Sync from SUSE:SLFO:Main python-semanage revision 958f78b7fc5df0af73f4a2cb6cc22fba

This commit is contained in:
Adrian Schröter 2024-05-03 22:56:50 +02:00
commit dab8150b8a
10 changed files with 1434 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
baselibs.conf Normal file
View File

@ -0,0 +1 @@
libsemanage2

BIN
libsemanage-3.5.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -0,0 +1,19 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQKTBAABCgB9FiEE4WLerRzN0RPwSz1JK77Zyxpo71UFAmP3a15fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
NjJERUFEMUNDREQxMTNGMDRCM0Q0OTJCQkVEOUNCMUE2OEVGNTUACgkQK77Zyxpo
71VnEBAAp5+le5lK8Xc/9rNjVrCCOG4S6naxBjk66sm1qiTi2YKOA0vvoxMABU9X
vWZYd0Xd64NUq8JKd013pODD4e8WEDUnE6QB04kOTO51W32MZixOK4eL1hKJv0ky
vt8teuV4UrSrfQzn15pkeQMznVNryul5LOoY4N/YuCizBN+y3gkQSACUEV+mZkkS
FBKtADiIc+r/YDOYQv9PA5YSXdzB+O6I+Y+q9cotTwyvBfsYRuo7w5JnMvs4+awG
P5AX9pf4I14G03o2afxmjhGKoNTe4wxRJp7zDsg6juA52bCeO9PNVSQNgzH81LnG
F2VR9ubcY2lBLF8JfgMveiTaUOdfEuOOuy76ZciwvsPTa0o9e32brQaneE8sAgwm
b/fvGb2Qnkr+1r6juOZNHPBATXKW1pyeGGY0nRXkpSde54iEvEWw0mwlssFkJNbH
bMGlaTPJSDXe9Xt2jNvqR3Kb3fS7p2YLmA7jrcYKf49981rvJ2u3z8GISzpjqXMz
HOM679rWtA/Mkn9Ssec7znilZ5Y88LeQpOZyFpUXYA3+DEzK4c/pVyDuRlwztjOz
eyaA5pAMpaPE8sWt+I3B9yk3IfNmQCsFLvV9s4SSJsjl/Dhr/flDbkMDsZ1OCnZt
LPL2hKnmKC0owWbRle+tQG8oNEwbrLhBQ8HPsqm3JII12jvqk2g=
=/Kbc
-----END PGP SIGNATURE-----

434
libsemanage.changes Normal file
View File

@ -0,0 +1,434 @@
-------------------------------------------------------------------
Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.5
* Allow user to set SYSCONFDIR
* always write kernel policy when check_ext_changes is specified
- Added additional developer key (Jason Zaman)
-------------------------------------------------------------------
Mon May 9 10:37:17 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.4
* Optionally rebuild policy when modules are changed externally
* Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info()
* Allow spaces in user/group names
-------------------------------------------------------------------
Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Drop Buildrequires for libustr-devel, not needed anymore
-------------------------------------------------------------------
Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.3
* Fixed use-after-free in parse_module_store()
* Fixed use_after_free in semanage_direct_write_langext()
-------------------------------------------------------------------
Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Link to correct so version
- Minor spec file cleanups
-------------------------------------------------------------------
Wed Mar 17 08:29:15 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Move configuration file to separate libsemanage-conf package to allow
for parallel installation in future versions
-------------------------------------------------------------------
Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.2
* dropped old and deprecated symbols and functions
libsemanage version was bumped to libsemanage.so.2
* libsemanage tries to sync data to prevent empty files in SELinux module
store
-------------------------------------------------------------------
Wed Jul 29 14:37:19 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Add /var/lib/selinux
-------------------------------------------------------------------
Wed Jul 15 08:17:18 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Remove libsemanage-update-map-file.patch to prevent checkers from declining
the submission. Keeping the snippet in the spec file in case we try to
enable LTO again
-------------------------------------------------------------------
Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.1
* Improved manpage
* fsync final files before rename
-------------------------------------------------------------------
Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Disabled LTO again. This breaks e.g. shadow and also other packages
in security:SELinux
-------------------------------------------------------------------
Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Fix build with LTO: [bsc#1133102]
* Enable LTO (Link Time Optimization) and build with -ffat-lto-objects
* Update map file to include new symbols and remove wildcards
- Add libsemanage-update-map-file.patch
-------------------------------------------------------------------
Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop suse_path.patch: replace it with a grep/sed logic replacing
/usr/libexec in all files with the correct value for all distros
(taking into account that openSUSE is in progress of migrating
from /usr/lib to /usr/libexec).
-------------------------------------------------------------------
Fri May 29 12:51:17 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Apply suse_path.patch only for older distributions. Newer
use libexec
-------------------------------------------------------------------
Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Update to version 3.0
* Add support for DCCP and SCTP protocols
* include internal header to use the hidden function prototypes
* mark all exported function "extern"
* optionally optimize policy on rebuild
Refreshed suse_path.patch
-------------------------------------------------------------------
Thu Jun 20 10:22:04 UTC 2019 - Martin Liška <mliska@suse.cz>
- Disable LTO due to symbol versioning (boo#1138812).
-------------------------------------------------------------------
Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com
- Update to version 2.9
* Always set errno to 0 before calling getpwent()
* Include user name in ROLE_REMOVE audit events
* genhomedircon - improve handling large groups
* improve semanage_migrate_store import failure
* reset umask before creating directories
* set selinux policy root around calls to selinux_boolean_sub
* use previous seuser when getting the previous name
-------------------------------------------------------------------
Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Use more %make_install.
-------------------------------------------------------------------
Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com
- Adjusted source urls (bsc#1115052)
-------------------------------------------------------------------
Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com
- update to version 2.8
* semanage fcontext -l now also lists home directory entries from
file_contexts.homedirs.
* libsemanage no longer deletes the tmp directory if there is an error
while committing the policy transaction, so that any temporary files
can be further inspected for debugging purposes (e.g. to examine a
particular line of the generated CIL module). The tmp directory will
be deleted upon the next transaction, so no manual removal is needed.
* When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
DESTDIR has to be removed from the definition. For example on Arch
Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
* PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
- Clened with spec-cleaner
-------------------------------------------------------------------
Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com
- Update to version 2.7. Changes:
* IB support
* saves linked policy and skips relinking whenever possible
-------------------------------------------------------------------
Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
* genhomedircon: do not suppress logging from libsepol
* genhomedircon: use userprefix as the role for homedir
* Fix bug preventing the installation of base modules
* Use pp module name instead of filename when installing module
* genhomedircon: remove hardcoded refpolicy strings
* genhomedircon: add support for %group syntax
* genhomedircon: generate contexts for logins mapped to the default user
* Validate and compile file contexts before installing
* Swap tcp and udp protocol numbers
* genhomedircon: %{USERID} and %{USERNAME} support and code cleanups
-------------------------------------------------------------------
Mon Dec 12 14:59:36 UTC 2016 - dimstar@opensuse.org
- Split out the Policy Store Migration tool into
libsemanage-store-migrate: it is not a devel tool to start with.
Additionally, it causes the -devel package to depend on python,
which we want to avoid (libsemanabe being part of the core build
cycle). The library suggests libsemanage-store-migrate.
-------------------------------------------------------------------
Sun Jul 17 15:17:39 UTC 2016 - jengelh@inai.de
- Update RPM groups, trim description, combine filelist entries,
ensure pkgconfig() symbols are generated.
-------------------------------------------------------------------
Thu Jul 14 14:20:12 UTC 2016 - jsegitz@novell.com
- Without bug number no submit to SLE 12 SP2 is possible, so to make
sle-changelog-checker happy: bsc#988977
-------------------------------------------------------------------
Wed Jul 13 09:43:28 UTC 2016 - jsegitz@novell.com
- Added suse_path.patch to fix path to hll compiler
-------------------------------------------------------------------
Fri Jul 8 15:24:49 UTC 2016 - i@marguerite.su
- update version 2.5
* Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss.
* Fix uninitialized variable in direct_commit and direct_api
* semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so
* Store homedir_template and users_extra in policy store
* Fix null pointer dereference in semanage_module_key_destroy
* Add semanage_module_extract() to extract a module as CIL or HLL
* semanage_migrate_store: add -r <root> option for migrating inside chroots
* Add file_contexts and seusers to the store
* Add policy binary and file_contexts.local to the store
* Allow to install compressed modules without a compression extension
* Do not copy contexts in semanage_migrate_store
* Fix logic in bunzip for uncompressed pp files
* Fix fname[] initialization in test_utilities.c
* Add remove-hll semanage.conf option to remove HLL files after
compilation to CIL
* Fix memory leaks when parsing semanage.conf
* Change bunzip to use heap instead of stack to prevent segfault on
systems with small stack size
- changes in 2.4
* Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different
directories
* Fix bugs found by hardened gcc flags
* Add missing manpage links to security_load_policy
* Fix failing libsemanage pywrap tests
* Fix deprecation warning for bison
* Skip policy module relink when only setting booleans
* Only try to compile file contexts if they exist
* Fix memory leak when setting a custom store path
* Add semodule option to set store root path in semanage.conf and the
semodule command
* Add semanage.conf option to set an alternative root path for policy
store
* Add support for High Level Language (HLL) to CIL compilers. The HLL
compiler path is configurable, but should be placed in
/usr/libexec/selinux/hll by default
* Create a policy migration script for migrating the policy store from
/etc/selinux to /var/lib/selinux
* Add python3 support to the migration script
* Use libcil to compile modules
* Use symbolic versioning to maintain ABI compatibility for old install
functions
* Add a target-platform option to semanage.conf to control how policies
are built
* Add API to handle modules and source policies, moving module store to
/var/lib/selinux
* Only try to compile file contexts if they exist
-------------------------------------------------------------------
Sun May 18 00:10:55 UTC 2014 - crrodriguez@opensuse.org
- version 2.3
* Fix memory leak in semanage_genhomedircon from Thomas Hurd.
-------------------------------------------------------------------
Tue Feb 11 10:12:55 UTC 2014 - vcizek@suse.com
- add semanage.conf as SOURCE and install it instead of the default
one
-------------------------------------------------------------------
Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
* Avoid duplicate list entries
* Add audit support to libsemanage
* Remove policy.kern and replace with symlink
* Apply a MAX_UID check for genhomedircon
* Fix man pages
- Add audit-devel BuildRequires; new dependency
- Add fdupes BuildRequires and use it to symlink duplicate manpages
-------------------------------------------------------------------
Thu Jun 27 14:56:37 UTC 2013 - vcizek@suse.com
- change the source url to the official 2.1.10 release tarball
-------------------------------------------------------------------
Thu Apr 4 19:29:33 UTC 2013 - vcizek@suse.com
- fixed source url
- removed old tarball
-------------------------------------------------------------------
Fri Mar 29 15:21:29 UTC 2013 - vcizek@suse.com
- update to 2.1.10
* Add sefcontext_compile to compile regex everytime policy is rebuilt
* Cleanup/fix enable/disable/remove module.
* redo genhomedircon minuid
* fixes from coverity
* semanage_store: do not leak memory in semanage_exec_prog
* genhomedircon: remove useless conditional in get_home_dirs
* genhomedircon: double free in get_home_dirs
* fcontext_record: do not leak on error in semanage_fcontext_key_create
* genhomedircon: do not leak on failure in write_gen_home_dir_context
* semanage_store: do not leak fd
* genhomedircon: do not leak shells list
* semanage_store: do not leak on strdup failure
* semanage_store: rewrite for readability
-------------------------------------------------------------------
Wed Jan 30 12:00:30 UTC 2013 - vcizek@suse.com
- update to 2.1.9
* dropped libsemanage-2.1.6-NULL_level_fix.patch (fixed upstream)
* libsemanage: do not set soname needlessly
* libsemanage: remove PYTHONLIBDIR and ruby equivalent
* do boolean name substitution
* Fix segfault for building standard policies.
* remove build warning when build swig c files
* additional makefile support for rubywrap
* ignore 80 column limit for readability
* semanage_store: fix snprintf length argument by using asprintf
* Use default semanage.conf as a fallback
* use after free in python bindings
* Alternate path for semanage.conf
* do not link against libpython, this is considered bad in Debian
* Allow to build for several ruby version
* fallback-user-level
-------------------------------------------------------------------
Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de
- Remove obsolete defines/sections
-------------------------------------------------------------------
Wed Oct 24 16:36:25 UTC 2012 - vcizek@suse.com
- when building "standard" (not MCS/MLS) selinux-policies,
libsemanage will crash, because "level" is NULL
(libsemanage-2.1.6-NULL_level_fix.patch)
-------------------------------------------------------------------
Mon Aug 27 13:49:45 UTC 2012 - cfarrell@suse.com
- license update: LGPL-2.1+
Could not find any LGPL-2.1 "only" licensed files in the pacakge
-------------------------------------------------------------------
Wed Aug 1 07:54:33 UTC 2012 - meissner@suse.com
- Updated to 2.1.6
* changes too numerous to list
-------------------------------------------------------------------
Wed Oct 5 15:10:27 UTC 2011 - uli@suse.com
- cross-build fix: use %__cc macro
-------------------------------------------------------------------
Thu Sep 22 13:14:39 CEST 2011 - dmueller@suse.de
- buildrequire libbz2-devel
-------------------------------------------------------------------
Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org
- split off python bindings to separate package to reduce build
dependencies for rpm [bnc#695436]
-------------------------------------------------------------------
Wed May 18 13:38:44 UTC 2011 - coolo@novell.com
- add baselibs.conf for rpm-32bit to use
-------------------------------------------------------------------
Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com
- disable parallel build, it breaks too often
-------------------------------------------------------------------
Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz
- updated to 2.0.43
* changes too numerous to list
-------------------------------------------------------------------
Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz
- fix assignment of wrong context [bnc#466793]
-------------------------------------------------------------------
Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz
- updated to 2.0.31
* policy module compression (bzip) support from Dan Walsh
* hard link files between tmp/active/previous from Dan Walsh
* add semanage_mls_enabled() interface from Stephen Smalley
-------------------------------------------------------------------
Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz
- updated to 2.0.29
* add USER to lines to homedir_template context file
* add compression support
* allow fcontext and seuser changes without rebuilding the policy
* don't rebuild on fcontext or seuser modifications
* modify genhomedircon to skip %groupname entries
-------------------------------------------------------------------
Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de
- fix debug_packages_requires define
-------------------------------------------------------------------
Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz
- require only version, not release [bnc#429053]
-------------------------------------------------------------------
Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz
- updated to 2.0.27
* Modify genhomedircon to skip %groupname entries.
Ultimately we need to expand them to the list of users to support
per-role homedir labeling when using the %groupname syntax.
- updated to 2.0.26
* Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
Strip any trailing slash before appending /*$.
-------------------------------------------------------------------
Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de
- fix requires for debuginfo package
-------------------------------------------------------------------
Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz
- initial version 2.0.25
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>

