From 76eb43412b532a045d92d524dfa5ed1b1bcca671 Mon Sep 17 00:00:00 2001 From: Michael Mair-Keimberger Date: Sun, 1 Oct 2017 15:47:28 +0200 Subject: sys-libs/libselinux: remove unused patches --- .../0005-use-ruby-include-with-rubylibver.patch | 12 -- ...07-build-related-fixes-bug-500674-for-2.5.patch | 69 ----------- ...nux-2.5-0001-only-mount-proc-if-necessary.patch | 54 --------- ...ing-proc-outside-of-selinux_init_load_pol.patch | 129 --------------------- ...5-0003-Change-the-location-of-_selinux.so.patch | 44 ------- 5 files changed, 308 deletions(-) delete mode 100644 sys-libs/libselinux/files/0005-use-ruby-include-with-rubylibver.patch delete mode 100644 sys-libs/libselinux/files/0007-build-related-fixes-bug-500674-for-2.5.patch delete mode 100644 sys-libs/libselinux/files/libselinux-2.5-0001-only-mount-proc-if-necessary.patch delete mode 100644 sys-libs/libselinux/files/libselinux-2.5-0002-Avoid-mounting-proc-outside-of-selinux_init_load_pol.patch delete mode 100644 sys-libs/libselinux/files/libselinux-2.5-0003-Change-the-location-of-_selinux.so.patch (limited to 'sys-libs/libselinux') diff --git a/sys-libs/libselinux/files/0005-use-ruby-include-with-rubylibver.patch b/sys-libs/libselinux/files/0005-use-ruby-include-with-rubylibver.patch deleted file mode 100644 index 0fc84141a3db..000000000000 --- a/sys-libs/libselinux/files/0005-use-ruby-include-with-rubylibver.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -uNr libselinux-2.2.2.orig/src/Makefile libselinux-2.2.2/src/Makefile ---- libselinux-2.2.2.orig/src/Makefile 2013-11-06 20:56:30.000000000 +0100 -+++ libselinux-2.2.2/src/Makefile 2013-11-25 21:02:05.327561766 +0100 -@@ -16,7 +16,7 @@ - PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER) - RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")') - RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM') --RUBYINC ?= $(shell pkg-config --cflags ruby) -+RUBYINC ?= $(shell pkg-config --cflags ruby-$(RUBYLIBVER)) - RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) - LIBBASE ?= $(shell basename $(LIBDIR)) - diff --git a/sys-libs/libselinux/files/0007-build-related-fixes-bug-500674-for-2.5.patch b/sys-libs/libselinux/files/0007-build-related-fixes-bug-500674-for-2.5.patch deleted file mode 100644 index 67e47ad40a67..000000000000 --- a/sys-libs/libselinux/files/0007-build-related-fixes-bug-500674-for-2.5.patch +++ /dev/null @@ -1,69 +0,0 @@ -https://bugs.gentoo.org/500674 - -random fixes: -- make sure PCRE_CFLAGS get used -- use PCRE_LIBS via pkg-config -- move LDFLAGS to before objects, not after -- do not hardcode -L$(LIBDIR) (let the toolchain handle it) -- do not hardcode -I$(INCLUDEDIR) (let the toolchain handle it) - -diff -uNr libselinux-2.5.orig/src/Makefile libselinux-2.5/src/Makefile ---- libselinux-2.5.orig/src/Makefile 2016-03-13 19:27:07.091000000 +0100 -+++ libselinux-2.5/src/Makefile 2016-03-13 19:27:16.495000000 +0100 -@@ -73,7 +73,7 @@ - -fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const \ - -Werror -Wno-aggregate-return -Wno-redundant-decls - --override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE $(EMFLAGS) -+override CFLAGS += -I../include $(PCRE_CFLAGS) -D_GNU_SOURCE $(EMFLAGS) - - SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter \ - -Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations -@@ -102,17 +102,17 @@ - $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $< - - $(SWIGSO): $(SWIGLOBJ) -- $(CC) $(CFLAGS) -shared -o $@ $< -L. -lselinux $(LDFLAGS) -L$(LIBDIR) -+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux - - $(SWIGRUBYSO): $(SWIGRUBYLOBJ) -- $(CC) $(CFLAGS) -shared -o $@ $^ -L. -lselinux $(LDFLAGS) -L$(LIBDIR) -+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux - - $(LIBA): $(OBJS) - $(AR) rcs $@ $^ - $(RANLIB) $@ - - $(LIBSO): $(LOBJS) -- $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro -+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl $(PCRE_LIBS) -Wl,-soname,$(LIBSO),-z,defs,-z,relro - ln -sf $@ $(TARGET) - - $(LIBPC): $(LIBPC).in ../VERSION -@@ -125,7 +125,7 @@ - $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $< - - $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) -- $(CC) $(CFLAGS) -shared -o $@ $^ -L. $(LDFLAGS) -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR) -+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBDIR)/libsepol.a - - %.o: %.c policy.h - $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $< -diff -uNr libselinux-2.5.orig/utils/Makefile libselinux-2.5/utils/Makefile ---- libselinux-2.5.orig/utils/Makefile 2016-03-13 19:27:07.102000000 +0100 -+++ libselinux-2.5/utils/Makefile 2016-03-13 19:27:40.297000000 +0100 -@@ -24,11 +24,12 @@ - -fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const \ - -Werror -Wno-aggregate-return -Wno-redundant-decls - override CFLAGS += -I../include -D_GNU_SOURCE $(EMFLAGS) --LDLIBS += -L../src -lselinux -L$(LIBDIR) -+LDLIBS += -L../src -lselinux - - TARGETS=$(patsubst %.c,%,$(wildcard *.c)) - --sefcontext_compile: LDLIBS += -lpcre ../src/libselinux.a -lsepol -+sefcontext_compile: CFLAGS += $(PCRE_FLAGS) -+sefcontext_compile: LDLIBS += $(PCRE_LIBS) -lsepol ../src/libselinux.a - - selinux_restorecon: LDLIBS += -lsepol - diff --git a/sys-libs/libselinux/files/libselinux-2.5-0001-only-mount-proc-if-necessary.patch b/sys-libs/libselinux/files/libselinux-2.5-0001-only-mount-proc-if-necessary.patch deleted file mode 100644 index dfa6a0fa5553..000000000000 --- a/sys-libs/libselinux/files/libselinux-2.5-0001-only-mount-proc-if-necessary.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 5a8d8c499b2ef80eaa7b5abe2ec68d7101e613bf Mon Sep 17 00:00:00 2001 -From: Stephen Smalley -Date: Mon, 29 Feb 2016 10:10:55 -0500 -Subject: [PATCH] libselinux: only mount /proc if necessary - -Commit 9df498884665d ("libselinux: Mount procfs before checking -/proc/filesystems") changed selinuxfs_exists() to always try -mounting /proc before reading /proc/filesystems. However, this is -unnecessary if /proc is already mounted and can produce avc denials -if the process is not allowed to perform the mount. Check first -to see if /proc is already present and only try the mount if it is not. - -Signed-off-by: Stephen Smalley ---- - libselinux/src/init.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/libselinux/src/init.c b/libselinux/src/init.c -index 3db4de0..3530594 100644 ---- libselinux/src/init.c -+++ libselinux/src/init.c -@@ -12,6 +12,7 @@ - #include - #include - #include -+#include - - #include "dso.h" - #include "policy.h" -@@ -57,13 +58,19 @@ static int verify_selinuxmnt(const char *mnt) - - int selinuxfs_exists(void) - { -- int exists = 0, mnt_rc = 0; -+ int exists = 0, mnt_rc = -1, rc; -+ struct statfs sb; - FILE *fp = NULL; - char *buf = NULL; - size_t len; - ssize_t num; - -- mnt_rc = mount("proc", "/proc", "proc", 0, 0); -+ do { -+ rc = statfs("/proc", &sb); -+ } while (rc < 0 && errno == EINTR); -+ -+ if (rc == 0 && ((uint32_t)sb.f_type != (uint32_t)PROC_SUPER_MAGIC)) -+ mnt_rc = mount("proc", "/proc", "proc", 0, 0); - - fp = fopen("/proc/filesystems", "r"); - if (!fp) { --- -2.7.3 - diff --git a/sys-libs/libselinux/files/libselinux-2.5-0002-Avoid-mounting-proc-outside-of-selinux_init_load_pol.patch b/sys-libs/libselinux/files/libselinux-2.5-0002-Avoid-mounting-proc-outside-of-selinux_init_load_pol.patch deleted file mode 100644 index c811450ba396..000000000000 --- a/sys-libs/libselinux/files/libselinux-2.5-0002-Avoid-mounting-proc-outside-of-selinux_init_load_pol.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 32773a99b1f0cf2b61b5f5a33359684b18aab1ed Mon Sep 17 00:00:00 2001 -From: Stephen Smalley -Date: Fri, 13 May 2016 11:59:47 -0400 -Subject: [PATCH] Avoid mounting /proc outside of selinux_init_load_policy(). - -Temporarily mounting /proc within selinuxfs_exists() can cause -problems since it can be called by a libselinux constructor and -therefore may be invoked by every program linked with libselinux. -Since this was only motivated originally by a situation where -selinuxfs_exists() was called from selinux_init_load_policy() -before /proc was mounted, fix it in selinux_init_load_policy() instead. - -This reverts commit 5a8d8c499b2ef80eaa7b5abe2ec68d7101e613bf -("libselinux: only mount /proc if necessary") and -commit 9df498884665d79474b79f0f30d1cd67df11bd3e -("libselinux: Mount procfs before checking /proc/filesystems"). - -Signed-off-by: Stephen Smalley ---- - libselinux/src/init.c | 27 +++------------------------ - libselinux/src/load_policy.c | 15 ++++++++++----- - 2 files changed, 13 insertions(+), 29 deletions(-) - -diff --git a/libselinux/src/init.c b/libselinux/src/init.c -index 3530594..3c687a2 100644 ---- libselinux/src/init.c -+++ libselinux/src/init.c -@@ -11,8 +11,6 @@ - #include - #include - #include --#include --#include - - #include "dso.h" - #include "policy.h" -@@ -58,26 +56,15 @@ static int verify_selinuxmnt(const char *mnt) - - int selinuxfs_exists(void) - { -- int exists = 0, mnt_rc = -1, rc; -- struct statfs sb; -+ int exists = 0; - FILE *fp = NULL; - char *buf = NULL; - size_t len; - ssize_t num; - -- do { -- rc = statfs("/proc", &sb); -- } while (rc < 0 && errno == EINTR); -- -- if (rc == 0 && ((uint32_t)sb.f_type != (uint32_t)PROC_SUPER_MAGIC)) -- mnt_rc = mount("proc", "/proc", "proc", 0, 0); -- - fp = fopen("/proc/filesystems", "r"); -- if (!fp) { -- exists = 1; /* Fail as if it exists */ -- goto out; -- } -- -+ if (!fp) -+ return 1; /* Fail as if it exists */ - __fsetlocking(fp, FSETLOCKING_BYCALLER); - - num = getline(&buf, &len, fp); -@@ -91,14 +78,6 @@ int selinuxfs_exists(void) - - free(buf); - fclose(fp); -- --out: --#ifndef MNT_DETACH --#define MNT_DETACH 2 --#endif -- if (mnt_rc == 0) -- umount2("/proc", MNT_DETACH); -- - return exists; - } - hidden_def(selinuxfs_exists) -diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c -index 21ee58b..4f39fc7 100644 ---- libselinux/src/load_policy.c -+++ libselinux/src/load_policy.c -@@ -17,6 +17,10 @@ - #include "policy.h" - #include - -+#ifndef MNT_DETACH -+#define MNT_DETACH 2 -+#endif -+ - int security_load_policy(void *data, size_t len) - { - char path[PATH_MAX]; -@@ -348,11 +352,6 @@ int selinux_init_load_policy(int *enforce) - fclose(cfg); - free(buf); - } --#ifndef MNT_DETACH --#define MNT_DETACH 2 --#endif -- if (rc == 0) -- umount2("/proc", MNT_DETACH); - - /* - * Determine the final desired mode. -@@ -400,11 +399,17 @@ int selinux_init_load_policy(int *enforce) - /* Only emit this error if selinux was not disabled */ - fprintf(stderr, "Mount failed for selinuxfs on %s: %s\n", SELINUXMNT, strerror(errno)); - } -+ -+ if (rc == 0) -+ umount2("/proc", MNT_DETACH); - - goto noload; - } - set_selinuxmnt(mntpoint); - -+ if (rc == 0) -+ umount2("/proc", MNT_DETACH); -+ - /* - * Note: The following code depends on having selinuxfs - * already mounted and selinuxmnt set above. --- -2.7.3 - diff --git a/sys-libs/libselinux/files/libselinux-2.5-0003-Change-the-location-of-_selinux.so.patch b/sys-libs/libselinux/files/libselinux-2.5-0003-Change-the-location-of-_selinux.so.patch deleted file mode 100644 index 542acfdc2437..000000000000 --- a/sys-libs/libselinux/files/libselinux-2.5-0003-Change-the-location-of-_selinux.so.patch +++ /dev/null @@ -1,44 +0,0 @@ -From a9604c30a5e2f71007d31aa6ba41cf7b95d94822 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 27 Jun 2016 10:46:13 +0200 -Subject: [PATCH] libselinux: Change the location of _selinux.so - -There was a change in swig-3.10 to use importlib instead of imp. While -the implementation with imp looked for _selinux.so also into the same directory -as __init__.py is, a new module with importlib searchs only standard paths. -It means that we need to move _selinux.so from $(PYLIBDIR)/site-packages/selinux/ -to $(PYLIBDIR)/site-packages/. - -Fixes: ->>> import selinux -Traceback (most recent call last): - File "", line 1, in - File "/usr/lib64/python2.7/site-packages/selinux/__init__.py", line 21, in - _selinux = swig_import_helper() - File "/usr/lib64/python2.7/site-packages/selinux/__init__.py", line 20, in swig_import_helper - return importlib.import_module('_selinux') - File "/usr/lib64/python2.7/importlib/__init__.py", line 37, in import_module - __import__(name) -ImportError: No module named _selinux - -Signed-off-by: Petr Lautrbach ---- - libselinux/src/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile -index d94163e..37d01af 100644 ---- libselinux/src/Makefile -+++ libselinux/src/Makefile -@@ -156,7 +156,7 @@ install: all - - install-pywrap: pywrap - test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux -- install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/selinux/_selinux.so -+ install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/_selinux.so - install -m 755 $(AUDIT2WHYSO) $(PYLIBDIR)/site-packages/selinux/audit2why.so - install -m 644 $(SWIGPYOUT) $(PYLIBDIR)/site-packages/selinux/__init__.py - --- -2.7.3 - -- cgit v1.2.3-65-gdbad