diff --git a/ backport-python-audit2allow-close-file-stream-on-error.patch b/ backport-python-audit2allow-close-file-stream-on-error.patch new file mode 100644 index 0000000000000000000000000000000000000000..fc85cf4d5c00b1ebbc57a684dda5234b143e05a1 --- /dev/null +++ b/ backport-python-audit2allow-close-file-stream-on-error.patch @@ -0,0 +1,48 @@ +From c14a86af9a2304175e54897634f808b42345325b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Fri, 20 May 2022 14:51:07 +0200 +Subject: [PATCH] python/audit2allow: close file stream on error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + sepolgen-ifgen-attr-helper.c: In function ‘load_policy’: + sepolgen-ifgen-attr-helper.c:196:17: warning: leak of FILE ‘fp’ [CWE-775] [-Wanalyzer-file-leak] + 196 | fprintf(stderr, "Out of memory!\n"); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Signed-off-by: Christian Göttsche +Acked-by: James Carter +--- + python/audit2allow/sepolgen-ifgen-attr-helper.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/python/audit2allow/sepolgen-ifgen-attr-helper.c b/python/audit2allow/sepolgen-ifgen-attr-helper.c +index 6f3ba962..5e6cffc1 100644 +--- a/python/audit2allow/sepolgen-ifgen-attr-helper.c ++++ b/python/audit2allow/sepolgen-ifgen-attr-helper.c +@@ -194,12 +194,14 @@ static policydb_t *load_policy(const char *filename) + policydb = malloc(sizeof(policydb_t)); + if (policydb == NULL) { + fprintf(stderr, "Out of memory!\n"); ++ fclose(fp); + return NULL; + } + + if (policydb_init(policydb)) { + fprintf(stderr, "Out of memory!\n"); + free(policydb); ++ fclose(fp); + return NULL; + } + +@@ -208,6 +210,7 @@ static policydb_t *load_policy(const char *filename) + fprintf(stderr, + "error(s) encountered while parsing configuration\n"); + free(policydb); ++ fclose(fp); + return NULL; + } + +-- +2.23.0 diff --git a/backport-newrole-check-for-crypt-3-failure.patch b/backport-newrole-check-for-crypt-3-failure.patch new file mode 100644 index 0000000000000000000000000000000000000000..1d061d26d36e6dbfc9b5882f358842dd7fd39e18 --- /dev/null +++ b/backport-newrole-check-for-crypt-3-failure.patch @@ -0,0 +1,35 @@ +From 1af808982460ec74a23820dcc4d582bb39e2b223 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 22 Feb 2022 14:51:42 +0100 +Subject: [PATCH] newrole: check for crypt(3) failure +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Depending on the implementation crypt(3) can fail either by returning +NULL, or returning a pointer to an invalid hash and setting errno. + +Signed-off-by: Christian Göttsche +--- + policycoreutils/newrole/newrole.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c +index c99898635..781f99b63 100644 +--- a/policycoreutils/newrole/newrole.c ++++ b/policycoreutils/newrole/newrole.c +@@ -368,9 +368,14 @@ static int authenticate_via_shadow_passwd(const char *uname) + } + + /* Use crypt() to encrypt user's input password. */ ++ errno = 0; + encrypted_password_s = crypt(unencrypted_password_s, + p_shadow_line->sp_pwdp); + memset(unencrypted_password_s, 0, strlen(unencrypted_password_s)); ++ if (errno || !encrypted_password_s) { ++ fprintf(stderr, _("Cannot encrypt password.\n")); ++ return 0; ++ } + return (!strcmp(encrypted_password_s, p_shadow_line->sp_pwdp)); + } + #endif /* if/else USE_PAM */ diff --git a/backport-newrole-ensure-password-memory-erasure.patch b/backport-newrole-ensure-password-memory-erasure.patch new file mode 100644 index 0000000000000000000000000000000000000000..2536e6bd30f979eebf95de027723965d23744b8f --- /dev/null +++ b/backport-newrole-ensure-password-memory-erasure.patch @@ -0,0 +1,63 @@ +From c71d14e824e965e42493f5275d90272ab0c6825c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 22 Feb 2022 14:51:43 +0100 +Subject: [PATCH] newrole: ensure password memory erasure +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Compiler can optimize calls to memset(3), due to the as-if rule, away if +the object is not accessed later on. Use a wrapper using volatile +pointers to ensure the memory is guaranteed to be erased. Also erase +the encrypted password. + +Signed-off-by: Christian Göttsche +--- + policycoreutils/newrole/newrole.