rpm/libselinux
SHA256
1
0
Fork 0
forked from pool/libselinux
Code Pull Requests Activity

Accepting request 1102401 from home:mcepl:branches:security:SELinux

Browse Source 
- (bsc#1212618) Divide libselinux and libselinux-bindings again.
  libselinux itself is in Ring0 so it has to have absolutely
  minimal dependencies, so it is better to separate
  libselinux-bindings into a separate pacakge.
- Add explicit BuildRequires for python3-pip and python3-wheel on
  15.5, currently the macros don't do the right thing
- allow building this with different python versions, to make this
  usable for the new sle15 macro (using python3.11)
- Add python-wheel build dependency to build correctly with latest
  python-pip version.
- Add _multibuild to define additional spec files as additional
  flavors.
  Eliminates the need for source package links in OBS.
- Enable LTO as it works fine now.
- Update to version 3.5:
  * check for truncations
  * avoid newline in avc message
  * bail out on path truncations
  * add getpidprevcon to gather the previous context before the last
    exec of a given process
  * Workaround for heap overhead of pcre
  * fix memory leaks on the audit2why module init
  * ignore invalid class name lookup
- Drop restorecon_pin_file.patch, is upstream
- Refreshed python3.8-compat.patch
- Added additional developer key (Jason Zaman)
- Update to version 3.4:
  * Use PCRE2 by default
  * Make selinux_log() and is_context_customizable() thread-safe
  * Prevent leakeing file descriptors
  * Correctly hash specfiles larger than 4G
- Refreshed skip_cycles.patch
- Update to version 3.3:
  * Lots of smaller issues fixed found by fuzzing
- Switch to pcre2:
  + Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8)
  + Pass USE_PCRE2=y to make.
- Update to version 3.2:
  * Use mmap()'ed kernel status page instead of netlink by default.
    See "KERNEL STATUS PAGE" section in avc_init(3) for more details.
  * New log callback levels for enforcing and policy load notices -
    SELINUX_POLICYLOAD, SELINUX_SETENFORCE
  * Changed userspace AVC setenforce and policy load messages to audit 
    format.
- Update to version 3.1:
  * selinux/flask.h, selinux/av_permissions.h and sepol/policydb/flask.h were
    removed. All userspace object managers should have been updated to use the
    dynamic class/perm mapping support.
    Use string_to_security_class(3) and string_to_av_perm(3) to map the class
    and permission names to their policy values, or selinux_set_mapping(3) to
    create a mapping from class and permission index values used by the
    application to the policy values.
  * Removed restrictions in libsepol and checkpolicy that required all declared
    initial SIDs to be assigned a context.
  * Support for new policy capability genfs_seclabel_symlinks
  * selinuxfs is mounted with noexec and nosuid
  * `security_compute_user()` was deprecated
  * Refreshed python3.8-compat.patch
- Update to version 3.0
  * Ignore the stem when looking up all matches in file context
  * Save digest of all partial matches for directory
  * Use Python distutils to install SELinux python bindings
  * ensure that digest_len is not zero
  * fix string conversion of unknown perms
  * mark all exported function "extern"
- Added swig4_moduleimport.patch to prevent import errors due to
  SWIG 4
- Add python3.8-compat.patch which makes build possible even with
  Python 3.8, which doesn’t automatically adds -lpython<ver>
- Disable LTO (boo#1133244).
- Set License: to correct value (bsc#1135710)
- Update to version 2.9
  * Add security_reject_unknown(3) man page
  * Change matchpathcon usage to match with matchpathcon manpage
  * Do not define gettid() if glibc >= 2.30 is used
  * Fix RESOURCE_LEAK defects reported by coverity scan
  * Fix line wrapping in selabel_file.5
  * Do not dereference symlink with statfs in selinux_restorecon
  * Fix overly strict validation of file_contexts.bin
  * Fix selinux_restorecon() on non-SELinux hosts
  * Fix the whatis line for the selinux_boolean_sub.3 manpage
  * Fix printf format string specifier for uint64_t
  * Fix handling of unknown classes/perms
  * Set an appropriate errno in booleans.c
- Dropped python3.patch, is now upstream
- Update to version 2.8 (bsc#1111732). 
  For changes please see
  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
- ran spec-cleaner on spec files
- Update to version 2.7.
