summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--packaging/rpm.changes6
-rw-r--r--packaging/security_4.9.1.patch36
2 files changed, 32 insertions, 10 deletions
diff --git a/packaging/rpm.changes b/packaging/rpm.changes
index b97f163..dc8e34b 100644
--- a/packaging/rpm.changes
+++ b/packaging/rpm.changes
@@ -1,8 +1,12 @@
+* Wed Jun 20 2012 Elena Reshetova <elena.reshetova@intel.com> - 4.9.0
+- Removing unnessesary PRE/POST PSM calls while executing pre/posttrans scripts
+- Adding the check for the empty domain name in define
+
* Fri Jun 15 2012 Ryan Ware <ware@linux.intel.com> - 4.9.0
- Trigger build
* Fri Jun 08 2012 Elena Reshetova <elena.reshetova@intel.com> - 4.9.0
-- Fixng rpm-security-plugin bugs (PTSEC-19, PTSEC-20, PTSEC-21)
+- Fixing rpm-security-plugin bugs (PTSEC-19, PTSEC-20, PTSEC-21)
* Tue May 29 2012 Elena Reshetova <elena.reshetova@intel.com> - 4.9.0
- Fixng rpm-security-plugin dependencies
diff --git a/packaging/security_4.9.1.patch b/packaging/security_4.9.1.patch
index 30f20aa..86c943c 100644
--- a/packaging/security_4.9.1.patch
+++ b/packaging/security_4.9.1.patch
@@ -832,17 +832,30 @@ index d13575a..23c3e33 100644
#include "lib/rpmte_internal.h"
#include "debug.h"
-@@ -909,7 +910,13 @@ int rpmteProcess(rpmte te, pkgGoal goal)
+@@ -897,7 +897,7 @@ int rpmteProcess(rpmte te, pkgGoal goal)
+ /* Only install/erase resets pkg file info */
+ int scriptstage = (goal != PKG_INSTALL && goal != PKG_ERASE);
+ int reset_fi = (scriptstage == 0);
+- int failed = 1;
++ int failed = 0;
+
+ /* Dont bother opening for elements without pre/posttrans scripts */
+ if (goal == PKG_PRETRANS || goal == PKG_POSTTRANS) {
+@@ -909,7 +910,17 @@ int rpmteProcess(rpmte te, pkgGoal goal)
}
if (rpmteOpen(te, reset_fi)) {
- failed = rpmpsmRun(te->ts, te, goal);
+ /* Call security plugin to set te for next operations */
-+ failed = rpmsecurityCallPrePsm(te);
++ /* But do not call plugin for the pre/posttrans scripts */
++ if (goal != PKG_PRETRANS && goal != PKG_POSTTRANS)
++ failed = rpmsecurityCallPrePsm(te);
+ if (!failed) {
+ failed = rpmpsmRun(te->ts, te, goal);
+ /* Call security plugin to finish any te related tasks */
-+ failed = rpmsecurityCallPostPsm(te, failed);
++ /* But do not call plugin for the pre/posttrans scripts */
++ if (goal != PKG_PRETRANS && goal != PKG_POSTTRANS)
++ failed = rpmsecurityCallPostPsm(te, failed);
+ }
rpmteClose(te, reset_fi);
}
@@ -1324,7 +1337,7 @@ index 0000000..c99a5e8
+ else { // for now in case default sw source isn't there yet, allow to think that it is coming from root
+ current = msmSWSourceTreeTraversal(root->sw_sources, findSWSourceByName, (void *)"root");
+ if (current)
-+ rpmlog(RPMLOG_INFO, "using _root_ sw source now for test‌ing\n");
++ rpmlog(RPMLOG_INFO, "using _root_ sw source now for testing\n");
+ }
+ }
+
@@ -1373,8 +1386,8 @@ index 0000000..c99a5e8
+ if (current) sw_source = current->name;
+ else if (rootSWSource) sw_source = rpmteN(ctx->te);
+ if (!sw_source || !headerPutString(h, RPMTAG_SECSWSOURCE, sw_source)) {
-+ rpmlog(RPMLOG_ERR, "Failed to save sw source for %s\n",
-+ rpmteN(ctx->te));
++ rpmlog(RPMLOG_ERR, "Failed to save sw source for %s, sw_source: %s\n",
++ rpmteN(ctx->te), sw_source);
+ free(ctx->data);
+ ctx = _free(ctx);
+ }
@@ -1447,10 +1460,10 @@ index 0000000..c99a5e8
+ }
+ headerFree(h);
+ }
-+ if (!current) {
++ /* if (!current) {
+ rpmlog(RPMLOG_INFO, "no sw source for removing %s\n", rpmteN(ctx->te));
+ goto exit;
-+ }
++ }*/
+ }
+
+ if (!current) {
@@ -4063,7 +4076,7 @@ new file mode 100644
index 0000000..c0850f0
--- /dev/null
+++ b/security/msmxattr.c
-@@ -0,0 +1,1291 @@
+@@ -0,0 +1,1296 @@
+/*
+ * This file is part of MSM security plugin
+ * Greatly based on the code of MSSF security plugin
@@ -4899,6 +4912,11 @@ index 0000000..c0850f0
+ ac_domain_x * defined_ac_domain = NULL;
+ int ret;
+
++ if (!mfx->define->name) {
++ rpmlog(RPMLOG_ERR, "Failed to setup define with empty name\n");
++ return -1;
++ }
++
+ /* need to check if domain hasn't been already defined by other package */
+
+ HASH_FIND(hh, all_ac_domains, mfx->define->name, strlen(mfx->define->name), defined_ac_domain);