diff options
author | Nicolas Iooss | 2016-11-20 21:32:25 +0100 |
---|---|---|
committer | Nicolas Iooss | 2016-11-20 21:32:25 +0100 |
commit | 8faa31a78e1a8919eabbfa6df01364e2fe04dd48 (patch) | |
tree | a369cb85015c685b4b70a8f362cfed0808b60486 | |
parent | 7f9ddc0fe345d7e45db7484cefd9664ad33e09c9 (diff) | |
download | aur-8faa31a78e1a8919eabbfa6df01364e2fe04dd48.tar.gz |
libsemanage 2.6-1 update
-rw-r--r-- | .SRCINFO | 18 | ||||
-rw-r--r-- | 0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch | 38 | ||||
-rw-r--r-- | 0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch | 40 | ||||
-rw-r--r-- | 0003-libsemanage-semanage_seuser_key_create-copy-name.patch | 65 | ||||
-rw-r--r-- | PKGBUILD | 28 |
5 files changed, 176 insertions, 13 deletions
@@ -1,8 +1,6 @@ -# Generated by makepkg 5.0.0 -# Sat Feb 27 11:50:46 UTC 2016 pkgbase = libsemanage pkgdesc = SELinux binary policy manipulation library - pkgver = 2.5 + pkgver = 2.6 pkgrel = 1 url = http://userspace.selinuxproject.org install = libsemanage.install @@ -15,17 +13,23 @@ pkgbase = libsemanage makedepends = python makedepends = swig depends = ustr-selinux - depends = libselinux>=2.5 + depends = libselinux>=2.6 depends = audit optdepends = python2: python2 bindings optdepends = python: python bindings - provides = selinux-usr-libsemanage=2.5-1 + provides = selinux-usr-libsemanage=2.6-1 conflicts = selinux-usr-libsemanage options = !emptydirs - source = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libsemanage-2.5.tar.gz + source = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/libsemanage-2.6.tar.gz source = semanage.conf - sha256sums = 46e2f36254369b6e91d1eea0460c262b139361b055a3a67d3ceea2d8ef72e006 + source = 0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch + source = 0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch + source = 0003-libsemanage-semanage_seuser_key_create-copy-name.patch + sha256sums = 4f81541047290b751f2ffb926fcd381c186f22db18d9fe671b0b4a6a54e8cfce sha256sums = 5b0e6929428e095b561701ccdfa9c8b0c3d70dad3fc46e667eb46a85b246a4a0 + sha256sums = 035aefa177493f61a3f5744cd82dabef4779a9b6c8954439c802bed0f2f21de2 + sha256sums = 08a62dcfcb263355d6ec0d83a00ce27442ada70c7471838ca9c54c5648f55d9f + sha256sums = 78cc14c549b3ce92e53b27d68beb95b4b3478f0bcd1c6c7c06f19afb6cbddd81 pkgname = libsemanage diff --git a/0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch b/0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch new file mode 100644 index 000000000000..a55d228df11e --- /dev/null +++ b/0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch @@ -0,0 +1,38 @@ +From 58ca300c67ec8aa72e0146ec326281fa92b3259f Mon Sep 17 00:00:00 2001 +From: Stephen Smalley <sds@tycho.nsa.gov> +Date: Fri, 14 Oct 2016 13:36:37 -0400 +Subject: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is + enabled + +When a non-MLS policy was used with genhomedircon context_from_record() +in sepol would report an error because an MLS level was present when MLS +is disabled. Based on a patch by Gary Tierney, amended to use +sepol_policydb_mls_enabled rather than semanage_mls_enabled because +we are testing the temporary working policy, not the active policy. + +Reported-by: Jason Zaman <jason@perfinion.com> +Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> +--- + libsemanage/src/genhomedircon.