pool/libsemanage
SHA256
12
0
Fork 2
Code Issues Pull Requests Activity

Updating link to change in openSUSE:Factory/libsemanage revision 67

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=e7fc54ba6bf949b97b8037561d8799bc
This commit is contained in:
OBS User buildservice-autocommit
2025-07-22 10:20:50 +00:00
committed by Git OBS Bridge
commit 233764b636
19 changed files with 1742 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.osc

257
1231587-build-libsemanage-with-swig-4.3.0.patch Normal file
View File

@@ -0,0 +1,257 @@
Index: libsemanage-3.7/src/semanageswig_python.i
===================================================================
--- libsemanage-3.7.orig/src/semanageswig_python.i
+++ libsemanage-3.7/src/semanageswig_python.i
@@ -111,7 +111,7 @@
}
%typemap(argout) char** {
- $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1));
+ $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1), $isvoid);
free(*$1);
}
@@ -134,7 +134,7 @@
NULL, NULL, &plist) < 0)
$result = SWIG_From_int(STATUS_ERR);
else
- $result = SWIG_Python_AppendOutput($result, plist);
+ $result = SWIG_Python_AppendOutput($result, plist, $isvoid);
}
}
}
@@ -148,7 +148,7 @@
}
%typemap(argout) semanage_module_info_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
/** module key typemaps **/
@@ -160,7 +160,7 @@
}
%typemap(argout) semanage_module_key_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
/** context typemaps **/
@@ -172,7 +172,7 @@
}
%typemap(argout) semanage_context_t** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
/** boolean typemaps **/
@@ -197,7 +197,7 @@
(void (*) (void*)) &semanage_bool_free, &plist) < 0)
$result = SWIG_From_int(STATUS_ERR);
else
- $result = SWIG_Python_AppendOutput($result, plist);
+ $result = SWIG_Python_AppendOutput($result, plist, $isvoid);
}
}
}
@@ -207,11 +207,11 @@
}
%typemap(argout) semanage_bool_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(argout) semanage_bool_key_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(in, numinputs=0) semanage_bool_key_t **(semanage_bool_key_t *temp=NULL) {
@@ -240,7 +240,7 @@
(void (*) (void*)) &semanage_fcontext_free, &plist) < 0)
$result = SWIG_From_int(STATUS_ERR);
else
- $result = SWIG_Python_AppendOutput($result, plist);
+ $result = SWIG_Python_AppendOutput($result, plist, $isvoid);
}
}
}
@@ -250,11 +250,11 @@
}
%typemap(argout) semanage_fcontext_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(argout) semanage_fcontext_key_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(in, numinputs=0) semanage_fcontext_key_t **(semanage_fcontext_key_t *temp=NULL) {
@@ -284,7 +284,7 @@
(void (*) (void*)) &semanage_iface_free, &plist) < 0)
$result = SWIG_From_int(STATUS_ERR);
else
- $result = SWIG_Python_AppendOutput($result, plist);
+ $result = SWIG_Python_AppendOutput($result, plist, $isvoid);
}
}
}
@@ -294,11 +294,11 @@
}
%typemap(argout) semanage_iface_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(argout) semanage_iface_key_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(in, numinputs=0) semanage_iface_key_t **(semanage_iface_key_t *temp=NULL) {
@@ -328,7 +328,7 @@
(void (*) (void*)) &semanage_seuser_free, &plist) < 0)
$result = SWIG_From_int(STATUS_ERR);
else
- $result = SWIG_Python_AppendOutput($result, plist);
+ $result = SWIG_Python_AppendOutput($result, plist, $isvoid);
}
}
}
@@ -338,11 +338,11 @@
}
%typemap(argout) semanage_seuser_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(argout) semanage_seuser_key_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(in, numinputs=0) semanage_seuser_key_t **(semanage_seuser_key_t *temp=NULL) {
@@ -371,7 +371,7 @@
(void (*) (void*)) &semanage_user_free, &plist) < 0)
$result = SWIG_From_int(STATUS_ERR);
else
- $result = SWIG_Python_AppendOutput($result, plist);
+ $result = SWIG_Python_AppendOutput($result, plist, $isvoid);
}
}
}
@@ -381,11 +381,11 @@
}
%typemap(argout) semanage_user_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(argout) semanage_user_key_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(in, numinputs=0) semanage_user_key_t **(semanage_user_key_t *temp=NULL) {
@@ -414,7 +414,7 @@
(void (*) (void*)) &semanage_port_free, &plist) < 0)
$result = SWIG_From_int(STATUS_ERR);
else
- $result = SWIG_Python_AppendOutput($result, plist);
+ $result = SWIG_Python_AppendOutput($result, plist, $isvoid);
}
}
}
@@ -424,11 +424,11 @@
}
%typemap(argout) semanage_port_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(argout) semanage_port_key_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(in, numinputs=0) semanage_port_key_t **(semanage_port_key_t *temp=NULL) {
@@ -457,7 +457,7 @@
(void (*) (void*)) &semanage_ibpkey_free, &plist) < 0)
$result = SWIG_From_int(STATUS_ERR);
else
- $result = SWIG_Python_AppendOutput($result, plist);
+ $result = SWIG_Python_AppendOutput($result, plist, $isvoid);
}
}
}
@@ -467,11 +467,11 @@
}
%typemap(argout) semanage_ibpkey_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(argout) semanage_ibpkey_key_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(in, numinputs=0) semanage_ibpkey_key_t **(semanage_ibpkey_key_t *temp=NULL) {
@@ -500,7 +500,7 @@
(void (*) (void*)) &semanage_ibendport_free, &plist) < 0)
$result = SWIG_From_int(STATUS_ERR);
else
- $result = SWIG_Python_AppendOutput($result, plist);
+ $result = SWIG_Python_AppendOutput($result, plist, $isvoid);
}
}
}
@@ -510,11 +510,11 @@
}
%typemap(argout) semanage_ibendport_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(argout) semanage_ibendport_key_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(in, numinputs=0) semanage_ibendport_key_t **(semanage_ibendport_key_t *temp=NULL) {
@@ -543,7 +543,7 @@
(void (*) (void*)) &semanage_node_free, &plist) < 0)
$result = SWIG_From_int(STATUS_ERR);
else
- $result = SWIG_Python_AppendOutput($result, plist);
+ $result = SWIG_Python_AppendOutput($result, plist, $isvoid);
}
}
}
@@ -553,12 +553,12 @@
}
%typemap(argout) semanage_node_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(argout) semanage_node_key_t ** {
- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid);
}
%typemap(in, numinputs=0) semanage_node_key_t **(semanage_node_key_t *temp=NULL) {

4
_multibuild Normal file
View File

@@ -0,0 +1,4 @@
<multibuild>
<package>python-semanage</package>
</multibuild>

1
baselibs.conf Normal file
View File

@@ -0,0 +1 @@
libsemanage2

3
libsemanage-3.6.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:41138f46222439e1242f27c1587e95cf54a059259aaf1681db642cc30c4e0d60
size 182583

16
libsemanage-3.6.tar.gz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAIACgkQRpWIHCVF
CNHfxRAAxXkHDxt7TvNySNdBDbqD0NX8r2tAKBEqI5dwspic8W8qi3mBBtqSYhxA
XAx8lRtf+wMSUaUO/Fa0qUyFuc/zdDTJUiNl2Aijp7YER3wpGj1/YDz/6lAWEc2N
8HMKQLYmdyoqzltRLTyTfRU3Zp1o0D15JVQtONadllTbRr6xKu672rSMkJf4AlxN
Q+CP26z/vRCtWXZLmsupgzbgeMPITrLGW5tubjtKgs8RGJ7o/yC1L0lT3aXSZ+EC
fhu4u7PhJqHeXhfSW1JBXkOXVooc9/9O1CURpSWGoS7CzhLpoxfabZfEomT2vshx
1DIQNFkCHrVp4mF+NU+AHatJNuknopz3XaKVEkYfUkcg23uFNuUXb9Rit1fJXYrD
YTNEtkv3LQw20dTpAP8LeW7LUv+9Z3hQQlOdHmzTNloJBH47B7MiNE09HdHtQL/w
10UUMgO4mTBGCseQ1gNfnbVQIUxP9iMdKzNG1aSDZIABH0Liroh2Oq1j5oJybWsw
C+yXFPle/bKvKzIXTBST40Qxi5fOIJatewRTEMX8ikapBaVKIE9QSlYRSnAgD0Me
LW1MQG/2FCt3byGA/gSYnRlgASjg2r23QHlvVRkRG0/Uj37hE5QAHqIMYmMsMEqy
XenmK+tCcPC6y/O4BwoRV3O6PU8/j8C0+RYD4bv5xmtPd1H+858=
=xhK9
-----END PGP SIGNATURE-----

