Update to upstream

* Remove -lpthread from pkg-config file; it is not required.

.gitignore

@@ -196,3 +196,4 @@ libselinux-2.0.96.tgz
 /libselinux-2.1.12.tgz
 /libselinux-2.1.13.tgz
 /libselinux-2.2.tgz
+/libselinux-2.2.1.tgz

libselinux-rhat.patch

@@ -1,3 +1,204 @@
+diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
+index 02dd829..6dfdb46 100644
+--- a/libselinux/src/Makefile
++++ b/libselinux/src/Makefile
+@@ -114,7 +114,7 @@ $(LIBA): $(OBJS)
+ 	$(RANLIB) $@
+ 
+ $(LIBSO): $(LOBJS)
+-	$(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
++	$(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -llzma -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ 	ln -sf $@ $(TARGET) 
+ 
+ $(LIBPC): $(LIBPC).in ../VERSION
+diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
+index e419f1a..fdeca93 100644
+--- a/libselinux/src/load_policy.c
++++ b/libselinux/src/load_policy.c
+@@ -16,6 +16,82 @@
+ #include <dlfcn.h>
+ #include "policy.h"
+ #include <limits.h>
++#include <lzma.h>
++
++static char *lzmaread(int fd, size_t *rsize) {
++	int capacity = 64*1024;
++	char *buf = NULL;
++	int tmpsize = 8 * 1024;
++	unsigned char tmp[tmpsize];
++	unsigned char tmp_out[tmpsize];
++	size_t size = 0;
++	lzma_stream strm = LZMA_STREAM_INIT;
++	lzma_action action = LZMA_RUN;
++	lzma_ret ret;
++	
++	FILE *stream = fdopen (fd, "r");
++	if (!stream) {
++		return NULL;
++	}
++	ret = lzma_stream_decoder(&strm, UINT64_MAX,
++				  LZMA_CONCATENATED);
++	
++	strm.avail_in = 0;
++	strm.next_out = tmp_out;
++	strm.avail_out = tmpsize;
++	
++	buf = (char *) malloc (capacity);
++	if (!buf)
++		goto err;
++	
++	while (1) {
++		if (strm.avail_in == 0) {
++			strm.next_in = tmp;
++			strm.avail_in = fread(tmp, 1, tmpsize, stream);
++			
++			if (ferror(stream)) {
++				// POSIX says that fread() sets errno if
++				// an error occurred. ferror() doesn't
++				// touch errno.
++				goto err;
++			}
++			if (feof(stream)) action = LZMA_FINISH;
++		}
++		
++		ret = lzma_code(&strm, action);
++		
++		// Write and check write error before checking decoder error.
++		// This way as much data as possible gets written to output
++		// even if decoder detected an error.
++		if (strm.avail_out == 0 || ret != LZMA_OK) {
++			const size_t num =  tmpsize - strm.avail_out;
++			if (num > capacity) {
++				buf = (char*) realloc (buf, size*2);
++				capacity = size;
++			}
++			memcpy (buf+size, tmp_out, num);
++			capacity -= num;
++			size += num;
++			strm.next_out = tmp_out;
++			strm.avail_out = tmpsize;
++		}
++		if (ret != LZMA_OK) {
++			if (ret == LZMA_STREAM_END) {
++				break;
++			} else {
++				goto err;
++			}
++		}
++	}
++	*rsize = size;
++	
++	goto exit;
++err:
++	free(buf); buf = NULL;
++exit:
++	lzma_end(&strm);
++	return buf;
++}
+ 
+ int security_load_policy(void *data, size_t len)
+ {
+@@ -55,7 +131,7 @@ int selinux_mkload_policy(int preservebools)
+ 	struct stat sb;
+ 	struct utsname uts;
+ 	size_t size;
+-	void *map, *data;
++	void *map = NULL, *data=NULL;
+ 	int fd, rc = -1, prot;
+ 	sepol_policydb_t *policydb;
+ 	sepol_policy_file_t *pf;
+@@ -181,24 +257,28 @@ checkbool:
+ 		goto dlclose;
+ 	}
+ 
+-	if (fstat(fd, &sb) < 0) {
+-		fprintf(stderr,
+-			"SELinux:  Could not stat policy file %s:  %s\n",
+-			path, strerror(errno));
+-		goto close;
+-	}
+-
+-	prot = PROT_READ;
+-	if (setlocaldefs || preservebools)
+-		prot |= PROT_WRITE;
++	data = lzmaread(fd,&size);
+ 
+-	size = sb.st_size;
+-	data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
+-	if (map == MAP_FAILED) {
+-		fprintf(stderr,
+-			"SELinux:  Could not map policy file %s:  %s\n",
++	if (!data) {
++		if (fstat(fd, &sb) < 0) {
++			fprintf(stderr,
++				"SELinux:  Could not stat policy file %s:  %s\n",
+ 			path, strerror(errno));
+-		goto close;
++			goto close;
++		}
++		
++		prot = PROT_READ;
++		if (setlocaldefs || preservebools)
++			prot |= PROT_WRITE;
++		
++		size = sb.st_size;
++		data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
++		if (map == MAP_FAILED) {
++			fprintf(stderr,
++				"SELinux:  Could not map policy file %s:  %s\n",
++				path, strerror(errno));
++			goto close;
++		}
+ 	}
+ 
+ 	if (vers > kernvers && usesepol) {
+@@ -210,6 +290,8 @@ checkbool:
+ 			goto unmap;
+ 		}
+ 		policy_file_set_mem(pf, data, size);
++		if (!map)
++			free(data);
+ 		if (policydb_read(policydb, pf)) {
+ 			policy_file_free(pf);
+ 			policydb_free(policydb);
+@@ -223,7 +305,8 @@ checkbool:
+ 				path);
+ 			policy_file_free(pf);
+ 			policydb_free(policydb);
+-			munmap(map, sb.st_size);
++			if (map)
++				munmap(map, sb.st_size);
+ 			close(fd);
+ 			vers--;
+ 			goto search;
+@@ -275,7 +358,7 @@ checkbool:
+ #endif
+ 	}
+ 
+-
++	
+ 	rc = security_load_policy(data, size);
+ 	
+ 	if (rc)
+@@ -286,7 +369,8 @@ checkbool:
+       unmap:
+ 	if (data != map)
+ 		free(data);
+-	munmap(map, sb.st_size);
++	if (map)
++		munmap(map, sb.st_size);
+       close:
+ 	close(fd);
+       dlclose:
+@@ -410,7 +494,7 @@ int selinux_init_load_policy(int *enforce)
+ 	 * already mounted and selinuxmnt set above.
+ 	 */
+ 
+-	if (seconfig == -1) {
++	if (*enforce == -1) {
+ 		/* Runtime disable of SELinux. */
+ 		rc = security_disable();
+ 		if (rc == 0) {
 diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
 index 2d7369e..2a00807 100644
 --- a/libselinux/src/matchpathcon.c

libselinux.spec

@@ -9,7 +9,7 @@
 
 Summary: SELinux library and simple utilities
 Name: libselinux
-Version: 2.2
+Version: 2.2.1
 Release: 1%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
@@ -240,6 +240,10 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Mon Nov 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.1-1
+- Update to upstream 
+	* Remove -lpthread from pkg-config file; it is not required.
+
 * Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1
 - Update to upstream 
 	* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.

sources

@@ -1 +1 @@
-a970226626784d4ee760fd848cc5ca91  libselinux-2.2.tgz
+ada793adfb5683672f9cc8a99447939d  libselinux-2.2.1.tgz