From 7918b2858e2e1df0ffe50f43aa5a19e8b3b0e906 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Aug 05 2008 14:05:15 +0000
Subject: - Update to Upstream

Add group support to seusers using %groupname syntax from Dan Walsh.
Mark setrans socket close-on-exec from Stephen Smalley.
Only apply nodups checking to base file contexts from Stephen Smalley.

---

diff --git a/.cvsignore b/.cvsignore
index c4ef604..334847d 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -155,3 +155,4 @@ libselinux-2.0.65.tgz
 libselinux-2.0.67.tgz
 libselinux-2.0.69.tgz
 libselinux-2.0.70.tgz
+libselinux-2.0.71.tgz
diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index d6ae833..895d3cf 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -1,7 +1,12 @@
 diff --exclude-from=exclude -N -u -r nsalibselinux/ChangeLog libselinux-2.0.70/ChangeLog
---- nsalibselinux/ChangeLog	2008-08-01 06:48:06.000000000 -0400
+--- nsalibselinux/ChangeLog	2008-08-05 09:58:25.000000000 -0400
 +++ libselinux-2.0.70/ChangeLog	2008-08-01 06:51:25.000000000 -0400
-@@ -1,6 +1,3 @@
+@@ -1,11 +1,3 @@
+-2.0.71 2008-08-05
+-	* Add group support to seusers using %groupname syntax from Dan Walsh.
+-	* Mark setrans socket close-on-exec from Stephen Smalley.
+-	* Only apply nodups checking to base file contexts from Stephen Smalley.
+-
 -2.0.70 2008-07-30
 -	* Merge ruby bindings from Dan Walsh.
 -
@@ -9,10 +14,10 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/ChangeLog libselinux-2.0.70/C
  	* Handle duplicate file context regexes as a fatal error from Stephen Smalley.
  	  This prevents adding them via semanage.
 diff --exclude-from=exclude -N -u -r nsalibselinux/VERSION libselinux-2.0.70/VERSION
---- nsalibselinux/VERSION	2008-08-01 06:48:06.000000000 -0400
+--- nsalibselinux/VERSION	2008-08-05 09:58:25.000000000 -0400
 +++ libselinux-2.0.70/VERSION	2008-08-01 06:51:25.000000000 -0400
 @@ -1 +1 @@
--2.0.70
+-2.0.71
 +2.0.69
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.70/man/man8/selinuxconlist.8
 --- nsalibselinux/man/man8/selinuxconlist.8	1969-12-31 19:00:00.000000000 -0500
@@ -90,142 +95,3 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux
  	va_end(ap);
  }
  
