!76 fix cap_struct to adapter libcap 2.61

From: @ZhouShuiQing Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee
fix cap_struct to adapter libcap 2.61
2023-05-24 08:33:38 +00:00 · 2023-05-24 15:45:15 +08:00 · 2022-12-20 09:27:49 +00:00 · 2022-12-20 17:01:13 +08:00 · 2022-09-19 07:58:15 +00:00 · 2022-09-19 14:19:34 +08:00
5 changed files with 138 additions and 34 deletions
--- a/digest-list-tools.spec
+++ b/digest-list-tools.spec
@ -1,6 +1,6 @@
 name:           digest-list-tools
 Version:        0.3.95
-Release:        7
+Release:        11
 Summary:        Utilities for IMA Digest Lists extension
 Source0:        https://gitee.com/openeuler/%{name}/repository/archive/v%{version}.tar.gz
@ -15,9 +15,12 @@ Patch3:         fix-duplicated-kernel-parameters.patch
 Patch4:		Fix-sm3-algorithm-name.patch
 Patch5: 	fix-faulty-code.patch
 Patch6: 	fix-file-resource-leakage-and-memory-leakage.patch
 Patch7: 	fix-error-exit-in-dracut-program.patch
 Patch8:         fix-cap_struct-to-adapter-libcap-2.61.patch
 Requires:	libcap = 2.61
 BuildRequires:  autoconf automake libcurl-devel libtool rpm-devel dracut gzip
-BuildRequires:  libcap-devel libcmocka-devel libselinux-devel
+BuildRequires:  libcap-devel = 2.61 libcmocka-devel libselinux-devel
 %if 0%{?suse_version}
 BuildRequires:  libopenssl-devel glibc-devel-static
@ -91,7 +94,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/digestlist/libgenerator-unknown.so
 %{_libdir}/digestlist/libparser-compact_tlv.so
 %{_libdir}/digestlist/libparser-rpm.so
-%{_unitdir}/setup-ima-digest-lists.service
+%exclude %{_unitdir}/setup-ima-digest-lists.service
 %dir /usr/lib/dracut/modules.d/98digestlist
 %{_prefix}/lib/dracut/modules.d/98digestlist/module-setup.sh
 %{_prefix}/lib/dracut/modules.d/98digestlist/upload_meta_digest_lists.sh
@ -126,6 +129,18 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/%{name}.1.gz
 %changelog
 * Wed May 24 2023 zhoushuiqing <zhoushuiqing2@huawei.com> - 0.3.95-11
 - Fix cap_struct to adapter libcap 2.61
 * Tue Dec 20 2022 gaoyusong <gaoyusong2@huawei.com> - 0.3.95-10
 - Fix error exit in dracut program
 * Wed Sep 7 2022 shenxiangwei <shenxiangwei1@huawei.com> - 0.3.95-9
 - Delete setup-ima-digest-lists.service
 * Tue Aug 23 2022 shenxiangwei <shenxiangwei1@huawei.com> - 0.3.95-8
 - Update fix-faulty-code.patch
 * Tue Aug 16 2022 shenxiangwei <shenxiangwei1@huawei.com> - 0.3.95-7
 - Fix faulty code, file resource leakeage and memory leakage
--- a/fix-cap_struct-to-adapter-libcap-2.61.patch
+++ b/fix-cap_struct-to-adapter-libcap-2.61.patch
@ -0,0 +1,37 @@
 From e063ba3535c35a6fb5f66c00d733b9bd7dffa8ff Mon Sep 17 00:00:00 2001
 From: luhuaxin <luhuaxin1@huawei.com>
 Date: Sun, 13 Mar 2022 12:03:34 +0800
 Subject: [PATCH] fix cap_struct to adapter libcap 2.61
 Signed-off-by: luhuaxin <luhuaxin1@huawei.com>
 ---
 lib/cap.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
 diff --git a/lib/cap.c b/lib/cap.c
 index f7a91fe..c21d025 100644
 --- a/lib/cap.c
 +++ b/lib/cap.c
@@ -28,15 +28,17 @@
 #endif
 #define NUMBER_OF_CAP_SETS      3   /* effective, inheritable, permitted */
 -#define __CAP_BLKS   (_LINUX_CAPABILITY_U32S)
 +#define __CAP_BLKS   (_LINUX_CAPABILITY_U32S_3)
 #define CAP_SET_SIZE (__CAP_BLKS * sizeof(__u32))
 struct _cap_struct {
 +	__u8 mutex;
 	struct __user_cap_header_struct head;
 	union {
 		struct __user_cap_data_struct set;
 		__u32 flat[NUMBER_OF_CAP_SETS];
