From patchwork Thu Feb 20 09:43:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yi Zhao X-Patchwork-Id: 57646 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7C2B8C021B2 for ; Thu, 20 Feb 2025 09:44:21 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web11.45836.1740044660702569602 for ; Thu, 20 Feb 2025 01:44:20 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=41465756f6=yi.zhao@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 51K7GFMI012597; Thu, 20 Feb 2025 01:44:19 -0800 Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2044.outbound.protection.outlook.com [104.47.66.44]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 44w00ka6pv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 20 Feb 2025 01:44:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=UsjaxwmSlCoCPUSEGTXh9Ep19bNhDhZbu0UwEC08C3w1Ww74xI9luixtavbHXZBWI8BEongdiNefkYzsja049e99x7GJVtOLjpaRWR7nGJT4BlIbetRXfzr5OB4Nax07DpT8cgHrgmuxTY4pN2R0lo2Px7ZpsS0iEfwQabh7k9KWmkPG3itYSaAqcpBe/FfNKZ/nELm++rt6KB7oP5TjxYmY219W/NANp8yI1ORvR3colEWmBi8bs1zeH0NM6kB8KKVT/JWRj968XVWFfnIe3H1YDoPc6YSfVDtqpKMdiV0W67EqxCRdxxvVV0wjObM3OGSXFOkLFiWjSIRewBDpqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1chmUpETNJxe3dRwsTjlM4mRsp8a/eGF7XpQc+flH4A=; b=d7SaiaYMKanOjION6ASBbq6qQo0GuStIANYUbBLG0ewrBLWH2ewyySUKQ4QDGvstBcmJQNmJO/Hj3kgIZXpr3uzCbzTotH8vZkeAeYjzPKB310/6mXwuVQCMImA2NXYKoTr7ixmNgd25LbXmEo3egVzDhCOzH9rN+wpbzf3ANAW9rtHgfVWH+WZ0oOioD6mZXi7FQ46IesAu3DBXtd+imrMlvmJ+XTpopOpPkDHrz5mXMWh1EpDHd/50OasaODo7lWasiZOs2bWS7UODOevqUfxN0fyuVE1r88gZzDJKNXVXH/UJ9d9ObvfRwVX/hjwzwYQ/PyRxouFQthGvCS/RkQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from DS0PR11MB6399.namprd11.prod.outlook.com (2603:10b6:8:c8::5) by SJ2PR11MB7672.namprd11.prod.outlook.com (2603:10b6:a03:4cd::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8445.19; Thu, 20 Feb 2025 09:44:17 +0000 Received: from DS0PR11MB6399.namprd11.prod.outlook.com ([fe80::2b44:787c:e7ee:bfad]) by DS0PR11MB6399.namprd11.prod.outlook.com ([fe80::2b44:787c:e7ee:bfad%5]) with mapi id 15.20.8466.015; Thu, 20 Feb 2025 09:44:17 +0000 From: Yi Zhao To: yocto-patches@lists.yoctoproject.org, joe@deserted.net, joe.macdonald@siemens.com Subject: [meta-selinux][PATCH 2/3] selinux: upgrade 3.7 -> 3.8 Date: Thu, 20 Feb 2025 17:43:44 +0800 Message-Id: <20250220094345.1119650-2-yi.zhao@windriver.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20250220094345.1119650-1-yi.zhao@windriver.com> References: <20250220094345.1119650-1-yi.zhao@windriver.com> X-ClientProxiedBy: SG2P153CA0054.APCP153.PROD.OUTLOOK.COM (2603:1096:4:c6::23) To DS0PR11MB6399.namprd11.prod.outlook.com (2603:10b6:8:c8::5) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS0PR11MB6399:EE_|SJ2PR11MB7672:EE_ X-MS-Office365-Filtering-Correlation-Id: a25f2997-1a2e-48b1-5c97-08dd51932482 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|52116014|1800799024|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: =?utf-8?q?m47w5KXtTSlLBX1WD4AgajXXRyk6OTa?= =?utf-8?q?ZcdYHFSpr1jts7X/CuNvCseckwsXsTnxAfTjZhcT7U52inX5Lv390pMzG9CNIE3q2?= =?utf-8?q?ebr/hii+MvklrYqseINsDjp23evWp52cEFarCTzRmpJvExHU3o8sAOHrtuuRoHAE3?= =?utf-8?q?PHMohHdlX6d447/VIYcc5zwJ1mnafZAeW12bqHgQs+5BxsC9VycA3iRH+ftWN0f5r?= =?utf-8?q?xgph65Js0KpElPkyk4l2H7kNywaMCqCi5zUbFQlS0Vmgo7I/PJp0ilwy1QBPCkvVc?= =?utf-8?q?MOUDfACUat85etmkg8ZLPOAvj8u+9o+Ga1MXx6g1u7z5CVi2+O4JMVWD2EToe14Aa?= =?utf-8?q?DtnueqHGvLA7EF1QZoqGEvVr4W66BHHqmoYNQsypw/a7ataWVucJPz8e+IybrslxA?= =?utf-8?q?mIXaC7Dlecmx6WmdKqR1+C+JuT901u5FcNRwY4/pNRR9eHkGadQYBEvOEs+EhQzxS?= =?utf-8?q?Nnj3DoSnGGiFyhuCHDCZdZVyBKxxL+rdt8w0BjAjxcTaIpewBnVwKMxew7+qMWHJL?= =?utf-8?q?jZapXb+Mnmmp3hwz1oAQMWzFkufFkMHMAhPsTzB2rF789HLgRY2xWfj0XHb6zes/e?= =?utf-8?q?POAKJDzz813dYmJED2vyfm32CleqH1zBYS5NW3yEkDeERmRD00/4eLCTuFVv4CbgG?= =?utf-8?q?y5wS97H7DV68KV8oAAiHV8GmuOYTsPHa//iDYwia6WNY6u3hyJQKSlOSgC1LZAMyR?= =?utf-8?q?gQxTOmH8iYPNp5K3GLIGDNGznbfskWR8ec7UC4fdkYRa+8QpegJql4GsEuXan4ywB?= =?utf-8?q?7OIz3kdNQCLYQVqBgV61xWwQBtms9HWQ579nnfA2K2/bkiyuZg0LWFX/S8XmBo8if?= =?utf-8?q?TWlh0eqoj5HybFpjeH2H3qD2WEts/dklnLYXBz/BT/RA44NuJcdjw8qZVbzL68iss?= =?utf-8?q?shO4Rglvk1GRwbxzasXMA8Opt7OZcOW8DT7TbvVSz4dqKBAyeL2ibcFYMx0wWbgOk?= =?utf-8?q?CkAgYUdfxjk0iFzc5+0R/kCiTvKPGluPPRjKcfFmKr+hogQvJeQzEaPYJPpc7j119?= =?utf-8?q?Mf9lV0ciR7tqzE+4RWDW3jr0clUnqhnDGR6qrWN7eWi9GfuTvNJgJo/0RCH4t4vu4?= =?utf-8?q?QbSS7JpMb/JxCTXbg36dUCs3FwxAHCVkkfNgeHnXrHG5BR6c4YPVINpoRrLl7k3Tu?= =?utf-8?q?ZI3O5GX/y8uhf61SX6V92VjYyOxGUDV/JRuW7nfdWrWf5vaEBVEYCrc9n5xl/IyPh?= =?utf-8?q?sjypWfkxz5tW1dq6uwakyKt8hYtu/zRCnCvHTlB5frUWajgYSFPz27kv0cehkWnKR?= =?utf-8?q?cB48Lv2dNvWSYbKRCa/AXzugWKT3vBL4Yejj8QGHiXmMDitYs70i4H+uVAv2PUkJF?