- Apply Steven Smalley patch to fix segfault in string_to_security_class

2007-07-23 14:23:50 +00:00 · 2007-07-23 14:23:50 +00:00 · 44ef5d5d9f
parent aebde7523f
commit 44ef5d5d9f
2 changed files with 64 additions and 39 deletions
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/av_permissions.h libselinux-2.0.24/include/selinux/av_permissions.h
 --- nsalibselinux/include/selinux/av_permissions.h	2007-07-16 14:20:45.000000000 -0400
-+++ libselinux-2.0.24/include/selinux/av_permissions.h	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/include/selinux/av_permissions.h	2007-07-23 10:21:34.000000000 -0400
@@ -290,12 +290,16 @@
 #define NODE__RAWIP_RECV                          0x00000010UL
 #define NODE__RAWIP_SEND                          0x00000020UL
@ -58,7 +58,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/av_permission
 +#define MEMPROTECT__MMAP_ZERO                     0x00000001UL
 diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/flask.h libselinux-2.0.24/include/selinux/flask.h
 --- nsalibselinux/include/selinux/flask.h	2007-07-16 14:20:45.000000000 -0400
-+++ libselinux-2.0.24/include/selinux/flask.h	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/include/selinux/flask.h	2007-07-23 10:21:34.000000000 -0400
@@ -64,6 +64,8 @@
 #define SECCLASS_PACKET                                  57
 #define SECCLASS_KEY                                     58
@ -70,7 +70,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/flask.h libse
  * Security identifier indices for initial entities
 diff --exclude-from=exclude -N -u -r nsalibselinux/Makefile libselinux-2.0.24/Makefile
 --- nsalibselinux/Makefile	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/Makefile	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/Makefile	2007-07-23 10:21:34.000000000 -0400
@@ -20,6 +20,9 @@
 	$(MAKE) -C src 
 	$(MAKE) -C utils
@ -83,7 +83,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/Makefile libselinux-2.0.24/Ma
 
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_add_callback.3 libselinux-2.0.24/man/man3/avc_add_callback.3
 --- nsalibselinux/man/man3/avc_add_callback.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/avc_add_callback.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/avc_add_callback.3	2007-07-23 10:21:34.000000000 -0400
@@ -6,26 +6,26 @@
 avc_add_callback \- additional event notification for SELinux userspace object managers.
 .SH "SYNOPSIS"
@ -120,7 +120,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_add_callback.3 l
 .SH "DESCRIPTION"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_cache_stats.3 libselinux-2.0.24/man/man3/avc_cache_stats.3
 --- nsalibselinux/man/man3/avc_cache_stats.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/avc_cache_stats.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/avc_cache_stats.3	2007-07-23 10:21:34.000000000 -0400
@@ -6,7 +6,7 @@
 avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
 .SH "SYNOPSIS"
@ -132,7 +132,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_cache_stats.3 li
 .BI "void avc_av_stats(void);"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_compute_create.3 libselinux-2.0.24/man/man3/avc_compute_create.3
 --- nsalibselinux/man/man3/avc_compute_create.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/avc_compute_create.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/avc_compute_create.3	2007-07-23 10:21:34.000000000 -0400
@@ -6,7 +6,7 @@
 avc_compute_create \- obtain SELinux label for new object.
 .SH "SYNOPSIS"
@ -144,7 +144,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_compute_create.3
 .BI "int avc_compute_create(security_id_t " ssid ", security_id_t " tsid ,
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_context_to_sid.3 libselinux-2.0.24/man/man3/avc_context_to_sid.3
 --- nsalibselinux/man/man3/avc_context_to_sid.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/avc_context_to_sid.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/avc_context_to_sid.3	2007-07-23 10:21:34.000000000 -0400
@@ -6,7 +6,7 @@
 avc_context_to_sid, avc_sid_to_context, sidput, sidget, avc_get_initial_sid \- obtain and manipulate SELinux security ID's.
 .SH "SYNOPSIS"
@ -156,7 +156,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_context_to_sid.3
 .BI "int avc_context_to_sid(security_context_t " ctx ", security_id_t *" sid ");"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_has_perm.3 libselinux-2.0.24/man/man3/avc_has_perm.3
 --- nsalibselinux/man/man3/avc_has_perm.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/avc_has_perm.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/avc_has_perm.3	2007-07-23 10:21:34.000000000 -0400
@@ -6,7 +6,7 @@
 avc_has_perm, avc_has_perm_noaudit, avc_audit, avc_entry_ref_init \- obtain and audit SELinux access decisions.
 .SH "SYNOPSIS"
@ -193,7 +193,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_has_perm.3 libse
 .SH "DESCRIPTION"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_init.3 libselinux-2.0.24/man/man3/avc_init.3
 --- nsalibselinux/man/man3/avc_init.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/avc_init.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/avc_init.3	2007-07-23 10:21:34.000000000 -0400
@@ -6,17 +6,17 @@
 avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
 .SH "SYNOPSIS"
@ -218,7 +218,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_init.3 libselinu
 .sp
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_new.3 libselinux-2.0.24/man/man3/context_new.3
 --- nsalibselinux/man/man3/context_new.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/context_new.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/context_new.3	2007-07-23 10:21:34.000000000 -0400
@@ -4,27 +4,27 @@
 
