Accepting request 408692 from security:SELinux

1 OBS-URL: https://build.opensuse.org/request/show/408692 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=35
2016-07-18 19:17:19 +00:00 · 2016-07-18 19:17:19 +00:00 · ab00af05c1
commit ab00af05c1
parent dd793f471e fb01341895
4 changed files with 115 additions and 27 deletions
--- a/libsepol-2.3.tar.gz
+++ b/libsepol-2.3.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:cc8d8642c3b7b95d6928d65dcbca2ab0627abc1c05166637851e63c1a6eae68f
 size 209570
--- a/libsepol-2.5.tar.gz
+++ b/libsepol-2.5.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:2bdeec56d0a08b082b93b40703b4b3329cc5562152f7254d8f6ef6b56afe850a
 size 438730
--- a/libsepol.changes
+++ b/libsepol.changes
@ -1,3 +1,77 @@
 -------------------------------------------------------------------
 Thu Jul 14 14:38:09 UTC 2016 - mpluskal@suse.com
 - Cleanup spec file with spec-cleaner
 - Make spec file a bit more easy
 - Ship new supbackage (-tools)
 -------------------------------------------------------------------
 Thu Jul 14 14:21:46 UTC 2016 - jsegitz@novell.com
 - Without bug number no submit to SLE 12 SP2 is possible, so to make
  sle-changelog-checker happy: bsc#988977
 -------------------------------------------------------------------
 Thu Jul 14 07:57:35 UTC 2016 - jsegitz@novell.com
 - Adjusted source link
 -------------------------------------------------------------------
 Tue Jul  5 17:11:44 UTC 2016 - i@marguerite.su
 - update version 2.5
  * Fix unused variable annotations
  * Fix uninitialized variable in CIL
  * Validate extended avrules and permissionxs in CIL
  * Add support in CIL for neverallowx
  * Fully expand neverallowxperm rules
  * Add support for unordered classes to CIL
  * Add neverallow support for ioctl extended permissions
  * Improve CIL block and macro call recursion detection
  * Fix CIL uninitialized false positive in cil_binary
  * Provide error in CIL if classperms are empty
  * Add userattribute{set} functionality to CIL
  * fix CIL blockinherit copying segfault and add macro restrictions
  * fix CIL NULL pointer dereference when copying classpermission/set
  * Add CIL support for ioctl whitelists
  * Fix memory leak when destroying avtab
  * Replace sscanf in module_to_cil
  * Improve CIL resolution error messages
  * Fix policydb_read for policy versions < 24
  * Added CIL bounds checking and refactored CIL Neverallow checking
  * Refactored libsepol Neverallow and bounds (hierarchy) checking
  * Treat types like an attribute in the attr_type_map
  * Add new ebitmap function named ebitmap_match_any()
  * switch operations to extended perms
  * Write auditadm_r and secadm_r roles to base module when writing CIL
  * Fix module to CIL to only associate declared roleattributes with in-scope types
  * Don't allow categories/sensitivities inside blocks in CIL
  * Replace fmemopen() with internal function in libsepol
  * Verify users prior to evaluating users in cil
  * Binary modules do not support ioctl rules
  * Add support for ioctl command whitelisting
  * Don't use symbol versioning for static object files
  * Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(), 
    and sepol_ppfile_to_module_package()
  * Move secilc out of libsepol
  * fix building Xen policy with devicetreecon, and add devicetreecon
    CIL documentation
  * bool_copy_callback set state on creation
  * Add device tree ocontext nodes to Xen policy
  * Widen Xen IOMEM context entries
  * Fix error path in mls_semantic_level_expand()
  * Update to latest CIL, includes new name resolution and fixes ordering
    issues with blockinherit statements, and bug fixes
 - changes in 2.4
  * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
  * Fix bugs found by hardened gcc flags
  * Build CIL into libsepol. libsepol can be built without CIL by setting the
    DISABLE_CIL flag to 'y'
  * Add an API function to set target_platform
  * Report all neverallow violations
  * Improve check_assertions performance
  * Allow libsepol C++ static library on device
 -------------------------------------------------------------------
 Fri May 16 13:06:12 UTC 2014 - vcizek@suse.com
--- a/libsepol.spec
+++ b/libsepol.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libsepol
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,16 +17,17 @@
 Name:           libsepol
-Version:        2.3
+Version:        2.5
 Release:        0
 Url:            http://www.nsa.gov/selinux/
 Summary:        SELinux binary policy manipulation library
 License:        LGPL-2.1+
 Group:          System/Libraries
-Source:         http://userspace.selinuxproject.org/releases/20140506/%{name}-%{version}.tar.gz
+Url:            http://www.nsa.gov/selinux/
 Source:         https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/%{name}-%{version}.tar.gz
 Source2:        baselibs.conf
 BuildRequires:  flex
 BuildRequires:  pkgconfig
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  pkg-config
 %description
 Security-enhanced Linux is a feature of the Linux(R) kernel and a
@ -45,7 +46,26 @@ tools, as well as by programs like load_policy that need to perform
 specific transformations on binary policies such as customizing policy
 boolean settings.
