rpms/libsepol/devel .cvsignore, 1.134, 1.135 libsepol-rhat.patch, 1.17, 1.18 libsepol.spec, 1.179, 1.180 sources, 1.135, 1.136
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon May 19 17:19:54 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/libsepol/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11622
Modified Files:
.cvsignore libsepol-rhat.patch libsepol.spec sources
Log Message:
* Mon May 19 2008 Dan Walsh <dwalsh at redhat.com> 2.0.28-1
- Upgrade to latest from NSA
* Fix mls_level_convert() to gracefully handle an empty user declaration/require from Stephen Smalley.
* Belatedly merge test for policy downgrade from Todd Miller.
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/libsepol/devel/.cvsignore,v
retrieving revision 1.134
retrieving revision 1.135
diff -u -r1.134 -r1.135
--- .cvsignore 27 Mar 2008 17:22:50 -0000 1.134
+++ .cvsignore 19 May 2008 17:19:04 -0000 1.135
@@ -134,3 +134,4 @@
libsepol-2.0.23.tgz
libsepol-2.0.25.tgz
libsepol-2.0.26.tgz
+libsepol-2.0.28.tgz
libsepol-rhat.patch:
Index: libsepol-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/libsepol/devel/libsepol-rhat.patch,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- libsepol-rhat.patch 28 Aug 2007 17:35:57 -0000 1.17
+++ libsepol-rhat.patch 19 May 2008 17:19:04 -0000 1.18
@@ -1,88 +1,237 @@
-Index: libsepol/src/module.c
-===================================================================
---- libsepol/src/module.c (revision 2538)
-+++ libsepol/src/module.c (working copy)
-@@ -353,21 +353,27 @@
- struct policy_file *file,
- size_t ** offsets, uint32_t * sections)
+diff --exclude-from=exclude -N -u -r nsalibsepol/include/sepol/policydb/conditional.h libsepol-2.0.1/include/sepol/policydb/conditional.h
+--- nsalibsepol/include/sepol/policydb/conditional.h 2006-11-16 17:14:15.000000000 -0500
++++ libsepol-2.0.1/include/sepol/policydb/conditional.h 2007-03-28 14:13:02.000000000 -0400
+@@ -100,6 +100,8 @@
+ cond_node_t * needle, cond_node_t * haystack,
+ int *was_created);
+
++extern cond_node_t *cond_node_create(policydb_t * p, cond_node_t * node);
++
+ extern cond_node_t *cond_node_search(policydb_t * p, cond_node_t * list,
+ cond_node_t * cn);
+
+diff --exclude-from=exclude -N -u -r nsalibsepol/src/conditional.c libsepol-2.0.1/src/conditional.c
+--- nsalibsepol/src/conditional.c 2006-11-16 17:14:24.000000000 -0500
++++ libsepol-2.0.1/src/conditional.c 2007-03-28 14:13:02.000000000 -0400
+@@ -26,9 +26,6 @@
+
+ #include "private.h"
+
+-#undef min
+-#define min(a,b) (((a) < (b)) ? (a) : (b))
+-
+ /* move all type rules to top of t/f lists to help kernel on evaluation */
+ static void cond_optimize(cond_av_list_t ** l)
+ {
+@@ -136,6 +133,38 @@
+ return 1;
+ }
+
++/* Create a new conditional node, optionally copying
++ * the conditional expression from an existing node.
++ * If node is NULL then a new node will be created
++ * with no conditional expression.
++ */
++cond_node_t *cond_node_create(policydb_t * p, cond_node_t * node)
++{
++ cond_node_t *new_node;
++ unsigned int i;
++
++ new_node = (cond_node_t *)malloc(sizeof(cond_node_t));
++ if (!new_node) {
++ return NULL;
++ }
++ memset(new_node, 0, sizeof(cond_node_t));
++
++ if (node) {
++ new_node->expr = cond_copy_expr(node->expr);
++ if (!new_node->expr) {
++ free(new_node);
++ return NULL;
++ }
++ new_node->cur_state = cond_evaluate_expr(p, new_node->expr);
++ new_node->nbools = node->nbools;
++ for (i = 0; i < min(node->nbools, COND_MAX_BOOLS); i++)
++ new_node->bool_ids[i] = node->bool_ids[i];
++ new_node->expr_pre_comp = node->expr_pre_comp;
++ }
++
++ return new_node;
++}
++
+ /* Find a conditional (the needle) within a list of existing ones (the
+ * haystack) that has a matching expression. If found, return a
+ * pointer to the existing node, setting 'was_created' to 0.