= =?utf-8?q?hSgd0zW+Si+AxUWUMBTuSF5twF2QVHrNuw=3D=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR11MB6399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(52116014)(1800799024)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?uizDFW2UJAHVW93pUOs6nXHdB9fN?= =?utf-8?q?n37Te9aw9kzH7pxHdL4VfQM8MKmEBmwQ/s2BZ3MUC7w3i7hHWxsA/lyzJBuVJ40gg?= =?utf-8?q?NjxZY3pzmAIthD0nlW3+PQdlsk3EBzZTufi4cZMNEJ4MKza+KPasXtsVbofY4yMhV?= =?utf-8?q?9vLcld1zO4g/eh/QrdCnEm/h5JiMyOq56oecIscMA8ncCQwCuE1nl6zuO7Hfzz+3+?= =?utf-8?q?VL7JzSgtsmyU7THv57rSU+opeMggcdZk9Ce2weaA70WigBSMeu+0j7YzvtQxaZ+sV?= =?utf-8?q?hq2qwbpQm5w8aEhNIyhmP/v+qBelAjZ8dEmCStIBxR6LaPrkZqtNIN1yU6pk8P+92?= =?utf-8?q?u1Zwk3lVes9rqsSZD7n90pi0Yd7SA+Y3YN2oSowc/1pwbvwtF11szM2S3XjHSMyKn?= =?utf-8?q?gk8i6F/Ov/9+6+mPEPWuX7X7f2k61+6M8vJ6th772FJFYQ3/rJ+fT/7pkYerw60cB?= =?utf-8?q?fu6IE0irxROh/sjCls6L/8gpSr0E0qjlw5ajatZS2bOWyyMaLyIY/vKth4nvRkbEI?= =?utf-8?q?BjB7NX2g3h1nmORVmfYFtJI0/J7ex1upH/qvDX6uYZiscx6xbmQQD5m43SPRZURhi?= =?utf-8?q?m2VSGPU4iEv63bh7MOGaTwJRxrsF6iiQKyJ759ZzQPydI2IJYXDgE0ugHAUjRpUBk?= =?utf-8?q?GhPKtVn5ecMQA5gNveDvv3MLhCFZC5RVbYHJ7AuJfMVajvUgHkWClCqlLdLqUsdRy?= =?utf-8?q?10JyBC/RikyCYkeKwXIT4HAaQvofycYz3lwYF8ZhpZR1bO19ouzXNvkWk+CxoRoK/?= =?utf-8?q?2/t4wx/bgyOqxsPXykUouk7vHWBXwdxUmqMuUrU+mxF7eAE10O5v7bgrFo6rL8MmH?= =?utf-8?q?AFV7ffad3pdwM1lENimhL9gweYCnH7bGB46k46To2M6kTH0ztgx5Fgt4pgelSnTAH?= =?utf-8?q?GYOqS1jHTHsK8KCfq0Fb89dALYPfEU2NqtOPwhP/Ynz3uhqC0A1RW5x+K7Gz0mCZU?= =?utf-8?q?qxDKUgaxRSMzCrdl4H9787q1UNXprRqCAwFxxB/kRY8TWGYmB4CIh+BesQPMFbZeB?= =?utf-8?q?DX3jVXSAn4zbmg6o3vG4DAe5to1yUxMCQXJSW4+u20t88eIMd0z6Pzl0JqBA5Uj80?= =?utf-8?q?j7PKU/CEEpI441z6oWE85E8eomUQsefT3mqvkLiBAfuWEJu4hItVQ76OesNlKRUEM?= =?utf-8?q?+9+SSTzn4jET8kV7UGEdTU+KibqAtQTivum88Ga3L5CYMw4J2yyuZVxFDkI/mFBSR?= =?utf-8?q?/T+w1Aqmvxz9Z1qpqGDA+fyCYFceHS4MCvrfFOFPGwMl/BaZ2mHwRuapLCClHlv8f?= =?utf-8?q?p9GeohhDX+aP1MmuSOuh0vq1ka56nz7lzlx82fz18pWKUXP/1H4coDcRpXBLjRG1k?= =?utf-8?q?yru1bFydpJAOSZupdPwZEV1ufDEVzkJ/RIyEYjckTU7dATWqxUxblDGXH2xKH9NbH?= =?utf-8?q?gGtyehwfHI4O/WzN62L4sE1RtiztUbrV3CvxFkj6SLluxelCNmu+7sQZpp2iFtUt9?= =?utf-8?q?2U+WMROSIEn2ZeEhB+jYDEhZFSrA+gyrPLNX8C84L6TFULhFY+Z3h7tlQrM0wjfqY?= =?utf-8?q?cVyCLbCWkSqG?= X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: a25f2997-1a2e-48b1-5c97-08dd51932482 X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB6399.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Feb 2025 09:44:17.4720 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EEKS9n/9VhasVCFO7cW3Ry35d3VoyY7SMqFz7YDeGdRDSjwcmD4OI2DF0yH5APitdqp+gzThPQJuWrvxlf6JhQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR11MB7672 X-Authority-Analysis: v=2.4 cv=N67TF39B c=1 sm=1 tr=0 ts=67b6f973 cx=c_pps a=+tN8zt48bv3aY6W8EltW8A==:117 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=IkcTkHD0fZMA:10 a=T2h4t0Lz3GQA:10 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=20KFwNOVAAAA:8 a=pGLkceISAAAA:8 a=P-IC7800AAAA:8 a=9pIZn19CAAAA:8 a=KR5XLSZxAAAA:8 a=bZcZfQ3yjtHM5BcG-j4A:9 a=3ZKOabzyN94A:10 a=QEXdDO2ut3YA:10 a=FdTzh2GWekK77mhwV6Dw:22 a=d3PnA9EDa4IxuAV0gXij:22 a=8RSB8XlrRKoi1kmjPpsj:22 a=KKIIu8bCiOnaXtcgZrz_:22 X-Proofpoint-ORIG-GUID: 5yWf7SHCPzzV6sSbOitE5lZjNiGEhS00 X-Proofpoint-GUID: 5yWf7SHCPzzV6sSbOitE5lZjNiGEhS00 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-02-20_04,2025-02-20_02,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 phishscore=0 adultscore=0 lowpriorityscore=0 malwarescore=0 mlxlogscore=999 suspectscore=0 clxscore=1015 bulkscore=0 spamscore=0 priorityscore=1501 mlxscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.21.0-2502100000 definitions=main-2502200071 X-MIME-Autoconverted: from 8bit to quoted-printable by mx0a-0064b401.pphosted.com id 51K7GFMI012597 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 20 Feb 2025 09:44:21 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1098 ChangeLog: https://github.com/SELinuxProject/selinux/releases/tag/3.8 * libsemanage: Preserve file context and ownership in policy store * libselinux: deprecate security_disable(3) * libsepol: Support nlmsg extended permissions * libsepol: Add policy capability netlink_xperm * libsemanage: Optionally allow duplicate declarations * policycoreutils: introduce unsetfiles * libselinux/utils: introduce selabel_compare * improved selabel_lookup performance * libselinux: support parallel usage of selabel_lookup(3) * libsepol: add support for xperms in conditional policies * Improved man pages * Code improvements and bug fixes * Always build for LFS mode on 32-bit archs. * libsemanage: Mute error messages from selinux_restorecon introduced in 3.8-rc1 * Regex spec ordering is restored to pre 3.8-rc1 * Binary fcontext files format changed, files using old format are ignored * Code improvements and bug fixes License-Update: White space cleanup for libsemanage/LICENSE Signed-off-by: Yi Zhao --- ...