SELinux userspace 3.8-rc1 release
Resolves: RHEL-69451
This commit is contained in:
Petr Lautrbach
parent
eb31c5c734
commit
105d966e39
2
.gitignore
vendored
2
.gitignore
vendored
@ -196,3 +196,5 @@ libsepol-2.0.41.tgz
|
||||
/libsepol-3.6.tar.gz
|
||||
/libsepol-3.7.tar.gz
|
||||
/libsepol-3.7.tar.gz.asc
|
||||
/libsepol-3.8-rc1.tar.gz
|
||||
/libsepol-3.8-rc1.tar.gz.asc
|
||||
|
||||
@ -1,51 +0,0 @@
|
||||
From 453d54da10a96e1494ef8aea867f6c9eb8751677 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Fri, 19 Jul 2024 18:17:13 +0200
|
||||
Subject: [PATCH] libsepol/sepol_compute_sid: Do not destroy uninitialized
|
||||
context
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Avoid context_destroy() on "newcontext" before context_init() is called.
|
||||
|
||||
Fixes:
|
||||
libsepol-3.6/src/services.c:1335: var_decl: Declaring variable "newcontext" without initializer.
|
||||
libsepol-3.6/src/services.c:1462: uninit_use_in_call: Using uninitialized value "newcontext.range.level[0].cat.node" when calling "context_destroy".
|
||||
\# 1460| rc = sepol_sidtab_context_to_sid(sidtab, &newcontext, out_sid);
|
||||
\# 1461| out:
|
||||
\# 1462|-> context_destroy(&newcontext);
|
||||
\# 1463| return rc;
|
||||
\# 1464| }
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
Reviewed-by: Christian Göttsche <cgzones@googlemail.com>
|
||||
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||
---
|
||||
libsepol/src/services.c | 6 ++----
|
||||
1 file changed, 2 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/libsepol/src/services.c b/libsepol/src/services.c
|
||||
index 36e2368f..f3231f17 100644
|
||||
--- a/libsepol/src/services.c
|
||||
+++ b/libsepol/src/services.c
|
||||
@@ -1362,14 +1362,12 @@ static int sepol_compute_sid(sepol_security_id_t ssid,
|
||||
scontext = sepol_sidtab_search(sidtab, ssid);
|
||||
if (!scontext) {
|
||||
ERR(NULL, "unrecognized SID %d", ssid);
|
||||
- rc = -EINVAL;
|
||||
- goto out;
|
||||
+ return -EINVAL;
|
||||
}
|
||||
tcontext = sepol_sidtab_search(sidtab, tsid);
|
||||
if (!tcontext) {
|
||||
ERR(NULL, "unrecognized SID %d", tsid);
|
||||
- rc = -EINVAL;
|
||||
- goto out;
|
||||
+ return -EINVAL;
|
||||
}
|
||||
|
||||
if (tclass && tclass <= policydb->p_classes.nprim)
|
||||
--
|
||||
2.45.2
|
||||
|
||||
@ -1,40 +0,0 @@
|
||||
From d045edd5298a75284ce1cc289d039cce8b7a24ae Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Tue, 23 Jul 2024 16:41:57 +0200
|
||||
Subject: [PATCH] libsepol/cil: Check that sym_index is within bounds
|
||||
|
||||
Make sure sym_index is within the bounds of symtab array before using it
|
||||
to index the array.
|
||||
|
||||
Fixes:
|
||||
Error: OVERRUN (CWE-119):
|
||||
libsepol-3.6/cil/src/cil_resolve_ast.c:3157: assignment: Assigning: "sym_index" = "CIL_SYM_UNKNOWN".
|
||||
libsepol-3.6/cil/src/cil_resolve_ast.c:3189: overrun-call: Overrunning callee's array of size 19 by passing argument "sym_index" (which evaluates to 20) in call to "cil_resolve_name".
|
||||
\# 3187| switch (curr->flavor) {
|
||||
\# 3188| case CIL_STRING:
|
||||
\# 3189|-> rc = cil_resolve_name(parent, curr->data, sym_index, db, &res_datum);
|
||||
\# 3190| if (rc != SEPOL_OK) {
|
||||
\# 3191| goto exit;
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
Acked-by: James Carter <jwcart2@gmail.com>
|
||||
---
|
||||
libsepol/cil/src/cil_resolve_ast.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
|
||||
index 427a320c..da8863c4 100644
|
||||
--- a/libsepol/cil/src/cil_resolve_ast.c
|
||||
+++ b/libsepol/cil/src/cil_resolve_ast.c
|
||||
@@ -4291,7 +4291,7 @@ int cil_resolve_name_keep_aliases(struct cil_tree_node *ast_node, char *name, en
|
||||
int rc = SEPOL_ERR;
|
||||
struct cil_tree_node *node = NULL;
|
||||
|
||||
- if (name == NULL) {
|
||||
+ if (name == NULL || sym_index >= CIL_SYM_NUM) {
|
||||
cil_log(CIL_ERR, "Invalid call to cil_resolve_name\n");
|
||||
goto exit;
|
||||
}
|
||||
--
|
||||
2.47.0
|
||||
|
||||
@ -1,81 +0,0 @@
|
||||
From b332edfc248f7c5bcf651be033e2f06aa5959776 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Wed, 23 Oct 2024 15:43:15 +0200
|
||||
Subject: [PATCH] libsepol/cil: Initialize avtab_datum on declaration
|
||||
|
||||
avtab_datum.xperms was not always initialized before being used.
