backport patches from upstream

2021-01-11 15:54:50 +08:00 · 2021-01-11 15:54:50 +08:00 · b11a8e419b
commit b11a8e419b
parent 31c79ad598
3 changed files with 181 additions and 1 deletions
--- a/backport-ls-fix-crash-printing-SELinux-context-for-unstatable.patch
+++ b/backport-ls-fix-crash-printing-SELinux-context-for-unstatable.patch
@ -0,0 +1,126 @@
 From 6fc695cb4a26f09dfeef8b1c24895a707055334e Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
 Date: Wed, 11 Nov 2020 17:22:33 +0000
 Subject: [PATCH] ls: fix crash printing SELinux context for unstatable files
 This crash was identified by Cyber Independent Testing Lab:
 https://cyber-itl.org/2020/10/28/citl-7000-defects.html
 and was introduced with commit v6.9.90-11-g4245876e2
 * src/ls.c (gobble_file): Ensure scontext is initialized
 in the case where files are not statable.
 * tests/ls/selinux-segfault.sh: Renamed from proc-selinux-segfault.sh,
 and added test case for broken symlinks.
 * tests/local.mk: Adjust for the renamed test.
 * NEWS: Mention the bug fix.
 ---
 src/ls.c                          |  3 +++
 tests/local.mk                    |  2 +-
 tests/ls/proc-selinux-segfault.sh | 27 ---------------------------
 tests/ls/selinux-segfault.sh      | 33 +++++++++++++++++++++++++++++++++
 4 files changed, 40 insertions(+), 28 deletions(-)
 delete mode 100755 tests/ls/proc-selinux-segfault.sh
 create mode 100755 tests/ls/selinux-segfault.sh
 diff --git a/src/ls.c b/src/ls.c
 index 1f6afbc..1b4834c 100644
 --- a/src/ls.c
 +++ b/src/ls.c
@@ -3424,6 +3424,9 @@ gobble_file (char const *name, enum filetype type, ino_t inode,
              provokes an exit status of 1.  */
           file_failure (command_line_arg,
                         _("cannot access %s"), full_name);
 +
 +          f->scontext = UNKNOWN_SECURITY_CONTEXT;
 +
           if (command_line_arg)
             return 0;
 diff --git a/tests/local.mk b/tests/local.mk
 index 7992003..e1c4675 100644
 --- a/tests/local.mk
 +++ b/tests/local.mk
@@ -613,7 +613,7 @@ all_tests =					\
   tests/ls/multihardlink.sh			\
   tests/ls/no-arg.sh				\
   tests/ls/no-cap.sh				\
 -  tests/ls/proc-selinux-segfault.sh		\
 +  tests/ls/selinux-segfault.sh			\
   tests/ls/quote-align.sh			\
   tests/ls/readdir-mountpoint-inode.sh		\
   tests/ls/recursive.sh				\
 diff --git a/tests/ls/proc-selinux-segfault.sh b/tests/ls/proc-selinux-segfault.sh
 deleted file mode 100755
 index 831a00e..0000000
 --- a/tests/ls/proc-selinux-segfault.sh
 +++ /dev/null
@@ -1,27 +0,0 @@
 -#!/bin/sh
 -# ls -l /proc/sys would segfault when built against libselinux1 2.0.15-2+b1
 -
 -# Copyright (C) 2008-2020 Free Software Foundation, Inc.
 -
 -# This program is free software: you can redistribute it and/or modify
 -# it under the terms of the GNU General Public License as published by
 -# the Free Software Foundation, either version 3 of the License, or
 -# (at your option) any later version.
 -
 -# This program is distributed in the hope that it will be useful,
 -# but WITHOUT ANY WARRANTY; without even the implied warranty of
 -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 -# GNU General Public License for more details.
 -
 -# You should have received a copy of the GNU General Public License
 -# along with this program.  If not, see <https://www.gnu.org/licenses/>.
 -
 -. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
 -print_ver_ ls
 -
 -f=/proc/sys
 -test -r $f || f=.
 -
 -ls -l $f > out || fail=1
 -
 -Exit $fail
 diff --git a/tests/ls/selinux-segfault.sh b/tests/ls/selinux-segfault.sh
 new file mode 100755
 index 0000000..e2b7ef6
 --- /dev/null
 +++ b/tests/ls/selinux-segfault.sh
@@ -0,0 +1,33 @@
 +#!/bin/sh
 +# Ensure we don't segfault in selinux handling
 +
 +# Copyright (C) 2008-2020 Free Software Foundation, Inc.
