diff --git a/libsepol-fedora.patch b/libsepol-fedora.patch index e69de29..ca4ba1c 100644 --- a/libsepol-fedora.patch +++ b/libsepol-fedora.patch @@ -0,0 +1,521 @@ +diff --git libsepol-2.7/cil/include/cil/cil.h libsepol-2.7/cil/include/cil/cil.h +index 86117f2..f8cfc3b 100644 +--- libsepol-2.7/cil/include/cil/cil.h ++++ libsepol-2.7/cil/include/cil/cil.h +@@ -50,6 +50,7 @@ extern int cil_userprefixes_to_string(cil_db_t *db, char **out, size_t *size); + extern int cil_selinuxusers_to_string(cil_db_t *db, char **out, size_t *size); + extern int cil_filecons_to_string(cil_db_t *db, char **out, size_t *size); + extern void cil_set_disable_dontaudit(cil_db_t *db, int disable_dontaudit); ++extern void cil_set_multiple_decls(cil_db_t *db, int multiple_decls); + extern void cil_set_disable_neverallow(cil_db_t *db, int disable_neverallow); + extern void cil_set_preserve_tunables(cil_db_t *db, int preserve_tunables); + extern int cil_set_handle_unknown(cil_db_t *db, int handle_unknown); +diff --git libsepol-2.7/cil/src/cil.c libsepol-2.7/cil/src/cil.c +index c02a41a..3fe68af 100644 +--- libsepol-2.7/cil/src/cil.c ++++ libsepol-2.7/cil/src/cil.c +@@ -1691,6 +1691,11 @@ void cil_set_mls(struct cil_db *db, int mls) + db->mls = mls; + } + ++void cil_set_multiple_decls(struct cil_db *db, int multiple_decls) ++{ ++ db->multiple_decls = multiple_decls; ++} ++ + void cil_set_target_platform(struct cil_db *db, int target_platform) + { + db->target_platform = target_platform; +diff --git libsepol-2.7/cil/src/cil_build_ast.c libsepol-2.7/cil/src/cil_build_ast.c +index 04492e5..e84336b 100644 +--- libsepol-2.7/cil/src/cil_build_ast.c ++++ libsepol-2.7/cil/src/cil_build_ast.c +@@ -82,10 +82,33 @@ exit: + return rc; + } + +-int cil_gen_node(__attribute__((unused)) struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor) ++/* ++ * Determine whether or not multiple declarations of the same key can share a ++ * datum, given the new datum and the one already present in a given symtab. ++ */ ++int cil_is_datum_multiple_decl(__attribute__((unused)) struct cil_symtab_datum *cur, ++ __attribute__((unused)) struct cil_symtab_datum *old, ++ enum cil_flavor f) ++{ ++ int rc = CIL_FALSE; ++ ++ switch (f) { ++ case CIL_TYPE: ++ case CIL_TYPEATTRIBUTE: ++ /* type and typeattribute statements insert empty datums, ret true */ ++ rc = CIL_TRUE; ++ break; ++ default: ++ break; ++ } ++ return rc; ++} ++ ++int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor) + { + int rc = SEPOL_ERR; + symtab_t *symtab = NULL; ++ struct cil_symtab_datum *prev; + + rc = __cil_verify_name((const char*)key); + if (rc != SEPOL_OK) { +@@ -103,15 +126,26 @@ int cil_gen_node(__attribute__((unused)) struct cil_db *db, struct cil_tree_node + if (symtab != NULL) { + rc = cil_symtab_insert(symtab, (hashtab_key_t)key, datum, ast_node); + if (rc == SEPOL_EEXIST) { +- cil_log(CIL_ERR, "Re-declaration of %s %s\n", +- cil_node_to_string(ast_node), key); +- if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) { +- if (sflavor == CIL_SYM_BLOCKS) { +- struct cil_tree_node *node = datum->nodes->head->data; +- cil_tree_log(node, CIL_ERR, "Previous