From 86518d3e36bc3771e33beae24d14103974feb22c Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 14 May 2025 17:36:42 +0000 Subject: [PATCH] import UBI setools-4.5.1-4.el10 --- .gitignore | 2 +- .setools.metadata | 1 - ...-old-boolean-names-in-policy-queries.patch | 94 ------- .../0002-Make-seinfo-output-predictable.patch | 90 ------ ...move-neverallow-options-in-frontends.patch | 114 -------- ...-remove-neverallow-options-in-sediff.patch | 91 ------ ...permission-set-creation-for-AVTAB_XP.patch | 259 ------------------ .../1001-Do-not-use-Werror-during-build.patch | 49 ---- ...e-setools.InfoFlowAnalysis-and-setoo.patch | 139 ---------- ...03-Require-networkx-on-package-level.patch | 24 -- ...otFound-as-it-s-not-implemented-in-n.patch | 93 ------- SOURCES/apol.desktop => apol.desktop | 0 SOURCES/setools.pam => setools.pam | 0 SPECS/setools.spec => setools.spec | 252 +++++++++++------ sources | 1 + 15 files changed, 166 insertions(+), 1043 deletions(-) delete mode 100644 .setools.metadata delete mode 100644 SOURCES/0001-Support-old-boolean-names-in-policy-queries.patch delete mode 100644 SOURCES/0002-Make-seinfo-output-predictable.patch delete mode 100644 SOURCES/0003-Disable-remove-neverallow-options-in-frontends.patch delete mode 100644 SOURCES/0004-Disable-remove-neverallow-options-in-sediff.patch delete mode 100644 SOURCES/0005-AVRuleXperm-Fix-permission-set-creation-for-AVTAB_XP.patch delete mode 100644 SOURCES/1001-Do-not-use-Werror-during-build.patch delete mode 100644 SOURCES/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch delete mode 100644 SOURCES/1003-Require-networkx-on-package-level.patch delete mode 100644 SOURCES/1004-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch rename SOURCES/apol.desktop => apol.desktop (100%) rename SOURCES/setools.pam => setools.pam (100%) rename SPECS/setools.spec => setools.spec (50%) create mode 100644 sources diff --git a/.gitignore b/.gitignore index 920f783..8bacd55 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/4.3.0.tar.gz +4.5.1.tar.gz diff --git a/.setools.metadata b/.setools.metadata deleted file mode 100644 index 9d7c407..0000000 --- a/.setools.metadata +++ /dev/null @@ -1 +0,0 @@ -7b4a07a20ecee70da558bfe4ad26edf7eb6ca103 SOURCES/4.3.0.tar.gz diff --git a/SOURCES/0001-Support-old-boolean-names-in-policy-queries.patch b/SOURCES/0001-Support-old-boolean-names-in-policy-queries.patch deleted file mode 100644 index 0f40902..0000000 --- a/SOURCES/0001-Support-old-boolean-names-in-policy-queries.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 97bd46865e12246c00517d1e07aabca530a305ac Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Wed, 17 Jun 2020 13:34:19 +0200 -Subject: [PATCH] Support old boolean names in policy queries - -Translate old boolean names based on /etc/selinux/*/booleans.subs_dist -file. The translation is only attempted when "policy" was not specified -to avoid influencing queries of policies from other systems. - -Signed-off-by: Vit Mojzis ---- - seinfo | 6 +++++- - sesearch | 7 ++++++- - setools/policyrep/selinux.pxd | 1 + - setools/policyrep/util.pxi | 22 ++++++++++++++++++++++ - 4 files changed, 34 insertions(+), 2 deletions(-) - -diff --git a/seinfo b/seinfo -index d2caf7c..bc33e12 100755 ---- a/seinfo -+++ b/seinfo -@@ -125,7 +125,11 @@ try: - if args.boolquery or args.all: - q = setools.BoolQuery(p) - if isinstance(args.boolquery, str): -- q.name = args.boolquery -+ if args.policy: -+ q.name = args.boolquery -+ else: -+ # try to find substitutions for old boolean names -+ q.name = setools.policyrep.lookup_boolean_name_sub(args.boolquery) - - components.append(("Booleans", q, lambda x: x.statement())) - -diff --git a/sesearch b/sesearch -index c4b1d38..733f3d3 100755 ---- a/sesearch -+++ b/sesearch -@@ -189,7 +189,12 @@ try: - if args.boolean_regex: - q.boolean = args.boolean - else: -- q.boolean = args.boolean.split(",") -+ if args.policy: -+ q.boolean = args.boolean.split(",") -+ else: -+ # try to find substitutions for old boolean names -+ q.boolean = map(setools.policyrep.lookup_boolean_name_sub, -+ args.boolean.split(",")) - - for r in sorted(q.results()): - print(r) -diff --git a/setools/policyrep/selinux.pxd b/setools/policyrep/selinux.pxd -index a2e8af0..1686831 100644 ---- a/setools/policyrep/selinux.pxd -+++ b/setools/policyrep/selinux.pxd -@@ -24,3 +24,4 @@ cdef extern from "": - bint selinuxfs_exists() - const char* selinux_current_policy_path() - const char* selinux_binary_policy_path() -+ char* selinux_boolean_sub(const char *boolean_name); -diff --git a/setools/policyrep/util.pxi b/setools/policyrep/util.pxi -index 40f21a7..abc7be8 100644 ---- a/setools/policyrep/util.pxi -+++ b/setools/policyrep/util.pxi -@@ -230,3 +230,25 @@ cdef flatten_list(input_list): - ret.append(i) - - return ret -+ -+ -+def lookup_boolean_name_sub(name): -+ """ -+ Read the /etc/selinux/TYPE/booleans.subs_dist file looking -+ for a record with 'name'. -+ Return the translated name if a corresponding substitution exists, -+ otherwise return the original name. -+ """ -+ cdef: -+ char *_name = selinux.selinux_boolean_sub(name) -+ str new_name = name -+ -+ if _name == NULL: -+ raise MemoryError -+ # cast "char *" to "str" and free -+ try: -+ new_name = _name -+ finally: -+ free(_name) -+ -+ return new_name --- -2.25.4 - diff --git a/SOURCES/0002-Make-seinfo-output-predictable.patch b/SOURCES/0002-Make-seinfo-output-predictable.patch deleted file mode 100644 index d21a16e..0000000 --- a/SOURCES/0002-Make-seinfo-output-predictable.