|
||||
|
||||
Fixes:
|
||||
Error: UNINIT (CWE-457):
|
||||
libsepol-3.7/cil/src/cil_binary.c:977:2: var_decl: Declaring variable "avtab_datum" without initializer.
|
||||
libsepol-3.7/cil/src/cil_binary.c:1059:3: uninit_use_in_call: Using uninitialized value "avtab_datum". Field "avtab_datum.xperms" is uninitialized when calling "__cil_cond_insert_rule".
|
||||
\# 1057| }
|
||||
\# 1058| }
|
||||
\# 1059|-> rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
|
||||
\# 1060| }
|
||||
|
||||
Error: UNINIT (CWE-457):
|
||||
libsepol-3.7/cil/src/cil_binary.c:1348:2: var_decl: Declaring variable "avtab_datum" without initializer.
|
||||
libsepol-3.7/cil/src/cil_binary.c:1384:3: uninit_use_in_call: Using uninitialized value "avtab_datum". Field "avtab_datum.xperms" is uninitialized when calling "__cil_cond_insert_rule".
|
||||
\# 1382| } else {
|
||||
\# 1383| avtab_datum.data = data;
|
||||
\# 1384|-> rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
|
||||
\# 1385| }
|
||||
\# 1386|
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
Acked-by: James Carter <jwcart2@gmail.com>
|
||||
---
|
||||
libsepol/cil/src/cil_binary.c | 8 ++------
|
||||
1 file changed, 2 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
|
||||
index c8144a5a..66c461eb 100644
|
||||
--- a/libsepol/cil/src/cil_binary.c
|
||||
+++ b/libsepol/cil/src/cil_binary.c
|
||||
@@ -974,7 +974,7 @@ static int __cil_insert_type_rule(policydb_t *pdb, uint32_t kind, uint32_t src,
|
||||
{
|
||||
int rc = SEPOL_OK;
|
||||
avtab_key_t avtab_key;
|
||||
- avtab_datum_t avtab_datum;
|
||||
+ avtab_datum_t avtab_datum = { .data = res, .xperms = NULL };
|
||||
avtab_ptr_t existing;
|
||||
|
||||
avtab_key.source_type = src;
|
||||
@@ -996,8 +996,6 @@ static int __cil_insert_type_rule(policydb_t *pdb, uint32_t kind, uint32_t src,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
- avtab_datum.data = res;
|
||||
-
|
||||
existing = avtab_search_node(&pdb->te_avtab, &avtab_key);
|
||||
if (existing) {
|
||||
/* Don't add duplicate type rule and warn if they conflict.
|
||||
@@ -1345,7 +1343,7 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin
|
||||
{
|
||||
int rc = SEPOL_OK;
|
||||
avtab_key_t avtab_key;
|
||||
- avtab_datum_t avtab_datum;
|
||||
+ avtab_datum_t avtab_datum = { .data = data, .xperms = NULL };
|
||||
avtab_datum_t *avtab_dup = NULL;
|
||||
|
||||
avtab_key.source_type = src;
|
||||
@@ -1371,7 +1369,6 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin
|
||||
if (!cond_node) {
|
||||
avtab_dup = avtab_search(&pdb->te_avtab, &avtab_key);
|
||||
if (!avtab_dup) {
|
||||
- avtab_datum.data = data;
|
||||
rc = avtab_insert(&pdb->te_avtab, &avtab_key, &avtab_datum);
|
||||
} else {
|
||||
if (kind == CIL_AVRULE_DONTAUDIT)
|
||||
@@ -1380,7 +1377,6 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin
|
||||
avtab_dup->data |= data;
|
||||
}
|
||||
} else {
|
||||
- avtab_datum.data = data;
|
||||
rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
|
||||
}
|
||||
|
||||
--
|
||||
2.47.0
|
||||
|
||||
@ -1,74 +0,0 @@
|
||||
From a67e7419e09e8954dd8d96baaab9ee663a00990c Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Wed, 23 Oct 2024 15:43:16 +0200
|
||||
Subject: [PATCH] libsepol/mls: Do not destroy context on memory error
|
||||
|
||||
In case of malloc error, ctx1, or ctx2 may be pointing to uninitialized
|
||||
space and context_destroy should not be used on it.
|
||||
|
||||
Fixes:
|
||||
Error: UNINIT (CWE-457):
|
||||
libsepol-3.7/src/mls.c:673:2: alloc_fn: Calling "malloc" which returns uninitialized memory.
|
||||
libsepol-3.7/src/mls.c:673:2: assign: Assigning: "ctx1" = "malloc(64UL)", which points to uninitialized data.
|
||||
libsepol-3.7/src/mls.c:699:2: uninit_use_in_call: Using uninitialized value "ctx1->range.level[0].cat.node" when calling "context_destroy".
|
||||
\# 697| ERR(handle, "could not check if mls context %s contains %s",
|
||||
\# 698| mls1, mls2);
|
||||
\# 699|-> context_destroy(ctx1);
|
||||
\# 700| context_destroy(ctx2);
|
||||
\# 701| free(ctx1);
|
||||
|
||||
Error: UNINIT (CWE-457):
|
||||
libsepol-3.7/src/mls.c:674:2: alloc_fn: Calling "malloc" which returns uninitialized memory.
