checkpolicy-2.5-8

- Add types associated to a role in the current scope when parsing

checkpolicy-fedora.patch

@@ -14,10 +14,11 @@ index 98f5168..3b7ff8a 100644
  	$(LOCAL_PATH)/ \
  	$(LOCAL_PATH)/../libsepol/include/ \
 diff --git checkpolicy-2.5/ChangeLog checkpolicy-2.5/ChangeLog
-index dfe4908..f2216ec 100644
+index dfe4908..0e13227 100644
 --- checkpolicy-2.5/ChangeLog
 +++ checkpolicy-2.5/ChangeLog
-@@ -1,3 +1,11 @@
+@@ -1,3 +1,12 @@
++	* Add types associated to a role in the current scope when parsing, from Nicolas Iooss.
 +	* Extend checkpolicy pathname matching, from Stephen Smalley.
 +	* Fix typos in test/dispol, from Petr Lautrbach.
 +	* Set flex as default lexer, from Julien Pivotto.
@@ -120,7 +121,7 @@ index 9da661e..2d68316 100644
  				printf("unknown protocol\n");
  				break;
 diff --git checkpolicy-2.5/policy_define.c checkpolicy-2.5/policy_define.c
-index ee20fea..100e517 100644
+index ee20fea..128869c 100644
 --- checkpolicy-2.5/policy_define.c
 +++ checkpolicy-2.5/policy_define.c
 @@ -36,6 +36,9 @@
@@ -133,7 +134,15 @@ index ee20fea..100e517 100644
  #include <arpa/inet.h>
  #include <stdlib.h>
  #include <limits.h>
-@@ -4876,6 +4879,8 @@ int define_port_context(unsigned int low, unsigned int high)
+@@ -2611,6 +2614,7 @@ int define_role_types(void)
+ 		free(id);
+ 		return -1;
+ 	}
++	role = get_local_role(id, role->s.value, (role->flavor == ROLE_ATTRIB));
+ 
+ 	while ((id = queue_remove(id_queue))) {
+ 		if (set_types(&role->types, id, &add, 0))
+@@ -4876,6 +4880,8 @@ int define_port_context(unsigned int low, unsigned int high)
  		protocol = IPPROTO_TCP;
  	} else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) {
  		protocol = IPPROTO_UDP;
@@ -142,7 +151,7 @@ index ee20fea..100e517 100644
  	} else {
  		yyerror2("unrecognized protocol %s", id);
  		free(newc);
-@@ -5135,7 +5140,7 @@ int define_ipv6_node_context(void)
+@@ -5135,7 +5141,7 @@ int define_ipv6_node_context(void)
  
  	memset(newc, 0, sizeof(ocontext_t));
  

checkpolicy.spec

@@ -1,16 +1,16 @@
-%define libselinuxver 2.5-11
-%define libsepolver 2.5-9
+%define libselinuxver 2.5-12
+%define libsepolver 2.5-10
 Summary: SELinux policy compiler
 Name: checkpolicy
 Version: 2.5
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2
 Group: Development/System
 Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/checkpolicy-2.5.tar.gz
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
 # $ VERSION=2.5 ./make-fedora-selinux-patch.sh checkpolicy
-# HEAD https://github.com/fedora-selinux/selinux/commit/dbf42c22e798a5e2cf9c1fc711c803e7da20cfb4
+# HEAD https://github.com/fedora-selinux/selinux/commit/caefad506ca46db441952ab64ebfc6202897516b
 Patch1: checkpolicy-fedora.patch
 Conflicts: selinux-policy-base < 3.13.1-138
 BuildRoot: %{_tmppath}/%{name}-buildroot
@@ -61,6 +61,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_bindir}/sedispol
 
 %changelog
+* Mon Oct 03 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-8
+- Add types associated to a role in the current scope when parsing
+
 * Mon Aug 01 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-7
 - Extend checkpolicy pathname matching
 - Rebuilt with libsepol-2.5-9