Accepting request 1184291 from home:cahu:security:SELinux:userspace37

- Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * User-visible changes: * checkpolicy: support CIDR notation for nodecon statements * checkpolicy: provide more descriptive error messages and improve error handling * Bugfixes: * checkpolicy: handle unprintable token * checkpolicy: avoid assigning garbage values * checkpolicy: free temporary bounds type * checkpolicy: perform contiguous check in host byte order * checkpolicy: include <ctype.h> for isprint(3) * oss-fuzz fixes: * checkpolicy: add libfuzz based fuzzer * checkpolicy: free complete role_allow_rule on error * checkpolicy: free identifiers on invalid typebounds * checkpolicy: return YYerror on invalid character * checkpolicy: clone level only once OBS-URL: https://build.opensuse.org/request/show/1184291 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=65
2024-07-02 09:43:44 +00:00 · 2024-07-02 09:43:44 +00:00 · 732ba6f16b
commit 732ba6f16b
10 changed files with 556 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/checkpolicy-3.6.tar.gz
+++ b/checkpolicy-3.6.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1b346b3cdd4f8a78a157627bad64a3b3479c67b6a19d15e6d5c8694620eadbc1
+size 70684
--- a/checkpolicy-3.6.tar.gz.asc
+++ b/checkpolicy-3.6.tar.gz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAIACgkQRpWIHCVF
+CNE7jw/8Dg9K9Ie2j/zXEAW7khQLjQe5skNoX4pOWO31AzRK675b0z8/Lx3UMU3I
+q/CSKLSrcblgsJxbDkp4KB/YzUo2IaBuJp8IqXye5DEPqUNnkOmg6/7KytU1nmn6
+lA7nUm2XgaBuTtC6zi2rdb2qR0Pobja2rLx4gIP4yp7HPiq1leUy5dYhHCF7NT6W
+AzhafOipDMClBd/yMOKS1PSnDrm//xXyg36RxJNX7xtlhfeRlR+lYegRMutVEnJW
+KKx1pXVcdZWU53enLc5UJBohkkzA738AnwhpqPSuL3SiHI55v7GYz6KrrRZs0tke
+mrQTa7GW7R5IGddz3nzc/GGzSTz1VGiloFTsZvMDKJaZIe/x46ZtPTbu44/caGQI
+3Oc0tDQbGHgweCbVe0jeWmZZi6sJvgDwQa66RmjIbOPUDv+5cXbQbwLEzCAMqpxe
+RFbjA35LSahAWHGdzQoewwmec4REX7z1Amyz0XJhLbG2xFWsjIl3xom/YV+ZxYat
+KWJ8IH1ygW7mPFQx9JUJN8HpiKThHwsVvMiCvEcuz5pS3kXhj6qrL4Rhxebq7W7R
+UCVACKka9g4ukpaGH1MUty4h3Q9TfEehwn20oFa5b93FdYZF9LhKdN23H/0kUpi7
+MeBbAXK6z8p8nFgSbrA7cQ6Nf0uBGJ8qeBRj6N9FdylbdN3VxW4=
+=vakU
+-----END PGP SIGNATURE-----
--- a/checkpolicy-3.7.tar.gz
+++ b/checkpolicy-3.7.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fd3e1925477d49946d1116938661af44c1f86f0d681466fd9f02eaa06002a07f
+size 74992
--- a/checkpolicy-3.7.tar.gz.asc
+++ b/checkpolicy-3.7.tar.gz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NdQACgkQRpWIHCVF
+CNFu8A//aEuByelb5YAXlrIOe1OFlZ1xzATJjan6wQyoX22GQvcb50C00/FoSicH
+UDxvJ1k+oam9VdBISBxssvnftzhohwJyNn/r5br7KlBUA16GQxokftdddfU4aC9e
+mIdy6ZUja7VO3zWXDFDoZyL0IpbjgrftOG3EHxF+rMfeoznW9g1enCEb7oWqZXCL
+5gLhyI05FmI7ySOxqBhvU9oAVgSrU32UFDbgXZkKu2lkOSUPtxhTIzS/8vtIsiNy
+ihS5LGS1VpyPdG3EWSr44d4sR4z3UM4QitRizG4lQVHluJDxS4lpivZlVSXHm87M
+T8FvMIo7pJ5NQhmRMBZw1895ganyaGSuzSa8b05xtVfzg2lVkYPrCw1rzrDoxetF
+2tWTijYfxDyhkvniACjNpfscayUe00IuCCceaoqLqi/BpeSaqdGh04prfCpmwYhA
+umVtYLJrjddi9KyrBlNIVad22TiuxjqFg9J0Up8J+4GleCFG/GNjSKFlaYazJJF0
+Hz4MJwDUbdWfY9WReyFEfMEvr7nCKcFCuU5Dv3GGFgE2oPAh2KasRg04OU56DIZl
+ih4Fr1+qwDAztT0dmui/5FO4RvkCd1CecnUyzLpmzSAPduBxur41+0ym8QQ+qAup
+utO3hg07MI8MN8pBuekL3g+3EkeA5RI7EZu569Z99vBSdi3XPGs=
+=QR49
+-----END PGP SIGNATURE-----
--- a/checkpolicy-tests.tar.gz
+++ b/checkpolicy-tests.tar.gz
--- a/checkpolicy.changes
