Fix typo in spec file

Show strerror for security_getenforce() by Colin Waters.
Merged selabel database support by KaiGai Kohei.
Modify netlink socket blocking code by KaiGai Kohei.

.gitignore

@@ -174,3 +174,7 @@ libselinux-2.0.87.tgz
 libselinux-2.0.88.tgz
 libselinux-2.0.89.tgz
 libselinux-2.0.90.tgz
+libselinux-2.0.91.tgz
+libselinux-2.0.92.tgz
+libselinux-2.0.93.tgz
+libselinux-2.0.94.tgz

Makefile

@@ -1,21 +0,0 @@
-# Makefile for source rpm: libselinux
-# $Id: Makefile,v 1.2 2007/10/15 19:04:13 notting Exp $
-NAME := libselinux
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attempt a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)

libselinux-2.0.94_chcon.patch

@@ -0,0 +1,18 @@
+diff -up libselinux-2.0.94/src/selinuxswig_python.i.chcon libselinux-2.0.94/src/selinuxswig_python.i
+--- libselinux-2.0.94/src/selinuxswig_python.i.chcon	2010-08-23 10:23:50.000000000 -0400
++++ libselinux-2.0.94/src/selinuxswig_python.i	2010-08-23 10:23:54.000000000 -0400
+@@ -21,6 +21,14 @@ def restorecon(path, recursive=False):
+                              map(restorecon, [os.path.join(dirname, fname)
+                                               for fname in fnames]), None)
+ 
++def chcon(path, context, recursive=False):
++    """ Set the SELinux context on a given path """
++    lsetfilecon(path, context)
++    if recursive:
++        for root, dirs, files in os.walk(path):
++            for name in files + dirs:
++               lsetfilecon(os.path.join(root,name), context)
++
+ def copytree(src, dest):
+     """ An SELinux-friendly shutil.copytree method """
+     shutil.copytree(src, dest)

