policycoreutils-3.2-5

- Use SHA-2 instead of SHA-1 (#1934964)
Resolves: rhbz#1977191

- Fix COPY_PASTE_ERROR (CWE-398)
Resolves: rhbz#1938843
This commit is contained in:
Petr Lautrbach 2021-07-30 14:20:20 +02:00
parent bb24785ce9
commit 0ce93abfc4
28 changed files with 597 additions and 78 deletions

View File

@ -1,4 +1,4 @@
From d36c5c43d17896ebd655f8bdc6e0303dcbf2f47b Mon Sep 17 00:00:00 2001 From 6cfebe787e258c4c62dbf2018d0a08bc8b70e445 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com> From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Fri, 19 Mar 2021 22:30:59 +0100 Date: Fri, 19 Mar 2021 22:30:59 +0100
Subject: [PATCH] policycoreutils/setfiles: do not create useless Subject: [PATCH] policycoreutils/setfiles: do not create useless
@ -63,5 +63,5 @@ index a3bbbe116b7f..63d818509791 100644
indent: indent:
../../scripts/Lindent $(wildcard *.[ch]) ../../scripts/Lindent $(wildcard *.[ch])
-- --
2.31.1 2.32.0

View File

@ -1,4 +1,4 @@
From 38d88fc70844b6f5b02883172af6df7bbd05de24 Mon Sep 17 00:00:00 2001 From 26a4c19ecff545324aa21eb0afbc3d10d3356313 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com> From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 1 Mar 2021 18:19:22 +0100 Date: Mon, 1 Mar 2021 18:19:22 +0100
Subject: [PATCH] fixfiles: do not exclude /dev and /run in -C mode Subject: [PATCH] fixfiles: do not exclude /dev and /run in -C mode
@ -24,10 +24,10 @@ Acked-by: Petr Lautrbach <plautrba@redhat.com>
1 file changed, 2 insertions(+), 2 deletions(-) 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index e73bb81c3336..cb20002ab613 100755 index 30dadb4f4cb6..6fb12e0451a9 100755
--- a/policycoreutils/scripts/fixfiles --- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles +++ b/policycoreutils/scripts/fixfiles
@@ -163,7 +163,7 @@ newer() { @@ -162,7 +162,7 @@ newer() {
# #
diff_filecontext() { diff_filecontext() {
EXCLUDEDIRS="`exclude_dirs_from_relabelling`" EXCLUDEDIRS="`exclude_dirs_from_relabelling`"
@ -36,7 +36,7 @@ index e73bb81c3336..cb20002ab613 100755
[ -e $i ] && EXCLUDEDIRS="${EXCLUDEDIRS} -e $i"; [ -e $i ] && EXCLUDEDIRS="${EXCLUDEDIRS} -e $i";
done done
LogExcluded LogExcluded
@@ -176,7 +176,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then @@ -175,7 +175,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
sed -r -e 's,:s0, ,g' $FC | sort -u | \ sed -r -e 's,:s0, ,g' $FC | sort -u | \
/usr/bin/diff -b ${PREFCTEMPFILE} - | \ /usr/bin/diff -b ${PREFCTEMPFILE} - | \
grep '^[<>]'|cut -c3-| grep ^/ | \ grep '^[<>]'|cut -c3-| grep ^/ | \
@ -46,5 +46,5 @@ index e73bb81c3336..cb20002ab613 100755
-e 's|\(([/[:alnum:]]+)\)\?|{\1,}|g' \ -e 's|\(([/[:alnum:]]+)\)\?|{\1,}|g' \
-e 's|([/[:alnum:]])\?|{\1,}|g' \ -e 's|([/[:alnum:]])\?|{\1,}|g' \
-- --
2.31.1 2.32.0

View File

@ -0,0 +1,49 @@
From e45bc870946ad3c984595a679df86b424f24d09d Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Sat, 3 Jul 2021 16:31:21 +0200
Subject: [PATCH] policycoreutils: silence -Wextra-semi-stmt warning
On Ubuntu 20.04, when building with clang -Werror -Wextra-semi-stmt
(which is not the default build configuration), the compiler reports:
secon.c:686:3: error: empty expression statement has no effect;
remove unnecessary ';' to silence this warning
[-Werror,-Wextra-semi-stmt]
};
^
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
policycoreutils/newrole/newrole.c | 2 +-
policycoreutils/secon/secon.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index 36e2ba9c25d9..0264531acef4 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -96,7 +96,7 @@
#define USAGE_STRING "USAGE: newrole [ -r role ] [ -t type ] [ -l level ] [ -p ] [ -V ] [ -- args ]"
#ifdef USE_PAM
-#define PAM_SERVICE_CONFIG "/etc/selinux/newrole_pam.conf";
+#define PAM_SERVICE_CONFIG "/etc/selinux/newrole_pam.conf"
#endif
#define DEFAULT_PATH "/usr/bin:/bin"
diff --git a/policycoreutils/secon/secon.c b/policycoreutils/secon/secon.c
index d257a9a1ca6c..a0957d0914e1 100644
--- a/policycoreutils/secon/secon.c
+++ b/policycoreutils/secon/secon.c
@@ -683,7 +683,7 @@ static void disp_con(const char *scon_raw)
color.range_bg = strtok(NULL, " ");
color.valid = 1;
- };
+ }
if (!(con = context_new(scon)))
errx(EXIT_FAILURE, "Couldn't create context from: %s", scon);
--
2.32.0

