Accepting request 781812 from security:SELinux

OBS-URL: https://build.opensuse.org/request/show/781812 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/restorecond?expand=0&rev=5
2020-03-11 17:31:20 +00:00 · 2020-03-11 17:31:20 +00:00 · fe8e6dc4c0
commit fe8e6dc4c0
parent 18bfbcb89b f649889ef9
5 changed files with 16 additions and 119 deletions
--- a/r_opts_global.patch
+++ b/r_opts_global.patch
@ -1,109 +0,0 @@
-commit ad2208ec220f55877a4d31084be2b4d6413ee082
-Author: Baichuan Kong <kongbaichuan@huawei.com>
-Date:   Thu Nov 14 10:48:07 2019 +0800
-
-    restorecond: Fix redundant console log output error
-    
-    When starting restorecond without any option the following redundant
-    console log is outputed:
-    
-    /dev/log 100.0%
-    /var/volatile/run/syslogd.pid 100.0%
-    ...
-    
-    This is caused by two global variables of same name r_opts. When
-    executes r_opts = opts in restore_init(), it originally intends
-    to assign the address of struct r_opts in "restorecond.c" to the
-    pointer *r_opts in "restore.c".
-    
-    However, the address is assigned to the struct r_opts and covers
-    the value of low eight bytes in it. That causes unexpected value
-    of member varibale 'nochange' and 'verbose' in struct r_opts, thus
-    affects value of 'restorecon_flags' and executes unexpected operations
-    when restorecon the files such as the redundant console log output or
-    file label nochange.
-    
-    Cause restorecond/restore.c is copied from policycoreutils/setfiles,
-    which share the same pattern. It also has potential risk to generate
-    same problems, So fix it in case.
-    
-    Signed-off-by: Baichuan Kong <kongbaichuan@huawei.com>
-
-diff --git a/restorecond/restore.c b/restorecond/restore.c
-index f6e30001..b93b5fdb 100644
--- a/restorecond/restore.c
-+++ b/restorecond/restore.c
-@@ -12,39 +12,36 @@
- char **exclude_list;
- int exclude_count;
- 
-struct restore_opts *r_opts;
-
- void restore_init(struct restore_opts *opts)
- {
- 	int rc;
- 
-	r_opts = opts;
- 	struct selinux_opt selinux_opts[] = {
-		{ SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
-		{ SELABEL_OPT_PATH, r_opts->selabel_opt_path },
-		{ SELABEL_OPT_DIGEST, r_opts->selabel_opt_digest }
-+		{ SELABEL_OPT_VALIDATE, opts->selabel_opt_validate },
-+		{ SELABEL_OPT_PATH, opts->selabel_opt_path },
-+		{ SELABEL_OPT_DIGEST, opts->selabel_opt_digest }
- 	};
- 
-	r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
-	if (!r_opts->hnd) {
-		perror(r_opts->selabel_opt_path);
-+	opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
-+	if (!opts->hnd) {
-+		perror(opts->selabel_opt_path);
- 		exit(1);
- 	}
- 
-	r_opts->restorecon_flags = 0;
-	r_opts->restorecon_flags = r_opts->nochange | r_opts->verbose |
-			   r_opts->progress | r_opts->set_specctx  |
-			   r_opts->add_assoc | r_opts->ignore_digest |
-			   r_opts->recurse | r_opts->userealpath |
-			   r_opts->xdev | r_opts->abort_on_error |
-			   r_opts->syslog_changes | r_opts->log_matches |
-			   r_opts->ignore_noent | r_opts->ignore_mounts;
-+	opts->restorecon_flags = 0;
-+	opts->restorecon_flags = opts->nochange | opts->verbose |
-+			   opts->progress | opts->set_specctx  |
-+			   opts->add_assoc | opts->ignore_digest |
-+			   opts->recurse | opts->userealpath |
-+			   opts->xdev | opts->abort_on_error |
-+			   opts->syslog_changes | opts->log_matches |
-+			   opts->ignore_noent | opts->ignore_mounts;
- 
- 	/* Use setfiles, restorecon and restorecond own handles */
-	selinux_restorecon_set_sehandle(r_opts->hnd);
-+	selinux_restorecon_set_sehandle(opts->hnd);
- 
-	if (r_opts->rootpath) {
-		rc = selinux_restorecon_set_alt_rootpath(r_opts->rootpath);
-+	if (opts->rootpath) {
-+		rc = selinux_restorecon_set_alt_rootpath(opts->rootpath);
- 		if (rc) {
- 			fprintf(stderr,
- 				"selinux_restorecon_set_alt_rootpath error: %s.\n",
-@@ -75,7 +72,6 @@ int process_glob(char *name, struct restore_opts *opts)
- 	size_t i = 0;
- 	int len, rc, errors;
- 
-	r_opts = opts;
- 	memset(&globbuf, 0, sizeof(globbuf));
- 
- 	errors = glob(name, GLOB_TILDE | GLOB_PERIOD |
-@@ -90,7 +86,7 @@ int process_glob(char *name, struct restore_opts *opts)
- 		if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
- 			continue;
- 		rc = selinux_restorecon(globbuf.gl_pathv[i],
-					r_opts->restorecon_flags);
-+					opts->restorecon_flags);
- 		if (rc < 0)
- 			errors = rc;
- 	}
--- a/restorecond-2.9.tar.gz
+++ b/restorecond-2.9.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:cbf9820583e641ee0462fa7bc89e6024676af281e025703e17b2d019b1a25a4f
-size 18893
--- a/restorecond-3.0.tar.gz
+++ b/restorecond-3.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:32a92c9f4bf48c613f9f467ced58d8c369eec8892239cd44d5d0e139b41926dc
+size 18797
--- a/restorecond.changes
+++ b/restorecond.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Tue Mar  3 12:28:15 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
+
+- Update to version 3.0
+  * Do not link against libpcre
+  * Fix redundant console log output error
+  * Use /run instead of /var/run
+  Dropped r_opts_global.patch
+
 -------------------------------------------------------------------
 Wed Jan 15 10:11:33 UTC 2020 - Johannes Segitz <jsegitz@suse.de>

--- a/restorecond.spec
+++ b/restorecond.spec
@ -1,7 +1,7 @@
 #
 # spec file for package restorecond
 #
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,17 +16,15 @@
 #


-%define libselinux_ver   2.9
+%define libselinux_ver   3.0
 Name:           restorecond
-Version:        2.9
+Version:        3.0
 Release:        0
 Summary:        Daemon to restore SELinux contexts
 License:        GPL-2.0-or-later
 Group:          Productivity/Security
 URL:            https://github.com/SELinuxProject/selinux.git
-Source0:        https://github.com/SELinuxProject/selinux/releases/download/20190315/restorecond-%{version}.tar.gz
-# can be dropped with 3.0
-Patch0:         r_opts_global.patch
+Source0:        https://github.com/SELinuxProject/selinux/releases/download/20191204/restorecond-%{version}.tar.gz
 BuildRequires:  dbus-1-glib-devel
 BuildRequires:  libselinux-devel >= %{libselinux_ver}
 Requires:       libselinux1 >= %{libselinux_ver}
@ -37,7 +35,6 @@ Daemon that watches for file creation and then sets the default SELinux file con

 %prep
 %setup -q
-%patch0 -p2

 %build
 export CFLAGS="%optflags"