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c +index 6991fffc31cb..5e9d7224a06e 100644 +--- a/libsemanage/src/genhomedircon.c ++++ b/libsemanage/src/genhomedircon.c +@@ -638,7 +638,11 @@ static int write_contexts(genhomedircon_settings_t *s, FILE *out, + goto fail; + } + +- if (sepol_context_set_user(sepolh, context, user->sename) < 0 || ++ if (sepol_context_set_user(sepolh, context, user->sename) < 0) { ++ goto fail; ++ } ++ ++ if (sepol_policydb_mls_enabled(s->policydb) && + sepol_context_set_mls(sepolh, context, user->level) < 0) { + goto fail; + } +-- +2.10.2 + diff --git a/0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch b/0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch new file mode 100644 index 000000000000..89fc8430c8c4 --- /dev/null +++ b/0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch @@ -0,0 +1,40 @@ +From e59d72d312fcee86571b93f3ca61a963379c8ade Mon Sep 17 00:00:00 2001 +From: Stephen Smalley <sds@tycho.nsa.gov> +Date: Wed, 2 Nov 2016 08:54:19 -0400 +Subject: [PATCH] libsemanage: fix kernel pathname in semanage_verify_kernel() + +Building with CC=clang, we get the following errors: + +semanage_store.c:2177:20: error: implicit conversion from enumeration type 'enum semanage_final_defs' to different enumeration type 'enum semanage_store_defs' [-Werror,-Wenum-conversion] + semanage_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL); + ~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~~ +semanage_store.c:2177:40: error: implicit conversion from enumeration type 'enum semanage_final_path_defs' to different enumeration type 'enum semanage_sandbox_defs' [-Werror,-Wenum-conversion] + semanage_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL); + ~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~ + +This is an actual bug; semanage_verify_kernel() was never updated to +use semanage_final_path() when the rest were converted. Fix it. +This pathname is only used if a kernel policy verifier is specified +in semanage.conf, so this is not used by default. + +Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> +--- + libsemanage/src/semanage_store.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c +index ca2925774630..58a58ef9452e 100644 +--- a/libsemanage/src/semanage_store.c ++++ b/libsemanage/src/semanage_store.c +@@ -2174,7 +2174,7 @@ int semanage_verify_kernel(semanage_handle_t * sh) + { + int retval = -1; + const char *kernel_filename = +- semanage_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL); ++ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL); + semanage_conf_t *conf = sh->conf; + external_prog_t *e; + if (conf->kernel_prog == NULL) { +-- +2.10.2 + diff --git a/0003-libsemanage-semanage_seuser_key_create-copy-name.patch b/0003-libsemanage-semanage_seuser_key_create-copy-name.patch new file mode 100644 index 000000000000..d75e4cb728a2 --- /dev/null +++ b/0003-libsemanage-semanage_seuser_key_create-copy-name.patch @@ -0,0 +1,65 @@ +From 7c040a554e2c576cfa787335def949b277a19917 Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss <nicolas.iooss@m4x.org> +Date: Sat, 12 Nov 2016 13:05:03 +0100 +Subject: [PATCH] libsemanage: semanage_seuser_key_create: copy name + +When removing a login using semanage with Python 3 the following error +occurs: + + # semanage login -l | grep my_user + my_user user_u + + # semanage login --delete my_user + ValueError: Login mapping for my_user is not defined + +This is due to a use-after-free in the swig-generated code for python3 +bindings. + +Copy the user name in semanage_seuser_key_create() and free it in +semanage_seuser_key_free(), like commit eac6f1f1b512 ("libsepol: +sepol_{bool|iface|user}_key_create: copy name") did. + +Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> +--- + libsemanage/src/seuser_record.