Accepting request 545897 from security:SELinux

please combine checkpolicy libselinux libsemanage libsepol policycoreutils

OBS-URL: https://build.opensuse.org/request/show/545897
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libselinux?expand=0&rev=48
This commit is contained in:
Dominique Leuenberger 2017-12-06 07:46:37 +00:00 committed by Git OBS Bridge
commit a4b9cb40a3
9 changed files with 69 additions and 154 deletions

View File

@ -1,24 +0,0 @@
Index: src/Makefile
===================================================================
--- src/Makefile.orig
+++ src/Makefile
@@ -16,8 +16,8 @@ PYINC ?= $(shell pkg-config --cflags $(P
PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM')
-RUBYINC ?= $(shell pkg-config --cflags ruby)
-RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
+RUBYINC ?= $(shell ruby -r rbconfig -e "print RbConfig::CONFIG['rubyhdrdir'].nil? ? '$(LIBDIR)/ruby/$(RUBYLIBVER)' : RbConfig::CONFIG['rubyhdrdir']")
+RUBYINSTALL ?= $(shell ruby -r rbconfig -e "print RbConfig::CONFIG['vendorarchdir'].nil? ? '$(DESTDIR)'+RbConfig::CONFIG['sitearchdir'] : '$(DESTDIR)'+RbConfig::CONFIG['vendorarchdir']")
LIBBASE ?= $(shell basename $(LIBDIR))
VERSION = $(shell cat ../VERSION)
@@ -98,7 +98,7 @@ $(SWIGLOBJ): $(SWIGCOUT)
$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -I$(RUBYINC) -I$(RUBYINC)/$(RUBYPLATFORM) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
$(CC) $(CFLAGS) -shared -o $@ $< -L. -lselinux $(LDFLAGS) -L$(LIBDIR)

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:94c9e97706280bedcc288f784f67f2b9d3d6136c192b2c9f812115edba58514f
size 189019

3
libselinux-2.6.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4ea2dde50665c202253ba5caac7738370ea0337c47b251ba981c60d24e1a118a
size 203119

View File

@ -1,3 +1,32 @@
-------------------------------------------------------------------
Fri Nov 24 09:09:02 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
* selinux_restorecon: fix realpath logic
* sefcontext_compile: invert semantics of "-r" flag
* sefcontext_compile: Add "-i" flag
* Introduce configurable backends
* Add function to find security.restorecon_last entries
* Add openrc_contexts functions
* Add support for pcre2
* Handle NULL pcre study data
* Add setfiles support to selinux_restorecon(3)
* Evaluate inodes in selinux_restorecon(3)
* Change the location of _selinux.so
* Explain how to free policy type from selinux_getpolicytype()
* Compare absolute pathname in matchpathcon -V
* Add selinux_snapperd_contexts_path()
* Modify audit2why analyze function to use loaded policy
* Avoid mounting /proc outside of selinux_init_load_policy()
* Fix location of selinuxfs mount point
* Only mount /proc if necessary
* procattr: return einval for <= 0 pid args
* procattr: return error on invalid pid_t input
- Dropped
* libselinux-2.2-ruby.patch
* libselinux-proc-mount-only-if-needed.patch
* python-selinux-swig-3.10.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jul 5 10:30:57 UTC 2017 - schwab@suse.de Wed Jul 5 10:30:57 UTC 2017 - schwab@suse.de

View File

@ -1,7 +1,7 @@
# #
# spec file for package libselinux-bindings # spec file for package libselinux-bindings
# #
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -16,10 +16,10 @@
# #
%define libsepol_ver 2.5 %define libsepol_ver 2.6
Name: libselinux-bindings Name: libselinux-bindings
Version: 2.5 Version: 2.6
Release: 0 Release: 0
Summary: SELinux runtime library and simple utilities Summary: SELinux runtime library and simple utilities
License: GPL-2.0 and SUSE-Public-Domain License: GPL-2.0 and SUSE-Public-Domain
@ -27,12 +27,9 @@ Group: Development/Libraries/C and C++
Url: https://github.com/SELinuxProject/selinux/wiki/Releases Url: https://github.com/SELinuxProject/selinux/wiki/Releases
# embedded is the MD5 # embedded is the MD5
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libselinux-%{version}.tar.gz Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/libselinux-%{version}.tar.gz
Source1: selinux-ready Source1: selinux-ready
Source2: baselibs.conf Source2: baselibs.conf
Patch1: libselinux-2.2-ruby.patch
# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path
Patch2: python-selinux-swig-3.10.patch
# PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype # PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype
Patch4: readv-proto.patch Patch4: readv-proto.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -76,8 +73,6 @@ language.
%prep %prep
%setup -q -n libselinux-%{version} %setup -q -n libselinux-%{version}
%patch1
%patch2 -p1
%patch4 -p1 %patch4 -p1
%build %build

