diff -Nru libselinux-2.7/debian/changelog libselinux-2.8/debian/changelog --- libselinux-2.7/debian/changelog 2018-03-01 09:35:09.000000000 +0000 +++ libselinux-2.8/debian/changelog 2018-05-28 18:50:31.000000000 +0000 @@ -1,14 +1,22 @@ -libselinux (2.7-2build2) bionic; urgency=high +libselinux (2.8-1) unstable; urgency=medium - * No change rebuild against ruby-defaults without ruby2.3 support. + * New upstream release + - Bump libsepol1-dev build-dependency to >= 2.8 to match the release + * debian/control: Update the VCS-* fields now that we have migrated to + gitlab/salsa machine + * debian/rules: Adjust to match upstream changes to the build system + * debian/control: Downgrade libselinux1 to Priority: optional + * debian/copyright: Fix a spelling error, thanks to lintian + * debian/rules: Use ?= instead of := to assig the dpkg architecture + variables, thanks to lintian + * debian/control: Remove X-Python(3)-Version fields as the required version + is already in oldstable, to please lintian + * debian/rules: Use dh_missing --fail-missing instead of dh_install + * debian/control: Bump Standards-Version to 4.1.4 (no further changes) + * debian/rules: Pass -V to dh_makeshlibs to ensure the udeb file has a + minimal version set - -- Dimitri John Ledkov Thu, 01 Mar 2018 09:35:09 +0000 - -libselinux (2.7-2build1) bionic; urgency=medium - - * No-change rebuild for ruby2.5 update. - - -- Matthias Klose Thu, 01 Feb 2018 19:01:52 +0000 + -- Laurent Bigonville Mon, 28 May 2018 20:50:31 +0200 libselinux (2.7-2) unstable; urgency=medium diff -Nru libselinux-2.7/debian/control libselinux-2.8/debian/control --- libselinux-2.7/debian/control 2018-03-01 09:35:09.000000000 +0000 +++ libselinux-2.8/debian/control 2018-05-28 18:50:31.000000000 +0000 @@ -1,25 +1,22 @@ Source: libselinux -VCS-Git: https://anonscm.debian.org/git/selinux/libselinux.git -VCS-Browser: https://anonscm.debian.org/gitweb/?p=selinux/libselinux.git;a=summary +VCS-Git: https://salsa.debian.org/selinux-team/libselinux.git +VCS-Browser: https://salsa.debian.org/selinux-team/libselinux Priority: optional Section: libs -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Debian SELinux maintainers +Maintainer: Debian SELinux maintainers Uploaders: Laurent Bigonville , Russell Coker -Standards-Version: 4.1.0 +Standards-Version: 4.1.4 Build-Depends: debhelper (>= 10), dh-python , file, gem2deb (>= 0.5.0~) , - libsepol1-dev (>= 2.7), + libsepol1-dev (>= 2.8), libpcre3-dev, pkg-config, python-all-dev (>= 2.6.6-3~) , python3-all-dev , swig -X-Python-Version: >= 2.4 -X-Python3-Version: >= 3.2 XS-Ruby-Versions: all Homepage: http://userspace.selinuxproject.org/ @@ -37,7 +34,6 @@ Package: libselinux1 Architecture: linux-any -Priority: required Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} @@ -65,7 +61,7 @@ Package: libselinux1-dev Architecture: linux-any Depends: libselinux1 (= ${binary:Version}), - libsepol1-dev (>= 2.7), + libsepol1-dev (>= 2.8), libpcre3-dev, ${misc:Depends} Section: libdevel diff -Nru libselinux-2.7/debian/copyright libselinux-2.8/debian/copyright --- libselinux-2.7/debian/copyright 2017-09-15 09:46:07.000000000 +0000 +++ libselinux-2.8/debian/copyright 2018-05-28 18:50:31.000000000 +0000 @@ -1,4 +1,4 @@ -This is the Debian packe for libselinux, and it is built from sources obtained from: +This is the Debian package for libselinux, and it is built from sources obtained from: http://userspace.selinuxproject.org/trac/wiki/Releases This package was debianized by Colin Walters on diff -Nru libselinux-2.7/debian/python.mk libselinux-2.8/debian/python.mk --- libselinux-2.7/debian/python.mk 2017-09-15 