[gentoo-commits] repo/gentoo:master commit in: sys-libs/libselinux/files/, sys-libs/libselinux/ - gentoo-commits

From:	Jason Zaman <perfinion@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-libs/libselinux/files/, sys-libs/libselinux/
Date:	Wed, 05 Oct 2016 16:44:28
Message-Id:	`1475685782.6f24947db6463e9a29b11a164ea538c7477de268.perfinion@gentoo`

1

commit:     6f24947db6463e9a29b11a164ea538c7477de268

2

Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>

3

AuthorDate: Wed Oct  5 16:28:56 2016 +0000

4

Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>

5

CommitDate: Wed Oct  5 16:43:02 2016 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f24947d

7

8

sys-libs/libselinux: fix selinux_restorecon realpath logic

9

10

Package-Manager: portage-2.3.0

11

12

 ...nux-selinux_restorecon-fix-realpath-logic.patch | 76 ++++++++++++++++++++++

13

 ...2.6_rc1.ebuild => libselinux-2.6_rc1-r1.ebuild} |  1 +

14

 2 files changed, 77 insertions(+)

15

16

diff --git a/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch b/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch

17

new file mode 100644

18

index 00000000..3a0d7fb

19

--- /dev/null

20

+++ b/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch

21

@@ -0,0 +1,76 @@

22

+From aa0c824bb2eeb8960ba02133faade72c837ea951 Mon Sep 17 00:00:00 2001

23

+From: Stephen Smalley <sds@×××××××××.gov>

24

+Date: Wed, 5 Oct 2016 10:45:35 -0400

25

+Subject: [PATCH] libselinux: selinux_restorecon: fix realpath logic

26

+

27

+The realpath logic in selinux_restorecon() was taken from the

28

+Android libselinux fork.  However, bionic dirname() and basename()

29

+do not modify their argument and therefore are safe to call on a

30

+const string.  POSIX dirname() and basename() can modify their argument.

31

+There is a GNU basename() that does not modify its argument, but not

32

+for dirname().

33

+For portability, create copies of the original pathname for each call

34

+and keep them around until finished using the result.

35

+

36

+Fixes "restorecon -r goes up the tree?" bug reported by Jason Zaman.

37

+

38

+Reported-by: Jason Zaman <jason@×××××××××.com>

39

+Signed-off-by: Stephen Smalley <sds@×××××××××.gov>

40

+---

41

+ libselinux/src/selinux_restorecon.c | 26 +++++++++++++++++++++-----

42

+ 1 file changed, 21 insertions(+), 5 deletions(-)

43

+

44

+diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c

45

+index 0945138..e38d1d0 100644

46

+--- libselinux/src/selinux_restorecon.c

47

++++ libselinux/src/selinux_restorecon.c

48

+@@ -797,25 +797,41 @@ int selinux_restorecon(const char *pathname_orig,

49

+ 	 * realpath of containing dir, then appending last component name.

50

+ 	 */

51

+ 	if (flags.userealpath) {

52

+-		pathbname = basename((char *)pathname_orig);

53

++		char *basename_cpy = strdup(pathname_orig);

54

++		if (!basename_cpy)

55

++			goto realpatherr;

56

++		pathbname = basename(basename_cpy);

57

+ 		if (!strcmp(pathbname, "/") || !strcmp(pathbname, ".") ||

58

+ 					    !strcmp(pathbname, "..")) {

59

+ 			pathname = realpath(pathname_orig, NULL);

60

+-			if (!pathname)

61

++			if (!pathname) {

62

++				free(basename_cpy);

63

+ 				goto realpatherr;

64

++			}

65

+ 		} else {

66

+-			pathdname = dirname((char *)pathname_orig);

67

++			char *dirname_cpy = strdup(pathname_orig);

68

++			if (!dirname_cpy) {

69

++				free(basename_cpy);

70

++				goto realpatherr;

71

++			}

72

++			pathdname = dirname(dirname_cpy);

73

+ 			pathdnamer = realpath(pathdname, NULL);

74

+-			if (!pathdnamer)

75

++			free(dirname_cpy);

76

++			if (!pathdnamer) {

77

++				free(basename_cpy);

78

+ 				goto realpatherr;

79

++			}

80

+ 			if (!strcmp(pathdnamer, "/"))

81

+ 				error = asprintf(&pathname, "/%s", pathbname);

82

+ 			else

83

+ 				error = asprintf(&pathname, "%s/%s",

84

+ 						    pathdnamer, pathbname);

85

+-			if (error < 0)

86

++			if (error < 0) {

87

++				free(basename_cpy);

88

+ 				goto oom;

89

++			}

90

+ 		}

91

++		free(basename_cpy);

92

+ 	} else {

93

+ 		pathname = strdup(pathname_orig);

94

+ 		if (!pathname)

95

+--

96

+2.7.3

97

+

98

99

diff --git a/sys-libs/libselinux/libselinux-2.6_rc1.ebuild b/sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild

100

similarity index 97%

101

rename from sys-libs/libselinux/libselinux-2.6_rc1.ebuild

102

rename to sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild

103

index 84092cb..fe8c78b 100644

104

--- a/sys-libs/libselinux/libselinux-2.6_rc1.ebuild

105

+++ b/sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild

106

@@ -47,6 +47,7 @@ DEPEND="${RDEPEND}

107

 src_prepare() {

108

 	if [[ ${PV} != 9999 ]] ; then

109

 		# If needed for live builds, place them in /etc/portage/patches

110

+		eapply "${FILESDIR}/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch"

