Resolves: #1337039 - setfacl.1: document the meaning of '-' in perms

0002-acl-2.2.52-setfacl-restore-initialize.patch

@@ -0,0 +1,40 @@
+From eb123384d1e4001b62a578ec1df53aa23016aed3 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruenba@redhat.com>
+Date: Fri, 17 Mar 2017 10:17:01 +0100
+Subject: [PATCH] setfacl --restore: Silence valgrind
+
+Valgrind complains that setfacl --restore triggers uninitialized memory
+accesses to cmd->c_tag and cmd->c_perm of CMD_REMOVE_ACL commands in
+do_set (http://savannah.nongnu.org/bugs/?50566).  In this case, the
+uninitialized memory accesses have no effect.  Silence valgrind by
+initializing cmd->c_tag and cmd->c_perm anyway.
+
+Upstream-commit: 33f01b5d5bd98fceee0ba46cdbddb60b36fc650e
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ setfacl/sequence.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/setfacl/sequence.c b/setfacl/sequence.c
+index a418b23..5ed182e 100644
+--- a/setfacl/sequence.c
++++ b/setfacl/sequence.c
+@@ -29,7 +29,14 @@ cmd_t
+ cmd_init(
+ 	void)
+ {
+-	return (cmd_t)malloc(sizeof(struct cmd_obj));
++	cmd_t cmd;
++
++	cmd = malloc(sizeof(struct cmd_obj));
++	if (cmd) {
++		cmd->c_tag = ACL_UNDEFINED_TAG;
++		cmd->c_perm = 0;
++	}
++	return cmd;
+ }
+ 
+ 
+-- 
+2.9.4
+

acl-2.2.52-setfacl-man-page.patch

@@ -0,0 +1,60 @@
+From ecee95a94420d6b0336d4caec6bc66b53442367b Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Thu, 19 May 2016 10:28:13 +0200
+Subject: [PATCH] setfacl.1: document the meaning of '-' in perms
+
+[agruen: Description further clarified.]
+
+Upstream-commit: ea3c6bb711e76d91759f8bf5475e1900362a3142
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ man/man1/setfacl.1 | 28 +++++++++++++++++++++-------
+ 1 file changed, 21 insertions(+), 7 deletions(-)
+
+diff --git a/man/man1/setfacl.1 b/man/man1/setfacl.1
+index 0c7c046..e092e51 100644
+--- a/man/man1/setfacl.1
++++ b/man/man1/setfacl.1
+@@ -194,18 +194,32 @@ you can specify either a name or a number.
+ .PP
+ The
+ .I perms
+-field is a combination of characters that indicate the permissions: read
++field is a combination of characters that indicate the read
+ .IR (r) ,
+ write
+ .IR (w) ,
+ execute
+-.IR (x) ,
+-execute only if the file is a directory or already has execute permission
+-for some user
+-.IR (X) .
+-Alternatively, the
++.IR (x)
++permissions.  Dash characters in the
+ .I perms
+-field can be an octal digit (0\-7).
++field
++.IR (\-)
++are ignored.  The character
++.I X
++stands for the execute permission if the file is a directory or already has
++execute permission for some user.  Alternatively, the
++.I perms
++field can define the permissions numerically, as a bit-wise combination of read
++.IR (4) ,
++write
++.IR (2) ,
++and execute
++.IR (1) .
++Zero
++.I perms
++fields or
++.I perms
++fields that only consist of dashes indicate no permissions.
+ .PP
+ .SS AUTOMATICALLY CREATED ENTRIES
+ Initially, files and directories contain only the three base ACL entries
+-- 
+2.5.5
+

acl.spec

@@ -1,7 +1,7 @@
 Summary: Access control list utilities
 Name: acl
 Version: 2.2.52
-Release: 11%{?dist}
+Release: 13%{?dist}
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: gawk
 BuildRequires: gettext
@@ -13,6 +13,9 @@ Source: http://download.savannah.gnu.org/releases-noredirect/acl/acl-%{version}.
 # fix a typo in setfacl(1) man page (#675451)
 Patch1: 0001-acl-2.2.49-bz675451.patch
 
+# fix spurious acl_check() failure on setfacl --restore (#1451826)
+Patch2: 0002-acl-2.2.52-setfacl-restore-initialize.patch
+
 # prepare the test-suite for SELinux and arbitrary umask
 Patch3: 0003-acl-2.2.52-tests.patch
 
@@ -22,9 +25,12 @@ Patch4: 0004-acl-2.2.52-libdir.patch
 # fix SIGSEGV of getfacl -e on overly long group name
 Patch5: 0005-acl-2.2.52-getfacl-segv.patch
 
+# setfacl.1: document the meaning of '-' in perms (#1337039)
+Patch6: acl-2.2.52-setfacl-man-page.patch
+
 License: GPLv2+
 Group: System Environment/Base
-URL: http://acl.bestbits.at/
+URL: https://savannah.nongnu.org/projects/acl
 
 %description
 This package contains the getfacl and setfacl utilities needed for
@@ -57,9 +63,11 @@ defined in POSIX 1003.1e draft standard 17.
 %prep
 %setup -q
 %patch1 -p1
+%patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 %build
 %configure
@@ -74,6 +82,11 @@ make %{?_smp_mflags}
 if ./setfacl/setfacl -m u:`id -u`:rwx .; then
     make tests || exit $?
     if test 0 = `id -u`; then
+        # test/root/permissions.test requires the 'daemon' user to be a member
+        # of the 'bin' group in order not to fail.  Prevent the test from
+        # running if we detect that its requirements are not met (#1085389).
+        id -nG daemon | grep bin >/dev/null || rm -f test/root/permissions.test
+
         make root-tests || exit $?
     fi
 else
@@ -122,6 +135,14 @@ rm -rf $RPM_BUILD_ROOT%{_docdir}/%{name}*
 %{_libdir}/libacl.so.*
 
 %changelog
+* Thu Jun 22 2017 Kamil Dudka <kdudka@redhat.com> 2.2.52-13
+- setfacl.1: document the meaning of '-' in perms (#1337039)
+- avoid failure of %%check when building as root (#1085389)
+
+* Wed May 17 2017 Kamil Dudka <kdudka@redhat.com> 2.2.52-12
+- fix spurious acl_check() failure on setfacl --restore (#1451826)
+- update project URL (#1418474)
+
 * Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.52-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild