From 1e88a7f202df54b6c70c4377ce791f2b37576bc0 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 2 Jan 2023 15:45:06 +0100 Subject: [PATCH] policycoreutils-3.5-0.rc1.1 - SELinux userspace 3.5-rc1 release Resolves: rhbz#2145229 --- .gitignore | 1 + ...t-to-Xephyr-as-it-works-better-with-.patch | 4 +- ...RD_FILE_CONTEXT-section-in-man-pages.patch | 10 +- ...xecutable-we-don-t-want-to-print-a-p.patch | 8 +- ...t-be-verbose-if-you-are-not-on-a-tty.patch | 6 +- ...sepolicy-manpage-web-functionality.-.patch | 170 --------- ...e-the-trailing-newline-for-etc-syste.patch | 27 -- ...rate-Handle-more-reserved-port-types.patch | 8 +- ...-in-manpage.py-to-not-contain-online.patch | 26 -- ...hbox-window-manager-instead-of-openb.patch | 14 +- ...h => 0007-Use-SHA-2-instead-of-SHA-1.patch | 12 +- ...d-interface-file_type_is_executable-.patch | 10 +- ...andle-unsupported-languages-properly.patch | 349 ------------------ ...rebuild-if-modules-changed-to-refres.patch | 82 ---- ...emanage-import-into-two-transactions.patch | 65 ---- policycoreutils.spec | 41 +- sources | 1 + 17 files changed, 57 insertions(+), 777 deletions(-) rename 0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch => 0004-Don-t-be-verbose-if-you-are-not-on-a-tty.patch (83%) delete mode 100644 0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch delete mode 100644 0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch rename 0008-sepolicy-generate-Handle-more-reserved-port-types.patch => 0005-sepolicy-generate-Handle-more-reserved-port-types.patch (94%) delete mode 100644 0006-Fix-title-in-manpage.py-to-not-contain-online.patch rename 0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch => 0006-sandbox-Use-matchbox-window-manager-instead-of-openb.patch (88%) rename 0010-Use-SHA-2-instead-of-SHA-1.patch => 0007-Use-SHA-2-instead-of-SHA-1.patch (98%) rename 0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch => 0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch (90%) delete mode 100644 0012-gettext-handle-unsupported-languages-properly.patch delete mode 100644 0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch delete mode 100644 0014-python-Split-semanage-import-into-two-transactions.patch diff --git a/.gitignore b/.gitignore index aa6d7fe..940f62c 100644 --- a/.gitignore +++ b/.gitignore @@ -341,3 +341,4 @@ policycoreutils-2.0.83.tgz /selinux-3.3-rc3.tar.gz /selinux-3.3.tar.gz /selinux-3.4.tar.gz +/selinux-3.5-rc1.tar.gz diff --git a/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch b/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch index 1b5b9c9..213d93e 100644 --- a/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch +++ b/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch @@ -1,4 +1,4 @@ -From f361ee407490bc74b43ec408b1edc70cd647d4e0 Mon Sep 17 00:00:00 2001 +From ef92b4c912e3f7ec5bf37dede18451e736fc79b1 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 20 Aug 2015 12:58:41 +0200 Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in @@ -23,5 +23,5 @@ index eaa500d08143..4774528027ef 100644 cat > ~/seremote << __EOF #!/bin/sh -- -2.35.1 +2.39.0 diff --git a/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch b/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch index 998345e..d0258fe 100644 --- a/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch +++ b/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch @@ -1,4 +1,4 @@ -From 71a2f14767c0ec70c23ecce43d7cbc5404c95552 Mon Sep 17 00:00:00 2001 +From bc692fe683bf89a2065620d0f070b1d71a672dd7 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 21 Apr 2014 13:54:40 -0400 Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages @@ -10,10 +10,10 @@ Signed-off-by: Miroslav Grepl 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index 3e61e333193f..82338aeeef32 100755 +index 1bff8f9acb49..586553bd4d9a 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py -@@ -737,10 +737,13 @@ Default Defined Ports:""") +@@ -679,10 +679,13 @@ Default Defined Ports:""") def _file_context(self): flist = [] @@ -27,7 +27,7 @@ index 3e61e333193f..82338aeeef32 100755 if f in self.fcdict: mpaths = mpaths + self.fcdict[f]["regex"] if len(mpaths) == 0: -@@ -799,12 +802,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d +@@ -741,12 +744,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d SELinux defines the file context types for the %(domainname)s, if you wanted to store files with these types in a diffent paths, you need to execute the semanage command to specify alternate labeling and then use restorecon to put the labels on disk. @@ -43,5 +43,5 @@ index 3e61e333193f..82338aeeef32 100755 self.fd.write(r""" .I The following file types are defined for %(domainname)s: -- -2.35.1 +2.39.0 diff --git a/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch b/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch index aca9199..85c6ad1 100644 --- a/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch +++ b/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch @@ -1,4 +1,4 @@ -From d55a06c002641dce1301b9b5639bd8e206460724 Mon Sep 17 00:00:00 2001 +From 8c4d5bbcca80017c9a9aa412c2d05a19f6dbf47e Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Mon, 12 May 2014 14:11:22 +0200 Subject: [PATCH] If there