Fix -fno-common issues discovered by GCC 10

2020-01-28 11:00:08 +01:00 · 2020-01-28 11:00:08 +01:00 · 7a84df0229
commit 7a84df0229
parent 50ae97404c
4 changed files with 628 additions and 1 deletions
--- a/0001-libsepol-cil-Fix-bug-in-cil_copy_avrule-in-extended-.patch
+++ b/0001-libsepol-cil-Fix-bug-in-cil_copy_avrule-in-extended-.patch
@ -0,0 +1,36 @@
+From 7118f4f4c86698ef9d14e12564c3acf6cd7da7fc Mon Sep 17 00:00:00 2001
+From: James Carter <jwcart2@tycho.nsa.gov>
+Date: Thu, 23 Jan 2020 15:40:04 -0500
+Subject: [PATCH] libsepol/cil: Fix bug in cil_copy_avrule() in extended
+ permission handling
+
+When copying an avrule with extended permissions (permx) in
+cil_copy_avrule(), the check for a named permx checks the new permx
+instead of the old one, so the check will always fail. This leads to a
+segfault when trying to copy a named permx because there will be an
+attempt to copy the nonexistent permx struct instead of the name of
+the named permx.
+
+Check whether the original is a named permx instead of the new one.
+
+Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
+---
+ libsepol/cil/src/cil_copy_ast.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
+index 7af00aafd67a..67dd8528f526 100644
+--- a/libsepol/cil/src/cil_copy_ast.c
+++ b/libsepol/cil/src/cil_copy_ast.c
+@@ -827,7 +827,7 @@ int cil_copy_avrule(struct cil_db *db, void *data, void **copy, __attribute__((u
+ 	if (!new->is_extended) {
+ 		cil_copy_classperms_list(orig->perms.classperms, &new->perms.classperms);
+ 	} else {
+-		if (new->perms.x.permx_str != NULL) {
+		if (orig->perms.x.permx_str != NULL) {
+ 			new->perms.x.permx_str = orig->perms.x.permx_str;
+ 		} else {
+ 			cil_permissionx_init(&new->perms.x.permx);
+-- 
+2.24.1
+
--- a/0002-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
+++ b/0002-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
@ -0,0 +1,525 @@
+From 6be9dbbdc70e2de7f191edce897826e816719211 Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Thu, 23 Jan 2020 13:57:13 +0100
+Subject: [PATCH] libsepol: fix CIL_KEY_* build errors with -fno-common
+
+GCC 10 comes with -fno-common enabled by default - fix the CIL_KEY_*
+global variables to be defined only once in cil.c and declared in the
+header file correctly with the 'extern' keyword, so that other units
+including the file don't generate duplicate definitions.
+
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+---
+ libsepol/cil/src/cil.c          | 162 ++++++++++++++++
