From f24c69a132b58de35bfad05d51d6725505ab2917defca5fed81a5aa676f13784 Mon Sep 17 00:00:00 2001 From: Hu Date: Tue, 15 Oct 2024 11:58:27 +0000 Subject: [PATCH 1/9] - Add 1231587-build-libsemanage-with-swig-4.3.0.patch to fix build failure with swig 4.3.0 (bsc#1231587) OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=116 --- .gitattributes | 23 + .gitignore | 1 + ...87-build-libsemanage-with-swig-4.3.0.patch | 257 +++++++++ _multibuild | 4 + baselibs.conf | 1 + libsemanage-3.6.tar.gz | 3 + libsemanage-3.6.tar.gz.asc | 16 + libsemanage-3.7.tar.gz | 3 + libsemanage-3.7.tar.gz.asc | 16 + libsemanage.changes | 493 ++++++++++++++++++ libsemanage.keyring | 110 ++++ libsemanage.spec | 161 ++++++ python-semanage.changes | 402 ++++++++++++++ python-semanage.spec | 103 ++++ semanage.conf | 51 ++ 15 files changed, 1644 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 1231587-build-libsemanage-with-swig-4.3.0.patch create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 libsemanage-3.6.tar.gz create mode 100644 libsemanage-3.6.tar.gz.asc create mode 100644 libsemanage-3.7.tar.gz create mode 100644 libsemanage-3.7.tar.gz.asc create mode 100644 libsemanage.changes create mode 100644 libsemanage.keyring create mode 100644 libsemanage.spec create mode 100644 python-semanage.changes create mode 100644 python-semanage.spec create mode 100644 semanage.conf diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/1231587-build-libsemanage-with-swig-4.3.0.patch b/1231587-build-libsemanage-with-swig-4.3.0.patch new file mode 100644 index 0000000..3717e1d --- /dev/null +++ b/1231587-build-libsemanage-with-swig-4.3.0.patch @@ -0,0 +1,257 @@ +Index: libsemanage-3.7/src/semanageswig_python.i +=================================================================== +--- libsemanage-3.7.orig/src/semanageswig_python.i ++++ libsemanage-3.7/src/semanageswig_python.i +@@ -111,7 +111,7 @@ + } + + %typemap(argout) char** { +- $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1), $isvoid); + free(*$1); + } + +@@ -134,7 +134,7 @@ + NULL, NULL, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -148,7 +148,7 @@ + } + + %typemap(argout) semanage_module_info_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** module key typemaps **/ +@@ -160,7 +160,7 @@ + } + + %typemap(argout) semanage_module_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** context typemaps **/ +@@ -172,7 +172,7 @@ + } + + %typemap(argout) semanage_context_t** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** boolean typemaps **/ +@@ -197,7 +197,7 @@ + (void (*) (void*)) &semanage_bool_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -207,11 +207,11 @@ + } + + %typemap(argout) semanage_bool_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_bool_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_bool_key_t **(semanage_bool_key_t *temp=NULL) { +@@ -240,7 +240,7 @@ + (void (*) (void*)) &semanage_fcontext_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -250,11 +250,11 @@ + } + + %typemap(argout) semanage_fcontext_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_fcontext_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_fcontext_key_t **(semanage_fcontext_key_t *temp=NULL) { +@@ -284,7 +284,7 @@ + (void (*) (void*)) &semanage_iface_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -294,11 +294,11 @@ + } + + %typemap(argout) semanage_iface_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_iface_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_iface_key_t **(semanage_iface_key_t *temp=NULL) { +@@ -328,7 +328,7 @@ + (void (*) (void*)) &semanage_seuser_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -338,11 +338,11 @@ + } + + %typemap(argout) semanage_seuser_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_seuser_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_seuser_key_t **(semanage_seuser_key_t *temp=NULL) { +@@ -371,7 +371,7 @@ + (void (*) (void*)) &semanage_user_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -381,11 +381,11 @@ + } + + %typemap(argout) semanage_user_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_user_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_user_key_t **(semanage_user_key_t *temp=NULL) { +@@ -414,7 +414,7 @@ + (void (*) (void*)) &semanage_port_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -424,11 +424,11 @@ + } + + %typemap(argout) semanage_port_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_port_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_port_key_t **(semanage_port_key_t *temp=NULL) { +@@ -457,7 +457,7 @@ + (void (*) (void*)) &semanage_ibpkey_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -467,11 +467,11 @@ + } + + %typemap(argout) semanage_ibpkey_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_ibpkey_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_ibpkey_key_t **(semanage_ibpkey_key_t *temp=NULL) { +@@ -500,7 +500,7 @@ + (void (*) (void*)) &semanage_ibendport_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -510,11 +510,11 @@ + } + + %typemap(argout) semanage_ibendport_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_ibendport_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_ibendport_key_t **(semanage_ibendport_key_t *temp=NULL) { +@@ -543,7 +543,7 @@ + (void (*) (void*)) &semanage_node_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -553,12 +553,12 @@ + } + + %typemap(argout) semanage_node_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + + %typemap(argout) semanage_node_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_node_key_t **(semanage_node_key_t *temp=NULL) { diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..505095a --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + python-semanage + + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..f02cd37 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libsemanage2 diff --git a/libsemanage-3.6.tar.gz b/libsemanage-3.6.tar.gz new file mode 100644 index 0000000..2d6c989 --- /dev/null +++ b/libsemanage-3.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:41138f46222439e1242f27c1587e95cf54a059259aaf1681db642cc30c4e0d60 +size 182583 diff --git a/libsemanage-3.6.tar.gz.asc b/libsemanage-3.6.tar.gz.asc new file mode 100644 index 0000000..3273bc1 --- /dev/null +++ b/libsemanage-3.6.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAIACgkQRpWIHCVF +CNHfxRAAxXkHDxt7TvNySNdBDbqD0NX8r2tAKBEqI5dwspic8W8qi3mBBtqSYhxA +XAx8lRtf+wMSUaUO/Fa0qUyFuc/zdDTJUiNl2Aijp7YER3wpGj1/YDz/6lAWEc2N +8HMKQLYmdyoqzltRLTyTfRU3Zp1o0D15JVQtONadllTbRr6xKu672rSMkJf4AlxN +Q+CP26z/vRCtWXZLmsupgzbgeMPITrLGW5tubjtKgs8RGJ7o/yC1L0lT3aXSZ+EC +fhu4u7PhJqHeXhfSW1JBXkOXVooc9/9O1CURpSWGoS7CzhLpoxfabZfEomT2vshx +1DIQNFkCHrVp4mF+NU+AHatJNuknopz3XaKVEkYfUkcg23uFNuUXb9Rit1fJXYrD +YTNEtkv3LQw20dTpAP8LeW7LUv+9Z3hQQlOdHmzTNloJBH47B7MiNE09HdHtQL/w +10UUMgO4mTBGCseQ1gNfnbVQIUxP9iMdKzNG1aSDZIABH0Liroh2Oq1j5oJybWsw +C+yXFPle/bKvKzIXTBST40Qxi5fOIJatewRTEMX8ikapBaVKIE9QSlYRSnAgD0Me +LW1MQG/2FCt3byGA/gSYnRlgASjg2r23QHlvVRkRG0/Uj37hE5QAHqIMYmMsMEqy +XenmK+tCcPC6y/O4BwoRV3O6PU8/j8C0+RYD4bv5xmtPd1H+858= +=xhK9 +-----END PGP SIGNATURE----- diff --git a/libsemanage-3.7.tar.gz b/libsemanage-3.7.tar.gz new file mode 100644 index 0000000..1624de3 --- /dev/null +++ b/libsemanage-3.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e166cae29a417dab008db9ca0874023f353a3017b07693a036ed97487eda35b1 +size 182896 diff --git a/libsemanage-3.7.tar.gz.asc b/libsemanage-3.7.tar.gz.asc new file mode 100644 index 0000000..8f272c0 --- /dev/null +++ b/libsemanage-3.7.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF +CNF7iw/+J/RkUBGyWCTPpjTxycgsM32jroIqhekik2VkAAoSSfIy2DNsV9W1LhjX +8wdTIbohbVIV4iVjzvd8H5ee0XpywPYQ18bgvYmpHmjC+0pp3wZy5T1igbE1ePCq +r/MheAHIn4zj68qZZxCXZs5Fc1PC910jsEOM8Wwdyyo8VGpPp4EfO6y3aFIkbeoQ +kC4rNtXtXy5USKUtQ8QbKqyr+/YuSfVgYeZCexBqL0GJ4jwP413xiwKXL+RAzDeL +j5Z9m0j911LTer/KUoDL+jdlkX1YTf4qK+VEcHjlQBLUoS6atsNKSMJftqKkATfP +AZqlBuka6RheBL54eNHc+slIKEJvhfuTFWItM/3o8+lnW/2d7dYh1WxQhXJBFDM7 +dbButzqAL9dKNRjTNlBpMPe8oj13wLK890eVLOlnMIJUW4dZURoNNbs3Q2OlhuHQ +kyuPOegi2ZaNz4TvjlI1egY3h9lVYjUv/l/AtscqWfutZfD+e7n93mLOiXmZFmHI +G56cIUHfT13CEPq9D8moVTLM1bSibEDGe2GUqalpk9YcbQ3wBBXgUF8XcGuQFYZt +Bl42k6VvolZ6net+FxBoUhprBDtkPJQSD5DyT0OF4uucdZiDbsZT7vsYMjndiZVd +D1FyYekdvzb6x6li4nLLkxyj2WV96vPvqRKK+zvIldFem1Nllps= +=aE6b +-----END PGP SIGNATURE----- diff --git a/libsemanage.changes b/libsemanage.changes new file mode 100644 index 0000000..1ee0c05 --- /dev/null +++ b/libsemanage.changes @@ -0,0 +1,493 @@ +------------------------------------------------------------------- +Mon Jul 1 07:57:45 UTC 2024 - Cathy Hu + +- Update to version 3.7 + https://github.com/SELinuxProject/selinux/releases/tag/3.7 + * Bugfixes: + * libsemanage: support huge passwd entries + +------------------------------------------------------------------- +Tue Dec 19 11:12:21 UTC 2023 - Cathy Hu + +- Update to version 3.6 + https://github.com/SELinuxProject/selinux/releases/tag/3.6 + * Add notself support for neverallow rules + * Improve man pages + * man pages: Remove the Russian translations + * Add notself and other support to CIL + * Add support for deny rules + * Translations updated from + https://translate.fedoraproject.org/projects/selinux/ + * Bug fixes +- Remove keys from keyring since they expired: + - E853C1848B0185CF42864DF363A8AD4B982C4373 + Petr Lautrbach + - 63191CE94183098689CAB8DB7EF137EC935B0EAF + Jason Zaman +- Add key to keyring: + - B8682847764DF60DF52D992CBC3905F235179CF1 + Petr Lautrbach + +------------------------------------------------------------------- +Mon Nov 27 09:51:42 UTC 2023 - Daniel Garcia + +- Remove dependency on /usr/bin/python3, making scripts to depends on + the real python3 binary, not the link. bsc#1212476 + +------------------------------------------------------------------- +Mon Aug 14 08:07:46 UTC 2023 - Johannes Segitz + +- Remove build counter syncing for real + +------------------------------------------------------------------- +Thu May 4 14:20:40 UTC 2023 - Frederic Crozat + +- Add _multibuild to define additional spec files as additional + flavors. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz + +- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because + of LTO + +------------------------------------------------------------------- +Thu Mar 23 13:06:51 UTC 2023 - Martin Liška + +- Enable LTO now (boo#1138812). + +------------------------------------------------------------------- +Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz + +- Update to version 3.5 + * Allow user to set SYSCONFDIR + * always write kernel policy when check_ext_changes is specified +- Added additional developer key (Jason Zaman) + +------------------------------------------------------------------- +Mon May 9 10:37:17 UTC 2022 - Johannes Segitz + +- Update to version 3.4 + * Optionally rebuild policy when modules are changed externally + * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() + * Allow spaces in user/group names + +------------------------------------------------------------------- +Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz + +- Drop Buildrequires for libustr-devel, not needed anymore + +------------------------------------------------------------------- +Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * Fixed use-after-free in parse_module_store() + * Fixed use_after_free in semanage_direct_write_langext() + +------------------------------------------------------------------- +Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz + +- Link to correct so version +- Minor spec file cleanups + +------------------------------------------------------------------- +Wed Mar 17 08:29:15 UTC 2021 - Johannes Segitz + +- Move configuration file to separate libsemanage-conf package to allow + for parallel installation in future versions + +------------------------------------------------------------------- +Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz + +- Update to version 3.2 + * dropped old and deprecated symbols and functions + libsemanage version was bumped to libsemanage.so.2 + * libsemanage tries to sync data to prevent empty files in SELinux module + store + +------------------------------------------------------------------- +Wed Jul 29 14:37:19 UTC 2020 - Thorsten Kukuk + +- Add /var/lib/selinux + +------------------------------------------------------------------- +Wed Jul 15 08:17:18 UTC 2020 - Johannes Segitz + +- Remove libsemanage-update-map-file.patch to prevent checkers from declining + the submission. Keeping the snippet in the spec file in case we try to + enable LTO again + +------------------------------------------------------------------- +Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * Improved manpage + * fsync final files before rename + +------------------------------------------------------------------- +Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz + +- Disabled LTO again. This breaks e.g. shadow and also other packages + in security:SELinux + +------------------------------------------------------------------- +Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez + +- Fix build with LTO: [bsc#1133102] + * Enable LTO (Link Time Optimization) and build with -ffat-lto-objects + * Update map file to include new symbols and remove wildcards +- Add libsemanage-update-map-file.patch + +------------------------------------------------------------------- +Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger + +- Drop suse_path.patch: replace it with a grep/sed logic replacing + /usr/libexec in all files with the correct value for all distros + (taking into account that openSUSE is in progress of migrating + from /usr/lib to /usr/libexec). + +------------------------------------------------------------------- +Fri May 29 12:51:17 UTC 2020 - Johannes Segitz + +- Apply suse_path.patch only for older distributions. Newer + use libexec + +------------------------------------------------------------------- +Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * Add support for DCCP and SCTP protocols + * include internal header to use the hidden function prototypes + * mark all exported function "extern" + * optionally optimize policy on rebuild + Refreshed suse_path.patch + +------------------------------------------------------------------- +Thu Jun 20 10:22:04 UTC 2019 - Martin Liška + +- Disable LTO due to symbol versioning (boo#1138812). + +------------------------------------------------------------------- +Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com + +- Update to version 2.9 + * Always set errno to 0 before calling getpwent() + * Include user name in ROLE_REMOVE audit events + * genhomedircon - improve handling large groups + * improve semanage_migrate_store import failure + * reset umask before creating directories + * set selinux policy root around calls to selinux_boolean_sub + * use previous seuser when getting the previous name + +------------------------------------------------------------------- +Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt + +- Use more %make_install. + +------------------------------------------------------------------- +Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com + +- Adjusted source urls (bsc#1115052) + +------------------------------------------------------------------- +Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com + +- update to version 2.8 + * semanage fcontext -l now also lists home directory entries from + file_contexts.homedirs. + * libsemanage no longer deletes the tmp directory if there is an error + while committing the policy transaction, so that any temporary files + can be further inspected for debugging purposes (e.g. to examine a + particular line of the generated CIL module). The tmp directory will + be deleted upon the next transaction, so no manual removal is needed. + * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc., + DESTDIR has to be removed from the definition. For example on Arch + Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin". + * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed). + +- Clened with spec-cleaner + +------------------------------------------------------------------- +Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com + +- Update to version 2.7. Changes: + * IB support + * saves linked policy and skips relinking whenever possible + +------------------------------------------------------------------- +Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com + +- Update to version 2.6. Notable changes: + * genhomedircon: do not suppress logging from libsepol + * genhomedircon: use userprefix as the role for homedir + * Fix bug preventing the installation of base modules + * Use pp module name instead of filename when installing module + * genhomedircon: remove hardcoded refpolicy strings + * genhomedircon: add support for %group syntax + * genhomedircon: generate contexts for logins mapped to the default user + * Validate and compile file contexts before installing + * Swap tcp and udp protocol numbers + * genhomedircon: %{USERID} and %{USERNAME} support and code cleanups + +------------------------------------------------------------------- +Mon Dec 12 14:59:36 UTC 2016 - dimstar@opensuse.org + +- Split out the Policy Store Migration tool into + libsemanage-store-migrate: it is not a devel tool to start with. + Additionally, it causes the -devel package to depend on python, + which we want to avoid (libsemanabe being part of the core build + cycle). The library suggests libsemanage-store-migrate. + +------------------------------------------------------------------- +Sun Jul 17 15:17:39 UTC 2016 - jengelh@inai.de + +- Update RPM groups, trim description, combine filelist entries, + ensure pkgconfig() symbols are generated. + +------------------------------------------------------------------- +Thu Jul 14 14:20:12 UTC 2016 - jsegitz@novell.com + +- Without bug number no submit to SLE 12 SP2 is possible, so to make + sle-changelog-checker happy: bsc#988977 + +------------------------------------------------------------------- +Wed Jul 13 09:43:28 UTC 2016 - jsegitz@novell.com + +- Added suse_path.patch to fix path to hll compiler + +------------------------------------------------------------------- +Fri Jul 8 15:24:49 UTC 2016 - i@marguerite.su + +- update version 2.5 + * Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss. + * Fix uninitialized variable in direct_commit and direct_api + * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so + * Store homedir_template and users_extra in policy store + * Fix null pointer dereference in semanage_module_key_destroy + * Add semanage_module_extract() to extract a module as CIL or HLL + * semanage_migrate_store: add -r option for migrating inside chroots + * Add file_contexts and seusers to the store + * Add policy binary and file_contexts.local to the store + * Allow to install compressed modules without a compression extension + * Do not copy contexts in semanage_migrate_store + * Fix logic in bunzip for uncompressed pp files + * Fix fname[] initialization in test_utilities.c + * Add remove-hll semanage.conf option to remove HLL files after + compilation to CIL + * Fix memory leaks when parsing semanage.conf + * Change bunzip to use heap instead of stack to prevent segfault on + systems with small stack size +- changes in 2.4 + * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different + directories + * Fix bugs found by hardened gcc flags + * Add missing manpage links to security_load_policy + * Fix failing libsemanage pywrap tests + * Fix deprecation warning for bison + * Skip policy module relink when only setting booleans + * Only try to compile file contexts if they exist + * Fix memory leak when setting a custom store path + * Add semodule option to set store root path in semanage.conf and the + semodule command + * Add semanage.conf option to set an alternative root path for policy + store + * Add support for High Level Language (HLL) to CIL compilers. The HLL + compiler path is configurable, but should be placed in + /usr/libexec/selinux/hll by default + * Create a policy migration script for migrating the policy store from + /etc/selinux to /var/lib/selinux + * Add python3 support to the migration script + * Use libcil to compile modules + * Use symbolic versioning to maintain ABI compatibility for old install + functions + * Add a target-platform option to semanage.conf to control how policies + are built + * Add API to handle modules and source policies, moving module store to + /var/lib/selinux + * Only try to compile file contexts if they exist + +------------------------------------------------------------------- +Sun May 18 00:10:55 UTC 2014 - crrodriguez@opensuse.org + +- version 2.3 +* Fix memory leak in semanage_genhomedircon from Thomas Hurd. + +------------------------------------------------------------------- +Tue Feb 11 10:12:55 UTC 2014 - vcizek@suse.com + +- add semanage.conf as SOURCE and install it instead of the default + one + +------------------------------------------------------------------- +Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com + +- Update to version 2.2 + * Avoid duplicate list entries + * Add audit support to libsemanage + * Remove policy.kern and replace with symlink + * Apply a MAX_UID check for genhomedircon + * Fix man pages +- Add audit-devel BuildRequires; new dependency +- Add fdupes BuildRequires and use it to symlink duplicate manpages + +------------------------------------------------------------------- +Thu Jun 27 14:56:37 UTC 2013 - vcizek@suse.com + +- change the source url to the official 2.1.10 release tarball + +------------------------------------------------------------------- +Thu Apr 4 19:29:33 UTC 2013 - vcizek@suse.com + +- fixed source url +- removed old tarball + +------------------------------------------------------------------- +Fri Mar 29 15:21:29 UTC 2013 - vcizek@suse.com + +- update to 2.1.10 + * Add sefcontext_compile to compile regex everytime policy is rebuilt + * Cleanup/fix enable/disable/remove module. + * redo genhomedircon minuid + * fixes from coverity + * semanage_store: do not leak memory in semanage_exec_prog + * genhomedircon: remove useless conditional in get_home_dirs + * genhomedircon: double free in get_home_dirs + * fcontext_record: do not leak on error in semanage_fcontext_key_create + * genhomedircon: do not leak on failure in write_gen_home_dir_context + * semanage_store: do not leak fd + * genhomedircon: do not leak shells list + * semanage_store: do not leak on strdup failure + * semanage_store: rewrite for readability + +------------------------------------------------------------------- +Wed Jan 30 12:00:30 UTC 2013 - vcizek@suse.com + +- update to 2.1.9 + * dropped libsemanage-2.1.6-NULL_level_fix.patch (fixed upstream) + * libsemanage: do not set soname needlessly + * libsemanage: remove PYTHONLIBDIR and ruby equivalent + * do boolean name substitution + * Fix segfault for building standard policies. + * remove build warning when build swig c files + * additional makefile support for rubywrap + * ignore 80 column limit for readability + * semanage_store: fix snprintf length argument by using asprintf + * Use default semanage.conf as a fallback + * use after free in python bindings + * Alternate path for semanage.conf + * do not link against libpython, this is considered bad in Debian + * Allow to build for several ruby version + * fallback-user-level + +------------------------------------------------------------------- +Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de + +- Remove obsolete defines/sections + +------------------------------------------------------------------- +Wed Oct 24 16:36:25 UTC 2012 - vcizek@suse.com + +- when building "standard" (not MCS/MLS) selinux-policies, + libsemanage will crash, because "level" is NULL + (libsemanage-2.1.6-NULL_level_fix.patch) + +------------------------------------------------------------------- +Mon Aug 27 13:49:45 UTC 2012 - cfarrell@suse.com + +- license update: LGPL-2.1+ + Could not find any LGPL-2.1 "only" licensed files in the pacakge + +------------------------------------------------------------------- +Wed Aug 1 07:54:33 UTC 2012 - meissner@suse.com + +- Updated to 2.1.6 + * changes too numerous to list + +------------------------------------------------------------------- +Wed Oct 5 15:10:27 UTC 2011 - uli@suse.com + +- cross-build fix: use %__cc macro + +------------------------------------------------------------------- +Thu Sep 22 13:14:39 CEST 2011 - dmueller@suse.de + +- buildrequire libbz2-devel + +------------------------------------------------------------------- +Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org + +- split off python bindings to separate package to reduce build + dependencies for rpm [bnc#695436] + +------------------------------------------------------------------- +Wed May 18 13:38:44 UTC 2011 - coolo@novell.com + +- add baselibs.conf for rpm-32bit to use + +------------------------------------------------------------------- +Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com + +- disable parallel build, it breaks too often + +------------------------------------------------------------------- +Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz + +- updated to 2.0.43 + * changes too numerous to list + +------------------------------------------------------------------- +Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz + +- fix assignment of wrong context [bnc#466793] + +------------------------------------------------------------------- +Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz + +- updated to 2.0.31 + * policy module compression (bzip) support from Dan Walsh + * hard link files between tmp/active/previous from Dan Walsh + * add semanage_mls_enabled() interface from Stephen Smalley + +------------------------------------------------------------------- +Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz + +- updated to 2.0.29 + * add USER to lines to homedir_template context file + * add compression support + * allow fcontext and seuser changes without rebuilding the policy + * don't rebuild on fcontext or seuser modifications + * modify genhomedircon to skip %groupname entries + +------------------------------------------------------------------- +Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de + +- fix debug_packages_requires define + +------------------------------------------------------------------- +Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz + +- require only version, not release [bnc#429053] + +------------------------------------------------------------------- +Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz + +- updated to 2.0.27 + * Modify genhomedircon to skip %groupname entries. + Ultimately we need to expand them to the list of users to support + per-role homedir labeling when using the %groupname syntax. +- updated to 2.0.26 + * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. + Strip any trailing slash before appending /*$. + +------------------------------------------------------------------- +Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de + +- fix requires for debuginfo package + +------------------------------------------------------------------- +Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz + +- initial version 2.0.25 + * based on Fedora package by Dan Walsh + diff --git a/libsemanage.keyring b/libsemanage.keyring new file mode 100644 index 0000000..0da0602 --- /dev/null +++ b/libsemanage.keyring @@ -0,0 +1,110 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f +QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq +8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk +e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m +zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk +uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V +CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k +Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK +3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC +4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ +xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB +tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB +FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG +FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7 +CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G +CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx +tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ +79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9 +eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf +YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc +g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ +6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP +3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6 +9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf +6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7 +DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu +Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI +zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x +2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML +rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw +xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e +Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm +YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ +MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ +YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC +w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec +8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj +EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5 +4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90 +XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU +5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3 ++4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4 +G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv +LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z +b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k +dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb +ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2 +6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo +hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2 +QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV +9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg +ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC +APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5 +APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO +Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6 +is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1 +/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS +f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m +khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7 +8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5 +XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+ +ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV +TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY +BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE +LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup +PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT +raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq +DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I +V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+ +ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD +VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF +CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb +96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu +O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec +qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5 +/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw +w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50 +THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY +nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k +uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57 +c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D +vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378 +d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0 +P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X +QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64 +G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3 +QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ +MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO +17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC +JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ +lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT +xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd +7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp +ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ +A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB +56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh +z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY +eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3 +q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh +C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy +BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F +G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY +zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x +pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr +6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi +TakEPw== +=odM9 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libsemanage.spec b/libsemanage.spec new file mode 100644 index 0000000..74ac65f --- /dev/null +++ b/libsemanage.spec @@ -0,0 +1,161 @@ +# +# spec file for package libsemanage +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define soversion 2 +%define libname libsemanage%{soversion} + +Name: libsemanage +Version: 3.7 +Release: 0 +Summary: SELinux policy management library +License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ +URL: https://github.com/SELinuxProject/selinux/wiki/Releases +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc +Source2: libsemanage.keyring +Source3: baselibs.conf +Source4: semanage.conf +# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards +# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux +#Patch0: libsemanage-update-map-file.patch +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: fdupes +BuildRequires: flex +BuildRequires: libbz2-devel +BuildRequires: libselinux-devel +BuildRequires: libsepol-devel +BuildRequires: pkgconfig +BuildRequires: python-rpm-macros + +%description +libsemanage is the policy management library. Using libsepol and +libselinux to interact with the SELinux system, it also calls helper +programs for loading policy and for checking whether the +file_contexts configuration is valid. + +%package -n %{libname} +Summary: SELinux policy management library +Group: System/Libraries +Suggests: %{name}-migrate-store +Requires: %{name}-conf >= %{version} + +%description -n %{libname} +libsemanage is the policy management library. Using libsepol and +libselinux to interact with the SELinux system, it also calls helper +programs for loading policy and for checking whether the +file_contexts configuration is valid. + +(Security-enhanced Linux is a feature of the kernel and some +utilities that implement mandatory access control policies, such as +Type Enforcement, Role-based Access Control and Multi-Level +Security.) + +%package conf +Summary: Configuration for the SELinux policy management library +# before 3.1 the config file wasn't separated, so no parallel install is possible +Group: System/Libraries +Conflicts: %{name}1 <= 3.1 + +%description conf +Configuration file for libsemanage. Moved to a separate package to allow +parallel installation + +%package devel +Summary: Header files and libraries for SELinux's policy management libary +Group: Development/Libraries/C and C++ +Requires: %{libname} = %{version} + +%description devel +The libsemanage-devel package contains the libraries and header files +needed for developing applications that manipulate SELinux policies. + +%package devel-static +Summary: Static archives for SELinux's policy management library +Group: Development/Libraries/C and C++ +Requires: libsemanage-devel + +%description devel-static +The libsemanage-devel-static package contains the static libraries +needed for developing applications that manipulate binary policies. + +%package migrate-store +Summary: SELinux Policy Store Migration +Group: Productivity/Security + +%description migrate-store +In version 2.4 of libsemanage, libsepol, and policycoreutils, the policy +module store was moved from /etc/selinux//modules/ to +/var/lib/selinux//. Once the libraries are upgraded, all policy +stores must be migrated before any commands that modify or use the store +(e.g. semodule, semanage) can be executed. + +%prep +%setup -q +# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files +grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" + +%build +%make_build clean +%make_build CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" CC="gcc" +%make_build CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all + +%install +mkdir -p %{buildroot}/%{_lib} +mkdir -p %{buildroot}%{_libdir} +mkdir -p %{buildroot}%{_includedir} +mkdir -p %{buildroot}%{_localstatedir}/lib/selinux +%make_install LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_libdir}" +ln -sf %{_libdir}/libsemanage.so.