Accepting request 781796 from home:jsegitz:branches:security:SELinux

- Update to version 3.0 * Ignore the stem when looking up all matches in file context * Save digest of all partial matches for directory * Use Python distutils to install SELinux python bindings * ensure that digest_len is not zero * fix string conversion of unknown perms * mark all exported function "extern" - Update to version 3.0 * Ignore the stem when looking up all matches in file context * Save digest of all partial matches for directory * Use Python distutils to install SELinux python bindings * ensure that digest_len is not zero * fix string conversion of unknown perms * mark all exported function "extern" Dropped Use-Python-distutils-to-install-SELinux.patch, included upstream OBS-URL: https://build.opensuse.org/request/show/781796 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=122
2020-03-05 10:13:39 +00:00 · 2020-03-05 10:13:39 +00:00 · 8d14ff5615
commit 8d14ff5615
parent bdda6228da
7 changed files with 36 additions and 178 deletions
--- a/Use-Python-distutils-to-install-SELinux.patch
+++ b/Use-Python-distutils-to-install-SELinux.patch
@ -1,166 +0,0 @@
 From bb5a63a3e6e19556419a486a00e008ae6af62fc3 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Thu, 16 May 2019 15:01:59 +0200
 Subject: [PATCH] libselinux: Use Python distutils to install SELinux python
 bindings
 SWIG-4.0 changed its behavior so that it uses: from . import _selinux  which
 looks for _selinux module in the same directory as where __init__.py is -
 $(PYLIBDIR)/site-packages/selinux. But _selinux module is installed into
 $(PYLIBDIR)/site-packages/ since a9604c30a5e2f ("libselinux: Change the location
 of _selinux.so").
 In order to prevent such breakage in future use Python's distutils instead of
 building and installing python bindings manually in Makefile.
 Fixes:
 >>> import selinux
 Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python3.7/site-packages/selinux/__init__.py", line 13, in <module>
    from . import _selinux
 ImportError: cannot import name '_selinux' from 'selinux' (/usr/lib64/python3.7/site-packages/selinux/__init__.py)
 >>>
 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
 ---
 libselinux/src/Makefile | 37 ++++++++-----------------------------
 libselinux/src/setup.py | 24 ++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 29 deletions(-)
 create mode 100644 libselinux/src/setup.py
 diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
 index e9ed0383..826c830c 100644
 --- a/libselinux/src/Makefile
 +++ b/libselinux/src/Makefile
@@ -36,7 +36,7 @@ TARGET=libselinux.so
 LIBPC=libselinux.pc
 SWIGIF= selinuxswig_python.i selinuxswig_python_exception.i
 SWIGRUBYIF= selinuxswig_ruby.i
 -SWIGCOUT= selinuxswig_wrap.c
 +SWIGCOUT= selinuxswig_python_wrap.c
 SWIGPYOUT= selinux.py
 SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
 SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
@@ -55,7 +55,7 @@ ifeq ($(LIBSEPOLA),)
         LDLIBS_LIBSEPOLA := -l:libsepol.a
 endif
 -GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i
 +GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) $(SWIGCOUT) selinuxswig_python_exception.i
 SRCS= $(filter-out $(GENERATED) audit2why.c, $(sort $(wildcard *.c)))
 MAX_STACK_SIZE=32768
@@ -125,25 +125,18 @@ DISABLE_FLAGS+= -DNO_ANDROID_BACKEND
 SRCS:= $(filter-out label_backends_android.c, $(SRCS))
 endif
 -SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ $(DISABLE_FLAGS)
 -
 SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS)
 all: $(LIBA) $(LIBSO) $(LIBPC)
 -pywrap: all $(SWIGFILES) $(AUDIT2WHYSO)
 +pywrap: all selinuxswig_python_exception.i
 +	CFLAGS="$(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
 rubywrap: all $(SWIGRUBYSO)
 -$(SWIGLOBJ): $(SWIGCOUT)
 -	$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $<
 -
 $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
 	$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
 -$(SWIGSO): $(SWIGLOBJ)
 -	$(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $< -lselinux $(PYLIBS)
 -
 $(SWIGRUBYSO): $(SWIGRUBYLOBJ)
 	$(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(RUBYLIBS)
@@ -161,29 +154,15 @@ $(LIBPC): $(LIBPC).in ../VERSION
 selinuxswig_python_exception.i: ../include/selinux/selinux.h
 	bash -e exception.sh > $@ || (rm -f $@ ; false)
 -$(AUDIT2WHYLOBJ): audit2why.c
 -	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
 -
 -$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
 -	$(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(LDLIBS_LIBSEPOLA) $(PYLIBS) -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs
 -
 %.o:  %.c policy.h
 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
 %.lo:  %.c policy.h
 	$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
 -$(SWIGCOUT): $(SWIGIF)
 -	$(SWIG) $<
 -
 -$(SWIGPYOUT): $(SWIGCOUT)
 -
 $(SWIGRUBYCOUT): $(SWIGRUBYIF)
 	$(SWIGRUBY) $<
 -swigify: $(SWIGIF)
 -	$(SWIG) $<
 -
 install: all 
 	test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
 	install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
@@ -194,10 +173,8 @@ install: all
 	ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
 install-pywrap: pywrap
 -	test -d $(DESTDIR)$(PYTHONLIBDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/selinux
 -	install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
 -	install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYTHONLIBDIR)/selinux/audit2why$(PYCEXT)
 -	install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
