Revisions of libselinux
Ruediger Oertel (oertel)
committed
(revision 3)
- Update RPM groups, trim description and combine filelist entries. - -devel static subpackage requires libpcre-devel and libsepol-devel - Avoid mounting /proc outside of selinux_init_load_policy(). (Stephen Smalley) reverts upstream 5a8d8c4, 9df4988, fixes among other things systemd seccomp sandboxing otherwise all filters must allow mount(2) (libselinux-proc-mount-only-if-needed.patch) - Update RPM groups, trim description and combine filelist entries.
Stefan Behlert (sbehlert)
committed
(revision 2)
update version 2.5. I was working on this for a while, not sure if it's possible to get
this in that late. If so I have
checkpolicy libsemanage libsepol policycoreutils python-semanage
left to submit, but they need a current libselinux version
old: SUSE:SLE-12-SP2:GA/libselinux
new: openSUSE.org:security:SELinux/libselinux rev 31996ea50185995654b46eb474bdfb35
Index: libselinux-2.2-ruby.patch
===================================================================
--- libselinux-2.2-ruby.patch (revision 1)
+++ libselinux-2.2-ruby.patch (revision 31996ea50185995654b46eb474bdfb35)
@@ -1,19 +1,19 @@
Index: src/Makefile
===================================================================
---- src/Makefile.orig 2013-01-30 13:24:55.549631752 +0100
-+++ src/Makefile 2013-01-30 13:25:56.148209843 +0100
-@@ -16,8 +16,8 @@
+--- src/Makefile.orig
++++ src/Makefile
+@@ -16,8 +16,8 @@ PYINC ?= $(shell pkg-config --cflags $(P
PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM')
-RUBYINC ?= $(shell pkg-config --cflags ruby)
-RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
-+RUBYINC ?= $(shell ruby -r rbconfig -e "print Config::CONFIG['rubyhdrdir'].nil? ? '$(LIBDIR)/ruby/$(RUBYLIBVER)' : Config::CONFIG['rubyhdrdir']")
-+RUBYINSTALL ?= $(shell ruby -r rbconfig -e "print Config::CONFIG['vendorarchdir'].nil? ? '$(DESTDIR)'+Config::CONFIG['sitearchdir'] : '$(DESTDIR)'+Config::CONFIG['vendorarchdir']")
++RUBYINC ?= $(shell ruby -r rbconfig -e "print RbConfig::CONFIG['rubyhdrdir'].nil? ? '$(LIBDIR)/ruby/$(RUBYLIBVER)' : RbConfig::CONFIG['rubyhdrdir']")
++RUBYINSTALL ?= $(shell ruby -r rbconfig -e "print RbConfig::CONFIG['vendorarchdir'].nil? ? '$(DESTDIR)'+RbConfig::CONFIG['sitearchdir'] : '$(DESTDIR)'+RbConfig::CONFIG['vendorarchdir']")
LIBBASE ?= $(shell basename $(LIBDIR))
VERSION = $(shell cat ../VERSION)
-@@ -103,7 +103,7 @@ $(SWIGLOBJ): $(SWIGCOUT)
+@@ -98,7 +98,7 @@ $(SWIGLOBJ): $(SWIGCOUT)
$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
Index: libselinux-bindings.changes
===================================================================
--- libselinux-bindings.changes (revision 1)
+++ libselinux-bindings.changes (revision 31996ea50185995654b46eb474bdfb35)
@@ -1,4 +1,87 @@
-------------------------------------------------------------------
+Thu Jul 14 07:59:04 UTC 2016 - jsegitz@novell.com
+
+- Adjusted source link
+
+-------------------------------------------------------------------
+Tue Jul 5 16:44:44 UTC 2016 - i@marguerite.su
+
+- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
+ * swig-3.10 in Factory use importlib instead of imp to find
+ _selinux.so. imp searched the same directory as __init__.py
+ is while importlib searchs only standard paths. so we have
+ to move _selinux.so. fixed by upstream
+- update version 2.5
+ * Add selinux_restorecon function
+ * read_spec_entry: fail on non-ascii
+ * Add man information about thread specific functions
+ * Don't wrap rpm_execcon with DISABLE_RPM with SWIG
+ * Correct line count for property and service context files
+ * label_file: fix memory leaks and uninitialized jump
+ * Replace selabel_digest hash function
+ * Fix selabel_open(3) services if no digest requested
+ * Add selabel_digest function
+ * Flush the class/perm string mapping cache on policy reload
+ * Fix restorecon when path has no context
+ * Free memory when processing media and x specfiles
+ * Fix mmap memory release for file labeling
+ * Add policy context validation to sefcontext_compile
+ * Do not treat an empty file_contexts(.local) as an error
+ * Fail hard on invalid property_contexts entries
+ * Fail hard on invalid file_contexts entries
+ * Support context validation on file_contexts.bin
+ * Add selabel_cmp interface and label_file backend
+ * Support specifying file_contexts.bin file path
+ * Support file_contexts.bin without file_contexts
+ * Simplify procattr cache
+ * Use /proc/thread-self when available
+ * Add const to selinux_opt for label backends
+ * Fix binary file labels for regexes with metachars
+ * Fix file labels for regexes with metachars
+ * Fix if file_contexts not '\n' terminated
+ * Enhance file context support
+ * Fix property processing and cleanup formatting
+ * Add read_spec_entries function to replace sscanf
+ * Support consistent mode size for bin files
+ * Fix more bin file processing core dumps
