Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libselinux for openSUSE:Factory
checked in at 2021-11-15 15:26:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libselinux (Old)
and /work/SRC/openSUSE:Factory/.libselinux.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libselinux"
Mon Nov 15 15:26:05 2021 rev:68 rq:930941 version:3.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/libselinux/libselinux-bindings.changes
2021-03-24 16:09:06.903697394 +0100
+++ /work/SRC/openSUSE:Factory/.libselinux.new.1890/libselinux-bindings.changes
2021-11-15 15:27:40.105844805 +0100
@@ -1,0 +2,6 @@
+Thu Nov 11 13:25:30 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Update to version 3.3:
+ * Lots of smaller issues fixed found by fuzzing
+
+-------------------------------------------------------------------
libselinux.changes: same change
Old:
----
libselinux-3.2.tar.gz
New:
----
libselinux-3.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libselinux-bindings.spec ++++++
--- /var/tmp/diff_new_pack.8RmSnT/_old 2021-11-15 15:27:40.713844976 +0100
+++ /var/tmp/diff_new_pack.8RmSnT/_new 2021-11-15 15:27:40.713844976 +0100
@@ -17,9 +17,9 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
-%define libsepol_ver 3.2
+%define libsepol_ver 3.3
Name: libselinux-bindings
-Version: 3.2
+Version: 3.3
Release: 0
Summary: SELinux runtime library and simple utilities
License: SUSE-Public-Domain
++++++ libselinux.spec ++++++
--- /var/tmp/diff_new_pack.8RmSnT/_old 2021-11-15 15:27:40.729844981 +0100
+++ /var/tmp/diff_new_pack.8RmSnT/_new 2021-11-15 15:27:40.729844981 +0100
@@ -16,9 +16,9 @@
#
-%define libsepol_ver 3.2
+%define libsepol_ver 3.3
Name: libselinux
-Version: 3.2
+Version: 3.3
Release: 0
Summary: SELinux runtime library and utilities
License: SUSE-Public-Domain
++++++ libselinux-3.2.tar.gz -> libselinux-3.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/Makefile new/libselinux-3.3/Makefile
--- old/libselinux-3.2/Makefile 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/Makefile 2021-10-21 16:31:23.000000000 +0200
@@ -50,24 +50,24 @@
done
swigify: all
- $(MAKE) -C src swigify $@
+ $(MAKE) -C src $@
pywrap:
- $(MAKE) -C src pywrap $@
+ $(MAKE) -C src $@
rubywrap:
- $(MAKE) -C src rubywrap $@
+ $(MAKE) -C src $@
install-pywrap:
- $(MAKE) -C src install-pywrap $@
+ $(MAKE) -C src $@
install-rubywrap:
- $(MAKE) -C src install-rubywrap $@
+ $(MAKE) -C src $@
clean-pywrap:
- $(MAKE) -C src clean-pywrap $@
+ $(MAKE) -C src $@
clean-rubywrap:
- $(MAKE) -C src clean-rubywrap $@
+ $(MAKE) -C src $@
test:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/VERSION new/libselinux-3.3/VERSION
--- old/libselinux-3.2/VERSION 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/VERSION 2021-10-21 16:31:23.000000000 +0200
@@ -1 +1 @@
-3.2
+3.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/man/man3/avc_open.3
new/libselinux-3.3/man/man3/avc_open.3
--- old/libselinux-3.2/man/man3/avc_open.3 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/man/man3/avc_open.3 2021-10-21 16:31:23.000000000
+0200
@@ -26,6 +26,9 @@
destroys the userspace AVC, freeing all internal memory structures. After
this call has been made,
.BR avc_open ()
must be called again before any AVC operations can be performed.
+.BR avc_destroy ()
+also closes the SELinux status page, which might have been opened manually by
+.BR selinux_status_open (3).
.BR avc_reset ()
flushes the userspace AVC, causing it to forget any cached access decisions.
The userspace AVC normally calls this function automatically when needed, see
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/man/man3/getcon.3
new/libselinux-3.3/man/man3/getcon.3
--- old/libselinux-3.2/man/man3/getcon.3 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/man/man3/getcon.3 2021-10-21 16:31:23.000000000
+0200
@@ -7,7 +7,7 @@
getpeercon \- get security context of a peer socket
setcon \- set current security context of a process
-.
+
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
@@ -31,30 +31,39 @@
.sp
.BI "void freeconary(char **" con );
.sp
-.BI "int setcon(char *" context );
+.BI "int setcon(const char *" context );
.sp
-.BI "int setcon_raw(char *" context );
-.
+.BI "int setcon_raw(const char *" context );
+
.SH "DESCRIPTION"
+.TP
.BR getcon ()
retrieves the context of the current process, which must be free'd with
-freecon.
+.BR freecon ().
+.TP
.BR getprevcon ()
same as getcon but gets the context before the last exec.
+.TP
.BR getpidcon ()
-returns the process context for the specified PID.
+returns the process context for the specified PID, which must be free'd with
+.BR freecon ().
+.TP
.BR getpeercon ()
-retrieves context of peer socket, and set
-.BI * context
-to refer to it, which must be free'd with
+retrieves the context of the peer socket, which must be free'd with
.BR freecon ().
+.TP
.BR freecon ()
frees the memory allocated for a security context.
+If
+.I con
+is NULL, no operation is performed.
+
+.TP
.BR freeconary ()
frees the memory allocated for a context array.
@@ -62,6 +71,7 @@
.I con
is NULL, no operation is performed.
+.TP
.BR setcon ()
sets the current security context of the process to a new value. Note
that use of this function requires that the entire application be
@@ -110,6 +120,8 @@
.BR setcon ()
will fail if it is not allowed by policy.
+.TP
+.BR *_raw()
.BR getcon_raw (),
.BR getprevcon_raw (),
.BR getpidcon_raw (),
@@ -118,9 +130,14 @@
.BR setcon_raw ()
behave identically to their non-raw counterparts but do not perform context
translation.
-.
+
.SH "RETURN VALUE"
-On error \-1 is returned. On success 0 is returned.
-.
+On error \-1 is returned with errno set. On success 0 is returned.
+
+.SH "NOTES"
+The retrieval functions might return success and set
+.I *context
+to NULL if and only if SELinux is not enabled.
+
.SH "SEE ALSO"
.BR selinux "(8), " setexeccon "(3)"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/man/man8/selinux.8
new/libselinux-3.3/man/man8/selinux.8
--- old/libselinux-3.2/man/man8/selinux.8 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/man/man8/selinux.8 2021-10-21 16:31:23.000000000
+0200
@@ -94,6 +94,13 @@
also has this capability. The
.BR restorecon / fixfiles
commands are also available for relabeling files.
