- Upgrade to latest from NSA
Fixed attr_convert_callback and expand_convert_type_set typemap bug.
This commit is contained in:
Daniel J Walsh
parent
d808811bca
commit
058dbc84ac
|
|
@ -90,3 +90,4 @@ libsepol-1.11.20.tgz
|
|||
libsepol-1.12.tgz
|
||||
libsepol-1.12.1.tgz
|
||||
libsepol-1.12.2.tgz
|
||||
libsepol-1.12.3.tgz
|
||||
|
|
|
|||
|
|
@ -1,55 +1,47 @@
|
|||
diff --exclude-from=exclude -N -u -r nsalibsepol/src/libsepol.map libsepol-1.11.1/src/libsepol.map
|
||||
--- nsalibsepol/src/libsepol.map 2005-11-15 08:06:55.000000000 -0500
|
||||
+++ libsepol-1.11.1/src/libsepol.map 2005-12-27 11:07:34.000000000 -0500
|
||||
@@ -4,6 +4,7 @@
|
||||
sepol_bool_*; sepol_genbools*;
|
||||
sepol_context*; sepol_check_context;
|
||||
sepol_iface_*;
|
||||
+ sepol_port_*;
|
||||
sepol_user_*; sepol_genusers; sepol_set_delusers;
|
||||
sepol_msg_*; sepol_debug;
|
||||
sepol_handle_*;
|
||||
diff --exclude-from=exclude -N -u -r nsalibsepol/src/port_record.c libsepol-1.11.1/src/port_record.c
|
||||
--- nsalibsepol/src/port_record.c 2005-11-01 17:32:59.000000000 -0500
|
||||
+++ libsepol-1.11.1/src/port_record.c 2005-12-27 11:07:34.000000000 -0500
|
||||
@@ -84,8 +84,8 @@
|
||||
sepol_port_t* port,
|
||||
sepol_port_key_t* key) {
|
||||
diff -u -p -r1.5 ebitmap.c
|
||||
--- libsepol/src/ebitmap.c 7 Oct 2005 20:10:15 -0000 1.5
|
||||
+++ libsepol/src/ebitmap.c 27 Mar 2006 21:13:45 -0000
|
||||
@@ -12,6 +12,7 @@
|
||||
#include <sepol/policydb/ebitmap.h>
|
||||
#include <sepol/policydb/policydb.h>
|
||||
|
||||
- if ((port->low <= key->low) &&
|
||||
- (port->high >= key->high) &&
|
||||
+ if ((port->low == key->low) &&
|
||||
+ (port->high == key->high) &&
|
||||
(port->proto == key->proto))
|
||||
return 0;
|
||||
+#include "debug.h"
|
||||
#include "private.h"
|
||||
|
||||
diff --exclude-from=exclude -N -u -r nsalibsepol/src/ports.c libsepol-1.11.1/src/ports.c
|
||||
--- nsalibsepol/src/ports.c 2005-11-04 15:37:13.000000000 -0500
|
||||
+++ libsepol-1.11.1/src/ports.c 2005-12-27 11:07:34.000000000 -0500
|
||||
@@ -182,7 +182,7 @@
|
||||
int low2 = c->u.port.low_port;
|
||||
int high2 = c->u.port.high_port;
|
||||
int ebitmap_or(ebitmap_t * dst, ebitmap_t * e1, ebitmap_t * e2)
|
||||
@@ -182,6 +183,10 @@ int ebitmap_set_bit(ebitmap_t * e, unsig
|
||||
{
|
||||
ebitmap_node_t *n, *prev, *new;
|
||||
|
||||
- if (proto == proto2 && low2 <= low && high2 >= high) {
|
||||
+ if (proto == proto2 && low2 == low && high2 == high) {
|
||||
*response = 1;
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
@@ -220,7 +220,7 @@
|
||||
int low2 = c->u.port.low_port;
|
||||
int high2 = c->u.port.high_port;
|
||||
+ if (bit == (unsigned int)-1) {
|
||||
+ ERR(NULL, "negative bit position.");
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
|
||||
- if (proto == proto2 && low2 <= low && high2 >= high) {
|
||||
+ if (proto == proto2 && low2 == low && high2 == high) {
|
||||
if (port_to_record(handle, policydb, c, response) < 0)
|
||||
goto err;
|
||||
return STATUS_SUCCESS;
|
||||
@@ -263,7 +263,7 @@
|
||||
int low2 = c->u.port.low_port;
|
||||
int high2 = c->u.port.high_port;
|
||||
|
||||
- if (proto == proto2 && low2 <= low && high2 >= high) {
|
||||
+ if (proto == proto2 && low2 == low && high2 == high) {
|
||||
|
||||
/* Replace */
|
||||
port->next = c->next;
|
||||
prev = 0;
|
||||
n = e->node;
|
||||
Index: libsepol/src/expand.c
|
||||
===================================================================
|
||||
RCS file: /nfshome/pal/CVS/selinux-usr/libsepol/src/expand.c,v
|
||||
retrieving revision 1.23
|
||||
diff -u -p -r1.23 expand.c
|
||||
--- libsepol/src/expand.c 13 Feb 2006 13:59:54 -0000 1.23
|
||||
+++ libsepol/src/expand.c 27 Mar 2006 21:17:21 -0000
|
||||
@@ -138,6 +138,8 @@ static int attr_convert_callback(hashtab
|
||||
ebitmap_for_each_bit(&type->types, node, i) {
|
||||
if (!ebitmap_node_get_bit(node, i))
|
||||
continue;
|
||||
+ if (!state->typemap[i])
|
||||
+ continue;
|
||||
if (ebitmap_set_bit(&new_type->types,
|
||||
state->typemap[i]-1, 1)) {
|
||||
ERR (state->handle, "out of memory");
|
||||
@@ -1441,6 +1443,8 @@ int expand_convert_type_set(policydb_t *
|
||||
ebitmap_for_each_bit(&tmp, tnode, i) {
|
||||
if (!ebitmap_node_get_bit(tnode, i))
|
||||
continue;
|
||||
+ if (!typemap[i])
|
||||
+ continue;
|
||||
if (ebitmap_set_bit(types, typemap[i] - 1, 1))
|
||||
return -1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
Summary: SELinux binary policy manipulation library
|
||||
Name: libsepol
|
||||
Version: 1.12.2
|
||||
Version: 1.12.3
|
||||
Release: 1
|
||||
License: GPL
|
||||
Group: System Environment/Libraries
|
||||
|
|
@ -80,6 +80,11 @@ exit 0
|
|||
%{_includedir}/sepol/policydb/*.h
|
||||
|
||||
%changelog
|
||||
* Mon Mar 27 2006 Dan Walsh <dwalsh@redhat.com> 1.12.3-1
|
||||
- Upgrade to latest from NSA
|
||||
* Fixed attr_convert_callback and expand_convert_type_set
|
||||
typemap bug.
|
||||
|
||||
* Fri Mar 24 2006 Dan Walsh <dwalsh@redhat.com> 1.12.2-1
|
||||
- Upgrade to latest from NSA
|
||||
* Fixed avrule_block_write num_decls endian bug.
|
||||
|
|
|
|||
Loading…
Reference in New Issue