SELinux userspace 3.3-rc2 release

This commit is contained in:
Petr Lautrbach 2021-09-29 17:58:15 +02:00
parent ce7686077d
commit 1209cc6458
7 changed files with 19 additions and 161 deletions

1
.gitignore vendored
View File

@ -149,3 +149,4 @@ libsemanage-2.0.45.tgz
/libsemanage-3.2-rc1.tar.gz /libsemanage-3.2-rc1.tar.gz
/libsemanage-3.2-rc2.tar.gz /libsemanage-3.2-rc2.tar.gz
/libsemanage-3.2.tar.gz /libsemanage-3.2.tar.gz
/libsemanage-3.3-rc2.tar.gz

View File

@ -1,4 +1,4 @@
From cb0f1618cc3f81ac71717a426c6e471ccac1c065 Mon Sep 17 00:00:00 2001 From 05bc0fe72b53476a9d4da3957c6d6cba00c76eea Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 7 Nov 2018 18:17:34 +0100 Date: Wed, 7 Nov 2018 18:17:34 +0100
Subject: [PATCH] libsemanage: Fix RESOURCE_LEAK and USE_AFTER_FREE coverity Subject: [PATCH] libsemanage: Fix RESOURCE_LEAK and USE_AFTER_FREE coverity
@ -9,10 +9,10 @@ Subject: [PATCH] libsemanage: Fix RESOURCE_LEAK and USE_AFTER_FREE coverity
1 file changed, 8 insertions(+), 13 deletions(-) 1 file changed, 8 insertions(+), 13 deletions(-)
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 9a4e79385b69..393ec9faf92d 100644 index f0e2300a2f58..b7a3e0f17cc1 100644
--- a/libsemanage/src/direct_api.c --- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c
@@ -1028,7 +1028,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh, @@ -1029,7 +1029,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
fp = NULL; fp = NULL;
@ -21,7 +21,7 @@ index 9a4e79385b69..393ec9faf92d 100644
cleanup: cleanup:
if (fp != NULL) fclose(fp); if (fp != NULL) fclose(fp);
@@ -2185,7 +2185,6 @@ cleanup: @@ -2186,7 +2186,6 @@ cleanup:
semanage_module_info_destroy(sh, modinfo); semanage_module_info_destroy(sh, modinfo);
free(modinfo); free(modinfo);
@ -29,7 +29,7 @@ index 9a4e79385b69..393ec9faf92d 100644
return status; return status;
} }
@@ -2350,16 +2349,6 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, @@ -2351,16 +2350,6 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
free(tmp); free(tmp);
tmp = NULL; tmp = NULL;
@ -46,7 +46,7 @@ index 9a4e79385b69..393ec9faf92d 100644
/* lookup enabled/disabled status */ /* lookup enabled/disabled status */
ret = semanage_module_get_path(sh, ret = semanage_module_get_path(sh,
*modinfo, *modinfo,
@@ -2403,7 +2392,13 @@ cleanup: @@ -2404,7 +2393,13 @@ cleanup:
free(modinfos); free(modinfos);
} }

View File

@ -1,36 +0,0 @@
From 6bff61c5981d4b928a0c304aad0b4adf772776cd Mon Sep 17 00:00:00 2001
From: HuaxinLu <luhuaxin1@foxmail.com>
Date: Mon, 14 Jun 2021 12:21:26 +0800
Subject: [PATCH] libsemanage: fix use-after-free in parse_module_store()
The passing parameter "arg" of parse_module_store will be freed after
calling. A copy of parameter should be used instead of itself.
Signed-off-by: HuaxinLu <luhuaxin1@foxmail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
libsemanage/src/conf-parse.y | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
index 9bf9364a1ce4..eac913447ecd 100644
--- a/libsemanage/src/conf-parse.y
+++ b/libsemanage/src/conf-parse.y
@@ -516,12 +516,12 @@ static int parse_module_store(char *arg)
char *s;
current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE;
if ((s = strchr(arg, ':')) == NULL) {
- current_conf->store_path = arg;
+ current_conf->store_path = strdup(arg);
current_conf->server_port = 4242;
} else {
char *endptr;
*s = '\0';
- current_conf->store_path = arg;
+ current_conf->store_path = strdup(arg);
current_conf->server_port = strtol(s + 1, &endptr, 10);
if (*(s + 1) == '\0' || *endptr != '\0') {
return -2;
--
2.32.0