    * %files needed to be heavily modified
    * Based expressly on python3, not just python 
  For changes please see
  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
- Updated spec file to use python3. Added python3.patch to fix
  build
- Update to version 2.6. Notable changes:
  * selinux_restorecon: fix realpath logic
  * sefcontext_compile: invert semantics of "-r" flag
  * sefcontext_compile: Add "-i" flag
  * Introduce configurable backends
  * Add function to find security.restorecon_last entries
  * Add openrc_contexts functions
  * Add support for pcre2
  * Handle NULL pcre study data
  * Add setfiles support to selinux_restorecon(3)
  * Evaluate inodes in selinux_restorecon(3)
  * Change the location of _selinux.so
  * Explain how to free policy type from selinux_getpolicytype()
  * Compare absolute pathname in matchpathcon -V
  * Add selinux_snapperd_contexts_path()
  * Modify audit2why analyze function to use loaded policy
  * Avoid mounting /proc outside of selinux_init_load_policy()
  * Fix location of selinuxfs mount point
  * Only mount /proc if necessary
  * procattr: return einval for <= 0 pid args
  * procattr: return error on invalid pid_t input
- Dropped
  * libselinux-2.2-ruby.patch 
  * libselinux-proc-mount-only-if-needed.patch 
  * python-selinux-swig-3.10.patch
- readv-proto.patch: include <sys/uio.h> for readv prototype
- Update RPM groups, trim description and combine filelist entries.
- Adjusted source link
- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
  * swig-3.10 in Factory use importlib instead of imp to find
    _selinux.so. imp searched the same directory as __init__.py
    is while importlib searchs only standard paths. so we have
    to move _selinux.so. fixed by upstream 
- update version 2.5
  * Add selinux_restorecon function
  * read_spec_entry: fail on non-ascii
  * Add man information about thread specific functions
  * Don't wrap rpm_execcon with DISABLE_RPM with SWIG
  * Correct line count for property and service context files
  * label_file: fix memory leaks and uninitialized jump
  * Replace selabel_digest hash function
  * Fix selabel_open(3) services if no digest requested
  * Add selabel_digest function
  * Flush the class/perm string mapping cache on policy reload
  * Fix restorecon when path has no context
  * Free memory when processing media and x specfiles
  * Fix mmap memory release for file labeling
  * Add policy context validation to sefcontext_compile
  * Do not treat an empty file_contexts(.local) as an error
  * Fail hard on invalid property_contexts entries
  * Fail hard on invalid file_contexts entries
  * Support context validation on file_contexts.bin
  * Add selabel_cmp interface and label_file backend
  * Support specifying file_contexts.bin file path
  * Support file_contexts.bin without file_contexts
  * Simplify procattr cache
  * Use /proc/thread-self when available
  * Add const to selinux_opt for label backends
  * Fix binary file labels for regexes with metachars
  * Fix file labels for regexes with metachars
  * Fix if file_contexts not '\n' terminated
  * Enhance file context support
  * Fix property processing and cleanup formatting
  * Add read_spec_entries function to replace sscanf
  * Support consistent mode size for bin files
  * Fix more bin file processing core dumps
  * add selinux_openssh_contexts_path()
  * setrans_client: minimize overhead when mcstransd is not present
  * Ensure selabel_lookup_best_match links NULL terminated
  * Fix core dumps with corrupt *.bin files
  * Add selabel partial and best match APIs
  * Use os.walk() instead of the deprecated os.path.walk()
  * Remove deprecated mudflap option
  * Mount procfs before checking /proc/filesystems
  * Fix -Wformat errors with gcc-5.0.0
  * label_file:  handle newlines in file names
  * Fix audit2why error handling if SELinux is disabled
  * pcre_study can return NULL without error
  * Only check SELinux enabled status once in selinux_check_access
- changes in 2.4
  * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
  * Fix bugs found by hardened gcc flags
  * Set the system to permissive if failing to disable SELinux because
    policy has already been loaded
  * Add db_exception and db_datatype support to label_db backend
  * Log an error on unknown classes and permissions
  * Add pcre version string to the compiled file_contexts format
  * Deprecate use of flask.h and av_permissions.h
  * Compiled file_context files and the original should have the same DAC
    permissions
- Update libselinux-2.2-ruby.patch: use RbConfig instead of
  deprecated Config.
- Update to version 2.3 
* Get rid of security_context_t and fix const declarations.
* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
- Update to version 2.2
  * Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
  * Support overriding Makefile RANLIB
  * Update pkgconfig definition
  * Mount sysfs before trying to mount selinuxfs.