3
libsemanage-3.7.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e166cae29a417dab008db9ca0874023f353a3017b07693a036ed97487eda35b1
size 182896

16
libsemanage-3.7.tar.gz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF
CNF7iw/+J/RkUBGyWCTPpjTxycgsM32jroIqhekik2VkAAoSSfIy2DNsV9W1LhjX
8wdTIbohbVIV4iVjzvd8H5ee0XpywPYQ18bgvYmpHmjC+0pp3wZy5T1igbE1ePCq
r/MheAHIn4zj68qZZxCXZs5Fc1PC910jsEOM8Wwdyyo8VGpPp4EfO6y3aFIkbeoQ
kC4rNtXtXy5USKUtQ8QbKqyr+/YuSfVgYeZCexBqL0GJ4jwP413xiwKXL+RAzDeL
j5Z9m0j911LTer/KUoDL+jdlkX1YTf4qK+VEcHjlQBLUoS6atsNKSMJftqKkATfP
AZqlBuka6RheBL54eNHc+slIKEJvhfuTFWItM/3o8+lnW/2d7dYh1WxQhXJBFDM7
dbButzqAL9dKNRjTNlBpMPe8oj13wLK890eVLOlnMIJUW4dZURoNNbs3Q2OlhuHQ
kyuPOegi2ZaNz4TvjlI1egY3h9lVYjUv/l/AtscqWfutZfD+e7n93mLOiXmZFmHI
G56cIUHfT13CEPq9D8moVTLM1bSibEDGe2GUqalpk9YcbQ3wBBXgUF8XcGuQFYZt
Bl42k6VvolZ6net+FxBoUhprBDtkPJQSD5DyT0OF4uucdZiDbsZT7vsYMjndiZVd
D1FyYekdvzb6x6li4nLLkxyj2WV96vPvqRKK+zvIldFem1Nllps=
=aE6b
-----END PGP SIGNATURE-----

BIN
libsemanage-3.8.1.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
libsemanage-3.8.1.tar.gz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6cACgkQzcroySfG
vjF0qA/5AfSoicNi40GsZAfRTZ62uKKrMsmAQMP9FvnqTobDHDZr+POFcVblPmE6
Ud7yK+ojeKaYt/jj5IL6Ce0qwFnvHHMXRyUB7wKPLp0jkfxG1eM2Ogfv2oVlzKcH
hCLxU3rkMD+UhXX76gPTkgvnxIXhOkX1wTNIBXiQzVwey0lf+MXglga6dF5pvi9j
qqm/9YZZyMvMfcyap60W+yZgs01IJu4GOLV3wEJ1GjUhOpXoWpMEOH8byaUSl1OJ
r1mA7h04WwZvnAKm6KVF3CZQpYb81KwDX8IsY57fJ/QMrvY0Ge4587CAgXCdaBBm
A628RmzyNEXep8tonm4+gn1KlGmO+/YRo1hu72bSXvb5G2i4eL1bUKryAiSs0edR
/zc1wLjtwcgQkIZBx3zjib2wH8E0BP0wqh3BdtnLPtdjM2A6DNn9M0GuntCKjDX1
WbHjt7dHN41sqosh9hzicOzaIzwqvDPCJvAew5H8N84oQZAObV6Y0StjVUUrbRue
XS0YJqbY9A20bn8hIRx21TmhUGwzE1XfDgfIgGJUS+85P/zF5xU2tNcuOvXp9g6w
M0uIIgS+hn1j1hNGF7+rCogicbzUBX5DPA80+us9738AGxj12/0s99lOoCCRynRF
5sG0bDn+VuhG7LOR1QwxtAgnKd5G0omYVLnkzvv/BTa+vAlp4OY=
=uHtc
-----END PGP SIGNATURE-----

3
libsemanage-3.9.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ec05850aef48bfb8e02135a7f4f3f7edba3670f63d5e67f2708d4bd80b9a4634
size 185278

16
libsemanage-3.9.tar.gz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIyBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmh3hTQACgkQzcroySfG
vjFCCQ/4kZ42zyT1fgCZGl2/v2nhq3q47sdZl8iUliF6bHbBO4HKlMeOt7BWcw6I
j6IvojHVzKL87C+wWqK5gYI3bpGtrAbbKAgyXk5iV9FYl4FGaRqDBgrTUnFPxOfP
LaEYHpA8B9ZUwHlKktNmtBluYV3iPsgE/vsdvFRt1YAvclO8mnEV3ME0jh/UNnVP
FvY994VU6WhVaomNsgLFjqZVW9e1mpBjYfoyY5SlY44JamXm1T4DIcEZZqfAPMUs
FBpsgWlPjHOrQTRsxTf1zEqe0l+H/38EWJA9KpAwtCebHwNJttQiivRfmveiM4GZ
GAe+XtQA7SPl8BwgsCvGhQsw7lIvn2sGaXUJMaKECx840FHIngJUw7UKjLsiml34
owM7urgHI1TeI7ZYoSB8c4bYlI8+X+uZwIVhdysbuI+c8bMepUzDw1nH/+q6iS28
sp9qZ4aDh9fV7zAbNkgJ7BXJJ53M6w5c6HgcHtCvQSoivkaw0jioaw3QSlnRO0xk
7mQ82tKnN5htLmRMuZ9GoFLrxulpF0fIR+f54g2vaHBxpQSS9j1a0Z1mgLEUohNi
/iB+k3VEKcFKvGqm1OYdwQZqmEtDhLyHv85FEGa8Pd2AzToycHQG6Kq5PpWNQbj/
fS/dKxHMApLITgfOAEMsXWw29vlVwwCTyq/bN8u3Q2b15wuwdw==
=Fg6L
-----END PGP SIGNATURE-----