+
+Please note that using mount flag
+.I nosuid
+also disables SELinux domain transitions, unless permission
+.I nosuid_transition
+is used in the policy to allow this, which in turn needs also policy capability
+.IR nnp_nosuid_transition .
.
.SH AUTHOR
This manual page was written by Dan Walsh <dwa...@redhat.com>.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/audit2why.c
new/libselinux-3.3/src/audit2why.c
--- old/libselinux-3.2/src/audit2why.c 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/audit2why.c 2021-10-21 16:31:23.000000000 +0200
@@ -204,8 +204,8 @@
fp = fopen(path, "re");
if (!fp) {
snprintf(errormsg, sizeof(errormsg),
- "unable to open %s: %s\n",
- path, strerror(errno));
+ "unable to open %s: %m\n",
+ path);
PyErr_SetString( PyExc_ValueError, errormsg);
return 1;
}
@@ -221,9 +221,8 @@
fp = fopen(curpolicy, "re");
if (!fp) {
snprintf(errormsg, sizeof(errormsg),
- "unable to open %s: %s\n",
- curpolicy,
- strerror(errno));
+ "unable to open %s: %m\n",
+ curpolicy);
PyErr_SetString( PyExc_ValueError, errormsg);
return 1;
}
@@ -242,7 +241,7 @@
if (sepol_policy_file_create(&pf) ||
sepol_policydb_create(&avc->policydb)) {
snprintf(errormsg, sizeof(errormsg),
- "policydb_init failed: %s\n", strerror(errno));
+ "policydb_init failed: %m\n");
PyErr_SetString( PyExc_RuntimeError, errormsg);
fclose(fp);
return 1;
@@ -275,7 +274,7 @@
}
sepol_bool_iterate(avc->handle, avc->policydb,
- load_booleans, (void *)NULL);
+ load_booleans, NULL);
/* Initialize the sidtab for subsequent use by sepol_context_to_sid
and sepol_compute_av_reason. */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/avc.c new/libselinux-3.3/src/avc.c
--- old/libselinux-3.2/src/avc.c 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/avc.c 2021-10-21 16:31:23.000000000 +0200
@@ -206,19 +206,18 @@
rc = security_getenforce();
if (rc < 0) {
avc_log(SELINUX_ERROR,
- "%s: could not determine enforcing mode: %s\n",
- avc_prefix,
- strerror(errno));
+ "%s: could not determine enforcing mode: %m\n",
+ avc_prefix);
goto out;
}
avc_enforcing = rc;
}
- rc = selinux_status_open(1);
+ rc = selinux_status_open(0);
if (rc < 0) {
avc_log(SELINUX_ERROR,
- "%s: could not open selinux status page: %d (%s)\n",
- avc_prefix, errno, strerror(errno));
+ "%s: could not open selinux status page: %d (%m)\n",
+ avc_prefix, errno);
goto out;
}
avc_running = 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/avc_internal.c
new/libselinux-3.3/src/avc_internal.c
--- old/libselinux-3.2/src/avc_internal.c 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/src/avc_internal.c 2021-10-21 16:31:23.000000000
+0200
@@ -308,8 +308,8 @@
rc = avc_netlink_open(0);
if (rc < 0) {
avc_log(SELINUX_ERROR,
- "%s: could not open netlink socket: %d (%s)\n",
- avc_prefix, errno, strerror(errno));
+ "%s: could not open netlink socket: %d (%m)\n",
+ avc_prefix, errno);
return rc;
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/avc_internal.h
new/libselinux-3.3/src/avc_internal.h
--- old/libselinux-3.2/src/avc_internal.h 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/src/avc_internal.h 2021-10-21 16:31:23.000000000
+0200
@@ -85,10 +85,12 @@
/* this is a macro in order to use the variadic capability. */
#define avc_log(type, format...) \
- if (avc_func_log) \
- avc_func_log(format); \
- else \
- selinux_log(type, format);
+ do { \
+ if (avc_func_log) \
+ avc_func_log(format); \
+ else \
+ selinux_log(type, format); \
+ } while (0)
static inline void avc_suppl_audit(void *ptr, security_class_t class,
char *buf, size_t len)
@@ -137,14 +139,18 @@
#ifdef AVC_CACHE_STATS
#define avc_cache_stats_incr(field) \
- cache_stats.field ++;
+ do { \
+ cache_stats.field ++; \
+ } while (0)
#define avc_cache_stats_add(field, num) \
- cache_stats.field += num;
+ do { \
+ cache_stats.field += num; \
+ } while (0)
#else
-#define avc_cache_stats_incr(field)
-#define avc_cache_stats_add(field, num)
+#define avc_cache_stats_incr(field) do {} while (0)
+#define avc_cache_stats_add(field, num) do {} while (0)
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/avc_sidtab.c
new/libselinux-3.3/src/avc_sidtab.c
--- old/libselinux-3.2/src/avc_sidtab.c 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/avc_sidtab.c 2021-10-21 16:31:23.000000000 +0200
@@ -15,14 +15,13 @@
static inline unsigned sidtab_hash(const char * key)
{
- char *p, *keyp;
+ const char *p;
unsigned int size;
unsigned int val;
val = 0;
- keyp = (char *)key;
- size = strlen(keyp);
- for (p = keyp; (unsigned int)(p - keyp) < size; p++)
+ size = strlen(key);
+ for (p = key; (unsigned int)(p - key) < size; p++)
val =
(val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p);
return val & (SIDTAB_SIZE - 1);
@@ -57,7 +56,7 @@
rc = -1;
goto out;
}
- newctx = (char *) strdup(ctx);
+ newctx = strdup(ctx);
if (!newctx) {
rc = -1;
avc_free(newnode);
@@ -101,7 +100,7 @@
return rc;
}
-void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen)
+void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen)
{
int i, chain_len, slots_used, max_chain_len;
struct sidtab_node *cur;
@@ -109,7 +108,7 @@
slots_used = 0;
max_chain_len = 0;
for (i = 0; i < SIDTAB_SIZE; i++) {
- cur = h->htable[i];
+ cur = s->htable[i];
if (cur) {
slots_used++;
chain_len = 0;
@@ -125,7 +124,7 @@
snprintf(buf, buflen,
"%s: %u SID entries and %d/%d buckets used, longest "
- "chain length %d\n", avc_prefix, h->nel, slots_used,
+ "chain length %d\n", avc_prefix, s->nel, slots_used,
SIDTAB_SIZE, max_chain_len);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/checkAccess.c
