From 403bfa508555e8151fd01499f9b418fd89a8df13 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: May 18 2009 18:22:22 +0000 Subject: - Update to upstream Trim / from the end of input paths to matchpathcon from Dan Walsh. Fix leak in process_line in label_file.c from Hiroshi Shinji. Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh. getdefaultcon to print just the correct match and add verbose option from Dan Walsh. --- diff --git a/.cvsignore b/.cvsignore index 505609e..92419ea 100644 --- a/.cvsignore +++ b/.cvsignore @@ -164,3 +164,4 @@ libselinux-2.0.77.tgz libselinux-2.0.78.tgz libselinux-2.0.79.tgz libselinux-2.0.80.tgz +libselinux-2.0.81.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 0b48dbb..0827572 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,7 +1,7 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-2.0.79/include/selinux/selinux.h ---- nsalibselinux/include/selinux/selinux.h 2009-03-06 14:41:44.000000000 -0500 -+++ libselinux-2.0.79/include/selinux/selinux.h 2009-03-27 11:38:27.000000000 -0400 -@@ -457,8 +457,11 @@ +diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-2.0.80/include/selinux/selinux.h +--- nsalibselinux/include/selinux/selinux.h 2009-04-08 09:06:23.000000000 -0400 ++++ libselinux-2.0.80/include/selinux/selinux.h 2009-04-08 09:08:28.000000000 -0400 +@@ -481,8 +481,11 @@ extern const char *selinux_file_context_path(void); extern const char *selinux_file_context_homedir_path(void); extern const char *selinux_file_context_local_path(void); @@ -13,7 +13,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h lib extern const char *selinux_x_context_path(void); extern const char *selinux_contexts_path(void); extern const char *selinux_securetty_types_path(void); -@@ -520,6 +523,14 @@ +@@ -544,6 +547,14 @@ Caller must free the returned strings via free. */ extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); @@ -28,9 +28,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h lib /* Compare two file contexts, return 0 if equivalent. */ int selinux_file_context_cmp(const security_context_t a, const security_context_t b); -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.79/man/man8/selinuxconlist.8 +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.80/man/man8/selinuxconlist.8 --- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.79/man/man8/selinuxconlist.8 2009-03-27 10:09:31.000000000 -0400 ++++ libselinux-2.0.80/man/man8/selinuxconlist.8 2009-04-08 09:08:28.000000000 -0400 @@ -0,0 +1,18 @@ +.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -50,9 +50,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib + +.SH "SEE ALSO" +secon(8), selinuxdefcon(8) -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.79/man/man8/selinuxdefcon.8 +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.80/man/man8/selinuxdefcon.8 --- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.79/man/man8/selinuxdefcon.8 2009-03-27 10:09:31.000000000 -0400 ++++ libselinux-2.0.80/man/man8/selinuxdefcon.8 2009-04-08 09:08:28.000000000 -0400 @@ -0,0 +1,19 @@ +.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -73,9 +73,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs + +.SH "SEE ALSO" +secon(8), selinuxconlist(8) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.79/src/callbacks.c ---- nsalibselinux/src/callbacks.c 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/src/callbacks.c 2009-03-27 10:09:31.000000000 -0400 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.80/src/callbacks.c +--- nsalibselinux/src/callbacks.c 2009-04-08 09:06:23.000000000 -0400 ++++ libselinux-2.0.80/src/callbacks.c 2009-04-08 09:08:28.000000000 -0400 @@ -16,6 +16,7 @@ { int rc; @@ -84,9 +84,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2. va_start(ap, fmt); rc = vfprintf(stderr, fmt, ap); va_end(ap); -diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2.0.79/src/exception.sh +diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2.0.80/src/exception.sh --- nsalibselinux/src/exception.sh 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.79/src/exception.sh 