pool/libselinux
SHA256
2
0
Fork 3
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1186963 from security:SELinux

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1186963
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libselinux?expand=0&rev=79
This commit is contained in:
Ana Guerrero 2024-07-12 15:04:25 +00:00 committed by Git OBS Bridge
commit 4e7716053c
9 changed files with 127 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libselinux-3.6.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ba4e0ef34b270e7672a5e5f1b523fe2beab3a40bb33d9389f4ad3a8728f21b52
size 194210

16
libselinux-3.6.tar.gz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAIACgkQRpWIHCVF
CNEkQw/9Go6DkB41CAdTC/DV30zM4fUT18aQR9GzbI2TWNv0akNpu6RSyGY0zW5c
8xouAroaPovAMyZ4blIxxO3lOobuAl/wNgx47U0NMVMafFciHJXs/jBpfJkhOxiC
fywHmXlY1k+zKfyMuOOWisNv5dbw/ldJWnY+PdGN6POgvriR0/AHTjYmsk76s0PF
vpI8/ZNNqiSb+UyMVWO9ffZSJO2OufLajwIeg+RoNPXhaUZvYQzRCIJm0VwK5XTq
fBdNFNDEA8TapmGQO8UBJpZXCodXvYzUxwFCoa7255cBRnvQJPSrCCZLbCnMjV+j
0VhhhcFbhVytUYHTV67WvTbs7uqrmb1HUHUT6TuCGhUnZ36g2OYNMXwqi41zzHIf
9e1ok0rGfCjRb/fJrgEsHRaWo8HT6/jIVdtib13/jzpZttX5sgGv7WoeZcj1413r
cJmihECqxPV1+wWghnQEnGcE2XspXTueL4mzV7MqJDu8lu3itOdFxpOz4aMw4HbD
sd7Ew8zEQcyAStH9Obx9p/ri73iR9+lQgxszqAm24jemrC4FBwlhbb43RqulCafb
ieeH+1c9F8mc+R6BKvcE76Luiycy7Hm5ASUKANMWwxe6/hv1q9p3l4wKXWlkZXj7
3kBhKP+Rua+be4g1TScIUwGscpVogSN2e3AqBb7dgHt3b6Ik3U4=
=OnpU
-----END PGP SIGNATURE-----

3
libselinux-3.7.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ea03f42d13a4f95757997dba8cf0b26321fac5d2f164418b4cc856a92d2b17bd
size 194834

16
libselinux-3.7.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeAACgkQRpWIHCVF
CNF3fA//Ypv/FVd6BDBmpZkWqui1kHUFv+TSKGfuObrOPfX8RXVnO4GWUKjnwJZF
u5FWu5lXZGPFGLKyZJD+OPAGofC5GGApr175eBlxqokhfj7UfZMrdK8ARUgQTuIE
QEh4LGR/7gzpc/HY8YL7rbzeAlXsFtuZoSlUfmyNs2tmXiOJ9dBQVxic91Q282Lr
Y2CLv1fAlOUT3h7fw3+YfBGALdn3CMrOJvr1npEcfnXHxAN/w4OKNAKQIcoAjZCw
w4EGA1FyvaT+hSOQZDzMBpYheSXCBxPg4OEIWNxge6jP/+J/mHqx1QHrDERa9vwA
Qpd01uI5C7LthMNc2INy1m5jrSBL7/5yjboj8O+53JSDLRH/8j2ykMXBvvje5y+Z
8optL/C7VEawaRWGVm4TCwm6adF28T2NoGWYnNymVLWc7oe/p7QpYxtNMDieeVAy
bnl9OX8S1VoDo4momyG9Ya4d9fAKCvaN+LIPeyYB6qqrmMCAzAU3J25vzLElXA+1
fNhFrQFuKt455OFy8LB94abWuwBTa/f+HkU6++6Ksr5B1ZBKsluCYVWONUHMLwDF
ZN6SHwBq37v3sz+4i+Cy0K0uYA6DQanB8yQYC98rwUtatqaTajIUCKyxJO3GIX4R
lBPwCC2/T1jOTG8u8jT5KcWFtETbjfSCePjdnhi67totbc1kST8=
=eK5w
-----END PGP SIGNATURE-----

22
libselinux-bindings.changes
View File

@ -1,3 +1,25 @@
-------------------------------------------------------------------
Mon Jul 1 07:53:14 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.7
https://github.com/SELinuxProject/selinux/releases/tag/3.7
* User-visible changes
* libselinux/utils/selabel_digest: drop unsupported option -d
* libselinux/utils: improve compute_av output
* libselinux: fail selabel_open(3) on invalid option
* Improved man pages
* Improvements
* libselinux, libsepol: Add CFLAGS and LDFLAGS to Makefile checks
* libselinux: enable usage with pedantic UB sanitizers
* libselinux: support huge passwd/group entries
* Bugfixes:
* libselinux/utils/selabel_digest: avoid buffer overflow
* libselinux: avoid pointer dereference before check
* libselinux/utils/selabel_digest: pass BASEONLY only for file backend
* libselinux: free empty scandir(3) result
* libselinux: free data on selabel open failure
* libselinux: use reentrant strtok_r(3)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 3 09:36:44 UTC 2024 - Ben Greiner <code@bnavigator.de> Wed Jan 3 09:36:44 UTC 2024 - Ben Greiner <code@bnavigator.de>

