commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2020-10-06 17:08:16
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new.4249 (New)
Package is "policycoreutils"
Tue Oct 6 17:08:16 2020 rev:56 rq:835124 version:3.1
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2020-06-05 20:08:40.161437663 +0200
+++
/work/SRC/openSUSE:Factory/.policycoreutils.new.4249/policycoreutils.changes
2020-10-06 17:10:10.165478520 +0200
@@ -1,0 +2,39 @@
+Thu Sep 10 09:00:45 UTC 2020 - Johannes Segitz
+
+- Add get_os_version.patch
+ get_os_version is implemented in a very RH/Fedora specific way.
+ Ensure that it returns a valid string for SUSE by changing the
+ default. Also remove the RH specific logic when generating HTML
+ versions of the SELinux documentation
+
+---
+Wed Jul 29 13:09:39 UTC 2020 - Thorsten Kukuk
+
+- Align more with Fedora spec file to get rid of python dependencies
+ in the core system
+ - create new python-utils sub-package
+ - move some tools to devel sub-package
+- Cleanup dependencies
+
+---
+Fri Jul 17 09:35:08 UTC 2020 - Johannes Segitz
+
+- Proper default permissions for newrole (4755)
+
+---
+Tue Jul 14 08:28:44 UTC 2020 - Johannes Segitz
+
+- Update to version 3.1
+ * New `setfiles -E` option - treat conflicting specifications as errors, such
+as where two hardlinks for the same inode have different contexts.
+ * `setsebool -V` reports errors from commit phase
+ * matchpathcon related interfaces are deprecated
+ * New `restorecon -x` option which prevents it from crossing file system
+ * boundaries.
+ * `sepolgen-ifgen` parses a gen_tunable statement as bool
+ * Removed Requires for python3-ipy as the ipaddress module is used. No
+requires for python-ipaddress as it's assumed this is used only on recent
+systems
+ * Drop chcat_join.patch, is upstream
+
+---
Old:
chcat_join.patch
policycoreutils-3.0.tar.gz
selinux-python-3.0.tar.gz
semodule-utils-3.0.tar.gz
New:
get_os_version.patch
policycoreutils-3.1.tar.gz
selinux-python-3.1.tar.gz
semodule-utils-3.1.tar.gz
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.grMClM/_old 2020-10-06 17:10:20.737487651 +0200
+++ /var/tmp/diff_new_pack.grMClM/_new 2020-10-06 17:10:20.745487658 +0200
@@ -17,13 +17,13 @@
%define libaudit_ver 2.2
-%define libsepol_ver 3.0
-%define libsemanage_ver 3.0
-%define libselinux_ver 3.0
+%define libsepol_ver 3.1
+%define libsemanage_ver 3.1
+%define libselinux_ver 3.1
%define setools_ver 4.1.1
-%define tstamp 20191204
+%define tstamp 20200710
Name: policycoreutils
-Version:3.0
+Version:3.1
Release:0
Summary:SELinux policy core utilities
License:GPL-2.0-or-later
@@ -41,7 +41,7 @@
Source9:newrole.pam
Patch0: make_targets.patch
Patch1: run_init_use_pam_keyinit.patch
-Patch2: chcat_join.patch
+Patch2: get_os_version.patch
BuildRequires: audit-devel >= %{libaudit_ver}
BuildRequires: bison
BuildRequires: dbus-1-glib-devel
@@ -61,25 +61,13 @@
BuildRequires: python-rpm-macros
BuildRequires: python3
BuildRequires: python3-setools >= %{setools_ver}
-BuildRequires: systemd-rpm-macros
BuildRequires: update-desktop-files
BuildRequires: xmlto
-Requires: checkpolicy
Requires: gawk
Requires: libsepol1 >= %{libsepol_ver}
-Requires: python3-%{name}
-Requires: python3-ipy
-Requires: python3-networkx
-Requires: python3-selinux
-Requires: python3-semanage
Requires: rpm
+Requires: selinux-tools
Requires: util-linux
-# we need selinuxenabled
-Requires(post): selinux-tools
-Requires(pre): %fillup_prereq
-Requires(pre): permissions
-Obsoletes: policycoreutils-python
-%{?systemd_requires}
%description
policycoreutils contains the policy core utilities that are required
@@ -102,15 +90,28 @@
Requires: checkpolicy
Requires: python3-audit >= %{libaudit_ver}
Requires: python3-selinux
+Requires: python3-semanage
Requires: python3-setools >= %{setools_ver}
Requires: python3-setuptools
Provides: policycoreutils-python = %{version}-%{release}
Obsoletes: policycoreutils-python < %{version}
+BuildArch: noarch
%d
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2020-06-05 20:04:49
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new.3606 (New)
Package is "policycoreutils"
Fri Jun 5 20:04:49 2020 rev:55 rq:811387 version:3.0
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2020-03-11 18:34:21.942973009 +0100
+++
/work/SRC/openSUSE:Factory/.policycoreutils.new.3606/policycoreutils.changes
2020-06-05 20:08:40.161437663 +0200
@@ -1,0 +2,14 @@
+Thu Jun 4 10:13:21 UTC 2020 - Dominique Leuenberger
+
+- Pass the right value for LIBEXECDIR to make / make install
+ instead of trying to move the file around post install. This
+ caters for the planned change of libexecdir to change from
+ /usr/lib to /usr/libexec by injecting the right value no matter
+ what.
+
+---
+Fri May 29 09:29:26 UTC 2020 - Johannes Segitz
+
+- Move pp binary to libexec directory instead of lib
+
+---
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.9xmoh4/_old 2020-06-05 20:08:42.229444559 +0200
+++ /var/tmp/diff_new_pack.9xmoh4/_new 2020-06-05 20:08:42.229444559 +0200
@@ -167,7 +167,7 @@
%build
export PYTHON="python3" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE"
LDFLAGS="-pie -Wl,-z,relro"
-make %{?_smp_mflags}
+make %{?_smp_mflags} LIBEXECDIR="%{_libexecdir}"
%install
export PYTHON="python3"
@@ -179,7 +179,7 @@
mkdir -p %{buildroot}%{_mandir}/man8
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
-make LSPP_PRIV=y DESTDIR=%{buildroot} install
+make LSPP_PRIV=y DESTDIR=%{buildroot} install LIBEXECDIR=%{_libexecdir}
install -D -m 644 %{SOURCE2}
%{buildroot}%{_datadir}/pixmaps/system-config-selinux.png
install -m 644 %{SOURCE4}
%{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
@@ -192,7 +192,6 @@
mkdir -p %{buildroot}%{_libexecdir}/selinux/hll/
mkdir -p %{buildroot}%{_localstatedir}/lib/sepolgen
cp %{python3_sitearch}/setools/perm_map
%{buildroot}%{_localstatedir}/lib/sepolgen
-mv %{buildroot}%{_prefix}/libexec/selinux/hll/pp
%{buildroot}%{_libexecdir}/selinux/hll/pp
%suse_update_desktop_file -i system-config-selinux System Security Settings
%suse_update_desktop_file -i selinux-polgengui System Security Settings
%find_lang %{name}
@@ -239,9 +238,9 @@
%{_sbindir}/semanage
%{_sbindir}/fixfiles
%{_sbindir}/load_policy
+%dir %{_localstatedir}/lib/sepolgen
%dir %{_libexecdir}/selinux
%dir %{_libexecdir}/selinux/hll
-%dir %{_localstatedir}/lib/sepolgen
%{_libexecdir}/selinux/hll/pp
%{_sbindir}/genhomedircon
%{_sbindir}/setsebool
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2020-03-11 18:33:33
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new.3160 (New)
Package is "policycoreutils"
Wed Mar 11 18:33:33 2020 rev:54 rq:782826 version:3.0
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2019-12-24 14:29:17.690556343 +0100
+++
/work/SRC/openSUSE:Factory/.policycoreutils.new.3160/policycoreutils.changes
2020-03-11 18:34:21.942973009 +0100
@@ -1,0 +2,32 @@
+Mon Mar 9 08:31:11 UTC 2020 - Johannes Segitz
+
+- Dropped Recommends: for %{name}-lang and %{name}-devel. Not
+ allowed by openSUSE guidelines
+
+---
+Tue Mar 3 12:30:55 UTC 2020 - Johannes Segitz
+
+- Update to version 3.0
+ * fixfiles: Fix "verify" option
+ * fixfiles: Fix [-B] [-F] onboot
+ * fixfiles: Force full relabel when SELinux is disabled
+ * semodule: Enable CIL logging
+ * semanage: Add support for DCCP and SCTP protocols
+ * semanage: Do not use default s0 range in "semanage login -a"
+ * semanage: Document DCCP and SCTP support
+ * semanage: Improve handling of "permissive" statements
+ * semanage: fix moduleRecords.customized()
+ Refreshed chcat_join.patch
+
+---
+Thu Feb 27 16:03:36 UTC 2020 - Johannes Segitz
+
+- Ship working pam config for newrole (bsc#1163020)
+- Recommend policycoreutils-devel to have perm_map file available
+
+---
+Wed Feb 19 14:31:39 UTC 2020 - Johannes Segitz
+
+- Package perm_map as it's used by audit2* tools
+
+---
Old:
policycoreutils-2.9.tar.gz
selinux-python-2.9.tar.gz
semodule-utils-2.9.tar.gz
New:
newrole.pam
policycoreutils-3.0.tar.gz
selinux-python-3.0.tar.gz
semodule-utils-3.0.tar.gz
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.U20k7w/_old 2020-03-11 18:34:24.370974499 +0100
+++ /var/tmp/diff_new_pack.U20k7w/_new 2020-03-11 18:34:24.370974499 +0100
@@ -1,7 +1,7 @@
#
# spec file for package policycoreutils
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,13 +17,13 @@
%define libaudit_ver 2.2
-%define libsepol_ver 2.9
-%define libsemanage_ver 2.9
-%define libselinux_ver 2.9
+%define libsepol_ver 3.0
+%define libsemanage_ver 3.0
+%define libselinux_ver 3.0
%define setools_ver 4.1.1
-%define tstamp 20190315
+%define tstamp 20191204
Name: policycoreutils
-Version:2.9
+Version:3.0
Release:0
Summary:SELinux policy core utilities
License:GPL-2.0-or-later
@@ -38,6 +38,7 @@
Source6:selinux-polgengui.desktop
Source7:selinux-polgengui.console
Source8:
https://github.com/SELinuxProject/selinux/releases/download/%{tstamp}/semodule-utils-%{version}.tar.gz
+Source9:newrole.pam
Patch0: make_targets.patch
Patch1: run_init_use_pam_keyinit.patch
Patch2: chcat_join.patch
@@ -59,6 +60,7 @@
BuildRequires: polkit
BuildRequires: python-rpm-macros
BuildRequires: python3
+BuildRequires: python3-setools >= %{setools_ver}
BuildRequires: systemd-rpm-macros
BuildRequires: update-desktop-files
BuildRequires: xmlto
@@ -76,7 +78,6 @@
Requires(post): selinux-tools
Requires(pre): %fillup_prereq
Requires(pre): permissions
-Recommends: %{name}-lang
Obsoletes: policycoreutils-python
%{?systemd_requires}
@@ -190,6 +191,7 @@
mkdir -p %{buildroot}%{_fillupdir}/
mkdir -p %{buildroot}%{_libexecdir}/selinux/hll/
mkdir -p %{buildroot}%{_localstatedir}/lib/sepolgen
+cp %{python3_sitearch}/setools/perm_map
%{buildroot}%{_localstatedir}/lib/sepolgen
mv %{buildroot}%{_prefix}/libexec/selinux/hll/pp
%{buildroot}%{_libexecdir}/selinux/hll/pp
%suse_update_desktop_file -i system-config-selinux System Security Settings
%suse_update_desktop_file -i selinux-polgengui System Security Settings
@@ -207,6 +209,7 @@
%{buildroot}%{_datadir}/applications/system-config-selinux.desktop \
%{buildroot}%{_datadir}/pixmaps/system-config-selinux.png
%endif
+cp -f %{SOURCE9} %{buildroot}%{_sysconfdir}/pam.d/newrole
%post -n python3-%{name}
selinuxenabled && [ -f %{_datadir}/selinux/devel/include/build.conf ] &&
%{_bindir}/sepolgen-ifgen 2>
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2019-12-24 14:29:14
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new.6675 (New)
Package is "policycoreutils"
Tue Dec 24 14:29:14 2019 rev:53 rq:757540 version:2.9
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2019-09-25 01:46:13.733604624 +0200
+++
/work/SRC/openSUSE:Factory/.policycoreutils.new.6675/policycoreutils.changes
2019-12-24 14:29:17.690556343 +0100
@@ -1,0 +2,6 @@
+Tue Dec 17 10:36:49 UTC 2019 - Johannes Segitz
+
+- Added chcat_join.patch to prevent joining non-existing categories
+ (bsc#1159262)
+
+---
New:
chcat_join.patch
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.cDfUcg/_old 2019-12-24 14:29:18.594556781 +0100
+++ /var/tmp/diff_new_pack.cDfUcg/_new 2019-12-24 14:29:18.594556781 +0100
@@ -40,6 +40,7 @@
Source8:
https://github.com/SELinuxProject/selinux/releases/download/%{tstamp}/semodule-utils-%{version}.tar.gz
Patch0: make_targets.patch
Patch1: run_init_use_pam_keyinit.patch
+Patch2: chcat_join.patch
BuildRequires: audit-devel >= %{libaudit_ver}
BuildRequires: bison
BuildRequires: dbus-1-glib-devel
@@ -159,6 +160,7 @@
semodule_utils_pwd="$PWD/semodule-utils-%{version}"
%patch0 -p1
%patch1 -p1
+%patch2 -p1
mv ${setools_python_pwd}/audit2allow ${setools_python_pwd}/chcat
${setools_python_pwd}/semanage ${setools_python_pwd}/sepolgen
${setools_python_pwd}/sepolicy .