  * Fix man pages
  * Support overriding PATH  and LIBBASE in Makefile
  * Fix LDFLAGS usage
  * Avoid shadowing stat in load_mmap
  * Support building on older PCRE libraries
  * Fix handling of temporary file in sefcontext_compile
  * Fix procattr cache
  * Define python constants for getenforce result
  * Fix label substitution handling of /
  * Add selinux_current_policy_path from
  * Change get_context_list to only return good matches
  * Support udev-197 and higher
  * Add support for local substitutions
  * Change setfilecon to not return ENOSUP if context is already correct
  * Python wrapper leak fixes
  * Export SELINUX_TRANS_DIR definition in selinux.h
  * Add selinux_systemd_contexts_path
  * Add selinux_set_policy_root
  * Add man page for sefcontext_compile
- Remove libselinux-rhat.patch; merged on upstream
- Adapt libselinux-ruby.patch to upstream changes
- Use fdupes to symlink duplicate manpages
- change the source url to the official 2.1.13 release tarball
- update to 2.1.12
- added BuildRequires: pcre-devel
- Remove obsolete defines/sections
- updated to 2.1.9 again (see below)
- update to libselinux-2.1.9
  * better man pages
  * selinux_status interfaces
  * simple interface for access checks
  * multiple bug fixes
- fix build for ruby-1.9
- use %_smp_mflags
- updated to 2.0.91
  * changes too numerous to list
- add baselibs.conf as a source
- updated selinux-ready script
- change libsepol-devel to libsepol-devel-static in dependencies
  of python bindings
- put libsepol-devel back to Requires of libselinux-devel
- added selinux-ready tool to selinux-tools package
- remove static libraries
- libselinux-devel does not require libsepol-devel
- updated to 2.0.80
  * deny_unknown wrapper function from KaiGai Kohei
  * security_compute_av_flags API from KaiGai Kohei
  * Netlink socket management and callbacks from KaiGai Kohei
  * Netlink socket handoff patch from Adam Jackson
  * AVC caching of compute_create results by Eric Paris
  * fix incorrect conversion in discover_class code
- fixed memory leak (memleak.patch)
- updated to 2.0.77
  * add new function getseuser which will take username and service
    and return seuser and level; ipa will populate file in future
  * change selinuxdefcon to return just the context by default
  * fix segfault if seusers file does not work
  * strip trailing / for matchpathcon
  * fix restorecon python code
- updated to 2.0.76
  * allow shell-style wildcarding in X names
  * add Restorecon/Install python functions
  * correct message types in AVC log messages
  * make matchpathcon -V pass mode
  * add man page for selinux_file_context_cmp
  * update flask headers from refpolicy trunk
- fix debug_packages_requires define
- require only version, not release [bnc#429053]
- updated to 2.0.71
  * Add group support to seusers using %groupname syntax from Dan Walsh.
  * Mark setrans socket close-on-exec from Stephen Smalley.
  * Only apply nodups checking to base file contexts from Stephen Smalley.
  * Merge ruby bindings from Dan Walsh.
- Fix build of debuginfo.
- added baselibs.conf file
- split bindings into separate subpackage (libselinux-bindings)
- split tools into separate subpackage (selinux-tools)
- fix requires for debuginfo package
- initial version 2.0.67
  * based on Fedora package by Dan Walsh <dwalsh@redhat.com>
- (bsc#1212618) Divide libselinux and libselinux-bindings again.
  libselinux itself is in Ring0 so it has to have absolutely
  minimal dependencies, so it is better to separate
  libselinux-bindings into a separate pacakge.

OBS-URL: https://build.opensuse.org/request/show/1102401
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=161
This commit is contained in:
Johannes Segitz 2023-08-07 12:24:31 +00:00 committed by Git OBS Bridge
parent d1efca8160
commit 1205c5cce4
5 changed files with 629 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
_multibuild Normal file
View File

@ -0,0 +1,4 @@
<multibuild>
<package>libselinux-bindings</package>
</multibuild>

489
libselinux-bindings.changes Normal file
View File

@ -0,0 +1,489 @@
-------------------------------------------------------------------
Fri Aug 4 13:14:19 UTC 2023 - Matej Cepl <mcepl@suse.com>
- (bsc#1212618) Divide libselinux and libselinux-bindings again.
libselinux itself is in Ring0 so it has to have absolutely
minimal dependencies, so it is better to separate
libselinux-bindings into a separate pacakge.
-------------------------------------------------------------------
Tue Jun 20 13:34:39 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Add explicit BuildRequires for python3-pip and python3-wheel on
15.5, currently the macros don't do the right thing
-------------------------------------------------------------------
Thu Jun 1 11:50:33 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>
- allow building this with different python versions, to make this
usable for the new sle15 macro (using python3.11)
-------------------------------------------------------------------
Fri May 5 12:35:31 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
- Add python-wheel build dependency to build correctly with latest
python-pip version.
-------------------------------------------------------------------
Thu May 4 14:04:04 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Thu Mar 23 15:39:15 UTC 2023 - Martin Liška <mliska@suse.cz>
- Enable LTO as it works fine now.
