!12 fix libselinux deprecated

From: @hht8
Reviewed-by: @small_leek
Signed-off-by: @small_leek

0001-Replace-and-remove-deprecated-libselinux-functions.patch

@@ -0,0 +1,83 @@
+From 629e2b969c8646012e7e83844acd506ff5719a4e Mon Sep 17 00:00:00 2001
+From: Eduardo Barretto <eduardo.barretto@canonical.com>
+Date: Thu, 27 Aug 2020 10:26:01 -0400
+Subject: [PATCH] pluto: Replace/remove deprecated libselinux functions
+
+Signed-off-by: Paul Wouters <pwouters@redhat.com>
+---
+ contrib/labeled-ipsec/getpeercon_server.c | 4 ++--
+ programs/pluto/security_selinux.c         | 7 ++-----
+ programs/pluto/security_selinux.h         | 2 +-
+ 3 files changed, 5 insertions(+), 8 deletions(-)
+
+diff --git a/contrib/labeled-ipsec/getpeercon_server.c b/contrib/labeled-ipsec/getpeercon_server.c
+index 734c5f9d43..75d8301bd2 100644
+--- a/contrib/labeled-ipsec/getpeercon_server.c
++++ b/contrib/labeled-ipsec/getpeercon_server.c
+@@ -64,7 +64,7 @@ int main(int argc, char *argv[])
+ 		srv_sock_path = argv[1];
+ 
+ 	{
+-		security_context_t ctx;
++		char *ctx;
+ 		int rc = getcon(&ctx);
+ 
+ 		fprintf(stderr, "-> running as %s\n",
+@@ -142,7 +142,7 @@ int main(int argc, char *argv[])
+ 		struct sockaddr_in6 *const cli_sock_6addr = (struct sockaddr_in6 *)&cli_sock_saddr;
+ 		socklen_t cli_sock_addr_len;
+ 		char cli_sock_addr_str[INET6_ADDRSTRLEN + 1];
+-		security_context_t ctx;
++		char *ctx;
+ 		char *ctx_str;
+ 
+ 		//fflush(stdout);
+diff --git a/programs/pluto/security_selinux.c b/programs/pluto/security_selinux.c
+index 2b8e28d710..f97ac11576 100644
+--- a/programs/pluto/security_selinux.c
++++ b/programs/pluto/security_selinux.c
+@@ -30,13 +30,13 @@ void init_avc(void)
+ 		DBG_log("selinux support is enabled.");
+ 	}
+ 
+-	if (avc_init("libreswan", NULL, NULL, NULL, NULL) == 0)
++	if (avc_open(NULL, 0) == 0)
+ 		selinux_ready = 1;
+ 	else
+ 		DBG_log("selinux: could not initialize avc.");
+ }
+ 
+-int within_range(security_context_t sl, security_context_t range)
++int within_range(char *sl, security_context_t range)
+ {
+ 	int rtn = 1;
+ 	security_id_t slsid;
+@@ -62,7 +62,6 @@ int within_range(security_context_t sl, security_context_t range)
+ 	if (rtn != 0) {
+ 		DBG_log("within_range: Unable to retrieve sid for range context (%s)",
+ 			range);
+-		sidput(slsid);
+ 		return 0;
+ 	}
+ 
+@@ -74,8 +73,6 @@ int within_range(security_context_t sl, security_context_t range)
+ 	if (rtn != 0) {
+ 		DBG_log("within_range: The sl (%s) is not within range of (%s)", sl,
+ 			range);
+-		sidput(slsid);
+-		sidput(rangesid);
+ 		return 0;
+ 	}
+ 	DBG_log("within_range: The sl (%s) is within range of (%s)", sl,
+diff --git a/programs/pluto/security_selinux.h b/programs/pluto/security_selinux.h
+index 35978b1481..43c1dde68a 100644
+--- a/programs/pluto/security_selinux.h
++++ b/programs/pluto/security_selinux.h
+@@ -20,6 +20,6 @@
+ #include <selinux/context.h>
+ 
+ void init_avc(void);
+-int within_range(security_context_t sl, security_context_t range);
++int within_range(char *sl, security_context_t range);
+ 
+ #endif /* _SECURITY_SELINUX_H */

0002-fixup-last-two-occurances-of-security_context_t.patch

@@ -0,0 +1,35 @@
+From 66e3812b73e1a91677c2fea446419a18176c96a6 Mon Sep 17 00:00:00 2001
+From: Paul Wouters <pwouters@redhat.com>
+Date: Thu, 27 Aug 2020 12:33:23 -0400
+Subject: [PATCH] pluto: fixup last two occurances of security_context_t
+
+---
+ programs/pluto/security_selinux.c | 2 +-
+ programs/pluto/security_selinux.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/programs/pluto/security_selinux.c b/programs/pluto/security_selinux.c
+index f97ac11576..f7ca54bb1d 100644
+--- a/programs/pluto/security_selinux.c
++++ b/programs/pluto/security_selinux.c
+@@ -36,7 +36,7 @@ void init_avc(void)
+ 		DBG_log("selinux: could not initialize avc.");
+ }
+ 
+-int within_range(char *sl, security_context_t range)
++int within_range(char *sl, char *range)
+ {
+ 	int rtn = 1;
+ 	security_id_t slsid;
+diff --git a/programs/pluto/security_selinux.h b/programs/pluto/security_selinux.h
+index 43c1dde68a..87785d2638 100644
+--- a/programs/pluto/security_selinux.h
++++ b/programs/pluto/security_selinux.h
+@@ -20,6 +20,6 @@
+ #include <selinux/context.h>
+ 
+ void init_avc(void);
+-int within_range(char *sl, security_context_t range);
++int within_range(char *sl, char *range);
+ 
+ #endif /* _SECURITY_SELINUX_H */

libreswan.spec

@@ -20,7 +20,7 @@
 
 Name:             libreswan
 Version:          3.25
-Release:          7
+Release:          8
 Summary:          A free implementation of IPsec & IKE for Linux
 License:          GPLv2
 Url:              https://github.com/libreswan/libreswan
@@ -30,6 +30,8 @@ Source2:          openeuler-libreswan-tmpfiles.conf
 
 Patch0001:        libreswan-3.25-relax-delete.patch
 Patch0002:        libreswan-3.25-unbound-hook.patch
+Patch0003:        0001-Replace-and-remove-deprecated-libselinux-functions.patch
+Patch0004:        0002-fixup-last-two-occurances-of-security_context_t.patch
 
 BuildRequires:    gcc pkgconfig hostname bison flex systemd-devel nss-devel >= 3.16.1
 BuildRequires:    nspr-devel pam-devel libevent-devel unbound-devel >= 1.6.0-6 ldns-devel
@@ -130,6 +132,9 @@ export NSS_DISABLE_HW_GCM=1
 %doc %{_mandir}/*/*
 
 %changelog
+* Tue Sep 22 2020 huanghaitao <huanghaitao8@huawei.com> - 3.25-8
+- Fix libselinux deprecates
+
 * Mon Sep 14 2020 Ge Wang <wangge20@huawei.com> - 3.25-7
 - Modify Source0 Url