Hello community,
here is the log from the commit of package apparmor-parser
checked in at Fri Sep 12 22:50:44 CEST 2008.
--------
--- apparmor-parser/apparmor-parser.changes 2008-08-24 21:47:00.000000000 +0200
+++ apparmor-parser/apparmor-parser.changes 2008-09-12 13:35:54.561395000 +0200
@@ -1,0 +2,5 @@
+Fri Sep 12 13:35:24 CEST 2008 - jjohansen@suse.de
+
+- sync to upstream apparmor 2.3.1 containing bug fix release for 2.3
+
+-------------------------------------------------------------------
Old:
----
apparmor-parser-2.3-1275.tar.gz
New:
----
apparmor-parser-2.3.1-1299.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apparmor-docs.spec ++++++
--- /var/tmp/diff_new_pack.f32011/_old 2008-09-12 22:48:40.000000000 +0200
+++ /var/tmp/diff_new_pack.f32011/_new 2008-09-12 22:48:40.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package apparmor-docs (Version 2.3)
+# spec file for package apparmor-docs (Version 2.3.1)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -31,10 +31,10 @@
%define distro suse
%endif
Summary: AppArmor Documentation package
-Version: 2.3
-Release: 57
+Version: 2.3.1
+Release: 1
Group: Documentation/Other
-Source0: apparmor-parser-%{version}-1275.tar.gz
+Source0: apparmor-parser-%{version}-1299.tar.gz
License: Other uncritical OpenSource License
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
++++++ apparmor-parser.spec ++++++
--- /var/tmp/diff_new_pack.f32011/_old 2008-09-12 22:48:40.000000000 +0200
+++ /var/tmp/diff_new_pack.f32011/_new 2008-09-12 22:48:40.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package apparmor-parser (Version 2.3)
+# spec file for package apparmor-parser (Version 2.3.1)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -31,10 +31,10 @@
%define distro suse
%endif
Summary: AppArmor userlevel parser utility
-Version: 2.3
-Release: 46
+Version: 2.3.1
+Release: 1
Group: Productivity/Networking/Security
-Source0: %{name}-%{version}-1275.tar.gz
+Source0: %{name}-%{version}-1299.tar.gz
Patch: apparmor-init.patch
License: GPL v2 or later
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -175,6 +175,8 @@
%endif
%changelog
+* Fri Sep 12 2008 jjohansen@suse.de
+- sync to upstream apparmor 2.3.1 containing bug fix release for 2.3
* Sun Aug 24 2008 aj@suse.de
- Fix init scripts.
* Wed Jun 04 2008 jjohansen@suse.de
++++++ apparmor-parser-2.3-1275.tar.gz -> apparmor-parser-2.3.1-1299.tar.gz ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/apparmor-parser.spec new/apparmor-parser-2.3.1/apparmor-parser.spec
--- old/apparmor-parser-2.3/apparmor-parser.spec 2008-06-04 10:30:06.000000000 +0200
+++ new/apparmor-parser-2.3.1/apparmor-parser.spec 2008-09-12 13:41:39.000000000 +0200
@@ -33,10 +33,10 @@
Summary: AppArmor userlevel parser utility.