+++ b/checkpolicy.changes
@ -0,0 +1,289 @@
+-------------------------------------------------------------------
+Mon Jul  1 07:45:50 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
+
+- Update to version 3.7
+  https://github.com/SELinuxProject/selinux/releases/tag/3.7
+  * User-visible changes:
+    * checkpolicy: support CIDR notation for nodecon statements
+    * checkpolicy: provide more descriptive error messages and improve error handling
+  * Bugfixes:
+    * checkpolicy: handle unprintable token
+    * checkpolicy: avoid assigning garbage values
+    * checkpolicy: free temporary bounds type
+    * checkpolicy: perform contiguous check in host byte order
+    * checkpolicy: include <ctype.h> for isprint(3)
+  * oss-fuzz fixes:
+    * checkpolicy: add libfuzz based fuzzer
+    * checkpolicy: free complete role_allow_rule on error
+    * checkpolicy: free identifiers on invalid typebounds
+    * checkpolicy: return YYerror on invalid character
+    * checkpolicy: clone level only once
+
+-------------------------------------------------------------------
+Tue Dec 19 10:43:51 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
+
+- Update to version 3.6
+  https://github.com/SELinuxProject/selinux/releases/tag/3.6
+  * checkpolicy: Add the command line argument -N, --disable-neverallow
+  * dispol: add option to display users, drop duplicate option to display booleans,
+show number of entries before listing them
+  * dispol: Add the ability to show booleans, classes, roles, types and type attributes of policies
+  * dispol: add options: --actions ACTIONS, --help
+  * dismod: add options: --actions ACTIONS, --help
+  * Add notself support for neverallow rules
+  * Improve man pages
+  * man pages: Remove the Russian translations
+  * Add notself and other support to CIL
+  * Add support for deny rules  
+  * Translations updated from  
+    https://translate.fedoraproject.org/projects/selinux/    
+  * Bug fixes  
+- Remove keys from keyring since they expired:  
+  - E853C1848B0185CF42864DF363A8AD4B982C4373  
+    Petr Lautrbach <plautrba@redhat.com>  
+  - 63191CE94183098689CAB8DB7EF137EC935B0EAF  
+    Jason Zaman <jasonzaman@gmail.com>  
+- Add key to keyring:   
+  - B8682847764DF60DF52D992CBC3905F235179CF1   
+    Petr Lautrbach <lautrbach@redhat.com>
+
+-------------------------------------------------------------------
+Fri Feb 24 07:32:08 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.5
+  * error out if required permission would exceed limit
+  * Improve error message for type bounds
+- Added additional developer key (Jason Zaman)
+
+-------------------------------------------------------------------
+Mon May  9 10:09:06 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.4
+  * warn on bogus IP address or netmask in nodecon statement
+  * allow wildcard permissions in constraints
+  * mention class name on invalid permission
+
+-------------------------------------------------------------------
+Thu Nov 11 13:23:59 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.3
+  * When reading a binary policy by checkpolicy, do not automatically change the version
+    to the max policy version supported by libsepol or, if specified, the value given
+    using the "-c" flag.
