Hello community,
here is the log from the commit of package libselinux
checked in at Fri Sep 5 21:50:58 CEST 2008.
--------
--- libselinux/libselinux-bindings.changes 2008-08-22 16:13:45.000000000 +0200
+++ libselinux/libselinux-bindings.changes 2008-09-02 12:10:11.000000000 +0200
@@ -1,0 +2,11 @@
+Tue Sep 2 12:10:05 CEST 2008 - prusnak@suse.cz
+
+- updated to 2.0.71
+ * Merge ruby bindings from Dan Walsh.
+
+-------------------------------------------------------------------
+Mon Sep 1 07:35:00 CEST 2008 - aj@suse.de
+
+- Fix build of debuginfo.
+
+-------------------------------------------------------------------
--- libselinux/libselinux.changes 2008-08-22 16:13:52.000000000 +0200
+++ libselinux/libselinux.changes 2008-09-02 12:10:03.000000000 +0200
@@ -1,0 +2,8 @@
+Tue Sep 2 12:09:22 CEST 2008 - prusnak@suse.cz
+
+- updated to 2.0.71
+ * Add group support to seusers using %groupname syntax from Dan Walsh.
+ * Mark setrans socket close-on-exec from Stephen Smalley.
+ * Only apply nodups checking to base file contexts from Stephen Smalley.
+
+-------------------------------------------------------------------
Old:
----
libselinux-2.0.67-rhat.patch
libselinux-2.0.67.tar.bz2
New:
----
libselinux-2.0.71-rhat.patch
libselinux-2.0.71.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libselinux-bindings.spec ++++++
--- /var/tmp/diff_new_pack.x27314/_old 2008-09-05 21:48:33.000000000 +0200
+++ /var/tmp/diff_new_pack.x27314/_new 2008-09-05 21:48:33.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package libselinux-bindings (Version 2.0.67)
+# spec file for package libselinux-bindings (Version 2.0.71)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -22,7 +22,7 @@
BuildRequires: libsepol-devel >= %{libsepol_ver}
Name: libselinux-bindings
-Version: 2.0.67
+Version: 2.0.71
Release: 1
Url: http://www.nsa.gov/selinux/
License: GPL v2 only; Public Domain, Freeware
@@ -31,6 +31,7 @@
Source: libselinux-%{version}.tar.bz2
Patch0: libselinux-%{version}-rhat.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
+%define debug_package_requires python-selinux = %{version}-%{version}
%description
Security-enhanced Linux is a feature of the Linux(R) kernel and a
@@ -105,10 +106,12 @@
make %{?jobs:-j%jobs} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src
make %{?jobs:-j%jobs} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src swigify
make %{?jobs:-j%jobs} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src pywrap
+make %{?jobs:-j%jobs} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src rubywrap
%install
make DESTDIR="$RPM_BUILD_ROOT" LIBDIR="$RPM_BUILD_ROOT%{_libdir}" SHLIBDIR="$RPM_BUILD_ROOT/%{_lib}" -C src install
make DESTDIR="$RPM_BUILD_ROOT" LIBDIR="$RPM_BUILD_ROOT%{_libdir}" SHLIBDIR="$RPM_BUILD_ROOT/%{_lib}" -C src install-pywrap
+make DESTDIR="$RPM_BUILD_ROOT" LIBDIR="$RPM_BUILD_ROOT%{_libdir}" SHLIBDIR="$RPM_BUILD_ROOT/%{_lib}" -C src install-rubywrap
rm -rf $RPM_BUILD_ROOT/%{_lib} $RPM_BUILD_ROOT%{_libdir}/libselinux.*
%clean
@@ -124,6 +127,11 @@
%{_libdir}/ruby/site_ruby/%{rb_ver}/%{rb_arch}/selinux.so
%changelog
+* Tue Sep 02 2008 prusnak@suse.cz
+- updated to 2.0.71
+ * Merge ruby bindings from Dan Walsh.
+* Mon Sep 01 2008 aj@suse.de
+- Fix build of debuginfo.
