From: Arkadiusz Miśkiewicz <arekm@maven.pl>
Date: Sat, 3 Dec 2016 14:44:31 +0000 (+0100)
Subject: - up to 4.8.12
X-Git-Tag: auto/th/kernel-4.8.12-1
X-Git-Url: http://git.pld-linux.org/?p=packages%2Fkernel.git;a=commitdiff_plain;h=4a5a8dc62bcac9e1f5874033da5c9b7f062241da

- up to 4.8.12
---

diff --git a/kernel-apparmor.patch b/kernel-apparmor.patch
index 2330b2a2..9c0b815a 100644
--- a/kernel-apparmor.patch
+++ b/kernel-apparmor.patch
@@ -1566,43 +1566,4 @@ index 0000000..9cf9170
 +	return error;
 +}
 
-commit 29fb087c5df8bb8ac354ab58d33c43e68270123b
-Author: John Johansen <john.johansen@canonical.com>
-Date:   Wed Aug 31 21:10:06 2016 -0700
-
-    apparmor: fix change_hat not finding hat after policy replacement
-    
-    After a policy replacement, the task cred may be out of date and need
-    to be updated. However change_hat is using the stale profiles from
-    the out of date cred resulting in either: a stale profile being applied
-    or, incorrect failure when searching for a hat profile as it has been
-    migrated to the new parent profile.
-    
-    Fixes: 01e2b670aa898a39259bc85c78e3d74820f4d3b6 (failure to find hat)
-    Fixes: 898127c34ec03291c86f4ff3856d79e9e18952bc (stale policy being applied)
-    Signed-off-by: John Johansen <john.johansen@canonical.com>
 
-diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
-index f2a83b4..dbd68f2 100644
---- a/security/apparmor/domain.c
-+++ b/security/apparmor/domain.c
-@@ -621,8 +621,8 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
- 	/* released below */
- 	cred = get_current_cred();
- 	cxt = cred_cxt(cred);
--	profile = aa_cred_profile(cred);
--	previous_profile = cxt->previous;
-+	profile = aa_get_newest_profile(aa_cred_profile(cred));
-+	previous_profile = aa_get_newest_profile(cxt->previous);
- 
- 	if (unconfined(profile)) {
- 		info = "unconfined";
-@@ -718,6 +718,8 @@ audit:
- out:
- 	aa_put_profile(hat);
- 	kfree(name);
-+	aa_put_profile(profile);
-+	aa_put_profile(previous_profile);
- 	put_cred(cred);
- 
- 	return error;
diff --git a/kernel.spec b/kernel.spec
index f064554d..f672fc88 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -71,7 +71,7 @@
 
 %define		rel		1
 %define		basever		4.8
-%define		postver		.11
+%define		postver		.12
 
 # define this to '-%{basever}' for longterm branch
 %define		versuffix	%{nil}
@@ -123,7 +123,7 @@ Source0:	https://www.kernel.org/pub/linux/kernel/v4.x/linux-%{basever}.tar.xz
 # Source0-md5:	c1af0afbd3df35c1ccdc7a5118cd2d07
 %if "%{postver}" != ".0"
 Patch0:		https://www.kernel.org/pub/linux/kernel/v4.x/patch-%{version}.xz
-# Patch0-md5:	d999d6d294818491221f6d9789a667e8
+# Patch0-md5:	9a938fd7a82d8b390f957657947fe673
 %endif
 Source1:	kernel.sysconfig