305
libsemanage.keyring Normal file
View File

@ -0,0 +1,305 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBE97JQcBEAC/aeBxbuToAJokMiVxtMVFoUMgCbcVQDB21YhMq4i5a/HDzFno
qVPhQjGViGTKXQYR7SnT8CCfC3ggG7hqU0oaWKN3D003V6e/ivTJwMKrQRFqf5/A
vN7ELulXFxEt/ZjYmvTukpW5Li2AU7JBD0aO243Ld9jYdZOZn2zdfA8IpnE9Bmm3
K/LO1Xb2F9ujF9faI5/IlJvdUFk3uiCKTSvM8kGwOmAwBI921Z5x/CYvy5kKEazU
lUxMqECl+Tu2YS6NDhWYNkifAIZ7lsUvGjW3/wfh7AvmAQyt/CxOXu9LL2nGzFhw
CIS4jVIxy5bDswNfHcaMX7B5WEyqTPtjzPAEMiLL4yHJZrHDPd26QHSaqtilVA4K
AeTYbME8iZIdacquFEq02PO9qAM21O48OknCTSolF7z6nBkk6l26W3EL+Gz5I2Et
3S9pab3FMjiiKVavM6UA5D0DQkNxxDn9blDXZyhX4HFrk+NnoETcGYFymPbbijgi
kFC4339/Z1aK31aJLkxiana5mqLthD4jCeg3B8Cp5IurqPr8QEh3FH8ZZhtdx2fX
TXHTmGQF/lXG4tg1eH5cb6wWGU93wD+5mf6czJlUZTY+kdevKtZCQnA0/2ENCOFW
Jdm/oMTUw6ozPd474ctzWKeO78e8yMvZst/Zp3Gq6SD9kcoPgiuMQ+BOkwARAQAB
tCRQZXRyIExhdXRyYmFjaCA8cGxhdXRyYmFAcmVkaGF0LmNvbT6IRgQTEQIABgUC
UGrhaAAKCRDgn+8l2WSErGaNAJ96+VrAVoZPHnycMU37iP/ZTq5oZwCfaDWxlxNS
sQRgd0tvIDLDUY0uSw6IXgQQEQgABgUCT32YIwAKCRD/aJIEAzcfEOK8AP4u7xTn
iIaAvn6H0ql5X5mUeAimPhwP4FUvzkvoBDcY/QD/VPBnW1LoCDe63YboAvbB7BHe
/0yC7rwTQzl6zPmh/iiJARwEEwECAAYFAk+H1m4ACgkQGWJaEyWIEIcxJQf/fRX8
T3fQ5NOhZ6r5AqRMm4wXSWsDk1oDL7Fa2vKcwqiIC4zQoU0Y9+s96GSjFHgP4wpc
f7GHSPZseXp9c4ckIpkuEK2wL+jyPuSSMgmOLEGXBgy6XbWvF5yR7tm3henEcBEn
HjbTwuTO2nM53tmcM/ophq/eK2nErwTKPiDw3aiahNDYNx36wJrSOBGTKySk/F23
R8rQPThdbtvUtmTHDPCsAZKmMBlXOkoFcA1xKZRAMBoiEa9hIqiLBV7Z5oTmVSa8
BolBpOtR38sIjAWh9MtJoFFfx8Q575TC9bfpW3Kc/IRPJE55Myn/8Kbl7YJBU+gO
/v2yjKIT+hRb0MUOEIkBHAQTAQIABgUCT457oQAKCRCUZdkzlNzEiUhHB/9WN9s3
d5V/rjy9e8Ny2xd+5yXfuLpi57YI4mIZi5k6s3vBjFW8fa2jw/dXndhX06oOkmXY
1dSujVWJSMUe4gqnbdVu3IEBiyst5MyYcuOdeVpQ9KvolQMdRCEIXfgFOTXt73Lu
1eUSyEVhXI+Ua6bsmHJqscHatF2NCTyTJOqZDjIePD+c/8eW9XF2Bv6ZOa51M9UF
p85PVH0wn9I3bHhtyVPhxDSGM0TL9OwXNV25CPzI04wUb2vqnVVv67XCfcFMA0iH
nlH1oOHckUUhX+MFOTG6TFHmLIZCJHneeXR7SqdAXGl+EUZyWHRGS2OsdncMEDNy
5hennjRW71qr1C48iQIcBBABAgAGBQJPht1GAAoJEMI9kbsdgkTfgW0QAJ+o/BZI
i2TWU1cTQc4zVi4dcV8wZREXUCi2yQlq3C2MbL2gNRCSN+w9E6daOAf2zTEPZSaV
OuMl9aIF0fSRMuITFVQ6a+cz1UUxGFjFBkzCId5ybgVnkhZTPh7TmgYKQcVsyzBc
SgQb6qpu058s2lfrvLL8kzpZ77w+JdX9za9oSukflLxgKFvnAP2URY0zZo8E5SZv
M40zX98QV3wAXp9RVg3uG27IbWfnNO/6ijCY7ZzS16slEaYyBW4u6AgScoqFpD4f
Urpt1knuZfjHHHmLMTJh5iGL0OEEdLAIuFZH5iKWqRzlTSesX7dn4Jv1McemmLTv
U4hDulesaxBKkPMZFcLDScoQGbQuLXet7xw6gcyU8PREdZkQhFkZJhfVgoG1W6/i
SlKrwY3zmVlIMoZE21skFLtCPi/I6U6sE7V7LJ3iV6lAJ7ZGLeBT3ut6Tna04z58
AiJvPtVvhrSptumGvPo9UxsMaIHEz3b5il0PJkbIvvAniDoOFFFwRRBqGVnWfvL5
hDrQROzO3v6QPTxmLYGgmmIwewV+hqzami3tV48XEa63C+rSn44dJWXCQuA5o5E8
e6YsDy4ncEaUlMewStQHYQSB1z9O/W+xnMQjdmL6GrDWBxuR7bUiLxoN+yFt4pb2
FgkCGdabxV0XefzRRfkSDnqLJussKMTKIARhiQIcBBABAgAGBQJPvJhEAAoJEE4F
9mOnpBuefJMP/iBVurwfmRrt9V1ICdfrn+QWfnGSobNukKSNyp7/m4jYK91i2N5D
grqybsjlEujK78QT8k9sJEeK5ywRqTjZYBlJG179afbJNCkhvSZDTBcm+4z4fHsN
LHZHXY/2shniYaj+sS10btj1WiD0z9cbHvDkipLDYMXbKJhAlew7MeOmF9gHwl+i
qNb/veSfgTYhEm0K5aF+Ilkn4YQZx5IEit50fejTVOG1sB6H+DM9EXcVTXfrXPID
Wxe2YZ6rCeE0vWykdGWm5vdy8BdDxFJis12IVkHnOiE236Iv6rNVZpQmj69hlqXU
Kjn+uggc3mcl5/ySnWeBpgq9/WEhW+x1CyKVVAhcoVYx3jtpTpbyA+vVbb5TjLD6
r45dquJ6juCkfv868xJ7/fA6EZUPwomszABWevczjCjYIzrOXDE8Z2W1Aj4jEMPw
1MZOY1OtEBFhFBoVDKp3VKtW3ixKR6h6Cuk4bihZfJr+/hJ5ccPi+3y++9fcDizM
Hvdrfnkh9vJFcMRHcR8V9blz4GdHdvGF8BNMTpPQArPUarfRebbJxMZgIBnbIEp7
Bp6BOnHc78ToA9NdSdVZMg9BrLxPiJVSIsWztbVQUxj9G+Yi8ooUhBZybk7Qv7bs
8kr5hLFSijUi+3WlyVO561tFs3xWdHcr0+nm5ngovPpmR9+YmDaw5K7viQIcBBMB
CAAGBQJRBnyHAAoJENmwV3vZPpj8yhQP/3HGZds8vZm2jqoQJexDUYW7J2JiVRHE
OxVSK5zW1KASgNvxdxeXfuX8gpfVCZym8cw/N5PSDyw3AhdKcvoE0KcVx+t3S0TP
y4E/FWfMyIbBoc/WQHpWzqw1XfX4IlxPPwEcds51dmeEepdJvTZKieoBh5ZVKUTT
wSO+rQchZGfo0gZ0aq/qJwETGvImNLdkKFEWm+AAnCxU7l/oEoehmcSfv25BHhc8
fC7FFubiF/qJgRs6ETseh3qRPNL29giHK5MVPPkrP9jGUyhlf+NMhixfSdnev5Oy
G6vyJRcmEq+9dWUbKsY7Ydd8S4ikmoTHj+oz2NQ0/QQTto/Nnp8E/terj0PH2Wdm
5JDWN5fEQSk74A0PbGaeMIevcR+BhmuuEJLExCG8mHvDKmTO7fQPjUEc849Ki2Yz
tYtx4daZi6LRa6r1faGibmOrXVfAAIS2Y2I/+h1eMXSi98rR3yWP+SK+CtcBl038
