Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libsemanage for openSUSE:Factory checked in at 2021-03-24 16:08:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsemanage (Old) and /work/SRC/openSUSE:Factory/.libsemanage.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsemanage" Wed Mar 24 16:08:58 2021 rev:50 rq:879861 version:3.2 Changes: -------- --- /work/SRC/openSUSE:Factory/libsemanage/libsemanage.changes 2020-10-06 17:09:25.001439511 +0200 +++ /work/SRC/openSUSE:Factory/.libsemanage.new.2401/libsemanage.changes 2021-03-24 16:09:05.671696101 +0100 @@ -1,0 +2,21 @@ +Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz <[email protected]> + +- Link to correct so version +- Minor spec file cleanups + +------------------------------------------------------------------- +Wed Mar 17 08:29:15 UTC 2021 - Johannes Segitz <[email protected]> + +- Move configuration file to separate libsemanage-conf package to allow + for parallel installation in future versions + +------------------------------------------------------------------- +Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz <[email protected]> + +- Update to version 3.2 + * dropped old and deprecated symbols and functions + libsemanage version was bumped to libsemanage.so.2 + * libsemanage tries to sync data to prevent empty files in SELinux module + store + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/libsemanage/python-semanage.changes 2020-10-06 17:09:26.045440412 +0200 +++ /work/SRC/openSUSE:Factory/.libsemanage.new.2401/python-semanage.changes 2021-03-24 16:09:05.727696160 +0100 @@ -1,0 +2,14 @@ +Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz <[email protected]> + +- Minor spec file cleanups + +------------------------------------------------------------------- +Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz <[email protected]> + +- Update to version 3.2 + * dropped old and deprecated symbols and functions + libsemanage version was bumped to libsemanage.so.2 + * libsemanage tries to sync data to prevent empty files in SELinux module + store + +------------------------------------------------------------------- Old: ---- libsemanage-3.1.tar.gz New: ---- libsemanage-3.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsemanage.spec ++++++ --- /var/tmp/diff_new_pack.x5ZxDD/_old 2021-03-24 16:09:06.475696945 +0100 +++ /var/tmp/diff_new_pack.x5ZxDD/_new 2021-03-24 16:09:06.479696949 +0100 @@ -1,7 +1,7 @@ # # spec file for package libsemanage # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,14 +16,17 @@ # +%define soversion 2 +%define libname libsemanage%{soversion} + Name: libsemanage -Version: 3.1 +Version: 3.2 Release: 0 Summary: SELinux policy management library License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ URL: https://github.com/SELinuxProject/selinux/wiki/Releases -Source: https://github.com/SELinuxProject/selinux/releases/download/20200710/%{name}-%{version}.tar.gz +Source: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz Source1: baselibs.conf Source2: semanage.conf # PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards @@ -37,7 +40,7 @@ BuildRequires: libselinux-devel BuildRequires: libsepol-devel BuildRequires: libustr-devel -BuildRequires: pkg-config +BuildRequires: pkgconfig %description libsemanage is the policy management library. Using libsepol and @@ -45,12 +48,13 @@ programs for loading policy and for checking whether the file_contexts configuration is valid. -%package -n libsemanage1 +%package -n %{libname} Summary: SELinux policy management library Group: System/Libraries Suggests: %{name}-migrate-store +Requires: %{name}-conf >= %{version} -%description -n libsemanage1 +%description -n %{libname} libsemanage