%{soversion} %{buildroot}/%{_libdir}/libsemanage.so +cp %{SOURCE4} %{buildroot}%{_sysconfdir}/selinux/semanage.conf + +# Fix shebang in scripts +for f in %{buildroot}%{_libexecdir}/selinux/* +do + [ -f $f ] && sed -i "1s@#!.*python.*@#!$(realpath %__python3)@" $f +done +# Remove duplicate files +%fdupes -s %{buildroot}%{_mandir} + +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig + +%files -n %{libname} +%{_libdir}/libsemanage.so.* +%dir %{_localstatedir}/lib/selinux + +%files conf +%dir %{_sysconfdir}/selinux +%config(noreplace) %{_sysconfdir}/selinux/semanage.conf + +%files devel +%{_libdir}/libsemanage.so +%{_libdir}/pkgconfig/libsemanage.pc +%{_includedir}/semanage/ +%{_mandir}/man3/* +%{_mandir}/man5/* + +%files migrate-store +%dir %{_libexecdir}/selinux +%{_libexecdir}/selinux/ + +%files devel-static +%{_libdir}/libsemanage.a + +%changelog diff --git a/python-semanage.changes b/python-semanage.changes new file mode 100644 index 0000000..37463ad --- /dev/null +++ b/python-semanage.changes @@ -0,0 +1,402 @@ +------------------------------------------------------------------- +Tue Oct 15 11:41:31 UTC 2024 - Cathy Hu + +- Add 1231587-build-libsemanage-with-swig-4.3.0.patch to fix + build failure with swig 4.3.0 (bsc#1231587) + +------------------------------------------------------------------- +Mon Jul 1 07:57:45 UTC 2024 - Cathy Hu + +- Update to version 3.7 + https://github.com/SELinuxProject/selinux/releases/tag/3.7 + * Bugfixes: + * libsemanage: support huge passwd entries + +------------------------------------------------------------------- +Tue May 28 10:40:17 UTC 2024 - Cathy Hu + +- Build python-semanage for python311 in 15.4 and 15.5 instead of + python3.6 to fix build dependencies + +------------------------------------------------------------------- +Tue Dec 19 11:13:19 UTC 2023 - Cathy Hu + +- Update to version 3.6 + https://github.com/SELinuxProject/selinux/releases/tag/3.6 + * Add notself support for neverallow rules + * Improve man pages + * man pages: Remove the Russian translations + * Add notself and other support to CIL + * Add support for deny rules + * Translations updated from + https://translate.fedoraproject.org/projects/selinux/ + * Bug fixes +- Remove keys from keyring since they expired: + - E853C1848B0185CF42864DF363A8AD4B982C4373 + Petr Lautrbach + - 63191CE94183098689CAB8DB7EF137EC935B0EAF + Jason Zaman +- Add key to keyring: + - B8682847764DF60DF52D992CBC3905F235179CF1 + Petr Lautrbach + +------------------------------------------------------------------- +Thu May 4 14:20:40 UTC 2023 - Frederic Crozat + +- Add _multibuild to define additional spec files as additional + flavors. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz + +- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because + of LTO + +------------------------------------------------------------------- +Thu Mar 23 13:06:51 UTC 2023 - Martin Liška + +- Enable LTO now (boo#1138812). + +------------------------------------------------------------------- +Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz + +- Update to version 3.5 + * Allow user to set SYSCONFDIR + * always write kernel policy when check_ext_changes is specified +- Added additional developer key (Jason Zaman) + +------------------------------------------------------------------- +Mon May 9 10:37:17 UTC 2022 - Johannes Segitz + +- Update to version 3.4 + * Optionally rebuild policy when modules are changed externally + * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() + * Allow spaces in user/group names + +------------------------------------------------------------------- +Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz + +- Drop Buildrequires for libustr-devel, not needed anymore + +------------------------------------------------------------------- +Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * Fixed use-after-free in parse_module_store() + * Fixed use_after_free in semanage_direct_write_langext() + +------------------------------------------------------------------- +Mon Aug 16 13:13:41 UTC 2021 - Fabian Vogt + +- Call "make -j8 pywrap" instead of "make -j8 all pywrap" to fix random + build failures. The toplevel Makefile does not support concurrency, + and it resulted in parallel "make all" and "make pywrap" which weren't + aware of each other and stepped over the other's artifacts. + +------------------------------------------------------------------- +Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz + +- Minor spec file cleanups + +------------------------------------------------------------------- +Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz + +- Update to version 3.2 + * dropped old and deprecated symbols and functions + libsemanage version was bumped to libsemanage.so.2 + * libsemanage tries to sync data to prevent empty files in SELinux module + store + +------------------------------------------------------------------- +Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * Improved manpage + * fsync final files before rename + +------------------------------------------------------------------- +Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz + +- Disabled LTO again. This breaks e.g. shadow and also other packages + in security:SELinux + +------------------------------------------------------------------- +Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez + +- Fix build with LTO: [bsc#1133102] + * Enable LTO (Link Time Optimization) + * Update map file to include new symbols and remove wildcards +- Add libsemanage-update-map-file.patch + +------------------------------------------------------------------- +Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger + +- Drop suse_path.patch: replace it with a grep/sed logic replacing + /usr/libexec in all files with the correct value for all distros + (taking into account that openSUSE is in progress of migrating + from /usr/lib to /usr/libexec). + +------------------------------------------------------------------- +Fri May 29 12:51:17 UTC 2020 - Johannes Segitz + +- Apply suse_path.patch only for older distributions. Newer + use libexec + +------------------------------------------------------------------- +Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * Add support for DCCP and SCTP protocols + * include internal header to use the hidden function prototypes + * mark all exported function "extern" + * optionally optimize policy on rebuild + Refreshed suse_path.patch + +------------------------------------------------------------------- +Fri May 3 12:22:25 UTC 2019 - Martin Liška + +- Disable LTO (boo#1133280). + +------------------------------------------------------------------- +Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com + +- Update to version 2.9 + * Always set errno to 0 before calling getpwent() + * Include user name in ROLE_REMOVE audit events + * genhomedircon - improve handling large groups + * improve semanage_migrate_store import failure + * reset umask before creating directories + * set selinux policy root around calls to selinux_boolean_sub + * use previous seuser when getting the previous name + +------------------------------------------------------------------- +Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt + +- Use more %make_install. + +------------------------------------------------------------------- +Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com + +- Adjusted source urls (bsc#1115052) + +------------------------------------------------------------------- +Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com + +- update to version 2.8 + * semanage fcontext -l now also lists home directory entries from + file_contexts.homedirs. + * libsemanage no longer deletes the tmp directory if there is an error + while committing the policy transaction, so that any temporary files + can be further inspected for debugging purposes (e.g. to examine a + particular line of the generated CIL module). The tmp directory will + be deleted upon the next transaction, so no manual removal is needed. + * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc., + DESTDIR has to be removed from the definition. For example on Arch + Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin". + * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed). + +- Clened with spec-cleaner + +------------------------------------------------------------------- +Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com + +- Update to version 2.7. Changes: + * IB support + * saves linked policy and skips relinking whenever possible + +------------------------------------------------------------------- +Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com + +- Update to version 2.6. Notable changes: + * genhomedircon: do not suppress logging from libsepol + * genhomedircon: use userprefix as the role for homedir + * Fix bug preventing the installation of base modules + * Use pp module name instead of filename when installing module + * genhomedircon: remove hardcoded refpolicy strings + * genhomedircon: add support for %group syntax + * genhomedircon: generate contexts for logins mapped to the default user + * Validate and compile file contexts before installing + * Swap tcp and udp protocol numbers + * genhomedircon: %{USERID} and %{USERNAME} support and code cleanups + +------------------------------------------------------------------- +Wed Sep 27 15:51:27 UTC 2017 - jmatejek@suse.com + +- build both python2 and python3 version of the semanage binding + with the singlespec machinery + +------------------------------------------------------------------- +Sun Jul 17 15:21:03 UTC 2016 - jengelh@inai.de + +- Summary/description update + +------------------------------------------------------------------- +Fri Jul 8 15:35:05 UTC 2016 - i@marguerite.su + +- update version 2.5 + * Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss. + * Fix uninitialized variable in direct_commit and direct_api + * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so + * Store homedir_template and users_extra in policy store + * Fix null pointer dereference in semanage_module_key_destroy + * Add semanage_module_extract() to extract a module as CIL or HLL + * semanage_migrate_store: add -r option for migrating inside chroots + * Add file_contexts and seusers to the store + * Add policy binary and file_contexts.local to the store + * Allow to install compressed modules without a compression extension + * Do not copy contexts in semanage_migrate_store + * Fix logic in bunzip for uncompressed pp files + * Fix fname[] initialization in test_utilities.c + * Add remove-hll semanage.conf option to remove HLL files after + compilation to CIL + * Fix memory leaks when parsing semanage.conf + * Change bunzip to use heap instead of stack to prevent segfault on + systems with small stack size +- changes in 2.4 + * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different + directories + * Fix bugs found by hardened gcc flags + * Add missing manpage links to security_load_policy + * Fix failing libsemanage pywrap tests + * Fix deprecation warning for bison + * Skip policy module relink when only setting booleans + * Only try to compile file contexts if they exist + * Fix memory leak when setting a custom store path + * Add semodule option to set store root path in semanage.conf and the + semodule command + * Add semanage.conf option to set an alternative root path for policy + store + * Add support for High Level Language (HLL) to CIL compilers. The HLL + compiler path is configurable, but should be placed in + /usr/libexec/selinux/hll by default + * Create a policy migration script for migrating the policy store from + /etc/selinux to /var/lib/selinux + * Add python3 support to the migration script + * Use libcil to compile modules + * Use symbolic versioning to maintain ABI compatibility for old install + functions + * Add a target-platform option to semanage.conf to control how policies + are built + * Add API to handle modules and source policies, moving module store to + /var/lib/selinux + * Only try to compile file contexts if they exist +- changes in 2.3 + * Fix memory leak in semanage_genhomedircon + +------------------------------------------------------------------- +Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com + +- Update to version 2.2 + * Avoid duplicate list entries + * Add audit support to libsemanage + * Remove policy.kern and replace with symlink + * Apply a MAX_UID check for genhomedircon + * Fix man pages +- Add audit-devel BuildRequires; new dependency +- Add fdupes BuildRequires and use it to symlink duplicate manpages + +------------------------------------------------------------------- +Thu Jun 27 14:57:01 UTC 2013 - vcizek@suse.com + +- change the source url to the official 2.1.10 release tarball + +------------------------------------------------------------------- +Wed Jan 30 12:01:03 UTC 2013 - vcizek@suse.com + +- update to 2.1.9 + +------------------------------------------------------------------- +Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de + +- Remove obsolete defines/sections + +------------------------------------------------------------------- +Tue Oct 23 05:05:03 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel + +------------------------------------------------------------------- +Wed Aug 1 07:54:48 UTC 2012 - meissner@suse.com + +- updated to 2.1.6 + * changes too numerous to list + +------------------------------------------------------------------- +Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org + +- split off python bindings to separate package to reduce build + dependencies for rpm [bnc#695436] + +------------------------------------------------------------------- +Wed May 18 13:38:44 UTC 2011 - coolo@novell.com + +- add baselibs.conf for rpm-32bit to use + +------------------------------------------------------------------- +Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com + +- disable parallel build, it breaks too often + +------------------------------------------------------------------- +Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz + +- updated to 2.0.43 + * changes too numerous to list + +------------------------------------------------------------------- +Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz + +- fix assignment of wrong context [bnc#466793] + +------------------------------------------------------------------- +Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz + +- updated to 2.0.31 + * policy module compression (bzip) support from Dan Walsh + * hard link files between tmp/active/previous from Dan Walsh + * add semanage_mls_enabled() interface from Stephen Smalley + +------------------------------------------------------------------- +Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz + +- updated to 2.0.29 + * add USER to lines to homedir_template context file + * add compression support + * allow fcontext and seuser changes without rebuilding the policy + * don't rebuild on fcontext or seuser modifications + * modify genhomedircon to skip %groupname entries + +------------------------------------------------------------------- +Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de + +- fix debug_packages_requires define + +------------------------------------------------------------------- +Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz + +- require only version, not release [bnc#429053] + +------------------------------------------------------------------- +Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz + +- updated to 2.0.27 + * Modify genhomedircon to skip %groupname entries. + Ultimately we need to expand them to the list of users to support + per-role homedir labeling when using the %groupname syntax. +- updated to 2.0.26 + * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. + Strip any trailing slash before appending /*$. + +------------------------------------------------------------------- +Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de + +- fix requires for debuginfo package + +------------------------------------------------------------------- +Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz + +- initial version 2.0.25 + * based on Fedora package by Dan Walsh + + diff --git a/python-semanage.spec b/python-semanage.spec new file mode 100644 index 0000000..496e798 --- /dev/null +++ b/python-semanage.spec @@ -0,0 +1,103 @@ +# +# spec file for package python-semanage +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?sle15_python_module_pythons} +%define soversion 2 +%define libname libsemanage%{soversion} + +%define libsepol_ver 3.7 +%define libselinux_ver 3.7 + +%{?!python_module:%define python_module() python-%{**} python3-%{**}} +Name: python-semanage +Version: 3.7 +Release: 0 +Summary: Python bindings for SELinux's policy management library +License: LGPL-2.1-only +Group: Development/Languages/Python +URL: https://github.com/SELinuxProject/selinux +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz.asc +Source2: libsemanage.keyring +Source3: baselibs.conf +%if %{pkg_vcmp swig > 4.2.1} +Patch0: 1231587-build-libsemanage-with-swig-4.3.0.patch +%endif +# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards +# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux +# Patch0: libsemanage-update-map-file.patch +BuildRequires: %{python_module devel} +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: flex +BuildRequires: libbz2-devel +BuildRequires: libselinux-devel >= %{libselinux_ver} +BuildRequires: libsepol-devel >= %{libsepol_ver} +BuildRequires: python-rpm-macros +BuildRequires: swig +# Ensure same version +Requires: %{libname} = %{version} +%python_subpackages + +%description +This package contains the Python bindings for developing +SELinux policy management applications. + +%prep +%autosetup -p1 -n libsemanage-%{version} +# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files +grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" + +%build +%make_build clean +%{python_expand # loop over possible pythons +%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" swigify +%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" \ + LIBDIR="%{_libdir}" \ + LIBEXECDIR="%{_libexecdir}" \ + SHLIBDIR="%{_lib}" \ + pywrap +} + +%install +mkdir -p %{buildroot}/%{_lib} +mkdir -p %{buildroot}%{_libdir} +mkdir -p %{buildroot}%{_includedir} +%{python_expand # loop over possible pythons +%make_install install-pywrap PYTHON="$python" \ + LIBDIR="%{_libdir}" \ + LIBEXECDIR="%{_libexecdir}" \ + SHLIBDIR="%{_libdir}" +} + +# remove files contained in other packages +rm -rf %{buildroot}%{_sysconfdir} +%if "%{_lib}" == "lib64" +rm -rf %{buildroot}%{_libexecdir} +%else +rm -rf %{buildroot}%{_libexecdir}/selinux +%endif +rm -rf %{buildroot}%{_includedir} +rm -f %{buildroot}%{_libdir}/libsemanage.* +rm -rf %{buildroot}%{_libdir}/pkgconfig +rm -rf %{buildroot}%{_mandir} + +%files %{python_files} +%{python_sitearch}/* + +%changelog diff --git a/semanage.conf b/semanage.conf new file mode 100644 index 0000000..5bae089 --- /dev/null +++ b/semanage.conf @@ -0,0 +1,51 @@ +# Authors: Jason Tang +# +# Copyright (C) 2004-2005 Tresys Technology, LLC +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +# +# Specify how libsemanage will interact with a SELinux policy manager. +# The four options are: +# +# "source" - libsemanage manipulates a source SELinux policy +# "direct" - libsemanage will write directly to a module store. +# /foo/bar - Write by way of a policy management server, whose +# named socket is at /foo/bar. The path must begin +# with a '/'. +# foo.com:4242 - Establish a TCP connection to a remote policy +# management server at foo.com. If there is a colon +# then the remainder is interpreted as a port number; +# otherwise default to port 4242. +module-store = direct + +# When generating the final linked and expanded policy, by default +# semanage will set the policy version to POLICYDB_VERSION_MAX, as +# given in . Change this setting if a different +# version is necessary. +#policy-version = 19 + +# expand-check check neverallow rules when executing all semanage commands. +# Large penalty in time if you turn this on. +expand-check=0 + +# usepasswd check tells semanage to scan all pass word records for home directories +# and setup the labeling correctly. If this is turned off, SELinux will label /home +# correctly only. You will need to use semanage fcontext command. +# For example, if you had home dirs in /althome directory you would have to execute +# semanage fcontext -a -e /home /althome +usepasswd=False +bzip-small=true +bzip-blocksize=5 +ignoredirs=/root -- 2.51.1 From 97ac5912ba708c7fe0dbf8a1bd05e2717b4669980894004b284d8d3dfbaac5f6 Mon Sep 17 00:00:00 2001 From: Hu Date: Mon, 11 Nov 2024 08:38:06 +0000 Subject: [PATCH 2/9] - Not conflict but obsolete libsemanage1 (bsc#1229757) OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=118 --- .gitattributes | 23 + .gitignore | 1 + ...87-build-libsemanage-with-swig-4.3.0.patch | 257 +++++++++ _multibuild | 4 + baselibs.conf | 1 + libsemanage-3.6.tar.gz | 3 + libsemanage-3.6.tar.gz.asc | 16 + libsemanage-3.7.tar.gz | 3 + libsemanage-3.7.tar.gz.asc | 16 + libsemanage.changes | 498 ++++++++++++++++++ libsemanage.keyring | 110 ++++ libsemanage.spec | 161 ++++++ python-semanage.changes | 402 ++++++++++++++ python-semanage.spec | 103 ++++ semanage.conf | 51 ++ 15 files changed, 1649 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 1231587-build-libsemanage-with-swig-4.3.0.patch create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 libsemanage-3.6.tar.gz create mode 100644 libsemanage-3.6.tar.gz.asc create mode 100644 libsemanage-3.7.tar.gz create mode 100644 libsemanage-3.7.tar.gz.asc create mode 100644 libsemanage.changes create mode 100644 libsemanage.keyring create mode 100644 libsemanage.spec create mode 100644 python-semanage.changes create mode 100644 python-semanage.spec create mode 100644 semanage.conf diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/1231587-build-libsemanage-with-swig-4.3.0.patch b/1231587-build-libsemanage-with-swig-4.3.0.patch new file mode 100644 index 0000000..3717e1d --- /dev/null +++ b/1231587-build-libsemanage-with-swig-4.3.0.patch @@ -0,0 +1,257 @@ +Index: libsemanage-3.7/src/semanageswig_python.i +=================================================================== +--- libsemanage-3.7.orig/src/semanageswig_python.i ++++ libsemanage-3.7/src/semanageswig_python.i +@@ -111,7 +111,7 @@ + } + + %typemap(argout) char** { +- $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1), $isvoid); + free(*$1); + } + +@@ -134,7 +134,7 @@ + NULL, NULL, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -148,7 +148,7 @@ + } + + %typemap(argout) semanage_module_info_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** module key typemaps **/ +@@ -160,7 +160,7 @@ + } + + %typemap(argout) semanage_module_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** context typemaps **/ +@@ -172,7 +172,7 @@ + } + + %typemap(argout) semanage_context_t** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** boolean typemaps **/ +@@ -197,7 +197,7 @@ + (void (*) (void*)) &semanage_bool_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -207,11 +207,11 @@ + } + + %typemap(argout) semanage_bool_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_bool_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_bool_key_t **(semanage_bool_key_t *temp=NULL) { +@@ -240,7 +240,7 @@ + (void (*) (void*)) &semanage_fcontext_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -250,11 +250,11 @@ + } + + %typemap(argout) semanage_fcontext_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_fcontext_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_fcontext_key_t **(semanage_fcontext_key_t *temp=NULL) { +@@ -284,7 +284,7 @@ + (void (*) (void*)) &semanage_iface_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -294,11 +294,11 @@ + } + + %typemap(argout) semanage_iface_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_iface_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_iface_key_t **(semanage_iface_key_t *temp=NULL) { +@@ -328,7 +328,7 @@ + (void (*) (void*)) &semanage_seuser_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -338,11 +338,11 @@ + } + + %typemap(argout) semanage_seuser_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_seuser_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_seuser_key_t **(semanage_seuser_key_t *temp=NULL) { +@@ -371,7 +371,7 @@ + (void (*) (void*)) &semanage_user_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -381,11 +381,11 @@ + } + + %typemap(argout) semanage_user_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_user_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_user_key_t **(semanage_user_key_t *temp=NULL) { +@@ -414,7 +414,7 @@ + (void (*) (void*)) &semanage_port_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -424,11 +424,11 @@ + } + + %typemap(argout) semanage_port_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_port_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_port_key_t **(semanage_port_key_t *temp=NULL) { +@@ -457,7 +457,7 @@ + (void (*) (void*)) &semanage_ibpkey_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -467,11 +467,11 @@ + } + + %typemap(argout) semanage_ibpkey_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_ibpkey_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_ibpkey_key_t **(semanage_ibpkey_key_t *temp=NULL) { +@@ -500,7 +500,7 @@ + (void (*) (void*)) &semanage_ibendport_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -510,11 +510,11 @@ + } + + %typemap(argout) semanage_ibendport_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_ibendport_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_ibendport_key_t **(semanage_ibendport_key_t *temp=NULL) { +@@ -543,7 +543,7 @@ + (void (*) (void*)) &semanage_node_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -553,12 +553,12 @@ + } + + %typemap(argout) semanage_node_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + + %typemap(argout) semanage_node_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_node_key_t **(semanage_node_key_t *temp=NULL) { diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..505095a --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + python-semanage + + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..f02cd37 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libsemanage2 diff --git a/libsemanage-3.6.tar.gz b/libsemanage-3.6.tar.gz new file mode 100644 index 0000000..2d6c989 --- /dev/null +++ b/libsemanage-3.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:41138f46222439e1242f27c1587e95cf54a059259aaf1681db642cc30c4e0d60 +size 182583 diff --git a/libsemanage-3.6.tar.gz.asc b/libsemanage-3.6.tar.gz.asc new file mode 100644 index 0000000..3273bc1 --- /dev/null +++ b/libsemanage-3.6.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAIACgkQRpWIHCVF +CNHfxRAAxXkHDxt7TvNySNdBDbqD0NX8r2tAKBEqI5dwspic8W8qi3mBBtqSYhxA +XAx8lRtf+wMSUaUO/Fa0qUyFuc/zdDTJUiNl2Aijp7YER3wpGj1/YDz/6lAWEc2N +8HMKQLYmdyoqzltRLTyTfRU3Zp1o0D15JVQtONadllTbRr6xKu672rSMkJf4AlxN +Q+CP26z/vRCtWXZLmsupgzbgeMPITrLGW5tubjtKgs8RGJ7o/yC1L0lT3aXSZ+EC +fhu4u7PhJqHeXhfSW1JBXkOXVooc9/9O1CURpSWGoS7CzhLpoxfabZfEomT2vshx +1DIQNFkCHrVp4mF+NU+AHatJNuknopz3XaKVEkYfUkcg23uFNuUXb9Rit1fJXYrD +YTNEtkv3LQw20dTpAP8LeW7LUv+9Z3hQQlOdHmzTNloJBH47B7MiNE09HdHtQL/w +10UUMgO4mTBGCseQ1gNfnbVQIUxP9iMdKzNG1aSDZIABH0Liroh2Oq1j5oJybWsw +C+yXFPle/bKvKzIXTBST40Qxi5fOIJatewRTEMX8ikapBaVKIE9QSlYRSnAgD0Me +LW1MQG/2FCt3byGA/gSYnRlgASjg2r23QHlvVRkRG0/Uj37hE5QAHqIMYmMsMEqy +XenmK+tCcPC6y/O4BwoRV3O6PU8/j8C0+RYD4bv5xmtPd1H+858= +=xhK9 +-----END PGP SIGNATURE----- diff --git a/libsemanage-3.7.tar.gz b/libsemanage-3.7.tar.gz new file mode 100644 index 0000000..1624de3 --- /dev/null +++ b/libsemanage-3.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e166cae29a417dab008db9ca0874023f353a3017b07693a036ed97487eda35b1 +size 182896 diff --git a/libsemanage-3.7.tar.gz.asc b/libsemanage-3.7.tar.gz.asc new file mode 100644 index 0000000..8f272c0 --- /dev/null +++ b/libsemanage-3.7.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF +CNF7iw/+J/RkUBGyWCTPpjTxycgsM32jroIqhekik2VkAAoSSfIy2DNsV9W1LhjX +8wdTIbohbVIV4iVjzvd8H5ee0XpywPYQ18bgvYmpHmjC+0pp3wZy5T1igbE1ePCq +r/MheAHIn4zj68qZZxCXZs5Fc1PC910jsEOM8Wwdyyo8VGpPp4EfO6y3aFIkbeoQ +kC4rNtXtXy5USKUtQ8QbKqyr+/YuSfVgYeZCexBqL0GJ4jwP413xiwKXL+RAzDeL +j5Z9m0j911LTer/KUoDL+jdlkX1YTf4qK+VEcHjlQBLUoS6atsNKSMJftqKkATfP +AZqlBuka6RheBL54eNHc+slIKEJvhfuTFWItM/3o8+lnW/2d7dYh1WxQhXJBFDM7 +dbButzqAL9dKNRjTNlBpMPe8oj13wLK890eVLOlnMIJUW4dZURoNNbs3Q2OlhuHQ +kyuPOegi2ZaNz4TvjlI1egY3h9lVYjUv/l/AtscqWfutZfD+e7n93mLOiXmZFmHI +G56cIUHfT13CEPq9D8moVTLM1bSibEDGe2GUqalpk9YcbQ3wBBXgUF8XcGuQFYZt +Bl42k6VvolZ6net+FxBoUhprBDtkPJQSD5DyT0OF4uucdZiDbsZT7vsYMjndiZVd +D1FyYekdvzb6x6li4nLLkxyj2WV96vPvqRKK+zvIldFem1Nllps= +=aE6b +-----END PGP SIGNATURE----- diff --git a/libsemanage.changes b/libsemanage.changes new file mode 100644 index 0000000..01e8421 --- /dev/null +++ b/libsemanage.changes @@ -0,0 +1,498 @@ +------------------------------------------------------------------- +Mon Oct 21 11:19:44 UTC 2024 - Johannes Segitz + +- Not conflict but obsolete libsemanage1 (bsc#1229757) + +------------------------------------------------------------------- +Mon Jul 1 07:57:45 UTC 2024 - Cathy Hu + +- Update to version 3.7 + https://github.com/SELinuxProject/selinux/releases/tag/3.7 + * Bugfixes: + * libsemanage: support huge passwd entries + +------------------------------------------------------------------- +Tue Dec 19 11:12:21 UTC 2023 - Cathy Hu + +- Update to version 3.6 + https://github.com/SELinuxProject/selinux/releases/tag/3.6 + * Add notself support for neverallow rules + * Improve man pages + * man pages: Remove the Russian translations + * Add notself and other support to CIL + * Add support for deny rules + * Translations updated from + https://translate.fedoraproject.org/projects/selinux/ + * Bug fixes +- Remove keys from keyring since they expired: + - E853C1848B0185CF42864DF363A8AD4B982C4373 + Petr Lautrbach + - 63191CE94183098689CAB8DB7EF137EC935B0EAF + Jason Zaman +- Add key to keyring: + - B8682847764DF60DF52D992CBC3905F235179CF1 + Petr Lautrbach + +------------------------------------------------------------------- +Mon Nov 27 09:51:42 UTC 2023 - Daniel Garcia + +- Remove dependency on /usr/bin/python3, making scripts to depends on + the real python3 binary, not the link. bsc#1212476 + +------------------------------------------------------------------- +Mon Aug 14 08:07:46 UTC 2023 - Johannes Segitz + +- Remove build counter syncing for real + +------------------------------------------------------------------- +Thu May 4 14:20:40 UTC 2023 - Frederic Crozat + +- Add _multibuild to define additional spec files as additional + flavors. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz + +- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because + of LTO + +------------------------------------------------------------------- +Thu Mar 23 13:06:51 UTC 2023 - Martin Liška + +- Enable LTO now (boo#1138812). + +------------------------------------------------------------------- +Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz + +- Update to version 3.5 + * Allow user to set SYSCONFDIR + * always write kernel policy when check_ext_changes is specified +- Added additional developer key (Jason Zaman) + +------------------------------------------------------------------- +Mon May 9 10:37:17 UTC 2022 - Johannes Segitz + +- Update to version 3.4 + * Optionally rebuild policy when modules are changed externally + * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() + * Allow spaces in user/group names + +------------------------------------------------------------------- +Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz + +- Drop Buildrequires for libustr-devel, not needed anymore + +------------------------------------------------------------------- +Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * Fixed use-after-free in parse_module_store() + * Fixed use_after_free in semanage_direct_write_langext() + +------------------------------------------------------------------- +Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz + +- Link to correct so version +- Minor spec file cleanups + +------------------------------------------------------------------- +Wed Mar 17 08:29:15 UTC 2021 - Johannes Segitz + +- Move configuration file to separate libsemanage-conf package to allow + for parallel installation in future versions + +------------------------------------------------------------------- +Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz + +- Update to version 3.2 + * dropped old and deprecated symbols and functions + libsemanage version was bumped to libsemanage.so.2 + * libsemanage tries to sync data to prevent empty files in SELinux module + store + +------------------------------------------------------------------- +Wed Jul 29 14:37:19 UTC 2020 - Thorsten Kukuk + +- Add /var/lib/selinux + +------------------------------------------------------------------- +Wed Jul 15 08:17:18 UTC 2020 - Johannes Segitz + +- Remove libsemanage-update-map-file.patch to prevent checkers from declining + the submission. Keeping the snippet in the spec file in case we try to + enable LTO again + +------------------------------------------------------------------- +Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * Improved manpage + * fsync final files before rename + +------------------------------------------------------------------- +Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz + +- Disabled LTO again. This breaks e.g. shadow and also other packages + in security:SELinux + +------------------------------------------------------------------- +Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez + +- Fix build with LTO: [bsc#1133102] + * Enable LTO (Link Time Optimization) and build with -ffat-lto-objects + * Update map file to include new symbols and remove wildcards +- Add libsemanage-update-map-file.patch + +------------------------------------------------------------------- +Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger + +- Drop suse_path.patch: replace it with a grep/sed logic replacing + /usr/libexec in all files with the correct value for all distros + (taking into account that openSUSE is in progress of migrating + from /usr/lib to /usr/libexec). + +------------------------------------------------------------------- +Fri May 29 12:51:17 UTC 2020 - Johannes Segitz + +- Apply suse_path.patch only for older distributions. Newer + use libexec + +------------------------------------------------------------------- +Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * Add support for DCCP and SCTP protocols + * include internal header to use the hidden function prototypes + * mark all exported function "extern" + * optionally optimize policy on rebuild + Refreshed suse_path.patch + +------------------------------------------------------------------- +Thu Jun 20 10:22:04 UTC 2019 - Martin Liška + +- Disable LTO due to symbol versioning (boo#1138812). + +------------------------------------------------------------------- +Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com + +- Update to version 2.9 + * Always set errno to 0 before calling getpwent() + * Include user name in ROLE_REMOVE audit events + * genhomedircon - improve handling large groups + * improve semanage_migrate_store import failure + * reset umask before creating directories + * set selinux policy root around calls to selinux_boolean_sub + * use previous seuser when getting the previous name + +------------------------------------------------------------------- +Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt + +- Use more %make_install. + +------------------------------------------------------------------- +Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com + +- Adjusted source urls (bsc#1115052) + +------------------------------------------------------------------- +Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com + +- update to version 2.8 + * semanage fcontext -l now also lists home directory entries from + file_contexts.homedirs. + * libsemanage no longer deletes the tmp directory if there is an error + while committing the policy transaction, so that any temporary files + can be further inspected for debugging purposes (e.g. to examine a + particular line of the generated CIL module). The tmp directory will + be deleted upon the next transaction, so no manual removal is needed. + * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc., + DESTDIR has to be removed from the definition. For example on Arch + Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin". + * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed). + +- Clened with spec-cleaner + +------------------------------------------------------------------- +Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com + +- Update to version 2.7. Changes: + * IB support + * saves linked policy and skips relinking whenever possible + +------------------------------------------------------------------- +Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com + +- Update to version 2.6. Notable changes: + * genhomedircon: do not suppress logging from libsepol + * genhomedircon: use userprefix as the role for homedir + * Fix bug preventing the installation of base modules + * Use pp module name instead of filename when installing module + * genhomedircon: remove hardcoded refpolicy strings + * genhomedircon: add support for %group syntax + * genhomedircon: generate contexts for logins mapped to the default user + * Validate and compile file contexts before installing + * Swap tcp and udp protocol numbers + * genhomedircon: %{USERID} and %{USERNAME} support and code cleanups + +------------------------------------------------------------------- +Mon Dec 12 14:59:36 UTC 2016 - dimstar@opensuse.org + +- Split out the Policy Store Migration tool into + libsemanage-store-migrate: it is not a devel tool to start with. + Additionally, it causes the -devel package to depend on python, + which we want to avoid (libsemanabe being part of the core build + cycle). The library suggests libsemanage-store-migrate. + +------------------------------------------------------------------- +Sun Jul 17 15:17:39 UTC 2016 - jengelh@inai.de + +- Update RPM groups, trim description, combine filelist entries, + ensure pkgconfig() symbols are generated. + +------------------------------------------------------------------- +Thu Jul 14 14:20:12 UTC 2016 - jsegitz@novell.com + +- Without bug number no submit to SLE 12 SP2 is possible, so to make + sle-changelog-checker happy: bsc#988977 + +------------------------------------------------------------------- +Wed Jul 13 09:43:28 UTC 2016 - jsegitz@novell.com + +- Added suse_path.patch to fix path to hll compiler + +------------------------------------------------------------------- +Fri Jul 8 15:24:49 UTC 2016 - i@marguerite.su + +- update version 2.5 + * Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss. + * Fix uninitialized variable in direct_commit and direct_api + * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so + * Store homedir_template and users_extra in policy store + * Fix null pointer dereference in semanage_module_key_destroy + * Add semanage_module_extract() to extract a module as CIL or HLL + * semanage_migrate_store: add -r option for migrating inside chroots + * Add file_contexts and seusers to the store + * Add policy binary and file_contexts.local to the store + * Allow to install compressed modules without a compression extension + * Do not copy contexts in semanage_migrate_store + * Fix logic in bunzip for uncompressed pp files + * Fix fname[] initialization in test_utilities.c + * Add remove-hll semanage.conf option to remove HLL files after + compilation to CIL + * Fix memory leaks when parsing semanage.conf + * Change bunzip to use heap instead of stack to prevent segfault on + systems with small stack size +- changes in 2.4 + * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different + directories + * Fix bugs found by hardened gcc flags + * Add missing manpage links to security_load_policy + * Fix failing libsemanage pywrap tests + * Fix deprecation warning for bison + * Skip policy module relink when only setting booleans + * Only try to compile file contexts if they exist + * Fix memory leak when setting a custom store path + * Add semodule option to set store root path in semanage.conf and the + semodule command + * Add semanage.conf option to set an alternative root path for policy + store + * Add support for High Level Language (HLL) to CIL compilers. The HLL + compiler path is configurable, but should be placed in + /usr/libexec/selinux/hll by default + * Create a policy migration script for migrating the policy store from + /etc/selinux to /var/lib/selinux + * Add python3 support to the migration script + * Use libcil to compile modules + * Use symbolic versioning to maintain ABI compatibility for old install + functions + * Add a target-platform option to semanage.conf to control how policies + are built + * Add API to handle modules and source policies, moving module store to + /var/lib/selinux + * Only try to compile file contexts if they exist + +------------------------------------------------------------------- +Sun May 18 00:10:55 UTC 2014 - crrodriguez@opensuse.org + +- version 2.3 +* Fix memory leak in semanage_genhomedircon from Thomas Hurd. + +------------------------------------------------------------------- +Tue Feb 11 10:12:55 UTC 2014 - vcizek@suse.com + +- add semanage.conf as SOURCE and install it instead of the default + one + +------------------------------------------------------------------- +Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com + +- Update to version 2.2 + * Avoid duplicate list entries + * Add audit support to libsemanage + * Remove policy.kern and replace with symlink + * Apply a MAX_UID check for genhomedircon + * Fix man pages +- Add audit-devel BuildRequires; new dependency +- Add fdupes BuildRequires and use it to symlink duplicate manpages + +------------------------------------------------------------------- +Thu Jun 27 14:56:37 UTC 2013 - vcizek@suse.com + +- change the source url to the official 2.1.10 release tarball + +------------------------------------------------------------------- +Thu Apr 4 19:29:33 UTC 2013 - vcizek@suse.com + +- fixed source url +- removed old tarball + +------------------------------------------------------------------- +Fri Mar 29 15:21:29 UTC 2013 - vcizek@suse.com + +- update to 2.1.10 + * Add sefcontext_compile to compile regex everytime policy is rebuilt + * Cleanup/fix enable/disable/remove module. + * redo genhomedircon minuid + * fixes from coverity + * semanage_store: do not leak memory in semanage_exec_prog + * genhomedircon: remove useless conditional in get_home_dirs + * genhomedircon: double free in get_home_dirs + * fcontext_record: do not leak on error in semanage_fcontext_key_create + * genhomedircon: do not leak on failure in write_gen_home_dir_context + * semanage_store: do not leak fd + * genhomedircon: do not leak shells list + * semanage_store: do not leak on strdup failure + * semanage_store: rewrite for readability + +------------------------------------------------------------------- +Wed Jan 30 12:00:30 UTC 2013 - vcizek@suse.com + +- update to 2.1.9 + * dropped libsemanage-2.1.6-NULL_level_fix.patch (fixed upstream) + * libsemanage: do not set soname needlessly + * libsemanage: remove PYTHONLIBDIR and ruby equivalent + * do boolean name substitution + * Fix segfault for building standard policies. + * remove build warning when build swig c files + * additional makefile support for rubywrap + * ignore 80 column limit for readability + * semanage_store: fix snprintf length argument by using asprintf + * Use default semanage.conf as a fallback + * use after free in python bindings + * Alternate path for semanage.conf + * do not link against libpython, this is considered bad in Debian + * Allow to build for several ruby version + * fallback-user-level + +------------------------------------------------------------------- +Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de + +- Remove obsolete defines/sections + +------------------------------------------------------------------- +Wed Oct 24 16:36:25 UTC 2012 - vcizek@suse.com + +- when building "standard" (not MCS/MLS) selinux-policies, + libsemanage will crash, because "level" is NULL + (libsemanage-2.1.6-NULL_level_fix.patch) + +------------------------------------------------------------------- +Mon Aug 27 13:49:45 UTC 2012 - cfarrell@suse.com + +- license update: LGPL-2.1+ + Could not find any LGPL-2.1 "only" licensed files in the pacakge + +------------------------------------------------------------------- +Wed Aug 1 07:54:33 UTC 2012 - meissner@suse.com + +- Updated to 2.1.6 + * changes too numerous to list + +------------------------------------------------------------------- +Wed Oct 5 15:10:27 UTC 2011 - uli@suse.com + +- cross-build fix: use %__cc macro + +------------------------------------------------------------------- +Thu Sep 22 13:14:39 CEST 2011 - dmueller@suse.de + +- buildrequire libbz2-devel + +------------------------------------------------------------------- +Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org + +- split off python bindings to separate package to reduce build + dependencies for rpm [bnc#695436] + +------------------------------------------------------------------- +Wed May 18 13:38:44 UTC 2011 - coolo@novell.com + +- add baselibs.conf for rpm-32bit to use + +------------------------------------------------------------------- +Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com + +- disable parallel build, it breaks too often + +------------------------------------------------------------------- +Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz + +- updated to 2.0.43 + * changes too numerous to list + +------------------------------------------------------------------- +Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz + +- fix assignment of wrong context [bnc#466793] + +------------------------------------------------------------------- +Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz + +- updated to 2.0.31 + * policy module compression (bzip) support from Dan Walsh + * hard link files between tmp/active/previous from Dan Walsh + * add semanage_mls_enabled() interface from Stephen Smalley + +------------------------------------------------------------------- +Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz + +- updated to 2.0.29 + * add USER to lines to homedir_template context file + * add compression support + * allow fcontext and seuser changes without rebuilding the policy + * don't rebuild on fcontext or seuser modifications + * modify genhomedircon to skip %groupname entries + +------------------------------------------------------------------- +Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de + +- fix debug_packages_requires define + +------------------------------------------------------------------- +Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz + +- require only version, not release [bnc#429053] + +------------------------------------------------------------------- +Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz + +- updated to 2.0.27 + * Modify genhomedircon to skip %groupname entries. + Ultimately we need to expand them to the list of users to support + per-role homedir labeling when using the %groupname syntax. +- updated to 2.0.26 + * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. + Strip any trailing slash before appending /*$. + +------------------------------------------------------------------- +Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de + +- fix requires for debuginfo package + +------------------------------------------------------------------- +Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz + +- initial version 2.0.25 + * based on Fedora package by Dan Walsh + diff --git a/libsemanage.keyring b/libsemanage.keyring new file mode 100644 index 0000000..0da0602 --- /dev/null +++ b/libsemanage.keyring @@ -0,0 +1,110 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f +QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq +8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk +e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m +zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk +uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V +CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k +Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK +3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC +4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ +xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB +tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB +FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG +FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7 +CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G +CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx +tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ +79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9 +eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf +YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc +g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ +6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP +3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6 +9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf +6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7 +DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu +Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI +zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x +2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML +rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw +xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e +Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm +YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ +MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ +YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC +w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec +8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj +EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5 +4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90 +XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU +5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3 ++4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4 +G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv +LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z +b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k +dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb +ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2 +6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo +hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2 +QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV +9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg +ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC +APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5 +APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO +Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6 +is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1 +/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS +f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m +khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7 +8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5 +XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+ +ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV +TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY +BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE +LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup +PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT +raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq +DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I +V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+ +ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD +VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF +CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb +96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu +O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec +qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5 +/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw +w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50 +THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY +nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k +uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57 +c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D +vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378 +d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0 +P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X +QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64 +G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3 +QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ +MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO +17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC +JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ +lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT +xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd +7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp +ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ +A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB +56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh +z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY +eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3 +q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh +C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy +BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F +G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY +zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x +pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr +6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi +TakEPw== +=odM9 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libsemanage.spec b/libsemanage.spec new file mode 100644 index 0000000..5215e14 --- /dev/null +++ b/libsemanage.spec @@ -0,0 +1,161 @@ +# +# spec file for package libsemanage +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define soversion 2 +%define libname libsemanage%{soversion} + +Name: libsemanage +Version: 3.7 +Release: 0 +Summary: SELinux policy management library +License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ +URL: https://github.com/SELinuxProject/selinux/wiki/Releases +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc +Source2: libsemanage.keyring +Source3: baselibs.conf +Source4: semanage.conf +# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards +# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux +#Patch0: libsemanage-update-map-file.patch +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: fdupes +BuildRequires: flex +BuildRequires: libbz2-devel +BuildRequires: libselinux-devel +BuildRequires: libsepol-devel +BuildRequires: pkgconfig +BuildRequires: python-rpm-macros + +%description +libsemanage is the policy management library. Using libsepol and +libselinux to interact with the SELinux system, it also calls helper +programs for loading policy and for checking whether the +file_contexts configuration is valid. + +%package -n %{libname} +Summary: SELinux policy management library +Group: System/Libraries +Suggests: %{name}-migrate-store +Requires: %{name}-conf >= %{version} + +%description -n %{libname} +libsemanage is the policy management library. Using libsepol and +libselinux to interact with the SELinux system, it also calls helper +programs for loading policy and for checking whether the +file_contexts configuration is valid. + +(Security-enhanced Linux is a feature of the kernel and some +utilities that implement mandatory access control policies, such as +Type Enforcement, Role-based Access Control and Multi-Level +Security.) + +%package conf +Summary: Configuration for the SELinux policy management library +# before 3.1 the config file wasn't separated, so no parallel install is possible +Group: System/Libraries +Obsoletes: %{name}1 < 3.1 + +%description conf +Configuration file for libsemanage. Moved to a separate package to allow +parallel installation + +%package devel +Summary: Header files and libraries for SELinux's policy management libary +Group: Development/Libraries/C and C++ +Requires: %{libname} = %{version} + +%description devel +The libsemanage-devel package contains the libraries and header files +needed for developing applications that manipulate SELinux policies. + +%package devel-static +Summary: Static archives for SELinux's policy management library +Group: Development/Libraries/C and C++ +Requires: libsemanage-devel + +%description devel-static +The libsemanage-devel-static package contains the static libraries +needed for developing applications that manipulate binary policies. + +%package migrate-store +Summary: SELinux Policy Store Migration +Group: Productivity/Security + +%description migrate-store +In version 2.4 of libsemanage, libsepol, and policycoreutils, the policy +module store was moved from /etc/selinux//modules/ to +/var/lib/selinux//. Once the libraries are upgraded, all policy +stores must be migrated before any commands that modify or use the store +(e.g. semodule, semanage) can be executed. + +%prep +%setup -q +# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files +grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" + +%build +%make_build clean +%make_build CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" CC="gcc" +%make_build CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all + +%install +mkdir -p %{buildroot}/%{_lib} +mkdir -p %{buildroot}%{_libdir} +mkdir -p %{buildroot}%{_includedir} +mkdir -p %{buildroot}%{_localstatedir}/lib/selinux +%make_install LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_libdir}" +ln -sf %{_libdir}/libsemanage.so.%{soversion} %{buildroot}/%{_libdir}/libsemanage.so +cp %{SOURCE4} %{buildroot}%{_sysconfdir}/selinux/semanage.conf + +# Fix shebang in scripts +for f in %{buildroot}%{_libexecdir}/selinux/* +do + [ -f $f ] && sed -i "1s@#!.*python.*@#!$(realpath %__python3)@" $f +done +# Remove duplicate files +%fdupes -s %{buildroot}%{_mandir} + +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig + +%files -n %{libname} +%{_libdir}/libsemanage.so.* +%dir %{_localstatedir}/lib/selinux + +%files conf +%dir %{_sysconfdir}/selinux +%config(noreplace) %{_sysconfdir}/selinux/semanage.conf + +%files devel +%{_libdir}/libsemanage.so +%{_libdir}/pkgconfig/libsemanage.pc +%{_includedir}/semanage/ +%{_mandir}/man3/* +%{_mandir}/man5/* + +%files migrate-store +%dir %{_libexecdir}/selinux +%{_libexecdir}/selinux/ + +%files devel-static +%{_libdir}/libsemanage.a + +%changelog diff --git a/python-semanage.changes b/python-semanage.changes new file mode 100644 index 0000000..37463ad --- /dev/null +++ b/python-semanage.changes @@ -0,0 +1,402 @@ +------------------------------------------------------------------- +Tue Oct 15 11:41:31 UTC 2024 - Cathy Hu + +- Add 1231587-build-libsemanage-with-swig-4.3.0.patch to fix + build failure with swig 4.3.0 (bsc#1231587) + +------------------------------------------------------------------- +Mon Jul 1 07:57:45 UTC 2024 - Cathy Hu + +- Update to version 3.7 + https://github.com/SELinuxProject/selinux/releases/tag/3.7 + * Bugfixes: + * libsemanage: support huge passwd entries + +------------------------------------------------------------------- +Tue May 28 10:40:17 UTC 2024 - Cathy Hu + +- Build python-semanage for python311 in 15.4 and 15.5 instead of + python3.6 to fix build dependencies + +------------------------------------------------------------------- +Tue Dec 19 11:13:19 UTC 2023 - Cathy Hu + +- Update to version 3.6 + https://github.com/SELinuxProject/selinux/releases/tag/3.6 + * Add notself support for neverallow rules + * Improve man pages + * man pages: Remove the Russian translations + * Add notself and other support to CIL + * Add support for deny rules + * Translations updated from + https://translate.fedoraproject.org/projects/selinux/ + * Bug fixes +- Remove keys from keyring since they expired: + - E853C1848B0185CF42864DF363A8AD4B982C4373 + Petr Lautrbach + - 63191CE94183098689CAB8DB7EF137EC935B0EAF + Jason Zaman +- Add key to keyring: + - B8682847764DF60DF52D992CBC3905F235179CF1 + Petr Lautrbach + +------------------------------------------------------------------- +Thu May 4 14:20:40 UTC 2023 - Frederic Crozat + +- Add _multibuild to define additional spec files as additional + flavors. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz + +- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because + of LTO + +------------------------------------------------------------------- +Thu Mar 23 13:06:51 UTC 2023 - Martin Liška + +- Enable LTO now (boo#1138812). + +------------------------------------------------------------------- +Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz + +- Update to version 3.5 + * Allow user to set SYSCONFDIR + * always write kernel policy when check_ext_changes is specified +- Added additional developer key (Jason Zaman) + +------------------------------------------------------------------- +Mon May 9 10:37:17 UTC 2022 - Johannes Segitz + +- Update to version 3.4 + * Optionally rebuild policy when modules are changed externally + * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() + * Allow spaces in user/group names + +------------------------------------------------------------------- +Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz + +- Drop Buildrequires for libustr-devel, not needed anymore + +------------------------------------------------------------------- +Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * Fixed use-after-free in parse_module_store() + * Fixed use_after_free in semanage_direct_write_langext() + +------------------------------------------------------------------- +Mon Aug 16 13:13:41 UTC 2021 - Fabian Vogt + +- Call "make -j8 pywrap" instead of "make -j8 all pywrap" to fix random + build failures. The toplevel Makefile does not support concurrency, + and it resulted in parallel "make all" and "make pywrap" which weren't + aware of each other and stepped over the other's artifacts. + +------------------------------------------------------------------- +Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz + +- Minor spec file cleanups + +------------------------------------------------------------------- +Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz + +- Update to version 3.2 + * dropped old and deprecated symbols and functions + libsemanage version was bumped to libsemanage.so.2 + * libsemanage tries to sync data to prevent empty files in SELinux module + store + +------------------------------------------------------------------- +Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * Improved manpage + * fsync final files before rename + +------------------------------------------------------------------- +Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz + +- Disabled LTO again. This breaks e.g. shadow and also other packages + in security:SELinux + +------------------------------------------------------------------- +Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez + +- Fix build with LTO: [bsc#1133102] + * Enable LTO (Link Time Optimization) + * Update map file to include new symbols and remove wildcards +- Add libsemanage-update-map-file.patch + +------------------------------------------------------------------- +Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger + +- Drop suse_path.patch: replace it with a grep/sed logic replacing + /usr/libexec in all files with the correct value for all distros + (taking into account that openSUSE is in progress of migrating + from /usr/lib to /usr/libexec). + +------------------------------------------------------------------- +Fri May 29 12:51:17 UTC 2020 - Johannes Segitz + +- Apply suse_path.patch only for older distributions. Newer + use libexec + +------------------------------------------------------------------- +Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * Add support for DCCP and SCTP protocols + * include internal header to use the hidden function prototypes + * mark all exported function "extern" + * optionally optimize policy on rebuild + Refreshed suse_path.patch + +------------------------------------------------------------------- +Fri May 3 12:22:25 UTC 2019 - Martin Liška + +- Disable LTO (boo#1133280). + +------------------------------------------------------------------- +Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com + +- Update to version 2.9 + * Always set errno to 0 before calling getpwent() + * Include user name in ROLE_REMOVE audit events + * genhomedircon - improve handling large groups + * improve semanage_migrate_store import failure + * reset umask before creating directories + * set selinux policy root around calls to selinux_boolean_sub + * use previous seuser when getting the previous name + +------------------------------------------------------------------- +Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt + +- Use more %make_install. + +------------------------------------------------------------------- +Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com + +- Adjusted source urls (bsc#1115052) + +------------------------------------------------------------------- +Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com + +- update to version 2.8 + * semanage fcontext -l now also lists home directory entries from + file_contexts.homedirs. + * libsemanage no longer deletes the tmp directory if there is an error + while committing the policy transaction, so that any temporary files + can be further inspected for debugging purposes (e.g. to examine a + particular line of the generated CIL module). The tmp directory will + be deleted upon the next transaction, so no manual removal is needed. + * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc., + DESTDIR has to be removed from the definition. For example on Arch + Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin". + * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed). + +- Clened with spec-cleaner + +------------------------------------------------------------------- +Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com + +- Update to version 2.7. Changes: + * IB support + * saves linked policy and skips relinking whenever possible + +------------------------------------------------------------------- +Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com + +- Update to version 2.6. Notable changes: + * genhomedircon: do not suppress logging from libsepol + * genhomedircon: use userprefix as the role for homedir + * Fix bug preventing the installation of base modules + * Use pp module name instead of filename when installing module + * genhomedircon: remove hardcoded refpolicy strings + * genhomedircon: add support for %group syntax + * genhomedircon: generate contexts for logins mapped to the default user + * Validate and compile file contexts before installing + * Swap tcp and udp protocol numbers + * genhomedircon: %{USERID} and %{USERNAME} support and code cleanups + +------------------------------------------------------------------- +Wed Sep 27 15:51:27 UTC 2017 - jmatejek@suse.com + +- build both python2 and python3 version of the semanage binding + with the singlespec machinery + +------------------------------------------------------------------- +Sun Jul 17 15:21:03 UTC 2016 - jengelh@inai.de + +- Summary/description update + +------------------------------------------------------------------- +Fri Jul 8 15:35:05 UTC 2016 - i@marguerite.su + +- update version 2.5 + * Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss. + * Fix uninitialized variable in direct_commit and direct_api + * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so + * Store homedir_template and users_extra in policy store + * Fix null pointer dereference in semanage_module_key_destroy + * Add semanage_module_extract() to extract a module as CIL or HLL + * semanage_migrate_store: add -r option for migrating inside chroots + * Add file_contexts and seusers to the store + * Add policy binary and file_contexts.local to the store + * Allow to install compressed modules without a compression extension + * Do not copy contexts in semanage_migrate_store + * Fix logic in bunzip for uncompressed pp files + * Fix