rpms/libselinux
7
0
Fork 0
Code Issues Pull Requests Releases Activity

libselinux-3.4-0.rc2.1

Browse Source 
- SELinux userspace 3.4-rc2 release
This commit is contained in:
Petr Lautrbach 2022-04-21 18:07:57 +02:00
parent 811f3cb62d
commit 7fb483760b
5 changed files with 53 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -222,3 +222,4 @@ libselinux-2.0.96.tgz
/libselinux-3.3-rc3.tar.gz /libselinux-3.3-rc3.tar.gz
/libselinux-3.3.tar.gz /libselinux-3.3.tar.gz
/libselinux-3.4-rc1.tar.gz /libselinux-3.4-rc1.tar.gz
/libselinux-3.4-rc2.tar.gz

75
0001-Use-SHA-2-instead-of-SHA-1.patch
View File

@ -14,7 +14,7 @@ The use of SHA-1 in RHEL9 is deprecated
libselinux/src/Makefile | 2 +- libselinux/src/Makefile | 2 +-
libselinux/src/label_file.c | 40 +-- libselinux/src/label_file.c | 40 +--
libselinux/src/label_internal.h | 10 +- libselinux/src/label_internal.h | 10 +-
libselinux/src/label_support.c | 8 +- libselinux/src/label_support.c | 10 +-
libselinux/src/selinux_restorecon.c | 24 +- libselinux/src/selinux_restorecon.c | 24 +-
libselinux/src/sha1.c | 220 ------------- libselinux/src/sha1.c | 220 -------------
libselinux/src/sha1.h | 85 ----- libselinux/src/sha1.h | 85 -----
@ -22,7 +22,7 @@ The use of SHA-1 in RHEL9 is deprecated
libselinux/src/sha256.h | 89 ++++++ libselinux/src/sha256.h | 89 ++++++
libselinux/utils/selabel_digest.c | 26 +- libselinux/utils/selabel_digest.c | 26 +-
.../selabel_get_digests_all_partial_matches.c | 28 +- .../selabel_get_digests_all_partial_matches.c | 28 +-
17 files changed, 469 insertions(+), 391 deletions(-) 17 files changed, 470 insertions(+), 392 deletions(-)
delete mode 100644 libselinux/src/sha1.c delete mode 100644 libselinux/src/sha1.c
delete mode 100644 libselinux/src/sha1.h delete mode 100644 libselinux/src/sha1.h
create mode 100644 libselinux/src/sha256.c create mode 100644 libselinux/src/sha256.c
@ -50,10 +50,10 @@ index e8983606d93b..a35d84d63b0a 100644
* @num_specfiles: number of specfiles in the list. * @num_specfiles: number of specfiles in the list.
* *
diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h
index 466de39aac72..ca8ce768587a 100644 index 1821a3dc596c..8f9a030cda98 100644
--- a/libselinux/include/selinux/restorecon.h --- a/libselinux/include/selinux/restorecon.h
+++ b/libselinux/include/selinux/restorecon.h +++ b/libselinux/include/selinux/restorecon.h
@@ -27,8 +27,8 @@ extern int selinux_restorecon(const char *pathname, @@ -41,8 +41,8 @@ extern int selinux_restorecon_parallel(const char *pathname,
* restorecon_flags options * restorecon_flags options
*/ */
/* /*
@ -96,10 +96,10 @@ index 971ebc1acd41..2cf2eb8a1410 100644
.BR selabel_digest (3) .BR selabel_digest (3)
. .
diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3 diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3
index ad637406a30d..c4576fe79ff6 100644 index 334d2930bb4f..500845917fb8 100644
--- a/libselinux/man/man3/selinux_restorecon.3 --- a/libselinux/man/man3/selinux_restorecon.3
+++ b/libselinux/man/man3/selinux_restorecon.3 +++ b/libselinux/man/man3/selinux_restorecon.3
@@ -28,7 +28,7 @@ If this is a directory and the @@ -36,7 +36,7 @@ If this is a directory and the
.B SELINUX_RESTORECON_RECURSE .B SELINUX_RESTORECON_RECURSE
has been set (for descending through directories), then has been set (for descending through directories), then
.BR selinux_restorecon () .BR selinux_restorecon ()
@ -108,7 +108,7 @@ index ad637406a30d..c4576fe79ff6 100644
.BR selabel_get_digests_all_partial_matches (3) .BR selabel_get_digests_all_partial_matches (3)
to an extended attribute of to an extended attribute of
.IR security.sehash .IR security.sehash
@@ -47,7 +47,7 @@ will take place. @@ -55,7 +55,7 @@ will take place.
.br .br
The The
.IR restorecon_flags .IR restorecon_flags
@ -117,7 +117,7 @@ index ad637406a30d..c4576fe79ff6 100644
.RS .RS
.B SELINUX_RESTORECON_SKIP_DIGEST .B SELINUX_RESTORECON_SKIP_DIGEST
.br .br
@@ -65,8 +65,8 @@ Do not check or update any extended attribute @@ -73,8 +73,8 @@ Do not check or update any extended attribute
entries. entries.
.sp .sp
.B SELINUX_RESTORECON_IGNORE_DIGEST .B SELINUX_RESTORECON_IGNORE_DIGEST
@ -128,7 +128,7 @@ index ad637406a30d..c4576fe79ff6 100644
.IR security.sehash .IR security.sehash
extended attribute once relabeling has been completed successfully provided the extended attribute once relabeling has been completed successfully provided the
