From 8845214ec430af949b5468748d4b32342b00548d8a507606f14f144d4fe21b82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Sat, 4 May 2024 00:35:06 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main setools revision 4187695d4e042c9ba340c8596f3f83cd --- .gitattributes | 23 +++ README.SUSE | 2 + _service | 7 + setools-4.4.3.tar.bz2 | 3 + setools.changes | 344 ++++++++++++++++++++++++++++++++++++++++++ setools.spec | 151 ++++++++++++++++++ 6 files changed, 530 insertions(+) create mode 100644 .gitattributes create mode 100644 README.SUSE create mode 100644 _service create mode 100644 setools-4.4.3.tar.bz2 create mode 100644 setools.changes create mode 100644 setools.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..33f03c5 --- /dev/null +++ b/README.SUSE @@ -0,0 +1,2 @@ +Additional functionality for these tools can be gained by installing python3-networkx. This pulls in many dependencies and is +not needed for most people, therefor it's not required or recommended due to the size of the required dependencies diff --git a/_service b/_service new file mode 100644 index 0000000..5e7ba79 --- /dev/null +++ b/_service @@ -0,0 +1,7 @@ + + + enable + + + + diff --git a/setools-4.4.3.tar.bz2 b/setools-4.4.3.tar.bz2 new file mode 100644 index 0000000..ad1fb73 --- /dev/null +++ b/setools-4.4.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2f751599dbed0d628fb268a3302dd8c578829f302bd28e8c08e182aef7fd5cb8 +size 262702 diff --git a/setools.changes b/setools.changes new file mode 100644 index 0000000..e576c25 --- /dev/null +++ b/setools.changes @@ -0,0 +1,344 @@ +------------------------------------------------------------------- +Tue Aug 1 10:27:36 UTC 2023 - Filippo Bonazzi + +- Update to version 4.4.3: + * Fix compilation with Cython 3.0.0. + * Improve man pages. + * Remove neverallow options in sediff. + * Add -r option to seinfoflow to get flows into the source type. + * Reject a rule with no permissions as invalid policy. + +------------------------------------------------------------------- +Fri Jul 14 04:58:38 UTC 2023 - Shung-Hsi Yu + +- Add python3-setuptools as a runtime requirement of python3-setools + (boo#1213305) + +------------------------------------------------------------------- +Wed Apr 26 11:17:30 UTC 2023 - Filippo Bonazzi + +- Update to version 4.4.2: + * Make NetworkX optional. sedta and seinfoflow tools, along with the + equivalent analyses in apol require NetworkX. + * Remove neverallow options in sesearch and apol. These are not usable + since they are removed in the final binary policy. +- Drop make_networkx_optional.patch, now merged upstream + +------------------------------------------------------------------- +Mon Feb 6 16:08:00 UTC 2023 - Filippo Bonazzi + +- Update to version 4.4.1: + * Replace deprecated NetworkX function use in information flow and domain + transition analysis. This function was removed in NetworkX 3.0. + * Fix bug in apol copy and cut functions when copying from a tree view. + * Fix bug with extended permission set construction when a range includes + 0x0. + * Add sesearch -Sp option for permission subset match. + * Fix error in man page description for sesearch -ep option. + * Improve output stability in constraint, common, class, role, and user + queries. + * Updated permission map. + * Fix bug in sechecker parsing of multiline values. + * Other code cleanups not visible to users. + +------------------------------------------------------------------- +Fri Sep 2 09:24:56 UTC 2022 - Johannes Segitz + +- Added README.SUSE and drop recommend for python3-networkx altogether + (bsc#1202676) + +------------------------------------------------------------------- +Tue Feb 22 09:13:19 UTC 2022 - Shung-Hsi Yu + +- Add make_networkx_optional.patch to cut down installation requirements +- Change python3-networkx from require into recommend + +------------------------------------------------------------------- +Tue Jun 8 11:10:02 UTC 2021 - Dominique Leuenberger + +- Fix dependency of python3-setools: require python3, not python + (which is python2). + +------------------------------------------------------------------- +Tue Mar 9 09:24:10 UTC 2021 - Johannes Segitz + +- Update to the version 4.4.0: + * Added support for old Boolean name substitution in seinfo and sesearch. + * Added sechecker tool which is a configuration file driven analysis tool. + +------------------------------------------------------------------- +Tue Nov 3 17:56:44 UTC 2020 - Benjamin Greiner + +- Stay on a single python3 flavor even if there are more than one + gh#openSUSE/python-rpm-macros#73 + +------------------------------------------------------------------- +Wed