is no executable we don't want to print a part of @@ -10,10 +10,10 @@ Content-type: text/plain 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index 82338aeeef32..ec8aa1cb94a2 100755 +index 586553bd4d9a..4c2c46f8c804 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py -@@ -795,7 +795,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d +@@ -737,7 +737,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d .PP """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]}) @@ -24,5 +24,5 @@ index 82338aeeef32..ec8aa1cb94a2 100755 .B STANDARD FILE CONTEXT -- -2.35.1 +2.39.0 diff --git a/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch b/0004-Don-t-be-verbose-if-you-are-not-on-a-tty.patch similarity index 83% rename from 0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch rename to 0004-Don-t-be-verbose-if-you-are-not-on-a-tty.patch index ba39b4d..7c74ecd 100644 --- a/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch +++ b/0004-Don-t-be-verbose-if-you-are-not-on-a-tty.patch @@ -1,4 +1,4 @@ -From f204dd292340689c2d7ab75612b9fd81337fcbc3 Mon Sep 17 00:00:00 2001 +From 8520b97020f80e271f49d67db1af06dfe3c9d4a3 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 14 Feb 2014 12:32:12 -0500 Subject: [PATCH] Don't be verbose if you are not on a tty @@ -9,7 +9,7 @@ Content-type: text/plain 1 file changed, 1 insertion(+) diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles -index c72ca0eb9d61..163ebcd1f232 100755 +index 166af6f360a2..ebe64563c7d7 100755 --- a/policycoreutils/scripts/fixfiles +++ b/policycoreutils/scripts/fixfiles @@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() { @@ -21,5 +21,5 @@ index c72ca0eb9d61..163ebcd1f232 100755 THREADS="" RPMFILES="" -- -2.35.1 +2.39.0 diff --git a/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch b/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch deleted file mode 100644 index 045c033..0000000 --- a/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch +++ /dev/null @@ -1,170 +0,0 @@ -From b180f7679c5e09535416f47d48afd0c0738f5fa9 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Thu, 19 Feb 2015 17:45:15 +0100 -Subject: [PATCH] Simplication of sepolicy-manpage web functionality. - system_release is no longer hardcoded and it creates only index.html and html - man pages in the directory for the system release. -Content-type: text/plain - ---- - python/sepolicy/sepolicy/__init__.py | 25 +++-------- - python/sepolicy/sepolicy/manpage.py | 65 +++------------------------- - 2 files changed, 13 insertions(+), 77 deletions(-) - -diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py -index 203ca25f4210..9447812b7450 100644 ---- a/python/sepolicy/sepolicy/__init__.py -+++ b/python/sepolicy/sepolicy/__init__.py -@@ -1225,27 +1225,14 @@ def boolean_desc(boolean): - - - def get_os_version(): -- os_version = "" -- pkg_name = "selinux-policy" -+ system_release = "" - try: -- try: -- from commands import getstatusoutput -- except ImportError: -- from subprocess import getstatusoutput -- rc, output = getstatusoutput("rpm -q '%s'" % pkg_name) -- if rc == 0: -- os_version = output.split(".")[-2] -- except: -- os_version = "" -- -- if os_version[0:2] == "fc": -- os_version = "Fedora" + os_version[2:] -- elif os_version[0:2] == "el": -- os_version = "RHEL" + os_version[2:] -- else: -- os_version = "" -+ with open('/etc/system-release') as f: -+ system_release = f.readline() -+ except IOError: -+ system_release = "Misc" - -- return os_version -+ return system_release - - - def reinit(): -diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index ec8aa1cb94a2..c632d05dbb1b 100755 ---- a/python/sepolicy/sepolicy/manpage.py -+++ b/python/sepolicy/sepolicy/manpage.py -@@ -151,10 +151,6 @@ def prettyprint(f, trim): - manpage_domains = [] - manpage_roles = [] - --fedora_releases = ["Fedora17", "Fedora18"] --rhel_releases = ["RHEL6", "RHEL7"] -- -- - def get_alphabet_manpages(manpage_list): - alphabet_manpages = dict.fromkeys(string.ascii_letters, []) - for i in string.ascii_letters: -@@ -184,7 +180,7 @@ def convert_manpage_to_html(html_manpage, manpage): - class HTMLManPages: - - """ -- Generate a HHTML Manpages on an given SELinux domains -+ Generate a HTML Manpages on an given SELinux domains - """ - - def __init__(self, manpage_roles, manpage_domains, path, os_version): -@@ -192,9 +188,9 @@ class HTMLManPages: - self.manpage_domains = get_alphabet_manpages(manpage_domains) - self.os_version = os_version - self.old_path = path + "/" -- self.new_path = self.old_path + self.os_version + "/" -+ self.new_path = self.old_path - -- if self.os_version in fedora_releases or self.os_version in rhel_releases: -+ if self.os_version: - self.__gen_html_manpages() - else: - print("SELinux HTML man pages can not be generated for this %s" % os_version) -@@ -203,7 +199,6 @@ class HTMLManPages: - def __gen_html_manpages(self): - self._write_html_manpage() - self._gen_index() -- self._gen_body() - self._gen_css() - - def _write_html_manpage(self): -@@ -221,67 +216,21 @@ class HTMLManPages: - convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r) - - def _gen_index(self): -- index = self.old_path + "index.html" -- fd = open(index, 'w') -- fd.write(""" -- -- -- -- SELinux man pages online -- -- --