View File

@ -0,0 +1,33 @@
From d8b9bd5c2a90d6855478f05c8fb38bd5df2733a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 14 Jul 2021 20:13:41 +0200
Subject: [PATCH] policycoreutils: free memory on lstat failure in sestatus
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In case lstat(3) fails the memory is not free'd at the end of the for
loop, due to the control flow change by continue.
Found by scan-build.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
policycoreutils/sestatus/sestatus.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c
index b37f03533afd..ceee0d523f9a 100644
--- a/policycoreutils/sestatus/sestatus.c
+++ b/policycoreutils/sestatus/sestatus.c
@@ -461,6 +461,7 @@ int main(int argc, char **argv)
("%s (could not check link status (%s)!)\n",
context, strerror(errno));
freecon(context);
+ free(fc[i]);
continue;
}
if (S_ISLNK(m.st_mode)) {
--
2.32.0

View File

@ -0,0 +1,42 @@
From f0c354afc07419cfe4f61b72f604a648c995943e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 14 Jul 2021 20:13:42 +0200
Subject: [PATCH] policycoreutils: free memory of allocated context in run_init
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Found by scan-build.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
policycoreutils/run_init/run_init.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/policycoreutils/run_init/run_init.c b/policycoreutils/run_init/run_init.c
index 1c5eb68e7e73..545490a25918 100644
--- a/policycoreutils/run_init/run_init.c
+++ b/policycoreutils/run_init/run_init.c
@@ -406,14 +406,19 @@ int main(int argc, char *argv[])
if (chdir("/")) {
perror("chdir");
+ free(new_context);
exit(-1);
}
if (setexeccon(new_context) < 0) {
fprintf(stderr, _("Could not set exec context to %s.\n"),
new_context);
+ free(new_context);
exit(-1);
}
+
+ free(new_context);
+
if (access("/usr/sbin/open_init_pty", X_OK) != 0) {
if (execvp(argv[1], argv + 1)) {
perror("execvp");
--
2.32.0

View File

@ -0,0 +1,30 @@
From 32611aea6543e3a8f32635857e37b4332b0b5c99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 14 Jul 2021 20:13:43 +0200
Subject: [PATCH] policycoreutils: free memory of allocated context in newrole
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Found by scan-build.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
policycoreutils/newrole/newrole.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index 0264531acef4..7c1f062f5a2a 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -1239,6 +1239,7 @@ int main(int argc, char *argv[])
free(pw.pw_dir);
free(pw.pw_shell);
free(shell_argv0);
+ free(new_context);
return exit_code;
}
--
2.32.0

