Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/setools.git#d085b2403dff2850a82718d232a9681ed88f3199
This commit is contained in:
parent
ff2f9bf9f9
commit
03c571da11
1
.gitignore
vendored
1
.gitignore
vendored
@ -10,3 +10,4 @@ setools-3.3.8-f1e5b20.tar.bz2
|
||||
/4.2.2.tar.gz
|
||||
/4.3.0.tar.gz
|
||||
/05e90ee.tar.gz
|
||||
/16c0696.tar.gz
|
||||
|
@ -1,120 +0,0 @@
|
||||
From f63a3690e3e3f02ab67ad1165be54ce25bac2de7 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Date: Fri, 17 Jul 2020 11:28:08 +0200
|
||||
Subject: [PATCH] Adapt to new libsepol filename transition structures
|
||||
|
||||
Adapt setools to the new libsepol internal API for filename transitions
|
||||
which allows for more efficient filename trans rule representation in
|
||||
memory and binary policy.
|
||||
|
||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
---
|
||||
setools/policyrep/sepol.pxd | 9 ++++----
|
||||
setools/policyrep/terule.pxi | 41 ++++++++++++++++++++++++++++++------
|
||||
2 files changed, 39 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/setools/policyrep/sepol.pxd b/setools/policyrep/sepol.pxd
|
||||
index 60bc58c28ebf..b07ddb78350f 100644
|
||||
--- a/setools/policyrep/sepol.pxd
|
||||
+++ b/setools/policyrep/sepol.pxd
|
||||
@@ -544,21 +544,22 @@ cdef extern from "<sepol/policydb/policydb.h>":
|
||||
ctypedef cond_bool_datum cond_bool_datum_t
|
||||
|
||||
#
|
||||
- # filename_trans_t
|
||||
+ # filename_trans_key_t
|
||||
#
|
||||
- cdef struct filename_trans:
|
||||
- uint32_t stype
|
||||
+ cdef struct filename_trans_key:
|
||||
uint32_t ttype
|
||||
uint32_t tclass
|
||||
char *name
|
||||
|
||||
- ctypedef filename_trans filename_trans_t
|
||||
+ ctypedef filename_trans_key filename_trans_key_t
|
||||
|
||||
#
|
||||
# filename_trans_datum_t
|
||||
#
|
||||
cdef struct filename_trans_datum:
|
||||
+ ebitmap_t stypes
|
||||
uint32_t otype
|
||||
+ filename_trans_datum *next
|
||||
|
||||
ctypedef filename_trans_datum filename_trans_datum_t
|
||||
|
||||
diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi
|
||||
index 3976586b7985..760c366f6c39 100644
|
||||
--- a/setools/policyrep/terule.pxi
|
||||
+++ b/setools/policyrep/terule.pxi
|
||||
@@ -470,17 +470,18 @@ cdef class FileNameTERule(BaseTERule):
|
||||
readonly str filename
|
||||
|
||||
@staticmethod
|
||||
- cdef inline FileNameTERule factory(SELinuxPolicy policy, sepol.filename_trans_t *key,
|
||||
- sepol.filename_trans_datum_t *datum):
|
||||
+ cdef inline FileNameTERule factory(SELinuxPolicy policy,
|
||||
+ sepol.filename_trans_key_t *key,
|
||||
+ Type stype, size_t otype):
|
||||
"""Factory function for creating FileNameTERule objects."""
|
||||
cdef FileNameTERule r = FileNameTERule.__new__(FileNameTERule)
|
||||
r.policy = policy
|
||||
r.key = <uintptr_t>key
|
||||
r.ruletype = TERuletype.type_transition
|
||||
- r.source = type_or_attr_factory(policy, policy.type_value_to_datum(key.stype - 1))
|
||||
+ r.source = stype
|
||||
r.target = type_or_attr_factory(policy, policy.type_value_to_datum(key.ttype - 1))
|
||||
r.tclass = ObjClass.factory(policy, policy.class_value_to_datum(key.tclass - 1))
|
||||
- r.dft = Type.factory(policy, policy.type_value_to_datum(datum.otype - 1))
|
||||
+ r.dft = Type.factory(policy, policy.type_value_to_datum(otype - 1))
|
||||
r.filename = intern(key.name)
|
||||
r.origin = None
|
||||
return r
|
||||
@@ -708,6 +709,10 @@ cdef class FileNameTERuleIterator(HashtabIterator):
|
||||
|
||||
"""Iterate over FileNameTERules in the policy."""
|
||||
|
||||
+ cdef:
|
||||
+ sepol.filename_trans_datum_t *datum
|
||||
+ TypeEbitmapIterator stypei
|
||||
+
|
||||
@staticmethod
|
||||
cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table):
|
||||
"""Factory function for creating FileNameTERule iterators."""