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0.70/src/seusers.c
---- nsalibselinux/src/seusers.c	2008-06-12 23:25:14.000000000 -0400
-+++ libselinux-2.0.70/src/seusers.c	2008-08-01 06:53:03.000000000 -0400
-@@ -89,6 +89,62 @@
- 
- int require_seusers hidden = 0;
- 
-+#include <pwd.h>
-+#include <grp.h>
-+
-+static gid_t get_default_gid(const char *name) {
-+	struct passwd pwstorage, *pwent = NULL;
-+	gid_t gid = -1;
-+	/* Allocate space for the getpwnam_r buffer */
-+	long rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
-+	if (rbuflen <= 0) return -1;
-+	char *rbuf = malloc(rbuflen);
-+	if (rbuf == NULL) return -1;
-+
-+	int retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
-+	if (retval == 0 || pwent != NULL) {
-+		gid = pwent->pw_gid;
-+	}
-+	free(rbuf);
-+	return gid;
-+}
-+
-+static int check_group(const char *group, const char *name, const gid_t gid) {
-+	int match = 0;
-+	int i, ng = 0;
-+	gid_t *groups = NULL;
-+	struct group gbuf, *grent = NULL;
-+
-+	long rbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
-+	if (rbuflen <= 0)
-+		return 0;
-+	char *rbuf = malloc(rbuflen);
-+	if (rbuf == NULL)
-+		return 0;
-+
-+	if (getgrnam_r(group, &gbuf, rbuf, rbuflen, 
-+		       &grent) != 0)
-+		goto done;
-+
-+	if (getgrouplist(name, gid, NULL, &ng) < 0) {
-+		groups = (gid_t *) malloc(sizeof (gid_t) * ng);
-+		if (!groups) goto done;
-+		if (getgrouplist(name, gid, groups, &ng) < 0) goto done;
-+	}
-+
-+	for (i = 0; i < ng; i++) {
-+		if (grent->gr_gid == groups[i]) {
-+			match = 1;
-+			goto done;
-+		}
-+	}
-+
-+ done:
-+	free(groups);
-+	free(rbuf);
-+	return match;
-+}
-+
- int getseuserbyname(const char *name, char **r_seuser, char **r_level)
- {
- 	FILE *cfg = NULL;
-@@ -101,9 +157,14 @@
- 	char *username = NULL;
- 	char *seuser = NULL;
- 	char *level = NULL;
-+	char *groupseuser = NULL;
-+	char *grouplevel = NULL;
- 	char *defaultseuser = NULL;
- 	char *defaultlevel = NULL;
- 
-+	gid_t gid = get_default_gid(name);
-+	if ( gid == (gid_t) -1 ) goto nomatch;
-+
- 	cfg = fopen(selinux_usersconf_path(), "r");
- 	if (!cfg)
- 		goto nomatch;
-@@ -124,31 +185,48 @@
- 		if (!strcmp(username, name))
- 			break;
- 
--		if (!defaultseuser && !strcmp(username, "__default__")) {
--			free(username);
--			defaultseuser = seuser;
--			defaultlevel = level;
-+		if (username[0] == '%' && 
-+		    !groupseuser && 
-+		    check_group(&username[1], name, gid)) {
-+				groupseuser = seuser;
-+				grouplevel = level;
- 		} else {
--			free(username);
--			free(seuser);
--			free(level);
-+			if (!defaultseuser && 
-+			    !strcmp(username, "__default__")) {
-+				defaultseuser = seuser;
-+				defaultlevel = level;
-+			} else {
-+				free(seuser);
-+				free(level);
-+			}
- 		}
-+		free(username);
-+		username = NULL;
- 		seuser = NULL;
- 	}
- 
--	if (buffer)
--		free(buffer);
-+	free(buffer);
- 	fclose(cfg);
- 
- 	if (seuser) {
- 		free(username);
- 		free(defaultseuser);
- 		free(defaultlevel);
-+		free(groupseuser);
-+		free(grouplevel);
- 		*r_seuser = seuser;
- 		*r_level = level;
- 		return 0;
- 	}
- 
-+	if (groupseuser) {
-+		free(defaultseuser);
-+		free(defaultlevel);
-+		*r_seuser = groupseuser;
-+		*r_level = grouplevel;
-+		return 0;
-+	}
-+
- 	if (defaultseuser) {
- 		*r_seuser = defaultseuser;
- 		*r_level = defaultlevel;
diff --git a/libselinux.spec b/libselinux.spec
index 912b8bb..0443d3a 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -4,7 +4,7 @@
 
 Summary: SELinux library and simple utilities
 Name: libselinux
-Version: 2.0.70
+Version: 2.0.71
 Release: 1%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
@@ -152,6 +152,12 @@ exit 0
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Tue Aug 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-1
+- Update to Upstream
+	* Add group support to seusers using %groupname syntax from Dan Walsh.
+	* Mark setrans socket close-on-exec from Stephen Smalley.
+	* Only apply nodups checking to base file contexts from Stephen Smalley.
+
 * Fri Aug 1 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.70-1
 - Update to Upstream
 	* Merge ruby bindings from Dan Walsh.
diff --git a/sources b/sources
index 76357a1..0c94398 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-46464eff4dd1d432d9f74cebebe222c5  libselinux-2.0.70.tgz
+5d59c1105c777f8520978ee00ab46656  libselinux-2.0.71.tgz