Hello community, here is the log from the commit of package dazuko checked in at Thu Dec 7 19:33:04 CET 2006. -------- --- arch/i386/dazuko/dazuko.changes 2006-11-16 17:07:15.000000000 +0100 +++ /mounts/work_src_done/STABLE/dazuko/dazuko.changes 2006-12-01 10:50:30.000000000 +0100 @@ -1,0 +2,10 @@ +Fri Dec 1 10:35:37 CET 2006 - mt@suse.de + +- Updated to dazuko-2.3.2, providing following fixes [Bug #224985]: + * name-cache leak for Linux 2.2, 2.4, and 2.6+syscall (patch #5552) + * memory leak when removing trusted applications (patch #5552) + * Linux 2.6 LSM stacking as a secondary module (obsoletes our + dazuko-second_register.diff patch) + * overly conservative snprintf() calls + +------------------------------------------------------------------- Old: ---- dazuko-2.3.1.tar.gz dazuko-2.3.1.tar.gz.asc dazuko-second_register.diff New: ---- dazuko-2.3.2.tar.gz dazuko-2.3.2.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dazuko.spec ++++++ --- /var/tmp/diff_new_pack.qTV6Fl/_old 2006-12-07 19:30:14.000000000 +0100 +++ /var/tmp/diff_new_pack.qTV6Fl/_new 2006-12-07 19:30:14.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package dazuko (Version 2.3.1) +# spec file for package dazuko (Version 2.3.2) # # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -14,9 +14,9 @@ Name: dazuko License: BSD License and BSD-like, Other License(s), see package Group: System/Kernel -Version: 2.3.1 +Version: 2.3.2 Release: 1 -%define dazuko_version 2.3.1 +%define dazuko_version 2.3.2 Summary: On-access virus scanning kernel interface URL: http://www.dazuko.org/ Source0: http://www.dazuko.org/files/dazuko-%{dazuko_version}.tar.gz @@ -24,7 +24,6 @@ Source2: dazuko.sysconfig Source3: dazuko.init-script #Patch0: dazuko-%{dazuko_version}.dif -Patch1: dazuko-second_register.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: %ix86 x86_64 #Obsoletes: km_antivir km_dazuko @@ -61,7 +60,6 @@ %prep %setup -n dazuko-%{dazuko_version} #%patch0 -p0 -%patch1 -p0 set -- * mkdir source mv "$@" source/ @@ -134,6 +132,13 @@ /var/adm/fillup-templates/sysconfig.dazuko %changelog -n dazuko +* Fri Dec 01 2006 - mt@suse.de +- Updated to dazuko-2.3.2, providing following fixes [Bug #224985]: + * name-cache leak for Linux 2.2, 2.4, and 2.6+syscall (patch #5552) + * memory leak when removing trusted applications (patch #5552) + * Linux 2.6 LSM stacking as a secondary module (obsoletes our + dazuko-second_register.diff patch) + * overly conservative snprintf() calls * Thu Nov 16 2006 - mt@suse.de - Renamed package from hbedv-dazuko(-KMP) to dazuko(-KMP). * Wed Nov 08 2006 - mt@suse.de ++++++ dazuko-2.3.1.tar.gz -> dazuko-2.3.2.tar.gz ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/dazuko-2.3.1/CHANGELOG new/dazuko-2.3.2/CHANGELOG --- old/dazuko-2.3.1/CHANGELOG 2006-10-04 00:50:47.000000000 +0200 +++ new/dazuko-2.3.2/CHANGELOG 2006-11-15 09:14:04.000000000 +0100 @@ -2,6 +2,17 @@ Dazuko CHANGELOG ================ +2.3.2-pre2 +- fix name-cache leak for Linux 2.2, 2.4, and 2.6+syscall (patch #5552) +- fix memory leak when removing trusted applications (patch #5552) +- fix Linux 2.6 LSM stacking as a secondary module +- fix overly conservative snprintf() calls + + +2.3.2-pre1 +- fixed syscall support for Linux 2.6 with UTRACE (patch #5398) + + 2.3.1 - improved detection of Linux source and object directories - wrapped devfs in ifdef's for Linux 2.6 w/ syscalls diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/dazuko-2.3.1/dazuko_core.c new/dazuko-2.3.2/dazuko_core.c --- old/dazuko-2.3.1/dazuko_core.c 2006-10-04 00:30:50.000000000 +0200 +++ new/dazuko-2.3.2/dazuko_core.c 2006-11-15 09:11:03.000000000 +0100 @@ -1368,7 +1368,7 @@ static void dazuko_add_keyvalue_to_replybuffer(struct dazuko_request *request, const char *key, void *value, char vtype) { -#define DAZUKO_VSNPRINT(type, name) dazuko_snprintf(request->reply_buffer + request->reply_buffer_size_used, (request->reply_buffer_size - request->reply_buffer_size_used) - 1, "%s%" #type , key, *((name *)value)) +#define DAZUKO_VSNPRINT(type, name) dazuko_snprintf(request->reply_buffer + request->reply_buffer_size_used, (request->reply_buffer_size - request->reply_buffer_size_used), "%s%" #type , key, *((name *)value)) switch (vtype) { @@ -2014,6 +2014,7 @@ /* remove this trusted container */ call_xp_id_free(cur->xp_id); + call_xp_free(cur->token); call_xp_free(cur); return next; diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/dazuko-2.3.1/dazuko_linux.c new/dazuko-2.3.2/dazuko_linux.c --- old/dazuko-2.3.1/dazuko_linux.c 2006-10-04 00:30:55.000000000 +0200 +++ new/dazuko-2.3.2/dazuko_linux.c 2006-11-29 20:52:36.000000000 +0100 @@ -27,7 +27,9 @@ #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) #include "dazuko_linux26_device_def.h" +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,18) #include <linux/config.h> +#endif #include <linux/module.h> #include <linux/kernel.h> #include <linux/init.h> @@ -78,8 +80,10 @@ #ifndef WITH_LOCAL_DPATH +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0) extern char * __d_path(struct dentry *, struct vfsmount *, struct dentry *, struct vfsmount *, char *, int); #endif +#endif #ifdef HIDDEN_SCT @@ -1040,6 +1044,12 @@ { /* we will try to build a "fake" name from the parent directory */ + if (freeparentpath != NULL) + { + /* This needs to be put if we are in the second loop + * because the parent was a link. */ + putname(freeparentpath); + } freeparentpath = getname(dfs->extra_data->user_filename); /* make sure it is a valid name */ if (IS_ERR(freeparentpath)) @@ -1830,9 +1840,11 @@ error = XXX_do_execve(filename, (char __user * __user *) regs.ecx, (char __user * __user *) regs.edx, ®s); if (error == 0) { - task_lock(current); - current->ptrace &= ~PT_DTRACE; - task_unlock(current); + #ifndef CONFIG_UTRACE + task_lock(current); + current->ptrace &= ~PT_DTRACE; + task_unlock(current); + #endif /* Make sure we don't return using sysenter.. */ set_thread_flag(TIF_IRET); } @@ -2328,7 +2340,7 @@ memcpy(p, KERN_INFO, length); va_start(args, fmt); - dazuko_vsnprintf(p + length, (size-1) - length, fmt, args); + dazuko_vsnprintf(p + length, size - length, fmt, args); va_end(args); p[size-1] = 0; diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/dazuko-2.3.1/dazuko_linux26.c new/dazuko-2.3.2/dazuko_linux26.c --- old/dazuko-2.3.1/dazuko_linux26.c 2006-07-29 11:13:03.000000000 +0200 +++ new/dazuko-2.3.2/dazuko_linux26.c 2006-11-15 09:11:20.000000000 +0100 @@ -1029,6 +1029,9 @@ if (!got_dummy || register_security(&dazuko_register_security_ops) != 0) { + /* set inode_permission hook */ + dazuko_security_ops.inode_permission = dazuko_sys_generic; + /* register as secondary, but with no stacking support */ if (mod_reg_security(DEVICE_NAME, &dazuko_security_ops) != 0) { diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/dazuko-2.3.1/dazuko_rsbac.c new/dazuko-2.3.2/dazuko_rsbac.c --- old/dazuko-2.3.1/dazuko_rsbac.c 2006-04-29 11:03:54.000000000 +0200 +++ new/dazuko-2.3.2/dazuko_rsbac.c 2006-11-15 09:13:36.000000000 +0100 @@ -9,7 +9,7 @@ /* Copyright (c) 2006 Avira GmbH */ /* Written by John Ogness <john.ogness@avira.com> */ /* */ -/* Last modified: 29/Apr/2006 */ +/* Last modified: 2/Nov/2006 */ /*************************************************** */ /* Dazuko RSBAC. Allow