From bc30cb8b07a3b895a68087f21022fbe4e7e818ac Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 21 Nov 2022 13:50:53 +0100 Subject: [PATCH] libsemanage-3.4-6 Rebase on upstream f56a72ac9e86 --- ...ys-write-kernel-policy-when-check_ex.patch | 4 +- ...emanage-Allow-user-to-set-SYSCONFDIR.patch | 40 +++++++++++++++++++ ...ocs-provide-a-top-level-LICENSE-file.patch | 26 ++++++++++++ ...ve-dependency-on-the-Python-module-d.patch | 31 ++++++++++++++ libsemanage.spec | 15 +++++-- 5 files changed, 110 insertions(+), 6 deletions(-) create mode 100644 0002-libsemanage-Allow-user-to-set-SYSCONFDIR.patch create mode 100644 0003-docs-provide-a-top-level-LICENSE-file.patch create mode 100644 0004-libsemanage-Remove-dependency-on-the-Python-module-d.patch diff --git a/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch b/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch index e268b75..620ead4 100644 --- a/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch +++ b/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch @@ -1,4 +1,4 @@ -From 19bfd1fb713df01e470ed295a3a8c7afd64ce981 Mon Sep 17 00:00:00 2001 +From bdbe52be1bfbcc8a4614731f791d08ab8fb82ca2 Mon Sep 17 00:00:00 2001 From: Ondrej Mosnacek Date: Wed, 8 Jun 2022 19:09:53 +0200 Subject: [PATCH] libsemanage: always write kernel policy when @@ -56,5 +56,5 @@ index 7206483a3ebb..7aa081abb3b7 100644 ifaces->dtable->is_modified(ifaces->dbase) | nodes->dtable->is_modified(nodes->dbase) | -- -2.36.1 +2.38.1 diff --git a/0002-libsemanage-Allow-user-to-set-SYSCONFDIR.patch b/0002-libsemanage-Allow-user-to-set-SYSCONFDIR.patch new file mode 100644 index 0000000..d163443 --- /dev/null +++ b/0002-libsemanage-Allow-user-to-set-SYSCONFDIR.patch @@ -0,0 +1,40 @@ +From 01b5ef48dcc37ff06c5515b90d9da5b02dce820d Mon Sep 17 00:00:00 2001 +From: Matt Sheets +Date: Thu, 22 Sep 2022 11:02:55 -0700 +Subject: [PATCH] libsemanage: Allow user to set SYSCONFDIR +Content-type: text/plain + +This change will allow a user to set the location of their +sysconfdir, defaulted to /etc, if they are installing into +nonstandard locations. + +Signed-off-by: Matt Sheets +Reviewed-by: Daniel Burgener +--- + libsemanage/src/Makefile | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile +index 71c2a1d2513f..01df0181df1e 100644 +--- a/libsemanage/src/Makefile ++++ b/libsemanage/src/Makefile +@@ -11,6 +11,7 @@ PKG_CONFIG ?= pkg-config + PREFIX ?= /usr + LIBDIR ?= $(PREFIX)/lib + INCLUDEDIR ?= $(PREFIX)/include ++SYSCONFDIR ?= /etc + PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) + PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) + PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))") +@@ -19,7 +20,7 @@ RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + + RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]') + RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]') + +-DEFAULT_SEMANAGE_CONF_LOCATION=/etc/selinux/semanage.conf ++DEFAULT_SEMANAGE_CONF_LOCATION=$(SYSCONFDIR)/selinux/semanage.conf + + ifeq ($(DEBUG),1) + export CFLAGS ?= -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror +-- +2.38.1 + diff --git a/0003-docs-provide-a-top-level-LICENSE-file.patch b/0003-docs-provide-a-top-level-LICENSE-file.patch new file mode 100644 index 0000000..6fb3204 --- /dev/null +++ b/0003-docs-provide-a-top-level-LICENSE-file.patch @@ -0,0 +1,26 @@ +From a0a216ff7d86004ddc36d516377f0a6ffe88076c Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Fri, 30 Sep 2022 17:44:12 -0400 +Subject: [PATCH] docs: provide a top level LICENSE file +Content-type: text/plain + +Provide a top level LICENSE file explaining how multiple the SELinux +userspace is released under multiple different licenses. Also ensure +that all the different license files share a consistent file