Name: apparmor-parser
-Version: 2.3
-Release: 1275
+Version: 2.3.1
+Release: 1299
Group: Applications/System
-Source0: %{name}-%{version}-1275.tar.gz
+Source0: %{name}-%{version}-1299.tar.gz
License: GPL
BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build
Url: http://forge.novell.com/modules/xfmod/project/?apparmor
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/common/Make.rules new/apparmor-parser-2.3.1/common/Make.rules
--- old/apparmor-parser-2.3/common/Make.rules 2008-04-07 21:37:57.000000000 +0200
+++ new/apparmor-parser-2.3.1/common/Make.rules 2008-09-12 13:40:04.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: Make.rules 1182 2008-04-07 19:37:57Z jrjohansen $
+# $Id: Make.rules 1300 2008-09-12 11:40:04Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -25,7 +25,7 @@
# directories
DISTRIBUTION=AppArmor
-VERSION=2.3
+VERSION=2.3.1
# OVERRIDABLE variables
# Set these variables before including Make.rules to change its behavior
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/libapparmor_re/regexp.y new/apparmor-parser-2.3.1/libapparmor_re/regexp.y
--- old/apparmor-parser-2.3/libapparmor_re/regexp.y 2008-04-16 07:44:21.000000000 +0200
+++ new/apparmor-parser-2.3.1/libapparmor_re/regexp.y 2008-06-08 11:56:37.000000000 +0200
@@ -1684,7 +1684,7 @@
} else {
//fprintf(stderr, "Adding deny ai %d mask 0x%x audit 0x%x\n", ai, mask, audit & mask);
deny_flags[ai][n] = new DenyMatchFlag(mask, audit&mask);
- flag = deny_flags[ai][n];
+ flag = deny_flags[ai][n]->dup();
}
} else if (mask & AA_EXEC_BITS) {
uint32_t eperm = 0;
@@ -1702,14 +1702,14 @@
flag = exact_match_flags[ai][index]->dup();
} else {
exact_match_flags[ai][index] = new ExactMatchFlag(eperm, audit&mask);
- flag = exact_match_flags[ai][index];
+ flag = exact_match_flags[ai][index]->dup();
}
} else {
if (exec_match_flags[ai][index]) {
flag = exec_match_flags[ai][index]->dup();
} else {
exec_match_flags[ai][index] = new MatchFlag(eperm, audit&mask);
- flag = exec_match_flags[ai][index];
+ flag = exec_match_flags[ai][index]->dup();
}
}
} else {
@@ -1717,7 +1717,7 @@
flag = match_flags[ai][n]->dup();
} else {
match_flags[ai][n] = new MatchFlag(mask, audit&mask);
- flag = match_flags[ai][n];
+ flag = match_flags[ai][n]->dup();
}
}
if (accept)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/parser.h new/apparmor-parser-2.3.1/parser.h
--- old/apparmor-parser-2.3/parser.h 2008-06-04 10:24:38.000000000 +0200
+++ new/apparmor-parser-2.3.1/parser.h 2008-09-10 11:42:49.000000000 +0200
@@ -1,4 +1,4 @@
-/* $Id: parser.h 1275 2008-06-04 08:24:38Z jrjohansen $ */
+/* $Id: parser.h 1297 2008-09-10 09:42:49Z jrjohansen $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002, 2004, 2005, 2006, 2007
@@ -26,7 +26,7 @@
typedef enum pattern_t pattern_t;
struct flagval {
- int debug;
+ int hat;
int complain;
int audit;
};
@@ -166,6 +166,11 @@
#define AARE_PCRE 1
#define AARE_DFA 2
+#define FLAG_CHANGEHAT_1_4 2
+#define FLAG_CHANGEHAT_1_5 3
+extern int flag_changehat_version;
+
+
#ifdef DEBUG
#define PDEBUG(fmt, args...) printf("parser: " fmt, ## args)
#else
@@ -266,6 +271,8 @@
extern int load_codomain(int option, struct codomain *cod);
extern int sd_serialize_profile(sd_serialize *p, struct codomain *cod,
