- Update to Upstream
Fixed selinux_set_callback man page.
Try loading the max of the kernel-supported version and the
    libsepol-supported version when no manipulation of the binary policy is
    needed from Stephen Smalley.
Fix memory leaks in matchpathcon from Eamon Walsh.
			
			
This commit is contained in:
		
							parent
							
								
									d87adcfe95
								
							
						
					
					
						commit
						1209c857ab
					
				| @ -150,3 +150,4 @@ libselinux-2.0.58.tgz | |||||||
| libselinux-2.0.59.tgz | libselinux-2.0.59.tgz | ||||||
| libselinux-2.0.60.tgz | libselinux-2.0.60.tgz | ||||||
| libselinux-2.0.61.tgz | libselinux-2.0.61.tgz | ||||||
|  | libselinux-2.0.64.tgz | ||||||
|  | |||||||
| @ -1,65 +1,6 @@ | |||||||
| diff --exclude-from=exclude -N -u -r nsalibselinux/src/label.c libselinux-2.0.61/src/label.c
 |  | ||||||
| --- nsalibselinux/src/label.c	2007-07-16 14:20:46.000000000 -0400
 |  | ||||||
| +++ libselinux-2.0.61/src/label.c	2008-04-09 08:54:15.000000000 -0400
 |  | ||||||
| @@ -95,7 +95,7 @@
 |  | ||||||
|  	if (compat_validate(rec, lr, "file_contexts", 0)) |  | ||||||
|  		return NULL; |  | ||||||
|   |  | ||||||
| -	if (translating &&
 |  | ||||||
| +	if (translating && (! lr->ctx_trans) &&
 |  | ||||||
|  	    selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans)) |  | ||||||
|  		return NULL; |  | ||||||
|   |  | ||||||
| @@ -131,6 +131,7 @@
 |  | ||||||
|  void selabel_close(struct selabel_handle *rec) |  | ||||||
|  { |  | ||||||
|  	rec->func_close(rec); |  | ||||||
| +	free(rec->data);
 |  | ||||||
|  	free(rec); |  | ||||||
|  } |  | ||||||
|   |  | ||||||
| diff --exclude-from=exclude -N -u -r nsalibselinux/src/load_policy.c libselinux-2.0.61/src/load_policy.c
 |  | ||||||
| --- nsalibselinux/src/load_policy.c	2008-04-08 09:37:21.000000000 -0400
 |  | ||||||
| +++ libselinux-2.0.61/src/load_policy.c	2008-04-09 09:02:16.000000000 -0400
 |  | ||||||
| @@ -43,6 +43,9 @@
 |  | ||||||
|   |  | ||||||
|  int load_setlocaldefs hidden = 1; |  | ||||||
|   |  | ||||||
| +#undef max
 |  | ||||||
| +#define max(a, b) (((a) > (b)) ? (a) : (b))
 |  | ||||||
| +
 |  | ||||||
|  int selinux_mkload_policy(int preservebools) |  | ||||||
|  {	 |  | ||||||
|  	int kernvers = security_policyvers(); |  | ||||||
| @@ -127,11 +130,6 @@
 |  | ||||||
|   |  | ||||||
|  #endif |  | ||||||
|   |  | ||||||
| -	if (usesepol) {
 |  | ||||||
| -		maxvers = vers_max();
 |  | ||||||
| -		minvers = vers_min();
 |  | ||||||
| -	}
 |  | ||||||
| -
 |  | ||||||
|  	/* |  | ||||||
|  	 * Check whether we need to support local boolean and user definitions. |  | ||||||
|  	 */ |  | ||||||
| @@ -157,6 +155,13 @@
 |  | ||||||
|  	if (preservebools && uname(&uts) == 0 && strverscmp(uts.release, "2.6.22") >= 0) |  | ||||||
|  		preservebools = 0; |  | ||||||
|   |  | ||||||
| +	if (usesepol) {
 |  | ||||||
| +		maxvers = vers_max();
 |  | ||||||
| +		minvers = vers_min();
 |  | ||||||
| +		if (!setlocaldefs && !preservebools)
 |  | ||||||
| +			maxvers = max(kernvers, maxvers);
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
|  	vers = maxvers; |  | ||||||
|        search: |  | ||||||
|  	snprintf(path, sizeof(path), "%s.%d", |  | ||||||
| diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.61/src/matchpathcon.c
 | diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.61/src/matchpathcon.c
 | ||||||
| --- nsalibselinux/src/matchpathcon.c	2007-09-28 09:48:58.000000000 -0400
 | --- nsalibselinux/src/matchpathcon.c	2007-09-28 09:48:58.000000000 -0400
 | ||||||
| +++ libselinux-2.0.61/src/matchpathcon.c	2008-04-09 08:54:15.000000000 -0400
 | +++ libselinux-2.0.61/src/matchpathcon.c	2008-04-16 13:25:25.000000000 -0400
 | ||||||
| @@ -2,6 +2,7 @@
 | @@ -2,6 +2,7 @@
 | ||||||
|  #include <string.h> |  #include <string.h> | ||||||
|  #include <errno.h> |  #include <errno.h> | ||||||
| @ -79,7 +20,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux | |||||||
|   |   | ||||||
| diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.61/src/selinux.py
 | diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.61/src/selinux.py
 | ||||||
| --- nsalibselinux/src/selinux.py	2008-01-23 14:36:29.000000000 -0500
 | --- nsalibselinux/src/selinux.py	2008-01-23 14:36:29.000000000 -0500
 | ||||||
| +++ libselinux-2.0.61/src/selinux.py	2008-04-10 16:21:08.000000000 -0400
 | +++ libselinux-2.0.61/src/selinux.py	2008-04-16 13:25:25.000000000 -0400
 | ||||||
| @@ -300,6 +300,204 @@
 | @@ -300,6 +300,204 @@
 | ||||||
|  selinux_file_context_cmp = _selinux.selinux_file_context_cmp |  selinux_file_context_cmp = _selinux.selinux_file_context_cmp | ||||||
