diff --git a/.gitignore b/.gitignore index e2e7104..eae1565 100644 --- a/.gitignore +++ b/.gitignore @@ -234,3 +234,5 @@ libselinux-2.0.96.tgz /libselinux-3.6.tar.gz /libselinux-3.7.tar.gz /libselinux-3.7.tar.gz.asc +/libselinux-3.8-rc1.tar.gz +/libselinux-3.8-rc1.tar.gz.asc diff --git a/0001-Use-SHA-2-instead-of-SHA-1.patch b/0001-Use-SHA-2-instead-of-SHA-1.patch index 93a2e05..7ae78c2 100644 --- a/0001-Use-SHA-2-instead-of-SHA-1.patch +++ b/0001-Use-SHA-2-instead-of-SHA-1.patch @@ -1,4 +1,4 @@ -From 4884c917237e53e34d3fc75dcf4f07217cfd7584 Mon Sep 17 00:00:00 2001 +From 4780b755bb1171f5aa4cd7545535839d451a2070 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 30 Jul 2021 14:14:37 +0200 Subject: [PATCH] Use SHA-2 instead of SHA-1 @@ -51,10 +51,10 @@ index ce189a3ae2fe..ce77d32dfed1 100644 * @num_specfiles: number of specfiles in the list. * diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h -index b10fe684eff9..8df4744505b3 100644 +index 5be6542c2a91..210f65fdb709 100644 --- a/libselinux/include/selinux/restorecon.h +++ b/libselinux/include/selinux/restorecon.h -@@ -41,8 +41,8 @@ extern int selinux_restorecon_parallel(const char *pathname, +@@ -43,8 +43,8 @@ extern int selinux_restorecon_parallel(const char *pathname, * restorecon_flags options */ /* @@ -198,10 +198,10 @@ index 41cfbdca490c..658a4c3d80e0 100644 endif diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c -index 2732972e61cf..6c6fe328b353 100644 +index 189a5ed26eb7..312bb584d6b4 100644 --- a/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c -@@ -1105,7 +1105,7 @@ static struct spec *lookup_common(struct selabel_handle *rec, +@@ -1780,7 +1780,7 @@ static struct lookup_result *lookup_common(struct selabel_handle *rec, /* * Returns true if the digest of all partial matched contexts is the same as @@ -210,7 +210,7 @@ index 2732972e61cf..6c6fe328b353 100644 * digest will always be returned. The caller must free any returned digests. */ static bool get_digests_all_partial_matches(struct selabel_handle *rec, -@@ -1114,39 +1114,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec, +@@ -1789,39 +1789,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec, uint8_t **xattr_digest, size_t *digest_len) { @@ -255,13 +255,13 @@ index 2732972e61cf..6c6fe328b353 100644 } - if (status && read_size == SHA1_HASH_SIZE && -- memcmp(read_digest, hash_digest, SHA1_HASH_SIZE) == 0) +- memcmp(read_digest, hash_digest, SHA1_HASH_SIZE) == 0) + if (status && read_size == SHA256_HASH_SIZE && -+ memcmp(read_digest, hash_digest, SHA256_HASH_SIZE) == 0) ++ memcmp(read_digest, hash_digest, SHA256_HASH_SIZE) == 0) return true; return false; -@@ -1166,22 +1166,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key +@@ -1840,22 +1840,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key return false; } @@ -269,17 +269,17 @@ index 2732972e61cf..6c6fe328b353 100644 - Sha1Initialise(&context); + Sha256Context context; + Sha256Initialise(&context); - size_t i; - for (i = 0; i < total_matches; i++) { - char* regex_str = matches[i]->regex_str; - mode_t mode = matches[i]->mode; - char* ctx_raw = matches[i]->lr.ctx_raw; + + for (const struct lookup_result *m = matches; m; m = m->next) { + const char* regex_str = m->regex_str; + uint8_t file_kind = m->file_kind; + const char* ctx_raw = m->lr->ctx_raw; - Sha1Update(&context, regex_str, strlen(regex_str) + 1); -- Sha1Update(&context, &mode, sizeof(mode_t)); +- Sha1Update(&context, &file_kind, sizeof(file_kind)); - Sha1Update(&context, ctx_raw, strlen(ctx_raw) + 1); + Sha256Update(&context, regex_str, strlen(regex_str) + 1); -+ Sha256Update(&context, &mode, sizeof(mode_t)); ++ Sha256Update(&context, &file_kind, sizeof(file_kind)); + Sha256Update(&context, ctx_raw, strlen(ctx_raw) + 1); } @@ -290,10 +290,10 @@ index 2732972e61cf..6c6fe328b353 100644 + Sha256Finalise(&context, &sha256_hash); + memcpy(digest, sha256_hash.bytes, SHA256_HASH_SIZE); - free(matches); + free_lookup_result(matches); return true; diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h -index ea60cd9a058f..77ac8173c7a9 100644 +index 743dbf9472cf..4180df92f405 100644 --- a/libselinux/src/label_internal.h +++ b/libselinux/src/label_internal.h @@ -13,7 +13,7 @@ @@ -324,7 +324,7 @@ index ea60cd9a058f..77ac8173c7a9 100644 unsigned char *hashbuf; /* buffer to hold specfiles */ size_t hashbuf_size; /* buffer size */ size_t specfile_cnt; /* how many specfiles processed */ -@@ -110,7 +110,7 @@ struct selabel_handle { +@@ -111,7 +111,7 @@ struct selabel_handle { */ char *spec_file; @@ -334,10 +334,10 @@ index ea60cd9a058f..77ac8173c7a9 100644 }; diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c -index f7ab9292562e..1c3c1728f6ba 100644 +index 978ba828c159..daba26941ae7 100644 --- a/libselinux/src/label_support.c +++ b/libselinux/src/label_support.c -@@ -114,7 +114,7 @@ int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...) +@@ -120,7 +120,7 @@ int read_spec_entries(char *line_buf, size_t nread, const char **errbuf, int nu /* Once all the specfiles are in the hash_buf, generate the hash. */ void digest_gen_hash(struct selabel_digest *digest) { @@ -346,7 +346,7 @@ index f7ab9292562e..1c3c1728f6ba 100644 size_t remaining_size; const unsigned char *ptr; -@@ -122,19 +122,19 @@ void digest_gen_hash(struct selabel_digest *digest) +@@ -128,19 +128,19 @@ void digest_gen_hash(struct selabel_digest *digest) if (!digest) return; @@ -371,7 +371,7 @@ index f7ab9292562e..1c3c1728f6ba 100644 digest->hashbuf = NULL; } diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c -index acb729c8ad96..2422b415008e 100644 +index bc6ed935a4ad..93bd7779249b 100644 --- a/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c @@ -37,7 +37,7 @@ @@ -1358,5 +1358,5 @@ index e2733b4195ff..98e533dc2692 100644 } default: -- -2.45.2 +2.47.0 diff --git a/0002-libselinux-set-free-d-data-to-NULL.patch b/0002-libselinux-set-free-d-data-to-NULL.patch deleted file mode 100644 index 1473775..0000000 --- a/0002-libselinux-set-free-d-data-to-NULL.patch +++ /dev/null @@ -1,78 +0,0 @@ -From bd6a803553a82238a9f618d1bb22f288682f8195 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 9 Jul 2024 21:13:36 +0200 -Subject: [PATCH] libselinux: set free'd data to NULL -Content-type: text/plain - -Fixes segfault in selabel_open() on systems with SELinux disabled and without any -SELinux policy installed introduced by commit 5876aca0484f ("libselinux: free -data on selabel open failure"): - - $ sestatus - SELinux status: disabled - - $ cat /etc/selinux/config - cat: /etc/selinux/config: No such file or directory - - $ matchpathcon /abc - [1] 907999 segmentation fault (core dumped) matchpathcon /abc - -Signed-off-by: Petr Lautrbach ---- - libselinux/src/label_backends_android.c | 1 + - libselinux/src/label_file.c | 1 + - libselinux/src/label_media.c | 1 + - libselinux/src/label_x.c | 1 + - 4 files changed, 4 insertions(+) - -diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c -index 49a87686de4c..5bad24f20d73 100644 ---- a/libselinux/src/label_backends_android.c -+++ b/libselinux/src/label_backends_android.c -@@ -260,6 +260,7 @@ static void closef(struct selabel_handle *rec) - free(data->spec_arr); - - free(data); -+ rec->data = NULL; - } - - static struct selabel_lookup_rec *property_lookup(struct selabel_handle *rec, -diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c -index 6c6fe328b353..87dbd0e90f2b 100644 ---- a/libselinux/src/label_file.c -+++ b/libselinux/src/label_file.c -@@ -942,6 +942,7 @@ static void closef(struct selabel_handle *rec) - free(last_area); - } - free(data); -+ rec->data = NULL; - } - - // Finds all the matches of |key| in the given context. Returns the result in -diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c -index 852aeada8ff4..bae065c12a55 100644 ---- a/libselinux/src/label_media.c -+++ b/libselinux/src/label_media.c -@@ -183,6 +183,7 @@ static void close(struct selabel_handle *rec) - free(spec_arr); - - free(data); -+ rec->data = NULL; - } - - static struct selabel_lookup_rec *lookup(struct selabel_handle *rec, -diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c -index a8decc7a0093..ddae4f6c22b6 100644 ---- a/libselinux/src/label_x.c -+++ b/libselinux/src/label_x.c -@@ -210,6 +210,7 @@ static void close(struct selabel_handle *rec) - free(spec_arr); - - free(data); -+ rec->data = NULL; - } - - static struct selabel_lookup_rec *lookup(struct selabel_handle *rec, --- -2.45.2 - diff --git a/0003-libselinux-restorecon-Include-selinux-label.h.patch b/0003-libselinux-restorecon-Include-selinux-label.h.patch deleted file mode 100644 index 