rpms/libselinux/devel libselinux-rhat.patch, 1.96, 1.97 libselinux.spec, 1.234, 1.235
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Dec 6 19:13:56 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/libselinux/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv20524
Modified Files:
libselinux-rhat.patch libselinux.spec
Log Message:
* Wed Dec 6 2006 Dan Walsh <dwalsh at redhat.com> - 1.33.2-3
- Fix matchpathcon to lstat files
libselinux-rhat.patch:
matchpathcon |binary
matchpathcon.c | 20 ++++++++++++++------
2 files changed, 14 insertions(+), 6 deletions(-)
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.96 -r 1.97 libselinux-rhat.patch
Index: libselinux-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/libselinux/devel/libselinux-rhat.patch,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- libselinux-rhat.patch 30 Nov 2006 18:11:20 -0000 1.96
+++ libselinux-rhat.patch 6 Dec 2006 19:13:54 -0000 1.97
@@ -1,19878 +1,64 @@
-diff --exclude-from=exclude -N -u -r nsalibselinux/ChangeLog libselinux-1.33.1/ChangeLog
---- nsalibselinux/ChangeLog 2006-11-28 09:24:33.000000000 -0500
-+++ libselinux-1.33.1/ChangeLog 1969-12-31 19:00:00.000000000 -0500
-@@ -1,575 +0,0 @@
--1.33.2 2006-11-27
-- * Merged patch to compile wit -fPIC instead of -fpic from
-- Manoj Srivastava to prevent hitting the global offest table
-- limit. Patch changed to include libselinux and libsemanage in
-- addition to libselinux.
--1.33.1 2006-10-19
-- * Merged updated flask definitions from Darrel Goeddel.
-- This adds the context security class, and also adds
-- the string definitions for setsockcreate and polmatch.
--
--1.32 2006-10-17
-- * Updated version for release.
--
--1.30.30 2006-10-05
-- * Merged patch from Darrel Goeddel to always use untranslated
-- contexts in the userspace AVC.
--
--1.30.29 2006-09-29
-- * Merged av_permissions.h update from Steve Grubb,
-- adding setsockcreate and polmatch definitions.
--
--1.30.28 2006-09-13
-- * Merged patch from Steve Smalley to fix SIGPIPE in setrans_client
-- * Merged c++ class identifier fix from Joe Nall.
--
--1.30.27 2006-08-24
-- * Merged patch to not log avc stats upon a reset from Steve Grubb.
-- * Applied patch to revert compat_net setting upon policy load.
--
--1.30.26 2006-08-11
-- * Merged file context homedir and local path functions from
-- Chris PeBenito.
--
--1.30.25 2006-08-11
-- * Rework functions that access /proc/pid/attr to access the
-- per-thread nodes, and unify the code to simplify maintenance.
--
--1.30.24 2006-08-10
-- * Merged return value fix for *getfilecon() from Dan Walsh.
--
--1.30.23 2006-08-10
-- * Merged sockcreate interfaces from Eric Paris.
--
--1.30.22 2006-08-03
-- * Merged no-tls-direct-seg-refs patch from Jeremy Katz.
--
--1.30.21 2006-08-03
-- * Merged netfilter_contexts support patch from Chris PeBenito.
--
--1.30.20 2006-08-01
-- * Merged context_*_set errno patch from Jim Meyering.
--
--1.30.19 2006-06-29
-- * Lindent.
--
--1.30.18 2006-06-27
-- * Merged {get,set}procattrcon patch set from Eric Paris.
-- * Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris.
--
--1.30.17 2006-06-27
-- * Regenerated Flask headers from refpolicy.
--
--1.30.16 2006-06-26
-- * Merged patch from Dan Walsh with:
-- - Added selinux_file_context_{cmp,verify}.
-- - Added selinux_lsetfilecon_default.
-- - Delay translation of contexts in matchpathcon.
--
--1.30.15 2006-06-16
-- * Merged patch from Dan Walsh with:
-- * Added selinux_getpolicytype() function.
-- * Modified setrans code to skip processing if !mls_enabled.
