libselinux-2.9-10

- Close old selabel handle when setting a new one (RHEL-73348) Resolves: RHEL-73348 - Fix NULL pointer use in selinux_restorecon_set_sehandle (RHEL-74252) Resolves: RHEL-74252
2025-01-24 13:39:29 +01:00 · 2025-01-24 13:39:29 +01:00 · 7a8654ed85
commit 7a8654ed85
parent ed8e2baba1
3 changed files with 75 additions and 1 deletions
--- a/0016-libselinux-Fix-NULL-pointer-use-in-selinux_restoreco.patch
+++ b/0016-libselinux-Fix-NULL-pointer-use-in-selinux_restoreco.patch
@ -0,0 +1,34 @@
 From f232f9013f04234f0c9a457499ccc9ee2254d7b3 Mon Sep 17 00:00:00 2001
 From: Ji Qin <jiqin.ji@huawei.com>
 Date: Sun, 14 Jun 2020 21:20:23 -0400
 Subject: [PATCH] libselinux: Fix NULL pointer use in
 selinux_restorecon_set_sehandle
 Content-type: text/plain
 error occur when selinux_restorecon_default_handle return NULL in
 restorecon_init.
 fixes: https://github.com/SELinuxProject/selinux/issues/249
 Signed-off-by: Ji Qin <jiqin.ji@huawei.com>
 Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
 ---
 libselinux/src/selinux_restorecon.c | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
 index b37027640926..a57932c0602b 100644
 --- a/libselinux/src/selinux_restorecon.c
 +++ b/libselinux/src/selinux_restorecon.c
@@ -1062,6 +1062,8 @@ void selinux_restorecon_set_sehandle(struct selabel_handle *hndl)
 	size_t num_specfiles;
 	fc_sehandle = (struct selabel_handle *) hndl;
 +	if (!fc_sehandle)
 +		return;
 	/*
 	 * Read digest if requested in selabel_open(3) and set global params.
 -- 
 2.48.1
--- a/0017-libselinux-Close-old-selabel-handle-when-setting-a-n.patch
+++ b/0017-libselinux-Close-old-selabel-handle-when-setting-a-n.patch
@ -0,0 +1,34 @@
 From 2bbacbb31d18d9856ca13b6e49a2bfeb34b22b1b Mon Sep 17 00:00:00 2001
 From: James Carter <jwcart2@gmail.com>
 Date: Wed, 22 Jan 2025 10:58:27 -0500
 Subject: [PATCH] libselinux: Close old selabel handle when setting a new one
 Content-type: text/plain
 In selinux_restorecon_set_sehandle(), close the old selabel handle
 (if it exists) before setting the new one.
 Signed-off-by: James Carter <jwcart2@gmail.com>
 ---
 libselinux/src/selinux_restorecon.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
 diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
 index a57932c0602b..db56cc7e587b 100644
 --- a/libselinux/src/selinux_restorecon.c
 +++ b/libselinux/src/selinux_restorecon.c
@@ -1061,7 +1061,11 @@ void selinux_restorecon_set_sehandle(struct selabel_handle *hndl)
 	char **specfiles;
 	size_t num_specfiles;
 -	fc_sehandle = (struct selabel_handle *) hndl;
 +	if (fc_sehandle) {
 +		selabel_close(fc_sehandle);
 +	}
 +
 +        fc_sehandle = (struct selabel_handle *) hndl;
 	if (!fc_sehandle)
 		return;
 -- 
 2.48.1
--- a/libselinux.spec
+++ b/libselinux.spec
@ -6,7 +6,7 @@
 %endif
 %define libsepolver 2.9-1
-%define libselinuxrelease 9
+%define libselinuxrelease 10
 Summary: SELinux library and simple utilities
 Name: libselinux
@ -34,6 +34,8 @@ Patch0012: 0012-libselinux-Strip-spaces-before-values-in-config.patch
 Patch0013: 0013-libselinux-Ignore-missing-directories-when-i-is-used.patch
 Patch0014: 0014-libselinux-restorecon-Fix-memory-leak-xattr_value.patch
 Patch0015: 0015-libselinux-restorecon-Include-selinux-label.h.patch
 Patch0016: 0016-libselinux-Fix-NULL-pointer-use-in-selinux_restoreco.patch
 Patch0017: 0017-libselinux-Close-old-selabel-handle-when-setting-a-n.patch
 BuildRequires: gcc
 %if 0%{?with_ruby}
@ -281,6 +283,10 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %endif
 %changelog
 * Fri Jan 24 2025 Petr Lautrbach <lautrbach@redhat.com> - 2.9-10
 - Close old selabel handle when setting a new one (RHEL-73348)
 - Fix NULL pointer use in selinux_restorecon_set_sehandle (RHEL-74252)
 * Mon Jul 29 2024 Vit Mojzis <vmojzis@redhat.com> - 2.9-9
 - restorecon: Include <selinux/label.h> (RHEL-50830)