From: Fabrice Fontaine Date: Thu, 11 Oct 2018 19:37:00 +0000 (+0200) Subject: libselinux: bump to version 2.8 X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=e89db296d720c633f32344ae931914fdeb22ff22;p=buildroot.git libselinux: bump to version 2.8 - Remove second patch (already in version), see https://github.com/SELinuxProject/selinux/commit/b24980ec07af66c4b419f8053aa65e97b36e558d - Update third patch - For target variant, set SHLIBDIR=/usr/lib because by default it is set to /lib and LIBDIR is set to $(PREFIX)/lib (with PREFIX=/usr) - For host variant, set SHLIBDIR=$(HOST_DIR)/lib otherwise shared library will be installed in /lib (PREFIX is not used to install shared library) - Add hash for license file Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni --- diff --git a/package/libselinux/0002-libselinux-build-follow-standard-semantics-for-DESTD.patch b/package/libselinux/0002-libselinux-build-follow-standard-semantics-for-DESTD.patch deleted file mode 100644 index 089eef414e..0000000000 --- a/package/libselinux/0002-libselinux-build-follow-standard-semantics-for-DESTD.patch +++ /dev/null @@ -1,137 +0,0 @@ -libselinux: build: follow standard semantics for DESTDIR and PREFIX - -This patch solves the following issues: -- The pkg-config files generates odd paths when using DESTDIR without PREFIX -- DESTDIR is needed during compile time to compute library and header paths which it should not. -- Installing with both DESTDIR and PREFIX set gives us odd paths -- Make usage of DESTDIR and PREFIX more standard - -Signed-off-by: Marcus Folkesson - -diff -durN libselinux.orig/include/Makefile libselinux/include/Makefile ---- libselinux.orig/include/Makefile 2018-01-12 12:42:30.898709792 +0100 -+++ libselinux/include/Makefile 2018-01-12 10:02:57.745478435 +0100 -@@ -1,6 +1,6 @@ - # Installation directories. --PREFIX ?= $(DESTDIR)/usr --INCDIR ?= $(PREFIX)/include/selinux -+PREFIX ?= /usr -+INCDIR = $(DESTDIR)$(PREFIX)/include/selinux - - all: - -diff -durN libselinux.orig/man/Makefile libselinux/man/Makefile ---- libselinux.orig/man/Makefile 2018-01-12 12:42:30.898709792 +0100 -+++ libselinux/man/Makefile 2018-01-12 10:02:57.745478435 +0100 -@@ -1,7 +1,8 @@ - # Installation directories. --MAN8DIR ?= $(DESTDIR)/usr/share/man/man8 --MAN5DIR ?= $(DESTDIR)/usr/share/man/man5 --MAN3DIR ?= $(DESTDIR)/usr/share/man/man3 -+PREFIX ?= /usr -+MAN8DIR ?= $(DESTDIR)$(PREFIX)/share/man/man8 -+MAN5DIR ?= $(DESTDIR)$(PREFIX)/share/man/man5 -+MAN3DIR ?= $(DESTDIR)$(PREFIX)/share/man/man3 - - all: - -diff -durN libselinux.orig/src/libselinux.pc.in libselinux/src/libselinux.pc.in ---- libselinux.orig/src/libselinux.pc.in 2018-01-12 12:42:30.905376458 +0100 -+++ libselinux/src/libselinux.pc.in 2018-01-12 10:02:57.745478435 +0100 -@@ -1,6 +1,6 @@ - prefix=@prefix@ - exec_prefix=${prefix} --libdir=${exec_prefix}/@libdir@ -+libdir=@libdir@ - includedir=@includedir@ - - Name: libselinux -diff -durN libselinux.orig/src/Makefile libselinux/src/Makefile ---- libselinux.orig/src/Makefile 2018-01-12 12:42:30.902043126 +0100 -+++ libselinux/src/Makefile 2018-01-12 10:02:57.745478435 +0100 -@@ -8,10 +8,10 @@ - PKG_CONFIG ?= pkg-config - - # Installation directories. --PREFIX ?= $(DESTDIR)/usr -+PREFIX ?