+ libsepol/cil/src/cil_internal.h | 322 ++++++++++++++++----------------
+ 2 files changed, 323 insertions(+), 161 deletions(-)
+
+diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c
+index de729cf8d15c..d222ad3a8d12 100644
+--- a/libsepol/cil/src/cil.c
+++ b/libsepol/cil/src/cil.c
+@@ -77,6 +77,168 @@ int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
+ 	{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
+ };
+ 
+char *CIL_KEY_CONS_T1;
+char *CIL_KEY_CONS_T2;
+char *CIL_KEY_CONS_T3;
+char *CIL_KEY_CONS_R1;
+char *CIL_KEY_CONS_R2;
+char *CIL_KEY_CONS_R3;
+char *CIL_KEY_CONS_U1;
+char *CIL_KEY_CONS_U2;
+char *CIL_KEY_CONS_U3;
+char *CIL_KEY_CONS_L1;
+char *CIL_KEY_CONS_L2;
+char *CIL_KEY_CONS_H1;
+char *CIL_KEY_CONS_H2;
+char *CIL_KEY_AND;
+char *CIL_KEY_OR;
+char *CIL_KEY_NOT;
+char *CIL_KEY_EQ;
+char *CIL_KEY_NEQ;
+char *CIL_KEY_CONS_DOM;
+char *CIL_KEY_CONS_DOMBY;
+char *CIL_KEY_CONS_INCOMP;
+char *CIL_KEY_CONDTRUE;
+char *CIL_KEY_CONDFALSE;
+char *CIL_KEY_SELF;
+char *CIL_KEY_OBJECT_R;
+char *CIL_KEY_STAR;
+char *CIL_KEY_TCP;
+char *CIL_KEY_UDP;
+char *CIL_KEY_DCCP;
+char *CIL_KEY_SCTP;
+char *CIL_KEY_AUDITALLOW;
+char *CIL_KEY_TUNABLEIF;
+char *CIL_KEY_ALLOW;
+char *CIL_KEY_DONTAUDIT;
+char *CIL_KEY_TYPETRANSITION;
+char *CIL_KEY_TYPECHANGE;
+char *CIL_KEY_CALL;
+char *CIL_KEY_TUNABLE;
+char *CIL_KEY_XOR;
+char *CIL_KEY_ALL;
+char *CIL_KEY_RANGE;
+char *CIL_KEY_GLOB;
+char *CIL_KEY_FILE;
+char *CIL_KEY_DIR;
+char *CIL_KEY_CHAR;
+char *CIL_KEY_BLOCK;
+char *CIL_KEY_SOCKET;
+char *CIL_KEY_PIPE;
+char *CIL_KEY_SYMLINK;
+char *CIL_KEY_ANY;
+char *CIL_KEY_XATTR;
+char *CIL_KEY_TASK;
+char *CIL_KEY_TRANS;
+char *CIL_KEY_TYPE;
+char *CIL_KEY_ROLE;
+char *CIL_KEY_USER;
+char *CIL_KEY_USERATTRIBUTE;
+char *CIL_KEY_USERATTRIBUTESET;
+char *CIL_KEY_SENSITIVITY;
+char *CIL_KEY_CATEGORY;
+char *CIL_KEY_CATSET;
+char *CIL_KEY_LEVEL;
+char *CIL_KEY_LEVELRANGE;
+char *CIL_KEY_CLASS;
+char *CIL_KEY_IPADDR;
+char *CIL_KEY_MAP_CLASS;
+char *CIL_KEY_CLASSPERMISSION;
+char *CIL_KEY_BOOL;
+char *CIL_KEY_STRING;
+char *CIL_KEY_NAME;
+char *CIL_KEY_SOURCE;
+char *CIL_KEY_TARGET;
+char *CIL_KEY_LOW;
+char *CIL_KEY_HIGH;
+char *CIL_KEY_LOW_HIGH;
+char *CIL_KEY_GLBLUB;
+char *CIL_KEY_HANDLEUNKNOWN;
+char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
+char *CIL_KEY_HANDLEUNKNOWN_DENY;
+char *CIL_KEY_HANDLEUNKNOWN_REJECT;
+char *CIL_KEY_MACRO;
+char *CIL_KEY_IN;
+char *CIL_KEY_MLS;
+char *CIL_KEY_DEFAULTRANGE;
+char *CIL_KEY_BLOCKINHERIT;
+char *CIL_KEY_BLOCKABSTRACT;
+char *CIL_KEY_CLASSORDER;