{checkpolicy_3.7.bb => checkpolicy_3.8.bb} | 0 ...python_3.7.bb => libselinux-python_3.8.bb} | 1 - ...hon-modules-install-path-for-multili.patch | 6 +- ...bselinux-fix-swig-bindings-for-4.3.0.patch | 91 ---- ...T-and-rely-on-the-installed-file-nam.patch | 6 +- ...re-drop-the-obsolete-LSF-transitiona.patch | 8 +- .../{libselinux_3.7.bb => libselinux_3.8.bb} | 0 ...semanage-fix-swig-bindings-for-4.3.0.patch | 422 ------------------ ...anage-Fix-execve-segfaults-on-Ubuntu.patch | 6 +- ...anage-allow-to-disable-audit-support.patch | 14 +- ...-disable-expand-check-on-policy-load.patch | 2 +- ...{libsemanage_3.7.bb => libsemanage_3.8.bb} | 3 +- .../{libsepol_3.7.bb => libsepol_3.8.bb} | 0 .../{mcstrans_3.7.bb => mcstrans_3.8.bb} | 2 +- ...oreutils_3.7.bb => policycoreutils_3.8.bb} | 0 ...{restorecond_3.7.bb => restorecond_3.8.bb} | 0 .../selinux/{secilc_3.7.bb => secilc_3.8.bb} | 0 ...elinux-dbus_3.7.bb => selinux-dbus_3.8.bb} | 0 ...{selinux-gui_3.7.bb => selinux-gui_3.8.bb} | 0 ...ux-python_3.7.bb => selinux-python_3.8.bb} | 0 ...-sandbox_3.7.bb => selinux-sandbox_3.8.bb} | 0 recipes-security/selinux/selinux_common.inc | 2 +- ...ule-utils_3.7.bb => semodule-utils_3.8.bb} | 0 23 files changed, 24 insertions(+), 539 deletions(-) rename recipes-security/selinux/{checkpolicy_3.7.bb => checkpolicy_3.8.bb} (100%) rename recipes-security/selinux/{libselinux-python_3.7.bb => libselinux-python_3.8.bb} (96%) delete mode 100644 recipes-security/selinux/libselinux/0001-libselinux-fix-swig-bindings-for-4.3.0.patch rename recipes-security/selinux/{libselinux_3.7.bb => libselinux_3.8.bb} (100%) delete mode 100644 recipes-security/selinux/libsemanage/0001-libsemanage-fix-swig-bindings-for-4.3.0.patch rename recipes-security/selinux/{libsemanage_3.7.bb => libsemanage_3.8.bb} (92%) rename recipes-security/selinux/{libsepol_3.7.bb => libsepol_3.8.bb} (100%) rename recipes-security/selinux/{mcstrans_3.7.bb => mcstrans_3.8.bb} (97%) rename recipes-security/selinux/{policycoreutils_3.7.bb => policycoreutils_3.8.bb} (100%) rename recipes-security/selinux/{restorecond_3.7.bb => restorecond_3.8.bb} (100%) rename recipes-security/selinux/{secilc_3.7.bb => secilc_3.8.bb} (100%) rename recipes-security/selinux/{selinux-dbus_3.7.bb => selinux-dbus_3.8.bb} (100%) rename recipes-security/selinux/{selinux-gui_3.7.bb => selinux-gui_3.8.bb} (100%) rename recipes-security/selinux/{selinux-python_3.7.bb => selinux-python_3.8.bb} (100%) rename recipes-security/selinux/{selinux-sandbox_3.7.bb => selinux-sandbox_3.8.bb} (100%) rename recipes-security/selinux/{semodule-utils_3.7.bb => semodule-utils_3.8.bb} (100%) diff --git a/recipes-security/selinux/checkpolicy_3.7.bb b/recipes-security/selinux/checkpolicy_3.8.bb similarity index 100% rename from recipes-security/selinux/checkpolicy_3.7.bb rename to recipes-security/selinux/checkpolicy_3.8.bb diff --git a/recipes-security/selinux/libselinux-python_3.7.bb b/recipes-security/selinux/libselinux-python_3.8.bb similarity index 96% rename from recipes-security/selinux/libselinux-python_3.7.bb rename to recipes-security/selinux/libselinux-python_3.8.bb index 5099e55..3c5c489 100644 --- a/recipes-security/selinux/libselinux-python_3.7.bb +++ b/recipes-security/selinux/libselinux-python_3.8.bb @@ -15,7 +15,6 @@ SRC_URI += "\ file://0001-Makefile-fix-python-modules-install-path-for-multili.patch \ file://0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch \ file://0003-libselinux-restore-drop-the-obsolete-LSF-transitiona.patch \ - file://0001-libselinux-fix-swig-bindings-for-4.3.0.patch \ " S = "${WORKDIR}/git/libselinux" diff --git a/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch b/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch index b307b6f..28a2cc0 100644 --- a/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch +++ b/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch @@ -1,4 +1,4 @@ -From dff260851ccecf9723a6ddfce0103e09f3ba4613 Mon Sep 17 00:00:00 2001 +From 626d07afcb8e8b3a68158e8a3ea1654620769644 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Mon, 13 Apr 2020 12:44:23 +0800 Subject: [PATCH] Makefile: fix python modules install path for multilib @@ -11,10 +11,10 @@ Signed-off-by: Yi Zhao 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Makefile b/src/Makefile -index d3b981f..265f1be 100644 +index 213c7d3..92227cb 100644 --- a/src/Makefile +++ b/src/Makefile -@@ -191,7 +191,7 @@ install: all +@@ -193,7 +193,7 @@ install: all ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) install-pywrap: pywrap diff --git a/recipes-security/selinux/libselinux/0001-libselinux-fix-swig-bindings-for-4.3.0.patch b/recipes-security/selinux/libselinux/0001-libselinux-fix-swig-bindings-for-4.3.0.patch deleted file mode 100644 index 277c36c..0000000 --- a/recipes-security/selinux/libselinux/0001-libselinux-fix-swig-bindings-for-4.3.0.