[libselinux] Update to upstream
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Nov 25 20:24:27 UTC 2013
commit 5f9e3146a2bd4e0156d21f876fe257145a317f68
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Nov 25 15:24:16 2013 -0500
Update to upstream
* Remove -lpthread from pkg-config file; it is not required.
.gitignore | 1 +
libselinux-rhat.patch | 201 +++++++++++++++++++++++++++++++++++++++++++++++++
libselinux.spec | 6 +-
sources | 2 +-
4 files changed, 208 insertions(+), 2 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index c3bf9bd..2e9cec3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -196,3 +196,4 @@ libselinux-2.0.96.tgz
/libselinux-2.1.12.tgz
/libselinux-2.1.13.tgz
/libselinux-2.2.tgz
+/libselinux-2.2.1.tgz
diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 1789ec0..c43fe51 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -1,3 +1,204 @@
+diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
+index 02dd829..6dfdb46 100644
+--- a/libselinux/src/Makefile
++++ b/libselinux/src/Makefile
+@@ -114,7 +114,7 @@ $(LIBA): $(OBJS)
+ $(RANLIB) $@
+
+ $(LIBSO): $(LOBJS)
+- $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
++ $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -llzma -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ ln -sf $@ $(TARGET)
+
+ $(LIBPC): $(LIBPC).in ../VERSION
+diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
+index e419f1a..fdeca93 100644
+--- a/libselinux/src/load_policy.c
++++ b/libselinux/src/load_policy.c
+@@ -16,6 +16,82 @@
+ #include <dlfcn.h>
+ #include "policy.h"
+ #include <limits.h>
++#include <lzma.h>
++
++static char *lzmaread(int fd, size_t *rsize) {
++ int capacity = 64*1024;
++ char *buf = NULL;
++ int tmpsize = 8 * 1024;
++ unsigned char tmp[tmpsize];
++ unsigned char tmp_out[tmpsize];
++ size_t size = 0;
++ lzma_stream strm = LZMA_STREAM_INIT;
++ lzma_action action = LZMA_RUN;
++ lzma_ret ret;
++
++ FILE *stream = fdopen (fd, "r");
++ if (!stream) {
++ return NULL;
++ }
++ ret = lzma_stream_decoder(&strm, UINT64_MAX,
++ LZMA_CONCATENATED);
++
++ strm.avail_in = 0;
++ strm.next_out = tmp_out;
++ strm.avail_out = tmpsize;
++
++ buf = (char *) malloc (capacity);
++ if (!buf)
++ goto err;
++
++ while (1) {
++ if (strm.avail_in == 0) {
++ strm.next_in = tmp;
++ strm.avail_in = fread(tmp, 1, tmpsize, stream);
++
++ if (ferror(stream)) {
++ // POSIX says that fread() sets errno if
++ // an error occurred. ferror() doesn't
++ // touch errno.
++ goto err;
++ }
++ if (feof(stream)) action = LZMA_FINISH;
++ }
++
++ ret = lzma_code(&strm, action);
++
++ // Write and check write error before checking decoder error.
++ // This way as much data as possible gets written to output
++ // even if decoder detected an error.