|
||||
@@ -717,7 +722,29 @@ cdef class FileNameTERuleIterator(HashtabIterator):
|
||||
i.reset()
|
||||
return i
|
||||
|
||||
+ def _next_stype(self):
|
||||
+ while True:
|
||||
+ if self.datum == NULL:
|
||||
+ super().__next__()
|
||||
+ self.datum = <sepol.filename_trans_datum_t *>self.curr.datum
|
||||
+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes)
|
||||
+ try:
|
||||
+ return next(self.stypei)
|
||||
+ except StopIteration:
|
||||
+ pass
|
||||
+ self.datum = self.datum.next
|
||||
+ if self.datum != NULL:
|
||||
+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes)
|
||||
+
|
||||
def __next__(self):
|
||||
- super().__next__()
|
||||
- return FileNameTERule.factory(self.policy, <sepol.filename_trans_t *>self.curr.key,
|
||||
- <sepol.filename_trans_datum_t *>self.curr.datum)
|
||||
+ stype = self._next_stype()
|
||||
+ return FileNameTERule.factory(self.policy,
|
||||
+ <sepol.filename_trans_key_t *>self.curr.key,
|
||||
+ stype, self.datum.otype)
|
||||
+
|
||||
+ def __len__(self):
|
||||
+ return sum(1 for r in FileNameTERuleIterator.factory(self.policy, self.table))
|
||||
+
|
||||
+ def reset(self):
|
||||
+ super().reset()
|
||||
+ self.datum = NULL
|
||||
--
|
||||
2.29.0
|
||||
|
@ -1,49 +0,0 @@
|
||||
From 4b3dc6b38abbd32cda557d5ef9ea1383ac5fdcf2 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Thu, 23 Feb 2017 08:17:07 +0100
|
||||
Subject: [PATCH 2/3] Do not use -Werror during build
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
There are new warnings when setools are built with gcc 7 therefore we
|
||||
want to suppress -Werror for now
|
||||
|
||||
Fixes:
|
||||
libqpol/policy_extend.c: In function ‘policy_extend’:
|
||||
libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
|
||||
snprintf(buff, 9, "@ttr%04zd", i + 1);
|
||||
^~~~~
|
||||
libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
|
||||
snprintf(buff, 9, "@ttr%04zd", i + 1);
|
||||
^~~~~~~~~~~
|
||||
In file included from /usr/include/stdio.h:939:0,
|
||||
from /usr/include/sepol/policydb/policydb.h:53,
|
||||
from libqpol/policy_extend.c:29:
|
||||
/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9
|
||||
return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
__bos (__s), __fmt, __va_arg_pack ());
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
cc1: all warnings being treated as errors
|
||||
error: command 'gcc' failed with exit status 1
|
||||
---
|
||||
setup.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/setup.py b/setup.py
|
||||
index c94daf1..a7442ac 100644
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -105,7 +105,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'],
|
||||
libraries=['selinux', 'sepol'],
|
||||
library_dirs=lib_dirs,
|
||||
define_macros=macros,
|
||||
- extra_compile_args=['-Werror', '-Wextra',
|
||||
+ extra_compile_args=['-Wextra',
|
||||
'-Waggregate-return',
|
||||
'-Wfloat-equal',
|
||||
'-Wformat', '-Wformat=2',
|
||||
--
|
||||
2.17.2
|
||||
|
@ -1,7 +1,7 @@
|
||||
From fa776e6abd019a7bdaca37486d714d307cbd332f Mon Sep 17 00:00:00 2001
|
||||
From e47d19f4985098ca316eea4a383510d419ec6055 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Fri, 26 Apr 2019 15:27:25 +0200
|
||||
Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and
|
||||
Subject: [PATCH 1/2] Do not export/use setools.InfoFlowAnalysis and
|
||||
setools.DomainTransitionAnalysis
|
||||
|
||||
dta and infoflow modules require networkx which brings lot of dependencies.
