From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Mon, 28 Mar 2011 20:51:07 +0000 (+0200)
Subject: patch: Update to 2.6.1 add selinux support.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bdedb1e2a13b1d1024f3c38f91bbb91436cc4440;p=ipfire-3.x.git

patch: Update to 2.6.1 add selinux support.

Fixes #85.
---

diff --git a/pkgs/patch/patch.nm b/pkgs/patch/patch.nm
index b696f72e3..c42c42aeb 100644
--- a/pkgs/patch/patch.nm
+++ b/pkgs/patch/patch.nm
@@ -25,8 +25,10 @@
 include $(PKGROOT)/Include
 
 PKG_NAME       = patch
-PKG_VER        = 2.6.1.28-d909
-PKG_REL        = 0
+PKG_VER        = 2.6.1
+PKG_REL        = 1
+
+PKG_BUILD_DEPS+= ed libselinux-devel pkg-config
 
 PKG_MAINTAINER =
 PKG_GROUPS     = Development/Tools
@@ -44,6 +46,8 @@ endef
 
 PKG_TARBALL    = $(THISAPP).tar.gz
 
+CFLAGS       += -D_GNU_SOURCE
+
 define STAGE_TEST
 	cd $(DIR_APP) && make check
 endef
diff --git a/pkgs/patch/patches/patch-2.6.1-CVE-2010-4651.patch b/pkgs/patch/patches/patch-2.6.1-CVE-2010-4651.patch
new file mode 100644
index 000000000..3f2de6aac
--- /dev/null
+++ b/pkgs/patch/patches/patch-2.6.1-CVE-2010-4651.patch
@@ -0,0 +1,164 @@
+diff -up patch-2.6.1/Makefile.in.CVE-2010-4651 patch-2.6.1/Makefile.in
+--- patch-2.6.1/Makefile.in.CVE-2010-4651	2009-12-30 12:56:30.000000000 +0000
++++ patch-2.6.1/Makefile.in	2011-02-10 12:29:32.926361705 +0000
+@@ -192,6 +192,7 @@ installcheck::
+ TESTS = \
+ 	tests/asymmetric-hunks \
+ 	tests/backup-prefix-suffix \
++	tests/bad-filenames \
+ 	tests/corrupt-reject-files \
+ 	tests/create-delete \
+ 	tests/crlf-handling \
+diff -up patch-2.6.1/src/common.h.CVE-2010-4651 patch-2.6.1/src/common.h
+--- patch-2.6.1/src/common.h.CVE-2010-4651	2011-02-10 12:30:29.142797627 +0000
++++ patch-2.6.1/src/common.h	2011-02-10 12:30:33.566989729 +0000
+@@ -169,6 +169,7 @@ XTERN char *revision;			/* prerequisite 
+ #endif
+ 
+ void fatal_exit (int) __attribute__ ((noreturn));
++void validate_target_name (char const *n);
+ 
+ #include <errno.h>
+ #if !STDC_HEADERS && !defined errno
+diff -up patch-2.6.1/src/patch.c.CVE-2010-4651 patch-2.6.1/src/patch.c
+--- patch-2.6.1/src/patch.c.CVE-2010-4651	2011-02-10 12:30:20.721432124 +0000
++++ patch-2.6.1/src/patch.c	2011-02-10 12:30:33.567989772 +0000
+@@ -34,6 +34,7 @@
+ #include <util.h>
+ #include <version.h>
+ #include <xalloc.h>
++#include <dirname.h>
+ 
+ /* procedures */
+ 
+@@ -916,6 +917,26 @@ numeric_string (char const *string,
+   return value;
+ }
+ 
++void
++validate_target_name (char const *n)
++{
++  char const *p = n;
++  if (explicit_inname)
++    return;
++  if (IS_ABSOLUTE_FILE_NAME (p))
++    fatal ("rejecting absolute target file name: %s", quotearg (p));
++  while (*p)
++    {
++      if (*p == '.' && *++p == '.' && ( ! *++p || ISSLASH (*p)))
++	fatal ("rejecting target file name with \"..\" component: %s",
++	       quotearg (n));
++      while (*p && ! ISSLASH (*p))
++	p++;
++      while (ISSLASH (*p))
++	p++;
++    }
++}
++
+ /* Attempt to find the right place to apply this hunk of patch. */
+ 
+ static LINENUM
+diff -up patch-2.6.1/src/pch.c.CVE-2010-4651 patch-2.6.1/src/pch.c
+--- patch-2.6.1/src/pch.c.CVE-2010-4651	2009-12-30 12:56:30.000000000 +0000
++++ patch-2.6.1/src/pch.c	2011-02-10 12:30:33.573990033 +0000
+@@ -3,7 +3,7 @@
+ /* Copyright (C) 1986, 1987, 1988 Larry Wall
+ 
+    Copyright (C) 1990, 1991, 1992, 1993, 1997, 1998, 1999, 2000, 2001,
+-   2002, 2003, 2006, 2009 Free Software Foundation, Inc.