.B SELINUX_RESTORECON_NOCHANGE .B SELINUX_RESTORECON_NOCHANGE
@@ -84,7 +84,7 @@ default specfile context. @@ -92,7 +92,7 @@ default specfile context.
.sp .sp
.B SELINUX_RESTORECON_RECURSE .B SELINUX_RESTORECON_RECURSE
change file and directory labels recursively (descend directories) change file and directory labels recursively (descend directories)
@ -137,7 +137,7 @@ index ad637406a30d..c4576fe79ff6 100644
extended attribute as described in the extended attribute as described in the
.B NOTES .B NOTES
section. section.
@@ -158,7 +158,7 @@ to treat conflicting specifications, such as where two hardlinks for the @@ -166,7 +166,7 @@ to treat conflicting specifications, such as where two hardlinks for the
same inode have different contexts, as errors. same inode have different contexts, as errors.
.RE .RE
.sp .sp
@ -146,7 +146,7 @@ index ad637406a30d..c4576fe79ff6 100644
above is the default behavior. It is possible to change this by first calling above is the default behavior. It is possible to change this by first calling
.BR selabel_open (3) .BR selabel_open (3)
and not enabling the and not enabling the
@@ -200,7 +200,7 @@ To improve performance when relabeling file systems recursively (e.g. the @@ -229,7 +229,7 @@ To improve performance when relabeling file systems recursively (e.g. the
.B SELINUX_RESTORECON_RECURSE .B SELINUX_RESTORECON_RECURSE
flag is set) flag is set)
.BR selinux_restorecon () .BR selinux_restorecon ()
@ -178,10 +178,10 @@ index c56326814b94..098c840fc59b 100644
.BR selabel_open (3) .BR selabel_open (3)
must be called specifying the required must be called specifying the required
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 52c40f018f51..674a5ed3a6f8 100644 index 04bf4f240168..222c3fa2d7c3 100644
--- a/libselinux/src/Makefile --- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile +++ b/libselinux/src/Makefile
@@ -120,7 +120,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \ @@ -119,7 +119,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \
-DBUILD_HOST -DBUILD_HOST
SRCS= callbacks.c freecon.c label.c label_file.c \ SRCS= callbacks.c freecon.c label.c label_file.c \
label_backends_android.c regex.c label_support.c \ label_backends_android.c regex.c label_support.c \
@ -191,10 +191,10 @@ index 52c40f018f51..674a5ed3a6f8 100644
LABEL_BACKEND_ANDROID=y LABEL_BACKEND_ANDROID=y
endif endif
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 2e28d0474d73..c1306c9979e7 100644 index 74ae9b9feb70..33d395e414f0 100644
--- a/libselinux/src/label_file.c --- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c
@@ -1005,7 +1005,7 @@ static struct spec *lookup_common(struct selabel_handle *rec, @@ -1010,7 +1010,7 @@ static struct spec *lookup_common(struct selabel_handle *rec,
/* /*
* Returns true if the digest of all partial matched contexts is the same as * Returns true if the digest of all partial matched contexts is the same as
@ -203,7 +203,7 @@ index 2e28d0474d73..c1306c9979e7 100644
* digest will always be returned. The caller must free any returned digests. * digest will always be returned. The caller must free any returned digests.
*/ */
static bool get_digests_all_partial_matches(struct selabel_handle *rec, static bool get_digests_all_partial_matches(struct selabel_handle *rec,
@@ -1014,39 +1014,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec, @@ -1019,39 +1019,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
uint8_t **xattr_digest, uint8_t **xattr_digest,
size_t *digest_len) size_t *digest_len)
{ {
@ -254,7 +254,7 @@ index 2e28d0474d73..c1306c9979e7 100644
return true; return true;
return false; return false;
@@ -1066,22 +1066,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key @@ -1071,22 +1071,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key
return false; return false;
} }
@ -327,31 +327,44 @@ index 782c6aa8cc0c..304e8d96490a 100644
}; };
diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c
index 94ed6e4273cb..f53d73b609ab 100644 index 54fd49a5b7b9..4003eb8dc7af 100644
--- a/libselinux/src/label_support.c --- a/libselinux/src/label_support.c
+++ b/libselinux/src/label_support.c +++ b/libselinux/src/label_support.c
@@ -115,15 +115,15 @@ int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...) @@ -115,7 +115,7 @@ int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...)