-------------------------------------------------------------------
Fri Feb 24 07:42:25 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.5:
* check for truncations
* avoid newline in avc message
* bail out on path truncations
* add getpidprevcon to gather the previous context before the last
exec of a given process
* Workaround for heap overhead of pcre
* fix memory leaks on the audit2why module init
* ignore invalid class name lookup
- Drop restorecon_pin_file.patch, is upstream
- Refreshed python3.8-compat.patch
- Added additional developer key (Jason Zaman)
-------------------------------------------------------------------
Mon May 9 10:23:32 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.4:
* Use PCRE2 by default
* Make selinux_log() and is_context_customizable() thread-safe
* Prevent leakeing file descriptors
* Correctly hash specfiles larger than 4G
- Refreshed skip_cycles.patch
-------------------------------------------------------------------
Thu Nov 11 13:25:30 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.3:
* Lots of smaller issues fixed found by fuzzing
-------------------------------------------------------------------
Wed Mar 17 15:17:27 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
- Switch to pcre2:
+ Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8)
+ Pass USE_PCRE2=y to make.
-------------------------------------------------------------------
Tue Mar 9 09:01:15 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.2:
* Use mmap()'ed kernel status page instead of netlink by default.
See "KERNEL STATUS PAGE" section in avc_init(3) for more details.
* New log callback levels for enforcing and policy load notices -
SELINUX_POLICYLOAD, SELINUX_SETENFORCE
* Changed userspace AVC setenforce and policy load messages to audit
format.
-------------------------------------------------------------------
Tue Jul 14 08:24:20 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.1:
* selinux/flask.h, selinux/av_permissions.h and sepol/policydb/flask.h were
removed. All userspace object managers should have been updated to use the
dynamic class/perm mapping support.
Use string_to_security_class(3) and string_to_av_perm(3) to map the class
and permission names to their policy values, or selinux_set_mapping(3) to
create a mapping from class and permission index values used by the
application to the policy values.
* Removed restrictions in libsepol and checkpolicy that required all declared
initial SIDs to be assigned a context.
* Support for new policy capability genfs_seclabel_symlinks
* selinuxfs is mounted with noexec and nosuid
* `security_compute_user()` was deprecated
* Refreshed python3.8-compat.patch
-------------------------------------------------------------------
Tue Mar 3 11:13:12 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Update to version 3.0
* Ignore the stem when looking up all matches in file context
* Save digest of all partial matches for directory
* Use Python distutils to install SELinux python bindings
* ensure that digest_len is not zero
* fix string conversion of unknown perms
* mark all exported function "extern"
-------------------------------------------------------------------
Mon Dec 16 16:04:41 UTC 2019 - Johannes Segitz <jsegitz@suse.de>
- Added swig4_moduleimport.patch to prevent import errors due to
SWIG 4
-------------------------------------------------------------------
Wed Oct 30 17:21:00 CET 2019 - Matej Cepl <mcepl@suse.com>
- Add python3.8-compat.patch which makes build possible even with
Python 3.8, which doesnt automatically adds -lpython<ver>
-------------------------------------------------------------------
Tue May 28 08:28:03 UTC 2019 - Martin Liška <mliska@suse.cz>
- Disable LTO (boo#1133244).
-------------------------------------------------------------------
Fri May 24 11:22:19 UTC 2019 - <jsegitz@suse.com>
- Set License: to correct value (bsc#1135710)
-------------------------------------------------------------------
Wed Mar 20 15:05:35 UTC 2019 - jsegitz@suse.com
- Update to version 2.9
* Add security_reject_unknown(3) man page
* Change matchpathcon usage to match with matchpathcon manpage
* Do not define gettid() if glibc >= 2.30 is used
* Fix RESOURCE_LEAK defects reported by coverity scan
* Fix line wrapping in selabel_file.5
* Do not dereference symlink with statfs in selinux_restorecon
* Fix overly strict validation of file_contexts.bin
* Fix selinux_restorecon() on non-SELinux hosts
* Fix the whatis line for the selinux_boolean_sub.3 manpage
* Fix printf format string specifier for uint64_t
* Fix handling of unknown classes/perms
* Set an appropriate errno in booleans.c
- Dropped python3.patch, is now upstream
-------------------------------------------------------------------
Wed Oct 17 11:48:30 UTC 2018 - jsegitz@suse.com
- Update to version 2.8 (bsc#1111732).
For changes please see
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
- ran spec-cleaner on spec files
-------------------------------------------------------------------
Mon May 14 22:50:42 UTC 2018 - mcepl@cepl.eu
- Update to version 2.7.
