CaROS/meta-selinux
3
0
Fork 0
mirror of git://git.yoctoproject.org/meta-selinux synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsemanage: uprev to 2.7 (20170804)

Browse Source 
Remove patches that included by new version:
  - 0001-libsemanage-simplify-string-utilities-functions.patch
  - 0002-libsemanage-add-semanage_str_replace-utility-functio.patch
  - 0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
  - 0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
  - libsemanage-fix-path-len-limit.patch

Rebase patch:
  - libsemanage-allow-to-disable-audit-support.patch

Set PYCEXT and PYSITEDIR to generate the _semanage.so and install it
to ${libdir}/python${PYTHON_BASEVERSION}/site-packages.

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>

Update libsemanage_git to match.

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
This commit is contained in:
Wenzong Fan 2017-09-04 22:59:41 -07:00 committed by Mark Hatle
parent 375dfa6201
commit b00974f7b4
10 changed files with 46 additions and 734 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
recipes-security/selinux/libsemanage.inc
View File

@ -40,6 +40,8 @@ do_install() {
oe_runmake install-pywrap swigify \
DESTDIR=${D} \
PYCEXT='.so' \
PYSITEDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages' \
PYLIBVER='python${PYTHON_BASEVERSION}' \
PYLIBDIR='${D}/${libdir}/$(PYLIBVER)'

115
recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
View File

@ -1,115 +0,0 @@
From 514a5df959ea0e13db4e87f73c2ac5edcceebd52 Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Wed, 21 Dec 2016 19:21:01 +0100
Subject: [PATCH 1/4] libsemanage: simplify string utilities functions
Use string functions from C standard library instead of ustr. This makes
the code simpler and make utilities.c no longer depend on ustr library.
This changes how semanage_split() behaves when delim is not empty (NULL
or "") and the input string contains several successive delimiters:
semanage_split("foo::::bar", ":") returned "bar" and now returns ":bar".
This would not have any impact in the current code as semanage_split()
is only called with delim="=" (through semanage_findval(), in
libsemanage/src/genhomedircon.c), in order to split a "key=value"
statement.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
(cherry picked from commit a228bb3736c5957d41ad9e01eb1283fc6883a6e5)
---
libsemanage/src/utilities.c | 59 ++++++++++-----------------------------------
1 file changed, 13 insertions(+), 46 deletions(-)
diff --git a/libsemanage/src/utilities.c b/libsemanage/src/utilities.c
index f48ffa4..fa86cc7 100644
--- a/libsemanage/src/utilities.c
+++ b/libsemanage/src/utilities.c
@@ -26,7 +26,6 @@
#include <string.h>
#include <sys/types.h>
#include <assert.h>
-#include <ustr.h>
#define TRUE 1
#define FALSE 0
@@ -74,64 +73,32 @@ char *semanage_split_on_space(const char *str)
{
/* as per the man page, these are the isspace() chars */
const char *seps = "\f\n\r\t\v ";
- size_t slen = strlen(seps);
- size_t off = 0, rside_len = 0;
- char *retval = NULL;
- Ustr *ustr = USTR_NULL, *temp = USTR_NULL;
+ size_t off = 0;
if (!str)
- goto done;
- if (!(ustr = ustr_dup_cstr(str)))
- goto done;
- temp =
- ustr_split_spn_chrs(ustr, &off, seps, slen, USTR_NULL,
- USTR_FLAG_SPLIT_DEF);
- if (!temp)
- goto done;
- /* throw away the left hand side */
- ustr_sc_free(&temp);
-
- rside_len = ustr_len(ustr) - off;
- temp = ustr_dup_subustr(ustr, off + 1, rside_len);
- if (!temp)
- goto done;
- retval = strdup(ustr_cstr(temp));
- ustr_sc_free(&temp);
+ return NULL;
- done:
- ustr_sc_free(&ustr);
- return retval;
+ /* skip one token and the spaces before and after it */
+ off = strspn(str, seps);
+ off += strcspn(str + off, seps);
+ off += strspn(str + off, seps);
+ return strdup(str + off);
}
char *semanage_split(const char *str, const char *delim)
{
- Ustr *ustr = USTR_NULL, *temp = USTR_NULL;
- size_t off = 0, rside_len = 0;
- char *retval = NULL;
+ char *retval;
if (!str)
- goto done;
+ return NULL;
if (!delim || !(*delim))
return semanage_split_on_space(str);
- ustr = ustr_dup_cstr(str);
- temp =
- ustr_split_cstr(ustr, &off, delim, USTR_NULL, USTR_FLAG_SPLIT_DEF);
- if (!temp)
- goto done;
- /* throw away the left hand side */
- ustr_sc_free(&temp);
-
- rside_len = ustr_len(ustr) - off;
- temp = ustr_dup_subustr(ustr, off + 1, rside_len);
- if (!temp)
- goto done;
- retval = strdup(ustr_cstr(temp));
- ustr_sc_free(&temp);
+ retval = strstr(str, delim);
+ if (retval == NULL)
+ return NULL;
- done:
- ustr_sc_free(&ustr);
- return retval;
+ return strdup(retval + strlen(delim));
}
int semanage_list_push(semanage_list_t ** list, const char *data)
--
2.10.2

