diff --git a/.gitignore b/.gitignore index fc9abab..8e8d9b9 100644 --- a/.gitignore +++ b/.gitignore @@ -196,3 +196,5 @@ libsepol-2.0.41.tgz /libsepol-3.6.tar.gz /libsepol-3.7.tar.gz /libsepol-3.7.tar.gz.asc +/libsepol-3.8-rc1.tar.gz +/libsepol-3.8-rc1.tar.gz.asc diff --git a/0001-libsepol-sepol_compute_sid-Do-not-destroy-uninitiali.patch b/0001-libsepol-sepol_compute_sid-Do-not-destroy-uninitiali.patch deleted file mode 100644 index 6d5d41c..0000000 --- a/0001-libsepol-sepol_compute_sid-Do-not-destroy-uninitiali.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 453d54da10a96e1494ef8aea867f6c9eb8751677 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Fri, 19 Jul 2024 18:17:13 +0200 -Subject: [PATCH] libsepol/sepol_compute_sid: Do not destroy uninitialized - context -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Avoid context_destroy() on "newcontext" before context_init() is called. - -Fixes: - libsepol-3.6/src/services.c:1335: var_decl: Declaring variable "newcontext" without initializer. - libsepol-3.6/src/services.c:1462: uninit_use_in_call: Using uninitialized value "newcontext.range.level[0].cat.node" when calling "context_destroy". - \# 1460| rc = sepol_sidtab_context_to_sid(sidtab, &newcontext, out_sid); - \# 1461| out: - \# 1462|-> context_destroy(&newcontext); - \# 1463| return rc; - \# 1464| } - -Signed-off-by: Vit Mojzis -Reviewed-by: Christian Göttsche -Acked-by: Stephen Smalley ---- - libsepol/src/services.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/libsepol/src/services.c b/libsepol/src/services.c -index 36e2368f..f3231f17 100644 ---- a/libsepol/src/services.c -+++ b/libsepol/src/services.c -@@ -1362,14 +1362,12 @@ static int sepol_compute_sid(sepol_security_id_t ssid, - scontext = sepol_sidtab_search(sidtab, ssid); - if (!scontext) { - ERR(NULL, "unrecognized SID %d", ssid); -- rc = -EINVAL; -- goto out; -+ return -EINVAL; - } - tcontext = sepol_sidtab_search(sidtab, tsid); - if (!tcontext) { - ERR(NULL, "unrecognized SID %d", tsid); -- rc = -EINVAL; -- goto out; -+ return -EINVAL; - } - - if (tclass && tclass <= policydb->p_classes.nprim) --- -2.45.2 - diff --git a/0002-libsepol-cil-Check-that-sym_index-is-within-bounds.patch b/0002-libsepol-cil-Check-that-sym_index-is-within-bounds.patch deleted file mode 100644 index 014c873..0000000 --- a/0002-libsepol-cil-Check-that-sym_index-is-within-bounds.patch +++ /dev/null @@ -1,40 +0,0 @@ -From d045edd5298a75284ce1cc289d039cce8b7a24ae Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Tue, 23 Jul 2024 16:41:57 +0200 -Subject: [PATCH] libsepol/cil: Check that sym_index is within bounds - -Make sure sym_index is within the bounds of symtab array before using it -to index the array. - -Fixes: - Error: OVERRUN (CWE-119): - libsepol-3.6/cil/src/cil_resolve_ast.c:3157: assignment: Assigning: "sym_index" = "CIL_SYM_UNKNOWN". - libsepol-3.6/cil/src/cil_resolve_ast.c:3189: overrun-call: Overrunning callee's array of size 19 by passing argument "sym_index" (which evaluates to 20) in call to "cil_resolve_name". - \# 3187| switch (curr->flavor) { - \# 3188| case CIL_STRING: - \# 3189|-> rc = cil_resolve_name(parent, curr->data, sym_index, db, &res_datum); - \# 3190| if (rc != SEPOL_OK) { - \# 3191| goto exit; - -Signed-off-by: Vit Mojzis -Acked-by: James Carter ---- - libsepol/cil/src/cil_resolve_ast.