* %files needed to be heavily modified
* Based expressly on python3, not just python
For changes please see
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
-------------------------------------------------------------------
Fri Mar 16 15:25:10 UTC 2018 - jsegitz@suse.com
- Updated spec file to use python3. Added python3.patch to fix
build
-------------------------------------------------------------------
Fri Nov 24 09:09:02 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
* selinux_restorecon: fix realpath logic
* sefcontext_compile: invert semantics of "-r" flag
* sefcontext_compile: Add "-i" flag
* Introduce configurable backends
* Add function to find security.restorecon_last entries
* Add openrc_contexts functions
* Add support for pcre2
* Handle NULL pcre study data
* Add setfiles support to selinux_restorecon(3)
* Evaluate inodes in selinux_restorecon(3)
* Change the location of _selinux.so
* Explain how to free policy type from selinux_getpolicytype()
* Compare absolute pathname in matchpathcon -V
* Add selinux_snapperd_contexts_path()
* Modify audit2why analyze function to use loaded policy
* Avoid mounting /proc outside of selinux_init_load_policy()
* Fix location of selinuxfs mount point
* Only mount /proc if necessary
* procattr: return einval for <= 0 pid args
* procattr: return error on invalid pid_t input
- Dropped
* libselinux-2.2-ruby.patch
* libselinux-proc-mount-only-if-needed.patch
* python-selinux-swig-3.10.patch
-------------------------------------------------------------------
Wed Jul 5 10:30:57 UTC 2017 - schwab@suse.de
- readv-proto.patch: include <sys/uio.h> for readv prototype
-------------------------------------------------------------------
Sun Jul 17 15:30:05 UTC 2016 - jengelh@inai.de
- Update RPM groups, trim description and combine filelist entries.
-------------------------------------------------------------------
Thu Jul 14 07:59:04 UTC 2016 - jsegitz@novell.com
- Adjusted source link
-------------------------------------------------------------------
Tue Jul 5 16:44:44 UTC 2016 - i@marguerite.su
- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
* swig-3.10 in Factory use importlib instead of imp to find
_selinux.so. imp searched the same directory as __init__.py
is while importlib searchs only standard paths. so we have
to move _selinux.so. fixed by upstream
- update version 2.5
* Add selinux_restorecon function
* read_spec_entry: fail on non-ascii
* Add man information about thread specific functions
* Don't wrap rpm_execcon with DISABLE_RPM with SWIG
* Correct line count for property and service context files
* label_file: fix memory leaks and uninitialized jump
* Replace selabel_digest hash function
* Fix selabel_open(3) services if no digest requested
* Add selabel_digest function
* Flush the class/perm string mapping cache on policy reload
* Fix restorecon when path has no context
* Free memory when processing media and x specfiles
* Fix mmap memory release for file labeling
* Add policy context validation to sefcontext_compile
* Do not treat an empty file_contexts(.local) as an error
* Fail hard on invalid property_contexts entries
* Fail hard on invalid file_contexts entries
* Support context validation on file_contexts.bin
* Add selabel_cmp interface and label_file backend
* Support specifying file_contexts.bin file path
* Support file_contexts.bin without file_contexts
* Simplify procattr cache
* Use /proc/thread-self when available
* Add const to selinux_opt for label backends
* Fix binary file labels for regexes with metachars
* Fix file labels for regexes with metachars
* Fix if file_contexts not '\n' terminated
* Enhance file context support
* Fix property processing and cleanup formatting
* Add read_spec_entries function to replace sscanf
* Support consistent mode size for bin files
* Fix more bin file processing core dumps
* add selinux_openssh_contexts_path()
* setrans_client: minimize overhead when mcstransd is not present
* Ensure selabel_lookup_best_match links NULL terminated
* Fix core dumps with corrupt *.bin files
* Add selabel partial and best match APIs
* Use os.walk() instead of the deprecated os.path.walk()
* Remove deprecated mudflap option
* Mount procfs before checking /proc/filesystems
* Fix -Wformat errors with gcc-5.0.0
* label_file: handle newlines in file names
* Fix audit2why error handling if SELinux is disabled
* pcre_study can return NULL without error
* Only check SELinux enabled status once in selinux_check_access
- changes in 2.4
* Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
* Fix bugs found by hardened gcc flags
* Set the system to permissive if failing to disable SELinux because
policy has already been loaded
* Add db_exception and db_datatype support to label_db backend
* Log an error on unknown classes and permissions
* Add pcre version string to the compiled file_contexts format
* Deprecate use of flask.h and av_permissions.h
* Compiled file_context files and the original should have the same DAC
permissions
-------------------------------------------------------------------
Wed May 27 11:53:54 UTC 2015 - dimstar@opensuse.org
- Update libselinux-2.2-ruby.patch: use RbConfig instead of
deprecated Config.
-------------------------------------------------------------------
Sun May 18 00:15:17 UTC 2014 - crrodriguez@opensuse.org
- Update to version 2.3
* Get rid of security_context_t and fix const declarations.
* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
-------------------------------------------------------------------
Thu Oct 31 13:43:41 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
* Support overriding Makefile RANLIB
* Update pkgconfig definition
* Mount sysfs before trying to mount selinuxfs.
* Fix man pages
* Support overriding PATH and LIBBASE in Makefile
* Fix LDFLAGS usage
* Avoid shadowing stat in load_mmap
* Support building on older PCRE libraries
* Fix handling of temporary file in sefcontext_compile
* Fix procattr cache
* Define python constants for getenforce result
* Fix label substitution handling of /
* Add selinux_current_policy_path from
* Change get_context_list to only return good matches
* Support udev-197 and higher
* Add support for local substitutions
* Change setfilecon to not return ENOSUP if context is already correct
* Python wrapper leak fixes
* Export SELINUX_TRANS_DIR definition in selinux.h
* Add selinux_systemd_contexts_path
* Add selinux_set_policy_root
* Add man page for sefcontext_compile
- Remove libselinux-rhat.patch; merged on upstream
- Adapt libselinux-ruby.patch to upstream changes
- Use fdupes to symlink duplicate manpages
-------------------------------------------------------------------
Thu Jun 27 14:57:53 UTC 2013 - vcizek@suse.com
- change the source url to the official 2.1.13 release tarball
-------------------------------------------------------------------
Wed Jan 30 12:33:45 UTC 2013 - vcizek@suse.com
- update to 2.1.12
- added BuildRequires: pcre-devel
-------------------------------------------------------------------
Mon Jan 7 22:34:03 UTC 2013 - jengelh@inai.de
- Remove obsolete defines/sections
-------------------------------------------------------------------
Wed Jul 25 11:15:02 UTC 2012 - meissner@suse.com
- updated to 2.1.9 again (see below)
-------------------------------------------------------------------
Fri Jun 1 18:34:04 CEST 2012 - mls@suse.de
- update to libselinux-2.1.9
* better man pages
* selinux_status interfaces
* simple interface for access checks
* multiple bug fixes
- fix build for ruby-1.9
-------------------------------------------------------------------
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
- use %_smp_mflags
-------------------------------------------------------------------
Thu Feb 25 14:57:16 UTC 2010 - prusnak@suse.cz
- updated to 2.0.91
* changes too numerous to list
-------------------------------------------------------------------
Sat Dec 12 16:43:54 CET 2009 - jengelh@medozas.de
- add baselibs.conf as a source
-------------------------------------------------------------------
Fri Jul 24 17:09:50 CEST 2009 - thomas@novell.com
- updated selinux-ready script
-------------------------------------------------------------------
Wed Jul 22 15:17:25 CEST 2009 - prusnak@suse.cz
- change libsepol-devel to libsepol-devel-static in dependencies
of python bindings
-------------------------------------------------------------------
Wed Jul 1 12:26:48 CEST 2009 - prusnak@suse.cz
- put libsepol-devel back to Requires of libselinux-devel
-------------------------------------------------------------------
Mon Jun 29 21:24:16 CEST 2009 - prusnak@suse.cz
- added selinux-ready tool to selinux-tools package
-------------------------------------------------------------------
Tue Jun 9 20:17:54 CEST 2009 - crrodriguez@suse.de
- remove static libraries
- libselinux-devel does not require libsepol-devel
-------------------------------------------------------------------
Wed May 27 14:06:14 CEST 2009 - prusnak@suse.cz
- updated to 2.0.80
* deny_unknown wrapper function from KaiGai Kohei
* security_compute_av_flags API from KaiGai Kohei
* Netlink socket management and callbacks from KaiGai Kohei
* Netlink socket handoff patch from Adam Jackson
* AVC caching of compute_create results by Eric Paris
* fix incorrect conversion in discover_class code
-------------------------------------------------------------------
Fri Apr 17 17:12:06 CEST 2009 - prusnak@suse.cz
- fixed memory leak (memleak.patch)
-------------------------------------------------------------------
Wed Jan 14 14:04:30 CET 2009 - prusnak@suse.cz
- updated to 2.0.77
* add new function getseuser which will take username and service
and return seuser and level; ipa will populate file in future
* change selinuxdefcon to return just the context by default
* fix segfault if seusers file does not work
* strip trailing / for matchpathcon
* fix restorecon python code
-------------------------------------------------------------------
Mon Dec 1 11:32:50 CET 2008 - prusnak@suse.cz
- updated to 2.0.76
* allow shell-style wildcarding in X names
* add Restorecon/Install python functions
* correct message types in AVC log messages
* make matchpathcon -V pass mode
* add man page for selinux_file_context_cmp
* update flask headers from refpolicy trunk
-------------------------------------------------------------------
Wed Oct 22 16:28:59 CEST 2008 - mrueckert@suse.de
- fix debug_packages_requires define
-------------------------------------------------------------------
Tue Sep 23 12:51:10 CEST 2008 - prusnak@suse.cz
- require only version, not release [bnc#429053]
-------------------------------------------------------------------
Tue Sep 2 12:09:22 CEST 2008 - prusnak@suse.cz
- updated to 2.0.71
* Add group support to seusers using %groupname syntax from Dan Walsh.
