From e3aab34f8bd747b3ea9c5e1d8b714c09baf3a804b63d9f6ffb09a1f8bafe5d5c Mon Sep 17 00:00:00 2001 From: Hu Date: Tue, 2 Jul 2024 09:43:29 +0000 Subject: [PATCH] Accepting request 1184294 from home:cahu:security:SELinux:userspace37 - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * Bugfixes: * libsemanage: support huge passwd entries - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * Bugfixes: * libsemanage: support huge passwd entries OBS-URL: https://build.opensuse.org/request/show/1184294 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=114 --- .gitattributes | 23 ++ .gitignore | 1 + _multibuild | 4 + baselibs.conf | 1 + libsemanage-3.6.tar.gz | 3 + libsemanage-3.6.tar.gz.asc | 16 ++ libsemanage-3.7.tar.gz | 3 + libsemanage-3.7.tar.gz.asc | 16 ++ libsemanage.changes | 493 +++++++++++++++++++++++++++++++++++++ libsemanage.keyring | 110 +++++++++ libsemanage.spec | 161 ++++++++++++ python-semanage.changes | 396 +++++++++++++++++++++++++++++ python-semanage.spec | 100 ++++++++ semanage.conf | 51 ++++ 14 files changed, 1378 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 libsemanage-3.6.tar.gz create mode 100644 libsemanage-3.6.tar.gz.asc create mode 100644 libsemanage-3.7.tar.gz create mode 100644 libsemanage-3.7.tar.gz.asc create mode 100644 libsemanage.changes create mode 100644 libsemanage.keyring create mode 100644 libsemanage.spec create mode 100644 python-semanage.changes create mode 100644 python-semanage.spec create mode 100644 semanage.conf diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..505095a --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + python-semanage + + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..f02cd37 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libsemanage2 diff --git a/libsemanage-3.6.tar.gz b/libsemanage-3.6.tar.gz new file mode 100644 index 0000000..2d6c989 --- /dev/null +++ b/libsemanage-3.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:41138f46222439e1242f27c1587e95cf54a059259aaf1681db642cc30c4e0d60 +size 182583 diff --git a/libsemanage-3.6.tar.gz.asc b/libsemanage-3.6.tar.gz.asc new file mode 100644 index 0000000..3273bc1 --- /dev/null +++ b/libsemanage-3.6.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAIACgkQRpWIHCVF +CNHfxRAAxXkHDxt7TvNySNdBDbqD0NX8r2tAKBEqI5dwspic8W8qi3mBBtqSYhxA +XAx8lRtf+wMSUaUO/Fa0qUyFuc/zdDTJUiNl2Aijp7YER3wpGj1/YDz/6lAWEc2N +8HMKQLYmdyoqzltRLTyTfRU3Zp1o0D15JVQtONadllTbRr6xKu672rSMkJf4AlxN +Q+CP26z/vRCtWXZLmsupgzbgeMPITrLGW5tubjtKgs8RGJ7o/yC1L0lT3aXSZ+EC +fhu4u7PhJqHeXhfSW1JBXkOXVooc9/9O1CURpSWGoS7CzhLpoxfabZfEomT2vshx +1DIQNFkCHrVp4mF+NU+AHatJNuknopz3XaKVEkYfUkcg23uFNuUXb9Rit1fJXYrD +YTNEtkv3LQw20dTpAP8LeW7LUv+9Z3hQQlOdHmzTNloJBH47B7MiNE09HdHtQL/w +10UUMgO4mTBGCseQ1gNfnbVQIUxP9iMdKzNG1aSDZIABH0Liroh2Oq1j5oJybWsw +C+yXFPle/bKvKzIXTBST40Qxi5fOIJatewRTEMX8ikapBaVKIE9QSlYRSnAgD0Me +LW1MQG/2FCt3byGA/gSYnRlgASjg2r23QHlvVRkRG0/Uj37hE5QAHqIMYmMsMEqy +XenmK+tCcPC6y/O4BwoRV3O6PU8/j8C0+RYD4bv5xmtPd1H+858= +=xhK9 +-----END PGP SIGNATURE----- diff --git a/libsemanage-3.7.tar.gz b/libsemanage-3.7.tar.gz new file mode 100644 index 0000000..1624de3 --- /dev/null +++ b/libsemanage-3.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e166cae29a417dab008db9ca0874023f353a3017b07693a036ed97487eda35b1 +size 182896 diff --git a/libsemanage-3.7.tar.gz.asc b/libsemanage-3.7.tar.gz.asc new file mode 100644 index 0000000..8f272c0 --- /dev/null +++ b/libsemanage-3.7.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF +CNF7iw/+J/RkUBGyWCTPpjTxycgsM32jroIqhekik2VkAAoSSfIy2DNsV9W1LhjX +8wdTIbohbVIV4iVjzvd8H5ee0XpywPYQ18bgvYmpHmjC+0pp3wZy5T1igbE1ePCq +r/MheAHIn4zj68qZZxCXZs5Fc1PC910jsEOM8Wwdyyo8VGpPp4EfO6y3aFIkbeoQ +kC4rNtXtXy5USKUtQ8QbKqyr+/YuSfVgYeZCexBqL0GJ4jwP413xiwKXL+RAzDeL +j5Z9m0j911LTer/KUoDL+jdlkX1YTf4qK+VEcHjlQBLUoS6atsNKSMJftqKkATfP +AZqlBuka6RheBL54eNHc+slIKEJvhfuTFWItM/3o8+lnW/2d7dYh1WxQhXJBFDM7 +dbButzqAL9dKNRjTNlBpMPe8oj13wLK890eVLOlnMIJUW4dZURoNNbs3Q2OlhuHQ +kyuPOegi2ZaNz4TvjlI1egY3h9lVYjUv/l/AtscqWfutZfD+e7n93mLOiXmZFmHI +G56cIUHfT13CEPq9D8moVTLM1bSibEDGe2GUqalpk9YcbQ3wBBXgUF8XcGuQFYZt +Bl42k6VvolZ6net+FxBoUhprBDtkPJQSD5DyT0OF4uucdZiDbsZT7vsYMjndiZVd +D1FyYekdvzb6x6li4nLLkxyj2WV96vPvqRKK+zvIldFem1Nllps= +=aE6b +-----END PGP SIGNATURE----- diff --git a/libsemanage.changes b/libsemanage.changes new file mode 100644 index 0000000..1ee0c05 --- /dev/null +++ b/libsemanage.changes @@ -0,0 +1,493 @@ +------------------------------------------------------------------- +Mon Jul 1 07:57:45 UTC 2024 - Cathy Hu + +- Update to version 3.7 + https://github.com/SELinuxProject/selinux/releases/tag/3.7 + * Bugfixes: + * libsemanage: support huge passwd entries + +------------------------------------------------------------------- +Tue Dec 19 11:12:21 UTC 2023 - Cathy Hu + +- Update to version 3.6 + https://github.com/SELinuxProject/selinux/releases/tag/3.6 + * Add notself support for neverallow rules + * Improve man pages + * man pages: Remove the Russian translations + * Add notself and other support to CIL + * Add support for deny rules + * Translations updated from + https://translate.fedoraproject.org/projects/selinux/ + * Bug fixes +- Remove keys from keyring since they expired: + - E853C1848B0185CF42864DF363A8AD4B982C4373 + Petr Lautrbach + - 63191CE94183098689CAB8DB7EF137EC935B0EAF + Jason Zaman +- Add key to keyring: + - B8682847764DF60DF52D992CBC3905F235179CF1 + Petr Lautrbach + +------------------------------------------------------------------- +Mon Nov 27 09:51:42 UTC 2023 - Daniel Garcia + +- Remove dependency on /usr/bin/python3, making scripts to depends on + the real python3 binary, not the link. bsc#1212476 + +------------------------------------------------------------------- +Mon Aug 14 08:07:46 UTC 2023 - Johannes Segitz + +- Remove build counter syncing for real + +------------------------------------------------------------------- +Thu May 4 14:20:40 UTC 2023 - Frederic Crozat + +- Add _multibuild to define additional spec files as additional + flavors. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz + +- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because + of LTO + +------------------------------------------------------------------- +Thu Mar 23 13:06:51 UTC 2023 - Martin Liška + +- Enable LTO now (boo#1138812). + +------------------------------------------------------------------- +Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz + +- Update to version 3.5 + * Allow user to set SYSCONFDIR + * always write kernel policy when check_ext_changes is specified +- Added additional developer key (Jason Zaman) + +------------------------------------------------------------------- +Mon May 9 10:37:17 UTC 2022 - Johannes Segitz + +- Update to version 3.4 + * Optionally rebuild policy when modules are changed externally + * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() + * Allow spaces in user/group names + +------------------------------------------------------------------- +Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz + +- Drop Buildrequires for libustr-devel, not needed anymore + +------------------------------------------------------------------- +Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * Fixed use-after-free in parse_module_store() + * Fixed use_after_free in semanage_direct_write_langext() + +------------------------------------------------------------------- +Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz + +- Link to correct so version +- Minor spec file cleanups + +------------------------------------------------------------------- +Wed Mar 17 08:29:15 UTC 2021 - Johannes Segitz + +- Move configuration file to separate libsemanage-conf package to allow + for parallel installation in future versions + +------------------------------------------------------------------- +Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz + +- Update to version 3.2 + * dropped old and deprecated symbols and functions + libsemanage version was bumped to libsemanage.so.2 + * libsemanage tries to sync data to prevent empty files in SELinux module + store + +------------------------------------------------------------------- +Wed Jul 29 14:37:19 UTC 2020 - Thorsten Kukuk + +- Add /var/lib/selinux + +------------------------------------------------------------------- +Wed Jul 15 08:17:18 UTC 2020 - Johannes Segitz + +- Remove libsemanage-update-map-file.patch to prevent checkers from declining + the submission. Keeping the snippet in the spec file in case we try to + enable LTO again + +------------------------------------------------------------------- +Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * Improved manpage + * fsync final files before rename + +------------------------------------------------------------------- +Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz + +- Disabled LTO again. This breaks e.g. shadow and also other packages + in security:SELinux + +------------------------------------------------------------------- +Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez + +- Fix build with LTO: [bsc#1133102] + * Enable LTO (Link Time Optimization) and build with -ffat-lto-objects + * Update map file to include new symbols and remove wildcards +- Add libsemanage-update-map-file.patch + +------------------------------------------------------------------- +Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger + +- Drop suse_path.patch: replace it with a grep/sed logic replacing + /usr/libexec in all files with the correct value for all distros + (taking into account that openSUSE is in progress of migrating + from /usr/lib to /usr/libexec). + +------------------------------------------------------------------- +Fri May 29 12:51:17 UTC 2020 - Johannes Segitz + +- Apply suse_path.patch only for older distributions. Newer + use libexec + +------------------------------------------------------------------- +Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * Add support for DCCP and SCTP protocols + * include internal header to use the hidden function prototypes + * mark all exported function "extern" + * optionally optimize policy on rebuild + Refreshed suse_path.patch + +------------------------------------------------------------------- +Thu Jun 20 10:22:04 UTC 2019 - Martin Liška + +- Disable LTO due to symbol versioning (boo#1138812). + +------------------------------------------------------------------- +Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com + +- Update to version 2.9 + * Always set errno to 0 before calling getpwent() + * Include user name in ROLE_REMOVE audit events + * genhomedircon - improve handling large groups + * improve semanage_migrate_store import failure + * reset umask before creating directories + * set selinux policy root around calls to selinux_boolean_sub + * use previous seuser when getting the previous name + +------------------------------------------------------------------- +Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt + +- Use more %make_install. + +------------------------------------------------------------------- +Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com + +- Adjusted source urls (bsc#1115052) + +------------------------------------------------------------------- +Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com + +- update to version 2.8 + * semanage fcontext -l now also lists home directory entries from + file_contexts.homedirs. + * libsemanage no longer deletes the tmp directory if there is an error + while committing the policy transaction, so that any temporary files + can be further inspected for debugging purposes (e.g. to examine a + particular line of the generated CIL module). The tmp directory will + be deleted upon the next transaction, so no manual removal is needed. + * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc., + DESTDIR has to be removed from the definition. For example on Arch + Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin". + * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed). + +- Clened with spec-cleaner + +------------------------------------------------------------------- +Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com + +- Update to version 2.7. Changes: + * IB support + * saves linked policy and skips relinking whenever possible + +------------------------------------------------------------------- +Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com + +- Update to version 2.6. Notable changes: + * genhomedircon: do not suppress logging from libsepol + * genhomedircon: use userprefix as the role for homedir + * Fix bug preventing the installation of base modules + * Use pp module name instead of filename when installing module + * genhomedircon: remove hardcoded refpolicy strings + * genhomedircon: add support for %group syntax + * genhomedircon: generate contexts for logins mapped to the default user + * Validate and compile file contexts before installing + * Swap tcp and udp protocol numbers + * genhomedircon: %{USERID} and %{USERNAME} support and code cleanups + +------------------------------------------------------------------- +Mon Dec 12 14:59:36 UTC 2016 - dimstar@opensuse.org + +- Split out the Policy Store Migration tool into + libsemanage-store-migrate: it is not a devel tool to start with. + Additionally, it causes the -devel package to depend on python, + which we want to avoid (libsemanabe being part of the core build + cycle). The library suggests