+char *CIL_KEY_CLASSMAPPING;
+char *CIL_KEY_CLASSPERMISSIONSET;
+char *CIL_KEY_COMMON;
+char *CIL_KEY_CLASSCOMMON;
+char *CIL_KEY_SID;
+char *CIL_KEY_SIDCONTEXT;
+char *CIL_KEY_SIDORDER;
+char *CIL_KEY_USERLEVEL;
+char *CIL_KEY_USERRANGE;
+char *CIL_KEY_USERBOUNDS;
+char *CIL_KEY_USERPREFIX;
+char *CIL_KEY_SELINUXUSER;
+char *CIL_KEY_SELINUXUSERDEFAULT;
+char *CIL_KEY_TYPEATTRIBUTE;
+char *CIL_KEY_TYPEATTRIBUTESET;
+char *CIL_KEY_EXPANDTYPEATTRIBUTE;
+char *CIL_KEY_TYPEALIAS;
+char *CIL_KEY_TYPEALIASACTUAL;
+char *CIL_KEY_TYPEBOUNDS;
+char *CIL_KEY_TYPEPERMISSIVE;
+char *CIL_KEY_RANGETRANSITION;
+char *CIL_KEY_USERROLE;
+char *CIL_KEY_ROLETYPE;
+char *CIL_KEY_ROLETRANSITION;
+char *CIL_KEY_ROLEALLOW;
+char *CIL_KEY_ROLEATTRIBUTE;
+char *CIL_KEY_ROLEATTRIBUTESET;
+char *CIL_KEY_ROLEBOUNDS;
+char *CIL_KEY_BOOLEANIF;
+char *CIL_KEY_NEVERALLOW;
+char *CIL_KEY_TYPEMEMBER;
+char *CIL_KEY_SENSALIAS;
+char *CIL_KEY_SENSALIASACTUAL;
+char *CIL_KEY_CATALIAS;
+char *CIL_KEY_CATALIASACTUAL;
+char *CIL_KEY_CATORDER;
+char *CIL_KEY_SENSITIVITYORDER;
+char *CIL_KEY_SENSCAT;
+char *CIL_KEY_CONSTRAIN;
+char *CIL_KEY_MLSCONSTRAIN;
+char *CIL_KEY_VALIDATETRANS;
+char *CIL_KEY_MLSVALIDATETRANS;
+char *CIL_KEY_CONTEXT;
+char *CIL_KEY_FILECON;
+char *CIL_KEY_IBPKEYCON;
+char *CIL_KEY_IBENDPORTCON;
+char *CIL_KEY_PORTCON;
+char *CIL_KEY_NODECON;
+char *CIL_KEY_GENFSCON;
+char *CIL_KEY_NETIFCON;
+char *CIL_KEY_PIRQCON;
+char *CIL_KEY_IOMEMCON;
+char *CIL_KEY_IOPORTCON;
+char *CIL_KEY_PCIDEVICECON;
+char *CIL_KEY_DEVICETREECON;
+char *CIL_KEY_FSUSE;
+char *CIL_KEY_POLICYCAP;
+char *CIL_KEY_OPTIONAL;
+char *CIL_KEY_DEFAULTUSER;
+char *CIL_KEY_DEFAULTROLE;
+char *CIL_KEY_DEFAULTTYPE;
+char *CIL_KEY_ROOT;
+char *CIL_KEY_NODE;
+char *CIL_KEY_PERM;
+char *CIL_KEY_ALLOWX;
+char *CIL_KEY_AUDITALLOWX;
+char *CIL_KEY_DONTAUDITX;
+char *CIL_KEY_NEVERALLOWX;
+char *CIL_KEY_PERMISSIONX;
+char *CIL_KEY_IOCTL;
+char *CIL_KEY_UNORDERED;
+char *CIL_KEY_SRC_INFO;
+char *CIL_KEY_SRC_CIL;
+char *CIL_KEY_SRC_HLL;
+
+ static void cil_init_keys(void)
+ {
+ 	/* Initialize CIL Keys into strpool */
+diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h
+index 30fab649b56c..9bdcbdd013c0 100644
+--- a/libsepol/cil/src/cil_internal.h
+++ b/libsepol/cil/src/cil_internal.h
+@@ -74,167 +74,167 @@ enum cil_pass {
+ /*
+ 	Keywords
+ */
+-char *CIL_KEY_CONS_T1;
+-char *CIL_KEY_CONS_T2;
+-char *CIL_KEY_CONS_T3;
+-char *CIL_KEY_CONS_R1;
+-char *CIL_KEY_CONS_R2;
+-char *CIL_KEY_CONS_R3;
+-char *CIL_KEY_CONS_U1;