mv ${semodule_utils_pwd}/semodule_expand ${semodule_utils_pwd}/semodule_link
${semodule_utils_pwd}/semodule_package .
++ chcat_join.patch ++
Index: policycoreutils-2.9/selinux-python-2.9/chcat/chcat
===
--- policycoreutils-2.9.orig/selinux-python-2.9/chcat/chcat 2019-03-15
10:32:30.0 +
+++ policycoreutils-2.9/selinux-python-2.9/chcat/chcat 2019-12-17
10:31:24.683910599 +
@@ -246,7 +246,10 @@ def chcat_user_replace(newcat, users):
add_ind = 1
user = seusers["__default__"]
serange = user[1].split("-")
-new_serange = "%s-%s:%s" % (serange[0], newcat[0],
",".join(newcat[1:]))
+if len(newcat[1:]) > 0:
+new_serange = "%s-%s:%s" % (serange[0], newcat[0],
",".join(newcat[1:]))
+else:
+new_serange = "%s-%s" % (serange[0], newcat[0])
if new_serange[-1:] == ":":
new_serange = new_serange[:-1]
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2019-09-25 01:46:12
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new.7948 (New)
Package is "policycoreutils"
Wed Sep 25 01:46:12 2019 rev:52 rq:731857 version:2.9
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2019-05-03 22:23:33.483936738 +0200
+++
/work/SRC/openSUSE:Factory/.policycoreutils.new.7948/policycoreutils.changes
2019-09-25 01:46:13.733604624 +0200
@@ -1,0 +2,6 @@
+Wed Sep 18 11:19:12 UTC 2019 - Johannes Segitz
+
+- Added run_init_use_pam_keyinit.patch
+ Added pam_keyinit to the run_init pam config (bsc#1144052)
+
+---
New:
run_init_use_pam_keyinit.patch
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.0XgOjO/_old 2019-09-25 01:46:14.921604607 +0200
+++ /var/tmp/diff_new_pack.0XgOjO/_new 2019-09-25 01:46:14.925604606 +0200
@@ -39,6 +39,7 @@
Source7:selinux-polgengui.console
Source8:
https://github.com/SELinuxProject/selinux/releases/download/%{tstamp}/semodule-utils-%{version}.tar.gz
Patch0: make_targets.patch
+Patch1: run_init_use_pam_keyinit.patch
BuildRequires: audit-devel >= %{libaudit_ver}
BuildRequires: bison
BuildRequires: dbus-1-glib-devel
@@ -157,6 +158,7 @@
setools_python_pwd="$PWD/selinux-python-%{version}"
semodule_utils_pwd="$PWD/semodule-utils-%{version}"
%patch0 -p1
+%patch1 -p1
mv ${setools_python_pwd}/audit2allow ${setools_python_pwd}/chcat
${setools_python_pwd}/semanage ${setools_python_pwd}/sepolgen
${setools_python_pwd}/sepolicy .
mv ${semodule_utils_pwd}/semodule_expand ${semodule_utils_pwd}/semodule_link
${semodule_utils_pwd}/semodule_package .
++ run_init_use_pam_keyinit.patch ++
Index: policycoreutils-2.9/run_init/run_init.pamd
===
--- policycoreutils-2.9.orig/run_init/run_init.pamd 2019-03-15
10:32:30.0 +
+++ policycoreutils-2.9/run_init/run_init.pamd 2019-09-18 11:18:44.590723544
+
@@ -6,3 +6,4 @@ accountinclude system-auth
password include system-auth
sessioninclude system-auth
sessionoptionalpam_xauth.so
+sessionoptional pam_keyinit.so revoke [force]
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2019-05-03 22:23:32
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new.5148 (New)
Package is "policycoreutils"
Fri May 3 22:23:32 2019 rev:51 rq:699822 version:2.9
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2019-03-24 14:55:36.763210864 +0100
+++
/work/SRC/openSUSE:Factory/.policycoreutils.new.5148/policycoreutils.changes
2019-05-03 22:23:33.483936738 +0200
@@ -48,0 +49,5 @@
+Tue Feb 5 15:27:55 UTC 2019 - Jan Engelhardt
+
+- Replace overly complicated %setup calls.
+
+---
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.npjiP5/_old 2019-05-03 22:23:34.111934192 +0200
+++ /var/tmp/diff_new_pack.npjiP5/_new 2019-05-03 22:23:34.111934192 +0200
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -153,11 +153,9 @@
%endif
%prep
-%setup -q -T -D -b 1 -n selinux-python-%{version}
-setools_python_pwd=`pwd`
-%setup -q -T -D -b 8 -n semodule-utils-%{version}
-semodule_utils_pwd=`pwd`
-%setup -q
+%setup -q -a1 -a8
+setools_python_pwd="$PWD/selinux-python-%{version}"
+semodule_utils_pwd="$PWD/semodule-utils-%{version}"
%patch0 -p1
mv ${setools_python_pwd}/audit2allow ${setools_python_pwd}/chcat
${setools_python_pwd}/semanage ${setools_python_pwd}/sepolgen
${setools_python_pwd}/sepolicy .
mv ${semodule_utils_pwd}/semodule_expand ${semodule_utils_pwd}/semodule_link
${semodule_utils_pwd}/semodule_package .
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2019-03-24 14:55:34
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new.25356 (New)
Package is "policycoreutils"
Sun Mar 24 14:55:34 2019 rev:50 rq:687220 version:2.9
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2019-02-14 14:35:54.347583323 +0100
+++
/work/SRC/openSUSE:Factory/.policycoreutils.new.25356/policycoreutils.changes
2019-03-24 14:55:36.763210864 +0100
@@ -1,0 +2,41 @@
+Wed Mar 20 15:16:54 UTC 2019 - jseg...@suse.com
+
+- Update to version 2.9
+ * secon: free scon_trans before returning
+ * audit2allow/sepolgen-ifgen: show errors on stderr
+ * audit2allow: allow using audit2why as non-root user
+ * chcat: use check_call instead of getstatusoutput
+ * restorecon: add force option
+ * semanage module: Fix handling of -a/-e/-d/-r options
+ * semanage/seobject: Fix listing boolean values
+ * semanage: Drop python shebang from seobject.py
+ * semanage: Fix logger class definition
+ * semanage: Include MCS/MLS range when exporting local customizations
+ * semanage: Load a store policy and set the store SELinux policy root
+ * semanage: Start exporting "ibendport" and "ibpkey" entries
+ * semanage: Stop logging loginRecords changes
+ * semanage: Stop rejecting aliases in semanage commands
+ * semanage: Use standard argparse.error() method in handlePermissive
+ * semanage: do not show "None" levels when using a non-MLS policy
+ * semanage: import sepolicy only when it's needed
+ * semanage: move valid_types initialisations to class constructors
+ * sepolgen: close /etc/selinux/sepolgen.conf after parsing it
+ * sepolgen: fix access vector initialization
+ * sepolgen: fix refpolicy parsing of "permissive"
+ * sepolgen: print all AV rules correctly
+ * sepolgen: refpolicy installs its Makefile in include/Makefile
+ * sepolgen: return NotImplemented instead of raising it
+ * sepolgen: silence linter warning about has_key
+ * sepolgen: use self when accessing members in FilesystemUse
+ * sepolicy: Add sepolicy.load_store_policy(store)
+ * sepolicy: Make policy files sorting more robust
+ * sepolicy: Stop rejecting aliases in sepolicy commands
+ * sepolicy: Update to work with setools-4.2.0
+ * sepolicy: add missing % in network tab help text
+ * sepolicy: initialize mislabeled_files in __init__()
+ * sepolicy: search() also for dontaudit rules
+ * add xperms support to audit2allow
+ * replace aliases with corresponding type names
+- Dropped python3.patch, upstream now
+
+---
Old:
policycoreutils-2.8.tar.gz
python3.patch
selinux-python-2.8.tar.gz
semodule-utils-2.8.tar.gz
New:
policycoreutils-2.9.tar.gz
selinux-python-2.9.tar.gz
semodule-utils-2.9.tar.gz
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.3M3mrL/_old 2019-03-24 14:55:37.447210792 +0100
+++ /var/tmp/diff_new_pack.3M3mrL/_new 2019-03-24 14:55:37.447210792 +0100
@@ -17,19 +17,19 @@
%define libaudit_ver 2.2
-%define libsepol_ver 2.8
-%define libsemanage_ver 2.8
-%define libselinux_ver 2.8
+%define libsepol_ver 2.9
+%define libsemanage_ver 2.9
+%define libselinux_ver 2.9
%define setools_ver 4.1.1
-%define tstamp 20180524
+%define tstamp 20190315
Name: policycoreutils
-Version:2.8
+Version:2.9
Release:0
Summary:SELinux policy core utilities
License:GPL-2.0-or-later
Group: Productivity/Security
URL:https://github.com/SELinuxProject/selinux
-Source0:
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/%{tstamp}/%{name}-%{version}.tar.gz
+Source0:
https://github.com/SELinuxProject/selinux/releases/download/%{tstamp}/%{name}-%{version}.tar.gz
Source1:
https://github.com/SELinuxProject/selinux/releases/download/%{tstamp}/selinux-python-%{version}.tar.gz
Source2:system-config-selinux.png
Source3:system-config-selinux.desktop
@@ -39,7 +39,6 @@
Source7:selinux-polgengui.console
Source8:
https://github.com/SELinuxProject/selinux/releases/download/%{tstamp}/semodule-utils-%{version}.tar.gz
Patch0: make_targets.patch
-Patch1: python3.patch
BuildRequires: audit-devel >= %{libaudit_ver}
BuildRequires: bison
BuildRequires: dbus-1-glib-devel
@@ -162,7 +161,6 @@
%patch0 -p1
mv ${setools_python_pwd}/audit2allow ${setools_python_pwd}/chcat
${setools_python_pwd}/semanage ${setools_python_pwd}/sepolgen
${setools_p
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2019-02-14 14:35:31
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new.28833 (New)
Package is "policycoreutils"
Thu Feb 14 14:35:31 2019 rev:49 rq:674671 version:2.8
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2019-02-06 14:06:38.970657659 +0100
+++
/work/SRC/openSUSE:Factory/.policycoreutils.new.28833/policycoreutils.changes
2019-02-14 14:35:54.347583323 +0100
@@ -1,0 +2,6 @@
+Wed Feb 13 12:21:50 UTC 2019 - jseg...@suse.com
+
+- Make sure current devel package conflicts with old
+ policycoreutils-python (bsc#1124437)
+
+---
@@ -4,0 +11,5 @@
+
+---
+Thu Jan 31 10:19:44 UTC 2019 - Bernhard Wiedemann
+
+- Fix build with python 3.7
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.CIHsAM/_old 2019-02-14 14:35:55.487582808 +0100
+++ /var/tmp/diff_new_pack.CIHsAM/_new 2019-02-14 14:35:55.491582807 +0100
@@ -114,6 +114,7 @@
Group: Productivity/Security
Requires: %{_bindir}/make
Requires: python3-%{name} = %{version}-%{release}
+Conflicts: %{name}-python <= 2.6
%description devel
The policycoreutils-devel package contains the management tools use to develop
policy in an SELinux environment.
