Hello community, here is the log from the commit of package libsemanage for openSUSE:Factory checked in at 2013-03-08 10:53:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsemanage (Old) and /work/SRC/openSUSE:Factory/.libsemanage.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsemanage", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/libsemanage/libsemanage.changes 2012-10-26 07:58:04.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libsemanage.new/libsemanage.changes 2013-03-08 10:53:14.000000000 +0100 @@ -1,0 +2,25 @@ +Wed Jan 30 12:00:30 UTC 2013 - [email protected] + +- update to 2.1.9 + * dropped libsemanage-2.1.6-NULL_level_fix.patch (fixed upstream) + * libsemanage: do not set soname needlessly + * libsemanage: remove PYTHONLIBDIR and ruby equivalent + * do boolean name substitution + * Fix segfault for building standard policies. + * remove build warning when build swig c files + * additional makefile support for rubywrap + * ignore 80 column limit for readability + * semanage_store: fix snprintf length argument by using asprintf + * Use default semanage.conf as a fallback + * use after free in python bindings + * Alternate path for semanage.conf + * do not link against libpython, this is considered bad in Debian + * Allow to build for several ruby version + * fallback-user-level + +------------------------------------------------------------------- +Mon Jan 7 21:43:31 UTC 2013 - [email protected] + +- Remove obsolete defines/sections + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/libsemanage/python-semanage.changes 2012-10-26 07:58:04.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libsemanage.new/python-semanage.changes 2013-03-08 10:53:14.000000000 +0100 @@ -1,0 +2,10 @@ +Wed Jan 30 12:01:03 UTC 2013 - [email protected] + +- update to 2.1.9 + +------------------------------------------------------------------- +Mon Jan 7 21:43:31 UTC 2013 - [email protected] + +- Remove obsolete defines/sections + +------------------------------------------------------------------- Old: ---- libsemanage-2.1.6-NULL_level_fix.patch libsemanage-2.1.6.tar.gz New: ---- libsemanage-2.1.9.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsemanage.spec ++++++ --- /var/tmp/diff_new_pack.ZM7FCK/_old 2013-03-08 10:53:15.000000000 +0100 +++ /var/tmp/diff_new_pack.ZM7FCK/_new 2013-03-08 10:53:15.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libsemanage # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ BuildRequires: libustr-devel Name: libsemanage -Version: 2.1.6 +Version: 2.1.9 Release: 0 Summary: SELinux binary policy manipulation library License: LGPL-2.1+ @@ -32,9 +32,7 @@ Url: http://userspace.selinuxproject.org/ Source: http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz Source1: baselibs.conf -Patch: libsemanage-2.1.6-NULL_level_fix.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -%define debug_package_requires libsemanage1 = %{version}-%{release} %description Security-enhanced Linux is a feature of the Linux kernel and a number @@ -94,7 +92,6 @@ %prep %setup -q -%patch -p2 %build make clean @@ -108,9 +105,6 @@ make DESTDIR=%{buildroot} LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" install ln -sf /%{_lib}/libsemanage.so.1 %{buildroot}/%{_libdir}/libsemanage.so -%clean -rm -rf %{buildroot} - %post -n libsemanage1 -p /sbin/ldconfig %postun -n libsemanage1 -p /sbin/ldconfig ++++++ python-semanage.spec ++++++ --- /var/tmp/diff_new_pack.ZM7FCK/_old 2013-03-08 10:53:16.000000000 +0100 +++ /var/tmp/diff_new_pack.ZM7FCK/_new 2013-03-08 10:53:16.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-semanage # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ BuildRequires: swig Name: python-semanage -Version: 2.1.6 +Version: 2.1.9 Release: 0 Summary: Python bindings for libsemanage License: LGPL-2.1 @@ -63,9 +63,6 @@ rm -rf %{buildroot}%{_libdir}/pkgconfig rm -rf %{buildroot}%{_mandir} -%clean -rm -rf %{buildroot} - %files %defattr(-,root,root) %{python_sitearch}/* ++++++ libsemanage-2.1.6.tar.gz -> libsemanage-2.1.9.