From 2ce185adedc2fadee09b53ae8eb42d9f7ba7926e Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 21 Mar 2018 16:37:35 +0100 Subject: [PATCH] libsemanage-2.7-12 - build: Replace PYSITEDIR with PYTHONLIBDIR - direct_api.c: Fix iterating over array (#1557468) --- libsemanage-fedora.patch | 364 +++++++++++++++++++++++++++++++++++---- libsemanage.spec | 12 +- 2 files changed, 343 insertions(+), 33 deletions(-) diff --git a/libsemanage-fedora.patch b/libsemanage-fedora.patch index 9e797fb..3f0cbc5 100644 --- a/libsemanage-fedora.patch +++ b/libsemanage-fedora.patch @@ -56,7 +56,7 @@ index 852043d..8667c9b 100644 + install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR) diff --git libsemanage-2.7/src/Makefile libsemanage-2.7/src/Makefile -index fdb178f..e98d876 100644 +index fdb178f..dea751e 100644 --- libsemanage-2.7/src/Makefile +++ libsemanage-2.7/src/Makefile @@ -8,21 +8,18 @@ RUBYPREFIX ?= $(notdir $(RUBY)) @@ -71,7 +71,7 @@ index fdb178f..e98d876 100644 PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])') -+PYSITEDIR ?= $(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])') ++PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))") PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])') RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]') RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]') @@ -117,9 +117,9 @@ index fdb178f..e98d876 100644 - test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR) - install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT) - install -m 644 semanage.py $(PYSITEDIR) -+ test -d $(DESTDIR)$(PYSITEDIR) || install -m 755 -d $(DESTDIR)$(PYSITEDIR) -+ install -m 755 $(SWIGSO) $(DESTDIR)$(PYSITEDIR)/_semanage$(PYCEXT) -+ install -m 644 semanage.py $(DESTDIR)$(PYSITEDIR) ++ test -d $(DESTDIR)$(PYTHONLIBDIR) || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR) ++ install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_semanage$(PYCEXT) ++ install -m 644 semanage.py $(DESTDIR)$(PYTHONLIBDIR) install-rubywrap: rubywrap @@ -169,10 +169,26 @@ index 8ce2e2c..c8f4ff0 100644 } diff --git libsemanage-2.7/src/direct_api.c libsemanage-2.7/src/direct_api.c -index 65842df..92d7517 100644 +index 65842df..e7ec952 100644 --- libsemanage-2.7/src/direct_api.c +++ libsemanage-2.7/src/direct_api.c -@@ -148,9 +148,6 @@ int semanage_direct_connect(semanage_handle_t * sh) +@@ -60,6 +60,7 @@ + + #define PIPE_READ 0 + #define PIPE_WRITE 1 ++#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) + + static void semanage_direct_destroy(semanage_handle_t * sh); + static int semanage_direct_disconnect(semanage_handle_t * sh); +@@ -140,6 +141,7 @@ int semanage_direct_is_managed(semanage_handle_t * sh) + int semanage_direct_connect(semanage_handle_t * sh) + { + const char *path; ++ struct stat sb; + + if (semanage_check_init(sh, sh->conf->store_root_path)) + goto err; +@@ -148,9 +150,6 @@ int semanage_direct_connect(semanage_handle_t * sh) if (semanage_create_store(sh, 1)) goto err; @@ -182,7 +198,7 @@ index 65842df..92d7517 100644 sh->u.direct.translock_file_fd = -1; sh->u.direct.activelock_file_fd = -1; -@@ -210,6 +207,12 @@ int semanage_direct_connect(semanage_handle_t * sh) +@@ -210,6 +209,12 @@ int semanage_direct_connect(semanage_handle_t * sh) semanage_fcontext_dbase_local(sh)) < 0) goto err; @@ -195,7 +211,26 @@ index 65842df..92d7517 100644 if (seuser_file_dbase_init(sh, semanage_path(SEMANAGE_ACTIVE, SEMANAGE_SEUSERS_LOCAL), -@@ -317,25 +320,43 @@ static void semanage_direct_destroy(semanage_handle_t * sh +@@ -299,10 +304,16 @@ int semanage_direct_connect(semanage_handle_t * sh) + + /* set the disable dontaudit value */ + path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_DISABLE_DONTAUDIT); +- if (access(path, F_OK) == 0) ++ ++ if (stat(path, &sb) == 0) + sepol_set_disable_dontaudit(sh->sepolh, 1); +- else ++ else if (errno == ENOENT) { ++ /* The file does not exist */ + sepol_set_disable_dontaudit(sh->sepolh, 0); ++ } else { ++ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); ++ goto err; ++ } + + return STATUS_SUCCESS; + +@@ -317,25 +328,43 @@ static void semanage_direct_destroy(semanage_handle_t * sh /* do nothing */ } @@ -248,7 +283,7 @@ index 65842df..92d7517 100644 semanage_release_trans_lock(sh); } -@@ -349,6 +370,7 @@ static int semanage_direct_disconnect(semanage_handle_t * sh) +@@ -349,6 +378,7 @@ static int semanage_direct_disconnect(semanage_handle_t * sh) iface_file_dbase_release(semanage_iface_dbase_local(sh)); bool_file_dbase_release(semanage_bool_dbase_local(sh)); fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh)); @@ -256,7 +291,7 @@ index 65842df..92d7517 100644 seuser_file_dbase_release(semanage_seuser_dbase_local(sh)); node_file_dbase_release(semanage_node_dbase_local(sh)); -@@ -368,15 +390,11 @@ static int semanage_direct_disconnect(semanage_handle_t * sh) +@@ -368,15 +398,11 @@ static int semanage_direct_disconnect(semanage_handle_t * sh) /* Release object databases: active kernel policy */ bool_activedb_dbase_release(semanage_bool_dbase_active(sh)); @@ -273,7 +308,30 @@ index 65842df..92d7517 100644 if (semanage_get_trans_lock(sh) < 0) { return -1; } -@@ -1153,6 +1171,14 @@ cleanup: +@@ -1121,6 +1147,7 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh, + int status = 0; + int i; + char cil_path[PATH_MAX]; ++ struct stat sb; + + assert(sh); + assert(modinfos); +@@ -1137,9 +1164,13 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh, + } + + if (semanage_get_ignore_module_cache(sh) == 0 && +- access(cil_path, F_OK) == 0) { ++ (status = stat(cil_path, &sb)) == 0) { + continue; + } ++ if (status != 0 && errno != ENOENT) { ++ ERR(sh, "Unable to access %s: %s\n", cil_path, strerror(errno)); ++ goto cleanup; //an error in the "stat" call ++ } + + status = semanage_compile_module(sh, &modinfos[i]); + if (status < 0) { +@@ -1153,6 +1184,14 @@ cleanup: return status; } @@ -288,15 +346,158 @@ index 65842df..92d7517 100644 /********************* direct API functions ********************/ /* Commits all changes in sandbox to the actual kernel policy. -@@ -1169,6 +1195,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) +@@ -1169,6 +1208,8 @@ static int semanage_direct_commit(semanage_handle_t * sh) sepol_policydb_t *out = NULL; struct cil_db *cildb = NULL; semanage_module_info_t *modinfos = NULL; + mode_t mask = umask(0077); ++ struct stat sb; int do_rebuild, do_write_kernel, do_install; int fcontexts_modified, ports_modified, seusers_modified, -@@ -1544,44 +1571,44 @@ rebuild: +@@ -1207,10 +1248,16 @@ static int semanage_direct_commit(semanage_handle_t * sh) + + /* Create or remove the disable_dontaudit flag file. */ + path = semanage_path(SEMANAGE_TMP, SEMANAGE_DISABLE_DONTAUDIT); +- if (access(path, F_OK) == 0) ++ if (stat(path, &sb) == 0) + do_rebuild |= !(sepol_get_disable_dontaudit(sh->sepolh) == 1); +- else ++ else if (errno == ENOENT) { ++ /* The file does not exist */ + do_rebuild |= (sepol_get_disable_dontaudit(sh->sepolh) == 1); ++ } else { ++ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); ++ retval = -1; ++ goto cleanup; ++ } + if (sepol_get_disable_dontaudit(sh->sepolh) == 1) { + FILE *touch; + touch = fopen(path, "w"); +@@ -1232,10 +1279,17 @@ static int semanage_direct_commit(semanage_handle_t * sh) + + /* Create or remove the preserve_tunables flag file. */ + path = semanage_path(SEMANAGE_TMP, SEMANAGE_PRESERVE_TUNABLES); +- if (access(path, F_OK) == 0) ++ if (stat(path, &sb) == 0) + do_rebuild |= !