From 4526ce3233bf986ce849d9c0bcebe5f5529d1e2a Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 23 Apr 2018 13:03:18 +0200 Subject: [PATCH] SELinux userspace 2.8-rc1 release candidate --- .gitignore | 1 + libsepol-fedora.patch | 1007 ----------------------------------------- libsepol.spec | 21 +- sources | 2 +- 4 files changed, 15 insertions(+), 1016 deletions(-) diff --git a/.gitignore b/.gitignore index 93a94e0..ccd27b5 100644 --- a/.gitignore +++ b/.gitignore @@ -168,3 +168,4 @@ libsepol-2.0.41.tgz /libsepol-2.5.tar.gz /libsepol-2.6.tar.gz /libsepol-2.7.tar.gz +/libsepol-2.8-rc1.tar.gz diff --git a/libsepol-fedora.patch b/libsepol-fedora.patch index 7603f3c..e69de29 100644 --- a/libsepol-fedora.patch +++ b/libsepol-fedora.patch @@ -1,1007 +0,0 @@ -diff --git libsepol-2.7/cil/include/cil/cil.h libsepol-2.7/cil/include/cil/cil.h -index 86117f2..f8cfc3b 100644 ---- libsepol-2.7/cil/include/cil/cil.h -+++ libsepol-2.7/cil/include/cil/cil.h -@@ -50,6 +50,7 @@ extern int cil_userprefixes_to_string(cil_db_t *db, char **out, size_t *size); - extern int cil_selinuxusers_to_string(cil_db_t *db, char **out, size_t *size); - extern int cil_filecons_to_string(cil_db_t *db, char **out, size_t *size); - extern void cil_set_disable_dontaudit(cil_db_t *db, int disable_dontaudit); -+extern void cil_set_multiple_decls(cil_db_t *db, int multiple_decls); - extern void cil_set_disable_neverallow(cil_db_t *db, int disable_neverallow); - extern void cil_set_preserve_tunables(cil_db_t *db, int preserve_tunables); - extern int cil_set_handle_unknown(cil_db_t *db, int handle_unknown); -diff --git libsepol-2.7/cil/src/cil.c libsepol-2.7/cil/src/cil.c -index c02a41a..2a7ec06 100644 ---- libsepol-2.7/cil/src/cil.c -+++ libsepol-2.7/cil/src/cil.c -@@ -109,6 +109,7 @@ static void cil_init_keys(void) - CIL_KEY_UDP = cil_strpool_add("udp"); - CIL_KEY_TCP = cil_strpool_add("tcp"); - CIL_KEY_DCCP = cil_strpool_add("dccp"); -+ CIL_KEY_SCTP = cil_strpool_add("sctp"); - CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow"); - CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif"); - CIL_KEY_ALLOW = cil_strpool_add("allow"); -@@ -1691,6 +1692,11 @@ void cil_set_mls(struct cil_db *db, int mls) - db->mls = mls; - } - -+void cil_set_multiple_decls(struct cil_db *db, int multiple_decls) -+{ -+ db->multiple_decls = multiple_decls; -+} -+ - void cil_set_target_platform(struct cil_db *db, int target_platform) - { - db->target_platform = target_platform; -@@ -2059,6 +2065,7 @@ void cil_typeattribute_init(struct cil_typeattribute **attr) - (*attr)->expr_list = NULL; - (*attr)->types = NULL; - (*attr)->used = CIL_FALSE; -+ (*attr)->keep = CIL_FALSE; - } - - void cil_typeattributeset_init(struct cil_typeattributeset **attrset) -diff --git libsepol-2.7/cil/src/cil_binary.c libsepol-2.7/cil/src/cil_binary.c -index c0ca60f..0cc6eeb 100644 ---- libsepol-2.7/cil/src/cil_binary.c -+++ libsepol-2.7/cil/src/cil_binary.c -@@ -34,6 +34,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - - #include - #include -@@ -567,7 +570,7 @@ int cil_typeattribute_to_policydb(policydb_t *pdb, struct cil_typeattribute *cil - char *key = NULL; - type_datum_t *sepol_attr = NULL; - -- if (!cil_attr->used) { -+ if (!cil_attr->keep) { - return SEPOL_OK; - } - -@@ -632,7 +635,7 @@ int cil_typeattribute_to_bitmap(policydb_t *pdb, const struct cil_db *db, struct - ebitmap_node_t *tnode; - unsigned int i; - -- if (!cil_attr->used) { -+ if (!cil_attr->keep) { - return SEPOL_OK; - } - -@@ -1442,7 +1445,7 @@ static int __cil_should_expand_attribute( const struct cil_db *db, struct cil_sy - - attr = (struct cil_typeattribute *)datum; - -- return !attr->used || (ebitmap_cardinality(attr->types) < db->attrs_expand_size); -+ return !attr->keep || (ebitmap_cardinality(attr->types) < db->attrs_expand_size); - } - - int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule, cond_node_t *cond_node, enum cil_flavor cond_flavor) -@@ -2525,7 +2528,7 @@ int __cil_constrain_expr_datum_to_sepol_expr(policydb_t *pdb, const struct cil_d - if (rc != SEPOL_OK) { - if (FLAVOR(item->data) == CIL_TYPEATTRIBUTE) { - struct cil_typeattribute *attr = item->data; -- if (!attr->used) { -+ if (!attr->keep) { - rc = 0; - } - } -@@ -3272,6 +3275,9 @@ int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons) - case CIL_PROTOCOL_DCCP: - new_ocon->u.port.protocol = IPPROTO_DCCP; - break; -+ case CIL_PROTOCOL_SCTP: -+ new_ocon->u.port.protocol = IPPROTO_SCTP; -+ break; - default: - /* should not get here */ - rc = SEPOL_ERR; -diff --git libsepol-2.7/cil/src/cil_build_ast.c libsepol-2.7/cil/src/cil_build_ast.c -index 04492e5..b90b0f6 100644 ---- libsepol-2.7/cil/src/cil_build_ast.c -+++ libsepol-2.7/cil/src/cil_build_ast.c -@@ -82,10 +82,33 @@ exit: - return rc; - } - --int cil_gen_node(__attribute__((unused)) struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor) -+/* -+ * Determine whether or not multiple declarations of the same key can share a -+ * datum, given the new datum and the one already present in a given symtab. -+ */ -+int cil_is_datum_multiple_decl(__attribute__((unused)) struct cil_symtab_datum *cur, -+ __attribute__((unused)) struct cil_symtab_datum *old, -+ enum cil_flavor f) -+{ -+ int rc = CIL_FALSE; -+ -+ switch (f) { -+ case CIL_TYPE: -+ case CIL_TYPEATTRIBUTE: -+ /* type and typeattribute statements insert empty datums, ret true */ -+ rc = CIL_TRUE; -+ break; -+ default: -+ break; -+ } -+ return rc; -+} -+ -+int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor) - { - int rc = SEPOL_ERR; - symtab_t *symtab = NULL; -+ struct cil_symtab_datum *prev; - - rc = __cil_verify_name((const char*)key); - if (rc != SEPOL_OK) { -@@ -103,15 +126,26 @@ int cil_gen_node(__attribute__((unused)) struct cil_db *db, struct cil_tree_node - if (symtab != NULL) { - rc = cil_symtab_insert(symtab, (hashtab_key_t)key, datum, ast_node); - if (rc == SEPOL_EEXIST) { -- cil_log(CIL_ERR, "Re-declaration of %s %s\n", -- cil_node_to_string(ast_node), key); -- if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) { -- if (sflavor == CIL_SYM_BLOCKS) { -- struct cil_tree_node *node = datum->nodes->head->data; -- cil_tree_log(node, CIL_ERR, "Previous declaration"); -+ if (!db->multiple_decls || -+ cil_symtab_get_datum(symtab, (hashtab_key_t)key, &prev) != SEPOL_OK || -+ !cil_is_datum_multiple_decl(datum, prev, nflavor)) { -+ -+ /* multiple_decls not ok, ret error */ -+ cil_log(CIL_ERR, "Re-declaration of %s %s\n", -+ cil_node_to_string(ast_node), key); -+ if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) { -+ if (sflavor == CIL_SYM_BLOCKS) { -+ struct cil_tree_node *node = datum->nodes->head->data; -+ cil_tree_log(node, CIL_ERR, "Previous declaration"); -+ } - } -+ goto exit; - } -- goto exit; -+ /* multiple_decls is enabled and works for this datum type, add node */ -+ cil_list_append(prev->nodes, CIL_NODE, ast_node); -+ ast_node->data = prev; -+ cil_symtab_datum_destroy(datum); -+ free(datum); - } - } - -@@ -4371,6 +4405,8 @@ int cil_gen_portcon(struct cil_db *db, struct cil_tree_node *parse_current, stru - portcon->proto = CIL_PROTOCOL_TCP; - } else if (proto == CIL_KEY_DCCP) { - portcon->proto = CIL_PROTOCOL_DCCP; -+ } else if (proto == CIL_KEY_SCTP) { -+ portcon->proto = CIL_PROTOCOL_SCTP; - } else { - cil_log(CIL_ERR, "Invalid protocol\n"); - rc = SEPOL_ERR; -diff --git libsepol-2.7/cil/src/cil_internal.h libsepol-2.7/cil/src/cil_internal.h -index 6d6a7d9..6ff3228 100644 ---- libsepol-2.7/cil/src/cil_internal.h -+++ libsepol-2.7/cil/src/cil_internal.h -@@ -103,6 +103,7 @@ char *CIL_KEY_STAR; - char *CIL_KEY_TCP; - char *CIL_KEY_UDP; - char *CIL_KEY_DCCP; -+char *CIL_KEY_SCTP; - char *CIL_KEY_AUDITALLOW; - char *CIL_KEY_TUNABLEIF; - char *CIL_KEY_ALLOW; -@@ -316,6 +317,7 @@ struct cil_db { - int preserve_tunables; - int handle_unknown; - int mls; -+ int multiple_decls; - int target_platform; - int policy_version; - }; -@@ -530,6 +532,7 @@ struct cil_typeattribute { - struct cil_list *expr_list; - ebitmap_t *types; - int used; // whether or not this attribute was used in a binary policy rule -+ int keep; - }; - - struct cil_typeattributeset { -@@ -738,7 +741,8 @@ struct cil_filecon { - enum cil_protocol { - CIL_PROTOCOL_UDP = 1, - CIL_PROTOCOL_TCP, -- CIL_PROTOCOL_DCCP -+ CIL_PROTOCOL_DCCP, -+ CIL_PROTOCOL_SCTP - }; - - struct cil_ibpkeycon { -diff --git libsepol-2.7/cil/src/cil_policy.c libsepol-2.7/cil/src/cil_policy.c -index 729b6e0..5edab5e 100644 ---- libsepol-2.7/cil/src/cil_policy.c -+++ libsepol-2.7/cil/src/cil_policy.c -@@ -775,7 +775,7 @@ static void cil_classes_to_policy(FILE *out, struct cil_list *classorder) - } - } - --static void cil_defaults_to_policy(FILE *out, struct cil_list *defaults, char *kind) -+static void cil_defaults_to_policy(FILE *out, struct