libselinux-3.4-3

- Drop SHA-1 from selinux_restorecon.3 Resolves: rhbz#2100399
2022-07-18 17:35:33 +02:00 · 2022-07-18 17:35:33 +02:00 · 4271d399c1
commit 4271d399c1
parent c68e490c94
2 changed files with 15 additions and 6 deletions
--- a/0001-Use-SHA-2-instead-of-SHA-1.patch
+++ b/0001-Use-SHA-2-instead-of-SHA-1.patch
@ -1,4 +1,4 @@
-From ff417d9a70e6d6ee40176b184ea7b67ee3f2355b Mon Sep 17 00:00:00 2001
+From 04f73fee2892753b3e81923d2ac3d338acfdbc4c Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Fri, 30 Jul 2021 14:14:37 +0200
 Subject: [PATCH] Use SHA-2 instead of SHA-1
@ -10,7 +10,7 @@ The use of SHA-1 in RHEL9 is deprecated
 libselinux/include/selinux/restorecon.h       |   4 +-
 libselinux/man/man3/selabel_digest.3          |   4 +-
 libselinux/man/man3/selabel_open.3            |   2 +-
- libselinux/man/man3/selinux_restorecon.3      |  16 +-
+ libselinux/man/man3/selinux_restorecon.3      |  18 +-
 .../man/man3/selinux_restorecon_xattr.3       |   2 +-
 libselinux/src/Makefile                       |   2 +-
 libselinux/src/label_file.c                   |  40 +--
@ -23,7 +23,7 @@ The use of SHA-1 in RHEL9 is deprecated
 libselinux/src/sha256.h                       |  89 ++++++
 libselinux/utils/selabel_digest.c             |  26 +-
 .../selabel_get_digests_all_partial_matches.c |  28 +-
- 17 files changed, 470 insertions(+), 392 deletions(-)
+ 17 files changed, 471 insertions(+), 393 deletions(-)
 delete mode 100644 libselinux/src/sha1.c
 delete mode 100644 libselinux/src/sha1.h
 create mode 100644 libselinux/src/sha256.c
@ -97,7 +97,7 @@ index 0e03e1be111e..14ab888d2e03 100644
 .BR selabel_digest (3)
 .
 diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3
-index 218aaf6d2ae5..c74189c0852d 100644
+index 218aaf6d2ae5..5f6d4b386429 100644
 --- a/libselinux/man/man3/selinux_restorecon.3
 +++ b/libselinux/man/man3/selinux_restorecon.3
@@ -36,7 +36,7 @@ If this is a directory and the
@ -138,7 +138,13 @@ index 218aaf6d2ae5..c74189c0852d 100644
 extended attribute as described in the
 .B NOTES
 section.
-@@ -184,7 +184,7 @@ walk, the specfile entries SHA1 digest will not have been written to the
+@@ -179,12 +179,12 @@ for fetching the ignored (skipped) error count after
+ or
+ .BR selinux_restorecon_parallel (3)
+ completes with success. In case any errors were skipped during the file tree
+-walk, the specfile entries SHA1 digest will not have been written to the
+walk, the specfile entries SHA256 digest will not have been written to the
+ .IR security.sehash
 extended attribute.
 .RE
 .sp
--- a/libselinux.spec
+++ b/libselinux.spec
@ -4,7 +4,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 3.4
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: Public Domain
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/libselinux-3.4.tar.gz
@ -214,6 +214,9 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %{ruby_vendorarchdir}/selinux.so

 %changelog
+* Mon Jul 18 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-3
+- Drop SHA-1 from selinux_restorecon.3
+
 * Tue May 31 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2
 - Revert "libselinux: restorecon: pin file to avoid TOCTOU issues"