) +void SnakeDuel::updateDirections(int playerNr) { if(playerNr==-1 || playerNr==0) { @@ -581,7 +581,7 @@ ** Events ** ** *************************************************************** */ -void Tron::paintEvent(QPaintEvent *e) +void SnakeDuel::paintEvent(QPaintEvent *e) { bitBlt(this,e->rect().topLeft(),pixmap,e->rect()); @@ -629,13 +629,13 @@ } } -void Tron::resizeEvent(QResizeEvent *) +void SnakeDuel::resizeEvent(QResizeEvent *) { createNewPlayfield(); reset(); } -void Tron::keyPressEvent(QKeyEvent *e) +void SnakeDuel::keyPressEvent(QKeyEvent *e) { KKey key(e); if(!players[1].computer) @@ -718,7 +718,7 @@ } } -void Tron::keyReleaseEvent(QKeyEvent * e) +void SnakeDuel::keyReleaseEvent(QKeyEvent * e) { KKey key(e); @@ -785,7 +785,7 @@ } // if playingfield loses keyboard focus, pause game -void Tron::focusOutEvent(QFocusEvent *) +void SnakeDuel::focusOutEvent(QFocusEvent *) { if(!gameEnded && !gamePaused) { @@ -797,12 +797,12 @@ ** slots ** ** *************************************************************** */ -void Tron::unblockGame() +void SnakeDuel::unblockGame() { gameBlocked=false; } -void Tron::showBeginHint() +void SnakeDuel::showBeginHint() { if(gameEnded) { @@ -816,12 +816,12 @@ } // doMove() is called from QTimer -void Tron::doMove() +void SnakeDuel::doMove() { int i; for(i=0;i<2;i++) { - // ?berpr?fen, ob Acceleratortaste gedr?ckt wurde... + // ???berpr???fen, ob Acceleratortaste gedr???ckt wurde... if(players[i].accelerated) { updateDirections(i); @@ -1067,7 +1067,7 @@ // This part is partly ported from // xtron-1.1 by Rhett D. Jacobs -void Tron::think(int playerNr) +void SnakeDuel::think(int playerNr) { if(Settings::skill() != Settings::EnumSkill::Easy) { @@ -1598,7 +1598,7 @@ } } -void Tron::changeDirection(int playerNr,int dis_right,int dis_left) +void SnakeDuel::changeDirection(int playerNr,int dis_right,int dis_left) { Directions::Direction currentDir=players[playerNr].dir; Directions::Direction sides[2]; diff -ur kdegames-3.5.7/ktron/tron.h kdegames-3.5.7-trademarks/ktron/tron.h --- kdegames-3.5.7/ktron/tron.h 2005-10-10 16:56:04.000000000 +0200 +++ kdegames-3.5.7-trademarks/ktron/tron.h 2007-08-04 06:51:21.000000000 +0200 @@ -1,5 +1,5 @@ /* ******************************************************************************** - This file is part of the game 'KTron' + This file is part of the game 'KSnakeDuel' Copyright (C) 1998-2000 by Matthias Kiefer @@ -43,13 +43,13 @@ /** * @short The playingfield */ -class Tron : public QWidget +class SnakeDuel : public QWidget { Q_OBJECT public: - Tron(QWidget *parent=0, const char *name=0); - ~Tron(); + SnakeDuel(QWidget *parent=0, const char *name=0); + ~SnakeDuel(); void setActionCollection(KActionCollection*); void updatePixmap(); void setBackgroundPix(QPixmap); @@ -77,7 +77,7 @@ void gameReset(); protected: - /** bitBlt?s the rect that has to be updated from the + /** bitBlt???s the rect that has to be updated from the * bufferpixmap on the screen and writes eventually text */ void paintEvent(QPaintEvent *); @@ -136,7 +136,7 @@ void createNewPlayfield(); /** paints players at current player coordinates */ void paintPlayers(); - /** draws a rect in current TronStyle at position x,y of the playingfield */ + /** draws a rect in current SnakeDuelStyle at position x,y of the playingfield */ void drawRect(QPainter & p, int x, int y); /** emits gameEnds(Player) and displays the winner by changing color*/ void showWinner(Player winner); @@ -162,7 +162,7 @@ private slots: /** - * This is the main function of KTron. + * This is the main function of KSnakeDuel. * It checkes if an accelerator is pressed and than moves this player * forward. Then it checkes if a crash occurred. * If no crash happen it moves both players forward and checks again diff -ur kdegames-3.5.7/README kdegames-3.5.7-trademarks/README --- kdegames-3.5.7/README 2005-09-10 10:18:37.000000000 +0200 +++ kdegames-3.5.7-trademarks/README 2007-08-08 07:08:20.000000000 +0200 @@ -38,6 +38,9 @@ * kbounce Claim areas and don't get disturbed. +* kboxpush + Move all storage boxes into the cabinet. + * keneloba Push pieces of your opponent out of the board (an Abalone type game). @@ -89,15 +92,12 @@ * ksnake Don't bite yourself, eat apples! -* ksokoban - Move all storage boxes into the cabinet. +* ksnakeduel + Like ksnake, but without fruits. * kspaceduel Two player game with shooting spaceships flying around a sun. -* ktron - Like ksnake, but without fruits. - * ktuberling Kids game: make your own potato (NO french fries!) Index: kdegames.spec =================================================================== RCS file: /cvs/dist/rpms/kdegames/FC-6/kdegames.spec,v retrieving revision 1.58 retrieving revision 1.59 diff -u -r1.58 -r1.59 --- kdegames.spec 16 Jun 2007 13:30:03 -0000 1.58 +++ kdegames.spec 20 Sep 2007 20:57:36 -0000 1.59 @@ -3,13 +3,6 @@ %define make_cvs 1 %define arts 1 -%define rhel 0 - -%if %{rhel} -%define patch_name -patched -%else -%define patch_name %{nil} -%endif %define qt_version 3.3.8 %define qt_epoch 1 @@ -17,7 +10,7 @@ %define kdebase_epoch 6 Version: 3.5.7 -Release: 1%{?dist} +Release: 1.1%{?dist} Epoch: 6 Summary: K Desktop Environment - Games Name: kdegames @@ -25,9 +18,10 @@ Group: Amusements/Games BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Url: http://www.kde.org -Source: ftp://ftp.kde.org/pub/kde/stable/%{version}/src/%{name}-%{version}%{patch_name}.tar.bz2 +Source: ftp://ftp.kde.org/pub/kde/stable/%{version}/src/%{name}-%{version}.tar.bz2 Patch1: kdegames-3.1.1-konquest.patch +Patch2: kdegames-3.5.7-trademarks.patch Requires: kdelibs >= %{kdelibs_epoch}:%{version} Requires: kdebase >= %{kdebase_epoch}:%{version} @@ -64,8 +58,10 @@ KDE desktop. %prep -%setup -q -n %{name}-%{version}%{patch_name} +%setup -q + %patch1 -p1 -b .konquest +%patch2 -p1 -b .trademarks %if %{make_cvs} make -f admin/Makefile.common cvs @@ -154,6 +150,9 @@ %exclude %{_libdir}/libkdeinit_*.so %changelog +* Thu Sep 20 2007 Than Ngo 3.5.7-1.1.fc6 +- bz248343, removes the Tron and Sokoban trademarks, thanks to Kevin Kofler + * Sat Jun 16 2007 Than Ngo - 6:3.5.7-0.1.fc6 - 3.5.7 From fedora-cvs-commits at redhat.com Thu Sep 20 21:44:51 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 20 Sep 2007 17:44:51 -0400 Subject: rpms/postgresql/FC-6 postgresql-use-zoneinfo.patch, NONE, 1.1 .cvsignore, 1.36, 1.37 postgresql.spec, 1.74, 1.75 sources, 1.37, 1.38 Message-ID: <200709202144.l8KLipPu012182@cvs.devel.redhat.com> Author: tgl Update of /cvs/dist/rpms/postgresql/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv12165 Modified Files: .cvsignore postgresql.spec sources Added Files: postgresql-use-zoneinfo.patch Log Message: Update to PostgreSQL 8.1.10, remove local copy of tzdata postgresql-use-zoneinfo.patch: Makefile | 1 - pgtz.c | 12 +----------- 2 files changed, 1 insertion(+), 12 deletions(-) --- NEW FILE postgresql-use-zoneinfo.patch --- PostgreSQL includes its own copy of the zic timezone database, which is great for ensuring portable results but not so great from a package maintenance perspective. Since the data is in the same format as is provided by the Linux-standard /usr/share/zoneinfo files, we can avoid having to update postgresql for timezone updates by just using those files instead. Note: as of PG 8.3 this patch will be unnecessary; use configure's --with-system-tzdata switch instead. diff -Naur postgresql-8.1.10.orig/src/timezone/Makefile postgresql-8.1.10/src/timezone/Makefile --- postgresql-8.1.10.orig/src/timezone/Makefile 2007-03-14 13:38:22.000000000 -0400 +++ postgresql-8.1.10/src/timezone/Makefile 2007-09-20 17:28:16.000000000 -0400 @@ -38,7 +38,6 @@ $(CC) $(CFLAGS) $(ZICOBJS) $(LDFLAGS) $(LIBS) -o $@$(X) install: all installdirs - ./zic -d $(DESTDIR)$(datadir)/timezone -p $(POSIXRULES) $(TZDATAFILES) installdirs: $(mkinstalldirs) $(DESTDIR)$(datadir) diff -Naur postgresql-8.1.10.orig/src/timezone/pgtz.c postgresql-8.1.10/src/timezone/pgtz.c --- postgresql-8.1.10.orig/src/timezone/pgtz.c 2005-11-22 13:23:31.000000000 -0500 +++ postgresql-8.1.10/src/timezone/pgtz.c 2007-09-20 17:29:24.000000000 -0400 @@ -32,9 +32,6 @@ pg_tz *global_timezone = NULL; -static char tzdir[MAXPGPATH]; -static int done_tzdir = 0; - static const char *identify_system_timezone(void); static const char *select_default_timezone(void); static bool set_global_timezone(const char *tzname); @@ -46,14 +43,7 @@ char * pg_TZDIR(void) { - if (done_tzdir) - return tzdir; - - get_share_path(my_exec_path, tzdir); - strcat(tzdir, "/timezone"); - - done_tzdir = 1; - return tzdir; + return "/usr/share/zoneinfo"; } Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/postgresql/FC-6/.cvsignore,v retrieving revision 1.36 retrieving revision 1.37 diff -u -r1.36 -r1.37 --- .cvsignore 24 Apr 2007 19:49:40 -0000 1.36 +++ .cvsignore 20 Sep 2007 21:44:49 -0000 1.37 @@ -1,4 +1,4 @@ -postgresql-8.1.9.tar.bz2 +postgresql-8.1.10.tar.bz2 PyGreSQL-3.8.1.tgz pgtcl1.5.2.tar.gz pgtcldocs-20041108.zip Index: postgresql.spec =================================================================== RCS file: /cvs/dist/rpms/postgresql/FC-6/postgresql.spec,v retrieving revision 1.74 retrieving revision 1.75 diff -u -r1.74 -r1.75 --- postgresql.spec 24 Apr 2007 19:49:40 -0000 1.74 +++ postgresql.spec 20 Sep 2007 21:44:49 -0000 1.75 @@ -81,7 +81,7 @@ Summary: PostgreSQL client programs and libraries. Name: postgresql -Version: 8.1.9 +Version: 8.1.10 Release: 1%{?dist} License: BSD Group: Applications/Databases @@ -112,6 +112,7 @@ Patch5: pgtcl-no-rpath.patch Patch6: postgresql-perl-rpath.patch Patch7: pgtcl-quote.patch +Patch9: postgresql-use-zoneinfo.patch Buildrequires: perl glibc-devel bison flex autoconf Prereq: /sbin/ldconfig initscripts @@ -333,6 +334,7 @@ # patch5 is applied later %patch6 -p1 # patch7 is applied later +%patch9 -p1 #call autoconf 2.53 or greater %aconfver @@ -750,7 +752,6 @@ %{_datadir}/pgsql/postgres.description %{_datadir}/pgsql/system_views.sql %{_datadir}/pgsql/*.sample -%{_datadir}/pgsql/timezone/ %{_libdir}/pgsql/plpgsql.so %dir %{_datadir}/pgsql %attr(700,postgres,postgres) %dir /var/lib/pgsql @@ -828,6 +829,11 @@ %endif %changelog +* Thu Sep 20 2007 Tom Lane 8.1.10-1 +- Update to PostgreSQL 8.1.10 +- Use tzdata package's data files instead of private copy, so that + postgresql-server need not be turned for routine timezone updates + * Tue Apr 24 2007 Tom Lane 8.1.9-1 - Update to PostgreSQL 8.1.9 for CVE-2007-2138, data loss bugs Resolves: #237682 Index: sources =================================================================== RCS file: /cvs/dist/rpms/postgresql/FC-6/sources,v retrieving revision 1.37 retrieving revision 1.38 diff -u -r1.37 -r1.38 --- sources 24 Apr 2007 19:49:41 -0000 1.37 +++ sources 20 Sep 2007 21:44:49 -0000 1.38 @@ -1,4 +1,4 @@ -a8a3bd5cb45c4c2747d5218912a82cfc postgresql-8.1.9.tar.bz2 +b3f29251035d2ee03f66e3114cf6f095 postgresql-8.1.10.tar.bz2 5575979dac93c9c5795d7693a8f91c86 PyGreSQL-3.8.1.tgz d19dfdcb54c334495d32456a043e0232 pgtcl1.5.2.tar.gz 3d504b46231914d61fd49175f67e8715 pgtcldocs-20041108.zip From fedora-cvs-commits at redhat.com Fri Sep 21 08:57:45 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 21 Sep 2007 04:57:45 -0400 Subject: rpms/elinks/FC-6 elinks-0.11.3-macropen.patch, NONE, 1.1 .cvsignore, 1.18, 1.19 elinks-0.11.1-negotiate.patch, 1.2, 1.3 elinks.spec, 1.40, 1.41 sources, 1.18, 1.19 Message-ID: <200709210857.l8L8vjoP030892@cvs.devel.redhat.com> Author: ovasik Update of /cvs/dist/rpms/elinks/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv30873 Modified Files: .cvsignore elinks-0.11.1-negotiate.patch elinks.spec sources Added Files: elinks-0.11.3-macropen.patch Log Message: upgrade to upstream version due security issue #297991/cleanup/fixed license etc. elinks-0.11.3-macropen.patch: encoding.c | 2 +- 1 files changed, 1 insertion(+), 1 deletion(-) --- NEW FILE elinks-0.11.3-macropen.patch --- --- elinks-0.11.3/src/encoding/encoding.c.macropen +++ elinks-0.11.3/src/encoding/encoding.c @@ -117,7 +117,7 @@ if (!stream) return NULL; stream->encoding = encoding; - if (decoding_backends[stream->encoding]->open(stream, fd) >= 0) + if ((decoding_backends[stream->encoding]->open)(stream, fd) >= 0) return stream; mem_free(stream); Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/elinks/FC-6/.cvsignore,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- .cvsignore 9 Jun 2006 12:08:47 -0000 1.18 +++ .cvsignore 21 Sep 2007 08:57:42 -0000 1.19 @@ -1 +1 @@ -elinks-0.11.1.tar.bz2 +elinks-0.11.3.tar.bz2 elinks-0.11.1-negotiate.patch: Makefile.config.in | 1 config.h.in | 3 configure.in | 24 +++ src/protocol/http/Makefile | 2 src/protocol/http/http.c | 42 ++++- src/protocol/http/http_negotiate.c | 287 +++++++++++++++++++++++++++++++++++++ src/protocol/http/http_negotiate.h | 16 ++ src/util/base64.c | 36 +++- src/util/base64.h | 3 9 files changed, 399 insertions(+), 15 deletions(-) Index: elinks-0.11.1-negotiate.patch =================================================================== RCS file: /cvs/dist/rpms/elinks/FC-6/elinks-0.11.1-negotiate.patch,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- elinks-0.11.1-negotiate.patch 12 Jun 2006 21:11:25 -0000 1.2 +++ elinks-0.11.1-negotiate.patch 21 Sep 2007 08:57:42 -0000 1.3 @@ -352,28 +352,18 @@ struct http_version { int major; -@@ -551,7 +554,7 @@ - int trace = get_opt_bool("protocol.http.trace"); - struct string header; - unsigned char *post_data = NULL; -- struct auth_entry *entry; -+ struct auth_entry *entry = NULL; - struct uri *uri = conn->proxied_uri; /* Set to the real uri */ - unsigned char *optstr; - int use_connect, talking_to_proxy; -@@ -808,7 +811,11 @@ - add_crlf_to_string(&header); +@@ -846,7 +849,11 @@ } -- entry = find_auth(uri); + /* CONNECT: The Authorization header is for the origin server only. */ +#ifdef CONFIG_GSSAPI -+ if (http_negotiate_output(uri, &header) != 0) ++ if (http_negotiate_output(uri, &header) != 0) { ++#else + if (!use_connect) { +#endif -+ entry = find_auth(uri); -+ + entry = find_auth(uri); + } if (entry) { - if (entry->digest) { - unsigned char *response; @@ -1327,12 +1334,13 @@ return 0; } Index: elinks.spec =================================================================== RCS file: /cvs/dist/rpms/elinks/FC-6/elinks.spec,v retrieving revision 1.40 retrieving revision 1.41 diff -u -r1.40 -r1.41 --- elinks.spec 31 May 2007 08:11:37 -0000 1.40 +++ elinks.spec 21 Sep 2007 08:57:42 -0000 1.41 @@ -1,23 +1,20 @@ %define rescue %{nil} Name: elinks Summary: A text-mode Web browser. -Version: 0.11.1 -Release: 5.2 -Source: http://elinks.or.cz/download/elinks-%{version}.tar.bz2 -Group: Applications/Internet +Version: 0.11.3 +Release: 1%{?dist} +License: GPLv2 URL: http://elinks.or.cz/ +Source: http://elinks.or.cz/download/%{name}-%{version}.tar.bz2 +Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-buildroot -BuildRequires: autoconf BuildRequires: automake -BuildRequires: pkgconfig