From 8f7958613140acf13d3fc809c2375516c971c83c Mon Sep 17 00:00:00 2001 From: markeryang Date: Wed, 13 Aug 2025 02:28:45 +0000 Subject: [PATCH] backport patches from upstream --- ...-markers-for-info-nodes-w-o-children.patch | 35 +++++++++++++++++++ libsepol.spec | 6 +++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 backport-libsepol-Fix-markers-for-info-nodes-w-o-children.patch diff --git a/backport-libsepol-Fix-markers-for-info-nodes-w-o-children.patch b/backport-libsepol-Fix-markers-for-info-nodes-w-o-children.patch new file mode 100644 index 0000000..53932cd --- /dev/null +++ b/backport-libsepol-Fix-markers-for-info-nodes-w-o-children.patch @@ -0,0 +1,35 @@ +From 3693e7ebb0a4e556fc7ef8e88108c508493c2b3b Mon Sep 17 00:00:00 2001 +From: Inseob Kim +Date: Mon, 7 Apr 2025 11:37:57 +0900 +Subject: [PATCH] libsepol: Fix markers for info nodes w/o children + +cil_write_src_info_node has been called with +__write_cil_ast_node_helper, but that may break the result CIL file in +case there are no children for the info node, because the "lme" marker +is printed with __write_cil_ast_last_child_helper. + +This change manually prints the "lme" marker in +__write_cil_ast_node_helper in case there are no children, so opening +markers and closing markers always match regardless of children. + +Signed-off-by: Inseob Kim +Acked-by: James Carter +--- + libsepol/cil/src/cil_write_ast.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/libsepol/cil/src/cil_write_ast.c b/libsepol/cil/src/cil_write_ast.c +index 15d8bbafee..f9edadba8c 100644 +--- a/libsepol/cil/src/cil_write_ast.c ++++ b/libsepol/cil/src/cil_write_ast.c +@@ -1624,6 +1624,10 @@ static int __write_cil_ast_node_helper(struct cil_tree_node *node, uint32_t *fin + + if (node->flavor == CIL_SRC_INFO) { + cil_write_src_info_node(args->out, node); ++ ++ if (node->cl_head == NULL) { ++ fprintf(args->out, ";;* lme\n"); ++ } + return SEPOL_OK; + } + diff --git a/libsepol.spec b/libsepol.spec index a155a87..1a7925c 100644 --- a/libsepol.spec +++ b/libsepol.spec @@ -1,6 +1,6 @@ Name: libsepol Version: 3.5 -Release: 10 +Release: 11 Summary: SELinux binary policy manipulation library License: LGPLv2+ URL: https://github.com/SELinuxProject/selinux/wiki/Releases @@ -41,6 +41,7 @@ Patch0032: backport-libsepol-mls-Do-not-destroy-context-on-memory-error.pat Patch0033: backport-libsepol-cil-cil_post-Initialize-tmp-on-declaration.patch Patch0034: backport-libsepol-cil-Initialize-avtab_datum-on-declaration.patch Patch0035: backport-libsepol-cil-Optionally-allow-duplicate-role-declaration.patch +Patch0036: backport-libsepol-Fix-markers-for-info-nodes-w-o-children.patch Patch9000: Optimized-the-way-libsepol-policy-are-generated.patch @@ -103,6 +104,9 @@ make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" install %{_mandir}/man3/* %changelog +* Wed Aug 13 2025 yanglongkang - 3.5-11 +- backport patches from upstream + * Thu May 8 2025 jinlun - 3.5-10 - Revert "libsepol-Remove-special-handling-of-roles-in-module_to_cil" -- Gitee