From a1e6032110ce3c076a839cddb93446190f0dc780 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 23 Jun 2016 13:55:16 +0200
Subject: [PATCH] checkpolicy-2.5-5

- Set flex as default lexer
- Fix checkmodule output message
---
 checkpolicy-fedora.patch | 68 ++++++++++++++++++++++++++++++++++++----
 checkpolicy.spec         | 12 ++++---
 2 files changed, 70 insertions(+), 10 deletions(-)

diff --git a/checkpolicy-fedora.patch b/checkpolicy-fedora.patch
index 8d835d6..cfbb051 100644
--- a/checkpolicy-fedora.patch
+++ b/checkpolicy-fedora.patch
@@ -1,16 +1,46 @@
+diff --git checkpolicy-2.5/Android.mk checkpolicy-2.5/Android.mk
+index 98f5168..3b7ff8a 100644
+--- checkpolicy-2.5/Android.mk
++++ checkpolicy-2.5/Android.mk
+@@ -12,10 +12,6 @@ common_cflags := \
+ 	-Wall -Wshadow -O2 \
+ 	-pipe -fno-strict-aliasing \
+ 
+-ifeq ($(HOST_OS),darwin)
+-common_cflags += -DDARWIN
+-endif
+-
+ common_includes := \
+ 	$(LOCAL_PATH)/ \
+ 	$(LOCAL_PATH)/../libsepol/include/ \
 diff --git checkpolicy-2.5/ChangeLog checkpolicy-2.5/ChangeLog
-index dfe4908..eae775f 100644
+index dfe4908..429a163 100644
 --- checkpolicy-2.5/ChangeLog
 +++ checkpolicy-2.5/ChangeLog
-@@ -1,3 +1,6 @@
+@@ -1,3 +1,9 @@
++	* Set flex as default lexer, from Julien Pivotto.
++	* Fix checkmodule output message, from Petr Lautrbach.
 +	* Build policy on systems not supporting DCCP protocol, from Richard Haines.
 +	* Fail if module name different than output base filename, from James Carter
 +	* Add support for portcon dccp protocol, from Richard Haines
++
  2.5 2016-02-23
  	* Add neverallow support for ioctl extended permissions, from Jeff Vander Stoep.
  	* fix double free on name-based type transitions, from Stephen Smalley.
+diff --git checkpolicy-2.5/Makefile checkpolicy-2.5/Makefile
+index e5fae3d..53a3074 100644
+--- checkpolicy-2.5/Makefile
++++ checkpolicy-2.5/Makefile
+@@ -8,6 +8,7 @@ LIBDIR ?= $(PREFIX)/lib
+ INCLUDEDIR ?= $(PREFIX)/include
+ TARGETS = checkpolicy checkmodule
+ 
++LEX = flex
+ YACC = bison -y
+ 
+ CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
 diff --git checkpolicy-2.5/checkmodule.c checkpolicy-2.5/checkmodule.c
-index 5957d29..418f77b 100644
+index 5957d29..53cc5a0 100644
 --- checkpolicy-2.5/checkmodule.c
 +++ checkpolicy-2.5/checkmodule.c
 @@ -19,6 +19,7 @@
@@ -47,11 +77,20 @@ index 5957d29..418f77b 100644
  	if (modpolicydb.policy_type == POLICY_BASE && !cil) {
  		/* Verify that we can successfully expand the base module. */
  		policydb_t kernpolicydb;
+@@ -294,7 +314,7 @@ int main(int argc, char **argv)
+ 
+ 		if (!cil) {
+ 			printf("%s:  writing binary representation (version %d) to %s\n",
+-				   argv[0], policyvers, file);
++				   argv[0], policyvers, outfile);
+ 
+ 			if (write_binary_policy(&modpolicydb, outfp) != 0) {
+ 				fprintf(stderr, "%s:  error writing %s\n", argv[0], outfile);
 diff --git checkpolicy-2.5/checkpolicy.c checkpolicy-2.5/checkpolicy.c
-index 9da661e..7947c20 100644
+index 9da661e..2d68316 100644
 --- checkpolicy-2.5/checkpolicy.c
 +++ checkpolicy-2.5/checkpolicy.c
-@@ -64,6 +64,9 @@
+@@ -64,13 +64,16 @@
  #include <sys/stat.h>
  #include <sys/socket.h>
  #include <netinet/in.h>
@@ -61,6 +100,14 @@ index 9da661e..7947c20 100644
  #include <arpa/inet.h>
  #include <fcntl.h>
  #include <stdio.h>
+ #include <errno.h>
+ #include <sys/mman.h>
+ 
+-#ifdef DARWIN
++#ifdef __APPLE__
+ #include <ctype.h>
+ #endif
+ 
 @@ -919,6 +922,8 @@ int main(int argc, char **argv)
  				protocol = IPPROTO_TCP;
  			else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP"))
@@ -71,7 +118,7 @@ index 9da661e..7947c20 100644
  				printf("unknown protocol\n");
  				break;
 diff --git checkpolicy-2.5/policy_define.c checkpolicy-2.5/policy_define.c
-index ee20fea..2068b71 100644
+index ee20fea..100e517 100644
 --- checkpolicy-2.5/policy_define.c
 +++ checkpolicy-2.5/policy_define.c
 @@ -36,6 +36,9 @@
@@ -93,3 +140,12 @@ index ee20fea..2068b71 100644
  	} else {
  		yyerror2("unrecognized protocol %s", id);
  		free(newc);
+@@ -5135,7 +5140,7 @@ int define_ipv6_node_context(void)
+ 
+ 	memset(newc, 0, sizeof(ocontext_t));
+ 
+-#ifdef DARWIN
++#ifdef __APPLE__
+ 	memcpy(&newc->u.node6.addr[0], &addr.s6_addr[0], 16);
+ 	memcpy(&newc->u.node6.mask[0], &mask.s6_addr[0], 16);
+ #else
diff --git a/checkpolicy.spec b/checkpolicy.spec
index d4986e9..1fb2a79 100644
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@@ -1,16 +1,16 @@
-%define libselinuxver 2.5-0
-%define libsepolver 2.5-0
+%define libselinuxver 2.5-7
+%define libsepolver 2.5-7
 Summary: SELinux policy compiler
 Name: checkpolicy
 Version: 2.5
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2
 Group: Development/System
 Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/checkpolicy-2.5.tar.gz
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
 # $ VERSION=2.5 ./make-fedora-selinux-patch.sh checkpolicy
-# HEAD https://github.com/fedora-selinux/selinux/commit/f900ff37022119de47d516f103ccfd339d52c861
+# HEAD https://github.com/fedora-selinux/selinux/commit/9abe77e2a670f2f2dfb91f9cec46ee37f9c23995
 Patch1: checkpolicy-fedora.patch
 Conflicts: selinux-policy-base < 3.13.1-138
 BuildRoot: %{_tmppath}/%{name}-buildroot
@@ -61,6 +61,10 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_bindir}/sedispol
 
 %changelog
+* Thu Jun 23 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-5
+- Set flex as default lexer
+- Fix checkmodule output message
+
 * Wed May 11 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-4
 - Rebuilt with libsepol-2.5-6