From 76cb1e8cafd0308a6fc1fcbb3b5682bc3042b3ce Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Sun, 28 Aug 2022 10:29:23 +0800
Subject: libsemanage: upgrade 3.3 -> 3.4

Refresh patches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
---
 ...ibsemanage-Fix-execve-segfaults-on-Ubuntu.patch | 10 ++--
 ...ibsemanage-allow-to-disable-audit-support.patch |  8 ++--
 ...anage-disable-expand-check-on-policy-load.patch |  8 ++--
 recipes-security/selinux/libsemanage_3.3.bb        | 54 ---------------------
 recipes-security/selinux/libsemanage_3.4.bb        | 55 ++++++++++++++++++++++
 5 files changed, 68 insertions(+), 67 deletions(-)
 delete mode 100644 recipes-security/selinux/libsemanage_3.3.bb
 create mode 100644 recipes-security/selinux/libsemanage_3.4.bb

diff --git a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
index 0b1f3d8..5a03d30 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
@@ -1,4 +1,4 @@
-From 01a37b94a1f5605a395e8b45ee9ec653ce716c06 Mon Sep 17 00:00:00 2001
+From 2111f86dce8defd9bebd9b43008339e3b5af0aa7 Mon Sep 17 00:00:00 2001
 From: Xin Ouyang <Xin.Ouyang@windriver.com>
 Date: Mon, 26 Mar 2012 15:15:16 +0800
 Subject: [PATCH] libsemanage: Fix execve segfaults on Ubuntu.
@@ -9,7 +9,7 @@ Such as "make load" while building refpolicy.
 
 http://oss.tresys.com/pipermail/refpolicy/2011-December/004859.html
 
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]
 
 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 ---
@@ -17,10 +17,10 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/semanage_store.c b/src/semanage_store.c
-index 58dded6..1a94545 100644
+index 14a0957..0a9200e 100644
 --- a/src/semanage_store.c
 +++ b/src/semanage_store.c
-@@ -1441,7 +1441,7 @@ static int semanage_exec_prog(semanage_handle_t * sh,
+@@ -1470,7 +1470,7 @@ static int semanage_exec_prog(semanage_handle_t * sh,
  	if (forkval == 0) {
  		/* child process.  file descriptors will be closed
  		 * because they were set as close-on-exec. */
@@ -30,5 +30,5 @@ index 58dded6..1a94545 100644
  	}
  
 -- 
-2.7.4
+2.25.1
 
diff --git a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
index ff5cb00..19263d8 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
@@ -1,9 +1,9 @@
-From e76867515be3bc296174aeb26c7996a0939a2a8c Mon Sep 17 00:00:00 2001
+From 5718384543ff06ad4032e90291f9e4398a2749c4 Mon Sep 17 00:00:00 2001
 From: Wenzong Fan <wenzong.fan@windriver.com>
 Date: Mon, 20 Jan 2014 03:53:48 -0500
 Subject: [PATCH] libsemanage: allow to disable audit support
 
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]
 
 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 ---
@@ -13,7 +13,7 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
  3 files changed, 31 insertions(+), 2 deletions(-)
 
 diff --git a/src/Makefile b/src/Makefile
-index a0eb374..afc4437 100644
+index 71c2a1d..52f335e 100644
 --- a/src/Makefile
 +++ b/src/Makefile
 @@ -26,6 +26,14 @@ ifeq ($(DEBUG),1)
@@ -122,5 +122,5 @@ index 69f49a3..f914492 100644
  OBJECTS = $(SOURCES:.c=.o)
  POLICIES = $(CILS:.cil=.policy)
 -- 
-2.17.1
+2.25.1
 
diff --git a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
index d1e5720..6e0faeb 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
@@ -1,4 +1,4 @@
-From 35196d58cd37fec89fcf95e3d43b41de7008f0be Mon Sep 17 00:00:00 2001
+From dd52bfb66d710473aeb75c5fe92d5cf0a66b637e Mon Sep 17 00:00:00 2001
 From: Joe MacDonald <joe@deserted.net>
 Date: Wed, 7 May 2014 11:36:27 -0400
 Subject: [PATCH] libsemanage: disable expand-check on policy load
@@ -17,10 +17,10 @@ Signed-off-by: Joe MacDonald <joe@deserted.net>
  1 file changed, 4 insertions(+)
 
 diff --git a/src/semanage.conf b/src/semanage.conf
-index dc8d46b..254f156 100644
+index 98d769b..708fa8c 100644
 --- a/src/semanage.conf
 +++ b/src/semanage.conf
-@@ -39,3 +39,7 @@ module-store = direct
+@@ -40,3 +40,7 @@ module-store = direct
  # By default, semanage will generate policies for the SELinux target.
  # To build policies for Xen, uncomment the following line.
  #target-platform = xen
@@ -29,5 +29,5 @@ index dc8d46b..254f156 100644
 +# module.  This results in a significant speed-up in policy loading.
 +expand-check=0
 -- 
-2.7.4
+2.25.1
 
