From b0259f782e77655e88d0dbe14b7caece2257e0e9ea2931a12b930dc01efb4860 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Mon, 27 Nov 2017 09:18:52 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=92 --- libselinux-2.2-ruby.patch | 24 ------ libselinux-2.5.tar.gz | 3 - libselinux-2.6.tar.gz | 3 + libselinux-bindings.changes | 29 +++++++ libselinux-bindings.spec | 13 +-- libselinux-proc-mount-only-if-needed.patch | 93 ---------------------- libselinux.changes | 29 +++++++ libselinux.spec | 16 +--- python-selinux-swig-3.10.patch | 13 --- 9 files changed, 69 insertions(+), 154 deletions(-) delete mode 100644 libselinux-2.2-ruby.patch delete mode 100644 libselinux-2.5.tar.gz create mode 100644 libselinux-2.6.tar.gz delete mode 100644 libselinux-proc-mount-only-if-needed.patch delete mode 100644 python-selinux-swig-3.10.patch diff --git a/libselinux-2.2-ruby.patch b/libselinux-2.2-ruby.patch deleted file mode 100644 index 4ee9d20..0000000 --- a/libselinux-2.2-ruby.patch +++ /dev/null @@ -1,24 +0,0 @@ -Index: src/Makefile -=================================================================== ---- src/Makefile.orig -+++ src/Makefile -@@ -16,8 +16,8 @@ PYINC ?= $(shell pkg-config --cflags $(P - PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER) - RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")') - RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM') --RUBYINC ?= $(shell pkg-config --cflags ruby) --RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) -+RUBYINC ?= $(shell ruby -r rbconfig -e "print RbConfig::CONFIG['rubyhdrdir'].nil? ? '$(LIBDIR)/ruby/$(RUBYLIBVER)' : RbConfig::CONFIG['rubyhdrdir']") -+RUBYINSTALL ?= $(shell ruby -r rbconfig -e "print RbConfig::CONFIG['vendorarchdir'].nil? ? '$(DESTDIR)'+RbConfig::CONFIG['sitearchdir'] : '$(DESTDIR)'+RbConfig::CONFIG['vendorarchdir']") - LIBBASE ?= $(shell basename $(LIBDIR)) - - VERSION = $(shell cat ../VERSION) -@@ -98,7 +98,7 @@ $(SWIGLOBJ): $(SWIGCOUT) - $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $< - - $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT) -- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $< -+ $(CC) $(filter-out -Werror, $(CFLAGS)) -I$(RUBYINC) -I$(RUBYINC)/$(RUBYPLATFORM) -fPIC -DSHARED -c -o $@ $< - - $(SWIGSO): $(SWIGLOBJ) - $(CC) $(CFLAGS) -shared -o $@ $< -L. -lselinux $(LDFLAGS) -L$(LIBDIR) diff --git a/libselinux-2.5.tar.gz b/libselinux-2.5.tar.gz deleted file mode 100644 index 38881dc..0000000 --- a/libselinux-2.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:94c9e97706280bedcc288f784f67f2b9d3d6136c192b2c9f812115edba58514f -size 189019 diff --git a/libselinux-2.6.tar.gz b/libselinux-2.6.tar.gz new file mode 100644 index 0000000..7602e2b --- /dev/null +++ b/libselinux-2.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4ea2dde50665c202253ba5caac7738370ea0337c47b251ba981c60d24e1a118a +size 203119 diff --git a/libselinux-bindings.changes b/libselinux-bindings.changes index 6c0226a..3674448 100644 --- a/libselinux-bindings.changes +++ b/libselinux-bindings.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Fri Nov 24 09:09:02 UTC 2017 - jsegitz@suse.com + +- Update to version 2.6. Notable changes: + * selinux_restorecon: fix realpath logic + * sefcontext_compile: invert semantics of "-r" flag + * sefcontext_compile: Add "-i" flag + * Introduce configurable backends + * Add function to find security.restorecon_last entries + * Add openrc_contexts functions + * Add support for pcre2 + * Handle NULL pcre study data + * Add setfiles support to selinux_restorecon(3) + * Evaluate inodes in selinux_restorecon(3) + * Change the location of _selinux.so + * Explain how to free policy type from selinux_getpolicytype() + * Compare absolute pathname in