From 70de4204ca047e701318f3557bbccfc1c45a3c7f Mon Sep 17 00:00:00 2001
From: rhatdan <dwalsh@redhat.com>
Date: Sat, 15 Sep 2012 07:48:40 -0400
Subject: [PATCH] Update to upstream
* libsemanage: do not set soname needlessly
* libsemanage: remove PYTHONLIBDIR and ruby equivalent
* do boolean name substitution
* Fix segfault for building standard policies.
---
.gitignore | 1 +
libsemanage-rhat.patch | 160 +++++++++++++++++++++++++++++++++--------
libsemanage.spec | 15 ++--
sources | 2 +-
4 files changed, 142 insertions(+), 36 deletions(-)
diff --git a/.gitignore b/.gitignore
index 7e0ae2b..672d5c0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -127,3 +127,4 @@ libsemanage-2.0.45.tgz
/libsemanage-2.1.6.tgz
/libsemanage-2.1.7.tgz
/libsemanage-2.1.8.tgz
+/libsemanage-2.1.9.tgz
diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch
index f60ce5e..efe7fa9 100644
--- a/libsemanage-rhat.patch
+++ b/libsemanage-rhat.patch
@@ -1,35 +1,74 @@
-diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
-index fc64919..c63bb22 100644
---- a/libsemanage/src/Makefile
-+++ b/libsemanage/src/Makefile
-@@ -13,12 +13,10 @@ SHLIBDIR ?= $(PREFIX)/lib
- INCLUDEDIR ?= $(PREFIX)/include
- PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')
- PYINC ?= $(shell pkg-config --cflags $(PYPREFIX))
--PYTHONLIBDIR ?= $(shell pkg-config --libs $(PYPREFIX))
- PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
- RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
- RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM')
- RUBYINC ?= $(shell pkg-config --cflags ruby-$(RUBYLIBVER))
--RUBYLIBDIR ?= $(shell pkg-config --libs ruby-$(RUBYLIBVER))
- RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
+diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
+index bbdac1d..80d08ec 100644
+--- a/libsemanage/src/conf-parse.y
++++ b/libsemanage/src/conf-parse.y
+@@ -58,7 +58,7 @@ static int parse_errors;
+ }
- LIBBASE=$(shell basename $(LIBDIR))
-@@ -84,10 +82,10 @@ $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
+ %token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED
+-%token LOAD_POLICY_START SETFILES_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN USEPASSWD IGNOREDIRS
++%token LOAD_POLICY_START SETFILES_START SEFCONTEXT_COMPILE_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN USEPASSWD IGNOREDIRS
+ %token BZIP_BLOCKSIZE BZIP_SMALL
+ %token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
+ %token PROG_PATH PROG_ARGS
+@@ -230,6 +230,14 @@ command_start:
+ YYABORT;
+ }
+ }
++ | SEFCONTEXT_COMPILE_START {
++ semanage_conf_external_prog_destroy(current_conf->sefcontext_compile);
++ current_conf->sefcontext_compile = NULL;
++ if (new_external_prog(¤t_conf->sefcontext_compile) == -1) {
++ parse_errors++;
++ YYABORT;
++ }
++ }
+ ;
- $(SWIGSO): $(SWIGLOBJ)
-- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -L$(LIBDIR) -Wl,-soname,$@
-+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -L$(LIBDIR)
+ verify_block: verify_start external_opts BLOCK_END {
+@@ -308,6 +316,20 @@ static int semanage_conf_init(semanage_conf_t * conf)
+ return -1;
+ }
- $(SWIGRUBYSO): $(SWIGRUBYLOBJ)
-- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lsemanage -L$(LIBDIR) -Wl,-soname,$@
-+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lsemanage -L$(LIBDIR)
++ if ((conf->sefcontext_compile =
++ calloc(1, sizeof(*(current_conf->sefcontext_compile)))) == NULL) {
++ return -1;
++ }
++ if (access("/sbin/sefcontext_compile", X_OK) == 0) {
++ conf->sefcontext_compile->path = strdup("/sbin/sefcontext_compile");
++ } else {
++ conf->sefcontext_compile->path = strdup("/usr/sbin/sefcontext_compile");
++ }
++ if ((conf->sefcontext_compile->path == NULL) ||
++ (conf->sefcontext_compile->args = strdup("$@")) == NULL) {
++ return -1;
++ }
++
+ return 0;
+ }
- $(LIBA): $(OBJS)
- $(AR) rcs $@ $^
+@@ -363,6 +385,7 @@ void semanage_conf_destroy(semanage_conf_t * conf)
+ free(conf->ignoredirs);
+ semanage_conf_external_prog_destroy(conf->load_policy);
+ semanage_conf_external_prog_destroy(conf->setfiles);
++ semanage_conf_external_prog_destroy(conf->sefcontext_compile);
+ semanage_conf_external_prog_destroy(conf->mod_prog);
+ semanage_conf_external_prog_destroy(conf->linked_prog);
+ semanage_conf_external_prog_destroy(conf->kernel_prog);
+diff --git a/libsemanage/src/conf-scan.l b/libsemanage/src/conf-scan.l
+index 7ef4154..41ba044 100644
+--- a/libsemanage/src/conf-scan.l
++++ b/libsemanage/src/conf-scan.l
+@@ -53,6 +53,7 @@ bzip-blocksize return BZIP_BLOCKSIZE;
+ bzip-small return BZIP_SMALL;
+ "[load_policy]" return LOAD_POLICY_START;
+ "[setfiles]" return SETFILES_START;
++"[sefcontext_compile]" return SEFCONTEXT_COMPILE_START;
+ "[verify module]" return VERIFY_MOD_START;