|
||||
libsepol-3.7/src/mls.c:674:2: assign: Assigning: "ctx2" = "malloc(64UL)", which points to uninitialized data.
|
||||
libsepol-3.7/src/mls.c:700:2: uninit_use_in_call: Using uninitialized value "ctx2->range.level[0].cat.node" when calling "context_destroy".
|
||||
\# 698| mls1, mls2);
|
||||
\# 699| context_destroy(ctx1);
|
||||
\# 700|-> context_destroy(ctx2);
|
||||
\# 701| free(ctx1);
|
||||
\# 702| free(ctx2);
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
Acked-by: James Carter <jwcart2@gmail.com>
|
||||
---
|
||||
libsepol/src/mls.c | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/libsepol/src/mls.c b/libsepol/src/mls.c
|
||||
index 45db8920..a37405d1 100644
|
||||
--- a/libsepol/src/mls.c
|
||||
+++ b/libsepol/src/mls.c
|
||||
@@ -672,8 +672,10 @@ int sepol_mls_contains(sepol_handle_t * handle,
|
||||
context_struct_t *ctx1 = NULL, *ctx2 = NULL;
|
||||
ctx1 = malloc(sizeof(context_struct_t));
|
||||
ctx2 = malloc(sizeof(context_struct_t));
|
||||
- if (ctx1 == NULL || ctx2 == NULL)
|
||||
+ if (ctx1 == NULL || ctx2 == NULL){
|
||||
+ ERR(handle, "out of memory");
|
||||
goto omem;
|
||||
+ }
|
||||
context_init(ctx1);
|
||||
context_init(ctx2);
|
||||
|
||||
@@ -690,16 +692,14 @@ int sepol_mls_contains(sepol_handle_t * handle,
|
||||
free(ctx2);
|
||||
return STATUS_SUCCESS;
|
||||
|
||||
- omem:
|
||||
- ERR(handle, "out of memory");
|
||||
-
|
||||
err:
|
||||
- ERR(handle, "could not check if mls context %s contains %s",
|
||||
- mls1, mls2);
|
||||
context_destroy(ctx1);
|
||||
context_destroy(ctx2);
|
||||
+ omem:
|
||||
free(ctx1);
|
||||
free(ctx2);
|
||||
+ ERR(handle, "could not check if mls context %s contains %s",
|
||||
+ mls1, mls2);
|
||||
return STATUS_ERR;
|
||||
}
|
||||
|
||||
--
|
||||
2.47.0
|
||||
|
||||
@ -1,40 +0,0 @@
|
||||
From 77e225361129f02d379e930859406a61420836d7 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Wed, 23 Oct 2024 15:43:17 +0200
|
||||
Subject: [PATCH] libsepol/cil/cil_post: Initialize tmp on declaration
|
||||
|
||||
tmp.node was not always initialized before being used by
|
||||
ebitmap_destroy.
|
||||
|
||||
Fixes:
|
||||
Error: UNINIT (CWE-457):
|
||||
libsepol-3.7/cil/src/cil_post.c:1309:2: var_decl: Declaring variable "tmp" without initializer.
|
||||
libsepol-3.7/cil/src/cil_post.c:1382:6: uninit_use_in_call: Using uninitialized value "tmp.node" when calling "ebitmap_destroy".
|
||||
\# 1380| if (rc != SEPOL_OK) {
|
||||
\# 1381| cil_log(CIL_INFO, "Failed to apply operator to bitmaps\n");
|
||||
\# 1382|-> ebitmap_destroy(&tmp);
|
||||
\# 1383| goto exit;
|
||||
\# 1384| }
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
Acked-by: James Carter <jwcart2@gmail.com>
|
||||
---
|
||||
libsepol/cil/src/cil_post.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
|
||||
index ac99997f..d63a5496 100644
|
||||
--- a/libsepol/cil/src/cil_post.c
|
||||
+++ b/libsepol/cil/src/cil_post.c
|
||||
@@ -1315,6 +1315,8 @@ static int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max,
|
||||
curr = expr->head;
|
||||
flavor = expr->flavor;
|
||||
|
||||
+ ebitmap_init(&tmp);
|
||||
+
|
||||
if (curr->flavor == CIL_OP) {
|
||||
enum cil_flavor op = (enum cil_flavor)(uintptr_t)curr->data;
|
||||
|
||||
--
|
||||
2.47.0
|
||||
|
||||
@ -1,63 +0,0 @@
|
||||
From 49926e313ca995ae72d5b6bd82f3f5bbbe5ba0df Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Wed, 23 Oct 2024 15:43:18 +0200
|
||||
Subject: [PATCH] libsepol: Initialize "strs" on declaration
|
||||
|
||||
The value of "strs" was not always initialized before being used by
|
||||
strs_destroy.
|
||||
|
||||
Fixes:
|
||||
Error: UNINIT (CWE-457):
|
||||
libsepol-3.7/src/kernel_to_cil.c:1439:2: var_decl: Declaring variable "strs" without initializer.
|
||||
libsepol-3.7/src/kernel_to_cil.c:1487:2: uninit_use_in_call: Using uninitialized value "strs" when calling "strs_destroy".
