diff --git a/.gitignore b/.gitignore index 27c9541..876d17d 100644 --- a/.gitignore +++ b/.gitignore @@ -88,3 +88,4 @@ checkpolicy-2.0.22.tgz /checkpolicy-2.1.9.tgz /checkpolicy-2.1.10.tgz /checkpolicy-2.1.11.tgz +/checkpolicy-2.1.12.tgz diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch index c6c639c..2b1116b 100644 --- a/checkpolicy-rhat.patch +++ b/checkpolicy-rhat.patch @@ -1,33 +1,13 @@ -diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c -index 47603e0..cb58cf0 100644 ---- a/checkpolicy/checkmodule.c -+++ b/checkpolicy/checkmodule.c -@@ -63,10 +63,12 @@ static int read_binary_policy(policydb_t * p, char *file, char *progname) - if (fstat(fd, &sb) < 0) { - fprintf(stderr, "Can't stat '%s': %s\n", - file, strerror(errno)); -+ close(fd); - return -1; - } - map = - mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); -+ close(fd); - if (map == MAP_FAILED) { - fprintf(stderr, "Can't map '%s': %s\n", file, strerror(errno)); - return -1; -diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c -index 8fa3214..2c12447 100644 ---- a/checkpolicy/policy_define.c -+++ b/checkpolicy/policy_define.c -@@ -2341,7 +2341,10 @@ int define_role_trans(int class_specified) - return -1; - } - -- ebitmap_set_bit(&e_classes, cladatum->s.value - 1, TRUE); -+ if (ebitmap_set_bit(&e_classes, cladatum->s.value - 1, TRUE)) { -+ yyerror("out of memory"); -+ return -1; -+ } - } - - id = (char *)queue_remove(id_queue); +diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l +index bba7667..f82c93b 100644 +--- a/checkpolicy/policy_scan.l ++++ b/checkpolicy/policy_scan.l +@@ -240,7 +240,7 @@ HIGH { return(HIGH); } + low | + LOW { return(LOW); } + "/"({alnum}|[_\.\-/])* { return(PATH); } +-\"({alnum}|[_\.\-\+\~])+\" { return(FILENAME); } ++\"({alnum}|[_\.\-\+\~ ])+\" { return(FILENAME); } + {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } + {alnum}*{letter}{alnum}* { return(FILESYSTEM); } + {digit}+|0x{hexval}+ { return(NUMBER); } diff --git a/checkpolicy.spec b/checkpolicy.spec index 807796b..64fd94d 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -2,11 +2,12 @@ %define libsepolver 2.1.8-2 Summary: SELinux policy compiler Name: checkpolicy -Version: 2.1.11 +Version: 2.1.12 Release: 2%{?dist} License: GPLv2 Group: Development/System Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz +Patch: checkpolicy-rhat.patch BuildRoot: %{_tmppath}/%{name}-buildroot BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel >= %{libselinuxver} @@ -27,6 +28,7 @@ Only required for building policies. %prep %setup -q +%patch -p2 -b .rhat %build make clean @@ -54,6 +56,26 @@ rm -rf ${RPM_BUILD_ROOT} %{_bindir}/sedispol %changelog +* Tue Mar 12 2013 Dan Walsh - 2.1.12-2 +- Space should be allowed for file trans names + +* Thu Feb 7 2013 Dan Walsh - 2.1.12-1 +- Update to upstream + * Fix errors found by coverity + * implement default type policy syntax + * Free allocated memory when clean up / exit. + +* Sat Jan 5 2013 Dan Walsh - 2.1.11-3 +- Update to latest patches from eparis/Upstream +- checkpolicy: libsepol: implement default type policy syntax +- +- We currently have a mechanism in which the default user, role, and range +- can be picked up from the source or the target object. This implements +- the same thing for types. The kernel will override this with type +- transition rules and similar. This is just the default if nothing +- specific is given. + + * Wed Sep 19 2012 Dan Walsh - 2.1.11-2 - Rebuild with fixed libsepol @@ -206,7 +228,7 @@ such a rule is added to a conditional. * Wed Dec 8 2010 Dan Walsh - 2.0.22-2 - Rebuild to make sure it will build in Fedora -* Mon Jun 16 2010 Dan Walsh - 2.0.22-1 +* Wed Jun 16 2010 Dan Walsh - 2.0.22-1 - Latest update from NSA * Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence - Allow policy version to be one number @@ -214,7 +236,7 @@ such a rule is added to a conditional. * Mon May 3 2010 Dan Walsh - 2.0.21-2 - Fix checkmodule man page and usage statements -* Tue Nov 1 2009 Dan Walsh - 2.0.21-1 +* Sun Nov 1 2009 Dan Walsh - 2.0.21-1 - Latest update from NSA * Add support for building Xen policies from Paul Nuzzi. * Add long options to checkpolicy and checkmodule by Guido @@ -248,12 +270,12 @@ such a rule is added to a conditional. - Latest update from NSA * Update checkpolicy for user and role mapping support from Joshua Brindle. -* Tue May 2 2008 Dan Walsh - 2.0.15-1 +* Fri May 2 2008 Dan Walsh - 2.0.15-1 - Latest update from NSA * Fix for policy module versions that look like IPv4 addresses from Jim Carter. Resolves bug 444451. -* Tue May 2 2008 Dan Walsh - 2.0.14-2 +* Fri May 2 2008 Dan Walsh - 2.0.14-2 - Allow modules with 4 sections or more * Thu Mar 27 2008 Dan Walsh - 2.0.14-1 @@ -303,10 +325,10 @@ such a rule is added to a conditional. * Tue Aug 28 2007 Fedora Release Engineering - 2.0.3-3 - Rebuild for selinux ppc32 issue. -* Thu Jun 18 2007 Dan Walsh - 2.0.3-2 +* Mon Jun 18 2007 Dan Walsh - 2.0.3-2 - Rebuild with the latest libsepol -* Thu Jun 17 2007 Dan Walsh - 2.0.3-1 +* Sun Jun 17 2007 Dan Walsh - 2.0.3-1 - Latest update from NSA * Merged fix for segfault on duplicate require of sensitivity from Caleb Case. * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh. @@ -321,7 +343,7 @@ such a rule is added to a conditional. * Wed Mar 28 2007 Dan Walsh - 2.0.1-2 - Rebuild with new libsepol -* Tue Nov 20 2006 Dan Walsh - 2.0.1-1 +* Mon Nov 20 2006 Dan Walsh - 2.0.1-1 - Latest update from NSA * Merged patch to allow dots in class identifiers from Caleb Case. @@ -366,7 +388,7 @@ such a rule is added to a conditional. from Joshua Brindle. * Merged optionals in base take 2 patch set from Joshua Brindle. -* Wed May 23 2006 Dan Walsh - 1.30.5-1 +* Tue May 23 2006 Dan Walsh - 1.30.5-1 - Latest upgrade from NSA * Merged compiler cleanup patch from Karl MacMillan. * Merged fix warnings patch from Karl MacMillan. @@ -616,7 +638,7 @@ such a rule is added to a conditional. * Added sepol_ prefix to Flask types to avoid namespace collision with libselinux. -* Fri May 7 2005 Dan Walsh 1.23-2-1 +* Sat May 7 2005 Dan Walsh 1.23-2-1 - Update to NSA Release * Merged identifier fix from Joshua Brindle (Tresys). @@ -694,7 +716,7 @@ such a rule is added to a conditional. * Wed Aug 11 2004 Dan Walsh 1.15.4-1 - Latest from NSA -* Sat Aug 8 2004 Dan Walsh 1.15.3-1 +* Sat Aug 7 2004 Dan Walsh 1.15.3-1 - Latest from NSA * Wed Aug 4 2004 Dan Walsh 1.15.2-1 @@ -736,7 +758,7 @@ such a rule is added to a conditional. * Mon Mar 15 2004 Dan Walsh 1.8-1 - Upgrade to the latest from NSA -* Mon Feb 24 2004 Dan Walsh 1.6-1 +* Tue Feb 24 2004 Dan Walsh 1.6-1 - Upgrade to the latest from NSA * Fri Feb 13 2004 Elliot Lee @@ -768,4 +790,3 @@ such a rule is added to a conditional. * Mon Jun 2 2003 Dan Walsh 1.0-1 - Initial version - diff --git a/sources b/sources index 18afb94..41aa3c0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a39eec39a84161f88b63ce405549e5b6 checkpolicy-2.1.11.tgz +36e9a62952239b4cdfbb9dcdcf292e14 checkpolicy-2.1.12.tgz