From 7a283c335f015e52b3b5c125eec2a7752a3baaa8 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 2 Apr 2020 16:13:04 +0200 Subject: [PATCH] SETools 4.3.0 release - Revised sediff method for TE rules. This drastically reduced memory and run time. - Added infiniband context support to seinfo, sediff, and apol. - Added apol configuration for location of Qt assistant. - Fixed sediff issue where properties header would display when not requested. - Fixed sediff issue with type_transition file name comparison. - Fixed permission map socket sendto information flow direction. - Added methods to TypeAttribute class to make it a complete Python collection. - Genfscon now will look up classes rather than using fixed values which were dropped from libsepol. --- .gitignore | 1 + ...e-setools.InfoFlowAnalysis-and-setoo.patch | 30 +++++++++---------- 1003-Require-networkx-on-package-level.patch | 24 +++++++++++++++ setools.spec | 24 +++++++++++++-- sources | 2 +- 5 files changed, 62 insertions(+), 19 deletions(-) create mode 100644 1003-Require-networkx-on-package-level.patch diff --git a/.gitignore b/.gitignore index 3053379..ba42a0d 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.2.0.tar.gz /4.2.1.tar.gz /4.2.2.tar.gz +/4.3.0.tar.gz diff --git a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch index 3057072..a996069 100644 --- a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +++ b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -1,7 +1,7 @@ -From b960869bcbcb58f2ce9af598484f209935c096b0 Mon Sep 17 00:00:00 2001 +From 0575455a0abda5ee63c442433384268a959c4fbc Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Fri, 26 Apr 2019 15:27:25 +0200 -Subject: [PATCH 3/3] Do not export/use setools.InfoFlowAnalysis and +Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and setools.DomainTransitionAnalysis dta and infoflow modules require networkx which brings lot of dependencies. @@ -22,7 +22,7 @@ sedta and seinfoflow to require python3-networkx 7 files changed, 8 insertions(+), 12 deletions(-) diff --git a/sedta b/sedta -index 60861ca..41e38a2 100755 +index 60861ca630a5..41e38a237b42 100755 --- a/sedta +++ b/sedta @@ -22,7 +22,7 @@ import argparse @@ -44,7 +44,7 @@ index 60861ca..41e38a2 100755 if args.shortest_path or args.all_paths: if args.shortest_path: diff --git a/seinfoflow b/seinfoflow -index 97b14ba..e7f965d 100755 +index f10c39de4d8e..fee749a83bb5 100755 --- a/seinfoflow +++ b/seinfoflow @@ -17,7 +17,7 @@ @@ -56,20 +56,20 @@ index 97b14ba..e7f965d 100755 import argparse import sys import logging -@@ -81,7 +81,7 @@ else: +@@ -101,7 +101,7 @@ elif args.booleans is not None: try: p = setools.SELinuxPolicy(args.policy) m = setools.PermissionMap(args.map) -- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude) -+ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude) +- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude, ++ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude, + booleans=booleans) if args.shortest_path or args.all_paths: - if args.shortest_path: diff --git a/setools/__init__.py b/setools/__init__.py -index 7b70f5e..5a5f7fe 100644 +index 26fa5aa34a19..b7e51c43c4bb 100644 --- a/setools/__init__.py +++ b/setools/__init__.py -@@ -73,12 +73,8 @@ from .pcideviceconquery import PcideviceconQuery +@@ -75,12 +75,8 @@ from .pcideviceconquery import PcideviceconQuery from .devicetreeconquery import DevicetreeconQuery # Information Flow Analysis @@ -83,7 +83,7 @@ index 7b70f5e..5a5f7fe 100644 from .diff import PolicyDifference diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py -index 4608b9d..2cde44c 100644 +index 4608b9dbf34e..2cde44c142e9 100644 --- a/setoolsgui/apol/dta.py +++ b/setoolsgui/apol/dta.py @@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread @@ -96,7 +96,7 @@ index 4608b9d..2cde44c 100644 from ..logtosignal import LogHandlerToSignal from .analysistab import AnalysisTab diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py -index 7bca299..7fee277 100644 +index 7bca299d23fc..7fee2778f35f 100644 --- a/setoolsgui/apol/infoflow.py +++ b/setoolsgui/apol/infoflow.py @@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread @@ -109,7 +109,7 @@ index 7bca299..7fee277 100644 from ..logtosignal import LogHandlerToSignal diff --git a/tests/dta.py b/tests/dta.py -index a0cc938..177e6fb 100644 +index a0cc9381469c..177e6fb0b961 100644 --- a/tests/dta.py +++ b/tests/dta.py @@ -18,7 +18,7 @@ @@ -122,7 +122,7 @@ index a0cc938..177e6fb 100644 from setools.exception import InvalidType from setools.policyrep import Type diff --git a/tests/infoflow.py b/tests/infoflow.py -index aa0e44a..fca2848 100644 +index aa0e44a7e4f8..fca2848aeca5 100644 --- a/tests/infoflow.py +++ b/tests/infoflow.py @@ -18,7 +18,7 @@ @@ -135,5 +135,5 @@ index aa0e44a..fca2848 100644 from setools.exception import InvalidType from setools.permmap import PermissionMap -- -2.17.2 +2.26.0.rc2 diff --git a/1003-Require-networkx-on-package-level.patch b/1003-Require-networkx-on-package-level.patch new file mode 100644 index 0000000..46e9a4d --- /dev/null +++ b/1003-Require-networkx-on-package-level.patch @@ -0,0 +1,24 @@ +From a2faa263c9dd8bcf51465861046e0406a84975c0 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Thu, 2 Apr 2020 16:06:14 +0200 +Subject: [PATCH] Require networkx on package level + +It allows us to ship python3-setools without dependency on python3-networkx +--- + setup.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index 457c83049ca5..4bfd438002bb 100644 +--- a/setup.py ++++ b/setup.py +@@ -170,5 +170,5 @@ setup(name='setools', + # setup also requires libsepol and libselinux + # C libraries and headers to compile. + setup_requires=['setuptools', 'Cython>=0.27'], +- install_requires=['setuptools', 'networkx>=2.0'] ++ install_requires=['setuptools'] + ) +-- +2.26.0.rc2 + diff --git a/setools.spec b/setools.spec index 11a37f2..d4b946b 100644 --- a/setools.spec +++ b/setools.spec @@ -6,8 +6,8 @@ Name: setools -Version: 4.2.2 -Release: 5%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Version: 4.3.0 +Release: 1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -17,7 +17,7 @@ Source1: setools.pam Source2: apol.desktop Patch1001: 1001-Do-not-use-Werror-during-build.patch Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch - +Patch1003: 1003-Require-networkx-on-package-level.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison BuildRequires: glibc-devel, gcc, git @@ -120,12 +120,17 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/man1/sediff* %{_mandir}/man1/seinfo* %{_mandir}/man1/sesearch* +%{_mandir}/ru/man1/sediff* +%{_mandir}/ru/man1/seinfo* +%{_mandir}/ru/man1/sesearch* %files console-analyses %{_bindir}/sedta %{_bindir}/seinfoflow %{_mandir}/man1/sedta* %{_mandir}/man1/seinfoflow* +%{_mandir}/ru/man1/sedta* +%{_mandir}/ru/man1/seinfoflow* %files -n python3-setools %license COPYING COPYING.GPL COPYING.LGPL @@ -136,8 +141,21 @@ Python modules designed to facilitate SELinux policy analysis. %{_bindir}/apol %{python3_sitearch}/setoolsgui %{_mandir}/man1/apol* +%{_mandir}/ru/man1/apol* %changelog +* Thu Apr 2 2020 Petr Lautrbach - 4.3.0-1 +- SETools 4.3.0 release +- Revised sediff method for TE rules. This drastically reduced memory and run time. +- Added infiniband context support to seinfo, sediff, and apol. +- Added apol configuration for location of Qt assistant. +- Fixed sediff issue where properties header would display when not requested. +- Fixed sediff issue with type_transition file name comparison. +- Fixed permission map socket sendto information flow direction. +- Added methods to TypeAttribute class to make it a complete Python collection. +- Genfscon now will look up classes rather than using fixed values which + were dropped from libsepol. + * Mon Mar 23 2020 Petr Lautrbach - 4.2.2-5 - setools requires -console, -console-analyses and -gui packages (#1794314) diff --git a/sources b/sources index 9666cef..ff7f110 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.2.2.tar.gz) = 5044b04d0895ffe31557b3b71bb277ab49710a6066485c8f204ce7858abab259f973000f1fcfde0149ed4e33a50103984939dcc68ce322d70e9e927e81d4f798 +SHA512 (4.3.0.tar.gz) = 93da43c4b577ff944f1c19ef40cfc51f6d1cb1efef582e467834300540a7af440b6ae9106f29d810963c74b0fb5953003304790a9143a7318e477d17fa7d536a