diff --git a/.gitignore b/.gitignore index 604fc90..a46f24a 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.2.2.tar.gz /4.3.0.tar.gz /05e90ee.tar.gz +/16c0696.tar.gz diff --git a/0001-Adapt-to-new-libsepol-filename-transition-structures.patch b/0001-Adapt-to-new-libsepol-filename-transition-structures.patch deleted file mode 100644 index ba448fb..0000000 --- a/0001-Adapt-to-new-libsepol-filename-transition-structures.patch +++ /dev/null @@ -1,120 +0,0 @@ -From f63a3690e3e3f02ab67ad1165be54ce25bac2de7 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Fri, 17 Jul 2020 11:28:08 +0200 -Subject: [PATCH] Adapt to new libsepol filename transition structures - -Adapt setools to the new libsepol internal API for filename transitions -which allows for more efficient filename trans rule representation in -memory and binary policy. - -Signed-off-by: Ondrej Mosnacek ---- - setools/policyrep/sepol.pxd | 9 ++++---- - setools/policyrep/terule.pxi | 41 ++++++++++++++++++++++++++++++------ - 2 files changed, 39 insertions(+), 11 deletions(-) - -diff --git a/setools/policyrep/sepol.pxd b/setools/policyrep/sepol.pxd -index 60bc58c28ebf..b07ddb78350f 100644 ---- a/setools/policyrep/sepol.pxd -+++ b/setools/policyrep/sepol.pxd -@@ -544,21 +544,22 @@ cdef extern from "": - ctypedef cond_bool_datum cond_bool_datum_t - - # -- # filename_trans_t -+ # filename_trans_key_t - # -- cdef struct filename_trans: -- uint32_t stype -+ cdef struct filename_trans_key: - uint32_t ttype - uint32_t tclass - char *name - -- ctypedef filename_trans filename_trans_t -+ ctypedef filename_trans_key filename_trans_key_t - - # - # filename_trans_datum_t - # - cdef struct filename_trans_datum: -+ ebitmap_t stypes - uint32_t otype -+ filename_trans_datum *next - - ctypedef filename_trans_datum filename_trans_datum_t - -diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi -index 3976586b7985..760c366f6c39 100644 ---- a/setools/policyrep/terule.pxi -+++ b/setools/policyrep/terule.pxi -@@ -470,17 +470,18 @@ cdef class FileNameTERule(BaseTERule): - readonly str filename - - @staticmethod -- cdef inline FileNameTERule factory(SELinuxPolicy policy, sepol.filename_trans_t *key, -- sepol.filename_trans_datum_t *datum): -+ cdef inline FileNameTERule factory(SELinuxPolicy policy, -+ sepol.filename_trans_key_t *key, -+ Type stype, size_t otype): - """Factory function for creating FileNameTERule objects.""" - cdef FileNameTERule r = FileNameTERule.__new__(FileNameTERule) - r.policy = policy - r.key = key - r.ruletype = TERuletype.type_transition -- r.source = type_or_attr_factory(policy, policy.type_value_to_datum(key.stype - 1)) -+ r.source = stype - r.target = type_or_attr_factory(policy, policy.type_value_to_datum(key.ttype - 1)) - r.tclass = ObjClass.factory(policy, policy.class_value_to_datum(key.tclass - 1)) -- r.dft = Type.factory(policy, policy.type_value_to_datum(datum.otype - 1)) -+ r.dft = Type.factory(policy, policy.type_value_to_datum(otype - 1)) - r.filename = intern(key.name) - r.origin = None - return r -@@ -708,6 +709,10 @@ cdef class FileNameTERuleIterator(HashtabIterator): - - """Iterate over FileNameTERules in the policy.""" - -+ cdef: -+ sepol.filename_trans_datum_t *datum -+ TypeEbitmapIterator stypei -+ - @staticmethod - cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table): - """Factory function for creating FileNameTERule iterators.""" -@@ -717,7 +722,29 @@ cdef class FileNameTERuleIterator(HashtabIterator): - i.reset() - return i - -+ def _next_stype(self): -+ while True: -+ if self.datum == NULL: -+ super().