From 04327bf5b0999c43ec84e48c5a1856f92cc3d911688f0f4cfbd7387217e8c61d Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Wed, 23 May 2018 08:27:50 +0000 Subject: [PATCH 1/5] Accepting request 609005 from home:mcepl:SELinux Rebase to 2.7 OBS-URL: https://build.opensuse.org/request/show/609005 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=39 --- checkpolicy-2.6.tar.gz | 3 - checkpolicy-2.7.tar.gz | 3 + checkpolicy-build.patch | 228 +++++++++++++++++++++++++++++++++++++++ checkpolicy-tests.tar.gz | 3 + checkpolicy.changes | 5 + checkpolicy.spec | 58 +++++++--- 6 files changed, 281 insertions(+), 19 deletions(-) delete mode 100644 checkpolicy-2.6.tar.gz create mode 100644 checkpolicy-2.7.tar.gz create mode 100644 checkpolicy-build.patch create mode 100644 checkpolicy-tests.tar.gz diff --git a/checkpolicy-2.6.tar.gz b/checkpolicy-2.6.tar.gz deleted file mode 100644 index 8975019..0000000 --- a/checkpolicy-2.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0bebd18688ca8027b1b3b4ff1532c0626f1fe49883ae6cb74d9d385940e74157 -size 69748 diff --git a/checkpolicy-2.7.tar.gz b/checkpolicy-2.7.tar.gz new file mode 100644 index 0000000..5af869e --- /dev/null +++ b/checkpolicy-2.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5413479f1dcde866c19896b4dbfec315d822aa431606e1d03c944408984c3201 +size 65967 diff --git a/checkpolicy-build.patch b/checkpolicy-build.patch new file mode 100644 index 0000000..9c2279d --- /dev/null +++ b/checkpolicy-build.patch @@ -0,0 +1,228 @@ +diff --git checkpolicy-2.7/Makefile checkpolicy-2.7/Makefile +index 68e11f2..4c817cd 100644 +--- checkpolicy-2.7/Makefile ++++ checkpolicy-2.7/Makefile +@@ -1,12 +1,9 @@ + # + # Makefile for building the checkpolicy program + # +-PREFIX ?= $(DESTDIR)/usr ++PREFIX ?= /usr + BINDIR ?= $(PREFIX)/bin + MANDIR ?= $(PREFIX)/share/man +-LIBDIR ?= $(PREFIX)/lib +-INCLUDEDIR ?= $(PREFIX)/include +-LIBSEPOLA ?= $(LIBDIR)/libsepol.a + TARGETS = checkpolicy checkmodule + + LEX = flex +@@ -14,7 +11,12 @@ YACC = bison -y + + CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing + +-override CFLAGS += -I. ++# If no specific libsepol.a is specified, fall back on LDFLAGS search path ++# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there ++# is no need to define a value for LDLIBS_LIBSEPOLA ++ifeq ($(LIBSEPOLA),) ++ LDLIBS_LIBSEPOLA := -l:libsepol.a ++endif + + CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \ + policy_define.o +@@ -27,8 +29,10 @@ all: $(TARGETS) + $(MAKE) -C test + + checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA) ++ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA) + + checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA) ++ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA) + + %.o: %.c + $(CC) $(CFLAGS) -o $@ -c $< +@@ -46,15 +50,15 @@ lex.yy.c: policy_scan.l y.tab.c + $(LEX) policy_scan.l + + install: all +- -mkdir -p $(BINDIR) +- -mkdir -p $(MANDIR)/man8 +- install -m 755 $(TARGETS) $(BINDIR) +- install -m 644 checkpolicy.8 $(MANDIR)/man8 +- install -m 644 checkmodule.8 $(MANDIR)/man8 ++ -mkdir -p $(DESTDIR)$(BINDIR) ++ -mkdir -p $(DESTDIR)$(MANDIR)/man8 ++ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) ++ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8 + + relabel: install +- /sbin/restorecon $(BINDIR)/checkpolicy +- /sbin/restorecon $(BINDIR)/checkmodule ++ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy ++ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule + + clean: + -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c +diff --git checkpolicy-2.7/checkmodule.8 