BuildRequires: openssl-devel -BuildRequires: krb5-devel BuildRequires: bzip2-devel BuildRequires: expat-devel BuildRequires: libidn-devel -License: GPL Provides: webclient Obsoletes: links Provides: links @@ -30,8 +27,8 @@ Patch5: elinks-0.10.1-xterm.patch Patch6: elinks-0.11.0-union.patch Patch7: elinks-0.11.1-negotiate.patch -Patch8: elinks-0.11.1-badproxy.patch -Patch9: elinks-0.11.1-loadpo.patch +Patch8: elinks-0.11.1-loadpo.patch +Patch9: elinks-0.11.3-macropen.patch %description Links is a text-based Web browser. Links does not display any images, @@ -57,10 +54,10 @@ %patch6 -p1 -b .union # Fix #194096 ??? elinks should support negotiate-auth %patch7 -p1 -b .negotiate -# Fix #210103 - elinks crashes when given bad HTTP_PROXY -%patch8 -p1 -b .badproxy # Fix #235411: CVE-2007-2027 elinks tries to load .po files from a non-absolute path -%patch9 -p1 -b .loadpo +%patch8 -p1 -b .loadpo +# Fix for open macro in new glibc +%patch9 -p1 -b .open %build #aclocal @@ -88,7 +85,7 @@ %files -f elinks.lang %defattr(-,root,root) -%doc README SITES TODO +%doc README SITES TODO COPYING %{_bindir}/links %{_bindir}/elinks %{_mandir}/man1/links.1* @@ -96,6 +93,15 @@ %{_mandir}/man5/* %changelog +* Fri Sep 21 2007 Ondrej Vasik 0.11.3-1 +- update to new upstream version (required for #297981) +- removed patch for #210103 , included in upstream release +- updated patch elinks-0.11.1-negotiate.patch to pass build +- fix of open macro(new glibc) by Joe Orton +- changed license tag to GPLv2 +- added License file to doc, cleanup of dups in buildreq +- (from package review by Tyler Owen(#225725)) + * Thu May 31 2007 Karel Zak 0.11.1-5.2 - fix #235411: CVE-2007-2027 elinks tries to load .po files from a non-absolute path Index: sources =================================================================== RCS file: /cvs/dist/rpms/elinks/FC-6/sources,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- sources 9 Jun 2006 12:08:47 -0000 1.18 +++ sources 21 Sep 2007 08:57:42 -0000 1.19 @@ -1 +1 @@ -db0d62394b03938eec81b749e49dfbbc elinks-0.11.1.tar.bz2 +a0eb50e18a2ac8e77d6b0df8f94bb5a6 elinks-0.11.3.tar.bz2 From fedora-cvs-commits at redhat.com Fri Sep 21 18:54:21 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 21 Sep 2007 14:54:21 -0400 Subject: rpms/kernel/FC-6/configs config-i586,1.23,1.24 Message-ID: <200709211854.l8LIsLlW013462@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6/configs In directory cvs.devel.redhat.com:/tmp/cvs-serv13433/configs Modified Files: config-i586 Log Message: * Fri Sep 21 2007 Chuck Ebbert - Build dcdbas and dell_rbu modules on i586 (#216304) Index: config-i586 =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/configs/config-i586,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- config-i586 23 Jul 2007 15:24:36 -0000 1.23 +++ config-i586 21 Sep 2007 18:54:19 -0000 1.24 @@ -10,8 +10,6 @@ # CONFIG_X86_MCE_P4THERMAL is not set # CONFIG_TOSHIBA is not set # CONFIG_I8K is not set -# CONFIG_DELL_RBU is not set -# CONFIG_DCDBAS is not set # CONFIG_ACPI_ASUS is not set # CONFIG_ACPI_IBM is not set # CONFIG_ACPI_TOSHIBA is not set From fedora-cvs-commits at redhat.com Fri Sep 21 18:54:21 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 21 Sep 2007 14:54:21 -0400 Subject: rpms/kernel/FC-6 kernel-2.6.spec,1.3023,1.3024 Message-ID: <200709211854.l8LIsLPG013456@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv13433 Modified Files: kernel-2.6.spec Log Message: * Fri Sep 21 2007 Chuck Ebbert - Build dcdbas and dell_rbu modules on i586 (#216304) Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3023 retrieving revision 1.3024 diff -u -r1.3023 -r1.3024 --- kernel-2.6.spec 13 Sep 2007 22:21:31 -0000 1.3023 +++ kernel-2.6.spec 21 Sep 2007 18:54:18 -0000 1.3024 @@ -2279,6 +2279,9 @@ %endif %changelog +* Fri Sep 21 2007 Chuck Ebbert +- Build dcdbas and dell_rbu modules on i586 (#216304) + * Thu Sep 13 2007 Chuck Ebbert - USB: three trivial fixes - futex: fix compat list traversal From fedora-cvs-commits at redhat.com Fri Sep 21 19:13:43 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 21 Sep 2007 15:13:43 -0400 Subject: rpms/selinux-policy/FC-6 policy-20061106.patch, 1.56, 1.57 selinux-policy.spec, 1.374, 1.375 Message-ID: <200709211913.l8LJDhY5014094@cvs.devel.redhat.com> Author: dwalsh Update of /cvs/dist/rpms/selinux-policy/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv14077 Modified Files: policy-20061106.patch selinux-policy.spec Log Message: * Fri Sep 14 2007 Dan Walsh 2.4.6-94 - Fixup clmvd to allow creation of fixed devices Resolves: # policy-20061106.patch: Rules.modular | 10 config/appconfig-strict-mcs/seusers | 1 config/appconfig-strict-mls/default_contexts | 6 config/appconfig-strict-mls/seusers | 1 config/appconfig-strict/seusers | 1 man/man8/kerberos_selinux.8 | 2 policy/flask/access_vectors | 21 policy/flask/security_classes | 8 policy/global_tunables | 94 +++- policy/mls | 31 + policy/modules/admin/acct.te | 1 policy/modules/admin/alsa.fc | 3 policy/modules/admin/alsa.te | 15 policy/modules/admin/amanda.if | 37 + policy/modules/admin/amanda.te | 29 - policy/modules/admin/amtu.fc | 3 policy/modules/admin/amtu.if | 57 ++ policy/modules/admin/amtu.te | 56 ++ policy/modules/admin/backup.te | 5 policy/modules/admin/bootloader.fc | 5 policy/modules/admin/bootloader.te | 15 policy/modules/admin/consoletype.te | 21 policy/modules/admin/ddcprobe.te | 10 policy/modules/admin/dmesg.te | 7 policy/modules/admin/dmidecode.te | 6 policy/modules/admin/firstboot.if | 24 - policy/modules/admin/kudzu.te | 14 policy/modules/admin/logrotate.te | 5 policy/modules/admin/logwatch.te | 22 policy/modules/admin/netutils.te | 19 policy/modules/admin/portage.te | 5 policy/modules/admin/prelink.te | 25 - policy/modules/admin/quota.fc | 7 policy/modules/admin/quota.te | 24 - policy/modules/admin/readahead.te | 2 policy/modules/admin/rpm.fc | 3 policy/modules/admin/rpm.if | 104 ++++ policy/modules/admin/rpm.te | 49 -- policy/modules/admin/su.if | 38 + policy/modules/admin/su.te | 2 policy/modules/admin/sudo.if | 13 policy/modules/admin/tripwire.te | 11 policy/modules/admin/usbmodules.te | 5 policy/modules/admin/usermanage.if | 2 policy/modules/admin/usermanage.te | 58 ++ policy/modules/admin/vbetool.te | 1 policy/modules/admin/vpn.te | 1 policy/modules/apps/ethereal.te | 5 policy/modules/apps/evolution.if | 107 ++++ policy/modules/apps/evolution.te | 1 policy/modules/apps/games.fc | 1 policy/modules/apps/gnome.fc | 2 policy/modules/apps/gnome.if | 108 ++++ policy/modules/apps/gnome.te | 5 policy/modules/apps/gpg.if | 1 policy/modules/apps/java.fc | 2 policy/modules/apps/java.if | 70 +++ policy/modules/apps/java.te | 2 policy/modules/apps/loadkeys.if | 39 - policy/modules/apps/mozilla.if | 208 +++++++-- policy/modules/apps/mplayer.if | 84 +++ policy/modules/apps/mplayer.te | 1 policy/modules/apps/slocate.te | 7 policy/modules/apps/thunderbird.if | 81 +++ policy/modules/apps/userhelper.if | 20 policy/modules/apps/webalizer.te | 6 policy/modules/apps/wine.fc | 1 policy/modules/apps/yam.te | 5 policy/modules/kernel/corecommands.fc | 32 + policy/modules/kernel/corecommands.if | 77 +++ policy/modules/kernel/corenetwork.if.in | 177 +++++++ policy/modules/kernel/corenetwork.te.in | 18 policy/modules/kernel/devices.fc | 11 policy/modules/kernel/devices.if | 56 ++ policy/modules/kernel/devices.te | 8 policy/modules/kernel/domain.if | 80 +++ policy/modules/kernel/domain.te | 26 + policy/modules/kernel/files.fc | 3 policy/modules/kernel/files.if | 298 ++++++++++++ policy/modules/kernel/filesystem.if | 62 ++ policy/modules/kernel/filesystem.te | 30 + policy/modules/kernel/kernel.if | 84 +++ policy/modules/kernel/kernel.te | 22 policy/modules/kernel/mls.if | 28 + policy/modules/kernel/mls.te | 6 policy/modules/kernel/storage.fc | 4 policy/modules/kernel/storage.if | 2 policy/modules/kernel/terminal.fc | 2 policy/modules/kernel/terminal.if | 21 policy/modules/kernel/terminal.te | 1 policy/modules/services/aide.fc | 3 policy/modules/services/aide.te | 11 policy/modules/services/amavis.if | 19 policy/modules/services/amavis.te | 4 policy/modules/services/apache.fc | 18 policy/modules/services/apache.if | 157 ++++++ policy/modules/services/apache.te | 66 ++ policy/modules/services/apm.te | 3 policy/modules/services/arpwatch.te | 5 policy/modules/services/audioentropy.te | 4 policy/modules/services/automount.fc | 1 policy/modules/services/automount.te | 15 policy/modules/services/avahi.if | 40 + policy/modules/services/avahi.te | 10 policy/modules/services/bind.fc | 1 policy/modules/services/bind.te | 12 policy/modules/services/bluetooth.te | 10 policy/modules/services/ccs.fc | 1 policy/modules/services/ccs.te | 25 - policy/modules/services/clamav.te | 3 policy/modules/services/courier.te | 1 policy/modules/services/cron.fc | 6 policy/modules/services/cron.if | 105 ++-- policy/modules/services/cron.te | 62 ++ policy/modules/services/cups.fc | 5 policy/modules/services/cups.te | 19 policy/modules/services/cvs.te | 2 policy/modules/services/cyrus.te | 6 policy/modules/services/dbus.fc | 1 policy/modules/services/dbus.if | 66 ++ policy/modules/services/dbus.te | 4 policy/modules/services/dcc.te | 9 policy/modules/services/dhcp.te | 3 policy/modules/services/dovecot.fc | 2 policy/modules/services/dovecot.if | 44 + policy/modules/services/dovecot.te | 73 ++- policy/modules/services/fail2ban.fc | 3 policy/modules/services/fail2ban.if | 80 +++ policy/modules/services/fail2ban.te | 74 +++ policy/modules/services/ftp.te | 24 - policy/modules/services/hal.fc | 16 policy/modules/services/hal.if | 160 ++++++ policy/modules/services/hal.te | 186 +++++++- policy/modules/services/inetd.te | 34 + policy/modules/services/irqbalance.te | 4 policy/modules/services/kerberos.fc | 1 policy/modules/services/kerberos.if | 55 ++ policy/modules/services/kerberos.te | 48 +- policy/modules/services/ktalk.fc | 3 policy/modules/services/ktalk.te | 13 policy/modules/services/lpd.if | 75 ++- policy/modules/services/lpd.te | 5 policy/modules/services/mailman.if | 20 policy/modules/services/mailman.te | 1 policy/modules/services/mta.fc | 1 policy/modules/services/mta.if | 20 policy/modules/services/mta.te | 3 policy/modules/services/munin.te | 5 policy/modules/services/nagios.fc | 8 policy/modules/services/nagios.if | 22 policy/modules/services/nagios.te | 70 +-- policy/modules/services/networkmanager.fc | 2 policy/modules/services/networkmanager.te | 2 policy/modules/services/nis.fc | 7 policy/modules/services/nis.if | 8 policy/modules/services/nis.te | 39 + policy/modules/services/nscd.if | 20 policy/modules/services/nscd.te | 31 - policy/modules/services/ntp.te | 10 policy/modules/services/oav.te | 5 policy/modules/services/oddjob.te | 5 policy/modules/services/openca.if | 4 policy/modules/services/openca.te | 2 policy/modules/services/openct.te | 2 policy/modules/services/openvpn.te | 20 policy/modules/services/pcscd.fc | 9 policy/modules/services/pcscd.if | 62 ++ policy/modules/services/pcscd.te | 79 +++ policy/modules/services/pegasus.if | 31 + policy/modules/services/pegasus.te | 13 policy/modules/services/portmap.te | 5 policy/modules/services/portslave.te | 1 policy/modules/services/postfix.fc | 2 policy/modules/services/postfix.if | 46 + policy/modules/services/postfix.te | 98 ++++ policy/modules/services/ppp.te | 2 policy/modules/services/procmail.te | 32 + policy/modules/services/pyzor.if | 18 policy/modules/services/pyzor.te | 13 policy/modules/services/radius.te | 3 policy/modules/services/radvd.te | 2 policy/modules/services/rhgb.if | 76 +++ policy/modules/services/rhgb.te | 3 policy/modules/services/ricci.te | 66 +- policy/modules/services/rlogin.te | 18 policy/modules/services/rpc.fc | 1 policy/modules/services/rpc.if | 3 policy/modules/services/rpc.te | 28 - policy/modules/services/rshd.te | 22 policy/modules/services/rsync.te | 1 policy/modules/services/samba.fc | 6 policy/modules/services/samba.if | 151 ++++++ policy/modules/services/samba.te | 209 ++++++--- policy/modules/services/sasl.te | 14 policy/modules/services/sendmail.if | 41 + policy/modules/services/sendmail.te | 22 policy/modules/services/setroubleshoot.if | 20 policy/modules/services/setroubleshoot.te | 2 policy/modules/services/smartmon.te | 1 policy/modules/services/snmp.if | 17 policy/modules/services/snmp.te | 20 policy/modules/services/soundserver.te | 4 policy/modules/services/spamassassin.fc | 5 policy/modules/services/spamassassin.if | 42 + policy/modules/services/spamassassin.te | 26 - policy/modules/services/squid.fc | 2 policy/modules/services/squid.if | 21 policy/modules/services/squid.te | 17 policy/modules/services/ssh.if | 84 +++ policy/modules/services/ssh.te | 14 policy/modules/services/telnet.te | 24 - policy/modules/services/tftp.te | 3 policy/modules/services/uucp.fc | 1 policy/modules/services/uucp.if | 67 ++ policy/modules/services/uucp.te | 44 + policy/modules/services/uwimap.te | 1 policy/modules/services/xfs.te | 8 policy/modules/services/xserver.fc | 2 policy/modules/services/xserver.if | 211 +++++++++ policy/modules/services/xserver.te | 12 policy/modules/system/authlogin.fc | 1 policy/modules/system/authlogin.if | 180 +++++++ policy/modules/system/authlogin.te | 45 + policy/modules/system/clock.te | 18 policy/modules/system/fstools.fc | 1 policy/modules/system/fstools.if | 19 policy/modules/system/fstools.te | 20 policy/modules/system/getty.te | 14 policy/modules/system/hostname.te | 19 policy/modules/system/init.if | 75 +++ policy/modules/system/init.te | 51 ++ policy/modules/system/ipsec.fc | 5 policy/modules/system/ipsec.if | 99 ++++ policy/modules/system/ipsec.te | 121 +++++ policy/modules/system/iptables.te | 28 - policy/modules/system/libraries.fc | 44 + policy/modules/system/libraries.te | 11 policy/modules/system/locallogin.if | 37 + policy/modules/system/locallogin.te | 11 policy/modules/system/logging.fc | 5 policy/modules/system/logging.if | 61 ++ policy/modules/system/logging.te | 36 + policy/modules/system/lvm.fc | 2 policy/modules/system/lvm.if | 26 - policy/modules/system/lvm.te | 117 +++-- policy/modules/system/miscfiles.fc | 3 policy/modules/system/miscfiles.if | 79 +++ policy/modules/system/modutils.te | 38 + policy/modules/system/mount.te | 37 + policy/modules/system/netlabel.te | 10 policy/modules/system/pcmcia.te | 5 policy/modules/system/raid.te | 16 policy/modules/system/selinuxutil.fc | 10 policy/modules/system/selinuxutil.if | 153 ++++++ policy/modules/system/selinuxutil.te | 153 ++---- policy/modules/system/sysnetwork.if | 2 policy/modules/system/sysnetwork.te | 14 policy/modules/system/tzdata.fc | 3 policy/modules/system/tzdata.if | 23 policy/modules/system/tzdata.te | 51 ++ policy/modules/system/udev.te | 22 policy/modules/system/unconfined.fc | 4 policy/modules/system/unconfined.if | 22 policy/modules/system/unconfined.te | 24 + policy/modules/system/userdomain.if | 622 +++++++++++++++++++++++---- policy/modules/system/userdomain.te | 117 ++--- policy/modules/system/xen.fc | 2 policy/modules/system/xen.if | 64 ++ policy/modules/system/xen.te | 74 ++- policy/support/*Warnings* | 189 ++++++++ policy/support/file_patterns.spt | 534 +++++++++++++++++++++++ policy/support/misc_macros.spt | 8 policy/support/obj_perm_sets.spt | 144 ++++++ 273 files changed, 8709 insertions(+), 1072 deletions(-) View full diff with command: /usr/bin/cvs -f diff -kk -u -N -r 1.56 -r 1.57 policy-20061106.patch Index: policy-20061106.patch =================================================================== RCS file: /cvs/dist/rpms/selinux-policy/FC-6/policy-20061106.patch,v retrieving revision 1.56 retrieving revision 1.57 diff -u -r1.56 -r1.57 --- policy-20061106.patch 5 Sep 2007 03:14:49 -0000 1.56 +++ policy-20061106.patch 21 Sep 2007 19:13:41 -0000 1.57 @@ -421,8 +421,35 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.if serefpolicy-2.4.6/policy/modules/admin/amanda.if --- nsaserefpolicy/policy/modules/admin/amanda.if 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/amanda.if 2007-05-22 12:40:26.000000000 -0400 -@@ -127,4 +127,21 @@ ++++ serefpolicy-2.4.6/policy/modules/admin/amanda.if 2007-09-11 08:55:14.000000000 -0400 +@@ -76,6 +76,26 @@ + + ######################################## + ## ++## Search amanda var library directories. ++## ++## ++## ++## The type of the process performing this action. ++## ++## ++# ++interface(`amanda_search_var_lib',` ++ gen_require(` ++ type amanda_var_lib_t; ++ ') ++ ++ files_search_var_lib($1) ++ allow $1 amanda_var_lib_t:dir search_dir_perms; ++ ++') ++ ++######################################## ++## + ## Do not audit attempts to read /etc/dumpdates. + ## + ## +@@ -127,4 +147,21 @@ allow $1 amanda_log_t:file ra_file_perms; ') @@ -446,16 +473,8 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.4.6/policy/modules/admin/amanda.te --- nsaserefpolicy/policy/modules/admin/amanda.te 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/amanda.te 2007-05-23 11:17:26.000000000 -0400 -@@ -75,6 +75,7 @@ - allow amanda_t self:unix_dgram_socket create_socket_perms; - allow amanda_t self:tcp_socket create_stream_socket_perms; - allow amanda_t self:udp_socket create_socket_perms; -+allow amanda_t self:netlink_route_socket r_netlink_socket_perms; - - # access to amanda_amandates_t - allow amanda_t amanda_amandates_t:file { getattr lock read write }; -@@ -84,7 +85,7 @@ ++++ serefpolicy-2.4.6/policy/modules/admin/amanda.te 2007-09-11 08:54:01.000000000 -0400 +@@ -84,18 +84,22 @@ # access to amandas data structure allow amanda_t amanda_data_t:dir { read search write }; @@ -464,7 +483,12 @@ # access to amanda_dumpdates_t allow amanda_t amanda_dumpdates_t:file { getattr lock read write }; -@@ -96,6 +97,9 @@ + + can_exec(amanda_t,amanda_exec_t) ++can_exec(amanda_t,amanda_inetd_exec_t) + + # access to amanda_gnutarlists_t (/var/lib/amanda/gnutar-lists) + allow amanda_t amanda_gnutarlists_t:dir rw_dir_perms; allow amanda_t amanda_gnutarlists_t:file manage_file_perms; allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms; @@ -474,15 +498,65 @@ allow amanda_t amanda_log_t:file create_file_perms; allow amanda_t amanda_log_t:dir manage_dir_perms; logging_log_filetrans(amanda_t,amanda_log_t,{ file dir }) -@@ -244,3 +248,8 @@ +@@ -104,6 +108,8 @@ + allow amanda_t amanda_tmp_t:file create_file_perms; + files_tmp_filetrans(amanda_t, amanda_tmp_t, { file dir }) + ++auth_use_nsswitch(amanda_t) ++ + kernel_read_system_state(amanda_t) + kernel_read_kernel_sysctls(amanda_t) + kernel_dontaudit_getattr_unlabeled_files(amanda_t) +@@ -150,8 +156,6 @@ + libs_use_ld_so(amanda_t) + libs_use_shared_libs(amanda_t) + +-sysnet_read_config(amanda_t) +- optional_policy(` - nscd_socket_use(amanda_recover_t) + auth_read_shadow(amanda_t) ') +@@ -160,14 +164,6 @@ + logging_send_syslog_msg(amanda_t) + ') + +-optional_policy(` +- nis_use_ypbind(amanda_t) +-') +- +-optional_policy(` +- nscd_socket_use(amanda_t) +-') +- + ######################################## + # + # Amanda recover local policy +@@ -198,6 +194,8 @@ + allow amanda_recover_t amanda_tmp_t:fifo_file create_file_perms; + files_tmp_filetrans(amanda_recover_t,amanda_tmp_t,{ dir file lnk_file sock_file fifo_file }) + ++auth_use_nsswitch(amanda_recover_t) + -+optional_policy(` + kernel_read_system_state(amanda_recover_t) + kernel_read_kernel_sysctls(amanda_recover_t) + +@@ -233,14 +231,9 @@ + + miscfiles_read_localization(amanda_recover_t) + +-sysnet_read_config(amanda_recover_t) +- + userdom_search_sysadm_home_content_dirs(amanda_recover_t) + + optional_policy(` +- nis_use_ypbind(amanda_recover_t) +-') +- +-optional_policy(` +- nscd_socket_use(amanda_recover_t) + ssh_sigchld(amanda_recover_t) + ssh_rw_stream_sockets(amanda_recover_t) -+') + ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.fc serefpolicy-2.4.6/policy/modules/admin/amtu.fc --- nsaserefpolicy/policy/modules/admin/amtu.fc 1969-12-31 19:00:00.000000000 -0500 +++ serefpolicy-2.4.6/policy/modules/admin/amtu.fc 2007-05-22 12:40:26.000000000 -0400 @@ -771,12 +845,12 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmidecode.te serefpolicy-2.4.6/policy/modules/admin/dmidecode.te --- nsaserefpolicy/policy/modules/admin/dmidecode.te 2006-11-29 12:04:48.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/admin/dmidecode.te 2007-08-30 10:26:48.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/admin/dmidecode.te 2007-09-07 17:06:27.000000000 -0400 @@ -22,6 +22,7 @@ # Allow dmidecode to read /dev/mem dev_read_raw_memory(dmidecode_t) -+dev_search_sysfs(dmidecode_t) ++dev_read_sysfs(dmidecode_t) mls_file_read_up(dmidecode_t) @@ -3301,8 +3375,52 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-2.4.6/policy/modules/kernel/corenetwork.if.in --- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/kernel/corenetwork.if.in 2007-06-11 09:27:14.000000000 -0400 -@@ -1292,6 +1292,25 @@ ++++ serefpolicy-2.4.6/policy/modules/kernel/corenetwork.if.in 2007-09-11 15:56:46.000000000 -0400 +@@ -987,6 +987,43 @@ + + ######################################## + ## ++## Connect TCP sockets to rpc ports. ++## ++## ++## ++## The type of the process performing this action. ++## ++## ++# ++interface(`corenet_tcp_connect_all_rpc_ports',` ++ gen_require(` ++ attribute rpc_port_type; ++ ') ++ ++ allow $1 rpc_port_type:tcp_socket name_connect; ++') ++ ++######################################## ++## ++## Do not audit attempts to connect TCP sockets ++## all rpc ports. ++## ++## ++## ++## Domain to not audit. ++## [...2515 lines suppressed...] +@@ -362,6 +375,7 @@ fs_getattr_xattr_fs(restorecon_t) fs_search_auto_mountpoints(restorecon_t) @@ -14215,7 +15034,7 @@ mls_file_read_up(restorecon_t) mls_file_write_down(restorecon_t) -@@ -407,10 +428,22 @@ +@@ -407,10 +421,22 @@ fs_rw_tmpfs_blk_files(restorecon_t) fs_relabel_tmpfs_blk_file(restorecon_t) fs_relabel_tmpfs_chr_file(restorecon_t) @@ -14238,7 +15057,7 @@ udev_dontaudit_rw_dgram_sockets(restorecon_t) ') ') -@@ -419,6 +452,10 @@ +@@ -419,6 +445,10 @@ hotplug_use_fds(restorecon_t) ') @@ -14249,15 +15068,30 @@ ######################################## # # Restorecond local policy -@@ -449,6 +486,7 @@ +@@ -447,8 +477,10 @@ + selinux_compute_relabel_context(restorecond_t) + selinux_compute_user_contexts(restorecond_t) ++auth_use_nsswitch(restorecond_t) auth_relabel_all_files_except_shadow(restorecond_t ) auth_read_all_files_except_shadow(restorecond_t) +auth_use_nsswitch(restorecond_t) init_use_fds(restorecond_t) init_dontaudit_use_script_ptys(restorecond_t) -@@ -485,7 +523,7 @@ +@@ -471,11 +503,6 @@ + rpm_use_script_fds(restorecond_t) + ') + +-optional_policy(` +- # restorecond watches for users logging in, +- # so it getspwnam when a user logs in to find his homedir +- nis_use_ypbind(restorecond_t) +-') + + ################################# + # +@@ -485,7 +512,7 @@ allow run_init_t self:process setexec; allow run_init_t self:capability setuid; allow run_init_t self:fifo_file rw_file_perms; @@ -14266,7 +15100,7 @@ # often the administrator runs such programs from a directory that is owned # by a different user or has restrictive SE permissions, do not want to audit -@@ -499,6 +537,7 @@ +@@ -499,6 +526,7 @@ term_dontaudit_list_ptys(run_init_t) auth_domtrans_chk_passwd(run_init_t) @@ -14274,7 +15108,7 @@ auth_dontaudit_read_shadow(run_init_t) corecmd_exec_bin(run_init_t) -@@ -549,81 +588,14 @@ +@@ -549,81 +577,14 @@ ######################################## # @@ -14362,7 +15196,7 @@ ') ######################################## -@@ -672,6 +644,7 @@ +@@ -672,6 +633,7 @@ init_use_fds(setfiles_t) init_use_script_fds(setfiles_t) init_use_script_ptys(setfiles_t) @@ -14370,7 +15204,7 @@ domain_use_interactive_fds(setfiles_t) -@@ -691,3 +664,16 @@ +@@ -691,3 +653,16 @@ userdom_use_all_users_fds(setfiles_t) # for config files in a home directory userdom_read_all_users_home_content_files(setfiles_t) @@ -14660,7 +15494,7 @@ + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.4.6/policy/modules/system/unconfined.te --- nsaserefpolicy/policy/modules/system/unconfined.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/unconfined.te 2007-08-29 06:26:03.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/unconfined.te 2007-09-18 10:19:10.000000000 -0400 @@ -48,6 +48,10 @@ userdom_priveleged_home_dir_manager(unconfined_t) @@ -14682,7 +15516,7 @@ ') optional_policy(` -@@ -138,6 +145,8 @@ +@@ -138,11 +145,14 @@ optional_policy(` rpm_domtrans(unconfined_t) @@ -14691,7 +15525,13 @@ ') optional_policy(` -@@ -173,6 +182,12 @@ + samba_domtrans_net(unconfined_t) + samba_domtrans_winbind_helper(unconfined_t) ++ samba_domtrans_smbcontrol(unconfined_t) + ') + + optional_policy(` +@@ -173,6 +183,12 @@ optional_policy(` xserver_domtrans_xdm_xserver(unconfined_t) ') @@ -14704,7 +15544,7 @@ ') ######################################## -@@ -181,10 +196,18 @@ +@@ -181,10 +197,18 @@ # ifdef(`targeted_policy',` @@ -15945,7 +16785,7 @@ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.4.6/policy/modules/system/xen.te --- nsaserefpolicy/policy/modules/system/xen.te 2006-11-29 12:04:51.000000000 -0500 -+++ serefpolicy-2.4.6/policy/modules/system/xen.te 2007-08-10 16:23:05.000000000 -0400 ++++ serefpolicy-2.4.6/policy/modules/system/xen.te 2007-09-07 12:00:31.000000000 -0400 @@ -20,12 +20,15 @@ type xenctl_t; files_type(xenctl_t) @@ -16044,6 +16884,15 @@ netutils_domtrans(xend_t) optional_policy(` +@@ -218,7 +237,7 @@ + + allow xenconsoled_t self:capability { dac_override fsetid ipc_lock }; + allow xenconsoled_t self:unix_stream_socket create_stream_socket_perms; +-allow xenconsoled_t self:fifo_file { read write }; ++allow xenconsoled_t self:fifo_file rw_fifo_file_perms; + + allow xenconsoled_t xen_devpts_t:chr_file rw_term_perms; + @@ -236,19 +255,24 @@ files_read_usr_files(xenconsoled_t) @@ -16083,10 +16932,18 @@ term_use_generic_ptys(xenstored_t) term_use_console(xenconsoled_t) -@@ -312,11 +342,17 @@ +@@ -306,17 +336,23 @@ + allow xm_t self:capability { dac_override ipc_lock sys_tty_config }; + + # internal communication is often done using fifo and unix sockets. +-allow xm_t self:fifo_file { read write }; ++allow xm_t self:fifo_file rw_fifo_file_perms; + allow xm_t self:unix_stream_socket { create_stream_socket_perms connectto }; + allow xm_t self:tcp_socket create_stream_socket_perms; allow xm_t xend_var_lib_t:dir rw_dir_perms; - allow xm_t xend_var_lib_t:fifo_file create_file_perms; +-allow xm_t xend_var_lib_t:fifo_file create_file_perms; ++allow xm_t xend_var_lib_t:fifo_file manage_fifo_file_perms; +allow xm_t xend_var_lib_t:sock_file create_file_perms; allow xm_t xend_var_lib_t:file create_file_perms; files_search_var_lib(xm_t) @@ -16112,7 +16969,19 @@ corenet_tcp_sendrecv_generic_if(xm_t) corenet_tcp_sendrecv_all_nodes(xm_t) corenet_tcp_connect_soundd_port(xm_t) -@@ -353,3 +392,17 @@ +@@ -338,8 +377,11 @@ + # Some common macros (you might be able to remove some) + files_read_etc_files(xm_t) + ++fs_getattr_all_fs(xend_t) ++ + term_use_all_terms(xm_t) + ++init_stream_connect_script(xm_t) + init_rw_script_stream_sockets(xm_t) + init_use_fds(xm_t) + +@@ -353,3 +395,17 @@ xen_append_log(xm_t) xen_stream_connect(xm_t) xen_stream_connect_xenstore(xm_t) Index: selinux-policy.spec =================================================================== RCS file: /cvs/dist/rpms/selinux-policy/FC-6/selinux-policy.spec,v retrieving revision 1.374 retrieving revision 1.375 diff -u -r1.374 -r1.375 --- selinux-policy.spec 4 Sep 2007 14:00:30 -0000 1.374 +++ selinux-policy.spec 21 Sep 2007 19:13:41 -0000 1.375 @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 2.4.6 -Release: 88%{?dist} +Release: 92%{?dist} License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -358,6 +358,34 @@ %endif %changelog +* Fri Sep 14 2007 Dan Walsh 2.4.6-94 +- Fixup clmvd to allow creation of fixed devices +Resolves: # + +* Thu Sep 13 2007 Dan Walsh 2.4.6-93 +- Allow hal to write to pm-tools directories +Resolves: #282421 +#Resolves: #280271 + +* Wed Sep 11 2007 Dan Walsh 2.4.6-92 +- Many fixes for Kerberos Replay Cache. +Resolves: #282421 + +* Tue Sep 11 2007 Dan Walsh 2.4.6-91 +- Many fixes for Kerberos Replay Cache. +- Allow xfs to listen on port 7100 +Resolves: #282421 + +* Fri Sep 7 2007 Dan Walsh 2.4.6-90 +- Additional perms for xen +Resolves: #249895 + +* Tue Sep 5 2007 Dan Walsh 2.4.6-89 +- Allow postfix to read master proc info +- Allow unix_update to talk to nsswitch +- Allow dmidecode to search sysfs_t +Resolves: #263141 + * Sat Sep 1 2007 Dan Walsh 2.4.6-88 - Cleanup of fusermount/mount-ntfs and apcupsd to match rawhide - Allow cimserver to create pegasus_data directories From fedora-cvs-commits at redhat.com Fri Sep 21 20:21:58 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 21 Sep 2007 16:21:58 -0400 Subject: rpms/selinux-policy/FC-6 selinux-policy.spec,1.375,1.376 Message-ID: <200709212021.l8LKLwc0016088@cvs.devel.redhat.com> Author: dwalsh Update of /cvs/dist/rpms/selinux-policy/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv16060 Modified Files: selinux-policy.spec Log Message: * Fri Sep 14 2007 Dan Walsh 2.4.6-94 - Fixup clmvd to allow creation of fixed devices Resolves: # Index: selinux-policy.spec =================================================================== RCS file: /cvs/dist/rpms/selinux-policy/FC-6/selinux-policy.spec,v retrieving revision 1.375 retrieving revision 1.376 diff -u -r1.375 -r1.376 --- selinux-policy.spec 21 Sep 2007 19:13:41 -0000 1.375 +++ selinux-policy.spec 21 Sep 2007 20:21:56 -0000 1.376 @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 2.4.6 -Release: 92%{?dist} +Release: 94%{?dist} License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz From fedora-cvs-commits at redhat.com Fri Sep 21 23:16:01 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Fri, 21 Sep 2007 19:16:01 -0400 Subject: rpms/kernel/FC-6 patch-2.6.22.7.bz2.sign, NONE, 1.1 .cvsignore, 1.571, 1.572 kernel-2.6.spec, 1.3024, 1.3025 linux-2.6-utrace-regset.patch, 1.4, 1.5 sources, 1.535, 1.536 upstream, 1.455, 1.456 patch-2.6.22.6.bz2.sign, 1.1, NONE Message-ID: <200709212316.l8LNG1xH019877@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv19861 Modified Files: .cvsignore kernel-2.6.spec linux-2.6-utrace-regset.patch sources upstream Added Files: patch-2.6.22.7.bz2.sign Removed Files: patch-2.6.22.6.bz2.sign Log Message: * Fri Sep 21 2007 Chuck Ebbert - Linux 2.6.22.7 --- NEW FILE patch-2.6.22.7.bz2.sign --- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://www.kernel.org/signature.html for info iD8DBQBG9E0SyGugalF9Dw4RAsibAJwJAmDh3/CV0nHxGrjGzkDP0DT3uwCfTZ9/ ry5zvDQvAlyBxWyN4ivs9Sw= =4ylv -----END PGP SIGNATURE----- Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/.cvsignore,v retrieving revision 1.571 retrieving revision 1.572 diff -u -r1.571 -r1.572 --- .cvsignore 13 Sep 2007 21:20:07 -0000 1.571 +++ .cvsignore 21 Sep 2007 23:15:57 -0000 1.572 @@ -3,4 +3,4 @@ temp-* kernel-2.6.22 linux-2.6.22.tar.bz2 -patch-2.6.22.6.bz2 +patch-2.6.22.7.bz2 Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3024 retrieving revision 1.3025 diff -u -r1.3024 -r1.3025 --- kernel-2.6.spec 21 Sep 2007 18:54:18 -0000 1.3024 +++ kernel-2.6.spec 21 Sep 2007 23:15:57 -0000 1.3025 @@ -30,7 +30,7 @@ ## If this is a released kernel ## %if 0%{?released_kernel} # Do we have a 2.6.21.y update to apply? -%define stable_update 6 +%define stable_update 7 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev .%{stable_update} @@ -2280,6 +2280,9 @@ %changelog * Fri Sep 21 2007 Chuck Ebbert +- Linux 2.6.22.7 + +* Fri Sep 21 2007 Chuck Ebbert - Build dcdbas and dell_rbu modules on i586 (#216304) * Thu Sep 13 2007 Chuck Ebbert linux-2.6-utrace-regset.patch: arch/powerpc/kernel/ptrace-common.h | 145 ------ arch/powerpc/kernel/ptrace32.c | 443 ------------------- b/arch/i386/kernel/i387.c | 143 +++--- b/arch/i386/kernel/ptrace.c | 826 ++++++++++++++++++++---------------- b/arch/powerpc/kernel/Makefile | 4 b/arch/powerpc/kernel/ptrace.c | 718 +++++++++++++++---------------- b/arch/x86_64/ia32/fpu32.c | 92 +++- b/arch/x86_64/ia32/ptrace32.c | 725 ++++++++++++++++++++----------- b/arch/x86_64/kernel/ptrace.c | 733 +++++++++++++++++++------------ b/include/asm-i386/i387.h | 13 b/include/asm-x86_64/fpu32.h | 3 b/include/asm-x86_64/tracehook.h | 8 b/include/linux/tracehook.h | 255 ++++++++++- b/kernel/ptrace.c | 8 14 files changed, 2147 insertions(+), 1969 deletions(-) Index: linux-2.6-utrace-regset.patch =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/linux-2.6-utrace-regset.patch,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- linux-2.6-utrace-regset.patch 5 Sep 2007 16:18:09 -0000 1.4 +++ linux-2.6-utrace-regset.patch 21 Sep 2007 23:15:58 -0000 1.5 @@ -2193,8 +2193,8 @@ /* * does not yet catch signals sent when the child dies. @@ -228,52 +232,61 @@ static int putreg(struct task_struct *ch - if (test_tsk_thread_flag(child, TIF_IA32)) - value &= 0xffffffff; + unsigned long tmp; + switch (regno) { - case offsetof(struct user_regs_struct,fs): - if (value && (value & 3) != 3) Index: sources =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/sources,v retrieving revision 1.535 retrieving revision 1.536 diff -u -r1.535 -r1.536 --- sources 13 Sep 2007 21:20:07 -0000 1.535 +++ sources 21 Sep 2007 23:15:58 -0000 1.536 @@ -1,2 +1,2 @@ 2e230d005c002fb3d38a3ca07c0200d0 linux-2.6.22.tar.bz2 -f2948e364ab3e4736b9e34f02173472f patch-2.6.22.6.bz2 +11d56c9918810694f32a172ba4788a83 patch-2.6.22.7.bz2 Index: upstream =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/upstream,v retrieving revision 1.455 retrieving revision 1.456 diff -u -r1.455 -r1.456 --- upstream 13 Sep 2007 21:20:07 -0000 1.455 +++ upstream 21 Sep 2007 23:15:58 -0000 1.456 @@ -1,2 +1,2 @@ linux-2.6.22.tar.bz2 -patch-2.6.22.6.bz2 +patch-2.6.22.7.bz2 --- patch-2.6.22.6.bz2.sign DELETED --- From fedora-cvs-commits at redhat.com Tue Sep 25 13:43:37 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 25 Sep 2007 09:43:37 -0400 Subject: rpms/lftp/FC-6 .cvsignore, 1.29, 1.30 lftp.spec, 1.56, 1.57 sources, 1.29, 1.30 Message-ID: <200709251343.l8PDhbs3010155@cvs.devel.redhat.com> Author: mbarabas Update of /cvs/dist/rpms/lftp/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv10139 Modified Files: .cvsignore lftp.spec sources Log Message: * Tue Sep 25 2007 Maros Barabas - 3.5.14 - Upgrade to 3.5.14 from upstream - Resolves #242112 Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/lftp/FC-6/.cvsignore,v retrieving revision 1.29 retrieving revision 1.30 diff -u -r1.29 -r1.30 --- .cvsignore 4 Apr 2007 13:28:07 -0000 1.29 +++ .cvsignore 25 Sep 2007 13:43:35 -0000 1.30 @@ -1 +1 @@ -lftp-3.5.9.tar.bz2 +lftp-3.5.14.tar.gz Index: lftp.spec =================================================================== RCS file: /cvs/dist/rpms/lftp/FC-6/lftp.spec,v retrieving revision 1.56 retrieving revision 1.57 diff -u -r1.56 -r1.57 --- lftp.spec 4 Apr 2007 13:28:07 -0000 1.56 +++ lftp.spec 25 Sep 2007 13:43:35 -0000 1.57 @@ -1,10 +1,10 @@ Summary: A sophisticated file transfer program Name: lftp -Version: 3.5.9 -Release: 0%{?dist} +Version: 3.5.14 +Release: 1%{?dist} License: GPL Group: Applications/Internet -Source0: ftp://ftp.yar.ru/lftp/lftp-%{version}.tar.bz2 +Source0: ftp://ftp.yar.ru/lftp/lftp-%{version}.tar.gz URL: http://lftp.yar.ru/ BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: ncurses-devel, openssl-devel, pkgconfig, readline-devel, autoconf, automake, libtool @@ -78,6 +78,10 @@ %{_libdir}/lftp/%{version}/liblftp-getdate.so %changelog +* Tue Sep 25 2007 Maros Barabas - 3.5.14 +- Upgrade to 3.5.14 from upstream +- Resolves #242112 + * Wed Apr 04 2007 Maros Barabas - 3.5.9 - Upgrade to 3.5.9 from upstream - Resolves #211483 Index: sources =================================================================== RCS file: /cvs/dist/rpms/lftp/FC-6/sources,v retrieving revision 1.29 retrieving revision 1.30 diff -u -r1.29 -r1.30 --- sources 4 Apr 2007 13:28:07 -0000 1.29 +++ sources 25 Sep 2007 13:43:35 -0000 1.30 @@ -1 +1 @@ -242aa0b01be79942bb9bcdd2a4b079ba lftp-3.5.9.tar.bz2 +dfb019355ad7f7ed347e64b39e4d1d3c lftp-3.5.14.tar.gz From fedora-cvs-commits at redhat.com Tue Sep 25 21:34:39 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Tue, 25 Sep 2007 17:34:39 -0400 Subject: rpms/frysk/FC-6 .cvsignore, 1.45, 1.46 frysk.spec, 1.113, 1.114 sources, 1.45, 1.46 Message-ID: <200709252134.l8PLYd9Y025432@cvs.devel.redhat.com> Author: cagney Update of /cvs/dist/rpms/frysk/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv25416 Modified Files: .cvsignore frysk.spec sources Log Message: * Mon Sep 24 2007 Andrew Cagney - 0.0.1.2007.09.24-1 - Update files list. - Import frysk-0.0.1.2007.09.24.tar.bz2. - Remove binutils-devel from BuildRequires. - Update Licence. - Change BuildRoot to prefered fedora format. - Expand Summary to mention debugging. Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/frysk/FC-6/.cvsignore,v retrieving revision 1.45 retrieving revision 1.46 diff -u -r1.45 -r1.46 --- .cvsignore 9 Aug 2007 13:27:27 -0000 1.45 +++ .cvsignore 25 Sep 2007 21:34:36 -0000 1.46 @@ -1 +1 @@ -frysk-0.0.1.2007.08.03.tar.bz2 +frysk-0.0.1.2007.09.24.tar.bz2 Index: frysk.spec =================================================================== RCS file: /cvs/dist/rpms/frysk/FC-6/frysk.spec,v retrieving revision 1.113 retrieving revision 1.114 diff -u -r1.113 -r1.114 --- frysk.spec 9 Aug 2007 13:27:27 -0000 1.113 +++ frysk.spec 25 Sep 2007 21:34:36 -0000 1.114 @@ -1,15 +1,29 @@ -Summary: Frysk execution analysis tool +Summary: Frysk execution analysis and debugging tools Name: frysk -Version: 0.0.1.2007.08.03 +Version: 0.0.1.2007.09.24 Release: 1%{?dist} -License: GPL +# antlrv2 is Public Domain; antlrv3 is BSD. +# cdtparser is EPL +# getopt is GPLv2 with exception +# elfutils is GPLv2 with exception +# frysk is GPLv2 with exception +# junit licence is CPL (according to the junit rpm) +# jline licence is BSD +# libunwind is BSD +License: GPLv2 with exceptions and BSD and CPL and Public Domain and EPL Group: Development/System URL: http://sourceware.org/frysk +# The source for this package was pulled from upstream's vcs. Use the +# following commands, which brand the file with the contents of version.in, +# to generate the tarball: +# cvs -d:pserver:anoncvs at sourceware.org:/cvs/frysk export -D YYYY-MM-DD-gmt +# mv frysk frysk-`cat frysk/common/version.in` +# tar cf - frysk-`cat frysk/common/version.in` | bzip2 -9 > frysk-`cat frysk/common/version.in`.tar.bz2 Source: %{name}-%{version}.tar.bz2 %define run_make_check 0 -BuildRoot: %{_tmppath}/%{name}-%{version}-root +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Requires: glib-java >= 0.2.6 @@ -35,7 +49,6 @@ # Fedora Core >= 6 and RHEL: %if "%{?fedora}" != "5" -BuildRequires: binutils-devel BuildRequires: dogtail >= 0.5.2 %ifarch x86_64 ppc64 @@ -58,12 +71,13 @@ %endif %description -Frysk is an execution-analysis technology implemented using native Java and C++. -It is aimed at providing developers and sysadmins with the ability to both -examine and analyze running multi-host, multi-process, multi-threaded systems. -Frysk allows the monitoring of running processes and threads, of locking -primitives and will also expose deadlocks, gather data and debug any given -process in the system. +Frysk is an execution-analysis technology implemented using native +Java and C++. It is aimed at providing developers and sysadmins with +the ability to both examine and analyze running multi-host, +multi-process, multi-threaded systems. Frysk allows the monitoring of +running processes and threads, of locking primitives and will also +expose deadlocks, gather data and debug any given process in the +system. %package devel Summary: The development part of Frysk. @@ -71,8 +85,8 @@ Requires: %{name} = %{version}-%{release} %description devel -Frysk is an execution-analysis technology implemented using native Java and C++. -This package contains the development part of Frysk. +Frysk is an execution-analysis technology implemented using native +Java and C++. This package contains the development part of Frysk. %package gnome Summary: The GUI frontend of Frysk. @@ -83,12 +97,13 @@ Requires: libvte-java >= 0.12.0 %description gnome -Frysk is an execution-analysis technology implemented using native Java and C++. -It is aimed at providing developers and sysadmins with the ability to both -examine and analyze running multi-host, multi-process, multi-threaded systems. -Frysk allows the monitoring of running processes and threads, of locking -primitives and will also expose deadlocks, gather data and debug any given -process in the system. +Frysk is an execution-analysis technology implemented using native +Java and C++. It is aimed at providing developers and sysadmins with +the ability to both examine and analyze running multi-host, +multi-process, multi-threaded systems. Frysk allows the monitoring of +running processes and threads, of locking primitives and will also +expose deadlocks, gather data and debug any given process in the +system. This package contains the GUI front end for Frysk. @@ -170,8 +185,10 @@ rm -rf %{buildroot} %files + %defattr(-,root,root) %doc COPYING frysk-imports/common/EXCEPTION + %{_bindir}/fcatch %{_bindir}/fcore %{_bindir}/fdebuginfo @@ -183,13 +200,15 @@ %{_bindir}/fstack %{_bindir}/fstep %{_bindir}/ftrace + %{_libdir}/libfrysk-antlr.so %{_libdir}/libfrysk-cdtparser.so %{_libdir}/libfrysk-core.so %{_libdir}/libfrysk-getopt.so -%{_libdir}/libfrysk-sys.so %{_libdir}/libfrysk-jdom.so %{_libdir}/libfrysk-jline.so +%{_libdir}/libfrysk-sys.so + %dir %{_datadir}/%{name} %{_datadir}/%{name}/messages.properties %{_mandir}/man1/* @@ -197,33 +216,42 @@ %files devel %defattr(-,root,root) %{_libdir}/libfrysk-junit.so + %dir %{_libdir}/%{name} -%{_libdir}/%{name}/funit* %{_libdir}/%{name}/ftail +%{_libdir}/%{name}/funit* +%{_libdir}/%{name}/fsystest %{_libdir}/%{name}/hpd-c %{_libdir}/%{name}/test1 %{_libdir}/%{name}/fsystest %{_libdir}/%{name}/sys-tests %{_libdir}/%{name}/test_main_looper + +%{_datadir}/%{name}/dogtail_scripts %{_datadir}/%{name}/helloworld.o +%{_datadir}/%{name}/libtest.so %{_datadir}/%{name}/test-core-* +%{_datadir}/%{name}/test-exe-* %{_datadir}/%{name}/test_looper.xml # Not installed by current tarballs. #%dir %{_datadir}/%{name}/test #%{_datadir}/%{name}/test/test* -%{_datadir}/%{name}/dogtail_scripts %{_mandir}/man8/* %files gnome %defattr(-,root,root) + %{_bindir}/frysk + %{_libdir}/libEggTrayIcon.so %{_libdir}/libfrysk-ftk.so %{_libdir}/libfrysk-gtk.so %{_libdir}/libfrysk-gui.so %{_libdir}/libftk*.so + %{_datadir}/%{name}/glade %{_datadir}/%{name}/images + # Move frysk.desktop to docdir. #%{_datadir}/applications/frysk.desktop %doc frysk.desktop @@ -232,6 +260,14 @@ %{_datadir}/pixmaps/fryskTrayIcon48.png %changelog +* Mon Sep 24 2007 Andrew Cagney - 0.0.1.2007.09.24-1 +- Update files list. +- Import frysk-0.0.1.2007.09.24.tar.bz2. +- Remove binutils-devel from BuildRequires. +- Update Licence. +- Change BuildRoot to prefered fedora format. +- Expand Summary to mention debugging. + * Fri Aug 03 2007 Andew Cagney - 0.0.1.2007.08.03-2 - New upstream version 0.0.1.2007.08.03, - Run bootstrap.sh. Index: sources =================================================================== RCS file: /cvs/dist/rpms/frysk/FC-6/sources,v retrieving revision 1.45 retrieving revision 1.46 diff -u -r1.45 -r1.46 --- sources 9 Aug 2007 13:27:27 -0000 1.45 +++ sources 25 Sep 2007 21:34:36 -0000 1.46 @@ -1 +1 @@ -ebd0a5c96c72adc5554bdd88a3759c66 frysk-0.0.1.2007.08.03.tar.bz2 +34b8a93e1b7b9e4f97d3ae4c57f25d57 frysk-0.0.1.2007.09.24.tar.bz2 From fedora-cvs-commits at redhat.com Wed Sep 26 16:11:02 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 26 Sep 2007 12:11:02 -0400 Subject: rpms/kernel/FC-6 patch-2.6.22.8.bz2.sign, NONE, 1.1 .cvsignore, 1.572, 1.573 kernel-2.6.spec, 1.3025, 1.3026 sources, 1.536, 1.537 upstream, 1.456, 1.457 patch-2.6.22.7.bz2.sign, 1.1, NONE Message-ID: <200709261611.l8QGB2kM014973@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv14952 Modified Files: .cvsignore kernel-2.6.spec sources upstream Added Files: patch-2.6.22.8.bz2.sign Removed Files: patch-2.6.22.7.bz2.sign Log Message: * Wed Sep 26 2007 Chuck Ebbert - Linux 2.6.22.8 --- NEW FILE patch-2.6.22.8.bz2.sign --- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://www.kernel.org/signature.html for info iD8DBQBG+KYdyGugalF9Dw4RAsbRAJ9c2aBbDRo/TePDZfUzM+j/nJMzRgCfcBdc BzNSm1llvEs6z0WgGyMZqvg= =llTN -----END PGP SIGNATURE----- Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/.cvsignore,v retrieving revision 1.572 retrieving revision 1.573 diff -u -r1.572 -r1.573 --- .cvsignore 21 Sep 2007 23:15:57 -0000 1.572 +++ .cvsignore 26 Sep 2007 16:10:59 -0000 1.573 @@ -3,4 +3,4 @@ temp-* kernel-2.6.22 linux-2.6.22.tar.bz2 -patch-2.6.22.7.bz2 +patch-2.6.22.8.bz2 Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3025 retrieving revision 1.3026 diff -u -r1.3025 -r1.3026 --- kernel-2.6.spec 21 Sep 2007 23:15:57 -0000 1.3025 +++ kernel-2.6.spec 26 Sep 2007 16:10:59 -0000 1.3026 @@ -30,7 +30,7 @@ ## If this is a released kernel ## %if 0%{?released_kernel} # Do we have a 2.6.21.y update to apply? -%define stable_update 7 +%define stable_update 8 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev .%{stable_update} @@ -1066,14 +1066,14 @@ %endif +# stable -rc +# ApplyPatch patch-2.6.22.9-rc1.patch + # This patch adds a "make nonint_oldconfig" which is non-interactive and # also gives a list of missing options at the end. Useful for automated # builds (as used in the buildsystem). ApplyPatch linux-2.6-build-nonintconfig.patch -# stable -rc -# ApplyPatch patch-2.6.22.6-rc1.patch - %if !%{nopatches} # Ingo's new scheduler. @@ -2279,6 +2279,9 @@ %endif %changelog +* Wed Sep 26 2007 Chuck Ebbert +- Linux 2.6.22.8 + * Fri Sep 21 2007 Chuck Ebbert - Linux 2.6.22.7 Index: sources =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/sources,v retrieving revision 1.536 retrieving revision 1.537 diff -u -r1.536 -r1.537 --- sources 21 Sep 2007 23:15:58 -0000 1.536 +++ sources 26 Sep 2007 16:11:00 -0000 1.537 @@ -1,2 +1,2 @@ 2e230d005c002fb3d38a3ca07c0200d0 linux-2.6.22.tar.bz2 -11d56c9918810694f32a172ba4788a83 patch-2.6.22.7.bz2 +957192637e6830ba43bad2d9f9ba8324 patch-2.6.22.8.bz2 Index: upstream =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/upstream,v retrieving revision 1.456 retrieving revision 1.457 diff -u -r1.456 -r1.457 --- upstream 21 Sep 2007 23:15:58 -0000 1.456 +++ upstream 26 Sep 2007 16:11:00 -0000 1.457 @@ -1,2 +1,2 @@ linux-2.6.22.tar.bz2 -patch-2.6.22.7.bz2 +patch-2.6.22.8.bz2 --- patch-2.6.22.7.bz2.sign DELETED --- From fedora-cvs-commits at redhat.com Wed Sep 26 16:54:27 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 26 Sep 2007 12:54:27 -0400 Subject: rpms/xen/FC-6 pygrub-dont-exec.patch, NONE, 1.1 xen-qemu-cirrus-bitblit-bounds-check.patch, NONE, 1.1 xen-qemu-ne2000-CVE-2007-1321.patch, NONE, 1.1 xen.spec, 1.173, 1.174 Message-ID: <200709261654.l8QGsRSm019307@cvs.devel.redhat.com> Author: clalance Update of /cvs/dist/rpms/xen/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv19232 Modified Files: xen.spec Added Files: pygrub-dont-exec.patch xen-qemu-cirrus-bitblit-bounds-check.patch xen-qemu-ne2000-CVE-2007-1321.patch Log Message: - Fixes for CVE-2007-1320, CVE-2007-1321 and CVE-2007-4993 Resolves: #238723 pygrub-dont-exec.patch: GrubConf.py | 28 ++++++++++++++-------------- 1 files changed, 14 insertions(+), 14 deletions(-) --- NEW FILE pygrub-dont-exec.patch --- Protect pygrub from possible malicious content in guest grub config file. This fixes CVE-2007-4993. Original patch from Jeremy Katz, I updated to close 2 remaining issues pointed out by Christian and Keir, and to use setattr(self, ...). Signed-off-by: Chris Wright --- diff -r a00cc97b392a tools/pygrub/src/GrubConf.py --- a/tools/pygrub/src/GrubConf.py Wed Sep 12 09:43:33 2007 +0100 +++ b/tools/pygrub/src/GrubConf.py Mon Sep 24 12:43:19 2007 -0700 @@ -101,7 +101,7 @@ class GrubImage(object): if self.commands.has_key(com): if self.commands[com] is not None: - exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) + setattr(self, self.commands[com], arg.strip()) else: logging.info("Ignored image directive %s" %(com,)) else: @@ -142,11 +142,11 @@ class GrubImage(object): initrd = property(get_initrd, set_initrd) # set up command handlers - commands = { "title": "self.title", - "root": "self.root", - "rootnoverify": "self.root", - "kernel": "self.kernel", - "initrd": "self.initrd", + commands = { "title": "title", + "root": "root", + "rootnoverify": "root", + "kernel": "kernel", + "initrd": "initrd", "chainloader": None, "module": None} @@ -195,7 +195,7 @@ class GrubConfigFile(object): (com, arg) = grub_exact_split(l, 2) if self.commands.has_key(com): if self.commands[com] is not None: - exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) + setattr(self, self.commands[com], arg.strip()) else: logging.info("Ignored directive %s" %(com,)) else: @@ -208,7 +208,7 @@ class GrubConfigFile(object): (com, arg) = grub_exact_split(line, 2) if self.commands.has_key(com): if self.commands[com] is not None: - exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) + setattr(self, self.commands[com], arg.strip()) else: logging.info("Ignored directive %s" %(com,)) else: @@ -236,12 +236,12 @@ class GrubConfigFile(object): splash = property(get_splash, set_splash) # set up command handlers - commands = { "default": "self.default", - "timeout": "self.timeout", - "fallback": "self.fallback", - "hiddenmenu": "self.hiddenmenu", - "splashimage": "self.splash", - "password": "self.password" } + commands = { "default": "default", + "timeout": "timeout", + "fallback": "fallback", + "hiddenmenu": "hiddenmenu", + "splashimage": "splash", + "password": "password" } for c in ("bootp", "color", "device", "dhcp", "hide", "ifconfig", "pager", "partnew", "parttype", "rarp", "serial", "setkey", "terminal", "terminfo", "tftpserver", "unhide"): xen-qemu-cirrus-bitblit-bounds-check.patch: cirrus_vga.c | 3 + cirrus_vga_rop.h | 35 ++++++++++++++++-- cirrus_vga_rop2.h | 102 ++++++++++++++++++++++++++++++++++++------------------ 3 files changed, 101 insertions(+), 39 deletions(-) --- NEW FILE xen-qemu-cirrus-bitblit-bounds-check.patch --- --- a/tools/ioemu/hw/cirrus_vga_rop2.h 2007-05-07 14:35:11.000000000 -0400 +++ b/tools/ioemu/hw/cirrus_vga_rop2.h 2007-05-07 14:36:23.000000000 -0400 @@ -23,36 +23,42 @@ */ #if DEPTH == 8 -#define PUTPIXEL() ROP_OP(d[0], col) +#define PUTPIXEL() ROP_OP((dst_base + m(d))[0], col) #elif DEPTH == 16 -#define PUTPIXEL() ROP_OP(((uint16_t *)d)[0], col); +#define PUTPIXEL() ROP_OP(((uint16_t *)(dst_base + m(d)))[0], col); #elif DEPTH == 24 -#define PUTPIXEL() ROP_OP(d[0], col); \ - ROP_OP(d[1], (col >> 8)); \ - ROP_OP(d[2], (col >> 16)) +#define PUTPIXEL() ROP_OP((dst_base + m(d))[0], col); \ + ROP_OP((dst_base + m(d))[1], (col >> 8)); \ + ROP_OP((dst_base + m(d))[2], (col >> 16)) #elif DEPTH == 32 -#define PUTPIXEL() ROP_OP(((uint32_t *)d)[0], col) +#define PUTPIXEL() ROP_OP(((uint32_t *)(dst_base + m(d)))[0], col) #else #error unsupported DEPTH #endif static void glue(glue(glue(cirrus_patternfill_, ROP_NAME), _),DEPTH) - (CirrusVGAState * s, uint8_t * dst, - const uint8_t * src, + (CirrusVGAState * s, uint8_t * dst_, + const uint8_t * src_, int dstpitch, int srcpitch, int bltwidth, int bltheight) { - uint8_t *d; + uint8_t *dst_base, *src_base; + uint32_t src, dst; + uint32_t d; int x, y, pattern_y, pattern_pitch, pattern_x; unsigned int col; - const uint8_t *src1; + uint32_t src1; #if DEPTH == 24 int skipleft = s->gr[0x2f] & 0x1f; #else int skipleft = (s->gr[0x2f] & 0x07) * (DEPTH / 8); #endif + get_base(dst_, s, dst_base); + get_base(src_, s, src_base); + dst = dst_ - dst_base; + src = src_ - src_base; #if DEPTH == 8 pattern_pitch = 8; #elif DEPTH == 16 @@ -67,19 +73,19 @@ src1 = src + pattern_y * pattern_pitch; for (x = skipleft; x < bltwidth; x += (DEPTH / 8)) { #if DEPTH == 8 - col = src1[pattern_x]; + col = *(src_base + m(src1 + pattern_x)); pattern_x = (pattern_x + 1) & 7; #elif DEPTH == 16 - col = ((uint16_t *)(src1 + pattern_x))[0]; + col = *(uint16_t *)(src_base + m(src1 + pattern_x)); pattern_x = (pattern_x + 2) & 15; #elif DEPTH == 24 { - const uint8_t *src2 = src1 + pattern_x * 3; + const uint8_t *src2 = src_base + m(src1 + pattern_x * 3); col = src2[0] | (src2[1] << 8) | (src2[2] << 16); pattern_x = (pattern_x + 1) & 7; } #else - col = ((uint32_t *)(src1 + pattern_x))[0]; + col = *(uint32_t *)(src_base + m(src1 + pattern_x)); pattern_x = (pattern_x + 4) & 31; #endif PUTPIXEL(); @@ -93,12 +99,14 @@ /* NOTE: srcpitch is ignored */ static void glue(glue(glue(cirrus_colorexpand_transp_, ROP_NAME), _),DEPTH) - (CirrusVGAState * s, uint8_t * dst, - const uint8_t * src, + (CirrusVGAState * s, uint8_t * dst_, + const uint8_t * src_, int dstpitch, int srcpitch, int bltwidth, int bltheight) { - uint8_t *d; + uint8_t *dst_base, *src_base; + uint32_t src, dst; + uint32_t d; int x, y; unsigned bits, bits_xor; unsigned int col; @@ -112,6 +120,10 @@ int dstskipleft = srcskipleft * (DEPTH / 8); #endif + get_base(dst_, s, dst_base); + get_base(src_, s, src_base); + dst = dst_ - dst_base; + src = src_ - src_base; if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_COLOREXPINV) { bits_xor = 0xff; col = s->cirrus_blt_bgcol; @@ -122,12 +134,12 @@ for(y = 0; y < bltheight; y++) { bitmask = 0x80 >> srcskipleft; - bits = *src++ ^ bits_xor; + bits = *(src_base + m(src++)) ^ bits_xor; d = dst + dstskipleft; for (x = dstskipleft; x < bltwidth; x += (DEPTH / 8)) { if ((bitmask & 0xff) == 0) { bitmask = 0x80; - bits = *src++ ^ bits_xor; + bits = *(src_base + m(src++)) ^ bits_xor; } index = (bits & bitmask); if (index) { @@ -142,13 +154,15 @@ static void glue(glue(glue(cirrus_colorexpand_, ROP_NAME), _),DEPTH) - (CirrusVGAState * s, uint8_t * dst, - const uint8_t * src, + (CirrusVGAState * s, uint8_t * dst_, + const uint8_t * src_, int dstpitch, int srcpitch, int bltwidth, int bltheight) { + uint8_t *dst_base, *src_base; + uint32_t src, dst; uint32_t colors[2]; - uint8_t *d; + uint32_t d; int x, y; unsigned bits; unsigned int col; @@ -156,16 +170,20 @@ int srcskipleft = s->gr[0x2f] & 0x07; int dstskipleft = srcskipleft * (DEPTH / 8); + get_base(dst_, s, dst_base); + get_base(src_, s, src_base); + dst = dst_ - dst_base; + src = src_ - src_base; colors[0] = s->cirrus_blt_bgcol; colors[1] = s->cirrus_blt_fgcol; for(y = 0; y < bltheight; y++) { bitmask = 0x80 >> srcskipleft; - bits = *src++; + bits = *(src_base + m(src++)); d = dst + dstskipleft; for (x = dstskipleft; x < bltwidth; x += (DEPTH / 8)) { if ((bitmask & 0xff) == 0) { bitmask = 0x80; - bits = *src++; + bits = *(src_base + m(src++)); } col = colors[!!(bits & bitmask)]; PUTPIXEL(); @@ -178,12 +196,14 @@ static void glue(glue(glue(cirrus_colorexpand_pattern_transp_, ROP_NAME), _),DEPTH) - (CirrusVGAState * s, uint8_t * dst, - const uint8_t * src, + (CirrusVGAState * s, uint8_t * dst_, + const uint8_t * src_, int dstpitch, int srcpitch, int bltwidth, int bltheight) { - uint8_t *d; + uint8_t *dst_base, *src_base; + uint32_t src, dst; + uint32_t d; int x, y, bitpos, pattern_y; unsigned int bits, bits_xor; unsigned int col; @@ -195,6 +215,10 @@ int dstskipleft = srcskipleft * (DEPTH / 8); #endif + get_base(dst_, s, dst_base); + get_base(src_, s, src_base); + dst = dst_ - dst_base; + src = src_ - src_base; if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_COLOREXPINV) { bits_xor = 0xff; col = s->cirrus_blt_bgcol; @@ -205,7 +229,7 @@ pattern_y = s->cirrus_blt_srcaddr & 7; for(y = 0; y < bltheight; y++) { - bits = src[pattern_y] ^ bits_xor; + bits = *(src_base + m(src + pattern_y)) ^ bits_xor; bitpos = 7 - srcskipleft; d = dst + dstskipleft; for (x = dstskipleft; x < bltwidth; x += (DEPTH / 8)) { @@ -222,25 +246,31 @@ static void glue(glue(glue(cirrus_colorexpand_pattern_, ROP_NAME), _),DEPTH) - (CirrusVGAState * s, uint8_t * dst, - const uint8_t * src, + (CirrusVGAState * s, uint8_t * dst_, + const uint8_t * src_, int dstpitch, int srcpitch, int bltwidth, int bltheight) { + uint8_t *dst_base, *src_base; + uint32_t src, dst; uint32_t colors[2]; - uint8_t *d; + uint32_t d; int x, y, bitpos, pattern_y; unsigned int bits; unsigned int col; int srcskipleft = s->gr[0x2f] & 0x07; int dstskipleft = srcskipleft * (DEPTH / 8); + get_base(dst_, s, dst_base); + get_base(src_, s, src_base); + dst = dst_ - dst_base; + src = src_ - src_base; colors[0] = s->cirrus_blt_bgcol; colors[1] = s->cirrus_blt_fgcol; pattern_y = s->cirrus_blt_srcaddr & 7; for(y = 0; y < bltheight; y++) { - bits = src[pattern_y]; + bits = *(src_base + m(src + pattern_y)); bitpos = 7 - srcskipleft; d = dst + dstskipleft; for (x = dstskipleft; x < bltwidth; x += (DEPTH / 8)) { @@ -257,13 +287,17 @@ static void glue(glue(glue(cirrus_fill_, ROP_NAME), _),DEPTH) (CirrusVGAState *s, - uint8_t *dst, int dst_pitch, + uint8_t *dst_, int dst_pitch, int width, int height) { - uint8_t *d, *d1; + uint8_t *dst_base; + uint32_t dst; + uint32_t d, d1; uint32_t col; int x, y; + get_base(dst_, s, dst_base); + dst = dst_ - dst_base; col = s->cirrus_blt_fgcol; d1 = dst; --- a/tools/ioemu/hw/cirrus_vga_rop.h 2007-05-07 14:35:01.000000000 -0400 +++ b/tools/ioemu/hw/cirrus_vga_rop.h 2007-05-07 14:36:23.000000000 -0400 @@ -22,18 +22,36 @@ * THE SOFTWARE. */ +#define get_base(p, s, b) do { \ + if ((p) >= (s)->vram_ptr && (p) < (s)->vram_ptr + (s)->vram_size) \ + (b) = (s)->vram_ptr; \ + else if ((p) >= &(s)->cirrus_bltbuf[0] && \ + (p) < &(s)->cirrus_bltbuf[CIRRUS_BLTBUFSIZE]) \ + (b) = &(s)->cirrus_bltbuf[0]; \ + else \ + return; \ +} while(0) + +#define m(x) ((x) & s->cirrus_addr_mask) + static void glue(cirrus_bitblt_rop_fwd_, ROP_NAME)(CirrusVGAState *s, - uint8_t *dst,const uint8_t *src, + uint8_t *dst_,const uint8_t *src_, int dstpitch,int srcpitch, int bltwidth,int bltheight) { int x,y; + uint32_t dst, src; + uint8_t *dst_base, *src_base; + get_base(dst_, s, dst_base); + get_base(src_, s, src_base); + dst = dst_ - dst_base; + src = src_ - src_base; dstpitch -= bltwidth; srcpitch -= bltwidth; for (y = 0; y < bltheight; y++) { for (x = 0; x < bltwidth; x++) { - ROP_OP(*dst, *src); + ROP_OP(*(dst_base + m(dst)), *(src_base + m(src))); dst++; src++; } @@ -44,16 +62,22 @@ static void glue(cirrus_bitblt_rop_bkwd_, ROP_NAME)(CirrusVGAState *s, - uint8_t *dst,const uint8_t *src, + uint8_t *dst_,const uint8_t *src_, int dstpitch,int srcpitch, int bltwidth,int bltheight) { int x,y; + uint32_t dst, src; + uint8_t *dst_base, *src_base; + get_base(dst_, s, dst_base); + get_base(src_, s, src_base); + dst = dst_ - dst_base; + src = src_ - src_base; dstpitch += bltwidth; srcpitch += bltwidth; for (y = 0; y < bltheight; y++) { for (x = 0; x < bltwidth; x++) { - ROP_OP(*dst, *src); + ROP_OP(*(dst_base + m(dst)), *(src_base + m(src))); dst--; src--; } @@ -76,3 +100,6 @@ #undef ROP_NAME #undef ROP_OP + +#undef get_base +#undef m --- a/tools/ioemu/hw/cirrus_vga.c 2007-05-07 14:34:50.000000000 -0400 +++ b/tools/ioemu/hw/cirrus_vga.c 2007-05-07 14:36:23.000000000 -0400 @@ -601,7 +601,8 @@ off_cur_end = off_cur + bytesperline; off_cur &= TARGET_PAGE_MASK; while (off_cur < off_cur_end) { - cpu_physical_memory_set_dirty(s->vram_offset + off_cur); + cpu_physical_memory_set_dirty(s->vram_offset + + (off_cur & s->cirrus_addr_mask)); off_cur += TARGET_PAGE_SIZE; } off_begin += off_pitch; xen-qemu-ne2000-CVE-2007-1321.patch: ne2000.c | 7 +++++-- 1 files changed, 5 insertions(+), 2 deletions(-) --- NEW FILE xen-qemu-ne2000-CVE-2007-1321.patch --- diff -up xen-3.0.3_0-src/tools/ioemu/hw/ne2000.c.cve xen-3.0.3_0-src/tools/ioemu/hw/ne2000.c --- xen-3.0.3_0-src/tools/ioemu/hw/ne2000.c.cve 2007-09-25 10:27:44.000000000 -0400 +++ xen-3.0.3_0-src/tools/ioemu/hw/ne2000.c 2007-09-25 10:27:47.000000000 -0400 @@ -252,7 +252,7 @@ static void ne2000_receive(void *opaque, { NE2000State *s = opaque; uint8_t *p; - int total_len, next, avail, len, index, mcast_idx; + unsigned int total_len, next, avail, len, index, mcast_idx; uint8_t buf1[60]; static const uint8_t broadcast_macaddr[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; @@ -327,7 +327,10 @@ static void ne2000_receive(void *opaque, /* write packet data */ while (size > 0) { - avail = s->stop - index; + if (index <= s->stop) + avail = s->stop - index; + else + avail = 0; len = size; if (len > avail) len = avail; Index: xen.spec =================================================================== RCS file: /cvs/dist/rpms/xen/FC-6/xen.spec,v retrieving revision 1.173 retrieving revision 1.174 diff -u -r1.173 -r1.174 --- xen.spec 1 Aug 2007 13:25:24 -0000 1.173 +++ xen.spec 26 Sep 2007 16:54:25 -0000 1.174 @@ -3,7 +3,7 @@ Summary: Xen is a virtual machine monitor Name: xen Version: 3.0.3 -Release: 11%{dist} +Release: 12%{dist} Group: Development/Libraries License: GPL URL: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html @@ -89,6 +89,13 @@ Patch303: vnc-client-iterator.patch Patch304: vnc-double-cleanup.patch +# CVE-2007-1320 +Patch400: xen-qemu-cirrus-bitblit-bounds-check.patch +# CVE-2007-1321 +Patch401: xen-qemu-ne2000-CVE-2007-1321.patch +# CVE-2007-4993 +Patch402: pygrub-dont-exec.