Revisions of libselinux
Michael Schröder (mlschroe)
committed
(revision 4)
remove _link
Ruediger Oertel (oertel)
committed
(revision 3)
- Update RPM groups, trim description and combine filelist entries. - -devel static subpackage requires libpcre-devel and libsepol-devel - Avoid mounting /proc outside of selinux_init_load_policy(). (Stephen Smalley) reverts upstream 5a8d8c4, 9df4988, fixes among other things systemd seccomp sandboxing otherwise all filters must allow mount(2) (libselinux-proc-mount-only-if-needed.patch) - Update RPM groups, trim description and combine filelist entries.
Stefan Behlert (sbehlert)
committed
(revision 2)
update version 2.5. I was working on this for a while, not sure if it's possible to get this in that late. If so I have checkpolicy libsemanage libsepol policycoreutils python-semanage left to submit, but they need a current libselinux version old: SUSE:SLE-12-SP2:GA/libselinux new: openSUSE.org:security:SELinux/libselinux rev 31996ea50185995654b46eb474bdfb35 Index: libselinux-2.2-ruby.patch =================================================================== --- libselinux-2.2-ruby.patch (revision 1) +++ libselinux-2.2-ruby.patch (revision 31996ea50185995654b46eb474bdfb35) @@ -1,19 +1,19 @@ Index: src/Makefile =================================================================== ---- src/Makefile.orig 2013-01-30 13:24:55.549631752 +0100 -+++ src/Makefile 2013-01-30 13:25:56.148209843 +0100 -@@ -16,8 +16,8 @@ +--- src/Makefile.orig ++++ src/Makefile +@@ -16,8 +16,8 @@ PYINC ?= $(shell pkg-config --cflags $(P PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER) RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")') RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM') -RUBYINC ?= $(shell pkg-config --cflags ruby) -RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) -+RUBYINC ?= $(shell ruby -r rbconfig -e "print Config::CONFIG['rubyhdrdir'].nil? ? '$(LIBDIR)/ruby/$(RUBYLIBVER)' : Config::CONFIG['rubyhdrdir']") -+RUBYINSTALL ?= $(shell ruby -r rbconfig -e "print Config::CONFIG['vendorarchdir'].nil? ? '$(DESTDIR)'+Config::CONFIG['sitearchdir'] : '$(DESTDIR)'+Config::CONFIG['vendorarchdir']") ++RUBYINC ?= $(shell ruby -r rbconfig -e "print RbConfig::CONFIG['rubyhdrdir'].nil? ? '$(LIBDIR)/ruby/$(RUBYLIBVER)' : RbConfig::CONFIG['rubyhdrdir']") ++RUBYINSTALL ?= $(shell ruby -r rbconfig -e "print RbConfig::CONFIG['vendorarchdir'].nil? ? '$(DESTDIR)'+RbConfig::CONFIG['sitearchdir'] : '$(DESTDIR)'+RbConfig::CONFIG['vendorarchdir']") LIBBASE ?= $(shell basename $(LIBDIR)) VERSION = $(shell cat ../VERSION) -@@ -103,7 +103,7 @@ $(SWIGLOBJ): $(SWIGCOUT) +@@ -98,7 +98,7 @@ $(SWIGLOBJ): $(SWIGCOUT) $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $< $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT) Index: libselinux-bindings.changes =================================================================== --- libselinux-bindings.changes (revision 1) +++ libselinux-bindings.changes (revision 31996ea50185995654b46eb474bdfb35) @@ -1,4 +1,87 @@ ------------------------------------------------------------------- +Thu Jul 14 07:59:04 UTC 2016 - jsegitz@novell.com + +- Adjusted source link + +------------------------------------------------------------------- +Tue Jul 5 16:44:44 UTC 2016 - i@marguerite.su + +- add patch: python-selinux-swig-3.10.patch, fixed boo#985368 + * swig-3.10 in Factory use importlib instead of imp to find + _selinux.so. imp searched the same directory as __init__.py + is while importlib searchs only standard paths. so we have + to move _selinux.so. fixed by upstream +- update version 2.5 + * Add selinux_restorecon function + * read_spec_entry: fail on non-ascii + * Add man information about thread specific functions + * Don't wrap rpm_execcon with DISABLE_RPM with SWIG + * Correct line count for property and service context files + * label_file: fix memory leaks and uninitialized jump + * Replace selabel_digest hash function + * Fix selabel_open(3) services if no digest requested + * Add selabel_digest function + * Flush the class/perm string mapping cache on policy reload + * Fix restorecon when path has no context + * Free memory when processing media and x specfiles + * Fix mmap memory release for file labeling + * Add policy context validation to sefcontext_compile + * Do not treat an empty file_contexts(.local) as an error + * Fail hard on invalid property_contexts entries + * Fail hard on invalid file_contexts entries + * Support context validation on file_contexts.bin + * Add selabel_cmp interface and label_file backend + * Support specifying file_contexts.bin file path + * Support file_contexts.bin without file_contexts + * Simplify procattr cache + * Use /proc/thread-self when available + * Add const to selinux_opt for label backends + * Fix binary file labels for regexes with metachars + * Fix file labels for regexes with metachars + * Fix if file_contexts not '\n' terminated + * Enhance file context support + * Fix property processing and cleanup formatting + * Add