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 4e6f6c95cfe7ca4a3a9d9e0dbd6e23e4bac2449c Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Thu, 18 Nov 2021 13:59:08 +0100 -Subject: [PATCH] Make seinfo output predictable - -There are few places where frozenset is used. Given that frozenset is an unordered -collection the output generated from this is unpredictable. - -The following command outputs are fixed using sorted() on frozensets: - - seinfo --constrain - seinfo --common - seinfo -c -x - seinfo -r -x - seinfo -u -x - -Fixes: https://github.com/SELinuxProject/setools/issues/65 - -Signed-off-by: Petr Lautrbach ---- - setools/policyrep/constraint.pxi | 2 +- - setools/policyrep/objclass.pxi | 4 ++-- - setools/policyrep/role.pxi | 2 +- - setools/policyrep/user.pxi | 2 +- - 4 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/setools/policyrep/constraint.pxi b/setools/policyrep/constraint.pxi -index d5221a1..77c3e2e 100644 ---- a/setools/policyrep/constraint.pxi -+++ b/setools/policyrep/constraint.pxi -@@ -66,7 +66,7 @@ cdef class Constraint(BaseConstraint): - - def statement(self): - if len(self.perms) > 1: -- perms = "{{ {0} }}".format(' '.join(self.perms)) -+ perms = "{{ {0} }}".format(' '.join(sorted(self.perms))) - else: - # convert to list since sets cannot be indexed - perms = list(self.perms)[0] -diff --git a/setools/policyrep/objclass.pxi b/setools/policyrep/objclass.pxi -index b7ec7b7..8ed2be5 100644 ---- a/setools/policyrep/objclass.pxi -+++ b/setools/policyrep/objclass.pxi -@@ -75,7 +75,7 @@ cdef class Common(PolicySymbol): - return other in self.perms - - def statement(self): -- return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(self.perms)) -+ return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(sorted(self.perms))) - - - cdef class ObjClass(PolicySymbol): -@@ -204,7 +204,7 @@ cdef class ObjClass(PolicySymbol): - - # a class that inherits may not have additional permissions - if len(self.perms) > 0: -- stmt += "{{\n\t{0}\n}}".format('\n\t'.join(self.perms)) -+ stmt += "{{\n\t{0}\n}}".format('\n\t'.join(sorted(self.perms))) - - return stmt - -diff --git a/setools/policyrep/role.pxi b/setools/policyrep/role.pxi -index 9a0dd39..3af8a3f 100644 ---- a/setools/policyrep/role.pxi -+++ b/setools/policyrep/role.pxi -@@ -58,7 +58,7 @@ cdef class Role(PolicySymbol): - if count == 1: - stmt += " types {0}".format(types[0]) - else: -- stmt += " types {{ {0} }}".format(' '.join(types)) -+ stmt += " types {{ {0} }}".format(' '.join(sorted(types))) - - stmt += ";" - return stmt -diff --git a/setools/policyrep/user.pxi b/setools/policyrep/user.pxi -index 9c82aa9..e37af29 100644 ---- a/setools/policyrep/user.pxi -+++ b/setools/policyrep/user.pxi -@@ -81,7 +81,7 @@ cdef class User(PolicySymbol): - if count == 1: - stmt += roles[0] - else: -- stmt += "{{ {0} }}".format(' '.join(roles)) -+ stmt += "{{ {0} }}".format(' '.join(sorted(roles))) - - if self._level: - stmt += " level {0.mls_level} range {0.mls_range};".format(self) --- -2.30.2 - diff --git a/SOURCES/0003-Disable-remove-neverallow-options-in-frontends.patch b/SOURCES/0003-Disable-remove-neverallow-options-in-frontends.patch deleted file mode 100644 index acfdba0..0000000 --- a/SOURCES/0003-Disable-remove-neverallow-options-in-frontends.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 92b692452d07d67b1d901baf36798cab8e36077a Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Mon, 3 Apr 2023 09:13:31 -0400 -Subject: [PATCH] Disable/remove neverallow options in frontends. - -These rules are not available in the binary policy. Keep library support in -case this changes in the future. - -Signed-off-by: Chris PeBenito ---- - man/ru/sesearch.1 | 4 ---- - man/sesearch.1 | 4 ---- - sesearch | 12 ++++++------ - setoolsgui/apol/terulequery.ui | 12 ++++++++++++ - 4 files changed, 18 insertions(+), 14 deletions(-) - -diff --git a/man/ru/sesearch.1 b/man/ru/sesearch.1 -index df6f449..2f86f9c 100644 ---- a/man/ru/sesearch.1 -+++ b/man/ru/sesearch.1 -@@ -35,16 +35,12 @@ sesearch \- утилита опроса политики SELinux - Найти правила включения журналирования событий. - .IP "--dontaudit" - Найти правила запрета журналирования событий. --.IP "--neverallow" --Найти запрещающие правила. - .IP "--allowxperm" - Найти расширенные разрешительные правила. - .IP "--auditallowxperm" - Найти расширенные правила включения журналирования событий. - .IP "--dontauditxperm" - Найти расширенные правила запрета журналирования событий. --.IP "--neverallowxperm" --Найти расширенные запрещающие правила. - .IP "-T, --type_trans" - Найти правила перехода типов. - .IP "--type_member" -diff --git a/man/sesearch.1 b/man/sesearch.1 -index 65eebf9..97e9110 100644 ---- a/man/sesearch.1 -+++ b/man/sesearch.1 -@@ -30,16 +30,12 @@ Find allow rules. - Find auditallow rules. - .IP "--dontaudit" - Find dontaudit rules. --.IP "--neverallow" --Find neverallow rules. - .IP "--allowxperm" - Find allowxperm rules. - .IP "--auditallowxperm" - Find auditallowxperm rules. - .IP "--dontauditxperm" - Find dontauditxperm rules. --.IP "--neverallowxperm" --Find neverallowxperm rules. - .IP "-T, --type_trans" - Find type_transition rules. - .IP "--type_member" -diff --git a/sesearch b/sesearch -index 733f3d3..7caa41d 100755 ---- a/sesearch -+++ b/sesearch -@@ -54,12 +54,12 @@ rtypes.add_argument("--dontaudit", action="append_const", - rtypes.add_argument("--dontauditxperm", action="append_const", - const=setools.TERuletype.dontauditxperm, dest="tertypes", - help="Search dontauditxperm rules.") --rtypes.add_argument("--neverallow", action="append_const", -- const=setools.TERuletype.neverallow, dest="tertypes", -- help="Search neverallow rules.") --rtypes.add_argument("--neverallowxperm", action="append_const", -- const=setools.TERuletype.neverallowxperm, dest="tertypes", -- help="Search neverallowxperm rules.") -+# rtypes.add_argument("--neverallow", action="append_const", -+# const=setools.TERuletype.neverallow, dest="tertypes", -+# help="Search neverallow rules.") -+# rtypes.add_argument("--neverallowxperm", action="append_const", -+# const=setools.TERuletype.neverallowxperm, dest="tertypes", -+# help="Search