+-char *CIL_KEY_CONS_U2;
+-char *CIL_KEY_CONS_U3;
+-char *CIL_KEY_CONS_L1;
+-char *CIL_KEY_CONS_L2;
+-char *CIL_KEY_CONS_H1;
+-char *CIL_KEY_CONS_H2;
+-char *CIL_KEY_AND;
+-char *CIL_KEY_OR;
+-char *CIL_KEY_NOT;
+-char *CIL_KEY_EQ;
+-char *CIL_KEY_NEQ;
+-char *CIL_KEY_CONS_DOM;
+-char *CIL_KEY_CONS_DOMBY;
+-char *CIL_KEY_CONS_INCOMP;
+-char *CIL_KEY_CONDTRUE;
+-char *CIL_KEY_CONDFALSE;
+-char *CIL_KEY_SELF;
+-char *CIL_KEY_OBJECT_R;
+-char *CIL_KEY_STAR;
+-char *CIL_KEY_TCP;
+-char *CIL_KEY_UDP;
+-char *CIL_KEY_DCCP;
+-char *CIL_KEY_SCTP;
+-char *CIL_KEY_AUDITALLOW;
+-char *CIL_KEY_TUNABLEIF;
+-char *CIL_KEY_ALLOW;
+-char *CIL_KEY_DONTAUDIT;
+-char *CIL_KEY_TYPETRANSITION;
+-char *CIL_KEY_TYPECHANGE;
+-char *CIL_KEY_CALL;
+-char *CIL_KEY_TUNABLE;
+-char *CIL_KEY_XOR;
+-char *CIL_KEY_ALL;
+-char *CIL_KEY_RANGE;
+-char *CIL_KEY_GLOB;
+-char *CIL_KEY_FILE;
+-char *CIL_KEY_DIR;
+-char *CIL_KEY_CHAR;
+-char *CIL_KEY_BLOCK;
+-char *CIL_KEY_SOCKET;
+-char *CIL_KEY_PIPE;
+-char *CIL_KEY_SYMLINK;
+-char *CIL_KEY_ANY;
+-char *CIL_KEY_XATTR;
+-char *CIL_KEY_TASK;
+-char *CIL_KEY_TRANS;
+-char *CIL_KEY_TYPE;
+-char *CIL_KEY_ROLE;
+-char *CIL_KEY_USER;
+-char *CIL_KEY_USERATTRIBUTE;
+-char *CIL_KEY_USERATTRIBUTESET;
+-char *CIL_KEY_SENSITIVITY;
+-char *CIL_KEY_CATEGORY;
+-char *CIL_KEY_CATSET;
+-char *CIL_KEY_LEVEL;
+-char *CIL_KEY_LEVELRANGE;
+-char *CIL_KEY_CLASS;
+-char *CIL_KEY_IPADDR;
+-char *CIL_KEY_MAP_CLASS;
+-char *CIL_KEY_CLASSPERMISSION;
+-char *CIL_KEY_BOOL;
+-char *CIL_KEY_STRING;
+-char *CIL_KEY_NAME;
+-char *CIL_KEY_SOURCE;
+-char *CIL_KEY_TARGET;
+-char *CIL_KEY_LOW;
+-char *CIL_KEY_HIGH;
+-char *CIL_KEY_LOW_HIGH;
+-char *CIL_KEY_GLBLUB;
+-char *CIL_KEY_HANDLEUNKNOWN;
+-char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
+-char *CIL_KEY_HANDLEUNKNOWN_DENY;
+-char *CIL_KEY_HANDLEUNKNOWN_REJECT;
+-char *CIL_KEY_MACRO;
+-char *CIL_KEY_IN;
+-char *CIL_KEY_MLS;
+-char *CIL_KEY_DEFAULTRANGE;
+-char *CIL_KEY_BLOCKINHERIT;
+-char *CIL_KEY_BLOCKABSTRACT;
+-char *CIL_KEY_CLASSORDER;
+-char *CIL_KEY_CLASSMAPPING;
+-char *CIL_KEY_CLASSPERMISSIONSET;
+-char *CIL_KEY_COMMON;
+-char *CIL_KEY_CLASSCOMMON;
+-char *CIL_KEY_SID;
+-char *CIL_KEY_SIDCONTEXT;
+-char *CIL_KEY_SIDORDER;
+-char *CIL_KEY_USERLEVEL;
+-char *CIL_KEY_USERRANGE;
+-char *CIL_KEY_USERBOUNDS;
+-char *CIL_KEY_USERPREFIX;
+-char *CIL_KEY_SELINUXUSER;
+-char *CIL_KEY_SELINUXUSERDEFAULT;
+-char *CIL_KEY_TYPEATTRIBUTE;
+-char *CIL_KEY_TYPEATTRIBUTESET;
+-char *CIL_KEY_EXPANDTYPEATTRIBUTE;
+-char *CIL_KEY_TYPEALIAS;
