From 6bd4f3c633ec0fa0a830d8a3b6e66c1ea9b9ae38 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Sat, 16 Dec 2023 16:21:31 +0800 Subject: libsemanage: upgrade 3.5 -> 3.6 * Refresh patches Signed-off-by: Yi Zhao Signed-off-by: Joe MacDonald --- ...ibsemanage-Fix-execve-segfaults-on-Ubuntu.patch | 4 +- ...ibsemanage-allow-to-disable-audit-support.patch | 22 ++++----- ...anage-disable-expand-check-on-policy-load.patch | 2 +- recipes-security/selinux/libsemanage_3.5.bb | 56 ---------------------- recipes-security/selinux/libsemanage_3.6.bb | 56 ++++++++++++++++++++++ 5 files changed, 70 insertions(+), 70 deletions(-) delete mode 100644 recipes-security/selinux/libsemanage_3.5.bb create mode 100644 recipes-security/selinux/libsemanage_3.6.bb diff --git a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch index 5a03d30..daaeb3b 100644 --- a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch +++ b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch @@ -1,4 +1,4 @@ -From 2111f86dce8defd9bebd9b43008339e3b5af0aa7 Mon Sep 17 00:00:00 2001 +From a91134e98ba4b3b6645d12bb68a07976b60f86c8 Mon Sep 17 00:00:00 2001 From: Xin Ouyang Date: Mon, 26 Mar 2012 15:15:16 +0800 Subject: [PATCH] libsemanage: Fix execve segfaults on Ubuntu. @@ -17,7 +17,7 @@ Signed-off-by: Yi Zhao 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/semanage_store.c b/src/semanage_store.c -index 14a0957..0a9200e 100644 +index 27c5d34..519f298 100644 --- a/src/semanage_store.c +++ b/src/semanage_store.c @@ -1470,7 +1470,7 @@ static int semanage_exec_prog(semanage_handle_t * sh, diff --git a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch index 19263d8..e9df8be 100644 --- a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch +++ b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch @@ -1,4 +1,4 @@ -From 5718384543ff06ad4032e90291f9e4398a2749c4 Mon Sep 17 00:00:00 2001 +From c96010440e7a2a87787a535fd0f9ccf26a2b4a5e Mon Sep 17 00:00:00 2001 From: Wenzong Fan Date: Mon, 20 Jan 2014 03:53:48 -0500 Subject: [PATCH] libsemanage: allow to disable audit support @@ -13,10 +13,10 @@ Signed-off-by: Wenzong Fan 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/src/Makefile b/src/Makefile -index 71c2a1d..52f335e 100644 +index d525996..2f5e159 100644 --- a/src/Makefile +++ b/src/Makefile -@@ -26,6 +26,14 @@ ifeq ($(DEBUG),1) +@@ -27,6 +27,14 @@ ifeq ($(DEBUG),1) export LDFLAGS ?= -g endif @@ -31,17 +31,17 @@ index 71c2a1d..52f335e 100644 LEX = flex LFLAGS = -s YACC = bison -@@ -89,7 +97,7 @@ $(LIBA): $(OBJS) +@@ -90,7 +98,7 @@ $(LIBA): $(OBJS) $(RANLIB) $@ $(LIBSO): $(LOBJS) -- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs -+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol $(LIBAUDIT) -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs +- $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs ++ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol $(LIBAUDIT) -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs ln -sf $@ $(TARGET) $(LIBPC): $(LIBPC).in ../VERSION diff --git a/src/seusers_local.c b/src/seusers_local.c -index 6508ec0..1b26956 100644 +index 795a33d..6539cdf 100644 --- a/src/seusers_local.c +++ b/src/seusers_local.c @@ -8,7 +8,11 @@ typedef struct semanage_seuser record_t; @@ -56,7 +56,7 @@ index 6508ec0..1b26956 100644 #include #include "user_internal.h" #include "seuser_internal.h" -@@ -55,6 +59,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename) +@@ -56,6 +60,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename) return roles; } @@ -64,7 +64,7 @@ index 6508ec0..1b26956 100644 static int semanage_seuser_audit(semanage_handle_t * handle, const semanage_seuser_t * seuser, const semanage_seuser_t * previous, -@@ -119,6 +124,7 @@ err: +@@ -120,6 +125,7 @@ err: free(proles); return rc; } @@ -72,7 +72,7 @@ index 6508ec0..1b26956 100644 int semanage_seuser_modify_local(semanage_handle_t * handle, const semanage_seuser_key_t * key, -@@ -163,8 +169,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle, +@@ -164,8 +170,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle, (void) semanage_seuser_query(handle, key, &previous); handle->msg_callback = callback; rc = dbase_modify(handle, dconfig, key, new); @@ -84,7 +84,7 @@ index 6508ec0..1b26956 100644 err: if (previous) semanage_seuser_free(previous); -@@ -180,8 +189,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle, +@@ -181,8 +190,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle, dbase_config_t *dconfig = semanage_seuser_dbase_local(handle); rc = dbase_del(handle, dconfig, key); semanage_seuser_query(handle, key, &seuser); diff --git