cil_list *defaults, const char *kind) - { - struct cil_list_item *i1, *i2, *i3; - struct cil_default *def; -@@ -1085,7 +1085,7 @@ static void cil_typeattributes_to_policy(FILE *out, struct cil_list *types, stru - type = i1->data; - cil_list_for_each(i2, attributes) { - attribute = i2->data; -- if (!attribute->used) -+ if (!attribute->keep) - continue; - if (ebitmap_get_bit(attribute->types, type->value)) { - if (first) { -@@ -1757,6 +1757,8 @@ static void cil_portcons_to_policy(FILE *out, struct cil_sort *portcons, int mls - fprintf(out, "tcp "); - } else if (portcon->proto == CIL_PROTOCOL_DCCP) { - fprintf(out, "dccp "); -+ } else if (portcon->proto == CIL_PROTOCOL_SCTP) { -+ fprintf(out, "sctp "); - } - if (portcon->port_low == portcon->port_high) { - fprintf(out, "%d ", portcon->port_low); -diff --git libsepol-2.7/cil/src/cil_post.c libsepol-2.7/cil/src/cil_post.c -index ad073e8..a212245 100644 ---- libsepol-2.7/cil/src/cil_post.c -+++ libsepol-2.7/cil/src/cil_post.c -@@ -1297,6 +1297,55 @@ static int cil_typeattribute_used(struct cil_typeattribute *attr, struct cil_db - return CIL_TRUE; - } - -+static void __mark_neverallow_attrs(struct cil_list *expr_list) -+{ -+ struct cil_list_item *curr; -+ -+ cil_list_for_each(curr, expr_list) { -+ if (curr->flavor == CIL_DATUM) { -+ if (NODE(curr->data)->flavor == CIL_TYPEATTRIBUTE) { -+ struct cil_typeattribute *attr = curr->data; -+ if (strstr(DATUM(attr)->name, TYPEATTR_INFIX)) { -+ __mark_neverallow_attrs(attr->expr_list); -+ } else { -+ attr->used |= CIL_ATTR_NEVERALLOW; -+ } -+ } -+ } else if (curr->flavor == CIL_LIST) { -+ __mark_neverallow_attrs(curr->data); -+ } -+ } -+} -+ -+static int __cil_post_db_neverallow_attr_helper(struct cil_tree_node *node, uint32_t *finished, __attribute__((unused)) void *extra_args) -+{ -+ switch (node->flavor) { -+ case CIL_BLOCK: { -+ struct cil_block *blk = node->data; -+ if (blk->is_abstract == CIL_TRUE) { -+ *finished = CIL_TREE_SKIP_HEAD; -+ } -+ break; -+ } -+ case CIL_MACRO: { -+ *finished = CIL_TREE_SKIP_HEAD; -+ break; -+ } -+ case CIL_TYPEATTRIBUTE: { -+ struct cil_typeattribute *attr = node->data; -+ if ((attr->used & CIL_ATTR_NEVERALLOW) && -+ strstr(DATUM(attr)->name, TYPEATTR_INFIX)) { -+ __mark_neverallow_attrs(attr->expr_list); -+ } -+ break; -+ } -+ default: -+ break; -+ } -+ -+ return SEPOL_OK; -+} -+ - static int __cil_post_db_attr_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args) - { - int rc = SEPOL_ERR; -@@ -1320,7 +1369,7 @@ static int __cil_post_db_attr_helper(struct cil_tree_node *node, uint32_t *finis - rc = __evaluate_type_expression(attr, db); - if (rc != SEPOL_OK) goto exit; - } -- attr->used = cil_typeattribute_used(attr, db); -+ attr->keep = cil_typeattribute_used(attr, db); - break; - } - case CIL_ROLEATTRIBUTE: { -@@ -2031,6 +2080,12 @@ static int cil_post_db(struct cil_db *db) - goto exit; - } - -+ rc = cil_tree_walk(db->ast->root, __cil_post_db_neverallow_attr_helper, NULL, NULL, db); -+ if (rc != SEPOL_OK) { -+ cil_log(CIL_INFO, "Failed to mark attributes used by generated attributes used in neverallow rules\n"); -+ goto exit; -+ } -+ - rc = cil_tree_walk(db->ast->root, __cil_post_db_attr_helper, NULL, NULL, db); - if (rc != SEPOL_OK) { - cil_log(CIL_INFO, "Failed to create attribute bitmaps\n"); -diff --git libsepol-2.7/cil/src/cil_reset_ast.c libsepol-2.7/cil/src/cil_reset_ast.c -index 8a13a1c..43e6b88 100644 ---- libsepol-2.7/cil/src/cil_reset_ast.c -+++ libsepol-2.7/cil/src/cil_reset_ast.c -@@ -186,6 +186,7 @@ static void cil_reset_typeattr(struct cil_typeattribute *attr) - attr->expr_list = NULL; - } - attr->used = CIL_FALSE; -+ attr->keep = CIL_FALSE; - } - - static void cil_reset_typeattributeset(struct cil_typeattributeset *tas) -diff --git libsepol-2.7/cil/src/cil_strpool.c libsepol-2.7/cil/src/cil_strpool.c -index b1396d2..97d4c4b 100644 ---- libsepol-2.7/cil/src/cil_strpool.c -+++ libsepol-2.7/cil/src/cil_strpool.c -@@ -119,6 +119,7 @@ void cil_strpool_destroy(void) - if (cil_strpool_readers == 0) { - hashtab_map(cil_strpool_tab, cil_strpool_entry_destroy, NULL); - hashtab_destroy(cil_strpool_tab); -+ cil_strpool_tab = NULL; - } - pthread_mutex_unlock(&cil_strpool_mutex); - } -diff --git libsepol-2.7/cil/src/cil_tree.c libsepol-2.7/cil/src/cil_tree.c -index d36401b..2abbb96 100644 ---- libsepol-2.7/cil/src/cil_tree.c -+++ libsepol-2.7/cil/src/cil_tree.c -@@ -503,15 +503,19 @@ exit: - void cil_tree_print_expr(struct cil_list *datum_expr, struct cil_list *str_expr) - { - char *expr_str; -+ int rc; - - cil_log(CIL_INFO, "("); - - if (datum_expr != NULL) { -- cil_expr_to_string(datum_expr, &expr_str); -+ rc = cil_expr_to_string(datum_expr, &expr_str); - } else { -- cil_expr_to_string(str_expr, &expr_str); -+ rc = cil_expr_to_string(str_expr, &expr_str); -+ } -+ if (rc < 0) { -+ cil_log(CIL_INFO, "ERROR)"); -+ return; - } -- - cil_log(CIL_INFO, "%s)", expr_str); - free(expr_str); - } -@@ -1432,6 +1436,8 @@ void cil_tree_print_node(struct cil_tree_node *node) - cil_log(CIL_INFO, " tcp"); - } else if (portcon->proto == CIL_PROTOCOL_DCCP) { - cil_log(CIL_INFO, " dccp"); -+ } else if (portcon->proto == CIL_PROTOCOL_SCTP) { -+ cil_log(CIL_INFO, " sctp"); - } - cil_log(CIL_INFO, " (%d %d)", portcon->port_low, portcon->port_high); - -diff --git libsepol-2.7/include/Makefile libsepol-2.7/include/Makefile -index 56b7a11..1ad4eca 100644 ---- libsepol-2.7/include/Makefile -+++ libsepol-2.7/include/Makefile -@@ -1,17 +1,17 @@ - # Installation directories. --PREFIX ?= $(DESTDIR)/usr --INCDIR ?= $(PREFIX)/include/sepol -+PREFIX ?= /usr -+INCDIR = $(PREFIX)/include/sepol - CILDIR ?= ../cil - - all: - - install: all -- test -d $(INCDIR) || install -m 755 -d $(INCDIR) -- test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb -- test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil -- install -m 644 $(wildcard sepol/*.h) $(INCDIR) -- install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb -- install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(INCDIR)/cil -+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR) -+ test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d $(DESTDIR)$(INCDIR)/policydb -+ test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d $(DESTDIR)$(INCDIR)/cil -+ install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR) -+ install -m 644 $(wildcard sepol/policydb/*.h) $(DESTDIR)$(INCDIR)/policydb -+ install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(DESTDIR)$(INCDIR)/cil - - indent: - ../../scripts/Lindent $(wildcard sepol/*.h) -diff --git libsepol-2.7/include/sepol/policydb/avtab.h libsepol-2.7/include/sepol/policydb/avtab.h -index 958848e..10ecde9 100644 ---- libsepol-2.7/include/sepol/policydb/avtab.h -+++ libsepol-2.7/include/sepol/policydb/avtab.h -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* - * Updated: Yuichi Nakamura -diff --git libsepol-2.7/include/sepol/policydb/constraint.h libsepol-2.7/include/sepol/policydb/constraint.h -index 927bdc0..b91fc4e 100644 ---- libsepol-2.7/include/sepol/policydb/constraint.h -+++ libsepol-2.7/include/sepol/policydb/constraint.h -@@ -1,4 +1,4 @@ --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git libsepol-2.7/include/sepol/policydb/context.h libsepol-2.7/include/sepol/policydb/context.h -index 2eaa686..c27c334 100644 ---- libsepol-2.7/include/sepol/policydb/context.h -+++ libsepol-2.7/include/sepol/policydb/context.h -@@ -1,4 +1,4 @@ --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git libsepol-2.7/include/sepol/policydb/ebitmap.h libsepol-2.7/include/sepol/policydb/ebitmap.h -index e90371e..94fb7ef 100644 ---- libsepol-2.7/include/sepol/policydb/ebitmap.h -+++ libsepol-2.7/include/sepol/policydb/ebitmap.h -@@ -1,4 +1,4 @@ --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git libsepol-2.7/include/sepol/policydb/flask_types.h libsepol-2.7/include/sepol/policydb/flask_types.h -index e01669c..714176f 100644 ---- libsepol-2.7/include/sepol/policydb/flask_types.h -+++ libsepol-2.7/include/sepol/policydb/flask_types.h -@@ -1,7 +1,7 @@ - /* -*- linux-c -*- */ - - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - - #ifndef _SEPOL_POLICYDB_FLASK_TYPES_H_ -diff --git libsepol-2.7/include/sepol/policydb/hashtab.h libsepol-2.7/include/sepol/policydb/hashtab.h -index ae5674a..ef1bb67 100644 ---- libsepol-2.7/include/sepol/policydb/hashtab.h -+++ libsepol-2.7/include/sepol/policydb/hashtab.h -@@ -1,4 +1,4 @@ --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git libsepol-2.7/include/sepol/policydb/mls_types.h libsepol-2.7/include/sepol/policydb/mls_types.h -index 568386c..a06723b 100644 ---- libsepol-2.7/include/sepol/policydb/mls_types.h -+++ libsepol-2.7/include/sepol/policydb/mls_types.h -@@ -1,4 +1,4 @@ --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - /* - * Updated: Trusted Computer Solutions, Inc. - * -diff --git libsepol-2.7/include/sepol/policydb/policydb.h libsepol-2.7/include/sepol/policydb/policydb.h -index 1b2d782..f8626ef 100644 ---- libsepol-2.7/include/sepol/policydb/policydb.h -+++ libsepol-2.7/include/sepol/policydb/policydb.h -@@ -1,4 +1,4 @@ --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* - * Updated: Joshua Brindle -diff --git libsepol-2.7/include/sepol/policydb/services.h libsepol-2.7/include/sepol/policydb/services.h -index efdf7de..6ef27a8 100644 ---- libsepol-2.7/include/sepol/policydb/services.h -+++ libsepol-2.7/include/sepol/policydb/services.h -@@ -2,7 +2,7 @@ - /* -*- linux-c -*- */ - - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - - #ifndef _SEPOL_POLICYDB_SERVICES_H_ -diff --git libsepol-2.7/include/sepol/policydb/sidtab.h libsepol-2.7/include/sepol/policydb/sidtab.h -index 2df1a50..893e6f0 100644 ---- libsepol-2.7/include/sepol/policydb/sidtab.h -+++ libsepol-2.7/include/sepol/policydb/sidtab.h -@@ -1,4 +1,4 @@ --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git libsepol-2.7/include/sepol/policydb/symtab.h libsepol-2.7/include/sepol/policydb/symtab.h -index 68b5ad4..8b9ddca 100644 ---- libsepol-2.7/include/sepol/policydb/symtab.h -+++ libsepol-2.7/include/sepol/policydb/symtab.h -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git libsepol-2.7/include/sepol/port_record.h libsepol-2.7/include/sepol/port_record.h -index df04ea0..77149cf 100644 ---- libsepol-2.7/include/sepol/port_record.h -+++ libsepol-2.7/include/sepol/port_record.h -@@ -16,6 +16,7 @@ typedef struct sepol_port_key sepol_port_key_t; - #define SEPOL_PROTO_UDP 0 - #define SEPOL_PROTO_TCP 1 - #define SEPOL_PROTO_DCCP 2 -+#define SEPOL_PROTO_SCTP 3 - - /* Key */ - extern int sepol_port_compare(const sepol_port_t * port, -diff --git libsepol-2.7/man/Makefile libsepol-2.7/man/Makefile -index 1192433..9b75454 100644 ---- libsepol-2.7/man/Makefile -+++ libsepol-2.7/man/Makefile -@@ -1,12 +1,13 @@ - # Installation directories. --MAN8DIR ?= $(DESTDIR)/usr/share/man/man8 --MAN3DIR ?= $(DESTDIR)/usr/share/man/man3 -+PREFIX ?= /usr -+MAN8DIR ?= $(PREFIX)/share/man/man8 -+MAN3DIR ?= $(PREFIX)/share/man/man3 - - all: - - install: all -- mkdir -p $(MAN3DIR) -- mkdir -p $(MAN8DIR) -- install -m 644 man3/*.3 $(MAN3DIR) -- install -m 644 man8/*.8 $(MAN8DIR) -+ mkdir -p $(DESTDIR)$(MAN3DIR) -+ mkdir -p $(DESTDIR)$(MAN8DIR) -+ install -m 644 man3/*.3 $(DESTDIR)$(MAN3DIR) -+ install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR) - -diff --git libsepol-2.7/man/man3/sepol_genbools.3 libsepol-2.7/man/man3/sepol_genbools.3 -index dcfb69d..5363383 100644 ---- libsepol-2.7/man/man3/sepol_genbools.3 -+++ libsepol-2.7/man/man3/sepol_genbools.3 -@@ -1,4 +1,4 @@ --.TH "sepol_genbools" "3" "11 August 2004" "sds@epoch.ncsc.mil" "SE Linux binary policy API documentation" -+.TH "sepol_genbools" "3" "11 August 2004" "sds@tycho.nsa.gov" "SE Linux binary policy API documentation" - .SH "NAME" - sepol_genbools \- Rewrite a binary policy with different boolean settings - .SH "SYNOPSIS" -diff --git libsepol-2.7/man/man8/genpolbools.8 libsepol-2.7/man/man8/genpolbools.8 -index afeaced..fc792c8 100644 ---- libsepol-2.7/man/man8/genpolbools.8 -+++ libsepol-2.7/man/man8/genpolbools.8 -@@ -1,4 +1,4 @@ --.TH "genpolbools" "8" "11 August 2004" "sds@epoch.ncsc.mil" "SELinux Command Line documentation" -+.TH "genpolbools" "8" "11 August 2004" "sds@tycho.nsa.gov" "SELinux Command Line documentation" - .SH "NAME" - genpolbools \- Rewrite a binary policy with different boolean settings - .SH "SYNOPSIS" -diff --git libsepol-2.7/src/Makefile libsepol-2.7/src/Makefile -index 819d261..ccb7023 100644 ---- libsepol-2.7/src/Makefile -+++ libsepol-2.7/src/Makefile -@@ -1,10 +1,9 @@ - # Installation directories. --PREFIX ?= $(DESTDIR)/usr -+PREFIX ?= /usr - INCLUDEDIR ?= $(PREFIX)/include - LIBDIR ?= $(PREFIX)/lib --SHLIBDIR ?= $(DESTDIR)/lib -+SHLIBDIR ?= /lib - RANLIB ?= ranlib --LIBBASE ?= $(shell basename $(LIBDIR)) - CILDIR ?