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c +index 781f99b63..ae37d7253 100644 +--- a/policycoreutils/newrole/newrole.c ++++ b/policycoreutils/newrole/newrole.c +@@ -333,6 +333,14 @@ static int read_pam_config(void) + + #define PASSWORD_PROMPT _("Password:") /* prompt for getpass() */ + ++static void memzero(void *ptr, size_t size) ++{ ++ volatile unsigned char * volatile p = ptr; ++ while (size--) { ++ *p++ = '\0'; ++ } ++} ++ + /* authenticate_via_shadow_passwd() + * + * in: uname - the calling user's user name +@@ -351,6 +359,7 @@ static int authenticate_via_shadow_passwd(const char *uname) + struct spwd *p_shadow_line; + char *unencrypted_password_s; + char *encrypted_password_s; ++ int ret; + + setspent(); + p_shadow_line = getspnam(uname); +@@ -371,12 +380,15 @@ static int authenticate_via_shadow_passwd(const char *uname) + errno = 0; + encrypted_password_s = crypt(unencrypted_password_s, + p_shadow_line->sp_pwdp); +- memset(unencrypted_password_s, 0, strlen(unencrypted_password_s)); ++ memzero(unencrypted_password_s, strlen(unencrypted_password_s)); + if (errno || !encrypted_password_s) { + fprintf(stderr, _("Cannot encrypt password.\n")); + return 0; + } +- return (!strcmp(encrypted_password_s, p_shadow_line->sp_pwdp)); ++ ++ ret = !strcmp(encrypted_password_s, p_shadow_line->sp_pwdp); ++ memzero(encrypted_password_s, strlen(encrypted_password_s)); ++ return ret; + } + #endif /* if/else USE_PAM */ + diff --git a/backport-policycoreutils-handle-argument-counter-of-zero.patch b/backport-policycoreutils-handle-argument-counter-of-zero.patch new file mode 100644 index 0000000000000000000000000000000000000000..e8be222c96d7d1721a5b2f2aa2436e8b57d2dfdd --- /dev/null +++ b/backport-policycoreutils-handle-argument-counter-of-zero.patch @@ -0,0 +1,73 @@ +From 9229f8b3b7348e4990c8493365d68ff241cfbeb7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Wed, 26 Jan 2022 15:56:45 +0100 +Subject: [PATCH] policycoreutils: handle argument counter of zero +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The number of arguments passed to main(), argc, can be zero if the +pathname passed to execve(2) is NULL, e.g. via: + + execve("/path/to/exe", {NULL}, {NULL}); + +Also avoid NULL pointer dereferences on the argument value. + +Signed-off-by: Christian Göttsche +--- + policycoreutils/run_init/open_init_pty.c | 2 +- + policycoreutils/secon/secon.c | 3 +++ + policycoreutils/setfiles/setfiles.c | 6 +++++- + 3 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/policycoreutils/run_init/open_init_pty.c b/policycoreutils/run_init/open_init_pty.c +index 150cb45ee..19101c506 100644 +--- a/policycoreutils/run_init/open_init_pty.c ++++ b/policycoreutils/run_init/open_init_pty.c +@@ -244,7 +244,7 @@ int main(int argc, char *argv[]) + rb_init(&inbuf, inbuf_mem, sizeof(inbuf_mem)); + rb_init(&outbuf, outbuf_mem, sizeof(outbuf_mem)); + +- if (argc == 1) { ++ if (argc < 2) { + printf("usage: %s PROGRAM [ARGS]...\n", argv[0]); + exit(1); + } +diff --git a/policycoreutils/secon/secon.c b/policycoreutils/secon/secon.c +index a0957d091..d624fa136 100644 +--- a/policycoreutils/secon/secon.c ++++ b/policycoreutils/secon/secon.c +@@ -333,6 +333,9 @@ static void cmd_line(int argc, char *argv[]) + opts->from_type = OPTS_FROM_CUR; + + if (opts->from_type == OPTS_FROM_ARG) { ++ if (!argv[0]) ++ errx(EXIT_FAILURE, "No argument given"); ++ + opts->f.arg = argv[0]; + + if (xstreq(argv[0], "-")) +diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c +index 44cab46d0..ab7016aca 100644 +--- a/policycoreutils/setfiles/setfiles.c ++++ b/policycoreutils/setfiles/setfiles.c +@@ -163,6 +163,10 @@ int main(int argc, char **argv) + policyfile = NULL; + + r_opts.abort_on_error = 0; ++ if (!argv[0]) { ++ fprintf(stderr, "Called without required program name!\n"); ++ exit(-1); ++ } + r_opts.progname = strdup(argv[0]); + if (!r_opts.progname) { + fprintf(stderr, "%s: Out of memory!