|
||||
\# 1485|
|
||||
\# 1486| exit:
|
||||
\# 1487|-> strs_destroy(&strs);
|
||||
\# 1488|
|
||||
\# 1489| if (rc != 0) {
|
||||
|
||||
Error: UNINIT (CWE-457):
|
||||
libsepol-3.7/src/kernel_to_conf.c:1422:2: var_decl: Declaring variable "strs" without initializer.
|
||||
libsepol-3.7/src/kernel_to_conf.c:1461:2: uninit_use_in_call: Using uninitialized value "strs" when calling "strs_destroy".
|
||||
\# 1459|
|
||||
\# 1460| exit:
|
||||
\# 1461|-> strs_destroy(&strs);
|
||||
\# 1462|
|
||||
\# 1463| if (rc != 0) {
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
Acked-by: James Carter <jwcart2@gmail.com>
|
||||
---
|
||||
libsepol/src/kernel_to_cil.c | 2 +-
|
||||
libsepol/src/kernel_to_conf.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
|
||||
index f94cb245..9c2690be 100644
|
||||
--- a/libsepol/src/kernel_to_cil.c
|
||||
+++ b/libsepol/src/kernel_to_cil.c
|
||||
@@ -1436,7 +1436,7 @@ static int map_type_aliases_to_strs(char *key, void *data, void *args)
|
||||
static int write_type_alias_rules_to_cil(FILE *out, struct policydb *pdb)
|
||||
{
|
||||
type_datum_t *alias;
|
||||
- struct strs *strs;
|
||||
+ struct strs *strs = NULL;
|
||||
char *name;
|
||||
char *type;
|
||||
unsigned i, num = 0;
|
||||
diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
|
||||
index ca91ffae..661546af 100644
|
||||
--- a/libsepol/src/kernel_to_conf.c
|
||||
+++ b/libsepol/src/kernel_to_conf.c
|
||||
@@ -1419,7 +1419,7 @@ static int map_type_aliases_to_strs(char *key, void *data, void *args)
|
||||
static int write_type_alias_rules_to_conf(FILE *out, struct policydb *pdb)
|
||||
{
|
||||
type_datum_t *alias;
|
||||
- struct strs *strs;
|
||||
+ struct strs *strs = NULL;
|
||||
char *name;
|
||||
char *type;
|
||||
unsigned i, num = 0;
|
||||
--
|
||||
2.47.0
|
||||
|
||||
121
bachradsusi.gpg
121
bachradsusi.gpg
@ -316,6 +316,123 @@ kAIi0B1szn0K13qRqBIwjnWL+orP1KLzvczCH6yD0FZY90CDdMtM0VB6AqT4BFh6
|
||||
5+ygjA4YiA7fFYBm8510ybUcNfzU3gUIJ5pF8MdGizO54tCPSK6U+iVRY4qfCFdu
|
||||
IiOZ7FUUn78VIxQUMYMrozy7kn/0PQZa7KKRbXJ8sg0sgrQapwpgUjdMwuYZPGGv
|
||||
1Jw5/+WUGWMbGxmlpHcEOmsPZpITH557M/kHyk9Ud0iKwciBI2mGLxiafCuLrUY4
|
||||
TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfg==
|
||||
=I8Dr
|
||||
TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfpkCDQRnKRF7ARAAo5H9/6cStbyjWFeb
|
||||
G6qDn6pT+4v1rlbRZo0rYwWkDmEAjOZMRC9SJipTCdQeNFlv6HEiiCvl3bmZIqrZ
|
||||
+zvLI6U1+2dH7k06xNqIFLTV0zbr+tUkOwspg5nr59KsuNP01WBS0ELzunO/zHj+
|
||||
BOEdPg1KvB0IQFtqAwaAfuny67YvTr9O7Yz07ZCfTxPtHf6FJ80FPeRa0LoZYnW4
|
||||
UmSGtm1f59VD9+qe4yhRtNanamXUKjf8BTw0rQwjoJhVT5Mg0Z6hW6fhFrD57Lgd
|
||||
8fBi5ZHHUlR4z1+nqGCUoHlHjc0JVyK8j8fofKafow/79ITaOqBzv+P3psY9ecBg
|
||||
7wGaOHrqzRzRxAfKYRO2IaFHRGnsEE8FnwSEL00uPVxpiiTavrLJFEjku9GmP3OY
|
||||