new/libselinux-3.3/src/checkAccess.c
--- old/libselinux-3.2/src/checkAccess.c 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/src/checkAccess.c 2021-10-21 16:31:23.000000000
+0200
@@ -78,7 +78,9 @@
passwd_class = string_to_security_class("passwd");
if (passwd_class == 0) {
freecon(user_context);
- return 0;
+ if (security_deny_unknown() == 0)
+ return 0;
+ return -1;
}
retval = security_compute_av_raw(user_context,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/context.c
new/libselinux-3.3/src/context.c
--- old/libselinux-3.2/src/context.c 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/context.c 2021-10-21 16:31:23.000000000 +0200
@@ -37,7 +37,7 @@
}
n->current_str = n->component[0] = n->component[1] = n->component[2] =
n->component[3] = 0;
- for (i = count = 0, p = str; *p; p++) {
+ for (count = 0, p = str; *p; p++) {
switch (*p) {
case ':':
count++;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/is_customizable_type.c
new/libselinux-3.3/src/is_customizable_type.c
--- old/libselinux-3.2/src/is_customizable_type.c 2021-03-04
16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/is_customizable_type.c 2021-10-21
16:31:23.000000000 +0200
@@ -38,7 +38,7 @@
while (fgets_unlocked(buf, selinux_page_size, fp)
&& i < ctr) {
buf[strlen(buf) - 1] = 0;
- list[i] = (char *) strdup(buf);
+ list[i] = strdup(buf);
if (!list[i]) {
unsigned int j;
for (j = 0; j < i; j++)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/label_backends_android.c
new/libselinux-3.3/src/label_backends_android.c
--- old/libselinux-3.2/src/label_backends_android.c 2021-03-04
16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/label_backends_android.c 2021-10-21
16:31:23.000000000 +0200
@@ -94,9 +94,15 @@
items = read_spec_entries(line_buf, &errbuf, 2, &prop, &context);
if (items < 0) {
items = errno;
- selinux_log(SELINUX_ERROR,
- "%s: line %u error due to: %s\n", path,
- lineno, errbuf ?: strerror(errno));
+ if (errbuf) {
+ selinux_log(SELINUX_ERROR,
+ "%s: line %u error due to: %s\n", path,
+ lineno, errbuf);
+ } else {
+ selinux_log(SELINUX_ERROR,
+ "%s: line %u error due to: %m\n", path,
+ lineno);
+ }
errno = items;
return -1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/label_db.c
new/libselinux-3.3/src/label_db.c
--- old/libselinux-3.2/src/label_db.c 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/label_db.c 2021-10-21 16:31:23.000000000 +0200
@@ -277,7 +277,7 @@
if (!path)
path = selinux_sepgsql_context_path();
- if ((filp = fopen(path, "rb")) == NULL) {
+ if ((filp = fopen(path, "re")) == NULL) {
free(catalog);
return NULL;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/label_file.c
new/libselinux-3.3/src/label_file.c
--- old/libselinux-3.2/src/label_file.c 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/label_file.c 2021-10-21 16:31:23.000000000 +0200
@@ -188,6 +188,9 @@
str_buf[entry_len] = '\0';
if ((strcmp(str_buf, reg_version) != 0)) {
+ COMPAT_LOG(SELINUX_ERROR,
+ "Regex version mismatch, expected: %s actual:
%s\n",
+ reg_version, str_buf);
free(str_buf);
return -1;
}
@@ -371,7 +374,7 @@
if (stem_id < 0 || stem_id >= (int32_t)stem_map_len)
spec->stem_id = -1;
- else
+ else
spec->stem_id = stem_map[stem_id];
/* retrieve the hasMetaChars bit */
@@ -756,6 +759,10 @@
}
#endif
+
+ if (!path)
+ goto finish;
+
rec->spec_file = strdup(path);
/*
@@ -845,7 +852,7 @@
// Finds all the matches of |key| in the given context. Returns the result in
// the allocated array and updates the match count. If match_count is NULL,
// stops early once the 1st match is found.
-static const struct spec **lookup_all(struct selabel_handle *rec,
+static struct spec **lookup_all(struct selabel_handle *rec,
const char *key,
int type,
bool partial,
@@ -861,7 +868,7 @@
unsigned int sofar = 0;
char *sub = NULL;
- const struct spec **result = NULL;
+ struct spec **result = NULL;
if (match_count) {
*match_count = 0;
result = calloc(data->nspec, sizeof(struct spec*));
@@ -909,7 +916,7 @@
if (!clean_key)
goto finish;
- strncpy(clean_key, key, len - 1);
+ memcpy(clean_key, key, len - 1);
}
clean_key[len - 1] = '\0';
@@ -987,11 +994,11 @@
const char *key,
int type,
bool partial) {
- const struct spec **matches = lookup_all(rec, key, type, partial, NULL);
+ struct spec **matches = lookup_all(rec, key, type, partial, NULL);
if (!matches) {
return NULL;
}
- struct spec *result = (struct spec*)matches[0];
+ struct spec *result = matches[0];
free(matches);
return result;
}
@@ -1054,7 +1061,7 @@
assert(digest);
size_t total_matches;
- const struct spec **matches = lookup_all(rec, key, 0, true,
&total_matches);
+ struct spec **matches = lookup_all(rec, key, 0, true, &total_matches);
if (!matches) {
return false;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/label_file.h
new/libselinux-3.3/src/label_file.h
--- old/libselinux-3.2/src/label_file.h 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/label_file.h 2021-10-21 16:31:23.000000000 +0200
@@ -286,7 +286,6 @@
tmp_arr = realloc(data->stem_arr,
sizeof(*tmp_arr) * alloc_stems);
if (!tmp_arr) {
- free(buf);
return -1;
}
data->alloc_stems = alloc_stems;
@@ -308,6 +307,7 @@
int stem_len = get_stem_from_spec(buf);
int stemid;
char *stem;
+ int r;
if (!stem_len)
return -1;
@@ -321,7 +321,11 @@
if (!stem)
return -1;
- return store_stem(data, stem, stem_len);
+ r = store_stem(data, stem, stem_len);
+ if (r < 0)
+ free(stem);
+
+ return r;
}
/* This will always check for buffer over-runs and either read the next entry
@@ -441,9 +445,15 @@
items = read_spec_entries(line_buf, &errbuf, 3, ®ex, &type,
&context);
