Package: release.debian.org
Severity: normal
X-Debbugs-Cc: policycoreut...@packages.debian.org
Control: affects -1 + src:policycoreutils
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package policycoreutils
[ Reason ]
With version 3.8.1-1 there are significant bugs in the remove-leaf-dirs
which allow it to work in the trivial cases (all test cases I used during
development) but fails badly in the case of upgrading from the Bookworm
version of selinux-policy-default to the Trixie version.
[ Impact ]
If the unblock isn't granted then every SE Linux user who upgrades to Trixie
will have to manually relabel the main directories (/etc /usr and /var).
If it is granted then things will just work and Trixie will be the first
release of Debian to allow a clean SE Linux upgrade which is a really good
thing for SE Linux users.
For people who don't have SE Linux enabled this will have no impact.
[ Tests ]
I have tested the upgrade of policy from from Bookworm to Trixie many times
and also passed a variety of test input to the script for corner cases.
[ Risks ]
There are no risks for systems which don't use SE Linux.
For systems running SE Linux the biggest risk is that 3.8.1-2 will perform as
badly as 3.8.1-1 (IE not relabeling).
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
(Anything else the release team should know.)
unblock policycoreutils/3.8.1-2
diff -Nru policycoreutils-3.8.1/debian/changelog
policycoreutils-3.8.1/debian/changelog
--- policycoreutils-3.8.1/debian/changelog 2025-03-16 19:41:42.000000000
+1100
+++ policycoreutils-3.8.1/debian/changelog 2025-08-08 00:48:14.000000000
+1000
@@ -1,3 +1,10 @@
+policycoreutils (3.8.1-2) unstable; urgency=medium
+
+ * Fixed remove-leaf-dirs, the previous code was badly broken and only
+ worked in trivial test cases. Needed for a clean upgrade to Trixie.
+
+ -- Russell Coker <russ...@coker.com.au> Fri, 08 Aug 2025 00:48:14 +1000
+
policycoreutils (3.8.1-1) unstable; urgency=medium
* New upstream release, just version change
diff -Nru policycoreutils-3.8.1/debian/remove-leaf-dirs
policycoreutils-3.8.1/debian/remove-leaf-dirs
--- policycoreutils-3.8.1/debian/remove-leaf-dirs 2025-02-06
23:27:23.000000000 +1100
+++ policycoreutils-3.8.1/debian/remove-leaf-dirs 2025-08-08
00:48:12.000000000 +1000
@@ -10,20 +10,20 @@
while(<STDIN>)
{
chomp;
- push(@arr, $_);
+ # strip "" and "/" to avoid problems
+ if(length($_) >1)
+ {
+ push(@arr, $_);
+ }
}
-my @sorted = sort { length($a) <=> length($b) } @arr;
-for(my $i = 0; $i < $#sorted; $i++)
+for(my $i = 0; $i <= $#arr; $i++)
{
- print "$sorted[$i]\n";
- for(my $j = $i + 1; $j <= $#sorted; $j++)
+ print "$arr[$i]\n";
+ my $stem = $arr[$i] . "/";
+ my $stemlen = length($arr[$i]) + 1;
+ while ($i + 1 <= $#arr and $stem eq substr($arr[$i + 1], 0, $stemlen))
{
- if($sorted[$i] . "/" eq substr($sorted[$j], 0, length($sorted[$i])+1))
- {
- splice(@sorted, $j, 1);
- $j--;
- }
+ splice(@arr, $i + 1, 1);
}
}
-print "$sorted[$#sorted]\n";
_______________________________________________
SELinux-devel mailing list
SELinux-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/selinux-devel