+-char *CIL_KEY_TYPEALIASACTUAL;
+-char *CIL_KEY_TYPEBOUNDS;
+-char *CIL_KEY_TYPEPERMISSIVE;
+-char *CIL_KEY_RANGETRANSITION;
+-char *CIL_KEY_USERROLE;
+-char *CIL_KEY_ROLETYPE;
+-char *CIL_KEY_ROLETRANSITION;
+-char *CIL_KEY_ROLEALLOW;
+-char *CIL_KEY_ROLEATTRIBUTE;
+-char *CIL_KEY_ROLEATTRIBUTESET;
+-char *CIL_KEY_ROLEBOUNDS;
+-char *CIL_KEY_BOOLEANIF;
+-char *CIL_KEY_NEVERALLOW;
+-char *CIL_KEY_TYPEMEMBER;
+-char *CIL_KEY_SENSALIAS;
+-char *CIL_KEY_SENSALIASACTUAL;
+-char *CIL_KEY_CATALIAS;
+-char *CIL_KEY_CATALIASACTUAL;
+-char *CIL_KEY_CATORDER;
+-char *CIL_KEY_SENSITIVITYORDER;
+-char *CIL_KEY_SENSCAT;
+-char *CIL_KEY_CONSTRAIN;
+-char *CIL_KEY_MLSCONSTRAIN;
+-char *CIL_KEY_VALIDATETRANS;
+-char *CIL_KEY_MLSVALIDATETRANS;
+-char *CIL_KEY_CONTEXT;
+-char *CIL_KEY_FILECON;
+-char *CIL_KEY_IBPKEYCON;
+-char *CIL_KEY_IBENDPORTCON;
+-char *CIL_KEY_PORTCON;
+-char *CIL_KEY_NODECON;
+-char *CIL_KEY_GENFSCON;
+-char *CIL_KEY_NETIFCON;
+-char *CIL_KEY_PIRQCON;
+-char *CIL_KEY_IOMEMCON;
+-char *CIL_KEY_IOPORTCON;
+-char *CIL_KEY_PCIDEVICECON;
+-char *CIL_KEY_DEVICETREECON;
+-char *CIL_KEY_FSUSE;
+-char *CIL_KEY_POLICYCAP;
+-char *CIL_KEY_OPTIONAL;
+-char *CIL_KEY_DEFAULTUSER;
+-char *CIL_KEY_DEFAULTROLE;
+-char *CIL_KEY_DEFAULTTYPE;
+-char *CIL_KEY_ROOT;
+-char *CIL_KEY_NODE;
+-char *CIL_KEY_PERM;
+-char *CIL_KEY_ALLOWX;
+-char *CIL_KEY_AUDITALLOWX;
+-char *CIL_KEY_DONTAUDITX;
+-char *CIL_KEY_NEVERALLOWX;
+-char *CIL_KEY_PERMISSIONX;
+-char *CIL_KEY_IOCTL;
+-char *CIL_KEY_UNORDERED;
+-char *CIL_KEY_SRC_INFO;
+-char *CIL_KEY_SRC_CIL;
+-char *CIL_KEY_SRC_HLL;
+extern char *CIL_KEY_CONS_T1;
+extern char *CIL_KEY_CONS_T2;
+extern char *CIL_KEY_CONS_T3;
+extern char *CIL_KEY_CONS_R1;
+extern char *CIL_KEY_CONS_R2;
+extern char *CIL_KEY_CONS_R3;
+extern char *CIL_KEY_CONS_U1;
+extern char *CIL_KEY_CONS_U2;
+extern char *CIL_KEY_CONS_U3;
+extern char *CIL_KEY_CONS_L1;
+extern char *CIL_KEY_CONS_L2;
+extern char *CIL_KEY_CONS_H1;
+extern char *CIL_KEY_CONS_H2;
+extern char *CIL_KEY_AND;
+extern char *CIL_KEY_OR;
+extern char *CIL_KEY_NOT;
+extern char *CIL_KEY_EQ;
+extern char *CIL_KEY_NEQ;
+extern char *CIL_KEY_CONS_DOM;
+extern char *CIL_KEY_CONS_DOMBY;
+extern char *CIL_KEY_CONS_INCOMP;
+extern char *CIL_KEY_CONDTRUE;
+extern char *CIL_KEY_CONDFALSE;
+extern char *CIL_KEY_SELF;
+extern char *CIL_KEY_OBJECT_R;
+extern char *CIL_KEY_STAR;
+extern char *CIL_KEY_TCP;
+extern char *CIL_KEY_UDP;
+extern char *CIL_KEY_DCCP;
+extern char *CIL_KEY_SCTP;
