policycoreutils-3.2-5
- Use SHA-2 instead of SHA-1 (#1934964) Resolves: rhbz#1977191 - Fix COPY_PASTE_ERROR (CWE-398) Resolves: rhbz#1938843
This commit is contained in:
parent
bb24785ce9
commit
0ce93abfc4
@ -1,4 +1,4 @@
|
|||||||
From d36c5c43d17896ebd655f8bdc6e0303dcbf2f47b Mon Sep 17 00:00:00 2001
|
From 6cfebe787e258c4c62dbf2018d0a08bc8b70e445 Mon Sep 17 00:00:00 2001
|
||||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
Date: Fri, 19 Mar 2021 22:30:59 +0100
|
Date: Fri, 19 Mar 2021 22:30:59 +0100
|
||||||
Subject: [PATCH] policycoreutils/setfiles: do not create useless
|
Subject: [PATCH] policycoreutils/setfiles: do not create useless
|
||||||
@ -63,5 +63,5 @@ index a3bbbe116b7f..63d818509791 100644
|
|||||||
indent:
|
indent:
|
||||||
../../scripts/Lindent $(wildcard *.[ch])
|
../../scripts/Lindent $(wildcard *.[ch])
|
||||||
--
|
--
|
||||||
2.31.1
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 38d88fc70844b6f5b02883172af6df7bbd05de24 Mon Sep 17 00:00:00 2001
|
From 26a4c19ecff545324aa21eb0afbc3d10d3356313 Mon Sep 17 00:00:00 2001
|
||||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
Date: Mon, 1 Mar 2021 18:19:22 +0100
|
Date: Mon, 1 Mar 2021 18:19:22 +0100
|
||||||
Subject: [PATCH] fixfiles: do not exclude /dev and /run in -C mode
|
Subject: [PATCH] fixfiles: do not exclude /dev and /run in -C mode
|
||||||
@ -24,10 +24,10 @@ Acked-by: Petr Lautrbach <plautrba@redhat.com>
|
|||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
||||||
index e73bb81c3336..cb20002ab613 100755
|
index 30dadb4f4cb6..6fb12e0451a9 100755
|
||||||
--- a/policycoreutils/scripts/fixfiles
|
--- a/policycoreutils/scripts/fixfiles
|
||||||
+++ b/policycoreutils/scripts/fixfiles
|
+++ b/policycoreutils/scripts/fixfiles
|
||||||
@@ -163,7 +163,7 @@ newer() {
|
@@ -162,7 +162,7 @@ newer() {
|
||||||
#
|
#
|
||||||
diff_filecontext() {
|
diff_filecontext() {
|
||||||
EXCLUDEDIRS="`exclude_dirs_from_relabelling`"
|
EXCLUDEDIRS="`exclude_dirs_from_relabelling`"
|
||||||
@ -36,7 +36,7 @@ index e73bb81c3336..cb20002ab613 100755
|
|||||||
[ -e $i ] && EXCLUDEDIRS="${EXCLUDEDIRS} -e $i";
|
[ -e $i ] && EXCLUDEDIRS="${EXCLUDEDIRS} -e $i";
|
||||||
done
|
done
|
||||||
LogExcluded
|
LogExcluded
|
||||||
@@ -176,7 +176,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
|
@@ -175,7 +175,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
|
||||||
sed -r -e 's,:s0, ,g' $FC | sort -u | \
|
sed -r -e 's,:s0, ,g' $FC | sort -u | \
|
||||||
/usr/bin/diff -b ${PREFCTEMPFILE} - | \
|
/usr/bin/diff -b ${PREFCTEMPFILE} - | \
|
||||||
grep '^[<>]'|cut -c3-| grep ^/ | \
|
grep '^[<>]'|cut -c3-| grep ^/ | \
|
||||||
@ -46,5 +46,5 @@ index e73bb81c3336..cb20002ab613 100755
|
|||||||
-e 's|\(([/[:alnum:]]+)\)\?|{\1,}|g' \
|
-e 's|\(([/[:alnum:]]+)\)\?|{\1,}|g' \
|
||||||
-e 's|([/[:alnum:]])\?|{\1,}|g' \
|
-e 's|([/[:alnum:]])\?|{\1,}|g' \
|
||||||
--
|
--
|
||||||
2.31.1
|
2.32.0
|
||||||
|
|
49
0003-policycoreutils-silence-Wextra-semi-stmt-warning.patch
Normal file
49
0003-policycoreutils-silence-Wextra-semi-stmt-warning.patch
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
From e45bc870946ad3c984595a679df86b424f24d09d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nicolas Iooss <nicolas.iooss@m4x.org>
|
||||||
|
Date: Sat, 3 Jul 2021 16:31:21 +0200
|
||||||
|
Subject: [PATCH] policycoreutils: silence -Wextra-semi-stmt warning
|
||||||
|
|
||||||
|
On Ubuntu 20.04, when building with clang -Werror -Wextra-semi-stmt
|
||||||
|
(which is not the default build configuration), the compiler reports:
|
||||||
|
|
||||||
|
secon.c:686:3: error: empty expression statement has no effect;
|
||||||
|
remove unnecessary ';' to silence this warning
|
||||||
|
[-Werror,-Wextra-semi-stmt]
|
||||||
|
};
|
||||||
|
^
|
||||||
|
|
||||||
|
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
||||||
|
---
|
||||||
|
policycoreutils/newrole/newrole.c | 2 +-
|
||||||
|
policycoreutils/secon/secon.c | 2 +-
|
||||||
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
|
||||||
|
index 36e2ba9c25d9..0264531acef4 100644
|
||||||
|
--- a/policycoreutils/newrole/newrole.c
|
||||||
|
+++ b/policycoreutils/newrole/newrole.c
|
||||||
|
@@ -96,7 +96,7 @@
|
||||||
|
#define USAGE_STRING "USAGE: newrole [ -r role ] [ -t type ] [ -l level ] [ -p ] [ -V ] [ -- args ]"
|
||||||
|
|
||||||
|
#ifdef USE_PAM
|
||||||
|
-#define PAM_SERVICE_CONFIG "/etc/selinux/newrole_pam.conf";
|
||||||
|
+#define PAM_SERVICE_CONFIG "/etc/selinux/newrole_pam.conf"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define DEFAULT_PATH "/usr/bin:/bin"
|
||||||
|
diff --git a/policycoreutils/secon/secon.c b/policycoreutils/secon/secon.c
|
||||||
|
index d257a9a1ca6c..a0957d0914e1 100644
|
||||||
|
--- a/policycoreutils/secon/secon.c
|
||||||
|
+++ b/policycoreutils/secon/secon.c
|
||||||
|
@@ -683,7 +683,7 @@ static void disp_con(const char *scon_raw)
|
||||||
|
color.range_bg = strtok(NULL, " ");
|
||||||
|
|
||||||
|
color.valid = 1;
|
||||||
|
- };
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (!(con = context_new(scon)))
|
||||||
|
errx(EXIT_FAILURE, "Couldn't create context from: %s", scon);
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
@ -0,0 +1,33 @@
|
|||||||
|
From d8b9bd5c2a90d6855478f05c8fb38bd5df2733a2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||||
|
Date: Wed, 14 Jul 2021 20:13:41 +0200
|
||||||
|
Subject: [PATCH] policycoreutils: free memory on lstat failure in sestatus
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
In case lstat(3) fails the memory is not free'd at the end of the for
|
||||||
|
loop, due to the control flow change by continue.