* Fri Aug 22 2008 prusnak@suse.cz
- added baselibs.conf file
- split bindings into separate subpackage (libselinux-bindings)
++++++ libselinux.spec ++++++
--- /var/tmp/diff_new_pack.x27314/_old 2008-09-05 21:48:33.000000000 +0200
+++ /var/tmp/diff_new_pack.x27314/_new 2008-09-05 21:48:33.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package libselinux (Version 2.0.67)
+# spec file for package libselinux (Version 2.0.71)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -21,8 +21,8 @@
BuildRequires: libsepol-devel >= %{libsepol_ver}
Name: libselinux
-Version: 2.0.67
-Release: 3
+Version: 2.0.71
+Release: 1
Url: http://www.nsa.gov/selinux/
License: GPL v2 only; Public Domain, Freeware
Group: System/Libraries
@@ -30,7 +30,7 @@
Source: %{name}-%{version}.tar.bz2
Patch0: %{name}-%{version}-rhat.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-%define debug_package_requires libselinux1 = %{version}
+%define debug_package_requires libselinux1 = %{version}-%{release}
%description
Security-enhanced Linux is a feature of the Linux(R) kernel and a
@@ -181,6 +181,11 @@
%{_mandir}/man3/*
%changelog
+* Tue Sep 02 2008 prusnak@suse.cz
+- updated to 2.0.71
+ * Add group support to seusers using %%groupname syntax from Dan Walsh.
+ * Mark setrans socket close-on-exec from Stephen Smalley.
+ * Only apply nodups checking to base file contexts from Stephen Smalley.
* Fri Aug 22 2008 prusnak@suse.cz
- added baselibs.conf file
- split bindings into separate subpackage (libselinux-bindings)
++++++ libselinux-2.0.67-rhat.patch -> libselinux-2.0.71-rhat.patch ++++++
--- libselinux/libselinux-2.0.67-rhat.patch 2008-07-09 22:57:21.000000000 +0200
+++ libselinux/libselinux-2.0.71-rhat.patch 2008-08-05 16:05:15.000000000 +0200
@@ -1,21 +1,27 @@
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux-2.0.67/man/man3/freecon.3
---- nsalibselinux/man/man3/freecon.3 2008-06-12 23:25:12.000000000 -0400
-+++ libselinux-2.0.67/man/man3/freecon.3 2008-07-09 16:52:33.000000000 -0400
-@@ -15,6 +15,11 @@
- .B freeconary
- frees the memory allocated for a context array.
-
-+If
-+.I con
-+is NULL, no operation is performed.
-+
-+
- .SH "SEE ALSO"
- .BR selinux "(8)"
-
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.67/man/man8/selinuxconlist.8
+diff --exclude-from=exclude -N -u -r nsalibselinux/ChangeLog libselinux-2.0.70/ChangeLog
+--- nsalibselinux/ChangeLog 2008-08-05 09:58:25.000000000 -0400
++++ libselinux-2.0.70/ChangeLog 2008-08-01 06:51:25.000000000 -0400
+@@ -1,11 +1,3 @@
+-2.0.71 2008-08-05
+- * Add group support to seusers using %groupname syntax from Dan Walsh.
+- * Mark setrans socket close-on-exec from Stephen Smalley.
+- * Only apply nodups checking to base file contexts from Stephen Smalley.
+-
+-2.0.70 2008-07-30
+- * Merge ruby bindings from Dan Walsh.
+-
+ 2.0.69 2008-07-29
+ * Handle duplicate file context regexes as a fatal error from Stephen Smalley.
+ This prevents adding them via semanage.