164
recipes-security/selinux/libsemanage/0002-libsemanage-add-semanage_str_replace-utility-functio.patch
View File

@ -1,164 +0,0 @@
From de8b13baf3773b41367f265e7dd06c013816ba0a Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Wed, 21 Dec 2016 19:21:02 +0100
Subject: [PATCH 2/4] libsemanage: add semanage_str_replace() utility function
This function will be used in the next commit.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
(cherry picked from commit 57a3b1b4b0a50a1d14f825d2933339063ced4fec)
---
libsemanage/src/utilities.c | 55 ++++++++++++++++++++++++++++++++++++++
libsemanage/src/utilities.h | 10 +++++++
libsemanage/tests/test_utilities.c | 34 +++++++++++++++++++++++
3 files changed, 99 insertions(+)
diff --git a/libsemanage/src/utilities.c b/libsemanage/src/utilities.c
index fa86cc7..0d50d99 100644
--- a/libsemanage/src/utilities.c
+++ b/libsemanage/src/utilities.c
@@ -230,6 +230,61 @@ void semanage_rtrim(char *str, char trim_to)
}
}
+char *semanage_str_replace(const char *search, const char *replace,
+ const char *src, size_t lim)
+{
+ size_t count = 0, slen, rlen, newsize;
+ char *p, *pres, *result;
+ const char *psrc;
+
+ slen = strlen(search);
+ rlen = strlen(replace);
+
+ /* Do not support empty search strings */
+ if (slen == 0)
+ return NULL;
+
+ /* Count the occurences of search in src and compute the new size */
+ for (p = strstr(src, search); p != NULL; p = strstr(p + slen, search)) {
+ count++;
+ if (lim && count >= lim)
+ break;
+ }
+ if (!count)
+ return strdup(src);
+
+ /* Allocate the result string */
+ newsize = strlen(src) + 1 + count * (rlen - slen);
+ result = malloc(newsize);
+ if (!result)
+ return NULL;
+
+ /* Fill the result */
+ psrc = src;
+ pres = result;
+ for (p = strstr(src, search); p != NULL; p = strstr(psrc, search)) {
+ /* Copy the part which has not been modified */
+ if (p != psrc) {
+ size_t length = (size_t)(p - psrc);
+ memcpy(pres, psrc, length);
+ pres += length;
+ }
+ /* Copy the replacement part */
+ if (rlen != 0) {
+ memcpy(pres, replace, rlen);
+ pres += rlen;
+ }
+ psrc = p + slen;
+ count--;
+ if (!count)
+ break;
+ }
+ /* Copy the last part, after doing a sanity check */
+ assert(pres + strlen(psrc) + 1 == result + newsize);
+ strcpy(pres, psrc);
+ return result;
+}
+
/* list_addafter_controlmem does *NOT* duplicate the data argument
* use at your own risk, I am building a list out of malloc'd memory and
* it is only going to get stored into this list, thus when I destroy it
diff --git a/libsemanage/src/utilities.h b/libsemanage/src/utilities.h
index 5fa15ef..f2ff31f 100644
--- a/libsemanage/src/utilities.h
+++ b/libsemanage/src/utilities.h