= /usr - LIBDIR ?= $(PREFIX)/lib --SHLIBDIR ?= $(DESTDIR)/lib - INCLUDEDIR ?= $(PREFIX)/include -+LIBINSTALL = $(DESTDIR)$(LIBDIR) - PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) - PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) - PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])') -@@ -19,8 +19,6 @@ - RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]') - RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]') - RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]') --LIBBASE ?= $(shell basename $(LIBDIR)) --LIBSEPOLA ?= $(LIBDIR)/libsepol.a - - VERSION = $(shell cat ../VERSION) - LIBVERSION = 1 -@@ -148,7 +146,7 @@ - ln -sf $@ $(TARGET) - - $(LIBPC): $(LIBPC).in ../VERSION -- sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@ -+ sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@ - - selinuxswig_python_exception.i: ../include/selinux/selinux.h - bash -e exception.sh > $@ || (rm -f $@ ; false) -@@ -156,8 +154,8 @@ - $(AUDIT2WHYLOBJ): audit2why.c - $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $< - --$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA) -- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(PYLIBS) -+$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) -+ $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(PYLIBS) -l:libsepol.a - - %.o: %.c policy.h - $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $< -@@ -177,13 +175,13 @@ - $(SWIG) $< - - install: all -- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) -- install -m 644 $(LIBA) $(LIBDIR) -- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) -- install -m 755 $(LIBSO) $(SHLIBDIR) -- test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig -- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig -- ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET) -+ test -d $(LIBINSTALL) || install -m 755 -d $(LIBINSTALL) -+ install -m 644 $(LIBA) $(LIBINSTALL) -+ test -d $(LIBINSTALL) || install -m 755 -d $(LIBINSTALL) -+ install -m 755 $(LIBSO) $(LIBINSTALL) -+ test -d $(LIBINSTALL)/pkgconfig || install -m 755 -d $(LIBINSTALL)/pkgconfig -+ install -m 644 $(LIBPC) $(LIBINSTALL)/pkgconfig -+ ln -sf --relative $(LIBINSTALL)/$(LIBSO) $(LIBINSTALL)/$(TARGET) - - install-pywrap: pywrap - test -d $(PYSITEDIR)/selinux || install -m 755 -d $(PYSITEDIR)/selinux -@@ -196,7 +194,7 @@ - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so - - relabel: -- /sbin/restorecon $(SHLIBDIR)/$(LIBSO) -+ /sbin/restorecon $(LIBINSTALL)/$(LIBSO) - - clean-pywrap: - -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO) -diff -durN libselinux.orig/utils/Makefile libselinux/utils/Makefile ---- libselinux.orig/utils/Makefile 2018-01-12 12:42:30.905376458 +0100 -+++ libselinux/utils/Makefile 2018-01-12 10:02:57.745478435 +0100 -@@ -1,8 +1,6 @@ - # Installation directories. --PREFIX ?= $(DESTDIR)/usr --LIBDIR ?= $(PREFIX)/lib --SBINDIR ?= $(PREFIX)/sbin --INCLUDEDIR ?= $(PREFIX)/include -+PREFIX ?= /usr -+SBINDIR ?= $(DESTDIR)$(PREFIX)/sbin - - OS ?