 +
 +# This program is free software: you can redistribute it and/or modify
 +# it under the terms of the GNU General Public License as published by
 +# the Free Software Foundation, either version 3 of the License, or
 +# (at your option) any later version.
 +
 +# This program is distributed in the hope that it will be useful,
 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 +# GNU General Public License for more details.
 +
 +# You should have received a copy of the GNU General Public License
 +# along with this program.  If not, see <https://www.gnu.org/licenses/>.
 +
 +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
 +print_ver_ ls
 +
 +# ls -l /proc/sys would segfault when built against libselinux1 2.0.15-2+b1
 +f=/proc/sys
 +test -r $f || f=.
 +ls -l $f > out || fail=1
 +
 +# ls <= 8.32 would segfault when printing
 +# the security context of broken symlink targets
 +mkdir sedir || framework_failure_
 +ln -sf missing sedir/broken || framework_failure_
 +returns_ 1 ls -L -R -Z -m sedir > out || fail=1
 +
 +Exit $fail
 -- 
 1.8.3.1
--- a/backport-tr-fix-crash-validating-c-with-some-case-char-classe.patch
+++ b/backport-tr-fix-crash-validating-c-with-some-case-char-classe.patch
@ -0,0 +1,49 @@
 From 2bc66c5ea7e507786a45c1b6b15fe74a338240f4 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
 Date: Sat, 14 Nov 2020 16:47:05 +0000
 Subject: [PATCH] tr: fix crash validating -c with some case char classes
 This crash was identified by Cyber Independent Testing Lab:
 https://cyber-itl.org/2020/10/28/citl-7000-defects.html
 and was introduced with commit v8.5-163-g3f48829c2
 * src/tr.c (validate_case_classes): Don't apply these
 extra case alignment checks in the --complement case,
 which is even more restrictive as to the contents of SET2.
 * tests/misc/tr-case-class.sh: Add a test case,
 for a large SET1, which caused the length adjustment
 in validate_case_classes to underflow and trigger the assert.
 * NEWS: Mention the bug fix.
 ---
 src/tr.c                    | 2 +-
 tests/misc/tr-case-class.sh | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)
 diff --git a/src/tr.c b/src/tr.c
 index 6f76507..94794a2 100644
 --- a/src/tr.c
 +++ b/src/tr.c
@@ -1176,7 +1176,7 @@ validate_case_classes (struct Spec_list *s1, struct Spec_list *s2)
   bool s1_new_element = true;
   bool s2_new_element = true;
 -  if (!s2->has_char_class)
 +  if (complement || !s2->has_char_class)
     return;
   for (int i = 0; i < N_CHARS; i++)
 diff --git a/tests/misc/tr-case-class.sh b/tests/misc/tr-case-class.sh
 index 470197e..9f442c0 100755
 --- a/tests/misc/tr-case-class.sh
 +++ b/tests/misc/tr-case-class.sh
@@ -110,4 +110,7 @@ the latter string must not end with a character class' > exp
   compare exp out || fail=1
 fi
 +# coreutils 8.6 - 8.32 inclusive, would abort trying to validate the following
 +returns_ 1 tr -c '[:upper:]\000-\370' '[:lower:]' < /dev/null || fail=1
 +
 Exit $fail
 -- 
 1.8.3.1
--- a/coreutils.spec
+++ b/coreutils.spec
@ -1,6 +1,6 @@
 Name:       coreutils
 Version:    8.32
-Release:    2
+Release:    3
 License:    GPLv3+
 Summary:    A set of basic GNU tools commonly used in shell scripts
 Url:        https://www.gnu.org/software/coreutils/
@ -25,6 +25,8 @@ Patch8:    skip-the-tests-that-require-selinux-if-selinux-is-di.patch
 Patch9:    coreutils-8.32-ls-removed-dir.patch
 Patch10:   coreutils-8.32-leaf-opt-xfs.patch
 Patch11:   backport-ls-fix-crash-printing-SELinux-context-for-unstatable.patch
 Patch12:   backport-tr-fix-crash-validating-c-with-some-case-char-classe.patch 
 Conflicts: filesystem < 3
 # To avoid clobbering installs
@ -135,6 +137,9 @@ fi
 %{_mandir}/man*/*
 %changelog
 * Mon Jan 11 2021 wangchen <wangchen137@huawei.com> - 8.32-3
 - backport patches from upstream
 * Wed Aug 26 2020 chenbo pan <panchenbo@uniontech.com> - 8.32-2
 - fix patch error