--
--1.30.14 2006-06-16
-- * Set errno in the !selinux_mnt case.
--
--1.30.13 2006-06-02
-- * Allocate large buffers from the heap, not on stack.
-- Affects is_context_customizable, selinux_init_load_policy,
-- and selinux_getenforcemode.
--
--1.30.12 2006-06-02
-- * Merged !selinux_mnt checks from Ian Kent.
--
--1.30.11 2006-05-24
-- * Merged matchmediacon and trans_to_raw_context fixes from
-- Serge Hallyn.
--
--1.30.10 2006-05-22
-- * Merged simple setrans client cache from Dan Walsh.
-- Merged avcstat patch from Russell Coker.
--
--1.30.9 2006-05-22
-- * Modified selinux_mkload_policy() to also set /selinux/compat_net
-- appropriately for the loaded policy.
--
--1.30.8 2006-05-17
-- * Added matchpathcon_fini() function to free memory allocated by
-- matchpathcon_init().
--
--1.30.7 2006-05-16
-- * Merged setrans client cleanup patch from Steve Grubb.
--
--1.30.6 2006-05-08
-- * Merged getfscreatecon man page fix from Dan Walsh.
-- * Updated booleans(8) man page to drop references to the old
-- booleans file and to note that setsebool can be used to set
-- the boot-time defaults via -P.
--
--1.30.5 2006-05-05
-- * Merged fix warnings patch from Karl MacMillan.
--
--1.30.4 2006-05-05
-- * Merged setrans client support from Dan Walsh.
-- This removes use of libsetrans.
-- * Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
-- * Merged swig typemap fixes from Glauber de Oliveira Costa.
--
--1.30.3 2006-04-12
-- * Added distclean target to Makefile.
-- * Regenerated swig files.
--
--1.30.2 2006-04-11
-- * Changed matchpathcon_init to verify that the spec file is
-- a regular file.
-- * Merged python binding t_output_helper removal patch from Dan Walsh.
--
--1.30.1 2006-03-20
-- * Merged Makefile PYLIBVER definition patch from Dan Walsh.
--
--1.30 2006-03-14
-- * Updated version for release.
--
--1.29.8 2006-02-27
-- * Altered rpm_execcon fallback logic for permissive mode to also
-- handle case where /selinux/enforce is not available.
--
--1.29.7 2006-01-20
-- * Merged install-pywrap Makefile patch from Joshua Brindle.
--
--1.29.6 2006-01-18
-- * Merged pywrap Makefile patch from Dan Walsh.
--
--1.29.5 2006-01-11
-- * Added getseuser test program.
--
--1.29.4 2006-01-06
-- * Added format attribute to myprintf in matchpathcon.c and
-- removed obsoleted rootlen variable in init_selinux_config().
--
--1.29.3 2006-01-04
-- * Merged several fixes and improvements from Ulrich Drepper
-- (Red Hat), including:
-- - corrected use of getline
-- - further calls to __fsetlocking for local files
-- - use of strdupa and asprintf
-- - proper handling of dirent in booleans code
-- - use of -z relro
-- - several other optimizations
-- * Merged getpidcon python wrapper from Dan Walsh (Red Hat).
--
--1.29.2 2005-12-14
-- * Merged call to finish_context_translations from Dan Walsh.
-- This eliminates a memory leak from failing to release memory
-- allocated by libsetrans.
--
--1.29.1 2005-12-08
-- * Merged patch for swig interfaces from Dan Walsh.
--
--1.28 2005-12-07
-- * Updated version for release.
--
--1.27.28 2005-12-01
-- * Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
-- modified matchpathcon implementation to make context validation/
-- canonicalization optional at matchpathcon_init time, deferring it
-- to a successful matchpathcon by default unless the new flag is set
-- by the caller.
--
--1.27.27 2005-12-01
-- * Added matchpathcon_init_prefix() interface, and
-- reworked matchpathcon implementation to support selective
-- loading of file contexts entries based on prefix matching
-- between the pathname regex stems and the specified path
-- prefix (stem must be a prefix of the specified path prefix).
--
--1.27.26 2005-11-29
[...19544 lines suppressed...]
