Sync with rawhide branch in github fedora-selinux/selinux

2022-07-25 17:36:04 +02:00 · 2022-07-25 17:36:04 +02:00 · a63ec4838e
commit a63ec4838e
parent e198df8d6a
2 changed files with 16 additions and 8 deletions
--- a/0001-Use-SHA-2-instead-of-SHA-1.patch
+++ b/0001-Use-SHA-2-instead-of-SHA-1.patch
@ -1,4 +1,4 @@
-From ff417d9a70e6d6ee40176b184ea7b67ee3f2355b Mon Sep 17 00:00:00 2001
+From f2c923b1764cf647570eaf6c904e4a95ff851cb1 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Fri, 30 Jul 2021 14:14:37 +0200
 Subject: [PATCH] Use SHA-2 instead of SHA-1
@ -10,7 +10,7 @@ The use of SHA-1 in RHEL9 is deprecated
 libselinux/include/selinux/restorecon.h       |   4 +-
 libselinux/man/man3/selabel_digest.3          |   4 +-
 libselinux/man/man3/selabel_open.3            |   2 +-
- libselinux/man/man3/selinux_restorecon.3      |  16 +-
+ libselinux/man/man3/selinux_restorecon.3      |  18 +-
 .../man/man3/selinux_restorecon_xattr.3       |   2 +-
 libselinux/src/Makefile                       |   2 +-
 libselinux/src/label_file.c                   |  40 +--
@ -23,7 +23,7 @@ The use of SHA-1 in RHEL9 is deprecated
 libselinux/src/sha256.h                       |  89 ++++++
 libselinux/utils/selabel_digest.c             |  26 +-
 .../selabel_get_digests_all_partial_matches.c |  28 +-
- 17 files changed, 470 insertions(+), 392 deletions(-)
+ 17 files changed, 471 insertions(+), 393 deletions(-)
 delete mode 100644 libselinux/src/sha1.c
 delete mode 100644 libselinux/src/sha1.h
 create mode 100644 libselinux/src/sha256.c
@ -97,7 +97,7 @@ index 0e03e1be111e..14ab888d2e03 100644
 .BR selabel_digest (3)
 .
 diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3
-index 218aaf6d2ae5..c74189c0852d 100644
+index 218aaf6d2ae5..5f6d4b386429 100644
 --- a/libselinux/man/man3/selinux_restorecon.3
 +++ b/libselinux/man/man3/selinux_restorecon.3
@@ -36,7 +36,7 @@ If this is a directory and the
@ -138,7 +138,13 @@ index 218aaf6d2ae5..c74189c0852d 100644
 extended attribute as described in the
 .B NOTES
 section.
-@@ -184,7 +184,7 @@ walk, the specfile entries SHA1 digest will not have been written to the
+@@ -179,12 +179,12 @@ for fetching the ignored (skipped) error count after
 or
 .BR selinux_restorecon_parallel (3)
 completes with success. In case any errors were skipped during the file tree
 -walk, the specfile entries SHA1 digest will not have been written to the
 +walk, the specfile entries SHA256 digest will not have been written to the
 .IR security.sehash
 extended attribute.
 .RE
 .sp
--- a/0002-Revert-libselinux-restorecon-pin-file-to-avoid-TOCTO.patch
+++ b/0002-Revert-libselinux-restorecon-pin-file-to-avoid-TOCTO.patch
@ -1,4 +1,4 @@
-From 35b6ca70efca88e849e27a5c5524394da5f47693 Mon Sep 17 00:00:00 2001
+From f48635ccd34412a824f9d608326fcd669db9d63b Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Tue, 31 May 2022 13:37:12 +0200
 Subject: [PATCH] Revert "libselinux: restorecon: pin file to avoid TOCTOU
@ -7,10 +7,12 @@ Content-type: text/plain
 This reverts commit 7e979b56fd2cee28f647376a7233d2ac2d12ca50.
-The reverted commit broke `setfiles` when it was run from a chroot
+The reverted commit broke `setfiles` when it's run from a chroot
 without /proc mounted, e.g.
-    # setfiles -e /proc -e /sys /sys /etc/selinux/targeted/contexts/files/file_contexts /
+    # chroot /mnt/sysimage
    chroot# setfiles -e /proc -e /sys /sys /etc/selinux/targeted/contexts/files/file_contexts /
    [strace]
    openat(AT_FDCWD, "/", O_RDONLY|O_EXCL|O_NOFOLLOW|O_PATH) = 3
    newfstatat(3, "", {st_mode=S_IFDIR|0555, st_size=4096, ...}, AT_EMPTY_PATH) = 0