From d9ff1def7cf752192f949ae3524b046749824095 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 30 Aug 2005 13:46:52 +0000 Subject: [PATCH] - Update from NSA Merged errno fix from Joshua Brindle (Tresys). Merged fix for semod_build_modules_list leak on error path from Serge Hallyn (IBM). Bug found by Coverity. Merged several fixes from Serge Hallyn (IBM). Bugs found by Coverity. Fixed several other bugs and warnings. Merged patch to move module read/write code from libsemanage to libsepol from Jason Tang (Tresys). Merged relay records patch from Ivan Gyurdiev. Merged key extract patch from Ivan Gyurdiev. --- libsemanage-rhat.patch | 44 ++++++++++++++++++++++++++++++++++++++++++ libsemanage.spec | 17 ++++++++++++++-- 2 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 libsemanage-rhat.patch diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch new file mode 100644 index 0000000..e81b3d3 --- /dev/null +++ b/libsemanage-rhat.patch @@ -0,0 +1,44 @@ +--- libsemanage-1.1.4/src/semod.conf~ 2005-08-30 09:24:00.000000000 -0400 ++++ libsemanage-1.1.4/src/semod.conf 2005-08-30 09:47:12.000000000 -0400 +@@ -16,10 +16,10 @@ + # License along with this library; if not, write to the Free Software + # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +-# Specify how libsemod will interact with the module store. The three ++# Specify how libsemanage will interact with the module store. The three + # options are: + # +-# "direct" - libsemod will write directly to the store. ++# "direct" - libsemanage will write directly to the store. + # /foo/bar - Write by way of a policy server, whose named socket + # is at /foo/bar. The path must begin with a '/'. + # foo.com:4242 - Establish a TCP connection to a remote policy server +@@ -44,7 +44,7 @@ + #args = -b $@ + #[end] + +-# In addition to loading a policy libsemod will validate file contexts ++# In addition to loading a policy libsemanage will validate file contexts + # by calling the setfiles utility. As above, "$@" will be replaced + # with the policy filename. In addition "$<" will be replaced with + # the file contexts filename. +--- libsemanage-1.1.4/src/Makefile~ 2005-08-30 09:24:00.000000000 -0400 ++++ libsemanage-1.1.4/src/Makefile 2005-08-30 09:39:56.000000000 -0400 +@@ -4,7 +4,7 @@ + SHLIBDIR ?= $(DESTDIR)/lib + INCLUDEDIR ?= $(PREFIX)/include + +-DEFAULT_SEMOD_CONF_LOCATION=$(PREFIX)/share/semod/semod.conf ++DEFAULT_SEMOD_CONF_LOCATION=/etc/selinux/semod.conf + + LEX = flex + LFLAGS = -s +@@ -40,7 +40,7 @@ + install: all + test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) + install -m 644 $(LIBA) $(LIBDIR) +- install -m 644 -D semod.conf $(DEFAULT_SEMOD_CONF_LOCATION) ++ install -m 644 -D semod.conf $(DESTDIR)/$(DEFAULT_SEMOD_CONF_LOCATION) + + clean: + rm -f $(OBJS) $(LIBA) conf-scan.c conf-parse.c conf-parse.h diff --git a/libsemanage.spec b/libsemanage.spec index 6f89211..637af43 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -1,10 +1,11 @@ Summary: SELinux binary policy manipulation library Name: libsemanage -Version: 1.0 +Version: 1.1.4 Release: 1 License: GPL Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz +Patch: libsemanage-rhat.patch Prefix: %{_prefix} BuildRoot: %{_tmppath}/%{name}-buildroot Provides: libsemanage.so @@ -36,6 +37,7 @@ needed for developing applications that manipulate binary policies. %prep %setup -q +%patch -p1 -b .rhat %build make CFLAGS="%{optflags}" @@ -60,10 +62,21 @@ rm -rf ${RPM_BUILD_ROOT} %files %defattr(-,root,root) -%config(noreplace) /usr/share/semod/semod.conf +%config(noreplace) /etc/selinux/semod.conf %changelog * Thu Jul 7 2005 Dan Walsh 1.0-1 +- Update from NSA + * Merged errno fix from Joshua Brindle (Tresys). + * Merged fix for semod_build_modules_list leak on error path + from Serge Hallyn (IBM). Bug found by Coverity. + * Merged several fixes from Serge Hallyn (IBM). Bugs found by + Coverity. + * Fixed several other bugs and warnings. + * Merged patch to move module read/write code from libsemanage + to libsepol from Jason Tang (Tresys). + * Merged relay records patch from Ivan Gyurdiev. + * Merged key extract patch from Ivan Gyurdiev. - Initial version - Created by Stephen Smalley