checkpolicy-2.7/checkmodule.8 +index ee95882..cf76591 100644 +--- checkpolicy-2.7/checkmodule.8 ++++ checkpolicy-2.7/checkmodule.8 +@@ -64,4 +64,4 @@ especially "Configuring the SELinux Policy". + This manual page was copied from the checkpolicy man page + written by Arpad Magosanyi , + and edited by Dan Walsh . +-The program was written by Stephen Smalley . ++The program was written by Stephen Smalley . +diff --git checkpolicy-2.7/checkpolicy.8 checkpolicy-2.7/checkpolicy.8 +index 7b28696..1c8805d 100644 +--- checkpolicy-2.7/checkpolicy.8 ++++ checkpolicy-2.7/checkpolicy.8 +@@ -58,5 +58,5 @@ especially "Configuring the SELinux Policy". + + .SH AUTHOR + This manual page was written by Arpad Magosanyi , +-and edited by Stephen Smalley . +-The program was written by Stephen Smalley . ++and edited by Stephen Smalley . ++The program was written by Stephen Smalley . +diff --git checkpolicy-2.7/checkpolicy.c checkpolicy-2.7/checkpolicy.c +index b75f2af..fbda455 100644 +--- checkpolicy-2.7/checkpolicy.c ++++ checkpolicy-2.7/checkpolicy.c +@@ -1,6 +1,6 @@ + + /* +- * Author : Stephen Smalley, ++ * Author : Stephen Smalley, + */ + + /* +@@ -69,6 +69,9 @@ + #ifndef IPPROTO_DCCP + #define IPPROTO_DCCP 33 + #endif ++#ifndef IPPROTO_SCTP ++#define IPPROTO_SCTP 132 ++#endif + #include + #include + #include +@@ -944,6 +947,8 @@ int main(int argc, char **argv) + protocol = IPPROTO_UDP; + else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP")) + protocol = IPPROTO_DCCP; ++ else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP")) ++ protocol = IPPROTO_SCTP; + else { + printf("unknown protocol\n"); + break; +diff --git checkpolicy-2.7/policy_define.c checkpolicy-2.7/policy_define.c +index f12ebdb..11fd37d 100644 +--- checkpolicy-2.7/policy_define.c ++++ checkpolicy-2.7/policy_define.c +@@ -1,5 +1,5 @@ + /* +- * Author : Stephen Smalley, ++ * Author : Stephen Smalley, + */ + + /* +@@ -40,6 +40,9 @@ + #ifndef IPPROTO_DCCP + #define IPPROTO_DCCP 33 + #endif ++#ifndef IPPROTO_SCTP ++#define IPPROTO_SCTP 132 ++#endif + #include + #include + #include +@@ -5004,6 +5007,8 @@ int define_port_context(unsigned int low, unsigned int high) + protocol = IPPROTO_UDP; + } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { + protocol = IPPROTO_DCCP; ++ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { ++ protocol = IPPROTO_SCTP; + } else { + yyerror2("unrecognized protocol %s", id); + goto bad; +diff --git checkpolicy-2.7/policy_parse.y checkpolicy-2.7/policy_parse.y +index 6b406c8..247bd4e 100644 +--- checkpolicy-2.7/policy_parse.y ++++ checkpolicy-2.7/policy_parse.y +@@ -1,6 +1,6 @@ + + /* +- * Author : Stephen Smalley, ++ * Author : Stephen Smalley, + */ + + /* +diff --git checkpolicy-2.7/policy_scan.l checkpolicy-2.7/policy_scan.l +index e6c4898..e93ccb6 100644 +--- checkpolicy-2.7/policy_scan.l ++++ checkpolicy-2.7/policy_scan.l +@@ -1,6 +1,6 @@ + + /* +- * Author : Stephen Smalley, ++ * Author : Stephen Smalley, + */ + + /* Updated: David Caplan, +diff --git checkpolicy-2.7/queue.c checkpolicy-2.7/queue.c +index acc991c..82e6673 100644 +--- checkpolicy-2.7/queue.c ++++ checkpolicy-2.7/queue.c +@@ -1,5 +1,5 @@ + +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* FLASK */ + +diff --git checkpolicy-2.7/queue.h checkpolicy-2.7/queue.h +index 655c94b..60c07fe 100644 +--- checkpolicy-2.7/queue.h ++++ checkpolicy-2.7/queue.h +@@ -1,5 +1,5 @@ + +-/* Author : Stephen Smalley, */ ++/* Author : Stephen Smalley, */ + + /* FLASK */ + +diff --git checkpolicy-2.7/test/Makefile checkpolicy-2.7/test/Makefile +index 59fa446..89e7557 100644 +--- checkpolicy-2.7/test/Makefile ++++ checkpolicy-2.7/test/Makefile +@@ -1,19 +1,22 @@ + # + # Makefile for building the dispol program + # +-PREFIX ?