libsemanage 2.6-1 update

5 files changed, 176 insertions, 13 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 4466ea5824b3..cd442fdf2067 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,8 +1,6 @@
-# Generated by makepkg 5.0.0
-# Sat Feb 27 11:50:46 UTC 2016
 pkgbase = libsemanage
 	pkgdesc = SELinux binary policy manipulation library
-	pkgver = 2.5
+	pkgver = 2.6
 	pkgrel = 1
 	url = http://userspace.selinuxproject.org
 	install = libsemanage.install
@@ -15,17 +13,23 @@ pkgbase = libsemanage
 	makedepends = python
 	makedepends = swig
 	depends = ustr-selinux
-	depends = libselinux>=2.5
+	depends = libselinux>=2.6
 	depends = audit
 	optdepends = python2: python2 bindings
 	optdepends = python: python bindings
-	provides = selinux-usr-libsemanage=2.5-1
+	provides = selinux-usr-libsemanage=2.6-1
 	conflicts = selinux-usr-libsemanage
 	options = !emptydirs
-	source = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libsemanage-2.5.tar.gz
+	source = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/libsemanage-2.6.tar.gz
 	source = semanage.conf
-	sha256sums = 46e2f36254369b6e91d1eea0460c262b139361b055a3a67d3ceea2d8ef72e006
+	source = 0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch
+	source = 0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch
+	source = 0003-libsemanage-semanage_seuser_key_create-copy-name.patch
+	sha256sums = 4f81541047290b751f2ffb926fcd381c186f22db18d9fe671b0b4a6a54e8cfce
 	sha256sums = 5b0e6929428e095b561701ccdfa9c8b0c3d70dad3fc46e667eb46a85b246a4a0
+	sha256sums = 035aefa177493f61a3f5744cd82dabef4779a9b6c8954439c802bed0f2f21de2
+	sha256sums = 08a62dcfcb263355d6ec0d83a00ce27442ada70c7471838ca9c54c5648f55d9f
+	sha256sums = 78cc14c549b3ce92e53b27d68beb95b4b3478f0bcd1c6c7c06f19afb6cbddd81
 
 pkgname = libsemanage
 
diff --git a/0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch b/0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch
new file mode 100644
index 000000000000..a55d228df11e
--- /dev/null
+++ b/0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch
@@ -0,0 +1,38 @@
+From 58ca300c67ec8aa72e0146ec326281fa92b3259f Mon Sep 17 00:00:00 2001
+From: Stephen Smalley <sds@tycho.nsa.gov>
+Date: Fri, 14 Oct 2016 13:36:37 -0400
+Subject: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is
+ enabled
+
+When a non-MLS policy was used with genhomedircon context_from_record()
+in sepol would report an error because an MLS level was present when MLS
+is disabled.  Based on a patch by Gary Tierney, amended to use
+sepol_policydb_mls_enabled rather than semanage_mls_enabled because
+we are testing the temporary working policy, not the active policy.
+
+Reported-by: Jason Zaman <jason@perfinion.com>
+Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
+---
+ libsemanage/src/genhomedircon.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
+index 6991fffc31cb..5e9d7224a06e 100644
+--- a/libsemanage/src/genhomedircon.c
++++ b/libsemanage/src/genhomedircon.c
+@@ -638,7 +638,11 @@ static int write_contexts(genhomedircon_settings_t *s, FILE *out,
+ 			goto fail;
+ 		}
+ 
+-		if (sepol_context_set_user(sepolh, context, user->sename) < 0 ||
++		if (sepol_context_set_user(sepolh, context, user->sename) < 0) {
++			goto fail;
++		}
++
++		if (sepol_policydb_mls_enabled(s->policydb) &&
+ 		    sepol_context_set_mls(sepolh, context, user->level) < 0) {
+ 			goto fail;
+ 		}
+-- 
+2.10.2
+
diff --git a/0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch b/0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch
new file mode 100644
index 000000000000..89fc8430c8c4
--- /dev/null
+++ b/0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch
@@ -0,0 +1,40 @@
+From e59d72d312fcee86571b93f3ca61a963379c8ade Mon Sep 17 00:00:00 2001
+From: Stephen Smalley <sds@tycho.nsa.gov>
+Date: Wed, 2 Nov 2016 08:54:19 -0400
+Subject: [PATCH] libsemanage: fix kernel pathname in semanage_verify_kernel()
+
+Building with CC=clang, we get the following errors:
+
+semanage_store.c:2177:20: error: implicit conversion from enumeration type 'enum semanage_final_defs' to different enumeration type 'enum semanage_store_defs' [-Werror,-Wenum-conversion]
+            semanage_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL);
+            ~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~~
+semanage_store.c:2177:40: error: implicit conversion from enumeration type 'enum semanage_final_path_defs' to different enumeration type 'enum semanage_sandbox_defs' [-Werror,-Wenum-conversion]
+            semanage_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL);
+            ~~~~~~~~~~~~~                     ^~~~~~~~~~~~~~~
+
+This is an actual bug; semanage_verify_kernel() was never updated to
+use semanage_final_path() when the rest were converted.  Fix it.