 .SH "SYNOPSIS"
@ -260,7 +260,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_new.3 libsel
 .SH "DESCRIPTION"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux-2.0.24/man/man3/freecon.3
 --- nsalibselinux/man/man3/freecon.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/freecon.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/freecon.3	2007-07-23 10:21:34.000000000 -0400
@@ -5,7 +5,7 @@
 .B #include <selinux/selinux.h>
 .sp
@ -272,7 +272,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux
 .SH "DESCRIPTION"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getcon.3 libselinux-2.0.24/man/man3/getcon.3
 --- nsalibselinux/man/man3/getcon.3	2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man3/getcon.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/getcon.3	2007-07-23 10:21:34.000000000 -0400
@@ -1,21 +1,21 @@
 .TH "getcon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
 .SH "NAME"
@ -303,7 +303,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getcon.3 libselinux-
 .SH "DESCRIPTION"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getexeccon.3 libselinux-2.0.24/man/man3/getexeccon.3
 --- nsalibselinux/man/man3/getexeccon.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/getexeccon.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/getexeccon.3	2007-07-23 10:21:34.000000000 -0400
@@ -1,16 +1,16 @@
 .TH "getexeccon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
 .SH "NAME"
@ -346,7 +346,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getexeccon.3 libseli
 runs a helper for rpm in an appropriate security context.  The
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfilecon.3 libselinux-2.0.24/man/man3/getfilecon.3
 --- nsalibselinux/man/man3/getfilecon.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/getfilecon.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/getfilecon.3	2007-07-23 10:21:34.000000000 -0400
@@ -5,9 +5,9 @@
 .B #include <selinux/selinux.h>
 .sp
@ -369,7 +369,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfilecon.3 libseli
 .SH "RETURN VALUE"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfscreatecon.3 libselinux-2.0.24/man/man3/getfscreatecon.3
 --- nsalibselinux/man/man3/getfscreatecon.3	2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man3/getfscreatecon.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/getfscreatecon.3	2007-07-23 10:21:34.000000000 -0400
@@ -6,7 +6,7 @@
 .B #include <selinux/selinux.h>
 .sp
@ -395,7 +395,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfscreatecon.3 lib
 save, reset, and restore the fscreate context to avoid unexpected behaviors.
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_ordered_context_list.3 libselinux-2.0.24/man/man3/get_ordered_context_list.3
 --- nsalibselinux/man/man3/get_ordered_context_list.3	2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man3/get_ordered_context_list.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/get_ordered_context_list.3	2007-07-23 10:21:34.000000000 -0400
@@ -4,7 +4,7 @@
 