++   2002, 2003, 2006, 2009, 2011 Free Software Foundation, Inc.
+ 
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -199,6 +199,8 @@ maybe_reverse (char const *name, bool no
+ {
+   bool looks_reversed = (! is_empty) < p_says_nonexistent[reverse ^ is_empty];
+ 
++  validate_target_name (name);
++
+   if (looks_reversed)
+     reverse ^=
+       ok_to_reverse ("The next patch%s would %s the file %s,\nwhich %s!",
+@@ -725,6 +727,7 @@ intuit_diff_type (bool need_header)
+ 	inerrno = stat_errno[i];
+ 	invc = version_controlled[i];
+ 	instat = st[i];
++	validate_target_name (inname);
+       }
+ 
+     return retval;
+diff -up patch-2.6.1/tests/bad-filenames.CVE-2010-4651 patch-2.6.1/tests/bad-filenames
+--- patch-2.6.1/tests/bad-filenames.CVE-2010-4651	2011-02-10 12:29:32.931361921 +0000
++++ patch-2.6.1/tests/bad-filenames	2011-02-10 12:30:33.576990163 +0000
+@@ -0,0 +1,71 @@
++# Copyright (C) 2011 Free Software Foundation, Inc.
++#
++# Copying and distribution of this file, with or without modification,
++# in any medium, are permitted without royalty provided the copyright
++# notice and this notice are preserved.
++
++. $srcdir/test-lib.sh
++
++use_local_patch
++use_tmpdir
++
++# ================================================================
++
++emit_2()
++{
++cat <<EOF
++--- $1
+++++ $2
++@@ -0,0 +1 @@
+++x
++EOF
++}
++
++emit_patch() { emit_2 /dev/null "$1"; }
++
++# Ensure that patch rejects an output file name that is absolute
++# or that contains a ".." component.
++
++check 'emit_patch /absolute/path | patch -p0; echo status: $?' <<EOF
++$PATCH: **** rejecting absolute target file name: /absolute/path
++status: 2
++EOF
++
++check 'emit_patch a/../z | patch -p0; echo status: $?' <<EOF
++$PATCH: **** rejecting target file name with ".." component: a/../z
++status: 2
++EOF
++
++check 'emit_patch a/../z | patch -p1; echo status: $?' <<EOF
++$PATCH: **** rejecting target file name with ".." component: ../z
++status: 2
++EOF
++
++check 'emit_patch a/.. | patch -p0; echo status: $?' <<EOF
++$PATCH: **** rejecting target file name with ".." component: a/..