+diff --exclude-from=exclude -N -u -r nsalibselinux/VERSION libselinux-2.0.70/VERSION
+--- nsalibselinux/VERSION 2008-08-05 09:58:25.000000000 -0400
++++ libselinux-2.0.70/VERSION 2008-08-01 06:51:25.000000000 -0400
+@@ -1 +1 @@
+-2.0.71
++2.0.69
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.70/man/man8/selinuxconlist.8
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.67/man/man8/selinuxconlist.8 2008-07-09 16:52:33.000000000 -0400
++++ libselinux-2.0.70/man/man8/selinuxconlist.8 2008-08-01 06:51:25.000000000 -0400
@@ -0,0 +1,18 @@
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
@@ -35,9 +41,9 @@
+
+.SH "SEE ALSO"
+secon(8), selinuxdefcon(8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.67/man/man8/selinuxdefcon.8
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.70/man/man8/selinuxdefcon.8
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.67/man/man8/selinuxdefcon.8 2008-07-09 16:52:33.000000000 -0400
++++ libselinux-2.0.70/man/man8/selinuxdefcon.8 2008-08-01 06:51:25.000000000 -0400
@@ -0,0 +1,19 @@
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
@@ -58,147 +64,20 @@
+
+.SH "SEE ALSO"
+secon(8), selinuxconlist(8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.67/src/Makefile
---- nsalibselinux/src/Makefile 2008-06-22 09:40:25.000000000 -0400
-+++ libselinux-2.0.67/src/Makefile 2008-07-09 16:56:37.000000000 -0400
-@@ -7,16 +7,24 @@
- PYINC ?= /usr/include/$(PYLIBVER)
- PYLIB ?= /usr/lib/$(PYLIBVER)
- PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
-+RUBYLIBVER ?= $(shell ruby -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
-+RUBYPLATFORM ?= $(shell ruby -e 'print RUBY_PLATFORM')
-+RUBYINC ?= $(LIBDIR)/ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
-+RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
-
- LIBVERSION = 1
-
- LIBA=libselinux.a
- TARGET=libselinux.so
- SWIGIF= selinuxswig_python.i
-+SWIGRUBYIF= selinuxswig_ruby.i
- SWIGCOUT= selinuxswig_wrap.c
-+SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
- SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT))
-+SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT))
- SWIGSO=_selinux.so
- SWIGFILES=$(SWIGSO) selinux.py
-+SWIGRUBYSO=_rubyselinux.so
- LIBSO=$(TARGET).$(LIBVERSION)
- AUDIT2WHYSO=audit2why.so
-
-@@ -29,7 +37,9 @@
- ifeq ($(DISABLE_RPM),y)
- UNUSED_SRCS+=rpm.c
- endif
--SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(SWIGCOUT),$(wildcard *.c)))
-+
-+GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT)
-+SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(GENERATED),$(wildcard *.c)))
-
- OBJS= $(patsubst %.c,%.o,$(SRCS))
- LOBJS= $(patsubst %.c,%.lo,$(SRCS))
-@@ -44,11 +54,11 @@
-
- SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
-
--GENERATED=$(SWIGCOUT)
-+SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./
-
- all: $(LIBA) $(LIBSO)
-
--pywrap: all $(SWIGSO) $(AUDIT2WHYSO)
-+pywrap: all $(SWIGSO) $(AUDIT2WHYSO) $(SWIGRUBYSO)
-
- $(LIBA): $(OBJS)
- $(AR) rcs $@ $^
-@@ -57,8 +67,14 @@
- $(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
-
-+$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
-+ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(RUBYINC) -fPIC -DSHARED -c -o $@ $<
-+
- $(SWIGSO): $(SWIGLOBJ)
-- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
-+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
-+
-+$(SWIGRUBYSO): $(SWIGRUBYLOBJ)
-+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
-
- $(LIBSO): $(LOBJS)
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
-@@ -79,6 +95,9 @@
- $(SWIGCOUT): $(SWIGIF)
- $(SWIG) $^
-
-+$(SWIGRUBYCOUT): $(SWIGRUBYIF)
-+ $(SWIGRUBY) $^
-+
- swigify: $(SWIGIF)
- $(SWIG) $^
-
-@@ -95,6 +114,9 @@
- install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux
- install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py
