- Update to upstream

Change the AVC to only audit the permissions specified by the policy,
    excluding any permissions specified via dontaudit or not specified via
    auditallow.
Fix compilation of label_file.c with latest glibc headers.
This commit is contained in:
Daniel J Walsh 2010-02-24 19:12:12 +00:00
parent de078cb3d5
commit 68c8d967fd
4 changed files with 83 additions and 22 deletions

View File

@ -174,3 +174,4 @@ libselinux-2.0.87.tgz
libselinux-2.0.88.tgz libselinux-2.0.88.tgz
libselinux-2.0.89.tgz libselinux-2.0.89.tgz
libselinux-2.0.90.tgz libselinux-2.0.90.tgz
libselinux-2.0.91.tgz

View File

@ -61,32 +61,79 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.
va_end(ap); va_end(ap);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-2.0.90/src/init.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-2.0.90/src/init.c
--- nsalibselinux/src/init.c 2009-07-14 11:16:03.000000000 -0400 --- nsalibselinux/src/init.c 2009-07-14 11:16:03.000000000 -0400
+++ libselinux-2.0.90/src/init.c 2010-01-18 16:52:28.000000000 -0500 +++ libselinux-2.0.90/src/init.c 2010-02-22 11:04:16.000000000 -0500
@@ -59,8 +59,10 @@ @@ -23,7 +23,7 @@
static void init_selinuxmnt(void)
{
char *buf=NULL, *p;
- FILE *fp;
+ FILE *fp=NULL;
struct statfs sfbuf;
int rc;
size_t len;
@@ -57,16 +57,17 @@
break;
}
} }
fclose(fp); - fclose(fp);
- if (!exists) - if (!exists)
+ if (!exists) { - return;
+ free(buf); + if (!exists)
return; + goto out;
+ } +
+ fclose(fp);
/* At this point, the usual spot doesn't have an selinuxfs so /* At this point, the usual spot doesn't have an selinuxfs so
* we look around for it */ * we look around for it */
diff --exclude-from=exclude -N -u -r nsalibselinux/src/label_file.c libselinux-2.0.90/src/label_file.c fp = fopen("/proc/mounts", "r");
--- nsalibselinux/src/label_file.c 2009-05-18 13:53:14.000000000 -0400 if (!fp)
+++ libselinux-2.0.90/src/label_file.c 2010-01-18 16:53:54.000000000 -0500 - return;
@@ -20,6 +20,9 @@ + goto out;
#include "callbacks.h"
#include "label_internal.h"
+#include <sys/types.h> __fsetlocking(fp, FSETLOCKING_BYCALLER);
+#include <sys/stat.h> while ((num = getline(&buf, &len, fp)) != -1) {
+ @@ -90,7 +91,8 @@
/*
* Internals, mostly moved over from matchpathcon.c out:
*/ free(buf);
- fclose(fp);
+ if (fp)
+ fclose(fp);
return;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/libselinux.pc.in libselinux-2.0.90/src/libselinux.pc.in
--- nsalibselinux/src/libselinux.pc.in 2009-11-02 12:58:30.000000000 -0500
+++ libselinux-2.0.90/src/libselinux.pc.in 2010-02-18 10:02:46.000000000 -0500
@@ -1,6 +1,6 @@
prefix=@prefix@
exec_prefix=${prefix}
-libdir=${exec_prefix}/lib
+libdir=${exec_prefix}/@libdir@
includedir=@includedir@
Name: libselinux
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.90/src/Makefile
--- nsalibselinux/src/Makefile 2009-12-01 15:46:50.000000000 -0500
+++ libselinux-2.0.90/src/Makefile 2010-02-18 10:20:27.000000000 -0500
@@ -11,6 +11,7 @@
RUBYPLATFORM ?= $(shell ruby -e 'print RUBY_PLATFORM')
RUBYINC ?= $(LIBDIR)/ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
+LIBBASE=$(shell basename $(LIBDIR))
VERSION = $(shell cat ../VERSION)
LIBVERSION = 1
@@ -85,7 +86,7 @@
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in
- sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
+ sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
selinuxswig_python_exception.i: ../include/selinux/selinux.h
bash exception.sh > $@
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.90/src/matchpathcon.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.90/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500 --- nsalibselinux/src/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.90/src/matchpathcon.c 2010-01-18 16:52:28.000000000 -0500 +++ libselinux-2.0.90/src/matchpathcon.c 2010-01-18 16:52:28.000000000 -0500

View File

@ -4,8 +4,8 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.0.90 Version: 2.0.91
Release: 3%{?dist} Release: 1%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz
@ -166,6 +166,19 @@ exit 0
%{ruby_sitearch}/selinux.so %{ruby_sitearch}/selinux.so
%changelog %changelog
* Wed Feb 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.91-1
- Update to upstream
* Change the AVC to only audit the permissions specified by the
policy, excluding any permissions specified via dontaudit or not
specified via auditallow.
* Fix compilation of label_file.c with latest glibc headers.
* Mon Feb 22 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-5
- Fix potential doublefree on init
* Thu Feb 18 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-4
- Fix libselinux.pc
* Mon Jan 18 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-3 * Mon Jan 18 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-3
- Fix man page for selinuxdefcon - Fix man page for selinuxdefcon

View File

@ -1 +1 @@
87c744d919d632502ca91ca213c2168f libselinux-2.0.90.tgz 17f7d791eba17ded16177dcb710ac7b9 libselinux-2.0.91.tgz