packages/libselinux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!35 update version to 3.4

Browse Source 
From: @zgzxx 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
This commit is contained in:
openeuler-ci-bot 2023-02-02 02:35:02 +00:00 committed by Gitee
commit a75ffeba31
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
7 changed files with 8 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
backport-libselinux-Close-leaked-FILEs.patch
View File

@ -1,55 +0,0 @@
From c1a8da6e4a2b53ea346d4493346cde7c0a5a5f49 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Fri, 11 Mar 2022 12:53:30 +0100
Subject: [PATCH] libselinux: Close leaked FILEs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes:
label_media.c:94:24: warning: leak of FILE fopen (path_28, "re") [CWE-775] [-Wanalyzer-file-leak]
label_x.c:121:24: warning: leak of FILE fopen (path_28, "re") [CWE-775] [-Wanalyzer-file-leak]
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
src/label_media.c | 4 ++--
src/label_x.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/label_media.c b/src/label_media.c
index eb27deaf..3137c18e 100644
--- a/src/label_media.c
+++ b/src/label_media.c
@@ -95,10 +95,10 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
__fsetlocking(fp, FSETLOCKING_BYCALLER);
if (fstat(fileno(fp), &sb) < 0)
- return -1;
+ goto finish;
if (!S_ISREG(sb.st_mode)) {
errno = EINVAL;
- return -1;
+ goto finish;
}
rec->spec_file = strdup(path);
diff --git a/src/label_x.c b/src/label_x.c
index e9fa063f..e6e8d9f6 100644
--- a/src/label_x.c
+++ b/src/label_x.c
@@ -122,10 +122,10 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
__fsetlocking(fp, FSETLOCKING_BYCALLER);
if (fstat(fileno(fp), &sb) < 0)
- return -1;
+ goto finish;
if (!S_ISREG(sb.st_mode)) {
errno = EINVAL;
- return -1;
+ goto finish;
}
rec->spec_file = strdup(path);
--
2.27.0

38
backport-libselinux-free-memory-in-error-branch.patch
View File

@ -1,38 +0,0 @@
From 8266fd9401b920bd3552410ebe215069891c373f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 10 May 2022 19:45:51 +0200
Subject: [PATCH] libselinux: free memory in error branch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In case the allocation for the filename fails, free the memory of the context.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
src/selinux_restorecon.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/selinux_restorecon.c b/src/selinux_restorecon.c
index 12b85101..c8db26c2 100644
--- a/src/selinux_restorecon.c
+++ b/src/selinux_restorecon.c
@@ -487,11 +487,13 @@ static int filespec_add(ino_t ino, const char *con, const char *file,
goto oom_freefl;
fl->file = strdup(file);
if (!fl->file)
- goto oom_freefl;
+ goto oom_freeflcon;
fl->next = prevfl->next;
prevfl->next = fl;
return 0;
+oom_freeflcon:
+ free(fl->con);
oom_freefl:
free(fl);
oom:
--
2.27.0

34
backport-libselinux-free-memory-on-selabel_open-3-failure.patch
View File

@ -1,34 +0,0 @@
From b9a4d13a300665098f04bf5108929ea54668b1bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 13 Apr 2022 17:56:32 +0200
Subject: [PATCH] libselinux: free memory on selabel_open(3) failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If selabel_open(3) fails, e.g. when a specfile has the wrong file
permissions, free the memory allocated for digests.
Fixes: e40bbea9 ("libselinux: Add selabel_digest function")
Acked-by: James Carter <jwcart2@gmail.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
src/label.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/label.c b/src/label.c
index a03192e5..586e5e5e 100644
--- a/src/label.c
+++ b/src/label.c
@@ -226,6 +226,8 @@ struct selabel_handle *selabel_open(unsigned int backend,
rec->digest = selabel_is_digest_set(opts, nopts, rec->digest);
if ((*initfuncs[backend])(rec, opts, nopts)) {
+ if (rec->digest)
+ selabel_digest_fini(rec->digest);
free(rec->spec_file);
free(rec);
rec = NULL;
--
2.27.0