neverallowxperm rules.") - rtypes.add_argument("-T", "--type_trans", action="append_const", - const=setools.TERuletype.type_transition, dest="tertypes", - help="Search type_transition rules.") -diff --git a/setoolsgui/apol/terulequery.ui b/setoolsgui/apol/terulequery.ui -index 950c590..6c6f14f 100644 ---- a/setoolsgui/apol/terulequery.ui -+++ b/setoolsgui/apol/terulequery.ui -@@ -465,6 +465,12 @@ - - - -+ -+ false -+ -+ -+ Neverallow is not available in binary policies. -+ - - Neverallow - -@@ -482,6 +488,12 @@ - - - -+ -+ false -+ -+ -+ Neverallowxperms is not available in binary policies. -+ - - Neverallowxperms - --- -2.40.0 - diff --git a/SOURCES/0004-Disable-remove-neverallow-options-in-sediff.patch b/SOURCES/0004-Disable-remove-neverallow-options-in-sediff.patch deleted file mode 100644 index 7694428..0000000 --- a/SOURCES/0004-Disable-remove-neverallow-options-in-sediff.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 158283058160f4ae40d0b215e0ff2e5045de5a28 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 9 May 2023 19:22:01 +0200 -Subject: [PATCH] Disable/remove neverallow options in sediff. - -Apply change from commit 06335957b701 ("Disable/remove neverallow -options in frontends.") to sediff - -Signed-off-by: Petr Lautrbach ---- - man/ru/sediff.1 | 4 ---- - man/sediff.1 | 4 ---- - sediff | 10 +++++++--- - 3 files changed, 7 insertions(+), 11 deletions(-) - -diff --git a/man/ru/sediff.1 b/man/ru/sediff.1 -index c6bf293..af5d8ef 100644 ---- a/man/ru/sediff.1 -+++ b/man/ru/sediff.1 -@@ -57,16 +57,12 @@ sediff \- утилита выявления различий политик SELi - Найти различия правил включения журналирования событий. - .IP "--dontaudit" - Найти различия правил запрета журналирования событий. --.IP "--neverallow" --Найти различия запрещающих правил. - .IP "--allowxperm" - Найти различия расширенных разрешительных правил. - .IP "--auditallowxperm" - Найти различия расширенных правил включения журналирования событий. - .IP "--dontauditxperm" - Найти различия расширенных правил запрета журналирования событий. --.IP "--neverallowxperm" --Найти различия расширенных запрещающих правил. - .IP "-T, --type_trans" - Найти различия правил перехода типов. - .IP "--type_member" -diff --git a/man/sediff.1 b/man/sediff.1 -index ed3b497..18466d8 100644 ---- a/man/sediff.1 -+++ b/man/sediff.1 -@@ -50,16 +50,12 @@ Find differences in allow rules. - Find differences in auditallow rules. - .IP "--dontaudit" - Find differences in dontaudit rules. --.IP "--neverallow" --Find differences in neverallow rules. - .IP "--allowxperm" - Find differences in allowxperm rules. - .IP "--auditallowxperm" - Find differences in auditallowxperm rules. - .IP "--dontauditxperm" - Find differences in dontauditxperm rules. --.IP "--neverallowxperm" --Find differences in neverallowxperm rules. - .IP "-T, --type_trans" - Find differences in type_transition rules. - .IP "--type_member" -diff --git a/sediff b/sediff -index d31fa3a..93af837 100755 ---- a/sediff -+++ b/sediff -@@ -57,12 +57,12 @@ comp.add_argument("--level", action="store_true", help="Print MLS level definiti - terule = parser.add_argument_group("type enforcement rule differences") - terule.add_argument("-A", action="store_true", help="Print allow and allowxperm rule differences") - terule.add_argument("--allow", action="store_true", help="Print allow rule differences") --terule.add_argument("--neverallow", action="store_true", help="Print neverallow rule differences") -+# terule.add_argument("--neverallow", action="store_true", help="Print neverallow rule differences") - terule.add_argument("--auditallow", action="store_true", help="Print auditallow rule differences") - terule.add_argument("--dontaudit", action="store_true", help="Print dontaudit rule differences") - terule.add_argument("--allowxperm", action="store_true", help="Print allowxperm rule differences") --terule.add_argument("--neverallowxperm", action="store_true", -- help="Print neverallowxperm rule differences") -+# terule.add_argument("--neverallowxperm", action="store_true", -+# help="Print neverallowxperm rule differences") - terule.add_argument("--auditallowxperm", action="store_true", - help="Print auditallowxperm rule differences") - terule.add_argument("--dontauditxperm", action="store_true", -@@ -109,6 +109,10 @@ other.add_argument("--typebounds", action="store_true", help="Print typebounds d - - args = parser.parse_args() - -+# neverallow and neverallowxperm options are disabled -+args.neverallow = False -+args.neverallowxperm = False -+ - if args.A: - args.allow = True - args.allowxperm = True --- -2.41.0 - diff --git a/SOURCES/0005-AVRuleXperm-Fix-permission-set-creation-for-AVTAB_XP.patch b/SOURCES/0005-AVRuleXperm-Fix-permission-set-creation-for-AVTAB_XP.patch deleted file mode 100644 index bcab3ac..0000000 --- a/SOURCES/0005-AVRuleXperm-Fix-permission-set-creation-for-AVTAB_XP.patch +++ /dev/null @@ -1,259 +0,0 @@ -From ec4f5e19ea94e42416fda103d94118577eb18b95 Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Tue, 30 Aug 2022 13:58:54 -0400 -Subject: [PATCH] AVRuleXperm: Fix permission set creation for - AVTAB_XPERMS_IOCTLDRIVER. - -Closes #74 - -Signed-off-by: Chris PeBenito ---- - setools/policyrep/terule.pxi | 8 +- - tests/policyrep/terule.py | 26 +++++ - tests/policyrep/terule_issue74.conf | 159 ++++++++++++++++++++++++++++ - 3 files changed, 189 insertions(+), 4 deletions(-) - create mode 100644 tests/policyrep/terule_issue74.conf - -diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi -index 59aeea5..8b2659b 100644 ---- a/setools/policyrep/terule.pxi -+++ b/setools/policyrep/terule.pxi -@@ -282,22 +282,22 @@ cdef class AVRuleXperm(BaseTERule): - set perms = set() - size_t curr = 0 - size_t len = sizeof(xperms.perms) * sepol.EXTENDED_PERMS_LEN -+ size_t base_value = 0 - - # - # Build permission