 .SH "SYNOPSIS"
@ -407,7 +407,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_ordered_context_
 .BI "int get_ordered_context_list(const char *" user ", security_context_t "fromcon ", security_context_t **" list );
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getseuserbyname.3 libselinux-2.0.24/man/man3/getseuserbyname.3
 --- nsalibselinux/man/man3/getseuserbyname.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/getseuserbyname.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/getseuserbyname.3	2007-07-23 10:21:34.000000000 -0400
@@ -12,7 +12,7 @@
 then be passed to other libselinux functions such as 
 get_ordered_context_list_with_level and get_default_context_with_level.
@ -419,7 +419,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getseuserbyname.3 li
 using free.  
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_context_customizable.3 libselinux-2.0.24/man/man3/is_context_customizable.3
 --- nsalibselinux/man/man3/is_context_customizable.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/is_context_customizable.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/is_context_customizable.3	2007-07-23 10:21:34.000000000 -0400
@@ -8,7 +8,7 @@
 
 .SH "DESCRIPTION"
@ -431,7 +431,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_context_customiza
 
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchmediacon.3 libselinux-2.0.24/man/man3/matchmediacon.3
 --- nsalibselinux/man/man3/matchmediacon.3	2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man3/matchmediacon.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/matchmediacon.3	2007-07-23 10:21:34.000000000 -0400
@@ -6,14 +6,14 @@
 .B #include <selinux/selinux.h>
 .sp
@ -452,7 +452,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchmediacon.3 libs
 .SH "RETURN VALUE"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libselinux-2.0.24/man/man3/matchpathcon.3
 --- nsalibselinux/man/man3/matchpathcon.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/matchpathcon.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/matchpathcon.3	2007-07-23 10:21:34.000000000 -0400
@@ -6,18 +6,18 @@
 .B #include <selinux/selinux.h>
 .sp
@ -533,7 +533,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libse
 Returns 0 on success or -1 otherwise.
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_class_to_string.3 libselinux-2.0.24/man/man3/security_class_to_string.3
 --- nsalibselinux/man/man3/security_class_to_string.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/security_class_to_string.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/security_class_to_string.3	2007-07-23 10:21:34.000000000 -0400
@@ -8,7 +8,7 @@
 
 .SH "SYNOPSIS"
@ -545,7 +545,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_class_to_st
 .BI "const char * security_class_to_string(security_class_t " tclass ");"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_compute_av.3 libselinux-2.0.24/man/man3/security_compute_av.3
 --- nsalibselinux/man/man3/security_compute_av.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/security_compute_av.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/security_compute_av.3	2007-07-23 10:21:34.000000000 -0400
@@ -6,7 +6,7 @@
 