* Mark setrans socket close-on-exec from Stephen Smalley.
* Only apply nodups checking to base file contexts from Stephen Smalley.
* Merge ruby bindings from Dan Walsh.
-------------------------------------------------------------------
Mon Sep 1 07:35:00 CEST 2008 - aj@suse.de
- Fix build of debuginfo.
-------------------------------------------------------------------
Fri Aug 22 14:45:29 CEST 2008 - prusnak@suse.cz
- added baselibs.conf file
- split bindings into separate subpackage (libselinux-bindings)
- split tools into separate subpackage (selinux-tools)
-------------------------------------------------------------------
Fri Aug 1 17:32:20 CEST 2008 - ro@suse.de
- fix requires for debuginfo package
-------------------------------------------------------------------
Tue Jul 15 16:26:31 CEST 2008 - prusnak@suse.cz
- initial version 2.0.67
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>

123
libselinux-bindings.spec Normal file
View File

@ -0,0 +1,123 @@
#
# spec file for package libselinux-bindings
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{?sle15_python_module_pythons}
%define python_subpackage_only 1
%define libsepol_ver 3.5
%define upname libselinux
Name: libselinux-bindings
Version: 3.5
Release: 0
Summary: SELinux runtime library and utilities
License: SUSE-Public-Domain
Group: Development/Libraries/C and C++
URL: https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{upname}-%{version}.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{upname}-%{version}.tar.gz.asc
Source2: libselinux.keyring
Source3: selinux-ready
Source4: baselibs.conf
# PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype
Patch4: readv-proto.patch
Patch5: skip_cycles.patch
# PATCH-FIX-UPSTREAM python3.8-compat.patch mcepl@suse.com
# Make linking working even when default pkg-config doesnt provide -lpython<ver>
Patch6: python3.8-compat.patch
Patch7: swig4_moduleimport.patch
BuildRequires: %{python_module devel}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module wheel}
BuildRequires: fdupes
BuildRequires: libselinux-devel = %{version}
BuildRequires: libsepol-devel >= %{libsepol_ver}
BuildRequires: libsepol-devel-static >= %{libsepol_ver}
BuildRequires: pkgconfig
BuildRequires: python-rpm-macros
BuildRequires: ruby-devel
BuildRequires: swig
BuildRequires: pkgconfig(libpcre2-8)
%python_subpackages
%description
libselinux provides an interface to get and set process and file
security contexts and to obtain security policy decisions.
%package -n python-selinux
%define oldpython python
Summary: Python bindings for the SELinux runtime library
Group: Development/Libraries/Python
Requires: libselinux1 = %{version}
Obsoletes: python-selinux < %{version}
Provides: python-selinux = %{version}
%ifpython2
Obsoletes: %{oldpython}-selinux < %{version}
Provides: %{oldpython}-selinux = %{version}
%endif
%description -n python-selinux
libselinux provides an interface to get and set process and file
security contexts and to obtain security policy decisions.
This subpackage contains Python extensions to use SELinux from that
language.
%package -n ruby-selinux
Summary: Ruby bindings for the SELinux runtime library
Group: Development/Languages/Ruby
Requires: libselinux1 = %{version}
Requires: ruby
%description -n ruby-selinux
libselinux provides an interface to get and set process and file
security contexts and to obtain security policy decisions.
This subpackage contains Ruby extensions to use SELinux from that
language.
%prep
%autosetup -p1 -n %{upname}-%{version}
%build
%{python_expand :
%make_build LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" swigify USE_PCRE2=y PYTHON=$python
%make_build LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" pywrap USE_PCRE2=y PYTHON=$python
%make_build LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" rubywrap USE_PCRE2=y PYTHON=$python
}
%install
mkdir -p %{buildroot}/%{_lib}
mkdir -p %{buildroot}%{_libdir}
mkdir -p %{buildroot}%{_includedir}
mkdir -p %{buildroot}%{_sbindir}
%{python_expand :
make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" PYTHON=$python LIBSEPOLA=%{_libdir}/libsepol.a install-pywrap V=1
make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" PYTHON=$python LIBSEPOLA=%{_libdir}/libsepol.a install-rubywrap V=1
}
# Remove duplicate files
%fdupes -s %{buildroot}%{_mandir}
%files %{python_files selinux}
%{python_sitearch}/selinux
%{python_sitearch}/selinux-%{version}*-info
%{python_sitearch}/_selinux*
%files -n ruby-selinux
%{_libdir}/ruby/vendor_ruby/%{rb_ver}/%{rb_arch}/selinux.so
%changelog

8
libselinux.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Fri Aug 4 13:14:14 UTC 2023 - Matej Cepl <mcepl@suse.com>
- (bsc#1212618) Divide libselinux and libselinux-bindings again.
