Accepting request 408537 from security:SELinux

1

OBS-URL: https://build.opensuse.org/request/show/408537
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsemanage?expand=0&rev=38

libsemanage-2.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:03e09e35e611c286e446bef92b6023ef2623815996f5a53394bb02e49a312e4b
-size 138231

libsemanage-2.5.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:46e2f36254369b6e91d1eea0460c262b139361b055a3a67d3ceea2d8ef72e006
+size 152884

libsemanage.changes

@@ -1,3 +1,65 @@
+-------------------------------------------------------------------
+Thu Jul 14 14:20:12 UTC 2016 - jsegitz@novell.com
+
+- Without bug number no submit to SLE 12 SP2 is possible, so to make
+  sle-changelog-checker happy: bsc#988977
+
+-------------------------------------------------------------------
+Wed Jul 13 09:43:28 UTC 2016 - jsegitz@novell.com
+
+- Added suse_path.patch to fix path to hll compiler
+
+-------------------------------------------------------------------
+Fri Jul  8 15:24:49 UTC 2016 - i@marguerite.su
+
+- update version 2.5
+  * Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss.
+  * Fix uninitialized variable in direct_commit and direct_api
+  * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so
+  * Store homedir_template and users_extra in policy store
+  * Fix null pointer dereference in semanage_module_key_destroy
+  * Add semanage_module_extract() to extract a module as CIL or HLL
+  * semanage_migrate_store: add -r <root> option for migrating inside chroots
+  * Add file_contexts and seusers to the store
+  * Add policy binary and file_contexts.local to the store
+  * Allow to install compressed modules without a compression extension
+  * Do not copy contexts in semanage_migrate_store
+  * Fix logic in bunzip for uncompressed pp files
+  * Fix fname[] initialization in test_utilities.c
+  * Add remove-hll semanage.conf option to remove HLL files after
+	compilation to CIL
+  * Fix memory leaks when parsing semanage.conf
+  * Change bunzip to use heap instead of stack to prevent segfault on
+	systems with small stack size
+- changes in 2.4
+  * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different
+	directories
+  * Fix bugs found by hardened gcc flags
+  * Add missing manpage links to security_load_policy
+  * Fix failing libsemanage pywrap tests
+  * Fix deprecation warning for bison
+  * Skip policy module relink when only setting booleans
+  * Only try to compile file contexts if they exist
+  * Fix memory leak when setting a custom store path
+  * Add semodule option to set store root path in semanage.conf and the
+	semodule command
+  * Add semanage.conf option to set an alternative root path for policy
+	store
+  * Add support for High Level Language (HLL) to CIL compilers. The HLL
+	compiler path is configurable, but should be placed in 
+	/usr/libexec/selinux/hll by default
+  * Create a policy migration script for migrating the policy store from
+	/etc/selinux to /var/lib/selinux
+  * Add python3 support to the migration script
+  * Use libcil to compile modules
+  * Use symbolic versioning to maintain ABI compatibility for old install
+	functions
+  * Add a target-platform option to semanage.conf to control how policies
+	are built
+  * Add API to handle modules and source policies, moving module store to
+	/var/lib/selinux
+  * Only try to compile file contexts if they exist
+
 -------------------------------------------------------------------
 Sun May 18 00:10:55 UTC 2014 - crrodriguez@opensuse.org
 

libsemanage.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libsemanage
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,6 +16,17 @@
 #
 
 
+Name:           libsemanage
+Version:        2.5
+Release:        0
+Summary:        SELinux binary policy manipulation library
+License:        LGPL-2.1+
+Group:          System/Libraries
+Url:            https://github.com/SELinuxProject/selinux/wiki/Releases
+Source:         https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/%{name}-%{version}.tar.gz
+Source1:        baselibs.conf
+Source2:        semanage.conf
+Patch0:         suse_path.patch
 BuildRequires:  audit-devel
 BuildRequires:  bison
 BuildRequires:  fdupes
@@ -24,17 +35,6 @@ BuildRequires:  libbz2-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  libsepol-devel
 BuildRequires:  libustr-devel
-
-Name:           libsemanage
-Version:        2.3
-Release:        0
-Summary:        SELinux binary policy manipulation library
-License:        LGPL-2.1+
-Group:          System/Libraries
-Url:            http://userspace.selinuxproject.org/
-Source:         http://userspace.selinuxproject.org/releases/20140506/%{name}-%{version}.tar.gz
-Source1:        baselibs.conf
-Source2:        semanage.conf
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -77,6 +77,7 @@ boolean settings.
 %package devel
 Summary:        Header files and libraries used to build policy manipulation tools
 Group:          Development/Libraries
+# FIXME: use correct group, see "https://en.opensuse.org/openSUSE:Package_group_guidelines"
 Requires:       libsemanage1 = %{version}
 Requires:       libustr-devel
 
@@ -95,36 +96,38 @@ needed for developing applications that manipulate binary policies.
 