2ef4b29..0000000 --- a/0003-libselinux-restorecon-Include-selinux-label.h.patch +++ /dev/null @@ -1,48 +0,0 @@ -From b0d8e4c5d6f1652cb103305f773ad5fae8a91304 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Fri, 26 Jul 2024 17:59:15 +0200 -Subject: [PATCH] libselinux/restorecon: Include -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -restorecon.h uses types defined in label.h, so it needs to include -label.h (or code using restorecon.h also needs to include label.h, -which is not practical). - -Fixes: - $ make DESTDIR=~/obj install > make.out -In file included from semanage_store.c:39: -/home/sdsmall/obj/usr/include/selinux/restorecon.h:137:52: error: -‘struct selabel_handle’ declared inside parameter list will not be -visible outside of this definition or declaration [-Werror] - 137 | extern void selinux_restorecon_set_sehandle(struct -selabel_handle *hndl); - | ^~~~~~~~~~~~~~ -cc1: all warnings being treated as errors -make[2]: *** [Makefile:111: semanage_store.o] Error 1 -make[1]: *** [Makefile:15: install] Error 2 -make: *** [Makefile:40: install] Error 1 - -Signed-off-by: Vit Mojzis -Acked-by: Stephen Smalley ---- - libselinux/include/selinux/restorecon.h | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h -index 8df47445..210f65fd 100644 ---- a/libselinux/include/selinux/restorecon.h -+++ b/libselinux/include/selinux/restorecon.h -@@ -1,6 +1,8 @@ - #ifndef _RESTORECON_H_ - #define _RESTORECON_H_ - -+#include -+ - #include - #include - #include --- -2.45.2 - diff --git a/0004-libselinux-Fix-integer-comparison-issues-when-compil.patch b/0004-libselinux-Fix-integer-comparison-issues-when-compil.patch deleted file mode 100644 index 0d4d71c..0000000 --- a/0004-libselinux-Fix-integer-comparison-issues-when-compil.patch +++ /dev/null @@ -1,62 +0,0 @@ -From c89965eb2854db11b7b484b171beae092476ef0b Mon Sep 17 00:00:00 2001 -From: James Carter -Date: Mon, 1 Jul 2024 14:27:32 -0400 -Subject: [PATCH] libselinux: Fix integer comparison issues when compiling for - 32-bit -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Trying to compile libselinux for 32-bit produces the following error: - -selinux_restorecon.c:1194:31: error: comparison of integer expressions of different signedness: ‘__fsword_t’ {aka ‘int’} and ‘unsigned int’ [-Werror=sign-compare] - 1194 | if (state.sfsb.f_type == RAMFS_MAGIC || state.sfsb.f_type == TMPFS_MAGIC || - | ^~ - -Since RAMFS_MAGIC = 0x858458f6 == 2240043254, which > 2^31, but < 2^32, -cast both as uint32_t for the comparison. - -Reported-by: Daniel Schepler -Signed-off-by: James Carter -Reviewed-by: Christian Göttsche -Acked-by: Stephen Smalley ---- - libselinux/src/selinux_restorecon.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c -index 2422b415..93bd7779 100644 ---- a/libselinux/src/selinux_restorecon.c -+++ b/libselinux/src/selinux_restorecon.c -@@ -1191,8 +1191,8 @@ static int selinux_restorecon_common(const char *pathname_orig, - } - - /* Skip digest on in-memory filesystems and /sys */ -- if (state.sfsb.f_type == RAMFS_MAGIC || state.sfsb.f_type == TMPFS_MAGIC || -- state.sfsb.f_type == SYSFS_MAGIC) -+ if ((uint32_t)state.sfsb.f_type == (uint32_t)RAMFS_MAGIC || -+ state.sfsb.f_type == TMPFS_MAGIC || state.sfsb.f_type == SYSFS_MAGIC) - state.setrestorecondigest = false; - - if (state.flags.set_xdev) -@@ -1490,7 +1490,7 @@ int selinux_restorecon_xattr(const char *pathname, unsigned int xattr_flags, - - if (!recurse) { - if (statfs(pathname, &sfsb) == 0) { -- if (sfsb.f_type == RAMFS_MAGIC || -+ if ((uint32_t)sfsb.f_type == (uint32_t)RAMFS_MAGIC || - sfsb.f_type == TMPFS_MAGIC) - return 0; - } -@@ -1525,7 +1525,7 @@ int selinux_restorecon_xattr(const char *pathname, unsigned int xattr_flags, - continue; - case FTS_D: - if (statfs(ftsent->fts_path, &sfsb) == 0) { -- if (sfsb.f_type == RAMFS_MAGIC || -+ if ((uint32_t)sfsb.f_type == (uint32_t)RAMFS_MAGIC || - sfsb.f_type == TMPFS_MAGIC) - continue; - } --- -2.45.2 - diff --git a/0005-libselinux-deprecate-security_disable-3.patch b/0005-libselinux-deprecate-security_disable-3.patch deleted file mode 100644 index fe7f217..0000000 --- a/0005-libselinux-deprecate-security_disable-3.patch +++ /dev/null @@ -1,95 +0,0 @@ -From b4b002ffef9431cc3af8409a32e243cd7b057feb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Sun, 