Hello community, here is the log from the commit of package checkpolicy for openSUSE:Factory checked in at 2020-10-06 17:06:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/checkpolicy (Old) and /work/SRC/openSUSE:Factory/.checkpolicy.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "checkpolicy" Tue Oct 6 17:06:28 2020 rev:31 rq:832089 version:3.1 Changes: -------- --- /work/SRC/openSUSE:Factory/checkpolicy/checkpolicy.changes 2020-03-11 18:31:14.622858075 +0100 +++ /work/SRC/openSUSE:Factory/.checkpolicy.new.4249/checkpolicy.changes 2020-10-06 17:09:12.757428935 +0200 @@ -1,0 +2,8 @@ +Tue Jul 14 08:31:15 UTC 2020 - Johannes Segitz <[email protected]> + +- Update to version 3.1 + * checkpolicy treats invalid characters as an error - might break rare use + cases (intentionally) + * Drop extern_te_assert_t.patch, is upstream + +------------------------------------------------------------------- Old: ---- checkpolicy-3.0.tar.gz extern_te_assert_t.patch New: ---- checkpolicy-3.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ checkpolicy.spec ++++++ --- /var/tmp/diff_new_pack.V5gKfu/_old 2020-10-06 17:09:13.857429885 +0200 +++ /var/tmp/diff_new_pack.V5gKfu/_new 2020-10-06 17:09:13.861429888 +0200 @@ -16,17 +16,16 @@ # -%define libsepol_ver 3.0 +%define libsepol_ver 3.1 Name: checkpolicy -Version: 3.0 +Version: 3.1 Release: 0 Summary: SELinux policy compiler License: GPL-2.0-or-later Group: Productivity/Security URL: https://github.com/SELinuxProject/selinux -Source0: https://github.com/SELinuxProject/selinux/releases/download/20191204/%{name}-%{version}.tar.gz +Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/%{name}-%{version}.tar.gz Source1: checkpolicy-tests.tar.gz -Patch0: extern_te_assert_t.patch BuildRequires: bison BuildRequires: flex BuildRequires: libselinux-devel @@ -68,7 +67,6 @@ %prep %setup -q -%patch0 -p1 %build make clean ++++++ checkpolicy-3.0.tar.gz -> checkpolicy-3.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.0/VERSION new/checkpolicy-3.1/VERSION --- old/checkpolicy-3.0/VERSION 2019-11-28 13:46:48.000000000 +0100 +++ new/checkpolicy-3.1/VERSION 2020-07-10 17:17:15.000000000 +0200 @@ -1 +1 @@ -3.0 +3.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.0/checkmodule.8 new/checkpolicy-3.1/checkmodule.8 --- old/checkpolicy-3.0/checkmodule.8 2019-11-28 13:46:48.000000000 +0100 +++ new/checkpolicy-3.1/checkmodule.8 2020-07-10 17:17:15.000000000 +0200 @@ -28,6 +28,9 @@ .B \-C,\-\-cil Write CIL policy file rather than binary policy file. .TP +.B \-E,\-\-werror +Treat warnings as errors +.TP .B \-h,\-\-help Print usage. .TP @@ -64,6 +67,6 @@ .SH AUTHOR This manual page was copied from the checkpolicy man page -written by Arpad Magosanyi <[email protected]>, +written by Árpád Magosányi <[email protected]>, and edited by Dan Walsh <[email protected]>. The program was written by Stephen Smalley <[email protected]>. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.0/checkmodule.c new/checkpolicy-3.1/checkmodule.c --- old/checkpolicy-3.0/checkmodule.c 2019-11-28 13:46:48.000000000 +0100 +++ new/checkpolicy-3.1/checkmodule.c 2020-07-10 17:17:15.000000000 +0200 @@ -25,7 +25,6 @@ #include <sepol/policydb/policydb.h> #include <sepol/policydb/services.h> #include <sepol/policydb/conditional.h> -#include <sepol/policydb/flask.h> #include <sepol/policydb/hierarchy.h> #include <sepol/policydb/expand.h> #include <sepol/policydb/link.h> @@ -41,6 +40,7 @@ static sidtab_t sidtab; extern int mlspol; +extern int werror; static int handle_unknown = SEPOL_DENY_UNKNOWN; static const char *txtfile = "policy.conf"; @@ -126,7 +126,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname) { - printf("usage: %s [-h] [-V] [-b] [-C] [-U handle_unknown] [-m] [-M] [-o FILE] [INPUT]\n", progname); + printf("usage: %s [-h] [-V] [-b] [-C] [-E] [-U handle_unknown] [-m] [-M] [-o FILE] [INPUT]\n", progname); printf("Build base and policy modules.\n"); printf("Options:\n"); printf(" INPUT build module from INPUT (else read from \"%s\")\n", @@ -134,6 +134,7 @@ printf(" -V show policy versions created by this program\n"); printf(" -b treat input as a binary policy file\n"); printf(" -C output CIL policy instead of binary policy\n"); + printf(" -E treat warnings as errors\n"); printf(" -h print usage\n"); printf(" -U OPTION How to handle unknown classes and permissions\n"); printf(" deny: Deny unknown kernel checks\n"); @@ -162,10 +163,11 @@ {"handle-unknown", required_argument, NULL, 'U'}, {"mls", no_argument, NULL, 'M'}, {"cil", no_argument, NULL, 'C'}, + {"werror", no_argument, NULL, 'E'}, {NULL, 0, NULL, 0} }; - while ((ch = getopt_long(argc, argv, "ho:bVU:mMCc:", long_options, NULL)) != -1) { + while ((ch = getopt_long(argc, argv, "ho:bVEU:mMCc:", long_options, NULL)) != -1) { switch (ch) { case 'h': usage(argv[0]); @@ -180,6 +182,9 @@ case 'V': show_version = 1; break; + case 'E': + werror = 1; + break; case 'U': if (!strcasecmp(optarg, "deny")) { handle_unknown = DENY_UNKNOWN; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.0/checkpolicy.8 new/checkpolicy-3.1/checkpolicy.8 --- old/checkpolicy-3.0/checkpolicy.8 2019-11-28 13:46:48.000000000 +0100 +++ new/checkpolicy-3.1/checkpolicy.8 2020-07-10 17:17:15.000000000 +0200 @@ -53,6 +53,9 @@ .B \-O,\-\-optimize Optimize the final kernel policy (remove redundant rules). .TP +.B \-E,\-\-werror +Treat warnings as errors +.TP .B \-V,\-\-version Show version information. .TP @@ -64,6 +67,6 @@ .SH AUTHOR -This manual page was written by Arpad Magosanyi <[email protected]>, +This manual page was written by Árpád Magosányi <[email protected]>, and edited by Stephen Smalley <[email protected]>. The program was written by Stephen Smalley <[email protected]>. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.0/checkpolicy.c new/checkpolicy-3.1/checkpolicy.c --- old/checkpolicy-3.0/checkpolicy.c 2019-11-28 13:46:48.000000000 +0100 +++ new/checkpolicy-3.1/checkpolicy.c 2020-07-10 17:17:15.000000000 +0200 @@ -85,7 +85,6 @@ #include <sepol/policydb/services.h> #include <sepol/policydb/conditional.h> #include <sepol/policydb/hierarchy.h> -#include <sepol/policydb/flask.h> #include <sepol/policydb/expand.h> #include <sepol/policydb/link.h> @@ -101,6 +100,7 @@ extern policydb_t *policydbp; extern int mlspol; +extern int werror; static int handle_unknown = SEPOL_DENY_UNKNOWN; static const char *txtfile = "policy.conf"; @@ -113,7 +113,7 @@ printf ("usage: %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] " "[-c policyvers (%d-%d)] [-o output_file|-] [-S] " - "[-t target_platform (selinux,xen)] [-V] [input_file]\n", + "[-t target_platform (selinux,xen)] [-E] [-V] [input_file]\n", progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); exit(1); } @@ -421,11 +421,12 @@ {"conf",no_argument, NULL, 'F'}, {"sort", no_argument, NULL, 'S'}, {"optimize", no_argument, NULL, 'O'}, + {"werror", no_argument, NULL, 'E'}, {"help", no_argument, NULL, 'h'}, {NULL, 0, NULL, 0} }; - while ((ch = getopt_long(argc, argv, "o:t:dbU:MCFSVc:Oh", long_options, NULL)) != -1) { + while ((ch = getopt_long(argc, argv, "o:t:dbU:MCFSVc:OEh", long_options, NULL)) != -1) { switch (ch) { case 'o': outfile = optarg; @@ -504,6 +505,9 @@ policyvers = n; break; } + case 'E': + werror = 1; + break; case 'h': default: usage(argv[0]); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.0/checkpolicy.h new/checkpolicy-3.1/checkpolicy.h --- old/checkpolicy-3.0/checkpolicy.h 2019-11-28 13:46:48.000000000 +0100 +++ new/checkpolicy-3.1/checkpolicy.h 2020-07-10 17:17:15.000000000 +0200 @@ -1,20 +1,6 @@ #ifndef _CHECKPOLICY_H_ #define _CHECKPOLICY_H_ -#include <sepol/policydb/ebitmap.h> - -typedef struct te_assert { - ebitmap_t stypes; - ebitmap_t ttypes; - ebitmap_t tclasses; - int self; - sepol_access_vector_t *avp; - unsigned long line; - struct te_assert *next; -} te_assert_t; - -te_assert_t *te_assertions; - extern unsigned int policyvers; #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.0/policy_define.c new/checkpolicy-3.1/policy_define.c --- old/checkpolicy-3.0/policy_define.c 2019-11-28 13:46:48.000000000 +0100 +++ new/checkpolicy-3.1/policy_define.c 2020-07-10 17:17:15.000000000 +0200 @@ -53,7 +53,6 @@ #include <sepol/policydb/policydb.h> #include <sepol/policydb/services.h> #include <sepol/policydb/conditional.h> -#include <sepol/policydb/flask.h> #include <sepol/policydb/hierarchy.h> #include <sepol/policydb/polcaps.h> #include "queue.h" @@ -5509,7 +5508,9 @@ { struct genfs *genfs_p, *genfs, *newgenfs; ocontext_t *newc, *c, *head, *p; + class_datum_t *cladatum; char *type = NULL; + const char *sclass; int len, len2; if (policydbp->target_platform != SEPOL_TARGET_SELINUX) { @@ -5571,30 +5572,39 @@ } switch (type[0]) { case 'b': - newc->v.sclass = SECCLASS_BLK_FILE; + sclass = "blk_file"; break; case 'c': - newc->v.sclass = SECCLASS_CHR_FILE; + sclass = "chr_file"; break; case 'd': - newc->v.sclass = SECCLASS_DIR; + sclass = "dir"; break; case 'p': - newc->v.sclass = SECCLASS_FIFO_FILE; + sclass = "fifo_file"; break; case 'l': - newc->v.sclass = SECCLASS_LNK_FILE; + sclass = "lnk_file"; break; case 's': - newc->v.sclass = SECCLASS_SOCK_FILE; + sclass = "sock_file"; break; case '-': - newc->v.sclass = SECCLASS_FILE; + sclass = "file"; break; default: yyerror2("invalid type %s", type); goto fail; } + + cladatum = hashtab_search(policydbp->p_classes.table, + sclass); + if (!cladatum) { + yyerror2("could not find class %s for " + "genfscon statement", sclass); + goto fail; + } + newc->v.sclass = cladatum->s.value; } if (parse_security_context(&newc->context[0])) goto fail; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.0/policy_parse.y new/checkpolicy-3.1/policy_parse.y --- old/checkpolicy-3.0/policy_parse.y 2019-11-28 13:46:48.000000000 +0100 +++ new/checkpolicy-3.1/policy_parse.y 2020-07-10 17:17:15.000000000 +0200 @@ -46,7 +46,6 @@ #include <sepol/policydb/policydb.h> #include <sepol/policydb/services.h> #include <sepol/policydb/conditional.h> -#include <sepol/policydb/flask.h> #include <sepol/policydb/hierarchy.h> #include <sepol/policydb/polcaps.h> #include "queue.h" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.0/policy_scan.l new/checkpolicy-3.1/policy_scan.l --- old/checkpolicy-3.0/policy_scan.l 2019-11-28 13:46:48.000000000 +0100 +++ new/checkpolicy-3.1/policy_scan.l 2020-07-10 17:17:15.000000000 +0200 @@ -36,6 +36,8 @@ static char linebuf[2][255]; static unsigned int lno = 0; +int werror = 0; +int yyerror(const char *msg); int yywarn(const char *msg); void set_source_file(const char *name); @@ -290,7 +292,7 @@ "]" | "~" | "*" { return(yytext[0]); } -. { yywarn("unrecognized character");} +. { yyerror("unrecognized character");} %% int yyerror(const char *msg) { @@ -310,6 +312,9 @@ int yywarn(const char *msg) { + if (werror) + return yyerror(msg); + if (source_file[0]) fprintf(stderr, "%s:%ld:", source_file, source_lineno); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.0/ru/checkmodule.8 new/checkpolicy-3.1/ru/checkmodule.8 --- old/checkpolicy-3.0/ru/checkmodule.8 2019-11-28 13:46:48.000000000 +0100 +++ new/checkpolicy-3.1/ru/checkmodule.8 2020-07-10 17:17:15.000000000 +0200 @@ -50,7 +50,7 @@ .SH АВТОРЫ -Эта страница руководства была скопирована со страницы руководства checkpolicy, написанной Arpad Magosanyi <[email protected]>, +Эта страница руководства была скопирована со страницы руководства checkpolicy, написанной Árpád Magosányi <[email protected]>, и отредактирована Dan Walsh <[email protected]>. Программа была написана Stephen Smalley <[email protected]>. -Перевод на русский язык выполнила Герасименко Олеся <[email protected]>. +Перевод на русский язык выполнила Олеся Герасименко <[email protected]>. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.0/ru/checkpolicy.8 new/checkpolicy-3.1/ru/checkpolicy.8 --- old/checkpolicy-3.0/ru/checkpolicy.8 2019-11-28 13:46:48.000000000 +0100 +++ new/checkpolicy-3.1/ru/checkpolicy.8 2020-07-10 17:17:15.000000000 +0200 @@ -54,7 +54,7 @@ Документация SELinux Reference Policy по адресу https://github.com/SELinuxProject/refpolicy/wiki .SH АВТОРЫ -Эта страница руководства была написана Arpad Magosanyi <[email protected]>, +Эта страница руководства была написана Árpád Magosányi <[email protected]>, и отредактирована Stephen Smalley <[email protected]>. Программа была написана Stephen Smalley <[email protected]>. -Перевод на русский язык выполнила Герасименко Олеся <[email protected]>. +Перевод на русский язык выполнила Олеся Герасименко <[email protected]>. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.0/test/dismod.c new/checkpolicy-3.1/test/dismod.c --- old/checkpolicy-3.0/test/dismod.c 2019-11-28 13:46:48.000000000 +0100 +++ new/checkpolicy-3.1/test/dismod.c 2020-07-10 17:17:15.000000000 +0200 @@ -30,7 +30,6 @@ #include <sepol/policydb/policydb.h> #include <sepol/policydb/services.h> #include <sepol/policydb/conditional.h> -#include <sepol/policydb/flask.h> #include <sepol/policydb/link.h> #include <sepol/policydb/module.h> #include <sepol/policydb/util.h> @@ -445,8 +444,8 @@ user = p->p_user_val_to_name[cur->context[0].user - 1]; role = p->p_role_val_to_name[cur->context[0].role - 1]; type = p->p_type_val_to_name[cur->context[0].type - 1]; - fprintf(fp, "\t%s: sid %d, context %s:%s:%s\n", - cur->u.name, cur->sid[0], user, role, type); + fprintf(fp, "\tsid %d, context %s:%s:%s\n", + cur->sid[0], user, role, type); } #if 0 fprintf(fp, "Policy Initial SIDs:\n");
