SHA256
1
0
forked from pool/checkpolicy

Accepting request 642650 from home:jsegitz:branches:security:SELinux

- Update to version 2.8 (bsc#1111732)
- Dropped checkpolicy-build.patch, not necessary anymore
- Removed BuildRequires for byacc. It builds without and this blocks
  building on SLE 15

OBS-URL: https://build.opensuse.org/request/show/642650
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=41
This commit is contained in:
Vítězslav Čížek 2018-10-23 12:14:10 +00:00 committed by Git OBS Bridge
parent b26d17089b
commit 1c1b89d210
5 changed files with 13 additions and 236 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5413479f1dcde866c19896b4dbfec315d822aa431606e1d03c944408984c3201
size 65967

3
checkpolicy-2.8.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9dec811c24b88e58c3bf741365eacf1dbb945531a2fcb8f284aacf68098194c8
size 66243

View File

@ -1,228 +0,0 @@
diff --git checkpolicy-2.7/Makefile checkpolicy-2.7/Makefile
index 68e11f2..4c817cd 100644
--- checkpolicy-2.7/Makefile
+++ checkpolicy-2.7/Makefile
@@ -1,12 +1,9 @@
#
# Makefile for building the checkpolicy program
#
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
-INCLUDEDIR ?= $(PREFIX)/include
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
TARGETS = checkpolicy checkmodule
LEX = flex
@@ -14,7 +11,12 @@ YACC = bison -y
CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
-override CFLAGS += -I.
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
policy_define.o
@@ -27,8 +29,10 @@ all: $(TARGETS)
$(MAKE) -C test
checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA)
+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
%.o: %.c
$(CC) $(CFLAGS) -o $@ -c $<
@@ -46,15 +50,15 @@ lex.yy.c: policy_scan.l y.tab.c
$(LEX) policy_scan.l
install: all
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(TARGETS) $(BINDIR)
- install -m 644 checkpolicy.8 $(MANDIR)/man8
- install -m 644 checkmodule.8 $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
+ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
relabel: install
- /sbin/restorecon $(BINDIR)/checkpolicy
- /sbin/restorecon $(BINDIR)/checkmodule
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
clean:
-rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c
diff --git checkpolicy-2.7/checkmodule.8 checkpolicy-2.7/checkmodule.8
index ee95882..cf76591 100644
--- checkpolicy-2.7/checkmodule.8
+++ checkpolicy-2.7/checkmodule.8
@@ -64,4 +64,4 @@ especially "Configuring the SELinux Policy".
This manual page was copied from the checkpolicy man page
written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
and edited by Dan Walsh <dwalsh@redhat.com>.
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
diff --git checkpolicy-2.7/checkpolicy.8 checkpolicy-2.7/checkpolicy.8
index 7b28696..1c8805d 100644
--- checkpolicy-2.7/checkpolicy.8
+++ checkpolicy-2.7/checkpolicy.8
@@ -58,5 +58,5 @@ especially "Configuring the SELinux Policy".
.SH AUTHOR
This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
-and edited by Stephen Smalley <sds@epoch.ncsc.mil>.
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
+and edited by Stephen Smalley <sds@tycho.nsa.gov>.
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
diff --git checkpolicy-2.7/checkpolicy.c checkpolicy-2.7/checkpolicy.c
index b75f2af..fbda455 100644
--- checkpolicy-2.7/checkpolicy.c
+++ checkpolicy-2.7/checkpolicy.c
@@ -1,6 +1,6 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
@@ -69,6 +69,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <arpa/inet.h>
#include <fcntl.h>
#include <stdio.h>
@@ -944,6 +947,8 @@ int main(int argc, char **argv)
protocol = IPPROTO_UDP;
else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP"))
protocol = IPPROTO_DCCP;
+ else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP"))
+ protocol = IPPROTO_SCTP;
else {
printf("unknown protocol\n");
break;
diff --git checkpolicy-2.7/policy_define.c checkpolicy-2.7/policy_define.c
index f12ebdb..11fd37d 100644
--- checkpolicy-2.7/policy_define.c
+++ checkpolicy-2.7/policy_define.c
@@ -1,5 +1,5 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
@@ -40,6 +40,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <arpa/inet.h>
#include <stdlib.h>
#include <limits.h>
@@ -5004,6 +5007,8 @@ int define_port_context(unsigned int low, unsigned int high)
protocol = IPPROTO_UDP;
} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
protocol = IPPROTO_DCCP;
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
+ protocol = IPPROTO_SCTP;
} else {
yyerror2("unrecognized protocol %s", id);
goto bad;
diff --git checkpolicy-2.7/policy_parse.y checkpolicy-2.7/policy_parse.y
index 6b406c8..247bd4e 100644
--- checkpolicy-2.7/policy_parse.y
+++ checkpolicy-2.7/policy_parse.y
@@ -1,6 +1,6 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
diff --git checkpolicy-2.7/policy_scan.l checkpolicy-2.7/policy_scan.l
index e6c4898..e93ccb6 100644
--- checkpolicy-2.7/policy_scan.l
+++ checkpolicy-2.7/policy_scan.l
@@ -1,6 +1,6 @@
/*
- * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/* Updated: David Caplan, <dac@tresys.com>
diff --git checkpolicy-2.7/queue.c checkpolicy-2.7/queue.c
index acc991c..82e6673 100644
--- checkpolicy-2.7/queue.c
+++ checkpolicy-2.7/queue.c
@@ -1,5 +1,5 @@
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */
diff --git checkpolicy-2.7/queue.h checkpolicy-2.7/queue.h
index 655c94b..60c07fe 100644
--- checkpolicy-2.7/queue.h
+++ checkpolicy-2.7/queue.h
@@ -1,5 +1,5 @@
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */
diff --git checkpolicy-2.7/test/Makefile checkpolicy-2.7/test/Makefile
index 59fa446..89e7557 100644
--- checkpolicy-2.7/test/Makefile
+++ checkpolicy-2.7/test/Makefile
@@ -1,19 +1,22 @@
#
# Makefile for building the dispol program
#
-PREFIX ?= $(DESTDIR)/usr
-BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= $(PREFIX)/lib
-INCLUDEDIR ?= $(PREFIX)/include
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
-
CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
+
all: dispol dismod
dispol: dispol.o $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
dismod: dismod.o $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
clean:
-rm -f dispol dismod *.o

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Wed Oct 17 11:52:55 UTC 2018 - jsegitz@suse.com
- Update to version 2.8 (bsc#1111732)
- Dropped checkpolicy-build.patch, not necessary anymore
- Removed BuildRequires for byacc. It builds without and this blocks
building on SLE 15
-------------------------------------------------------------------
Mon Jun 11 07:48:05 UTC 2018 - jsegitz@suse.com

View File

@ -16,9 +16,9 @@
#
%define libsepol_ver 2.6
%define libsepol_ver 2.8
Name: checkpolicy
Version: 2.7
Version: 2.8
Release: 0
Summary: SELinux policy compiler
License: GPL-2.0-or-later
@ -26,9 +26,7 @@ Group: Productivity/Security
Url: https://github.com/SELinuxProject/selinux
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/%{name}-%{version}.tar.gz
Source1: checkpolicy-tests.tar.gz
Patch0: checkpolicy-build.patch
BuildRequires: bison
BuildRequires: byacc
BuildRequires: flex
BuildRequires: libselinux-devel
BuildRequires: libsepol-devel-static => %{libsepol_ver}
@ -69,7 +67,6 @@ to use checkpolicy from Python.
%prep
%setup -q
%patch0 -p1
%build
make clean