3rbwIPXbw1m9mZG1yAVbSEEf58WSWeoBp0O6qrwAdIbdgUX4BkQ8bX5MtUjXp5tm
|
||||
0StmjQiZ7O91cg0VuWtrfj/I4E3xtloNzhtG2QLI4s7iAL1orhClxEuZRO9alUCS
|
||||
cnRvhmw2Dh6sB6i56evcZdUFwxMXOByxfWr0fxX4QlR8jYqMPj7UMNj2PccTBOQX
|
||||
umIW2cdGEeni9vrE9cLfZRSNCwPWAXWtr1zQW54Jx5DjCGHobQk53Z7kE+MZVAje
|
||||
gOaT0u50cljBNfJootuln4+gbGMAEQEAAbQlUGV0ciBMYXV0cmJhY2ggPGxhdXRy
|
||||
YmFjaEByZWRoYXQuY29tPokCVwQTAQgAQRYhBGjSGCM0KhNoOus+TvtMaFtdwcE+
|
||||
BQJnKRF7AhsDBQkDwmcABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEPtM
|
||||
aFtdwcE+doMQAI5mnNA8aH0dfeOZnz/NrMwY6H7jK/+lYatCx05e1TfK+zz9feRK
|
||||
sxgP3Pjj0p9igo3jIdPcN5/YnlmVEeplDmSiKOOdendviy+sA8sukMo07Q+m1pYW
|
||||
NzFtyiZd+c44mp9I1l7h6rktIY9XDedrlAkNog1VlUet9eNpmgXt2OmJNDmYftWc
|
||||
KIpyw/ZLaubjRcAmxwsn7I6dWnT66Ffg9H8trcRlWipVWP8imO0EIpwC8RbhuNgk
|
||||
xjt/cVf3CEpzokF4n0k3nqYmt90NNtGc0kG5QAlTvlUuHpNWzuzvdAPtMy3KEaXI
|
||||
fu3IEZeIKCxSgWXTm7zRKUn0F6jKAsLXhK/WOA1Aa7NdAUwMxrEndfNoqBrusaLD
|
||||
lpzWU7USv2YT+Pf3aQ7u1szg2J8V5eqRP+E8wwe54RNCgQrcDgUq5abyncsvull3
|
||||
GqJvzvZC7/Q3Th/g5Wc+dRaGBz0O9FBuRPQwjrnB932xW1fDf17cScpVKAvV/jwn
|
||||
tpWXf7nSv2M0o9fihnTBl4d2c2EBKtTdp5W0IpeRl5uLad3AYoouP6RoZ+/Id/Zg
|
||||
NeaQKH/ZlCxk5S9GLzYhm665ysOYRkh7NfoThRtvAqAeDcTKWGDG1nQok2KKOSyq
|
||||
S81PT2AlMz7A26R0vsH/9lQ1uZFIhIGbxZXlGERZwXd1s+lgfWTbB5K+iQIzBBAB
|
||||
CAAdFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmcpGAUACgkQvDkF8jUXnPFdGQ/+
|
||||
L7uA7EMB+Yh0urhZuOltZSNtge6b+UbLZTd8DRsf044e+Z0NJWdQ2saLBptGhIcn
|
||||
as4Qd0gS+QkWB7lMrJ31uux15ZBjFsGtyqK+VoH8JIPvV8Mr5XojqA+UYUpXP6ns
|
||||
ILrdkUvNzpeA51IxYuVMWcut8SUVYzjD11YG1P8LFzydsImaYe7se+RE85F3/2Po
|
||||
kZNe0d0Gh36uyfJSND80XrrxLpROgabQgHNG0drL/DHjdoa3F0V5EUoG7NBwUrmB
|
||||
RlWKYCLUFfW+8mQn6RVK8JIV9WaHrzi/KAZLonZb5dCjO0e+Ol16pyUofLA8SN7B
|
||||
aqjens8ho297GtE3darkXmj5p3p4YPur/D+oZCNIH+BYMsht46VtE3v6V10P8KA2
|
||||
6MgNo5qME1Q0kC1DUYi68cPeDgrQBMWa+nF+m9i2aGeAyi3qDhZu03JLhOYAhv45
|
||||
OVRawm9vFqyKiBRANVogTRr+ch4zywaapwfVLQ+xiwVLqlT5n/iIzWCQ0hA15eKZ
|
||||
gJV0kTXL4OWKBeJqSNnnLVm4AhZ2OpKHMsjE7BEopvCe9JZWFIrjtQ9TrriByOx0
|
||||
3anWkmm7b4lZ1HKDOI/Cxyz8BZvYizo7hSOdGjLrFBTD/Wk0swvpzB4NKh5I6N7k
|
||||
gppXMTaWp36+KmQx66JzaZjepGl1VMNFdgiP6Sw6pO+5Ag0EZykRewEQAK4EY+06
|
||||
GeuX4wLlUqAMWCnbFELuhBZGWFLEIvP6WJS1WOvee45RVcpVfYMp3AqymiNRahAl
|
||||
RMtSQ9YtXSdlBPkhtNcoV/hqjcNywMdbsy+Rs27pRk/DJVC0yVL4ABrSSlwhfNa4
|
||||
6X4ZvPr8GGDvjAUhK6NXQ7WrZJxYR9/U0nqRGtGuPBLhFey1H60n5axP8+2f9pFC
|
||||
NbDJ13HbrhVju+RUeE8Gq5WJI5dea5SfYnXFERsT/zO+pw7ZaaSDmWKR1a88P6Bk
|
||||
DD7e63ZIaAa849M/Dz+OgzNEgbyRjvgbO0OEIrS2x61lGoW7F9prEgzj97NIiBu6
|
||||
qpNCYJefkpfPENrk+wmOUthJfh6E7uphlliQams6dqXAc3Z+xBN9jFf74RpzVmIP
|
||||
K/MFNr0EcUMFgURpBtaTrk4dGMh++v5i4qKxxwJHf4RsGCDsgH9ZZDemKz5q8uFN
|
||||
TI1kbTnsKNt+d7L45U+3/mRm4l22g8eu+AvD6R4GfKjsyzEFCyGK7TmVYj0Y+EGR
|
||||