23 Jun 2024 14:26:04 +0200 -Subject: [PATCH] libselinux: deprecate security_disable(3) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The runtime disable functionality has been removed in Linux 6.4. Thus -security_disable(3) will no longer work on these kernels. - -Signed-off-by: Christian Göttsche -Acked-by: James Carter ---- - libselinux/include/selinux/selinux.h | 6 +++++- - libselinux/man/man3/security_disable.3 | 3 ++- - libselinux/src/load_policy.c | 2 ++ - libselinux/src/selinux_internal.h | 18 ++++++++++++++++++ - 4 files changed, 27 insertions(+), 2 deletions(-) - -diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h -index 61c1422b..1318a66a 100644 ---- a/libselinux/include/selinux/selinux.h -+++ b/libselinux/include/selinux/selinux.h -@@ -367,7 +367,11 @@ extern int security_deny_unknown(void); - /* Get the checkreqprot value */ - extern int security_get_checkreqprot(void); - --/* Disable SELinux at runtime (must be done prior to initial policy load). */ -+/* Disable SELinux at runtime (must be done prior to initial policy load). -+ Unsupported since Linux 6.4. */ -+#ifdef __GNUC__ -+__attribute__ ((deprecated)) -+#endif - extern int security_disable(void); - - /* Get the policy version number. */ -diff --git a/libselinux/man/man3/security_disable.3 b/libselinux/man/man3/security_disable.3 -index 072923ce..5ad8b778 100644 ---- a/libselinux/man/man3/security_disable.3 -+++ b/libselinux/man/man3/security_disable.3 -@@ -14,7 +14,8 @@ disables the SELinux kernel code, unregisters selinuxfs from - and then unmounts - .IR /sys/fs/selinux . - .sp --This function can only be called at runtime and prior to the initial policy -+This function is only supported on Linux 6.3 and earlier, and can only be -+called at runtime and prior to the initial policy - load. After the initial policy load, the SELinux kernel code cannot be disabled, - but only placed in "permissive" mode by using - .BR security_setenforce(3). -diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c -index 57d7aaef..dc1e4b6e 100644 ---- a/libselinux/src/load_policy.c -+++ b/libselinux/src/load_policy.c -@@ -326,7 +326,9 @@ int selinux_init_load_policy(int *enforce) - - if (seconfig == -1) { - /* Runtime disable of SELinux. */ -+ IGNORE_DEPRECATED_DECLARATION_BEGIN - rc = security_disable(); -+ IGNORE_DEPRECATED_DECLARATION_END - if (rc == 0) { - /* Successfully disabled, so umount selinuxfs too. */ - umount(selinux_mnt); -diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h -index b134808e..450a42c2 100644 ---- a/libselinux/src/selinux_internal.h -+++ b/libselinux/src/selinux_internal.h -@@ -113,4 +113,22 @@ void *reallocarray(void *ptr, size_t nmemb, size_t size); - #define ignore_unsigned_overflow_ - #endif - -+/* Ignore usage of deprecated declaration */ -+#ifdef __clang__ -+#define IGNORE_DEPRECATED_DECLARATION_BEGIN \ -+ _Pragma("clang diagnostic push") \ -+ _Pragma("clang diagnostic ignored \"-Wdeprecated-declarations\"") -+#define IGNORE_DEPRECATED_DECLARATION_END \ -+ _Pragma("clang diagnostic pop") -+#elif defined __GNUC__ -+#define IGNORE_DEPRECATED_DECLARATION_BEGIN \ -+ _Pragma("GCC diagnostic push") \ -+ _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"") -+#define IGNORE_DEPRECATED_DECLARATION_END \ -+ _Pragma("GCC diagnostic pop") -+#else -+#define IGNORE_DEPRECATED_DECLARATION_BEGIN -+#define IGNORE_DEPRECATED_DECLARATION_END -+#endif -+ - #endif /* SELINUX_INTERNAL_H_ */ --- -2.46.0 - diff --git a/0006-libselinux-fix-swig-bindings-for-4.3.0.patch b/0006-libselinux-fix-swig-bindings-for-4.3.0.patch deleted file mode 100644 index 6caa6d6..0000000 --- a/0006-libselinux-fix-swig-bindings-for-4.3.0.