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/libsemanage/src/seuser_record.c b/libsemanage/src/seuser_record.c +index 8823b1ed1c7b..1ed459486228 100644 +--- a/libsemanage/src/seuser_record.c ++++ b/libsemanage/src/seuser_record.c +@@ -33,7 +33,7 @@ struct semanage_seuser { + + struct semanage_seuser_key { + /* This user's name */ +- const char *name; ++ char *name; + }; + + int semanage_seuser_key_create(semanage_handle_t * handle, +@@ -48,7 +48,12 @@ int semanage_seuser_key_create(semanage_handle_t * handle, + ERR(handle, "out of memory, could not create seuser key"); + return STATUS_ERR; + } +- tmp_key->name = name; ++ tmp_key->name = strdup(name); ++ if (!tmp_key->name) { ++ ERR(handle, "out of memory, could not create seuser key"); ++ free(tmp_key); ++ return STATUS_ERR; ++ } + + *key_ptr = tmp_key; + return STATUS_SUCCESS; +@@ -75,7 +80,7 @@ hidden_def(semanage_seuser_key_extract) + + void semanage_seuser_key_free(semanage_seuser_key_t * key) + { +- ++ free(key->name); + free(key); + } + +-- +2.10.2 + @@ -4,7 +4,7 @@ # Contributor: Sergej Pupykin (pupykin <dot> s+arch <at> gmail <dot> com) pkgname=libsemanage -pkgver=2.5 +pkgver=2.6 pkgrel=1 pkgdesc="SELinux binary policy manipulation library" arch=('i686' 'x86_64') @@ -12,17 +12,31 @@ url='http://userspace.selinuxproject.org' license=('GPL') groups=('selinux') makedepends=('flex' 'python2' 'python' 'swig') -depends=('ustr-selinux' 'libselinux>=2.5' 'audit') +depends=('ustr-selinux' 'libselinux>=2.6' 'audit') optdepends=('python2: python2 bindings' 'python: python bindings') options=(!emptydirs) install=libsemanage.install conflicts=("selinux-usr-${pkgname}") provides=("selinux-usr-${pkgname}=${pkgver}-${pkgrel}") -source=("https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/${pkgname}-${pkgver}.tar.gz" - "semanage.conf") -sha256sums=('46e2f36254369b6e91d1eea0460c262b139361b055a3a67d3ceea2d8ef72e006' - '5b0e6929428e095b561701ccdfa9c8b0c3d70dad3fc46e667eb46a85b246a4a0') +source=("https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/${pkgname}-${pkgver}.tar.gz" + "semanage.conf" + '0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch' + '0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch' + '0003-libsemanage-semanage_seuser_key_create-copy-name.patch') +sha256sums=('4f81541047290b751f2ffb926fcd381c186f22db18d9fe671b0b4a6a54e8cfce' + '5b0e6929428e095b561701ccdfa9c8b0c3d70dad3fc46e667eb46a85b246a4a0' + '035aefa177493f61a3f5744cd82dabef4779a9b6c8954439c802bed0f2f21de2' + '08a62dcfcb263355d6ec0d83a00ce27442ada70c7471838ca9c54c5648f55d9f' + '78cc14c549b3ce92e53b27d68beb95b4b3478f0bcd1c6c7c06f19afb6cbddd81') + +prepare() { + cd "${pkgname}-${pkgver}" + + patch -Np2 -i '../0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch' + patch -Np2 -i '../0002-libsemanage-fix-kernel-pathname-in-semanage_verify_k.patch' + patch -Np2 -i '../0003-libsemanage-semanage_seuser_key_create-copy-name.patch' +} build() { cd "${pkgname}-${pkgver}" @@ -37,6 +51,8 @@ package(){ make DESTDIR="${pkgdir}" LIBDIR="${pkgdir}/usr/lib" LIBEXECDIR="${pkgdir}/usr/lib" SHLIBDIR="${pkgdir}/usr/lib" install make DESTDIR="${pkgdir}" LIBDIR="${pkgdir}/usr/lib" LIBEXECDIR="${pkgdir}/usr/lib" SHLIBDIR="${pkgdir}/usr/lib" PYTHON=python2 install-pywrap make DESTDIR="${pkgdir}" LIBDIR="${pkgdir}/usr/lib" LIBEXECDIR="${pkgdir}/usr/lib" SHLIBDIR="${pkgdir}/usr/lib" PYTHON=python3 install-pywrap + python2 -m compileall "${pkgdir}/$(python2 -c 'import site; print(site.getsitepackages()[0])')" + python3 -m compileall "${pkgdir}/$(python3 -c 'import site; print(site.getsitepackages()[0])')" install -D -m0644 "${srcdir}/semanage.conf" "${pkgdir}/etc/selinux/semanage.conf" |