9+YbRQ1GahXqtrR/aLC09LSyxQTqYfKU8KusnoceEbBOigEZUNPybpzibwHl1VEV
|
||||
9crR5eT8MPHgs8xdpjQ7gRuPi12fvc83unpUsNIHSCxZqXoilGsz2+zpX2si3PxB
|
||||
tK/tTo6ZFRLijhHs250Y1agp4MyXYq91A2VTABEBAAGJAjwEGAEIACYWIQRo0hgj
|
||||
NCoTaDrrPk77TGhbXcHBPgUCZykRewIbDAUJA8JnAAAKCRD7TGhbXcHBPozGD/0Y
|
||||
fkktGwGq2vPZUI/Fscv+VnEqVt94dBnS0/6GyYvhI7Tf81v+72URlQeX8TUQox9B
|
||||
8d3Aru5b2+iSkPcvH70PbY8jt/yTwHtSlFzf6+YPIl+oyTz7DoiILSjrO51ntl8g
|
||||
KmIb8Q9W74xV6VFIJ4m8rH04MKFpIlzUDq660JYQIGtOUFugSfg7aLVU/0j4WKKE
|
||||
KfAfg93wYTKKd+JgRFy4FZPriem7HvlUSi2VKffdrrUF/PX35X74iKdPQoEADZi8
|
||||
KkMZULDtyQ6ZOu2hiDpArjo5hDadKM314Z65VnM11hjiEhmTF3IyGBllb0qBIk0L
|
||||
nBVHuMYmiqBNJEbaqHLqIju8/RvFlYV+AMISeA7B68knbJcao13ogtDpuJ4hpgCj
|
||||
j2B1n0NWMcju0gteu1sfsIaQbWHevH2vgl5LJDCNtUJN/NoWB2Uov27wEvsongwY
|
||||
3du40TnM+5ejwf4r8D3wX+JpVCAhfr3Oc0knw14nRqFPAe1E7DNURJ8xfEV9iPRA
|
||||
swo6qoh7IIxNETUG1rywRExNt6tHsojx0Wb0I0IB7CnWRK9F6oNRp0S4kVgp+Jeh
|
||||
a9NGXFK2hn8qBD/rpUPsj/OdkiBN+C7Ai07rCNez+IKdnUfXkOJqLCOyeUwC9WPl
|
||||
uFPB9RnnghYM4xhMWf8XvSLOOk/vgPxiqR5ANLObsbkCDQRnKRLhARAAuh+b2Oxj
|
||||
9q+RRZ+pkDVf/M6P01yDmDhwtYHzi/LW8PFHC6iQlzMReyv1R5n3uCEpAZ++mdUe
|
||||
Cgo2TmFnYdpmxEgdaMIW98uqe4fuHhoXU2Mh4eiN7jyJvXQCsijCDYzifoj03HY7
|
||||
nTVjw4+BSSu9kA3/vEqU9A5YjG01MmVSMaIaTrqZqsnypK6r2exJa7YVRYwRqpLY
|
||||
C5ksikDVK9ftdfhjnsnYGS4pYyfMNSHY1KBMpHjT7wEkM+KZ2WRpjTZZ7nP9u4Lf
|
||||
fJMKgcclRgf+13CeSaJfVIhjJlxGVLkloE8XJbOeh2vkK257e9BenEFgQnyLCpGJ
|
||||
8YNsnsJVhxU1aA62dT7jmnOVMBhnGoNhMyzzfvUw0REz2VbpZBkiwZRfZ9MWUBsy
|
||||
bneH8NwzZMQQLCc/yo/jnPrmDS+tgl4CXGzBtpxPUZSMuY4tHZZ2vBb0zcfhY7P1
|
||||
CrHuylXLFzkOO/XRP3w1F8I1UqJCjdTKjdjCDF/VWtedHee1iEsSHxPGH8fHp4Qp
|
||||
rBDDwZ4NnfilYNHMDWm6U1bzhX2ynqcGArQSd1Ny/oL7JzE1qoH/nNrwVvOSSNWF
|
||||
UTXFXeLy+SOXJdFJpGP+/wV+gYfyczoUP6vmCdK1Hs15WQvKzyP/nmLS5uLilfxV
|
||||
KrxZDI6SNrS4f/XkHcGnYByFKUhq5gVN0ZcAEQEAAYkEcgQYAQgAJhYhBGjSGCM0
|
||||
KhNoOus+TvtMaFtdwcE+BQJnKRLhAhsCBQkDwmcAAkAJEPtMaFtdwcE+wXQgBBkB
|
||||
CAAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmcpEuEACgkQzcroySfGvjExiQ//
|
||||
TKQ2Ci+sqNSVIcwg/k0Go1i4cA7lhKNdYRBCaIThB9jMqNg2zgPzgELBcaVJL8xw
|
||||
0E2x2ZvBejM4X+eTrmkdufcxHR8B/zBF8oPlD2pgs/zZmZEO1gq4Cdab7yIoVNNr
|
||||
foCZShxOCPR2wIixcYZtt5f7Z3zSXqkjIec6sTOedT75ZXrpQbvINeUkvOJfMCOi
|
||||
ailauvDfv8k5iJUVbP+Dx1vOc88bvewVJcbLID4HIRr/PS+k1D10zGbnF71TnxGZ
|
||||
r7anMZCSFCHJ5WV+BSwHHKtxRy+bJ1x9ML45Jcr1anTXeaHIeSKNzFBigJQSgHv0
|
||||
euegkD3Rmw+IcxNb4l536selaNR0UAwx1DC1qpjBtnE9/pXdTEsZQxq9kMrj0d+f
|
||||
VKFjOKADVIpkx7o0dZ1jmbUmdjQVyGDgHE+Emgdd726/2ftWriW2uPeUC6YZiqbt
|
||||
vBnCnwF+aV6P1nrE0BWJchLyBjDCe5Y2oXBAYF6xwpDPfMPr4oscqzPV4TWVULBi
|
||||
brtRWgSxmvinIGFx9T9wQCVfX254dqBaAEhRMImoT/YP+6evRZKqQODRhI44OG7u
|
||||
V71IVAJ8BHEBN8hxvQM3WPs1fhwMBFCyGfr/x/U4/c78R9JhxkU9VwmMbLGQP7VP
|
||||
