Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libsepol for openSUSE:Factory checked in at 2021-07-09 23:56:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsepol (Old) and /work/SRC/openSUSE:Factory/.libsepol.new.2625 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsepol" Fri Jul 9 23:56:34 2021 rev:49 rq:904154 version:3.2 Changes: -------- --- /work/SRC/openSUSE:Factory/libsepol/libsepol.changes 2021-03-24 16:08:49.803679446 +0100 +++ /work/SRC/openSUSE:Factory/.libsepol.new.2625/libsepol.changes 2021-07-09 23:56:35.581805886 +0200 @@ -1,0 +2,8 @@ +Mon Jul 5 11:31:07 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965). + Added CVE-2021-36085.patch +- Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964). + Added CVE-2021-36086.patch + +------------------------------------------------------------------- New: ---- CVE-2021-36085.patch CVE-2021-36086.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsepol.spec ++++++ --- /var/tmp/diff_new_pack.svuAvH/_old 2021-07-09 23:56:36.097801873 +0200 +++ /var/tmp/diff_new_pack.svuAvH/_new 2021-07-09 23:56:36.101801842 +0200 @@ -27,6 +27,9 @@ URL: https://github.com/SELinuxProject/selinux/wiki/Releases Source: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz Source2: baselibs.conf +# all upstream, remove in next version +Patch0: CVE-2021-36085.patch +Patch1: CVE-2021-36086.patch BuildRequires: flex BuildRequires: pkgconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -88,6 +91,7 @@ %prep %setup -q +%autopatch -p2 %build %define _lto_cflags %{nil} ++++++ CVE-2021-36085.patch ++++++ >From 2d35fcc7e9e976a2346b1de20e54f8663e8a6cba Mon Sep 17 00:00:00 2001 From: James Carter <jwca...@gmail.com> Date: Thu, 8 Apr 2021 13:32:04 -0400 Subject: [PATCH] libsepol/cil: Destroy classperm list when resetting map perms Map perms share the same struct as regular perms, but only the map perms use the classperms field. This field is a pointer to a list of classperms that is created and added to when resolving classmapping rules, so the map permission doesn't own any of the data in the list and this list should be destroyed when the AST is reset. When resetting a perm, destroy the classperms list without destroying the data in the list. Signed-off-by: James Carter <jwca...@gmail.com> --- libsepol/cil/src/cil_reset_ast.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: libsepol/libsepol-3.2/cil/src/cil_reset_ast.c =================================================================== --- libsepol.orig/libsepol-3.2/cil/src/cil_reset_ast.c +++ libsepol/libsepol-3.2/cil/src/cil_reset_ast.c @@ -36,7 +36,7 @@ static void cil_reset_class(struct cil_c static void cil_reset_perm(struct cil_perm *perm) { - cil_reset_classperms_list(perm->classperms); + cil_list_destroy(&perm->classperms, CIL_FALSE); } static inline void cil_reset_classperms(struct cil_classperms *cp) ++++++ CVE-2021-36086.patch ++++++ >From c49a8ea09501ad66e799ea41b8154b6770fec2c8 Mon Sep 17 00:00:00 2001 From: James Carter <jwca...@gmail.com> Date: Thu, 8 Apr 2021 13:32:06 -0400 Subject: [PATCH] libsepol/cil: cil_reset_classperms_set() should not reset classpermission In struct cil_classperms_set, the set field is a pointer to a struct cil_classpermission which is looked up in the symbol table. Since the cil_classperms_set does not create the cil_classpermission, it should not reset it. Set the set field to NULL instead of resetting the classpermission that it points to. Signed-off-by: James Carter <jwca...@gmail.com> --- libsepol/cil/src/cil_reset_ast.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c index 89f91e56..1d9ca704 100644 --- a/libsepol/cil/src/cil_reset_ast.c +++ b/libsepol/cil/src/cil_reset_ast.c @@ -59,7 +59,11 @@ static void cil_reset_classpermission(struct cil_classpermission *cp) static void cil_reset_classperms_set(struct cil_classperms_set *cp_set) { - cil_reset_classpermission(cp_set->set); + if (cp_set == NULL) { + return; + } + + cp_set->set = NULL; } static inline void cil_reset_classperms_list(struct cil_list *cp_list) -- 2.26.2
