From 4a29d23670ace7f5492217d239e7f5e9ad2d9d294955c2fe3cf995cac427fb41 Mon Sep 17 00:00:00 2001 From: Hu Date: Tue, 2 Jul 2024 09:43:24 +0000 Subject: [PATCH] Accepting request 1184295 from home:cahu:security:SELinux:userspace37 - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * User-visible changes: * libsepol: improve policy lookup failure message * libsepol: include prefix for module policy versions * libsepol: validate type-attribute-map for old policies * libsepol: only exempt gaps checking for kernel policies * Bugfixes: * libsepol/src/Makefile: fix reallocarray detection * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772) * libsepol: ensure transitivity in compare functions * oss-fuzz fixes: * libsepol: check scope permissions refer to valid class * libsepol: validate attribute-type maps * libsepol: reject self flag in type rules in old policies * libsepol: validate class permissions * libsepol: validate access vector permissions * libsepol: reject MLS support in pre-MLS policies * libsepol: Fix buffer overflow when using sepol_av_to_string() * libsepol: Use a dynamic buffer in sepol_av_to_string() OBS-URL: https://build.opensuse.org/request/show/1184295 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=98 --- .gitattributes | 23 ++ .gitignore | 1 + baselibs.conf | 1 + libsepol-3.6.tar.gz | 3 + libsepol-3.6.tar.gz.asc | 16 ++ libsepol-3.7.tar.gz | 3 + libsepol-3.7.tar.gz.asc | 16 ++ libsepol.changes | 455 ++++++++++++++++++++++++++++++++++++++++ libsepol.keyring | 110 ++++++++++ libsepol.spec | 130 ++++++++++++ 10 files changed, 758 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 baselibs.conf create mode 100644 libsepol-3.6.tar.gz create mode 100644 libsepol-3.6.tar.gz.asc create mode 100644 libsepol-3.7.tar.gz create mode 100644 libsepol-3.7.tar.gz.asc create mode 100644 libsepol.changes create mode 100644 libsepol.keyring create mode 100644 libsepol.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..3b862da --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libsepol2 diff --git a/libsepol-3.6.tar.gz b/libsepol-3.6.tar.gz new file mode 100644 index 0000000..8b64a92 --- /dev/null +++ b/libsepol-3.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c9dc585ea94903d784d597c861cd5dce6459168f95e22b31a0eab1cdd800975a +size 509100 diff --git a/libsepol-3.6.tar.gz.asc b/libsepol-3.6.tar.gz.asc new file mode 100644 index 0000000..6738838 --- /dev/null +++ b/libsepol-3.6.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAMACgkQRpWIHCVF +CNEEfg//aHKtL3/mMdGCf8nJDizS0WisFmw3wx+z6R2r0Zs6umouzv9YgjmL3pUg +LRrSgSyqYAZKXipooK0vyXhhZOnOh6kmOY3sEjR2I+4kwWQx7IzN0DFO7p/NVUo6 +GnNmGmxFhc6mEgu6926D5ACyigoB9gysyZcQxjWGQyrRM9oAlw2bBuvN+pyic+g/ +hX7KcHgki64nNXA6dfPkoTzKE+wQ83Ni0uQmo6fzNNf+XVrb1Qw6IL3cj52Iocja +IB91wOjSJ3WyCdYxuZ2UZu2FBJbS7DNFQCDwIskdecX2gsTrrjYF2spKK1+9Uiny +I4nt+9H7rHg/bZltnWIMUekBKKO58DmZziJ6oEUkHkc4vRBWrNJP74DHSPSA617v +q6y7RBP8bavehOGIfqvQ7ChXxGzGXwhjpchAOAQJ7gPEXzqnI8UgzqoXKZ1Pnyod +mUfteWBLuJlmyPcJeZ1wXBFo3G8l7ec/3nOwZ91Fn+Aw0Tx3/HS6Sm7GOYhI/uqy +TMk29w2tpL5LS7XEQnYgxzLEY0EH4QXHuVrR08zKbDfX+UnVSePzSGqNdaXfJyI+ +sTz9d0Uaa3LK3wucPFAGTJyeszYk8FuQi7JMfq4jh3GPtC7qCwKCkrgwPQpB1coo +WKgd/OodA2ZzTkjT28DERI7adUYjfDxXb7HQr/oW8poWePoD7yA= +=D1Md +-----END PGP SIGNATURE----- diff --git a/libsepol-3.7.tar.gz b/libsepol-3.7.tar.gz new file mode 100644 index 0000000..3f1638f --- /dev/null +++ b/libsepol-3.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cd741e25244e7ef6cd934d633614131a266c3eaeab33d8bfa45e8a93b45cc901 +size 511487 diff --git a/libsepol-3.7.tar.gz.asc b/libsepol-3.7.tar.gz.asc new file mode 100644 index 0000000..5dc777c --- /dev/null +++ b/libsepol-3.7.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF +CNGuSQ//cFEkvjL9a7cTSPE7HI66nyYK7Kd0qj9IZfZ0356U8tC17FwBgHs4PGd5 +o2k7fMBgF9cK8Eycj5JHeu5XmyfVnn+opWn+T6K8UeostDSLxSgqaUqQ5HxK6e0E +fR5NOR/SgNs6NDZPTAp61nXPVpUng0+N73FLDAyU9Yygy3Y3bF89elLzL0M2l9lB +CrKv79F5WSGDG8h5YBmXloCBFiT2pzSe3D1Yse8eq34AeJAoVArz1KgQgU+dBVjW +cldkFvzvCnOkuEoFW5M4dRpc8MEXChRVEM0RmGnzamxIpnK99qN/dlgDe3sTCYi7 +Sl42IOQuFsbVVo3Tk9Nx61oQuoPqWGe+V61ZlOTryawKm84svJ6aP74E7x0bT3KD +V1964Yw+SbPqLYXTVHG2lpBvB2O79XjQQ00AZXys7d5b2CAallNXwTeK0HrcUT5T +CzsBCEX4i/PLxJte6MNTIbCC4lMiyvf6AOUpus949m1WEQCtFDv/3fyHfM91uA5g +TsGzkupwqXGepDSFZyU5lyhsCup2VC/5qh9x4zhAs4SoUb/JLTpobwiW4TwBy4mp +xijH5y7g50u3y1k9rNcW0wNDMot+ROOdTwCRqyAzpC8rzfmaVhD7qcu4zry2CeI1 +AbGP1KH319s1Ae7wygj+/xGAiYHKR4NwL/SgdenNV4xsw/sn2gg= +=YJy0 +-----END PGP SIGNATURE----- diff --git a/libsepol.changes b/libsepol.changes new