libsemanage-3.2-3

Rebase on upstream commit 32611aea6543

See
    $ cd SELinuxProject/selinux
    $ git log --pretty=oneline libsepol-3.2..32611aea6543 -- libsepol

Resolves: rhbz#1938790
This commit is contained in:
Petr Lautrbach 2021-07-28 17:23:05 +02:00
parent 60abd4f5d1
commit a4faa0d4fc
6 changed files with 155 additions and 239 deletions

View File

@ -1,233 +0,0 @@
From b46406de8a93abe10e685c422597516517c0bff3 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Fri, 9 Oct 2020 15:00:50 +0200
Subject: [PATCH] libsemanage: Remove legacy and duplicate symbols
Versioned duplicate symbols cause problems for LTO. These symbols were
introduced during the CIL integration several releases ago and were only
consumed by other SELinux userspace components.
Related: https://github.com/SELinuxProject/selinux/issues/245
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
libsemanage/include/semanage/modules.h | 2 +-
libsemanage/src/libsemanage.map | 5 --
libsemanage/src/modules.c | 100 +------------------------
libsemanage/src/modules.h | 9 +--
libsemanage/src/semanageswig_python.i | 2 -
5 files changed, 4 insertions(+), 114 deletions(-)
diff --git a/libsemanage/include/semanage/modules.h b/libsemanage/include/semanage/modules.h
index ac4039314857..b51f61f033d5 100644
--- a/libsemanage/include/semanage/modules.h
+++ b/libsemanage/include/semanage/modules.h
@@ -33,7 +33,7 @@ typedef struct semanage_module_key semanage_module_key_t;
*/
extern int semanage_module_install(semanage_handle_t *,
- char *module_data, size_t data_len, char *name, char *ext_lang);
+ char *module_data, size_t data_len, const char *name, const char *ext_lang);
extern int semanage_module_install_file(semanage_handle_t *,
const char *module_name);
extern int semanage_module_remove(semanage_handle_t *, char *module_name);
diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map
index 1375a8ca0ea7..4bec06aaae27 100644
--- a/libsemanage/src/libsemanage.map
+++ b/libsemanage/src/libsemanage.map
@@ -167,18 +167,13 @@ LIBSEMANAGE_1.0 {
semanage_mls_enabled;
semanage_module_disable;
semanage_module_enable;
- semanage_module_get_enabled;
semanage_module_get_name;
semanage_module_get_version;
semanage_module_info_datum_destroy;
- semanage_module_install;
- semanage_module_install_base;
- semanage_module_install_base_file;
semanage_module_install_file;
semanage_module_list;
semanage_module_list_nth;
semanage_module_remove;
- semanage_module_upgrade;
semanage_module_upgrade_file;
semanage_msg_get_channel;
semanage_msg_get_fname;
diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c
index 6d3eb60ae462..8b36801038df 100644
--- a/libsemanage/src/modules.c
+++ b/libsemanage/src/modules.c
@@ -42,70 +42,7 @@
#include "modules.h"
#include "debug.h"
-asm(".symver semanage_module_get_enabled_1_1,semanage_module_get_enabled@@LIBSEMANAGE_1.1");
-asm(".symver semanage_module_get_enabled_1_0,semanage_module_get_enabled@LIBSEMANAGE_1.0");
-asm(".symver semanage_module_install_pp,semanage_module_install@LIBSEMANAGE_1.0");
-asm(".symver semanage_module_install_hll,semanage_module_install@@LIBSEMANAGE_1.1");
-
-/* Takes a module stored in 'module_data' and parses its headers.
- * Sets reference variables 'module_name' to module's name and
- * 'version' to module's version. The caller is responsible for
- * free()ing 'module_name' and 'version'; they will be
- * set to NULL upon entering this function. Returns 0 on success, -1
- * if out of memory, or -2 if data did not represent a module.
- */
-static int parse_module_headers(semanage_handle_t * sh, char *module_data,
- size_t data_len, char **module_name, char **version)
-{
- struct sepol_policy_file *pf;
- int file_type;
- *version = NULL;
-
- if (sepol_policy_file_create(&pf)) {
- ERR(sh, "Out of memory!");
- return -1;
- }
- sepol_policy_file_set_mem(pf, module_data, data_len);
- sepol_policy_file_set_handle(pf, sh->sepolh);
- if (module_data == NULL ||
- data_len == 0 ||
- sepol_module_package_info(pf, &file_type, module_name, version) == -1) {
- sepol_policy_file_free(pf);
- ERR(sh, "Could not parse module data.");
- return -2;
