rpms/libselinux/devel libselinux-rhat.patch, 1.96, 1.97 libselinux.spec, 1.234, 1.235

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Dec 6 19:13:56 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/libselinux/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv20524

Modified Files:
	libselinux-rhat.patch libselinux.spec 
Log Message:
* Wed Dec 6 2006 Dan Walsh <dwalsh at redhat.com> - 1.33.2-3
- Fix matchpathcon to lstat files


libselinux-rhat.patch:
 matchpathcon   |binary
 matchpathcon.c |   20 ++++++++++++++------
 2 files changed, 14 insertions(+), 6 deletions(-)

View full diff with command:
/usr/bin/cvs -f diff  -kk -u -N -r 1.96 -r 1.97 libselinux-rhat.patch
Index: libselinux-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/libselinux/devel/libselinux-rhat.patch,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- libselinux-rhat.patch	30 Nov 2006 18:11:20 -0000	1.96
+++ libselinux-rhat.patch	6 Dec 2006 19:13:54 -0000	1.97
@@ -1,19878 +1,64 @@
-diff --exclude-from=exclude -N -u -r nsalibselinux/ChangeLog libselinux-1.33.1/ChangeLog
---- nsalibselinux/ChangeLog	2006-11-28 09:24:33.000000000 -0500
-+++ libselinux-1.33.1/ChangeLog	1969-12-31 19:00:00.000000000 -0500
-@@ -1,575 +0,0 @@
--1.33.2 2006-11-27
--	* Merged patch to compile wit -fPIC instead of -fpic from
--	  Manoj Srivastava to prevent hitting the global offest table
--	  limit. Patch changed to include libselinux and libsemanage in
--	  addition to libselinux.
--1.33.1 2006-10-19
--	* Merged updated flask definitions from Darrel Goeddel.
-- 	  This adds the context security class, and also adds
--	  the string definitions for setsockcreate and polmatch.
--
--1.32 2006-10-17
--	* Updated version for release.
--
--1.30.30 2006-10-05
--	* Merged patch from Darrel Goeddel to always use untranslated
--	  contexts in the userspace AVC.
--
--1.30.29 2006-09-29
--	* Merged av_permissions.h update from Steve Grubb,
--	  adding setsockcreate and polmatch definitions.
--
--1.30.28 2006-09-13
--	* Merged patch from Steve Smalley to fix SIGPIPE in setrans_client
--	* Merged c++ class identifier fix from Joe Nall.
--
--1.30.27 2006-08-24
--	* Merged patch to not log avc stats upon a reset from Steve Grubb.
--	* Applied patch to revert compat_net setting upon policy load.
--
--1.30.26 2006-08-11
--	* Merged file context homedir and local path functions from
--	  Chris PeBenito.
--
--1.30.25 2006-08-11
--	* Rework functions that access /proc/pid/attr to access the
--	  per-thread nodes, and unify the code to simplify maintenance.
--
--1.30.24 2006-08-10
--	* Merged return value fix for *getfilecon() from Dan Walsh.
--
--1.30.23 2006-08-10
--	* Merged sockcreate interfaces from Eric Paris.
--
--1.30.22 2006-08-03
--	* Merged no-tls-direct-seg-refs patch from Jeremy Katz.
--
--1.30.21 2006-08-03
--	* Merged netfilter_contexts support patch from Chris PeBenito.
--
--1.30.20 2006-08-01
--	* Merged context_*_set errno patch from Jim Meyering.
--
--1.30.19 2006-06-29
--	* Lindent.
--
--1.30.18 2006-06-27
--	* Merged {get,set}procattrcon patch set from Eric Paris.
--	* Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris.
--
--1.30.17 2006-06-27
--	* Regenerated Flask headers from refpolicy.
--
--1.30.16 2006-06-26
--	* Merged patch from Dan Walsh with:
--	  - Added selinux_file_context_{cmp,verify}.
--	  - Added selinux_lsetfilecon_default.
--	  - Delay translation of contexts in matchpathcon.
--
--1.30.15 2006-06-16