@@ -116,6 +116,16 @@ int semanage_str_count(char *data, char what);
void semanage_rtrim(char *str, char trim_to);
/**
+ * @param value being searched for
+ * @param replacement value that replaces found search values
+ * @param string being searched and replaced on
+ * @param maximum number of value occurences (zero for unlimited)
+ * @return newly-allocated string with the replaced values
+ */
+char *semanage_str_replace(const char *search, const char *replace,
+ const char *src, size_t lim);
+
+/**
* @param data some string
* @return modifies the string such that the first whitespace char becomes
* '\0', ending the string.
diff --git a/libsemanage/tests/test_utilities.c b/libsemanage/tests/test_utilities.c
index 32cc33c..cdfed0c 100644
--- a/libsemanage/tests/test_utilities.c
+++ b/libsemanage/tests/test_utilities.c
@@ -40,6 +40,7 @@ void test_semanage_split(void);
void test_semanage_list(void);
void test_semanage_str_count(void);
void test_semanage_rtrim(void);
+void test_semanage_str_replace(void);
void test_semanage_findval(void);
void test_slurp_file_filter(void);
@@ -101,6 +102,10 @@ int semanage_utilities_add_tests(CU_pSuite suite)
if (NULL == CU_add_test(suite, "semanage_rtrim", test_semanage_rtrim)) {
goto err;
}
+ if (NULL == CU_add_test(suite, "semanage_str_replace",
+ test_semanage_str_replace)) {
+ goto err;
+ }
if (NULL == CU_add_test(suite, "semanage_findval",
test_semanage_findval)) {
goto err;
@@ -244,6 +249,35 @@ void test_semanage_rtrim(void)
CU_ASSERT_STRING_EQUAL(str, "/blah/foo/bar");
}
+void test_semanage_str_replace(void)
+{
+ const char *test_str = "Hello, I am %{USERNAME} and my id is %{USERID}";
+ char *str1, *str2;
+
+ str1 = semanage_str_replace("%{USERNAME}", "root", test_str, 0);
+ CU_ASSERT_STRING_EQUAL(str1, "Hello, I am root and my id is %{USERID}");
+
+ str2 = semanage_str_replace("%{USERID}", "0", str1, 1);
+ CU_ASSERT_STRING_EQUAL(str2, "Hello, I am root and my id is 0");
+ free(str1);
+ free(str2);
+
+ str1 = semanage_str_replace(":(", ";)", "Test :( :) ! :(:(:))(:(", 0);
+ CU_ASSERT_STRING_EQUAL(str1, "Test ;) :) ! ;);):))(;)");
+ free(str1);
+
+ str1 = semanage_str_replace(":(", ";)", "Test :( :) ! :(:(:))(:(", 3);
+ CU_ASSERT_STRING_EQUAL(str1, "Test ;) :) ! ;);):))(:(");
+ free(str1);
+
+ str1 = semanage_str_replace("", "empty search string", "test", 0);
+ CU_ASSERT_EQUAL(str1, NULL);
+
+ str1 = semanage_str_replace("a", "", "abracadabra", 0);
+ CU_ASSERT_STRING_EQUAL(str1, "brcdbr");
+ free(str1);
+}
+
void test_semanage_findval(void)
{
char *tok;
--
2.10.2

323
recipes-security/selinux/libsemanage/0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
View File