- }
- sepol_policy_file_free(pf);
- if (file_type != SEPOL_POLICY_MOD) {
- ERR(sh, "Data did not represent a pp module. Please upgrade to the latest version of libsemanage to support hll modules.");
- return -2;
- }
-
- return 0;
-}
-
-/* This function is used to preserve ABI compatibility with
- * versions of semodule using LIBSEMANAGE_1.0
- */
-int semanage_module_install_pp(semanage_handle_t * sh,
- char *module_data, size_t data_len)
-{
- char *name = NULL;
- char *version = NULL;
- int status;
-
- if ((status = parse_module_headers(sh, module_data, data_len, &name, &version)) != 0) {
- goto cleanup;
- }
-
- status = semanage_module_install_hll(sh, module_data, data_len, name, "pp");
-
-cleanup:
- free(name);
- free(version);
- return status;
-}
-
-int semanage_module_install_hll(semanage_handle_t * sh,
+int semanage_module_install(semanage_handle_t * sh,
char *module_data, size_t data_len, const char *name, const char *ext_lang)
{
if (sh->funcs->install == NULL) {
@@ -160,16 +97,6 @@ int semanage_module_extract(semanage_handle_t * sh,
return sh->funcs->extract(sh, modkey, extract_cil, mapped_data, data_len, modinfo);
}
-/* Legacy function that remains to preserve ABI
- * compatibility. Please use semanage_module_install instead.
- */
-int semanage_module_upgrade(semanage_handle_t * sh,
- char *module_data, size_t data_len)
-{
- return semanage_module_install_pp(sh, module_data, data_len);
-
-}
-
/* Legacy function that remains to preserve ABI
* compatibility. Please use semanage_module_install_file instead.
*/
@@ -179,24 +106,6 @@ int semanage_module_upgrade_file(semanage_handle_t * sh,
return semanage_module_install_file(sh, module_name);
}
-/* Legacy function that remains to preserve ABI
- * compatibility. Please use semanage_module_install instead.
- */
-int semanage_module_install_base(semanage_handle_t * sh,
- char *module_data, size_t data_len)
-{
- return semanage_module_install_pp(sh, module_data, data_len);
-}
-
-/* Legacy function that remains to preserve ABI
- * compatibility. Please use semanage_module_install_file instead.
- */
-int semanage_module_install_base_file(semanage_handle_t * sh,
- const char *module_name)
-{
- return semanage_module_install_file(sh, module_name);
-}
-
int semanage_module_remove(semanage_handle_t * sh, char *module_name)
{
if (sh->funcs->remove == NULL) {
@@ -780,7 +689,7 @@ int semanage_module_key_set_priority(semanage_handle_t *sh,
}
-int semanage_module_get_enabled_1_1(semanage_handle_t *sh,
+int semanage_module_get_enabled(semanage_handle_t *sh,
const semanage_module_key_t *modkey,
int *enabled)
{
@@ -800,11 +709,6 @@ int semanage_module_get_enabled_1_1(semanage_handle_t *sh,
return sh->funcs->get_enabled(sh, modkey, enabled);
}
-int semanage_module_get_enabled_1_0(semanage_module_info_t *modinfo)
-{
- return modinfo->enabled;
-}
-
int semanage_module_set_enabled(semanage_handle_t *sh,
const semanage_module_key_t *modkey,
int enabled)
diff --git a/libsemanage/src/modules.h b/libsemanage/src/modules.h
index 2d3576fb15df..64d4a157f5ca 100644
--- a/libsemanage/src/modules.h
+++ b/libsemanage/src/modules.h
@@ -26,16 +26,9 @@
#include "semanage/modules.h"
-int semanage_module_install_pp(semanage_handle_t * sh,
- char *module_data, size_t data_len);
-int semanage_module_install_hll(semanage_handle_t * sh,
- char *module_data, size_t data_len, const char *name, const char *ext_lang);
-int semanage_module_upgrade(semanage_handle_t * sh,
- char *module_data, size_t data_len);
+
int semanage_module_upgrade_file(semanage_handle_t * sh,
const char *module_name);
-int semanage_module_install_base(semanage_handle_t * sh,
- char *module_data, size_t data_len);
int semanage_module_install_base_file(semanage_handle_t * sh,
const char *module_name);
diff --git a/libsemanage/src/semanageswig_python.i b/libsemanage/src/semanageswig_python.i
index 8dd79fc24213..5f0113966962 100644
--- a/libsemanage/src/semanageswig_python.i
+++ b/libsemanage/src/semanageswig_python.i
@@ -30,8 +30,6 @@
%}
%include "stdint.i"
-%ignore semanage_module_install_pp;
-%ignore semanage_module_install_hll;
%wrapper %{
--
2.29.0

