SELinux userspace 3.8-rc1 release
Resolves: RHEL-69451
This commit is contained in:
parent
de1d9f5fd5
commit
6d5c5e5819
2
.gitignore
vendored
2
.gitignore
vendored
@ -234,3 +234,5 @@ libselinux-2.0.96.tgz
|
|||||||
/libselinux-3.6.tar.gz
|
/libselinux-3.6.tar.gz
|
||||||
/libselinux-3.7.tar.gz
|
/libselinux-3.7.tar.gz
|
||||||
/libselinux-3.7.tar.gz.asc
|
/libselinux-3.7.tar.gz.asc
|
||||||
|
/libselinux-3.8-rc1.tar.gz
|
||||||
|
/libselinux-3.8-rc1.tar.gz.asc
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 4884c917237e53e34d3fc75dcf4f07217cfd7584 Mon Sep 17 00:00:00 2001
|
From 4780b755bb1171f5aa4cd7545535839d451a2070 Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Fri, 30 Jul 2021 14:14:37 +0200
|
Date: Fri, 30 Jul 2021 14:14:37 +0200
|
||||||
Subject: [PATCH] Use SHA-2 instead of SHA-1
|
Subject: [PATCH] Use SHA-2 instead of SHA-1
|
||||||
@ -51,10 +51,10 @@ index ce189a3ae2fe..ce77d32dfed1 100644
|
|||||||
* @num_specfiles: number of specfiles in the list.
|
* @num_specfiles: number of specfiles in the list.
|
||||||
*
|
*
|
||||||
diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h
|
diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h
|
||||||
index b10fe684eff9..8df4744505b3 100644
|
index 5be6542c2a91..210f65fdb709 100644
|
||||||
--- a/libselinux/include/selinux/restorecon.h
|
--- a/libselinux/include/selinux/restorecon.h
|
||||||
+++ b/libselinux/include/selinux/restorecon.h
|
+++ b/libselinux/include/selinux/restorecon.h
|
||||||
@@ -41,8 +41,8 @@ extern int selinux_restorecon_parallel(const char *pathname,
|
@@ -43,8 +43,8 @@ extern int selinux_restorecon_parallel(const char *pathname,
|
||||||
* restorecon_flags options
|
* restorecon_flags options
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
@ -198,10 +198,10 @@ index 41cfbdca490c..658a4c3d80e0 100644
|
|||||||
endif
|
endif
|
||||||
|
|
||||||
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
|
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
|
||||||
index 2732972e61cf..6c6fe328b353 100644
|
index 189a5ed26eb7..312bb584d6b4 100644
|
||||||
--- a/libselinux/src/label_file.c
|
--- a/libselinux/src/label_file.c
|
||||||
+++ b/libselinux/src/label_file.c
|
+++ b/libselinux/src/label_file.c
|
||||||
@@ -1105,7 +1105,7 @@ static struct spec *lookup_common(struct selabel_handle *rec,
|
@@ -1780,7 +1780,7 @@ static struct lookup_result *lookup_common(struct selabel_handle *rec,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Returns true if the digest of all partial matched contexts is the same as
|
* Returns true if the digest of all partial matched contexts is the same as
|
||||||
@ -210,7 +210,7 @@ index 2732972e61cf..6c6fe328b353 100644
|
|||||||
* digest will always be returned. The caller must free any returned digests.
|
* digest will always be returned. The caller must free any returned digests.
|
||||||
*/
|
*/
|
||||||
static bool get_digests_all_partial_matches(struct selabel_handle *rec,
|
static bool get_digests_all_partial_matches(struct selabel_handle *rec,
|
||||||
@@ -1114,39 +1114,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
|
@@ -1789,39 +1789,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
|
||||||
uint8_t **xattr_digest,
|
uint8_t **xattr_digest,
|
||||||
size_t *digest_len)
|
size_t *digest_len)
|
||||||
{
|
{
|
||||||
@ -261,7 +261,7 @@ index 2732972e61cf..6c6fe328b353 100644
|
|||||||
return true;
|
return true;
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
@@ -1166,22 +1166,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key
|
@@ -1840,22 +1840,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -269,17 +269,17 @@ index 2732972e61cf..6c6fe328b353 100644
|
|||||||
- Sha1Initialise(&context);
|
- Sha1Initialise(&context);
|
||||||
+ Sha256Context context;
|
+ Sha256Context context;
|
||||||
+ Sha256Initialise(&context);
|
+ Sha256Initialise(&context);
|
||||||
size_t i;
|
|
||||||
for (i = 0; i < total_matches; i++) {
|
for (const struct lookup_result *m = matches; m; m = m->next) {
|
||||||
char* regex_str = matches[i]->regex_str;
|
const char* regex_str = m->regex_str;
|
||||||
mode_t mode = matches[i]->mode;
|
uint8_t file_kind = m->file_kind;
|
||||||
char* ctx_raw = matches[i]->lr.ctx_raw;
|
const char* ctx_raw = m->lr->ctx_raw;
|
||||||
|
|
||||||
- Sha1Update(&context, regex_str, strlen(regex_str) + 1);
|
- Sha1Update(&context, regex_str, strlen(regex_str) + 1);
|
||||||
- Sha1Update(&context, &mode, sizeof(mode_t));
|
- Sha1Update(&context, &file_kind, sizeof(file_kind));
|
||||||
- Sha1Update(&context, ctx_raw, strlen(ctx_raw) + 1);
|
- Sha1Update(&context, ctx_raw, strlen(ctx_raw) + 1);
|
||||||
+ Sha256Update(&context, regex_str, strlen(regex_str) + 1);
|
+ Sha256Update(&context, regex_str, strlen(regex_str) + 1);
|
||||||
+ Sha256Update(&context, &mode, sizeof(mode_t));
|
+ Sha256Update(&context, &file_kind, sizeof(file_kind));
|
||||||
+ Sha256Update(&context, ctx_raw, strlen(ctx_raw) + 1);
|
+ Sha256Update(&context, ctx_raw, strlen(ctx_raw) + 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -290,10 +290,10 @@ index 2732972e61cf..6c6fe328b353 100644
|
|||||||
+ Sha256Finalise(&context, &sha256_hash);
|
+ Sha256Finalise(&context, &sha256_hash);
|
||||||
+ memcpy(digest, sha256_hash.bytes, SHA256_HASH_SIZE);
|
+ memcpy(digest, sha256_hash.bytes, SHA256_HASH_SIZE);
|
||||||
|
|
||||||
free(matches);
|
free_lookup_result(matches);
|
||||||
return true;
|
return true;
|
||||||
diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
|
diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
|
||||||
index ea60cd9a058f..77ac8173c7a9 100644
|
index 743dbf9472cf..4180df92f405 100644
|
||||||
--- a/libselinux/src/label_internal.h
|
--- a/libselinux/src/label_internal.h
|
||||||
+++ b/libselinux/src/label_internal.h
|
+++ b/libselinux/src/label_internal.h
|
||||||
@@ -13,7 +13,7 @@
|
@@ -13,7 +13,7 @@
|
||||||
@ -324,7 +324,7 @@ index ea60cd9a058f..77ac8173c7a9 100644
|
|||||||
unsigned char *hashbuf; /* buffer to hold specfiles */
|
unsigned char *hashbuf; /* buffer to hold specfiles */
|
||||||
size_t hashbuf_size; /* buffer size */
|
size_t hashbuf_size; /* buffer size */
|
||||||
size_t specfile_cnt; /* how many specfiles processed */
|
size_t specfile_cnt; /* how many specfiles processed */
|
||||||
@@ -110,7 +110,7 @@ struct selabel_handle {
|
@@ -111,7 +111,7 @@ struct selabel_handle {
|
||||||
*/
|
*/
|
||||||
char *spec_file;
|
char *spec_file;
|
||||||
|
|
||||||
@ -334,10 +334,10 @@ index ea60cd9a058f..77ac8173c7a9 100644
|
|||||||
};
|
};
|
||||||
|
|
||||||
diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c
|
diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c
|
||||||
index f7ab9292562e..1c3c1728f6ba 100644
|
index 978ba828c159..daba26941ae7 100644
|
||||||
--- a/libselinux/src/label_support.c
|
--- a/libselinux/src/label_support.c
|
||||||
+++ b/libselinux/src/label_support.c
|
+++ b/libselinux/src/label_support.c
|
||||||
@@ -114,7 +114,7 @@ int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...)