if (items < 0) {
rc = errno;
- selinux_log(SELINUX_ERROR,
- "%s: line %u error due to: %s\n", path,
- lineno, errbuf ?: strerror(errno));
+ if (errbuf) {
+ selinux_log(SELINUX_ERROR,
+ "%s: line %u error due to: %s\n", path,
+ lineno, errbuf);
+ } else {
+ selinux_log(SELINUX_ERROR,
+ "%s: line %u error due to: %m\n", path,
+ lineno);
+ }
errno = rc;
return -1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/label_internal.h
new/libselinux-3.3/src/label_internal.h
--- old/libselinux-3.2/src/label_internal.h 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/src/label_internal.h 2021-10-21 16:31:23.000000000
+0200
@@ -128,10 +128,12 @@
extern void __attribute__ ((format(printf, 1, 2)))
(*myprintf) (const char *fmt, ...) ;
-#define COMPAT_LOG(type, fmt...) if (myprintf_compat) \
- myprintf(fmt); \
- else \
- selinux_log(type, fmt);
+#define COMPAT_LOG(type, fmt...) do { \
+ if (myprintf_compat) \
+ myprintf(fmt); \
+ else \
+ selinux_log(type, fmt); \
+ } while (0)
extern int
compat_validate(struct selabel_handle *rec,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/label_media.c
new/libselinux-3.3/src/label_media.c
--- old/libselinux-3.2/src/label_media.c 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/src/label_media.c 2021-10-21 16:31:23.000000000
+0200
@@ -119,7 +119,6 @@
if (process_line(path, line_buf, pass, ++lineno, rec))
goto finish;
}
- lineno = 0;
if (pass == 0) {
if (data->nspec == 0) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/label_x.c
new/libselinux-3.3/src/label_x.c
--- old/libselinux-3.2/src/label_x.c 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/label_x.c 2021-10-21 16:31:23.000000000 +0200
@@ -146,7 +146,6 @@
if (process_line(path, line_buf, pass, ++lineno, rec))
goto finish;
}
- lineno = 0;
if (pass == 0) {
if (data->nspec == 0) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/load_policy.c
new/libselinux-3.3/src/load_policy.c
--- old/libselinux-3.2/src/load_policy.c 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/src/load_policy.c 2021-10-21 16:31:23.000000000
+0200
@@ -80,7 +80,7 @@
if (libsepolh) {
usesepol = 1;
dlerror();
-#define DLERR() if ((errormsg = dlerror())) goto dlclose;
+#define DLERR() do { if ((errormsg = dlerror())) goto dlclose; } while (0)
vers_max = dlsym(libsepolh, "sepol_policy_kern_vers_max");
DLERR();
vers_min = dlsym(libsepolh, "sepol_policy_kern_vers_min");
@@ -137,15 +137,15 @@
}
if (fd < 0) {
fprintf(stderr,
- "SELinux: Could not open policy file <= %s.%d: %s\n",
- selinux_binary_policy_path(), maxvers, strerror(errno));
+ "SELinux: Could not open policy file <= %s.%d: %m\n",
+ selinux_binary_policy_path(), maxvers);
goto dlclose;
}
if (fstat(fd, &sb) < 0) {
fprintf(stderr,
- "SELinux: Could not stat policy file %s: %s\n",
- path, strerror(errno));
+ "SELinux: Could not stat policy file %s: %m\n",
+ path);
goto close;
}
@@ -153,8 +153,8 @@
data = map = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
if (map == MAP_FAILED) {
fprintf(stderr,
- "SELinux: Could not map policy file %s: %s\n",
- path, strerror(errno));
+ "SELinux: Could not map policy file %s: %m\n",
+ path);
goto close;
}
@@ -193,8 +193,8 @@
if (rc)
fprintf(stderr,
- "SELinux: Could not load policy file %s: %s\n",
- path, strerror(errno));
+ "SELinux: Could not load policy file %s: %m\n",
+ path);
unmap:
if (data != map)
@@ -306,7 +306,7 @@
*enforce = 0;
} else {
/* Only emit this error if selinux was not disabled */
- fprintf(stderr, "Mount failed for selinuxfs on %s:
%s\n", SELINUXMNT, strerror(errno));
+ fprintf(stderr, "Mount failed for selinuxfs on %s:
%m\n", SELINUXMNT);
}
if (rc == 0)
@@ -352,7 +352,7 @@
if (orig_enforce != *enforce) {
rc = security_setenforce(*enforce);
if (rc < 0) {
- fprintf(stderr, "SELinux: Unable to switch to %s mode:
%s\n", (*enforce ? "enforcing" : "permissive"), strerror(errno));
+ fprintf(stderr, "SELinux: Unable to switch to %s mode:
%m\n", (*enforce ? "enforcing" : "permissive"));
if (*enforce)
goto noload;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/mapping.c
new/libselinux-3.3/src/mapping.c
--- old/libselinux-3.2/src/mapping.c 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/mapping.c 2021-10-21 16:31:23.000000000 +0200
@@ -144,9 +144,9 @@
access_vector_t kperm = 0;
for (i = 0; i < current_mapping[tclass].num_perms; i++)
- if (tperm & (1<<i)) {
+ if (tperm & (UINT32_C(1)<<i)) {
kperm |= current_mapping[tclass].perms[i];
- tperm &= ~(1<<i);
+ tperm &= ~(UINT32_C(1)<<i);
}
return kperm;
}
@@ -191,7 +191,7 @@
for (i = 0; i < current_mapping[tclass].num_perms; i++)
if (kperm & current_mapping[tclass].perms[i]) {
- tperm |= 1<<i;
+ tperm |= UINT32_C(1)<<i;
kperm &= ~current_mapping[tclass].perms[i];
}
@@ -216,30 +216,30 @@
for (i = 0, result = 0; i < n; i++) {
if (avd->allowed & mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
else if (allow_unknown && !mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
}
avd->allowed = result;
for (i = 0, result = 0; i < n; i++) {
if (avd->decided & mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
else if (allow_unknown && !mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
}
avd->decided = result;
for (i = 0, result = 0; i < n; i++)
if (avd->auditallow & mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
avd->auditallow = result;
for (i = 0, result = 0; i < n; i++) {
if (avd->auditdeny & mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
else if (!allow_unknown && !mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
}
/*
@@ -248,7 +248,7 @@
* a bug in the object manager.
