libselinux-3.4-0.rc2.1

- SELinux userspace 3.4-rc2 release

.gitignore

@@ -222,3 +222,4 @@ libselinux-2.0.96.tgz
 /libselinux-3.3-rc3.tar.gz
 /libselinux-3.3.tar.gz
 /libselinux-3.4-rc1.tar.gz
+/libselinux-3.4-rc2.tar.gz

0001-Use-SHA-2-instead-of-SHA-1.patch

@@ -14,7 +14,7 @@ The use of SHA-1 in RHEL9 is deprecated
  libselinux/src/Makefile                       |   2 +-
  libselinux/src/label_file.c                   |  40 +--
  libselinux/src/label_internal.h               |  10 +-
- libselinux/src/label_support.c                |   8 +-
+ libselinux/src/label_support.c                |  10 +-
  libselinux/src/selinux_restorecon.c           |  24 +-
  libselinux/src/sha1.c                         | 220 -------------
  libselinux/src/sha1.h                         |  85 -----
@@ -22,7 +22,7 @@ The use of SHA-1 in RHEL9 is deprecated
  libselinux/src/sha256.h                       |  89 ++++++
  libselinux/utils/selabel_digest.c             |  26 +-
  .../selabel_get_digests_all_partial_matches.c |  28 +-
- 17 files changed, 469 insertions(+), 391 deletions(-)
+ 17 files changed, 470 insertions(+), 392 deletions(-)
  delete mode 100644 libselinux/src/sha1.c
  delete mode 100644 libselinux/src/sha1.h
  create mode 100644 libselinux/src/sha256.c
@@ -50,10 +50,10 @@ index e8983606d93b..a35d84d63b0a 100644
   * @num_specfiles: number of specfiles in the list.
   *
 diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h
-index 466de39aac72..ca8ce768587a 100644
+index 1821a3dc596c..8f9a030cda98 100644
 --- a/libselinux/include/selinux/restorecon.h
 +++ b/libselinux/include/selinux/restorecon.h
-@@ -27,8 +27,8 @@ extern int selinux_restorecon(const char *pathname,
+@@ -41,8 +41,8 @@ extern int selinux_restorecon_parallel(const char *pathname,
   * restorecon_flags options
   */
  /*
@@ -96,10 +96,10 @@ index 971ebc1acd41..2cf2eb8a1410 100644
  .BR selabel_digest (3)
  .
 diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3
-index ad637406a30d..c4576fe79ff6 100644
+index 334d2930bb4f..500845917fb8 100644
 --- a/libselinux/man/man3/selinux_restorecon.3
 +++ b/libselinux/man/man3/selinux_restorecon.3
-@@ -28,7 +28,7 @@ If this is a directory and the
+@@ -36,7 +36,7 @@ If this is a directory and the
  .B SELINUX_RESTORECON_RECURSE
  has been set (for descending through directories), then
  .BR selinux_restorecon ()
@@ -108,7 +108,7 @@ index ad637406a30d..c4576fe79ff6 100644
  .BR selabel_get_digests_all_partial_matches (3)
  to an extended attribute of
  .IR security.sehash
-@@ -47,7 +47,7 @@ will take place.
+@@ -55,7 +55,7 @@ will take place.
  .br
  The
  .IR restorecon_flags
@@ -117,7 +117,7 @@ index ad637406a30d..c4576fe79ff6 100644
  .RS
  .B SELINUX_RESTORECON_SKIP_DIGEST
  .br
-@@ -65,8 +65,8 @@ Do not check or update any extended attribute
+@@ -73,8 +73,8 @@ Do not check or update any extended attribute
  entries.
  .sp
  .B SELINUX_RESTORECON_IGNORE_DIGEST
@@ -128,7 +128,7 @@ index ad637406a30d..c4576fe79ff6 100644
  .IR security.sehash
  extended attribute once relabeling has been completed successfully provided the
  .B SELINUX_RESTORECON_NOCHANGE
-@@ -84,7 +84,7 @@ default specfile context.
+@@ -92,7 +92,7 @@ default specfile context.
  .sp
  .B SELINUX_RESTORECON_RECURSE
  change file and directory labels recursively (descend directories)
@@ -137,7 +137,7 @@ index ad637406a30d..c4576fe79ff6 100644
  extended attribute as described in the
  .B NOTES
  section.
-@@ -158,7 +158,7 @@ to treat conflicting specifications, such as where two hardlinks for the
+@@ -166,7 +166,7 @@ to treat conflicting specifications, such as where two hardlinks for the
  same inode have different contexts, as errors.
  .RE
  .sp
@@ -146,7 +146,7 @@ index ad637406a30d..c4576fe79ff6 100644
  above is the default behavior. It is possible to change this by first calling
  .BR selabel_open (3)
  and not enabling the
-@@ -200,7 +200,7 @@ To improve performance when relabeling file systems recursively (e.g. the
+@@ -229,7 +229,7 @@ To improve performance when relabeling file systems recursively (e.g. the
  .B SELINUX_RESTORECON_RECURSE
  flag is set)
  .BR selinux_restorecon ()
@@ -178,10 +178,10 @@ index c56326814b94..098c840fc59b 100644
  .BR selabel_open (3)
  must be called specifying the required
 diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
-index 52c40f018f51..674a5ed3a6f8 100644
+index 04bf4f240168..222c3fa2d7c3 100644
 --- a/libselinux/src/Makefile
 +++ b/libselinux/src/Makefile
-@@ -120,7 +120,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \
+@@ -119,7 +119,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \
  	-DBUILD_HOST
  SRCS= callbacks.c freecon.c label.c label_file.c \
  	label_backends_android.c regex.c label_support.c \
@@ -191,10 +191,10 @@ index 52c40f018f51..674a5ed3a6f8 100644
  LABEL_BACKEND_ANDROID=y
  endif
 diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
-index 2e28d0474d73..c1306c9979e7 100644
+index 74ae9b9feb70..33d395e414f0 100644
 --- a/libselinux/src/label_file.c
 +++ b/libselinux/src/label_file.c
-@@ -1005,7 +1005,7 @@ static struct spec *lookup_common(struct selabel_handle *rec,
+@@ -1010,7 +1010,7 @@ static struct spec *lookup_common(struct selabel_handle *rec,
  
