checkpolicy-2.5-8

- Add types associated to a role in the current scope when parsing
2016-10-04 09:17:25 +02:00 · 2016-10-04 09:17:25 +02:00 · d70b2042c6
commit d70b2042c6
parent eca1d03c02
2 changed files with 21 additions and 9 deletions
--- a/checkpolicy-fedora.patch
+++ b/checkpolicy-fedora.patch
@ -14,10 +14,11 @@ index 98f5168..3b7ff8a 100644
 	$(LOCAL_PATH)/ \
 	$(LOCAL_PATH)/../libsepol/include/ \
 diff --git checkpolicy-2.5/ChangeLog checkpolicy-2.5/ChangeLog
-index dfe4908..f2216ec 100644
+index dfe4908..0e13227 100644
 --- checkpolicy-2.5/ChangeLog
 +++ checkpolicy-2.5/ChangeLog
-@@ -1,3 +1,11 @@
+@@ -1,3 +1,12 @@
+	* Add types associated to a role in the current scope when parsing, from Nicolas Iooss.
 +	* Extend checkpolicy pathname matching, from Stephen Smalley.
 +	* Fix typos in test/dispol, from Petr Lautrbach.
 +	* Set flex as default lexer, from Julien Pivotto.
@ -120,7 +121,7 @@ index 9da661e..2d68316 100644
 				printf("unknown protocol\n");
 				break;
 diff --git checkpolicy-2.5/policy_define.c checkpolicy-2.5/policy_define.c
-index ee20fea..100e517 100644
+index ee20fea..128869c 100644
 --- checkpolicy-2.5/policy_define.c
 +++ checkpolicy-2.5/policy_define.c
@@ -36,6 +36,9 @@
@ -133,7 +134,15 @@ index ee20fea..100e517 100644
 #include <arpa/inet.h>
 #include <stdlib.h>
 #include <limits.h>
-@@ -4876,6 +4879,8 @@ int define_port_context(unsigned int low, unsigned int high)
+@@ -2611,6 +2614,7 @@ int define_role_types(void)
+ 		free(id);
+ 		return -1;
+ 	}
+	role = get_local_role(id, role->s.value, (role->flavor == ROLE_ATTRIB));
+ 
+ 	while ((id = queue_remove(id_queue))) {
+ 		if (set_types(&role->types, id, &add, 0))
+@@ -4876,6 +4880,8 @@ int define_port_context(unsigned int low, unsigned int high)
 		protocol = IPPROTO_TCP;
 	} else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) {
 		protocol = IPPROTO_UDP;
@ -142,7 +151,7 @@ index ee20fea..100e517 100644
 	} else {
 		yyerror2("unrecognized protocol %s", id);
 		free(newc);
-@@ -5135,7 +5140,7 @@ int define_ipv6_node_context(void)
+@@ -5135,7 +5141,7 @@ int define_ipv6_node_context(void)
 
 	memset(newc, 0, sizeof(ocontext_t));
 
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@ -1,16 +1,16 @@
-%define libselinuxver 2.5-11
-%define libsepolver 2.5-9
+%define libselinuxver 2.5-12
+%define libsepolver 2.5-10
 Summary: SELinux policy compiler
 Name: checkpolicy
 Version: 2.5
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2
 Group: Development/System
 Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/checkpolicy-2.5.tar.gz
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
 # $ VERSION=2.5 ./make-fedora-selinux-patch.sh checkpolicy
-# HEAD https://github.com/fedora-selinux/selinux/commit/dbf42c22e798a5e2cf9c1fc711c803e7da20cfb4
+# HEAD https://github.com/fedora-selinux/selinux/commit/caefad506ca46db441952ab64ebfc6202897516b
 Patch1: checkpolicy-fedora.patch
 Conflicts: selinux-policy-base < 3.13.1-138
 BuildRoot: %{_tmppath}/%{name}-buildroot
@ -61,6 +61,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_bindir}/sedispol

 %changelog
+* Mon Oct 03 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-8
+- Add types associated to a role in the current scope when parsing
+
 * Mon Aug 01 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-7
 - Extend checkpolicy pathname matching
 - Rebuilt with libsepol-2.5-9