View File

@ -1,4 +1,4 @@
From 560cf8a87edbae33ed5320355890e11c4e1227f5 Mon Sep 17 00:00:00 2001 From 6f2adee92a62777aa1a7371a23b4cb08b9a8ac7e Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 20 Aug 2015 12:58:41 +0200 Date: Thu, 20 Aug 2015 12:58:41 +0200
Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
@ -22,5 +22,5 @@ index eaa500d08143..4774528027ef 100644
cat > ~/seremote << __EOF cat > ~/seremote << __EOF
#!/bin/sh #!/bin/sh
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From ba8c8a07d0ba68035acc9bd5340910588064f6f7 Mon Sep 17 00:00:00 2001 From 31e28c2217b5ac4c12d60c97d08f0c062f0fce37 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com> From: Dan Walsh <dwalsh@redhat.com>
Date: Mon, 21 Apr 2014 13:54:40 -0400 Date: Mon, 21 Apr 2014 13:54:40 -0400
Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
@ -42,5 +42,5 @@ index 2f847abb87e2..dccd778ed4be 100755
self.fd.write(r""" self.fd.write(r"""
.I The following file types are defined for %(domainname)s: .I The following file types are defined for %(domainname)s:
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From 27d137d07e9e6a57a2a962aa9c7f37f48dbf960f Mon Sep 17 00:00:00 2001 From 8fafb8215dbd7affd299f7eb31a1677d7f367ee8 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com> From: Miroslav Grepl <mgrepl@redhat.com>
Date: Mon, 12 May 2014 14:11:22 +0200 Date: Mon, 12 May 2014 14:11:22 +0200
Subject: [PATCH] If there is no executable we don't want to print a part of Subject: [PATCH] If there is no executable we don't want to print a part of
@ -23,5 +23,5 @@ index dccd778ed4be..81333928d552 100755
.B STANDARD FILE CONTEXT .B STANDARD FILE CONTEXT
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From e39c09c55ed98490b2f73e6564abca93f36ee81c Mon Sep 17 00:00:00 2001 From 4492465658c7a81237cc753351b3c7bfe095e8f6 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com> From: Miroslav Grepl <mgrepl@redhat.com>
Date: Thu, 19 Feb 2015 17:45:15 +0100 Date: Thu, 19 Feb 2015 17:45:15 +0100
Subject: [PATCH] Simplication of sepolicy-manpage web functionality. Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
@ -11,10 +11,10 @@ Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
2 files changed, 13 insertions(+), 77 deletions(-) 2 files changed, 13 insertions(+), 77 deletions(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index e4540977d042..ad718797ca68 100644 index 7309875c7e27..37abc7b83a37 100644
--- a/python/sepolicy/sepolicy/__init__.py --- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py +++ b/python/sepolicy/sepolicy/__init__.py
@@ -1208,27 +1208,14 @@ def boolean_desc(boolean): @@ -1215,27 +1215,14 @@ def boolean_desc(boolean):
def get_os_version(): def get_os_version():
@ -165,5 +165,5 @@ index 81333928d552..dc3e5207c57c 100755
if len(self.manpage_roles[letter]): if len(self.manpage_roles[letter]):
fd.write(""" fd.write("""
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From 5c45c9cc13529ba6cb840010a3feda31b7c0fe78 Mon Sep 17 00:00:00 2001 From 18d06e7f84adad94efe1823a2fdccf62b04bf396 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com> From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 20 Feb 2015 16:42:01 +0100 Date: Fri, 20 Feb 2015 16:42:01 +0100
Subject: [PATCH] We want to remove the trailing newline for Subject: [PATCH] We want to remove the trailing newline for
@ -9,10 +9,10 @@ Subject: [PATCH] We want to remove the trailing newline for
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index ad718797ca68..ea05d892bf3b 100644 index 37abc7b83a37..481c5d86232f 100644
--- a/python/sepolicy/sepolicy/__init__.py --- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py +++ b/python/sepolicy/sepolicy/__init__.py
@@ -1211,7 +1211,7 @@ def get_os_version(): @@ -1218,7 +1218,7 @@ def get_os_version():
system_release = "" system_release = ""
try: try:
with open('/etc/system-release') as f: with open('/etc/system-release') as f:
@ -22,5 +22,5 @@ index ad718797ca68..ea05d892bf3b 100644
system_release = "Misc" system_release = "Misc"
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From b7cbbf2d25e2321b9af64db908947877771af257 Mon Sep 17 00:00:00 2001 From ddf7238fa3579a64145ed092b3a023d60cd2847c Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com> From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 20 Feb 2015 16:42:53 +0100 Date: Fri, 20 Feb 2015 16:42:53 +0100
Subject: [PATCH] Fix title in manpage.py to not contain 'online'. Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
@ -21,5 +21,5 @@ index dc3e5207c57c..6420ebe2e08e 100755
<body> <body>
<h1>SELinux man pages for %s</h1> <h1>SELinux man pages for %s</h1>
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From fb167fc5660dbc83cd516579d73507b0969b5544 Mon Sep 17 00:00:00 2001 From fb7fb754e2c4d8931a5834e34ef88dfaf764bb8f Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com> From: Dan Walsh <dwalsh@redhat.com>
Date: Fri, 14 Feb 2014 12:32:12 -0500 Date: Fri, 14 Feb 2014 12:32:12 -0500
Subject: [PATCH] Don't be verbose if you are not on a tty Subject: [PATCH] Don't be verbose if you are not on a tty
@ -8,7 +8,7 @@ Subject: [PATCH] Don't be verbose if you are not on a tty
1 file changed, 1 insertion(+) 1 file changed, 1 insertion(+)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index 30dadb4f4cb6..e73bb81c3336 100755 index 6fb12e0451a9..cb20002ab613 100755
--- a/policycoreutils/scripts/fixfiles --- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles +++ b/policycoreutils/scripts/fixfiles
@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() { @@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
@ -20,5 +20,5 @@ index 30dadb4f4cb6..e73bb81c3336 100755
RPMFILES="" RPMFILES=""
PREFC="" PREFC=""
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From 0b37889f3032e4f456edad469786f72ad344ec8c Mon Sep 17 00:00:00 2001 From 7d68ca4cc7ab8bcdf65194a58b7db63914228494 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 27 Feb 2017 17:12:39 +0100 Date: Mon, 27 Feb 2017 17:12:39 +0100
Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
@ -59,5 +59,5 @@ index 6420ebe2e08e..d15522135288 100755
if f in self.fcdict: if f in self.fcdict:
mpaths = mpaths + self.fcdict[f]["regex"] mpaths = mpaths + self.fcdict[f]["regex"]
