From 1209c857abf06e76fcdd91471878cdec96d674b8 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 22 Apr 2008 20:59:01 +0000 Subject: [PATCH] - Update to Upstream Fixed selinux_set_callback man page. Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley. Fix memory leaks in matchpathcon from Eamon Walsh. --- .cvsignore | 1 + libselinux-rhat.patch | 91 +++++++++++++------------------------------ libselinux.spec | 13 ++++++- sources | 2 +- 4 files changed, 41 insertions(+), 66 deletions(-) diff --git a/.cvsignore b/.cvsignore index 37041f9..0daec5d 100644 --- a/.cvsignore +++ b/.cvsignore @@ -150,3 +150,4 @@ libselinux-2.0.58.tgz libselinux-2.0.59.tgz libselinux-2.0.60.tgz libselinux-2.0.61.tgz +libselinux-2.0.64.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index e3a919a..444dd19 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,65 +1,6 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/label.c libselinux-2.0.61/src/label.c ---- nsalibselinux/src/label.c 2007-07-16 14:20:46.000000000 -0400 -+++ libselinux-2.0.61/src/label.c 2008-04-09 08:54:15.000000000 -0400 -@@ -95,7 +95,7 @@ - if (compat_validate(rec, lr, "file_contexts", 0)) - return NULL; - -- if (translating && -+ if (translating && (! lr->ctx_trans) && - selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans)) - return NULL; - -@@ -131,6 +131,7 @@ - void selabel_close(struct selabel_handle *rec) - { - rec->func_close(rec); -+ free(rec->data); - free(rec); - } - -diff --exclude-from=exclude -N -u -r nsalibselinux/src/load_policy.c libselinux-2.0.61/src/load_policy.c ---- nsalibselinux/src/load_policy.c 2008-04-08 09:37:21.000000000 -0400 -+++ libselinux-2.0.61/src/load_policy.c 2008-04-09 09:02:16.000000000 -0400 -@@ -43,6 +43,9 @@ - - int load_setlocaldefs hidden = 1; - -+#undef max -+#define max(a, b) (((a) > (b)) ? (a) : (b)) -+ - int selinux_mkload_policy(int preservebools) - { - int kernvers = security_policyvers(); -@@ -127,11 +130,6 @@ - - #endif - -- if (usesepol) { -- maxvers = vers_max(); -- minvers = vers_min(); -- } -- - /* - * Check whether we need to support local boolean and user definitions. - */ -@@ -157,6 +155,13 @@ - if (preservebools && uname(&uts) == 0 && strverscmp(uts.release, "2.6.22") >= 0) - preservebools = 0; - -+ if (usesepol) { -+ maxvers = vers_max(); -+ minvers = vers_min(); -+ if (!setlocaldefs && !preservebools) -+ maxvers = max(kernvers, maxvers); -+ } -+ - vers = maxvers; - search: - snprintf(path, sizeof(path), "%s.%d", diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.61/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2007-09-28 09:48:58.000000000 -0400 -+++ libselinux-2.0.61/src/matchpathcon.c 2008-04-09 08:54:15.000000000 -0400 ++++ libselinux-2.0.61/src/matchpathcon.c 2008-04-16 13:25:25.000000000 -0400 @@ -2,6 +2,7 @@ #include #include @@ -79,7 +20,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.61/src/selinux.py --- nsalibselinux/src/selinux.py 2008-01-23 14:36:29.000000000 -0500 -+++ libselinux-2.0.61/src/selinux.py 2008-04-10 16:21:08.000000000 -0400 ++++ libselinux-2.0.61/src/selinux.py 2008-04-16 13:25:25.000000000 -0400 @@ -300,6 +300,204 @@ selinux_file_context_cmp = _selinux.selinux_file_context_cmp selinux_file_context_verify = _selinux.selinux_file_context_verify @@ -287,7 +228,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0 SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.61/src/selinuxswig.i --- nsalibselinux/src/selinuxswig.i 2008-01-23 14:36:29.000000000 -0500 -+++ libselinux-2.0.61/src/selinuxswig.i 2008-04-10 16:20:59.000000000 -0400 ++++ libselinux-2.0.61/src/selinuxswig.i 2008-04-16 13:25:25.000000000 -0400 @@ -5,6 +5,7 @@ %module selinux %{ @@ -307,9 +248,33 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux- %include "../include/selinux/get_default_type.h" %include "../include/selinux/get_context_list.h" + +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.61/src/selinuxswig_python.i +--- nsalibselinux/src/selinuxswig_python.i 2007-10-01 09:54:35.000000000 -0400 ++++ libselinux-2.0.61/src/selinuxswig_python.i 2008-04-16 13:25:25.000000000 -0400 +@@ -16,6 +16,20 @@ + $result = SWIG_Python_AppendOutput($result, list); + } + ++/* return a sid along with the result */ ++%typemap(argout) (security_id_t * sid) { ++ if (*$1) { ++ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0)); ++ } else { ++ Py_INCREF(Py_None); ++ %append_output(Py_None); ++ } ++} ++ ++%typemap(in,numinputs=0) security_id_t *(security_id_t temp) { ++ $1 = &temp; ++} ++ + /* Makes security_compute_user() return a Python list of contexts */ + %typemap(argout) (security_context_t **con) { + PyObject* plist; diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.61/src/selinuxswig_wrap.c --- nsalibselinux/src/selinuxswig_wrap.c 2008-01-23 14:36:29.000000000 -0500 -+++ libselinux-2.0.61/src/selinuxswig_wrap.c 2008-04-10 16:21:08.000000000 -0400 ++++ libselinux-2.0.61/src/selinuxswig_wrap.c 2008-04-16 13:25:25.000000000 -0400 @@ -2458,21 +2458,36 @@ #define SWIGTYPE_p_SELboolean swig_types[0] diff --git a/libselinux.spec b/libselinux.spec index 1973be8..84ee7e1 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -3,8 +3,8 @@ Summary: SELinux library and simple utilities Name: libselinux -Version: 2.0.61 -Release: 3%{?dist} +Version: 2.0.64 +Release: 1%{?dist} License: Public Domain Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -137,6 +137,15 @@ exit 0 %{python_sitearch}/selinux/* %changelog +* Tue Apr 22 2008 Dan Walsh - 2.0.64-1 +- Update to Upstream + * Fixed selinux_set_callback man page. + * Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley. + * Fix memory leaks in matchpathcon from Eamon Walsh. + +* Wed Apr 16 2008 Dan Walsh - 2.0.61-4 +- Add Xavior Toth patch for security_id_t in swig + * Thu Apr 10 2008 Dan Walsh - 2.0.61-3 - Add avc.h to swig code diff --git a/sources b/sources index 8900f68..9ff5d5e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -52f5ba3c4948f8739dde19d283f35ae0 libselinux-2.0.61.tgz +6d2df9a800e1960c96ddef129c83dc34 libselinux-2.0.64.tgz