Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package checkpolicy for openSUSE:Factory checked in at 2021-03-24 16:08:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/checkpolicy (Old) and /work/SRC/openSUSE:Factory/.checkpolicy.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "checkpolicy" Wed Mar 24 16:08:55 2021 rev:32 rq:879083 version:3.2 Changes: -------- --- /work/SRC/openSUSE:Factory/checkpolicy/checkpolicy.changes 2020-10-06 17:09:12.757428935 +0200 +++ /work/SRC/openSUSE:Factory/.checkpolicy.new.2401/checkpolicy.changes 2021-03-24 16:09:03.819694156 +0100 @@ -1,0 +2,6 @@ +Tue Mar 9 08:59:58 UTC 2021 - Johannes Segitz <[email protected]> + +- Update to version 3.2 + * Fix a memleak and an integer overflow + +------------------------------------------------------------------- Old: ---- checkpolicy-3.1.tar.gz New: ---- checkpolicy-3.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ checkpolicy.spec ++++++ --- /var/tmp/diff_new_pack.5MzWCT/_old 2021-03-24 16:09:04.563694939 +0100 +++ /var/tmp/diff_new_pack.5MzWCT/_new 2021-03-24 16:09:04.567694942 +0100 @@ -1,7 +1,7 @@ # # spec file for package checkpolicy # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,15 +16,15 @@ # -%define libsepol_ver 3.1 +%define libsepol_ver 3.2 Name: checkpolicy -Version: 3.1 +Version: 3.2 Release: 0 Summary: SELinux policy compiler License: GPL-2.0-or-later Group: Productivity/Security URL: https://github.com/SELinuxProject/selinux -Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/%{name}-%{version}.tar.gz +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz Source1: checkpolicy-tests.tar.gz BuildRequires: bison BuildRequires: flex ++++++ checkpolicy-3.1.tar.gz -> checkpolicy-3.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.1/VERSION new/checkpolicy-3.2/VERSION --- old/checkpolicy-3.1/VERSION 2020-07-10 17:17:15.000000000 +0200 +++ new/checkpolicy-3.2/VERSION 2021-03-04 16:42:59.000000000 +0100 @@ -1 +1 @@ -3.1 +3.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.1/policy_define.c new/checkpolicy-3.2/policy_define.c --- old/checkpolicy-3.1/policy_define.c 2020-07-10 17:17:15.000000000 +0200 +++ new/checkpolicy-3.2/policy_define.c 2021-03-04 16:42:59.000000000 +0100 @@ -2147,7 +2147,7 @@ /* index of the u32 containing the permission */ #define XPERM_IDX(x) (x >> 5) /* set bits 0 through x-1 within the u32 */ -#define XPERM_SETBITS(x) ((1 << (x & 0x1f)) - 1) +#define XPERM_SETBITS(x) ((1U << (x & 0x1f)) - 1) /* low value for this u32 */ #define XPERM_LOW(x) (x << 5) /* high value for this u32 */ @@ -3303,8 +3303,6 @@ ebitmap_t e_stypes, e_ttypes; ebitmap_t e_tclasses; ebitmap_node_t *snode, *tnode, *cnode; - filename_trans_t *ft; - filename_trans_datum_t *ftdatum; filename_trans_rule_t *ftr; type_datum_t *typdatum; uint32_t otype; @@ -3388,40 +3386,19 @@ ebitmap_for_each_positive_bit(&e_tclasses, cnode, c) { ebitmap_for_each_positive_bit(&e_stypes, snode, s) { ebitmap_for_each_positive_bit(&e_ttypes, tnode, t) { - ft = calloc(1, sizeof(*ft)); - if (!ft) { - yyerror("out of memory"); - goto bad; - } - ft->stype = s+1; - ft->ttype = t+1; - ft->tclass = c+1; - ft->name = strdup(name); - if (!ft->name) { - yyerror("out of memory"); - goto bad; - } - - ftdatum = hashtab_search(policydbp->filename_trans, - (hashtab_key_t)ft); - if (ftdatum) { - yyerror2("duplicate filename transition for: filename_trans %s %s %s:%s", - name, - policydbp->p_type_val_to_name[s], - policydbp->p_type_val_to_name[t], - policydbp->p_class_val_to_name[c]); - goto bad; - } - - ftdatum = calloc(1, sizeof(*ftdatum)); - if (!ftdatum) { - yyerror("out of memory"); - goto bad; - } - rc = hashtab_insert(policydbp->filename_trans, - (hashtab_key_t)ft, - ftdatum); - if (rc) { + rc = policydb_filetrans_insert( + policydbp, s+1, t+1, c+1, name, + NULL, otype, NULL + ); + if (rc != SEPOL_OK) { + if (rc == SEPOL_EEXIST) { + yyerror2("duplicate filename transition for: filename_trans %s %s %s:%s", + name, + policydbp->p_type_val_to_name[s], + policydbp->p_type_val_to_name[t], + policydbp->p_class_val_to_name[c]); + goto bad; + } yyerror("out of memory"); goto bad; } @@ -3502,12 +3479,7 @@ return h; oom: - e = h; - while (e) { - l = e; - e = e->next; - constraint_expr_destroy(l); - } + constraint_expr_destroy(h); return NULL; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkpolicy-3.1/test/dispol.c new/checkpolicy-3.2/test/dispol.c --- old/checkpolicy-3.1/test/dispol.c 2020-07-10 17:17:15.000000000 +0200 +++ new/checkpolicy-3.2/test/dispol.c 2021-03-04 16:42:59.000000000 +0100 @@ -335,17 +335,25 @@ hashtab_datum_t datum, void *ptr) { - struct filename_trans *ft = (struct filename_trans *)key; + struct filename_trans_key *ft = (struct filename_trans_key *)key; struct filename_trans_datum *ftdatum = datum; struct filenametr_display_args *args = ptr; policydb_t *p = args->p; FILE *fp = args->fp; + ebitmap_node_t *node; + uint32_t bit; + + do { + ebitmap_for_each_positive_bit(&ftdatum->stypes, node, bit) { + display_id(p, fp, SYM_TYPES, bit, ""); + display_id(p, fp, SYM_TYPES, ft->ttype - 1, ""); + display_id(p, fp, SYM_CLASSES, ft->tclass - 1, ":"); + display_id(p, fp, SYM_TYPES, ftdatum->otype - 1, ""); + fprintf(fp, " %s\n", ft->name); + } + ftdatum = ftdatum->next; + } while (ftdatum); - display_id(p, fp, SYM_TYPES, ft->stype - 1, ""); - display_id(p, fp, SYM_TYPES, ft->ttype - 1, ""); - display_id(p, fp, SYM_CLASSES, ft->tclass - 1, ":"); - display_id(p, fp, SYM_TYPES, ftdatum->otype - 1, ""); - fprintf(fp, " %s\n", ft->name); return 0; }