Oct 21 07:29:51 UTC 2020 - Thorsten Kukuk + +- Cleanup BuildRequires +- Fix setools-gui dependencies, we are using python-qt5 and not + tcl/tk + +------------------------------------------------------------------- +Wed Jul 29 18:16:13 UTC 2020 - Thorsten Kukuk + +- python3-setools needs python3-networkx + +------------------------------------------------------------------- +Fri Apr 3 08:45:25 UTC 2020 - Johannes Segitz + +- Update to the upstream version 4.3.0: + * Revised sediff method for TE rules. This drastically reduced memory + and run time. + * Added infiniband context support to seinfo, sediff, and apol. + * Added apol configuration for location of Qt assistant. + * Fixed sediff issue where properties header would display when not + requested. + * Fixed sediff issue with type_transition file name comparison. + * Fixed permission map socket sendto information flow direction. + * Added methods to TypeAttribute class to make it a complete Python + collection. + * Genfscon now will look up classes rather than using fixed values + which were dropped from libsepol +- Dropped python3.8-compat.patch + +------------------------------------------------------------------- +Thu Oct 31 12:02:30 CET 2019 - Matej Cepl + +- Add python3.8-compat.patch to allow build with Python 3.8 + Still doesn't work though because of gh#SELinuxProject/setools#31 + +------------------------------------------------------------------- +Thu Oct 31 09:38:27 CET 2019 - Matej Cepl + +- Update to the upstream version 4.2.2: + - Remove source policy references from man pages, as loading + source policies is no longer supported. + - Fixed a performance regression in alias loading after alias + dereferencing fixes in 4.2.1. + +------------------------------------------------------------------- +Tue Feb 5 08:01:41 UTC 2019 - jsegitz@suse.com + +- Update to 4.2.1 + * Set SIGPIPE handler for CLI tools. + * Fixed alias dereferencing in TypeQuery and type, category, and + sensitivity lookups. + * Fixed sediff bug for rendering modified nodecons. + * Fixed devicetreecon count output. + * Fixed policy target platform check. + * Fixed bug in creating permission set intersection in apol. +- Provide python-setools + +------------------------------------------------------------------- +Fri Dec 7 15:10:14 UTC 2018 - jsegitz@suse.com + +- Changed requires of console subpackage to python3-setools + +------------------------------------------------------------------- +Wed Nov 21 14:17:32 UTC 2018 - jsegitz@suse.com + +- Upgrade to 4.2.0 + * Support for Python 2.7 was dropped + * Symbol names are now available as the name attribute (e.g. Boolean.name, Type.name, etc.) + * Move constraint expression to its own class. + * Made Conditional.evaluate() more useful and added BaseTERule.enabled() method to determine if a rule is enabled.. + * Added support for SCTP portcons + * Updated permission maps +- Dropped warning.patch +- Single spec, limited to python3. Obsoletes python-setools, provides + python3-setools + +------------------------------------------------------------------- +Mon Jun 11 08:14:26 UTC 2018 - jsegitz@suse.com + +- Added warning.patch in former change to prevent warnings from + stopping the build + +------------------------------------------------------------------- +Wed May 16 07:28:39 UTC 2018 - mcepl@suse.com + +- Upgrade to 4.1.1 + +------------------------------------------------------------------- +Wed Dec 20 12:23:39 UTC 2017 - jsegitz@suse.com + +- Update to version 4.0.1. SETools was reimplemented in Python. +- Doesn't build + * setools-libs + * setools-java + * setools-tcl + * setools-devel + anymore since the files are not povided anymore +- Dropped + * add-to-header-define_cond_filename_trans.patch + * implicit-fortify-decl.patch + * setools-3.3.5-javacflags.patch + * setools-3.3.5-nonvoid.patch + * setools-3.3.5-strcmp.patch + * setools-am121.patch + * setools-libsepol.patch + * setools-setup_py-prefix.patch + * setools-swig-2.0.7.patch + * setools-swig-2x.patch + * setools-tclass.patch + +------------------------------------------------------------------- +Sat Sep 30 07:54:34 UTC 2017 - coolo@suse.com + +- Move to minimum java target of 1.6, 1.5 is no longer supported + +------------------------------------------------------------------- +Mon Jun 26 16:30:02 UTC 2017 - jsegitz@suse.com + +- Added implicit-fortify-decl.patch to prevent warnings about implicit + declarations + +------------------------------------------------------------------- +Thu Aug 25 15:42:18 UTC 2016 - jsegitz@novell.com + +- Deleted setools-3.3.7-libselinux-2.3.patch, we have a + current libselinux