set - # -- while curr < len: -+ for curr in range(len): - if sepol.xperm_test(curr, xperms.perms): - if xperms.specified & sepol.AVTAB_XPERMS_IOCTLFUNCTION: - perms.add(xperms.driver << 8 | curr) - elif xperms.specified & sepol.AVTAB_XPERMS_IOCTLDRIVER: -- perms.add(curr << 8) -+ base_value = curr << 8 -+ perms.update(range(base_value, base_value + 0x100)) - else: - raise LowLevelPolicyError("Unknown extended permission: {}".format( - xperms.specified)) - -- curr += 1 -- - # - # Determine xperm type - # -diff --git a/tests/policyrep/terule.py b/tests/policyrep/terule.py -index 0f24054..30afd4b 100644 ---- a/tests/policyrep/terule.py -+++ b/tests/policyrep/terule.py -@@ -24,6 +24,8 @@ from setools import SELinuxPolicy - from setools.exception import InvalidTERuleType, RuleNotConditional, RuleUseError, \ - TERuleNoFilename - -+from .util import compile_policy -+ - - @unittest.skip("Needs to be reworked for cython") - @patch('setools.policyrep.boolcond.condexpr_factory', lambda x, y: y) -@@ -262,6 +264,30 @@ class AVRuleXpermTest(unittest.TestCase): - self.assertEqual(rule.statement(), "allowxperm a b:c d { 0x0003-0x0005 0x0007-0x0009 };") - - -+class AVRuleXpermTestIssue74(unittest.TestCase): -+ -+ """ -+ Regression test for xperm ranges starting with 0x00 not being loaded. -+ https://github.com/SELinuxProject/setools/issues/74 -+ """ -+ -+ @classmethod -+ def setUpClass(cls): -+ cls.p = compile_policy("tests/policyrep/terule_issue74.conf") -+ -+ def test_issue74_regression(self): -+ """Regression test for GitHub issue 74.""" -+ rules = sorted(self.p.terules()) -+ print(rules) -+ self.assertEqual(2, len(rules)) -+ -+ # expect 2 rules: -+ # allowxperm init_type_t init_type_t : unix_dgram_socket ioctl { 0x8910 }; -+ # allowxperm init_type_t init_type_t : unix_dgram_socket ioctl { 0x0-0xff }; -+ self.assertSetEqual(set(range(0x100)), rules[0].perms) -+ self.assertSetEqual(set([0x8910]), rules[1].perms) -+ -+ - @unittest.skip("Needs to be reworked for cython") - @patch('setools.policyrep.boolcond.condexpr_factory', lambda x, y: y) - @patch('setools.policyrep.typeattr.type_factory', lambda x, y: y) -diff --git a/tests/policyrep/terule_issue74.conf b/tests/policyrep/terule_issue74.conf -new file mode 100644 -index 0000000..158a38e ---- /dev/null -+++ b/tests/policyrep/terule_issue74.conf -@@ -0,0 +1,159 @@ -+class infoflow -+class infoflow2 -+class infoflow3 -+class infoflow4 -+class infoflow5 -+class infoflow6 -+class infoflow7 -+class infoflow8 -+class infoflow9 -+class infoflow10 -+class unix_dgram_socket -+ -+sid kernel -+sid security -+ -+common infoflow -+{ -+ low_w -+ med_w -+ hi_w -+ low_r -+ med_r -+ hi_r -+} -+ -+common com_a -+{ -+ hi_w -+ hi_r -+ super_r -+ super_w -+} -+ -+common com_b -+{ -+ send -+ recv -+} -+ -+common com_c -+{ -+ getattr -+ setattr -+ read -+ write -+} -+ -+class infoflow -+inherits infoflow -+ -+class infoflow2 -+inherits infoflow -+{ -+ super_w -+ super_r -+} -+ -+class infoflow3 -+{ -+ null -+} -+ -+class infoflow4 -+inherits infoflow -+{ -+ super_w -+ super_r -+ super_none -+ super_both -+ super_unmapped -+} -+ -+class infoflow5 -+inherits com_a -+ -+class infoflow6 -+inherits com_b -+ -+class infoflow7 -+inherits infoflow -+{ -+ unmapped -+} -+ -+class infoflow8 -+{ -+ super_w -+ super_r -+} -+ -+class infoflow9 -+inherits com_c -+ -+class infoflow10 -+{ -+ read -+ write -+} -+ -+class unix_dgram_socket -+{ -+ ioctl -+} -+ -+sensitivity low_s; -+sensitivity medium_s alias med; -+sensitivity high_s; -+ -+dominance { low_s med high_s } -+ -+category here; -+category there; -+category elsewhere alias lost; -+ -+#level decl -+level low_s:here.there; -+level med:here, elsewhere; -+level high_s:here.lost; -+ -+#some constraints -+mlsconstrain infoflow hi_r ((l1 dom l2) or (t1 == mls_exempt)); -+ -+attribute mls_exempt; -+ -+type system; -+role system; -+role system types system; -+ -+type init_type_t; -+allowxperm init_type_t self:unix_dgram_socket ioctl 0x8910; -+allowxperm init_type_t self:unix_dgram_socket ioctl { 0x0000 - 0x00ff }; -+ -+#users -+user system roles system level med range low_s - high_s:here.lost; -+ -+#normal constraints -+constrain infoflow hi_w (u1 == u2); -+ -+#isids -+sid kernel system:system:system:medium_s:here -+sid security system:system:system:high_s:lost -+ -+#fs_use -+fs_use_trans devpts system:object_r:system:low_s; -+fs_use_xattr ext3 system:object_r:system:low_s; -+fs_use_task pipefs system:object_r:system:low_s; -+ -+#genfscon -+genfscon proc / system:object_r:system:med -+genfscon proc /sys system:object_r:system:low_s -+genfscon selinuxfs / system:object_r:system:high_s:here.there -+ -+portcon tcp 80 system:object_r:system:low_s -+ -+netifcon eth0 system:object_r:system:low_s system:object_r:system:low_s -+ -+nodecon 127.0.0.1 255.255.255.255 system:object_r:system:low_s:here -+nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system:object_r:system:low_s:here -+ --- -2.41.0 - diff --git a/SOURCES/1001-Do-not-use-Werror-during-build.patch b/SOURCES/1001-Do-not-use-Werror-during-build.patch deleted file mode 100644 index 7bbc37b..0000000 --- a/SOURCES/1001-Do-not-use-Werror-during-build.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 8d98b324fabcad6b09f9c734f79e6da9f9e85786 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 23 Feb 2017 08:17:07 +0100 -Subject: [PATCH] Do not use -Werror during build -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There are new warnings when setools are built with gcc 7 therefore we -want to suppress -Werror for now - -Fixes: -libqpol/policy_extend.c: In function ‘policy_extend’: -libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=] - snprintf(buff, 9, "@ttr%04zd", i + 1); - ^~~~~ -libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295] - snprintf(buff, 9, "@ttr%04zd", i + 1); - ^~~~~~~~~~~ -In file included from /usr/include/stdio.h:939:0, - from /usr/include/sepol/policydb/policydb.h:53, - from libqpol/policy_extend.c:29: -/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9 - return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - __bos (__s), __fmt, __va_arg_pack ()); - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -cc1: all warnings being treated as errors -error: command 'gcc' failed with exit status 1 ---- - setup.