diff --git a/.gitignore b/.gitignore index f7901a9..c824162 100644 --- a/.gitignore +++ b/.gitignore @@ -223,3 +223,4 @@ libselinux-2.0.96.tgz /libselinux-3.3.tar.gz /libselinux-3.4-rc1.tar.gz /libselinux-3.4-rc2.tar.gz +/libselinux-3.4-rc3.tar.gz diff --git a/0001-Use-SHA-2-instead-of-SHA-1.patch b/0001-Use-SHA-2-instead-of-SHA-1.patch index 1e92e98..57070e7 100644 --- a/0001-Use-SHA-2-instead-of-SHA-1.patch +++ b/0001-Use-SHA-2-instead-of-SHA-1.patch @@ -1,7 +1,8 @@ -From ec1b147076345478636de763ce5d4e8daa69afd6 Mon Sep 17 00:00:00 2001 +From a6529e0fb5b3f385a3f4239d977da0491a1687ec Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 30 Jul 2021 14:14:37 +0200 Subject: [PATCH] Use SHA-2 instead of SHA-1 +Content-type: text/plain The use of SHA-1 in RHEL9 is deprecated --- @@ -50,7 +51,7 @@ index e8983606d93b..a35d84d63b0a 100644 * @num_specfiles: number of specfiles in the list. * diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h -index 1821a3dc596c..8f9a030cda98 100644 +index b10fe684eff9..8df4744505b3 100644 --- a/libselinux/include/selinux/restorecon.h +++ b/libselinux/include/selinux/restorecon.h @@ -41,8 +41,8 @@ extern int selinux_restorecon_parallel(const char *pathname, @@ -83,7 +84,7 @@ index 56a008f00df0..5f7c42533d0e 100644 with the number of entries in .IR num_specfiles . diff --git a/libselinux/man/man3/selabel_open.3 b/libselinux/man/man3/selabel_open.3 -index 971ebc1acd41..2cf2eb8a1410 100644 +index 0e03e1be111e..14ab888d2e03 100644 --- a/libselinux/man/man3/selabel_open.3 +++ b/libselinux/man/man3/selabel_open.3 @@ -69,7 +69,7 @@ is used; a custom validation function can be provided via @@ -96,7 +97,7 @@ index 971ebc1acd41..2cf2eb8a1410 100644 .BR selabel_digest (3) . diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3 -index 334d2930bb4f..500845917fb8 100644 +index 218aaf6d2ae5..c74189c0852d 100644 --- a/libselinux/man/man3/selinux_restorecon.3 +++ b/libselinux/man/man3/selinux_restorecon.3 @@ -36,7 +36,7 @@ If this is a directory and the @@ -128,7 +129,7 @@ index 334d2930bb4f..500845917fb8 100644 .IR security.sehash extended attribute once relabeling has been completed successfully provided the .B SELINUX_RESTORECON_NOCHANGE -@@ -92,7 +92,7 @@ default specfile context. +@@ -95,7 +95,7 @@ default specfile context. .sp .B SELINUX_RESTORECON_RECURSE change file and directory labels recursively (descend directories) @@ -137,8 +138,8 @@ index 334d2930bb4f..500845917fb8 100644 extended attribute as described in the .B NOTES section. -@@ -166,7 +166,7 @@ to treat conflicting specifications, such as where two hardlinks for the - same inode have different contexts, as errors. +@@ -184,7 +184,7 @@ walk, the specfile entries SHA1 digest will not have been written to the + extended attribute. .RE .sp -The behavior regarding the checking and updating of the SHA1 digest described @@ -146,7 +147,7 @@ index 334d2930bb4f..500845917fb8 100644 above is the default behavior. It is possible to change this by first calling .BR selabel_open (3) and not enabling the -@@ -229,7 +229,7 @@ To improve performance when relabeling file systems recursively (e.g. the +@@ -247,7 +247,7 @@ To improve performance when relabeling file systems recursively (e.g. the .B SELINUX_RESTORECON_RECURSE flag is set) .BR selinux_restorecon () @@ -155,7 +156,7 @@ index 334d2930bb4f..500845917fb8 100644 .BR selabel_get_digests_all_partial_matches (3) to an extended attribute named .IR security.sehash -@@ -222,7 +222,7 @@ Should any of the specfile entries have changed, then when +@@ -269,7 +269,7 @@ Should any of the specfile entries have changed, then when .BR selinux_restorecon () is run again with the .B SELINUX_RESTORECON_RECURSE @@ -364,7 +365,7 @@ index 54fd49a5b7b9..4003eb8dc7af 100644 digest->hashbuf = NULL; return; diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c -index 72f4fb462e34..f7e84657d09d 100644 +index e61929120a74..b77b3bc5639f 100644 --- a/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c @@ -37,7 +37,7 @@ @@ -376,7 +377,7 @@ index 72f4fb462e34..f7e84657d09d 100644 #define STAR_COUNT 1024 -@@ -294,7 +294,7 @@ static int exclude_non_seclabel_mounts(void) +@@ -298,7 +298,7 @@ static int exclude_non_seclabel_mounts(void) static int add_xattr_entry(const char *directory, bool delete_nonmatch, bool delete_all) { @@ -385,7 +386,7 @@ index 72f4fb462e34..f7e84657d09d 100644 size_t i, digest_len = 0; int rc, digest_result; bool match; -@@ -317,15 +317,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, +@@ -321,15 +321,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, } /* Convert entry to a hex encoded string. */ @@ -404,7 +405,7 @@ index 72f4fb462e34..f7e84657d09d 100644 digest_result = match ? MATCH : NOMATCH; -@@ -345,7 +345,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, +@@ -349,7 +349,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, /* Now add entries to link list. */ new_entry = malloc(sizeof(struct dir_xattr)); if (!new_entry) { @@ -413,7 +414,7 @@ index 72f4fb462e34..f7e84657d09d 100644 goto oom; } new_entry->next = NULL; -@@ -353,15 +353,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, +@@ -357,15 +357,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, new_entry->directory = strdup(directory); if (!new_entry->directory) { free(new_entry); @@ -432,7 +433,7 @@ index 72f4fb462e34..f7e84657d09d 100644 goto oom; } -@@ -374,7 +374,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, +@@ -379,7 +379,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, dir_xattr_last = new_entry; } @@ -441,7 +442,7 @@ index 72f4fb462e34..f7e84657d09d 100644 return 0; oom: -@@ -755,7 +755,7 @@ err: +@@ -759,7 +759,7 @@ err: struct dir_hash_node { char *path; @@ -450,7 +451,7 @@ index 72f4fb462e34..f7e84657d09d 100644 struct dir_hash_node *next; }; /* -@@ -1232,7 +1232,7 @@ static int selinux_restorecon_common(const char *pathname_orig, +@@ -1249,7 +1249,7 @@ static int selinux_restorecon_common(const char *pathname_orig, if (setxattr(current->path, RESTORECON_PARTIAL_MATCH_DIGEST, current->digest, @@ -1342,5 +1343,5 @@ index e28833d2ce97..900f018c0091 100644 } default: -- -2.35.1 +2.36.0 diff --git a/libselinux.spec b/libselinux.spec index d8e5e7b..d77dd07 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -4,16 +4,16 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 3.4 -Release: 0.rc2.1%{?dist} +Release: 0.rc3.1%{?dist} License: Public Domain # https://github.com/SELinuxProject/selinux/wiki/Releases -Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4-rc2/libselinux-3.4-rc2.tar.gz +Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4-rc3/libselinux-3.4-rc3.tar.gz Source1: selinuxconlist.8 Source2: selinuxdefcon.8 Url: https://github.com/SELinuxProject/selinux/wiki # $ git clone https://github.com/fedora-selinux/selinux.git # $ cd selinux -# $ git format-patch -N 3.4-rc2 -- libselinux +# $ git format-patch -N 3.4-rc3 -- libselinux # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # Patch list start Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch @@ -87,7 +87,7 @@ The libselinux-static package contains the static libraries needed for developing SELinux applications. %prep -%autosetup -p 2 -n libselinux-%{version}-rc2 +%autosetup -p 2 -n libselinux-%{version}-rc3 %build export DISABLE_RPM="y" @@ -213,6 +213,9 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool* %{ruby_vendorarchdir}/selinux.so %changelog +* Tue May 10 2022 Petr Lautrbach - 3.4-0.rc3.1 +- SELinux userspace 3.4-rc3 release + * Thu Apr 21 2022 Petr Lautrbach - 3.4-0.rc2.1 - SELinux userspace 3.4-rc2 release diff --git a/sources b/sources index 52629b6..9bc934c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libselinux-3.4-rc2.tar.gz) = 5332e598bb4f6f2d6681921d699addd1fc7b82229c1cd082ac43c15e1c390a8e9021c1725e444c1f6ddfc125cb008c62fa169d741cca777d1d6160e1a9995a6f +SHA512 (libselinux-3.4-rc3.tar.gz) = 588d46ee7be688df31daea2280a8e98aa968b1ca07f9a2bf4034bc0dee0d7b0872286e3355538c52bb0179948891a4b26400d7ad8c4abbe84f4698846d56affd