now + +------------------------------------------------------------------- +Mon Jul 18 10:41:14 UTC 2016 - jsegitz@novell.com + +- Patch to work with current libsepol, libselinux + Added: setools-tclass.patch + +------------------------------------------------------------------- +Mon Mar 23 02:32:05 UTC 2015 - p.drouand@gmail.com + +- Update to version 3.3.8 + * Fix bug preventing seaudit from starting + * Add python bindings for seinfo and sesearch + * seinfo exits with an error status + * Support for named file transition rules + * Add support for default types in sesearch + * Man page updates for seinfo, seaudit, and sediff + * Fix file type drop down list for open/close Apol query + * Fix compile errors on new parameter in libsepol role_set_expand(). +- Update home project and download Urls +- Remove merged patches + * setools-python.patch + * 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch + * 0006-Changes-to-support-named-file_trans-rules.patch + * 0007-Remove-unused-variables.patch +- Update setools-3.3.6-libsepol.patch > setools-libsepol.patch +- Remove redundant %clean section + +------------------------------------------------------------------- +Mon May 26 20:47:23 CEST 2014 - ro@suse.de + +- add patch: setools-3.3.7-libselinux-2.3.patch + fix build with libselinux-2.3 + +------------------------------------------------------------------- +Fri Oct 11 15:36:20 UTC 2013 - vcizek@suse.com + +- don't fail if there are no never-allow rules in the policy +- remove dangling symlink /usr/bin/seaudit (bnc#812285) + * added 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch + +------------------------------------------------------------------- +Fri Sep 13 09:16:43 UTC 2013 - pgajdos@suse.com + +- javapackages-tools in buildrequires + +------------------------------------------------------------------- +Tue Mar 12 14:02:59 UTC 2013 - vcizek@suse.com + +- added patches: + * 0006-Changes-to-support-named-file_trans-rules.patch + * 0007-Remove-unused-variables.patch + - these two add support for named file trans rules + * add-to-header-define_cond_filename_trans.patch + - add missing define_cond_filename_trans() declaration + +------------------------------------------------------------------- +Thu Oct 25 11:20:26 UTC 2012 - coolo@suse.com + +- add explicit buildrequire on libbz2-devel + +------------------------------------------------------------------- +Tue Aug 28 15:35:33 UTC 2012 - idonmez@suse.com + +- Add setools-3.3.6-libsepol.patch to fix compilation with new + libsepol + +------------------------------------------------------------------- +Sun Aug 5 15:44:47 UTC 2012 - meissner@suse.com + +- updated to version 3.3.7 +- removed 2 upstream patches + +------------------------------------------------------------------- +Tue Jul 3 09:13:03 UTC 2012 - coolo@suse.com + +- add setools-am121.patch to fix build with automake 1.12.1 + +------------------------------------------------------------------- +Thu Jun 14 12:01:51 CEST 2012 - mls@suse.de + +- fix build with swig-2.0.7 (untested, though) + +------------------------------------------------------------------- +Mon Feb 13 10:56:00 UTC 2012 - coolo@suse.com + +- patch license to follow spdx.org standard + +------------------------------------------------------------------- +Wed Nov 23 09:26:22 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu May 26 09:30:05 UTC 2011 - idonmez@novell.com + +- Add setools-swig-2x.patch: correctly detect swig 2.x + +------------------------------------------------------------------- +Thu Feb 25 15:46:44 UTC 2010 - prusnak@suse.cz + +- updated to 3.3.6 + +------------------------------------------------------------------- +Sat Sep 5 10:51:41 CEST 2009 - dmueller@suse.de + +- remove libselinux requires, it does not exist and + autorequires will do the right thing anyway + +------------------------------------------------------------------- +Wed Jul 15 13:32:35 CEST 2009 - prusnak@suse.cz + +- disable Requires: usermode + +------------------------------------------------------------------- +Tue Jun 23 12:30:53 CEST 2009 - prusnak@suse.cz + +- require libsepol-devel-static + +------------------------------------------------------------------- +Mon Oct 20 16:19:09 CEST 2008 - prusnak@suse.cz + +- disable Python for now (weird glibc errors) + +------------------------------------------------------------------- +Tue Sep 2 13:41:08 CEST 2008 - prusnak@suse.cz + +- updated to 3.3.5 + * Fixed errors in libapol's AV and TE rule rendering functions + where errno was not being set properly. + * Fixed error in apol_syn_avrule_render() where braces were + not being added around