Hello community,
here is the log from the commit of package libsepol for openSUSE:Factory
checked in at 2016-07-18 21:17:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libsepol (Old)
and /work/SRC/openSUSE:Factory/.libsepol.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsepol"
Changes:
--------
--- /work/SRC/openSUSE:Factory/libsepol/libsepol.changes 2014-05-22
20:38:57.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.libsepol.new/libsepol.changes 2016-07-18
21:17:22.000000000 +0200
@@ -1,0 +2,74 @@
+Thu Jul 14 14:38:09 UTC 2016 - mplus...@suse.com
+
+- Cleanup spec file with spec-cleaner
+- Make spec file a bit more easy
+- Ship new supbackage (-tools)
+
+-------------------------------------------------------------------
+Thu Jul 14 14:21:46 UTC 2016 - jseg...@novell.com
+
+- Without bug number no submit to SLE 12 SP2 is possible, so to make
+ sle-changelog-checker happy: bsc#988977
+
+-------------------------------------------------------------------
+Thu Jul 14 07:57:35 UTC 2016 - jseg...@novell.com
+
+- Adjusted source link
+
+-------------------------------------------------------------------
+Tue Jul 5 17:11:44 UTC 2016 - i...@marguerite.su
+
+- update version 2.5
+ * Fix unused variable annotations
+ * Fix uninitialized variable in CIL
+ * Validate extended avrules and permissionxs in CIL
+ * Add support in CIL for neverallowx
+ * Fully expand neverallowxperm rules
+ * Add support for unordered classes to CIL
+ * Add neverallow support for ioctl extended permissions
+ * Improve CIL block and macro call recursion detection
+ * Fix CIL uninitialized false positive in cil_binary
+ * Provide error in CIL if classperms are empty
+ * Add userattribute{set} functionality to CIL
+ * fix CIL blockinherit copying segfault and add macro restrictions
+ * fix CIL NULL pointer dereference when copying classpermission/set
+ * Add CIL support for ioctl whitelists
+ * Fix memory leak when destroying avtab
+ * Replace sscanf in module_to_cil
+ * Improve CIL resolution error messages
+ * Fix policydb_read for policy versions < 24
+ * Added CIL bounds checking and refactored CIL Neverallow checking
+ * Refactored libsepol Neverallow and bounds (hierarchy) checking
+ * Treat types like an attribute in the attr_type_map
+ * Add new ebitmap function named ebitmap_match_any()
+ * switch operations to extended perms
+ * Write auditadm_r and secadm_r roles to base module when writing CIL
+ * Fix module to CIL to only associate declared roleattributes with in-scope
types
+ * Don't allow categories/sensitivities inside blocks in CIL
+ * Replace fmemopen() with internal function in libsepol
+ * Verify users prior to evaluating users in cil
+ * Binary modules do not support ioctl rules
+ * Add support for ioctl command whitelisting
+ * Don't use symbol versioning for static object files
+ * Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(),
+ and sepol_ppfile_to_module_package()
+ * Move secilc out of libsepol
+ * fix building Xen policy with devicetreecon, and add devicetreecon
+ CIL documentation
+ * bool_copy_callback set state on creation
+ * Add device tree ocontext nodes to Xen policy
+ * Widen Xen IOMEM context entries
+ * Fix error path in mls_semantic_level_expand()
+ * Update to latest CIL, includes new name resolution and fixes ordering
+ issues with blockinherit statements, and bug fixes
+- changes in 2.4
+ * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
+ * Fix bugs found by hardened gcc flags
+ * Build CIL into libsepol. libsepol can be built without CIL by setting the
+ DISABLE_CIL flag to 'y'
+ * Add an API function to set target_platform
+ * Report all neverallow violations
+ * Improve check_assertions performance
+ * Allow libsepol C++ static library on device
+
+-------------------------------------------------------------------
Old:
----
libsepol-2.3.tar.gz
New:
----
libsepol-2.5.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libsepol.spec ++++++
--- /var/tmp/diff_new_pack.xpWN15/_old 2016-07-18 21:17:23.000000000 +0200
+++ /var/tmp/diff_new_pack.xpWN15/_new 2016-07-18 21:17:23.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libsepol
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,16 +17,17 @@
Name: libsepol
-Version: 2.3
+Version: 2.5
Release: 0
-Url: http://www.nsa.gov/selinux/
Summary: SELinux binary policy manipulation library
License: LGPL-2.1+
Group: System/Libraries
-Source:
http://userspace.selinuxproject.org/releases/20140506/%{name}-%{version}.tar.gz
+Url: http://www.nsa.gov/selinux/
+Source:
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/%{name}-%{version}.tar.gz
Source2: baselibs.conf
+BuildRequires: flex
+BuildRequires: pkgconfig
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-BuildRequires: pkg-config
%description
Security-enhanced Linux is a feature of the Linux(R) kernel and a
@@ -45,7 +46,26 @@
specific transformations on binary policies such as customizing policy
boolean settings.
