From b0259f782e77655e88d0dbe14b7caece2257e0e9ea2931a12b930dc01efb4860 Mon Sep 17 00:00:00 2001
From: Johannes Segitz <jsegitz@suse.com>
Date: Mon, 27 Nov 2017 09:18:52 +0000
Subject: [PATCH] OBS-URL:
https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=92
---
libselinux-2.2-ruby.patch | 24 ------
libselinux-2.5.tar.gz | 3 -
libselinux-2.6.tar.gz | 3 +
libselinux-bindings.changes | 29 +++++++
libselinux-bindings.spec | 13 +--
libselinux-proc-mount-only-if-needed.patch | 93 ----------------------
libselinux.changes | 29 +++++++
libselinux.spec | 16 +---
python-selinux-swig-3.10.patch | 13 ---
9 files changed, 69 insertions(+), 154 deletions(-)
delete mode 100644 libselinux-2.2-ruby.patch
delete mode 100644 libselinux-2.5.tar.gz
create mode 100644 libselinux-2.6.tar.gz
delete mode 100644 libselinux-proc-mount-only-if-needed.patch
delete mode 100644 python-selinux-swig-3.10.patch
diff --git a/libselinux-2.2-ruby.patch b/libselinux-2.2-ruby.patch
deleted file mode 100644
index 4ee9d20..0000000
--- a/libselinux-2.2-ruby.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Index: src/Makefile
-===================================================================
---- src/Makefile.orig
-+++ src/Makefile
-@@ -16,8 +16,8 @@ PYINC ?= $(shell pkg-config --cflags $(P
- PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
- RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
- RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM')
--RUBYINC ?= $(shell pkg-config --cflags ruby)
--RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
-+RUBYINC ?= $(shell ruby -r rbconfig -e "print RbConfig::CONFIG['rubyhdrdir'].nil? ? '$(LIBDIR)/ruby/$(RUBYLIBVER)' : RbConfig::CONFIG['rubyhdrdir']")
-+RUBYINSTALL ?= $(shell ruby -r rbconfig -e "print RbConfig::CONFIG['vendorarchdir'].nil? ? '$(DESTDIR)'+RbConfig::CONFIG['sitearchdir'] : '$(DESTDIR)'+RbConfig::CONFIG['vendorarchdir']")
- LIBBASE ?= $(shell basename $(LIBDIR))
-
- VERSION = $(shell cat ../VERSION)
-@@ -98,7 +98,7 @@ $(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $<
-
- $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
-- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
-+ $(CC) $(filter-out -Werror, $(CFLAGS)) -I$(RUBYINC) -I$(RUBYINC)/$(RUBYPLATFORM) -fPIC -DSHARED -c -o $@ $<
-
- $(SWIGSO): $(SWIGLOBJ)
- $(CC) $(CFLAGS) -shared -o $@ $< -L. -lselinux $(LDFLAGS) -L$(LIBDIR)
diff --git a/libselinux-2.5.tar.gz b/libselinux-2.5.tar.gz
deleted file mode 100644
index 38881dc..0000000
--- a/libselinux-2.5.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:94c9e97706280bedcc288f784f67f2b9d3d6136c192b2c9f812115edba58514f
-size 189019
diff --git a/libselinux-2.6.tar.gz b/libselinux-2.6.tar.gz
new file mode 100644
index 0000000..7602e2b
--- /dev/null
+++ b/libselinux-2.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4ea2dde50665c202253ba5caac7738370ea0337c47b251ba981c60d24e1a118a
+size 203119
diff --git a/libselinux-bindings.changes b/libselinux-bindings.changes
index 6c0226a..3674448 100644
--- a/libselinux-bindings.changes
+++ b/libselinux-bindings.changes
@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Fri Nov 24 09:09:02 UTC 2017 - jsegitz@suse.com
+
+- Update to version 2.6. Notable changes:
+ * selinux_restorecon: fix realpath logic
+ * sefcontext_compile: invert semantics of "-r" flag
+ * sefcontext_compile: Add "-i" flag
+ * Introduce configurable backends
+ * Add function to find security.restorecon_last entries
+ * Add openrc_contexts functions
+ * Add support for pcre2
+ * Handle NULL pcre study data
+ * Add setfiles support to selinux_restorecon(3)
+ * Evaluate inodes in selinux_restorecon(3)
+ * Change the location of _selinux.so
+ * Explain how to free policy type from selinux_getpolicytype()
+ * Compare absolute pathname in matchpathcon -V
