Accepting request 408218 from security:SELinux

1

OBS-URL: https://build.opensuse.org/request/show/408218
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=84
This commit is contained in:
Johannes Segitz 2016-07-13 07:22:28 +00:00 committed by Git OBS Bridge
parent 9a44e1df85
commit 9503bfe5fe
7 changed files with 171 additions and 15 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0b1e0b43ecd84a812713d09564019b08e7c205d89072b5cbcd07b052cd8e77b2
size 171254

3
libselinux-2.5.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:94c9e97706280bedcc288f784f67f2b9d3d6136c192b2c9f812115edba58514f
size 189019

View File

@ -1,3 +1,74 @@
-------------------------------------------------------------------
Tue Jul 5 16:44:44 UTC 2016 - i@marguerite.su
- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
* swig-3.10 in Factory use importlib instead of imp to find
_selinux.so. imp searched the same directory as __init__.py
is while importlib searchs only standard paths. so we have
to move _selinux.so. fixed by upstream
- update version 2.5
* Add selinux_restorecon function
* read_spec_entry: fail on non-ascii
* Add man information about thread specific functions
* Don't wrap rpm_execcon with DISABLE_RPM with SWIG
* Correct line count for property and service context files
* label_file: fix memory leaks and uninitialized jump
* Replace selabel_digest hash function
* Fix selabel_open(3) services if no digest requested
* Add selabel_digest function
* Flush the class/perm string mapping cache on policy reload
* Fix restorecon when path has no context
* Free memory when processing media and x specfiles
* Fix mmap memory release for file labeling
* Add policy context validation to sefcontext_compile
* Do not treat an empty file_contexts(.local) as an error
* Fail hard on invalid property_contexts entries
* Fail hard on invalid file_contexts entries
* Support context validation on file_contexts.bin
* Add selabel_cmp interface and label_file backend
* Support specifying file_contexts.bin file path
* Support file_contexts.bin without file_contexts
* Simplify procattr cache
* Use /proc/thread-self when available
* Add const to selinux_opt for label backends
* Fix binary file labels for regexes with metachars
* Fix file labels for regexes with metachars
* Fix if file_contexts not '\n' terminated
* Enhance file context support
* Fix property processing and cleanup formatting
* Add read_spec_entries function to replace sscanf
* Support consistent mode size for bin files
* Fix more bin file processing core dumps
* add selinux_openssh_contexts_path()
* setrans_client: minimize overhead when mcstransd is not present
* Ensure selabel_lookup_best_match links NULL terminated
* Fix core dumps with corrupt *.bin files
* Add selabel partial and best match APIs
* Use os.walk() instead of the deprecated os.path.walk()
* Remove deprecated mudflap option
* Mount procfs before checking /proc/filesystems
* Fix -Wformat errors with gcc-5.0.0
* label_file: handle newlines in file names
* Fix audit2why error handling if SELinux is disabled
* pcre_study can return NULL without error
* Only check SELinux enabled status once in selinux_check_access
- changes in 2.4
* Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
* Fix bugs found by hardened gcc flags
* Set the system to permissive if failing to disable SELinux because
policy has already been loaded
* Add db_exception and db_datatype support to label_db backend
* Log an error on unknown classes and permissions
* Add pcre version string to the compiled file_contexts format
* Deprecate use of flask.h and av_permissions.h
* Compiled file_context files and the original should have the same DAC
permissions
-------------------------------------------------------------------
Wed May 27 11:53:54 UTC 2015 - dimstar@opensuse.org
- Update libselinux-2.2-ruby.patch: use RbConfig instead of
deprecated Config.
------------------------------------------------------------------- -------------------------------------------------------------------
Sun May 18 00:15:17 UTC 2014 - crrodriguez@opensuse.org Sun May 18 00:15:17 UTC 2014 - crrodriguez@opensuse.org
@ -5,12 +76,6 @@ Sun May 18 00:15:17 UTC 2014 - crrodriguez@opensuse.org
* Get rid of security_context_t and fix const declarations. * Get rid of security_context_t and fix const declarations.
* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover. * Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
-------------------------------------------------------------------
Wed May 27 11:53:54 UTC 2015 - dimstar@opensuse.org
- Update libselinux-2.2-ruby.patch: use RbConfig instead of
deprecated Config.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Oct 31 13:43:41 UTC 2013 - p.drouand@gmail.com Thu Oct 31 13:43:41 UTC 2013 - p.drouand@gmail.com