\n", argv[0]); +@@ -423,7 +427,7 @@ int main(int argc, char **argv) + + altpath = argv[optind]; + optind++; +- } else if (argc == 1) ++ } else if (argc < 2) + usage(argv[0]); + + /* Set selabel_open options. */ diff --git a/backport-python-Split-semanage-import-into-two-transactions.patch b/backport-python-Split-semanage-import-into-two-transactions.patch new file mode 100644 index 0000000000000000000000000000000000000000..8f1a1acd598e70b8d3a10324c8453abee1006ad2 --- /dev/null +++ b/backport-python-Split-semanage-import-into-two-transactions.patch @@ -0,0 +1,63 @@ +From abaf812c3877f6b595eb8643582eacef2dd4df3f Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Mon, 30 May 2022 14:20:21 +0200 +Subject: [PATCH] python: Split "semanage import" into two transactions + +First transaction applies all deletion operations, so that there are no +collisions when applying the rest of the changes. + +Fixes: + # semanage port -a -t http_cache_port_t -r s0 -p tcp 3024 + # semanage export | semanage import + ValueError: Port tcp/3024 already defined + +Signed-off-by: Vit Mojzis +--- + python/semanage/semanage | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/python/semanage/semanage b/python/semanage/semanage +index 8f4e44a7..1d828128 100644 +--- a/python/semanage/semanage ++++ b/python/semanage/semanage +@@ -852,10 +852,29 @@ def handleImport(args): + trans = seobject.semanageRecords(args) + trans.start() + ++ deleteCommands = [] ++ commands = [] ++ # separate commands for deletion from the rest so they can be ++ # applied in a separate transaction + for l in sys.stdin.readlines(): + if len(l.strip()) == 0: + continue ++ if "-d" in l or "-D" in l: ++ deleteCommands.append(l) ++ else: ++ commands.append(l) ++ ++ if deleteCommands: ++ importHelper(deleteCommands) ++ trans.finish() ++ trans.start() ++ ++ importHelper(commands) ++ trans.finish() + ++ ++def importHelper(commands): ++ for l in commands: + try: + commandParser = createCommandParser() + args = commandParser.parse_args(mkargv(l)) +@@ -869,8 +888,6 @@ def handleImport(args): + except KeyboardInterrupt: + sys.exit(0) + +- trans.finish() +- + + def setupImportParser(subparsers): + importParser = subparsers.add_parser('import', help=_('Import local customizations')) +-- +2.23.0 diff --git a/backport-python-audit2allow-close-file-stream-on-error.patch b/backport-python-audit2allow-close-file-stream-on-error.patch new file mode 100644 index 0000000000000000000000000000000000000000..0909a903a04c723748a8fd72188799991eb034e9 --- /dev/null +++ b/backport-python-audit2allow-close-file-stream-on-error.patch @@ -0,0 +1,48 @@ +From c14a86af9a2304175e54897634f808b42345325b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Fri, 20 May 2022 14:51:07 +0200 +Subject: [PATCH] python/audit2allow: close file stream on error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + sepolgen-ifgen-attr-helper.c: In function ‘load_policy’: + sepolgen-ifgen-attr-helper.c:196:17: warning: leak of FILE ‘fp’ [CWE-775] [-Wanalyzer-file-leak] + 196 | fprintf(stderr, "Out of memory!\n"); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Signed-off-by: Christian Göttsche +Acked-by: James Carter +--- + python/audit2allow/sepolgen-ifgen-attr-helper.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/python/audit2allow/sepolgen-ifgen-attr-helper.c b/python/audit2allow/sepolgen-ifgen-attr-helper.c +index 6f3ba962..5e6cffc1 100644 +--- a/python/audit2allow/sepolgen-ifgen-attr-helper.c ++++ b/python/audit2allow/sepolgen-ifgen-attr-helper.c +@@ -194,12 +194,14 @@ static policydb_t *load_policy(const char *filename) + policydb = malloc(sizeof(policydb_t)); + if (policydb == NULL) { + fprintf(stderr, "Out of memory!\n"); ++ fclose(fp); + return NULL; + } + + if (policydb_init(policydb)) { + fprintf(stderr, "Out of memory!\n"); + free(policydb); ++ fclose(fp); + return NULL; + } + +@@ -208,6 +210,7 @@ static policydb_t *load_policy(const char *filename) + fprintf(stderr, + "error(s) encountered while parsing configuration\n"); + free(policydb); ++ fclose(fp); + return NULL; + } + +-- +2.23.0 \ No newline at end of file diff --git a/backport-semodule_package-Close-leaking-fd.patch b/backport-semodule_package-Close-leaking-fd.patch new file mode 100644 index 0000000000000000000000000000000000000000..586ac6b662930a0c727f7b32efbbfe59eca42ce3 --- /dev/null +++ b/backport-semodule_package-Close-leaking-fd.patch @@ -0,0 +1,24 @@ +From ac16531b5ab6c40bdf5eae91c8cf7ae25355d61a Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Fri, 1 Apr 2022 15:35:48 +0200 +Subject: [PATCH] semodule_package: Close leaking fd + +Signed-off-by: Petr Lautrbach +--- + semodule-utils/semodule_package/semodule_package.