SELinux userspace 3.8-rc1 release

Resolves: RHEL-69451
This commit is contained in:
Petr Lautrbach 2024-11-28 17:38:36 +01:00
parent de1d9f5fd5
commit 6d5c5e5819
12 changed files with 155 additions and 488 deletions

2
.gitignore vendored
View File

@ -234,3 +234,5 @@ libselinux-2.0.96.tgz
/libselinux-3.6.tar.gz /libselinux-3.6.tar.gz
/libselinux-3.7.tar.gz /libselinux-3.7.tar.gz
/libselinux-3.7.tar.gz.asc /libselinux-3.7.tar.gz.asc
/libselinux-3.8-rc1.tar.gz
/libselinux-3.8-rc1.tar.gz.asc

View File

@ -1,4 +1,4 @@
From 4884c917237e53e34d3fc75dcf4f07217cfd7584 Mon Sep 17 00:00:00 2001 From 4780b755bb1171f5aa4cd7545535839d451a2070 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Fri, 30 Jul 2021 14:14:37 +0200 Date: Fri, 30 Jul 2021 14:14:37 +0200
Subject: [PATCH] Use SHA-2 instead of SHA-1 Subject: [PATCH] Use SHA-2 instead of SHA-1
@ -51,10 +51,10 @@ index ce189a3ae2fe..ce77d32dfed1 100644
* @num_specfiles: number of specfiles in the list. * @num_specfiles: number of specfiles in the list.
* *
diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h
index b10fe684eff9..8df4744505b3 100644 index 5be6542c2a91..210f65fdb709 100644
--- a/libselinux/include/selinux/restorecon.h --- a/libselinux/include/selinux/restorecon.h
+++ b/libselinux/include/selinux/restorecon.h +++ b/libselinux/include/selinux/restorecon.h
@@ -41,8 +41,8 @@ extern int selinux_restorecon_parallel(const char *pathname, @@ -43,8 +43,8 @@ extern int selinux_restorecon_parallel(const char *pathname,
* restorecon_flags options * restorecon_flags options
*/ */
/* /*
@ -198,10 +198,10 @@ index 41cfbdca490c..658a4c3d80e0 100644
endif endif
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 2732972e61cf..6c6fe328b353 100644 index 189a5ed26eb7..312bb584d6b4 100644
--- a/libselinux/src/label_file.c --- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c
@@ -1105,7 +1105,7 @@ static struct spec *lookup_common(struct selabel_handle *rec, @@ -1780,7 +1780,7 @@ static struct lookup_result *lookup_common(struct selabel_handle *rec,
/* /*
* Returns true if the digest of all partial matched contexts is the same as * Returns true if the digest of all partial matched contexts is the same as
@ -210,7 +210,7 @@ index 2732972e61cf..6c6fe328b353 100644
* digest will always be returned. The caller must free any returned digests. * digest will always be returned. The caller must free any returned digests.
*/ */
static bool get_digests_all_partial_matches(struct selabel_handle *rec, static bool get_digests_all_partial_matches(struct selabel_handle *rec,
@@ -1114,39 +1114,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec, @@ -1789,39 +1789,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
uint8_t **xattr_digest, uint8_t **xattr_digest,
size_t *digest_len) size_t *digest_len)
{ {
@ -261,7 +261,7 @@ index 2732972e61cf..6c6fe328b353 100644
return true; return true;
return false; return false;
@@ -1166,22 +1166,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key @@ -1840,22 +1840,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key
return false; return false;
} }
@ -269,17 +269,17 @@ index 2732972e61cf..6c6fe328b353 100644
- Sha1Initialise(&context); - Sha1Initialise(&context);
+ Sha256Context context; + Sha256Context context;
+ Sha256Initialise(&context); + Sha256Initialise(&context);
size_t i;
for (i = 0; i < total_matches; i++) { for (const struct lookup_result *m = matches; m; m = m->next) {
char* regex_str = matches[i]->regex_str; const char* regex_str = m->regex_str;
mode_t mode = matches[i]->mode; uint8_t file_kind = m->file_kind;
char* ctx_raw = matches[i]->lr.ctx_raw; const char* ctx_raw = m->lr->ctx_raw;
- Sha1Update(&context, regex_str, strlen(regex_str) + 1); - Sha1Update(&context, regex_str, strlen(regex_str) + 1);
- Sha1Update(&context, &mode, sizeof(mode_t)); - Sha1Update(&context, &file_kind, sizeof(file_kind));
- Sha1Update(&context, ctx_raw, strlen(ctx_raw) + 1); - Sha1Update(&context, ctx_raw, strlen(ctx_raw) + 1);
+ Sha256Update(&context, regex_str, strlen(regex_str) + 1); + Sha256Update(&context, regex_str, strlen(regex_str) + 1);
+ Sha256Update(&context, &mode, sizeof(mode_t)); + Sha256Update(&context, &file_kind, sizeof(file_kind));
+ Sha256Update(&context, ctx_raw, strlen(ctx_raw) + 1); + Sha256Update(&context, ctx_raw, strlen(ctx_raw) + 1);
} }
@ -290,10 +290,10 @@ index 2732972e61cf..6c6fe328b353 100644
+ Sha256Finalise(&context, &sha256_hash); + Sha256Finalise(&context, &sha256_hash);
+ memcpy(digest, sha256_hash.bytes, SHA256_HASH_SIZE); + memcpy(digest, sha256_hash.bytes, SHA256_HASH_SIZE);
free(matches); free_lookup_result(matches);
return true; return true;
diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
index ea60cd9a058f..77ac8173c7a9 100644 index 743dbf9472cf..4180df92f405 100644
--- a/libselinux/src/label_internal.h --- a/libselinux/src/label_internal.h
+++ b/libselinux/src/label_internal.h +++ b/libselinux/src/label_internal.h
@@ -13,7 +13,7 @@ @@ -13,7 +13,7 @@
@ -324,7 +324,7 @@ index ea60cd9a058f..77ac8173c7a9 100644
unsigned char *hashbuf; /* buffer to hold specfiles */ unsigned char *hashbuf; /* buffer to hold specfiles */
size_t hashbuf_size; /* buffer size */ size_t hashbuf_size; /* buffer size */
size_t specfile_cnt; /* how many specfiles processed */ size_t specfile_cnt; /* how many specfiles processed */
@@ -110,7 +110,7 @@ struct selabel_handle { @@ -111,7 +111,7 @@ struct selabel_handle {
*/ */
char *spec_file; char *spec_file;
@ -334,10 +334,10 @@ index ea60cd9a058f..77ac8173c7a9 100644
}; };
diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c
index f7ab9292562e..1c3c1728f6ba 100644 index 978ba828c159..daba26941ae7 100644
--- a/libselinux/src/label_support.c --- a/libselinux/src/label_support.c
+++ b/libselinux/src/label_support.c +++ b/libselinux/src/label_support.c
@@ -114,7 +114,7 @@ int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...) @@ -120,7 +120,7 @@ int read_spec_entries(char *line_buf, size_t nread, const char **errbuf, int nu
/* Once all the specfiles are in the hash_buf, generate the hash. */ /* Once all the specfiles are in the hash_buf, generate the hash. */
void digest_gen_hash(struct selabel_digest *digest) void digest_gen_hash(struct selabel_digest *digest)
{ {
@ -346,7 +346,7 @@ index f7ab9292562e..1c3c1728f6ba 100644
size_t remaining_size; size_t remaining_size;
const unsigned char *ptr; const unsigned char *ptr;
@@ -122,19 +122,19 @@ void digest_gen_hash(struct selabel_digest *digest) @@ -128,19 +128,19 @@ void digest_gen_hash(struct selabel_digest *digest)
if (!digest) if (!digest)
return; return;
@ -371,7 +371,7 @@ index f7ab9292562e..1c3c1728f6ba 100644
digest->hashbuf = NULL; digest->hashbuf = NULL;
} }
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
index acb729c8ad96..2422b415008e 100644 index bc6ed935a4ad..93bd7779249b 100644
--- a/libselinux/src/selinux_restorecon.c --- a/libselinux/src/selinux_restorecon.c
+++ b/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c
@@ -37,7 +37,7 @@ @@ -37,7 +37,7 @@
@ -1358,5 +1358,5 @@ index e2733b4195ff..98e533dc2692 100644
} }
default: default:
-- --
2.45.2 2.47.0

