[kernel] r16211 - in dists/trunk/linux-2.6/debian: . patches/bugfix/all patches/series
Aurelien Jarno
aurel32 at alioth.debian.org
Sun Aug 29 14:27:07 UTC 2010
Author: aurel32
Date: Sun Aug 29 14:26:58 2010
New Revision: 16211
Log:
* Fix netfilter CONFIG_COMPAT support.
Added:
dists/trunk/linux-2.6/debian/patches/bugfix/all/netfilter-fix-CONFIG_COMPAT-support.patch
dists/trunk/linux-2.6/debian/patches/series/1~experimental.3
Modified:
dists/trunk/linux-2.6/debian/changelog
Modified: dists/trunk/linux-2.6/debian/changelog
==============================================================================
--- dists/trunk/linux-2.6/debian/changelog Sun Aug 29 14:24:44 2010 (r16210)
+++ dists/trunk/linux-2.6/debian/changelog Sun Aug 29 14:26:58 2010 (r16211)
@@ -33,6 +33,9 @@
* Disable Ralink staging drivers, the in-tree ones reached "works-for-me"
status.
+ [ Aurelien Jarno ]
+ * Fix netfilter CONFIG_COMPAT support.
+
-- Ben Hutchings <ben at decadent.org.uk> Wed, 18 Aug 2010 02:45:21 +0100
linux-2.6 (2.6.35-1~experimental.2) experimental; urgency=low
Added: dists/trunk/linux-2.6/debian/patches/bugfix/all/netfilter-fix-CONFIG_COMPAT-support.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/trunk/linux-2.6/debian/patches/bugfix/all/netfilter-fix-CONFIG_COMPAT-support.patch Sun Aug 29 14:26:58 2010 (r16211)
@@ -0,0 +1,64 @@
+commit cca77b7c81876d819a5806f408b3c29b5b61a815
+Author: Florian Westphal <fw at strlen.de>
+Date: Mon Aug 23 14:41:22 2010 -0700
+
+ netfilter: fix CONFIG_COMPAT support
+
+ commit f3c5c1bfd430858d3a05436f82c51e53104feb6b
+ (netfilter: xtables: make ip_tables reentrant) forgot to
+ also compute the jumpstack size in the compat handlers.
+
+ Result is that "iptables -I INPUT -j userchain" turns into -j DROP.
+
+ Reported by Sebastian Roesner on #netfilter, closes
+ http://bugzilla.netfilter.org/show_bug.cgi?id=669.
+
+ Note: arptables change is compile-tested only.
+
+ Signed-off-by: Florian Westphal <fw at strlen.de>
+ Acked-by: Eric Dumazet <eric.dumazet at gmail.com>
+ Tested-by: Mikael Pettersson <mikpe at it.uu.se>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
+index 51d6c31..e8f4f9a 100644
+--- a/net/ipv4/netfilter/arp_tables.c
++++ b/net/ipv4/netfilter/arp_tables.c
+@@ -1420,6 +1420,9 @@ static int translate_compat_table(const char *name,
+ if (ret != 0)
+ break;
+ ++i;
++ if (strcmp(arpt_get_target(iter1)->u.user.name,
++ XT_ERROR_TARGET) == 0)
++ ++newinfo->stacksize;
+ }
+ if (ret) {
+ /*
+diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
+index 97b64b2..d163f2e 100644
+--- a/net/ipv4/netfilter/ip_tables.c
++++ b/net/ipv4/netfilter/ip_tables.c
+@@ -1751,6 +1751,9 @@ translate_compat_table(struct net *net,
+ if (ret != 0)
+ break;
+ ++i;
++ if (strcmp(ipt_get_target(iter1)->u.user.name,
++ XT_ERROR_TARGET) == 0)
++ ++newinfo->stacksize;
+ }
+ if (ret) {
+ /*
+diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
+index 29a7bca..8e754be 100644
+--- a/net/ipv6/netfilter/ip6_tables.c
++++ b/net/ipv6/netfilter/ip6_tables.c
+@@ -1766,6 +1766,9 @@ translate_compat_table(struct net *net,
+ if (ret != 0)
+ break;
+ ++i;
++ if (strcmp(ip6t_get_target(iter1)->u.user.name,
++ XT_ERROR_TARGET) == 0)
++ ++newinfo->stacksize;
+ }
+ if (ret) {
+ /*
Added: dists/trunk/linux-2.6/debian/patches/series/1~experimental.3
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/trunk/linux-2.6/debian/patches/series/1~experimental.3 Sun Aug 29 14:26:58 2010 (r16211)
@@ -0,0 +1 @@
++ bugfix/all/netfilter-fix-CONFIG_COMPAT-support.patch
More information about the Kernel-svn-changes
mailing list