is the policy management library. Using libsepol and libselinux to interact with the SELinux system, it also calls helper programs for loading policy and for checking whether the @@ -61,10 +65,20 @@ Type Enforcement, Role-based Access Control and Multi-Level Security.) +%package conf +Summary: Configuration for the SELinux policy management library +# before 3.1 the config file wasn't separated, so no parallel install is possible +Group: System/Libraries +Conflicts: %{name}1 <= 3.1 + +%description conf +Configuration file for libsemanage. Moved to a separate package to allow +parallel installation + %package devel Summary: Header files and libraries for SELinux's policy management libary Group: Development/Libraries/C and C++ -Requires: libsemanage1 = %{version} +Requires: %{libname} = %{version} Requires: libustr-devel %description devel @@ -98,9 +112,9 @@ %build %define _lto_cflags %{nil} -make %{?_smp_mflags} clean -make -j1 CFLAGS="%{optflags} -fno-semantic-interposition" CC="gcc" -make -j1 CFLAGS="%{optflags} -fno-semantic-interposition" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all +%make_build clean +%make_build CFLAGS="%{optflags} -fno-semantic-interposition" CC="gcc" +%make_build CFLAGS="%{optflags} -fno-semantic-interposition" LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_lib}" CC="gcc" all %install mkdir -p %{buildroot}/%{_lib} @@ -108,20 +122,22 @@ mkdir -p %{buildroot}%{_includedir} mkdir -p %{buildroot}%{_localstatedir}/lib/selinux %make_install LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" SHLIBDIR="%{_libdir}" -ln -sf %{_libdir}/libsemanage.so.1 %{buildroot}/%{_libdir}/libsemanage.so +ln -sf %{_libdir}/libsemanage.so.%{soversion} %{buildroot}/%{_libdir}/libsemanage.so cp %{SOURCE2} %{buildroot}%{_sysconfdir}/selinux/semanage.conf # Remove duplicate files %fdupes -s %{buildroot}%{_mandir} -%post -n libsemanage1 -p /sbin/ldconfig -%postun -n libsemanage1 -p /sbin/ldconfig +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig -%files -n libsemanage1 -%dir %{_sysconfdir}/selinux -%config(noreplace) %{_sysconfdir}/selinux/semanage.conf +%files -n %{libname} %{_libdir}/libsemanage.so.* %dir %{_localstatedir}/lib/selinux +%files conf +%dir %{_sysconfdir}/selinux +%config(noreplace) %{_sysconfdir}/selinux/semanage.conf + %files devel %{_libdir}/libsemanage.so %{_libdir}/pkgconfig/libsemanage.pc ++++++ python-semanage.spec ++++++ --- /var/tmp/diff_new_pack.x5ZxDD/_old 2021-03-24 16:09:06.495696966 +0100 +++ /var/tmp/diff_new_pack.x5ZxDD/_new 2021-03-24 16:09:06.499696970 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-semanage # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,15 +16,18 @@ # +%define soversion 2 +%define libname libsemanage%{soversion} + %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-semanage -Version: 3.1 +Version: 3.2 Release: 0 Summary: Python bindings for SELinux's policy management library License: LGPL-2.1-only Group: Development/Languages/Python URL: https://github.com/SELinuxProject/selinux -Source: https://github.com/SELinuxProject/selinux/releases/download/20200710/libsemanage-%{version}.tar.gz +Source: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz Source1: baselibs.conf # PATCH-FIX-UPSTREAM bsc#1133102 LTO: Update map file to include new symbols and remove wildcards # For now we need to disable this. This breaks e.g. shadow and also other packages in security:SELinux @@ -35,12 +38,12 @@ BuildRequires: flex BuildRequires: libbz2-devel BuildRequires: libselinux-devel -BuildRequires: libsepol-devel +BuildRequires: libsepol-devel >= 3.2 BuildRequires: libustr-devel BuildRequires: python-rpm-macros BuildRequires: swig # Ensure same version -Requires: libsemanage1 = %{version} +Requires: %{libname} = %{version} %python_subpackages %description @@ -54,10 +57,10 @@ %build %define _lto_cflags %{nil} -make %{?