Add patch from dbhole@redhat.com to initialize thread keys to -1

Errors were being seen in libpthread/libdl that were related
to corrupt thread specific keys. Global destructors that are called on dl
unload. During destruction delete a thread specific key without checking
if it has been initialized. Since the constructor is not called each time
(i.e. key is not initialized with pthread_key_create each time), and the
default is 0, there is a possibility that key 0 for an active thread gets
deleted. This is exactly what is happening in case of OpenJDK.

libselinux-rhat.patch

@@ -239,7 +239,7 @@ index 36ce029..83d2143 100644
  		/*
  		 * If we failed to disable, SELinux will still be 
 diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
-index f3e45af..2f3c16a 100644
+index f3e45af..1333aa0 100644
 --- a/libselinux/src/matchpathcon.c
 +++ b/libselinux/src/matchpathcon.c
 @@ -2,6 +2,7 @@
@@ -250,6 +250,15 @@ index f3e45af..2f3c16a 100644
  #include "selinux_internal.h"
  #include "label_internal.h"
  #include "callbacks.h"
+@@ -16,7 +17,7 @@ static __thread int con_array_size;
+ static __thread int con_array_used;
+ 
+ static pthread_once_t once = PTHREAD_ONCE_INIT;
+-static pthread_key_t destructor_key;
++static pthread_key_t destructor_key = -1;
+ 
+ static int add_array_elt(char *con)
+ {
 @@ -60,7 +61,7 @@ static void
  {
  	va_list ap;
@@ -1407,3 +1416,16 @@ index e0884f6..e60a3d3 100644
    SWIG_Python_SetConstant(d, "SELINUX_AVD_FLAGS_PERMISSIVE",SWIG_From_int((int)(0x0001)));
    SWIG_Python_SetConstant(d, "SELINUX_CB_LOG",SWIG_From_int((int)(0)));
    SWIG_Python_SetConstant(d, "SELINUX_CB_AUDIT",SWIG_From_int((int)(1)));
+diff --git a/libselinux/src/setrans_client.c b/libselinux/src/setrans_client.c
+index 4bdbe08..eb18ca0 100644
+--- a/libselinux/src/setrans_client.c
++++ b/libselinux/src/setrans_client.c
+@@ -34,7 +34,7 @@ static __thread char *prev_r2c_trans = NULL;
+ static __thread security_context_t prev_r2c_raw = NULL;
+ 
+ static pthread_once_t once = PTHREAD_ONCE_INIT;
+-static pthread_key_t destructor_key;
++static pthread_key_t destructor_key = -1;
+ static __thread char destructor_initialized;
+ 
+ /*

libselinux.spec

@@ -7,7 +7,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.0.99
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz
@@ -236,6 +236,20 @@ exit 0
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.99-4
+Add patch from dbhole@redhat.com to initialize thread keys to -1
+Errors were being seen in libpthread/libdl that were related
+to corrupt thread specific keys. Global destructors that are called on dl 
+unload. During destruction delete a thread specific key without checking 
+if it has been initialized. Since the constructor is not called each time 
+(i.e. key is not initialized with pthread_key_create each time), and the 
+default is 0, there is a possibility that key 0 for an active thread gets 
+deleted. This is exactly what is happening in case of OpenJDK.
+
+Workaround patch that initializes the key to -1. Thus if the constructor is not
+called, the destructor tries to delete key -1 which is deemed invalid by 
+pthread_key_delete, and is ignored.
+
 * Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.99-3
 - Call fini_selinuxmnt if selinux is disabled, to cause is_selinux_disabled() to report correct data