View File

@ -1,78 +0,0 @@
From bd6a803553a82238a9f618d1bb22f288682f8195 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Tue, 9 Jul 2024 21:13:36 +0200
Subject: [PATCH] libselinux: set free'd data to NULL
Content-type: text/plain
Fixes segfault in selabel_open() on systems with SELinux disabled and without any
SELinux policy installed introduced by commit 5876aca0484f ("libselinux: free
data on selabel open failure"):
$ sestatus
SELinux status: disabled
$ cat /etc/selinux/config
cat: /etc/selinux/config: No such file or directory
$ matchpathcon /abc
[1] 907999 segmentation fault (core dumped) matchpathcon /abc
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
---
libselinux/src/label_backends_android.c | 1 +
libselinux/src/label_file.c | 1 +
libselinux/src/label_media.c | 1 +
libselinux/src/label_x.c | 1 +
4 files changed, 4 insertions(+)
diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c
index 49a87686de4c..5bad24f20d73 100644
--- a/libselinux/src/label_backends_android.c
+++ b/libselinux/src/label_backends_android.c
@@ -260,6 +260,7 @@ static void closef(struct selabel_handle *rec)
free(data->spec_arr);
free(data);
+ rec->data = NULL;
}
static struct selabel_lookup_rec *property_lookup(struct selabel_handle *rec,
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 6c6fe328b353..87dbd0e90f2b 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -942,6 +942,7 @@ static void closef(struct selabel_handle *rec)
free(last_area);
}
free(data);
+ rec->data = NULL;
}
// Finds all the matches of |key| in the given context. Returns the result in
diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c
index 852aeada8ff4..bae065c12a55 100644
--- a/libselinux/src/label_media.c
+++ b/libselinux/src/label_media.c
@@ -183,6 +183,7 @@ static void close(struct selabel_handle *rec)
free(spec_arr);
free(data);
+ rec->data = NULL;
}
static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c
index a8decc7a0093..ddae4f6c22b6 100644
--- a/libselinux/src/label_x.c
+++ b/libselinux/src/label_x.c
@@ -210,6 +210,7 @@ static void close(struct selabel_handle *rec)
free(spec_arr);
free(data);
+ rec->data = NULL;
}
static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
--
2.45.2

View File

@ -1,48 +0,0 @@
From b0d8e4c5d6f1652cb103305f773ad5fae8a91304 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 26 Jul 2024 17:59:15 +0200
Subject: [PATCH] libselinux/restorecon: Include <selinux/label.h>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
restorecon.h uses types defined in label.h, so it needs to include
label.h (or code using restorecon.h also needs to include label.h,
which is not practical).
Fixes:
$ make DESTDIR=~/obj install > make.out
In file included from semanage_store.c:39:
/home/sdsmall/obj/usr/include/selinux/restorecon.h:137:52: error:
struct selabel_handle declared inside parameter list will not be
visible outside of this definition or declaration [-Werror]
137 | extern void selinux_restorecon_set_sehandle(struct
selabel_handle *hndl);
| ^~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[2]: *** [Makefile:111: semanage_store.o] Error 1
make[1]: *** [Makefile:15: install] Error 2
make: *** [Makefile:40: install] Error 1
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
libselinux/include/selinux/restorecon.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h
index 8df47445..210f65fd 100644
--- a/libselinux/include/selinux/restorecon.h
+++ b/libselinux/include/selinux/restorecon.h
@@ -1,6 +1,8 @@
#ifndef _RESTORECON_H_
#define _RESTORECON_H_
+#include <selinux/label.h>
+
#include <sys/types.h>
#include <stddef.h>
#include <stdarg.h>
--
2.45.2

