From 182cc455be1b3b171eb3000619f95f37f023191f Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Wed, 25 May 2022 13:41:20 +0200 Subject: [PATCH] Rebase to v1.1.2 - fixed CVE-2022-1117 Resolves: rhbz#2089692 Signed-off-by: Radovan Sroka --- .gitignore | 1 + fapolicyd.spec | 20 +++++++++++++++++--- sources | 2 +- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 514a8b0..968954d 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ /fapolicyd-1.0.4.tar.gz /fapolicyd-1.1.tar.gz /fapolicyd-1.1.1.tar.gz +/fapolicyd-1.1.2.tar.gz diff --git a/fapolicyd.spec b/fapolicyd.spec index e1dc892..a51d47f 100644 --- a/fapolicyd.spec +++ b/fapolicyd.spec @@ -4,8 +4,8 @@ Summary: Application Whitelisting Daemon Name: fapolicyd -Version: 1.1.1 -Release: 2%{?dist} +Version: 1.1.2 +Release: 1%{?dist} License: GPLv3+ URL: http://people.redhat.com/sgrubb/fapolicyd Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz @@ -82,9 +82,18 @@ Don't use dnf and rpm plugin together. %patch2 -p1 -b .watch-perm %patch3 -p1 -b .home +# generate rules for python sed -i "s/%python2_path%/`readlink -f %{__python2} | sed 's/\//\\\\\//g'`/g" rules.d/*.rules sed -i "s/%python3_path%/`readlink -f %{__python3} | sed 's/\//\\\\\//g'`/g" rules.d/*.rules -sed -i "s/%ld_so_path%/`find /usr/lib64/ -type f -name 'ld-linux-*.so.*' | sed 's/\//\\\\\//g'`/g" rules.d/*.rules + +# Detect run time linker directly from bash +interpret=`readelf -e /usr/bin/bash \ + | grep Requesting \ + | sed 's/.$//' \ + | rev | cut -d" " -f1 \ + | rev` + +sed -i "s|%ld_so_path%|`realpath $interpret`|g" rules.d/*.rules %build ./autogen.sh @@ -218,6 +227,11 @@ fi %changelog +* Wed May 25 2022 Radovan Sroka - 1.1.2-1 +- rebase to v1.1.2 +- fixed CVE-2022-1117 +Resolves: rhbz#2089692 + * Wed Mar 30 2022 Radovan Sroka - 1.1.1-2 - rebase to v1.1.1 diff --git a/sources b/sources index a463ff6..7d8998e 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (fapolicyd-1.1.1.tar.gz) = f1c808f488dd30ef6b559455cf57a79a2bd6237417e20afcd8a86c3b79db8ad8616f193f733fc0417b5f69a3db740e59c3b1c4283391b32b42841f9c69ca2383 +SHA512 (fapolicyd-1.1.2.tar.gz) = e61d952e92e7bf31915ae2aa8875a40fc79aa0465bb99e30abeb2cf1374c7c076ea0328cb25285203f5893bad1f2037cc9518a1a95a5ad98551646178da54521 SHA512 (fapolicyd-selinux-0.4.tar.gz) = afc74b9c55c71bec2039d112e8e16abc510b58bf794bd665f3128a63daa45572a6f18d1c4de1f63e45a01f8696aacfbf54ed2a07485d581f25446b7fe92307a2 SHA512 (uthash-2.3.0.tar.gz) = 3b01f1074790fb242900411cb16eb82c1a9afcf58e3196a0f4611d9d7ef94690ad38c0a500e7783d3efa20328aa8d6ab14f246be63b3b3d385502ba2b6b2a294