++ if (strm.avail_out == 0 || ret != LZMA_OK) {
++ const size_t num = tmpsize - strm.avail_out;
++ if (num > capacity) {
++ buf = (char*) realloc (buf, size*2);
++ capacity = size;
++ }
++ memcpy (buf+size, tmp_out, num);
++ capacity -= num;
++ size += num;
++ strm.next_out = tmp_out;
++ strm.avail_out = tmpsize;
++ }
++ if (ret != LZMA_OK) {
++ if (ret == LZMA_STREAM_END) {
++ break;
++ } else {
++ goto err;
++ }
++ }
++ }
++ *rsize = size;
++
++ goto exit;
++err:
++ free(buf); buf = NULL;
++exit:
++ lzma_end(&strm);
++ return buf;
++}
+
+ int security_load_policy(void *data, size_t len)
+ {
+@@ -55,7 +131,7 @@ int selinux_mkload_policy(int preservebools)
+ struct stat sb;
+ struct utsname uts;
+ size_t size;
+- void *map, *data;
++ void *map = NULL, *data=NULL;
+ int fd, rc = -1, prot;
+ sepol_policydb_t *policydb;
+ sepol_policy_file_t *pf;
+@@ -181,24 +257,28 @@ checkbool:
+ goto dlclose;
+ }
+
+- if (fstat(fd, &sb) < 0) {
+- fprintf(stderr,
+- "SELinux: Could not stat policy file %s: %s\n",
+- path, strerror(errno));
+- goto close;
+- }
+-
+- prot = PROT_READ;
+- if (setlocaldefs || preservebools)
+- prot |= PROT_WRITE;
++ data = lzmaread(fd,&size);
+
+- size = sb.st_size;
+- data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
+- if (map == MAP_FAILED) {
+- fprintf(stderr,
+- "SELinux: Could not map policy file %s: %s\n",
++ if (!data) {
++ if (fstat(fd, &sb) < 0) {
++ fprintf(stderr,
++ "SELinux: Could not stat policy file %s: %s\n",
+ path, strerror(errno));
+- goto close;
++ goto close;
++ }
++
++ prot = PROT_READ;
++ if (setlocaldefs || preservebools)
++ prot |= PROT_WRITE;
++
++ size = sb.st_size;
++ data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
++ if (map == MAP_FAILED) {
++ fprintf(stderr,
++ "SELinux: Could not map policy file %s: %s\n",
++ path, strerror(errno));
++ goto close;
++ }
+ }
+
+ if (vers > kernvers && usesepol) {
+@@ -210,6 +290,8 @@ checkbool:
+ goto unmap;
+ }
+ policy_file_set_mem(pf, data, size);
++ if (!map)
++ free(data);
+ if (policydb_read(policydb, pf)) {
+ policy_file_free(pf);
+ policydb_free(policydb);
+@@ -223,7 +305,8 @@ checkbool:
+ path);
+ policy_file_free(pf);
+ policydb_free(policydb);
+- munmap(map, sb.st_size);
++ if (map)
++ munmap(map, sb.st_size);
+ close(fd);
+ vers--;
+ goto search;
+@@ -275,7 +358,7 @@ checkbool:
+ #endif
+ }
+
+-
++
+ rc = security_load_policy(data, size);
+
+ if (rc)
+@@ -286,7 +369,8 @@ checkbool:
+ unmap:
+ if (data != map)
+ free(data);
+- munmap(map, sb.st_size);
++ if (map)
++ munmap(map, sb.st_size);
+ close:
+ close(fd);
+ dlclose:
+@@ -410,7 +494,7 @@ int selinux_init_load_policy(int *enforce)
+ * already mounted and selinuxmnt set above.
+ */
+
+- if (seconfig == -1) {
++ if (*enforce == -1) {
+ /* Runtime disable of SELinux. */
+ rc = security_disable();
+ if (rc == 0) {
diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
index 2d7369e..2a00807 100644
--- a/libselinux/src/matchpathcon.c
diff --git a/libselinux.spec b/libselinux.spec
index 40773ec..2403b2d 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -9,7 +9,7 @@
Summary: SELinux library and simple utilities
Name: libselinux
-Version: 2.2
+Version: 2.2.1
Release: 1%{?dist}
License: Public Domain
Group: System Environment/Libraries
@@ -240,6 +240,10 @@ rm -rf %{buildroot}
%{ruby_sitearch}/selinux.so
%changelog
+* Mon Nov 25 2013 Dan Walsh <dwalsh at redhat.com> - 2.2.1-1
+- Update to upstream
+ * Remove -lpthread from pkg-config file; it is not required.
+
* Thu Oct 31 2013 Dan Walsh <dwalsh at redhat.com> - 2.2-1
- Update to upstream
* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
diff --git a/sources b/sources
index c3fa66e..0d56678 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-a970226626784d4ee760fd848cc5ca91 libselinux-2.2.tgz
+ada793adfb5683672f9cc8a99447939d libselinux-2.2.1.tgz
More information about the scm-commits
mailing list