+extern char *CIL_KEY_AUDITALLOW;
+extern char *CIL_KEY_TUNABLEIF;
+extern char *CIL_KEY_ALLOW;
+extern char *CIL_KEY_DONTAUDIT;
+extern char *CIL_KEY_TYPETRANSITION;
+extern char *CIL_KEY_TYPECHANGE;
+extern char *CIL_KEY_CALL;
+extern char *CIL_KEY_TUNABLE;
+extern char *CIL_KEY_XOR;
+extern char *CIL_KEY_ALL;
+extern char *CIL_KEY_RANGE;
+extern char *CIL_KEY_GLOB;
+extern char *CIL_KEY_FILE;
+extern char *CIL_KEY_DIR;
+extern char *CIL_KEY_CHAR;
+extern char *CIL_KEY_BLOCK;
+extern char *CIL_KEY_SOCKET;
+extern char *CIL_KEY_PIPE;
+extern char *CIL_KEY_SYMLINK;
+extern char *CIL_KEY_ANY;
+extern char *CIL_KEY_XATTR;
+extern char *CIL_KEY_TASK;
+extern char *CIL_KEY_TRANS;
+extern char *CIL_KEY_TYPE;
+extern char *CIL_KEY_ROLE;
+extern char *CIL_KEY_USER;
+extern char *CIL_KEY_USERATTRIBUTE;
+extern char *CIL_KEY_USERATTRIBUTESET;
+extern char *CIL_KEY_SENSITIVITY;
+extern char *CIL_KEY_CATEGORY;
+extern char *CIL_KEY_CATSET;
+extern char *CIL_KEY_LEVEL;
+extern char *CIL_KEY_LEVELRANGE;
+extern char *CIL_KEY_CLASS;
+extern char *CIL_KEY_IPADDR;
+extern char *CIL_KEY_MAP_CLASS;
+extern char *CIL_KEY_CLASSPERMISSION;
+extern char *CIL_KEY_BOOL;
+extern char *CIL_KEY_STRING;
+extern char *CIL_KEY_NAME;
+extern char *CIL_KEY_SOURCE;
+extern char *CIL_KEY_TARGET;
+extern char *CIL_KEY_LOW;
+extern char *CIL_KEY_HIGH;
+extern char *CIL_KEY_LOW_HIGH;
+extern char *CIL_KEY_GLBLUB;
+extern char *CIL_KEY_HANDLEUNKNOWN;
+extern char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
+extern char *CIL_KEY_HANDLEUNKNOWN_DENY;
+extern char *CIL_KEY_HANDLEUNKNOWN_REJECT;
+extern char *CIL_KEY_MACRO;
+extern char *CIL_KEY_IN;
+extern char *CIL_KEY_MLS;
+extern char *CIL_KEY_DEFAULTRANGE;
+extern char *CIL_KEY_BLOCKINHERIT;
+extern char *CIL_KEY_BLOCKABSTRACT;
+extern char *CIL_KEY_CLASSORDER;
+extern char *CIL_KEY_CLASSMAPPING;
+extern char *CIL_KEY_CLASSPERMISSIONSET;
+extern char *CIL_KEY_COMMON;
+extern char *CIL_KEY_CLASSCOMMON;
+extern char *CIL_KEY_SID;
+extern char *CIL_KEY_SIDCONTEXT;
+extern char *CIL_KEY_SIDORDER;
+extern char *CIL_KEY_USERLEVEL;
+extern char *CIL_KEY_USERRANGE;
+extern char *CIL_KEY_USERBOUNDS;
+extern char *CIL_KEY_USERPREFIX;
+extern char *CIL_KEY_SELINUXUSER;
+extern char *CIL_KEY_SELINUXUSERDEFAULT;
+extern char *CIL_KEY_TYPEATTRIBUTE;
+extern char *CIL_KEY_TYPEATTRIBUTESET;
+extern char *CIL_KEY_EXPANDTYPEATTRIBUTE;
+extern char *CIL_KEY_TYPEALIAS;
+extern char *CIL_KEY_TYPEALIASACTUAL;
+extern char *CIL_KEY_TYPEBOUNDS;
+extern char *CIL_KEY_TYPEPERMISSIVE;