= $(DESTDIR)/usr +-BINDIR ?= $(PREFIX)/bin +-LIBDIR ?= $(PREFIX)/lib +-INCLUDEDIR ?= $(PREFIX)/include +-LIBSEPOLA ?= $(LIBDIR)/libsepol.a +- + CFLAGS ?= -g -Wall -W -Werror -O2 -pipe + ++# If no specific libsepol.a is specified, fall back on LDFLAGS search path ++# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there ++# is no need to define a value for LDLIBS_LIBSEPOLA ++ifeq ($(LIBSEPOLA),) ++ LDLIBS_LIBSEPOLA := -l:libsepol.a ++endif ++ + all: dispol dismod + + dispol: dispol.o $(LIBSEPOLA) ++ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA) + + dismod: dismod.o $(LIBSEPOLA) ++ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA) + + clean: + -rm -f dispol dismod *.o diff --git a/checkpolicy-tests.tar.gz b/checkpolicy-tests.tar.gz new file mode 100644 index 0000000..070181a --- /dev/null +++ b/checkpolicy-tests.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:31963e5a13050e221f8f1c68ca2d4def3a783a803499cd498a2f62d6787d52b2 +size 13993 diff --git a/checkpolicy.changes b/checkpolicy.changes index 66b9bb8..f8d1908 100644 --- a/checkpolicy.changes +++ b/checkpolicy.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed May 16 07:16:19 UTC 2018 - mcepl@suse.com + +- Rebase to 2.7 + ------------------------------------------------------------------- Fri Nov 24 09:01:04 UTC 2017 - jsegitz@suse.com diff --git a/checkpolicy.spec b/checkpolicy.spec index 1cd0c08..fed772d 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -1,7 +1,7 @@ # # spec file for package checkpolicy # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,17 +18,20 @@ %define libsepol_ver 2.6 Name: checkpolicy -Version: 2.6 +Version: 2.7 Release: 0 Summary: SELinux policy compiler -License: GPL-2.0+ +License: GPL-2.0-or-later Group: Productivity/Security Url: https://github.com/SELinuxProject/selinux -Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz +Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/%{name}-%{version}.tar.gz +Source1: checkpolicy-tests.tar.gz +Patch0: checkpolicy-build.patch BuildRequires: bison +BuildRequires: byacc BuildRequires: flex BuildRequires: libselinux-devel -BuildRequires: libsepol-devel-static >= %{libsepol_ver} +BuildRequires: libsepol-devel-static => %{libsepol_ver} BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -40,29 +43,52 @@ utilities that implement mandatory access control policies, such as Type Enforcement, Role-based Access Control and Multi-Level Security.) +%package devel +Summary: Development files for SELinux policy compiler +Group: Development/Libraries/C and C++ +Requires: %{name} = %{version} + +%description devel +checkpolicy is the SELinux policy compiler. It uses libsepol to +generate the binary policy. + +This package contains the development files, which are +necessary to develop your own software using checkpolicy. + +%package -n python3-%{name} +Summary: Python bindings for SELinux policy compiler +Group: Development/Libraries/Python +Requires: %{name} = %{version} + +%description -n python3-%{name} +checkpolicy is the SELinux policy compiler. It uses libsepol to +generate the binary policy. + +This package contains the Python bindindgs, which are necessary +to use checkpolicy from Python. + %prep %setup -q +%patch0 -p1 %build -make %{?