|
||||||
|
|
||||||
|
Found by scan-build.
|
||||||
|
|
||||||
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
||||||
|
---
|
||||||
|
policycoreutils/sestatus/sestatus.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c
|
||||||
|
index b37f03533afd..ceee0d523f9a 100644
|
||||||
|
--- a/policycoreutils/sestatus/sestatus.c
|
||||||
|
+++ b/policycoreutils/sestatus/sestatus.c
|
||||||
|
@@ -461,6 +461,7 @@ int main(int argc, char **argv)
|
||||||
|
("%s (could not check link status (%s)!)\n",
|
||||||
|
context, strerror(errno));
|
||||||
|
freecon(context);
|
||||||
|
+ free(fc[i]);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (S_ISLNK(m.st_mode)) {
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
@ -0,0 +1,42 @@
|
|||||||
|
From f0c354afc07419cfe4f61b72f604a648c995943e Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||||
|
Date: Wed, 14 Jul 2021 20:13:42 +0200
|
||||||
|
Subject: [PATCH] policycoreutils: free memory of allocated context in run_init
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Found by scan-build.
|
||||||
|
|
||||||
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
||||||
|
---
|
||||||
|
policycoreutils/run_init/run_init.c | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/run_init/run_init.c b/policycoreutils/run_init/run_init.c
|
||||||
|
index 1c5eb68e7e73..545490a25918 100644
|
||||||
|
--- a/policycoreutils/run_init/run_init.c
|
||||||
|
+++ b/policycoreutils/run_init/run_init.c
|
||||||
|
@@ -406,14 +406,19 @@ int main(int argc, char *argv[])
|
||||||
|
|
||||||
|
if (chdir("/")) {
|
||||||
|
perror("chdir");
|
||||||
|
+ free(new_context);
|
||||||
|
exit(-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (setexeccon(new_context) < 0) {
|
||||||
|
fprintf(stderr, _("Could not set exec context to %s.\n"),
|
||||||
|
new_context);
|
||||||
|
+ free(new_context);
|
||||||
|
exit(-1);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ free(new_context);
|
||||||
|
+
|
||||||
|
if (access("/usr/sbin/open_init_pty", X_OK) != 0) {
|
||||||
|
if (execvp(argv[1], argv + 1)) {
|
||||||
|
perror("execvp");
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
@ -0,0 +1,30 @@
|
|||||||
|
From 32611aea6543e3a8f32635857e37b4332b0b5c99 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||||
|
Date: Wed, 14 Jul 2021 20:13:43 +0200
|
||||||
|
Subject: [PATCH] policycoreutils: free memory of allocated context in newrole
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Found by scan-build.
|
||||||
|
|
||||||
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
||||||
|
---
|
||||||
|
policycoreutils/newrole/newrole.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
|
||||||
|
index 0264531acef4..7c1f062f5a2a 100644
|
||||||
|
--- a/policycoreutils/newrole/newrole.c
|
||||||
|
+++ b/policycoreutils/newrole/newrole.c
|
||||||
|
@@ -1239,6 +1239,7 @@ int main(int argc, char *argv[])
|
||||||
|
free(pw.pw_dir);
|
||||||
|
free(pw.pw_shell);
|
||||||
|
free(shell_argv0);
|
||||||
|
+ free(new_context);
|
||||||
|
return exit_code;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 560cf8a87edbae33ed5320355890e11c4e1227f5 Mon Sep 17 00:00:00 2001
|
From 6f2adee92a62777aa1a7371a23b4cb08b9a8ac7e Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Thu, 20 Aug 2015 12:58:41 +0200
|
Date: Thu, 20 Aug 2015 12:58:41 +0200
|
||||||
Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
|
Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
|
||||||
@ -22,5 +22,5 @@ index eaa500d08143..4774528027ef 100644
|
|||||||
cat > ~/seremote << __EOF
|
cat > ~/seremote << __EOF
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From ba8c8a07d0ba68035acc9bd5340910588064f6f7 Mon Sep 17 00:00:00 2001
|
From 31e28c2217b5ac4c12d60c97d08f0c062f0fce37 Mon Sep 17 00:00:00 2001
|
||||||
From: Dan Walsh <dwalsh@redhat.com>
|
From: Dan Walsh <dwalsh@redhat.com>
|
||||||
Date: Mon, 21 Apr 2014 13:54:40 -0400
|
Date: Mon, 21 Apr 2014 13:54:40 -0400
|
||||||
Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
|
Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
|
||||||
@ -42,5 +42,5 @@ index 2f847abb87e2..dccd778ed4be 100755
|
|||||||
self.fd.write(r"""
|
self.fd.write(r"""
|
||||||
.I The following file types are defined for %(domainname)s:
|
.I The following file types are defined for %(domainname)s:
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 27d137d07e9e6a57a2a962aa9c7f37f48dbf960f Mon Sep 17 00:00:00 2001
|
From 8fafb8215dbd7affd299f7eb31a1677d7f367ee8 Mon Sep 17 00:00:00 2001
|
||||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
From: Miroslav Grepl <mgrepl@redhat.com>
|
||||||
Date: Mon, 12 May 2014 14:11:22 +0200
|
Date: Mon, 12 May 2014 14:11:22 +0200
|
||||||
Subject: [PATCH] If there is no executable we don't want to print a part of
|
Subject: [PATCH] If there is no executable we don't want to print a part of
|
||||||
@ -23,5 +23,5 @@ index dccd778ed4be..81333928d552 100755
|
|||||||
.B STANDARD FILE CONTEXT
|
.B STANDARD FILE CONTEXT
|
||||||
|
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From e39c09c55ed98490b2f73e6564abca93f36ee81c Mon Sep 17 00:00:00 2001
|
From 4492465658c7a81237cc753351b3c7bfe095e8f6 Mon Sep 17 00:00:00 2001
|
||||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
From: Miroslav Grepl <mgrepl@redhat.com>
|
||||||
Date: Thu, 19 Feb 2015 17:45:15 +0100
|
Date: Thu, 19 Feb 2015 17:45:15 +0100
|
||||||
Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
|
Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
|
||||||
@ -11,10 +11,10 @@ Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
|
|||||||
2 files changed, 13 insertions(+), 77 deletions(-)
|
2 files changed, 13 insertions(+), 77 deletions(-)
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
||||||
index e4540977d042..ad718797ca68 100644
|
index 7309875c7e27..37abc7b83a37 100644
|
||||||
--- a/python/sepolicy/sepolicy/__init__.py
|
--- a/python/sepolicy/sepolicy/__init__.py
|