++status: 2
++EOF
++
++check 'emit_patch ../z | patch -p0; echo status: $?' <<EOF
++$PATCH: **** rejecting target file name with ".." component: ../z
++status: 2
++EOF
++
++check 'emit_2 /abs/path target | patch -p0; echo status: $?' <<EOF
++patching file target
++status: 0
++EOF
++
++echo x > target
++check 'emit_2 /abs/path target | patch -R -p0; echo status: $?' <<EOF
++patching file target
++status: 0
++EOF
++
++# Do not validate any file name from the input when the target
++# is specified on the command line:
++touch abs
++check 'emit_patch /absolute/path | patch `pwd`/abs; echo status: $?' <<EOF
++patching file `pwd`/abs
++status: 0
++EOF
diff --git a/pkgs/patch/patches/patch-2.6.1-backup-if-mismatch.patch b/pkgs/patch/patches/patch-2.6.1-backup-if-mismatch.patch
new file mode 100644
index 000000000..0ad0986c7
--- /dev/null
+++ b/pkgs/patch/patches/patch-2.6.1-backup-if-mismatch.patch
@@ -0,0 +1,31 @@
+diff -up patch-2.6.1/src/patch.c.backup-if-mismatch patch-2.6.1/src/patch.c
+--- patch-2.6.1/src/patch.c.backup-if-mismatch	2011-02-16 16:43:54.575850844 +0000
++++ patch-2.6.1/src/patch.c	2011-02-16 16:44:56.907995789 +0000
+@@ -106,6 +106,7 @@ main (int argc, char **argv)
+     char numbuf[LINENUM_LENGTH_BOUND + 1];
+     bool written_to_rejname = false;
+     bool apply_empty_patch = false;
++    bool posixly_correct_set;
+ 
+     exit_failure = 2;
+     program_name = argv[0];
+@@ -125,7 +126,7 @@ main (int argc, char **argv)
+ 			 i < 0 ? shell_quoting_style : (enum quoting_style) i);
+     }
+ 
+-    posixly_correct = getenv ("POSIXLY_CORRECT") != 0;
++    posixly_correct_set = posixly_correct = getenv ("POSIXLY_CORRECT") != 0;
+     backup_if_mismatch = ! posixly_correct;
+     patch_get = ((val = getenv ("PATCH_GET"))
+ 		 ? numeric_string (val, true, "PATCH_GET value")
+@@ -151,6 +152,10 @@ main (int argc, char **argv)
+     Argv = argv;
+     get_some_switches();
+ 
++    /* Let --posix cause --no-backup-if-mismatch. */
++    if (! posixly_correct_set && posixly_correct && backup_if_mismatch)
++      backup_if_mismatch = false;
++
+     if (make_backups | backup_if_mismatch)
+       backup_type = get_version (version_control_context, version_control);
+ 
diff --git a/pkgs/patch/patches/patch-2.6.1-get-arg.patch b/pkgs/patch/patches/patch-2.6.1-get-arg.patch
new file mode 100644
index 000000000..45f3bc8a5
--- /dev/null
+++ b/pkgs/patch/patches/patch-2.6.1-get-arg.patch
@@ -0,0 +1,12 @@
+diff -up patch-2.6.1/src/patch.c.get-arg patch-2.6.1/src/patch.c
+--- patch-2.6.1/src/patch.c.get-arg	2010-07-27 18:05:26.217150510 +0100
++++ patch-2.6.1/src/patch.c	2010-07-27 18:05:47.464150892 +0100
+@@ -558,7 +558,7 @@ static struct option const longopts[] =
+   {"remove-empty-files", no_argument, NULL, 'E'},
+   {"force", no_argument, NULL, 'f'},
+   {"fuzz", required_argument, NULL, 'F'},
+-  {"get", no_argument, NULL, 'g'},
++  {"get", required_argument, NULL, 'g'},
+   {"input", required_argument, NULL, 'i'},
+   {"ignore-whitespace", no_argument, NULL, 'l'},
+ #ifdef ENABLE_MERGE
diff --git a/pkgs/patch/patches/patch-selinux.patch b/pkgs/patch/patches/patch-selinux.patch
new file mode 100644
