Update to upstream

* fd leak reading policy
	* check return code on ebitmap_set_bit

.gitignore

@@ -87,3 +87,4 @@ checkpolicy-2.0.22.tgz
 /checkpolicy-2.1.8.tgz
 /checkpolicy-2.1.9.tgz
 /checkpolicy-2.1.10.tgz
+/checkpolicy-2.1.11.tgz

checkpolicy-filesystem.patch

@@ -1,65 +0,0 @@
- policy_parse.y |   14 ++++++++++----
- policy_scan.l  |    1 +
- 2 files changed, 11 insertions(+), 4 deletions(-)
-
-diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
-index 8d1bc37..0777238 100644
---- a/checkpolicy/policy_parse.y
-+++ b/checkpolicy/policy_parse.y
-@@ -138,6 +138,7 @@ typedef int (* require_func_t)();
- %token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL
- %token POLICYCAP
- %token PERMISSIVE
-+%token FILESYSTEM
- 
- %left OR
- %left XOR
-@@ -637,7 +638,7 @@ opt_fs_uses             : fs_uses
- fs_uses                 : fs_use_def
-                         | fs_uses fs_use_def
-                         ;
--fs_use_def              : FSUSEXATTR identifier security_context_def ';'
-+fs_use_def              : FSUSEXATTR filesystem security_context_def ';'
-                         {if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;}
-                         | FSUSETASK identifier security_context_def ';'
-                         {if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;}
-@@ -650,11 +651,11 @@ opt_genfs_contexts      : genfs_contexts
- genfs_contexts          : genfs_context_def
-                         | genfs_contexts genfs_context_def
-                         ;
--genfs_context_def	: GENFSCON identifier path '-' identifier security_context_def
-+genfs_context_def	: GENFSCON filesystem path '-' identifier security_context_def
- 			{if (define_genfs_context(1)) return -1;}
--			| GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def
-+			| GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def
- 			{if (define_genfs_context(1)) return -1;}
--                        | GENFSCON identifier path security_context_def
-+                        | GENFSCON filesystem path security_context_def
- 			{if (define_genfs_context(0)) return -1;}
- 			;
- ipv4_addr_def		: IPV4_ADDR
-@@ -728,6 +729,11 @@ nested_id_element       : identifier | '-' { if (insert_id("-", 0)) return -1; }
- identifier		: IDENTIFIER
- 			{ if (insert_id(yytext,0)) return -1; }
- 			;
-+filesystem		: FILESYSTEM
-+                        { if (insert_id(yytext,0)) return -1; }
-+                        | IDENTIFIER
-+			{ if (insert_id(yytext,0)) return -1; }
-+                        ;
- path     		: PATH
- 			{ if (insert_id(yytext,0)) return -1; }
- 			;
-diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
-index 48128a8..65aff8d 100644
---- a/checkpolicy/policy_scan.l
-+++ b/checkpolicy/policy_scan.l
-@@ -217,6 +217,7 @@ permissive |
- PERMISSIVE			{ return(PERMISSIVE); }
- "/"({alnum}|[_\.\-/])*	        { return(PATH); }
- {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))*	{ return(IDENTIFIER); }
-+{alnum}*{letter}{alnum}*        { return(FILESYSTEM); }
- {digit}+|0x{hexval}+            { return(NUMBER); }
- {digit}{1,3}(\.{digit}{1,3}){3}    { return(IPV4_ADDR); }
- {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])*  { return(IPV6_ADDR); }
-

checkpolicy.spec

@@ -1,13 +1,12 @@
-%define libselinuxver 2.1.10-1
-%define libsepolver 2.1.7-4
+%define libselinuxver 2.1.11-1
+%define libsepolver 2.1.8-1
 Summary: SELinux policy compiler
 Name: checkpolicy
-Version: 2.1.10
-Release: 4%{?dist}
+Version: 2.1.11
+Release: 1%{?dist}
 License: GPLv2
 Group: Development/System
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
-Patch: checkpolicy-rhat.patch
 
 BuildRoot: %{_tmppath}/%{name}-buildroot
 BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel  >= %{libselinuxver} 
@@ -28,7 +27,6 @@ Only required for building policies.
 
 %prep
 %setup -q
-%patch -p2 -b .rhat
 
 %build
 make clean
@@ -56,6 +54,11 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_bindir}/sedispol
 
 %changelog
+* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1
+- Update to upstream 
+	* fd leak reading policy
+	* check return code on ebitmap_set_bit
+
 * Mon Jul 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
 - Rebuild to grab latest libsepol
 

sources

@@ -1 +1 @@
-31a46b32b14a467f90e79a4792cf29c6  checkpolicy-2.1.10.tgz
+a39eec39a84161f88b63ce405549e5b6  checkpolicy-2.1.11.tgz