View File

@ -16,10 +16,10 @@
# #
%define libsepol_ver 2.3 %define libsepol_ver 2.5
Name: libselinux-bindings Name: libselinux-bindings
Version: 2.3 Version: 2.5
Release: 0 Release: 0
Url: http://userspace.selinuxproject.org/ Url: http://userspace.selinuxproject.org/
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
@ -27,10 +27,12 @@ License: GPL-2.0 and SUSE-Public-Domain
Group: System/Libraries Group: System/Libraries
# embedded is the MD5 # embedded is the MD5
Source: http://userspace.selinuxproject.org/releases/20140506/libselinux-%{version}.tar.gz Source: http://userspace.selinuxproject.org/releases/20160223/libselinux-%{version}.tar.gz
Source1: selinux-ready Source1: selinux-ready
Source2: baselibs.conf Source2: baselibs.conf
Patch1: libselinux-2.2-ruby.patch Patch1: libselinux-2.2-ruby.patch
# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path
Patch2: python-selinux-swig-3.10.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: libsepol-devel-static >= %{libsepol_ver} BuildRequires: libsepol-devel-static >= %{libsepol_ver}
BuildRequires: pcre-devel BuildRequires: pcre-devel
@ -106,6 +108,7 @@ decisions. Required for any applications that use the SELinux API.
%prep %prep
%setup -q -n libselinux-%{version} %setup -q -n libselinux-%{version}
%patch1 %patch1
%patch2 -p1
%build %build
make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src
@ -122,6 +125,7 @@ rm -rf $RPM_BUILD_ROOT/%{_lib} $RPM_BUILD_ROOT%{_libdir}/libselinux.* $RPM_BUILD
%files -n python-selinux %files -n python-selinux
%defattr(-,root,root,-) %defattr(-,root,root,-)
%dir %{py_sitedir}/selinux %dir %{py_sitedir}/selinux
%{py_sitedir}/_selinux.so
%{py_sitedir}/selinux/* %{py_sitedir}/selinux/*
%files -n ruby-selinux %files -n ruby-selinux

View File

@ -1,3 +1,69 @@
-------------------------------------------------------------------
Tue Jul 5 16:42:03 UTC 2016 - i@marguerite.su
- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
* swig-3.10 in Factory use importlib instead of imp to find
_selinux.so. imp searched the same directory as __init__.py
is while importlib searchs only standard paths. so we have
to move _selinux.so. fixed by upstream
- update version 2.5
* Add selinux_restorecon function
* read_spec_entry: fail on non-ascii
* Add man information about thread specific functions
* Don't wrap rpm_execcon with DISABLE_RPM with SWIG
* Correct line count for property and service context files
* label_file: fix memory leaks and uninitialized jump
* Replace selabel_digest hash function
* Fix selabel_open(3) services if no digest requested
* Add selabel_digest function
* Flush the class/perm string mapping cache on policy reload
* Fix restorecon when path has no context
* Free memory when processing media and x specfiles
* Fix mmap memory release for file labeling
* Add policy context validation to sefcontext_compile
* Do not treat an empty file_contexts(.local) as an error
* Fail hard on invalid property_contexts entries
* Fail hard on invalid file_contexts entries
* Support context validation on file_contexts.bin
* Add selabel_cmp interface and label_file backend
* Support specifying file_contexts.bin file path
* Support file_contexts.bin without file_contexts
* Simplify procattr cache
* Use /proc/thread-self when available
* Add const to selinux_opt for label backends
* Fix binary file labels for regexes with metachars
* Fix file labels for regexes with metachars
* Fix if file_contexts not '\n' terminated
* Enhance file context support
* Fix property processing and cleanup formatting
* Add read_spec_entries function to replace sscanf
* Support consistent mode size for bin files
* Fix more bin file processing core dumps
* add selinux_openssh_contexts_path()
* setrans_client: minimize overhead when mcstransd is not present
* Ensure selabel_lookup_best_match links NULL terminated
* Fix core dumps with corrupt *.bin files
* Add selabel partial and best match APIs
* Use os.walk() instead of the deprecated os.path.walk()
* Remove deprecated mudflap option
* Mount procfs before checking /proc/filesystems
* Fix -Wformat errors with gcc-5.0.0
* label_file: handle newlines in file names
* Fix audit2why error handling if SELinux is disabled
* pcre_study can return NULL without error
* Only check SELinux enabled status once in selinux_check_access
- changes in 2.4
* Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
* Fix bugs found by hardened gcc flags
* Set the system to permissive if failing to disable SELinux because
policy has already been loaded
* Add db_exception and db_datatype support to label_db backend
* Log an error on unknown classes and permissions
* Add pcre version string to the compiled file_contexts format
* Deprecate use of flask.h and av_permissions.h
* Compiled file_context files and the original should have the same DAC
permissions
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jul 30 12:00:27 UTC 2015 - jsegitz@novell.com Thu Jul 30 12:00:27 UTC 2015 - jsegitz@novell.com