||||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
+++ b/python/sepolicy/sepolicy/__init__.py
|
||||||
@@ -1208,27 +1208,14 @@ def boolean_desc(boolean):
|
@@ -1215,27 +1215,14 @@ def boolean_desc(boolean):
|
||||||
|
|
||||||
|
|
||||||
def get_os_version():
|
def get_os_version():
|
||||||
@ -165,5 +165,5 @@ index 81333928d552..dc3e5207c57c 100755
|
|||||||
if len(self.manpage_roles[letter]):
|
if len(self.manpage_roles[letter]):
|
||||||
fd.write("""
|
fd.write("""
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 5c45c9cc13529ba6cb840010a3feda31b7c0fe78 Mon Sep 17 00:00:00 2001
|
From 18d06e7f84adad94efe1823a2fdccf62b04bf396 Mon Sep 17 00:00:00 2001
|
||||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
From: Miroslav Grepl <mgrepl@redhat.com>
|
||||||
Date: Fri, 20 Feb 2015 16:42:01 +0100
|
Date: Fri, 20 Feb 2015 16:42:01 +0100
|
||||||
Subject: [PATCH] We want to remove the trailing newline for
|
Subject: [PATCH] We want to remove the trailing newline for
|
||||||
@ -9,10 +9,10 @@ Subject: [PATCH] We want to remove the trailing newline for
|
|||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
||||||
index ad718797ca68..ea05d892bf3b 100644
|
index 37abc7b83a37..481c5d86232f 100644
|
||||||
--- a/python/sepolicy/sepolicy/__init__.py
|
--- a/python/sepolicy/sepolicy/__init__.py
|
||||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
+++ b/python/sepolicy/sepolicy/__init__.py
|
||||||
@@ -1211,7 +1211,7 @@ def get_os_version():
|
@@ -1218,7 +1218,7 @@ def get_os_version():
|
||||||
system_release = ""
|
system_release = ""
|
||||||
try:
|
try:
|
||||||
with open('/etc/system-release') as f:
|
with open('/etc/system-release') as f:
|
||||||
@ -22,5 +22,5 @@ index ad718797ca68..ea05d892bf3b 100644
|
|||||||
system_release = "Misc"
|
system_release = "Misc"
|
||||||
|
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From b7cbbf2d25e2321b9af64db908947877771af257 Mon Sep 17 00:00:00 2001
|
From ddf7238fa3579a64145ed092b3a023d60cd2847c Mon Sep 17 00:00:00 2001
|
||||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
From: Miroslav Grepl <mgrepl@redhat.com>
|
||||||
Date: Fri, 20 Feb 2015 16:42:53 +0100
|
Date: Fri, 20 Feb 2015 16:42:53 +0100
|
||||||
Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
|
Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
|
||||||
@ -21,5 +21,5 @@ index dc3e5207c57c..6420ebe2e08e 100755
|
|||||||
<body>
|
<body>
|
||||||
<h1>SELinux man pages for %s</h1>
|
<h1>SELinux man pages for %s</h1>
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From fb167fc5660dbc83cd516579d73507b0969b5544 Mon Sep 17 00:00:00 2001
|
From fb7fb754e2c4d8931a5834e34ef88dfaf764bb8f Mon Sep 17 00:00:00 2001
|
||||||
From: Dan Walsh <dwalsh@redhat.com>
|
From: Dan Walsh <dwalsh@redhat.com>
|
||||||
Date: Fri, 14 Feb 2014 12:32:12 -0500
|
Date: Fri, 14 Feb 2014 12:32:12 -0500
|
||||||
Subject: [PATCH] Don't be verbose if you are not on a tty
|
Subject: [PATCH] Don't be verbose if you are not on a tty
|
||||||
@ -8,7 +8,7 @@ Subject: [PATCH] Don't be verbose if you are not on a tty
|
|||||||
1 file changed, 1 insertion(+)
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
||||||
index 30dadb4f4cb6..e73bb81c3336 100755
|
index 6fb12e0451a9..cb20002ab613 100755
|
||||||
--- a/policycoreutils/scripts/fixfiles
|
--- a/policycoreutils/scripts/fixfiles
|
||||||
+++ b/policycoreutils/scripts/fixfiles
|
+++ b/policycoreutils/scripts/fixfiles
|
||||||
@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
|
@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
|
||||||
@ -20,5 +20,5 @@ index 30dadb4f4cb6..e73bb81c3336 100755
|
|||||||
RPMFILES=""
|
RPMFILES=""
|
||||||
PREFC=""
|
PREFC=""
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 0b37889f3032e4f456edad469786f72ad344ec8c Mon Sep 17 00:00:00 2001
|
From 7d68ca4cc7ab8bcdf65194a58b7db63914228494 Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Mon, 27 Feb 2017 17:12:39 +0100
|
Date: Mon, 27 Feb 2017 17:12:39 +0100
|
||||||
Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
|
Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
|
||||||
@ -59,5 +59,5 @@ index 6420ebe2e08e..d15522135288 100755
|
|||||||
if f in self.fcdict:
|
if f in self.fcdict:
|
||||||
mpaths = mpaths + self.fcdict[f]["regex"]
|
mpaths = mpaths + self.fcdict[f]["regex"]
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 268cd1b3a346db400eedb66db6a7d0aac192cd5e Mon Sep 17 00:00:00 2001
|
From 54d85eb009defdf93b24cf0131b88179490b56a2 Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Tue, 28 Feb 2017 21:29:46 +0100
|
Date: Tue, 28 Feb 2017 21:29:46 +0100
|
||||||
Subject: [PATCH] sepolicy: Another small optimization for mcs types
|
Subject: [PATCH] sepolicy: Another small optimization for mcs types
|
||||||
@ -49,5 +49,5 @@ index d15522135288..ffcedb547993 100755
|
|||||||
self.fd.write ("""
|
self.fd.write ("""
|
||||||
.SH "MCS Constrained"
|
.SH "MCS Constrained"
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 8ea45198560652813d2dad26e28a4220ed690afa Mon Sep 17 00:00:00 2001
|
From a8c4ac47f370e319c434fe1e6afcfae83d7390e9 Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Mon, 6 Aug 2018 13:23:00 +0200
|
Date: Mon, 6 Aug 2018 13:23:00 +0200
|
||||||
Subject: [PATCH] Move po/ translation files into the right sub-directories
|
Subject: [PATCH] Move po/ translation files into the right sub-directories
|
||||||
@ -511,5 +511,5 @@ index 000000000000..deff3f2f4656
|
|||||||
@@ -0,0 +1 @@
|
@@ -0,0 +1 @@
|
||||||
+../sandbox
|
+../sandbox
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 773adcbd26efe16b5738dcf40e9ec757101417d5 Mon Sep 17 00:00:00 2001
|
From ea70711fce9127c7dd3146bc8161086f97745d11 Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Mon, 6 Aug 2018 13:37:07 +0200
|
Date: Mon, 6 Aug 2018 13:37:07 +0200
|
||||||
Subject: [PATCH] Use correct gettext domains in python/ gui/ sandbox/
|
Subject: [PATCH] Use correct gettext domains in python/ gui/ sandbox/
|
||||||