declaration"); ++ if (!db->multiple_decls || ++ cil_symtab_get_datum(symtab, (hashtab_key_t)key, &prev) != SEPOL_OK || ++ !cil_is_datum_multiple_decl(datum, prev, nflavor)) { ++ ++ /* multiple_decls not ok, ret error */ ++ cil_log(CIL_ERR, "Re-declaration of %s %s\n", ++ cil_node_to_string(ast_node), key); ++ if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) { ++ if (sflavor == CIL_SYM_BLOCKS) { ++ struct cil_tree_node *node = datum->nodes->head->data; ++ cil_tree_log(node, CIL_ERR, "Previous declaration"); ++ } + } ++ goto exit; + } +- goto exit; ++ /* multiple_decls is enabled and works for this datum type, add node */ ++ cil_list_append(prev->nodes, CIL_NODE, ast_node); ++ ast_node->data = prev; ++ cil_symtab_datum_destroy(datum); ++ free(datum); + } + } + +diff --git libsepol-2.7/cil/src/cil_internal.h libsepol-2.7/cil/src/cil_internal.h +index 6d6a7d9..136a004 100644 +--- libsepol-2.7/cil/src/cil_internal.h ++++ libsepol-2.7/cil/src/cil_internal.h +@@ -316,6 +316,7 @@ struct cil_db { + int preserve_tunables; + int handle_unknown; + int mls; ++ int multiple_decls; + int target_platform; + int policy_version; + }; +diff --git libsepol-2.7/cil/src/cil_policy.c libsepol-2.7/cil/src/cil_policy.c +index 729b6e0..6d4987c 100644 +--- libsepol-2.7/cil/src/cil_policy.c ++++ libsepol-2.7/cil/src/cil_policy.c +@@ -775,7 +775,7 @@ static void cil_classes_to_policy(FILE *out, struct cil_list *classorder) + } + } + +-static void cil_defaults_to_policy(FILE *out, struct cil_list *defaults, char *kind) ++static void cil_defaults_to_policy(FILE *out, struct cil_list *defaults, const char *kind) + { + struct cil_list_item *i1, *i2, *i3; + struct cil_default *def; +diff --git libsepol-2.7/cil/src/cil_post.c libsepol-2.7/cil/src/cil_post.c +index ad073e8..3e013c9 100644 +--- libsepol-2.7/cil/src/cil_post.c ++++ libsepol-2.7/cil/src/cil_post.c +@@ -1297,6 +1297,55 @@ static int cil_typeattribute_used(struct cil_typeattribute *attr, struct cil_db + return CIL_TRUE; + } + ++static void __mark_neverallow_attrs(struct cil_list *expr_list) ++{ ++ struct cil_list_item *curr; ++ ++ cil_list_for_each(curr, expr_list) { ++ if (curr->flavor == CIL_DATUM) { ++ if (NODE(curr->data)->flavor == CIL_TYPEATTRIBUTE) { ++ struct cil_typeattribute *attr = curr->data; ++ if (strstr(DATUM(attr)->name, TYPEATTR_INFIX)) { ++ __mark_neverallow_attrs(attr->expr_list); ++ } else { ++ attr->used |= CIL_ATTR_NEVERALLOW; ++ } ++ } ++ } else if (curr->flavor == CIL_LIST) { ++ __mark_neverallow_attrs(curr->data); ++ } ++ } ++} ++ ++static int __cil_post_db_neverallow_attr_helper(struct cil_tree_node *node, uint32_t *finished, __attribute__((unused)) void *extra_args) ++{ ++ switch (node->flavor) { ++ case CIL_BLOCK: { ++ struct cil_block *blk = node->data; ++ if (blk->is_abstract == CIL_TRUE) { ++ *finished = CIL_TREE_SKIP_HEAD; ++ } ++ break; ++ } ++ case CIL_MACRO: { ++ *finished = CIL_TREE_SKIP_HEAD; ++ break; ++ } ++ case CIL_TYPEATTRIBUTE: { ++ struct cil_typeattribute *attr = node->data; ++ if ((attr->used & CIL_ATTR_NEVERALLOW) && ++ strstr(DATUM(attr)->name, TYPEATTR_INFIX)) { ++ __mark_neverallow_attrs(attr->expr_list); ++ } ++ break; ++ } ++ default: ++ break; ++ } ++ ++ return SEPOL_OK; ++} ++ + static int __cil_post_db_attr_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args) + { + int rc = SEPOL_ERR; +@@ -2031,6 +2080,12 @@ static int cil_post_db(struct cil_db *db) + goto exit; + } + ++ rc = cil_tree_walk(db->ast->root, __cil_post_db_neverallow_attr_helper, NULL, NULL, db); ++ if (rc != SEPOL_OK) { ++ cil_log(CIL_INFO, "Failed to mark attributes used by generated attributes used in neverallow rules\n"); ++ goto exit; ++ } ++ + rc = cil_tree_walk(db->ast->root, __cil_post_db_attr_helper, NULL, NULL, db); + if (rc != SEPOL_OK) { + cil_log(CIL_INFO, "Failed to create attribute bitmaps\n"); +diff --git libsepol-2.7/cil/src/cil_strpool.c libsepol-2.7/cil/src/cil_strpool.c +index b1396d2..97d4c4b 100644 +--- libsepol-2.7/cil/src/cil_strpool.c ++++ libsepol-2.7/cil/src/cil_strpool.c +@@ -119,6 +119,7 @@ void cil_strpool_destroy(void) + if (cil_strpool_readers == 0) { + hashtab_map(cil_strpool_tab, cil_strpool_entry_destroy, NULL); + hashtab_destroy(cil_strpool_tab); ++ cil_strpool_tab = NULL; + } + pthread_mutex_unlock(&cil_strpool_mutex); + } +diff --git libsepol-2.7/include/sepol/policydb/avtab.h libsepol-2.7/include/sepol/policydb/avtab.h +index 958848e..10ecde9 100644 +--- libsepol-2.7/include/sepol/policydb/avtab.h ++++ libsepol-2.7/include/sepol/policydb/avtab.h +@@ -1,5 +1,5 @@ + +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* + * Updated: Yuichi Nakamura +diff --git libsepol-2.7/include/sepol/policydb/constraint.h libsepol-2.7/include/sepol/policydb/constraint.h +index 927bdc0..b91fc4e 100644 +--- libsepol-2.7/include/sepol/policydb/constraint.h ++++ libsepol-2.7/include/sepol/policydb/constraint.h +@@ -1,4 +1,4 @@ +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* FLASK */ + +diff --git libsepol-2.7/include/sepol/policydb/context.h libsepol-2.7/include/sepol/policydb/context.h +index 2eaa686..c27c334 100644 +--- libsepol-2.7/include/sepol/policydb/context.h ++++ libsepol-2.7/include/sepol/policydb/context.h +@@ -1,4 +1,4 @@ +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* FLASK */ + +diff --git libsepol-2.7/include/sepol/policydb/ebitmap.h libsepol-2.7/include/sepol/policydb/ebitmap.h +index e90371e..94fb7ef 100644 +--- libsepol-2.7/include/sepol/policydb/ebitmap.h ++++ libsepol-2.7/include/sepol/policydb/ebitmap.h +@@ -1,4 +1,4 @@ +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* FLASK */ + +diff --git libsepol-2.7/include/sepol/policydb/flask_types.h libsepol-2.7/include/sepol/policydb/flask_types.h +index e01669c..714176f 100644 +--- libsepol-2.7/include/sepol/policydb/flask_types.h ++++ libsepol-2.7/include/sepol/policydb/flask_types.h +@@ -1,7 +1,7 @@ + /* -*- linux-c -*- */ + + /* +- * Author : Stephen Smalley, ++ * Author : Stephen Smalley, + */ + + #ifndef _SEPOL_POLICYDB_FLASK_TYPES_H_ +diff --git libsepol-2.7/include/sepol/policydb/hashtab.h libsepol-2.7/include/sepol/policydb/hashtab.h +index ae5674a..ef1bb67 100644 +--- libsepol-2.7/include/sepol/policydb/hashtab.h ++++ libsepol-2.7/include/sepol/policydb/hashtab.h +@@ -1,4 +1,4 @@ +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* FLASK */ + +diff --git libsepol-2.7/include/sepol/policydb/mls_types.h libsepol-2.7/include/sepol/policydb/mls_types.h +index 568386c..a06723b 100644 +--- libsepol-2.7/include/sepol/policydb/mls_types.h ++++ libsepol-2.7/include/sepol/policydb/mls_types.h +@@ -1,4 +1,4 @@ +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + /* + * Updated: Trusted Computer Solutions, Inc. + * +diff --git libsepol-2.7/include/sepol/policydb/policydb.h libsepol-2.7/include/sepol/policydb/policydb.h +index 1b2d782..f8626ef 100644 +--- libsepol-2.7/include/sepol/policydb/policydb.h ++++ libsepol-2.7/include/sepol/policydb/policydb.h +@@ -1,4 +1,4 @@ +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* + * Updated: Joshua Brindle +diff --git libsepol-2.7/include/sepol/policydb/services.h libsepol-2.7/include/sepol/policydb/services.h +index efdf7de..6ef27a8 100644 +--- libsepol-2.7/include/sepol/policydb/services.h ++++ libsepol-2.7/include/sepol/policydb/services.h +@@ -2,7 +2,7 @@ + /* -*- linux-c -*- */ + + /* +- * Author : Stephen Smalley, ++ * Author : Stephen Smalley, + */ + + #ifndef _SEPOL_POLICYDB_SERVICES_H_ +diff --git libsepol-2.7/include/sepol/policydb/sidtab.h libsepol-2.7/include/sepol/policydb/sidtab.h +index 2df1a50..893e6f0 100644 +--- libsepol-2.7/include/sepol/policydb/sidtab.h ++++ libsepol-2.7/include/sepol/policydb/sidtab.h +@@ -1,4 +1,4 @@ +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* FLASK */ + +diff --git libsepol-2.7/include/sepol/policydb/symtab.h libsepol-2.7/include/sepol/policydb/symtab.h +index 68b5ad4..8b9ddca 100644 +--- libsepol-2.7/include/sepol/policydb/symtab.h ++++ libsepol-2.7/include/sepol/policydb/symtab.h +@@ -1,5 +1,5 @@ + +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* FLASK */ + +diff --git libsepol-2.7/man/man3/sepol_genbools.3 libsepol-2.7/man/man3/sepol_genbools.3 +index dcfb69d..5363383 100644 +--- libsepol-2.7/man/man3/sepol_genbools.3 ++++ libsepol-2.7/man/man3/sepol_genbools.3 +@@ -1,4 +1,4 @@ +-.TH "sepol_genbools" "3" "11 August 2004" "sds@epoch.ncsc.mil" "SE Linux binary policy API documentation" ++.TH "sepol_genbools" "3" "11 August 2004" "sds@tycho.nsa.gov" "SE Linux binary policy API documentation" + .SH "NAME" + sepol_genbools \- Rewrite a binary policy with different boolean settings + .SH "SYNOPSIS" +diff --git libsepol-2.7/man/man8/genpolbools.8 libsepol-2.7/man/man8/genpolbools.8 +index afeaced..fc792c8 100644 +--- libsepol-2.7/man/man8/genpolbools.8 ++++ libsepol-2.7/man/man8/genpolbools.8 +@@ -1,4 +1,4 @@ +-.TH "genpolbools" "8" "11 August 2004" "sds@epoch.ncsc.mil" "SELinux Command Line documentation" ++.TH "genpolbools" "8" "11 August 2004" "sds@tycho.nsa.gov" "SELinux Command Line documentation" + .SH "NAME" + genpolbools \- Rewrite a binary policy with different boolean settings + .SH "SYNOPSIS" +diff --git libsepol-2.7/src/avtab.c libsepol-2.7/src/avtab.c +index 3854d6f..257f051 100644 +--- libsepol-2.7/src/avtab.c ++++ libsepol-2.7/src/avtab.c +@@ -1,5 +1,5 @@ + +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* + * Updated: Yuichi Nakamura +diff --git