114
backport-libselinux-restorecon-misc-tweaks.patch
View File

@ -1,114 +0,0 @@
From 657420d67fcca479fa495b09c540b3cecb539e9e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 11 May 2022 20:42:23 +0200
Subject: [PATCH] libselinux: restorecon: misc tweaks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* mark read-only parameters const
* check for overflow when adding exclude directory
* use 64 bit integer for file counting
* avoid implicit conversions
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
src/selinux_restorecon.c | 26 +++++++++++++++++---------
1 file changed, 17 insertions(+), 9 deletions(-)
diff --git a/src/selinux_restorecon.c b/src/selinux_restorecon.c
index e6192912..c158ead8 100644
--- a/src/selinux_restorecon.c
+++ b/src/selinux_restorecon.c
@@ -44,7 +44,7 @@
static struct selabel_handle *fc_sehandle = NULL;
static bool selabel_no_digest;
static char *rootpath = NULL;
-static int rootpathlen;
+static size_t rootpathlen;
/* Information on excluded fs and directories. */
struct edir {
@@ -55,7 +55,7 @@ struct edir {
};
#define CALLER_EXCLUDED true
static bool ignore_mounts;
-static int exclude_non_seclabel_mounts(void);
+static uint64_t exclude_non_seclabel_mounts(void);
static int exclude_count = 0;
static struct edir *exclude_lst = NULL;
static uint64_t fc_count = 0; /* Number of files processed so far */
@@ -169,6 +169,12 @@ static int add_exclude(const char *directory, bool who)
return -1;
}
+ if (exclude_count >= INT_MAX - 1) {
+ selinux_log(SELINUX_ERROR, "Too many directory excludes: %d.\n", exclude_count);
+ errno = EOVERFLOW;
+ return -1;
+ }
+
tmp_list = realloc(exclude_lst,
sizeof(struct edir) * (exclude_count + 1));
if (!tmp_list)
@@ -211,10 +217,10 @@ static int check_excluded(const char *file)
return 0;
}
-static int file_system_count(char *name)
+static uint64_t file_system_count(const char *name)
{
struct statvfs statvfs_buf;
- int nfile = 0;
+ uint64_t nfile = 0;
memset(&statvfs_buf, 0, sizeof(statvfs_buf));
if (!statvfs(name, &statvfs_buf))
@@ -230,12 +236,13 @@ static int file_system_count(char *name)
* that support security labels have the seclabel option, return
* approximate total file count.
*/
-static int exclude_non_seclabel_mounts(void)
+static uint64_t exclude_non_seclabel_mounts(void)
{
struct utsname uts;
FILE *fp;
size_t len;
- int index = 0, found = 0, nfile = 0;
+ int index = 0, found = 0;
+ uint64_t nfile = 0;
char *mount_info[4];
char *buf = NULL, *item;
@@ -300,7 +307,8 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
{
char *sha1_buf = NULL;
size_t i, digest_len = 0;
- int rc, digest_result;
+ int rc;
+ enum digest_result digest_result;
bool match;
struct dir_xattr *new_entry;
uint8_t *xattr_digest = NULL;
@@ -573,7 +581,7 @@ static void filespec_destroy(void)
* Called if SELINUX_RESTORECON_SET_SPECFILE_CTX is not set to check if
* the type components differ, updating newtypecon if so.
*/
-static int compare_types(char *curcon, char *newcon, char **newtypecon)
+static int compare_types(const char *curcon, const char *newcon, char **newtypecon)
{
int types_differ = 0;
context_t cona;
@@ -1398,7 +1406,7 @@ void selinux_restorecon_set_exclude_list(const char **exclude_list)
/* selinux_restorecon_set_alt_rootpath(3) sets an alternate rootpath. */
int selinux_restorecon_set_alt_rootpath(const char *alt_rootpath)
{
- int len;
+ size_t len;
/* This should be NULL on first use */
if (rootpath)
--
2.27.0

BIN
libselinux-3.3.tar.gz
View File

Binary file not shown.

BIN
libselinux-3.4.tar.gz Normal file
View File

Binary file not shown.

17
libselinux.spec
View File

@ -1,19 +1,15 @@
%global ruby_inc %(pkg-config --cflags ruby)
%global libsepol_version 3.3
%global libsepol_version 3.4
Name: libselinux
Version: 3.3
Release: 2
Version: 3.4
Release: 1
License: Public Domain
Summary: SELinux library and simple utilities
Url: https://github.com/SELinuxProject/selinux/wiki
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.3/libselinux-3.3.tar.gz
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libselinux-%{version}.tar.gz
Patch6000: backport-libselinux-Close-leaked-FILEs.patch
Patch6001: backport-libselinux-free-memory-on-selabel_open-3-failure.patch
Patch6002: backport-libselinux-restorecon-misc-tweaks.patch
Patch6003: backport-libselinux-free-memory-in-error-branch.patch
Patch6004: backport-libselinux-restorecon-avoid-printing-NULL-pointer.patch
Patch6000: backport-libselinux-restorecon-avoid-printing-NULL-pointer.patch
Patch9000: do-malloc-trim-after-load-policy.patch
@ -134,6 +130,9 @@ mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
%{_mandir}/ru/man8/*
%changelog
* Mon Jan 30 2023 zhangguangzhi <zhangguangzhi3@huawei.com> - 3.4-1
- update version to 3.4
* Sun Oct 9 2022 lujie <lujie54@huawei.com> - 3.3-2
- backport upstream patches