|
@@ -120,7 +120,7 @@ int read_spec_entries(char *line_buf, size_t nread, const char **errbuf, int nu
|
||||||
/* Once all the specfiles are in the hash_buf, generate the hash. */
|
/* Once all the specfiles are in the hash_buf, generate the hash. */
|
||||||
void digest_gen_hash(struct selabel_digest *digest)
|
void digest_gen_hash(struct selabel_digest *digest)
|
||||||
{
|
{
|
||||||
@ -346,7 +346,7 @@ index f7ab9292562e..1c3c1728f6ba 100644
|
|||||||
size_t remaining_size;
|
size_t remaining_size;
|
||||||
const unsigned char *ptr;
|
const unsigned char *ptr;
|
||||||
|
|
||||||
@@ -122,19 +122,19 @@ void digest_gen_hash(struct selabel_digest *digest)
|
@@ -128,19 +128,19 @@ void digest_gen_hash(struct selabel_digest *digest)
|
||||||
if (!digest)
|
if (!digest)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
@ -371,7 +371,7 @@ index f7ab9292562e..1c3c1728f6ba 100644
|
|||||||
digest->hashbuf = NULL;
|
digest->hashbuf = NULL;
|
||||||
}
|
}
|
||||||
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
|
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
|
||||||
index acb729c8ad96..2422b415008e 100644
|
index bc6ed935a4ad..93bd7779249b 100644
|
||||||
--- a/libselinux/src/selinux_restorecon.c
|
--- a/libselinux/src/selinux_restorecon.c
|
||||||
+++ b/libselinux/src/selinux_restorecon.c
|
+++ b/libselinux/src/selinux_restorecon.c
|
||||||
@@ -37,7 +37,7 @@
|
@@ -37,7 +37,7 @@
|
||||||
@ -1358,5 +1358,5 @@ index e2733b4195ff..98e533dc2692 100644
|
|||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
--
|
--
|
||||||
2.45.2
|
2.47.0
|
||||||
|
|
||||||
|
@ -1,78 +0,0 @@
|
|||||||
From bd6a803553a82238a9f618d1bb22f288682f8195 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <lautrbach@redhat.com>
|
|
||||||
Date: Tue, 9 Jul 2024 21:13:36 +0200
|
|
||||||
Subject: [PATCH] libselinux: set free'd data to NULL
|
|
||||||
Content-type: text/plain
|
|
||||||
|
|
||||||
Fixes segfault in selabel_open() on systems with SELinux disabled and without any
|
|
||||||
SELinux policy installed introduced by commit 5876aca0484f ("libselinux: free
|
|
||||||
data on selabel open failure"):
|
|
||||||
|
|
||||||
$ sestatus
|
|
||||||
SELinux status: disabled
|
|
||||||
|
|
||||||
$ cat /etc/selinux/config
|
|
||||||
cat: /etc/selinux/config: No such file or directory
|
|
||||||
|
|
||||||
$ matchpathcon /abc
|
|
||||||
[1] 907999 segmentation fault (core dumped) matchpathcon /abc
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
|
||||||
---
|
|
||||||
libselinux/src/label_backends_android.c | 1 +
|
|
||||||
libselinux/src/label_file.c | 1 +
|
|
||||||
libselinux/src/label_media.c | 1 +
|
|
||||||
libselinux/src/label_x.c | 1 +
|
|
||||||
4 files changed, 4 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c
|
|
||||||
index 49a87686de4c..5bad24f20d73 100644
|
|
||||||
--- a/libselinux/src/label_backends_android.c
|
|
||||||
+++ b/libselinux/src/label_backends_android.c
|
|
||||||
@@ -260,6 +260,7 @@ static void closef(struct selabel_handle *rec)
|
|
||||||
free(data->spec_arr);
|
|
||||||
|
|
||||||
free(data);
|
|
||||||
+ rec->data = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
static struct selabel_lookup_rec *property_lookup(struct selabel_handle *rec,
|
|
||||||
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
|
|
||||||
index 6c6fe328b353..87dbd0e90f2b 100644
|
|
||||||
--- a/libselinux/src/label_file.c
|
|
||||||
+++ b/libselinux/src/label_file.c
|
|
||||||
@@ -942,6 +942,7 @@ static void closef(struct selabel_handle *rec)
|
|
||||||
free(last_area);
|
|
||||||
}
|
|
||||||
free(data);
|
|
||||||
+ rec->data = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Finds all the matches of |key| in the given context. Returns the result in
|
|
||||||
diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c
|
|
||||||
index 852aeada8ff4..bae065c12a55 100644
|
|
||||||
--- a/libselinux/src/label_media.c
|
|
||||||
+++ b/libselinux/src/label_media.c
|
|
||||||
@@ -183,6 +183,7 @@ static void close(struct selabel_handle *rec)
|
|
||||||
free(spec_arr);
|
|
||||||
|
|
||||||
free(data);
|
|
||||||
+ rec->data = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
|
|
||||||
diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c
|
|
||||||
index a8decc7a0093..ddae4f6c22b6 100644
|
|
||||||
--- a/libselinux/src/label_x.c
|
|
||||||
+++ b/libselinux/src/label_x.c
|
|
||||||
@@ -210,6 +210,7 @@ static void close(struct selabel_handle *rec)
|
|
||||||
free(spec_arr);
|
|
||||||
|
|
||||||
free(data);
|
|
||||||
+ rec->data = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
@ -1,48 +0,0 @@
|
|||||||
From b0d8e4c5d6f1652cb103305f773ad5fae8a91304 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Fri, 26 Jul 2024 17:59:15 +0200
|
|
||||||
Subject: [PATCH] libselinux/restorecon: Include <selinux/label.h>
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
restorecon.h uses types defined in label.h, so it needs to include
|
|
||||||
label.h (or code using restorecon.h also needs to include label.h,
|
|
||||||
which is not practical).