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.6/ChangeLog new/libsemanage-2.1.9/ChangeLog --- old/libsemanage-2.1.6/ChangeLog 2011-12-21 18:46:04.000000000 +0100 +++ new/libsemanage-2.1.9/ChangeLog 2012-09-14 19:41:22.000000000 +0200 @@ -1,3 +1,23 @@ +2.1.9 2012-09-13 + * libsemanage: do not set soname needlessly + * libsemanage: remove PYTHONLIBDIR and ruby equivalent + * do boolean name substitution + * Fix segfault for building standard policies. + +2.1.8 2012-06-28 + * remove build warning when build swig c files + * additional makefile support for rubywrap + * ignore 80 column limit for readability + * semanage_store: fix snprintf length argument by using asprintf + * Use default semanage.conf as a fallback + * use after free in python bindings + +2.1.7 2012-03-28 + * Alternate path for semanage.conf + * do not link against libpython, this is considered bad in Debian + * Allow to build for several ruby version + * fallback-user-level + 2.1.6 2011-12-21 * add ignoredirs config for genhomedircon * Fallback_user_level can be NULL if you are not using MLS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.6/Makefile new/libsemanage-2.1.9/Makefile --- old/libsemanage-2.1.6/Makefile 2011-12-21 18:46:04.000000000 +0100 +++ new/libsemanage-2.1.9/Makefile 2012-09-14 19:41:22.000000000 +0200 @@ -7,6 +7,9 @@ pywrap: $(MAKE) -C src pywrap +rubywrap: + $(MAKE) -C src rubywrap + install: $(MAKE) -C include install $(MAKE) -C src install @@ -15,6 +18,9 @@ install-pywrap: $(MAKE) -C src install-pywrap +install-rubywrap: + $(MAKE) -C src install-rubywrap + relabel: $(MAKE) -C src relabel diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.6/VERSION new/libsemanage-2.1.9/VERSION --- old/libsemanage-2.1.6/VERSION 2011-12-21 18:46:04.000000000 +0100 +++ new/libsemanage-2.1.9/VERSION 2012-09-14 19:41:22.000000000 +0200 @@ -1 +1 @@ -2.1.6 +2.1.9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.6/src/.gitignore new/libsemanage-2.1.9/src/.gitignore --- old/libsemanage-2.1.6/src/.gitignore 2011-12-21 18:46:04.000000000 +0100 +++ new/libsemanage-2.1.9/src/.gitignore 2012-09-14 19:41:22.000000000 +0200 @@ -1,3 +1,4 @@ semanageswig_wrap.c semanageswig_python_exception.i semanage.py +semanageswig_ruby_wrap.c diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.6/src/Makefile new/libsemanage-2.1.9/src/Makefile --- old/libsemanage-2.1.6/src/Makefile 2011-12-21 18:46:04.000000000 +0100 +++ new/libsemanage-2.1.9/src/Makefile 2012-09-14 19:41:22.000000000 +0200 @@ -3,6 +3,8 @@ # targets with "PYPREFIX": PYTHON ?= python PYPREFIX ?= $(notdir $(PYTHON)) +RUBY ?= ruby +RUBYPREFIX ?= $(notdir $(RUBY)) # Installation directories. PREFIX ?= $(DESTDIR)/usr @@ -11,12 +13,12 @@ INCLUDEDIR ?= $(PREFIX)/include PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])') PYINC ?= $(shell pkg-config --cflags $(PYPREFIX)) -PYTHONLIBDIR ?= $(shell pkg-config --libs $(PYPREFIX)) PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER) -RUBYLIBVER ?= $(shell ruby -e 'print RUBY_VERSION.split(".")[0..1].join(".")') -RUBYPLATFORM ?= $(shell ruby -e 'print RUBY_PLATFORM') -RUBYINC ?= $(LIBDIR)/ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) +RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")') +RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM') +RUBYINC ?= $(shell pkg-config --cflags ruby-$(RUBYLIBVER)) RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) + LIBBASE=$(shell basename $(LIBDIR)) DEFAULT_SEMANAGE_CONF_LOCATION=$(DESTDIR)/etc/selinux/semanage.conf @@ -42,10 +44,10 @@ SWIGCOUT= semanageswig_wrap.c SWIGRUBYCOUT= semanageswig_ruby_wrap.c SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT)) -SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT)) +SWIGRUBYLOBJ:= $(patsubst %.c,$(RUBYPREFIX)%.lo,$(SWIGRUBYCOUT)) SWIGSO=$(PYPREFIX)_semanage.so SWIGFILES=$(SWIGSO) semanage.py -SWIGRUBYSO=_rubysemanage.so +SWIGRUBYSO=$(RUBYPREFIX)_semanage.so LIBSO=$(TARGET).