From ef9003740398e2e8ef7cd00e204beba53351b2bd Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Nov 05 2019 20:20:54 +0000
Subject: import libsemanage-2.9-1.el8


---

diff --git a/.gitignore b/.gitignore
index 00a2773..fdd9f35 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/libsemanage-2.8.tar.gz
+SOURCES/libsemanage-2.9.tar.gz
diff --git a/.libsemanage.metadata b/.libsemanage.metadata
index 24041dd..e4baac8 100644
--- a/.libsemanage.metadata
+++ b/.libsemanage.metadata
@@ -1 +1 @@
-c66c8ee307012270a202143041bc4583d7a778c9 SOURCES/libsemanage-2.8.tar.gz
+4c669c72c4626391d67e5c7e69be8397d71ee31e SOURCES/libsemanage-2.9.tar.gz
diff --git a/SOURCES/0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch b/SOURCES/0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch
new file mode 100644
index 0000000..06e9c8e
--- /dev/null
+++ b/SOURCES/0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch
@@ -0,0 +1,66 @@
+From dc105dcb5e34e256bcbcf547fea590cfcee06933 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Wed, 7 Nov 2018 18:17:34 +0100
+Subject: [PATCH] libsemanage: Fix RESOURCE_LEAK and USE_AFTER_FREE coverity
+ scan defects
+
+---
+ libsemanage/src/direct_api.c | 21 ++++++++-------------
+ 1 file changed, 8 insertions(+), 13 deletions(-)
+
+diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
+index c58961be..8e4d116d 100644
+--- a/libsemanage/src/direct_api.c
++++ b/libsemanage/src/direct_api.c
+@@ -1028,7 +1028,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
+ 
+ 	fp = NULL;
+ 
+-	ret = 0;
++	return 0;
+ 
+ cleanup:
+ 	if (fp != NULL) fclose(fp);
+@@ -2177,7 +2177,6 @@ cleanup:
+ 	semanage_module_info_destroy(sh, modinfo);
+ 	free(modinfo);
+ 
+-	if (fp != NULL) fclose(fp);
+ 	return status;
+ }
+ 
+@@ -2342,16 +2341,6 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
+ 	free(tmp);
+ 	tmp = NULL;
+ 
+-	if (fclose(fp) != 0) {
+-		ERR(sh,
+-		    "Unable to close %s module lang ext file.",
+-		    (*modinfo)->name);
+-		status = -1;
+-		goto cleanup;
+-	}
+-
+-	fp = NULL;
+-
+ 	/* lookup enabled/disabled status */
+ 	ret = semanage_module_get_path(sh,
+ 				       *modinfo,
+@@ -2395,7 +2384,13 @@ cleanup:
+ 		free(modinfos);
+ 	}
+ 
+-	if (fp != NULL) fclose(fp);
++	if (fp != NULL && fclose(fp) != 0) {
++		ERR(sh,
++		    "Unable to close %s module lang ext file.",
++		    (*modinfo)->name);
++		status = -1;
++	}
++
+ 	return status;
+ }
+ 
+-- 
+2.21.0
+
diff --git a/SOURCES/libsemanage-fedora.patch b/SOURCES/libsemanage-fedora.patch
deleted file mode 100644
index 001bbde..0000000
--- a/SOURCES/libsemanage-fedora.patch
+++ /dev/null
@@ -1,267 +0,0 @@
-diff --git libsemanage-2.8/src/direct_api.c libsemanage-2.8/src/direct_api.c
-index c58961b..8e4d116 100644
---- libsemanage-2.8/src/direct_api.c
-+++ libsemanage-2.8/src/direct_api.c
-@@ -1028,7 +1028,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
- 
- 	fp = NULL;
- 
--	ret = 0;
-+	return 0;
- 
- cleanup:
- 	if (fp != NULL) fclose(fp);
-@@ -2177,7 +2177,6 @@ cleanup:
- 	semanage_module_info_destroy(sh, modinfo);
- 	free(modinfo);
- 
--	if (fp != NULL) fclose(fp);
- 	return status;
- }
- 
-@@ -2342,16 +2341,6 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
- 	free(tmp);
- 	tmp = NULL;
- 
--	if (fclose(fp) != 0) {
--		ERR(sh,
--		    "Unable to close %s module lang ext file.",
--		    (*modinfo)->name);
--		status = -1;
--		goto cleanup;
--	}
--
--	fp = NULL;
--
- 	/* lookup enabled/disabled status */
- 	ret = semanage_module_get_path(sh,
- 				       *modinfo,
-@@ -2395,7 +2384,13 @@ cleanup:
- 		free(modinfos);
- 	}
- 
--	if (fp != NULL) fclose(fp);
