diff --git a/libsepol-rhat.patch b/libsepol-rhat.patch index a4ccd03..06372db 100644 --- a/libsepol-rhat.patch +++ b/libsepol-rhat.patch @@ -1,20 +1,55 @@ -diff -aur libsepol-1.7.6.orig/src/context.c libsepol-1.7.6.new/src/context.c ---- libsepol-1.7.6.orig/src/context.c 2005-07-26 14:43:30.000000000 -0400 -+++ libsepol-1.7.6.new/src/context.c 2005-07-27 12:10:53.000000000 -0400 -@@ -133,6 +133,7 @@ - char* role = strdup(data->role); - char* type = strdup(data->type); - char* mls = data->mls ? strdup(data->mls): NULL; -+ char* mls_ptr = mls; +diff --exclude-from=exclude -N -u -r nsalibsepol/src/libsepol.map libsepol-1.11.1/src/libsepol.map +--- nsalibsepol/src/libsepol.map 2005-11-15 08:06:55.000000000 -0500 ++++ libsepol-1.11.1/src/libsepol.map 2005-12-27 11:07:34.000000000 -0500 +@@ -4,6 +4,7 @@ + sepol_bool_*; sepol_genbools*; + sepol_context*; sepol_check_context; + sepol_iface_*; ++ sepol_port_*; + sepol_user_*; sepol_genusers; sepol_set_delusers; + sepol_msg_*; sepol_debug; + sepol_handle_*; +diff --exclude-from=exclude -N -u -r nsalibsepol/src/port_record.c libsepol-1.11.1/src/port_record.c +--- nsalibsepol/src/port_record.c 2005-11-01 17:32:59.000000000 -0500 ++++ libsepol-1.11.1/src/port_record.c 2005-12-27 11:07:34.000000000 -0500 +@@ -84,8 +84,8 @@ + sepol_port_t* port, + sepol_port_key_t* key) { - scontext = (context_struct_t*) malloc(sizeof(context_struct_t)); - if (!user || !role || !type || (data->mls && !mls) || !scontext) { -@@ -177,7 +178,7 @@ - DEBUG(__FUNCTION__, "mls is enabled, but no mls context found\n"); - goto err_destroy; - } -- if (mls && (mls_context_to_sid(policydb, '$', &mls, scontext) < 0)) { -+ if (mls && (mls_context_to_sid(policydb, '$', &mls_ptr, scontext) < 0)) { - DEBUG(__FUNCTION__, "invalid mls context %s\n", mls); - goto err_destroy; - } +- if ((port->low <= key->low) && +- (port->high >= key->high) && ++ if ((port->low == key->low) && ++ (port->high == key->high) && + (port->proto == key->proto)) + return 0; + +diff --exclude-from=exclude -N -u -r nsalibsepol/src/ports.c libsepol-1.11.1/src/ports.c +--- nsalibsepol/src/ports.c 2005-11-04 15:37:13.000000000 -0500 ++++ libsepol-1.11.1/src/ports.c 2005-12-27 11:07:34.000000000 -0500 +@@ -182,7 +182,7 @@ + int low2 = c->u.port.low_port; + int high2 = c->u.port.high_port; + +- if (proto == proto2 && low2 <= low && high2 >= high) { ++ if (proto == proto2 && low2 == low && high2 == high) { + *response = 1; + return STATUS_SUCCESS; + } +@@ -220,7 +220,7 @@ + int low2 = c->u.port.low_port; + int high2 = c->u.port.high_port; + +- if (proto == proto2 && low2 <= low && high2 >= high) { ++ if (proto == proto2 && low2 == low && high2 == high) { + if (port_to_record(handle, policydb, c, response) < 0) + goto err; + return STATUS_SUCCESS; +@@ -263,7 +263,7 @@ + int low2 = c->u.port.low_port; + int high2 = c->u.port.high_port; + +- if (proto == proto2 && low2 <= low && high2 >= high) { ++ if (proto == proto2 && low2 == low && high2 == high) { + + /* Replace */ + port->next = c->next; diff --git a/libsepol.spec b/libsepol.spec index 6296466..f597960 100644 --- a/libsepol.spec +++ b/libsepol.spec @@ -1,10 +1,11 @@ Summary: SELinux binary policy manipulation library Name: libsepol Version: 1.11.1 -Release: 1 +Release: 2 License: GPL Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz +Patch: libsepol-rhat.patch Prefix: %{_prefix} BuildRoot: %{_tmppath}/%{name}-buildroot @@ -37,6 +38,7 @@ needed for developing applications that manipulate binary policies. %prep %setup -q +%patch -p1 -b .rhat %build make clean @@ -80,6 +82,9 @@ exit 0 %{_includedir}/sepol/policydb/*.h %changelog +* Tue Dec 27 2005 Dan Walsh 1.11.1-2 +- Add Ivans patch to make ports work + * Fri Dec 16 2005 Dan Walsh 1.11.1-1 - Upgrade to latest from NSA * Fixed mls_range_cpy bug.