file mode 100644 index 0000000..700dfd3 --- /dev/null +++ b/libsepol.changes @@ -0,0 +1,455 @@ +------------------------------------------------------------------- +Mon Jul 1 08:01:08 UTC 2024 - Cathy Hu + +- Update to version 3.7 + https://github.com/SELinuxProject/selinux/releases/tag/3.7 + * User-visible changes: + * libsepol: improve policy lookup failure message + * libsepol: include prefix for module policy versions + * libsepol: validate type-attribute-map for old policies + * libsepol: only exempt gaps checking for kernel policies + * Bugfixes: + * libsepol/src/Makefile: fix reallocarray detection + * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772) + * libsepol: ensure transitivity in compare functions + * oss-fuzz fixes: + * libsepol: check scope permissions refer to valid class + * libsepol: validate attribute-type maps + * libsepol: reject self flag in type rules in old policies + * libsepol: validate class permissions + * libsepol: validate access vector permissions + * libsepol: reject MLS support in pre-MLS policies + * libsepol: Fix buffer overflow when using sepol_av_to_string() + * libsepol: Use a dynamic buffer in sepol_av_to_string() + +------------------------------------------------------------------- +Tue Dec 19 09:20:58 UTC 2023 - Cathy Hu + +- Update to version 3.6 + https://github.com/SELinuxProject/selinux/releases/tag/3.6 + * struct cond_expr_t bool renamed to boolean + The change is indicated by COND_EXPR_T_RENAME_BOOL_BOOLEAN macro + * Add notself support for neverallow rules + * Improve man pages + * man pages: Remove the Russian translations + * Add notself and other support to CIL + * Add support for deny rules + * Translations updated from + https://translate.fedoraproject.org/projects/selinux/ + * Bug fixes +- Remove keys from keyring since they expired: + - E853C1848B0185CF42864DF363A8AD4B982C4373 + Petr Lautrbach + - 63191CE94183098689CAB8DB7EF137EC935B0EAF + Jason Zaman +- Add key to keyring: + - B8682847764DF60DF52D992CBC3905F235179CF1 + Petr Lautrbach + +------------------------------------------------------------------- +Thu Mar 23 16:06:02 UTC 2023 - Martin Liška + +- Enable LTO now (boo#1138813). + +------------------------------------------------------------------- +Fri Feb 24 07:50:14 UTC 2023 - Johannes Segitz + +- Update to version 3.5 + * Stricter policy validation + * do not write empty class definitions to allow simpler round-trip tests + * reject attributes in type av rules for kernel policies +- Added additional developer key (Jason Zaman) + +------------------------------------------------------------------- +Mon May 9 10:27:53 UTC 2022 - Johannes Segitz + +- Update to version 3.4 + * Add 'ioctl_skip_cloexec' policy capability + * Add sepol_av_perm_to_string + * Add policy utilities + * Support IPv4/IPv6 address embedding + * Hardened/added many validations + * Add support for file types in writing out policy.conf + * Allow optional file type in genfscon rules + +------------------------------------------------------------------- +Thu Nov 11 13:28:14 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch + are all included + * Lot of smaller fixes identified by fuzzing + +------------------------------------------------------------------- +Wed Jul 21 13:16:54 UTC 2021 - Johannes Segitz + +- Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928. + Added CVE-2021-36087.patch + +------------------------------------------------------------------- +Mon Jul 5 11:31:07 UTC 2021 - Johannes Segitz + +- Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965). + Added CVE-2021-36085.patch +- Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964). + Added CVE-2021-36086.patch + +------------------------------------------------------------------- +Tue Mar 9 09:11:42 UTC 2021 - Johannes Segitz + +- Update to version 3.2 + * more space-efficient form of storing filename transitions in the binary + policy and reduced the size of the binary policy + * dropped old and deprecated symbols and functions. Version was bumped to + libsepol.so.2 + +------------------------------------------------------------------- +Thu Oct 29 10:40:16 UTC 2020 - Ludwig Nussel + +- install to /usr (boo#1029961) + +------------------------------------------------------------------- +Tue Jul 14 08:39:58 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * Add support for new polcap genfs_seclabel_symlinks + * Initialize the multiple_decls field of the cil db + * Return error when identifier declared as both type and