521
libsemanage.changes Normal file
View File

@@ -0,0 +1,521 @@
-------------------------------------------------------------------
Fri Mar 7 14:10:50 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.8.1
https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
* libsemanage: improved performance of semanage store rebuild
-------------------------------------------------------------------
Tue Feb 4 07:22:41 UTC 2025 - Robert Frohl <rfrohl@suse.com>
- Update to version 3.8
https://github.com/SELinuxProject/selinux/releases/tag/3.8
* libsemanage: Preserve file context and ownership in policy store
* libsemanage: Optionally allow duplicate declarations
* Improved man pages
* libsemanage: Mute error messages from selinux_restorecon introduced in 3.8-rc1
* Code improvements and bug fixes
- For a more in depth list of changes see
https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt
- keyring: Update Petr Lautrbach <lautrbach@redhat.com>
* removed 0xBC3905F235179CF1 (expired: 2024-10-25)
* added 0xFB4C685B5DC1C13E (expires: 2026-11-04)
-------------------------------------------------------------------
Mon Oct 21 11:19:44 UTC 2024 - Johannes Segitz <jsegitz@suse.com>
- Not conflict but obsolete libsemanage1 (bsc#1229757)
-------------------------------------------------------------------
Mon Jul 1 07:57:45 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.7
https://github.com/SELinuxProject/selinux/releases/tag/3.7
* Bugfixes:
* libsemanage: support huge passwd entries
-------------------------------------------------------------------
Tue Dec 19 11:12:21 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.6
https://github.com/SELinuxProject/selinux/releases/tag/3.6
* Add notself support for neverallow rules
* Improve man pages
* man pages: Remove the Russian translations
* Add notself and other support to CIL
* Add support for deny rules
* Translations updated from
https://translate.fedoraproject.org/projects/selinux/
* Bug fixes
- Remove keys from keyring since they expired:
- E853C1848B0185CF42864DF363A8AD4B982C4373
Petr Lautrbach <plautrba@redhat.com>
- 63191CE94183098689CAB8DB7EF137EC935B0EAF
Jason Zaman <jasonzaman@gmail.com>
- Add key to keyring:
- B8682847764DF60DF52D992CBC3905F235179CF1
Petr Lautrbach <lautrbach@redhat.com>
-------------------------------------------------------------------
Mon Nov 27 09:51:42 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
- Remove dependency on /usr/bin/python3, making scripts to depends on
the real python3 binary, not the link. bsc#1212476
-------------------------------------------------------------------
Mon Aug 14 08:07:46 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Remove build counter syncing for real
-------------------------------------------------------------------
Thu May 4 14:20:40 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because
of LTO
-------------------------------------------------------------------
Thu Mar 23 13:06:51 UTC 2023 - Martin Liška <mliska@suse.cz>
- Enable LTO now (boo#1138812).
-------------------------------------------------------------------
Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.5
* Allow user to set SYSCONFDIR
* always write kernel policy when check_ext_changes is specified
- Added additional developer key (Jason Zaman)
-------------------------------------------------------------------
Mon May 9 10:37:17 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.4
* Optionally rebuild policy when modules are changed externally
* Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info()
* Allow spaces in user/group names
-------------------------------------------------------------------
Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Drop Buildrequires for libustr-devel, not needed anymore
-------------------------------------------------------------------
Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.3
* Fixed use-after-free in parse_module_store()
* Fixed use_after_free in semanage_direct_write_langext()
-------------------------------------------------------------------
Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Link to correct so version
- Minor spec file cleanups
-------------------------------------------------------------------
Wed Mar 17 08:29:15 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Move configuration file to separate libsemanage-conf package to allow
for parallel installation in future versions
-------------------------------------------------------------------
Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.2
* dropped old and deprecated symbols and functions
libsemanage version was bumped to libsemanage.so.2
* libsemanage tries to sync data to prevent empty files in SELinux module
store
-------------------------------------------------------------------
Wed Jul 29 14:37:19 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Add /var/lib/selinux
-------------------------------------------------------------------
Wed Jul 15 08:17:18 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Remove libsemanage-update-map-file.patch to prevent checkers from declining
the submission. Keeping the snippet in the spec file in case we try to
enable LTO again
-------------------------------------------------------------------
Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.1
* Improved manpage
* fsync final files before rename
-------------------------------------------------------------------
Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Disabled LTO again. This breaks e.g. shadow and also other packages
in security:SELinux
-------------------------------------------------------------------
Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Fix build with LTO: [bsc#1133102]
* Enable LTO (Link Time Optimization) and build with -ffat-lto-objects
* Update map file to include new symbols and remove wildcards
- Add libsemanage-update-map-file.patch
-------------------------------------------------------------------
Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop suse_path.patch: replace it with a grep/sed logic replacing
/usr/libexec in all files with the correct value for all distros
(taking into account that openSUSE is in progress of migrating
from /usr/lib to /usr/libexec).
-------------------------------------------------------------------
Fri May 29 12:51:17 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Apply suse_path.patch only for older distributions. Newer
use libexec
-------------------------------------------------------------------
Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Update to version 3.0
* Add support for DCCP and SCTP protocols
* include internal header to use the hidden function prototypes
* mark all exported function "extern"
* optionally optimize policy on rebuild
Refreshed suse_path.patch
-------------------------------------------------------------------
Thu Jun 20 10:22:04 UTC 2019 - Martin Liška <mliska@suse.cz>
- Disable LTO due to symbol versioning (boo#1138812).
-------------------------------------------------------------------
Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com
- Update to version 2.9
* Always set errno to 0 before calling getpwent()
* Include user name in ROLE_REMOVE audit events
* genhomedircon - improve handling large groups
* improve semanage_migrate_store import failure
* reset umask before creating directories
* set selinux policy root around calls to selinux_boolean_sub
* use previous seuser when getting the previous name
-------------------------------------------------------------------
Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Use more %make_install.
-------------------------------------------------------------------
Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com
- Adjusted source urls (bsc#1115052)
-------------------------------------------------------------------
Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com
- update to version 2.8
* semanage fcontext -l now also lists home directory entries from
file_contexts.homedirs.
* libsemanage no longer deletes the tmp directory if there is an error
while committing the policy transaction, so that any temporary files
can be further inspected for debugging purposes (e.g. to examine a
particular line of the generated CIL module). The tmp directory will
be deleted upon the next transaction, so no manual removal is needed.
* When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
DESTDIR has to be removed from the definition. For example on Arch
Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
* PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
- Clened with spec-cleaner
-------------------------------------------------------------------
Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com
- Update to version 2.7. Changes:
* IB support
* saves linked policy and skips relinking whenever possible
-------------------------------------------------------------------
Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
* genhomedircon: do not suppress logging from libsepol
* genhomedircon: use userprefix as the role for homedir
* Fix bug preventing the installation of base modules
* Use pp module name instead of filename when installing module
* genhomedircon: remove hardcoded refpolicy strings
* genhomedircon: add support for %group syntax
* genhomedircon: generate contexts for logins mapped to the default user
* Validate and compile file contexts before installing
* Swap tcp and udp protocol numbers
* genhomedircon: %{USERID} and %{USERNAME} support and code cleanups
-------------------------------------------------------------------
Mon Dec 12 14:59:36 UTC 2016 - dimstar@opensuse.org
- Split out the Policy Store Migration tool into
libsemanage-store-migrate: it is not a devel tool to start with.
Additionally, it causes the -devel package to depend on python,
which we want to avoid (libsemanabe being part of the core build
cycle). The library suggests libsemanage-store-migrate.
-------------------------------------------------------------------
Sun Jul 17 15:17:39 UTC 2016 - jengelh@inai.de
- Update RPM groups, trim description, combine filelist entries,
ensure pkgconfig() symbols are generated.
-------------------------------------------------------------------
Thu Jul 14 14:20:12 UTC 2016 - jsegitz@novell.com
- Without bug number no submit to SLE 12 SP2 is possible, so to make
sle-changelog-checker happy: bsc#988977
-------------------------------------------------------------------
Wed Jul 13 09:43:28 UTC 2016 - jsegitz@novell.com
- Added suse_path.patch to fix path to hll compiler
-------------------------------------------------------------------
Fri Jul 8 15:24:49 UTC 2016 - i@marguerite.su
- update version 2.5
* Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss.
* Fix uninitialized variable in direct_commit and direct_api
* semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so
* Store homedir_template and users_extra in policy store
* Fix null pointer dereference in semanage_module_key_destroy
* Add semanage_module_extract() to extract a module as CIL or HLL
* semanage_migrate_store: add -r <root> option for migrating inside chroots
* Add file_contexts and seusers to the store
* Add policy binary and file_contexts.local to the store
* Allow to install compressed modules without a compression extension
* Do not copy contexts in semanage_migrate_store
* Fix logic in bunzip for uncompressed pp files
* Fix fname[] initialization in test_utilities.c
* Add remove-hll semanage.conf option to remove HLL files after
compilation to CIL
* Fix memory leaks when parsing semanage.conf
* Change bunzip to use heap instead of stack to prevent segfault on
systems with small stack size
- changes in 2.4
* Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different
directories
* Fix bugs found by hardened gcc flags
* Add missing manpage links to security_load_policy
* Fix failing libsemanage pywrap tests
* Fix deprecation warning for bison
* Skip policy module relink when only setting booleans
* Only try to compile file contexts if they exist
* Fix memory leak when setting a custom store path
* Add semodule option to set store root path in semanage.conf and the
semodule command
* Add semanage.conf option to set an alternative root path for policy
store
* Add support for High Level Language (HLL) to CIL compilers. The HLL
compiler path is configurable, but should be placed in
/usr/libexec/selinux/hll by default
* Create a policy migration script for migrating the policy store from
/etc/selinux to /var/lib/selinux
* Add python3 support to the migration script
* Use libcil to compile modules
* Use symbolic versioning to maintain ABI compatibility for old install
functions
* Add a target-platform option to semanage.conf to control how policies
are built
* Add API to handle modules and source policies, moving module store to
/var/lib/selinux
* Only try to compile file contexts if they exist
-------------------------------------------------------------------
Sun May 18 00:10:55 UTC 2014 - crrodriguez@opensuse.org
- version 2.3
* Fix memory leak in semanage_genhomedircon from Thomas Hurd.
-------------------------------------------------------------------
Tue Feb 11 10:12:55 UTC 2014 - vcizek@suse.com
- add semanage.conf as SOURCE and install it instead of the default
one
-------------------------------------------------------------------
Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
* Avoid duplicate list entries
* Add audit support to libsemanage
* Remove policy.kern and replace with symlink
* Apply a MAX_UID check for genhomedircon
* Fix man pages
- Add audit-devel BuildRequires; new dependency
- Add fdupes BuildRequires and use it to symlink duplicate manpages
-------------------------------------------------------------------
Thu Jun 27 14:56:37 UTC 2013 - vcizek@suse.com
- change the source url to the official 2.1.10 release tarball
-------------------------------------------------------------------
Thu Apr 4 19:29:33 UTC 2013 - vcizek@suse.com
- fixed source url
- removed old tarball
-------------------------------------------------------------------
Fri Mar 29 15:21:29 UTC 2013 - vcizek@suse.com
- update to 2.1.10
* Add sefcontext_compile to compile regex everytime policy is rebuilt
* Cleanup/fix enable/disable/remove module.
* redo genhomedircon minuid
* fixes from coverity
* semanage_store: do not leak memory in semanage_exec_prog
* genhomedircon: remove useless conditional in get_home_dirs
* genhomedircon: double free in get_home_dirs
* fcontext_record: do not leak on error in semanage_fcontext_key_create
* genhomedircon: do not leak on failure in write_gen_home_dir_context
* semanage_store: do not leak fd
* genhomedircon: do not leak shells list
* semanage_store: do not leak on strdup failure
* semanage_store: rewrite for readability
-------------------------------------------------------------------
Wed Jan 30 12:00:30 UTC 2013 - vcizek@suse.com
- update to 2.1.9
* dropped libsemanage-2.1.6-NULL_level_fix.patch (fixed upstream)
* libsemanage: do not set soname needlessly
* libsemanage: remove PYTHONLIBDIR and ruby equivalent
* do boolean name substitution
* Fix segfault for building standard policies.
* remove build warning when build swig c files
* additional makefile support for rubywrap
* ignore 80 column limit for readability
* semanage_store: fix snprintf length argument by using asprintf
* Use default semanage.conf as a fallback
* use after free in python bindings
* Alternate path for semanage.conf
* do not link against libpython, this is considered bad in Debian
* Allow to build for several ruby version
* fallback-user-level
-------------------------------------------------------------------
Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de
- Remove obsolete defines/sections
-------------------------------------------------------------------
Wed Oct 24 16:36:25 UTC 2012 - vcizek@suse.com
- when building "standard" (not MCS/MLS) selinux-policies,
libsemanage will crash, because "level" is NULL
(libsemanage-2.1.6-NULL_level_fix.patch)
-------------------------------------------------------------------
Mon Aug 27 13:49:45 UTC 2012 - cfarrell@suse.com
- license update: LGPL-2.1+
Could not find any LGPL-2.1 "only" licensed files in the pacakge
-------------------------------------------------------------------
Wed Aug 1 07:54:33 UTC 2012 - meissner@suse.com
- Updated to 2.1.6
* changes too numerous to list
-------------------------------------------------------------------
Wed Oct 5 15:10:27 UTC 2011 - uli@suse.com
- cross-build fix: use %__cc macro
-------------------------------------------------------------------
Thu Sep 22 13:14:39 CEST 2011 - dmueller@suse.de
- buildrequire libbz2-devel
-------------------------------------------------------------------
Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org
- split off python bindings to separate package to reduce build
dependencies for rpm [bnc#695436]
-------------------------------------------------------------------
Wed May 18 13:38:44 UTC 2011 - coolo@novell.com
- add baselibs.conf for rpm-32bit to use
-------------------------------------------------------------------
Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com
- disable parallel build, it breaks too often
-------------------------------------------------------------------
Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz
- updated to 2.0.43
* changes too numerous to list
-------------------------------------------------------------------
Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz
- fix assignment of wrong context [bnc#466793]
-------------------------------------------------------------------
Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz
- updated to 2.0.31
* policy module compression (bzip) support from Dan Walsh
* hard link files between tmp/active/previous from Dan Walsh
* add semanage_mls_enabled() interface from Stephen Smalley
-------------------------------------------------------------------
Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz
- updated to 2.0.29
* add USER to lines to homedir_template context file
* add compression support
* allow fcontext and seuser changes without rebuilding the policy
* don't rebuild on fcontext or seuser modifications
* modify genhomedircon to skip %groupname entries
-------------------------------------------------------------------
Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de
- fix debug_packages_requires define
-------------------------------------------------------------------
Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz
- require only version, not release [bnc#429053]
-------------------------------------------------------------------
Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz
- updated to 2.0.27
* Modify genhomedircon to skip %groupname entries.
Ultimately we need to expand them to the list of users to support
per-role homedir labeling when using the %groupname syntax.
- updated to 2.0.26
* Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
Strip any trailing slash before appending /*$.
-------------------------------------------------------------------
Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de
- fix requires for debuginfo package
-------------------------------------------------------------------
Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz
- initial version 2.0.25
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>