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2019-02-06 14:06:34
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new.28833 (New)
Package is "policycoreutils"
Wed Feb 6 14:06:34 2019 rev:48 rq:671816 version:2.8
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2019-01-21 10:55:29.039647015 +0100
+++
/work/SRC/openSUSE:Factory/.policycoreutils.new.28833/policycoreutils.changes
2019-02-06 14:06:38.970657659 +0100
@@ -1,0 +2,5 @@
+Mon Feb 4 08:30:53 UTC 2019 - jseg...@suse.com
+
+- Removed hardcoded python 3.6 path from spec file
+
+---
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.feQ6qy/_old 2019-02-06 14:06:39.578657549 +0100
+++ /var/tmp/diff_new_pack.feQ6qy/_new 2019-02-06 14:06:39.578657549 +0100
@@ -258,7 +258,7 @@
%{_datadir}/bash-completion/completions/*
%files -n python3-%{name}
-%{_libexecdir}/python3.6/site-packages/*
+%{python3_sitelib}/*
%dir %{_localstatedir}/lib/selinux
%files lang -f %{name}.lang
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2019-01-21 10:55:17
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new.28833 (New)
Package is "policycoreutils"
Mon Jan 21 10:55:17 2019 rev:47 rq:666183 version:2.8
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2018-05-04 11:30:21.201887064 +0200
+++
/work/SRC/openSUSE:Factory/.policycoreutils.new.28833/policycoreutils.changes
2019-01-21 10:55:29.039647015 +0100
@@ -1,0 +2,69 @@
+Fri Jan 11 14:18:32 UTC 2019 - jseg...@suse.com
+
+- Required python3-policycoreutils instead of just recommending it
+ for policycoreutils (bsc#1121455)
+- Added requires for python3-setuptools to python3-policycoreutils
+ (bsc#1121455)
+- Removed requires for audit-libs-python from policycoreutils
+ (bsc#1121455)
+
+---
+Mon Jan 7 14:32:58 UTC 2019 - Marcus Rueckert
+
+- properly obsolete/provides for policycoreutils-python
+- remove unneeded obsolete from the devel package
+
+---
+Fri Dec 7 15:08:14 UTC 2018 - jseg...@suse.com
+
+- Don't require selinux-policy-devel for the devel package
+
+---
+Fri Dec 7 13:10:50 UTC 2018 - jseg...@suse.com
+
+- Obsolete policycoreutils-python in policycoreutils and
+ policycoreutils-devel to prevent file conflicts
+
+---
+Wed Nov 21 15:58:16 UTC 2018 - jseg...@suse.com
+
+- Included content of selinux-python-2.8 and semodule-utils-2.8.
+ I think it's easier to have all the relevant binaries in the
+ policycoreutils package (bsc#1116596).
+ Added make_targets.patch for this
+- Removed restorecond, is now a separate package
+- Added python3.patch to use python3 interpreter
+- New runtime requires:
+ * libsepol1
+ * python3-ipy
+ * python3-networkx
+ * python3-semanage
+- Provides and obsolete policycoreutils-python
+
+---
+Thu Nov 8 07:19:24 UTC 2018 - jseg...@suse.com
+
+- Adjusted source urls (bsc#1115052)
+
+---
+Wed Oct 17 11:58:44 UTC 2018 - jseg...@suse.com
+
+- Update to version 2.8 (bsc#732)
+ For changes please see
+
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
+
+---
+Wed May 16 07:26:07 UTC 2018 - mc...@suse.com
+
+- Rebase to 2.7
+ * Rather large rewrite of the SPEC file
+ * Significantly, support for python2 removed
+ For changes please see
+
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
+- Dropped patches:
+ * policycoreutils-initscript.patch
+ * policycoreutils-pam-common.patch
+ * loadpolicy_path.patch
+ * CVE-2018-1063.patch
+
+---
Old:
CVE-2018-1063.patch
loadpolicy_path.patch
policycoreutils-2.6.tar.gz
policycoreutils-initscript.patch
policycoreutils-pam-common.patch
policycoreutils_man_ru2.tar.bz2
sepolgen-2.6.tar.gz
New:
make_targets.patch
policycoreutils-2.8.tar.gz
python3.patch
selinux-python-2.8.tar.gz
semodule-utils-2.8.tar.gz
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.vtw0iB/_old 2019-01-21 10:55:32.035643412 +0100
+++ /var/tmp/diff_new_pack.vtw0iB/_new 2019-01-21 10:55:32.035643412 +0100
@@ -1,7 +1,7 @@
#
# spec file for package policycoreutils
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,39 +17,37 @@
%define libaudit_ver 2.2
-%define libsepol_ver 2.6
-%define libsemanage_ver 2.6
-%define libselinux_ver 2.6
-%define sepolgen_ver 2.6
-#Compat macro for new _fillupdir macro introduced in Nov 2017
-%if ! %{defined _fillupdir}
- %define _fillupdir %{_localstatedir}/adm/fillup-templates
-%endif
+%define libsepol_ver 2.8
+%define libsemanage_ver 2.8
+%define libselinux_ver 2.8
+%define setools_ver 4.1.1
+%define tstamp 20180524
Name: policycoreutils
-Version:2.6
+Version:2.8
Release:0
Summary:SELinux policy core utilities
License:GPL-2.0-or-later
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2018-05-04 11:30:18
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils"
Fri May 4 11:30:18 2018 rev:46 rq:603576 version:2.6
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2018-04-26 13:38:48.210382117 +0200
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2018-05-04 11:30:21.201887064 +0200
@@ -1,0 +2,14 @@
+Mon Apr 30 11:24:50 UTC 2018 - dims...@opensuse.org
+
+- Don't build policycoreutils-gui for anything suse_version >=
+ 1500: there is no reason te believe that SLE16 will have those
+ old, depreacted dependencies back. Fixes also the issues for
+ Tumbleweed, where -gui was not installable.
+
+---
+Thu Apr 26 11:37:36 UTC 2018 - jseg...@suse.com
+
+- SLE 15 doesn't have the necessary files for policycoreutils-gui,
+ don't build it there
+
+---
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.qSxwUV/_old 2018-05-04 11:30:22.009857419 +0200
+++ /var/tmp/diff_new_pack.qSxwUV/_new 2018-05-04 11:30:22.009857419 +0200
@@ -124,6 +124,7 @@
RBAC/MLS policy machines require newrole as a way of changing the role
or level of a logged-in user.
+%if 0%{?suse_version} < 1500
%package gui
Summary:SELinux configuration GUI
Group: Productivity/Security
@@ -135,6 +136,7 @@
%description gui
system-config-selinux is a utility for managing the SELinux environment.
+%endif
%prep
%setup -q -a 1
@@ -178,6 +180,9 @@
%suse_update_desktop_file -i selinux-polgengui System Security Settings
%find_lang %{name}
%fdupes -s %{buildroot}/%{_datadir}
+%if 0%{?suse_version} >= 1500
+rm %{buildroot}/etc/dbus-1/system.d/org.selinux.conf
%{buildroot}/etc/pam.d/selinux-polgengui
%{buildroot}/etc/pam.d/system-config-selinux
%{buildroot}/etc/security/console.apps/selinux-polgengui
%{buildroot}/etc/security/console.apps/system-config-selinux
%{buildroot}/usr/bin/selinux-polgengui %{buildroot}/usr/bin/sepolgen
%{buildroot}/usr/bin/system-config-selinux
%{buildroot}/usr/share/applications/selinux-polgengui.desktop
%{buildroot}/usr/share/applications/sepolicy.desktop
%{buildroot}/usr/share/applications/system-config-selinux.desktop
%{buildroot}/usr/share/icons/hicolor/16x16/apps/sepolicy.png
%{buildroot}/usr/share/icons/hicolor/22x22/apps/sepolicy.png
%{buildroot}/usr/share/icons/hicolor/24x24/apps/system-config-selinux.png
%{buildroot}/usr/share/icons/hicolor/256x256/apps/sepolicy.png
%{buildroot}/usr/share/icons/hicolor/32x32/apps/sepolicy.png
%{buildroot}/usr/share/icons/hicolor/48x48/apps/sepolicy.png
%{buildroot}/usr/share/man/man8/selinux-polgengui.8
%{buildroot}/usr/share/pixmaps/sepolicy.png
%{buildroot}/usr/share/pixmaps/system-config-selinux.png
%{buildroot}/usr/share/polkit-1/actions/org.selinux.config.policy
%{buildroot}/usr/share/polkit-1/actions/org.selinux.policy
%{buildroot}/usr/share/system-config-selinux/booleansPage.py
%{buildroot}/usr/share/system-config-selinux/domainsPage.py
%{buildroot}/usr/share/system-config-selinux/fcontextPage.py
%{buildroot}/usr/share/system-config-selinux/html_util.py
%{buildroot}/usr/share/system-config-selinux/loginsPage.py
%{buildroot}/usr/share/system-config-selinux/mappingsPage.py
%{buildroot}/usr/share/system-config-selinux/modulesPage.py
%{buildroot}/usr/share/system-config-selinux/polgen.glade
%{buildroot}/usr/share/system-config-selinux/polgengui.py
%{buildroot}/usr/share/system-config-selinux/portsPage.py
%{buildroot}/usr/share/system-config-selinux/selinux-polgengui.desktop
%{buildroot}/usr/share/system-config-selinux/selinux_server.py
%{buildroot}/usr/share/system-config-selinux/semanagePage.py
%{buildroot}/usr/share/system-config-selinux/sepolicy.desktop
%{buildroot}/usr/share/system-config-selinux/statusPage.py
%{buildroot}/usr/share/system-config-selinux/system-config-selinux.desktop
%{buildroot}/usr/share/system-config-selinux/system-config-selinux.glade
%{buildroot}/usr/share/system-config-selinux/system-config-selinux.png
%{buildroot}/usr/share/system-config-selinux/system-config-selinux.py
%{buildroot}/usr/share/system-config-selinux/usersPage.py
%{buildroot}/usr/share/man/man8/system-config-selinux.8
+%endif
%pre
%service_add_pre restorecond.service
@@ -320,6 +325,7 @@
%{_mandir}/man1/newrole.1%{?ext_man}
%config(noreplace) %{_sysconfdir}/pam.d/newrole
+%if 0%{?suse_version} < 1500
%files gui
%{_bindir}/system-c
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2018-04-26 13:38:47
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils"
Thu Apr 26 13:38:47 2018 rev:45 rq:601034 version:2.6
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2018-04-06 17:47:19.960289985 +0200
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2018-04-26 13:38:48.210382117 +0200
@@ -1,0 +2,5 @@
+Wed Apr 25 14:31:29 UTC 2018 - jseg...@suse.com
+
+- Drop the requirement for selinux-policy for the gui tools.
