diff --git a/.gitignore b/.gitignore index 500533e..b03c195 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libsemanage-3.2.tar.gz +SOURCES/libsemanage-3.3.tar.gz diff --git a/.libsemanage.metadata b/.libsemanage.metadata index 8363391..4b3389b 100644 --- a/.libsemanage.metadata +++ b/.libsemanage.metadata @@ -1 +1 @@ -bc67f9118dcca5032919d25184899f9daf66b70b SOURCES/libsemanage-3.2.tar.gz +11f64c0651cde5d85b1dbbbc05491e95943643bb SOURCES/libsemanage-3.3.tar.gz diff --git a/SOURCES/0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch b/SOURCES/0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch new file mode 100644 index 0000000..4dc4ca8 --- /dev/null +++ b/SOURCES/0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch @@ -0,0 +1,66 @@ +From 05bc0fe72b53476a9d4da3957c6d6cba00c76eea Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Wed, 7 Nov 2018 18:17:34 +0100 +Subject: [PATCH] libsemanage: Fix RESOURCE_LEAK and USE_AFTER_FREE coverity + scan defects + +--- + libsemanage/src/direct_api.c | 21 ++++++++------------- + 1 file changed, 8 insertions(+), 13 deletions(-) + +diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c +index f0e2300a2f58..b7a3e0f17cc1 100644 +--- a/libsemanage/src/direct_api.c ++++ b/libsemanage/src/direct_api.c +@@ -1029,7 +1029,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh, + + fp = NULL; + +- ret = 0; ++ return 0; + + cleanup: + if (fp != NULL) fclose(fp); +@@ -2186,7 +2186,6 @@ cleanup: + semanage_module_info_destroy(sh, modinfo); + free(modinfo); + +- if (fp != NULL) fclose(fp); + return status; + } + +@@ -2351,16 +2350,6 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, + free(tmp); + tmp = NULL; + +- if (fclose(fp) != 0) { +- ERR(sh, +- "Unable to close %s module lang ext file.", +- (*modinfo)->name); +- status = -1; +- goto cleanup; +- } +- +- fp = NULL; +- + /* lookup enabled/disabled status */ + ret = semanage_module_get_path(sh, + *modinfo, +@@ -2404,7 +2393,13 @@ cleanup: + free(modinfos); + } + +- if (fp != NULL) fclose(fp); ++ if (fp != NULL && fclose(fp) != 0) { ++ ERR(sh, ++ "Unable to close %s module lang ext file.", ++ (*modinfo)->name); ++ status = -1; ++ } ++ + return status; + } + +-- +2.32.0 + diff --git a/SOURCES/0001-libsemanage-fix-use-after-free-in-parse_module_store.patch b/SOURCES/0001-libsemanage-fix-use-after-free-in-parse_module_store.patch deleted file mode 100644 index 065178e..0000000 --- a/SOURCES/0001-libsemanage-fix-use-after-free-in-parse_module_store.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 6bff61c5981d4b928a0c304aad0b4adf772776cd Mon Sep 17 00:00:00 2001 -From: HuaxinLu -Date: Mon, 14 Jun 2021 12:21:26 +0800 -Subject: [PATCH] libsemanage: fix use-after-free in parse_module_store() - -The passing parameter "arg" of parse_module_store will be freed after -calling. A copy of parameter should be used instead of itself. - -Signed-off-by: HuaxinLu -Acked-by: James Carter ---- - libsemanage/src/conf-parse.y | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y -index 9bf9364a1ce4..eac913447ecd 100644 ---- a/libsemanage/src/conf-parse.y -+++ b/libsemanage/src/conf-parse.y -@@ -516,12 +516,12 @@ static int parse_module_store(char *arg) - char *s; - current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE; - if ((s = strchr(arg, ':')) == NULL) { -- current_conf->store_path = arg; -+ current_conf->store_path = strdup(arg); - current_conf->server_port = 4242; - } else { - char *endptr; - *s = '\0'; -- current_conf->store_path = arg; -+ current_conf->store_path = strdup(arg); - current_conf->server_port = strtol(s + 1, &endptr, 10); - if (*(s + 1) == '\0' || *endptr != '\0') { - return -2; --- -2.32.0 - diff --git a/SOURCES/0002-libsemanage-silence-Wextra-semi-stmt-warning.patch b/SOURCES/0002-libsemanage-silence-Wextra-semi-stmt-warning.patch