-+++ libselinux-1.33.1/utils/selinuxenabled.c 1969-12-31 19:00:00.000000000 -0500
-@@ -1,9 +0,0 @@
--#include <unistd.h>
--#include <stdio.h>
--#include <stdlib.h>
--#include <selinux/selinux.h>
--
--int main(void)
--{
-- return !is_selinux_enabled();
--}
-diff --exclude-from=exclude -N -u -r nsalibselinux/utils/setenforce.c libselinux-1.33.1/utils/setenforce.c
---- nsalibselinux/utils/setenforce.c 2006-11-16 17:15:17.000000000 -0500
-+++ libselinux-1.33.1/utils/setenforce.c 1969-12-31 19:00:00.000000000 -0500
-@@ -1,42 +0,0 @@
--#include <unistd.h>
--#include <stdio.h>
--#include <stdlib.h>
--#include <ctype.h>
--#include <string.h>
--#include <strings.h>
--#include <selinux/selinux.h>
--
--void usage(const char *progname)
--{
-- fprintf(stderr, "usage: %s [ Enforcing | Permissive | 1 | 0 ]\n",
-- progname);
-- exit(1);
--}
--
--int main(int argc, char **argv)
--{
-- int rc = 0;
-- if (argc != 2) {
-- usage(argv[0]);
-- }
--
-- if (is_selinux_enabled() <= 0) {
-- fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
-- return 1;
-- }
-- if (strlen(argv[1]) == 1 && (argv[1][0] == '0' || argv[1][0] == '1')) {
-- rc = security_setenforce(atoi(argv[1]));
-- } else {
-- if (strcasecmp(argv[1], "enforcing") == 0) {
-- rc = security_setenforce(1);
-- } else if (strcasecmp(argv[1], "permissive") == 0) {
-- rc = security_setenforce(0);
-- } else
-- usage(argv[0]);
-- }
-- if (rc < 0) {
-- fprintf(stderr, "%s: setenforce() failed\n", argv[0]);
-- return 2;
-- }
-- return 0;
--}
-diff --exclude-from=exclude -N -u -r nsalibselinux/utils/setfilecon.c libselinux-1.33.1/utils/setfilecon.c
---- nsalibselinux/utils/setfilecon.c 2006-11-16 17:15:17.000000000 -0500
-+++ libselinux-1.33.1/utils/setfilecon.c 1969-12-31 19:00:00.000000000 -0500
-@@ -1,24 +0,0 @@
--#include <unistd.h>
--#include <stdio.h>
--#include <stdlib.h>
--#include <selinux/selinux.h>
--
--int main(int argc, char **argv)
--{
-- int rc, i;
--
-- if (argc < 3) {
-- fprintf(stderr, "usage: %s context path...\n", argv[0]);
-- exit(1);
-- }
--
-- for (i = 2; i < argc; i++) {
-- rc = setfilecon(argv[i], argv[1]);
-- if (rc < 0) {
-- fprintf(stderr, "%s: setfilecon(%s,%s) failed\n",
-- argv[0], argv[i], argv[1]);
-- exit(2);
-- }
-- }
-- exit(0);
--}
-diff --exclude-from=exclude -N -u -r nsalibselinux/utils/togglesebool.c libselinux-1.33.1/utils/togglesebool.c
---- nsalibselinux/utils/togglesebool.c 2006-11-16 17:15:17.000000000 -0500
-+++ libselinux-1.33.1/utils/togglesebool.c 1969-12-31 19:00:00.000000000 -0500
-@@ -1,102 +0,0 @@
--/*
-- * Copyright 1999-2004 Gentoo Technologies, Inc.