@ -1,323 +0,0 @@
From e8dd31df2268013afb1e8dbe5e617b9c4e9e388e Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Wed, 21 Dec 2016 19:21:03 +0100
Subject: [PATCH 3/4] libsemanage: genhomedircon: drop ustr dependency
ustr library uses old (pre-C99) "extern inline" semantic. This makes it
incompatible with recent versions of gcc and clang, which default to
C99 standard. Distributions have shipped patched versions of this
library to fix issues (e.g. Gentoo package uses this patch:
https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/ustr/files/ustr-1.0.4-gcc_5-check.patch?id=7dea6f8820f36bf389e6315044bea7507553bed0
) but there is no upstream solution to make ustr compatible with C99
standard.
The git tree of ustr (http://www.and.org/ustr/ustr.git) has not been
updated since 2008 and the developer of this project did not reply to
emails.
Therefore update genhomedircon implementation in order to no longer
rely on ustr library.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
(cherry picked from commit 300b8ad4235688171f2a91e7aeb14d0ee3561c13)
---
libsemanage/src/genhomedircon.c | 154 ++++++++++++++++++++--------------------
1 file changed, 77 insertions(+), 77 deletions(-)
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index 6991fff..0f84aa3 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -34,9 +34,9 @@
#include "utilities.h"
#include "genhomedircon.h"
-#include <ustr.h>
#include <assert.h>
+#include <ctype.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
@@ -239,46 +239,39 @@ static int fcontext_matches(const semanage_fcontext_t *fcontext, void *varg)
{
const char *oexpr = semanage_fcontext_get_expr(fcontext);
fc_match_handle_t *handp = varg;
- struct Ustr *expr;
+ char *expr = NULL;
regex_t re;
int type, retval = -1;
+ size_t len;
/* Only match ALL or DIR */
type = semanage_fcontext_get_type(fcontext);
if (type != SEMANAGE_FCONTEXT_ALL && type != SEMANAGE_FCONTEXT_ALL)
return 0;
- /* Convert oexpr into a Ustr and anchor it at the beginning */
- expr = ustr_dup_cstr("^");
- if (expr == USTR_NULL)
- goto done;
- if (!ustr_add_cstr(&expr, oexpr))
- goto done;
-
- /* Strip off trailing ".+" or ".*" */
- if (ustr_cmp_suffix_cstr_eq(expr, ".+") ||
- ustr_cmp_suffix_cstr_eq(expr, ".*")) {
- if (!ustr_del(&expr, 2))
- goto done;
- }
-
- /* Strip off trailing "(/.*)?" */
- if (ustr_cmp_suffix_cstr_eq(expr, "(/.*)?")) {
- if (!ustr_del(&expr, 6))
- goto done;
- }
-
- if (ustr_cmp_suffix_cstr_eq(expr, "/")) {
- if (!ustr_del(&expr, 1))
- goto done;
- }
-
- /* Append pattern to eat up trailing slashes */
- if (!ustr_add_cstr(&expr, "/*$"))
- goto done;
+ len = strlen(oexpr);
+ /* Define a macro to strip a literal string from the end of oexpr */
+#define rstrip_oexpr_len(cstr, cstrlen) \
+ do { \
+ if (len >= (cstrlen) && !strncmp(oexpr + len - (cstrlen), (cstr), (cstrlen))) \
+ len -= (cstrlen); \
+ } while (0)
+#define rstrip_oexpr(cstr) rstrip_oexpr_len(cstr, sizeof(cstr) - 1)
+
+ rstrip_oexpr(".+");
+ rstrip_oexpr(".*");
+ rstrip_oexpr("(/.*)?");
+ rstrip_oexpr("/");
+
+#undef rstrip_oexpr_len
+#undef rstrip_oexpr
+
+ /* Anchor oexpr at the beginning and append pattern to eat up trailing slashes */
+ if (asprintf(&expr, "^%.*s/*$", (int)len, oexpr) < 0)
+ return -1;
/* Check dir against expr */
- if (regcomp(&re, ustr_cstr(expr), REG_EXTENDED) != 0)
+ if (regcomp(&re, expr, REG_EXTENDED) != 0)
goto done;
if (regexec(&re, handp->dir, 0, NULL, 0) == 0)
handp->matched = 1;
@@ -287,7 +280,7 @@ static int fcontext_matches(const semanage_fcontext_t *fcontext, void *varg)
retval = 0;
done:
- ustr_free(expr);
+ free(expr);
return retval;
}
@@ -523,44 +516,50 @@ static semanage_list_t *make_template(genhomedircon_settings_t * s,
return template_data;
}
-static Ustr *replace_all(const char *str, const replacement_pair_t * repl)
+static char *replace_all(const char *str, const replacement_pair_t * repl)
{
- Ustr *retval = USTR_NULL;
+ char *retval, *retval2;
int i;
if (!str || !repl)
- goto done;
- if (!(retval = ustr_dup_cstr(str)))
- goto done;
+ return NULL;
- for (i = 0; repl[i].search_for; i++) {
- ustr_replace_cstr(&retval, repl[i].search_for,
