From 8bb5a230f2128c95e55584bbc427ff65160300eb Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Sep 27 2007 00:20:09 +0000
Subject: - Upgrade to latest from NSA

Pass CFLAGS to CC even on link command, per Dennis Gilmore.
Clear errno on non-fatal errors to avoid reporting them upon a later error
    that does not set errno.
Improve reporting of system errors, e.g. full filesystem or read-only
    filesystem from Stephen Smalley.

---

diff --git a/.cvsignore b/.cvsignore
index 03f8eb6..e99f2c0 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -85,3 +85,4 @@ libsemanage-2.0.3.tgz
 libsemanage-2.0.4.tgz
 libsemanage-2.0.5.tgz
 libsemanage-2.0.6.tgz
+libsemanage-2.0.9.tgz
diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch
index 75bf94c..de787d0 100644
--- a/libsemanage-rhat.patch
+++ b/libsemanage-rhat.patch
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/handle.h libsemanage-2.0.6/include/semanage/handle.h
+diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/handle.h libsemanage-2.0.9/include/semanage/handle.h
 --- nsalibsemanage/include/semanage/handle.h	2007-08-20 19:15:36.000000000 -0400
-+++ libsemanage-2.0.6/include/semanage/handle.h	2007-09-26 16:22:02.000000000 -0400
++++ libsemanage-2.0.9/include/semanage/handle.h	2007-09-26 19:49:09.000000000 -0400
 @@ -69,6 +69,10 @@
   * 1 for yes, 0 for no (default) */
  void semanage_set_create_store(semanage_handle_t * handle, int create_store);
@@ -12,9 +12,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/handle.h li
  /* Set whether or not to disable dontaudits upon commit */
  void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
  
-diff --exclude-from=exclude -N -u -r nsalibsemanage/Makefile libsemanage-2.0.6/Makefile
+diff --exclude-from=exclude -N -u -r nsalibsemanage/Makefile libsemanage-2.0.9/Makefile
 --- nsalibsemanage/Makefile	2007-07-16 14:20:39.000000000 -0400
-+++ libsemanage-2.0.6/Makefile	2007-09-26 16:22:02.000000000 -0400
++++ libsemanage-2.0.9/Makefile	2007-09-26 19:49:09.000000000 -0400
 @@ -1,6 +1,9 @@
  all: 
  	$(MAKE) -C src all
@@ -25,10 +25,10 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/Makefile libsemanage-2.0.6/M
  pywrap: 
  	$(MAKE) -C src pywrap
  
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage-2.0.6/src/direct_api.c
---- nsalibsemanage/src/direct_api.c	2007-07-16 14:20:38.000000000 -0400
-+++ libsemanage-2.0.6/src/direct_api.c	2007-09-26 16:22:31.000000000 -0400
-@@ -700,7 +700,7 @@
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage-2.0.9/src/direct_api.c
+--- nsalibsemanage/src/direct_api.c	2007-09-26 19:37:44.000000000 -0400
++++ libsemanage-2.0.9/src/direct_api.c	2007-09-26 19:49:09.000000000 -0400
+@@ -702,7 +702,7 @@
  		goto cleanup;
  
  	if (sh->do_rebuild || modified) {
@@ -37,9 +37,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage
  	}
  