+ * Add selinux_snapperd_contexts_path()
+ * Modify audit2why analyze function to use loaded policy
+ * Avoid mounting /proc outside of selinux_init_load_policy()
+ * Fix location of selinuxfs mount point
+ * Only mount /proc if necessary
+ * procattr: return einval for <= 0 pid args
+ * procattr: return error on invalid pid_t input
+- Dropped
+ * libselinux-2.2-ruby.patch
+ * libselinux-proc-mount-only-if-needed.patch
+ * python-selinux-swig-3.10.patch
+
-------------------------------------------------------------------
Wed Jul 5 10:30:57 UTC 2017 - schwab@suse.de
diff --git a/libselinux-bindings.spec b/libselinux-bindings.spec
index fc96fc2..612c00f 100644
--- a/libselinux-bindings.spec
+++ b/libselinux-bindings.spec
@@ -1,7 +1,7 @@
#
# spec file for package libselinux-bindings
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,10 +16,10 @@
#
-%define libsepol_ver 2.5
+%define libsepol_ver 2.6
Name: libselinux-bindings
-Version: 2.5
+Version: 2.6
Release: 0
Summary: SELinux runtime library and simple utilities
License: GPL-2.0 and SUSE-Public-Domain
@@ -27,12 +27,9 @@ Group: Development/Libraries/C and C++
Url: https://github.com/SELinuxProject/selinux/wiki/Releases
# embedded is the MD5
-Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libselinux-%{version}.tar.gz
+Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/libselinux-%{version}.tar.gz
Source1: selinux-ready
Source2: baselibs.conf
-Patch1: libselinux-2.2-ruby.patch
-# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path
-Patch2: python-selinux-swig-3.10.patch
# PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype
Patch4: readv-proto.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -76,8 +73,6 @@ language.
%prep
%setup -q -n libselinux-%{version}
-%patch1
-%patch2 -p1
%patch4 -p1
%build
diff --git a/libselinux-proc-mount-only-if-needed.patch b/libselinux-proc-mount-only-if-needed.patch
deleted file mode 100644
index 383e72c..0000000
--- a/libselinux-proc-mount-only-if-needed.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-Index: libselinux-2.5/src/init.c
-===================================================================
---- libselinux-2.5.orig/src/init.c
-+++ libselinux-2.5/src/init.c
-@@ -11,7 +11,6 @@
- #include <sys/vfs.h>
- #include <stdint.h>
- #include <limits.h>
--#include <sys/mount.h>
-
- #include "dso.h"
- #include "policy.h"
-@@ -57,20 +56,18 @@ static int verify_selinuxmnt(const char
-
- int selinuxfs_exists(void)
- {
-- int exists = 0, mnt_rc = 0;
-+ int exists = 0;
- FILE *fp = NULL;
- char *buf = NULL;
- size_t len;
- ssize_t num;
-
-- mnt_rc = mount("proc", "/proc", "proc", 0, 0);
-
- fp = fopen("/proc/filesystems", "r");
-- if (!fp) {
-- exists = 1; /* Fail as if it exists */
-- goto out;
-- }
-
-+ if (!fp)
-+ return 1; /* Fail as if it exists */
-+
- __fsetlocking(fp, FSETLOCKING_BYCALLER);
-
- num = getline(&buf, &len, fp);
-@@ -85,13 +82,6 @@ int selinuxfs_exists(void)
- free(buf);
- fclose(fp);
-
--out:
--#ifndef MNT_DETACH
--#define MNT_DETACH 2
--#endif
-- if (mnt_rc == 0)
-- umount2("/proc", MNT_DETACH);
--
- return exists;
- }
- hidden_def(selinuxfs_exists)
-Index: libselinux-2.5/src/load_policy.c
-===================================================================
---- libselinux-2.5.orig/src/load_policy.c
-+++ libselinux-2.5/src/load_policy.c
-@@ -17,6 +17,10 @@
- #include "policy.h"
- #include <limits.h>
-
-+#ifndef MNT_DETACH
-+#define MNT_DETACH 2
-+#endif
-+
- int security_load_policy(void *data, size_t len)
- {
- char path[PATH_MAX];
-@@ -348,11 +352,6 @@ int selinux_init_load_policy(int *enforc
- fclose(cfg);
- free(buf);
- }
--#ifndef MNT_DETACH
--#define MNT_DETACH 2
--#endif
-- if (rc == 0)
-- umount2("/proc", MNT_DETACH);
-
- /*
- * Determine the final desired mode.
