rpms/libsepol/devel libsepol-rhat.patch, 1.16, 1.17 libsepol.spec, 1.161, 1.162
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Aug 28 17:35:59 UTC 2007
- Previous message (by thread): rpms/dar/devel dar.spec,1.5,1.6
- Next message (by thread): rpms/kphone/devel dead.package, NONE, 1.1 kphone-4.1.0-endian.patch, 1.1, NONE kphone-4.1.0-strip.patch, 1.1, NONE kphone-4.1.1-iso.patch, 1.1, NONE kphone-4.2-callaudio-stun-init.patch, 1.1, NONE kphone-4.2-configure.patch, 1.1, NONE kphone-gcc41.patch, 1.1, NONE kphone-perms.patch, 1.1, NONE kphone.desktop, 1.1, NONE kphone.spec, 1.28, NONE sources, 1.4, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/libsepol/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25603
Modified Files:
libsepol-rhat.patch libsepol.spec
Log Message:
* Thu Aug 23 2007 Dan Walsh <dwalsh at redhat.com> 2.0.7-1
- Upgrade to latest from NSA
* Eliminate unaligned accesses from policy reading code from Stephen Smalley.
libsepol-rhat.patch:
Index: libsepol-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/libsepol/devel/libsepol-rhat.patch,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- libsepol-rhat.patch 11 Aug 2007 11:01:41 -0000 1.16
+++ libsepol-rhat.patch 28 Aug 2007 17:35:57 -0000 1.17
@@ -1,77 +1,88 @@
-diff --exclude-from=exclude -N -u -r nsalibsepol/include/sepol/handle.h libsepol-2.0.5/include/sepol/handle.h
---- nsalibsepol/include/sepol/handle.h 2007-07-16 14:20:40.000000000 -0400
-+++ libsepol-2.0.5/include/sepol/handle.h 2007-08-10 09:42:16.000000000 -0400
-@@ -7,6 +7,10 @@
- /* Create and return a sepol handle. */
- sepol_handle_t *sepol_handle_create(void);
-
-+/* Set whether or not to disable dontaudits, 0 is default and does
-+ * not disable dontaudits, 1 disables them */
-+void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
-+
- /* Destroy a sepol handle. */
- void sepol_handle_destroy(sepol_handle_t *);
-
-diff --exclude-from=exclude -N -u -r nsalibsepol/src/expand.c libsepol-2.0.5/src/expand.c
---- nsalibsepol/src/expand.c 2007-07-16 14:20:41.000000000 -0400
-+++ libsepol-2.0.5/src/expand.c 2007-08-10 09:42:16.000000000 -0400
-@@ -1367,6 +1367,8 @@
- } else if (specified & AVRULE_AUDITDENY) {
- spec = AVTAB_AUDITDENY;
- } else if (specified & AVRULE_DONTAUDIT) {
-+ if (handle->disable_dontaudit)
-+ return EXPAND_RULE_SUCCESS;
- spec = AVTAB_AUDITDENY;
- } else if (specified & AVRULE_NEVERALLOW) {
- spec = AVTAB_NEVERALLOW;
-diff --exclude-from=exclude -N -u -r nsalibsepol/src/handle.c libsepol-2.0.5/src/handle.c
---- nsalibsepol/src/handle.c 2007-07-16 14:20:41.000000000 -0400
-+++ libsepol-2.0.5/src/handle.c 2007-08-10 09:42:16.000000000 -0400
-@@ -1,4 +1,5 @@
- #include <stdlib.h>
-+#include <assert.h>
- #include "handle.h"
- #include "debug.h"
-
-@@ -13,9 +14,18 @@
- sh->msg_callback = sepol_msg_default_handler;
- sh->msg_callback_arg = NULL;
-
-+ /* by default do not disable dontaudits */
-+ sh->disable_dontaudit = 0;
-+
- return sh;
- }
-
-+void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit)
-+{
-+ assert(sh !=NULL);
-+ sh->disable_dontaudit = disable_dontaudit;
-+}
-+
- void sepol_handle_destroy(sepol_handle_t * sh)
+Index: libsepol/src/module.c
+===================================================================
+--- libsepol/src/module.c (revision 2538)
++++ libsepol/src/module.c (working copy)
+@@ -353,21 +353,27 @@
+ struct policy_file *file,
+ size_t ** offsets, uint32_t * sections)
{
- free(sh);
-diff --exclude-from=exclude -N -u -r nsalibsepol/src/handle.h libsepol-2.0.5/src/handle.h
---- nsalibsepol/src/handle.h 2007-07-16 14:20:40.000000000 -0400
-+++ libsepol-2.0.5/src/handle.h 2007-08-10 09:42:16.000000000 -0400
