backport patches from upstream

(cherry picked from commit 1003b6b593eac63d4bea5e6ffa36032c8666f601)
2024-01-31 11:11:04 +08:00 · 2024-01-31 11:11:04 +08:00 · f6d4b53157
commit f6d4b53157
parent 0c50be5f90
4 changed files with 314 additions and 1 deletions
--- a/backport-newrole-silence-compiler-warnings.patch
+++ b/backport-newrole-silence-compiler-warnings.patch
@ -0,0 +1,156 @@
 From 29e167a448eff9aaee13d3c51c56641959d4ca7f Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
 Date: Tue, 22 Feb 2022 14:51:41 +0100
 Subject: [PATCH] newrole: silence compiler warnings
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
    newrole.c:636:12: warning: function declaration isn’t a prototype [-Wstrict-prototypes]
      636 | static int transition_to_caller_uid()
          |            ^~~~~~~~~~~~~~~~~~~~~~~~
    newrole.c:103:9: warning: macro is not used [-Wunused-macros]
    #define DEFAULT_CONTEXT_SIZE 255        /* first guess at context size */
            ^
    newrole.c:862:4: warning: 'break' will never be executed [-Wunreachable-code-break]
                            break;
                            ^~~~~
    newrole.c:168:13: warning: no previous extern declaration for non-static variable 'service_name' [-Wmissing-variable-declarations]
    const char *service_name = "newrole";
                ^
    hashtab.c:53:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
            hvalue = h->hash_value(h, key);
                   ~ ^~~~~~~~~~~~~~~~~~~~~
    hashtab.c:92:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
            hvalue = h->hash_value(h, key);
                   ~ ^~~~~~~~~~~~~~~~~~~~~
    hashtab.c:124:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
            hvalue = h->hash_value(h, key);
                   ~ ^~~~~~~~~~~~~~~~~~~~~
    hashtab.c:172:10: warning: implicit conversion changes signedness: 'int' to 'unsigned int' [-Wsign-conversion]
                            ret = apply(cur->key, cur->datum, args);
                                ~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    hashtab.c:174:12: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
                                    return ret;
                                    ~~~~~~ ^~~
 Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 ---
 policycoreutils/newrole/hashtab.c |  9 +++++----
 policycoreutils/newrole/newrole.c | 15 ++++++---------
 2 files changed, 11 insertions(+), 13 deletions(-)
 diff --git a/policycoreutils/newrole/hashtab.c b/policycoreutils/newrole/hashtab.c
 index bc502836..26d4f4c7 100644
 --- a/policycoreutils/newrole/hashtab.c
 +++ b/policycoreutils/newrole/hashtab.c
@@ -44,7 +44,7 @@ hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
 int hashtab_insert(hashtab_t h, hashtab_key_t key, hashtab_datum_t datum)
 {
 -	int hvalue;
 +	unsigned int hvalue;
 	hashtab_ptr_t prev, cur, newnode;
 	if (!h)
@@ -83,7 +83,7 @@ int hashtab_remove(hashtab_t h, hashtab_key_t key,
 		   void (*destroy) (hashtab_key_t k,
 				    hashtab_datum_t d, void *args), void *args)
 {
 -	int hvalue;
 +	unsigned int hvalue;
 	hashtab_ptr_t cur, last;
 	if (!h)
@@ -115,7 +115,7 @@ int hashtab_remove(hashtab_t h, hashtab_key_t key,
 hashtab_datum_t hashtab_search(hashtab_t h, const_hashtab_key_t key)
 {
 -	int hvalue;
 +	unsigned int hvalue;
 	hashtab_ptr_t cur;
 	if (!h)
@@ -160,8 +160,9 @@ int hashtab_map(hashtab_t h,
 		int (*apply) (hashtab_key_t k,
 			      hashtab_datum_t d, void *args), void *args)
 {
 -	unsigned int i, ret;
 +	unsigned int i;
 	hashtab_ptr_t cur;
 +	int ret;
 	if (!h)
 		return HASHTAB_SUCCESS;
 diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
 index 9d68b6ab..c9989863 100644
 --- a/policycoreutils/newrole/newrole.c
 +++ b/policycoreutils/newrole/newrole.c
@@ -100,7 +100,6 @@
 #endif
 #define DEFAULT_PATH "/usr/bin:/bin"
 -#define DEFAULT_CONTEXT_SIZE 255	/* first guess at context size */
 extern char **environ;
@@ -115,7 +114,7 @@ extern char **environ;