+extern char *CIL_KEY_RANGETRANSITION;
+extern char *CIL_KEY_USERROLE;
+extern char *CIL_KEY_ROLETYPE;
+extern char *CIL_KEY_ROLETRANSITION;
+extern char *CIL_KEY_ROLEALLOW;
+extern char *CIL_KEY_ROLEATTRIBUTE;
+extern char *CIL_KEY_ROLEATTRIBUTESET;
+extern char *CIL_KEY_ROLEBOUNDS;
+extern char *CIL_KEY_BOOLEANIF;
+extern char *CIL_KEY_NEVERALLOW;
+extern char *CIL_KEY_TYPEMEMBER;
+extern char *CIL_KEY_SENSALIAS;
+extern char *CIL_KEY_SENSALIASACTUAL;
+extern char *CIL_KEY_CATALIAS;
+extern char *CIL_KEY_CATALIASACTUAL;
+extern char *CIL_KEY_CATORDER;
+extern char *CIL_KEY_SENSITIVITYORDER;
+extern char *CIL_KEY_SENSCAT;
+extern char *CIL_KEY_CONSTRAIN;
+extern char *CIL_KEY_MLSCONSTRAIN;
+extern char *CIL_KEY_VALIDATETRANS;
+extern char *CIL_KEY_MLSVALIDATETRANS;
+extern char *CIL_KEY_CONTEXT;
+extern char *CIL_KEY_FILECON;
+extern char *CIL_KEY_IBPKEYCON;
+extern char *CIL_KEY_IBENDPORTCON;
+extern char *CIL_KEY_PORTCON;
+extern char *CIL_KEY_NODECON;
+extern char *CIL_KEY_GENFSCON;
+extern char *CIL_KEY_NETIFCON;
+extern char *CIL_KEY_PIRQCON;
+extern char *CIL_KEY_IOMEMCON;
+extern char *CIL_KEY_IOPORTCON;
+extern char *CIL_KEY_PCIDEVICECON;
+extern char *CIL_KEY_DEVICETREECON;
+extern char *CIL_KEY_FSUSE;
+extern char *CIL_KEY_POLICYCAP;
+extern char *CIL_KEY_OPTIONAL;
+extern char *CIL_KEY_DEFAULTUSER;
+extern char *CIL_KEY_DEFAULTROLE;
+extern char *CIL_KEY_DEFAULTTYPE;
+extern char *CIL_KEY_ROOT;
+extern char *CIL_KEY_NODE;
+extern char *CIL_KEY_PERM;
+extern char *CIL_KEY_ALLOWX;
+extern char *CIL_KEY_AUDITALLOWX;
+extern char *CIL_KEY_DONTAUDITX;
+extern char *CIL_KEY_NEVERALLOWX;
+extern char *CIL_KEY_PERMISSIONX;
+extern char *CIL_KEY_IOCTL;
+extern char *CIL_KEY_UNORDERED;
+extern char *CIL_KEY_SRC_INFO;
+extern char *CIL_KEY_SRC_CIL;
+extern char *CIL_KEY_SRC_HLL;
+ 
+ /*
+ 	Symbol Table Array Indices
+-- 
+2.24.1
+
--- a/0003-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
+++ b/0003-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
@ -0,0 +1,60 @@
+From cc277e2ce75b392e4502f92f1b82a8b24ef7818b Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Thu, 23 Jan 2020 13:57:14 +0100
+Subject: [PATCH] libsepol: remove leftovers of cil_mem_error_handler
+
+Commit 4459d635b8f1 ("libsepol: Remove cil_mem_error_handler() function
+pointer") replaced cil_mem_error_handler usage with inline contents of
+the default handler. However, it left over the header declaration and
+two callers. Convert these as well and remove the header declaration.