@ -55,7 +55,7 @@ index bad5140d8c59..6bbe4de5884f 100644
|
|||||||
import gettext
|
import gettext
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
|
diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
|
||||||
index 370bbee40786..e424366da26f 100644
|
index d26aa1b405a9..52292cae01d2 100644
|
||||||
--- a/gui/fcontextPage.py
|
--- a/gui/fcontextPage.py
|
||||||
+++ b/gui/fcontextPage.py
|
+++ b/gui/fcontextPage.py
|
||||||
@@ -47,7 +47,7 @@ class context:
|
@@ -47,7 +47,7 @@ class context:
|
||||||
@ -185,7 +185,7 @@ index fdd2e46ee3f9..839ddd3b54b6 100755
|
|||||||
import gettext
|
import gettext
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
||||||
index 125271df5265..026502b537cb 100644
|
index 18a2710531ca..0980aecb6311 100644
|
||||||
--- a/python/semanage/semanage
|
--- a/python/semanage/semanage
|
||||||
+++ b/python/semanage/semanage
|
+++ b/python/semanage/semanage
|
||||||
@@ -30,7 +30,7 @@ import seobject
|
@@ -30,7 +30,7 @@ import seobject
|
||||||
@ -237,7 +237,7 @@ index 7b2230651099..32956e58f52e 100755
|
|||||||
import gettext
|
import gettext
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
||||||
index ea05d892bf3b..9a9c2ae9f237 100644
|
index 481c5d86232f..df773a6b314e 100644
|
||||||
--- a/python/sepolicy/sepolicy/__init__.py
|
--- a/python/sepolicy/sepolicy/__init__.py
|
||||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
+++ b/python/sepolicy/sepolicy/__init__.py
|
||||||
@@ -13,7 +13,7 @@ import os
|
@@ -13,7 +13,7 @@ import os
|
||||||
@ -302,5 +302,5 @@ index ca5f1e030a51..16c43b51eaaa 100644
|
|||||||
import gettext
|
import gettext
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From cfa051df61b1901f5e1012877965b632d287d5a7 Mon Sep 17 00:00:00 2001
|
From b30964691f11946791c0b852c1b7eebf59a6dcf6 Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Mon, 6 Aug 2018 14:23:19 +0200
|
Date: Mon, 6 Aug 2018 14:23:19 +0200
|
||||||
Subject: [PATCH] Initial .pot files for gui/ python/ sandbox/
|
Subject: [PATCH] Initial .pot files for gui/ python/ sandbox/
|
||||||
@ -4528,5 +4528,5 @@ index 000000000000..328b4f0159d3
|
|||||||
+msgid "Invalid value %s"
|
+msgid "Invalid value %s"
|
||||||
+msgstr ""
|
+msgstr ""
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From b34090e94f28bd04306630055a0c95d6da796660 Mon Sep 17 00:00:00 2001
|
From 4ee71fa678b4a9ce85d2ec2f9ebf561c8c183124 Mon Sep 17 00:00:00 2001
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
From: Vit Mojzis <vmojzis@redhat.com>
|
||||||
Date: Wed, 21 Mar 2018 08:51:31 +0100
|
Date: Wed, 21 Mar 2018 08:51:31 +0100
|
||||||
Subject: [PATCH] policycoreutils/setfiles: Improve description of -d switch
|
Subject: [PATCH] policycoreutils/setfiles: Improve description of -d switch
|
||||||
@ -26,5 +26,5 @@ index 4d28bc9a95c1..8e6c4ab94841 100644
|
|||||||
.BI \-e \ directory
|
.BI \-e \ directory
|
||||||
directory to exclude (repeat option for more than one directory).
|
directory to exclude (repeat option for more than one directory).
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 649f11933105597d23cf4c4abc3a895fd0ae1f3e Mon Sep 17 00:00:00 2001
|
From c0137252dd3ce52f006162d7b1cb4677c45bea21 Mon Sep 17 00:00:00 2001
|
||||||
From: Masatake YAMATO <yamato@redhat.com>
|
From: Masatake YAMATO <yamato@redhat.com>
|
||||||
Date: Thu, 14 Dec 2017 15:57:58 +0900
|
Date: Thu, 14 Dec 2017 15:57:58 +0900
|
||||||
Subject: [PATCH] sepolicy-generate: Handle more reserved port types
|
Subject: [PATCH] sepolicy-generate: Handle more reserved port types
|
||||||
@ -67,5 +67,5 @@ index 43180ca6fda4..d60a08e1d72c 100644
|
|||||||
dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
|
dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
|
||||||
return dict
|
return dict
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From e6821b5aa7f631efaceffd8de130f83c56a5c81a Mon Sep 17 00:00:00 2001
|
From d6476f30ddaf384ed7f563ca4ad31cbfc7ad6bbd Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Thu, 8 Nov 2018 09:20:58 +0100
|
Date: Thu, 8 Nov 2018 09:20:58 +0100
|
||||||
Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
|
Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
|
||||||
@ -20,5 +20,5 @@ index 3515234e36de..7b75b3fd9bb4 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From df67934eb3bf24e38b11278b06db816a069fab3f Mon Sep 17 00:00:00 2001
|
From d61a3517017921d6b6f4618e1de0c4f4a33fe951 Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Wed, 18 Jul 2018 09:09:35 +0200
|
Date: Wed, 18 Jul 2018 09:09:35 +0200
|
||||||
Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
|
Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
|
||||||
@ -70,5 +70,5 @@ index 4774528027ef..c211ebc14549 100644
|
|||||||
export DISPLAY=:$D
|
export DISPLAY=:$D
|
||||||
cat > ~/seremote << __EOF
|
cat > ~/seremote << __EOF
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From a7e9864865f3f72f51d943ff5bf684638cc7e921 Mon Sep 17 00:00:00 2001
|
From 257d7d95f541bd4b85c518562278cdc4f928f8af Mon Sep 17 00:00:00 2001
|
||||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
Date: Tue, 28 Jul 2020 14:37:13 +0200
|
Date: Tue, 28 Jul 2020 14:37:13 +0200
|
||||||
Subject: [PATCH] sepolicy: Fix flake8 warnings in Fedora-only code
|
Subject: [PATCH] sepolicy: Fix flake8 warnings in Fedora-only code
|
||||||
@ -42,5 +42,5 @@ index ffcedb547993..c013c0d48502 100755
|
|||||||
.B STANDARD FILE CONTEXT
|
.B STANDARD FILE CONTEXT
|
||||||
|
|
||||||
--
|
--
|
||||||
2.30.0
|
2.32.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 02fd46cee210fc693ddf985d7d03674397f8342f Mon Sep 17 00:00:00 2001
|
From 10a970733c5b31c237abd7357421384597fe0510 Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Thu, 15 Apr 2021 17:39:39 +0200
|
Date: Thu, 15 Apr 2021 17:39:39 +0200
|
||||||
Subject: [PATCH] Do not use Python slip
|
Subject: [PATCH] Do not use Python slip
|
||||||
@ -213,5 +213,5 @@ index 76b259ae27e8..39b53d47753a 100644
|
|||||||