121
libsemanage.keyring Normal file
View File

@@ -0,0 +1,121 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGcpEXsBEACjkf3/pxK1vKNYV5sbqoOfqlP7i/WuVtFmjStjBaQOYQCM5kxE
L1ImKlMJ1B40WW/ocSKIK+XduZkiqtn7O8sjpTX7Z0fuTTrE2ogUtNXTNuv61SQ7
CymDmevn0qy40/TVYFLQQvO6c7/MeP4E4R0+DUq8HQhAW2oDBoB+6fLrti9Ov07t
jPTtkJ9PE+0d/oUnzQU95FrQuhlidbhSZIa2bV/n1UP36p7jKFG01qdqZdQqN/wF
PDStDCOgmFVPkyDRnqFbp+EWsPnsuB3x8GLlkcdSVHjPX6eoYJSgeUeNzQlXIryP
x+h8pp+jD/v0hNo6oHO/4/emxj15wGDvAZo4eurNHNHEB8phE7YhoUdEaewQTwWf
BIQvTS49XGmKJNq+sskUSOS70aY/c5jetvAg9dvDWb2ZkbXIBVtIQR/nxZJZ6gGn
Q7qqvAB0ht2BRfgGRDxtfky1SNenm2bRK2aNCJns73VyDRW5a2t+P8jgTfG2Wg3O
G0bZAsjizuIAvWiuEKXES5lE71qVQJJydG+GbDYOHqwHqLnp69xl1QXDExc4HLF9
avR/FfhCVHyNiow+PtQw2PY9xxME5Be6YhbZx0YR6eL2+sT1wt9lFI0LA9YBda2v
XNBbngnHkOMIYehtCTndnuQT4xlUCN6A5pPS7nRyWME18mii26Wfj6BsYwARAQAB
tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB
FiEEaNIYIzQqE2g66z5O+0xoW13BwT4FAmcpEXsCGwMFCQPCZwAFCwkIBwICIgIG
FQoJCAsCBBYCAwECHgcCF4AACgkQ+0xoW13BwT52gxAAjmac0DxofR1945mfP82s
zBjofuMr/6Vhq0LHTl7VN8r7PP195EqzGA/c+OPSn2KCjeMh09w3n9ieWZUR6mUO
ZKIo4516d2+LL6wDyy6QyjTtD6bWlhY3MW3KJl35zjian0jWXuHquS0hj1cN52uU
CQ2iDVWVR63142maBe3Y6Yk0OZh+1ZwoinLD9ktq5uNFwCbHCyfsjp1adProV+D0
fy2txGVaKlVY/yKY7QQinALxFuG42CTGO39xV/cISnOiQXifSTeepia33Q020ZzS
QblACVO+VS4ek1bO7O90A+0zLcoRpch+7cgRl4goLFKBZdObvNEpSfQXqMoCwteE
r9Y4DUBrs10BTAzGsSd182ioGu6xosOWnNZTtRK/ZhP49/dpDu7WzODYnxXl6pE/
4TzDB7nhE0KBCtwOBSrlpvKdyy+6WXcaom/O9kLv9DdOH+DlZz51FoYHPQ70UG5E
9DCOucH3fbFbV8N/XtxJylUoC9X+PCe2lZd/udK/YzSj1+KGdMGXh3ZzYQEq1N2n
lbQil5GXm4tp3cBiii4/pGhn78h39mA15pAof9mULGTlL0YvNiGbrrnKw5hGSHs1
+hOFG28CoB4NxMpYYMbWdCiTYoo5LKpLzU9PYCUzPsDbpHS+wf/2VDW5kUiEgZvF
leUYRFnBd3Wz6WB9ZNsHkr6JAjMEEAEIAB0WIQS4aChHdk32DfUtmSy8OQXyNRec
8QUCZykYBQAKCRC8OQXyNRec8V0ZD/4vu4DsQwH5iHS6uFm46W1lI22B7pv5Rstl
N3wNGx/Tjh75nQ0lZ1DaxosGm0aEhydqzhB3SBL5CRYHuUysnfW67HXlkGMWwa3K
or5Wgfwkg+9XwyvleiOoD5RhSlc/qewgut2RS83Ol4DnUjFi5UxZy63xJRVjOMPX
VgbU/wsXPJ2wiZph7ux75ETzkXf/Y+iRk17R3QaHfq7J8lI0PzReuvEulE6BptCA
c0bR2sv8MeN2hrcXRXkRSgbs0HBSuYFGVYpgItQV9b7yZCfpFUrwkhX1ZoevOL8o
Bkuidlvl0KM7R746XXqnJSh8sDxI3sFqqN6ezyGjb3sa0Td1quReaPmnenhg+6v8
P6hkI0gf4FgyyG3jpW0Te/pXXQ/woDboyA2jmowTVDSQLUNRiLrxw94OCtAExZr6
cX6b2LZoZ4DKLeoOFm7TckuE5gCG/jk5VFrCb28WrIqIFEA1WiBNGv5yHjPLBpqn
B9UtD7GLBUuqVPmf+IjNYJDSEDXl4pmAlXSRNcvg5YoF4mpI2ectWbgCFnY6kocy
yMTsESim8J70llYUiuO1D1OuuIHI7HTdqdaSabtviVnUcoM4j8LHLPwFm9iLOjuF
I50aMusUFMP9aTSzC+nMHg0qHkjo3uSCmlcxNpanfr4qZDHronNpmN6kaXVUw0V2
CI/pLDqk77kCDQRnKRF7ARAArgRj7ToZ65fjAuVSoAxYKdsUQu6EFkZYUsQi8/pY
lLVY6957jlFVylV9gyncCrKaI1FqECVEy1JD1i1dJ2UE+SG01yhX+GqNw3LAx1uz
L5GzbulGT8MlULTJUvgAGtJKXCF81rjpfhm8+vwYYO+MBSEro1dDtatknFhH39TS
epEa0a48EuEV7LUfrSflrE/z7Z/2kUI1sMnXcduuFWO75FR4TwarlYkjl15rlJ9i
dcURGxP/M76nDtlppIOZYpHVrzw/oGQMPt7rdkhoBrzj0z8PP46DM0SBvJGO+Bs7
Q4QitLbHrWUahbsX2msSDOP3s0iIG7qqk0Jgl5+Sl88Q2uT7CY5S2El+HoTu6mGW
WJBqazp2pcBzdn7EE32MV/vhGnNWYg8r8wU2vQRxQwWBRGkG1pOuTh0YyH76/mLi
orHHAkd/hGwYIOyAf1lkN6YrPmry4U1MjWRtOewo2353svjlT7f+ZGbiXbaDx674
C8PpHgZ8qOzLMQULIYrtOZViPRj4QZH35htFDUZqFeq2tH9osLT0tLLFBOph8pTw
q6yehx4RsE6KARlQ0/JunOJvAeXVURX1ytHl5Pww8eCzzF2mNDuBG4+LXZ+9zze6
elSw0gdILFmpeiKUazPb7OlfayLc/EG0r+1OjpkVEuKOEezbnRjVqCngzJdir3UD
ZVMAEQEAAYkCPAQYAQgAJhYhBGjSGCM0KhNoOus+TvtMaFtdwcE+BQJnKRF7AhsM
BQkDwmcAAAoJEPtMaFtdwcE+jMYP/Rh+SS0bAara89lQj8Wxy/5WcSpW33h0GdLT
/obJi+EjtN/zW/7vZRGVB5fxNRCjH0Hx3cCu7lvb6JKQ9y8fvQ9tjyO3/JPAe1KU
XN/r5g8iX6jJPPsOiIgtKOs7nWe2XyAqYhvxD1bvjFXpUUgnibysfTgwoWkiXNQO
rrrQlhAga05QW6BJ+DtotVT/SPhYooQp8B+D3fBhMop34mBEXLgVk+uJ6bse+VRK
LZUp992utQX89fflfviIp09CgQANmLwqQxlQsO3JDpk67aGIOkCuOjmENp0ozfXh
nrlWczXWGOISGZMXcjIYGWVvSoEiTQucFUe4xiaKoE0kRtqocuoiO7z9G8WVhX4A
whJ4DsHrySdslxqjXeiC0Om4niGmAKOPYHWfQ1YxyO7SC167Wx+whpBtYd68fa+C
XkskMI21Qk382hYHZSi/bvAS+yieDBjd27jROcz7l6PB/ivwPfBf4mlUICF+vc5z
SSfDXidGoU8B7UTsM1REnzF8RX2I9ECzCjqqiHsgjE0RNQbWvLBETE23q0eyiPHR
ZvQjQgHsKdZEr0Xqg1GnRLiRWCn4l6Fr00ZcUraGfyoEP+ulQ+yP852SIE34LsCL