+
+---
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.RvS9TR/_old 2018-04-26 13:38:48.962354554 +0200
+++ /var/tmp/diff_new_pack.RvS9TR/_new 2018-04-26 13:38:48.966354408 +0200
@@ -31,7 +31,7 @@
Summary:SELinux policy core utilities
License:GPL-2.0-or-later
Group: Productivity/Security
-URL:https://github.com/SELinuxProject/selinux
+Url:https://github.com/SELinuxProject/selinux
Source:
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz
Source1:
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/sepolgen-%{sepolgen_ver}.tar.gz
Source2:system-config-selinux.png
@@ -131,7 +131,6 @@
Requires: python
Requires: python-gnome
Requires: python-gtk
-Requires: selinux-policy
Requires: setools-console
%description gui
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2018-04-06 17:47:16
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils"
Fri Apr 6 17:47:16 2018 rev:44 rq:593258 version:2.6
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2017-12-23 12:20:36.772287710 +0100
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2018-04-06 17:47:19.960289985 +0200
@@ -1,0 +2,19 @@
+Tue Mar 27 13:46:37 UTC 2018 - tchva...@suse.com
+
+- Drop SLE11 support, needs the audit that is not present on SLE11
+- Fix service link to actually work on current releases
+- Drop SUSE_ASNEEDED=0 as it seems to build fine without it
+- Do not depend on systemd, just systemd-rpm-macros
+
+---
+Wed Mar 21 11:32:47 UTC 2018 - jseg...@suse.com
+
+- Added CVE-2018-1063.patch to prevent chcon from following symlinks in
+ /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624, CVE-2018-1063)
+
+---
+Tue Mar 20 12:01:55 UTC 2018 - jseg...@suse.com
+
+- Remove BuildRequires for libcgroup-devel (bsc#1085837)
+
+---
New:
CVE-2018-1063.patch
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.KCkq7p/_old 2018-04-06 17:47:21.424237073 +0200
+++ /var/tmp/diff_new_pack.KCkq7p/_new 2018-04-06 17:47:21.428236927 +0200
@@ -1,7 +1,7 @@
#
# spec file for package policycoreutils
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,23 +16,22 @@
#
-#Compat macro for new _fillupdir macro introduced in Nov 2017
-%if ! %{defined _fillupdir}
- %define _fillupdir /var/adm/fillup-templates
-%endif
-
%define libaudit_ver 2.2
%define libsepol_ver 2.6
%define libsemanage_ver 2.6
%define libselinux_ver 2.6
%define sepolgen_ver 2.6
+#Compat macro for new _fillupdir macro introduced in Nov 2017
+%if ! %{defined _fillupdir}
+ %define _fillupdir %{_localstatedir}/adm/fillup-templates
+%endif
Name: policycoreutils
Version:2.6
Release:0
Summary:SELinux policy core utilities
-License:GPL-2.0+
+License:GPL-2.0-or-later
Group: Productivity/Security
-Url:https://github.com/SELinuxProject/selinux
+URL:https://github.com/SELinuxProject/selinux
Source:
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz
Source1:
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/sepolgen-%{sepolgen_ver}.tar.gz
Source2:system-config-selinux.png
@@ -45,6 +44,7 @@
Patch4: policycoreutils-initscript.patch
Patch5: policycoreutils-pam-common.patch
Patch10:loadpolicy_path.patch
+Patch11:CVE-2018-1063.patch
BuildRequires: audit-devel >= %{libaudit_ver}
BuildRequires: dbus-1-glib-devel
BuildRequires: fdupes
@@ -52,12 +52,14 @@
BuildRequires: hicolor-icon-theme
BuildRequires: libcap-devel
BuildRequires: libcap-ng-devel
-BuildRequires: libcgroup-devel
BuildRequires: libselinux-devel >= %{libselinux_ver}
BuildRequires: libsemanage-devel >= %{libsemanage_ver}
BuildRequires: libsepol-devel-static >= %{libsepol_ver}
BuildRequires: pam-devel
+# needed only for dir /usr/share/polkit-1 from policycoreutils-gui
+BuildRequires: polkit
BuildRequires: python-devel
+BuildRequires: systemd-rpm-macros
BuildRequires: update-desktop-files
Requires: audit-libs-python
Requires: checkpolicy
@@ -67,15 +69,10 @@
Requires: util-linux
# we need selinuxenabled
Requires(post): selinux-tools
-Requires(pre): %fillup_prereq permissions
+Requires(pre): %fillup_prereq
+Requires(pre): permissions
Recommends: %{name}-lang
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
-%if 0%{?suse_version} > 1140
-BuildRequires: systemd
%{?systemd_requires}
-%else
-Requires(pre): %insserv_prereq
-%endif
%description
policycoreutils contains the policy core utilities that are required
@@ -145,9 +142,9 @@
%patch4
%patch5
%patch10 -p1
+%patch11
%build
-export SUSE_ASNEEDED=0
make %{?_smp_mflags} LSPP_PRIV=y LIBDIR="%{_libdir}"
LIBEXECDIR="%{_libexecdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2017-12-23 12:20:35
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils"
Sat Dec 23 12:20:35 2017 rev:43 rq:559352 version:2.6
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2017-12-11 18:56:16.083233030 +0100
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2017-12-23 12:20:36.772287710 +0100
@@ -1,0 +2,6 @@
+Thu Dec 21 14:29:30 UTC 2017 - jseg...@suse.com
+
+- Removed BuildRequires for setools-devel and added new
+ runtime requirement for python2-networkx
+
+---
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.F2SDFN/_old 2017-12-23 12:20:37.608246949 +0100
+++ /var/tmp/diff_new_pack.F2SDFN/_new 2017-12-23 12:20:37.612246754 +0100
@@ -58,7 +58,6 @@
BuildRequires: libsepol-devel-static >= %{libsepol_ver}
BuildRequires: pam-devel
BuildRequires: python-devel
-BuildRequires: setools-devel
BuildRequires: update-desktop-files
Requires: audit-libs-python
Requires: checkpolicy
@@ -103,6 +102,7 @@
Requires: python-setools
Requires: python-xml
Requires: python-yum
+Requires: python2-networkx
Requires: yum-metadata-parser
%description python
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2017-12-11 18:56:12
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils"
Mon Dec 11 18:56:12 2017 rev:42 rq:546989 version:2.6
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2017-06-30 18:43:44.570478466 +0200
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2017-12-11 18:56:16.083233030 +0100
@@ -1,0 +2,31 @@
+Mon Nov 27 14:23:12 UTC 2017 - rbr...@suse.com
+
+- Replace references to /var/adm/fillup-templates with new
+ %_fillupdir macro (boo#1069468)
+
+---
+Fri Nov 24 09:21:51 UTC 2017 - jseg...@suse.com
+
+- Update to policycoreutils version 2.6. Notable changes:
+ * setfiles: reverse the sense of -D option
+ * sandbox: Use dbus-run-session instead of dbus-launch when available
+ * setfiles: Utility to find security.restorecon_last entries
+ * setfiles: Add option to stop setting the digest
+ * hll/pp: Change warning for module name not matching filename to match new
behavior
+ * sepolicy: convert to setools4
+ * sandbox: create a new session for sandboxed processes
+ * sandbox: do not try to setup directories without -X or -M
+ * sandbox: do not run xmodmap in a new X session
+ * sandbox: fix file labels on copied files
+ * semanage: Fix semanage fcontext -D
+ * semanage: Default serange to "s0" for port modify
+ * semanage: Use socket.getprotobyname for protocol
+ * semanage: Add auditing of changes in records
+ * Improve compatibility with Python 3
+ * Update sandbox types in sandbox manual
+ * hll/pp: Warn if module name different than output filename
+- Update to sepolgen version 2.6. Notable changes:
+ * Add support for TYPEBOUNDS statement in INTERFACE policy files
+- Dropped CVE-2016-7545_sandbox_escape.patch
+
+---
Old:
CVE-2016-7545_sandbox_escape.patch
policycoreutils-2.5.tar.gz
sepolgen-1.2.3.tar.gz
New:
policycoreutils-2.6.tar.gz
sepolgen-2.6.tar.gz
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.b1vKfS/_old 2017-12-11 18:56:16.951191689 +0100
+++ /var/tmp/diff_new_pack.b1vKfS/_new 2017-12-11 18:56:16.955191499 +0100
@@ -16,20 +16,25 @@
#
+#Compat macro for new _fillupdir macro introduced in Nov 2017
+%if ! %{defined _fillupdir}
+ %define _fillupdir /var/adm/fillup-templates
+%endif
+
%define libaudit_ver 2.2
-%define libsepol_ver 2.5
-%define libsemanage_ver 2.5
-%define libselinux_ver 2.5
-%define sepolgen_ver 1.2.3
+%define libsepol_ver 2.6
+%define libsemanage_ver 2.6
+%define libselinux_ver 2.6
+%define sepolgen_ver 2.6
Name: policycoreutils
-Version:2.5
+Version:2.6
Release:0
Summary:SELinux policy core utilities
License:GPL-2.0+
Group: Productivity/Security
Url:https://github.com/SELinuxProject/selinux
-Source:
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/%{name}-%{version}.tar.gz
-Source1:
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/sepolgen-%{sepolgen_ver}.tar.gz
+Source:
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz
+Source1:
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/sepolgen-%{sepolgen_ver}.tar.gz
Source2:system-config-selinux.png
Source3:system-config-selinux.desktop
Source4:system-config-selinux.pam
@@ -40,7 +45,6 @@
Patch4: policycoreutils-initscript.patch
Patch5: policycoreutils-pam-common.patch
Patch10:loadpolicy_path.patch
-Patch11:CVE-2016-7545_sandbox_escape.patch
BuildRequires: audit-devel >= %{libaudit_ver}
BuildRequires: dbus-1-glib-devel
BuildRequires: fdupes
@@ -141,7 +145,6 @@
%patch4
%patch5
%patch10 -p1
-%patch11 -p1
%build
export SUSE_ASNEEDED=0
@@ -176,8 +179,8 @@
rm -f %{buildroot}%{_mandir}/ru/man8/genhomedircon.8.gz
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui
-mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates/
-mv %{buildroot}/%{_sysconfdir}/sysconfig/sandbox
%{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.sandbox
+mkdir -p %{buildroot}%{_fillupdir}/
+mv %{buildroot}/%{_sysconfdir}/sysconfig/sandbox
%{buildroot}%{_fillupdi
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2017-06-30 18:42:49
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils"
Fri Jun 30 18:42:49 2017 rev:41 rq:507122 version:2.5
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2016-08-05 18:16:35.0 +0200
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2017-06-30 18:43:44.570478466 +0200
@@ -1,0 +2,6 @@
+Mon Dec 19 07:21:22 UTC 2016 - jseg...@novell.com
+
+- Added CVE-2016-7545_sandbox_escape.patch to fix CVE-2016-7545, bsc#1000998
+ Sandboxed session could have escaped to the parent session
+
+---
New:
CVE-2016-7545_sandbox_escape.patch
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.38zjuk/_old 2017-06-30 18:43:45.290377208 +0200
+++ /var/tmp/diff_new_pack.38zjuk/_new 2017-06-30 18:43:45.294376645 +0200
@@ -1,7 +1,7 @@
#
# spec file for package policycoreutils
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -40,6 +40,7 @@
Patch4: policycoreutils-initscript.patch
Patch5: policycoreutils-pam-common.patch
Patch10:loadpolicy_path.patch
+Patch11:CVE-2016-7545_sandbox_escape.patch
BuildRequires: audit-devel >= %{libaudit_ver}
BuildRequires: dbus-1-glib-devel
BuildRequires: fdupes
@@ -108,7 +109,6 @@
Group: Productivity/Security
Requires: policycoreutils-python = %{version}
Requires: xorg-x11-server-extra
-# Requires: matchbox-window-manager
%description sandbox
The sandbox package contains the scripts to create graphical sandboxes.
