From 55f7ecdd4a223f0a7523145a301353aa7e2c4869 Mon Sep 17 00:00:00 2001 From: Ondřej Vašík Date: Jan 13 2014 15:26:44 +0000 Subject: cp/mv/install: do not crash when getfscreatecon() is returning a NULL context --- diff --git a/coreutils-6.10-configuration.patch b/coreutils-6.10-configuration.patch index e14711b..54df1d6 100644 --- a/coreutils-6.10-configuration.patch +++ b/coreutils-6.10-configuration.patch @@ -136,8 +136,8 @@ diff -urNp coreutils-8.21-orig/tests/local.mk coreutils-8.21/tests/local.mk tests/touch/now-owned-by-other.sh @@ -163,7 +164,6 @@ all_tests = \ - tests/rm/cycle.sh \ tests/cp/link-heap.sh \ + tests/cp/no-ctx.sh \ tests/misc/tty-eof.pl \ - tests/tail-2/inotify-hash-abuse.sh \ tests/tail-2/inotify-hash-abuse2.sh \ diff --git a/coreutils-8.22-cp-selinux.patch b/coreutils-8.22-cp-selinux.patch new file mode 100644 index 0000000..ed3fb47 --- /dev/null +++ b/coreutils-8.22-cp-selinux.patch @@ -0,0 +1,109 @@ +From 2b3b5bfcd5f4161d17c0bc3d43f6edcfc4a2b294 Mon Sep 17 00:00:00 2001 +From: Nicolas Looss +Date: Sat, 4 Jan 2014 03:03:51 +0000 +Subject: [PATCH] copy: fix a segfault in SELinux context copying code + +* src/selinux.c (restorecon_private): On ArchLinux the +`fakeroot cp -a file1 file2` command segfaulted due +to getfscreatecon() returning a NULL context. +So map this to the sometimes ignored ENODATA error, +rather than crashing. +* tests/cp/no-ctx.sh: Add a new test case. +* tests/local.mk: Reference the new test. +--- + src/selinux.c | 5 ++++ + tests/cp/no-ctx.sh | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + tests/local.mk | 1 + + 3 files changed, 59 insertions(+), 0 deletions(-) + create mode 100755 tests/cp/no-ctx.sh + +diff --git a/src/selinux.c b/src/selinux.c +index cd38a81..016db16 100644 +--- a/src/selinux.c ++++ b/src/selinux.c +@@ -192,6 +192,11 @@ restorecon_private (char const *path, bool local) + { + if (getfscreatecon (&tcon) < 0) + return rc; ++ if (!tcon) ++ { ++ errno = ENODATA; ++ return rc; ++ } + rc = lsetfilecon (path, tcon); + freecon (tcon); + return rc; +diff --git a/tests/cp/no-ctx.sh b/tests/cp/no-ctx.sh +new file mode 100755 +index 0000000..59d30de +--- /dev/null ++++ b/tests/cp/no-ctx.sh +@@ -0,0 +1,53 @@ ++#!/bin/sh ++# Ensure we handle file systems returning no SELinux context, ++# which triggered a segmentation fault in coreutils-8.22. ++# This test is skipped on systems that lack LD_PRELOAD support; that's fine. ++# Similarly, on a system that lacks lgetfilecon altogether, skipping it is fine. ++ ++# Copyright (C) 2014 Free Software Foundation, Inc. ++ ++# This program is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++ ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++ ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++ ++. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src ++print_ver_ cp ++require_gcc_shared_ ++ ++# Replace each getfilecon and lgetfilecon call with a call to these stubs. ++cat > k.c <<'EOF' || skip_ ++#include ++#include ++ ++int getfilecon (const char *path, security_context_t *con) ++{ errno=ENODATA; return -1; } ++int lgetfilecon (const char *path, security_context_t *con) ++{ errno=ENODATA; return -1; } ++EOF ++ ++# Then compile/link it: ++$CC -shared -fPIC -O2 k.c -o k.so \ ++ || skip_ 'failed to build SELinux shared library' ++ ++touch file_src ++ ++# New file with SELinux context optionally included ++LD_PRELOAD=./k.so cp -a file_src file_dst || fail=1 ++ ++# Existing file with SELinux context optionally included ++LD_PRELOAD=./k.so cp -a file_src file_dst || fail=1 ++ ++# ENODATA should give an immediate error when required to preserve ctx ++# This is debatable, and maybe we should not fail when no context available? ++LD_PRELOAD=./k.so cp --preserve=context file_src file_dst && fail=1 ++ ++Exit $fail +diff --git a/tests/local.mk b/tests/local.mk +index dc7341c..9d556f6 100644 +--- a/tests/local.mk ++++ b/tests/local.mk +@@ -161,6 +161,7 @@ all_tests = \ + tests/rm/ext3-perf.sh \ + tests/rm/cycle.sh \ + tests/cp/link-heap.sh \ ++ tests/cp/no-ctx.sh \ + tests/misc/tty-eof.pl \ + tests/tail-2/inotify-hash-abuse.sh \ + tests/tail-2/inotify-hash-abuse2.sh \ +-- +1.7.7.6 + diff --git a/coreutils.spec b/coreutils.spec index a227de7..17deef4 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,7 +1,7 @@ Summary: A set of basic GNU tools commonly used in shell scripts Name: coreutils Version: 8.22 -Release: 10%{?dist} +Release: 11%{?dist} License: GPLv3+ Group: System Environment/Base Url: http://www.gnu.org/software/coreutils/ @@ -13,6 +13,7 @@ Source105: coreutils-colorls.sh Source106: coreutils-colorls.csh # From upstream +Patch1: coreutils-8.22-cp-selinux.patch # Our patches #general patch to workaround koji build system issues @@ -126,6 +127,7 @@ the old GNU fileutils, sh-utils, and textutils packages. %setup -q # From upstream +%patch1 -p1 -b .nullcontext # Our patches %patch100 -p1 -b .configure @@ -151,7 +153,7 @@ the old GNU fileutils, sh-utils, and textutils packages. %patch950 -p1 -b .selinux %patch951 -p1 -b .selinuxman -chmod a+x tests/misc/sort-mb-tests.sh tests/df/direct.sh || : +chmod a+x tests/misc/sort-mb-tests.sh tests/df/direct.sh tests/cp/no-ctx.sh || : #fix typos/mistakes in localized documentation(#439410, #440056) find ./po/ -name "*.p*" | xargs \ @@ -372,6 +374,10 @@ fi %{_sbindir}/chroot %changelog +* Mon Jan 13 2014 Ondrej Vasik 8.22-11 +- cp/mv/install: do not crash when getfscreatecon() is + returning a NULL context + * Mon Jan 13 2014 Ondrej Vasik 8.22-10 - unset the unnecessary envvars after colorls scripts(#1051703) - improve the limitation (check for both utf8 and utf-8)