diff options
| author | Armin Kuster <akuster@mvista.com> | 2021-09-16 16:58:00 -0700 |
|---|---|---|
| committer | Joe MacDonald <joe@deserted.net> | 2021-09-16 20:23:17 -0400 |
| commit | 3319f3a4846757dbd5990faa3513d40e7beb9ffe (patch) | |
| tree | 314b42fd29fed7209d62862146d8535b704f33a1 | |
| parent | 3b5e79306b7929bcc6d50315cdd080c5541708af (diff) | |
| download | meta-selinux-3319f3a4846757dbd5990faa3513d40e7beb9ffe.tar.gz | |
libsepol: Security fix CVE-2021-36085
Source: https://github.com/SELinuxProject/selinux/
MR: 111857
Type: Security Fix
Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
ChangeID: e50ae65189351ee618db2b278ba7105a5728e4c4
Description:
Affects: libsepol <= 3.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
| -rw-r--r-- | recipes-security/selinux/libsepol/CVE-2021-36085.patch | 38 | ||||
| -rw-r--r-- | recipes-security/selinux/libsepol_3.0.bb | 1 |
2 files changed, 39 insertions, 0 deletions
diff --git a/recipes-security/selinux/libsepol/CVE-2021-36085.patch b/recipes-security/selinux/libsepol/CVE-2021-36085.patch new file mode 100644 index 0000000..4bd05eb --- /dev/null +++ b/recipes-security/selinux/libsepol/CVE-2021-36085.patch | |||
| @@ -0,0 +1,38 @@ | |||
| 1 | From 2d35fcc7e9e976a2346b1de20e54f8663e8a6cba Mon Sep 17 00:00:00 2001 | ||
| 2 | From: James Carter <jwcart2@gmail.com> | ||
| 3 | Date: Thu, 8 Apr 2021 13:32:04 -0400 | ||
| 4 | Subject: [PATCH] libsepol/cil: Destroy classperm list when resetting map perms | ||
| 5 | |||
| 6 | Map perms share the same struct as regular perms, but only the | ||
| 7 | map perms use the classperms field. This field is a pointer to a | ||
| 8 | list of classperms that is created and added to when resolving | ||
| 9 | classmapping rules, so the map permission doesn't own any of the | ||
| 10 | data in the list and this list should be destroyed when the AST is | ||
| 11 | reset. | ||
| 12 | |||
| 13 | When resetting a perm, destroy the classperms list without destroying | ||
| 14 | the data in the list. | ||
| 15 | |||
| 16 | Signed-off-by: James Carter <jwcart2@gmail.com> | ||
| 17 | |||
| 18 | Upstream-Status: Backport | ||
| 19 | CVE: CVE-2021-36085 | ||
| 20 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
| 21 | |||
| 22 | --- | ||
| 23 | libsepol/cil/src/cil_reset_ast.c | 2 +- | ||
| 24 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 25 | |||
| 26 | Index: libsepol-3.0/cil/src/cil_reset_ast.c | ||
| 27 | =================================================================== | ||
| 28 | --- libsepol-3.0.orig/cil/src/cil_reset_ast.c | ||
| 29 | +++ libsepol-3.0/cil/src/cil_reset_ast.c | ||
| 30 | @@ -34,7 +34,7 @@ static void cil_reset_class(struct cil_c | ||
| 31 | |||
| 32 | static void cil_reset_perm(struct cil_perm *perm) | ||
| 33 | { | ||
| 34 | - cil_reset_classperms_list(perm->classperms); | ||
| 35 | + cil_list_destroy(&perm->classperms, CIL_FALSE); | ||
| 36 | } | ||
| 37 | |||
| 38 | static inline void cil_reset_classperms(struct cil_classperms *cp) | ||
diff --git a/recipes-security/selinux/libsepol_3.0.bb b/recipes-security/selinux/libsepol_3.0.bb index 537377b..b7a7071 100644 --- a/recipes-security/selinux/libsepol_3.0.bb +++ b/recipes-security/selinux/libsepol_3.0.bb | |||
| @@ -10,4 +10,5 @@ SRC_URI += "\ | |||
| 10 | file://0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch \ | 10 | file://0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch \ |
| 11 | file://0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch \ | 11 | file://0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch \ |
| 12 | file://CVE-2021-36084.patch \ | 12 | file://CVE-2021-36084.patch \ |
| 13 | file://CVE-2021-36085.patch \ | ||
| 13 | " | 14 | " |