@@ -127,8 +127,6 @@
Summary:SELinux configuration GUI
Group: Productivity/Security
Requires: policycoreutils-python = %{version}
-# Requires:gnome-python2-canvas
-# Requires:usermode-gtk
Requires: python
Requires: python-gnome
Requires: python-gtk
@@ -143,9 +141,7 @@
%patch4
%patch5
%patch10 -p1
-# sleep 5
-# touch po/policycoreutils.pot
-# sleep 5
+%patch11 -p1
%build
export SUSE_ASNEEDED=0
++ CVE-2016-7545_sandbox_escape.patch ++
Index: policycoreutils-2.5/sandbox/sandbox
===
--- policycoreutils-2.5.orig/sandbox/sandbox2016-02-23 17:31:41.0
+0100
+++ policycoreutils-2.5/sandbox/sandbox 2016-12-19 08:20:38.507223657 +0100
@@ -467,10 +467,15 @@ sandbox [-h] [-l level ] [-[X|M] [-H hom
cmds += ["--"] + self.__paths
return subprocess.Popen(cmds).wait()
-selinux.setexeccon(self.__execcon)
-rc = subprocess.Popen(self.__cmds).wait()
-selinux.setexeccon(None)
-return rc
+pid = os.fork()
+if pid == 0:
+rc = os.setsid()
+if rc:
+return rc
+selinux.setexeccon(self.__execcon)
+os.execv(self.__cmds[0], self.__cmds)
+rc = os.waitpid(pid, 0)
+return os.WEXITSTATUS(rc[1])
finally:
for i in self.__paths:
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2016-08-05 18:16:34
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils"
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2016-07-21 07:58:57.0 +0200
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2016-08-05 18:16:35.0 +0200
@@ -1,0 +2,5 @@
+Sat Jul 23 05:47:50 UTC 2016 - jeng...@inai.de
+
+- Trim description in line with other selinux packages
+
+---
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.bsCUIL/_old 2016-08-05 18:16:37.0 +0200
+++ /var/tmp/diff_new_pack.bsCUIL/_new 2016-08-05 18:16:37.0 +0200
@@ -74,22 +74,17 @@
%endif
%description
-Security-enhanced Linux is a feature of the Linux(R) kernel and a number
-of utilities with enhanced security functionality designed to add
-mandatory access controls to Linux. The Security-enhanced Linux
-kernel contains new architectural components originally developed to
-improve the security of the Flask operating system. These
-architectural components provide general support for the enforcement
-of many kinds of mandatory access control policies, including those
-based on the concepts of Type Enforcement(R), Role-based Access
-Control, and Multi-level Security.
-
policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system. These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run %{_initddir} scripts in the proper
context.
+(Security-enhanced Linux is a feature of the kernel and some
+utilities that implement mandatory access control policies, such as
+Type Enforcement, Role-based Access Control and Multi-Level
+Security.)
+
%lang_package
%package python
@@ -116,7 +111,7 @@
# Requires: matchbox-window-manager
%description sandbox
-The sandbox package contains the scripts to create graphical sandboxes
+The sandbox package contains the scripts to create graphical sandboxes.
%package newrole
Summary:The newrole application for RBAC/MLS
@@ -126,7 +121,7 @@
%description newrole
RBAC/MLS policy machines require newrole as a way of changing the role
-or level of a logged in user.
+or level of a logged-in user.
%package gui
Summary:SELinux configuration GUI
@@ -141,7 +136,7 @@
Requires: setools-console
%description gui
-system-config-selinux is a utility for managing the SELinux environment
+system-config-selinux is a utility for managing the SELinux environment.
%prep
%setup -q -a 1
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2016-07-21 07:58:54 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2014-11-13 09:18:32.0 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2016-07-21 07:58:57.0 +0200 @@ -1,0 +2,62 @@ +Thu Jul 14 08:45:45 UTC 2016 - jseg...@novell.com + +- Changes submitted by MargueriteSu: + Update to version 2.5 + * sepolicy: Do not overwrite CFLAGS, from Nicolas Iooss. + * sepolicy: Rename policy global variable conflict, from Nicolas Iooss. + * newrole: Add missing defined in #if, from Nicolas Iooss. + * newrole: Add description of missing parameter -p in newrole man page, from Lukas Vrabec. + * secon: Add missing descriptions for --*-key params in secon man page, from Lukas Vrabec + * semanage: List reserve_port_t in semanage port -l, from Petr Lautrbach. + * chcat: Add a fallback in case os.getlogin() returns nothing, from Laurent Bigonville. + * semanage: fix 'semanage permissions -l' subcommand, from Petr Lautrbach. + * semanage: replace string.join() with str.join(), from Petr Lautrbach. + * Man page warning fixes, from Ville Skyttä. + * sandbox: Fix sandbox to propagate specified MCS/MLS Security Level, from Miroslav Grepl. + * semanage: Require at least one argument for 'semanage permissive -d', from Petr Lautrbach. + * sepolicy: Improve sepolicy command line interface, from Petr Lautrbach. + * audit2allow/why: ignore setlocale errors, from Petr Lautrbach. + * semodule: Add --extract/-E, --cil/-c, and --hll/-H to extract modules, from Yuli Khodorkovskiy. + * audit2allow: Comment constraint rules in output, from Miroslav Grepl via Petr Lautrbach. + * Fix PEP8 issues, from Jason Zaman. + * semanage: fix moduleRecords deleteall method, from Stephen Smalley. + * Improve compatibility with Python 3, from Michal Srb. + * semanage: Set self.sename to sename after calling semanage_seuser_set_sename(), from Laurent Bigonville. + * semanage: Fix typo in semanage args for minimium policy store, from Petr Lautrbach. + * sepolicy: Only invoke RPM on RPM-enabled Linux distributions, from Sven Vermeulen. + * mcstransd: don't reinvent getpeercon, from Stephen Smalley. + * setfiles/restorecon: fix -r/-R option, from Petr Lautrbach. + * org.selinux.policy: Require auth_admin_keep for all actions, from Stephen Smalley. + * hll: Move core functions of pp to libsepol, from James Carter + * run_init: Use a ring buffer in open_init_pty, from Jason Zaman. + * run_init: fix open_init_pty availability check, from Nicolas Iooss. + * Widen Xen IOMEM context entries, from Daniel De Graaf. + * Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach. + * Fixed typo/grammatical error, from Christopher Peterson. + * Fix typo in semanage-port man page, from Andrew Spiers. + Update to version 2.4 + * Fix bugs found by hardened gcc flags, from Nicolas Iooss. + * Improve support for building with different versions of python from +Nicolas Iooss. + * Ensure XDG_RUNTIME_DIR is passed through to the sandbox in seunshare, +from Dan Walsh + * Remove cgroups from sandbox, from Dan Walsh + * Try to use setcurrent before setexec in seunshare, from Andy Lutomirski + * Stop using the now deprecated flask.h and av_permissions.h, from Stephen Smalley + * Add a store root path in semodule, from Yuli Khodorkovskiy + * Add a flag to ignore cached CIL files and recompile HLL modules, from +Yuli Khodorkovskiy + * Add and install HLL compiler for policy packages to CIL. The compiler is +installed in /var/libexec/selinux/hll/ by default, from Steve Lawrence + * Fixes to pp compiler to better support roles and type attributes, from +Yuli Khodorkovskiy + * Deprecate base/upgrade/version in semodule. Calling these commands will +now call --install on the backend, from Yuli Khodorkovskiy + * Add ability to install modules with a specified priority, from Caleb +Case + * Use /tmp for permissive module creation, by Caleb Case + * Update semanage to use new source policy infrastructure, from Jason Dana + * Add RuntimeDirectory to mcstrans systemd unit file, from Laurent +Bigonville + +--- Old: policycoreutils-2.3.tar.gz sepolgen-1.2.1.tar.gz New: policycoreutils-2.5.tar.gz sepolgen-1.2.3.tar.gz Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.DtRNJ9/_old 2016-07-21 07:59:00.00
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2014-11-13 09:18:10
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils"
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2014-09-09 18:59:19.0 +0200
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2014-11-13 09:18:32.0 +0100
@@ -1,0 +2,6 @@
+Wed Nov 5 14:04:30 UTC 2014 - jseg...@novell.com
+
+- added Requires: python-yum, yum-metadata-parser to fix sepolicy
+ (bnc#903841)
+
+---
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.y3hnJV/_old 2014-11-13 09:18:33.0 +0100
+++ /var/tmp/diff_new_pack.y3hnJV/_new 2014-11-13 09:18:33.0 +0100
@@ -155,6 +155,8 @@
Requires: python-semanage >= %{libsemanage_ver}
Requires: python-setools
Requires: python-xml
+Requires: python-yum
+Requires: yum-metadata-parser
%description python
The policycoreutils-python package contains the management tools used to
manage an SELinux environment.
