diff --git a/coreutils-6.11-matchpathconinstall.patch b/coreutils-6.11-matchpathconinstall.patch new file mode 100644 index 0000000..77cbd1c --- /dev/null +++ b/coreutils-6.11-matchpathconinstall.patch @@ -0,0 +1,86 @@ +diff -urNp coreutils-6.11-orig/src/install.c coreutils-6.11/src/install.c +--- coreutils-6.11-orig/src/install.c 2008-05-20 16:08:03.000000000 +0200 ++++ coreutils-6.11/src/install.c 2008-05-20 16:12:27.000000000 +0200 +@@ -85,6 +85,7 @@ static bool install_file_in_dir (const c + const struct cp_options *x); + static bool install_file_in_file (const char *from, const char *to, + const struct cp_options *x); ++static void set_prefix (const char* from_dir, const char* to_dir); + static void get_ids (void); + static void strip (char const *name); + static void announce_mkdir (char const *dir, void *options); +@@ -200,25 +201,25 @@ cp_option_init (struct cp_options *x) + x->src_info = NULL; + } + +-/* Modify file context to match the specified policy. +- If an error occurs the file will remain with the default directory +- context. */ +-static void +-setdefaultfilecon (char const *file) ++static void ++set_prefix (char const *from_dir, char const *to_dir) + { ++ const char *from_base = last_component (from_dir); ++ char *file = file_name_concat (to_dir, from_base, NULL); + struct stat st; +- security_context_t scontext = NULL; ++ + if (selinux_enabled != 1) + { + /* Indicate no context found. */ + return; + } ++ + if (lstat (file, &st) != 0) + return; + + if (IS_ABSOLUTE_FILE_NAME (file)) + { +- /* Calling matchpathcon_init_prefix (NULL, "/first_component/") ++ /* Calling matchpathcon_init_prefix (NULL, "/first_component/") + is an optimization to minimize the expense of the following + matchpathcon call. */ + char const *p0; +@@ -248,6 +249,26 @@ setdefaultfilecon (char const *file) + } + } + ++ return; ++} ++ ++/* Modify file context to match the specified policy. ++ If an error occurs the file will remain with the default directory ++ context. */ ++static void ++setdefaultfilecon (char const *file) ++{ ++ struct stat st; ++ security_context_t scontext = NULL; ++ return; ++ if (selinux_enabled != 1) ++ { ++ /* Indicate no context found. */ ++ return; ++ } ++ if (lstat (file, &st) != 0) ++ return; ++ + /* If there's an error determining the context, or it has none, + return to allow default context */ + if ((matchpathcon (file, st.st_mode, &scontext) != 0) || +@@ -526,9 +547,13 @@ main (int argc, char **argv) + { + int i; + dest_info_init (&x); +- for (i = 0; i < n_files; i++) ++ set_prefix (file[0], target_directory); ++ for (i = 0; i < n_files; i++) { + if (! install_file_in_dir (file[i], target_directory, &x)) + exit_status = EXIT_FAILURE; ++ } ++ if (selinux_enabled) ++ matchpathcon_fini(); + } + } + diff --git a/coreutils.spec b/coreutils.spec index 8fcf200..1d22e5a 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,7 +1,7 @@ Summary: The GNU core utilities: a set of tools commonly used in shell scripts Name: coreutils Version: 6.11 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv3+ Group: System Environment/Base Url: http://www.gnu.org/software/coreutils/ @@ -51,6 +51,7 @@ Patch916: coreutils-getfacl-exit-code.patch #(upstream did some SELinux implementation unlike with RedHat patch) Patch950: coreutils-selinux.patch Patch951: coreutils-selinuxmanpages.patch +Patch952: coreutils-6.11-matchpathconinstall.patch BuildRequires: libselinux-devel >= 1.25.6-1 BuildRequires: libacl-devel @@ -128,6 +129,8 @@ cd %name-%version #SELinux %patch950 -p1 -b .selinux %patch951 -p1 -b .selinuxman +%patch952 -p1 -b .matchcon + chmod a+x tests/sort/sort-mb-tests chmod a+x tests/misc/id-context @@ -307,6 +310,9 @@ fi /sbin/runuser %changelog +* Tue May 20 2008 Ondrej Vasik - 6.11-4 +- fixed a HUGE memory leak in install binary(#447410) + * Mon May 19 2008 Ondrej Vasik - 6.11-3 - added arch utility (from util-linux-ng) - do not show executable file types without executable bit