|
||||
@ -86,10 +86,10 @@ index d72d343e7e79..642485b9018d 100644
|
||||
from .diff import PolicyDifference
|
||||
|
||||
diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
|
||||
index 4608b9dbf34e..2cde44c142e9 100644
|
||||
index 62dbf04d9a5e..0ea000e790f0 100644
|
||||
--- a/setoolsgui/apol/dta.py
|
||||
+++ b/setoolsgui/apol/dta.py
|
||||
@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
|
||||
@@ -24,7 +24,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
|
||||
from PyQt5.QtGui import QPalette, QTextCursor
|
||||
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
|
||||
QTreeWidgetItem
|
||||
@ -97,9 +97,9 @@ index 4608b9dbf34e..2cde44c142e9 100644
|
||||
+from setools.dta import DomainTransitionAnalysis
|
||||
|
||||
from ..logtosignal import LogHandlerToSignal
|
||||
from .analysistab import AnalysisTab
|
||||
from .analysistab import AnalysisSection, AnalysisTab
|
||||
diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
|
||||
index 7bca299d23fc..7fee2778f35f 100644
|
||||
index 28009aa2329c..92d350bf727c 100644
|
||||
--- a/setoolsgui/apol/infoflow.py
|
||||
+++ b/setoolsgui/apol/infoflow.py
|
||||
@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
|
||||
@ -138,5 +138,5 @@ index aa0e44a7e4f8..fca2848aeca5 100644
|
||||
from setools.exception import InvalidType
|
||||
from setools.permmap import PermissionMap
|
||||
--
|
||||
2.26.0.rc2
|
||||
2.30.0
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From a2faa263c9dd8bcf51465861046e0406a84975c0 Mon Sep 17 00:00:00 2001
|
||||
From 7b73bdeda54b9c944774452bfa3b3c1f2733b3f0 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 2 Apr 2020 16:06:14 +0200
|
||||
Subject: [PATCH] Require networkx on package level
|
||||
Subject: [PATCH 2/2] Require networkx on package level
|
||||
|
||||
It allows us to ship python3-setools without dependency on python3-networkx
|
||||
---
|
||||
@ -9,10 +9,10 @@ It allows us to ship python3-setools without dependency on python3-networkx
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/setup.py b/setup.py
|
||||
index 457c83049ca5..4bfd438002bb 100644
|
||||
index c593b786cc61..0551811e3fd1 100644
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -170,5 +170,5 @@ setup(name='setools',
|
||||
@@ -163,5 +163,5 @@ setup(name='setools',
|
||||
# setup also requires libsepol and libselinux
|
||||
# C libraries and headers to compile.
|
||||
setup_requires=['setuptools', 'Cython>=0.27'],
|
||||
@ -20,5 +20,5 @@ index 457c83049ca5..4bfd438002bb 100644
|
||||
+ install_requires=['setuptools']
|
||||
)
|
||||
--
|
||||
2.26.0.rc2
|
||||
2.30.0
|
||||
|
||||
|
16
setools.spec
16
setools.spec
@ -1,13 +1,13 @@
|
||||
%global setools_pre_ver 05e90ee
|
||||
%global gitver 05e90ee241af05665f3394e9bed0073e1bb2e17d
|
||||
%global setools_pre_ver 16c0696
|
||||
%global gitver 16c069631e1652801b1a6c41c6607b7326fc15f0
|
||||
|
||||
%global sepol_ver 3.1-4
|
||||
%global selinux_ver 3.1-4
|
||||
%global sepol_ver 3.2-0.rc1
|
||||
%global selinux_ver 3.2-0.rc1
|
||||
|
||||
|
||||
Name: setools
|
||||
Version: 4.4.0
|
||||
Release: 0.2.20201102git%{setools_pre_ver}%{?dist}
|
||||
Release: 0.2.20210121git%{setools_pre_ver}%{?dist}
|
||||
Summary: Policy analysis tools for SELinux
|
||||
|
||||
License: GPLv2
|
||||
@ -15,8 +15,6 @@ URL: https://github.com/SELinuxProject/setools/wiki
|
||||
Source0: https://github.com/SELinuxProject/setools/archive/%{setools_pre_ver}.tar.gz
|
||||
Source1: setools.pam
|
||||
Source2: apol.desktop
|
||||
Patch0001: 0001-Adapt-to-new-libsepol-filename-transition-structures.patch
|
||||
Patch1001: 1001-Do-not-use-Werror-during-build.patch
|
||||
Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
|
||||
Patch1003: 1003-Require-networkx-on-package-level.patch
|
||||
Obsoletes: setools < 4.0.0, setools-devel < 4.0.0
|
||||
@ -147,6 +145,10 @@ Python modules designed to facilitate SELinux policy analysis.
|
||||
%{_mandir}/ru/man1/apol*
|
||||
|
||||
%changelog
|
||||
* Thu Jan 21 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20210121git16c0696
|
||||
- Rebuild with SELinux userspace 3.2-rc1
|
||||
- Update to 16c0696
|
||||
|
||||
* Thu Dec 10 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20201102git05e90ee
|
||||
- Fix imports in /usr/bin/sedta
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (05e90ee.tar.gz) = 32f60e9a40ca5791a1e63986377e90ca728c7e205d8ae7ce446830ca7f96b51496d9753fd70077f5b6547050d23c41a1d10b20e0af9e4066355e29781d5e3686
|
||||
SHA512 (16c0696.tar.gz) = 1c9a2e8daf6e131bfe2e2e1cea1ed2caa190486af152048e3b79ab88fcd0a20c030b08986d1dd6ee4079841985b47c366435177bb206e68ea567ecee32037358
|
||||
|
Loading…
Reference in New Issue
Block a user