rpms/rpm
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- update to 4.4.2.2 final

Browse Source 
- update matchpathcon patch to work better when selinux disabled
- resolves #251400, #315271, #296731, #308171, #305221, #295941
This commit is contained in:
Panu Matilainen 2007-10-03 10:56:24 +00:00
parent 115a45cd07
commit 65c42a5cc4
4 changed files with 264 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1 +1 @@
rpm-4.4.2.2-rc2.tar.gz
rpm-4.4.2.2.tar.gz

253
rpm-4.4.2.2-matchpathcon.patch Normal file
View File

@ -0,0 +1,253 @@
diff -up rpm-4.4.2.2-rc2/python/Makefile.am.matchpathcon rpm-4.4.2.2-rc2/python/Makefile.am
--- rpm-4.4.2.2-rc2/python/Makefile.am.matchpathcon 2007-09-11 09:28:15.000000000 +0300
+++ rpm-4.4.2.2-rc2/python/Makefile.am 2007-09-27 11:05:29.000000000 +0300
@@ -34,7 +34,8 @@ mylibs= \
$(top_builddir)/rpmdb/librpmdb.la \
$(top_builddir)/rpmio/librpmio.la \
@WITH_POPT_LIB@ \
- @WITH_LIBELF_LIB@
+ @WITH_LIBELF_LIB@ \
+ @WITH_SELINUX_LIB@
LDADD =
diff -up rpm-4.4.2.2-rc2/python/rpmts-py.c.matchpathcon rpm-4.4.2.2-rc2/python/rpmts-py.c
--- rpm-4.4.2.2-rc2/python/rpmts-py.c.matchpathcon 2007-09-11 09:28:15.000000000 +0300
+++ rpm-4.4.2.2-rc2/python/rpmts-py.c 2007-09-27 11:25:29.000000000 +0300
@@ -1187,17 +1187,13 @@ rpmts_Run(rpmtsObject * s, PyObject * ar
}
/* Initialize security context patterns (if not already done). */
- if (!(s->ts->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) {
- rpmsx sx = rpmtsREContext(s->ts);
- if (sx == NULL) {
- const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
- if (fn != NULL && *fn != '\0') {
- sx = rpmsxNew(fn);
- (void) rpmtsSetREContext(s->ts, sx);
- }
- fn = _free(fn);
+ if (rpmtsSELinuxEnabled(s->ts) &&
+ !(s->ts->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) {
+ const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
+ if (fn != NULL && *fn != '\0') {
+ matchpathcon_init(fn);
}
- sx = rpmsxFree(sx);
+ fn = _free(fn);
}
if (_rpmts_debug)
diff -up rpm-4.4.2.2-rc2/build/Makefile.am.matchpathcon rpm-4.4.2.2-rc2/build/Makefile.am
--- rpm-4.4.2.2-rc2/build/Makefile.am.matchpathcon 2007-09-11 09:28:12.000000000 +0300
+++ rpm-4.4.2.2-rc2/build/Makefile.am 2007-09-27 11:05:29.000000000 +0300
@@ -35,6 +35,7 @@ librpmbuild_la_LDFLAGS = -release 4.4 $(
$(top_builddir)/lib/librpm.la \
$(top_builddir)/rpmdb/librpmdb.la \
$(top_builddir)/rpmio/librpmio.la \
+ @WITH_SELINUX_LIB@ \
@WITH_LIBELF_LIB@
rpmfile.h:
diff -up rpm-4.4.2.2-rc2/build/files.c.matchpathcon rpm-4.4.2.2-rc2/build/files.c
--- rpm-4.4.2.2-rc2/build/files.c.matchpathcon 2007-09-11 09:28:12.000000000 +0300
+++ rpm-4.4.2.2-rc2/build/files.c 2007-09-27 11:05:29.000000000 +0300
@@ -23,7 +23,7 @@
#define _RPMFI_INTERNAL
#include "rpmfi.h"
-#include "rpmsx.h"
+#include <selinux/selinux.h>
#define _RPMTE_INTERNAL
#include "rpmte.h"
@@ -1136,7 +1136,7 @@ static void genCpioListAndHeader(/*@part
int apathlen = 0;
int dpathlen = 0;
int skipLen = 0;
- rpmsx sx = NULL;
+ security_context_t scon = NULL;
const char * sxfn;
size_t fnlen;
FileListRec flp;
@@ -1156,7 +1156,7 @@ static void genCpioListAndHeader(/*@part
sxfn = rpmGetPath("%{?_build_file_context_path}", NULL);
if (sxfn != NULL && *sxfn != '\0')
- sx = rpmsxNew(sxfn);
+ matchpathcon_init(sxfn);
for (i = 0, flp = fl->fileList; i < fl->fileListRecsUsed; i++, flp++) {
const char *s;
@@ -1338,18 +1338,19 @@ static void genCpioListAndHeader(/*@part
&(flp->flags), 1);
/* Add file security context to package. */
-/*@-branchstate@*/
- if (sx != NULL) {
- mode_t fmode = (uint_16)flp->fl_mode;
- s = rpmsxFContext(sx, flp->fileURL, fmode);
- if (s == NULL) s = "";
- (void) headerAddOrAppendEntry(h, RPMTAG_FILECONTEXTS, RPM_STRING_ARRAY_TYPE,
- &s, 1);
- }
-/*@=branchstate@*/
+ mode_t fmode = (uint_16)flp->fl_mode;
+ int rc = matchpathcon(flp->fileURL, fmode, &scon);
+ if ( rc == 0 && scon != NULL) {
+ (void) headerAddOrAppendEntry(h, RPMTAG_FILECONTEXTS, RPM_STRING_ARRAY_TYPE, &scon, 1);
+ freecon(scon);
+ }
+ else {
+ const char *nocon = "";
+ (void) headerAddOrAppendEntry(h, RPMTAG_FILECONTEXTS, RPM_STRING_ARRAY_TYPE, &nocon, 1);
+ }
+
}
- sx = rpmsxFree(sx);
sxfn = _free(sxfn);
(void) headerAddEntry(h, RPMTAG_SIZE, RPM_INT32_TYPE,
diff -up rpm-4.4.2.2-rc2/lib/fsm.c.matchpathcon rpm-4.4.2.2-rc2/lib/fsm.c