ret = self.dbus_object.change_default_policy(value, dbus_interface="org.selinux")
|
ret = self.dbus_object.change_default_policy(value, dbus_interface="org.selinux")
|
||||||
return ret
|
return ret
|
||||||
--
|
--
|
||||||
2.31.1
|
2.32.0
|
||||||
|
|
@ -1,10 +1,12 @@
|
|||||||
From 30b9e992819a2c94434a0a30d5ce96e642c84d20 Mon Sep 17 00:00:00 2001
|
From 86be303a7c5ed5057d0357a85e27cdb6885122fe Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Wed, 12 May 2021 19:19:29 +0200
|
Date: Wed, 12 May 2021 19:19:29 +0200
|
||||||
Subject: [PATCH] dbus: Use GLib.MainLoop()
|
Subject: [PATCH] dbus: Use GLib.MainLoop()
|
||||||
|
|
||||||
Fixes:
|
Fixes:
|
||||||
PyGIDeprecationWarning: GObject.MainLoop is deprecated; use GLib.MainLoop instead
|
PyGIDeprecationWarning: GObject.MainLoop is deprecated; use GLib.MainLoop instead
|
||||||
|
|
||||||
|
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||||
---
|
---
|
||||||
dbus/selinux_server.py | 10 ++++++----
|
dbus/selinux_server.py | 10 ++++++----
|
||||||
1 file changed, 6 insertions(+), 4 deletions(-)
|
1 file changed, 6 insertions(+), 4 deletions(-)
|
||||||
@ -39,5 +41,5 @@ index b7c9378bcb5d..a969f2268ceb 100644
|
|||||||
+ server = selinux_server(system_bus, "/org/selinux/object")
|
+ server = selinux_server(system_bus, "/org/selinux/object")
|
||||||
mainloop.run()
|
mainloop.run()
|
||||||
--
|
--
|
||||||
2.31.1
|
2.32.0
|
||||||
|
|
297
0026-Use-SHA-2-instead-of-SHA-1.patch
Normal file
297
0026-Use-SHA-2-instead-of-SHA-1.patch
Normal file
@ -0,0 +1,297 @@
|
|||||||
|
From 23337de69ad667d909964ba82f47f5166903ff50 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Date: Fri, 30 Jul 2021 14:14:37 +0200
|
||||||
|
Subject: [PATCH] Use SHA-2 instead of SHA-1
|
||||||
|
|
||||||
|
The use of SHA-1 in RHEL9 is deprecated
|
||||||
|
---
|
||||||
|
policycoreutils/setfiles/restorecon.8 | 10 +++++-----
|
||||||
|
policycoreutils/setfiles/restorecon_xattr.8 | 8 ++++----
|
||||||
|
policycoreutils/setfiles/restorecon_xattr.c | 12 ++++++------
|
||||||
|
policycoreutils/setfiles/ru/restorecon.8 | 8 ++++----
|
||||||
|
policycoreutils/setfiles/ru/restorecon_xattr.8 | 10 +++++-----
|
||||||
|
policycoreutils/setfiles/ru/setfiles.8 | 8 ++++----
|
||||||
|
policycoreutils/setfiles/setfiles.8 | 10 +++++-----
|
||||||
|
7 files changed, 33 insertions(+), 33 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
|
||||||
|
index 668486f66113..a8900f02b3f3 100644
|
||||||
|
--- a/policycoreutils/setfiles/restorecon.8
|
||||||
|
+++ b/policycoreutils/setfiles/restorecon.8
|
||||||
|
@@ -93,14 +93,14 @@ display usage information and exit.
|
||||||
|
ignore files that do not exist.
|
||||||
|
.TP
|
||||||
|
.B \-I
|
||||||
|
-ignore digest to force checking of labels even if the stored SHA1 digest
|
||||||
|
-matches the specfiles SHA1 digest. The digest will then be updated provided
|
||||||
|
+ignore digest to force checking of labels even if the stored SHA256 digest
|
||||||
|
+matches the specfiles SHA256 digest. The digest will then be updated provided
|
||||||
|
there are no errors. See the
|
||||||
|
.B NOTES
|
||||||
|
section for further details.
|
||||||
|
.TP
|
||||||
|
.B \-D
|
||||||
|
-Set or update any directory SHA1 digests. Use this option to
|
||||||
|
+Set or update any directory SHA256 digests. Use this option to
|
||||||
|
enable usage of the
|
||||||
|
.IR security.sehash
|
||||||
|
extended attribute.
|
||||||
|
@@ -191,7 +191,7 @@ the
|
||||||
|
.B \-D
|
||||||
|
option to
|
||||||
|
.B restorecon
|
||||||
|
-will cause it to store a SHA1 digest of the default specfiles set in an extended
|
||||||
|
+will cause it to store a SHA256 digest of the default specfiles set in an extended
|
||||||
|
attribute named
|
||||||
|
.IR security.sehash
|
||||||
|
on each directory specified in
|
||||||
|
@@ -208,7 +208,7 @@ for further details.
|
||||||
|
.sp
|
||||||
|
The
|
||||||
|
.B \-I
|
||||||
|
-option will ignore the SHA1 digest from each directory specified in
|
||||||
|
+option will ignore the SHA256 digest from each directory specified in
|
||||||
|
.IR pathname \ ...
|
||||||
|
and provided the
|
||||||
|
.B \-n
|
||||||
|
diff --git a/policycoreutils/setfiles/restorecon_xattr.8 b/policycoreutils/setfiles/restorecon_xattr.8
|
||||||
|
index e04528e60824..4b1ce304d995 100644
|
||||||
|
--- a/policycoreutils/setfiles/restorecon_xattr.8
|
||||||
|
+++ b/policycoreutils/setfiles/restorecon_xattr.8
|
||||||
|
@@ -23,7 +23,7 @@ or
|
||||||
|
|
||||||
|
.SH "DESCRIPTION"
|
||||||
|
.B restorecon_xattr
|
||||||
|
-will display the SHA1 digests added to extended attributes
|
||||||
|
+will display the SHA256 digests added to extended attributes
|
||||||
|
.I security.sehash
|
||||||
|
or delete the attribute completely. These attributes are set by
|
||||||
|
.BR restorecon (8)
|
||||||
|
@@ -48,12 +48,12 @@ extended attribute and are automatically excluded from searches.
|
||||||
|
.sp
|
||||||
|
By default
|
||||||
|
.B restorecon_xattr
|
||||||
|
-will display the SHA1 digests with "Match" appended if they match the default
|
||||||
|
+will display the SHA256 digests with "Match" appended if they match the default
|
||||||
|
specfile set or the
|
||||||
|
.I specfile
|
||||||
|
set used with the
|
||||||
|
.B \-f
|
||||||
|
-option. Non-matching SHA1 digests will be displayed with "No Match" appended.
|
||||||
|
+option. Non-matching SHA256 digests will be displayed with "No Match" appended.
|
||||||
|
This feature can be disabled by the
|
||||||
|
.B \-n
|
||||||
|
option.
|
||||||
|
@@ -87,7 +87,7 @@ Do not append "Match" or "No Match" to displayed digests.
|
||||||
|
recursively descend directories.
|
||||||
|
.TP
|
||||||
|
.B \-v
|
||||||
|
-display SHA1 digest generated by specfile set (Note that this digest is not
|
||||||
|
+display SHA256 digest generated by specfile set (Note that this digest is not
|
||||||
|
used to match the
|
||||||
|
.I security.sehash
|
||||||
|
directory digest entries, and is shown for reference only).
