libselinux-3.4-0.rc2.1

- SELinux userspace 3.4-rc2 release
2022-04-21 18:07:57 +02:00 · 2022-04-21 18:07:57 +02:00 · 7fb483760b
commit 7fb483760b
parent 811f3cb62d
5 changed files with 53 additions and 64 deletions
--- a/.gitignore
+++ b/.gitignore
@ -222,3 +222,4 @@ libselinux-2.0.96.tgz
 /libselinux-3.3-rc3.tar.gz
 /libselinux-3.3.tar.gz
 /libselinux-3.4-rc1.tar.gz
+/libselinux-3.4-rc2.tar.gz
--- a/0001-Use-SHA-2-instead-of-SHA-1.patch
+++ b/0001-Use-SHA-2-instead-of-SHA-1.patch
@ -14,7 +14,7 @@ The use of SHA-1 in RHEL9 is deprecated
 libselinux/src/Makefile                       |   2 +-
 libselinux/src/label_file.c                   |  40 +--
 libselinux/src/label_internal.h               |  10 +-
- libselinux/src/label_support.c                |   8 +-
+ libselinux/src/label_support.c                |  10 +-
 libselinux/src/selinux_restorecon.c           |  24 +-
 libselinux/src/sha1.c                         | 220 -------------
 libselinux/src/sha1.h                         |  85 -----
@ -22,7 +22,7 @@ The use of SHA-1 in RHEL9 is deprecated
 libselinux/src/sha256.h                       |  89 ++++++
 libselinux/utils/selabel_digest.c             |  26 +-
 .../selabel_get_digests_all_partial_matches.c |  28 +-
- 17 files changed, 469 insertions(+), 391 deletions(-)
+ 17 files changed, 470 insertions(+), 392 deletions(-)
 delete mode 100644 libselinux/src/sha1.c
 delete mode 100644 libselinux/src/sha1.h
 create mode 100644 libselinux/src/sha256.c
@ -50,10 +50,10 @@ index e8983606d93b..a35d84d63b0a 100644
  * @num_specfiles: number of specfiles in the list.
  *
 diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h
-index 466de39aac72..ca8ce768587a 100644
+index 1821a3dc596c..8f9a030cda98 100644
 --- a/libselinux/include/selinux/restorecon.h
 +++ b/libselinux/include/selinux/restorecon.h
-@@ -27,8 +27,8 @@ extern int selinux_restorecon(const char *pathname,
+@@ -41,8 +41,8 @@ extern int selinux_restorecon_parallel(const char *pathname,
  * restorecon_flags options
  */
 /*
@ -96,10 +96,10 @@ index 971ebc1acd41..2cf2eb8a1410 100644
 .BR selabel_digest (3)
 .
 diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3
-index ad637406a30d..c4576fe79ff6 100644
+index 334d2930bb4f..500845917fb8 100644
 --- a/libselinux/man/man3/selinux_restorecon.3
 +++ b/libselinux/man/man3/selinux_restorecon.3
-@@ -28,7 +28,7 @@ If this is a directory and the
+@@ -36,7 +36,7 @@ If this is a directory and the
 .B SELINUX_RESTORECON_RECURSE
 has been set (for descending through directories), then
 .BR selinux_restorecon ()
@ -108,7 +108,7 @@ index ad637406a30d..c4576fe79ff6 100644
 .BR selabel_get_digests_all_partial_matches (3)
 to an extended attribute of
 .IR security.sehash
-@@ -47,7 +47,7 @@ will take place.
+@@ -55,7 +55,7 @@ will take place.
 .br
 The
 .IR restorecon_flags
@ -117,7 +117,7 @@ index ad637406a30d..c4576fe79ff6 100644
 .RS
 .B SELINUX_RESTORECON_SKIP_DIGEST
 .br
-@@ -65,8 +65,8 @@ Do not check or update any extended attribute
+@@ -73,8 +73,8 @@ Do not check or update any extended attribute
 entries.
 .sp
 .B SELINUX_RESTORECON_IGNORE_DIGEST
@ -128,7 +128,7 @@ index ad637406a30d..c4576fe79ff6 100644
 .IR security.sehash
 extended attribute once relabeling has been completed successfully provided the
 .B SELINUX_RESTORECON_NOCHANGE
-@@ -84,7 +84,7 @@ default specfile context.
+@@ -92,7 +92,7 @@ default specfile context.
 .sp
 .B SELINUX_RESTORECON_RECURSE
 change file and directory labels recursively (descend directories)
@ -137,7 +137,7 @@ index ad637406a30d..c4576fe79ff6 100644
 extended attribute as described in the
 .B NOTES
 section.
-@@ -158,7 +158,7 @@ to treat conflicting specifications, such as where two hardlinks for the
+@@ -166,7 +166,7 @@ to treat conflicting specifications, such as where two hardlinks for the
 same inode have different contexts, as errors.
 .RE
 .sp
@ -146,7 +146,7 @@ index ad637406a30d..c4576fe79ff6 100644
 above is the default behavior. It is possible to change this by first calling
 .BR selabel_open (3)
 and not enabling the
-@@ -200,7 +200,7 @@ To improve performance when relabeling file systems recursively (e.g. the
+@@ -229,7 +229,7 @@ To improve performance when relabeling file systems recursively (e.g. the
 .B SELINUX_RESTORECON_RECURSE
 flag is set)
 .BR selinux_restorecon ()
@ -178,10 +178,10 @@ index c56326814b94..098c840fc59b 100644
 .BR selabel_open (3)
 must be called specifying the required
 diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
-index 52c40f018f51..674a5ed3a6f8 100644
+index 04bf4f240168..222c3fa2d7c3 100644
 --- a/libselinux/src/Makefile
 +++ b/libselinux/src/Makefile
-@@ -120,7 +120,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \
+@@ -119,7 +119,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \
 	-DBUILD_HOST
 SRCS= callbacks.c freecon.c label.c label_file.c \
 	label_backends_android.c regex.c label_support.c \
@ -191,10 +191,10 @@ index 52c40f018f51..674a5ed3a6f8 100644
 LABEL_BACKEND_ANDROID=y
 endif
 diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
-index 2e28d0474d73..c1306c9979e7 100644
+index 74ae9b9feb70..33d395e414f0 100644
 --- a/libselinux/src/label_file.c
 +++ b/libselinux/src/label_file.c
-@@ -1005,7 +1005,7 @@ static struct spec *lookup_common(struct selabel_handle *rec,
+@@ -1010,7 +1010,7 @@ static struct spec *lookup_common(struct selabel_handle *rec,
 