--	* Merged patch from Dan Walsh with:
--	*   Added selinux_getpolicytype() function.
--	*   Modified setrans code to skip processing if !mls_enabled.
--
--1.30.14 2006-06-16
--	* Set errno in the !selinux_mnt case.
--
--1.30.13 2006-06-02
--	* Allocate large buffers from the heap, not on stack.
--	  Affects is_context_customizable, selinux_init_load_policy,
--	  and selinux_getenforcemode.
--
--1.30.12 2006-06-02
--	* Merged !selinux_mnt checks from Ian Kent.
--
--1.30.11 2006-05-24
--	* Merged matchmediacon and trans_to_raw_context fixes from 
--	  Serge Hallyn.
--
--1.30.10 2006-05-22
--	* Merged simple setrans client cache from Dan Walsh.
--	  Merged avcstat patch from Russell Coker.
--
--1.30.9 2006-05-22
--	* Modified selinux_mkload_policy() to also set /selinux/compat_net
--	  appropriately for the loaded policy.
--
--1.30.8 2006-05-17
--	* Added matchpathcon_fini() function to free memory allocated by
--	  matchpathcon_init().
--
--1.30.7 2006-05-16
--	* Merged setrans client cleanup patch from Steve Grubb.
--
--1.30.6 2006-05-08
--	* Merged getfscreatecon man page fix from Dan Walsh.
--	* Updated booleans(8) man page to drop references to the old
--	  booleans file and to note that setsebool can be used to set
--	  the boot-time defaults via -P.
--
--1.30.5 2006-05-05
--	* Merged fix warnings patch from Karl MacMillan.	
--
--1.30.4 2006-05-05
--	* Merged setrans client support from Dan Walsh.
--	  This removes use of libsetrans.
--	* Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
--	* Merged swig typemap fixes from Glauber de Oliveira Costa.
--
--1.30.3 2006-04-12
--	* Added distclean target to Makefile.
--	* Regenerated swig files.
--
--1.30.2 2006-04-11
--	* Changed matchpathcon_init to verify that the spec file is
--	  a regular file.
--	* Merged python binding t_output_helper removal patch from Dan Walsh.
--
--1.30.1 2006-03-20
--	* Merged Makefile PYLIBVER definition patch from Dan Walsh.
--
--1.30 2006-03-14
--	* Updated version for release.
--
--1.29.8 2006-02-27
--	* Altered rpm_execcon fallback logic for permissive mode to also
--	  handle case where /selinux/enforce is not available.
--
--1.29.7 2006-01-20
--	* Merged install-pywrap Makefile patch from Joshua Brindle.
--
--1.29.6 2006-01-18
--	* Merged pywrap Makefile patch from Dan Walsh.
--
--1.29.5 2006-01-11
--	* Added getseuser test program.
--
--1.29.4 2006-01-06
--	* Added format attribute to myprintf in matchpathcon.c and
--	  removed obsoleted rootlen variable in init_selinux_config().
--
--1.29.3 2006-01-04
--	* Merged several fixes and improvements from Ulrich Drepper
--	  (Red Hat), including:
--	  - corrected use of getline
--	  - further calls to __fsetlocking for local files
--	  - use of strdupa and asprintf
--	  - proper handling of dirent in booleans code
--	  - use of -z relro
--	  - several other optimizations
--	* Merged getpidcon python wrapper from Dan Walsh (Red Hat).
--
--1.29.2 2005-12-14
--	* Merged call to finish_context_translations from Dan Walsh.
--	  This eliminates a memory leak from failing to release memory
--	  allocated by libsetrans.
--
--1.29.1 2005-12-08
--	* Merged patch for swig interfaces from Dan Walsh.
--
--1.28 2005-12-07
--	* Updated version for release.
--
--1.27.28 2005-12-01
--	* Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
--	  modified matchpathcon implementation to make context validation/
--	  canonicalization optional at matchpathcon_init time, deferring it