  /*
   * Returns true if the digest of all partial matched contexts is the same as
@@ -203,7 +203,7 @@ index 2e28d0474d73..c1306c9979e7 100644
   * digest will always be returned. The caller must free any returned digests.
   */
  static bool get_digests_all_partial_matches(struct selabel_handle *rec,
-@@ -1014,39 +1014,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
+@@ -1019,39 +1019,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
  					    uint8_t **xattr_digest,
  					    size_t *digest_len)
  {
@@ -254,7 +254,7 @@ index 2e28d0474d73..c1306c9979e7 100644
  		return true;
  
  	return false;
-@@ -1066,22 +1066,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key
+@@ -1071,22 +1071,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key
  		return false;
  	}
  
@@ -327,31 +327,44 @@ index 782c6aa8cc0c..304e8d96490a 100644
  };
  
 diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c
-index 94ed6e4273cb..f53d73b609ab 100644
+index 54fd49a5b7b9..4003eb8dc7af 100644
 --- a/libselinux/src/label_support.c
 +++ b/libselinux/src/label_support.c
-@@ -115,15 +115,15 @@ int  read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...)
+@@ -115,7 +115,7 @@ int  read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...)
  /* Once all the specfiles are in the hash_buf, generate the hash. */
  void  digest_gen_hash(struct selabel_digest *digest)
  {
 -	Sha1Context context;
 +	Sha256Context context;
+ 	size_t remaining_size;
+ 	const unsigned char *ptr;
  
- 	/* If SELABEL_OPT_DIGEST not set then just return */
+@@ -123,19 +123,19 @@ void  digest_gen_hash(struct selabel_digest *digest)
  	if (!digest)
  		return;
  
 -	Sha1Initialise(&context);
--	Sha1Update(&context, digest->hashbuf, digest->hashbuf_size);
--	Sha1Finalise(&context, (SHA1_HASH *)digest->digest);
 +	Sha256Initialise(&context);
-+	Sha256Update(&context, digest->hashbuf, digest->hashbuf_size);
+ 
+ 	/* Process in blocks of UINT32_MAX bytes */
+ 	remaining_size = digest->hashbuf_size;
+ 	ptr = digest->hashbuf;
+ 	while (remaining_size > UINT32_MAX) {
+-		Sha1Update(&context, ptr, UINT32_MAX);
++		Sha256Update(&context, ptr, UINT32_MAX);
+ 		remaining_size -= UINT32_MAX;
+ 		ptr += UINT32_MAX;
+ 	}
+-	Sha1Update(&context, ptr, remaining_size);
++	Sha256Update(&context, ptr, remaining_size);
+ 
+-	Sha1Finalise(&context, (SHA1_HASH *)digest->digest);
 +	Sha256Finalise(&context, (SHA256_HASH *)digest->digest);
  	free(digest->hashbuf);
  	digest->hashbuf = NULL;
  	return;
 diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
-index 04d956504952..100c77108a27 100644
+index 72f4fb462e34..f7e84657d09d 100644
 --- a/libselinux/src/selinux_restorecon.c
 +++ b/libselinux/src/selinux_restorecon.c
 @@ -37,7 +37,7 @@
@@ -363,7 +376,7 @@ index 04d956504952..100c77108a27 100644
  
  #define STAR_COUNT 1024
  
-@@ -293,7 +293,7 @@ static int exclude_non_seclabel_mounts(void)
+@@ -294,7 +294,7 @@ static int exclude_non_seclabel_mounts(void)
  static int add_xattr_entry(const char *directory, bool delete_nonmatch,
  			   bool delete_all)
  {
@@ -372,7 +385,7 @@ index 04d956504952..100c77108a27 100644
  	size_t i, digest_len = 0;
  	int rc, digest_result;
  	bool match;
-@@ -316,15 +316,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
+@@ -317,15 +317,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
  	}
  