= ../cil - - VERSION = $(shell cat ../VERSION) -@@ -52,7 +51,7 @@ $(LIBSO): $(LOBJS) $(LIBMAP) - ln -sf $@ $(TARGET) - - $(LIBPC): $(LIBPC).in ../VERSION -- sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@ -+ sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@ - - $(LIBMAP): $(LIBMAP).in - ifneq ($(DISABLE_CIL),y) -@@ -80,16 +79,16 @@ endif - $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $< - - install: all -- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) -- install -m 644 $(LIBA) $(LIBDIR) -- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) -- install -m 755 $(LIBSO) $(SHLIBDIR) -- test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig -- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig -- $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET) -+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) -+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) -+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR) -+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) -+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig -+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig -+ $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) - - relabel: -- /sbin/restorecon $(SHLIBDIR)/$(LIBSO) -+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO) - - clean: - -rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET) $(CIL_GENERATED) -diff --git libsepol-2.7/src/avtab.c libsepol-2.7/src/avtab.c -index 3854d6f..257f051 100644 ---- libsepol-2.7/src/avtab.c -+++ libsepol-2.7/src/avtab.c -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* - * Updated: Yuichi Nakamura -diff --git libsepol-2.7/src/booleans.c libsepol-2.7/src/booleans.c -index c914a28..30fcf29 100644 ---- libsepol-2.7/src/booleans.c -+++ libsepol-2.7/src/booleans.c -@@ -155,6 +155,7 @@ int sepol_bool_query(sepol_handle_t * handle, - booldatum = hashtab_search(policydb->p_bools.table, name); - if (!booldatum) { - *response = NULL; -+ free(name); - return STATUS_SUCCESS; - } - -diff --git libsepol-2.7/src/ebitmap.c libsepol-2.7/src/ebitmap.c -index 218adc2..76e6e41 100644 ---- libsepol-2.7/src/ebitmap.c -+++ libsepol-2.7/src/ebitmap.c -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git libsepol-2.7/src/hashtab.c libsepol-2.7/src/hashtab.c -index ec49c15..f5407ab 100644 ---- libsepol-2.7/src/hashtab.c -+++ libsepol-2.7/src/hashtab.c -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* - * Updated : Karl MacMillan -diff --git libsepol-2.7/src/ibendport_record.c libsepol-2.7/src/ibendport_record.c -index 912aeb5..bc56f09 100644 ---- libsepol-2.7/src/ibendport_record.c -+++ libsepol-2.7/src/ibendport_record.c -@@ -32,14 +32,11 @@ struct sepol_ibendport_key { - int sepol_ibendport_alloc_ibdev_name(sepol_handle_t *handle, - char **ibdev_name) - { -- char *tmp_ibdev_name = NULL; -- -- tmp_ibdev_name = calloc(1, IB_DEVICE_NAME_MAX); -+ *ibdev_name = calloc(1, IB_DEVICE_NAME_MAX); - -- if (!tmp_ibdev_name) -+ if (!*ibdev_name) - goto omem; - -- *ibdev_name = tmp_ibdev_name; - return STATUS_SUCCESS; - - omem: -diff --git libsepol-2.7/src/kernel_to_cil.c libsepol-2.7/src/kernel_to_cil.c -index f1905a9..b1eb66d 100644 ---- libsepol-2.7/src/kernel_to_cil.c -+++ libsepol-2.7/src/kernel_to_cil.c -@@ -12,6 +12,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - - #include - #include -@@ -2631,6 +2634,7 @@ static int write_selinux_port_rules_to_cil(FILE *out, struct policydb *pdb) - case IPPROTO_TCP: protocol = "tcp"; break; - case IPPROTO_UDP: protocol = "udp"; break; - case IPPROTO_DCCP: protocol = "dccp"; break; -+ case IPPROTO_SCTP: protocol = "sctp"; break; - default: - sepol_log_err("Unknown portcon protocol: %i", portcon->u.port.protocol); - rc = -1; -@@ -2788,7 +2792,7 @@ static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb) - { - struct ocontext *ibpkeycon; - char subnet_prefix_str[INET6_ADDRSTRLEN]; -- struct in6_addr subnet_prefix = {0}; -+ struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT; - uint16_t low; - uint16_t high; - char low_high_str[44]; /* 2^64 <= 20 digits so "(low high)" <= 44 chars */ -diff --git libsepol-2.7/src/kernel_to_common.c libsepol-2.7/src/kernel_to_common.c -index 01ffc8f..342bc3c 100644 ---- libsepol-2.7/src/kernel_to_common.c -+++ libsepol-2.7/src/kernel_to_common.c -@@ -10,6 +10,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - - #include - #include -diff --git libsepol-2.7/src/kernel_to_conf.c libsepol-2.7/src/kernel_to_conf.c -index a74873f..9540520 100644 ---- libsepol-2.7/src/kernel_to_conf.c -+++ libsepol-2.7/src/kernel_to_conf.c -@@ -11,6 +11,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - - #include - #include -@@ -2491,6 +2494,7 @@ static int write_selinux_port_rules_to_conf(FILE *out, struct policydb *pdb) - case IPPROTO_TCP: protocol = "tcp"; break; - case IPPROTO_UDP: protocol = "udp"; break; - case IPPROTO_DCCP: protocol = "dccp"; break; -+ case IPPROTO_SCTP: protocol = "sctp"; break; - default: - sepol_log_err("Unknown portcon protocol: %i", portcon->u.port.protocol); - rc = -1; -@@ -2649,7 +2653,7 @@ static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb) - { - struct ocontext *ibpkeycon; - char subnet_prefix_str[INET6_ADDRSTRLEN]; -- struct in6_addr subnet_prefix = {0}; -+ struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT; - uint16_t low; - uint16_t high; - char low_high_str[44]; /* 2^64 <= 20 digits so "low-high" <= 44 chars */ -diff --git libsepol-2.7/src/libsepol.map.in libsepol-2.7/src/libsepol.map.in -index dd1fec2..d879016 100644 ---- libsepol-2.7/src/libsepol.map.in -+++ libsepol-2.7/src/libsepol.map.in -@@ -49,10 +49,13 @@ LIBSEPOL_1.1 { - cil_set_mls; - cil_set_attrs_expand_generated; - cil_set_attrs_expand_size; -+ cil_set_multiple_decls; - cil_write_policy_conf; - sepol_ppfile_to_module_package; - sepol_module_package_to_cil; - sepol_module_policydb_to_cil; - sepol_kernel_policydb_to_cil; - sepol_kernel_policydb_to_conf; -+ sepol_polcap_getnum; -+ sepol_polcap_getname; - } LIBSEPOL_1.0; -diff --git libsepol-2.7/src/libsepol.pc.in libsepol-2.7/src/libsepol.pc.in -index e52f589..f807fec 100644 ---- libsepol-2.7/src/libsepol.pc.in -+++ libsepol-2.7/src/libsepol.pc.in -@@ -1,6 +1,6 @@ - prefix=@prefix@ - exec_prefix=${prefix} --libdir=${exec_prefix}/@libdir@ -+libdir=@libdir@ - includedir=@includedir@ - - Name: libsepol -diff --git libsepol-2.7/src/mls.c libsepol-2.7/src/mls.c -index be85475..bf1fdbd 100644 ---- libsepol-2.7/src/mls.c -+++ libsepol-2.7/src/mls.c -@@ -1,4 +1,4 @@ --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - /* - * Updated: Trusted Computer Solutions, Inc. - * -diff --git libsepol-2.7/src/mls.h libsepol-2.7/src/mls.h -index 98da3d3..5ca3cd5 100644 ---- libsepol-2.7/src/mls.h -+++ libsepol-2.7/src/mls.h -@@ -1,4 +1,4 @@ --/* Author: Stephen Smalley, -+/* Author: Stephen Smalley, - * Updated: Trusted Computer Solutions, Inc. - * - * Support for enhanced MLS infrastructure. -diff --git libsepol-2.7/src/module_to_cil.c libsepol-2.7/src/module_to_cil.c -index 619a48f..5b8ed19 100644 ---- libsepol-2.7/src/module_to_cil.c -+++ libsepol-2.7/src/module_to_cil.c -@@ -30,6 +30,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - #include - #include - #include -@@ -2656,6 +2659,7 @@ static int ocontext_selinux_port_to_cil(struct policydb *pdb, struct ocontext *p - case IPPROTO_TCP: protocol = "tcp"; break; - case IPPROTO_UDP: protocol = "udp"; break; - case IPPROTO_DCCP: protocol = "dccp"; break; -+ case IPPROTO_SCTP: protocol = "sctp"; break; - default: - log_err("Unknown portcon protocol: %i", portcon->u.port.protocol); - rc = -1; -@@ -2687,7 +2691,7 @@ static int ocontext_selinux_ibpkey_to_cil(struct policydb *pdb, - int rc = -1; - struct ocontext *ibpkeycon; - char subnet_prefix_str[INET6_ADDRSTRLEN]; -- struct in6_addr subnet_prefix = {0}; -+ struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT; - uint16_t high; - uint16_t low; - -diff --git libsepol-2.7/src/policydb.c libsepol-2.7/src/policydb.c -index 691101e..c752123 100644 ---- libsepol-2.7/src/policydb.c -+++ libsepol-2.7/src/policydb.c -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* - * Updated: Trusted Computer Solutions, Inc. -@@ -1420,6 +1420,8 @@ void ocontext_selinux_free(ocontext_t **ocontexts) - if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF - || i == OCON_FSUSE) - free(ctmp->u.name); -+ else if (i == OCON_IBENDPORT) -+ free(ctmp->u.ibendport.dev_name); - free(ctmp); - } - } -diff --git libsepol-2.7/src/port_record.c libsepol-2.7/src/port_record.c -index ed9093b..15fb198 100644 ---- libsepol-2.7/src/port_record.c -+++ libsepol-2.7/src/port_record.c -@@ -186,6 +186,8 @@ const char *sepol_port_get_proto_str(int proto) - return "tcp"; - case SEPOL_PROTO_DCCP: - return "dccp"; -+ case SEPOL_PROTO_SCTP: -+ return "sctp"; - default: - return "???"; - } -diff --git libsepol-2.7/src/ports.c libsepol-2.7/src/ports.c -index 62ec602..cc55863 100644 ---- libsepol-2.7/src/ports.c -+++ libsepol-2.7/src/ports.c -@@ -2,6 +2,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - #include - - #include "debug.h" -@@ -21,6 +24,8 @@ static inline int sepol2ipproto(sepol_handle_t * handle, int proto) - return IPPROTO_UDP; - case SEPOL_PROTO_DCCP: - return IPPROTO_DCCP; -+ case SEPOL_PROTO_SCTP: -+ return IPPROTO_SCTP; - default: - ERR(handle, "unsupported protocol %u", proto); - return STATUS_ERR; -@@ -37,6 +42,8 @@ static inline int ipproto2sepol(sepol_handle_t * handle, int proto) - return SEPOL_PROTO_UDP; - case IPPROTO_DCCP: - return SEPOL_PROTO_DCCP; -+ case IPPROTO_SCTP: -+ return SEPOL_PROTO_SCTP; - default: - ERR(handle, "invalid protocol %u " "found in policy", proto); - return STATUS_ERR; -diff --git libsepol-2.7/src/services.c libsepol-2.7/src/services.c -index 10338a6..d40793e 100644 ---- libsepol-2.7/src/services.c -+++ libsepol-2.7/src/services.c -@@ -1,6 +1,6 @@ - - /* -- * Author : Stephen Smalley, -+ * Author : Stephen Smalley, - */ - /* - * Updated: Trusted Computer Solutions, Inc. -diff --git libsepol-2.7/src/sidtab.c libsepol-2.7/src/sidtab.c -index 5bd7999..23b2e8f 100644 ---- libsepol-2.7/src/sidtab.c -+++ libsepol-2.7/src/sidtab.c -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git libsepol-2.7/src/symtab.c libsepol-2.7/src/symtab.c -index c1e625d..9a417ca 100644 ---- libsepol-2.7/src/symtab.c -+++ libsepol-2.7/src/symtab.c -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* FLASK */ - -diff --git libsepol-2.7/src/write.c libsepol-2.7/src/write.c -index e486e28..1fb3095 100644 ---- libsepol-2.7/src/write.c -+++ libsepol-2.7/src/write.c -@@ -1,5 +1,5 @@ - --/* Author : Stephen Smalley, */ -+/* Author : Stephen Smalley, */ - - /* - * Updated: Trusted Computer Solutions, Inc. -diff --git libsepol-2.7/utils/Makefile libsepol-2.7/utils/Makefile -index fba1d8a..31932c1 100644 ---- libsepol-2.7/utils/Makefile -+++ libsepol-2.7/utils/Makefile -@@ -1,5 +1,5 @@ - # Installation directories. --PREFIX ?= $(DESTDIR)/usr -+PREFIX ?= /usr - BINDIR ?= $(PREFIX)/bin - - CFLAGS ?= -Wall -Werror -@@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) - all: $(TARGETS) - - install: all -- -mkdir -p $(BINDIR) -- install -m 755 $(TARGETS) $(BINDIR) -+ -mkdir -p $(DESTDIR)$(BINDIR) -+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) - - clean: - -rm -f $(TARGETS) *.o diff --git a/libsepol.spec b/libsepol.spec index 091843a..3f85906 100644 --- a/libsepol.spec +++ b/libsepol.spec @@ -1,14 +1,16 @@ -Summary: SELinux binary policy manipulation library +%global rcversion rc1 + +Summary: SELinux binary policy manipulation library Name: libsepol -Version: 2.7 -Release: 6%{?dist} +Version: 2.8 +Release: 0%{?rcversion:.%rcversion}.1%{?dist} License: LGPLv2+ -Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/libsepol-2.7.tar.gz +Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180419/libsepol-2.8-rc1.tar.gz # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # run: -# $ VERSION=2.7 ./make-fedora-selinux-patch.sh libsepol -# HEAD https://github.com/fedora-selinux/selinux/commit/0a28664012ec7383cf5cbdef4ad2dbedf1f70707 -Patch1: libsepol-fedora.patch +# $ VERSION=2.8-rc1 ./make-fedora-selinux-patch.sh libsepol +# HEAD https://github.com/fedora-selinux/selinux/commit/5127dfaae645986169b50a7295d4961a4959006a +# Patch1: libsepol-fedora.patch URL: https://github.com/SELinuxProject/selinux/wiki BuildRequires: gcc BuildRequires: flex @@ -46,7 +48,7 @@ The libsepol-static package contains the static libraries and header files needed for developing applications that manipulate binary policies. %prep -%autosetup -p 1 -n libsepol-%{version} +%autosetup -p 1 -n libsepol-%{version}%{?rcversion:-%rcversion} # sparc64 is an -fPIC arch, so we need to fix it here %ifarch sparc64 @@ -97,6 +99,9 @@ exit 0 %{_libdir}/libsepol.so.1 %changelog +* Mon Apr 23 2018 Petr Lautrbach - 2.0-0.rc1.1 +- SELinux userspace 2.8-rc1 release candidate + * Wed Mar 21 2018 Petr Lautrbach - 2.7-6 - Prevent freeing unitialized value in ibendport handling - Add support for the SCTP portcon keyword diff --git a/sources b/sources index 8ae933c..a8d3d33 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libsepol-2.7.tar.gz) = 1d308c17bfea2659f9dc4877ab685449a5a33dff7260e62b603cde9551bed2010360b71a896c6dfcdb8b9fe86ecebc9f6b3225e6c3573a80fca8578a9d561b47 +SHA512 (libsepol-2.8-rc1.tar.gz) = 79307249604207b52af154ee17c96b90ea31c44d208935a06b276975c7521b84f8c96f9f2dd578478d2baa974fe5777c5f1417073eba828202fa227cf2ea383d