From ffb6e1f5a9ed8bff4e457c91e73fea710a713164 Mon Sep 17 00:00:00 2001 From: zhangruifang2020 Date: Wed, 31 Jan 2024 11:11:04 +0800 Subject: [PATCH] backport patches from upstream (cherry picked from commit 1003b6b593eac63d4bea5e6ffa36032c8666f601) --- ...rt-newrole-silence-compiler-warnings.patch | 156 ++++++++++++++++++ ...wrole-use-DJB2a-string-hash-function.patch | 53 ++++++ ...den-more-tools-against-rogue-modules.patch | 98 +++++++++++ policycoreutils.spec | 8 +- 4 files changed, 314 insertions(+), 1 deletion(-) create mode 100644 backport-newrole-silence-compiler-warnings.patch create mode 100644 backport-newrole-use-DJB2a-string-hash-function.patch create mode 100644 backport-python-Harden-more-tools-against-rogue-modules.patch diff --git a/backport-newrole-silence-compiler-warnings.patch b/backport-newrole-silence-compiler-warnings.patch new file mode 100644 index 0000000..1959c6a --- /dev/null +++ b/backport-newrole-silence-compiler-warnings.patch @@ -0,0 +1,156 @@ +From 29e167a448eff9aaee13d3c51c56641959d4ca7f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 22 Feb 2022 14:51:41 +0100 +Subject: [PATCH] newrole: silence compiler warnings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + newrole.c:636:12: warning: function declaration isn’t a prototype [-Wstrict-prototypes] + 636 | static int transition_to_caller_uid() + | ^~~~~~~~~~~~~~~~~~~~~~~~ + + newrole.c:103:9: warning: macro is not used [-Wunused-macros] + #define DEFAULT_CONTEXT_SIZE 255 /* first guess at context size */ + ^ + + newrole.c:862:4: warning: 'break' will never be executed [-Wunreachable-code-break] + break; + ^~~~~ + + newrole.c:168:13: warning: no previous extern declaration for non-static variable 'service_name' [-Wmissing-variable-declarations] + const char *service_name = "newrole"; + ^ + + hashtab.c:53:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion] + hvalue = h->hash_value(h, key); + ~ ^~~~~~~~~~~~~~~~~~~~~ + hashtab.c:92:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion] + hvalue = h->hash_value(h, key); + ~ ^~~~~~~~~~~~~~~~~~~~~ + hashtab.c:124:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion] + hvalue = h->hash_value(h, key); + ~ ^~~~~~~~~~~~~~~~~~~~~ + hashtab.c:172:10: warning: implicit conversion changes signedness: 'int' to 'unsigned int' [-Wsign-conversion] + ret = apply(cur->key, cur->datum, args); + ~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + hashtab.c:174:12: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion] + return ret; + ~~~~~~ ^~~ + +Signed-off-by: Christian Göttsche +--- + policycoreutils/newrole/hashtab.c | 9 +++++---- + policycoreutils/newrole/newrole.c | 15 ++++++--------- + 2 files changed, 11 insertions(+), 13 deletions(-) + +diff --git a/policycoreutils/newrole/hashtab.c b/policycoreutils/newrole/hashtab.c +index bc502836..26d4f4c7 100644 +--- a/policycoreutils/newrole/hashtab.c ++++ b/policycoreutils/newrole/hashtab.c +@@ -44,7 +44,7 @@ hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h, + + int hashtab_insert(hashtab_t h, hashtab_key_t key, hashtab_datum_t datum) + { +- int hvalue; ++ unsigned int hvalue; + hashtab_ptr_t prev, cur, newnode; + + if (!h) +@@ -83,7 +83,7 @@ int hashtab_remove(hashtab_t h, hashtab_key_t key, + void (*destroy) (hashtab_key_t k, + hashtab_datum_t d, void *args), void *args) + { +- int hvalue; ++ unsigned int hvalue; + hashtab_ptr_t cur, last; + + if (!h) +@@ -115,7 +115,7 @@ int hashtab_remove(hashtab_t h, hashtab_key_t key, + hashtab_datum_t hashtab_search(hashtab_t h, const_hashtab_key_t key) + { + +- int hvalue; ++ unsigned int hvalue; + hashtab_ptr_t cur; + + if (!h) +@@ -160,8 +160,9 @@ int hashtab_map(hashtab_t h, + int (*apply) (hashtab_key_t k, + hashtab_datum_t d, void *args), void *args) + { +- unsigned int i, ret; ++ unsigned int i; + hashtab_ptr_t cur; ++ int ret; + + if (!h) + return