From 68c8d967fd41e7bb4887d3fdc76a3a3700db430e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 24 Feb 2010 19:12:12 +0000 Subject: [PATCH] - Update to upstream Change the AVC to only audit the permissions specified by the policy, excluding any permissions specified via dontaudit or not specified via auditallow. Fix compilation of label_file.c with latest glibc headers. --- .cvsignore | 1 + libselinux-rhat.patch | 85 +++++++++++++++++++++++++++++++++---------- libselinux.spec | 17 ++++++++- sources | 2 +- 4 files changed, 83 insertions(+), 22 deletions(-) diff --git a/.cvsignore b/.cvsignore index b38838d..959dcba 100644 --- a/.cvsignore +++ b/.cvsignore @@ -174,3 +174,4 @@ libselinux-2.0.87.tgz libselinux-2.0.88.tgz libselinux-2.0.89.tgz libselinux-2.0.90.tgz +libselinux-2.0.91.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index fe3fa11..9ecab96 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -61,32 +61,79 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2. va_end(ap); diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-2.0.90/src/init.c --- nsalibselinux/src/init.c 2009-07-14 11:16:03.000000000 -0400 -+++ libselinux-2.0.90/src/init.c 2010-01-18 16:52:28.000000000 -0500 -@@ -59,8 +59,10 @@ ++++ libselinux-2.0.90/src/init.c 2010-02-22 11:04:16.000000000 -0500 +@@ -23,7 +23,7 @@ + static void init_selinuxmnt(void) + { + char *buf=NULL, *p; +- FILE *fp; ++ FILE *fp=NULL; + struct statfs sfbuf; + int rc; + size_t len; +@@ -57,16 +57,17 @@ + break; + } } - fclose(fp); +- fclose(fp); - if (!exists) -+ if (!exists) { -+ free(buf); - return; -+ } +- return; ++ if (!exists) ++ goto out; ++ ++ fclose(fp); /* At this point, the usual spot doesn't have an selinuxfs so * we look around for it */ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/label_file.c libselinux-2.0.90/src/label_file.c ---- nsalibselinux/src/label_file.c 2009-05-18 13:53:14.000000000 -0400 -+++ libselinux-2.0.90/src/label_file.c 2010-01-18 16:53:54.000000000 -0500 -@@ -20,6 +20,9 @@ - #include "callbacks.h" - #include "label_internal.h" + fp = fopen("/proc/mounts", "r"); + if (!fp) +- return; ++ goto out; -+#include -+#include -+ - /* - * Internals, mostly moved over from matchpathcon.c - */ + __fsetlocking(fp, FSETLOCKING_BYCALLER); + while ((num = getline(&buf, &len, fp)) != -1) { +@@ -90,7 +91,8 @@ + + out: + free(buf); +- fclose(fp); ++ if (fp) ++ fclose(fp); + return; + } + +diff --exclude-from=exclude -N -u -r nsalibselinux/src/libselinux.pc.in libselinux-2.0.90/src/libselinux.pc.in +--- nsalibselinux/src/libselinux.pc.in 2009-11-02 12:58:30.000000000 -0500 ++++ libselinux-2.0.90/src/libselinux.pc.in 2010-02-18 10:02:46.000000000 -0500 +@@ -1,6 +1,6 @@ + prefix=@prefix@ + exec_prefix=${prefix} +-libdir=${exec_prefix}/lib ++libdir=${exec_prefix}/@libdir@ + includedir=@includedir@ + + Name: libselinux +diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.90/src/Makefile +--- nsalibselinux/src/Makefile 2009-12-01 15:46:50.000000000 -0500 ++++ libselinux-2.0.90/src/Makefile 2010-02-18 10:20:27.000000000 -0500 +@@ -11,6 +11,7 @@ + RUBYPLATFORM ?= $(shell ruby -e 'print RUBY_PLATFORM') + RUBYINC ?= $(LIBDIR)/ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) + RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) ++LIBBASE=$(shell basename $(LIBDIR)) + + VERSION = $(shell cat ../VERSION) + LIBVERSION = 1 +@@ -85,7 +86,7 @@ + ln -sf $@ $(TARGET) + + $(LIBPC): $(LIBPC).in +- sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@ ++ sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@ + + selinuxswig_python_exception.i: ../include/selinux/selinux.h + bash exception.sh > $@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.90/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500 +++ libselinux-2.0.90/src/matchpathcon.c 2010-01-18 16:52:28.000000000 -0500 diff --git a/libselinux.spec b/libselinux.spec index 1662b21..270ffac 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -4,8 +4,8 @@ Summary: SELinux library and simple utilities Name: libselinux -Version: 2.0.90 -Release: 3%{?dist} +Version: 2.0.91 +Release: 1%{?dist} License: Public Domain Group: System Environment/Libraries Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz @@ -166,6 +166,19 @@ exit 0 %{ruby_sitearch}/selinux.so %changelog +* Wed Feb 24 2010 Dan Walsh - 2.0.91-1 +- Update to upstream + * Change the AVC to only audit the permissions specified by the + policy, excluding any permissions specified via dontaudit or not + specified via auditallow. + * Fix compilation of label_file.c with latest glibc headers. + +* Mon Feb 22 2010 Dan Walsh - 2.0.90-5 +- Fix potential doublefree on init + +* Thu Feb 18 2010 Dan Walsh - 2.0.90-4 +- Fix libselinux.pc + * Mon Jan 18 2010 Dan Walsh - 2.0.90-3 - Fix man page for selinuxdefcon diff --git a/sources b/sources index f97c0ca..2cc9224 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -87c744d919d632502ca91ca213c2168f libselinux-2.0.90.tgz +17f7d791eba17ded16177dcb710ac7b9 libselinux-2.0.91.tgz