  	/* Convert entry to a hex encoded string. */
@@ -391,7 +404,7 @@ index 04d956504952..100c77108a27 100644
  
  	digest_result = match ? MATCH : NOMATCH;
  
-@@ -344,7 +344,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
+@@ -345,7 +345,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
  	/* Now add entries to link list. */
  	new_entry = malloc(sizeof(struct dir_xattr));
  	if (!new_entry) {
@@ -400,7 +413,7 @@ index 04d956504952..100c77108a27 100644
  		goto oom;
  	}
  	new_entry->next = NULL;
-@@ -352,15 +352,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
+@@ -353,15 +353,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
  	new_entry->directory = strdup(directory);
  	if (!new_entry->directory) {
  		free(new_entry);
@@ -428,7 +441,7 @@ index 04d956504952..100c77108a27 100644
  	return 0;
  
  oom:
-@@ -741,7 +741,7 @@ err:
+@@ -755,7 +755,7 @@ err:
  
  struct dir_hash_node {
  	char *path;
@@ -437,7 +450,7 @@ index 04d956504952..100c77108a27 100644
  	struct dir_hash_node *next;
  };
  /*
-@@ -1091,7 +1091,7 @@ int selinux_restorecon(const char *pathname_orig,
+@@ -1232,7 +1232,7 @@ static int selinux_restorecon_common(const char *pathname_orig,
  			if (setxattr(current->path,
  			    RESTORECON_PARTIAL_MATCH_DIGEST,
  			    current->digest,
@@ -1329,5 +1342,5 @@ index e28833d2ce97..900f018c0091 100644
  		}
  		default:
 -- 
-2.32.0
+2.35.1
 

0002-Update-python-library-and-binding-versions-to-3.4-rc.patch

@@ -1,26 +0,0 @@
-From 9ce501c15bf91108f768e5255d89b28c0e2b906e Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Tue, 12 Apr 2022 12:28:00 +0200
-Subject: [PATCH] Update python library and binding versions to 3.4-rc1
-
-Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
----
- libselinux/src/setup.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py
-index b79b27507480..4dd119aca32e 100644
---- a/libselinux/src/setup.py
-+++ b/libselinux/src/setup.py
-@@ -4,7 +4,7 @@ from distutils.core import Extension, setup
- 
- setup(
-     name="selinux",
--    version="3.3",
-+    version="3.4-rc1",
-     description="SELinux python 3 bindings",
-     author="SELinux Project",
-     author_email="selinux@vger.kernel.org",
--- 
-2.35.1
-

libselinux.spec

@@ -4,20 +4,19 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 3.4
-Release: 0.rc1.1%{?dist}
+Release: 0.rc2.1%{?dist}
 License: Public Domain
 # https://github.com/SELinuxProject/selinux/wiki/Releases
-Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4-rc1/libselinux-3.4-rc1.tar.gz
+Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4-rc2/libselinux-3.4-rc2.tar.gz
 Source1: selinuxconlist.8
 Source2: selinuxdefcon.8
 Url: https://github.com/SELinuxProject/selinux/wiki
 # $ git clone https://github.com/fedora-selinux/selinux.git
 # $ cd selinux
-# $ git format-patch -N 3.4-rc1 -- libselinux
+# $ git format-patch -N 3.4-rc2 -- libselinux
 # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
 # Patch list start
 Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
-Patch0002: 0002-Update-python-library-and-binding-versions-to-3.4-rc.patch
 # Patch list end
 BuildRequires: gcc make
 BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
@@ -88,7 +87,7 @@ The libselinux-static package contains the static libraries
 needed for developing SELinux applications. 
 
 %prep
-%autosetup -p 2 -n libselinux-%{version}-rc1
+%autosetup -p 2 -n libselinux-%{version}-rc2
 
 %build
 export DISABLE_RPM="y"
@@ -214,6 +213,9 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %{ruby_vendorarchdir}/selinux.so
 
 %changelog
+* Thu Apr 21 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc2.1
+- SELinux userspace 3.4-rc2 release
+
 * Tue Apr 12 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc1.1
 - SELinux userspace 3.4-rc1 release
 

sources

@@ -1,2 +1 @@
-SHA512 (libselinux-3.3.tar.gz) = 9a89c05ea4b17453168a985ece93ba6d6c4127916e657c46d4135eb59a1f6408faa0802cc2e49187defbde5247d659037beee089877affbab3eab6af3433696c
-SHA512 (libselinux-3.4-rc1.tar.gz) = 333907b3ed05d66e608ab16958e4e09e18848bf9aaf3d9216d08be2f6e483231c9455a8e6db56648d6704c0f0af7cd4c5c7ba468d678f8368d06b68a60693eb5
+SHA512 (libselinux-3.4-rc2.tar.gz) = 5332e598bb4f6f2d6681921d699addd1fc7b82229c1cd082ac43c15e1c390a8e9021c1725e444c1f6ddfc125cb008c62fa169d741cca777d1d6160e1a9995a6f