libsemanage-store-migrate. + +------------------------------------------------------------------- +Sun Jul 17 15:17:39 UTC 2016 - jengelh@inai.de + +- Update RPM groups, trim description, combine filelist entries, + ensure pkgconfig() symbols are generated. + +------------------------------------------------------------------- +Thu Jul 14 14:20:12 UTC 2016 - jsegitz@novell.com + +- Without bug number no submit to SLE 12 SP2 is possible, so to make + sle-changelog-checker happy: bsc#988977 + +------------------------------------------------------------------- +Wed Jul 13 09:43:28 UTC 2016 - jsegitz@novell.com + +- Added suse_path.patch to fix path to hll compiler + +------------------------------------------------------------------- +Fri Jul 8 15:24:49 UTC 2016 - i@marguerite.su + +- update version 2.5 + * Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss. + * Fix uninitialized variable in direct_commit and direct_api + * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so + * Store homedir_template and users_extra in policy store + * Fix null pointer dereference in semanage_module_key_destroy + * Add semanage_module_extract() to extract a module as CIL or HLL + * semanage_migrate_store: add -r option for migrating inside chroots + * Add file_contexts and seusers to the store + * Add policy binary and file_contexts.local to the store + * Allow to install compressed modules without a compression extension + * Do not copy contexts in semanage_migrate_store + * Fix logic in bunzip for uncompressed pp files + * Fix fname[] initialization in test_utilities.c + * Add remove-hll semanage.conf option to remove HLL files after + compilation to CIL + * Fix memory leaks when parsing semanage.conf + * Change bunzip to use heap instead of stack to prevent segfault on + systems with small stack size +- changes in 2.4 + * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different + directories + * Fix bugs found by hardened gcc flags + * Add missing manpage links to security_load_policy + * Fix failing libsemanage pywrap tests + * Fix deprecation warning for bison + * Skip policy module relink when only setting booleans + * Only try to compile file contexts if they exist + * Fix memory leak when setting a custom store path + * Add semodule option to set store root path in semanage.conf and the + semodule command + * Add semanage.conf option to set an alternative root path for policy + store + * Add support for High Level Language (HLL) to CIL compilers. The HLL + compiler path is configurable, but should be placed in + /usr/libexec/selinux/hll by default + * Create a policy migration script for migrating the policy store from + /etc/selinux to /var/lib/selinux + * Add python3 support to the migration script + * Use libcil to compile modules + * Use symbolic versioning to maintain ABI compatibility for old install + functions + * Add a target-platform option to semanage.conf to control how policies + are built + * Add API to handle modules and source policies, moving module store to + /var/lib/selinux + * Only try to compile file contexts if they exist + +------------------------------------------------------------------- +Sun May 18 00:10:55 UTC 2014 - crrodriguez@opensuse.org + +- version 2.3 +* Fix memory leak in semanage_genhomedircon from Thomas Hurd. + +------------------------------------------------------------------- +Tue Feb 11 10:12:55 UTC 2014 - vcizek@suse.com + +- add semanage.conf as SOURCE and install it instead of the default + one + +------------------------------------------------------------------- +Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com + +- Update to version 2.2 + * Avoid duplicate list entries + * Add audit support to libsemanage + * Remove policy.kern and replace with symlink + * Apply a MAX_UID check for genhomedircon + * Fix man pages +- Add audit-devel BuildRequires; new dependency +- Add fdupes BuildRequires and use it to symlink duplicate manpages + +------------------------------------------------------------------- +Thu Jun 27 14:56:37 UTC 2013 - vcizek@suse.com + +- change the source url to the official 2.1.10 release tarball + +------------------------------------------------------------------- +Thu Apr 4 19:29:33 UTC 2013 - vcizek@suse.com + +- fixed source url +- removed old tarball + +------------------------------------------------------------------- +Fri Mar 29 15:21:29 UTC 2013 - vcizek@suse.com + +- update to 2.1.10 + * Add sefcontext_compile to compile regex everytime policy is rebuilt + * Cleanup/fix enable/disable/remove module. + * redo genhomedircon minuid + * fixes from coverity + * semanage_store: do not leak memory in semanage_exec_prog + * genhomedircon: remove useless conditional in get_home_dirs + * genhomedircon: double free in get_home_dirs + * fcontext_record: do not leak on error in semanage_fcontext_key_create + * genhomedircon: do not leak on failure in write_gen_home_dir_context + * semanage_store: do not leak fd + * genhomedircon: do not leak shells list + * semanage_store: do not leak on strdup failure + * semanage_store: rewrite for readability + +------------------------------------------------------------------- +Wed Jan 30 12:00:30 UTC 2013 - vcizek@suse.com + +- update to 2.1.9 + * dropped libsemanage-2.1.6-NULL_level_fix.patch (fixed upstream) + * libsemanage: do not set soname needlessly + * libsemanage: remove PYTHONLIBDIR and ruby equivalent + * do boolean name substitution + * Fix segfault for building standard policies. + * remove build warning when build swig c files + * additional makefile support for rubywrap + * ignore 80 column limit for readability + * semanage_store: fix snprintf length argument by using asprintf + * Use default semanage.conf as a fallback + * use after free in python bindings + * Alternate path for semanage.conf + * do not link against libpython, this is considered bad in Debian + * Allow to build for several ruby version + * fallback-user-level + +------------------------------------------------------------------- +Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de + +- Remove obsolete defines/sections + +------------------------------------------------------------------- +Wed Oct 24 16:36:25 UTC 2012 - vcizek@suse.com + +- when building "standard" (not MCS/MLS) selinux-policies, + libsemanage will crash, because "level" is NULL + (libsemanage-2.1.6-NULL_level_fix.patch) + +------------------------------------------------------------------- +Mon Aug 27 13:49:45 UTC 2012 - cfarrell@suse.com + +- license update: LGPL-2.1+ + Could not find any LGPL-2.1 "only" licensed files in the pacakge + +------------------------------------------------------------------- +Wed Aug 1 07:54:33 UTC 2012 - meissner@suse.com + +- Updated to 2.1.6 + * changes too numerous to