- repl[i].replace_with, 0);
+ retval = strdup(str);
+ for (i = 0; retval != NULL && repl[i].search_for; i++) {
+ retval2 = semanage_str_replace(repl[i].search_for,
+ repl[i].replace_with, retval, 0);
+ free(retval);
+ retval = retval2;
}
- if (ustr_enomem(retval))
- ustr_sc_free(&retval);
-
- done:
return retval;
}
-static const char * extract_context(Ustr *line)
+static const char *extract_context(const char *line)
{
- const char whitespace[] = " \t\n";
- size_t off, len;
-
- /* check for trailing whitespace */
- off = ustr_spn_chrs_rev(line, 0, whitespace, strlen(whitespace));
-
- /* find the length of the last field in line */
- len = ustr_cspn_chrs_rev(line, off, whitespace, strlen(whitespace));
-
- if (len == 0)
+ const char *p = line;
+ size_t off;
+
+ off = strlen(p);
+ p += off;
+ /* consider trailing whitespaces */
+ while (off > 0) {
+ p--;
+ off--;
+ if (!isspace(*p))
+ break;
+ }
+ if (off == 0)
return NULL;
- return ustr_cstr(line) + ustr_len(line) - (len + off);
+
+ /* find the last field in line */
+ while (off > 0 && !isspace(*(p - 1))) {
+ p--;
+ off--;
+ }
+ return p;
}
-static int check_line(genhomedircon_settings_t * s, Ustr *line)
+static int check_line(genhomedircon_settings_t * s, const char *line)
{
sepol_context_t *ctx_record = NULL;
const char *ctx_str;
@@ -584,22 +583,22 @@ static int write_replacements(genhomedircon_settings_t * s, FILE * out,
const semanage_list_t * tpl,
const replacement_pair_t *repl)
{
- Ustr *line = USTR_NULL;
+ char *line;
for (; tpl; tpl = tpl->next) {
line = replace_all(tpl->data, repl);
if (!line)
goto fail;
if (check_line(s, line) == STATUS_SUCCESS) {
- if (!ustr_io_putfileline(&line, out))
+ if (fprintf(out, "%s\n", line) < 0)
goto fail;
}
- ustr_sc_free(&line);
+ free(line);
}
return STATUS_SUCCESS;
fail:
- ustr_sc_free(&line);
+ free(line);
return STATUS_ERR;
}
@@ -607,7 +606,7 @@ static int write_contexts(genhomedircon_settings_t *s, FILE *out,
semanage_list_t *tpl, const replacement_pair_t *repl,
const genhomedircon_user_entry_t *user)
{
- Ustr *line = USTR_NULL;
+ char *line, *temp;
sepol_context_t *context = NULL;
char *new_context_str = NULL;
@@ -624,10 +623,10 @@ static int write_contexts(genhomedircon_settings_t *s, FILE *out,
if (strcmp(old_context_str, CONTEXT_NONE) == 0) {
if (check_line(s, line) == STATUS_SUCCESS &&
- !ustr_io_putfileline(&line, out)) {
+ fprintf(out, "%s\n", line) < 0) {
goto fail;
}
-
+ free(line);
continue;
}
@@ -653,25 +652,27 @@ static int write_contexts(genhomedircon_settings_t *s, FILE *out,
goto fail;
}
- if (!ustr_replace_cstr(&line, old_context_str,
- new_context_str, 1)) {
+ temp = semanage_str_replace(old_context_str, new_context_str,
+ line, 1);
+ if (!temp) {
goto fail;
}
+ free(line);
+ line = temp;
if (check_line(s, line) == STATUS_SUCCESS) {
- if (!ustr_io_putfileline(&line, out)) {
+ if (fprintf(out, "%s\n", line) < 0)
goto fail;
- }
}
- ustr_sc_free(&line);
+ free(line);
sepol_context_free(context);
free(new_context_str);
}
return STATUS_SUCCESS;
fail:
- ustr_sc_free(&line);
+ free(line);
sepol_context_free(context);
free(new_context_str);
return STATUS_ERR;
@@ -1284,20 +1285,19 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
}
for (h = homedirs; h; h = h->next) {
- Ustr *temp = ustr_dup_cstr(h->data);
+ char *temp = NULL;
- if (!temp || !ustr_add_cstr(&temp, "/" FALLBACK_NAME)) {
- ustr_sc_free(&temp);
+ if (asprintf(&temp, "%s/%s", h->data, FALLBACK_NAME) < 0) {
retval = STATUS_ERR;
goto done;
}
free(s->fallback->home);
- s->fallback->home = (char*) ustr_cstr(temp);
+ s->fallback->home = temp;
if (write_home_dir_context(s, out, homedir_context_tpl,
s->fallback) != STATUS_SUCCESS) {
- ustr_sc_free(&temp);
+ free(temp);
s->fallback->home = NULL;
retval = STATUS_ERR;
goto done;
@@ -1305,13 +1305,13 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
if (write_home_root_context(s, out,
homeroot_context_tpl,
h->data) != STATUS_SUCCESS) {
- ustr_sc_free(&temp);
+ free(temp);
s->fallback->home = NULL;
retval = STATUS_ERR;
goto done;
}
- ustr_sc_free(&temp);
+ free(temp);
s->fallback->home = NULL;
}
}
--
2.10.2

