commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2020-10-06 17:08:16 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new.4249 (New) Package is "policycoreutils" Tue Oct 6 17:08:16 2020 rev:56 rq:835124 version:3.1 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2020-06-05 20:08:40.161437663 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new.4249/policycoreutils.changes 2020-10-06 17:10:10.165478520 +0200 @@ -1,0 +2,39 @@ +Thu Sep 10 09:00:45 UTC 2020 - Johannes Segitz + +- Add get_os_version.patch + get_os_version is implemented in a very RH/Fedora specific way. + Ensure that it returns a valid string for SUSE by changing the + default. Also remove the RH specific logic when generating HTML + versions of the SELinux documentation + +--- +Wed Jul 29 13:09:39 UTC 2020 - Thorsten Kukuk + +- Align more with Fedora spec file to get rid of python dependencies + in the core system + - create new python-utils sub-package + - move some tools to devel sub-package +- Cleanup dependencies + +--- +Fri Jul 17 09:35:08 UTC 2020 - Johannes Segitz + +- Proper default permissions for newrole (4755) + +--- +Tue Jul 14 08:28:44 UTC 2020 - Johannes Segitz + +- Update to version 3.1 + * New `setfiles -E` option - treat conflicting specifications as errors, such +as where two hardlinks for the same inode have different contexts. + * `setsebool -V` reports errors from commit phase + * matchpathcon related interfaces are deprecated + * New `restorecon -x` option which prevents it from crossing file system + * boundaries. + * `sepolgen-ifgen` parses a gen_tunable statement as bool + * Removed Requires for python3-ipy as the ipaddress module is used. No +requires for python-ipaddress as it's assumed this is used only on recent +systems + * Drop chcat_join.patch, is upstream + +--- Old: chcat_join.patch policycoreutils-3.0.tar.gz selinux-python-3.0.tar.gz semodule-utils-3.0.tar.gz New: get_os_version.patch policycoreutils-3.1.tar.gz selinux-python-3.1.tar.gz semodule-utils-3.1.tar.gz Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.grMClM/_old 2020-10-06 17:10:20.737487651 +0200 +++ /var/tmp/diff_new_pack.grMClM/_new 2020-10-06 17:10:20.745487658 +0200 @@ -17,13 +17,13 @@ %define libaudit_ver 2.2 -%define libsepol_ver 3.0 -%define libsemanage_ver 3.0 -%define libselinux_ver 3.0 +%define libsepol_ver 3.1 +%define libsemanage_ver 3.1 +%define libselinux_ver 3.1 %define setools_ver 4.1.1 -%define tstamp 20191204 +%define tstamp 20200710 Name: policycoreutils -Version:3.0 +Version:3.1 Release:0 Summary:SELinux policy core utilities License:GPL-2.0-or-later @@ -41,7 +41,7 @@ Source9:newrole.pam Patch0: make_targets.patch Patch1: run_init_use_pam_keyinit.patch -Patch2: chcat_join.patch +Patch2: get_os_version.patch BuildRequires: audit-devel >= %{libaudit_ver} BuildRequires: bison BuildRequires: dbus-1-glib-devel @@ -61,25 +61,13 @@ BuildRequires: python-rpm-macros BuildRequires: python3 BuildRequires: python3-setools >= %{setools_ver} -BuildRequires: systemd-rpm-macros BuildRequires: update-desktop-files BuildRequires: xmlto -Requires: checkpolicy Requires: gawk Requires: libsepol1 >= %{libsepol_ver} -Requires: python3-%{name} -Requires: python3-ipy -Requires: python3-networkx -Requires: python3-selinux -Requires: python3-semanage Requires: rpm +Requires: selinux-tools Requires: util-linux -# we need selinuxenabled -Requires(post): selinux-tools -Requires(pre): %fillup_prereq -Requires(pre): permissions -Obsoletes: policycoreutils-python -%{?systemd_requires} %description policycoreutils contains the policy core utilities that are required @@ -102,15 +90,28 @@ Requires: checkpolicy Requires: python3-audit >= %{libaudit_ver} Requires: python3-selinux +Requires: python3-semanage Requires: python3-setools >= %{setools_ver} Requires: python3-setuptools Provides: policycoreutils-python = %{version}-%{release} Obsoletes: policycoreutils-python < %{version} +BuildArch: noarch %d
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2020-06-05 20:04:49 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new.3606 (New) Package is "policycoreutils" Fri Jun 5 20:04:49 2020 rev:55 rq:811387 version:3.0 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2020-03-11 18:34:21.942973009 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new.3606/policycoreutils.changes 2020-06-05 20:08:40.161437663 +0200 @@ -1,0 +2,14 @@ +Thu Jun 4 10:13:21 UTC 2020 - Dominique Leuenberger + +- Pass the right value for LIBEXECDIR to make / make install + instead of trying to move the file around post install. This + caters for the planned change of libexecdir to change from + /usr/lib to /usr/libexec by injecting the right value no matter + what. + +--- +Fri May 29 09:29:26 UTC 2020 - Johannes Segitz + +- Move pp binary to libexec directory instead of lib + +--- Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.9xmoh4/_old 2020-06-05 20:08:42.229444559 +0200 +++ /var/tmp/diff_new_pack.9xmoh4/_new 2020-06-05 20:08:42.229444559 +0200 @@ -167,7 +167,7 @@ %build export PYTHON="python3" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" -make %{?_smp_mflags} +make %{?_smp_mflags} LIBEXECDIR="%{_libexecdir}" %install export PYTHON="python3" @@ -179,7 +179,7 @@ mkdir -p %{buildroot}%{_mandir}/man8 mkdir -p %{buildroot}%{_sysconfdir}/pam.d mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps -make LSPP_PRIV=y DESTDIR=%{buildroot} install +make LSPP_PRIV=y DESTDIR=%{buildroot} install LIBEXECDIR=%{_libexecdir} install -D -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps/system-config-selinux.png install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui @@ -192,7 +192,6 @@ mkdir -p %{buildroot}%{_libexecdir}/selinux/hll/ mkdir -p %{buildroot}%{_localstatedir}/lib/sepolgen cp %{python3_sitearch}/setools/perm_map %{buildroot}%{_localstatedir}/lib/sepolgen -mv %{buildroot}%{_prefix}/libexec/selinux/hll/pp %{buildroot}%{_libexecdir}/selinux/hll/pp %suse_update_desktop_file -i system-config-selinux System Security Settings %suse_update_desktop_file -i selinux-polgengui System Security Settings %find_lang %{name} @@ -239,9 +238,9 @@ %{_sbindir}/semanage %{_sbindir}/fixfiles %{_sbindir}/load_policy +%dir %{_localstatedir}/lib/sepolgen %dir %{_libexecdir}/selinux %dir %{_libexecdir}/selinux/hll -%dir %{_localstatedir}/lib/sepolgen %{_libexecdir}/selinux/hll/pp %{_sbindir}/genhomedircon %{_sbindir}/setsebool
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2020-03-11 18:33:33 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new.3160 (New) Package is "policycoreutils" Wed Mar 11 18:33:33 2020 rev:54 rq:782826 version:3.0 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2019-12-24 14:29:17.690556343 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new.3160/policycoreutils.changes 2020-03-11 18:34:21.942973009 +0100 @@ -1,0 +2,32 @@ +Mon Mar 9 08:31:11 UTC 2020 - Johannes Segitz + +- Dropped Recommends: for %{name}-lang and %{name}-devel. Not + allowed by openSUSE guidelines + +--- +Tue Mar 3 12:30:55 UTC 2020 - Johannes Segitz + +- Update to version 3.0 + * fixfiles: Fix "verify" option + * fixfiles: Fix [-B] [-F] onboot + * fixfiles: Force full relabel when SELinux is disabled + * semodule: Enable CIL logging + * semanage: Add support for DCCP and SCTP protocols + * semanage: Do not use default s0 range in "semanage login -a" + * semanage: Document DCCP and SCTP support + * semanage: Improve handling of "permissive" statements + * semanage: fix moduleRecords.customized() + Refreshed chcat_join.patch + +--- +Thu Feb 27 16:03:36 UTC 2020 - Johannes Segitz + +- Ship working pam config for newrole (bsc#1163020) +- Recommend policycoreutils-devel to have perm_map file available + +--- +Wed Feb 19 14:31:39 UTC 2020 - Johannes Segitz + +- Package perm_map as it's used by audit2* tools + +--- Old: policycoreutils-2.9.tar.gz selinux-python-2.9.tar.gz semodule-utils-2.9.tar.gz New: newrole.pam policycoreutils-3.0.tar.gz selinux-python-3.0.tar.gz semodule-utils-3.0.tar.gz Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.U20k7w/_old 2020-03-11 18:34:24.370974499 +0100 +++ /var/tmp/diff_new_pack.U20k7w/_new 2020-03-11 18:34:24.370974499 +0100 @@ -1,7 +1,7 @@ # # spec file for package policycoreutils # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,13 +17,13 @@ %define libaudit_ver 2.2 -%define libsepol_ver 2.9 -%define libsemanage_ver 2.9 -%define libselinux_ver 2.9 +%define libsepol_ver 3.0 +%define libsemanage_ver 3.0 +%define libselinux_ver 3.0 %define setools_ver 4.1.1 -%define tstamp 20190315 +%define tstamp 20191204 Name: policycoreutils -Version:2.9 +Version:3.0 Release:0 Summary:SELinux policy core utilities License:GPL-2.0-or-later @@ -38,6 +38,7 @@ Source6:selinux-polgengui.desktop Source7:selinux-polgengui.console Source8: https://github.com/SELinuxProject/selinux/releases/download/%{tstamp}/semodule-utils-%{version}.tar.gz +Source9:newrole.pam Patch0: make_targets.patch Patch1: run_init_use_pam_keyinit.patch Patch2: chcat_join.patch @@ -59,6 +60,7 @@ BuildRequires: polkit BuildRequires: python-rpm-macros BuildRequires: python3 +BuildRequires: python3-setools >= %{setools_ver} BuildRequires: systemd-rpm-macros BuildRequires: update-desktop-files BuildRequires: xmlto @@ -76,7 +78,6 @@ Requires(post): selinux-tools Requires(pre): %fillup_prereq Requires(pre): permissions -Recommends: %{name}-lang Obsoletes: policycoreutils-python %{?systemd_requires} @@ -190,6 +191,7 @@ mkdir -p %{buildroot}%{_fillupdir}/ mkdir -p %{buildroot}%{_libexecdir}/selinux/hll/ mkdir -p %{buildroot}%{_localstatedir}/lib/sepolgen +cp %{python3_sitearch}/setools/perm_map %{buildroot}%{_localstatedir}/lib/sepolgen mv %{buildroot}%{_prefix}/libexec/selinux/hll/pp %{buildroot}%{_libexecdir}/selinux/hll/pp %suse_update_desktop_file -i system-config-selinux System Security Settings %suse_update_desktop_file -i selinux-polgengui System Security Settings @@ -207,6 +209,7 @@ %{buildroot}%{_datadir}/applications/system-config-selinux.desktop \ %{buildroot}%{_datadir}/pixmaps/system-config-selinux.png %endif +cp -f %{SOURCE9} %{buildroot}%{_sysconfdir}/pam.d/newrole %post -n python3-%{name} selinuxenabled && [ -f %{_datadir}/selinux/devel/include/build.conf ] && %{_bindir}/sepolgen-ifgen 2>
