From: Armin Kuster <[email protected]> Source: https://github.com/SELinuxProject/selinux/ MR: 111857 Type: Security Fix Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba ChangeID: e50ae65189351ee618db2b278ba7105a5728e4c4 Description:
Affects: libsepol <= 3.2 Signed-off-by: Armin Kuster <[email protected]> --- .../selinux/libsepol/CVE-2021-36085.patch | 38 +++++++++++++++++++ recipes-security/selinux/libsepol_3.2.bb | 3 +- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 recipes-security/selinux/libsepol/CVE-2021-36085.patch diff --git a/recipes-security/selinux/libsepol/CVE-2021-36085.patch b/recipes-security/selinux/libsepol/CVE-2021-36085.patch new file mode 100644 index 0000000..4bd05eb --- /dev/null +++ b/recipes-security/selinux/libsepol/CVE-2021-36085.patch @@ -0,0 +1,38 @@ +From 2d35fcc7e9e976a2346b1de20e54f8663e8a6cba Mon Sep 17 00:00:00 2001 +From: James Carter <[email protected]> +Date: Thu, 8 Apr 2021 13:32:04 -0400 +Subject: [PATCH] libsepol/cil: Destroy classperm list when resetting map perms + +Map perms share the same struct as regular perms, but only the +map perms use the classperms field. This field is a pointer to a +list of classperms that is created and added to when resolving +classmapping rules, so the map permission doesn't own any of the +data in the list and this list should be destroyed when the AST is +reset. + +When resetting a perm, destroy the classperms list without destroying +the data in the list. + +Signed-off-by: James Carter <[email protected]> + +Upstream-Status: Backport +CVE: CVE-2021-36085 +Signed-off-by: Armin Kuster <[email protected]> + +--- + libsepol/cil/src/cil_reset_ast.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: libsepol-3.0/cil/src/cil_reset_ast.c +=================================================================== +--- libsepol-3.0.orig/cil/src/cil_reset_ast.c ++++ libsepol-3.0/cil/src/cil_reset_ast.c +@@ -34,7 +34,7 @@ static void cil_reset_class(struct cil_c + + static void cil_reset_perm(struct cil_perm *perm) + { +- cil_reset_classperms_list(perm->classperms); ++ cil_list_destroy(&perm->classperms, CIL_FALSE); + } + + static inline void cil_reset_classperms(struct cil_classperms *cp) diff --git a/recipes-security/selinux/libsepol_3.2.bb b/recipes-security/selinux/libsepol_3.2.bb index 6215d24..ef5de1e 100644 --- a/recipes-security/selinux/libsepol_3.2.bb +++ b/recipes-security/selinux/libsepol_3.2.bb @@ -9,7 +9,8 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343" require selinux_common.inc -SRC_URI += "file://CVE-2021-36084.patch" +SRC_URI += "file://CVE-2021-36084.patch \ + file://CVE-2021-36085.patch " inherit lib_package -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#54746): https://lists.yoctoproject.org/g/yocto/message/54746 Mute This Topic: https://lists.yoctoproject.org/mt/85665219/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