libsepol-2.7/src/booleans.c libsepol-2.7/src/booleans.c +index c914a28..30fcf29 100644 +--- libsepol-2.7/src/booleans.c ++++ libsepol-2.7/src/booleans.c +@@ -155,6 +155,7 @@ int sepol_bool_query(sepol_handle_t * handle, + booldatum = hashtab_search(policydb->p_bools.table, name); + if (!booldatum) { + *response = NULL; ++ free(name); + return STATUS_SUCCESS; + } + +diff --git libsepol-2.7/src/ebitmap.c libsepol-2.7/src/ebitmap.c +index 218adc2..76e6e41 100644 +--- libsepol-2.7/src/ebitmap.c ++++ libsepol-2.7/src/ebitmap.c +@@ -1,5 +1,5 @@ + +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* FLASK */ + +diff --git libsepol-2.7/src/hashtab.c libsepol-2.7/src/hashtab.c +index ec49c15..f5407ab 100644 +--- libsepol-2.7/src/hashtab.c ++++ libsepol-2.7/src/hashtab.c +@@ -1,5 +1,5 @@ + +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* + * Updated : Karl MacMillan +diff --git libsepol-2.7/src/kernel_to_cil.c libsepol-2.7/src/kernel_to_cil.c +index f1905a9..0055c23 100644 +--- libsepol-2.7/src/kernel_to_cil.c ++++ libsepol-2.7/src/kernel_to_cil.c +@@ -2788,7 +2788,7 @@ static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb) + { + struct ocontext *ibpkeycon; + char subnet_prefix_str[INET6_ADDRSTRLEN]; +- struct in6_addr subnet_prefix = {0}; ++ struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT; + uint16_t low; + uint16_t high; + char low_high_str[44]; /* 2^64 <= 20 digits so "(low high)" <= 44 chars */ +diff --git libsepol-2.7/src/kernel_to_conf.c libsepol-2.7/src/kernel_to_conf.c +index a74873f..95aa92f 100644 +--- libsepol-2.7/src/kernel_to_conf.c ++++ libsepol-2.7/src/kernel_to_conf.c +@@ -2649,7 +2649,7 @@ static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb) + { + struct ocontext *ibpkeycon; + char subnet_prefix_str[INET6_ADDRSTRLEN]; +- struct in6_addr subnet_prefix = {0}; ++ struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT; + uint16_t low; + uint16_t high; + char low_high_str[44]; /* 2^64 <= 20 digits so "low-high" <= 44 chars */ +diff --git libsepol-2.7/src/libsepol.map.in libsepol-2.7/src/libsepol.map.in +index dd1fec2..2a9996f 100644 +--- libsepol-2.7/src/libsepol.map.in ++++ libsepol-2.7/src/libsepol.map.in +@@ -49,6 +49,7 @@ LIBSEPOL_1.1 { + cil_set_mls; + cil_set_attrs_expand_generated; + cil_set_attrs_expand_size; ++ cil_set_multiple_decls; + cil_write_policy_conf; + sepol_ppfile_to_module_package; + sepol_module_package_to_cil; +diff --git libsepol-2.7/src/mls.c libsepol-2.7/src/mls.c +index be85475..bf1fdbd 100644 +--- libsepol-2.7/src/mls.c ++++ libsepol-2.7/src/mls.c +@@ -1,4 +1,4 @@ +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + /* + * Updated: Trusted Computer Solutions, Inc. + * +diff --git libsepol-2.7/src/mls.h libsepol-2.7/src/mls.h +index 98da3d3..5ca3cd5 100644 +--- libsepol-2.7/src/mls.h ++++ libsepol-2.7/src/mls.h +@@ -1,4 +1,4 @@ +-/* Author: Stephen Smalley, ++/* Author: Stephen Smalley, + * Updated: Trusted Computer Solutions, Inc. + * + * Support for enhanced MLS infrastructure. +diff --git libsepol-2.7/src/module_to_cil.c libsepol-2.7/src/module_to_cil.c +index 619a48f..15b58a7 100644 +--- libsepol-2.7/src/module_to_cil.c ++++ libsepol-2.7/src/module_to_cil.c +@@ -2687,7 +2687,7 @@ static int ocontext_selinux_ibpkey_to_cil(struct policydb *pdb, + int rc = -1; + struct ocontext *ibpkeycon; + char subnet_prefix_str[INET6_ADDRSTRLEN]; +- struct in6_addr subnet_prefix = {0}; ++ struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT; + uint16_t high; + uint16_t low; + +diff --git libsepol-2.7/src/policydb.c libsepol-2.7/src/policydb.c +index 691101e..37788f3 100644 +--- libsepol-2.7/src/policydb.c ++++ libsepol-2.7/src/policydb.c +@@ -1,5 +1,5 @@ + +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* + * Updated: Trusted Computer Solutions, Inc. +diff --git libsepol-2.7/src/services.c libsepol-2.7/src/services.c +index 10338a6..d40793e 100644 +--- libsepol-2.7/src/services.c ++++ libsepol-2.7/src/services.c +@@ -1,6 +1,6 @@ + + /* +- * Author : Stephen Smalley, ++ * Author : Stephen Smalley, + */ + /* + * Updated: Trusted Computer Solutions, Inc. +diff --git libsepol-2.7/src/sidtab.c libsepol-2.7/src/sidtab.c +index 5bd7999..23b2e8f 100644 +--- libsepol-2.7/src/sidtab.c ++++ libsepol-2.7/src/sidtab.c +@@ -1,5 +1,5 @@ + +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* FLASK */ + +diff --git libsepol-2.7/src/symtab.c libsepol-2.7/src/symtab.c +index c1e625d..9a417ca 100644 +--- libsepol-2.7/src/symtab.c ++++ libsepol-2.7/src/symtab.c +@@ -1,5 +1,5 @@ + +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* FLASK */ + +diff --git libsepol-2.7/src/write.c libsepol-2.7/src/write.c +index e486e28..1fb3095 100644 +--- libsepol-2.7/src/write.c ++++ libsepol-2.7/src/write.c +@@ -1,5 +1,5 @@ + +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* + * Updated: Trusted Computer Solutions, Inc. diff --git a/libsepol.spec b/libsepol.spec index b58e9ed..030c297 100644 --- a/libsepol.spec +++ b/libsepol.spec @@ -1,15 +1,15 @@ Summary: SELinux binary policy manipulation library Name: libsepol Version: 2.7 -Release: 1%{?dist} +Release: 2%{?dist} License: LGPLv2+ Group: System Environment/Libraries Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/libsepol-2.7.tar.gz # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # run: # $ VERSION=2.7 ./make-fedora-selinux-patch.sh libsepol -# HEAD https://github.com/fedora-selinux/selinux/commit/70a12c5e7b56a81223d67ce2469292826b84efe9 -# Patch1: libsepol-fedora.patch +# HEAD https://github.com/fedora-selinux/selinux/commit/4247fad665261169b430895f0ab10f56eb33dd10 +Patch1: libsepol-fedora.patch URL: https://github.com/SELinuxProject/selinux/wiki BuildRequires: flex @@ -106,6 +106,16 @@ exit 0 %{_libdir}/libsepol.so.1 %changelog +* Fri Oct 20 2017 Petr Lautrbach - 2.7-2 +- reset pointer after free in cil_strpool_destroy() +- cil: Add ability to redeclare types[attributes] +- cil: Keep attributes used by generated attributes in neverallow rules +- use IN6ADDR_ANY_INIT to initialize IPv6 addresses +- fix memory leak in sepol_bool_query() +- cil: drop wrong unused attribute +- cil: fix -Wwrite-strings warning +- cil: __cil_post_db_neverallow_attr_helper() does not use extra_args + * Mon Aug 07 2017 Petr Lautrbach - 2.7-1 - Update to upstream release 2017-08-04