40lqlVIuRExLvVLp6Wf66tH0d+zAR8zsg+3RxHA3Wg0iFeYrXj5cFa+/C9qV+7Eb
ZR/EPwrQlczABGWkaVXyVem7MNXwRyu8uKkqmqJBZol6vriRpBvyocS1Pr4k2gaT
KaiGt95VqDEqY/MNZHi/Vr2WBnBjUVNEc1U8zQ/wtaU32rQKthymgHCSFMxXVgnU
4FKuQz0gza+yiQI4BBMBAgAiBQJPeyUHAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIe
AQIXgAAKCRBjqK1LmCxDc8tTD/9nOHx/Hl1m6qKLf7yxPoSdeJNJXmDkIVUqOJTZ
cUZWyjXeTEEl/0I5EICTRAmwdyzNCsRP88FTmfrpr5sS8TbJDsY7mxOjc6Be0pvc
naKo8M3pyKUfQVbYO9Zn4wTqCzza7Le7R0ROW7Up55zkvXXbf8vSTiL0KZI7QUyN
k31XKdm+A6JoO4uKlP4Se4buOeaAIuqzz5K9KXBogyk6ouOpe/vaK7I/TMbNV05q
0zDAf3lejwlOxaOFiTV0vEl3d7BFcV76cmI1E05w7nsI09avDS+2p67HJEtelmEl
Ris0YarT9VbnbdRfw+XFilakKb0Jf11v7kEtiLIBFrG0ZiABGSFDsuE57hePeAvw
PtQWyQXVK+DZfczx9m46yXqmJE7LxkK9YnIDuKVIOaAuOeobZKgsQrj0aqqxgwGQ
ceeE5XYD8LwqN9fmj0CZTpVryLlg/3XqadA3t6EyvRQ5x4d7MBNL8p+B7fevrzPi
jZw2ICdRRGsNXn2HjxQAqG7xAaNmaS25w8qgE+DM3x6R0m8M1DpOdmTp5Jfyq1CD
sYV7X+HcUUuie9Ec2/h1kt62Py4GjDuUNASX275J4LiphPHTvI8dKU5VREfbo6qf
m1T15hTIWtY/L8hoSd3iyWWkS5N44H0Y4lFG+JTafoV6bwcCGHhVpeZBVSoNmj8s
IJ5xVokCHAQSAQgABgUCWWMlagAKCRAyfirUINN1OOtFD/4jW0ZMGigpruCnvY0n
r47rA12X6dJ6+KIBE+XBQxuaQRjM5u44geksDwrqZ0nXrNvsa4SVwAhKVOrgMJVd
zvUa1m2yeNCFHOTjln6QGjZ5f3a6aj6n/X5tlPptdklUr9ucEwXVd5fFMpWAiwaq
Zt38I2u0Pi+/qHDt0kLyRSukmRPzRuS/kO1ugGO4aoO+sanVDl2Pq6LIwubL1Unk
2HUerg8VCAyQrxYtZtHccoyhmBTlAb+EmZnUVbQZ3Uy3eA89OuNTBhJWCk8vqROF
m257MiH6gvG/V8CTrJfzlpE+s9E6kxXhXpQWZUwtwWObq7vrJVkJhRwBsO9N2erx
e+biBauFErYQPw3bg6xL1BJLxDWnKUlMWs5o+h7lyjp+1B/gbnnlrUIlpW8IKVZR
HwRUPGRN07SbbEO1lDk5uJDMk+r2KrOUNVYCEp794P014xodkLvB8X7ml6tcABE4
V9d4uVDX3SsktOLMvtWgnL6xWMoBYiVOXi3Rsm8vESBOb8JFQL/ItciUyAioM4Zj
q5eqotVq90HMBO9kqcjCYsYEs6RACRmyE+TNmzGoucIPTwPEi5Ib4gj+LG6iPOBp
rk5DSjD7F0/wnQPoq8PYHIufb4+PgOXKf/ROQXDRLeD6eZBtPcDUJOgW19m7QcXZ
8fvo6B91COe9jTF/H/i3A7NjR7kCDQRPeyUHARAAqWwarw5fCeuYxIT4zlnM3A1Q
flnxuxgRwe0+kcUjRSGocpg6s8e982Q+p+DZ2aIDwz6KWHUSeeruQHxdGw2ZYHm5
fPlRIDxxqGsu+Bn+pNAfnKRJKeT2lkBxxKlyDaLVYNvYU7H9btLG/so4HHPvVh8N
zLaQobIJPEXOTfF769RSXC/scp0r1AnCyMH4Lyx2DzwWBiEab8+HpP84B72hn7Q3
58jMKzG4IvJGna0m+z0IHHlnky+wkDdQfPEzyRairf0MTHV2j8vgq9z+F1cuVd/0
BFRVIs67QgqiYMRzAHgj+UMcGBFpgNs8VMxgP7f0FAxW3HCrdgXaXSgRbRy5YhPs
p/RR8PfCWso4QCccXgpK6TBA/TdmhhyNauOLG5niykPBLiGwmpn6u36i14JBMvI4
Ir79ifWH13o44xKGxi5LLCZcWqvSXkIBRFZen9IydD4JGD3ddUcU3FS8uEQeNe3M
XPSx3KCnQLXIAU3GVzz2Di/njPUu607xU52vSHReG25yRTYxwzIW//V6JscQbHpK
U1FxJtgxqE6Ttlv48FnGWC1a3YYpJJBfG/PBHVpPeH1E3BQPdCPgodGG0vFxjP1i
JJazBmtCaQODkFuaDISg54KgHFe4MUWLespQT1YfePwCDM/vsJn6gcRExT/BzIE1
RAKSwS48K7vQf+JUUrcAEQEAAYkCHwQYAQIACQUCT3slBwIbDAAKCRBjqK1LmCxD
c3oLEAC+jboRrs0H9hhC3DuSfPwVtshfbMR1gy68ND57avA9+ZIBn2SwedrTdwyO
DcC9LxPd9W1wu6L4uJBz0rGs7/lj1HJGHye6rJFlQ9cg7R7AA3bsLnSaQH5X2eFS
LzCaiexVMORcvXp58PyHaR+ywvrm5+l0+iofaCr1ZqfgUBDrHYrI1cPOPE4YpPoE
tPFrwIyvZvoO/vhRcCstPOYl7rqmab4veHlNUD788c80Wc+jOIEGs/qQqv+cn+iP
h7vBvuZ6tn6BTfhuxUZMeyiZid0gBLBtzNt1fTCljjePWW4U3ucVvtWrf0yiqDRs
zSGLNO4wKUdvxOCee8jFo87AKoO+4Uw0YldI4R5dAycN0RxYt8/kqyvuonupq6vF
hD4+tqvanTPHRbPsuV91E8dJ8ZcuxozscYYvjbfNzwBtsFRaapoVS7sj567r8c8q
1RXPA78eOg4igs7eDzyv2Po51SEOya9iZtmQqc2WU+UDSbg6eOpih5TQZL0st6t/
qTOnDPLykrghXffncN3V/xqbS3mzKzzry1Q5eAZvYUphu6y6ScvFPDbPKWEktc2s
RzPCqjGj7kv2ZcdUkSI/xGn3n5x3eXyJZrB/QtjuX29fEhY5g9eBQi3FUxu28Id2
X2xqPbDiUkoT8aaT1tjqE48HwDZo9XEoP1Ra9XeBwBHPN4xYLrkCDQRaJtJKARAA
yFAHZDfb0VKjM+TtXp1gE76MMEyvWMda80wJH/YOTBd8MAoreFpJZKqvnX/C5r2y
QVF7NC9z0+GC84gmLWOzFF/E2gzzZrY6lgl2PXoUblFVD8CmiOLLA2+nVg8luarg
N9dK5QDqr456mGwUuvHZw9ifINBojqaupMF5wRPhx1BNkrScopQ+PdTZsj3rNMEh
grwqvsYwpebxHV5XxuS3AdMfIOMjuE3kSNlWJiplgNDeO3a8LUCPpekXDkrtK/p/
SX3XPKN9y7ouWx+jzG1GECWW5vwQG47qWMnm5aoOCOpM6QNdwgBSSFQKDzO3B5HX
nOAlBD86fRcNwcu3KLvO5B3E1opgqQPehE5Opx75hs03eqc/htXSprQkuVM6sT/T
/OaJ/tDXNg6J1yYyAZ4XoamkZCSTFjiBIp63yQPyHgBlcaWkW7h72y57UQ0NGaBZ
qpLMha50xFnfPT+z0QY02JbrSfAnU0GjJJ5ASafAzMAded5Ez2lEZDVLf8Iq22r/
R5YQfdj9N33GLgM29Ndy+Am5RTChyVY/Y8I+DfMT4RDWr8q3ahitPw1x6Yz0Q7xu
03Mn9jXBIMsUAU2KQfBiNMzzqNah4aFIzd8P0cmN+qgHjWAMq80hWWFBq+F7p1/j
4CgKj+YaiwtgA8Vocd2Saqd5PRjQGdNEhL3Itw7wIFUAEQEAAYkEbAQYAQgAIBYh
