From 1c1b89d21022545b9bce03913090fcc986a6add68bf460c97e65068215b6b8fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=C4=9Bzslav=20=C4=8C=C3=AD=C5=BEek?= Date: Tue, 23 Oct 2018 12:14:10 +0000 Subject: [PATCH] Accepting request 642650 from home:jsegitz:branches:security:SELinux - Update to version 2.8 (bsc#1111732) - Dropped checkpolicy-build.patch, not necessary anymore - Removed BuildRequires for byacc. It builds without and this blocks building on SLE 15 OBS-URL: https://build.opensuse.org/request/show/642650 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=41 --- checkpolicy-2.7.tar.gz | 3 - checkpolicy-2.8.tar.gz | 3 + checkpolicy-build.patch | 228 ---------------------------------------- checkpolicy.changes | 8 ++ checkpolicy.spec | 7 +- 5 files changed, 13 insertions(+), 236 deletions(-) delete mode 100644 checkpolicy-2.7.tar.gz create mode 100644 checkpolicy-2.8.tar.gz delete mode 100644 checkpolicy-build.patch diff --git a/checkpolicy-2.7.tar.gz b/checkpolicy-2.7.tar.gz deleted file mode 100644 index 5af869e..0000000 --- a/checkpolicy-2.7.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5413479f1dcde866c19896b4dbfec315d822aa431606e1d03c944408984c3201 -size 65967 diff --git a/checkpolicy-2.8.tar.gz b/checkpolicy-2.8.tar.gz new file mode 100644 index 0000000..49114e0 --- /dev/null +++ b/checkpolicy-2.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9dec811c24b88e58c3bf741365eacf1dbb945531a2fcb8f284aacf68098194c8 +size 66243 diff --git a/checkpolicy-build.patch b/checkpolicy-build.patch deleted file mode 100644 index 9c2279d..0000000 --- a/checkpolicy-build.patch +++ /dev/null @@ -1,228 +0,0 @@ -diff --git checkpolicy-2.7/Makefile checkpolicy-2.7/Makefile -index 68e11f2..4c817cd 100644 ---- checkpolicy-2.7/Makefile -+++ checkpolicy-2.7/Makefile -@@ -1,12 +1,9 @@ - # - # Makefile for building the checkpolicy program - # --PREFIX ?= $(DESTDIR)/usr -+PREFIX ?= /usr - BINDIR ?= $(PREFIX)/bin - MANDIR ?= $(PREFIX)/share/man --LIBDIR ?= $(PREFIX)/lib --INCLUDEDIR ?= $(PREFIX)/include --LIBSEPOLA ?= $(LIBDIR)/libsepol.a - TARGETS = checkpolicy checkmodule - - LEX = flex -@@ -14,7 +11,12 @@ YACC = bison -y - - CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing - --override CFLAGS += -I. -+# If no specific libsepol.a is specified, fall back on LDFLAGS search path -+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there -+# is no need to define a value for LDLIBS_LIBSEPOLA -+ifeq ($(LIBSEPOLA),) -+ LDLIBS_LIBSEPOLA := -l:libsepol.a -+endif - - CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \ - policy_define.o -@@ -27,8 +29,10 @@ all: $(TARGETS) - $(MAKE) -C test - - checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA) -+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA) - - checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA) -+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA) - - %.o: %.c - $(CC) $(CFLAGS) -o $@ -c $< -@@ -46,15 +50,15 @@ lex.yy.c: policy_scan.l y.tab.c - $(LEX) policy_scan.l - - install: all -- -mkdir -p $(BINDIR) -- -mkdir -p $(MANDIR)/man8 -- install -m 755 $(TARGETS) $(BINDIR) -- install -m 644 checkpolicy.8 $(MANDIR)/man8 -- install -m 644 checkmodule.8 $(MANDIR)/man8 -+ -mkdir -p $(DESTDIR)$(BINDIR) -+ -mkdir -p $(DESTDIR)$(MANDIR)/man8 -+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) -+ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8 -+ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8 - - relabel: install -- /sbin/restorecon $(BINDIR)/checkpolicy -- /sbin/restorecon $(BINDIR)/checkmodule -+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy -+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule - - clean: - -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c -diff --git checkpolicy-2.7/checkmodule.8 checkpolicy-2.7/checkmodule.8 -index ee95882..cf76591 100644 ---- checkpolicy-2.7/checkmodule.8 -+++ checkpolicy-2.7/checkmodule.8 -@@ -64,4 +64,4 @@ especially "Configuring the SELinux Policy". - This manual page was copied from the checkpolicy man page - written by Arpad Magosanyi , - and edited by Dan Walsh . --The program was written by Stephen Smalley . -+The program was written by Stephen Smalley . -diff --git checkpolicy-2.7/checkpolicy.8 checkpolicy-2.7/checkpolicy.8 -index 7b28696..1c8805d 100644 ---- checkpolicy-2.7/checkpolicy.8 -+++ checkpolicy-2.7/checkpolicy.8 -@@ -58,5 +58,5 @@ especially "Configuring the SELinux Policy". - - .SH AUTHOR - This manual page was written by Arpad Magosanyi , --and edited by Stephen Smalley . --The program was written by Stephen Smalley . -+and edited by Stephen Smalley . -+The