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: transfig libidn-devel zlib-devel texi2html SDL-devel curl-devel BuildRequires: libX11-devel python-devel ghostscript tetex-latex @@ -265,6 +272,11 @@ %patch304 -p2 popd +# CVE patches +%patch400 -p1 +%patch401 -p1 +%patch402 -p1 + %build # libvncserver first pushd LibVNCServer-0.8.2 @@ -367,6 +379,11 @@ %{_libdir}/*.a %changelog +* Wed Sep 26 2007 Chris Lalancette - 3.0.3-12.fc6 +- QEmu cirrus bitblit bounds check - CVE-2007-1320 (rhbz #238723) +- QEmu NE2000 overflow check - CVE-2007-1321 (rhbz #238723) +- Pygrub guest escape - CVE-2007-4993 + * Wed Aug 1 2007 Markus Armbruster - 3.0.3-11.fc6 - VNC keymap fixes - Fix race conditions in LibVNCServer on client disconnect (bz 240012) From fedora-cvs-commits at redhat.com Wed Sep 26 18:58:52 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Wed, 26 Sep 2007 14:58:52 -0400 Subject: rpms/kernel/FC-6 patch-2.6.22.9.bz2.sign, NONE, 1.1 .cvsignore, 1.573, 1.574 kernel-2.6.spec, 1.3026, 1.3027 linux-2.6-build-nonintconfig.patch, 1.7, 1.8 linux-2.6-utrace-tracehook.patch, 1.4, 1.5 sources, 1.537, 1.538 upstream, 1.457, 1.458 linux-2.6-futex-fix-traversal.patch, 1.1, NONE linux-2.6-netdev-forcedeth-realtek-oui.patch, 1.1, NONE linux-2.6-scsi-3w_9xxx-fix-dma-mask.patch, 1.1, NONE linux-2.6-skb_copy_and_csum_datagram_iovec.patch, 1.1, NONE linux-2.6-usb-linked-list-insertion.patch, 1.1, NONE linux-2.6-v4l-dvb-fix-airstar-hd5000-tuner.patch, 1.1, NONE patch-2.6.22.8.bz2.sign, 1.1, NONE Message-ID: <200709261858.l8QIwq6O000789@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv767 Modified Files: .cvsignore kernel-2.6.spec linux-2.6-build-nonintconfig.patch linux-2.6-utrace-tracehook.patch sources upstream Added Files: patch-2.6.22.9.bz2.sign Removed Files: linux-2.6-futex-fix-traversal.patch linux-2.6-netdev-forcedeth-realtek-oui.patch linux-2.6-scsi-3w_9xxx-fix-dma-mask.patch linux-2.6-skb_copy_and_csum_datagram_iovec.patch linux-2.6-usb-linked-list-insertion.patch linux-2.6-v4l-dvb-fix-airstar-hd5000-tuner.patch patch-2.6.22.8.bz2.sign Log Message: * Wed Sep 26 2007 Chuck Ebbert - Linux 2.6.22.9 --- NEW FILE patch-2.6.22.9.bz2.sign --- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://www.kernel.org/signature.html for info iD8DBQBG+qIQyGugalF9Dw4RAjugAJ9oe3fhxNgJS23LCxKMdgHrqBZUjwCgkVe1 5NysGkmoYh5Q5buNL99NXck= =ysvo -----END PGP SIGNATURE----- Index: .cvsignore =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/.cvsignore,v retrieving revision 1.573 retrieving revision 1.574 diff -u -r1.573 -r1.574 --- .cvsignore 26 Sep 2007 16:10:59 -0000 1.573 +++ .cvsignore 26 Sep 2007 18:58:49 -0000 1.574 @@ -3,4 +3,4 @@ temp-* kernel-2.6.22 linux-2.6.22.tar.bz2 -patch-2.6.22.8.bz2 +patch-2.6.22.9.bz2 Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3026 retrieving revision 1.3027 diff -u -r1.3026 -r1.3027 --- kernel-2.6.spec 26 Sep 2007 16:10:59 -0000 1.3026 +++ kernel-2.6.spec 26 Sep 2007 18:58:49 -0000 1.3027 @@ -30,7 +30,7 @@ ## If this is a released kernel ## %if 0%{?released_kernel} # Do we have a 2.6.21.y update to apply? -%define stable_update 8 +%define stable_update 9 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev .%{stable_update} @@ -557,14 +557,12 @@ Patch400: linux-2.6-scsi-cpqarray-set-master.patch Patch401: linux-2.6-aacraid-ioctl-security.patch -Patch403: linux-2.6-scsi-3w_9xxx-fix-dma-mask.patch Patch404: linux-2.6-scsi-mpt-vmware-fix.patch Patch420: linux-2.6-squashfs.patch Patch422: linux-2.6-gfs2-update.patch Patch423: linux-2.6-gfs-locking-exports.patch Patch430: linux-2.6-net-silence-noisy-printks.patch -Patch435: linux-2.6-skb_copy_and_csum_datagram_iovec.patch Patch440: linux-2.6-sha_alignment.patch Patch450: linux-2.6-input-kill-stupid-messages.patch @@ -607,7 +605,6 @@ Patch713: linux-2.6-net-atl1-fix-typo-in-dma-setup.patch Patch714: linux-2.6-net-atl1-fix-typo-in-dma_req_block.patch Patch715: linux-2.6-netdev-atl1-disable-broken-64-bit-dma.patch -Patch718: linux-2.6-netdev-forcedeth-realtek-oui.patch Patch730: linux-2.6-snd-ad1988-fix-spdif-output.patch Patch731: linux-2.6-snd-hda-stac92xx-fixes.patch @@ -615,14 +612,11 @@ Patch740: linux-2.6-sdhci-ene-controller-quirk.patch Patch741: linux-2.6-sdhci-fix-interrupt-mask.patch Patch742: linux-2.6-sdhci-clear-error-interrupt.patch -Patch760: linux-2.6-v4l-dvb-fix-airstar-hd5000-tuner.patch Patch770: linux-2.6-irda-smc-remove-quirk.patch -Patch771: linux-2.6-futex-fix-traversal.patch Patch780: linux-2.6-usb-storage-initialize-huawei-e220-properly.patch Patch781: linux-2.6-usb-allow-1-byte-replies.patch Patch782: linux-2.6-usb-fixup-interval-lengths.patch -Patch783: linux-2.6-usb-linked-list-insertion.patch Patch800: linux-2.6-wakeups-hdaps.patch Patch801: linux-2.6-wakeups.patch @@ -1205,8 +1199,6 @@ ApplyPatch linux-2.6-scsi-cpqarray-set-master.patch # aacraid: ioctl handler needs permission check ApplyPatch linux-2.6-aacraid-ioctl-security.patch -# fix 3ware 9000 DMA fallback -ApplyPatch linux-2.6-scsi-3w_9xxx-fix-dma-mask.patch # fix vmware's broken emulation of SCSI controller ApplyPatch linux-2.6-scsi-mpt-vmware-fix.patch @@ -1221,8 +1213,6 @@ # Networking # Disable easy to trigger printk's. ApplyPatch linux-2.6-net-silence-noisy-printks.patch -# fix oops when skb has zero length -ApplyPatch linux-2.6-skb_copy_and_csum_datagram_iovec.patch # Misc fixes # Fix SHA1 alignment problem on ia64 @@ -1306,8 +1296,6 @@ ApplyPatch linux-2.6-net-atl1-fix-typo-in-dma-setup.patch ApplyPatch linux-2.6-net-atl1-fix-typo-in-dma_req_block.patch ApplyPatch linux-2.6-netdev-atl1-disable-broken-64-bit-dma.patch -# forcedeth has the wrong OUI for realtek PHYs -ApplyPatch linux-2.6-netdev-forcedeth-realtek-oui.patch # ALSA # @@ -1324,12 +1312,8 @@ ApplyPatch linux-2.6-sdhci-fix-interrupt-mask.patch # fix the interrupt mask fix ApplyPatch linux-2.6-sdhci-clear-error-interrupt.patch -# v4l/dvb: fix airstar hd5000 tuner -ApplyPatch linux-2.6-v4l-dvb-fix-airstar-hd5000-tuner.patch # irda: remove smc quirk that breaks hp 6000 notebooks ApplyPatch linux-2.6-irda-smc-remove-quirk.patch -# futex: fix compat list traveral -ApplyPatch linux-2.6-futex-fix-traversal.patch # USB # @@ -1338,7 +1322,6 @@ # trivial USB fixes ApplyPatch linux-2.6-usb-allow-1-byte-replies.patch ApplyPatch linux-2.6-usb-fixup-interval-lengths.patch -ApplyPatch linux-2.6-usb-linked-list-insertion.patch # timers @@ -2280,6 +2263,9 @@ %changelog * Wed Sep 26 2007 Chuck Ebbert +- Linux 2.6.22.9 + +* Wed Sep 26 2007 Chuck Ebbert - Linux 2.6.22.8 * Fri Sep 21 2007 Chuck Ebbert linux-2.6-build-nonintconfig.patch: Makefile | 5 +++++ conf.c | 36 ++++++++++++++++++++++++++++++++++-- 2 files changed, 39 insertions(+), 2 deletions(-) Index: linux-2.6-build-nonintconfig.patch =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/linux-2.6-build-nonintconfig.patch,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- linux-2.6-build-nonintconfig.patch 10 Jul 2007 01:23:51 -0000 1.7 +++ linux-2.6-build-nonintconfig.patch 26 Sep 2007 18:58:49 -0000 1.8 @@ -32,10 +32,10 @@ static void strip(char *str) { char *p = str; -@@ -103,6 +107,14 @@ static void conf_askvalue(struct symbol +@@ -103,6 +107,16 @@ static void conf_askvalue(struct symbol fflush(stdout); fgets(line, 128, stdin); - return; + return 1; + case dont_ask: + if (!sym_has_value(sym)) { + fprintf(stderr,"CONFIG_%s\n",sym->name); @@ -43,10 +43,12 @@ + } + /*FALLTHROUGH*/ + case dont_ask_dont_tell: -+ return; ++ if (sym_has_value(sym)) ++ return 0; ++ return 1; case set_default: printf("%s\n", def); - return; + return 1; @@ -346,6 +358,11 @@ static int conf_choice(struct menu *menu printf("?"); printf("]: "); linux-2.6-utrace-tracehook.patch: arch/alpha/kernel/asm-offsets.c | 2 arch/alpha/kernel/entry.S | 4 arch/arm/kernel/ptrace.c | 17 - arch/arm26/kernel/ptrace.c | 32 -- arch/frv/kernel/ptrace.c | 15 - arch/i386/kernel/entry.S | 7 arch/i386/kernel/process.c | 3 arch/i386/kernel/ptrace.c | 104 +-------- arch/i386/kernel/signal.c | 37 +-- arch/i386/kernel/vm86.c | 7 arch/i386/math-emu/fpu_entry.c | 6 arch/ia64/kernel/asm-offsets.c | 2 arch/ia64/kernel/fsys.S | 16 - arch/ia64/kernel/mca.c | 2 arch/mips/kernel/ptrace.c | 21 - arch/mips/kernel/sysirix.c | 2 arch/powerpc/kernel/asm-offsets.c | 2 arch/powerpc/kernel/process.c | 5 arch/powerpc/kernel/ptrace-common.h | 16 - arch/powerpc/kernel/ptrace.c | 76 +----- arch/powerpc/kernel/ptrace32.c | 13 - arch/powerpc/kernel/signal_32.c | 3 arch/powerpc/kernel/signal_64.c | 3 arch/powerpc/kernel/sys_ppc32.c | 5 arch/ppc/kernel/asm-offsets.c | 2 arch/s390/kernel/compat_linux.c | 3 arch/s390/kernel/process.c | 3 arch/sparc64/kernel/binfmt_aout32.c | 2 arch/sparc64/kernel/process.c | 3 arch/sparc64/kernel/sys_sparc32.c | 3 arch/x86_64/ia32/ia32_aout.c | 6 arch/x86_64/ia32/ia32_signal.c | 7 arch/x86_64/ia32/ia32entry.S | 4 arch/x86_64/ia32/ptrace32.c | 2 arch/x86_64/ia32/sys_ia32.c | 5 arch/x86_64/kernel/entry.S | 8 arch/x86_64/kernel/process.c | 5 arch/x86_64/kernel/ptrace.c | 57 +--- arch/x86_64/kernel/signal.c | 28 +- arch/x86_64/kernel/traps.c | 8 arch/x86_64/mm/fault.c | 4 drivers/connector/cn_proc.c | 4 fs/binfmt_aout.c | 6 fs/binfmt_elf.c | 6 fs/binfmt_elf_fdpic.c | 7 fs/binfmt_flat.c | 3 fs/binfmt_som.c | 2 fs/exec.c | 11 fs/proc/array.c | 12 - fs/proc/base.c | 17 - include/asm-i386/signal.h | 4 include/asm-i386/thread_info.h | 7 include/asm-i386/tracehook.h | 52 ++++ include/asm-powerpc/tracehook.h | 74 ++++++ include/asm-x86_64/thread_info.h | 3 include/asm-x86_64/tracehook.h | 51 ++++ include/linux/init_task.h | 3 include/linux/ptrace.h | 18 - include/linux/sched.h | 16 - include/linux/tracehook.h | 414 ++++++++++++++++++++++++++++++++++++ kernel/exit.c | 252 ++++++--------------- kernel/fork.c | 66 +---- kernel/ptrace.c | 299 +------------------------- kernel/signal.c | 212 +++--------------- kernel/sys.c | 2 kernel/timer.c | 6 kernel/tsacct.c | 2 mm/nommu.c | 4 security/selinux/hooks.c | 54 ++-- security/selinux/include/objsec.h | 1 70 files changed, 942 insertions(+), 1216 deletions(-) Index: linux-2.6-utrace-tracehook.patch =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/linux-2.6-utrace-tracehook.patch,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- linux-2.6-utrace-tracehook.patch 20 Jul 2007 18:47:39 -0000 1.4 +++ linux-2.6-utrace-tracehook.patch 26 Sep 2007 18:58:49 -0000 1.5 @@ -3157,8 +3157,8 @@ if (!thread_group_leader(p)) goto out; -- if (p->real_parent == group_leader) { -+ if (p->parent == group_leader) { +- if (p->real_parent->tgid == group_leader->tgid) { ++ if (p->parent->tgid == group_leader->tgid) { err = -EPERM; if (task_session(p) != task_session(group_leader)) goto out; Index: sources =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/sources,v retrieving revision 1.537 retrieving revision 1.538 diff -u -r1.537 -r1.538 --- sources 26 Sep 2007 16:11:00 -0000 1.537 +++ sources 26 Sep 2007 18:58:49 -0000 1.538 @@ -1,2 +1,2 @@ 2e230d005c002fb3d38a3ca07c0200d0 linux-2.6.22.tar.bz2 -957192637e6830ba43bad2d9f9ba8324 patch-2.6.22.8.bz2 +6e2e5112d69af5c8d78cff0479c700cd patch-2.6.22.9.bz2 Index: upstream =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/upstream,v retrieving revision 1.457 retrieving revision 1.458 diff -u -r1.457 -r1.458 --- upstream 26 Sep 2007 16:11:00 -0000 1.457 +++ upstream 26 Sep 2007 18:58:49 -0000 1.458 @@ -1,2 +1,2 @@ linux-2.6.22.tar.bz2 -patch-2.6.22.8.bz2 +patch-2.6.22.9.bz2 --- linux-2.6-futex-fix-traversal.patch DELETED --- --- linux-2.6-netdev-forcedeth-realtek-oui.patch DELETED --- --- linux-2.6-scsi-3w_9xxx-fix-dma-mask.patch DELETED --- --- linux-2.6-skb_copy_and_csum_datagram_iovec.patch DELETED --- --- linux-2.6-usb-linked-list-insertion.patch DELETED --- --- linux-2.6-v4l-dvb-fix-airstar-hd5000-tuner.patch DELETED --- --- patch-2.6.22.8.bz2.sign DELETED --- From fedora-cvs-commits at redhat.com Thu Sep 27 17:42:29 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 27 Sep 2007 13:42:29 -0400 Subject: rpms/kernel/FC-6 linux-2.6-acpi-disable-cstates-in-suspend.patch, NONE, 1.1 linux-2.6-acpi-kill-dmesg-spam.patch, NONE, 1.1 linux-2.6-libata-pata_sis-dma-add-missing-entry.patch, NONE, 1.1 linux-2.6-libata-pata_sis-fix-dma-timing.patch, NONE, 1.1 linux-2.6-libata-sata_sil24-fix-irq-clearing-race.patch, NONE, 1.1 linux-2.6-net-r8169-correct-phy-parameters-for-the-8110SC.patch, NONE, 1.1 linux-2.6-net-r8169-workaround-against-ignored-TxPoll-writes-8168.patch, NONE, 1.1 linux-2.6-net-sfq-fix-oops-with-2.patch, NONE, 1.1 kernel-2.6.spec, 1.3027, 1.3028 Message-ID: <200709271742.l8RHgTHT022705@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv22682 Modified Files: kernel-2.6.spec Added Files: linux-2.6-acpi-disable-cstates-in-suspend.patch linux-2.6-acpi-kill-dmesg-spam.patch linux-2.6-libata-pata_sis-dma-add-missing-entry.patch linux-2.6-libata-pata_sis-fix-dma-timing.patch linux-2.6-libata-sata_sil24-fix-irq-clearing-race.patch linux-2.6-net-r8169-correct-phy-parameters-for-the-8110SC.patch linux-2.6-net-r8169-workaround-against-ignored-TxPoll-writes-8168.patch linux-2.6-net-sfq-fix-oops-with-2.patch Log Message: * Thu Sep 27 2007 Chuck Ebbert - libata pata_sis: DMA fixes (#202291) - libata sata_sil24: IRQ clearing race fixes - net driver r8169: fix hanging (#252955, #292161) - qdisc sfq: fix oops with 2 packet queue (#219895) - ACPI: disable processor C-states suring suspend - ACPI: silence noisy message linux-2.6-acpi-disable-cstates-in-suspend.patch: drivers/acpi/processor_core.c | 2 ++ drivers/acpi/processor_idle.c | 19 ++++++++++++++++++- include/acpi/processor.h | 2 ++ 3 files changed, 22 insertions(+), 1 deletion(-) --- NEW FILE linux-2.6-acpi-disable-cstates-in-suspend.