int flatten);
+extern int sd_load_buffer(int option, char *buffer, int size);
+
/* parser_policy.c */
extern void add_to_list(struct codomain *codomain);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/parser_interface.c new/apparmor-parser-2.3.1/parser_interface.c
--- old/apparmor-parser-2.3/parser_interface.c 2008-04-16 09:54:51.000000000 +0200
+++ new/apparmor-parser-2.3.1/parser_interface.c 2008-09-10 11:44:53.000000000 +0200
@@ -1,4 +1,4 @@
-/* $Id: parser_interface.c 1198 2008-04-16 07:54:51Z jrjohansen $ */
+/* $Id: parser_interface.c 1298 2008-09-10 09:44:53Z jrjohansen $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
@@ -632,7 +632,7 @@
if (!sd_write_struct(p, "flags"))
return 0;
/* used to be flags.debug, but that's no longer supported */
- if (!sd_write32(p, 0))
+ if (!sd_write32(p, profile->flags.hat))
return 0;
if (!sd_write32(p, profile->flags.complain))
return 0;
@@ -886,3 +886,66 @@
exit:
return error;
}
+
+/* bleah the kernel should just loop and do multiple load, but to support
+ * older systems we need to do this
+ */
+#define PROFILE_HEADER_SIZE
+static char header_version[] = "\x04\x08\x00version";
+
+static char *next_profile_buffer(char *buffer, int size)
+{
+ char *b = buffer;
+
+ for (; size - sizeof(header_version); b++, size--) {
+ if (memcmp(b, header_version, sizeof(header_version)) == 0) {
+ return b;
+ }
+ }
+ return NULL;
+}
+
+int sd_load_buffer(int option, char *buffer, int size)
+{
+ int fd;
+ int error = 0, wsize, bsize;
+ char *filename = NULL;
+ char *b;
+
+ switch (option) {
+ case OPTION_ADD:
+ asprintf(&filename, "%s/.load", subdomainbase);
+ fd = open(filename, O_WRONLY);
+ break;
+ case OPTION_REPLACE:
+ asprintf(&filename, "%s/.replace", subdomainbase);
+ fd = open(filename, O_WRONLY);
+ break;
+ default:
+ error = -EINVAL;
+ goto exit;
+ break;
+ }
+
+ if (fd < 0) {
+ PERROR(_("Unable to open %s - %s\n"), filename,
+ strerror(errno));
+ error = -errno;
+ goto exit;
+ }
+
+ for (b = buffer; b ; b = next_profile_buffer(b + sizeof(header_version), bsize)) {
+ bsize = size - (b - buffer);
+ wsize = write(fd, b, bsize);
+ if (wsize < 0) {
+ error = -errno;
+ } else if (wsize < bsize) {
+ PERROR(_("%s: Unable to write entire profile entry\n"),
+ progname);
+ }
+ }
+ close(fd);
+exit:
+ free(filename);
+ return error;
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/parser_main.c new/apparmor-parser-2.3.1/parser_main.c
--- old/apparmor-parser-2.3/parser_main.c 2007-11-16 10:18:48.000000000 +0100
+++ new/apparmor-parser-2.3.1/parser_main.c 2008-09-10 11:42:49.000000000 +0200
@@ -1,4 +1,4 @@
-/* $Id: parser_main.c 1023 2007-11-16 09:18:48Z jrjohansen $ */
+/* $Id: parser_main.c 1297 2008-09-10 09:42:49Z jrjohansen $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
@@ -46,6 +46,7 @@
#define PROC_MODULES "/proc/modules"
#define DEFAULT_APPARMORFS "/sys/kernel/security/" MODULE_NAME
#define MATCH_STRING "/sys/kernel/security/" MODULE_NAME "/matching"
+#define FLAGS_FILE "/sys/kernel/security/" MODULE_NAME "/features"
#define MOUNTED_FS "/proc/mounts"
#define PCRE "pattern=pcre"
#define AADFA "pattern=aadfa"
@@ -59,6 +60,7 @@
char *progname;
int option = OPTION_ADD;
int force_complain = 0;
+int binary_input = 0;
int names_only = 0;