+ * add selinux_openssh_contexts_path()
+ * setrans_client: minimize overhead when mcstransd is not present
+ * Ensure selabel_lookup_best_match links NULL terminated
+ * Fix core dumps with corrupt *.bin files
+ * Add selabel partial and best match APIs
+ * Use os.walk() instead of the deprecated os.path.walk()
+ * Remove deprecated mudflap option
+ * Mount procfs before checking /proc/filesystems
+ * Fix -Wformat errors with gcc-5.0.0
+ * label_file: handle newlines in file names
+ * Fix audit2why error handling if SELinux is disabled
+ * pcre_study can return NULL without error
+ * Only check SELinux enabled status once in selinux_check_access
+- changes in 2.4
+ * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
+ * Fix bugs found by hardened gcc flags
+ * Set the system to permissive if failing to disable SELinux because
+ policy has already been loaded
+ * Add db_exception and db_datatype support to label_db backend
+ * Log an error on unknown classes and permissions
+ * Add pcre version string to the compiled file_contexts format
+ * Deprecate use of flask.h and av_permissions.h
+ * Compiled file_context files and the original should have the same DAC
+ permissions
+-------------------------------------------------------------------
+Wed May 27 11:53:54 UTC 2015 - dimstar@opensuse.org
+
+- Update libselinux-2.2-ruby.patch: use RbConfig instead of
+ deprecated Config.
+
+-------------------------------------------------------------------
+Sun May 18 00:15:17 UTC 2014 - crrodriguez@opensuse.org
+
+- Update to version 2.3
+* Get rid of security_context_t and fix const declarations.
+* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
+
+-------------------------------------------------------------------
Thu Oct 31 13:43:41 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
Index: libselinux-bindings.spec
===================================================================
--- libselinux-bindings.spec (revision 1)
+++ libselinux-bindings.spec (revision 31996ea50185995654b46eb474bdfb35)
@@ -1,7 +1,7 @@
#
# spec file for package libselinux-bindings
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,10 +16,10 @@
#
-%define libsepol_ver 2.3
+%define libsepol_ver 2.5
Name: libselinux-bindings
-Version: 2.3
+Version: 2.5
Release: 0
Url: http://userspace.selinuxproject.org/
Summary: SELinux library and simple utilities
@@ -27,10 +27,12 @@
Group: System/Libraries
# embedded is the MD5
-Source: http://userspace.selinuxproject.org/releases/20140506/libselinux-%{version}.tar.gz
+Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libselinux-%{version}.tar.gz
Source1: selinux-ready
Source2: baselibs.conf
Patch1: libselinux-2.2-ruby.patch
+# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path
+Patch2: python-selinux-swig-3.10.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: libsepol-devel-static >= %{libsepol_ver}
BuildRequires: pcre-devel
@@ -106,6 +108,7 @@
%prep
%setup -q -n libselinux-%{version}
%patch1
+%patch2 -p1
%build
make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src
@@ -122,6 +125,7 @@
%files -n python-selinux
%defattr(-,root,root,-)
%dir %{py_sitedir}/selinux
+%{py_sitedir}/_selinux.so
%{py_sitedir}/selinux/*
%files -n ruby-selinux
Index: libselinux.changes
===================================================================
--- libselinux.changes (revision 1)
+++ libselinux.changes (revision 31996ea50185995654b46eb474bdfb35)
@@ -1,5 +1,76 @@
-------------------------------------------------------------------
-Thu Jul 30 12:21:29 UTC 2015 - jsegitz@novell.com
+Thu Jul 14 07:58:49 UTC 2016 - jsegitz@novell.com
+
+- Adjusted source link
+
+-------------------------------------------------------------------
+Tue Jul 5 16:42:03 UTC 2016 - i@marguerite.su
+
+- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
+ * swig-3.10 in Factory use importlib instead of imp to find
+ _selinux.so. imp searched the same directory as __init__.py
+ is while importlib searchs only standard paths. so we have
+ to move _selinux.so. fixed by upstream
+- update version 2.5
+ * Add selinux_restorecon function
+ * read_spec_entry: fail on non-ascii
+ * Add man information about thread specific functions
+ * Don't wrap rpm_execcon with DISABLE_RPM with SWIG
+ * Correct line count for property and service context files
+ * label_file: fix memory leaks and uninitialized jump
+ * Replace selabel_digest hash function
+ * Fix selabel_open(3) services if no digest requested
+ * Add selabel_digest function
+ * Flush the class/perm string mapping cache on policy reload
+ * Fix restorecon when path has no context
+ * Free memory when processing media and x specfiles
+ * Fix mmap memory release for file labeling
+ * Add policy context validation to sefcontext_compile
+ * Do not treat an empty file_contexts(.local) as an error
+ * Fail hard on invalid property_contexts entries
+ * Fail hard on invalid file_contexts entries
