rpms/kernel/devel linux-2.6-selinux-strip-leading-slashes.patch, NONE, 1.1 linux-2.6-wireless-b43-reject-new-firmware.patch, NONE, 1.1 kernel.spec, 1.390, 1.391

Chuck Ebbert (cebbert) fedora-extras-commits at redhat.com
Tue Jan 29 00:36:38 UTC 2008 

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19463

Modified Files:
	kernel.spec 
Added Files:
	linux-2.6-selinux-strip-leading-slashes.patch 
	linux-2.6-wireless-b43-reject-new-firmware.patch 
Log Message:
* Mon Jan 28 2008 Chuck Ebbert <cebbert at redhat.com>
- Strip extra leading slashes in selinux filenames.
- wireless: reject too-new b43 firmware


linux-2.6-selinux-strip-leading-slashes.patch:

--- NEW FILE linux-2.6-selinux-strip-leading-slashes.patch ---
commit b1aa5301b9f88a4891061650c591fb8fe1c1d1da
Author: Stephen Smalley <sds at tycho.nsa.gov>
Date:   Fri Jan 25 13:03:42 2008 -0500

    selinux: fix labeling of /proc/net inodes
    
    The proc net rewrite had a side effect on selinux, leading it to mislabel
    the /proc/net inodes, thereby leading to incorrect denials.  Fix
    security_genfs_sid to ignore extra leading / characters in the path supplied
    by selinux_proc_get_sid since we now get "//net/..." rather than "/net/...".
    
    Signed-off-by: Stephen Smalley <sds at tycho.nsa.gov>
    Signed-off-by: James Morris <jmorris at namei.org>

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index f83b19d..4bf715d 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1744,6 +1744,9 @@ int security_genfs_sid(const char *fstype,
 	struct ocontext *c;
 	int rc = 0, cmp = 0;
 
+	while (path[0] == '/' && path[1] == '/')
+		path++;
+
 	POLICY_RDLOCK;
 
 	for (genfs = policydb.genfs; genfs; genfs = genfs->next) {


linux-2.6-wireless-b43-reject-new-firmware.patch:

--- NEW FILE linux-2.6-wireless-b43-reject-new-firmware.patch ---
We must reject new incompatible firmware early to avoid
running into strange transmission failures.

The current development tree supports newer firmware revisions.
These revisions cause strange failures on the stable 2.6.24 kernel.
Add a check to avoid confusing users a lot.

Signed-off-by: Michael Buesch <mb at bu3sch.de>


Index: linux-2.6.24/drivers/net/wireless/b43/main.c
===================================================================
--- linux-2.6.24.orig/drivers/net/wireless/b43/main.c	2008-01-25 11:50:05.000000000 +0100
+++ linux-2.6.24/drivers/net/wireless/b43/main.c	2008-01-26 13:25:07.000000000 +0100
@@ -1800,6 +1800,13 @@ static int b43_upload_microcode(struct b
 		err = -EOPNOTSUPP;
 		goto error;
 	}
+	if (fwrev > 351) {
+		b43err(dev->wl, "YOUR FIRMWARE IS TOO NEW. Please downgrade your "
+		       "firmware.\n");
+		b43_print_fw_helptext(dev->wl, 1);
+		err = -EOPNOTSUPP;
+		goto error;
+	}
 	b43dbg(dev->wl, "Loading firmware version %u.%u "
 	       "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
 	       fwrev, fwpatch,


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.390
retrieving revision 1.391
diff -u -r1.390 -r1.391
--- kernel.spec	28 Jan 2008 23:15:42 -0000	1.390
+++ kernel.spec	29 Jan 2008 00:35:59 -0000	1.391
@@ -615,6 +615,7 @@
 Patch460: linux-2.6-serial-460800.patch
 Patch510: linux-2.6-silence-noise.patch
 Patch570: linux-2.6-selinux-mprotect-checks.patch
+Patch571: linux-2.6-selinux-strip-leading-slashes.patch
 Patch590: linux-2.6-unexport-symbols.patch
 Patch610: linux-2.6-defaults-fat-utf8.patch
 Patch660: linux-2.6-libata-ali-atapi-dma.patch
@@ -625,6 +626,7 @@
 Patch690: linux-2.6-at76.patch
 Patch691: linux-2.6-rndis_wext.patch
 Patch692: linux-2.6-ath5k-use-soft-wep.patch
+Patch693: linux-2.6-wireless-b43-reject-new-firmware.patch
 Patch820: linux-2.6-compile-fixes.patch
 Patch1101: linux-2.6-default-mmf_dump_elf_headers.patch
 Patch1102: linux-2.6-i386-vdso-install-unstripped-copies-on-disk.patch
@@ -1118,6 +1120,8 @@
 
 # Fix the SELinux mprotect checks on executable mappings
 ApplyPatch linux-2.6-selinux-mprotect-checks.patch
+# strip extra leading slashes in pathnames
+ApplyPatch linux-2.6-selinux-strip-leading-slashes.patch
 
 # Remove kernel-internal functionality that nothing external should use.
 ApplyPatch linux-2.6-unexport-symbols.patch
@@ -1145,6 +1149,9 @@
 # Make ath5k use software WEP
 ApplyPatch linux-2.6-ath5k-use-soft-wep.patch
 
+# reject too-new b43 firmware
+ApplyPatch linux-2.6-wireless-b43-reject-new-firmware.patch
+
 # implement smarter atime updates support.
 ApplyPatch linux-2.6-smarter-relatime.patch
 
@@ -1771,6 +1778,10 @@
 
 %changelog
 * Mon Jan 28 2008 Chuck Ebbert <cebbert at redhat.com>
+- Strip extra leading slashes in selinux filenames.
+- wireless: reject too-new b43 firmware
+
+* Mon Jan 28 2008 Chuck Ebbert <cebbert at redhat.com>
 - Build in the CMOS RTC driver.
 
 * Mon Jan 28 2008 Jarod Wilson <jwilson at redhat.com>

More information about the fedora-extras-commits mailing list