import libsemanage-3.2-4.el9

.gitignore

@@ -0,0 +1 @@
+SOURCES/libsemanage-3.2.tar.gz

.libsemanage.metadata

@@ -0,0 +1 @@
+bc67f9118dcca5032919d25184899f9daf66b70b SOURCES/libsemanage-3.2.tar.gz

SOURCES/0001-libsemanage-fix-use-after-free-in-parse_module_store.patch

@@ -0,0 +1,36 @@
+From 6bff61c5981d4b928a0c304aad0b4adf772776cd Mon Sep 17 00:00:00 2001
+From: HuaxinLu <luhuaxin1@foxmail.com>
+Date: Mon, 14 Jun 2021 12:21:26 +0800
+Subject: [PATCH] libsemanage: fix use-after-free in parse_module_store()
+
+The passing parameter "arg" of parse_module_store will be freed after
+calling. A copy of parameter should be used instead of itself.
+
+Signed-off-by: HuaxinLu <luhuaxin1@foxmail.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ libsemanage/src/conf-parse.y | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
+index 9bf9364a1ce4..eac913447ecd 100644
+--- a/libsemanage/src/conf-parse.y
++++ b/libsemanage/src/conf-parse.y
+@@ -516,12 +516,12 @@ static int parse_module_store(char *arg)
+ 		char *s;
+ 		current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE;
+ 		if ((s = strchr(arg, ':')) == NULL) {
+-			current_conf->store_path = arg;
++			current_conf->store_path = strdup(arg);
+ 			current_conf->server_port = 4242;
+ 		} else {
+ 			char *endptr;
+ 			*s = '\0';
+-			current_conf->store_path = arg;
++			current_conf->store_path = strdup(arg);
+ 			current_conf->server_port = strtol(s + 1, &endptr, 10);
+ 			if (*(s + 1) == '\0' || *endptr != '\0') {
+ 				return -2;
+-- 
+2.32.0
+

SOURCES/0002-libsemanage-silence-Wextra-semi-stmt-warning.patch

@@ -0,0 +1,65 @@
+From e1c6df329ce988bb03e9b0aa72cace3d679b9f9c Mon Sep 17 00:00:00 2001
+From: Nicolas Iooss <nicolas.iooss@m4x.org>
+Date: Sat, 3 Jul 2021 16:31:19 +0200
+Subject: [PATCH] libsemanage: silence -Wextra-semi-stmt warning
+
+On Ubuntu 20.04, when building with clang -Werror -Wextra-semi-stmt
+(which is not the default build configuration), the compiler reports:
+
+      genhomedircon.c:742:67: error: empty expression statement has no
+      effect; remove unnecessary ';' to silence this warning
+      [-Werror,-Wextra-semi-stmt]
+              const semanage_seuser_t **u2 = (const semanage_seuser_t **) arg2;;
+                                                                               ^
+
+Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
+---
+ libsemanage/src/genhomedircon.c       |  2 +-
+ libsemanage/tests/libsemanage-tests.c | 18 +++++++++++-------
+ 2 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
+index d08c88de99a7..7ca9afc3c1c7 100644
+--- a/libsemanage/src/genhomedircon.c
++++ b/libsemanage/src/genhomedircon.c
+@@ -740,7 +740,7 @@ static int write_user_context(genhomedircon_settings_t * s, FILE * out,
+ static int seuser_sort_func(const void *arg1, const void *arg2)
+ {
+ 	const semanage_seuser_t **u1 = (const semanage_seuser_t **) arg1;
+-	const semanage_seuser_t **u2 = (const semanage_seuser_t **) arg2;;
++	const semanage_seuser_t **u2 = (const semanage_seuser_t **) arg2;
+ 	const char *name1 = semanage_seuser_get_name(*u1);
+ 	const char *name2 = semanage_seuser_get_name(*u2);
+ 
+diff --git a/libsemanage/tests/libsemanage-tests.c b/libsemanage/tests/libsemanage-tests.c
+index 2ae4a21be52a..ee1767034c28 100644
+--- a/libsemanage/tests/libsemanage-tests.c
++++ b/libsemanage/tests/libsemanage-tests.c
+@@ -41,13 +41,17 @@
+ #include <stdlib.h>
+ 
+ #define DECLARE_SUITE(name) \
+-	suite = CU_add_suite(#name, name##_test_init, name##_test_cleanup); \
+-	if (NULL == suite) { \
+-		CU_cleanup_registry(); \
+-		return CU_get_error(); } \
+-	if (name##_add_tests(suite)) { \
+-		CU_cleanup_registry(); \
+-		return CU_get_error(); }
++	do { \
++		suite = CU_add_suite(#name, name##_test_init, name##_test_cleanup); \
++		if (NULL == suite) { \
++			CU_cleanup_registry(); \
++			return CU_get_error(); \
++		} \
++		if (name##_add_tests(suite)) { \
++			CU_cleanup_registry(); \
++			return CU_get_error(); \
++		} \
++	} while (0)
+ 
+ static void usage(char *progname)
+ {
+-- 
+2.32.0
+

