":" should be allowed for file trans names

.gitignore

@@ -87,3 +87,5 @@ checkpolicy-2.0.22.tgz
 /checkpolicy-2.1.8.tgz
 /checkpolicy-2.1.9.tgz
 /checkpolicy-2.1.10.tgz
+/checkpolicy-2.1.11.tgz
+/checkpolicy-2.1.12.tgz

checkpolicy-defaulttype.patch

@@ -0,0 +1,101 @@
+diff -ur checkpolicy-2.1.12/policy_define.c checkpolicy-2.1.11/policy_define.c
+--- checkpolicy-2.1.12/policy_define.c	2013-02-07 12:21:10.000000000 -0500
++++ checkpolicy-2.1.11/policy_define.c	2012-09-13 12:29:01.000000000 -0400
+@@ -415,38 +415,6 @@
+ 	return 0;
+ }
+ 
+-int define_default_type(int which)
+-{
+-	char *id;
+-	class_datum_t *cladatum;
+-
+-	if (pass == 1) {
+-		while ((id = queue_remove(id_queue)))
+-			free(id);
+-		return 0;
+-	}
+-
+-	while ((id = queue_remove(id_queue))) {
+-		if (!is_id_in_scope(SYM_CLASSES, id)) {
+-			yyerror2("class %s is not within scope", id);
+-			return -1;
+-		}
+-		cladatum = hashtab_search(policydbp->p_classes.table, id);
+-		if (!cladatum) {
+-			yyerror2("unknown class %s", id);
+-			return -1;
+-		}
+-		if (cladatum->default_type && cladatum->default_type != which) {
+-			yyerror2("conflicting default type information for class %s", id);
+-			return -1;
+-		}
+-		cladatum->default_type = which;
+-		free(id);
+-	}
+-
+-	return 0;
+-}
+-
+ int define_default_range(int which)
+ {
+ 	char *id;
+diff -ur checkpolicy-2.1.12/policy_define.h checkpolicy-2.1.11/policy_define.h
+--- checkpolicy-2.1.12/policy_define.h	2013-02-07 12:21:10.000000000 -0500
++++ checkpolicy-2.1.11/policy_define.h	2012-09-13 12:29:01.000000000 -0400
+@@ -26,7 +26,6 @@
+ int define_class(void);
+ int define_default_user(int which);
+ int define_default_role(int which);
+-int define_default_type(int which);
+ int define_default_range(int which);
+ int define_common_perms(void);
+ int define_compute_type(int which);
+diff -ur checkpolicy-2.1.12/policy_parse.y checkpolicy-2.1.11/policy_parse.y
+--- checkpolicy-2.1.12/policy_parse.y	2013-02-07 12:21:10.000000000 -0500
++++ checkpolicy-2.1.11/policy_parse.y	2012-09-13 12:29:01.000000000 -0400
+@@ -143,7 +143,7 @@
+ %token POLICYCAP
+ %token PERMISSIVE
+ %token FILESYSTEM
+-%token DEFAULT_USER DEFAULT_ROLE DEFAULT_TYPE DEFAULT_RANGE
++%token DEFAULT_USER DEFAULT_ROLE DEFAULT_RANGE
+ %token LOW_HIGH LOW HIGH
+ 
+ %left OR
+@@ -202,11 +202,9 @@
+ 			;
+ default_rules		: default_user_def
+ 			| default_role_def
+-			| default_type_def
+ 			| default_range_def
+ 			| default_rules default_user_def
+ 			| default_rules default_role_def
+-			| default_rules default_type_def
+ 			| default_rules default_range_def
+ 			;
+ default_user_def	: DEFAULT_USER names SOURCE ';'
+@@ -219,11 +217,6 @@
+ 			| DEFAULT_ROLE names TARGET ';'
+ 			{if (define_default_role(DEFAULT_TARGET)) return -1; }
+ 			;
+-default_type_def	: DEFAULT_TYPE names SOURCE ';'
+-			{if (define_default_type(DEFAULT_SOURCE)) return -1; }
+-			| DEFAULT_TYPE names TARGET ';'
+-			{if (define_default_type(DEFAULT_TARGET)) return -1; }
+-			;
+ default_range_def	: DEFAULT_RANGE names SOURCE LOW ';'
+ 			{if (define_default_range(DEFAULT_SOURCE_LOW)) return -1; }
+ 			| DEFAULT_RANGE names SOURCE HIGH ';'
+diff -ur checkpolicy-2.1.12/policy_scan.l checkpolicy-2.1.11/policy_scan.l
+--- checkpolicy-2.1.12/policy_scan.l	2013-03-12 13:35:28.740044379 -0400
++++ checkpolicy-2.1.11/policy_scan.l	2012-09-13 12:29:01.000000000 -0400
+@@ -229,8 +229,6 @@
+ DEFAULT_USER			{ return(DEFAULT_USER); }
+ default_role |
+ DEFAULT_ROLE			{ return(DEFAULT_ROLE); }
+-default_type |
+-DEFAULT_TYPE			{ return(DEFAULT_TYPE); }
+ default_range |
+ DEFAULT_RANGE			{ return(DEFAULT_RANGE); }
+ low-high |

