From 6f24947db6463e9a29b11a164ea538c7477de268 Mon Sep 17 00:00:00 2001
From: Jason Zaman <perfinion@gentoo.org>
Date: Thu, 6 Oct 2016 00:28:56 +0800
Subject: sys-libs/libselinux: fix selinux_restorecon realpath logic

Package-Manager: portage-2.3.0
---
 ...nux-selinux_restorecon-fix-realpath-logic.patch |  76 ++++++++++
 sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild   | 158 +++++++++++++++++++++
 sys-libs/libselinux/libselinux-2.6_rc1.ebuild      | 157 --------------------
 3 files changed, 234 insertions(+), 157 deletions(-)
 create mode 100644 sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch
 create mode 100644 sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
 delete mode 100644 sys-libs/libselinux/libselinux-2.6_rc1.ebuild

(limited to 'sys-libs')

diff --git a/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch b/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch
new file mode 100644
index 000000000000..3a0d7fb87cac
--- /dev/null
+++ b/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch
@@ -0,0 +1,76 @@
+From aa0c824bb2eeb8960ba02133faade72c837ea951 Mon Sep 17 00:00:00 2001
+From: Stephen Smalley <sds@tycho.nsa.gov>
+Date: Wed, 5 Oct 2016 10:45:35 -0400
+Subject: [PATCH] libselinux: selinux_restorecon: fix realpath logic
+
+The realpath logic in selinux_restorecon() was taken from the
+Android libselinux fork.  However, bionic dirname() and basename()
+do not modify their argument and therefore are safe to call on a
+const string.  POSIX dirname() and basename() can modify their argument.
+There is a GNU basename() that does not modify its argument, but not
+for dirname().
+For portability, create copies of the original pathname for each call
+and keep them around until finished using the result.
+
+Fixes "restorecon -r goes up the tree?" bug reported by Jason Zaman.
+
+Reported-by: Jason Zaman <jason@perfinion.com>
+Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
+---
+ libselinux/src/selinux_restorecon.c | 26 +++++++++++++++++++++-----
+ 1 file changed, 21 insertions(+), 5 deletions(-)
+
+diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
+index 0945138..e38d1d0 100644
+--- libselinux/src/selinux_restorecon.c
++++ libselinux/src/selinux_restorecon.c
+@@ -797,25 +797,41 @@ int selinux_restorecon(const char *pathname_orig,
+ 	 * realpath of containing dir, then appending last component name.
+ 	 */
+ 	if (flags.userealpath) {
+-		pathbname = basename((char *)pathname_orig);
++		char *basename_cpy = strdup(pathname_orig);
++		if (!basename_cpy)
++			goto realpatherr;
++		pathbname = basename(basename_cpy);
+ 		if (!strcmp(pathbname, "/") || !strcmp(pathbname, ".") ||
+ 					    !strcmp(pathbname, "..")) {
+ 			pathname = realpath(pathname_orig, NULL);
+-			if (!pathname)
++			if (!pathname) {
++				free(basename_cpy);
+ 				goto realpatherr;
++			}
+ 		} else {
+-			pathdname = dirname((char *)pathname_orig);
++			char *dirname_cpy = strdup(pathname_orig);
++			if (!dirname_cpy) {
++				free(basename_cpy);
++				goto realpatherr;
++			}
++			pathdname = dirname(dirname_cpy);
+ 			pathdnamer = realpath(pathdname, NULL);
+-			if (!pathdnamer)
++			free(dirname_cpy);
++			if (!pathdnamer) {
++				free(basename_cpy);
+ 				goto realpatherr;
++			}
+ 			if (!strcmp(pathdnamer, "/"))
