Accepting request 161740 from home:vitezslav_cizek:branches:security:SELinux

- update to 2.1.10 * Add sefcontext_compile to compile regex everytime policy is rebuilt * Cleanup/fix enable/disable/remove module. * redo genhomedircon minuid * fixes from coverity * semanage_store: do not leak memory in semanage_exec_prog * genhomedircon: remove useless conditional in get_home_dirs * genhomedircon: double free in get_home_dirs * fcontext_record: do not leak on error in semanage_fcontext_key_create * genhomedircon: do not leak on failure in write_gen_home_dir_context * semanage_store: do not leak fd * genhomedircon: do not leak shells list * semanage_store: do not leak on strdup failure * semanage_store: rewrite for readability OBS-URL: https://build.opensuse.org/request/show/161740 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=42
2013-04-02 11:49:38 +00:00 · 2013-04-02 11:49:38 +00:00 · d3e4c7a08c
commit d3e4c7a08c
parent 348c05be40
5 changed files with 76 additions and 4 deletions
--- a/libsemanage-2.1.10.tgz
+++ b/libsemanage-2.1.10.tgz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:87489a293225190df5e0eb7b130bcf042354f2e892b35c16d68131c644b61283
+size 139508
--- a/libsemanage.changes
+++ b/libsemanage.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Fri Mar 29 15:21:29 UTC 2013 - vcizek@suse.com
+
+- update to 2.1.10
+  * Add sefcontext_compile to compile regex everytime policy is rebuilt
+  * Cleanup/fix enable/disable/remove module.
+  * redo genhomedircon minuid
+  * fixes from coverity
+  * semanage_store: do not leak memory in semanage_exec_prog
+  * genhomedircon: remove useless conditional in get_home_dirs
+  * genhomedircon: double free in get_home_dirs
+  * fcontext_record: do not leak on error in semanage_fcontext_key_create
+  * genhomedircon: do not leak on failure in write_gen_home_dir_context
+  * semanage_store: do not leak fd
+  * genhomedircon: do not leak shells list
+  * semanage_store: do not leak on strdup failure
+  * semanage_store: rewrite for readability
+
 -------------------------------------------------------------------
 Wed Jan 30 12:00:30 UTC 2013 - vcizek@suse.com

--- a/libsemanage.spec
+++ b/libsemanage.spec
@ -24,13 +24,13 @@ BuildRequires:  libsepol-devel
 BuildRequires:  libustr-devel

 Name:           libsemanage
-Version:        2.1.9
+Version:        2.1.10
 Release:        0
 Summary:        SELinux binary policy manipulation library
 License:        LGPL-2.1+
 Group:          System/Libraries
 Url:            http://userspace.selinuxproject.org/
-Source:         http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz
+Source:         http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tgz
 Source1:        baselibs.conf
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

--- a/python-semanage.spec
+++ b/python-semanage.spec
@ -26,13 +26,13 @@ BuildRequires:  python-devel
 BuildRequires:  swig

 Name:           python-semanage
-Version:        2.1.9
+Version:        2.1.10
 Release:        0
 Summary:        Python bindings for libsemanage
 License:        LGPL-2.1
 Group:          Development/Languages/Python
 Url:            http://www.nsa.gov/selinux/
-Source:         http://userspace.selinuxproject.org/releases/20120216/libsemanage-%{version}.tar.gz
+Source:         http://userspace.selinuxproject.org/releases/20120216/libsemanage-%{version}.tgz
 Source1:        baselibs.conf
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       libsemanage1 = %{version}
--- a/semanage.conf
+++ b/semanage.conf
@ -0,0 +1,51 @@
+# Authors: Jason Tang <jtang@tresys.com>
+#
+# Copyright (C) 2004-2005 Tresys Technology, LLC
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation; either
+#  version 2.1 of the License, or (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+# Specify how libsemanage will interact with a SELinux policy manager.
+# The four options are:
+#
+#  "source"     - libsemanage manipulates a source SELinux policy
+#  "direct"     - libsemanage will write directly to a module store.
+#  /foo/bar     - Write by way of a policy management server, whose
+#                 named socket is at /foo/bar.  The path must begin
+#                 with a '/'.
+#  foo.com:4242 - Establish a TCP connection to a remote policy
+#                 management server at foo.com.  If there is a colon
+#                 then the remainder is interpreted as a port number;
+#                 otherwise default to port 4242.
+module-store = direct
+
+# When generating the final linked and expanded policy, by default
+# semanage will set the policy version to POLICYDB_VERSION_MAX, as
+# given in <sepol/policydb.h>.  Change this setting if a different
+# version is necessary.
+#policy-version = 19
+
+# expand-check check neverallow rules when executing all semanage commands.
+# Large penalty in time if you turn this on.  
+expand-check=0
+
+# usepasswd check tells semanage to scan all pass word records for home directories
+# and setup the labeling correctly.  If this is turned off, SELinux will label /home 
+# correctly only.  You will need to use semanage fcontext command.  
+# For example, if you had home dirs in /althome directory you would have to execute
+# semanage fcontext -a -e /home /althome
+usepasswd=False
+bzip-small=true
+bzip-blocksize=5
+ignoredirs=/root