SELinux man pages

--

--Fedora or Red Hat Enterprise Linux Man Pages. --

--
--

Fedora

-- -- --
--
--
--""")
--        for f in fedora_releases:
--            fd.write("""
--%s - SELinux man pages for %s """ % (f, f, f, f))
--
--        fd.write("""
--
--
--

RHEL

-- -- --
--
--
--""")
--        for r in rhel_releases:
--            fd.write("""
--%s - SELinux man pages for %s """ % (r, r, r, r))
--
--        fd.write("""
--
-- """) -- fd.close() -- print("%s has been created" % index) -- -- def _gen_body(self): - html = self.new_path + self.os_version + ".html" - fd = open(html, 'w') - fd.write(""" - - -- -- Linux man-pages online for Fedora18 -+ -+ SELinux man pages online - - --

SELinux man pages for Fedora18

-+

SELinux man pages for %s

-
- -
-

SELinux roles

--""") -+""" % self.os_version) - for letter in self.manpage_roles: - if len(self.manpage_roles[letter]): - fd.write(""" --- -2.35.1 - diff --git a/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch b/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch deleted file mode 100644 index 948881f..0000000 --- a/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 1747f59fece8183772e5591ce5b5feb5f421f602 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 20 Feb 2015 16:42:01 +0100 -Subject: [PATCH] We want to remove the trailing newline for - /etc/system_release. -Content-type: text/plain - ---- - python/sepolicy/sepolicy/__init__.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py -index 9447812b7450..aa8beda313c8 100644 ---- a/python/sepolicy/sepolicy/__init__.py -+++ b/python/sepolicy/sepolicy/__init__.py -@@ -1228,7 +1228,7 @@ def get_os_version(): - system_release = "" - try: - with open('/etc/system-release') as f: -- system_release = f.readline() -+ system_release = f.readline().rstrip() - except IOError: - system_release = "Misc" - --- -2.35.1 - diff --git a/0008-sepolicy-generate-Handle-more-reserved-port-types.patch b/0005-sepolicy-generate-Handle-more-reserved-port-types.patch similarity index 94% rename from 0008-sepolicy-generate-Handle-more-reserved-port-types.patch rename to 0005-sepolicy-generate-Handle-more-reserved-port-types.patch index 0e45be3..3754de1 100644 --- a/0008-sepolicy-generate-Handle-more-reserved-port-types.patch +++ b/0005-sepolicy-generate-Handle-more-reserved-port-types.patch @@ -1,4 +1,4 @@ -From d8f51aa7d299383247213b69ec7cbb68c1fa3bc4 Mon Sep 17 00:00:00 2001 +From 3ae2b2ade26eae1326222c532bf8a72e54b5c28e Mon Sep 17 00:00:00 2001 From: Masatake YAMATO Date: Thu, 14 Dec 2017 15:57:58 +0900 Subject: [PATCH] sepolicy-generate: Handle more reserved port types @@ -53,10 +53,10 @@ https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redha 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py -index 43180ca6fda4..d60a08e1d72c 100644 +index b6df3e91160b..36a3ea1196b1 100644 --- a/python/sepolicy/sepolicy/generate.py +++ b/python/sepolicy/sepolicy/generate.py -@@ -99,7 +99,9 @@ def get_all_ports(): +@@ -100,7 +100,9 @@ def get_all_ports(): for p in sepolicy.info(sepolicy.PORT): if p['type'] == "reserved_port_t" or \ p['type'] == "port_t" or \ @@ -68,5 +68,5 @@ index 43180ca6fda4..d60a08e1d72c 100644 dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range')) return dict -- -2.35.1 +2.39.0 diff --git a/0006-Fix-title-in-manpage.py-to-not-contain-online.patch b/0006-Fix-title-in-manpage.py-to-not-contain-online.patch deleted file mode 100644 index 9b31464..0000000 --- a/0006-Fix-title-in-manpage.py-to-not-contain-online.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 0bd28bc715034c644405d3c03f160d69ae710500 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 20 Feb 2015 16:42:53 +0100 -Subject: [PATCH] Fix title in manpage.py to not contain 'online'. -Content-type: text/plain - ---- - python/sepolicy/sepolicy/manpage.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index c632d05dbb1b..3ae2f42b2fdf 100755 ---- a/python/sepolicy/sepolicy/manpage.py -+++ b/python/sepolicy/sepolicy/manpage.py -@@ -222,7 +222,7 @@ class HTMLManPages: - - - -- SELinux man pages online -+ SELinux man pages - - -