TusI17P4gp2dR9eQ4mosI7J5TAL1Y+W4U8H1GeeCFgzjGExZ/xe9Is46T++A/GKp
HkA0s5uxuQINBGcpEuEBEAC6H5vY7GP2r5FFn6mQNV/8zo/TXIOYOHC1gfOL8tbw
8UcLqJCXMxF7K/VHmfe4ISkBn76Z1R4KCjZOYWdh2mbESB1owhb3y6p7h+4eGhdT
YyHh6I3uPIm9dAKyKMINjOJ+iPTcdjudNWPDj4FJK72QDf+8SpT0DliMbTUyZVIx
ohpOupmqyfKkrqvZ7ElrthVFjBGqktgLmSyKQNUr1+11+GOeydgZLiljJ8w1IdjU
oEykeNPvASQz4pnZZGmNNlnuc/27gt98kwqBxyVGB/7XcJ5Jol9UiGMmXEZUuSWg
Txcls56Ha+Qrbnt70F6cQWBCfIsKkYnxg2yewlWHFTVoDrZ1PuOac5UwGGcag2Ez
LPN+9TDRETPZVulkGSLBlF9n0xZQGzJud4fw3DNkxBAsJz/Kj+Oc+uYNL62CXgJc
bMG2nE9RlIy5ji0dlna8FvTNx+Fjs/UKse7KVcsXOQ479dE/fDUXwjVSokKN1MqN
2MIMX9Va150d57WISxIfE8Yfx8enhCmsEMPBng2d+KVg0cwNabpTVvOFfbKepwYC
tBJ3U3L+gvsnMTWqgf+c2vBW85JI1YVRNcVd4vL5I5cl0UmkY/7/BX6Bh/JzOhQ/
q+YJ0rUezXlZC8rPI/+eYtLm4uKV/FUqvFkMjpI2tLh/9eQdwadgHIUpSGrmBU3R
lwARAQABiQRyBBgBCAAmFiEEaNIYIzQqE2g66z5O+0xoW13BwT4FAmcpEuECGwIF
CQPCZwACQAkQ+0xoW13BwT7BdCAEGQEIAB0WIQRyAOssP15IhGPAzp7NyujJJ8a+
MQUCZykS4QAKCRDNyujJJ8a+MTGJD/9MpDYKL6yo1JUhzCD+TQajWLhwDuWEo11h
EEJohOEH2Myo2DbOA/OAQsFxpUkvzHDQTbHZm8F6Mzhf55OuaR259zEdHwH/MEXy
g+UPamCz/NmZkQ7WCrgJ1pvvIihU02t+gJlKHE4I9HbAiLFxhm23l/tnfNJeqSMh
5zqxM551PvlleulBu8g15SS84l8wI6JqKVq68N+/yTmIlRVs/4PHW85zzxu97BUl
xssgPgchGv89L6TUPXTMZucXvVOfEZmvtqcxkJIUIcnlZX4FLAccq3FHL5snXH0w
vjklyvVqdNd5och5Io3MUGKAlBKAe/R656CQPdGbD4hzE1viXnfqx6Vo1HRQDDHU
MLWqmMG2cT3+ld1MSxlDGr2QyuPR359UoWM4oANUimTHujR1nWOZtSZ2NBXIYOAc
T4SaB13vbr/Z+1auJba495QLphmKpu28GcKfAX5pXo/WesTQFYlyEvIGMMJ7ljah
cEBgXrHCkM98w+viixyrM9XhNZVQsGJuu1FaBLGa+KcgYXH1P3BAJV9fbnh2oFoA
SFEwiahP9g/7p69FkqpA4NGEjjg4bu5XvUhUAnwEcQE3yHG9AzdY+zV+HAwEULIZ
+v/H9Tj9zvxH0mHGRT1XCYxssZA/tU/VCB+IepmkcyTxlSZCfoot66vNZyfA8WTC
AU9kQPw5A4xfEACKjcOFavkoN3eYgIcAs1jQDaKlv8kfotIfG7RLcwtr9sXo9upF
jX58oxP9wVXGWf32s1Stf6ENFtzupuEqTG8aZydeeRxMdqH1t9SCERqeUqQGvWDW
KTfOASek7/Hf5ff06/6B73YwNrBXSeqT1H/21L5kP+mHvZD2THdl9U1IvR5bGO7A
HMVbRnCHlMBfitpKbJAKYBeLTk7diY2KrhqtJSDmgA4xFn533oOysBLhJ22XHr8K
4pMHMRoY9AtD3Ak0HRWZ395BZM/30phwB0jCPkEnk/Rnv7GGxWNA6e2fii2c/q83
pG4O1itLoztMI39l4oK838bSdFpzgP4glfcJhi1heBqgO6h61Ra1zs7k/MdERNoG
3/jqhvaXN/pxPlDJW6NN/P6LSsYRzrem9cryZX4rsEVj8Mel0SGXWkPDZhgtsGZS
2FBZ2wvr9NW+kx7/Blp28n9vLcB5HNB66xS5y5Kj1Q03tiPy7d1GHE2CxKJT3oD9
IWUCgHmzc6eHkrhYRUIG78g2N2L6vYEsl49KcDcjtWRET0dp/UPbyO0HObddt+3a
uzeU7XwVwKrDqR3siHd7S1ny5Qb1QO+pMMdNQcsBa/CurfyAooC7ZExpTToDmRHz
tFxCKLPE7AEjCIe5RYxTj8fLHp9ew4OESzQ7oAUNqs0NkZ57ZqYpMDJmkbkCDQRn
KRPFARAA7AZXVugEPe8MuygBPracbFtKpeIGw5vGelZs2J87Mz0FQY84ikexIffY
9kYb/4s2M10QJ/LI/VHKwfk5PuP3ZDy+BFCgbdf3zmBs6NjJlzTG8CRNK9bE6LLk
K4Xdfywnc1J6tANfCM/2pWotWP/cUHyeRrUcVLsrMLdmj+TMKjF5nf+FXc9NYiNy
gm+0FIIo9nI4nGdGpZ+LkE0mjdLZJHWbFX3rvNrBeJnwx54GXqsuE58IG3P2D5uq
tdlih6e4yfkmzaZwfSFph4xJXdRYgLiSKfOvUQnGz4vX+FUJUE2KINzoNdwVejP1
lVz2SOllM4yhlUORGTI556f7lLJr3Ari14uYMswTj6mB4cJL9ZrgqtjIRZ7s2kbV
VORImdFL5/JgZNa3ASK7BPon1TS3V3mFvGEztgCGWc4Sc1WaprcGrfKomz0b/uCJ
xnsIgn0kEcpMnM6cp+kaHEFI6A6gI5pZbq5ULMOp+tg+YJQgpCZqcHjjXEkUa4dU
8wsGNWOzCgwoaQreAzooxEINhDne7qwUr4lyXwehsFJ7NUhQqkpVfchb13nTpwTQ
WFJb829Ym/QUgxWWjILYGk6NJZWATBe2T+bdIo+yAIBwKrOLvGWWhHz4T0LbFyL1
x0Ybl9qCGBKNo/qPSoPDD+yVE9AlzkAMh66SQ5hMKJKIPBC1uUkAEQEAAYkCMwQY
AQgAJxYhBGjSGCM0KhNoOus+TvtMaFtdwcE+BQJnKRPFAxsgBAUJA8JnAAAANxYP
/iolEuftNwy1EwXjdif51f47XdivEEJPifVBWaI+watRxrhWDUn62tXogywauGS2
mJpXSp4v+SbSHTabiAQNkoPJZZd15aERcVpNXL3IKlJdRYmXmBJdNLDGuoFbJYuU
suThRP2X2yTmYx3LQkDy6ehtXgz95dCCBHXUMveOLto7SGyrHLFeQlxrBaNUZbko
vURqgMogn8LDE4jmKkW54whFCNC/D0Cj/DZ+rXWpVdj3OSeTqkWSn9EMct6z7BUc
O15tl8n3FXsxvWZ/+TTd1PnoZoD9TcRe8nYV2BZH7N/5gwRr0w8MdijZQ0S+T2Y6
Tbjszyz4557F2WQ+DIpbkDya1i5j91GPxboLiktwxZr53+8hSmbka7DQXmrQBaT3
8VsF70cvO0R6+9Ge4deZ9Nl62j+cICJiDikKPqncmg3kIt5tHxi1ab0AkFtfWSBW
+pJTZWDBggWzEETPxa7aHvP95IJJ4iABEVtOUnpwGtGRcJXKFu/Qs9ZZR8BSqIS1
0bGsDhfH+MqsjTYmNF1b9tmReNKRrwr5wOWlyv2LEFZbkuRaw52IvyMTF9MbDbkU
DtZ3UeIecG/foy7/Nv7T8jrd358ur3d7eWaZXH2pAXynk6R/iiNj1iggdWQtLu30
CAWOb+5yakQZtfHI+TYKveX5vlHjXHd0Fb2TGK5alk3d
=uF78
-----END PGP PUBLIC KEY BLOCK-----