__next__() -+ self.datum = self.curr.datum -+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes) -+ try: -+ return next(self.stypei) -+ except StopIteration: -+ pass -+ self.datum = self.datum.next -+ if self.datum != NULL: -+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes) -+ - def __next__(self): -- super().__next__() -- return FileNameTERule.factory(self.policy, self.curr.key, -- self.curr.datum) -+ stype = self._next_stype() -+ return FileNameTERule.factory(self.policy, -+ self.curr.key, -+ stype, self.datum.otype) -+ -+ def __len__(self): -+ return sum(1 for r in FileNameTERuleIterator.factory(self.policy, self.table)) -+ -+ def reset(self): -+ super().reset() -+ self.datum = NULL --- -2.29.0 - diff --git a/1001-Do-not-use-Werror-during-build.patch b/1001-Do-not-use-Werror-during-build.patch deleted file mode 100644 index 60f11e2..0000000 --- a/1001-Do-not-use-Werror-during-build.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 4b3dc6b38abbd32cda557d5ef9ea1383ac5fdcf2 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 23 Feb 2017 08:17:07 +0100 -Subject: [PATCH 2/3] Do not use -Werror during build -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There are new warnings when setools are built with gcc 7 therefore we -want to suppress -Werror for now - -Fixes: -libqpol/policy_extend.c: In function ‘policy_extend’: -libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=] - snprintf(buff, 9, "@ttr%04zd", i + 1); - ^~~~~ -libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295] - snprintf(buff, 9, "@ttr%04zd", i + 1); - ^~~~~~~~~~~ -In file included from /usr/include/stdio.h:939:0, - from /usr/include/sepol/policydb/policydb.h:53, - from libqpol/policy_extend.c:29: -/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9 - return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - __bos (__s), __fmt, __va_arg_pack ()); - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -cc1: all warnings being treated as errors -error: command 'gcc' failed with exit status 1 ---- - setup.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/setup.py b/setup.py -index c94daf1..a7442ac 100644 ---- a/setup.py -+++ b/setup.py -@@ -105,7 +105,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'], - libraries=['selinux', 'sepol'], - library_dirs=lib_dirs, - define_macros=macros, -- extra_compile_args=['-Werror', '-Wextra', -+ extra_compile_args=['-Wextra', - '-Waggregate-return', - '-Wfloat-equal', - '-Wformat', '-Wformat=2', --- -2.17.2 - diff --git a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch index 29ccc0e..d270d21 100644 --- a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +++ b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -1,7 +1,7 @@ -From fa776e6abd019a7bdaca37486d714d307cbd332f Mon Sep 17 00:00:00 2001 +From e47d19f4985098ca316eea4a383510d419ec6055 Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Fri, 26 Apr 2019 15:27:25 +0200 -Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and +Subject: [PATCH 1/2] Do not export/use setools.InfoFlowAnalysis and setools.DomainTransitionAnalysis dta and infoflow modules require networkx which brings lot of dependencies. @@ -86,10 +86,10 @@ index d72d343e7e79..642485b9018d 100644 from .diff import PolicyDifference diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py -index 4608b9dbf34e..2cde44c142e9 100644 +index 62dbf04d9a5e..0ea000e790f0 100644 --- a/setoolsgui/apol/dta.py +++ b/setoolsgui/apol/dta.py -@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread +@@ -24,7 +24,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread from PyQt5.QtGui import QPalette, QTextCursor from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ QTreeWidgetItem @@ -97,9 +97,9 @@ index 4608b9dbf34e..2cde44c142e9 100644 +from setools.dta import DomainTransitionAnalysis from ..logtosignal import LogHandlerToSignal - from .analysistab import AnalysisTab + from .analysistab import AnalysisSection, AnalysisTab diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py -index 7bca299d23fc..7fee2778f35f 100644 +index 28009aa2329c..92d350bf727c 100644 --- a/setoolsgui/apol/infoflow.py +++ b/setoolsgui/apol/infoflow.py @@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread @@ -138,5 +138,5 @@ index aa0e44a7e4f8..fca2848aeca5 100644 from setools.exception import InvalidType from setools.permmap import PermissionMap -- -2.26.0.rc2 +2.30.0 diff --git a/1003-Require-networkx-on-package-level.patch b/1003-Require-networkx-on-package-level.patch index 46e9a4d..99eb500 100644 --- a/1003-Require-networkx-on-package-level.patch +++ b/1003-Require-networkx-on-package-level.patch @@ -1,7 +1,7 @@ -From a2faa263c9dd8bcf51465861046e0406a84975c0 Mon Sep 17 00:00:00 2001 +From 7b73bdeda54b9c944774452bfa3b3c1f2733b3f0 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 2 Apr 2020 16:06:14 +0200 -Subject: [PATCH] Require networkx on package level +Subject: [PATCH 2/2] Require networkx on package level It allows us to ship python3-setools without dependency on python3-networkx --- @@ -9,10 +9,10 @@ It allows us to ship python3-setools without dependency on python3-networkx 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py -index 457c83049ca5..4bfd438002bb 100644 +index c593b786cc61..0551811e3fd1 100644 --- a/setup.py +++ b/setup.py -@@ -170,5 +170,5 @@ setup(name='setools', +@@ -163,5 +163,5 @@ setup(name='setools', # setup also requires libsepol and libselinux # C libraries and headers to compile. setup_requires=['setuptools', 'Cython>=0.27'], @@ -20,5 +20,5 @@ index 457c83049ca5..4bfd438002bb 100644 + install_requires=['setuptools'] ) -- -2.26.0.rc2 +2.30.0 diff --git a/setools.spec b/setools.spec index a91914d..1fcc16e 100644 --- a/setools.spec +++ b/setools.spec @@ -1,13 +1,13 @@ -%global setools_pre_ver 05e90ee -%global gitver 05e90ee241af05665f3394e9bed0073e1bb2e17d +%global setools_pre_ver 16c0696 +%global gitver 16c069631e1652801b1a6c41c6607b7326fc15f0 -%global sepol_ver 3.1-4 -%global selinux_ver 3.1-4 +%global sepol_ver 3.2-0.rc1 +%global selinux_ver 3.2-0.rc1 Name: setools Version: 4.4.0 -Release: 0.2.20201102git%{setools_pre_ver}%{?dist} +Release: 0.2.20210121git%{setools_pre_ver}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -15,8 +15,6 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{setools_pre_ver}.tar.gz Source1: setools.pam Source2: apol.desktop -Patch0001: 0001-Adapt-to-new-libsepol-filename-transition-structures.patch -Patch1001: 1001-Do-not-use-Werror-during-build.patch Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Patch1003: 1003-Require-networkx-on-package-level.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 @@ -147,6 +145,10 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Thu Jan 21 2021 Petr Lautrbach - 4.4.0-0.2.20210121git16c0696 +- Rebuild with SELinux userspace 3.2-rc1 +- Update to 16c0696 + * Thu Dec 10 2020 Petr Lautrbach - 4.4.0-0.2.20201102git05e90ee - Fix imports in /usr/bin/sedta diff --git a/sources b/sources index e13005d..add220c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (05e90ee.tar.gz) = 32f60e9a40ca5791a1e63986377e90ca728c7e205d8ae7ce446830ca7f96b51496d9753fd70077f5b6547050d23c41a1d10b20e0af9e4066355e29781d5e3686 +SHA512 (16c0696.tar.gz) = 1c9a2e8daf6e131bfe2e2e1cea1ed2caa190486af152048e3b79ab88fcd0a20c030b08986d1dd6ee4079841985b47c366435177bb206e68ea567ecee32037358