--- rpm-4.4.2.2-rc2/lib/fsm.c.matchpathcon 2007-09-11 09:28:15.000000000 +0300
+++ rpm-4.4.2.2-rc2/lib/fsm.c 2007-09-27 11:28:30.000000000 +0300
@@ -634,12 +634,11 @@ static int fsmMapFContext(FSM_t fsm)
if (ts != NULL && rpmtsSELinuxEnabled(ts) == 1 &&
!(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS))
{
- rpmsx sx = rpmtsREContext(ts);
+ security_context_t scon = NULL;
- if (sx != NULL) {
+ if ( matchpathcon(fsm->path, st->st_mode, &scon) == 0 && scon != NULL) {
/* Get file security context from patterns. */
- fsm->fcontext = rpmsxFContext(sx, fsm->path, st->st_mode);
- sx = rpmsxFree(sx);
+ fsm->fcontext = scon;
} else {
int i = fsm->ix;
@@ -1277,7 +1276,7 @@ static int fsmMkdirs(/*@special@*/ /*@pa
/*@-compdef@*/
rpmts ts = fsmGetTs(fsm);
/*@=compdef@*/
- rpmsx sx = rpmtsREContext(ts);
+ security_context_t scon = NULL;
fsm->path = NULL;
@@ -1341,10 +1340,15 @@ static int fsmMkdirs(/*@special@*/ /*@pa
if (!rc) {
/* XXX FIXME? only new dir will have context set. */
/* Get file security context from patterns. */
- if (sx != NULL) {
- fsm->fcontext = rpmsxFContext(sx, fsm->path, st->st_mode);
- rc = fsmNext(fsm, FSM_LSETFCON);
+ if (rpmtsSELinuxEnabled(ts) &&
+ ! rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS) {
+ if (matchpathcon(fsm->path, st->st_mode, &scon) == 0 &&
+ scon != NULL) {
+ fsm->fcontext = scon;
+ rc = fsmNext(fsm, FSM_LSETFCON);
+ }
}
+
if (fsm->fcontext == NULL)
rpmMessage(RPMMESS_DEBUG,
_("%s directory created with perms %04o, no context.\n"),
@@ -1377,7 +1381,6 @@ static int fsmMkdirs(/*@special@*/ /*@pa
}
/*@=boundswrite@*/
dnli = dnlFreeIterator(dnli);
- sx = rpmsxFree(sx);
/*@=observertrans =dependenttrans@*/
fsm->path = path;
diff -up rpm-4.4.2.2-rc2/lib/rpmfi.c.matchpathcon rpm-4.4.2.2-rc2/lib/rpmfi.c
--- rpm-4.4.2.2-rc2/lib/rpmfi.c.matchpathcon 2007-09-11 09:28:15.000000000 +0300
+++ rpm-4.4.2.2-rc2/lib/rpmfi.c 2007-09-27 11:05:29.000000000 +0300
@@ -16,7 +16,7 @@
#define _RPMFI_INTERNAL
#include "rpmfi.h"
-#include "rpmsx.h"
+#include <selinux/selinux.h>
#define _RPMTE_INTERNAL /* relocations */
#include "rpmte.h"
@@ -1697,8 +1697,8 @@ void rpmfiBuildREContexts(Header h,
{
int scareMem = 0;
rpmfi fi = rpmfiNew(NULL, h, RPMTAG_BASENAMES, scareMem);
- rpmsx sx = NULL;
const char ** av = NULL;
+ const char * myfn = rpmGetPath("%{?__file_context_path}", NULL);
int ac;
size_t nb;
char * t;
@@ -1712,7 +1712,7 @@ void rpmfiBuildREContexts(Header h,
}
/* Read security context patterns. */
- sx = rpmsxNew(NULL);
+ matchpathcon_init(myfn);
/* Compute size of argv array blob, concatenating file contexts. */
nb = ac * sizeof(*fcnb);
@@ -1723,10 +1723,9 @@ void rpmfiBuildREContexts(Header h,
while (rpmfiNext(fi) >= 0) {
const char * fn = rpmfiFN(fi);
mode_t fmode = rpmfiFMode(fi);
- const char * scon;
+ security_context_t scon;
- scon = rpmsxFContext(sx, fn, fmode);
- if (scon != NULL) {
+ if (matchpathcon(fn, fmode, &scon) == 0) {
fcnb[ac] = strlen(scon) + 1;
/*@-branchstate@*/
if (fcnb[ac] > 0) {
@@ -1734,6 +1733,7 @@ void rpmfiBuildREContexts(Header h,
memcpy(fctxt+fctxtlen, scon, fcnb[ac]);
fctxtlen += fcnb[ac];
}
+ freecon(scon);
/*@=branchstate@*/
}
ac++;
@@ -1759,7 +1759,6 @@ void rpmfiBuildREContexts(Header h,
exit:
fi = rpmfiFree(fi);
- sx = rpmsxFree(sx);
/*@-branchstate@*/
if (fcontextp)
*fcontextp = av;
diff -up rpm-4.4.2.2-rc2/lib/rpminstall.c.matchpathcon rpm-4.4.2.2-rc2/lib/rpminstall.c
--- rpm-4.4.2.2-rc2/lib/rpminstall.c.matchpathcon 2007-09-11 09:28:15.000000000 +0300
+++ rpm-4.4.2.2-rc2/lib/rpminstall.c 2007-09-27 11:27:46.000000000 +0300
@@ -309,17 +309,12 @@ int rpmInstall(rpmts ts,
ia->transFlags |= RPMTRANS_FLAG_REPACKAGE;
/* Initialize security context patterns (if not already done). */
- if (!(ia->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) {
- rpmsx sx = rpmtsREContext(ts);
- if (sx == NULL) {
- const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
- if (fn != NULL && *fn != '\0') {
- sx = rpmsxNew(fn);
- (void) rpmtsSetREContext(ts, sx);
- }
- fn = _free(fn);
- }
- sx = rpmsxFree(sx);
+ if (rpmtsSELinuxEnabled(ts) &&
+ !(ia->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) {
+ const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
+ if (fn != NULL && *fn != '\0') {
+ matchpathcon_init(fn);
+ }
}
(void) rpmtsSetFlags(ts, ia->transFlags);