1QgfiHqZpHMk8ZUmQn6KLeurzWcnwPFkwgFPZED8OQOMXxAAio3DhWr5KDd3mICH
|
||||
ALNY0A2ipb/JH6LSHxu0S3MLa/bF6PbqRY1+fKMT/cFVxln99rNUrX+hDRbc7qbh
|
||||
KkxvGmcnXnkcTHah9bfUghEanlKkBr1g1ik3zgEnpO/x3+X39Ov+ge92MDawV0nq
|
||||
k9R/9tS+ZD/ph72Q9kx3ZfVNSL0eWxjuwBzFW0Zwh5TAX4raSmyQCmAXi05O3YmN
|
||||
iq4arSUg5oAOMRZ+d96DsrAS4Sdtlx6/CuKTBzEaGPQLQ9wJNB0Vmd/eQWTP99KY
|
||||
cAdIwj5BJ5P0Z7+xhsVjQOntn4otnP6vN6RuDtYrS6M7TCN/ZeKCvN/G0nRac4D+
|
||||
IJX3CYYtYXgaoDuoetUWtc7O5PzHRETaBt/46ob2lzf6cT5QyVujTfz+i0rGEc63
|
||||
pvXK8mV+K7BFY/DHpdEhl1pDw2YYLbBmUthQWdsL6/TVvpMe/wZadvJ/by3AeRzQ
|
||||
eusUucuSo9UNN7Yj8u3dRhxNgsSiU96A/SFlAoB5s3Onh5K4WEVCBu/INjdi+r2B
|
||||
LJePSnA3I7VkRE9Haf1D28jtBzm3Xbft2rs3lO18FcCqw6kd7Ih3e0tZ8uUG9UDv
|
||||
qTDHTUHLAWvwrq38gKKAu2RMaU06A5kR87RcQiizxOwBIwiHuUWMU4/Hyx6fXsOD
|
||||
hEs0O6AFDarNDZGee2amKTAyZpG5Ag0EZykTxQEQAOwGV1boBD3vDLsoAT62nGxb
|
||||
SqXiBsObxnpWbNifOzM9BUGPOIpHsSH32PZGG/+LNjNdECfyyP1RysH5OT7j92Q8
|
||||
vgRQoG3X985gbOjYyZc0xvAkTSvWxOiy5CuF3X8sJ3NSerQDXwjP9qVqLVj/3FB8
|
||||
nka1HFS7KzC3Zo/kzCoxeZ3/hV3PTWIjcoJvtBSCKPZyOJxnRqWfi5BNJo3S2SR1
|
||||
mxV967zawXiZ8MeeBl6rLhOfCBtz9g+bqrXZYoenuMn5Js2mcH0haYeMSV3UWIC4
|
||||
kinzr1EJxs+L1/hVCVBNiiDc6DXcFXoz9ZVc9kjpZTOMoZVDkRkyOeen+5Sya9wK
|
||||
4teLmDLME4+pgeHCS/Wa4KrYyEWe7NpG1VTkSJnRS+fyYGTWtwEiuwT6J9U0t1d5
|
||||
hbxhM7YAhlnOEnNVmqa3Bq3yqJs9G/7gicZ7CIJ9JBHKTJzOnKfpGhxBSOgOoCOa
|
||||
WW6uVCzDqfrYPmCUIKQmanB441xJFGuHVPMLBjVjswoMKGkK3gM6KMRCDYQ53u6s
|
||||
FK+Jcl8HobBSezVIUKpKVX3IW9d506cE0FhSW/NvWJv0FIMVloyC2BpOjSWVgEwX
|
||||
tk/m3SKPsgCAcCqzi7xlloR8+E9C2xci9cdGG5faghgSjaP6j0qDww/slRPQJc5A
|
||||
DIeukkOYTCiSiDwQtblJABEBAAGJAjMEGAEIACcWIQRo0hgjNCoTaDrrPk77TGhb
|
||||
XcHBPgUCZykTxQMbIAQFCQPCZwAAADcWD/4qJRLn7TcMtRMF43Yn+dX+O13YrxBC
|
||||
T4n1QVmiPsGrUca4Vg1J+trV6IMsGrhktpiaV0qeL/km0h02m4gEDZKDyWWXdeWh
|
||||
EXFaTVy9yCpSXUWJl5gSXTSwxrqBWyWLlLLk4UT9l9sk5mMdy0JA8unobV4M/eXQ
|
||||
ggR11DL3ji7aO0hsqxyxXkJcawWjVGW5KL1EaoDKIJ/CwxOI5ipFueMIRQjQvw9A
|
||||
o/w2fq11qVXY9zknk6pFkp/RDHLes+wVHDtebZfJ9xV7Mb1mf/k03dT56GaA/U3E
|
||||
XvJ2FdgWR+zf+YMEa9MPDHYo2UNEvk9mOk247M8s+OeexdlkPgyKW5A8mtYuY/dR
|
||||
j8W6C4pLcMWa+d/vIUpm5Guw0F5q0AWk9/FbBe9HLztEevvRnuHXmfTZeto/nCAi
|
||||
Yg4pCj6p3JoN5CLebR8YtWm9AJBbX1kgVvqSU2VgwYIFsxBEz8Wu2h7z/eSCSeIg
|
||||
ARFbTlJ6cBrRkXCVyhbv0LPWWUfAUqiEtdGxrA4Xx/jKrI02JjRdW/bZkXjSka8K
|
||||
+cDlpcr9ixBWW5LkWsOdiL8jExfTGw25FA7Wd1HiHnBv36Mu/zb+0/I63d+fLq93
|
||||
e3lmmVx9qQF8p5Okf4ojY9YoIHVkLS7t9AgFjm/ucmpEGbXxyPk2Cr3l+b5R41x3
|
||||
dBW9kxiuWpZN3Q==
|
||||
=iuRK
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
@ -1,3 +1,6 @@
|
||||
* Thu Dec 05 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.8-0.rc1.1
|
||||
SELinux userspace 3.8-rc1 release
|
||||
|
||||
* Tue Nov 12 2024 Vit Mojzis <vmojzis@redhat.com> - 3.7-4
|
||||
- cil: Check that sym_index is within bounds (RHEL-34823)