a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch index 6e0faeb..d880e1e 100644 --- a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch +++ b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch @@ -1,4 +1,4 @@ -From dd52bfb66d710473aeb75c5fe92d5cf0a66b637e Mon Sep 17 00:00:00 2001 +From 7af73c1684ce0e30ce0cd58b51708bde1e3a1984 Mon Sep 17 00:00:00 2001 From: Joe MacDonald Date: Wed, 7 May 2014 11:36:27 -0400 Subject: [PATCH] libsemanage: disable expand-check on policy load diff --git a/recipes-security/selinux/libsemanage_3.5.bb b/recipes-security/selinux/libsemanage_3.5.bb deleted file mode 100644 index 93eb870..0000000 --- a/recipes-security/selinux/libsemanage_3.5.bb +++ /dev/null @@ -1,56 +0,0 @@ -SUMMARY = "SELinux binary policy manipulation library" -DESCRIPTION = "libsemanage provides an API for the manipulation of SELinux binary policies. \ -It is used by checkpolicy (the policy compiler) and similar tools, as well \ -as by programs like load_policy that need to perform specific transformations \ -on binary policies such as customizing policy boolean settings." -SECTION = "base" -LICENSE = "LGPL-2.1-or-later" -LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=a6f89e2100d9b6cdffcea4f398e37343" - -require selinux_common.inc - -inherit lib_package python3native - -SRC_URI += "file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \ - file://libsemanage-allow-to-disable-audit-support.patch \ - file://libsemanage-disable-expand-check-on-policy-load.patch \ - " - -DEPENDS = "libsepol libselinux python3 bison-native swig-native" - -DEPENDS:append:class-target = " audit" - -S = "${WORKDIR}/git/libsemanage" - -EXTRA_OEMAKE:class-native = "DISABLE_AUDIT=y" - -PACKAGES =+ "${PN}-python" - -# For /usr/libexec/selinux/semanage_migrate_store -RDEPENDS:${PN}-python = "python3-core" - -FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}/* \ - ${libexecdir}/selinux/semanage_migrate_store" -FILES:${PN}-dbg += "${PYTHON_SITEPACKAGES_DIR}/.debug/*" -FILES:${PN} += "${libexecdir}" - -do_compile:append() { - oe_runmake pywrap \ - PYLIBVER='python${PYTHON_BASEVERSION}' \ - PYINC='-I${STAGING_INCDIR}/${PYLIBVER}' \ - PYLIBS='-L${STAGING_LIBDIR}/${PYLIBVER} -l${PYLIBVER}' -} - -do_install:append() { - oe_runmake install-pywrap \ - DESTDIR=${D} \ - PYCEXT='.so' \ - PYLIBVER='python${PYTHON_BASEVERSION}' \ - PYTHONLIBDIR='${PYTHON_SITEPACKAGES_DIR}' - - # Update "policy-version" for semanage.conf - sed -i 's/^#\s*\(policy-version\s*=\).*$/\1 33/' \ - ${D}/etc/selinux/semanage.conf -} - -BBCLASSEXTEND = "native" diff --git a/recipes-security/selinux/libsemanage_3.6.bb b/recipes-security/selinux/libsemanage_3.6.bb new file mode 100644 index 0000000..93eb870 --- /dev/null +++ b/recipes-security/selinux/libsemanage_3.6.bb @@ -0,0 +1,56 @@ +SUMMARY = "SELinux binary policy manipulation library" +DESCRIPTION = "libsemanage provides an API for the manipulation of SELinux binary policies. \ +It is used by checkpolicy (the policy compiler) and similar tools, as well \ +as by programs like load_policy that need to perform specific transformations \ +on binary policies such as customizing policy boolean settings." +SECTION = "base" +LICENSE = "LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=a6f89e2100d9b6cdffcea4f398e37343" + +require selinux_common.inc + +inherit lib_package python3native + +SRC_URI += "file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \ + file://libsemanage-allow-to-disable-audit-support.patch \ + file://libsemanage-disable-expand-check-on-policy-load.patch \ + " + +DEPENDS = "libsepol libselinux python3 bison-native swig-native" + +DEPENDS:append:class-target = " audit" + +S = "${WORKDIR}/git/libsemanage" + +EXTRA_OEMAKE:class-native = "DISABLE_AUDIT=y" + +PACKAGES =+ "${PN}-python" + +# For /usr/libexec/selinux/semanage_migrate_store +RDEPENDS:${PN}-python = "python3-core" + +FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}/* \ + ${libexecdir}/selinux/semanage_migrate_store" +FILES:${PN}-dbg += "${PYTHON_SITEPACKAGES_DIR}/.debug/*" +FILES:${PN} += "${libexecdir}" + +do_compile:append() { + oe_runmake pywrap \ + PYLIBVER='python${PYTHON_BASEVERSION}' \ + PYINC='-I${STAGING_INCDIR}/${PYLIBVER}' \ + PYLIBS='-L${STAGING_LIBDIR}/${PYLIBVER} -l${PYLIBVER}' +} + +do_install:append() { + oe_runmake install-pywrap \ + DESTDIR=${D} \ + PYCEXT='.so' \ + PYLIBVER='python${PYTHON_BASEVERSION}' \ + PYTHONLIBDIR='${PYTHON_SITEPACKAGES_DIR}' + + # Update "policy-version" for semanage.conf + sed -i 's/^#\s*\(policy-version\s*=\).*$/\1 33/' \ + ${D}/etc/selinux/semanage.conf +} + +BBCLASSEXTEND = "native" -- cgit v1.2.3-54-g00ecf