list + +------------------------------------------------------------------- +Wed Oct 5 15:10:27 UTC 2011 - uli@suse.com + +- cross-build fix: use %__cc macro + +------------------------------------------------------------------- +Thu Sep 22 13:14:39 CEST 2011 - dmueller@suse.de + +- buildrequire libbz2-devel + +------------------------------------------------------------------- +Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org + +- split off python bindings to separate package to reduce build + dependencies for rpm [bnc#695436] + +------------------------------------------------------------------- +Wed May 18 13:38:44 UTC 2011 - coolo@novell.com + +- add baselibs.conf for rpm-32bit to use + +------------------------------------------------------------------- +Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com + +- disable parallel build, it breaks too often + +------------------------------------------------------------------- +Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz + +- updated to 2.0.43 + * changes too numerous to list + +------------------------------------------------------------------- +Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz + +- fix assignment of wrong context [bnc#466793] + +------------------------------------------------------------------- +Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz + +- updated to 2.0.31 + * policy module compression (bzip) support from Dan Walsh + * hard link files between tmp/active/previous from Dan Walsh + * add semanage_mls_enabled() interface from Stephen Smalley + +------------------------------------------------------------------- +Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz + +- updated to 2.0.29 + * add USER to lines to homedir_template context file + * add compression support + * allow fcontext and seuser changes without rebuilding the policy + * don't rebuild on fcontext or seuser modifications + * modify genhomedircon to skip %groupname entries + +------------------------------------------------------------------- +Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de + +- fix debug_packages_requires define + +------------------------------------------------------------------- +Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz + +- require only version, not release [bnc#429053] + +------------------------------------------------------------------- +Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz + +- updated to 2.0.27 + * Modify genhomedircon to skip %groupname entries. + Ultimately we need to expand them to the list of users to support + per-role homedir labeling when using the %groupname syntax. +- updated to 2.0.26 + * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. + Strip any trailing slash before appending /*$. + +------------------------------------------------------------------- +Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de + +- fix requires for debuginfo package + +------------------------------------------------------------------- +Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz + +- initial version 2.0.25 + * based on Fedora package by Dan Walsh + diff --git a/libsemanage.keyring b/libsemanage.keyring new file mode 100644 index 0000000..0da0602 --- /dev/null +++ b/libsemanage.keyring @@ -0,0 +1,110 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f +QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq +8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk +e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m +zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk +uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V +CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k +Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK +3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC +4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ +xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB +tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB +FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG +FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7 +CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G +CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx +tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ +79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9 +eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf +YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc +g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ +6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP +3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6 +9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf +6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7 +DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu +Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI +zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x +2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML +rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw +xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e +Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm +YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ +MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ +YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC +w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec +8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj +EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5 +4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90 +XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU +5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3 ++4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4 +G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv +LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z +b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k +dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb +ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2 +6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo +hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2 +QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV +9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg +ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC +APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5 +APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO +Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6 +is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1 +/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS +f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m +khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7 +8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5 +XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+ +ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV +TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY +BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE +LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup +PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT +raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq +DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I +V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+ +ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD +VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF +CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb +96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu +O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec +qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5 +/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw +w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50 +THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY +nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k +uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57 +c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D +vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378 +d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0 +P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X +QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64 +G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3 +QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ +MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO +17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC +JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ +lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT +xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd +7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp +ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ +A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB +56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh +z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY +eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3 +q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh +C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy +BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F +G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY +zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x +pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr +6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi +TakEPw== +=odM9 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libsemanage.spec b/libsemanage.spec new file mode 100644 index 0000000..74ac65f --- /dev/null +++ b/libsemanage.spec @@ -0,0 +1,161 @@ +# +# spec file for package libsemanage +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define soversion 2 +%define libname libsemanage%{soversion} + +Name: libsemanage +Version: 3.7 +Release: 0 +Summary: SELinux policy management library +License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ +URL: https://github.com/SELinuxProject/selinux/wiki/Releases +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc +Source2: libsemanage.keyring +Source3: baselibs.conf +Source4: semanage.conf +# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards +# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux +#Patch0: libsemanage-update-map-file.patch +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: fdupes +BuildRequires: flex +BuildRequires: libbz2-devel +BuildRequires: libselinux-devel +BuildRequires: libsepol-devel +BuildRequires: pkgconfig +BuildRequires: python-rpm-macros + +%description +libsemanage is the policy management library. Using libsepol and +libselinux to interact with the SELinux system, it also calls helper +programs for loading policy and for checking whether the +file_contexts configuration is valid. + +%package -n %{libname} +Summary: SELinux policy management library +Group: System/Libraries +Suggests: %{name}-migrate-store +Requires: %{name}-conf >= %{version} + +%description -n %{libname} +libsemanage is the policy management library. Using libsepol and +libselinux to interact with the SELinux system, it also calls helper +programs for loading policy and for checking whether the +file_contexts configuration is valid. + +(Security-enhanced Linux is a feature of the kernel and some +utilities that implement mandatory access control policies, such as +Type Enforcement, Role-based Access Control and Multi-Level +Security.) + +%package conf +Summary: Configuration for the SELinux policy management library +# before 3.1 the config file wasn't separated, so no parallel install is possible +Group: System/Libraries +Conflicts: %{name}1 <= 3.1 + +%description conf +Configuration file for libsemanage. Moved to a separate package to allow +parallel installation + +%package devel +Summary: Header files and libraries for SELinux's policy management libary +Group: Development/Libraries/C and C++ +Requires: %{libname} = %{version} + +%description devel +The libsemanage-devel package contains the libraries and header files +needed for developing applications that manipulate SELinux policies. + +%package devel-static +Summary: Static archives for SELinux's policy management library +Group: Development/Libraries/C and C++ +Requires: libsemanage-devel + +%description devel-static +The libsemanage-devel-static package contains the static libraries +needed for developing applications that manipulate binary policies. + +%package migrate-store +Summary: SELinux Policy Store Migration +Group: Productivity/Security + +%description migrate-store +In version 2.4 of libsemanage, libsepol, and policycoreutils, the policy +module store was moved from /etc/selinux//modules/ to +/var/lib/selinux//. Once the libraries are upgraded, all policy +stores must be migrated before any commands that modify or use the store +(e.g. semodule, semanage) can be executed. + +%prep +%setup -q +# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files +grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" + +%build +%make_build clean +%make_build CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" CC="gcc" +%make_build CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all + +%install +mkdir -p %{buildroot}/%{_lib} +mkdir -p %{buildroot}%{_libdir} +mkdir -p %{buildroot}%{_includedir} +mkdir -p %{buildroot}%{_localstatedir}/lib/selinux +%make_install LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_libdir}" +ln -sf %{_libdir}/libsemanage.so.%{soversion} %{buildroot}/%{_libdir}/libsemanage.so +cp %{SOURCE4} %{buildroot}%{_sysconfdir}/selinux/semanage.conf + +# Fix shebang in scripts +for f in %{buildroot}%{_libexecdir}/selinux/* +do + [ -f $f ] && sed -i "1s@#!.