+  * Updated documentation
+  * Prints the reason why opening a source policy file failed
+
+-------------------------------------------------------------------
+Tue Mar  9 08:59:58 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.2
+  * Fix a memleak and an integer overflow
+
+-------------------------------------------------------------------
+Tue Jul 14 08:31:15 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.1
+  * checkpolicy treats invalid characters as an error - might break rare use
+    cases (intentionally)
+  * Drop extern_te_assert_t.patch, is upstream
+
+-------------------------------------------------------------------
+Tue Mar  3 12:19:40 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
+
+- Update to version 3.0
+  * add flag to enable policy optimization
+  * allow to write policy to stdout
+  * remove a redundant if-condition
+
+-------------------------------------------------------------------
+Wed Jan 15 14:25:45 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
+
+- Add extern_te_assert_t.patch to mark te_assert_t as extern. 
+  Prevents build failures on gcc10 (bsc#1160259)
+
+-------------------------------------------------------------------
+Wed Mar 20 14:58:08 UTC 2019 - jsegitz@suse.com
+
+- Update to version 2.9
+  * Add option to sort contexts when creating a binary policy
+  * Update manpage
+  * check the result value of hashtable_search
+  * destroy the class datum if it fails to initialize
+  * remove extraneous policy build noise
+
+-------------------------------------------------------------------
+Sun Nov 11 17:19:04 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
+
+- Enable parallel build. Remove ineffective LDFLAGS="$RPM_LD_FLAGS"
+  (RPM_LD_FLAGS is always empty).
+
+-------------------------------------------------------------------
+Wed Nov  7 16:26:24 UTC 2018 - jsegitz@suse.com
+
+- Source URL was invalid (bsc#1115052)
+
+-------------------------------------------------------------------
+Wed Oct 17 11:52:55 UTC 2018 - jsegitz@suse.com
+
+- Update to version 2.8 (bsc#1111732). 
+  For changes please see
+  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
+- Dropped checkpolicy-build.patch, not necessary anymore
+- Removed BuildRequires for byacc. It builds without and this blocks
+  building on SLE 15
+
+-------------------------------------------------------------------
+Mon Jun 11 07:48:05 UTC 2018 - jsegitz@suse.com
+
+- checkpolicy-build.patch was added in the former change to fix build
+  failures
+
+-------------------------------------------------------------------
+Wed May 16 07:16:19 UTC 2018 - mcepl@suse.com
+
+- Rebase to 2.7. 
+  For changes please see
+  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
+
+-------------------------------------------------------------------
+Fri Nov 24 09:01:04 UTC 2017 - jsegitz@suse.com
+
+- Update to version 2.6. Notable changes:
+  * Add types associated to a role in the current scope when parsing
+  * Extend checkpolicy pathname matching
+  * Set flex as default lexer
+  * Fix checkmodule output message
+  * Fail if module name different than output base filename
+  * Add support for portcon dccp protocol
+
+-------------------------------------------------------------------
+Thu Jun 29 21:05:43 UTC 2017 - mpluskal@suse.com
+
+- Use plain flex
+
+-------------------------------------------------------------------
+Thu Jul 21 13:02:06 UTC 2016 - jengelh@inai.de
+
+- Trim/update description
+
+-------------------------------------------------------------------
+Thu Jul 14 14:18:26 UTC 2016 - jsegitz@novell.com
+
+- Without bug number no submit to SLE 12 SP2 is possible, so to make
+  sle-changelog-checker happy: bsc#988977
+
+-------------------------------------------------------------------
+Fri Jul  8 16:22:15 UTC 2016 - i@marguerite.su
+
+- update version 2.5
+  * Add neverallow support for ioctl extended permissions
+  * fix double free on name-based type transitions
+  * switch operations to extended perms
+  * policy_define.c: fix compiler warnings
+  * Remove uses of -Wno-return-type
+  * Fix -Wreturn-type issues
+  * dispol: display operations as ranges
+  * dispol: Extend to display operations
+  * Add support for ioctl command whitelisting
+  * Add option to write CIL policy
+  * Add device tree ocontext nodes to Xen policy
+  * Widen Xen IOMEM context entries
+  * Expand allowed character set in paths
+  * Fix precedence between number and filesystem tokens
+  * dispol/dismod fgets function warnings fix
+- changes in 2.4
+  * Fix bugs found by hardened gcc flags
+  * Add missing semicolon in cond_else parser rule
+  * Clear errno before call to strtol(3)
+  * Global C++11 compatibility
+  * Allow libsepol C++ static library on device
+
+-------------------------------------------------------------------
+Sun May 18 00:18:53 UTC 2014 - crrodriguez@opensuse.org
+
+- version 2.3
+* Report source file and line information for neverallow failures.
