From f9135bb77cbe271c4354d8214dd08a55621b6b65 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Fri, 25 May 2012 07:20:38 -0400
Subject: [PATCH] Fix to compile with Fortify source

      * Add -O compiler flag
      * Check return code from asprintf
- Fix handling of symbolic links in / by realpath_not_final
---
 libselinux-rhat.patch | 60 ++++++++++++++++++++++++++++++++++++++++++-
 libselinux.spec       |  8 +++++-
 2 files changed, 66 insertions(+), 2 deletions(-)

diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 4ac818f..e25c8f2 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -154,6 +154,19 @@ index 8ead1a4..c68ace5 100644
  .sp
  selinux_default_type_path - context file mapping roles to default types.
  .sp
+diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
+index d84033e..1c2270c 100644
+--- a/libselinux/src/Makefile
++++ b/libselinux/src/Makefile
+@@ -55,7 +55,7 @@ MAX_STACK_SIZE=32768
+ 
+ OBJS= $(patsubst %.c,%.o,$(SRCS))
+ LOBJS= $(patsubst %.c,%.lo,$(SRCS))
+-CFLAGS ?= -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissing-include-dirs \
++CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissing-include-dirs \
+           -Wunused -Wunknown-pragmas -Wstrict-aliasing -Wshadow -Wpointer-arith \
+           -Wbad-function-cast -Wcast-align -Wwrite-strings -Wlogical-op -Waggregate-return \
+           -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes \
 diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
 index 1bf3599..f621de7 100644
 --- a/libselinux/src/audit2why.c
@@ -434,6 +447,20 @@ index 0b00156..825f295 100644
      S_(FILE_CONTEXT_SUBS_DIST, "/contexts/files/file_contexts.subs_dist")
      S_(SEPGSQL_CONTEXTS, "/contexts/sepgsql_contexts")
 +    S_(BOOLEAN_SUBS, "/booleans.subs")
+diff --git a/libselinux/src/label.c b/libselinux/src/label.c
+index a9e0853..89e28f1 100644
+--- a/libselinux/src/label.c
++++ b/libselinux/src/label.c
+@@ -47,7 +47,8 @@ static char *selabel_sub(struct selabel_sub *ptr, const char *src)
+ 		if (strncmp(src, ptr->src, ptr->slen) == 0 ) {
+ 			if (src[ptr->slen] == '/' || 
+ 			    src[ptr->slen] == 0) {
+-				asprintf(&dst, "%s%s", ptr->dst, &src[ptr->slen]);
++				if (asprintf(&dst, "%s%s", ptr->dst, &src[ptr->slen]) < 0)
++					return NULL;
+ 				return dst;
+ 			}
+ 		}
 diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
 index 7bc46cc..82a608c 100644
 --- a/libselinux/src/label_file.c
@@ -536,7 +563,7 @@ index 7bc46cc..82a608c 100644
  					goto finish;
  			}
 diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
-index 8f200d4..c18ea47 100644
+index 8f200d4..6457e4a 100644
 --- a/libselinux/src/matchpathcon.c
 +++ b/libselinux/src/matchpathcon.c
 @@ -2,6 +2,7 @@
@@ -590,6 +617,24 @@ index 8f200d4..c18ea47 100644
  hidden_def(matchpathcon_init_prefix)
  
  int matchpathcon_init(const char *path)
+@@ -391,10 +399,13 @@ int realpath_not_final(const char *name, char *resolved_path)
+ 		goto out;
+ 	}
+ 
+-	resolved_path += len;
+-	strcpy(resolved_path, "/");
+-	resolved_path += 1;
+-	strcpy(resolved_path, last_component);
++	p = resolved_path;
++	p += len;
++	if (strcmp(resolved_path, "/") != 0) {
++		strcpy(p, "/");
++		p += 1;
++	}
++	strcpy(p, last_component);
+ out:
+ 	free(tmp_path);
+ 	return rc;
 diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
 index f42cb7c..f544ac2 100644
 --- a/libselinux/src/selinux_config.c
@@ -691,3 +736,16 @@ index 00df405..8a935d0 100644
      hidden_proto(matchpathcon_init_prefix)
      hidden_proto(selinux_users_path)
      hidden_proto(selinux_usersconf_path);
+diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
+index d76ccfa..5f3e047 100644
+--- a/libselinux/utils/Makefile
++++ b/libselinux/utils/Makefile
+@@ -5,7 +5,7 @@ USRBINDIR ?= $(PREFIX)/sbin
+ SBINDIR ?= $(DESTDIR)/sbin
+ 
+ MAX_STACK_SIZE=8192
+-CFLAGS ?= -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissing-include-dirs \
++CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissing-include-dirs \
+           -Wunused -Wunknown-pragmas -Wstrict-aliasing -Wshadow -Wpointer-arith \
+           -Wbad-function-cast -Wcast-align -Wwrite-strings -Wlogical-op -Waggregate-return \
+           -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes \
diff --git a/libselinux.spec b/libselinux.spec
index 2bb12fc..f4eff71 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -8,7 +8,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.1.10
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@@ -233,6 +233,12 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Fri May 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
+- Fix to compile with Fortify source
+      * Add -O compiler flag
+      * Check return code from asprintf
+- Fix handling of symbolic links in / by realpath_not_final
+
 * Tue Apr 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-3
 - Add support for lxc contexts file