rpms
/
mcstrans
7
0
Fork 0
Code Issues Pull Requests Releases Activity

SELinux userspace 3.3-rc2 release 

Resolves: rhbz#2003554
This commit is contained in:
Petr Lautrbach 2021-09-29 20:13:44 +02:00
parent 4e564571b7
commit 51b0210f5f
7 changed files with 28 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -33,3 +33,4 @@ mcstrans-0.3.1.tgz
/mcstrans-3.2-rc1.tar.gz
/mcstrans-3.2-rc2.tar.gz
/mcstrans-3.2.tar.gz
/mcstrans-3.3-rc2.tar.gz

20
0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch
View File

@ -1,4 +1,4 @@
From a9eae01e435c2d6f13f3672a50f545bab03e9992 Mon Sep 17 00:00:00 2001
From 58a11e55120de4700d4e874dee0d8c36d13caedd Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 28 Nov 2018 18:28:05 +0100
Subject: [PATCH] mcstrans: Fir RESOURCE_LEAK and USE_AFTER_FREE coverity scan
@ -10,7 +10,7 @@ Subject: [PATCH] mcstrans: Fir RESOURCE_LEAK and USE_AFTER_FREE coverity scan
2 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
index 96bdbdff7d8b..0d9d0f3e25b7 100644
index e92dfddb0d20..d0690e6b0dca 100644
--- a/mcstrans/src/mcstrans.c
+++ b/mcstrans/src/mcstrans.c
@@ -633,16 +633,23 @@ add_cache(domain_t *domain, char *raw, char *trans) {
@ -38,7 +38,7 @@ index 96bdbdff7d8b..0d9d0f3e25b7 100644
if (add_to_hashtable(domain->trans_to_raw, map->trans, map) < 0)
goto err;
@@ -1519,6 +1526,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
@@ -1520,6 +1527,7 @@ trans_context(const char *incon, char **rcon) {
trans = compute_trans_from_raw(range, domain);
if (trans)
if (add_cache(domain, range, trans) < 0) {
@ -46,7 +46,7 @@ index 96bdbdff7d8b..0d9d0f3e25b7 100644
free(range);
return -1;
}
@@ -1530,6 +1538,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
@@ -1531,6 +1539,7 @@ trans_context(const char *incon, char **rcon) {
ltrans = compute_trans_from_raw(lrange, domain);
if (ltrans) {
if (add_cache(domain, lrange, ltrans) < 0) {
@ -54,7 +54,7 @@ index 96bdbdff7d8b..0d9d0f3e25b7 100644
free(range);
return -1;
}
@@ -1548,6 +1557,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
@@ -1549,6 +1558,7 @@ trans_context(const char *incon, char **rcon) {
utrans = compute_trans_from_raw(urange, domain);
if (utrans) {
if (add_cache(domain, urange, utrans) < 0) {
@ -62,7 +62,7 @@ index 96bdbdff7d8b..0d9d0f3e25b7 100644
free(ltrans);
free(range);
return -1;
@@ -1647,14 +1657,19 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
@@ -1648,14 +1658,19 @@ untrans_context(const char *incon, char **rcon) {
canonical = compute_trans_from_raw(raw, domain);
if (canonical && strcmp(canonical, range))
if (add_cache(domain, raw, canonical) < 0) {
@ -83,7 +83,7 @@ index 96bdbdff7d8b..0d9d0f3e25b7 100644
return -1;
}
} else {
@@ -1672,6 +1687,7 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
@@ -1673,6 +1688,7 @@ untrans_context(const char *incon, char **rcon) {
canonical = compute_trans_from_raw(lraw, domain);
if (canonical)
if (add_cache(domain, lraw, canonical) < 0) {
@ -91,7 +91,7 @@ index 96bdbdff7d8b..0d9d0f3e25b7 100644
free(lraw);
free(range);
return -1;
@@ -1703,6 +1719,7 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
@@ -1704,6 +1720,7 @@ untrans_context(const char *incon, char **rcon) {
canonical = compute_trans_from_raw(uraw, domain);
if (canonical)
if (add_cache(domain, uraw, canonical) < 0) {
@ -100,7 +100,7 @@ index 96bdbdff7d8b..0d9d0f3e25b7 100644
free(lraw);
free(range);
diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c
index 858994932e4f..a1ec81acb3c8 100644
index 59c152e73be1..5191fc98ef06 100644
--- a/mcstrans/src/mcstransd.c
+++ b/mcstrans/src/mcstransd.c
@@ -335,6 +335,7 @@ process_events(struct pollfd **ufds, int *nfds)
@ -125,5 +125,5 @@ index 858994932e4f..a1ec81acb3c8 100644
" for fd (%d)\n", revents, connfd);
--
2.23.0
2.32.0