(sepol_get_preserve_tunables(sh->sepolh) == 1); +- else ++ else if (errno == ENOENT) { ++ /* The file does not exist */ + do_rebuild |= (sepol_get_preserve_tunables(sh->sepolh) == 1); ++ } else { ++ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); ++ retval = -1; ++ goto cleanup; ++ } ++ + if (sepol_get_preserve_tunables(sh->sepolh) == 1) { + FILE *touch; + touch = fopen(path, "w"); +@@ -1272,40 +1326,25 @@ static int semanage_direct_commit(semanage_handle_t * sh) + * a rebuild. + */ + if (!do_rebuild) { +- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL); +- if (access(path, F_OK) != 0) { +- do_rebuild = 1; +- goto rebuild; +- } +- +- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC); +- if (access(path, F_OK) != 0) { +- do_rebuild = 1; +- goto rebuild; +- } +- +- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS); +- if (access(path, F_OK) != 0) { +- do_rebuild = 1; +- goto rebuild; +- } +- +- path = semanage_path(SEMANAGE_TMP, SEMANAGE_LINKED); +- if (access(path, F_OK) != 0) { +- do_rebuild = 1; +- goto rebuild; +- } +- +- path = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS_LINKED); +- if (access(path, F_OK) != 0) { +- do_rebuild = 1; +- goto rebuild; +- } ++ int files[] = {SEMANAGE_STORE_KERNEL, ++ SEMANAGE_STORE_FC, ++ SEMANAGE_STORE_SEUSERS, ++ SEMANAGE_LINKED, ++ SEMANAGE_SEUSERS_LINKED, ++ SEMANAGE_USERS_EXTRA_LINKED}; ++ ++ for (i = 0; i < (int) ARRAY_SIZE(files); i++) { ++ path = semanage_path(SEMANAGE_TMP, files[i]); ++ if (stat(path, &sb) != 0) { ++ if (errno != ENOENT) { ++ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); ++ retval = -1; ++ goto cleanup; ++ } + +- path = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA_LINKED); +- if (access(path, F_OK) != 0) { +- do_rebuild = 1; +- goto rebuild; ++ do_rebuild = 1; ++ goto rebuild; ++ } + } + } + +@@ -1438,7 +1477,7 @@ rebuild: + goto cleanup; + + path = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS_LINKED); +- if (access(path, F_OK) == 0) { ++ if (stat(path, &sb) == 0) { + retval = semanage_copy_file(path, + semanage_path(SEMANAGE_TMP, + SEMANAGE_STORE_SEUSERS), +@@ -1446,12 +1485,17 @@ rebuild: + if (retval < 0) + goto cleanup; + pseusers->dtable->drop_cache(pseusers->dbase); +- } else { ++ } else if (errno == ENOENT) { ++ /* The file does not exist */ + pseusers->dtable->clear(sh, pseusers->dbase); ++ } else { ++ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); ++ retval = -1; ++ goto cleanup; + } + + path = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA_LINKED); +- if (access(path, F_OK) == 0) { ++ if (stat(path, &sb) == 0) { + retval = semanage_copy_file(path, + semanage_path(SEMANAGE_TMP, + SEMANAGE_USERS_EXTRA), +@@ -1459,8 +1503,13 @@ rebuild: + if (retval < 0) + goto cleanup; + pusers_extra->dtable->drop_cache(pusers_extra->dbase); +- } else { ++ } else if (errno == ENOENT) { ++ /* The file does not exist */ + pusers_extra->dtable->clear(sh, pusers_extra->dbase); ++ } else { ++ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); ++ retval = -1; ++ goto cleanup; + } + } + +@@ -1544,44 +1593,44 @@ rebuild: goto cleanup; } @@ -370,7 +571,7 @@ index 65842df..92d7517 100644 } } else { WARN(sh, "WARNING: genhomedircon is disabled. \ -@@ -1618,17 +1645,21 @@ cleanup: +@@ -1618,17 +1667,21 @@ cleanup: free(mod_filenames); sepol_policydb_free(out); cil_db_destroy(&cildb); @@ -400,7 +601,54 @@ index 65842df..92d7517 100644 return retval; } -@@ -2000,6 +2031,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, +@@ -1786,6 +1839,7 @@ static int semanage_direct_extract(semanage_handle_t * sh, + ssize_t _data_len; + char *_data; + int compressed; ++ struct stat sb; + + /* get path of module */ + rc = semanage_module_get_path( +@@ -1798,8 +1852,8 @@ static int semanage_direct_extract(semanage_handle_t * sh, + goto cleanup; + } + +- if (access(module_path, F_OK) != 0) { +- ERR(sh, "Module does not exist: %s", module_path); ++ if (stat(module_path, &sb) != 0) { ++ ERR(sh, "Unable to access %s: %s\n", module_path, strerror(errno)); + rc = -1; + goto