Your message dated Wed, 06 Feb 2008 16:17:29 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#439539: fixed in libsepol 2.0.11-1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: libsepol1 Version: 1.14-2 Severity: important libsepol uses a static unsigned char buffer to read data into when reading from file (private.h: next_entry). The pointer to this buffer is returned and is later casted to a uint32_t pointer (module.c: module_package_read_offsets). The problem with this is that the pointer is not 4-bytes align resulting in the address being used to read the first 4 bytes is not xxxxxxxD but xxxxxxxC so the 4 bytes read will be a random byte and then the first three bytes from the file. This means that the magic number in selinux module files doesn't match and selinux is effectivly unusable on arm. The patch below fixes the problem. Please consider releasing an updated version to etch since selinux is not usable without it. Thanks, Erik Johansson --- private.h~ 2006-06-29 20:21:13.000000000 +0200 +++ private.h 2007-08-25 15:12:14.000000000 +0200 @@ -36,7 +36,7 @@ /* Reading from a policy "file". */ static inline void *next_entry(struct policy_file *fp, size_t bytes) { - static unsigned char buffer[BUFSIZ]; + static unsigned char buffer[BUFSIZ] __attribute__ ((aligned)); size_t nread; if (bytes > sizeof buffer) -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: arm (armv5tel) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-ixp4xx Locale: LANG=en_DK.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) Versions of packages libsepol1 depends on: ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries libsepol1 recommends no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: libsepol Source-Version: 2.0.11-1 We believe that the bug you reported is fixed in the latest version of libsepol, which is due to be installed in the Debian FTP archive: libsepol1-dev_2.0.11-1_amd64.deb to pool/main/libs/libsepol/libsepol1-dev_2.0.11-1_amd64.deb libsepol1_2.0.11-1_amd64.deb to pool/main/libs/libsepol/libsepol1_2.0.11-1_amd64.deb libsepol_2.0.11-1.diff.gz to pool/main/libs/libsepol/libsepol_2.0.11-1.diff.gz libsepol_2.0.11-1.dsc to pool/main/libs/libsepol/libsepol_2.0.11-1.dsc libsepol_2.0.11.orig.tar.gz to pool/main/libs/libsepol/libsepol_2.0.11.orig.tar.gz sepol-utils_2.0.11-1_amd64.deb to pool/main/libs/libsepol/sepol-utils_2.0.11-1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Manoj Srivastava <[EMAIL PROTECTED]> (supplier of updated libsepol package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 06 Feb 2008 09:50:38 -0600 Source: libsepol Binary: sepol-utils libsepol1 libsepol1-dev Architecture: source amd64 Version: 2.0.11-1 Distribution: unstable Urgency: low Maintainer: Manoj Srivastava <[EMAIL PROTECTED]> Changed-By: Manoj Srivastava <[EMAIL PROTECTED]> Description: libsepol1 - Security Enhanced Linux policy library for changing policy binari libsepol1-dev - Security Enhanced Linux policy library and development files sepol-utils - Security Enhanced Linux policy utility programs Closes: 439539 448014 Changes: libsepol (2.0.11-1) unstable; urgency=low . * New upstream release. * Pass CFLAGS to CC even on link command, per Dennis Gilmore. * Merged support for the handle_unknown policydb flag from Eric Paris. * Moved next_entry and put_entry out-of-line to reduce code size from Ulrich Drepper. * Fixed module_package_read_offsets bug introduced by the prior patch. * Eliminate unaligned accesses from policy reading code from Stephen Smalley. Closes: Bug#439539 * Allow dontaudits to be turned off during policy expansion from Joshua Brindle. * Fix sepol_context_clone to handle a NULL context correctly. This happens for e.g. semanage_fcontext_set_con(sh, fcontext, NULL) to set the file context entry to "<<none>>". * Merged error handling patch from Eamon Walsh. * The cross building support in Debian has been rewritten to stop overriding the CC variable to $(MAKE) in order to correctly support those packages that build internal tools with the native compiler during the build. This means that other packages that assume that CC will be overridden by the cross-compiling build scripts now fail to build. The patch is simply to set CC to $(DEB_HOST_GNU_TYPE)-gcc only if a cross-build is detected. The solution was proposed by Neil Williams, but has been modified to be more generally applicable. Closes: Bug#448014 * The API was added to in this release, which means we need a shlibs bump. The soname has not changed. Files: 988bc856973efeebff7fc2601ae9845d 757 libs optional libsepol_2.0.11-1.dsc 7cb4b7a18d1d7e70a5b10c4a9f7bcb1f 183956 libs optional libsepol_2.0.11.orig.tar.gz d51bc4db7ec7309492db5f851df73b2a 23091 libs optional libsepol_2.0.11-1.diff.gz 7b77342e4d1e37c87caf040f915d9720 20648 admin optional sepol-utils_2.0.11-1_amd64.deb 57f24da088b6fde9789f298f3948eb09 119754 libs required libsepol1_2.0.11-1_amd64.deb 85ef889e1f925a7a79a6bd9c1076431b 560034 libdevel optional libsepol1-dev_2.0.11-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD4DBQFHqdoEIbrau78kQkwRArXNAJ4qTki0kkCCmEkajxekmZQPJBxvFgCYjqaB KiA1xE9pD4WXu5P5yK1Mxw== =8qdO -----END PGP SIGNATURE-----
--- End Message ---