-+	if (fp != NULL && fclose(fp) != 0) {
-+		ERR(sh,
-+		    "Unable to close %s module lang ext file.",
-+		    (*modinfo)->name);
-+		status = -1;
-+	}
-+
- 	return status;
- }
- 
-diff --git libsemanage-2.8/src/genhomedircon.c libsemanage-2.8/src/genhomedircon.c
-index 3e61b51..c35f878 100644
---- libsemanage-2.8/src/genhomedircon.c
-+++ libsemanage-2.8/src/genhomedircon.c
-@@ -1074,10 +1074,20 @@ static int get_group_users(genhomedircon_settings_t * s,
- 
- 	const char *grname = selogin + 1;
- 
--	if (getgrnam_r(grname, &grstorage, grbuf,
--			(size_t) grbuflen, &group) != 0) {
--		goto cleanup;
-+	errno = 0;
-+	while (
-+		(retval = getgrnam_r(grname, &grstorage, grbuf, (size_t) grbuflen, &group)) != 0 &&
-+		errno == ERANGE
-+	) {
-+		char *new_grbuf;
-+		grbuflen *= 2;
-+		new_grbuf = realloc(grbuf, grbuflen);
-+		if (new_grbuf == NULL)
-+			goto cleanup;
-+		grbuf = new_grbuf;
- 	}
-+	if (retval == -1)
-+		goto cleanup;
- 
- 	if (group == NULL) {
- 		ERR(s->h_semanage, "Can't find group named %s\n", grname);
-diff --git libsemanage-2.8/src/semanage_store.c libsemanage-2.8/src/semanage_store.c
-index f1984c5..58dded6 100644
---- libsemanage-2.8/src/semanage_store.c
-+++ libsemanage-2.8/src/semanage_store.c
-@@ -541,14 +541,18 @@ int semanage_create_store(semanage_handle_t * sh, int create)
- 	struct stat sb;
- 	const char *path = semanage_files[SEMANAGE_ROOT];
- 	int fd;
-+	mode_t mask;
- 
- 	if (stat(path, &sb) == -1) {
- 		if (errno == ENOENT && create) {
-+			mask = umask(0077);
- 			if (mkdir(path, S_IRWXU) == -1) {
-+				umask(mask);
- 				ERR(sh, "Could not create module store at %s.",
- 				    path);
- 				return -2;
- 			}
-+			umask(mask);
- 		} else {
- 			if (create)
- 				ERR(sh,
-@@ -567,12 +571,15 @@ int semanage_create_store(semanage_handle_t * sh, int create)
- 	path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_TOPLEVEL);
- 	if (stat(path, &sb) == -1) {
- 		if (errno == ENOENT && create) {
-+			mask = umask(0077);
- 			if (mkdir(path, S_IRWXU) == -1) {
-+				umask(mask);
- 				ERR(sh,
- 				    "Could not create module store, active subdirectory at %s.",
- 				    path);
- 				return -2;
- 			}
-+			umask(mask);
- 		} else {
- 			ERR(sh,
- 			    "Could not read from module store, active subdirectory at %s.",
-@@ -590,12 +597,15 @@ int semanage_create_store(semanage_handle_t * sh, int create)
- 	path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_MODULES);
- 	if (stat(path, &sb) == -1) {
- 		if (errno == ENOENT && create) {
-+			mask = umask(0077);
- 			if (mkdir(path, S_IRWXU) == -1) {
-+				umask(mask);
- 				ERR(sh,
- 				    "Could not create module store, active modules subdirectory at %s.",
- 				    path);
- 				return -2;
- 			}
-+			umask(mask);
- 		} else {
- 			ERR(sh,
- 			    "Could not read from module store, active modules subdirectory at %s.",
-@@ -613,11 +623,14 @@ int semanage_create_store(semanage_handle_t * sh, int create)
- 	path = semanage_files[SEMANAGE_READ_LOCK];
- 	if (stat(path, &sb) == -1) {
- 		if (errno == ENOENT && create) {
-+			mask = umask(0077);
- 			if ((fd = creat(path, S_IRUSR | S_IWUSR)) == -1) {
-+				umask(mask);
- 				ERR(sh, "Could not create lock file at %s.",
- 				    path);
- 				return -2;
- 			}
-+			umask(mask);
- 			close(fd);
- 		} else {
- 			ERR(sh, "Could not read lock file at %s.", path);
-@@ -763,6 +776,7 @@ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag)
- 	struct stat sb;
- 	struct dirent **names = NULL;
- 	char path[PATH_MAX], path2[PATH_MAX];
-+	mode_t mask;
- 
- 	if ((len = scandir(src, &names, semanage_filename_select, NULL)) == -1) {