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2019-12-24 14:29:14 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new.6675 (New) Package is "policycoreutils" Tue Dec 24 14:29:14 2019 rev:53 rq:757540 version:2.9 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2019-09-25 01:46:13.733604624 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new.6675/policycoreutils.changes 2019-12-24 14:29:17.690556343 +0100 @@ -1,0 +2,6 @@ +Tue Dec 17 10:36:49 UTC 2019 - Johannes Segitz + +- Added chcat_join.patch to prevent joining non-existing categories + (bsc#1159262) + +--- New: chcat_join.patch Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.cDfUcg/_old 2019-12-24 14:29:18.594556781 +0100 +++ /var/tmp/diff_new_pack.cDfUcg/_new 2019-12-24 14:29:18.594556781 +0100 @@ -40,6 +40,7 @@ Source8: https://github.com/SELinuxProject/selinux/releases/download/%{tstamp}/semodule-utils-%{version}.tar.gz Patch0: make_targets.patch Patch1: run_init_use_pam_keyinit.patch +Patch2: chcat_join.patch BuildRequires: audit-devel >= %{libaudit_ver} BuildRequires: bison BuildRequires: dbus-1-glib-devel @@ -159,6 +160,7 @@ semodule_utils_pwd="$PWD/semodule-utils-%{version}" %patch0 -p1 %patch1 -p1 +%patch2 -p1 mv ${setools_python_pwd}/audit2allow ${setools_python_pwd}/chcat ${setools_python_pwd}/semanage ${setools_python_pwd}/sepolgen ${setools_python_pwd}/sepolicy . mv ${semodule_utils_pwd}/semodule_expand ${semodule_utils_pwd}/semodule_link ${semodule_utils_pwd}/semodule_package . ++ chcat_join.patch ++ Index: policycoreutils-2.9/selinux-python-2.9/chcat/chcat === --- policycoreutils-2.9.orig/selinux-python-2.9/chcat/chcat 2019-03-15 10:32:30.0 + +++ policycoreutils-2.9/selinux-python-2.9/chcat/chcat 2019-12-17 10:31:24.683910599 + @@ -246,7 +246,10 @@ def chcat_user_replace(newcat, users): add_ind = 1 user = seusers["__default__"] serange = user[1].split("-") -new_serange = "%s-%s:%s" % (serange[0], newcat[0], ",".join(newcat[1:])) +if len(newcat[1:]) > 0: +new_serange = "%s-%s:%s" % (serange[0], newcat[0], ",".join(newcat[1:])) +else: +new_serange = "%s-%s" % (serange[0], newcat[0]) if new_serange[-1:] == ":": new_serange = new_serange[:-1]
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2019-09-25 01:46:12 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new.7948 (New) Package is "policycoreutils" Wed Sep 25 01:46:12 2019 rev:52 rq:731857 version:2.9 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2019-05-03 22:23:33.483936738 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new.7948/policycoreutils.changes 2019-09-25 01:46:13.733604624 +0200 @@ -1,0 +2,6 @@ +Wed Sep 18 11:19:12 UTC 2019 - Johannes Segitz + +- Added run_init_use_pam_keyinit.patch + Added pam_keyinit to the run_init pam config (bsc#1144052) + +--- New: run_init_use_pam_keyinit.patch Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.0XgOjO/_old 2019-09-25 01:46:14.921604607 +0200 +++ /var/tmp/diff_new_pack.0XgOjO/_new 2019-09-25 01:46:14.925604606 +0200 @@ -39,6 +39,7 @@ Source7:selinux-polgengui.console Source8: https://github.com/SELinuxProject/selinux/releases/download/%{tstamp}/semodule-utils-%{version}.tar.gz Patch0: make_targets.patch +Patch1: run_init_use_pam_keyinit.patch BuildRequires: audit-devel >= %{libaudit_ver} BuildRequires: bison BuildRequires: dbus-1-glib-devel @@ -157,6 +158,7 @@ setools_python_pwd="$PWD/selinux-python-%{version}" semodule_utils_pwd="$PWD/semodule-utils-%{version}" %patch0 -p1 +%patch1 -p1 mv ${setools_python_pwd}/audit2allow ${setools_python_pwd}/chcat ${setools_python_pwd}/semanage ${setools_python_pwd}/sepolgen ${setools_python_pwd}/sepolicy . mv ${semodule_utils_pwd}/semodule_expand ${semodule_utils_pwd}/semodule_link ${semodule_utils_pwd}/semodule_package . ++ run_init_use_pam_keyinit.patch ++ Index: policycoreutils-2.9/run_init/run_init.pamd === --- policycoreutils-2.9.orig/run_init/run_init.pamd 2019-03-15 10:32:30.0 + +++ policycoreutils-2.9/run_init/run_init.pamd 2019-09-18 11:18:44.590723544 + @@ -6,3 +6,4 @@ accountinclude system-auth password include system-auth sessioninclude system-auth sessionoptionalpam_xauth.so +sessionoptional pam_keyinit.so revoke [force]
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2019-05-03 22:23:32 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new.5148 (New) Package is "policycoreutils" Fri May 3 22:23:32 2019 rev:51 rq:699822 version:2.9 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2019-03-24 14:55:36.763210864 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new.5148/policycoreutils.changes 2019-05-03 22:23:33.483936738 +0200 @@ -48,0 +49,5 @@ +Tue Feb 5 15:27:55 UTC 2019 - Jan Engelhardt + +- Replace overly complicated %setup calls. + +--- Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.npjiP5/_old 2019-05-03 22:23:34.111934192 +0200 +++ /var/tmp/diff_new_pack.npjiP5/_new 2019-05-03 22:23:34.111934192 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -153,11 +153,9 @@ %endif %prep -%setup -q -T -D -b 1 -n selinux-python-%{version} -setools_python_pwd=`pwd` -%setup -q -T -D -b 8 -n semodule-utils-%{version} -semodule_utils_pwd=`pwd` -%setup -q +%setup -q -a1 -a8 +setools_python_pwd="$PWD/selinux-python-%{version}" +semodule_utils_pwd="$PWD/semodule-utils-%{version}" %patch0 -p1 mv ${setools_python_pwd}/audit2allow ${setools_python_pwd}/chcat ${setools_python_pwd}/semanage ${setools_python_pwd}/sepolgen ${setools_python_pwd}/sepolicy . mv ${semodule_utils_pwd}/semodule_expand ${semodule_utils_pwd}/semodule_link ${semodule_utils_pwd}/semodule_package .
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2019-03-24 14:55:34 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new.25356 (New) Package is "policycoreutils" Sun Mar 24 14:55:34 2019 rev:50 rq:687220 version:2.9 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2019-02-14 14:35:54.347583323 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new.25356/policycoreutils.changes 2019-03-24 14:55:36.763210864 +0100 @@ -1,0 +2,41 @@ +Wed Mar 20 15:16:54 UTC 2019 - jseg...@suse.com + +- Update to version 2.9 + * secon: free scon_trans before returning + * audit2allow/sepolgen-ifgen: show errors on stderr + * audit2allow: allow using audit2why as non-root user + * chcat: use check_call instead of getstatusoutput + * restorecon: add force option + * semanage module: Fix handling of -a/-e/-d/-r options + * semanage/seobject: Fix listing boolean values + * semanage: Drop python shebang from seobject.py + * semanage: Fix logger class definition + * semanage: Include MCS/MLS range when exporting local customizations + * semanage: Load a store policy and set the store SELinux policy root + * semanage: Start exporting "ibendport" and "ibpkey" entries + * semanage: Stop logging loginRecords changes + * semanage: Stop rejecting aliases in semanage commands + * semanage: Use standard argparse.error() method in handlePermissive + * semanage: do not show "None" levels when using a non-MLS policy + * semanage: import sepolicy only when it's needed + * semanage: move valid_types initialisations to class constructors + * sepolgen: close /etc/selinux/sepolgen.conf after parsing it + * sepolgen: fix access vector initialization + * sepolgen: fix refpolicy parsing of "permissive" + * sepolgen: print all AV rules correctly + * sepolgen: refpolicy installs its Makefile in include/Makefile + * sepolgen: return NotImplemented instead of raising it + * sepolgen: silence linter warning about has_key + * sepolgen: use self when accessing members in FilesystemUse + * sepolicy: Add sepolicy.load_store_policy(store) + * sepolicy: Make policy files sorting more robust + * sepolicy: Stop rejecting aliases in sepolicy commands + * sepolicy: Update to work with setools-4.2.0 + * sepolicy: add missing % in network tab help text + * sepolicy: initialize mislabeled_files in __init__() + * sepolicy: search() also for dontaudit rules + * add xperms support to audit2allow + * replace aliases with corresponding type names +- Dropped python3.patch, upstream now + +--- Old: policycoreutils-2.8.tar.gz python3.patch selinux-python-2.8.tar.gz semodule-utils-2.8.tar.gz New: policycoreutils-2.9.tar.gz selinux-python-2.9.tar.gz semodule-utils-2.9.tar.gz Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.3M3mrL/_old 2019-03-24 14:55:37.447210792 +0100 +++ /var/tmp/diff_new_pack.3M3mrL/_new 2019-03-24 14:55:37.447210792 +0100 @@ -17,19 +17,19 @@ %define libaudit_ver 2.2 -%define libsepol_ver 2.8 -%define libsemanage_ver 2.8 -%define libselinux_ver 2.8 +%define libsepol_ver 2.9 +%define libsemanage_ver 2.9 +%define libselinux_ver 2.9 %define setools_ver 4.1.1 -%define tstamp 20180524 +%define tstamp 20190315 Name: policycoreutils -Version:2.8 +Version:2.9 Release:0 Summary:SELinux policy core utilities License:GPL-2.0-or-later Group: Productivity/Security URL:https://github.com/SELinuxProject/selinux -Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/%{tstamp}/%{name}-%{version}.tar.gz +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{tstamp}/%{name}-%{version}.tar.gz Source1: https://github.com/SELinuxProject/selinux/releases/download/%{tstamp}/selinux-python-%{version}.tar.gz Source2:system-config-selinux.png Source3:system-config-selinux.desktop @@ -39,7 +39,6 @@ Source7:selinux-polgengui.console Source8: https://github.com/SELinuxProject/selinux/releases/download/%{tstamp}/semodule-utils-%{version}.tar.gz Patch0: make_targets.patch -Patch1: python3.patch BuildRequires: audit-devel >= %{libaudit_ver} BuildRequires: bison BuildRequires: dbus-1-glib-devel @@ -162,7 +161,6 @@ %patch0 -p1 mv ${setools_python_pwd}/audit2allow ${setools_python_pwd}/chcat ${setools_python_pwd}/semanage ${setools_python_pwd}/sepolgen ${setools_p
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2019-02-14 14:35:31 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new.28833 (New) Package is "policycoreutils" Thu Feb 14 14:35:31 2019 rev:49 rq:674671 version:2.8 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2019-02-06 14:06:38.970657659 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new.28833/policycoreutils.changes 2019-02-14 14:35:54.347583323 +0100 @@ -1,0 +2,6 @@ +Wed Feb 13 12:21:50 UTC 2019 - jseg...@suse.com + +- Make sure current devel package conflicts with old + policycoreutils-python (bsc#1124437) + +--- @@ -4,0 +11,5 @@ + +--- +Thu Jan 31 10:19:44 UTC 2019 - Bernhard Wiedemann + +- Fix build with python 3.7 Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.CIHsAM/_old 2019-02-14 14:35:55.487582808 +0100 +++ /var/tmp/diff_new_pack.CIHsAM/_new 2019-02-14 14:35:55.491582807 +0100 @@ -114,6 +114,7 @@ Group: Productivity/Security Requires: %{_bindir}/make Requires: python3-%{name} = %{version}-%{release} +Conflicts: %{name}-python <= 2.6 %description devel The policycoreutils-devel package contains the management tools use to develop policy in an SELinux environment.