+* Prevent incompatible option combinations for checkmodule.
+* Drop -lselinux from LDLIBS for test programs; not used.
+* Add debug feature to display constraints/validatetrans from Richard Haines.
+
+-------------------------------------------------------------------
+Thu Oct 31 13:41:13 UTC 2013 - p.drouand@gmail.com
+
+- Update to version 2.2
+  * Fix hyphen usage in man pages
+  * handle-unknown / -U required argument fix
+  * Support overriding Makefile PATH and LIBDIR
+  * Support space and : in filenames
+- Remove checkpolicy-rhat.patch; fixed on upstream
+
+-------------------------------------------------------------------
+Thu Jun 27 14:29:19 UTC 2013 - vcizek@suse.com
+
+- change the source url to the official 2.1.12 release tarball
+
+-------------------------------------------------------------------
+Fri Mar 29 13:10:16 UTC 2013 - vcizek@suse.com
+
+- update to 2.1.12
+	* Fix errors found by coverity
+	* implement default type policy syntax
+	* Free allocated memory when clean up / exit.
+- changes in checkpolicy-rhat.patch:
+        * original hunk was merged upstream
+	* space should be allowed for file trans names
+
+-------------------------------------------------------------------
+Wed Jan 30 11:40:10 UTC 2013 - vcizek@suse.com
+
+- update to 2.1.11
+	* fd leak reading policy
+	* check return code on ebitmap_set_bit
+	* sepolgen: We need to support files that have a + in them
+	* implement new default labeling behaviors for usr, role, range
+
+-------------------------------------------------------------------
+Wed Jul 25 11:24:54 UTC 2012 - meissner@suse.com
+
+- updated to 2.1.8
+  - various fixes
+
+-------------------------------------------------------------------
+Sat Sep 17 22:52:07 UTC 2011 - jengelh@medozas.de
+
+- Remove redundant tags/sections from specfile
+- Use %_smp_mflags for parallel build
+
+-------------------------------------------------------------------
+Thu Feb 25 14:51:44 UTC 2010 - prusnak@suse.cz
+
+- updated to 2.0.21
+  * Add support for building Xen policies from Paul Nuzzi.
