From 7f0ad327e8f83aba569e7fe5d4bf8662a344a6f5 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 22 Mar 2017 10:15:36 +0100 Subject: [PATCH] libselinux-2.6-4 - Fix segfault in selinux_restorecon_sb() (#1433577) - Change matchpathcon usage to match with matchpathcon manpage - Fix a corner case getsebool return value --- libselinux-fedora.patch | 38 ++++++++++++++++++++++++++++++++++++++ libselinux.spec | 7 ++++++- 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/libselinux-fedora.patch b/libselinux-fedora.patch index 84c9296..b53de49 100644 --- a/libselinux-fedora.patch +++ b/libselinux-fedora.patch @@ -518,6 +518,18 @@ index 9669264..c775430 100644 *sid = NULL; hvalue = sidtab_hash(ctx); +diff --git libselinux-2.6/src/booleans.c libselinux-2.6/src/booleans.c +index cbb0610..9cffffe 100644 +--- libselinux-2.6/src/booleans.c ++++ libselinux-2.6/src/booleans.c +@@ -55,6 +55,7 @@ int security_get_boolean_names(char ***names, int *len) + snprintf(path, sizeof path, "%s%s", selinux_mnt, SELINUX_BOOL_DIR); + *len = scandir(path, &namelist, &filename_select, alphasort); + if (*len <= 0) { ++ errno = ENOENT; + return -1; + } + diff --git libselinux-2.6/src/canonicalize_context.c libselinux-2.6/src/canonicalize_context.c index 7cf3139..364a746 100644 --- libselinux-2.6/src/canonicalize_context.c @@ -686,6 +698,19 @@ index 724eb65..58b4144 100644 last_component = strrchr(tmp_path, '/'); if (last_component == tmp_path) { +diff --git libselinux-2.6/src/selinux_restorecon.c libselinux-2.6/src/selinux_restorecon.c +index e38d1d0..a67876f 100644 +--- libselinux-2.6/src/selinux_restorecon.c ++++ libselinux-2.6/src/selinux_restorecon.c +@@ -663,7 +663,7 @@ static int restorecon_sb(const char *pathname, const struct stat *sb, + curcon = NULL; + } + +- if (strcmp(curcon, newcon) != 0) { ++ if (curcon == NULL || strcmp(curcon, newcon) != 0) { + if (!flags->set_specctx && curcon && + (is_context_customizable(curcon) > 0)) { + if (flags->verbose) { diff --git libselinux-2.6/src/selinuxswig_python.i libselinux-2.6/src/selinuxswig_python.i index 8cea18d..43df291 100644 --- libselinux-2.6/src/selinuxswig_python.i @@ -765,3 +790,16 @@ index d05969c..3f0200e 100644 if (rc < 0 && errno == ENOTSUP) { char * ccontext = NULL; int err = errno; +diff --git libselinux-2.6/utils/matchpathcon.c libselinux-2.6/utils/matchpathcon.c +index d1f1348..0288feb 100644 +--- libselinux-2.6/utils/matchpathcon.c ++++ libselinux-2.6/utils/matchpathcon.c +@@ -15,7 +15,7 @@ + static void usage(const char *progname) + { + fprintf(stderr, +- "usage: %s [-N] [-n] [-f file_contexts] [ -P policy_root_path ] [-p prefix] [-Vq] path...\n", ++ "usage: %s [-V] [-N] [-n] [-m type] [-f file_contexts_file] [-p prefix] [-P policy_root_path] filepath...\n", + progname); + exit(1); + } diff --git a/libselinux.spec b/libselinux.spec index b78e263..28f0f37 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -9,7 +9,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 2.6 -Release: 3%{?dist} +Release: 4%{?dist} License: Public Domain Group: System Environment/Libraries # https://github.com/SELinuxProject/selinux/wiki/Releases @@ -262,6 +262,11 @@ rm -rf %{buildroot} %{ruby_vendorarchdir}/selinux.so %changelog +* Wed Mar 22 2017 Petr Lautrbach - 2.6-4 +- Fix segfault in selinux_restorecon_sb() (#1433577) +- Change matchpathcon usage to match with matchpathcon manpage +- Fix a corner case getsebool return value + * Tue Mar 14 2017 Petr Lautrbach - 2.6-3 - Fix 'semanage boolean -m' to modify active value