 +	$(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
 +	install -m 644 selinux.py $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
 install-rubywrap: rubywrap
 	test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL) 
@@ -208,6 +185,8 @@ relabel:
 clean-pywrap:
 	-rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
 +	$(PYTHON) setup.py clean
 +	-rm -rf build *~ \#* *pyc .#*
 clean-rubywrap:
 	-rm -f $(SWIGRUBYLOBJ) $(SWIGRUBYSO)
 diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py
 new file mode 100644
 index 00000000..b12e7869
 --- /dev/null
 +++ b/libselinux/src/setup.py
@@ -0,0 +1,24 @@
 +#!/usr/bin/python3
 +
 +from distutils.core import Extension, setup
 +
 +setup(
 +    name="selinux",
 +    version="2.9",
 +    description="SELinux python 3 bindings",
 +    author="SELinux Project",
 +    author_email="selinux@vger.kernel.org",
 +    ext_modules=[
 +        Extension('selinux._selinux',
 +                  sources=['selinuxswig_python.i'],
 +                  include_dirs=['../include'],
 +                  library_dirs=['.'],
 +                  libraries=['selinux']),
 +        Extension('selinux.audit2why',
 +                  sources=['audit2why.c'],
 +                  include_dirs=['../include'],
 +                  library_dirs=['.'],
 +                  libraries=['selinux'],
 +                  extra_link_args=['-l:libsepol.a'])
 +    ],
 +)
 -- 
 2.21.0
--- a/libselinux-2.9.tar.gz
+++ b/libselinux-2.9.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:1bccc8873e449587d9a2b2cf253de9b89a8291b9fbc7c59393ca9e5f5f4d2693
 size 211546
--- a/libselinux-3.0.tar.gz
+++ b/libselinux-3.0.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:2ea2b30f671dae9d6b1391cbe8fb2ce5d36a3ee4fb1cd3c32f0d933c31b82433
 size 212096
--- a/libselinux-bindings.changes
+++ b/libselinux-bindings.changes
@ -1,3 +1,14 @@
 -------------------------------------------------------------------
 Tue Mar  3 11:13:12 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
 - Update to version 3.0
  * Ignore the stem when looking up all matches in file context
  * Save digest of all partial matches for directory
  * Use Python distutils to install SELinux python bindings
  * ensure that digest_len is not zero
  * fix string conversion of unknown perms
  * mark all exported function "extern"
 -------------------------------------------------------------------
 Mon Dec 16 16:04:41 UTC 2019 - Johannes Segitz <jsegitz@suse.de>
--- a/libselinux-bindings.spec
+++ b/libselinux-bindings.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libselinux-bindings
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,9 +17,9 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
-%define libsepol_ver 2.9
+%define libsepol_ver 3.0
 Name:           libselinux-bindings
-Version:        2.9
+Version:        3.0
 Release:        0
 Summary:        SELinux runtime library and simple utilities
 License:        SUSE-Public-Domain
--- a/libselinux.changes
+++ b/libselinux.changes
@ -1,3 +1,16 @@
 -------------------------------------------------------------------
 Tue Mar  3 11:13:12 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
 - Update to version 3.0
  * Ignore the stem when looking up all matches in file context
  * Save digest of all partial matches for directory
  * Use Python distutils to install SELinux python bindings
  * ensure that digest_len is not zero
  * fix string conversion of unknown perms
  * mark all exported function "extern"
  Dropped Use-Python-distutils-to-install-SELinux.patch, included
  upstream
 -------------------------------------------------------------------
 Wed Nov 13 08:03:39 UTC 2019 - Johannes Segitz <jsegitz@suse.de>
--- a/libselinux.spec
+++ b/libselinux.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libselinux
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,20 +16,19 @@
 #
-%define libsepol_ver 2.9
+%define libsepol_ver 3.0
 Name:           libselinux
-Version:        2.9
+Version:        3.0
 Release:        0
 Summary:        SELinux runtime library and utilities
 License:        SUSE-Public-Domain
 Group:          Development/Libraries/C and C++
 URL:            https://github.com/SELinuxProject/selinux/wiki/Releases
-Source:         https://github.com/SELinuxProject/selinux/releases/download/20190315/%{name}-%{version}.tar.gz
+Source:         https://github.com/SELinuxProject/selinux/releases/download/20191204/%{name}-%{version}.tar.gz
 Source1:        selinux-ready
 Source2:        baselibs.conf
 # PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype
 Patch4:         readv-proto.patch
 Patch5:         Use-Python-distutils-to-install-SELinux.patch
 BuildRequires:  fdupes
 BuildRequires:  libsepol-devel >= %{libsepol_ver}
 BuildRequires:  pcre-devel
@ -96,7 +95,6 @@ necessary to develop your own software using libselinux.
 %prep
 %setup -q
 %patch4 -p1
 %patch5 -p2
 %build
 %define _lto_cflags %{nil}
@ -121,6 +119,8 @@ rm -f %{buildroot}%{_sbindir}/selinuxconfig
 rm -f %{buildroot}%{_sbindir}/selinuxdisable
 rm -f %{buildroot}%{_sbindir}/getseuser
 rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context
 rm -f %{buildroot}%{_sbindir}/selabel_get_digests_all_partial_matches
 rm -f %{buildroot}%{_sbindir}/validatetrans
 mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon
 mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
 install -m 0755 %{SOURCE1} %{buildroot}%{_sbindir}/selinux-ready