int dump_vars = 0;
int dump_expanded_vars = 0;
@@ -66,13 +68,17 @@
char *subdomainbase = NULL;
char *profilename;
char *match_string = NULL;
+char *flags_string = NULL;
int regex_type = AARE_DFA;
char *profile_namespace = NULL;
+int flag_changehat_version = FLAG_CHANGEHAT_1_5;
+
extern int current_lineno;
struct option long_options[] = {
{"add", 0, 0, 'a'},
+ {"binary", 0, 0, 'B'},
{"base", 1, 0, 'b'},
{"debug", 0, 0, 'd'},
{"subdomainfs", 0, 0, 'f'},
@@ -86,7 +92,7 @@
{"dump-expanded-variables", 0, 0, 'E'},
{"Include", 1, 0, 'I'},
{"remove", 0, 0, 'R'},
- {"names", 0, 0, 'N'}, /* undocumented only emit profilenames */
+ {"names", 0, 0, 'N'},
{"stdout", 0, 0, 'S'},
{"match-string", 1, 0, 'm'},
{"quiet", 0, 0, 'q'},
@@ -109,20 +115,23 @@
"Options:\n"
"--------\n"
"-a, --add Add apparmor definitions [default]\n"
- "-d, --debug Debug apparmor definitions\n"
- "-h, --help Display this text and exit\n"
"-r, --replace Replace apparmor definitions\n"
"-R, --remove Remove apparmor definitions\n"
- "-v, --version Display version info and exit\n"
- "-p, --preprocess Preprocess only\n"
"-C, --Complain Force the profile into complain mode\n"
- "-I n, --Include n Add n to the search path\n"
+ "-B, --binary Input is precompiled profile\n"
+ "-p, --preprocess Dump profiles with includes expanded\n"
+ "-N, --names Dump names of profiles in input.\n"
+ "-S, --stdout Dump compiled profile to stdout\n"
"-b n, --base n Set base dir and cwd\n"
+ "-I n, --Include n Add n to the search path\n"
"-f n, --subdomainfs n Set location of apparmor filesystem\n"
- "-S, --stdout Write output to stdout\n"
"-m n, --match-string n Use only match features n\n"
"-n n, --namespace n Set Namespace for the profile\n"
- "-q, --quiet Don't emit warnings\n", command);
+ "-q, --quiet Don't emit warnings\n"
+ "-v, --version Display version info and exit\n"
+ "-d, --debug Debug apparmor definitions\n"
+ "-h, --help Display this text and exit\n"
+ ,command);
}
void pwarn(char *fmt, ...)
@@ -152,7 +161,7 @@
int count = 0;
option = OPTION_ADD;
- while ((c = getopt_long(argc, argv, "adf:hrRvpI:b:CNSm:qn:", long_options, &o)) != -1)
+ while ((c = getopt_long(argc, argv, "adf:hrRvpI:b:BCNSm:qn:", long_options, &o)) != -1)
{
switch (c) {
case 0:
@@ -193,6 +202,9 @@
case 'b':
set_base_dir(optarg);
break;
+ case 'B':
+ binary_input =1;
+ break;
case 'C':
force_complain = 1;
break;
@@ -259,8 +271,7 @@
char *retval = NULL;
struct stat buf;
- asprintf(&proposed_base, "%s%s", mntpnt, path);
- if (!proposed_base) {
+ if (asprintf(&proposed_base, "%s%s", mntpnt, path)<0 || !proposed_base) {
PERROR(_("%s: Could not allocate memory for subdomainbase mount point\n"),
progname);
exit(ENOMEM);
@@ -381,6 +392,37 @@
return;
}
+static void get_flags_string(void) {
+ char *pos;
+ FILE *f = fopen(FLAGS_FILE, "r");
+ if (!f)
+ return;
+
+ flags_string = malloc(1024);
+ if (!flags_string)
+ goto fail;
+
+ if (!fgets(flags_string, 1024, f))
+ goto fail;
+
+ fclose(f);
+ pos = strstr(flags_string, "change_hat=");
+ if (pos) {
+ if (strncmp(pos, "change_hat=1.4", 14) == 0)
+ flag_changehat_version = FLAG_CHANGEHAT_1_4;
+//fprintf(stderr, "flags string: %s\n", flags_string);
+//fprintf(stderr, "changehat %d\n", flag_changehat_version);
+ }
