From 03c571da1150f73a1bd9dc1462a4b9f4f40f2f1a Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Thu, 21 Jan 2021 22:26:43 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/setools.git#d085b2403dff2850a82718d232a9681ed88f3199 --- .gitignore | 1 + ...sepol-filename-transition-structures.patch | 120 ------------------ 1001-Do-not-use-Werror-during-build.patch | 49 ------- ...e-setools.InfoFlowAnalysis-and-setoo.patch | 14 +- 1003-Require-networkx-on-package-level.patch | 10 +- setools.spec | 16 ++- sources | 2 +- 7 files changed, 23 insertions(+), 189 deletions(-) delete mode 100644 0001-Adapt-to-new-libsepol-filename-transition-structures.patch delete mode 100644 1001-Do-not-use-Werror-during-build.patch diff --git a/.gitignore b/.gitignore index 604fc90..a46f24a 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.2.2.tar.gz /4.3.0.tar.gz /05e90ee.tar.gz +/16c0696.tar.gz diff --git a/0001-Adapt-to-new-libsepol-filename-transition-structures.patch b/0001-Adapt-to-new-libsepol-filename-transition-structures.patch deleted file mode 100644 index ba448fb..0000000 --- a/0001-Adapt-to-new-libsepol-filename-transition-structures.patch +++ /dev/null @@ -1,120 +0,0 @@ -From f63a3690e3e3f02ab67ad1165be54ce25bac2de7 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Fri, 17 Jul 2020 11:28:08 +0200 -Subject: [PATCH] Adapt to new libsepol filename transition structures - -Adapt setools to the new libsepol internal API for filename transitions -which allows for more efficient filename trans rule representation in -memory and binary policy. - -Signed-off-by: Ondrej Mosnacek ---- - setools/policyrep/sepol.pxd | 9 ++++---- - setools/policyrep/terule.pxi | 41 ++++++++++++++++++++++++++++++------ - 2 files changed, 39 insertions(+), 11 deletions(-) - -diff --git a/setools/policyrep/sepol.pxd b/setools/policyrep/sepol.pxd -index 60bc58c28ebf..b07ddb78350f 100644 ---- a/setools/policyrep/sepol.pxd -+++ b/setools/policyrep/sepol.pxd -@@ -544,21 +544,22 @@ cdef extern from "": - ctypedef cond_bool_datum cond_bool_datum_t - - # -- # filename_trans_t -+ # filename_trans_key_t - # -- cdef struct filename_trans: -- uint32_t stype -+ cdef struct filename_trans_key: - uint32_t ttype - uint32_t tclass - char *name - -- ctypedef filename_trans filename_trans_t -+ ctypedef filename_trans_key filename_trans_key_t - - # - # filename_trans_datum_t - # - cdef struct filename_trans_datum: -+ ebitmap_t stypes - uint32_t otype -+ filename_trans_datum *next - - ctypedef filename_trans_datum filename_trans_datum_t - -diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi -index 3976586b7985..760c366f6c39 100644 ---- a/setools/policyrep/terule.pxi -+++ b/setools/policyrep/terule.pxi -@@ -470,17 +470,18 @@ cdef class FileNameTERule(BaseTERule): - readonly str filename - - @staticmethod -- cdef inline FileNameTERule factory(SELinuxPolicy policy, sepol.filename_trans_t *key, -- sepol.filename_trans_datum_t *datum): -+ cdef inline FileNameTERule factory(SELinuxPolicy policy, -+ sepol.filename_trans_key_t *key, -+ Type stype, size_t otype): - """Factory function for creating FileNameTERule objects.""" - cdef FileNameTERule r = FileNameTERule.__new__(FileNameTERule) - r.policy = policy - r.key = key - r.ruletype = TERuletype.type_transition -- r.source = type_or_attr_factory(policy, policy.type_value_to_datum(key.stype - 1)) -+ r.source = stype - r.target = type_or_attr_factory(policy, policy.type_value_to_datum(key.ttype - 1)) - r.tclass = ObjClass.factory(policy, policy.class_value_to_datum(key.tclass - 1)) -- r.dft = Type.factory(policy, policy.type_value_to_datum(datum.otype - 1)) -+ r.dft = Type.factory(policy, policy.type_value_to_datum(otype - 1)) - r.filename = intern(key.name) - r.origin = None - return r -@@ -708,6 +709,10 @@ cdef class FileNameTERuleIterator(HashtabIterator): - - """Iterate over FileNameTERules in the policy.""" - -+ cdef: -+ sepol.filename_trans_datum_t *datum -+ TypeEbitmapIterator stypei -+ - @staticmethod - cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table): - """Factory function for creating FileNameTERule iterators.""" -@@ -717,7 +722,29 @@ cdef class FileNameTERuleIterator(HashtabIterator): - i.reset() - return i - -+ def _next_stype(self): -+ while True: -+ if self.datum == NULL: -+ super().