*/
for (; i < (sizeof(result)*8); i++)
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
avd->auditdeny = result;
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/matchmediacon.c
new/libselinux-3.3/src/matchmediacon.c
--- old/libselinux-3.2/src/matchmediacon.c 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/src/matchmediacon.c 2021-10-21 16:31:23.000000000
+0200
@@ -22,6 +22,7 @@
return -1;
while (!feof_unlocked(infile)) {
if (!fgets_unlocked(current_line, sizeof(current_line),
infile)) {
+ fclose(infile);
return -1;
}
if (current_line[strlen(current_line) - 1])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/matchpathcon.c
new/libselinux-3.3/src/matchpathcon.c
--- old/libselinux-3.2/src/matchpathcon.c 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/src/matchpathcon.c 2021-10-21 16:31:23.000000000
+0200
@@ -78,17 +78,30 @@
static pthread_key_t destructor_key;
static int destructor_key_initialized = 0;
+static void free_array_elts(void)
+{
+ int i;
+ for (i = 0; i < con_array_used; i++)
+ free(con_array[i]);
+ free(con_array);
+
+ con_array_size = con_array_used = 0;
+ con_array = NULL;
+}
+
static int add_array_elt(char *con)
{
+ char **tmp;
if (con_array_size) {
while (con_array_used >= con_array_size) {
con_array_size *= 2;
- con_array = (char **)realloc(con_array, sizeof(char*) *
+ tmp = (char **)realloc(con_array, sizeof(char*) *
con_array_size);
- if (!con_array) {
- con_array_size = con_array_used = 0;
+ if (!tmp) {
+ free_array_elts();
return -1;
}
+ con_array = tmp;
}
} else {
con_array_size = 1000;
@@ -105,13 +118,6 @@
return con_array_used++;
}
-static void free_array_elts(void)
-{
- con_array_size = con_array_used = 0;
- free(con_array);
- con_array = NULL;
-}
-
void set_matchpathcon_invalidcon(int (*f) (const char *p, unsigned l, char *c))
{
myinvalidcon = f;
@@ -387,8 +393,8 @@
tmp_path = strdup(name);
if (!tmp_path) {
- myprintf("symlink_realpath(%s) strdup() failed: %s\n",
- name, strerror(errno));
+ myprintf("symlink_realpath(%s) strdup() failed: %m\n",
+ name);
rc = -1;
goto out;
}
@@ -408,8 +414,8 @@
}
if (!p) {
- myprintf("symlink_realpath(%s) realpath() failed: %s\n",
- name, strerror(errno));
+ myprintf("symlink_realpath(%s) realpath() failed: %m\n",
+ name);
rc = -1;
goto out;
}
@@ -477,15 +483,15 @@
int selinux_file_context_cmp(const char * a,
const char * b)
{
- char *rest_a, *rest_b; /* Rest of the context after the user */
+ const char *rest_a, *rest_b; /* Rest of the context after the user */
if (!a && !b)
return 0;
if (!a)
return -1;
if (!b)
return 1;
- rest_a = strchr((char *)a, ':');
- rest_b = strchr((char *)b, ':');
+ rest_a = strchr(a, ':');
+ rest_b = strchr(b, ':');
if (!rest_a && !rest_b)
return 0;
if (!rest_a)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/procattr.c
new/libselinux-3.3/src/procattr.c
--- old/libselinux-3.2/src/procattr.c 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/procattr.c 2021-10-21 16:31:23.000000000 +0200
@@ -146,7 +146,7 @@
default:
errno = ENOENT;
return -1;
- };
+ }
if (prev_context && prev_context != UNSET) {
*context = strdup(prev_context);
@@ -240,7 +240,7 @@
default:
errno = ENOENT;
return -1;
- };
+ }
if (!context && !*prev_context)
return 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/regex.c
new/libselinux-3.3/src/regex.c
--- old/libselinux-3.2/src/regex.c 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/regex.c 2021-10-21 16:31:23.000000000 +0200
@@ -319,7 +319,7 @@
}
int regex_load_mmap(struct mmap_area *mmap_area, struct regex_data **regex,
- int unused __attribute__((unused)), bool *regex_compiled)
+ int do_load_precompregex __attribute__((unused)), bool
*regex_compiled)
{
int rc;
uint32_t entry_len;
@@ -387,7 +387,7 @@
}
int regex_writef(struct regex_data *regex, FILE *fp,
- int unused __attribute__((unused)))
+ int do_write_precompregex __attribute__((unused)))
{
int rc;
size_t len;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/regex.h
new/libselinux-3.3/src/regex.h
--- old/libselinux-3.2/src/regex.h 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/regex.h 2021-10-21 16:31:23.000000000 +0200
@@ -44,7 +44,7 @@
char const *regex_arch_string(void) ;
/**
- * regex_verison returns the version string of the underlying regular
+ * regex_version returns the version string of the underlying regular
* regular expressions library. In the case of PCRE it just returns the
* result of pcre_version(). In the case of PCRE2, the very first time this
* function is called it allocates a buffer large enough to hold the version
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/selinux_config.c
new/libselinux-3.3/src/selinux_config.c
--- old/libselinux-3.2/src/selinux_config.c 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/src/selinux_config.c 2021-10-21 16:31:23.000000000
+0200
@@ -177,8 +177,11 @@
if (!strncasecmp(buf_p, SELINUXTYPETAG,
sizeof(SELINUXTYPETAG) - 1)) {
type = strdup(buf_p + sizeof(SELINUXTYPETAG) -
1);
- if (!type)
+ if (!type) {
+ free(line_buf);
+ fclose(fp);
return;
+ }
end = type + strlen(type) - 1;
while ((end > type) &&
(isspace(*end) || iscntrl(*end))) {
@@ -187,6 +190,8 @@
}
if (setpolicytype(type) != 0) {
free(type);
+ free(line_buf);
+ fclose(fp);
return;
}