13
rpm.spec
View File

@ -6,16 +6,16 @@
Summary: The RPM package management system
Name: rpm
Version: 4.4.2.2
Release: 0.5.rc2
Release: 1%{?dist}
Group: System Environment/Base
Url: http://www.rpm.org/
Source: %{name}-%{version}-rc2.tar.gz
Source: %{name}-%{version}.tar.gz
Patch1: rpm-4.4.1-prereq.patch
Patch2: rpm-4.4.2-ghost-conflicts.patch
Patch3: rpm-4.4.2-trust.patch
Patch4: rpm-4.4.2-devel-autodep.patch
Patch5: rpm-4.4.2-rpmfc-skip.patch
Patch6: rpm-4.4.2-matchpathcon.patch
Patch6: rpm-4.4.2.2-matchpathcon.patch
Patch7: rpm-4.4.2.1-no-popt.patch
# XXX Beware, this is one murky license, partially GPL/LGPL dual-licensed
@ -131,7 +131,7 @@ that will manipulate RPM packages and databases.
%endif
%prep
%setup -q -n %{name}-%{version}-rc2
%setup -q -n %{name}-%{version}
%patch1 -p1 -b .prereq
%patch2 -p1 -b .ghostconflicts
%patch3 -p1 -b .trust
@ -401,6 +401,11 @@ exit 0
%endif
%changelog
* Wed Oct 03 2007 Panu Matilainen <pmatilai@redhat.com> 4.4.2.2-1
- update to 4.4.2.2 final
- update matchpathcon patch to work better when selinux disabled
- resolves #251400, #315271, #296731, #308171, #305221, #295941
* Tue Sep 11 2007 Panu Matilainen <pmatilai@redhat.com> 4.4.2.2-0.5.rc2
- 4.4.2.2-rc2
- resolves #180996, #281611, #259961, #277161, #155079

2
sources
View File

@ -1 +1 @@
75c0be2051be684e5f0b1517c4269aa3 rpm-4.4.2.2-rc2.tar.gz
15faa7ebd9791ade1a2f8181821ac259 rpm-4.4.2.2.tar.gz