cleanup; + } +@@ -1828,7 +1882,13 @@ static int semanage_direct_extract(semanage_handle_t * sh, + goto cleanup; + } + +- if (extract_cil == 1 && strcmp(_modinfo->lang_ext, "cil") && access(input_file, F_OK) != 0) { ++ if (extract_cil == 1 && strcmp(_modinfo->lang_ext, "cil") && stat(input_file, &sb) != 0) { ++ if (errno != ENOENT) { ++ ERR(sh, "Unable to access %s: %s\n", input_file, strerror(errno)); ++ rc = -1; ++ goto cleanup; ++ } ++ + rc = semanage_compile_module(sh, _modinfo); + if (rc < 0) { + goto cleanup; +@@ -1973,6 +2033,12 @@ static int semanage_direct_get_enabled(semanage_handle_t *sh, + } + + if (stat(path, &sb) < 0) { ++ if (errno != ENOENT) { ++ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); ++ status = -1; ++ goto cleanup; ++ } ++ + *enabled = 1; + } + else { +@@ -2000,6 +2066,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, const char *path = NULL; FILE *fp = NULL; semanage_module_info_t *modinfo = NULL; @@ -408,7 +656,7 @@ index 65842df..92d7517 100644 /* check transaction */ if (!sh->is_in_transaction) { -@@ -2060,7 +2092,9 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, +@@ -2060,7 +2127,9 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, switch (enabled) { case 0: /* disable the module */ @@ -418,15 +666,31 @@ index 65842df..92d7517 100644 if (fp == NULL) { ERR(sh, -@@ -2706,6 +2740,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, +@@ -2296,6 +2365,12 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, + + /* set enabled/disabled status */ + if (stat(fn, &sb) < 0) { ++ if (errno != ENOENT) { ++ ERR(sh, "Unable to access %s: %s\n", fn, strerror(errno)); ++ status = -1; ++ goto cleanup; ++ } ++ + ret = semanage_module_info_set_enabled(sh, *modinfo, 1); + if (ret != 0) { + status = -1; +@@ -2704,8 +2779,10 @@ static int semanage_direct_install_info(semanage_handle_t *sh, + int status = 0; + int ret = 0; int type; ++ struct stat sb; char path[PATH_MAX]; + mode_t mask = umask(0077); semanage_module_info_t *higher_info = NULL; semanage_module_key_t higher_key; -@@ -2754,7 +2789,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, +@@ -2754,7 +2831,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, if (higher_info->enabled == 0 && modinfo->enabled == -1) { errno = 0; WARN(sh, @@ -435,7 +699,16 @@ index 65842df..92d7517 100644 modinfo->name); } } -@@ -2817,6 +2852,7 @@ cleanup: +@@ -2803,7 +2880,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, + goto cleanup; + } + +- if (access(path, F_OK) == 0) { ++ if (stat(path, &sb) == 0) { + ret = unlink(path); + if (ret != 0) { + ERR(sh, "Error while removing cached CIL file %s: %s", path, strerror(errno)); +@@ -2817,6 +2894,7 @@ cleanup: semanage_module_key_destroy(sh, &higher_key); semanage_module_info_destroy(sh, higher_info); free(higher_info); @@ -568,7 +841,7 @@ index d3eaa06..43681dd 100644 Name: libsemanage diff --git libsemanage-2.7/src/semanage_store.c libsemanage-2.7/src/semanage_store.c -index 6158d08..4bd1d65 100644 +index 6158d08..14ad99c 100644 --- libsemanage-2.7/src/semanage_store.c +++ libsemanage-2.7/src/semanage_store.c @@ -116,6 +116,7 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = { @@ -579,7 +852,24 @@ index 6158d08..4bd1d65 100644 "/file_contexts", "/seusers" }; -@@ -537,7 +538,6 @@ char *semanage_conf_path(void) +@@ -513,6 +514,7 @@ char *semanage_conf_path(void) + { + char *semanage_conf = NULL; + int len; ++ struct stat sb; + + len = strlen(semanage_root()) + strlen(selinux_path()) + strlen(SEMANAGE_CONF_FILE); + semanage_conf = calloc(len + 1, sizeof(char)); +@@ -521,7 +523,7 @@ char *semanage_conf_path(void) + snprintf(semanage_conf, len + 1, "%s%s%s", semanage_root(), selinux_path(), + SEMANAGE_CONF_FILE); + +- if (access(semanage_conf, R_OK) != 0) { ++ if (stat(semanage_conf, &sb) != 0 && errno == ENOENT) { + snprintf(semanage_conf, len + 1, "%s%s", selinux_path(), SEMANAGE_CONF_FILE); + } + +@@ -537,7 +539,6 @@ char *semanage_conf_path(void) int semanage_create_store(semanage_handle_t * sh, int create) { struct stat sb; @@ -587,7 +877,7 @@ index 6158d08..4bd1d65 100644 const char *path = semanage_files[SEMANAGE_ROOT]; int fd; -@@ -556,9 +556,9 @@ int semanage_create_store(semanage_handle_t * sh, int create) +@@ -556,9 +557,9 @@ int semanage_create_store(semanage_handle_t * sh, int create) return -1; } } else { @@ -599,7 +889,7 @@ index 6158d08..4bd1d65 100644 path); return -1; } -@@ -579,9 +579,9 @@ int semanage_create_store(semanage_handle_t * sh, int create) +@@ -579,9 +580,9 @@ int semanage_create_store(semanage_handle_t * sh, int create) return -1; } } else { @@ -611,7 +901,7 @@ index 6158d08..4bd1d65 100644 path); return -1; } -@@ -602,9 +602,9 @@ int semanage_create_store(semanage_handle_t * sh, int create) +@@ -602,9 +603,9 @@ int semanage_create_store(semanage_handle_t * sh, int create) return -1; } } else { @@ -623,7 +913,7 @@ index 6158d08..4bd1d65 100644 path); return -1; } -@@ -623,8 +623,8 @@ int semanage_create_store(semanage_handle_t * sh, int create) +@@ -623,8 +624,8 @@ int semanage_create_store(semanage_handle_t * sh, int create) return -1; } } else { @@ -634,7 +924,23 @@ index 6158d08..4bd1d65 100644 return -1; } } -@@ -1739,9 +1739,9 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) +@@ -1508,8 +1509,14 @@ int semanage_split_fc(semanage_handle_t * sh) + static int sefcontext_compile(semanage_handle_t * sh, const char *path) { + + int r; ++ struct stat sb; ++ ++ if (stat(path, &sb) < 0) { ++ if (errno != ENOENT) { ++ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); ++ return -1; ++ } + +- if (access(path, F_OK) != 0) { + return 0; + } + +@@ -1739,9 +1746,9 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) if (!sh->conf->save_previous) { int errsv = errno; @@ -646,7 +952,7 @@ index 6158d08..4bd1d65 100644 goto cleanup; } errno = errsv; -@@ -2098,6 +2098,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, +@@ -2098,6 +2105,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, const char *kernel_filename = NULL; struct sepol_policy_file *pf = NULL; FILE *outfile = NULL; @@ -654,7 +960,7 @@ index 6158d08..4bd1d65 100644 if ((kernel_filename = semanage_path(SEMANAGE_TMP, file)) == NULL) { -@@ -2126,6 +2127,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, +@@ -2126,6 +2134,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, if (outfile != NULL) { fclose(outfile); } diff --git a/libsemanage.spec b/libsemanage.spec index a07270e..d0e0eed 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -1,16 +1,16 @@ -%define libsepolver 2.7-5 -%define libselinuxver 2.7-12 +%define libsepolver 2.7-6 +%define libselinuxver 2.7-13 Summary: SELinux binary policy manipulation library Name: libsemanage Version: 2.7 -Release: 11%{?dist} +Release: 12%{?dist} License: LGPLv2+ Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/libsemanage-2.7.tar.gz # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # run: # $ VERSION=2.7 ./make-fedora-selinux-patch.sh libsemanage -# HEAD https://github.com/fedora-selinux/selinux/commit/7888343a2885bbf9739503055dfa6fa69f8b7213 +# HEAD https://github.com/fedora-selinux/selinux/commit/0a28664012ec7383cf5cbdef4ad2dbedf1f70707 Patch1: libsemanage-fedora.patch URL: https://github.com/SELinuxProject/selinux/wiki Source1: semanage.conf @@ -179,6 +179,10 @@ sed -i '1s%\(#! */usr/bin/python\)\([^3].*\|\)$%\13\2%' %{buildroot}%{_libexecdi %{_libexecdir}/selinux/semanage_migrate_store %changelog +* Wed Mar 21 2018 Petr Lautrbach - 2.7-12 +- build: Replace PYSITEDIR with PYTHONLIBDIR +- direct_api.c: Fix iterating over array (#1557468) + * Fri Mar 16 2018 Petr Lautrbach - 2.7-11 - Revert "remove access() check to make setuid programs work" (#1557468)