From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-905055-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id A3FBB138330
	for <garchives@archives.gentoo.org>; Wed,  5 Oct 2016 16:44:28 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 91996E0A5F;
	Wed,  5 Oct 2016 16:44:25 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 642BEE0A5F
	for <gentoo-commits@lists.gentoo.org>; Wed,  5 Oct 2016 16:44:25 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id BDDEB341165
	for <gentoo-commits@lists.gentoo.org>; Wed,  5 Oct 2016 16:44:22 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 5C64D24A4
	for <gentoo-commits@lists.gentoo.org>; Wed,  5 Oct 2016 16:44:20 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1475685782.6f24947db6463e9a29b11a164ea538c7477de268.perfinion@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-libs/libselinux/files/, sys-libs/libselinux/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild sys-libs/libselinux/libselinux-2.6_rc1.ebuild
X-VCS-Directories: sys-libs/libselinux/ sys-libs/libselinux/files/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 6f24947db6463e9a29b11a164ea538c7477de268
X-VCS-Branch: master
Date: Wed,  5 Oct 2016 16:44:20 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 10f5d5e1-a52c-4ab3-85fd-27aa0a66d1bc
X-Archives-Hash: 045cbde2834c1544edeafb2e26d2787e

commit:     6f24947db6463e9a29b11a164ea538c7477de268
Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  5 16:28:56 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Wed Oct  5 16:43:02 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f24947d

sys-libs/libselinux: fix selinux_restorecon realpath logic

Package-Manager: portage-2.3.0

 ...nux-selinux_restorecon-fix-realpath-logic.patch | 76 ++++++++++++++++++++++
 ...2.6_rc1.ebuild => libselinux-2.6_rc1-r1.ebuild} |  1 +
 2 files changed, 77 insertions(+)

diff --git a/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch b/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch
new file mode 100644
index 00000000..3a0d7fb
--- /dev/null
+++ b/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch
@@ -0,0 +1,76 @@
+From aa0c824bb2eeb8960ba02133faade72c837ea951 Mon Sep 17 00:00:00 2001
+From: Stephen Smalley <sds@tycho.nsa.gov>
+Date: Wed, 5 Oct 2016 10:45:35 -0400
+Subject: [PATCH] libselinux: selinux_restorecon: fix realpath logic
+
+The realpath logic in selinux_restorecon() was taken from the
+Android libselinux fork.  However, bionic dirname() and basename()
+do not modify their argument and therefore are safe to call on a
+const string.  POSIX dirname() and basename() can modify their argument.
+There is a GNU basename() that does not modify its argument, but not
+for dirname().
+For portability, create copies of the original pathname for each call
+and keep them around until finished using the result.
+
+Fixes "restorecon -r goes up the tree?" bug reported by Jason Zaman.
+
+Reported-by: Jason Zaman <jason@perfinion.com>
+Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
+---
+ libselinux/src/selinux_restorecon.c | 26 +++++++++++++++++++++-----
+ 1 file changed, 21 insertions(+), 5 deletions(-)
+
+diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
+index 0945138..e38d1d0 100644
+--- libselinux/src/selinux_restorecon.c
++++ libselinux/src/selinux_restorecon.c
+@@ -797,25 +797,41 @@ int selinux_restorecon(const char *pathname_orig,
+ 	 * realpath of containing dir, then appending last component name.
+ 	 */
+ 	if (flags.userealpath) {
+-		pathbname = basename((char *)pathname_orig);
++		char *basename_cpy = strdup(pathname_orig);
++		if (!basename_cpy)
++			goto realpatherr;
++		pathbname = basename(basename_cpy);
+ 		if (!strcmp(pathbname, "/") || !strcmp(pathbname, ".") ||
+ 					    !strcmp(pathbname, "..")) {
+ 			pathname = realpath(pathname_orig, NULL);
+-			if (!pathname)
++			if (!pathname) {
++				free(basename_cpy);
+ 				goto realpatherr;
++			}
+ 		} else {
+-			pathdname = dirname((char *)pathname_orig);
++			char *dirname_cpy = strdup(pathname_orig);
++			if (!dirname_cpy) {
++				free(basename_cpy);
++				goto realpatherr;
++			}
++			pathdname = dirname(dirname_cpy);
+ 			pathdnamer = realpath(pathdname, NULL);
+-			if (!pathdnamer)
++			free(dirname_cpy);
++			if (!pathdnamer) {
++				free(basename_cpy);
+ 				goto realpatherr;
++			}
+ 			if (!strcmp(pathdnamer, "/"))
+ 				error = asprintf(&pathname, "/%s", pathbname);
+ 			else
+ 				error = asprintf(&pathname, "%s/%s",
+ 						    pathdnamer, pathbname);
+-			if (error < 0)
++			if (error < 0) {
++				free(basename_cpy);
+ 				goto oom;
++			}
+ 		}
++		free(basename_cpy);
+ 	} else {
+ 		pathname = strdup(pathname_orig);
+ 		if (!pathname)
+-- 
+2.7.3
+

diff --git a/sys-libs/libselinux/libselinux-2.6_rc1.ebuild b/sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
similarity index 97%
rename from sys-libs/libselinux/libselinux-2.6_rc1.ebuild
rename to sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
index 84092cb..fe8c78b 100644
--- a/sys-libs/libselinux/libselinux-2.6_rc1.ebuild
+++ b/sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
@@ -47,6 +47,7 @@ DEPEND="${RDEPEND}
 src_prepare() {
 	if [[ ${PV} != 9999 ]] ; then
 		# If needed for live builds, place them in /etc/portage/patches
+		eapply "${FILESDIR}/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch"
 		eapply "${FILESDIR}/libselinux-2.6-0005-use-ruby-include-with-rubylibver.patch"
 		eapply "${FILESDIR}/libselinux-2.6-0007-build-related-fixes-bug-500674.patch"
 	fi