09:46:07.000000000 +0000 +++ libselinux-2.8/debian/python.mk 2018-05-28 18:50:31.000000000 +0000 @@ -11,7 +11,6 @@ ## SELinux does not have a very nice build process extra_python_args = PYTHON=$@ -extra_python_args += PYSITEDIR=$(DESTDIR)/usr/lib/$@/dist-packages extra_python_args += PYLIBS= ## How to build and install each individually-versioned copy diff -Nru libselinux-2.7/debian/rules libselinux-2.8/debian/rules --- libselinux-2.7/debian/rules 2017-09-15 09:46:07.000000000 +0000 +++ libselinux-2.8/debian/rules 2018-05-28 18:50:31.000000000 +0000 @@ -4,17 +4,14 @@ #export DH_VERBOSE=1 ## Figure out some variables -DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) -DEB_HOST_GNU_CPU := $(shell dpkg-architecture -qDEB_HOST_GNU_CPU) -DEB_HOST_GNU_TYPE := $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) -DEB_HOST_MULTIARCH := $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) +DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) +DEB_HOST_GNU_CPU ?= $(shell dpkg-architecture -qDEB_HOST_GNU_CPU) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) PKG_CONFIG ?= $(DEB_HOST_GNU_TYPE)-pkg-config -LIBDIR_LIBSEPOL := $(shell $(PKG_CONFIG) --variable=libdir libsepol) DOPACKAGES = $(shell dh_listpackages) -PREFIX = /usr - BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W "libsepol1-dev") ## Default target @@ -53,40 +50,36 @@ @touch $@ ## Set up some variables to be passed to the upstream Makefile -extra_make_args = LIBSEPOLA=$(LIBDIR_LIBSEPOL)/libsepol.a -extra_make_args += ARCH=$(DEB_HOST_GNU_CPU) +extra_make_args = ARCH=$(DEB_HOST_GNU_CPU) extra_make_args += CC=$(DEB_HOST_GNU_TYPE)-gcc extra_make_args += PKG_CONFIG=$(PKG_CONFIG) override_dh_auto_build: FORCE - +$(MAKE) PREFIX="$(PREFIX)" LIBBASE="lib/${DEB_HOST_MULTIARCH}" $(extra_make_args) all + +$(MAKE) $(extra_make_args) all ## Work around the very limited SELinux build-system DESTDIR = $(CURDIR)/debian/tmp base_extra_install_args = $(extra_make_args) base_extra_install_args += DESTDIR=$(DESTDIR) -extra_install_args = $(base_extra_install_args) LIBDIR=$(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH) -extra_install_args += SHLIBDIR=$(DESTDIR)/lib/$(DEB_HOST_MULTIARCH) -python_extra_install_args = $(base_extra_install_args) LIBDIR=$(DESTDIR)/usr/lib +extra_install_args = $(base_extra_install_args) LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) +extra_install_args += SHLIBDIR=/lib/$(DEB_HOST_MULTIARCH) +python_extra_install_args = $(base_extra_install_args) LIBDIR=/usr/lib override_dh_auto_install: FORCE - +$(MAKE) PREFIX="$(DESTDIR)$(PREFIX)" $(extra_install_args) install - @# Fix up the broken library symlink - rm -f $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/libselinux.so - ln -s /lib/$(DEB_HOST_MULTIARCH)/libselinux.so.1 $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/libselinux.so + +$(MAKE) $(extra_install_args) install ifneq ($(filter python-selinux python3-selinux,$(DOPACKAGES)),) - +$(MAKE) PREFIX="$(PREFIX)" $(python_extra_install_args) -f debian/python.mk + +$(MAKE) $(python_extra_install_args) -f debian/python.mk endif ifneq ($(filter ruby-selinux,$(DOPACKAGES)),) - +$(MAKE) PREFIX="$(PREFIX)" $(extra_install_args) -f debian/ruby.mk + +$(MAKE) $(extra_install_args) -f debian/ruby.mk endif ## Generate a hard error for any upstream files we don't install -override_dh_install: FORCE - dh_install --fail-missing +override_dh_missing: FORCE + dh_missing --fail-missing override_dh_gencontrol: dh_gencontrol -- -VBuilt-Using="$(BUILT_USING)" override_dh_makeshlibs: - dh_makeshlibs -plibselinux1 --add-udeb="libselinux1-udeb" + dh_makeshlibs -plibselinux1 --add-udeb="libselinux1-udeb" -V dh_makeshlibs --remaining-packages diff -Nru libselinux-2.7/include/Makefile libselinux-2.8/include/Makefile --- libselinux-2.7/include/Makefile 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/include/Makefile 2018-05-24 18:21:09.000000000 +0000 @@ -1,12 +1,12 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr -INCDIR ?