61
recipes-security/selinux/libsemanage/0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
View File

@ -1,61 +0,0 @@
From c7e55daa20f5659799aed47b819ad73e03d11e8f Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Wed, 21 Dec 2016 19:21:04 +0100
Subject: [PATCH 4/4] libsemanage: remove ustr library from Makefiles, README
and pkg-config
This library is no longer used by libsemanage.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
(cherry picked from commit 920ee9ee18024c7714f1121e91854f38fa1eef73)
Tweaked due to conditional audit patch and no README.
---
README | 2 +-
libsemanage/src/Makefile | 2 +-
libsemanage/src/libsemanage.pc.in | 2 +-
libsemanage/tests/Makefile | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
index 68aab72..83daf0f 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -91,7 +91,7 @@ $(LIBA): $(OBJS)
$(RANLIB) $@
$(LIBSO): $(LOBJS)
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol $(LIBAUDIT) -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol $(LIBAUDIT) -lselinux -lbz2 -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in ../VERSION
diff --git a/libsemanage/src/libsemanage.pc.in b/libsemanage/src/libsemanage.pc.in
index 81e1805..d3eaa06 100644
--- a/libsemanage/src/libsemanage.pc.in
+++ b/libsemanage/src/libsemanage.pc.in
@@ -7,7 +7,7 @@ Name: libsemanage
Description: SELinux management library
Version: @VERSION@
URL: http://userspace.selinuxproject.org/
-Requires.private: libselinux libsepol ustr
+Requires.private: libselinux libsepol
Libs: -L${libdir} -lsemanage
Libs.private: -lbz2
Cflags: -I${includedir}
diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile
index 4b81fed..56285b3 100644
--- a/libsemanage/tests/Makefile
+++ b/libsemanage/tests/Makefile
@@ -12,7 +12,7 @@ LIBS = ../src/libsemanage.a ../../libselinux/src/libselinux.a ../../libsepol/src
LIBAUDIT = -laudit
endif
-LDFLAGS += -lcunit -lustr -lbz2 $(LIBAUDIT)
+LDFLAGS += -lcunit -lbz2 $(LIBAUDIT)
OBJECTS = $(SOURCES:.c=.o)
all: $(EXECUTABLE)
--
2.10.2