HASHTAB_SUCCESS; +diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c +index 9d68b6ab..c9989863 100644 +--- a/policycoreutils/newrole/newrole.c ++++ b/policycoreutils/newrole/newrole.c +@@ -100,7 +100,6 @@ + #endif + + #define DEFAULT_PATH "/usr/bin:/bin" +-#define DEFAULT_CONTEXT_SIZE 255 /* first guess at context size */ + + extern char **environ; + +@@ -115,7 +114,7 @@ extern char **environ; + * + * Returns malloc'd memory + */ +-static char *build_new_range(char *newlevel, const char *range) ++static char *build_new_range(const char *newlevel, const char *range) + { + char *newrangep = NULL; + const char *tmpptr; +@@ -166,7 +165,7 @@ static char *build_new_range(char *newlevel, const char *range) + #include /* for PAM functions */ + #include /* for misc_conv PAM utility function */ + +-const char *service_name = "newrole"; ++static const char *service_name = "newrole"; + + /* authenticate_via_pam() + * +@@ -230,14 +229,13 @@ static int free_hashtab_entry(hashtab_key_t key, hashtab_datum_t d, + + static unsigned int reqsymhash(hashtab_t h, const_hashtab_key_t key) + { +- char *p, *keyp; ++ const char *p; + size_t size; + unsigned int val; + + val = 0; +- keyp = (char *)key; +- size = strlen(keyp); +- for (p = keyp; ((size_t) (p - keyp)) < size; p++) ++ size = strlen(key); ++ for (p = key; ((size_t) (p - key)) < size; p++) + val = + (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p); + return val & (h->size - 1); +@@ -623,7 +621,7 @@ static inline int drop_capabilities(__attribute__ ((__unused__)) int full) + * This function will set the uid values to be that of caller's uid, and + * will drop any privilege which may have been raised. + */ +-static int transition_to_caller_uid() ++static int transition_to_caller_uid(void) + { + uid_t uid = getuid(); + +@@ -850,7 +848,6 @@ static int parse_command_line_arguments(int argc, char **argv, char *ttyn, + case 'V': + printf("newrole: %s version %s\n", PACKAGE, VERSION); + exit(0); +- break; + case 'p': + *preserve_environment = 1; + break; +-- +2.33.0 + diff --git a/backport-newrole-use-DJB2a-string-hash-function.patch b/backport-newrole-use-DJB2a-string-hash-function.patch new file mode 100644 index 0000000..de9bff1 --- /dev/null +++ b/backport-newrole-use-DJB2a-string-hash-function.patch @@ -0,0 +1,53 @@ +From 3089f1f2fd92684372e8141f1f5dbfd97b859983 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Wed, 16 Aug 2023 14:38:45 +0200 +Subject: [PATCH] newrole: use DJB2a string hash function +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The hash table implementation uses `& (h->size - 1)` to truncate +generated hashes to the number of buckets. This operation is equal to +`% h->size` if and only if the size is a power of two (which seems to be +always the case). One property of the binary and with a power of two +(and probably a small one <=2048) is all higher bits are discarded. +Thus a hash function is needed with a good avalanche effect, which the +current one is not. + +Signed-off-by: Christian Göttsche +Acked-by: James Carter +--- + policycoreutils/newrole/newrole.c | 17 +++++++---------- + 1 file changed, 7 insertions(+), 10 deletions(-) + +diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c +index d9efa68a..5a1a1129 100644 +--- a/policycoreutils/newrole/newrole.c ++++ b/policycoreutils/newrole/newrole.c +@@ -229,16 +229,13 @@ static int free_hashtab_entry(hashtab_key_t key, hashtab_datum_t d, + + static unsigned int reqsymhash(hashtab_t h, const_hashtab_key_t key) + { +- const char *p; +- size_t size; +- unsigned int val; +- +- val = 0; +- size = strlen(key); +- for (p = key; ((size_t) (p - key)) < size; p++) +- val = +- (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p); +- return val & (h->size - 1); ++ unsigned int hash = 5381; ++ unsigned char c; ++ ++ while ((c = *(unsigned const char *)key++)) ++ hash = ((hash << 5) + hash) ^ c; ++ ++ return hash & (h->size - 1); + } + + static int reqsymcmp(hashtab_t h +-- +2.33.0 + diff --git a/backport-python-Harden-more-tools-against-rogue-modules.patch b/backport-python-Harden-more-tools-against-rogue-modules.patch new file mode 100644 index 0000000..a97c8f3 --- /dev/null +++ b/backport-python-Harden-more-tools-against-rogue-modules.patch @@ -0,0 +1,98 @@ +From 94389f21022be68cb048b4b76d32c0f2440b15ee Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Wed, 6 Dec 2023 15:31:51 +0100 +Subject: [PATCH] python: Harden more tools against "rogue" modules + +Python scripts present in the same directory as the tool +override regular modules. + +Fixes: + #cat > /usr/bin/signal.py < +Acked-by: James Carter +--- + dbus/selinux_server.py | 2 +- + gui/polgengui.py | 2 +- + gui/system-config-selinux.py | 6 +++--- + sandbox/sandbox | 2 +- + sandbox/start | 2 +- + 5 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py +index a969f226..469c526f 100644 +--- a/dbus/selinux_server.py ++++ b/dbus/selinux_server.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python3 -EsI + + import dbus + import dbus.service +diff --git a/gui/polgengui.py b/gui/polgengui.py +index 16116ba6..9c151a11 100644 +--- a/gui/polgengui.py ++++ b/gui/polgengui.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 -Es ++#!/usr/bin/python3 -EsI + # + # polgengui.py - GUI for SELinux Config tool in system-config-selinux + # +diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py +index 9f53b7fe..0b6ba4b5 100644 +--- a/gui/system-config-selinux.py ++++ b/gui/system-config-selinux.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 -Es ++#!/usr/bin/python3 -EsI + # + # system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux + # +@@ -32,6 +32,8 @@ except RuntimeError as e: + print("This is a graphical application and requires DISPLAY to be set.") + sys.exit(1) + ++sys.path.append('/usr/share/system-config-selinux') ++ + from gi.repository import GObject + import statusPage + import booleansPage +@@ -66,8 +68,6 @@ except: + + version = "1.0" + +-sys.path.append('/usr/share/system-config-selinux') +- + + ## + ## Pull in the Glade file +diff --git a/sandbox/sandbox b/sandbox/sandbox +index a2762a7d..fe631a92 100644 +--- a/sandbox/sandbox ++++ b/sandbox/sandbox +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 -Es ++#!/usr/bin/python3 -EsI + # Authors: Dan Walsh + # Authors: Thomas Liu + # Authors: Josh Cogliati +diff --git a/sandbox/start b/sandbox/start +index 4ed3cb5c..3c1a1783 100644 +--- a/sandbox/start ++++ b/sandbox/start +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 -Es ++#!/usr/bin/python3 -EsI + try: + from subprocess import getstatusoutput + except ImportError: +-- +2.33.0 + diff --git a/policycoreutils.spec b/policycoreutils.spec index 082701e..ad48cda 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -3,7 +3,7 @@ Name: policycoreutils Version: 3.3 -Release: 9 +Release: 10 Summary: Policy core utilities of selinux License: GPLv2 URL: https://github.com/SELinuxProject @@ -34,6 +34,9 @@ Patch6013: backport-python-Use-isinstance-instead-of-type.patch Patch6014: backport-restorecond-compatible-with-the-use-of-EUID.patch Patch6015: backport-sepolicy-manpage.py-make-output-deterministic.patch Patch6016: restorecond-remove-dependency-of-glib2.patch +Patch6017: backport-newrole-silence-compiler-warnings.patch +Patch6018: backport-newrole-use-DJB2a-string-hash-function.patch +Patch6019: backport-python-Harden-more-tools-against-rogue-modules.patch BuildRequires: gcc BuildRequires: pam-devel libsepol-static >= 3.3 libsemanage-static >= 3.3 libselinux-devel >= 3.3 libcap-devel audit-libs-devel gettext @@ -274,6 +277,9 @@ find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \ %{_mandir}/* %changelog +* Wed Jan 31 2024 zhangruifang -3.3-10 +- backport patches from upstream + * Tue Dec 26 2023 wanghuizhao -3.3-9 - submit self-developed patch -- Gitee