the target set when there is exactly one + target type and the keyword 'self'. Thanks to Ryan Kagin + for reporting this error. + * Added qpol_type_get_ispermissive(). SETools can now handle + version 23 policy. + +------------------------------------------------------------------- +Thu Jul 17 11:46:28 CEST 2008 - prusnak@suse.cz + +- initial version 3.3.4 + * based on Fedora package by Dan Walsh + diff --git a/setools.spec b/setools.spec new file mode 100644 index 0000000..a08f569 --- /dev/null +++ b/setools.spec @@ -0,0 +1,151 @@ +# +# spec file for package setools +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +# As soon as python38 is introduced as flavor, we need this: +%{?!python3_primary_provider:%define python3_primary_provider %{lua: \ +l,c = posix.readlink("/usr/bin/python3") \ +flavor = l:gsub("%.", ""):sub(0,-1) \ +print(rpm.expand("%{?" .. flavor .. "_prefix}%{!?" .. flavor .. "_prefix:python3}")) \ +}} +# Skip every flavor except for the primary_provider +%define pythons %python3_primary_provider + +Name: setools +Version: 4.4.3 +Release: 0 +URL: https://github.com/SELinuxProject/setools +Summary: Policy analysis tools for SELinux +License: GPL-2.0-only +Group: System/Management +Source: https://github.com/SELinuxProject/setools/releases/download/%{version}/%{name}-%{version}.tar.bz2 +Source2: README.SUSE +BuildRequires: fdupes +BuildRequires: libselinux-devel +BuildRequires: libsepol-devel +BuildRequires: python-rpm-macros +BuildRequires: python3-Cython +BuildRequires: python3-devel >= 3.4 +BuildRequires: python3-setuptools +Requires: setools-console = %{version}-%{release} +Requires: setools-gui = %{version}-%{release} + +%description +SETools is a collection of graphical tools, command-line tools, and +libraries designed to facilitate SELinux policy analysis. + +This meta-package depends upon the main packages necessary to run +SETools. + +%package console +Summary: Policy analysis command-line tools for SELinux +License: GPL-2.0-only +Group: System/Base +Requires: python3-setools = %{version} + +%description console +SETools is a collection of graphical tools, command-line tools, and +libraries designed to facilitate SELinux policy analysis. + +This package includes the following console tools: + + seinfo Provide information about policies + sesearch Tool to query policies + sedta Domain transition analysis tool + seinfoflow Information flow analysis tool + sediff Semantic policy difference tool + +%package -n %{python3_primary_provider}-setools +Summary: Python bindings for SELinux policy analysis +License: LGPL-2.0-only +Group: Development/Languages/Python +Requires: python3 >= 3.4 +Requires: python3-setuptools +Obsoletes: python-setools < %{version}-%{release} +Provides: python-setools = %{version}-%{release} +%if "%{python3_primary_provider}" != "python3" +Obsoletes: python3-setools < %{version}-%{release} +Provides: python3-setools = %{version}-%{release} +%endif + +%description -n %{python3_primary_provider}-setools +SETools is a collection of graphical tools, command-line tools, and +libraries designed to facilitate SELinux policy analysis. + +%package gui +Summary: Policy analysis graphical tools for SELinux +License: GPL-2.0-only +Group: System/Base +Requires: python3-networkx +Requires: python3-qt5 +Requires: python3-setools = %{version} + +%description gui +SETools is a collection of graphical tools, command-line tools, and +libraries designed to facilitate SELinux policy analysis. + +This package includes the following graphical tools: + + apol policy analysis tool + +%prep +%setup -q -n %{name} +%autopatch -p1 + +%build +%python_build + +%install +%python_install +install -m 644 -D %{SOURCE2} %{buildroot}%{_docdir}/%{name}/README.SUSE +%fdupes -s %{buildroot}%{python3_sitearch} + +%files -n %{python3_primary_provider}-setools +%defattr(-,root,root,-) +%{python3_sitearch}/setools +%{python3_sitearch}/setools-%{version}*-info +%dir %{_docdir}/%{name}/ +%{_docdir}/%{name}/* + +%files console +%defattr(-,root,root,-) +%{_bindir}/seinfo +%{_bindir}/sesearch +%{_bindir}/sedta +%{_bindir}/seinfoflow +%{_bindir}/sediff +%{_bindir}/sechecker +%{_mandir}/man1/sechecker.1.gz +%{_mandir}/man1/sedta.1.gz +%{_mandir}/man1/seinfoflow.1.gz +%{_mandir}/man1/sediff.1.gz +%{_mandir}/man1/seinfo.1.gz +%{_mandir}/man1/sesearch.1.gz +%{_mandir}/ru/man1/apol.1.gz +%{_mandir}/ru/man1/sediff.1.gz +%{_mandir}/ru/man1/sedta.1.gz +%{_mandir}/ru/man1/seinfo.1.gz +%{_mandir}/ru/man1/seinfoflow.1.gz +%{_mandir}/ru/man1/sesearch.1.gz + +%files gui +%defattr(-,root,root,-) +%{python3_sitearch}/setoolsgui +%{_bindir}/apol +%{_mandir}/man1/apol.1.gz + +%changelog