        cleanup:
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.6/src/genhomedircon.c
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.9/src/genhomedircon.c
 --- nsalibsemanage/src/genhomedircon.c	2007-09-13 08:21:11.000000000 -0400
-+++ libsemanage-2.0.6/src/genhomedircon.c	2007-09-26 16:39:40.000000000 -0400
++++ libsemanage-2.0.9/src/genhomedircon.c	2007-09-26 19:49:09.000000000 -0400
 @@ -1,5 +1,6 @@
 -/* Author: Mark Goldman   <mgoldman@tresys.com>
 - * 			Paul Rosenfeld	<prosenfeld@tresys.com>
@@ -181,7 +181,93 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman
  		ustr_sc_free(&line);
  	}
  	return STATUS_SUCCESS;
-@@ -602,7 +658,7 @@
+@@ -496,6 +552,32 @@
+ 	free(temp);
+ }
+ 
++static char *global_fallback_user=NULL;
++static char *global_fallback_user_prefix=NULL;
++
++static int set_fallback_user(const char *user, const char *prefix) {
++	free(global_fallback_user);
++	free(global_fallback_user_prefix);
++	global_fallback_user = strdup(user);
++	global_fallback_user_prefix = strdup(prefix);
++	if (!global_fallback_user || !global_fallback_user_prefix)
++		return -1;
++	return 0;
++}
++
++static char *get_fallback_user(void) {
++	return global_fallback_user;
++}
++
++static char *get_fallback_user_prefix(void) {
++	return global_fallback_user_prefix;
++}
++
++static void free_fallback_user(void) {
++	free(global_fallback_user);
++	free(global_fallback_user_prefix);
++}
++
+ static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
+ 					     int *errors)
+ {
+@@ -538,13 +620,39 @@
+ 
+ 	for (i = 0; i < nseusers; i++) {
+ 		name = semanage_seuser_get_name(seuser_list[i]);
++		if (strcmp(name, DEFAULT_LOGIN) == 0) {
++			seuname = semanage_seuser_get_sename(seuser_list[i]);
++
++			/* find the user structure given the name */
++			u = bsearch(seuname, user_list, nusers, sizeof(semanage_user_t *),
++				    (int (*)(const void *, const void *))
++				    &name_user_cmp);
++			if (u) {
++				prefix = semanage_user_get_prefix(*u);
++			} else {
++				prefix = name;
++			}
++
++			if (set_fallback_user(seuname, prefix) != 0) {
++				*errors = STATUS_ERR;
++				goto cleanup;
++			}
++			break;
++		}
++	}
++	char *fallback_user = get_fallback_user();
++			
++	for (i = 0; i < nseusers; i++) {
++		name = semanage_seuser_get_name(seuser_list[i]);
+ 		seuname = semanage_seuser_get_sename(seuser_list[i]);
+ 
+-		if (strcmp(seuname, FALLBACK_USER) == 0)
++		if (strcmp(seuname, fallback_user) == 0)
+ 			continue;
+-		if (strcmp(seuname, DEFAULT_LOGIN) == 0)
++
++		if (strcmp(name, DEFAULT_LOGIN) == 0)
+ 			continue;
+-		if (strcmp(seuname, TEMPLATE_SEUSER) == 0)
++		
++		if (strcmp(name, TEMPLATE_SEUSER) == 0)
+ 			continue;
+ 
+ 		/* find the user structure given the name */
+@@ -563,6 +671,9 @@
+ 				*errors = STATUS_ERR;
+ 				goto cleanup;
+ 			}
++		}
++
++		if (!pwent) {
+ 			WARN(s->h_semanage,
+ 			     "user %s not in password file", name);
+ 			continue;
+@@ -602,7 +713,7 @@
  	return head;
  }
  
@@ -190,7 +276,7 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman
  				      semanage_list_t * user_context_tpl,
  				      semanage_list_t * homedir_context_tpl)
  {
-@@ -615,13 +671,13 @@
+@@ -615,13 +726,13 @@
  	}
  
  	for (; users; pop_user_entry(&users)) {
@@ -206,16 +292,35 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman
  				       users->sename, users->prefix)) {
  			return STATUS_ERR;
  		}
-@@ -671,7 +727,7 @@
+@@ -662,6 +773,14 @@
+ 		goto done;
+ 	}
+ 
++	if (write_gen_home_dir_context(s, out, user_context_tpl,
++				       homedir_context_tpl) != STATUS_SUCCESS) {
++		retval = STATUS_ERR;
++	}
++
++	char *fallback_user = get_fallback_user();
++	char *fallback_user_prefix = get_fallback_user_prefix();
++
+ 	for (h = homedirs; h; h = h->next) {
+ 		Ustr *temp = ustr_dup_cstr(h->data);
+ 
+@@ -671,16 +790,16 @@
  			goto done;
  		}
  
 -		if (write_home_dir_context(out,
+-					   homedir_context_tpl, FALLBACK_USER,
+-					   FALLBACK_USER, ustr_cstr(temp),
+-					   FALLBACK_USER_PREFIX) !=
 +		if (write_home_dir_context(s, out,
- 					   homedir_context_tpl, FALLBACK_USER,
- 					   FALLBACK_USER, ustr_cstr(temp),
- 					   FALLBACK_USER_PREFIX) !=
-@@ -680,7 +736,7 @@
++					   homedir_context_tpl, fallback_user,
++					   fallback_user, ustr_cstr(temp),
++					   fallback_user_prefix) !=
+ 		    STATUS_SUCCESS) {
+ 			ustr_sc_free(&temp);
  			retval = STATUS_ERR;
  			goto done;
  		}
@@ -224,23 +329,27 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman
  					    homeroot_context_tpl,
  					    h->data) != STATUS_SUCCESS) {
  			ustr_sc_free(&temp);
-@@ -690,13 +746,13 @@
+@@ -690,16 +809,12 @@
  