_smp_mflags} clean +%make_build clean %{python_expand # loop over possible pythons -make -j1 PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition" swigify -make -j1 PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition" \ +%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition" swigify +%make_build PYTHON=$python CFLAGS="%{optflags} -fno-semantic-interposition" \ LIBDIR="%{_libdir}" \ LIBEXECDIR="%{_libexecdir}" \ SHLIBDIR="%{_lib}" \ ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.x5ZxDD/_old 2021-03-24 16:09:06.523696995 +0100 +++ /var/tmp/diff_new_pack.x5ZxDD/_new 2021-03-24 16:09:06.523696995 +0100 @@ -1 +1 @@ -libsemanage1 +libsemanage2 ++++++ libsemanage-3.1.tar.gz -> libsemanage-3.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.1/VERSION new/libsemanage-3.2/VERSION --- old/libsemanage-3.1/VERSION 2020-07-10 17:17:15.000000000 +0200 +++ new/libsemanage-3.2/VERSION 2021-03-04 16:42:59.000000000 +0100 @@ -1 +1 @@ -3.1 +3.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.1/include/semanage/modules.h new/libsemanage-3.2/include/semanage/modules.h --- old/libsemanage-3.1/include/semanage/modules.h 2020-07-10 17:17:15.000000000 +0200 +++ new/libsemanage-3.2/include/semanage/modules.h 2021-03-04 16:42:59.000000000 +0100 @@ -33,7 +33,7 @@ */ extern int semanage_module_install(semanage_handle_t *, - char *module_data, size_t data_len, char *name, char *ext_lang); + char *module_data, size_t data_len, const char *name, const char *ext_lang); extern int semanage_module_install_file(semanage_handle_t *, const char *module_name); extern int semanage_module_remove(semanage_handle_t *, char *module_name); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.1/src/Makefile new/libsemanage-3.2/src/Makefile --- old/libsemanage-3.1/src/Makefile 2020-07-10 17:17:15.000000000 +0200 +++ new/libsemanage-3.2/src/Makefile 2021-03-04 16:42:59.000000000 +0100 @@ -32,7 +32,7 @@ YFLAGS = -d VERSION = $(shell cat ../VERSION) -LIBVERSION = 1 +LIBVERSION = 2 LIBA=libsemanage.a TARGET=libsemanage.so diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.1/src/direct_api.c new/libsemanage-3.2/src/direct_api.c --- old/libsemanage-3.1/src/direct_api.c 2020-07-10 17:17:15.000000000 +0200 +++ new/libsemanage-3.2/src/direct_api.c 2021-03-04 16:42:59.000000000 +0100 @@ -1951,6 +1951,7 @@ status = semanage_direct_remove_key(sh, &modkey); cleanup: + semanage_module_key_destroy(sh, &modkey); return status; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.1/src/libsemanage.map new/libsemanage-3.2/src/libsemanage.map --- old/libsemanage-3.1/src/libsemanage.map 2020-07-10 17:17:15.000000000 +0200 +++ new/libsemanage-3.2/src/libsemanage.map 2021-03-04 16:42:59.000000000 +0100 @@ -165,20 +165,13 @@ semanage_is_connected; semanage_is_managed; semanage_mls_enabled; - semanage_module_disable; - semanage_module_enable; - semanage_module_get_enabled; semanage_module_get_name; semanage_module_get_version; semanage_module_info_datum_destroy; - semanage_module_install; - semanage_module_install_base; - semanage_module_install_base_file; semanage_module_install_file; semanage_module_list; semanage_module_list_nth; semanage_module_remove; - semanage_module_upgrade; semanage_module_upgrade_file; semanage_msg_get_channel; semanage_msg_get_fname; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.1/src/modules.c new/libsemanage-3.2/src/modules.c --- old/libsemanage-3.1/src/modules.c 2020-07-10 17:17:15.000000000 +0200 +++ new/libsemanage-3.2/src/modules.c 2021-03-04 16:42:59.000000000 +0100 @@ -42,70 +42,7 @@ #include "modules.h" #include "debug.h" -asm(".symver semanage_module_get_enabled_1_1,semanage_module_get_enabled@@LIBSEMANAGE_1.1"); -asm(".symver semanage_module_get_enabled_1_0,semanage_module_get_enabled@LIBSEMANAGE_1.0"); -asm(".symver semanage_module_install_pp,semanage_module_install@LIBSEMANAGE_1.0"); -asm(".symver semanage_module_install_hll,semanage_module_install@@LIBSEMANAGE_1.1"); - -/* Takes a module stored in 'module_data' and parses its headers. - * Sets reference variables 'module_name' to module's name and - * 'version' to module's version. The caller is responsible for - * free()ing 'module_name' and 'version'; they will be - * set to NULL upon entering this function. Returns 0 on success, -1 - * if out of memory, or -2 if data did not represent a module. - */ -static int parse_module_headers(semanage_handle_t * sh, char *module_data, - size_t data_len, char **module_name, char **version) -{ - struct sepol_policy_file *pf; - int file_type; - *version = NULL; - - if (sepol_policy_file_create(&pf)) { - ERR(sh, "Out of memory!"); - return -1; - } - sepol_policy_file_set_mem(pf, module_data, data_len); - sepol_policy_file_set_handle(pf, sh->sepolh); - if (module_data == NULL || - data_len == 0 || - sepol_module_package_info(pf, &file_type, module_name, version) == -1) { - sepol_policy_file_free(pf); - ERR(sh, "Could not parse module data."); - return -2; - } - sepol_policy_file_free(pf); - if (file_type != SEPOL_POLICY_MOD) { - ERR(sh, "Data did not represent a pp module. Please upgrade to the latest version of libsemanage to support hll modules."); - return -2; - } - - return 0; -} - -/* This function is used to preserve ABI compatibility with - * versions of semodule using LIBSEMANAGE_1.0 - */ -int semanage_module_install_pp(semanage_handle_t * sh, - char *module_data, size_t data_len) -{ - char *name = NULL; - char *version = NULL; - int status; - - if ((status = parse_module_headers(sh, module_data, data_len, &name, &version)) != 0) { - goto cleanup; - } - - status = semanage_module_install_hll(sh, module_data, data_len, name, "pp"); - -cleanup: - free(name); - free(version); - return status; -} - -int semanage_module_install_hll(semanage_handle_t * sh, +int semanage_module_install(semanage_handle_t * sh, char *module_data, size_t data_len, const char *name, const char *ext_lang) { if (sh->funcs->install == NULL) { @@ -161,16 +98,6 @@ } /* Legacy function that remains to preserve ABI - * compatibility. Please use semanage_module_install instead. - */ -int semanage_module_upgrade(semanage_handle_t * sh, - char *module_data, size_t data_len) -{ - return semanage_module_install_pp(sh, module_data, data_len); - -} - -/* Legacy function that remains to preserve ABI * compatibility. Please use semanage_module_install_file instead. */ int semanage_module_upgrade_file(semanage_handle_t * sh, @@ -179,24 +106,6 @@ return semanage_module_install_file(sh, module_name); } -/* Legacy function that remains to preserve ABI - * compatibility. Please use semanage_module_install instead. - */ -int semanage_module_install_base(semanage_handle_t * sh, - char *module_data, size_t data_len) -{ - return semanage_module_install_pp(sh, module_data, data_len); -} - -/* Legacy function that remains to preserve ABI - * compatibility. Please use semanage_module_install_file instead. - */ -int semanage_module_install_base_file(semanage_handle_t * sh, - const char *module_name) -{ - return semanage_module_install_file(sh, module_name); -} - int semanage_module_remove(semanage_handle_t * sh, char *module_name) { if (sh->funcs->remove == NULL) { @@ -780,7 +689,7 @@ } -int semanage_module_get_enabled_1_1(semanage_handle_t *sh, +int semanage_module_get_enabled(semanage_handle_t *sh, const