Accepting request 234313 from home:vitezslav_cizek:branches:security:SELinux

- update to 2.3
  * Improve error message for name-based transition conflicts.
  * Revert libsepol: filename_trans: use some better sorting to compare and merge.
  * Report source file and line information for neverallow failures.
  * Fix valgrind errors in constraint_expr_eval_reason from Richard Haines.
  * Add sepol_validate_transition_reason_buffer function from Richard Haines.
- dropped libsepol-2.1.4-role_fix_callback.patch (upstream)

OBS-URL: https://build.opensuse.org/request/show/234313
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=49

libsepol-2.1.4-role_fix_callback.patch

@@ -1,42 +0,0 @@
-From: Harry Ciao <qingtao.cao@windriver.com>
-To: <selinux@tycho.nsa.gov>
-Subject: [v1 PATCH 1/1] role_fix_callback skips out-of-scope roles during
- expansion.
-Date: Sat, 25 Feb 2012 09:40:08 +0800
-Message-ID: <1330134008-3259-1-git-send-email-qingtao.cao@windriver.com>
-X-Mailer: git-send-email 1.7.0.4
-MIME-Version: 1.0
-Content-Type: text/plain
-Sender: owner-selinux@tycho.nsa.gov
-Precedence: bulk
-X-Mailing-List: selinux-tycho.nsa.gov
-Content-Transfer-Encoding: 8bit
-
-If a role identifier is out of scope it would be skipped over during
-expansion, accordingly, be it a role attribute, it should be skipped
-over as well when role_fix_callback tries to propagate its capability
-to all its sub-roles.
-
-Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
----
- libsepol/src/expand.c |    5 +++++
- 1 files changed, 5 insertions(+), 0 deletions(-)
-
-diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
-index 493e478..befb720 100644
---- libsepol/src/expand.c
-+++ libsepol/src/expand.c
-@@ -688,6 +688,11 @@ static int role_fix_callback(hashtab_key_t key, hashtab_datum_t datum,
- 		return 0;
- 	}
- 
-+	if (!is_id_enabled(id, state->base, SYM_ROLES)) {
-+		/* identifier's scope is not enabled */
-+		return 0;
-+	}
-+
- 	if (role->flavor != ROLE_ATTRIB)
- 		return 0;
- 
--- 
-1.7.0.4

libsepol-2.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cc8d8642c3b7b95d6928d65dcbca2ab0627abc1c05166637851e63c1a6eae68f
+size 209570

libsepol.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Fri May 16 13:06:12 UTC 2014 - vcizek@suse.com
+
+- update to 2.3
+  * Improve error message for name-based transition conflicts.
+  * Revert libsepol: filename_trans: use some better sorting to compare and merge.
+  * Report source file and line information for neverallow failures.
+  * Fix valgrind errors in constraint_expr_eval_reason from Richard Haines.
+  * Add sepol_validate_transition_reason_buffer function from Richard Haines.
+- dropped libsepol-2.1.4-role_fix_callback.patch (upstream)
+
 -------------------------------------------------------------------
 Thu Oct 31 13:36:48 UTC 2013 - p.drouand@gmail.com
 

libsepol.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libsepol
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           libsepol
-Version:        2.2
+Version:        2.3
 Release:        0
 Url:            http://www.nsa.gov/selinux/
 Summary:        SELinux binary policy manipulation library
@@ -25,7 +25,6 @@ License:        LGPL-2.1+
 Group:          System/Libraries
 Source:         http://userspace.selinuxproject.org/releases/20131030/%{name}-%{version}.tar.gz
 Source2:        baselibs.conf
-Patch:          libsepol-2.1.4-role_fix_callback.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  pkg-config
 
@@ -99,7 +98,6 @@ policies.
 
 %prep
 %setup -q
-%patch -p1
 
 %build
 make %{?_smp_mflags} CC="%{__cc}" CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS)"