fname[] initialization in test_utilities.c + * Add remove-hll semanage.conf option to remove HLL files after + compilation to CIL + * Fix memory leaks when parsing semanage.conf + * Change bunzip to use heap instead of stack to prevent segfault on + systems with small stack size +- changes in 2.4 + * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different + directories + * Fix bugs found by hardened gcc flags + * Add missing manpage links to security_load_policy + * Fix failing libsemanage pywrap tests + * Fix deprecation warning for bison + * Skip policy module relink when only setting booleans + * Only try to compile file contexts if they exist + * Fix memory leak when setting a custom store path + * Add semodule option to set store root path in semanage.conf and the + semodule command + * Add semanage.conf option to set an alternative root path for policy + store + * Add support for High Level Language (HLL) to CIL compilers. The HLL + compiler path is configurable, but should be placed in + /usr/libexec/selinux/hll by default + * Create a policy migration script for migrating the policy store from + /etc/selinux to /var/lib/selinux + * Add python3 support to the migration script + * Use libcil to compile modules + * Use symbolic versioning to maintain ABI compatibility for old install + functions + * Add a target-platform option to semanage.conf to control how policies + are built + * Add API to handle modules and source policies, moving module store to + /var/lib/selinux + * Only try to compile file contexts if they exist +- changes in 2.3 + * Fix memory leak in semanage_genhomedircon + +------------------------------------------------------------------- +Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com + +- Update to version 2.2 + * Avoid duplicate list entries + * Add audit support to libsemanage + * Remove policy.kern and replace with symlink + * Apply a MAX_UID check for genhomedircon + * Fix man pages +- Add audit-devel BuildRequires; new dependency +- Add fdupes BuildRequires and use it to symlink duplicate manpages + +------------------------------------------------------------------- +Thu Jun 27 14:57:01 UTC 2013 - vcizek@suse.com + +- change the source url to the official 2.1.10 release tarball + +------------------------------------------------------------------- +Wed Jan 30 12:01:03 UTC 2013 - vcizek@suse.com + +- update to 2.1.9 + +------------------------------------------------------------------- +Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de + +- Remove obsolete defines/sections + +------------------------------------------------------------------- +Tue Oct 23 05:05:03 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel + +------------------------------------------------------------------- +Wed Aug 1 07:54:48 UTC 2012 - meissner@suse.com + +- updated to 2.1.6 + * changes too numerous to list + +------------------------------------------------------------------- +Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org + +- split off python bindings to separate package to reduce build + dependencies for rpm [bnc#695436] + +------------------------------------------------------------------- +Wed May 18 13:38:44 UTC 2011 - coolo@novell.com + +- add baselibs.conf for rpm-32bit to use + +------------------------------------------------------------------- +Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com + +- disable parallel build, it breaks too often + +------------------------------------------------------------------- +Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz + +- updated to 2.0.43 + * changes too numerous to list + +------------------------------------------------------------------- +Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz + +- fix assignment of wrong context [bnc#466793] + +------------------------------------------------------------------- +Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz + +- updated to 2.0.31 + * policy module compression (bzip) support from Dan Walsh + * hard link files between tmp/active/previous from Dan Walsh + * add semanage_mls_enabled() interface from Stephen Smalley + +------------------------------------------------------------------- +Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz + +- updated to 2.0.29 + * add USER to lines to homedir_template context file + * add compression support + * allow fcontext and seuser changes without rebuilding the policy + * don't rebuild on fcontext or seuser modifications + * modify genhomedircon to skip %groupname entries + +------------------------------------------------------------------- +Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de + +- fix debug_packages_requires define + +------------------------------------------------------------------- +Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz + +- require only version, not release [bnc#429053] + +------------------------------------------------------------------- +Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz + +- updated to 2.0.27 + * Modify genhomedircon to skip %groupname entries. + Ultimately we need to expand them to the list of users to support + per-role homedir labeling when using the %groupname syntax. +- updated to 2.0.26 + * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. + Strip any trailing slash before appending /*$. + +------------------------------------------------------------------- +Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de + +- fix requires for debuginfo package + +------------------------------------------------------------------- +Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz + +- initial version 2.0.25 + * based on Fedora package by Dan Walsh + + diff --git a/python-semanage.spec b/python-semanage.spec new file mode 100644 index 0000000..496e798 --- /dev/null +++ b/python-semanage.spec @@ -0,0 +1,103 @@ +# +# spec file for package python-semanage +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?sle15_python_module_pythons} +%define soversion 2 +%define libname libsemanage%{soversion} + +%define libsepol_ver 3.7 +%define libselinux_ver 3.7 + +%{?!python_module:%define python_module() python-%{**} python3-%{**}} +Name: python-semanage +Version: 3.7 +Release: 0 +Summary: Python bindings for SELinux's policy management library +License: LGPL-2.1-only +Group: Development/Languages/Python +URL: https://github.com/SELinuxProject/selinux +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz.asc +Source2: libsemanage.keyring +Source3: baselibs.conf +%if %{pkg_vcmp swig > 4.2.1} +Patch0: 1231587-build-libsemanage-with-swig-4.3.0.patch +%endif +# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards +# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux +# Patch0: libsemanage-update-map-file.patch +BuildRequires: %{python_module devel} +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: flex +BuildRequires: libbz2-devel +BuildRequires: libselinux-devel >= %{libselinux_ver} +BuildRequires: libsepol-devel >= %{libsepol_ver} +BuildRequires: python-rpm-macros +BuildRequires: swig +# Ensure same version +Requires: %{libname} = %{version} +%python_subpackages + +%description +This package contains the Python bindings for developing +SELinux policy management applications. + +%prep +%autosetup -p1 -n libsemanage-%{version} +# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files +grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" + +%build +%make_build clean +%{python_expand # loop over possible pythons +%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" swigify +%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" \ + LIBDIR="%{_libdir}" \ + LIBEXECDIR="%{_libexecdir}" \ + SHLIBDIR="%{_lib}" \ + pywrap +} + +%install +mkdir -p %{buildroot}/%{_lib} +mkdir -p %{buildroot}%{_libdir} +mkdir -p %{buildroot}%{_includedir} +%{python_expand # loop over possible pythons +%make_install install-pywrap PYTHON="$python" \ + LIBDIR="%{_libdir}" \ + LIBEXECDIR="%{_libexecdir}" \ + SHLIBDIR="%{_libdir}" +} + +# remove files contained in other packages +rm -rf %{buildroot}%{_sysconfdir} +%if "%{_lib}" == "lib64" +rm -rf %{buildroot}%{_libexecdir} +%else +rm -rf %{buildroot}%{_libexecdir}/selinux +%endif +rm -rf %{buildroot}%{_includedir} +rm -f %{buildroot}%{_libdir}/libsemanage.* +rm -rf %{buildroot}%{_libdir}/pkgconfig +rm -rf %{buildroot}%{_mandir} + +%files %{python_files} +%{python_sitearch}/* + +%changelog diff --git a/semanage.conf b/semanage.conf new file mode 100644 index 0000000..5bae089 --- /dev/null +++ b/semanage.conf @@ -0,0 +1,51 @@ +# Authors: Jason Tang +# +# Copyright (C) 2004-2005 Tresys Technology, LLC +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +# +# Specify how libsemanage will interact with a SELinux policy manager. +# The four options are: +# +# "source" - libsemanage manipulates a source SELinux policy +# "direct" - libsemanage will write directly to a module store. +# /foo/bar - Write by way of a policy management server, whose +# named socket is at /foo/bar. The path must begin +# with a '/'. +# foo.com:4242 - Establish a TCP connection to a remote policy +# management server at foo.com. If there is a colon +# then the remainder is interpreted as a port number; +# otherwise default to port 4242. +module-store = direct + +# When generating the final linked and expanded policy, by default +# semanage will set the policy version to POLICYDB_VERSION_MAX, as +# given in . Change this setting if a different +# version is necessary. +#policy-version = 19 + +# expand-check check neverallow rules when executing all semanage commands. +# Large penalty in time if you turn this on. +expand-check=0 + +# usepasswd check tells semanage to scan all pass word records for home directories +# and setup the labeling correctly. If this is turned off, SELinux will label /home +# correctly only. You will need to use semanage fcontext command. +# For example, if you had home dirs in /althome directory you would have to execute +# semanage fcontext -a -e /home /althome +usepasswd=False +bzip-small=true +bzip-blocksize=5 +ignoredirs=/root -- 2.51.1 From 0b7c685f6de251ffb999bb5f9bb82eb115f3b36afdd62786785cdce3da43c853 Mon Sep 17 00:00:00 2001 From: Robert Frohl Date: Thu, 13 Feb 2025 15:04:33 +0000 Subject: [PATCH 3/9] update selinux userspace to 3.8 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=120 --- .gitattributes | 23 + .gitignore | 1 + ...87-build-libsemanage-with-swig-4.3.0.patch | 257 +++++++++ _multibuild | 4 + baselibs.conf | 1 + libsemanage-3.6.tar.gz | 3 + libsemanage-3.6.tar.gz.asc | 16 + libsemanage-3.7.tar.gz | 3 + libsemanage-3.7.tar.gz.asc | 16 + libsemanage-3.8.tar.gz | 3 + libsemanage-3.8.tar.gz.asc | 16 + libsemanage.changes | 511 ++++++++++++++++++ libsemanage.keyring | 110 ++++ libsemanage.spec | 161 ++++++ python-semanage.changes | 416 ++++++++++++++ python-semanage.spec | 100 ++++ semanage.conf | 51 ++ 17 files changed, 1692 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 1231587-build-libsemanage-with-swig-4.3.0.patch create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 libsemanage-3.6.tar.gz create mode 100644 libsemanage-3.6.tar.gz.asc create mode 100644 libsemanage-3.7.tar.gz create mode 100644 libsemanage-3.7.tar.gz.asc create mode 100644 libsemanage-3.8.tar.gz create mode 100644 libsemanage-3.8.tar.gz.asc create mode 100644 libsemanage.changes create mode 100644 libsemanage.keyring create mode 100644 libsemanage.spec create mode 100644 python-semanage.changes create mode 100644 python-semanage.spec create mode 100644 semanage.conf diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/1231587-build-libsemanage-with-swig-4.3.0.patch b/1231587-build-libsemanage-with-swig-4.3.0.patch new file mode 100644 index 0000000..3717e1d --- /dev/null +++ b/1231587-build-libsemanage-with-swig-4.3.0.patch @@ -0,0 +1,257 @@ +Index: libsemanage-3.7/src/semanageswig_python.i +=================================================================== +--- libsemanage-3.7.orig/src/semanageswig_python.i ++++ libsemanage-3.7/src/semanageswig_python.i +@@ -111,7 +111,7 @@ + } + + %typemap(argout) char** { +- $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1), $isvoid); + free(*$1); + } + +@@ -134,7 +134,7 @@ + NULL, NULL, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -148,7 +148,7 @@ + } + + %typemap(argout) semanage_module_info_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** module key typemaps **/ +@@ -160,7 +160,7 @@ + } + + %typemap(argout) semanage_module_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** context typemaps **/ +@@ -172,7 +172,7 @@ + } + + %typemap(argout) semanage_context_t** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** boolean typemaps **/ +@@ -197,7 +197,7 @@ + (void (*) (void*)) &semanage_bool_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -207,11 +207,11 @@ + } + + %typemap(argout) semanage_bool_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_bool_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_bool_key_t **(semanage_bool_key_t *temp=NULL) { +@@ -240,7 +240,7 @@ + (void (*) (void*)) &semanage_fcontext_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -250,11 +250,11 @@ + } + + %typemap(argout) semanage_fcontext_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_fcontext_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_fcontext_key_t **(semanage_fcontext_key_t *temp=NULL) { +@@ -284,7 +284,7 @@ + (void (*) (void*)) &semanage_iface_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -294,11 +294,11 @@ + } + + %typemap(argout) semanage_iface_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_iface_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_iface_key_t **(semanage_iface_key_t *temp=NULL) { +@@ -328,7 +328,7 @@ + (void (*) (void*)) &semanage_seuser_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -338,11 +338,11 @@ + } + + %typemap(argout) semanage_seuser_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_seuser_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_seuser_key_t **(semanage_seuser_key_t *temp=NULL) { +@@ -371,7 +371,7 @@ + (void (*) (void*)) &semanage_user_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -381,11 +381,11 @@ + } + + %typemap(argout) semanage_user_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_user_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_user_key_t **(semanage_user_key_t *temp=NULL) { +@@ -414,7 +414,7 @@ + (void (*) (void*)) &semanage_port_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -424,11 +424,11 @@ + } + + %typemap(argout) semanage_port_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_port_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_port_key_t **(semanage_port_key_t *temp=NULL) { +@@ -457,7 +457,7 @@ + (void (*) (void*)) &semanage_ibpkey_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -467,11 +467,11 @@ + } + + %typemap(argout) semanage_ibpkey_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_ibpkey_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_ibpkey_key_t **(semanage_ibpkey_key_t *temp=NULL) { +@@ -500,7 +500,7 @@ + (void (*) (void*)) &semanage_ibendport_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -510,11 +510,11 @@ + } + + %typemap(argout) semanage_ibendport_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_ibendport_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_ibendport_key_t **(semanage_ibendport_key_t *temp=NULL) { +@@ -543,7 +543,7 @@ + (void (*) (void*)) &semanage_node_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -553,12 +553,12 @@ + } + + %typemap(argout) semanage_node_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + + %typemap(argout) semanage_node_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_node_key_t **(semanage_node_key_t *temp=NULL) { diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..505095a --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + python-semanage + + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..f02cd37 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libsemanage2 diff --git a/libsemanage-3.6.tar.gz b/libsemanage-3.6.tar.gz new file mode 100644 index 0000000..2d6c989 --- /dev/null +++ b/libsemanage-3.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:41138f46222439e1242f27c1587e95cf54a059259aaf1681db642cc30c4e0d60 +size 182583 diff --git a/libsemanage-3.6.tar.gz.asc b/libsemanage-3.6.tar.gz.asc new file mode 100644 index 0000000..3273bc1 --- /dev/null +++ b/libsemanage-3.6.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAIACgkQRpWIHCVF +CNHfxRAAxXkHDxt7TvNySNdBDbqD0NX8r2tAKBEqI5dwspic8W8qi3mBBtqSYhxA +XAx8lRtf+wMSUaUO/Fa0qUyFuc/zdDTJUiNl2Aijp7YER3wpGj1/YDz/6lAWEc2N +8HMKQLYmdyoqzltRLTyTfRU3Zp1o0D15JVQtONadllTbRr6xKu672rSMkJf4AlxN +Q+CP26z/vRCtWXZLmsupgzbgeMPITrLGW5tubjtKgs8RGJ7o/yC1L0lT3aXSZ+EC +fhu4u7PhJqHeXhfSW1JBXkOXVooc9/9O1CURpSWGoS7CzhLpoxfabZfEomT2vshx +1DIQNFkCHrVp4mF+NU+AHatJNuknopz3XaKVEkYfUkcg23uFNuUXb9Rit1fJXYrD +YTNEtkv3LQw20dTpAP8LeW7LUv+9Z3hQQlOdHmzTNloJBH47B7MiNE09HdHtQL/w +10UUMgO4mTBGCseQ1gNfnbVQIUxP9iMdKzNG1aSDZIABH0Liroh2Oq1j5oJybWsw +C+yXFPle/bKvKzIXTBST40Qxi5fOIJatewRTEMX8ikapBaVKIE9QSlYRSnAgD0Me +LW1MQG/2FCt3byGA/gSYnRlgASjg2r23QHlvVRkRG0/Uj37hE5QAHqIMYmMsMEqy +XenmK+tCcPC6y/O4BwoRV3O6PU8/j8C0+RYD4bv5xmtPd1H+858= +=xhK9 +-----END PGP SIGNATURE----- diff --git a/libsemanage-3.7.tar.gz b/libsemanage-3.7.tar.gz new file mode 100644 index 0000000..1624de3 --- /dev/null +++ b/libsemanage-3.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e166cae29a417dab008db9ca0874023f353a3017b07693a036ed97487eda35b1 +size 182896 diff --git a/libsemanage-3.7.tar.gz.asc b/libsemanage-3.7.tar.gz.asc new file mode 100644 index 0000000..8f272c0 --- /dev/null +++ b/libsemanage-3.7.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF +CNF7iw/+J/RkUBGyWCTPpjTxycgsM32jroIqhekik2VkAAoSSfIy2DNsV9W1LhjX +8wdTIbohbVIV4iVjzvd8H5ee0XpywPYQ18bgvYmpHmjC+0pp3wZy5T1igbE1ePCq +r/MheAHIn4zj68qZZxCXZs5Fc1PC910jsEOM8Wwdyyo8VGpPp4EfO6y3aFIkbeoQ +kC4rNtXtXy5USKUtQ8QbKqyr+/YuSfVgYeZCexBqL0GJ4jwP413xiwKXL+RAzDeL +j5Z9m0j911LTer/KUoDL+jdlkX1YTf4qK+VEcHjlQBLUoS6atsNKSMJftqKkATfP +AZqlBuka6RheBL54eNHc+slIKEJvhfuTFWItM/3o8+lnW/2d7dYh1WxQhXJBFDM7 +dbButzqAL9dKNRjTNlBpMPe8oj13wLK890eVLOlnMIJUW4dZURoNNbs3Q2OlhuHQ +kyuPOegi2ZaNz4TvjlI1egY3h9lVYjUv/l/AtscqWfutZfD+e7n93mLOiXmZFmHI +G56cIUHfT13CEPq9D8moVTLM1bSibEDGe2GUqalpk9YcbQ3wBBXgUF8XcGuQFYZt +Bl42k6VvolZ6net+FxBoUhprBDtkPJQSD5DyT0OF4uucdZiDbsZT7vsYMjndiZVd +D1FyYekdvzb6x6li4nLLkxyj2WV96vPvqRKK+zvIldFem1Nllps= +=aE6b +-----END PGP SIGNATURE----- diff --git a/libsemanage-3.8.tar.gz b/libsemanage-3.8.tar.gz new file mode 100644 index 0000000..c96f2fd --- /dev/null +++ b/libsemanage-3.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:aac95988a572cc897a1ac1be77d360be1171fc0b2d7c66195a745601baf25bef +size 184583 diff --git a/libsemanage-3.8.tar.gz.asc b/libsemanage-3.8.tar.gz.asc new file mode 100644 index 0000000..729b40b --- /dev/null +++ b/libsemanage-3.8.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmeaa/0ACgkQzcroySfG +vjEi2A/9E0zVrBAkJ/ch/TaNwBZIG1EtzcgGf7vFIZvuYYAxhtiA6J19pT/xHiog +QmzffgIOzTOeAQO/sTn5/qLrXjqsGFnhnqACVaA1J4VBPF18Y0RgdddhqiyD2iX+ +ezOoe4mfV8dDuAadjKYKR0hHZkBR8ix3CtZ+TSzQJJyLo4O9WJfscly01fTGnzAd +DBjAip4SAXkRwwzvecTWk5RQ/cz5vWDkdqCwnBODHxHqcwpP6fhVk0gG3tsw5UPC +17dYKTBsY8F8RRqF9ZyFRVPDOljm8Pm4Wkoao4WVqLyghczOMUxBg/c9ybOkb6ev +57YRP96D7lY18LH+M4SAaNXSpy2UOAO/F5SrRwIfHzNWh/k+a5obwrZzp2wkn6zH +SJ8E1peTmm+PhdhxxIMfTuyBBSxVsc1v1bitnEqYvdH9XZMIipFomjwIyBbs1eLI +qLdtypt6Cn1OnpliHKgdhlyTZjqdM0XqHcVY9kFXYZTTpyiHs2u5Km0twwrEdkwp +F0sSPuCQv1M5pJT5Gs2YKsaY8M/0iskNUNhvHOfkU3oFU8iE87IxqC8grehWqyc2 +0ZR4/gjX52ZMQqRV2aiZgYeEvs7BjoVmxrgh2JLFy0AP37WZ/vy2cWDd+aSklrIj +mAPt1stI8XFBjfI9bVDFDbPWCUvSDXOTWNKARAg/ENDGYOIezYg= +=q/+O +-----END PGP SIGNATURE----- diff --git a/libsemanage.changes b/libsemanage.changes new file mode 100644 index 0000000..3781e46 --- /dev/null +++ b/libsemanage.changes @@ -0,0 +1,511 @@ +------------------------------------------------------------------- +Tue Feb 4 07:22:41 UTC 2025 - Robert Frohl + +- Update to version 3.8 + https://github.com/SELinuxProject/selinux/releases/tag/3.8 + * libsemanage: Preserve file context and ownership in policy store + * libsemanage: Optionally allow duplicate declarations + * Improved man pages + * libsemanage: Mute error messages from selinux_restorecon introduced in 3.8-rc1 + * Code improvements and bug fixes +- For a more in depth list of changes see + https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt + +------------------------------------------------------------------- +Mon Oct 21 11:19:44 UTC 2024 - Johannes Segitz + +- Not conflict but obsolete libsemanage1 (bsc#1229757) + +------------------------------------------------------------------- +Mon Jul 1 07:57:45 UTC 2024 - Cathy Hu + +- Update to version 3.7 + https://github.com/SELinuxProject/selinux/releases/tag/3.7 + * Bugfixes: + * libsemanage: support huge passwd entries + +------------------------------------------------------------------- +Tue Dec 19 11:12:21 UTC 2023 - Cathy Hu + +- Update to version 3.6 + https://github.com/SELinuxProject/selinux/releases/tag/3.6 + * Add notself support for neverallow rules + * Improve man pages + * man pages: Remove the Russian translations + * Add notself and other support to CIL + * Add support for deny rules + * Translations updated from + https://translate.fedoraproject.org/projects/selinux/ + * Bug fixes +- Remove keys from keyring since they expired: + - E853C1848B0185CF42864DF363A8AD4B982C4373 + Petr Lautrbach + - 63191CE94183098689CAB8DB7EF137EC935B0EAF + Jason Zaman +- Add key to keyring: + - B8682847764DF60DF52D992CBC3905F235179CF1 + Petr Lautrbach + +------------------------------------------------------------------- +Mon Nov 27 09:51:42 UTC 2023 - Daniel Garcia + +- Remove dependency on /usr/bin/python3, making scripts to depends on + the real python3 binary, not the link. bsc#1212476 + +------------------------------------------------------------------- +Mon Aug 14 08:07:46 UTC 2023 - Johannes Segitz + +- Remove build counter syncing for real + +------------------------------------------------------------------- +Thu May 4 14:20:40 UTC 2023 - Frederic Crozat + +- Add _multibuild to define additional spec files as additional + flavors. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz + +- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because + of LTO + +------------------------------------------------------------------- +Thu Mar 23 13:06:51 UTC 2023 - Martin Liška + +- Enable LTO now (boo#1138812). + +------------------------------------------------------------------- +Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz + +- Update to version 3.5 + * Allow user to set SYSCONFDIR + * always write kernel policy when check_ext_changes is specified +- Added additional developer key (Jason Zaman) + +------------------------------------------------------------------- +Mon May 9 10:37:17 UTC 2022 - Johannes Segitz + +- Update to version 3.4 + * Optionally rebuild policy when modules are changed externally + * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() + * Allow spaces in user/group names + +------------------------------------------------------------------- +Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz + +- Drop Buildrequires for libustr-devel, not needed anymore + +------------------------------------------------------------------- +Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * Fixed use-after-free in parse_module_store() + * Fixed use_after_free in semanage_direct_write_langext() + +------------------------------------------------------------------- +Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz + +- Link to correct so version +- Minor spec file cleanups + +------------------------------------------------------------------- +Wed Mar 17 08:29:15 UTC 2021 - Johannes Segitz + +- Move configuration file to separate libsemanage-conf package to allow + for parallel installation in future versions + +------------------------------------------------------------------- +Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz + +- Update to version 3.2 + * dropped old and deprecated symbols and functions + libsemanage version was bumped to libsemanage.so.2 + * libsemanage tries to sync data to prevent empty files in SELinux module + store + +------------------------------------------------------------------- +Wed Jul 29 14:37:19 UTC 2020 - Thorsten Kukuk + +- Add /var/lib/selinux + +------------------------------------------------------------------- +Wed Jul 15 08:17:18 UTC 2020 - Johannes Segitz + +- Remove libsemanage-update-map-file.patch to prevent checkers from declining + the submission. Keeping the snippet in the spec file in case we try to + enable LTO again + +------------------------------------------------------------------- +Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * Improved manpage + * fsync final files before rename + +------------------------------------------------------------------- +Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz + +- Disabled LTO again. This breaks e.g. shadow and also other packages + in security:SELinux + +------------------------------------------------------------------- +Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez + +- Fix build with LTO: [bsc#1133102] + * Enable LTO (Link Time Optimization) and build with -ffat-lto-objects + * Update map file to include new symbols and remove wildcards +- Add libsemanage-update-map-file.patch + +------------------------------------------------------------------- +Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger + +- Drop suse_path.patch: replace it with a grep/sed logic replacing + /usr/libexec in all files with the correct value for all distros + (taking into account that openSUSE is in progress of migrating + from /usr/lib to /usr/libexec). + +------------------------------------------------------------------- +Fri May 29 12:51:17 UTC 2020 - Johannes Segitz + +- Apply suse_path.patch only for older distributions. Newer + use libexec + +------------------------------------------------------------------- +Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * Add support for DCCP and SCTP protocols + * include internal header to use the hidden function prototypes + * mark all exported function "extern" + * optionally optimize policy on rebuild + Refreshed suse_path.patch + +------------------------------------------------------------------- +Thu Jun 20 10:22:04 UTC 2019 - Martin Liška + +- Disable LTO due to symbol versioning (boo#1138812). + +------------------------------------------------------------------- +Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com + +- Update to version 2.9 + * Always set errno to 0 before calling getpwent() + * Include user name in ROLE_REMOVE audit events + * genhomedircon - improve handling large groups + * improve semanage_migrate_store import failure + * reset umask before creating directories + * set selinux policy root around calls to selinux_boolean_sub + * use previous seuser when getting the previous name + +------------------------------------------------------------------- +Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt + +- Use more %make_install. + +------------------------------------------------------------------- +Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com + +- Adjusted source urls (bsc#1115052) + +------------------------------------------------------------------- +Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com + +- update to version 2.8 + * semanage fcontext -l now also lists home directory entries from + file_contexts.homedirs. + * libsemanage no longer deletes the tmp directory if there is an error + while committing the policy transaction, so that any temporary files + can be further inspected for debugging purposes (e.g. to examine a + particular line of the generated CIL module). The tmp directory will + be deleted upon the next transaction, so no manual removal is needed. + * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc., + DESTDIR has to be removed from the definition. For example on Arch + Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin". + * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed). + +- Clened with spec-cleaner + +------------------------------------------------------------------- +Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com + +- Update to version 2.7. Changes: + * IB support + * saves linked policy and skips relinking whenever possible + +------------------------------------------------------------------- +Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com + +- Update to version 2.6. Notable changes: + * genhomedircon: do not suppress logging from libsepol + * genhomedircon: use userprefix as the role for homedir + * Fix bug preventing the installation of base modules + * Use pp module name instead of filename when installing module + * genhomedircon: remove hardcoded refpolicy strings + * genhomedircon: add support for %group syntax + * genhomedircon: generate contexts for logins mapped to the default user + * Validate and compile file contexts before installing + * Swap tcp and udp protocol numbers + * genhomedircon: %{USERID} and %{USERNAME} support and code cleanups + +------------------------------------------------------------------- +Mon Dec 12 14:59:36 UTC 2016 - dimstar@opensuse.org + +- Split out the Policy Store Migration tool into + libsemanage-store-migrate: it is not a devel tool to start with. + Additionally, it causes the -devel package to depend on python, + which we want to avoid (libsemanabe being part of the core build + cycle). The library suggests libsemanage-store-migrate. + +------------------------------------------------------------------- +Sun Jul 17 15:17:39 UTC 2016 - jengelh@inai.de + +- Update RPM groups, trim description, combine filelist entries, + ensure pkgconfig() symbols are generated. + +------------------------------------------------------------------- +Thu Jul 14 14:20:12 UTC 2016 - jsegitz@novell.com + +- Without bug number no submit to SLE 12 SP2 is possible, so to make + sle-changelog-checker happy: bsc#988977 + +------------------------------------------------------------------- +Wed Jul 13 09:43:28 UTC 2016 - jsegitz@novell.com + +- Added suse_path.patch to fix path to hll compiler + +------------------------------------------------------------------- +Fri Jul 8 15:24:49 UTC 2016 - i@marguerite.su + +- update version 2.5 + * Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss. + * Fix uninitialized variable in direct_commit and direct_api + * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so + * Store homedir_template and users_extra in policy store + * Fix null pointer dereference in semanage_module_key_destroy + * Add semanage_module_extract() to extract a module as CIL or HLL + * semanage_migrate_store: add -r option for migrating inside chroots + * Add file_contexts and seusers to the store + * Add policy binary and file_contexts.local to the store + * Allow to install compressed modules without a compression extension + * Do not copy contexts in semanage_migrate_store + * Fix logic in bunzip for uncompressed pp files + * Fix fname[] initialization in test_utilities.c + * Add remove-hll semanage.conf option to remove HLL files after + compilation to CIL + * Fix memory leaks when parsing semanage.conf + * Change bunzip to use heap instead of stack to prevent segfault on + systems with small stack size +- changes in 2.4 + * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different + directories + * Fix bugs found by hardened gcc flags + * Add missing manpage links to security_load_policy + * Fix failing libsemanage pywrap tests + * Fix deprecation warning for bison + * Skip policy module relink when only setting booleans + * Only try to compile file contexts if they exist + * Fix memory leak when setting a custom store path + * Add semodule option to set store root path in semanage.conf and the + semodule command + * Add semanage.conf option to set an alternative root path for policy + store + * Add support for High Level Language (HLL) to CIL compilers. The HLL + compiler path is configurable, but should be placed in + /usr/libexec/selinux/hll by default + * Create a policy migration script for migrating the policy store from + /etc/selinux to /var/lib/selinux + * Add python3 support to the migration script + * Use libcil to compile modules + * Use symbolic versioning to maintain ABI compatibility for old install + functions + * Add a target-platform option to semanage.conf to control how policies + are built + * Add API to handle modules and source policies, moving module store to + /var/lib/selinux + * Only try to compile file contexts if they exist + +------------------------------------------------------------------- +Sun May 18 00:10:55 UTC 2014 - crrodriguez@opensuse.org + +- version 2.3 +* Fix memory leak in semanage_genhomedircon from Thomas Hurd. + +------------------------------------------------------------------- +Tue Feb 11 10:12:55 UTC 2014 - vcizek@suse.com + +- add semanage.conf as SOURCE and install it instead of the default + one + +------------------------------------------------------------------- +Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com + +- Update to version 2.2 + * Avoid duplicate list entries + * Add audit support to libsemanage + * Remove policy.kern and replace with symlink + * Apply a MAX_UID check for genhomedircon + * Fix man pages +- Add audit-devel BuildRequires; new dependency +- Add fdupes BuildRequires and use it to symlink duplicate manpages + +------------------------------------------------------------------- +Thu Jun 27 14:56:37 UTC 2013 - vcizek@suse.com + +- change the source url to the official 2.1.10 release tarball + +------------------------------------------------------------------- +Thu Apr 4 19:29:33 UTC 2013 - vcizek@suse.com + +- fixed source url +- removed old tarball + +------------------------------------------------------------------- +Fri Mar 29 15:21:29 UTC 2013 - vcizek@suse.com + +- update to 2.1.10 + * Add sefcontext_compile to compile regex everytime policy is rebuilt + * Cleanup/fix enable/disable/remove module. + * redo genhomedircon minuid + * fixes from coverity + * semanage_store: do not leak memory in semanage_exec_prog + * genhomedircon: remove useless conditional in get_home_dirs + * genhomedircon: double free in get_home_dirs + * fcontext_record: do not leak on error in semanage_fcontext_key_create + * genhomedircon: do not leak on failure in write_gen_home_dir_context + * semanage_store: do not leak fd + * genhomedircon: do not leak shells list + * semanage_store: do not leak on strdup failure + * semanage_store: rewrite for readability + +------------------------------------------------------------------- +Wed Jan 30 12:00:30 UTC 2013 - vcizek@suse.com + +- update to 2.1.9 + * dropped libsemanage-2.1.6-NULL_level_fix.patch (fixed upstream) + * libsemanage: do not set soname needlessly + * libsemanage: remove PYTHONLIBDIR and ruby equivalent + * do boolean name substitution + * Fix segfault for building standard policies. + * remove build warning when build swig c files + * additional makefile support for rubywrap + * ignore 80 column limit for readability + * semanage_store: fix snprintf length argument by using asprintf + * Use default semanage.conf as a fallback + * use after free in python bindings + * Alternate path for semanage.conf + * do