+ return;
+
+fail:
+ free(flags_string);
+ flags_string = NULL;
+ if (f)
+ fclose(f);
+ return;
+}
+
/* return 1 --> PCRE should work fine
return 0 --> no PCRE support */
static int regex_support(void) {
@@ -395,6 +437,52 @@
return 0;
}
+int process_binary(int option, char *profilename)
+{
+ char *buffer = NULL;
+ int retval = 0, size = 0, asize = 0, rsize;
+ int chunksize = 1 << 14;
+ int fd;
+
+ if (profilename) {
+ fd = open(profilename, O_RDONLY);
+ if (fd == -1) {
+ PERROR(_("Error: Could not read profile %s: %s.\n"),
+ profilename, strerror(errno));
+ exit(errno);
+ }
+ } else {
+ fd = dup(0);
+ }
+
+ do {
+ if (asize - size == 0) {
+ buffer = realloc(buffer, chunksize);
+ asize = chunksize;
+ chunksize <<= 1;
+ if (!buffer) {
+ PERROR(_("Memory allocation error."));
+ exit(errno);
+ }
+ }
+
+ rsize = read(fd, buffer + size, asize - size);
+ if (rsize)
+ size += rsize;
+ } while (rsize > 0);
+
+ close(fd);
+
+ if (rsize == 0)
+ retval = sd_load_buffer(option, buffer, size);
+ else
+ retval = rsize;
+
+ free(buffer);
+
+ return retval;
+}
+
int process_profile(int option, char *profilename)
{
int retval = 0;
@@ -407,8 +495,14 @@
if (retval != 0)
goto out;
+ if (names_only) {
+ dump_policy_names();
+ goto out;
+ }
+
/* Get the match string to determine type of regex support needed */
get_match_string();
+ get_flags_string();
retval = post_process_policy();
if (retval != 0) {
@@ -435,11 +529,6 @@
goto out;
}
- if (names_only) {
- dump_policy_names();
- goto out;
- }
-
if (!regex_support()) {
die_if_any_regex();
}
@@ -478,10 +567,12 @@
return retval;
}
- parse_default_paths();
- retval = process_profile(option, profilename);
- if (retval != 0)
- return retval;
+ if (binary_input) {
+ retval = process_binary(option, profilename);
+ } else {
+ parse_default_paths();
+ retval = process_profile(option, profilename);
+ }
return retval;
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/parser_misc.c new/apparmor-parser-2.3.1/parser_misc.c
--- old/apparmor-parser-2.3/parser_misc.c 2008-04-16 07:44:21.000000000 +0200
+++ new/apparmor-parser-2.3.1/parser_misc.c 2008-06-10 00:17:41.000000000 +0200
@@ -1,4 +1,4 @@
-/* $Id: parser_misc.c 1196 2008-04-16 05:44:21Z jrjohansen $ */
+/* $Id: parser_misc.c 1287 2008-06-09 22:17:41Z jrjohansen $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
@@ -91,8 +91,12 @@
{"locks", RLIMIT_LOCKS},
{"sigpending", RLIMIT_SIGPENDING},
{"msgqueue", RLIMIT_MSGQUEUE},
+#ifdef RLIMIT_NICE
{"nice", RLIMIT_NICE},
+#endif
+#ifdef RLIMIT_RTPRIO
{"rtprio", RLIMIT_RTPRIO},
+#endif
/* terminate */
{NULL, 0}
};
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/parser_policy.c new/apparmor-parser-2.3.1/parser_policy.c
--- old/apparmor-parser-2.3/parser_policy.c 2008-06-04 10:24:38.000000000 +0200
+++ new/apparmor-parser-2.3.1/parser_policy.c 2008-09-10 11:42:49.000000000 +0200
@@ -1,4 +1,4 @@
-/* $Id: parser_policy.c 1275 2008-06-04 08:24:38Z jrjohansen $ */
+/* $Id: parser_policy.c 1297 2008-09-10 09:42:49Z jrjohansen $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
@@ -344,9 +344,6 @@
#define CHANGEHAT_PATH "/proc/[0-9]*/attr/current"
/* add file rules to access /proc files to call change_hat()
- * add file rules to be able to change_hat, this restriction keeps