+@@ -145,9 +174,6 @@
+ cond_node_t * needle, cond_node_t * haystack,
+ int *was_created)
{
-- uint32_t buf[3], nsec;
-+ uint32_t *buf = NULL, nsec;
- unsigned i;
-- size_t *off;
-+ size_t *off = NULL;
- int rc;
-
-+ buf = malloc(sizeof(uint32_t)*3);
-+ if (!buf) {
-+ ERR(file->handle, "out of memory");
-+ goto err;
-+ }
-+
- rc = next_entry(buf, file, sizeof(uint32_t) * 3);
- if (rc < 0) {
- ERR(file->handle, "module package header truncated");
-- return -1;
-+ goto err;
- }
- if (le32_to_cpu(buf[0]) != SEPOL_MODULE_PACKAGE_MAGIC) {
- ERR(file->handle,
- "wrong magic number for module package: expected %u, got %u",
- SEPOL_MODULE_PACKAGE_MAGIC, le32_to_cpu(buf[0]));
-- return -1;
-+ goto err;
- }
-
- mod->version = le32_to_cpu(buf[1]);
-@@ -376,23 +382,29 @@
- if (nsec > MAXSECTIONS) {
- ERR(file->handle, "too many sections (%u) in module package",
- nsec);
-- return -1;
-+ goto err;
- }
-
- off = (size_t *) malloc((nsec + 1) * sizeof(size_t));
- if (!off) {
- ERR(file->handle, "out of memory");
-- return -1;
-+ goto err;
- }
-
-- rc = next_entry(off, file, sizeof(uint32_t) * nsec);
-+ free(buf);
-+ buf = malloc(sizeof(uint32_t) * nsec);
-+ if (!buf) {
-+ ERR(file->handle, "out of memory");
-+ goto err;
-+ }
-+ rc = next_entry(buf, file, sizeof(uint32_t) * nsec);
- if (rc < 0) {
- ERR(file->handle, "module package offset array truncated");
-- return -1;
-+ goto err;
- }
-
- for (i = 0; i < nsec; i++) {
-- off[i] = le32_to_cpu(off[i]);
-+ off[i] = le32_to_cpu(buf[i]);
- if (i && off[i] < off[i - 1]) {
- ERR(file->handle, "offsets are not increasing (at %u, "
- "offset %zu -> %zu", i, off[i - 1],
-@@ -401,10 +413,15 @@
- }
- }
-
--
-+ free(buf);
- off[nsec] = policy_file_length(file);
- *offsets = off;
+- cond_node_t *new_node;
+- unsigned int i;
+-
+ while (haystack) {
+ if (cond_expr_equal(needle, haystack)) {
+ *was_created = 0;
+@@ -156,26 +182,8 @@
+ haystack = haystack->next;
+ }
+ *was_created = 1;
+- new_node = (cond_node_t *) malloc(sizeof(cond_node_t));
+- if (!new_node) {
+- return NULL;
+- }
+- memset(new_node, 0, sizeof(cond_node_t));
+- new_node->expr = cond_copy_expr(needle->expr);
+- if (!new_node->expr) {
+- free(new_node);
+- return NULL;
+- }
+- new_node->cur_state = cond_evaluate_expr(p, new_node->expr);
+- new_node->nbools = needle->nbools;
+- for (i = 0; i < min(needle->nbools, COND_MAX_BOOLS); i++)
+- new_node->bool_ids[i] = needle->bool_ids[i];
+- new_node->expr_pre_comp = needle->expr_pre_comp;
+- new_node->true_list = NULL;
+- new_node->false_list = NULL;
+- new_node->avtrue_list = NULL;
+- new_node->avfalse_list = NULL;
+- return new_node;
++
++ return cond_node_create(p, needle);
+ }
+
+ /* return either a pre-existing matching node or create a new node */
+diff --exclude-from=exclude -N -u -r nsalibsepol/src/expand.c libsepol-2.0.1/src/expand.c
+--- nsalibsepol/src/expand.c 2007-02-07 12:11:48.000000000 -0500
++++ libsepol-2.0.1/src/expand.c 2007-03-28 14:13:02.000000000 -0400
+@@ -35,10 +35,12 @@
+ #include <assert.h>
+
+ #include "debug.h"
++#include "private.h"
+
+ typedef struct expand_state {
+ int verbose;
+ uint32_t *typemap;
++ uint32_t *boolmap;
+ policydb_t *base;
+ policydb_t *out;
+ sepol_handle_t *handle;
+@@ -791,8 +793,8 @@
+ return -1;
+ }
+
+- new_bool->s.value = bool->s.value;
+ state->out->p_bools.nprim++;
++ new_bool->s.value = state->out->p_bools.nprim;
+
+ ret = hashtab_insert(state->out->p_bools.table,
+ (hashtab_key_t) new_id,
+@@ -804,6 +806,8 @@
+ return -1;
+ }
+
++ state->boolmap[bool->s.value - 1] = new_bool->s.value;
++
+ new_bool->state = bool->state;
+
+ return 0;
+@@ -1555,12 +1559,35 @@
return 0;
+ }
+
++static int cond_node_map_bools(expand_state_t * state, cond_node_t * cn)
++{
++ cond_expr_t *cur;
++ unsigned int i;
++
++ cur = cn->expr;
++ while (cur) {