SELinux man pages for %s

--- -2.35.1 - diff --git a/0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch b/0006-sandbox-Use-matchbox-window-manager-instead-of-openb.patch similarity index 88% rename from 0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch rename to 0006-sandbox-Use-matchbox-window-manager-instead-of-openb.patch index e8a52b2..1a422a2 100644 --- a/0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch +++ b/0006-sandbox-Use-matchbox-window-manager-instead-of-openb.patch @@ -1,4 +1,4 @@ -From 8054dc44cf105b959864a1424fe857fac3ba3d73 Mon Sep 17 00:00:00 2001 +From a573ce33bb4c84497884d0f6251e764dc5dec60f Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 18 Jul 2018 09:09:35 +0200 Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox @@ -11,10 +11,10 @@ Content-type: text/plain 3 files changed, 3 insertions(+), 17 deletions(-) diff --git a/sandbox/sandbox b/sandbox/sandbox -index 16c43b51eaaa..7709a6585665 100644 +index a2762a7d215a..a32a33ea3cf6 100644 --- a/sandbox/sandbox +++ b/sandbox/sandbox -@@ -268,7 +268,7 @@ class Sandbox: +@@ -270,7 +270,7 @@ class Sandbox: copyfile(f, "/tmp", self.__tmpdir) copyfile(f, "/var/tmp", self.__tmpdir) @@ -23,7 +23,7 @@ index 16c43b51eaaa..7709a6585665 100644 execfile = self.__homedir + "/.sandboxrc" fd = open(execfile, "w+") if self.__options.session: -@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [- +@@ -369,7 +369,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [- parser.add_option("-W", "--windowmanager", dest="wm", type="string", @@ -33,10 +33,10 @@ index 16c43b51eaaa..7709a6585665 100644 parser.add_option("-l", "--level", dest="level", diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8 -index d83fee76f335..90ef4951c8c2 100644 +index 1ee0ecea96d1..775e4b231204 100644 --- a/sandbox/sandbox.8 +++ b/sandbox/sandbox.8 -@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz +@@ -80,7 +80,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz \fB\-W\fR \fB\-\-windowmanager\fR Select alternative window manager to run within .B sandbox \-X. @@ -71,5 +71,5 @@ index 4774528027ef..c211ebc14549 100644 export DISPLAY=:$D cat > ~/seremote << __EOF -- -2.35.1 +2.39.0 diff --git a/0010-Use-SHA-2-instead-of-SHA-1.patch b/0007-Use-SHA-2-instead-of-SHA-1.patch similarity index 98% rename from 0010-Use-SHA-2-instead-of-SHA-1.patch rename to 0007-Use-SHA-2-instead-of-SHA-1.patch index 812028f..705aec7 100644 --- a/0010-Use-SHA-2-instead-of-SHA-1.patch +++ b/0007-Use-SHA-2-instead-of-SHA-1.patch @@ -1,4 +1,4 @@ -From 53d085d8d6edc05886d473e412a8025b7f8d9ce4 Mon Sep 17 00:00:00 2001 +From f2592c2be7bfd28ef694ccb07753d72d050b1194 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 30 Jul 2021 14:14:37 +0200 Subject: [PATCH] Use SHA-2 instead of SHA-1 @@ -254,10 +254,10 @@ index 910101452625..7f2daa09191b 100644 , и, при условии, что НЕ установлен параметр .B \-n diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 -index 19b59a2cc90d..bad9f37a9ac4 100644 +index bf26e161a71d..36fe6b369548 100644 --- a/policycoreutils/setfiles/setfiles.8 +++ b/policycoreutils/setfiles/setfiles.8 -@@ -87,14 +87,14 @@ display usage information and exit. +@@ -95,14 +95,14 @@ display usage information and exit. ignore files that do not exist. .TP .B \-I @@ -275,7 +275,7 @@ index 19b59a2cc90d..bad9f37a9ac4 100644 enable usage of the .IR security.sehash extended attribute. -@@ -239,7 +239,7 @@ the +@@ -261,7 +261,7 @@ the .B \-D option to .B setfiles @@ -284,7 +284,7 @@ index 19b59a2cc90d..bad9f37a9ac4 100644 .B spec_file set in an extended attribute named .IR security.sehash -@@ -260,7 +260,7 @@ for further details. +@@ -282,7 +282,7 @@ for further details. .sp The .B \-I @@ -294,5 +294,5 @@ index 19b59a2cc90d..bad9f37a9ac4 100644 and provided the .B \-n -- -2.35.1 +2.39.0 diff --git a/0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch b/0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch similarity index 90% rename from 0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch rename to 0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch index c4e1fe1..5c41651 100644 --- a/0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch +++ b/0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch @@ -1,4 +1,4 @@ -From 3748b7eab7434698998edfcf613fe738cf19d5c9 Mon Sep 17 00:00:00 2001 +From fcbea75dc27541ac754d0b247cf92a9e503192f7 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 27 Feb 2017 17:12:39 +0100 Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and @@ -12,7 +12,7 @@ Content-type: text/plain 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index 3ae2f42b2fdf..5a434bd360ae 100755 +index 4c2c46f8c804..984a5107d59c 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py @@ -127,8 +127,24 @@ def gen_domains(): @@ -41,7 +41,7 @@ index 3ae2f42b2fdf..5a434bd360ae 100755 def _gen_types(): global types -@@ -374,6 +390,8 @@ class ManPage: +@@ -368,6 +384,8 @@ class ManPage: self.all_file_types = sepolicy.get_all_file_types() self.role_allows = sepolicy.get_all_role_allows() self.types = _gen_types() @@ -50,7 +50,7 @@ index 3ae2f42b2fdf..5a434bd360ae 100755 if self.source_files: self.fcpath = self.root + "file_contexts" -@@ -691,7 +709,7 @@ Default Defined Ports:""") +@@ -684,7 +702,7 @@ Default Defined Ports:""") for f in self.all_file_types: if f.startswith(self.domainname): flist.append(f) @@ -60,5 +60,5 @@ index 3ae2f42b2fdf..5a434bd360ae 100755 if f in self.fcdict: mpaths = mpaths + self.fcdict[f]["regex"] -- -2.35.1 +2.39.0 diff --git a/0012-gettext-handle-unsupported-languages-properly.patch b/0012-gettext-handle-unsupported-languages-properly.patch deleted file mode 100644 index 9f194b8..0000000 --- a/0012-gettext-handle-unsupported-languages-properly.patch +++ /dev/null @@ -1,349 +0,0 @@ -From f62227788b28e3afd2016b47af248f8ecefa8155 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Fri, 24 Jun 2022 16:24:25 +0200 -Subject: [PATCH] gettext: handle unsupported languages properly -Content-type: text/plain - -With "fallback=True" gettext.translation behaves the same as -gettext.install and uses NullTranslations in case the -translation file for given language was not found (as opposed to -throwing an exception). - -Fixes: - # LANG is set to any "unsupported" language, e.g. en_US.UTF-8 - $ chcat --help - Traceback (most recent call last): - File "/usr/bin/chcat", line 39, in - t = gettext.translation(PROGNAME, - File "/usr/lib64/python3.9/gettext.py", line 592, in translation - raise FileNotFoundError(ENOENT, - FileNotFoundError: [Errno 2] No translation file found for domain: 'selinux-python' - -Signed-off-by: Vit Mojzis -Reviewed-by: Daniel Burgener -Acked-by: Petr Lautrbach ---- - gui/booleansPage.py | 3 ++- - gui/domainsPage.py | 3 ++- - gui/fcontextPage.py | 3 ++- - gui/loginsPage.py | 3 ++- - gui/modulesPage.py | 3 ++- - gui/polgengui.py | 3 ++- - gui/portsPage.py | 3 ++- - gui/semanagePage.py | 3 ++- - gui/statusPage.py | 3 ++- - gui/system-config-selinux.py | 3 ++- - gui/usersPage.py | 3 ++- - python/chcat/chcat | 5 +++-- - python/semanage/semanage | 3 ++- - python/semanage/seobject.py | 3 ++- - python/sepolgen/src/sepolgen/sepolgeni18n.py | 4 +++- - python/sepolicy/sepolicy.py | 3 ++- - python/sepolicy/sepolicy/__init__.py | 3 ++- - python/sepolicy/sepolicy/generate.py | 3 ++- - python/sepolicy/sepolicy/gui.py | 3 ++- - python/sepolicy/sepolicy/interface.py | 3 ++- - sandbox/sandbox | 3 ++- - 21 files changed, 44 insertions(+), 22 deletions(-) - -diff --git a/gui/booleansPage.py b/gui/booleansPage.py -index 5beec58bc360..ad11a9b24c79 100644 ---- a/gui/booleansPage.py -+++ b/gui/booleansPage.py -@@ -46,7 +46,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/domainsPage.py b/gui/domainsPage.py -index e08f34b4d3a9..e6eadd61c1bc 100644 ---- a/gui/domainsPage.py -+++ b/gui/domainsPage.py -@@ -38,7 +38,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py -index bac2bec3ebbd..767664f26ec8 100644 ---- a/gui/fcontextPage.py -+++ b/gui/fcontextPage.py -@@ -55,7 +55,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/loginsPage.py b/gui/loginsPage.py -index 18b93d8c9756..7e08232a90b5 100644 ---- a/gui/loginsPage.py -+++ b/gui/loginsPage.py -@@ -37,7 +37,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/modulesPage.py b/gui/modulesPage.py -index c546d455d4cd..02b79f150a13 100644 ---- a/gui/modulesPage.py -+++ b/gui/modulesPage.py -@@ -38,7 +38,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/polgengui.py b/gui/polgengui.py -index a18f1cba17b9..7a3ecd50c91c 100644 ---- a/gui/polgengui.py -+++ b/gui/polgengui.py -@@ -71,7 +71,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/portsPage.py b/gui/portsPage.py -index 54aa80ded327..bee2bdf17b99 100644 ---- a/gui/portsPage.py -+++ b/gui/portsPage.py -@@ -43,7 +43,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/semanagePage.py b/gui/semanagePage.py -index 1371d4e7dabe..efad14d9b375 100644 ---- a/gui/semanagePage.py -+++ b/gui/semanagePage.py -@@ -30,7 +30,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/statusPage.py b/gui/statusPage.py -index