/* Once all the specfiles are in the hash_buf, generate the hash. */ /* Once all the specfiles are in the hash_buf, generate the hash. */
void digest_gen_hash(struct selabel_digest *digest) void digest_gen_hash(struct selabel_digest *digest)
{ {
- Sha1Context context; - Sha1Context context;
+ Sha256Context context; + Sha256Context context;
size_t remaining_size;
const unsigned char *ptr;
/* If SELABEL_OPT_DIGEST not set then just return */ @@ -123,19 +123,19 @@ void digest_gen_hash(struct selabel_digest *digest)
if (!digest) if (!digest)
return; return;
- Sha1Initialise(&context); - Sha1Initialise(&context);
- Sha1Update(&context, digest->hashbuf, digest->hashbuf_size);
- Sha1Finalise(&context, (SHA1_HASH *)digest->digest);
+ Sha256Initialise(&context); + Sha256Initialise(&context);
+ Sha256Update(&context, digest->hashbuf, digest->hashbuf_size);
/* Process in blocks of UINT32_MAX bytes */
remaining_size = digest->hashbuf_size;
ptr = digest->hashbuf;
while (remaining_size > UINT32_MAX) {
- Sha1Update(&context, ptr, UINT32_MAX);
+ Sha256Update(&context, ptr, UINT32_MAX);
remaining_size -= UINT32_MAX;
ptr += UINT32_MAX;
}
- Sha1Update(&context, ptr, remaining_size);
+ Sha256Update(&context, ptr, remaining_size);
- Sha1Finalise(&context, (SHA1_HASH *)digest->digest);
+ Sha256Finalise(&context, (SHA256_HASH *)digest->digest); + Sha256Finalise(&context, (SHA256_HASH *)digest->digest);
free(digest->hashbuf); free(digest->hashbuf);
digest->hashbuf = NULL; digest->hashbuf = NULL;
return; return;
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
index 04d956504952..100c77108a27 100644 index 72f4fb462e34..f7e84657d09d 100644
--- a/libselinux/src/selinux_restorecon.c --- a/libselinux/src/selinux_restorecon.c
+++ b/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c
@@ -37,7 +37,7 @@ @@ -37,7 +37,7 @@
@ -363,7 +376,7 @@ index 04d956504952..100c77108a27 100644
#define STAR_COUNT 1024 #define STAR_COUNT 1024
@@ -293,7 +293,7 @@ static int exclude_non_seclabel_mounts(void) @@ -294,7 +294,7 @@ static int exclude_non_seclabel_mounts(void)
static int add_xattr_entry(const char *directory, bool delete_nonmatch, static int add_xattr_entry(const char *directory, bool delete_nonmatch,
bool delete_all) bool delete_all)
{ {
@ -372,7 +385,7 @@ index 04d956504952..100c77108a27 100644
size_t i, digest_len = 0; size_t i, digest_len = 0;
int rc, digest_result; int rc, digest_result;
bool match; bool match;
@@ -316,15 +316,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, @@ -317,15 +317,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
} }
/* Convert entry to a hex encoded string. */ /* Convert entry to a hex encoded string. */
@ -391,7 +404,7 @@ index 04d956504952..100c77108a27 100644
digest_result = match ? MATCH : NOMATCH; digest_result = match ? MATCH : NOMATCH;
@@ -344,7 +344,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, @@ -345,7 +345,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
/* Now add entries to link list. */ /* Now add entries to link list. */
new_entry = malloc(sizeof(struct dir_xattr)); new_entry = malloc(sizeof(struct dir_xattr));
if (!new_entry) { if (!new_entry) {
@ -400,7 +413,7 @@ index 04d956504952..100c77108a27 100644
goto oom; goto oom;
} }
new_entry->next = NULL; new_entry->next = NULL;
@@ -352,15 +352,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, @@ -353,15 +353,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
new_entry->directory = strdup(directory); new_entry->directory = strdup(directory);
if (!new_entry->directory) { if (!new_entry->directory) {
free(new_entry); free(new_entry);
@ -428,7 +441,7 @@ index 04d956504952..100c77108a27 100644
return 0; return 0;
oom: oom:
@@ -741,7 +741,7 @@ err: @@ -755,7 +755,7 @@ err:
struct dir_hash_node { struct dir_hash_node {
char *path; char *path;
@ -437,7 +450,7 @@ index 04d956504952..100c77108a27 100644
struct dir_hash_node *next; struct dir_hash_node *next;
}; };
/* /*
@@ -1091,7 +1091,7 @@ int selinux_restorecon(const char *pathname_orig, @@ -1232,7 +1232,7 @@ static int selinux_restorecon_common(const char *pathname_orig,
if (setxattr(current->path, if (setxattr(current->path,
RESTORECON_PARTIAL_MATCH_DIGEST, RESTORECON_PARTIAL_MATCH_DIGEST,
current->digest, current->digest,
@ -1329,5 +1342,5 @@ index e28833d2ce97..900f018c0091 100644
} }
default: default:
-- --
2.32.0 2.35.1