+%package utils
+Summary: SELinux binary policy manipulation tools
+Group: System/Base
+%description utils
+Security-enhanced Linux is a feature of the Linux(R) kernel and a
+number of utilities with enhanced security functionality designed to
+add mandatory access controls to Linux. The Security-enhanced Linux
+kernel contains new architectural components originally developed to
+improve the security of the Flask operating system. These architectural
+components provide general support for the enforcement of many kinds of
+mandatory access control policies, including those based on the
+concepts of Type Enforcement(R), Role-based Access Control, and
+Multi-level Security.
+
+libsepol provides an API for the manipulation of SELinux binary
+policies. It is used by checkpolicy (the policy compiler) and similar
+tools, as well as by programs like load_policy that need to perform
+specific transformations on binary policies such as customizing policy
+boolean settings.
%package -n libsepol1
Summary: SELinux binary policy manipulation library
@@ -68,22 +88,18 @@
specific transformations on binary policies such as customizing policy
boolean settings.
-
-
%package devel
Summary: Development Include Files and Libraries for SELinux policy
manipulation
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libsepol1 = %{version}
-Requires: pkg-config
+Requires: pkgconfig
%description devel
The libsepol-devel package contains the libraries and header
files needed for developing applications that manipulate binary
policies.
-
-
%package devel-static
Summary: Development Include Files and Libraries for SELinux policy
manipulation
Group: Development/Libraries/C and C++
@@ -94,30 +110,26 @@
needed for developing applications that manipulate binary
policies.
-
-
%prep
%setup -q
%build
-make %{?_smp_mflags} CC="%{__cc}" CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS)"
+export CFLAGS="%{optflags}"
+make %{?_smp_mflags}
%install
-mkdir -p $RPM_BUILD_ROOT/%{_lib}
-mkdir -p $RPM_BUILD_ROOT%{_libdir}
-mkdir -p $RPM_BUILD_ROOT%{_includedir}
-mkdir -p $RPM_BUILD_ROOT%{_bindir}
-mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{3,8}
-make DESTDIR="$RPM_BUILD_ROOT" LIBDIR="$RPM_BUILD_ROOT%{_libdir}"
SHLIBDIR="$RPM_BUILD_ROOT/%{_lib}" install
-rm -f $RPM_BUILD_ROOT%{_bindir}/genpolbools
-rm -f $RPM_BUILD_ROOT%{_bindir}/genpolusers
-rm -f $RPM_BUILD_ROOT%{_bindir}/chkcon
-rm -rf $RPM_BUILD_ROOT%{_mandir}/man8
+make DESTDIR=%{buildroot} LIBDIR="%{buildroot}%{_libdir}"
SHLIBDIR="%{buildroot}/%{_lib}" install
%post -n libsepol1 -p /sbin/ldconfig
-
%postun -n libsepol1 -p /sbin/ldconfig
+%files utils
+%defattr(-,root,root)
+%{_bindir}/chkcon
+%{_mandir}/man8/chkcon.8%{ext_man}
+%{_mandir}/man8/genpolbools.8%{ext_man}
+%{_mandir}/man8/genpolusers.8%{ext_man}
+
%files -n libsepol1
%defattr(-,root,root)
/%{_lib}/libsepol.so.*
@@ -127,7 +139,9 @@
%{_libdir}/libsepol.so
%{_mandir}/man3/*
%dir %{_includedir}/sepol
+%dir %{_includedir}/sepol/cil
%{_includedir}/sepol/*.h
+%{_includedir}/sepol/cil/cil.h
%dir %{_includedir}/sepol/policydb
%{_includedir}/sepol/policydb/*.h
%{_libdir}/pkgconfig/libsepol.pc
++++++ libsepol-2.3.tar.gz -> libsepol-2.5.tar.gz ++++++
++++ 80989 lines of diff (skipped)