BOhTwYSLAYXPQoZN82OorUuYLENzBQJaJtJKAhsCAkAJEGOorUuYLENzwXQgBBkB
CAAdFiEE1qW2HJpVNBaCkttnviIJHj72InUFAlom0koACgkQviIJHj72InUPYA//
VUwLwo6bM9jKIVj7XEe7au+yIHR/zQYfWNfANIz8gq+wfVrEIPSExXmxKLnZ6kKi
/ftzNKVHcylCOjTErfbAkH3boCBvMlhk7jyq6UNRdSE9Yn1vGLIhzEj/coSyljVE
yha/wB9gD+pKZrVxJ1PggyhIYnM+HdHKtSl4U/lBPTagZrlO5JA+InDL9v275FU6
LVJKrMcwl0rNl6EZrKzrk92MLxe1/iKl1hEGvqYjJQhI4H4UGRjYy20XM0NQF0Os
56nKNK1AtnW9RedgoiJJEdejddNb9bx+HvajbrN4NtBwAvLBAxmqfC2tmW7ModnE
XTvCEqZe/D2lQddfqFskO+YZUzGcH8XqCs82L9X4G/vmwo50iaCckFSnUnPvbzxI
9s1DCuoUpXZkPd/Q8WaiUWMLP85z5RST6zB+exPelXosKVNOGw4fxaUoljFkud5f
vke5XHgKZP6q/oaUVC6LGNwfQu2xttKMDHsnYtE1W18j7YN8xwiLwonF7r0wAoaq
rEPIM9JZ4WuzQwebIPr/qb4ZOi+BRPmM5ltHoZUp6VbTnhuZvLTNB69adGJ4A1V4
WgWyfByUmeoohHNCIah3WnVvweFILDic545BKJ9o5/fNycWFjIHIMw62Xf8Coagu
n/rW7cGT2H4E/hU9HdFRbNyCCObEkzQysvONpJdJ52PO5BAAir2DfkUamdoHx38S
O58QPVNVI6S80r+on50PhfN/lG+dumuh8yfN8TLLyMnVWpzdBlBTcgNC39SfZnLB
fQ5ugoYAif+DJ/B2SmfEnSMmjFEG4ymU2l80HD6h7ScW6jM72J0WjMoz5JagTTnX
+O8YenUWoQ8ucAAZ5JtYHQtGUCycyNzm7r5Iod4UZEpiDtTSw7tkptUhPhmZGexA
sNqQfBsCB9whqSH1aGPQ67mvvwKz4NwzdcB21nTh3zWNXlOy95Hz8Kfjvdzp288h
+cDY/i4KVMJoIO/6NcbZ/1oUi4mFgI75N1izuqMCxdaeAlR5tEWIdt9K5gPD3b96
ot0oPUeh9/gydblg60OmnoSx0IO4g15G1S2eJ3Da8g97Nf7F2bJxcir0Vv4a8qsg
Owq7RU7wc5tW+Itr9ETXV2wQdiWtquPiarNLYyG+ZTv0FrOD2sMMHhZWznTafe4l
p/pKh3/6R7Vzd9/sBQ+jHaemMf9tWaRkmw6rkSpy+UfebYVlQdIVZL/JNHWs+4mg
cEwdVzg4+VO5KpPeqYova9u8PWXcPjMdmzWlpEt11heJp7Hio9T/Rik/rVdTTvQy
YUZgTxnjdNsw8e7/otgGnD2nlWPdVnCfZ502XgsbH7TmEgAHMzbcjsmhDji4+hNu
iGZhcX8NQYnqHYth2nzUBUKVIVa5Ag0EWibZHQEQAL2TUrLoAh72w8/GuCytdF7R
3Jhyge5/N5TeMWyyXf5LhxG69gLN1l9F92N8drif4LFNo53vGR5/AmAalpH0olu7
x2oebrUYiJLllswJFTwUBbqiFV4OoTAWs8DNmO07jU5Ol5cKs+7kfkBOD+QOdpvO
UPYfwlYCqvQNhFGEW0lSKFdR7L3MrTfBKNSLkTX5gdQL986ltL6aw033jkJ5A0E3
guNqn1DXzcWSHRabhDwLQ5LVY3xrRe2pIAtEIYBn4RXpSuZBU/08ILj8nSGgpA+/
Zt+kECytQYA7cWezDvzTiLZNjs7ckDyAYNhfp/A5UkxRd0PsVfsszY+kRKoB0+uO
qY+odPxw9+rbsZiCoe/c3iE/1GO33DGYdgVslPRgIfDZkyIA79Vy+82aIavn3RkW
JARvUwk3Wv6HlQMTUK0XqdOJ6KtJeL2gyKUeWjY1jmcAi2/9P08qThf6RofdSiJw
zGuRPfi0AIbDGLhUhFhYv5mq7ET5vBeoC9sYnSnddvJERREJo73on/bD3nUS9kSu
kVFC7jPMKWagyI1vCRDxB16xJqqMyKuUfIUjxP0Fmtds9rN1U1TB/JEsWKXWr+SB
eNd4kOiN7vdSLIaGqGVU6URu6cbMLAQHOu1B09MN4VCvjvr/il7S/i6B01iQv+Bj
wjOh2fjt3VcfrwC5FKvPABEBAAGJAjYEGAEKACAWIQToU8GEiwGFz0KGTfNjqK1L
mCxDcwUCWibZHQIbIAAKCRBjqK1LmCxDc9BID/wJkZPFANsPaguQZvq3IQIizkDV
Gx/An1qPRH8e4Q7f2SLzIzzx/CLwXkB/M1yZjCnSvHJgMNgzSK05tK8D1YEHxgVn
Y8pPVgevBPNZud76ymZBgNF0W37QrHQku+C/tJi9DWM10JrOLEfVIAz075OfmgXJ
tUeNFq9axBgenUK9djmQ4c4QMeHPfukbAW/JXIV1JhLk9ZPT7RdT+DpSrYd4UK6u
FQa4NcnpYDoim+a7S9uLwanJ6JYJGgbvqypsF9Dt13SgMxQeK17BYaos/UqKiR72
G7mn0JuSNjAZmMlZkRXpYfE6YgJ8VwFE94gnI7wp9r+9UF9BmP1+GqzewdJ8AYh0
ogHe1fSoqExF279CgzXhhDXIrzQlNRQ5ysosO3pAmKcXVRD85xhCoYEJdpGTU4oY
W66KPXpC52dfnr5phs0+W1/twuzU7tqh1BxHGYxKDFIT/ZyS2E9gGxc9a4MxhkJv
d7okxax2cIjuI+mg8UAmYh3tJYl5tdnGe2hfpjBntPHnz9AwsSrEx8QTFBMAWDz+
jC/EIbXYpqFqsuvgakvHRpTf1AQl6cbUuoYvCJCH1XGx6PD4yR5tkkTrOGztcGl6
et3lz04U61v8ajHBqX/pRfPtrraNnvAM2knD3E58Lf95f/nr7p0tV59EWP8s4i72
t4zhuhOJjZ2YaPVALQ==
=UVQc
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFMyh7gBEADHbVdNWxivgqISiinIAE7gOl9vFemvnqfzn7hdfw2y02hUzojd
0HzEJsyqxGBYHpdNYoiLbCYNubMDA/Xd0Att2D7fIAuNFo3gnKEm27xLSzjC02bk
h2Pxp9d92dxPXsk+zDvY74Vwem74Yon824ESurH4gTK/HsiX2Y+7+5z3Ep07xC7p
IA0RzD3zlKhfT9dpS0QR2LP1utFcT40eEjSZY8QK3iKapNtyvIrpKpkWx0tZTWwX
+F8IoL9MzJBi5L/pS8fyUOkyBVIwdRXLNuX+sle+llH7i+6DWsWHEphiZ3ObiXDm
iXKBu/I0useEE4K7TmOLqqeEZl+CTU6YWJLPpD38pq+p64TlAcT7rZSmRUr7zY0a
X1gsXqm7e95Txm6UYy3Xth1jmZ0PuHjCBIvy8foxZVKGsR34ntAYcZzZhDca+J2S
WyL/YcQbSFhad1N1ZpCXj4eYGQIg57b1OLrabopdSQ73s8uGdS12aNQKcehkAvKs
Pab45Qxk7PWGNXuvHGYFCvedl8Gh/MUy3UqlXE58GBob9ldB+7eaO5VgR0GydSFO
cbRDDpXBdWbsq4u0BDT3uB4FZTqYC3i83NFdCSppxG6aXDl4Hux+Fq7FcjFV7scw
e/ndpnLMzj0oSyOmq6GZfvbZKRbyPztYxrEIoDw1mgvJQhm2AnfnhoOWVwARAQAB
tCJKYXNvbiBaYW1hbiA8amFzb256YW1hbkBnbWFpbC5jb20+iQJXBBMBCABBAhsD