-@@ -14,6 +14,9 @@
- void (*msg_callback) (void *varg,
- sepol_handle_t * handle, const char *fmt, ...);
- void *msg_callback_arg;
+- uint32_t buf[3], nsec;
++ uint32_t *buf = NULL, nsec;
+ unsigned i;
+- size_t *off;
++ size_t *off = NULL;
+ int rc;
+
++ buf = malloc(sizeof(uint32_t)*3);
++ if (!buf) {
++ ERR(file->handle, "out of memory");
++ goto err;
++ }
++
+ rc = next_entry(buf, file, sizeof(uint32_t) * 3);
+ if (rc < 0) {
+ ERR(file->handle, "module package header truncated");
+- return -1;
++ goto err;
+ }
+ if (le32_to_cpu(buf[0]) != SEPOL_MODULE_PACKAGE_MAGIC) {
+ ERR(file->handle,
+ "wrong magic number for module package: expected %u, got %u",
+ SEPOL_MODULE_PACKAGE_MAGIC, le32_to_cpu(buf[0]));
+- return -1;
++ goto err;
+ }
+
+ mod->version = le32_to_cpu(buf[1]);
+@@ -376,23 +382,29 @@
+ if (nsec > MAXSECTIONS) {
+ ERR(file->handle, "too many sections (%u) in module package",
+ nsec);
+- return -1;
++ goto err;
+ }
+
+ off = (size_t *) malloc((nsec + 1) * sizeof(size_t));
+ if (!off) {
+ ERR(file->handle, "out of memory");
+- return -1;
++ goto err;
+ }
+
+- rc = next_entry(off, file, sizeof(uint32_t) * nsec);
++ free(buf);
++ buf = malloc(sizeof(uint32_t) * nsec);
++ if (!buf) {
++ ERR(file->handle, "out of memory");
++ goto err;
++ }
++ rc = next_entry(buf, file, sizeof(uint32_t) * nsec);
+ if (rc < 0) {
+ ERR(file->handle, "module package offset array truncated");
+- return -1;
++ goto err;
+ }
+
+ for (i = 0; i < nsec; i++) {
+- off[i] = le32_to_cpu(off[i]);
++ off[i] = le32_to_cpu(buf[i]);
+ if (i && off[i] < off[i - 1]) {
+ ERR(file->handle, "offsets are not increasing (at %u, "
+ "offset %zu -> %zu", i, off[i - 1],
+@@ -401,10 +413,15 @@
+ }
+ }
+
+-
++ free(buf);
+ off[nsec] = policy_file_length(file);
+ *offsets = off;
+ return 0;
+
-+ int disable_dontaudit;
-+
- };
++err:
++ free(buf);
++ free(off);
++ return -1;
+ }
- #endif
-diff --exclude-from=exclude -N -u -r nsalibsepol/src/libsepol.map libsepol-2.0.5/src/libsepol.map
---- nsalibsepol/src/libsepol.map 2007-07-16 14:20:41.000000000 -0400
-+++ libsepol-2.0.5/src/libsepol.map 2007-08-10 09:42:16.000000000 -0400
-@@ -12,5 +12,6 @@
- sepol_policydb_*; sepol_set_policydb_from_file;
- sepol_policy_kern_*;
- sepol_policy_file_*;
-+ sepol_set_disable_dontaudit;
- local: *;
- };
+ /* Flags for which sections have been seen during parsing of module package. */
Index: libsepol.spec
===================================================================
RCS file: /cvs/extras/rpms/libsepol/devel/libsepol.spec,v
retrieving revision 1.161
retrieving revision 1.162
diff -u -r1.161 -r1.162
--- libsepol.spec 24 Aug 2007 17:56:05 -0000 1.161
+++ libsepol.spec 28 Aug 2007 17:35:57 -0000 1.162
@@ -2,11 +2,12 @@
Summary: SELinux binary policy manipulation library
Name: libsepol
Version: 2.0.7
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz
URL: http://www.selinuxproject.org
+Patch: libsepol-rhat.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Provides: libsepol.so
@@ -38,6 +39,7 @@
%prep
%setup -q
+%patch -p 1 -b .rhat
# sparc64 is an -fPIC arch, so we need to fix it here
%ifarch sparc64
sed -i 's/fpic/fPIC/g' src/Makefile
- Previous message (by thread): rpms/dar/devel dar.spec,1.5,1.6
- Next message (by thread): rpms/kphone/devel dead.package, NONE, 1.1 kphone-4.1.0-endian.patch, 1.1, NONE kphone-4.1.0-strip.patch, 1.1, NONE kphone-4.1.1-iso.patch, 1.1, NONE kphone-4.2-callaudio-stun-init.patch, 1.1, NONE kphone-4.2-configure.patch, 1.1, NONE kphone-gcc41.patch, 1.1, NONE kphone-perms.patch, 1.1, NONE kphone.desktop, 1.1, NONE kphone.spec, 1.28, NONE sources, 1.4, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list