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
$ make DESTDIR=~/obj install > make.out
|
|
||||||
In file included from semanage_store.c:39:
|
|
||||||
/home/sdsmall/obj/usr/include/selinux/restorecon.h:137:52: error:
|
|
||||||
‘struct selabel_handle’ declared inside parameter list will not be
|
|
||||||
visible outside of this definition or declaration [-Werror]
|
|
||||||
137 | extern void selinux_restorecon_set_sehandle(struct
|
|
||||||
selabel_handle *hndl);
|
|
||||||
| ^~~~~~~~~~~~~~
|
|
||||||
cc1: all warnings being treated as errors
|
|
||||||
make[2]: *** [Makefile:111: semanage_store.o] Error 1
|
|
||||||
make[1]: *** [Makefile:15: install] Error 2
|
|
||||||
make: *** [Makefile:40: install] Error 1
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
|
||||||
---
|
|
||||||
libselinux/include/selinux/restorecon.h | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h
|
|
||||||
index 8df47445..210f65fd 100644
|
|
||||||
--- a/libselinux/include/selinux/restorecon.h
|
|
||||||
+++ b/libselinux/include/selinux/restorecon.h
|
|
||||||
@@ -1,6 +1,8 @@
|
|
||||||
#ifndef _RESTORECON_H_
|
|
||||||
#define _RESTORECON_H_
|
|
||||||
|
|
||||||
+#include <selinux/label.h>
|
|
||||||
+
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <stddef.h>
|
|
||||||
#include <stdarg.h>
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
@ -1,62 +0,0 @@
|
|||||||
From c89965eb2854db11b7b484b171beae092476ef0b Mon Sep 17 00:00:00 2001
|
|
||||||
From: James Carter <jwcart2@gmail.com>
|
|
||||||
Date: Mon, 1 Jul 2024 14:27:32 -0400
|
|
||||||
Subject: [PATCH] libselinux: Fix integer comparison issues when compiling for
|
|
||||||
32-bit
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Trying to compile libselinux for 32-bit produces the following error:
|
|
||||||
|
|
||||||
selinux_restorecon.c:1194:31: error: comparison of integer expressions of different signedness: ‘__fsword_t’ {aka ‘int’} and ‘unsigned int’ [-Werror=sign-compare]
|
|
||||||
1194 | if (state.sfsb.f_type == RAMFS_MAGIC || state.sfsb.f_type == TMPFS_MAGIC ||
|
|
||||||
| ^~
|
|
||||||
|
|
||||||
Since RAMFS_MAGIC = 0x858458f6 == 2240043254, which > 2^31, but < 2^32,
|
|
||||||
cast both as uint32_t for the comparison.
|
|
||||||
|
|
||||||
Reported-by: Daniel Schepler
|
|
||||||
Signed-off-by: James Carter <jwcart2@gmail.com>
|
|
||||||
Reviewed-by: Christian Göttsche <cgzones@googlemail.com>
|
|
||||||
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
|
||||||
---
|
|
||||||
libselinux/src/selinux_restorecon.c | 8 ++++----
|
|
||||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
|
|
||||||
index 2422b415..93bd7779 100644
|
|
||||||
--- a/libselinux/src/selinux_restorecon.c
|
|
||||||
+++ b/libselinux/src/selinux_restorecon.c
|
|
||||||
@@ -1191,8 +1191,8 @@ static int selinux_restorecon_common(const char *pathname_orig,
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Skip digest on in-memory filesystems and /sys */
|
|
||||||
- if (state.sfsb.f_type == RAMFS_MAGIC || state.sfsb.f_type == TMPFS_MAGIC ||
|
|
||||||
- state.sfsb.f_type == SYSFS_MAGIC)
|
|
||||||
+ if ((uint32_t)state.sfsb.f_type == (uint32_t)RAMFS_MAGIC ||
|
|
||||||
+ state.sfsb.f_type == TMPFS_MAGIC || state.sfsb.f_type == SYSFS_MAGIC)
|
|
||||||
state.setrestorecondigest = false;
|
|
||||||
|
|
||||||
if (state.flags.set_xdev)
|
|
||||||
@@ -1490,7 +1490,7 @@ int selinux_restorecon_xattr(const char *pathname, unsigned int xattr_flags,
|
|
||||||
|
|
||||||
if (!recurse) {
|
|
||||||
if (statfs(pathname, &sfsb) == 0) {
|
|
||||||
- if (sfsb.f_type == RAMFS_MAGIC ||
|
|
||||||
+ if ((uint32_t)sfsb.f_type == (uint32_t)RAMFS_MAGIC ||
|
|
||||||
sfsb.f_type == TMPFS_MAGIC)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
@@ -1525,7 +1525,7 @@ int selinux_restorecon_xattr(const char *pathname, unsigned int xattr_flags,
|
|
||||||
continue;
|
|
||||||
case FTS_D:
|
|
||||||
if (statfs(ftsent->fts_path, &sfsb) == 0) {
|
|
||||||
- if (sfsb.f_type == RAMFS_MAGIC ||
|
|
||||||
+ if ((uint32_t)sfsb.f_type == (uint32_t)RAMFS_MAGIC ||
|
|
||||||
sfsb.f_type == TMPFS_MAGIC)
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
@ -1,95 +0,0 @@
|
|||||||
From b4b002ffef9431cc3af8409a32e243cd7b057feb Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
||||||
Date: Sun, 23 Jun 2024 14:26:04 +0200
|
|
||||||
Subject: [PATCH] libselinux: deprecate security_disable(3)
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
The runtime disable functionality has been removed in Linux 6.4. Thus
|
|
||||||
security_disable(3) will no longer work on these kernels.
|
|
||||||
|
|
||||||
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
|
||||||
Acked-by: James Carter <jwcart2@gmail.com>
|
|
||||||
---
|
|
||||||
libselinux/include/selinux/selinux.h | 6 +++++-
|
|
||||||
libselinux/man/man3/security_disable.3 | 3 ++-
|
|
||||||
libselinux/src/load_policy.c | 2 ++
|
|
||||||
libselinux/src/selinux_internal.h | 18 ++++++++++++++++++
|
|
||||||
4 files changed, 27 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
|
|
||||||
index 61c1422b..1318a66a 100644
|
|
||||||
--- a/libselinux/include/selinux/selinux.h
|
|
||||||
+++ b/libselinux/include/selinux/selinux.h
|
|
||||||
@@ -367,7 +367,11 @@ extern int security_deny_unknown(void);
|
|
||||||
/* Get the checkreqprot value */
|
|
||||||
extern int security_get_checkreqprot(void);
|
|
||||||
|
|
||||||
-/* Disable SELinux at runtime (must be done prior to initial policy load). */
|
|
||||||
+/* Disable SELinux at runtime (must be done prior to initial policy load).
|
|
||||||
+ Unsupported since Linux 6.4. */
|
|
||||||
+#ifdef __GNUC__
|
|
||||||
+__attribute__ ((deprecated))
|
|
||||||
+#endif
|
|
||||||
extern int security_disable(void);
|
|
||||||
|
|
||||||
/* Get the policy version number. */
|
|
||||||
diff --git a/libselinux/man/man3/security_disable.3 b/libselinux/man/man3/security_disable.3
|
|
||||||
index 072923ce..5ad8b778 100644
|
|
||||||
--- a/libselinux/man/man3/security_disable.3
|
|
||||||
+++ b/libselinux/man/man3/security_disable.3
|
|
||||||
@@ -14,7 +14,8 @@ disables the SELinux kernel code, unregisters selinuxfs from
|
|
||||||
and then unmounts
|
|
||||||
.IR /sys/fs/selinux .
|
|
||||||
.sp
|
|
||||||
-This function can only be called at runtime and prior to the initial policy
|
|
||||||
+This function is only supported on Linux 6.3 and earlier, and can only be
|
|
||||||
+called at runtime and prior to the initial policy
|
|
||||||
load. After the initial policy load, the SELinux kernel code cannot be disabled,
|
|
||||||
but only placed in "permissive" mode by using
|
|
||||||
.BR security_setenforce(3).