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/setup.py b/setup.py -index 457c830..4dcb301 100644 ---- a/setup.py -+++ b/setup.py -@@ -106,7 +106,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'], - libraries=['selinux', 'sepol'], - library_dirs=lib_dirs, - define_macros=macros, -- extra_compile_args=['-Werror', '-Wextra', -+ extra_compile_args=['-Wextra', - '-Waggregate-return', - '-Wfloat-equal', - '-Wformat', '-Wformat=2', --- -2.25.1 - diff --git a/SOURCES/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/SOURCES/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch deleted file mode 100644 index f9d9b6c..0000000 --- a/SOURCES/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +++ /dev/null @@ -1,139 +0,0 @@ -From 52f5f911c4ae481530a57b6a0dd42067406a9d36 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Fri, 26 Apr 2019 15:27:25 +0200 -Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and - setools.DomainTransitionAnalysis - -dta and infoflow modules require networkx which brings lot of dependencies. -These dependencies are not necessary for setools module itself as it's -used in policycoreutils. - -Therefore it's better to use setools.infoflow.InfoFlowAnalysis and -setools.dta.DomainTransitionAnalysis and let the package containing -sedta and seinfoflow to require python3-networkx ---- - sedta | 4 ++-- - seinfoflow | 4 ++-- - setools/__init__.py | 4 ---- - setoolsgui/apol/dta.py | 2 +- - setoolsgui/apol/infoflow.py | 2 +- - tests/dta.py | 2 +- - tests/infoflow.py | 2 +- - 7 files changed, 8 insertions(+), 12 deletions(-) - -diff --git a/sedta b/sedta -index 60861ca..41e38a2 100755 ---- a/sedta -+++ b/sedta -@@ -22,7 +22,7 @@ import argparse - import logging - import signal - --import setools -+import setools.dta - - - def print_transition(trans): -@@ -114,7 +114,7 @@ else: - - try: - p = setools.SELinuxPolicy(args.policy) -- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude) -+ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude) - - if args.shortest_path or args.all_paths: - if args.shortest_path: -diff --git a/seinfoflow b/seinfoflow -index f10c39d..fee749a 100755 ---- a/seinfoflow -+++ b/seinfoflow -@@ -17,7 +17,7 @@ - # along with SETools. If not, see . - # - --import setools -+import setools.infoflow - import argparse - import sys - import logging -@@ -101,7 +101,7 @@ elif args.booleans is not None: - try: - p = setools.SELinuxPolicy(args.policy) - m = setools.PermissionMap(args.map) -- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude, -+ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude, - booleans=booleans) - - if args.shortest_path or args.all_paths: -diff --git a/setools/__init__.py b/setools/__init__.py -index 26fa5aa..b7e51c4 100644 ---- a/setools/__init__.py -+++ b/setools/__init__.py -@@ -75,12 +75,8 @@ from .pcideviceconquery import PcideviceconQuery - from .devicetreeconquery import DevicetreeconQuery - - # Information Flow Analysis --from .infoflow import InfoFlowAnalysis - from .permmap import PermissionMap - --# Domain Transition Analysis --from .dta import DomainTransitionAnalysis -- - # Policy difference - from .diff import PolicyDifference - -diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py -index 4608b9d..2cde44c 100644 ---- a/setoolsgui/apol/dta.py -+++ b/setoolsgui/apol/dta.py -@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread - from PyQt5.QtGui import QPalette, QTextCursor - from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ - QTreeWidgetItem --from setools import DomainTransitionAnalysis -+from setools.dta import DomainTransitionAnalysis - - from ..logtosignal import LogHandlerToSignal - from .analysistab import AnalysisTab -diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py -index 7bca299..7fee277 100644 ---- a/setoolsgui/apol/infoflow.py -+++ b/setoolsgui/apol/infoflow.py -@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread - from PyQt5.QtGui import QPalette, QTextCursor - from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ - QTreeWidgetItem --from setools import InfoFlowAnalysis -+from setools.infoflow import InfoFlowAnalysis - from setools.exception import UnmappedClass, UnmappedPermission - - from ..logtosignal import LogHandlerToSignal -diff --git a/tests/dta.py b/tests/dta.py -index a0cc938..177e6fb 100644 ---- a/tests/dta.py -+++ b/tests/dta.py -@@ -18,7 +18,7 @@ - import os - import unittest - --from setools import DomainTransitionAnalysis -+from setools.dta import DomainTransitionAnalysis - from setools import TERuletype as TERT - from setools.exception import InvalidType - from setools.policyrep import Type -diff --git a/tests/infoflow.py b/tests/infoflow.py -index aa0e44a..fca2848 100644 ---- a/tests/infoflow.py -+++ b/tests/infoflow.py -@@ -18,7 +18,7 @@ - import os - import unittest - --from setools import InfoFlowAnalysis -+from setools.infoflow import InfoFlowAnalysis - from setools import TERuletype as TERT - from setools.exception import InvalidType - from setools.permmap import PermissionMap --- -2.25.1 - diff --git a/SOURCES/1003-Require-networkx-on-package-level.patch b/SOURCES/1003-Require-networkx-on-package-level.patch deleted file mode 100644 index 809aca9..0000000 --- a/SOURCES/1003-Require-networkx-on-package-level.