-
-+ test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
-+ install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so
-+
- relabel:
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
-
-@@ -102,7 +124,7 @@
- -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~
-
- distclean: clean
-- rm -f $(SWIGCOUT) $(SWIGFILES)
-+ rm -f $(GENERATED) $(SWIGFILES)
-
- indent:
- ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.0.67/src/audit2why.c
---- nsalibselinux/src/audit2why.c 2008-06-12 23:25:14.000000000 -0400
-+++ libselinux-2.0.67/src/audit2why.c 2008-07-09 16:52:33.000000000 -0400
-@@ -55,7 +55,7 @@
- return 0;
- }
-
--static int check_booleans(struct avc_t *avc, struct boolean_t **bools)
-+static int check_booleans(struct boolean_t **bools)
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.70/src/callbacks.c
+--- nsalibselinux/src/callbacks.c 2008-06-12 23:25:14.000000000 -0400
++++ libselinux-2.0.70/src/callbacks.c 2008-08-01 06:51:25.000000000 -0400
+@@ -16,6 +16,7 @@
{
- char errormsg[PATH_MAX];
- struct sepol_av_decision avd;
-@@ -376,7 +376,7 @@
- avc->tsid = tsid;
- avc->tclass = tclass;
- avc->av = av;
-- if (check_booleans(avc, &bools) == 0) {
-+ if (check_booleans(&bools) == 0) {
- if (av & ~avd.auditdeny) {
- RETURN(DONTAUDIT)
- } else {
-@@ -390,15 +390,15 @@
- len++; b++;
- }
- b = bools;
-- PyObject *boollist = PyTuple_New(len);
-+ PyObject *outboollist = PyTuple_New(len);
- len=0;
- while(b->name) {
- PyObject *bool = Py_BuildValue("(si)", b->name, b->active);
-- PyTuple_SetItem(boollist, len++, bool);
-+ PyTuple_SetItem(outboollist, len++, bool);
- b++;
- }
- free(bools);
-- PyTuple_SetItem(result, 1, boollist);
-+ PyTuple_SetItem(result, 1, outboollist);
- return result;
- }
- }
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.67/src/matchpathcon.c
+ int rc;
+ va_list ap;
++ if (is_selinux_enabled() == 0) return 0;
+ va_start(ap, fmt);
+ rc = vfprintf(stderr, fmt, ap);
+ va_end(ap);
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.70/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2008-06-12 23:25:14.000000000 -0400
-+++ libselinux-2.0.67/src/matchpathcon.c 2008-07-09 16:52:33.000000000 -0400
++++ libselinux-2.0.70/src/matchpathcon.c 2008-08-01 06:51:25.000000000 -0400
@@ -2,6 +2,7 @@
#include
#include
@@ -216,154 +95,3 @@
va_end(ap);
}
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_ruby.i libselinux-2.0.67/src/selinuxswig_ruby.i
---- nsalibselinux/src/selinuxswig_ruby.i 1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.67/src/selinuxswig_ruby.i 2008-07-09 16:52:33.000000000 -0400
-@@ -0,0 +1,147 @@
-+/* Author: James Athey
-+ */
-+
-+%module selinux
-+%{
-+ #include "selinux/selinux.h"
-+%}
-+
-+/* security_get_boolean_names() typemap */
-+/*
-+%typemap(argout) (char ***names, int *len) {
-+ PyObject* list = PyList_New(*$2);
-+ int i;
-+ for (i = 0; i < *$2; i++) {
-+ PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
-+ }
-+ $result = SWIG_Python_AppendOutput($result, list);
-+}
-+*/
-+/* return a sid along with the result */
-+%typemap(argout) (security_id_t * sid) {
-+ if (*$1) {
-+ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0));
-+ }
-+/* else {
-+ Py_INCREF(Py_None);
-+ %append_output(Py_None);
-+ }
-+*/
-+}
-+
-+%typemap(in,numinputs=0) security_id_t *(security_id_t temp) {
-+ $1 = &temp;
-+}
-+
-+/* Makes security_compute_user() return a Python list of contexts */
-+/*
-+%typemap(argout) (security_context_t **con) {
-+ PyObject* plist;
-+ int i, len = 0;
-+
-+ if (*$1) {
-+ while((*$1)[len])
-+ len++;
-+ plist = PyList_New(len);
-+ for (i = 0; i < len; i++) {
-+ PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
-+ }
-+ } else {
-+ plist = PyList_New(0);
-+ }
-+
-+ $result = SWIG_Python_AppendOutput($result, plist);
-+}
-+*/