semanage_module_key_t *modkey, int *enabled) { @@ -800,11 +709,6 @@ return sh->funcs->get_enabled(sh, modkey, enabled); } -int semanage_module_get_enabled_1_0(semanage_module_info_t *modinfo) -{ - return modinfo->enabled; -} - int semanage_module_set_enabled(semanage_handle_t *sh, const semanage_module_key_t *modkey, int enabled) @@ -830,62 +734,6 @@ } -/* This function exists only for ABI compatibility. It has been deprecated and - * should not be used. Instead, use semanage_module_set_enabled() */ -int semanage_module_enable(semanage_handle_t *sh, char *module_name) -{ - int rc = -1; - semanage_module_key_t *modkey = NULL; - - rc = semanage_module_key_create(sh, &modkey); - if (rc != 0) - goto exit; - - rc = semanage_module_key_set_name(sh, modkey, module_name); - if (rc != 0) - goto exit; - - rc = semanage_module_set_enabled(sh, modkey, 1); - if (rc != 0) - goto exit; - - rc = 0; - -exit: - semanage_module_key_destroy(sh, modkey); - free(modkey); - - return rc; -} - -/* This function exists only for ABI compatibility. It has been deprecated and - * should not be used. Instead, use semanage_module_set_enabled() */ -int semanage_module_disable(semanage_handle_t *sh, char *module_name) -{ - int rc = -1; - semanage_module_key_t *modkey = NULL; - - rc = semanage_module_key_create(sh, &modkey); - if (rc != 0) - goto exit; - - rc = semanage_module_key_set_name(sh, modkey, module_name); - if (rc != 0) - goto exit; - - rc = semanage_module_set_enabled(sh, modkey, 0); - if (rc != 0) - goto exit; - - rc = 0; - -exit: - semanage_module_key_destroy(sh, modkey); - free(modkey); - - return rc; -} - /* Converts a string to a priority * * returns -1 if str is not a valid priority. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.1/src/modules.h new/libsemanage-3.2/src/modules.h --- old/libsemanage-3.1/src/modules.h 2020-07-10 17:17:15.000000000 +0200 +++ new/libsemanage-3.2/src/modules.h 2021-03-04 16:42:59.000000000 +0100 @@ -26,16 +26,9 @@ #include "semanage/modules.h" -int semanage_module_install_pp(semanage_handle_t * sh, - char *module_data, size_t data_len); -int semanage_module_install_hll(semanage_handle_t * sh, - char *module_data, size_t data_len, const char *name, const char *ext_lang); -int semanage_module_upgrade(semanage_handle_t * sh, - char *module_data, size_t data_len); + int semanage_module_upgrade_file(semanage_handle_t * sh, const char *module_name); -int semanage_module_install_base(semanage_handle_t * sh, - char *module_data, size_t data_len); int semanage_module_install_base_file(semanage_handle_t * sh, const char *module_name); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.1/src/semanage_store.c new/libsemanage-3.2/src/semanage_store.c --- old/libsemanage-3.1/src/semanage_store.c 2020-07-10 17:17:15.000000000 +0200 +++ new/libsemanage-3.2/src/semanage_store.c 2021-03-04 16:42:59.000000000 +0100 @@ -1736,6 +1736,19 @@ } close(fd); + /* sync changes in sandbox to filesystem */ + fd = open(sandbox, O_DIRECTORY); + if (fd == -1) { + ERR(sh, "Error while opening %s for syncfs(): %d", sandbox, errno); + return -1; + } + if (syncfs(fd) == -1) { + ERR(sh, "Error while syncing %s to filesystem: %d", sandbox, errno); + close(fd); + return -1; + } + close(fd); + retval = commit_number; if (semanage_get_active_lock(sh) < 0) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-3.1/src/semanageswig_python.i new/libsemanage-3.2/src/semanageswig_python.i --- old/libsemanage-3.1/src/semanageswig_python.i 2020-07-10 17:17:15.000000000 +0200 +++ new/libsemanage-3.2/src/semanageswig_python.i 2021-03-04 16:42:59.000000000 +0100 @@ -30,8 +30,6 @@ %} %include "stdint.i" -%ignore semanage_module_install_pp; -%ignore semanage_module_install_hll; %wrapper %{