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 67067b6df7139cc38cf33d3cb2c66434cf4e89e4 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Thu, 2 Apr 2020 16:06:14 +0200 -Subject: [PATCH] Require networkx on package level - -It allows us to ship python3-setools without dependency on python3-networkx ---- - setup.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/setup.py b/setup.py -index 4dcb301..9333e0c 100644 ---- a/setup.py -+++ b/setup.py -@@ -170,5 +170,5 @@ setup(name='setools', - # setup also requires libsepol and libselinux - # C libraries and headers to compile. - setup_requires=['setuptools', 'Cython>=0.27'], -- install_requires=['setuptools', 'networkx>=2.0'] -+ install_requires=['setuptools'] - ) --- -2.25.1 - diff --git a/SOURCES/1004-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch b/SOURCES/1004-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch deleted file mode 100644 index d70b541..0000000 --- a/SOURCES/1004-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch +++ /dev/null @@ -1,93 +0,0 @@ -From d249ea3316fcfaa203055d2b1f2c52423216e7e7 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 30 Jul 2019 17:13:44 +0200 -Subject: [PATCH] Do not use NoteNotFound as it's not implemented in networkx-1 - ---- - setools/dta.py | 8 ++++---- - setools/infoflow.py | 8 ++++---- - 2 files changed, 8 insertions(+), 8 deletions(-) - -diff --git a/setools/dta.py b/setools/dta.py -index 3239d2d..e15d8b8 100644 ---- a/setools/dta.py -+++ b/setools/dta.py -@@ -24,7 +24,7 @@ from collections import defaultdict, namedtuple - from contextlib import suppress - - import networkx as nx --from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound -+from networkx.exception import NetworkXError, NetworkXNoPath - - from .descriptors import EdgeAttrDict, EdgeAttrList - from .policyrep import TERuletype -@@ -111,7 +111,7 @@ class DomainTransitionAnalysis: - - self.log.info("Generating one domain transition path from {0} to {1}...".format(s, t)) - -- with suppress(NetworkXNoPath, NodeNotFound): -+ with suppress(NetworkXNoPath): - # NodeNotFound: the type is valid but not in graph, e.g. excluded - # NetworkXNoPath: no paths or the target type is - # not in the graph -@@ -146,7 +146,7 @@ class DomainTransitionAnalysis: - self.log.info("Generating all domain transition paths from {0} to {1}, max length {2}...". - format(s, t, maxlen)) - -- with suppress(NetworkXNoPath, NodeNotFound): -+ with suppress(NetworkXNoPath): - # NodeNotFound: the type is valid but not in graph, e.g. excluded - # NetworkXNoPath: no paths or the target type is - # not in the graph -@@ -177,7 +177,7 @@ class DomainTransitionAnalysis: - self.log.info("Generating all shortest domain transition paths from {0} to {1}...". - format(s, t)) - -- with suppress(NetworkXNoPath, NodeNotFound): -+ with suppress(NetworkXNoPath): - # NodeNotFound: the type is valid but not in graph, e.g. excluded - # NetworkXNoPath: no paths or the target type is - # not in the graph -diff --git a/setools/infoflow.py b/setools/infoflow.py -index 579e064..89e5c8e 100644 ---- a/setools/infoflow.py -+++ b/setools/infoflow.py -@@ -21,7 +21,7 @@ import logging - from contextlib import suppress - - import networkx as nx --from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound -+from networkx.exception import NetworkXError, NetworkXNoPath - - from .descriptors import EdgeAttrIntMax, EdgeAttrList - from .exception import RuleNotConditional -@@ -124,7 +124,7 @@ class InfoFlowAnalysis: - self.log.info("Generating one shortest information flow path from {0} to {1}...". - format(s, t)) - -- with suppress(NetworkXNoPath, NodeNotFound): -+ with suppress(NetworkXNoPath): - # NodeNotFound: the type is valid but not in graph, e.g. - # excluded or disconnected due to min weight - # NetworkXNoPath: no paths or the target type is -@@ -163,7 +163,7 @@ class InfoFlowAnalysis: - self.log.info("Generating all information flow paths from {0} to {1}, max length {2}...". - format(s, t, maxlen)) - -- with suppress(NetworkXNoPath, NodeNotFound): -+ with suppress(NetworkXNoPath): - # NodeNotFound: the type is valid but not in graph, e.g. - # excluded or disconnected due to min weight - # NetworkXNoPath: no paths or the target type is -@@ -197,7 +197,7 @@ class InfoFlowAnalysis: - self.log.info("Generating all shortest information flow paths from {0} to {1}...". - format(s, t)) - -- with suppress(NetworkXNoPath, NodeNotFound): -+ with suppress(NetworkXNoPath): - # NodeNotFound: the type is valid but not in graph, e.g. - # excluded or disconnected due to min weight - # NetworkXNoPath: no paths or the target type is --- -2.25.1 - diff --git a/SOURCES/apol.desktop b/apol.desktop similarity index 100% rename from SOURCES/apol.desktop rename to apol.desktop diff --git a/SOURCES/setools.pam b/setools.pam similarity index 100% rename from SOURCES/setools.pam rename to setools.pam diff --git a/SPECS/setools.spec b/setools.spec similarity index 50% rename from SPECS/setools.spec rename to setools.spec index 79e08e4..ee3b113 100644 --- a/SPECS/setools.spec +++ b/setools.spec @@ -1,48 +1,30 @@ -# % global setools_pre_ver rc -# % global gitver f1e5b20 - -%global sepol_ver 2.9-1 -%global selinux_ver 2.9-1 - -%bcond_without networkx +%global sepol_ver 3.6 +%global selinux_ver 3.6 Name: setools -Version: 4.3.0 -Release: 5%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Version: 4.5.1 +Release: 4%{?dist} Summary: Policy analysis tools for SELinux -License: GPLv2 +License: GPL-2.0-only AND LGPL-2.1-only URL: https://github.com/SELinuxProject/setools/wiki -Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz +Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam Source2: apol.desktop -Patch0001: 0001-Support-old-boolean-names-in-policy-queries.patch -Patch0002: 0002-Make-seinfo-output-predictable.patch -Patch0003: 0003-Disable-remove-neverallow-options-in-frontends.patch -Patch0004: 