|
|
||||||
diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
|
|
||||||
index 57d7aaef..dc1e4b6e 100644
|
|
||||||
--- a/libselinux/src/load_policy.c
|
|
||||||
+++ b/libselinux/src/load_policy.c
|
|
||||||
@@ -326,7 +326,9 @@ int selinux_init_load_policy(int *enforce)
|
|
||||||
|
|
||||||
if (seconfig == -1) {
|
|
||||||
/* Runtime disable of SELinux. */
|
|
||||||
+ IGNORE_DEPRECATED_DECLARATION_BEGIN
|
|
||||||
rc = security_disable();
|
|
||||||
+ IGNORE_DEPRECATED_DECLARATION_END
|
|
||||||
if (rc == 0) {
|
|
||||||
/* Successfully disabled, so umount selinuxfs too. */
|
|
||||||
umount(selinux_mnt);
|
|
||||||
diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
|
|
||||||
index b134808e..450a42c2 100644
|
|
||||||
--- a/libselinux/src/selinux_internal.h
|
|
||||||
+++ b/libselinux/src/selinux_internal.h
|
|
||||||
@@ -113,4 +113,22 @@ void *reallocarray(void *ptr, size_t nmemb, size_t size);
|
|
||||||
#define ignore_unsigned_overflow_
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+/* Ignore usage of deprecated declaration */
|
|
||||||
+#ifdef __clang__
|
|
||||||
+#define IGNORE_DEPRECATED_DECLARATION_BEGIN \
|
|
||||||
+ _Pragma("clang diagnostic push") \
|
|
||||||
+ _Pragma("clang diagnostic ignored \"-Wdeprecated-declarations\"")
|
|
||||||
+#define IGNORE_DEPRECATED_DECLARATION_END \
|
|
||||||
+ _Pragma("clang diagnostic pop")
|
|
||||||
+#elif defined __GNUC__
|
|
||||||
+#define IGNORE_DEPRECATED_DECLARATION_BEGIN \
|
|
||||||
+ _Pragma("GCC diagnostic push") \
|
|
||||||
+ _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"")
|
|
||||||
+#define IGNORE_DEPRECATED_DECLARATION_END \
|
|
||||||
+ _Pragma("GCC diagnostic pop")
|
|
||||||
+#else
|
|
||||||
+#define IGNORE_DEPRECATED_DECLARATION_BEGIN
|
|
||||||
+#define IGNORE_DEPRECATED_DECLARATION_END
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
#endif /* SELINUX_INTERNAL_H_ */
|
|
||||||
--
|
|
||||||
2.46.0
|
|
||||||
|
|
@ -1,86 +0,0 @@
|
|||||||
From 2ce1276a0476c7c44d3dad0423f1fde3a0f6d2ce Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <lautrbach@redhat.com>
|
|
||||||
Date: Wed, 16 Oct 2024 19:57:10 +0200
|
|
||||||
Subject: [PATCH] libselinux: fix swig bindings for 4.3.0
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
Content-type: text/plain
|
|
||||||
|
|
||||||
https://github.com/swig/swig/blob/master/CHANGES.current
|
|
||||||
|
|
||||||
"[Python] #2907 Fix returning null from functions with output
|
|
||||||
parameters. Ensures OUTPUT and INOUT typemaps are handled
|
|
||||||
consistently wrt return type.
|
|
||||||
|
|
||||||
New declaration of SWIG_Python_AppendOutput is now:
|
|
||||||
|
|
||||||
SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void);
|
|
||||||
|
|
||||||
The 3rd parameter is new and the new $isvoid special variable
|
|
||||||
should be passed to it, indicating whether or not the wrapped
|
|
||||||
function returns void.
|
|
||||||
|
|
||||||
Also consider replacing with:
|
|
||||||
|
|
||||||
SWIG_AppendOutput(PyObject* result, PyObject* obj);
|
|
||||||
|
|
||||||
which calls SWIG_Python_AppendOutput with same parameters but adding $isvoid
|
|
||||||
for final parameter."
|
|
||||||
|
|
||||||
Fixes: https://github.com/SELinuxProject/selinux/issues/447
|
|
||||||
|
|
||||||
selinuxswig_python_wrap.c: In function ‘_wrap_security_compute_user’:
|
|
||||||
selinuxswig_python_wrap.c:11499:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’
|
|
||||||
11499 | resultobj = SWIG_Python_AppendOutput(resultobj, plist);
|
|
||||||
| ^~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
selinuxswig_python_wrap.c:1248:1: note: declared here
|
|
||||||
1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) {
|
|
||||||
| ^~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
selinuxswig_python_wrap.c: In function ‘_wrap_security_compute_user_raw’:
|
|
||||||
selinuxswig_python_wrap.c:11570:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’
|
|
||||||
11570 | resultobj = SWIG_Python_AppendOutput(resultobj, plist);
|
|
||||||
| ^~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
selinuxswig_python_wrap.c:1248:1: note: declared here
|
|
||||||
1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) {
|
|
||||||
| ^~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
selinuxswig_python_wrap.c: In function ‘_wrap_security_get_boolean_names’:
|
|
||||||
selinuxswig_python_wrap.c:12470:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’
|
|
||||||
12470 | resultobj = SWIG_Python_AppendOutput(resultobj, list);
|
|
||||||
| ^~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
selinuxswig_python_wrap.c:1248:1: note: declared here
|
|
||||||
1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) {
|
|
||||||
| ^~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
error: command '/usr/bin/gcc' failed with exit code 1
|
|
||||||
|
|
||||||
Suggested-by: Jitka Plesnikova <jplesnik@redhat.com>
|
|
||||||
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
|
||||||
---
|
|
||||||
libselinux/src/selinuxswig_python.i | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
|
|
||||||
index 17e03b9e36a5..03ed296d5b85 100644
|
|
||||||
--- a/libselinux/src/selinuxswig_python.i
|
|
||||||
+++ b/libselinux/src/selinuxswig_python.i
|
|
||||||
@@ -71,7 +71,7 @@ def install(src, dest):
|
|
||||||
for (i = 0; i < *$2; i++) {
|
|
||||||
PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
|
|
||||||
}
|
|
||||||
- $result = SWIG_Python_AppendOutput($result, list);
|
|
||||||
+ $result = SWIG_AppendOutput($result, list);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* return a sid along with the result */
|
|
||||||
@@ -108,7 +108,7 @@ def install(src, dest):
|
|
||||||
plist = PyList_New(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
- $result = SWIG_Python_AppendOutput($result, plist);
|
|
||||||
+ $result = SWIG_AppendOutput($result, plist);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Makes functions in get_context_list.h return a Python list of contexts */
|
|
||||||
--
|
|
||||||
2.47.0
|
|
||||||
|
|
@ -1,37 +0,0 @@
|
|||||||
From edce1de156f1daa71875e210c1d55ad8d3aefc90 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Fri, 25 Oct 2024 20:30:13 +0200
|
|
||||||
Subject: [PATCH] libselinux/setexecfilecon: Remove useless rc check
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
Error: IDENTICAL_BRANCHES (CWE-398):
|
|
||||||
libselinux-3.6/src/setexecfilecon.c:45: implicit_else: The code from the above if-then branch is identical to the code after the if statement.
|
|
||||||
libselinux-3.6/src/setexecfilecon.c:43: identical_branches: The same code is executed when the condition "rc < 0" is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed?
