diff options
| author | Nicolas Iooss | 2017-08-11 14:08:01 +0200 |
|---|---|---|
| committer | Nicolas Iooss | 2017-08-11 14:08:01 +0200 |
| commit | d2458f62341bbeac447f110ae4090b253448bd59 (patch) | |
| tree | c3252007209e7f9e38bddb96b1e3bb2ba84453db | |
| parent | efa2c5b29a8bc1d3e56ab18ec6e750b896dae85d (diff) | |
| download | aur-d2458f62341bbeac447f110ae4090b253448bd59.tar.gz | |
libsemanage 2.7-1 update
| -rw-r--r-- | .SRCINFO | 23 | ||||
| -rw-r--r-- | 0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch | 38 | ||||
| -rw-r--r-- | 0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch | 40 | ||||
| -rw-r--r-- | 0003-libsemanage-semanage_seuser_key_create-copy-name.patch | 65 | ||||
| -rw-r--r-- | PKGBUILD | 67 |
5 files changed, 43 insertions, 190 deletions
@@ -1,35 +1,30 @@ pkgbase = libsemanage pkgdesc = SELinux binary policy manipulation library - pkgver = 2.6 - pkgrel = 2 + pkgver = 2.7 + pkgrel = 1 url = http://userspace.selinuxproject.org install = libsemanage.install arch = i686 arch = x86_64 groups = selinux - license = GPL + license = LGPL2.1 makedepends = flex makedepends = python2 makedepends = python + makedepends = ruby makedepends = swig - depends = ustr-selinux - depends = libselinux>=2.6 + depends = libselinux>=2.7 depends = audit optdepends = python2: python2 bindings optdepends = python: python bindings - provides = selinux-usr-libsemanage=2.6-2 + optdepends = ruby: ruby bindings + provides = selinux-usr-libsemanage=2.7-1 conflicts = selinux-usr-libsemanage options = !emptydirs - source = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/libsemanage-2.6.tar.gz + source = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/libsemanage-2.7.tar.gz source = semanage.conf - source = 0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch - source = 0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch - source = 0003-libsemanage-semanage_seuser_key_create-copy-name.patch - sha256sums = 4f81541047290b751f2ffb926fcd381c186f22db18d9fe671b0b4a6a54e8cfce + sha256sums = 07e9477714ce6a4557a1fe924ea4cb06501b62d0fa0e3c0dc32a2cf47cb8d476 sha256sums = 5b0e6929428e095b561701ccdfa9c8b0c3d70dad3fc46e667eb46a85b246a4a0 - sha256sums = 035aefa177493f61a3f5744cd82dabef4779a9b6c8954439c802bed0f2f21de2 - sha256sums = 08a62dcfcb263355d6ec0d83a00ce27442ada70c7471838ca9c54c5648f55d9f - sha256sums = 78cc14c549b3ce92e53b27d68beb95b4b3478f0bcd1c6c7c06f19afb6cbddd81 pkgname = libsemanage diff --git a/0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch b/0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch deleted file mode 100644 index a55d228df11e..000000000000 --- a/0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 58ca300c67ec8aa72e0146ec326281fa92b3259f Mon Sep 17 00:00:00 2001 -From: Stephen Smalley <sds@tycho.nsa.gov> -Date: Fri, 14 Oct 2016 13:36:37 -0400 -Subject: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is - enabled - -When a non-MLS policy was used with genhomedircon context_from_record() -in sepol would report an error because an MLS level was present when MLS -is disabled. Based on a patch by Gary Tierney, amended to use -sepol_policydb_mls_enabled rather than semanage_mls_enabled because -we are testing the temporary working policy, not the active policy. - -Reported-by: Jason Zaman <jason@perfinion.com> -Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> ---- - libsemanage/src/genhomedircon.