not link against libpython, this is considered bad in Debian + * Allow to build for several ruby version + * fallback-user-level + +------------------------------------------------------------------- +Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de + +- Remove obsolete defines/sections + +------------------------------------------------------------------- +Wed Oct 24 16:36:25 UTC 2012 - vcizek@suse.com + +- when building "standard" (not MCS/MLS) selinux-policies, + libsemanage will crash, because "level" is NULL + (libsemanage-2.1.6-NULL_level_fix.patch) + +------------------------------------------------------------------- +Mon Aug 27 13:49:45 UTC 2012 - cfarrell@suse.com + +- license update: LGPL-2.1+ + Could not find any LGPL-2.1 "only" licensed files in the pacakge + +------------------------------------------------------------------- +Wed Aug 1 07:54:33 UTC 2012 - meissner@suse.com + +- Updated to 2.1.6 + * changes too numerous to list + +------------------------------------------------------------------- +Wed Oct 5 15:10:27 UTC 2011 - uli@suse.com + +- cross-build fix: use %__cc macro + +------------------------------------------------------------------- +Thu Sep 22 13:14:39 CEST 2011 - dmueller@suse.de + +- buildrequire libbz2-devel + +------------------------------------------------------------------- +Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org + +- split off python bindings to separate package to reduce build + dependencies for rpm [bnc#695436] + +------------------------------------------------------------------- +Wed May 18 13:38:44 UTC 2011 - coolo@novell.com + +- add baselibs.conf for rpm-32bit to use + +------------------------------------------------------------------- +Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com + +- disable parallel build, it breaks too often + +------------------------------------------------------------------- +Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz + +- updated to 2.0.43 + * changes too numerous to list + +------------------------------------------------------------------- +Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz + +- fix assignment of wrong context [bnc#466793] + +------------------------------------------------------------------- +Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz + +- updated to 2.0.31 + * policy module compression (bzip) support from Dan Walsh + * hard link files between tmp/active/previous from Dan Walsh + * add semanage_mls_enabled() interface from Stephen Smalley + +------------------------------------------------------------------- +Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz + +- updated to 2.0.29 + * add USER to lines to homedir_template context file + * add compression support + * allow fcontext and seuser changes without rebuilding the policy + * don't rebuild on fcontext or seuser modifications + * modify genhomedircon to skip %groupname entries + +------------------------------------------------------------------- +Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de + +- fix debug_packages_requires define + +------------------------------------------------------------------- +Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz + +- require only version, not release [bnc#429053] + +------------------------------------------------------------------- +Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz + +- updated to 2.0.27 + * Modify genhomedircon to skip %groupname entries. + Ultimately we need to expand them to the list of users to support + per-role homedir labeling when using the %groupname syntax. +- updated to 2.0.26 + * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. + Strip any trailing slash before appending /*$. + +------------------------------------------------------------------- +Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de + +- fix requires for debuginfo package + +------------------------------------------------------------------- +Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz + +- initial version 2.0.25 + * based on Fedora package by Dan Walsh + diff --git a/libsemanage.keyring b/libsemanage.keyring new file mode 100644 index 0000000..0da0602 --- /dev/null +++ b/libsemanage.keyring @@ -0,0 +1,110 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f +QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq +8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk +e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m +zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk +uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V +CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k +Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK +3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC +4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ +xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB +tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB +FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG +FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7 +CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G +CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx +tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ +79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9 +eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf +YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc +g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ +6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP +3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6 +9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf +6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7 +DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu +Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI +zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x +2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML +rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw +xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e +Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm +YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ +MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ +YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC +w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec +8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj +EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5 +4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90 +XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU +5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3 ++4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4 +G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv +LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z +b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k +dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb +ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2 +6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo +hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2 +QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV +9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg +ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC +APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5 +APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO +Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6 +is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1 +/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS +f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m +khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7 +8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5 +XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+ +ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV +TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY +BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE +LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup +PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT +raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq +DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I +V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+ +ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD +VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF +CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb +96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu +O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec +qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5 +/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw +w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50 +THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY +nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k +uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57 +c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D +vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378 +d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0 +P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X +QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64 +G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3 +QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ +MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO +17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC +JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ +lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT +xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd +7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp +ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ +A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB +56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh +z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY +eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3 +q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh +C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy +BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F +G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY +zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x +pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr +6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi +TakEPw== +=odM9 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libsemanage.spec b/libsemanage.spec new file mode 100644 index 0000000..bb2b464 --- /dev/null +++ b/libsemanage.spec @@ -0,0 +1,161 @@ +# +# spec file for package libsemanage +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define soversion 2 +%define libname libsemanage%{soversion} + +Name: libsemanage +Version: 3.8 +Release: 0 +Summary: SELinux policy management library +License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ +URL: https://github.com/SELinuxProject/selinux/wiki/Releases +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc +Source2: libsemanage.keyring +Source3: baselibs.conf +Source4: semanage.conf +# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards +# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux +#Patch0: libsemanage-update-map-file.patch +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: fdupes +BuildRequires: flex +BuildRequires: libbz2-devel +BuildRequires: libselinux-devel +BuildRequires: libsepol-devel +BuildRequires: pkgconfig +BuildRequires: python-rpm-macros + +%description +libsemanage is the policy management library. Using libsepol and +libselinux to interact with the SELinux system, it also calls helper +programs for loading policy and for checking whether the +file_contexts configuration is valid. + +%package -n %{libname} +Summary: SELinux policy management library +Group: System/Libraries +Suggests: %{name}-migrate-store +Requires: %{name}-conf >= %{version} + +%description -n %{libname} +libsemanage is the policy management library. Using libsepol and +libselinux to interact with the SELinux system, it also calls helper +programs for loading policy and for checking whether the +file_contexts configuration is valid. + +(Security-enhanced Linux is a feature of the kernel and some +utilities that implement mandatory access control policies, such as +Type Enforcement, Role-based Access Control and Multi-Level +Security.) + +%package conf +Summary: Configuration for the SELinux policy management library +# before 3.1 the config file wasn't separated, so no parallel install is possible +Group: System/Libraries +Obsoletes: %{name}1 < 3.1 + +%description conf +Configuration file for libsemanage. Moved to a separate package to allow +parallel installation + +%package devel +Summary: Header files and libraries for SELinux's policy management libary +Group: Development/Libraries/C and C++ +Requires: %{libname} = %{version} + +%description devel +The libsemanage-devel package contains the libraries and header files +needed for developing applications that manipulate SELinux policies. + +%package devel-static +Summary: Static archives for SELinux's policy management library +Group: Development/Libraries/C and C++ +Requires: libsemanage-devel + +%description devel-static +The libsemanage-devel-static package contains the static libraries +needed for developing applications that manipulate binary policies. + +%package migrate-store +Summary: SELinux Policy Store Migration +Group: Productivity/Security + +%description migrate-store +In version 2.4 of libsemanage, libsepol, and policycoreutils, the policy +module store was moved from /etc/selinux//modules/ to +/var/lib/selinux//. Once the libraries are upgraded, all policy +stores must be migrated before any commands that modify or use the store +(e.g. semodule, semanage) can be executed. + +%prep +%setup -q +# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files +grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" + +%build +%make_build clean +%make_build CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" CC="gcc" +%make_build CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all + +%install +mkdir -p %{buildroot}/%{_lib} +mkdir -p %{buildroot}%{_libdir} +mkdir -p %{buildroot}%{_includedir} +mkdir -p %{buildroot}%{_localstatedir}/lib/selinux +%make_install LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_libdir}" +ln -sf %{_libdir}/libsemanage.so.%{soversion} %{buildroot}/%{_libdir}/libsemanage.so +cp %{SOURCE4} %{buildroot}%{_sysconfdir}/selinux/semanage.conf + +# Fix shebang in scripts +for f in %{buildroot}%{_libexecdir}/selinux/* +do + [ -f $f ] && sed -i "1s@#!.*python.*@#!$(realpath %__python3)@" $f +done +# Remove duplicate files +%fdupes -s %{buildroot}%{_mandir} + +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig + +%files -n %{libname} +%{_libdir}/libsemanage.so.* +%dir %{_localstatedir}/lib/selinux + +%files conf +%dir %{_sysconfdir}/selinux +%config(noreplace) %{_sysconfdir}/selinux/semanage.conf + +%files devel +%{_libdir}/libsemanage.so +%{_libdir}/pkgconfig/libsemanage.pc +%{_includedir}/semanage/ +%{_mandir}/man3/* +%{_mandir}/man5/* + +%files migrate-store +%dir %{_libexecdir}/selinux +%{_libexecdir}/selinux/ + +%files devel-static +%{_libdir}/libsemanage.a + +%changelog diff --git a/python-semanage.changes b/python-semanage.changes new file mode 100644 index 0000000..681facc --- /dev/null +++ b/python-semanage.changes @@ -0,0 +1,416 @@ +------------------------------------------------------------------- +Tue Feb 4 07:22:41 UTC 2025 - Robert Frohl + +- Update to version 3.8 + https://github.com/SELinuxProject/selinux/releases/tag/3.8 + * libsemanage: Preserve file context and ownership in policy store + * libsemanage: Optionally allow duplicate declarations + * Improved man pages + * libsemanage: Mute error messages from selinux_restorecon introduced in 3.8-rc1 + * Code improvements and bug fixes +- For a more in depth list of changes see + https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt +- Drop 1231587-build-libsemanage-with-swig-4.3.0.patch: fixed upstream + +------------------------------------------------------------------- +Tue Oct 15 11:41:31 UTC 2024 - Cathy Hu + +- Add 1231587-build-libsemanage-with-swig-4.3.0.patch to fix + build failure with swig 4.3.0 (bsc#1231587) + +------------------------------------------------------------------- +Mon Jul 1 07:57:45 UTC 2024 - Cathy Hu + +- Update to version 3.7 + https://github.com/SELinuxProject/selinux/releases/tag/3.7 + * Bugfixes: + * libsemanage: support huge passwd entries + +------------------------------------------------------------------- +Tue May 28 10:40:17 UTC 2024 - Cathy Hu + +- Build python-semanage for python311 in 15.4 and 15.5 instead of + python3.6 to fix build dependencies + +------------------------------------------------------------------- +Tue Dec 19 11:13:19 UTC 2023 - Cathy Hu + +- Update to version 3.6 + https://github.com/SELinuxProject/selinux/releases/tag/3.6 + * Add notself support for neverallow rules + * Improve man pages + * man pages: Remove the Russian translations + * Add notself and other support to CIL + * Add support for deny rules + * Translations updated from + https://translate.fedoraproject.org/projects/selinux/ + * Bug fixes +- Remove keys from keyring since they expired: + - E853C1848B0185CF42864DF363A8AD4B982C4373 + Petr Lautrbach + - 63191CE94183098689CAB8DB7EF137EC935B0EAF + Jason Zaman +- Add key to keyring: + - B8682847764DF60DF52D992CBC3905F235179CF1 + Petr Lautrbach + +------------------------------------------------------------------- +Thu May 4 14:20:40 UTC 2023 - Frederic Crozat + +- Add _multibuild to define additional spec files as additional + flavors. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz + +- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because + of LTO + +------------------------------------------------------------------- +Thu Mar 23 13:06:51 UTC 2023 - Martin Liška + +- Enable LTO now (boo#1138812). + +------------------------------------------------------------------- +Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz + +- Update to version 3.5 + * Allow user to set SYSCONFDIR + * always write kernel policy when check_ext_changes is specified +- Added additional developer key (Jason Zaman) + +------------------------------------------------------------------- +Mon May 9 10:37:17 UTC 2022 - Johannes Segitz + +- Update to version 3.4 + * Optionally rebuild policy when modules are changed externally + * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() + * Allow spaces in user/group names + +------------------------------------------------------------------- +Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz + +- Drop Buildrequires for libustr-devel, not needed anymore + +------------------------------------------------------------------- +Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * Fixed use-after-free in parse_module_store() + * Fixed use_after_free in semanage_direct_write_langext() + +------------------------------------------------------------------- +Mon Aug 16 13:13:41 UTC 2021 - Fabian Vogt + +- Call "make -j8 pywrap" instead of "make -j8 all pywrap" to fix random + build failures. The toplevel Makefile does not support concurrency, + and it resulted in parallel "make all" and "make pywrap" which weren't + aware of each other and stepped over the other's artifacts. + +------------------------------------------------------------------- +Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz + +- Minor spec file cleanups + +------------------------------------------------------------------- +Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz + +- Update to version 3.2 + * dropped old and deprecated symbols and functions + libsemanage version was bumped to libsemanage.so.2 + * libsemanage tries to sync data to prevent empty files in SELinux module + store + +------------------------------------------------------------------- +Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * Improved manpage + * fsync final files before rename + +------------------------------------------------------------------- +Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz + +- Disabled LTO again. This breaks e.g. shadow and also other packages + in security:SELinux + +------------------------------------------------------------------- +Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez + +- Fix build with LTO: [bsc#1133102] + * Enable LTO (Link Time Optimization) + * Update map file to include new symbols and remove wildcards +- Add libsemanage-update-map-file.patch + +------------------------------------------------------------------- +Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger + +- Drop suse_path.patch: replace it with a grep/sed logic replacing + /usr/libexec in all files with the correct value for all distros + (taking into account that openSUSE is in progress of migrating + from /usr/lib to /usr/libexec). + +------------------------------------------------------------------- +Fri May 29 12:51:17 UTC 2020 - Johannes Segitz + +- Apply suse_path.patch only for older distributions. Newer + use libexec + +------------------------------------------------------------------- +Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * Add support for DCCP and SCTP protocols + * include internal header to use the hidden function prototypes + * mark all exported function "extern" + * optionally optimize policy on rebuild + Refreshed suse_path.patch + +------------------------------------------------------------------- +Fri May 3 12:22:25 UTC 2019 - Martin Liška + +- Disable LTO (boo#1133280). + +------------------------------------------------------------------- +Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com + +- Update to version 2.9 + * Always set errno to 0 before calling getpwent() + * Include user name in ROLE_REMOVE audit events + * genhomedircon - improve handling large groups + * improve semanage_migrate_store import failure + * reset umask before creating directories + * set selinux policy root around calls to selinux_boolean_sub + * use previous seuser when getting the previous name + +------------------------------------------------------------------- +Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt + +- Use more %make_install. + +------------------------------------------------------------------- +Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com + +- Adjusted source urls (bsc#1115052) + +------------------------------------------------------------------- +Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com + +- update to version 2.8 + * semanage fcontext -l now also lists home directory entries from + file_contexts.homedirs. + * libsemanage no longer deletes the tmp directory if there is an error + while committing the policy transaction, so that any temporary files + can be further inspected for debugging purposes (e.g. to examine a + particular line of the generated CIL module). The tmp directory will + be deleted upon the next transaction, so no manual removal is needed. + * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc., + DESTDIR has to be removed from the definition. For example on Arch + Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin". + * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed). + +- Clened with spec-cleaner + +------------------------------------------------------------------- +Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com + +- Update to version 2.7. Changes: + * IB support + * saves linked policy and skips relinking whenever possible + +------------------------------------------------------------------- +Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com + +- Update to version 2.6. Notable changes: + * genhomedircon: do not suppress logging from libsepol + * genhomedircon: use userprefix as the role for homedir + * Fix bug preventing the installation of base modules + * Use pp module name instead of filename when installing module + * genhomedircon: remove hardcoded refpolicy strings + * genhomedircon: add support for %group syntax + * genhomedircon: generate contexts for logins mapped to the default user + * Validate and compile file contexts before installing + * Swap tcp and udp protocol numbers + * genhomedircon: %{USERID} and %{USERNAME} support and code cleanups + +------------------------------------------------------------------- +Wed Sep 27 15:51:27 UTC 2017 - jmatejek@suse.com + +- build both python2 and python3 version of the semanage binding + with the singlespec machinery + +------------------------------------------------------------------- +Sun Jul 17 15:21:03 UTC 2016 - jengelh@inai.de + +- Summary/description update + +------------------------------------------------------------------- +Fri Jul 8 15:35:05 UTC 2016 - i@marguerite.su + +- update version 2.5 + * Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss. + * Fix uninitialized variable in direct_commit and direct_api + * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so + * Store homedir_template and users_extra in policy store + * Fix null pointer dereference in semanage_module_key_destroy + * Add semanage_module_extract() to extract a module as CIL or HLL + * semanage_migrate_store: add -r option for migrating inside chroots + * Add file_contexts and seusers to the store + * Add policy binary and file_contexts.local to the store + * Allow to install compressed modules without a compression extension + * Do not copy contexts in semanage_migrate_store + * Fix logic in bunzip for uncompressed pp files + * Fix fname[] initialization in test_utilities.c + * Add remove-hll semanage.conf option to remove HLL files after + compilation to CIL + * Fix memory leaks when parsing semanage.conf + * Change bunzip to use heap instead of stack to prevent segfault on + systems with small stack size +- changes in 2.4 + * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different + directories + * Fix bugs found by hardened gcc flags + * Add missing manpage links to security_load_policy + * Fix failing libsemanage pywrap tests + * Fix deprecation warning for bison + * Skip policy module relink when only setting booleans + * Only try to compile file contexts if they exist + * Fix memory leak when setting a custom store path + * Add semodule option to set store root path in semanage.conf and the + semodule command + * Add semanage.conf option to set an alternative root path for policy + store + * Add support for High Level Language (HLL) to CIL compilers. The HLL + compiler path is configurable, but should be placed in + /usr/libexec/selinux/hll by default + * Create a policy migration script for migrating the policy store from + /etc/selinux to /var/lib/selinux + * Add python3 support to the migration script + * Use libcil to compile modules + * Use symbolic versioning to maintain ABI compatibility for old install + functions + * Add a target-platform option to semanage.conf to control how policies + are built + * Add API to handle modules and source policies, moving module store to + /var/lib/selinux + * Only try to compile file contexts if they exist +- changes in 2.3 + * Fix memory leak in semanage_genhomedircon + +------------------------------------------------------------------- +Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com + +- Update to version 2.2 + * Avoid duplicate list entries + * Add audit support to libsemanage + * Remove policy.kern and replace with symlink + * Apply a MAX_UID check for genhomedircon + * Fix man pages +- Add audit-devel BuildRequires; new dependency +- Add fdupes BuildRequires and use it to symlink duplicate manpages + +------------------------------------------------------------------- +Thu Jun 27 14:57:01 UTC 2013 - vcizek@suse.com + +- change the source url to the official 2.1.10 release tarball + +------------------------------------------------------------------- +Wed Jan 30 12:01:03 UTC 2013 - vcizek@suse.com + +- update to 2.1.9 + +------------------------------------------------------------------- +Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de + +- Remove obsolete defines/sections + +------------------------------------------------------------------- +Tue Oct 23 05:05:03 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel + +------------------------------------------------------------------- +Wed Aug 1 07:54:48 UTC 2012 - meissner@suse.com + +- updated to 2.1.6 + * changes too numerous to list + +------------------------------------------------------------------- +Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org + +- split off python bindings to separate package to reduce build + dependencies for rpm [bnc#695436] + +------------------------------------------------------------------- +Wed May 18 13:38:44 UTC 2011 - coolo@novell.com + +- add baselibs.conf for rpm-32bit to use + +------------------------------------------------------------------- +Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com + +- disable parallel build, it breaks too often + +------------------------------------------------------------------- +Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz + +- updated to 2.0.43 + * changes too numerous to list + +------------------------------------------------------------------- +Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz + +- fix assignment of wrong context [bnc#466793] + +------------------------------------------------------------------- +Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz + +- updated to 2.0.31 + * policy module compression (bzip) support from Dan Walsh + * hard link files between tmp/active/previous from Dan Walsh + * add semanage_mls_enabled() interface from Stephen Smalley + +------------------------------------------------------------------- +Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz + +- updated to 2.0.29 + * add USER to lines to homedir_template context file + * add compression support + * allow fcontext and seuser changes without rebuilding the policy + * don't rebuild on fcontext or seuser modifications + * modify genhomedircon to skip %groupname entries + +------------------------------------------------------------------- +Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de + +- fix debug_packages_requires define + +------------------------------------------------------------------- +Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz + +- require only version, not release [bnc#429053] + +------------------------------------------------------------------- +Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz + +- updated to 2.0.27 + * Modify genhomedircon to skip %groupname entries. + Ultimately we need to expand them to the list of users to support + per-role homedir labeling when using the %groupname syntax. +- updated to 2.0.26 + * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. + Strip any trailing slash before appending /*$. + +------------------------------------------------------------------- +Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de + +- fix requires for debuginfo package + +------------------------------------------------------------------- +Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz + +- initial version 2.0.25 + * based on Fedora package by Dan Walsh + + diff --git a/python-semanage.spec b/python-semanage.spec new file mode 100644 index 0000000..996baab --- /dev/null +++ b/python-semanage.spec @@ -0,0 +1,100 @@ +# +# spec file for package python-semanage +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?sle15_python_module_pythons} +%define soversion 2 +%define libname libsemanage%{soversion} + +%define libsepol_ver 3.8 +%define libselinux_ver 3.8 + +%{?!python_module:%define python_module() python-%{**} python3-%{**}} +Name: python-semanage +Version: 3.8 +Release: 0 +Summary: Python bindings for SELinux's policy management library +License: LGPL-2.1-only +Group: Development/Languages/Python +URL: https://github.com/SELinuxProject/selinux +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz.asc +Source2: libsemanage.keyring +Source3: baselibs.conf +# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards +# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux +# Patch0: libsemanage-update-map-file.patch +BuildRequires: %{python_module devel} +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: flex +BuildRequires: libbz2-devel +BuildRequires: libselinux-devel >= %{libselinux_ver} +BuildRequires: libsepol-devel >= %{libsepol_ver} +BuildRequires: python-rpm-macros +BuildRequires: swig +# Ensure same version +Requires: %{libname} = %{version} +%python_subpackages + +%description +This package contains the Python bindings for developing +SELinux policy management applications. + +%prep +%autosetup -p1 -n libsemanage-%{version} +# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files +grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" + +%build +%make_build clean +%{python_expand # loop over possible pythons +%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" swigify +%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" \ + LIBDIR="%{_libdir}" \ + LIBEXECDIR="%{_libexecdir}" \ + SHLIBDIR="%{_lib}" \ + pywrap +} + +%install +mkdir -p %{buildroot}/%{_lib} +mkdir -p %{buildroot}%{_libdir} +mkdir -p %{buildroot}%{_includedir} +%{python_expand # loop over possible pythons +%make_install install-pywrap PYTHON="$python" \ + LIBDIR="%{_libdir}" \ + LIBEXECDIR="%{_libexecdir}" \ + SHLIBDIR="%{_libdir}" +} + +# remove files contained in other packages +rm -rf %{buildroot}%{_sysconfdir} +%if "%{_lib}" == "lib64" +rm -rf %{buildroot}%{_libexecdir} +%else +rm -rf %{buildroot}%{_libexecdir}/selinux +%endif +rm -rf %{buildroot}%{_includedir} +rm -f %{buildroot}%{_libdir}/libsemanage.