View File

@ -1,62 +0,0 @@
From c89965eb2854db11b7b484b171beae092476ef0b Mon Sep 17 00:00:00 2001
From: James Carter <jwcart2@gmail.com>
Date: Mon, 1 Jul 2024 14:27:32 -0400
Subject: [PATCH] libselinux: Fix integer comparison issues when compiling for
32-bit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Trying to compile libselinux for 32-bit produces the following error:
selinux_restorecon.c:1194:31: error: comparison of integer expressions of different signedness: __fsword_t {aka int} and unsigned int [-Werror=sign-compare]
1194 | if (state.sfsb.f_type == RAMFS_MAGIC || state.sfsb.f_type == TMPFS_MAGIC ||
| ^~
Since RAMFS_MAGIC = 0x858458f6 == 2240043254, which > 2^31, but < 2^32,
cast both as uint32_t for the comparison.
Reported-by: Daniel Schepler
Signed-off-by: James Carter <jwcart2@gmail.com>
Reviewed-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
libselinux/src/selinux_restorecon.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
index 2422b415..93bd7779 100644
--- a/libselinux/src/selinux_restorecon.c
+++ b/libselinux/src/selinux_restorecon.c
@@ -1191,8 +1191,8 @@ static int selinux_restorecon_common(const char *pathname_orig,
}
/* Skip digest on in-memory filesystems and /sys */
- if (state.sfsb.f_type == RAMFS_MAGIC || state.sfsb.f_type == TMPFS_MAGIC ||
- state.sfsb.f_type == SYSFS_MAGIC)
+ if ((uint32_t)state.sfsb.f_type == (uint32_t)RAMFS_MAGIC ||
+ state.sfsb.f_type == TMPFS_MAGIC || state.sfsb.f_type == SYSFS_MAGIC)
state.setrestorecondigest = false;
if (state.flags.set_xdev)
@@ -1490,7 +1490,7 @@ int selinux_restorecon_xattr(const char *pathname, unsigned int xattr_flags,
if (!recurse) {
if (statfs(pathname, &sfsb) == 0) {
- if (sfsb.f_type == RAMFS_MAGIC ||
+ if ((uint32_t)sfsb.f_type == (uint32_t)RAMFS_MAGIC ||
sfsb.f_type == TMPFS_MAGIC)
return 0;
}
@@ -1525,7 +1525,7 @@ int selinux_restorecon_xattr(const char *pathname, unsigned int xattr_flags,
continue;
case FTS_D:
if (statfs(ftsent->fts_path, &sfsb) == 0) {
- if (sfsb.f_type == RAMFS_MAGIC ||
+ if ((uint32_t)sfsb.f_type == (uint32_t)RAMFS_MAGIC ||
sfsb.f_type == TMPFS_MAGIC)
continue;
}
--
2.45.2

View File

@ -1,95 +0,0 @@
From b4b002ffef9431cc3af8409a32e243cd7b057feb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Sun, 23 Jun 2024 14:26:04 +0200
Subject: [PATCH] libselinux: deprecate security_disable(3)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The runtime disable functionality has been removed in Linux 6.4. Thus
security_disable(3) will no longer work on these kernels.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
libselinux/include/selinux/selinux.h | 6 +++++-
libselinux/man/man3/security_disable.3 | 3 ++-
libselinux/src/load_policy.c | 2 ++
libselinux/src/selinux_internal.h | 18 ++++++++++++++++++
4 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
index 61c1422b..1318a66a 100644
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@@ -367,7 +367,11 @@ extern int security_deny_unknown(void);
/* Get the checkreqprot value */
extern int security_get_checkreqprot(void);
-/* Disable SELinux at runtime (must be done prior to initial policy load). */
+/* Disable SELinux at runtime (must be done prior to initial policy load).
+ Unsupported since Linux 6.4. */
+#ifdef __GNUC__
+__attribute__ ((deprecated))
+#endif
extern int security_disable(void);
/* Get the policy version number. */
diff --git a/libselinux/man/man3/security_disable.3 b/libselinux/man/man3/security_disable.3
index 072923ce..5ad8b778 100644
--- a/libselinux/man/man3/security_disable.3
+++ b/libselinux/man/man3/security_disable.3
@@ -14,7 +14,8 @@ disables the SELinux kernel code, unregisters selinuxfs from
and then unmounts
.IR /sys/fs/selinux .
.sp
-This function can only be called at runtime and prior to the initial policy
+This function is only supported on Linux 6.3 and earlier, and can only be
+called at runtime and prior to the initial policy
load. After the initial policy load, the SELinux kernel code cannot be disabled,
but only placed in "permissive" mode by using
.BR security_setenforce(3).
diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
index 57d7aaef..dc1e4b6e 100644
--- a/libselinux/src/load_policy.c
+++ b/libselinux/src/load_policy.c
@@ -326,7 +326,9 @@ int selinux_init_load_policy(int *enforce)
if (seconfig == -1) {
/* Runtime disable of SELinux. */
+ IGNORE_DEPRECATED_DECLARATION_BEGIN
rc = security_disable();
+ IGNORE_DEPRECATED_DECLARATION_END
if (rc == 0) {
/* Successfully disabled, so umount selinuxfs too. */
umount(selinux_mnt);
diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
index b134808e..450a42c2 100644
--- a/libselinux/src/selinux_internal.h
+++ b/libselinux/src/selinux_internal.h
@@ -113,4 +113,22 @@ void *reallocarray(void *ptr, size_t nmemb, size_t size);
#define ignore_unsigned_overflow_
#endif
+/* Ignore usage of deprecated declaration */
+#ifdef __clang__
+#define IGNORE_DEPRECATED_DECLARATION_BEGIN \
+ _Pragma("clang diagnostic push") \
+ _Pragma("clang diagnostic ignored \"-Wdeprecated-declarations\"")
+#define IGNORE_DEPRECATED_DECLARATION_END \
+ _Pragma("clang diagnostic pop")
+#elif defined __GNUC__
+#define IGNORE_DEPRECATED_DECLARATION_BEGIN \
+ _Pragma("GCC diagnostic push") \
+ _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"")
+#define IGNORE_DEPRECATED_DECLARATION_END \
+ _Pragma("GCC diagnostic pop")
+#else
+#define IGNORE_DEPRECATED_DECLARATION_BEGIN
+#define IGNORE_DEPRECATED_DECLARATION_END
+#endif
+
#endif /* SELINUX_INTERNAL_H_ */
--
2.46.0