  *
  * Returns malloc'd memory
  */
 -static char *build_new_range(char *newlevel, const char *range)
 +static char *build_new_range(const char *newlevel, const char *range)
 {
 	char *newrangep = NULL;
 	const char *tmpptr;
@@ -166,7 +165,7 @@ static char *build_new_range(char *newlevel, const char *range)
 #include <security/pam_appl.h>	/* for PAM functions */
 #include <security/pam_misc.h>	/* for misc_conv PAM utility function */
 -const char *service_name = "newrole";
 +static const char *service_name = "newrole";
 /* authenticate_via_pam()
  *
@@ -230,14 +229,13 @@ static int free_hashtab_entry(hashtab_key_t key, hashtab_datum_t d,
 static unsigned int reqsymhash(hashtab_t h, const_hashtab_key_t key)
 {
 -	char *p, *keyp;
 +	const char *p;
 	size_t size;
 	unsigned int val;
 	val = 0;
 -	keyp = (char *)key;
 -	size = strlen(keyp);
 -	for (p = keyp; ((size_t) (p - keyp)) < size; p++)
 +	size = strlen(key);
 +	for (p = key; ((size_t) (p - key)) < size; p++)
 		val =
 		    (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p);
 	return val & (h->size - 1);
@@ -623,7 +621,7 @@ static inline int drop_capabilities(__attribute__ ((__unused__)) int full)
  * This function will set the uid values to be that of caller's uid, and
  * will drop any privilege which may have been raised.
  */
 -static int transition_to_caller_uid()
 +static int transition_to_caller_uid(void)
 {
 	uid_t uid = getuid();
@@ -850,7 +848,6 @@ static int parse_command_line_arguments(int argc, char **argv, char *ttyn,
 		case 'V':
 			printf("newrole: %s version %s\n", PACKAGE, VERSION);
 			exit(0);
 -			break;
 		case 'p':
 			*preserve_environment = 1;
 			break;
 -- 
 2.33.0
--- a/backport-newrole-use-DJB2a-string-hash-function.patch
+++ b/backport-newrole-use-DJB2a-string-hash-function.patch
@ -0,0 +1,53 @@
 From 3089f1f2fd92684372e8141f1f5dbfd97b859983 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
 Date: Wed, 16 Aug 2023 14:38:45 +0200
 Subject: [PATCH] newrole: use DJB2a string hash function
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 The hash table implementation uses `& (h->size - 1)` to truncate
 generated hashes to the number of buckets.  This operation is equal to
 `% h->size` if and only if the size is a power of two (which seems to be
 always the case).  One property of the binary and with a power of two
 (and probably a small one <=2048) is all higher bits are discarded.
 Thus a hash function is needed with a good avalanche effect, which the
 current one is not.
 Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 Acked-by: James Carter <jwcart2@gmail.com>
 ---
 policycoreutils/newrole/newrole.c | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)
 diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
 index d9efa68a..5a1a1129 100644
 --- a/policycoreutils/newrole/newrole.c
 +++ b/policycoreutils/newrole/newrole.c
@@ -229,16 +229,13 @@ static int free_hashtab_entry(hashtab_key_t key, hashtab_datum_t d,
 static unsigned int reqsymhash(hashtab_t h, const_hashtab_key_t key)
 {
 -	const char *p;
 -	size_t size;
 -	unsigned int val;
 -
 -	val = 0;
 -	size = strlen(key);
 -	for (p = key; ((size_t) (p - key)) < size; p++)
 -		val =
 -		    (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p);
 -	return val & (h->size - 1);
 +	unsigned int hash = 5381;
 +	unsigned char c;
 +
 +	while ((c = *(unsigned const char *)key++))
 +		hash = ((hash << 5) + hash) ^ c;
 +
 +	return hash & (h->size - 1);
 }
 static int reqsymcmp(hashtab_t h
 -- 
 2.33.0
--- a/backport-python-Harden-more-tools-against-rogue-modules.patch
+++ b/backport-python-Harden-more-tools-against-rogue-modules.patch
@ -0,0 +1,98 @@
 From 94389f21022be68cb048b4b76d32c0f2440b15ee Mon Sep 17 00:00:00 2001
 From: Vit Mojzis <vmojzis@redhat.com>
 Date: Wed, 6 Dec 2023 15:31:51 +0100
 Subject: [PATCH] python: Harden more tools against "rogue" modules
 Python scripts present in the same directory as the tool
 override regular modules.