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c -index 427a320c..da8863c4 100644 ---- a/libsepol/cil/src/cil_resolve_ast.c -+++ b/libsepol/cil/src/cil_resolve_ast.c -@@ -4291,7 +4291,7 @@ int cil_resolve_name_keep_aliases(struct cil_tree_node *ast_node, char *name, en - int rc = SEPOL_ERR; - struct cil_tree_node *node = NULL; - -- if (name == NULL) { -+ if (name == NULL || sym_index >= CIL_SYM_NUM) { - cil_log(CIL_ERR, "Invalid call to cil_resolve_name\n"); - goto exit; - } --- -2.47.0 - diff --git a/0003-libsepol-cil-Initialize-avtab_datum-on-declaration.patch b/0003-libsepol-cil-Initialize-avtab_datum-on-declaration.patch deleted file mode 100644 index 638b7bb..0000000 --- a/0003-libsepol-cil-Initialize-avtab_datum-on-declaration.patch +++ /dev/null @@ -1,81 +0,0 @@ -From b332edfc248f7c5bcf651be033e2f06aa5959776 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Wed, 23 Oct 2024 15:43:15 +0200 -Subject: [PATCH] libsepol/cil: Initialize avtab_datum on declaration - -avtab_datum.xperms was not always initialized before being used. - -Fixes: -Error: UNINIT (CWE-457): -libsepol-3.7/cil/src/cil_binary.c:977:2: var_decl: Declaring variable "avtab_datum" without initializer. -libsepol-3.7/cil/src/cil_binary.c:1059:3: uninit_use_in_call: Using uninitialized value "avtab_datum". Field "avtab_datum.xperms" is uninitialized when calling "__cil_cond_insert_rule". - \# 1057| } - \# 1058| } - \# 1059|-> rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor); - \# 1060| } - -Error: UNINIT (CWE-457): -libsepol-3.7/cil/src/cil_binary.c:1348:2: var_decl: Declaring variable "avtab_datum" without initializer. -libsepol-3.7/cil/src/cil_binary.c:1384:3: uninit_use_in_call: Using uninitialized value "avtab_datum". Field "avtab_datum.xperms" is uninitialized when calling "__cil_cond_insert_rule". - \# 1382| } else { - \# 1383| avtab_datum.data = data; - \# 1384|-> rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor); - \# 1385| } - \# 1386| - -Signed-off-by: Vit Mojzis -Acked-by: James Carter ---- - libsepol/cil/src/cil_binary.c | 8 ++------ - 1 file changed, 2 insertions(+), 6 deletions(-) - -diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c -index c8144a5a..66c461eb 100644 ---- a/libsepol/cil/src/cil_binary.c -+++ b/libsepol/cil/src/cil_binary.c -@@ -974,7 +974,7 @@ static int __cil_insert_type_rule(policydb_t *pdb, uint32_t kind, uint32_t src, - { - int rc = SEPOL_OK; - avtab_key_t avtab_key; -- avtab_datum_t avtab_datum; -+ avtab_datum_t avtab_datum = { .data = res, .xperms = NULL }; - avtab_ptr_t existing; - - avtab_key.source_type = src; -@@ -996,8 +996,6 @@ static int __cil_insert_type_rule(policydb_t *pdb, uint32_t kind, uint32_t src, - goto exit; - } - -- avtab_datum.data = res; -- - existing = avtab_search_node(&pdb->te_avtab, &avtab_key); - if (existing) { - /* Don't add duplicate type rule and warn if they conflict. -@@ -1345,7 +1343,7 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin - { - int rc = SEPOL_OK; - avtab_key_t avtab_key; -- avtab_datum_t avtab_datum; -+ avtab_datum_t avtab_datum = { .data = data, .xperms = NULL }; - avtab_datum_t *avtab_dup = NULL; - - avtab_key.source_type = src; -@@ -1371,7 +1369,6 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin - if (!cond_node) { - avtab_dup = avtab_search(&pdb->te_avtab, &avtab_key); - if (!avtab_dup) { -- avtab_datum.data = data; - rc = avtab_insert(&pdb->te_avtab, &avtab_key, &avtab_datum); - } else { - if (kind == CIL_AVRULE_DONTAUDIT) -@@ -1380,7 +1377,6 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin - avtab_dup->data |= data; - } - } else { -- avtab_datum.data = data; - rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor); - } - --- -2.47.0 - diff --git a/0004-libsepol-mls-Do-not-destroy-context-on-memory-error.patch b/0004-libsepol-mls-Do-not-destroy-context-on-memory-error.patch deleted file mode 100644 index bb9078f..0000000 --- a/0004-libsepol-mls-Do-not-destroy-context-on-memory-error.patch +++ /dev/null @@ -1,74 +0,0 @@ -From a67e7419e09e8954dd8d96baaab9ee663a00990c Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Wed, 23 Oct 2024 15:43:16 +0200 -Subject: [PATCH] libsepol/mls: Do not destroy context on memory error - -In case of malloc error, ctx1, or ctx2 may be pointing to uninitialized -space and context_destroy should not be used on it. - -Fixes: -Error: UNINIT (CWE-457): -libsepol-3.7/src/mls.c:673:2: alloc_fn: Calling "malloc" which returns uninitialized memory. -libsepol-3.7/src/mls.c:673:2: assign: Assigning: "ctx1" = "malloc(64UL)", which points to uninitialized data. -libsepol-3.7/src/mls.c:699:2: uninit_use_in_call: Using uninitialized value "ctx1->range.level[0].cat.node" when calling "context_destroy". - \# 697| ERR(handle, "could not check if mls context %s contains %s", - \# 698| mls1, mls2); - \# 699|-> context_destroy(ctx1); - \# 700| context_destroy(ctx2); - \# 701| free(ctx1); - -Error: UNINIT (CWE-457): -libsepol-3.7/src/mls.c:674:2: alloc_fn: Calling "malloc" which returns uninitialized memory. -libsepol-3.7/src/mls.c:674:2: assign: Assigning: "ctx2" = "malloc(64UL)", which points to uninitialized data. -libsepol-3.7/src/mls.c:700:2: uninit_use_in_call: Using uninitialized value "ctx2->range.level[0].cat.node" when calling "context_destroy". - \# 698| mls1, mls2); - \# 699| context_destroy(ctx1); - \# 700|-> context_destroy(ctx2); - \# 701| free(ctx1); - \# 702| free(ctx2); - -Signed-off-by: Vit Mojzis -Acked-by: James Carter ---- - libsepol/src/mls.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/libsepol/src/mls.c b/libsepol/src/mls.c -index 45db8920..a37405d1 100644 ---- a/libsepol/src/mls.c -+++ b/libsepol/src/mls.c -@@ -672,8 +672,10 @@ int sepol_mls_contains(sepol_handle_t * handle, - context_struct_t *ctx1 = NULL, *ctx2 = NULL; - ctx1 = malloc(sizeof(context_struct_t)); - ctx2 = malloc(sizeof(context_struct_t)); -- if (ctx1 == NULL || ctx2 == NULL) -+ if (ctx1 == NULL || ctx2 == NULL){ -+ ERR(handle, "out of memory"); - goto omem; -+ } - context_init(ctx1); - context_init(ctx2); - -@@ -690,16 +692,14 @@ int sepol_mls_contains(sepol_handle_t * handle, - free(ctx2); - return