-+/* Makes functions in get_context_list.h return a Python list of contexts */
-+
-+#ifdef fixme
-+%typemap(argout) (security_context_t **list) {
-+ PyObject* plist;
-+ int i;
-+
-+ if (*$1) {
-+ plist = PyList_New(result);
-+ for (i = 0; i < result; i++) {
-+ PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
-+ }
-+ } else {
-+ plist = PyList_New(0);
-+ }
-+ /* Only return the Python list, don't need to return the length anymore */
-+ $result = plist;
-+}
-+#endif
-+
-+%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) {
-+ $1 = &temp;
-+}
-+%typemap(freearg,match="in") security_context_t * "";
-+%typemap(argout,noblock=1) security_context_t * {
-+ if (*$1) {
-+ %append_output(SWIG_FromCharPtr(*$1));
-+ freecon(*$1);
-+ }
-+/*
-+ else {
-+ Py_INCREF(Py_None);
-+ %append_output(Py_None);
-+ }
-+*/
-+}
-+
-+%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) {
-+ $1 = &temp;
-+}
-+%typemap(freearg,match="in") char ** "";
-+%typemap(argout,noblock=1) char ** {
-+ if (*$1) {
-+ %append_output(SWIG_FromCharPtr(*$1));
-+ free(*$1);
-+ }
-+/*
-+ else {
-+ Py_INCREF(Py_None);
-+ %append_output(Py_None);
-+ }
-+*/
-+}
-+/*
-+%typemap(in) char * const [] {
-+ int i, size;
-+ PyObject * s;
-+
-+ if (!PySequence_Check($input)) {
-+ PyErr_SetString(PyExc_ValueError, "Expected a sequence");
-+ return NULL;
-+ }
-+
-+ size = PySequence_Size($input);
-+
-+ $1 = (char**) malloc(size + 1);
-+ for(i = 0; i < size; i++) {
-+ if (!PyString_Check(PySequence_GetItem($input, i))) {
-+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
-+ return NULL;
-+ }
-+ }
-+
-+ for(i = 0; i < size; i++) {
-+ s = PySequence_GetItem($input, i);
-+ $1[i] = (char*) malloc(PyString_Size(s) + 1);
-+ strcpy($1[i], PyString_AsString(s));
-+ }
-+ $1[size] = NULL;
-+}
-+*/
-+
-+%typemap(freearg,match="in") char * const [] {
-+ int i = 0;
-+ while($1[i]) {
-+ free($1[i]);
-+ i++;
-+ }
-+ free($1);
-+}
-+
-+%include "selinuxswig.i"
++++++ libselinux-2.0.67.tar.bz2 -> libselinux-2.0.71.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/ChangeLog new/libselinux-2.0.71/ChangeLog
--- old/libselinux-2.0.67/ChangeLog 2008-06-22 15:44:36.000000000 +0200
+++ new/libselinux-2.0.71/ChangeLog 2008-08-05 15:58:47.000000000 +0200
@@ -1,3 +1,19 @@
+2.0.71 2008-08-05
+ * Add group support to seusers using %groupname syntax from Dan Walsh.
+ * Mark setrans socket close-on-exec from Stephen Smalley.
+ * Only apply nodups checking to base file contexts from Stephen Smalley.
+
+2.0.70 2008-07-30
+ * Merge ruby bindings from Dan Walsh.
+
+2.0.69 2008-07-29
+ * Handle duplicate file context regexes as a fatal error from Stephen Smalley.
+ This prevents adding them via semanage.
+
+2.0.68 2008-07-18
+ * Fix audit2why shadowed variables from Stephen Smalley.
+ * Note that freecon NULL is legal in man page from Karel Zak.
+
2.0.67 2008-06-13
* New and revised AVC, label, and mapping man pages from Eamon Walsh.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/Makefile new/libselinux-2.0.71/Makefile
--- old/libselinux-2.0.67/Makefile 2008-06-22 15:44:37.000000000 +0200
+++ new/libselinux-2.0.71/Makefile 2008-08-05 15:58:48.000000000 +0200
@@ -29,6 +29,9 @@
pywrap:
$(MAKE) -C src pywrap
+rubywrap:
+ $(MAKE) -C src rubywrap
+
install:
$(MAKE) -C include install
$(MAKE) -C src install
@@ -38,6 +41,9 @@
install-pywrap:
$(MAKE) -C src install-pywrap
+install-rubywrap:
+ $(MAKE) -C src install-rubywrap
+
relabel:
$(MAKE) -C src relabel
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/man/man3/freecon.3 new/libselinux-2.0.71/man/man3/freecon.3
--- old/libselinux-2.0.67/man/man3/freecon.3 2008-06-22 15:44:36.000000000 +0200
+++ new/libselinux-2.0.71/man/man3/freecon.3 2008-08-05 15:58:47.000000000 +0200
@@ -15,6 +15,11 @@
.B freeconary
frees the memory allocated for a context array.
+If
+.I con
+is NULL, no operation is performed.