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 8e0e718bae53fff30831b92cd784151d475a20da Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Wed, 16 Oct 2024 20:48:11 +0200 -Subject: [PATCH] libselinux: fix swig bindings for 4.3.0 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -https://github.com/swig/swig/blob/master/CHANGES.current - -"[Python] #2907 Fix returning null from functions with output -parameters. Ensures OUTPUT and INOUT typemaps are handled -consistently wrt return type. - -New declaration of SWIG_Python_AppendOutput is now: - - SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void); - -The 3rd parameter is new and the new $isvoid special variable -should be passed to it, indicating whether or not the wrapped -function returns void. - -Also consider replacing with: - - SWIG_AppendOutput(PyObject* result, PyObject* obj); - -which calls SWIG_Python_AppendOutput with same parameters but adding $isvoid -for final parameter." - -Fixes: https://github.com/SELinuxProject/selinux/issues/447 - - selinuxswig_python_wrap.c: In function ‘_wrap_security_compute_user’: - selinuxswig_python_wrap.c:11499:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’ - 11499 | resultobj = SWIG_Python_AppendOutput(resultobj, plist); - | ^~~~~~~~~~~~~~~~~~~~~~~~ - selinuxswig_python_wrap.c:1248:1: note: declared here - 1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) { - | ^~~~~~~~~~~~~~~~~~~~~~~~ - selinuxswig_python_wrap.c: In function ‘_wrap_security_compute_user_raw’: - selinuxswig_python_wrap.c:11570:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’ - 11570 | resultobj = SWIG_Python_AppendOutput(resultobj, plist); - | ^~~~~~~~~~~~~~~~~~~~~~~~ - selinuxswig_python_wrap.c:1248:1: note: declared here - 1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) { - | ^~~~~~~~~~~~~~~~~~~~~~~~ - selinuxswig_python_wrap.c: In function ‘_wrap_security_get_boolean_names’: - selinuxswig_python_wrap.c:12470:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’ - 12470 | resultobj = SWIG_Python_AppendOutput(resultobj, list); - | ^~~~~~~~~~~~~~~~~~~~~~~~ - selinuxswig_python_wrap.c:1248:1: note: declared here - 1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) { - | ^~~~~~~~~~~~~~~~~~~~~~~~ - error: command '/usr/bin/gcc' failed with exit code 1 - -Suggested-by: Jitka Plesnikova -Signed-off-by: Petr Lautrbach -Acked-by: James Carter - -Upstream-Status: Backport -[https://github.com/SELinuxProject/selinux/commit/8e0e718bae53fff30831b92cd784151d475a20da] - -Signed-off-by: Yi Zhao ---- - src/selinuxswig_python.i | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/selinuxswig_python.i b/src/selinuxswig_python.i -index 17e03b9e..03ed296d 100644 ---- a/src/selinuxswig_python.i -+++ b/src/selinuxswig_python.i -@@ -71,7 +71,7 @@ def install(src, dest): - for (i = 0; i < *$2; i++) { - PyList_SetItem(list, i, PyString_FromString((*$1)[i])); - } -- $result = SWIG_Python_AppendOutput($result, list); -+ $result = SWIG_AppendOutput($result, list); - } - - /* return a sid along with the result */ -@@ -108,7 +108,7 @@ def install(src, dest): - plist = PyList_New(0); - } - -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - - /* Makes functions in get_context_list.h return a Python list of contexts */ --- -2.25.1 - diff --git a/recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch b/recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch index 7ebe64f..ae0da8b 100644 --- a/recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch +++ b/recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch @@ -1,4 +1,4 @@ -From 303d8dfe53fcd02ea5818f976369cdb629bc1114 Mon Sep 17 00:00:00 2001 +From 1048b80be8fe800fa343f26db833a6e89b5ba9ab Mon Sep 17 00:00:00 2001 From: Thomas Petazzoni Date: Fri, 25 Oct 2019 13:37:14 +0200 Subject: [PATCH] Do not use PYCEXT, and rely on the installed file name @@ -27,7 +27,7 @@ Signed-off-by: Changqing Li 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/Makefile b/src/Makefile -index 265f1be..47e51d6 100644 +index 92227cb..7c71c65 100644 --- a/src/Makefile +++ b/src/Makefile @@ -15,7 +15,6 @@ INCLUDEDIR ?