68
recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
View File

@ -7,16 +7,16 @@ Upstream-Status: Pending
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
src/Makefile | 10 +++++++++-
src/seusers_local.c | 13 +++++++++++++
tests/Makefile | 10 +++++++++-
src/Makefile | 10 +++++++++-
src/seusers_local.c | 13 +++++++++++++
tests/Makefile | 10 +++++++++-
3 files changed, 31 insertions(+), 2 deletions(-)
Index: libsemanage-2.5/src/Makefile
===================================================================
--- libsemanage-2.5.orig/src/Makefile 2016-02-25 13:20:30.867978414 -0500
+++ libsemanage-2.5/src/Makefile 2016-02-25 13:20:30.859978414 -0500
@@ -28,6 +28,14 @@
diff --git a/src/Makefile b/src/Makefile
index fdb178f..43e1266 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -29,6 +29,14 @@ ifeq ($(DEBUG),1)
export LDFLAGS = -g
endif
@ -31,20 +31,20 @@ Index: libsemanage-2.5/src/Makefile
LEX = flex
LFLAGS = -s
YACC = bison
@@ -92,7 +100,7 @@
@@ -91,7 +99,7 @@ $(LIBA): $(OBJS)
$(RANLIB) $@
$(LIBSO): $(LOBJS)
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol $(LIBAUDIT) -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol $(LIBAUDIT) -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in ../VERSION
Index: libsemanage-2.5/src/seusers_local.c
===================================================================
--- libsemanage-2.5.orig/src/seusers_local.c 2016-02-25 13:20:30.867978414 -0500
+++ libsemanage-2.5/src/seusers_local.c 2016-02-25 13:20:30.863978414 -0500
@@ -8,7 +8,11 @@
diff --git a/src/seusers_local.c b/src/seusers_local.c
index 42c3a8b..9ee31e2 100644
--- a/src/seusers_local.c
+++ b/src/seusers_local.c
@@ -8,7 +8,11 @@ typedef struct semanage_seuser record_t;
#include <sepol/policydb.h>
#include <sepol/context.h>
@ -56,7 +56,7 @@ Index: libsemanage-2.5/src/seusers_local.c
#include <errno.h>
#include "user_internal.h"
#include "seuser_internal.h"
@@ -51,6 +55,7 @@
@@ -51,6 +55,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename)
return roles;
}
@ -64,7 +64,7 @@ Index: libsemanage-2.5/src/seusers_local.c
static int semanage_seuser_audit(semanage_handle_t * handle,
const semanage_seuser_t * seuser,
const semanage_seuser_t * previous,
@@ -114,6 +119,7 @@
@@ -114,6 +119,7 @@ err:
free(proles);
return rc;
}
@ -72,7 +72,7 @@ Index: libsemanage-2.5/src/seusers_local.c
int semanage_seuser_modify_local(semanage_handle_t * handle,
const semanage_seuser_key_t * key,
@@ -158,8 +164,11 @@
@@ -158,8 +164,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle,
(void) semanage_seuser_query(handle, key, &previous);
handle->msg_callback = callback;
rc = dbase_modify(handle, dconfig, key, new);
@ -84,7 +84,7 @@ Index: libsemanage-2.5/src/seusers_local.c
err:
if (previous)
semanage_seuser_free(previous);
@@ -175,8 +184,12 @@
@@ -175,8 +184,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle,
dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
rc = dbase_del(handle, dconfig, key);
semanage_seuser_query(handle, key, &seuser);
@ -97,15 +97,14 @@ Index: libsemanage-2.5/src/seusers_local.c
if (seuser)
semanage_seuser_free(seuser);
return rc;
Index: libsemanage-2.5/tests/Makefile
===================================================================
--- libsemanage-2.5.orig/tests/Makefile 2016-02-25 13:20:30.867978414 -0500
+++ libsemanage-2.5/tests/Makefile 2016-02-25 13:22:05.171978120 -0500
@@ -13,7 +13,15 @@
CC = gcc
CFLAGS += -g -O0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
INCLUDE = -I$(TESTSRC) -I$(TESTSRC)/../include
-LDFLAGS += -lcunit -lustr -lbz2 -laudit
diff --git a/tests/Makefile b/tests/Makefile
index 2ef8d30..50d582a 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -6,10 +6,18 @@ SOURCES = $(sort $(wildcard *.c))
###########################################################################
+DISABLE_AUDIT ?= n
+ifeq ($(DISABLE_AUDIT),y)
+ LIBAUDIT =
@ -114,7 +113,14 @@ Index: libsemanage-2.5/tests/Makefile
+ LIBAUDIT = -laudit
+endif
+
+LDFLAGS += -lcunit -lustr -lbz2 $(LIBAUDIT)
EXECUTABLE = libsemanage-tests
CFLAGS += -g -O0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
override CFLAGS += -I../src -I../include
-override LDLIBS += -lcunit -lbz2 -laudit -lselinux -lsepol
+override LDLIBS += -lcunit -lbz2 $(LIBAUDIT) -lselinux -lsepol
OBJECTS = $(SOURCES:.c=.o)
all: $(EXECUTABLE)
--
2.13.0