 /*
  * Returns true if the digest of all partial matched contexts is the same as
@ -203,7 +203,7 @@ index 2e28d0474d73..c1306c9979e7 100644
  * digest will always be returned. The caller must free any returned digests.
  */
 static bool get_digests_all_partial_matches(struct selabel_handle *rec,
-@@ -1014,39 +1014,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
+@@ -1019,39 +1019,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
 					    uint8_t **xattr_digest,
 					    size_t *digest_len)
 {
@ -254,7 +254,7 @@ index 2e28d0474d73..c1306c9979e7 100644
 		return true;
 
 	return false;
-@@ -1066,22 +1066,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key
+@@ -1071,22 +1071,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key
 		return false;
 	}
 
@ -327,31 +327,44 @@ index 782c6aa8cc0c..304e8d96490a 100644
 };
 
 diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c
-index 94ed6e4273cb..f53d73b609ab 100644
+index 54fd49a5b7b9..4003eb8dc7af 100644
 --- a/libselinux/src/label_support.c
 +++ b/libselinux/src/label_support.c
-@@ -115,15 +115,15 @@ int  read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...)
+@@ -115,7 +115,7 @@ int  read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...)
 /* Once all the specfiles are in the hash_buf, generate the hash. */
 void  digest_gen_hash(struct selabel_digest *digest)
 {
 -	Sha1Context context;
 +	Sha256Context context;
+ 	size_t remaining_size;
+ 	const unsigned char *ptr;
 