+  * Add long options to checkpolicy and checkmodule by Guido
+    Trentalancia <guido@trentalancia.com>
+
+-------------------------------------------------------------------
+Tue Jun 23 12:29:42 CEST 2009 - prusnak@suse.cz
+
+- require libsepol-devel-static
+
+-------------------------------------------------------------------
+Wed May 27 13:52:37 CEST 2009 - prusnak@suse.cz
+
+- updated to 2.0.19
+  * fix alias field in module format, caused by boundary format change
+    from Caleb Case
+  * properly escape regex symbols in the lexer from Stephen Smalley
+  * add bounds support from KaiGai Kohei
+
+-------------------------------------------------------------------
+Mon Oct 20 18:03:54 CEST 2008 - prusnak@suse.cz
+
+- use flex-old for building (using flex does not build refpolicy)
+
+-------------------------------------------------------------------
+Tue Jul 15 17:56:14 CEST 2008 - prusnak@suse.cz
+
+- initial version 2.0.16
+  * based on Fedora package by Dan Walsh <dwalsh@redhat.com>
+
--- a/checkpolicy.keyring
+++ b/checkpolicy.keyring
@ -0,0 +1,110 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f
+QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq
+8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk
+e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m
+zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk
+uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V
+CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k
+Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK
+3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC
+4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ
+xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB
+tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB
+FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG
+FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7
+CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G
+CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx
+tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ
+79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9
+eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf
+YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc
+g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ
+6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP
+3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6
+9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf
+6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7
+DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu
+Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI
+zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x
+2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML
+rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw
+xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e
+Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm
+YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ
+MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ
+YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC
+w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec
+8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj
+EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5
+4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90
+XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU
+5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3
+4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4
+G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv
+LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z
+b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k
+dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb
+ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2
+6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo
+hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2
+QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV
+9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg
+ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC
+APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5
+APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO
+Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6
+is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1
+/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS
+f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m
+khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7
+8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5
+XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+
+ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV
+TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY
+BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE
+LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup
+PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT
+raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq
+DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I
+V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+
+ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD
+VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF
+CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb
+96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu
+O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec
+qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5
+/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw
+w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50
+THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY
+nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k
+uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57
+c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D
+vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378
+d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0
+P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X
+QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64
+G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3
+QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ
+MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO
+17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC
+JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ
+lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT
+xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd
+7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp
+ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ
+A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB
+56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh
+z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY
+eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3
+q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh
+C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy
+BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F
+G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY
+zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x
+pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr
+6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi
+TakEPw==
+=odM9
+-----END PGP PUBLIC KEY BLOCK-----
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@ -0,0 +1,92 @@
+#
+# spec file for package checkpolicy
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define libsepol_ver 3.7
+Name:           checkpolicy
+Version:        3.7
+Release:        0
+Summary:        SELinux policy compiler
+License:        GPL-2.0-or-later
+Group:          Productivity/Security
+URL:            https://github.com/SELinuxProject/selinux
+Source0:        https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz
+Source1:        https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
+Source2:        checkpolicy.keyring
+Source3:        checkpolicy-tests.tar.gz
+BuildRequires:  bison
+BuildRequires:  flex
+BuildRequires:  libselinux-devel
+BuildRequires:  libsepol-devel-static => %{libsepol_ver}
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+%description
+checkpolicy is the SELinux policy compiler. It uses libsepol to
+generate the binary policy.
+
+(Security-enhanced Linux is a feature of the kernel and some
+utilities that implement mandatory access control policies, such as
+Type Enforcement, Role-based Access Control and Multi-Level
+Security.)
+
+%package devel
+Summary:        Development files for SELinux policy compiler
+Group:          Development/Libraries/C and C++
+Requires:       %{name} = %{version}
+
+%description devel
+checkpolicy is the SELinux policy compiler. It uses libsepol to
+generate the binary policy.
+
+This package contains the development files, which are
+necessary to develop your own software using checkpolicy.
+
+%package -n python3-%{name}
+Summary:        Python bindings for SELinux policy compiler
+Group:          Development/Libraries/Python
+Requires:       %{name} = %{version}
+
+%description -n python3-%{name}
+checkpolicy is the SELinux policy compiler. It uses libsepol to
+generate the binary policy.
+
+This package contains the Python bindindgs, which are necessary
+to use checkpolicy from Python.
+
+%prep
+%setup -q
+
+%build
+make clean
+make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags}
+make -C test LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags}
+
+%install
+mkdir -p %{buildroot}/%{_bindir}
+%make_install LIBDIR="%{_libdir}"
+install test/dismod %{buildroot}/%{_bindir}/sedismod
+install test/dispol %{buildroot}/%{_bindir}/sedispol
+
+%files
+%defattr(-,root,root)
+%{_bindir}/checkpolicy
+%{_bindir}/checkmodule
+%{_bindir}/sedismod
+%{_bindir}/sedispol
+%{_mandir}/man8/check*.*%{ext_man}
+
+%changelog