|
|
||||||
\# 41|
|
|
||||||
\# 42| rc = setexeccon(newcon);
|
|
||||||
\# 43|-> if (rc < 0)
|
|
||||||
\# 44| goto out;
|
|
||||||
\# 45| out:
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Acked-by: James Carter <jwcart2@gmail.com>
|
|
||||||
---
|
|
||||||
libselinux/src/setexecfilecon.c | 2 --
|
|
||||||
1 file changed, 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/setexecfilecon.c b/libselinux/src/setexecfilecon.c
|
|
||||||
index 2c6505a9..4b31e775 100644
|
|
||||||
--- a/libselinux/src/setexecfilecon.c
|
|
||||||
+++ b/libselinux/src/setexecfilecon.c
|
|
||||||
@@ -40,8 +40,6 @@ int setexecfilecon(const char *filename, const char *fallback_type)
|
|
||||||
}
|
|
||||||
|
|
||||||
rc = setexeccon(newcon);
|
|
||||||
- if (rc < 0)
|
|
||||||
- goto out;
|
|
||||||
out:
|
|
||||||
|
|
||||||
if (rc < 0 && security_getenforce() == 0)
|
|
||||||
--
|
|
||||||
2.47.0
|
|
||||||
|
|
@ -1,40 +0,0 @@
|
|||||||
From 48bfb96d452a6893010977325940ca17619c207c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Fri, 25 Oct 2024 20:30:14 +0200
|
|
||||||
Subject: [PATCH] libselinux/matchpathcon: RESOURCE_LEAK: Variable "con"
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
Error: RESOURCE_LEAK (CWE-772):
|
|
||||||
libselinux-3.6/src/matchpathcon.c:519: alloc_arg: "lgetfilecon_raw" allocates memory that is stored into "con". [Note: The source code implementation of the function has been overridden by a user model.]
|
|
||||||
libselinux-3.6/src/matchpathcon.c:528: leaked_storage: Variable "con" going out of scope leaks the storage it points to.
|
|
||||||
\# 526|
|
|
||||||
\# 527| if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
|
|
||||||
\# 528|-> return -1;
|
|
||||||
\# 529|
|
|
||||||
\# 530| if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) {
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Acked-by: James Carter <jwcart2@gmail.com>
|
|
||||||
---
|
|
||||||
libselinux/src/matchpathcon.c | 4 +++-
|
|
||||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
|
|
||||||
index e44734c3..967520e4 100644
|
|
||||||
--- a/libselinux/src/matchpathcon.c
|
|
||||||
+++ b/libselinux/src/matchpathcon.c
|
|
||||||
@@ -524,8 +524,10 @@ int selinux_file_context_verify(const char *path, mode_t mode)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
|
|
||||||
+ if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0)){
|
|
||||||
+ freecon(con);
|
|
||||||
return -1;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) {
|
|
||||||
if (errno != ENOENT)
|
|
||||||
--
|
|
||||||
2.47.0
|
|
||||||
|
|
121
bachradsusi.gpg
121
bachradsusi.gpg
@ -316,6 +316,123 @@ kAIi0B1szn0K13qRqBIwjnWL+orP1KLzvczCH6yD0FZY90CDdMtM0VB6AqT4BFh6
|
|||||||
5+ygjA4YiA7fFYBm8510ybUcNfzU3gUIJ5pF8MdGizO54tCPSK6U+iVRY4qfCFdu
|
5+ygjA4YiA7fFYBm8510ybUcNfzU3gUIJ5pF8MdGizO54tCPSK6U+iVRY4qfCFdu
|
||||||
IiOZ7FUUn78VIxQUMYMrozy7kn/0PQZa7KKRbXJ8sg0sgrQapwpgUjdMwuYZPGGv
|
IiOZ7FUUn78VIxQUMYMrozy7kn/0PQZa7KKRbXJ8sg0sgrQapwpgUjdMwuYZPGGv
|
||||||
1Jw5/+WUGWMbGxmlpHcEOmsPZpITH557M/kHyk9Ud0iKwciBI2mGLxiafCuLrUY4
|
1Jw5/+WUGWMbGxmlpHcEOmsPZpITH557M/kHyk9Ud0iKwciBI2mGLxiafCuLrUY4
|
||||||
TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfg==
|
TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfpkCDQRnKRF7ARAAo5H9/6cStbyjWFeb
|
||||||
=I8Dr
|
G6qDn6pT+4v1rlbRZo0rYwWkDmEAjOZMRC9SJipTCdQeNFlv6HEiiCvl3bmZIqrZ
|
||||||
|
+zvLI6U1+2dH7k06xNqIFLTV0zbr+tUkOwspg5nr59KsuNP01WBS0ELzunO/zHj+
|
||||||
|
BOEdPg1KvB0IQFtqAwaAfuny67YvTr9O7Yz07ZCfTxPtHf6FJ80FPeRa0LoZYnW4
|
||||||
|
UmSGtm1f59VD9+qe4yhRtNanamXUKjf8BTw0rQwjoJhVT5Mg0Z6hW6fhFrD57Lgd
|
||||||
|
8fBi5ZHHUlR4z1+nqGCUoHlHjc0JVyK8j8fofKafow/79ITaOqBzv+P3psY9ecBg
|
||||||
|
7wGaOHrqzRzRxAfKYRO2IaFHRGnsEE8FnwSEL00uPVxpiiTavrLJFEjku9GmP3OY
|
||||||
|
3rbwIPXbw1m9mZG1yAVbSEEf58WSWeoBp0O6qrwAdIbdgUX4BkQ8bX5MtUjXp5tm
|
||||||
|
0StmjQiZ7O91cg0VuWtrfj/I4E3xtloNzhtG2QLI4s7iAL1orhClxEuZRO9alUCS
|
||||||
|
cnRvhmw2Dh6sB6i56evcZdUFwxMXOByxfWr0fxX4QlR8jYqMPj7UMNj2PccTBOQX
|
||||||
|
umIW2cdGEeni9vrE9cLfZRSNCwPWAXWtr1zQW54Jx5DjCGHobQk53Z7kE+MZVAje
|
||||||
|
gOaT0u50cljBNfJootuln4+gbGMAEQEAAbQlUGV0ciBMYXV0cmJhY2ggPGxhdXRy