- 	/* If SELABEL_OPT_DIGEST not set then just return */
+@@ -123,19 +123,19 @@ void  digest_gen_hash(struct selabel_digest *digest)
 	if (!digest)
 		return;
 
 -	Sha1Initialise(&context);
-	Sha1Update(&context, digest->hashbuf, digest->hashbuf_size);
-	Sha1Finalise(&context, (SHA1_HASH *)digest->digest);
 +	Sha256Initialise(&context);
-+	Sha256Update(&context, digest->hashbuf, digest->hashbuf_size);
+ 
+ 	/* Process in blocks of UINT32_MAX bytes */
+ 	remaining_size = digest->hashbuf_size;
+ 	ptr = digest->hashbuf;
+ 	while (remaining_size > UINT32_MAX) {
+-		Sha1Update(&context, ptr, UINT32_MAX);
+		Sha256Update(&context, ptr, UINT32_MAX);
+ 		remaining_size -= UINT32_MAX;
+ 		ptr += UINT32_MAX;
+ 	}
+-	Sha1Update(&context, ptr, remaining_size);
+	Sha256Update(&context, ptr, remaining_size);
+ 
+-	Sha1Finalise(&context, (SHA1_HASH *)digest->digest);
 +	Sha256Finalise(&context, (SHA256_HASH *)digest->digest);
 	free(digest->hashbuf);
 	digest->hashbuf = NULL;
 	return;
 diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
-index 04d956504952..100c77108a27 100644
+index 72f4fb462e34..f7e84657d09d 100644
 --- a/libselinux/src/selinux_restorecon.c
 +++ b/libselinux/src/selinux_restorecon.c
@@ -37,7 +37,7 @@
@ -363,7 +376,7 @@ index 04d956504952..100c77108a27 100644
 
 #define STAR_COUNT 1024
 
-@@ -293,7 +293,7 @@ static int exclude_non_seclabel_mounts(void)
+@@ -294,7 +294,7 @@ static int exclude_non_seclabel_mounts(void)
 static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 			   bool delete_all)
 {
@ -372,7 +385,7 @@ index 04d956504952..100c77108a27 100644
 	size_t i, digest_len = 0;
 	int rc, digest_result;
 	bool match;
-@@ -316,15 +316,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
+@@ -317,15 +317,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 	}
 
 	/* Convert entry to a hex encoded string. */
@ -391,7 +404,7 @@ index 04d956504952..100c77108a27 100644
 
 	digest_result = match ? MATCH : NOMATCH;
 
-@@ -344,7 +344,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
+@@ -345,7 +345,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 	/* Now add entries to link list. */
 	new_entry = malloc(sizeof(struct dir_xattr));
 	if (!new_entry) {
@ -400,7 +413,7 @@ index 04d956504952..100c77108a27 100644
 		goto oom;
 	}
 	new_entry->next = NULL;
-@@ -352,15 +352,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
+@@ -353,15 +353,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 	new_entry->directory = strdup(directory);
 	if (!new_entry->directory) {
 		free(new_entry);
@ -428,7 +441,7 @@ index 04d956504952..100c77108a27 100644
 	return 0;
 
 oom:
-@@ -741,7 +741,7 @@ err:
+@@ -755,7 +755,7 @@ err:
 
 struct dir_hash_node {
 	char *path;
@ -437,7 +450,7 @@ index 04d956504952..100c77108a27 100644
 	struct dir_hash_node *next;
 };
 /*
-@@ -1091,7 +1091,7 @@ int selinux_restorecon(const char *pathname_orig,
+@@ -1232,7 +1232,7 @@ static int selinux_restorecon_common(const char *pathname_orig,
 			if (setxattr(current->path,
 			    RESTORECON_PARTIAL_MATCH_DIGEST,
 			    current->digest,
@ -1329,5 +1342,5 @@ index e28833d2ce97..900f018c0091 100644
 		}
 		default:
 -- 
-2.32.0
+2.35.1