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From 268cd1b3a346db400eedb66db6a7d0aac192cd5e Mon Sep 17 00:00:00 2001 From 54d85eb009defdf93b24cf0131b88179490b56a2 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 28 Feb 2017 21:29:46 +0100 Date: Tue, 28 Feb 2017 21:29:46 +0100
Subject: [PATCH] sepolicy: Another small optimization for mcs types Subject: [PATCH] sepolicy: Another small optimization for mcs types
@ -49,5 +49,5 @@ index d15522135288..ffcedb547993 100755
self.fd.write (""" self.fd.write ("""
.SH "MCS Constrained" .SH "MCS Constrained"
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From 8ea45198560652813d2dad26e28a4220ed690afa Mon Sep 17 00:00:00 2001 From a8c4ac47f370e319c434fe1e6afcfae83d7390e9 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 6 Aug 2018 13:23:00 +0200 Date: Mon, 6 Aug 2018 13:23:00 +0200
Subject: [PATCH] Move po/ translation files into the right sub-directories Subject: [PATCH] Move po/ translation files into the right sub-directories
@ -511,5 +511,5 @@ index 000000000000..deff3f2f4656
@@ -0,0 +1 @@ @@ -0,0 +1 @@
+../sandbox +../sandbox
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From 773adcbd26efe16b5738dcf40e9ec757101417d5 Mon Sep 17 00:00:00 2001 From ea70711fce9127c7dd3146bc8161086f97745d11 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 6 Aug 2018 13:37:07 +0200 Date: Mon, 6 Aug 2018 13:37:07 +0200
Subject: [PATCH] Use correct gettext domains in python/ gui/ sandbox/ Subject: [PATCH] Use correct gettext domains in python/ gui/ sandbox/
@ -55,7 +55,7 @@ index bad5140d8c59..6bbe4de5884f 100644
import gettext import gettext
kwargs = {} kwargs = {}
diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
index 370bbee40786..e424366da26f 100644 index d26aa1b405a9..52292cae01d2 100644
--- a/gui/fcontextPage.py --- a/gui/fcontextPage.py
+++ b/gui/fcontextPage.py +++ b/gui/fcontextPage.py
@@ -47,7 +47,7 @@ class context: @@ -47,7 +47,7 @@ class context:
@ -185,7 +185,7 @@ index fdd2e46ee3f9..839ddd3b54b6 100755
import gettext import gettext
kwargs = {} kwargs = {}
diff --git a/python/semanage/semanage b/python/semanage/semanage diff --git a/python/semanage/semanage b/python/semanage/semanage
index 125271df5265..026502b537cb 100644 index 18a2710531ca..0980aecb6311 100644
--- a/python/semanage/semanage --- a/python/semanage/semanage
+++ b/python/semanage/semanage +++ b/python/semanage/semanage
@@ -30,7 +30,7 @@ import seobject @@ -30,7 +30,7 @@ import seobject
@ -237,7 +237,7 @@ index 7b2230651099..32956e58f52e 100755
import gettext import gettext
kwargs = {} kwargs = {}
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index ea05d892bf3b..9a9c2ae9f237 100644 index 481c5d86232f..df773a6b314e 100644
--- a/python/sepolicy/sepolicy/__init__.py --- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py +++ b/python/sepolicy/sepolicy/__init__.py
@@ -13,7 +13,7 @@ import os @@ -13,7 +13,7 @@ import os
@ -302,5 +302,5 @@ index ca5f1e030a51..16c43b51eaaa 100644
import gettext import gettext
kwargs = {} kwargs = {}
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From cfa051df61b1901f5e1012877965b632d287d5a7 Mon Sep 17 00:00:00 2001 From b30964691f11946791c0b852c1b7eebf59a6dcf6 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 6 Aug 2018 14:23:19 +0200 Date: Mon, 6 Aug 2018 14:23:19 +0200
Subject: [PATCH] Initial .pot files for gui/ python/ sandbox/ Subject: [PATCH] Initial .pot files for gui/ python/ sandbox/
@ -4528,5 +4528,5 @@ index 000000000000..328b4f0159d3
+msgid "Invalid value %s" +msgid "Invalid value %s"
+msgstr "" +msgstr ""
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From b34090e94f28bd04306630055a0c95d6da796660 Mon Sep 17 00:00:00 2001 From 4ee71fa678b4a9ce85d2ec2f9ebf561c8c183124 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com> From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 21 Mar 2018 08:51:31 +0100 Date: Wed, 21 Mar 2018 08:51:31 +0100
Subject: [PATCH] policycoreutils/setfiles: Improve description of -d switch Subject: [PATCH] policycoreutils/setfiles: Improve description of -d switch
@ -26,5 +26,5 @@ index 4d28bc9a95c1..8e6c4ab94841 100644
.BI \-e \ directory .BI \-e \ directory
directory to exclude (repeat option for more than one directory). directory to exclude (repeat option for more than one directory).
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From 649f11933105597d23cf4c4abc3a895fd0ae1f3e Mon Sep 17 00:00:00 2001 From c0137252dd3ce52f006162d7b1cb4677c45bea21 Mon Sep 17 00:00:00 2001
From: Masatake YAMATO <yamato@redhat.com> From: Masatake YAMATO <yamato@redhat.com>
Date: Thu, 14 Dec 2017 15:57:58 +0900 Date: Thu, 14 Dec 2017 15:57:58 +0900
Subject: [PATCH] sepolicy-generate: Handle more reserved port types Subject: [PATCH] sepolicy-generate: Handle more reserved port types
@ -67,5 +67,5 @@ index 43180ca6fda4..d60a08e1d72c 100644
dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range')) dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
return dict return dict
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From e6821b5aa7f631efaceffd8de130f83c56a5c81a Mon Sep 17 00:00:00 2001 From d6476f30ddaf384ed7f563ca4ad31cbfc7ad6bbd Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 8 Nov 2018 09:20:58 +0100 Date: Thu, 8 Nov 2018 09:20:58 +0100
Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
@ -20,5 +20,5 @@ index 3515234e36de..7b75b3fd9bb4 100644
} }
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From df67934eb3bf24e38b11278b06db816a069fab3f Mon Sep 17 00:00:00 2001 From d61a3517017921d6b6f4618e1de0c4f4a33fe951 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 18 Jul 2018 09:09:35 +0200 Date: Wed, 18 Jul 2018 09:09:35 +0200
Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
@ -70,5 +70,5 @@ index 4774528027ef..c211ebc14549 100644
export DISPLAY=:$D export DISPLAY=:$D
cat > ~/seremote << __EOF cat > ~/seremote << __EOF
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From a7e9864865f3f72f51d943ff5bf684638cc7e921 Mon Sep 17 00:00:00 2001 From 257d7d95f541bd4b85c518562278cdc4f928f8af Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com> From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Tue, 28 Jul 2020 14:37:13 +0200 Date: Tue, 28 Jul 2020 14:37:13 +0200
Subject: [PATCH] sepolicy: Fix flake8 warnings in Fedora-only code Subject: [PATCH] sepolicy: Fix flake8 warnings in Fedora-only code
@ -42,5 +42,5 @@ index ffcedb547993..c013c0d48502 100755
.B STANDARD FILE CONTEXT .B STANDARD FILE CONTEXT
-- --
2.30.0 2.32.0