|
||||||
|
diff --git a/policycoreutils/setfiles/restorecon_xattr.c b/policycoreutils/setfiles/restorecon_xattr.c
|
||||||
|
index 31fb82fd2099..bc22d3fd4560 100644
|
||||||
|
--- a/policycoreutils/setfiles/restorecon_xattr.c
|
||||||
|
+++ b/policycoreutils/setfiles/restorecon_xattr.c
|
||||||
|
@@ -38,7 +38,7 @@ int main(int argc, char **argv)
|
||||||
|
unsigned int xattr_flags = 0, delete_digest = 0, recurse = 0;
|
||||||
|
unsigned int delete_all_digests = 0, ignore_mounts = 0;
|
||||||
|
bool display_digest = false;
|
||||||
|
- char *sha1_buf, **specfiles, *fc_file = NULL, *pathname = NULL;
|
||||||
|
+ char *sha256_buf, **specfiles, *fc_file = NULL, *pathname = NULL;
|
||||||
|
unsigned char *fc_digest = NULL;
|
||||||
|
size_t i, fc_digest_len = 0, num_specfiles;
|
||||||
|
|
||||||
|
@@ -133,8 +133,8 @@ int main(int argc, char **argv)
|
||||||
|
exit(-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
- sha1_buf = malloc(fc_digest_len * 2 + 1);
|
||||||
|
- if (!sha1_buf) {
|
||||||
|
+ sha256_buf = malloc(fc_digest_len * 2 + 1);
|
||||||
|
+ if (!sha256_buf) {
|
||||||
|
fprintf(stderr,
|
||||||
|
"Error allocating digest buffer: %s\n",
|
||||||
|
strerror(errno));
|
||||||
|
@@ -143,16 +143,16 @@ int main(int argc, char **argv)
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i = 0; i < fc_digest_len; i++)
|
||||||
|
- sprintf((&sha1_buf[i * 2]), "%02x", fc_digest[i]);
|
||||||
|
+ sprintf((&sha256_buf[i * 2]), "%02x", fc_digest[i]);
|
||||||
|
|
||||||
|
- printf("specfiles SHA1 digest: %s\n", sha1_buf);
|
||||||
|
+ printf("specfiles SHA256 digest: %s\n", sha256_buf);
|
||||||
|
|
||||||
|
printf("calculated using the following specfile(s):\n");
|
||||||
|
if (specfiles) {
|
||||||
|
for (i = 0; i < num_specfiles; i++)
|
||||||
|
printf("%s\n", specfiles[i]);
|
||||||
|
}
|
||||||
|
- free(sha1_buf);
|
||||||
|
+ free(sha256_buf);
|
||||||
|
printf("\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/setfiles/ru/restorecon.8 b/policycoreutils/setfiles/ru/restorecon.8
|
||||||
|
index 9be3a63db356..745135020f4b 100644
|
||||||
|
--- a/policycoreutils/setfiles/ru/restorecon.8
|
||||||
|
+++ b/policycoreutils/setfiles/ru/restorecon.8
|
||||||
|
@@ -82,11 +82,11 @@ restorecon \- восстановить SELinux-контексты безопас
|
||||||
|
игнорировать файлы, которые не существуют.
|
||||||
|
.TP
|
||||||
|
.B \-I
|
||||||
|
-игнорировать дайджест, чтобы принудительно проверить метки, даже если хранимый дайджест SHA1 соответствует дайджесту SHA1 файлов спецификации. Затем (при условии отсутствия ошибок) дайджест будет обновлён. Более подробные сведения доступны в разделе
|
||||||
|
+игнорировать дайджест, чтобы принудительно проверить метки, даже если хранимый дайджест SHA256 соответствует дайджесту SHA256 файлов спецификации. Затем (при условии отсутствия ошибок) дайджест будет обновлён. Более подробные сведения доступны в разделе
|
||||||
|
.B ПРИМЕЧАНИЯ.
|
||||||
|
.TP
|
||||||
|
.B \-D
|
||||||
|
-установить или обновить дайджесты SHA1 для любых каталогов. Используйте этот параметр, чтобы включить использование расширенного атрибута
|
||||||
|
+установить или обновить дайджесты SHA256 для любых каталогов. Используйте этот параметр, чтобы включить использование расширенного атрибута
|
||||||
|
.IR security.restorecon_last.
|
||||||
|
.TP
|
||||||
|
.B \-m
|
||||||
|
@@ -159,7 +159,7 @@ GNU
|
||||||
|
.B \-D
|
||||||
|
команды
|
||||||
|
.B restorecon
|
||||||
|
-обеспечит сохранение дайджеста SHA1 файлов спецификации по умолчанию в расширенном атрибуте с именем
|
||||||
|
+обеспечит сохранение дайджеста SHA256 файлов спецификации по умолчанию в расширенном атрибуте с именем
|
||||||
|
.IR security.restorecon_last
|
||||||
|
для каталогов, указанных в соответствующих путях
|
||||||
|
.IR pathname \ ...
|
||||||
|
@@ -173,7 +173,7 @@ GNU
|
||||||
|
.sp
|
||||||
|
Параметр
|
||||||
|
.B \-I
|
||||||
|
-позволяет игнорировать дайджест SHA1 из каждого каталога, указанного в
|
||||||
|
+позволяет игнорировать дайджест SHA256 из каждого каталога, указанного в
|
||||||
|
.IR pathname \ ...
|
||||||
|
, и, при условии, что НЕ установлен параметр
|
||||||
|
.B \-n
|
||||||
|
diff --git a/policycoreutils/setfiles/ru/restorecon_xattr.8 b/policycoreutils/setfiles/ru/restorecon_xattr.8
|
||||||
|
index 41c441b8c5c2..25c4c3033334 100644
|
||||||
|
--- a/policycoreutils/setfiles/ru/restorecon_xattr.8
|
||||||
|
+++ b/policycoreutils/setfiles/ru/restorecon_xattr.8
|
||||||
|
@@ -23,7 +23,7 @@ restorecon_xattr \- управление записями расширенных
|
||||||
|
|
||||||
|
.SH "ОПИСАНИЕ"
|
||||||
|
.B restorecon_xattr
|
||||||
|
-покажет дайджесты SHA1, добавленные в расширенные атрибуты
|
||||||
|
+покажет дайджесты SHA256, добавленные в расширенные атрибуты
|
||||||
|
.I security.restorecon_last,
|
||||||
|
или полностью удалит эти атрибуты. Эти атрибуты устанавливаются командой
|
||||||
|
.BR restorecon (8)
|
||||||
|
@@ -47,11 +47,11 @@ restorecon_xattr \- управление записями расширенных
|
||||||
|
.sp
|
||||||
|
По умолчанию
|
||||||
|
.B restorecon_xattr
|
||||||
|
-показывает дайджесты SHA1, добавляя в конце "Match", если они соответствуют установленному по умолчанию файлу спецификации или файлу спецификации
|
||||||
|
+показывает дайджесты SHA256, добавляя в конце "Match", если они соответствуют установленному по умолчанию файлу спецификации или файлу спецификации
|
||||||
|
.I specfile,
|
||||||
|
который установлен с помощью параметра
|
||||||
|
.B \-f.
|
||||||
|
-Несоответствующие дайджесты SHA1 будут показаны с добавлением "No Match" в конце.
|
||||||
|
+Несоответствующие дайджесты SHA256 будут показаны с добавлением "No Match" в конце.
|
||||||
|
Эту возможность можно отключить с помощью параметра
|
||||||
|
.B \-n.
|
||||||
|
|
||||||
|
@@ -81,7 +81,7 @@ restorecon_xattr \- управление записями расширенных
|
||||||
|
рекурсивно спускаться по каталогам.
|
||||||
|
.TP
|
||||||
|
.B \-v
|
||||||
|
-показать дайджест SHA1, созданный установленным файлом спецификации.
|
||||||
|
+показать дайджест SHA256, созданный установленным файлом спецификации.
|
||||||
|
.TP
|
||||||
|
.B \-e
|
||||||
|
.I directory
|
||||||
|
@@ -97,7 +97,7 @@ restorecon_xattr \- управление записями расширенных
|
||||||
|
.BR file_contexts (5).
|
||||||
|
Он будет использоваться
|
||||||
|
.BR selabel_open (3)
|
||||||
|
-для получения набора записей меток; получение дайджеста SHA1 выполняется с помощью
|
||||||
|
+для получения набора записей меток; получение дайджеста SHA256 выполняется с помощью
|
||||||
|
.BR selabel_digest (3).
|
||||||
|
Если этот параметр не указан, будет использоваться файл file_contexts по умолчанию.