 %package utils
 Summary:        SELinux binary policy manipulation tools
 Group:          System/Base
 %description utils
 Security-enhanced Linux is a feature of the Linux(R) kernel and a
 number of utilities with enhanced security functionality designed to
 add mandatory access controls to Linux.  The Security-enhanced Linux
 kernel contains new architectural components originally developed to
 improve the security of the Flask operating system. These architectural
 components provide general support for the enforcement of many kinds of
 mandatory access control policies, including those based on the
 concepts of Type Enforcement(R), Role-based Access Control, and
 Multi-level Security.
 libsepol provides an API for the manipulation of SELinux binary
 policies. It is used by checkpolicy (the policy compiler) and similar
 tools, as well as by programs like load_policy that need to perform
 specific transformations on binary policies such as customizing policy
 boolean settings.
 %package -n libsepol1
 Summary:        SELinux binary policy manipulation library
@ -68,22 +88,18 @@ tools, as well as by programs like load_policy that need to perform
 specific transformations on binary policies such as customizing policy
 boolean settings.
 %package devel
 Summary:        Development Include Files and Libraries for SELinux policy manipulation
 Group:          Development/Libraries/C and C++
 Requires:       glibc-devel
 Requires:       libsepol1 = %{version}
-Requires:       pkg-config
+Requires:       pkgconfig
 %description devel
 The libsepol-devel package contains the libraries and header
 files needed for developing applications that manipulate binary
 policies.
 %package devel-static
 Summary:        Development Include Files and Libraries for SELinux policy manipulation
 Group:          Development/Libraries/C and C++
@ -94,30 +110,26 @@ The libsepol-devel-static package contains the static libraries
 needed for developing applications that manipulate binary
 policies.
 %prep
 %setup -q
 %build
-make %{?_smp_mflags} CC="%{__cc}" CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS)"
+export CFLAGS="%{optflags}"
 make %{?_smp_mflags}
 %install
-mkdir -p $RPM_BUILD_ROOT/%{_lib}
+make DESTDIR=%{buildroot} LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" install
 mkdir -p $RPM_BUILD_ROOT%{_libdir}
 mkdir -p $RPM_BUILD_ROOT%{_includedir}
 mkdir -p $RPM_BUILD_ROOT%{_bindir}
 mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{3,8}
 make DESTDIR="$RPM_BUILD_ROOT" LIBDIR="$RPM_BUILD_ROOT%{_libdir}" SHLIBDIR="$RPM_BUILD_ROOT/%{_lib}" install
 rm -f $RPM_BUILD_ROOT%{_bindir}/genpolbools
 rm -f $RPM_BUILD_ROOT%{_bindir}/genpolusers
 rm -f $RPM_BUILD_ROOT%{_bindir}/chkcon
 rm -rf $RPM_BUILD_ROOT%{_mandir}/man8
 %post -n libsepol1 -p /sbin/ldconfig
 %postun -n libsepol1 -p /sbin/ldconfig
 %files utils
 %defattr(-,root,root)
 %{_bindir}/chkcon
 %{_mandir}/man8/chkcon.8%{ext_man}
 %{_mandir}/man8/genpolbools.8%{ext_man}
 %{_mandir}/man8/genpolusers.8%{ext_man}
 %files -n libsepol1
 %defattr(-,root,root)
 /%{_lib}/libsepol.so.*
@ -127,7 +139,9 @@ rm -rf $RPM_BUILD_ROOT%{_mandir}/man8
 %{_libdir}/libsepol.so
 %{_mandir}/man3/*
 %dir %{_includedir}/sepol
 %dir %{_includedir}/sepol/cil
 %{_includedir}/sepol/*.h
 %{_includedir}/sepol/cil/cil.h
 %dir %{_includedir}/sepol/policydb
 %{_includedir}/sepol/policydb/*.h
 %{_libdir}/pkgconfig/libsepol.pc