* +rm -rf %{buildroot}%{_libdir}/pkgconfig +rm -rf %{buildroot}%{_mandir} + +%files %{python_files} +%{python_sitearch}/* + +%changelog diff --git a/semanage.conf b/semanage.conf new file mode 100644 index 0000000..5bae089 --- /dev/null +++ b/semanage.conf @@ -0,0 +1,51 @@ +# Authors: Jason Tang +# +# Copyright (C) 2004-2005 Tresys Technology, LLC +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +# +# Specify how libsemanage will interact with a SELinux policy manager. +# The four options are: +# +# "source" - libsemanage manipulates a source SELinux policy +# "direct" - libsemanage will write directly to a module store. +# /foo/bar - Write by way of a policy management server, whose +# named socket is at /foo/bar. The path must begin +# with a '/'. +# foo.com:4242 - Establish a TCP connection to a remote policy +# management server at foo.com. If there is a colon +# then the remainder is interpreted as a port number; +# otherwise default to port 4242. +module-store = direct + +# When generating the final linked and expanded policy, by default +# semanage will set the policy version to POLICYDB_VERSION_MAX, as +# given in . Change this setting if a different +# version is necessary. +#policy-version = 19 + +# expand-check check neverallow rules when executing all semanage commands. +# Large penalty in time if you turn this on. +expand-check=0 + +# usepasswd check tells semanage to scan all pass word records for home directories +# and setup the labeling correctly. If this is turned off, SELinux will label /home +# correctly only. You will need to use semanage fcontext command. +# For example, if you had home dirs in /althome directory you would have to execute +# semanage fcontext -a -e /home /althome +usepasswd=False +bzip-small=true +bzip-blocksize=5 +ignoredirs=/root -- 2.51.1 From 2c1e76486191fc5f93c7cdcd93cc92c98ca6de8c8db44e80946407110a3d982d Mon Sep 17 00:00:00 2001 From: Robert Frohl Date: Fri, 14 Feb 2025 08:07:23 +0000 Subject: [PATCH 4/9] 3.8 with correct keyfiles OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=121 --- libsemanage.changes | 3 + libsemanage.keyring | 223 +++++++++++++++++++++------------------- libsemanage.spec | 2 +- python-semanage.changes | 3 + python-semanage.spec | 2 +- 5 files changed, 125 insertions(+), 108 deletions(-) diff --git a/libsemanage.changes b/libsemanage.changes index 3781e46..174732c 100644 --- a/libsemanage.changes +++ b/libsemanage.changes @@ -10,6 +10,9 @@ Tue Feb 4 07:22:41 UTC 2025 - Robert Frohl * Code improvements and bug fixes - For a more in depth list of changes see https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt +- keyring: Update Petr Lautrbach + * removed 0xBC3905F235179CF1 (expired: 2024-10-25) + * added 0xFB4C685B5DC1C13E (expires: 2026-11-04) ------------------------------------------------------------------- Mon Oct 21 11:19:44 UTC 2024 - Johannes Segitz diff --git a/libsemanage.keyring b/libsemanage.keyring index 0da0602..9db3320 100644 --- a/libsemanage.keyring +++ b/libsemanage.keyring @@ -1,110 +1,121 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f -QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq -8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk -e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m -zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk -uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V -CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k -Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK -3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC -4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ -xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB +mQINBGcpEXsBEACjkf3/pxK1vKNYV5sbqoOfqlP7i/WuVtFmjStjBaQOYQCM5kxE +L1ImKlMJ1B40WW/ocSKIK+XduZkiqtn7O8sjpTX7Z0fuTTrE2ogUtNXTNuv61SQ7 +CymDmevn0qy40/TVYFLQQvO6c7/MeP4E4R0+DUq8HQhAW2oDBoB+6fLrti9Ov07t +jPTtkJ9PE+0d/oUnzQU95FrQuhlidbhSZIa2bV/n1UP36p7jKFG01qdqZdQqN/wF +PDStDCOgmFVPkyDRnqFbp+EWsPnsuB3x8GLlkcdSVHjPX6eoYJSgeUeNzQlXIryP +x+h8pp+jD/v0hNo6oHO/4/emxj15wGDvAZo4eurNHNHEB8phE7YhoUdEaewQTwWf +BIQvTS49XGmKJNq+sskUSOS70aY/c5jetvAg9dvDWb2ZkbXIBVtIQR/nxZJZ6gGn +Q7qqvAB0ht2BRfgGRDxtfky1SNenm2bRK2aNCJns73VyDRW5a2t+P8jgTfG2Wg3O +G0bZAsjizuIAvWiuEKXES5lE71qVQJJydG+GbDYOHqwHqLnp69xl1QXDExc4HLF9 +avR/FfhCVHyNiow+PtQw2PY9xxME5Be6YhbZx0YR6eL2+sT1wt9lFI0LA9YBda2v +XNBbngnHkOMIYehtCTndnuQT4xlUCN6A5pPS7nRyWME18mii26Wfj6BsYwARAQAB tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB -FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG -FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7 -CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G -CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx -tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ -79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9 -eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf -YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc -g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ -6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP -3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6 -9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf -6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7 -DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu -Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI -zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x -2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML -rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw -xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e -Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm -YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ -MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ -YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC -w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec -8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj -EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5 -4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90 -XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU -5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3 -+4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4 -G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv -LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z -b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k -dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb -ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2 -6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo -hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2 -QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV -9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg -ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC -APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5 -APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO -Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6 -is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1 -/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS -f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m -khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7 -8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5 -XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+ -ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV -TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY -BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE -LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup -PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT -raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq -DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I -V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+ -ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD -VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF -CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb -96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu -O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec -qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5 -/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw -w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50 -THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY -nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k -uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57 -c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D -vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378 -d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0 -P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X -QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64 -G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3 -QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ -MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO -17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC -JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ -lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT -xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd -7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp -ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ -A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB -56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh -z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY -eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3 -q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh -C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy -BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F -G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY -zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x -pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr -6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi -TakEPw== -=odM9 +FiEEaNIYIzQqE2g66z5O+0xoW13BwT4FAmcpEXsCGwMFCQPCZwAFCwkIBwICIgIG +FQoJCAsCBBYCAwECHgcCF4AACgkQ+0xoW13BwT52gxAAjmac0DxofR1945mfP82s +zBjofuMr/6Vhq0LHTl7VN8r7PP195EqzGA/c+OPSn2KCjeMh09w3n9ieWZUR6mUO +ZKIo4516d2+LL6wDyy6QyjTtD6bWlhY3MW3KJl35zjian0jWXuHquS0hj1cN52uU +CQ2iDVWVR63142maBe3Y6Yk0OZh+1ZwoinLD9ktq5uNFwCbHCyfsjp1adProV+D0 +fy2txGVaKlVY/yKY7QQinALxFuG42CTGO39xV/cISnOiQXifSTeepia33Q020ZzS +QblACVO+VS4ek1bO7O90A+0zLcoRpch+7cgRl4goLFKBZdObvNEpSfQXqMoCwteE +r9Y4DUBrs10BTAzGsSd182ioGu6xosOWnNZTtRK/ZhP49/dpDu7WzODYnxXl6pE/ +4TzDB7nhE0KBCtwOBSrlpvKdyy+6WXcaom/O9kLv9DdOH+DlZz51FoYHPQ70UG5E +9DCOucH3fbFbV8N/XtxJylUoC9X+PCe2lZd/udK/YzSj1+KGdMGXh3ZzYQEq1N2n +lbQil5GXm4tp3cBiii4/pGhn78h39mA15pAof9mULGTlL0YvNiGbrrnKw5hGSHs1 ++hOFG28CoB4NxMpYYMbWdCiTYoo5LKpLzU9PYCUzPsDbpHS+wf/2VDW5kUiEgZvF +leUYRFnBd3Wz6WB9ZNsHkr6JAjMEEAEIAB0WIQS4aChHdk32DfUtmSy8OQXyNRec +8QUCZykYBQAKCRC8OQXyNRec8V0ZD/4vu4DsQwH5iHS6uFm46W1lI22B7pv5Rstl +N3wNGx/Tjh75nQ0lZ1DaxosGm0aEhydqzhB3SBL5CRYHuUysnfW67HXlkGMWwa3K +or5Wgfwkg+9XwyvleiOoD5RhSlc/qewgut2RS83Ol4DnUjFi5UxZy63xJRVjOMPX +VgbU/wsXPJ2wiZph7ux75ETzkXf/Y+iRk17R3QaHfq7J8lI0PzReuvEulE6BptCA +c0bR2sv8MeN2hrcXRXkRSgbs0HBSuYFGVYpgItQV9b7yZCfpFUrwkhX1ZoevOL8o +Bkuidlvl0KM7R746XXqnJSh8sDxI3sFqqN6ezyGjb3sa0Td1quReaPmnenhg+6v8 +P6hkI0gf4FgyyG3jpW0Te/pXXQ/woDboyA2jmowTVDSQLUNRiLrxw94OCtAExZr6 +cX6b2LZoZ4DKLeoOFm7TckuE5gCG/jk5VFrCb28WrIqIFEA1WiBNGv5yHjPLBpqn +B9UtD7GLBUuqVPmf+IjNYJDSEDXl4pmAlXSRNcvg5YoF4mpI2ectWbgCFnY6kocy +yMTsESim8J70llYUiuO1D1OuuIHI7HTdqdaSabtviVnUcoM4j8LHLPwFm9iLOjuF +I50aMusUFMP9aTSzC+nMHg0qHkjo3uSCmlcxNpanfr4qZDHronNpmN6kaXVUw0V2 +CI/pLDqk77kCDQRnKRF7ARAArgRj7ToZ65fjAuVSoAxYKdsUQu6EFkZYUsQi8/pY +lLVY6957jlFVylV9gyncCrKaI1FqECVEy1JD1i1dJ2UE+SG01yhX+GqNw3LAx1uz +L5GzbulGT8MlULTJUvgAGtJKXCF81rjpfhm8+vwYYO+MBSEro1dDtatknFhH39TS +epEa0a48EuEV7LUfrSflrE/z7Z/2kUI1sMnXcduuFWO75FR4TwarlYkjl15rlJ9i +dcURGxP/M76nDtlppIOZYpHVrzw/oGQMPt7rdkhoBrzj0z8PP46DM0SBvJGO+Bs7 +Q4QitLbHrWUahbsX2msSDOP3s0iIG7qqk0Jgl5+Sl88Q2uT7CY5S2El+HoTu6mGW +WJBqazp2pcBzdn7EE32MV/vhGnNWYg8r8wU2vQRxQwWBRGkG1pOuTh0YyH76/mLi +orHHAkd/hGwYIOyAf1lkN6YrPmry4U1MjWRtOewo2353svjlT7f+ZGbiXbaDx674 +C8PpHgZ8qOzLMQULIYrtOZViPRj4QZH35htFDUZqFeq2tH9osLT0tLLFBOph8pTw +q6yehx4RsE6KARlQ0/JunOJvAeXVURX1ytHl5Pww8eCzzF2mNDuBG4+LXZ+9zze6 +elSw0gdILFmpeiKUazPb7OlfayLc/EG0r+1OjpkVEuKOEezbnRjVqCngzJdir3UD +ZVMAEQEAAYkCPAQYAQgAJhYhBGjSGCM0KhNoOus+TvtMaFtdwcE+BQJnKRF7AhsM +BQkDwmcAAAoJEPtMaFtdwcE+jMYP/Rh+SS0bAara89lQj8Wxy/5WcSpW33h0GdLT +/obJi+EjtN/zW/7vZRGVB5fxNRCjH0Hx3cCu7lvb6JKQ9y8fvQ9tjyO3/JPAe1KU +XN/r5g8iX6jJPPsOiIgtKOs7nWe2XyAqYhvxD1bvjFXpUUgnibysfTgwoWkiXNQO +rrrQlhAga05QW6BJ+DtotVT/SPhYooQp8B+D3fBhMop34mBEXLgVk+uJ6bse+VRK +LZUp992utQX89fflfviIp09CgQANmLwqQxlQsO3JDpk67aGIOkCuOjmENp0ozfXh +nrlWczXWGOISGZMXcjIYGWVvSoEiTQucFUe4xiaKoE0kRtqocuoiO7z9G8WVhX4A +whJ4DsHrySdslxqjXeiC0Om4niGmAKOPYHWfQ1YxyO7SC167Wx+whpBtYd68fa+C +XkskMI21Qk382hYHZSi/bvAS+yieDBjd27jROcz7l6PB/ivwPfBf4mlUICF+vc5z +SSfDXidGoU8B7UTsM1REnzF8RX2I9ECzCjqqiHsgjE0RNQbWvLBETE23q0eyiPHR +ZvQjQgHsKdZEr0Xqg1GnRLiRWCn4l6Fr00ZcUraGfyoEP+ulQ+yP852SIE34LsCL +TusI17P4gp2dR9eQ4mosI7J5TAL1Y+W4U8H1GeeCFgzjGExZ/xe9Is46T++A/GKp +HkA0s5uxuQINBGcpEuEBEAC6H5vY7GP2r5FFn6mQNV/8zo/TXIOYOHC1gfOL8tbw +8UcLqJCXMxF7K/VHmfe4ISkBn76Z1R4KCjZOYWdh2mbESB1owhb3y6p7h+4eGhdT +YyHh6I3uPIm9dAKyKMINjOJ+iPTcdjudNWPDj4FJK72QDf+8SpT0DliMbTUyZVIx +ohpOupmqyfKkrqvZ7ElrthVFjBGqktgLmSyKQNUr1+11+GOeydgZLiljJ8w1IdjU +oEykeNPvASQz4pnZZGmNNlnuc/27gt98kwqBxyVGB/7XcJ5Jol9UiGMmXEZUuSWg +Txcls56Ha+Qrbnt70F6cQWBCfIsKkYnxg2yewlWHFTVoDrZ1PuOac5UwGGcag2Ez +LPN+9TDRETPZVulkGSLBlF9n0xZQGzJud4fw3DNkxBAsJz/Kj+Oc+uYNL62CXgJc +bMG2nE9RlIy5ji0dlna8FvTNx+Fjs/UKse7KVcsXOQ479dE/fDUXwjVSokKN1MqN +2MIMX9Va150d57WISxIfE8Yfx8enhCmsEMPBng2d+KVg0cwNabpTVvOFfbKepwYC +tBJ3U3L+gvsnMTWqgf+c2vBW85JI1YVRNcVd4vL5I5cl0UmkY/7/BX6Bh/JzOhQ/ +q+YJ0rUezXlZC8rPI/+eYtLm4uKV/FUqvFkMjpI2tLh/9eQdwadgHIUpSGrmBU3R +lwARAQABiQRyBBgBCAAmFiEEaNIYIzQqE2g66z5O+0xoW13BwT4FAmcpEuECGwIF +CQPCZwACQAkQ+0xoW13BwT7BdCAEGQEIAB0WIQRyAOssP15IhGPAzp7NyujJJ8a+ +MQUCZykS4QAKCRDNyujJJ8a+MTGJD/9MpDYKL6yo1JUhzCD+TQajWLhwDuWEo11h +EEJohOEH2Myo2DbOA/OAQsFxpUkvzHDQTbHZm8F6Mzhf55OuaR259zEdHwH/MEXy +g+UPamCz/NmZkQ7WCrgJ1pvvIihU02t+gJlKHE4I9HbAiLFxhm23l/tnfNJeqSMh +5zqxM551PvlleulBu8g15SS84l8wI6JqKVq68N+/yTmIlRVs/4PHW85zzxu97BUl +xssgPgchGv89L6TUPXTMZucXvVOfEZmvtqcxkJIUIcnlZX4FLAccq3FHL5snXH0w +vjklyvVqdNd5och5Io3MUGKAlBKAe/R656CQPdGbD4hzE1viXnfqx6Vo1HRQDDHU +MLWqmMG2cT3+ld1MSxlDGr2QyuPR359UoWM4oANUimTHujR1nWOZtSZ2NBXIYOAc +T4SaB13vbr/Z+1auJba495QLphmKpu28GcKfAX5pXo/WesTQFYlyEvIGMMJ7ljah +cEBgXrHCkM98w+viixyrM9XhNZVQsGJuu1FaBLGa+KcgYXH1P3BAJV9fbnh2oFoA +SFEwiahP9g/7p69FkqpA4NGEjjg4bu5XvUhUAnwEcQE3yHG9AzdY+zV+HAwEULIZ ++v/H9Tj9zvxH0mHGRT1XCYxssZA/tU/VCB+IepmkcyTxlSZCfoot66vNZyfA8WTC +AU9kQPw5A4xfEACKjcOFavkoN3eYgIcAs1jQDaKlv8kfotIfG7RLcwtr9sXo9upF +jX58oxP9wVXGWf32s1Stf6ENFtzupuEqTG8aZydeeRxMdqH1t9SCERqeUqQGvWDW +KTfOASek7/Hf5ff06/6B73YwNrBXSeqT1H/21L5kP+mHvZD2THdl9U1IvR5bGO7A +HMVbRnCHlMBfitpKbJAKYBeLTk7diY2KrhqtJSDmgA4xFn533oOysBLhJ22XHr8K +4pMHMRoY9AtD3Ak0HRWZ395BZM/30phwB0jCPkEnk/Rnv7GGxWNA6e2fii2c/q83 +pG4O1itLoztMI39l4oK838bSdFpzgP4glfcJhi1heBqgO6h61Ra1zs7k/MdERNoG +3/jqhvaXN/pxPlDJW6NN/P6LSsYRzrem9cryZX4rsEVj8Mel0SGXWkPDZhgtsGZS +2FBZ2wvr9NW+kx7/Blp28n9vLcB5HNB66xS5y5Kj1Q03tiPy7d1GHE2CxKJT3oD9 +IWUCgHmzc6eHkrhYRUIG78g2N2L6vYEsl49KcDcjtWRET0dp/UPbyO0HObddt+3a +uzeU7XwVwKrDqR3siHd7S1ny5Qb1QO+pMMdNQcsBa/CurfyAooC7ZExpTToDmRHz +tFxCKLPE7AEjCIe5RYxTj8fLHp9ew4OESzQ7oAUNqs0NkZ57ZqYpMDJmkbkCDQRn +KRPFARAA7AZXVugEPe8MuygBPracbFtKpeIGw5vGelZs2J87Mz0FQY84ikexIffY +9kYb/4s2M10QJ/LI/VHKwfk5PuP3ZDy+BFCgbdf3zmBs6NjJlzTG8CRNK9bE6LLk +K4Xdfywnc1J6tANfCM/2pWotWP/cUHyeRrUcVLsrMLdmj+TMKjF5nf+FXc9NYiNy +gm+0FIIo9nI4nGdGpZ+LkE0mjdLZJHWbFX3rvNrBeJnwx54GXqsuE58IG3P2D5uq +tdlih6e4yfkmzaZwfSFph4xJXdRYgLiSKfOvUQnGz4vX+FUJUE2KINzoNdwVejP1 +lVz2SOllM4yhlUORGTI556f7lLJr3Ari14uYMswTj6mB4cJL9ZrgqtjIRZ7s2kbV +VORImdFL5/JgZNa3ASK7BPon1TS3V3mFvGEztgCGWc4Sc1WaprcGrfKomz0b/uCJ +xnsIgn0kEcpMnM6cp+kaHEFI6A6gI5pZbq5ULMOp+tg+YJQgpCZqcHjjXEkUa4dU +8wsGNWOzCgwoaQreAzooxEINhDne7qwUr4lyXwehsFJ7NUhQqkpVfchb13nTpwTQ +WFJb829Ym/QUgxWWjILYGk6NJZWATBe2T+bdIo+yAIBwKrOLvGWWhHz4T0LbFyL1 +x0Ybl9qCGBKNo/qPSoPDD+yVE9AlzkAMh66SQ5hMKJKIPBC1uUkAEQEAAYkCMwQY +AQgAJxYhBGjSGCM0KhNoOus+TvtMaFtdwcE+BQJnKRPFAxsgBAUJA8JnAAAANxYP +/iolEuftNwy1EwXjdif51f47XdivEEJPifVBWaI+watRxrhWDUn62tXogywauGS2 +mJpXSp4v+SbSHTabiAQNkoPJZZd15aERcVpNXL3IKlJdRYmXmBJdNLDGuoFbJYuU +suThRP2X2yTmYx3LQkDy6ehtXgz95dCCBHXUMveOLto7SGyrHLFeQlxrBaNUZbko +vURqgMogn8LDE4jmKkW54whFCNC/D0Cj/DZ+rXWpVdj3OSeTqkWSn9EMct6z7BUc +O15tl8n3FXsxvWZ/+TTd1PnoZoD9TcRe8nYV2BZH7N/5gwRr0w8MdijZQ0S+T2Y6 +Tbjszyz4557F2WQ+DIpbkDya1i5j91GPxboLiktwxZr53+8hSmbka7DQXmrQBaT3 +8VsF70cvO0R6+9Ge4deZ9Nl62j+cICJiDikKPqncmg3kIt5tHxi1ab0AkFtfWSBW ++pJTZWDBggWzEETPxa7aHvP95IJJ4iABEVtOUnpwGtGRcJXKFu/Qs9ZZR8BSqIS1 +0bGsDhfH+MqsjTYmNF1b9tmReNKRrwr5wOWlyv2LEFZbkuRaw52IvyMTF9MbDbkU +DtZ3UeIecG/foy7/Nv7T8jrd358ur3d7eWaZXH2pAXynk6R/iiNj1iggdWQtLu30 +CAWOb+5yakQZtfHI+TYKveX5vlHjXHd0Fb2TGK5alk3d +=uF78 -----END PGP PUBLIC KEY BLOCK----- diff --git a/libsemanage.spec b/libsemanage.spec index bb2b464..c787358 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -1,7 +1,7 @@ # # spec file for package libsemanage # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/python-semanage.changes b/python-semanage.changes index 681facc..118baec 100644 --- a/python-semanage.changes +++ b/python-semanage.changes @@ -11,6 +11,9 @@ Tue Feb 4 07:22:41 UTC 2025 - Robert Frohl - For a more in depth list of changes see https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt - Drop 1231587-build-libsemanage-with-swig-4.3.0.patch: fixed upstream +- keyring: Update Petr Lautrbach + * removed 0xBC3905F235179CF1 (expired: 2024-10-25) + * added 0xFB4C685B5DC1C13E (expires: 2026-11-04) ------------------------------------------------------------------- Tue Oct 15 11:41:31 UTC 2024 - Cathy Hu diff --git a/python-semanage.spec b/python-semanage.spec index 996baab..0364120 100644 --- a/python-semanage.spec +++ b/python-semanage.spec @@ -1,7 +1,7 @@ # # spec file for package python-semanage # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed -- 2.51.1 From d1b8137325a6d83b2cd4ab16a6e377a757bb287791956a99f2a530d9dc903831 Mon Sep 17 00:00:00 2001 From: Hu Date: Fri, 7 Mar 2025 14:39:19 +0000 Subject: [PATCH 5/9] OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=123 --- libsemanage-3.8.1.tar.gz | 3 +++ libsemanage-3.8.1.tar.gz.asc | 16 ++++++++++++++++ libsemanage-3.8.tar.gz | 3 --- libsemanage-3.8.tar.gz.asc | 16 ---------------- libsemanage.changes | 7 +++++++ libsemanage.spec | 2 +- python-semanage.changes | 7 +++++++ python-semanage.spec | 6 +++--- 8 files changed, 37 insertions(+), 23 deletions(-) create mode 100644 libsemanage-3.8.1.tar.gz create mode 100644 libsemanage-3.8.1.tar.gz.asc delete mode 100644 libsemanage-3.8.tar.gz delete mode 100644 libsemanage-3.8.tar.gz.asc diff --git a/libsemanage-3.8.1.tar.gz b/libsemanage-3.8.1.tar.gz new file mode 100644 index 0000000..49eb50f --- /dev/null +++ b/libsemanage-3.8.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7b39127b219cc70bfd935a4af6b0f2ba83d4b35c916f253c7e942c23ab490f07 +size 184618 diff --git a/libsemanage-3.8.1.tar.gz.asc b/libsemanage-3.8.1.tar.gz.asc new file mode 100644 index 0000000..0ff1cc4 --- /dev/null +++ b/libsemanage-3.8.1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6cACgkQzcroySfG +vjF0qA/5AfSoicNi40GsZAfRTZ62uKKrMsmAQMP9FvnqTobDHDZr+POFcVblPmE6 +Ud7yK+ojeKaYt/jj5IL6Ce0qwFnvHHMXRyUB7wKPLp0jkfxG1eM2Ogfv2oVlzKcH +hCLxU3rkMD+UhXX76gPTkgvnxIXhOkX1wTNIBXiQzVwey0lf+MXglga6dF5pvi9j +qqm/9YZZyMvMfcyap60W+yZgs01IJu4GOLV3wEJ1GjUhOpXoWpMEOH8byaUSl1OJ +r1mA7h04WwZvnAKm6KVF3CZQpYb81KwDX8IsY57fJ/QMrvY0Ge4587CAgXCdaBBm +A628RmzyNEXep8tonm4+gn1KlGmO+/YRo1hu72bSXvb5G2i4eL1bUKryAiSs0edR +/zc1wLjtwcgQkIZBx3zjib2wH8E0BP0wqh3BdtnLPtdjM2A6DNn9M0GuntCKjDX1 +WbHjt7dHN41sqosh9hzicOzaIzwqvDPCJvAew5H8N84oQZAObV6Y0StjVUUrbRue +XS0YJqbY9A20bn8hIRx21TmhUGwzE1XfDgfIgGJUS+85P/zF5xU2tNcuOvXp9g6w +M0uIIgS+hn1j1hNGF7+rCogicbzUBX5DPA80+us9738AGxj12/0s99lOoCCRynRF +5sG0bDn+VuhG7LOR1QwxtAgnKd5G0omYVLnkzvv/BTa+vAlp4OY= +=uHtc +-----END PGP SIGNATURE----- diff --git a/libsemanage-3.8.tar.gz b/libsemanage-3.8.tar.gz deleted file mode 100644 index c96f2fd..0000000 --- a/libsemanage-3.8.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:aac95988a572cc897a1ac1be77d360be1171fc0b2d7c66195a745601baf25bef -size 184583 diff --git a/libsemanage-3.8.tar.gz.asc b/libsemanage-3.8.tar.gz.asc deleted file mode 100644 index 729b40b..0000000 --- a/libsemanage-3.8.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmeaa/0ACgkQzcroySfG -vjEi2A/9E0zVrBAkJ/ch/TaNwBZIG1EtzcgGf7vFIZvuYYAxhtiA6J19pT/xHiog -QmzffgIOzTOeAQO/sTn5/qLrXjqsGFnhnqACVaA1J4VBPF18Y0RgdddhqiyD2iX+ -ezOoe4mfV8dDuAadjKYKR0hHZkBR8ix3CtZ+TSzQJJyLo4O9WJfscly01fTGnzAd -DBjAip4SAXkRwwzvecTWk5RQ/cz5vWDkdqCwnBODHxHqcwpP6fhVk0gG3tsw5UPC -17dYKTBsY8F8RRqF9ZyFRVPDOljm8Pm4Wkoao4WVqLyghczOMUxBg/c9ybOkb6ev -57YRP96D7lY18LH+M4SAaNXSpy2UOAO/F5SrRwIfHzNWh/k+a5obwrZzp2wkn6zH -SJ8E1peTmm+PhdhxxIMfTuyBBSxVsc1v1bitnEqYvdH9XZMIipFomjwIyBbs1eLI -qLdtypt6Cn1OnpliHKgdhlyTZjqdM0XqHcVY9kFXYZTTpyiHs2u5Km0twwrEdkwp -F0sSPuCQv1M5pJT5Gs2YKsaY8M/0iskNUNhvHOfkU3oFU8iE87IxqC8grehWqyc2 -0ZR4/gjX52ZMQqRV2aiZgYeEvs7BjoVmxrgh2JLFy0AP37WZ/vy2cWDd+aSklrIj -mAPt1stI8XFBjfI9bVDFDbPWCUvSDXOTWNKARAg/ENDGYOIezYg= -=q/+O ------END PGP SIGNATURE----- diff --git a/libsemanage.changes b/libsemanage.changes index 174732c..165e7f1 100644 --- a/libsemanage.changes +++ b/libsemanage.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Mar 7 14:10:50 UTC 2025 - Cathy Hu + +- Update to version 3.8.1 + https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 + * libsemanage: improved performance of semanage store rebuild + ------------------------------------------------------------------- Tue Feb 4 07:22:41 UTC 2025 - Robert Frohl diff --git a/libsemanage.spec b/libsemanage.spec index c787358..82e252f 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -20,7 +20,7 @@ %define libname libsemanage%{soversion} Name: libsemanage -Version: 3.8 +Version: 3.8.1 Release: 0 Summary: SELinux policy management library License: LGPL-2.1-or-later diff --git a/python-semanage.changes b/python-semanage.changes index 118baec..ac62d7f 100644 --- a/python-semanage.changes +++ b/python-semanage.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Mar 7 14:10:50 UTC 2025 - Cathy Hu + +- Update to version 3.8.1 + https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 + * libsemanage: improved performance of semanage store rebuild + ------------------------------------------------------------------- Tue Feb 4 07:22:41 UTC 2025 - Robert Frohl diff --git a/python-semanage.spec b/python-semanage.spec index 0364120..7b90946 100644 --- a/python-semanage.spec +++ b/python-semanage.spec @@ -20,12 +20,12 @@ %define soversion 2 %define libname libsemanage%{soversion} -%define libsepol_ver 3.8 -%define libselinux_ver 3.8 +%define libsepol_ver 3.8.1 +%define libselinux_ver 3.8.1 %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-semanage -Version: 3.8 +Version: 3.8.1 Release: 0 Summary: Python bindings for SELinux's policy management library License: LGPL-2.1-only -- 2.51.1 From f607cb5f20356045683e383b3378f647836cdc27b09109c0a1254b34c44f4273 Mon Sep 17 00:00:00 2001 From: Robert Frohl Date: Fri, 18 Jul 2025 12:03:38 +0000 Subject: [PATCH 6/9] Toolchain 3.9 update OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=125 --- libsemanage-3.8.1.tar.gz | 3 --- libsemanage-3.8.1.tar.gz.asc | 16 ---------------- libsemanage-3.9.tar.gz | 3 +++ libsemanage-3.9.tar.gz.asc | 16 ++++++++++++++++ libsemanage.changes | 9 +++++++++ libsemanage.spec | 2 +- python-semanage.changes | 9 +++++++++ python-semanage.spec | 6 +++--- 8 files changed, 41 insertions(+), 23 deletions(-) delete mode 100644 libsemanage-3.8.1.tar.gz delete mode 100644 libsemanage-3.8.1.tar.gz.asc create mode 100644 libsemanage-3.9.tar.gz create mode 100644 libsemanage-3.9.tar.gz.asc diff --git a/libsemanage-3.8.1.tar.gz b/libsemanage-3.8.1.tar.gz deleted file mode 100644 index 49eb50f..0000000 --- a/libsemanage-3.8.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7b39127b219cc70bfd935a4af6b0f2ba83d4b35c916f253c7e942c23ab490f07 -size 184618 diff --git a/libsemanage-3.8.1.tar.gz.asc b/libsemanage-3.8.1.tar.gz.asc deleted file mode 100644 index 0ff1cc4..0000000 --- a/libsemanage-3.8.1.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6cACgkQzcroySfG -vjF0qA/5AfSoicNi40GsZAfRTZ62uKKrMsmAQMP9FvnqTobDHDZr+POFcVblPmE6 -Ud7yK+ojeKaYt/jj5IL6Ce0qwFnvHHMXRyUB7wKPLp0jkfxG1eM2Ogfv2oVlzKcH -hCLxU3rkMD+UhXX76gPTkgvnxIXhOkX1wTNIBXiQzVwey0lf+MXglga6dF5pvi9j -qqm/9YZZyMvMfcyap60W+yZgs01IJu4GOLV3wEJ1GjUhOpXoWpMEOH8byaUSl1OJ -r1mA7h04WwZvnAKm6KVF3CZQpYb81KwDX8IsY57fJ/QMrvY0Ge4587CAgXCdaBBm -A628RmzyNEXep8tonm4+gn1KlGmO+/YRo1hu72bSXvb5G2i4eL1bUKryAiSs0edR -/zc1wLjtwcgQkIZBx3zjib2wH8E0BP0wqh3BdtnLPtdjM2A6DNn9M0GuntCKjDX1 -WbHjt7dHN41sqosh9hzicOzaIzwqvDPCJvAew5H8N84oQZAObV6Y0StjVUUrbRue -XS0YJqbY9A20bn8hIRx21TmhUGwzE1XfDgfIgGJUS+85P/zF5xU2tNcuOvXp9g6w -M0uIIgS+hn1j1hNGF7+rCogicbzUBX5DPA80+us9738AGxj12/0s99lOoCCRynRF -5sG0bDn+VuhG7LOR1QwxtAgnKd5G0omYVLnkzvv/BTa+vAlp4OY= -=uHtc ------END PGP SIGNATURE----- diff --git a/libsemanage-3.9.tar.gz b/libsemanage-3.9.tar.gz new file mode 100644 index 0000000..512a79a --- /dev/null +++ b/libsemanage-3.9.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ec05850aef48bfb8e02135a7f4f3f7edba3670f63d5e67f2708d4bd80b9a4634 +size 185278 diff --git a/libsemanage-3.9.tar.gz.asc b/libsemanage-3.9.tar.gz.asc new file mode 100644 index 0000000..f12f89e --- /dev/null +++ b/libsemanage-3.9.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIyBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmh3hTQACgkQzcroySfG +vjFCCQ/4kZ42zyT1fgCZGl2/v2nhq3q47sdZl8iUliF6bHbBO4HKlMeOt7BWcw6I +j6IvojHVzKL87C+wWqK5gYI3bpGtrAbbKAgyXk5iV9FYl4FGaRqDBgrTUnFPxOfP +LaEYHpA8B9ZUwHlKktNmtBluYV3iPsgE/vsdvFRt1YAvclO8mnEV3ME0jh/UNnVP +FvY994VU6WhVaomNsgLFjqZVW9e1mpBjYfoyY5SlY44JamXm1T4DIcEZZqfAPMUs +FBpsgWlPjHOrQTRsxTf1zEqe0l+H/38EWJA9KpAwtCebHwNJttQiivRfmveiM4GZ +GAe+XtQA7SPl8BwgsCvGhQsw7lIvn2sGaXUJMaKECx840FHIngJUw7UKjLsiml34 +owM7urgHI1TeI7ZYoSB8c4bYlI8+X+uZwIVhdysbuI+c8bMepUzDw1nH/+q6iS28 +sp9qZ4aDh9fV7zAbNkgJ7BXJJ53M6w5c6HgcHtCvQSoivkaw0jioaw3QSlnRO0xk +7mQ82tKnN5htLmRMuZ9GoFLrxulpF0fIR+f54g2vaHBxpQSS9j1a0Z1mgLEUohNi +/iB+k3VEKcFKvGqm1OYdwQZqmEtDhLyHv85FEGa8Pd2AzToycHQG6Kq5PpWNQbj/ +fS/dKxHMApLITgfOAEMsXWw29vlVwwCTyq/bN8u3Q2b15wuwdw== +=Fg6L +-----END PGP SIGNATURE----- diff --git a/libsemanage.changes b/libsemanage.changes index 165e7f1..0653eb4 100644 --- a/libsemanage.changes +++ b/libsemanage.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Jul 17 15:46:08 UTC 2025 - Johannes Segitz + +- Update to version 3.9 + * Improved POSIX compliance (added semanage_basename) + * Add relabel_store config option + * Add semanage_handle_create_with_path + * Add relabel_store config option to semanage.conf + ------------------------------------------------------------------- Fri Mar 7 14:10:50 UTC 2025 - Cathy Hu diff --git a/libsemanage.spec b/libsemanage.spec index 82e252f..cb04c5f 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -20,7 +20,7 @@ %define libname libsemanage%{soversion} Name: libsemanage -Version: 3.8.1 +Version: 3.9 Release: 0 Summary: SELinux policy management library License: LGPL-2.1-or-later diff --git a/python-semanage.changes b/python-semanage.changes index ac62d7f..913603f 100644 --- a/python-semanage.changes +++ b/python-semanage.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Jul 17 15:46:08 UTC 2025 - Johannes Segitz + +- Update to version 3.9 + * Improved POSIX compliance (added semanage_basename) + * Add relabel_store config option + * Add semanage_handle_create_with_path + * Add relabel_store config option to semanage.conf + ------------------------------------------------------------------- Fri Mar 7 14:10:50 UTC 2025 - Cathy Hu diff --git a/python-semanage.spec b/python-semanage.spec index 7b90946..a5b6460 100644 --- a/python-semanage.spec +++ b/python-semanage.spec @@ -20,12 +20,12 @@ %define soversion 2 %define libname libsemanage%{soversion} -%define libsepol_ver 3.8.1 -%define libselinux_ver 3.8.1 +%define libsepol_ver 3.9 +%define libselinux_ver 3.9 %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-semanage -Version: 3.8.1 +Version: 3.9 Release: 0 Summary: Python bindings for SELinux's policy management library License: LGPL-2.1-only -- 2.51.1 From eaed0a18081bd2f89ac31ff5aa1b602a7ced025e1bacb4fee7a3628efe15e74a Mon Sep 17 00:00:00 2001 From: Ana Guerrero Date: Tue, 22 Jul 2025 10:20:50 +0000 Subject: [PATCH 7/9] Accepting request 1295053 from openSUSE:Factory https://bugzilla.suse.com/show_bug.cgi?id=1246831 OBS-URL: https://build.opensuse.org/request/show/1295053 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsemanage?expand=0&rev=67 --- ...87-build-libsemanage-with-swig-4.3.0.patch | 257 ++++++++++++++++++ libsemanage-3.6.tar.gz | 3 + libsemanage-3.6.tar.gz.asc | 16 ++ libsemanage-3.7.tar.gz | 3 + libsemanage-3.7.tar.gz.asc | 16 ++ libsemanage-3.8.1.tar.gz | 3 + libsemanage-3.8.1.tar.gz.asc | 16 ++ libsemanage.changes | 9 - libsemanage.spec | 2 +- python-semanage.changes | 9 - python-semanage.spec | 6 +- 11 files changed, 318 insertions(+), 22 deletions(-) create mode 100644 1231587-build-libsemanage-with-swig-4.3.0.patch create mode 100644 libsemanage-3.6.tar.gz create mode 100644 libsemanage-3.6.tar.gz.asc create mode 100644 libsemanage-3.7.tar.gz create mode 100644 libsemanage-3.7.tar.gz.asc create mode 100644 libsemanage-3.8.1.tar.gz create mode 100644 libsemanage-3.8.1.tar.gz.asc diff --git a/1231587-build-libsemanage-with-swig-4.3.0.patch b/1231587-build-libsemanage-with-swig-4.3.0.patch new file mode 100644 index 0000000..3717e1d --- /dev/null +++ b/1231587-build-libsemanage-with-swig-4.3.0.patch @@ -0,0 +1,257 @@ +Index: libsemanage-3.7/src/semanageswig_python.i +=================================================================== +--- libsemanage-3.7.orig/src/semanageswig_python.i ++++ libsemanage-3.7/src/semanageswig_python.i +@@ -111,7 +111,7 @@ + } + + %typemap(argout) char** { +- $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1), $isvoid); + free(*$1); + } + +@@ -134,7 +134,7 @@ + NULL, NULL, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -148,7 +148,7 @@ + } + + %typemap(argout) semanage_module_info_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** module key typemaps **/ +@@ -160,7 +160,7 @@ + } + + %typemap(argout) semanage_module_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** context typemaps **/ +@@ -172,7 +172,7 @@ + } + + %typemap(argout) semanage_context_t** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** boolean typemaps **/ +@@ -197,7 +197,7 @@ + (void (*) (void*)) &semanage_bool_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -207,11 +207,11 @@ + } + + %typemap(argout) semanage_bool_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_bool_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_bool_key_t **(semanage_bool_key_t *temp=NULL) { +@@ -240,7 +240,7 @@ + (void (*) (void*)) &semanage_fcontext_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -250,11 +250,11 @@ + } + + %typemap(argout) semanage_fcontext_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_fcontext_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_fcontext_key_t **(semanage_fcontext_key_t *temp=NULL) { +@@ -284,7 +284,7 @@ + (void (*) (void*)) &semanage_iface_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -294,11 +294,11 @@ + } + + %typemap(argout) semanage_iface_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_iface_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_iface_key_t **(semanage_iface_key_t *temp=NULL) { +@@ -328,7 +328,7 @@ + (void (*) (void*)) &semanage_seuser_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -338,11 +338,11 @@ + } + + %typemap(argout) semanage_seuser_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_seuser_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_seuser_key_t **(semanage_seuser_key_t *temp=NULL) { +@@ -371,7 +371,7 @@ + (void (*) (void*)) &semanage_user_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -381,11 +381,11 @@ + } + + %typemap(argout) semanage_user_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_user_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_user_key_t **(semanage_user_key_t *temp=NULL) { +@@ -414,7 +414,7 @@ + (void (*) (void*)) &semanage_port_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -424,11 +424,11 @@ + } + + %typemap(argout) semanage_port_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_port_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_port_key_t **(semanage_port_key_t *temp=NULL) { +@@ -457,7 +457,7 @@ + (void (*) (void*)) &semanage_ibpkey_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -467,11 +467,11 @@ + } + + %typemap(argout) semanage_ibpkey_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_ibpkey_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_ibpkey_key_t **(semanage_ibpkey_key_t *temp=NULL) { +@@ -500,7 +500,7 @@ + (void (*) (void*)) &semanage_ibendport_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -510,11 +510,11 @@ + } + + %typemap(argout) semanage_ibendport_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_ibendport_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_ibendport_key_t **(semanage_ibendport_key_t *temp=NULL) { +@@ -543,7 +543,7 @@ + (void (*) (void*)) &semanage_node_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -553,12 +553,12 @@ + } + + %typemap(argout) semanage_node_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + + %typemap(argout) semanage_node_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_node_key_t **(semanage_node_key_t *temp=NULL) { diff --git a/libsemanage-3.6.tar.gz b/libsemanage-3.6.tar.gz new file mode 100644 index 0000000..2d6c989 --- /dev/null +++ b/libsemanage-3.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:41138f46222439e1242f27c1587e95cf54a059259aaf1681db642cc30c4e0d60 +size 182583 diff --git a/libsemanage-3.6.tar.gz.asc b/libsemanage-3.6.tar.gz.asc new file mode 100644 index 0000000..3273bc1 --- /dev/null +++ b/libsemanage-3.6.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAIACgkQRpWIHCVF +CNHfxRAAxXkHDxt7TvNySNdBDbqD0NX8r2tAKBEqI5dwspic8W8qi3mBBtqSYhxA +XAx8lRtf+wMSUaUO/Fa0qUyFuc/zdDTJUiNl2Aijp7YER3wpGj1/YDz/6lAWEc2N +8HMKQLYmdyoqzltRLTyTfRU3Zp1o0D15JVQtONadllTbRr6xKu672rSMkJf4AlxN +Q+CP26z/vRCtWXZLmsupgzbgeMPITrLGW5tubjtKgs8RGJ7o/yC1L0lT3aXSZ+EC +fhu4u7PhJqHeXhfSW1JBXkOXVooc9/9O1CURpSWGoS7CzhLpoxfabZfEomT2vshx +1DIQNFkCHrVp4mF+NU+AHatJNuknopz3XaKVEkYfUkcg23uFNuUXb9Rit1fJXYrD +YTNEtkv3LQw20dTpAP8LeW7LUv+9Z3hQQlOdHmzTNloJBH47B7MiNE09HdHtQL/w +10UUMgO4mTBGCseQ1gNfnbVQIUxP9iMdKzNG1aSDZIABH0Liroh2Oq1j5oJybWsw +C+yXFPle/bKvKzIXTBST40Qxi5fOIJatewRTEMX8ikapBaVKIE9QSlYRSnAgD0Me +LW1MQG/2FCt3byGA/gSYnRlgASjg2r23QHlvVRkRG0/Uj37hE5QAHqIMYmMsMEqy +XenmK+tCcPC6y/O4BwoRV3O6PU8/j8C0+RYD4bv5xmtPd1H+858= +=xhK9 +-----END PGP SIGNATURE----- diff --git a/libsemanage-3.7.tar.gz b/libsemanage-3.7.tar.gz new file mode 100644 index 0000000..1624de3 --- /dev/null +++ b/libsemanage-3.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e166cae29a417dab008db9ca0874023f353a3017b07693a036ed97487eda35b1 +size 182896 diff --git a/libsemanage-3.7.tar.gz.asc b/libsemanage-3.7.tar.gz.asc new file mode 100644 index 0000000..8f272c0 --- /dev/null +++ b/libsemanage-3.7.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF +CNF7iw/+J/RkUBGyWCTPpjTxycgsM32jroIqhekik2VkAAoSSfIy2DNsV9W1LhjX +8wdTIbohbVIV4iVjzvd8H5ee0XpywPYQ18bgvYmpHmjC+0pp3wZy5T1igbE1ePCq +r/MheAHIn4zj68qZZxCXZs5Fc1PC910jsEOM8Wwdyyo8VGpPp4EfO6y3aFIkbeoQ +kC4rNtXtXy5USKUtQ8QbKqyr+/YuSfVgYeZCexBqL0GJ4jwP413xiwKXL+RAzDeL +j5Z9m0j911LTer/KUoDL+jdlkX1YTf4qK+VEcHjlQBLUoS6atsNKSMJftqKkATfP +AZqlBuka6RheBL54eNHc+slIKEJvhfuTFWItM/3o8+lnW/2d7dYh1WxQhXJBFDM7 +dbButzqAL9dKNRjTNlBpMPe8oj13wLK890eVLOlnMIJUW4dZURoNNbs3Q2OlhuHQ +kyuPOegi2ZaNz4TvjlI1egY3h9lVYjUv/l/AtscqWfutZfD+e7n93mLOiXmZFmHI +G56cIUHfT13CEPq9D8moVTLM1bSibEDGe2GUqalpk9YcbQ3wBBXgUF8XcGuQFYZt +Bl42k6VvolZ6net+FxBoUhprBDtkPJQSD5DyT0OF4uucdZiDbsZT7vsYMjndiZVd +D1FyYekdvzb6x6li4nLLkxyj2WV96vPvqRKK+zvIldFem1Nllps= +=aE6b +-----END PGP SIGNATURE----- diff --git a/libsemanage-3.8.1.tar.gz b/libsemanage-3.8.1.tar.gz new file mode 100644 index 0000000..49eb50f --- /dev/null +++ b/libsemanage-3.8.