__next__() -+ self.datum = self.curr.datum -+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes) -+ try: -+ return next(self.stypei) -+ except StopIteration: -+ pass -+ self.datum = self.datum.next -+ if self.datum != NULL: -+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes) -+ - def __next__(self): -- super().__next__() -- return FileNameTERule.factory(self.policy, self.curr.key, -- self.curr.datum) -+ stype = self._next_stype() -+ return FileNameTERule.factory(self.policy, -+ self.curr.key, -+ stype, self.datum.otype) -+ -+ def __len__(self): -+ return sum(1 for r in FileNameTERuleIterator.factory(self.policy, self.table)) -+ -+ def reset(self): -+ super().reset() -+ self.datum = NULL --- -2.29.0 - diff --git a/1001-Do-not-use-Werror-during-build.patch b/1001-Do-not-use-Werror-during-build.patch deleted file mode 100644 index 60f11e2..0000000 --- a/1001-Do-not-use-Werror-during-build.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 4b3dc6b38abbd32cda557d5ef9ea1383ac5fdcf2 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 23 Feb 2017 08:17:07 +0100 -Subject: [PATCH 2/3] Do not use -Werror during build -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There are new warnings when setools are built with gcc 7 therefore we -want to suppress -Werror for now - -Fixes: -libqpol/policy_extend.c: In function ‘policy_extend’: -libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=] - snprintf(buff, 9, "@ttr%04zd", i + 1); - ^~~~~ -libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295] - snprintf(buff, 9, "@ttr%04zd", i + 1); - ^~~~~~~~~~~ -In file included from /usr/include/stdio.h:939:0, - from /usr/include/sepol/policydb/policydb.h:53, - from libqpol/policy_extend.c:29: -/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9 - return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - __bos (__s), __fmt, __va_arg_pack ()); - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -cc1: all warnings being treated as errors -error: command 'gcc' failed with exit status 1 ---- - setup.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/setup.py b/setup.py -index c94daf1..a7442ac 100644 ---- a/setup.py -+++ b/setup.py -@@ -105,7 +105,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'], - libraries=['selinux', 'sepol'], - library_dirs=lib_dirs, - define_macros=macros, -- extra_compile_args=['-Werror', '-Wextra', -+ extra_compile_args=['-Wextra', - '-Waggregate-return', - '-Wfloat-equal', - '-Wformat', '-Wformat=2', --- -2.17.2 - diff --git a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch index 29ccc0e..d270d21 100644 --- a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +++ b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -1,7 +1,7 @@ -From fa776e6abd019a7bdaca37486d714d307cbd332f Mon Sep 17 00:00:00 2001 +From e47d19f4985098ca316eea4a383510d419ec6055 Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Fri, 26 Apr 2019 15:27:25 +0200 -Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and +Subject: [PATCH 1/2] Do not export/use setools.InfoFlowAnalysis and setools.DomainTransitionAnalysis dta and infoflow modules require networkx which brings lot of dependencies. @@ -86,10 +86,10 @@ index d72d343e7e79..642485b9018d 100644 from .diff import PolicyDifference diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py -index 4608b9dbf34e..2cde44c142e9 100644 +index 62dbf04d9a5e..0ea000e790f0 100644 --- a/setoolsgui/apol/dta.py +++ b/setoolsgui/apol/dta.py -@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread +@@ -24,7 +24,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread from PyQt5.QtGui import QPalette, QTextCursor from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ QTreeWidgetItem @@ -97,9 +97,9 @@ index 4608b9dbf34e..2cde44c142e9 100644 +from setools.dta import DomainTransitionAnalysis from ..logtosignal import LogHandlerToSignal - from .analysistab import AnalysisTab + from .analysistab import AnalysisSection, AnalysisTab diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py -index 7bca299d23fc..7fee2778f35f 100644 +index 28009aa2329c..92d350bf727c 100644 --- a/setoolsgui/apol/infoflow.py +++ b/setoolsgui/apol/infoflow.py @@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread @@ -138,5 +138,5 @@ index aa0e44a7e4f8..fca2848aeca5 100644 from setools.exception import InvalidType from setools.permmap import PermissionMap -- -2.26.0.rc2 +2.30.0 diff --git a/1003-Require-networkx-on-package-level.patch b/1003-Require-networkx-on-package-level.patch index 46e9a4d..99eb500 100644 --- a/1003-Require-networkx-on-package-level.patch +++ b/1003-Require-networkx-on-package-level.patch @@ -1,7 +1,7 @@ -From a2faa263c9dd8bcf51465861046e0406a84975c0 Mon Sep 17 00:00:00 2001 +From 7b73bdeda54b9c944774452bfa3b3c1f2733b3f0 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 2 Apr 2020 16:06:14 +0200 -Subject: [PATCH] Require networkx on package level +Subject: [PATCH 2/2] Require networkx on package level It allows us to ship python3-setools without dependency on python3-networkx --- @@ -9,10 +9,10 @@ It allows us to ship python3-setools without dependency on python3-networkx 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py -index 457c83049ca5..4bfd438002bb 100644 +index c593b786cc61..0551811e3fd1 100644 --- a/setup.py +++ b/setup.py -@@ -170,5 +170,5 @@ setup(name='setools', +@@ -163,5 +163,5 @@ setup(name='setools', # setup also requires libsepol and libselinux # C libraries and headers to compile. setup_requires=['setuptools', 'Cython>=0.27'], @@ -20,5 +20,5 @@ index 457c83049ca5..4bfd438002bb 100644 + install_requires=['setuptools'] ) -- -2.26.0.rc2 +2.30.0 diff --git a/setools.spec b/setools.spec index a91914d..1fcc16e 100644 --- a/setools.spec +++ b/setools.spec @@ -1,13 +1,13 @@ -%global setools_pre_ver 05e90ee -%global gitver 05e90ee241af05665f3394e9bed0073e1bb2e17d +%global setools_pre_ver 16c0696 +%global gitver 16c069631e1652801b1a6c41c6607b7326fc15f0 -%global sepol_ver 3.1-4 -%global selinux_ver 3.1-4 +%global sepol_ver 3.2-0.rc1 +%global selinux_ver 3.2-0.rc1 Name: setools Version: 4.4.0 -Release: 0.2.20201102git%{setools_pre_ver}%{?dist} +Release: 0.2.20210121git%{setools_pre_ver}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -15,8 +15,6 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{setools_pre_ver}.tar.gz Source1: setools.pam Source2: apol.desktop -Patch0001: 0001-Adapt-to-new-libsepol-filename-transition-structures.patch -Patch1001: 1001-Do-not-use-Werror-during-build.patch Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Patch1003: 1003-Require-networkx-on-package-level.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 @@ -147,6 +145,10 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Thu Jan 21 2021 Petr Lautrbach - 4.4.0-0.2.20210121git16c0696 +- Rebuild with SELinux userspace 3.2-rc1 +- Update to 16c0696 + * Thu Dec 10 2020 Petr Lautrbach - 4.4.0-0.2.20201102git05e90ee - Fix imports in /usr/bin/sedta diff --git a/sources b/sources index e13005d..add220c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (05e90ee.tar.gz) = 32f60e9a40ca5791a1e63986377e90ca728c7e205d8ae7ce446830ca7f96b51496d9753fd70077f5b6547050d23c41a1d10b20e0af9e4066355e29781d5e3686 +SHA512 (16c0696.tar.gz) = 1c9a2e8daf6e131bfe2e2e1cea1ed2caa190486af152048e3b79ab88fcd0a20c030b08986d1dd6ee4079841985b47c366435177bb206e68ea567ecee32037358