Ah4BAheABQsJCAcDBRUKCQgLBRYCAwEAAhkBFiEEYxkc6UGDCYaJyrjbfvE37JNb
Dq8FAl1mIt8FCQw1xCcACgkQfvE37JNbDq8mKA/7BnUyy3K0nEboJfXKP7mbI7vH
hnDYP9ojwi6Lv7BJLOGNVmHDrZa9HA8uzH7AZIIf1XLOWd+bABqHETETElckXK+x
gtE9GUQO0DQRVH2gCyJUaLtYgK/VD2GRXLlFRUA81XLmU0pNZVIRL6u5P1RbHjdd
G01NgzH2sDKtmAtIashj25YD5m2RukTDfGYDMujjxR2bBRp8QnNiDHp93pYmF6oR
iElJKrUOhBS7Mw2Cuy7GhcvPmFsUY7o/Kq+4bu9DzZOMrPTmVQMF//PV5JChWCou
Aqv1Qybrt5I4/OzOVX+9bID7xowueMbTlak/1yqmgGNmFA5jN5XDuwZxoOX7F/m2
ITJPRADEvZZLNF0kdj4zcLvk+/C8ofwcPcltO9SmDYwi3aKuMifVHqQnaG+Tu4qI
okSA+Vngamvy0BFBLjjZ1DZhRBS4GELzprzQ4brBqmdFnwtGnc3GOHK5Q8teZeRW
SbCh1u7CNBNXIdnTX5VlGonxjAO27ISDP7oaQyiJetnMy2W2qEG1DIDnLJtlPwDR
+UFO5kBHdJSnuTnCl20XUADeH0tx4jHAAYcIyx0tvJCuOWylMG8yVadxS73IA6a9
GA+fOku9XBh4eP5vIoMRfuVwDDu2y2n5J68OCfshs3JllGImrWUzR8hpZmjXmpAZ
VjN4Ft83ZEvUEntlI620NUphc29uIFphbWFuIChHZW50b28gRGV2ZWxvcGVyKSA8
cGVyZmluaW9uQGdlbnRvby5vcmc+iQJUBBMBCAA+AhsDBQsJCAcDBRUKCQgLBRYD
AgEAAh4BAheAFiEEYxkc6UGDCYaJyrjbfvE37JNbDq8FAl1mIucFCQw1xCcACgkQ
fvE37JNbDq8dtA//cUEBx8rIvXyO14TcUu5o3Cc2DRhFxLwVIPOnw6cfZYhRrIKr
2wegsllvV4vJ+KJoIBvlw83VAunHt07N2+hF72LM6qPWkX055gY5PkFSGPBpybZk
oevE9rI+8p7aOqu0Qns4O3juDMava+nSnHjmZCJO7wnjrkGC57eBwI7Z3H32EFIU
b+IvOivBFA6iSeXkmEg1ub3iaA2vXdKOGDfoxrEjSJWt04q8VDUmtscKRkRrc1AX
XToVzcSd4w8C6j4tlOk8DbCLfyf8M3cDeETzyD6ICYWkSN1OxYFopNvsty2L9xQ2
oTCp/1CjJTO2mxOY7K75vLr8MNYnVrYPzCruazt0YetOY74raTMFhnA6mQapcM+c
L0DKylIOHra/jSj7WQCy/xujMWZKDg8LfcfTuknSFPXVL6s95TYwBayRkVhFs73c
Z5Tpk4dAxSLZI040uExlFmzqwaMRoAhLJShhe/QRGu5rBnjtaKRYl08Hnb2gLc+0
LH1gsGIvrsB89coa4y5Grues0mw9Bbk5tjGJHWlSgGG6NPds/L2RWCsXgkb4qn6p
Prsq6dyA8qp7O4LiZkzvKpFxmpO3ggIeIh17N21piUs9awnFySLR68gv0E6OnLdL
s2fpRYclaw2DxS4WHloWfW2MoV/b4K+GzovlVGAi19gwzBVk1uHneB504eW0IUph
c29uIFphbWFuIDxqYXNvbkBwZXJmaW5pb24uY29tPokCVAQTAQgAPgIbAwIeAQIX
gAULCQgHAwUVCgkICwUWAgMBABYhBGMZHOlBgwmGicq4237xN+yTWw6vBQJdZiLm
BQkMNcQnAAoJEH7xN+yTWw6vzScQAMABgqR/v0b/Cj/qhUGhW5ReUoqDGkPTWqT/
ZJHoEtG21v8zmFaGJSw0hGzR8LBKPUcBIgcoe4ahPoNkD8ThvY/FgNV/VbjPmbwM
QqCEy8J3ZR3Tgrv03SGhW4BbWPkLwKEsXQc6hhvJxUMo35ORwUX549DrKb4/jSZs
6El3ONkeyeShnrc8dtKZeL+w4p01WbZ13Z4cwhM9bEsyMDVSv64y8QQZXeK8V0lK
jMbLNywf39AjjHKAo4o09hL75/BC8XW9Eqi5IKGRD8uWdvBB7o+xaAVY5WBMLQqL
GEaXvcc4r7tod17At0E59OfBQyJpp5vfEZXPzmkjC97iIXfUzhdqfuuEBfkfoZc9
aqBo0chedltXatlwHbr1BZ2zP/LtIPH0+G8/t/iP/KoKWMUXzqPOQmK9XP9ryDvN
HCMogbDMAOYzbGAvY9+eDwW1Oc++eMRrRmbPxY5jRShYMYxzAG3iYEUST62Pxxu4
tNzYdKc1t0JZHx1S+9jVTpplGuUnRbcLbrwaoqVxmikCdSHbZ3Q75NizFr4zC2n8
VXj7WNHiCVh4E2hD/aXINbyFHfaukojVVSe2NjSHaCQx64CJbFKeaks25f4+m9GR
ZPTceAlYub9A6lcVlyugdAI0flQCnjz3gOye9CoIWjloOzfH7RXpKol7BrnBISme
L9kh6fIduQINBFzabgEBEADm+3+ZRXtW1Y7KB0QO3iG6tXG0acc95bh2rO6djhP8
xV4vV6a6hI691SQorLxKCjpZSzshczJlmMZ3SRuMh7VSefc7w59ElBLoWDhuEKs5
c3gtxAmzxICWNo/IJnnb5h1s3hG8kmPzKdaskdbAttQq4YGk2GAYS9LvmKLPwAu/
iSaGfAr7RJPSQxvW2i2y1OdhF4ibuVJT1TGa8z1IsU8rf5Ybx1AdkjPnazoE16+j
rs763tnSzT3kpJeymMppkHMJIkO7u7D4bDR+qi10EsfF0inzmhimH5k/ng87+qi6
UwryvUorJPSbjRLq/n07y2LDwkdOrW3XsLyU7RAfgZ4FUfvpUqkLZqB+GmgVccsy
2bC/T7JMSPZsIlk/KysIl3kK2wg7oNRKJqtMTPhpzEiIGaEjJNa1S7c8jswSL97y
/S/ok8iYaluHTSTHMJrdzriSP0irWzC8MJJNcUZgsP2NGWfjc9l0VlMqOdyW1mtf
PXY+uONeAlM8x5KwMJ/r4nsixodozkI7BOx16F59fjMfc9ywZH3o/rNOoG/+P9rS
ABO6p/zg0e8uNyAE2KobjAfvWxYLoaT6ngYbXGgC4E6DKjnxI3n0EEMjdfALzcmK
+SNiYtxtUQ4g3rFcOxt8U43ObZO85yuTI8TCQT+03/vLzzMOTTAfwn3Slu8ORsVq
tQARAQABiQI8BBgBCAAmAhsgFiEEYxkc6UGDCYaJyrjbfvE37JNbDq8FAl1mIxUF
CQKN3hQACgkQfvE37JNbDq/P6BAAlt4eEQcxin9m5eayHEvnSgjYk99FT1asgfqD
z8d6qVBTKsFxNXvm19Ps294bD2oO02hzScyVlY28dKH38MkGOmslxkMB7yO/6vAh
/d1IixZNz+dQeWtb7XmNySj4/AVH8ODRK2gs0rVrcAH5gsjWlgBFzywmdODFE5iQ
VH8OJ6msT00gvkkvKaKU2K0q7A3DOGTy9Lzk8A3co39JzzR8E44kgJzLC1JASuoL
1LaIe5Fg8VMkDpr5Uchzi2NnaXtuaNNerappRf9Jrga54vQDdAmW02NCcea4Oj4O
zKpC0bOU6N50HsmeQjKEk0sgJrIKdg65k8rlrF2uQl0wBsy9EyWgJgL0rPYOceD6
d6yEfy9i3G8fPvzCIoBUntZHGGpHDx8ZpYjP2qhg6Vj/ultHfQBk+A7D4V+NU2qy
4+RSTMyIJjUAAgX4WWlxipuy1mRnfJGf/ZuLBAOVST2Igtk4E6cKNagCv3vJEfJi
aak8TQhi/Z9hFsHpN+RhEldqaPOd4yym2iKnoYX98wJsryrsZc2tHIwGQXi+lkNe
