From 3e147fcb3434962cfc9b7cd840a6a9980bf442ba Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 21 Jan 2020 15:55:52 -0500 Subject: [PATCH] import mcstrans-2.9-2.el8 --- ...ns-Do-not-accept-incomplete-contexts.patch | 2 +- ...cstransd-select-correct-colour-range.patch | 56 +++++++++++++++++++ .../0004-Fix-mcstrans-secolor-examples.patch | 44 +++++++++++++++ SPECS/mcstrans.spec | 8 ++- 4 files changed, 108 insertions(+), 2 deletions(-) create mode 100644 SOURCES/0003-Revert-mcstransd-select-correct-colour-range.patch create mode 100644 SOURCES/0004-Fix-mcstrans-secolor-examples.patch diff --git a/SOURCES/0002-mcstrans-Do-not-accept-incomplete-contexts.patch b/SOURCES/0002-mcstrans-Do-not-accept-incomplete-contexts.patch index 3135c30..bbbfc4c 100644 --- a/SOURCES/0002-mcstrans-Do-not-accept-incomplete-contexts.patch +++ b/SOURCES/0002-mcstrans-Do-not-accept-incomplete-contexts.patch @@ -1,7 +1,7 @@ From 659cb59cd6cfe36c954c77f945c06a0cd8218287 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 15 Apr 2019 15:22:51 +0200 -Subject: [PATCH 2/2] mcstrans: Do not accept incomplete contexts +Subject: [PATCH] mcstrans: Do not accept incomplete contexts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/SOURCES/0003-Revert-mcstransd-select-correct-colour-range.patch b/SOURCES/0003-Revert-mcstransd-select-correct-colour-range.patch new file mode 100644 index 0000000..60b82f8 --- /dev/null +++ b/SOURCES/0003-Revert-mcstransd-select-correct-colour-range.patch @@ -0,0 +1,56 @@ +From 7426ba3f8d9edc5222db5663c8a9e5312f489e92 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Tue, 2 Jul 2019 14:09:04 +0200 +Subject: [PATCH] Revert "mcstransd select correct colour range." + +This reverts commit fe17b3d2d924018750386c5ee74f12ca4b054136. + +MLS ranges should be compared based on dominance. + +This fixes mlscolor-test on mcstrans examples. + +Eg. mlscolor-test using /usr/share/mcstrans/examples/urcsts when executed on mls +machine fails as follows: + +\#pushd /usr/share/mcstrans/examples/urcsts +\#cp -f secolor.conf /etc/selinux/mls/secolor.conf +\#cp -f setrans.conf /etc/selinux/mls/setrans.conf +\#systemctl restart mcstransd +\#python3 /usr/share/mcstrans/util/mlscolor-test urcsts.color +For 'system_u:system_r:inetd_t:SystemLow' got + '#000000 #000000 #000000 #000000 #000000 #000000 #000000 #000000' expected + '#000000 #000000 #000000 #000000 #000000 #000000 #000000 #008000' +... +mlscolor-test done with 19 errors + +Signed-off-by: Vit Mojzis +--- + mcstrans/src/mcscolor.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c +index 79fc1c8b..f9c64da3 100644 +--- a/mcstrans/src/mcscolor.c ++++ b/mcstrans/src/mcscolor.c +@@ -134,12 +134,12 @@ static const secolor_t *find_color(int idx, const char *component, + } + + while (ptr) { +- if (fnmatch(ptr->pattern, component, 0) == 0) { +- if (idx == COLOR_RANGE) { +- if (check_dominance(ptr->pattern, raw) == 0) +- return &ptr->color; +- } else +- return &ptr->color; ++ if (idx == COLOR_RANGE) { ++ if (check_dominance(ptr->pattern, raw) == 0) ++ return &ptr->color; ++ } else { ++ if (fnmatch(ptr->pattern, component, 0) == 0) ++ return &ptr->color; + } + ptr = ptr->next; + } +-- +2.21.0 + diff --git a/SOURCES/0004-Fix-mcstrans-secolor-examples.patch b/SOURCES/0004-Fix-mcstrans-secolor-examples.patch new file mode 100644 index 0000000..fa228ff --- /dev/null +++ b/SOURCES/0004-Fix-mcstrans-secolor-examples.patch @@ -0,0 +1,44 @@ +From 90a4f2b9a5194a2d1ab4c45b7a90bbb6c8099a68 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Tue, 2 Jul 2019 14:09:05 +0200 +Subject: [PATCH] Fix mcstrans secolor examples + +According to "check_dominance" function: +Range defined as "s15:c0.c1023" does not dominate any other range than + "s15:c0.c1023" (does not dominate "s15", "s15:c0.c200", etc.). +While range defined as "s15-s15:c0.c1023" dominates all of the above. + +This is either a bug, or "s15:c0.c1023" should not be used in the +examples. + +Signed-off-by: Vit Mojzis +--- + mcstrans/share/examples/urcsts-via-include/secolor.conf | 2 +- + mcstrans/share/examples/urcsts/secolor.conf | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/mcstrans/share/examples/urcsts-via-include/secolor.conf b/mcstrans/share/examples/urcsts-via-include/secolor.conf +index d35b3c67..3b3f5430 100644 +--- a/mcstrans/share/examples/urcsts-via-include/secolor.conf ++++ b/mcstrans/share/examples/urcsts-via-include/secolor.conf +@@ -17,5 +17,5 @@ range s3-s3:c0.c1023 = black tan + range s5-s5:c0.c1023 = white blue + range s7-s7:c0.c1023 = black red + range s9-s9:c0.c1023 = black orange +-range s15:c0.c1023 = black yellow ++range s15-s15:c0.c1023 = black yellow + +diff --git a/mcstrans/share/examples/urcsts/secolor.conf b/mcstrans/share/examples/urcsts/secolor.conf +index d35b3c67..3b3f5430 100644 +--- a/mcstrans/share/examples/urcsts/secolor.conf ++++ b/mcstrans/share/examples/urcsts/secolor.conf +@@ -17,5 +17,5 @@ range s3-s3:c0.c1023 = black tan + range s5-s5:c0.c1023 = white blue + range s7-s7:c0.c1023 = black red + range s9-s9:c0.c1023 = black orange +-range s15:c0.c1023 = black yellow ++range s15-s15:c0.c1023 = black yellow + +-- +2.21.0 + diff --git a/SPECS/mcstrans.spec b/SPECS/mcstrans.spec index 14b576e..27abebf 100644 --- a/SPECS/mcstrans.spec +++ b/SPECS/mcstrans.spec @@ -1,7 +1,7 @@ Summary: SELinux Translation Daemon Name: mcstrans Version: 2.9 -Release: 1.2%{?dist} +Release: 2%{?dist} License: GPL+ Url: https://github.com/SELinuxProject/selinux/wiki Source: https://github.com/SELinuxProject/selinux/releases/download/20190315/mcstrans-2.9.tar.gz @@ -9,6 +9,8 @@ Source2: secolor.conf.8 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done Patch0001: 0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch Patch0002: 0002-mcstrans-Do-not-accept-incomplete-contexts.patch +Patch0003: 0003-Revert-mcstransd-select-correct-colour-range.patch +Patch0004: 0004-Fix-mcstrans-secolor-examples.patch BuildRequires: gcc BuildRequires: libselinux-devel >= %{version} BuildRequires: libcap-devel pcre-devel libsepol-devel libsepol-static @@ -92,6 +94,10 @@ rm -rf %{buildroot} %{_usr}/share/mcstrans/util/* %changelog +* Fri Nov 08 2019 Vit Mojzis - 2.9-2 +- Revert "mcstransd select correct colour range." (#1731451) +- Fix mcstrans secolor examples (#1731451) + * Fri Apr 12 2019 Petr Lautrbach - 2.9-1.2 - SELinux userspace 2.9 release