libselinux itself is in Ring0 so it has to have absolutely
minimal dependencies, so it is better to separate
libselinux-bindings into a separate pacakge.
-------------------------------------------------------------------
Tue Jul 4 08:32:49 UTC 2023 - Johannes Segitz <jsegitz@suse.com>

65
libselinux.spec
View File

@ -16,8 +16,6 @@
#
%{?sle15_python_module_pythons}
%define python_subpackage_only 1
%define libsepol_ver 3.5
Name: libselinux
Version: 3.5
@ -38,19 +36,13 @@ Patch5: skip_cycles.patch
# Make linking working even when default pkg-config doesnt provide -lpython<ver>
Patch6: python3.8-compat.patch
Patch7: swig4_moduleimport.patch
BuildRequires: %{python_module devel}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module wheel}
BuildRequires: fdupes
BuildRequires: libsepol-devel >= %{libsepol_ver}
BuildRequires: libsepol-devel-static >= %{libsepol_ver}
BuildRequires: pkgconfig
BuildRequires: python-rpm-macros
BuildRequires: ruby-devel
BuildRequires: swig
BuildRequires: pkgconfig(libpcre2-8)
%python_subpackages
%description
libselinux provides an interface to get and set process and file
@ -112,60 +104,21 @@ security contexts and to obtain security policy decisions.
This package contains the static development files, which are
necessary to develop your own software using libselinux.
%package -n python-selinux
%define oldpython python
Summary: Python bindings for the SELinux runtime library
Group: Development/Libraries/Python
# Requires: %%{python_base_requirement}
Requires: libselinux1 = %{version}
Obsoletes: python-selinux < %{version}
Provides: python-selinux = %{version}
%ifpython2
Obsoletes: %{oldpython}-selinux < %{version}
Provides: %{oldpython}-selinux = %{version}
%endif
%description -n python-selinux
libselinux provides an interface to get and set process and file
security contexts and to obtain security policy decisions.
This subpackage contains Python extensions to use SELinux from that
language.
%package -n ruby-selinux
Summary: Ruby bindings for the SELinux runtime library
Group: Development/Languages/Ruby
Requires: libselinux1 = %{version}
Requires: ruby
%description -n ruby-selinux
libselinux provides an interface to get and set process and file
security contexts and to obtain security policy decisions.
This subpackage contains Ruby extensions to use SELinux from that
language.
%prep
%autosetup -p1 -n libselinux-%{version}
%build
%{python_expand :
%make_build LIBDIR="%{_libdir}" CC="gcc" CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" USE_PCRE2=y PYTHON=$python
%make_build LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" swigify USE_PCRE2=y PYTHON=$python
%make_build LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" pywrap USE_PCRE2=y PYTHON=$python
%make_build LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" rubywrap USE_PCRE2=y PYTHON=$python
}
%make_build LIBDIR="%{_libdir}" CC="gcc" \
CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" \
USE_PCRE2=y
%install
mkdir -p %{buildroot}/%{_lib}
mkdir -p %{buildroot}%{_libdir}
mkdir -p %{buildroot}%{_includedir}
mkdir -p %{buildroot}%{_sbindir}
%{python_expand :
make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" PYTHON=$python BINDIR="%{_sbindir}" install
make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" PYTHON=$python LIBSEPOLA=%{_libdir}/libsepol.a install-pywrap V=1
make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" PYTHON=$python LIBSEPOLA=%{_libdir}/libsepol.a install-rubywrap V=1
}
make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" \
BINDIR="%{_sbindir}" install
mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon
mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
@ -221,12 +174,4 @@ install -m 0755 %{SOURCE3} %{buildroot}%{_sbindir}/selinux-ready
%files devel-static
%{_libdir}/libselinux.a
%files %{python_files selinux}
%{python_sitearch}/selinux
%{python_sitearch}/selinux-%{version}*-info
%{python_sitearch}/_selinux*
%files -n ruby-selinux
%{_libdir}/ruby/vendor_ruby/%{rb_ver}/%{rb_arch}/selinux.so
%changelog