index 000000000..904539c49
--- /dev/null
+++ b/pkgs/patch/patches/patch-selinux.patch
@@ -0,0 +1,171 @@
+diff -up patch-2.6.1/Makefile.in.selinux patch-2.6.1/Makefile.in
+--- patch-2.6.1/Makefile.in.selinux	2011-02-08 11:29:34.590271489 +0000
++++ patch-2.6.1/Makefile.in	2011-02-08 11:29:34.602271607 +0000
+@@ -40,7 +40,7 @@ EXEEXT = @EXEEXT@
+ LDFLAGS = @LDFLAGS@
+ LIBOBJDIR = gl/lib/
+ LIBOBJS = @LIBOBJS@ ${LIBOBJDIR}full-write$U.o
+-LIBS = @LIBS@
++LIBS = @LIBS@ -lselinux
+ OBJEXT = @OBJEXT@
+ PACKAGE_NAME = @PACKAGE_NAME@
+ PACKAGE_VERSION = @PACKAGE_VERSION@
+diff -up patch-2.6.1/src/common.h.selinux patch-2.6.1/src/common.h
+--- patch-2.6.1/src/common.h.selinux	2009-12-30 12:56:30.000000000 +0000
++++ patch-2.6.1/src/common.h	2011-02-08 11:29:34.602271607 +0000
+@@ -32,6 +32,8 @@
+ #include <sys/types.h>
+ #include <time.h>
+ 
++#include <selinux/selinux.h>
++
+ #include <sys/stat.h>
+ #if ! defined S_ISDIR && defined S_IFDIR
+ # define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR)
+@@ -118,6 +120,7 @@ XTERN char *outfile;
+ XTERN int inerrno;
+ XTERN int invc;
+ XTERN struct stat instat;
++XTERN security_context_t incontext;
+ XTERN bool dry_run;
+ XTERN bool posixly_correct;
+ 
+diff -up patch-2.6.1/src/inp.c.selinux patch-2.6.1/src/inp.c
+--- patch-2.6.1/src/inp.c.selinux	2011-02-08 11:29:34.576271352 +0000
++++ patch-2.6.1/src/inp.c	2011-02-08 11:29:34.604271627 +0000
+@@ -152,8 +152,18 @@ get_input_file (char const *filename, ch
+     char *diffbuf;
+     char *getbuf;
+ 
+-    if (inerrno == -1)
+-      inerrno = stat (filename, &instat) == 0 ? 0 : errno;
++    inerrno = stat (filename, &instat) == 0 ? 0 : errno;
++    if (inerrno == 0)
++      {
++        inerrno = getfilecon (inname, &incontext) == -1 ? errno : 0;
++        if (inerrno == ENODATA || inerrno == ENOTSUP)
++          {
++    	inerrno = 0;
++    	incontext = NULL;
++          }
++      }
++    else
++      incontext = NULL;
+ 
+     /* Perhaps look for RCS or SCCS versions.  */
+     if (patch_get
+@@ -197,7 +207,7 @@ get_input_file (char const *filename, ch
+ 	    }
+ 
+ 	    if (cs && version_get (filename, cs, ! inerrno, elsewhere, getbuf,
+-				   &instat))
++				   &instat, &incontext))
+ 	      inerrno = 0;
+ 
+ 	    free (getbuf);
+@@ -209,6 +219,7 @@ get_input_file (char const *filename, ch
+       {
+ 	instat.st_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
+ 	instat.st_size = 0;
++	incontext = NULL;
+       }
+     else if (! S_ISREG (instat.st_mode))
+       fatal ("File %s is not a regular file -- can't patch",
+diff -up patch-2.6.1/src/patch.c.selinux patch-2.6.1/src/patch.c
+--- patch-2.6.1/src/patch.c.selinux	2011-02-08 11:29:34.586271450 +0000
++++ patch-2.6.1/src/patch.c	2011-02-08 11:29:34.606271646 +0000
+@@ -421,6 +421,21 @@ main (int argc, char **argv)
+ 			      /* Fails if we are not in group instat.st_gid.  */
+ 			      chown (outname, -1, instat.st_gid);
+ 			    }
++
++			  if (! inerrno && incontext)
++			    {
++			      security_context_t outcontext;
++			      if (getfilecon (outname, &outcontext) != -1 &&
++				  outcontext &&
++				  strcmp(outcontext, incontext) && 
