diff --git a/patch-selinux.patch b/patch-selinux.patch index afebcf3..9fa6969 100644 --- a/patch-selinux.patch +++ b/patch-selinux.patch @@ -1,69 +1,26 @@ ---- patch-2.5.4/patch.c 2008-06-12 11:09:17.000000000 +0100 -+++ patch-2.5.4/patch.c 2008-06-30 10:56:48.000000000 +0100 -@@ -414,6 +414,13 @@ - if (! inerrno && chmod (outname, instat.st_mode) != 0) - pfatal ("Can't set permissions on file %s", - quotearg (outname)); -+ if (! inerrno && incontext && -+ setfilecon (outname, incontext) != 0) -+ { -+ if (errno != ENOTSUP && errno != EPERM) -+ pfatal ("Can't set security context on file %s", -+ quotearg (outname)); -+ } - } - } - } ---- patch-2.5.4/util.c.selinux 2008-06-12 11:09:17.000000000 +0100 -+++ patch-2.5.4/util.c 2008-06-12 11:12:01.000000000 +0100 -@@ -375,7 +375,8 @@ version_controller (char const *filename - Return nonzero if successful. */ - int - version_get (char const *filename, char const *cs, int exists, int readonly, -- char const *getbuf, struct stat *filestat) -+ char const *getbuf, struct stat *filestat, -+ security_context_t *filecontext) - { - if (patch_get < 0) - { -@@ -400,6 +401,13 @@ version_get (char const *filename, char - fatal ("Can't get file %s from %s", quotearg (filename), cs); - if (stat (filename, filestat) != 0) - pfatal ("%s", quotearg (filename)); -+ if (filecontext && getfilecon (filename, filecontext) == -1) -+ { -+ if (errno == ENODATA || errno == ENOTSUP) -+ *filecontext = NULL; -+ else -+ pfatal ("%s", quotearg (filename)); -+ } - } +diff -up patch-2.5.4/common.h.selinux patch-2.5.4/common.h +--- patch-2.5.4/common.h.selinux 1999-08-30 07:20:08.000000000 +0100 ++++ patch-2.5.4/common.h 2009-02-17 15:33:13.000000000 +0000 +@@ -39,6 +39,8 @@ + #include + #include - return 1; ---- patch-2.5.4/util.h.selinux 1999-08-30 07:20:08.000000000 +0100 -+++ patch-2.5.4/util.h 2008-06-12 11:09:17.000000000 +0100 -@@ -21,7 +21,7 @@ char *fetchname PARAMS ((char *, int, ti - char *savebuf PARAMS ((char const *, size_t)); - char *savestr PARAMS ((char const *)); - char const *version_controller PARAMS ((char const *, int, struct stat const *, char **, char **)); --int version_get PARAMS ((char const *, char const *, int, int, char const *, struct stat *)); -+int version_get PARAMS ((char const *, char const *, int, int, char const *, struct stat *, security_context_t *)); - int create_file PARAMS ((char const *, int, mode_t)); - int systemic PARAMS ((char const *)); - char *format_linenum PARAMS ((char[LINENUM_LENGTH_BOUND + 1], LINENUM)); ---- patch-2.5.4/Makefile.in.selinux 1999-08-30 07:37:54.000000000 +0100 -+++ patch-2.5.4/Makefile.in 2008-06-12 11:09:17.000000000 +0100 -@@ -36,7 +36,7 @@ DEFS = @DEFS@ - EXEEXT = @EXEEXT@ - LDFLAGS = @LDFLAGS@ - LIBOBJS = @LIBOBJS@ --LIBS = @LIBS@ -+LIBS = @LIBS@ -lselinux - PACKAGE = @PACKAGE@ - U = @U@ - VERSION = @VERSION@ ---- patch-2.5.4/inp.c.selinux 2008-06-12 11:09:17.000000000 +0100 -+++ patch-2.5.4/inp.c 2008-06-12 11:11:08.000000000 +0100 ++#include ++ + #include + #if ! defined S_ISDIR && defined S_IFDIR + # define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR) +@@ -168,6 +170,7 @@ XTERN char *outfile; + XTERN int inerrno; + XTERN int invc; + XTERN struct stat instat; ++XTERN security_context_t incontext; + XTERN bool dry_run; + XTERN bool posixly_correct; + +diff -up patch-2.5.4/inp.c.selinux patch-2.5.4/inp.c +--- patch-2.5.4/inp.c.selinux 2009-02-17 15:33:13.000000000 +0000 ++++ patch-2.5.4/inp.c 2009-02-17 15:33:13.000000000 +0000 @@ -154,7 +154,20 @@ get_input_file (char const *filename, ch char *getbuf; @@ -103,8 +60,41 @@ } else if (! S_ISREG (instat.st_mode)) fatal ("File %s is not a regular file -- can't patch", ---- patch-2.5.4/pch.c.selinux 2008-06-12 11:09:17.000000000 +0100 -+++ patch-2.5.4/pch.c 2008-06-12 11:11:48.000000000 +0100 +diff -up patch-2.5.4/Makefile.in.selinux patch-2.5.4/Makefile.in +--- patch-2.5.4/Makefile.in.selinux 1999-08-30 07:37:54.000000000 +0100 ++++ patch-2.5.4/Makefile.in 2009-02-17 15:33:13.000000000 +0000 +@@ -36,7 +36,7 @@ DEFS = @DEFS@ + EXEEXT = @EXEEXT@ + LDFLAGS = @LDFLAGS@ + LIBOBJS = @LIBOBJS@ +-LIBS = @LIBS@ ++LIBS = @LIBS@ -lselinux + PACKAGE = @PACKAGE@ + U = @U@ + VERSION = @VERSION@ +diff -up patch-2.5.4/patch.c.selinux patch-2.5.4/patch.c +--- patch-2.5.4/patch.c.selinux 2009-02-17 15:33:13.000000000 +0000 ++++ patch-2.5.4/patch.c 2009-02-17 15:34:42.000000000 +0000 +@@ -414,6 +414,16 @@ main (int argc, char **argv) + if (! inerrno && chmod (outname, instat.st_mode) != 0) + pfatal ("Can't set permissions on file %s", + quotearg (outname)); ++ if (! inerrno && incontext) { ++ security_context_t outcontext; ++ getfilecon (outname, &outcontext); ++ if (strcmp(outcontext, incontext) && ++ setfilecon (outname, incontext) != 0) { ++ if (errno != ENOTSUP && errno != EPERM) ++ pfatal ("Can't set security context on file %s", ++ quotearg (outname)); ++ } ++ } + } + } + } +diff -up patch-2.5.4/pch.c.selinux patch-2.5.4/pch.c +--- patch-2.5.4/pch.c.selinux 2009-02-17 15:33:13.000000000 +0000 ++++ patch-2.5.4/pch.c 2009-02-17 15:33:13.000000000 +0000 @@ -258,7 +258,12 @@ there_is_another_patch (void) { if (stat (inname, &instat) == 0) @@ -136,22 +126,42 @@ } for (i = OLD; i <= INDEX; i++) ---- patch-2.5.4/common.h.selinux 1999-08-30 07:20:08.000000000 +0100 -+++ patch-2.5.4/common.h 2008-06-12 11:09:17.000000000 +0100 -@@ -39,6 +39,8 @@ - #include - #include - -+#include -+ - #include - #if ! defined S_ISDIR && defined S_IFDIR - # define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR) -@@ -168,6 +170,7 @@ XTERN char *outfile; - XTERN int inerrno; - XTERN int invc; - XTERN struct stat instat; -+XTERN security_context_t incontext; - XTERN bool dry_run; - XTERN bool posixly_correct; +diff -up patch-2.5.4/util.c.selinux patch-2.5.4/util.c +--- patch-2.5.4/util.c.selinux 2009-02-17 15:33:13.000000000 +0000 ++++ patch-2.5.4/util.c 2009-02-17 15:33:13.000000000 +0000 +@@ -375,7 +375,8 @@ version_controller (char const *filename + Return nonzero if successful. */ + int + version_get (char const *filename, char const *cs, int exists, int readonly, +- char const *getbuf, struct stat *filestat) ++ char const *getbuf, struct stat *filestat, ++ security_context_t *filecontext) + { + if (patch_get < 0) + { +@@ -400,6 +401,13 @@ version_get (char const *filename, char + fatal ("Can't get file %s from %s", quotearg (filename), cs); + if (stat (filename, filestat) != 0) + pfatal ("%s", quotearg (filename)); ++ if (filecontext && getfilecon (filename, filecontext) == -1) ++ { ++ if (errno == ENODATA || errno == ENOTSUP) ++ *filecontext = NULL; ++ else ++ pfatal ("%s", quotearg (filename)); ++ } + } + return 1; +diff -up patch-2.5.4/util.h.selinux patch-2.5.4/util.h +--- patch-2.5.4/util.h.selinux 1999-08-30 07:20:08.000000000 +0100 ++++ patch-2.5.4/util.h 2009-02-17 15:33:13.000000000 +0000 +@@ -21,7 +21,7 @@ char *fetchname PARAMS ((char *, int, ti + char *savebuf PARAMS ((char const *, size_t)); + char *savestr PARAMS ((char const *)); + char const *version_controller PARAMS ((char const *, int, struct stat const *, char **, char **)); +-int version_get PARAMS ((char const *, char const *, int, int, char const *, struct stat *)); ++int version_get PARAMS ((char const *, char const *, int, int, char const *, struct stat *, security_context_t *)); + int create_file PARAMS ((char const *, int, mode_t)); + int systemic PARAMS ((char const *)); + char *format_linenum PARAMS ((char[LINENUM_LENGTH_BOUND + 1], LINENUM)); diff --git a/patch.spec b/patch.spec index cdedb57..9f36543 100644 --- a/patch.spec +++ b/patch.spec @@ -1,7 +1,7 @@ Summary: Utility for modifying/upgrading files Name: patch Version: 2.5.4 -Release: 36%{?dist} +Release: 37%{?dist} License: GPLv2+ URL: http://www.gnu.org/software/patch/patch.html Group: Development/Tools @@ -68,6 +68,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/*/* %changelog +* Tue Feb 17 2009 Tim Waugh 2.5.4-37 +- Don't set SELinux file context if it is already correct. + * Mon Nov 24 2008 Tim Waugh 2.5.4-36 - Better summary.