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2014-09-09 18:59:14
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils"
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2014-06-02 07:00:57.0 +0200
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2014-09-09 18:59:19.0 +0200
@@ -1,0 +2,5 @@
+Mon Sep 8 08:04:51 UTC 2014 - jseg...@suse.com
+
+- removed execute permission from systemd unit file
+
+---
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.idN0z6/_old 2014-09-09 18:59:20.0 +0200
+++ /var/tmp/diff_new_pack.idN0z6/_new 2014-09-09 18:59:20.0 +0200
@@ -314,7 +314,7 @@
%{_bindir}/semodule_package
%{_bindir}/semodule_unpackage
%if 0%{?suse_version} > 1140
-%attr(755,root,root) %{_unitdir}/restorecond.service
+%attr(644,root,root) %{_unitdir}/restorecond.service
%else
%attr(755,root,root) %{_initddir}/restorecond
%endif
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2013-12-17 10:03:02
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils"
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2013-12-11 16:16:30.0 +0100
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2013-12-17 10:03:03.0 +0100
@@ -1,0 +2,7 @@
+Fri Dec 13 14:13:32 UTC 2013 - vci...@suse.com
+
+- sepolgen: add back attributes
+ * fixes build of selinux-policy
+ * policycoreutils-sepolgen_missing_attributes.patch
+
+---
New:
policycoreutils-sepolgen_missing_attributes.patch
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.WyGRVw/_old 2013-12-17 10:03:04.0 +0100
+++ /var/tmp/diff_new_pack.WyGRVw/_new 2013-12-17 10:03:04.0 +0100
@@ -40,6 +40,7 @@
Source8:policycoreutils_man_ru2.tar.bz2
Patch4: policycoreutils-initscript.patch
Patch5: policycoreutils-pam-common.patch
+Patch6: policycoreutils-sepolgen_missing_attributes.patch
Patch10:loadpolicy_path.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: audit-devel >= %{libaudit_ver}
@@ -98,6 +99,7 @@
%setup -q -a 1
%patch4
%patch5
+%patch6 -p1
%patch10 -p1
# sleep 5
# touch po/policycoreutils.pot
++ policycoreutils-sepolgen_missing_attributes.patch ++
Index: policycoreutils-2.2/sepolgen-1.2/src/sepolgen/interfaces.py
===
--- policycoreutils-2.2.orig/sepolgen-1.2/src/sepolgen/interfaces.py
2013-10-30 17:51:19.0 +0100
+++ policycoreutils-2.2/sepolgen-1.2/src/sepolgen/interfaces.py 2013-12-10
14:05:40.791999743 +0100
@@ -276,7 +276,7 @@ class InterfaceVector:
if attributes:
for typeattribute in interface.typeattributes():
for attr in typeattribute.attributes:
-if not attributes.has_key(attr):
+if not attributes.attributes.has_key(attr):
# print "missing attribute " + attr
continue
attr_vec = attributes.attributes[attr]
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2013-12-11 16:16:27
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils"
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2013-07-02 07:41:27.0 +0200
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2013-12-11 16:16:30.0 +0100
@@ -1,0 +2,68 @@
+Mon Dec 9 11:20:57 UTC 2013 - vci...@suse.com
+
+- fix issues which prevented accepting to Factory
+ * mention the dropped patches (merged upstream):
+- policycoreutils-rhat.patch
+- policycoreutils-sepolgen.patch
+
+---
+Thu Oct 31 14:48:31 UTC 2013 - p.drou...@gmail.com
+
+- update to version 2.2
+ * Properly build the swig exception file
+ * Fix man pages
+ * Support overriding PATH and INITDIR in Makefile
+ * Fix LDFLAGS usage
+ * Fix init_policy warning
+ * Fix semanage logging
+ * Open newrole stdin as read/write
+ * Fix sepolicy transition
+ * Support overriding CFLAGS
+ * Create correct man directory for run_init
+ * restorecon GLOB_BRACE change
+ * Extend audit2why to report additional constraint information.
+ * Catch IOError errors within audit2allow
+ * semanage export/import fixes
+ * Improve setfiles progress reporting
+ * Document setfiles -o option in usage
+ * Change setfiles to always return -1 on failure
+ * Improve setsebool error r eporting
+ * Major overhaul of gui
+ * Fix sepolicy handling of non-MLS policy
+ * Support returning type aliases
+ * Add sepolicy tests
+ * Add org.selinux.config.policy
+ * Improve range and user input checking by semanage
+ * Prevent source or target arguments that end with / for substitutions
+ * Allow use of <> for semanage fcontext
+ * Report customized user levels
+ * Support deleteall for restoring disabled modules
+ * Improve semanage error reporting
+ * Only list disabled modules for module locallist
+ * Fix logging
+ * Define new constants for file type character codes
+ * Improve bash completions
+ * Convert semanage to argparse
+ * Add semanage tests
+ * Split semanage man pages
+ * Move bash completion scripts
+ * Replace genhomedircon script with a link to semodule
+ * Fix fixfiles
+ * Add support for systemd service for restorecon
+ * Spelling corrections
+ * Improve sandbox support for home dir symlinks and file caps
+ * Switch sandbox to openbox window manager
+ * Coalesce audit2why and audit2allow
+ * Change audit2allow to append to output file
+ * Update translations
+ * Change audit2why to use selinux_current_policy_path
+- Update sepolgen to version 1.2
+ * Return additional constraint information.
+ * Fix bug in calls to attributes
+ * Add support for filename transitions
+ * Fix sepolgen tests
+- Remove restorecond.service; use upstream service file
+- Don't provide support for sysvinit and systemd on a same system
+ Use either one or the other
+
+---
Old:
policycoreutils-2.1.14.tar.gz
policycoreutils-gui.patch.bz2
policycoreutils-po.patch.bz2
policycoreutils-rhat.patch
policycoreutils-sepolgen.patch
restorecond.service
sepolgen-1.1.9.tar.gz
New:
policycoreutils-2.2.tar.gz
sepolgen-1.2.tar.gz
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.s9C41R/_old 2013-12-11 16:16:31.0 +0100
+++ /var/tmp/diff_new_pack.s9C41R/_new 2013-12-11 16:16:31.0 +0100
@@ -16,21 +16,21 @@
#
-%define libaudit_ver 1.4.2
-%define libsepol_ver 2.1.9
-%define libsemanage_ver 2.1.10
-%define libselinux_ver 2.1.13
-%define sepolgen_ver 1.1.9
+%define libaudit_ver 2.2
+%define libsepol_ver 2.2
+%define libsemanage_ver 2.2
+%define libselinux_ver 2.2
+%define sepolgen_ver 1.2
Name: policycoreutils
-Version:2.1.14
+Version:2.2
Release:0
Url:http://userspace.selinuxproject.org/
Summary:SELinux policy core utilities
License:GPL-2.0+
Group: Productivity/Security
-Source:
http://userspace.selinuxproject.org/releases/20130423/%{name}-%{version}.tar.gz
-Source1:
http://userspace.selinuxproject.org/releases/20130423/sepolgen-%{sepolgen_ver}.tar.gz
+Source:
http://userspace.sel
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2013-07-02 07:41:26
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils"
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2013-04-17 23:15:48.0 +0200
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2013-07-02 07:41:27.0 +0200
@@ -1,0 +2,5 @@
+Thu Jun 27 14:51:08 UTC 2013 - vci...@suse.com
+
+- change the source url to the official release tarballs
+
+---
Old:
policycoreutils-2.1.14.tgz
sepolgen-1.1.9.tgz
New:
policycoreutils-2.1.14.tar.gz
sepolgen-1.1.9.tar.gz
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.M6If50/_old 2013-07-02 07:41:28.0 +0200
+++ /var/tmp/diff_new_pack.M6If50/_new 2013-07-02 07:41:28.0 +0200
@@ -29,8 +29,8 @@
Summary:SELinux policy core utilities
License:GPL-2.0+
Group: Productivity/Security
-Source:
http://pkgs.fedoraproject.org/lookaside/pkgs/policycoreutils/%{name}-%{version}.tgz/22cb999c28b40b59a9d6b11824480ab8/%{name}-%{version}.tgz
-Source1:
http://pkgs.fedoraproject.org/lookaside/pkgs/policycoreutils/sepolgen-%{sepolgen_ver}.tgz/960f29b498ba7efaa3aeb5e3796a1ba3/sepolgen-%{sepolgen_ver}.tgz
+Source:
http://userspace.selinuxproject.org/releases/20130423/%{name}-%{version}.tar.gz
+Source1:
http://userspace.selinuxproject.org/releases/20130423/sepolgen-%{sepolgen_ver}.tar.gz
Source2:system-config-selinux.png
Source3:system-config-selinux.desktop
Source4:system-config-selinux.pam
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2013-04-17 23:15:45
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils", Maintainer is "vci...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2013-03-08 09:38:49.0 +0100
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2013-04-17 23:15:48.0 +0200
@@ -1,0 +2,49 @@
+Wed Apr 3 10:06:06 UTC 2013 - vci...@suse.com
+
+- fixed source url
+- removed old tarball
+
+---
+Fri Mar 29 13:13:19 UTC 2013 - vci...@suse.com
+
+- update to 2.1.14
+ * setfiles: estimate percent progress
+ * load_policy: make link at the destination directory
+ * Rebuild polgen.glade with glade-3
+ * sepolicy: new command to unite small utilities
+ * sepolicy: Update Makefiles and po files
+ * sandbox: use sepolicy to look for sandbox_t
+ * gui: switch to use sepolicy
+ * gui: sepolgen: use sepolicy to generate
+ * semanage: use sepolicy for boolean dictionary
+ * add po file configuration information
+ * po: stop running update-po on all
+ * semanage: seobject verify policy types before allowing you to assign them.
