packages/libreswan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix libselinux deprecated instead of ignore the Werror

Browse Source
This commit is contained in:
si-gui 2020-09-15 20:10:21 +08:00
parent bdf2fd4706
commit a0645d2d25
3 changed files with 92 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
0001-fix-libselinux-deprecated.patch Normal file
View File

@ -0,0 +1,86 @@
From 54b0f3bf7c87ccd8e9f7c74872371d571f0c118c Mon Sep 17 00:00:00 2001
From: si-gui <245140120@qq.com>
Date: Tue, 15 Sep 2020 19:57:58 +0800
Subject: [PATCH] fix libselinux deprecated
Signed-off-by: si-gui <245140120@qq.com>
---
contrib/labeled-ipsec/getpeercon_server.c | 4 ++--
programs/pluto/security_selinux.c | 7 ++-----
programs/pluto/security_selinux.h | 2 +-
3 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/contrib/labeled-ipsec/getpeercon_server.c b/contrib/labeled-ipsec/getpeercon_server.c
index 57a24d0..aa2e2b4 100644
--- a/contrib/labeled-ipsec/getpeercon_server.c
+++ b/contrib/labeled-ipsec/getpeercon_server.c
@@ -64,7 +64,7 @@ int main(int argc, char *argv[])
srv_sock_path = argv[1];
{
- security_context_t ctx;
+ char *ctx;
int rc = getcon(&ctx);
fprintf(stderr, "-> running as %s\n",
@@ -136,7 +136,7 @@ int main(int argc, char *argv[])
struct sockaddr_in6 *const cli_sock_6addr = (struct sockaddr_in6 *)&cli_sock_saddr;
socklen_t cli_sock_addr_len;
char cli_sock_addr_str[INET6_ADDRSTRLEN + 1];
- security_context_t ctx;
+ char *ctx;
char *ctx_str;
//fflush(stdout);
diff --git a/programs/pluto/security_selinux.c b/programs/pluto/security_selinux.c
index ac5028e..c09a2d0 100644
--- a/programs/pluto/security_selinux.c
+++ b/programs/pluto/security_selinux.c
@@ -27,13 +27,13 @@ void init_avc(void)
DBG_log("selinux support is enabled.");
}
- if (avc_init("libreswan", NULL, NULL, NULL, NULL) == 0)
+ int within_range(char *sl, char *range)
selinux_ready = 1;
else
DBG_log("selinux: could not initialize avc.");
}
-int within_range(security_context_t sl, security_context_t range)
+int within_range(char *sl, char *range)
{
int rtn = 1;
security_id_t slsid;
@@ -61,7 +61,6 @@ int within_range(security_context_t sl, security_context_t range)
if (rtn != 0) {
DBG_log("within_range: Unable to retrieve sid for range context (%s)",
range);
- sidput(slsid);
return 0;
}
@@ -74,8 +73,6 @@ int within_range(security_context_t sl, security_context_t range)
if (rtn != 0) {
DBG_log("within_range: The sl (%s) is not within range of (%s)", sl,
range);
- sidput(slsid);
- sidput(rangesid);
return 0;
}
DBG_log("within_range: The sl (%s) is within range of (%s)", sl,
diff --git a/programs/pluto/security_selinux.h b/programs/pluto/security_selinux.h
index cccd60f..7c07bd8 100644
--- a/programs/pluto/security_selinux.h
+++ b/programs/pluto/security_selinux.h
@@ -20,6 +20,6 @@
#include <selinux/context.h>
void init_avc(void);
-int within_range(security_context_t sl, security_context_t range);
+int within_range(char *sl, char *range);
#endif /* _SECURITY_SELINUX_H */
--
2.23.0

32
libreswan-3.25-workaround-deprecation-warnings-introduced-in-libselinux-update.patch
View File

@ -1,32 +0,0 @@
diff --git a/programs/pluto/security_selinux.c b/programs/pluto/security_selinux.c
index ac5028e..2073a4a 100644
--- a/programs/pluto/security_selinux.c
+++ b/programs/pluto/security_selinux.c
@@ -18,6 +18,8 @@
static int selinux_ready = 0;
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
void init_avc(void)
{
if (!is_selinux_enabled()) {
@@ -82,3 +84,4 @@ int within_range(security_context_t sl, security_context_t range)
range);
return 1;
}
+#pragma GCC diagnostic pop
diff --git a/programs/pluto/security_selinux.h b/programs/pluto/security_selinux.h
index cccd60f..61279eb 100644
--- a/programs/pluto/security_selinux.h
+++ b/programs/pluto/security_selinux.h
@@ -20,6 +20,9 @@
#include <selinux/context.h>
void init_avc(void);
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
int within_range(security_context_t sl, security_context_t range);
+#pragma GCC diagnostic pop
#endif /* _SECURITY_SELINUX_H */

9
libreswan.spec
View File

@ -20,7 +20,7 @@
Name: libreswan Name: libreswan
Version: 3.25 Version: 3.25
Release: 8 Release: 9
Summary: A free implementation of IPsec & IKE for Linux Summary: A free implementation of IPsec & IKE for Linux
License: GPLv2 License: GPLv2
Url: https://github.com/libreswan/libreswan Url: https://github.com/libreswan/libreswan
@ -30,7 +30,7 @@ Source2: openeuler-libreswan-tmpfiles.conf
Patch0001: libreswan-3.25-relax-delete.patch Patch0001: libreswan-3.25-relax-delete.patch
Patch0002: libreswan-3.25-unbound-hook.patch Patch0002: libreswan-3.25-unbound-hook.patch
Patch0003: libreswan-3.25-workaround-deprecation-warnings-introduced-in-libselinux-update.patch Patch0003: 0001-fix-libselinux-deprecated.patch
BuildRequires: gcc pkgconfig hostname bison flex systemd-devel nss-devel >= 3.16.1 BuildRequires: gcc pkgconfig hostname bison flex systemd-devel nss-devel >= 3.16.1
BuildRequires: nspr-devel pam-devel libevent-devel unbound-devel >= 1.6.0-6 ldns-devel BuildRequires: nspr-devel pam-devel libevent-devel unbound-devel >= 1.6.0-6 ldns-devel
@ -131,7 +131,10 @@ export NSS_DISABLE_HW_GCM=1
%doc %{_mandir}/*/* %doc %{_mandir}/*/*
%changelog %changelog
* Mon Sep 14 2020 Ge Wang <wangge20@huawei.com> -3.25-8 * Tue Sep 15 2020 Guoshuai Sun <sunguoshuai@huawei.com> - 3.25-9
- Fix libselinux deprecated instead of ignore the Werror
* Mon Sep 14 2020 Ge Wang <wangge20@huawei.com> - 3.25-8
- Modify Source0 Url - Modify Source0 Url
* Tue Aug 04 2020 zhangjiapeng <zhangjiapeng9@huawei.com> - 3.25-7 * Tue Aug 04 2020 zhangjiapeng <zhangjiapeng9@huawei.com> - 3.25-7