28
recipes-security/selinux/libsemanage/libsemanage-fix-path-len-limit.patch
View File

@ -1,28 +0,0 @@
Subject: [PATCH] libsemanage: fix path length limit
semanage_remove_directory uses NAME_MAX(255) as the max length of
file pathes, this will cause failures when the path length>255.
Upstream-Status: pending
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
---
src/semanage_store.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/semanage_store.c b/src/semanage_store.c
index 3fd4996..251a2d6 100644
--- a/src/semanage_store.c
+++ b/src/semanage_store.c
@@ -580,7 +580,7 @@ int semanage_remove_directory(const char *path)
return -1;
}
for (i = 0; i < num_entries; i++) {
- char s[NAME_MAX];
+ char s[PATH_MAX];
struct stat buf;
snprintf(s, sizeof(s), "%s/%s", path, namelist[i]->d_name);
if (stat(s, &buf) == -1) {
--
1.7.9.5

11
recipes-security/selinux/libsemanage_2.6.bb → recipes-security/selinux/libsemanage_2.7.bb
View File

@ -1,23 +1,18 @@
include selinux_20161014.inc
include selinux_20170804.inc
include ${BPN}.inc
LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
SRC_URI[md5sum] = "666a48c4058c07f2b07ede9eaf210c5f"
SRC_URI[sha256sum] = "4f81541047290b751f2ffb926fcd381c186f22db18d9fe671b0b4a6a54e8cfce"
SRC_URI[md5sum] = "a6b5c451fbe45ff9e3e0e65f2db0ae1d"
SRC_URI[sha256sum] = "07e9477714ce6a4557a1fe924ea4cb06501b62d0fa0e3c0dc32a2cf47cb8d476"
SRC_URI += "\
file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
file://libsemanage-fix-path-len-limit.patch \
file://libsemanage-fix-path-nologin.patch \
file://libsemanage-drop-Wno-unused-but-set-variable.patch \
file://libsemanage-define-FD_CLOEXEC-as-necessary.patch;striplevel=2 \
file://libsemanage-allow-to-disable-audit-support.patch \
file://libsemanage-disable-expand-check-on-policy-load.patch \
file://0001-src-Makefile-fix-includedir-in-libselinux.pc.patch \
file://0001-libsemanage-simplify-string-utilities-functions.patch;striplevel=2 \
file://0002-libsemanage-add-semanage_str_replace-utility-functio.patch;striplevel=2 \
file://0003-libsemanage-genhomedircon-drop-ustr-dependency.patch;striplevel=2 \
file://0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch;striplevel=2 \
"
FILES_${PN} += "/usr/libexec"

6
recipes-security/selinux/libsemanage_git.bb
View File

@ -1,5 +1,4 @@
PR = "r99"
PV = "2.2+git${SRCPV}"
PV = "2.7+git${SRCPV}"
include selinux_git.inc
include ${BPN}.inc
@ -8,10 +7,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
SRC_URI += "\
file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
file://libsemanage-fix-path-len-limit.patch \
file://libsemanage-fix-path-nologin.patch \
file://libsemanage-drop-Wno-unused-but-set-variable.patch \
file://libsemanage-define-FD_CLOEXEC-as-necessary.patch;striplevel=2 \
file://libsemanage-allow-to-disable-audit-support.patch \
file://libsemanage-disable-expand-check-on-policy-load.patch \
file://0001-src-Makefile-fix-includedir-in-libselinux.pc.patch \
"
FILES_${PN} += "/usr/libexec"

2
recipes-security/selinux/selinux_git.inc
View File

@ -1,4 +1,4 @@
SRCREV = "edc2e99687b050d5be21a78a66d038aa1fc068d9"
SRCREV = "1bac758bf6cf884c112b80545d5fc5b668fc7d71"
SRC_URI = "git://github.com/SELinuxProject/selinux.git;protocol=http"