From 7791fd54729576f21c87ba4d6870e817dbc9e6e5 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Oct 31 2007 10:57:59 +0000
Subject: * Wed Oct 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-8

- Validate semanage fcontext input
- Fix template names for log files in gui

---

diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch
index b1b5727..813124c 100644
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@@ -11118,8 +11118,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py
 +"""
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.31/gui/templates/var_log.py
 --- nsapolicycoreutils/gui/templates/var_log.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.31/gui/templates/var_log.py	2007-10-18 17:46:44.000000000 -0400
-@@ -0,0 +1,112 @@
++++ policycoreutils-2.0.31/gui/templates/var_log.py	2007-10-25 16:52:06.000000000 -0400
+@@ -0,0 +1,110 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
 +#
@@ -11174,8 +11174,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py
 +	')
 +
 +	logging_search_logs($1)
-+	allow $1 TEMPLATETYPE_log_t:dir r_dir_perms;
-+	allow $1 TEMPLATETYPE_log_t:file { read getattr lock };
++        read_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
 +')
 +
 +########################################
@@ -11195,8 +11194,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py
 +	')
 +
 +	logging_search_logs($1)
-+	allow $1 TEMPLATETYPE_log_t:dir r_dir_perms;
-+	allow $1 TEMPLATETYPE_log_t:file { getattr append };
++        append_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
 +')
 +
 +########################################
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index acce1ef..4b0db1f 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.29/audit2why/audit2why.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.31/audit2why/audit2why.c
 --- nsapolicycoreutils/audit2why/audit2why.c	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.29/audit2why/audit2why.c	2007-10-08 08:37:08.000000000 -0400
++++ policycoreutils-2.0.31/audit2why/audit2why.c	2007-10-15 16:55:02.000000000 -0400
 @@ -137,6 +137,8 @@
  	/* Process the audit messages. */
  	while (getline(&buffer, &len, stdin) > 0) {
@@ -97,18 +97,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
  		if (!tclass) {
  			fprintf(stderr,
  				"Invalid %s%s on line %u, skipping...\n",
-diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.29/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.31/Makefile
 --- nsapolicycoreutils/Makefile	2007-07-16 14:20:43.000000000 -0400
-+++ policycoreutils-2.0.29/Makefile	2007-10-08 08:36:41.000000000 -0400
++++ policycoreutils-2.0.31/Makefile	2007-10-15 16:55:02.000000000 -0400
 @@ -1,4 +1,4 @@
 -SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
 +SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
  
  all install relabel clean indent:
  	@for subdir in $(SUBDIRS); do \
-diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.29/restorecond/restorecond.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.31/restorecond/restorecond.c
 --- nsapolicycoreutils/restorecond/restorecond.c	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.29/restorecond/restorecond.c	2007-10-08 08:36:41.000000000 -0400
++++ policycoreutils-2.0.31/restorecond/restorecond.c	2007-10-15 16:55:02.000000000 -0400
 @@ -210,9 +210,10 @@
  			}
  
@@ -135,25 +135,28 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
  	}
  	free(scontext);
  	close(fd);
-diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.29/semanage/seobject.py
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.31/semanage/seobject.py
 --- nsapolicycoreutils/semanage/seobject.py	2007-10-07 21:46:43.000000000 -0400
-+++ policycoreutils-2.0.29/semanage/seobject.py	2007-10-08 08:36:41.000000000 -0400
-@@ -139,7 +139,7 @@
- 			translations = fd.readlines()
- 			fd.close()
- 		except IOError, e:
--			raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines: %s") % (self.filename, e) )
-+			raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename) )
++++ policycoreutils-2.0.31/semanage/seobject.py	2007-10-31 06:52:51.000000000 -0400
+@@ -1095,7 +1092,13 @@
+ 
+                 return con
+                
++        def validate(self, target):
++               if target == "" or target.find("\n") >= 0:
++                      raise ValueError(_("Invalid file specification"))
++                      
+ 	def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
++                self.validate(target)
++
+ 		if is_mls_enabled == 1:
+                        serange = untranslate(serange)
  			
- 		self.ddict = {}
- 		self.comments = []
-@@ -236,9 +236,6 @@
- 		if rc < 0:
- 			semanage_handle_destroy(self.sh)
- 			raise ValueError(_("Could not establish semanage connection"))
--        def deleteall(self):
--               raise ValueError(_("Not yet implemented"))
--               
+@@ -1154,6 +1157,7 @@
+ 	def modify(self, target, setype, ftype, serange, seuser):
+ 		if serange == "" and setype == "" and seuser == "":
+ 			raise ValueError(_("Requires setype, serange or seuser"))
++                self.validate(target)
  
- class loginRecords(semanageRecords):
- 	def __init__(self, store = ""):
+ 		(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
+ 		if rc < 0:
diff --git a/policycoreutils.spec b/policycoreutils.spec
index d44bbf8..1374762 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.31
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -207,6 +207,10 @@ if [ "$1" -ge "1" ]; then
 fi
 
 %changelog
+* Wed Oct 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-8
+- Validate semanage fcontext input
+- Fix template names for log files in gui
+
 * Fri Oct 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-7
 - Fix consolekit link to selinux-polgengui