Accepting request 1082976 from home:fbonazzi:branches:security:SELinux

- Update to version 4.4.2:
  * Make NetworkX optional. sedta and seinfoflow tools, along with the
    equivalent analyses in apol require NetworkX.
  * Remove neverallow options in sesearch and apol. These are not usable
    since they are removed in the final binary policy.
- Drop make_networkx_optional.patch, now merged upstream

OBS-URL: https://build.opensuse.org/request/show/1082976
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/setools?expand=0&rev=91

_service

@@ -0,0 +1,7 @@
+<services>
+  <service name="download_files" mode="manual">
+    <param name="changesgenerate">enable</param>
+  </service>
+  <service name="format_spec_file" mode="manual">
+  </service>
+</services>

make_networkx_optional.patch

@@ -1,87 +0,0 @@
-From 716a1d9e1db6701c0b310dd7e10dc4a10656da0f Mon Sep 17 00:00:00 2001
-From: Chris PeBenito <chpebeni@linux.microsoft.com>
-Date: Tue, 14 Dec 2021 14:24:20 -0500
-Subject: [PATCH] Make NetworkX optional.
-
-The CLI tools get installed to most distros, but sedta and seinfoflow are
-not typically used or separated into a different package. This will allow
-seinfo, sesearch, and sediff to function if NetworkX is missing, since they
-don't require it.
-
-Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
----
- setools/dta.py      | 18 ++++++++++++++----
- setools/infoflow.py | 17 +++++++++++++----
- 2 files changed, 27 insertions(+), 8 deletions(-)
-
-Index: setools/setools/dta.py
-===================================================================
---- setools.orig/setools/dta.py
-+++ setools/setools/dta.py
-@@ -24,8 +24,11 @@ from collections import defaultdict
- from contextlib import suppress
- from typing import DefaultDict, Iterable, List, NamedTuple, Optional, Union
- 
--import networkx as nx
--from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound
-+try:
-+    import networkx as nx
-+    from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound
-+except ImportError:
-+    logging.getLogger(__name__).debug("NetworkX failed to import.")
- 
- from .descriptors import EdgeAttrDict, EdgeAttrList
- from .policyrep import AnyTERule, SELinuxPolicy, TERuletype, Type
-@@ -87,8 +90,15 @@ class DomainTransitionAnalysis:
-         self.reverse = reverse
-         self.rebuildgraph = True
-         self.rebuildsubgraph = True
--        self.G = nx.DiGraph()
--        self.subG = self.G.copy()
-+
-+        try:
-+            self.G = nx.DiGraph()
-+            self.subG = self.G.copy()
-+        except NameError:
-+            self.log.critical("NetworkX is not available.  This is "
-+                              "requried for Domain Transition Analysis.")
-+            self.log.critical("This is typically in the python3-networkx package.")
-+            raise
- 
-     @property
-     def reverse(self) -> bool:
-Index: setools/setools/infoflow.py
-===================================================================
---- setools.orig/setools/infoflow.py
-+++ setools/setools/infoflow.py
-@@ -21,8 +21,11 @@ import logging
- from contextlib import suppress
- from typing import cast, Iterable, List, Mapping, Optional, Union
- 
--import networkx as nx
--from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound
-+try:
-+    import networkx as nx
-+    from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound
-+except ImportError:
-+    logging.getLogger(__name__).debug("NetworkX failed to import.")
- 
- from .descriptors import EdgeAttrIntMax, EdgeAttrList
- from .permmap import PermissionMap
-@@ -68,8 +71,14 @@ class InfoFlowAnalysis:
-         self.rebuildgraph = True
-         self.rebuildsubgraph = True
- 
--        self.G = nx.DiGraph()
--        self.subG = self.G.copy()
-+        try:
-+            self.G = nx.DiGraph()
-+            self.subG = self.G.copy()
-+        except NameError:
-+            self.log.critical("NetworkX is not available.  This is "
-+                              "requried for Information Flow Analysis.")
-+            self.log.critical("This is typically in the python3-networkx package.")
-+            raise
- 
-     @property
-     def min_weight(self) -> int:

setools-4.4.1.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fcd161e55504aa4c361921833bf9d4cd58475c98746cfdacadd192a68788ae45
-size 262328

setools-4.4.2.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f23e3c8635aa289096ca0218ca6f4568a4346e088bc46f374cb0917b7fb66f05
+size 261962

setools.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Wed Apr 26 11:17:30 UTC 2023 - Filippo Bonazzi <filippo.bonazzi@suse.com>
+
+- Update to version 4.4.2:
+  * Make NetworkX optional. sedta and seinfoflow tools, along with the
+    equivalent analyses in apol require NetworkX.
+  * Remove neverallow options in sesearch and apol. These are not usable
+    since they are removed in the final binary policy.
+- Drop make_networkx_optional.patch, now merged upstream
+
 -------------------------------------------------------------------
 Mon Feb  6 16:08:00 UTC 2023 - Filippo Bonazzi <filippo.bonazzi@suse.com>
 

setools.spec

@@ -26,7 +26,7 @@ print(rpm.expand("%{?" .. flavor .. "_prefix}%{!?" .. flavor .. "_prefix:python3
 %define pythons %python3_primary_provider
 
 Name:           setools
-Version:        4.4.1
+Version:        4.4.2
 Release:        0
 URL:            https://github.com/SELinuxProject/setools
 Summary:        Policy analysis tools for SELinux
@@ -34,8 +34,6 @@ License:        GPL-2.0-only
 Group:          System/Management
 Source:         https://github.com/SELinuxProject/setools/releases/download/%{version}/%{name}-%{version}.tar.bz2
 Source2:        README.SUSE
-# PATCH-FIX-UPSTREAM https://github.com/SELinuxProject/setools/pull/68
-Patch1:         make_networkx_optional.patch
 BuildRequires:  fdupes
 BuildRequires:  libselinux-devel
 BuildRequires:  libsepol-devel