= $(PREFIX)/include/selinux +PREFIX ?= /usr +INCDIR = $(PREFIX)/include/selinux all: install: all - test -d $(INCDIR) || install -m 755 -d $(INCDIR) - install -m 644 $(wildcard selinux/*.h) $(INCDIR) + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR) + install -m 644 $(wildcard selinux/*.h) $(DESTDIR)$(INCDIR) relabel: diff -Nru libselinux-2.7/Makefile libselinux-2.8/Makefile --- libselinux-2.7/Makefile 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/Makefile 2018-05-24 18:21:09.000000000 +0000 @@ -21,13 +21,14 @@ USE_PCRE2 ?= n ifeq ($(USE_PCRE2),y) - PCRE_CFLAGS := -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 $(shell $(PKG_CONFIG) --cflags libpcre2-8) - PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs libpcre2-8) + PCRE_MODULE := libpcre2-8 + PCRE_CFLAGS := -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 else - PCRE_CFLAGS := $(shell $(PKG_CONFIG) --cflags libpcre) - PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs libpcre) + PCRE_MODULE := libpcre endif -export PCRE_CFLAGS PCRE_LDLIBS +PCRE_CFLAGS += $(shell $(PKG_CONFIG) --cflags $(PCRE_MODULE)) +PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs $(PCRE_MODULE)) +export PCRE_MODULE PCRE_CFLAGS PCRE_LDLIBS OS := $(shell uname) export OS diff -Nru libselinux-2.7/man/Makefile libselinux-2.8/man/Makefile --- libselinux-2.7/man/Makefile 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/man/Makefile 2018-05-24 18:21:09.000000000 +0000 @@ -1,17 +1,18 @@ # Installation directories. -MAN8DIR ?= $(DESTDIR)/usr/share/man/man8 -MAN5DIR ?= $(DESTDIR)/usr/share/man/man5 -MAN3DIR ?= $(DESTDIR)/usr/share/man/man3 +PREFIX ?= /usr +MAN8DIR ?= $(PREFIX)/share/man/man8 +MAN5DIR ?= $(PREFIX)/share/man/man5 +MAN3DIR ?= $(PREFIX)/share/man/man3 all: install: all - mkdir -p $(MAN3DIR) - mkdir -p $(MAN5DIR) - mkdir -p $(MAN8DIR) - install -m 644 man3/*.3 $(MAN3DIR) - install -m 644 man5/*.5 $(MAN5DIR) - install -m 644 man8/*.8 $(MAN8DIR) + mkdir -p $(DESTDIR)$(MAN3DIR) + mkdir -p $(DESTDIR)$(MAN5DIR) + mkdir -p $(DESTDIR)$(MAN8DIR) + install -m 644 man3/*.3 $(DESTDIR)$(MAN3DIR) + install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR) + install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR) relabel: diff -Nru libselinux-2.7/man/man5/removable_context.5 libselinux-2.8/man/man5/removable_context.5 --- libselinux-2.7/man/man5/removable_context.5 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/man/man5/removable_context.5 2018-05-24 18:21:09.000000000 +0000 @@ -3,8 +3,7 @@ removable_context \- The SELinux removable devices context configuration file . .SH "DESCRIPTION" -This file contains the default label that should be used for removable devices that are not defined in the \fImedia\fR file (that is described in -.BR selabel_media "(5)). " +This file contains the default label that should be used for removable devices. .sp .BR selinux_removable_context_path "(3) " will return the active policy path to this file. The default removable context file is: @@ -34,4 +33,4 @@ system_u:object_r:removable_t:s0 . .SH "SEE ALSO" -.BR selinux "(8), " selinux_removable_context_path "(3), " selabel_media "(5), " selinux_config "(5) " +.BR selinux "(8), " selinux_removable_context_path "(3), " selinux_config "(5) " diff -Nru libselinux-2.7/man/man5/selabel_media.5 libselinux-2.8/man/man5/selabel_media.5 --- libselinux-2.7/man/man5/selabel_media.5 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/man/man5/selabel_media.5 2018-05-24 18:21:09.000000000 +0000 @@ -52,8 +52,6 @@ .RE .sp Where \fI{SELINUXTYPE}\fR is the entry from the selinux configuration file \fIconfig\fR (see \fBselinux_config\fR(5)). -.sp -Should there not be a valid entry in the \fImedia\fR file, then the default \fIremovable_context\fR file will be read (see \fBremovable_context\fR(5)). . .SH "FILE FORMAT" Each line within the \fImedia\fR file is as follows: @@ -90,4 +88,4 @@ .SH "SEE ALSO" .ad l .nh -.BR selinux "(8), " selabel_open "(3), " selabel_lookup "(3), " selabel_stats "(3), " selabel_close "(3), " selinux_set_callback "(3), " selinux_media_context_path "(3), " freecon "(3), " selinux_config "(5), " removable_context "(5) " +.BR selinux "(8), " selabel_open "(3), " selabel_lookup "(3), " selabel_stats "(3), " selabel_close "(3), " selinux_set_callback "(3), " selinux_media_context_path "(3), " freecon "(3), " selinux_config "(5) " diff -Nru libselinux-2.7/src/audit2why.c libselinux-2.8/src/audit2why.c --- libselinux-2.7/src/audit2why.c 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/src/audit2why.c 2018-05-24 18:21:09.000000000 +0000 @@ -193,7 +193,7 @@ { FILE *fp; char path[PATH_MAX]; - char errormsg[PATH_MAX]; + char errormsg[PATH_MAX+1024+20]; struct sepol_policy_file *pf = NULL; int rc; unsigned int cnt; diff -Nru libselinux-2.7/src/avc.c libselinux-2.8/src/avc.c --- libselinux-2.7/src/avc.c 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/src/avc.c 2018-05-24 18:21:09.000000000 +0000 @@ -4,7 +4,7 @@ * Author : Eamon Walsh * * Derived from the kernel AVC implementation by - * Stephen Smalley and + * Stephen Smalley and * James Morris . */ #include diff -Nru libselinux-2.7/src/booleans.c libselinux-2.8/src/booleans.c --- libselinux-2.7/src/booleans.c 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/src/booleans.c 2018-05-24 18:21:09.000000000 +0000 @@ -416,7 +416,7 @@ ssize_t ret; size_t size = 0; int val; - char boolname[BUFSIZ]; + char boolname[BUFSIZ-3]; char *buffer; inbuf = NULL; __fsetlocking(boolf, FSETLOCKING_BYCALLER); @@ -450,6 +450,7 @@ } } if (i == boolcnt) { + val = !!val; snprintf(outbuf, sizeof(outbuf), "%s=%d\n", boolname, val); len = strlen(outbuf); @@ -505,6 +506,7 @@ size_t i; for (i = 0; i < boolcnt; i++) { + boollist[i].value = !!boollist[i].value; if (security_set_boolean(boollist[i].name, boollist[i].value)) { rollback(boollist, i); return -1; diff -Nru libselinux-2.7/src/label.c libselinux-2.8/src/label.c --- libselinux-2.7/src/label.c 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/src/label.c 2018-05-24 18:21:09.000000000 +0000 @@ -143,7 +143,7 @@ struct selabel_lookup_rec *lr, int translating) { - if (compat_validate(rec, lr, rec->spec_file, 0)) + if (compat_validate(rec, lr, rec->spec_file, lr->lineno)) return -1; if (translating && !lr->ctx_trans && diff -Nru libselinux-2.7/src/label_file.h libselinux-2.8/src/label_file.h --- libselinux-2.7/src/label_file.h 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/src/label_file.h 2018-05-24 18:21:09.000000000 +0000 @@ -278,12 +278,14 @@ if (data->alloc_stems == num) { struct stem *tmp_arr; - - data->alloc_stems = data->alloc_stems * 2 + 16; + int alloc_stems = data->alloc_stems * 2 + 16; tmp_arr = realloc(data->stem_arr, - sizeof(*tmp_arr) * data->alloc_stems); - if (!tmp_arr) + sizeof(*tmp_arr) * alloc_stems); + if (!tmp_arr) { + free(buf); return -1; + } + data->alloc_stems = alloc_stems; data->stem_arr = tmp_arr; } data->stem_arr[num].len = stem_len; @@ -472,6 +474,7 @@ spec_arr[nspec].mode = 0; spec_arr[nspec].lr.ctx_raw = context; + spec_arr[nspec].lr.lineno = lineno; /* * bump data->nspecs to cause closef() to cover it in its free diff -Nru libselinux-2.7/src/label_internal.h libselinux-2.8/src/label_internal.h --- libselinux-2.7/src/label_internal.h 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/src/label_internal.h 2018-05-24 18:21:09.000000000 +0000 @@ -73,6 +73,7 @@ char * ctx_raw; char * ctx_trans; int validated; + unsigned lineno; }; struct selabel_handle { diff -Nru libselinux-2.7/src/libselinux.pc.in libselinux-2.8/src/libselinux.pc.in --- libselinux-2.7/src/libselinux.pc.in 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/src/libselinux.pc.in 2018-05-24 18:21:09.000000000 +0000 @@ -1,12 +1,12 @@ prefix=@prefix@ exec_prefix=${prefix} -libdir=${exec_prefix}/@libdir@ +libdir=@libdir@ includedir=@includedir@ Name: libselinux Description: SELinux utility library Version: @VERSION@ URL: http://userspace.selinuxproject.org/ -Requires.private: libsepol libpcre +Requires.private: libsepol @PCRE_MODULE@ Libs: -L${libdir} -lselinux Cflags: -I${includedir} diff -Nru libselinux-2.7/src/Makefile libselinux-2.8/src/Makefile --- libselinux-2.7/src/Makefile 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/src/Makefile 2018-05-24 18:21:09.000000000 +0000 @@ -8,19 +8,17 @@ PKG_CONFIG ?= pkg-config # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr LIBDIR ?= $(PREFIX)/lib -SHLIBDIR ?= $(DESTDIR)/lib +SHLIBDIR ?= /lib INCLUDEDIR ?= $(PREFIX)/include PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])') +PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))") PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])') RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]') RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]') -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]') -LIBBASE ?= $(shell basename $(LIBDIR)) -LIBSEPOLA ?= $(LIBDIR)/libsepol.a +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]') VERSION = $(shell cat ../VERSION) LIBVERSION = 1 @@ -50,6 +48,13 @@ AUDIT2WHYLOBJ=$(PYPREFIX)audit2why.lo AUDIT2WHYSO=$(PYPREFIX)audit2why.so +# If no specific libsepol.a is specified, fall back on LDFLAGS search path +# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there +# is no need to define a value for LDLIBS_LIBSEPOLA +ifeq ($(LIBSEPOLA),) + LDLIBS_LIBSEPOLA := -l:libsepol.a +endif + GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i SRCS= $(filter-out $(GENERATED) audit2why.c, $(sort $(wildcard *.c))) @@ -93,6 +98,8 @@ endif PCRE_LDLIBS ?= -lpcre +# override with -lfts when building on Musl libc to use fts-standalone +FTS_LDLIBS ?= override CFLAGS += -I../include -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS) @@ -144,11 +151,11 @@ $(RANLIB) $@ $(LIBSO): $(LOBJS) - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ $(PCRE_LDLIBS) -ldl -Wl,$(LD_SONAME_FLAGS) + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ $(PCRE_LDLIBS) $(FTS_LDLIBS) -ldl -Wl,$(LD_SONAME_FLAGS) ln -sf $@ $(TARGET) $(LIBPC): $(LIBPC).in ../VERSION - sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@ + sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):; s:@PCRE_MODULE@:$(PCRE_MODULE):' < $< > $@ selinuxswig_python_exception.i: ../include/selinux/selinux.h bash -e exception.sh > $@ || (rm -f $@ ; false) @@ -157,7 +164,7 @@ $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $< $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA) - $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(PYLIBS) + $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(LDLIBS_LIBSEPOLA) $(PYLIBS) %.o: %.c policy.h $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $< @@ -177,26 +184,26 @@ $(SWIG) $< install: all - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) - install -m 644 $(LIBA) $(LIBDIR) - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) - install -m 755 $(LIBSO) $(SHLIBDIR) - test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig - ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET) + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR) + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig + ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) install-pywrap: pywrap - test -d $(PYSITEDIR)/selinux || install -m 755 -d $(PYSITEDIR)/selinux - install -m 755 $(SWIGSO) $(PYSITEDIR)/_selinux$(PYCEXT) - install -m 755 $(AUDIT2WHYSO) $(PYSITEDIR)/selinux/audit2why$(PYCEXT) - install -m 644 $(SWIGPYOUT) $(PYSITEDIR)/selinux/__init__.py + test -d $(DESTDIR)$(PYTHONLIBDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/selinux + install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT) + install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYTHONLIBDIR)/selinux/audit2why$(PYCEXT) + install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py install-rubywrap: rubywrap - test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL) + install -m 755 $(SWIGRUBYSO) $(DESTDIR)$(RUBYINSTALL)/selinux.so relabel: - /sbin/restorecon $(SHLIBDIR)/$(LIBSO) + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO) clean-pywrap: -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO) diff -Nru libselinux-2.7/utils/avcstat.c libselinux-2.8/utils/avcstat.c --- libselinux-2.7/utils/avcstat.c 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/utils/avcstat.c 2018-05-24 18:21:09.000000000 +0000 @@ -110,7 +110,8 @@ cumulative = 1; break; case 'f': - strncpy(avcstatfile, optarg, sizeof avcstatfile); + strncpy(avcstatfile, optarg, sizeof(avcstatfile) - 1); + avcstatfile[sizeof(avcstatfile)-1] = '\0'; break; case 'h': case '-': diff -Nru libselinux-2.7/utils/getconlist.c libselinux-2.8/utils/getconlist.c --- libselinux-2.7/utils/getconlist.c 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/utils/getconlist.c 2018-05-24 18:21:09.000000000 +0000 @@ -19,7 +19,7 @@ int main(int argc, char **argv) { - char **list, *usercon = NULL, *cur_context = NULL; + char **list, *cur_context = NULL; char *user = NULL, *level = NULL; int ret, i, opt; @@ -40,6 +40,7 @@ if (!is_selinux_enabled()) { fprintf(stderr, "getconlist may be used only on a SELinux kernel.\n"); + free(level); return 1; } @@ -49,6 +50,7 @@ if (((argc - optind) < 2)) { if (getcon(&cur_context) < 0) { fprintf(stderr, "Couldn't get current context.\n"); + free(level); return 2; } } else @@ -67,7 +69,7 @@ freeconary(list); } - free(usercon); + free(level); return 0; } diff -Nru libselinux-2.7/utils/Makefile libselinux-2.8/utils/Makefile --- libselinux-2.7/utils/Makefile 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/utils/Makefile 2018-05-24 18:21:09.000000000 +0000 @@ -1,8 +1,6 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr -LIBDIR ?= $(PREFIX)/lib +PREFIX ?= /usr SBINDIR ?= $(PREFIX)/sbin -INCLUDEDIR ?= $(PREFIX)/include OS ?= $(shell uname) @@ -63,8 +61,8 @@ all: $(TARGETS) install: all - -mkdir -p $(SBINDIR) - install -m 755 $(TARGETS) $(SBINDIR) + -mkdir -p $(DESTDIR)$(SBINDIR) + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR) clean: rm -f $(TARGETS) *.o *~ diff -Nru libselinux-2.7/VERSION libselinux-2.8/VERSION --- libselinux-2.7/VERSION 2017-08-04 13:31:00.000000000 +0000 +++ libselinux-2.8/VERSION 2018-05-24 18:21:09.000000000 +0000 @@ -1 +1 @@ -2.7 +2.8