plautrba pushed to libselinux (f21). "Recreate libselinux-rhat.patch from https://github.com/fedora-selinux/selinux/commit/4395ef2b8bb086878b5fad80321ac9d32f424f51"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu Apr 23 08:56:18 UTC 2015
>From 51344661b0b7f62610cc6b9a8e2faba5e144d446 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba at redhat.com>
Date: Thu, 23 Apr 2015 10:48:12 +0200
Subject: Recreate libselinux-rhat.patch from
https://github.com/fedora-selinux/selinux/commit/4395ef2b8bb086878b5fad80321ac9d32f424f51
diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index b7c5e16..70326f7 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -558,7 +558,7 @@ index e89b1ef..fd20363 100644
Every confined service on the system has a man page in the following format:
.br
diff --git libselinux-2.3/src/Makefile libselinux-2.3/src/Makefile
-index 4d07ba6..d7f8dbd 100644
+index 4d07ba6..0a34d9b 100644
--- libselinux-2.3/src/Makefile
+++ libselinux-2.3/src/Makefile
@@ -59,7 +59,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
@@ -570,15 +570,6 @@ index 4d07ba6..d7f8dbd 100644
-Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \
-Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \
-Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
-@@ -111,7 +111,7 @@ $(LIBA): $(OBJS)
- $(RANLIB) $@
-
- $(LIBSO): $(LOBJS)
-- $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
-+ $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -llzma -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
- ln -sf $@ $(TARGET)
-
- $(LIBPC): $(LIBPC).in ../VERSION
diff --git libselinux-2.3/src/avc.c libselinux-2.3/src/avc.c
index 2bd7d13..b1ec57f 100644
--- libselinux-2.3/src/avc.c
@@ -968,185 +959,6 @@ index 896ef02..8435b76 100644
path, lineno, type);
return 0;
}
-diff --git libselinux-2.3/src/load_policy.c libselinux-2.3/src/load_policy.c
-index e419f1a..275672d 100644
---- libselinux-2.3/src/load_policy.c
-+++ libselinux-2.3/src/load_policy.c
-@@ -16,6 +16,82 @@
- #include <dlfcn.h>
- #include "policy.h"
- #include <limits.h>
-+#include <lzma.h>
-+
-+static char *lzmaread(int fd, size_t *rsize) {
-+ int capacity = 64*1024;
-+ char *buf = NULL;
-+ int tmpsize = 8 * 1024;
-+ unsigned char tmp[tmpsize];
-+ unsigned char tmp_out[tmpsize];
-+ size_t size = 0;
-+ lzma_stream strm = LZMA_STREAM_INIT;
-+ lzma_action action = LZMA_RUN;
-+ lzma_ret ret;
-+
-+ FILE *stream = fdopen (fd, "r");
-+ if (!stream) {
-+ return NULL;
-+ }
-+ ret = lzma_stream_decoder(&strm, UINT64_MAX,
-+ LZMA_CONCATENATED);
-+
-+ strm.avail_in = 0;
-+ strm.next_out = tmp_out;
-+ strm.avail_out = tmpsize;
-+
-+ buf = (char *) malloc (capacity);
-+ if (!buf)
-+ goto err;
-+
-+ while (1) {
-+ if (strm.avail_in == 0) {
-+ strm.next_in = tmp;
-+ strm.avail_in = fread(tmp, 1, tmpsize, stream);
-+
-+ if (ferror(stream)) {
-+ // POSIX says that fread() sets errno if
-+ // an error occurred. ferror() doesn't
-+ // touch errno.
-+ goto err;
-+ }
-+ if (feof(stream)) action = LZMA_FINISH;
-+ }
-+
-+ ret = lzma_code(&strm, action);
-+
-+ // Write and check write error before checking decoder error.
-+ // This way as much data as possible gets written to output
-+ // even if decoder detected an error.