+
+This also fixes a build failure with -fno-common.
+
+Fixes: 4459d635b8f1 ("libsepol: Remove cil_mem_error_handler() function pointer")
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+---
+ libsepol/cil/src/cil_mem.h     | 1 -
+ libsepol/cil/src/cil_strpool.c | 8 ++++----
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/libsepol/cil/src/cil_mem.h b/libsepol/cil/src/cil_mem.h
+index 902ce131f90e..794f02a3de76 100644
+--- a/libsepol/cil/src/cil_mem.h
+++ b/libsepol/cil/src/cil_mem.h
+@@ -36,7 +36,6 @@ void *cil_calloc(size_t num_elements, size_t element_size);
+ void *cil_realloc(void *ptr, size_t size);
+ char *cil_strdup(const char *str);
+ int cil_asprintf(char **strp, const char *fmt, ...);
+-void (*cil_mem_error_handler)(void);
+ 
+ #endif /* CIL_MEM_H_ */
+ 
+diff --git a/libsepol/cil/src/cil_strpool.c b/libsepol/cil/src/cil_strpool.c
+index 97d4c4b9f070..2598bbf3d80e 100644
+--- a/libsepol/cil/src/cil_strpool.c
+++ b/libsepol/cil/src/cil_strpool.c
+@@ -80,8 +80,8 @@ char *cil_strpool_add(const char *str)
+ 		int rc = hashtab_insert(cil_strpool_tab, (hashtab_key_t)strpool_ref->str, strpool_ref);
+ 		if (rc != SEPOL_OK) {
+ 			pthread_mutex_unlock(&cil_strpool_mutex);
+-			(*cil_mem_error_handler)();
+-			pthread_mutex_lock(&cil_strpool_mutex);
+			cil_log(CIL_ERR, "Failed to allocate memory\n");
+			exit(1);
+ 		}
+ 	}
+ 
+@@ -104,8 +104,8 @@ void cil_strpool_init(void)
+ 		cil_strpool_tab = hashtab_create(cil_strpool_hash, cil_strpool_compare, CIL_STRPOOL_TABLE_SIZE);
+ 		if (cil_strpool_tab == NULL) {
+ 			pthread_mutex_unlock(&cil_strpool_mutex);
+-			(*cil_mem_error_handler)();
+-			return;
+			cil_log(CIL_ERR, "Failed to allocate memory\n");
+			exit(1);
+ 		}
+ 	}
+ 	cil_strpool_readers++;
+-- 
+2.24.1
+
--- a/libsepol.spec
+++ b/libsepol.spec
@ -1,7 +1,7 @@
 Summary: SELinux binary policy manipulation library
 Name: libsepol
 Version: 3.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: LGPLv2+
 Source0: https://github.com/SELinuxProject/selinux/releases/download/20191204/libsepol-3.0.tar.gz
 URL: https://github.com/SELinuxProject/selinux/wiki
@ -10,6 +10,9 @@ URL: https://github.com/SELinuxProject/selinux/wiki
 # $ git format-patch -N libsepol-3.0 -- libsepol
 # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
 # Patch list start
+Patch0001: 0001-libsepol-cil-Fix-bug-in-cil_copy_avrule-in-extended-.patch
+Patch0002: 0002-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
+Patch0003: 0003-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
 # Patch list end
 BuildRequires: gcc
 BuildRequires: flex
@ -96,6 +99,9 @@ exit 0
 %{_libdir}/libsepol.so.1

 %changelog
+* Tue Jan 28 2020 Petr Lautrbach <plautrba@redhat.com> - 3.0-2
+- Fix -fno-common issues discovered by GCC 10
+
 * Fri Dec  6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
 - SELinux userspace 3.0 release