161
libsemanage.spec Normal file
View File

@@ -0,0 +1,161 @@
#
# spec file for package libsemanage
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define soversion 2
%define libname libsemanage%{soversion}
Name: libsemanage
Version: 3.8.1
Release: 0
Summary: SELinux policy management library
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
URL: https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
Source2: libsemanage.keyring
Source3: baselibs.conf
Source4: semanage.conf
# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards
# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux
#Patch0: libsemanage-update-map-file.patch
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: fdupes
BuildRequires: flex
BuildRequires: libbz2-devel
BuildRequires: libselinux-devel
BuildRequires: libsepol-devel
BuildRequires: pkgconfig
BuildRequires: python-rpm-macros
%description
libsemanage is the policy management library. Using libsepol and
libselinux to interact with the SELinux system, it also calls helper
programs for loading policy and for checking whether the
file_contexts configuration is valid.
%package -n %{libname}
Summary: SELinux policy management library
Group: System/Libraries
Suggests: %{name}-migrate-store
Requires: %{name}-conf >= %{version}
%description -n %{libname}
libsemanage is the policy management library. Using libsepol and
libselinux to interact with the SELinux system, it also calls helper
programs for loading policy and for checking whether the
file_contexts configuration is valid.
(Security-enhanced Linux is a feature of the kernel and some
utilities that implement mandatory access control policies, such as
Type Enforcement, Role-based Access Control and Multi-Level
Security.)
%package conf
Summary: Configuration for the SELinux policy management library
# before 3.1 the config file wasn't separated, so no parallel install is possible
Group: System/Libraries
Obsoletes: %{name}1 < 3.1
%description conf
Configuration file for libsemanage. Moved to a separate package to allow
parallel installation
%package devel
Summary: Header files and libraries for SELinux's policy management libary
Group: Development/Libraries/C and C++
Requires: %{libname} = %{version}
%description devel
The libsemanage-devel package contains the libraries and header files
needed for developing applications that manipulate SELinux policies.
%package devel-static
Summary: Static archives for SELinux's policy management library
Group: Development/Libraries/C and C++
Requires: libsemanage-devel
%description devel-static
The libsemanage-devel-static package contains the static libraries
needed for developing applications that manipulate binary policies.
%package migrate-store
Summary: SELinux Policy Store Migration
Group: Productivity/Security
%description migrate-store
In version 2.4 of libsemanage, libsepol, and policycoreutils, the policy
module store was moved from /etc/selinux/<store>/modules/ to
/var/lib/selinux/<store>/. Once the libraries are upgraded, all policy
stores must be migrated before any commands that modify or use the store
(e.g. semodule, semanage) can be executed.
%prep
%setup -q
# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files
grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g"
%build
%make_build clean
%make_build CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" CC="gcc"
%make_build CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all
%install
mkdir -p %{buildroot}/%{_lib}
mkdir -p %{buildroot}%{_libdir}
mkdir -p %{buildroot}%{_includedir}
mkdir -p %{buildroot}%{_localstatedir}/lib/selinux
%make_install LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_libdir}"
ln -sf %{_libdir}/libsemanage.so.%{soversion} %{buildroot}/%{_libdir}/libsemanage.so
cp %{SOURCE4} %{buildroot}%{_sysconfdir}/selinux/semanage.conf
# Fix shebang in scripts
for f in %{buildroot}%{_libexecdir}/selinux/*
do
[ -f $f ] && sed -i "1s@#!.*python.*@#!$(realpath %__python3)@" $f
done
# Remove duplicate files
%fdupes -s %{buildroot}%{_mandir}
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%files -n %{libname}
%{_libdir}/libsemanage.so.*
%dir %{_localstatedir}/lib/selinux
%files conf
%dir %{_sysconfdir}/selinux
%config(noreplace) %{_sysconfdir}/selinux/semanage.conf
%files devel
%{_libdir}/libsemanage.so
%{_libdir}/pkgconfig/libsemanage.pc
%{_includedir}/semanage/
%{_mandir}/man3/*
%{_mandir}/man5/*
%files migrate-store
%dir %{_libexecdir}/selinux
%{_libexecdir}/selinux/
%files devel-static
%{_libdir}/libsemanage.a
%changelog