libselinux-2.0.94_leak.patch

@@ -0,0 +1,124 @@
+--- libselinux-2.0.94/src/matchpathcon.c.leak	2011-02-04 08:49:46.498334051 +0100
++++ libselinux-2.0.94/src/matchpathcon.c	2011-02-04 08:52:48.979090294 +0100
+@@ -16,6 +16,9 @@
+ static __thread int con_array_size;
+ static __thread int con_array_used;
+ 
++static pthread_once_t once = PTHREAD_ONCE_INIT;
++static pthread_key_t destructor_key;
++
+ static int add_array_elt(char *con)
+ {
+ 	if (con_array_size) {
+@@ -283,11 +286,19 @@
+ 	fl_head = NULL;
+ }
+ 
++static void matchpathcon_init_once(void)
++{
++	__selinux_key_create(&destructor_key, free_array_elts);
++}
++
+ int matchpathcon_init_prefix(const char *path, const char *subset)
+ {
+ 	if (!mycanoncon)
+ 		mycanoncon = default_canoncon;
+ 
++	__selinux_once(once, matchpathcon_init_once);
++	__selinux_setspecific(destructor_key, (void *)1);
++
+ 	options[SELABEL_OPT_SUBSET].type = SELABEL_OPT_SUBSET;
+ 	options[SELABEL_OPT_SUBSET].value = subset;
+ 	options[SELABEL_OPT_PATH].type = SELABEL_OPT_PATH;
+--- libselinux-2.0.94/src/selinux_internal.h.leak	2011-02-04 08:53:00.618332791 +0100
++++ libselinux-2.0.94/src/selinux_internal.h	2011-02-04 08:56:24.917090558 +0100
+@@ -97,6 +97,8 @@
+ 
+ /* Make pthread_once optional */
+ #pragma weak pthread_once
++#pragma weak pthread_key_create
++#pragma weak pthread_setspecific
+ 
+ /* Call handler iff the first call.  */
+ #define __selinux_once(ONCE_CONTROL, INIT_FUNCTION)	\
+@@ -109,4 +111,15 @@
+ 		}					\
+ 	} while (0)
+ 
++/* Pthread key macros */
++#define __selinux_key_create(KEY, DESTRUCTOR)			\
++	do {							\
++		if (pthread_key_create != NULL)			\
++			pthread_key_create(KEY, DESTRUCTOR);	\
++	} while (0)
+ 
++#define __selinux_setspecific(KEY, VALUE)			\
++	do {							\
++		if (pthread_setspecific != NULL)		\
++			pthread_setspecific(KEY, VALUE);	\
++	} while (0)
+--- libselinux-2.0.94/src/setrans_client.c.leak	2011-02-04 08:56:43.229330202 +0100
++++ libselinux-2.0.94/src/setrans_client.c	2011-02-04 09:00:04.176174970 +0100
+@@ -34,6 +34,8 @@
+ static __thread security_context_t prev_r2c_raw = NULL;
+ 
+ static pthread_once_t once = PTHREAD_ONCE_INIT;
++static pthread_key_t destructor_key;
++static __thread char destructor_initialized;
+ 
+ /*
+  * setransd_open
+@@ -240,8 +242,27 @@
+ 	return ret;
+ }
+ 
++static void setrans_thread_destructor(void __attribute__((unused)) *unused)
++{
++	free(prev_t2r_trans);
++	free(prev_t2r_raw);
++	free(prev_r2t_trans);
++	free(prev_r2t_raw);
++	free(prev_r2c_trans);
++	free(prev_r2c_raw);
++}
++
++static inline void init_thread_destructor(void)
++{
++	if (destructor_initialized == 0) {
++		__selinux_setspecific(destructor_key, (void *)1);
++		destructor_initialized = 1;
++	}
++}
++
+ static void init_context_translations(void)
+ {
++	__selinux_key_create(&destructor_key, setrans_thread_destructor);
+ 	mls_enabled = is_selinux_mls_enabled();
+ }
+ 
+@@ -254,6 +275,7 @@
+ 	}
+ 
+ 	__selinux_once(once, init_context_translations);
++	init_thread_destructor();
+ 
+ 	if (!mls_enabled) {
+ 		*rawp = strdup(trans);
+@@ -295,6 +317,7 @@
+ 	}
+ 
+ 	__selinux_once(once, init_context_translations);
++	init_thread_destructor();
+ 
+ 	if (!mls_enabled) {
+ 		*transp = strdup(raw);
+@@ -334,6 +357,9 @@
+ 		return -1;
+ 	}
+ 
++	__selinux_once(once, init_context_translations);
++	init_thread_destructor();
++
+ 	if (prev_r2c_raw && strcmp(prev_r2c_raw, raw) == 0) {
+ 		*transp = strdup(prev_r2c_trans);
+ 	} else {