View File

@ -1,86 +0,0 @@
From 2ce1276a0476c7c44d3dad0423f1fde3a0f6d2ce Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Wed, 16 Oct 2024 19:57:10 +0200
Subject: [PATCH] libselinux: fix swig bindings for 4.3.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-type: text/plain
https://github.com/swig/swig/blob/master/CHANGES.current
"[Python] #2907 Fix returning null from functions with output
parameters. Ensures OUTPUT and INOUT typemaps are handled
consistently wrt return type.
New declaration of SWIG_Python_AppendOutput is now:
SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void);
The 3rd parameter is new and the new $isvoid special variable
should be passed to it, indicating whether or not the wrapped
function returns void.
Also consider replacing with:
SWIG_AppendOutput(PyObject* result, PyObject* obj);
which calls SWIG_Python_AppendOutput with same parameters but adding $isvoid
for final parameter."
Fixes: https://github.com/SELinuxProject/selinux/issues/447
selinuxswig_python_wrap.c: In function _wrap_security_compute_user:
selinuxswig_python_wrap.c:11499:17: error: too few arguments to function SWIG_Python_AppendOutput
11499 | resultobj = SWIG_Python_AppendOutput(resultobj, plist);
| ^~~~~~~~~~~~~~~~~~~~~~~~
selinuxswig_python_wrap.c:1248:1: note: declared here
1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) {
| ^~~~~~~~~~~~~~~~~~~~~~~~
selinuxswig_python_wrap.c: In function _wrap_security_compute_user_raw:
selinuxswig_python_wrap.c:11570:17: error: too few arguments to function SWIG_Python_AppendOutput
11570 | resultobj = SWIG_Python_AppendOutput(resultobj, plist);
| ^~~~~~~~~~~~~~~~~~~~~~~~
selinuxswig_python_wrap.c:1248:1: note: declared here
1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) {
| ^~~~~~~~~~~~~~~~~~~~~~~~
selinuxswig_python_wrap.c: In function _wrap_security_get_boolean_names:
selinuxswig_python_wrap.c:12470:17: error: too few arguments to function SWIG_Python_AppendOutput
12470 | resultobj = SWIG_Python_AppendOutput(resultobj, list);
| ^~~~~~~~~~~~~~~~~~~~~~~~
selinuxswig_python_wrap.c:1248:1: note: declared here
1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) {
| ^~~~~~~~~~~~~~~~~~~~~~~~
error: command '/usr/bin/gcc' failed with exit code 1
Suggested-by: Jitka Plesnikova <jplesnik@redhat.com>
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
---
libselinux/src/selinuxswig_python.i | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
index 17e03b9e36a5..03ed296d5b85 100644
--- a/libselinux/src/selinuxswig_python.i
+++ b/libselinux/src/selinuxswig_python.i
@@ -71,7 +71,7 @@ def install(src, dest):
for (i = 0; i < *$2; i++) {
PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
}
- $result = SWIG_Python_AppendOutput($result, list);
+ $result = SWIG_AppendOutput($result, list);
}
/* return a sid along with the result */
@@ -108,7 +108,7 @@ def install(src, dest):
plist = PyList_New(0);
}
- $result = SWIG_Python_AppendOutput($result, plist);
+ $result = SWIG_AppendOutput($result, plist);
}
/* Makes functions in get_context_list.h return a Python list of contexts */
--
2.47.0

View File

@ -1,37 +0,0 @@
From edce1de156f1daa71875e210c1d55ad8d3aefc90 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 25 Oct 2024 20:30:13 +0200
Subject: [PATCH] libselinux/setexecfilecon: Remove useless rc check
Fixes:
Error: IDENTICAL_BRANCHES (CWE-398):
libselinux-3.6/src/setexecfilecon.c:45: implicit_else: The code from the above if-then branch is identical to the code after the if statement.
libselinux-3.6/src/setexecfilecon.c:43: identical_branches: The same code is executed when the condition "rc < 0" is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed?
\# 41|
\# 42| rc = setexeccon(newcon);
\# 43|-> if (rc < 0)
\# 44| goto out;
\# 45| out:
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
libselinux/src/setexecfilecon.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/libselinux/src/setexecfilecon.c b/libselinux/src/setexecfilecon.c
index 2c6505a9..4b31e775 100644
--- a/libselinux/src/setexecfilecon.c
+++ b/libselinux/src/setexecfilecon.c
@@ -40,8 +40,6 @@ int setexecfilecon(const char *filename, const char *fallback_type)
}
rc = setexeccon(newcon);
- if (rc < 0)
- goto out;
out:
if (rc < 0 && security_getenforce() == 0)
--
2.47.0

View File

@ -1,40 +0,0 @@
From 48bfb96d452a6893010977325940ca17619c207c Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 25 Oct 2024 20:30:14 +0200
Subject: [PATCH] libselinux/matchpathcon: RESOURCE_LEAK: Variable "con"
Fixes:
Error: RESOURCE_LEAK (CWE-772):
libselinux-3.6/src/matchpathcon.c:519: alloc_arg: "lgetfilecon_raw" allocates memory that is stored into "con". [Note: The source code implementation of the function has been overridden by a user model.]
libselinux-3.6/src/matchpathcon.c:528: leaked_storage: Variable "con" going out of scope leaks the storage it points to.
\# 526|
\# 527| if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
\# 528|-> return -1;
\# 529|
\# 530| if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) {
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
libselinux/src/matchpathcon.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
index e44734c3..967520e4 100644
--- a/libselinux/src/matchpathcon.c
+++ b/libselinux/src/matchpathcon.c
@@ -524,8 +524,10 @@ int selinux_file_context_verify(const char *path, mode_t mode)
return 0;
}
- if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
+ if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0)){
+ freecon(con);
return -1;
+ }
if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) {
if (errno != ENOENT)
--
2.47.0

