]>
Commit | Line | Data |
---|---|---|
5ba8d060 | 1 | Missing header for routes patch, caused vs2.3 route.h mixing |
2 | --- a/net/ipv4/netfilter/nf_nat_core.c~ 2008-01-24 23:58:37.000000000 +0100 | |
3 | +++ a/net/ipv4/netfilter/nf_nat_core.c 2008-03-30 21:00:19.349593833 +0200 | |
4 | @@ -15,6 +15,7 @@ | |
5 | #include <net/checksum.h> | |
6 | #include <net/icmp.h> | |
7 | #include <net/ip.h> | |
8 | +#include <net/route.h> | |
9 | #include <net/tcp.h> /* For tcp_prot in getorigdst */ | |
10 | #include <linux/icmp.h> | |
11 | #include <linux/udp.h> | |
32ceaa83 | 12 | diff -upr linux-2.6.25/security/selinux/include/av_perm_to_string.h linux-2.6.25/security/selinux/include/av_perm_to_string.h |
13 | --- linux-2.6.25/security/selinux/include/av_perm_to_string.h 2008-04-17 02:49:44.000000000 +0000 | |
14 | +++ linux-2.6.25/security/selinux/include/av_perm_to_string.h 2008-05-21 08:48:33.061933886 +0000 | |
15 | @@ -135,6 +135,7 @@ | |
16 | S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap") | |
17 | S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override") | |
18 | S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin") | |
19 | + S_(SECCLASS_CAPABILITY2, CAPABILITY2__CONTEXT, "context") | |
20 | S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") | |
21 | S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") | |
22 | S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") | |
23 | diff -upr linux-2.6.25/security/selinux/include/av_permissions.h linux-2.6.25/security/selinux/include/av_permissions.h | |
24 | --- linux-2.6.25/security/selinux/include/av_permissions.h 2008-04-17 02:49:44.000000000 +0000 | |
25 | +++ linux-2.6.25/security/selinux/include/av_permissions.h 2008-05-21 08:49:07.059597304 +0000 | |
26 | @@ -536,6 +536,7 @@ | |
27 | #define CAPABILITY__SETFCAP 0x80000000UL | |
28 | #define CAPABILITY2__MAC_OVERRIDE 0x00000001UL | |
29 | #define CAPABILITY2__MAC_ADMIN 0x00000002UL | |
30 | +#define CAPABILITY2__CONTEXT 0x00000004UL | |
31 | #define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL | |
32 | #define NETLINK_ROUTE_SOCKET__READ 0x00000002UL | |
33 | #define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL | |
832a2367 AM |
34 | --- linux-2.6.27/arch/powerpc/include/asm/unistd.h.org 2008-11-02 22:23:47.000000000 +0000 |
35 | +++ linux-2.6.27/arch/powerpc/include/asm/unistd.h 2008-11-02 22:24:37.000000000 +0000 | |
36 | @@ -275,7 +275,7 @@ | |
37 | #endif | |
38 | #define __NR_rtas 255 | |
39 | #define __NR_sys_debug_setcontext 256 | |
40 | -/* Number 257 is reserved for vserver */ | |
41 | +#define __NR_vserver 257 | |
42 | #define __NR_migrate_pages 258 | |
43 | #define __NR_mbind 259 | |
44 | #define __NR_get_mempolicy 260 | |
95690e21 AM |
45 | diff -NurpP linux-2.6.27.6-vs2.3.0.35.10.orig/net/ipv6/addrconf.c linux-2.6.27.6-vs2.3.0.35.10/net/ipv6/addrconf.c |
46 | --- linux-2.6.27.6-vs2.3.0.35.10.orig/net/ipv6/addrconf.c 2008-11-17 23:55:48.000000000 +0100 | |
47 | +++ linux-2.6.27.6-vs2.3.0.35.10/net/ipv6/addrconf.c 2008-11-17 23:47:48.000000000 +0100 | |
48 | @@ -1183,6 +1183,8 @@ int ipv6_dev_get_saddr(struct net *net, | |
49 | dev->name); | |
50 | continue; | |
51 | } | |
52 | + if (!v6_addr_in_nx_info(nxi, &score->ifa->addr, -1)) | |
53 | + continue; | |
54 | ||
55 | score->rule = -1; | |
56 | bitmap_zero(score->scorebits, IPV6_SADDR_RULE_MAX); | |
57 | diff -NurpP linux-2.6.27.6-vs2.3.0.35.10.orig/net/ipv6/raw.c linux-2.6.27.6-vs2.3.0.35.10/net/ipv6/raw.c | |
58 | --- linux-2.6.27.6-vs2.3.0.35.10.orig/net/ipv6/raw.c 2008-10-10 00:13:53.000000000 +0200 | |
59 | +++ linux-2.6.27.6-vs2.3.0.35.10/net/ipv6/raw.c 2008-11-17 23:34:18.000000000 +0100 | |
60 | @@ -29,6 +29,7 @@ | |
61 | #include <linux/icmpv6.h> | |
62 | #include <linux/netfilter.h> | |
63 | #include <linux/netfilter_ipv6.h> | |
64 | +#include <linux/vs_inet6.h> | |
65 | #include <linux/skbuff.h> | |
66 | #include <asm/uaccess.h> | |
67 | #include <asm/ioctls.h> | |
68 | @@ -281,6 +282,13 @@ static int rawv6_bind(struct sock *sk, s | |
69 | } | |
70 | } | |
71 | ||
72 | + if (!v6_addr_in_nx_info(sk->sk_nx_info, &addr->sin6_addr, -1)) { | |
73 | + err = -EADDRNOTAVAIL; | |
74 | + if (dev) | |
75 | + dev_put(dev); | |
76 | + goto out; | |
77 | + } | |
78 | + | |
79 | /* ipv4 addr of the socket is invalid. Only the | |
80 | * unspecified and mapped address have a v4 equivalent. | |
81 | */ |