 %prep
 %setup -q
+%patch0 -p0
 
 %build
-make clean
+make %{?_smp_mflags} clean
-make -j1 CFLAGS="%{optflags}" CC="%{__cc}"
+make -j1 CFLAGS="%{optflags}" CC="gcc"
-make -j1 CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" CC="%{__cc}" all
+make -j1 CFLAGS="%{optflags}" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all
 
 %install
 mkdir -p %{buildroot}/%{_lib}
 mkdir -p %{buildroot}%{_libdir}
 mkdir -p %{buildroot}%{_includedir}
-make DESTDIR=%{buildroot} LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" install
+make DESTDIR=%{buildroot} LIBDIR="%{buildroot}%{_libdir}" LIBEXECDIR="%{buildroot}%{_libexecdir}" SHLIBDIR="%{buildroot}/%{_lib}" install
-ln -sf  /%{_lib}/libsemanage.so.1 %{buildroot}/%{_libdir}/libsemanage.so
+ln -sf  %{_libdir}/libsemanage.so.1 %{buildroot}/%{_libdir}/libsemanage.so
 cp %{SOURCE2} %{buildroot}%{_sysconfdir}/selinux/semanage.conf
 # Remove duplicate files
 %fdupes -s %{buildroot}%{_mandir}
 
 %post -n libsemanage1 -p /sbin/ldconfig
-
 %postun -n libsemanage1 -p /sbin/ldconfig
 
 %files -n libsemanage1
 %defattr(-,root,root)
 %dir %{_sysconfdir}/selinux
 %config(noreplace) %{_sysconfdir}/selinux/semanage.conf
-/%{_lib}/libsemanage.so.*
+%{_libdir}/libsemanage.so.*
 
 %files devel
 %defattr(-,root,root)
 %{_libdir}/libsemanage.so
 %{_libdir}/pkgconfig/libsemanage.pc
+%dir %{_libexecdir}/selinux
+%{_libexecdir}/selinux/semanage_migrate_store
 %dir %{_includedir}/semanage
 %{_includedir}/semanage/*.h
 %{_mandir}/man3/*

python-semanage.changes

@@ -1,3 +1,56 @@
+-------------------------------------------------------------------
+Fri Jul  8 15:35:05 UTC 2016 - i@marguerite.su
+
+- update version 2.5
+  * Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss.
+  * Fix uninitialized variable in direct_commit and direct_api
+  * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so
+  * Store homedir_template and users_extra in policy store
+  * Fix null pointer dereference in semanage_module_key_destroy
+  * Add semanage_module_extract() to extract a module as CIL or HLL
+  * semanage_migrate_store: add -r <root> option for migrating inside chroots
+  * Add file_contexts and seusers to the store
+  * Add policy binary and file_contexts.local to the store
+  * Allow to install compressed modules without a compression extension
+  * Do not copy contexts in semanage_migrate_store
+  * Fix logic in bunzip for uncompressed pp files
+  * Fix fname[] initialization in test_utilities.c
+  * Add remove-hll semanage.conf option to remove HLL files after
+	compilation to CIL
+  * Fix memory leaks when parsing semanage.conf
+  * Change bunzip to use heap instead of stack to prevent segfault on
+	systems with small stack size
+- changes in 2.4
+  * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different
+	directories
+  * Fix bugs found by hardened gcc flags
+  * Add missing manpage links to security_load_policy
+  * Fix failing libsemanage pywrap tests
+  * Fix deprecation warning for bison
+  * Skip policy module relink when only setting booleans
+  * Only try to compile file contexts if they exist
+  * Fix memory leak when setting a custom store path
+  * Add semodule option to set store root path in semanage.conf and the
+	semodule command
+  * Add semanage.conf option to set an alternative root path for policy
+	store
+  * Add support for High Level Language (HLL) to CIL compilers. The HLL
+	compiler path is configurable, but should be placed in 
+	/usr/libexec/selinux/hll by default
+  * Create a policy migration script for migrating the policy store from
+	/etc/selinux to /var/lib/selinux
+  * Add python3 support to the migration script
+  * Use libcil to compile modules
+  * Use symbolic versioning to maintain ABI compatibility for old install
+	functions
+  * Add a target-platform option to semanage.conf to control how policies
+	are built
+  * Add API to handle modules and source policies, moving module store to
+	/var/lib/selinux
+  * Only try to compile file contexts if they exist
+- changes in 2.3
+  * Fix memory leak in semanage_genhomedircon
+
 -------------------------------------------------------------------
 Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com
 

python-semanage.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-semanage
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,6 +16,16 @@
 #
 
