Hello community, here is the log from the commit of package libselinux for openSUSE:Factory checked in at 2016-07-18 21:16:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libselinux (Old) and /work/SRC/openSUSE:Factory/.libselinux.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libselinux" Changes: -------- --- /work/SRC/openSUSE:Factory/libselinux/libselinux-bindings.changes 2015-05-30 12:32:57.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libselinux.new/libselinux-bindings.changes 2016-07-18 21:16:41.000000000 +0200 @@ -1,0 +2,70 @@ +Thu Jul 14 07:59:04 UTC 2016 - jseg...@novell.com + +- Adjusted source link + +------------------------------------------------------------------- +Tue Jul 5 16:44:44 UTC 2016 - i...@marguerite.su + +- add patch: python-selinux-swig-3.10.patch, fixed boo#985368 + * swig-3.10 in Factory use importlib instead of imp to find + _selinux.so. imp searched the same directory as __init__.py + is while importlib searchs only standard paths. so we have + to move _selinux.so. fixed by upstream +- update version 2.5 + * Add selinux_restorecon function + * read_spec_entry: fail on non-ascii + * Add man information about thread specific functions + * Don't wrap rpm_execcon with DISABLE_RPM with SWIG + * Correct line count for property and service context files + * label_file: fix memory leaks and uninitialized jump + * Replace selabel_digest hash function + * Fix selabel_open(3) services if no digest requested + * Add selabel_digest function + * Flush the class/perm string mapping cache on policy reload + * Fix restorecon when path has no context + * Free memory when processing media and x specfiles + * Fix mmap memory release for file labeling + * Add policy context validation to sefcontext_compile + * Do not treat an empty file_contexts(.local) as an error + * Fail hard on invalid property_contexts entries + * Fail hard on invalid file_contexts entries + * Support context validation on file_contexts.bin + * Add selabel_cmp interface and label_file backend + * Support specifying file_contexts.bin file path + * Support file_contexts.bin without file_contexts + * Simplify procattr cache + * Use /proc/thread-self when available + * Add const to selinux_opt for label backends + * Fix binary file labels for regexes with metachars + * Fix file labels for regexes with metachars + * Fix if file_contexts not '\n' terminated + * Enhance file context support + * Fix property processing and cleanup formatting + * Add read_spec_entries function to replace sscanf + * Support consistent mode size for bin files + * Fix more bin file processing core dumps + * add selinux_openssh_contexts_path() + * setrans_client: minimize overhead when mcstransd is not present + * Ensure selabel_lookup_best_match links NULL terminated + * Fix core dumps with corrupt *.bin files + * Add selabel partial and best match APIs + * Use os.walk() instead of the deprecated os.path.walk() + * Remove deprecated mudflap option + * Mount procfs before checking /proc/filesystems + * Fix -Wformat errors with gcc-5.0.0 + * label_file: handle newlines in file names + * Fix audit2why error handling if SELinux is disabled + * pcre_study can return NULL without error + * Only check SELinux enabled status once in selinux_check_access +- changes in 2.4 + * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR + * Fix bugs found by hardened gcc flags + * Set the system to permissive if failing to disable SELinux because + policy has already been loaded + * Add db_exception and db_datatype support to label_db backend + * Log an error on unknown classes and permissions + * Add pcre version string to the compiled file_contexts format + * Deprecate use of flask.h and av_permissions.h + * Compiled file_context files and the original should have the same DAC + permissions +------------------------------------------------------------------- @@ -5,0 +76,7 @@ + +------------------------------------------------------------------- +Sun May 18 00:15:17 UTC 2014 - crrodrig...