diff --git a/CVE-2021-36085.patch b/CVE-2021-36085.patch deleted file mode 100644 index d6b760d..0000000 --- a/CVE-2021-36085.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 2d35fcc7e9e976a2346b1de20e54f8663e8a6cba Mon Sep 17 00:00:00 2001 -From: James Carter -Date: Thu, 8 Apr 2021 13:32:04 -0400 -Subject: [PATCH] libsepol/cil: Destroy classperm list when resetting map perms - -Map perms share the same struct as regular perms, but only the -map perms use the classperms field. This field is a pointer to a -list of classperms that is created and added to when resolving -classmapping rules, so the map permission doesn't own any of the -data in the list and this list should be destroyed when the AST is -reset. - -When resetting a perm, destroy the classperms list without destroying -the data in the list. - -Signed-off-by: James Carter ---- - libsepol/cil/src/cil_reset_ast.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: libsepol/libsepol-3.2/cil/src/cil_reset_ast.c -=================================================================== ---- libsepol.orig/libsepol-3.2/cil/src/cil_reset_ast.c -+++ libsepol/libsepol-3.2/cil/src/cil_reset_ast.c -@@ -36,7 +36,7 @@ static void cil_reset_class(struct cil_c - - static void cil_reset_perm(struct cil_perm *perm) - { -- cil_reset_classperms_list(perm->classperms); -+ cil_list_destroy(&perm->classperms, CIL_FALSE); - } - - static inline void cil_reset_classperms(struct cil_classperms *cp) diff --git a/CVE-2021-36086.patch b/CVE-2021-36086.patch deleted file mode 100644 index e989fea..0000000 --- a/CVE-2021-36086.patch +++ /dev/null @@ -1,39 +0,0 @@ -From c49a8ea09501ad66e799ea41b8154b6770fec2c8 Mon Sep 17 00:00:00 2001 -From: James Carter -Date: Thu, 8 Apr 2021 13:32:06 -0400 -Subject: [PATCH] libsepol/cil: cil_reset_classperms_set() should not reset - classpermission - -In struct cil_classperms_set, the set field is a pointer to a -struct cil_classpermission which is looked up in the symbol table. -Since the cil_classperms_set does not create the cil_classpermission, -it should not reset it. - -Set the set field to NULL instead of resetting the classpermission -that it points to. - -Signed-off-by: James Carter ---- - libsepol/cil/src/cil_reset_ast.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c -index 89f91e56..1d9ca704 100644 ---- a/libsepol/cil/src/cil_reset_ast.c -+++ b/libsepol/cil/src/cil_reset_ast.c -@@ -59,7 +59,11 @@ static void cil_reset_classpermission(struct cil_classpermission *cp) - - static void cil_reset_classperms_set(struct cil_classperms_set *cp_set) - { -- cil_reset_classpermission(cp_set->set); -+ if (cp_set == NULL) { -+ return; -+ } -+ -+ cp_set->set = NULL; - } - - static inline void cil_reset_classperms_list(struct cil_list *cp_list) --- -2.26.2 - diff --git a/CVE-2021-36087.patch b/CVE-2021-36087.patch deleted file mode 100644 index 4211fdf..0000000 --- a/CVE-2021-36087.patch +++ /dev/null @@ -1,83 +0,0 @@ -diff -r -u libsepol-3.2_orig/cil/src/cil_build_ast.c libsepol-3.2/cil/src/cil_build_ast.c ---- libsepol-3.2_orig/cil/src/cil_build_ast.c 2021-07-21 15:15:01.875585374 +0200 -+++ libsepol-3.2/cil/src/cil_build_ast.c 2021-07-21 15:15:10.655704516 +0200 -@@ -50,6 +50,7 @@ - struct cil_tree_node *ast; - struct cil_db *db; - struct cil_tree_node *macro; -+ struct cil_tree_node *optional; - struct cil_tree_node *boolif; - struct cil_tree_node *tunif; - struct cil_tree_node *in; -@@ -6098,6 +6099,7 @@ - struct cil_db *db = NULL; - struct cil_tree_node *ast_node = NULL; - struct cil_tree_node *macro = NULL; -+ struct cil_tree_node *optional = NULL; - struct cil_tree_node *boolif = NULL; - struct cil_tree_node *tunif = NULL; - struct cil_tree_node *in = NULL; -@@ -6143,6 +6145,18 @@ - } - } - -+ if (optional != NULL) { -+ if (parse_current->data == CIL_KEY_TUNABLE || -+ parse_current->data == CIL_KEY_IN || -+ parse_current->data == CIL_KEY_BLOCK || -+ parse_current->data == CIL_KEY_BLOCKABSTRACT || -+ parse_current->data == CIL_KEY_MACRO) { -+ rc = SEPOL_ERR; -+ cil_tree_log(parse_current, CIL_ERR, "%s is not allowed in optionals", (char *)parse_current->data); -+ goto exit; -+ } -+ } -+ - if (boolif != NULL) { - if (parse_current->data != CIL_KEY_CONDTRUE && - parse_current->data != CIL_KEY_CONDFALSE && -@@ -6524,6 +6538,19 @@ - args->macro = NULL; - } - -+ if (ast->flavor == CIL_OPTIONAL) { -+ struct cil_tree_node *n = ast->parent; -+ args->optional = NULL; -+ /* Optionals can be nested */ -+ while (n && n->flavor != CIL_ROOT) { -+ if (n->flavor == CIL_OPTIONAL) { -+ args->optional = n; -+ break; -+ } -+ n = n->parent; -+ } -+ } -+ - if (ast->flavor == CIL_BOOLEANIF) { - args->boolif = NULL; - } -@@ -6561,6 +6588,7 @@ - extra_args.ast = ast; - extra_args.db = db; - extra_args.macro = NULL; -+ extra_args.optional = NULL; - extra_args.boolif = NULL; - extra_args.tunif = NULL; - extra_args.in = NULL; -diff -r -u libsepol-3.2_orig/cil/src/cil_resolve_ast.c libsepol-3.2/cil/src/cil_resolve_ast.c ---- libsepol-3.2_orig/cil/src/cil_resolve_ast.c 2021-07-21 15:15:01.879585428 +0200 -+++ libsepol-3.2/cil/src/cil_resolve_ast.c 2021-07-21 15:15:15.559771063 +0200 -@@ -3788,8 +3788,11 @@ - } - - if (optstack != NULL) { -- if (node->flavor == CIL_TUNABLE || node->flavor == CIL_MACRO) { -- /* tuanbles and macros are not allowed in optionals*/ -+ if (node->flavor == CIL_TUNABLE || -+ node->flavor == CIL_IN || -+ node->flavor == CIL_BLOCK || -+ node->flavor == CIL_BLOCKABSTRACT || -+ node->flavor == CIL_MACRO) { - cil_tree_log(node, CIL_ERR, "%s statement is not allowed in optionals", cil_node_to_string(node)); - rc = SEPOL_ERR; - goto exit; diff --git a/libsepol-3.2.tar.gz b/libsepol-3.2.tar.gz deleted file mode 100644 index 276a2d3..0000000 --- a/libsepol-3.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dfc7f662af8000116e56a01de6a0394ed79be1b34b999e551346233c5dd19508 -size 477749 diff --git a/libsepol-3.3.tar.gz b/libsepol-3.3.tar.gz new file mode 100644 index 0000000..c92c769 --- /dev/null +++ b/libsepol-3.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2d97df3eb8466169b389c3660acbb90c54200ac96e452eca9f41a9639f4f238b +size 482546 diff --git a/libsepol.changes b/libsepol.changes index 184b49a..d16a71f 100644 --- a/libsepol.changes +++ b/libsepol.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Nov 11 13:28:14 UTC 2021 - Johannes Segitz + +- Update to version 3.3 + * Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch + are all included + * Lot of smaller fixes identified by fuzzing + ------------------------------------------------------------------- Wed Jul 21 13:16:54 UTC 2021 - Johannes Segitz diff --git a/libsepol.spec b/libsepol.spec index f9b26f3..4b5cf39 100644 --- a/libsepol.spec +++ b/libsepol.spec @@ -19,7 +19,7 @@ %define libname libsepol2 Name: libsepol -Version: 3.2 +Version: 3.3 Release: 0 Summary: SELinux binary policy manipulation library License: LGPL-2.1-or-later @@ -27,10 +27,6 @@ Group: Development/Libraries/C and C++ URL: https://github.com/SELinuxProject/selinux/wiki/Releases Source: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz Source2: baselibs.conf -# all upstream, remove in next version -Patch0: CVE-2021-36085.patch -Patch1: CVE-2021-36086.patch -Patch2: CVE-2021-36087.patch BuildRequires: flex BuildRequires: pkgconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -92,9 +88,6 @@ policies. %prep %setup -q -%patch0 -p2 -%patch1 -p2 -%patch2 -p1 %build %define _lto_cflags %{nil}