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2019-02-06 14:06:34 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new.28833 (New) Package is "policycoreutils" Wed Feb 6 14:06:34 2019 rev:48 rq:671816 version:2.8 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2019-01-21 10:55:29.039647015 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new.28833/policycoreutils.changes 2019-02-06 14:06:38.970657659 +0100 @@ -1,0 +2,5 @@ +Mon Feb 4 08:30:53 UTC 2019 - jseg...@suse.com + +- Removed hardcoded python 3.6 path from spec file + +--- Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.feQ6qy/_old 2019-02-06 14:06:39.578657549 +0100 +++ /var/tmp/diff_new_pack.feQ6qy/_new 2019-02-06 14:06:39.578657549 +0100 @@ -258,7 +258,7 @@ %{_datadir}/bash-completion/completions/* %files -n python3-%{name} -%{_libexecdir}/python3.6/site-packages/* +%{python3_sitelib}/* %dir %{_localstatedir}/lib/selinux %files lang -f %{name}.lang
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2019-01-21 10:55:17 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new.28833 (New) Package is "policycoreutils" Mon Jan 21 10:55:17 2019 rev:47 rq:666183 version:2.8 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2018-05-04 11:30:21.201887064 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new.28833/policycoreutils.changes 2019-01-21 10:55:29.039647015 +0100 @@ -1,0 +2,69 @@ +Fri Jan 11 14:18:32 UTC 2019 - jseg...@suse.com + +- Required python3-policycoreutils instead of just recommending it + for policycoreutils (bsc#1121455) +- Added requires for python3-setuptools to python3-policycoreutils + (bsc#1121455) +- Removed requires for audit-libs-python from policycoreutils + (bsc#1121455) + +--- +Mon Jan 7 14:32:58 UTC 2019 - Marcus Rueckert + +- properly obsolete/provides for policycoreutils-python +- remove unneeded obsolete from the devel package + +--- +Fri Dec 7 15:08:14 UTC 2018 - jseg...@suse.com + +- Don't require selinux-policy-devel for the devel package + +--- +Fri Dec 7 13:10:50 UTC 2018 - jseg...@suse.com + +- Obsolete policycoreutils-python in policycoreutils and + policycoreutils-devel to prevent file conflicts + +--- +Wed Nov 21 15:58:16 UTC 2018 - jseg...@suse.com + +- Included content of selinux-python-2.8 and semodule-utils-2.8. + I think it's easier to have all the relevant binaries in the + policycoreutils package (bsc#1116596). + Added make_targets.patch for this +- Removed restorecond, is now a separate package +- Added python3.patch to use python3 interpreter +- New runtime requires: + * libsepol1 + * python3-ipy + * python3-networkx + * python3-semanage +- Provides and obsolete policycoreutils-python + +--- +Thu Nov 8 07:19:24 UTC 2018 - jseg...@suse.com + +- Adjusted source urls (bsc#1115052) + +--- +Wed Oct 17 11:58:44 UTC 2018 - jseg...@suse.com + +- Update to version 2.8 (bsc#732) + For changes please see + https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt + +--- +Wed May 16 07:26:07 UTC 2018 - mc...@suse.com + +- Rebase to 2.7 + * Rather large rewrite of the SPEC file + * Significantly, support for python2 removed + For changes please see + https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt +- Dropped patches: + * policycoreutils-initscript.patch + * policycoreutils-pam-common.patch + * loadpolicy_path.patch + * CVE-2018-1063.patch + +--- Old: CVE-2018-1063.patch loadpolicy_path.patch policycoreutils-2.6.tar.gz policycoreutils-initscript.patch policycoreutils-pam-common.patch policycoreutils_man_ru2.tar.bz2 sepolgen-2.6.tar.gz New: make_targets.patch policycoreutils-2.8.tar.gz python3.patch selinux-python-2.8.tar.gz semodule-utils-2.8.tar.gz Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.vtw0iB/_old 2019-01-21 10:55:32.035643412 +0100 +++ /var/tmp/diff_new_pack.vtw0iB/_new 2019-01-21 10:55:32.035643412 +0100 @@ -1,7 +1,7 @@ # # spec file for package policycoreutils # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,39 +17,37 @@ %define libaudit_ver 2.2 -%define libsepol_ver 2.6 -%define libsemanage_ver 2.6 -%define libselinux_ver 2.6 -%define sepolgen_ver 2.6 -#Compat macro for new _fillupdir macro introduced in Nov 2017 -%if ! %{defined _fillupdir} - %define _fillupdir %{_localstatedir}/adm/fillup-templates -%endif +%define libsepol_ver 2.8 +%define libsemanage_ver 2.8 +%define libselinux_ver 2.8 +%define setools_ver 4.1.1 +%define tstamp 20180524 Name: policycoreutils -Version:2.6 +Version:2.8 Release:0 Summary:SELinux policy core utilities License:GPL-2.0-or-later
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2018-05-04 11:30:18 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils" Fri May 4 11:30:18 2018 rev:46 rq:603576 version:2.6 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2018-04-26 13:38:48.210382117 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2018-05-04 11:30:21.201887064 +0200 @@ -1,0 +2,14 @@ +Mon Apr 30 11:24:50 UTC 2018 - dims...@opensuse.org + +- Don't build policycoreutils-gui for anything suse_version >= + 1500: there is no reason te believe that SLE16 will have those + old, depreacted dependencies back. Fixes also the issues for + Tumbleweed, where -gui was not installable. + +--- +Thu Apr 26 11:37:36 UTC 2018 - jseg...@suse.com + +- SLE 15 doesn't have the necessary files for policycoreutils-gui, + don't build it there + +--- Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.qSxwUV/_old 2018-05-04 11:30:22.009857419 +0200 +++ /var/tmp/diff_new_pack.qSxwUV/_new 2018-05-04 11:30:22.009857419 +0200 @@ -124,6 +124,7 @@ RBAC/MLS policy machines require newrole as a way of changing the role or level of a logged-in user. +%if 0%{?suse_version} < 1500 %package gui Summary:SELinux configuration GUI Group: Productivity/Security @@ -135,6 +136,7 @@ %description gui system-config-selinux is a utility for managing the SELinux environment. +%endif %prep %setup -q -a 1 @@ -178,6 +180,9 @@ %suse_update_desktop_file -i selinux-polgengui System Security Settings %find_lang %{name} %fdupes -s %{buildroot}/%{_datadir} +%if 0%{?suse_version} >= 1500 +rm %{buildroot}/etc/dbus-1/system.d/org.selinux.conf %{buildroot}/etc/pam.d/selinux-polgengui %{buildroot}/etc/pam.d/system-config-selinux %{buildroot}/etc/security/console.apps/selinux-polgengui %{buildroot}/etc/security/console.apps/system-config-selinux %{buildroot}/usr/bin/selinux-polgengui %{buildroot}/usr/bin/sepolgen %{buildroot}/usr/bin/system-config-selinux %{buildroot}/usr/share/applications/selinux-polgengui.desktop %{buildroot}/usr/share/applications/sepolicy.desktop %{buildroot}/usr/share/applications/system-config-selinux.desktop %{buildroot}/usr/share/icons/hicolor/16x16/apps/sepolicy.png %{buildroot}/usr/share/icons/hicolor/22x22/apps/sepolicy.png %{buildroot}/usr/share/icons/hicolor/24x24/apps/system-config-selinux.png %{buildroot}/usr/share/icons/hicolor/256x256/apps/sepolicy.png %{buildroot}/usr/share/icons/hicolor/32x32/apps/sepolicy.png %{buildroot}/usr/share/icons/hicolor/48x48/apps/sepolicy.png %{buildroot}/usr/share/man/man8/selinux-polgengui.8 %{buildroot}/usr/share/pixmaps/sepolicy.png %{buildroot}/usr/share/pixmaps/system-config-selinux.png %{buildroot}/usr/share/polkit-1/actions/org.selinux.config.policy %{buildroot}/usr/share/polkit-1/actions/org.selinux.policy %{buildroot}/usr/share/system-config-selinux/booleansPage.py %{buildroot}/usr/share/system-config-selinux/domainsPage.py %{buildroot}/usr/share/system-config-selinux/fcontextPage.py %{buildroot}/usr/share/system-config-selinux/html_util.py %{buildroot}/usr/share/system-config-selinux/loginsPage.py %{buildroot}/usr/share/system-config-selinux/mappingsPage.py %{buildroot}/usr/share/system-config-selinux/modulesPage.py %{buildroot}/usr/share/system-config-selinux/polgen.glade %{buildroot}/usr/share/system-config-selinux/polgengui.py %{buildroot}/usr/share/system-config-selinux/portsPage.py %{buildroot}/usr/share/system-config-selinux/selinux-polgengui.desktop %{buildroot}/usr/share/system-config-selinux/selinux_server.py %{buildroot}/usr/share/system-config-selinux/semanagePage.py %{buildroot}/usr/share/system-config-selinux/sepolicy.desktop %{buildroot}/usr/share/system-config-selinux/statusPage.py %{buildroot}/usr/share/system-config-selinux/system-config-selinux.desktop %{buildroot}/usr/share/system-config-selinux/system-config-selinux.glade %{buildroot}/usr/share/system-config-selinux/system-config-selinux.png %{buildroot}/usr/share/system-config-selinux/system-config-selinux.py %{buildroot}/usr/share/system-config-selinux/usersPage.py %{buildroot}/usr/share/man/man8/system-config-selinux.8 +%endif %pre %service_add_pre restorecond.service @@ -320,6 +325,7 @@ %{_mandir}/man1/newrole.1%{?ext_man} %config(noreplace) %{_sysconfdir}/pam.d/newrole +%if 0%{?suse_version} < 1500 %files gui %{_bindir}/system-c
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2018-04-26 13:38:47 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils" Thu Apr 26 13:38:47 2018 rev:45 rq:601034 version:2.6 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2018-04-06 17:47:19.960289985 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2018-04-26 13:38:48.210382117 +0200 @@ -1,0 +2,5 @@ +Wed Apr 25 14:31:29 UTC 2018 - jseg...@suse.com + +- Drop the requirement for selinux-policy for the gui tools. + +--- Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.RvS9TR/_old 2018-04-26 13:38:48.962354554 +0200 +++ /var/tmp/diff_new_pack.RvS9TR/_new 2018-04-26 13:38:48.966354408 +0200 @@ -31,7 +31,7 @@ Summary:SELinux policy core utilities License:GPL-2.0-or-later Group: Productivity/Security -URL:https://github.com/SELinuxProject/selinux +Url:https://github.com/SELinuxProject/selinux Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/sepolgen-%{sepolgen_ver}.tar.gz Source2:system-config-selinux.png @@ -131,7 +131,6 @@ Requires: python Requires: python-gnome Requires: python-gtk -Requires: selinux-policy Requires: setools-console %description gui