= $(shell uname) - diff --git a/package/libselinux/0002-revert-ln-relative.patch b/package/libselinux/0002-revert-ln-relative.patch new file mode 100644 index 0000000000..f7beab2697 --- /dev/null +++ b/package/libselinux/0002-revert-ln-relative.patch @@ -0,0 +1,26 @@ +Makefile: revert libselinux: use ln --relative to create .so symlinks + +This reverts 71393a181d63c9baae5fe8dcaeb9411d1f253998 + +ln --relative is too recent to be available in all distributions, +especially enterprise-grade distros that can stick around as long as +they are maintained (up to 10 years in some cases?). + +For the sake of Buildroot, revert the upstream patch. + +Signed-off-by: "Yann E. MORIN" +Signed-off-by: Fabrice Fontaine +[Update for 2.8 (with assumption that SHLIBDIR=LIBDIR)] + +diff -durNw libselinux-2.7.orig/src/Makefile libselinux-2.7/src/Makefile +--- libselinux-2.7.orig/src/Makefile 2018-01-15 20:53:50.168525700 +0100 ++++ libselinux-2.7/src/Makefile 2018-01-15 20:55:27.061858005 +0100 +@@ -181,7 +181,7 @@ + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig +- ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) ++ cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET) + + install-pywrap: pywrap + test -d $(DESTDIR)$(PYTHONLIBDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/selinux diff --git a/package/libselinux/0003-Fix-build-break-around-__atomic_-with-GCC-4.7.patch b/package/libselinux/0003-Fix-build-break-around-__atomic_-with-GCC-4.7.patch new file mode 100644 index 0000000000..88e3a79332 --- /dev/null +++ b/package/libselinux/0003-Fix-build-break-around-__atomic_-with-GCC-4.7.patch @@ -0,0 +1,70 @@ +From abe76789f8e7ce61b357f693eaed5b28feab5ce2 Mon Sep 17 00:00:00 2001 +From: Hollis Blanchard +Date: Mon, 13 Aug 2018 12:11:33 -0700 +Subject: [PATCH] Fix build break around __atomic_*() with GCC<4.7 + +The __atomic_* GCC primitives were introduced in GCC 4.7, but Red Hat +Enterprise Linux 6.x (for example) provides GCC 4.4. Tweak the current code to +use the (most conservative) __sync_synchronize() primitive provided by those +older GCC versions. + +(Really, no __atomic or __sync operations are needed here at all, since POSIX +4.12 "Memory Synchronization" says pthread_mutex_lock() and +pthread_mutex_unlock() "synchronize memory with respect to other threads"...) + +Signed-off-by: Hollis Blanchard +--- + src/label_file.h | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/src/label_file.h b/src/label_file.h +index 2fa85474..47859baf 100644 +--- a/src/label_file.h ++++ b/src/label_file.h +@@ -351,8 +351,14 @@ static inline int compile_regex(struct saved_data *data, struct spec *spec, + * init_routine does not take a parameter, it's not possible + * to use, so we generate the same effect with atomics and a + * mutex */ ++#ifdef __ATOMIC_RELAXED + regex_compiled = + __atomic_load_n(&spec->regex_compiled, __ATOMIC_ACQUIRE); ++#else ++ /* GCC <4.7 */ ++ __sync_synchronize(); ++ regex_compiled = spec->regex_compiled; ++#endif + if (regex_compiled) { + return 0; /* already done */ + } +@@ -360,8 +366,14 @@ static inline int compile_regex(struct saved_data *data, struct spec *spec, + __pthread_mutex_lock(&spec->regex_lock); + /* Check if another thread compiled the regex while we waited + * on the mutex */ ++#ifdef __ATOMIC_RELAXED + regex_compiled = + __atomic_load_n(&spec->regex_compiled, __ATOMIC_ACQUIRE); ++#else ++ /* GCC <4.7 */ ++ __sync_synchronize(); ++ regex_compiled = spec->regex_compiled; ++#endif + if (regex_compiled) { + __pthread_mutex_unlock(&spec->regex_lock); + return 0; +@@ -404,7 +416,13 @@ static inline int compile_regex(struct saved_data *data, struct spec *spec, + } + + /* Done. */ ++#ifdef __ATOMIC_RELAXED + __atomic_store_n(&spec->regex_compiled, true, __ATOMIC_RELEASE); ++#else ++ /* GCC <4.7 */ ++ spec->regex_compiled = true; ++ __sync_synchronize(); ++#endif + __pthread_mutex_unlock(&spec->regex_lock); + return 0; + } +-- +2.13.0 + diff --git a/package/libselinux/0003-revert-ln-relative.patch b/package/libselinux/0003-revert-ln-relative.patch deleted file mode 100644 index f72afa1b0a..0000000000 --- a/package/libselinux/0003-revert-ln-relative.patch +++ /dev/null @@ -1,24 +0,0 @@ -Makefile: revert libselinux: use ln --relative to create .so symlinks - -This reverts 71393a181d63c9baae5fe8dcaeb9411d1f253998 - -ln --relative is too recent to be available in all distributions, -especially enterprise-grade distros that can stick around as long as -they are maintained (up to 10 years in some cases?). - -For the sake of Buildroot, revert the upstream patch. - -Signed-off-by: "Yann E. MORIN" - -diff -durNw libselinux-2.7.orig/src/Makefile libselinux-2.7/src/Makefile ---- libselinux-2.7.orig/src/Makefile 2018-01-15 20:53:50.168525700 +0100 -+++ libselinux-2.7/src/Makefile 2018-01-15 20:55:27.061858005 +0100 -@@ -181,7 +181,7 @@ - install -m 755 $(LIBSO) $(LIBINSTALL) - test -d $(LIBINSTALL)/pkgconfig || install -m 755 -d $(LIBINSTALL)/pkgconfig - install -m 644 $(LIBPC) $(LIBINSTALL)/pkgconfig -- ln -sf --relative $(LIBINSTALL)/$(LIBSO) $(LIBINSTALL)/$(TARGET) -+ cd $(LIBINSTALL) && ln -sf $(LIBSO) $(TARGET) - - install-pywrap: pywrap - test -d $(PYSITEDIR)/selinux || install -m 755 -d $(PYSITEDIR)/selinux diff --git a/package/libselinux/0004-Fix-build-break-around-__atomic_-with-GCC-4.7.patch b/package/libselinux/0004-Fix-build-break-around-__atomic_-with-GCC-4.7.patch deleted file mode 100644 index 88e3a79332..0000000000 --- a/package/libselinux/0004-Fix-build-break-around-__atomic_-with-GCC-4.7.patch +++ /dev/null @@ -1,70 +0,0 @@ -From abe76789f8e7ce61b357f693eaed5b28feab5ce2 Mon Sep 17 00:00:00 2001 -From: Hollis Blanchard -Date: Mon, 13 Aug 2018 12:11:33 -0700 -Subject: [PATCH] Fix build break around __atomic_*() with GCC<4.7 - -The __atomic_* GCC primitives were introduced in GCC 4.7, but Red Hat -Enterprise Linux 6.x (for example) provides GCC 4.4. Tweak the current code to -use the (most conservative) __sync_synchronize() primitive provided by those -older GCC versions. - -(Really, no __atomic or __sync operations are needed here at all, since POSIX -4.12 "Memory Synchronization" says pthread_mutex_lock() and -pthread_mutex_unlock() "synchronize memory with respect to other threads"...) - -Signed-off-by: Hollis Blanchard ---- - src/label_file.h | 18 ++++++++++++++++++ - 1 file changed, 18 insertions(+) - -diff --git a/src/label_file.h b/src/label_file.h -index 2fa85474..47859baf 100644 ---- a/src/label_file.h -+++ b/src/label_file.h -@@ -351,8 +351,14 @@ static inline int compile_regex(struct saved_data *data, struct spec *spec, - * init_routine does not take a parameter, it's not