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b04e7bdb984e3b7f62fb7f44146a529f88cc7639 Commit: b04e7bdb984e3b7f62fb7f44146a529f88cc7639 Parent: 1f0cff6e4d579ab0fe671c02fcd842694e46b90f Author: Thomas Gleixner AuthorDate: Sat Sep 22 22:29:05 2007 +0000 Committer: Linus Torvalds CommitDate: Sat Sep 22 17:15:34 2007 -0700 ACPI: disable lower idle C-states across suspend/resume device_suspend() calls ACPI suspend functions, which seems to have undesired side effects on lower idle C-states. It took me some time to realize that especially the VAIO BIOSes (both Andrews jinxed UP and my elfstruck SMP one) show this effect. I'm quite sure that other bug reports against suspend/resume about turning the system into a brick have the same root cause. After fishing in the dark for quite some time, I realized that removing the ACPI processor module before suspend (this removes the lower C-state functionality) made the problem disappear. Interestingly enough the propability of having a bricked box is influenced by various factors (interrupts, size of the ram image, ...). Even adding a bunch of printks in the wrong places made the problem go away. The previous periodic tick implementation simply pampered over the problem, which explains why the dyntick / clockevents changes made this more prominent. We avoid complex functionality during the boot process and we have to do the same during suspend/resume. It is a similar scenario and equaly fragile. Add suspend / resume functions to the ACPI processor code and disable the lower idle C-states across suspend/resume. Fall back to the default idle implementation (halt) instead. Signed-off-by: Thomas Gleixner Tested-by: Andrew Morton Cc: Len Brown Cc: Venkatesh Pallipadi Cc: Rafael J. Wysocki Signed-off-by: Linus Torvalds --- drivers/acpi/processor_core.c | 2 ++ drivers/acpi/processor_idle.c | 19 ++++++++++++++++++- include/acpi/processor.h | 2 ++ 3 files changed, 22 insertions(+), 1 deletions(-) diff --git a/drivers/acpi/processor_core.c b/drivers/acpi/processor_core.c index 2afb3d2..9f11dc2 100644 --- a/drivers/acpi/processor_core.c +++ b/drivers/acpi/processor_core.c @@ -102,6 +102,8 @@ static struct acpi_driver acpi_processor_driver = { .add = acpi_processor_add, .remove = acpi_processor_remove, .start = acpi_processor_start, + .suspend = acpi_processor_suspend, + .resume = acpi_processor_resume, }, }; diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c index d9b8af7..f182613 100644 --- a/drivers/acpi/processor_idle.c +++ b/drivers/acpi/processor_idle.c @@ -325,6 +325,23 @@ static void acpi_state_timer_broadcast(struct acpi_processor *pr, #endif +/* + * Suspend / resume control + */ +static int acpi_idle_suspend; + +int acpi_processor_suspend(struct acpi_device * device, pm_message_t state) +{ + acpi_idle_suspend = 1; + return 0; +} + +int acpi_processor_resume(struct acpi_device * device) +{ + acpi_idle_suspend = 0; + return 0; +} + static void acpi_processor_idle(void) { struct acpi_processor *pr = NULL; @@ -355,7 +372,7 @@ static void acpi_processor_idle(void) } cx = pr->power.state; - if (!cx) { + if (!cx || acpi_idle_suspend) { if (pm_idle_save) pm_idle_save(); else diff --git a/include/acpi/processor.h b/include/acpi/processor.h index ec3ffda..99934a9 100644 --- a/include/acpi/processor.h +++ b/include/acpi/processor.h @@ -320,6 +320,8 @@ int acpi_processor_power_init(struct acpi_processor *pr, int acpi_processor_cst_has_changed(struct acpi_processor *pr); int acpi_processor_power_exit(struct acpi_processor *pr, struct acpi_device *device); +int acpi_processor_suspend(struct acpi_device * device, pm_message_t state); +int acpi_processor_resume(struct acpi_device * device); /* in processor_thermal.c */ int acpi_processor_get_limit_info(struct acpi_processor *pr); linux-2.6-acpi-kill-dmesg-spam.patch: video.c | 1 - 1 files changed, 1 deletion(-) --- NEW FILE linux-2.6-acpi-kill-dmesg-spam.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7f10cc4e838c2b2d7272031954c56c407569d497 Commit: 7f10cc4e838c2b2d7272031954c56c407569d497 Parent: a21101c46ca5b4320e31408853cdcbf7cb1ce4ed Author: Maik Broemme AuthorDate: Fri Sep 14 22:12:34 2007 +0200 Committer: Len Brown CommitDate: Tue Sep 18 13:45:20 2007 -0400 ACPI: video: remove dmesg spam i am actually heavily using the ACPI video extension for my Thinkpad X61 Tablet. I have bound the input events triggered by the brightness up/down keys to a simple echo > /sys/class/backlight/acpi_video1/brightness but everytime the event is triggered and acpi_video_device_lcd_set_level() is called i got a notificication in my kernel log like: set_level status: 0 set_level status: 0 set_level status: 0 set_level status: 0 ... Signed-off-by: Maik Broemme Signed-off-by: Len Brown --- drivers/acpi/video.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c index 6cb3e7b..d05891f 100644 --- a/drivers/acpi/video.c +++ b/drivers/acpi/video.c @@ -417,7 +417,6 @@ acpi_video_device_lcd_set_level(struct acpi_video_device *device, int level) arg0.integer.value = level; status = acpi_evaluate_object(device->dev->handle, "_BCM", &args, NULL); - printk(KERN_DEBUG "set_level status: %x\n", status); return status; } linux-2.6-libata-pata_sis-dma-add-missing-entry.patch: pata_sis.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletion(-) --- NEW FILE linux-2.6-libata-pata_sis-dma-add-missing-entry.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=edeb614c1c8388b354d93ff7790317cc5d6a38ec Commit: edeb614c1c8388b354d93ff7790317cc5d6a38ec Parent: 228f47b959a0cf2e24c9696757c7e6510334e499 Author: Tejun Heo AuthorDate: Fri Sep 21 16:29:05 2007 +0900 Committer: Jeff Garzik CommitDate: Tue Sep 25 21:30:56 2007 -0400 pata_sis: add missing UDMA5 timing value in sis_66_set_dmamode() sis_66_set_dmamode() also handles early UDMA100 (SIS630 ET) but is missing udma timing value for UDMA100. According to sis5513, this should be 0x8000. This caused UDMA100 device to fail on pata_sis till it downgrades to UDMA66 while it works fine on sis5513 at UDMA100. Reported by Adam Blech. Signed-off-by: Tejun Heo Cc: Adam Blech Signed-off-by: Jeff Garzik bz 202291 --- drivers/ata/pata_sis.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/drivers/ata/pata_sis.c b/drivers/ata/pata_sis.c index 2bd7645..cce2834 100644 --- a/drivers/ata/pata_sis.c +++ b/drivers/ata/pata_sis.c @@ -375,8 +375,9 @@ static void sis_66_set_dmamode (struct ata_port *ap, struct ata_device *adev) int drive_pci = sis_old_port_base(adev); u16 timing; + /* MWDMA 0-2 and UDMA 0-5 */ const u16 mwdma_bits[] = { 0x008, 0x302, 0x301 }; - const u16 udma_bits[] = { 0xF000, 0xD000, 0xB000, 0xA000, 0x9000}; + const u16 udma_bits[] = { 0xF000, 0xD000, 0xB000, 0xA000, 0x9000, 0x8000 }; pci_read_config_word(pdev, drive_pci, &timing); linux-2.6-libata-pata_sis-fix-dma-timing.patch: pata_sis.c | 20 +++++++++----------- 1 files changed, 9 insertions(+), 11 deletions(-) --- NEW FILE linux-2.6-libata-pata_sis-fix-dma-timing.patch --- # HG changeset patch # User Bartlomiej Zolnierkiewicz # Date 1185976856 14400 # Node ID f5e5b307727d7fb820ccc9d77de29c837dd90e95 # Parent 1130c2b7409a2eb135ebc61dfd3c784d1cea7eda pata_sis: fix MWDMA for <= UDMA66 chipsets and UDMA for UDMA33 chipsets * Fix MWDMA timings setup in sis_old_set_dmamode() and sis_66_set_dmamode(). The old timings were overclocked (even worse behavior than sis5513 IDE driver which depends on BIOS to program correct timings), the new timings are taken from the datasheet (they match timings from ATA spec). * Fix UDMA timings setup in sis_old_set_dmamode(). Misplaced pci_write_config_word() call resulted in UDMA timings never being set. * Fix comments for sis_133_early_set_dmamode() and sis_133_set_dmamode(): - only the former function handles early SiS 961 bridges - both functions lack MWDMA timings setup * Fix typos in sis_100_set_piomode() and sis_133_set_piomode() comments. * Bump driver version. Cc: Alan Cox Signed-off-by: Bartlomiej Zolnierkiewicz Signed-off-by: Jeff Garzik committer: Jeff Garzik --- a/drivers/ata/pata_sis.c Wed Aug 01 10:00:56 2007 -0400 +++ b/drivers/ata/pata_sis.c Wed Aug 01 10:00:56 2007 -0400 @@ -2,6 +2,7 @@ * pata_sis.c - SiS ATA driver * * (C) 2005 Red Hat + * (C) 2007 Bartlomiej Zolnierkiewicz * * Based upon linux/drivers/ide/pci/sis5513.c * Copyright (C) 1999-2000 Andre Hedrick @@ -35,7 +36,7 @@ #include "sis.h" #define DRV_NAME "pata_sis" -#define DRV_VERSION "0.5.1" +#define DRV_VERSION "0.5.2" struct sis_chipset { u16 device; /* PCI host ID */ @@ -237,7 +238,7 @@ static void sis_old_set_piomode (struct } /** - * sis_100_set_pioode - Initialize host controller PATA PIO timings + * sis_100_set_piomode - Initialize host controller PATA PIO timings * @ap: Port whose timings we are configuring * @adev: Device we are configuring for. * @@ -262,7 +263,7 @@ static void sis_100_set_piomode (struct } /** - * sis_133_set_pioode - Initialize host controller PATA PIO timings + * sis_133_set_piomode - Initialize host controller PATA PIO timings * @ap: Port whose timings we are configuring * @adev: Device we are configuring for. * @@ -334,7 +335,7 @@ static void sis_old_set_dmamode (struct int drive_pci = sis_old_port_base(adev); u16 timing; - const u16 mwdma_bits[] = { 0x707, 0x202, 0x202 }; + const u16 mwdma_bits[] = { 0x008, 0x302, 0x301 }; const u16 udma_bits[] = { 0xE000, 0xC000, 0xA000 }; pci_read_config_word(pdev, drive_pci, &timing); @@ -342,15 +343,15 @@ static void sis_old_set_dmamode (struct if (adev->dma_mode < XFER_UDMA_0) { /* bits 3-0 hold recovery timing bits 8-10 active timing and the higer bits are dependant on the device */ - timing &= ~ 0x870F; + timing &= ~0x870F; timing |= mwdma_bits[speed]; - pci_write_config_word(pdev, drive_pci, timing); } else { /* Bit 15 is UDMA on/off, bit 13-14 are cycle time */ speed = adev->dma_mode - XFER_UDMA_0; timing &= ~0x6000; timing |= udma_bits[speed]; } + pci_write_config_word(pdev, drive_pci, timing); } /** @@ -373,7 +374,7 @@ static void sis_66_set_dmamode (struct a int drive_pci = sis_old_port_base(adev); u16 timing; - const u16 mwdma_bits[] = { 0x707, 0x202, 0x202 }; + const u16 mwdma_bits[] = { 0x008, 0x302, 0x301 }; const u16 udma_bits[] = { 0xF000, 0xD000, 0xB000, 0xA000, 0x9000}; pci_read_config_word(pdev, drive_pci, &timing); @@ -432,8 +433,7 @@ static void sis_100_set_dmamode (struct * @adev: Device to program * * Set UDMA/MWDMA mode for device, in host controller PCI config space. - * Handles early SiS 961 bridges. Supports MWDMA as well unlike - * the old ide/pci driver. + * Handles early SiS 961 bridges. * * LOCKING: * None (inherited from caller). @@ -467,8 +467,6 @@ static void sis_133_early_set_dmamode (s * @adev: Device to program * * Set UDMA/MWDMA mode for device, in host controller PCI config space. - * Handles early SiS 961 bridges. Supports MWDMA as well unlike - * the old ide/pci driver. * * LOCKING: * None (inherited from caller). linux-2.6-libata-sata_sil24-fix-irq-clearing-race.patch: sata_sil24.c | 16 ++++++++++++---- 1 files changed, 12 insertions(+), 4 deletions(-) --- NEW FILE linux-2.6-libata-sata_sil24-fix-irq-clearing-race.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=228f47b959a0cf2e24c9696757c7e6510334e499 Commit: 228f47b959a0cf2e24c9696757c7e6510334e499 Parent: 4942de4a0e914f205d351a81873f4f63986bcc3c Author: Tejun Heo AuthorDate: Sun Sep 23 12:37:05 2007 +0900 Committer: Jeff Garzik CommitDate: Tue Sep 25 21:30:56 2007 -0400 sata_sil24: fix IRQ clearing race when PCIX_IRQ_WOC is used When PCIX_IRQ_WOC is used, sil24 has an inherent race condition between clearing IRQ pending and reading IRQ status. If IRQ pending is cleared after reading IRQ status, there's possibility of lost IRQ. If IRQ pending is cleared before reading IRQ status, spurious IRQs will occur. sata_sil24 till now cleared IRQ pending after reading IRQ status thus losing IRQs on machines where PCIX_IRQ_WOC was used. Reverse the order and ignore spurious IRQs if PCIX_IRQ_WOC. Signed-off-by: Tejun Heo Signed-off-by: Jeff Garzik --- drivers/ata/sata_sil24.c | 16 ++++++++++++---- 1 files changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/ata/sata_sil24.c b/drivers/ata/sata_sil24.c index ef83e6b..233e886 100644 --- a/drivers/ata/sata_sil24.c +++ b/drivers/ata/sata_sil24.c @@ -888,6 +888,16 @@ static inline void sil24_host_intr(struct ata_port *ap) u32 slot_stat, qc_active; int rc; + /* If PCIX_IRQ_WOC, there's an inherent race window between + * clearing IRQ pending status and reading PORT_SLOT_STAT + * which may cause spurious interrupts afterwards. This is + * unavoidable and much better than losing interrupts which + * happens if IRQ pending is cleared after reading + * PORT_SLOT_STAT. + */ + if (ap->flags & SIL24_FLAG_PCIX_IRQ_WOC) + writel(PORT_IRQ_COMPLETE, port + PORT_IRQ_STAT); + slot_stat = readl(port + PORT_SLOT_STAT); if (unlikely(slot_stat & HOST_SSTAT_ATTN)) { @@ -895,9 +905,6 @@ static inline void sil24_host_intr(struct ata_port *ap) return; } - if (ap->flags & SIL24_FLAG_PCIX_IRQ_WOC) - writel(PORT_IRQ_COMPLETE, port + PORT_IRQ_STAT); - qc_active = slot_stat & ~HOST_SSTAT_ATTN; rc = ata_qc_complete_multiple(ap, qc_active, sil24_finish_qc); if (rc > 0) @@ -910,7 +917,8 @@ static inline void sil24_host_intr(struct ata_port *ap) return; } - if (ata_ratelimit()) + /* spurious interrupts are expected if PCIX_IRQ_WOC */ + if (!(ap->flags & SIL24_FLAG_PCIX_IRQ_WOC) && ata_ratelimit()) ata_port_printk(ap, KERN_INFO, "spurious interrupt " "(slot_stat 0x%x active_tag %d sactive 0x%x)\n", slot_stat, ap->active_tag, ap->sactive); linux-2.6-net-r8169-correct-phy-parameters-for-the-8110SC.patch: r8169.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletion(-) --- NEW FILE linux-2.6-net-r8169-correct-phy-parameters-for-the-8110SC.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=65d916d95314566f426cc40ff0f17b754a773b0b Commit: 65d916d95314566f426cc40ff0f17b754a773b0b Parent: a88a8eff1e6e32d3288986a9d36c6a449c032d3a Author: Edward Hsu AuthorDate: Fri Aug 17 10:14:36 2007 +0200 Committer: Francois Romieu CommitDate: Wed Sep 19 21:52:18 2007 +0200 r8169: correct phy parameters for the 8110SC The phys of the 8110SC (RTL_GIGA_MAC_VER_{05/06}) act abnormally in gigabit mode if they are applied the parameters in rtl8169_hw_phy_config which actually aim the 8110S/SB. It is ok to return early from rtl8169_hw_phy_config as it does not apply to the 8101 and 8168 families. Signed-off-by: Edward Hsu Signed-off-by: Francois Romieu --- drivers/net/r8169.