@opensuse.org + +- Update to version 2.3 +* Get rid of security_context_t and fix const declarations. +* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover. --- /work/SRC/openSUSE:Factory/libselinux/libselinux.changes 2014-09-09 18:59:20.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libselinux.new/libselinux.changes 2016-07-18 21:16:41.000000000 +0200 @@ -1,0 +2,76 @@ +Thu Jul 14 07:58:49 UTC 2016 - jseg...@novell.com + +- Adjusted source link + +------------------------------------------------------------------- +Tue Jul 5 16:42:03 UTC 2016 - i...@marguerite.su + +- add patch: python-selinux-swig-3.10.patch, fixed boo#985368 + * swig-3.10 in Factory use importlib instead of imp to find + _selinux.so. imp searched the same directory as __init__.py + is while importlib searchs only standard paths. so we have + to move _selinux.so. fixed by upstream +- update version 2.5 + * Add selinux_restorecon function + * read_spec_entry: fail on non-ascii + * Add man information about thread specific functions + * Don't wrap rpm_execcon with DISABLE_RPM with SWIG + * Correct line count for property and service context files + * label_file: fix memory leaks and uninitialized jump + * Replace selabel_digest hash function + * Fix selabel_open(3) services if no digest requested + * Add selabel_digest function + * Flush the class/perm string mapping cache on policy reload + * Fix restorecon when path has no context + * Free memory when processing media and x specfiles + * Fix mmap memory release for file labeling + * Add policy context validation to sefcontext_compile + * Do not treat an empty file_contexts(.local) as an error + * Fail hard on invalid property_contexts entries + * Fail hard on invalid file_contexts entries + * Support context validation on file_contexts.bin + * Add selabel_cmp interface and label_file backend + * Support specifying file_contexts.bin file path + * Support file_contexts.bin without file_contexts + * Simplify procattr cache + * Use /proc/thread-self when available + * Add const to selinux_opt for label backends + * Fix binary file labels for regexes with metachars + * Fix file labels for regexes with metachars + * Fix if file_contexts not '\n' terminated + * Enhance file context support + * Fix property processing and cleanup formatting + * Add read_spec_entries function to replace sscanf + * Support consistent mode size for bin files + * Fix more bin file processing core dumps + * add selinux_openssh_contexts_path() + * setrans_client: minimize overhead when mcstransd is not present + * Ensure selabel_lookup_best_match links NULL terminated + * Fix core dumps with corrupt *.bin files + * Add selabel partial and best match APIs + * Use os.walk() instead of the deprecated os.path.walk() + * Remove deprecated mudflap option + * Mount procfs before checking /proc/filesystems + * Fix -Wformat errors with gcc-5.0.0 + * label_file: handle newlines in file names + * Fix audit2why error handling if SELinux is disabled + * pcre_study can return NULL without error + * Only check SELinux enabled status once in selinux_check_access +- changes in 2.4 + * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR + * Fix bugs found by hardened gcc flags + * Set the system to permissive if failing to disable SELinux because + policy has already been loaded + * Add db_exception and db_datatype support to label_db backend + * Log an error on unknown classes and permissions + * Add pcre version string to the compiled file_contexts format + * Deprecate use of flask.h and av_permissions.h + * Compiled file_context files and the original should have the same DAC + permissions + +------------------------------------------------------------------- +Thu Jul 30 12:00:27 UTC 2015 - jseg...@novell.com + +- fixed selinux-ready to work with initrd files created by dracut (bsc#940006) + +------------------------------------------------------------------- Old: ---- libselinux-2.3.tar.gz New: ---- libselinux-2.5.tar.gz python-selinux-swig-3.10.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libselinux-bindings.spec ++++++ --- /var/tmp/diff_new_pack.rgRxM7/_old 2016-07-18 21:16:43.000000000 +0200 +++ /var/tmp/diff_new_pack.rgRxM7/_new 2016-07-18 21:16:43.