|
||||||
|
YmFjaEByZWRoYXQuY29tPokCVwQTAQgAQRYhBGjSGCM0KhNoOus+TvtMaFtdwcE+
|
||||||
|
BQJnKRF7AhsDBQkDwmcABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEPtM
|
||||||
|
aFtdwcE+doMQAI5mnNA8aH0dfeOZnz/NrMwY6H7jK/+lYatCx05e1TfK+zz9feRK
|
||||||
|
sxgP3Pjj0p9igo3jIdPcN5/YnlmVEeplDmSiKOOdendviy+sA8sukMo07Q+m1pYW
|
||||||
|
NzFtyiZd+c44mp9I1l7h6rktIY9XDedrlAkNog1VlUet9eNpmgXt2OmJNDmYftWc
|
||||||
|
KIpyw/ZLaubjRcAmxwsn7I6dWnT66Ffg9H8trcRlWipVWP8imO0EIpwC8RbhuNgk
|
||||||
|
xjt/cVf3CEpzokF4n0k3nqYmt90NNtGc0kG5QAlTvlUuHpNWzuzvdAPtMy3KEaXI
|
||||||
|
fu3IEZeIKCxSgWXTm7zRKUn0F6jKAsLXhK/WOA1Aa7NdAUwMxrEndfNoqBrusaLD
|
||||||
|
lpzWU7USv2YT+Pf3aQ7u1szg2J8V5eqRP+E8wwe54RNCgQrcDgUq5abyncsvull3
|
||||||
|
GqJvzvZC7/Q3Th/g5Wc+dRaGBz0O9FBuRPQwjrnB932xW1fDf17cScpVKAvV/jwn
|
||||||
|
tpWXf7nSv2M0o9fihnTBl4d2c2EBKtTdp5W0IpeRl5uLad3AYoouP6RoZ+/Id/Zg
|
||||||
|
NeaQKH/ZlCxk5S9GLzYhm665ysOYRkh7NfoThRtvAqAeDcTKWGDG1nQok2KKOSyq
|
||||||
|
S81PT2AlMz7A26R0vsH/9lQ1uZFIhIGbxZXlGERZwXd1s+lgfWTbB5K+iQIzBBAB
|
||||||
|
CAAdFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmcpGAUACgkQvDkF8jUXnPFdGQ/+
|
||||||
|
L7uA7EMB+Yh0urhZuOltZSNtge6b+UbLZTd8DRsf044e+Z0NJWdQ2saLBptGhIcn
|
||||||
|
as4Qd0gS+QkWB7lMrJ31uux15ZBjFsGtyqK+VoH8JIPvV8Mr5XojqA+UYUpXP6ns
|
||||||
|
ILrdkUvNzpeA51IxYuVMWcut8SUVYzjD11YG1P8LFzydsImaYe7se+RE85F3/2Po
|
||||||
|
kZNe0d0Gh36uyfJSND80XrrxLpROgabQgHNG0drL/DHjdoa3F0V5EUoG7NBwUrmB
|
||||||
|
RlWKYCLUFfW+8mQn6RVK8JIV9WaHrzi/KAZLonZb5dCjO0e+Ol16pyUofLA8SN7B
|
||||||
|
aqjens8ho297GtE3darkXmj5p3p4YPur/D+oZCNIH+BYMsht46VtE3v6V10P8KA2
|
||||||
|
6MgNo5qME1Q0kC1DUYi68cPeDgrQBMWa+nF+m9i2aGeAyi3qDhZu03JLhOYAhv45
|
||||||
|
OVRawm9vFqyKiBRANVogTRr+ch4zywaapwfVLQ+xiwVLqlT5n/iIzWCQ0hA15eKZ
|
||||||
|
gJV0kTXL4OWKBeJqSNnnLVm4AhZ2OpKHMsjE7BEopvCe9JZWFIrjtQ9TrriByOx0
|
||||||
|
3anWkmm7b4lZ1HKDOI/Cxyz8BZvYizo7hSOdGjLrFBTD/Wk0swvpzB4NKh5I6N7k
|
||||||
|
gppXMTaWp36+KmQx66JzaZjepGl1VMNFdgiP6Sw6pO+5Ag0EZykRewEQAK4EY+06
|
||||||
|
GeuX4wLlUqAMWCnbFELuhBZGWFLEIvP6WJS1WOvee45RVcpVfYMp3AqymiNRahAl
|
||||||
|
RMtSQ9YtXSdlBPkhtNcoV/hqjcNywMdbsy+Rs27pRk/DJVC0yVL4ABrSSlwhfNa4
|
||||||
|
6X4ZvPr8GGDvjAUhK6NXQ7WrZJxYR9/U0nqRGtGuPBLhFey1H60n5axP8+2f9pFC
|
||||||
|
NbDJ13HbrhVju+RUeE8Gq5WJI5dea5SfYnXFERsT/zO+pw7ZaaSDmWKR1a88P6Bk
|
||||||
|
DD7e63ZIaAa849M/Dz+OgzNEgbyRjvgbO0OEIrS2x61lGoW7F9prEgzj97NIiBu6
|
||||||
|
qpNCYJefkpfPENrk+wmOUthJfh6E7uphlliQams6dqXAc3Z+xBN9jFf74RpzVmIP
|
||||||
|
K/MFNr0EcUMFgURpBtaTrk4dGMh++v5i4qKxxwJHf4RsGCDsgH9ZZDemKz5q8uFN
|
||||||
|
TI1kbTnsKNt+d7L45U+3/mRm4l22g8eu+AvD6R4GfKjsyzEFCyGK7TmVYj0Y+EGR
|
||||||
|
9+YbRQ1GahXqtrR/aLC09LSyxQTqYfKU8KusnoceEbBOigEZUNPybpzibwHl1VEV
|
||||||
|
9crR5eT8MPHgs8xdpjQ7gRuPi12fvc83unpUsNIHSCxZqXoilGsz2+zpX2si3PxB
|
||||||
|
tK/tTo6ZFRLijhHs250Y1agp4MyXYq91A2VTABEBAAGJAjwEGAEIACYWIQRo0hgj
|
||||||
|
NCoTaDrrPk77TGhbXcHBPgUCZykRewIbDAUJA8JnAAAKCRD7TGhbXcHBPozGD/0Y
|
||||||
|
fkktGwGq2vPZUI/Fscv+VnEqVt94dBnS0/6GyYvhI7Tf81v+72URlQeX8TUQox9B
|
||||||
|
8d3Aru5b2+iSkPcvH70PbY8jt/yTwHtSlFzf6+YPIl+oyTz7DoiILSjrO51ntl8g
|
||||||
|
KmIb8Q9W74xV6VFIJ4m8rH04MKFpIlzUDq660JYQIGtOUFugSfg7aLVU/0j4WKKE
|
||||||
|
KfAfg93wYTKKd+JgRFy4FZPriem7HvlUSi2VKffdrrUF/PX35X74iKdPQoEADZi8
|
||||||
|
KkMZULDtyQ6ZOu2hiDpArjo5hDadKM314Z65VnM11hjiEhmTF3IyGBllb0qBIk0L
|
||||||
|
nBVHuMYmiqBNJEbaqHLqIju8/RvFlYV+AMISeA7B68knbJcao13ogtDpuJ4hpgCj
|
||||||
|
j2B1n0NWMcju0gteu1sfsIaQbWHevH2vgl5LJDCNtUJN/NoWB2Uov27wEvsongwY
|
||||||
|
3du40TnM+5ejwf4r8D3wX+JpVCAhfr3Oc0knw14nRqFPAe1E7DNURJ8xfEV9iPRA
|
||||||
|
swo6qoh7IIxNETUG1rywRExNt6tHsojx0Wb0I0IB7CnWRK9F6oNRp0S4kVgp+Jeh
|
||||||
|
a9NGXFK2hn8qBD/rpUPsj/OdkiBN+C7Ai07rCNez+IKdnUfXkOJqLCOyeUwC9WPl
|
||||||
|
uFPB9RnnghYM4xhMWf8XvSLOOk/vgPxiqR5ANLObsbkCDQRnKRLhARAAuh+b2Oxj
|
||||||
|
9q+RRZ+pkDVf/M6P01yDmDhwtYHzi/LW8PFHC6iQlzMReyv1R5n3uCEpAZ++mdUe
|
||||||
|
Cgo2TmFnYdpmxEgdaMIW98uqe4fuHhoXU2Mh4eiN7jyJvXQCsijCDYzifoj03HY7
|
||||||
|
nTVjw4+BSSu9kA3/vEqU9A5YjG01MmVSMaIaTrqZqsnypK6r2exJa7YVRYwRqpLY
|
||||||
|
C5ksikDVK9ftdfhjnsnYGS4pYyfMNSHY1KBMpHjT7wEkM+KZ2WRpjTZZ7nP9u4Lf
|
||||||
|
fJMKgcclRgf+13CeSaJfVIhjJlxGVLkloE8XJbOeh2vkK257e9BenEFgQnyLCpGJ
|
||||||
|