matchpathcon -V + * Add selinux_snapperd_contexts_path() + * Modify audit2why analyze function to use loaded policy + * Avoid mounting /proc outside of selinux_init_load_policy() + * Fix location of selinuxfs mount point + * Only mount /proc if necessary + * procattr: return einval for <= 0 pid args + * procattr: return error on invalid pid_t input +- Dropped + * libselinux-2.2-ruby.patch + * libselinux-proc-mount-only-if-needed.patch + * python-selinux-swig-3.10.patch + ------------------------------------------------------------------- Wed Jul 5 10:30:57 UTC 2017 - schwab@suse.de diff --git a/libselinux-bindings.spec b/libselinux-bindings.spec index fc96fc2..612c00f 100644 --- a/libselinux-bindings.spec +++ b/libselinux-bindings.spec @@ -1,7 +1,7 @@ # # spec file for package libselinux-bindings # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,10 +16,10 @@ # -%define libsepol_ver 2.5 +%define libsepol_ver 2.6 Name: libselinux-bindings -Version: 2.5 +Version: 2.6 Release: 0 Summary: SELinux runtime library and simple utilities License: GPL-2.0 and SUSE-Public-Domain @@ -27,12 +27,9 @@ Group: Development/Libraries/C and C++ Url: https://github.com/SELinuxProject/selinux/wiki/Releases # embedded is the MD5 -Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libselinux-%{version}.tar.gz +Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/libselinux-%{version}.tar.gz Source1: selinux-ready Source2: baselibs.conf -Patch1: libselinux-2.2-ruby.patch -# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path -Patch2: python-selinux-swig-3.10.patch # PATCH-FIX-UPSTREAM Include for readv prototype Patch4: readv-proto.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -76,8 +73,6 @@ language. %prep %setup -q -n libselinux-%{version} -%patch1 -%patch2 -p1 %patch4 -p1 %build diff --git a/libselinux-proc-mount-only-if-needed.patch b/libselinux-proc-mount-only-if-needed.patch deleted file mode 100644 index 383e72c..0000000 --- a/libselinux-proc-mount-only-if-needed.patch +++ /dev/null @@ -1,93 +0,0 @@ -Index: libselinux-2.5/src/init.c -=================================================================== ---- libselinux-2.5.orig/src/init.c -+++ libselinux-2.5/src/init.c -@@ -11,7 +11,6 @@ - #include - #include - #include --#include - - #include "dso.h" - #include "policy.h" -@@ -57,20 +56,18 @@ static int verify_selinuxmnt(const char - - int selinuxfs_exists(void) - { -- int exists = 0, mnt_rc = 0; -+ int exists = 0; - FILE *fp = NULL; - char *buf = NULL; - size_t len; - ssize_t num; - -- mnt_rc = mount("proc", "/proc", "proc", 0, 0); - - fp = fopen("/proc/filesystems", "r"); -- if (!fp) { -- exists = 1; /* Fail as if it exists */ -- goto out; -- } - -+ if (!fp) -+ return 1; /* Fail as if it exists */ -+ - __fsetlocking(fp, FSETLOCKING_BYCALLER); - - num = getline(&buf, &len, fp); -@@ -85,13 +82,6 @@ int selinuxfs_exists(void) - free(buf); - fclose(fp); - --out: --#ifndef MNT_DETACH --#define MNT_DETACH 2 --#endif -- if (mnt_rc == 0) -- umount2("/proc", MNT_DETACH); -- - return exists; - } - hidden_def(selinuxfs_exists) -Index: libselinux-2.5/src/load_policy.c -=================================================================== ---- libselinux-2.5.orig/src/load_policy.c -+++ libselinux-2.5/src/load_policy.c -@@ -17,6 +17,10 @@ - #include "policy.h" - #include - -+#ifndef MNT_DETACH -+#define MNT_DETACH 2 -+#endif -+ - int security_load_policy(void *data, size_t len) - { - char path[PATH_MAX]; -@@ -348,11 +352,6 @@ int selinux_init_load_policy(int *enforc - fclose(cfg); - free(buf); - } --#ifndef MNT_DETACH --#define MNT_DETACH 2 --#endif -- if (rc == 0) -- umount2("/proc", MNT_DETACH); - - /* - * Determine the final desired mode. -@@ -402,9 +401,13 @@ int selinux_init_load_policy(int *enforc - } - - goto noload; -+ if (rc == 0) -+ umount2("/proc", MNT_DETACH); - } - set_selinuxmnt(mntpoint); -- -+ -+ if (rc == 0) -+ umount2("/proc", MNT_DETACH); - /* - * Note: The following code depends on having selinuxfs - * already mounted and selinuxmnt set above. diff --git a/libselinux.changes b/libselinux.changes index 764c089..fdc217a 100644 --- a/libselinux.changes +++ b/libselinux.