c241ef83dfa0..832849e60d60 100644 ---- a/gui/statusPage.py -+++ b/gui/statusPage.py -@@ -43,7 +43,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py -index 1b460c99363b..9f53b7fe9020 100644 ---- a/gui/system-config-selinux.py -+++ b/gui/system-config-selinux.py -@@ -53,7 +53,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/usersPage.py b/gui/usersPage.py -index d51bd968b77e..9acd3b844056 100644 ---- a/gui/usersPage.py -+++ b/gui/usersPage.py -@@ -37,7 +37,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/python/chcat/chcat b/python/chcat/chcat -index e779fcc6ebd7..952cb8187599 100755 ---- a/python/chcat/chcat -+++ b/python/chcat/chcat -@@ -38,9 +38,10 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext --except ImportError: -+except: - try: - import builtins - builtins.__dict__['_'] = str -diff --git a/python/semanage/semanage b/python/semanage/semanage -index 8f4e44a7a9cd..f45061a601f9 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -38,7 +38,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py -index ff8f4e9c3008..0782c082dc0c 100644 ---- a/python/semanage/seobject.py -+++ b/python/semanage/seobject.py -@@ -42,7 +42,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py -index 56ebd807c69c..1ff307d9b27d 100644 ---- a/python/sepolgen/src/sepolgen/sepolgeni18n.py -+++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py -@@ -19,7 +19,9 @@ - - try: - import gettext -- t = gettext.translation( 'selinux-python' ) -+ t = gettext.translation("selinux-python", -+ localedir="/usr/share/locale", -+ fallback=True) - _ = t.gettext - except: - def _(str): -diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py -index 7ebe0efa88a1..c7a70e094b0c 100755 ---- a/python/sepolicy/sepolicy.py -+++ b/python/sepolicy/sepolicy.py -@@ -36,7 +36,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py -index 95520f9bc35d..6bde1971fd7c 100644 ---- a/python/sepolicy/sepolicy/__init__.py -+++ b/python/sepolicy/sepolicy/__init__.py -@@ -31,7 +31,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py -index 3e8b9f9c291d..eff3a8973917 100644 ---- a/python/sepolicy/sepolicy/generate.py -+++ b/python/sepolicy/sepolicy/generate.py -@@ -56,7 +56,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py -index b0263740a79f..5bdbfebade1d 100644 ---- a/python/sepolicy/sepolicy/gui.py -+++ b/python/sepolicy/sepolicy/gui.py -@@ -49,7 +49,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py -index 599f97fdc6e7..43f86443f2c8 100644 ---- a/python/sepolicy/sepolicy/interface.py -+++ b/python/sepolicy/sepolicy/interface.py -@@ -38,7 +38,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/sandbox/sandbox b/sandbox/sandbox -index 3ef444a12561..53cc504149c9 100644 ---- a/sandbox/sandbox -+++ b/sandbox/sandbox -@@ -45,7 +45,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: --- -2.36.1 - diff --git a/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch b/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch deleted file mode 100644 index 0db14f7..0000000 --- a/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch +++ /dev/null @@ -1,82 +0,0 @@ -From dc99f08e121ee21650a4179e3deaea8c04ae40c9 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 8 Jun 2022 19:09:54 +0200 -Subject: [PATCH] semodule: rename --rebuild-if-modules-changed to --refresh -Content-type: text/plain - -After the last commit this option's name and description no longer -matches the semantic, so give it a new one and update the descriptions. -The old name is still recognized and aliased to the new one for -backwards compatibility. - -Signed-off-by: Ondrej Mosnacek -Acked-by: Nicolas Iooss ---- - policycoreutils/semodule/semodule.8 | 12 ++++++------ - policycoreutils/semodule/semodule.c | 13 ++++++++++--- - 2 files changed, 16 insertions(+), 9 deletions(-) - -diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 -index d1735d216276..c56e580f27b8 100644 ---- a/policycoreutils/semodule/semodule.8 -+++ b/policycoreutils/semodule/semodule.8 -@@ -23,12 +23,12 @@ force a reload of policy - .B \-B, \-\-build - force a rebuild of policy (also reloads unless \-n is used) - .TP --.B \-\-rebuild-if-modules-changed --Force a rebuild of the policy if any changes to module content are detected --(by comparing with checksum from the last transaction). One can use this --instead of \-B to ensure that any changes to the module store done by an --external tool (e.g. a package manager) are applied, while automatically --skipping the rebuild if there are no new changes. -+.B \-\-refresh -+Like \-\-build, but reuses