From 3ef58364edbd59d224739f60c36919156405b615 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 18 Dec 2024 16:14:46 +0100 Subject: [PATCH] SELinux userspace 3.8-rc3 release Resolves: RHEL-69451 Resolves: RHEL-67906 --- .gitignore | 2 + ...gen-ifgen-allow-M4-escaped-filenames.patch | 44 ------------------- changelog | 3 ++ policycoreutils.spec | 15 +++---- sources | 4 +- 5 files changed, 14 insertions(+), 54 deletions(-) delete mode 100644 0006-sepolgen-ifgen-allow-M4-escaped-filenames.patch diff --git a/.gitignore b/.gitignore index ddc70f1..2ca0051 100644 --- a/.gitignore +++ b/.gitignore @@ -359,3 +359,5 @@ policycoreutils-2.0.83.tgz /selinux-3.7.tar.gz.asc /selinux-3.8-rc1.tar.gz /selinux-3.8-rc1.tar.gz.asc +/selinux-3.8-rc3.tar.gz +/selinux-3.8-rc3.tar.gz.asc diff --git a/0006-sepolgen-ifgen-allow-M4-escaped-filenames.patch b/0006-sepolgen-ifgen-allow-M4-escaped-filenames.patch deleted file mode 100644 index 1149167..0000000 --- a/0006-sepolgen-ifgen-allow-M4-escaped-filenames.patch +++ /dev/null @@ -1,44 +0,0 @@ -From d95931cc190b18e9c405e19dccfa6290269a84df Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 19 Aug 2024 19:51:51 +0200 -Subject: [PATCH] sepolgen-ifgen: allow M4 escaped filenames -Content-type: text/plain - -When a file name in type transition rule used in an interface is same as -a keyword, it needs to be M4 escaped so that the keyword is not expanded -by M4, e.g. - -- filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "interface") -+ filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "``interface''") - -But sepolgen-ifgen could not parse such string: - - # sepolgen-ifgen - Illegal character '`' - -This change allows M4 escaping inside quoted strings and fixed described -problem. - -https://bugzilla.redhat.com/show_bug.cgi?id=2254206 - -Signed-off-by: Petr Lautrbach ---- - python/sepolgen/src/sepolgen/refparser.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py -index e261d3f78f87..9622ee9a29ce 100644 ---- a/python/sepolgen/src/sepolgen/refparser.py -+++ b/python/sepolgen/src/sepolgen/refparser.py -@@ -261,7 +261,7 @@ def t_IDENTIFIER(t): - return t - - def t_FILENAME(t): -- r'\"[a-zA-Z0-9_\-\+\.\$\*~ :\[\]]+\"' -+ r'\"`*[a-zA-Z0-9_\-\+\.\$\*~ :\[\]]+\'*\"' - # Handle any keywords - t.type = reserved.get(t.value,'FILENAME') - return t --- -2.47.0 - diff --git a/changelog b/changelog index fecbad6..92e47b3 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,6 @@ +* Wed Dec 18 2024 Petr Lautrbach - 3.8-0.rc3.1 +- SELinux userspace 3.8-rc3 release + * Thu Dec 05 2024 Petr Lautrbach - 3.8-0.rc1.1 - SELinux userspace 3.8-rc1 release diff --git a/policycoreutils.spec b/policycoreutils.spec index e7195bb..812d92d 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,7 +1,7 @@ %global libauditver 3.0 -%global libsepolver 3.8-0 -%global libsemanagever 3.8-0 -%global libselinuxver 3.8-0 +%global libsepolver 3.8-0.rc3 +%global libsemanagever 3.8-0.rc3 +%global libselinuxver 3.8-0.rc3 %global generatorsdir %{_prefix}/lib/systemd/system-generators @@ -11,11 +11,11 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 3.8 -Release: 0.rc1.1%{?dist} +Release: 0.rc3.1%{?dist} License: GPL-2.0-or-later # https://github.com/SELinuxProject/selinux/wiki/Releases -Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc1/selinux-%{version}-rc1.tar.gz -Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc1/selinux-%{version}-rc1.tar.gz.asc +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc3/selinux-%{version}-rc3.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc3/selinux-%{version}-rc3.tar.gz.asc Source2: https://github.com/bachradsusi.gpg URL: https://github.com/SELinuxProject/selinux Source13: system-config-selinux.png @@ -43,7 +43,6 @@ Patch0002: 0002-sepolicy-generate-Handle-more-reserved-port-types.patch Patch0003: 0003-sandbox-Use-matchbox-window-manager-instead-of-openb.patch Patch0004: 0004-Use-SHA-2-instead-of-SHA-1.patch Patch0005: 0005-python-sepolicy-Fix-spec-file-dependencies.patch -Patch0006: 0006-sepolgen-ifgen-allow-M4-escaped-filenames.patch # Patch list end Obsoletes: policycoreutils < 2.0.61-2 @@ -81,7 +80,7 @@ to switch roles. %prep -p /usr/bin/bash %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' -%autosetup -p 1 -n selinux-%{version}-rc1 +%autosetup -p 1 -n selinux-%{version}-rc3 cp %{SOURCE13} gui/ tar -xvf %{SOURCE14} -C python/sepolicy/ diff --git a/sources b/sources index 1fa9725..aabc995 100644 --- a/sources +++ b/sources @@ -2,5 +2,5 @@ SHA512 (selinux-policycoreutils.zip) = 0df9dc274e0d1a2e4e2467f95a18a5bf7b6de2428 SHA512 (selinux-python.zip) = 35d209f8bcff498f66465499fcc4cef0780781276a4ba060b2d1d56eed1dd72d253f6b0eae5f679d46cf426b967a7aadac909363513be5d483c95a31249eacdd SHA512 (selinux-sandbox.zip) = ecbc0c8280eb6c013b039a2e63ee5a361cd84807613962a012ac0a98092357e9809bea23c3c71bd8ae4745b1dd12a4fce43db5e1cab31614f386a2a8db88b733 SHA512 (selinux-gui.zip) = 3ae41eba5dd6d34e10dfdb97f4194d170ace2f3044e984077db7d26d05bdaad86625e48e5694e3e8680487ad99a50861d4bea30c4bf08e2820e3b7a8671270c7 -SHA512 (selinux-3.8-rc1.tar.gz) = 64e4ca41d3558ef4f2af0b26ca1d55d3d2b9badb685dde7acda866fa5ebfb71d80e924a4e314ae1fe83be70a1250dbd1df1c78118cff2b845ccffaf3b4a5c55c -SHA512 (selinux-3.8-rc1.tar.gz.asc) = e974331b53df020367270885a1a54b458b4f8eea4429c5a8bd65770b8ea72ad2d4e46ca4349a730d7db40f5e0796be6fe846e888cb215c750649e98fd7cefc2c +SHA512 (selinux-3.8-rc3.tar.gz) = 952cf58fd236949df96580f1e98cdde9003c8e783663c8cff391a4b56d3399a71694c756d1ba3141a494386c9b053ad0ca3665ac7dcdd5c6c252be4df6539c31 +SHA512 (selinux-3.8-rc3.tar.gz.asc) = 5149d362dea727edf40d88fcb3ad277b0c510b9799fd2e5ab420e98cafd60b33c208563c3ba93a6949c4592946a6ab87b4477bc413702942691fa2c676f51dad