checkpolicy-rhat.patch

@@ -1,33 +1,13 @@
-diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c
-index 47603e0..cb58cf0 100644
---- a/checkpolicy/checkmodule.c
-+++ b/checkpolicy/checkmodule.c
-@@ -63,10 +63,12 @@ static int read_binary_policy(policydb_t * p, char *file, char *progname)
- 	if (fstat(fd, &sb) < 0) {
- 		fprintf(stderr, "Can't stat '%s':  %s\n",
- 			file, strerror(errno));
-+		close(fd);
- 		return -1;
- 	}
- 	map =
- 	    mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
-+	close(fd);
- 	if (map == MAP_FAILED) {
- 		fprintf(stderr, "Can't map '%s':  %s\n", file, strerror(errno));
- 		return -1;
-diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
-index 8fa3214..2c12447 100644
---- a/checkpolicy/policy_define.c
-+++ b/checkpolicy/policy_define.c
-@@ -2341,7 +2341,10 @@ int define_role_trans(int class_specified)
- 			return -1;
- 		}
- 
--		ebitmap_set_bit(&e_classes, cladatum->s.value - 1, TRUE);
-+		if (ebitmap_set_bit(&e_classes, cladatum->s.value - 1, TRUE)) {
-+			yyerror("out of memory");
-+			return -1;
-+		}
- 	}
- 
- 	id = (char *)queue_remove(id_queue);
+diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
+index bba7667..ab046cc 100644
+--- a/checkpolicy/policy_scan.l
++++ b/checkpolicy/policy_scan.l
+@@ -240,7 +240,7 @@ HIGH				{ return(HIGH); }
+ low |
+ LOW				{ return(LOW); }
+ "/"({alnum}|[_\.\-/])*	        { return(PATH); }
+-\"({alnum}|[_\.\-\+\~])+\"	{ return(FILENAME); }
++\"({alnum}|[_\.\-\+\~\: ])+\"	{ return(FILENAME); }
+ {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))*	{ return(IDENTIFIER); }
+ {alnum}*{letter}{alnum}*        { return(FILESYSTEM); }
+ {digit}+|0x{hexval}+            { return(NUMBER); }

checkpolicy.spec

@@ -1,13 +1,14 @@
-%define libselinuxver 2.1.10-1
-%define libsepolver 2.1.7-4
+%define libselinuxver 2.1.11-1
+%define libsepolver 2.1.8-2
 Summary: SELinux policy compiler
 Name: checkpolicy
-Version: 2.1.10
-Release: 4%{?dist}
+Version: 2.1.12
+Release: 3%{?dist}
 License: GPLv2
 Group: Development/System
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
 Patch: checkpolicy-rhat.patch
+Patch1: checkpolicy-defaulttype.patch
 
 BuildRoot: %{_tmppath}/%{name}-buildroot
 BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel  >= %{libselinuxver} 
@@ -29,6 +30,7 @@ Only required for building policies.
 %prep
 %setup -q
 %patch -p2 -b .rhat
+%patch1 -p1 -b .defaulttype
 
 %build
 make clean
@@ -56,6 +58,37 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_bindir}/sedispol
 
 %changelog
+* Tue Mar 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-3
+- ":" should be allowed for file trans names
+
+* Tue Mar 12 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-2
+- Space should be allowed for file trans names
+
+* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1
+- Update to upstream 
+        * Fix errors found by coverity
+        * implement default type policy syntax
+        * Free allocated memory when clean up / exit.
+
+* Sat Jan 5 2013 Dan Walsh <dwalsh@redhat.com> -  2.1.11-3
+- Update to latest patches from eparis/Upstream
+-   checkpolicy: libsepol: implement default type policy syntax
+-   
+-   We currently have a mechanism in which the default user, role, and range
+-   can be picked up from the source or the target object.  This implements
+-   the same thing for types.  The kernel will override this with type
+-   transition rules and similar.  This is just the default if nothing
+-   specific is given.
+    
+
+* Wed Sep 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-2
+- Rebuild with fixed libsepol
+
+* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1
+- Update to upstream 
+	* fd leak reading policy
+	* check return code on ebitmap_set_bit
+
 * Mon Jul 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
 - Rebuild to grab latest libsepol
 