26
0002-Update-python-library-and-binding-versions-to-3.4-rc.patch
View File

@ -1,26 +0,0 @@
From 9ce501c15bf91108f768e5255d89b28c0e2b906e Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 12 Apr 2022 12:28:00 +0200
Subject: [PATCH] Update python library and binding versions to 3.4-rc1
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
libselinux/src/setup.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py
index b79b27507480..4dd119aca32e 100644
--- a/libselinux/src/setup.py
+++ b/libselinux/src/setup.py
@@ -4,7 +4,7 @@ from distutils.core import Extension, setup
setup(
name="selinux",
- version="3.3",
+ version="3.4-rc1",
description="SELinux python 3 bindings",
author="SELinux Project",
author_email="selinux@vger.kernel.org",
--
2.35.1

12
libselinux.spec
View File

@ -4,20 +4,19 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 3.4 Version: 3.4
Release: 0.rc1.1%{?dist} Release: 0.rc2.1%{?dist}
License: Public Domain License: Public Domain
# https://github.com/SELinuxProject/selinux/wiki/Releases # https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4-rc1/libselinux-3.4-rc1.tar.gz Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4-rc2/libselinux-3.4-rc2.tar.gz
Source1: selinuxconlist.8 Source1: selinuxconlist.8
Source2: selinuxdefcon.8 Source2: selinuxdefcon.8
Url: https://github.com/SELinuxProject/selinux/wiki Url: https://github.com/SELinuxProject/selinux/wiki
# $ git clone https://github.com/fedora-selinux/selinux.git # $ git clone https://github.com/fedora-selinux/selinux.git
# $ cd selinux # $ cd selinux
# $ git format-patch -N 3.4-rc1 -- libselinux # $ git format-patch -N 3.4-rc2 -- libselinux
# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
# Patch list start # Patch list start
Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
Patch0002: 0002-Update-python-library-and-binding-versions-to-3.4-rc.patch
# Patch list end # Patch list end
BuildRequires: gcc make BuildRequires: gcc make
BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
@ -88,7 +87,7 @@ The libselinux-static package contains the static libraries
needed for developing SELinux applications. needed for developing SELinux applications.
%prep %prep
%autosetup -p 2 -n libselinux-%{version}-rc1 %autosetup -p 2 -n libselinux-%{version}-rc2
%build %build
export DISABLE_RPM="y" export DISABLE_RPM="y"
@ -214,6 +213,9 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%{ruby_vendorarchdir}/selinux.so %{ruby_vendorarchdir}/selinux.so
%changelog %changelog
* Thu Apr 21 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc2.1
- SELinux userspace 3.4-rc2 release
* Tue Apr 12 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc1.1 * Tue Apr 12 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc1.1
- SELinux userspace 3.4-rc1 release - SELinux userspace 3.4-rc1 release

3
sources
View File

@ -1,2 +1 @@
SHA512 (libselinux-3.3.tar.gz) = 9a89c05ea4b17453168a985ece93ba6d6c4127916e657c46d4135eb59a1f6408faa0802cc2e49187defbde5247d659037beee089877affbab3eab6af3433696c SHA512 (libselinux-3.4-rc2.tar.gz) = 5332e598bb4f6f2d6681921d699addd1fc7b82229c1cd082ac43c15e1c390a8e9021c1725e444c1f6ddfc125cb008c62fa169d741cca777d1d6160e1a9995a6f
SHA512 (libselinux-3.4-rc1.tar.gz) = 333907b3ed05d66e608ab16958e4e09e18848bf9aaf3d9216d08be2f6e483231c9455a8e6db56648d6704c0f0af7cd4c5c7ba468d678f8368d06b68a60693eb5