From 7138bd335b89622dbb3007d99d3f7a82ad3bc509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8D=A2=E5=8D=8E=E6=AD=86?= <1539327763@qq.com> Date: Fri, 3 Dec 2021 06:18:14 +0000 Subject: [PATCH] rpm selinux plugin check context file exist --- ...inux-plugin-check-context-file-exist.patch | 26 +++++++++++++++++++ rpm.spec | 9 ++++++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 rpm-selinux-plugin-check-context-file-exist.patch diff --git a/rpm-selinux-plugin-check-context-file-exist.patch b/rpm-selinux-plugin-check-context-file-exist.patch new file mode 100644 index 0000000..56d7982 --- /dev/null +++ b/rpm-selinux-plugin-check-context-file-exist.patch @@ -0,0 +1,26 @@ +From 55708fd5822a3e4bf5537002a648f32cb0a6e07e Mon Sep 17 00:00:00 2001 +From: luhuaxin <1539327763@qq.com> +Date: Tue, 26 Oct 2021 18:39:46 +0800 +Subject: [PATCH] rpm selinux plugin check context file exist + +--- + plugins/selinux.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plugins/selinux.c b/plugins/selinux.c +index 1254517..fb8b7a2 100644 +--- a/plugins/selinux.c ++++ b/plugins/selinux.c +@@ -63,7 +63,8 @@ static rpmRC selinux_tsm_pre(rpmPlugin plugin, rpmts ts) + rpmRC rc = RPMRC_OK; + + /* If SELinux isn't enabled on the system, dont mess with it */ +- if (!is_selinux_enabled()) { ++ if (!is_selinux_enabled() || selinux_file_context_path() == NULL || ++ access(selinux_file_context_path(), F_OK)) { + rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS)); + } + +-- +2.23.0 + diff --git a/rpm.spec b/rpm.spec index 62ef330..0fd3975 100644 --- a/rpm.spec +++ b/rpm.spec @@ -1,6 +1,6 @@ Name: rpm Version: 4.15.1 -Release: 31 +Release: 32 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -59,6 +59,7 @@ Patch48: backport-Do-not-allow-extra-packets-to-follow-a-signature.patch Patch49: backport-0001-CVE-2021-3521.patch Patch50: backport-0002-CVE-2021-3521.patch Patch51: backport-0003-CVE-2021-3521.patch +Patch52: rpm-selinux-plugin-check-context-file-exist.patch BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel libdb-devel BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel @@ -321,6 +322,12 @@ make check || (cat tests/rpmtests.log; exit 0) %{_mandir}/man1/gendiff.1* %changelog +* Fri Dec 3 2021 luhuaxin<1539327763@qq.com> - 4.15.1-32 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:rpm selinux plugin check context file exist + * Wed Nov 03 2021 tianwei - 4.15.1-31 - Type:cve - ID:NA