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2018-04-06 17:47:16 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils" Fri Apr 6 17:47:16 2018 rev:44 rq:593258 version:2.6 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2017-12-23 12:20:36.772287710 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2018-04-06 17:47:19.960289985 +0200 @@ -1,0 +2,19 @@ +Tue Mar 27 13:46:37 UTC 2018 - tchva...@suse.com + +- Drop SLE11 support, needs the audit that is not present on SLE11 +- Fix service link to actually work on current releases +- Drop SUSE_ASNEEDED=0 as it seems to build fine without it +- Do not depend on systemd, just systemd-rpm-macros + +--- +Wed Mar 21 11:32:47 UTC 2018 - jseg...@suse.com + +- Added CVE-2018-1063.patch to prevent chcon from following symlinks in + /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624, CVE-2018-1063) + +--- +Tue Mar 20 12:01:55 UTC 2018 - jseg...@suse.com + +- Remove BuildRequires for libcgroup-devel (bsc#1085837) + +--- New: CVE-2018-1063.patch Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.KCkq7p/_old 2018-04-06 17:47:21.424237073 +0200 +++ /var/tmp/diff_new_pack.KCkq7p/_new 2018-04-06 17:47:21.428236927 +0200 @@ -1,7 +1,7 @@ # # spec file for package policycoreutils # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,23 +16,22 @@ # -#Compat macro for new _fillupdir macro introduced in Nov 2017 -%if ! %{defined _fillupdir} - %define _fillupdir /var/adm/fillup-templates -%endif - %define libaudit_ver 2.2 %define libsepol_ver 2.6 %define libsemanage_ver 2.6 %define libselinux_ver 2.6 %define sepolgen_ver 2.6 +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif Name: policycoreutils Version:2.6 Release:0 Summary:SELinux policy core utilities -License:GPL-2.0+ +License:GPL-2.0-or-later Group: Productivity/Security -Url:https://github.com/SELinuxProject/selinux +URL:https://github.com/SELinuxProject/selinux Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/sepolgen-%{sepolgen_ver}.tar.gz Source2:system-config-selinux.png @@ -45,6 +44,7 @@ Patch4: policycoreutils-initscript.patch Patch5: policycoreutils-pam-common.patch Patch10:loadpolicy_path.patch +Patch11:CVE-2018-1063.patch BuildRequires: audit-devel >= %{libaudit_ver} BuildRequires: dbus-1-glib-devel BuildRequires: fdupes @@ -52,12 +52,14 @@ BuildRequires: hicolor-icon-theme BuildRequires: libcap-devel BuildRequires: libcap-ng-devel -BuildRequires: libcgroup-devel BuildRequires: libselinux-devel >= %{libselinux_ver} BuildRequires: libsemanage-devel >= %{libsemanage_ver} BuildRequires: libsepol-devel-static >= %{libsepol_ver} BuildRequires: pam-devel +# needed only for dir /usr/share/polkit-1 from policycoreutils-gui +BuildRequires: polkit BuildRequires: python-devel +BuildRequires: systemd-rpm-macros BuildRequires: update-desktop-files Requires: audit-libs-python Requires: checkpolicy @@ -67,15 +69,10 @@ Requires: util-linux # we need selinuxenabled Requires(post): selinux-tools -Requires(pre): %fillup_prereq permissions +Requires(pre): %fillup_prereq +Requires(pre): permissions Recommends: %{name}-lang -BuildRoot: %{_tmppath}/%{name}-%{version}-build -%if 0%{?suse_version} > 1140 -BuildRequires: systemd %{?systemd_requires} -%else -Requires(pre): %insserv_prereq -%endif %description policycoreutils contains the policy core utilities that are required @@ -145,9 +142,9 @@ %patch4 %patch5 %patch10 -p1 +%patch11 %build -export SUSE_ASNEEDED=0 make %{?_smp_mflags} LSPP_PRIV=y LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2017-12-23 12:20:35 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils" Sat Dec 23 12:20:35 2017 rev:43 rq:559352 version:2.6 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2017-12-11 18:56:16.083233030 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2017-12-23 12:20:36.772287710 +0100 @@ -1,0 +2,6 @@ +Thu Dec 21 14:29:30 UTC 2017 - jseg...@suse.com + +- Removed BuildRequires for setools-devel and added new + runtime requirement for python2-networkx + +--- Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.F2SDFN/_old 2017-12-23 12:20:37.608246949 +0100 +++ /var/tmp/diff_new_pack.F2SDFN/_new 2017-12-23 12:20:37.612246754 +0100 @@ -58,7 +58,6 @@ BuildRequires: libsepol-devel-static >= %{libsepol_ver} BuildRequires: pam-devel BuildRequires: python-devel -BuildRequires: setools-devel BuildRequires: update-desktop-files Requires: audit-libs-python Requires: checkpolicy @@ -103,6 +102,7 @@ Requires: python-setools Requires: python-xml Requires: python-yum +Requires: python2-networkx Requires: yum-metadata-parser %description python
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2017-12-11 18:56:12 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils" Mon Dec 11 18:56:12 2017 rev:42 rq:546989 version:2.6 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2017-06-30 18:43:44.570478466 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2017-12-11 18:56:16.083233030 +0100 @@ -1,0 +2,31 @@ +Mon Nov 27 14:23:12 UTC 2017 - rbr...@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +--- +Fri Nov 24 09:21:51 UTC 2017 - jseg...@suse.com + +- Update to policycoreutils version 2.6. Notable changes: + * setfiles: reverse the sense of -D option + * sandbox: Use dbus-run-session instead of dbus-launch when available + * setfiles: Utility to find security.restorecon_last entries + * setfiles: Add option to stop setting the digest + * hll/pp: Change warning for module name not matching filename to match new behavior + * sepolicy: convert to setools4 + * sandbox: create a new session for sandboxed processes + * sandbox: do not try to setup directories without -X or -M + * sandbox: do not run xmodmap in a new X session + * sandbox: fix file labels on copied files + * semanage: Fix semanage fcontext -D + * semanage: Default serange to "s0" for port modify + * semanage: Use socket.getprotobyname for protocol + * semanage: Add auditing of changes in records + * Improve compatibility with Python 3 + * Update sandbox types in sandbox manual + * hll/pp: Warn if module name different than output filename +- Update to sepolgen version 2.6. Notable changes: + * Add support for TYPEBOUNDS statement in INTERFACE policy files +- Dropped CVE-2016-7545_sandbox_escape.patch + +--- Old: CVE-2016-7545_sandbox_escape.patch policycoreutils-2.5.tar.gz sepolgen-1.2.3.tar.gz New: policycoreutils-2.6.tar.gz sepolgen-2.6.tar.gz Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.b1vKfS/_old 2017-12-11 18:56:16.951191689 +0100 +++ /var/tmp/diff_new_pack.b1vKfS/_new 2017-12-11 18:56:16.955191499 +0100 @@ -16,20 +16,25 @@ # +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif + %define libaudit_ver 2.2 -%define libsepol_ver 2.5 -%define libsemanage_ver 2.5 -%define libselinux_ver 2.5 -%define sepolgen_ver 1.2.3 +%define libsepol_ver 2.6 +%define libsemanage_ver 2.6 +%define libselinux_ver 2.6 +%define sepolgen_ver 2.6 Name: policycoreutils -Version:2.5 +Version:2.6 Release:0 Summary:SELinux policy core utilities License:GPL-2.0+ Group: Productivity/Security Url:https://github.com/SELinuxProject/selinux -Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/%{name}-%{version}.tar.gz -Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/sepolgen-%{sepolgen_ver}.tar.gz +Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz +Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/sepolgen-%{sepolgen_ver}.tar.gz Source2:system-config-selinux.png Source3:system-config-selinux.desktop Source4:system-config-selinux.pam @@ -40,7 +45,6 @@ Patch4: policycoreutils-initscript.patch Patch5: policycoreutils-pam-common.patch Patch10:loadpolicy_path.patch -Patch11:CVE-2016-7545_sandbox_escape.patch BuildRequires: audit-devel >= %{libaudit_ver} BuildRequires: dbus-1-glib-devel BuildRequires: fdupes @@ -141,7 +145,6 @@ %patch4 %patch5 %patch10 -p1 -%patch11 -p1 %build export SUSE_ASNEEDED=0 @@ -176,8 +179,8 @@ rm -f %{buildroot}%{_mandir}/ru/man8/genhomedircon.8.gz ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui -mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates/ -mv %{buildroot}/%{_sysconfdir}/sysconfig/sandbox %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.sandbox +mkdir -p %{buildroot}%{_fillupdir}/ +mv %{buildroot}/%{_sysconfdir}/sysconfig/sandbox %{buildroot}%{_fillupdi
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2017-06-30 18:42:49 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils" Fri Jun 30 18:42:49 2017 rev:41 rq:507122 version:2.5 Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2016-08-05 18:16:35.0 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2017-06-30 18:43:44.570478466 +0200 @@ -1,0 +2,6 @@ +Mon Dec 19 07:21:22 UTC 2016 - jseg...@novell.com + +- Added CVE-2016-7545_sandbox_escape.patch to fix CVE-2016-7545, bsc#1000998 + Sandboxed session could have escaped to the parent session + +--- New: CVE-2016-7545_sandbox_escape.patch Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.38zjuk/_old 2017-06-30 18:43:45.290377208 +0200 +++ /var/tmp/diff_new_pack.38zjuk/_new 2017-06-30 18:43:45.294376645 +0200 @@ -1,7 +1,7 @@ # # spec file for package policycoreutils # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -40,6 +40,7 @@ Patch4: policycoreutils-initscript.patch Patch5: policycoreutils-pam-common.patch Patch10:loadpolicy_path.patch +Patch11:CVE-2016-7545_sandbox_escape.patch BuildRequires: audit-devel >= %{libaudit_ver} BuildRequires: dbus-1-glib-devel BuildRequires: fdupes @@ -108,7 +109,6 @@ Group: Productivity/Security Requires: policycoreutils-python = %{version} Requires: xorg-x11-server-extra -# Requires: matchbox-window-manager %description sandbox The sandbox package contains the scripts to create graphical sandboxes. @@ -127,8 +127,6 @@ Summary:SELinux configuration GUI Group: Productivity/Security Requires: policycoreutils-python = %{version} -# Requires:gnome-python2-canvas -# Requires:usermode-gtk Requires: python Requires: python-gnome Requires: python-gtk @@ -143,9 +141,7 @@ %patch4 %patch5 %patch10 -p1 -# sleep 5 -# touch po/policycoreutils.pot -# sleep 5 +%patch11 -p1 %build export SUSE_ASNEEDED=0 ++ CVE-2016-7545_sandbox_escape.patch ++ Index: policycoreutils-2.5/sandbox/sandbox === --- policycoreutils-2.5.orig/sandbox/sandbox2016-02-23 17:31:41.0 +0100 +++ policycoreutils-2.5/sandbox/sandbox 2016-12-19 08:20:38.507223657 +0100 @@ -467,10 +467,15 @@ sandbox [-h] [-l level ] [-[X|M] [-H hom cmds += ["--"] + self.__paths return subprocess.Popen(cmds).wait() -selinux.setexeccon(self.__execcon) -rc = subprocess.Popen(self.__cmds).wait() -selinux.setexeccon(None) -return rc +pid = os.fork() +if pid == 0: +rc = os.setsid() +if rc: +return rc +selinux.setexeccon(self.__execcon) +os.execv(self.__cmds[0], self.__cmds) +rc = os.waitpid(pid, 0) +return os.WEXITSTATUS(rc[1]) finally: for i in self.__paths:
