Hello community,
here is the log from the commit of package dazuko
checked in at Thu Dec 7 19:33:04 CET 2006.
--------
--- arch/i386/dazuko/dazuko.changes 2006-11-16 17:07:15.000000000 +0100
+++ /mounts/work_src_done/STABLE/dazuko/dazuko.changes 2006-12-01 10:50:30.000000000 +0100
@@ -1,0 +2,10 @@
+Fri Dec 1 10:35:37 CET 2006 - mt@suse.de
+
+- Updated to dazuko-2.3.2, providing following fixes [Bug #224985]:
+ * name-cache leak for Linux 2.2, 2.4, and 2.6+syscall (patch #5552)
+ * memory leak when removing trusted applications (patch #5552)
+ * Linux 2.6 LSM stacking as a secondary module (obsoletes our
+ dazuko-second_register.diff patch)
+ * overly conservative snprintf() calls
+
+-------------------------------------------------------------------
Old:
----
dazuko-2.3.1.tar.gz
dazuko-2.3.1.tar.gz.asc
dazuko-second_register.diff
New:
----
dazuko-2.3.2.tar.gz
dazuko-2.3.2.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dazuko.spec ++++++
--- /var/tmp/diff_new_pack.qTV6Fl/_old 2006-12-07 19:30:14.000000000 +0100
+++ /var/tmp/diff_new_pack.qTV6Fl/_new 2006-12-07 19:30:14.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package dazuko (Version 2.3.1)
+# spec file for package dazuko (Version 2.3.2)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -14,9 +14,9 @@
Name: dazuko
License: BSD License and BSD-like, Other License(s), see package
Group: System/Kernel
-Version: 2.3.1
+Version: 2.3.2
Release: 1
-%define dazuko_version 2.3.1
+%define dazuko_version 2.3.2
Summary: On-access virus scanning kernel interface
URL: http://www.dazuko.org/
Source0: http://www.dazuko.org/files/dazuko-%{dazuko_version}.tar.gz
@@ -24,7 +24,6 @@
Source2: dazuko.sysconfig
Source3: dazuko.init-script
#Patch0: dazuko-%{dazuko_version}.dif
-Patch1: dazuko-second_register.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExclusiveArch: %ix86 x86_64
#Obsoletes: km_antivir km_dazuko
@@ -61,7 +60,6 @@
%prep
%setup -n dazuko-%{dazuko_version}
#%patch0 -p0
-%patch1 -p0
set -- *
mkdir source
mv "$@" source/
@@ -134,6 +132,13 @@
/var/adm/fillup-templates/sysconfig.dazuko
%changelog -n dazuko
+* Fri Dec 01 2006 - mt@suse.de
+- Updated to dazuko-2.3.2, providing following fixes [Bug #224985]:
+ * name-cache leak for Linux 2.2, 2.4, and 2.6+syscall (patch #5552)
+ * memory leak when removing trusted applications (patch #5552)
+ * Linux 2.6 LSM stacking as a secondary module (obsoletes our
+ dazuko-second_register.diff patch)
+ * overly conservative snprintf() calls
* Thu Nov 16 2006 - mt@suse.de
- Renamed package from hbedv-dazuko(-KMP) to dazuko(-KMP).
* Wed Nov 08 2006 - mt@suse.de
++++++ dazuko-2.3.1.tar.gz -> dazuko-2.3.2.tar.gz ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/dazuko-2.3.1/CHANGELOG new/dazuko-2.3.2/CHANGELOG
--- old/dazuko-2.3.1/CHANGELOG 2006-10-04 00:50:47.000000000 +0200
+++ new/dazuko-2.3.2/CHANGELOG 2006-11-15 09:14:04.000000000 +0100
@@ -2,6 +2,17 @@
Dazuko CHANGELOG
================
+2.3.2-pre2
+- fix name-cache leak for Linux 2.2, 2.4, and 2.6+syscall (patch #5552)
+- fix memory leak when removing trusted applications (patch #5552)
+- fix Linux 2.6 LSM stacking as a secondary module
+- fix overly conservative snprintf() calls
+
+
+2.3.2-pre1
+- fixed syscall support for Linux 2.6 with UTRACE (patch #5398)
+
+
2.3.1
- improved detection of Linux source and object directories
- wrapped devfs in ifdef's for Linux 2.6 w/ syscalls
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/dazuko-2.3.1/dazuko_core.c new/dazuko-2.3.2/dazuko_core.c
--- old/dazuko-2.3.1/dazuko_core.c 2006-10-04 00:30:50.000000000 +0200
+++ new/dazuko-2.3.2/dazuko_core.c 2006-11-15 09:11:03.000000000 +0100