free(type);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/selinux_restorecon.c
new/libselinux-3.3/src/selinux_restorecon.c
--- old/libselinux-3.2/src/selinux_restorecon.c 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/src/selinux_restorecon.c 2021-10-21 16:31:23.000000000
+0200
@@ -62,7 +62,7 @@
static uint64_t efile_count; /* Estimated total number of files */
/* Store information on directories with xattr's. */
-struct dir_xattr *dir_xattr_list;
+static struct dir_xattr *dir_xattr_list;
static struct dir_xattr *dir_xattr_last;
/* restorecon_flags for passing to restorecon_sb() */
@@ -230,7 +230,6 @@
struct utsname uts;
FILE *fp;
size_t len;
- ssize_t num;
int index = 0, found = 0, nfile = 0;
char *mount_info[4];
char *buf = NULL, *item;
@@ -245,7 +244,7 @@
if (!fp)
return 0;
- while ((num = getline(&buf, &len, fp)) != -1) {
+ while (getline(&buf, &len, fp) != -1) {
found = 0;
index = 0;
item = strtok(buf, " ");
@@ -334,8 +333,7 @@
rc = removexattr(directory, RESTORECON_PARTIAL_MATCH_DIGEST);
if (rc) {
selinux_log(SELINUX_ERROR,
- "Error: %s removing xattr \"%s\" from: %s\n",
- strerror(errno),
+ "Error: %m removing xattr \"%s\" from: %s\n",
RESTORECON_PARTIAL_MATCH_DIGEST, directory);
digest_result = ERROR;
}
@@ -735,8 +733,8 @@
return rc;
err:
selinux_log(SELINUX_ERROR,
- "Could not set context for %s: %s\n",
- pathname, strerror(errno));
+ "Could not set context for %s: %m\n",
+ pathname);
rc = -1;
goto out1;
}
@@ -858,6 +856,7 @@
dev_t dev_num = 0;
struct dir_hash_node *current = NULL;
struct dir_hash_node *head = NULL;
+ int errno_tmp;
if (flags.verbose && flags.progress)
flags.verbose = false;
@@ -930,8 +929,8 @@
return 0;
} else {
selinux_log(SELINUX_ERROR,
- "lstat(%s) failed: %s\n",
- pathname, strerror(errno));
+ "lstat(%s) failed: %m\n",
+ pathname);
error = -1;
goto cleanup;
}
@@ -955,8 +954,8 @@
memset(&sfsb, 0, sizeof sfsb);
if (!S_ISLNK(sb.st_mode) && statfs(pathname, &sfsb) < 0) {
selinux_log(SELINUX_ERROR,
- "statfs(%s) failed: %s\n",
- pathname, strerror(errno));
+ "statfs(%s) failed: %m\n",
+ pathname);
error = -1;
goto cleanup;
}
@@ -1007,24 +1006,30 @@
case FTS_DP:
continue;
case FTS_DNR:
+ errno_tmp = errno;
+ errno = ftsent->fts_errno;
selinux_log(SELINUX_ERROR,
- "Could not read %s: %s.\n",
- ftsent->fts_path,
- strerror(ftsent->fts_errno));
+ "Could not read %s: %m.\n",
+ ftsent->fts_path);
+ errno = errno_tmp;
fts_set(fts, ftsent, FTS_SKIP);
continue;
case FTS_NS:
+ errno_tmp = errno;
+ errno = ftsent->fts_errno;
selinux_log(SELINUX_ERROR,
- "Could not stat %s: %s.\n",
- ftsent->fts_path,
- strerror(ftsent->fts_errno));
+ "Could not stat %s: %m.\n",
+ ftsent->fts_path);
+ errno = errno_tmp;
fts_set(fts, ftsent, FTS_SKIP);
continue;
case FTS_ERR:
+ errno_tmp = errno;
+ errno = ftsent->fts_errno;
selinux_log(SELINUX_ERROR,
- "Error on %s: %s.\n",
- ftsent->fts_path,
- strerror(ftsent->fts_errno));
+ "Error on %s: %m.\n",
+ ftsent->fts_path);
+ errno = errno_tmp;
fts_set(fts, ftsent, FTS_SKIP);
continue;
case FTS_D:
@@ -1088,9 +1093,8 @@
current->digest,
SHA1_HASH_SIZE, 0) < 0) {
selinux_log(SELINUX_ERROR,
- "setxattr failed: %s: %s\n",
- current->path,
- strerror(errno));
+ "setxattr failed: %s: %m\n",
+ current->path);
}
current = current->next;
}
@@ -1132,16 +1136,16 @@
realpatherr:
sverrno = errno;
selinux_log(SELINUX_ERROR,
- "SELinux: Could not get canonical path for %s restorecon:
%s.\n",
- pathname_orig, strerror(errno));
+ "SELinux: Could not get canonical path for %s restorecon:
%m.\n",
+ pathname_orig);
errno = sverrno;
error = -1;
goto cleanup;
fts_err:
selinux_log(SELINUX_ERROR,
- "fts error while labeling %s: %s\n",
- paths[0], strerror(errno));
+ "fts error while labeling %s: %m\n",
+ paths[0]);
error = -1;
goto cleanup;
}
@@ -1153,7 +1157,7 @@
unsigned char *fc_digest;
size_t num_specfiles, fc_digest_len;
- fc_sehandle = (struct selabel_handle *) hndl;
+ fc_sehandle = hndl;
if (!fc_sehandle)
return;
@@ -1182,8 +1186,7 @@
if (!sehandle) {
selinux_log(SELINUX_ERROR,
- "Error obtaining file context handle: %s\n",
- strerror(errno));
+ "Error obtaining file context handle: %m\n");
return NULL;
}
@@ -1203,8 +1206,8 @@
for (i = 0; exclude_list[i]; i++) {
if (lstat(exclude_list[i], &sb) < 0 && errno != EACCES) {
selinux_log(SELINUX_ERROR,
- "lstat error on exclude path \"%s\", %s -
ignoring.\n",
- exclude_list[i], strerror(errno));
+ "lstat error on exclude path \"%s\", %m -
ignoring.\n",
+ exclude_list[i]);
break;
}
if (add_exclude(exclude_list[i], CALLER_EXCLUDED) &&
@@ -1270,8 +1273,8 @@
return 0;
selinux_log(SELINUX_ERROR,
- "lstat(%s) failed: %s\n",
- pathname, strerror(errno));
+ "lstat(%s) failed: %m\n",
+ pathname);
return -1;
}
@@ -1301,8 +1304,8 @@
fts = fts_open(paths, fts_flags, NULL);
if (!fts) {
selinux_log(SELINUX_ERROR,
- "fts error on %s: %s\n",
- paths[0], strerror(errno));
+ "fts error on %s: %m\n",
+ paths[0]);
return -1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/sestatus.c
new/libselinux-3.3/src/sestatus.c
--- old/libselinux-3.2/src/sestatus.c 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/sestatus.c 2021-10-21 16:31:23.000000000 +0200
@@ -282,6 +282,10 @@
long pagesize;
uint32_t seqno;
+ if (selinux_status != NULL) {