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2016-08-05 18:16:34 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2016-07-21 07:58:57.0 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2016-08-05 18:16:35.0 +0200 @@ -1,0 +2,5 @@ +Sat Jul 23 05:47:50 UTC 2016 - jeng...@inai.de + +- Trim description in line with other selinux packages + +--- Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.bsCUIL/_old 2016-08-05 18:16:37.0 +0200 +++ /var/tmp/diff_new_pack.bsCUIL/_new 2016-08-05 18:16:37.0 +0200 @@ -74,22 +74,17 @@ %endif %description -Security-enhanced Linux is a feature of the Linux(R) kernel and a number -of utilities with enhanced security functionality designed to add -mandatory access controls to Linux. The Security-enhanced Linux -kernel contains new architectural components originally developed to -improve the security of the Flask operating system. These -architectural components provide general support for the enforcement -of many kinds of mandatory access control policies, including those -based on the concepts of Type Enforcement(R), Role-based Access -Control, and Multi-level Security. - policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system. These utilities include load_policy to load policies, setfiles to label filesystems, newrole to switch roles, and run_init to run %{_initddir} scripts in the proper context. +(Security-enhanced Linux is a feature of the kernel and some +utilities that implement mandatory access control policies, such as +Type Enforcement, Role-based Access Control and Multi-Level +Security.) + %lang_package %package python @@ -116,7 +111,7 @@ # Requires: matchbox-window-manager %description sandbox -The sandbox package contains the scripts to create graphical sandboxes +The sandbox package contains the scripts to create graphical sandboxes. %package newrole Summary:The newrole application for RBAC/MLS @@ -126,7 +121,7 @@ %description newrole RBAC/MLS policy machines require newrole as a way of changing the role -or level of a logged in user. +or level of a logged-in user. %package gui Summary:SELinux configuration GUI @@ -141,7 +136,7 @@ Requires: setools-console %description gui -system-config-selinux is a utility for managing the SELinux environment +system-config-selinux is a utility for managing the SELinux environment. %prep %setup -q -a 1
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2016-07-21 07:58:54 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2014-11-13 09:18:32.0 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2016-07-21 07:58:57.0 +0200 @@ -1,0 +2,62 @@ +Thu Jul 14 08:45:45 UTC 2016 - jseg...@novell.com + +- Changes submitted by MargueriteSu: + Update to version 2.5 + * sepolicy: Do not overwrite CFLAGS, from Nicolas Iooss. + * sepolicy: Rename policy global variable conflict, from Nicolas Iooss. + * newrole: Add missing defined in #if, from Nicolas Iooss. + * newrole: Add description of missing parameter -p in newrole man page, from Lukas Vrabec. + * secon: Add missing descriptions for --*-key params in secon man page, from Lukas Vrabec + * semanage: List reserve_port_t in semanage port -l, from Petr Lautrbach. + * chcat: Add a fallback in case os.getlogin() returns nothing, from Laurent Bigonville. + * semanage: fix 'semanage permissions -l' subcommand, from Petr Lautrbach. + * semanage: replace string.join() with str.join(), from Petr Lautrbach. + * Man page warning fixes, from Ville Skyttä. + * sandbox: Fix sandbox to propagate specified MCS/MLS Security Level, from Miroslav Grepl. + * semanage: Require at least one argument for 'semanage permissive -d', from Petr Lautrbach. + * sepolicy: Improve sepolicy command line interface, from Petr Lautrbach. + * audit2allow/why: ignore setlocale errors, from Petr Lautrbach. + * semodule: Add --extract/-E, --cil/-c, and --hll/-H to extract modules, from Yuli Khodorkovskiy. + * audit2allow: Comment constraint rules in output, from Miroslav Grepl via Petr Lautrbach. + * Fix PEP8 issues, from Jason Zaman. + * semanage: fix moduleRecords deleteall method, from Stephen Smalley. + * Improve compatibility with Python 3, from Michal Srb. + * semanage: Set self.sename to sename after calling semanage_seuser_set_sename(), from Laurent Bigonville. + * semanage: Fix typo in semanage args for minimium policy store, from Petr Lautrbach. + * sepolicy: Only invoke RPM on RPM-enabled Linux distributions, from Sven Vermeulen. + * mcstransd: don't reinvent getpeercon, from Stephen Smalley. + * setfiles/restorecon: fix -r/-R option, from Petr Lautrbach. + * org.selinux.policy: Require auth_admin_keep for all actions, from Stephen Smalley. + * hll: Move core functions of pp to libsepol, from James Carter + * run_init: Use a ring buffer in open_init_pty, from Jason Zaman. + * run_init: fix open_init_pty availability check, from Nicolas Iooss. + * Widen Xen IOMEM context entries, from Daniel De Graaf. + * Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach. + * Fixed typo/grammatical error, from Christopher Peterson. + * Fix typo in semanage-port man page, from Andrew Spiers. + Update to version 2.4 + * Fix bugs found by hardened gcc flags, from Nicolas Iooss. + * Improve support for building with different versions of python from +Nicolas Iooss. + * Ensure XDG_RUNTIME_DIR is passed through to the sandbox in seunshare, +from Dan Walsh + * Remove cgroups from sandbox, from Dan Walsh + * Try to use setcurrent before setexec in seunshare, from Andy Lutomirski + * Stop using the now deprecated flask.h and av_permissions.h, from Stephen Smalley + * Add a store root path in semodule, from Yuli Khodorkovskiy + * Add a flag to ignore cached CIL files and recompile HLL modules, from +Yuli Khodorkovskiy + * Add and install HLL compiler for policy packages to CIL. The compiler is +installed in /var/libexec/selinux/hll/ by default, from Steve Lawrence + * Fixes to pp compiler to better support roles and type attributes, from +Yuli Khodorkovskiy + * Deprecate base/upgrade/version in semodule. Calling these commands will +now call --install on the backend, from Yuli Khodorkovskiy + * Add ability to install modules with a specified priority, from Caleb +Case + * Use /tmp for permissive module creation, by Caleb Case + * Update semanage to use new source policy infrastructure, from Jason Dana + * Add RuntimeDirectory to mcstrans systemd unit file, from Laurent +Bigonville + +--- Old: policycoreutils-2.3.tar.gz sepolgen-1.2.1.tar.gz New: policycoreutils-2.5.tar.gz sepolgen-1.2.3.tar.gz Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.DtRNJ9/_old 2016-07-21 07:59:00.00
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2014-11-13 09:18:10 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2014-09-09 18:59:19.0 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2014-11-13 09:18:32.0 +0100 @@ -1,0 +2,6 @@ +Wed Nov 5 14:04:30 UTC 2014 - jseg...@novell.com + +- added Requires: python-yum, yum-metadata-parser to fix sepolicy + (bnc#903841) + +--- Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.y3hnJV/_old 2014-11-13 09:18:33.0 +0100 +++ /var/tmp/diff_new_pack.y3hnJV/_new 2014-11-13 09:18:33.0 +0100 @@ -155,6 +155,8 @@ Requires: python-semanage >= %{libsemanage_ver} Requires: python-setools Requires: python-xml +Requires: python-yum +Requires: yum-metadata-parser %description python The policycoreutils-python package contains the management tools used to manage an SELinux environment. -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2014-09-09 18:59:14 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2014-06-02 07:00:57.0 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2014-09-09 18:59:19.0 +0200 @@ -1,0 +2,5 @@ +Mon Sep 8 08:04:51 UTC 2014 - jseg...@suse.com + +- removed execute permission from systemd unit file + +--- Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.idN0z6/_old 2014-09-09 18:59:20.0 +0200 +++ /var/tmp/diff_new_pack.idN0z6/_new 2014-09-09 18:59:20.0 +0200 @@ -314,7 +314,7 @@ %{_bindir}/semodule_package %{_bindir}/semodule_unpackage %if 0%{?suse_version} > 1140 -%attr(755,root,root) %{_unitdir}/restorecond.service +%attr(644,root,root) %{_unitdir}/restorecond.service %else %attr(755,root,root) %{_initddir}/restorecond %endif -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2013-12-17 10:03:02 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2013-12-11 16:16:30.0 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2013-12-17 10:03:03.0 +0100 @@ -1,0 +2,7 @@ +Fri Dec 13 14:13:32 UTC 2013 - vci...