2009-03-27 14:20:10.000000000 -0400 ++++ libselinux-2.0.80/src/exception.sh 2009-04-08 09:08:28.000000000 -0400 @@ -0,0 +1,12 @@ +function except() { +echo " @@ -100,9 +100,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2 +" +} +for i in `grep "extern *int" ../include/selinux/selinux.h | awk '{ print $3 }' | cut -d '(' -f 1`; do except $i ; done -diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libselinux-2.0.79/src/file_path_suffixes.h +diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libselinux-2.0.80/src/file_path_suffixes.h --- nsalibselinux/src/file_path_suffixes.h 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/src/file_path_suffixes.h 2009-03-27 10:09:31.000000000 -0400 ++++ libselinux-2.0.80/src/file_path_suffixes.h 2009-04-08 09:08:28.000000000 -0400 @@ -20,3 +20,6 @@ S_(FILE_CONTEXTS_LOCAL, "/contexts/files/file_contexts.local") S_(X_CONTEXTS, "/contexts/x_contexts") @@ -110,9 +110,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libs + S_(VIRTUAL_DOMAIN, "/contexts/virtual_domain_context") + S_(VIRTUAL_IMAGE, "/contexts/virtual_image_context") + S_(FILE_CONTEXT_SUBS, "/contexts/files/file_contexts.subs") -diff --exclude-from=exclude -N -u -r nsalibselinux/src/label.c libselinux-2.0.79/src/label.c +diff --exclude-from=exclude -N -u -r nsalibselinux/src/label.c libselinux-2.0.80/src/label.c --- nsalibselinux/src/label.c 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/src/label.c 2009-03-27 10:09:31.000000000 -0400 ++++ libselinux-2.0.80/src/label.c 2009-04-08 09:08:28.000000000 -0400 @@ -5,10 +5,12 @@ */ @@ -257,21 +257,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/label.c libselinux-2.0.79 } void selabel_stats(struct selabel_handle *rec) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/label_file.c libselinux-2.0.79/src/label_file.c ---- nsalibselinux/src/label_file.c 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/src/label_file.c 2009-04-03 08:57:05.000000000 -0400 -@@ -299,6 +299,8 @@ - COMPAT_LOG(SELINUX_WARNING, - "%s: line %d is missing fields, skipping\n", path, - lineno); -+ if (items == 1) -+ free(regex); - return 0; - } else if (items == 2) { - /* The type field is optional. */ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.79/src/Makefile +diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.80/src/Makefile --- nsalibselinux/src/Makefile 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/src/Makefile 2009-03-27 14:21:35.000000000 -0400 ++++ libselinux-2.0.80/src/Makefile 2009-04-08 09:08:28.000000000 -0400 @@ -82,6 +82,9 @@ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro ln -sf $@ $(TARGET) @@ -302,9 +290,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.7 distclean: clean rm -f $(GENERATED) $(SWIGFILES) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.79/src/matchpathcon.c +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.80/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/src/matchpathcon.c 2009-03-27 10:09:31.000000000 -0400 ++++ libselinux-2.0.80/src/matchpathcon.c 2009-04-08 09:08:28.000000000 -0400 @@ -2,6 +2,7 @@ #include #include @@ -322,9 +310,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux va_end(ap); } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-2.0.79/src/selinux_config.c +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-2.0.80/src/selinux_config.c --- nsalibselinux/src/selinux_config.c 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/src/selinux_config.c 2009-03-27 10:09:31.000000000 -0400 ++++ libselinux-2.0.80/src/selinux_config.c 2009-04-08 09:08:28.000000000 -0400 @@ -40,7 +40,10 @@ #define SECURETTY_TYPES 18 #define X_CONTEXTS 19 @@ -362,10 +350,10 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin + +hidden_def(selinux_file_context_subs_path) + -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-2.0.79/src/selinux_internal.h ---- nsalibselinux/src/selinux_internal.h 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/src/selinux_internal.h 2009-03-27 10:09:31.000000000 -0400 -@@ -56,9 +56,12 @@ +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-2.0.80/src/selinux_internal.h +--- nsalibselinux/src/selinux_internal.h 2009-04-08 09:06:23.000000000 -0400 ++++ libselinux-2.0.80/src/selinux_internal.h 2009-04-08 09:08:28.000000000 -0400 +@@ -59,9 +59,12 @@ hidden_proto(selinux_securetty_types_path) hidden_proto(selinux_failsafe_context_path) hidden_proto(selinux_removable_context_path) @@ -378,9 +366,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libsel hidden_proto(selinux_netfilter_context_path) hidden_proto(selinux_homedir_context_path) hidden_proto(selinux_user_contexts_path) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.79/src/selinux.py +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.80/src/selinux.py --- nsalibselinux/src/selinux.py 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/src/selinux.py 2009-03-27 16:31:56.000000000 -0400 ++++ libselinux-2.0.80/src/selinux.py 2009-04-08 09:08:28.000000000 -0400 @@ -1,12 +1,26 @@ # This file was automatically generated by SWIG (http://www.swig.org). -# Version 1.3.35 @@ -2592,10 +2580,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0 +selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default -Binary files nsalibselinux/src/selinux.pyc and libselinux-2.0.79/src/selinux.pyc differ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.79/src/selinuxswig.i +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.80/src/selinuxswig.i --- nsalibselinux/src/selinuxswig.i 2009-03-12 08:48:48.000000000 -0400 -+++ libselinux-2.0.79/src/selinuxswig.i 2009-04-02 09:35:01.000000000 -0400 ++++ libselinux-2.0.80/src/selinuxswig.i 2009-04-08 09:08:28.000000000 -0400 @@ -4,11 +4,14 @@ %module selinux @@ -2629,9 +2616,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux- +%include "../include/selinux/get_default_type.h" +%include "../include/selinux/label.h" +%include "../include/selinux/selinux.h" -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.79/src/selinuxswig_python.i +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.80/src/selinuxswig_python.i --- nsalibselinux/src/selinuxswig_python.i 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/src/selinuxswig_python.i 2009-04-01 10:14:50.000000000 -0400 ++++ libselinux-2.0.80/src/selinuxswig_python.i 2009-04-08 09:08:28.000000000 -0400 @@ -21,6 +21,15 @@ map(restorecon, [os.path.join(dirname, fname) for fname in fnames]), None) @@ -2654,9 +2641,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libs +%include "selinuxswig_exception.i" %include "selinuxswig.i" -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.79/src/selinuxswig_wrap.c +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.80/src/selinuxswig_wrap.c --- nsalibselinux/src/selinuxswig_wrap.c 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/src/selinuxswig_wrap.c 2009-03-27 16:31:56.000000000 -0400 ++++ libselinux-2.0.80/src/selinuxswig_wrap.c 2009-04-08 09:08:28.000000000 -0400 @@ -1,6 +1,6 @@ /* ---------------------------------------------------------------------------- * This file was automatically generated by SWIG (http://www.swig.org). @@ -17042,9 +17029,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel +#endif } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0.79/src/seusers.c +diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0.80/src/seusers.c --- nsalibselinux/src/seusers.c 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/src/seusers.c 2009-03-27 10:09:31.000000000 -0400 ++++ libselinux-2.0.80/src/seusers.c 2009-04-08 09:08:28.000000000 -0400 @@ -243,3 +243,67 @@ *r_level = NULL; return 0; @@ -17113,98 +17100,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0. + + return (ret ? getseuserbyname(username, r_seuser, r_level) : ret); +} -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getdefaultcon.c libselinux-2.0.79/utils/getdefaultcon.c ---- nsalibselinux/utils/getdefaultcon.c 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/utils/getdefaultcon.c 2009-03-27 10:09:31.000000000 -0400 -@@ -22,8 +22,9 @@ - security_context_t usercon = NULL, cur_context = NULL; - char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL; - int ret, opt; -+ int verbose = 0; - -- while ((opt = getopt(argc, argv, "l:r:")) > 0) { -+ while ((opt = getopt(argc, argv, "l:r:v")) > 0) { - switch (opt) { - case 'l': - level = strdup(optarg); -@@ -31,6 +32,9 @@ - case 'r': - role = strdup(optarg); - break; -+ case 'v': -+ verbose = 1; -+ break; - default: - usage(argv[0], "invalid option", 1); - } -@@ -66,9 +70,13 @@ - } - if (ret < 0) - perror(argv[0]); -- else -- printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon); -- -+ else { -+ if (verbose) { -+ printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon); -+ } else { -+ printf("%s", usercon); -+ } -+ } - - free(role); - free(seuser); -@@ -76,5 +84,5 @@ - free(dlevel); - free(usercon); - -- return 0; -+ return ret >= 0; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/Makefile libselinux-2.0.79/utils/Makefile ---- nsalibselinux/utils/Makefile 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/utils/Makefile 2009-03-27 10:09:31.000000000 -0400 -@@ -2,28 +2,33 @@ - PREFIX ?= $(DESTDIR)/usr - LIBDIR ?= $(PREFIX)/lib - BINDIR ?= $(PREFIX)/sbin -+_BINDIR ?= $(DESTDIR)/sbin - - CFLAGS ?= -Wall - override CFLAGS += -I../include -D_GNU_SOURCE $(EMFLAGS) - LDLIBS += -L../src -lselinux -L$(LIBDIR) - - TARGETS=$(patsubst %.c,%,$(wildcard *.c)) -+ -+ - ifeq ($(DISABLE_AVC),y) - UNUSED_TARGETS+=compute_av compute_create compute_member compute_relabel - endif - ifeq ($(DISABLE_BOOL),y) - UNUSED_TARGETS+=getsebool togglesebool - endif --TARGETS:= $(filter-out $(UNUSED_TARGETS), $(TARGETS)) -+TARGETS:= $(filter-out $(UNUSED_TARGETS) matchpathcon, $(TARGETS)) - --all: $(TARGETS) -+all: $(TARGETS) matchpathcon - - install: all - -mkdir -p $(BINDIR) - install -m 755 $(TARGETS) $(BINDIR) -- -+ -mkdir -p $(_BINDIR) -+ install -m 755 matchpathcon $(_BINDIR) -+ (cd $(BINDIR); ln -fs ../../sbin/matchpathcon) - clean: -- rm -f $(TARGETS) *.o -+ rm -f $(TARGETS) *.o *~ - - indent: - ../../scripts/Lindent $(wildcard *.[ch]) -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.79/utils/matchpathcon.c ---- nsalibselinux/utils/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.79/utils/matchpathcon.c 2009-03-27 10:09:31.000000000 -0400 +diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.80/utils/matchpathcon.c +--- nsalibselinux/utils/matchpathcon.c 2009-05-18 13:53:14.000000000 -0400 ++++ libselinux-2.0.80/utils/matchpathcon.c 2009-04-08 09:08:28.000000000 -0400 @@ -22,9 +22,13 @@ char *buf; int rc = matchpathcon(path, mode, &buf); @@ -17222,15 +17120,3 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselin } if (header) printf("%s\t%s\n", path, buf); -@@ -101,6 +105,11 @@ - for (i = optind; i < argc; i++) { - int mode = 0; - struct stat buf; -+ int len = strlen(argv[i]); -+ if (len > 1 && argv[i][len - 1 ] == '/') { -+ argv[i][len - 1 ] = '\0'; -+ } -+ - if (lstat(argv[i], &buf) == 0) - mode = buf.st_mode; - diff --git a/libselinux.spec b/libselinux.spec index 747ac65..7f7844e 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -4,7 +4,7 @@ Summary: SELinux library and simple utilities Name: libselinux -Version: 2.0.80 +Version: 2.0.81 Release: 1%{?dist} License: Public Domain Group: System Environment/Libraries @@ -164,6 +164,13 @@ exit 0 %{ruby_sitearch}/selinux.so %changelog +* Mon May 18 2009 Dan Walsh - 2.0.81-1 +- Update to upstream + * Trim / from the end of input paths to matchpathcon from Dan Walsh. + * Fix leak in process_line in label_file.c from Hiroshi Shinji. + * Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh. + * getdefaultcon to print just the correct match and add verbose option from Dan Walsh. + * Wed Apr 8 2009 Dan Walsh - 2.0.80-1 - Update to upstream * deny_unknown wrapper function from KaiGai Kohei. diff --git a/sources b/sources index a39249d..ff92619 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ef7f50f6711a7b752feece72209a05f7 libselinux-2.0.80.tgz +213e7114cb0f33afa428736ac431be97 libselinux-2.0.81.tgz