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 2ce1276a0476c7c44d3dad0423f1fde3a0f6d2ce Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Wed, 16 Oct 2024 19:57:10 +0200 -Subject: [PATCH] libselinux: fix swig bindings for 4.3.0 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit -Content-type: text/plain - -https://github.com/swig/swig/blob/master/CHANGES.current - -"[Python] #2907 Fix returning null from functions with output -parameters. Ensures OUTPUT and INOUT typemaps are handled -consistently wrt return type. - -New declaration of SWIG_Python_AppendOutput is now: - - SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void); - -The 3rd parameter is new and the new $isvoid special variable -should be passed to it, indicating whether or not the wrapped -function returns void. - -Also consider replacing with: - - SWIG_AppendOutput(PyObject* result, PyObject* obj); - -which calls SWIG_Python_AppendOutput with same parameters but adding $isvoid -for final parameter." - -Fixes: https://github.com/SELinuxProject/selinux/issues/447 - - selinuxswig_python_wrap.c: In function ‘_wrap_security_compute_user’: - selinuxswig_python_wrap.c:11499:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’ - 11499 | resultobj = SWIG_Python_AppendOutput(resultobj, plist); - | ^~~~~~~~~~~~~~~~~~~~~~~~ - selinuxswig_python_wrap.c:1248:1: note: declared here - 1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) { - | ^~~~~~~~~~~~~~~~~~~~~~~~ - selinuxswig_python_wrap.c: In function ‘_wrap_security_compute_user_raw’: - selinuxswig_python_wrap.c:11570:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’ - 11570 | resultobj = SWIG_Python_AppendOutput(resultobj, plist); - | ^~~~~~~~~~~~~~~~~~~~~~~~ - selinuxswig_python_wrap.c:1248:1: note: declared here - 1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) { - | ^~~~~~~~~~~~~~~~~~~~~~~~ - selinuxswig_python_wrap.c: In function ‘_wrap_security_get_boolean_names’: - selinuxswig_python_wrap.c:12470:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’ - 12470 | resultobj = SWIG_Python_AppendOutput(resultobj, list); - | ^~~~~~~~~~~~~~~~~~~~~~~~ - selinuxswig_python_wrap.c:1248:1: note: declared here - 1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) { - | ^~~~~~~~~~~~~~~~~~~~~~~~ - error: command '/usr/bin/gcc' failed with exit code 1 - -Suggested-by: Jitka Plesnikova -Signed-off-by: Petr Lautrbach ---- - libselinux/src/selinuxswig_python.i | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i -index 17e03b9e36a5..03ed296d5b85 100644 ---- a/libselinux/src/selinuxswig_python.i -+++ b/libselinux/src/selinuxswig_python.i -@@ -71,7 +71,7 @@ def install(src, dest): - for (i = 0; i < *$2; i++) { - PyList_SetItem(list, i, PyString_FromString((*$1)[i])); - } -- $result = SWIG_Python_AppendOutput($result, list); -+ $result = SWIG_AppendOutput($result, list); - } - - /* return a sid along with the result */ -@@ -108,7 +108,7 @@ def install(src, dest): - plist = PyList_New(0); - } - -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - - /* Makes functions in get_context_list.h return a Python list of contexts */ --- -2.47.0 - diff --git a/0007-libselinux-setexecfilecon-Remove-useless-rc-check.patch b/0007-libselinux-setexecfilecon-Remove-useless-rc-check.patch deleted file mode 100644 index ea07402..0000000 --- a/0007-libselinux-setexecfilecon-Remove-useless-rc-check.patch +++ /dev/null @@ -1,37 +0,0 @@ -From edce1de156f1daa71875e210c1d55ad8d3aefc90 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Fri, 25 Oct 2024 20:30:13 +0200 -Subject: [PATCH] libselinux/setexecfilecon: Remove useless rc check - -Fixes: - Error: IDENTICAL_BRANCHES (CWE-398): - libselinux-3.6/src/setexecfilecon.c:45: implicit_else: The code from the above if-then branch is identical to the code after the if statement. - libselinux-3.6/src/setexecfilecon.c:43: identical_branches: The same code is executed when the condition "rc < 0" is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed? - \# 41| - \# 42| rc = setexeccon(newcon); - \# 43|-> if (rc < 0) - \# 44| goto out; - \# 45| out: - -Signed-off-by: Vit Mojzis -Acked-by: James Carter ---- - libselinux/src/setexecfilecon.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/libselinux/src/setexecfilecon.c b/libselinux/src/setexecfilecon.c -index 2c6505a9..4b31e775 100644 ---- a/libselinux/src/setexecfilecon.c -+++ b/libselinux/src/setexecfilecon.c -@@ -40,8 +40,6 @@ int setexecfilecon(const char *filename, const char *fallback_type) - } - - rc = setexeccon(newcon); -- if (rc < 0) -- goto out; - out: - - if (rc < 0 && security_getenforce() == 0) --- -2.47.0 - diff --git a/0008-libselinux-matchpathcon-RESOURCE_LEAK-Variable-con.patch b/0008-libselinux-matchpathcon-RESOURCE_LEAK-Variable-con.patch deleted file mode 100644 index 414ca7c..0000000 --- a/0008-libselinux-matchpathcon-RESOURCE_LEAK-Variable-con.