0004-Disable-remove-neverallow-options-in-sediff.patch -Patch0005: 0005-AVRuleXperm-Fix-permission-set-creation-for-AVTAB_XP.patch -Patch1001: 1001-Do-not-use-Werror-during-build.patch -Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch -Patch1003: 1003-Require-networkx-on-package-level.patch -Patch1004: 1004-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison -BuildRequires: glibc-devel, gcc, git +BuildRequires: glibc-devel, gcc, git-core BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver} -BuildRequires: qt5-qtbase-devel BuildRequires: swig BuildRequires: python3-Cython BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: libselinux-devel -# BuildArch: Requires: %{name}-console = %{version}-%{release} -%if %{with networkx} Requires: %{name}-console-analyses = %{version}-%{release} Requires: %{name}-gui = %{version}-%{release} -%endif %description SETools is a collection of graphical tools, command-line tools, and @@ -50,7 +32,7 @@ Python modules designed to facilitate SELinux policy analysis. %package console Summary: Policy analysis command-line tools for SELinux -License: GPLv2 +License: GPL-2.0-only Requires: python3-setools = %{version}-%{release} Requires: libselinux >= %{selinux_ver} @@ -65,10 +47,9 @@ This package includes the following console tools: sesearch Search rules (allow, type_transition, etc.) -%if %{with networkx} %package console-analyses Summary: Policy analysis command-line tools for SELinux -License: GPLv2 +License: GPL-2.0-only Requires: python3-setools = %{version}-%{release} Requires: libselinux >= %{selinux_ver} Requires: python3-networkx @@ -81,60 +62,42 @@ This package includes the following console tools: sedta Perform domain transition analyses. seinfoflow Perform information flow analyses. -%endif %package -n python3-setools -Summary: Policy analysis tools for SELinux -Obsoletes: setools-libs < 4.0.0, setools-libs-tcl -Recommends: libselinux-python3 -# Remove before F30 -Provides: %{name}-python3 = %{version}-%{release} -Provides: %{name}-python3%{?_isa} = %{version}-%{release} -Obsoletes: %{name}-python3 < %{version}-%{release} -%if 0%{?rhel} && 0%{?rhel} >= 8 -Requires: platform-python-setuptools -%else +Summary: Policy analysis tools for SELinux +License: LGPL-2.1-only +Obsoletes: setools-libs < 4.0.0 +%{?python_provide:%python_provide python3-setools} Requires: python3-setuptools -%endif %description -n python3-setools SETools is a collection of graphical tools, command-line tools, and Python 3 modules designed to facilitate SELinux policy analysis. -%if %{with networkx} %package gui Summary: Policy analysis graphical tools for SELinux +License: GPL-2.0-only Requires: python3-setools = %{version}-%{release} -Requires: python3-qt5 +Requires: python3-pyqt6 python3-pyqt6-sip Requires: python3-networkx %description gui SETools is a collection of graphical tools, command-line tools, and Python modules designed to facilitate SELinux policy analysis. -%endif %prep -%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}} +%autosetup -p 1 -S git -n setools-%{version} %build -# Remove CFLAGS=... for noarch packages (unneeded) -%set_build_flags -%{__python3} setup.py build +%py3_build %install -%{__python3} setup.py install --root %{buildroot} - -%if %{without networkx} -rm -f %{buildroot}%{_bindir}/sedta %{buildroot}%{_bindir}/seinfoflow \ - %{buildroot}%{_mandir}*/man1/sedta* %{buildroot}%{_mandir}*/man1/sedinfoflow* \ -rm -rf %{buildroot}%{_bindir}/apol %{buildroot}%{python3_sitearch}/setoolsgui \ - %{buildroot}%{_mandir}*/man1/apol* -%endif +%py3_install %check %if %{?_with_check:1}%{!?_with_check:0} @@ -145,9 +108,12 @@ rm -rf %{buildroot}%{_bindir}/apol %{buildroot}%{python3_sitearch}/setoolsgui \ %files %files console +%license COPYING.GPL +%{_bindir}/sechecker %{_bindir}/sediff %{_bindir}/seinfo %{_bindir}/sesearch +%{_mandir}/man1/sechecker* %{_mandir}/man1/sediff* %{_mandir}/man1/seinfo* %{_mandir}/man1/sesearch* @@ -155,45 +121,139 @@ rm -rf %{buildroot}%{_bindir}/apol %{buildroot}%{python3_sitearch}/setoolsgui \ %{_mandir}/ru/man1/seinfo* %{_mandir}/ru/man1/sesearch* -%if %{with networkx} %files console-analyses +%license COPYING.GPL %{_bindir}/sedta %{_bindir}/seinfoflow %{_mandir}/man1/sedta* %{_mandir}/man1/seinfoflow* %{_mandir}/ru/man1/sedta* %{_mandir}/ru/man1/seinfoflow* -%endif %files -n python3-setools -%license COPYING COPYING.GPL COPYING.LGPL +%license COPYING COPYING.LGPL %{python3_sitearch}/setools %{python3_sitearch}/setools-* -%if %{with networkx} %files gui +%license COPYING.GPL %{_bindir}/apol %{python3_sitearch}/setoolsgui %{_mandir}/man1/apol* %{_mandir}/ru/man1/apol* -%endif %changelog -* Mon Aug 21 2023 Vit Mojzis - 4.3.0-5 -- Disable/remove neverallow options in sediff (#2184141) +* Tue Oct 29 2024 Troy Dawson - 4.5.1-4 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 -* Mon Jun 19 2023 Vit Mojzis - 4.3.0-4 -- Disable/remove neverallow options in frontends (#2184141) -- AVRuleXperm: Fix permission set creation for AVTAB_XPERMS_IOCTLDRIVER (#2174376) +* Mon Jun 24 2024 Troy Dawson - 4.5.1-3 +- Bump release for June 2024 mass rebuild -* Tue Nov 30 2021 Vit Mojzis - 4.3.0-3 -- Make seinfo output predictable (#2019961) +* Thu May 02 2024 Petr Lautrbach - 4.5.1-2 +- Fix License tag -* Tue Jun 30 2020 Vit Mojzis - 4.3.0-2 -- Support old boolean names in policy queries (#1595572, #1581848) +* Thu May 02 2024 Petr Lautrbach - 4.5.1-1 +- SETools 4.5.1 -* Fri Apr 03 2020 Vit Mojzis - 4.3.0-1 -- SETools 4.3.0 release (#1820079) +* Thu Apr 18 2024 Petr Lautrbach - 4.5.0-1 +- SETools 4.5.0 + +* Sat Jan 27 2024 Fedora Release Engineering - 4.4.