@@ -200,7 +233,7 @@ such a rule is added to a conditional.
 * Wed Dec 8 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.22-2
 - Rebuild to make sure it will build in Fedora 
 
-* Mon Jun 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.22-1
+* Wed Jun 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.22-1
 - Latest update from NSA
 	* Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence
 - Allow policy version to be one number
@@ -208,7 +241,7 @@ such a rule is added to a conditional.
 * Mon May 3 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.21-2
 - Fix checkmodule man page and usage statements
 
-* Tue Nov 1 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.21-1
+* Sun Nov 1 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.21-1
 - Latest update from NSA
 	* Add support for building Xen policies from Paul Nuzzi.
 	* Add long options to checkpolicy and checkmodule by Guido
@@ -242,12 +275,12 @@ such a rule is added to a conditional.
 - Latest update from NSA
 	* Update checkpolicy for user and role mapping support from Joshua Brindle.
 
-* Tue May 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.15-1
+* Fri May 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.15-1
 - Latest update from NSA
 	* Fix for policy module versions that look like IPv4 addresses from Jim Carter.
 	  Resolves bug 444451.
 
-* Tue May 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.14-2
+* Fri May 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.14-2
 - Allow modules with 4 sections or more
 
 * Thu Mar 27 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.14-1
@@ -297,10 +330,10 @@ such a rule is added to a conditional.
 * Tue Aug 28 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 2.0.3-3
 - Rebuild for selinux ppc32 issue.
 
-* Thu Jun 18 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-2
+* Mon Jun 18 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-2
 - Rebuild with the latest libsepol
 
-* Thu Jun 17 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-1
+* Sun Jun 17 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-1
 - Latest update from NSA
 	* Merged fix for segfault on duplicate require of sensitivity from Caleb Case.
 	* Merged fix for dead URLs in checkpolicy man pages from Dan Walsh.
@@ -315,7 +348,7 @@ such a rule is added to a conditional.
 * Wed Mar 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-2
 - Rebuild with new libsepol
 
-* Tue Nov 20 2006 Dan Walsh <dwalsh@redhat.com> - 2.0.1-1
+* Mon Nov 20 2006 Dan Walsh <dwalsh@redhat.com> - 2.0.1-1
 - Latest update from NSA
 	* Merged patch to allow dots in class identifiers from Caleb Case.
 
@@ -360,7 +393,7 @@ such a rule is added to a conditional.
 	  from Joshua Brindle.
 	* Merged optionals in base take 2 patch set from Joshua Brindle.
 
-* Wed May 23 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.5-1
+* Tue May 23 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.5-1
 - Latest upgrade from NSA
 	* Merged compiler cleanup patch from Karl MacMillan.
 	* Merged fix warnings patch from Karl MacMillan.	
@@ -610,7 +643,7 @@ such a rule is added to a conditional.
 	* Added sepol_ prefix to Flask types to avoid namespace
 	  collision with libselinux.
 
-* Fri May 7 2005 Dan Walsh <dwalsh@redhat.com> 1.23-2-1
+* Sat May 7 2005 Dan Walsh <dwalsh@redhat.com> 1.23-2-1
 - Update to NSA Release
 	* Merged identifier fix from Joshua Brindle (Tresys).
 
@@ -688,7 +721,7 @@ such a rule is added to a conditional.
 * Wed Aug 11 2004 Dan Walsh <dwalsh@redhat.com> 1.15.4-1
 - Latest from NSA
 
-* Sat Aug 8 2004 Dan Walsh <dwalsh@redhat.com> 1.15.3-1
+* Sat Aug 7 2004 Dan Walsh <dwalsh@redhat.com> 1.15.3-1
 - Latest from NSA
 
 * Wed Aug 4 2004 Dan Walsh <dwalsh@redhat.com> 1.15.2-1
@@ -730,7 +763,7 @@ such a rule is added to a conditional.
 * Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.8-1
 - Upgrade to the latest from NSA
 
-* Mon Feb 24 2004 Dan Walsh <dwalsh@redhat.com> 1.6-1
+* Tue Feb 24 2004 Dan Walsh <dwalsh@redhat.com> 1.6-1
 - Upgrade to the latest from NSA
 
 * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
@@ -762,4 +795,3 @@ such a rule is added to a conditional.
 
 * Mon Jun 2 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
 - Initial version
-

sources

@@ -1 +1 @@
-31a46b32b14a467f90e79a4792cf29c6  checkpolicy-2.1.10.tgz
+36e9a62952239b4cdfbb9dcdcf292e14  checkpolicy-2.1.12.tgz