libselinux-rhat.patch

@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.90/man/man8/selinuxconlist.8
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.93/man/man8/selinuxconlist.8
 --- nsalibselinux/man/man8/selinuxconlist.8	1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.90/man/man8/selinuxconlist.8	2010-01-18 16:52:28.000000000 -0500
++++ libselinux-2.0.93/man/man8/selinuxconlist.8	2010-03-16 12:33:32.000000000 -0400
 @@ -0,0 +1,18 @@
 +.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
 +.SH "NAME"
@@ -20,9 +20,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib
 +
 +.SH "SEE ALSO"
 +secon(8), selinuxdefcon(8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.90/man/man8/selinuxdefcon.8
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.93/man/man8/selinuxdefcon.8
 --- nsalibselinux/man/man8/selinuxdefcon.8	1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.90/man/man8/selinuxdefcon.8	2010-01-18 16:52:28.000000000 -0500
++++ libselinux-2.0.93/man/man8/selinuxdefcon.8	2010-03-16 12:33:32.000000000 -0400
 @@ -0,0 +1,24 @@
 +.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
 +.SH "NAME"
@@ -48,9 +48,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs
 +
 +.SH "SEE ALSO"
 +secon(8), selinuxconlist(8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.90/src/callbacks.c
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.93/src/callbacks.c
 --- nsalibselinux/src/callbacks.c	2009-04-08 09:06:23.000000000 -0400
-+++ libselinux-2.0.90/src/callbacks.c	2010-01-18 16:52:28.000000000 -0500
++++ libselinux-2.0.93/src/callbacks.c	2010-03-16 12:33:32.000000000 -0400
 @@ -16,6 +16,7 @@
  {
  	int rc;
@@ -59,37 +59,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.
  	va_start(ap, fmt);
  	rc = vfprintf(stderr, fmt, ap);
  	va_end(ap);
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-2.0.90/src/init.c
---- nsalibselinux/src/init.c	2009-07-14 11:16:03.000000000 -0400
-+++ libselinux-2.0.90/src/init.c	2010-01-18 16:52:28.000000000 -0500
-@@ -59,8 +59,10 @@
- 	}
- 	fclose(fp);
- 
--	if (!exists)
-+	if (!exists) {
-+		free(buf);
- 		return;
-+	}
- 
- 	/* At this point, the usual spot doesn't have an selinuxfs so
- 	 * we look around for it */
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/label_file.c libselinux-2.0.90/src/label_file.c
---- nsalibselinux/src/label_file.c	2009-05-18 13:53:14.000000000 -0400
-+++ libselinux-2.0.90/src/label_file.c	2010-01-18 16:53:54.000000000 -0500
-@@ -20,6 +20,9 @@
- #include "callbacks.h"
- #include "label_internal.h"
- 
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+
- /*
-  * Internals, mostly moved over from matchpathcon.c
-  */
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.90/src/matchpathcon.c
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.93/src/matchpathcon.c
 --- nsalibselinux/src/matchpathcon.c	2009-03-06 14:41:45.000000000 -0500
-+++ libselinux-2.0.90/src/matchpathcon.c	2010-01-18 16:52:28.000000000 -0500
++++ libselinux-2.0.93/src/matchpathcon.c	2010-03-16 12:33:32.000000000 -0400
 @@ -2,6 +2,7 @@
  #include <string.h>
  #include <errno.h>

libselinux.spec

@@ -4,12 +4,14 @@
 
 Summary: SELinux library and simple utilities
 Name: libselinux
-Version: 2.0.90
+Version: 2.0.94
 Release: 3%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz
 Patch: libselinux-rhat.patch
+Patch2: libselinux-2.0.94_chcon.patch
+Patch3: libselinux-2.0.94_leak.patch
 URL: http://www.selinuxproject.org
 
 BuildRequires: python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig
@@ -80,6 +82,8 @@ needed for developing SELinux applications.
 %prep
 %setup -q
 %patch -p1 -b .rhat
+%patch2 -p1 -b .chcon
+%patch3 -p1 -b .leak
 
 %build
 make clean
@@ -166,6 +170,40 @@ exit 0
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Fri Feb 4 2011 Miroslav Grepl <mgrepl@redhat.com> - 2.0.94-3
+- Thread local storage fixes from Eamon Walsh.
+
+* Wed Aug 23 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.94-2
+- Add chcon function to python bindings.
+
+* Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.94-1
+	* Set errno=EINVAL for invalid contexts from Dan Walsh.
+
+* Sun Mar 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.93-1
+- Update to upstream 
+	* Show strerror for security_getenforce() by Colin Waters.
+	* Merged selabel database support by KaiGai Kohei.
+	* Modify netlink socket blocking code by KaiGai Kohei.
+
+* Sun Mar 7 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.92-1
+- Update to upstream 
+	* Fix from Eric Paris to fix leak on non-selinux systems.
+	* regenerate swig wrappers
+	* pkgconfig fix to respect LIBDIR from Dan Walsh.
+
+* Wed Feb 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.91-1
+- Update to upstream 
+	* Change the AVC to only audit the permissions specified by the
+	policy, excluding any permissions specified via dontaudit or not
+	specified via auditallow.
+	* Fix compilation of label_file.c with latest glibc headers.
+
+* Mon Feb 22 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-5
+- Fix potential doublefree on init
+
+* Thu Feb 18 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-4
+- Fix libselinux.pc
+
 * Mon Jan 18 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-3
 - Fix man page for selinuxdefcon
 

sources

@@ -1 +1 @@
-87c744d919d632502ca91ca213c2168f  libselinux-2.0.90.tgz
+f814c71fca5a85ebfeb81b57afed59db  libselinux-2.0.94.tgz