Accepting request 879861 from security:SELinux

OBS-URL: https://build.opensuse.org/request/show/879861 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsemanage?expand=0&rev=50
2021-03-24 15:08:58 +00:00 · 2021-03-24 15:08:58 +00:00 · 7bd29bff92
commit 7bd29bff92
parent 094ac77f0c 53616ca447
7 changed files with 82 additions and 28 deletions
--- a/baselibs.conf
+++ b/baselibs.conf
@ -1 +1 @@
-libsemanage1
+libsemanage2
--- a/libsemanage-3.1.tar.gz
+++ b/libsemanage-3.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:22d6c75526e40d1781c30bcf29abf97171bdfe6780923f11c8e1c76a75a21ff8
-size 179601
--- a/libsemanage-3.2.tar.gz
+++ b/libsemanage-3.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d722a55ca4fe2d4e2b30527720db657e6238b28079e69e2e4affeb8e733ee511
+size 178839
--- a/libsemanage.changes
+++ b/libsemanage.changes
@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Link to correct so version
+- Minor spec file cleanups
+
+-------------------------------------------------------------------
+Wed Mar 17 08:29:15 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Move configuration file to separate libsemanage-conf package to allow
+  for parallel installation in future versions
+
+-------------------------------------------------------------------
+Tue Mar  9 09:09:18 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.2
+  * dropped old and deprecated symbols and functions
+    libsemanage version was bumped to libsemanage.so.2
+  * libsemanage tries to sync data to prevent empty files in SELinux module
+    store
+
 -------------------------------------------------------------------
 Wed Jul 29 14:37:19 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>

--- a/libsemanage.spec
+++ b/libsemanage.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libsemanage
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,14 +16,17 @@
 #


+%define soversion 2
+%define libname libsemanage%{soversion}
+
 Name:           libsemanage
-Version:        3.1
+Version:        3.2
 Release:        0
 Summary:        SELinux policy management library
 License:        LGPL-2.1-or-later
 Group:          Development/Libraries/C and C++
 URL:            https://github.com/SELinuxProject/selinux/wiki/Releases
-Source:         https://github.com/SELinuxProject/selinux/releases/download/20200710/%{name}-%{version}.tar.gz
+Source:         https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz
 Source1:        baselibs.conf
 Source2:        semanage.conf
 # PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards
@ -37,7 +40,7 @@ BuildRequires:  libbz2-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  libsepol-devel
 BuildRequires:  libustr-devel
-BuildRequires:  pkg-config
+BuildRequires:  pkgconfig

 %description
 libsemanage is the policy management library. Using libsepol and
@ -45,12 +48,13 @@ libselinux to interact with the SELinux system, it also calls helper
 programs for loading policy and for checking whether the
 file_contexts configuration is valid.

-%package -n libsemanage1
+%package -n %{libname}
 Summary:        SELinux policy management library
 Group:          System/Libraries
 Suggests:       %{name}-migrate-store
+Requires:       %{name}-conf >= %{version}

-%description -n libsemanage1
+%description -n %{libname}
 libsemanage is the policy management library. Using libsepol and
 libselinux to interact with the SELinux system, it also calls helper
 programs for loading policy and for checking whether the
@ -61,10 +65,20 @@ utilities that implement mandatory access control policies, such as
 Type Enforcement, Role-based Access Control and Multi-Level
 Security.)

+%package conf
+Summary:        Configuration for the SELinux policy management library
+# before 3.1 the config file wasn't separated, so no parallel install is possible
+Group:          System/Libraries
+Conflicts:      %{name}1 <= 3.1
+
+%description conf
+Configuration file for libsemanage. Moved to a separate package to allow
+parallel installation
+
 %package devel
 Summary:        Header files and libraries for SELinux's policy management libary
 Group:          Development/Libraries/C and C++
-Requires:       libsemanage1 = %{version}
+Requires:       %{libname} = %{version}
 Requires:       libustr-devel

 %description devel
@ -98,9 +112,9 @@ grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g"