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/semodule-utils/semodule_package/semodule_package.c b/semodule-utils/semodule_package/semodule_package.c +index 3515234e..bc8584b5 100644 +--- a/semodule-utils/semodule_package/semodule_package.c ++++ b/semodule-utils/semodule_package/semodule_package.c +@@ -73,6 +73,7 @@ static int file_to_data(const char *path, char **data, size_t * len) + goto err; + } + if (!sb.st_size) { ++ close(fd); + *len = 0; + return 0; + } +-- +2.23.0 diff --git a/bcakport-python-Split-semanage-import-into-two-transactions.patch b/bcakport-python-Split-semanage-import-into-two-transactions.patch new file mode 100644 index 0000000000000000000000000000000000000000..79c3155e02e2969aa41adfa5b3ee4f2483cdaa1e --- /dev/null +++ b/bcakport-python-Split-semanage-import-into-two-transactions.patch @@ -0,0 +1,63 @@ +From abaf812c3877f6b595eb8643582eacef2dd4df3f Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Mon, 30 May 2022 14:20:21 +0200 +Subject: [PATCH] python: Split "semanage import" into two transactions + +First transaction applies all deletion operations, so that there are no +collisions when applying the rest of the changes. + +Fixes: + # semanage port -a -t http_cache_port_t -r s0 -p tcp 3024 + # semanage export | semanage import + ValueError: Port tcp/3024 already defined + +Signed-off-by: Vit Mojzis +--- + python/semanage/semanage | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/python/semanage/semanage b/python/semanage/semanage +index 8f4e44a7..1d828128 100644 +--- a/python/semanage/semanage ++++ b/python/semanage/semanage +@@ -852,10 +852,29 @@ def handleImport(args): + trans = seobject.semanageRecords(args) + trans.start() + ++ deleteCommands = [] ++ commands = [] ++ # separate commands for deletion from the rest so they can be ++ # applied in a separate transaction + for l in sys.stdin.readlines(): + if len(l.strip()) == 0: + continue ++ if "-d" in l or "-D" in l: ++ deleteCommands.append(l) ++ else: ++ commands.append(l) ++ ++ if deleteCommands: ++ importHelper(deleteCommands) ++ trans.finish() ++ trans.start() ++ ++ importHelper(commands) ++ trans.finish() + ++ ++def importHelper(commands): ++ for l in commands: + try: + commandParser = createCommandParser() + args = commandParser.parse_args(mkargv(l)) +@@ -869,8 +888,6 @@ def handleImport(args): + except KeyboardInterrupt: + sys.exit(0) + +- trans.finish() +- + + def setupImportParser(subparsers): + importParser = subparsers.add_parser('import', help=_('Import local customizations')) +-- +2.23.0 diff --git a/policycoreutils.spec b/policycoreutils.spec index 8156c58d203b89e395547243c49eda3c64da749f..41263428af916caaf6f848554772b78c2a890023 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -3,7 +3,7 @@ Name: policycoreutils Version: 3.3 -Release: 2 +Release: 3 Summary: Policy core utilities of selinux License: GPLv2 URL: https://github.com/SELinuxProject @@ -16,6 +16,11 @@ Source11: selinux-autorelabel-generator.sh Patch0: fix-fixfiles-N-date-function.patch Patch1: fix-fixfiles-N-date-function-two.patch +Patch2: backport-newrole-check-for-crypt-3-failure.patch +Patch3: backport-newrole-ensure-password-memory-erasure.patch +Patch4: backport-semodule_package-Close-leaking-fd.patch +Patch5: backport-python-Split-semanage-import-into-two-transactions.patch +Patch6: backport-python-audit2allow-close-file-stream-on-error.patch BuildRequires: gcc BuildRequires: pam-devel libsepol-static >= 3.3 libsemanage-static >= 3.3 libselinux-devel >= 3.3 libcap-devel audit-libs-devel gettext @@ -256,6 +261,9 @@ find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \ %{_mandir}/* %changelog +* Tue Nov 15 2022 shenxiangwei - 3.3-3 +- backport patches from upstream + * Thu Jun 30 2022 lujie - 3.3-2 - update policycoreutils tar.gz