-+ if (strm.avail_out == 0 || ret != LZMA_OK) {
-+ const size_t num = tmpsize - strm.avail_out;
-+ if (num > capacity) {
-+ buf = (char*) realloc (buf, size*2);
-+ capacity = size;
-+ }
-+ memcpy (buf+size, tmp_out, num);
-+ capacity -= num;
-+ size += num;
-+ strm.next_out = tmp_out;
-+ strm.avail_out = tmpsize;
-+ }
-+ if (ret != LZMA_OK) {
-+ if (ret == LZMA_STREAM_END) {
-+ break;
-+ } else {
-+ goto err;
-+ }
-+ }
-+ }
-+ *rsize = size;
-+
-+ goto exit;
-+err:
-+ free(buf); buf = NULL;
-+exit:
-+ lzma_end(&strm);
-+ return buf;
-+}
-
- int security_load_policy(void *data, size_t len)
- {
-@@ -55,7 +131,7 @@ int selinux_mkload_policy(int preservebools)
- struct stat sb;
- struct utsname uts;
- size_t size;
-- void *map, *data;
-+ void *map = NULL, *data=NULL;
- int fd, rc = -1, prot;
- sepol_policydb_t *policydb;
- sepol_policy_file_t *pf;
-@@ -181,24 +257,28 @@ checkbool:
- goto dlclose;
- }
-
-- if (fstat(fd, &sb) < 0) {
-- fprintf(stderr,
-- "SELinux: Could not stat policy file %s: %s\n",
-- path, strerror(errno));
-- goto close;
-- }
--
-- prot = PROT_READ;
-- if (setlocaldefs || preservebools)
-- prot |= PROT_WRITE;
-+ data = lzmaread(fd,&size);
-
-- size = sb.st_size;
-- data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
-- if (map == MAP_FAILED) {
-- fprintf(stderr,
-- "SELinux: Could not map policy file %s: %s\n",
-+ if (!data) {
-+ if (fstat(fd, &sb) < 0) {
-+ fprintf(stderr,
-+ "SELinux: Could not stat policy file %s: %s\n",
- path, strerror(errno));
-- goto close;
-+ goto close;
-+ }
-+
-+ prot = PROT_READ;
-+ if (setlocaldefs || preservebools)
-+ prot |= PROT_WRITE;
-+
-+ size = sb.st_size;
-+ data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
-+ if (map == MAP_FAILED) {
-+ fprintf(stderr,
-+ "SELinux: Could not map policy file %s: %s\n",
-+ path, strerror(errno));
-+ goto close;
-+ }
- }
-
- if (vers > kernvers && usesepol) {
-@@ -210,6 +290,8 @@ checkbool:
- goto unmap;
- }
- policy_file_set_mem(pf, data, size);
-+ if (!map)
-+ free(data);
- if (policydb_read(policydb, pf)) {
- policy_file_free(pf);
- policydb_free(policydb);
-@@ -223,7 +305,8 @@ checkbool:
- path);
- policy_file_free(pf);
- policydb_free(policydb);
-- munmap(map, sb.st_size);
-+ if (map)
-+ munmap(map, sb.st_size);
- close(fd);
- vers--;
- goto search;
-@@ -275,7 +358,7 @@ checkbool:
- #endif
- }
-
--
-+
- rc = security_load_policy(data, size);
-
- if (rc)
-@@ -286,7 +369,8 @@ checkbool:
- unmap:
- if (data != map)
- free(data);
-- munmap(map, sb.st_size);
-+ if (map)
-+ munmap(map, sb.st_size);
- close:
- close(fd);
- dlclose:
diff --git libselinux-2.3/src/lsetfilecon.c libselinux-2.3/src/lsetfilecon.c
index 1d3b28a..ea6d70b 100644
--- libselinux-2.3/src/lsetfilecon.c
diff --git a/libselinux.spec b/libselinux.spec
index c43ed76..3700076 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -18,7 +18,7 @@ Source1: selinuxconlist.8
Source2: selinuxdefcon.8
Url: https://github.com/SELinuxProject/selinux/wiki
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
-# https://github.com/fedora-selinux/selinux/commit/986cbec51cf3777202a90a680f86e389af6
+# https://github.com/fedora-selinux/selinux/commit/4395ef2b8bb086878b5fad80321ac9d32f424f51
Patch1: libselinux-rhat.patch
BuildRequires: pkgconfig python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre-devel xz-devel
%if 0%{?with_python3}
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/libselinux.git/commit/?h=f21&id=51344661b0b7f62610cc6b9a8e2faba5e144d446
More information about the scm-commits
mailing list