setools-4.2.0-1

- Changes since 4.2.0-rc -- Restored missing statement() methods in some policyrep classes -- Fixed NULL pointer dereference when iterating over type attributes when the policy has none -- Added xdp_socket permission mapping
2018-11-14 17:12:12 +01:00 · 2018-11-14 17:12:12 +01:00 · 522fb13c60
parent c6b3f2cce1
commit 522fb13c60
7 changed files with 9 additions and 164 deletions
--- a/.gitignore
+++ b/.gitignore
@ -5,3 +5,4 @@ setools-3.3.8-f1e5b20.tar.bz2
 /4.1.1.tar.gz
 /4.2.0-beta.tar.gz
 /4.2.0-rc.tar.gz
+/4.2.0.tar.gz
--- a/0003-bswap_-macros-are-defined-in-byteswap.h.patch
+++ b/0003-bswap_-macros-are-defined-in-byteswap.h.patch
@ -1,26 +0,0 @@
-From 2ac588919dd96d3d624e6ec20c67d1d91386e879 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Thu, 10 Aug 2017 08:23:47 +0200
-Subject: [PATCH] bswap_* macros are defined in byteswap.h
-
-Fixes ImportError on s390x:
-/usr/lib64/python3.6/site-packages/setools/policyrep/_qpol.cpython-36m-s390x-linux-gnu.so: undefined symbol: bswap_32
---
- libqpol/policy.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/libqpol/policy.c b/libqpol/policy.c
-index ae3acb5..e412be0 100644
--- a/libqpol/policy.c
-+++ b/libqpol/policy.c
-@@ -28,6 +28,7 @@
- 
- #include "qpol_internal.h"
- #include <assert.h>
-+#include <byteswap.h>
- #include <errno.h>
- #include <fcntl.h>
- #include <limits.h>
-- 
-2.13.3
-
--- a/0004-Add-support-for-SCTP-protocol.patch
+++ b/0004-Add-support-for-SCTP-protocol.patch
@ -1,131 +0,0 @@
-From 3ef6369a22691e8e11cbf63f37b114941b3577a1 Mon Sep 17 00:00:00 2001
-From: Vit Mojzis <vmojzis@redhat.com>
-Date: Mon, 16 Apr 2018 20:46:20 +0200
-Subject: [PATCH] Add support for SCTP protocol
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1568333
-
-Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
- libqpol/include/qpol/linux_types.h |  1 +
- libqpol/policy_define.c            |  5 +++++
- setools/perm_map                   | 30 ++++++++++++++++++++++++++++++
- setools/policyrep/netcontext.py    |  5 +++++
- 4 files changed, 41 insertions(+)
-
-diff --git a/libqpol/include/qpol/linux_types.h b/libqpol/include/qpol/linux_types.h
-index c3c056b..0985162 100644
--- a/libqpol/include/qpol/linux_types.h
-+++ b/libqpol/include/qpol/linux_types.h
-@@ -12,6 +12,7 @@ typedef uint16_t __u16;
- #define s6_addr32	__u6_addr32
- 
- #define IPPROTO_DCCP 33
-+#define IPPROTO_SCTP 132
- #endif
- 
- #endif
-diff --git a/libqpol/policy_define.c b/libqpol/policy_define.c
-index dcc69fc..1e623a3 100644
--- a/libqpol/policy_define.c
-+++ b/libqpol/policy_define.c
-@@ -44,6 +44,9 @@
- #ifndef IPPROTO_DCCP
- #define IPPROTO_DCCP 33
- #endif
-+#ifndef IPPROTO_SCTP
-+#define IPPROTO_SCTP 132
-+#endif
- #include <arpa/inet.h>
- #include <stdlib.h>
- #include <limits.h>
-@@ -4933,6 +4936,8 @@ int define_port_context(unsigned int low, unsigned int high)
- 		protocol = IPPROTO_UDP;
- 	} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
- 		protocol = IPPROTO_DCCP;
-+	} else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
-+		protocol = IPPROTO_SCTP;
- 	} else {
- 		yyerror2("unrecognized protocol %s", id);
- 		goto bad;
-diff --git a/setools/perm_map b/setools/perm_map
-index 0a9f91c..25fae09 100644
--- a/setools/perm_map
-+++ b/setools/perm_map
-@@ -385,6 +385,8 @@ class node 11
-             udp_send         w        10
-            dccp_recv         r        10
-            dccp_send         w        10
-+           sctp_recv         r        10
-+           sctp_send         w        10
-         enforce_dest         n         1
-               sendto         w        10
-             recvfrom         r        10
-@@ -699,6 +701,32 @@ class dccp_socket 24
-            relabelto         w        10
-               listen         r         1
- 
-+class sctp_socket 24
-+           node_bind         n         1
-+        name_connect         w        10
-+              append         w        10
-+                bind         w         1
-+             connect         w         1
-+              create         w         1
-+               write         w        10
-+         relabelfrom         r        10
-+               ioctl         n         1
-+           name_bind         n         1
-+              sendto         w        10
-+            recv_msg         r        10
-+            send_msg         w        10
-+             getattr         r         7
-+             setattr         w         7
-+              accept         r         1
-+              getopt         r         1
-+                read         r        10
-+              setopt         w         1
-+            shutdown         w         1
-+            recvfrom         r        10
-+                lock         n         1
-+           relabelto         w        10
-+              listen         r         1
-+
- class netlink_firewall_socket 24
-          nlmsg_write         w        10
-           nlmsg_read         r        10
-@@ -984,6 +1012,8 @@ class netif 10
-             udp_send         w        10
-            dccp_recv         r        10
-            dccp_send         w        10
-+           sctp_recv         r        10
-+           sctp_send         w        10
- 
- class packet_socket 22
-               append         w        10
-diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py
-index c7076d2..2d890f3 100644
--- a/setools/policyrep/netcontext.py
-+++ b/setools/policyrep/netcontext.py
-@@ -38,6 +38,10 @@ try:
-     IPPROTO_DCCP = getprotobyname("dccp")
- except socket.error:
-     IPPROTO_DCCP = 33
-+try:
-+    IPPROTO_SCTP = getprotobyname("sctp")
-+except socket.error:
-+    IPPROTO_SCTP = 132
- 
- 
- def netifcon_factory(policy, name):
-@@ -196,6 +200,7 @@ class PortconProtocol(int, PolicyEnum):
-     tcp = IPPROTO_TCP
-     udp = IPPROTO_UDP
-     dccp = IPPROTO_DCCP
-+    sctp = IPPROTO_SCTP
- 
- 
- class Portcon(NetContext):
-- 
-2.14.3
-
--- a/1001-Do-not-use-Werror-during-build.patch
+++ b/1001-Do-not-use-Werror-during-build.patch
--- a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
+++ b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
--- a/setools.spec
+++ b/setools.spec
@ -1,4 +1,4 @@
-%global setools_pre_ver rc
+# % global setools_pre_ver rc
 # % global gitver f1e5b20

