diff --git a/coreutils-6.11-matchpathconinstall.patch b/coreutils-6.11-matchpathconinstall.patch index 77cbd1c..87a31ca 100644 --- a/coreutils-6.11-matchpathconinstall.patch +++ b/coreutils-6.11-matchpathconinstall.patch @@ -1,86 +1,46 @@ -diff -urNp coreutils-6.11-orig/src/install.c coreutils-6.11/src/install.c ---- coreutils-6.11-orig/src/install.c 2008-05-20 16:08:03.000000000 +0200 -+++ coreutils-6.11/src/install.c 2008-05-20 16:12:27.000000000 +0200 -@@ -85,6 +85,7 @@ static bool install_file_in_dir (const c - const struct cp_options *x); - static bool install_file_in_file (const char *from, const char *to, - const struct cp_options *x); -+static void set_prefix (const char* from_dir, const char* to_dir); - static void get_ids (void); - static void strip (char const *name); - static void announce_mkdir (char const *dir, void *options); -@@ -200,25 +201,25 @@ cp_option_init (struct cp_options *x) - x->src_info = NULL; - } - --/* Modify file context to match the specified policy. -- If an error occurs the file will remain with the default directory -- context. */ --static void --setdefaultfilecon (char const *file) -+static void -+set_prefix (char const *from_dir, char const *to_dir) +From a089634c855312a28f2ff3c2e7c08df5d030e2f5 Mon Sep 17 00:00:00 2001 +From: Jim Meyering redhat.com> +Date: Tue, 20 May 2008 17:58:42 +0200 +Subject: [PATCH] install: avoid a leak in currently-ifdef'd-out code + +* src/install.c (setdefaultfilecon) +[ENABLE_WHEN_MATCHPATHCON_IS_MORE_EFFICIENT]: +Call matchpathcon_init_prefix only once. +Suggestion from Stephen Smalley. Reported by Ben Webb in +. +--- + src/install.c | 5 ++++- + 1 files changed, 4 insertions(+), 1 deletions(-) + +diff --git a/src/install.c b/src/install.c +index 964ab36..b531f45 100644 +--- a/src/install.c ++++ b/src/install.c +@@ -208,6 +208,8 @@ setdefaultfilecon (char const *file) { -+ const char *from_base = last_component (from_dir); -+ char *file = file_name_concat (to_dir, from_base, NULL); struct stat st; -- security_context_t scontext = NULL; -+ + security_context_t scontext = NULL; ++ static bool first_call = true; ++ if (selinux_enabled != 1) { /* Indicate no context found. */ - return; - } -+ +@@ -216,7 +218,7 @@ setdefaultfilecon (char const *file) if (lstat (file, &st) != 0) return; - - if (IS_ABSOLUTE_FILE_NAME (file)) + +- if (IS_ABSOLUTE_FILE_NAME (file)) ++ if (first_call && IS_ABSOLUTE_FILE_NAME (file)) { -- /* Calling matchpathcon_init_prefix (NULL, "/first_component/") -+ /* Calling matchpathcon_init_prefix (NULL, "/first_component/") + /* Calling matchpathcon_init_prefix (NULL, "/first_component/") is an optimization to minimize the expense of the following - matchpathcon call. */ - char const *p0; -@@ -248,6 +249,26 @@ setdefaultfilecon (char const *file) +@@ -247,6 +249,7 @@ setdefaultfilecon (char const *file) + } } } - -+ return; -+} -+ -+/* Modify file context to match the specified policy. -+ If an error occurs the file will remain with the default directory -+ context. */ -+static void -+setdefaultfilecon (char const *file) -+{ -+ struct stat st; -+ security_context_t scontext = NULL; -+ return; -+ if (selinux_enabled != 1) -+ { -+ /* Indicate no context found. */ -+ return; -+ } -+ if (lstat (file, &st) != 0) -+ return; -+ ++ first_call = false; + /* If there's an error determining the context, or it has none, return to allow default context */ - if ((matchpathcon (file, st.st_mode, &scontext) != 0) || -@@ -526,9 +547,13 @@ main (int argc, char **argv) - { - int i; - dest_info_init (&x); -- for (i = 0; i < n_files; i++) -+ set_prefix (file[0], target_directory); -+ for (i = 0; i < n_files; i++) { - if (! install_file_in_dir (file[i], target_directory, &x)) - exit_status = EXIT_FAILURE; -+ } -+ if (selinux_enabled) -+ matchpathcon_fini(); - } - } - +-- +1.5.5.1.249.g68ef3 diff --git a/coreutils-selinux.patch b/coreutils-selinux.patch index 9390f05..76256f3 100644 --- a/coreutils-selinux.patch +++ b/coreutils-selinux.patch @@ -765,7 +765,7 @@ diff -urp coreutils-6.10-orig/src/ls.c coreutils-6.10/src/ls.c f->stat_ok = true; - if (format == long_format || print_scontext) -+ if (format == long_format || format == security_format) ++ if (format == long_format || format == security_format || print_scontext) { bool have_acl = false; int attr_len = (do_deref diff --git a/coreutils.spec b/coreutils.spec index 1f1c57d..54b5fee 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,7 +1,7 @@ Summary: The GNU core utilities: a set of tools commonly used in shell scripts Name: coreutils Version: 6.10 -Release: 24%{?dist} +Release: 25%{?dist} License: GPLv3+ Group: System Environment/Base Url: http://www.gnu.org/software/coreutils/ @@ -24,6 +24,7 @@ Patch3: coreutils-mvatomic.patch Patch4: coreutils-6.10-lonebackslash.patch Patch5: coreutils-6.10-mkscontextsegfault.patch Patch6: coreutils-6.10-md5sha1sum.patch +Patch7: coreutils-6.11-matchpathconinstall.patch # Our patches Patch100: coreutils-chgrp.patch @@ -56,7 +57,6 @@ Patch916: coreutils-getfacl-exit-code.patch #(upstream did some SELinux implementation unlike with RedHat patch) Patch950: coreutils-selinux.patch Patch951: coreutils-selinuxmanpages.patch -Patch952: coreutils-6.11-matchpathconinstall.patch BuildRequires: libselinux-devel >= 1.25.6-1 BuildRequires: libacl-devel @@ -110,6 +110,7 @@ cd %name-%version %patch4 -p1 -b .backslash %patch5 -p1 -b .mksegfault %patch6 -p1 -b .mda5sum +%patch7 -p1 -b .matchpathcon # Our patches %patch100 -p1 -b .chgrp @@ -139,7 +140,6 @@ cd %name-%version #SELinux %patch950 -p1 -b .selinux %patch951 -p1 -b .selinuxman -%patch952 -p1 -b .matchpathcon chmod a+x tests/sort/sort-mb-tests chmod a+x tests/mkdir/selinux @@ -218,6 +218,9 @@ install -p -c -m644 %SOURCE106 $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/colorls.c # su install -m 4755 src/su $RPM_BUILD_ROOT/bin install -m 755 src/runuser $RPM_BUILD_ROOT/sbin +# do not ship runuser in /usr/bin/runuser +rm -rf $RPM_BUILD_ROOT/usr/bin/runuser + # These come from util-linux and/or procps. for i in hostname uptime kill ; do @@ -318,6 +321,11 @@ fi /sbin/runuser %changelog +* Mon Jun 09 2008 Ondrej Vasik - 6.10-25 +- modified memory leak fix (upstream patch) +- fixed segfault in ls -lZ(#449866) +- runuser binary is no longer doubled in /usr/bin/runuser + * Mon May 26 2008 Tom "spot" Callaway - 6.10-24 - fix SHA256/SHA512 to work on sparc