-- * Distributed under the terms of the GNU General Public License v2
-- * $Header$
-- */
--#include <unistd.h>
--#include <stdio.h>
--#include <stdlib.h>
--#include <libgen.h>
--#include <errno.h>
--#include <selinux/selinux.h>
--#include <syslog.h>
--#include <pwd.h>
--#include <string.h>
--
--/* Attempt to rollback the transaction. No need to check error
-- codes since this is rolling back something that blew up. */
--void rollback(int argc, char **argv)
--{
-- int i;
--
-- for (i = 1; i < argc; i++)
-- security_set_boolean(argv[i],
-- security_get_boolean_active(argv[i]));
-- exit(1);
--}
--
--int main(int argc, char **argv)
--{
--
-- int rc, i, commit = 0;
--
-- if (is_selinux_enabled() <= 0) {
-- fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
-- return 1;
-- }
--
-- if (argc < 2) {
-- printf("Usage: %s boolname1 [boolname2 ...]\n",
-- basename(argv[0]));
-- return 1;
-- }
--
-- for (i = 1; i < argc; i++) {
-- printf("%s: ", argv[i]);
-- rc = security_get_boolean_active(argv[i]);
-- switch (rc) {
-- case 1:
-- if (security_set_boolean(argv[i], 0) >= 0) {
-- printf("inactive\n");
-- commit++;
-- } else {
-- printf("%s - rolling back all changes\n",
-- strerror(errno));
-- rollback(i, argv);
-- }
-- break;
-- case 0:
-- if (security_set_boolean(argv[i], 1) >= 0) {
-- printf("active\n");
-- commit++;
-- } else {
-- printf("%s - rolling back all changes\n",
-- strerror(errno));
-- rollback(i, argv);
-- }
-- break;
-- default:
-- if (errno == ENOENT)
-- printf
-- ("Boolean does not exist - rolling back all changes.\n");
-- else
-- printf("%s - rolling back all changes.\n",
-- strerror(errno));
-- rollback(i, argv);
-- break; /* Not reached. */
-- }
-- }
--
-- if (commit > 0) {
-- if (security_commit_booleans() < 0) {
-- printf("Commit failed. (%s) No change to booleans.\n",
-- strerror(errno));
-- } else {
-- /* syslog all the changes */
-- struct passwd *pwd = getpwuid(getuid());
-- for (i = 1; i < argc; i++) {
-- if (pwd && pwd->pw_name)
-- syslog(LOG_NOTICE,
-- "The %s policy boolean was toggled by %s",
-- argv[i], pwd->pw_name);
-- else
-- syslog(LOG_NOTICE,
-- "The %s policy boolean was toggled by uid:%d",
-- argv[i], getuid());
--
-- }
-- return 0;
-- }
-- }
-- return 1;
--}
-diff --exclude-from=exclude -N -u -r nsalibselinux/VERSION libselinux-1.33.1/VERSION
---- nsalibselinux/VERSION 2006-11-28 09:24:33.000000000 -0500
-+++ libselinux-1.33.1/VERSION 1969-12-31 19:00:00.000000000 -0500
-@@ -1 +0,0 @@
--1.33.2
++ error += printmatchpathcon(argv[i], header, mode);
+ }
+ }
+ matchpathcon_fini();
Index: libselinux.spec
===================================================================
RCS file: /cvs/dist/rpms/libselinux/devel/libselinux.spec,v
retrieving revision 1.234
retrieving revision 1.235
diff -u -r1.234 -r1.235
--- libselinux.spec 30 Nov 2006 18:11:20 -0000 1.234
+++ libselinux.spec 6 Dec 2006 19:13:54 -0000 1.235
@@ -2,10 +2,11 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 1.33.2
-Release: 2%{?dist}
+Release: 3%{?dist}
License: Public domain (uncopyrighted)
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
+Patch: libselinux-rhat.patch
BuildRequires: libsepol-devel >= %{libsepolver} swig
Requires: libsepol >= %{libsepolver} setransd
@@ -48,6 +49,7 @@
%prep
%setup -q
+%patch -p1 -b .rhat
%build
make clean
@@ -117,6 +119,9 @@
%{_libdir}/python*/site-packages/selinux.py*
%changelog
+* Wed Dec 6 2006 Dan Walsh <dwalsh at redhat.com> - 1.33.2-3
+- Fix matchpathcon to lstat files
+
* Thu Nov 30 2006 Dan Walsh <dwalsh at redhat.com> - 1.33.2-2
- Update man page
More information about the fedora-cvs-commits
mailing list