  		ustr_sc_free(&temp);
  	}
 -	if (write_user_context(out, user_context_tpl,
+-			       ".*", FALLBACK_USER,
+-			       FALLBACK_USER_PREFIX) != STATUS_SUCCESS) {
 +	if (write_user_context(s, out, user_context_tpl,
- 			       ".*", FALLBACK_USER,
- 			       FALLBACK_USER_PREFIX) != STATUS_SUCCESS) {
++			       ".*", fallback_user,
++			       fallback_user_prefix) != STATUS_SUCCESS) {
  		retval = STATUS_ERR;
  		goto done;
  	}
 -	if (write_gen_home_dir_context(out, s, user_context_tpl,
-+	if (write_gen_home_dir_context(s, out, user_context_tpl,
- 				       homedir_context_tpl) != STATUS_SUCCESS) {
- 		retval = STATUS_ERR;
- 	}
-@@ -711,7 +767,9 @@
+-				       homedir_context_tpl) != STATUS_SUCCESS) {
+-		retval = STATUS_ERR;
+-	}
+ 
+       done:
+ 	/* Cleanup */
+@@ -711,7 +826,9 @@
  	return retval;
  }
  
@@ -251,7 +360,15 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman
  {
  	genhomedircon_settings_t s;
  	FILE *out = NULL;
-@@ -725,6 +783,7 @@
+@@ -719,12 +836,15 @@
+ 
+ 	assert(sh);
+ 
++	set_fallback_user(FALLBACK_USER, FALLBACK_USER_PREFIX);
++
+ 	s.homedir_template_path =
+ 	    semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
+ 	s.fcfilepath = semanage_path(SEMANAGE_TMP, SEMANAGE_FC_HOMEDIRS);
  
  	s.usepasswd = usepasswd;
  	s.h_semanage = sh;
@@ -259,9 +376,18 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman
  
  	if (!(out = fopen(s.fcfilepath, "w"))) {
  		/* couldn't open output file */
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.h libsemanage-2.0.6/src/genhomedircon.h
+@@ -735,5 +855,8 @@
+ 	retval = write_context_file(&s, out);
+ 
+ 	fclose(out);
++
++	free_fallback_user();
++
+ 	return retval;
+ }
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.h libsemanage-2.0.9/src/genhomedircon.h
 --- nsalibsemanage/src/genhomedircon.h	2007-08-23 16:52:25.000000000 -0400
-+++ libsemanage-2.0.6/src/genhomedircon.h	2007-09-26 16:22:31.000000000 -0400
++++ libsemanage-2.0.9/src/genhomedircon.h	2007-09-26 19:49:09.000000000 -0400
 @@ -22,6 +22,7 @@
  
  #include "utilities.h"
@@ -271,9 +397,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.h libseman
 +			   sepol_policydb_t * policydb, int usepasswd);
  
  #endif
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.c libsemanage-2.0.6/src/handle.c
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.c libsemanage-2.0.9/src/handle.c
 --- nsalibsemanage/src/handle.c	2007-08-20 19:15:37.000000000 -0400
-+++ libsemanage-2.0.6/src/handle.c	2007-09-26 16:22:02.000000000 -0400
++++ libsemanage-2.0.9/src/handle.c	2007-09-26 19:49:09.000000000 -0400
 @@ -68,6 +68,7 @@
  	/* By default do not create store */
  	sh->create_store = 0;
@@ -298,9 +424,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.c libsemanage-2.0
  void semanage_set_create_store(semanage_handle_t * sh, int create_store)
  {
  
