From 65c42a5cc4e95e8d4a402f989694bc39d84af07d Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Oct 03 2007 10:56:24 +0000 Subject: - update to 4.4.2.2 final - update matchpathcon patch to work better when selinux disabled - resolves #251400, #315271, #296731, #308171, #305221, #295941 --- diff --git a/.cvsignore b/.cvsignore index 7d8eae7..9503de7 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -rpm-4.4.2.2-rc2.tar.gz +rpm-4.4.2.2.tar.gz diff --git a/rpm-4.4.2.2-matchpathcon.patch b/rpm-4.4.2.2-matchpathcon.patch new file mode 100644 index 0000000..2b7328d --- /dev/null +++ b/rpm-4.4.2.2-matchpathcon.patch @@ -0,0 +1,253 @@ +diff -up rpm-4.4.2.2-rc2/python/Makefile.am.matchpathcon rpm-4.4.2.2-rc2/python/Makefile.am +--- rpm-4.4.2.2-rc2/python/Makefile.am.matchpathcon 2007-09-11 09:28:15.000000000 +0300 ++++ rpm-4.4.2.2-rc2/python/Makefile.am 2007-09-27 11:05:29.000000000 +0300 +@@ -34,7 +34,8 @@ mylibs= \ + $(top_builddir)/rpmdb/librpmdb.la \ + $(top_builddir)/rpmio/librpmio.la \ + @WITH_POPT_LIB@ \ +- @WITH_LIBELF_LIB@ ++ @WITH_LIBELF_LIB@ \ ++ @WITH_SELINUX_LIB@ + + LDADD = + +diff -up rpm-4.4.2.2-rc2/python/rpmts-py.c.matchpathcon rpm-4.4.2.2-rc2/python/rpmts-py.c +--- rpm-4.4.2.2-rc2/python/rpmts-py.c.matchpathcon 2007-09-11 09:28:15.000000000 +0300 ++++ rpm-4.4.2.2-rc2/python/rpmts-py.c 2007-09-27 11:25:29.000000000 +0300 +@@ -1187,17 +1187,13 @@ rpmts_Run(rpmtsObject * s, PyObject * ar + } + + /* Initialize security context patterns (if not already done). */ +- if (!(s->ts->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) { +- rpmsx sx = rpmtsREContext(s->ts); +- if (sx == NULL) { +- const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); +- if (fn != NULL && *fn != '\0') { +- sx = rpmsxNew(fn); +- (void) rpmtsSetREContext(s->ts, sx); +- } +- fn = _free(fn); ++ if (rpmtsSELinuxEnabled(s->ts) && ++ !(s->ts->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) { ++ const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); ++ if (fn != NULL && *fn != '\0') { ++ matchpathcon_init(fn); + } +- sx = rpmsxFree(sx); ++ fn = _free(fn); + } + + if (_rpmts_debug) +diff -up rpm-4.4.2.2-rc2/build/Makefile.am.matchpathcon rpm-4.4.2.2-rc2/build/Makefile.am +--- rpm-4.4.2.2-rc2/build/Makefile.am.matchpathcon 2007-09-11 09:28:12.000000000 +0300 ++++ rpm-4.4.2.2-rc2/build/Makefile.am 2007-09-27 11:05:29.000000000 +0300 +@@ -35,6 +35,7 @@ librpmbuild_la_LDFLAGS = -release 4.4 $( + $(top_builddir)/lib/librpm.la \ + $(top_builddir)/rpmdb/librpmdb.la \ + $(top_builddir)/rpmio/librpmio.la \ ++ @WITH_SELINUX_LIB@ \ + @WITH_LIBELF_LIB@ + + rpmfile.h: +diff -up rpm-4.4.2.2-rc2/build/files.c.matchpathcon rpm-4.4.2.2-rc2/build/files.c +--- rpm-4.4.2.2-rc2/build/files.c.matchpathcon 2007-09-11 09:28:12.000000000 +0300 ++++ rpm-4.4.2.2-rc2/build/files.c 2007-09-27 11:05:29.000000000 +0300 +@@ -23,7 +23,7 @@ + #define _RPMFI_INTERNAL + #include "rpmfi.h" + +-#include "rpmsx.h" ++#include + + #define _RPMTE_INTERNAL + #include "rpmte.h" +@@ -1136,7 +1136,7 @@ static void genCpioListAndHeader(/*@part + int apathlen = 0; + int dpathlen = 0; + int skipLen = 0; +- rpmsx sx = NULL; ++ security_context_t scon = NULL; + const char * sxfn; + size_t fnlen; + FileListRec flp; +@@ -1156,7 +1156,7 @@ static void genCpioListAndHeader(/*@part + + sxfn = rpmGetPath("%{?