commit 013847324187e904fae2c3de3c6edf25f7cda903 Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 10:35:06 2019 -0400 Package init diff --git a/0002-checkpolicy-destroy-the-class-datum-if-it-fails-to-initialize.patch b/0002-checkpolicy-destroy-the-class-datum-if-it-fails-to-initialize.patch new file mode 100644 index 0000000..a100aee --- /dev/null +++ b/0002-checkpolicy-destroy-the-class-datum-if-it-fails-to-initialize.patch @@ -0,0 +1,29 @@ +From daa00b28998af811f92aa821090f0ac2dd71f2bc Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss +Date: Sat, 26 May 2018 18:15:07 +0200 +Subject: [PATCH] checkpolicy: destroy the class datum if it fails to + initialize + +require_class() allocate memory for its variable "class_datum_t *datum" +and calls symtab_init(&datum->permissions, PERM_SYMTAB_SIZE). If this +second call fails, datum is not freed. + +Fix this memory leak. + +Signed-off-by: Nicolas Iooss +--- + module_compiler.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/module_compiler.c b/module_compiler.c +index 155702f2..ada7cb2a 100644 +--- a/module_compiler.c ++++ b/module_compiler.c +@@ -802,6 +802,7 @@ int require_class(int pass) + if ((datum = calloc(1, sizeof(*datum))) == NULL || + symtab_init(&datum->permissions, PERM_SYMTAB_SIZE)) { + yyerror("Out of memory!"); ++ class_datum_destroy(datum); + return -1; + } + ret = diff --git a/checkpolicy-2.8.tar.gz b/checkpolicy-2.8.tar.gz new file mode 100644 index 0000000..329da54 Binary files /dev/null and b/checkpolicy-2.8.tar.gz differ diff --git a/checkpolicy.spec b/checkpolicy.spec new file mode 100644 index 0000000..30c4bf0 --- /dev/null +++ b/checkpolicy.spec @@ -0,0 +1,83 @@ +Name: checkpolicy +Version: 2.8 +Release: 6 +Summary: SELinux policy compiler +License: GPLv2 +URL: https://github.com/SELinuxProject/selinux +Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/checkpolicy-2.8.tar.gz + +Patch6000: 0002-checkpolicy-destroy-the-class-datum-if-it-fails-to-initialize.patch + +BuildRequires: gcc byacc bison flex flex-static libsepol-static >= 2.8-1 libselinux-devel >= 2.8-1 git +Conflicts: selinux-policy-base < 3.13.1-138 + +%description +checkpolicy is the SELinux policy compiler. It uses libsepol to +generate the binary policy. + +(Security-enhanced Linux is a feature of the kernel and some +utilities that implement mandatory access control policies, such as +Type Enforcement, Role-based Access Control and Multi-Level +Security.) + +%package_help + +%prep +%autosetup -n %{name}-%{version} -p1 -Sgit + +%build +make clean +make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS" +make -C test LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS" + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot}%{_bindir} +%make_install LIBDIR="%{_libdir}" +install test/dismod %{buildroot}%{_bindir}/sedismod +install test/dispol %{buildroot}%{_bindir}/sedispol + +%pre + +%preun + +%post + +%postun + +%files +%defattr(-,root,root) +%license COPYING +%{_bindir}/* + +%files help +%defattr(-,root,root) +%{_mandir}/*/* + +%changelog +* Sat Sep 21 2019 openEuler Buildteam - 2.8-6 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:revise description + +* Fri Aug 23 2019 openEuler Buildteam - 2.8-5 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:strengthen spec + +* Tue Aug 20 2019 guoxiaoqi - 2.8-4 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:rename patches + +* Tue Jul 9 2019 zhangyujing - 2.8-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Destroy the class datum if it fails to initialize + +* Thu Jul 12 2018 openEuler Buildteam - 2.8-2 +- Package init