426
python-semanage.changes Normal file
View File

@@ -0,0 +1,426 @@
-------------------------------------------------------------------
Fri Mar 7 14:10:50 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.8.1
https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
* libsemanage: improved performance of semanage store rebuild
-------------------------------------------------------------------
Tue Feb 4 07:22:41 UTC 2025 - Robert Frohl <rfrohl@suse.com>
- Update to version 3.8
https://github.com/SELinuxProject/selinux/releases/tag/3.8
* libsemanage: Preserve file context and ownership in policy store
* libsemanage: Optionally allow duplicate declarations
* Improved man pages
* libsemanage: Mute error messages from selinux_restorecon introduced in 3.8-rc1
* Code improvements and bug fixes
- For a more in depth list of changes see
https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt
- Drop 1231587-build-libsemanage-with-swig-4.3.0.patch: fixed upstream
- keyring: Update Petr Lautrbach <lautrbach@redhat.com>
* removed 0xBC3905F235179CF1 (expired: 2024-10-25)
* added 0xFB4C685B5DC1C13E (expires: 2026-11-04)
-------------------------------------------------------------------
Tue Oct 15 11:41:31 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Add 1231587-build-libsemanage-with-swig-4.3.0.patch to fix
build failure with swig 4.3.0 (bsc#1231587)
-------------------------------------------------------------------
Mon Jul 1 07:57:45 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.7
https://github.com/SELinuxProject/selinux/releases/tag/3.7
* Bugfixes:
* libsemanage: support huge passwd entries
-------------------------------------------------------------------
Tue May 28 10:40:17 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Build python-semanage for python311 in 15.4 and 15.5 instead of
python3.6 to fix build dependencies
-------------------------------------------------------------------
Tue Dec 19 11:13:19 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.6
https://github.com/SELinuxProject/selinux/releases/tag/3.6
* Add notself support for neverallow rules
* Improve man pages
* man pages: Remove the Russian translations
* Add notself and other support to CIL
* Add support for deny rules
* Translations updated from
https://translate.fedoraproject.org/projects/selinux/
* Bug fixes
- Remove keys from keyring since they expired:
- E853C1848B0185CF42864DF363A8AD4B982C4373
Petr Lautrbach <plautrba@redhat.com>
- 63191CE94183098689CAB8DB7EF137EC935B0EAF
Jason Zaman <jasonzaman@gmail.com>
- Add key to keyring:
- B8682847764DF60DF52D992CBC3905F235179CF1
Petr Lautrbach <lautrbach@redhat.com>
-------------------------------------------------------------------
Thu May 4 14:20:40 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because
of LTO
-------------------------------------------------------------------
Thu Mar 23 13:06:51 UTC 2023 - Martin Liška <mliska@suse.cz>
- Enable LTO now (boo#1138812).
-------------------------------------------------------------------
Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.5
* Allow user to set SYSCONFDIR
* always write kernel policy when check_ext_changes is specified
- Added additional developer key (Jason Zaman)
-------------------------------------------------------------------
Mon May 9 10:37:17 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.4
* Optionally rebuild policy when modules are changed externally
* Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info()
* Allow spaces in user/group names
-------------------------------------------------------------------
Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Drop Buildrequires for libustr-devel, not needed anymore
-------------------------------------------------------------------
Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.3
* Fixed use-after-free in parse_module_store()
* Fixed use_after_free in semanage_direct_write_langext()
-------------------------------------------------------------------
Mon Aug 16 13:13:41 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Call "make -j8 pywrap" instead of "make -j8 all pywrap" to fix random
build failures. The toplevel Makefile does not support concurrency,
and it resulted in parallel "make all" and "make pywrap" which weren't
aware of each other and stepped over the other's artifacts.
-------------------------------------------------------------------
Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Minor spec file cleanups
-------------------------------------------------------------------
Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.2
* dropped old and deprecated symbols and functions
libsemanage version was bumped to libsemanage.so.2
* libsemanage tries to sync data to prevent empty files in SELinux module
store
-------------------------------------------------------------------
Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.1
* Improved manpage
* fsync final files before rename
-------------------------------------------------------------------
Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Disabled LTO again. This breaks e.g. shadow and also other packages
in security:SELinux
-------------------------------------------------------------------
Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Fix build with LTO: [bsc#1133102]
* Enable LTO (Link Time Optimization)
* Update map file to include new symbols and remove wildcards
- Add libsemanage-update-map-file.patch
-------------------------------------------------------------------
Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop suse_path.patch: replace it with a grep/sed logic replacing
/usr/libexec in all files with the correct value for all distros
(taking into account that openSUSE is in progress of migrating
from /usr/lib to /usr/libexec).
-------------------------------------------------------------------
Fri May 29 12:51:17 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Apply suse_path.patch only for older distributions. Newer
use libexec
-------------------------------------------------------------------
Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Update to version 3.0
* Add support for DCCP and SCTP protocols
* include internal header to use the hidden function prototypes
* mark all exported function "extern"
* optionally optimize policy on rebuild
Refreshed suse_path.patch
-------------------------------------------------------------------
Fri May 3 12:22:25 UTC 2019 - Martin Liška <mliska@suse.cz>
- Disable LTO (boo#1133280).
-------------------------------------------------------------------
Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com
- Update to version 2.9
* Always set errno to 0 before calling getpwent()
* Include user name in ROLE_REMOVE audit events
* genhomedircon - improve handling large groups
* improve semanage_migrate_store import failure
* reset umask before creating directories
* set selinux policy root around calls to selinux_boolean_sub
* use previous seuser when getting the previous name
-------------------------------------------------------------------
Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Use more %make_install.
-------------------------------------------------------------------
Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com
- Adjusted source urls (bsc#1115052)
-------------------------------------------------------------------
Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com
- update to version 2.8
* semanage fcontext -l now also lists home directory entries from
file_contexts.homedirs.
* libsemanage no longer deletes the tmp directory if there is an error
while committing the policy transaction, so that any temporary files
can be further inspected for debugging purposes (e.g. to examine a
particular line of the generated CIL module). The tmp directory will
be deleted upon the next transaction, so no manual removal is needed.
* When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
DESTDIR has to be removed from the definition. For example on Arch
Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
* PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
- Clened with spec-cleaner
-------------------------------------------------------------------
Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com
- Update to version 2.7. Changes:
* IB support
* saves linked policy and skips relinking whenever possible
-------------------------------------------------------------------
Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
* genhomedircon: do not suppress logging from libsepol
* genhomedircon: use userprefix as the role for homedir
* Fix bug preventing the installation of base modules
* Use pp module name instead of filename when installing module
* genhomedircon: remove hardcoded refpolicy strings
* genhomedircon: add support for %group syntax
* genhomedircon: generate contexts for logins mapped to the default user
* Validate and compile file contexts before installing
* Swap tcp and udp protocol numbers
* genhomedircon: %{USERID} and %{USERNAME} support and code cleanups
-------------------------------------------------------------------
Wed Sep 27 15:51:27 UTC 2017 - jmatejek@suse.com
- build both python2 and python3 version of the semanage binding
with the singlespec machinery
-------------------------------------------------------------------
Sun Jul 17 15:21:03 UTC 2016 - jengelh@inai.de
- Summary/description update
-------------------------------------------------------------------
Fri Jul 8 15:35:05 UTC 2016 - i@marguerite.su
- update version 2.5
* Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss.
* Fix uninitialized variable in direct_commit and direct_api
* semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so
* Store homedir_template and users_extra in policy store
* Fix null pointer dereference in semanage_module_key_destroy
* Add semanage_module_extract() to extract a module as CIL or HLL
* semanage_migrate_store: add -r <root> option for migrating inside chroots
* Add file_contexts and seusers to the store
* Add policy binary and file_contexts.local to the store
* Allow to install compressed modules without a compression extension
* Do not copy contexts in semanage_migrate_store
* Fix logic in bunzip for uncompressed pp files
* Fix fname[] initialization in test_utilities.c
* Add remove-hll semanage.conf option to remove HLL files after
compilation to CIL
* Fix memory leaks when parsing semanage.conf
* Change bunzip to use heap instead of stack to prevent segfault on
systems with small stack size
- changes in 2.4
* Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different
directories
* Fix bugs found by hardened gcc flags
* Add missing manpage links to security_load_policy
* Fix failing libsemanage pywrap tests
* Fix deprecation warning for bison
* Skip policy module relink when only setting booleans
* Only try to compile file contexts if they exist
* Fix memory leak when setting a custom store path
* Add semodule option to set store root path in semanage.conf and the
semodule command
* Add semanage.conf option to set an alternative root path for policy
store
* Add support for High Level Language (HLL) to CIL compilers. The HLL
compiler path is configurable, but should be placed in
/usr/libexec/selinux/hll by default
* Create a policy migration script for migrating the policy store from
/etc/selinux to /var/lib/selinux
* Add python3 support to the migration script
* Use libcil to compile modules
* Use symbolic versioning to maintain ABI compatibility for old install
functions
* Add a target-platform option to semanage.conf to control how policies
are built
* Add API to handle modules and source policies, moving module store to
/var/lib/selinux
* Only try to compile file contexts if they exist
- changes in 2.3
* Fix memory leak in semanage_genhomedircon
-------------------------------------------------------------------
Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
* Avoid duplicate list entries
* Add audit support to libsemanage
* Remove policy.kern and replace with symlink
* Apply a MAX_UID check for genhomedircon
* Fix man pages
- Add audit-devel BuildRequires; new dependency
- Add fdupes BuildRequires and use it to symlink duplicate manpages
-------------------------------------------------------------------
Thu Jun 27 14:57:01 UTC 2013 - vcizek@suse.com
- change the source url to the official 2.1.10 release tarball
-------------------------------------------------------------------
Wed Jan 30 12:01:03 UTC 2013 - vcizek@suse.com
- update to 2.1.9
-------------------------------------------------------------------
Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de
- Remove obsolete defines/sections
-------------------------------------------------------------------
Tue Oct 23 05:05:03 UTC 2012 - coolo@suse.com
- buildrequire libbz2-devel
-------------------------------------------------------------------
Wed Aug 1 07:54:48 UTC 2012 - meissner@suse.com
- updated to 2.1.6
* changes too numerous to list
-------------------------------------------------------------------
Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org
- split off python bindings to separate package to reduce build
dependencies for rpm [bnc#695436]
-------------------------------------------------------------------
Wed May 18 13:38:44 UTC 2011 - coolo@novell.com
- add baselibs.conf for rpm-32bit to use
-------------------------------------------------------------------
Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com
- disable parallel build, it breaks too often
-------------------------------------------------------------------
Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz
- updated to 2.0.43
* changes too numerous to list
-------------------------------------------------------------------
Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz
- fix assignment of wrong context [bnc#466793]
-------------------------------------------------------------------
Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz
- updated to 2.0.31
* policy module compression (bzip) support from Dan Walsh
* hard link files between tmp/active/previous from Dan Walsh
* add semanage_mls_enabled() interface from Stephen Smalley
-------------------------------------------------------------------
Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz
- updated to 2.0.29
* add USER to lines to homedir_template context file
* add compression support
* allow fcontext and seuser changes without rebuilding the policy
* don't rebuild on fcontext or seuser modifications
* modify genhomedircon to skip %groupname entries
-------------------------------------------------------------------
Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de
- fix debug_packages_requires define
-------------------------------------------------------------------
Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz
- require only version, not release [bnc#429053]
-------------------------------------------------------------------
Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz
- updated to 2.0.27
* Modify genhomedircon to skip %groupname entries.
Ultimately we need to expand them to the list of users to support
per-role homedir labeling when using the %groupname syntax.
- updated to 2.0.26
* Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
Strip any trailing slash before appending /*$.
-------------------------------------------------------------------
Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de
- fix requires for debuginfo package
-------------------------------------------------------------------
Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz
- initial version 2.0.25
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>