_smp_mflags} clean -make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags} -cd test -make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags} +make clean +make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS" +(cd test +make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS" ) %install -mkdir -p %{buildroot}%{_bindir} -make LIBDIR="%{_libdir}" DESTDIR=%{buildroot} install -install test/dismod %{buildroot}%{_bindir}/sedismod -install test/dispol %{buildroot}%{_bindir}/sedispol +mkdir -p ${RPM_BUILD_ROOT}%{_bindir} +make LIBDIR="%{_libdir}" DESTDIR="${RPM_BUILD_ROOT}" install +install test/dismod ${RPM_BUILD_ROOT}%{_bindir}/sedismod +install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol %files %defattr(-,root,root) -%doc COPYING ChangeLog %{_bindir}/checkpolicy %{_bindir}/checkmodule %{_bindir}/sedismod %{_bindir}/sedispol -%{_mandir}/man8/checkmodule.8%{ext_man} -%{_mandir}/man8/checkpolicy.8%{ext_man} +%{_mandir}/man8/check*.*%{ext_man} %changelog From b26d17089b6cab295098e50dc5722d5c998b6068ea34bd8fa56a1cafdc81e6de Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Mon, 11 Jun 2018 07:48:40 +0000 Subject: [PATCH 2/5] - checkpolicy-build.patch was added in the former change to fix build failures OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=40 --- checkpolicy.changes | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/checkpolicy.changes b/checkpolicy.changes index f8d1908..40004db 100644 --- a/checkpolicy.changes +++ b/checkpolicy.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jun 11 07:48:05 UTC 2018 - jsegitz@suse.com + +- checkpolicy-build.patch was added in the former change to fix build + failures + ------------------------------------------------------------------- Wed May 16 07:16:19 UTC 2018 - mcepl@suse.com From 1c1b89d21022545b9bce03913090fcc986a6add68bf460c97e65068215b6b8fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=C4=9Bzslav=20=C4=8C=C3=AD=C5=BEek?= Date: Tue, 23 Oct 2018 12:14:10 +0000 Subject: [PATCH 3/5] Accepting request 642650 from home:jsegitz:branches:security:SELinux - Update to version 2.8 (bsc#1111732) - Dropped checkpolicy-build.patch, not necessary anymore - Removed BuildRequires for byacc. It builds without and this blocks building on SLE 15 OBS-URL: https://build.opensuse.org/request/show/642650 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=41 --- checkpolicy-2.7.tar.gz | 3 - checkpolicy-2.8.tar.gz | 3 + checkpolicy-build.patch | 228 ---------------------------------------- checkpolicy.changes | 8 ++ checkpolicy.spec | 7 +- 5 files changed, 13 insertions(+), 236 deletions(-) delete mode 100644 checkpolicy-2.7.tar.gz create mode 100644 checkpolicy-2.8.tar.gz delete mode 100644 checkpolicy-build.patch diff --git a/checkpolicy-2.7.tar.gz b/checkpolicy-2.7.tar.gz deleted file mode 100644 index 5af869e..0000000 --- a/checkpolicy-2.7.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5413479f1dcde866c19896b4dbfec315d822aa431606e1d03c944408984c3201 -size 65967 diff --git a/checkpolicy-2.8.tar.gz b/checkpolicy-2.8.tar.gz new file mode 100644 index 0000000..49114e0 --- /dev/null +++ b/checkpolicy-2.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9dec811c24b88e58c3bf741365eacf1dbb945531a2fcb8f284aacf68098194c8 +size 66243 diff --git a/checkpolicy-build.patch b/checkpolicy-build.patch deleted file mode 100644 index 9c2279d..0000000 --- a/checkpolicy-build.patch +++ /dev/null @@ -1,228 +0,0 @@ -diff --git checkpolicy-2.7/Makefile checkpolicy-2.7/Makefile -index 68e11f2..4c817cd 100644 ---- checkpolicy-2.7/Makefile -+++ checkpolicy-2.7/Makefile -@@ -1,12 +1,9 @@ - # - # Makefile for building the checkpolicy program - # --PREFIX ?= $(DESTDIR)/usr -+PREFIX ?