Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libsemanage for openSUSE:Factory checked in at 2026-02-09 11:42:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsemanage (Old) and /work/SRC/openSUSE:Factory/.libsemanage.new.1670 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsemanage" Mon Feb 9 11:42:52 2026 rev:69 rq:1331576 version:3.10 Changes: -------- --- /work/SRC/openSUSE:Factory/libsemanage/libsemanage.changes 2025-07-24 18:34:32.938369610 +0200 +++ /work/SRC/openSUSE:Factory/.libsemanage.new.1670/libsemanage.changes 2026-02-09 11:43:16.045513342 +0100 @@ -1,0 +2,10 @@ +Thu Feb 5 16:21:18 UTC 2026 - Cathy Hu <[email protected]> + +- Update to version 3.10 + https://github.com/SELinuxProject/selinux/releases/tag/3.10 + * libsemanage: get_home_dirs: cleanup parsing of values from conf files + * libsemanage: semanage_store: recursively create SEMANAGE_ROOT +- keyring: Add key of Jason Zaman <[email protected]> + * added 63191CE94183098689CAB8DB7EF137EC935B0EAF [expires: 2026-02-08] + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/libsemanage/python-semanage.changes 2025-07-24 18:34:32.954370272 +0200 +++ /work/SRC/openSUSE:Factory/.libsemanage.new.1670/python-semanage.changes 2026-02-09 11:43:16.217520578 +0100 @@ -1,0 +2,10 @@ +Thu Feb 5 16:24:27 UTC 2026 - Cathy Hu <[email protected]> + +- Update to version 3.10 + https://github.com/SELinuxProject/selinux/releases/tag/3.10 + * libsemanage: get_home_dirs: cleanup parsing of values from conf files + * libsemanage: semanage_store: recursively create SEMANAGE_ROOT +- keyring: Add key of Jason Zaman <[email protected]> + * added 63191CE94183098689CAB8DB7EF137EC935B0EAF [expires: 2026-02-08] + +------------------------------------------------------------------- Old: ---- libsemanage-3.9.tar.gz libsemanage-3.9.tar.gz.asc New: ---- libsemanage-3.10.tar.gz libsemanage-3.10.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsemanage.spec ++++++ --- /var/tmp/diff_new_pack.sXlmA6/_old 2026-02-09 11:43:17.105557938 +0100 +++ /var/tmp/diff_new_pack.sXlmA6/_new 2026-02-09 11:43:17.105557938 +0100 @@ -1,7 +1,7 @@ # # spec file for package libsemanage # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ %define libname libsemanage%{soversion} Name: libsemanage -Version: 3.9 +Version: 3.10 Release: 0 Summary: SELinux policy management library License: LGPL-2.1-or-later ++++++ python-semanage.spec ++++++ --- /var/tmp/diff_new_pack.sXlmA6/_old 2026-02-09 11:43:17.153559957 +0100 +++ /var/tmp/diff_new_pack.sXlmA6/_new 2026-02-09 11:43:17.153559957 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-semanage # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,12 +20,12 @@ %define soversion 2 %define libname libsemanage%{soversion} -%define libsepol_ver 3.9 -%define libselinux_ver 3.9 +%define libsepol_ver 3.10 +%define libselinux_ver 3.10 %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-semanage -Version: 3.9 +Version: 3.10 Release: 0 Summary: Python bindings for SELinux's policy management library License: LGPL-2.1-only ++++++ libsemanage-3.9.tar.gz -> libsemanage-3.10.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.9/Makefile new/libsemanage-3.10/Makefile --- old/libsemanage-3.9/Makefile 2025-07-16 12:55:13.000000000 +0200 +++ new/libsemanage-3.10/Makefile 2026-02-02 03:01:16.000000000 +0100 @@ -29,9 +29,5 @@ $(MAKE) -C src $@ $(MAKE) -C tests $@ -indent: - $(MAKE) -C src $@ - $(MAKE) -C include $@ - test: all $(MAKE) -C tests test diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.9/VERSION new/libsemanage-3.10/VERSION --- old/libsemanage-3.9/VERSION 2025-07-16 12:55:13.000000000 +0200 +++ new/libsemanage-3.10/VERSION 2026-02-02 03:01:16.000000000 +0100 @@ -1 +1 @@ -3.9 +3.10 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.9/include/Makefile new/libsemanage-3.10/include/Makefile --- old/libsemanage-3.9/include/Makefile 2025-07-16 12:55:13.000000000 +0200 +++ new/libsemanage-3.10/include/Makefile 2026-02-02 03:01:16.000000000 +0100 @@ -7,6 +7,3 @@ install: all test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR) install -m 644 $(wildcard semanage/*.h) $(DESTDIR)$(INCDIR) - -indent: - ../../scripts/Lindent $(wildcard semanage/*.h) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.9/src/Makefile new/libsemanage-3.10/src/Makefile --- old/libsemanage-3.9/src/Makefile 2025-07-16 12:55:13.000000000 +0200 +++ new/libsemanage-3.10/src/Makefile 2026-02-02 03:01:16.000000000 +0100 @@ -167,7 +167,4 @@ distclean: clean rm -f $(GENERATED) $(SWIGFILES) -indent: - ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch])) - .PHONY: all clean pywrap rubywrap swigify install install-pywrap install-rubywrap distclean diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.9/src/genhomedircon.c new/libsemanage-3.10/src/genhomedircon.c --- old/libsemanage-3.9/src/genhomedircon.c 2025-07-16 12:55:13.000000000 +0200 +++ new/libsemanage-3.10/src/genhomedircon.c 2026-02-02 03:01:16.000000000 +0100 @@ -64,6 +64,11 @@ #define PATH_SHELLS_FILE "/etc/shells" #define PATH_NOLOGIN_SHELL "/sbin/nologin" +/* fallback values */ +#define FALLBACK_MINUID 1000 +#define FALLBACK_MAXUID 60000 +#define FALLBACK_LU_UIDNUMBER 500 + /* comments written to context file */ #define COMMENT_FILE_CONTEXT_HEADER "#\n#\n# " \ "User-specific file contexts, generated via libsemanage\n" \ @@ -303,14 +308,52 @@ return retval; } +/* + * Parses `file` for `key` seperated by `sep` into `out`. + * Returns: + * true on success. + * false on failure. + * `out` is guaranteed to be initalised. + * `fallback_set` is initalised to false, and set to true if a fallback was used. + */ +static bool parse_uid_config(const char *file, const char *key, const char *sep, + uid_t fallback, uid_t *out, bool *fallback_set) +{ + assert(out); + assert(fallback_set); + + *fallback_set = false; + + char *uid_str = semanage_findval(file, key, sep); + if (!uid_str || !*uid_str) { + free(uid_str); + *fallback_set = true; + *out = fallback; + return true; + } + + char *endptr; + errno = 0; + const unsigned long val = strtoul(uid_str, &endptr, 0); + + if (endptr != uid_str && *endptr == '\0' && errno != ERANGE) { + *out = (uid_t)val; + free(uid_str); + return true; + } + + free(uid_str); + *fallback_set = true; + *out = fallback; + return false; +} + static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s) { semanage_list_t *homedir_list = NULL; semanage_list_t *shells = NULL; fc_match_handle_t hand; char *path = NULL; - uid_t temp, minuid = 500, maxuid = 60000; - int minuid_set = 0; struct passwd *pwbuf; struct stat buf; @@ -352,33 +395,32 @@ goto fail; } - path = semanage_findval(PATH_ETC_LOGIN_DEFS, "UID_MIN", NULL); - if (path && *path) { - temp = atoi(path); +#define genhomedircon_warn_conv_fail(key, val) \ + WARN(s->h_semanage, \ + "Conversion failed for key " key ", is its value a number?" \ + " Falling back to default value of `%s`.", #val); + + uid_t minuid; + bool fallback_set; + if (!parse_uid_config(PATH_ETC_LOGIN_DEFS, "UID_MIN", NULL, FALLBACK_MINUID, &minuid, &fallback_set)) + genhomedircon_warn_conv_fail("UID_MIN", FALLBACK_MINUID); + + const bool logindefs_minuid_fallback_set = fallback_set; + + uid_t temp; + if (!parse_uid_config(PATH_ETC_LIBUSER, "LU_UIDNUMBER", "=", FALLBACK_LU_UIDNUMBER, &temp, &fallback_set)) + genhomedircon_warn_conv_fail("LU_UIDNUMBER", FALLBACK_LU_UIDNUMBER); + + if (logindefs_minuid_fallback_set) minuid = temp; - minuid_set = 1; - } - free(path); - path = NULL; - path = semanage_findval(PATH_ETC_LOGIN_DEFS, "UID_MAX", NULL); - if (path && *path) { - temp = atoi(path); - maxuid = temp; - } - free(path); - path = NULL; + uid_t maxuid; + /* We don't actually check fallback_set here, PATH_ETC_LOGIN_DEFS is the one source of + truth for UID_MAX. */ + if (!parse_uid_config(PATH_ETC_LOGIN_DEFS, "UID_MAX", NULL, FALLBACK_MAXUID, &maxuid, &fallback_set)) + genhomedircon_warn_conv_fail("UID_MAX", FALLBACK_MAXUID); - path = semanage_findval(PATH_ETC_LIBUSER, "LU_UIDNUMBER", "="); - if (path && *path) { - temp = atoi(path); - if (!minuid_set || temp < minuid) { - minuid = temp; - minuid_set = 1; - } - } - free(path); - path = NULL; +#undef genhomedircon_warn_conv_fail errno = 0; setpwent(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.9/src/semanage_store.c new/libsemanage-3.10/src/semanage_store.c --- old/libsemanage-3.9/src/semanage_store.c 2025-07-16 12:55:13.000000000 +0200 +++ new/libsemanage-3.10/src/semanage_store.c 2026-02-02 03:01:16.000000000 +0100 @@ -491,6 +491,45 @@ return semanage_conf; } +/* Recursively create a directory from a path string. + * Returns 0 on success, -errno on failure. + */ +static int mkdir_recursive(const char *path, mode_t mode) +{ + if (!path || !*path) { + return -EINVAL; + } + + char path_buffer[PATH_MAX] = {0}; + size_t len = strlen(path); + /* + 1 for nullterm. */ + if (len + 1 > sizeof(path_buffer)) { + return -ENAMETOOLONG; + } + + /* + 1 for nullterm. */ + memcpy(path_buffer, path, len + 1); + + /* trim possible trailing slashes, except if '/' is the entire path. */ + while (len > 1 && path_buffer[len - 1] == '/') { + path_buffer[--len] = '\0'; + } + + for (char *pos = path_buffer + 1, *slash; (slash = strchr(pos, '/')); pos = slash + 1) { + *slash = '\0'; + if (mkdir(path_buffer, mode) != 0 && errno != EEXIST) { + return -errno; + } + *slash = '/'; + } + + if (mkdir(path_buffer, mode) != 0 && errno != EEXIST) { + return -errno; + } + + return 0; +} + /**************** functions that create module store ***************/ /* Check that the semanage store exists. If 'create' is non-zero then @@ -506,14 +545,20 @@ if (stat(path, &sb) == -1) { if (errno == ENOENT && create) { - mask = umask(0077); - if (mkdir(path, S_IRWXU) == -1) { - umask(mask); - ERR(sh, "Could not create module store at %s.", - path); + /* First we create directories recursively with standard permissions so that + we don't screw up ownership of toplevel dirs such as `/var` in pkgmgr + environments. */ + const int r = mkdir_recursive(path, (mode_t)0755); + if (r != 0) { + ERR(sh, "Could not create module store at %s: %s.", path, strerror(-r)); + return -2; + } + /* Now that we've created the directory tree, we set the permissions of the + target path to 0700. */ + if (chmod(path, (mode_t)0700) != 0) { + ERR(sh, "Failed to chown module store at %s: %s.", path, strerror(errno)); return -2; } - umask(mask); } else { if (create) ERR(sh, @@ -529,6 +574,8 @@ return -1; } } + /* We no longer need to use mkdir_recursive at this point: the toplevel + directory hierarchy has been created by now. */ path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_TOPLEVEL); if (stat(path, &sb) == -1) { if (errno == ENOENT && create) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.9/utils/Makefile new/libsemanage-3.10/utils/Makefile --- old/libsemanage-3.9/utils/Makefile 2025-07-16 12:55:13.000000000 +0200 +++ new/libsemanage-3.10/utils/Makefile 2026-02-02 03:01:16.000000000 +0100 @@ -13,7 +13,4 @@ distclean: clean -indent: - relabel: - ++++++ libsemanage.keyring ++++++ ++++ 1396 lines (skipped) ++++ between libsemanage.keyring ++++ and /work/SRC/openSUSE:Factory/.libsemanage.new.1670/libsemanage.keyring