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/setfiles/ru/setfiles.8 b/policycoreutils/setfiles/ru/setfiles.8
|
||||||
|
index 910101452625..7f2daa09191b 100644
|
||||||
|
--- a/policycoreutils/setfiles/ru/setfiles.8
|
||||||
|
+++ b/policycoreutils/setfiles/ru/setfiles.8
|
||||||
|
@@ -69,11 +69,11 @@ setfiles \- установить SELinux-контексты безопаснос
|
||||||
|
игнорировать файлы, которые не существуют.
|
||||||
|
.TP
|
||||||
|
.B \-I
|
||||||
|
-игнорировать дайджест, чтобы принудительно проверить метки, даже если хранимый дайджест SHA1 соответствует дайджесту SHA1 файлов спецификации. Затем (при условии отсутствия ошибок) дайджест будет обновлён. Более подробные сведения доступны в разделе
|
||||||
|
+игнорировать дайджест, чтобы принудительно проверить метки, даже если хранимый дайджест SHA256 соответствует дайджесту SHA256 файлов спецификации. Затем (при условии отсутствия ошибок) дайджест будет обновлён. Более подробные сведения доступны в разделе
|
||||||
|
.B ПРИМЕЧАНИЯ.
|
||||||
|
.TP
|
||||||
|
.B \-D
|
||||||
|
-установить или обновить дайджесты SHA1 для любых каталогов. Используйте этот параметр, чтобы включить использование расширенного атрибута
|
||||||
|
+установить или обновить дайджесты SHA256 для любых каталогов. Используйте этот параметр, чтобы включить использование расширенного атрибута
|
||||||
|
.IR security.restorecon_last.
|
||||||
|
.TP
|
||||||
|
.B \-l
|
||||||
|
@@ -186,7 +186,7 @@ GNU
|
||||||
|
.B \-D
|
||||||
|
команды
|
||||||
|
.B setfiles .
|
||||||
|
-Он обеспечивает сохранение дайджеста SHA1 файла спецификации
|
||||||
|
+Он обеспечивает сохранение дайджеста SHA256 файла спецификации
|
||||||
|
.B spec_file
|
||||||
|
в расширенном атрибуте с именем
|
||||||
|
.IR security.restorecon_last
|
||||||
|
@@ -204,7 +204,7 @@ GNU
|
||||||
|
.sp
|
||||||
|
Параметр
|
||||||
|
.B \-I
|
||||||
|
-позволяет игнорировать дайджест SHA1 из каждого каталога, указанного в
|
||||||
|
+позволяет игнорировать дайджест SHA256 из каждого каталога, указанного в
|
||||||
|
.IR pathname \ ...
|
||||||
|
, и, при условии, что НЕ установлен параметр
|
||||||
|
.B \-n
|
||||||
|
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
|
||||||
|
index 8e6c4ab94841..0692121f2f4d 100644
|
||||||
|
--- a/policycoreutils/setfiles/setfiles.8
|
||||||
|
+++ b/policycoreutils/setfiles/setfiles.8
|
||||||
|
@@ -85,14 +85,14 @@ display usage information and exit.
|
||||||
|
ignore files that do not exist.
|
||||||
|
.TP
|
||||||
|
.B \-I
|
||||||
|
-ignore digest to force checking of labels even if the stored SHA1 digest
|
||||||
|
-matches the specfiles SHA1 digest. The digest will then be updated provided
|
||||||
|
+ignore digest to force checking of labels even if the stored SHA256 digest
|
||||||
|
+matches the specfiles SHA256 digest. The digest will then be updated provided
|
||||||
|
there are no errors. See the
|
||||||
|
.B NOTES
|
||||||
|
section for further details.
|
||||||
|
.TP
|
||||||
|
.B \-D
|
||||||
|
-Set or update any directory SHA1 digests. Use this option to
|
||||||
|
+Set or update any directory SHA256 digests. Use this option to
|
||||||
|
enable usage of the
|
||||||
|
.IR security.sehash
|
||||||
|
extended attribute.
|
||||||
|
@@ -230,7 +230,7 @@ the
|
||||||
|
.B \-D
|
||||||
|
option to
|
||||||
|
.B setfiles
|
||||||
|
-will cause it to store a SHA1 digest of the
|
||||||
|
+will cause it to store a SHA256 digest of the
|
||||||
|
.B spec_file
|
||||||
|
set in an extended attribute named
|
||||||
|
.IR security.sehash
|
||||||
|
@@ -251,7 +251,7 @@ for further details.
|
||||||
|
.sp
|
||||||
|
The
|
||||||
|
.B \-I
|
||||||
|
-option will ignore the SHA1 digest from each directory specified in
|
||||||
|
+option will ignore the SHA256 digest from each directory specified in
|
||||||
|
.IR pathname \ ...
|
||||||
|
and provided the
|
||||||
|
.B \-n
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
56
0027-python-sepolicy-Fix-COPY_PASTE_ERROR-CWE-398.patch
Normal file
56
0027-python-sepolicy-Fix-COPY_PASTE_ERROR-CWE-398.patch
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
From d39dacc352feb35c89b41225e142dd08e932c0c0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Date: Fri, 30 Jul 2021 13:48:18 +0200
|
||||||
|
Subject: [PATCH] python/sepolicy: Fix COPY_PASTE_ERROR (CWE-398)
|
||||||
|
|
||||||
|
Fixes:
|
||||||
|
Error: COPY_PASTE_ERROR (CWE-398): [#def3]
|
||||||
|
selinux/python/sepolicy/sepolicy/__init__.py:1032: original: ""_key_t"" looks like the original copy.
|
||||||
|
selinux/python/sepolicy/sepolicy/__init__.py:1035: copy_paste_error: ""_key_t"" looks like a copy-paste error.
|
||||||
|
selinux/python/sepolicy/sepolicy/__init__.py:1035: remediation: Should it say ""_secret_t"" instead?
|
||||||
|
# 1033|
|
||||||
|
# 1034| if f.endswith("_secret_t"):
|
||||||
|
# 1035|-> return txt + "treat the files as %s secret data." % prettyprint(f, "_key_t")
|
||||||
|
# 1036|
|
||||||
|
# 1037| if f.endswith("_ra_t"):
|
||||||
|
|
||||||
|
Error: COPY_PASTE_ERROR (CWE-398): [#def4]
|
||||||
|
selinux/python/sepolicy/sepolicy/__init__.py:1065: original: ""_tmp_t"" looks like the original copy.
|
||||||
|
selinux/python/sepolicy/sepolicy/__init__.py:1067: copy_paste_error: ""_tmp_t"" looks like a copy-paste error.
|
||||||
|
selinux/python/sepolicy/sepolicy/__init__.py:1067: remediation: Should it say ""_etc_t"" instead?