deleted file mode 100644 index 2455d95..0000000 --- a/SOURCES/0002-libsemanage-silence-Wextra-semi-stmt-warning.patch +++ /dev/null @@ -1,65 +0,0 @@ -From e1c6df329ce988bb03e9b0aa72cace3d679b9f9c Mon Sep 17 00:00:00 2001 -From: Nicolas Iooss -Date: Sat, 3 Jul 2021 16:31:19 +0200 -Subject: [PATCH] libsemanage: silence -Wextra-semi-stmt warning - -On Ubuntu 20.04, when building with clang -Werror -Wextra-semi-stmt -(which is not the default build configuration), the compiler reports: - - genhomedircon.c:742:67: error: empty expression statement has no - effect; remove unnecessary ';' to silence this warning - [-Werror,-Wextra-semi-stmt] - const semanage_seuser_t **u2 = (const semanage_seuser_t **) arg2;; - ^ - -Signed-off-by: Nicolas Iooss ---- - libsemanage/src/genhomedircon.c | 2 +- - libsemanage/tests/libsemanage-tests.c | 18 +++++++++++------- - 2 files changed, 12 insertions(+), 8 deletions(-) - -diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c -index d08c88de99a7..7ca9afc3c1c7 100644 ---- a/libsemanage/src/genhomedircon.c -+++ b/libsemanage/src/genhomedircon.c -@@ -740,7 +740,7 @@ static int write_user_context(genhomedircon_settings_t * s, FILE * out, - static int seuser_sort_func(const void *arg1, const void *arg2) - { - const semanage_seuser_t **u1 = (const semanage_seuser_t **) arg1; -- const semanage_seuser_t **u2 = (const semanage_seuser_t **) arg2;; -+ const semanage_seuser_t **u2 = (const semanage_seuser_t **) arg2; - const char *name1 = semanage_seuser_get_name(*u1); - const char *name2 = semanage_seuser_get_name(*u2); - -diff --git a/libsemanage/tests/libsemanage-tests.c b/libsemanage/tests/libsemanage-tests.c -index 2ae4a21be52a..ee1767034c28 100644 ---- a/libsemanage/tests/libsemanage-tests.c -+++ b/libsemanage/tests/libsemanage-tests.c -@@ -41,13 +41,17 @@ - #include - - #define DECLARE_SUITE(name) \ -- suite = CU_add_suite(#name, name##_test_init, name##_test_cleanup); \ -- if (NULL == suite) { \ -- CU_cleanup_registry(); \ -- return CU_get_error(); } \ -- if (name##_add_tests(suite)) { \ -- CU_cleanup_registry(); \ -- return CU_get_error(); } -+ do { \ -+ suite = CU_add_suite(#name, name##_test_init, name##_test_cleanup); \ -+ if (NULL == suite) { \ -+ CU_cleanup_registry(); \ -+ return CU_get_error(); \ -+ } \ -+ if (name##_add_tests(suite)) { \ -+ CU_cleanup_registry(); \ -+ return CU_get_error(); \ -+ } \ -+ } while (0) - - static void usage(char *progname) - { --- -2.32.0 - diff --git a/SOURCES/0003-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch b/SOURCES/0003-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch deleted file mode 100644 index fb3c99b..0000000 --- a/SOURCES/0003-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch +++ /dev/null @@ -1,66 +0,0 @@ -From cb0f1618cc3f81ac71717a426c6e471ccac1c065 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Wed, 7 Nov 2018 18:17:34 +0100 -Subject: [PATCH] libsemanage: Fix RESOURCE_LEAK and USE_AFTER_FREE coverity - scan defects - ---- - libsemanage/src/direct_api.c | 21 ++++++++------------- - 1 file changed, 8 insertions(+), 13 deletions(-) - -diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c -index 9a4e79385b69..393ec9faf92d 100644 ---- a/libsemanage/src/direct_api.c -+++ b/libsemanage/src/direct_api.c -@@ -1028,7 +1028,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh, - - fp = NULL; - -- ret = 0; -+ return 0; - - cleanup: - if (fp != NULL) fclose(fp); -@@ -2185,7 +2185,6 @@ cleanup: - semanage_module_info_destroy(sh, modinfo); - free(modinfo); - -- if (fp != NULL) fclose(fp); - return status; - } - -@@ -2350,16 +2349,6 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, - free(tmp); - tmp = NULL; - -- if (fclose(fp) != 0) { -- ERR(sh, -- "Unable to close %s module lang ext