++ if (cur->bool)
++ cur->bool = state->boolmap[cur->bool - 1];
++ cur = cur->next;
++ }
++
++ for (i = 0; i < min(cn->nbools, COND_MAX_BOOLS); i++)
++ cn->bool_ids[i] = state->boolmap[cn->bool_ids[i] - 1];
++
++ if (cond_normalize_expr(state->out, cn)) {
++ ERR(state->handle, "Error while normalizing conditional");
++ return -1;
++ }
++
++ return 0;
++}
++
+ /* copy the nodes in *reverse* order -- the result is that the last
+ * given conditional appears first in the policy, so as to match the
+ * behavior of the upstream compiler */
+ static int cond_node_copy(expand_state_t * state, cond_node_t * cn)
+ {
+- cond_node_t *new_cond;
++ cond_node_t *new_cond, *tmp;
+
+ if (cn == NULL) {
+ return 0;
+@@ -1573,11 +1600,26 @@
+ return -1;
+ }
+
+- new_cond = cond_node_search(state->out, state->out->cond_list, cn);
++ /* create a new temporary conditional node with the booleans
++ * mapped */
++ tmp = cond_node_create(state->base, cn);
++ if (!tmp) {
++ ERR(state->handle, "Out of memory");
++ return -1;
++ }
++
++ if (cond_node_map_bools(state, tmp)) {
++ ERR(state->handle, "Error mapping booleans");
++ return -1;
++ }
++
++ new_cond = cond_node_search(state->out, state->out->cond_list, tmp);
+ if (!new_cond) {
++ cond_node_destroy(tmp);
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
++ cond_node_destroy(tmp);
+
+ if (cond_avrule_list_copy
+ (state->out, cn->avtrue_list, &state->out->te_cond_avtab,
+@@ -2210,6 +2252,12 @@
+ goto cleanup;
+ }
+
++ state.boolmap = (uint32_t *)calloc(state.base->p_bools.nprim, sizeof(uint32_t));
++ if (!state.boolmap) {
++ ERR(handle, "Out of memory!");
++ goto cleanup;
++ }
+
-+err:
-+ free(buf);
-+ free(off);
-+ return -1;
+ /* order is important - types must be first */
+
+ /* copy types */
+@@ -2364,6 +2412,7 @@
+
+ cleanup:
+ free(state.typemap);
++ free(state.boolmap);
+ return retval;
}
- /* Flags for which sections have been seen during parsing of module package. */
+diff --exclude-from=exclude -N -u -r nsalibsepol/src/private.h libsepol-2.0.1/src/private.h
+--- nsalibsepol/src/private.h 2007-02-07 12:11:48.000000000 -0500
++++ libsepol-2.0.1/src/private.h 2007-03-28 14:13:02.000000000 -0400
+@@ -24,6 +24,9 @@
+ #define le64_to_cpu(x) bswap_64(x)
+ #endif
+
++#undef min
++#define min(a,b) (((a) < (b)) ? (a) : (b))
++
+ /* Policy compatibility information. */
+ struct policydb_compat_info {
+ unsigned int type;
Index: libsepol.spec
===================================================================
RCS file: /cvs/extras/rpms/libsepol/devel/libsepol.spec,v
retrieving revision 1.179
retrieving revision 1.180
diff -u -r1.179 -r1.180
--- libsepol.spec 27 Mar 2008 17:22:50 -0000 1.179
+++ libsepol.spec 19 May 2008 17:19:04 -0000 1.180
@@ -1,7 +1,7 @@
Summary: SELinux binary policy manipulation library
Name: libsepol
-Version: 2.0.26
+Version: 2.0.28
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Libraries
@@ -97,6 +97,11 @@
/%{_lib}/libsepol.so.1
%changelog
+* Mon May 19 2008 Dan Walsh <dwalsh at redhat.com> 2.0.28-1
+- Upgrade to latest from NSA
+ * Fix mls_level_convert() to gracefully handle an empty user declaration/require from Stephen Smalley.
+ * Belatedly merge test for policy downgrade from Todd Miller.
+
* Thu Mar 27 2008 Dan Walsh <dwalsh at redhat.com> 2.0.26-1
- Upgrade to latest from NSA
* Add permissive domain support from Eric Paris.
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/libsepol/devel/sources,v
retrieving revision 1.135
retrieving revision 1.136
diff -u -r1.135 -r1.136
--- sources 27 Mar 2008 17:22:50 -0000 1.135
+++ sources 19 May 2008 17:19:04 -0000 1.136
@@ -1 +1 @@
-fe5c46787746ceab95d4d0013246cd6b libsepol-2.0.26.tgz
+6f31fb216999a695412ab75f5b322599 libsepol-2.0.28.tgz
More information about the fedora-extras-commits
mailing list