100
python-semanage.spec Normal file
View File

@@ -0,0 +1,100 @@
#
# spec file for package python-semanage
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{?sle15_python_module_pythons}
%define soversion 2
%define libname libsemanage%{soversion}
%define libsepol_ver 3.8.1
%define libselinux_ver 3.8.1
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-semanage
Version: 3.8.1
Release: 0
Summary: Python bindings for SELinux's policy management library
License: LGPL-2.1-only
Group: Development/Languages/Python
URL: https://github.com/SELinuxProject/selinux
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz.asc
Source2: libsemanage.keyring
Source3: baselibs.conf
# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards
# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux
# Patch0: libsemanage-update-map-file.patch
BuildRequires: %{python_module devel}
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: flex
BuildRequires: libbz2-devel
BuildRequires: libselinux-devel >= %{libselinux_ver}
BuildRequires: libsepol-devel >= %{libsepol_ver}
BuildRequires: python-rpm-macros
BuildRequires: swig
# Ensure same version
Requires: %{libname} = %{version}
%python_subpackages
%description
This package contains the Python bindings for developing
SELinux policy management applications.
%prep
%autosetup -p1 -n libsemanage-%{version}
# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files
grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g"
%build
%make_build clean
%{python_expand # loop over possible pythons
%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" swigify
%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" \
LIBDIR="%{_libdir}" \
LIBEXECDIR="%{_libexecdir}" \
SHLIBDIR="%{_lib}" \
pywrap
}
%install
mkdir -p %{buildroot}/%{_lib}
mkdir -p %{buildroot}%{_libdir}
mkdir -p %{buildroot}%{_includedir}
%{python_expand # loop over possible pythons
%make_install install-pywrap PYTHON="$python" \
LIBDIR="%{_libdir}" \
LIBEXECDIR="%{_libexecdir}" \
SHLIBDIR="%{_libdir}"
}
# remove files contained in other packages
rm -rf %{buildroot}%{_sysconfdir}
%if "%{_lib}" == "lib64"
rm -rf %{buildroot}%{_libexecdir}
%else
rm -rf %{buildroot}%{_libexecdir}/selinux
%endif
rm -rf %{buildroot}%{_includedir}
rm -f %{buildroot}%{_libdir}/libsemanage.*
rm -rf %{buildroot}%{_libdir}/pkgconfig
rm -rf %{buildroot}%{_mandir}
%files %{python_files}
%{python_sitearch}/*
%changelog

51
semanage.conf Normal file
View File

@@ -0,0 +1,51 @@
# Authors: Jason Tang <jtang@tresys.com>
#
# Copyright (C) 2004-2005 Tresys Technology, LLC
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# Specify how libsemanage will interact with a SELinux policy manager.
# The four options are:
#
# "source" - libsemanage manipulates a source SELinux policy
# "direct" - libsemanage will write directly to a module store.
# /foo/bar - Write by way of a policy management server, whose
# named socket is at /foo/bar. The path must begin
# with a '/'.
# foo.com:4242 - Establish a TCP connection to a remote policy
# management server at foo.com. If there is a colon
# then the remainder is interpreted as a port number;
# otherwise default to port 4242.
module-store = direct
# When generating the final linked and expanded policy, by default
# semanage will set the policy version to POLICYDB_VERSION_MAX, as
# given in <sepol/policydb.h>. Change this setting if a different
# version is necessary.
#policy-version = 19
# expand-check check neverallow rules when executing all semanage commands.
# Large penalty in time if you turn this on.
expand-check=0
# usepasswd check tells semanage to scan all pass word records for home directories
# and setup the labeling correctly. If this is turned off, SELinux will label /home
# correctly only. You will need to use semanage fcontext command.
# For example, if you had home dirs in /althome directory you would have to execute
# semanage fcontext -a -e /home /althome
usepasswd=False
bzip-small=true
bzip-blocksize=5
ignoredirs=/root