+ 				error = asprintf(&pathname, "/%s", pathbname);
+ 			else
+ 				error = asprintf(&pathname, "%s/%s",
+ 						    pathdnamer, pathbname);
+-			if (error < 0)
++			if (error < 0) {
++				free(basename_cpy);
+ 				goto oom;
++			}
+ 		}
++		free(basename_cpy);
+ 	} else {
+ 		pathname = strdup(pathname_orig);
+ 		if (!pathname)
+-- 
+2.7.3
+
diff --git a/sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild b/sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
new file mode 100644
index 000000000000..fe8c78bde01e
--- /dev/null
+++ b/sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
@@ -0,0 +1,158 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="6"
+PYTHON_COMPAT=( python2_7 python3_4 python3_5 )
+USE_RUBY="ruby21 ruby22 ruby23"
+
+# No, I am not calling ruby-ng
+inherit multilib python-r1 toolchain-funcs multilib-minimal
+
+MY_P="${P//_/-}"
+SEPOL_VER="${PV}"
+MY_RELEASEDATE="20160930"
+
+DESCRIPTION="SELinux userland library"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+
+if [[ ${PV} == 9999 ]] ; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
+	S="${WORKDIR}/${MY_P}/${PN}"
+else
+	SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz"
+	KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
+	S="${WORKDIR}/${MY_P}"
+fi
+
+LICENSE="public-domain"
+SLOT="0"
+
+IUSE="pcre2 python ruby static-libs ruby_targets_ruby21 ruby_targets_ruby22 ruby_targets_ruby23"
+
+RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}:=[${MULTILIB_USEDEP}]
+	!pcre2? ( >=dev-libs/libpcre-8.33-r1:=[static-libs?,${MULTILIB_USEDEP}] )
+	pcre2? ( dev-libs/libpcre2:=[static-libs?,${MULTILIB_USEDEP}] )
+	python? ( ${PYTHON_DEPS} )
+	ruby? (
+		ruby_targets_ruby21? ( dev-lang/ruby:2.1 )
+		ruby_targets_ruby22? ( dev-lang/ruby:2.2 )
+		ruby_targets_ruby23? ( dev-lang/ruby:2.3 )
+	)"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig
+	python? ( >=dev-lang/swig-2.0.9 )"
+
+src_prepare() {
+	if [[ ${PV} != 9999 ]] ; then
+		# If needed for live builds, place them in /etc/portage/patches
+		eapply "${FILESDIR}/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch"
+		eapply "${FILESDIR}/libselinux-2.6-0005-use-ruby-include-with-rubylibver.patch"
+		eapply "${FILESDIR}/libselinux-2.6-0007-build-related-fixes-bug-500674.patch"
+	fi
+
+	eapply_user
+
+	multilib_copy_sources
+}
+
+multilib_src_compile() {
+	tc-export AR CC PKG_CONFIG RANLIB
+
+	emake \
+		LIBDIR="\$(PREFIX)/$(get_libdir)" \
+		SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
+		LDFLAGS="-fPIC ${LDFLAGS} -pthread" \
+		USE_PCRE2="$(usex pcre2 y n)" \
+		all
+
+	if multilib_is_native_abi && use python; then
+		building() {
+			python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
+			emake \
+				PYINC="-I${PYTHON_INCLUDEDIR}" \
+				LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
+				LIBDIR="\$(PREFIX)/$(get_libdir)" \
+				SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
+				USE_PCRE2="$(usex pcre2 y n)" \
+				pywrap
+		}
+		python_foreach_impl building
+	fi
+
+	if multilib_is_native_abi && use ruby; then
+		building() {
+			einfo "Calling rubywrap for ${1}"
+			# Clean up .lo file to force rebuild
+			rm -f src/selinuxswig_ruby_wrap.lo || die
+			emake \
+				RUBY=${1} \
+				LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
+				LIBDIR="\$(PREFIX)/$(get_libdir)" \
