From f0805e3a7686943833ac6e9342feb53e6ec3de8b Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 30 Jan 2019 09:53:09 +0100 Subject: [PATCH] SELinux userspace 2.9-rc1 release candidate --- .gitignore | 1 + libselinux-fedora.patch | 199 +++++++++++++--------------------------- libselinux.spec | 17 ++-- sources | 2 +- 4 files changed, 77 insertions(+), 142 deletions(-) diff --git a/.gitignore b/.gitignore index 5a1776e..ad9988b 100644 --- a/.gitignore +++ b/.gitignore @@ -209,3 +209,4 @@ libselinux-2.0.96.tgz /libselinux-2.8-rc2.tar.gz /libselinux-2.8-rc3.tar.gz /libselinux-2.8.tar.gz +/libselinux-2.9-rc1.tar.gz diff --git a/libselinux-fedora.patch b/libselinux-fedora.patch index 3930377..596704b 100644 --- a/libselinux-fedora.patch +++ b/libselinux-fedora.patch @@ -1,54 +1,7 @@ -diff --git libselinux-2.8/man/man3/selinux_boolean_sub.3 libselinux-2.8/man/man3/selinux_boolean_sub.3 -index 308c268..a29a38d 100644 ---- libselinux-2.8/man/man3/selinux_boolean_sub.3 -+++ libselinux-2.8/man/man3/selinux_boolean_sub.3 -@@ -1,6 +1,6 @@ - .TH "selinux_boolean_sub" "3" "11 June 2012" "dwalsh@redhat.com" "SELinux API documentation" - .SH "NAME" --selinux_boolean_sub \- -+selinux_boolean_sub \- Search the translated name for a boolean_name record - . - .SH "SYNOPSIS" - .B #include -@@ -12,7 +12,7 @@ selinux_boolean_sub \- - searches the - .I \%/etc/selinux/{POLICYTYPE}/booleans.subs_dist - file --for a maching boolean_name record. If the record exists the boolean substitution name is returned. If not -+for a matching boolean_name record. If the record exists the boolean substitution name is returned. If not - .BR \%selinux_boolean_sub () - returns the original - .IR \%boolean_name . -diff --git libselinux-2.8/man/man3/selinux_restorecon_xattr.3 libselinux-2.8/man/man3/selinux_restorecon_xattr.3 -index 7280c95..516d266 100644 ---- libselinux-2.8/man/man3/selinux_restorecon_xattr.3 -+++ libselinux-2.8/man/man3/selinux_restorecon_xattr.3 -@@ -119,7 +119,7 @@ By default - .BR selinux_restorecon_xattr (3) - will use the default set of specfiles described in - .BR files_contexts (5) --to calculate the initial SHA1 digest to be used for comparision. -+to calculate the initial SHA1 digest to be used for comparison. - To change this default behavior - .BR selabel_open (3) - must be called specifying the required -diff --git libselinux-2.8/man/man5/selabel_file.5 libselinux-2.8/man/man5/selabel_file.5 -index e738824..e97bd82 100644 ---- libselinux-2.8/man/man5/selabel_file.5 -+++ libselinux-2.8/man/man5/selabel_file.5 -@@ -92,7 +92,7 @@ The optional local and distribution substitution files that perform any path ali - .RE - .sp - The default file context series of files are: --.RS -+.RS 6 - .I /etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts - .br - .I /etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts.local -diff --git libselinux-2.8/man/man8/selinux.8 libselinux-2.8/man/man8/selinux.8 +diff --git libselinux-2.9-rc1/man/man8/selinux.8 libselinux-2.9-rc1/man/man8/selinux.8 index e37aee6..bf23b65 100644 ---- libselinux-2.8/man/man8/selinux.8 -+++ libselinux-2.8/man/man8/selinux.8 +--- libselinux-2.9-rc1/man/man8/selinux.8 ++++ libselinux-2.9-rc1/man/man8/selinux.8 @@ -91,11 +91,13 @@ This manual page was written by Dan Walsh . .BR sepolicy (8), .BR system-config-selinux (8), @@ -64,23 +17,10 @@ index e37aee6..bf23b65 100644 Every confined service on the system has a man page in the following format: .br -diff --git libselinux-2.8/src/audit2why.c libselinux-2.8/src/audit2why.c -index 0331fdf..5a1e69a 100644 ---- libselinux-2.8/src/audit2why.c -+++ libselinux-2.8/src/audit2why.c -@@ -354,7 +354,7 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args - /* iterate over items of the list, grabbing strings, and parsing - for numbers */ - for (i=0; inext = NULL; new_entry->directory = strdup(directory); @@ -398,7 +338,7 @@ index ced4115..1e9a978 100644 new_entry->result = digest_result; -@@ -671,8 +678,8 @@ static int restorecon_sb(const char *pathname, const struct stat *sb, +@@ -672,8 +679,8 @@ static int restorecon_sb(const char *pathname, const struct stat *sb, selinux_log(SELINUX_INFO, "%s not reset as customized by admin to %s\n", pathname, curcon); @@ -408,7 +348,7 @@ index ced4115..1e9a978 100644 } if (!flags->set_specctx && curcon) { -@@ -849,6 +856,7 @@ int selinux_restorecon(const char *pathname_orig, +@@ -850,6 +857,7 @@ int selinux_restorecon(const char *pathname_orig, if (lstat(pathname, &sb) < 0) { if (flags.ignore_noent && errno == ENOENT) { @@ -416,19 +356,10 @@ index ced4115..1e9a978 100644 free(pathdnamer); free(pathname); return 0; -@@ -880,7 +888,7 @@ int selinux_restorecon(const char *pathname_orig, - setrestoreconlast = false; - - /* Ignore restoreconlast on in-memory filesystems */ -- if (statfs(pathname, &sfsb) == 0) { -+ if (setrestoreconlast && statfs(pathname, &sfsb) == 0) { - if (sfsb.f_type == RAMFS_MAGIC || sfsb.f_type == TMPFS_MAGIC) - setrestoreconlast = false; - } -diff --git libselinux-2.8/src/setfilecon.c libselinux-2.8/src/setfilecon.c +diff --git libselinux-2.9-rc1/src/setfilecon.c libselinux-2.9-rc1/src/setfilecon.c index d05969c..3f0200e 100644 ---- libselinux-2.8/src/setfilecon.c -+++ libselinux-2.8/src/setfilecon.c +--- libselinux-2.9-rc1/src/setfilecon.c ++++ libselinux-2.9-rc1/src/setfilecon.c @@ -9,8 +9,12 @@ int setfilecon_raw(const char *path, const char * context) @@ -444,10 +375,10 @@ index d05969c..3f0200e 100644 if (rc < 0 && errno == ENOTSUP) { char * ccontext = NULL; int err = errno; -diff --git libselinux-2.8/utils/matchpathcon.c libselinux-2.8/utils/matchpathcon.c +diff --git libselinux-2.9-rc1/utils/matchpathcon.c libselinux-2.9-rc1/utils/matchpathcon.c index 67e4a43..9756d7d 100644 ---- libselinux-2.8/utils/matchpathcon.c -+++ libselinux-2.8/utils/matchpathcon.c +--- libselinux-2.9-rc1/utils/matchpathcon.c ++++ libselinux-2.9-rc1/utils/matchpathcon.c @@ -14,7 +14,7 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname) { diff --git a/libselinux.spec b/libselinux.spec index 3aa068f..7546d39 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,20 +1,20 @@ %define ruby_inc %(pkg-config --cflags ruby) -%define libsepolver 2.8-3 +%define libsepolver 2.9-0 Summary: SELinux library and simple utilities Name: libselinux -Version: 2.8 -Release: 8%{?dist} +Version: 2.9 +Release: 0.rc1.1%{?dist} License: Public Domain # https://github.com/SELinuxProject/selinux/wiki/Releases -Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/libselinux-2.8.tar.gz +Source0: https://github.com/SELinuxProject/selinux/releases/download/20190125/libselinux-2.9-rc1.tar.gz Source1: selinuxconlist.8 Source2: selinuxdefcon.8 Url: https://github.com/SELinuxProject/selinux/wiki # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # run: -# $ VERSION=2.8 ./make-fedora-selinux-patch.sh libselinux -# HEAD https://github.com/fedora-selinux/selinux/commit/10767636b5d9b8f3fa3cf3815e860f4ca4fcb247 +# $ VERSION=2.9-rc1 ./make-fedora-selinux-patch.sh libselinux +# HEAD https://github.com/fedora-selinux/selinux/commit/a69fe203e41c9493e13ffafa51908d17da6fa7a2 Patch1: libselinux-fedora.patch BuildRequires: gcc BuildRequires: python2 python2-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel @@ -98,7 +98,7 @@ The libselinux-static package contains the static libraries needed for developing SELinux applications. %prep -%autosetup -p 1 -n libselinux-%{version} +%autosetup -p 1 -n libselinux-%{version}-rc1 %build export LDFLAGS="%{?__global_ldflags}" @@ -229,6 +229,9 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool* %{ruby_vendorarchdir}/selinux.so %changelog +* Fri Jan 25 2019 Petr Lautrbach - 2.9-0.rc1.1 +- SELinux userspace 2.9-rc1 release + * Tue Jan 22 2019 Mamoru TASAKA - 2.8-8 - F-30: again rebuild against ruby26 diff --git a/sources b/sources index d932656..18db3bb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libselinux-2.8.tar.gz) = 2f15d08888fbef9b0cf7bf01893b513edc6738974e2d0eab7e3f79cef9be79cf966742b0d2693b5d2ec7defddb5f4d6c6f6280be9d4158ed41f7a18d50b9f019 +SHA512 (libselinux-2.9-rc1.tar.gz) = 15c068b7ad2852a3b6db9a5e192981de8f8257ae4e7f8b57c92755e74c0b5b03ad5489505a84d483fda16b879a20839914eb6a2ee563e37f01f6b3a9ac9c596d