View File

@ -316,6 +316,123 @@ kAIi0B1szn0K13qRqBIwjnWL+orP1KLzvczCH6yD0FZY90CDdMtM0VB6AqT4BFh6
5+ygjA4YiA7fFYBm8510ybUcNfzU3gUIJ5pF8MdGizO54tCPSK6U+iVRY4qfCFdu 5+ygjA4YiA7fFYBm8510ybUcNfzU3gUIJ5pF8MdGizO54tCPSK6U+iVRY4qfCFdu
IiOZ7FUUn78VIxQUMYMrozy7kn/0PQZa7KKRbXJ8sg0sgrQapwpgUjdMwuYZPGGv IiOZ7FUUn78VIxQUMYMrozy7kn/0PQZa7KKRbXJ8sg0sgrQapwpgUjdMwuYZPGGv
1Jw5/+WUGWMbGxmlpHcEOmsPZpITH557M/kHyk9Ud0iKwciBI2mGLxiafCuLrUY4 1Jw5/+WUGWMbGxmlpHcEOmsPZpITH557M/kHyk9Ud0iKwciBI2mGLxiafCuLrUY4
TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfg== TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfpkCDQRnKRF7ARAAo5H9/6cStbyjWFeb
=I8Dr G6qDn6pT+4v1rlbRZo0rYwWkDmEAjOZMRC9SJipTCdQeNFlv6HEiiCvl3bmZIqrZ
+zvLI6U1+2dH7k06xNqIFLTV0zbr+tUkOwspg5nr59KsuNP01WBS0ELzunO/zHj+
BOEdPg1KvB0IQFtqAwaAfuny67YvTr9O7Yz07ZCfTxPtHf6FJ80FPeRa0LoZYnW4
UmSGtm1f59VD9+qe4yhRtNanamXUKjf8BTw0rQwjoJhVT5Mg0Z6hW6fhFrD57Lgd
8fBi5ZHHUlR4z1+nqGCUoHlHjc0JVyK8j8fofKafow/79ITaOqBzv+P3psY9ecBg
7wGaOHrqzRzRxAfKYRO2IaFHRGnsEE8FnwSEL00uPVxpiiTavrLJFEjku9GmP3OY
3rbwIPXbw1m9mZG1yAVbSEEf58WSWeoBp0O6qrwAdIbdgUX4BkQ8bX5MtUjXp5tm
0StmjQiZ7O91cg0VuWtrfj/I4E3xtloNzhtG2QLI4s7iAL1orhClxEuZRO9alUCS
cnRvhmw2Dh6sB6i56evcZdUFwxMXOByxfWr0fxX4QlR8jYqMPj7UMNj2PccTBOQX
umIW2cdGEeni9vrE9cLfZRSNCwPWAXWtr1zQW54Jx5DjCGHobQk53Z7kE+MZVAje
gOaT0u50cljBNfJootuln4+gbGMAEQEAAbQlUGV0ciBMYXV0cmJhY2ggPGxhdXRy
YmFjaEByZWRoYXQuY29tPokCVwQTAQgAQRYhBGjSGCM0KhNoOus+TvtMaFtdwcE+
BQJnKRF7AhsDBQkDwmcABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEPtM
aFtdwcE+doMQAI5mnNA8aH0dfeOZnz/NrMwY6H7jK/+lYatCx05e1TfK+zz9feRK
sxgP3Pjj0p9igo3jIdPcN5/YnlmVEeplDmSiKOOdendviy+sA8sukMo07Q+m1pYW
NzFtyiZd+c44mp9I1l7h6rktIY9XDedrlAkNog1VlUet9eNpmgXt2OmJNDmYftWc
KIpyw/ZLaubjRcAmxwsn7I6dWnT66Ffg9H8trcRlWipVWP8imO0EIpwC8RbhuNgk
xjt/cVf3CEpzokF4n0k3nqYmt90NNtGc0kG5QAlTvlUuHpNWzuzvdAPtMy3KEaXI
fu3IEZeIKCxSgWXTm7zRKUn0F6jKAsLXhK/WOA1Aa7NdAUwMxrEndfNoqBrusaLD
lpzWU7USv2YT+Pf3aQ7u1szg2J8V5eqRP+E8wwe54RNCgQrcDgUq5abyncsvull3
GqJvzvZC7/Q3Th/g5Wc+dRaGBz0O9FBuRPQwjrnB932xW1fDf17cScpVKAvV/jwn
tpWXf7nSv2M0o9fihnTBl4d2c2EBKtTdp5W0IpeRl5uLad3AYoouP6RoZ+/Id/Zg
NeaQKH/ZlCxk5S9GLzYhm665ysOYRkh7NfoThRtvAqAeDcTKWGDG1nQok2KKOSyq
S81PT2AlMz7A26R0vsH/9lQ1uZFIhIGbxZXlGERZwXd1s+lgfWTbB5K+iQIzBBAB
CAAdFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmcpGAUACgkQvDkF8jUXnPFdGQ/+
L7uA7EMB+Yh0urhZuOltZSNtge6b+UbLZTd8DRsf044e+Z0NJWdQ2saLBptGhIcn
as4Qd0gS+QkWB7lMrJ31uux15ZBjFsGtyqK+VoH8JIPvV8Mr5XojqA+UYUpXP6ns
ILrdkUvNzpeA51IxYuVMWcut8SUVYzjD11YG1P8LFzydsImaYe7se+RE85F3/2Po
kZNe0d0Gh36uyfJSND80XrrxLpROgabQgHNG0drL/DHjdoa3F0V5EUoG7NBwUrmB
RlWKYCLUFfW+8mQn6RVK8JIV9WaHrzi/KAZLonZb5dCjO0e+Ol16pyUofLA8SN7B
aqjens8ho297GtE3darkXmj5p3p4YPur/D+oZCNIH+BYMsht46VtE3v6V10P8KA2
6MgNo5qME1Q0kC1DUYi68cPeDgrQBMWa+nF+m9i2aGeAyi3qDhZu03JLhOYAhv45
