import mcstrans-2.9-2.el8

2020-04-28 05:42:07 -04:00 · 2020-04-28 05:42:07 -04:00 · 9873608269
parent 901595e7a3
commit 9873608269
4 changed files with 108 additions and 2 deletions
--- a/SOURCES/0002-mcstrans-Do-not-accept-incomplete-contexts.patch
+++ b/SOURCES/0002-mcstrans-Do-not-accept-incomplete-contexts.patch
@ -1,7 +1,7 @@
 From 659cb59cd6cfe36c954c77f945c06a0cd8218287 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Mon, 15 Apr 2019 15:22:51 +0200
-Subject: [PATCH 2/2] mcstrans: Do not accept incomplete contexts
+Subject: [PATCH] mcstrans: Do not accept incomplete contexts
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
--- a/SOURCES/0003-Revert-mcstransd-select-correct-colour-range.patch
+++ b/SOURCES/0003-Revert-mcstransd-select-correct-colour-range.patch
@ -0,0 +1,56 @@
+From 7426ba3f8d9edc5222db5663c8a9e5312f489e92 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Tue, 2 Jul 2019 14:09:04 +0200
+Subject: [PATCH] Revert "mcstransd select correct colour range."
+
+This reverts commit fe17b3d2d924018750386c5ee74f12ca4b054136.
+
+MLS ranges should be compared based on dominance.
+
+This fixes mlscolor-test on mcstrans examples.
+
+Eg. mlscolor-test using /usr/share/mcstrans/examples/urcsts when executed on mls
+machine fails as follows:
+
+\#pushd /usr/share/mcstrans/examples/urcsts
+\#cp -f secolor.conf /etc/selinux/mls/secolor.conf
+\#cp -f setrans.conf /etc/selinux/mls/setrans.conf
+\#systemctl restart mcstransd
+\#python3 /usr/share/mcstrans/util/mlscolor-test urcsts.color
+For 'system_u:system_r:inetd_t:SystemLow' got
+	'#000000 #000000 #000000 #000000 #000000 #000000 #000000 #000000' expected
+	'#000000 #000000 #000000 #000000 #000000 #000000 #000000 #008000'
+...
+mlscolor-test done with 19 errors
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+---
+ mcstrans/src/mcscolor.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c
+index 79fc1c8b..f9c64da3 100644
+--- a/mcstrans/src/mcscolor.c
+++ b/mcstrans/src/mcscolor.c
+@@ -134,12 +134,12 @@ static const secolor_t *find_color(int idx, const char *component,
+ 	}
+ 
+ 	while (ptr) {
+-		if (fnmatch(ptr->pattern, component, 0) == 0) {
+-			if (idx == COLOR_RANGE) {
+-			    if (check_dominance(ptr->pattern, raw) == 0)
+-					return &ptr->color;
+-			} else 
+-				return &ptr->color;
+		if (idx == COLOR_RANGE) {
+		    if (check_dominance(ptr->pattern, raw) == 0)
+			return &ptr->color;
+		} else {
+		    if (fnmatch(ptr->pattern, component, 0) == 0)
+			return &ptr->color;
+ 		}
+ 		ptr = ptr->next;
+ 	}
+-- 
+2.21.0
+
--- a/SOURCES/0004-Fix-mcstrans-secolor-examples.patch
+++ b/SOURCES/0004-Fix-mcstrans-secolor-examples.patch
@ -0,0 +1,44 @@
+From 90a4f2b9a5194a2d1ab4c45b7a90bbb6c8099a68 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Tue, 2 Jul 2019 14:09:05 +0200
+Subject: [PATCH] Fix mcstrans secolor examples
+
+According to "check_dominance" function:
+Range defined as "s15:c0.c1023" does not dominate any other range than
+ "s15:c0.c1023" (does not dominate "s15", "s15:c0.c200", etc.).
+While range defined as "s15-s15:c0.c1023" dominates all of the above.
+
+This is either a bug, or "s15:c0.c1023" should not be used in the
+examples.
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+---
+ mcstrans/share/examples/urcsts-via-include/secolor.conf | 2 +-
+ mcstrans/share/examples/urcsts/secolor.conf             | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/mcstrans/share/examples/urcsts-via-include/secolor.conf b/mcstrans/share/examples/urcsts-via-include/secolor.conf
+index d35b3c67..3b3f5430 100644
+--- a/mcstrans/share/examples/urcsts-via-include/secolor.conf
+++ b/mcstrans/share/examples/urcsts-via-include/secolor.conf
+@@ -17,5 +17,5 @@ range s3-s3:c0.c1023 = black tan
+ range s5-s5:c0.c1023 = white blue
+ range s7-s7:c0.c1023 = black red
+ range s9-s9:c0.c1023 = black orange
+-range s15:c0.c1023 = black yellow
+range s15-s15:c0.c1023 = black yellow
+ 
+diff --git a/mcstrans/share/examples/urcsts/secolor.conf b/mcstrans/share/examples/urcsts/secolor.conf
+index d35b3c67..3b3f5430 100644
+--- a/mcstrans/share/examples/urcsts/secolor.conf
+++ b/mcstrans/share/examples/urcsts/secolor.conf
+@@ -17,5 +17,5 @@ range s3-s3:c0.c1023 = black tan
+ range s5-s5:c0.c1023 = white blue
+ range s7-s7:c0.c1023 = black red
+ range s9-s9:c0.c1023 = black orange
+-range s15:c0.c1023 = black yellow
+range s15-s15:c0.c1023 = black yellow
+ 
+-- 
+2.21.0
+
--- a/SPECS/mcstrans.spec
+++ b/SPECS/mcstrans.spec
@ -1,7 +1,7 @@
 Summary: SELinux Translation Daemon
 Name: mcstrans
 Version: 2.9
-Release: 1.2%{?dist}
+Release: 2%{?dist}
 License: GPL+
 Url: https://github.com/SELinuxProject/selinux/wiki
 Source: https://github.com/SELinuxProject/selinux/releases/download/20190315/mcstrans-2.9.tar.gz
@ -9,6 +9,8 @@ Source2: secolor.conf.8
 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
 Patch0001: 0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch
 Patch0002: 0002-mcstrans-Do-not-accept-incomplete-contexts.patch
+Patch0003: 0003-Revert-mcstransd-select-correct-colour-range.patch
+Patch0004: 0004-Fix-mcstrans-secolor-examples.patch
 BuildRequires: gcc
 BuildRequires: libselinux-devel >= %{version}
 BuildRequires: libcap-devel pcre-devel libsepol-devel libsepol-static
@ -92,6 +94,10 @@ rm -rf %{buildroot}
 %{_usr}/share/mcstrans/util/*

 %changelog
+* Fri Nov 08 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-2
+- Revert "mcstransd select correct colour range." (#1731451)
+- Fix mcstrans secolor examples (#1731451)
+
 * Fri Apr 12 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1.2
 - SELinux userspace 2.9 release