--- a/0002-Update-python-library-and-binding-versions-to-3.4-rc.patch
+++ b/0002-Update-python-library-and-binding-versions-to-3.4-rc.patch
@ -1,26 +0,0 @@
-From 9ce501c15bf91108f768e5255d89b28c0e2b906e Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Tue, 12 Apr 2022 12:28:00 +0200
-Subject: [PATCH] Update python library and binding versions to 3.4-rc1
-
-Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
- libselinux/src/setup.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py
-index b79b27507480..4dd119aca32e 100644
--- a/libselinux/src/setup.py
-+++ b/libselinux/src/setup.py
-@@ -4,7 +4,7 @@ from distutils.core import Extension, setup
- 
- setup(
-     name="selinux",
-    version="3.3",
-+    version="3.4-rc1",
-     description="SELinux python 3 bindings",
-     author="SELinux Project",
-     author_email="selinux@vger.kernel.org",
-- 
-2.35.1
-
--- a/libselinux.spec
+++ b/libselinux.spec
@ -4,20 +4,19 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 3.4
-Release: 0.rc1.1%{?dist}
+Release: 0.rc2.1%{?dist}
 License: Public Domain
 # https://github.com/SELinuxProject/selinux/wiki/Releases
-Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4-rc1/libselinux-3.4-rc1.tar.gz
+Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4-rc2/libselinux-3.4-rc2.tar.gz
 Source1: selinuxconlist.8
 Source2: selinuxdefcon.8
 Url: https://github.com/SELinuxProject/selinux/wiki
 # $ git clone https://github.com/fedora-selinux/selinux.git
 # $ cd selinux
-# $ git format-patch -N 3.4-rc1 -- libselinux
+# $ git format-patch -N 3.4-rc2 -- libselinux
 # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
 # Patch list start
 Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
-Patch0002: 0002-Update-python-library-and-binding-versions-to-3.4-rc.patch
 # Patch list end
 BuildRequires: gcc make
 BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
@ -88,7 +87,7 @@ The libselinux-static package contains the static libraries
 needed for developing SELinux applications. 

 %prep
-%autosetup -p 2 -n libselinux-%{version}-rc1
+%autosetup -p 2 -n libselinux-%{version}-rc2

 %build
 export DISABLE_RPM="y"
@ -214,6 +213,9 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %{ruby_vendorarchdir}/selinux.so

 %changelog
+* Thu Apr 21 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc2.1
+- SELinux userspace 3.4-rc2 release
+
 * Tue Apr 12 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc1.1
 - SELinux userspace 3.4-rc1 release

--- a/3
+++ b/3
@ -1,2 +1 @@
-SHA512 (libselinux-3.3.tar.gz) = 9a89c05ea4b17453168a985ece93ba6d6c4127916e657c46d4135eb59a1f6408faa0802cc2e49187defbde5247d659037beee089877affbab3eab6af3433696c
-SHA512 (libselinux-3.4-rc1.tar.gz) = 333907b3ed05d66e608ab16958e4e09e18848bf9aaf3d9216d08be2f6e483231c9455a8e6db56648d6704c0f0af7cd4c5c7ba468d678f8368d06b68a60693eb5
+SHA512 (libselinux-3.4-rc2.tar.gz) = 5332e598bb4f6f2d6681921d699addd1fc7b82229c1cd082ac43c15e1c390a8e9021c1725e444c1f6ddfc125cb008c62fa169d741cca777d1d6160e1a9995a6f