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c index b85ab4a..d9bb51b 100644 --- a/drivers/net/r8169.c +++ b/drivers/net/r8169.c @@ -1228,7 +1228,10 @@ static void rtl8169_hw_phy_config(struct net_device *dev) return; } - /* phy config for RTL8169s mac_version C chip */ + if ((tp->mac_version != RTL_GIGA_MAC_VER_02) && + (tp->mac_version != RTL_GIGA_MAC_VER_03)) + return; + mdio_write(ioaddr, 31, 0x0001); //w 31 2 0 1 mdio_write(ioaddr, 21, 0x1000); //w 21 15 0 1000 mdio_write(ioaddr, 24, 0x65c7); //w 24 15 0 65c7 linux-2.6-net-r8169-workaround-against-ignored-TxPoll-writes-8168.patch: r8169.c | 9 +++++++++ 1 files changed, 9 insertions(+) --- NEW FILE linux-2.6-net-r8169-workaround-against-ignored-TxPoll-writes-8168.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d78ae2dcc2acebb9a1048278f47f762c069db75c Commit: d78ae2dcc2acebb9a1048278f47f762c069db75c Parent: 65d916d95314566f426cc40ff0f17b754a773b0b Author: Francois Romieu AuthorDate: Sun Aug 26 20:08:19 2007 +0200 Committer: Francois Romieu CommitDate: Wed Sep 19 21:52:18 2007 +0200 r8169: workaround against ignored TxPoll writes (8168) The 8168 ignores the requests to fetch the Tx descriptors when the relevant TxPoll bit is already set. It easily kills the performances of the 8168. David Gundersen has noticed that it is enough to wait for the completion of the DMA transfer (NPQ bit is cleared) before writing the TxPoll register again. The extra IO traffic added by the proposed workaround could be minimalized but it is not a high-priority task. Fix for: http://bugzilla.kernel.org/show_bug.cgi?id=7924 http://bugzilla.kernel.org/show_bug.cgi?id=8688 (http://bugzilla.kernel.org/show_bug.cgi?id=7555 ?) Signed-off-by: Francois Romieu Cc: David Gundersen Cc: Edward Hsu bz 252955, 292161 : fix for 2.6.22 --- drivers/net/r8169.c | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c index d9bb51b..c921ec3 100644 --- a/drivers/net/r8169.c +++ b/drivers/net/r8169.c @@ -2570,6 +2570,15 @@ static void rtl8169_tx_interrupt(struct net_device *dev, (TX_BUFFS_AVAIL(tp) >= MAX_SKB_FRAGS)) { netif_wake_queue(dev); } + /* + * 8168 hack: TxPoll requests are lost when the Tx packets are + * too close. Let's kick an extra TxPoll request when a burst + * of start_xmit activity is detected (if it is not detected, + * it is slow enough). -- FR + */ + smp_rmb(); + if (tp->cur_tx != dirty_tx) + RTL_W8(TxPoll, 0x40); } } linux-2.6-net-sfq-fix-oops-with-2.patch: sch_sfq.c | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) --- NEW FILE linux-2.6-net-sfq-fix-oops-with-2.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5588b40d7c2bff75ee573ed42d1738c73ce24492 Commit: 5588b40d7c2bff75ee573ed42d1738c73ce24492 Parent: 1a03b81db96aeaac0276224f25c0701a1ba37318 Author: Alexey Kuznetsov AuthorDate: Wed Sep 19 10:42:03 2007 -0700 Committer: David S. Miller CommitDate: Thu Sep 20 12:14:08 2007 -0700 [PKT_SCHED]: Fix 'SFQ qdisc crashes with limit of 2 packets' Acked-by: Patrick McHardy Signed-off-by: David S. Miller bz 219895 --- net/sched/sch_sfq.c | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c index 9579573..3a23e30 100644 --- a/net/sched/sch_sfq.c +++ b/net/sched/sch_sfq.c @@ -270,7 +270,7 @@ sfq_enqueue(struct sk_buff *skb, struct Qdisc* sch) q->tail = x; } } - if (++sch->q.qlen < q->limit-1) { + if (++sch->q.qlen <= q->limit) { sch->bstats.bytes += skb->len; sch->bstats.packets++; return 0; @@ -306,7 +306,7 @@ sfq_requeue(struct sk_buff *skb, struct Qdisc* sch) q->tail = x; } } - if (++sch->q.qlen < q->limit - 1) { + if (++sch->q.qlen <= q->limit) { sch->qstats.requeues++; return 0; } @@ -391,10 +391,10 @@ static int sfq_change(struct Qdisc *sch, struct rtattr *opt) q->quantum = ctl->quantum ? : psched_mtu(sch->dev); q->perturb_period = ctl->perturb_period*HZ; if (ctl->limit) - q->limit = min_t(u32, ctl->limit, SFQ_DEPTH); + q->limit = min_t(u32, ctl->limit, SFQ_DEPTH - 2); qlen = sch->q.qlen; - while (sch->q.qlen >= q->limit-1) + while (sch->q.qlen > q->limit) sfq_drop(sch); qdisc_tree_decrease_qlen(sch, qlen - sch->q.qlen); @@ -423,7 +423,7 @@ static int sfq_init(struct Qdisc *sch, struct rtattr *opt) q->dep[i+SFQ_DEPTH].next = i+SFQ_DEPTH; q->dep[i+SFQ_DEPTH].prev = i+SFQ_DEPTH; } - q->limit = SFQ_DEPTH; + q->limit = SFQ_DEPTH - 2; q->max_depth = 0; q->tail = SFQ_DEPTH; if (opt == NULL) { Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3027 retrieving revision 1.3028 diff -u -r1.3027 -r1.3028 --- kernel-2.6.spec 26 Sep 2007 18:58:49 -0000 1.3027 +++ kernel-2.6.spec 27 Sep 2007 17:42:26 -0000 1.3028 @@ -563,6 +563,7 @@ Patch422: linux-2.6-gfs2-update.patch Patch423: linux-2.6-gfs-locking-exports.patch Patch430: linux-2.6-net-silence-noisy-printks.patch +Patch431: linux-2.6-net-sfq-fix-oops-with-2.patch Patch440: linux-2.6-sha_alignment.patch Patch450: linux-2.6-input-kill-stupid-messages.patch @@ -598,6 +599,9 @@ Patch672: linux-2.6-libata-pata-dma-disable-option.patch Patch673: linux-2.6-libata-pata_it821x-dma.patch Patch674: linux-2.6-libata-pata_via-cable-detect.patch +Patch677: linux-2.6-libata-pata_sis-fix-dma-timing.patch +Patch678: linux-2.6-libata-pata_sis-dma-add-missing-entry.patch +Patch679: linux-2.6-libata-sata_sil24-fix-irq-clearing-race.patch Patch680: git-wireless-dev.patch Patch690: linux-2.6-e1000-ich9.patch @@ -605,6 +609,8 @@ Patch713: linux-2.6-net-atl1-fix-typo-in-dma-setup.patch Patch714: linux-2.6-net-atl1-fix-typo-in-dma_req_block.patch Patch715: linux-2.6-netdev-atl1-disable-broken-64-bit-dma.patch +Patch716: linux-2.6-net-r8169-correct-phy-parameters-for-the-8110SC.patch +Patch717: linux-2.6-net-r8169-workaround-against-ignored-TxPoll-writes-8168.patch Patch730: linux-2.6-snd-ad1988-fix-spdif-output.patch Patch731: linux-2.6-snd-hda-stac92xx-fixes.patch @@ -618,6 +624,9 @@ Patch781: linux-2.6-usb-allow-1-byte-replies.patch Patch782: linux-2.6-usb-fixup-interval-lengths.patch +Patch790: linux-2.6-acpi-disable-cstates-in-suspend.patch +Patch791: linux-2.6-acpi-kill-dmesg-spam.patch + Patch800: linux-2.6-wakeups-hdaps.patch Patch801: linux-2.6-wakeups.patch Patch900: linux-2.6-sched-cfs-v2.6.22.5-v20.5.patch @@ -1213,6 +1222,8 @@ # Networking # Disable easy to trigger printk's. ApplyPatch linux-2.6-net-silence-noisy-printks.patch +# fix oops in sfq +ApplyPatch linux-2.6-net-sfq-fix-oops-with-2.patch # Misc fixes # Fix SHA1 alignment problem on ia64 @@ -1284,6 +1295,11 @@ ApplyPatch linux-2.6-libata-pata_it821x-dma.patch # fix cable detection on pata_via ApplyPatch linux-2.6-libata-pata_via-cable-detect.patch +# pata_sis DMA fixes +ApplyPatch linux-2.6-libata-pata_sis-fix-dma-timing.patch +ApplyPatch linux-2.6-libata-pata_sis-dma-add-missing-entry.patch +# sata_sil24 irq race fix +ApplyPatch linux-2.6-libata-sata_sil24-fix-irq-clearing-race.patch # Add the new wireless stack and drivers from wireless-dev @@ -1297,6 +1313,10 @@ ApplyPatch linux-2.6-net-atl1-fix-typo-in-dma_req_block.patch ApplyPatch linux-2.6-netdev-atl1-disable-broken-64-bit-dma.patch +# r8169 +ApplyPatch linux-2.6-net-r8169-correct-phy-parameters-for-the-8110SC.patch +ApplyPatch linux-2.6-net-r8169-workaround-against-ignored-TxPoll-writes-8168.patch + # ALSA # # fix spdif output on ad1988 @@ -1326,6 +1346,10 @@ # timers # ACPI patches +# fix some suspend bugs +ApplyPatch linux-2.6-acpi-disable-cstates-in-suspend.patch +# silence noisy message +ApplyPatch linux-2.6-acpi-kill-dmesg-spam.patch # Fix excessive wakeups # Make hdaps timer only tick when in use. @@ -2262,6 +2286,14 @@ %endif %changelog +* Thu Sep 27 2007 Chuck Ebbert +- libata pata_sis: DMA fixes (#202291) +- libata sata_sil24: IRQ clearing race fixes +- net driver r8169: fix hanging (#252955, #292161) +- qdisc sfq: fix oops with 2 packet queue (#219895) +- ACPI: disable processor C-states suring suspend +- ACPI: silence noisy message + * Wed Sep 26 2007 Chuck Ebbert - Linux 2.6.22.9 From fedora-cvs-commits at redhat.com Thu Sep 27 21:36:10 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 27 Sep 2007 17:36:10 -0400 Subject: rpms/kernel/FC-6 linux-2.6-libata-2.6.23-rc8-noncq.patch, NONE, 1.1 linux-2.6-uevent-zero-fill-env.patch, NONE, 1.1 kernel-2.6.spec, 1.3028, 1.3029 Message-ID: <200709272136.l8RLaAIK010055@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6 In directory cvs.devel.redhat.com:/tmp/cvs-serv10025 Modified Files: kernel-2.6.spec Added Files: linux-2.6-libata-2.6.23-rc8-noncq.patch linux-2.6-uevent-zero-fill-env.patch Log Message: * Thu Sep 27 2007 Chuck Ebbert - Revert to old RTC driver. - Zero fill environment for uevent handlers. - Update the libata NCQ disk blacklist. linux-2.6-libata-2.6.23-rc8-noncq.patch: libata-core.c | 12 +++++++++--- 1 files changed, 9 insertions(+), 3 deletions(-) --- NEW FILE linux-2.6-libata-2.6.23-rc8-noncq.patch --- --- linux-2.6.23/drivers/ata/libata-core.c +++ linux-2.6.23/drivers/ata/libata-core.c @@ -3791,6 +3791,8 @@ { "SAMSUNG CD-ROM SN-124","N001", ATA_HORKAGE_NODMA }, { "Seagate STT20000A", NULL, ATA_HORKAGE_NODMA }, { "IOMEGA ZIP 250 ATAPI", NULL, ATA_HORKAGE_NODMA }, /* temporary fix */ + { "IOMEGA ZIP 250 ATAPI Floppy", + NULL, ATA_HORKAGE_NODMA }, /* Weird ATAPI devices */ { "TORiSAN DVD-ROM DRD-N216", NULL, ATA_HORKAGE_MAX_SEC_128 }, @@ -3806,8 +3808,11 @@ { "Maxtor 6L250S0", "BANC1G10", ATA_HORKAGE_NONCQ }, { "Maxtor 6B200M0", "BANC1BM0", ATA_HORKAGE_NONCQ }, { "Maxtor 6B200M0", "BANC1B10", ATA_HORKAGE_NONCQ }, + { "Maxtor 7B250S0", "BANC1B70", ATA_HORKAGE_NONCQ, }, + { "Maxtor 7B300S0", "BANC1B70", ATA_HORKAGE_NONCQ }, + { "Maxtor 7V300F0", "VA111630", ATA_HORKAGE_NONCQ }, { "HITACHI HDS7250SASUN500G 0621KTAWSD", "K2AOAJ0AHITACHI", - ATA_HORKAGE_NONCQ }, + ATA_HORKAGE_NONCQ }, /* NCQ hard hangs device under heavier load, needs hard power cycle */ { "Maxtor 6B250S0", "BANC1B70", ATA_HORKAGE_NONCQ }, /* Blacklist entries taken from Silicon Image 3124/3132 @@ -3821,8 +3826,9 @@ { "Hitachi HTS541616J9SA00", "SB4OC70P", ATA_HORKAGE_NONCQ, }, { "WDC WD740ADFD-00NLR1", NULL, ATA_HORKAGE_NONCQ, }, { "FUJITSU MHV2080BH", "00840028", ATA_HORKAGE_NONCQ, }, - - /* Devices with NCQ limits */ + { "ST9160821AS", "3.CLF", ATA_HORKAGE_NONCQ, }, + { "ST3160812AS", "3.AD", ATA_HORKAGE_NONCQ, }, + { "SAMSUNG HD401LJ", "ZZ100-15", ATA_HORKAGE_NONCQ, }, /* End Marker */ { } linux-2.6-uevent-zero-fill-env.patch: core.c | 1 + 1 files changed, 1 insertion(+) --- NEW FILE linux-2.6-uevent-zero-fill-env.patch --- Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5309809129ca3ab14f8bd5e5ef66c1b7686eb639 Commit: 5309809129ca3ab14f8bd5e5ef66c1b7686eb639 Parent: 544002ef832730b18327000c898a140bfc93efd4 Author: Linus Torvalds AuthorDate: Wed Sep 26 09:16:21 2007 -0700 Committer: Linus Torvalds CommitDate: Wed Sep 26 09:16:21 2007 -0700 Add explicit zeroing to "envp" array in device 'show' method As Stephen Hemminger says, this is a "belt and suspenders" patch that zeroes the envp array at allocation time, even though all the users should NULL-terminate it anyway (and we've hopefully fixed everybody that doesn't do that). And we'll apparently clean the whole envp thing up for 2.6.24 anyway. But let's just be robust, and do both this *and* make sure that all users are doing the right thing. Acked-by: Stephen Hemminger Acked-by: Greg Kroah-Hartman Signed-off-by: Linus Torvalds --- drivers/base/core.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index 6de33d7..67c9258 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -284,6 +284,7 @@ static ssize_t show_uevent(struct device *dev, struct device_attribute *attr, /* let the kset specific function add its keys */ pos = data; + memset(envp, 0, sizeof(envp)); retval = kset->uevent_ops->uevent(kset, &dev->kobj, envp, ARRAY_SIZE(envp), pos, PAGE_SIZE); Index: kernel-2.6.spec =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v retrieving revision 1.3028 retrieving revision 1.3029 diff -u -r1.3028 -r1.3029 --- kernel-2.6.spec 27 Sep 2007 17:42:26 -0000 1.3028 +++ kernel-2.6.spec 27 Sep 2007 21:36:07 -0000 1.3029 @@ -602,8 +602,9 @@ Patch677: linux-2.6-libata-pata_sis-fix-dma-timing.patch Patch678: linux-2.6-libata-pata_sis-dma-add-missing-entry.patch Patch679: linux-2.6-libata-sata_sil24-fix-irq-clearing-race.patch +Patch680: linux-2.6-libata-2.6.23-rc8-noncq.patch -Patch680: git-wireless-dev.patch +Patch689: git-wireless-dev.patch Patch690: linux-2.6-e1000-ich9.patch Patch710: linux-2.6-bcm43xx-pci-neuter.patch Patch713: linux-2.6-net-atl1-fix-typo-in-dma-setup.patch @@ -618,6 +619,7 @@ Patch740: linux-2.6-sdhci-ene-controller-quirk.patch Patch741: linux-2.6-sdhci-fix-interrupt-mask.patch Patch742: linux-2.6-sdhci-clear-error-interrupt.patch +Patch760: linux-2.6-uevent-zero-fill-env.patch Patch770: linux-2.6-irda-smc-remove-quirk.patch Patch780: linux-2.6-usb-storage-initialize-huawei-e220-properly.patch @@ -1300,7 +1302,8 @@ ApplyPatch linux-2.6-libata-pata_sis-dma-add-missing-entry.patch # sata_sil24 irq race fix ApplyPatch linux-2.6-libata-sata_sil24-fix-irq-clearing-race.patch - +# update the libata NONCQ list +ApplyPatch linux-2.6-libata-2.6.23-rc8-noncq.patch # Add the new wireless stack and drivers from wireless-dev ApplyPatch git-wireless-dev.patch @@ -1334,6 +1337,8 @@ ApplyPatch linux-2.6-sdhci-clear-error-interrupt.patch # irda: remove smc quirk that breaks hp 6000 notebooks ApplyPatch linux-2.6-irda-smc-remove-quirk.patch +# uevent: zero fill the environment +ApplyPatch linux-2.6-uevent-zero-fill-env.patch # USB # @@ -2287,6 +2292,11 @@ %changelog * Thu Sep 27 2007 Chuck Ebbert +- Revert to old RTC driver. +- Zero fill environment for uevent handlers. +- Update the libata NCQ disk blacklist. + +* Thu Sep 27 2007 Chuck Ebbert - libata pata_sis: DMA fixes (#202291) - libata sata_sil24: IRQ clearing race fixes - net driver r8169: fix hanging (#252955, #292161) From fedora-cvs-commits at redhat.com Thu Sep 27 21:36:11 2007 From: fedora-cvs-commits at redhat.com (fedora-cvs-commits at redhat.com) Date: Thu, 27 Sep 2007 17:36:11 -0400 Subject: rpms/kernel/FC-6/configs config-generic,1.276,1.277 Message-ID: <200709272136.l8RLaBiw010066@cvs.devel.redhat.com> Author: cebbert Update of /cvs/dist/rpms/kernel/FC-6/configs In directory cvs.devel.redhat.com:/tmp/cvs-serv10025/configs Modified Files: config-generic Log Message: * Thu Sep 27 2007 Chuck Ebbert - Revert to old RTC driver. - Zero fill environment for uevent handlers. - Update the libata NCQ disk blacklist. Index: config-generic =================================================================== RCS file: /cvs/dist/rpms/kernel/FC-6/configs/config-generic,v retrieving revision 1.276 retrieving revision 1.277 diff -u -r1.276 -r1.277 --- config-generic 29 Aug 2007 22:32:36 -0000 1.276 +++ config-generic 27 Sep 2007 21:36:09 -0000 1.277 @@ -1844,18 +1844,15 @@ CONFIG_HW_RANDOM=y # CONFIG_NVRAM is not set -# CONFIG_RTC is not set +CONFIG_RTC=y # CONFIG_RTC_DEBUG is not set -CONFIG_GEN_RTC=y -CONFIG_GEN_RTC_X=y -CONFIG_RTC_CLASS=y -CONFIG_RTC_HCTOSYS=y -CONFIG_RTC_HCTOSYS_DEVICE="rtc0" +CONFIG_RTC_CLASS=m +CONFIG_RTC_HCTOSYS=n CONFIG_RTC_INTF_SYSFS=y CONFIG_RTC_INTF_PROC=y CONFIG_RTC_INTF_DEV=y # CONFIG_RTC_INTF_DEV_UIE_EMUL is not set -CONFIG_RTC_DRV_CMOS=m +# CONFIG_RTC_DRV_CMOS is not set CONFIG_RTC_DRV_DS1307=m CONFIG_RTC_DRV_DS1553=m CONFIG_RTC_DRV_DS1672=m