From c4aa29e94573c3923d57897bc5e71177aa944416 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 30 Nov 2007 20:13:08 +0000 Subject: [PATCH] - Upgrade to upstream dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley. Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley. A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD. --- .cvsignore | 2 ++ libselinux-rhat.patch | 21 ++++++++++++++++----- libselinux.spec | 12 +++++++++++- sources | 2 +- 4 files changed, 30 insertions(+), 7 deletions(-) diff --git a/.cvsignore b/.cvsignore index d7c1226..4a20e1b 100644 --- a/.cvsignore +++ b/.cvsignore @@ -134,3 +134,5 @@ libselinux-2.0.36.tgz libselinux-2.0.37.tgz libselinux-2.0.40.tgz libselinux-2.0.42.tgz +libselinux-2.0.43.tgz +libselinux-2.0.45.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 1527b33..0192213 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,6 +1,18 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.35/src/matchpathcon.c +diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/av_permissions.h libselinux-2.0.42/include/selinux/av_permissions.h +--- nsalibselinux/include/selinux/av_permissions.h 2007-11-15 15:52:46.000000000 -0500 ++++ libselinux-2.0.42/include/selinux/av_permissions.h 2007-11-15 16:30:48.000000000 -0500 +@@ -900,6 +900,8 @@ + #define PACKET__SEND 0x00000001UL + #define PACKET__RECV 0x00000002UL + #define PACKET__RELABELTO 0x00000004UL ++#define PACKET__FLOW_IN 0x00000008UL ++#define PACKET__FLOW_OUT 0x00000010UL + #define KEY__VIEW 0x00000001UL + #define KEY__READ 0x00000002UL + #define KEY__WRITE 0x00000004UL +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.42/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2007-09-28 09:48:58.000000000 -0400 -+++ libselinux-2.0.35/src/matchpathcon.c 2007-09-27 13:54:33.000000000 -0400 ++++ libselinux-2.0.42/src/matchpathcon.c 2007-11-15 15:08:23.000000000 -0500 @@ -2,6 +2,7 @@ #include #include @@ -18,10 +30,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux va_end(ap); } - %module selinux -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.35/utils/matchpathcon.c +diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.42/utils/matchpathcon.c --- nsalibselinux/utils/matchpathcon.c 2007-07-16 14:20:45.000000000 -0400 -+++ libselinux-2.0.35/utils/matchpathcon.c 2007-09-27 13:54:33.000000000 -0400 ++++ libselinux-2.0.42/utils/matchpathcon.c 2007-11-15 15:08:23.000000000 -0500 @@ -17,10 +17,24 @@ exit(1); } diff --git a/libselinux.spec b/libselinux.spec index e9c3b81..3302d1d 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,7 +1,7 @@ %define libsepolver 2.0.10-1 Summary: SELinux library and simple utilities Name: libselinux -Version: 2.0.42 +Version: 2.0.45 Release: 1%{?dist} License: Public domain (uncopyrighted) Group: System Environment/Libraries @@ -123,6 +123,16 @@ exit 0 %{_libdir}/python*/site-packages/selinux.py* %changelog +* Fri Nov 30 2007 Dan Walsh - 2.0.45-1 +- Upgrade to upstream + * dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley. + * Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley. + * A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD. + +* Thu Nov 15 2007 Dan Walsh - 2.0.43-1 +- Upgrade to upstream + * Regenerated Flask headers from policy. + * Thu Nov 15 2007 Dan Walsh - 2.0.42-1 - Upgrade to upstream * AVC enforcing mode override patch from Eamon Walsh. diff --git a/sources b/sources index 90ee4b9..357a49e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ae28209845d0189b408aacfb3c739274 libselinux-2.0.42.tgz +a728752820841a8cb4e9e5a8a1d582cd libselinux-2.0.45.tgz