*python.*@#!$(realpath %__python3)@" $f +done +# Remove duplicate files +%fdupes -s %{buildroot}%{_mandir} + +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig + +%files -n %{libname} +%{_libdir}/libsemanage.so.* +%dir %{_localstatedir}/lib/selinux + +%files conf +%dir %{_sysconfdir}/selinux +%config(noreplace) %{_sysconfdir}/selinux/semanage.conf + +%files devel +%{_libdir}/libsemanage.so +%{_libdir}/pkgconfig/libsemanage.pc +%{_includedir}/semanage/ +%{_mandir}/man3/* +%{_mandir}/man5/* + +%files migrate-store +%dir %{_libexecdir}/selinux +%{_libexecdir}/selinux/ + +%files devel-static +%{_libdir}/libsemanage.a + +%changelog diff --git a/python-semanage.changes b/python-semanage.changes new file mode 100644 index 0000000..1da7e6d --- /dev/null +++ b/python-semanage.changes @@ -0,0 +1,396 @@ +------------------------------------------------------------------- +Mon Jul 1 07:57:45 UTC 2024 - Cathy Hu + +- Update to version 3.7 + https://github.com/SELinuxProject/selinux/releases/tag/3.7 + * Bugfixes: + * libsemanage: support huge passwd entries + +------------------------------------------------------------------- +Tue May 28 10:40:17 UTC 2024 - Cathy Hu + +- Build python-semanage for python311 in 15.4 and 15.5 instead of + python3.6 to fix build dependencies + +------------------------------------------------------------------- +Tue Dec 19 11:13:19 UTC 2023 - Cathy Hu + +- Update to version 3.6 + https://github.com/SELinuxProject/selinux/releases/tag/3.6 + * Add notself support for neverallow rules + * Improve man pages + * man pages: Remove the Russian translations + * Add notself and other support to CIL + * Add support for deny rules + * Translations updated from + https://translate.fedoraproject.org/projects/selinux/ + * Bug fixes +- Remove keys from keyring since they expired: + - E853C1848B0185CF42864DF363A8AD4B982C4373 + Petr Lautrbach + - 63191CE94183098689CAB8DB7EF137EC935B0EAF + Jason Zaman +- Add key to keyring: + - B8682847764DF60DF52D992CBC3905F235179CF1 + Petr Lautrbach + +------------------------------------------------------------------- +Thu May 4 14:20:40 UTC 2023 - Frederic Crozat + +- Add _multibuild to define additional spec files as additional + flavors. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz + +- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because + of LTO + +------------------------------------------------------------------- +Thu Mar 23 13:06:51 UTC 2023 - Martin Liška + +- Enable LTO now (boo#1138812). + +------------------------------------------------------------------- +Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz + +- Update to version 3.5 + * Allow user to set SYSCONFDIR + * always write kernel policy when check_ext_changes is specified +- Added additional developer key (Jason Zaman) + +------------------------------------------------------------------- +Mon May 9 10:37:17 UTC 2022 - Johannes Segitz + +- Update to version 3.4 + * Optionally rebuild policy when modules are changed externally + * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() + * Allow spaces in user/group names + +------------------------------------------------------------------- +Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz + +- Drop Buildrequires for libustr-devel, not needed anymore + +------------------------------------------------------------------- +Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * Fixed use-after-free in parse_module_store() + * Fixed use_after_free in semanage_direct_write_langext() + +------------------------------------------------------------------- +Mon Aug 16 13:13:41 UTC 2021 - Fabian Vogt + +- Call "make -j8 pywrap" instead of "make -j8 all pywrap" to fix random + build failures. The toplevel Makefile does not support concurrency, + and it resulted in parallel "make all" and "make pywrap" which weren't + aware of each other and stepped over the other's artifacts. + +------------------------------------------------------------------- +Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz + +- Minor spec file cleanups + +------------------------------------------------------------------- +Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz + +- Update to version 3.2 + * dropped old and deprecated symbols and functions + libsemanage version was bumped to libsemanage.so.2 + * libsemanage tries to sync data to prevent empty files in SELinux module + store + +------------------------------------------------------------------- +Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * Improved manpage + * fsync final files before rename + +------------------------------------------------------------------- +Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz + +- Disabled LTO again. This breaks e.g. shadow and also other packages + in security:SELinux + +------------------------------------------------------------------- +Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez + +- Fix build with LTO: [bsc#1133102] + * Enable LTO (Link Time Optimization) + * Update map file to include new symbols and remove wildcards +- Add libsemanage-update-map-file.patch + +------------------------------------------------------------------- +Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger + +- Drop suse_path.patch: replace it with a grep/sed logic replacing + /usr/libexec in all files with the correct value for all distros + (taking into account that openSUSE is in progress of migrating + from /usr/lib to /usr/libexec). + +------------------------------------------------------------------- +Fri May 29 12:51:17 UTC 2020 - Johannes Segitz + +- Apply suse_path.patch only for older distributions. Newer + use libexec + +------------------------------------------------------------------- +Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * Add support for DCCP and SCTP protocols + * include internal header to use the hidden function prototypes + * mark all exported function "extern" + * optionally optimize policy on rebuild + Refreshed suse_path.patch + +------------------------------------------------------------------- +Fri May 3 12:22:25 UTC 2019 - Martin Liška + +- Disable LTO (boo#1133280). + +------------------------------------------------------------------- +Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com + +- Update to version 2.9 + * Always set errno to 0 before calling getpwent() + * Include user name in ROLE_REMOVE audit events + * genhomedircon - improve handling large groups + * improve semanage_migrate_store import failure + * reset umask before creating directories + * set selinux policy root around calls to selinux_boolean_sub + * use previous seuser when getting the