OVRawm9vFqyKiBRANVogTRr+ch4zywaapwfVLQ+xiwVLqlT5n/iIzWCQ0hA15eKZ
gJV0kTXL4OWKBeJqSNnnLVm4AhZ2OpKHMsjE7BEopvCe9JZWFIrjtQ9TrriByOx0
3anWkmm7b4lZ1HKDOI/Cxyz8BZvYizo7hSOdGjLrFBTD/Wk0swvpzB4NKh5I6N7k
gppXMTaWp36+KmQx66JzaZjepGl1VMNFdgiP6Sw6pO+5Ag0EZykRewEQAK4EY+06
GeuX4wLlUqAMWCnbFELuhBZGWFLEIvP6WJS1WOvee45RVcpVfYMp3AqymiNRahAl
RMtSQ9YtXSdlBPkhtNcoV/hqjcNywMdbsy+Rs27pRk/DJVC0yVL4ABrSSlwhfNa4
6X4ZvPr8GGDvjAUhK6NXQ7WrZJxYR9/U0nqRGtGuPBLhFey1H60n5axP8+2f9pFC
NbDJ13HbrhVju+RUeE8Gq5WJI5dea5SfYnXFERsT/zO+pw7ZaaSDmWKR1a88P6Bk
DD7e63ZIaAa849M/Dz+OgzNEgbyRjvgbO0OEIrS2x61lGoW7F9prEgzj97NIiBu6
qpNCYJefkpfPENrk+wmOUthJfh6E7uphlliQams6dqXAc3Z+xBN9jFf74RpzVmIP
K/MFNr0EcUMFgURpBtaTrk4dGMh++v5i4qKxxwJHf4RsGCDsgH9ZZDemKz5q8uFN
TI1kbTnsKNt+d7L45U+3/mRm4l22g8eu+AvD6R4GfKjsyzEFCyGK7TmVYj0Y+EGR
9+YbRQ1GahXqtrR/aLC09LSyxQTqYfKU8KusnoceEbBOigEZUNPybpzibwHl1VEV
9crR5eT8MPHgs8xdpjQ7gRuPi12fvc83unpUsNIHSCxZqXoilGsz2+zpX2si3PxB
tK/tTo6ZFRLijhHs250Y1agp4MyXYq91A2VTABEBAAGJAjwEGAEIACYWIQRo0hgj
NCoTaDrrPk77TGhbXcHBPgUCZykRewIbDAUJA8JnAAAKCRD7TGhbXcHBPozGD/0Y
fkktGwGq2vPZUI/Fscv+VnEqVt94dBnS0/6GyYvhI7Tf81v+72URlQeX8TUQox9B
8d3Aru5b2+iSkPcvH70PbY8jt/yTwHtSlFzf6+YPIl+oyTz7DoiILSjrO51ntl8g
KmIb8Q9W74xV6VFIJ4m8rH04MKFpIlzUDq660JYQIGtOUFugSfg7aLVU/0j4WKKE
KfAfg93wYTKKd+JgRFy4FZPriem7HvlUSi2VKffdrrUF/PX35X74iKdPQoEADZi8
KkMZULDtyQ6ZOu2hiDpArjo5hDadKM314Z65VnM11hjiEhmTF3IyGBllb0qBIk0L
nBVHuMYmiqBNJEbaqHLqIju8/RvFlYV+AMISeA7B68knbJcao13ogtDpuJ4hpgCj
j2B1n0NWMcju0gteu1sfsIaQbWHevH2vgl5LJDCNtUJN/NoWB2Uov27wEvsongwY
3du40TnM+5ejwf4r8D3wX+JpVCAhfr3Oc0knw14nRqFPAe1E7DNURJ8xfEV9iPRA
swo6qoh7IIxNETUG1rywRExNt6tHsojx0Wb0I0IB7CnWRK9F6oNRp0S4kVgp+Jeh
a9NGXFK2hn8qBD/rpUPsj/OdkiBN+C7Ai07rCNez+IKdnUfXkOJqLCOyeUwC9WPl
uFPB9RnnghYM4xhMWf8XvSLOOk/vgPxiqR5ANLObsbkCDQRnKRLhARAAuh+b2Oxj
9q+RRZ+pkDVf/M6P01yDmDhwtYHzi/LW8PFHC6iQlzMReyv1R5n3uCEpAZ++mdUe
Cgo2TmFnYdpmxEgdaMIW98uqe4fuHhoXU2Mh4eiN7jyJvXQCsijCDYzifoj03HY7
nTVjw4+BSSu9kA3/vEqU9A5YjG01MmVSMaIaTrqZqsnypK6r2exJa7YVRYwRqpLY
C5ksikDVK9ftdfhjnsnYGS4pYyfMNSHY1KBMpHjT7wEkM+KZ2WRpjTZZ7nP9u4Lf
fJMKgcclRgf+13CeSaJfVIhjJlxGVLkloE8XJbOeh2vkK257e9BenEFgQnyLCpGJ
8YNsnsJVhxU1aA62dT7jmnOVMBhnGoNhMyzzfvUw0REz2VbpZBkiwZRfZ9MWUBsy
bneH8NwzZMQQLCc/yo/jnPrmDS+tgl4CXGzBtpxPUZSMuY4tHZZ2vBb0zcfhY7P1
CrHuylXLFzkOO/XRP3w1F8I1UqJCjdTKjdjCDF/VWtedHee1iEsSHxPGH8fHp4Qp
rBDDwZ4NnfilYNHMDWm6U1bzhX2ynqcGArQSd1Ny/oL7JzE1qoH/nNrwVvOSSNWF
UTXFXeLy+SOXJdFJpGP+/wV+gYfyczoUP6vmCdK1Hs15WQvKzyP/nmLS5uLilfxV
KrxZDI6SNrS4f/XkHcGnYByFKUhq5gVN0ZcAEQEAAYkEcgQYAQgAJhYhBGjSGCM0
KhNoOus+TvtMaFtdwcE+BQJnKRLhAhsCBQkDwmcAAkAJEPtMaFtdwcE+wXQgBBkB
CAAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmcpEuEACgkQzcroySfGvjExiQ//
TKQ2Ci+sqNSVIcwg/k0Go1i4cA7lhKNdYRBCaIThB9jMqNg2zgPzgELBcaVJL8xw
0E2x2ZvBejM4X+eTrmkdufcxHR8B/zBF8oPlD2pgs/zZmZEO1gq4Cdab7yIoVNNr
foCZShxOCPR2wIixcYZtt5f7Z3zSXqkjIec6sTOedT75ZXrpQbvINeUkvOJfMCOi