+This pathname is only used if a kernel policy verifier is specified
+in semanage.conf, so this is not used by default.
+
+Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
+---
+ libsemanage/src/semanage_store.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
+index ca2925774630..58a58ef9452e 100644
+--- a/libsemanage/src/semanage_store.c
++++ b/libsemanage/src/semanage_store.c
+@@ -2174,7 +2174,7 @@ int semanage_verify_kernel(semanage_handle_t * sh)
+ {
+ 	int retval = -1;
+ 	const char *kernel_filename =
+-	    semanage_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL);
++	    semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL);
+ 	semanage_conf_t *conf = sh->conf;
+ 	external_prog_t *e;
+ 	if (conf->kernel_prog == NULL) {
+-- 
+2.10.2
+
diff --git a/0003-libsemanage-semanage_seuser_key_create-copy-name.patch b/0003-libsemanage-semanage_seuser_key_create-copy-name.patch
new file mode 100644
index 000000000000..d75e4cb728a2
--- /dev/null
+++ b/0003-libsemanage-semanage_seuser_key_create-copy-name.patch
@@ -0,0 +1,65 @@
+From 7c040a554e2c576cfa787335def949b277a19917 Mon Sep 17 00:00:00 2001
+From: Nicolas Iooss <nicolas.iooss@m4x.org>
+Date: Sat, 12 Nov 2016 13:05:03 +0100
+Subject: [PATCH] libsemanage: semanage_seuser_key_create: copy name
+
+When removing a login using semanage with Python 3 the following error
+occurs:
+
+    # semanage login -l | grep my_user
+    my_user                   user_u
+
+    # semanage login --delete my_user
+    ValueError: Login mapping for my_user is not defined
+
+This is due to a use-after-free in the swig-generated code for python3
+bindings.
+
+Copy the user name in semanage_seuser_key_create() and free it in
+semanage_seuser_key_free(), like commit eac6f1f1b512 ("libsepol:
+sepol_{bool|iface|user}_key_create: copy name") did.