@@ -1368,7 +1368,7 @@
static void dazuko_add_keyvalue_to_replybuffer(struct dazuko_request *request, const char *key, void *value, char vtype)
{
-#define DAZUKO_VSNPRINT(type, name) dazuko_snprintf(request->reply_buffer + request->reply_buffer_size_used, (request->reply_buffer_size - request->reply_buffer_size_used) - 1, "%s%" #type , key, *((name *)value))
+#define DAZUKO_VSNPRINT(type, name) dazuko_snprintf(request->reply_buffer + request->reply_buffer_size_used, (request->reply_buffer_size - request->reply_buffer_size_used), "%s%" #type , key, *((name *)value))
switch (vtype)
{
@@ -2014,6 +2014,7 @@
/* remove this trusted container */
call_xp_id_free(cur->xp_id);
+ call_xp_free(cur->token);
call_xp_free(cur);
return next;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/dazuko-2.3.1/dazuko_linux.c new/dazuko-2.3.2/dazuko_linux.c
--- old/dazuko-2.3.1/dazuko_linux.c 2006-10-04 00:30:55.000000000 +0200
+++ new/dazuko-2.3.2/dazuko_linux.c 2006-11-29 20:52:36.000000000 +0100
@@ -27,7 +27,9 @@
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
#include "dazuko_linux26_device_def.h"
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,18)
#include
+#endif
#include
#include
#include
@@ -78,8 +80,10 @@
#ifndef WITH_LOCAL_DPATH
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0)
extern char * __d_path(struct dentry *, struct vfsmount *, struct dentry *, struct vfsmount *, char *, int);
#endif
+#endif
#ifdef HIDDEN_SCT
@@ -1040,6 +1044,12 @@
{
/* we will try to build a "fake" name from the parent directory */
+ if (freeparentpath != NULL)
+ {
+ /* This needs to be put if we are in the second loop
+ * because the parent was a link. */
+ putname(freeparentpath);
+ }
freeparentpath = getname(dfs->extra_data->user_filename);
/* make sure it is a valid name */
if (IS_ERR(freeparentpath))
@@ -1830,9 +1840,11 @@
error = XXX_do_execve(filename, (char __user * __user *) regs.ecx, (char __user * __user *) regs.edx, ®s);
if (error == 0)
{
- task_lock(current);
- current->ptrace &= ~PT_DTRACE;
- task_unlock(current);
+ #ifndef CONFIG_UTRACE
+ task_lock(current);
+ current->ptrace &= ~PT_DTRACE;
+ task_unlock(current);
+ #endif
/* Make sure we don't return using sysenter.. */
set_thread_flag(TIF_IRET);
}
@@ -2328,7 +2340,7 @@
memcpy(p, KERN_INFO, length);
va_start(args, fmt);
- dazuko_vsnprintf(p + length, (size-1) - length, fmt, args);
+ dazuko_vsnprintf(p + length, size - length, fmt, args);
va_end(args);
p[size-1] = 0;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/dazuko-2.3.1/dazuko_linux26.c new/dazuko-2.3.2/dazuko_linux26.c
--- old/dazuko-2.3.1/dazuko_linux26.c 2006-07-29 11:13:03.000000000 +0200
+++ new/dazuko-2.3.2/dazuko_linux26.c 2006-11-15 09:11:20.000000000 +0100
@@ -1029,6 +1029,9 @@
if (!got_dummy || register_security(&dazuko_register_security_ops) != 0)
{
+ /* set inode_permission hook */
+ dazuko_security_ops.inode_permission = dazuko_sys_generic;
+
/* register as secondary, but with no stacking support */
if (mod_reg_security(DEVICE_NAME, &dazuko_security_ops) != 0)
{
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/dazuko-2.3.1/dazuko_rsbac.c new/dazuko-2.3.2/dazuko_rsbac.c
--- old/dazuko-2.3.1/dazuko_rsbac.c 2006-04-29 11:03:54.000000000 +0200
+++ new/dazuko-2.3.2/dazuko_rsbac.c 2006-11-15 09:13:36.000000000 +0100
@@ -9,7 +9,7 @@
/* Copyright (c) 2006 Avira GmbH */
/* Written by John Ogness */
/* */
-/* Last modified: 29/Apr/2006 */
+/* Last modified: 2/Nov/2006 */
/*************************************************** */
/* Dazuko RSBAC. Allow RSBAC Linux file access control for 3rd-party applications.