++				  setfilecon (outname, incontext) != 0)
++				{
++				  if (errno != ENOTSUP && errno != EPERM)
++				    pfatal ("Can't set security context "
++					    "on file %s", quotearg (outname));
++				}
++			    }
++
+ 			  /* FIXME: There may be other attributes to preserve.  */
+ 			}
+ 		    }
+diff -up patch-2.6.1/src/pch.c.selinux patch-2.6.1/src/pch.c
+--- patch-2.6.1/src/pch.c.selinux	2011-02-08 11:29:34.591271499 +0000
++++ patch-2.6.1/src/pch.c	2011-02-08 11:30:08.810621570 +0000
+@@ -307,7 +307,12 @@ there_is_another_patch (bool need_header
+ 	    inname[t - buf - 1] = 0;
+ 	    if (stat (inname, &instat) == 0)
+ 	      {
+-		inerrno = 0;
++		inerrno = getfilecon (inname, &incontext) == -1 ? errno : 0;
++		if (inerrno == ENODATA || inerrno == ENOTSUP)
++		  {
++		    inerrno = 0;
++		    incontext = NULL;
++		  }
+ 		invc = -1;
+ 	      }
+ 	    else
+@@ -681,7 +686,7 @@ intuit_diff_type (bool need_header)
+ 			  if (cs)
+ 			    {
+ 			      if (version_get (p_name[i], cs, false, readonly,
+-					       getbuf, &st[i]))
++					       getbuf, &st[i], NULL))
+ 				stat_errno[i] = 0;
+ 			      else
+ 				version_controlled[i] = 0;
+@@ -746,6 +751,7 @@ intuit_diff_type (bool need_header)
+ 	invc = version_controlled[i];
+ 	instat = st[i];
+ 	validate_target_name (inname);
++	getfilecon (inname, &incontext);
+       }
+ 
+     return retval;
+diff -up patch-2.6.1/src/util.c.selinux patch-2.6.1/src/util.c
+--- patch-2.6.1/src/util.c.selinux	2009-11-02 19:09:57.000000000 +0000
++++ patch-2.6.1/src/util.c	2011-02-08 11:29:34.613271715 +0000
+@@ -574,7 +574,8 @@ version_controller (char const *filename
+    Return true if successful.  */
+ bool
+ version_get (char const *filename, char const *cs, bool exists, bool readonly,
+-	     char const *getbuf, struct stat *filestat)
++	     char const *getbuf, struct stat *filestat,
++	     security_context_t *filecontext)
+ {
+   if (patch_get < 0)
+     {
+@@ -599,6 +600,13 @@ version_get (char const *filename, char 
+ 	fatal ("Can't get file %s from %s", quotearg (filename), cs);
+       if (stat (filename, filestat) != 0)
+ 	pfatal ("%s", quotearg (filename));
++      if (filecontext && getfilecon (filename, filecontext) == -1)
++	{
++	  if (errno == ENODATA || errno == ENOTSUP)
++	    *filecontext = NULL;
++	  else
++	    pfatal ("%s", quotearg (filename));
++	}
+     }
+ 
+   return 1;
+diff -up patch-2.6.1/src/util.h.selinux patch-2.6.1/src/util.h
+--- patch-2.6.1/src/util.h.selinux	2009-11-02 19:09:57.000000000 +0000
++++ patch-2.6.1/src/util.h	2011-02-08 11:29:34.614271726 +0000
+@@ -51,7 +51,7 @@ char *fetchname (char *, int, char **, t
+ char *savebuf (char const *, size_t);
+ char *savestr (char const *);
+ char const *version_controller (char const *, bool, struct stat const *, char **, char **);
+-bool version_get (char const *, char const *, bool, bool, char const *, struct stat *);
++bool version_get (char const *, char const *, bool, bool, char const *, struct stat *, security_context_t *);
+ int create_file (char const *, int, mode_t, bool);
+ int systemic (char const *);
+ char *format_linenum (char[LINENUM_LENGTH_BOUND + 1], LINENUM);