_build_file_context_path}", NULL); + if (sxfn != NULL && *sxfn != '\0') +- sx = rpmsxNew(sxfn); ++ matchpathcon_init(sxfn); + + for (i = 0, flp = fl->fileList; i < fl->fileListRecsUsed; i++, flp++) { + const char *s; +@@ -1338,18 +1338,19 @@ static void genCpioListAndHeader(/*@part + &(flp->flags), 1); + + /* Add file security context to package. */ +-/*@-branchstate@*/ +- if (sx != NULL) { +- mode_t fmode = (uint_16)flp->fl_mode; +- s = rpmsxFContext(sx, flp->fileURL, fmode); +- if (s == NULL) s = ""; +- (void) headerAddOrAppendEntry(h, RPMTAG_FILECONTEXTS, RPM_STRING_ARRAY_TYPE, +- &s, 1); +- } +-/*@=branchstate@*/ ++ mode_t fmode = (uint_16)flp->fl_mode; ++ int rc = matchpathcon(flp->fileURL, fmode, &scon); ++ if ( rc == 0 && scon != NULL) { ++ (void) headerAddOrAppendEntry(h, RPMTAG_FILECONTEXTS, RPM_STRING_ARRAY_TYPE, &scon, 1); ++ freecon(scon); ++ } ++ else { ++ const char *nocon = ""; ++ (void) headerAddOrAppendEntry(h, RPMTAG_FILECONTEXTS, RPM_STRING_ARRAY_TYPE, &nocon, 1); ++ } ++ + + } +- sx = rpmsxFree(sx); + sxfn = _free(sxfn); + + (void) headerAddEntry(h, RPMTAG_SIZE, RPM_INT32_TYPE, +diff -up rpm-4.4.2.2-rc2/lib/fsm.c.matchpathcon rpm-4.4.2.2-rc2/lib/fsm.c +--- rpm-4.4.2.2-rc2/lib/fsm.c.matchpathcon 2007-09-11 09:28:15.000000000 +0300 ++++ rpm-4.4.2.2-rc2/lib/fsm.c 2007-09-27 11:28:30.000000000 +0300 +@@ -634,12 +634,11 @@ static int fsmMapFContext(FSM_t fsm) + if (ts != NULL && rpmtsSELinuxEnabled(ts) == 1 && + !(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) + { +- rpmsx sx = rpmtsREContext(ts); ++ security_context_t scon = NULL; + +- if (sx != NULL) { ++ if ( matchpathcon(fsm->path, st->st_mode, &scon) == 0 && scon != NULL) { + /* Get file security context from patterns. */ +- fsm->fcontext = rpmsxFContext(sx, fsm->path, st->st_mode); +- sx = rpmsxFree(sx); ++ fsm->fcontext = scon; + } else { + int i = fsm->ix; + +@@ -1277,7 +1276,7 @@ static int fsmMkdirs(/*@special@*/ /*@pa + /*@-compdef@*/ + rpmts ts = fsmGetTs(fsm); + /*@=compdef@*/ +- rpmsx sx = rpmtsREContext(ts); ++ security_context_t scon = NULL; + + fsm->path = NULL; + +@@ -1341,10 +1340,15 @@ static int fsmMkdirs(/*@special@*/ /*@pa + if (!rc) { + /* XXX FIXME? only new dir will have context set. */ + /* Get file security context from patterns. */ +- if (sx != NULL) { +- fsm->fcontext = rpmsxFContext(sx, fsm->path, st->st_mode); +- rc = fsmNext(fsm, FSM_LSETFCON); ++ if (rpmtsSELinuxEnabled(ts) && ++ ! rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS) { ++ if (matchpathcon(fsm->path, st->st_mode, &scon) == 0 && ++ scon != NULL) { ++ fsm->fcontext = scon; ++ rc = fsmNext(fsm, FSM_LSETFCON); ++ } + } ++ + if (fsm->fcontext == NULL) + rpmMessage(RPMMESS_DEBUG, + _("%s directory created with perms %04o, no context.\n"), +@@ -1377,7 +1381,6 @@ static int fsmMkdirs(/*@special@*/ /*@pa + } + /*@=boundswrite@*/ + dnli = dnlFreeIterator(dnli); +- sx = rpmsxFree(sx); + /*@=observertrans =dependenttrans@*/ + + fsm->path = path; +diff -up rpm-4.4.2.2-rc2/lib/rpmfi.c.matchpathcon rpm-4.4.2.2-rc2/lib/rpmfi.c +--- rpm-4.4.2.2-rc2/lib/rpmfi.c.matchpathcon 2007-09-11 09:28:15.000000000 +0300 ++++ rpm-4.4.2.2-rc2/lib/rpmfi.c 2007-09-27 11:05:29.000000000 +0300 +@@ -16,7 +16,7 @@ + #define _RPMFI_INTERNAL + #include "rpmfi.h" + +-#include "rpmsx.h" ++#include + + #define _RPMTE_INTERNAL /* relocations */ + #include "rpmte.h" +@@ -1697,8 +1697,8 @@ void rpmfiBuildREContexts(Header h, + { + int scareMem = 0; + rpmfi fi = rpmfiNew(NULL, h, RPMTAG_BASENAMES, scareMem); +- rpmsx sx = NULL; + const char ** av = NULL; ++ const char * myfn = rpmGetPath("%{?__file_context_path}", NULL); + int ac; + size_t nb; + char * t; +@@ -1712,7 +1712,7 @@ void rpmfiBuildREContexts(Header h, + } + + /* Read security context patterns. */ +- sx = rpmsxNew(NULL); ++ matchpathcon_init(myfn); + + /* Compute size of argv array blob, concatenating file contexts. */ + nb = ac * sizeof(*fcnb); +@@ -1723,10 +1723,9 @@ void rpmfiBuildREContexts(Header h, + while (rpmfiNext(fi) >= 0) { + const char * fn = rpmfiFN(fi); + mode_t fmode = rpmfiFMode(fi); +- const char * scon; ++ security_context_t scon; + +- scon = rpmsxFContext(sx, fn, fmode); +- if (scon != NULL) { ++ if (matchpathcon(fn, fmode, &scon) == 0) { + fcnb[ac] = strlen(scon) + 1; + /*@-branchstate@*/ + if (fcnb[ac] > 0) { +@@ -1734,6 +1733,7 @@ void rpmfiBuildREContexts(Header h, + memcpy(fctxt+fctxtlen, scon, fcnb[ac]); + fctxtlen += fcnb[ac]; + } ++ freecon(scon); + /*@=branchstate@*/ + } + ac++; +@@ -1759,7 +1759,6 @@ void rpmfiBuildREContexts(Header h, + + exit: + fi = rpmfiFree(fi); +- sx = rpmsxFree(sx); + /*@-branchstate@*/ + if (fcontextp) + *fcontextp = av; +diff -up rpm-4.4.2.2-rc2/lib/rpminstall.c.matchpathcon rpm-4.4.2.2-rc2/lib/rpminstall.c +--- rpm-4.4.2.2-rc2/lib/rpminstall.c.matchpathcon 2007-09-11 09:28:15.000000000 +0300 ++++ rpm-4.4.2.2-rc2/lib/rpminstall.c 2007-09-27 11:27:46.000000000 +0300 +@@ -309,17 +309,12 @@ int rpmInstall(rpmts ts, + ia->transFlags |= RPMTRANS_FLAG_REPACKAGE; + + /* Initialize security context patterns (if not already done). */ +- if (!(ia->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) { +- rpmsx sx = rpmtsREContext(ts); +- if (sx == NULL) { +- const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); +- if (fn != NULL && *fn != '\0') { +- sx = rpmsxNew(fn); +- (void) rpmtsSetREContext(ts, sx); +- } +- fn = _free(fn); +- } +- sx = rpmsxFree(sx); ++ if (rpmtsSELinuxEnabled(ts) && ++ !(ia->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) { ++ const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); ++ if (fn != NULL && *fn != '\0') { ++ matchpathcon_init(fn); ++ } + } + (void) rpmtsSetFlags(ts, ia->transFlags); + diff --git a/rpm.spec b/rpm.spec index 37d5cb0..34d30cf 100644 --- a/rpm.spec +++ b/rpm.spec @@ -6,16 +6,16 @@ Summary: The RPM package management system Name: rpm Version: 4.4.2.2 -Release: 0.5.rc2 +Release: 1%{?dist} Group: System Environment/Base Url: http://www.rpm.org/ -Source: %{name}-%{version}-rc2.tar.gz +Source: %{name}-%{version}.tar.gz Patch1: rpm-4.4.1-prereq.patch Patch2: rpm-4.4.2-ghost-conflicts.patch Patch3: rpm-4.4.2-trust.patch Patch4: rpm-4.4.2-devel-autodep.patch Patch5: rpm-4.4.2-rpmfc-skip.patch -Patch6: rpm-4.4.2-matchpathcon.patch +Patch6: rpm-4.4.2.2-matchpathcon.patch Patch7: rpm-4.4.2.1-no-popt.patch # XXX Beware, this is one murky license, partially GPL/LGPL dual-licensed @@ -131,7 +131,7 @@ that will manipulate RPM packages and databases. %endif %prep -%setup -q -n %{name}-%{version}-rc2 +%setup -q -n %{name}-%{version} %patch1 -p1 -b .prereq %patch2 -p1 -b .ghostconflicts %patch3 -p1 -b .trust @@ -401,6 +401,11 @@ exit 0 %endif %changelog +* Wed Oct 03 2007 Panu Matilainen 4.4.2.2-1 +- update to 4.4.2.2 final +- update matchpathcon patch to work better when selinux disabled +- resolves #251400, #315271, #296731, #308171, #305221, #295941 + * Tue Sep 11 2007 Panu Matilainen 4.4.2.2-0.5.rc2 - 4.4.2.2-rc2 - resolves #180996, #281611, #259961, #277161, #155079 diff --git a/sources b/sources index d0880ef..c825d89 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -75c0be2051be684e5f0b1517c4269aa3 rpm-4.4.2.2-rc2.tar.gz +15faa7ebd9791ade1a2f8181821ac259 rpm-4.4.2.2.tar.gz