@suse.com + +- sepolgen: add back attributes + * fixes build of selinux-policy + * policycoreutils-sepolgen_missing_attributes.patch + +--- New: policycoreutils-sepolgen_missing_attributes.patch Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.WyGRVw/_old 2013-12-17 10:03:04.0 +0100 +++ /var/tmp/diff_new_pack.WyGRVw/_new 2013-12-17 10:03:04.0 +0100 @@ -40,6 +40,7 @@ Source8:policycoreutils_man_ru2.tar.bz2 Patch4: policycoreutils-initscript.patch Patch5: policycoreutils-pam-common.patch +Patch6: policycoreutils-sepolgen_missing_attributes.patch Patch10:loadpolicy_path.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: audit-devel >= %{libaudit_ver} @@ -98,6 +99,7 @@ %setup -q -a 1 %patch4 %patch5 +%patch6 -p1 %patch10 -p1 # sleep 5 # touch po/policycoreutils.pot ++ policycoreutils-sepolgen_missing_attributes.patch ++ Index: policycoreutils-2.2/sepolgen-1.2/src/sepolgen/interfaces.py === --- policycoreutils-2.2.orig/sepolgen-1.2/src/sepolgen/interfaces.py 2013-10-30 17:51:19.0 +0100 +++ policycoreutils-2.2/sepolgen-1.2/src/sepolgen/interfaces.py 2013-12-10 14:05:40.791999743 +0100 @@ -276,7 +276,7 @@ class InterfaceVector: if attributes: for typeattribute in interface.typeattributes(): for attr in typeattribute.attributes: -if not attributes.has_key(attr): +if not attributes.attributes.has_key(attr): # print "missing attribute " + attr continue attr_vec = attributes.attributes[attr] -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2013-12-11 16:16:27 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2013-07-02 07:41:27.0 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2013-12-11 16:16:30.0 +0100 @@ -1,0 +2,68 @@ +Mon Dec 9 11:20:57 UTC 2013 - vci...@suse.com + +- fix issues which prevented accepting to Factory + * mention the dropped patches (merged upstream): +- policycoreutils-rhat.patch +- policycoreutils-sepolgen.patch + +--- +Thu Oct 31 14:48:31 UTC 2013 - p.drou...@gmail.com + +- update to version 2.2 + * Properly build the swig exception file + * Fix man pages + * Support overriding PATH and INITDIR in Makefile + * Fix LDFLAGS usage + * Fix init_policy warning + * Fix semanage logging + * Open newrole stdin as read/write + * Fix sepolicy transition + * Support overriding CFLAGS + * Create correct man directory for run_init + * restorecon GLOB_BRACE change + * Extend audit2why to report additional constraint information. + * Catch IOError errors within audit2allow + * semanage export/import fixes + * Improve setfiles progress reporting + * Document setfiles -o option in usage + * Change setfiles to always return -1 on failure + * Improve setsebool error r eporting + * Major overhaul of gui + * Fix sepolicy handling of non-MLS policy + * Support returning type aliases + * Add sepolicy tests + * Add org.selinux.config.policy + * Improve range and user input checking by semanage + * Prevent source or target arguments that end with / for substitutions + * Allow use of <> for semanage fcontext + * Report customized user levels + * Support deleteall for restoring disabled modules + * Improve semanage error reporting + * Only list disabled modules for module locallist + * Fix logging + * Define new constants for file type character codes + * Improve bash completions + * Convert semanage to argparse + * Add semanage tests + * Split semanage man pages + * Move bash completion scripts + * Replace genhomedircon script with a link to semodule + * Fix fixfiles + * Add support for systemd service for restorecon + * Spelling corrections + * Improve sandbox support for home dir symlinks and file caps + * Switch sandbox to openbox window manager + * Coalesce audit2why and audit2allow + * Change audit2allow to append to output file + * Update translations + * Change audit2why to use selinux_current_policy_path +- Update sepolgen to version 1.2 + * Return additional constraint information. + * Fix bug in calls to attributes + * Add support for filename transitions + * Fix sepolgen tests +- Remove restorecond.service; use upstream service file +- Don't provide support for sysvinit and systemd on a same system + Use either one or the other + +--- Old: policycoreutils-2.1.14.tar.gz policycoreutils-gui.patch.bz2 policycoreutils-po.patch.bz2 policycoreutils-rhat.patch policycoreutils-sepolgen.patch restorecond.service sepolgen-1.1.9.tar.gz New: policycoreutils-2.2.tar.gz sepolgen-1.2.tar.gz Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.s9C41R/_old 2013-12-11 16:16:31.0 +0100 +++ /var/tmp/diff_new_pack.s9C41R/_new 2013-12-11 16:16:31.0 +0100 @@ -16,21 +16,21 @@ # -%define libaudit_ver 1.4.2 -%define libsepol_ver 2.1.9 -%define libsemanage_ver 2.1.10 -%define libselinux_ver 2.1.13 -%define sepolgen_ver 1.1.9 +%define libaudit_ver 2.2 +%define libsepol_ver 2.2 +%define libsemanage_ver 2.2 +%define libselinux_ver 2.2 +%define sepolgen_ver 1.2 Name: policycoreutils -Version:2.1.14 +Version:2.2 Release:0 Url:http://userspace.selinuxproject.org/ Summary:SELinux policy core utilities License:GPL-2.0+ Group: Productivity/Security -Source: http://userspace.selinuxproject.org/releases/20130423/%{name}-%{version}.tar.gz -Source1: http://userspace.selinuxproject.org/releases/20130423/sepolgen-%{sepolgen_ver}.tar.gz +Source: http://userspace.sel
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2013-07-02 07:41:26 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2013-04-17 23:15:48.0 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2013-07-02 07:41:27.0 +0200 @@ -1,0 +2,5 @@ +Thu Jun 27 14:51:08 UTC 2013 - vci...@suse.com + +- change the source url to the official release tarballs + +--- Old: policycoreutils-2.1.14.tgz sepolgen-1.1.9.tgz New: policycoreutils-2.1.14.tar.gz sepolgen-1.1.9.tar.gz Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.M6If50/_old 2013-07-02 07:41:28.0 +0200 +++ /var/tmp/diff_new_pack.M6If50/_new 2013-07-02 07:41:28.0 +0200 @@ -29,8 +29,8 @@ Summary:SELinux policy core utilities License:GPL-2.0+ Group: Productivity/Security -Source: http://pkgs.fedoraproject.org/lookaside/pkgs/policycoreutils/%{name}-%{version}.tgz/22cb999c28b40b59a9d6b11824480ab8/%{name}-%{version}.tgz -Source1: http://pkgs.fedoraproject.org/lookaside/pkgs/policycoreutils/sepolgen-%{sepolgen_ver}.tgz/960f29b498ba7efaa3aeb5e3796a1ba3/sepolgen-%{sepolgen_ver}.tgz +Source: http://userspace.selinuxproject.org/releases/20130423/%{name}-%{version}.tar.gz +Source1: http://userspace.selinuxproject.org/releases/20130423/sepolgen-%{sepolgen_ver}.tar.gz Source2:system-config-selinux.png Source3:system-config-selinux.desktop Source4:system-config-selinux.pam -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2013-04-17 23:15:45 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2013-03-08 09:38:49.0 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2013-04-17 23:15:48.0 +0200 @@ -1,0 +2,49 @@ +Wed Apr 3 10:06:06 UTC 2013 - vci...@suse.com + +- fixed source url +- removed old tarball + +--- +Fri Mar 29 13:13:19 UTC 2013 - vci...@suse.com + +- update to 2.1.14 + * setfiles: estimate percent progress + * load_policy: make link at the destination directory + * Rebuild polgen.glade with glade-3 + * sepolicy: new command to unite small utilities + * sepolicy: Update Makefiles and po files + * sandbox: use sepolicy to look for sandbox_t + * gui: switch to use sepolicy + * gui: sepolgen: use sepolicy to generate + * semanage: use sepolicy for boolean dictionary + * add po file configuration information + * po: stop running update-po on all + * semanage: seobject verify policy types before allowing you to assign them. + * gui: Start using Popen, instead of os.spawnl + * sandbox: Copy /var/tmp to /tmp as they are the same inside + * qualifier to shred content + * semanage: Fix handling of boolean_sub names when using the -F flag + * semanage: man: roles instead of role + * gui: system-config-selinux: Catch no DISPLAY= error + * setfiles: print error if no default label found + * semanage: list logins file entries in semanage login -l + * semanage: good error message is sepolgen python module missing + * gui: system-config-selinux: do not use lokkit + * secon: add support for setrans color information in prompt output + * restorecond: remove /etc/mtab from default list + * gui: If you are not able to read enforcemode set it to False + * genhomedircon: regenerate genhomedircon more often + * restorecond: Add /etc/udpatedb.conf to restorecond.conf + * genhomedircon generation to allow spec file to pass in SEMODULE_PATH + * fixfiles: relabel only after specific date + * po: update translations + * sandbox: seunshare: do not reassign realloc value + * seunshare: do checking on setfsuid + * sestatus: rewrite to shut up coverity +- removed policycoreutils-glibc217.patch (upstream fix) +- added patches: + * policycoreutils-rhat.patch + * policycoreutils-sepolgen.patch + * loadpolicy_path.patch + +--- Old: policycoreutils-2.1.13.tar.gz policycoreutils-glibc217.patch sepolgen-1.1.8.tar.gz New: loadpolicy_path.patch policycoreutils-2.1.14.tgz policycoreutils-rhat.patch policycoreutils-sepolgen.patch sepolgen-1.1.9.tgz Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.PUj6L4/_old 2013-04-17 23:15:50.0 +0200 +++ /var/tmp/diff_new_pack.PUj6L4/_new 2013-04-17 23:15:50.0 +0200 @@ -17,20 +17,20 @@ %define libaudit_ver 1.4.2 -%define libsepol_ver 2.1.8 -%define libsemanage_ver 2.1.9 -%define libselinux_ver 2.1.12 -%define sepolgen_ver 1.1.8 +%define libsepol_ver 2.1.9 +%define libsemanage_ver 2.1.10 +%define libselinux_ver 2.1.13 +%define sepolgen_ver 1.1.9 Name: policycoreutils -Version:2.1.13 +Version:2.1.14 Release:0 Url:http://userspace.selinuxproject.org/ Summary:SELinux policy core utilities License:GPL-2.0+ Group: Productivity/Security -Source: http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz -Source1: http://userspace.selinuxproject.org/releases/20120216/sepolgen-%{sepolgen_ver}.tar.gz +Source: http://pkgs.fedoraproject.org/lookaside/pkgs/policycoreutils/%{name}-%{version}.tgz/22cb999c28b40b59a9d6b11824480ab8/%{name}-%{version}.tgz +Source1: http://pkgs.fedoraproject.org/lookaside/pkgs/policycoreutils/sepolgen-%{sepolgen_ver}.tgz/960f29b498ba7efaa3aeb5e3796a1ba3/sepolgen-%{sepolgen_ver}.tgz Source2:system-config-selinux.png Source3:system-config-selinux.desktop Source4:system-config-selinux.pam @@ -41,7 +41,9 @@ Source9:restorecond.service Patch4: policycoreutils-initscript.patch Patch5: policycoreutils-pam-common.patch -Patch6: policycoreutils-glibc217.patch +Patch7: policycoreutils-rhat.patch +