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Dec 11 2023 Petr Lautrbach - 4.4.4-1 +- SETools 4.4.4 release + +* Mon Aug 28 2023 Petr Lautrbach - 4.4.3-2 +- Use Qt 6 + +* Wed Aug 9 2023 Petr Lautrbach - 4.4.3-1 +- SETools 4.4.3 release + +* Wed Jul 26 2023 Petr Lautrbach - 4.4.2-4 +- Disable/remove neverallow options in sediff. +- Improve man pages +- seinfoflow: Add -r option to get flows into the source type. +- seinfoflow.1: Remove references to sepolgen permission map. +- AVRule/AVRuleXperm: Treat rules with no permissions as invalid policy. +- SELinuxPolicy: Add explicit cast for libspol message + +* Sat Jul 22 2023 Fedora Release Engineering - 4.4.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Tue Jun 13 2023 Python Maint - 4.4.2-2 +- Rebuilt for Python 3.12 + +* Thu Apr 20 2023 Petr Lautrbach - 4.4.2-1 +- SETools 4.4.2 release + +* Mon Feb 6 2023 Petr Lautrbach - 4.4.1-1 +- SETools 4.4.1 release + +* Sat Jan 21 2023 Fedora Release Engineering - 4.4.0-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sat Jul 23 2022 Fedora Release Engineering - 4.4.0-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jun 16 2022 Python Maint - 4.4.0-8 +- Rebuilt for Python 3.11 + +* Mon Jun 13 2022 Petr Lautrbach - 4.4.0-7 +- Update required userspace versions to 3.4 +- Drop unnecessary Recommends + +* Mon Jun 13 2022 Python Maint - 4.4.0-6 +- Rebuilt for Python 3.11 + +* Sat Jan 22 2022 Fedora Release Engineering - 4.4.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Nov 19 2021 Petr Lautrbach - 4.4.0-4 +- Make seinfo output predictable + https://github.com/SELinuxProject/setools/issues/65 + +* Fri Jul 23 2021 Fedora Release Engineering - 4.4.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Fri Jun 04 2021 Python Maint - 4.4.0-2 +- Rebuilt for Python 3.10 + +* Mon Mar 8 2021 Petr Lautrbach - 4.4.0-1 +- SETools 4.4.0 release + +* Wed Jan 27 2021 Fedora Release Engineering - 4.4.0-0.3.20210121git16c0696 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Jan 21 2021 Petr Lautrbach - 4.4.0-0.2.20210121git16c0696 +- Rebuild with SELinux userspace 3.2-rc1 +- Update to 16c0696 + +* Thu Dec 10 2020 Petr Lautrbach - 4.4.0-0.2.20201102git05e90ee +- Fix imports in /usr/bin/sedta + +* Tue Nov 3 2020 Petr Lautrbach - 4.4.0-0.1.20201102git05e90ee +- Update to 05e90ee +- Add /usr/bin/sechecker +- Adapt to new libsepol filename transition structures +- Rebuild with libsepol.so.2 + +* Sat Aug 01 2020 Fedora Release Engineering - 4.3.0-5 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 4.3.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu Jul 16 2020 Petr Lautrbach - 4.3.0-3 +- rebuild with SELinux userspace 3.1 release + +* Tue May 26 2020 Miro Hrončok - 4.3.0-2 +- Rebuilt for Python 3.9 + +* Thu Apr 2 2020 Petr Lautrbach - 4.3.0-1 +- SETools 4.3.0 release - Revised sediff method for TE rules. This drastically reduced memory and run time. - Added infiniband context support to seinfo, sediff, and apol. - Added apol configuration for location of Qt assistant. @@ -202,13 +262,21 @@ rm -rf %{buildroot}%{_bindir}/apol %{buildroot}%{python3_sitearch}/setoolsgui \ - Fixed permission map socket sendto information flow direction. - Added methods to TypeAttribute class to make it a complete Python collection. - Genfscon now will look up classes rather than using fixed values which - were dropped from libsepol. -- setools requires -console, -console-analyses and -gui packages (#1820078) + were dropped from libsepol. -* Sat Nov 30 2019 Petr Lautrbach - 4.2.2-2 -- Build setools-console-analyses and setools-gui (#1731519) +* Mon Mar 23 2020 Petr Lautrbach - 4.2.2-5 +- setools requires -console, -console-analyses and -gui packages (#1794314) -* Mon Jul 08 2019 Vit Mojzis - 4.2.2-1 +* Thu Jan 30 2020 Fedora Release Engineering - 4.2.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Oct 03 2019 Miro Hrončok - 4.2.2-3 +- Rebuilt for Python 3.8.0rc1 (#1748018) + +* Mon Aug 19 2019 Miro Hrončok - 4.2.2-2 +- Rebuilt for Python 3.8 + +* Mon Jul 08 2019 Vit Mojzis - 4.2.2-1} - SETools 4.2.2 release * Mon May 13 2019 Vit Mojzis - 4.2.1-3 @@ -220,25 +288,33 @@ rm -rf %{buildroot}%{_bindir}/apol %{buildroot}%{python3_sitearch}/setoolsgui \ * Tue Mar 26 2019 Petr Lautrbach - 4.2.1-1 - SETools 4.2.1 release (#1581761, #1595582) -* Fri Nov 16 2018 Lumír Balhar - 4.2.0-2 -- Require platform-python-setuptools instead of python3-setuptools -- Resolves: rhbz#1650548 - -* Tue Nov 13 2018 Petr Lautrbach - 4.2.0-1 -- SETools 4.2.0 release +* Wed Nov 14 2018 Vit Mojzis - 4.2.0-1 +- Update source to SETools 4.2.0 release * Mon Oct 01 2018 Vit Mojzis - 4.2.0-0.3.rc - Update upstream source to 4.2.0-rc -* Wed Aug 22 2018 Petr Lautrbach - 4.1.1-11 +* Wed Sep 19 2018 Vit Mojzis - 4.2.0-0.2.beta +- Require userspace release 2.8 +- setools-gui requires python3-setools +- Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371) +- Drop python2 subpackage (4.2.0 no longer supports python2) + +* Wed Aug 29 2018 Vit Mojzis - 4.1.1-13 +- Add Requires for python[23]-setuptools - no longer required (just recommended) + by python[23] (#1623371) + +* Wed Aug 22 2018 Petr Lautrbach - 4.1.1-12.1 - Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9 -* Thu Jun 14 2018 Petr Lautrbach - 4.1.1-10 -- Move gui python files to -gui subpackage -- Do not build gui and console-analyses by default +* Sat Jul 14 2018 Fedora Release Engineering - 4.1.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -* Wed Jun 6 2018 Petr Lautrbach - 4.1.1-9 -- Don't build the Python 2 subpackage (#1567362) +* Tue Jun 19 2018 Miro Hrončok - 4.1.1-10 +- Rebuilt for Python 3.7 + +* Thu Jun 14 2018 Petr Lautrbach - 4.1.1-9 +- Move gui python files to -gui subpackage * Thu Apr 26 2018 Vit Mojzis - 4.1.1-8 - Add support for SCTP protocol (#1568333) diff --git a/sources b/sources new file mode 100644 index 0000000..fa454b3 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (4.5.1.tar.gz) = 6aef2e12495f980a0b71cf888170ee2f1de94785404b578d416d9720f2441ff3ef14c7ac434310e421c7fa885b8c8ef99aff6438ecfb5e8687d0ff4875127824