RSBAC Linux file access control for 3rd-party applications. @@ -590,7 +590,7 @@ return -1; va_start(args, fmt); - dazuko_vsnprintf(p, size-1, fmt, args); + dazuko_vsnprintf(p, size, fmt, args); va_end(args); p[size-1] = 0; diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/dazuko-2.3.1/dazuko_version.h new/dazuko-2.3.2/dazuko_version.h --- old/dazuko-2.3.1/dazuko_version.h 2006-10-04 00:38:07.000000000 +0200 +++ new/dazuko-2.3.2/dazuko_version.h 2006-11-29 20:49:46.000000000 +0100 @@ -38,8 +38,8 @@ #define DAZUKO_VERSION_MAJOR "2" #define DAZUKO_VERSION_MINOR "3" -#define DAZUKO_VERSION_REVISION "1" -#define DAZUKO_VERSION_RELEASE "4" +#define DAZUKO_VERSION_REVISION "2" +#define DAZUKO_VERSION_RELEASE "3" /* this must be defined for all pre-release versions */ /* #define DAZUKO_PRERELEASE */ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/dazuko-2.3.1/patch_fsecure_init_event.diff new/dazuko-2.3.2/patch_fsecure_init_event.diff --- old/dazuko-2.3.1/patch_fsecure_init_event.diff 2006-10-04 00:50:31.000000000 +0200 +++ new/dazuko-2.3.2/patch_fsecure_init_event.diff 2006-11-29 20:57:35.000000000 +0100 @@ -10,7 +10,7 @@ retrieving revision 1.100 diff -u -r1.100 configure --- configure 3 Oct 2006 22:49:11 -0000 1.100 -+++ configure 3 Oct 2006 22:49:33 -0000 ++++ configure 29 Nov 2006 19:54:40 -0000 @@ -64,6 +64,7 @@ echo " --enable-event-unlink capture ON_UNLINK events" echo " --enable-event-rmdir capture ON_RMDIR events" @@ -79,10 +79,10 @@ Index: dazuko_core.c =================================================================== RCS file: /cvsroot/dazuko/dazuko/dazuko_core.c,v -retrieving revision 1.54 -diff -u -r1.54 dazuko_core.c ---- dazuko_core.c 1 Sep 2006 21:12:51 -0000 1.54 -+++ dazuko_core.c 3 Oct 2006 22:49:38 -0000 +retrieving revision 1.56 +diff -u -r1.56 dazuko_core.c +--- dazuko_core.c 14 Nov 2006 16:47:13 -0000 1.56 ++++ dazuko_core.c 29 Nov 2006 19:54:45 -0000 @@ -55,7 +55,7 @@ #define NUM_SLOT_LISTS 5 @@ -128,7 +128,7 @@ retrieving revision 1.6 diff -u -r1.6 dazuko_events.h --- dazuko_events.h 30 May 2005 17:06:37 -0000 1.6 -+++ dazuko_events.h 3 Oct 2006 22:49:38 -0000 ++++ dazuko_events.h 29 Nov 2006 19:54:45 -0000 @@ -43,6 +43,7 @@ #define DAZUKO_ON_UNLINK 16 #define DAZUKO_ON_RMDIR 32 @@ -140,11 +140,11 @@ Index: dazuko_linux.c =================================================================== RCS file: /cvsroot/dazuko/dazuko/dazuko_linux.c,v -retrieving revision 1.82 -diff -u -r1.82 dazuko_linux.c ---- dazuko_linux.c 19 Sep 2006 09:48:08 -0000 1.82 -+++ dazuko_linux.c 3 Oct 2006 22:49:42 -0000 -@@ -169,6 +169,16 @@ +retrieving revision 1.86 +diff -u -r1.86 dazuko_linux.c +--- dazuko_linux.c 15 Nov 2006 11:20:36 -0000 1.86 ++++ dazuko_linux.c 29 Nov 2006 19:54:50 -0000 +@@ -173,6 +173,16 @@ #endif #endif @@ -161,7 +161,7 @@ static struct file_operations fops = { #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) -@@ -1986,6 +1996,76 @@ +@@ -1998,6 +2008,76 @@ } #endif @@ -238,7 +238,7 @@ /* system hook */ -@@ -2198,6 +2278,10 @@ +@@ -2210,6 +2290,10 @@ DAZUKO_HOOK(rmdir); #endif @@ -249,7 +249,7 @@ #ifdef SYSCALL_TABLE_READONLY /* protect the syscall table */ change_page_attr(virt_to_page(sys_call_table), 1, PAGE_KERNEL_RO); -@@ -2268,6 +2352,10 @@ +@@ -2280,6 +2364,10 @@ DAZUKO_UNHOOK(rmdir); #endif @@ -266,7 +266,7 @@ retrieving revision 1.5 diff -u -r1.5 example.c --- example_c/example.c 15 Jun 2005 19:54:17 -0000 1.5 -+++ example_c/example.c 3 Oct 2006 22:49:42 -0000 ++++ example_c/example.c 29 Nov 2006 19:54:50 -0000 @@ -93,6 +93,9 @@ case DAZUKO_ON_RMDIR: printf("RMDIR "); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org