read_spec_entries function to replace sscanf + * Support consistent mode size for bin files + * Fix more bin file processing core dumps + * add selinux_openssh_contexts_path() + * setrans_client: minimize overhead when mcstransd is not present + * Ensure selabel_lookup_best_match links NULL terminated + * Fix core dumps with corrupt *.bin files + * Add selabel partial and best match APIs + * Use os.walk() instead of the deprecated os.path.walk() + * Remove deprecated mudflap option + * Mount procfs before checking /proc/filesystems + * Fix -Wformat errors with gcc-5.0.0 + * label_file: handle newlines in file names + * Fix audit2why error handling if SELinux is disabled + * pcre_study can return NULL without error + * Only check SELinux enabled status once in selinux_check_access +- changes in 2.4 + * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR + * Fix bugs found by hardened gcc flags + * Set the system to permissive if failing to disable SELinux because + policy has already been loaded + * Add db_exception and db_datatype support to label_db backend + * Log an error on unknown classes and permissions + * Add pcre version string to the compiled file_contexts format + * Deprecate use of flask.h and av_permissions.h + * Compiled file_context files and the original should have the same DAC + permissions +------------------------------------------------------------------- +Wed May 27 11:53:54 UTC 2015 - dimstar@opensuse.org + +- Update libselinux-2.2-ruby.patch: use RbConfig instead of + deprecated Config. + +------------------------------------------------------------------- +Sun May 18 00:15:17 UTC 2014 - crrodriguez@opensuse.org + +- Update to version 2.3 +* Get rid of security_context_t and fix const declarations. +* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover. + +------------------------------------------------------------------- Thu Oct 31 13:43:41 UTC 2013 - p.drouand@gmail.com - Update to version 2.2 Index: libselinux-bindings.spec =================================================================== --- libselinux-bindings.spec (revision 1) +++ libselinux-bindings.spec (revision 31996ea50185995654b46eb474bdfb35) @@ -1,7 +1,7 @@ # # spec file for package libselinux-bindings # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,10 +16,10 @@ # -%define libsepol_ver 2.3 +%define libsepol_ver 2.5 Name: libselinux-bindings -Version: 2.3 +Version: 2.5 Release: 0 Url: http://userspace.selinuxproject.org/ Summary: SELinux library and simple utilities @@ -27,10 +27,12 @@ Group: System/Libraries # embedded is the MD5 -Source: http://userspace.selinuxproject.org/releases/20140506/libselinux-%{version}.tar.gz +Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libselinux-%{version}.tar.gz Source1: selinux-ready Source2: baselibs.conf Patch1: libselinux-2.2-ruby.patch +# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path +Patch2: python-selinux-swig-3.10.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libsepol-devel-static >= %{libsepol_ver} BuildRequires: pcre-devel @@ -106,6 +108,7 @@ %prep %setup -q -n libselinux-%{version} %patch1 +%patch2 -p1 %build make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src @@ -122,6 +125,7 @@ %files -n python-selinux %defattr(-,root,root,-) %dir %{py_sitedir}/selinux +%{py_sitedir}/_selinux.so %{py_sitedir}/selinux/* %files -n ruby-selinux Index: libselinux.changes =================================================================== --- libselinux.changes (revision 1) +++ libselinux.changes (revision 31996ea50185995654b46eb474bdfb35) @@ -1,5 +1,76 @@ ------------------------------------------------------------------- -Thu Jul 30 12:21:29 UTC 2015 - jsegitz@novell.com +Thu Jul 14 07:58:49 UTC 2016 - jsegitz@novell.com + +- Adjusted source link + +------------------------------------------------------------------- +Tue Jul 5 16:42:03 UTC 2016 - i@marguerite.su + +- add patch: python-selinux-swig-3.10.patch, fixed boo#985368 + * swig-3.10 in Factory use importlib instead of imp to find + _selinux.so. imp searched the same directory as __init__.py + is while importlib searchs only standard paths. so we have + to move _selinux.so. fixed by upstream +- update version 2.5 + * Add selinux_restorecon function + * read_spec_entry: fail on non-ascii + * Add man information about thread specific functions + * Don't wrap rpm_execcon with DISABLE_RPM with SWIG + * Correct line count for property and service context files + * label_file: fix memory leaks and uninitialized jump + * Replace selabel_digest hash function + * Fix selabel_open(3) services if no digest requested + * Add selabel_digest function + * Flush the class/perm string mapping cache on policy reload + * Fix restorecon when path has no context + * Free memory when processing media and x specfiles + * Fix mmap memory release for file labeling + * Add policy context validation to sefcontext_compile + * Do not treat an empty file_contexts(.local) as an error + * Fail hard on invalid property_contexts entries + * Fail