+ return (selinux_status == MAP_FAILED) ? 1 : 0;
+ }
+
if (!selinux_mnt) {
errno = ENOENT;
return -1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/setexecfilecon.c
new/libselinux-3.3/src/setexecfilecon.c
--- old/libselinux-3.2/src/setexecfilecon.c 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/src/setexecfilecon.c 2021-10-21 16:31:23.000000000
+0200
@@ -37,7 +37,6 @@
newcon = strdup(context_str(con));
if (!newcon)
goto out;
- rc = 0;
}
rc = setexeccon(newcon);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/setup.py
new/libselinux-3.3/src/setup.py
--- old/libselinux-3.2/src/setup.py 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/setup.py 2021-10-21 16:31:23.000000000 +0200
@@ -4,7 +4,7 @@
setup(
name="selinux",
- version="3.2",
+ version="3.3",
description="SELinux python 3 bindings",
author="SELinux Project",
author_email="seli...@vger.kernel.org",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/sha1.c
new/libselinux-3.3/src/sha1.c
--- old/libselinux-3.2/src/sha1.c 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/sha1.c 2021-10-21 16:31:23.000000000 +0200
@@ -16,6 +16,7 @@
// sha1.c:73:33: error: cast from 'uint8_t *' (aka 'unsigned char *')
to 'CHAR64LONG16 *' increases required alignment from 1 to 4
[-Werror,-Wcast-align]
// CHAR64LONG16* block = (CHAR64LONG16*) workspace;
// William
Roberts <william.c.robe...@intel.com>
+// - Silence clang's -Wextra-semi-stmt warning - July 2021, Nicolas Iooss
<nicolas.io...@m4x.org>
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -49,11 +50,11 @@
^block->l[(i+2)&15]^block->l[i&15],1))
// (R0+R1), R2, R3, R4 are the different operations used in SHA1
-#define R0(v,w,x,y,z,i) z += ((w&(x^y))^y) + blk0(i)+ 0x5A827999 +
rol(v,5); w=rol(w,30);
-#define R1(v,w,x,y,z,i) z += ((w&(x^y))^y) + blk(i) + 0x5A827999 +
rol(v,5); w=rol(w,30);
-#define R2(v,w,x,y,z,i) z += (w^x^y) + blk(i) + 0x6ED9EBA1 +
rol(v,5); w=rol(w,30);
-#define R3(v,w,x,y,z,i) z += (((w|x)&y)|(w&x)) + blk(i) + 0x8F1BBCDC +
rol(v,5); w=rol(w,30);
-#define R4(v,w,x,y,z,i) z += (w^x^y) + blk(i) + 0xCA62C1D6 +
rol(v,5); w=rol(w,30);
+#define R0(v,w,x,y,z,i) do { z += ((w&(x^y))^y) + blk0(i)+ 0x5A827999 +
rol(v,5); w=rol(w,30); } while (0)
+#define R1(v,w,x,y,z,i) do { z += ((w&(x^y))^y) + blk(i) + 0x5A827999 +
rol(v,5); w=rol(w,30); } while (0)
+#define R2(v,w,x,y,z,i) do { z += (w^x^y) + blk(i) + 0x6ED9EBA1 +
rol(v,5); w=rol(w,30); } while (0)
+#define R3(v,w,x,y,z,i) do { z += (((w|x)&y)|(w&x)) + blk(i) + 0x8F1BBCDC +
rol(v,5); w=rol(w,30); } while (0)
+#define R4(v,w,x,y,z,i) do { z += (w^x^y) + blk(i) + 0xCA62C1D6 +
rol(v,5); w=rol(w,30); } while (0)
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -151,7 +152,7 @@
Sha1Update
(
Sha1Context* Context,
- void* Buffer,
+ const void* Buffer,
uint32_t BufferSize
)
{
@@ -172,7 +173,7 @@
TransformFunction(Context->State, Context->Buffer);
for (; i + 63 < BufferSize; i += 64)
{
- TransformFunction(Context->State, (uint8_t*)Buffer + i);
+ TransformFunction(Context->State, (const uint8_t*)Buffer + i);
}
j = 0;
}
@@ -181,7 +182,7 @@
i = 0;
}
- memcpy(&Context->Buffer[j], &((uint8_t*)Buffer)[i], BufferSize - i);
+ memcpy(&Context->Buffer[j], &((const uint8_t*)Buffer)[i], BufferSize - i);
}
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -205,10 +206,10 @@
finalcount[i] = (unsigned char)((Context->Count[(i >= 4 ? 0 : 1)]
>> ((3-(i & 3)) * 8) ) & 255); // Endian independent
}
- Sha1Update(Context, (uint8_t*)"\x80", 1);
+ Sha1Update(Context, (const uint8_t*)"\x80", 1);
while ((Context->Count[0] & 504) != 448)
{
- Sha1Update(Context, (uint8_t*)"\0", 1);
+ Sha1Update(Context, (const uint8_t*)"\0", 1);
}
Sha1Update(Context, finalcount, 8); // Should cause a
Sha1TransformFunction()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/sha1.h
new/libselinux-3.3/src/sha1.h
--- old/libselinux-3.2/src/sha1.h 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/sha1.h 2021-10-21 16:31:23.000000000 +0200
@@ -64,7 +64,7 @@
Sha1Update
(
Sha1Context* Context,
- void* Buffer,
+ const void* Buffer,
uint32_t BufferSize
);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/src/stringrep.c
new/libselinux-3.3/src/stringrep.c
--- old/libselinux-3.2/src/stringrep.c 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/src/stringrep.c 2021-10-21 16:31:23.000000000 +0200
@@ -229,7 +229,7 @@
size_t i;
for (i = 0; i < MAXVECTORS && node->perms[i] != NULL; i++)
if (strcmp(node->perms[i],s) == 0)
- return map_perm(tclass, 1<<i);
+ return map_perm(tclass, UINT32_C(1)<<i);
}
errno = EINVAL;
@@ -261,7 +261,7 @@
node = get_class_cache_entry_value(tclass);
if (av && node)
for (i = 0; i<MAXVECTORS; i++)
- if ((1<<i) & av)
+ if ((UINT32_C(1)<<i) & av)
return node->perms[i];
return NULL;
@@ -279,7 +279,7 @@
/* first pass computes the required length */
for (i = 0; tmp; tmp >>= 1, i++) {
if (tmp & 1) {
- str = security_av_perm_to_string(tclass, av & (1<<i));
+ str = security_av_perm_to_string(tclass, av &
(UINT32_C(1)<<i));
if (str)
len += strlen(str) + 1;
}
@@ -303,7 +303,7 @@
ptr += sprintf(ptr, "{ ");
for (i = 0; tmp; tmp >>= 1, i++) {
if (tmp & 1) {
- str = security_av_perm_to_string(tclass, av & (1<<i));
+ str = security_av_perm_to_string(tclass, av &
(UINT32_C(1)<<i));
if (str)