-@@ -402,9 +401,13 @@ int selinux_init_load_policy(int *enforc
- }
-
- goto noload;
-+ if (rc == 0)
-+ umount2("/proc", MNT_DETACH);
- }
- set_selinuxmnt(mntpoint);
--
-+
-+ if (rc == 0)
-+ umount2("/proc", MNT_DETACH);
- /*
- * Note: The following code depends on having selinuxfs
- * already mounted and selinuxmnt set above.
diff --git a/libselinux.changes b/libselinux.changes
index 764c089..fdc217a 100644
--- a/libselinux.changes
+++ b/libselinux.changes
@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Fri Nov 24 09:09:02 UTC 2017 - jsegitz@suse.com
+
+- Update to version 2.6. Notable changes:
+ * selinux_restorecon: fix realpath logic
+ * sefcontext_compile: invert semantics of "-r" flag
+ * sefcontext_compile: Add "-i" flag
+ * Introduce configurable backends
+ * Add function to find security.restorecon_last entries
+ * Add openrc_contexts functions
+ * Add support for pcre2
+ * Handle NULL pcre study data
+ * Add setfiles support to selinux_restorecon(3)
+ * Evaluate inodes in selinux_restorecon(3)
+ * Change the location of _selinux.so
+ * Explain how to free policy type from selinux_getpolicytype()
+ * Compare absolute pathname in matchpathcon -V
+ * Add selinux_snapperd_contexts_path()
+ * Modify audit2why analyze function to use loaded policy
+ * Avoid mounting /proc outside of selinux_init_load_policy()
+ * Fix location of selinuxfs mount point
+ * Only mount /proc if necessary
+ * procattr: return einval for <= 0 pid args
+ * procattr: return error on invalid pid_t input
+- Dropped
+ * libselinux-2.2-ruby.patch
+ * libselinux-proc-mount-only-if-needed.patch
+ * python-selinux-swig-3.10.patch
+
-------------------------------------------------------------------
Wed Jul 5 10:30:57 UTC 2017 - schwab@suse.de
diff --git a/libselinux.spec b/libselinux.spec
index a7049f4..459890f 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -1,7 +1,7 @@
#
# spec file for package libselinux
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,24 +16,19 @@
#
-%define libsepol_ver 2.5
+%define libsepol_ver 2.6
Name: libselinux
-Version: 2.5
+Version: 2.6
Release: 0
Summary: SELinux runtime library and utilities
License: GPL-2.0 and SUSE-Public-Domain
Group: Development/Libraries/C and C++
Url: https://github.com/SELinuxProject/selinux/wiki/Releases
-Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/%{name}-%{version}.tar.gz
+Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz
Source1: selinux-ready
Source2: baselibs.conf
-Patch1: %{name}-2.2-ruby.patch
-# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path
-Patch2: python-selinux-swig-3.10.patch
-# PATCH-FIX-UPSTREAM Avoid mounting /proc outside of selinux_init_load_policy().
-Patch3: libselinux-proc-mount-only-if-needed.patch
# PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype
Patch4: readv-proto.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -102,9 +97,6 @@ necessary to develop your own software using libselinux.
%prep
%setup -q
-%patch1
-%patch2 -p1
-%patch3 -p1
%patch4 -p1
%build
diff --git a/python-selinux-swig-3.10.patch b/python-selinux-swig-3.10.patch
deleted file mode 100644
index 20897e3..0000000
--- a/python-selinux-swig-3.10.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: b/src/Makefile
-===================================================================
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -155,7 +155,7 @@ install: all
-
- install-pywrap: pywrap
- test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
-- install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/selinux/_selinux.so
-+ install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/_selinux.so
- install -m 755 $(AUDIT2WHYSO) $(PYLIBDIR)/site-packages/selinux/audit2why.so
- install -m 644 $(SWIGPYOUT) $(PYLIBDIR)/site-packages/selinux/__init__.py
-