cLJYokWXbKnLdlfwkWrziTFAAekIBdQ2HrhXFq9EdfIWgv4PHA+goPXDjIzyhFD2
5D5NX3YxUGfMWzWyxfg36hJAjbyv/wcdPDJVaYGxSK2Dap4KZOGA+L0lE0mLZN+T
28FSbHO5Ag0EVCGdywEQAMzu5hN79Cwleh7TvQueT6WjsajCVZ8wm4JfZ+D/uCmu
V3z9TKIzJ9TyZ1qAhCGetXUvocq6ZCq18Zii/qBDmfN3e7RvcNrcRNuR51frgPIt
HGHFnjsW2vaVnIARJyHOtKYW5u7m2tUa9JMHFpzRqwNiu2nFw/LZhfO+DeAjAMd5
1mdJSCuWww7l+xZWQPha1pyxS6BQCB8qC4BOTdW2EkBSIUAaucHX3iaiGQINXuFG
OUVcsPhtcsmmDzqD8JuxuGfzit8LZ4qauh+CeKsACt0fRWjGsSO+veihOaSUxv6N
6jwvOO1oCZzA5lI2zN4QQQs9JPmSt+W+ePBUeCFOCT5lELu4+P4WWc9el6LhHj/O
fsMongI6jvpGWnirzmw9joLKWMaam8MT2S1c9nmYtNramI1lzeJWYU3VFgJpc5DZ
klb6IROb0oEgmbUSIZwap/MB/G9N216mr3V15AKEnt4vqu6ol0CKB3jrMafGCDrH
UIoOd8FCwK1VBRWsnjKLXa+mgGCaWSPau6hcvOuV2/Zq6s77iaQQ82+0qkdno6l9
nhdmZsLxnZuGOUfwtn1PFdjQ4/3/mgL0KxloqSwdMHpgancOMT+tJnebOCGg/iFC
yXSSNm8zek/lREGevH+3AUIKTY3JhfdvG7qo3zW7u+C0QlFnrj/pUSFs6JMW3hMB
ABEBAAGJBFsEGAEIACYCGwIWIQRjGRzpQYMJhonKuNt+8Tfsk1sOrwUCXWYjCQUJ
C0auPgIpwV0gBBkBAgAGBQJUIZ3LAAoJECu+2csaaO9VpE8P/2FSNpVsqHNxejzF
JYRjpbsOOhIUj/wovCTz9q7nvbGxd2Tq4Cs91aXPmjhZhO/9q+RySCDFKsmmxx54
nyC6nZaxN4XAvxi5CVNKYdSq+WfuVuex2czF4l9irFYZsrAxxBdQeE47zJNKDEKL
kMnonGBxeJ3NBJWB7HOSsiz4LARfYLohOAqAd500ek8tAHpDLopsD6YQxZv+zgD2
SzqaQYLtL996OE47+WnZpFVdmnj7JFCfJbDi7w+dhlf/+HPf+r78TQPpl1btlfeE
kSyQr50XRLw6ctJGA62Co7eHVIMDvsidTUo2yMdUQjd9huepSoIq0spPF5yX79xK
6KdnjpkPvmgN3XqJUQVd+JlIEGisMmn01Bz5OeJl0OkWO5aIIJ93pisU7sJJhMw7
YsZCovzguqFXNnI/nus9SNRtrvMTItiDkOocrPfEff8IpJ/956iZPH3bIaez53gi
XSEvaZXbVhyVYlbVW2Wgwkm/64K4G5+9cUguTomIGcDovXuEHSg0n3QnZ2FFjfsv
VwQ38G3abEErF7APDx36WUJ3GbA2FFr0xqmHN1YQpObIcepWwkXQUCC7CHLQWRcl
CnYvSgtX/pFJ3qt+rrL0vMhosBGGIUJORadPjABPugG5Nf/WV64pBZHOq9A5dZKM
OJg2vpgqVi3YlNHG66oE1oSupFVzCRB+8Tfsk1sOr/zyD/9rLFX27Blv1D8DjqV6
P9IzWR/YDC4AhYG+fdllq4+N/XO2gG8bYHlbh+rd5KHrCn/t3OYg1xOAqdO8lCqP
1jhkjbOdw2aIsL8pdh7/zZEwPXFCJREWWa30a4IqfvQG2f+kiPBYOtMFy5dmZj6j
N4mD75jbU6Nfhlb2UX7L0T0wLUtOOQhrlqBfXNKASbDAOn5zrvtz0tjRMcE7xPsF
o9/3x+/xElkLkJnUzF1LH/n6T24ZseBqB6WNCPi9nqWbx1AGTK9jeWDjQJ1/Nvj+
YX6PPOfwpZquKvLi6ZiS5nR1wssz9iv93iL78o90Hd/z0wM9Dimi5njwEyl3Eocf
ZbpATMt8zWVDNxmrkYT33PRYy9V7G/O8aJnTkuSTOglo7akHMlJEhYfDLrmZtQnM
X2H5A/vO1JkJntC6kG7mIKn2q2U8CSYwfMqdscYDEHXaKTSPj225S6Xskw9nSuj8
HcboihKRosViuoX5NLF2Wu/hXryd0grv0WgHjpuqClQbMlmsd1mcVThzh84KLSlu
QgkabK3rbvDviEOOQ7fxfTj1MR3FzfYovY4TVrO8fjTAk5Rj4f/nlcgiiaCpQlFl
wTwcxDBL1s6MXv7aoAzyqpTBQ6vSFXWK5Ur+7roEkTAUEj8akgmxC9JzJqComHrw
vebSMV7XavdmfCvUXszFeQ/jNbkCDQRTMoe4ARAAz6Zr1rgM2fwNSuaOM9jmYRkU
GM6km1DIDLl/PiFJ/54jGn46pX5nQE+oiZ7Dr4hFIfxn8eEwlQVFGo0lzcNn5JP1
RGJFdAfLamTmaKrXl1cWayOtTvouuKfFEXH+BC/pPyy87tNiCki0NkzN59j8Plcc
ZZ0LRZWsyhLSQcBQh5xkei9Zvaen+nPTLSg6eIF1hFLoSa8lPZqBX8D2OMJxutKV
umhlO1DPzRX/mIpo0LwiYYu8/CX3ptaBMrrlnk7rZHIVk0vDjB0eVg2DEt+vEU3k
5FQkV/1RYgSlBA0kP8tgKBrve1I4KUorJLAZmX5i0BRrzAqpL1DWdhR+9IpYRKae
a6PYjBMghkWRw7st0XVB7x/boZE6eKswaxywGoc0kw3luR1RpF3Gg95N+2hfHixQ
1OhoPeqzQ+3AHlkr/vbhjtakkiPqLfuk+Ux9B6MISIeuWF/EKtyurWyDMTryKOgg
tj7YuTMtaDV7r8gLbOlMPpGGjBiBh566GR1SKDAUNGlGzp1dKOhWXVqaMwFt9Mja
y8ESH6hEJreQx2Q6R6XgXzWysQqM0RBMXh8p8yEV6mr3Ma8lNJM45tmOTfrazlrm
9PM1kzV646J72mxXr6qr4Q1cvr+xJQdvbXOocdYMmW/R+f1tPcvnlRkMyB7wzEtS
OGi9G6ErhhvNUSoZtlUAEQEAAYkCPAQYAQgAJgIbDBYhBGMZHOlBgwmGicq4237x
N+yTWw6vBQJdZiL4BQkMNcRAAAoJEH7xN+yTWw6vfCkQAIxkDpI+rVDrstPN+uoe
pfnaOlYCBVrzITIG+HYAeGj1nuZHMeg2AztVoeJ9FWq9z2xVuo4GIFyfFggZMEVS
Dyjgjojq0d8jEmOaUKFNnPMAAErGJEVHmQSAbp67lkwtcHZkkWgXKQ9FLx6z17U0
66H4svf/RTNiAxqgFu5UdLgfxULbnvoqI6+rWYggVWdlbm2dmoUwLRJsQrI6GMBS
jL6nWwu8tAQBk9Vzo1nj0l5M5i0R/PhbcsnUynlWxBVCGNxnMYydNbjpzNC2qnSy
ibyx0exiJM5HjYlDy82yr4LI9iN28wKmSxTOvCHN+QaQZ5adlDquhGwFm8TRRsm1
FDsVcmrjPTcGUsKfIAOyeiSHZO2tMU/CTvEYRNw09geVeOvIwNSXS8oblC1b3P1j
UP67CKVAYBnBFx7bMujlGyNJY8jGNEEBrDqxfYEAIEhyKNd0tWc86B1tqz/ArRvc
XfPof/cQcFVHpfpJ/NS+b4KrRvJHzV884N709JmrFZVVAR/2I/GmZ0wdCmBoZtH8
+IpwyMey0HIfa5dOtZw6jAAB5mkCBEs/P7VPrwzTpXcPBKFfj1R/iqpT7YvNk8Gh
l4xDVhZI8IpQ7j1RtJoULvAwmH0z/M5kS2N0ADxEo3mPgm1CaFudP4JijV3HX7Rx
IuOUseqwzF197kqA16in1P25
=f80i
-----END PGP PUBLIC KEY BLOCK-----