STATUS_SUCCESS; - -- omem: -- ERR(handle, "out of memory"); -- - err: -- ERR(handle, "could not check if mls context %s contains %s", -- mls1, mls2); - context_destroy(ctx1); - context_destroy(ctx2); -+ omem: - free(ctx1); - free(ctx2); -+ ERR(handle, "could not check if mls context %s contains %s", -+ mls1, mls2); - return STATUS_ERR; - } - --- -2.47.0 - diff --git a/0005-libsepol-cil-cil_post-Initialize-tmp-on-declaration.patch b/0005-libsepol-cil-cil_post-Initialize-tmp-on-declaration.patch deleted file mode 100644 index 12611be..0000000 --- a/0005-libsepol-cil-cil_post-Initialize-tmp-on-declaration.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 77e225361129f02d379e930859406a61420836d7 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Wed, 23 Oct 2024 15:43:17 +0200 -Subject: [PATCH] libsepol/cil/cil_post: Initialize tmp on declaration - -tmp.node was not always initialized before being used by -ebitmap_destroy. - -Fixes: -Error: UNINIT (CWE-457): -libsepol-3.7/cil/src/cil_post.c:1309:2: var_decl: Declaring variable "tmp" without initializer. -libsepol-3.7/cil/src/cil_post.c:1382:6: uninit_use_in_call: Using uninitialized value "tmp.node" when calling "ebitmap_destroy". - \# 1380| if (rc != SEPOL_OK) { - \# 1381| cil_log(CIL_INFO, "Failed to apply operator to bitmaps\n"); - \# 1382|-> ebitmap_destroy(&tmp); - \# 1383| goto exit; - \# 1384| } - -Signed-off-by: Vit Mojzis -Acked-by: James Carter ---- - libsepol/cil/src/cil_post.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c -index ac99997f..d63a5496 100644 ---- a/libsepol/cil/src/cil_post.c -+++ b/libsepol/cil/src/cil_post.c -@@ -1315,6 +1315,8 @@ static int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max, - curr = expr->head; - flavor = expr->flavor; - -+ ebitmap_init(&tmp); -+ - if (curr->flavor == CIL_OP) { - enum cil_flavor op = (enum cil_flavor)(uintptr_t)curr->data; - --- -2.47.0 - diff --git a/0006-libsepol-Initialize-strs-on-declaration.patch b/0006-libsepol-Initialize-strs-on-declaration.patch deleted file mode 100644 index f45bdbe..0000000 --- a/0006-libsepol-Initialize-strs-on-declaration.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 49926e313ca995ae72d5b6bd82f3f5bbbe5ba0df Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Wed, 23 Oct 2024 15:43:18 +0200 -Subject: [PATCH] libsepol: Initialize "strs" on declaration - -The value of "strs" was not always initialized before being used by -strs_destroy. - -Fixes: -Error: UNINIT (CWE-457): -libsepol-3.7/src/kernel_to_cil.c:1439:2: var_decl: Declaring variable "strs" without initializer. -libsepol-3.7/src/kernel_to_cil.c:1487:2: uninit_use_in_call: Using uninitialized value "strs" when calling "strs_destroy". - \# 1485| - \# 1486| exit: - \# 1487|-> strs_destroy(&strs); - \# 1488| - \# 1489| if (rc != 0) { - -Error: UNINIT (CWE-457): -libsepol-3.7/src/kernel_to_conf.c:1422:2: var_decl: Declaring variable "strs" without initializer. -libsepol-3.7/src/kernel_to_conf.c:1461:2: uninit_use_in_call: Using uninitialized value "strs" when calling "strs_destroy". - \# 1459| - \# 1460| exit: - \# 1461|-> strs_destroy(&strs); - \# 1462| - \# 1463| if (rc != 0) { - -Signed-off-by: Vit Mojzis -Acked-by: James Carter ---- - libsepol/src/kernel_to_cil.c | 2 +- - libsepol/src/kernel_to_conf.