View File

@ -0,0 +1,36 @@
From 6bff61c5981d4b928a0c304aad0b4adf772776cd Mon Sep 17 00:00:00 2001
From: HuaxinLu <luhuaxin1@foxmail.com>
Date: Mon, 14 Jun 2021 12:21:26 +0800
Subject: [PATCH] libsemanage: fix use-after-free in parse_module_store()
The passing parameter "arg" of parse_module_store will be freed after
calling. A copy of parameter should be used instead of itself.
Signed-off-by: HuaxinLu <luhuaxin1@foxmail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
libsemanage/src/conf-parse.y | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
index 9bf9364a1ce4..eac913447ecd 100644
--- a/libsemanage/src/conf-parse.y
+++ b/libsemanage/src/conf-parse.y
@@ -516,12 +516,12 @@ static int parse_module_store(char *arg)
char *s;
current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE;
if ((s = strchr(arg, ':')) == NULL) {
- current_conf->store_path = arg;
+ current_conf->store_path = strdup(arg);
current_conf->server_port = 4242;
} else {
char *endptr;
*s = '\0';
- current_conf->store_path = arg;
+ current_conf->store_path = strdup(arg);
current_conf->server_port = strtol(s + 1, &endptr, 10);
if (*(s + 1) == '\0' || *endptr != '\0') {
return -2;
--
2.32.0

View File

@ -0,0 +1,65 @@
From e1c6df329ce988bb03e9b0aa72cace3d679b9f9c Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Sat, 3 Jul 2021 16:31:19 +0200
Subject: [PATCH] libsemanage: silence -Wextra-semi-stmt warning
On Ubuntu 20.04, when building with clang -Werror -Wextra-semi-stmt
(which is not the default build configuration), the compiler reports:
genhomedircon.c:742:67: error: empty expression statement has no
effect; remove unnecessary ';' to silence this warning
[-Werror,-Wextra-semi-stmt]
const semanage_seuser_t **u2 = (const semanage_seuser_t **) arg2;;
^
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
libsemanage/src/genhomedircon.c | 2 +-
libsemanage/tests/libsemanage-tests.c | 18 +++++++++++-------
2 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index d08c88de99a7..7ca9afc3c1c7 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -740,7 +740,7 @@ static int write_user_context(genhomedircon_settings_t * s, FILE * out,
static int seuser_sort_func(const void *arg1, const void *arg2)
{
const semanage_seuser_t **u1 = (const semanage_seuser_t **) arg1;
- const semanage_seuser_t **u2 = (const semanage_seuser_t **) arg2;;
+ const semanage_seuser_t **u2 = (const semanage_seuser_t **) arg2;
const char *name1 = semanage_seuser_get_name(*u1);
const char *name2 = semanage_seuser_get_name(*u2);
diff --git a/libsemanage/tests/libsemanage-tests.c b/libsemanage/tests/libsemanage-tests.c
index 2ae4a21be52a..ee1767034c28 100644
--- a/libsemanage/tests/libsemanage-tests.c
+++ b/libsemanage/tests/libsemanage-tests.c
@@ -41,13 +41,17 @@
#include <stdlib.h>
#define DECLARE_SUITE(name) \
- suite = CU_add_suite(#name, name##_test_init, name##_test_cleanup); \
- if (NULL == suite) { \
- CU_cleanup_registry(); \
- return CU_get_error(); } \
- if (name##_add_tests(suite)) { \
- CU_cleanup_registry(); \
- return CU_get_error(); }
+ do { \
+ suite = CU_add_suite(#name, name##_test_init, name##_test_cleanup); \
+ if (NULL == suite) { \
+ CU_cleanup_registry(); \
+ return CU_get_error(); \
+ } \
+ if (name##_add_tests(suite)) { \
+ CU_cleanup_registry(); \
+ return CU_get_error(); \
+ } \
+ } while (0)
static void usage(char *progname)
{
--
2.32.0