156
libsemanage.spec Normal file
View File

@ -0,0 +1,156 @@
#
# spec file for package libsemanage
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define soversion 2
%define libname libsemanage%{soversion}
Name: libsemanage
Version: 3.5
Release: 0
Summary: SELinux policy management library
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
URL: https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
Source2: libsemanage.keyring
Source3: baselibs.conf
Source4: semanage.conf
# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards
# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux
#Patch0: libsemanage-update-map-file.patch
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: fdupes
BuildRequires: flex
BuildRequires: libbz2-devel
BuildRequires: libselinux-devel
BuildRequires: libsepol-devel
BuildRequires: pkgconfig
%description
libsemanage is the policy management library. Using libsepol and
libselinux to interact with the SELinux system, it also calls helper
programs for loading policy and for checking whether the
file_contexts configuration is valid.
%package -n %{libname}
Summary: SELinux policy management library
Group: System/Libraries
Suggests: %{name}-migrate-store
Requires: %{name}-conf >= %{version}
%description -n %{libname}
libsemanage is the policy management library. Using libsepol and
libselinux to interact with the SELinux system, it also calls helper
programs for loading policy and for checking whether the
file_contexts configuration is valid.
(Security-enhanced Linux is a feature of the kernel and some
utilities that implement mandatory access control policies, such as
Type Enforcement, Role-based Access Control and Multi-Level
Security.)
%package conf
Summary: Configuration for the SELinux policy management library
# before 3.1 the config file wasn't separated, so no parallel install is possible
Group: System/Libraries
Conflicts: %{name}1 <= 3.1
%description conf
Configuration file for libsemanage. Moved to a separate package to allow
parallel installation
%package devel
Summary: Header files and libraries for SELinux's policy management libary
Group: Development/Libraries/C and C++
Requires: %{libname} = %{version}
%description devel
The libsemanage-devel package contains the libraries and header files
needed for developing applications that manipulate SELinux policies.
%package devel-static
Summary: Static archives for SELinux's policy management library
Group: Development/Libraries/C and C++
Requires: libsemanage-devel
%description devel-static
The libsemanage-devel-static package contains the static libraries
needed for developing applications that manipulate binary policies.
%package migrate-store
Summary: SELinux Policy Store Migration
Group: Productivity/Security
%description migrate-store
In version 2.4 of libsemanage, libsepol, and policycoreutils, the policy
module store was moved from /etc/selinux/<store>/modules/ to
/var/lib/selinux/<store>/. Once the libraries are upgraded, all policy
stores must be migrated before any commands that modify or use the store
(e.g. semodule, semanage) can be executed.
%prep
%setup -q
# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files
grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g"
%build
%define _lto_cflags %{nil}
%make_build clean
%make_build CFLAGS="%{optflags} -fno-semantic-interposition" CC="gcc"
%make_build CFLAGS="%{optflags} -fno-semantic-interposition" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all
%install
mkdir -p %{buildroot}/%{_lib}
mkdir -p %{buildroot}%{_libdir}
mkdir -p %{buildroot}%{_includedir}
mkdir -p %{buildroot}%{_localstatedir}/lib/selinux
%make_install LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_libdir}"
ln -sf %{_libdir}/libsemanage.so.%{soversion} %{buildroot}/%{_libdir}/libsemanage.so
cp %{SOURCE4} %{buildroot}%{_sysconfdir}/selinux/semanage.conf
# Remove duplicate files
%fdupes -s %{buildroot}%{_mandir}
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%files -n %{libname}
%{_libdir}/libsemanage.so.*
%dir %{_localstatedir}/lib/selinux
%files conf
%dir %{_sysconfdir}/selinux
%config(noreplace) %{_sysconfdir}/selinux/semanage.conf
%files devel
%{_libdir}/libsemanage.so
%{_libdir}/pkgconfig/libsemanage.pc
%{_includedir}/semanage/
%{_mandir}/man3/*
%{_mandir}/man5/*
%{_mandir}/ru/man5/*
%files migrate-store
%dir %{_libexecdir}/selinux
%{_libexecdir}/selinux/
%files devel-static
%{_libdir}/libsemanage.a
%changelog