attribute + * Write CIL default MLS rules on separate lines + * Sort portcon rules consistently + * Remove leftovers of cil_mem_error_handler + * Drop remove_cil_mem_error_handler.patch, is included + +------------------------------------------------------------------- +Mon Apr 27 19:35:18 UTC 2020 - Martin Liška + +- Enable -fcommon in order to fix boo#1160874. + +------------------------------------------------------------------- +Tue Mar 3 12:17:04 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * cil: Allow validatetrans rules to be resolved + * cil: Report disabling an optional block only at high verbose levels + * cil: do not dereference perm_value_to_cil when it has not been allocated + * cil: fix mlsconstrain segfault + * Further improve binary policy optimization + * Make an unknown permission an error in CIL + * Remove cil_mem_error_handler() function pointer + * Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping + * Add a function to optimize kernel policy + * Add ebitmap_for_each_set_bit macro + + Dropped fnocommon.patch as it's included upstream + +------------------------------------------------------------------- +Thu Jan 30 14:11:56 UTC 2020 - Johannes Segitz + +- Add fnocommon.patch to prevent build failures on gcc10 and + remove_cil_mem_error_handler.patch to prevent build failures due to + leftovers from the removal of cil_mem_error_handler (bsc#1160874) + +------------------------------------------------------------------- +Thu Jun 20 10:25:00 UTC 2019 - Martin Liška + +- Disable LTO due to symbol versioning (boo#1138813). + +------------------------------------------------------------------- +Wed Mar 20 15:12:34 UTC 2019 - jsegitz@suse.com + +- Update to version 2.9 + * Add two new Xen initial SIDs + * Check that initial sid indexes are within the valid range + * Create policydb_sort_ocontexts() + * Eliminate initial sid string definitions in module_to_cil.c + * Rename kernel_to_common.c stack functions + * add missing ibendport port validity check + * destroy the copied va_list + * do not call malloc with 0 byte + * do not leak memory if list_prepend fails + * do not use uninitialized value for low_value + * fix endianity in ibpkey range checks + * ibpkeys.c: fix printf format string specifiers for subnet_prefix + * mark permissive types when loading a binary policy + +------------------------------------------------------------------- +Thu Nov 8 09:34:54 UTC 2018 - Jan Engelhardt + +- Use more %make_install. + +------------------------------------------------------------------- +Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com + +- Adjusted source urls (bsc#1115052) + +------------------------------------------------------------------- +Wed Oct 17 11:54:52 UTC 2018 - jsegitz@suse.com + +- Update to version 2.8 (bsc#1111732) + For changes please see + https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt + +------------------------------------------------------------------- +Wed May 16 07:13:18 UTC 2018 - mcepl@suse.com + +- Rebase to 2.7 + For changes please see + https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt + +------------------------------------------------------------------- +Fri Nov 24 09:16:47 UTC 2017 - jsegitz@suse.com + +- Update to version 2.6. Notable changes: + * Add support for converting extended permissions to CIL + * Create user and role caches when building binary policy + * Check for too many permissions in classes and commons in CIL + * Fix xperm mapping between avrule and avtab + * Produce more meaningful error messages for conflicting type rules in CIL + * Change which attributes CIL keeps in the binary policy + * Warn instead of fail if permission is not resolved + * Ignore object_r when adding userrole mappings to policydb + * Correctly detect unknown classes in sepol_string_to_security_class + * Fix neverallowxperm checking on attributes + * Only apply bounds checking to source types in rules + * Fix CIL and not add an attribute as a type in the attr_type_map + * Fix extended permissions neverallow checking + * Fix CIL neverallow and bounds checking + * Add support for portcon dccp protocol + +------------------------------------------------------------------- +Fri Jul 15 14:29:28 UTC 2016 - jengelh@inai.de + +- Update RPM groups, trim description and combine filelist entries. + +------------------------------------------------------------------- +Thu Jul 14 14:38:09 UTC 2016 - mpluskal@suse.com + +- Cleanup spec file with spec-cleaner +- Make spec file