 
+Name:           python-semanage
+Version:        2.5
+Release:        0
+Summary:        Python bindings for libsemanage
+License:        LGPL-2.1
+Group:          Development/Languages/Python
+Url:            https://github.com/SELinuxProject/selinux
+Source:         https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libsemanage-%{version}.tar.gz
+Source1:        baselibs.conf
+Patch0:         suse_path.patch
 BuildRequires:  audit-devel
 BuildRequires:  bison
 BuildRequires:  flex
@@ -25,18 +35,8 @@ BuildRequires:  libsepol-devel
 BuildRequires:  libustr-devel
 BuildRequires:  python-devel
 BuildRequires:  swig
-
-Name:           python-semanage
-Version:        2.3
-Release:        0
-Summary:        Python bindings for libsemanage
-License:        LGPL-2.1
-Group:          Development/Languages/Python
-Url:            http://www.nsa.gov/selinux/
-Source:         http://userspace.selinuxproject.org/releases/20140506/libsemanage-%{version}.tar.gz
-Source1:        baselibs.conf
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       libsemanage1 = %{version}
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
 This package contains the python bindings for developing
@@ -44,21 +44,26 @@ SELinux management applications.
 
 %prep
 %setup -q -n libsemanage-%{version}
+%patch0 -p0
 
 %build
-make clean
+make %{?_smp_mflags} clean
 make -j1 CFLAGS="%{optflags}" swigify
-make -j1 CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all pywrap
+make -j1 CFLAGS="%{optflags}" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" all pywrap
 
 %install
 mkdir -p %{buildroot}/%{_lib}
 mkdir -p %{buildroot}%{_libdir}
 mkdir -p %{buildroot}%{_includedir}
-make DESTDIR=%{buildroot} LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" install install-pywrap
+make DESTDIR=%{buildroot} LIBDIR="%{buildroot}%{_libdir}" LIBEXECDIR="%{buildroot}%{_libexecdir}" SHLIBDIR="%{buildroot}/%{_lib}" install install-pywrap
 
 # remove files contained in other packages
 rm -rf %{buildroot}%{_sysconfdir}
-rm -rf %{buildroot}/%{_lib}
+%if "%{_lib}" == "lib64"
+rm -rf %{buildroot}%{_libexecdir}
+%else
+rm -rf %{buildroot}%{_libexecdir}/selinux
+%endif
 rm -rf %{buildroot}%{_includedir}
 rm  -f %{buildroot}%{_libdir}/libsemanage.*
 rm -rf %{buildroot}%{_libdir}/pkgconfig

suse_path.patch

@@ -0,0 +1,26 @@
+Index: man/man5/semanage.conf.5
+===================================================================
+--- man/man5/semanage.conf.5.orig	2016-02-23 17:31:41.000000000 +0100
++++ man/man5/semanage.conf.5	2016-07-13 11:42:45.687894644 +0200
+@@ -37,7 +37,7 @@ Specify an alternative store_root path t
+ 
+ .TP
+ .B compiler-directory
+-Specify an alternative directory that contains HLL to CIL compilers. The default value is "/usr/libexec/selinux/hll".
++Specify an alternative directory that contains HLL to CIL compilers. The default value is "/usr/lib/selinux/hll".
+ 
+ .TP
+ .B ignore-module-cache
+Index: src/conf-parse.y
+===================================================================
+--- src/conf-parse.y.orig	2016-02-23 17:31:41.000000000 +0100
++++ src/conf-parse.y	2016-07-13 11:42:45.687894644 +0200
+@@ -341,7 +341,7 @@ static int semanage_conf_init(semanage_c
+ 	conf->store_path = strdup(basename(selinux_policy_root()));
+ 	conf->ignoredirs = NULL;
+ 	conf->store_root_path = strdup("/var/lib/selinux");
+-	conf->compiler_directory_path = strdup("/usr/libexec/selinux/hll");
++	conf->compiler_directory_path = strdup("/usr/lib/selinux/hll");
+ 	conf->policyvers = sepol_policy_kern_vers_max();
+ 	conf->target_platform = SEPOL_TARGET_SELINUX;
+ 	conf->expand_check = 1;