ailauvDfv8k5iJUVbP+Dx1vOc88bvewVJcbLID4HIRr/PS+k1D10zGbnF71TnxGZ
r7anMZCSFCHJ5WV+BSwHHKtxRy+bJ1x9ML45Jcr1anTXeaHIeSKNzFBigJQSgHv0
euegkD3Rmw+IcxNb4l536selaNR0UAwx1DC1qpjBtnE9/pXdTEsZQxq9kMrj0d+f
VKFjOKADVIpkx7o0dZ1jmbUmdjQVyGDgHE+Emgdd726/2ftWriW2uPeUC6YZiqbt
vBnCnwF+aV6P1nrE0BWJchLyBjDCe5Y2oXBAYF6xwpDPfMPr4oscqzPV4TWVULBi
brtRWgSxmvinIGFx9T9wQCVfX254dqBaAEhRMImoT/YP+6evRZKqQODRhI44OG7u
V71IVAJ8BHEBN8hxvQM3WPs1fhwMBFCyGfr/x/U4/c78R9JhxkU9VwmMbLGQP7VP
1QgfiHqZpHMk8ZUmQn6KLeurzWcnwPFkwgFPZED8OQOMXxAAio3DhWr5KDd3mICH
ALNY0A2ipb/JH6LSHxu0S3MLa/bF6PbqRY1+fKMT/cFVxln99rNUrX+hDRbc7qbh
KkxvGmcnXnkcTHah9bfUghEanlKkBr1g1ik3zgEnpO/x3+X39Ov+ge92MDawV0nq
k9R/9tS+ZD/ph72Q9kx3ZfVNSL0eWxjuwBzFW0Zwh5TAX4raSmyQCmAXi05O3YmN
iq4arSUg5oAOMRZ+d96DsrAS4Sdtlx6/CuKTBzEaGPQLQ9wJNB0Vmd/eQWTP99KY
cAdIwj5BJ5P0Z7+xhsVjQOntn4otnP6vN6RuDtYrS6M7TCN/ZeKCvN/G0nRac4D+
IJX3CYYtYXgaoDuoetUWtc7O5PzHRETaBt/46ob2lzf6cT5QyVujTfz+i0rGEc63
pvXK8mV+K7BFY/DHpdEhl1pDw2YYLbBmUthQWdsL6/TVvpMe/wZadvJ/by3AeRzQ
eusUucuSo9UNN7Yj8u3dRhxNgsSiU96A/SFlAoB5s3Onh5K4WEVCBu/INjdi+r2B
LJePSnA3I7VkRE9Haf1D28jtBzm3Xbft2rs3lO18FcCqw6kd7Ih3e0tZ8uUG9UDv
qTDHTUHLAWvwrq38gKKAu2RMaU06A5kR87RcQiizxOwBIwiHuUWMU4/Hyx6fXsOD
hEs0O6AFDarNDZGee2amKTAyZpG5Ag0EZykTxQEQAOwGV1boBD3vDLsoAT62nGxb
SqXiBsObxnpWbNifOzM9BUGPOIpHsSH32PZGG/+LNjNdECfyyP1RysH5OT7j92Q8
vgRQoG3X985gbOjYyZc0xvAkTSvWxOiy5CuF3X8sJ3NSerQDXwjP9qVqLVj/3FB8
nka1HFS7KzC3Zo/kzCoxeZ3/hV3PTWIjcoJvtBSCKPZyOJxnRqWfi5BNJo3S2SR1
mxV967zawXiZ8MeeBl6rLhOfCBtz9g+bqrXZYoenuMn5Js2mcH0haYeMSV3UWIC4
kinzr1EJxs+L1/hVCVBNiiDc6DXcFXoz9ZVc9kjpZTOMoZVDkRkyOeen+5Sya9wK
4teLmDLME4+pgeHCS/Wa4KrYyEWe7NpG1VTkSJnRS+fyYGTWtwEiuwT6J9U0t1d5
hbxhM7YAhlnOEnNVmqa3Bq3yqJs9G/7gicZ7CIJ9JBHKTJzOnKfpGhxBSOgOoCOa
WW6uVCzDqfrYPmCUIKQmanB441xJFGuHVPMLBjVjswoMKGkK3gM6KMRCDYQ53u6s
FK+Jcl8HobBSezVIUKpKVX3IW9d506cE0FhSW/NvWJv0FIMVloyC2BpOjSWVgEwX
tk/m3SKPsgCAcCqzi7xlloR8+E9C2xci9cdGG5faghgSjaP6j0qDww/slRPQJc5A
DIeukkOYTCiSiDwQtblJABEBAAGJAjMEGAEIACcWIQRo0hgjNCoTaDrrPk77TGhb
XcHBPgUCZykTxQMbIAQFCQPCZwAAADcWD/4qJRLn7TcMtRMF43Yn+dX+O13YrxBC
T4n1QVmiPsGrUca4Vg1J+trV6IMsGrhktpiaV0qeL/km0h02m4gEDZKDyWWXdeWh
EXFaTVy9yCpSXUWJl5gSXTSwxrqBWyWLlLLk4UT9l9sk5mMdy0JA8unobV4M/eXQ
ggR11DL3ji7aO0hsqxyxXkJcawWjVGW5KL1EaoDKIJ/CwxOI5ipFueMIRQjQvw9A
o/w2fq11qVXY9zknk6pFkp/RDHLes+wVHDtebZfJ9xV7Mb1mf/k03dT56GaA/U3E
XvJ2FdgWR+zf+YMEa9MPDHYo2UNEvk9mOk247M8s+OeexdlkPgyKW5A8mtYuY/dR
j8W6C4pLcMWa+d/vIUpm5Guw0F5q0AWk9/FbBe9HLztEevvRnuHXmfTZeto/nCAi
Yg4pCj6p3JoN5CLebR8YtWm9AJBbX1kgVvqSU2VgwYIFsxBEz8Wu2h7z/eSCSeIg
ARFbTlJ6cBrRkXCVyhbv0LPWWUfAUqiEtdGxrA4Xx/jKrI02JjRdW/bZkXjSka8K
+cDlpcr9ixBWW5LkWsOdiL8jExfTGw25FA7Wd1HiHnBv36Mu/zb+0/I63d+fLq93
e3lmmVx9qQF8p5Okf4ojY9YoIHVkLS7t9AgFjm/ucmpEGbXxyPk2Cr3l+b5R41x3
dBW9kxiuWpZN3Q==
=iuRK
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----