View File

@ -1,93 +0,0 @@
Index: libselinux-2.5/src/init.c
===================================================================
--- libselinux-2.5.orig/src/init.c
+++ libselinux-2.5/src/init.c
@@ -11,7 +11,6 @@
#include <sys/vfs.h>
#include <stdint.h>
#include <limits.h>
-#include <sys/mount.h>
#include "dso.h"
#include "policy.h"
@@ -57,20 +56,18 @@ static int verify_selinuxmnt(const char
int selinuxfs_exists(void)
{
- int exists = 0, mnt_rc = 0;
+ int exists = 0;
FILE *fp = NULL;
char *buf = NULL;
size_t len;
ssize_t num;
- mnt_rc = mount("proc", "/proc", "proc", 0, 0);
fp = fopen("/proc/filesystems", "r");
- if (!fp) {
- exists = 1; /* Fail as if it exists */
- goto out;
- }
+ if (!fp)
+ return 1; /* Fail as if it exists */
+
__fsetlocking(fp, FSETLOCKING_BYCALLER);
num = getline(&buf, &len, fp);
@@ -85,13 +82,6 @@ int selinuxfs_exists(void)
free(buf);
fclose(fp);
-out:
-#ifndef MNT_DETACH
-#define MNT_DETACH 2
-#endif
- if (mnt_rc == 0)
- umount2("/proc", MNT_DETACH);
-
return exists;
}
hidden_def(selinuxfs_exists)
Index: libselinux-2.5/src/load_policy.c
===================================================================
--- libselinux-2.5.orig/src/load_policy.c
+++ libselinux-2.5/src/load_policy.c
@@ -17,6 +17,10 @@
#include "policy.h"
#include <limits.h>
+#ifndef MNT_DETACH
+#define MNT_DETACH 2
+#endif
+
int security_load_policy(void *data, size_t len)
{
char path[PATH_MAX];
@@ -348,11 +352,6 @@ int selinux_init_load_policy(int *enforc
fclose(cfg);
free(buf);
}
-#ifndef MNT_DETACH
-#define MNT_DETACH 2
-#endif
- if (rc == 0)
- umount2("/proc", MNT_DETACH);
/*
* Determine the final desired mode.
@@ -402,9 +401,13 @@ int selinux_init_load_policy(int *enforc
}
goto noload;
+ if (rc == 0)
+ umount2("/proc", MNT_DETACH);
}
set_selinuxmnt(mntpoint);
-
+
+ if (rc == 0)
+ umount2("/proc", MNT_DETACH);
/*
* Note: The following code depends on having selinuxfs
* already mounted and selinuxmnt set above.

View File

@ -1,3 +1,32 @@
-------------------------------------------------------------------
Fri Nov 24 09:09:02 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
* selinux_restorecon: fix realpath logic
* sefcontext_compile: invert semantics of "-r" flag
* sefcontext_compile: Add "-i" flag
* Introduce configurable backends
* Add function to find security.restorecon_last entries
* Add openrc_contexts functions
* Add support for pcre2
* Handle NULL pcre study data
* Add setfiles support to selinux_restorecon(3)
* Evaluate inodes in selinux_restorecon(3)
* Change the location of _selinux.so
* Explain how to free policy type from selinux_getpolicytype()
* Compare absolute pathname in matchpathcon -V
* Add selinux_snapperd_contexts_path()
* Modify audit2why analyze function to use loaded policy
* Avoid mounting /proc outside of selinux_init_load_policy()
* Fix location of selinuxfs mount point
* Only mount /proc if necessary
* procattr: return einval for <= 0 pid args
* procattr: return error on invalid pid_t input
- Dropped
* libselinux-2.2-ruby.patch
* libselinux-proc-mount-only-if-needed.patch
* python-selinux-swig-3.10.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jul 5 10:30:57 UTC 2017 - schwab@suse.de Wed Jul 5 10:30:57 UTC 2017 - schwab@suse.de

View File

@ -1,7 +1,7 @@
# #
# spec file for package libselinux # spec file for package libselinux
# #
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -16,24 +16,19 @@
# #
%define libsepol_ver 2.5 %define libsepol_ver 2.6
Name: libselinux Name: libselinux
Version: 2.5 Version: 2.6
Release: 0 Release: 0
Summary: SELinux runtime library and utilities Summary: SELinux runtime library and utilities
License: GPL-2.0 and SUSE-Public-Domain License: GPL-2.0 and SUSE-Public-Domain
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Url: https://github.com/SELinuxProject/selinux/wiki/Releases Url: https://github.com/SELinuxProject/selinux/wiki/Releases
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/%{name}-%{version}.tar.gz Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz
Source1: selinux-ready Source1: selinux-ready
Source2: baselibs.conf Source2: baselibs.conf
Patch1: %{name}-2.2-ruby.patch
# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path
Patch2: python-selinux-swig-3.10.patch
# PATCH-FIX-UPSTREAM Avoid mounting /proc outside of selinux_init_load_policy().
Patch3: libselinux-proc-mount-only-if-needed.patch
# PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype # PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype
Patch4: readv-proto.patch Patch4: readv-proto.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -102,9 +97,6 @@ necessary to develop your own software using libselinux.
%prep %prep
%setup -q %setup -q
%patch1
%patch2 -p1
%patch3 -p1
%patch4 -p1 %patch4 -p1
%build %build

View File

@ -1,13 +0,0 @@
Index: b/src/Makefile
===================================================================
--- a/src/Makefile
+++ b/src/Makefile
@@ -155,7 +155,7 @@ install: all
install-pywrap: pywrap
test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
- install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/selinux/_selinux.so
+ install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/_selinux.so
install -m 755 $(AUDIT2WHYSO) $(PYLIBDIR)/site-packages/selinux/audit2why.so
install -m 644 $(SWIGPYOUT) $(PYLIBDIR)/site-packages/selinux/__init__.py