a bit more easy +- Ship new supbackage (-tools) + +------------------------------------------------------------------- +Thu Jul 14 14:21:46 UTC 2016 - jsegitz@novell.com + +- Without bug number no submit to SLE 12 SP2 is possible, so to make + sle-changelog-checker happy: bsc#988977 + +------------------------------------------------------------------- +Thu Jul 14 07:57:35 UTC 2016 - jsegitz@novell.com + +- Adjusted source link + +------------------------------------------------------------------- +Tue Jul 5 17:11:44 UTC 2016 - i@marguerite.su + +- update version 2.5 + * Fix unused variable annotations + * Fix uninitialized variable in CIL + * Validate extended avrules and permissionxs in CIL + * Add support in CIL for neverallowx + * Fully expand neverallowxperm rules + * Add support for unordered classes to CIL + * Add neverallow support for ioctl extended permissions + * Improve CIL block and macro call recursion detection + * Fix CIL uninitialized false positive in cil_binary + * Provide error in CIL if classperms are empty + * Add userattribute{set} functionality to CIL + * fix CIL blockinherit copying segfault and add macro restrictions + * fix CIL NULL pointer dereference when copying classpermission/set + * Add CIL support for ioctl whitelists + * Fix memory leak when destroying avtab + * Replace sscanf in module_to_cil + * Improve CIL resolution error messages + * Fix policydb_read for policy versions < 24 + * Added CIL bounds checking and refactored CIL Neverallow checking + * Refactored libsepol Neverallow and bounds (hierarchy) checking + * Treat types like an attribute in the attr_type_map + * Add new ebitmap function named ebitmap_match_any() + * switch operations to extended perms + * Write auditadm_r and secadm_r roles to base module when writing CIL + * Fix module to CIL to only associate declared roleattributes with in-scope types + * Don't allow categories/sensitivities inside blocks in CIL + * Replace fmemopen() with internal function in libsepol + * Verify users prior to evaluating users in cil + * Binary modules do not support ioctl rules + * Add support for ioctl command whitelisting + * Don't use symbol versioning for static object files + * Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(), + and sepol_ppfile_to_module_package() + * Move secilc out of libsepol + * fix building Xen policy with devicetreecon, and add devicetreecon + CIL documentation + * bool_copy_callback set state on creation + * Add device tree ocontext nodes to Xen policy + * Widen Xen IOMEM context entries + * Fix error path in mls_semantic_level_expand() + * Update to latest CIL, includes new name resolution and fixes ordering + issues with blockinherit statements, and bug fixes +- changes in 2.4 + * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR + * Fix bugs found by hardened gcc flags + * Build CIL into libsepol. libsepol can be built without CIL by setting the + DISABLE_CIL flag to 'y' + * Add an API function to set target_platform + * Report all neverallow violations + * Improve check_assertions performance + * Allow libsepol C++ static library on device + +------------------------------------------------------------------- +Fri May 16 13:06:12 UTC 2014 - vcizek@suse.com + +- update to 2.3 + * Improve error message for name-based transition conflicts. + * Revert libsepol: filename_trans: use some better sorting to compare and merge. + * Report source file and line information for neverallow failures. + * Fix valgrind errors in constraint_expr_eval_reason from Richard Haines. + * Add sepol_validate_transition_reason_buffer function from Richard Haines. +- dropped libsepol-2.1.4-role_fix_callback.patch (upstream) + +------------------------------------------------------------------- +Thu Oct 31 13:36:48 UTC 2013 - p.drouand@gmail.com + +- Update to version 2.2 + * Allow constraint denial cause to be determined + - Add kernel policy version 29. + - Add modular policy version 17. + - Add sepol_compute_av_reason_buffer(), sepol_string_to_security + _class(), sepol_string_to_av_perm(). + * Support overriding Makefile RANLIB + * Fix man pages +- Remove libsepol-rhat.patch; merged on upstream + +------------------------------------------------------------------- +Thu Jun 27 14:37:12 UTC 2013 - vcizek@suse.com + +- change the source url to the official 2.1.9 release tarball + +------------------------------------------------------------------- +Sat Jun 22 01:40:19 UTC 2013 - crrodriguez@opensuse.org + +- Build with LFS_CFLAGS for 32 