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7b39127b219cc70bfd935a4af6b0f2ba83d4b35c916f253c7e942c23ab490f07 +size 184618 diff --git a/libsemanage-3.8.1.tar.gz.asc b/libsemanage-3.8.1.tar.gz.asc new file mode 100644 index 0000000..0ff1cc4 --- /dev/null +++ b/libsemanage-3.8.1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6cACgkQzcroySfG +vjF0qA/5AfSoicNi40GsZAfRTZ62uKKrMsmAQMP9FvnqTobDHDZr+POFcVblPmE6 +Ud7yK+ojeKaYt/jj5IL6Ce0qwFnvHHMXRyUB7wKPLp0jkfxG1eM2Ogfv2oVlzKcH +hCLxU3rkMD+UhXX76gPTkgvnxIXhOkX1wTNIBXiQzVwey0lf+MXglga6dF5pvi9j +qqm/9YZZyMvMfcyap60W+yZgs01IJu4GOLV3wEJ1GjUhOpXoWpMEOH8byaUSl1OJ +r1mA7h04WwZvnAKm6KVF3CZQpYb81KwDX8IsY57fJ/QMrvY0Ge4587CAgXCdaBBm +A628RmzyNEXep8tonm4+gn1KlGmO+/YRo1hu72bSXvb5G2i4eL1bUKryAiSs0edR +/zc1wLjtwcgQkIZBx3zjib2wH8E0BP0wqh3BdtnLPtdjM2A6DNn9M0GuntCKjDX1 +WbHjt7dHN41sqosh9hzicOzaIzwqvDPCJvAew5H8N84oQZAObV6Y0StjVUUrbRue +XS0YJqbY9A20bn8hIRx21TmhUGwzE1XfDgfIgGJUS+85P/zF5xU2tNcuOvXp9g6w +M0uIIgS+hn1j1hNGF7+rCogicbzUBX5DPA80+us9738AGxj12/0s99lOoCCRynRF +5sG0bDn+VuhG7LOR1QwxtAgnKd5G0omYVLnkzvv/BTa+vAlp4OY= +=uHtc +-----END PGP SIGNATURE----- diff --git a/libsemanage.changes b/libsemanage.changes index 0653eb4..165e7f1 100644 --- a/libsemanage.changes +++ b/libsemanage.changes @@ -1,12 +1,3 @@ -------------------------------------------------------------------- -Thu Jul 17 15:46:08 UTC 2025 - Johannes Segitz - -- Update to version 3.9 - * Improved POSIX compliance (added semanage_basename) - * Add relabel_store config option - * Add semanage_handle_create_with_path - * Add relabel_store config option to semanage.conf - ------------------------------------------------------------------- Fri Mar 7 14:10:50 UTC 2025 - Cathy Hu diff --git a/libsemanage.spec b/libsemanage.spec index cb04c5f..82e252f 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -20,7 +20,7 @@ %define libname libsemanage%{soversion} Name: libsemanage -Version: 3.9 +Version: 3.8.1 Release: 0 Summary: SELinux policy management library License: LGPL-2.1-or-later diff --git a/python-semanage.changes b/python-semanage.changes index 913603f..ac62d7f 100644 --- a/python-semanage.changes +++ b/python-semanage.changes @@ -1,12 +1,3 @@ -------------------------------------------------------------------- -Thu Jul 17 15:46:08 UTC 2025 - Johannes Segitz - -- Update to version 3.9 - * Improved POSIX compliance (added semanage_basename) - * Add relabel_store config option - * Add semanage_handle_create_with_path - * Add relabel_store config option to semanage.conf - ------------------------------------------------------------------- Fri Mar 7 14:10:50 UTC 2025 - Cathy Hu diff --git a/python-semanage.spec b/python-semanage.spec index a5b6460..7b90946 100644 --- a/python-semanage.spec +++ b/python-semanage.spec @@ -20,12 +20,12 @@ %define soversion 2 %define libname libsemanage%{soversion} -%define libsepol_ver 3.9 -%define libselinux_ver 3.9 +%define libsepol_ver 3.8.1 +%define libselinux_ver 3.8.1 %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-semanage -Version: 3.9 +Version: 3.8.1 Release: 0 Summary: Python bindings for SELinux's policy management library License: LGPL-2.1-only -- 2.51.1 From 233764b636a971e6d8083cfff33d90f32a0d0187bb003b98b10b2eaa0cd4ba7a Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Tue, 22 Jul 2025 10:20:50 +0000 Subject: [PATCH 8/9] Updating link to change in openSUSE:Factory/libsemanage revision 67 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=e7fc54ba6bf949b97b8037561d8799bc --- .gitattributes | 23 + .gitignore | 1 + ...87-build-libsemanage-with-swig-4.3.0.patch | 257 +++++++++ _multibuild | 4 + baselibs.conf | 1 + libsemanage-3.6.tar.gz | 3 + libsemanage-3.6.tar.gz.asc | 16 + libsemanage-3.7.tar.gz | 3 + libsemanage-3.7.tar.gz.asc | 16 + libsemanage-3.8.1.tar.gz | 3 + libsemanage-3.8.1.tar.gz.asc | 16 + libsemanage-3.9.tar.gz | 3 + libsemanage-3.9.tar.gz.asc | 16 + libsemanage.changes | 521 ++++++++++++++++++ libsemanage.keyring | 121 ++++ libsemanage.spec | 161 ++++++ python-semanage.changes | 426 ++++++++++++++ python-semanage.spec | 100 ++++ semanage.conf | 51 ++ 19 files changed, 1742 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 1231587-build-libsemanage-with-swig-4.3.0.patch create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 libsemanage-3.6.tar.gz create mode 100644 libsemanage-3.6.tar.gz.asc create mode 100644 libsemanage-3.7.tar.gz create mode 100644 libsemanage-3.7.tar.gz.asc create mode 100644 libsemanage-3.8.1.tar.gz create mode 100644 libsemanage-3.8.1.tar.gz.asc create mode 100644 libsemanage-3.9.tar.gz create mode 100644 libsemanage-3.9.tar.gz.asc create mode 100644 libsemanage.changes create mode 100644 libsemanage.keyring create mode 100644 libsemanage.spec create mode 100644 python-semanage.changes create mode 100644 python-semanage.spec create mode 100644 semanage.conf diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/1231587-build-libsemanage-with-swig-4.3.0.patch b/1231587-build-libsemanage-with-swig-4.3.0.patch new file mode 100644 index 0000000..3717e1d --- /dev/null +++ b/1231587-build-libsemanage-with-swig-4.3.0.patch @@ -0,0 +1,257 @@ +Index: libsemanage-3.7/src/semanageswig_python.i +=================================================================== +--- libsemanage-3.7.orig/src/semanageswig_python.i ++++ libsemanage-3.7/src/semanageswig_python.i +@@ -111,7 +111,7 @@ + } + + %typemap(argout) char** { +- $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1), $isvoid); + free(*$1); + } + +@@ -134,7 +134,7 @@ + NULL, NULL, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -148,7 +148,7 @@ + } + + %typemap(argout) semanage_module_info_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** module key typemaps **/ +@@ -160,7 +160,7 @@ + } + + %typemap(argout) semanage_module_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** context typemaps **/ +@@ -172,7 +172,7 @@ + } + + %typemap(argout) semanage_context_t** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + /** boolean typemaps **/ +@@ -197,7 +197,7 @@ + (void (*) (void*)) &semanage_bool_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -207,11 +207,11 @@ + } + + %typemap(argout) semanage_bool_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_bool_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_bool_key_t **(semanage_bool_key_t *temp=NULL) { +@@ -240,7 +240,7 @@ + (void (*) (void*)) &semanage_fcontext_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -250,11 +250,11 @@ + } + + %typemap(argout) semanage_fcontext_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_fcontext_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_fcontext_key_t **(semanage_fcontext_key_t *temp=NULL) { +@@ -284,7 +284,7 @@ + (void (*) (void*)) &semanage_iface_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -294,11 +294,11 @@ + } + + %typemap(argout) semanage_iface_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_iface_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_iface_key_t **(semanage_iface_key_t *temp=NULL) { +@@ -328,7 +328,7 @@ + (void (*) (void*)) &semanage_seuser_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -338,11 +338,11 @@ + } + + %typemap(argout) semanage_seuser_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_seuser_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_seuser_key_t **(semanage_seuser_key_t *temp=NULL) { +@@ -371,7 +371,7 @@ + (void (*) (void*)) &semanage_user_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -381,11 +381,11 @@ + } + + %typemap(argout) semanage_user_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_user_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_user_key_t **(semanage_user_key_t *temp=NULL) { +@@ -414,7 +414,7 @@ + (void (*) (void*)) &semanage_port_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -424,11 +424,11 @@ + } + + %typemap(argout) semanage_port_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_port_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_port_key_t **(semanage_port_key_t *temp=NULL) { +@@ -457,7 +457,7 @@ + (void (*) (void*)) &semanage_ibpkey_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -467,11 +467,11 @@ + } + + %typemap(argout) semanage_ibpkey_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_ibpkey_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_ibpkey_key_t **(semanage_ibpkey_key_t *temp=NULL) { +@@ -500,7 +500,7 @@ + (void (*) (void*)) &semanage_ibendport_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -510,11 +510,11 @@ + } + + %typemap(argout) semanage_ibendport_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(argout) semanage_ibendport_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_ibendport_key_t **(semanage_ibendport_key_t *temp=NULL) { +@@ -543,7 +543,7 @@ + (void (*) (void*)) &semanage_node_free, &plist) < 0) + $result = SWIG_From_int(STATUS_ERR); + else +- $result = SWIG_Python_AppendOutput($result, plist); ++ $result = SWIG_Python_AppendOutput($result, plist, $isvoid); + } + } + } +@@ -553,12 +553,12 @@ + } + + %typemap(argout) semanage_node_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + + %typemap(argout) semanage_node_key_t ** { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); ++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0), $isvoid); + } + + %typemap(in, numinputs=0) semanage_node_key_t **(semanage_node_key_t *temp=NULL) { diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..505095a --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + python-semanage + + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..f02cd37 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libsemanage2 diff --git a/libsemanage-3.6.tar.gz b/libsemanage-3.6.tar.gz new file mode 100644 index 0000000..2d6c989 --- /dev/null +++ b/libsemanage-3.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:41138f46222439e1242f27c1587e95cf54a059259aaf1681db642cc30c4e0d60 +size 182583 diff --git a/libsemanage-3.6.tar.gz.asc b/libsemanage-3.6.tar.gz.asc new file mode 100644 index 0000000..3273bc1 --- /dev/null +++ b/libsemanage-3.6.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAIACgkQRpWIHCVF +CNHfxRAAxXkHDxt7TvNySNdBDbqD0NX8r2tAKBEqI5dwspic8W8qi3mBBtqSYhxA +XAx8lRtf+wMSUaUO/Fa0qUyFuc/zdDTJUiNl2Aijp7YER3wpGj1/YDz/6lAWEc2N +8HMKQLYmdyoqzltRLTyTfRU3Zp1o0D15JVQtONadllTbRr6xKu672rSMkJf4AlxN +Q+CP26z/vRCtWXZLmsupgzbgeMPITrLGW5tubjtKgs8RGJ7o/yC1L0lT3aXSZ+EC +fhu4u7PhJqHeXhfSW1JBXkOXVooc9/9O1CURpSWGoS7CzhLpoxfabZfEomT2vshx +1DIQNFkCHrVp4mF+NU+AHatJNuknopz3XaKVEkYfUkcg23uFNuUXb9Rit1fJXYrD +YTNEtkv3LQw20dTpAP8LeW7LUv+9Z3hQQlOdHmzTNloJBH47B7MiNE09HdHtQL/w +10UUMgO4mTBGCseQ1gNfnbVQIUxP9iMdKzNG1aSDZIABH0Liroh2Oq1j5oJybWsw +C+yXFPle/bKvKzIXTBST40Qxi5fOIJatewRTEMX8ikapBaVKIE9QSlYRSnAgD0Me +LW1MQG/2FCt3byGA/gSYnRlgASjg2r23QHlvVRkRG0/Uj37hE5QAHqIMYmMsMEqy +XenmK+tCcPC6y/O4BwoRV3O6PU8/j8C0+RYD4bv5xmtPd1H+858= +=xhK9 +-----END PGP SIGNATURE----- diff --git a/libsemanage-3.7.tar.gz b/libsemanage-3.7.tar.gz new file mode 100644 index 0000000..1624de3 --- /dev/null +++ b/libsemanage-3.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e166cae29a417dab008db9ca0874023f353a3017b07693a036ed97487eda35b1 +size 182896 diff --git a/libsemanage-3.7.tar.gz.asc b/libsemanage-3.7.tar.gz.asc new file mode 100644 index 0000000..8f272c0 --- /dev/null +++ b/libsemanage-3.7.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF +CNF7iw/+J/RkUBGyWCTPpjTxycgsM32jroIqhekik2VkAAoSSfIy2DNsV9W1LhjX +8wdTIbohbVIV4iVjzvd8H5ee0XpywPYQ18bgvYmpHmjC+0pp3wZy5T1igbE1ePCq +r/MheAHIn4zj68qZZxCXZs5Fc1PC910jsEOM8Wwdyyo8VGpPp4EfO6y3aFIkbeoQ +kC4rNtXtXy5USKUtQ8QbKqyr+/YuSfVgYeZCexBqL0GJ4jwP413xiwKXL+RAzDeL +j5Z9m0j911LTer/KUoDL+jdlkX1YTf4qK+VEcHjlQBLUoS6atsNKSMJftqKkATfP +AZqlBuka6RheBL54eNHc+slIKEJvhfuTFWItM/3o8+lnW/2d7dYh1WxQhXJBFDM7 +dbButzqAL9dKNRjTNlBpMPe8oj13wLK890eVLOlnMIJUW4dZURoNNbs3Q2OlhuHQ +kyuPOegi2ZaNz4TvjlI1egY3h9lVYjUv/l/AtscqWfutZfD+e7n93mLOiXmZFmHI +G56cIUHfT13CEPq9D8moVTLM1bSibEDGe2GUqalpk9YcbQ3wBBXgUF8XcGuQFYZt +Bl42k6VvolZ6net+FxBoUhprBDtkPJQSD5DyT0OF4uucdZiDbsZT7vsYMjndiZVd +D1FyYekdvzb6x6li4nLLkxyj2WV96vPvqRKK+zvIldFem1Nllps= +=aE6b +-----END PGP SIGNATURE----- diff --git a/libsemanage-3.8.1.tar.gz b/libsemanage-3.8.1.tar.gz new file mode 100644 index 0000000..49eb50f --- /dev/null +++ b/libsemanage-3.8.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7b39127b219cc70bfd935a4af6b0f2ba83d4b35c916f253c7e942c23ab490f07 +size 184618 diff --git a/libsemanage-3.8.1.tar.gz.asc b/libsemanage-3.8.1.tar.gz.asc new file mode 100644 index 0000000..0ff1cc4 --- /dev/null +++ b/libsemanage-3.8.1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6cACgkQzcroySfG +vjF0qA/5AfSoicNi40GsZAfRTZ62uKKrMsmAQMP9FvnqTobDHDZr+POFcVblPmE6 +Ud7yK+ojeKaYt/jj5IL6Ce0qwFnvHHMXRyUB7wKPLp0jkfxG1eM2Ogfv2oVlzKcH +hCLxU3rkMD+UhXX76gPTkgvnxIXhOkX1wTNIBXiQzVwey0lf+MXglga6dF5pvi9j +qqm/9YZZyMvMfcyap60W+yZgs01IJu4GOLV3wEJ1GjUhOpXoWpMEOH8byaUSl1OJ +r1mA7h04WwZvnAKm6KVF3CZQpYb81KwDX8IsY57fJ/QMrvY0Ge4587CAgXCdaBBm +A628RmzyNEXep8tonm4+gn1KlGmO+/YRo1hu72bSXvb5G2i4eL1bUKryAiSs0edR +/zc1wLjtwcgQkIZBx3zjib2wH8E0BP0wqh3BdtnLPtdjM2A6DNn9M0GuntCKjDX1 +WbHjt7dHN41sqosh9hzicOzaIzwqvDPCJvAew5H8N84oQZAObV6Y0StjVUUrbRue +XS0YJqbY9A20bn8hIRx21TmhUGwzE1XfDgfIgGJUS+85P/zF5xU2tNcuOvXp9g6w +M0uIIgS+hn1j1hNGF7+rCogicbzUBX5DPA80+us9738AGxj12/0s99lOoCCRynRF +5sG0bDn+VuhG7LOR1QwxtAgnKd5G0omYVLnkzvv/BTa+vAlp4OY= +=uHtc +-----END PGP SIGNATURE----- diff --git a/libsemanage-3.9.tar.gz b/libsemanage-3.9.tar.gz new file mode 100644 index 0000000..512a79a --- /dev/null +++ b/libsemanage-3.9.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ec05850aef48bfb8e02135a7f4f3f7edba3670f63d5e67f2708d4bd80b9a4634 +size 185278 diff --git a/libsemanage-3.9.tar.gz.asc b/libsemanage-3.9.tar.gz.asc new file mode 100644 index 0000000..f12f89e --- /dev/null +++ b/libsemanage-3.9.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIyBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmh3hTQACgkQzcroySfG +vjFCCQ/4kZ42zyT1fgCZGl2/v2nhq3q47sdZl8iUliF6bHbBO4HKlMeOt7BWcw6I +j6IvojHVzKL87C+wWqK5gYI3bpGtrAbbKAgyXk5iV9FYl4FGaRqDBgrTUnFPxOfP +LaEYHpA8B9ZUwHlKktNmtBluYV3iPsgE/vsdvFRt1YAvclO8mnEV3ME0jh/UNnVP +FvY994VU6WhVaomNsgLFjqZVW9e1mpBjYfoyY5SlY44JamXm1T4DIcEZZqfAPMUs +FBpsgWlPjHOrQTRsxTf1zEqe0l+H/38EWJA9KpAwtCebHwNJttQiivRfmveiM4GZ +GAe+XtQA7SPl8BwgsCvGhQsw7lIvn2sGaXUJMaKECx840FHIngJUw7UKjLsiml34 +owM7urgHI1TeI7ZYoSB8c4bYlI8+X+uZwIVhdysbuI+c8bMepUzDw1nH/+q6iS28 +sp9qZ4aDh9fV7zAbNkgJ7BXJJ53M6w5c6HgcHtCvQSoivkaw0jioaw3QSlnRO0xk +7mQ82tKnN5htLmRMuZ9GoFLrxulpF0fIR+f54g2vaHBxpQSS9j1a0Z1mgLEUohNi +/iB+k3VEKcFKvGqm1OYdwQZqmEtDhLyHv85FEGa8Pd2AzToycHQG6Kq5PpWNQbj/ +fS/dKxHMApLITgfOAEMsXWw29vlVwwCTyq/bN8u3Q2b15wuwdw== +=Fg6L +-----END PGP SIGNATURE----- diff --git a/libsemanage.changes b/libsemanage.changes new file mode 100644 index 0000000..165e7f1 --- /dev/null +++ b/libsemanage.changes @@ -0,0 +1,521 @@ +------------------------------------------------------------------- +Fri Mar 7 14:10:50 UTC 2025 - Cathy Hu + +- Update to version 3.8.1 + https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 + * libsemanage: improved performance of semanage store rebuild + +------------------------------------------------------------------- +Tue Feb 4 07:22:41 UTC 2025 - Robert Frohl + +- Update to version 3.8 + https://github.com/SELinuxProject/selinux/releases/tag/3.8 + * libsemanage: Preserve file context and ownership in policy store + * libsemanage: Optionally allow duplicate declarations + * Improved man pages + * libsemanage: Mute error messages from selinux_restorecon introduced in 3.8-rc1 + * Code improvements and bug fixes +- For a more in depth list of changes see + https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt +- keyring: Update Petr Lautrbach + * removed 0xBC3905F235179CF1 (expired: 2024-10-25) + * added 0xFB4C685B5DC1C13E (expires: 2026-11-04) + +------------------------------------------------------------------- +Mon Oct 21 11:19:44 UTC 2024 - Johannes Segitz + +- Not conflict but obsolete libsemanage1 (bsc#1229757) + +------------------------------------------------------------------- +Mon Jul 1 07:57:45 UTC 2024 - Cathy Hu + +- Update to version 3.7 + https://github.com/SELinuxProject/selinux/releases/tag/3.7 + * Bugfixes: + * libsemanage: support huge passwd entries + +------------------------------------------------------------------- +Tue Dec 19 11:12:21 UTC 2023 - Cathy Hu + +- Update to version 3.6 + https://github.com/SELinuxProject/selinux/releases/tag/3.6 + * Add notself support for neverallow rules + * Improve man pages + * man pages: Remove the Russian translations + * Add notself and other support to CIL + * Add support for deny rules + * Translations updated from + https://translate.fedoraproject.org/projects/selinux/ + * Bug fixes +- Remove keys from keyring since they expired: + - E853C1848B0185CF42864DF363A8AD4B982C4373 + Petr Lautrbach + - 63191CE94183098689CAB8DB7EF137EC935B0EAF + Jason Zaman +- Add key to keyring: + - B8682847764DF60DF52D992CBC3905F235179CF1 + Petr Lautrbach + +------------------------------------------------------------------- +Mon Nov 27 09:51:42 UTC 2023 - Daniel Garcia + +- Remove dependency on /usr/bin/python3, making scripts to depends on + the real python3 binary, not the link. bsc#1212476 + +------------------------------------------------------------------- +Mon Aug 14 08:07:46 UTC 2023 - Johannes Segitz + +- Remove build counter syncing for real + +------------------------------------------------------------------- +Thu May 4 14:20:40 UTC 2023 - Frederic Crozat + +- Add _multibuild to define additional spec files as additional + flavors. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz + +- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because + of LTO + +------------------------------------------------------------------- +Thu Mar 23 13:06:51 UTC 2023 - Martin Liška + +- Enable LTO now (boo#1138812). + +------------------------------------------------------------------- +Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz + +- Update to version 3.5 + * Allow user to set SYSCONFDIR + * always write kernel policy when check_ext_changes is specified +- Added additional developer key (Jason Zaman) + +------------------------------------------------------------------- +Mon May 9 10:37:17 UTC 2022 - Johannes Segitz + +- Update to version 3.4 + * Optionally rebuild policy when modules are changed externally + * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() + * Allow spaces in user/group names + +------------------------------------------------------------------- +Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz + +- Drop Buildrequires for libustr-devel, not needed anymore + +------------------------------------------------------------------- +Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * Fixed use-after-free in parse_module_store() + * Fixed use_after_free in semanage_direct_write_langext() + +------------------------------------------------------------------- +Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz + +- Link to correct so version +- Minor spec file cleanups + +------------------------------------------------------------------- +Wed Mar 17 08:29:15 UTC 2021 - Johannes Segitz + +- Move configuration file to separate libsemanage-conf package to allow + for parallel installation in future versions + +------------------------------------------------------------------- +Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz + +- Update to version 3.2 + * dropped old and deprecated symbols and functions + libsemanage version was bumped to libsemanage.so.2 + * libsemanage tries to sync data to prevent empty files in SELinux module + store + +------------------------------------------------------------------- +Wed Jul 29 14:37:19 UTC 2020 - Thorsten Kukuk + +- Add /var/lib/selinux + +------------------------------------------------------------------- +Wed Jul 15 08:17:18 UTC 2020 - Johannes Segitz + +- Remove libsemanage-update-map-file.patch to prevent checkers from declining + the submission. Keeping the snippet in the spec file in case we try to + enable LTO again + +------------------------------------------------------------------- +Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * Improved manpage + * fsync final files before rename + +------------------------------------------------------------------- +Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz + +- Disabled LTO again. This breaks e.g. shadow and also other packages + in security:SELinux + +------------------------------------------------------------------- +Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez + +- Fix build with LTO: [bsc#1133102] + * Enable LTO (Link Time Optimization) and build with -ffat-lto-objects + * Update map file to include new symbols and remove wildcards +- Add libsemanage-update-map-file.patch + +------------------------------------------------------------------- +Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger + +- Drop suse_path.patch: replace it with a grep/sed logic replacing + /usr/libexec in all files with the correct value for all distros + (taking into account that openSUSE is in progress of migrating + from /usr/lib to /usr/libexec). + +------------------------------------------------------------------- +Fri May 29 12:51:17 UTC 2020 - Johannes Segitz + +- Apply suse_path.patch only for older distributions. Newer + use libexec + +------------------------------------------------------------------- +Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * Add support for DCCP and SCTP protocols + * include internal header to use the hidden function prototypes + * mark all exported function "extern" + * optionally optimize policy on rebuild + Refreshed suse_path.patch + +------------------------------------------------------------------- +Thu Jun 20 10:22:04 UTC 2019 - Martin Liška + +- Disable LTO due to symbol versioning (boo#1138812). + +------------------------------------------------------------------- +Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com + +- Update to version 2.9 + * Always set errno to 0 before calling getpwent() + * Include user name in ROLE_REMOVE audit events + * genhomedircon - improve handling large groups + * improve semanage_migrate_store import failure + * reset umask before creating directories + * set selinux policy root around calls to selinux_boolean_sub + * use previous seuser when getting the previous name + +------------------------------------------------------------------- +Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt + +- Use more %make_install. + +------------------------------------------------------------------- +Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com + +- Adjusted source urls (bsc#1115052) + +------------------------------------------------------------------- +Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com + +- update to version 2.8 + * semanage fcontext -l now also lists home directory entries from + file_contexts.homedirs. + * libsemanage no longer deletes the tmp directory if there is an error + while committing the policy transaction, so that any temporary files + can be further inspected for debugging purposes (e.g. to examine a + particular line of the generated CIL module). The tmp directory will + be deleted upon the next transaction, so no manual removal is needed. + * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc., + DESTDIR has to be removed from the definition. For example on Arch + Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin". + * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed). + +- Clened with spec-cleaner + +------------------------------------------------------------------- +Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com + +- Update to version 2.7. Changes: + * IB support + * saves linked policy and skips relinking whenever possible + +------------------------------------------------------------------- +Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com + +- Update to version 2.6. Notable changes: + * genhomedircon: do not suppress logging from libsepol + * genhomedircon: use userprefix as the role for homedir + * Fix bug preventing the installation of base modules + * Use pp module name instead of filename when installing module + * genhomedircon: remove hardcoded refpolicy strings + * genhomedircon: add support for %group syntax + * genhomedircon: generate contexts for logins mapped to the default user + * Validate and compile file contexts before installing + * Swap tcp and udp protocol numbers + * genhomedircon: %{USERID} and %{USERNAME} support and code cleanups + +------------------------------------------------------------------- +Mon Dec 12 14:59:36 UTC 2016 - dimstar@opensuse.org + +- Split out the Policy Store Migration tool into + libsemanage-store-migrate: it is not a devel tool to start with. + Additionally, it causes the -devel package to depend on python, + which we want to avoid (libsemanabe being part of the core build + cycle). The library suggests libsemanage-store-migrate. + +------------------------------------------------------------------- +Sun Jul 17 15:17:39 UTC 2016 - jengelh@inai.de + +- Update RPM groups, trim description, combine filelist entries, + ensure pkgconfig() symbols are generated. + +------------------------------------------------------------------- +Thu Jul 14 14:20:12 UTC 2016 - jsegitz@novell.com + +- Without bug number no submit to SLE 12 SP2 is possible, so to make + sle-changelog-checker happy: bsc#988977 + +------------------------------------------------------------------- +Wed Jul 13 09:43:28 UTC 2016 - jsegitz@novell.com + +- Added suse_path.patch to fix path to hll compiler + +------------------------------------------------------------------- +Fri Jul 8 15:24:49 UTC 2016 - i@marguerite.su + +- update version 2.5 + * Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss. + * Fix uninitialized variable in direct_commit and direct_api + * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so + * Store homedir_template and users_extra in policy store + * Fix null pointer dereference in semanage_module_key_destroy + * Add semanage_module_extract() to extract a module as CIL or HLL + * semanage_migrate_store: add -r option for migrating inside chroots + * Add file_contexts and seusers to the store + * Add policy binary and file_contexts.local to the store + * Allow to install compressed modules without a compression extension + * Do not copy contexts in semanage_migrate_store + * Fix logic in bunzip for uncompressed pp files + * Fix fname[] initialization in test_utilities.c + * Add remove-hll semanage.conf option to remove HLL files after + compilation to CIL + * Fix memory leaks when parsing semanage.conf + * Change bunzip to use heap instead of stack to prevent segfault on + systems with small stack size +- changes in 2.4 + * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different + directories + * Fix bugs found by hardened gcc flags + * Add missing manpage links to security_load_policy + * Fix failing libsemanage pywrap tests + * Fix deprecation warning for bison + * Skip policy module relink when only setting booleans + * Only try to compile file contexts if they exist + * Fix memory leak when setting a custom store path + * Add semodule option to set store root path in semanage.conf and the + semodule command + * Add semanage.conf option to set an alternative root path for policy + store + * Add support for High Level Language (HLL) to CIL compilers. The HLL + compiler path is configurable, but should be placed in + /usr/libexec/selinux/hll by default + * Create a policy migration script for migrating the policy store from + /etc/selinux to /var/lib/selinux + * Add python3 support to the migration script + * Use libcil to compile modules + * Use symbolic versioning to maintain ABI compatibility for old install + functions + * Add a target-platform option to semanage.conf to control how policies + are built + * Add API to handle modules and source policies, moving module store to + /var/lib/selinux + * Only try to compile file contexts if they exist + +------------------------------------------------------------------- +Sun May 18 00:10:55 UTC 2014 - crrodriguez@opensuse.org + +- version 2.3 +* Fix memory leak in semanage_genhomedircon from Thomas Hurd. + +------------------------------------------------------------------- +Tue Feb 11 10:12:55 UTC 2014 - vcizek@suse.com + +- add semanage.conf as SOURCE and install it instead of the default + one + +------------------------------------------------------------------- +Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com + +- Update to version 2.2 + * Avoid duplicate list entries + * Add audit support to libsemanage + * Remove policy.kern and replace with symlink + * Apply a MAX_UID check for genhomedircon + * Fix man pages +- Add audit-devel BuildRequires; new dependency +- Add fdupes BuildRequires and use it to symlink duplicate manpages + +------------------------------------------------------------------- +Thu Jun 27 14:56:37 UTC 2013 - vcizek@suse.com + +- change the source url to the official 2.1.10 release tarball + +------------------------------------------------------------------- +Thu Apr 4 19:29:33 UTC 2013 - vcizek@suse.com + +- fixed source url +- removed old tarball + +------------------------------------------------------------------- +Fri Mar 29 15:21:29 UTC 2013 - vcizek@suse.com + +- update to 2.1.10 + * Add sefcontext_compile to compile regex everytime policy is rebuilt + * Cleanup/fix enable/disable/remove module. + * redo genhomedircon minuid + * fixes from coverity + * semanage_store: do not leak memory in semanage_exec_prog + * genhomedircon: remove useless conditional in get_home_dirs + * genhomedircon: double free in get_home_dirs + * fcontext_record: do not leak on error in semanage_fcontext_key_create + * genhomedircon: do not leak on failure in write_gen_home_dir_context + * semanage_store: do not leak fd + * genhomedircon: do not leak shells list + * semanage_store: do not leak on strdup failure + * semanage_store: rewrite for readability + +------------------------------------------------------------------- +Wed Jan 30 12:00:30 UTC 2013 - vcizek@suse.com + +- update to 2.1.9 + * dropped libsemanage-2.1.6-NULL_level_fix.patch (fixed upstream) + * libsemanage: do not set soname needlessly + * libsemanage: remove PYTHONLIBDIR and ruby equivalent + * do boolean name substitution + * Fix segfault for building standard policies. + * remove build warning when build swig c files + * additional makefile support for rubywrap + * ignore 80 column limit for readability + * semanage_store: fix snprintf length argument by using asprintf + * Use default semanage.conf as a fallback + * use after free in python bindings + * Alternate path for semanage.conf + * do not link against libpython, this is considered bad in Debian + * Allow to build for several ruby version + * fallback-user-level + +------------------------------------------------------------------- +Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de + +- Remove obsolete defines/sections + +------------------------------------------------------------------- +Wed Oct 24 16:36:25 UTC 2012 - vcizek@suse.com + +- when building "standard" (not MCS/MLS) selinux-policies, + libsemanage will crash, because "level" is NULL + (libsemanage-2.1.6-NULL_level_fix.patch) + +------------------------------------------------------------------- +Mon Aug 27 13:49:45 UTC 2012 - cfarrell@suse.com + +- license update: LGPL-2.1+ + Could not find any LGPL-2.1 "only" licensed files in the pacakge + +------------------------------------------------------------------- +Wed Aug 1 07:54:33 UTC 2012 - meissner@suse.com + +- Updated to 2.1.6 + * changes too numerous to list + +------------------------------------------------------------------- +Wed Oct 5 15:10:27 UTC 2011 - uli@suse.com + +- cross-build fix: use %__cc macro + +------------------------------------------------------------------- +Thu Sep 22 13:14:39 CEST 2011 - dmueller@suse.de + +- buildrequire libbz2-devel + +------------------------------------------------------------------- +Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org + +- split off python bindings to separate package to reduce build + dependencies for rpm [bnc#695436] + +------------------------------------------------------------------- +Wed May 18 13:38:44 UTC 2011 - coolo@novell.com + +- add baselibs.conf for rpm-32bit to use + +------------------------------------------------------------------- +Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com + +- disable parallel build, it breaks too often + +------------------------------------------------------------------- +Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz + +- updated to 2.0.43 + * changes too numerous to list + +------------------------------------------------------------------- +Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz + +- fix assignment of wrong context [bnc#466793] + +------------------------------------------------------------------- +Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz + +- updated to 2.0.31 + * policy module compression (bzip) support from Dan Walsh + * hard link files between tmp/active/previous from Dan Walsh + * add semanage_mls_enabled() interface from Stephen Smalley + +------------------------------------------------------------------- +Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz + +- updated to 2.0.29 + * add USER to lines to homedir_template context file + * add compression support + * allow fcontext and seuser changes without rebuilding the policy + * don't rebuild on fcontext or seuser modifications + * modify genhomedircon to skip %groupname entries + +------------------------------------------------------------------- +Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de + +- fix debug_packages_requires define + +------------------------------------------------------------------- +Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz + +- require only version, not release [bnc#429053] + +------------------------------------------------------------------- +Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz + +- updated to 2.0.27 + * Modify genhomedircon to skip %groupname entries. + Ultimately we need to expand them to the list of users to support + per-role homedir labeling when using the %groupname syntax. +- updated to 2.0.26 + * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. + Strip any trailing slash before appending /*$. + +------------------------------------------------------------------- +Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de + +- fix requires for debuginfo package + +------------------------------------------------------------------- +Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz + +- initial version 2.0.25 + * based on Fedora package by Dan Walsh + diff --git a/libsemanage.keyring b/libsemanage.keyring new file mode 100644 index 0000000..9db3320 --- /dev/null +++ b/libsemanage.keyring @@ -0,0 +1,121 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGcpEXsBEACjkf3/pxK1vKNYV5sbqoOfqlP7i/WuVtFmjStjBaQOYQCM5kxE +L1ImKlMJ1B40WW/ocSKIK+XduZkiqtn7O8sjpTX7Z0fuTTrE2ogUtNXTNuv61SQ7 +CymDmevn0qy40/TVYFLQQvO6c7/MeP4E4R0+DUq8HQhAW2oDBoB+6fLrti9Ov07t +jPTtkJ9PE+0d/oUnzQU95FrQuhlidbhSZIa2bV/n1UP36p7jKFG01qdqZdQqN/wF +PDStDCOgmFVPkyDRnqFbp+EWsPnsuB3x8GLlkcdSVHjPX6eoYJSgeUeNzQlXIryP +x+h8pp+jD/v0hNo6oHO/4/emxj15wGDvAZo4eurNHNHEB8phE7YhoUdEaewQTwWf +BIQvTS49XGmKJNq+sskUSOS70aY/c5jetvAg9dvDWb2ZkbXIBVtIQR/nxZJZ6gGn +Q7qqvAB0ht2BRfgGRDxtfky1SNenm2bRK2aNCJns73VyDRW5a2t+P8jgTfG2Wg3O +G0bZAsjizuIAvWiuEKXES5lE71qVQJJydG+GbDYOHqwHqLnp69xl1QXDExc4HLF9 +avR/FfhCVHyNiow+PtQw2PY9xxME5Be6YhbZx0YR6eL2+sT1wt9lFI0LA9YBda2v +XNBbngnHkOMIYehtCTndnuQT4xlUCN6A5pPS7nRyWME18mii26Wfj6BsYwARAQAB +tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB +FiEEaNIYIzQqE2g66z5O+0xoW13BwT4FAmcpEXsCGwMFCQPCZwAFCwkIBwICIgIG +FQoJCAsCBBYCAwECHgcCF4AACgkQ+0xoW13BwT52gxAAjmac0DxofR1945mfP82s +zBjofuMr/6Vhq0LHTl7VN8r7PP195EqzGA/c+OPSn2KCjeMh09w3n9ieWZUR6mUO +ZKIo4516d2+LL6wDyy6QyjTtD6bWlhY3MW3KJl35zjian0jWXuHquS0hj1cN52uU +CQ2iDVWVR63142maBe3Y6Yk0OZh+1ZwoinLD9ktq5uNFwCbHCyfsjp1adProV+D0 +fy2txGVaKlVY/yKY7QQinALxFuG42CTGO39xV/cISnOiQXifSTeepia33Q020ZzS +QblACVO+VS4ek1bO7O90A+0zLcoRpch+7cgRl4goLFKBZdObvNEpSfQXqMoCwteE +r9Y4DUBrs10BTAzGsSd182ioGu6xosOWnNZTtRK/ZhP49/dpDu7WzODYnxXl6pE/ +4TzDB7nhE0KBCtwOBSrlpvKdyy+6WXcaom/O9kLv9DdOH+DlZz51FoYHPQ70UG5E +9DCOucH3fbFbV8N/XtxJylUoC9X+PCe2lZd/udK/YzSj1+KGdMGXh3ZzYQEq1N2n +lbQil5GXm4tp3cBiii4/pGhn78h39mA15pAof9mULGTlL0YvNiGbrrnKw5hGSHs1 ++hOFG28CoB4NxMpYYMbWdCiTYoo5LKpLzU9PYCUzPsDbpHS+wf/2VDW5kUiEgZvF +leUYRFnBd3Wz6WB9ZNsHkr6JAjMEEAEIAB0WIQS4aChHdk32DfUtmSy8OQXyNRec +8QUCZykYBQAKCRC8OQXyNRec8V0ZD/4vu4DsQwH5iHS6uFm46W1lI22B7pv5Rstl +N3wNGx/Tjh75nQ0lZ1DaxosGm0aEhydqzhB3SBL5CRYHuUysnfW67HXlkGMWwa3K +or5Wgfwkg+9XwyvleiOoD5RhSlc/qewgut2RS83Ol4DnUjFi5UxZy63xJRVjOMPX +VgbU/wsXPJ2wiZph7ux75ETzkXf/Y+iRk17R3QaHfq7J8lI0PzReuvEulE6BptCA +c0bR2sv8MeN2hrcXRXkRSgbs0HBSuYFGVYpgItQV9b7yZCfpFUrwkhX1ZoevOL8o +Bkuidlvl0KM7R746XXqnJSh8sDxI3sFqqN6ezyGjb3sa0Td1quReaPmnenhg+6v8 +P6hkI0gf4FgyyG3jpW0Te/pXXQ/woDboyA2jmowTVDSQLUNRiLrxw94OCtAExZr6 +cX6b2LZoZ4DKLeoOFm7TckuE5gCG/jk5VFrCb28WrIqIFEA1WiBNGv5yHjPLBpqn +B9UtD7GLBUuqVPmf+IjNYJDSEDXl4pmAlXSRNcvg5YoF4mpI2ectWbgCFnY6kocy +yMTsESim8J70llYUiuO1D1OuuIHI7HTdqdaSabtviVnUcoM4j8LHLPwFm9iLOjuF +I50aMusUFMP9aTSzC+nMHg0qHkjo3uSCmlcxNpanfr4qZDHronNpmN6kaXVUw0V2 +CI/pLDqk77kCDQRnKRF7ARAArgRj7ToZ65fjAuVSoAxYKdsUQu6EFkZYUsQi8/pY +lLVY6957jlFVylV9gyncCrKaI1FqECVEy1JD1i1dJ2UE+SG01yhX+GqNw3LAx1uz +L5GzbulGT8MlULTJUvgAGtJKXCF81rjpfhm8+vwYYO+MBSEro1dDtatknFhH39TS +epEa0a48EuEV7LUfrSflrE/z7Z/2kUI1sMnXcduuFWO75FR4TwarlYkjl15rlJ9i +dcURGxP/M76nDtlppIOZYpHVrzw/oGQMPt7rdkhoBrzj0z8PP46DM0SBvJGO+Bs7 +Q4QitLbHrWUahbsX2msSDOP3s0iIG7qqk0Jgl5+Sl88Q2uT7CY5S2El+HoTu6mGW +WJBqazp2pcBzdn7EE32MV/vhGnNWYg8r8wU2vQRxQwWBRGkG1pOuTh0YyH76/mLi +orHHAkd/hGwYIOyAf1lkN6YrPmry4U1MjWRtOewo2353svjlT7f+ZGbiXbaDx674 +C8PpHgZ8qOzLMQULIYrtOZViPRj4QZH35htFDUZqFeq2tH9osLT0tLLFBOph8pTw +q6yehx4RsE6KARlQ0/JunOJvAeXVURX1ytHl5Pww8eCzzF2mNDuBG4+LXZ+9zze6 +elSw0gdILFmpeiKUazPb7OlfayLc/EG0r+1OjpkVEuKOEezbnRjVqCngzJdir3UD +ZVMAEQEAAYkCPAQYAQgAJhYhBGjSGCM0KhNoOus+TvtMaFtdwcE+BQJnKRF7AhsM +BQkDwmcAAAoJEPtMaFtdwcE+jMYP/Rh+SS0bAara89lQj8Wxy/5WcSpW33h0GdLT +/obJi+EjtN/zW/7vZRGVB5fxNRCjH0Hx3cCu7lvb6JKQ9y8fvQ9tjyO3/JPAe1KU +XN/r5g8iX6jJPPsOiIgtKOs7nWe2XyAqYhvxD1bvjFXpUUgnibysfTgwoWkiXNQO +rrrQlhAga05QW6BJ+DtotVT/SPhYooQp8B+D3fBhMop34mBEXLgVk+uJ6bse+VRK +LZUp992utQX89fflfviIp09CgQANmLwqQxlQsO3JDpk67aGIOkCuOjmENp0ozfXh +nrlWczXWGOISGZMXcjIYGWVvSoEiTQucFUe4xiaKoE0kRtqocuoiO7z9G8WVhX4A +whJ4DsHrySdslxqjXeiC0Om4niGmAKOPYHWfQ1YxyO7SC167Wx+whpBtYd68fa+C +XkskMI21Qk382hYHZSi/bvAS+yieDBjd27jROcz7l6PB/ivwPfBf4mlUICF+vc5z +SSfDXidGoU8B7UTsM1REnzF8RX2I9ECzCjqqiHsgjE0RNQbWvLBETE23q0eyiPHR +ZvQjQgHsKdZEr0Xqg1GnRLiRWCn4l6Fr00ZcUraGfyoEP+ulQ+yP852SIE34LsCL +TusI17P4gp2dR9eQ4mosI7J5TAL1Y+W4U8H1GeeCFgzjGExZ/xe9Is46T++A/GKp +HkA0s5uxuQINBGcpEuEBEAC6H5vY7GP2r5FFn6mQNV/8zo/TXIOYOHC1gfOL8tbw +8UcLqJCXMxF7K/VHmfe4ISkBn76Z1R4KCjZOYWdh2mbESB1owhb3y6p7h+4eGhdT +YyHh6I3uPIm9dAKyKMINjOJ+iPTcdjudNWPDj4FJK72QDf+8SpT0DliMbTUyZVIx +ohpOupmqyfKkrqvZ7ElrthVFjBGqktgLmSyKQNUr1+11+GOeydgZLiljJ8w1IdjU +oEykeNPvASQz4pnZZGmNNlnuc/27gt98kwqBxyVGB/7XcJ5Jol9UiGMmXEZUuSWg +Txcls56Ha+Qrbnt70F6cQWBCfIsKkYnxg2yewlWHFTVoDrZ1PuOac5UwGGcag2Ez +LPN+9TDRETPZVulkGSLBlF9n0xZQGzJud4fw3DNkxBAsJz/Kj+Oc+uYNL62CXgJc +bMG2nE9RlIy5ji0dlna8FvTNx+Fjs/UKse7KVcsXOQ479dE/fDUXwjVSokKN1MqN +2MIMX9Va150d57WISxIfE8Yfx8enhCmsEMPBng2d+KVg0cwNabpTVvOFfbKepwYC +tBJ3U3L+gvsnMTWqgf+c2vBW85JI1YVRNcVd4vL5I5cl0UmkY/7/BX6Bh/JzOhQ/ +q+YJ0rUezXlZC8rPI/+eYtLm4uKV/FUqvFkMjpI2tLh/9eQdwadgHIUpSGrmBU3R +lwARAQABiQRyBBgBCAAmFiEEaNIYIzQqE2g66z5O+0xoW13BwT4FAmcpEuECGwIF +CQPCZwACQAkQ+0xoW13BwT7BdCAEGQEIAB0WIQRyAOssP15IhGPAzp7NyujJJ8a+ +MQUCZykS4QAKCRDNyujJJ8a+MTGJD/9MpDYKL6yo1JUhzCD+TQajWLhwDuWEo11h +EEJohOEH2Myo2DbOA/OAQsFxpUkvzHDQTbHZm8F6Mzhf55OuaR259zEdHwH/MEXy +g+UPamCz/NmZkQ7WCrgJ1pvvIihU02t+gJlKHE4I9HbAiLFxhm23l/tnfNJeqSMh +5zqxM551PvlleulBu8g15SS84l8wI6JqKVq68N+/yTmIlRVs/4PHW85zzxu97BUl +xssgPgchGv89L6TUPXTMZucXvVOfEZmvtqcxkJIUIcnlZX4FLAccq3FHL5snXH0w +vjklyvVqdNd5och5Io3MUGKAlBKAe/R656CQPdGbD4hzE1viXnfqx6Vo1HRQDDHU +MLWqmMG2cT3+ld1MSxlDGr2QyuPR359UoWM4oANUimTHujR1nWOZtSZ2NBXIYOAc +T4SaB13vbr/Z+1auJba495QLphmKpu28GcKfAX5pXo/WesTQFYlyEvIGMMJ7ljah +cEBgXrHCkM98w+viixyrM9XhNZVQsGJuu1FaBLGa+KcgYXH1P3BAJV9fbnh2oFoA +SFEwiahP9g/7p69FkqpA4NGEjjg4bu5XvUhUAnwEcQE3yHG9AzdY+zV+HAwEULIZ ++v/H9Tj9zvxH0mHGRT1XCYxssZA/tU/VCB+IepmkcyTxlSZCfoot66vNZyfA8WTC +AU9kQPw5A4xfEACKjcOFavkoN3eYgIcAs1jQDaKlv8kfotIfG7RLcwtr9sXo9upF +jX58oxP9wVXGWf32s1Stf6ENFtzupuEqTG8aZydeeRxMdqH1t9SCERqeUqQGvWDW +KTfOASek7/Hf5ff06/6B73YwNrBXSeqT1H/21L5kP+mHvZD2THdl9U1IvR5bGO7A +HMVbRnCHlMBfitpKbJAKYBeLTk7diY2KrhqtJSDmgA4xFn533oOysBLhJ22XHr8K +4pMHMRoY9AtD3Ak0HRWZ395BZM/30phwB0jCPkEnk/Rnv7GGxWNA6e2fii2c/q83 +pG4O1itLoztMI39l4oK838bSdFpzgP4glfcJhi1heBqgO6h61Ra1zs7k/MdERNoG +3/jqhvaXN/pxPlDJW6NN/P6LSsYRzrem9cryZX4rsEVj8Mel0SGXWkPDZhgtsGZS +2FBZ2wvr9NW+kx7/Blp28n9vLcB5HNB66xS5y5Kj1Q03tiPy7d1GHE2CxKJT3oD9 +IWUCgHmzc6eHkrhYRUIG78g2N2L6vYEsl49KcDcjtWRET0dp/UPbyO0HObddt+3a +uzeU7XwVwKrDqR3siHd7S1ny5Qb1QO+pMMdNQcsBa/CurfyAooC7ZExpTToDmRHz +tFxCKLPE7AEjCIe5RYxTj8fLHp9ew4OESzQ7oAUNqs0NkZ57ZqYpMDJmkbkCDQRn +KRPFARAA7AZXVugEPe8MuygBPracbFtKpeIGw5vGelZs2J87Mz0FQY84ikexIffY +9kYb/4s2M10QJ/LI/VHKwfk5PuP3ZDy+BFCgbdf3zmBs6NjJlzTG8CRNK9bE6LLk +K4Xdfywnc1J6tANfCM/2pWotWP/cUHyeRrUcVLsrMLdmj+TMKjF5nf+FXc9NYiNy +gm+0FIIo9nI4nGdGpZ+LkE0mjdLZJHWbFX3rvNrBeJnwx54GXqsuE58IG3P2D5uq +tdlih6e4yfkmzaZwfSFph4xJXdRYgLiSKfOvUQnGz4vX+FUJUE2KINzoNdwVejP1 +lVz2SOllM4yhlUORGTI556f7lLJr3Ari14uYMswTj6mB4cJL9ZrgqtjIRZ7s2kbV +VORImdFL5/JgZNa3ASK7BPon1TS3V3mFvGEztgCGWc4Sc1WaprcGrfKomz0b/uCJ +xnsIgn0kEcpMnM6cp+kaHEFI6A6gI5pZbq5ULMOp+tg+YJQgpCZqcHjjXEkUa4dU +8wsGNWOzCgwoaQreAzooxEINhDne7qwUr4lyXwehsFJ7NUhQqkpVfchb13nTpwTQ +WFJb829Ym/QUgxWWjILYGk6NJZWATBe2T+bdIo+yAIBwKrOLvGWWhHz4T0LbFyL1 +x0Ybl9qCGBKNo/qPSoPDD+yVE9AlzkAMh66SQ5hMKJKIPBC1uUkAEQEAAYkCMwQY +AQgAJxYhBGjSGCM0KhNoOus+TvtMaFtdwcE+BQJnKRPFAxsgBAUJA8JnAAAANxYP +/iolEuftNwy1EwXjdif51f47XdivEEJPifVBWaI+watRxrhWDUn62tXogywauGS2 +mJpXSp4v+SbSHTabiAQNkoPJZZd15aERcVpNXL3IKlJdRYmXmBJdNLDGuoFbJYuU +suThRP2X2yTmYx3LQkDy6ehtXgz95dCCBHXUMveOLto7SGyrHLFeQlxrBaNUZbko +vURqgMogn8LDE4jmKkW54whFCNC/D0Cj/DZ+rXWpVdj3OSeTqkWSn9EMct6z7BUc +O15tl8n3FXsxvWZ/+TTd1PnoZoD9TcRe8nYV2BZH7N/5gwRr0w8MdijZQ0S+T2Y6 +Tbjszyz4557F2WQ+DIpbkDya1i5j91GPxboLiktwxZr53+8hSmbka7DQXmrQBaT3 +8VsF70cvO0R6+9Ge4deZ9Nl62j+cICJiDikKPqncmg3kIt5tHxi1ab0AkFtfWSBW ++pJTZWDBggWzEETPxa7aHvP95IJJ4iABEVtOUnpwGtGRcJXKFu/Qs9ZZR8BSqIS1 +0bGsDhfH+MqsjTYmNF1b9tmReNKRrwr5wOWlyv2LEFZbkuRaw52IvyMTF9MbDbkU +DtZ3UeIecG/foy7/Nv7T8jrd358ur3d7eWaZXH2pAXynk6R/iiNj1iggdWQtLu30 +CAWOb+5yakQZtfHI+TYKveX5vlHjXHd0Fb2TGK5alk3d +=uF78 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libsemanage.spec b/libsemanage.spec new file mode 100644 index 0000000..82e252f --- /dev/null +++ b/libsemanage.spec @@ -0,0 +1,161 @@ +# +# spec file for package libsemanage +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define soversion 2 +%define libname libsemanage%{soversion} + +Name: libsemanage +Version: 3.8.1 +Release: 0 +Summary: SELinux policy management library +License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ +URL: https://github.com/SELinuxProject/selinux/wiki/Releases +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc +Source2: libsemanage.keyring +Source3: baselibs.conf +Source4: semanage.conf +# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards +# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux +#Patch0: libsemanage-update-map-file.patch +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: fdupes +BuildRequires: flex +BuildRequires: libbz2-devel +BuildRequires: libselinux-devel +BuildRequires: libsepol-devel +BuildRequires: pkgconfig +BuildRequires: python-rpm-macros + +%description +libsemanage is the policy management library. Using libsepol and +libselinux to interact with the SELinux system, it also calls helper +programs for loading policy and for checking whether the +file_contexts configuration is valid. + +%package -n %{libname} +Summary: SELinux policy management library +Group: System/Libraries +Suggests: %{name}-migrate-store +Requires: %{name}-conf >= %{version} + +%description -n %{libname} +libsemanage is the policy management library. Using libsepol and +libselinux to interact with the SELinux system, it also calls helper +programs for loading policy and for checking whether the +file_contexts configuration is valid. + +(Security-enhanced Linux is a feature of the kernel and some +utilities that implement mandatory access control policies, such as +Type Enforcement, Role-based Access Control and Multi-Level +Security.) + +%package conf +Summary: Configuration for the SELinux policy management library +# before 3.1 the config file wasn't separated, so no parallel install is possible +Group: System/Libraries +Obsoletes: %{name}1 < 3.1 + +%description conf +Configuration file for libsemanage. Moved to a separate package to allow +parallel installation + +%package devel +Summary: Header files and libraries for SELinux's policy management libary +Group: Development/Libraries/C and C++ +Requires: %{libname} = %{version} + +%description devel +The libsemanage-devel package contains the libraries and header files +needed for developing applications that manipulate SELinux policies. + +%package devel-static +Summary: Static archives for SELinux's policy management library +Group: Development/Libraries/C and C++ +Requires: libsemanage-devel + +%description devel-static +The libsemanage-devel-static package contains the static libraries +needed for developing applications that manipulate binary policies. + +%package migrate-store +Summary: SELinux Policy Store Migration +Group: Productivity/Security + +%description migrate-store +In version 2.4 of libsemanage, libsepol, and policycoreutils, the policy +module store was moved from /etc/selinux//modules/ to +/var/lib/selinux//. Once the libraries are upgraded, all policy +stores must be migrated before any commands that modify or use the store +(e.g. semodule, semanage) can be executed. + +%prep +%setup -q +# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files +grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" + +%build +%make_build clean +%make_build CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" CC="gcc" +%make_build CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all + +%install +mkdir -p %{buildroot}/%{_lib} +mkdir -p %{buildroot}%{_libdir} +mkdir -p %{buildroot}%{_includedir} +mkdir -p %{buildroot}%{_localstatedir}/lib/selinux +%make_install LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_libdir}" +ln -sf %{_libdir}/libsemanage.so.%{soversion} %{buildroot}/%{_libdir}/libsemanage.so +cp %{SOURCE4} %{buildroot}%{_sysconfdir}/selinux/semanage.conf + +# Fix shebang in scripts +for f in %{buildroot}%{_libexecdir}/selinux/* +do + [ -f $f ] && sed -i "1s@#!.*python.*@#!$(realpath %__python3)@" $f +done +# Remove duplicate files +%fdupes -s %{buildroot}%{_mandir} + +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig + +%files -n %{libname} +%{_libdir}/libsemanage.so.* +%dir %{_localstatedir}/lib/selinux + +%files conf +%dir %{_sysconfdir}/selinux +%config(noreplace) %{_sysconfdir}/selinux/semanage.conf + +%files devel +%{_libdir}/libsemanage.so +%{_libdir}/pkgconfig/libsemanage.pc +%{_includedir}/semanage/ +%{_mandir}/man3/* +%{_mandir}/man5/* + +%files migrate-store +%dir %{_libexecdir}/selinux +%{_libexecdir}/selinux/ + +%files devel-static +%{_libdir}/libsemanage.a + +%changelog diff --git a/python-semanage.changes b/python-semanage.changes new file mode 100644 index 0000000..ac62d7f --- /dev/null +++ b/python-semanage.changes @@ -0,0 +1,426 @@ +------------------------------------------------------------------- +Fri Mar 7 14:10:50 UTC 2025 - Cathy Hu + +- Update to version 3.8.1 + https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 + * libsemanage: improved performance of semanage store rebuild + +------------------------------------------------------------------- +Tue Feb 4 07:22:41 UTC 2025 - Robert Frohl + +- Update to version 3.8 + https://github.com/SELinuxProject/selinux/releases/tag/3.8 + * libsemanage: Preserve file context and ownership in policy store + * libsemanage: Optionally allow duplicate declarations + * Improved man pages + * libsemanage: Mute error messages from selinux_restorecon introduced in 3.8-rc1 + * Code improvements and bug fixes +- For a more in depth list of changes see + https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt +- Drop 1231587-build-libsemanage-with-swig-4.3.0.patch: fixed upstream +- keyring: Update Petr Lautrbach + * removed 0xBC3905F235179CF1 (expired: 2024-10-25) + * added 0xFB4C685B5DC1C13E (expires: 2026-11-04) + +------------------------------------------------------------------- +Tue Oct 15 11:41:31 UTC 2024 - Cathy Hu + +- Add 1231587-build-libsemanage-with-swig-4.3.0.patch to fix + build failure with swig 4.3.0 (bsc#1231587) + +------------------------------------------------------------------- +Mon Jul 1 07:57:45 UTC 2024 - Cathy Hu + +- Update to version 3.7 + https://github.com/SELinuxProject/selinux/releases/tag/3.7 + * Bugfixes: + * libsemanage: support huge passwd entries + +------------------------------------------------------------------- +Tue May 28 10:40:17 UTC 2024 - Cathy Hu + +- Build python-semanage for python311 in 15.4 and 15.5 instead of + python3.6 to fix build dependencies + +------------------------------------------------------------------- +Tue Dec 19 11:13:19 UTC 2023 - Cathy Hu + +- Update to version 3.6 + https://github.com/SELinuxProject/selinux/releases/tag/3.6 + * Add notself support for neverallow rules + * Improve man pages + * man pages: Remove the Russian translations + * Add notself and other support to CIL + * Add support for deny rules + * Translations updated from + https://translate.fedoraproject.org/projects/selinux/ + * Bug fixes +- Remove keys from keyring since they expired: + - E853C1848B0185CF42864DF363A8AD4B982C4373 + Petr Lautrbach + - 63191CE94183098689CAB8DB7EF137EC935B0EAF + Jason Zaman +- Add key to keyring: + - B8682847764DF60DF52D992CBC3905F235179CF1 + Petr Lautrbach + +------------------------------------------------------------------- +Thu May 4 14:20:40 UTC 2023 - Frederic Crozat + +- Add _multibuild to define additional spec files as additional + flavors. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz + +- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because + of LTO + +------------------------------------------------------------------- +Thu Mar 23 13:06:51 UTC 2023 - Martin Liška + +- Enable LTO now (boo#1138812). + +------------------------------------------------------------------- +Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz + +- Update to version 3.5 + * Allow user to set SYSCONFDIR + * always write kernel policy when check_ext_changes is specified +- Added additional developer key (Jason Zaman) + +------------------------------------------------------------------- +Mon May 9 10:37:17 UTC 2022 - Johannes Segitz + +- Update to version 3.4 + * Optionally rebuild policy when modules are changed externally + * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() + * Allow spaces in user/group names + +------------------------------------------------------------------- +Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz + +- Drop Buildrequires for libustr-devel, not needed anymore + +------------------------------------------------------------------- +Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * Fixed use-after-free in parse_module_store() + * Fixed use_after_free in semanage_direct_write_langext() + +------------------------------------------------------------------- +Mon Aug 16 13:13:41 UTC 2021 - Fabian Vogt + +- Call "make -j8 pywrap" instead of "make -j8 all pywrap" to fix random + build failures. The toplevel Makefile does not support concurrency, + and it resulted in parallel "make all" and "make pywrap" which weren't + aware of each other and stepped over the other's artifacts. + +------------------------------------------------------------------- +Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz + +- Minor spec file cleanups + +------------------------------------------------------------------- +Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz + +- Update to version 3.2 + * dropped old and deprecated symbols and functions + libsemanage version was bumped to libsemanage.so.2 + * libsemanage tries to sync data to prevent empty files in SELinux module + store + +------------------------------------------------------------------- +Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * Improved manpage + * fsync final files before rename + +------------------------------------------------------------------- +Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz + +- Disabled LTO again. This breaks e.g. shadow and also other packages + in security:SELinux + +------------------------------------------------------------------- +Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez + +- Fix build with LTO: [bsc#1133102] + * Enable LTO (Link Time Optimization) + * Update map file to include new symbols and remove wildcards +- Add libsemanage-update-map-file.patch + +------------------------------------------------------------------- +Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger + +- Drop suse_path.patch: replace it with a grep/sed logic replacing + /usr/libexec in all files with the correct value for all distros + (taking into account that openSUSE is in progress of migrating + from /usr/lib to /usr/libexec). + +------------------------------------------------------------------- +Fri May 29 12:51:17 UTC 2020 - Johannes Segitz + +- Apply suse_path.patch only for older distributions. Newer + use libexec + +------------------------------------------------------------------- +Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * Add support for DCCP and SCTP protocols + * include internal header to use the hidden function prototypes + * mark all exported function "extern" + * optionally optimize policy on rebuild + Refreshed suse_path.patch + +------------------------------------------------------------------- +Fri May 3 12:22:25 UTC 2019 - Martin Liška + +- Disable LTO (boo#1133280). + +------------------------------------------------------------------- +Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com + +- Update to version 2.9 + * Always set errno to 0 before calling getpwent() + * Include user name in ROLE_REMOVE audit events + * genhomedircon - improve handling large groups + * improve semanage_migrate_store import failure + * reset umask before creating directories + * set selinux policy root around calls to selinux_boolean_sub + * use previous seuser when getting the previous name + +------------------------------------------------------------------- +Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt + +- Use more %make_install. + +------------------------------------------------------------------- +Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com + +- Adjusted source urls (bsc#1115052) + +------------------------------------------------------------------- +Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com + +- update to version 2.8 + * semanage fcontext -l now also lists home directory entries from + file_contexts.homedirs. + * libsemanage no longer deletes the tmp directory if there is an error + while committing the policy transaction, so that any temporary files + can be further inspected for debugging purposes (e.g. to examine a + particular line of the generated CIL module). The tmp directory will + be deleted upon the next transaction, so no manual removal is needed. + * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc., + DESTDIR has to be removed from the definition. For example on Arch + Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin". + * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed). + +- Clened with spec-cleaner + +------------------------------------------------------------------- +Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com + +- Update to version 2.7. Changes: + * IB support + * saves linked policy and skips relinking whenever possible + +------------------------------------------------------------------- +Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com + +- Update to version 2.6. Notable changes: + * genhomedircon: do not suppress logging from libsepol + * genhomedircon: use userprefix as the role for homedir + * Fix bug preventing the installation of base modules + * Use pp module name instead of filename when installing module + * genhomedircon: remove hardcoded refpolicy strings + * genhomedircon: add support for %group syntax + * genhomedircon: generate contexts for logins mapped to the default user + * Validate and compile file contexts before installing + * Swap tcp and udp protocol numbers + * genhomedircon: %{USERID} and %{USERNAME} support and code cleanups + +------------------------------------------------------------------- +Wed Sep 27 15:51:27 UTC 2017 - jmatejek@suse.com + +- build both python2 and python3 version of the semanage binding + with the singlespec machinery + +------------------------------------------------------------------- +Sun Jul 17 15:21:03 UTC 2016 - jengelh@inai.de + +- Summary/description update + +------------------------------------------------------------------- +Fri Jul 8 15:35:05 UTC 2016 - i@marguerite.su + +- update version 2.5 + * Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss. + * Fix uninitialized variable in direct_commit and direct_api + * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so + * Store homedir_template and users_extra in policy store + * Fix null pointer dereference in semanage_module_key_destroy + * Add semanage_module_extract() to extract a module as CIL or HLL + * semanage_migrate_store: add -r option for migrating inside chroots + * Add file_contexts and seusers to the store + * Add policy binary and file_contexts.local to the store + * Allow to install compressed modules without a compression extension + * Do not copy contexts in semanage_migrate_store + * Fix logic in bunzip for uncompressed pp files + * Fix fname[] initialization in test_utilities.c + * Add remove-hll semanage.conf option to remove HLL files after + compilation to CIL + * Fix memory leaks when parsing semanage.conf + * Change bunzip to use heap instead of stack to prevent segfault on + systems with small stack size +- changes in 2.4 + * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different + directories + * Fix bugs found by hardened gcc flags + * Add missing manpage links to security_load_policy + * Fix failing libsemanage pywrap tests + * Fix deprecation warning for bison + * Skip policy module relink when only setting booleans + * Only try to compile file contexts if they exist + * Fix memory leak when setting a custom store path + * Add semodule option to set store root path in semanage.conf and the + semodule command + * Add semanage.conf option to set an alternative root path for policy + store + * Add support for High Level Language (HLL) to CIL compilers. The HLL + compiler path is configurable, but should be placed in + /usr/libexec/selinux/hll by default + * Create a policy migration script for migrating the policy store from + /etc/selinux to /var/lib/selinux + * Add python3 support to the migration script + * Use libcil to compile modules + * Use symbolic versioning to maintain ABI compatibility for old install + functions + * Add a target-platform option to semanage.conf to control how policies + are built + * Add API to handle modules and source policies, moving module store to + /var/lib/selinux + * Only try to compile file contexts if they exist +- changes in 2.3 + * Fix memory leak in semanage_genhomedircon + +------------------------------------------------------------------- +Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com + +- Update to version 2.2 + * Avoid duplicate list entries + * Add audit support to libsemanage + * Remove policy.kern and replace with symlink + * Apply a MAX_UID check for genhomedircon + * Fix man pages +- Add audit-devel BuildRequires; new dependency +- Add fdupes BuildRequires and use it to symlink duplicate manpages + +------------------------------------------------------------------- +Thu Jun 27 14:57:01 UTC 2013 - vcizek@suse.com + +- change the source url to the official 2.1.10 release tarball + +------------------------------------------------------------------- +Wed Jan 30 12:01:03 UTC 2013 - vcizek@suse.com + +- update to 2.1.9 + +------------------------------------------------------------------- +Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de + +- Remove obsolete defines/sections + +------------------------------------------------------------------- +Tue Oct 23 05:05:03 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel + +------------------------------------------------------------------- +Wed Aug 1 07:54:48 UTC 2012 - meissner@suse.com + +- updated to 2.1.6 + * changes too numerous to list + +------------------------------------------------------------------- +Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org + +- split off python bindings to separate package to reduce build + dependencies for rpm [bnc#695436] + +------------------------------------------------------------------- +Wed May 18 13:38:44 UTC 2011 - coolo@novell.com + +- add baselibs.conf for rpm-32bit to use + +------------------------------------------------------------------- +Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com + +- disable parallel build, it breaks too often + +------------------------------------------------------------------- +Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz + +- updated to 2.0.43 + * changes too numerous to list + +------------------------------------------------------------------- +Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz + +- fix assignment of wrong context [bnc#466793] + +------------------------------------------------------------------- +Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz + +- updated to 2.0.31 + * policy module compression (bzip) support from Dan Walsh + * hard link files between tmp/active/previous from Dan Walsh + * add semanage_mls_enabled() interface from Stephen Smalley + +------------------------------------------------------------------- +Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz + +- updated to 2.0.29 + * add USER to lines to homedir_template context file + * add compression support + * allow fcontext and seuser changes without rebuilding the policy + * don't rebuild on fcontext or seuser modifications + * modify genhomedircon to skip %groupname entries + +------------------------------------------------------------------- +Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de + +- fix debug_packages_requires define + +------------------------------------------------------------------- +Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz + +- require only version, not release [bnc#429053] + +------------------------------------------------------------------- +Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz + +- updated to 2.0.27 + * Modify genhomedircon to skip %groupname entries. + Ultimately we need to expand them to the list of users to support + per-role homedir labeling when using the %groupname syntax. +- updated to 2.0.26 + * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. + Strip any trailing slash before appending /*$. + +------------------------------------------------------------------- +Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de + +- fix requires for debuginfo package + +------------------------------------------------------------------- +Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz + +- initial version 2.0.25 + * based on Fedora package by Dan Walsh + + diff --git a/python-semanage.spec b/python-semanage.spec new file mode 100644 index 0000000..7b90946 --- /dev/null +++ b/python-semanage.spec @@ -0,0 +1,100 @@ +# +# spec file for package python-semanage +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?sle15_python_module_pythons} +%define soversion 2 +%define libname libsemanage%{soversion} + +%define libsepol_ver 3.8.1 +%define libselinux_ver 3.8.1 + +%{?!python_module:%define python_module() python-%{**} python3-%{**}} +Name: python-semanage +Version: 3.8.1 +Release: 0 +Summary: Python bindings for SELinux's policy management library +License: LGPL-2.1-only +Group: Development/Languages/Python +URL: https://github.com/SELinuxProject/selinux +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz.asc +Source2: libsemanage.keyring +Source3: baselibs.conf +# PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards +# For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux +# Patch0: libsemanage-update-map-file.patch +BuildRequires: %{python_module devel} +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: flex +BuildRequires: libbz2-devel +BuildRequires: libselinux-devel >= %{libselinux_ver} +BuildRequires: libsepol-devel >= %{libsepol_ver} +BuildRequires: python-rpm-macros +BuildRequires: swig +# Ensure same version +Requires: %{libname} = %{version} +%python_subpackages + +%description +This package contains the Python bindings for developing +SELinux policy management applications. + +%prep +%autosetup -p1 -n libsemanage-%{version} +# Replace /usr/libexec with whatever the distro defines as libexecdir - across all files +grep /usr/libexec . -rl | xargs sed -i "s|/usr/libexec|%{_libexecdir}|g" + +%build +%make_build clean +%{python_expand # loop over possible pythons +%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" swigify +%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" \ + LIBDIR="%{_libdir}" \ + LIBEXECDIR="%{_libexecdir}" \ + SHLIBDIR="%{_lib}" \ + pywrap +} + +%install +mkdir -p %{buildroot}/%{_lib} +mkdir -p %{buildroot}%{_libdir} +mkdir -p %{buildroot}%{_includedir} +%{python_expand # loop over possible pythons +%make_install install-pywrap PYTHON="$python" \ + LIBDIR="%{_libdir}" \ + LIBEXECDIR="%{_libexecdir}" \ + SHLIBDIR="%{_libdir}" +} + +# remove files contained in other packages +rm -rf %{buildroot}%{_sysconfdir} +%if "%{_lib}" == "lib64" +rm -rf %{buildroot}%{_libexecdir} +%else +rm -rf %{buildroot}%{_libexecdir}/selinux +%endif +rm -rf %{buildroot}%{_includedir} +rm -f %{buildroot}%{_libdir}/libsemanage.* +rm -rf %{buildroot}%{_libdir}/pkgconfig +rm -rf %{buildroot}%{_mandir} + +%files %{python_files} +%{python_sitearch}/* + +%changelog diff --git a/semanage.conf b/semanage.conf new file mode 100644 index 0000000..5bae089 --- /dev/null +++ b/semanage.conf @@ -0,0 +1,51 @@ +# Authors: Jason Tang +# +# Copyright (C) 2004-2005 Tresys Technology, LLC +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +# +# Specify how libsemanage will interact with a SELinux policy manager. +# The four options are: +# +# "source" - libsemanage manipulates a source SELinux policy +# "direct" - libsemanage will write directly to a module store. +# /foo/bar - Write by way of a policy management server, whose +# named socket is at /foo/bar. The path must begin +# with a '/'. +# foo.com:4242 - Establish a TCP connection to a remote policy +# management server at foo.com. If there is a colon +# then the remainder is interpreted as a port number; +# otherwise default to port 4242. +module-store = direct + +# When generating the final linked and expanded policy, by default +# semanage will set the policy version to POLICYDB_VERSION_MAX, as +# given in . Change this setting if a different +# version is necessary. +#policy-version = 19 + +# expand-check check neverallow rules when executing all semanage commands. +# Large penalty in time if you turn this on. +expand-check=0 + +# usepasswd check tells semanage to scan all pass word records for home directories +# and setup the labeling correctly. If this is turned off, SELinux will label /home +# correctly only. You will need to use semanage fcontext command. +# For example, if you had home dirs in /althome directory you would have to execute +# semanage fcontext -a -e /home /althome +usepasswd=False +bzip-small=true +bzip-blocksize=5 +ignoredirs=/root -- 2.51.1 From a63e839b6a6001fb4e83a5a68a1ecd94e1fd5c64135787e6420e4afa4ff90924 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Wed, 23 Jul 2025 12:18:49 +0000 Subject: [PATCH 9/9] next try for 3.9 toolchain. Addition of neveraudit causes the issues. We will have to rebuild all existing selinux modules. Dimstar is aware OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=127 --- libsemanage-3.8.1.tar.gz | 3 --- libsemanage-3.8.1.tar.gz.asc | 16 ---------------- libsemanage.changes | 9 +++++++++ libsemanage.spec | 2 +- python-semanage.changes | 9 +++++++++ python-semanage.spec | 6 +++--- 6 files changed, 22 insertions(+), 23 deletions(-) delete mode 100644 libsemanage-3.8.1.tar.gz delete mode 100644 libsemanage-3.8.1.tar.gz.asc diff --git a/libsemanage-3.8.1.tar.gz b/libsemanage-3.8.1.tar.gz deleted file mode 100644 index 49eb50f..0000000 --- a/libsemanage-3.8.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7b39127b219cc70bfd935a4af6b0f2ba83d4b35c916f253c7e942c23ab490f07 -size 184618 diff --git a/libsemanage-3.8.1.tar.gz.asc b/libsemanage-3.8.1.tar.gz.asc deleted file mode 100644 index 0ff1cc4..0000000 --- a/libsemanage-3.8.1.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6cACgkQzcroySfG -vjF0qA/5AfSoicNi40GsZAfRTZ62uKKrMsmAQMP9FvnqTobDHDZr+POFcVblPmE6 -Ud7yK+ojeKaYt/jj5IL6Ce0qwFnvHHMXRyUB7wKPLp0jkfxG1eM2Ogfv2oVlzKcH -hCLxU3rkMD+UhXX76gPTkgvnxIXhOkX1wTNIBXiQzVwey0lf+MXglga6dF5pvi9j -qqm/9YZZyMvMfcyap60W+yZgs01IJu4GOLV3wEJ1GjUhOpXoWpMEOH8byaUSl1OJ -r1mA7h04WwZvnAKm6KVF3CZQpYb81KwDX8IsY57fJ/QMrvY0Ge4587CAgXCdaBBm -A628RmzyNEXep8tonm4+gn1KlGmO+/YRo1hu72bSXvb5G2i4eL1bUKryAiSs0edR -/zc1wLjtwcgQkIZBx3zjib2wH8E0BP0wqh3BdtnLPtdjM2A6DNn9M0GuntCKjDX1 -WbHjt7dHN41sqosh9hzicOzaIzwqvDPCJvAew5H8N84oQZAObV6Y0StjVUUrbRue -XS0YJqbY9A20bn8hIRx21TmhUGwzE1XfDgfIgGJUS+85P/zF5xU2tNcuOvXp9g6w -M0uIIgS+hn1j1hNGF7+rCogicbzUBX5DPA80+us9738AGxj12/0s99lOoCCRynRF -5sG0bDn+VuhG7LOR1QwxtAgnKd5G0omYVLnkzvv/BTa+vAlp4OY= -=uHtc ------END PGP SIGNATURE----- diff --git a/libsemanage.changes b/libsemanage.changes index 165e7f1..0653eb4 100644 --- a/libsemanage.changes +++ b/libsemanage.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Jul 17 15:46:08 UTC 2025 - Johannes Segitz + +- Update to version 3.9 + * Improved POSIX compliance (added semanage_basename) + * Add relabel_store config option + * Add semanage_handle_create_with_path + * Add relabel_store config option to semanage.conf + ------------------------------------------------------------------- Fri Mar 7 14:10:50 UTC 2025 - Cathy Hu diff --git a/libsemanage.spec b/libsemanage.spec index 82e252f..cb04c5f 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -20,7 +20,7 @@ %define libname libsemanage%{soversion} Name: libsemanage -Version: 3.8.1 +Version: 3.9 Release: 0 Summary: SELinux policy management library License: LGPL-2.1-or-later diff --git a/python-semanage.changes b/python-semanage.changes index ac62d7f..913603f 100644 --- a/python-semanage.changes +++ b/python-semanage.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Jul 17 15:46:08 UTC 2025 - Johannes Segitz + +- Update to version 3.9 + * Improved POSIX compliance (added semanage_basename) + * Add relabel_store config option + * Add semanage_handle_create_with_path + * Add relabel_store config option to semanage.conf + ------------------------------------------------------------------- Fri Mar 7 14:10:50 UTC 2025 - Cathy Hu diff --git a/python-semanage.spec b/python-semanage.spec index 7b90946..a5b6460 100644 --- a/python-semanage.spec +++ b/python-semanage.spec @@ -20,12 +20,12 @@ %define soversion 2 %define libname libsemanage%{soversion} -%define libsepol_ver 3.8.1 -%define libselinux_ver 3.8.1 +%define libsepol_ver 3.9 +%define libselinux_ver 3.9 %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-semanage -Version: 3.8.1 +Version: 3.9 Release: 0 Summary: Python bindings for SELinux's policy management library License: LGPL-2.1-only -- 2.51.1