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2013-03-08 09:38:46 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2012-12-19 11:51:43.0 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2013-03-08 09:38:49.0 +0100 @@ -1,0 +2,9 @@ +Wed Jan 30 12:10:23 UTC 2013 - vci...@suse.com + +- update to 2.1.13 + - drop policycoreutils-po.patch.bz2 (updated upstream) + - drop policycoreutils-gui.patch.bz2 (added to upstream) + - drop sandbox init scripts (shouldn't be needed anymore) + - numerous other changes + +--- Old: policycoreutils-2.1.10.tar.gz sepolgen-1.1.5.tar.gz New: policycoreutils-2.1.13.tar.gz sepolgen-1.1.8.tar.gz Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.0QOGkD/_old 2013-03-08 09:38:50.0 +0100 +++ /var/tmp/diff_new_pack.0QOGkD/_new 2013-03-08 09:38:50.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package policycoreutils # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,13 +17,13 @@ %define libaudit_ver 1.4.2 -%define libsepol_ver 2.1.4 -%define libsemanage_ver 2.0.43 -%define libselinux_ver 2.0.90 -%define sepolgen_ver 1.1.5 +%define libsepol_ver 2.1.8 +%define libsemanage_ver 2.1.9 +%define libselinux_ver 2.1.12 +%define sepolgen_ver 1.1.8 Name: policycoreutils -Version:2.1.10 +Version:2.1.13 Release:0 Url:http://userspace.selinuxproject.org/ Summary:SELinux policy core utilities @@ -39,8 +39,6 @@ Source7:selinux-polgengui.console Source8:policycoreutils_man_ru2.tar.bz2 Source9:restorecond.service -Patch1: policycoreutils-po.patch.bz2 -Patch2: policycoreutils-gui.patch.bz2 Patch4: policycoreutils-initscript.patch Patch5: policycoreutils-pam-common.patch Patch6: policycoreutils-glibc217.patch @@ -68,6 +66,9 @@ Requires: python-selinux Requires: rpm Requires: util-linux +# we need selinuxenabled +Requires(post): selinux-tools + %{?systemd_requires} Recommends: %{name}-lang @@ -92,9 +93,6 @@ %prep %setup -q -a 1 -#%patch0 -p2 -%patch1 -p1 -%patch2 -p1 %patch4 %patch5 %patch6 -p2 @@ -132,7 +130,6 @@ ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui ln -sf %{_initddir}/restorecond %{buildroot}%{_sbindir}/rcrestorecond -ln -sf %{_initddir}/sandbox %{buildroot}%{_sbindir}/rcsandbox mkdir -p %{buildroot}/var/adm/fillup-templates/ mv %{buildroot}/%{_sysconfdir}/sysconfig/sandbox %{buildroot}/var/adm/fillup-templates/sysconfig.sandbox rmdir %{buildroot}/%{_sysconfdir}/sysconfig @@ -180,6 +177,9 @@ %{_mandir}/man5/sandbox* %{_mandir}/man8/semanage.8* %{_mandir}/ru/man8/semanage.8* +%dir %{_sysconfdir}/bash_completion.d +%{_sysconfdir}/bash_completion.d/semanage-bash-completion.sh +%{_sysconfdir}/bash_completion.d/setsebool-bash-completion.sh %post python selinuxenabled && [ -f %{_datadir}/selinux/devel/include/build.conf ] && %{_bindir}/sepolgen-ifgen 2>/dev/null @@ -197,8 +197,6 @@ %files sandbox %defattr(-,root,root,-) -%{_initddir}/sandbox -%{_sbindir}/rcsandbox %attr(0755,root,root) %{_sbindir}/seunshare %dir %{_datadir}/sandbox %{_datadir}/sandbox/sandboxX.sh @@ -206,21 +204,6 @@ /var/adm/fillup-templates/sysconfig.sandbox %doc %{_mandir}/man8/seunshare.8* -%post sandbox -%fillup_and_insserv sandbox - -%preun sandbox -if [ "$1" -eq "0" ]; then -%stop_on_removal sandbox -%insserv_cleanup -fi - -%postun sandbox -if [ "$1" -ge "1" ]; then -%restart_on_update sandbox -%insserv_cleanup -fi - %package newrole Summary:The newrole application for RBAC/MLS Group: Productivity/Security @@ -262,16 +245,16 @@ %defattr(-,root,root) %{_bindir}/system-config-selinux %{_bindir}/selinux-polgengui -#%{_bindir}/sepolgen +%{_bindir}/sepolgen %{_datadir}/applications/selinux-polgengui.desktop %{_datadir}/applications/system-config-selinux.desktop %{_datadir}/pixmaps/system-config-selinux.png -#%dir %{_datadir}/system-config-selin
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2012-12-19 11:51:41 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2012-12-07 14:49:05.0 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2012-12-19 11:51:43.0 +0100 @@ -1,0 +2,5 @@ +Tue Dec 11 15:11:12 UTC 2012 - vci...@suse.com + +- added service unit for restorecond + +--- New: restorecond.service Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.WFLVT7/_old 2012-12-19 11:51:45.0 +0100 +++ /var/tmp/diff_new_pack.WFLVT7/_new 2012-12-19 11:51:45.0 +0100 @@ -38,6 +38,7 @@ Source6:selinux-polgengui.desktop Source7:selinux-polgengui.console Source8:policycoreutils_man_ru2.tar.bz2 +Source9:restorecond.service Patch1: policycoreutils-po.patch.bz2 Patch2: policycoreutils-gui.patch.bz2 Patch4: policycoreutils-initscript.patch @@ -57,6 +58,9 @@ BuildRequires: pam-devel BuildRequires: python-devel BuildRequires: update-desktop-files +%if 0%{?suse_version} > 1140 +BuildRequires: systemd +%endif Requires(pre): %insserv_prereq %fillup_prereq permissions Requires: audit-libs-python Requires: checkpolicy @@ -64,6 +68,7 @@ Requires: python-selinux Requires: rpm Requires: util-linux +%{?systemd_requires} Recommends: %{name}-lang %description @@ -115,6 +120,9 @@ make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" INITDIR="%{buildroot}%{_initddir}" install make -C sepolgen-%{sepolgen_ver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install install -D -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps/system-config-selinux.png +%if 0%{?suse_version} > 1140 +install -D -m 0644 %SOURCE9 %{buildroot}/%{_unitdir}/restorecond.service +%endif install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux @@ -293,6 +301,9 @@ %{_bindir}/semodule_link %{_bindir}/semodule_package %{_bindir}/semodule_unpackage +%if 0%{?suse_version} > 1140 +%{_unitdir}/restorecond.service +%endif %config(noreplace) %{_sysconfdir}/pam.d/run_init %config(noreplace) %{_sysconfdir}/sestatus.conf %attr(755,root,root) %{_initddir}/restorecond @@ -342,19 +353,33 @@ %files lang -f %{name}.lang +%pre +%if 0%{?suse_version} > 1140 +%service_add_pre restorecond.service +%endif + %post %fillup_and_insserv restorecond +%if 0%{?suse_version} > 1140 +%service_add_post restorecond.service +%endif %preun if [ "$1" -eq "0" ]; then %stop_on_removal restorecond %insserv_cleanup fi +%if 0%{?suse_version} > 1140 +%service_del_preun restorecond.service +%endif %postun if [ "$1" -ge "1" ]; then %restart_on_update restorecond %insserv_cleanup fi +%if 0%{?suse_version} > 1140 +%service_del_postun restorecond.service +%endif %changelog ++ restorecond.service ++ [Unit] Description=Restorecon maintaining path file context After=syslog.target ConditionPathExists=/etc/selinux/restorecond.conf [Service] Type=oneshot ExecStart=/usr/sbin/restorecond RemainAfterExit=yes [Install] WantedBy=multi-user.target -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2012-12-07 14:49:01 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2012-11-19 14:00:24.0 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2012-12-07 14:49:05.0 +0100 @@ -1,0 +2,5 @@ +Wed Dec 5 13:41:33 UTC 2012 - vci...@suse.com + +- semanage needs python-xml and python-ipy to run + +--- Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.eagVvs/_old 2012-12-07 14:49:07.0 +0100 +++ /var/tmp/diff_new_pack.eagVvs/_new 2012-12-07 14:49:07.0 +0100 @@ -138,12 +138,14 @@ Group: Productivity/Security Requires: audit-libs-python >= %{libaudit_ver} Requires: policycoreutils = %{version} +Requires: python-ipy Requires: python-selinux >= %{libselinux_ver} Requires: python-semanage >= %{libsemanage_ver} Requires: python-setools +Requires: python-xml %description python -The policycoreutils-python package contains the management tools use to manage an SELinux environment. +The policycoreutils-python package contains the management tools used to manage an SELinux environment. %files python %defattr(-,root,root,-) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2012-11-19 14:00:23 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2012-08-10 19:02:51.0 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2012-11-19 14:00:24.0 +0100 @@ -1,0 +2,6 @@ +Sat Nov 17 06:58:05 UTC 2012 - a...@suse.de + +- Fix compilation with glibc 2.17 (add patch policycoreutils-glibc217.patch + extracted from Fedora) + +--- New: policycoreutils-glibc217.patch Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.ize0wn/_old 2012-11-19 14:00:27.0 +0100 +++ /var/tmp/diff_new_pack.ize0wn/_new 2012-11-19 14:00:27.0 +0100 @@ -42,6 +42,7 @@ Patch2: policycoreutils-gui.patch.bz2 Patch4: policycoreutils-initscript.patch Patch5: policycoreutils-pam-common.patch +Patch6: policycoreutils-glibc217.