View File

@ -1,4 +1,4 @@
From 02fd46cee210fc693ddf985d7d03674397f8342f Mon Sep 17 00:00:00 2001 From 10a970733c5b31c237abd7357421384597fe0510 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 15 Apr 2021 17:39:39 +0200 Date: Thu, 15 Apr 2021 17:39:39 +0200
Subject: [PATCH] Do not use Python slip Subject: [PATCH] Do not use Python slip
@ -213,5 +213,5 @@ index 76b259ae27e8..39b53d47753a 100644
ret = self.dbus_object.change_default_policy(value, dbus_interface="org.selinux") ret = self.dbus_object.change_default_policy(value, dbus_interface="org.selinux")
return ret return ret
-- --
2.31.1 2.32.0

View File

@ -1,10 +1,12 @@
From 30b9e992819a2c94434a0a30d5ce96e642c84d20 Mon Sep 17 00:00:00 2001 From 86be303a7c5ed5057d0357a85e27cdb6885122fe Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 12 May 2021 19:19:29 +0200 Date: Wed, 12 May 2021 19:19:29 +0200
Subject: [PATCH] dbus: Use GLib.MainLoop() Subject: [PATCH] dbus: Use GLib.MainLoop()
Fixes: Fixes:
PyGIDeprecationWarning: GObject.MainLoop is deprecated; use GLib.MainLoop instead PyGIDeprecationWarning: GObject.MainLoop is deprecated; use GLib.MainLoop instead
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
--- ---
dbus/selinux_server.py | 10 ++++++---- dbus/selinux_server.py | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-) 1 file changed, 6 insertions(+), 4 deletions(-)
@ -39,5 +41,5 @@ index b7c9378bcb5d..a969f2268ceb 100644
+ server = selinux_server(system_bus, "/org/selinux/object") + server = selinux_server(system_bus, "/org/selinux/object")
mainloop.run() mainloop.run()
-- --
2.31.1 2.32.0

