From bb731d2aaea63415878d9c2be86881dfe41da7b0 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 21 Mar 2018 18:08:32 +0100 Subject: [PATCH] checkpolicy-2.7-7 - Add support for the SCTP portcon keyword --- checkpolicy-fedora.patch | 42 ++++++++++++++++++++++++++++++++++++++-- checkpolicy.spec | 11 +++++++---- 2 files changed, 47 insertions(+), 6 deletions(-) diff --git a/checkpolicy-fedora.patch b/checkpolicy-fedora.patch index 834c878..099e62d 100644 --- a/checkpolicy-fedora.patch +++ b/checkpolicy-fedora.patch @@ -87,7 +87,7 @@ index 7b28696..1c8805d 100644 +and edited by Stephen Smalley . +The program was written by Stephen Smalley . diff --git checkpolicy-2.7/checkpolicy.c checkpolicy-2.7/checkpolicy.c -index b75f2af..923b47c 100644 +index b75f2af..fbda455 100644 --- checkpolicy-2.7/checkpolicy.c +++ checkpolicy-2.7/checkpolicy.c @@ -1,6 +1,6 @@ @@ -98,8 +98,27 @@ index b75f2af..923b47c 100644 */ /* +@@ -69,6 +69,9 @@ + #ifndef IPPROTO_DCCP + #define IPPROTO_DCCP 33 + #endif ++#ifndef IPPROTO_SCTP ++#define IPPROTO_SCTP 132 ++#endif + #include + #include + #include +@@ -944,6 +947,8 @@ int main(int argc, char **argv) + protocol = IPPROTO_UDP; + else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP")) + protocol = IPPROTO_DCCP; ++ else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP")) ++ protocol = IPPROTO_SCTP; + else { + printf("unknown protocol\n"); + break; diff --git checkpolicy-2.7/policy_define.c checkpolicy-2.7/policy_define.c -index f12ebdb..2c5db55 100644 +index f12ebdb..11fd37d 100644 --- checkpolicy-2.7/policy_define.c +++ checkpolicy-2.7/policy_define.c @@ -1,5 +1,5 @@ @@ -109,6 +128,25 @@ index f12ebdb..2c5db55 100644 */ /* +@@ -40,6 +40,9 @@ + #ifndef IPPROTO_DCCP + #define IPPROTO_DCCP 33 + #endif ++#ifndef IPPROTO_SCTP ++#define IPPROTO_SCTP 132 ++#endif + #include + #include + #include +@@ -5004,6 +5007,8 @@ int define_port_context(unsigned int low, unsigned int high) + protocol = IPPROTO_UDP; + } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { + protocol = IPPROTO_DCCP; ++ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { ++ protocol = IPPROTO_SCTP; + } else { + yyerror2("unrecognized protocol %s", id); + goto bad; diff --git checkpolicy-2.7/policy_parse.y checkpolicy-2.7/policy_parse.y index 6b406c8..247bd4e 100644 --- checkpolicy-2.7/policy_parse.y diff --git a/checkpolicy.spec b/checkpolicy.spec index b1f757f..4cf5a81 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -1,16 +1,16 @@ -%define libselinuxver 2.7-12 -%define libsepolver 2.7-5 +%define libselinuxver 2.7-13 +%define libsepolver 2.7-6 Summary: SELinux policy compiler Name: checkpolicy Version: 2.7 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2 Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/checkpolicy-2.7.tar.gz # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # run: # $ VERSION=2.7 ./make-fedora-selinux-patch.sh checkpolicy -# HEAD https://github.com/fedora-selinux/selinux/commit/4e253a0231ca085df03b55c4c0490ad6a0e261eb +# HEAD https://github.com/fedora-selinux/selinux/commit/0a28664012ec7383cf5cbdef4ad2dbedf1f70707 Patch1: checkpolicy-fedora.patch Conflicts: selinux-policy-base < 3.13.1-138 BuildRequires: gcc @@ -56,6 +56,9 @@ install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol %{_bindir}/sedispol %changelog +* Wed Mar 21 2018 Petr Lautrbach - 2.7-7 +- Add support for the SCTP portcon keyword + * Tue Mar 13 2018 Petr Lautrbach - 2.7-6 - build: follow standard semantics for DESTDIR and PREFIX