+
+
.SH "SEE ALSO"
.BR selinux "(8)"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/src/audit2why.c new/libselinux-2.0.71/src/audit2why.c
--- old/libselinux-2.0.67/src/audit2why.c 2008-06-22 15:44:37.000000000 +0200
+++ new/libselinux-2.0.71/src/audit2why.c 2008-08-05 15:58:48.000000000 +0200
@@ -55,7 +55,7 @@
return 0;
}
-static int check_booleans(struct avc_t *avc, struct boolean_t **bools)
+static int check_booleans(struct boolean_t **bools)
{
char errormsg[PATH_MAX];
struct sepol_av_decision avd;
@@ -376,7 +376,7 @@
avc->tsid = tsid;
avc->tclass = tclass;
avc->av = av;
- if (check_booleans(avc, &bools) == 0) {
+ if (check_booleans(&bools) == 0) {
if (av & ~avd.auditdeny) {
RETURN(DONTAUDIT)
} else {
@@ -390,15 +390,15 @@
len++; b++;
}
b = bools;
- PyObject *boollist = PyTuple_New(len);
+ PyObject *outboollist = PyTuple_New(len);
len=0;
while(b->name) {
PyObject *bool = Py_BuildValue("(si)", b->name, b->active);
- PyTuple_SetItem(boollist, len++, bool);
+ PyTuple_SetItem(outboollist, len++, bool);
b++;
}
free(bools);
- PyTuple_SetItem(result, 1, boollist);
+ PyTuple_SetItem(result, 1, outboollist);
return result;
}
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/src/label_file.c new/libselinux-2.0.71/src/label_file.c
--- old/libselinux-2.0.67/src/label_file.c 2008-06-22 15:44:37.000000000 +0200
+++ new/libselinux-2.0.71/src/label_file.c 2008-08-05 15:58:48.000000000 +0200
@@ -146,8 +146,9 @@
/*
* Warn about duplicate specifications.
*/
-static void nodups_specs(struct saved_data *data, const char *path)
+static int nodups_specs(struct saved_data *data, const char *path)
{
+ int rc = 0;
unsigned int ii, jj;
struct spec *curr_spec, *spec_arr = data->spec_arr;
@@ -158,24 +159,27 @@
(spec_arr[jj].regex_str, curr_spec->regex_str))
&& (!spec_arr[jj].mode || !curr_spec->mode
|| spec_arr[jj].mode == curr_spec->mode)) {
+ rc = -1;
+ errno = EINVAL;
if (strcmp
(spec_arr[jj].lr.ctx_raw,
curr_spec->lr.ctx_raw)) {
COMPAT_LOG
- (SELINUX_WARNING,
+ (SELINUX_ERROR,
"%s: Multiple different specifications for %s (%s and %s).\n",
path, curr_spec->regex_str,
spec_arr[jj].lr.ctx_raw,
curr_spec->lr.ctx_raw);
} else {
COMPAT_LOG
- (SELINUX_WARNING,
+ (SELINUX_ERROR,
"%s: Multiple same specifications for %s.\n",
path, curr_spec->regex_str);
}
}
}
}
+ return rc;
}
/* Determine if the regular expression specification has any meta characters. */
@@ -464,6 +468,11 @@
pass, ++lineno) != 0)
goto finish;
}
+ if (pass == 1) {
+ status = nodups_specs(data, path);
+ if (status)
+ goto finish;
+ }
lineno = 0;
if (homedirfp)
while (getline(&line_buf, &line_len, homedirfp) > 0
@@ -519,8 +528,6 @@
free(data->spec_arr);
data->spec_arr = spec_copy;
- nodups_specs(data, path);
-
status = 0;
finish:
fclose(fp);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/src/Makefile new/libselinux-2.0.71/src/Makefile
--- old/libselinux-2.0.67/src/Makefile 2008-06-22 15:44:37.000000000 +0200
+++ new/libselinux-2.0.71/src/Makefile 2008-08-05 15:58:48.000000000 +0200
@@ -7,16 +7,24 @@
PYINC ?= /usr/include/$(PYLIBVER)
PYLIB ?= /usr/lib/$(PYLIBVER)
PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
+RUBYLIBVER ?= $(shell ruby -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
+RUBYPLATFORM ?= $(shell ruby -e 'print RUBY_PLATFORM')
+RUBYINC ?= $(LIBDIR)/ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
+RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
LIBVERSION = 1
LIBA=libselinux.a
TARGET=libselinux.so
SWIGIF= selinuxswig_python.i
+SWIGRUBYIF= selinuxswig_ruby.i
SWIGCOUT= selinuxswig_wrap.c
+SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT))
+SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT))