|
||||
- cil: Initialize avtab_datum on declaration (RHEL-34810)
|
||||
|
||||
@ -1,23 +1,17 @@
|
||||
Summary: SELinux binary policy manipulation library
|
||||
Name: libsepol
|
||||
Version: 3.7
|
||||
Release: 4%{?dist}
|
||||
Version: 3.8
|
||||
Release: 0.rc1.1%{?dist}
|
||||
License: LGPL-2.1-or-later
|
||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/libsepol-3.7.tar.gz
|
||||
Source1: https://github.com/SELinuxProject/selinux/releases/download/3.7/libsepol-3.7.tar.gz.asc
|
||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc1/libsepol-%{version}-rc1.tar.gz
|
||||
Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc1/libsepol-%{version}-rc1.tar.gz.asc
|
||||
Source2: https://github.com/bachradsusi.gpg
|
||||
URL: https://github.com/SELinuxProject/selinux/wiki
|
||||
# $ git clone https://github.com/fedora-selinux/selinux.git
|
||||
# $ cd selinux
|
||||
# $ git format-patch -N libsepol-3.7 -- libsepol
|
||||
# $ git format-patch -N libsepol-3.8 -- libsepol
|
||||
# $ i=1; for j in 0*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||
# Patch list start
|
||||
Patch0001: 0001-libsepol-sepol_compute_sid-Do-not-destroy-uninitiali.patch
|
||||
Patch0002: 0002-libsepol-cil-Check-that-sym_index-is-within-bounds.patch
|
||||
Patch0003: 0003-libsepol-cil-Initialize-avtab_datum-on-declaration.patch
|
||||
Patch0004: 0004-libsepol-mls-Do-not-destroy-context-on-memory-error.patch
|
||||
Patch0005: 0005-libsepol-cil-cil_post-Initialize-tmp-on-declaration.patch
|
||||
Patch0006: 0006-libsepol-Initialize-strs-on-declaration.patch
|
||||
# Patch list end
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
@ -66,7 +60,7 @@ The libsepol-utils package contains the utilities
|
||||
|
||||
%prep
|
||||
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||
%autosetup -p 2 -n libsepol-%{version}
|
||||
%autosetup -p 2 -n libsepol-%{version}-rc1
|
||||
|
||||
# sparc64 is an -fPIC arch, so we need to fix it here
|
||||
%ifarch sparc64
|
||||
|
||||
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (libsepol-3.7.tar.gz) = 85d12d0ba5a7a3225f08d041a18fd59641608db5e0a78a1e9649754e45be54a807cd422d4889b88da6e806b4af546336c7a0913448f08ac33dc6ffb983890ef8
|
||||
SHA512 (libsepol-3.7.tar.gz.asc) = 1c9255d99dbcb823d8bee57e9e617bf9de3d7f45727e6190cf36472d6a489b563a1d0766607806bb498ef5bfadb4ada85c7bd343f6f82eca5c405218d0723318
|
||||
SHA512 (libsepol-3.8-rc1.tar.gz) = ef11e4b107dd25c7d9a9a63ec00eba50dbc589e4e6233be89ef500fe9ccea7e82ebfabb11190741cc4cc49d1f59d23773ce49a4d80ec8b26c61aaa9aa0db5269
|
||||
SHA512 (libsepol-3.8-rc1.tar.gz.asc) = 543e2d2e792d9973851543559b9995f9815032a1db1ce8e5a77aa96d0ed13a979aec054de489d9741065ca813a9e7148d68533d188a9e88ea62fded7b3d456e3
|
||||
|
||||
Loading…
Reference in New Issue
Block a user