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c -index f94cb245..9c2690be 100644 ---- a/libsepol/src/kernel_to_cil.c -+++ b/libsepol/src/kernel_to_cil.c -@@ -1436,7 +1436,7 @@ static int map_type_aliases_to_strs(char *key, void *data, void *args) - static int write_type_alias_rules_to_cil(FILE *out, struct policydb *pdb) - { - type_datum_t *alias; -- struct strs *strs; -+ struct strs *strs = NULL; - char *name; - char *type; - unsigned i, num = 0; -diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c -index ca91ffae..661546af 100644 ---- a/libsepol/src/kernel_to_conf.c -+++ b/libsepol/src/kernel_to_conf.c -@@ -1419,7 +1419,7 @@ static int map_type_aliases_to_strs(char *key, void *data, void *args) - static int write_type_alias_rules_to_conf(FILE *out, struct policydb *pdb) - { - type_datum_t *alias; -- struct strs *strs; -+ struct strs *strs = NULL; - char *name; - char *type; - unsigned i, num = 0; --- -2.47.0 - diff --git a/bachradsusi.gpg b/bachradsusi.gpg index ff4e382..aa060bb 100644 --- a/bachradsusi.gpg +++ b/bachradsusi.gpg @@ -316,6 +316,123 @@ kAIi0B1szn0K13qRqBIwjnWL+orP1KLzvczCH6yD0FZY90CDdMtM0VB6AqT4BFh6 5+ygjA4YiA7fFYBm8510ybUcNfzU3gUIJ5pF8MdGizO54tCPSK6U+iVRY4qfCFdu IiOZ7FUUn78VIxQUMYMrozy7kn/0PQZa7KKRbXJ8sg0sgrQapwpgUjdMwuYZPGGv 1Jw5/+WUGWMbGxmlpHcEOmsPZpITH557M/kHyk9Ud0iKwciBI2mGLxiafCuLrUY4 -TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfg== -=I8Dr +TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfpkCDQRnKRF7ARAAo5H9/6cStbyjWFeb +G6qDn6pT+4v1rlbRZo0rYwWkDmEAjOZMRC9SJipTCdQeNFlv6HEiiCvl3bmZIqrZ ++zvLI6U1+2dH7k06xNqIFLTV0zbr+tUkOwspg5nr59KsuNP01WBS0ELzunO/zHj+ +BOEdPg1KvB0IQFtqAwaAfuny67YvTr9O7Yz07ZCfTxPtHf6FJ80FPeRa0LoZYnW4 +UmSGtm1f59VD9+qe4yhRtNanamXUKjf8BTw0rQwjoJhVT5Mg0Z6hW6fhFrD57Lgd +8fBi5ZHHUlR4z1+nqGCUoHlHjc0JVyK8j8fofKafow/79ITaOqBzv+P3psY9ecBg +7wGaOHrqzRzRxAfKYRO2IaFHRGnsEE8FnwSEL00uPVxpiiTavrLJFEjku9GmP3OY +3rbwIPXbw1m9mZG1yAVbSEEf58WSWeoBp0O6qrwAdIbdgUX4BkQ8bX5MtUjXp5tm +0StmjQiZ7O91cg0VuWtrfj/I4E3xtloNzhtG2QLI4s7iAL1orhClxEuZRO9alUCS +cnRvhmw2Dh6sB6i56evcZdUFwxMXOByxfWr0fxX4QlR8jYqMPj7UMNj2PccTBOQX +umIW2cdGEeni9vrE9cLfZRSNCwPWAXWtr1zQW54Jx5DjCGHobQk53Z7kE+MZVAje +gOaT0u50cljBNfJootuln4+gbGMAEQEAAbQlUGV0ciBMYXV0cmJhY2ggPGxhdXRy +YmFjaEByZWRoYXQuY29tPokCVwQTAQgAQRYhBGjSGCM0KhNoOus+TvtMaFtdwcE+ +BQJnKRF7AhsDBQkDwmcABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEPtM +aFtdwcE+doMQAI5mnNA8aH0dfeOZnz/NrMwY6H7jK/+lYatCx05e1TfK+zz9feRK +sxgP3Pjj0p9igo3jIdPcN5/YnlmVEeplDmSiKOOdendviy+sA8sukMo07Q+m1pYW +NzFtyiZd+c44mp9I1l7h6rktIY9XDedrlAkNog1VlUet9eNpmgXt2OmJNDmYftWc +KIpyw/ZLaubjRcAmxwsn7I6dWnT66Ffg9H8trcRlWipVWP8imO0EIpwC8RbhuNgk +xjt/cVf3CEpzokF4n0k3nqYmt90NNtGc0kG5QAlTvlUuHpNWzuzvdAPtMy3KEaXI +fu3IEZeIKCxSgWXTm7zRKUn0F6jKAsLXhK/WOA1Aa7NdAUwMxrEndfNoqBrusaLD +lpzWU7USv2YT+Pf3aQ7u1szg2J8V5eqRP+E8wwe54RNCgQrcDgUq5abyncsvull3 +GqJvzvZC7/Q3Th/g5Wc+dRaGBz0O9FBuRPQwjrnB932xW1fDf17cScpVKAvV/jwn +tpWXf7nSv2M0o9fihnTBl4d2c2EBKtTdp5W0IpeRl5uLad3AYoouP6RoZ+/Id/Zg +NeaQKH/ZlCxk5S9GLzYhm665ysOYRkh7NfoThRtvAqAeDcTKWGDG1nQok2KKOSyq +S81PT2AlMz7A26R0vsH/9lQ1uZFIhIGbxZXlGERZwXd1s+lgfWTbB5K+iQIzBBAB +CAAdFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmcpGAUACgkQvDkF8jUXnPFdGQ/+ +L7uA7EMB+Yh0urhZuOltZSNtge6b+UbLZTd8DRsf044e+Z0NJWdQ2saLBptGhIcn +as4Qd0gS+QkWB7lMrJ31uux15ZBjFsGtyqK+VoH8JIPvV8Mr5XojqA+UYUpXP6ns +ILrdkUvNzpeA51IxYuVMWcut8SUVYzjD11YG1P8LFzydsImaYe7se+RE85F3/2Po +kZNe0d0Gh36uyfJSND80XrrxLpROgabQgHNG0drL/DHjdoa3F0V5EUoG7NBwUrmB +RlWKYCLUFfW+8mQn6RVK8JIV9WaHrzi/KAZLonZb5dCjO0e+Ol16pyUofLA8SN7B +aqjens8ho297GtE3darkXmj5p3p4YPur/D+oZCNIH+BYMsht46VtE3v6V10P8KA2 +6MgNo5qME1Q0kC1DUYi68cPeDgrQBMWa+nF+m9i2aGeAyi3qDhZu03JLhOYAhv45 +OVRawm9vFqyKiBRANVogTRr+ch4zywaapwfVLQ+xiwVLqlT5n/iIzWCQ0hA15eKZ +gJV0kTXL4OWKBeJqSNnnLVm4AhZ2OpKHMsjE7BEopvCe9JZWFIrjtQ9TrriByOx0 +3anWkmm7b4lZ1HKDOI/Cxyz8BZvYizo7hSOdGjLrFBTD/Wk0swvpzB4NKh5I6N7k +gppXMTaWp36+KmQx66JzaZjepGl1VMNFdgiP6Sw6pO+5Ag0EZykRewEQAK4EY+06 +GeuX4wLlUqAMWCnbFELuhBZGWFLEIvP6WJS1WOvee45RVcpVfYMp3AqymiNRahAl +RMtSQ9YtXSdlBPkhtNcoV/hqjcNywMdbsy+Rs27pRk/DJVC0yVL4ABrSSlwhfNa4 +6X4ZvPr8GGDvjAUhK6NXQ7WrZJxYR9/U0nqRGtGuPBLhFey1H60n5axP8+2f9pFC +NbDJ13HbrhVju+RUeE8Gq5WJI5dea5SfYnXFERsT/zO+pw7ZaaSDmWKR1a88P6Bk +DD7e63ZIaAa849M/Dz+OgzNEgbyRjvgbO0OEIrS2x61lGoW7F9prEgzj97NIiBu6 +qpNCYJefkpfPENrk+wmOUthJfh6E7uphlliQams6dqXAc3Z+xBN9jFf74RpzVmIP +K/MFNr0EcUMFgURpBtaTrk4dGMh++v5i4qKxxwJHf4RsGCDsgH9ZZDemKz5q8uFN +TI1kbTnsKNt+d7L45U+3/mRm4l22g8eu+AvD6R4GfKjsyzEFCyGK7TmVYj0Y+EGR +9+YbRQ1GahXqtrR/aLC09LSyxQTqYfKU8KusnoceEbBOigEZUNPybpzibwHl1VEV +9crR5eT8MPHgs8xdpjQ7gRuPi12fvc83unpUsNIHSCxZqXoilGsz2+zpX2si3PxB +tK/tTo6ZFRLijhHs250Y1agp4MyXYq91A2VTABEBAAGJAjwEGAEIACYWIQRo0hgj +NCoTaDrrPk77TGhbXcHBPgUCZykRewIbDAUJA8JnAAAKCRD7TGhbXcHBPozGD/0Y +fkktGwGq2vPZUI/Fscv+VnEqVt94dBnS0/6GyYvhI7Tf81v+72URlQeX8TUQox9B +8d3Aru5b2+iSkPcvH70PbY8jt/yTwHtSlFzf6+YPIl+oyTz7DoiILSjrO51ntl8g +KmIb8Q9W74xV6VFIJ4m8rH04MKFpIlzUDq660JYQIGtOUFugSfg7aLVU/0j4WKKE +KfAfg93wYTKKd+JgRFy4FZPriem7HvlUSi2VKffdrrUF/PX35X74iKdPQoEADZi8 +KkMZULDtyQ6ZOu2hiDpArjo5hDadKM314Z65VnM11hjiEhmTF3IyGBllb0qBIk0L +nBVHuMYmiqBNJEbaqHLqIju8/RvFlYV+AMISeA7B68knbJcao13ogtDpuJ4hpgCj +j2B1n0NWMcju0gteu1sfsIaQbWHevH2vgl5LJDCNtUJN/NoWB2Uov27wEvsongwY +3du40TnM+5ejwf4r8D3wX+JpVCAhfr3Oc0knw14nRqFPAe1E7DNURJ8xfEV9iPRA +swo6qoh7IIxNETUG1rywRExNt6tHsojx0Wb0I0IB7CnWRK9F6oNRp0S4kVgp+Jeh +a9NGXFK2hn8qBD/rpUPsj/OdkiBN+C7Ai07rCNez+IKdnUfXkOJqLCOyeUwC9WPl +uFPB9RnnghYM4xhMWf8XvSLOOk/vgPxiqR5ANLObsbkCDQRnKRLhARAAuh+b2Oxj +9q+RRZ+pkDVf/M6P01yDmDhwtYHzi/LW8PFHC6iQlzMReyv1R5n3uCEpAZ++mdUe +Cgo2TmFnYdpmxEgdaMIW98uqe4fuHhoXU2Mh4eiN7jyJvXQCsijCDYzifoj03HY7 +nTVjw4+BSSu9kA3/vEqU9A5YjG01MmVSMaIaTrqZqsnypK6r2exJa7YVRYwRqpLY +C5ksikDVK9ftdfhjnsnYGS4pYyfMNSHY1KBMpHjT7wEkM+KZ2WRpjTZZ7nP9u4Lf +fJMKgcclRgf+13CeSaJfVIhjJlxGVLkloE8XJbOeh2vkK257e9BenEFgQnyLCpGJ +8YNsnsJVhxU1aA62dT7jmnOVMBhnGoNhMyzzfvUw0REz2VbpZBkiwZRfZ9MWUBsy +bneH8NwzZMQQLCc/yo/jnPrmDS+tgl4CXGzBtpxPUZSMuY4tHZZ2vBb0zcfhY7P1 +CrHuylXLFzkOO/XRP3w1F8I1UqJCjdTKjdjCDF/VWtedHee1iEsSHxPGH8fHp4Qp +rBDDwZ4NnfilYNHMDWm6U1bzhX2ynqcGArQSd1Ny/oL7JzE1qoH/nNrwVvOSSNWF +UTXFXeLy+SOXJdFJpGP+/wV+gYfyczoUP6vmCdK1Hs15WQvKzyP/nmLS5uLilfxV +KrxZDI6SNrS4f/XkHcGnYByFKUhq5gVN0ZcAEQEAAYkEcgQYAQgAJhYhBGjSGCM0 +KhNoOus+TvtMaFtdwcE+BQJnKRLhAhsCBQkDwmcAAkAJEPtMaFtdwcE+wXQgBBkB +CAAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmcpEuEACgkQzcroySfGvjExiQ// +TKQ2Ci+sqNSVIcwg/k0Go1i4cA7lhKNdYRBCaIThB9jMqNg2zgPzgELBcaVJL8xw +0E2x2ZvBejM4X+eTrmkdufcxHR8B/zBF8oPlD2pgs/zZmZEO1gq4Cdab7yIoVNNr +foCZShxOCPR2wIixcYZtt5f7Z3zSXqkjIec6sTOedT75ZXrpQbvINeUkvOJfMCOi +ailauvDfv8k5iJUVbP+Dx1vOc88bvewVJcbLID4HIRr/PS+k1D10zGbnF71TnxGZ +r7anMZCSFCHJ5WV+BSwHHKtxRy+bJ1x9ML45Jcr1anTXeaHIeSKNzFBigJQSgHv0 +euegkD3Rmw+IcxNb4l536selaNR0UAwx1DC1qpjBtnE9/pXdTEsZQxq9kMrj0d+f +VKFjOKADVIpkx7o0dZ1jmbUmdjQVyGDgHE+Emgdd726/2ftWriW2uPeUC6YZiqbt +vBnCnwF+aV6P1nrE0BWJchLyBjDCe5Y2oXBAYF6xwpDPfMPr4oscqzPV4TWVULBi +brtRWgSxmvinIGFx9T9wQCVfX254dqBaAEhRMImoT/YP+6evRZKqQODRhI44OG7u +V71IVAJ8BHEBN8hxvQM3WPs1fhwMBFCyGfr/x/U4/c78R9JhxkU9VwmMbLGQP7VP +1QgfiHqZpHMk8ZUmQn6KLeurzWcnwPFkwgFPZED8OQOMXxAAio3DhWr5KDd3mICH +ALNY0A2ipb/JH6LSHxu0S3MLa/bF6PbqRY1+fKMT/cFVxln99rNUrX+hDRbc7qbh +KkxvGmcnXnkcTHah9bfUghEanlKkBr1g1ik3zgEnpO/x3+X39Ov+ge92MDawV0nq +k9R/9tS+ZD/ph72Q9kx3ZfVNSL0eWxjuwBzFW0Zwh5TAX4raSmyQCmAXi05O3YmN +iq4arSUg5oAOMRZ+d96DsrAS4Sdtlx6/CuKTBzEaGPQLQ9wJNB0Vmd/eQWTP99KY +cAdIwj5BJ5P0Z7+xhsVjQOntn4otnP6vN6RuDtYrS6M7TCN/ZeKCvN/G0nRac4D+ +IJX3CYYtYXgaoDuoetUWtc7O5PzHRETaBt/46ob2lzf6cT5QyVujTfz+i0rGEc63 +pvXK8mV+K7BFY/DHpdEhl1pDw2YYLbBmUthQWdsL6/TVvpMe/wZadvJ/by3AeRzQ +eusUucuSo9UNN7Yj8u3dRhxNgsSiU96A/SFlAoB5s3Onh5K4WEVCBu/INjdi+r2B +LJePSnA3I7VkRE9Haf1D28jtBzm3Xbft2rs3lO18FcCqw6kd7Ih3e0tZ8uUG9UDv +qTDHTUHLAWvwrq38gKKAu2RMaU06A5kR87RcQiizxOwBIwiHuUWMU4/Hyx6fXsOD +hEs0O6AFDarNDZGee2amKTAyZpG5Ag0EZykTxQEQAOwGV1boBD3vDLsoAT62nGxb +SqXiBsObxnpWbNifOzM9BUGPOIpHsSH32PZGG/+LNjNdECfyyP1RysH5OT7j92Q8 +vgRQoG3X985gbOjYyZc0xvAkTSvWxOiy5CuF3X8sJ3NSerQDXwjP9qVqLVj/3FB8 +nka1HFS7KzC3Zo/kzCoxeZ3/hV3PTWIjcoJvtBSCKPZyOJxnRqWfi5BNJo3S2SR1 +mxV967zawXiZ8MeeBl6rLhOfCBtz9g+bqrXZYoenuMn5Js2mcH0haYeMSV3UWIC4 +kinzr1EJxs+L1/hVCVBNiiDc6DXcFXoz9ZVc9kjpZTOMoZVDkRkyOeen+5Sya9wK +4teLmDLME4+pgeHCS/Wa4KrYyEWe7NpG1VTkSJnRS+fyYGTWtwEiuwT6J9U0t1d5 +hbxhM7YAhlnOEnNVmqa3Bq3yqJs9G/7gicZ7CIJ9JBHKTJzOnKfpGhxBSOgOoCOa +WW6uVCzDqfrYPmCUIKQmanB441xJFGuHVPMLBjVjswoMKGkK3gM6KMRCDYQ53u6s +FK+Jcl8HobBSezVIUKpKVX3IW9d506cE0FhSW/NvWJv0FIMVloyC2BpOjSWVgEwX +tk/m3SKPsgCAcCqzi7xlloR8+E9C2xci9cdGG5faghgSjaP6j0qDww/slRPQJc5A +DIeukkOYTCiSiDwQtblJABEBAAGJAjMEGAEIACcWIQRo0hgjNCoTaDrrPk77TGhb +XcHBPgUCZykTxQMbIAQFCQPCZwAAADcWD/4qJRLn7TcMtRMF43Yn+dX+O13YrxBC +T4n1QVmiPsGrUca4Vg1J+trV6IMsGrhktpiaV0qeL/km0h02m4gEDZKDyWWXdeWh +EXFaTVy9yCpSXUWJl5gSXTSwxrqBWyWLlLLk4UT9l9sk5mMdy0JA8unobV4M/eXQ +ggR11DL3ji7aO0hsqxyxXkJcawWjVGW5KL1EaoDKIJ/CwxOI5ipFueMIRQjQvw9A +o/w2fq11qVXY9zknk6pFkp/RDHLes+wVHDtebZfJ9xV7Mb1mf/k03dT56GaA/U3E +XvJ2FdgWR+zf+YMEa9MPDHYo2UNEvk9mOk247M8s+OeexdlkPgyKW5A8mtYuY/dR +j8W6C4pLcMWa+d/vIUpm5Guw0F5q0AWk9/FbBe9HLztEevvRnuHXmfTZeto/nCAi +Yg4pCj6p3JoN5CLebR8YtWm9AJBbX1kgVvqSU2VgwYIFsxBEz8Wu2h7z/eSCSeIg +ARFbTlJ6cBrRkXCVyhbv0LPWWUfAUqiEtdGxrA4Xx/jKrI02JjRdW/bZkXjSka8K ++cDlpcr9ixBWW5LkWsOdiL8jExfTGw25FA7Wd1HiHnBv36Mu/zb+0/I63d+fLq93 +e3lmmVx9qQF8p5Okf4ojY9YoIHVkLS7t9AgFjm/ucmpEGbXxyPk2Cr3l+b5R41x3 +dBW9kxiuWpZN3Q== +=iuRK -----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/changelog b/changelog index