program was written by Stephen Smalley . -diff --git checkpolicy-2.7/checkpolicy.c checkpolicy-2.7/checkpolicy.c -index b75f2af..fbda455 100644 ---- checkpolicy-2.7/checkpolicy.c -+++ checkpolicy-2.7/checkpolicy.c -@@ -1,6 +1,6 @@ - - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - - /* -@@ -69,6 +69,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - #include - #include - #include -@@ -944,6 +947,8 @@ int main(int argc, char **argv) - protocol = IPPROTO_UDP; - else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP")) - protocol = IPPROTO_DCCP; -+ else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP")) -+ protocol = IPPROTO_SCTP; - else { - printf("unknown protocol\n"); - break; -diff --git checkpolicy-2.7/policy_define.c checkpolicy-2.7/policy_define.c -index f12ebdb..11fd37d 100644 ---- checkpolicy-2.7/policy_define.c -+++ checkpolicy-2.7/policy_define.c -@@ -1,5 +1,5 @@ - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - - /* -@@ -40,6 +40,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - #include - #include - #include -@@ -5004,6 +5007,8 @@ int define_port_context(unsigned int low, unsigned int high) - protocol = IPPROTO_UDP; - } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { - protocol = IPPROTO_DCCP; -+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { -+ protocol = IPPROTO_SCTP; - } else { - yyerror2("unrecognized protocol %s", id); - goto bad; -diff --git checkpolicy-2.7/policy_parse.y checkpolicy-2.7/policy_parse.y -index 6b406c8..247bd4e 100644 ---- checkpolicy-2.7/policy_parse.y -+++ checkpolicy-2.7/policy_parse.y -@@ -1,6 +1,6 @@ - - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - - /* -diff --git checkpolicy-2.7/policy_scan.l checkpolicy-2.7/policy_scan.l -index e6c4898..e93ccb6 100644 ---- checkpolicy-2.7/policy_scan.l -+++ checkpolicy-2.7/policy_scan.l -@@ -1,6 +1,6 @@ - - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - - /* Updated: David Caplan, -diff --git checkpolicy-2.7/queue.c checkpolicy-2.7/queue.c -index acc991c..82e6673 100644 ---- checkpolicy-2.7/queue.c -+++ checkpolicy-2.7/queue.c -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git checkpolicy-2.7/queue.h checkpolicy-2.7/queue.h -index 655c94b..60c07fe 100644 ---- checkpolicy-2.7/queue.h -+++ checkpolicy-2.7/queue.h -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git checkpolicy-2.7/test/Makefile checkpolicy-2.7/test/Makefile -index 59fa446..89e7557 100644 ---- checkpolicy-2.7/test/Makefile -+++ checkpolicy-2.7/test/Makefile -@@ -1,19 +1,22 @@ - # - # Makefile for building the dispol program - # --PREFIX ?= $(DESTDIR)/usr --BINDIR ?= $(PREFIX)/bin --LIBDIR ?= $(PREFIX)/lib --INCLUDEDIR ?= $(PREFIX)/include --LIBSEPOLA ?= $(LIBDIR)/libsepol.a -- - CFLAGS ?= -g -Wall -W -Werror -O2 -pipe - -+# If no specific libsepol.a is specified, fall back on LDFLAGS search path -+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there -+# is no need to define a value for LDLIBS_LIBSEPOLA -+ifeq ($(LIBSEPOLA),) -+ LDLIBS_LIBSEPOLA := -l:libsepol.a -+endif -+ - all: dispol dismod - - dispol: dispol.o $(LIBSEPOLA) -+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA) - - dismod: dismod.o $(LIBSEPOLA) -+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA) - - clean: - -rm -f dispol dismod *.o diff --git a/checkpolicy.changes b/checkpolicy.changes index 40004db..c639fc1 100644 --- a/checkpolicy.changes +++ b/checkpolicy.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Oct 17 11:52:55 UTC 2018 - jsegitz@suse.com + +- Update to version 2.8 (bsc#1111732) +- Dropped checkpolicy-build.patch, not necessary anymore +- Removed BuildRequires for byacc. It builds without and this blocks + building on SLE 15 + ------------------------------------------------------------------- Mon Jun 11 07:48:05 UTC 2018 - jsegitz@suse.com diff --git a/checkpolicy.spec b/checkpolicy.spec index fed772d..76a39e4 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -16,9 +16,9 @@ # -%define libsepol_ver 2.6 +%define libsepol_ver 2.8 Name: checkpolicy -Version: 2.7 +Version: 2.8 Release: 0 Summary: SELinux policy compiler License: GPL-2.0-or-later @@ -26,9 +26,7 @@ Group: Productivity/Security Url: https://github.com/SELinuxProject/selinux Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/%{name}-%{version}.tar.gz Source1: checkpolicy-tests.tar.gz -Patch0: checkpolicy-build.patch BuildRequires: bison -BuildRequires: byacc BuildRequires: flex BuildRequires: libselinux-devel BuildRequires: libsepol-devel-static => %{libsepol_ver} @@ -69,7 +67,6 @@ to use checkpolicy from Python. %prep %setup -q -%patch0 -p1 %build make clean