diff --git a/0001-Replace-and-remove-deprecated-libselinux-functions.patch b/0001-Replace-and-remove-deprecated-libselinux-functions.patch new file mode 100644 index 0000000000000000000000000000000000000000..6a205a41af16e7a5af95db72938c697695c07030 --- /dev/null +++ b/0001-Replace-and-remove-deprecated-libselinux-functions.patch @@ -0,0 +1,83 @@ +From 629e2b969c8646012e7e83844acd506ff5719a4e Mon Sep 17 00:00:00 2001 +From: Eduardo Barretto +Date: Thu, 27 Aug 2020 10:26:01 -0400 +Subject: [PATCH] pluto: Replace/remove deprecated libselinux functions + +Signed-off-by: Paul Wouters +--- + contrib/labeled-ipsec/getpeercon_server.c | 4 ++-- + programs/pluto/security_selinux.c | 7 ++----- + programs/pluto/security_selinux.h | 2 +- + 3 files changed, 5 insertions(+), 8 deletions(-) + +diff --git a/contrib/labeled-ipsec/getpeercon_server.c b/contrib/labeled-ipsec/getpeercon_server.c +index 734c5f9d43..75d8301bd2 100644 +--- a/contrib/labeled-ipsec/getpeercon_server.c ++++ b/contrib/labeled-ipsec/getpeercon_server.c +@@ -64,7 +64,7 @@ int main(int argc, char *argv[]) + srv_sock_path = argv[1]; + + { +- security_context_t ctx; ++ char *ctx; + int rc = getcon(&ctx); + + fprintf(stderr, "-> running as %s\n", +@@ -142,7 +142,7 @@ int main(int argc, char *argv[]) + struct sockaddr_in6 *const cli_sock_6addr = (struct sockaddr_in6 *)&cli_sock_saddr; + socklen_t cli_sock_addr_len; + char cli_sock_addr_str[INET6_ADDRSTRLEN + 1]; +- security_context_t ctx; ++ char *ctx; + char *ctx_str; + + //fflush(stdout); +diff --git a/programs/pluto/security_selinux.c b/programs/pluto/security_selinux.c +index 2b8e28d710..f97ac11576 100644 +--- a/programs/pluto/security_selinux.c ++++ b/programs/pluto/security_selinux.c +@@ -30,13 +30,13 @@ void init_avc(void) + DBG_log("selinux support is enabled."); + } + +- if (avc_init("libreswan", NULL, NULL, NULL, NULL) == 0) ++ if (avc_open(NULL, 0) == 0) + selinux_ready = 1; + else + DBG_log("selinux: could not initialize avc."); + } + +-int within_range(security_context_t sl, security_context_t range) ++int within_range(char *sl, security_context_t range) + { + int rtn = 1; + security_id_t slsid; +@@ -62,7 +62,6 @@ int within_range(security_context_t sl, security_context_t range) + if (rtn != 0) { + DBG_log("within_range: Unable to retrieve sid for range context (%s)", + range); +- sidput(slsid); + return 0; + } + +@@ -74,8 +73,6 @@ int within_range(security_context_t sl, security_context_t range) + if (rtn != 0) { + DBG_log("within_range: The sl (%s) is not within range of (%s)", sl, + range); +- sidput(slsid); +- sidput(rangesid); + return 0; + } + DBG_log("within_range: The sl (%s) is within range of (%s)", sl, +diff --git a/programs/pluto/security_selinux.h b/programs/pluto/security_selinux.h +index 35978b1481..43c1dde68a 100644 +--- a/programs/pluto/security_selinux.h ++++ b/programs/pluto/security_selinux.h +@@ -20,6 +20,6 @@ + #include + + void init_avc(void); +-int within_range(security_context_t sl, security_context_t range); ++int within_range(char *sl, security_context_t range); + + #endif /* _SECURITY_SELINUX_H */ diff --git a/0002-fixup-last-two-occurances-of-security_context_t.patch b/0002-fixup-last-two-occurances-of-security_context_t.patch new file mode 100644 index 0000000000000000000000000000000000000000..5f6bbc618b7ec8d1b738801d7a3175ffbb7f29cb --- /dev/null +++ b/0002-fixup-last-two-occurances-of-security_context_t.patch @@ -0,0 +1,35 @@ +From 66e3812b73e1a91677c2fea446419a18176c96a6 Mon Sep 17 00:00:00 2001 +From: Paul Wouters +Date: Thu, 27 Aug 2020 12:33:23 -0400 +Subject: [PATCH] pluto: fixup last two occurances of security_context_t + +--- + programs/pluto/security_selinux.c | 2 +- + programs/pluto/security_selinux.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/programs/pluto/security_selinux.c b/programs/pluto/security_selinux.c +index f97ac11576..f7ca54bb1d 100644 +--- a/programs/pluto/security_selinux.c ++++ b/programs/pluto/security_selinux.c +@@ -36,7 +36,7 @@ void init_avc(void) + DBG_log("selinux: could not initialize avc."); + } + +-int within_range(char *sl, security_context_t range) ++int within_range(char *sl, char *range) + { + int rtn = 1; + security_id_t slsid; +diff --git a/programs/pluto/security_selinux.h b/programs/pluto/security_selinux.h +index 43c1dde68a..87785d2638 100644 +--- a/programs/pluto/security_selinux.h ++++ b/programs/pluto/security_selinux.h +@@ -20,6 +20,6 @@ + #include + + void init_avc(void); +-int within_range(char *sl, security_context_t range); ++int within_range(char *sl, char *range); + + #endif /* _SECURITY_SELINUX_H */ diff --git a/libreswan.spec b/libreswan.spec index 651c66716eb6381ce174c3568742d15c946e5941..dd382a209049fa36e4c95cdf8334de22f886b21d 100644 --- a/libreswan.spec +++ b/libreswan.spec @@ -20,7 +20,7 @@ Name: libreswan Version: 3.25 -Release: 7 +Release: 8 Summary: A free implementation of IPsec & IKE for Linux License: GPLv2 Url: https://github.com/libreswan/libreswan @@ -30,6 +30,8 @@ Source2: openeuler-libreswan-tmpfiles.conf Patch0001: libreswan-3.25-relax-delete.patch Patch0002: libreswan-3.25-unbound-hook.patch +Patch0003: 0001-Replace-and-remove-deprecated-libselinux-functions.patch +Patch0004: 0002-fixup-last-two-occurances-of-security_context_t.patch BuildRequires: gcc pkgconfig hostname bison flex systemd-devel nss-devel >= 3.16.1 BuildRequires: nspr-devel pam-devel libevent-devel unbound-devel >= 1.6.0-6 ldns-devel @@ -130,6 +132,9 @@ export NSS_DISABLE_HW_GCM=1 %doc %{_mandir}/*/* %changelog +* Tue Sep 22 2020 huanghaitao - 3.26-8 +- Fix libselinux deprecates + * Mon Sep 14 2020 Ge Wang - 3.25-7 - Modify Source0 Url