d464875..6e4e4ed 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,6 @@ +* Thu Dec 05 2024 Petr Lautrbach - 3.8-0.rc1.1 +SELinux userspace 3.8-rc1 release + * Tue Nov 12 2024 Vit Mojzis - 3.7-4 - cil: Check that sym_index is within bounds (RHEL-34823) - cil: Initialize avtab_datum on declaration (RHEL-34810) @@ -8,7 +11,7 @@ * Tue Oct 29 2024 Troy Dawson - 3.7-3 - Bump release for October 2024 mass rebuild (RHEL-64018) -* Fri Aug 09 2024 Vit Mojzis - 3.7-2 +* Fri Aug 09 2024 Vit Mojzis - 3.7-2 - sepol_compute_sid: Do not destroy uninitialized context (RHEL-34808) * Thu Jun 27 2024 Petr Lautrbach - 3.7-1 diff --git a/libsepol.spec b/libsepol.spec index 9a91180..74985d7 100644 --- a/libsepol.spec +++ b/libsepol.spec @@ -1,23 +1,17 @@ Summary: SELinux binary policy manipulation library Name: libsepol -Version: 3.7 -Release: 4%{?dist} +Version: 3.8 +Release: 0.rc1.1%{?dist} License: LGPL-2.1-or-later -Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/libsepol-3.7.tar.gz -Source1: https://github.com/SELinuxProject/selinux/releases/download/3.7/libsepol-3.7.tar.gz.asc +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc1/libsepol-%{version}-rc1.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc1/libsepol-%{version}-rc1.tar.gz.asc Source2: https://github.com/bachradsusi.gpg URL: https://github.com/SELinuxProject/selinux/wiki # $ git clone https://github.com/fedora-selinux/selinux.git # $ cd selinux -# $ git format-patch -N libsepol-3.7 -- libsepol +# $ git format-patch -N libsepol-3.8 -- libsepol # $ i=1; for j in 0*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # Patch list start -Patch0001: 0001-libsepol-sepol_compute_sid-Do-not-destroy-uninitiali.patch -Patch0002: 0002-libsepol-cil-Check-that-sym_index-is-within-bounds.patch -Patch0003: 0003-libsepol-cil-Initialize-avtab_datum-on-declaration.patch -Patch0004: 0004-libsepol-mls-Do-not-destroy-context-on-memory-error.patch -Patch0005: 0005-libsepol-cil-cil_post-Initialize-tmp-on-declaration.patch -Patch0006: 0006-libsepol-Initialize-strs-on-declaration.patch # Patch list end BuildRequires: make BuildRequires: gcc @@ -66,7 +60,7 @@ The libsepol-utils package contains the utilities %prep %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' -%autosetup -p 2 -n libsepol-%{version} +%autosetup -p 2 -n libsepol-%{version}-rc1 # sparc64 is an -fPIC arch, so we need to fix it here %ifarch sparc64 diff --git a/sources b/sources index a047db1..d8ffd54 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (libsepol-3.7.tar.gz) = 85d12d0ba5a7a3225f08d041a18fd59641608db5e0a78a1e9649754e45be54a807cd422d4889b88da6e806b4af546336c7a0913448f08ac33dc6ffb983890ef8 -SHA512 (libsepol-3.7.tar.gz.asc) = 1c9255d99dbcb823d8bee57e9e617bf9de3d7f45727e6190cf36472d6a489b563a1d0766607806bb498ef5bfadb4ada85c7bd343f6f82eca5c405218d0723318 +SHA512 (libsepol-3.8-rc1.tar.gz) = ef11e4b107dd25c7d9a9a63ec00eba50dbc589e4e6233be89ef500fe9ccea7e82ebfabb11190741cc4cc49d1f59d23773ce49a4d80ec8b26c61aaa9aa0db5269 +SHA512 (libsepol-3.8-rc1.tar.gz.asc) = 543e2d2e792d9973851543559b9995f9815032a1db1ce8e5a77aa96d0ed13a979aec054de489d9741065ca813a9e7148d68533d188a9e88ea62fded7b3d456e3