+				SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
+				USE_PCRE2="$(usex pcre2 y n)" \
+				rubywrap
+		}
+		for RUBYTARGET in ${USE_RUBY}; do
+			use ruby_targets_${RUBYTARGET} || continue
+
+			building ${RUBYTARGET}
+		done
+	fi
+}
+
+multilib_src_install() {
+		emake DESTDIR="${D}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)" \
+			SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
+			USE_PCRE2="$(usex pcre2 y n)" \
+			install
+
+	if multilib_is_native_abi && use python; then
+		installation() {
+			emake DESTDIR="${D}" \
+				LIBDIR="\$(PREFIX)/$(get_libdir)" \
+				USE_PCRE2="$(usex pcre2 y n)" \
+				install-pywrap
+			python_optimize # bug 531638
+		}
+		python_foreach_impl installation
+	fi
+
+	if multilib_is_native_abi && use ruby; then
+		installation() {
+			einfo "Calling install-rubywrap for ${1}"
+			# Forcing (re)build here as otherwise the resulting SO file is used for all ruby versions
+			rm src/selinuxswig_ruby_wrap.lo
+			emake DESTDIR="${D}" \
+				LIBDIR="\$(PREFIX)/$(get_libdir)" \
+				RUBY=${1} \
+				USE_PCRE2="$(usex pcre2 y n)" \
+				install-rubywrap
+		}
+		for RUBYTARGET in ${USE_RUBY}; do
+			use ruby_targets_${RUBYTARGET} || continue
+
+			installation ${RUBYTARGET}
+		done
+	fi
+
+	use static-libs || rm "${D}"/usr/lib*/*.a || die
+}
+
+pkg_postinst() {
+	# Fix bug 473502
+	for POLTYPE in ${POLICY_TYPES};
+	do
+		mkdir -p /etc/selinux/${POLTYPE}/contexts/files || die
+		touch /etc/selinux/${POLTYPE}/contexts/files/file_contexts.local || die
+		# Fix bug 516608
+		for EXPRFILE in file_contexts file_contexts.homedirs file_contexts.local ; do
+			if [[ -f "/etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE}" ]]; then
+				sefcontext_compile /etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE} \
+				|| die "Failed to recompile contexts"
+			fi
+		done
+	done
+}
diff --git a/sys-libs/libselinux/libselinux-2.6_rc1.ebuild b/sys-libs/libselinux/libselinux-2.6_rc1.ebuild
deleted file mode 100644
index 84092cb7eb1d..000000000000
--- a/sys-libs/libselinux/libselinux-2.6_rc1.ebuild
+++ /dev/null
@@ -1,157 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="6"
-PYTHON_COMPAT=( python2_7 python3_4 python3_5 )
-USE_RUBY="ruby21 ruby22 ruby23"
-
-# No, I am not calling ruby-ng
-inherit multilib python-r1 toolchain-funcs multilib-minimal
-
-MY_P="${P//_/-}"
-SEPOL_VER="${PV}"
-MY_RELEASEDATE="20160930"
-
-DESCRIPTION="SELinux userland library"
-HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
-
-if [[ ${PV} == 9999 ]] ; then
-	inherit git-r3
-	EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
-	S="${WORKDIR}/${MY_P}/${PN}"
-else
-	SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz"
-	KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
-	S="${WORKDIR}/${MY_P}"
-fi
-
-LICENSE="public-domain"
-SLOT="0"
-
-IUSE="pcre2 python ruby static-libs ruby_targets_ruby21 ruby_targets_ruby22 ruby_targets_ruby23"
-
-RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}:=[${MULTILIB_USEDEP}]
-	!pcre2? ( >=dev-libs/libpcre-8.33-r1:=[static-libs?,${MULTILIB_USEDEP}] )
-	pcre2? ( dev-libs/libpcre2:=[static-libs?,${MULTILIB_USEDEP}] )
-	python? ( ${PYTHON_DEPS} )
-	ruby? (
-		ruby_targets_ruby21? ( dev-lang/ruby:2.1 )
-		ruby_targets_ruby22? ( dev-lang/ruby:2.2 )
-		ruby_targets_ruby23? ( dev-lang/ruby:2.3 )