= /usr - BINDIR ?= $(PREFIX)/bin - MANDIR ?= $(PREFIX)/share/man --LIBDIR ?= $(PREFIX)/lib --INCLUDEDIR ?= $(PREFIX)/include --LIBSEPOLA ?= $(LIBDIR)/libsepol.a - TARGETS = checkpolicy checkmodule - - LEX = flex -@@ -14,7 +11,12 @@ YACC = bison -y - - CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing - --override CFLAGS += -I. -+# If no specific libsepol.a is specified, fall back on LDFLAGS search path -+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there -+# is no need to define a value for LDLIBS_LIBSEPOLA -+ifeq ($(LIBSEPOLA),) -+ LDLIBS_LIBSEPOLA := -l:libsepol.a -+endif - - CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \ - policy_define.o -@@ -27,8 +29,10 @@ all: $(TARGETS) - $(MAKE) -C test - - checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA) -+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA) - - checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA) -+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA) - - %.o: %.c - $(CC) $(CFLAGS) -o $@ -c $< -@@ -46,15 +50,15 @@ lex.yy.c: policy_scan.l y.tab.c - $(LEX) policy_scan.l - - install: all -- -mkdir -p $(BINDIR) -- -mkdir -p $(MANDIR)/man8 -- install -m 755 $(TARGETS) $(BINDIR) -- install -m 644 checkpolicy.8 $(MANDIR)/man8 -- install -m 644 checkmodule.8 $(MANDIR)/man8 -+ -mkdir -p $(DESTDIR)$(BINDIR) -+ -mkdir -p $(DESTDIR)$(MANDIR)/man8 -+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) -+ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8 -+ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8 - - relabel: install -- /sbin/restorecon $(BINDIR)/checkpolicy -- /sbin/restorecon $(BINDIR)/checkmodule -+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy -+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule - - clean: - -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c -diff --git checkpolicy-2.7/checkmodule.8 checkpolicy-2.7/checkmodule.8 -index ee95882..cf76591 100644 ---- checkpolicy-2.7/checkmodule.8 -+++ checkpolicy-2.7/checkmodule.8 -@@ -64,4 +64,4 @@ especially "Configuring the SELinux Policy". - This manual page was copied from the checkpolicy man page - written by Arpad Magosanyi , - and edited by Dan Walsh . --The program was written by Stephen Smalley . -+The program was written by Stephen Smalley . -diff --git checkpolicy-2.7/checkpolicy.8 checkpolicy-2.7/checkpolicy.8 -index 7b28696..1c8805d 100644 ---- checkpolicy-2.7/checkpolicy.8 -+++ checkpolicy-2.7/checkpolicy.8 -@@ -58,5 +58,5 @@ especially "Configuring the SELinux Policy". - - .SH AUTHOR - This manual page was written by Arpad Magosanyi , --and edited by Stephen Smalley . --The program was written by Stephen Smalley . -+and edited by Stephen Smalley . -+The program was written by Stephen Smalley . -diff --git checkpolicy-2.7/checkpolicy.c checkpolicy-2.7/checkpolicy.c -index b75f2af..fbda455 100644 ---- checkpolicy-2.7/checkpolicy.c -+++ checkpolicy-2.7/checkpolicy.c -@@ -1,6 +1,6 @@ - - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - - /* -@@ -69,6 +69,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - #include - #include - #include -@@ -944,6 +947,8 @@ int main(int argc, char **argv) - protocol = IPPROTO_UDP; - else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP")) - protocol = IPPROTO_DCCP; -+ else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP")) -+ protocol = IPPROTO_SCTP; - else { - printf("unknown protocol\n"); - break; -diff --git checkpolicy-2.7/policy_define.c checkpolicy-2.7/policy_define.c -index f12ebdb..11fd37d 100644 ---- checkpolicy-2.7/policy_define.c -+++ checkpolicy-2.7/policy_define.c -@@ -1,5 +1,5 @@ - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - - /* -@@ -40,6 +40,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - #include - #include - #include -@@ -5004,6 +5007,8 @@ int define_port_context(unsigned int low, unsigned int high) - protocol = IPPROTO_UDP; - } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { - protocol = IPPROTO_DCCP; -+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { -+ protocol = IPPROTO_SCTP; - } else { - yyerror2("unrecognized protocol %s", id); - goto bad; -diff --git checkpolicy-2.7/policy_parse.y checkpolicy-2.7/policy_parse.y -index 6b406c8..247bd4e 100644 ---- checkpolicy-2.7/policy_parse.y -+++ checkpolicy-2.7/policy_parse.y -@@ -1,6 +1,6 @@ - - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - - /* -diff --git checkpolicy-2.7/policy_scan.l checkpolicy-2.7/policy_scan.l -index e6c4898..e93ccb6 100644 ---- checkpolicy-2.7/policy_scan.l -+++ checkpolicy-2.7/policy_scan.l -@@ -1,6 +1,6 @@ - - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - - /* Updated: David Caplan, -diff --git checkpolicy-2.7/queue.c checkpolicy-2.7/queue.c -index acc991c..82e6673 100644 ---- checkpolicy-2.7/queue.c -+++ checkpolicy-2.7/queue.c -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git checkpolicy-2.7/queue.h checkpolicy-2.7/queue.h -index 655c94b..60c07fe 100644 ---- checkpolicy-2.7/queue.h -+++ checkpolicy-2.7/queue.h -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git checkpolicy-2.7/test/Makefile checkpolicy-2.7/test/Makefile -index 59fa446..89e7557 100644 ---- checkpolicy-2.7/test/Makefile -+++ checkpolicy-2.7/test/Makefile -@@ -1,19 +1,22 @@ - # - # Makefile for building the dispol program - # --PREFIX ?= $(DESTDIR)/usr --BINDIR ?= $(PREFIX)/bin --LIBDIR ?= $(PREFIX)/lib --INCLUDEDIR ?= $(PREFIX)/include --LIBSEPOLA ?= $(LIBDIR)/libsepol.a -- - CFLAGS ?= -g -Wall -W -Werror -O2 -pipe - -+# If no specific libsepol.a is specified, fall back on LDFLAGS search path -+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there -+# is no need to define a value for LDLIBS_LIBSEPOLA -+ifeq ($(LIBSEPOLA),) -+ LDLIBS_LIBSEPOLA := -l:libsepol.a -+endif -+ - all: dispol dismod - - dispol: dispol.o $(LIBSEPOLA) -+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA) - - dismod: dismod.o $(LIBSEPOLA) -+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA) - - clean: - -rm -f dispol dismod *.o diff --git a/checkpolicy.changes b/checkpolicy.changes index 40004db..c639fc1 100644 --- a/checkpolicy.changes +++ b/checkpolicy.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Oct 17 11:52:55 UTC 2018 - jsegitz@suse.com + +- Update to version 2.8 (bsc#1111732) +- Dropped checkpolicy-build.patch, not necessary anymore +- Removed BuildRequires for byacc. It builds without and this blocks + building on SLE 15 + ------------------------------------------------------------------- Mon Jun 11 07:48:05 UTC 2018 - jsegitz@suse.com diff --git a/checkpolicy.spec b/checkpolicy.spec index fed772d..76a39e4 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -16,9 +16,9 @@ # -%define libsepol_ver 2.6 +%define libsepol_ver 2.8 Name: checkpolicy -Version: 2.7 +Version: 2.8 Release: 0 Summary: SELinux policy compiler License: GPL-2.0-or-later @@ -26,9 +26,7 @@ Group: Productivity/Security Url: https://github.com/SELinuxProject/selinux Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/%{name}-%{version}.tar.gz Source1: checkpolicy-tests.tar.gz -Patch0: checkpolicy-build.patch BuildRequires: bison -BuildRequires: byacc BuildRequires: flex BuildRequires: libselinux-devel BuildRequires: libsepol-devel-static => %{libsepol_ver} @@ -69,7 +67,6 @@ to use checkpolicy from Python. %prep %setup -q -%patch0 -p1 %build make clean From 4230f02b2f3bb6f96651b0f7439e3bd4c0ed11819c82b8a466062af6c5091c55 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Wed, 7 Nov 2018 16:27:20 +0000 Subject: [PATCH 4/5] Accepting request 647046 from home:jsegitz:branches:security:SELinux - Source URL was invalid (bsc#1115052) OBS-URL: https://build.opensuse.org/request/show/647046 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=42 --- checkpolicy.changes | 5 +++++ checkpolicy.spec | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/checkpolicy.changes b/checkpolicy.changes index c639fc1..12618e7 100644 --- a/checkpolicy.changes +++ b/checkpolicy.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Nov 7 16:26:24 UTC 2018 - jsegitz@suse.com + +- Source URL was invalid (bsc#1115052) + ------------------------------------------------------------------- Wed Oct 17 11:52:55 UTC 2018 - jsegitz@suse.com diff --git a/checkpolicy.spec b/checkpolicy.spec index 76a39e4..0108202 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -24,7 +24,7 @@ Summary: SELinux policy compiler License: GPL-2.0-or-later Group: Productivity/Security Url: https://github.com/SELinuxProject/selinux -Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/%{name}-%{version}.tar.gz +Source0: https://github.com/SELinuxProject/selinux/releases/download/20180524/%{name}-%{version}.tar.gz Source1: checkpolicy-tests.tar.gz BuildRequires: bison BuildRequires: flex From 28cb7e1d9451dcad331a0b2eabeb5477363d0dba7cc9bb85a7f5c11347520095 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=C4=9Bzslav=20=C4=8C=C3=AD=C5=BEek?= Date: Thu, 22 Nov 2018 14:14:20 +0000 Subject: [PATCH 5/5] Accepting request 648239 from home:jengelh:branches:security:SELinux - Enable parallel build. Remove ineffective LDFLAGS="$RPM_LD_FLAGS" (RPM_LD_FLAGS is always empty). OBS-URL: https://build.opensuse.org/request/show/648239 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=43 --- checkpolicy.changes | 6 ++++++ checkpolicy.spec | 15 +++++++-------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/checkpolicy.changes b/checkpolicy.changes index 12618e7..98f2ee0 100644 --- a/checkpolicy.changes +++ b/checkpolicy.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Sun Nov 11 17:19:04 UTC 2018 - Jan Engelhardt + +- Enable parallel build. Remove ineffective LDFLAGS="$RPM_LD_FLAGS" + (RPM_LD_FLAGS is always empty). + ------------------------------------------------------------------- Wed Nov 7 16:26:24 UTC 2018 - jsegitz@suse.com diff --git a/checkpolicy.spec b/checkpolicy.spec index 0108202..04a8533 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -70,15 +70,14 @@ to use checkpolicy from Python. %build make clean -make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS" -(cd test -make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS" ) +make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags} +make -C test LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags} %install -mkdir -p ${RPM_BUILD_ROOT}%{_bindir} -make LIBDIR="%{_libdir}" DESTDIR="${RPM_BUILD_ROOT}" install -install test/dismod ${RPM_BUILD_ROOT}%{_bindir}/sedismod -install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol +mkdir -p %{buildroot}/%{_bindir} +%make_install LIBDIR="%{_libdir}" +install test/dismod %{buildroot}/%{_bindir}/sedismod +install test/dispol %{buildroot}/%{_bindir}/sedispol %files %defattr(-,root,root)