update version

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>
11 months ago · 89dc9c43f0
2 changed files with 76 additions and 11 deletions
--- a/SOURCES/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch
+++ b/SOURCES/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch
@ -0,0 +1,60 @@
				@@ -0,0 +1,60 @@
+From 556b2b91aad55680e1b50fd547ff749fa35cc2d2 Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Wed, 8 Jun 2022 19:09:53 +0200
+Subject: [PATCH] libsemanage: always write kernel policy when
+ check_ext_changes is specified
+Content-type: text/plain
+
+For the use case of rebuilding the policy after package updates, we need
+the check_ext_changes operation to always do at least the do_write_kernel
+step, because the various semanage dbs may have also changed content
+relative to the current binary policy. As this step is itself relatively
+fast, we can do it unconditionally.
+
+Fixes: 286a679fadc4 ("libsemanage: optionally rebuild policy when modules are changed externally")
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
+---
+ libsemanage/include/semanage/handle.h | 2 +-
+ libsemanage/src/direct_api.c          | 8 +++++---
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h
+index 0157be4fbc46..4cf30815d803 100644
+--- a/libsemanage/include/semanage/handle.h
+++ b/libsemanage/include/semanage/handle.h
+@@ -67,7 +67,7 @@ extern void semanage_set_reload(semanage_handle_t * handle, int do_reload);
+ extern void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild);
+ 
+ /* set whether to rebuild the policy on commit when potential changes
+- * to module files since last rebuild are detected,
+ * to store files since last rebuild are detected,
+  * 1 for yes (default), 0 for no */
+ extern void semanage_set_check_ext_changes(semanage_handle_t * handle, int do_check);
+ 
+diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
+index 7206483a3ebb..7aa081abb3b7 100644
+--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
+@@ -1437,13 +1437,15 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 	 * Determine what else needs to be done.
+ 	 * We need to write the kernel policy if we are rebuilding
+ 	 * or if any other policy component that lives in the kernel
+-	 * policy has been modified.
+	 * policy has been modified. We also want to force it when
+	 * check_ext_changes was specified as the various dbases may have
+	 * changes as well.
+ 	 * We need to install the policy files if any of the managed files
+ 	 * that live under /etc/selinux (kernel policy, seusers, file contexts)
+ 	 * will be modified.
+ 	 */
+-	do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified |
+-		ibendports_modified |
+	do_write_kernel = do_rebuild | sh->check_ext_changes |
+		ports_modified | ibpkeys_modified | ibendports_modified |
+ 		bools->dtable->is_modified(bools->dbase) |
+ 		ifaces->dtable->is_modified(ifaces->dbase) |
+ 		nodes->dtable->is_modified(nodes->dbase) |
+-- 
+2.36.1
+
--- a/SPECS/libsemanage.spec
+++ b/SPECS/libsemanage.spec
@ -1,21 +1,16 @@
				@@ -1,21 +1,16 @@
-%define libsepolver 3.3-1
-%define libselinuxver 3.3-1
+%define libsepolver 3.4-1
+%define libselinuxver 3.4-1

 Summary: SELinux binary policy manipulation library
 Name: libsemanage
-Version: 3.3
+Version: 3.4
 Release: 2%{?dist}
 License: LGPLv2+
-Source0: https://github.com/SELinuxProject/selinux/releases/download/3.3/libsemanage-3.3.tar.gz
-# fedora-selinux/selinux: git format-patch -N 3.3 -- libsemanage
+Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/libsemanage-3.4.tar.gz
+# fedora-selinux/selinux: git checkout c9s; git format-patch -N 3.4 -- libsemanage
 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
 # Patch list start
-Patch0001: 0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch
-Patch0002: 0002-libsemanage-add-missing-include-to-boolean_record.c.patch
-Patch0003: 0003-semodule-libsemanage-move-module-hashing-into-libsem.patch
-Patch0004: 0004-libsemanage-move-compressed-file-handling-into-a-sep.patch
-Patch0005: 0005-libsemanage-clean-up-semanage_direct_commit-a-bit.patch
-Patch0006: 0006-libsemanage-optionally-rebuild-policy-when-modules-a.patch
+Patch0001: 0001-libsemanage-always-write-kernel-policy-when-check_ex.patch
 # Patch list end
 URL: https://github.com/SELinuxProject/selinux/wiki
 Source1: semanage.conf
@ -159,6 +154,16 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf
				@@ -159,6 +154,16 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf
 %{_libexecdir}/selinux/semanage_migrate_store

 %changelog
+* Mon Jul 18 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2
+- Always write kernel policy when check_ext_changes is specified (#2104935)
+
+* Thu May 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1
+- SELinux userspace 3.4 release
+
+* Wed Apr 27 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3-3
+- allow spaces in user/group names (#2049665)
+- Fall back to semanage_copy_dir when rename() fails (#2068085)
+
 * Tue Feb 15 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3-2
 - optionally rebuild policy when modules are changed externally