checkpolicy-2.7-7

- Add support for the SCTP portcon keyword
2018-03-21 18:08:32 +01:00 · 2018-03-21 18:08:32 +01:00 · bb731d2aae
commit bb731d2aae
parent 0d9f220a00
2 changed files with 47 additions and 6 deletions
--- a/checkpolicy-fedora.patch
+++ b/checkpolicy-fedora.patch
@ -87,7 +87,7 @@ index 7b28696..1c8805d 100644
 +and edited by Stephen Smalley <sds@tycho.nsa.gov>.
 +The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
 diff --git checkpolicy-2.7/checkpolicy.c checkpolicy-2.7/checkpolicy.c
-index b75f2af..923b47c 100644
+index b75f2af..fbda455 100644
 --- checkpolicy-2.7/checkpolicy.c
 +++ checkpolicy-2.7/checkpolicy.c
@@ -1,6 +1,6 @@
@ -98,8 +98,27 @@ index b75f2af..923b47c 100644
  */
 
 /*
+@@ -69,6 +69,9 @@
+ #ifndef IPPROTO_DCCP
+ #define IPPROTO_DCCP 33
+ #endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
+ #include <arpa/inet.h>
+ #include <fcntl.h>
+ #include <stdio.h>
+@@ -944,6 +947,8 @@ int main(int argc, char **argv)
+ 				protocol = IPPROTO_UDP;
+ 			else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP"))
+ 				protocol = IPPROTO_DCCP;
+			else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP"))
+				protocol = IPPROTO_SCTP;
+ 			else {
+ 				printf("unknown protocol\n");
+ 				break;
 diff --git checkpolicy-2.7/policy_define.c checkpolicy-2.7/policy_define.c
-index f12ebdb..2c5db55 100644
+index f12ebdb..11fd37d 100644
 --- checkpolicy-2.7/policy_define.c
 +++ checkpolicy-2.7/policy_define.c
@@ -1,5 +1,5 @@
@ -109,6 +128,25 @@ index f12ebdb..2c5db55 100644
  */
 
 /*
+@@ -40,6 +40,9 @@
+ #ifndef IPPROTO_DCCP
+ #define IPPROTO_DCCP 33
+ #endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
+ #include <arpa/inet.h>
+ #include <stdlib.h>
+ #include <limits.h>
+@@ -5004,6 +5007,8 @@ int define_port_context(unsigned int low, unsigned int high)
+ 		protocol = IPPROTO_UDP;
+ 	} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
+ 		protocol = IPPROTO_DCCP;
+	} else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
+		protocol = IPPROTO_SCTP;
+ 	} else {
+ 		yyerror2("unrecognized protocol %s", id);
+ 		goto bad;
 diff --git checkpolicy-2.7/policy_parse.y checkpolicy-2.7/policy_parse.y
 index 6b406c8..247bd4e 100644
 --- checkpolicy-2.7/policy_parse.y
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@ -1,16 +1,16 @@
-%define libselinuxver 2.7-12
-%define libsepolver 2.7-5
+%define libselinuxver 2.7-13
+%define libsepolver 2.7-6

 Summary: SELinux policy compiler
 Name: checkpolicy
 Version: 2.7
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2
 Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/checkpolicy-2.7.tar.gz
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
 # $ VERSION=2.7 ./make-fedora-selinux-patch.sh checkpolicy
-# HEAD https://github.com/fedora-selinux/selinux/commit/4e253a0231ca085df03b55c4c0490ad6a0e261eb
+# HEAD https://github.com/fedora-selinux/selinux/commit/0a28664012ec7383cf5cbdef4ad2dbedf1f70707
 Patch1: checkpolicy-fedora.patch
 Conflicts: selinux-policy-base < 3.13.1-138
 BuildRequires: gcc
@ -56,6 +56,9 @@ install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol
 %{_bindir}/sedispol

 %changelog
+* Wed Mar 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-7
+- Add support for the SCTP portcon keyword
+
 * Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-6
 - build: follow standard semantics for DESTDIR and PREFIX