From 7cbfb0e27a70e2611ee419e6fb85230ef622b2e1 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 27 Sep 2007 14:54:10 +0000 Subject: [PATCH] - Upgrade to upstream Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh. Pass CFLAGS when using gcc for linking from Dennis Gilmore. --- .cvsignore | 1 + libselinux-rhat.patch | 29 ----------------------------- libselinux.spec | 8 ++++++-- sources | 2 +- 4 files changed, 8 insertions(+), 32 deletions(-) diff --git a/.cvsignore b/.cvsignore index 63cd808..af69c0e 100644 --- a/.cvsignore +++ b/.cvsignore @@ -129,3 +129,4 @@ libselinux-2.0.30.tgz libselinux-2.0.31.tgz libselinux-2.0.33.tgz libselinux-2.0.34.tgz +libselinux-2.0.35.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 1676886..2506613 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,32 +1,3 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/avc_internal.c libselinux-2.0.34/src/avc_internal.c ---- nsalibselinux/src/avc_internal.c 2007-07-16 14:20:46.000000000 -0400 -+++ libselinux-2.0.34/src/avc_internal.c 2007-09-24 11:37:47.000000000 -0400 -@@ -61,7 +61,8 @@ - rc = fd; - goto out; - } -- -+ -+ fcntl(fd, F_SETFD, FD_CLOEXEC); - if (!blocking && fcntl(fd, F_SETFL, O_NONBLOCK)) { - close(fd); - rc = -1; -diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.34/src/Makefile ---- nsalibselinux/src/Makefile 2007-08-03 16:02:56.000000000 -0400 -+++ libselinux-2.0.34/src/Makefile 2007-09-24 11:51:42.000000000 -0400 -@@ -57,10 +57,10 @@ - $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $< - - $(SWIGSO): $(SWIGLOBJ) -- $(CC) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ -+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ - - $(LIBSO): $(LOBJS) -- $(CC) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro -+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro - ln -sf $@ $(TARGET) - - %.o: %.c policy.h diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.34/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2007-09-18 16:27:25.000000000 -0400 +++ libselinux-2.0.34/src/matchpathcon.c 2007-09-18 16:32:31.000000000 -0400 diff --git a/libselinux.spec b/libselinux.spec index b50884d..7eec55f 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,8 +1,8 @@ %define libsepolver 2.0.10-1 Summary: SELinux library and simple utilities Name: libselinux -Version: 2.0.34 -Release: 3%{?dist} +Version: 2.0.35 +Release: 1%{?dist} License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -123,6 +123,10 @@ exit 0 %{_libdir}/python*/site-packages/selinux.py* %changelog +* Wed Sep 26 2007 Dan Walsh - 2.0.35-1 +- Upgrade to upstream + * Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh. + * Pass CFLAGS when using gcc for linking from Dennis Gilmore. * Mon Sep 24 2007 Dan Walsh - 2.0.34-3 - Add sparc patch to from Dennis Gilmore to build on Sparc platform diff --git a/sources b/sources index ae39ee7..1951dfb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e6f14fafbeab0fb9c9662d79eca4ac1e libselinux-2.0.34.tgz +3238a38e2e43c39081d13a579744fbdb libselinux-2.0.35.tgz