+
+Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
+---
+ libsemanage/src/seuser_record.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/libsemanage/src/seuser_record.c b/libsemanage/src/seuser_record.c
+index 8823b1ed1c7b..1ed459486228 100644
+--- a/libsemanage/src/seuser_record.c
++++ b/libsemanage/src/seuser_record.c
+@@ -33,7 +33,7 @@ struct semanage_seuser {
+ 
+ struct semanage_seuser_key {
+ 	/* This user's name */
+-	const char *name;
++	char *name;
+ };
+ 
+ int semanage_seuser_key_create(semanage_handle_t * handle,
+@@ -48,7 +48,12 @@ int semanage_seuser_key_create(semanage_handle_t * handle,
+ 		ERR(handle, "out of memory, could not create seuser key");
+ 		return STATUS_ERR;
+ 	}
+-	tmp_key->name = name;
++	tmp_key->name = strdup(name);
++	if (!tmp_key->name) {
++		ERR(handle, "out of memory, could not create seuser key");
++		free(tmp_key);
++		return STATUS_ERR;
++	}
+ 
+ 	*key_ptr = tmp_key;
+ 	return STATUS_SUCCESS;
+@@ -75,7 +80,7 @@ hidden_def(semanage_seuser_key_extract)
+ 
+ void semanage_seuser_key_free(semanage_seuser_key_t * key)
+ {
+-
++	free(key->name);
+ 	free(key);
+ }
+ 
+-- 
+2.10.2
+
diff --git a/PKGBUILD b/PKGBUILD
index a6ff4be9d4dc..45e29cd1c61b 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,7 +4,7 @@
 # Contributor: Sergej Pupykin (pupykin <dot> s+arch <at> gmail <dot> com)
 
 pkgname=libsemanage
-pkgver=2.5
+pkgver=2.6
 pkgrel=1
 pkgdesc="SELinux binary policy manipulation library"
 arch=('i686' 'x86_64')
@@ -12,17 +12,31 @@ url='http://userspace.selinuxproject.org'
 license=('GPL')
 groups=('selinux')
 makedepends=('flex' 'python2' 'python' 'swig')
-depends=('ustr-selinux' 'libselinux>=2.5' 'audit')
+depends=('ustr-selinux' 'libselinux>=2.6' 'audit')
 optdepends=('python2: python2 bindings'
             'python: python bindings')
 options=(!emptydirs)
 install=libsemanage.install
 conflicts=("selinux-usr-${pkgname}")
 provides=("selinux-usr-${pkgname}=${pkgver}-${pkgrel}")
-source=("https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/${pkgname}-${pkgver}.tar.gz"
-        "semanage.conf")
-sha256sums=('46e2f36254369b6e91d1eea0460c262b139361b055a3a67d3ceea2d8ef72e006'
-            '5b0e6929428e095b561701ccdfa9c8b0c3d70dad3fc46e667eb46a85b246a4a0')
+source=("https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/${pkgname}-${pkgver}.tar.gz"
+        "semanage.conf"
+        '0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch'
+        '0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch'
+        '0003-libsemanage-semanage_seuser_key_create-copy-name.patch')
+sha256sums=('4f81541047290b751f2ffb926fcd381c186f22db18d9fe671b0b4a6a54e8cfce'
+            '5b0e6929428e095b561701ccdfa9c8b0c3d70dad3fc46e667eb46a85b246a4a0'
+            '035aefa177493f61a3f5744cd82dabef4779a9b6c8954439c802bed0f2f21de2'
+            '08a62dcfcb263355d6ec0d83a00ce27442ada70c7471838ca9c54c5648f55d9f'
+            '78cc14c549b3ce92e53b27d68beb95b4b3478f0bcd1c6c7c06f19afb6cbddd81')
+
+prepare() {
+  cd "${pkgname}-${pkgver}"
+
+  patch -Np2 -i '../0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch'
+  patch -Np2 -i '../0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch'
+  patch -Np2 -i '../0003-libsemanage-semanage_seuser_key_create-copy-name.patch'
+}
 
 build() {
   cd "${pkgname}-${pkgver}"
@@ -37,6 +51,8 @@ package(){
   make DESTDIR="${pkgdir}" LIBDIR="${pkgdir}/usr/lib" LIBEXECDIR="${pkgdir}/usr/lib" SHLIBDIR="${pkgdir}/usr/lib" install
   make DESTDIR="${pkgdir}" LIBDIR="${pkgdir}/usr/lib" LIBEXECDIR="${pkgdir}/usr/lib" SHLIBDIR="${pkgdir}/usr/lib" PYTHON=python2 install-pywrap
   make DESTDIR="${pkgdir}" LIBDIR="${pkgdir}/usr/lib" LIBEXECDIR="${pkgdir}/usr/lib" SHLIBDIR="${pkgdir}/usr/lib" PYTHON=python3 install-pywrap
+  python2 -m compileall "${pkgdir}/$(python2 -c 'import site; print(site.getsitepackages()[0])')"
+  python3 -m compileall "${pkgdir}/$(python3 -c 'import site; print(site.getsitepackages()[0])')"
 
   install -D -m0644 "${srcdir}/semanage.conf" "${pkgdir}/etc/selinux/semanage.conf"