existing linked policy if no changes to module -+files are detected (by comparing with checksum from the last transaction). -+One can use this instead of \-B to ensure that any changes to the module -+store done by an external tool (e.g. a package manager) are applied, while -+automatically skipping the module re-linking if there are no module changes. - .TP - .B \-D, \-\-disable_dontaudit - Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt -diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c -index 1ed8e69054e0..ec0794866daa 100644 ---- a/policycoreutils/semodule/semodule.c -+++ b/policycoreutils/semodule/semodule.c -@@ -150,9 +150,12 @@ static void usage(char *progname) - printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); - printf(" -H, --hll extract module as hll. This only affects module extraction.\n"); - printf(" -m, --checksum print module checksum (SHA256).\n"); -- printf(" --rebuild-if-modules-changed\n" -- " force policy rebuild if module content changed since\n" -- " last rebuild (based on checksum)\n"); -+ printf(" --refresh like --build, but reuses existing linked policy if no\n" -+ " changes to module files are detected (via checksum)\n"); -+ printf("Deprecated options:\n"); -+ printf(" -b,--base same as --install\n"); -+ printf(" --rebuild-if-modules-changed\n" -+ " same as --refresh\n"); - } - - /* Sets the global mode variable to new_mode, but only if no other -@@ -185,6 +188,7 @@ static void parse_command_line(int argc, char **argv) - { - static struct option opts[] = { - {"rebuild-if-modules-changed", 0, NULL, '\0'}, -+ {"refresh", 0, NULL, '\0'}, - {"store", required_argument, NULL, 's'}, - {"base", required_argument, NULL, 'b'}, - {"help", 0, NULL, 'h'}, -@@ -225,6 +229,9 @@ static void parse_command_line(int argc, char **argv) - case '\0': - switch(longind) { - case 0: /* --rebuild-if-modules-changed */ -+ fprintf(stderr, "The --rebuild-if-modules-changed option is deprecated. Use --refresh instead.\n"); -+ /* fallthrough */ -+ case 1: /* --refresh */ - check_ext_changes = 1; - break; - default: --- -2.36.1 - diff --git a/0014-python-Split-semanage-import-into-two-transactions.patch b/0014-python-Split-semanage-import-into-two-transactions.patch deleted file mode 100644 index 6ef58aa..0000000 --- a/0014-python-Split-semanage-import-into-two-transactions.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 8abaf61849ce9688dddc3b27ef4df3cc23af0109 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Mon, 30 May 2022 14:20:21 +0200 -Subject: [PATCH] python: Split "semanage import" into two transactions -Content-type: text/plain - -First transaction applies all deletion operations, so that there are no -collisions when applying the rest of the changes. - -Fixes: - # semanage port -a -t http_cache_port_t -r s0 -p tcp 3024 - # semanage export | semanage import - ValueError: Port tcp/3024 already defined - -Signed-off-by: Vit Mojzis ---- - python/semanage/semanage | 21 +++++++++++++++++++-- - 1 file changed, 19 insertions(+), 2 deletions(-) - -diff --git a/python/semanage/semanage b/python/semanage/semanage -index f45061a601f9..4e8d64d6863a 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -853,10 +853,29 @@ def handleImport(args): - trans = seobject.semanageRecords(args) - trans.start() - -+ deleteCommands = [] -+ commands = [] -+ # separate commands for deletion from the rest so they can be -+ # applied in a separate transaction - for l in sys.stdin.readlines(): - if len(l.strip()) == 0: - continue -+ if "-d" in l or "-D" in l: -+ deleteCommands.append(l) -+ else: -+ commands.append(l) -+ -+ if deleteCommands: -+ importHelper(deleteCommands) -+ trans.finish() -+ trans.start() -+ -+ importHelper(commands) -+ trans.finish() - -+ -+def importHelper(commands): -+ for l in commands: - try: - commandParser = createCommandParser() - args = commandParser.parse_args(mkargv(l)) -@@ -870,8 +889,6 @@ def handleImport(args): - except KeyboardInterrupt: - sys.exit(0) - -- trans.finish() -- - - def setupImportParser(subparsers): - importParser = subparsers.add_parser('import', help=_('Import local customizations')) --- -2.36.1 - diff --git a/policycoreutils.spec b/policycoreutils.spec index e067d23..9d2ec27 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,7 +1,7 @@ %global libauditver 3.0 -%global libsepolver 3.4-1 -%global libsemanagever 3.4-1 -%global libselinuxver 3.4-1 +%global libsepolver 3.5-0 +%global libsemanagever 3.5-0 +%global libselinuxver 3.5-0 %global generatorsdir %{_prefix}/lib/systemd/system-generators @@ -10,11 +10,11 @@ Summary: SELinux policy core utilities Name: policycoreutils -Version: 3.4 -Release: 4%{?dist} +Version: 3.5 +Release: 0.rc1.1%{?dist} License: GPLv2 # https://github.com/SELinuxProject/selinux/wiki/Releases -Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/selinux-3.4.tar.gz +Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5-rc1/selinux-3.5-rc1.tar.gz URL: https://github.com/SELinuxProject/selinux Source13: system-config-selinux.png Source14: sepolicy-icons.tgz @@ -28,23 +28,17 @@ Source21: python-po.tgz Source22: gui-po.tgz Source23: sandbox-po.tgz # https://github.com/fedora-selinux/selinux -# $ git format-patch -N 3.4 -- policycoreutils python gui sandbox dbus semodule-utils restorecond +# $ git format-patch -N 3.5-rc1 -- policycoreutils python gui sandbox dbus semodule-utils restorecond # $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done # Patch list start Patch0001: 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch Patch0002: 0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch Patch0003: 0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch -Patch0004: 0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch -Patch0005: 0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch -Patch0006: 0006-Fix-title-in-manpage.py-to-not-contain-online.patch -Patch0007: 0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch -Patch0008: 0008-sepolicy-generate-Handle-more-reserved-port-types.patch -Patch0009: 0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch -Patch0010: 0010-Use-SHA-2-instead-of-SHA-1.patch -Patch0011: 0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch -Patch0012: 0012-gettext-handle-unsupported-languages-properly.patch -Patch0013: 0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch -Patch0014: 0014-python-Split-semanage-import-into-two-transactions.patch +Patch0004: 0004-Don-t-be-verbose-if-you-are-not-on-a-tty.patch +Patch0005: 0005-sepolicy-generate-Handle-more-reserved-port-types.patch +Patch0006: 0006-sandbox-Use-matchbox-window-manager-instead-of-openb.patch +Patch0007: 0007-Use-SHA-2-instead-of-SHA-1.patch +Patch0008: 0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch # Patch list end Obsoletes: policycoreutils < 2.0.61-2 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138 @@ -56,7 +50,7 @@ Provides: /sbin/restorecon BuildRequires: gcc make BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel -BuildRequires: python3-devel +BuildRequires: python3-devel python3-pip BuildRequires: systemd BuildRequires: git-core Requires: util-linux grep gawk diffutils rpm sed @@ -79,7 +73,7 @@ load_policy to load policies, setfiles to label filesystems, newrole to switch roles. %prep -p /usr/bin/bash -%autosetup -n selinux-%{version} -p 1 +%autosetup -p 1 -n selinux-%{version}-rc1 cp %{SOURCE13} gui/ tar -xvf %{SOURCE14} -C python/sepolicy/ @@ -430,7 +424,7 @@ system-config-selinux is a utility for managing the SELinux environment %dir %{_datadir}/bash-completion %{_datadir}/bash-completion/completions/setsebool %{!?_licensedir:%global license %%doc} -%license policycoreutils/COPYING +%license policycoreutils/LICENSE %doc %{_usr}/share/doc/%{name} %package restorecond @@ -452,7 +446,7 @@ The policycoreutils-restorecond package contains the restorecond service. %{_mandir}/ru/man8/restorecond.8* %{!?_licensedir:%global license %%doc} -%license policycoreutils/COPYING +%license policycoreutils/LICENSE %post %systemd_post selinux-autorelabel-mark.service @@ -470,6 +464,9 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Mon Jan 2 2023 Petr Lautrbach - 3.5-0.rc1.1 +- SELinux userspace 3.5-rc1 release + * Tue Sep 06 2022 Vit Mojzis - 3.4-4 - Update translations (#2062630) diff --git a/sources b/sources index 942efe4..9fe2adb 100644 --- a/sources +++ b/sources @@ -3,3 +3,4 @@ SHA512 (policycoreutils-po.tgz) = d803a466c245ea58a2fb4c8b6680e6e96b1852d5cd8a0e SHA512 (python-po.tgz) = c7ebb27e7de6ebc0452ece828d6fe3cf3a18b60a190625f0f2fab046549143a7499eda1b92b2cd1a134885fdac338278c4f6d617674d81d2fd3814484fde5e52 SHA512 (sandbox-po.tgz) = 1049c61551d22f8a5d2de131e6b3030e86072c27bac29af890f54cbdb8bf358f3adb77488f3160e33dc98aba81af4ab2296c8eb76490651fe7d12838b9988c43 SHA512 (selinux-3.4.tar.gz) = 9b619f6b2c632cc5cfebf5e9a9c1aa4130ef1efe9b85954d5a9da4f7a9bc15e82b9efcb4aa9c7ba2e16bac79cf116163a5d4d9cb7cbba3c96c88e01509bd60ab +SHA512 (selinux-3.5-rc1.tar.gz) = 82643c99343088c7eb7d96ba9f77d463b15bd900e24f6cdb8a9730ee12db7b87d143da4bb2c706514bc2c3de3e864bc68e13e639212bd1b53acee0f0b562618f