6
libselinux-bindings.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package libselinux-bindings # spec file for package libselinux-bindings
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -18,10 +18,10 @@
%{?sle15allpythons} %{?sle15allpythons}
%define python_subpackage_only 1 %define python_subpackage_only 1
%define libsepol_ver 3.6 %define libsepol_ver 3.7
%define upname libselinux %define upname libselinux
Name: libselinux-bindings Name: libselinux-bindings
Version: 3.6 Version: 3.7
Release: 0 Release: 0
Summary: SELinux runtime library and utilities Summary: SELinux runtime library and utilities
License: SUSE-Public-Domain License: SUSE-Public-Domain

48
libselinux-set-free-d-data-to-NULL.patch Normal file
View File

@ -0,0 +1,48 @@
Index: libselinux-3.7/src/label_backends_android.c
===================================================================
--- libselinux-3.7.orig/src/label_backends_android.c
+++ libselinux-3.7/src/label_backends_android.c
@@ -260,6 +260,7 @@ static void closef(struct selabel_handle
free(data->spec_arr);
free(data);
+ rec->data = NULL;
}
static struct selabel_lookup_rec *property_lookup(struct selabel_handle *rec,
Index: libselinux-3.7/src/label_file.c
===================================================================
--- libselinux-3.7.orig/src/label_file.c
+++ libselinux-3.7/src/label_file.c
@@ -942,6 +942,7 @@ static void closef(struct selabel_handle
free(last_area);
}
free(data);
+ rec->data = NULL;
}
// Finds all the matches of |key| in the given context. Returns the result in
Index: libselinux-3.7/src/label_media.c
===================================================================
--- libselinux-3.7.orig/src/label_media.c
+++ libselinux-3.7/src/label_media.c
@@ -183,6 +183,7 @@ static void close(struct selabel_handle
free(spec_arr);
free(data);
+ rec->data = NULL;
}
static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
Index: libselinux-3.7/src/label_x.c
===================================================================
--- libselinux-3.7.orig/src/label_x.c
+++ libselinux-3.7/src/label_x.c
@@ -210,6 +210,7 @@ static void close(struct selabel_handle
free(spec_arr);
free(data);
+ rec->data = NULL;
}
static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,

29
libselinux.changes
View File

@ -1,3 +1,32 @@
-------------------------------------------------------------------
Thu Jul 11 19:47:41 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Fix segfault caused by upstream changes in selabel_open():
libselinux-set-free-d-data-to-NULL.patch
Can be removed once it is upstream.
-------------------------------------------------------------------
Mon Jul 1 07:53:14 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.7
https://github.com/SELinuxProject/selinux/releases/tag/3.7
* User-visible changes
* libselinux/utils/selabel_digest: drop unsupported option -d
* libselinux/utils: improve compute_av output
* libselinux: fail selabel_open(3) on invalid option
* Improved man pages
* Improvements
* libselinux, libsepol: Add CFLAGS and LDFLAGS to Makefile checks
* libselinux: enable usage with pedantic UB sanitizers
* libselinux: support huge passwd/group entries
* Bugfixes:
* libselinux/utils/selabel_digest: avoid buffer overflow
* libselinux: avoid pointer dereference before check
* libselinux/utils/selabel_digest: pass BASEONLY only for file backend
* libselinux: free empty scandir(3) result
* libselinux: free data on selabel open failure
* libselinux: use reentrant strtok_r(3)
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Dec 19 11:04:55 UTC 2023 - Cathy Hu <cathy.hu@suse.com> Tue Dec 19 11:04:55 UTC 2023 - Cathy Hu <cathy.hu@suse.com>

9
libselinux.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package libselinux # spec file for package libselinux
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -16,9 +16,9 @@
# #
%define libsepol_ver 3.6 %define libsepol_ver 3.7
Name: libselinux Name: libselinux
Version: 3.6 Version: 3.7
Release: 0 Release: 0
Summary: SELinux runtime library and utilities Summary: SELinux runtime library and utilities
License: SUSE-Public-Domain License: SUSE-Public-Domain
@ -36,6 +36,9 @@ Patch5: skip_cycles.patch
# Make linking working even when default pkg-config doesnt provide -lpython<ver> # Make linking working even when default pkg-config doesnt provide -lpython<ver>
Patch6: python3.8-compat.patch Patch6: python3.8-compat.patch
Patch7: swig4_moduleimport.patch Patch7: swig4_moduleimport.patch
# Fixes segfault in 3.7, please remove once this is upstream:
# https://lore.kernel.org/selinux/CAP+JOzQCu0srfss921Ew42oHxsaqRYGiTs56_h9j2Yfw0cYGjg@mail.gmail.com/T/#t
Patch8: libselinux-set-free-d-data-to-NULL.patch
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: libsepol-devel >= %{libsepol_ver} BuildRequires: libsepol-devel >= %{libsepol_ver}
BuildRequires: libsepol-devel-static >= %{libsepol_ver} BuildRequires: libsepol-devel-static >= %{libsepol_ver}