* Thu Feb 28 2008 Jeremy Katz <katzj@redhat.com> - 1.4.99.1-0.26

- Pull in another SELinux fix from upstream

xorg-x11-server.spec

@@ -20,7 +20,7 @@
 Summary:   X.Org X11 X server
 Name:      xorg-x11-server
 Version:   1.4.99.1
-Release:   0.25.%{?gitdate}%{?dist}
+Release:   0.26.%{?gitdate}%{?dist}
 URL:       http://www.x.org
 License:   MIT
 Group:     User Interface/X
@@ -36,6 +36,7 @@ Source2:   commitid
 Source0:   ftp://ftp.x.org/pub/individual/xserver/%{pkgname}-%{version}.tar.bz2
 %endif
 
+Patch10:   xserver-1.4.99-selinux-fix.patch
 # general bug fixes
 Patch19:   xserver-1.3.0-xnest-exposures.patch
 
@@ -509,6 +510,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Thu Feb 28 2008 Jeremy Katz <katzj@redhat.com> - 1.4.99.1-0.26
+- Pull in another SELinux fix from upstream
+
 * Wed Feb 27 2008 Adam Jackson <ajax@redhat.com> 1.4.99.1-0.25
 - Today's git snapshot.  Selinux fixes, XKB crash fix.
 

xserver-1.4.99-selinux-fix.patch

@@ -0,0 +1,21 @@
+From: Eamon Walsh <ewalsh@tycho.nsa.gov>
+Date: Thu, 28 Feb 2008 03:29:15 +0000 (-0500)
+Subject: xselinux: Don't throw BadAccess if DixUnknownAccess is passed in to a hook.
+X-Git-Url: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=e40cc5305bec656108077ab13fcc8e6e82b3707a
+
+xselinux: Don't throw BadAccess if DixUnknownAccess is passed in to a hook.
+
+The avc will still appear, however, so that the callsite can be fixed.
+---
+
+--- a/Xext/xselinux.c
++++ b/Xext/xselinux.c
+@@ -312,6 +312,8 @@ SELinuxDoCheck(SELinuxSubjectRec *subj, 
+ 
+     if (avc_has_perm(subj->sid, obj->sid, class, mode, &subj->aeref,
+ 		     auditdata) < 0) {
++	if (mode == DixUnknownAccess)
++	    return Success; /* DixUnknownAccess requests OK ... for now */
+ 	if (errno == EACCES)
+ 	    return BadAccess;
+ 	ErrorF("ServerPerm: unexpected error %d\n", errno);