342
python-semanage.changes Normal file
View File

@ -0,0 +1,342 @@
-------------------------------------------------------------------
Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.5
* Allow user to set SYSCONFDIR
* always write kernel policy when check_ext_changes is specified
- Added additional developer key (Jason Zaman)
-------------------------------------------------------------------
Mon May 9 10:37:17 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.4
* Optionally rebuild policy when modules are changed externally
* Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info()
* Allow spaces in user/group names
-------------------------------------------------------------------
Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Drop Buildrequires for libustr-devel, not needed anymore
-------------------------------------------------------------------
Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.3
* Fixed use-after-free in parse_module_store()
* Fixed use_after_free in semanage_direct_write_langext()
-------------------------------------------------------------------
Mon Aug 16 13:13:41 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Call "make -j8 pywrap" instead of "make -j8 all pywrap" to fix random
build failures. The toplevel Makefile does not support concurrency,
and it resulted in parallel "make all" and "make pywrap" which weren't
aware of each other and stepped over the other's artifacts.
-------------------------------------------------------------------
Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Minor spec file cleanups
-------------------------------------------------------------------
Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.2
* dropped old and deprecated symbols and functions
libsemanage version was bumped to libsemanage.so.2
* libsemanage tries to sync data to prevent empty files in SELinux module
store
-------------------------------------------------------------------
Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.1
* Improved manpage
* fsync final files before rename
-------------------------------------------------------------------
Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Disabled LTO again. This breaks e.g. shadow and also other packages
in security:SELinux
-------------------------------------------------------------------
Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Fix build with LTO: [bsc#1133102]
* Enable LTO (Link Time Optimization)
* Update map file to include new symbols and remove wildcards
- Add libsemanage-update-map-file.patch
-------------------------------------------------------------------
Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop suse_path.patch: replace it with a grep/sed logic replacing
/usr/libexec in all files with the correct value for all distros
(taking into account that openSUSE is in progress of migrating
from /usr/lib to /usr/libexec).
-------------------------------------------------------------------
Fri May 29 12:51:17 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Apply suse_path.patch only for older distributions. Newer
use libexec
-------------------------------------------------------------------
Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Update to version 3.0
* Add support for DCCP and SCTP protocols
* include internal header to use the hidden function prototypes
* mark all exported function "extern"
* optionally optimize policy on rebuild
Refreshed suse_path.patch
-------------------------------------------------------------------
Fri May 3 12:22:25 UTC 2019 - Martin Liška <mliska@suse.cz>
- Disable LTO (boo#1133280).
-------------------------------------------------------------------
Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com
- Update to version 2.9
* Always set errno to 0 before calling getpwent()
* Include user name in ROLE_REMOVE audit events
* genhomedircon - improve handling large groups
* improve semanage_migrate_store import failure
* reset umask before creating directories
* set selinux policy root around calls to selinux_boolean_sub
* use previous seuser when getting the previous name
-------------------------------------------------------------------
Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Use more %make_install.
-------------------------------------------------------------------
Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com
- Adjusted source urls (bsc#1115052)
-------------------------------------------------------------------
Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com
- update to version 2.8
* semanage fcontext -l now also lists home directory entries from
file_contexts.homedirs.
* libsemanage no longer deletes the tmp directory if there is an error
while committing the policy transaction, so that any temporary files
can be further inspected for debugging purposes (e.g. to examine a
particular line of the generated CIL module). The tmp directory will
be deleted upon the next transaction, so no manual removal is needed.
* When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
DESTDIR has to be removed from the definition. For example on Arch
Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
* PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
- Clened with spec-cleaner
-------------------------------------------------------------------
Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com
- Update to version 2.7. Changes:
* IB support
* saves linked policy and skips relinking whenever possible
-------------------------------------------------------------------
Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
* genhomedircon: do not suppress logging from libsepol
* genhomedircon: use userprefix as the role for homedir
* Fix bug preventing the installation of base modules
* Use pp module name instead of filename when installing module
* genhomedircon: remove hardcoded refpolicy strings
* genhomedircon: add support for %group syntax
* genhomedircon: generate contexts for logins mapped to the default user
* Validate and compile file contexts before installing
* Swap tcp and udp protocol numbers
* genhomedircon: %{USERID} and %{USERNAME} support and code cleanups
-------------------------------------------------------------------
Wed Sep 27 15:51:27 UTC 2017 - jmatejek@suse.com
- build both python2 and python3 version of the semanage binding
with the singlespec machinery
-------------------------------------------------------------------
Sun Jul 17 15:21:03 UTC 2016 - jengelh@inai.de
- Summary/description update
-------------------------------------------------------------------
Fri Jul 8 15:35:05 UTC 2016 - i@marguerite.su
- update version 2.5
* Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss.
* Fix uninitialized variable in direct_commit and direct_api
* semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so
* Store homedir_template and users_extra in policy store
* Fix null pointer dereference in semanage_module_key_destroy
* Add semanage_module_extract() to extract a module as CIL or HLL
* semanage_migrate_store: add -r <root> option for migrating inside chroots
* Add file_contexts and seusers to the store
* Add policy binary and file_contexts.local to the store
* Allow to install compressed modules without a compression extension
* Do not copy contexts in semanage_migrate_store
* Fix logic in bunzip for uncompressed pp files
* Fix fname[] initialization in test_utilities.c
* Add remove-hll semanage.conf option to remove HLL files after
compilation to CIL
* Fix memory leaks when parsing semanage.conf
* Change bunzip to use heap instead of stack to prevent segfault on
systems with small stack size
- changes in 2.4
* Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different
directories
* Fix bugs found by hardened gcc flags
* Add missing manpage links to security_load_policy
* Fix failing libsemanage pywrap tests
* Fix deprecation warning for bison
* Skip policy module relink when only setting booleans
* Only try to compile file contexts if they exist
* Fix memory leak when setting a custom store path
* Add semodule option to set store root path in semanage.conf and the
semodule command
* Add semanage.conf option to set an alternative root path for policy
store
* Add support for High Level Language (HLL) to CIL compilers. The HLL
compiler path is configurable, but should be placed in
/usr/libexec/selinux/hll by default
* Create a policy migration script for migrating the policy store from
/etc/selinux to /var/lib/selinux
* Add python3 support to the migration script
* Use libcil to compile modules
* Use symbolic versioning to maintain ABI compatibility for old install
functions
* Add a target-platform option to semanage.conf to control how policies
are built
* Add API to handle modules and source policies, moving module store to
/var/lib/selinux
* Only try to compile file contexts if they exist
- changes in 2.3
* Fix memory leak in semanage_genhomedircon
-------------------------------------------------------------------
Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
* Avoid duplicate list entries
* Add audit support to libsemanage
* Remove policy.kern and replace with symlink
* Apply a MAX_UID check for genhomedircon
* Fix man pages
- Add audit-devel BuildRequires; new dependency
- Add fdupes BuildRequires and use it to symlink duplicate manpages
-------------------------------------------------------------------
Thu Jun 27 14:57:01 UTC 2013 - vcizek@suse.com
- change the source url to the official 2.1.10 release tarball
-------------------------------------------------------------------
Wed Jan 30 12:01:03 UTC 2013 - vcizek@suse.com
- update to 2.1.9
-------------------------------------------------------------------
Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de
- Remove obsolete defines/sections
-------------------------------------------------------------------
Tue Oct 23 05:05:03 UTC 2012 - coolo@suse.com
- buildrequire libbz2-devel
-------------------------------------------------------------------
Wed Aug 1 07:54:48 UTC 2012 - meissner@suse.com
- updated to 2.1.6
* changes too numerous to list
-------------------------------------------------------------------
Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org
- split off python bindings to separate package to reduce build
dependencies for rpm [bnc#695436]
-------------------------------------------------------------------
Wed May 18 13:38:44 UTC 2011 - coolo@novell.com
- add baselibs.conf for rpm-32bit to use
-------------------------------------------------------------------
Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com
- disable parallel build, it breaks too often
-------------------------------------------------------------------
Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz
- updated to 2.0.43
* changes too numerous to list
-------------------------------------------------------------------
Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz
- fix assignment of wrong context [bnc#466793]
-------------------------------------------------------------------
Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz
- updated to 2.0.31
* policy module compression (bzip) support from Dan Walsh
* hard link files between tmp/active/previous from Dan Walsh
* add semanage_mls_enabled() interface from Stephen Smalley
-------------------------------------------------------------------
Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz
- updated to 2.0.29
* add USER to lines to homedir_template context file
* add compression support
* allow fcontext and seuser changes without rebuilding the policy
* don't rebuild on fcontext or seuser modifications
* modify genhomedircon to skip %groupname entries
-------------------------------------------------------------------
Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de
- fix debug_packages_requires define
-------------------------------------------------------------------
Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz
- require only version, not release [bnc#429053]
-------------------------------------------------------------------
Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz
- updated to 2.0.27
* Modify genhomedircon to skip %groupname entries.
Ultimately we need to expand them to the list of users to support
per-role homedir labeling when using the %groupname syntax.
- updated to 2.0.26
* Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
Strip any trailing slash before appending /*$.
-------------------------------------------------------------------
Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de
- fix requires for debuginfo package
-------------------------------------------------------------------
Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz
- initial version 2.0.25
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>

100
python-semanage.spec Normal file
View File

@ -0,0 +1,100 @@
#
# spec file for package python-semanage
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define soversion 2
%define libname libsemanage%{soversion}
%define libsepol_ver 3.5
%define libselinux_ver 3.5
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-semanage
Version: 3.5
Release: 0
Summary: Python bindings for SELinux's policy management library
License: LGPL-2.1-only
Group: Development/Languages/Python
URL: https://github.com/SELinuxProject/selinux
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz.asc
Source2: libsemanage.keyring
Source3: baselibs.conf
# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards
# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux
# Patch0: libsemanage-update-map-file.patch
BuildRequires: %{python_module devel}
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: flex
BuildRequires: libbz2-devel
BuildRequires: libselinux-devel >= %{libselinux_ver}
BuildRequires: libsepol-devel >= %{libsepol_ver}
BuildRequires: python-rpm-macros
BuildRequires: swig
# Ensure same version
Requires: %{libname} = %{version}
%python_subpackages
%description
This package contains the Python bindings for developing
SELinux policy management applications.
%prep
%setup -q -n libsemanage-%{version}
# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files
grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g"
%build
%define _lto_cflags %{nil}
%make_build clean
%{python_expand # loop over possible pythons
%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition" swigify
%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition" \
LIBDIR="%{_libdir}" \
LIBEXECDIR="%{_libexecdir}" \
SHLIBDIR="%{_lib}" \
pywrap
}
%install
mkdir -p %{buildroot}/%{_lib}
mkdir -p %{buildroot}%{_libdir}
mkdir -p %{buildroot}%{_includedir}
%{python_expand # loop over possible pythons
%make_install install-pywrap PYTHON="$python" \
LIBDIR="%{_libdir}" \
LIBEXECDIR="%{_libexecdir}" \
SHLIBDIR="%{_libdir}"
}
# remove files contained in other packages
rm -rf %{buildroot}%{_sysconfdir}
%if "%{_lib}" == "lib64"
rm -rf %{buildroot}%{_libexecdir}
%else
rm -rf %{buildroot}%{_libexecdir}/selinux
%endif
rm -rf %{buildroot}%{_includedir}
rm -f %{buildroot}%{_libdir}/libsemanage.*
rm -rf %{buildroot}%{_libdir}/pkgconfig
rm -rf %{buildroot}%{_mandir}
%files %{python_files}
%{python_sitearch}/*
%changelog

51
semanage.conf Normal file
View File

@ -0,0 +1,51 @@
# Authors: Jason Tang <jtang@tresys.com>
#
# Copyright (C) 2004-2005 Tresys Technology, LLC
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# Specify how libsemanage will interact with a SELinux policy manager.
# The four options are:
#
# "source" - libsemanage manipulates a source SELinux policy
# "direct" - libsemanage will write directly to a module store.
# /foo/bar - Write by way of a policy management server, whose
# named socket is at /foo/bar. The path must begin
# with a '/'.
# foo.com:4242 - Establish a TCP connection to a remote policy
# management server at foo.com. If there is a colon
# then the remainder is interpreted as a port number;
# otherwise default to port 4242.
module-store = direct
# When generating the final linked and expanded policy, by default
# semanage will set the policy version to POLICYDB_VERSION_MAX, as
# given in <sepol/policydb.h>. Change this setting if a different
# version is necessary.
#policy-version = 19
# expand-check check neverallow rules when executing all semanage commands.
# Large penalty in time if you turn this on.
expand-check=0
# usepasswd check tells semanage to scan all pass word records for home directories
# and setup the labeling correctly. If this is turned off, SELinux will label /home
# correctly only. You will need to use semanage fcontext command.
# For example, if you had home dirs in /althome directory you would have to execute
# semanage fcontext -a -e /home /althome
usepasswd=False
bzip-small=true
bzip-blocksize=5
ignoredirs=/root