From 9503bfe5fedc337de021ee62217e2a794663ef0ea7eded584d32d72176b18fee Mon Sep 17 00:00:00 2001
From: Johannes Segitz <jsegitz@suse.com>
Date: Wed, 13 Jul 2016 07:22:28 +0000
Subject: [PATCH] Accepting request 408218 from security:SELinux

1

OBS-URL: https://build.opensuse.org/request/show/408218
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=84
---
 libselinux-2.3.tar.gz          |  3 --
 libselinux-2.5.tar.gz          |  3 ++
 libselinux-bindings.changes    | 77 +++++++++++++++++++++++++++++++---
 libselinux-bindings.spec       | 10 +++--
 libselinux.changes             | 66 +++++++++++++++++++++++++++++
 libselinux.spec                | 14 +++++--
 python-selinux-swig-3.10.patch | 13 ++++++
 7 files changed, 171 insertions(+), 15 deletions(-)
 delete mode 100644 libselinux-2.3.tar.gz
 create mode 100644 libselinux-2.5.tar.gz
 create mode 100644 python-selinux-swig-3.10.patch

diff --git a/libselinux-2.3.tar.gz b/libselinux-2.3.tar.gz
deleted file mode 100644
index 42e4bd4..0000000
--- a/libselinux-2.3.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0b1e0b43ecd84a812713d09564019b08e7c205d89072b5cbcd07b052cd8e77b2
-size 171254
diff --git a/libselinux-2.5.tar.gz b/libselinux-2.5.tar.gz
new file mode 100644
index 0000000..38881dc
--- /dev/null
+++ b/libselinux-2.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:94c9e97706280bedcc288f784f67f2b9d3d6136c192b2c9f812115edba58514f
+size 189019
diff --git a/libselinux-bindings.changes b/libselinux-bindings.changes
index b935b1b..4ee132a 100644
--- a/libselinux-bindings.changes
+++ b/libselinux-bindings.changes
@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Tue Jul  5 16:44:44 UTC 2016 - i@marguerite.su
+
+- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
+  * swig-3.10 in Factory use importlib instead of imp to find
+    _selinux.so. imp searched the same directory as __init__.py
+    is while importlib searchs only standard paths. so we have
+    to move _selinux.so. fixed by upstream 
+- update version 2.5
+  * Add selinux_restorecon function
+  * read_spec_entry: fail on non-ascii
+  * Add man information about thread specific functions
+  * Don't wrap rpm_execcon with DISABLE_RPM with SWIG
+  * Correct line count for property and service context files
+  * label_file: fix memory leaks and uninitialized jump
+  * Replace selabel_digest hash function
+  * Fix selabel_open(3) services if no digest requested
+  * Add selabel_digest function
+  * Flush the class/perm string mapping cache on policy reload
+  * Fix restorecon when path has no context
+  * Free memory when processing media and x specfiles
+  * Fix mmap memory release for file labeling
+  * Add policy context validation to sefcontext_compile
+  * Do not treat an empty file_contexts(.local) as an error
+  * Fail hard on invalid property_contexts entries
+  * Fail hard on invalid file_contexts entries
+  * Support context validation on file_contexts.bin
+  * Add selabel_cmp interface and label_file backend
+  * Support specifying file_contexts.bin file path
+  * Support file_contexts.bin without file_contexts
+  * Simplify procattr cache
+  * Use /proc/thread-self when available
+  * Add const to selinux_opt for label backends
+  * Fix binary file labels for regexes with metachars
+  * Fix file labels for regexes with metachars
+  * Fix if file_contexts not '\n' terminated
+  * Enhance file context support
+  * Fix property processing and cleanup formatting
+  * Add read_spec_entries function to replace sscanf
+  * Support consistent mode size for bin files
+  * Fix more bin file processing core dumps
+  * add selinux_openssh_contexts_path()
+  * setrans_client: minimize overhead when mcstransd is not present
+  * Ensure selabel_lookup_best_match links NULL terminated
+  * Fix core dumps with corrupt *.bin files
+  * Add selabel partial and best match APIs
+  * Use os.walk() instead of the deprecated os.path.walk()
+  * Remove deprecated mudflap option
+  * Mount procfs before checking /proc/filesystems
+  * Fix -Wformat errors with gcc-5.0.0
+  * label_file:  handle newlines in file names
+  * Fix audit2why error handling if SELinux is disabled
+  * pcre_study can return NULL without error
+  * Only check SELinux enabled status once in selinux_check_access
+- changes in 2.4
+  * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
+  * Fix bugs found by hardened gcc flags
+  * Set the system to permissive if failing to disable SELinux because
+    policy has already been loaded
+  * Add db_exception and db_datatype support to label_db backend
+  * Log an error on unknown classes and permissions
+  * Add pcre version string to the compiled file_contexts format
+  * Deprecate use of flask.h and av_permissions.h
+  * Compiled file_context files and the original should have the same DAC
+    permissions
+-------------------------------------------------------------------
+Wed May 27 11:53:54 UTC 2015 - dimstar@opensuse.org
+
+- Update libselinux-2.2-ruby.patch: use RbConfig instead of
+  deprecated Config.
+
 -------------------------------------------------------------------
 Sun May 18 00:15:17 UTC 2014 - crrodriguez@opensuse.org
 