+ * Support context validation on file_contexts.bin
+ * Add selabel_cmp interface and label_file backend
+ * Support specifying file_contexts.bin file path
+ * Support file_contexts.bin without file_contexts
+ * Simplify procattr cache
+ * Use /proc/thread-self when available
+ * Add const to selinux_opt for label backends
+ * Fix binary file labels for regexes with metachars
+ * Fix file labels for regexes with metachars
+ * Fix if file_contexts not '\n' terminated
+ * Enhance file context support
+ * Fix property processing and cleanup formatting
+ * Add read_spec_entries function to replace sscanf
+ * Support consistent mode size for bin files
+ * Fix more bin file processing core dumps
+ * add selinux_openssh_contexts_path()
+ * setrans_client: minimize overhead when mcstransd is not present
+ * Ensure selabel_lookup_best_match links NULL terminated
+ * Fix core dumps with corrupt *.bin files
+ * Add selabel partial and best match APIs
+ * Use os.walk() instead of the deprecated os.path.walk()
+ * Remove deprecated mudflap option
+ * Mount procfs before checking /proc/filesystems
+ * Fix -Wformat errors with gcc-5.0.0
+ * label_file: handle newlines in file names
+ * Fix audit2why error handling if SELinux is disabled
+ * pcre_study can return NULL without error
+ * Only check SELinux enabled status once in selinux_check_access
+- changes in 2.4
+ * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
+ * Fix bugs found by hardened gcc flags
+ * Set the system to permissive if failing to disable SELinux because
+ policy has already been loaded
+ * Add db_exception and db_datatype support to label_db backend
+ * Log an error on unknown classes and permissions
+ * Add pcre version string to the compiled file_contexts format
+ * Deprecate use of flask.h and av_permissions.h
+ * Compiled file_context files and the original should have the same DAC
+ permissions
+
+-------------------------------------------------------------------
+Thu Jul 30 12:00:27 UTC 2015 - jsegitz@novell.com
- fixed selinux-ready to work with initrd files created by dracut (bsc#940006)
Index: libselinux.spec
===================================================================
--- libselinux.spec (revision 1)
+++ libselinux.spec (revision 31996ea50185995654b46eb474bdfb35)
@@ -1,7 +1,7 @@
#
# spec file for package libselinux
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,20 +16,22 @@
#
-%define libsepol_ver 2.3
+%define libsepol_ver 2.5
Name: libselinux
-Version: 2.3
+Version: 2.5
Release: 0
Url: http://userspace.selinuxproject.org/
Summary: SELinux library and simple utilities
License: GPL-2.0 and SUSE-Public-Domain
Group: System/Libraries
-Source: http://userspace.selinuxproject.org/releases/20140506/%{name}-%{version}.tar.gz
+Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/%{name}-%{version}.tar.gz
Source1: selinux-ready
Source2: baselibs.conf
Patch1: %{name}-2.2-ruby.patch
+# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path
+Patch2: python-selinux-swig-3.10.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: fdupes
BuildRequires: libsepol-devel >= %{libsepol_ver}
@@ -120,6 +122,7 @@
%prep
%setup -q
%patch1
+%patch2 -p1
%build
make %{?_smp_mflags} LIBDIR="%{_libdir}" CC="%{__cc}" CFLAGS="$RPM_OPT_FLAGS"
@@ -159,11 +162,16 @@
%{_sbindir}/getenforce
%{_sbindir}/getsebool
%{_sbindir}/matchpathcon
+%{_sbindir}/selabel_digest
+%{_sbindir}/selabel_lookup
+%{_sbindir}/selabel_lookup_best_match
+%{_sbindir}/selabel_partial_match
%{_sbindir}/selinuxconlist
%{_sbindir}/selinuxdefcon
%{_sbindir}/selinuxenabled
%{_sbindir}/setenforce
%{_sbindir}/togglesebool
+%{_sbindir}/selinux_restorecon
%{_sbindir}/selinux-ready
%{_sbindir}/selinuxexeccon
%{_sbindir}/sefcontext_compile
Index: libselinux-2.5.tar.gz
===================================================================
Binary files libselinux-2.5.tar.gz (revision 31996ea50185995654b46eb474bdfb35) added
Index: python-selinux-swig-3.10.patch
===================================================================
--- python-selinux-swig-3.10.patch (added)
+++ python-selinux-swig-3.10.patch (revision 31996ea50185995654b46eb474bdfb35)
@@ -0,0 +1,13 @@
+Index: b/src/Makefile
+===================================================================
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -155,7 +155,7 @@ install: all
+
+ install-pywrap: pywrap
+ test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
+- install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/selinux/_selinux.so
++ install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/_selinux.so
+ install -m 755 $(AUDIT2WHYSO) $(PYLIBDIR)/site-packages/selinux/audit2why.so
+ install -m 644 $(SWIGPYOUT) $(PYLIBDIR)/site-packages/selinux/__init__.py
+
Index: libselinux-2.3.tar.gz
===================================================================
Binary files libselinux-2.3.tar.gz (revision 1) deleted
Displaying all 4 revisions
