From 51344661b0b7f62610cc6b9a8e2faba5e144d446 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 23 Apr 2015 10:48:12 +0200 Subject: [PATCH] Recreate libselinux-rhat.patch from https://github.com/fedora-selinux/selinux/commit/4395ef2b8bb086878b5fad80321ac9d32f424f51 --- libselinux-rhat.patch | 190 +----------------------------------------- libselinux.spec | 2 +- 2 files changed, 2 insertions(+), 190 deletions(-) diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index b7c5e16..70326f7 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -558,7 +558,7 @@ index e89b1ef..fd20363 100644 Every confined service on the system has a man page in the following format: .br diff --git libselinux-2.3/src/Makefile libselinux-2.3/src/Makefile -index 4d07ba6..d7f8dbd 100644 +index 4d07ba6..0a34d9b 100644 --- libselinux-2.3/src/Makefile +++ libselinux-2.3/src/Makefile @@ -59,7 +59,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi @@ -570,15 +570,6 @@ index 4d07ba6..d7f8dbd 100644 -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \ -Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \ -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \ -@@ -111,7 +111,7 @@ $(LIBA): $(OBJS) - $(RANLIB) $@ - - $(LIBSO): $(LOBJS) -- $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro -+ $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -llzma -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro - ln -sf $@ $(TARGET) - - $(LIBPC): $(LIBPC).in ../VERSION diff --git libselinux-2.3/src/avc.c libselinux-2.3/src/avc.c index 2bd7d13..b1ec57f 100644 --- libselinux-2.3/src/avc.c @@ -968,185 +959,6 @@ index 896ef02..8435b76 100644 path, lineno, type); return 0; } -diff --git libselinux-2.3/src/load_policy.c libselinux-2.3/src/load_policy.c -index e419f1a..275672d 100644 ---- libselinux-2.3/src/load_policy.c -+++ libselinux-2.3/src/load_policy.c -@@ -16,6 +16,82 @@ - #include - #include "policy.h" - #include -+#include -+ -+static char *lzmaread(int fd, size_t *rsize) { -+ int capacity = 64*1024; -+ char *buf = NULL; -+ int tmpsize = 8 * 1024; -+ unsigned char tmp[tmpsize]; -+ unsigned char tmp_out[tmpsize]; -+ size_t size = 0; -+ lzma_stream strm = LZMA_STREAM_INIT; -+ lzma_action action = LZMA_RUN; -+ lzma_ret ret; -+ -+ FILE *stream = fdopen (fd, "r"); -+ if (!stream) { -+ return NULL; -+ } -+ ret = lzma_stream_decoder(&strm, UINT64_MAX, -+ LZMA_CONCATENATED); -+ -+ strm.avail_in = 0; -+ strm.next_out = tmp_out; -+ strm.avail_out = tmpsize; -+ -+ buf = (char *) malloc (capacity); -+ if (!buf) -+ goto err; -+ -+ while (1) { -+ if (strm.avail_in == 0) { -+ strm.next_in = tmp; -+ strm.avail_in = fread(tmp, 1, tmpsize, stream); -+ -+ if (ferror(stream)) { -+ // POSIX says that fread() sets errno if -+ // an error occurred. ferror() doesn't -+ // touch errno. -+ goto err; -+ } -+ if (feof(stream)) action = LZMA_FINISH; -+ } -+ -+ ret = lzma_code(&strm, action); -+ -+ // Write and check write error before checking decoder error. -+ // This way as much data as possible gets written to output -+ // even if decoder detected an error. -+ if (strm.avail_out == 0 || ret != LZMA_OK) { -+ const size_t num = tmpsize - strm.avail_out; -+ if (num > capacity) { -+ buf = (char*) realloc (buf, size*2); -+ capacity = size; -+ } -+ memcpy (buf+size, tmp_out, num); -+ capacity -= num; -+ size += num; -+ strm.next_out = tmp_out; -+ strm.avail_out = tmpsize; -+ } -+ if (ret != LZMA_OK) { -+ if (ret == LZMA_STREAM_END) { -+ break; -+ } else { -+ goto err; -+ } -+ } -+ } -+ *rsize = size; -+ -+ goto exit; -+err: -+ free(buf); buf = NULL; -+exit: -+ lzma_end(&strm); -+ return buf; -+} - - int security_load_policy(void *data, size_t len) - { -@@ -55,7 +131,7 @@ int selinux_mkload_policy(int preservebools) - struct stat sb; - struct utsname uts; - size_t size; -- void *map, *data; -+ void *map = NULL, *data=NULL; - int fd, rc = -1, prot; - sepol_policydb_t *policydb; - sepol_policy_file_t *pf; -@@ -181,24 +257,28 @@ checkbool: - goto dlclose; - } - -- if (fstat(fd, &sb) < 0) { -- fprintf(stderr, -- "SELinux: Could not stat policy file %s: %s\n", -- path, strerror(errno)); -- goto close; -- } -- -- prot = PROT_READ; -- if (setlocaldefs || preservebools) -- prot |= PROT_WRITE; -+ data = lzmaread(fd,&size); - -- size = sb.st_size; -- data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0); -- if (map == MAP_FAILED) { -- fprintf(stderr, -- "SELinux: Could not map policy file %s: %s\n", -+ if (!data) { -+ if (fstat(fd, &sb) < 0) { -+ fprintf(stderr, -+ "SELinux: Could not stat policy file %s: %s\n", - path, strerror(errno)); -- goto close; -+ goto close; -+ } -+ -+ prot = PROT_READ; -+ if (setlocaldefs || preservebools) -+ prot |= PROT_WRITE; -+ -+ size = sb.st_size; -+ data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0); -+ if (map == MAP_FAILED) { -+ fprintf(stderr, -+ "SELinux: Could not map policy file %s: %s\n", -+ path, strerror(errno)); -+ goto close; -+ } - } - - if (vers > kernvers && usesepol) { -@@ -210,6 +290,8 @@ checkbool: - goto unmap; - } - policy_file_set_mem(pf, data, size); -+ if (!map) -+ free(data); - if (policydb_read(policydb, pf)) { - policy_file_free(pf); - policydb_free(policydb); -@@ -223,7 +305,8 @@ checkbool: - path); - policy_file_free(pf); - policydb_free(policydb); -- munmap(map, sb.st_size); -+ if (map) -+ munmap(map, sb.st_size); - close(fd); - vers--; - goto search; -@@ -275,7 +358,7 @@ checkbool: - #endif - } - -- -+ - rc = security_load_policy(data, size); - - if (rc) -@@ -286,7 +369,8 @@ checkbool: - unmap: - if (data != map) - free(data); -- munmap(map, sb.st_size); -+ if (map) -+ munmap(map, sb.st_size); - close: - close(fd); - dlclose: diff --git libselinux-2.3/src/lsetfilecon.c libselinux-2.3/src/lsetfilecon.c index 1d3b28a..ea6d70b 100644 --- libselinux-2.3/src/lsetfilecon.c diff --git a/libselinux.spec b/libselinux.spec index c43ed76..3700076 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -18,7 +18,7 @@ Source1: selinuxconlist.8 Source2: selinuxdefcon.8 Url: https://github.com/SELinuxProject/selinux/wiki # use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/ -# https://github.com/fedora-selinux/selinux/commit/986cbec51cf3777202a90a680f86e389af6 +# https://github.com/fedora-selinux/selinux/commit/4395ef2b8bb086878b5fad80321ac9d32f424f51 Patch1: libselinux-rhat.patch BuildRequires: pkgconfig python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre-devel xz-devel %if 0%{?with_python3}