previous name + +------------------------------------------------------------------- +Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt + +- Use more %make_install. + +------------------------------------------------------------------- +Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com + +- Adjusted source urls (bsc#1115052) + +------------------------------------------------------------------- +Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com + +- update to version 2.8 + * semanage fcontext -l now also lists home directory entries from + file_contexts.homedirs. + * libsemanage no longer deletes the tmp directory if there is an error + while committing the policy transaction, so that any temporary files + can be further inspected for debugging purposes (e.g. to examine a + particular line of the generated CIL module). The tmp directory will + be deleted upon the next transaction, so no manual removal is needed. + * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc., + DESTDIR has to be removed from the definition. For example on Arch + Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin". + * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed). + +- Clened with spec-cleaner + +------------------------------------------------------------------- +Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com + +- Update to version 2.7. Changes: + * IB support + * saves linked policy and skips relinking whenever possible + +------------------------------------------------------------------- +Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com + +- Update to version 2.6. Notable changes: + * genhomedircon: do not suppress logging from libsepol + * genhomedircon: use userprefix as the role for homedir + * Fix bug preventing the installation of base modules + * Use pp module name instead of filename when installing module + * genhomedircon: remove hardcoded refpolicy strings + * genhomedircon: add support for %group syntax + * genhomedircon: generate contexts for logins mapped to the default user + * Validate and compile file contexts before installing + * Swap tcp and udp protocol numbers + * genhomedircon: %{USERID} and %{USERNAME} support and code cleanups + +------------------------------------------------------------------- +Wed Sep 27 15:51:27 UTC 2017 - jmatejek@suse.com + +- build both python2 and python3 version of the semanage binding + with the singlespec machinery + +------------------------------------------------------------------- +Sun Jul 17 15:21:03 UTC 2016 - jengelh@inai.de + +- Summary/description update + +------------------------------------------------------------------- +Fri Jul 8 15:35:05 UTC 2016 - i@marguerite.su + +- update version 2.5 + * Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss. + * Fix uninitialized variable in direct_commit and direct_api + * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so + * Store homedir_template and users_extra in policy store + * Fix null pointer dereference in semanage_module_key_destroy + * Add semanage_module_extract() to extract a module as CIL or HLL + * semanage_migrate_store: add -r option for migrating inside chroots + * Add file_contexts and seusers to the store + * Add policy binary and file_contexts.local to the store + * Allow to install compressed modules without a compression extension + * Do not copy contexts in semanage_migrate_store + * Fix logic in bunzip for uncompressed pp files + * Fix fname[] initialization in test_utilities.c + * Add remove-hll semanage.conf option to remove HLL files after + compilation to CIL + * Fix memory leaks when parsing semanage.conf + * Change bunzip to use heap instead of stack to prevent segfault on + systems with small stack size +- changes in 2.4 + * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different + directories + * Fix bugs found by hardened gcc flags + * Add missing manpage links to security_load_policy + * Fix failing libsemanage pywrap tests + * Fix deprecation warning for bison + * Skip policy module relink when only setting booleans + * Only try to compile file contexts if they exist + * Fix memory leak when setting a custom store path + * Add semodule option to set store root path in semanage.conf and the + semodule command + * Add semanage.conf option to set an alternative root path for policy + store + * Add support for High Level Language (HLL) to CIL compilers. The HLL + compiler path is configurable, but should be placed in + /usr/libexec/selinux/hll by default + * Create a policy migration script for migrating the policy store from + /etc/selinux to /var/lib/selinux + * Add python3 support to the migration script + * Use libcil to compile modules + * Use symbolic versioning to maintain ABI compatibility for old install + functions + * Add a target-platform option to semanage.conf to control how policies + are built + * Add API to handle modules and source policies, moving module store to + /var/lib/selinux + * Only try to compile file contexts if they exist +- changes in 2.3 + * Fix memory leak in semanage_genhomedircon + +------------------------------------------------------------------- +Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com + +- Update to version 2.2 + * Avoid duplicate list entries + * Add audit support to libsemanage + * Remove policy.kern and replace with symlink + * Apply a MAX_UID check for genhomedircon + * Fix man pages +- Add audit-devel BuildRequires; new dependency +- Add fdupes BuildRequires and use it to symlink duplicate manpages + +------------------------------------------------------------------- +Thu Jun 27 14:57:01 UTC 2013 - vcizek@suse.com + +- change the source url to the official 2.1.10 release tarball + +------------------------------------------------------------------- +Wed Jan 30 12:01:03 UTC 2013 - vcizek@suse.com + +- update to 2.1.9 + +------------------------------------------------------------------- +Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de + +- Remove obsolete defines/sections + +------------------------------------------------------------------- +Tue Oct 23 05:05:03 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel + +------------------------------------------------------------------- +Wed Aug 1 07:54:48 UTC 2012 - meissner@suse.com + +- updated to 2.1.6 + * changes too numerous to list + +------------------------------------------------------------------- +Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org + +- split off python bindings to separate package to reduce build + dependencies for rpm [bnc#695436] + +------------------------------------------------------------------- +Wed May 18 13:38:44 UTC 2011 - coolo@novell.com + +- add baselibs.conf for rpm-32bit to