- Add Ivans patch to make ports work

libsepol-rhat.patch

@@ -1,20 +1,55 @@
-diff -aur libsepol-1.7.6.orig/src/context.c libsepol-1.7.6.new/src/context.c
---- libsepol-1.7.6.orig/src/context.c	2005-07-26 14:43:30.000000000 -0400
-+++ libsepol-1.7.6.new/src/context.c	2005-07-27 12:10:53.000000000 -0400
-@@ -133,6 +133,7 @@
- 	char* role = strdup(data->role);
- 	char* type = strdup(data->type);
- 	char* mls = data->mls ? strdup(data->mls): NULL;
-+	char* mls_ptr = mls;
+diff --exclude-from=exclude -N -u -r nsalibsepol/src/libsepol.map libsepol-1.11.1/src/libsepol.map
+--- nsalibsepol/src/libsepol.map	2005-11-15 08:06:55.000000000 -0500
++++ libsepol-1.11.1/src/libsepol.map	2005-12-27 11:07:34.000000000 -0500
+@@ -4,6 +4,7 @@
+ 	sepol_bool_*; sepol_genbools*; 
+ 	sepol_context*; sepol_check_context;
+ 	sepol_iface_*; 
++	sepol_port_*;
+ 	sepol_user_*; sepol_genusers; sepol_set_delusers;
+ 	sepol_msg_*; sepol_debug;
+ 	sepol_handle_*;
+diff --exclude-from=exclude -N -u -r nsalibsepol/src/port_record.c libsepol-1.11.1/src/port_record.c
+--- nsalibsepol/src/port_record.c	2005-11-01 17:32:59.000000000 -0500
++++ libsepol-1.11.1/src/port_record.c	2005-12-27 11:07:34.000000000 -0500
+@@ -84,8 +84,8 @@
+ 	sepol_port_t* port, 
+ 	sepol_port_key_t* key) {
  
- 	scontext = (context_struct_t*) malloc(sizeof(context_struct_t));
- 	if (!user || !role || !type || (data->mls && !mls) || !scontext) {
-@@ -177,7 +178,7 @@
- 		DEBUG(__FUNCTION__, "mls is enabled, but no mls context found\n");
- 		goto err_destroy;
- 	}
--	if (mls && (mls_context_to_sid(policydb, '$', &mls, scontext) < 0)) {
-+	if (mls && (mls_context_to_sid(policydb, '$', &mls_ptr, scontext) < 0)) {
- 		DEBUG(__FUNCTION__, "invalid mls context %s\n", mls);
- 		goto err_destroy;
- 	}
+-	if ((port->low <= key->low) && 
+-	    (port->high >= key->high) &&
++	if ((port->low == key->low) && 
++	    (port->high == key->high) &&
+ 	    (port->proto == key->proto))
+ 		return 0;
+ 
+diff --exclude-from=exclude -N -u -r nsalibsepol/src/ports.c libsepol-1.11.1/src/ports.c
+--- nsalibsepol/src/ports.c	2005-11-04 15:37:13.000000000 -0500
++++ libsepol-1.11.1/src/ports.c	2005-12-27 11:07:34.000000000 -0500
+@@ -182,7 +182,7 @@
+ 		int low2 = c->u.port.low_port;
+ 		int high2 = c->u.port.high_port;
+ 
+-		if (proto == proto2 && low2 <= low && high2 >= high) {
++		if (proto == proto2 && low2 == low && high2 == high) {
+ 			*response = 1;
+ 			return STATUS_SUCCESS;
+ 		}
+@@ -220,7 +220,7 @@
+ 		int low2 = c->u.port.low_port;
+ 		int high2 = c->u.port.high_port;
+ 
+-		if (proto == proto2 && low2 <= low && high2 >= high) {
++		if (proto == proto2 && low2 == low && high2 == high) {
+ 			if (port_to_record(handle, policydb, c, response) < 0)
+ 				goto err;
+ 			return STATUS_SUCCESS;
+@@ -263,7 +263,7 @@
+ 		int low2 = c->u.port.low_port;
+ 		int high2 = c->u.port.high_port;
+ 
+-		if (proto == proto2 && low2 <= low && high2 >= high) {
++		if (proto == proto2 && low2 == low && high2 == high) {
+ 
+ 			/* Replace */
+ 			port->next = c->next;

libsepol.spec

@@ -1,10 +1,11 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsepol
 Version: 1.11.1
-Release: 1
+Release: 2
 License: GPL
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz
+Patch: libsepol-rhat.patch
 
 Prefix: %{_prefix}
 BuildRoot: %{_tmppath}/%{name}-buildroot
@@ -37,6 +38,7 @@ needed for developing applications that manipulate binary policies.
 
 %prep
 %setup -q
+%patch -p1 -b .rhat
 
 %build
 make clean
@@ -80,6 +82,9 @@ exit 0
 %{_includedir}/sepol/policydb/*.h
 
 %changelog
+* Tue Dec 27 2005 Dan Walsh <dwalsh@redhat.com> 1.11.1-2
+- Add Ivans patch to make ports work
+
 * Fri Dec 16 2005 Dan Walsh <dwalsh@redhat.com> 1.11.1-1
 - Upgrade to latest from NSA
 	* Fixed mls_range_cpy bug.