From 56e7c28148ffc207c3ce7e053c8e10c63fb50ef5 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 16 May 2023 06:16:01 +0000
Subject: [PATCH] import libselinux-2.9-8.el8

---
 ...e-missing-directories-when-i-is-used.patch | 46 +++++++++++++++++++
 ...storecon-Fix-memory-leak-xattr_value.patch | 42 +++++++++++++++++
 SPECS/libselinux.spec                         | 10 +++-
 3 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/0013-libselinux-Ignore-missing-directories-when-i-is-used.patch
 create mode 100644 SOURCES/0014-libselinux-restorecon-Fix-memory-leak-xattr_value.patch

diff --git a/SOURCES/0013-libselinux-Ignore-missing-directories-when-i-is-used.patch b/SOURCES/0013-libselinux-Ignore-missing-directories-when-i-is-used.patch
new file mode 100644
index 0000000..a5a48a0
--- /dev/null
+++ b/SOURCES/0013-libselinux-Ignore-missing-directories-when-i-is-used.patch
@@ -0,0 +1,46 @@
+From 9a04499cebedac3f585c0240e6cf68f786ae62b7 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Mon, 31 Oct 2022 17:00:43 +0100
+Subject: [PATCH] libselinux: Ignore missing directories when -i is used
+
+Currently "-i" only ignores a file whose parent directory exists. Start also
+ignoring paths with missing components.
+
+Fixes:
+  # restorecon -i -v -R /var/log/missingdir/missingfile; echo $?
+  255
+  restorecon: SELinux: Could not get canonical path for /var/log/missingdir/missingfile restorecon: No such file or directory.
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+---
+ libselinux/src/selinux_restorecon.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
+index 5f189235..2ff73db6 100644
+--- a/libselinux/src/selinux_restorecon.c
++++ b/libselinux/src/selinux_restorecon.c
+@@ -820,6 +820,10 @@ int selinux_restorecon(const char *pathname_orig,
+ 			pathname = realpath(pathname_orig, NULL);
+ 			if (!pathname) {
+ 				free(basename_cpy);
++				/* missing parent directory */
++				if (flags.ignore_noent && errno == ENOENT) {
++					return 0;
++				}
+ 				goto realpatherr;
+ 			}
+ 		} else {
+@@ -833,6 +837,9 @@ int selinux_restorecon(const char *pathname_orig,
+ 			free(dirname_cpy);
+ 			if (!pathdnamer) {
+ 				free(basename_cpy);
++				if (flags.ignore_noent && errno == ENOENT) {
++					return 0;
++				}
+ 				goto realpatherr;
+ 			}
+ 			if (!strcmp(pathdnamer, "/"))
+-- 
+2.37.3
+
diff --git a/SOURCES/0014-libselinux-restorecon-Fix-memory-leak-xattr_value.patch b/SOURCES/0014-libselinux-restorecon-Fix-memory-leak-xattr_value.patch
new file mode 100644
index 0000000..8cfcc2b
--- /dev/null
+++ b/SOURCES/0014-libselinux-restorecon-Fix-memory-leak-xattr_value.patch
@@ -0,0 +1,42 @@
+From 599f1ec818d50ffc9690fea8c03b5fe278f30ed4 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Wed, 7 Dec 2022 09:19:29 +0100
+Subject: [PATCH] libselinux/restorecon: Fix memory leak - xattr_value
+
+Fix memory leak introduced by commit
+ 9a04499cebedac3f585c0240e6cf68f786ae62b7
+ libselinux: Ignore missing directories when -i is used
+
+Error: RESOURCE_LEAK:
+ selinux_restorecon.c:804: alloc_fn: Storage is returned from allocation function "malloc".
+ selinux_restorecon.c:804: var_assign: Assigning: "xattr_value" = storage returned from "malloc(fc_digest_len)".
+ selinux_restorecon.c:825: leaked_storage: Variable "xattr_value" going out of scope leaks the storage it points to.
+
+Resolves: rhbz#2137965
+---
+ libselinux/src/selinux_restorecon.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
+index 2ff73db6..b3702764 100644
+--- a/libselinux/src/selinux_restorecon.c
++++ b/libselinux/src/selinux_restorecon.c
+@@ -822,6 +822,7 @@ int selinux_restorecon(const char *pathname_orig,
+ 				free(basename_cpy);
+ 				/* missing parent directory */
+ 				if (flags.ignore_noent && errno == ENOENT) {
++					free(xattr_value);
+ 					return 0;
+ 				}
+ 				goto realpatherr;
+@@ -838,6 +839,7 @@ int selinux_restorecon(const char *pathname_orig,
+ 			if (!pathdnamer) {
+ 				free(basename_cpy);
+ 				if (flags.ignore_noent && errno == ENOENT) {
++					free(xattr_value);
+ 					return 0;
+ 				}
+ 				goto realpatherr;
+-- 
+2.37.3
+
diff --git a/SPECS/libselinux.spec b/SPECS/libselinux.spec
index a68ad30..deee396 100644
--- a/SPECS/libselinux.spec
+++ b/SPECS/libselinux.spec
@@ -6,7 +6,7 @@
 %endif
 
 %define libsepolver 2.9-1
-%define libselinuxrelease 6
+%define libselinuxrelease 8
 
 Summary: SELinux library and simple utilities
 Name: libselinux
@@ -31,6 +31,8 @@ Patch0009: 0009-libselinux-Eliminate-use-of-security_compute_user.patch
 Patch0010: 0010-libselinux-deprecate-security_compute_user-update-ma.patch
 Patch0011: 0011-selinux-8-5-Describe-fcontext-regular-expressions.patch
 Patch0012: 0012-libselinux-Strip-spaces-before-values-in-config.patch
+Patch0013: 0013-libselinux-Ignore-missing-directories-when-i-is-used.patch
+Patch0014: 0014-libselinux-restorecon-Fix-memory-leak-xattr_value.patch
 
 BuildRequires: gcc
 %if 0%{?with_ruby}
@@ -278,6 +280,12 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %endif
 
 %changelog
+* Wed Dec 07 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-8
+- restorecon: Fix memory leak - xattr_value (#2137965)
+
+* Tue Dec 06 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-7
+- Restorecon: Ignore missing directories when -i is used (#2137965)
+
 * Thu Jul 07 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-6
 - Describe fcontext regular expressions (#1904059)
 - Strip spaces before values in config (#2012145)