use + +------------------------------------------------------------------- +Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com + +- disable parallel build, it breaks too often + +------------------------------------------------------------------- +Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz + +- updated to 2.0.43 + * changes too numerous to list + +------------------------------------------------------------------- +Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz + +- fix assignment of wrong context [bnc#466793] + +------------------------------------------------------------------- +Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz + +- updated to 2.0.31 + * policy module compression (bzip) support from Dan Walsh + * hard link files between tmp/active/previous from Dan Walsh + * add semanage_mls_enabled() interface from Stephen Smalley + +------------------------------------------------------------------- +Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz + +- updated to 2.0.29 + * add USER to lines to homedir_template context file + * add compression support + * allow fcontext and seuser changes without rebuilding the policy + * don't rebuild on fcontext or seuser modifications + * modify genhomedircon to skip %groupname entries + +------------------------------------------------------------------- +Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de + +- fix debug_packages_requires define + +------------------------------------------------------------------- +Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz + +- require only version, not release [bnc#429053] + +------------------------------------------------------------------- +Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz + +- updated to 2.0.27 + * Modify genhomedircon to skip %groupname entries. + Ultimately we need to expand them to the list of users to support + per-role homedir labeling when using the %groupname syntax. +- updated to 2.0.26 + * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. + Strip any trailing slash before appending /*$. + +------------------------------------------------------------------- +Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de + +- fix requires for debuginfo package + +------------------------------------------------------------------- +Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz + +- initial version 2.0.25 + * based on Fedora package by Dan Walsh + + diff --git a/python-semanage.spec b/python-semanage.spec new file mode 100644 index 0000000..26c3515 --- /dev/null +++ b/python-semanage.spec @@ -0,0 +1,100 @@ +# +# spec file for package python-semanage +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?sle15_python_module_pythons} +%define soversion 2 +%define libname libsemanage%{soversion} + +%define libsepol_ver 3.7 +%define libselinux_ver 3.7 + +%{?!python_module:%define python_module() python-%{**} python3-%{**}} +Name: python-semanage +Version: 3.7 +Release: 0 +Summary: Python bindings for SELinux's policy management library +License: LGPL-2.1-only +Group: Development/Languages/Python +URL: https://github.com/SELinuxProject/selinux +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz.asc +Source2: libsemanage.keyring +Source3: baselibs.conf +# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards +# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux +# Patch0: libsemanage-update-map-file.patch +BuildRequires: %{python_module devel} +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: flex +BuildRequires: libbz2-devel +BuildRequires: libselinux-devel >= %{libselinux_ver} +BuildRequires: libsepol-devel >= %{libsepol_ver} +BuildRequires: python-rpm-macros +BuildRequires: swig +# Ensure same version +Requires: %{libname} = %{version} +%python_subpackages + +%description +This package contains the Python bindings for developing +SELinux policy management applications. + +%prep +%setup -q -n libsemanage-%{version} +# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files +grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" + +%build +%make_build clean +%{python_expand # loop over possible pythons +%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" swigify +%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" \ + LIBDIR="%{_libdir}" \ + LIBEXECDIR="%{_libexecdir}" \ + SHLIBDIR="%{_lib}" \ + pywrap +} + +%install +mkdir -p %{buildroot}/%{_lib} +mkdir -p %{buildroot}%{_libdir} +mkdir -p %{buildroot}%{_includedir} +%{python_expand # loop over possible pythons +%make_install install-pywrap PYTHON="$python" \ + LIBDIR="%{_libdir}" \ + LIBEXECDIR="%{_libexecdir}" \ + SHLIBDIR="%{_libdir}" +} + +# remove files contained in other packages +rm -rf %{buildroot}%{_sysconfdir} +%if "%{_lib}" == "lib64" +rm -rf %{buildroot}%{_libexecdir} +%else +rm -rf %{buildroot}%{_libexecdir}/selinux +%endif +rm -rf %{buildroot}%{_includedir} +rm -f %{buildroot}%{_libdir}/libsemanage.* +rm -rf %{buildroot}%{_libdir}/pkgconfig +rm -rf %{buildroot}%{_mandir} + +%files %{python_files} +%{python_sitearch}/* + +%changelog diff --git a/semanage.conf b/semanage.conf new file mode 100644 index 0000000..5bae089 --- /dev/null +++ b/semanage.conf @@ -0,0 +1,51 @@ +# Authors: Jason Tang +# +# Copyright (C) 2004-2005 Tresys Technology, LLC +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +# +# Specify how libsemanage will interact with a SELinux policy manager. +# The four options are: +# +# "source" - libsemanage manipulates a source SELinux policy +# "direct" - libsemanage will write directly to a module store. +# /foo/bar - Write by way of a policy management server, whose +# named socket is at /foo/bar. The path must begin +# with a '/'. +# foo.com:4242 - Establish a TCP connection to a remote policy +# management server at foo.com. If there is a colon +# then the remainder is interpreted as a port number; +# otherwise default to port 4242. +module-store = direct + +# When generating the final linked and expanded policy, by default +# semanage will set the policy version to POLICYDB_VERSION_MAX, as +# given in . Change this setting if a different +# version is necessary. +#policy-version = 19 + +# expand-check check neverallow rules when executing all semanage commands. +# Large penalty in time if you turn this on. +expand-check=0 + +# usepasswd check tells semanage to scan all pass word records for home directories +# and setup the labeling correctly. If this is turned off, SELinux will label /home +# correctly only. You will need to use semanage fcontext command. +# For example, if you had home dirs in /althome directory you would have to execute +# semanage fcontext -a -e /home /althome +usepasswd=False +bzip-small=true +bzip-blocksize=5 +ignoredirs=/root