hard on invalid file_contexts entries + * Support context validation on file_contexts.bin + * Add selabel_cmp interface and label_file backend + * Support specifying file_contexts.bin file path + * Support file_contexts.bin without file_contexts + * Simplify procattr cache + * Use /proc/thread-self when available + * Add const to selinux_opt for label backends + * Fix binary file labels for regexes with metachars + * Fix file labels for regexes with metachars + * Fix if file_contexts not '\n' terminated + * Enhance file context support + * Fix property processing and cleanup formatting + * Add read_spec_entries function to replace sscanf + * Support consistent mode size for bin files + * Fix more bin file processing core dumps + * add selinux_openssh_contexts_path() + * setrans_client: minimize overhead when mcstransd is not present + * Ensure selabel_lookup_best_match links NULL terminated + * Fix core dumps with corrupt *.bin files + * Add selabel partial and best match APIs + * Use os.walk() instead of the deprecated os.path.walk() + * Remove deprecated mudflap option + * Mount procfs before checking /proc/filesystems + * Fix -Wformat errors with gcc-5.0.0 + * label_file: handle newlines in file names + * Fix audit2why error handling if SELinux is disabled + * pcre_study can return NULL without error + * Only check SELinux enabled status once in selinux_check_access +- changes in 2.4 + * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR + * Fix bugs found by hardened gcc flags + * Set the system to permissive if failing to disable SELinux because + policy has already been loaded + * Add db_exception and db_datatype support to label_db backend + * Log an error on unknown classes and permissions + * Add pcre version string to the compiled file_contexts format + * Deprecate use of flask.h and av_permissions.h + * Compiled file_context files and the original should have the same DAC + permissions + +------------------------------------------------------------------- +Thu Jul 30 12:00:27 UTC 2015 - jsegitz@novell.com - fixed selinux-ready to work with initrd files created by dracut (bsc#940006) Index: libselinux.spec =================================================================== --- libselinux.spec (revision 1) +++ libselinux.spec (revision 31996ea50185995654b46eb474bdfb35) @@ -1,7 +1,7 @@ # # spec file for package libselinux # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,20 +16,22 @@ # -%define libsepol_ver 2.3 +%define libsepol_ver 2.5 Name: libselinux -Version: 2.3 +Version: 2.5 Release: 0 Url: http://userspace.selinuxproject.org/ Summary: SELinux library and simple utilities License: GPL-2.0 and SUSE-Public-Domain Group: System/Libraries -Source: http://userspace.selinuxproject.org/releases/20140506/%{name}-%{version}.tar.gz +Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/%{name}-%{version}.tar.gz Source1: selinux-ready Source2: baselibs.conf Patch1: %{name}-2.2-ruby.patch +# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path +Patch2: python-selinux-swig-3.10.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: fdupes BuildRequires: libsepol-devel >= %{libsepol_ver} @@ -120,6 +122,7 @@ %prep %setup -q %patch1 +%patch2 -p1 %build make %{?_smp_mflags} LIBDIR="%{_libdir}" CC="%{__cc}" CFLAGS="$RPM_OPT_FLAGS" @@ -159,11 +162,16 @@ %{_sbindir}/getenforce %{_sbindir}/getsebool %{_sbindir}/matchpathcon +%{_sbindir}/selabel_digest +%{_sbindir}/selabel_lookup +%{_sbindir}/selabel_lookup_best_match +%{_sbindir}/selabel_partial_match %{_sbindir}/selinuxconlist %{_sbindir}/selinuxdefcon %{_sbindir}/selinuxenabled %{_sbindir}/setenforce %{_sbindir}/togglesebool +%{_sbindir}/selinux_restorecon %{_sbindir}/selinux-ready %{_sbindir}/selinuxexeccon %{_sbindir}/sefcontext_compile Index: libselinux-2.5.tar.gz =================================================================== Binary files libselinux-2.5.tar.gz (revision 31996ea50185995654b46eb474bdfb35) added Index: python-selinux-swig-3.10.patch =================================================================== --- python-selinux-swig-3.10.patch (added) +++ python-selinux-swig-3.10.patch (revision 31996ea50185995654b46eb474bdfb35) @@ -0,0 +1,13 @@ +Index: b/src/Makefile +=================================================================== +--- a/src/Makefile ++++ b/src/Makefile +@@ -155,7 +155,7 @@ install: all + + install-pywrap: pywrap + test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux +- install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/selinux/_selinux.so ++ install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/_selinux.so + install -m 755 $(AUDIT2WHYSO) $(PYLIBDIR)/site-packages/selinux/audit2why.so + install -m 644 $(SWIGPYOUT) $(PYLIBDIR)/site-packages/selinux/__init__.py + Index: libselinux-2.3.tar.gz =================================================================== Binary files libselinux-2.3.tar.gz (revision 1) deleted
Stefan Behlert (sbehlert)
committed
(revision 1)
initialize package as branch
Displaying all 4 revisions