View File

@ -1,14 +1,14 @@
%define ruby_inc %(pkg-config --cflags ruby) %define ruby_inc %(pkg-config --cflags ruby)
%define libsepolver 3.7-1 %define libsepolver 3.8-0
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 3.7 Version: 3.8
Release: 5%{?dist} Release: 0.rc1.1%{?dist}
License: LicenseRef-Fedora-Public-Domain License: LicenseRef-Fedora-Public-Domain
# https://github.com/SELinuxProject/selinux/wiki/Releases # https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc1/libselinux-%{version}-rc1.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz.asc Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc1/libselinux-%{version}-rc1.tar.gz.asc
Source2: https://github.com/bachradsusi.gpg Source2: https://github.com/bachradsusi.gpg
Source3: selinuxconlist.8 Source3: selinuxconlist.8
Source4: selinuxdefcon.8 Source4: selinuxdefcon.8
@ -16,17 +16,10 @@ Source4: selinuxdefcon.8
Url: https://github.com/SELinuxProject/selinux/wiki Url: https://github.com/SELinuxProject/selinux/wiki
# $ git clone https://github.com/fedora-selinux/selinux.git # $ git clone https://github.com/fedora-selinux/selinux.git
# $ cd selinux # $ cd selinux
# $ git format-patch -N 3.7 -- libselinux # $ git format-patch -N 3.8 -- libselinux
# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
# Patch list start # Patch list start
Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
Patch0002: 0002-libselinux-set-free-d-data-to-NULL.patch
Patch0003: 0003-libselinux-restorecon-Include-selinux-label.h.patch
Patch0004: 0004-libselinux-Fix-integer-comparison-issues-when-compil.patch
Patch0005: 0005-libselinux-deprecate-security_disable-3.patch
Patch0006: 0006-libselinux-fix-swig-bindings-for-4.3.0.patch
Patch0007: 0007-libselinux-setexecfilecon-Remove-useless-rc-check.patch
Patch0008: 0008-libselinux-matchpathcon-RESOURCE_LEAK-Variable-con.patch
# Patch list end # Patch list end
BuildRequires: gcc make BuildRequires: gcc make
BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel
@ -99,7 +92,7 @@ needed for developing SELinux applications.
%prep %prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p 2 -n libselinux-%{version} %autosetup -p 2 -n libselinux-%{version}-rc1
%build %build
export DISABLE_RPM="y" export DISABLE_RPM="y"
@ -197,6 +190,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%{_sbindir}/selinuxexeccon %{_sbindir}/selinuxexeccon
%{_sbindir}/selinuxenabled %{_sbindir}/selinuxenabled
%{_sbindir}/setenforce %{_sbindir}/setenforce
%{_sbindir}/selabel_compare
%{_sbindir}/selabel_digest %{_sbindir}/selabel_digest
%{_sbindir}/selabel_lookup %{_sbindir}/selabel_lookup
%{_sbindir}/selabel_lookup_best_match %{_sbindir}/selabel_lookup_best_match

View File

@ -1,2 +1,2 @@
SHA512 (libselinux-3.7.tar.gz) = e949c20b606c50ad521b9592ce55ad6658e8c4b24d9838028f5aba0a4fc762b6d0d0d0d207f5bef7a2e41485e12d91382fa6090df27152dbb40071b273419352 SHA512 (libselinux-3.8-rc1.tar.gz) = 16fbc4d903061f696b5396690da69b7bc18f158742c789ef70d543d51fe5015abc73d9205e3b147cec0d293a1448735e2b9e39edd562690156c946a0f53dcb38
SHA512 (libselinux-3.7.tar.gz.asc) = 5be2fdc0deda62f240276413d1b95a57d467fe989ddb31b34f7743cbd03d69385ac3321af10c97aded119ae5f0a4d8ec5894f8647a45f2902c0e8ff1e96787aa SHA512 (libselinux-3.8-rc1.tar.gz.asc) = 52e0fbf7e61fe6c67cfa2ca214bbf2cae94f016feeb3b317e8c4f6bffb9c2f3b93cfd425669c1c9fc97b35cdb77b2f153b11f9daa654817565aa40d76dc936f2