= $(PREFIX)/include @@ -38,7 +38,7 @@ index 265f1be..47e51d6 100644 RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]') RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]') RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]') -@@ -193,7 +192,7 @@ install: all +@@ -195,7 +194,7 @@ install: all install-pywrap: pywrap CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) -m pip install --prefix=$(PREFIX) --root $(DESTDIR) --ignore-installed --no-deps $(PYTHON_SETUP_ARGS) . install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py diff --git a/recipes-security/selinux/libselinux/0003-libselinux-restore-drop-the-obsolete-LSF-transitiona.patch b/recipes-security/selinux/libselinux/0003-libselinux-restore-drop-the-obsolete-LSF-transitiona.patch index 0cd8f20..39edb6c 100644 --- a/recipes-security/selinux/libselinux/0003-libselinux-restore-drop-the-obsolete-LSF-transitiona.patch +++ b/recipes-security/selinux/libselinux/0003-libselinux-restore-drop-the-obsolete-LSF-transitiona.patch @@ -1,4 +1,4 @@ -From 6c2af45ec8cff9b282d599dc098db0ca127bdc59 Mon Sep 17 00:00:00 2001 +From f33b426680492629d3d8ed664049cbe584f26f18 Mon Sep 17 00:00:00 2001 From: Renato Caldas Date: Thu, 29 Jun 2023 13:59:11 +0100 Subject: [PATCH] libselinux: restore: drop the obsolete LSF transitional API. @@ -14,10 +14,10 @@ Signed-off-by: Renato Caldas 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/selinux_restorecon.c b/src/selinux_restorecon.c -index 38f10f1..5b3d035 100644 +index bc6ed93..3bc0d8d 100644 --- a/src/selinux_restorecon.c +++ b/src/selinux_restorecon.c -@@ -436,7 +436,7 @@ static int filespec_add(ino_t ino, const char *con, const char *file, +@@ -438,7 +438,7 @@ static int filespec_add(ino_t ino, const char *con, const char *file, file_spec_t *prevfl, *fl; uint32_t h; int ret; @@ -26,7 +26,7 @@ index 38f10f1..5b3d035 100644 __pthread_mutex_lock(&fl_mutex); -@@ -450,7 +450,7 @@ static int filespec_add(ino_t ino, const char *con, const char *file, +@@ -452,7 +452,7 @@ static int filespec_add(ino_t ino, const char *con, const char *file, for (prevfl = &fl_head[h], fl = fl_head[h].next; fl; prevfl = fl, fl = fl->next) { if (ino == fl->ino) { diff --git a/recipes-security/selinux/libselinux_3.7.bb b/recipes-security/selinux/libselinux_3.8.bb similarity index 100% rename from recipes-security/selinux/libselinux_3.7.bb rename to recipes-security/selinux/libselinux_3.8.bb diff --git a/recipes-security/selinux/libsemanage/0001-libsemanage-fix-swig-bindings-for-4.3.0.patch b/recipes-security/selinux/libsemanage/0001-libsemanage-fix-swig-bindings-for-4.3.0.patch deleted file mode 100644 index cba77c9..0000000 --- a/recipes-security/selinux/libsemanage/0001-libsemanage-fix-swig-bindings-for-4.3.0.patch +++ /dev/null @@ -1,422 +0,0 @@ -From e38815d7b44cac435195c82a54d2bf2517bc4b1a Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Wed, 16 Oct 2024 20:48:12 +0200 -Subject: [PATCH] libsemanage: fix swig bindings for 4.3.0 - -https://github.com/swig/swig/blob/master/CHANGES.current - -"[Python] #2907 Fix returning null from functions with output -parameters. Ensures OUTPUT and INOUT typemaps are handled -consistently wrt return type. - -New declaration of SWIG_Python_AppendOutput is now: - - SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void); - -The 3rd parameter is new and the new $isvoid special variable -should be passed to it, indicating whether or not the wrapped -function returns void. - -Also consider replacing with: - - SWIG_AppendOutput(PyObject* result, PyObject* obj); - -which calls SWIG_Python_AppendOutput with same parameters but adding $isvoid -for final parameter." - -Fixes: https://github.com/SELinuxProject/selinux/issues/447 - -Suggested-by: Jitka Plesnikova -Signed-off-by: Petr Lautrbach -Acked-by: James Carter - -Upstream-Status: Backport -[https://github.com/SELinuxProject/selinux/commit/e38815d7b44cac435195c82a54d2bf2517bc4b1a] - -Signed-off-by: Yi Zhao ---- - src/semanageswig_python.i | 64 +++++++++++++-------------- - src/semanageswig_ruby.i | 32 +++++++------- - 2 files changed, 48 insertions(+), 48 deletions(-) - -diff --git a/src/semanageswig_python.i b/src/semanageswig_python.i -index 5f011396..0e27424f 100644 ---- a/src/semanageswig_python.i -+++ b/src/semanageswig_python.i -@@ -111,7 +111,7 @@ - } - - %typemap(argout) char** { -- $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1)); -+ $result = SWIG_AppendOutput($result, SWIG_FromCharPtr(*$1)); - free(*$1); - } - -@@ -134,7 +134,7 @@ - NULL, NULL, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -148,7 +148,7 @@ - } - - %typemap(argout) semanage_module_info_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - /** module key typemaps **/ -@@ -160,7 +160,7 @@ - } - - %typemap(argout) semanage_module_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - /** context typemaps **/ -@@ -172,7 +172,7 @@ - } - - %typemap(argout) semanage_context_t** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - /** boolean typemaps **/ -@@ -197,7 +197,7 @@ - (void (*) (void*)) &semanage_bool_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -207,11 +207,11 @@ - } - - %typemap(argout) semanage_bool_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_bool_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_bool_key_t **(semanage_bool_key_t *temp=NULL) { -@@ -240,7 +240,7 @@ - (void (*) (void*)) &semanage_fcontext_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -250,11 +250,11 @@ - } - - %typemap(argout) semanage_fcontext_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_fcontext_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_fcontext_key_t **(semanage_fcontext_key_t *temp=NULL) { -@@ -284,7 +284,7 @@ - (void (*) (void*)) &semanage_iface_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -294,11 +294,11 @@ - } - - %typemap(argout) semanage_iface_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_iface_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_iface_key_t **(semanage_iface_key_t *temp=NULL) { -@@ -328,7 +328,7 @@ - (void (*) (void*)) &semanage_seuser_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -338,11 +338,11 @@ - } - - %typemap(argout) semanage_seuser_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_seuser_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_seuser_key_t **(semanage_seuser_key_t *temp=NULL) { -@@ -371,7 +371,7 @@ - (void (*) (void*)) &semanage_user_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -381,11 +381,11 @@ - } - - %typemap(argout) semanage_user_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_user_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_user_key_t **(semanage_user_key_t *temp=NULL) { -@@ -414,7 +414,7 @@ - (void (*) (void*)) &semanage_port_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -424,11 +424,11 @@ - } - - %typemap(argout) semanage_port_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_port_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_port_key_t **(semanage_port_key_t *temp=NULL) { -@@ -457,7 +457,7 @@ - (void (*) (void*)) &semanage_ibpkey_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -467,11 +467,11 @@ - } - - %typemap(argout) semanage_ibpkey_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_ibpkey_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_ibpkey_key_t **(semanage_ibpkey_key_t *temp=NULL) { -@@ -500,7 +500,7 @@ - (void (*) (void*)) &semanage_ibendport_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -510,11 +510,11 @@ - } - - %typemap(argout) semanage_ibendport_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_ibendport_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_ibendport_key_t **(semanage_ibendport_key_t *temp=NULL) { -@@ -543,7 +543,7 @@ - (void (*) (void*)) &semanage_node_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -553,12 +553,12 @@ - } - - %typemap(argout) semanage_node_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - - %typemap(argout) semanage_node_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_node_key_t **(semanage_node_key_t *temp=NULL) { -diff --git a/src/semanageswig_ruby.i b/src/semanageswig_ruby.i -index e030e4ae..9010b545 100644 ---- a/src/semanageswig_ruby.i -+++ b/src/semanageswig_ruby.i -@@ -38,7 +38,7 @@ - } - - %typemap(argout) semanage_module_info_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - /** context typemaps **/ -@@ -50,7 +50,7 @@ - } - - %typemap(argout) semanage_context_t** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - /** boolean typemaps **/ -@@ -66,11 +66,11 @@ - } - - %typemap(argout) semanage_bool_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_bool_key_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_bool_key_t **(semanage_bool_key_t *temp=NULL) { -@@ -90,11 +90,11 @@ - } - - %typemap(argout) semanage_fcontext_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_fcontext_key_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_fcontext_key_t **(semanage_fcontext_key_t *temp=NULL) { -@@ -114,11 +114,11 @@ - } - - %typemap(argout) semanage_iface_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_iface_key_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_iface_key_t **(semanage_iface_key_t *temp=NULL) { -@@ -138,11 +138,11 @@ - } - - %typemap(argout) semanage_seuser_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_seuser_key_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_seuser_key_t **(semanage_seuser_key_t *temp=NULL) { -@@ -162,11 +162,11 @@ - } - - %typemap(argout) semanage_user_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_user_key_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_user_key_t **(semanage_user_key_t *temp=NULL) { -@@ -186,11 +186,11 @@ - } - - %typemap(argout) semanage_port_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_port_key_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_port_key_t **(semanage_port_key_t *temp=NULL) { -@@ -210,12 +210,12 @@ - } - - %typemap(argout) semanage_node_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - - %typemap(argout) semanage_node_key_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_node_key_t **(semanage_node_key_t *temp=NULL) { --- -2.25.1 - diff --git a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch index daaeb3b..3cab867 100644 --- a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch +++ b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch @@ -1,4 +1,4 @@ -From a91134e98ba4b3b6645d12bb68a07976b60f86c8 Mon Sep 17 00:00:00 2001 +From 418a2736fd7da15758ab84f9448e7517e3ad82c1 Mon Sep 17 00:00:00 2001 From: Xin Ouyang Date: Mon, 26 Mar 2012 15:15:16 +0800 Subject: [PATCH] libsemanage: Fix execve segfaults on Ubuntu. @@ -17,10 +17,10 @@ Signed-off-by: Yi Zhao 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/semanage_store.c b/src/semanage_store.c -index 27c5d34..519f298 100644 +index 2ca2e90..914d720 100644 --- a/src/semanage_store.c +++ b/src/semanage_store.c -@@ -1470,7 +1470,7 @@ static int semanage_exec_prog(semanage_handle_t * sh, +@@ -1445,7 +1445,7 @@ static int semanage_exec_prog(semanage_handle_t * sh, if (forkval == 0) { /* child process. file descriptors will be closed * because they were set as close-on-exec. */ diff --git a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch index e9df8be..8abf847 100644 --- a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch +++ b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch @@ -1,4 +1,4 @@ -From c96010440e7a2a87787a535fd0f9ccf26a2b4a5e Mon Sep 17 00:00:00 2001 +From 0fddb654b4193e91b8534cbbeaa5fd9b6aa1ead2 Mon Sep 17 00:00:00 2001 From: Wenzong Fan Date: Mon, 20 Jan 2014 03:53:48 -0500 Subject: [PATCH] libsemanage: allow to disable audit support @@ -13,7 +13,7 @@ Signed-off-by: Wenzong Fan 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/src/Makefile b/src/Makefile -index d525996..2f5e159 100644 +index 8dfbd76..4012f28 100644 --- a/src/Makefile +++ b/src/Makefile @@ -27,6 +27,14 @@ ifeq ($(DEBUG),1) @@ -41,7 +41,7 @@ index d525996..2f5e159 100644 $(LIBPC): $(LIBPC).in ../VERSION diff --git a/src/seusers_local.c b/src/seusers_local.c -index 795a33d..6539cdf 100644 +index eb3f82b..45da825 100644 --- a/src/seusers_local.c +++ b/src/seusers_local.c @@ -8,7 +8,11 @@ typedef struct semanage_seuser record_t; @@ -72,7 +72,7 @@ index 795a33d..6539cdf 100644 int semanage_seuser_modify_local(semanage_handle_t * handle, const semanage_seuser_key_t * key, -@@ -164,8 +170,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle, +@@ -165,8 +171,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle, (void) semanage_seuser_query(handle, key, &previous); handle->msg_callback = callback; rc = dbase_modify(handle, dconfig, key, new); @@ -84,7 +84,7 @@ index 795a33d..6539cdf 100644 err: if (previous) semanage_seuser_free(previous); -@@ -181,8 +190,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle, +@@ -182,8 +191,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle, dbase_config_t *dconfig = semanage_seuser_dbase_local(handle); rc = dbase_del(handle, dconfig, key); semanage_seuser_query(handle, key, &seuser); @@ -98,7 +98,7 @@ index 795a33d..6539cdf 100644 semanage_seuser_free(seuser); return rc; diff --git a/tests/Makefile b/tests/Makefile -index 69f49a3..f914492 100644 +index 241ff17..fa03fb6 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -4,10 +4,18 @@ CILS = $(sort $(wildcard *.cil)) @@ -114,7 +114,7 @@ index 69f49a3..f914492 100644 +endif + EXECUTABLE = libsemanage-tests - CFLAGS += -g -O0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter + CFLAGS += -g -O0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute override CFLAGS += -I../src -I../include -override LDLIBS += -lcunit -lbz2 -laudit -lselinux -lsepol +override LDLIBS += -lcunit -lbz2 $(LIBAUDIT) -lselinux -lsepol diff --git a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch index d880e1e..4b1d3cc 100644 --- a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch +++ b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch @@ -1,4 +1,4 @@ -From 7af73c1684ce0e30ce0cd58b51708bde1e3a1984 Mon Sep 