SWIGSO=_selinux.so
SWIGFILES=$(SWIGSO) selinux.py
+SWIGRUBYSO=_rubyselinux.so
LIBSO=$(TARGET).$(LIBVERSION)
AUDIT2WHYSO=audit2why.so
@@ -29,7 +37,9 @@
ifeq ($(DISABLE_RPM),y)
UNUSED_SRCS+=rpm.c
endif
-SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(SWIGCOUT),$(wildcard *.c)))
+
+GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT)
+SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(GENERATED),$(wildcard *.c)))
OBJS= $(patsubst %.c,%.o,$(SRCS))
LOBJS= $(patsubst %.c,%.lo,$(SRCS))
@@ -44,12 +54,14 @@
SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
-GENERATED=$(SWIGCOUT)
+SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./
all: $(LIBA) $(LIBSO)
pywrap: all $(SWIGSO) $(AUDIT2WHYSO)
+rubywrap: all $(SWIGRUBYSO)
+
$(LIBA): $(OBJS)
$(AR) rcs $@ $^
$(RANLIB) $@
@@ -57,9 +69,15 @@
$(SWIGLOBJ): $(SWIGCOUT)
$(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
+ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(RUBYINC) -fPIC -DSHARED -c -o $@ $<
+
$(SWIGSO): $(SWIGLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
+$(SWIGRUBYSO): $(SWIGRUBYLOBJ)
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
+
$(LIBSO): $(LOBJS)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
ln -sf $@ $(TARGET)
@@ -79,6 +97,9 @@
$(SWIGCOUT): $(SWIGIF)
$(SWIG) $^
+$(SWIGRUBYCOUT): $(SWIGRUBYIF)
+ $(SWIGRUBY) $^
+
swigify: $(SWIGIF)
$(SWIG) $^
@@ -95,6 +116,10 @@
install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux
install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py
+install-rubywrap: rubywrap
+ test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
+ install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so
+
relabel:
/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
@@ -102,7 +127,7 @@
-rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~
distclean: clean
- rm -f $(SWIGCOUT) $(SWIGFILES)
+ rm -f $(GENERATED) $(SWIGFILES)
indent:
../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/src/selinuxswig_ruby.i new/libselinux-2.0.71/src/selinuxswig_ruby.i
--- old/libselinux-2.0.67/src/selinuxswig_ruby.i 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.71/src/selinuxswig_ruby.i 2008-08-05 15:58:48.000000000 +0200
@@ -0,0 +1,52 @@
+/* Author: Dan Walsh
+ Based on selinuxswig_python.i by James Athey
+ */
+
+%module selinux
+%{
+ #include "selinux/selinux.h"
+%}
+
+/* return a sid along with the result */
+%typemap(argout) (security_id_t * sid) {
+ if (*$1) {
+ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0));
+ }
+}
+
+%typemap(in,numinputs=0) security_id_t *(security_id_t temp) {
+ $1 = &temp;
+}
+
+%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) {
+ $1 = &temp;
+}
+%typemap(freearg,match="in") security_context_t * "";
+%typemap(argout,noblock=1) security_context_t * {
+ if (*$1) {
+ %append_output(SWIG_FromCharPtr(*$1));
+ freecon(*$1);
+ }
+}
+
+%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) {
+ $1 = &temp;
+}
+%typemap(freearg,match="in") char ** "";
+%typemap(argout,noblock=1) char ** {
+ if (*$1) {
+ %append_output(SWIG_FromCharPtr(*$1));
+ free(*$1);
+ }
+}
+
+%typemap(freearg,match="in") char * const [] {
+ int i = 0;
+ while($1[i]) {
+ free($1[i]);
+ i++;
+ }
+ free($1);
+}
+
+%include "selinuxswig.i"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/src/setrans_client.c new/libselinux-2.0.71/src/setrans_client.c
--- old/libselinux-2.0.67/src/setrans_client.c 2008-06-22 15:44:37.000000000 +0200
+++ new/libselinux-2.0.71/src/setrans_client.c 2008-08-05 15:58:48.000000000 +0200
@@ -13,7 +13,7 @@
#include
#include
#include
-
+#include
#include
#include
#include
@@ -42,11 +42,17 @@
{
struct sockaddr_un addr;