 Fixes:
      #cat > /usr/bin/signal.py <<EOF
      import sys
      print("BAD GUY!", file=sys.stderr)
      sys.exit(1)
      EOF
      #sandbox date
      BAD GUY!
 Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
 Acked-by: James Carter <jwcart2@gmail.com>
 ---
 dbus/selinux_server.py       | 2 +-
 gui/polgengui.py             | 2 +-
 gui/system-config-selinux.py | 6 +++---
 sandbox/sandbox              | 2 +-
 sandbox/start                | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)
 diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
 index a969f226..469c526f 100644
 --- a/dbus/selinux_server.py
 +++ b/dbus/selinux_server.py
@@ -1,4 +1,4 @@
 -#!/usr/bin/python3
 +#!/usr/bin/python3 -EsI
 import dbus
 import dbus.service
 diff --git a/gui/polgengui.py b/gui/polgengui.py
 index 16116ba6..9c151a11 100644
 --- a/gui/polgengui.py
 +++ b/gui/polgengui.py
@@ -1,4 +1,4 @@
 -#!/usr/bin/python3 -Es
 +#!/usr/bin/python3 -EsI
 #
 # polgengui.py - GUI for SELinux Config tool in system-config-selinux
 #
 diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py
 index 9f53b7fe..0b6ba4b5 100644
 --- a/gui/system-config-selinux.py
 +++ b/gui/system-config-selinux.py
@@ -1,4 +1,4 @@
 -#!/usr/bin/python3 -Es
 +#!/usr/bin/python3 -EsI
 #
 # system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
 #
@@ -32,6 +32,8 @@ except RuntimeError as e:
     print("This is a graphical application and requires DISPLAY to be set.")
     sys.exit(1)
 +sys.path.append('/usr/share/system-config-selinux')
 +
 from gi.repository import GObject
 import statusPage
 import booleansPage
@@ -66,8 +68,6 @@ except:
 version = "1.0"
 -sys.path.append('/usr/share/system-config-selinux')
 -
 ##
 ## Pull in the Glade file
 diff --git a/sandbox/sandbox b/sandbox/sandbox
 index a2762a7d..fe631a92 100644
 --- a/sandbox/sandbox
 +++ b/sandbox/sandbox
@@ -1,4 +1,4 @@
 -#!/usr/bin/python3 -Es
 +#!/usr/bin/python3 -EsI
 # Authors: Dan Walsh <dwalsh@redhat.com>
 # Authors: Thomas Liu <tliu@fedoraproject.org>
 # Authors: Josh Cogliati
 diff --git a/sandbox/start b/sandbox/start
 index 4ed3cb5c..3c1a1783 100644
 --- a/sandbox/start
 +++ b/sandbox/start
@@ -1,4 +1,4 @@
 -#!/usr/bin/python3 -Es
 +#!/usr/bin/python3 -EsI
 try:
     from subprocess import getstatusoutput
 except ImportError:
 -- 
 2.33.0
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -3,7 +3,7 @@
 Name:      policycoreutils
 Version:   3.3
-Release:   9
+Release:   10
 Summary:   Policy core utilities of selinux
 License:   GPLv2
 URL:       https://github.com/SELinuxProject
@ -34,6 +34,9 @@ Patch6013:    backport-python-Use-isinstance-instead-of-type.patch
 Patch6014:    backport-restorecond-compatible-with-the-use-of-EUID.patch
 Patch6015:    backport-sepolicy-manpage.py-make-output-deterministic.patch
 Patch6016:    restorecond-remove-dependency-of-glib2.patch
 Patch6017:    backport-newrole-silence-compiler-warnings.patch
 Patch6018:    backport-newrole-use-DJB2a-string-hash-function.patch
 Patch6019:    backport-python-Harden-more-tools-against-rogue-modules.patch
 BuildRequires: gcc
 BuildRequires: pam-devel libsepol-static >= 3.3 libsemanage-static >= 3.3 libselinux-devel >= 3.3  libcap-devel audit-libs-devel  gettext
@ -274,6 +277,9 @@ find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
 %{_mandir}/*
 %changelog
 * Wed Jan 31 2024 zhangruifang <zhangruifang1@h-partners.com> -3.3-10
 - backport patches from upstream
 * Tue Dec 26 2023 wanghuizhao <wanghuizhao1@huawei.com> -3.3-9
 - submit self-developed patch