From eca1d03c028096be10553997caac4ba56f2bf64f Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 1 Aug 2016 13:07:40 +0200 Subject: [PATCH] checkpolicy-2.5-7 - Extend checkpolicy pathname matching - Rebuilt with libsepol-2.5-9 --- checkpolicy-fedora.patch | 22 ++++++++++++++++++++-- checkpolicy.spec | 12 ++++++++---- 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/checkpolicy-fedora.patch b/checkpolicy-fedora.patch index a418e0e..4b922a1 100644 --- a/checkpolicy-fedora.patch +++ b/checkpolicy-fedora.patch @@ -14,10 +14,11 @@ index 98f5168..3b7ff8a 100644 $(LOCAL_PATH)/ \ $(LOCAL_PATH)/../libsepol/include/ \ diff --git checkpolicy-2.5/ChangeLog checkpolicy-2.5/ChangeLog -index dfe4908..2f93ddb 100644 +index dfe4908..f2216ec 100644 --- checkpolicy-2.5/ChangeLog +++ checkpolicy-2.5/ChangeLog -@@ -1,3 +1,10 @@ +@@ -1,3 +1,11 @@ ++ * Extend checkpolicy pathname matching, from Stephen Smalley. + * Fix typos in test/dispol, from Petr Lautrbach. + * Set flex as default lexer, from Julien Pivotto. + * Fix checkmodule output message, from Petr Lautrbach. @@ -150,6 +151,23 @@ index ee20fea..100e517 100644 memcpy(&newc->u.node6.addr[0], &addr.s6_addr[0], 16); memcpy(&newc->u.node6.mask[0], &mask.s6_addr[0], 16); #else +diff --git checkpolicy-2.5/policy_scan.l checkpolicy-2.5/policy_scan.l +index 22da338..2f7f221 100644 +--- checkpolicy-2.5/policy_scan.l ++++ checkpolicy-2.5/policy_scan.l +@@ -249,9 +249,9 @@ high | + HIGH { return(HIGH); } + low | + LOW { return(LOW); } +-"/"({alnum}|[_\.\-/])* { return(PATH); } +-\""/"[ !#-~]*\" { return(QPATH); } +-\"({alnum}|[_\.\-\+\~\: ])+\" { return(FILENAME); } ++"/"[^ \n\r\t\f]* { return(PATH); } ++\""/"[^\"\n]*\" { return(QPATH); } ++\"[^"/"\"\n]+\" { return(FILENAME); } + {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } + {digit}+|0x{hexval}+ { return(NUMBER); } + {alnum}*{letter}{alnum}* { return(FILESYSTEM); } diff --git checkpolicy-2.5/test/dispol.c checkpolicy-2.5/test/dispol.c index 86f5688..a78ce81 100644 --- checkpolicy-2.5/test/dispol.c diff --git a/checkpolicy.spec b/checkpolicy.spec index 9c96088..c93ddeb 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -1,16 +1,16 @@ -%define libselinuxver 2.5-7 -%define libsepolver 2.5-7 +%define libselinuxver 2.5-11 +%define libsepolver 2.5-9 Summary: SELinux policy compiler Name: checkpolicy Version: 2.5 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2 Group: Development/System Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/checkpolicy-2.5.tar.gz # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # run: # $ VERSION=2.5 ./make-fedora-selinux-patch.sh checkpolicy -# HEAD https://github.com/fedora-selinux/selinux/commit/bd50d00badba7a148d12879b6c736ea9f2d7ee2d +# HEAD https://github.com/fedora-selinux/selinux/commit/dbf42c22e798a5e2cf9c1fc711c803e7da20cfb4 Patch1: checkpolicy-fedora.patch Conflicts: selinux-policy-base < 3.13.1-138 BuildRoot: %{_tmppath}/%{name}-buildroot @@ -61,6 +61,10 @@ rm -rf ${RPM_BUILD_ROOT} %{_bindir}/sedispol %changelog +* Mon Aug 01 2016 Petr Lautrbach 2.5-7 +- Extend checkpolicy pathname matching +- Rebuilt with libsepol-2.5-9 + * Mon Jun 27 2016 Petr Lautrbach - 2.5-6 - Fix typos in sedispol