@@ -5,12 +76,6 @@ Sun May 18 00:15:17 UTC 2014 - crrodriguez@opensuse.org
 * Get rid of security_context_t and fix const declarations.
 * Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
 
--------------------------------------------------------------------
-Wed May 27 11:53:54 UTC 2015 - dimstar@opensuse.org
-
-- Update libselinux-2.2-ruby.patch: use RbConfig instead of
-  deprecated Config.
-
 -------------------------------------------------------------------
 Thu Oct 31 13:43:41 UTC 2013 - p.drouand@gmail.com
 
diff --git a/libselinux-bindings.spec b/libselinux-bindings.spec
index fa7992d..9d2acdf 100644
--- a/libselinux-bindings.spec
+++ b/libselinux-bindings.spec
@@ -16,10 +16,10 @@
 #
 
 
-%define libsepol_ver 2.3
+%define libsepol_ver 2.5
 
 Name:           libselinux-bindings
-Version:        2.3
+Version:        2.5
 Release:        0
 Url:            http://userspace.selinuxproject.org/
 Summary:        SELinux library and simple utilities
@@ -27,10 +27,12 @@ License:        GPL-2.0 and SUSE-Public-Domain
 Group:          System/Libraries
 
 # embedded is the MD5
-Source:         http://userspace.selinuxproject.org/releases/20140506/libselinux-%{version}.tar.gz
+Source:         http://userspace.selinuxproject.org/releases/20160223/libselinux-%{version}.tar.gz
 Source1:        selinux-ready
 Source2:        baselibs.conf
 Patch1:         libselinux-2.2-ruby.patch
+# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path
+Patch2:         python-selinux-swig-3.10.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  libsepol-devel-static >= %{libsepol_ver}
 BuildRequires:  pcre-devel
@@ -106,6 +108,7 @@ decisions.  Required for any applications that use the SELinux API.
 %prep
 %setup -q -n libselinux-%{version}
 %patch1
+%patch2 -p1
 
 %build
 make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src
@@ -122,6 +125,7 @@ rm -rf $RPM_BUILD_ROOT/%{_lib} $RPM_BUILD_ROOT%{_libdir}/libselinux.* $RPM_BUILD
 %files -n python-selinux
 %defattr(-,root,root,-)
 %dir %{py_sitedir}/selinux
+%{py_sitedir}/_selinux.so
 %{py_sitedir}/selinux/*
 