View File

@ -16,20 +16,22 @@
# #
%define libsepol_ver 2.3 %define libsepol_ver 2.5
Name: libselinux Name: libselinux
Version: 2.3 Version: 2.5
Release: 0 Release: 0
Url: http://userspace.selinuxproject.org/ Url: http://userspace.selinuxproject.org/
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
License: GPL-2.0 and SUSE-Public-Domain License: GPL-2.0 and SUSE-Public-Domain
Group: System/Libraries Group: System/Libraries
Source: http://userspace.selinuxproject.org/releases/20140506/%{name}-%{version}.tar.gz Source: http://userspace.selinuxproject.org/releases/20160223/%{name}-%{version}.tar.gz
Source1: selinux-ready Source1: selinux-ready
Source2: baselibs.conf Source2: baselibs.conf
Patch1: %{name}-2.2-ruby.patch Patch1: %{name}-2.2-ruby.patch
# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path
Patch2: python-selinux-swig-3.10.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: libsepol-devel >= %{libsepol_ver} BuildRequires: libsepol-devel >= %{libsepol_ver}
@ -120,6 +122,7 @@ necessary to develop your own software using libselinux.
%prep %prep
%setup -q %setup -q
%patch1 %patch1
%patch2 -p1
%build %build
make %{?_smp_mflags} LIBDIR="%{_libdir}" CC="%{__cc}" CFLAGS="$RPM_OPT_FLAGS" make %{?_smp_mflags} LIBDIR="%{_libdir}" CC="%{__cc}" CFLAGS="$RPM_OPT_FLAGS"
@ -159,11 +162,16 @@ install -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/selinux-ready
%{_sbindir}/getenforce %{_sbindir}/getenforce
%{_sbindir}/getsebool %{_sbindir}/getsebool
%{_sbindir}/matchpathcon %{_sbindir}/matchpathcon
%{_sbindir}/selabel_digest
%{_sbindir}/selabel_lookup
%{_sbindir}/selabel_lookup_best_match
%{_sbindir}/selabel_partial_match
%{_sbindir}/selinuxconlist %{_sbindir}/selinuxconlist
%{_sbindir}/selinuxdefcon %{_sbindir}/selinuxdefcon
%{_sbindir}/selinuxenabled %{_sbindir}/selinuxenabled
%{_sbindir}/setenforce %{_sbindir}/setenforce
%{_sbindir}/togglesebool %{_sbindir}/togglesebool
%{_sbindir}/selinux_restorecon
%{_sbindir}/selinux-ready %{_sbindir}/selinux-ready
%{_sbindir}/selinuxexeccon %{_sbindir}/selinuxexeccon
%{_sbindir}/sefcontext_compile %{_sbindir}/sefcontext_compile

View File

@ -0,0 +1,13 @@
Index: b/src/Makefile
===================================================================
--- a/src/Makefile
+++ b/src/Makefile
@@ -155,7 +155,7 @@ install: all
install-pywrap: pywrap
test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
- install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/selinux/_selinux.so
+ install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/_selinux.so
install -m 755 $(AUDIT2WHYSO) $(PYLIBDIR)/site-packages/selinux/audit2why.so
install -m 644 $(SWIGPYOUT) $(PYLIBDIR)/site-packages/selinux/__init__.py