 .SH "SYNOPSIS"
@ -557,7 +557,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_compute_av.
 .BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_getenforce.3 libselinux-2.0.24/man/man3/security_getenforce.3
 --- nsalibselinux/man/man3/security_getenforce.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/security_getenforce.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/security_getenforce.3	2007-07-23 10:21:34.000000000 -0400
@@ -5,7 +5,7 @@
 .B #include <selinux/selinux.h>
 .sp
@ -569,7 +569,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_getenforce.
 .SH "DESCRIPTION"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_load_booleans.3 libselinux-2.0.24/man/man3/security_load_booleans.3
 --- nsalibselinux/man/man3/security_load_booleans.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/security_load_booleans.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/security_load_booleans.3	2007-07-23 10:21:34.000000000 -0400
@@ -7,15 +7,15 @@
 .B #include <selinux/selinux.h>
 .sp
@ -627,7 +627,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_load_boolea
 .SH AUTHOR	
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_lookup.3 libselinux-2.0.24/man/man3/selabel_lookup.3
 --- nsalibselinux/man/man3/selabel_lookup.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/selabel_lookup.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/selabel_lookup.3	2007-07-23 10:21:34.000000000 -0400
@@ -6,20 +6,20 @@
 selabel_lookup \- obtain SELinux security context from a string label.
 .SH "SYNOPSIS"
@ -654,7 +654,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_lookup.3 lib
 .SH "DESCRIPTION"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_open.3 libselinux-2.0.24/man/man3/selabel_open.3
 --- nsalibselinux/man/man3/selabel_open.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/selabel_open.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/selabel_open.3	2007-07-23 10:21:34.000000000 -0400
@@ -6,13 +6,13 @@
 selabel_open, selabel_close \- userspace SELinux labeling interface.
 .SH "SYNOPSIS"
@ -673,7 +673,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_open.3 libse
 .sp
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_stats.3 libselinux-2.0.24/man/man3/selabel_stats.3
 --- nsalibselinux/man/man3/selabel_stats.3	2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man3/selabel_stats.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/selabel_stats.3	2007-07-23 10:21:34.000000000 -0400
@@ -6,7 +6,7 @@
 selabel_stats \- obtain SELinux labeling statistics.
 .SH "SYNOPSIS"
@ -685,7 +685,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_stats.3 libs
 .BI "void selabel_lookup(struct selabel_handle *" hnd ");"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-2.0.24/man/man3/selinux_binary_policy_path.3
 --- nsalibselinux/man/man3/selinux_binary_policy_path.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/selinux_binary_policy_path.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/selinux_binary_policy_path.3	2007-07-23 10:21:34.000000000 -0400
@@ -10,27 +10,27 @@
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
@ -727,7 +727,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_polic
 
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_getenforcemode.3 libselinux-2.0.24/man/man3/selinux_getenforcemode.3
 --- nsalibselinux/man/man3/selinux_getenforcemode.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/selinux_getenforcemode.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/selinux_getenforcemode.3	2007-07-23 10:21:34.000000000 -0400
@@ -5,13 +5,13 @@
 .B #include <selinux/selinux.h>
 .sp
@ -746,7 +746,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_getenforcemo
 Sets the value of enforce to -1 if SELinux should be disabled.
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_policy_root.3 libselinux-2.0.24/man/man3/selinux_policy_root.3
 --- nsalibselinux/man/man3/selinux_policy_root.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/selinux_policy_root.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/selinux_policy_root.3	2007-07-23 10:21:34.000000000 -0400
@@ -5,7 +5,7 @@
 .B #include <selinux/selinux.h>
 .sp
@ -758,7 +758,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_policy_root.
 .B selinux_policy_root
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_set_callback.3 libselinux-2.0.24/man/man3/selinux_set_callback.3
 --- nsalibselinux/man/man3/selinux_set_callback.3	2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man3/selinux_set_callback.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/selinux_set_callback.3	2007-07-23 10:21:34.000000000 -0400
@@ -39,11 +39,11 @@
 argument indicates the type of message and will be set to one of the following:
 