int fd;
-
- fd = socket(PF_UNIX, SOCK_STREAM, 0);
- if (fd < 0) {
- return -1;
+#ifdef SOCK_CLOEXEC
+ fd = socket(PF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
+ if (fd < 0 && errno == EINVAL)
+#endif
+ {
+ fd = socket(PF_UNIX, SOCK_STREAM, 0);
+ if (fd >= 0)
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
}
+ if (fd < 0)
+ return -1;
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/src/seusers.c new/libselinux-2.0.71/src/seusers.c
--- old/libselinux-2.0.67/src/seusers.c 2008-06-22 15:44:37.000000000 +0200
+++ new/libselinux-2.0.71/src/seusers.c 2008-08-05 15:58:48.000000000 +0200
@@ -89,6 +89,62 @@
int require_seusers hidden = 0;
+#include
+#include
+
+static gid_t get_default_gid(const char *name) {
+ struct passwd pwstorage, *pwent = NULL;
+ gid_t gid = -1;
+ /* Allocate space for the getpwnam_r buffer */
+ long rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (rbuflen <= 0) return -1;
+ char *rbuf = malloc(rbuflen);
+ if (rbuf == NULL) return -1;
+
+ int retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
+ if (retval == 0 && pwent) {
+ gid = pwent->pw_gid;
+ }
+ free(rbuf);
+ return gid;
+}
+
+static int check_group(const char *group, const char *name, const gid_t gid) {
+ int match = 0;
+ int i, ng = 0;
+ gid_t *groups = NULL;
+ struct group gbuf, *grent = NULL;
+
+ long rbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+ if (rbuflen <= 0)
+ return 0;
+ char *rbuf = malloc(rbuflen);
+ if (rbuf == NULL)
+ return 0;
+
+ if (getgrnam_r(group, &gbuf, rbuf, rbuflen,
+ &grent) != 0)
+ goto done;
+
+ if (getgrouplist(name, gid, NULL, &ng) < 0) {
+ groups = (gid_t *) malloc(sizeof (gid_t) * ng);
+ if (!groups) goto done;
+ if (getgrouplist(name, gid, groups, &ng) < 0) goto done;
+ }
+
+ for (i = 0; i < ng; i++) {
+ if (grent->gr_gid == groups[i]) {
+ match = 1;
+ goto done;
+ }
+ }
+
+ done:
+ free(groups);
+ free(rbuf);
+ return match;
+}
+
int getseuserbyname(const char *name, char **r_seuser, char **r_level)
{
FILE *cfg = NULL;
@@ -101,9 +157,13 @@
char *username = NULL;
char *seuser = NULL;
char *level = NULL;
+ char *groupseuser = NULL;
+ char *grouplevel = NULL;
char *defaultseuser = NULL;
char *defaultlevel = NULL;
+ gid_t gid = get_default_gid(name);
+
cfg = fopen(selinux_usersconf_path(), "r");
if (!cfg)
goto nomatch;
@@ -124,31 +184,48 @@
if (!strcmp(username, name))
break;
- if (!defaultseuser && !strcmp(username, "__default__")) {
- free(username);
- defaultseuser = seuser;
- defaultlevel = level;
+ if (username[0] == '%' &&
+ !groupseuser &&
+ check_group(&username[1], name, gid)) {
+ groupseuser = seuser;
+ grouplevel = level;
} else {
- free(username);
- free(seuser);
- free(level);
+ if (!defaultseuser &&
+ !strcmp(username, "__default__")) {
+ defaultseuser = seuser;
+ defaultlevel = level;
+ } else {
+ free(seuser);
+ free(level);
+ }
}
+ free(username);
+ username = NULL;
seuser = NULL;
}
- if (buffer)
- free(buffer);
+ free(buffer);
fclose(cfg);
if (seuser) {
free(username);
free(defaultseuser);
free(defaultlevel);
+ free(groupseuser);
+ free(grouplevel);
*r_seuser = seuser;
*r_level = level;
return 0;
}
+ if (groupseuser) {
+ free(defaultseuser);
+ free(defaultlevel);
+ *r_seuser = groupseuser;
+ *r_level = grouplevel;
+ return 0;
+ }
+
if (defaultseuser) {
*r_seuser = defaultseuser;
*r_level = defaultlevel;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/VERSION new/libselinux-2.0.71/VERSION
--- old/libselinux-2.0.67/VERSION 2008-06-22 15:44:37.000000000 +0200
+++ new/libselinux-2.0.71/VERSION 2008-08-05 15:58:48.000000000 +0200
@@ -1 +1 @@
-2.0.67
+2.0.71
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org