-	)"
-DEPEND="${RDEPEND}
-	virtual/pkgconfig
-	python? ( >=dev-lang/swig-2.0.9 )"
-
-src_prepare() {
-	if [[ ${PV} != 9999 ]] ; then
-		# If needed for live builds, place them in /etc/portage/patches
-		eapply "${FILESDIR}/libselinux-2.6-0005-use-ruby-include-with-rubylibver.patch"
-		eapply "${FILESDIR}/libselinux-2.6-0007-build-related-fixes-bug-500674.patch"
-	fi
-
-	eapply_user
-
-	multilib_copy_sources
-}
-
-multilib_src_compile() {
-	tc-export AR CC PKG_CONFIG RANLIB
-
-	emake \
-		LIBDIR="\$(PREFIX)/$(get_libdir)" \
-		SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
-		LDFLAGS="-fPIC ${LDFLAGS} -pthread" \
-		USE_PCRE2="$(usex pcre2 y n)" \
-		all
-
-	if multilib_is_native_abi && use python; then
-		building() {
-			python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
-			emake \
-				PYINC="-I${PYTHON_INCLUDEDIR}" \
-				LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
-				LIBDIR="\$(PREFIX)/$(get_libdir)" \
-				SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
-				USE_PCRE2="$(usex pcre2 y n)" \
-				pywrap
-		}
-		python_foreach_impl building
-	fi
-
-	if multilib_is_native_abi && use ruby; then
-		building() {
-			einfo "Calling rubywrap for ${1}"
-			# Clean up .lo file to force rebuild
-			rm -f src/selinuxswig_ruby_wrap.lo || die
-			emake \
-				RUBY=${1} \
-				LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
-				LIBDIR="\$(PREFIX)/$(get_libdir)" \
-				SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
-				USE_PCRE2="$(usex pcre2 y n)" \
-				rubywrap
-		}
-		for RUBYTARGET in ${USE_RUBY}; do
-			use ruby_targets_${RUBYTARGET} || continue
-
-			building ${RUBYTARGET}
-		done
-	fi
-}
-
-multilib_src_install() {
-		emake DESTDIR="${D}" \
-			LIBDIR="\$(PREFIX)/$(get_libdir)" \
-			SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
-			USE_PCRE2="$(usex pcre2 y n)" \
-			install
-
-	if multilib_is_native_abi && use python; then
-		installation() {
-			emake DESTDIR="${D}" \
-				LIBDIR="\$(PREFIX)/$(get_libdir)" \
-				USE_PCRE2="$(usex pcre2 y n)" \
-				install-pywrap
-			python_optimize # bug 531638
-		}
-		python_foreach_impl installation
-	fi
-
-	if multilib_is_native_abi && use ruby; then
-		installation() {
-			einfo "Calling install-rubywrap for ${1}"
-			# Forcing (re)build here as otherwise the resulting SO file is used for all ruby versions
-			rm src/selinuxswig_ruby_wrap.lo
-			emake DESTDIR="${D}" \
-				LIBDIR="\$(PREFIX)/$(get_libdir)" \
-				RUBY=${1} \
-				USE_PCRE2="$(usex pcre2 y n)" \
-				install-rubywrap
-		}
-		for RUBYTARGET in ${USE_RUBY}; do
-			use ruby_targets_${RUBYTARGET} || continue
-
-			installation ${RUBYTARGET}
-		done
-	fi
-
-	use static-libs || rm "${D}"/usr/lib*/*.a || die
-}
-
-pkg_postinst() {
-	# Fix bug 473502
-	for POLTYPE in ${POLICY_TYPES};
-	do
-		mkdir -p /etc/selinux/${POLTYPE}/contexts/files || die
-		touch /etc/selinux/${POLTYPE}/contexts/files/file_contexts.local || die
-		# Fix bug 516608
-		for EXPRFILE in file_contexts file_contexts.homedirs file_contexts.local ; do
-			if [[ -f "/etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE}" ]]; then
-				sefcontext_compile /etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE} \
-				|| die "Failed to recompile contexts"
-			fi
-		done
-	done
-}
-- 
cgit v1.2.3-65-gdbad