Accepting request 422159 from security:SELinux

1 OBS-URL: https://build.opensuse.org/request/show/422159 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/setools?expand=0&rev=27
2016-08-29 13:36:31 +00:00
parent eeb078128d ba83dff5d8
commit efa5f05be8
6 changed files with 136 additions and 31 deletions
--- a/add-to-header-define_cond_filename_trans.patch
+++ b/add-to-header-define_cond_filename_trans.patch
@@ -1,7 +1,7 @@
-Index: setools-3.3.7/libqpol/src/policy_define.h
+Index: setools3-setools-3.3.8/libqpol/src/policy_define.h
 ===================================================================
--- setools-3.3.7.orig/libqpol/src/policy_define.h	2010-04-23 18:22:08.000000000 +0200
-+++ setools-3.3.7/libqpol/src/policy_define.h	2013-04-03 15:26:40.164954714 +0200
+--- setools3-setools-3.3.8.orig/libqpol/src/policy_define.h	2013-01-16 17:36:04.000000000 +0100
+++ setools3-setools-3.3.8/libqpol/src/policy_define.h	2016-07-18 12:40:35.922965184 +0200
@@ -23,6 +23,7 @@
  *  of code here */
 #define SECURITY_FS_USE_PSIDS 6
--- a/setools-3.3.7-libselinux-2.3.patch
+++ b/setools-3.3.7-libselinux-2.3.patch
@@ -1,20 +0,0 @@
--- a/secmds/replcon.cc
-+++ b/secmds/replcon.cc
-@@ -60,7 +60,7 @@
- 	{NULL, 0, NULL, 0}
- };
- 
-extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
-+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
- 
- /**
-  * As that setools must work with older libselinux versions that may
-@@ -68,7 +68,7 @@
-  * does indeed have the new functions then use them; otherwise
-  * fallback to the originals.
-  */
-static int replcon_lsetfilecon(const char *path, security_context_t context)
-+static int replcon_lsetfilecon(const char *path, const char *context)
- {
- 	if (lsetfilecon_raw != NULL)
- 	{
--- a/setools-libsepol.patch
+++ b/setools-libsepol.patch
@@ -7,11 +7,11 @@ Subject: [PATCH 5/6] Fix sepol calls to work with latest libsepol
 configure.ac |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

