plautrba pushed to libselinux (f21). "Recreate libselinux-rhat.patch from https://github.com/fedora-selinux/selinux/commit/4395ef2b8bb086878b5fad80321ac9d32f424f51"

notifications at fedoraproject.org notifications at fedoraproject.org
Thu Apr 23 08:56:18 UTC 2015 

>From 51344661b0b7f62610cc6b9a8e2faba5e144d446 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba at redhat.com>
Date: Thu, 23 Apr 2015 10:48:12 +0200
Subject: Recreate libselinux-rhat.patch from
 https://github.com/fedora-selinux/selinux/commit/4395ef2b8bb086878b5fad80321ac9d32f424f51


diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index b7c5e16..70326f7 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -558,7 +558,7 @@ index e89b1ef..fd20363 100644
  Every confined service on the system has a man page in the following format:
  .br
 diff --git libselinux-2.3/src/Makefile libselinux-2.3/src/Makefile
-index 4d07ba6..d7f8dbd 100644
+index 4d07ba6..0a34d9b 100644
 --- libselinux-2.3/src/Makefile
 +++ libselinux-2.3/src/Makefile
 @@ -59,7 +59,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
@@ -570,15 +570,6 @@ index 4d07ba6..d7f8dbd 100644
            -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \
            -Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \
            -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
-@@ -111,7 +111,7 @@ $(LIBA): $(OBJS)
- 	$(RANLIB) $@
- 
- $(LIBSO): $(LOBJS)
--	$(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
-+	$(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -llzma -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
- 	ln -sf $@ $(TARGET) 
- 
- $(LIBPC): $(LIBPC).in ../VERSION
 diff --git libselinux-2.3/src/avc.c libselinux-2.3/src/avc.c
 index 2bd7d13..b1ec57f 100644
 --- libselinux-2.3/src/avc.c
@@ -968,185 +959,6 @@ index 896ef02..8435b76 100644
  				    path, lineno, type);
  			return 0;
  		}
-diff --git libselinux-2.3/src/load_policy.c libselinux-2.3/src/load_policy.c
-index e419f1a..275672d 100644
---- libselinux-2.3/src/load_policy.c
-+++ libselinux-2.3/src/load_policy.c
-@@ -16,6 +16,82 @@
- #include <dlfcn.h>
- #include "policy.h"
- #include <limits.h>
-+#include <lzma.h>
-+
-+static char *lzmaread(int fd, size_t *rsize) {
-+	int capacity = 64*1024;
-+	char *buf = NULL;
-+	int tmpsize = 8 * 1024;
-+	unsigned char tmp[tmpsize];
-+	unsigned char tmp_out[tmpsize];
-+	size_t size = 0;
-+	lzma_stream strm = LZMA_STREAM_INIT;
-+	lzma_action action = LZMA_RUN;
-+	lzma_ret ret;
-+	
-+	FILE *stream = fdopen (fd, "r");
-+	if (!stream) {
-+		return NULL;
-+	}
-+	ret = lzma_stream_decoder(&strm, UINT64_MAX,
-+				  LZMA_CONCATENATED);
-+	
-+	strm.avail_in = 0;
-+	strm.next_out = tmp_out;
-+	strm.avail_out = tmpsize;
-+	
-+	buf = (char *) malloc (capacity);
-+	if (!buf)
-+		goto err;
-+	
-+	while (1) {
-+		if (strm.avail_in == 0) {
-+			strm.next_in = tmp;
-+			strm.avail_in = fread(tmp, 1, tmpsize, stream);
-+			
-+			if (ferror(stream)) {
-+				// POSIX says that fread() sets errno if
-+				// an error occurred. ferror() doesn't
-+				// touch errno.
-+				goto err;
-+			}
-+			if (feof(stream)) action = LZMA_FINISH;
-+		}
-+		
-+		ret = lzma_code(&strm, action);
-+		
-+		// Write and check write error before checking decoder error.
-+		// This way as much data as possible gets written to output
-+		// even if decoder detected an error.
-+		if (strm.avail_out == 0 || ret != LZMA_OK) {
-+			const size_t num =  tmpsize - strm.avail_out;
-+			if (num > capacity) {
-+				buf = (char*) realloc (buf, size*2);
-+				capacity = size;