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Fri Nov 24 09:09:02 UTC 2017 - jsegitz@suse.com + +- Update to version 2.6. Notable changes: + * selinux_restorecon: fix realpath logic + * sefcontext_compile: invert semantics of "-r" flag + * sefcontext_compile: Add "-i" flag + * Introduce configurable backends + * Add function to find security.restorecon_last entries + * Add openrc_contexts functions + * Add support for pcre2 + * Handle NULL pcre study data + * Add setfiles support to selinux_restorecon(3) + * Evaluate inodes in selinux_restorecon(3) + * Change the location of _selinux.so + * Explain how to free policy type from selinux_getpolicytype() + * Compare absolute pathname in matchpathcon -V + * Add selinux_snapperd_contexts_path() + * Modify audit2why analyze function to use loaded policy + * Avoid mounting /proc outside of selinux_init_load_policy() + * Fix location of selinuxfs mount point + * Only mount /proc if necessary + * procattr: return einval for <= 0 pid args + * procattr: return error on invalid pid_t input +- Dropped + * libselinux-2.2-ruby.patch + * libselinux-proc-mount-only-if-needed.patch + * python-selinux-swig-3.10.patch + ------------------------------------------------------------------- Wed Jul 5 10:30:57 UTC 2017 - schwab@suse.de diff --git a/libselinux.spec b/libselinux.spec index a7049f4..459890f 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,7 +1,7 @@ # # spec file for package libselinux # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,24 +16,19 @@ # -%define libsepol_ver 2.5 +%define libsepol_ver 2.6 Name: libselinux -Version: 2.5 +Version: 2.6 Release: 0 Summary: SELinux runtime library and utilities License: GPL-2.0 and SUSE-Public-Domain Group: Development/Libraries/C and C++ Url: https://github.com/SELinuxProject/selinux/wiki/Releases -Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/%{name}-%{version}.tar.gz +Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz Source1: selinux-ready Source2: baselibs.conf -Patch1: %{name}-2.2-ruby.patch -# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path -Patch2: python-selinux-swig-3.10.patch -# PATCH-FIX-UPSTREAM Avoid mounting /proc outside of selinux_init_load_policy(). -Patch3: libselinux-proc-mount-only-if-needed.patch # PATCH-FIX-UPSTREAM Include for readv prototype Patch4: readv-proto.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -102,9 +97,6 @@ necessary to develop your own software using libselinux. %prep %setup -q -%patch1 -%patch2 -p1 -%patch3 -p1 %patch4 -p1 %build diff --git a/python-selinux-swig-3.10.patch b/python-selinux-swig-3.10.patch deleted file mode 100644 index 20897e3..0000000 --- a/python-selinux-swig-3.10.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: b/src/Makefile -=================================================================== ---- a/src/Makefile -+++ b/src/Makefile -@@ -155,7 +155,7 @@ install: all - - install-pywrap: pywrap - test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux -- install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/selinux/_selinux.so -+ install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/_selinux.so - install -m 755 $(AUDIT2WHYSO) $(PYLIBDIR)/site-packages/selinux/audit2why.so - install -m 644 $(SWIGPYOUT) $(PYLIBDIR)/site-packages/selinux/__init__.py -