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: audit-devel >= %{libaudit_ver} BuildRequires: dbus-1-glib-devel @@ -91,6 +92,7 @@ %patch2 -p1 %patch4 %patch5 +%patch6 -p2 # sleep 5 # touch po/policycoreutils.pot # sleep 5 ++ policycoreutils-glibc217.patch ++ diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c index 3bb3c4b..d16e331 100644 --- a/policycoreutils/sandbox/seunshare.c +++ b/policycoreutils/sandbox/seunshare.c @@ -31,6 +31,12 @@ #include/* for context-mangling functions */ #include + +/* + * Note setfsuid never returns an error code. But the compiler complains if + * I do not check, so I am checking for -1, which should never happen. + */ + #ifdef USE_NLS #include /* for setlocale() */ #include/* for gettext() */ @@ -617,12 +623,15 @@ static int cleanup_tmpdir(const char *tmpdir, const char *src, free(cmdbuf); cmdbuf = NULL; /* remove runtime temporary directory */ - setfsuid(0); + if (setfsuid(0) < 0) + rc++; + if (rmdir(tmpdir) == -1) fprintf(stderr, _("Failed to remove directory %s: %s\n"), tmpdir, strerror(errno)); - setfsuid(pwd->pw_uid); + if (setfsuid(pwd->pw_uid) < 0) + rc++; - return 0; + return rc; } /** @@ -642,7 +651,9 @@ static char *create_tmpdir(const char *src, struct stat *src_st, /* get selinux context */ if (execcon) { - setfsuid(pwd->pw_uid); + if (setfsuid(pwd->pw_uid) < 0) + goto err; + if ((fd_s = open(src, O_RDONLY)) < 0) { fprintf(stderr, _("Failed to open directory %s: %s\n"), src, strerror(errno)); goto err; @@ -661,7 +672,8 @@ static char *create_tmpdir(const char *src, struct stat *src_st, } /* ok to not reach this if there is an error */ - setfsuid(0); + if (setfsuid(0) < 0) + goto err; } if (asprintf(&tmpdir, "/tmp/.sandbox-%s-XX", pwd->pw_name) == -1) { @@ -716,14 +728,16 @@ static char *create_tmpdir(const char *src, struct stat *src_st, } } - setfsuid(pwd->pw_uid); + if (setfsuid(pwd->pw_uid) < 0) + goto err; if (rsynccmd(src, tmpdir, &cmdbuf) < 0) { goto err; } /* ok to not reach this if there is an error */ - setfsuid(0); + if (setfsuid(0) < 0) + goto err; if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) { fprintf(stderr, _("Failed to populate runtime temporary directory\n")); @@ -916,7 +930,8 @@ int main(int argc, char **argv) { /* Changing fsuid is usually required when user-specified directory is * on an NFS mount. It's also desired to avoid leaking info about * existence of the files not accessible to the user. */ - setfsuid(uid); + if (setfsuid(uid) < 0) + return -1; /* verify homedir and tmpdir */ if (homedir_s && ( @@ -925,7 +940,7 @@ int main(int argc, char **argv) { if (tmpdir_s && ( verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 || check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1; - setfsuid(0); + if (setfsuid(0) < 0) retur
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2012-08-10 19:02:49 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2012-02-16 15:02:00.0 +0100 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2012-08-10 19:02:51.0 +0200 @@ -1,0 +2,7 @@ +Tue Aug 7 15:30:58 UTC 2012 - meiss...@suse.com + +- updated policycoreutils to 2.1.10 + - adapated patches +- updated sepolgen to 1.1.5 + +--- Old: policycoreutils-2.0.85.tar.bz2 policycoreutils-rhat.patch.bz2 policycoreutils-sepolgen.patch policycoreutils-setup_py-prefix.patch sepolgen-1.0.23.tar.bz2 New: policycoreutils-2.1.10.tar.gz sepolgen-1.1.5.tar.gz Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.n3y3mb/_old 2012-08-10 19:02:54.0 +0200 +++ /var/tmp/diff_new_pack.n3y3mb/_new 2012-08-10 19:02:54.0 +0200 @@ -17,20 +17,20 @@ %define libaudit_ver 1.4.2 -%define libsepol_ver 2.0.41 +%define libsepol_ver 2.1.4 %define libsemanage_ver 2.0.43 %define libselinux_ver 2.0.90 -%define sepolgen_ver 1.0.23 +%define sepolgen_ver 1.1.5 Name: policycoreutils -Version:2.0.85 +Version:2.1.10 Release:0 -Url:http://www.nsa.gov/selinux/ +Url:http://userspace.selinuxproject.org/ Summary:SELinux policy core utilities License:GPL-2.0+ Group: Productivity/Security -Source: %{name}-%{version}.tar.bz2 -Source1:sepolgen-%{sepolgen_ver}.tar.bz2 +Source: http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz +Source1: http://userspace.selinuxproject.org/releases/20120216/sepolgen-%{sepolgen_ver}.tar.gz Source2:system-config-selinux.png Source3:system-config-selinux.desktop Source4:system-config-selinux.pam @@ -38,13 +38,10 @@ Source6:selinux-polgengui.desktop Source7:selinux-polgengui.console Source8:policycoreutils_man_ru2.tar.bz2 -Patch0: policycoreutils-rhat.patch.bz2 Patch1: policycoreutils-po.patch.bz2 Patch2: policycoreutils-gui.patch.bz2 -Patch3: policycoreutils-sepolgen.patch Patch4: policycoreutils-initscript.patch Patch5: policycoreutils-pam-common.patch -Patch6: policycoreutils-setup_py-prefix.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: audit-devel >= %{libaudit_ver} BuildRequires: dbus-1-glib-devel @@ -60,12 +57,12 @@ BuildRequires: python-devel BuildRequires: update-desktop-files Requires(pre): %insserv_prereq %fillup_prereq permissions -Requires: util-linux -Requires: gawk -Requires: rpm +Requires: audit-libs-python Requires: checkpolicy +Requires: gawk Requires: python-selinux -Requires: audit-libs-python +Requires: rpm +Requires: util-linux Recommends: %{name}-lang %description @@ -89,13 +86,11 @@ %prep %setup -q -a 1 -%patch0 -p2 +#%patch0 -p2 %patch1 -p1 %patch2 -p1 -%patch3 -p1 %patch4 %patch5 -%patch6 # sleep 5 # touch po/policycoreutils.pot # sleep 5 @@ -139,10 +134,10 @@ %package python Summary:SELinux policy core python utilities Group: Productivity/Security +Requires: audit-libs-python >= %{libaudit_ver} Requires: policycoreutils = %{version} -Requires: python-semanage >= %{libsemanage_ver} Requires: python-selinux >= %{libselinux_ver} -Requires: audit-libs-python >= %{libaudit_ver} +Requires: python-semanage >= %{libsemanage_ver} Requires: python-setools %description python @@ -159,8 +154,8 @@ %{_bindir}/sepolgen-ifgen-attr-helper %{python_sitearch}/seobject.py* %{python_sitearch}/sepolgen -%{python_sitearch}/%{name} -%{python_sitearch}/%{name}*.egg-info +#%{python_sitearch}/%{name} +#%{python_sitearch}/%{name}*.egg-info %dir /var/lib/sepolgen %dir /var/lib/selinux /var/lib/sepolgen/perm_map @@ -170,6 +165,7 @@ %{_mandir}/man8/chcat.8* %{_mandir}/ru/man8/chcat.8* %{_mandir}/man8/sandbox.8* +%{_mandir}/man5/sandbox* %{_mandir}/man8/semanage.8* %{_mandir}/ru/man8/semanage.8* @@ -196,8 +192,7 @@ %{_datadir}/sandbox/sandboxX.sh %{_datadir}/sandbox/start /var/adm/fillup-templates/sysconfig.sandbox -%doc %{_mandir}/man5/sandbox.conf.5.gz -%doc %{_mandir}/man8/seunshare.8.gz
commit policycoreutils for openSUSE:Factory
Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2012-02-16 15:00:36 Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) Package is "policycoreutils", Maintainer is "vci...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2011-09-23 12:41:29.0 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2012-02-16 15:02:00.0 +0100 @@ -1,0 +2,27 @@ +Tue Feb 14 09:57:15 UTC 2012 - mvysko...@suse.cz + +- fix seceral rpmlint errors and warnings + * use /var/adm/fillup-template for sandbox + * don't use /var/lock/subsys in any of init script + * use set_permissions macro and add correct Requires(pre) + * fix the languages to new -lang package + * fix policycoreutils-sandbox Group + * remove runlevel 4 from inint scripts + +--- +Mon Feb 13 10:53:53 UTC 2012 - co...@suse.com + +- patch license to follow spdx.org standard + +--- +Mon Mar 14 15:16:51 UTC 2011 - prus...@opensuse.org + +- updated to 2.0.85 + * changes too numerous to list + +--- +Fri Feb 4 00:09:42 UTC 2011 - toddrme2...@gmail.com + +- fix a typo in the package group + +--- Old: policycoreutils-2.0.79.tar.bz2 policycoreutils-gnusource.patch sandbox.init sepolgen-1.0.19.tar.bz2 New: policycoreutils-2.0.85.tar.bz2 sepolgen-1.0.23.tar.bz2 Other differences: -- ++ policycoreutils.spec ++ --- /var/tmp/diff_new_pack.kkWmZl/_old 2012-02-16 15:02:01.0 +0100 +++ /var/tmp/diff_new_pack.kkWmZl/_new 2012-02-16 15:02:01.0 +0100 @@ -1,7 +1,7 @@ # -# spec file for package policycoreutils (Version 2.0.79) +# spec file for package policycoreutils # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,21 +15,20 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild %define libaudit_ver 1.4.2 %define libsepol_ver 2.0.41 %define libsemanage_ver 2.0.43 %define libselinux_ver 2.0.90 -%define sepolgen_ver 1.0.19 +%define sepolgen_ver 1.0.23 Name: policycoreutils -Version:2.0.79 -Release:4 +Version:2.0.85 +Release:0 Url:http://www.nsa.gov/selinux/ -License:GPLv2+ -Group: Productivity/Security Summary:SELinux policy core utilities +License:GPL-2.0+ +Group: Productivity/Security Source: %{name}-%{version}.tar.bz2 Source1:sepolgen-%{sepolgen_ver}.tar.bz2 Source2:system-config-selinux.png @@ -39,7 +38,6 @@ Source6:selinux-polgengui.desktop Source7:selinux-polgengui.console Source8:policycoreutils_man_ru2.tar.bz2 -Source9:sandbox.init Patch0: policycoreutils-rhat.patch.bz2 Patch1: policycoreutils-po.patch.bz2 Patch2: policycoreutils-gui.patch.bz2 @@ -47,17 +45,28 @@ Patch4: policycoreutils-initscript.patch Patch5: policycoreutils-pam-common.patch Patch6: policycoreutils-setup_py-prefix.patch -Patch7: policycoreutils-gnusource.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: gettext libcap-devel pam-devel python-devel update-desktop-files -BuildRequires: libsepol-devel-static >= %{libsepol_ver} -BuildRequires: libsemanage-devel >= %{libsemanage_ver} -BuildRequires: libselinux-devel >= %{libselinux_ver} BuildRequires: audit-devel >= %{libaudit_ver} -BuildRequires: libcap-ng-devel BuildRequires: dbus-1-glib-devel -PreReq: %insserv_prereq %fillup_prereq permissions -Requires: util-linux gawk rpm checkpolicy python-selinux audit-libs-python +BuildRequires: fdupes +BuildRequires: gettext +BuildRequires: libcap-devel +BuildRequires: libcap-ng-devel +BuildRequires: libcgroup-devel +BuildRequires: libselinux-devel >= %{libselinux_ver} +BuildRequires: libsemanage-devel >= %{libsemanage_ver} +BuildRequires: libsepol-devel-static >= %{libsepol_ver} +BuildRequires: pam-devel +BuildRequires: python-devel +BuildRequires: update-desktop-files +Requires(pre): %insserv_prereq %fillup_prereq permissions +Requires: util-linux +Requires: