[gentoo-commits] repo/gentoo:master commit in: sys-libs/libselinux/files/, sys-libs/libselinux/

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libselinux/files/, sys-libs/libselinux/

[Sven Vermeulen]

commit:     ec7c7fbaca366eb86eec892b5dec1bd80e9bc647
Author:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 13 17:12:49 2016 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sun Mar 13 19:46:32 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec7c7fba

sys-libs/libselinux: Bump to 2.5 release

Package-Manager: portage-2.2.26

 sys-libs/libselinux/Manifest                       |  1 +
 ...07-build-related-fixes-bug-500674-for-2.5.patch | 69 ++++++++++++++++++++++
 ...ibselinux-9999.ebuild => libselinux-2.5.ebuild} | 32 ++++------
 sys-libs/libselinux/libselinux-9999.ebuild         | 12 ++--
 4 files changed, 89 insertions(+), 25 deletions(-)

diff --git a/sys-libs/libselinux/Manifest b/sys-libs/libselinux/Manifest
index f9ea8da..6cfaca0 100644
--- a/sys-libs/libselinux/Manifest
+++ b/sys-libs/libselinux/Manifest
@@ -1,5 +1,6 @@
 DIST libselinux-2.2.2.tar.gz 171013 SHA256 30ab363416806da907b86b97f1d31c252473e3200358bb1570f563c8312b5a3e SHA512 1270cba11ec0795a2cea3706ac5547655d0e65dcd2141932000526f3d0c781b6ae114051b2bb53950b8ef207a318335329280b9fc9fd81796e8e4a27cf6ae841 WHIRLPOOL a444e44225ced35b126bbd2e8924aaf5c9f4da7abb9663d20a32b97babe750245c22d75e2238de0958b73295cf582b8aec39e23312886b96417120c600ed37dc
 DIST libselinux-2.3.tar.gz 171254 SHA256 0b1e0b43ecd84a812713d09564019b08e7c205d89072b5cbcd07b052cd8e77b2 SHA512 8cfcd20ab0b43ffbb32389e0498b21e43cde643dcdf471a2354f1ca557f11641d250871ed5e71b9dde4c5f47ac1048746fe514f8f6cfad668fa179ed5136e802 WHIRLPOOL e975a391559aca3f8b251d2aa484cf8e344d09caa43ff56dd929e75a0ad195cf8d9a88b950679f589f4deb74aea0d22be4e7ad00b11eacc080288df0b5ac7ccb
 DIST libselinux-2.4.tar.gz 165931 SHA256 46043091f4c5ba4f43e8d3715f30d665a2d571c9126c1f03945c9ea4ed380f7b SHA512 f7c7ceabcc6ca7bb5cb24fd04b8ea4771af7e509a11ce601fb50d52bd14b291ab6136b7f5193912d02b61b132a2fdd1666f229478598d0b20b99bdea0f5e69d6 WHIRLPOOL d1499818fc885c3bd07785d41466b4ea4bcf56fafe8cbc9bd1a517fe0d2d528b10911fa6df08756ca63aebc411fd69c7f01283685c8a858a81301e203dfd3ec2
+DIST libselinux-2.5.tar.gz 189019 SHA256 94c9e97706280bedcc288f784f67f2b9d3d6136c192b2c9f812115edba58514f SHA512 1c6718aa6fa05c8635427cd6f5a89ce47fb6bb9bd2fec417293122826695d1ebb0e0b86e83711abb5c4fe71c67dce6f2e18745592833d1711f0ab2d01246b8c7 WHIRLPOOL 96192b856d32a82b9b4413137085e69ad52cbf2e0d274603a90d904e9a318a80c83f337aef26f54c685a689972432955f0f9de67949e0bb4f844611df22d3589
 DIST patchbundle-libselinux-2.2.2-r5.tar.gz 2304 SHA256 ad77f499c05ec3b5707cb9db518a891dd9c84ccb77db07e686c87e5799e1802c SHA512 a01db39a7aade27b0127dd0e2f3185587ff4d913b7b1be7beac36dc2d3e1007de5e6bae8a11bc84567385420fff064ba54892d8e113c8fd54ad3c598dde7648d WHIRLPOOL 5886d9de6fcf073d54ca5e0eac3f8b4754c44382e7044debb223f94ecc81ea0e26b7638037eef17eb6f8ce4cc5046a4bb9f93b9b7767480908ee5b2ced0413ac
 DIST patchbundle-libselinux-4.tar.gz 2631 SHA256 91bf43c84ce3d3178c8d21fdcf97380a635fa2465d1611fe4e0e3838a586c78c SHA512 bd2f9762f095e3dbc67e77ee04968cb8e87d460fdf10feff91cb1ce6027e19a660bb57617887e44608d39720e8f95500c451c4b284d58c0a756a04b08fa305c2 WHIRLPOOL 07a6a69d33c46c443907aae2ae4f3646a0360565e28d0a50cbcf81f8b5d8c259812d3e086841fc21c2a8104ce9863fc6c9c1d32e28ea08ebc7baf2d45af3509f

diff --git a/sys-libs/libselinux/files/0007-build-related-fixes-bug-500674-for-2.5.patch b/sys-libs/libselinux/files/0007-build-related-fixes-bug-500674-for-2.5.patch
new file mode 100644
index 0000000..67e47ad
--- /dev/null
+++ b/sys-libs/libselinux/files/0007-build-related-fixes-bug-500674-for-2.5.patch
@@ -0,0 +1,69 @@
+https://bugs.gentoo.org/500674
+
+random fixes:
+- make sure PCRE_CFLAGS get used
+- use PCRE_LIBS via pkg-config
+- move LDFLAGS to before objects, not after
+- do not hardcode -L$(LIBDIR) (let the toolchain handle it)
+- do not hardcode -I$(INCLUDEDIR) (let the toolchain handle it)
+
+diff -uNr libselinux-2.5.orig/src/Makefile libselinux-2.5/src/Makefile
+--- libselinux-2.5.orig/src/Makefile	2016-03-13 19:27:07.091000000 +0100
++++ libselinux-2.5/src/Makefile	2016-03-13 19:27:16.495000000 +0100
+@@ -73,7 +73,7 @@
+           -fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const \
+           -Werror -Wno-aggregate-return -Wno-redundant-decls
+ 
+-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE $(EMFLAGS)
++override CFLAGS += -I../include $(PCRE_CFLAGS) -D_GNU_SOURCE $(EMFLAGS)
+ 
+ SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter \
+ 		-Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations
+@@ -102,17 +102,17 @@
+ 	$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
+ 
+ $(SWIGSO): $(SWIGLOBJ)
+-	$(CC) $(CFLAGS) -shared -o $@ $< -L. -lselinux $(LDFLAGS) -L$(LIBDIR)
++	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux
+ 
+ $(SWIGRUBYSO): $(SWIGRUBYLOBJ)
+-	$(CC) $(CFLAGS) -shared -o $@ $^ -L. -lselinux $(LDFLAGS) -L$(LIBDIR)
++	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux
+ 
+ $(LIBA): $(OBJS)
+ 	$(AR) rcs $@ $^
+ 	$(RANLIB) $@
+ 
+ $(LIBSO): $(LOBJS)
+-	$(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
++	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl $(PCRE_LIBS) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ 	ln -sf $@ $(TARGET) 
+ 
+ $(LIBPC): $(LIBPC).in ../VERSION
+@@ -125,7 +125,7 @@
+ 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
+ 
+ $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
+-	$(CC) $(CFLAGS) -shared -o $@ $^ -L. $(LDFLAGS) -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
++	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBDIR)/libsepol.a
+ 
+ %.o:  %.c policy.h
+ 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
+diff -uNr libselinux-2.5.orig/utils/Makefile libselinux-2.5/utils/Makefile
+--- libselinux-2.5.orig/utils/Makefile	2016-03-13 19:27:07.102000000 +0100
++++ libselinux-2.5/utils/Makefile	2016-03-13 19:27:40.297000000 +0100
+@@ -24,11 +24,12 @@
+           -fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const \
+           -Werror -Wno-aggregate-return -Wno-redundant-decls
+ override CFLAGS += -I../include -D_GNU_SOURCE $(EMFLAGS)
+-LDLIBS += -L../src -lselinux -L$(LIBDIR)
++LDLIBS += -L../src -lselinux
+ 
+ TARGETS=$(patsubst %.c,%,$(wildcard *.c))
+ 
+-sefcontext_compile: LDLIBS += -lpcre ../src/libselinux.a -lsepol
++sefcontext_compile: CFLAGS += $(PCRE_FLAGS)
++sefcontext_compile: LDLIBS += $(PCRE_LIBS) -lsepol ../src/libselinux.a
+ 
+ selinux_restorecon: LDLIBS += -lsepol
+ 

diff --git a/sys-libs/libselinux/libselinux-9999.ebuild b/sys-libs/libselinux/libselinux-2.5.ebuild
similarity index 82%
copy from sys-libs/libselinux/libselinux-9999.ebuild
copy to sys-libs/libselinux/libselinux-2.5.ebuild
index 76ec5a6..ad21b65 100644
--- a/sys-libs/libselinux/libselinux-9999.ebuild
+++ b/sys-libs/libselinux/libselinux-2.5.ebuild
@@ -1,53 +1,45 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
 EAPI="5"
 PYTHON_COMPAT=( python2_7 python3_3 python3_4 python3_5 )
-USE_RUBY="ruby19 ruby20"
+USE_RUBY="ruby20 ruby21 ruby22 ruby23"
 
 # No, I am not calling ruby-ng
 inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
 
 MY_P="${P//_/-}"
 SEPOL_VER="${PV}"
-MY_RELEASEDATE="20150202"
 
 DESCRIPTION="SELinux userland library"
 HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
-
-if [[ ${PV} == 9999 ]] ; then
-	inherit git-r3
-	EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
-	S="${WORKDIR}/${MY_P}/${PN}"
-else
-	SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz"
-	KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
-	S="${WORKDIR}/${MY_P}"
-fi
+SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/${MY_P}.tar.gz"
 
 LICENSE="public-domain"
 SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
 
-IUSE="python ruby static-libs ruby_targets_ruby19 ruby_targets_ruby20"
+IUSE="python ruby static-libs ruby_targets_ruby20 ruby_targets_ruby21 ruby_targets_ruby22 ruby_targets_ruby23"
 
 RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
 	>=dev-libs/libpcre-8.33-r1[static-libs?,${MULTILIB_USEDEP}]
 	python? ( ${PYTHON_DEPS} )
 	ruby? (
-		ruby_targets_ruby19? ( dev-lang/ruby:1.9 )
 		ruby_targets_ruby20? ( dev-lang/ruby:2.0 )
+		ruby_targets_ruby21? ( dev-lang/ruby:2.1 )
+		ruby_targets_ruby22? ( dev-lang/ruby:2.2 )
+		ruby_targets_ruby23? ( dev-lang/ruby:2.3 )
 	)"
 DEPEND="${RDEPEND}
 	virtual/pkgconfig
 	python? ( >=dev-lang/swig-2.0.9 )"
 
+S="${WORKDIR}/${MY_P}"
+
 src_prepare() {
-	if [[ ${PV} != 9999 ]] ; then
-		# If needed for live builds, place them in /etc/portage/patches
-		epatch "${FILESDIR}/0005-use-ruby-include-with-rubylibver.patch"
-		epatch "${FILESDIR}/0006-build-related-fixes-bug-500674.patch"
-	fi
+	epatch "${FILESDIR}/0005-use-ruby-include-with-rubylibver.patch"
+	epatch "${FILESDIR}/0007-build-related-fixes-bug-500674-for-2.5.patch"
 
 	epatch_user
 

diff --git a/sys-libs/libselinux/libselinux-9999.ebuild b/sys-libs/libselinux/libselinux-9999.ebuild
index 76ec5a6..8539807 100644
--- a/sys-libs/libselinux/libselinux-9999.ebuild
+++ b/sys-libs/libselinux/libselinux-9999.ebuild
@@ -1,10 +1,10 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
 EAPI="5"
 PYTHON_COMPAT=( python2_7 python3_3 python3_4 python3_5 )
-USE_RUBY="ruby19 ruby20"
+USE_RUBY="ruby20 ruby21 ruby22 ruby23"
 
 # No, I am not calling ruby-ng
 inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
@@ -29,14 +29,16 @@ fi
 LICENSE="public-domain"
 SLOT="0"
 
-IUSE="python ruby static-libs ruby_targets_ruby19 ruby_targets_ruby20"
+IUSE="python ruby static-libs ruby_targets_ruby20 ruby_targets_ruby21 ruby_targets_ruby22 ruby_targets_ruby23"
 
 RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
 	>=dev-libs/libpcre-8.33-r1[static-libs?,${MULTILIB_USEDEP}]
 	python? ( ${PYTHON_DEPS} )
 	ruby? (
-		ruby_targets_ruby19? ( dev-lang/ruby:1.9 )
 		ruby_targets_ruby20? ( dev-lang/ruby:2.0 )
+		ruby_targets_ruby21? ( dev-lang/ruby:2.1 )
+		ruby_targets_ruby22? ( dev-lang/ruby:2.2 )
+		ruby_targets_ruby23? ( dev-lang/ruby:2.3 )
 	)"
 DEPEND="${RDEPEND}
 	virtual/pkgconfig
@@ -46,7 +48,7 @@ src_prepare() {
 	if [[ ${PV} != 9999 ]] ; then
 		# If needed for live builds, place them in /etc/portage/patches
 		epatch "${FILESDIR}/0005-use-ruby-include-with-rubylibver.patch"
-		epatch "${FILESDIR}/0006-build-related-fixes-bug-500674.patch"
+		epatch "${FILESDIR}/0007-build-related-fixes-bug-500674-for-2.5.patch"
 	fi
 
 	epatch_user

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libselinux/files/, sys-libs/libselinux/

[Jason Zaman]

commit:     e5c183da286b54e8c6d6f7446821972be7a7831c
Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Thu Sep  1 15:59:35 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Sep  1 16:28:25 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5c183da

sys-libs/libselinux: Drop old

Package-Manager: portage-2.2.28

 sys-libs/libselinux/Manifest                       |   5 -
 .../0006-build-related-fixes-bug-500674.patch      |  67 ----------
 sys-libs/libselinux/libselinux-2.2.2-r5.ebuild     |  95 --------------
 sys-libs/libselinux/libselinux-2.3-r2.ebuild       | 145 ---------------------
 sys-libs/libselinux/libselinux-2.4.ebuild          | 145 ---------------------
 5 files changed, 457 deletions(-)

diff --git a/sys-libs/libselinux/Manifest b/sys-libs/libselinux/Manifest
index 6cfaca0..81ff468 100644
--- a/sys-libs/libselinux/Manifest
+++ b/sys-libs/libselinux/Manifest
@@ -1,6 +1 @@
-DIST libselinux-2.2.2.tar.gz 171013 SHA256 30ab363416806da907b86b97f1d31c252473e3200358bb1570f563c8312b5a3e SHA512 1270cba11ec0795a2cea3706ac5547655d0e65dcd2141932000526f3d0c781b6ae114051b2bb53950b8ef207a318335329280b9fc9fd81796e8e4a27cf6ae841 WHIRLPOOL a444e44225ced35b126bbd2e8924aaf5c9f4da7abb9663d20a32b97babe750245c22d75e2238de0958b73295cf582b8aec39e23312886b96417120c600ed37dc
-DIST libselinux-2.3.tar.gz 171254 SHA256 0b1e0b43ecd84a812713d09564019b08e7c205d89072b5cbcd07b052cd8e77b2 SHA512 8cfcd20ab0b43ffbb32389e0498b21e43cde643dcdf471a2354f1ca557f11641d250871ed5e71b9dde4c5f47ac1048746fe514f8f6cfad668fa179ed5136e802 WHIRLPOOL e975a391559aca3f8b251d2aa484cf8e344d09caa43ff56dd929e75a0ad195cf8d9a88b950679f589f4deb74aea0d22be4e7ad00b11eacc080288df0b5ac7ccb
-DIST libselinux-2.4.tar.gz 165931 SHA256 46043091f4c5ba4f43e8d3715f30d665a2d571c9126c1f03945c9ea4ed380f7b SHA512 f7c7ceabcc6ca7bb5cb24fd04b8ea4771af7e509a11ce601fb50d52bd14b291ab6136b7f5193912d02b61b132a2fdd1666f229478598d0b20b99bdea0f5e69d6 WHIRLPOOL d1499818fc885c3bd07785d41466b4ea4bcf56fafe8cbc9bd1a517fe0d2d528b10911fa6df08756ca63aebc411fd69c7f01283685c8a858a81301e203dfd3ec2
 DIST libselinux-2.5.tar.gz 189019 SHA256 94c9e97706280bedcc288f784f67f2b9d3d6136c192b2c9f812115edba58514f SHA512 1c6718aa6fa05c8635427cd6f5a89ce47fb6bb9bd2fec417293122826695d1ebb0e0b86e83711abb5c4fe71c67dce6f2e18745592833d1711f0ab2d01246b8c7 WHIRLPOOL 96192b856d32a82b9b4413137085e69ad52cbf2e0d274603a90d904e9a318a80c83f337aef26f54c685a689972432955f0f9de67949e0bb4f844611df22d3589
-DIST patchbundle-libselinux-2.2.2-r5.tar.gz 2304 SHA256 ad77f499c05ec3b5707cb9db518a891dd9c84ccb77db07e686c87e5799e1802c SHA512 a01db39a7aade27b0127dd0e2f3185587ff4d913b7b1be7beac36dc2d3e1007de5e6bae8a11bc84567385420fff064ba54892d8e113c8fd54ad3c598dde7648d WHIRLPOOL 5886d9de6fcf073d54ca5e0eac3f8b4754c44382e7044debb223f94ecc81ea0e26b7638037eef17eb6f8ce4cc5046a4bb9f93b9b7767480908ee5b2ced0413ac
-DIST patchbundle-libselinux-4.tar.gz 2631 SHA256 91bf43c84ce3d3178c8d21fdcf97380a635fa2465d1611fe4e0e3838a586c78c SHA512 bd2f9762f095e3dbc67e77ee04968cb8e87d460fdf10feff91cb1ce6027e19a660bb57617887e44608d39720e8f95500c451c4b284d58c0a756a04b08fa305c2 WHIRLPOOL 07a6a69d33c46c443907aae2ae4f3646a0360565e28d0a50cbcf81f8b5d8c259812d3e086841fc21c2a8104ce9863fc6c9c1d32e28ea08ebc7baf2d45af3509f

diff --git a/sys-libs/libselinux/files/0006-build-related-fixes-bug-500674.patch b/sys-libs/libselinux/files/0006-build-related-fixes-bug-500674.patch
deleted file mode 100644
index cec91b1..00000000
--- a/sys-libs/libselinux/files/0006-build-related-fixes-bug-500674.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-https://bugs.gentoo.org/500674
-
-random fixes:
- - make sure PCRE_CFLAGS get used
- - use PCRE_LIBS via pkg-config
- - move LDFLAGS to before objects, not after
- - do not hardcode -L$(LIBDIR) (let the toolchain handle it)
- - do not hardcode -I$(INCLUDEDIR) (let the toolchain handle it)
-
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -75,7 +75,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
-           -fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const \
-           -Werror -Wno-aggregate-return -Wno-redundant-decls
- 
--override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
-+override CFLAGS += -I../include $(PCRE_CFLAGS) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
- 
- SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter \
- 		-Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations
-@@ -104,17 +104,17 @@ $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
- 	$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
- 
- $(SWIGSO): $(SWIGLOBJ)
--	$(CC) $(CFLAGS) -shared -o $@ $< -L. -lselinux $(LDFLAGS) -L$(LIBDIR)
-+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux
- 
- $(SWIGRUBYSO): $(SWIGRUBYLOBJ)
--	$(CC) $(CFLAGS) -shared -o $@ $^ -L. -lselinux $(LDFLAGS) -L$(LIBDIR)
-+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux
- 
- $(LIBA): $(OBJS)
- 	$(AR) rcs $@ $^
- 	$(RANLIB) $@
- 
- $(LIBSO): $(LOBJS)
--	$(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
-+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl $(PCRE_LIBS) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
- 	ln -sf $@ $(TARGET) 
- 
- $(LIBPC): $(LIBPC).in ../VERSION
-@@ -127,7 +127,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
- 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
- 
- $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
--	$(CC) $(CFLAGS) -shared -o $@ $^ -L. $(LDFLAGS) -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
-+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBDIR)/libsepol.a
- 
- %.o:  %.c policy.h
- 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
---- a/utils/Makefile
-+++ b/utils/Makefile
-@@ -24,11 +24,12 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
-           -fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const \
-           -Werror -Wno-aggregate-return -Wno-redundant-decls
- override CFLAGS += -I../include -D_GNU_SOURCE $(EMFLAGS)
--LDLIBS += -L../src -lselinux -L$(LIBDIR)
-+LDLIBS += -L../src -lselinux
- 
- TARGETS=$(patsubst %.c,%,$(wildcard *.c))
- 
--sefcontext_compile: LDLIBS += -lpcre
-+sefcontext_compile: CFLAGS += $(PCRE_CFLAGS)
-+sefcontext_compile: LDLIBS += $(PCRE_LIBS)
- 
- ifeq ($(DISABLE_AVC),y)
- 	UNUSED_TARGETS+=compute_av compute_create compute_member compute_relabel

diff --git a/sys-libs/libselinux/libselinux-2.2.2-r5.ebuild b/sys-libs/libselinux/libselinux-2.2.2-r5.ebuild
deleted file mode 100644
index 271cc3a..00000000
--- a/sys-libs/libselinux/libselinux-2.2.2-r5.ebuild
+++ /dev/null
@@ -1,95 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-PYTHON_COMPAT=( python2_7 python3_3 )
-
-inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
-
-SEPOL_VER="2.2"
-
-DESCRIPTION="SELinux userland library"
-HOMEPAGE="http://userspace.selinuxproject.org"
-SRC_URI="http://userspace.selinuxproject.org/releases/20131030/${P}.tar.gz
-	https://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${P}-r5.tar.gz"
-
-LICENSE="public-domain"
-SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE="python static-libs"
-
-RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}
-	>=dev-libs/libpcre-8.30-r2[static-libs?]
-	python? ( ${PYTHON_DEPS} )"
-DEPEND="${RDEPEND}
-	virtual/pkgconfig
-	python? ( >=dev-lang/swig-2.0.9 )"
-
-src_prepare() {
-	EPATCH_MULTI_MSG="Applying libselinux patches ... " \
-	EPATCH_SUFFIX="patch" \
-	EPATCH_SOURCE="${WORKDIR}/gentoo-patches" \
-	EPATCH_FORCE="yes" \
-	epatch
-
-	epatch_user
-
-	multilib_copy_sources
-}
-
-multilib_src_compile() {
-	tc-export PKG_CONFIG RANLIB
-	local PCRE_CFLAGS=$(${PKG_CONFIG} libpcre --cflags)
-	local PCRE_LIBS=$(${PKG_CONFIG} libpcre --libs)
-	export PCRE_{CFLAGS,LIBS}
-
-	emake \
-		AR="$(tc-getAR)" \
-		CC="$(tc-getCC)" \
-		LIBDIR="\$(PREFIX)/$(get_libdir)" \
-		SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
-		LDFLAGS="-fPIC ${LDFLAGS} -pthread" \
-		all
-
-	if multilib_is_native_abi && use python; then
-		building() {
-			python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
-			emake \
-				CC="$(tc-getCC)" \
-				PYINC="-I${PYTHON_INCLUDEDIR}" \
-				PYTHONLIBDIR="${PYTHON_LIBPATH}" \
-				PYPREFIX="${EPYTHON##*/}" \
-				LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
-				pywrap
-		}
-		python_foreach_impl building
-	fi
-}
-
-multilib_src_install() {
-	LIBDIR="\$(PREFIX)/$(get_libdir)" SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
-		emake DESTDIR="${D}" install
-
-	if multilib_is_native_abi && use python; then
-		installation() {
-			LIBDIR="\$(PREFIX)/$(get_libdir)" emake DESTDIR="${D}" install-pywrap
-		}
-		python_foreach_impl installation
-	fi
-
-	use static-libs || rm "${D}"/usr/lib*/*.a
-}
-
-pkg_postinst() {
-	# Fix bug 473502
-	for POLTYPE in ${POLICY_TYPES};
-	do
-		mkdir -p /etc/selinux/${POLTYPE}/contexts/files
-		touch /etc/selinux/${POLTYPE}/contexts/files/file_contexts.local
-		# Fix bug 516608
-		for EXPRFILE in file_contexts file_contexts.homedirs file_contexts.local ; do
-			sefcontext_compile /etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE};
-		done
-	done
-}

diff --git a/sys-libs/libselinux/libselinux-2.3-r2.ebuild b/sys-libs/libselinux/libselinux-2.3-r2.ebuild
deleted file mode 100644
index 5955eca..00000000
--- a/sys-libs/libselinux/libselinux-2.3-r2.ebuild
+++ /dev/null
@@ -1,145 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-PYTHON_COMPAT=( python2_7 python3_3 python3_4 )
-USE_RUBY="ruby19 ruby20"
-
-PATCHBUNDLE="4"
-
-# No, I am not calling ruby-ng
-inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
-
-MY_P="${P//_/-}"
-
-SEPOL_VER="2.3"
-
-DESCRIPTION="SELinux userland library"
-HOMEPAGE="http://userspace.selinuxproject.org"
-SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20140506/${MY_P}.tar.gz
-	https://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PATCHBUNDLE}.tar.gz"
-
-LICENSE="public-domain"
-SLOT="0"
-KEYWORDS="amd64 x86"
-
-IUSE="python ruby static-libs ruby_targets_ruby19 ruby_targets_ruby20"
-
-RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
-	>=dev-libs/libpcre-8.33-r1[static-libs?,${MULTILIB_USEDEP}]
-	python? ( ${PYTHON_DEPS} )
-	ruby? (
-		ruby_targets_ruby19? ( dev-lang/ruby:1.9 )
-		ruby_targets_ruby20? ( dev-lang/ruby:2.0 )
-	)"
-DEPEND="${RDEPEND}
-	virtual/pkgconfig
-	python? ( >=dev-lang/swig-2.0.9 )"
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
-	EPATCH_MULTI_MSG="Applying libselinux patches ... " \
-	EPATCH_SUFFIX="patch" \
-	EPATCH_SOURCE="${WORKDIR}/gentoo-patches" \
-	EPATCH_FORCE="yes" \
-	epatch
-
-	epatch_user
-
-	multilib_copy_sources
-}
-
-multilib_src_compile() {
-	tc-export PKG_CONFIG RANLIB
-	local PCRE_CFLAGS=$(${PKG_CONFIG} libpcre --cflags)
-	local PCRE_LIBS=$(${PKG_CONFIG} libpcre --libs)
-	export PCRE_{CFLAGS,LIBS}
-
-	emake \
-		AR="$(tc-getAR)" \
-		CC="$(tc-getCC)" \
-		LIBDIR="\$(PREFIX)/$(get_libdir)" \
-		SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
-		LDFLAGS="-fPIC ${LDFLAGS} -pthread" \
-		all
-
-	if multilib_is_native_abi && use python; then
-		building() {
-			python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
-			emake \
-				CC="$(tc-getCC)" \
-				PYINC="-I${PYTHON_INCLUDEDIR}" \
-				PYTHONLIBDIR="${PYTHON_LIBPATH}" \
-				PYPREFIX="${EPYTHON##*/}" \
-				LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
-				pywrap
-		}
-		python_foreach_impl building
-	fi
-
-	if multilib_is_native_abi && use ruby; then
-		building() {
-			einfo "Calling rubywrap for ${1}"
-			# Clean up .lo file to force rebuild
-			test -f src/selinuxswig_ruby_wrap.lo && rm src/selinuxswig_ruby_wrap.lo
-			emake \
-				CC="$(tc-getCC)" \
-				RUBY=${1} \
-				RUBYINSTALL=$(${1} -e 'print RbConfig::CONFIG["vendorarchdir"]') \
-				LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
-				rubywrap
-		}
-		for RUBYTARGET in ${USE_RUBY}; do
-			use ruby_targets_${RUBYTARGET} || continue
-
-			building ${RUBYTARGET}
-		done
-	fi
-}
-
-multilib_src_install() {
-	LIBDIR="\$(PREFIX)/$(get_libdir)" SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
-		emake DESTDIR="${D}" install
-
-	if multilib_is_native_abi && use python; then
-		installation() {
-			LIBDIR="\$(PREFIX)/$(get_libdir)" emake DESTDIR="${D}" install-pywrap
-			python_optimize # bug 531638
-		}
-		python_foreach_impl installation
-	fi
-
-	if multilib_is_native_abi && use ruby; then
-		installation() {
-			einfo "Calling install-rubywrap for ${1}"
-			# Forcing (re)build here as otherwise the resulting SO file is used for all ruby versions
-			rm src/selinuxswig_ruby_wrap.lo
-			LIBDIR="\$(PREFIX)/$(get_libdir)" emake DESTDIR="${D}" \
-				RUBY=${1} \
-				RUBYINSTALL="${D}/$(${1} -e 'print RbConfig::CONFIG["vendorarchdir"]')" \
-				install-rubywrap
-		}
-		for RUBYTARGET in ${USE_RUBY}; do
-			use ruby_targets_${RUBYTARGET} || continue
-
-			installation ${RUBYTARGET}
-		done
-	fi
-
-	use static-libs || rm "${D}"/usr/lib*/*.a
-}
-
-pkg_postinst() {
-	# Fix bug 473502
-	for POLTYPE in ${POLICY_TYPES};
-	do
-		mkdir -p /etc/selinux/${POLTYPE}/contexts/files
-		touch /etc/selinux/${POLTYPE}/contexts/files/file_contexts.local
-		# Fix bug 516608
-		for EXPRFILE in file_contexts file_contexts.homedirs file_contexts.local ; do
-			sefcontext_compile /etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE};
-		done
-	done
-}

diff --git a/sys-libs/libselinux/libselinux-2.4.ebuild b/sys-libs/libselinux/libselinux-2.4.ebuild
deleted file mode 100644
index 5889b3e..00000000
--- a/sys-libs/libselinux/libselinux-2.4.ebuild
+++ /dev/null
@@ -1,145 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-PYTHON_COMPAT=( python2_7 python3_3 python3_4 python3_5 )
-USE_RUBY="ruby19 ruby20"
-
-# No, I am not calling ruby-ng
-inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
-
-MY_P="${P//_/-}"
-SEPOL_VER="${PV}"
-
-DESCRIPTION="SELinux userland library"
-HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
-SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/${MY_P}.tar.gz"
-
-LICENSE="public-domain"
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~mips x86"
-
-IUSE="python ruby static-libs ruby_targets_ruby19 ruby_targets_ruby20"
-
-RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
-	>=dev-libs/libpcre-8.33-r1[static-libs?,${MULTILIB_USEDEP}]
-	python? ( ${PYTHON_DEPS} )
-	ruby? (
-		ruby_targets_ruby19? ( dev-lang/ruby:1.9 )
-		ruby_targets_ruby20? ( dev-lang/ruby:2.0 )
-	)"
-DEPEND="${RDEPEND}
-	virtual/pkgconfig
-	python? ( >=dev-lang/swig-2.0.9 )"
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
-	epatch "${FILESDIR}/0005-use-ruby-include-with-rubylibver.patch"
-	epatch "${FILESDIR}/0006-build-related-fixes-bug-500674.patch"
-
-	epatch_user
-
-	multilib_copy_sources
-}
-
-multilib_src_compile() {
-	tc-export PKG_CONFIG RANLIB
-	local PCRE_CFLAGS=$(${PKG_CONFIG} libpcre --cflags)
-	local PCRE_LIBS=$(${PKG_CONFIG} libpcre --libs)
-	export PCRE_{CFLAGS,LIBS}
-
-	emake \
-		AR="$(tc-getAR)" \
-		CC="$(tc-getCC)" \
-		LIBDIR="\$(PREFIX)/$(get_libdir)" \
-		SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
-		LDFLAGS="-fPIC ${LDFLAGS} -pthread" \
-		all
-
-	if multilib_is_native_abi && use python; then
-		building() {
-			python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
-			emake \
-				CC="$(tc-getCC)" \
-				PYINC="-I${PYTHON_INCLUDEDIR}" \
-				PYTHONLIBDIR="${PYTHON_LIBPATH}" \
-				PYPREFIX="${EPYTHON##*/}" \
-				LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
-				LIBDIR="\$(PREFIX)/$(get_libdir)" \
-				SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
-				pywrap
-		}
-		python_foreach_impl building
-	fi
-
-	if multilib_is_native_abi && use ruby; then
-		building() {
-			einfo "Calling rubywrap for ${1}"
-			# Clean up .lo file to force rebuild
-			rm -f src/selinuxswig_ruby_wrap.lo || die
-			emake \
-				CC="$(tc-getCC)" \
-				RUBY=${1} \
-				RUBYINSTALL=$(${1} -e 'print RbConfig::CONFIG["vendorarchdir"]') \
-				LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
-				LIBDIR="\$(PREFIX)/$(get_libdir)" \
-				SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
-				rubywrap
-		}
-		for RUBYTARGET in ${USE_RUBY}; do
-			use ruby_targets_${RUBYTARGET} || continue
-
-			building ${RUBYTARGET}
-		done
-	fi
-}
-
-multilib_src_install() {
-	LIBDIR="\$(PREFIX)/$(get_libdir)" SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
-		emake DESTDIR="${D}" install
-
-	if multilib_is_native_abi && use python; then
-		installation() {
-			LIBDIR="\$(PREFIX)/$(get_libdir)" emake DESTDIR="${D}" install-pywrap
-			python_optimize # bug 531638
-		}
-		python_foreach_impl installation
-	fi
-
-	if multilib_is_native_abi && use ruby; then
-		installation() {
-			einfo "Calling install-rubywrap for ${1}"
-			# Forcing (re)build here as otherwise the resulting SO file is used for all ruby versions
-			rm src/selinuxswig_ruby_wrap.lo
-			LIBDIR="\$(PREFIX)/$(get_libdir)" emake DESTDIR="${D}" \
-				RUBY=${1} \
-				RUBYINSTALL="${D}/$(${1} -e 'print RbConfig::CONFIG["vendorarchdir"]')" \
-				install-rubywrap
-		}
-		for RUBYTARGET in ${USE_RUBY}; do
-			use ruby_targets_${RUBYTARGET} || continue
-
-			installation ${RUBYTARGET}
-		done
-	fi
-
-	use static-libs || rm "${D}"/usr/lib*/*.a || die
-}
-
-pkg_postinst() {
-	# Fix bug 473502
-	for POLTYPE in ${POLICY_TYPES};
-	do
-		mkdir -p /etc/selinux/${POLTYPE}/contexts/files || die
-		touch /etc/selinux/${POLTYPE}/contexts/files/file_contexts.local || die
-		# Fix bug 516608
-		for EXPRFILE in file_contexts file_contexts.homedirs file_contexts.local ; do
-			if [[ -f ${EXPRFILE} ]]; then
-				sefcontext_compile /etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE} \
-				|| die "Failed to recompile contexts"
-			fi
-		done
-	done
-}

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libselinux/files/, sys-libs/libselinux/

[Jason Zaman]

commit:     51e0f47c21ea17e9dd93961e4bc1aa560927865a
Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 15 09:30:39 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Sep 15 09:45:05 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51e0f47c

sys-libs/libselinux: backport patches to 2.5-r1

Avoid mounting /proc outside of selinux_init_load_policy()

Fix compat issue with swig 3.0.10
https://bugs.gentoo.org/587712

Package-Manager: portage-2.2.28

 ...nux-2.5-0001-only-mount-proc-if-necessary.patch |  54 +++++++++
 ...ing-proc-outside-of-selinux_init_load_pol.patch | 129 +++++++++++++++++++++
 ...5-0003-Change-the-location-of-_selinux.so.patch |  44 +++++++
 ...elinux-9999.ebuild => libselinux-2.5-r1.ebuild} |   6 +-
 sys-libs/libselinux/libselinux-9999.ebuild         |   2 +-
 5 files changed, 233 insertions(+), 2 deletions(-)

diff --git a/sys-libs/libselinux/files/libselinux-2.5-0001-only-mount-proc-if-necessary.patch b/sys-libs/libselinux/files/libselinux-2.5-0001-only-mount-proc-if-necessary.patch
new file mode 100644
index 00000000..dfa6a0f
--- /dev/null
+++ b/sys-libs/libselinux/files/libselinux-2.5-0001-only-mount-proc-if-necessary.patch
@@ -0,0 +1,54 @@
+From 5a8d8c499b2ef80eaa7b5abe2ec68d7101e613bf Mon Sep 17 00:00:00 2001
+From: Stephen Smalley <sds@tycho.nsa.gov>
+Date: Mon, 29 Feb 2016 10:10:55 -0500
+Subject: [PATCH] libselinux: only mount /proc if necessary
+
+Commit 9df498884665d ("libselinux: Mount procfs before checking
+/proc/filesystems") changed selinuxfs_exists() to always try
+mounting /proc before reading /proc/filesystems.  However, this is
+unnecessary if /proc is already mounted and can produce avc denials
+if the process is not allowed to perform the mount.  Check first
+to see if /proc is already present and only try the mount if it is not.
+
+Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
+---
+ libselinux/src/init.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/libselinux/src/init.c b/libselinux/src/init.c
+index 3db4de0..3530594 100644
+--- libselinux/src/init.c
++++ libselinux/src/init.c
+@@ -12,6 +12,7 @@
+ #include <stdint.h>
+ #include <limits.h>
+ #include <sys/mount.h>
++#include <linux/magic.h>
+ 
+ #include "dso.h"
+ #include "policy.h"
+@@ -57,13 +58,19 @@ static int verify_selinuxmnt(const char *mnt)
+ 
+ int selinuxfs_exists(void)
+ {
+-	int exists = 0, mnt_rc = 0;
++	int exists = 0, mnt_rc = -1, rc;
++	struct statfs sb;
+ 	FILE *fp = NULL;
+ 	char *buf = NULL;
+ 	size_t len;
+ 	ssize_t num;
+ 
+-	mnt_rc = mount("proc", "/proc", "proc", 0, 0);
++	do {
++		rc = statfs("/proc", &sb);
++	} while (rc < 0 && errno == EINTR);
++
++	if (rc == 0 && ((uint32_t)sb.f_type != (uint32_t)PROC_SUPER_MAGIC))
++		mnt_rc = mount("proc", "/proc", "proc", 0, 0);
+ 
+ 	fp = fopen("/proc/filesystems", "r");
+ 	if (!fp) {
+-- 
+2.7.3
+

diff --git a/sys-libs/libselinux/files/libselinux-2.5-0002-Avoid-mounting-proc-outside-of-selinux_init_load_pol.patch b/sys-libs/libselinux/files/libselinux-2.5-0002-Avoid-mounting-proc-outside-of-selinux_init_load_pol.patch
new file mode 100644
index 00000000..c811450
--- /dev/null
+++ b/sys-libs/libselinux/files/libselinux-2.5-0002-Avoid-mounting-proc-outside-of-selinux_init_load_pol.patch
@@ -0,0 +1,129 @@
+From 32773a99b1f0cf2b61b5f5a33359684b18aab1ed Mon Sep 17 00:00:00 2001
+From: Stephen Smalley <sds@tycho.nsa.gov>
+Date: Fri, 13 May 2016 11:59:47 -0400
+Subject: [PATCH] Avoid mounting /proc outside of selinux_init_load_policy().
+
+Temporarily mounting /proc within selinuxfs_exists() can cause
+problems since it can be called by a libselinux constructor and
+therefore may be invoked by every program linked with libselinux.
+Since this was only motivated originally by a situation where
+selinuxfs_exists() was called from selinux_init_load_policy()
+before /proc was mounted, fix it in selinux_init_load_policy() instead.
+
+This reverts commit 5a8d8c499b2ef80eaa7b5abe2ec68d7101e613bf
+("libselinux: only mount /proc if necessary") and
+commit 9df498884665d79474b79f0f30d1cd67df11bd3e
+("libselinux: Mount procfs before checking /proc/filesystems").
+
+Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
+---
+ libselinux/src/init.c        | 27 +++------------------------
+ libselinux/src/load_policy.c | 15 ++++++++++-----
+ 2 files changed, 13 insertions(+), 29 deletions(-)
+
+diff --git a/libselinux/src/init.c b/libselinux/src/init.c
+index 3530594..3c687a2 100644
+--- libselinux/src/init.c
++++ libselinux/src/init.c
+@@ -11,8 +11,6 @@
+ #include <sys/vfs.h>
+ #include <stdint.h>
+ #include <limits.h>
+-#include <sys/mount.h>
+-#include <linux/magic.h>
+ 
+ #include "dso.h"
+ #include "policy.h"
+@@ -58,26 +56,15 @@ static int verify_selinuxmnt(const char *mnt)
+ 
+ int selinuxfs_exists(void)
+ {
+-	int exists = 0, mnt_rc = -1, rc;
+-	struct statfs sb;
++	int exists = 0;
+ 	FILE *fp = NULL;
+ 	char *buf = NULL;
+ 	size_t len;
+ 	ssize_t num;
+ 
+-	do {
+-		rc = statfs("/proc", &sb);
+-	} while (rc < 0 && errno == EINTR);
+-
+-	if (rc == 0 && ((uint32_t)sb.f_type != (uint32_t)PROC_SUPER_MAGIC))
+-		mnt_rc = mount("proc", "/proc", "proc", 0, 0);
+-
+ 	fp = fopen("/proc/filesystems", "r");
+-	if (!fp) {
+-		exists = 1; /* Fail as if it exists */
+-		goto out;
+-	}
+-
++	if (!fp)
++		return 1; /* Fail as if it exists */
+ 	__fsetlocking(fp, FSETLOCKING_BYCALLER);
+ 
+ 	num = getline(&buf, &len, fp);
+@@ -91,14 +78,6 @@ int selinuxfs_exists(void)
+ 
+ 	free(buf);
+ 	fclose(fp);
+-
+-out:
+-#ifndef MNT_DETACH
+-#define MNT_DETACH 2
+-#endif
+-	if (mnt_rc == 0)
+-		umount2("/proc", MNT_DETACH);
+-
+ 	return exists;
+ }
+ hidden_def(selinuxfs_exists)
+diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
+index 21ee58b..4f39fc7 100644
+--- libselinux/src/load_policy.c
++++ libselinux/src/load_policy.c
+@@ -17,6 +17,10 @@
+ #include "policy.h"
+ #include <limits.h>
+ 
++#ifndef MNT_DETACH
++#define MNT_DETACH 2
++#endif
++
+ int security_load_policy(void *data, size_t len)
+ {
+ 	char path[PATH_MAX];
+@@ -348,11 +352,6 @@ int selinux_init_load_policy(int *enforce)
+ 		fclose(cfg);
+ 		free(buf);
+ 	}
+-#ifndef MNT_DETACH
+-#define MNT_DETACH 2
+-#endif
+-	if (rc == 0)
+-		umount2("/proc", MNT_DETACH);
+ 
+ 	/* 
+ 	 * Determine the final desired mode.
+@@ -400,11 +399,17 @@ int selinux_init_load_policy(int *enforce)
+ 			/* Only emit this error if selinux was not disabled */
+ 			fprintf(stderr, "Mount failed for selinuxfs on %s:  %s\n", SELINUXMNT, strerror(errno));
+ 		}
++
++		if (rc == 0)
++			umount2("/proc", MNT_DETACH);
+                 
+ 		goto noload;
+ 	}
+ 	set_selinuxmnt(mntpoint);
+ 
++	if (rc == 0)
++		umount2("/proc", MNT_DETACH);
++
+ 	/*
+ 	 * Note:  The following code depends on having selinuxfs 
+ 	 * already mounted and selinuxmnt set above.
+-- 
+2.7.3
+

diff --git a/sys-libs/libselinux/files/libselinux-2.5-0003-Change-the-location-of-_selinux.so.patch b/sys-libs/libselinux/files/libselinux-2.5-0003-Change-the-location-of-_selinux.so.patch
new file mode 100644
index 00000000..542acfd
--- /dev/null
+++ b/sys-libs/libselinux/files/libselinux-2.5-0003-Change-the-location-of-_selinux.so.patch
@@ -0,0 +1,44 @@
+From a9604c30a5e2f71007d31aa6ba41cf7b95d94822 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Mon, 27 Jun 2016 10:46:13 +0200
+Subject: [PATCH] libselinux: Change the location of _selinux.so
+
+There was a change in swig-3.10 to use importlib instead of imp. While
+the implementation with imp looked for _selinux.so also into the same directory
+as __init__.py is, a new module with importlib searchs only standard paths.
+It means that we need to move _selinux.so from $(PYLIBDIR)/site-packages/selinux/
+to $(PYLIBDIR)/site-packages/.
+
+Fixes:
+>>> import selinux
+Traceback (most recent call last):
+  File "<stdin>", line 1, in <module>
+  File "/usr/lib64/python2.7/site-packages/selinux/__init__.py", line 21, in <module>
+    _selinux = swig_import_helper()
+  File "/usr/lib64/python2.7/site-packages/selinux/__init__.py", line 20, in swig_import_helper
+    return importlib.import_module('_selinux')
+  File "/usr/lib64/python2.7/importlib/__init__.py", line 37, in import_module
+    __import__(name)
+ImportError: No module named _selinux
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ libselinux/src/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
+index d94163e..37d01af 100644
+--- libselinux/src/Makefile
++++ libselinux/src/Makefile
+@@ -156,7 +156,7 @@ install: all
+ 
+ install-pywrap: pywrap
+ 	test -d $(PYLIBDIR)/site-packages/selinux || install -m 755 -d $(PYLIBDIR)/site-packages/selinux
+-	install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/selinux/_selinux.so
++	install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/_selinux.so
+ 	install -m 755 $(AUDIT2WHYSO) $(PYLIBDIR)/site-packages/selinux/audit2why.so
+ 	install -m 644 $(SWIGPYOUT) $(PYLIBDIR)/site-packages/selinux/__init__.py
+ 
+-- 
+2.7.3
+

diff --git a/sys-libs/libselinux/libselinux-9999.ebuild b/sys-libs/libselinux/libselinux-2.5-r1.ebuild
similarity index 93%
copy from sys-libs/libselinux/libselinux-9999.ebuild
copy to sys-libs/libselinux/libselinux-2.5-r1.ebuild
index e686746..51e5c29 100644
--- a/sys-libs/libselinux/libselinux-9999.ebuild
+++ b/sys-libs/libselinux/libselinux-2.5-r1.ebuild
@@ -11,7 +11,7 @@ inherit multilib python-r1 toolchain-funcs multilib-minimal
 
 MY_P="${P//_/-}"
 SEPOL_VER="${PV}"
-MY_RELEASEDATE="20150202"
+MY_RELEASEDATE="20160223"
 
 DESCRIPTION="SELinux userland library"
 HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
@@ -48,6 +48,10 @@ src_prepare() {
 		# If needed for live builds, place them in /etc/portage/patches
 		eapply "${FILESDIR}/0005-use-ruby-include-with-rubylibver.patch"
 		eapply "${FILESDIR}/0007-build-related-fixes-bug-500674-for-2.5.patch"
+
+		eapply "${FILESDIR}/libselinux-2.5-0001-only-mount-proc-if-necessary.patch"
+		eapply "${FILESDIR}/libselinux-2.5-0002-Avoid-mounting-proc-outside-of-selinux_init_load_pol.patch"
+		eapply "${FILESDIR}/libselinux-2.5-0003-Change-the-location-of-_selinux.so.patch"
 	fi
 
 	eapply_user

diff --git a/sys-libs/libselinux/libselinux-9999.ebuild b/sys-libs/libselinux/libselinux-9999.ebuild
index e686746..54de3c9 100644
--- a/sys-libs/libselinux/libselinux-9999.ebuild
+++ b/sys-libs/libselinux/libselinux-9999.ebuild
@@ -11,7 +11,7 @@ inherit multilib python-r1 toolchain-funcs multilib-minimal
 
 MY_P="${P//_/-}"
 SEPOL_VER="${PV}"
-MY_RELEASEDATE="20150202"
+MY_RELEASEDATE="20160223"
 
 DESCRIPTION="SELinux userland library"
 HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libselinux/files/, sys-libs/libselinux/

[Jason Zaman]

commit:     d2e6a0825a951d92abe34fa7703ba89057eae912
Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Sat Oct  1 03:26:58 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Oct  3 07:02:28 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2e6a082

sys-libs/libselinux: bump to 2.6-rc1

Package-Manager: portage-2.3.0

 sys-libs/libselinux/Manifest                       |  1 +
 ...2.6-0005-use-ruby-include-with-rubylibver.patch | 39 ++++++++++
 ...x-2.6-0007-build-related-fixes-bug-500674.patch | 91 ++++++++++++++++++++++
 ...linux-9999.ebuild => libselinux-2.6_rc1.ebuild} | 45 +++++------
 sys-libs/libselinux/libselinux-9999.ebuild         | 45 +++++------
 sys-libs/libselinux/metadata.xml                   |  3 +
 6 files changed, 180 insertions(+), 44 deletions(-)

diff --git a/sys-libs/libselinux/Manifest b/sys-libs/libselinux/Manifest
index 81ff468..c2a779e 100644
--- a/sys-libs/libselinux/Manifest
+++ b/sys-libs/libselinux/Manifest
@@ -1 +1,2 @@
 DIST libselinux-2.5.tar.gz 189019 SHA256 94c9e97706280bedcc288f784f67f2b9d3d6136c192b2c9f812115edba58514f SHA512 1c6718aa6fa05c8635427cd6f5a89ce47fb6bb9bd2fec417293122826695d1ebb0e0b86e83711abb5c4fe71c67dce6f2e18745592833d1711f0ab2d01246b8c7 WHIRLPOOL 96192b856d32a82b9b4413137085e69ad52cbf2e0d274603a90d904e9a318a80c83f337aef26f54c685a689972432955f0f9de67949e0bb4f844611df22d3589
+DIST libselinux-2.6-rc1.tar.gz 203034 SHA256 4ef2bbb1bdb1d0c43ed14b237066364b07bd1d2ae0a16dcd475bbf7793723928 SHA512 72a8a1d244fea3902cecff69fda48c1bc8d7ce1789902126565272782105bd43205e517af8a4cac5cc5cab47c48f0cd3b287c42a408ae3889b51b19b0b38632b WHIRLPOOL b9012b74a3f073e25b63d83003194f23f7177cdd0e33443de87ff7491e0ecffa72eea07be04247cafd3045773427dbf98f592e02346c8fa32bc161be624cc2b4

diff --git a/sys-libs/libselinux/files/libselinux-2.6-0005-use-ruby-include-with-rubylibver.patch b/sys-libs/libselinux/files/libselinux-2.6-0005-use-ruby-include-with-rubylibver.patch
new file mode 100644
index 00000000..a2f704d
--- /dev/null
+++ b/sys-libs/libselinux/files/libselinux-2.6-0005-use-ruby-include-with-rubylibver.patch
@@ -0,0 +1,39 @@
+From 024a8628e698e8c90f7876a35c820f30c6957031 Mon Sep 17 00:00:00 2001
+From: Jason Zaman <jason@perfinion.com>
+Date: Sun, 2 Oct 2016 02:06:35 +0800
+Subject: [PATCH] libselinux: versioned ruby pkg-config and query vendorarchdir
+ properly
+
+Gentoo and Arch have pkg-config entries for "ruby-$(RUBYLIBVER)" but not
+for "ruby". Check if that exists first then fall back to plain ruby if
+it does not.
+
+The ruby install paths were incorrect. Fedora 20 installed to
+/usr/lib64/ruby/vendor_ruby/, Arch needs it to be vendor_ruby as well,
+site_ruby does not work. Thanks to Nicolas Iooss for the correct way to
+query for the path.
+
+Signed-off-by: Jason Zaman <jason@perfinion.com>
+---
+ libselinux/src/Makefile | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
+index 7169230..f9e3de1 100644
+--- libselinux/src/Makefile
++++ libselinux/src/Makefile
+@@ -16,9 +16,8 @@ PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_i
+ PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
+ PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
+ RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
+-RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM')
+-RUBYINC ?= $(shell $(PKG_CONFIG) --cflags ruby)
+-RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
++RUBYINC ?= $(shell $(PKG_CONFIG) --exists ruby-$(RUBYLIBVER) && $(PKG_CONFIG) --cflags ruby-$(RUBYLIBVER) || $(PKG_CONFIG) --cflags ruby)
++RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
+ LIBBASE ?= $(shell basename $(LIBDIR))
+ 
+ VERSION = $(shell cat ../VERSION)
+-- 
+2.7.3
+

diff --git a/sys-libs/libselinux/files/libselinux-2.6-0007-build-related-fixes-bug-500674.patch b/sys-libs/libselinux/files/libselinux-2.6-0007-build-related-fixes-bug-500674.patch
new file mode 100644
index 00000000..83596e8
--- /dev/null
+++ b/sys-libs/libselinux/files/libselinux-2.6-0007-build-related-fixes-bug-500674.patch
@@ -0,0 +1,91 @@
+https://bugs.gentoo.org/500674
+
+random fixes:
+- make sure PCRE_CFLAGS get used
+- use PCRE_LIBS via pkg-config
+- move LDFLAGS to before objects, not after
+- do not hardcode -L$(LIBDIR) (let the toolchain handle it)
+- do not hardcode -I$(INCLUDEDIR) (let the toolchain handle it)
+
+diff --git a/libselinux/Makefile b/libselinux/Makefile
+index baa0db3..4dc5aa0 100644
+--- libselinux/Makefile
++++ libselinux/Makefile
+@@ -1,5 +1,6 @@
+ SUBDIRS = src include utils man
+ 
++PKG_CONFIG ?= pkg-config
+ DISABLE_SETRANS ?= n
+ DISABLE_RPM ?= n
+ ANDROID_HOST ?= n
+@@ -20,10 +21,11 @@ export DISABLE_SETRANS DISABLE_RPM DISABLE_FLAGS ANDROID_HOST
+ 
+ USE_PCRE2 ?= n
+ ifeq ($(USE_PCRE2),y)
+-	PCRE_CFLAGS := -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8
+-	PCRE_LDFLAGS := -lpcre2-8
++	PCRE_CFLAGS := -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 $(shell $(PKG_CONFIG) --cflags libpcre2-8)
++	PCRE_LDFLAGS := $(shell $(PKG_CONFIG) --libs libpcre2-8)
+ else
+-	PCRE_LDFLAGS := -lpcre
++	PCRE_CFLAGS := $(shell $(PKG_CONFIG) --cflags libpcre)
++	PCRE_LDFLAGS := $(shell $(PKG_CONFIG) --libs libpcre)
+ endif
+ export PCRE_CFLAGS PCRE_LDFLAGS
+ 
+diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
+index 13501cd..42cb2f6 100644
+--- libselinux/src/Makefile
++++ libselinux/src/Makefile
+@@ -67,7 +67,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
+ 
+ PCRE_LDFLAGS ?= -lpcre
+ 
+-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS)
++override CFLAGS += -I../include -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS)
+ 
+ SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter \
+ 		-Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations
+@@ -107,17 +107,17 @@ $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
+ 	$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
+ 
+ $(SWIGSO): $(SWIGLOBJ)
+-	$(CC) $(CFLAGS) -shared -o $@ $< -L. -lselinux $(LDFLAGS) -L$(LIBDIR)
++	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux
+ 
+ $(SWIGRUBYSO): $(SWIGRUBYLOBJ)
+-	$(CC) $(CFLAGS) -shared -o $@ $^ -L. -lselinux $(LDFLAGS) -L$(LIBDIR)
++	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux
+ 
+ $(LIBA): $(OBJS)
+ 	$(AR) rcs $@ $^
+ 	$(RANLIB) $@
+ 
+ $(LIBSO): $(LOBJS)
+-	$(CC) $(CFLAGS) -shared -o $@ $^ $(PCRE_LDFLAGS) -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
++	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ $(PCRE_LDFLAGS) -ldl -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ 	ln -sf $@ $(TARGET) 
+ 
+ $(LIBPC): $(LIBPC).in ../VERSION
+@@ -130,7 +130,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
+ 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
+ 
+ $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
+-	$(CC) $(CFLAGS) -shared -o $@ $^ -L. $(LDFLAGS) -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
++	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBDIR)/libsepol.a
+ 
+ %.o:  %.c policy.h
+ 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
+diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
+index e56a953..6fd205a 100644
+--- libselinux/utils/Makefile
++++ libselinux/utils/Makefile
+@@ -25,7 +25,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
+           -fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const \
+           -Werror -Wno-aggregate-return -Wno-redundant-decls
+ override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS)
+-LDLIBS += -L../src -lselinux -L$(LIBDIR)
++LDLIBS += -L../src -lselinux
+ PCRE_LDFLAGS ?= -lpcre
+ 
+ ifeq ($(ANDROID_HOST),y)

diff --git a/sys-libs/libselinux/libselinux-9999.ebuild b/sys-libs/libselinux/libselinux-2.6_rc1.ebuild
similarity index 75%
copy from sys-libs/libselinux/libselinux-9999.ebuild
copy to sys-libs/libselinux/libselinux-2.6_rc1.ebuild
index 54de3c9..84092cb 100644
--- a/sys-libs/libselinux/libselinux-9999.ebuild
+++ b/sys-libs/libselinux/libselinux-2.6_rc1.ebuild
@@ -11,7 +11,7 @@ inherit multilib python-r1 toolchain-funcs multilib-minimal
 
 MY_P="${P//_/-}"
 SEPOL_VER="${PV}"
-MY_RELEASEDATE="20160223"
+MY_RELEASEDATE="20160930"
 
 DESCRIPTION="SELinux userland library"
 HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
@@ -29,10 +29,11 @@ fi
 LICENSE="public-domain"
 SLOT="0"
 
-IUSE="python ruby static-libs ruby_targets_ruby21 ruby_targets_ruby22 ruby_targets_ruby23"
+IUSE="pcre2 python ruby static-libs ruby_targets_ruby21 ruby_targets_ruby22 ruby_targets_ruby23"
 
-RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
-	>=dev-libs/libpcre-8.33-r1:=[static-libs?,${MULTILIB_USEDEP}]
+RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}:=[${MULTILIB_USEDEP}]
+	!pcre2? ( >=dev-libs/libpcre-8.33-r1:=[static-libs?,${MULTILIB_USEDEP}] )
+	pcre2? ( dev-libs/libpcre2:=[static-libs?,${MULTILIB_USEDEP}] )
 	python? ( ${PYTHON_DEPS} )
 	ruby? (
 		ruby_targets_ruby21? ( dev-lang/ruby:2.1 )
@@ -46,8 +47,8 @@ DEPEND="${RDEPEND}
 src_prepare() {
 	if [[ ${PV} != 9999 ]] ; then
 		# If needed for live builds, place them in /etc/portage/patches
-		eapply "${FILESDIR}/0005-use-ruby-include-with-rubylibver.patch"
-		eapply "${FILESDIR}/0007-build-related-fixes-bug-500674-for-2.5.patch"
+		eapply "${FILESDIR}/libselinux-2.6-0005-use-ruby-include-with-rubylibver.patch"
+		eapply "${FILESDIR}/libselinux-2.6-0007-build-related-fixes-bug-500674.patch"
 	fi
 
 	eapply_user
@@ -56,30 +57,24 @@ src_prepare() {
 }
 
 multilib_src_compile() {
-	tc-export PKG_CONFIG RANLIB
-	local PCRE_CFLAGS=$(${PKG_CONFIG} libpcre --cflags)
-	local PCRE_LIBS=$(${PKG_CONFIG} libpcre --libs)
-	export PCRE_{CFLAGS,LIBS}
+	tc-export AR CC PKG_CONFIG RANLIB
 
 	emake \
-		AR="$(tc-getAR)" \
-		CC="$(tc-getCC)" \
 		LIBDIR="\$(PREFIX)/$(get_libdir)" \
 		SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
 		LDFLAGS="-fPIC ${LDFLAGS} -pthread" \
+		USE_PCRE2="$(usex pcre2 y n)" \
 		all
 
 	if multilib_is_native_abi && use python; then
 		building() {
 			python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
 			emake \
-				CC="$(tc-getCC)" \
 				PYINC="-I${PYTHON_INCLUDEDIR}" \
-				PYTHONLIBDIR="${PYTHON_LIBPATH}" \
-				PYPREFIX="${EPYTHON##*/}" \
 				LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
 				LIBDIR="\$(PREFIX)/$(get_libdir)" \
 				SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
+				USE_PCRE2="$(usex pcre2 y n)" \
 				pywrap
 		}
 		python_foreach_impl building
@@ -91,12 +86,11 @@ multilib_src_compile() {
 			# Clean up .lo file to force rebuild
 			rm -f src/selinuxswig_ruby_wrap.lo || die
 			emake \
-				CC="$(tc-getCC)" \
 				RUBY=${1} \
-				RUBYINSTALL=$(${1} -e 'print RbConfig::CONFIG["vendorarchdir"]') \
 				LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
 				LIBDIR="\$(PREFIX)/$(get_libdir)" \
 				SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
+				USE_PCRE2="$(usex pcre2 y n)" \
 				rubywrap
 		}
 		for RUBYTARGET in ${USE_RUBY}; do
@@ -108,12 +102,18 @@ multilib_src_compile() {
 }
 
 multilib_src_install() {
-	LIBDIR="\$(PREFIX)/$(get_libdir)" SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
-		emake DESTDIR="${D}" install
+		emake DESTDIR="${D}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)" \
+			SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
+			USE_PCRE2="$(usex pcre2 y n)" \
+			install
 
 	if multilib_is_native_abi && use python; then
 		installation() {
-			LIBDIR="\$(PREFIX)/$(get_libdir)" emake DESTDIR="${D}" install-pywrap
+			emake DESTDIR="${D}" \
+				LIBDIR="\$(PREFIX)/$(get_libdir)" \
+				USE_PCRE2="$(usex pcre2 y n)" \
+				install-pywrap
 			python_optimize # bug 531638
 		}
 		python_foreach_impl installation
@@ -124,9 +124,10 @@ multilib_src_install() {
 			einfo "Calling install-rubywrap for ${1}"
 			# Forcing (re)build here as otherwise the resulting SO file is used for all ruby versions
 			rm src/selinuxswig_ruby_wrap.lo
-			LIBDIR="\$(PREFIX)/$(get_libdir)" emake DESTDIR="${D}" \
+			emake DESTDIR="${D}" \
+				LIBDIR="\$(PREFIX)/$(get_libdir)" \
 				RUBY=${1} \
-				RUBYINSTALL="${D}/$(${1} -e 'print RbConfig::CONFIG["vendorarchdir"]')" \
+				USE_PCRE2="$(usex pcre2 y n)" \
 				install-rubywrap
 		}
 		for RUBYTARGET in ${USE_RUBY}; do

diff --git a/sys-libs/libselinux/libselinux-9999.ebuild b/sys-libs/libselinux/libselinux-9999.ebuild
index 54de3c9..84092cb 100644
--- a/sys-libs/libselinux/libselinux-9999.ebuild
+++ b/sys-libs/libselinux/libselinux-9999.ebuild
@@ -11,7 +11,7 @@ inherit multilib python-r1 toolchain-funcs multilib-minimal
 
 MY_P="${P//_/-}"
 SEPOL_VER="${PV}"
-MY_RELEASEDATE="20160223"
+MY_RELEASEDATE="20160930"
 
 DESCRIPTION="SELinux userland library"
 HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
@@ -29,10 +29,11 @@ fi
 LICENSE="public-domain"
 SLOT="0"
 
-IUSE="python ruby static-libs ruby_targets_ruby21 ruby_targets_ruby22 ruby_targets_ruby23"
+IUSE="pcre2 python ruby static-libs ruby_targets_ruby21 ruby_targets_ruby22 ruby_targets_ruby23"
 
-RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
-	>=dev-libs/libpcre-8.33-r1:=[static-libs?,${MULTILIB_USEDEP}]
+RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}:=[${MULTILIB_USEDEP}]
+	!pcre2? ( >=dev-libs/libpcre-8.33-r1:=[static-libs?,${MULTILIB_USEDEP}] )
+	pcre2? ( dev-libs/libpcre2:=[static-libs?,${MULTILIB_USEDEP}] )
 	python? ( ${PYTHON_DEPS} )
 	ruby? (
 		ruby_targets_ruby21? ( dev-lang/ruby:2.1 )
@@ -46,8 +47,8 @@ DEPEND="${RDEPEND}
 src_prepare() {
 	if [[ ${PV} != 9999 ]] ; then
 		# If needed for live builds, place them in /etc/portage/patches
-		eapply "${FILESDIR}/0005-use-ruby-include-with-rubylibver.patch"
-		eapply "${FILESDIR}/0007-build-related-fixes-bug-500674-for-2.5.patch"
+		eapply "${FILESDIR}/libselinux-2.6-0005-use-ruby-include-with-rubylibver.patch"
+		eapply "${FILESDIR}/libselinux-2.6-0007-build-related-fixes-bug-500674.patch"
 	fi
 
 	eapply_user
@@ -56,30 +57,24 @@ src_prepare() {
 }
 
 multilib_src_compile() {
-	tc-export PKG_CONFIG RANLIB
-	local PCRE_CFLAGS=$(${PKG_CONFIG} libpcre --cflags)
-	local PCRE_LIBS=$(${PKG_CONFIG} libpcre --libs)
-	export PCRE_{CFLAGS,LIBS}
+	tc-export AR CC PKG_CONFIG RANLIB
 
 	emake \
-		AR="$(tc-getAR)" \
-		CC="$(tc-getCC)" \
 		LIBDIR="\$(PREFIX)/$(get_libdir)" \
 		SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
 		LDFLAGS="-fPIC ${LDFLAGS} -pthread" \
+		USE_PCRE2="$(usex pcre2 y n)" \
 		all
 
 	if multilib_is_native_abi && use python; then
 		building() {
 			python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
 			emake \
-				CC="$(tc-getCC)" \
 				PYINC="-I${PYTHON_INCLUDEDIR}" \
-				PYTHONLIBDIR="${PYTHON_LIBPATH}" \
-				PYPREFIX="${EPYTHON##*/}" \
 				LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
 				LIBDIR="\$(PREFIX)/$(get_libdir)" \
 				SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
+				USE_PCRE2="$(usex pcre2 y n)" \
 				pywrap
 		}
 		python_foreach_impl building
@@ -91,12 +86,11 @@ multilib_src_compile() {
 			# Clean up .lo file to force rebuild
 			rm -f src/selinuxswig_ruby_wrap.lo || die
 			emake \
-				CC="$(tc-getCC)" \
 				RUBY=${1} \
-				RUBYINSTALL=$(${1} -e 'print RbConfig::CONFIG["vendorarchdir"]') \
 				LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
 				LIBDIR="\$(PREFIX)/$(get_libdir)" \
 				SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
+				USE_PCRE2="$(usex pcre2 y n)" \
 				rubywrap
 		}
 		for RUBYTARGET in ${USE_RUBY}; do
@@ -108,12 +102,18 @@ multilib_src_compile() {
 }
 
 multilib_src_install() {
-	LIBDIR="\$(PREFIX)/$(get_libdir)" SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
-		emake DESTDIR="${D}" install
+		emake DESTDIR="${D}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)" \
+			SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
+			USE_PCRE2="$(usex pcre2 y n)" \
+			install
 
 	if multilib_is_native_abi && use python; then
 		installation() {
-			LIBDIR="\$(PREFIX)/$(get_libdir)" emake DESTDIR="${D}" install-pywrap
+			emake DESTDIR="${D}" \
+				LIBDIR="\$(PREFIX)/$(get_libdir)" \
+				USE_PCRE2="$(usex pcre2 y n)" \
+				install-pywrap
 			python_optimize # bug 531638
 		}
 		python_foreach_impl installation
@@ -124,9 +124,10 @@ multilib_src_install() {
 			einfo "Calling install-rubywrap for ${1}"
 			# Forcing (re)build here as otherwise the resulting SO file is used for all ruby versions
 			rm src/selinuxswig_ruby_wrap.lo
-			LIBDIR="\$(PREFIX)/$(get_libdir)" emake DESTDIR="${D}" \
+			emake DESTDIR="${D}" \
+				LIBDIR="\$(PREFIX)/$(get_libdir)" \
 				RUBY=${1} \
-				RUBYINSTALL="${D}/$(${1} -e 'print RbConfig::CONFIG["vendorarchdir"]')" \
+				USE_PCRE2="$(usex pcre2 y n)" \
 				install-rubywrap
 		}
 		for RUBYTARGET in ${USE_RUBY}; do

diff --git a/sys-libs/libselinux/metadata.xml b/sys-libs/libselinux/metadata.xml
index 932a69e..0f6264f 100644
--- a/sys-libs/libselinux/metadata.xml
+++ b/sys-libs/libselinux/metadata.xml
@@ -10,6 +10,9 @@
 		process and file security contexts and to obtain security policy
 		decisions.  Required for any applications that use the SELinux API.
 	</longdescription>
+	<use>
+		<flag name="pcre2">Use <pkg>sys-libs/pcre2</pkg> for fcontext regexes</flag>
+	</use>
 	<upstream>
 		<remote-id type="github">SELinuxProject/selinux</remote-id>
 	</upstream>

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libselinux/files/, sys-libs/libselinux/

[Jason Zaman]

commit:     6f24947db6463e9a29b11a164ea538c7477de268
Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  5 16:28:56 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Wed Oct  5 16:43:02 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f24947d

sys-libs/libselinux: fix selinux_restorecon realpath logic

Package-Manager: portage-2.3.0

 ...nux-selinux_restorecon-fix-realpath-logic.patch | 76 ++++++++++++++++++++++
 ...2.6_rc1.ebuild => libselinux-2.6_rc1-r1.ebuild} |  1 +
 2 files changed, 77 insertions(+)

diff --git a/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch b/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch
new file mode 100644
index 00000000..3a0d7fb
--- /dev/null
+++ b/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch
@@ -0,0 +1,76 @@
+From aa0c824bb2eeb8960ba02133faade72c837ea951 Mon Sep 17 00:00:00 2001
+From: Stephen Smalley <sds@tycho.nsa.gov>
+Date: Wed, 5 Oct 2016 10:45:35 -0400
+Subject: [PATCH] libselinux: selinux_restorecon: fix realpath logic
+
+The realpath logic in selinux_restorecon() was taken from the
+Android libselinux fork.  However, bionic dirname() and basename()
+do not modify their argument and therefore are safe to call on a
+const string.  POSIX dirname() and basename() can modify their argument.
+There is a GNU basename() that does not modify its argument, but not
+for dirname().
+For portability, create copies of the original pathname for each call
+and keep them around until finished using the result.
+
+Fixes "restorecon -r goes up the tree?" bug reported by Jason Zaman.
+
+Reported-by: Jason Zaman <jason@perfinion.com>
+Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
+---
+ libselinux/src/selinux_restorecon.c | 26 +++++++++++++++++++++-----
+ 1 file changed, 21 insertions(+), 5 deletions(-)
+
+diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
+index 0945138..e38d1d0 100644
+--- libselinux/src/selinux_restorecon.c
++++ libselinux/src/selinux_restorecon.c
+@@ -797,25 +797,41 @@ int selinux_restorecon(const char *pathname_orig,
+ 	 * realpath of containing dir, then appending last component name.
+ 	 */
+ 	if (flags.userealpath) {
+-		pathbname = basename((char *)pathname_orig);
++		char *basename_cpy = strdup(pathname_orig);
++		if (!basename_cpy)
++			goto realpatherr;
++		pathbname = basename(basename_cpy);
+ 		if (!strcmp(pathbname, "/") || !strcmp(pathbname, ".") ||
+ 					    !strcmp(pathbname, "..")) {
+ 			pathname = realpath(pathname_orig, NULL);
+-			if (!pathname)
++			if (!pathname) {
++				free(basename_cpy);
+ 				goto realpatherr;
++			}
+ 		} else {
+-			pathdname = dirname((char *)pathname_orig);
++			char *dirname_cpy = strdup(pathname_orig);
++			if (!dirname_cpy) {
++				free(basename_cpy);
++				goto realpatherr;
++			}
++			pathdname = dirname(dirname_cpy);
+ 			pathdnamer = realpath(pathdname, NULL);
+-			if (!pathdnamer)
++			free(dirname_cpy);
++			if (!pathdnamer) {
++				free(basename_cpy);
+ 				goto realpatherr;
++			}
+ 			if (!strcmp(pathdnamer, "/"))
+ 				error = asprintf(&pathname, "/%s", pathbname);
+ 			else
+ 				error = asprintf(&pathname, "%s/%s",
+ 						    pathdnamer, pathbname);
+-			if (error < 0)
++			if (error < 0) {
++				free(basename_cpy);
+ 				goto oom;
++			}
+ 		}
++		free(basename_cpy);
+ 	} else {
+ 		pathname = strdup(pathname_orig);
+ 		if (!pathname)
+-- 
+2.7.3
+

diff --git a/sys-libs/libselinux/libselinux-2.6_rc1.ebuild b/sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
similarity index 97%
rename from sys-libs/libselinux/libselinux-2.6_rc1.ebuild
rename to sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
index 84092cb..fe8c78b 100644
--- a/sys-libs/libselinux/libselinux-2.6_rc1.ebuild
+++ b/sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
@@ -47,6 +47,7 @@ DEPEND="${RDEPEND}
 src_prepare() {
 	if [[ ${PV} != 9999 ]] ; then
 		# If needed for live builds, place them in /etc/portage/patches
+		eapply "${FILESDIR}/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch"
 		eapply "${FILESDIR}/libselinux-2.6-0005-use-ruby-include-with-rubylibver.patch"
 		eapply "${FILESDIR}/libselinux-2.6-0007-build-related-fixes-bug-500674.patch"
 	fi