- 		fprintf(stderr, "Could not read the contents of %s: %s\n", src, strerror(errno));
-@@ -770,10 +784,13 @@ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag)
- 	}
- 
- 	if (stat(dst, &sb) != 0) {
-+		mask = umask(0077);
- 		if (mkdir(dst, S_IRWXU) != 0) {
-+			umask(mask);
- 			fprintf(stderr, "Could not create %s: %s\n", dst, strerror(errno));
- 			goto cleanup;
- 		}
-+		umask(mask);
- 	}
- 
- 	for (i = 0; i < len; i++) {
-@@ -785,14 +802,20 @@ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag)
- 		}
- 		snprintf(path2, sizeof(path2), "%s/%s", dst, names[i]->d_name);
- 		if (S_ISDIR(sb.st_mode)) {
-+			mask = umask(0077);
- 			if (mkdir(path2, 0700) == -1 ||
- 			    semanage_copy_dir_flags(path, path2, flag) == -1) {
-+				umask(mask);
- 				goto cleanup;
- 			}
-+			umask(mask);
- 		} else if (S_ISREG(sb.st_mode) && flag == 1) {
-+			mask = umask(0077);
- 			if (semanage_copy_file(path, path2, sb.st_mode) < 0) {
-+				umask(mask);
- 				goto cleanup;
- 			}
-+			umask(mask);
- 		}
- 	}
- 	retval = 0;
-@@ -872,16 +895,20 @@ int semanage_mkdir(semanage_handle_t *sh, const char *path)
- {
- 	int status = 0;
- 	struct stat sb;
-+	mode_t mask;
- 
- 	/* check if directory already exists */
- 	if (stat(path, &sb) != 0) {
- 		/* make the modules directory */
-+		mask = umask(0077);
- 		if (mkdir(path, S_IRWXU) != 0) {
-+			umask(mask);
- 			ERR(sh, "Cannot make directory at %s", path);
- 			status = -1;
- 			goto cleanup;
- 
- 		}
-+		umask(mask);
- 	}
- 	else {
- 		/* check that it really is a directory */
-@@ -906,6 +933,7 @@ int semanage_make_sandbox(semanage_handle_t * sh)
- 	const char *sandbox = semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL);
- 	struct stat buf;
- 	int errsv;
-+	mode_t mask;
- 
- 	if (stat(sandbox, &buf) == -1) {
- 		if (errno != ENOENT) {
-@@ -922,12 +950,15 @@ int semanage_make_sandbox(semanage_handle_t * sh)
- 		}
- 	}
- 
-+	mask = umask(0077);
- 	if (mkdir(sandbox, S_IRWXU) == -1 ||
- 	    semanage_copy_dir(semanage_path(SEMANAGE_ACTIVE, SEMANAGE_TOPLEVEL),
- 			      sandbox) == -1) {
-+		umask(mask);
- 		ERR(sh, "Could not copy files to sandbox %s.", sandbox);
- 		goto cleanup;
- 	}
-+	umask(mask);
- 	return 0;
- 
-       cleanup:
-diff --git libsemanage-2.8/src/seusers_local.c libsemanage-2.8/src/seusers_local.c
-index 413ebdd..a79e2d3 100644
---- libsemanage-2.8/src/seusers_local.c
-+++ libsemanage-2.8/src/seusers_local.c
-@@ -71,17 +71,18 @@ static int semanage_seuser_audit(semanage_handle_t * handle,
- 	const char *sep = "-";
- 	int rc = -1;
- 	strcpy(msg, "login");
-+	if (previous) {
-+		name = semanage_seuser_get_name(previous);
-+		psename = semanage_seuser_get_sename(previous);
-+		pmls = semanage_seuser_get_mlsrange(previous);
-+		proles = semanage_user_roles(handle, psename);
-+	}
- 	if (seuser) {
- 		name = semanage_seuser_get_name(seuser);
- 		sename = semanage_seuser_get_sename(seuser);
- 		mls = semanage_seuser_get_mlsrange(seuser);
- 		roles = semanage_user_roles(handle, sename);
- 	}
--	if (previous) {
--		psename = semanage_seuser_get_sename(previous);
--		pmls = semanage_seuser_get_mlsrange(previous);
--		proles = semanage_user_roles(handle, psename);
--	}
- 	if (audit_type != AUDIT_ROLE_REMOVE) {
- 		if (sename && (!psename || strcmp(psename, sename) != 0)) {
- 			strcat(msg,sep);
diff --git a/SPECS/libsemanage.spec b/SPECS/libsemanage.spec
index 8b461f2..f658650 100644
--- a/SPECS/libsemanage.spec
+++ b/SPECS/libsemanage.spec
@@ -1,17 +1,14 @@
-%define libsepolver 2.8-2
-%define libselinuxver 2.8-6
+%define libsepolver 2.9-1
+%define libselinuxver 2.9-1
 