-Index: setools-3.3.6/configure.ac
+Index: setools3-setools-3.3.8/configure.ac
 ===================================================================
--- setools-3.3.6.orig/configure.ac
-+++ setools-3.3.6/configure.ac
-@@ -503,7 +503,7 @@ AC_COMPILE_IFELSE(
+--- setools3-setools-3.3.8.orig/configure.ac	2013-01-16 17:36:04.000000000 +0100
+++ setools3-setools-3.3.8/configure.ac	2016-07-18 12:40:48.255162639 +0200
+@@ -521,7 +521,7 @@ else
                   [AC_LANG_SOURCE([
 #include <sepol/policydb/expand.h>
 int main () {
@@ -20,7 +20,7 @@ Index: setools-3.3.6/configure.ac
 }])],
                   sepol_new_user_role_mapping="yes",
                   sepol_new_user_role_mapping="no")
-@@ -539,7 +539,7 @@ if test ${sepol_check_boolmap} = "yes";
+@@ -578,7 +578,7 @@ if test ${sepol_check_boolmap} = "yes";
                          [AC_LANG_SOURCE([
 #include <sepol/policydb/expand.h>
 int main () {
@@ -29,4 +29,3 @@ Index: setools-3.3.6/configure.ac
 }])],
                          AC_MSG_RESULT([yes]),
                          AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
-
--- a/setools-tclass.patch
+++ b/setools-tclass.patch
@@ -0,0 +1,114 @@
+From f1e5b208d507171968ca4d2eeefd7980f1004a3c Mon Sep 17 00:00:00 2001
+From: Chris PeBenito <cpebenito@tresys.com>
+Date: Thu, 12 Feb 2015 08:55:12 -0500
+Subject: [PATCH] Update for 2015-02-02 Userspace release (2.4)
+
+SETools now requires libsepol 2.4 and libselinux 2.4.
+---
+ configure.ac                 | 6 +++---
+ libqpol/src/policy_define.c  | 4 ++--
+ libqpol/src/policy_extend.c  | 4 ++--
+ libqpol/src/syn_rule_query.c | 6 +++---
+ secmds/replcon.cc            | 2 +-
+ 5 files changed, 11 insertions(+), 11 deletions(-)
+
+Index: setools3-setools-3.3.8/configure.ac
+===================================================================
+--- setools3-setools-3.3.8.orig/configure.ac	2016-07-18 12:40:35.914965056 +0200
+++ setools3-setools-3.3.8/configure.ac	2016-07-18 12:40:35.930965312 +0200
+@@ -25,9 +25,9 @@ libseaudit_version=4.5
+ setoolsdir='${prefix}/share/setools-3.3'
+ javadir='${prefix}/share/java'
+ 
+-version_min_sepol_major=1
+-version_min_sepol_minor=12
+-version_min_sepol_patch=27
+version_min_sepol_major=2
+version_min_sepol_minor=4
+version_min_sepol_patch=0
+ 
+ dnl *** end of tunable values ***
+ 
+Index: setools3-setools-3.3.8/libqpol/src/policy_define.c
+===================================================================
+--- setools3-setools-3.3.8.orig/libqpol/src/policy_define.c	2016-07-18 12:40:35.878964480 +0200
+++ setools3-setools-3.3.8/libqpol/src/policy_define.c	2016-07-18 12:40:35.930965312 +0200
+@@ -1449,7 +1449,7 @@ int define_compute_type_helper(int which
+ 				return -1;
+ 			}
+ 			class_perm_node_init(perm);
+-			perm->class = i + 1;
+			perm->tclass = i + 1;
+ 			perm->data = datum->s.value;
+ 			perm->next = avrule->perms;
+ 			avrule->perms = perm;
+@@ -1700,7 +1700,7 @@ int define_te_avtab_helper(int which, av
+ 			goto out;
+ 		}
+ 		class_perm_node_init(cur_perms);
+-		cur_perms->class = i + 1;
+		cur_perms->tclass = i + 1;
+ 		if (!perms)
+ 			perms = cur_perms;
+ 		if (tail)
+Index: setools3-setools-3.3.8/libqpol/src/policy_extend.c
+===================================================================
+--- setools3-setools-3.3.8.orig/libqpol/src/policy_extend.c	2013-01-16 17:36:04.000000000 +0100
+++ setools3-setools-3.3.8/libqpol/src/policy_extend.c	2016-07-18 12:40:35.930965312 +0200
+@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_se
+ 			for (class_node = rule->perms; class_node; class_node = class_node->next) {
+ 				key.rule_type = rule->specified;
+ 				key.source_val = key.target_val = i + 1;
+-				key.class_val = class_node->class;
+				key.class_val = class_node->tclass;
+ 				key.cond = cond;
+ 				if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
+ 					goto err;
+@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_se
+ 				key.rule_type = rule->specified;
+ 				key.source_val = i + 1;
+ 				key.target_val = j + 1;
+-				key.class_val = class_node->class;
+				key.class_val = class_node->tclass;
+ 				key.cond = cond;
+ 				if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
+ 					goto err;
+Index: setools3-setools-3.3.8/libqpol/src/syn_rule_query.c
+===================================================================
+--- setools3-setools-3.3.8.orig/libqpol/src/syn_rule_query.c	2013-01-16 17:36:04.000000000 +0100
+++ setools3-setools-3.3.8/libqpol/src/syn_rule_query.c	2016-07-18 12:40:35.930965312 +0200
+@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cu
+ 		return NULL;
+ 	}
+ 
+-	return db->class_val_to_struct[srcs->cur->class - 1];
+	return db->class_val_to_struct[srcs->cur->tclass - 1];
+ }
+ 
+ static int syn_rule_class_state_next(qpol_iterator_t * iter)
+@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const
+ 	}
+ 
+ 	for (node = internal_rule->perms; node; node = node->next) {
+-		for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
+		for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
+ 			if (!(node->data & (1 << i)))
+ 				continue;
+-			tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
+			tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
+ 			if (tmp) {
+ 				tmp++; /* remove prepended space */
+ 				for (cur = 0; cur < perm_list_sz; cur++)
+Index: setools3-setools-3.3.8/secmds/replcon.cc
+===================================================================
+--- setools3-setools-3.3.8.orig/secmds/replcon.cc	2013-01-16 17:36:04.000000000 +0100
+++ setools3-setools-3.3.8/secmds/replcon.cc	2016-07-18 12:40:35.930965312 +0200
+@@ -60,7 +60,7 @@ static struct option const longopts[] =
+ 	{NULL, 0, NULL, 0}
+ };
+ 
+-extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
+ 
+ /**
+  * As that setools must work with older libselinux versions that may
--- a/setools.changes
+++ b/setools.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Thu Aug 25 15:42:18 UTC 2016 - jsegitz@novell.com
+
+- Deleted setools-3.3.7-libselinux-2.3.patch, we have a 
+  current libselinux now
+
+-------------------------------------------------------------------
+Mon Jul 18 10:41:14 UTC 2016 - jsegitz@novell.com
+
+- Patch to work with current libsepol, libselinux
+  Added: setools-tclass.patch
+
 -------------------------------------------------------------------
 Mon Mar 23 02:32:05 UTC 2015 - p.drouand@gmail.com

--- a/setools.spec
+++ b/setools.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package setools
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -39,7 +39,7 @@ Patch8:         %{name}-swig-2.0.7.patch
 Patch9:         %{name}-am121.patch
 Patch10:        %{name}-libsepol.patch
 Patch23:        add-to-header-define_cond_filename_trans.patch
-Patch24:        setools-3.3.7-libselinux-2.3.patch
+Patch24:        setools-tclass.patch

 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  autoconf