View File

@ -1,65 +0,0 @@
From e1c6df329ce988bb03e9b0aa72cace3d679b9f9c Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Sat, 3 Jul 2021 16:31:19 +0200
Subject: [PATCH] libsemanage: silence -Wextra-semi-stmt warning
On Ubuntu 20.04, when building with clang -Werror -Wextra-semi-stmt
(which is not the default build configuration), the compiler reports:
genhomedircon.c:742:67: error: empty expression statement has no
effect; remove unnecessary ';' to silence this warning
[-Werror,-Wextra-semi-stmt]
const semanage_seuser_t **u2 = (const semanage_seuser_t **) arg2;;
^
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
libsemanage/src/genhomedircon.c | 2 +-
libsemanage/tests/libsemanage-tests.c | 18 +++++++++++-------
2 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index d08c88de99a7..7ca9afc3c1c7 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -740,7 +740,7 @@ static int write_user_context(genhomedircon_settings_t * s, FILE * out,
static int seuser_sort_func(const void *arg1, const void *arg2)
{
const semanage_seuser_t **u1 = (const semanage_seuser_t **) arg1;
- const semanage_seuser_t **u2 = (const semanage_seuser_t **) arg2;;
+ const semanage_seuser_t **u2 = (const semanage_seuser_t **) arg2;
const char *name1 = semanage_seuser_get_name(*u1);
const char *name2 = semanage_seuser_get_name(*u2);
diff --git a/libsemanage/tests/libsemanage-tests.c b/libsemanage/tests/libsemanage-tests.c
index 2ae4a21be52a..ee1767034c28 100644
--- a/libsemanage/tests/libsemanage-tests.c
+++ b/libsemanage/tests/libsemanage-tests.c
@@ -41,13 +41,17 @@
#include <stdlib.h>
#define DECLARE_SUITE(name) \
- suite = CU_add_suite(#name, name##_test_init, name##_test_cleanup); \
- if (NULL == suite) { \
- CU_cleanup_registry(); \
- return CU_get_error(); } \
- if (name##_add_tests(suite)) { \
- CU_cleanup_registry(); \
- return CU_get_error(); }
+ do { \
+ suite = CU_add_suite(#name, name##_test_init, name##_test_cleanup); \
+ if (NULL == suite) { \
+ CU_cleanup_registry(); \
+ return CU_get_error(); \
+ } \
+ if (name##_add_tests(suite)) { \
+ CU_cleanup_registry(); \
+ return CU_get_error(); \
+ } \
+ } while (0)
static void usage(char *progname)
{
--
2.32.0

View File

@ -1,42 +0,0 @@
From 29aeba547563f32b9a2240ddeebd3e3ccb9dcf78 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 28 Jul 2021 10:25:51 +0200
Subject: [PATCH] libsemanage: Fix USE_AFTER_FREE (CWE-672) in
semanage_direct_write_langext()
From fclose(3):
Upon successful completion, 0 is returned. Otherwise, EOF is returned
and errno is set to indicate the error. In either case, any further
access (including another call to fclose()) to the stream results in
undefined behavior.
Fixes:
Error: USE_AFTER_FREE (CWE-672): [#def1]
libsemanage-3.2/src/direct_api.c:1023: freed_arg: "fclose" frees "fp".
libsemanage-3.2/src/direct_api.c:1034: use_closed_file: Calling "fclose" uses file handle "fp" after closing it.
# 1032|
# 1033| cleanup:
# 1034|-> if (fp != NULL) fclose(fp);
# 1035|
# 1036| return ret;
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
libsemanage/src/direct_api.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 393ec9faf92d..b7a3e0f17cc1 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -1022,6 +1022,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
if (fclose(fp) != 0) {
ERR(sh, "Unable to close %s module ext file.", modinfo->name);
+ fp = NULL;
ret = -1;
goto cleanup;
}
--
2.32.0

View File

@ -1,19 +1,16 @@
%define libsepolver 3.2-3 %define libsepolver 3.3-0.rc2
%define libselinuxver 3.2-4 %define libselinuxver 3.3-0.rc2
Summary: SELinux binary policy manipulation library Summary: SELinux binary policy manipulation library
Name: libsemanage Name: libsemanage
Version: 3.2 Version: 3.3
Release: 4%{?dist} Release: 0.rc2.1%{?dist}
License: LGPLv2+ License: LGPLv2+
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.2/libsemanage-3.2.tar.gz Source0: https://github.com/SELinuxProject/selinux/releases/download/3.3-rc2/libsemanage-3.3-rc2.tar.gz
# fedora-selinux/selinux: git format-patch -N 3.2 -- libsemanage # fedora-selinux/selinux: git format-patch -N 3.3-rc2 -- libsemanage
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
# Patch list start # Patch list start
Patch0001: 0001-libsemanage-fix-use-after-free-in-parse_module_store.patch Patch0001: 0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch
Patch0002: 0002-libsemanage-silence-Wextra-semi-stmt-warning.patch
Patch0003: 0003-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch
Patch0004: 0004-libsemanage-Fix-USE_AFTER_FREE-CWE-672-in-semanage_d.patch
# Patch list end # Patch list end
URL: https://github.com/SELinuxProject/selinux/wiki URL: https://github.com/SELinuxProject/selinux/wiki
Source1: semanage.conf Source1: semanage.conf
@ -78,7 +75,7 @@ The libsemanage-python3 package contains the python 3 bindings for developing
SELinux management applications. SELinux management applications.
%prep %prep
%autosetup -n libsemanage-%{version} -p 2 %autosetup -n libsemanage-%{version}-rc2 -p 2
%build %build
@ -157,6 +154,9 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf
%{_libexecdir}/selinux/semanage_migrate_store %{_libexecdir}/selinux/semanage_migrate_store
%changelog %changelog
* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
- SELinux userspace 3.3-rc2 release
* Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4 * Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4
- Rebase on upstream commit 32611aea6543 - Rebase on upstream commit 32611aea6543

View File

@ -1 +1 @@
SHA512 (libsemanage-3.2.tar.gz) = 6ad670bb298b1bab506217b12a3fda5d2209f4387a11410f0c1b65f765ffb579b0d70795dee19048909e0b72ef904fc318be60d5a01f80ab12742ce07647a084 SHA512 (libsemanage-3.3-rc2.tar.gz) = a4411dc416ad0a719ecd709b19d9930afd37d96de372bac7fbf46a7ebf956ea545d5ea3b797795f636ceea51dd58f875c2305cbd90390fc07da89b58b3022d18