 %build
 %define _lto_cflags %{nil}
-make %{?_smp_mflags} clean
-make -j1 CFLAGS="%{optflags} -fno-semantic-interposition" CC="gcc"
-make -j1 CFLAGS="%{optflags} -fno-semantic-interposition" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all
+%make_build clean
+%make_build CFLAGS="%{optflags} -fno-semantic-interposition" CC="gcc"
+%make_build CFLAGS="%{optflags} -fno-semantic-interposition" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all

 %install
 mkdir -p %{buildroot}/%{_lib}
@ -108,20 +122,22 @@ mkdir -p %{buildroot}%{_libdir}
 mkdir -p %{buildroot}%{_includedir}
 mkdir -p %{buildroot}%{_localstatedir}/lib/selinux
 %make_install LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_libdir}"
-ln -sf  %{_libdir}/libsemanage.so.1 %{buildroot}/%{_libdir}/libsemanage.so
+ln -sf  %{_libdir}/libsemanage.so.%{soversion} %{buildroot}/%{_libdir}/libsemanage.so
 cp %{SOURCE2} %{buildroot}%{_sysconfdir}/selinux/semanage.conf
 # Remove duplicate files
 %fdupes -s %{buildroot}%{_mandir}

-%post -n libsemanage1 -p /sbin/ldconfig
-%postun -n libsemanage1 -p /sbin/ldconfig
+%post -n %{libname} -p /sbin/ldconfig
+%postun -n %{libname} -p /sbin/ldconfig

-%files -n libsemanage1
-%dir %{_sysconfdir}/selinux
-%config(noreplace) %{_sysconfdir}/selinux/semanage.conf
+%files -n %{libname}
 %{_libdir}/libsemanage.so.*
 %dir %{_localstatedir}/lib/selinux

+%files conf
+%dir %{_sysconfdir}/selinux
+%config(noreplace) %{_sysconfdir}/selinux/semanage.conf
+
 %files devel
 %{_libdir}/libsemanage.so
 %{_libdir}/pkgconfig/libsemanage.pc
--- a/python-semanage.changes
+++ b/python-semanage.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Minor spec file cleanups
+
+-------------------------------------------------------------------
+Tue Mar  9 09:09:18 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.2
+  * dropped old and deprecated symbols and functions
+    libsemanage version was bumped to libsemanage.so.2
+  * libsemanage tries to sync data to prevent empty files in SELinux module
+    store
+
 -------------------------------------------------------------------
 Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz <jsegitz@suse.com>

--- a/python-semanage.spec
+++ b/python-semanage.spec
@ -1,7 +1,7 @@
 #
 # spec file for package python-semanage
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,15 +16,18 @@
 #


+%define soversion 2
+%define libname libsemanage%{soversion}
+
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-semanage
-Version:        3.1
+Version:        3.2
 Release:        0
 Summary:        Python bindings for SELinux's policy management library
 License:        LGPL-2.1-only
 Group:          Development/Languages/Python
 URL:            https://github.com/SELinuxProject/selinux
-Source:         https://github.com/SELinuxProject/selinux/releases/download/20200710/libsemanage-%{version}.tar.gz
+Source:         https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz
 Source1:        baselibs.conf
 # PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards
 # For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux
@ -35,12 +38,12 @@ BuildRequires:  bison
 BuildRequires:  flex
 BuildRequires:  libbz2-devel
 BuildRequires:  libselinux-devel
-BuildRequires:  libsepol-devel
+BuildRequires:  libsepol-devel >= 3.2
 BuildRequires:  libustr-devel
 BuildRequires:  python-rpm-macros
 BuildRequires:  swig
 # Ensure same version
-Requires:       libsemanage1 = %{version}
+Requires:       %{libname} = %{version}
 %python_subpackages

 %description
@ -54,10 +57,10 @@ grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g"

 %build
 %define _lto_cflags %{nil}
-make %{?_smp_mflags} clean
+%make_build clean
 %{python_expand # loop over possible pythons
-make -j1 PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition" swigify
-make -j1 PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition" \
+%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition" swigify
+%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition" \
         LIBDIR="%{_libdir}" \
         LIBEXECDIR="%{_libexecdir}" \
         SHLIBDIR="%{_lib}" \