@ -776,7 +776,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_set_callback
 .TP
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setfilecon.3 libselinux-2.0.24/man/man3/setfilecon.3
 --- nsalibselinux/man/man3/setfilecon.3	2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/setfilecon.3	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man3/setfilecon.3	2007-07-23 10:21:34.000000000 -0400
@@ -6,9 +6,9 @@
 .B #include <selinux/selinux.h>
 .sp
@ -791,7 +791,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setfilecon.3 libseli
 .SH "DESCRIPTION"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_file.5 libselinux-2.0.24/man/man5/selabel_file.5
 --- nsalibselinux/man/man5/selabel_file.5	2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man5/selabel_file.5	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man5/selabel_file.5	2007-07-23 10:21:34.000000000 -0400
@@ -6,13 +6,13 @@
 selabel_file \- userspace SELinux labeling interface: file contexts backend.
 .SH "SYNOPSIS"
@ -810,7 +810,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_file.5 libse
 .SH "DESCRIPTION"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_media.5 libselinux-2.0.24/man/man5/selabel_media.5
 --- nsalibselinux/man/man5/selabel_media.5	2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man5/selabel_media.5	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man5/selabel_media.5	2007-07-23 10:21:34.000000000 -0400
@@ -6,13 +6,13 @@
 selabel_media \- userspace SELinux labeling interface: media contexts backend.
 .SH "SYNOPSIS"
@ -829,7 +829,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_media.5 libs
 .SH "DESCRIPTION"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_x.5 libselinux-2.0.24/man/man5/selabel_x.5
 --- nsalibselinux/man/man5/selabel_x.5	2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man5/selabel_x.5	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man5/selabel_x.5	2007-07-23 10:21:34.000000000 -0400
@@ -6,13 +6,13 @@
 selabel_x \- userspace SELinux labeling interface: X Window System contexts backend.
 .SH "SYNOPSIS"
@ -848,7 +848,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_x.5 libselin
 .SH "DESCRIPTION"
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/matchpathcon.8 libselinux-2.0.24/man/man8/matchpathcon.8
 --- nsalibselinux/man/man8/matchpathcon.8	2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man8/matchpathcon.8	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man8/matchpathcon.8	2007-07-23 10:21:34.000000000 -0400
@@ -10,16 +10,16 @@
 .SH OPTIONS
 .B \-n
@ -872,7 +872,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/matchpathcon.8 libse
 
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinux.8 libselinux-2.0.24/man/man8/selinux.8
 --- nsalibselinux/man/man8/selinux.8	2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man8/selinux.8	2007-07-18 13:52:07.000000000 -0400
+++ libselinux-2.0.24/man/man8/selinux.8	2007-07-23 10:21:34.000000000 -0400
@@ -62,14 +62,13 @@
 .B system-config-securitylevel
 allows customization of these booleans and tunables.
@ -891,7 +891,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinux.8 libselinux
 .SH AUTHOR	
 diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.24/src/matchpathcon.c
 --- nsalibselinux/src/matchpathcon.c	2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/src/matchpathcon.c	2007-07-18 13:52:29.000000000 -0400
+++ libselinux-2.0.24/src/matchpathcon.c	2007-07-23 10:21:34.000000000 -0400
@@ -65,7 +65,7 @@
 #ifdef __GNUC__
     __attribute__ ((format(printf, 1, 2)))
@ -901,3 +901,24 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux
 
 void set_matchpathcon_printf(void (*f) (const char *fmt, ...))
 {
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/stringrep.c libselinux-2.0.24/src/stringrep.c
+--- nsalibselinux/src/stringrep.c	2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/src/stringrep.c	2007-07-23 10:21:54.000000000 -0400
+@@ -236,7 +236,7 @@
+ 
+ 	dentry = readdir(dir);
+ 	while (dentry != NULL) {
+-		size_t value;
+		unsigned int value;
+ 		struct stat m;
+ 
+ 		snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
+@@ -258,7 +258,7 @@
+ 		if (ret < 0)
+ 			goto err4;
+ 
+-		if (sscanf(buf, "%u", (unsigned int *)&value) != 1)
+		if (sscanf(buf, "%u", &value) != 1)
+ 			goto err4;
+ 
+ 		node->perms[value-1] = strdup(dentry->d_name);
--- a/libselinux.spec
+++ b/libselinux.spec
@ -2,7 +2,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.0.24
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: Public domain (uncopyrighted)
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@ -123,6 +123,10 @@ exit 0
 %{_libdir}/python*/site-packages/selinux.py*

 %changelog
+* Mon Jul 23 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.24-3
+- Apply Steven Smalley patch to fix segfault in string_to_security_class
+
+
 * Wed Jul 18 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.24-2
 - Fix matchpathcon to set default myprintf