111

 		eapply "${FILESDIR}/libselinux-2.6-0005-use-ruby-include-with-rubylibver.patch"

112

 		eapply "${FILESDIR}/libselinux-2.6-0007-build-related-fixes-bug-500674.patch"

113

fi

1	commit: 6f24947db6463e9a29b11a164ea538c7477de268
2	Author: Jason Zaman <perfinion <AT> gentoo <DOT> org>
3	AuthorDate: Wed Oct 5 16:28:56 2016 +0000
4	Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5	CommitDate: Wed Oct 5 16:43:02 2016 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f24947d
7
8	sys-libs/libselinux: fix selinux_restorecon realpath logic
9
10	Package-Manager: portage-2.3.0
11
12	...nux-selinux_restorecon-fix-realpath-logic.patch \| 76 ++++++++++++++++++++++
13	...2.6_rc1.ebuild => libselinux-2.6_rc1-r1.ebuild} \| 1 +
14	2 files changed, 77 insertions(+)
15
16	diff --git a/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch b/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch
17	new file mode 100644
18	index 00000000..3a0d7fb
19	--- /dev/null
20	+++ b/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch
21	@@ -0,0 +1,76 @@
22	+From aa0c824bb2eeb8960ba02133faade72c837ea951 Mon Sep 17 00:00:00 2001
23	+From: Stephen Smalley <sds@×××××××××.gov>
24	+Date: Wed, 5 Oct 2016 10:45:35 -0400
25	+Subject: [PATCH] libselinux: selinux_restorecon: fix realpath logic
26	+
27	+The realpath logic in selinux_restorecon() was taken from the
28	+Android libselinux fork. However, bionic dirname() and basename()
29	+do not modify their argument and therefore are safe to call on a
30	+const string. POSIX dirname() and basename() can modify their argument.
31	+There is a GNU basename() that does not modify its argument, but not
32	+for dirname().
33	+For portability, create copies of the original pathname for each call
34	+and keep them around until finished using the result.
35	+
36	+Fixes "restorecon -r goes up the tree?" bug reported by Jason Zaman.
37	+
38	+Reported-by: Jason Zaman <jason@×××××××××.com>
39	+Signed-off-by: Stephen Smalley <sds@×××××××××.gov>
40	+---
41	+ libselinux/src/selinux_restorecon.c \| 26 +++++++++++++++++++++-----
42	+ 1 file changed, 21 insertions(+), 5 deletions(-)
43	+
44	+diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
45	+index 0945138..e38d1d0 100644
46	+--- libselinux/src/selinux_restorecon.c
47	++++ libselinux/src/selinux_restorecon.c
48	+@@ -797,25 +797,41 @@ int selinux_restorecon(const char *pathname_orig,
49	+ * realpath of containing dir, then appending last component name.
50	+ */
51	+ if (flags.userealpath) {
52	+- pathbname = basename((char *)pathname_orig);
53	++ char *basename_cpy = strdup(pathname_orig);
54	++ if (!basename_cpy)
55	++ goto realpatherr;
56	++ pathbname = basename(basename_cpy);
57	+ if (!strcmp(pathbname, "/") \|\| !strcmp(pathbname, ".") \|\|
58	+ !strcmp(pathbname, "..")) {
59	+ pathname = realpath(pathname_orig, NULL);
60	+- if (!pathname)
61	++ if (!pathname) {
62	++ free(basename_cpy);
63	+ goto realpatherr;
64	++ }
65	+ } else {
66	+- pathdname = dirname((char *)pathname_orig);
67	++ char *dirname_cpy = strdup(pathname_orig);
68	++ if (!dirname_cpy) {
69	++ free(basename_cpy);
70	++ goto realpatherr;
71	++ }
72	++ pathdname = dirname(dirname_cpy);
73	+ pathdnamer = realpath(pathdname, NULL);
74	+- if (!pathdnamer)
75	++ free(dirname_cpy);
76	++ if (!pathdnamer) {
77	++ free(basename_cpy);
78	+ goto realpatherr;
79	++ }
80	+ if (!strcmp(pathdnamer, "/"))
81	+ error = asprintf(&pathname, "/%s", pathbname);
82	+ else
83	+ error = asprintf(&pathname, "%s/%s",
84	+ pathdnamer, pathbname);
85	+- if (error < 0)
86	++ if (error < 0) {
87	++ free(basename_cpy);
88	+ goto oom;
89	++ }
90	+ }
91	++ free(basename_cpy);
92	+ } else {
93	+ pathname = strdup(pathname_orig);
94	+ if (!pathname)
95	+--
96	+2.7.3
97	+
98
99	diff --git a/sys-libs/libselinux/libselinux-2.6_rc1.ebuild b/sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
100	similarity index 97%
101	rename from sys-libs/libselinux/libselinux-2.6_rc1.ebuild
102	rename to sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
103	index 84092cb..fe8c78b 100644
104	--- a/sys-libs/libselinux/libselinux-2.6_rc1.ebuild
105	+++ b/sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
106	@@ -47,6 +47,7 @@ DEPEND="${RDEPEND}
107	src_prepare() {
108	if [[ ${PV} != 9999 ]] ; then
109	# If needed for live builds, place them in /etc/portage/patches
110	+ eapply "${FILESDIR}/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch"
111	eapply "${FILESDIR}/libselinux-2.6-0005-use-ruby-include-with-rubylibver.patch"
112	eapply "${FILESDIR}/libselinux-2.6-0007-build-related-fixes-bug-500674.patch"
113	fi

Gentoo Archives: gentoo-commits