8YNsnsJVhxU1aA62dT7jmnOVMBhnGoNhMyzzfvUw0REz2VbpZBkiwZRfZ9MWUBsy
|
||||||
|
bneH8NwzZMQQLCc/yo/jnPrmDS+tgl4CXGzBtpxPUZSMuY4tHZZ2vBb0zcfhY7P1
|
||||||
|
CrHuylXLFzkOO/XRP3w1F8I1UqJCjdTKjdjCDF/VWtedHee1iEsSHxPGH8fHp4Qp
|
||||||
|
rBDDwZ4NnfilYNHMDWm6U1bzhX2ynqcGArQSd1Ny/oL7JzE1qoH/nNrwVvOSSNWF
|
||||||
|
UTXFXeLy+SOXJdFJpGP+/wV+gYfyczoUP6vmCdK1Hs15WQvKzyP/nmLS5uLilfxV
|
||||||
|
KrxZDI6SNrS4f/XkHcGnYByFKUhq5gVN0ZcAEQEAAYkEcgQYAQgAJhYhBGjSGCM0
|
||||||
|
KhNoOus+TvtMaFtdwcE+BQJnKRLhAhsCBQkDwmcAAkAJEPtMaFtdwcE+wXQgBBkB
|
||||||
|
CAAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmcpEuEACgkQzcroySfGvjExiQ//
|
||||||
|
TKQ2Ci+sqNSVIcwg/k0Go1i4cA7lhKNdYRBCaIThB9jMqNg2zgPzgELBcaVJL8xw
|
||||||
|
0E2x2ZvBejM4X+eTrmkdufcxHR8B/zBF8oPlD2pgs/zZmZEO1gq4Cdab7yIoVNNr
|
||||||
|
foCZShxOCPR2wIixcYZtt5f7Z3zSXqkjIec6sTOedT75ZXrpQbvINeUkvOJfMCOi
|
||||||
|
ailauvDfv8k5iJUVbP+Dx1vOc88bvewVJcbLID4HIRr/PS+k1D10zGbnF71TnxGZ
|
||||||
|
r7anMZCSFCHJ5WV+BSwHHKtxRy+bJ1x9ML45Jcr1anTXeaHIeSKNzFBigJQSgHv0
|
||||||
|
euegkD3Rmw+IcxNb4l536selaNR0UAwx1DC1qpjBtnE9/pXdTEsZQxq9kMrj0d+f
|
||||||
|
VKFjOKADVIpkx7o0dZ1jmbUmdjQVyGDgHE+Emgdd726/2ftWriW2uPeUC6YZiqbt
|
||||||
|
vBnCnwF+aV6P1nrE0BWJchLyBjDCe5Y2oXBAYF6xwpDPfMPr4oscqzPV4TWVULBi
|
||||||
|
brtRWgSxmvinIGFx9T9wQCVfX254dqBaAEhRMImoT/YP+6evRZKqQODRhI44OG7u
|
||||||
|
V71IVAJ8BHEBN8hxvQM3WPs1fhwMBFCyGfr/x/U4/c78R9JhxkU9VwmMbLGQP7VP
|
||||||
|
1QgfiHqZpHMk8ZUmQn6KLeurzWcnwPFkwgFPZED8OQOMXxAAio3DhWr5KDd3mICH
|
||||||
|
ALNY0A2ipb/JH6LSHxu0S3MLa/bF6PbqRY1+fKMT/cFVxln99rNUrX+hDRbc7qbh
|
||||||
|
KkxvGmcnXnkcTHah9bfUghEanlKkBr1g1ik3zgEnpO/x3+X39Ov+ge92MDawV0nq
|
||||||
|
k9R/9tS+ZD/ph72Q9kx3ZfVNSL0eWxjuwBzFW0Zwh5TAX4raSmyQCmAXi05O3YmN
|
||||||
|
iq4arSUg5oAOMRZ+d96DsrAS4Sdtlx6/CuKTBzEaGPQLQ9wJNB0Vmd/eQWTP99KY
|
||||||
|
cAdIwj5BJ5P0Z7+xhsVjQOntn4otnP6vN6RuDtYrS6M7TCN/ZeKCvN/G0nRac4D+
|
||||||
|
IJX3CYYtYXgaoDuoetUWtc7O5PzHRETaBt/46ob2lzf6cT5QyVujTfz+i0rGEc63
|
||||||
|
pvXK8mV+K7BFY/DHpdEhl1pDw2YYLbBmUthQWdsL6/TVvpMe/wZadvJ/by3AeRzQ
|
||||||
|
eusUucuSo9UNN7Yj8u3dRhxNgsSiU96A/SFlAoB5s3Onh5K4WEVCBu/INjdi+r2B
|
||||||
|
LJePSnA3I7VkRE9Haf1D28jtBzm3Xbft2rs3lO18FcCqw6kd7Ih3e0tZ8uUG9UDv
|
||||||
|
qTDHTUHLAWvwrq38gKKAu2RMaU06A5kR87RcQiizxOwBIwiHuUWMU4/Hyx6fXsOD
|
||||||
|
hEs0O6AFDarNDZGee2amKTAyZpG5Ag0EZykTxQEQAOwGV1boBD3vDLsoAT62nGxb
|
||||||
|
SqXiBsObxnpWbNifOzM9BUGPOIpHsSH32PZGG/+LNjNdECfyyP1RysH5OT7j92Q8
|
||||||
|
vgRQoG3X985gbOjYyZc0xvAkTSvWxOiy5CuF3X8sJ3NSerQDXwjP9qVqLVj/3FB8
|
||||||
|
nka1HFS7KzC3Zo/kzCoxeZ3/hV3PTWIjcoJvtBSCKPZyOJxnRqWfi5BNJo3S2SR1
|
||||||
|
mxV967zawXiZ8MeeBl6rLhOfCBtz9g+bqrXZYoenuMn5Js2mcH0haYeMSV3UWIC4
|
||||||
|
kinzr1EJxs+L1/hVCVBNiiDc6DXcFXoz9ZVc9kjpZTOMoZVDkRkyOeen+5Sya9wK
|
||||||
|
4teLmDLME4+pgeHCS/Wa4KrYyEWe7NpG1VTkSJnRS+fyYGTWtwEiuwT6J9U0t1d5
|
||||||
|
hbxhM7YAhlnOEnNVmqa3Bq3yqJs9G/7gicZ7CIJ9JBHKTJzOnKfpGhxBSOgOoCOa
|
||||||
|
WW6uVCzDqfrYPmCUIKQmanB441xJFGuHVPMLBjVjswoMKGkK3gM6KMRCDYQ53u6s
|
||||||
|
FK+Jcl8HobBSezVIUKpKVX3IW9d506cE0FhSW/NvWJv0FIMVloyC2BpOjSWVgEwX
|
||||||
|
tk/m3SKPsgCAcCqzi7xlloR8+E9C2xci9cdGG5faghgSjaP6j0qDww/slRPQJc5A
|
||||||
|
DIeukkOYTCiSiDwQtblJABEBAAGJAjMEGAEIACcWIQRo0hgjNCoTaDrrPk77TGhb
|
||||||
|
XcHBPgUCZykTxQMbIAQFCQPCZwAAADcWD/4qJRLn7TcMtRMF43Yn+dX+O13YrxBC
|
||||||
|
T4n1QVmiPsGrUca4Vg1J+trV6IMsGrhktpiaV0qeL/km0h02m4gEDZKDyWWXdeWh
|
||||||
|
EXFaTVy9yCpSXUWJl5gSXTSwxrqBWyWLlLLk4UT9l9sk5mMdy0JA8unobV4M/eXQ
|
||||||
|
ggR11DL3ji7aO0hsqxyxXkJcawWjVGW5KL1EaoDKIJ/CwxOI5ipFueMIRQjQvw9A
|
||||||
|
o/w2fq11qVXY9zknk6pFkp/RDHLes+wVHDtebZfJ9xV7Mb1mf/k03dT56GaA/U3E
|
||||||
|
XvJ2FdgWR+zf+YMEa9MPDHYo2UNEvk9mOk247M8s+OeexdlkPgyKW5A8mtYuY/dR
|
||||||
|
j8W6C4pLcMWa+d/vIUpm5Guw0F5q0AWk9/FbBe9HLztEevvRnuHXmfTZeto/nCAi
|
||||||
|
Yg4pCj6p3JoN5CLebR8YtWm9AJBbX1kgVvqSU2VgwYIFsxBEz8Wu2h7z/eSCSeIg
|
||||||
|
ARFbTlJ6cBrRkXCVyhbv0LPWWUfAUqiEtdGxrA4Xx/jKrI02JjRdW/bZkXjSka8K
|
||||||
|
+cDlpcr9ixBWW5LkWsOdiL8jExfTGw25FA7Wd1HiHnBv36Mu/zb+0/I63d+fLq93
|
||||||
|
e3lmmVx9qQF8p5Okf4ojY9YoIHVkLS7t9AgFjm/ucmpEGbXxyPk2Cr3l+b5R41x3
|
||||||
|
dBW9kxiuWpZN3Q==
|
||||||
|
=iuRK
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
-----END PGP PUBLIC KEY BLOCK-----
|
@ -1,14 +1,14 @@
|