 -	} u[_LINUX_CAPABILITY_U32S];
 +	} u[_LINUX_CAPABILITY_U32S_3];
 +	uid_t rootid;
 };
 cap_t _fcaps_load(struct vfs_cap_data *rawvfscap, cap_t result, int bytes)
 -- 
 2.33.0
--- a/fix-error-exit-in-dracut-program.patch
+++ b/fix-error-exit-in-dracut-program.patch
@ -0,0 +1,67 @@
 From eb4f01db4a82a1c902d208a7b67acb8b4be0f1f6 Mon Sep 17 00:00:00 2001
 From: gaoyusong <gaoyusong2@huawei.com>
 Date: Tue, 20 Dec 2022 16:43:38 +0800
 Subject: [PATCH] fix error exit in dracut program
 ---
 initrd/dracut/load_digest_lists.sh | 45 ++++++++++++++----------------
 1 file changed, 21 insertions(+), 24 deletions(-)
 diff --git a/initrd/dracut/load_digest_lists.sh b/initrd/dracut/load_digest_lists.sh
 index 9d6e5d1..8cb3e84 100644
 --- a/initrd/dracut/load_digest_lists.sh
 +++ b/initrd/dracut/load_digest_lists.sh
@@ -1,29 +1,26 @@
 #! /bin/bash
 -if [ ! -f /sys/kernel/security/ima/digest_list_data ]; then
 -	exit 0
 -fi
 +if [  -f /sys/kernel/security/ima/digest_list_data ]; then
 +	digests_count=$(cat /sys/kernel/security/ima/digests_count)
 +	if [ "$digests_count" != "0" ]; then
 +		for f in $(find $NEWROOT/etc/ima/digest_lists -type f); do
 +			if [ ! -f /etc/ima/digest_lists/$(basename $f) ]; then
 +				process_digest_list=$(getfattr -m - -e hex -d $f \
 +					2> /dev/null | awk '{ if ($1 ~ /security.evm/) evm=1;
 +							if ($1 ~ /security.ima=0x03/) ima=1; }
 +							END{ if (evm || ima) print "1" }')
 +				if [ -z "$process_digest_list" ]; then
 +					continue
 +				fi
 -digests_count=$(cat /sys/kernel/security/ima/digests_count)
 -if [ "$digests_count" = "0" ]; then
 -	exit 0
 +				format=$(echo $f | cut -d - -f 3)
 +				if [ "$format" = "compact" ]; then
 +					echo $f > /sys/kernel/security/ima/digest_list_data
 +				else
 +					upload_digest_lists add $f
 +				fi
 +			fi
 +		done
 +	fi
 fi
 -for f in $(find $NEWROOT/etc/ima/digest_lists -type f); do
 -	if [ ! -f /etc/ima/digest_lists/$(basename $f) ]; then
 -		process_digest_list=$(getfattr -m - -e hex -d $f \
 -			2> /dev/null | awk '{ if ($1 ~ /security.evm/) evm=1;
 -					if ($1 ~ /security.ima=0x03/) ima=1; }
 -					END{ if (evm || ima) print "1" }')
 -		if [ -z "$process_digest_list" ]; then
 -			continue
 -		fi
 -
 -		format=$(echo $f | cut -d - -f 3)
 -		if [ "$format" = "compact" ]; then
 -			echo $f > /sys/kernel/security/ima/digest_list_data
 -		else
 -			upload_digest_lists add $f
 -		fi
 -	fi
 -done
 -- 
 2.27.0
--- a/fix-faulty-code.patch
+++ b/fix-faulty-code.patch
@ -1,38 +1,15 @@
 From f078f852fa618f9f3a6553ff25eafd21cae0b3c1 Mon Sep 17 00:00:00 2001
 From: shenxiangwei <shenxiangwei1@huawei.com>
 Date: Tue, 2 Aug 2022 21:11:44 +0800
-Subject: [PATCH 1/2] fix faulty code
+Subject: [PATCH 1/2] fix echecker scan warning
 Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
 ---
 lib/crypto.c     | 4 ++--
 lib/xattr.c      | 3 +++
 parsers/rpm.c    | 4 ++--
 src/rpm_parser.c | 4 ++--
- 4 files changed, 9 insertions(+), 6 deletions(-)
+ 3 files changed, 7 insertions(+), 4 deletions(-)
 diff --git a/lib/crypto.c b/lib/crypto.c
 index d81992e..5397feb 100644
 --- a/lib/crypto.c
 +++ b/lib/crypto.c
@@ -314,7 +314,7 @@ static int sign_file(int dirfd, char *filename, char *key_path, char *keypass,
 	memcpy(buf + asn1->size, digest, digest_len);
 	sig_len = RSA_private_encrypt(digest_len + asn1->size, buf, sig, k->key,
 -				      RSA_PKCS1_PADDING);
 +				      RSA_PKCS1_OAEP_PADDING);
 	if (sig_len < 0) {