+ * gui: Start using Popen, instead of os.spawnl
+ * sandbox: Copy /var/tmp to /tmp as they are the same inside
+ * qualifier to shred content
+ * semanage: Fix handling of boolean_sub names when using the -F flag
+ * semanage: man: roles instead of role
+ * gui: system-config-selinux: Catch no DISPLAY= error
+ * setfiles: print error if no default label found
+ * semanage: list logins file entries in semanage login -l
+ * semanage: good error message is sepolgen python module missing
+ * gui: system-config-selinux: do not use lokkit
+ * secon: add support for setrans color information in prompt output
+ * restorecond: remove /etc/mtab from default list
+ * gui: If you are not able to read enforcemode set it to False
+ * genhomedircon: regenerate genhomedircon more often
+ * restorecond: Add /etc/udpatedb.conf to restorecond.conf
+ * genhomedircon generation to allow spec file to pass in SEMODULE_PATH
+ * fixfiles: relabel only after specific date
+ * po: update translations
+ * sandbox: seunshare: do not reassign realloc value
+ * seunshare: do checking on setfsuid
+ * sestatus: rewrite to shut up coverity
+- removed policycoreutils-glibc217.patch (upstream fix)
+- added patches:
+ * policycoreutils-rhat.patch
+ * policycoreutils-sepolgen.patch
+ * loadpolicy_path.patch
+
+---
Old:
policycoreutils-2.1.13.tar.gz
policycoreutils-glibc217.patch
sepolgen-1.1.8.tar.gz
New:
loadpolicy_path.patch
policycoreutils-2.1.14.tgz
policycoreutils-rhat.patch
policycoreutils-sepolgen.patch
sepolgen-1.1.9.tgz
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.PUj6L4/_old 2013-04-17 23:15:50.0 +0200
+++ /var/tmp/diff_new_pack.PUj6L4/_new 2013-04-17 23:15:50.0 +0200
@@ -17,20 +17,20 @@
%define libaudit_ver 1.4.2
-%define libsepol_ver 2.1.8
-%define libsemanage_ver 2.1.9
-%define libselinux_ver 2.1.12
-%define sepolgen_ver 1.1.8
+%define libsepol_ver 2.1.9
+%define libsemanage_ver 2.1.10
+%define libselinux_ver 2.1.13
+%define sepolgen_ver 1.1.9
Name: policycoreutils
-Version:2.1.13
+Version:2.1.14
Release:0
Url:http://userspace.selinuxproject.org/
Summary:SELinux policy core utilities
License:GPL-2.0+
Group: Productivity/Security
-Source:
http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz
-Source1:
http://userspace.selinuxproject.org/releases/20120216/sepolgen-%{sepolgen_ver}.tar.gz
+Source:
http://pkgs.fedoraproject.org/lookaside/pkgs/policycoreutils/%{name}-%{version}.tgz/22cb999c28b40b59a9d6b11824480ab8/%{name}-%{version}.tgz
+Source1:
http://pkgs.fedoraproject.org/lookaside/pkgs/policycoreutils/sepolgen-%{sepolgen_ver}.tgz/960f29b498ba7efaa3aeb5e3796a1ba3/sepolgen-%{sepolgen_ver}.tgz
Source2:system-config-selinux.png
Source3:system-config-selinux.desktop
Source4:system-config-selinux.pam
@@ -41,7 +41,9 @@
Source9:restorecond.service
Patch4: policycoreutils-initscript.patch
Patch5: policycoreutils-pam-common.patch
-Patch6: policycoreutils-glibc217.patch
+Patch7: policycoreutils-rhat.patch
+
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2013-03-08 09:38:46
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils", Maintainer is "vci...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2012-12-19 11:51:43.0 +0100
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2013-03-08 09:38:49.0 +0100
@@ -1,0 +2,9 @@
+Wed Jan 30 12:10:23 UTC 2013 - vci...@suse.com
+
+- update to 2.1.13
+ - drop policycoreutils-po.patch.bz2 (updated upstream)
+ - drop policycoreutils-gui.patch.bz2 (added to upstream)
+ - drop sandbox init scripts (shouldn't be needed anymore)
+ - numerous other changes
+
+---
Old:
policycoreutils-2.1.10.tar.gz
sepolgen-1.1.5.tar.gz
New:
policycoreutils-2.1.13.tar.gz
sepolgen-1.1.8.tar.gz
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.0QOGkD/_old 2013-03-08 09:38:50.0 +0100
+++ /var/tmp/diff_new_pack.0QOGkD/_new 2013-03-08 09:38:50.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package policycoreutils
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,13 +17,13 @@
%define libaudit_ver 1.4.2
-%define libsepol_ver 2.1.4
-%define libsemanage_ver 2.0.43
-%define libselinux_ver 2.0.90
-%define sepolgen_ver 1.1.5
+%define libsepol_ver 2.1.8
+%define libsemanage_ver 2.1.9
+%define libselinux_ver 2.1.12
+%define sepolgen_ver 1.1.8
Name: policycoreutils
-Version:2.1.10
+Version:2.1.13
Release:0
Url:http://userspace.selinuxproject.org/
Summary:SELinux policy core utilities
@@ -39,8 +39,6 @@
Source7:selinux-polgengui.console
Source8:policycoreutils_man_ru2.tar.bz2
Source9:restorecond.service
-Patch1: policycoreutils-po.patch.bz2
-Patch2: policycoreutils-gui.patch.bz2
Patch4: policycoreutils-initscript.patch
Patch5: policycoreutils-pam-common.patch
Patch6: policycoreutils-glibc217.patch
@@ -68,6 +66,9 @@
Requires: python-selinux
Requires: rpm
Requires: util-linux
+# we need selinuxenabled
+Requires(post): selinux-tools
+
%{?systemd_requires}
Recommends: %{name}-lang
@@ -92,9 +93,6 @@
%prep
%setup -q -a 1
-#%patch0 -p2
-%patch1 -p1
-%patch2 -p1
%patch4
%patch5
%patch6 -p2
@@ -132,7 +130,6 @@
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui
ln -sf %{_initddir}/restorecond %{buildroot}%{_sbindir}/rcrestorecond
-ln -sf %{_initddir}/sandbox %{buildroot}%{_sbindir}/rcsandbox
mkdir -p %{buildroot}/var/adm/fillup-templates/
mv %{buildroot}/%{_sysconfdir}/sysconfig/sandbox
%{buildroot}/var/adm/fillup-templates/sysconfig.sandbox
rmdir %{buildroot}/%{_sysconfdir}/sysconfig
@@ -180,6 +177,9 @@
%{_mandir}/man5/sandbox*
%{_mandir}/man8/semanage.8*
%{_mandir}/ru/man8/semanage.8*
+%dir %{_sysconfdir}/bash_completion.d
+%{_sysconfdir}/bash_completion.d/semanage-bash-completion.sh
+%{_sysconfdir}/bash_completion.d/setsebool-bash-completion.sh
%post python
selinuxenabled && [ -f %{_datadir}/selinux/devel/include/build.conf ] &&
%{_bindir}/sepolgen-ifgen 2>/dev/null
@@ -197,8 +197,6 @@
%files sandbox
%defattr(-,root,root,-)
-%{_initddir}/sandbox
-%{_sbindir}/rcsandbox
%attr(0755,root,root) %{_sbindir}/seunshare
%dir %{_datadir}/sandbox
%{_datadir}/sandbox/sandboxX.sh
@@ -206,21 +204,6 @@
/var/adm/fillup-templates/sysconfig.sandbox
%doc %{_mandir}/man8/seunshare.8*
-%post sandbox
-%fillup_and_insserv sandbox
-
-%preun sandbox
-if [ "$1" -eq "0" ]; then
-%stop_on_removal sandbox
-%insserv_cleanup
-fi
-
-%postun sandbox
-if [ "$1" -ge "1" ]; then
-%restart_on_update sandbox
-%insserv_cleanup
-fi
-
%package newrole
Summary:The newrole application for RBAC/MLS
Group: Productivity/Security
@@ -262,16 +245,16 @@
%defattr(-,root,root)
%{_bindir}/system-config-selinux
%{_bindir}/selinux-polgengui
-#%{_bindir}/sepolgen
+%{_bindir}/sepolgen
%{_datadir}/applications/selinux-polgengui.desktop
%{_datadir}/applications/system-config-selinux.desktop
%{_datadir}/pixmaps/system-config-selinux.png
-#%dir %{_datadir}/system-config-selin
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2012-12-19 11:51:41
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils", Maintainer is "vci...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2012-12-07 14:49:05.0 +0100
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2012-12-19 11:51:43.0 +0100
@@ -1,0 +2,5 @@
+Tue Dec 11 15:11:12 UTC 2012 - vci...@suse.com
+
+- added service unit for restorecond
+
+---
New:
restorecond.service
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.WFLVT7/_old 2012-12-19 11:51:45.0 +0100
+++ /var/tmp/diff_new_pack.WFLVT7/_new 2012-12-19 11:51:45.0 +0100
@@ -38,6 +38,7 @@
Source6:selinux-polgengui.desktop
Source7:selinux-polgengui.console
Source8:policycoreutils_man_ru2.tar.bz2
+Source9:restorecond.service
Patch1: policycoreutils-po.patch.bz2
Patch2: policycoreutils-gui.patch.bz2
Patch4: policycoreutils-initscript.patch
@@ -57,6 +58,9 @@
BuildRequires: pam-devel
BuildRequires: python-devel
BuildRequires: update-desktop-files
+%if 0%{?suse_version} > 1140
+BuildRequires: systemd
+%endif
Requires(pre): %insserv_prereq %fillup_prereq permissions
Requires: audit-libs-python
Requires: checkpolicy
@@ -64,6 +68,7 @@
Requires: python-selinux
Requires: rpm
Requires: util-linux
+%{?systemd_requires}
Recommends: %{name}-lang
%description
@@ -115,6 +120,9 @@
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}"
INITDIR="%{buildroot}%{_initddir}" install
make -C sepolgen-%{sepolgen_ver} DESTDIR="%{buildroot}"
LIBDIR="%{buildroot}%{_libdir}" install
install -D -m 644 %{SOURCE2}
%{buildroot}%{_datadir}/pixmaps/system-config-selinux.png
+%if 0%{?suse_version} > 1140
+install -D -m 0644 %SOURCE9 %{buildroot}/%{_unitdir}/restorecond.service
+%endif
install -m 644 %{SOURCE4}
%{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
install -m 644 %{SOURCE5}
%{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
@@ -293,6 +301,9 @@
%{_bindir}/semodule_link
%{_bindir}/semodule_package
%{_bindir}/semodule_unpackage
+%if 0%{?suse_version} > 1140
+%{_unitdir}/restorecond.service
+%endif
%config(noreplace) %{_sysconfdir}/pam.d/run_init
%config(noreplace) %{_sysconfdir}/sestatus.conf
%attr(755,root,root) %{_initddir}/restorecond
@@ -342,19 +353,33 @@
%files lang -f %{name}.lang
+%pre
+%if 0%{?suse_version} > 1140
+%service_add_pre restorecond.service
+%endif
+
%post
%fillup_and_insserv restorecond
+%if 0%{?suse_version} > 1140
+%service_add_post restorecond.service
+%endif
%preun
if [ "$1" -eq "0" ]; then
%stop_on_removal restorecond
%insserv_cleanup
fi
+%if 0%{?suse_version} > 1140
+%service_del_preun restorecond.service
+%endif
%postun
if [ "$1" -ge "1" ]; then
%restart_on_update restorecond
%insserv_cleanup
fi
+%if 0%{?suse_version} > 1140
+%service_del_postun restorecond.service
+%endif
%changelog
++ restorecond.service ++
[Unit]
Description=Restorecon maintaining path file context
After=syslog.target
ConditionPathExists=/etc/selinux/restorecond.conf
[Service]
Type=oneshot
ExecStart=/usr/sbin/restorecond
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2012-12-07 14:49:01
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils", Maintainer is "vci...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2012-11-19 14:00:24.0 +0100
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2012-12-07 14:49:05.0 +0100
@@ -1,0 +2,5 @@
+Wed Dec 5 13:41:33 UTC 2012 - vci...@suse.com
+
+- semanage needs python-xml and python-ipy to run
+
+---
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.eagVvs/_old 2012-12-07 14:49:07.0 +0100
+++ /var/tmp/diff_new_pack.eagVvs/_new 2012-12-07 14:49:07.0 +0100
@@ -138,12 +138,14 @@
Group: Productivity/Security
Requires: audit-libs-python >= %{libaudit_ver}
Requires: policycoreutils = %{version}
+Requires: python-ipy
Requires: python-selinux >= %{libselinux_ver}
Requires: python-semanage >= %{libsemanage_ver}
Requires: python-setools
+Requires: python-xml
%description python
-The policycoreutils-python package contains the management tools use to manage
an SELinux environment.
+The policycoreutils-python package contains the management tools used to
manage an SELinux environment.
%files python
%defattr(-,root,root,-)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2012-11-19 14:00:23
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils", Maintainer is "vci...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2012-08-10 19:02:51.0 +0200
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2012-11-19 14:00:24.0 +0100
@@ -1,0 +2,6 @@
+Sat Nov 17 06:58:05 UTC 2012 - a...@suse.de
+
+- Fix compilation with glibc 2.17 (add patch policycoreutils-glibc217.patch
+ extracted from Fedora)
+
+---
New:
policycoreutils-glibc217.patch
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.ize0wn/_old 2012-11-19 14:00:27.0 +0100
+++ /var/tmp/diff_new_pack.ize0wn/_new 2012-11-19 14:00:27.0 +0100
@@ -42,6 +42,7 @@
Patch2: policycoreutils-gui.patch.bz2
Patch4: policycoreutils-initscript.patch
Patch5: policycoreutils-pam-common.patch
+Patch6: policycoreutils-glibc217.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: audit-devel >= %{libaudit_ver}
BuildRequires: dbus-1-glib-devel
@@ -91,6 +92,7 @@
%patch2 -p1
%patch4
%patch5
+%patch6 -p2
# sleep 5
# touch po/policycoreutils.pot
# sleep 5
++ policycoreutils-glibc217.patch ++
diff --git a/policycoreutils/sandbox/seunshare.c
b/policycoreutils/sandbox/seunshare.c
index 3bb3c4b..d16e331 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -31,6 +31,12 @@
#include/* for context-mangling functions */
#include
+
+/*
+ * Note setfsuid never returns an error code. But the compiler complains if
+ * I do not check, so I am checking for -1, which should never happen.