View File

@ -1,4 +1,4 @@
From 20d75ec7c77c9c74d51d714db384b322b13fc731 Mon Sep 17 00:00:00 2001 From cb0f1618cc3f81ac71717a426c6e471ccac1c065 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 7 Nov 2018 18:17:34 +0100 Date: Wed, 7 Nov 2018 18:17:34 +0100
Subject: [PATCH] libsemanage: Fix RESOURCE_LEAK and USE_AFTER_FREE coverity Subject: [PATCH] libsemanage: Fix RESOURCE_LEAK and USE_AFTER_FREE coverity
@ -62,5 +62,5 @@ index 9a4e79385b69..393ec9faf92d 100644
} }
-- --
2.30.0 2.32.0

View File

@ -0,0 +1,42 @@
From 29aeba547563f32b9a2240ddeebd3e3ccb9dcf78 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 28 Jul 2021 10:25:51 +0200
Subject: [PATCH] libsemanage: Fix USE_AFTER_FREE (CWE-672) in
semanage_direct_write_langext()
From fclose(3):
Upon successful completion, 0 is returned. Otherwise, EOF is returned
and errno is set to indicate the error. In either case, any further
access (including another call to fclose()) to the stream results in
undefined behavior.
Fixes:
Error: USE_AFTER_FREE (CWE-672): [#def1]
libsemanage-3.2/src/direct_api.c:1023: freed_arg: "fclose" frees "fp".
libsemanage-3.2/src/direct_api.c:1034: use_closed_file: Calling "fclose" uses file handle "fp" after closing it.
# 1032|
# 1033| cleanup:
# 1034|-> if (fp != NULL) fclose(fp);
# 1035|
# 1036| return ret;
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
libsemanage/src/direct_api.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 393ec9faf92d..b7a3e0f17cc1 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -1022,6 +1022,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
if (fclose(fp) != 0) {
ERR(sh, "Unable to close %s module ext file.", modinfo->name);
+ fp = NULL;
ret = -1;
goto cleanup;
}
--
2.32.0

View File

@ -1,16 +1,19 @@
%define libsepolver 3.2-1 %define libsepolver 3.2-3
%define libselinuxver 3.2-1 %define libselinuxver 3.2-5
Summary: SELinux binary policy manipulation library Summary: SELinux binary policy manipulation library
Name: libsemanage Name: libsemanage
Version: 3.2 Version: 3.2
Release: 2%{?dist} Release: 3%{?dist}
License: LGPLv2+ License: LGPLv2+
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.2/libsemanage-3.2.tar.gz Source0: https://github.com/SELinuxProject/selinux/releases/download/3.2/libsemanage-3.2.tar.gz
# fedora-selinux/selinux: git format-patch -N 3.2 -- libsemanage # fedora-selinux/selinux: git format-patch -N 3.2 -- libsemanage
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
# Patch list start # Patch list start
Patch0001: 0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch Patch0001: 0001-libsemanage-fix-use-after-free-in-parse_module_store.patch
Patch0002: 0002-libsemanage-silence-Wextra-semi-stmt-warning.patch
Patch0003: 0003-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch
Patch0004: 0004-libsemanage-Fix-USE_AFTER_FREE-CWE-672-in-semanage_d.patch
# Patch list end # Patch list end
URL: https://github.com/SELinuxProject/selinux/wiki URL: https://github.com/SELinuxProject/selinux/wiki
Source1: semanage.conf Source1: semanage.conf
@ -154,6 +157,9 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf
%{_libexecdir}/selinux/semanage_migrate_store %{_libexecdir}/selinux/semanage_migrate_store
%changelog %changelog
* Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4
- Rebase on upstream commit 32611aea6543
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-2 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937