- * change_hat from being able to access local profiles that are not
- * meant to be used as hats
*/
static void __add_hat_rules_parent(const void *nodep, const VISIT value,
const int __unused depth)
@@ -365,10 +362,12 @@
if ((*t)->local)
return;
- /* add rule to grant permission to change_hat - AA 2.3 requirement,
+ /* add rule to grant permission to change_hat
+ * An opensuse 11.0, AA 2.3 requirement,
* rules are added to the parent of the hat
*/
- if ((*t)->parent) {
+ if ((flag_changehat_version == FLAG_CHANGEHAT_1_4) &&
+ (*t)->parent) {
char *buffer = malloc(strlen((*t)->name) + 1);
if (!buffer) {
PERROR("Memory allocation error\n");
@@ -385,19 +384,19 @@
add_entry_to_policy((*t)->parent, entry);
}
-/* later
- entry = new_entry(strdup(CHANGEHAT_PATH), AA_MAY_WRITE);
+ entry = new_entry(NULL, strdup(CHANGEHAT_PATH), AA_MAY_WRITE, NULL);
if (!entry) {
PERROR(_("ERROR adding hat access rule for profile %s\n"),
(*t)->name);
exit(1);
}
add_entry_to_policy(*t, entry);
-*/
+
twalk((*t)->hat_table, __add_hat_rules_parent);
}
-/* add the same hat rules to the hats as the parent so that hats can
+/* Deprecated: used to support changehat rules of AppArmor 2.3
+ * add the same hat rules to the hats as the parent so that hats can
* change to sibling hats
*/
static void __add_hat_rules_hats(const void *nodep, const VISIT value,
@@ -426,7 +425,6 @@
PERROR("Memory allocation error\n");
exit(1);
}
-
new_ent = new_entry(NULL, buffer,
AA_CHANGE_HAT, NULL);
if (!entry) {
@@ -436,16 +434,17 @@
add_entry_to_policy((*t), new_ent);
}
}
- }
-
- twalk((*t)->hat_table, __add_hat_rules_hats);
+ }
+ twalk((*t)->hat_table, __add_hat_rules_hats);
}
static int add_hat_rules(void)
{
twalk(policy_list, __add_hat_rules_parent);
- twalk(policy_list, __add_hat_rules_hats);
+ /* support hat rules of AppArmor 2.3 in opensuse 11.0 */
+ if (flag_changehat_version == FLAG_CHANGEHAT_1_4)
+ twalk(policy_list, __add_hat_rules_hats);
return 0;
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/parser_regex.c new/apparmor-parser-2.3.1/parser_regex.c
--- old/apparmor-parser-2.3/parser_regex.c 2008-04-16 07:44:21.000000000 +0200
+++ new/apparmor-parser-2.3.1/parser_regex.c 2008-06-08 11:56:37.000000000 +0200
@@ -1,4 +1,4 @@
-/* $Id: parser_regex.c 1196 2008-04-16 05:44:21Z jrjohansen $ */
+/* $Id: parser_regex.c 1277 2008-06-08 09:56:37Z jrjohansen $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
@@ -602,7 +602,9 @@
if (regex_type == AARE_DFA && cod->dfarule_count > 0) {
cod->dfa = aare_create_dfa(cod->dfarules, 0, &cod->dfa_size);
- if (!cod->dfa)
+ aare_delete_ruleset(cod->dfarules);
+ cod->dfarules = NULL;
+ if (!cod->dfa)
goto out;
/*
if (cod->dfa_size == 0) {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/parser_yacc.y new/apparmor-parser-2.3.1/parser_yacc.y
--- old/apparmor-parser-2.3/parser_yacc.y 2008-06-04 10:24:38.000000000 +0200
+++ new/apparmor-parser-2.3.1/parser_yacc.y 2008-09-12 09:52:39.000000000 +0200
@@ -1,5 +1,5 @@
%{
-/* $Id: parser_yacc.y 1275 2008-06-04 08:24:38Z jrjohansen $ */
+/* $Id: parser_yacc.y 1299 2008-09-12 07:52:39Z jrjohansen $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
@@ -178,7 +178,6 @@
%type <cap> capability
%type <cap> set_caps
%type