$(LIBVERSION) GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) semanageswig_python_exception.i @@ -55,6 +57,9 @@ LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute +SWIG_CFLAGS += -Wno-error -Wno-unused-but-set-variable -Wno-unused-variable -Wno-shadow \ + -Wno-unused-parameter + override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE RANLIB=ranlib @@ -71,16 +76,16 @@ rubywrap: all $(SWIGRUBYSO) $(SWIGLOBJ): $(SWIGCOUT) - $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $< + $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $< $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT) - $(CC) $(filter-out -Werror, $(CFLAGS)) -I$(RUBYINC) -fPIC -DSHARED -c -o $@ $< + $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $< $(SWIGSO): $(SWIGLOBJ) - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -L$(LIBDIR) $(PYTHONLIBDIR) -Wl,-soname,$@,-z,defs + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -L$(LIBDIR) $(SWIGRUBYSO): $(SWIGRUBYLOBJ) - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lsemanage -L$(LIBDIR) -Wl,-soname,$@ + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lsemanage -L$(LIBDIR) $(LIBA): $(OBJS) $(AR) rcs $@ $^ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.6/src/boolean_record.c new/libsemanage-2.1.9/src/boolean_record.c --- old/libsemanage-2.1.6/src/boolean_record.c 2011-12-21 18:46:04.000000000 +0100 +++ new/libsemanage-2.1.9/src/boolean_record.c 2012-09-14 19:41:22.000000000 +0200 @@ -19,6 +19,8 @@ #include "boolean_internal.h" #include "handle.h" #include "database.h" +#include <stdlib.h> +#include <selinux/selinux.h> /* Key */ int semanage_bool_key_create(semanage_handle_t * handle, @@ -82,8 +84,11 @@ int semanage_bool_set_name(semanage_handle_t * handle, semanage_bool_t * boolean, const char *name) { - - return sepol_bool_set_name(handle->sepolh, boolean, name); + int rc; + char *subname = selinux_boolean_sub(name); + rc = sepol_bool_set_name(handle->sepolh, boolean, subname); + free(subname); + return rc; } hidden_def(semanage_bool_set_name) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.6/src/fcontext_record.c new/libsemanage-2.1.9/src/fcontext_record.c --- old/libsemanage-2.1.6/src/fcontext_record.c 2011-12-21 18:46:04.000000000 +0100 +++ new/libsemanage-2.1.9/src/fcontext_record.c 2012-09-14 19:41:22.000000000 +0200 @@ -25,7 +25,7 @@ struct semanage_fcontext_key { /* Matching expression */ - const char *expr; + char *expr; /* Type of object */ int type; @@ -45,7 +45,11 @@ "create file context key"); return STATUS_ERR; } - tmp_key->expr = expr; + tmp_key->expr = strdup(expr); + if (!tmp_key->expr) { + ERR(handle, "out of memory, could not create file context key."); + return STATUS_ERR; + } tmp_key->type = type; *key_ptr = tmp_key; @@ -74,6 +78,7 @@ void semanage_fcontext_key_free(semanage_fcontext_key_t * key) { + free(key->expr); free(key); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.6/src/genhomedircon.c new/libsemanage-2.1.9/src/genhomedircon.c --- old/libsemanage-2.1.6/src/genhomedircon.c 2011-12-21 18:46:04.000000000 +0100 +++ new/libsemanage-2.1.9/src/genhomedircon.c 2012-09-14 19:41:22.000000000 +0200 @@ -772,12 +772,14 @@ if (semanage_user_query(s->h_semanage, key, &u) < 0) { prefix = name; - level = "s0"; + level = FALLBACK_USER_LEVEL; } else { prefix = semanage_user_get_prefix(u); level = semanage_user_get_mlslevel(u); + if (!level) + level = FALLBACK_USER_LEVEL; } if (set_fallback_user(s, seuname, prefix, level) != 0) @@ -861,9 +863,11 @@ if (u) { prefix = semanage_user_get_prefix(*u); level = semanage_user_get_mlslevel(*u); + if (!level) + level = FALLBACK_USER_LEVEL; } else { prefix = name; - level = "s0"; + level = FALLBACK_USER_LEVEL; } retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.6/src/handle.c new/libsemanage-2.1.9/src/handle.c --- old/libsemanage-2.1.6/src/handle.c 2011-12-21 18:46:04.000000000 +0100 +++ new/libsemanage-2.1.9/src/handle.c 2012-09-14 19:41:22.000000000 +0200 @@ -37,10 +37,12 @@ #include "semanage_store.h" #define SEMANAGE_COMMIT_READ_WAIT 5 +#define SEMANAGE_CONF_PATH "/etc/selinux/semanage.conf" #include <string.h> #include <selinux/selinux.h> static char *private_selinux_path = NULL; +static char *private_semanage_conf_path = NULL; static char *private_file_context_path = NULL; static char *private_file_context_local_path = NULL; static char *private_file_context_homedir_path = NULL; @@ -52,6 +54,7 @@ void semanage_free_root() { free(private_selinux_path); private_selinux_path = NULL; + free(private_semanage_conf_path); private_semanage_conf_path = NULL; free(private_file_context_path); private_file_context_path = NULL; free(private_file_context_local_path); private_file_context_local_path = NULL; free(private_file_context_homedir_path); private_file_context_homedir_path = NULL; @@ -68,6 +71,10 @@ goto error; } + if ( asprintf(&private_semanage_conf_path, "%s/%s", path, SEMANAGE_CONF_PATH) < 0 ) { + goto error; + } + if ( asprintf(&private_file_context_path, "%s/%s", path, selinux_file_context_path()) < 0 ) { goto error; } @@ -171,6 +178,21 @@ return selinux_path(); } +/* Return a fully-qualified path + filename to the semanage + * configuration file. The caller must not alter the string returned + * (and hence why this function return type is const). + * + */ + +const char *semanage_conf_path(void) +{ + if (private_semanage_conf_path && + access(private_semanage_conf_path, R_OK) == 0) + return private_semanage_conf_path; + + return SEMANAGE_CONF_PATH; +} + semanage_handle_t *semanage_handle_create(void) { semanage_handle_t *sh = NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.6/src/handle.h new/libsemanage-2.1.9/src/handle.h --- old/libsemanage-2.1.6/src/handle.h 2011-12-21 18:46:04.000000000 +0100 +++ new/libsemanage-2.1.9/src/handle.h 2012-09-14 19:41:22.000000000 +0200 @@ -105,6 +105,8 @@ dbase_config_t dbase[DBASE_COUNT]; }; +const char *semanage_conf_path(void); + /* === Local modifications === */ static inline dbase_config_t * semanage_user_base_dbase_local(semanage_handle_t * handle) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.6/src/semanage_store.c new/libsemanage-2.1.9/src/semanage_store.c --- old/libsemanage-2.1.6/src/semanage_store.c 2011-12-21 18:46:04.000000000 +0100 +++ new/libsemanage-2.1.9/src/semanage_store.c 2012-09-14 19:41:22.000000000 +0200 @@ -262,18 +262,6 @@ return semanage_paths[store][path_name]; } -/* Return a fully-qualified path + filename to the semanage - * configuration file. The caller must not alter the string returned - * (and hence why this function return type is const). - * - * This is going to be hard coded to /etc/selinux/semanage.conf for - * the time being. FIXME - */ -const char *semanage_conf_path(void) -{ - return "/etc/selinux/semanage.conf"; -} - /**************** functions that create module store ***************/ /* Check that the semanage store exists. If 'create' is non-zero then @@ -1119,16 +1107,12 @@ int retval = -3, r, len; char *storepath = NULL; struct stat astore, istore; - const char *active_kernel = - semanage_path(SEMANAGE_ACTIVE, SEMANAGE_KERNEL); + const char *active_kernel = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_KERNEL); const char *active_fc = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_FC); - const char *active_fc_loc = - semanage_path(SEMANAGE_ACTIVE, SEMANAGE_FC_LOCAL); - const char *active_seusers = - semanage_path(SEMANAGE_ACTIVE, SEMANAGE_SEUSERS); + const char *active_fc_loc = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_FC_LOCAL); + const char *active_seusers = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_SEUSERS); const char *active_nc = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_NC); - const char *active_fc_hd = - semanage_path(SEMANAGE_ACTIVE, SEMANAGE_FC_HOMEDIRS); + const char *active_fc_hd = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_FC_HOMEDIRS); const char *running_fc = semanage_file_context_path(); const char *running_fc_loc = semanage_file_context_local_path(); @@ -1158,12 +1142,8 @@ running_seusers += len; running_nc += len; - len = strlen(semanage_selinux_path()) + strlen(sh->conf->store_path) + 1; - storepath = (char *)malloc(len); - if (!storepath) - goto cleanup; - snprintf(storepath, PATH_MAX, "%s%s", semanage_selinux_path(), - sh->conf->store_path); + if (asprintf(&storepath, "%s%s", semanage_selinux_path(), sh->conf->store_path) < 0) + return retval; snprintf(store_pol, PATH_MAX, "%s%s.%d", storepath, running_policy, sh->conf->policyvers); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.6/src/semanage_store.h new/libsemanage-2.1.9/src/semanage_store.h --- old/libsemanage-2.1.6/src/semanage_store.h 2011-12-21 18:46:04.000000000 +0100 +++ new/libsemanage-2.1.9/src/semanage_store.h 2012-09-14 19:41:22.000000000 +0200 @@ -66,7 +66,6 @@ /* FIXME: this needs to be made a module store specific init and the * global configuration moved to another file. */ -const char *semanage_conf_path(void); int semanage_check_init(const char *root); extern const char *semanage_fname(enum semanage_sandbox_defs file_enum); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