--	  to a successful matchpathcon by default unless the new flag is set
--	  by the caller.
--
--1.27.27 2005-12-01
--	* Added matchpathcon_init_prefix() interface, and
--	  reworked matchpathcon implementation to support selective
--	  loading of file contexts entries based on prefix matching
--	  between the pathname regex stems and the specified path
--	  prefix (stem must be a prefix of the specified path prefix).
--
--1.27.26 2005-11-29
[...19544 lines suppressed...]
-+++ libselinux-1.33.1/utils/selinuxenabled.c	1969-12-31 19:00:00.000000000 -0500
-@@ -1,9 +0,0 @@
--#include <unistd.h>
--#include <stdio.h>
--#include <stdlib.h>
--#include <selinux/selinux.h>
--
--int main(void)
--{
--	return !is_selinux_enabled();
--}
-diff --exclude-from=exclude -N -u -r nsalibselinux/utils/setenforce.c libselinux-1.33.1/utils/setenforce.c
---- nsalibselinux/utils/setenforce.c	2006-11-16 17:15:17.000000000 -0500
-+++ libselinux-1.33.1/utils/setenforce.c	1969-12-31 19:00:00.000000000 -0500
-@@ -1,42 +0,0 @@
--#include <unistd.h>
--#include <stdio.h>
--#include <stdlib.h>
--#include <ctype.h>
--#include <string.h>
--#include <strings.h>
--#include <selinux/selinux.h>
--
--void usage(const char *progname)
--{
--	fprintf(stderr, "usage:  %s [ Enforcing | Permissive | 1 | 0 ]\n",
--		progname);
--	exit(1);
--}
--
--int main(int argc, char **argv)
--{
--	int rc = 0;
--	if (argc != 2) {
--		usage(argv[0]);
--	}
--
--	if (is_selinux_enabled() <= 0) {
--		fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
--		return 1;
--	}
--	if (strlen(argv[1]) == 1 && (argv[1][0] == '0' || argv[1][0] == '1')) {
--		rc = security_setenforce(atoi(argv[1]));
--	} else {
--		if (strcasecmp(argv[1], "enforcing") == 0) {
--			rc = security_setenforce(1);
--		} else if (strcasecmp(argv[1], "permissive") == 0) {
--			rc = security_setenforce(0);
--		} else
--			usage(argv[0]);
--	}
--	if (rc < 0) {
--		fprintf(stderr, "%s:  setenforce() failed\n", argv[0]);
--		return 2;
--	}
--	return 0;
--}
-diff --exclude-from=exclude -N -u -r nsalibselinux/utils/setfilecon.c libselinux-1.33.1/utils/setfilecon.c
---- nsalibselinux/utils/setfilecon.c	2006-11-16 17:15:17.000000000 -0500
-+++ libselinux-1.33.1/utils/setfilecon.c	1969-12-31 19:00:00.000000000 -0500
-@@ -1,24 +0,0 @@
--#include <unistd.h>
--#include <stdio.h>
--#include <stdlib.h>
--#include <selinux/selinux.h>
--
--int main(int argc, char **argv)
--{
--	int rc, i;
--
--	if (argc < 3) {
--		fprintf(stderr, "usage:  %s context path...\n", argv[0]);
--		exit(1);
--	}
--
--	for (i = 2; i < argc; i++) {
--		rc = setfilecon(argv[i], argv[1]);
--		if (rc < 0) {
--			fprintf(stderr, "%s:  setfilecon(%s,%s) failed\n",
--				argv[0], argv[i], argv[1]);
--			exit(2);
--		}
--	}
--	exit(0);
--}
-diff --exclude-from=exclude -N -u -r nsalibselinux/utils/togglesebool.c libselinux-1.33.1/utils/togglesebool.c
---- nsalibselinux/utils/togglesebool.c	2006-11-16 17:15:17.000000000 -0500
-+++ libselinux-1.33.1/utils/togglesebool.c	1969-12-31 19:00:00.000000000 -0500
-@@ -1,102 +0,0 @@
--/*
-- * Copyright 1999-2004 Gentoo Technologies, Inc.
-- * Distributed under the terms of the GNU General Public License v2
-- * $Header$
-- */
--#include <unistd.h>
--#include <stdio.h>
--#include <stdlib.h>
--#include <libgen.h>
--#include <errno.h>
--#include <selinux/selinux.h>
--#include <syslog.h>
--#include <pwd.h>
--#include <string.h>
--
--/* Attempt to rollback the transaction. No need to check error