SOURCES/0003-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch

@@ -0,0 +1,66 @@
+From cb0f1618cc3f81ac71717a426c6e471ccac1c065 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Wed, 7 Nov 2018 18:17:34 +0100
+Subject: [PATCH] libsemanage: Fix RESOURCE_LEAK and USE_AFTER_FREE coverity
+ scan defects
+
+---
+ libsemanage/src/direct_api.c | 21 ++++++++-------------
+ 1 file changed, 8 insertions(+), 13 deletions(-)
+
+diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
+index 9a4e79385b69..393ec9faf92d 100644
+--- a/libsemanage/src/direct_api.c
++++ b/libsemanage/src/direct_api.c
+@@ -1028,7 +1028,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
+ 
+ 	fp = NULL;
+ 
+-	ret = 0;
++	return 0;
+ 
+ cleanup:
+ 	if (fp != NULL) fclose(fp);
+@@ -2185,7 +2185,6 @@ cleanup:
+ 	semanage_module_info_destroy(sh, modinfo);
+ 	free(modinfo);
+ 
+-	if (fp != NULL) fclose(fp);
+ 	return status;
+ }
+ 
+@@ -2350,16 +2349,6 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
+ 	free(tmp);
+ 	tmp = NULL;
+ 
+-	if (fclose(fp) != 0) {
+-		ERR(sh,
+-		    "Unable to close %s module lang ext file.",
+-		    (*modinfo)->name);
+-		status = -1;
+-		goto cleanup;
+-	}
+-
+-	fp = NULL;
+-
+ 	/* lookup enabled/disabled status */
+ 	ret = semanage_module_get_path(sh,
+ 				       *modinfo,
+@@ -2403,7 +2392,13 @@ cleanup:
+ 		free(modinfos);
+ 	}
+ 
+-	if (fp != NULL) fclose(fp);
++	if (fp != NULL && fclose(fp) != 0) {
++		ERR(sh,
++		    "Unable to close %s module lang ext file.",
++		    (*modinfo)->name);
++		status = -1;
++	}
++
+ 	return status;
+ }
+ 
+-- 
+2.32.0
+

SOURCES/0004-libsemanage-Fix-USE_AFTER_FREE-CWE-672-in-semanage_d.patch

@@ -0,0 +1,42 @@
+From 29aeba547563f32b9a2240ddeebd3e3ccb9dcf78 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Wed, 28 Jul 2021 10:25:51 +0200
+Subject: [PATCH] libsemanage: Fix USE_AFTER_FREE (CWE-672) in
+ semanage_direct_write_langext()
+
+From fclose(3):
+Upon successful completion, 0 is returned.  Otherwise, EOF is returned
+and errno is set to indicate the error. In either case, any further
+access (including another call to fclose()) to the stream results in
+undefined behavior.
+
+Fixes:
+    Error: USE_AFTER_FREE (CWE-672): [#def1]
+    libsemanage-3.2/src/direct_api.c:1023: freed_arg: "fclose" frees "fp".
+    libsemanage-3.2/src/direct_api.c:1034: use_closed_file: Calling "fclose" uses file handle "fp" after closing it.
+    # 1032|
+    # 1033|   cleanup:
+    # 1034|-> 	if (fp != NULL) fclose(fp);
+    # 1035|
+    # 1036|   	return ret;
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ libsemanage/src/direct_api.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
+index 393ec9faf92d..b7a3e0f17cc1 100644
+--- a/libsemanage/src/direct_api.c
++++ b/libsemanage/src/direct_api.c
+@@ -1022,6 +1022,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
+ 
+ 	if (fclose(fp) != 0) {
+ 		ERR(sh, "Unable to close %s module ext file.", modinfo->name);
++		fp = NULL;
+ 		ret = -1;
+ 		goto cleanup;
+ 	}
+-- 
+2.32.0
+

SOURCES/semanage.conf

@@ -0,0 +1,60 @@
+# Authors: Jason Tang <jtang@tresys.com>
+#
+# Copyright (C) 2004-2005 Tresys Technology, LLC
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation; either
+#  version 2.1 of the License, or (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+# Specify how libsemanage will interact with a SELinux policy manager.
+# The four options are:
+#
+#  "source"     - libsemanage manipulates a source SELinux policy
+#  "direct"     - libsemanage will write directly to a module store.
+#  /foo/bar     - Write by way of a policy management server, whose
+#                 named socket is at /foo/bar.  The path must begin
+#                 with a '/'.
+#  foo.com:4242 - Establish a TCP connection to a remote policy
+#                 management server at foo.com.  If there is a colon
+#                 then the remainder is interpreted as a port number;
+#                 otherwise default to port 4242.
+module-store = direct
+
+# When generating the final linked and expanded policy, by default
+# semanage will set the policy version to POLICYDB_VERSION_MAX, as
+# given in <sepol/policydb.h>.  Change this setting if a different
+# version is necessary.
+#policy-version = 19
+
+# expand-check check neverallow rules when executing all semanage
+# commands. There might be a penalty in execution time if this
+# option is enabled.
+expand-check=0
+
+# usepasswd check tells semanage to scan all pass word records for home directories
+# and setup the labeling correctly. If this is turned off, SELinux will label only /home
+# and home directories of users with SELinux login mappings defined, see
+# semanage login -l for the list of such users.
+# If you want to use a different home directory, you will need to use semanage fcontext command.
+# For example, if you had home dirs in /althome directory you would have to execute
+# semanage fcontext -a -e /home /althome
+usepasswd=False
+bzip-small=true
+bzip-blocksize=5
+ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var
+optimize-policy=true
+
+[sefcontext_compile]
+path = /usr/sbin/sefcontext_compile
+args = -r $@
+[end]