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package libselinux-bindings # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,10 +16,10 @@ # -%define libsepol_ver 2.3 +%define libsepol_ver 2.5 Name: libselinux-bindings -Version: 2.3 +Version: 2.5 Release: 0 Url: http://userspace.selinuxproject.org/ Summary: SELinux library and simple utilities @@ -27,10 +27,12 @@ Group: System/Libraries # embedded is the MD5 -Source: http://userspace.selinuxproject.org/releases/20140506/libselinux-%{version}.tar.gz +Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libselinux-%{version}.tar.gz Source1: selinux-ready Source2: baselibs.conf Patch1: libselinux-2.2-ruby.patch +# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path +Patch2: python-selinux-swig-3.10.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libsepol-devel-static >= %{libsepol_ver} BuildRequires: pcre-devel @@ -106,6 +108,7 @@ %prep %setup -q -n libselinux-%{version} %patch1 +%patch2 -p1 %build make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src @@ -122,6 +125,7 @@ %files -n python-selinux %defattr(-,root,root,-) %dir %{py_sitedir}/selinux +%{py_sitedir}/_selinux.so %{py_sitedir}/selinux/* %files -n ruby-selinux ++++++ libselinux.spec ++++++ --- /var/tmp/diff_new_pack.rgRxM7/_old 2016-07-18 21:16:43.000000000 +0200 +++ /var/tmp/diff_new_pack.rgRxM7/_new 2016-07-18 21:16:43.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package libselinux # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,20 +16,22 @@ # -%define libsepol_ver 2.3 +%define libsepol_ver 2.5 Name: libselinux -Version: 2.3 +Version: 2.5 Release: 0 Url: http://userspace.selinuxproject.org/ Summary: SELinux library and simple utilities License: GPL-2.0 and SUSE-Public-Domain Group: System/Libraries -Source: http://userspace.selinuxproject.org/releases/20140506/%{name}-%{version}.tar.gz +Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/%{name}-%{version}.tar.gz Source1: selinux-ready Source2: baselibs.conf Patch1: %{name}-2.2-ruby.patch +# PATCH-FIX-UPSTREAM swig-3.10 use importlib which not search the directory __init__.py is in but standard path +Patch2: python-selinux-swig-3.10.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: fdupes BuildRequires: libsepol-devel >= %{libsepol_ver} @@ -120,6 +122,7 @@ %prep %setup -q %patch1 +%patch2 -p1 %build make %{?_smp_mflags} LIBDIR="%{_libdir}" CC="%{__cc}" CFLAGS="$RPM_OPT_FLAGS" @@ -159,11 +162,16 @@ %{_sbindir}/getenforce %{_sbindir}/getsebool %{_sbindir}/matchpathcon +%{_sbindir}/selabel_digest +%{_sbindir}/selabel_lookup +%{_sbindir}/selabel_lookup_best_match +%{_sbindir}/selabel_partial_match %{_sbindir}/selinuxconlist %{_sbindir}/selinuxdefcon %{_sbindir}/selinuxenabled %{_sbindir}/setenforce %{_sbindir}/togglesebool +%{_sbindir}/selinux_restorecon %{_sbindir}/selinux-ready %{_sbindir}/selinuxexeccon %{_sbindir}/sefcontext_compile ++++++ libselinux-2.3.tar.gz -> libselinux-2.5.tar.gz ++++++ ++++ 7570 lines of diff (skipped) ++++++ python-selinux-swig-3.10.patch ++++++ Index: b/src/Makefile =================================================================== --- a/src/Makefile +++ b/src/Makefile @@ -155,7 +155,7 @@ install: all install-pywrap: pywrap test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux - install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/selinux/_selinux.so + install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/_selinux.so install -m 755 $(AUDIT2WHYSO) $(PYLIBDIR)/site-packages/selinux/audit2why.so install -m 644 $(SWIGPYOUT) $(PYLIBDIR)/site-packages/selinux/__init__.py ++++++ selinux-ready ++++++ --- /var/tmp/diff_new_pack.rgRxM7/_old 2016-07-18 21:16:43.000000000 +0200 +++ /var/tmp/diff_new_pack.rgRxM7/_new 2016-07-18 21:16:43.000000000 +0200 @@ -113,6 +113,8 @@ case $INITRD_FORMAT in 'XZ' ) xz -d -c $TD/$INITRD | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;; + 'ASCII' ) + /usr/lib/dracut/skipcpio $TD/$INITRD | xz -d | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;; 'gzip' ) gzip -d -c $TD/$INITRD | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;; * )