Bug#966017: libreswan FTBFS with libselinux 3.1

Eduardo Barretto Wed, 26 Aug 2020 09:03:31 -0700

Package: libreswan
Version: 3.32-3
Followup-For: Bug #966017
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu groovy ubuntu-patch


Dear Maintainer,

We found the same FTBFS in Ubuntu when trying to build libreswan 3.32-3
with libselinux 3.1-2.
The patch tries to replace the deprecated functions for the ones
mentioned in libselinux documentation.
With this patch we can successfully build the package and we were able to
get autopkgtests running.

*** /tmp/tmpns5ymfvg/bug_body

In Ubuntu, the attached patch was applied to achieve the following:

 Fix current FTBFS when using latest libselinux 3.1-2 as found in
 unstable, regarding deprecated functions.

  * d/patches/fix-libselinux3.1-deprecated.patch: this fixes current
    ftbfs with libselinux3.1. (Closes: #966017)


Thanks for considering the patch.


-- System Information:
Debian Release: buster/sid
  APT prefers bionic-updates
  APT policy: (500, 'bionic-updates'), (500, 'bionic-security'), (500, 
'bionic'), (100, 'bionic-backports')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.0-42-generic (SMP w/12 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru libreswan-3.32/debian/patches/fix-libselinux3.1-deprecated.patch 
libreswan-3.32/debian/patches/fix-libselinux3.1-deprecated.patch
--- libreswan-3.32/debian/patches/fix-libselinux3.1-deprecated.patch    
1969-12-31 21:00:00.000000000 -0300
+++ libreswan-3.32/debian/patches/fix-libselinux3.1-deprecated.patch    
2020-08-26 12:15:35.000000000 -0300
@@ -0,0 +1,71 @@
+Description: fix deprecated libselinux function calls
+ error: 'security_context_t' is deprecated
+ error: 'avc_init' is deprecated
+ error: 'sidput' is deprecated
+Author: Eduardo Barretto <eduardo.barre...@canonical.com>
+
+--- libreswan-3.32.orig/contrib/labeled-ipsec/getpeercon_server.c
++++ libreswan-3.32/contrib/labeled-ipsec/getpeercon_server.c
+@@ -64,7 +64,7 @@ int main(int argc, char *argv[])
+               srv_sock_path = argv[1];
+ 
+       {
+-              security_context_t ctx;
++              char *ctx;
+               int rc = getcon(&ctx);
+ 
+               fprintf(stderr, "-> running as %s\n",
+@@ -142,7 +142,7 @@ int main(int argc, char *argv[])
+               struct sockaddr_in6 *const cli_sock_6addr = (struct 
sockaddr_in6 *)&cli_sock_saddr;
+               socklen_t cli_sock_addr_len;
+               char cli_sock_addr_str[INET6_ADDRSTRLEN + 1];
+-              security_context_t ctx;
++              char *ctx;
+               char *ctx_str;
+ 
+               //fflush(stdout);
+--- libreswan-3.32.orig/programs/pluto/security_selinux.c
++++ libreswan-3.32/programs/pluto/security_selinux.c
+@@ -28,13 +28,13 @@ void init_avc(void)
+               libreswan_log("selinux support is enabled.");
+       }
+ 
+-      if (avc_init("libreswan", NULL, NULL, NULL, NULL) == 0)
++      if (avc_open(NULL, 0) == 0)
+               selinux_ready = 1;
+       else
+               libreswan_log("selinux: could not initialize avc.");
+ }
+ 
+-int within_range(security_context_t sl, security_context_t range)
++int within_range(char *sl, char *range)
+ {
+       int rtn = 1;
+       security_id_t slsid;
+@@ -60,7 +60,6 @@ int within_range(security_context_t sl,
+       rtn = avc_context_to_sid(range, &rangesid);
+       if (rtn != 0) {
+               dbg("within_range: Unable to retrieve sid for range context 
(%s)", range);
+-              sidput(slsid);
+               return 0;
+       }
+ 
+@@ -72,8 +71,6 @@ int within_range(security_context_t sl,
+       rtn = avc_has_perm(slsid, rangesid, tclass, av, NULL, &avd);
+       if (rtn != 0) {
+               dbg("within_range: The sl (%s) is not within range of (%s)", 
sl, range);
+-              sidput(slsid);
+-              sidput(rangesid);
+               return 0;
+       }
+       dbg("within_range: The sl (%s) is within range of (%s)", sl, range);
+--- libreswan-3.32.orig/programs/pluto/security_selinux.h
++++ libreswan-3.32/programs/pluto/security_selinux.h
+@@ -20,6 +20,6 @@
+ #include <selinux/context.h>
+ 
+ void init_avc(void);
+-int within_range(security_context_t sl, security_context_t range);
++int within_range(char *sl, char *range);
+ 
+ #endif /* _SECURITY_SELINUX_H */
diff -Nru libreswan-3.32/debian/patches/series 
libreswan-3.32/debian/patches/series
--- libreswan-3.32/debian/patches/series        2020-05-26 17:51:07.000000000 
-0300
+++ libreswan-3.32/debian/patches/series        2020-08-26 12:15:35.000000000 
-0300
@@ -4,3 +4,4 @@
 0004-fix-spelling-errors.patch
 0005-Ensure-using-compat-interface-due-to-subtle-NSS-API-.patch
 0006-Use-pkg-config-recommended-by-the-environment.patch
+fix-libselinux3.1-deprecated.patch

Bug#966017: libreswan FTBFS with libselinux 3.1

Reply via email to