 Summary: SELinux binary policy manipulation library 
 Name: libsemanage
-Version: 2.8
-Release: 5%{?dist}
+Version: 2.9
+Release: 1%{?dist}
 License: LGPLv2+
-Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/libsemanage-2.8.tar.gz
-# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
-# run:
-# $ VERSION=2.8 ./make-fedora-selinux-patch.sh libsemanage
-# HEAD 92c6801145e904bc7d5a5b9cfd30120da04b0b10
-Patch1: libsemanage-fedora.patch
+Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/libsemanage-2.9.tar.gz
+# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
+Patch0001: 0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch
 URL: https://github.com/SELinuxProject/selinux/wiki
 Source1: semanage.conf
 
@@ -74,11 +71,11 @@ The libsemanage-python3 package contains the python 3 bindings for developing
 SELinux management applications.
 
 %prep
-%autosetup -n libsemanage-%{version} -p 1
+%autosetup -n libsemanage-%{version} -p 2
 
 
 %build
-export LDFLAGS="%{?__global_ldflags}"
+%set_build_flags
 
 # To support building the Python wrapper against multiple Python runtimes
 # Define a function, for how to perform a "build" of the python wrapper against
@@ -89,13 +86,13 @@ BuildPythonWrapper() {
   # Perform the build from the upstream Makefile:
   make \
     PYTHON=$BinaryName \
-    CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" \
+    LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" \
     pywrap
 }
 
 make clean
-make CFLAGS="%{optflags}" swigify
-make CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all
+make swigify
+make LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all
 
 BuildPythonWrapper \
   %{__python3}
@@ -133,6 +130,7 @@ rm %{buildroot}%{_libexecdir}/selinux/semanage_migrate_store~
 %config(noreplace) %{_sysconfdir}/selinux/semanage.conf
 %{_libdir}/libsemanage.so.1
 %{_mandir}/man5/*
+%{_mandir}/ru/man5/*
 %dir %{_libexecdir}/selinux
 %dir %{_sharedstatedir}/selinux
 %dir %{_sharedstatedir}/selinux/tmp
@@ -156,6 +154,9 @@ rm %{buildroot}%{_libexecdir}/selinux/semanage_migrate_store~
 %{_libexecdir}/selinux/semanage_migrate_store
 
 %changelog
+* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
+- SELinux userspace 2.9 release
+
 * Thu Dec  6 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-5
 - genhomedircon - improve handling large groups