possible - * to use, so we generate the same effect with atomics and a - * mutex */ -+#ifdef __ATOMIC_RELAXED - regex_compiled = - __atomic_load_n(&spec->regex_compiled, __ATOMIC_ACQUIRE); -+#else -+ /* GCC <4.7 */ -+ __sync_synchronize(); -+ regex_compiled = spec->regex_compiled; -+#endif - if (regex_compiled) { - return 0; /* already done */ - } -@@ -360,8 +366,14 @@ static inline int compile_regex(struct saved_data *data, struct spec *spec, - __pthread_mutex_lock(&spec->regex_lock); - /* Check if another thread compiled the regex while we waited - * on the mutex */ -+#ifdef __ATOMIC_RELAXED - regex_compiled = - __atomic_load_n(&spec->regex_compiled, __ATOMIC_ACQUIRE); -+#else -+ /* GCC <4.7 */ -+ __sync_synchronize(); -+ regex_compiled = spec->regex_compiled; -+#endif - if (regex_compiled) { - __pthread_mutex_unlock(&spec->regex_lock); - return 0; -@@ -404,7 +416,13 @@ static inline int compile_regex(struct saved_data *data, struct spec *spec, - } - - /* Done. */ -+#ifdef __ATOMIC_RELAXED - __atomic_store_n(&spec->regex_compiled, true, __ATOMIC_RELEASE); -+#else -+ /* GCC <4.7 */ -+ spec->regex_compiled = true; -+ __sync_synchronize(); -+#endif - __pthread_mutex_unlock(&spec->regex_lock); - return 0; - } --- -2.13.0 - diff --git a/package/libselinux/libselinux.hash b/package/libselinux/libselinux.hash index 3c60d5111d..fb8e350434 100644 --- a/package/libselinux/libselinux.hash +++ b/package/libselinux/libselinux.hash @@ -1,2 +1,5 @@ # From: https://github.com/SELinuxProject/selinux/wiki/Releases -sha256 d0fec0769b3ad60aa7baf9b9a4b7a056827769dc2dadda0dc0eb59b3d1c18c57 libselinux-2.7.tar.gz +sha256 31db96ec7643ce10912b3c3f98506a08a9116dcfe151855fd349c3fda96187e1 libselinux-2.8.tar.gz + +# Hash for license file +sha256 86657b4c0fe868d7cbd977cb04c63b6c667e08fa51595a7bc846ad4bed8fc364 LICENSE diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk index 97b4f03062..b09634740a 100644 --- a/package/libselinux/libselinux.mk +++ b/package/libselinux/libselinux.mk @@ -4,8 +4,8 @@ # ################################################################################ -LIBSELINUX_VERSION = 2.7 -LIBSELINUX_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804 +LIBSELINUX_VERSION = 2.8 +LIBSELINUX_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524 LIBSELINUX_LICENSE = Public Domain LIBSELINUX_LICENSE_FILES = LICENSE @@ -14,11 +14,14 @@ LIBSELINUX_DEPENDENCIES = libsepol pcre LIBSELINUX_INSTALL_STAGING = YES # Filter out D_FILE_OFFSET_BITS=64. This fixes errors caused by glibc 2.22. +# Set SHLIBDIR to /usr/lib so it has the same value than LIBDIR, as a result +# we won't have to use a relative path in 0002-revert-ln-relative.patch LIBSELINUX_MAKE_OPTS = \ $(TARGET_CONFIGURE_OPTS) \ CFLAGS="$(filter-out -D_FILE_OFFSET_BITS=64,$(TARGET_CFLAGS))" \ LDFLAGS="$(TARGET_LDFLAGS) -lpcre -lpthread" \ - ARCH=$(KERNEL_ARCH) + ARCH=$(KERNEL_ARCH) \ + SHLIBDIR=/usr/lib LIBSELINUX_MAKE_INSTALL_TARGETS = install @@ -86,6 +89,7 @@ endif HOST_LIBSELINUX_MAKE_OPTS = \ $(HOST_CONFIGURE_OPTS) \ PREFIX=$(HOST_DIR) \ + SHLIBDIR=$(HOST_DIR)/lib \ LDFLAGS="$(HOST_LDFLAGS) -lpcre -lpthread" \ PYINC="$(HOST_LIBSELINUX_PYINC)" \ PYSITEDIR="$(HOST_DIR)/lib/$(HOST_LIBSELINUX_PYLIBVER)/site-packages" \