|  selinux_file_context_verify = _selinux.selinux_file_context_verify |  selinux_file_context_verify = _selinux.selinux_file_context_verify | ||||||
| @ -287,7 +228,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0 | |||||||
|  SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER |  SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER | ||||||
| diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.61/src/selinuxswig.i
 | diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.61/src/selinuxswig.i
 | ||||||
| --- nsalibselinux/src/selinuxswig.i	2008-01-23 14:36:29.000000000 -0500
 | --- nsalibselinux/src/selinuxswig.i	2008-01-23 14:36:29.000000000 -0500
 | ||||||
| +++ libselinux-2.0.61/src/selinuxswig.i	2008-04-10 16:20:59.000000000 -0400
 | +++ libselinux-2.0.61/src/selinuxswig.i	2008-04-16 13:25:25.000000000 -0400
 | ||||||
| @@ -5,6 +5,7 @@
 | @@ -5,6 +5,7 @@
 | ||||||
|  %module selinux |  %module selinux | ||||||
|  %{ |  %{ | ||||||
| @ -307,9 +248,33 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux- | |||||||
|  %include "../include/selinux/get_default_type.h" |  %include "../include/selinux/get_default_type.h" | ||||||
|  %include "../include/selinux/get_context_list.h" |  %include "../include/selinux/get_context_list.h" | ||||||
| +
 | +
 | ||||||
|  | diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.61/src/selinuxswig_python.i
 | ||||||
|  | --- nsalibselinux/src/selinuxswig_python.i	2007-10-01 09:54:35.000000000 -0400
 | ||||||
|  | +++ libselinux-2.0.61/src/selinuxswig_python.i	2008-04-16 13:25:25.000000000 -0400
 | ||||||
|  | @@ -16,6 +16,20 @@
 | ||||||
|  |  	$result = SWIG_Python_AppendOutput($result, list); | ||||||
|  |  } | ||||||
|  |   | ||||||
|  | +/* return a sid along with the result */
 | ||||||
|  | +%typemap(argout) (security_id_t * sid) {
 | ||||||
|  | +	if (*$1) {
 | ||||||
|  | +                %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0));
 | ||||||
|  | +	} else {
 | ||||||
|  | +		Py_INCREF(Py_None);
 | ||||||
|  | +		%append_output(Py_None);
 | ||||||
|  | +	}
 | ||||||
|  | +}
 | ||||||
|  | +
 | ||||||
|  | +%typemap(in,numinputs=0) security_id_t *(security_id_t temp) {
 | ||||||
|  | +  $1 = &temp;
 | ||||||
|  | +}
 | ||||||
|  | +
 | ||||||
|  |  /* Makes security_compute_user() return a Python list of contexts */ | ||||||
|  |  %typemap(argout) (security_context_t **con) { | ||||||
|  |  	PyObject* plist; | ||||||
| diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.61/src/selinuxswig_wrap.c
 | diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.61/src/selinuxswig_wrap.c
 | ||||||
| --- nsalibselinux/src/selinuxswig_wrap.c	2008-01-23 14:36:29.000000000 -0500
 | --- nsalibselinux/src/selinuxswig_wrap.c	2008-01-23 14:36:29.000000000 -0500
 | ||||||
| +++ libselinux-2.0.61/src/selinuxswig_wrap.c	2008-04-10 16:21:08.000000000 -0400
 | +++ libselinux-2.0.61/src/selinuxswig_wrap.c	2008-04-16 13:25:25.000000000 -0400
 | ||||||
| @@ -2458,21 +2458,36 @@
 | @@ -2458,21 +2458,36 @@
 | ||||||
|   |   | ||||||
|  #define SWIGTYPE_p_SELboolean swig_types[0] |  #define SWIGTYPE_p_SELboolean swig_types[0] | ||||||
|  | |||||||
| @ -3,8 +3,8 @@ | |||||||
| 
 | 
 | ||||||
| Summary: SELinux library and simple utilities | Summary: SELinux library and simple utilities | ||||||
| Name: libselinux | Name: libselinux | ||||||
| Version: 2.0.61 | Version: 2.0.64 | ||||||
| Release: 3%{?dist} | Release: 1%{?dist} | ||||||
| License: Public Domain | License: Public Domain | ||||||
| Group: System Environment/Libraries | Group: System Environment/Libraries | ||||||
| Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz | Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz | ||||||
| @ -137,6 +137,15 @@ exit 0 | |||||||
| %{python_sitearch}/selinux/* | %{python_sitearch}/selinux/* | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Tue Apr 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.64-1 | ||||||
|  | - Update to Upstream | ||||||
|  | 	* Fixed selinux_set_callback man page. | ||||||
|  | 	* Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley. | ||||||
|  | 	* Fix memory leaks in matchpathcon from Eamon Walsh. | ||||||
|  | 
 | ||||||
|  | * Wed Apr 16 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.61-4 | ||||||
|  | - Add Xavior Toth patch for security_id_t in swig | ||||||
|  | 
 | ||||||
| * Thu Apr 10 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.61-3 | * Thu Apr 10 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.61-3 | ||||||
| - Add avc.h to swig code | - Add avc.h to swig code | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user