--   codes since this is rolling back something that blew up. */
--void rollback(int argc, char **argv)
--{
--	int i;
--
--	for (i = 1; i < argc; i++)
--		security_set_boolean(argv[i],
--				     security_get_boolean_active(argv[i]));
--	exit(1);
--}
--
--int main(int argc, char **argv)
--{
--
--	int rc, i, commit = 0;
--
--	if (is_selinux_enabled() <= 0) {
--		fprintf(stderr, "%s:  SELinux is disabled\n", argv[0]);
--		return 1;
--	}
--
--	if (argc < 2) {
--		printf("Usage:  %s boolname1 [boolname2 ...]\n",
--		       basename(argv[0]));
--		return 1;
--	}
--
--	for (i = 1; i < argc; i++) {
--		printf("%s: ", argv[i]);
--		rc = security_get_boolean_active(argv[i]);
--		switch (rc) {
--		case 1:
--			if (security_set_boolean(argv[i], 0) >= 0) {
--				printf("inactive\n");
--				commit++;
--			} else {
--				printf("%s - rolling back all changes\n",
--				       strerror(errno));
--				rollback(i, argv);
--			}
--			break;
--		case 0:
--			if (security_set_boolean(argv[i], 1) >= 0) {
--				printf("active\n");
--				commit++;
--			} else {
--				printf("%s - rolling back all changes\n",
--				       strerror(errno));
--				rollback(i, argv);
--			}
--			break;
--		default:
--			if (errno == ENOENT)
--				printf
--				    ("Boolean does not exist - rolling back all changes.\n");
--			else
--				printf("%s - rolling back all changes.\n",
--				       strerror(errno));
--			rollback(i, argv);
--			break;	/* Not reached. */
--		}
--	}
--
--	if (commit > 0) {
--		if (security_commit_booleans() < 0) {
--			printf("Commit failed. (%s)  No change to booleans.\n",
--			       strerror(errno));
--		} else {
--			/* syslog all the changes */
--			struct passwd *pwd = getpwuid(getuid());
--			for (i = 1; i < argc; i++) {
--				if (pwd && pwd->pw_name)
--					syslog(LOG_NOTICE,
--					       "The %s policy boolean was toggled by %s",
--					       argv[i], pwd->pw_name);
--				else
--					syslog(LOG_NOTICE,
--					       "The %s policy boolean was toggled by uid:%d",
--					       argv[i], getuid());
--
--			}
--			return 0;
--		}
--	}
--	return 1;
--}
-diff --exclude-from=exclude -N -u -r nsalibselinux/VERSION libselinux-1.33.1/VERSION
---- nsalibselinux/VERSION	2006-11-28 09:24:33.000000000 -0500
-+++ libselinux-1.33.1/VERSION	1969-12-31 19:00:00.000000000 -0500
-@@ -1 +0,0 @@
--1.33.2
++			error += printmatchpathcon(argv[i], header, mode);
+ 		}
+ 	}
+ 	matchpathcon_fini();


Index: libselinux.spec
===================================================================
RCS file: /cvs/dist/rpms/libselinux/devel/libselinux.spec,v
retrieving revision 1.234
retrieving revision 1.235
diff -u -r1.234 -r1.235
--- libselinux.spec	30 Nov 2006 18:11:20 -0000	1.234
+++ libselinux.spec	6 Dec 2006 19:13:54 -0000	1.235
@@ -2,10 +2,11 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 1.33.2
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: Public domain (uncopyrighted)
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
+Patch: libselinux-rhat.patch
 
 BuildRequires: libsepol-devel >= %{libsepolver} swig
 Requires: libsepol >= %{libsepolver} setransd
@@ -48,6 +49,7 @@
 
 %prep
 %setup -q
+%patch -p1 -b .rhat
 
 %build
 make clean
@@ -117,6 +119,9 @@
 %{_libdir}/python*/site-packages/selinux.py*
 
 %changelog
+* Wed Dec 6 2006 Dan Walsh <dwalsh at redhat.com> - 1.33.2-3
+- Fix matchpathcon to lstat files
+
 * Thu Nov 30 2006 Dan Walsh <dwalsh at redhat.com> - 1.33.2-2
 - Update man page

More information about the fedora-cvs-commits mailing list