8
0002-mcstrans-Fix-USER_AFTER_FREE-problem.patch
View File

@ -1,4 +1,4 @@
From d09b54cfffaa3923c22bb3ff7818cb4a19325905 Mon Sep 17 00:00:00 2001
From 7a170534163ab9d9159dddfadb996587d98fe30e Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 9 May 2019 16:44:43 +0200
Subject: [PATCH] mcstrans: Fix USER_AFTER_FREE problem
@ -8,10 +8,10 @@ Subject: [PATCH] mcstrans: Fix USER_AFTER_FREE problem
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
index 0d9d0f3e25b7..29cadb78b62c 100644
index d0690e6b0dca..8678418a1570 100644
--- a/mcstrans/src/mcstrans.c
+++ b/mcstrans/src/mcstrans.c
@@ -1663,10 +1663,8 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
@@ -1664,10 +1664,8 @@ untrans_context(const char *incon, char **rcon) {
return -1;
}
}
@ -24,5 +24,5 @@ index 0d9d0f3e25b7..29cadb78b62c 100644
free(range);
free(raw);
--
2.23.0
2.32.0

6
0003-mcstrans-Do-not-accept-incomplete-contexts.patch
View File

@ -1,4 +1,4 @@
From 0173a950563b23080fd40433f55efcb1d6b77923 Mon Sep 17 00:00:00 2001
From a6e2b2287254b2880e8697707f10bd303ffcc06a Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 15 Apr 2019 15:22:51 +0200
Subject: [PATCH] mcstrans: Do not accept incomplete contexts
@ -32,7 +32,7 @@ Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c
index 4ee0db507ef2..3a3a6de9a02b 100644
index a38388501db5..94421a58dee4 100644
--- a/mcstrans/src/mcscolor.c
+++ b/mcstrans/src/mcscolor.c
@@ -272,10 +272,14 @@ static const unsigned precedence[N_COLOR][N_COLOR - 1] = {
@ -55,5 +55,5 @@ index 4ee0db507ef2..3a3a6de9a02b 100644
return 0;
}
--
2.23.0
2.32.0

2
0004-mcstrans-fix-RESOURCE_LEAK-CWE-772.patch
View File

@ -1,4 +1,4 @@
From 52872e0193f650b1fd4ab9125453e7ebdac152bd Mon Sep 17 00:00:00 2001
From a98f2f8f2f1c14646ec9c80faecf14e9bf4bbd2c Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 5 Aug 2021 16:26:44 +0200
Subject: [PATCH] mcstrans: fix RESOURCE_LEAK (CWE-772)

13
mcstrans.spec
View File

@ -1,12 +1,12 @@
Summary: SELinux Translation Daemon
Name: mcstrans
Version: 3.2
Release: 4%{?dist}
Version: 3.3
Release: 0.rc2.1%{?dist}
License: GPL+
Url: https://github.com/SELinuxProject/selinux/wiki
Source: https://github.com/SELinuxProject/selinux/releases/download/3.2/mcstrans-3.2.tar.gz
Source: https://github.com/SELinuxProject/selinux/releases/download/3.3-rc2/mcstrans-3.3-rc2.tar.gz
Source2: secolor.conf.8
# fedora-selinux/selinux: git format-patch -N 3.2 -- mcstrans
# fedora-selinux/selinux: git format-patch -N 3.3-rc2 -- mcstrans
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
# Patch list start
Patch0001: 0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch
@ -39,7 +39,7 @@ mcstrans provides an translation daemon to translate SELinux categories
from internal representations to user defined representation.
%prep
%autosetup -p 2 -n mcstrans-%{version}
%autosetup -p 2 -n mcstrans-%{version}-rc2
%build
%set_build_flags
@ -95,6 +95,9 @@ install -m644 %{SOURCE2} %{buildroot}%{_mandir}/man8/
%{_usr}/share/mcstrans/util/*
%changelog
* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
- SELinux userspace 3.3-rc2 release
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

2
sources
View File

@ -1 +1 @@
SHA512 (mcstrans-3.2.tar.gz) = edc7d4c255056d823c67d69d0c0bb49e8da8cf1b69d94b65e1c2cb5f4944dcc0bd26ed795d76cbe310d9c98b98ca69a49eb7e39ed4cd7df3f6ed8bd1b68da6b1
SHA512 (mcstrans-3.3-rc2.tar.gz) = 22e0277bb76411128e67a670c7e494c4434a154cfd9d726cc02f35c6cbe07bd1f956395564ef530b3299c9bfcc97d2932fac3f683321a38b77caf4aed80ed093