17 00:00:00 2001 +From af4948d5a1cfb41338a7539dcd80735b5c250e58 Mon Sep 17 00:00:00 2001 From: Joe MacDonald Date: Wed, 7 May 2014 11:36:27 -0400 Subject: [PATCH] libsemanage: disable expand-check on policy load diff --git a/recipes-security/selinux/libsemanage_3.7.bb b/recipes-security/selinux/libsemanage_3.8.bb similarity index 92% rename from recipes-security/selinux/libsemanage_3.7.bb rename to recipes-security/selinux/libsemanage_3.8.bb index 7e6c91f..ef22957 100644 --- a/recipes-security/selinux/libsemanage_3.7.bb +++ b/recipes-security/selinux/libsemanage_3.8.bb @@ -5,7 +5,7 @@ as by programs like load_policy that need to perform specific transformations \ on binary policies such as customizing policy boolean settings." SECTION = "base" LICENSE = "LGPL-2.1-or-later" -LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=a6f89e2100d9b6cdffcea4f398e37343" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=03068f550c635f6520e0f0252da412fc" require selinux_common.inc @@ -14,7 +14,6 @@ inherit lib_package python3native SRC_URI += "file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \ file://libsemanage-allow-to-disable-audit-support.patch \ file://libsemanage-disable-expand-check-on-policy-load.patch \ - file://0001-libsemanage-fix-swig-bindings-for-4.3.0.patch \ " DEPENDS = "libsepol libselinux python3 bison-native swig-native" diff --git a/recipes-security/selinux/libsepol_3.7.bb b/recipes-security/selinux/libsepol_3.8.bb similarity index 100% rename from recipes-security/selinux/libsepol_3.7.bb rename to recipes-security/selinux/libsepol_3.8.bb diff --git a/recipes-security/selinux/mcstrans_3.7.bb b/recipes-security/selinux/mcstrans_3.8.bb similarity index 97% rename from recipes-security/selinux/mcstrans_3.7.bb rename to recipes-security/selinux/mcstrans_3.8.bb index 4a8482f..4c8aed3 100644 --- a/recipes-security/selinux/mcstrans_3.7.bb +++ b/recipes-security/selinux/mcstrans_3.8.bb @@ -31,7 +31,7 @@ do_install:append() { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/tmpfiles.d - echo "d ${localstatedir}/run/setrans - - - -" \ + echo "d ${runtimedir}/setrans - - - -" \ > ${D}${sysconfdir}/tmpfiles.d/setrans.conf else install -d ${D}${sysconfdir}/default/volatiles diff --git a/recipes-security/selinux/policycoreutils_3.7.bb b/recipes-security/selinux/policycoreutils_3.8.bb similarity index 100% rename from recipes-security/selinux/policycoreutils_3.7.bb rename to recipes-security/selinux/policycoreutils_3.8.bb diff --git a/recipes-security/selinux/restorecond_3.7.bb b/recipes-security/selinux/restorecond_3.8.bb similarity index 100% rename from recipes-security/selinux/restorecond_3.7.bb rename to recipes-security/selinux/restorecond_3.8.bb diff --git a/recipes-security/selinux/secilc_3.7.bb b/recipes-security/selinux/secilc_3.8.bb similarity index 100% rename from recipes-security/selinux/secilc_3.7.bb rename to recipes-security/selinux/secilc_3.8.bb diff --git a/recipes-security/selinux/selinux-dbus_3.7.bb b/recipes-security/selinux/selinux-dbus_3.8.bb similarity index 100% rename from recipes-security/selinux/selinux-dbus_3.7.bb rename to recipes-security/selinux/selinux-dbus_3.8.bb diff --git a/recipes-security/selinux/selinux-gui_3.7.bb b/recipes-security/selinux/selinux-gui_3.8.bb similarity index 100% rename from recipes-security/selinux/selinux-gui_3.7.bb rename to recipes-security/selinux/selinux-gui_3.8.bb diff --git a/recipes-security/selinux/selinux-python_3.7.bb b/recipes-security/selinux/selinux-python_3.8.bb similarity index 100% rename from recipes-security/selinux/selinux-python_3.7.bb rename to recipes-security/selinux/selinux-python_3.8.bb diff --git a/recipes-security/selinux/selinux-sandbox_3.7.bb b/recipes-security/selinux/selinux-sandbox_3.8.bb similarity index 100% rename from recipes-security/selinux/selinux-sandbox_3.7.bb rename to recipes-security/selinux/selinux-sandbox_3.8.bb diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc index 8dd6c2e..30109b9 100644 --- a/recipes-security/selinux/selinux_common.inc +++ b/recipes-security/selinux/selinux_common.inc @@ -1,7 +1,7 @@ HOMEPAGE = "https://github.com/SELinuxProject" SRC_URI = "git://github.com/SELinuxProject/selinux.git;branch=main;protocol=https" -SRCREV = "2eb286bc0841791043567437ba5413f3014fb94e" +SRCREV = "71aec30d068789e856e7cc429b620ae1cfa890f1" UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" diff --git a/recipes-security/selinux/semodule-utils_3.7.bb b/recipes-security/selinux/semodule-utils_3.8.bb similarity index 100% rename from recipes-security/selinux/semodule-utils_3.7.bb rename to recipes-security/selinux/semodule-utils_3.8.bb