file.", -- (*modinfo)->name); -- status = -1; -- goto cleanup; -- } -- -- fp = NULL; -- - /* lookup enabled/disabled status */ - ret = semanage_module_get_path(sh, - *modinfo, -@@ -2403,7 +2392,13 @@ cleanup: - free(modinfos); - } - -- if (fp != NULL) fclose(fp); -+ if (fp != NULL && fclose(fp) != 0) { -+ ERR(sh, -+ "Unable to close %s module lang ext file.", -+ (*modinfo)->name); -+ status = -1; -+ } -+ - return status; - } - --- -2.32.0 - diff --git a/SOURCES/0004-libsemanage-Fix-USE_AFTER_FREE-CWE-672-in-semanage_d.patch b/SOURCES/0004-libsemanage-Fix-USE_AFTER_FREE-CWE-672-in-semanage_d.patch deleted file mode 100644 index 8d810f4..0000000 --- a/SOURCES/0004-libsemanage-Fix-USE_AFTER_FREE-CWE-672-in-semanage_d.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 29aeba547563f32b9a2240ddeebd3e3ccb9dcf78 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Wed, 28 Jul 2021 10:25:51 +0200 -Subject: [PATCH] libsemanage: Fix USE_AFTER_FREE (CWE-672) in - semanage_direct_write_langext() - -From fclose(3): -Upon successful completion, 0 is returned. Otherwise, EOF is returned -and errno is set to indicate the error. In either case, any further -access (including another call to fclose()) to the stream results in -undefined behavior. - -Fixes: - Error: USE_AFTER_FREE (CWE-672): [#def1] - libsemanage-3.2/src/direct_api.c:1023: freed_arg: "fclose" frees "fp". - libsemanage-3.2/src/direct_api.c:1034: use_closed_file: Calling "fclose" uses file handle "fp" after closing it. - # 1032| - # 1033| cleanup: - # 1034|-> if (fp != NULL) fclose(fp); - # 1035| - # 1036| return ret; - -Signed-off-by: Petr Lautrbach ---- - libsemanage/src/direct_api.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c -index 393ec9faf92d..b7a3e0f17cc1 100644 ---- a/libsemanage/src/direct_api.c -+++ b/libsemanage/src/direct_api.c -@@ -1022,6 +1022,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh, - - if (fclose(fp) != 0) { - ERR(sh, "Unable to close %s module ext file.", modinfo->name); -+ fp = NULL; - ret = -1; - goto cleanup; - } --- -2.32.0 - diff --git a/SPECS/libsemanage.spec b/SPECS/libsemanage.spec index 6b78c4c..37b6f64 100644 --- a/SPECS/libsemanage.spec +++ b/SPECS/libsemanage.spec @@ -1,19 +1,16 @@ -%define libsepolver 3.2-3 -%define libselinuxver 3.2-5 +%define libsepolver 3.3-1 +%define libselinuxver 3.3-1 Summary: SELinux binary policy manipulation library Name: libsemanage -Version: 3.2 -Release: 4%{?dist} +Version: 3.3 +Release: 1%{?dist} License: LGPLv2+ -Source0: https://github.com/SELinuxProject/selinux/releases/download/3.2/libsemanage-3.2.tar.gz -# fedora-selinux/selinux: git format-patch -N 3.2 -- libsemanage +Source0: https://github.com/SELinuxProject/selinux/releases/download/3.3/libsemanage-3.3.tar.gz +# fedora-selinux/selinux: git format-patch -N 3.3 -- libsemanage # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # Patch list start -Patch0001: 0001-libsemanage-fix-use-after-free-in-parse_module_store.patch -Patch0002: 0002-libsemanage-silence-Wextra-semi-stmt-warning.patch -Patch0003: 0003-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch -Patch0004: 0004-libsemanage-Fix-USE_AFTER_FREE-CWE-672-in-semanage_d.patch +Patch0001: 0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch # Patch list end URL: https://github.com/SELinuxProject/selinux/wiki Source1: semanage.conf @@ -157,6 +154,15 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf %{_libexecdir}/selinux/semanage_migrate_store %changelog +* Fri Oct 22 2021 Petr Lautrbach - 3.3-1 +- SELinux userspace 3.3 release + +* Sun Oct 10 2021 Petr Lautrbach - 3.3-0.rc3.1 +- SELinux userspace 3.3-rc3 release + +* Wed Sep 29 2021 Petr Lautrbach - 3.3-0.rc2.1 +- SELinux userspace 3.3-rc2 release + * Mon Aug 09 2021 Mohan Boddu - 3.2-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688