From e77f7ee7eeaec53be1f331645345f99da2477b60 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 30 2018 05:12:56 +0000 Subject: import checkpolicy-2.5-8.el7 --- diff --git a/SOURCES/checkpolicy-rhel.patch b/SOURCES/checkpolicy-rhel.patch index ad6666b..fee9ff8 100644 --- a/SOURCES/checkpolicy-rhel.patch +++ b/SOURCES/checkpolicy-rhel.patch @@ -89,7 +89,7 @@ index 5957d29..53cc5a0 100644 if (write_binary_policy(&modpolicydb, outfp) != 0) { fprintf(stderr, "%s: error writing %s\n", argv[0], outfile); diff --git checkpolicy-2.5/checkpolicy.c checkpolicy-2.5/checkpolicy.c -index 9da661e..5bc0c56 100644 +index 9da661e..f682355 100644 --- checkpolicy-2.5/checkpolicy.c +++ checkpolicy-2.5/checkpolicy.c @@ -22,6 +22,7 @@ @@ -100,13 +100,16 @@ index 9da661e..5bc0c56 100644 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003 - 2005 Tresys Technology, LLC * Copyright (C) 2003 Red Hat, Inc., James Morris -@@ -64,13 +65,16 @@ +@@ -64,13 +65,19 @@ #include #include #include +#ifndef IPPROTO_DCCP +#define IPPROTO_DCCP 33 +#endif ++#ifndef IPPROTO_SCTP ++#define IPPROTO_SCTP 132 ++#endif #include #include #include @@ -118,7 +121,7 @@ index 9da661e..5bc0c56 100644 #include #endif -@@ -679,6 +683,8 @@ int main(int argc, char **argv) +@@ -679,6 +686,8 @@ int main(int argc, char **argv) printf("h) change a boolean value\n"); printf("i) display constraint expressions\n"); printf("j) display validatetrans expressions\n"); @@ -127,16 +130,18 @@ index 9da661e..5bc0c56 100644 #ifdef EQUIVTYPES printf("z) Show equivalent types\n"); #endif -@@ -919,6 +925,8 @@ int main(int argc, char **argv) +@@ -919,6 +928,10 @@ int main(int argc, char **argv) protocol = IPPROTO_TCP; else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP")) protocol = IPPROTO_UDP; + else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP")) + protocol = IPPROTO_DCCP; ++ else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP")) ++ protocol = IPPROTO_SCTP; else { printf("unknown protocol\n"); break; -@@ -1198,6 +1206,50 @@ int main(int argc, char **argv) +@@ -1198,6 +1211,50 @@ int main(int argc, char **argv) "\nNo validatetrans expressions found.\n"); } break; @@ -188,7 +193,7 @@ index 9da661e..5bc0c56 100644 case 'z': identify_equiv_types(); diff --git checkpolicy-2.5/policy_define.c checkpolicy-2.5/policy_define.c -index ee20fea..f65958c 100644 +index ee20fea..a275e33 100644 --- checkpolicy-2.5/policy_define.c +++ checkpolicy-2.5/policy_define.c @@ -20,6 +20,7 @@ @@ -199,26 +204,31 @@ index ee20fea..f65958c 100644 * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 2. -@@ -36,6 +37,9 @@ +@@ -36,6 +37,12 @@ #include #include #include +#ifndef IPPROTO_DCCP +#define IPPROTO_DCCP 33 +#endif ++#ifndef IPPROTO_SCTP ++#define IPPROTO_SCTP 132 ++#endif #include #include #include -@@ -4876,6 +4880,8 @@ int define_port_context(unsigned int low, unsigned int high) +@@ -4876,6 +4883,10 @@ int define_port_context(unsigned int low, unsigned int high) protocol = IPPROTO_TCP; } else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) { protocol = IPPROTO_UDP; + } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { + protocol = IPPROTO_DCCP; ++ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { ++ protocol = IPPROTO_SCTP; } else { yyerror2("unrecognized protocol %s", id); free(newc); -@@ -4931,6 +4937,192 @@ int define_port_context(unsigned int low, unsigned int high) +@@ -4931,6 +4942,192 @@ int define_port_context(unsigned int low, unsigned int high) return -1; } @@ -411,7 +421,7 @@ index ee20fea..f65958c 100644 int define_netif_context(void) { ocontext_t *newc, *c, *head; -@@ -5135,7 +5327,7 @@ int define_ipv6_node_context(void) +@@ -5135,7 +5332,7 @@ int define_ipv6_node_context(void) memset(newc, 0, sizeof(ocontext_t)); diff --git a/SPECS/checkpolicy.spec b/SPECS/checkpolicy.spec index 22036f8..bd04536 100644 --- a/SPECS/checkpolicy.spec +++ b/SPECS/checkpolicy.spec @@ -1,13 +1,13 @@ -%define libselinuxver 2.5-12 -%define libsepolver 2.5-8 +%define libselinuxver 2.5-14.1 +%define libsepolver 2.5-10 Summary: SELinux policy compiler Name: checkpolicy Version: 2.5 -Release: 6%{?dist} +Release: 8%{?dist} License: GPLv2 Group: Development/System Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/checkpolicy-2.5.tar.gz -# HEAD f4e2ab4e29496130bc89dddf8096e9367b25665b +# HEAD bfaa258580f74440ca92d68828ac31f58656f5ef Patch1: checkpolicy-rhel.patch BuildRoot: %{_tmppath}/%{name}-buildroot @@ -59,6 +59,12 @@ rm -rf ${RPM_BUILD_ROOT} %{_bindir}/sedispol %changelog +* Thu Jul 26 2018 Vit Mojzis - 2.5-8 +- Add support for the SCTP portcon keyword (#1572269) + +* Fri May 11 2018 Vit Mojzis - 2.5-7 +- Incorporate support for extended_socket_class from libsepol (#1572269) + * Thu Oct 19 2017 Vit Mojzis - 2.5-6 - Add ibendport ocontext handling - Add support for ibendportcon labels