View File

@ -0,0 +1,297 @@
From 23337de69ad667d909964ba82f47f5166903ff50 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Fri, 30 Jul 2021 14:14:37 +0200
Subject: [PATCH] Use SHA-2 instead of SHA-1
The use of SHA-1 in RHEL9 is deprecated
---
policycoreutils/setfiles/restorecon.8 | 10 +++++-----
policycoreutils/setfiles/restorecon_xattr.8 | 8 ++++----
policycoreutils/setfiles/restorecon_xattr.c | 12 ++++++------
policycoreutils/setfiles/ru/restorecon.8 | 8 ++++----
policycoreutils/setfiles/ru/restorecon_xattr.8 | 10 +++++-----
policycoreutils/setfiles/ru/setfiles.8 | 8 ++++----
policycoreutils/setfiles/setfiles.8 | 10 +++++-----
7 files changed, 33 insertions(+), 33 deletions(-)
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
index 668486f66113..a8900f02b3f3 100644
--- a/policycoreutils/setfiles/restorecon.8
+++ b/policycoreutils/setfiles/restorecon.8
@@ -93,14 +93,14 @@ display usage information and exit.
ignore files that do not exist.
.TP
.B \-I
-ignore digest to force checking of labels even if the stored SHA1 digest
-matches the specfiles SHA1 digest. The digest will then be updated provided
+ignore digest to force checking of labels even if the stored SHA256 digest
+matches the specfiles SHA256 digest. The digest will then be updated provided
there are no errors. See the
.B NOTES
section for further details.
.TP
.B \-D
-Set or update any directory SHA1 digests. Use this option to
+Set or update any directory SHA256 digests. Use this option to
enable usage of the
.IR security.sehash
extended attribute.
@@ -191,7 +191,7 @@ the
.B \-D
option to
.B restorecon
-will cause it to store a SHA1 digest of the default specfiles set in an extended
+will cause it to store a SHA256 digest of the default specfiles set in an extended
attribute named
.IR security.sehash
on each directory specified in
@@ -208,7 +208,7 @@ for further details.
.sp
The
.B \-I
-option will ignore the SHA1 digest from each directory specified in
+option will ignore the SHA256 digest from each directory specified in
.IR pathname \ ...
and provided the
.B \-n
diff --git a/policycoreutils/setfiles/restorecon_xattr.8 b/policycoreutils/setfiles/restorecon_xattr.8
index e04528e60824..4b1ce304d995 100644
--- a/policycoreutils/setfiles/restorecon_xattr.8
+++ b/policycoreutils/setfiles/restorecon_xattr.8
@@ -23,7 +23,7 @@ or
.SH "DESCRIPTION"
.B restorecon_xattr
-will display the SHA1 digests added to extended attributes
+will display the SHA256 digests added to extended attributes
.I security.sehash
or delete the attribute completely. These attributes are set by
.BR restorecon (8)
@@ -48,12 +48,12 @@ extended attribute and are automatically excluded from searches.
.sp
By default
.B restorecon_xattr
-will display the SHA1 digests with "Match" appended if they match the default
+will display the SHA256 digests with "Match" appended if they match the default
specfile set or the
.I specfile
set used with the
.B \-f
-option. Non-matching SHA1 digests will be displayed with "No Match" appended.
+option. Non-matching SHA256 digests will be displayed with "No Match" appended.
This feature can be disabled by the
.B \-n
option.
@@ -87,7 +87,7 @@ Do not append "Match" or "No Match" to displayed digests.
recursively descend directories.
.TP
.B \-v
-display SHA1 digest generated by specfile set (Note that this digest is not
+display SHA256 digest generated by specfile set (Note that this digest is not
used to match the
.I security.sehash
directory digest entries, and is shown for reference only).
diff --git a/policycoreutils/setfiles/restorecon_xattr.c b/policycoreutils/setfiles/restorecon_xattr.c
index 31fb82fd2099..bc22d3fd4560 100644
--- a/policycoreutils/setfiles/restorecon_xattr.c
+++ b/policycoreutils/setfiles/restorecon_xattr.c
@@ -38,7 +38,7 @@ int main(int argc, char **argv)
unsigned int xattr_flags = 0, delete_digest = 0, recurse = 0;
unsigned int delete_all_digests = 0, ignore_mounts = 0;
bool display_digest = false;
- char *sha1_buf, **specfiles, *fc_file = NULL, *pathname = NULL;
+ char *sha256_buf, **specfiles, *fc_file = NULL, *pathname = NULL;
unsigned char *fc_digest = NULL;
size_t i, fc_digest_len = 0, num_specfiles;
@@ -133,8 +133,8 @@ int main(int argc, char **argv)
exit(-1);
}
- sha1_buf = malloc(fc_digest_len * 2 + 1);
- if (!sha1_buf) {
+ sha256_buf = malloc(fc_digest_len * 2 + 1);
+ if (!sha256_buf) {
fprintf(stderr,
"Error allocating digest buffer: %s\n",
strerror(errno));
@@ -143,16 +143,16 @@ int main(int argc, char **argv)
}
for (i = 0; i < fc_digest_len; i++)
- sprintf((&sha1_buf[i * 2]), "%02x", fc_digest[i]);
+ sprintf((&sha256_buf[i * 2]), "%02x", fc_digest[i]);
- printf("specfiles SHA1 digest: %s\n", sha1_buf);
+ printf("specfiles SHA256 digest: %s\n", sha256_buf);
printf("calculated using the following specfile(s):\n");
if (specfiles) {
for (i = 0; i < num_specfiles; i++)
printf("%s\n", specfiles[i]);
}
- free(sha1_buf);
+ free(sha256_buf);
printf("\n");
}
diff --git a/policycoreutils/setfiles/ru/restorecon.8 b/policycoreutils/setfiles/ru/restorecon.8
index 9be3a63db356..745135020f4b 100644
--- a/policycoreutils/setfiles/ru/restorecon.8
+++ b/policycoreutils/setfiles/ru/restorecon.8
@@ -82,11 +82,11 @@ restorecon \- восстановить SELinux-контексты безопас
игнорировать файлы, которые не существуют.
.TP
.B \-I
-игнорировать дайджест, чтобы принудительно проверить метки, даже если хранимый дайджест SHA1 соответствует дайджесту SHA1 файлов спецификации. Затем (при условии отсутствия ошибок) дайджест будет обновлён. Более подробные сведения доступны в разделе
+игнорировать дайджест, чтобы принудительно проверить метки, даже если хранимый дайджест SHA256 соответствует дайджесту SHA256 файлов спецификации. Затем (при условии отсутствия ошибок) дайджест будет обновлён. Более подробные сведения доступны в разделе
.B ПРИМЕЧАНИЯ.
.TP
.B \-D
-установить или обновить дайджесты SHA1 для любых каталогов. Используйте этот параметр, чтобы включить использование расширенного атрибута
+установить или обновить дайджесты SHA256 для любых каталогов. Используйте этот параметр, чтобы включить использование расширенного атрибута
.IR security.restorecon_last.
.TP
.B \-m
@@ -159,7 +159,7 @@ GNU
.B \-D
команды
.B restorecon
-обеспечит сохранение дайджеста SHA1 файлов спецификации по умолчанию в расширенном атрибуте с именем
+обеспечит сохранение дайджеста SHA256 файлов спецификации по умолчанию в расширенном атрибуте с именем
.IR security.restorecon_last
для каталогов, указанных в соответствующих путях
.IR pathname \ ...
@@ -173,7 +173,7 @@ GNU
.sp
Параметр
.B \-I
-позволяет игнорировать дайджест SHA1 из каждого каталога, указанного в
+позволяет игнорировать дайджест SHA256 из каждого каталога, указанного в
.IR pathname \ ...
, и, при условии, что НЕ установлен параметр
.B \-n
diff --git a/policycoreutils/setfiles/ru/restorecon_xattr.8 b/policycoreutils/setfiles/ru/restorecon_xattr.8
index 41c441b8c5c2..25c4c3033334 100644
--- a/policycoreutils/setfiles/ru/restorecon_xattr.8
+++ b/policycoreutils/setfiles/ru/restorecon_xattr.8
@@ -23,7 +23,7 @@ restorecon_xattr \- управление записями расширенных
.SH "ОПИСАНИЕ"
.B restorecon_xattr
-покажет дайджесты SHA1, добавленные в расширенные атрибуты
+покажет дайджесты SHA256, добавленные в расширенные атрибуты
.I security.restorecon_last,
или полностью удалит эти атрибуты. Эти атрибуты устанавливаются командой
.BR restorecon (8)
@@ -47,11 +47,11 @@ restorecon_xattr \- управление записями расширенных
.sp
По умолчанию
.B restorecon_xattr
-показывает дайджесты SHA1, добавляя в конце "Match", если они соответствуют установленному по умолчанию файлу спецификации или файлу спецификации
+показывает дайджесты SHA256, добавляя в конце "Match", если они соответствуют установленному по умолчанию файлу спецификации или файлу спецификации
.I specfile,
который установлен с помощью параметра
.B \-f.
-Несоответствующие дайджесты SHA1 будут показаны с добавлением "No Match" в конце.
+Несоответствующие дайджесты SHA256 будут показаны с добавлением "No Match" в конце.
Эту возможность можно отключить с помощью параметра
.B \-n.
@@ -81,7 +81,7 @@ restorecon_xattr \- управление записями расширенных
рекурсивно спускаться по каталогам.
.TP
.B \-v
-показать дайджест SHA1, созданный установленным файлом спецификации.
+показать дайджест SHA256, созданный установленным файлом спецификации.
.TP
.B \-e
.I directory
@@ -97,7 +97,7 @@ restorecon_xattr \- управление записями расширенных
.BR file_contexts (5).
Он будет использоваться
.BR selabel_open (3)
-для получения набора записей меток; получение дайджеста SHA1 выполняется с помощью
+для получения набора записей меток; получение дайджеста SHA256 выполняется с помощью
.BR selabel_digest (3).
Если этот параметр не указан, будет использоваться файл file_contexts по умолчанию.
diff --git a/policycoreutils/setfiles/ru/setfiles.8 b/policycoreutils/setfiles/ru/setfiles.8
index 910101452625..7f2daa09191b 100644
--- a/policycoreutils/setfiles/ru/setfiles.8
+++ b/policycoreutils/setfiles/ru/setfiles.8
@@ -69,11 +69,11 @@ setfiles \- установить SELinux-контексты безопаснос
игнорировать файлы, которые не существуют.
.TP
.B \-I
-игнорировать дайджест, чтобы принудительно проверить метки, даже если хранимый дайджест SHA1 соответствует дайджесту SHA1 файлов спецификации. Затем (при условии отсутствия ошибок) дайджест будет обновлён. Более подробные сведения доступны в разделе
+игнорировать дайджест, чтобы принудительно проверить метки, даже если хранимый дайджест SHA256 соответствует дайджесту SHA256 файлов спецификации. Затем (при условии отсутствия ошибок) дайджест будет обновлён. Более подробные сведения доступны в разделе
.B ПРИМЕЧАНИЯ.
.TP
.B \-D
-установить или обновить дайджесты SHA1 для любых каталогов. Используйте этот параметр, чтобы включить использование расширенного атрибута
+установить или обновить дайджесты SHA256 для любых каталогов. Используйте этот параметр, чтобы включить использование расширенного атрибута
.IR security.restorecon_last.
.TP
.B \-l
@@ -186,7 +186,7 @@ GNU
.B \-D
команды
.B setfiles .
-Он обеспечивает сохранение дайджеста SHA1 файла спецификации
+Он обеспечивает сохранение дайджеста SHA256 файла спецификации
.B spec_file
в расширенном атрибуте с именем
.IR security.restorecon_last
@@ -204,7 +204,7 @@ GNU
.sp
Параметр
.B \-I
-позволяет игнорировать дайджест SHA1 из каждого каталога, указанного в
+позволяет игнорировать дайджест SHA256 из каждого каталога, указанного в
.IR pathname \ ...
, и, при условии, что НЕ установлен параметр
.B \-n
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
index 8e6c4ab94841..0692121f2f4d 100644
--- a/policycoreutils/setfiles/setfiles.8
+++ b/policycoreutils/setfiles/setfiles.8
@@ -85,14 +85,14 @@ display usage information and exit.
ignore files that do not exist.
.TP
.B \-I
-ignore digest to force checking of labels even if the stored SHA1 digest
-matches the specfiles SHA1 digest. The digest will then be updated provided
+ignore digest to force checking of labels even if the stored SHA256 digest
+matches the specfiles SHA256 digest. The digest will then be updated provided
there are no errors. See the
.B NOTES
section for further details.
.TP
.B \-D
-Set or update any directory SHA1 digests. Use this option to
+Set or update any directory SHA256 digests. Use this option to
enable usage of the
.IR security.sehash
extended attribute.
@@ -230,7 +230,7 @@ the
.B \-D
option to
.B setfiles
-will cause it to store a SHA1 digest of the
+will cause it to store a SHA256 digest of the
.B spec_file
set in an extended attribute named
.IR security.sehash
@@ -251,7 +251,7 @@ for further details.
.sp
The
.B \-I
-option will ignore the SHA1 digest from each directory specified in
+option will ignore the SHA256 digest from each directory specified in
.IR pathname \ ...
and provided the
.B \-n
--
2.32.0

View File

@ -0,0 +1,56 @@
From d39dacc352feb35c89b41225e142dd08e932c0c0 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Fri, 30 Jul 2021 13:48:18 +0200
Subject: [PATCH] python/sepolicy: Fix COPY_PASTE_ERROR (CWE-398)
Fixes:
Error: COPY_PASTE_ERROR (CWE-398): [#def3]
selinux/python/sepolicy/sepolicy/__init__.py:1032: original: ""_key_t"" looks like the original copy.
selinux/python/sepolicy/sepolicy/__init__.py:1035: copy_paste_error: ""_key_t"" looks like a copy-paste error.
selinux/python/sepolicy/sepolicy/__init__.py:1035: remediation: Should it say ""_secret_t"" instead?
# 1033|
# 1034| if f.endswith("_secret_t"):
# 1035|-> return txt + "treat the files as %s secret data." % prettyprint(f, "_key_t")
# 1036|
# 1037| if f.endswith("_ra_t"):
Error: COPY_PASTE_ERROR (CWE-398): [#def4]
selinux/python/sepolicy/sepolicy/__init__.py:1065: original: ""_tmp_t"" looks like the original copy.
selinux/python/sepolicy/sepolicy/__init__.py:1067: copy_paste_error: ""_tmp_t"" looks like a copy-paste error.
selinux/python/sepolicy/sepolicy/__init__.py:1067: remediation: Should it say ""_etc_t"" instead?
# 1065| return txt + "store %s temporary files in the /tmp directories." % prettyprint(f, "_tmp_t")
# 1066| if f.endswith("_etc_t"):
# 1067|-> return txt + "store %s files in the /etc directories." % prettyprint(f, "_tmp_t")
# 1068| if f.endswith("_home_t"):
# 1069| return txt + "store %s files in the users home directory." % prettyprint(f, "_home_t")
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/__init__.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index df773a6b314e..6b6160a449df 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -1039,7 +1039,7 @@ def get_description(f, markup=markup):
return txt + "treat the files as %s key data." % prettyprint(f, "_key_t")
if f.endswith("_secret_t"):
- return txt + "treat the files as %s secret data." % prettyprint(f, "_key_t")
+ return txt + "treat the files as %s secret data." % prettyprint(f, "_secret_t")
if f.endswith("_ra_t"):
return txt + "treat the files as %s read/append content." % prettyprint(f, "_ra_t")
@@ -1071,7 +1071,7 @@ def get_description(f, markup=markup):
if f.endswith("_tmp_t"):
return txt + "store %s temporary files in the /tmp directories." % prettyprint(f, "_tmp_t")
if f.endswith("_etc_t"):
- return txt + "store %s files in the /etc directories." % prettyprint(f, "_tmp_t")
+ return txt + "store %s files in the /etc directories." % prettyprint(f, "_etc_t")
if f.endswith("_home_t"):
return txt + "store %s files in the users home directory." % prettyprint(f, "_home_t")
if f.endswith("_tmpfs_t"):
--
2.32.0