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c -index 6991fffc31cb..5e9d7224a06e 100644 ---- a/libsemanage/src/genhomedircon.c -+++ b/libsemanage/src/genhomedircon.c -@@ -638,7 +638,11 @@ static int write_contexts(genhomedircon_settings_t *s, FILE *out, - goto fail; - } - -- if (sepol_context_set_user(sepolh, context, user->sename) < 0 || -+ if (sepol_context_set_user(sepolh, context, user->sename) < 0) { -+ goto fail; -+ } -+ -+ if (sepol_policydb_mls_enabled(s->policydb) && - sepol_context_set_mls(sepolh, context, user->level) < 0) { - goto fail; - } --- -2.10.2 - diff --git a/0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch b/0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch deleted file mode 100644 index 89fc8430c8c4..000000000000 --- a/0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch +++ /dev/null @@ -1,40 +0,0 @@ -From e59d72d312fcee86571b93f3ca61a963379c8ade Mon Sep 17 00:00:00 2001 -From: Stephen Smalley <sds@tycho.nsa.gov> -Date: Wed, 2 Nov 2016 08:54:19 -0400 -Subject: [PATCH] libsemanage: fix kernel pathname in semanage_verify_kernel() - -Building with CC=clang, we get the following errors: - -semanage_store.c:2177:20: error: implicit conversion from enumeration type 'enum semanage_final_defs' to different enumeration type 'enum semanage_store_defs' [-Werror,-Wenum-conversion] - semanage_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL); - ~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~~ -semanage_store.c:2177:40: error: implicit conversion from enumeration type 'enum semanage_final_path_defs' to different enumeration type 'enum semanage_sandbox_defs' [-Werror,-Wenum-conversion] - semanage_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL); - ~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~ - -This is an actual bug; semanage_verify_kernel() was never updated to -use semanage_final_path() when the rest were converted. Fix it. -This pathname is only used if a kernel policy verifier is specified -in semanage.conf, so this is not used by default. - -Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> ---- - libsemanage/src/semanage_store.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c -index ca2925774630..58a58ef9452e 100644 ---- a/libsemanage/src/semanage_store.c -+++ b/libsemanage/src/semanage_store.c -@@ -2174,7 +2174,7 @@ int semanage_verify_kernel(semanage_handle_t * sh) - { - int retval = -1; - const char *kernel_filename = -- semanage_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL); -+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL); - semanage_conf_t *conf = sh->conf; - external_prog_t *e; - if (conf->kernel_prog == NULL) { --- -2.10.2 - diff --git a/0003-libsemanage-semanage_seuser_key_create-copy-name.patch b/0003-libsemanage-semanage_seuser_key_create-copy-name.patch deleted file mode 100644 index d75e4cb728a2..000000000000 --- a/0003-libsemanage-semanage_seuser_key_create-copy-name.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 7c040a554e2c576cfa787335def949b277a19917 Mon Sep 17 00:00:00 2001 -From: Nicolas Iooss <nicolas.iooss@m4x.org> -Date: Sat, 12 Nov 2016 13:05:03 +0100 -Subject: [PATCH] libsemanage: semanage_seuser_key_create: copy name - -When removing a login using semanage with Python 3 the following error -occurs: - - # semanage login -l | grep my_user - my_user user_u - - # semanage login --delete my_user - ValueError: Login mapping for my_user is not defined - -This is due to a use-after-free in the swig-generated code for python3 -bindings. - -Copy the user name in semanage_seuser_key_create() and free it in -semanage_seuser_key_free(), like commit eac6f1f1b512 ("libsepol: -sepol_{bool|iface|user}_key_create: copy name") did. - -Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> ---- - libsemanage/src/seuser_record.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/libsemanage/src/seuser_record.c b/libsemanage/src/seuser_record.c -index 8823b1ed1c7b..1ed459486228 100644 ---- a/libsemanage/src/seuser_record.c -+++ b/libsemanage/src/seuser_record.c -@@ -33,7 +33,7 @@ struct semanage_seuser { - - struct semanage_seuser_key { - /* This user's name */ -- const char *name; -+ char *name; - }; - - int semanage_seuser_key_create(semanage_handle_t * handle, -@@ -48,7 +48,12 @@ int semanage_seuser_key_create(semanage_handle_t * handle, - ERR(handle, "out of memory, could not create seuser key"); - return STATUS_ERR; - } -- tmp_key->name = name; -+ tmp_key->name = strdup(name); -+ if (!tmp_key->name) { -+ ERR(handle, "out of memory, could not create seuser key"); -+ free(tmp_key); -+ return