+ */
+
#ifdef USE_NLS
#include /* for setlocale() */
#include/* for gettext() */
@@ -617,12 +623,15 @@ static int cleanup_tmpdir(const char *tmpdir, const char
*src,
free(cmdbuf); cmdbuf = NULL;
/* remove runtime temporary directory */
- setfsuid(0);
+ if (setfsuid(0) < 0)
+ rc++;
+
if (rmdir(tmpdir) == -1)
fprintf(stderr, _("Failed to remove directory %s: %s\n"),
tmpdir, strerror(errno));
- setfsuid(pwd->pw_uid);
+ if (setfsuid(pwd->pw_uid) < 0)
+ rc++;
- return 0;
+ return rc;
}
/**
@@ -642,7 +651,9 @@ static char *create_tmpdir(const char *src, struct stat
*src_st,
/* get selinux context */
if (execcon) {
- setfsuid(pwd->pw_uid);
+ if (setfsuid(pwd->pw_uid) < 0)
+ goto err;
+
if ((fd_s = open(src, O_RDONLY)) < 0) {
fprintf(stderr, _("Failed to open directory %s: %s\n"),
src, strerror(errno));
goto err;
@@ -661,7 +672,8 @@ static char *create_tmpdir(const char *src, struct stat
*src_st,
}
/* ok to not reach this if there is an error */
- setfsuid(0);
+ if (setfsuid(0) < 0)
+ goto err;
}
if (asprintf(&tmpdir, "/tmp/.sandbox-%s-XX", pwd->pw_name) == -1) {
@@ -716,14 +728,16 @@ static char *create_tmpdir(const char *src, struct stat
*src_st,
}
}
- setfsuid(pwd->pw_uid);
+ if (setfsuid(pwd->pw_uid) < 0)
+ goto err;
if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
goto err;
}
/* ok to not reach this if there is an error */
- setfsuid(0);
+ if (setfsuid(0) < 0)
+ goto err;
if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) {
fprintf(stderr, _("Failed to populate runtime temporary
directory\n"));
@@ -916,7 +930,8 @@ int main(int argc, char **argv) {
/* Changing fsuid is usually required when user-specified directory is
* on an NFS mount. It's also desired to avoid leaking info about
* existence of the files not accessible to the user. */
- setfsuid(uid);
+ if (setfsuid(uid) < 0)
+ return -1;
/* verify homedir and tmpdir */
if (homedir_s && (
@@ -925,7 +940,7 @@ int main(int argc, char **argv) {
if (tmpdir_s && (
verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 ||
check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1;
- setfsuid(0);
+ if (setfsuid(0) < 0) retur
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2012-08-10 19:02:49
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils", Maintainer is "vci...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2012-02-16 15:02:00.0 +0100
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2012-08-10 19:02:51.0 +0200
@@ -1,0 +2,7 @@
+Tue Aug 7 15:30:58 UTC 2012 - meiss...@suse.com
+
+- updated policycoreutils to 2.1.10
+ - adapated patches
+- updated sepolgen to 1.1.5
+
+---
Old:
policycoreutils-2.0.85.tar.bz2
policycoreutils-rhat.patch.bz2
policycoreutils-sepolgen.patch
policycoreutils-setup_py-prefix.patch
sepolgen-1.0.23.tar.bz2
New:
policycoreutils-2.1.10.tar.gz
sepolgen-1.1.5.tar.gz
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.n3y3mb/_old 2012-08-10 19:02:54.0 +0200
+++ /var/tmp/diff_new_pack.n3y3mb/_new 2012-08-10 19:02:54.0 +0200
@@ -17,20 +17,20 @@
%define libaudit_ver 1.4.2
-%define libsepol_ver 2.0.41
+%define libsepol_ver 2.1.4
%define libsemanage_ver 2.0.43
%define libselinux_ver 2.0.90
-%define sepolgen_ver 1.0.23
+%define sepolgen_ver 1.1.5
Name: policycoreutils
-Version:2.0.85
+Version:2.1.10
Release:0
-Url:http://www.nsa.gov/selinux/
+Url:http://userspace.selinuxproject.org/
Summary:SELinux policy core utilities
License:GPL-2.0+
Group: Productivity/Security
-Source: %{name}-%{version}.tar.bz2
-Source1:sepolgen-%{sepolgen_ver}.tar.bz2
+Source:
http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz
+Source1:
http://userspace.selinuxproject.org/releases/20120216/sepolgen-%{sepolgen_ver}.tar.gz
Source2:system-config-selinux.png
Source3:system-config-selinux.desktop
Source4:system-config-selinux.pam
@@ -38,13 +38,10 @@
Source6:selinux-polgengui.desktop
Source7:selinux-polgengui.console
Source8:policycoreutils_man_ru2.tar.bz2
-Patch0: policycoreutils-rhat.patch.bz2
Patch1: policycoreutils-po.patch.bz2
Patch2: policycoreutils-gui.patch.bz2
-Patch3: policycoreutils-sepolgen.patch
Patch4: policycoreutils-initscript.patch
Patch5: policycoreutils-pam-common.patch
-Patch6: policycoreutils-setup_py-prefix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: audit-devel >= %{libaudit_ver}
BuildRequires: dbus-1-glib-devel
@@ -60,12 +57,12 @@
BuildRequires: python-devel
BuildRequires: update-desktop-files
Requires(pre): %insserv_prereq %fillup_prereq permissions
-Requires: util-linux
-Requires: gawk
-Requires: rpm
+Requires: audit-libs-python
Requires: checkpolicy
+Requires: gawk
Requires: python-selinux
-Requires: audit-libs-python
+Requires: rpm
+Requires: util-linux
Recommends: %{name}-lang
%description
@@ -89,13 +86,11 @@
%prep
%setup -q -a 1
-%patch0 -p2
+#%patch0 -p2
%patch1 -p1
%patch2 -p1
-%patch3 -p1
%patch4
%patch5
-%patch6
# sleep 5
# touch po/policycoreutils.pot
# sleep 5
@@ -139,10 +134,10 @@
%package python
Summary:SELinux policy core python utilities
Group: Productivity/Security
+Requires: audit-libs-python >= %{libaudit_ver}
Requires: policycoreutils = %{version}
-Requires: python-semanage >= %{libsemanage_ver}
Requires: python-selinux >= %{libselinux_ver}
-Requires: audit-libs-python >= %{libaudit_ver}
+Requires: python-semanage >= %{libsemanage_ver}
Requires: python-setools
%description python
@@ -159,8 +154,8 @@
%{_bindir}/sepolgen-ifgen-attr-helper
%{python_sitearch}/seobject.py*
%{python_sitearch}/sepolgen
-%{python_sitearch}/%{name}
-%{python_sitearch}/%{name}*.egg-info
+#%{python_sitearch}/%{name}
+#%{python_sitearch}/%{name}*.egg-info
%dir /var/lib/sepolgen
%dir /var/lib/selinux
/var/lib/sepolgen/perm_map
@@ -170,6 +165,7 @@
%{_mandir}/man8/chcat.8*
%{_mandir}/ru/man8/chcat.8*
%{_mandir}/man8/sandbox.8*
+%{_mandir}/man5/sandbox*
%{_mandir}/man8/semanage.8*
%{_mandir}/ru/man8/semanage.8*
@@ -196,8 +192,7 @@
%{_datadir}/sandbox/sandboxX.sh
%{_datadir}/sandbox/start
/var/adm/fillup-templates/sysconfig.sandbox
-%doc %{_mandir}/man5/sandbox.conf.5.gz
-%doc %{_mandir}/man8/seunshare.8.gz
commit policycoreutils for openSUSE:Factory
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2012-02-16 15:00:36
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new (New)
Package is "policycoreutils", Maintainer is "vci...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2011-09-23 12:41:29.0 +0200
+++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes
2012-02-16 15:02:00.0 +0100
@@ -1,0 +2,27 @@
+Tue Feb 14 09:57:15 UTC 2012 - mvysko...@suse.cz
+
+- fix seceral rpmlint errors and warnings
+ * use /var/adm/fillup-template for sandbox
+ * don't use /var/lock/subsys in any of init script
+ * use set_permissions macro and add correct Requires(pre)
+ * fix the languages to new -lang package
+ * fix policycoreutils-sandbox Group
+ * remove runlevel 4 from inint scripts
+
+---
+Mon Feb 13 10:53:53 UTC 2012 - co...@suse.com
+
+- patch license to follow spdx.org standard
+
+---
+Mon Mar 14 15:16:51 UTC 2011 - prus...@opensuse.org
+
+- updated to 2.0.85
+ * changes too numerous to list
+
+---
+Fri Feb 4 00:09:42 UTC 2011 - toddrme2...@gmail.com
+
+- fix a typo in the package group
+
+---
Old:
policycoreutils-2.0.79.tar.bz2
policycoreutils-gnusource.patch
sandbox.init
sepolgen-1.0.19.tar.bz2
New:
policycoreutils-2.0.85.tar.bz2
sepolgen-1.0.23.tar.bz2
Other differences:
--
++ policycoreutils.spec ++
--- /var/tmp/diff_new_pack.kkWmZl/_old 2012-02-16 15:02:01.0 +0100
+++ /var/tmp/diff_new_pack.kkWmZl/_new 2012-02-16 15:02:01.0 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package policycoreutils (Version 2.0.79)
+# spec file for package policycoreutils
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,21 +15,20 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
%define libaudit_ver 1.4.2
%define libsepol_ver 2.0.41
%define libsemanage_ver 2.0.43
%define libselinux_ver 2.0.90
-%define sepolgen_ver 1.0.19
+%define sepolgen_ver 1.0.23
Name: policycoreutils
-Version:2.0.79
-Release:4
+Version:2.0.85
+Release:0
Url:http://www.nsa.gov/selinux/
-License:GPLv2+
-Group: Productivity/Security
Summary:SELinux policy core utilities
+License:GPL-2.0+
+Group: Productivity/Security
Source: %{name}-%{version}.tar.bz2
Source1:sepolgen-%{sepolgen_ver}.tar.bz2
Source2:system-config-selinux.png
@@ -39,7 +38,6 @@
Source6:selinux-polgengui.desktop
Source7:selinux-polgengui.console
Source8:policycoreutils_man_ru2.tar.bz2
-Source9:sandbox.init
Patch0: policycoreutils-rhat.patch.bz2
Patch1: policycoreutils-po.patch.bz2
Patch2: policycoreutils-gui.patch.bz2
@@ -47,17 +45,28 @@
Patch4: policycoreutils-initscript.patch
Patch5: policycoreutils-pam-common.patch
Patch6: policycoreutils-setup_py-prefix.patch
-Patch7: policycoreutils-gnusource.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-BuildRequires: gettext libcap-devel pam-devel python-devel
update-desktop-files
-BuildRequires: libsepol-devel-static >= %{libsepol_ver}
-BuildRequires: libsemanage-devel >= %{libsemanage_ver}
-BuildRequires: libselinux-devel >= %{libselinux_ver}
BuildRequires: audit-devel >= %{libaudit_ver}
-BuildRequires: libcap-ng-devel
BuildRequires: dbus-1-glib-devel
-PreReq: %insserv_prereq %fillup_prereq permissions
-Requires: util-linux gawk rpm checkpolicy python-selinux
audit-libs-python
+BuildRequires: fdupes
+BuildRequires: gettext
+BuildRequires: libcap-devel
+BuildRequires: libcap-ng-devel
+BuildRequires: libcgroup-devel
+BuildRequires: libselinux-devel >= %{libselinux_ver}
+BuildRequires: libsemanage-devel >= %{libsemanage_ver}
+BuildRequires: libsepol-devel-static >= %{libsepol_ver}
+BuildRequires: pam-devel
+BuildRequires: python-devel
+BuildRequires: update-desktop-files
+Requires(pre): %insserv_prereq %fillup_prereq permissions
+Requires: util-linux
+Requires:
