From 1ae6338b7d3ed19d7ddd1b8cc8ea68543b7a7d98 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 28 Jun 2019 14:09:35 +0200 Subject: [PATCH] libselinux: Do not use SWIG_CFLAGS when Python bindings are built Fixes: Detecting usr/lib64/python3.6/site-packages/selinux/audit2why.cpython-36m-x86_64-linux-gnu.so with not-hardened warnings ' Hardened: audit2why.cpython-36m-x86_64-linux-gnu.so: FAIL: Gaps were detected in the annobin coverage. Run with -v to list. ' on x86_64 --- ...t-use-SWIG_CFLAGS-when-Python-bindin.patch | 43 +++++++++++++++++++ libselinux.spec | 1 + 2 files changed, 44 insertions(+) create mode 100644 0005-libselinux-Do-not-use-SWIG_CFLAGS-when-Python-bindin.patch diff --git a/0005-libselinux-Do-not-use-SWIG_CFLAGS-when-Python-bindin.patch b/0005-libselinux-Do-not-use-SWIG_CFLAGS-when-Python-bindin.patch new file mode 100644 index 0000000..870caed --- /dev/null +++ b/0005-libselinux-Do-not-use-SWIG_CFLAGS-when-Python-bindin.patch @@ -0,0 +1,43 @@ +From 10c9985d97d4aa3b98f8c83e9892b20aeea08b1c Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Thu, 27 Jun 2019 11:17:13 +0200 +Subject: [PATCH 5/5] libselinux: Do not use SWIG_CFLAGS when Python bindings + are built + +Fixes: + +Detecting usr/lib64/python3.6/site-packages/selinux/audit2why.cpython-36m-x86_64-linux-gnu.so with not-hardened warnings ' +Hardened: audit2why.cpython-36m-x86_64-linux-gnu.so: FAIL: Gaps were detected in the annobin coverage. Run with -v to list. +' on x86_64 + +Signed-off-by: Petr Lautrbach +--- + libselinux/src/Makefile | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile +index 826c830c..f64f23a8 100644 +--- a/libselinux/src/Makefile ++++ b/libselinux/src/Makefile +@@ -104,9 +104,6 @@ FTS_LDLIBS ?= + + override CFLAGS += -I../include -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS) + +-SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter \ +- -Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations +- + RANLIB ?= ranlib + + ARCH := $(patsubst i%86,i386,$(shell uname -m)) +@@ -130,7 +127,7 @@ SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS) + all: $(LIBA) $(LIBSO) $(LIBPC) + + pywrap: all selinuxswig_python_exception.i +- CFLAGS="$(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR) ++ $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR) + + rubywrap: all $(SWIGRUBYSO) + +-- +2.22.0 + diff --git a/libselinux.spec b/libselinux.spec index 014cb96..f599ce8 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -19,6 +19,7 @@ Patch0001: 0001-Fix-selinux-man-page-to-refer-seinfo-and-sesearch-to.patch Patch0002: 0002-Verify-context-input-to-funtions-to-make-sure-the-co.patch Patch0003: 0003-libselinux-Allow-to-override-OVERRIDE_GETTID-from-co.patch Patch0004: 0004-libselinux-Use-Python-distutils-to-install-SELinux-p.patch +Patch0005: 0005-libselinux-Do-not-use-SWIG_CFLAGS-when-Python-bindin.patch BuildRequires: gcc BuildRequires: python2 python2-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel BuildRequires: python3 python3-devel