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 48bfb96d452a6893010977325940ca17619c207c Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Fri, 25 Oct 2024 20:30:14 +0200 -Subject: [PATCH] libselinux/matchpathcon: RESOURCE_LEAK: Variable "con" - -Fixes: - Error: RESOURCE_LEAK (CWE-772): - libselinux-3.6/src/matchpathcon.c:519: alloc_arg: "lgetfilecon_raw" allocates memory that is stored into "con". [Note: The source code implementation of the function has been overridden by a user model.] - libselinux-3.6/src/matchpathcon.c:528: leaked_storage: Variable "con" going out of scope leaks the storage it points to. - \# 526| - \# 527| if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0)) - \# 528|-> return -1; - \# 529| - \# 530| if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) { - -Signed-off-by: Vit Mojzis -Acked-by: James Carter ---- - libselinux/src/matchpathcon.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c -index e44734c3..967520e4 100644 ---- a/libselinux/src/matchpathcon.c -+++ b/libselinux/src/matchpathcon.c -@@ -524,8 +524,10 @@ int selinux_file_context_verify(const char *path, mode_t mode) - return 0; - } - -- if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0)) -+ if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0)){ -+ freecon(con); - return -1; -+ } - - if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) { - if (errno != ENOENT) --- -2.47.0 - diff --git a/bachradsusi.gpg b/bachradsusi.gpg index ff4e382..aa060bb 100644 --- a/bachradsusi.gpg +++ b/bachradsusi.gpg @@ -316,6 +316,123 @@ kAIi0B1szn0K13qRqBIwjnWL+orP1KLzvczCH6yD0FZY90CDdMtM0VB6AqT4BFh6 5+ygjA4YiA7fFYBm8510ybUcNfzU3gUIJ5pF8MdGizO54tCPSK6U+iVRY4qfCFdu IiOZ7FUUn78VIxQUMYMrozy7kn/0PQZa7KKRbXJ8sg0sgrQapwpgUjdMwuYZPGGv 1Jw5/+WUGWMbGxmlpHcEOmsPZpITH557M/kHyk9Ud0iKwciBI2mGLxiafCuLrUY4 -TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfg== -=I8Dr +TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfpkCDQRnKRF7ARAAo5H9/6cStbyjWFeb +G6qDn6pT+4v1rlbRZo0rYwWkDmEAjOZMRC9SJipTCdQeNFlv6HEiiCvl3bmZIqrZ ++zvLI6U1+2dH7k06xNqIFLTV0zbr+tUkOwspg5nr59KsuNP01WBS0ELzunO/zHj+ +BOEdPg1KvB0IQFtqAwaAfuny67YvTr9O7Yz07ZCfTxPtHf6FJ80FPeRa0LoZYnW4 +UmSGtm1f59VD9+qe4yhRtNanamXUKjf8BTw0rQwjoJhVT5Mg0Z6hW6fhFrD57Lgd +8fBi5ZHHUlR4z1+nqGCUoHlHjc0JVyK8j8fofKafow/79ITaOqBzv+P3psY9ecBg +7wGaOHrqzRzRxAfKYRO2IaFHRGnsEE8FnwSEL00uPVxpiiTavrLJFEjku9GmP3OY +3rbwIPXbw1m9mZG1yAVbSEEf58WSWeoBp0O6qrwAdIbdgUX4BkQ8bX5MtUjXp5tm +0StmjQiZ7O91cg0VuWtrfj/I4E3xtloNzhtG2QLI4s7iAL1orhClxEuZRO9alUCS +cnRvhmw2Dh6sB6i56evcZdUFwxMXOByxfWr0fxX4QlR8jYqMPj7UMNj2PccTBOQX +umIW2cdGEeni9vrE9cLfZRSNCwPWAXWtr1zQW54Jx5DjCGHobQk53Z7kE+MZVAje +gOaT0u50cljBNfJootuln4+gbGMAEQEAAbQlUGV0ciBMYXV0cmJhY2ggPGxhdXRy +YmFjaEByZWRoYXQuY29tPokCVwQTAQgAQRYhBGjSGCM0KhNoOus+TvtMaFtdwcE+ +BQJnKRF7AhsDBQkDwmcABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEPtM +aFtdwcE+doMQAI5mnNA8aH0dfeOZnz/NrMwY6H7jK/+lYatCx05e1TfK+zz9feRK +sxgP3Pjj0p9igo3jIdPcN5/YnlmVEeplDmSiKOOdendviy+sA8sukMo07Q+m1pYW +NzFtyiZd+c44mp9I1l7h6rktIY9XDedrlAkNog1VlUet9eNpmgXt2OmJNDmYftWc +KIpyw/ZLaubjRcAmxwsn7I6dWnT66Ffg9H8trcRlWipVWP8imO0EIpwC8RbhuNgk +xjt/cVf3CEpzokF4n0k3nqYmt90NNtGc0kG5QAlTvlUuHpNWzuzvdAPtMy3KEaXI +fu3IEZeIKCxSgWXTm7zRKUn0F6jKAsLXhK/WOA1Aa7NdAUwMxrEndfNoqBrusaLD +lpzWU7USv2YT+Pf3aQ7u1szg2J8V5eqRP+E8wwe54RNCgQrcDgUq5abyncsvull3 +GqJvzvZC7/Q3Th/g5Wc+dRaGBz0O9FBuRPQwjrnB932xW1fDf17cScpVKAvV/jwn +tpWXf7nSv2M0o9fihnTBl4d2c2EBKtTdp5W0IpeRl5uLad3AYoouP6RoZ+/Id/Zg +NeaQKH/ZlCxk5S9GLzYhm665ysOYRkh7NfoThRtvAqAeDcTKWGDG1nQok2KKOSyq +S81PT2AlMz7A26R0vsH/9lQ1uZFIhIGbxZXlGERZwXd1s+lgfWTbB5K+iQIzBBAB +CAAdFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmcpGAUACgkQvDkF8jUXnPFdGQ/+ +L7uA7EMB+Yh0urhZuOltZSNtge6b+UbLZTd8DRsf044e+Z0NJWdQ2saLBptGhIcn +as4Qd0gS+QkWB7lMrJ31uux15ZBjFsGtyqK+VoH8JIPvV8Mr5XojqA+UYUpXP6ns +ILrdkUvNzpeA51IxYuVMWcut8SUVYzjD11YG1P8LFzydsImaYe7se+RE85F3/2Po +kZNe0d0Gh36uyfJSND80XrrxLpROgabQgHNG0drL/DHjdoa3F0V5EUoG7NBwUrmB +RlWKYCLUFfW+8mQn6RVK8JIV9WaHrzi/KAZLonZb5dCjO0e+Ol16pyUofLA8SN7B +aqjens8ho297GtE3darkXmj5p3p4YPur/D+oZCNIH+BYMsht46VtE3v6V10P8KA2 +6MgNo5qME1Q0kC1DUYi68cPeDgrQBMWa+nF+m9i2aGeAyi3qDhZu03JLhOYAhv45 +OVRawm9vFqyKiBRANVogTRr+ch4zywaapwfVLQ+xiwVLqlT5n/iIzWCQ0hA15eKZ +gJV0kTXL4OWKBeJqSNnnLVm4AhZ2OpKHMsjE7BEopvCe9JZWFIrjtQ9TrriByOx0 +3anWkmm7b4lZ1HKDOI/Cxyz8BZvYizo7hSOdGjLrFBTD/Wk0swvpzB4NKh5I6N7k +gppXMTaWp36+KmQx66JzaZjepGl1VMNFdgiP6Sw6pO+5Ag0EZykRewEQAK4EY+06 +GeuX4wLlUqAMWCnbFELuhBZGWFLEIvP6WJS1WOvee45RVcpVfYMp3AqymiNRahAl +RMtSQ9YtXSdlBPkhtNcoV/hqjcNywMdbsy+Rs27pRk/DJVC0yVL4ABrSSlwhfNa4 +6X4ZvPr8GGDvjAUhK6NXQ7WrZJxYR9/U0nqRGtGuPBLhFey1H60n5axP8+2f9pFC +NbDJ13HbrhVju+RUeE8Gq5WJI5dea5SfYnXFERsT/zO+pw7ZaaSDmWKR1a88P6Bk +DD7e63ZIaAa849M/Dz+OgzNEgbyRjvgbO0OEIrS2x61lGoW7F9prEgzj97NIiBu6 +qpNCYJefkpfPENrk+wmOUthJfh6E7uphlliQams6dqXAc3Z+xBN9jFf74RpzVmIP +K/MFNr0EcUMFgURpBtaTrk4dGMh++v5i4qKxxwJHf4RsGCDsgH9ZZDemKz5q8uFN +TI1kbTnsKNt+d7L45U+3/mRm4l22g8eu+AvD6R4GfKjsyzEFCyGK7TmVYj0Y+EGR +9+YbRQ1GahXqtrR/aLC09LSyxQTqYfKU8KusnoceEbBOigEZUNPybpzibwHl1VEV +9crR5eT8MPHgs8xdpjQ7gRuPi12fvc83unpUsNIHSCxZqXoilGsz2+zpX2si3PxB +tK/tTo6ZFRLijhHs250Y1agp4MyXYq91A2VTABEBAAGJAjwEGAEIACYWIQRo0hgj +NCoTaDrrPk77TGhbXcHBPgUCZykRewIbDAUJA8JnAAAKCRD7TGhbXcHBPozGD/0Y +fkktGwGq2vPZUI/Fscv+VnEqVt94dBnS0/6GyYvhI7Tf81v+72URlQeX8TUQox9B +8d3Aru5b2+iSkPcvH70PbY8jt/yTwHtSlFzf6+YPIl+oyTz7DoiILSjrO51ntl8g +KmIb8Q9W74xV6VFIJ4m8rH04MKFpIlzUDq660JYQIGtOUFugSfg7aLVU/0j4WKKE +KfAfg93wYTKKd+JgRFy4FZPriem7HvlUSi2VKffdrrUF/PX35X74iKdPQoEADZi8 +KkMZULDtyQ6ZOu2hiDpArjo5hDadKM314Z65VnM11hjiEhmTF3IyGBllb0qBIk0L +nBVHuMYmiqBNJEbaqHLqIju8/RvFlYV+AMISeA7B68knbJcao13ogtDpuJ4hpgCj +j2B1n0NWMcju0gteu1sfsIaQbWHevH2vgl5LJDCNtUJN/NoWB2Uov27wEvsongwY +3du40TnM+5ejwf4r8D3wX+JpVCAhfr3Oc0knw14nRqFPAe1E7DNURJ8xfEV9iPRA +swo6qoh7IIxNETUG1rywRExNt6tHsojx0Wb0I0IB7CnWRK9F6oNRp0S4kVgp+Jeh +a9NGXFK2hn8qBD/rpUPsj/OdkiBN+C7Ai07rCNez+IKdnUfXkOJqLCOyeUwC9WPl +uFPB9RnnghYM4xhMWf8XvSLOOk/vgPxiqR5ANLObsbkCDQRnKRLhARAAuh+b2Oxj +9q+RRZ+pkDVf/M6P01yDmDhwtYHzi/LW8PFHC6iQlzMReyv1R5n3uCEpAZ++mdUe +Cgo2TmFnYdpmxEgdaMIW98uqe4fuHhoXU2Mh4eiN7jyJvXQCsijCDYzifoj03HY7 +nTVjw4+BSSu9kA3/vEqU9A5YjG01MmVSMaIaTrqZqsnypK6r2exJa7YVRYwRqpLY +C5ksikDVK9ftdfhjnsnYGS4pYyfMNSHY1KBMpHjT7wEkM+KZ2WRpjTZZ7nP9u4Lf +fJMKgcclRgf+13CeSaJfVIhjJlxGVLkloE8XJbOeh2vkK257e9BenEFgQnyLCpGJ +8YNsnsJVhxU1aA62dT7jmnOVMBhnGoNhMyzzfvUw0REz2VbpZBkiwZRfZ9MWUBsy +bneH8NwzZMQQLCc/yo/jnPrmDS+tgl4CXGzBtpxPUZSMuY4tHZZ2vBb0zcfhY7P1 +CrHuylXLFzkOO/XRP3w1F8I1UqJCjdTKjdjCDF/VWtedHee1iEsSHxPGH8fHp4Qp +rBDDwZ4NnfilYNHMDWm6U1bzhX2ynqcGArQSd1Ny/oL7JzE1qoH/nNrwVvOSSNWF +UTXFXeLy+SOXJdFJpGP+/wV+gYfyczoUP6vmCdK1Hs15WQvKzyP/nmLS5uLilfxV +KrxZDI6SNrS4f/XkHcGnYByFKUhq5gVN0ZcAEQEAAYkEcgQYAQgAJhYhBGjSGCM0 +KhNoOus+TvtMaFtdwcE+BQJnKRLhAhsCBQkDwmcAAkAJEPtMaFtdwcE+wXQgBBkB +CAAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmcpEuEACgkQzcroySfGvjExiQ// +TKQ2Ci+sqNSVIcwg/k0Go1i4cA7lhKNdYRBCaIThB9jMqNg2zgPzgELBcaVJL8xw +0E2x2ZvBejM4X+eTrmkdufcxHR8B/zBF8oPlD2pgs/zZmZEO1gq4Cdab7yIoVNNr +foCZShxOCPR2wIixcYZtt5f7Z3zSXqkjIec6sTOedT75ZXrpQbvINeUkvOJfMCOi +ailauvDfv8k5iJUVbP+Dx1vOc88bvewVJcbLID4HIRr/PS+k1D10zGbnF71TnxGZ +r7anMZCSFCHJ5WV+BSwHHKtxRy+bJ1x9ML45Jcr1anTXeaHIeSKNzFBigJQSgHv0 +euegkD3Rmw+IcxNb4l536selaNR0UAwx1DC1qpjBtnE9/pXdTEsZQxq9kMrj0d+f +VKFjOKADVIpkx7o0dZ1jmbUmdjQVyGDgHE+Emgdd726/2ftWriW2uPeUC6YZiqbt +vBnCnwF+aV6P1nrE0BWJchLyBjDCe5Y2oXBAYF6xwpDPfMPr4oscqzPV4TWVULBi +brtRWgSxmvinIGFx9T9wQCVfX254dqBaAEhRMImoT/YP+6evRZKqQODRhI44OG7u +V71IVAJ8BHEBN8hxvQM3WPs1fhwMBFCyGfr/x/U4/c78R9JhxkU9VwmMbLGQP7VP +1QgfiHqZpHMk8ZUmQn6KLeurzWcnwPFkwgFPZED8OQOMXxAAio3DhWr5KDd3mICH +ALNY0A2ipb/JH6LSHxu0S3MLa/bF6PbqRY1+fKMT/cFVxln99rNUrX+hDRbc7qbh +KkxvGmcnXnkcTHah9bfUghEanlKkBr1g1ik3zgEnpO/x3+X39Ov+ge92MDawV0nq +k9R/9tS+ZD/ph72Q9kx3ZfVNSL0eWxjuwBzFW0Zwh5TAX4raSmyQCmAXi05O3YmN +iq4arSUg5oAOMRZ+d96DsrAS4Sdtlx6/CuKTBzEaGPQLQ9wJNB0Vmd/eQWTP99KY +cAdIwj5BJ5P0Z7+xhsVjQOntn4otnP6vN6RuDtYrS6M7TCN/ZeKCvN/G0nRac4D+ +IJX3CYYtYXgaoDuoetUWtc7O5PzHRETaBt/46ob2lzf6cT5QyVujTfz+i0rGEc63 +pvXK8mV+K7BFY/DHpdEhl1pDw2YYLbBmUthQWdsL6/TVvpMe/wZadvJ/by3AeRzQ +eusUucuSo9UNN7Yj8u3dRhxNgsSiU96A/SFlAoB5s3Onh5K4WEVCBu/INjdi+r2B +LJePSnA3I7VkRE9Haf1D28jtBzm3Xbft2rs3lO18FcCqw6kd7Ih3e0tZ8uUG9UDv +qTDHTUHLAWvwrq38gKKAu2RMaU06A5kR87RcQiizxOwBIwiHuUWMU4/Hyx6fXsOD +hEs0O6AFDarNDZGee2amKTAyZpG5Ag0EZykTxQEQAOwGV1boBD3vDLsoAT62nGxb +SqXiBsObxnpWbNifOzM9BUGPOIpHsSH32PZGG/+LNjNdECfyyP1RysH5OT7j92Q8 +vgRQoG3X985gbOjYyZc0xvAkTSvWxOiy5CuF3X8sJ3NSerQDXwjP9qVqLVj/3FB8 +nka1HFS7KzC3Zo/kzCoxeZ3/hV3PTWIjcoJvtBSCKPZyOJxnRqWfi5BNJo3S2SR1 +mxV967zawXiZ8MeeBl6rLhOfCBtz9g+bqrXZYoenuMn5Js2mcH0haYeMSV3UWIC4 +kinzr1EJxs+L1/hVCVBNiiDc6DXcFXoz9ZVc9kjpZTOMoZVDkRkyOeen+5Sya9wK +4teLmDLME4+pgeHCS/Wa4KrYyEWe7NpG1VTkSJnRS+fyYGTWtwEiuwT6J9U0t1d5 +hbxhM7YAhlnOEnNVmqa3Bq3yqJs9G/7gicZ7CIJ9JBHKTJzOnKfpGhxBSOgOoCOa +WW6uVCzDqfrYPmCUIKQmanB441xJFGuHVPMLBjVjswoMKGkK3gM6KMRCDYQ53u6s +FK+Jcl8HobBSezVIUKpKVX3IW9d506cE0FhSW/NvWJv0FIMVloyC2BpOjSWVgEwX +tk/m3SKPsgCAcCqzi7xlloR8+E9C2xci9cdGG5faghgSjaP6j0qDww/slRPQJc5A +DIeukkOYTCiSiDwQtblJABEBAAGJAjMEGAEIACcWIQRo0hgjNCoTaDrrPk77TGhb +XcHBPgUCZykTxQMbIAQFCQPCZwAAADcWD/4qJRLn7TcMtRMF43Yn+dX+O13YrxBC +T4n1QVmiPsGrUca4Vg1J+trV6IMsGrhktpiaV0qeL/km0h02m4gEDZKDyWWXdeWh +EXFaTVy9yCpSXUWJl5gSXTSwxrqBWyWLlLLk4UT9l9sk5mMdy0JA8unobV4M/eXQ +ggR11DL3ji7aO0hsqxyxXkJcawWjVGW5KL1EaoDKIJ/CwxOI5ipFueMIRQjQvw9A +o/w2fq11qVXY9zknk6pFkp/RDHLes+wVHDtebZfJ9xV7Mb1mf/k03dT56GaA/U3E +XvJ2FdgWR+zf+YMEa9MPDHYo2UNEvk9mOk247M8s+OeexdlkPgyKW5A8mtYuY/dR +j8W6C4pLcMWa+d/vIUpm5Guw0F5q0AWk9/FbBe9HLztEevvRnuHXmfTZeto/nCAi +Yg4pCj6p3JoN5CLebR8YtWm9AJBbX1kgVvqSU2VgwYIFsxBEz8Wu2h7z/eSCSeIg +ARFbTlJ6cBrRkXCVyhbv0LPWWUfAUqiEtdGxrA4Xx/jKrI02JjRdW/bZkXjSka8K ++cDlpcr9ixBWW5LkWsOdiL8jExfTGw25FA7Wd1HiHnBv36Mu/zb+0/I63d+fLq93 +e3lmmVx9qQF8p5Okf4ojY9YoIHVkLS7t9AgFjm/ucmpEGbXxyPk2Cr3l+b5R41x3 +dBW9kxiuWpZN3Q== +=iuRK -----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/libselinux.spec b/libselinux.spec index f879023..e1d4f64 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,14 +1,14 @@ %define ruby_inc %(pkg-config --cflags ruby) -%define libsepolver 3.7-1 +%define libsepolver 3.8-0 Summary: SELinux library and simple utilities Name: libselinux -Version: 3.7 -Release: 5%{?dist} +Version: 3.8 +Release: 0.rc1.1%{?dist} License: LicenseRef-Fedora-Public-Domain # https://github.com/SELinuxProject/selinux/wiki/Releases -Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz -Source1: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz.asc +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc1/libselinux-%{version}-rc1.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc1/libselinux-%{version}-rc1.tar.gz.asc Source2: https://github.com/bachradsusi.gpg Source3: selinuxconlist.8 Source4: selinuxdefcon.8 @@ -16,17 +16,10 @@ Source4: selinuxdefcon.8 Url: https://github.com/SELinuxProject/selinux/wiki # $ git clone https://github.com/fedora-selinux/selinux.git # $ cd selinux -# $ git format-patch -N 3.7 -- libselinux +# $ git format-patch -N 3.8 -- libselinux # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # Patch list start Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch -Patch0002: 0002-libselinux-set-free-d-data-to-NULL.patch -Patch0003: 0003-libselinux-restorecon-Include-selinux-label.h.patch -Patch0004: 0004-libselinux-Fix-integer-comparison-issues-when-compil.patch -Patch0005: 0005-libselinux-deprecate-security_disable-3.patch -Patch0006: 0006-libselinux-fix-swig-bindings-for-4.3.0.patch -Patch0007: 0007-libselinux-setexecfilecon-Remove-useless-rc-check.patch -Patch0008: 0008-libselinux-matchpathcon-RESOURCE_LEAK-Variable-con.patch # Patch list end BuildRequires: gcc make BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel @@ -99,7 +92,7 @@ needed for developing SELinux applications. %prep %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' -%autosetup -p 2 -n libselinux-%{version} +%autosetup -p 2 -n libselinux-%{version}-rc1 %build export DISABLE_RPM="y" @@ -197,6 +190,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool* %{_sbindir}/selinuxexeccon %{_sbindir}/selinuxenabled %{_sbindir}/setenforce +%{_sbindir}/selabel_compare %{_sbindir}/selabel_digest %{_sbindir}/selabel_lookup %{_sbindir}/selabel_lookup_best_match diff --git a/sources b/sources index 195df87..1fbbc90 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (libselinux-3.7.tar.gz) = e949c20b606c50ad521b9592ce55ad6658e8c4b24d9838028f5aba0a4fc762b6d0d0d0d207f5bef7a2e41485e12d91382fa6090df27152dbb40071b273419352 -SHA512 (libselinux-3.7.tar.gz.asc) = 5be2fdc0deda62f240276413d1b95a57d467fe989ddb31b34f7743cbd03d69385ac3321af10c97aded119ae5f0a4d8ec5894f8647a45f2902c0e8ff1e96787aa +SHA512 (libselinux-3.8-rc1.tar.gz) = 16fbc4d903061f696b5396690da69b7bc18f158742c789ef70d543d51fe5015abc73d9205e3b147cec0d293a1448735e2b9e39edd562690156c946a0f53dcb38 +SHA512 (libselinux-3.8-rc1.tar.gz.asc) = 52e0fbf7e61fe6c67cfa2ca214bbf2cae94f016feeb3b317e8c4f6bffb9c2f3b93cfd425669c1c9fc97b35cdb77b2f153b11f9daa654817565aa40d76dc936f2