+ "[verify linked]" return VERIFY_LINKED_START;
+ "[verify kernel]" return VERIFY_KERNEL_START;
diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c
-index 7fcd2b4..18babe6 100644
+index 7fcd2b4..6aa9057 100644
--- a/libsemanage/src/handle.c
+++ b/libsemanage/src/handle.c
@@ -52,6 +52,26 @@ static char *private_usersconf_path = NULL;
@@ -39,7 +78,7 @@ index 7fcd2b4..18babe6 100644
+static char *get_policy_path(void) {
+ char *dup_path = NULL;
+ int max = security_policyvers();
-+ if (max < 0)
++ if (max < 0)
+ max = sepol_policy_kern_vers_max();
+
+ char *policy_path = selinux_binary_policy_path_min_max(0, &max);
@@ -65,7 +104,7 @@ index 7fcd2b4..18babe6 100644
- if ( asprintf(&private_binary_policy_path, "%s/%s", path, selinux_binary_policy_path()) < 0 ) {
+ char *policy_path = get_policy_path();
-+ if (! policy_path)
++ if (! policy_path)
+ goto error;
+
+ if ( asprintf(&private_binary_policy_path, "%s/%s", path, policy_path) < 0 ) {
@@ -87,11 +126,41 @@ index 7fcd2b4..18babe6 100644
}
const char *semanage_usersconf_path() {
+diff --git a/libsemanage/src/semanage_conf.h b/libsemanage/src/semanage_conf.h
+index 95f8ec3..9b7852c 100644
+--- a/libsemanage/src/semanage_conf.h
++++ b/libsemanage/src/semanage_conf.h
+@@ -46,6 +46,7 @@ typedef struct semanage_conf {
+ char *ignoredirs; /* ";" separated of list for genhomedircon to ignore */
+ struct external_prog *load_policy;
+ struct external_prog *setfiles;
++ struct external_prog *sefcontext_compile;
+ struct external_prog *mod_prog, *linked_prog, *kernel_prog;
+ } semanage_conf_t;
+
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
-index cd7ce68..9c4b1fe 100644
+index cd7ce68..2fab63e 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
-@@ -1145,8 +1145,7 @@ static int semanage_install_active(semanage_handle_t * sh)
+@@ -1100,6 +1100,17 @@ int semanage_split_fc(semanage_handle_t * sh)
+
+ }
+
++static int sefcontext_compile(semanage_handle_t * sh, const char *path) {
++
++ int r;
++ if ((r = semanage_exec_prog(sh, sh->conf->sefcontext_compile, path, "")) != 0) {
++ ERR(sh, "sefcontext_compile returned error code %d. Compiling %s", r, path);
++ return -1;
++ }
++
++ return 0;
++}
++
+ /* Actually load the contents of the current active directory into the
+ * kernel. Return 0 on success, -3 on error. */
+ static int semanage_install_active(semanage_handle_t * sh)
+@@ -1145,8 +1156,7 @@ static int semanage_install_active(semanage_handle_t * sh)
if (asprintf(&storepath, "%s%s", semanage_selinux_path(), sh->conf->store_path) < 0)
return retval;
@@ -101,3 +170,32 @@ index cd7ce68..9c4b1fe 100644
if (semanage_copy_file(active_kernel, store_pol, sh->conf->file_mode) ==
-1) {
ERR(sh, "Could not copy %s to %s.", active_kernel, store_pol);
+@@ -1233,6 +1243,16 @@ static int semanage_install_active(semanage_handle_t * sh)
+ goto cleanup;
+ }
+
++ if (sefcontext_compile(sh, store_fc) != 0) {
++ goto cleanup;
++ }
++ if (sefcontext_compile(sh, store_fc_loc) != 0) {
++ goto cleanup;
++ }
++ if (sefcontext_compile(sh, store_fc_hd) != 0) {
++ goto cleanup;
++ }
++
+ retval = 0;
+ cleanup:
+ free(storepath);
+@@ -1371,6 +1391,11 @@ int semanage_install_sandbox(semanage_handle_t * sh)
+ goto cleanup;
+ }
+
++ if (sh->conf->sefcontext_compile == NULL) {
++ ERR(sh, "No sefcontext_compile program specified in configuration file.");
++ goto cleanup;
++ }
++
+ if ((commit_num = semanage_commit_sandbox(sh)) < 0) {
+ retval = commit_num;
+ goto cleanup;
diff --git a/libsemanage.spec b/libsemanage.spec
index 6cd7497..4ca33b6 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -4,13 +4,13 @@
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print (get_python_lib(1))")}
%endif
-%define libsepolver 2.1.5-1
-%define libselinuxver 2.1.11-2
+%define libsepolver 2.1.8-1
+%define libselinuxver 2.1.12-1
Summary: SELinux binary policy manipulation library
Name: libsemanage
-Version: 2.1.8
-Release: 3%{?dist}
+Version: 2.1.9
+Release: 1%{?dist}
License: LGPLv2+
Group: System Environment/Libraries
Source: libsemanage-%{version}.tgz
@@ -180,6 +180,13 @@ rm -rf ${RPM_BUILD_ROOT}
%endif # if with_python3
%changelog
+* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-1
+- Update to upstream
+ * libsemanage: do not set soname needlessly
+ * libsemanage: remove PYTHONLIBDIR and ruby equivalent
+ * do boolean name substitution
+ * Fix segfault for building standard policies.
+
* Fri Jul 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-3
- Attempt to allocate memory for selinux_binary_policy_path and free memory
- allocated by asprintf.
diff --git a/sources b/sources
index 0ed77db..9b2666f 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-acb5c0f40f70ff32c4c39cee8432be26 libsemanage-2.1.8.tgz
+eae2f9c81be857032efde81504b9e82a libsemanage-2.1.9.tgz