ptr += sprintf(ptr, "%s ", str);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/utils/Makefile
new/libselinux-3.3/utils/Makefile
--- old/libselinux-3.2/utils/Makefile 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/utils/Makefile 2021-10-21 16:31:23.000000000 +0200
@@ -52,9 +52,7 @@
TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
endif
-sefcontext_compile: LDLIBS += $(PCRE_LDLIBS) ../src/libselinux.a -lsepol
-
-sefcontext_compile: sefcontext_compile.o ../src/regex.o
+sefcontext_compile: LDLIBS += ../src/libselinux.a $(PCRE_LDLIBS) -lsepol
all: $(TARGETS)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/utils/avcstat.c
new/libselinux-3.3/utils/avcstat.c
--- old/libselinux-3.2/utils/avcstat.c 2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/utils/avcstat.c 2021-10-21 16:31:23.000000000 +0200
@@ -205,7 +205,7 @@
die("unable to parse \'%s\': no data", avcstatfile);
if (cumulative || !i)
- printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n",
+ printf("%10llu %10llu %10llu %10llu %10llu %10llu\n",
tot.lookups, tot.hits, tot.misses,
tot.allocations, tot.reclaims, tot.frees);
else {
@@ -215,7 +215,7 @@
rel.allocations = tot.allocations - last.allocations;
rel.reclaims = tot.reclaims - last.reclaims;
rel.frees = tot.frees - last.frees;
- printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n",
+ printf("%10llu %10llu %10llu %10llu %10llu %10llu\n",
rel.lookups, rel.hits, rel.misses,
rel.allocations, rel.reclaims, rel.frees);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/utils/getconlist.c
new/libselinux-3.3/utils/getconlist.c
--- old/libselinux-3.2/utils/getconlist.c 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/utils/getconlist.c 2021-10-21 16:31:23.000000000
+0200
@@ -26,6 +26,7 @@
while ((opt = getopt(argc, argv, "l:")) > 0) {
switch (opt) {
case 'l':
+ free(level);
level = strdup(optarg);
if (!level) {
fprintf(stderr, "memory allocation failure:
%d(%s)\n",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/utils/getdefaultcon.c
new/libselinux-3.3/utils/getdefaultcon.c
--- old/libselinux-3.2/utils/getdefaultcon.c 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/utils/getdefaultcon.c 2021-10-21 16:31:23.000000000
+0200
@@ -28,12 +28,15 @@
while ((opt = getopt(argc, argv, "l:r:s:v")) > 0) {
switch (opt) {
case 'l':
+ free(level);
level = strdup(optarg);
break;
case 'r':
+ free(role);
role = strdup(optarg);
break;
case 's':
+ free(service);
service = strdup(optarg);
break;
case 'v':
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/utils/getseuser.c
new/libselinux-3.3/utils/getseuser.c
--- old/libselinux-3.2/utils/getseuser.c 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/utils/getseuser.c 2021-10-21 16:31:23.000000000
+0200
@@ -9,7 +9,7 @@
{
char *seuser = NULL, *level = NULL;
char **contextlist;
- int rc, n;
+ int rc, n, i;
if (argc != 3) {
fprintf(stderr, "usage: %s linuxuser fromcon\n", argv[0]);
@@ -50,7 +50,7 @@
if (n == 0)
printf("no valid context found\n");
- for (int i = 0; i < n; i++)
+ for (i = 0; i < n; i++)
printf("Context %d\t%s\n", i, contextlist[i]);
freeconary(contextlist);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/utils/matchpathcon.c
new/libselinux-3.3/utils/matchpathcon.c
--- old/libselinux-3.2/utils/matchpathcon.c 2021-03-04 16:42:59.000000000
+0100
+++ new/libselinux-3.3/utils/matchpathcon.c 2021-10-21 16:31:23.000000000
+0200
@@ -65,7 +65,7 @@
return S_IFREG;
default:
return -1;
- };
+ }
return -1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/utils/sefcontext_compile.c
new/libselinux-3.3/utils/sefcontext_compile.c
--- old/libselinux-3.2/utils/sefcontext_compile.c 2021-03-04
16:42:59.000000000 +0100
+++ new/libselinux-3.3/utils/sefcontext_compile.c 2021-10-21
16:31:23.000000000 +0200
@@ -14,7 +14,7 @@
#include "../src/label_file.h"
#include "../src/regex.h"
-const char *policy_file;
+static const char *policy_file;
static int ctx_err;
static int validate_context(char **ctxp)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/libselinux-3.2/utils/selabel_get_digests_all_partial_matches.c
new/libselinux-3.3/utils/selabel_get_digests_all_partial_matches.c
--- old/libselinux-3.2/utils/selabel_get_digests_all_partial_matches.c
2021-03-04 16:42:59.000000000 +0100
+++ new/libselinux-3.3/utils/selabel_get_digests_all_partial_matches.c
2021-10-21 16:31:23.000000000 +0200
@@ -128,7 +128,7 @@
printf("No SHA1 digest available for:
%s\n",
ftsent->fts_path);
printf("as file_context entry is
\"<<none>>\"\n");
- break;
+ goto cleanup;
}
printf("The file_context entries for: %s\n",
@@ -149,11 +149,11 @@
xattr_digest[i]);
printf("%s\n", sha1_buf);
}
-
- free(xattr_digest);
- free(calculated_digest);
- free(sha1_buf);
}
+ cleanup:
+ free(xattr_digest);
+ free(calculated_digest);
+ free(sha1_buf);
break;
}
default:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libselinux-3.2/utils/selabel_lookup_best_match.c
new/libselinux-3.3/utils/selabel_lookup_best_match.c
--- old/libselinux-3.2/utils/selabel_lookup_best_match.c 2021-03-04
16:42:59.000000000 +0100
+++ new/libselinux-3.3/utils/selabel_lookup_best_match.c 2021-10-21
16:31:23.000000000 +0200
@@ -47,7 +47,7 @@
return S_IFSOCK;
case 'f':
return S_IFREG;
- };
+ }
return 0;
}