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.h libsemanage-2.0.6/src/handle.h
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.h libsemanage-2.0.9/src/handle.h
 --- nsalibsemanage/src/handle.h	2007-07-16 14:20:38.000000000 -0400
-+++ libsemanage-2.0.6/src/handle.h	2007-09-26 16:22:02.000000000 -0400
++++ libsemanage-2.0.9/src/handle.h	2007-09-26 19:49:09.000000000 -0400
 @@ -58,6 +58,7 @@
  	int is_connected;
  	int is_in_transaction;
@@ -309,9 +435,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.h libsemanage-2.0
  	int do_rebuild;		/* whether to rebuild policy if there were no changes */
  	int modules_modified;
  	int create_store;	/* whether to create the store if it does not exist
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libsemanage-2.0.6/src/libsemanage.map
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libsemanage-2.0.9/src/libsemanage.map
 --- nsalibsemanage/src/libsemanage.map	2007-08-20 19:15:37.000000000 -0400
-+++ libsemanage-2.0.6/src/libsemanage.map	2007-09-26 16:22:02.000000000 -0400
++++ libsemanage-2.0.9/src/libsemanage.map	2007-09-26 19:49:09.000000000 -0400
 @@ -9,6 +9,7 @@
  	  semanage_module_list_nth; semanage_module_get_name;
  	  semanage_module_get_version; semanage_select_store;
@@ -320,10 +446,10 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libseman
  	  semanage_user_*; semanage_bool_*; semanage_seuser_*;
  	  semanage_iface_*; semanage_port_*; semanage_context_*;
  	  semanage_node_*;
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.6/src/semanage_store.c
---- nsalibsemanage/src/semanage_store.c	2007-08-23 16:52:25.000000000 -0400
-+++ libsemanage-2.0.6/src/semanage_store.c	2007-09-26 16:22:31.000000000 -0400
-@@ -1130,7 +1130,7 @@
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.9/src/semanage_store.c
+--- nsalibsemanage/src/semanage_store.c	2007-09-26 19:37:44.000000000 -0400
++++ libsemanage-2.0.9/src/semanage_store.c	2007-09-26 19:49:09.000000000 -0400
+@@ -1148,7 +1148,7 @@
  
        skip_reload:
  
@@ -332,7 +458,7 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsema
  	     semanage_exec_prog(sh, sh->conf->setfiles, store_pol,
  				store_fc)) != 0) {
  		ERR(sh, "setfiles returned error code %d.", r);
-@@ -1257,7 +1257,8 @@
+@@ -1279,7 +1279,8 @@
   * should be placed within a mutex lock to ensure that it runs
   * atomically.	Returns commit number on success, -1 on error.
   */
@@ -342,7 +468,7 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsema
  {
  	int retval = -1, commit_num = -1;
  
-@@ -1272,7 +1273,7 @@
+@@ -1294,7 +1295,7 @@
  	}
  	if (!sh->conf->disable_genhomedircon) {
  		if ((retval =
@@ -351,9 +477,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsema
  			ERR(sh, "semanage_genhomedircon returned error code %d.",
  			    retval);
  			goto cleanup;
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.h libsemanage-2.0.6/src/semanage_store.h
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.h libsemanage-2.0.9/src/semanage_store.h
 --- nsalibsemanage/src/semanage_store.h	2007-08-23 16:52:25.000000000 -0400
-+++ libsemanage-2.0.6/src/semanage_store.h	2007-09-26 16:22:31.000000000 -0400
++++ libsemanage-2.0.9/src/semanage_store.h	2007-09-26 20:10:59.000000000 -0400
 @@ -83,8 +83,6 @@
  int semanage_get_modules_names(semanage_handle_t * sh,
  			       char ***filenames, int *len);
diff --git a/libsemanage.spec b/libsemanage.spec
index 09a4dd6..2759d5f 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -2,8 +2,8 @@
 %define libselinuxver 2.0.0-1
 Summary: SELinux binary policy manipulation library 
 Name: libsemanage
-Version: 2.0.6
-Release: 2%{?dist}
+Version: 2.0.9
+Release: 1%{?dist}
 License: GPL
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
@@ -78,6 +78,15 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man3/*
 
 %changelog
+* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.9-1
+- Upgrade to latest from NSA
+	* Pass CFLAGS to CC even on link command, per Dennis Gilmore.
+	* Clear errno on non-fatal errors to avoid reporting them upon a
+	  later error that does not set errno.
+	* Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley.
+
+- Fix segfault in genhomedircon when using bad user names
+
 * Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.6-2
 - Fix genhomedircon code to only generate valid context
 - Fixes autorelabel problem
diff --git a/sources b/sources
index fa3af43..e88a176 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-ee1ccbd5cb4f0a08f85dd92a861283f8  libsemanage-2.0.6.tgz
+c241e659ddab751e036c3e770583e95c  libsemanage-2.0.9.tgz