bit archs + +------------------------------------------------------------------- +Fri Apr 5 15:31:13 UTC 2013 - vcizek@suse.com + +- remove a debugging artifact in spec + +------------------------------------------------------------------- +Thu Apr 4 19:26:35 UTC 2013 - vcizek@suse.com + +- fixed source url + +------------------------------------------------------------------- +Wed Feb 13 14:34:39 UTC 2013 - vcizek@suse.com + +- update to 2.1.9 + * filename_trans: use some better sorting to compare and merge + * coverity fixes + * implement default type policy syntax + * Fix memory leak issues found by Klocwork +- added libsepol-rhat.patch + +------------------------------------------------------------------- +Mon Jan 7 22:46:48 UTC 2013 - jengelh@inai.de + +- Remove obsolete defines/sections + +------------------------------------------------------------------- +Mon Dec 10 17:34:14 UTC 2012 - p.drouand@gmail.com + +- Update to 2.1.8 version: + * fix neverallow checking on attributes + * Move context_copy() after switch block in ocontext_copy_*(). + * check for missing initial SID labeling statement. + * Add always_check_network policy capability + * role_fix_callback skips out-of-scope roles during expansion. + +------------------------------------------------------------------- +Thu Oct 25 10:47:00 UTC 2012 - vcizek@suse.com + +- skip roles which are out of scope when expanding attributes +- needed for building selinux-policy + +------------------------------------------------------------------- +Wed Jul 25 11:16:59 UTC 2012 - meissner@suse.com + +- updated to 2.1.4 + - lots of updates + +------------------------------------------------------------------- +Wed Oct 5 15:11:06 UTC 2011 - uli@suse.com + +- cross-build fix: use %__cc macro + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Sat Apr 24 11:38:22 UTC 2010 - coolo@novell.com + +- buildrequire pkg-config to fix provides + +------------------------------------------------------------------- +Thu Feb 25 15:00:29 UTC 2010 - prusnak@suse.cz + +- updated to 2.0.41 + * changes too numerous to list + +------------------------------------------------------------------- +Sun Dec 13 01:35:55 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Wed Nov 11 18:18:22 UTC 2009 - crrodriguez@opensuse.org + +- libsepol-devel Requires glibc-devel + +------------------------------------------------------------------- +Fri Jun 19 13:26:45 CEST 2009 - prusnak@suse.cz + +- put static library in libsepol-devel-static + +------------------------------------------------------------------- +Wed May 27 13:56:59 CEST 2009 - prusnak@suse.cz + +- updated to 2.0.36 + * fix alias field in module format, caused by boundary format + change from Caleb Case + * fix boolean state smashing from Joshua Brindle + +------------------------------------------------------------------- +Mon Dec 1 11:37:58 CET 2008 - prusnak@suse.cz + +- updated to 2.0.34 + * add bounds support + * fix invalid aliases bug + +------------------------------------------------------------------- +Wed Oct 22 16:17:24 CEST 2008 - mrueckert@suse.de + +- fix debug_packages_requires define + +------------------------------------------------------------------- +Tue Sep 23 12:53:01 CEST 2008 - prusnak@suse.cz + +- require only version, not release [bnc#429053] + +------------------------------------------------------------------- +Fri Aug 22 14:45:33 CEST 2008 - prusnak@suse.cz + +- added baselibs.conf file + +------------------------------------------------------------------- +Fri Aug 1 17:32:23 CEST 2008 - ro@suse.de + +- fix requires for debuginfo package + +------------------------------------------------------------------- +Tue Jul 15 15:35:54 CEST 2008 - prusnak@suse.cz + +- initial version 2.0.32 + * based on Fedora package by Dan Walsh + diff --git a/libsepol.keyring b/libsepol.keyring new file mode 100644 index 0000000..0da0602 --- /dev/null +++ b/libsepol.keyring @@ -0,0 +1,110 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f +QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq +8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk +e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m +zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk +uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V +CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k +Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK +3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC +4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ +xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB +tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB +FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG +FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7 +CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G +CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx +tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ +79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9 +eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf +YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc +g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ +6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP +3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6 +9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf +6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7 +DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu +Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI +zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x +2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML +rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw +xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e +Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm +YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ +MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ +YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC +w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec +8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj +EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5 +4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90 +XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU +5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3 ++4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4 +G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv +LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z +b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k +dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb +ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2 +6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo +hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2 +QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV +9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg +ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC +APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5 +APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO +Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6 +is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1 +/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS +f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m +khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7 +8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5 +XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+ +ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV +TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY +BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE +LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup +PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT +raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq +DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I +V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+ +ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD +VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF +CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb +96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu +O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec +qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5 +/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw +w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50 +THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY +nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k +uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57 +c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D +vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378 +d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0 +P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X +QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64 +G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3 +QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ +MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO +17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC +JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ +lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT +xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd +7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp +ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ +A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB +56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh +z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY +eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3 +q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh +C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy +BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F +G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY +zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x +pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr +6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi +TakEPw== +=odM9 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libsepol.spec b/libsepol.spec new file mode 100644 index 0000000..99e3088 --- /dev/null +++ b/libsepol.spec @@ -0,0 +1,130 @@ +# +# spec file for package libsepol +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define libname libsepol2 + +Name: libsepol +Version: 3.7 +Release: 0 +Summary: SELinux binary policy manipulation library +License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ +URL: https://github.com/SELinuxProject/selinux/wiki/Releases +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc +Source2: libsepol.keyring +Source3: baselibs.conf +BuildRequires: flex +BuildRequires: pkgconfig +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +libsepol provides an API for the manipulation of SELinux binary +policies. It is used by checkpolicy (the policy compiler) and similar +tools, as well as by programs like load_policy that need to perform +specific transformations on binary policies such as customizing +policy boolean settings. + +%package utils +Summary: SELinux binary policy manipulation tools +Group: System/Base + +%description utils +libsepol provides an API for the manipulation of SELinux binary +policies. It is used by checkpolicy (the policy compiler) and similar +tools, as well as by programs like load_policy that need to perform +specific transformations on binary policies such as customizing +policy boolean settings. + +%package -n %{libname} +Summary: SELinux binary policy manipulation library +Group: System/Libraries + +%description -n %{libname} +libsepol provides an API for the manipulation of SELinux binary +policies. It is used by checkpolicy (the policy compiler) and similar +tools, as well as by programs like load_policy that need to perform +specific transformations on binary policies such as customizing +policy boolean settings. + +(Security-enhanced Linux is a feature of the kernel and some +utilities that implement mandatory access control policies, such as +Type Enforcement, Role-based Access Control and Multi-Level +Security.) + +%package devel +Summary: Development files for SELinux's binary policy manipulation library +Group: Development/Libraries/C and C++ +Requires: %{libname} = %{version} +Requires: glibc-devel + +%description devel +The libsepol-devel package contains the libraries and header files +needed for developing applications that manipulate binary SELinux +policies. + +%package devel-static +Summary: Static archives for SELinux's binary policy manipulation library +Group: Development/Libraries/C and C++ +Requires: libsepol-devel = %{version} + +%description devel-static +The libsepol-devel-static package contains the static libraries +needed for developing applications that manipulate binary SELinux +policies. + +%prep +%setup -q + +%build +%global _lto_cflags %{_lto_cflags} -ffat-lto-objects +export CFLAGS="%{optflags} -fcommon" +make %{?_smp_mflags} + +%install +%make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" + +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig + +%files utils +%defattr(-,root,root) +%{_bindir}/chkcon +%{_bindir}/sepol_check_access +%{_bindir}/sepol_compute_av +%{_bindir}/sepol_compute_member +%{_bindir}/sepol_compute_relabel +%{_bindir}/sepol_validate_transition +%{_mandir}/man8/*.8%{ext_man} + +%files -n %{libname} +%defattr(-,root,root) +%{_libdir}/libsepol.so.* + +%files devel +%defattr(-,root,root) +%{_libdir}/libsepol.so +%{_mandir}/man3/*.3%{ext_man} +%{_includedir}/sepol/ +%{_libdir}/pkgconfig/libsepol.pc + +%files devel-static +%defattr(-,root,root) +%{_libdir}/libsepol.a + +%changelog