 %files -n ruby-selinux
diff --git a/libselinux.changes b/libselinux.changes
index f38ca7b..86c8074 100644
--- a/libselinux.changes
+++ b/libselinux.changes
@@ -1,3 +1,69 @@
+-------------------------------------------------------------------
+Tue Jul  5 16:42:03 UTC 2016 - i@marguerite.su
+
+- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
+  * swig-3.10 in Factory use importlib instead of imp to find
+    _selinux.so. imp searched the same directory as __init__.py
+    is while importlib searchs only standard paths. so we have
+    to move _selinux.so. fixed by upstream
+- update version 2.5
+  * Add selinux_restorecon function
+  * read_spec_entry: fail on non-ascii
+  * Add man information about thread specific functions
+  * Don't wrap rpm_execcon with DISABLE_RPM with SWIG
+  * Correct line count for property and service context files
+  * label_file: fix memory leaks and uninitialized jump
+  * Replace selabel_digest hash function
+  * Fix selabel_open(3) services if no digest requested
+  * Add selabel_digest function
+  * Flush the class/perm string mapping cache on policy reload
+  * Fix restorecon when path has no context
+  * Free memory when processing media and x specfiles
+  * Fix mmap memory release for file labeling
+  * Add policy context validation to sefcontext_compile
+  * Do not treat an empty file_contexts(.local) as an error
+  * Fail hard on invalid property_contexts entries
+  * Fail hard on invalid file_contexts entries
+  * Support context validation on file_contexts.bin
+  * Add selabel_cmp interface and label_file backend
+  * Support specifying file_contexts.bin file path
+  * Support file_contexts.bin without file_contexts
+  * Simplify procattr cache
+  * Use /proc/thread-self when available
+  * Add const to selinux_opt for label backends
+  * Fix binary file labels for regexes with metachars
+  * Fix file labels for regexes with metachars
+  * Fix if file_contexts not '\n' terminated
+  * Enhance file context support
+  * Fix property processing and cleanup formatting
+  * Add read_spec_entries function to replace sscanf
+  * Support consistent mode size for bin files
+  * Fix more bin file processing core dumps
+  * add selinux_openssh_contexts_path()
+  * setrans_client: minimize overhead when mcstransd is not present
+  * Ensure selabel_lookup_best_match links NULL terminated
+  * Fix core dumps with corrupt *.bin files
+  * Add selabel partial and best match APIs
+  * Use os.walk() instead of the deprecated os.path.walk()
+  * Remove deprecated mudflap option
+  * Mount procfs before checking /proc/filesystems
+  * Fix -Wformat errors with gcc-5.0.0
+  * label_file:  handle newlines in file names
+  * Fix audit2why error handling if SELinux is disabled
+  * pcre_study can return NULL without error
+  * Only check SELinux enabled status once in selinux_check_access
+- changes in 2.4
+  * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
+  * Fix bugs found by hardened gcc flags
+  * Set the system to permissive if failing to disable SELinux because
+    policy has already been loaded
+  * Add db_exception and db_datatype support to label_db backend
+  * Log an error on unknown classes and permissions
+  * Add pcre version string to the compiled file_contexts format
+  * Deprecate use of flask.h and av_permissions.h
+  * Compiled file_context files and the original should have the same DAC
+    permissions
+
 -------------------------------------------------------------------
 Thu Jul 30 12:00:27 UTC 2015 - jsegitz@novell.com
 
diff --git a/libselinux.spec b/libselinux.spec
index 1f14a69..8f59f12 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -16,20 +16,22 @@
 #
 
 
-%define libsepol_ver 2.3
+%define libsepol_ver 2.5
 
 Name:           libselinux
-Version:        2.3
+Version:        2.5
 Release:        0
 Url:            http://userspace.selinuxproject.org/
 Summary:        SELinux library and simple utilities
 License:        GPL-2.0 and SUSE-Public-Domain
 Group:          System/Libraries
 
-Source:         http://userspace.selinuxproject.org/releases/20140506/%{name}-%{version}.tar.gz
+Source:         http://userspace.selinuxproject.org/releases/20160223/%{name}-%{version}.tar.gz
 Source1:        selinux-ready
 Source2:        baselibs.conf
 Patch1:         %{name}-2.2-ruby.patch
+# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path
+Patch2:		python-selinux-swig-3.10.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  fdupes
 BuildRequires:  libsepol-devel >= %{libsepol_ver}
@@ -120,6 +122,7 @@ necessary to develop your own software using libselinux.
 %prep
 %setup -q
 %patch1
+%patch2 -p1
 
 %build
 make %{?_smp_mflags} LIBDIR="%{_libdir}" CC="%{__cc}" CFLAGS="$RPM_OPT_FLAGS"
@@ -159,11 +162,16 @@ install -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/selinux-ready
 %{_sbindir}/getenforce
 %{_sbindir}/getsebool
 %{_sbindir}/matchpathcon
+%{_sbindir}/selabel_digest
+%{_sbindir}/selabel_lookup
+%{_sbindir}/selabel_lookup_best_match
+%{_sbindir}/selabel_partial_match
 %{_sbindir}/selinuxconlist
 %{_sbindir}/selinuxdefcon
 %{_sbindir}/selinuxenabled
 %{_sbindir}/setenforce
 %{_sbindir}/togglesebool
+%{_sbindir}/selinux_restorecon
 %{_sbindir}/selinux-ready
 %{_sbindir}/selinuxexeccon
 %{_sbindir}/sefcontext_compile
diff --git a/python-selinux-swig-3.10.patch b/python-selinux-swig-3.10.patch
new file mode 100644
index 0000000..20897e3
--- /dev/null
+++ b/python-selinux-swig-3.10.patch
@@ -0,0 +1,13 @@
+Index: b/src/Makefile
+===================================================================
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -155,7 +155,7 @@ install: all
+ 
+ install-pywrap: pywrap
+ 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
+-	install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/selinux/_selinux.so
++	install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/_selinux.so
+ 	install -m 755 $(AUDIT2WHYSO) $(PYLIBDIR)/site-packages/selinux/audit2why.so
+ 	install -m 644 $(SWIGPYOUT) $(PYLIBDIR)/site-packages/selinux/__init__.py
+