 		printf("RSA_private_encrypt() failed: %d\n", sig_len);
 		goto out_buf;
@@ -403,7 +403,7 @@ static int verify_common(struct list_head *head, int dirfd, char *filename,
 		goto out;
 	}
 -	ret = RSA_public_decrypt(sig_len, sig, out, k->key, RSA_PKCS1_PADDING);
 +	ret = RSA_public_decrypt(sig_len, sig, out, k->key, RSA_PKCS1_OAEP_PADDING);
 	if (ret < 0) {
 		printf("RSA_public_decrypt() failed: %d\n", ret);
 		goto out;
 diff --git a/lib/xattr.c b/lib/xattr.c
 index 2aa9c96..3bfb35c 100644
 --- a/lib/xattr.c
--- a/fix-file-resource-leakage-and-memory-leakage.patch
+++ b/fix-file-resource-leakage-and-memory-leakage.patch
@ -1,21 +1,29 @@
-From 3e08ccc4c5bca26df1c3b7542868cf2a457fa6ec Mon Sep 17 00:00:00 2001
+From dc73bf5d2146deb5831a63c8e267a3f325bb5e67 Mon Sep 17 00:00:00 2001
 From: shenxiangwei <shenxiangwei1@huawei.com>
 Date: Tue, 16 Aug 2022 08:34:37 +0800
-Subject: [PATCH 2/2] fix file resource leakage and memory leakage
+Subject: [PATCH] fix file resource leakage and memory leakage
 Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
 ---
- generators/unknown.c      |  2 +-
+ generators/unknown.c      |  3 ++-
 lib/xattr.c               | 14 ++++++++++++++
 parsers/rpm.c             |  2 +-
 src/manage_digest_lists.c |  4 ++--
- 4 files changed, 18 insertions(+), 4 deletions(-)
+ 4 files changed, 19 insertions(+), 4 deletions(-)
 diff --git a/generators/unknown.c b/generators/unknown.c
-index ad17a23..85f348f 100644
+index ad17a23..3f8ecc4 100644
 --- a/generators/unknown.c
 +++ b/generators/unknown.c
-@@ -217,7 +217,7 @@ static int add_file(int dirfd, int fd, char *path, u16 type, u16 modifiers,
+@@ -164,6 +164,7 @@ static int add_file(int dirfd, int fd, char *path, u16 type, u16 modifiers,
 			if (!ret) {
 				caps_bin = malloc(caps_bin_len);
 				if (!caps_bin) {
 +					cap_free(c);
 					ret = -ENOMEM;
 					goto out;
 				}
@@ -217,7 +218,7 @@ static int add_file(int dirfd, int fd, char *path, u16 type, u16 modifiers,
 		if (!ret)
 			ret = write_check(fd, "\n", 1);
Author	SHA1	Message	Date
openeuler-ci-bot	4312c5a9c0	!76 fix cap_struct to adapter libcap 2.61 From: @ZhouShuiQing Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee	2023-05-24 08:33:38 +00:00
zhoushuiqing	1433a45cda	fix cap_struct to adapter libcap 2.61	2023-05-24 15:45:15 +08:00
openeuler-ci-bot	a98e857496	!70 fix error exit in dracut program From: @gys66 Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee	2022-12-20 09:27:49 +00:00
gaoyusong	a541c384b1	fix error exit in dracut program Signed-off-by: gaoyusong <gaoyusong2@huawei.com>	2022-12-20 17:01:13 +08:00
openeuler-ci-bot	1d0175a7de	!61 update fix-file-resource-leakage-and-memory-leakage.patch From: @godvi Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee	2022-09-19 07:58:15 +00:00
shenxiangwei	3615eb4c2c	update fix-file-resource-leakage-and-memory-leakage.patch	2022-09-19 14:19:34 +08:00
openeuler-ci-bot	437614d246	!57 delete setup-ima-digest-lists.service From: @godvi Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee	2022-09-07 03:15:24 +00:00
godvi	5f551cb1e0	delete setup-ima-digest-lists.service Signed-off-by: godvi <shenxiangwei1@huawei.com>	2022-09-07 02:59:25 +00:00
openeuler-ci-bot	3d5d5dceef	!51 update fix-faulty-code.patch From: @godvi Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee	2022-08-24 02:35:03 +00:00
Liu Zixian	32466fa668	Update fix-faulty-code.patch	2022-08-23 18:54:28 +08:00