-+			}
-+			memcpy (buf+size, tmp_out, num);
-+			capacity -= num;
-+			size += num;
-+			strm.next_out = tmp_out;
-+			strm.avail_out = tmpsize;
-+		}
-+		if (ret != LZMA_OK) {
-+			if (ret == LZMA_STREAM_END) {
-+				break;
-+			} else {
-+				goto err;
-+			}
-+		}
-+	}
-+	*rsize = size;
-+	
-+	goto exit;
-+err:
-+	free(buf); buf = NULL;
-+exit:
-+	lzma_end(&strm);
-+	return buf;
-+}
- 
- int security_load_policy(void *data, size_t len)
- {
-@@ -55,7 +131,7 @@ int selinux_mkload_policy(int preservebools)
- 	struct stat sb;
- 	struct utsname uts;
- 	size_t size;
--	void *map, *data;
-+	void *map = NULL, *data=NULL;
- 	int fd, rc = -1, prot;
- 	sepol_policydb_t *policydb;
- 	sepol_policy_file_t *pf;
-@@ -181,24 +257,28 @@ checkbool:
- 		goto dlclose;
- 	}
- 
--	if (fstat(fd, &sb) < 0) {
--		fprintf(stderr,
--			"SELinux:  Could not stat policy file %s:  %s\n",
--			path, strerror(errno));
--		goto close;
--	}
--
--	prot = PROT_READ;
--	if (setlocaldefs || preservebools)
--		prot |= PROT_WRITE;
-+	data = lzmaread(fd,&size);
- 
--	size = sb.st_size;
--	data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
--	if (map == MAP_FAILED) {
--		fprintf(stderr,
--			"SELinux:  Could not map policy file %s:  %s\n",
-+	if (!data) {
-+		if (fstat(fd, &sb) < 0) {
-+			fprintf(stderr,
-+				"SELinux:  Could not stat policy file %s:  %s\n",
- 			path, strerror(errno));
--		goto close;
-+			goto close;
-+		}
-+		
-+		prot = PROT_READ;
-+		if (setlocaldefs || preservebools)
-+			prot |= PROT_WRITE;
-+		
-+		size = sb.st_size;
-+		data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
-+		if (map == MAP_FAILED) {
-+			fprintf(stderr,
-+				"SELinux:  Could not map policy file %s:  %s\n",
-+				path, strerror(errno));
-+			goto close;
-+		}
- 	}
- 
- 	if (vers > kernvers && usesepol) {
-@@ -210,6 +290,8 @@ checkbool:
- 			goto unmap;
- 		}
- 		policy_file_set_mem(pf, data, size);
-+		if (!map)
-+			free(data);
- 		if (policydb_read(policydb, pf)) {
- 			policy_file_free(pf);
- 			policydb_free(policydb);
-@@ -223,7 +305,8 @@ checkbool:
- 				path);
- 			policy_file_free(pf);
- 			policydb_free(policydb);
--			munmap(map, sb.st_size);
-+			if (map)
-+				munmap(map, sb.st_size);
- 			close(fd);
- 			vers--;
- 			goto search;
-@@ -275,7 +358,7 @@ checkbool:
- #endif
- 	}
- 
--
-+	
- 	rc = security_load_policy(data, size);
- 	
- 	if (rc)
-@@ -286,7 +369,8 @@ checkbool:
-       unmap:
- 	if (data != map)
- 		free(data);
--	munmap(map, sb.st_size);
-+	if (map)
-+		munmap(map, sb.st_size);
-       close:
- 	close(fd);
-       dlclose:
 diff --git libselinux-2.3/src/lsetfilecon.c libselinux-2.3/src/lsetfilecon.c
 index 1d3b28a..ea6d70b 100644
 --- libselinux-2.3/src/lsetfilecon.c
diff --git a/libselinux.spec b/libselinux.spec
index c43ed76..3700076 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -18,7 +18,7 @@ Source1: selinuxconlist.8
 Source2: selinuxdefcon.8
 Url: https://github.com/SELinuxProject/selinux/wiki
 # use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
-# https://github.com/fedora-selinux/selinux/commit/986cbec51cf3777202a90a680f86e389af6
+# https://github.com/fedora-selinux/selinux/commit/4395ef2b8bb086878b5fad80321ac9d32f424f51
 Patch1: libselinux-rhat.patch
 BuildRequires: pkgconfig python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre-devel xz-devel
 %if 0%{?with_python3}
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/libselinux.git/commit/?h=f21&id=51344661b0b7f62610cc6b9a8e2faba5e144d446

More information about the scm-commits mailing list