View File

@ -1,7 +1,7 @@
%global libauditver 3.0 %global libauditver 3.0
%global libsepolver 3.2-1 %global libsepolver 3.2-3
%global libsemanagever 3.2-1 %global libsemanagever 3.2-3
%global libselinuxver 3.2-1 %global libselinuxver 3.2-5
%global generatorsdir %{_prefix}/lib/systemd/system-generators %global generatorsdir %{_prefix}/lib/systemd/system-generators
@ -11,7 +11,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 3.2 Version: 3.2
Release: 4%{?dist} Release: 5%{?dist}
License: GPLv2 License: GPLv2
# https://github.com/SELinuxProject/selinux/wiki/Releases # https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.2/selinux-3.2.tar.gz Source0: https://github.com/SELinuxProject/selinux/releases/download/3.2/selinux-3.2.tar.gz
@ -31,27 +31,33 @@ Source23: sandbox-po.tgz
# $ git format-patch -N 3.2 -- policycoreutils python gui sandbox dbus semodule-utils restorecond # $ git format-patch -N 3.2 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done # $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
# Patch list start # Patch list start
Patch0001: 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch Patch0001: 0001-policycoreutils-setfiles-do-not-create-useless-setfi.patch
Patch0002: 0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch Patch0002: 0002-fixfiles-do-not-exclude-dev-and-run-in-C-mode.patch
Patch0003: 0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch Patch0003: 0003-policycoreutils-silence-Wextra-semi-stmt-warning.patch
Patch0004: 0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch Patch0004: 0004-policycoreutils-free-memory-on-lstat-failure-in-sest.patch
Patch0005: 0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch Patch0005: 0005-policycoreutils-free-memory-of-allocated-context-in-.patch
Patch0006: 0006-Fix-title-in-manpage.py-to-not-contain-online.patch Patch0006: 0006-policycoreutils-free-memory-of-allocated-context-in-.patch
Patch0007: 0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch Patch0007: 0007-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
Patch0008: 0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch Patch0008: 0008-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
Patch0009: 0009-sepolicy-Another-small-optimization-for-mcs-types.patch Patch0009: 0009-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
Patch0010: 0010-Move-po-translation-files-into-the-right-sub-directo.patch Patch0010: 0010-Simplication-of-sepolicy-manpage-web-functionality.-.patch
Patch0011: 0011-Use-correct-gettext-domains-in-python-gui-sandbox.patch Patch0011: 0011-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
Patch0012: 0012-Initial-.pot-files-for-gui-python-sandbox.patch Patch0012: 0012-Fix-title-in-manpage.py-to-not-contain-online.patch
Patch0013: 0013-policycoreutils-setfiles-Improve-description-of-d-sw.patch Patch0013: 0013-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
Patch0014: 0014-sepolicy-generate-Handle-more-reserved-port-types.patch Patch0014: 0014-sepolicy-Drop-old-interface-file_type_is_executable-.patch
Patch0015: 0015-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch Patch0015: 0015-sepolicy-Another-small-optimization-for-mcs-types.patch
Patch0016: 0016-sandbox-Use-matchbox-window-manager-instead-of-openb.patch Patch0016: 0016-Move-po-translation-files-into-the-right-sub-directo.patch
Patch0017: 0017-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch Patch0017: 0017-Use-correct-gettext-domains-in-python-gui-sandbox.patch
Patch0018: 0018-Do-not-use-Python-slip.patch Patch0018: 0018-Initial-.pot-files-for-gui-python-sandbox.patch
Patch0019: 0019-dbus-Use-GLib.MainLoop.patch Patch0019: 0019-policycoreutils-setfiles-Improve-description-of-d-sw.patch
Patch0020: 0020-policycoreutils-setfiles-do-not-create-useless-setfi.patch Patch0020: 0020-sepolicy-generate-Handle-more-reserved-port-types.patch
Patch0021: 0021-fixfiles-do-not-exclude-dev-and-run-in-C-mode.patch Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
Patch0024: 0024-Do-not-use-Python-slip.patch
Patch0025: 0025-dbus-Use-GLib.MainLoop.patch
Patch0026: 0026-Use-SHA-2-instead-of-SHA-1.patch
Patch0027: 0027-python-sepolicy-Fix-COPY_PASTE_ERROR-CWE-398.patch
# Patch list end # Patch list end
Obsoletes: policycoreutils < 2.0.61-2 Obsoletes: policycoreutils < 2.0.61-2
@ -514,6 +520,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service %systemd_postun_with_restart restorecond.service
%changelog %changelog
* Fri Jul 30 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-5
- Use SHA-2 instead of SHA-1 (#1934964)
- Fix COPY_PASTE_ERROR (CWE-398)
* Thu May 13 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4 * Thu May 13 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4
- policycoreutils-dbus requires polkit - policycoreutils-dbus requires polkit
- fixfiles: do not exclude /dev and /run in -C mode - fixfiles: do not exclude /dev and /run in -C mode