name, +LICENSE, to make it easier for people to identify the license files. + +This is to help meet the OpenSSF Best Practices requirements. + +Signed-off-by: Paul Moore +--- + libsemanage/{COPYING => LICENSE} | 0 + 1 file changed, 0 insertions(+), 0 deletions(-) + rename libsemanage/{COPYING => LICENSE} (100%) + +diff --git a/libsemanage/COPYING b/libsemanage/LICENSE +similarity index 100% +rename from libsemanage/COPYING +rename to libsemanage/LICENSE +-- +2.38.1 + diff --git a/0004-libsemanage-Remove-dependency-on-the-Python-module-d.patch b/0004-libsemanage-Remove-dependency-on-the-Python-module-d.patch new file mode 100644 index 0000000..70b3337 --- /dev/null +++ b/0004-libsemanage-Remove-dependency-on-the-Python-module-d.patch @@ -0,0 +1,31 @@ +From 33e56c9b2e302ef96f848f741423231df0a9998d Mon Sep 17 00:00:00 2001 +From: James Carter +Date: Fri, 28 Oct 2022 16:13:51 -0400 +Subject: [PATCH] libsemanage: Remove dependency on the Python module distutils +Content-type: text/plain + +The distutils package is deprecated and scheduled to be removed in +Python 3.12. Use the sysconfig module instead. + +Signed-off-by: James Carter +Acked-by: Petr Lautrbach +--- + libsemanage/src/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile +index 01df0181df1e..589e4a706bfd 100644 +--- a/libsemanage/src/Makefile ++++ b/libsemanage/src/Makefile +@@ -14,7 +14,7 @@ INCLUDEDIR ?= $(PREFIX)/include + SYSCONFDIR ?= /etc + PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) + PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) +-PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))") ++PYTHONLIBDIR ?= $(shell $(PYTHON) -c "import sysconfig; print(sysconfig.get_path('platlib', vars={'platbase': '$(PREFIX)', 'base': '$(PREFIX)'}))") + PYCEXT ?= $(shell $(PYTHON) -c 'import importlib.machinery;print(importlib.machinery.EXTENSION_SUFFIXES[0])') + RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]') + RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]') +-- +2.38.1 + diff --git a/libsemanage.spec b/libsemanage.spec index cf2bfcd..9d8302f 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -1,16 +1,19 @@ -%define libsepolver 3.4-1 -%define libselinuxver 3.4-1 +%define libsepolver 3.4-4 +%define libselinuxver 3.4-6 Summary: SELinux binary policy manipulation library Name: libsemanage Version: 3.4 -Release: 5%{?dist} +Release: 6%{?dist} License: LGPL-2.1-or-later Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/libsemanage-3.4.tar.gz # fedora-selinux/selinux: git format-patch -N 3.4 -- libsemanage # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # Patch list start Patch0001: 0001-libsemanage-always-write-kernel-policy-when-check_ex.patch +Patch0002: 0002-libsemanage-Allow-user-to-set-SYSCONFDIR.patch +Patch0003: 0003-docs-provide-a-top-level-LICENSE-file.patch +Patch0004: 0004-libsemanage-Remove-dependency-on-the-Python-module-d.patch # Patch list end URL: https://github.com/SELinuxProject/selinux/wiki Source1: semanage.conf @@ -23,6 +26,7 @@ BuildRequires: bison flex bzip2-devel BuildRequires: python3 BuildRequires: python3-devel +BuildRequires: python3-setuptools Requires: bzip2-libs audit-libs Requires: libselinux%{?_isa} >= %{libselinuxver} @@ -125,7 +129,7 @@ InstallPythonWrapper \ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf %files -%license COPYING +%license LICENSE %dir %{_sysconfdir}/selinux %config(noreplace) %{_sysconfdir}/selinux/semanage.conf %{_libdir}/libsemanage.so.2 @@ -154,6 +158,9 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf %{_libexecdir}/selinux/semanage_migrate_store %changelog +* Mon Nov 21 2022 Petr Lautrbach - 3.4-6 +- Rebase on upstream f56a72ac9e86 + * Mon Jul 25 2022 Petr Lautrbach - 3.4-5 - Always write kernel policy when check_ext_changes is specified (#2104935)