STATUS_ERR; -+ } - - *key_ptr = tmp_key; - return STATUS_SUCCESS; -@@ -75,7 +80,7 @@ hidden_def(semanage_seuser_key_extract) - - void semanage_seuser_key_free(semanage_seuser_key_t * key) - { -- -+ free(key->name); - free(key); - } - --- -2.10.2 - @@ -4,55 +4,56 @@ # Contributor: Sergej Pupykin (pupykin <dot> s+arch <at> gmail <dot> com) pkgname=libsemanage -pkgver=2.6 -pkgrel=2 +pkgver=2.7 +pkgrel=1 pkgdesc="SELinux binary policy manipulation library" arch=('i686' 'x86_64') url='http://userspace.selinuxproject.org' -license=('GPL') +license=('LGPL2.1') groups=('selinux') -makedepends=('flex' 'python2' 'python' 'swig') -depends=('ustr-selinux' 'libselinux>=2.6' 'audit') +makedepends=('flex' 'python2' 'python' 'ruby' 'swig') +depends=('libselinux>=2.7' 'audit') optdepends=('python2: python2 bindings' - 'python: python bindings') -options=(!emptydirs) + 'python: python bindings' + 'ruby: ruby bindings') +options=(!emptydirs) # For /var/lib/selinux install=libsemanage.install conflicts=("selinux-usr-${pkgname}") provides=("selinux-usr-${pkgname}=${pkgver}-${pkgrel}") -source=("https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/${pkgname}-${pkgver}.tar.gz" - "semanage.conf" - '0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch' - '0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch' - '0003-libsemanage-semanage_seuser_key_create-copy-name.patch') -sha256sums=('4f81541047290b751f2ffb926fcd381c186f22db18d9fe671b0b4a6a54e8cfce' - '5b0e6929428e095b561701ccdfa9c8b0c3d70dad3fc46e667eb46a85b246a4a0' - '035aefa177493f61a3f5744cd82dabef4779a9b6c8954439c802bed0f2f21de2' - '08a62dcfcb263355d6ec0d83a00ce27442ada70c7471838ca9c54c5648f55d9f' - '78cc14c549b3ce92e53b27d68beb95b4b3478f0bcd1c6c7c06f19afb6cbddd81') - -prepare() { - cd "${pkgname}-${pkgver}" - - patch -Np2 -i '../0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch' - patch -Np2 -i '../0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch' - patch -Np2 -i '../0003-libsemanage-semanage_seuser_key_create-copy-name.patch' -} +source=("https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/${pkgname}-${pkgver}.tar.gz" + "semanage.conf") +sha256sums=('07e9477714ce6a4557a1fe924ea4cb06501b62d0fa0e3c0dc32a2cf47cb8d476' + '5b0e6929428e095b561701ccdfa9c8b0c3d70dad3fc46e667eb46a85b246a4a0') build() { cd "${pkgname}-${pkgver}" make swigify make all - make PYTHON=python2 pywrap - make PYTHON=python3 pywrap + make PYTHON=/usr/bin/python2 pywrap + make PYTHON=/usr/bin/python3 pywrap + make RUBY=/usr/bin/ruby rubywrap } -package(){ +package() { cd "${pkgname}-${pkgver}" - make DESTDIR="${pkgdir}" LIBDIR="${pkgdir}/usr/lib" LIBEXECDIR="${pkgdir}/usr/lib" SHLIBDIR="${pkgdir}/usr/lib" install - make DESTDIR="${pkgdir}" LIBDIR="${pkgdir}/usr/lib" LIBEXECDIR="${pkgdir}/usr/lib" SHLIBDIR="${pkgdir}/usr/lib" PYTHON=python2 install-pywrap - make DESTDIR="${pkgdir}" LIBDIR="${pkgdir}/usr/lib" LIBEXECDIR="${pkgdir}/usr/lib" SHLIBDIR="${pkgdir}/usr/lib" PYTHON=python3 install-pywrap - python2 -m compileall "${pkgdir}/$(python2 -c 'import site; print(site.getsitepackages()[0])')" - python3 -m compileall "${pkgdir}/$(python3 -c 'import site; print(site.getsitepackages()[0])')" + make DESTDIR="${pkgdir}" \ + LIBEXECDIR="${pkgdir}/usr/lib" \ + SHLIBDIR="${pkgdir}/usr/lib" \ + install + make DESTDIR="${pkgdir}" PYTHON=python2 \ + LIBEXECDIR="${pkgdir}/usr/lib" \ + SHLIBDIR="${pkgdir}/usr/lib" \ + install-pywrap + make DESTDIR="${pkgdir}" PYTHON=python3 \ + LIBEXECDIR="${pkgdir}/usr/lib" \ + SHLIBDIR="${pkgdir}/usr/lib" \ + install-pywrap + make DESTDIR="${pkgdir}" RUBY=/usr/bin/ruby \ + LIBEXECDIR="${pkgdir}/usr/lib" \ + SHLIBDIR="${pkgdir}/usr/lib" \ + install-rubywrap + /usr/bin/python2 -m compileall "${pkgdir}/$(/usr/bin/python2 -c 'import site; print(site.getsitepackages()[0])')" + /usr/bin/python3 -m compileall "${pkgdir}/$(/usr/bin/python3 -c 'import site; print(site.getsitepackages()[0])')" install -D -m0644 "${srcdir}/semanage.conf" "${pkgdir}/etc/selinux/semanage.conf" |