 %global sepol_ver 2.8-1
@ -6,7 +6,7 @@

 Name:           setools
 Version:        4.2.0
-Release:        0.3%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
+Release:        1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
 Summary:        Policy analysis tools for SELinux

 License:        GPLv2
@ -14,8 +14,8 @@ URL:            https://github.com/SELinuxProject/setools/wiki
 Source0:        https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
 Source1:        setools.pam
 Source2:        apol.desktop
-Patch1:         0001-Do-not-use-Werror-during-build.patch
-Patch2:         0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
+Patch1001:      1001-Do-not-use-Werror-during-build.patch
+Patch1002:      1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch

 Obsoletes:      setools < 4.0.0, setools-devel < 4.0.0
 BuildRequires:  flex,  bison
@ -105,8 +105,6 @@ CFLAGS="%{optflags}" %{__python3} setup.py build


 %install
-rm -rf %{buildroot}
-rm -rf %{buildroot}%{_bindir}
 %{__python3} setup.py install --root %{buildroot}

 %check
@ -142,6 +140,9 @@ rm -rf %{buildroot}%{_bindir}
 %{_mandir}/man1/apol*

 %changelog
+* Wed Nov 14 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-1
+- Update source to SETools 4.2.0 release
+
 * Mon Oct 01 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.3.rc
 - Update upstream source to 4.2.0-rc

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (4.2.0-rc.tar.gz) = 0bd0921d945b96b6126a0e7bbb9497881a12784fea54573c0a87655979f25c14406406bede55ccbcfce54c256f55a764c11424167dced8aa76b0d3892aaec20f
+SHA512 (4.2.0.tar.gz) = b51f458f7f2d1b569f63478f53709268615f711104915cc2d5031b2049435e4f43a103ebe50c9797ebe4b2645bf1974c73c2f53e7f602ae03c47221edb89d680