diff --git a/recipes-security/selinux/libsemanage_3.3.bb b/recipes-security/selinux/libsemanage_3.3.bb
deleted file mode 100644
index b17eb68..0000000
--- a/recipes-security/selinux/libsemanage_3.3.bb
+++ /dev/null
@@ -1,54 +0,0 @@
-SUMMARY = "SELinux binary policy manipulation library"
-DESCRIPTION = "libsemanage provides an API for the manipulation of SELinux binary policies. \
-It is used by checkpolicy (the policy compiler) and similar tools, as well \
-as by programs like load_policy that need to perform specific transformations \
-on binary policies such as customizing policy boolean settings."
-SECTION = "base"
-LICENSE = "LGPL-2.1-or-later"
-LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
-
-require selinux_common.inc
-
-inherit lib_package python3native
-
-SRC_URI += "file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
-            file://libsemanage-allow-to-disable-audit-support.patch \
-            file://libsemanage-disable-expand-check-on-policy-load.patch \
-           "
-
-DEPENDS += "libsepol libselinux bzip2 python3 bison-native flex-native swig-native"
-DEPENDS:append:class-target = " audit"
-
-S = "${WORKDIR}/git/libsemanage"
-
-PACKAGES =+ "${PN}-python"
-
-# For /usr/libexec/selinux/semanage_migrate_store
-RDEPENDS:${PN}-python += "python3-core"
-
-FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \
-                      ${libexecdir}/selinux/semanage_migrate_store"
-FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/*"
-FILES:${PN} += "${libexecdir}"
-
-EXTRA_OEMAKE:class-native += "DISABLE_AUDIT=y"
-
-do_compile:append() {
-    oe_runmake pywrap \
-        PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
-        PYINC='-I${STAGING_INCDIR}/${PYLIBVER}' \
-        PYLIBS='-L${STAGING_LIBDIR}/${PYLIBVER} -l${PYLIBVER}'
-}
-
-do_install:append() {
-    oe_runmake install-pywrap \
-        PYCEXT='.so' \
-        PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
-        PYTHONLIBDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages'
-
-    # Update "policy-version" for semanage.conf
-    sed -i 's/^#\s*\(policy-version\s*=\).*$/\1 33/' \
-        ${D}/etc/selinux/semanage.conf
-}
-
-BBCLASSEXTEND = "native"
diff --git a/recipes-security/selinux/libsemanage_3.4.bb b/recipes-security/selinux/libsemanage_3.4.bb
new file mode 100644
index 0000000..08d2c9c
--- /dev/null
+++ b/recipes-security/selinux/libsemanage_3.4.bb
@@ -0,0 +1,55 @@
+SUMMARY = "SELinux binary policy manipulation library"
+DESCRIPTION = "libsemanage provides an API for the manipulation of SELinux binary policies. \
+It is used by checkpolicy (the policy compiler) and similar tools, as well \
+as by programs like load_policy that need to perform specific transformations \
+on binary policies such as customizing policy boolean settings."
+SECTION = "base"
+LICENSE = "LGPL-2.1-or-later"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
+
+require selinux_common.inc
+
+inherit lib_package python3native
+
+SRC_URI += "file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
+            file://libsemanage-allow-to-disable-audit-support.patch \
+            file://libsemanage-disable-expand-check-on-policy-load.patch \
+           "
+
+DEPENDS = "libsepol libselinux bison-native swig-native"
+
+DEPENDS:append:class-target = " audit"
+
+S = "${WORKDIR}/git/libsemanage"
+
+EXTRA_OEMAKE:class-native = "DISABLE_AUDIT=y"
+
+PACKAGES =+ "${PN}-python"
+
+# For /usr/libexec/selinux/semanage_migrate_store
+RDEPENDS:${PN}-python = "python3-core"
+
+FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \
+                      ${libexecdir}/selinux/semanage_migrate_store"
+FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/*"
+FILES:${PN} += "${libexecdir}"
+
+do_compile:append() {
+    oe_runmake pywrap \
+        PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
+        PYINC='-I${STAGING_INCDIR}/${PYLIBVER}' \
+        PYLIBS='-L${STAGING_LIBDIR}/${PYLIBVER} -l${PYLIBVER}'
+}
+
+do_install:append() {
+    oe_runmake install-pywrap \
+        PYCEXT='.so' \
+        PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
+        PYTHONLIBDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages'
+
+    # Update "policy-version" for semanage.conf
+    sed -i 's/^#\s*\(policy-version\s*=\).*$/\1 33/' \
+        ${D}/etc/selinux/semanage.conf
+}
+
+BBCLASSEXTEND = "native"
-- 
cgit v1.2.3-54-g00ecf