@@ -590,7 +590,7 @@
return -1;
va_start(args, fmt);
- dazuko_vsnprintf(p, size-1, fmt, args);
+ dazuko_vsnprintf(p, size, fmt, args);
va_end(args);
p[size-1] = 0;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/dazuko-2.3.1/dazuko_version.h new/dazuko-2.3.2/dazuko_version.h
--- old/dazuko-2.3.1/dazuko_version.h 2006-10-04 00:38:07.000000000 +0200
+++ new/dazuko-2.3.2/dazuko_version.h 2006-11-29 20:49:46.000000000 +0100
@@ -38,8 +38,8 @@
#define DAZUKO_VERSION_MAJOR "2"
#define DAZUKO_VERSION_MINOR "3"
-#define DAZUKO_VERSION_REVISION "1"
-#define DAZUKO_VERSION_RELEASE "4"
+#define DAZUKO_VERSION_REVISION "2"
+#define DAZUKO_VERSION_RELEASE "3"
/* this must be defined for all pre-release versions */
/* #define DAZUKO_PRERELEASE */
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/dazuko-2.3.1/patch_fsecure_init_event.diff new/dazuko-2.3.2/patch_fsecure_init_event.diff
--- old/dazuko-2.3.1/patch_fsecure_init_event.diff 2006-10-04 00:50:31.000000000 +0200
+++ new/dazuko-2.3.2/patch_fsecure_init_event.diff 2006-11-29 20:57:35.000000000 +0100
@@ -10,7 +10,7 @@
retrieving revision 1.100
diff -u -r1.100 configure
--- configure 3 Oct 2006 22:49:11 -0000 1.100
-+++ configure 3 Oct 2006 22:49:33 -0000
++++ configure 29 Nov 2006 19:54:40 -0000
@@ -64,6 +64,7 @@
echo " --enable-event-unlink capture ON_UNLINK events"
echo " --enable-event-rmdir capture ON_RMDIR events"
@@ -79,10 +79,10 @@
Index: dazuko_core.c
===================================================================
RCS file: /cvsroot/dazuko/dazuko/dazuko_core.c,v
-retrieving revision 1.54
-diff -u -r1.54 dazuko_core.c
---- dazuko_core.c 1 Sep 2006 21:12:51 -0000 1.54
-+++ dazuko_core.c 3 Oct 2006 22:49:38 -0000
+retrieving revision 1.56
+diff -u -r1.56 dazuko_core.c
+--- dazuko_core.c 14 Nov 2006 16:47:13 -0000 1.56
++++ dazuko_core.c 29 Nov 2006 19:54:45 -0000
@@ -55,7 +55,7 @@
#define NUM_SLOT_LISTS 5
@@ -128,7 +128,7 @@
retrieving revision 1.6
diff -u -r1.6 dazuko_events.h
--- dazuko_events.h 30 May 2005 17:06:37 -0000 1.6
-+++ dazuko_events.h 3 Oct 2006 22:49:38 -0000
++++ dazuko_events.h 29 Nov 2006 19:54:45 -0000
@@ -43,6 +43,7 @@
#define DAZUKO_ON_UNLINK 16
#define DAZUKO_ON_RMDIR 32
@@ -140,11 +140,11 @@
Index: dazuko_linux.c
===================================================================
RCS file: /cvsroot/dazuko/dazuko/dazuko_linux.c,v
-retrieving revision 1.82
-diff -u -r1.82 dazuko_linux.c
---- dazuko_linux.c 19 Sep 2006 09:48:08 -0000 1.82
-+++ dazuko_linux.c 3 Oct 2006 22:49:42 -0000
-@@ -169,6 +169,16 @@
+retrieving revision 1.86
+diff -u -r1.86 dazuko_linux.c
+--- dazuko_linux.c 15 Nov 2006 11:20:36 -0000 1.86
++++ dazuko_linux.c 29 Nov 2006 19:54:50 -0000
+@@ -173,6 +173,16 @@
#endif
#endif
@@ -161,7 +161,7 @@
static struct file_operations fops = {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
-@@ -1986,6 +1996,76 @@
+@@ -1998,6 +2008,76 @@
}
#endif
@@ -238,7 +238,7 @@
/* system hook */
-@@ -2198,6 +2278,10 @@
+@@ -2210,6 +2290,10 @@
DAZUKO_HOOK(rmdir);
#endif
@@ -249,7 +249,7 @@
#ifdef SYSCALL_TABLE_READONLY
/* protect the syscall table */
change_page_attr(virt_to_page(sys_call_table), 1, PAGE_KERNEL_RO);
-@@ -2268,6 +2352,10 @@
+@@ -2280,6 +2364,10 @@
DAZUKO_UNHOOK(rmdir);
#endif
@@ -266,7 +266,7 @@
retrieving revision 1.5
diff -u -r1.5 example.c
--- example_c/example.c 15 Jun 2005 19:54:17 -0000 1.5
-+++ example_c/example.c 3 Oct 2006 22:49:42 -0000
++++ example_c/example.c 29 Nov 2006 19:54:50 -0000
@@ -93,6 +93,9 @@
case DAZUKO_ON_RMDIR:
printf("RMDIR ");
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org