|
||||||
|
# 1065| return txt + "store %s temporary files in the /tmp directories." % prettyprint(f, "_tmp_t")
|
||||||
|
# 1066| if f.endswith("_etc_t"):
|
||||||
|
# 1067|-> return txt + "store %s files in the /etc directories." % prettyprint(f, "_tmp_t")
|
||||||
|
# 1068| if f.endswith("_home_t"):
|
||||||
|
# 1069| return txt + "store %s files in the users home directory." % prettyprint(f, "_home_t")
|
||||||
|
|
||||||
|
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
---
|
||||||
|
python/sepolicy/sepolicy/__init__.py | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
||||||
|
index df773a6b314e..6b6160a449df 100644
|
||||||
|
--- a/python/sepolicy/sepolicy/__init__.py
|
||||||
|
+++ b/python/sepolicy/sepolicy/__init__.py
|
||||||
|
@@ -1039,7 +1039,7 @@ def get_description(f, markup=markup):
|
||||||
|
return txt + "treat the files as %s key data." % prettyprint(f, "_key_t")
|
||||||
|
|
||||||
|
if f.endswith("_secret_t"):
|
||||||
|
- return txt + "treat the files as %s secret data." % prettyprint(f, "_key_t")
|
||||||
|
+ return txt + "treat the files as %s secret data." % prettyprint(f, "_secret_t")
|
||||||
|
|
||||||
|
if f.endswith("_ra_t"):
|
||||||
|
return txt + "treat the files as %s read/append content." % prettyprint(f, "_ra_t")
|
||||||
|
@@ -1071,7 +1071,7 @@ def get_description(f, markup=markup):
|
||||||
|
if f.endswith("_tmp_t"):
|
||||||
|
return txt + "store %s temporary files in the /tmp directories." % prettyprint(f, "_tmp_t")
|
||||||
|
if f.endswith("_etc_t"):
|
||||||
|
- return txt + "store %s files in the /etc directories." % prettyprint(f, "_tmp_t")
|
||||||
|
+ return txt + "store %s files in the /etc directories." % prettyprint(f, "_etc_t")
|
||||||
|
if f.endswith("_home_t"):
|
||||||
|
return txt + "store %s files in the users home directory." % prettyprint(f, "_home_t")
|
||||||
|
if f.endswith("_tmpfs_t"):
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
%global libauditver 3.0
|
%global libauditver 3.0
|
||||||
%global libsepolver 3.2-1
|
%global libsepolver 3.2-3
|
||||||
%global libsemanagever 3.2-1
|
%global libsemanagever 3.2-3
|
||||||
%global libselinuxver 3.2-1
|
%global libselinuxver 3.2-5
|
||||||
|
|
||||||
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
||||||
|
|
||||||
@ -11,7 +11,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 3.2
|
Version: 3.2
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.2/selinux-3.2.tar.gz
|
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.2/selinux-3.2.tar.gz
|
||||||
@ -31,27 +31,33 @@ Source23: sandbox-po.tgz
|
|||||||
# $ git format-patch -N 3.2 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
|
# $ git format-patch -N 3.2 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
|
||||||
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
|
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
|
||||||
# Patch list start
|
# Patch list start
|
||||||
Patch0001: 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
|
Patch0001: 0001-policycoreutils-setfiles-do-not-create-useless-setfi.patch
|
||||||
Patch0002: 0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
|
Patch0002: 0002-fixfiles-do-not-exclude-dev-and-run-in-C-mode.patch
|
||||||
Patch0003: 0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
|
Patch0003: 0003-policycoreutils-silence-Wextra-semi-stmt-warning.patch
|
||||||
Patch0004: 0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch
|
Patch0004: 0004-policycoreutils-free-memory-on-lstat-failure-in-sest.patch
|
||||||
Patch0005: 0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
|
Patch0005: 0005-policycoreutils-free-memory-of-allocated-context-in-.patch
|
||||||
Patch0006: 0006-Fix-title-in-manpage.py-to-not-contain-online.patch
|
Patch0006: 0006-policycoreutils-free-memory-of-allocated-context-in-.patch
|
||||||
Patch0007: 0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
|
Patch0007: 0007-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
|
||||||
Patch0008: 0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch
|
Patch0008: 0008-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
|
||||||
Patch0009: 0009-sepolicy-Another-small-optimization-for-mcs-types.patch
|
Patch0009: 0009-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
|
||||||
Patch0010: 0010-Move-po-translation-files-into-the-right-sub-directo.patch
|
Patch0010: 0010-Simplication-of-sepolicy-manpage-web-functionality.-.patch
|
||||||
Patch0011: 0011-Use-correct-gettext-domains-in-python-gui-sandbox.patch
|
Patch0011: 0011-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
|
||||||
Patch0012: 0012-Initial-.pot-files-for-gui-python-sandbox.patch
|
Patch0012: 0012-Fix-title-in-manpage.py-to-not-contain-online.patch
|
||||||
Patch0013: 0013-policycoreutils-setfiles-Improve-description-of-d-sw.patch
|
Patch0013: 0013-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
|
||||||
Patch0014: 0014-sepolicy-generate-Handle-more-reserved-port-types.patch
|
Patch0014: 0014-sepolicy-Drop-old-interface-file_type_is_executable-.patch
|
||||||
Patch0015: 0015-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
|
Patch0015: 0015-sepolicy-Another-small-optimization-for-mcs-types.patch
|
||||||
Patch0016: 0016-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
Patch0016: 0016-Move-po-translation-files-into-the-right-sub-directo.patch
|
||||||
Patch0017: 0017-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
|
Patch0017: 0017-Use-correct-gettext-domains-in-python-gui-sandbox.patch
|
||||||
Patch0018: 0018-Do-not-use-Python-slip.patch
|
Patch0018: 0018-Initial-.pot-files-for-gui-python-sandbox.patch
|
||||||
Patch0019: 0019-dbus-Use-GLib.MainLoop.patch
|
Patch0019: 0019-policycoreutils-setfiles-Improve-description-of-d-sw.patch
|
||||||
Patch0020: 0020-policycoreutils-setfiles-do-not-create-useless-setfi.patch
|
Patch0020: 0020-sepolicy-generate-Handle-more-reserved-port-types.patch
|
||||||
Patch0021: 0021-fixfiles-do-not-exclude-dev-and-run-in-C-mode.patch
|
Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
|
||||||
|
Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
||||||
|
Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
|
||||||
|
Patch0024: 0024-Do-not-use-Python-slip.patch
|
||||||
|
Patch0025: 0025-dbus-Use-GLib.MainLoop.patch
|
||||||
|
Patch0026: 0026-Use-SHA-2-instead-of-SHA-1.patch
|
||||||
|
Patch0027: 0027-python-sepolicy-Fix-COPY_PASTE_ERROR-CWE-398.patch
|
||||||
# Patch list end
|
# Patch list end
|
||||||
|
|
||||||
Obsoletes: policycoreutils < 2.0.61-2
|
Obsoletes: policycoreutils < 2.0.61-2
|
||||||
@ -514,6 +520,10 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%systemd_postun_with_restart restorecond.service
|
%systemd_postun_with_restart restorecond.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jul 30 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-5
|
||||||
|
- Use SHA-2 instead of SHA-1 (#1934964)
|
||||||
|
- Fix COPY_PASTE_ERROR (CWE-398)
|
||||||
|
|
||||||
* Thu May 13 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4
|
* Thu May 13 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4
|
||||||
- policycoreutils-dbus requires polkit
|
- policycoreutils-dbus requires polkit
|
||||||
- fixfiles: do not exclude /dev and /run in -C mode
|
- fixfiles: do not exclude /dev and /run in -C mode
|
||||||
|
Loading…
Reference in New Issue
Block a user