|||||||
%define ruby_inc %(pkg-config --cflags ruby)
|
%define ruby_inc %(pkg-config --cflags ruby)
|
||||||
%define libsepolver 3.7-1
|
%define libsepolver 3.8-0
|
||||||
|
|
||||||
Summary: SELinux library and simple utilities
|
Summary: SELinux library and simple utilities
|
||||||
Name: libselinux
|
Name: libselinux
|
||||||
Version: 3.7
|
Version: 3.8
|
||||||
Release: 5%{?dist}
|
Release: 0.rc1.1%{?dist}
|
||||||
License: LicenseRef-Fedora-Public-Domain
|
License: LicenseRef-Fedora-Public-Domain
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz
|
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc1/libselinux-%{version}-rc1.tar.gz
|
||||||
Source1: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz.asc
|
Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc1/libselinux-%{version}-rc1.tar.gz.asc
|
||||||
Source2: https://github.com/bachradsusi.gpg
|
Source2: https://github.com/bachradsusi.gpg
|
||||||
Source3: selinuxconlist.8
|
Source3: selinuxconlist.8
|
||||||
Source4: selinuxdefcon.8
|
Source4: selinuxdefcon.8
|
||||||
@ -16,17 +16,10 @@ Source4: selinuxdefcon.8
|
|||||||
Url: https://github.com/SELinuxProject/selinux/wiki
|
Url: https://github.com/SELinuxProject/selinux/wiki
|
||||||
# $ git clone https://github.com/fedora-selinux/selinux.git
|
# $ git clone https://github.com/fedora-selinux/selinux.git
|
||||||
# $ cd selinux
|
# $ cd selinux
|
||||||
# $ git format-patch -N 3.7 -- libselinux
|
# $ git format-patch -N 3.8 -- libselinux
|
||||||
# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||||
# Patch list start
|
# Patch list start
|
||||||
Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
|
Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
|
||||||
Patch0002: 0002-libselinux-set-free-d-data-to-NULL.patch
|
|
||||||
Patch0003: 0003-libselinux-restorecon-Include-selinux-label.h.patch
|
|
||||||
Patch0004: 0004-libselinux-Fix-integer-comparison-issues-when-compil.patch
|
|
||||||
Patch0005: 0005-libselinux-deprecate-security_disable-3.patch
|
|
||||||
Patch0006: 0006-libselinux-fix-swig-bindings-for-4.3.0.patch
|
|
||||||
Patch0007: 0007-libselinux-setexecfilecon-Remove-useless-rc-check.patch
|
|
||||||
Patch0008: 0008-libselinux-matchpathcon-RESOURCE_LEAK-Variable-con.patch
|
|
||||||
# Patch list end
|
# Patch list end
|
||||||
BuildRequires: gcc make
|
BuildRequires: gcc make
|
||||||
BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel
|
BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel
|
||||||
@ -99,7 +92,7 @@ needed for developing SELinux applications.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||||
%autosetup -p 2 -n libselinux-%{version}
|
%autosetup -p 2 -n libselinux-%{version}-rc1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export DISABLE_RPM="y"
|
export DISABLE_RPM="y"
|
||||||
@ -197,6 +190,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
|
|||||||
%{_sbindir}/selinuxexeccon
|
%{_sbindir}/selinuxexeccon
|
||||||
%{_sbindir}/selinuxenabled
|
%{_sbindir}/selinuxenabled
|
||||||
%{_sbindir}/setenforce
|
%{_sbindir}/setenforce
|
||||||
|
%{_sbindir}/selabel_compare
|
||||||
%{_sbindir}/selabel_digest
|
%{_sbindir}/selabel_digest
|
||||||
%{_sbindir}/selabel_lookup
|
%{_sbindir}/selabel_lookup
|
||||||
%{_sbindir}/selabel_lookup_best_match
|
%{_sbindir}/selabel_lookup_best_match
|
||||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (libselinux-3.7.tar.gz) = e949c20b606c50ad521b9592ce55ad6658e8c4b24d9838028f5aba0a4fc762b6d0d0d0d207f5bef7a2e41485e12d91382fa6090df27152dbb40071b273419352
|
SHA512 (libselinux-3.8-rc1.tar.gz) = 16fbc4d903061f696b5396690da69b7bc18f158742c789ef70d543d51fe5015abc73d9205e3b147cec0d293a1448735e2b9e39edd562690156c946a0f53dcb38
|
||||||
SHA512 (libselinux-3.7.tar.gz.asc) = 5be2fdc0deda62f240276413d1b95a57d467fe989ddb31b34f7743cbd03d69385ac3321af10c97aded119ae5f0a4d8ec5894f8647a45f2902c0e8ff1e96787aa
|
SHA512 (libselinux-3.8-rc1.tar.gz.asc) = 52e0fbf7e61fe6c67cfa2ca214bbf2cae94f016feeb3b317e8c4f6bffb9c2f3b93cfd425669c1c9fc97b35cdb77b2f153b11f9daa654817565aa40d76dc936f2
|
||||||
|
Loading…
Reference in New Issue
Block a user