import mcstrans-2.9-2.el8

2020-04-28 05:42:07 -04:00 · 2020-04-28 05:42:07 -04:00 · 9873608269
commit 9873608269
parent 901595e7a3
4 changed files with 108 additions and 2 deletions
--- a/SOURCES/0002-mcstrans-Do-not-accept-incomplete-contexts.patch
+++ b/SOURCES/0002-mcstrans-Do-not-accept-incomplete-contexts.patch
@ -1,7 +1,7 @@
 From 659cb59cd6cfe36c954c77f945c06a0cd8218287 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Mon, 15 Apr 2019 15:22:51 +0200
-Subject: [PATCH 2/2] mcstrans: Do not accept incomplete contexts
+Subject: [PATCH] mcstrans: Do not accept incomplete contexts
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
--- a/SOURCES/0003-Revert-mcstransd-select-correct-colour-range.patch
+++ b/SOURCES/0003-Revert-mcstransd-select-correct-colour-range.patch
@ -0,0 +1,56 @@
 From 7426ba3f8d9edc5222db5663c8a9e5312f489e92 Mon Sep 17 00:00:00 2001
 From: Vit Mojzis <vmojzis@redhat.com>
 Date: Tue, 2 Jul 2019 14:09:04 +0200
 Subject: [PATCH] Revert "mcstransd select correct colour range."
 This reverts commit fe17b3d2d924018750386c5ee74f12ca4b054136.
 MLS ranges should be compared based on dominance.
 This fixes mlscolor-test on mcstrans examples.
 Eg. mlscolor-test using /usr/share/mcstrans/examples/urcsts when executed on mls
 machine fails as follows:
 \#pushd /usr/share/mcstrans/examples/urcsts
 \#cp -f secolor.conf /etc/selinux/mls/secolor.conf
 \#cp -f setrans.conf /etc/selinux/mls/setrans.conf
 \#systemctl restart mcstransd
 \#python3 /usr/share/mcstrans/util/mlscolor-test urcsts.color
 For 'system_u:system_r:inetd_t:SystemLow' got
 	'#000000 #000000 #000000 #000000 #000000 #000000 #000000 #000000' expected
 	'#000000 #000000 #000000 #000000 #000000 #000000 #000000 #008000'
 ...
 mlscolor-test done with 19 errors
 Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
 ---
 mcstrans/src/mcscolor.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)
 diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c
 index 79fc1c8b..f9c64da3 100644
 --- a/mcstrans/src/mcscolor.c
 +++ b/mcstrans/src/mcscolor.c
@@ -134,12 +134,12 @@ static const secolor_t *find_color(int idx, const char *component,
 	}
 	while (ptr) {
 -		if (fnmatch(ptr->pattern, component, 0) == 0) {
 -			if (idx == COLOR_RANGE) {
 -			    if (check_dominance(ptr->pattern, raw) == 0)
 -					return &ptr->color;
 -			} else 
 -				return &ptr->color;
 +		if (idx == COLOR_RANGE) {
 +		    if (check_dominance(ptr->pattern, raw) == 0)
 +			return &ptr->color;
 +		} else {
 +		    if (fnmatch(ptr->pattern, component, 0) == 0)
 +			return &ptr->color;
 		}
 		ptr = ptr->next;
 	}
 -- 
 2.21.0
--- a/SOURCES/0004-Fix-mcstrans-secolor-examples.patch
+++ b/SOURCES/0004-Fix-mcstrans-secolor-examples.patch
@ -0,0 +1,44 @@
 From 90a4f2b9a5194a2d1ab4c45b7a90bbb6c8099a68 Mon Sep 17 00:00:00 2001
 From: Vit Mojzis <vmojzis@redhat.com>
 Date: Tue, 2 Jul 2019 14:09:05 +0200
 Subject: [PATCH] Fix mcstrans secolor examples
 According to "check_dominance" function:
 Range defined as "s15:c0.c1023" does not dominate any other range than
 "s15:c0.c1023" (does not dominate "s15", "s15:c0.c200", etc.).
 While range defined as "s15-s15:c0.c1023" dominates all of the above.
 This is either a bug, or "s15:c0.c1023" should not be used in the
 examples.
 Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
 ---
 mcstrans/share/examples/urcsts-via-include/secolor.conf | 2 +-
 mcstrans/share/examples/urcsts/secolor.conf             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 diff --git a/mcstrans/share/examples/urcsts-via-include/secolor.conf b/mcstrans/share/examples/urcsts-via-include/secolor.conf
 index d35b3c67..3b3f5430 100644
 --- a/mcstrans/share/examples/urcsts-via-include/secolor.conf
 +++ b/mcstrans/share/examples/urcsts-via-include/secolor.conf
@@ -17,5 +17,5 @@ range s3-s3:c0.c1023 = black tan
 range s5-s5:c0.c1023 = white blue
 range s7-s7:c0.c1023 = black red
 range s9-s9:c0.c1023 = black orange
 -range s15:c0.c1023 = black yellow
 +range s15-s15:c0.c1023 = black yellow
 diff --git a/mcstrans/share/examples/urcsts/secolor.conf b/mcstrans/share/examples/urcsts/secolor.conf
 index d35b3c67..3b3f5430 100644
 --- a/mcstrans/share/examples/urcsts/secolor.conf
 +++ b/mcstrans/share/examples/urcsts/secolor.conf
@@ -17,5 +17,5 @@ range s3-s3:c0.c1023 = black tan
 range s5-s5:c0.c1023 = white blue
 range s7-s7:c0.c1023 = black red
 range s9-s9:c0.c1023 = black orange
 -range s15:c0.c1023 = black yellow
 +range s15-s15:c0.c1023 = black yellow
 -- 
 2.21.0
--- a/SPECS/mcstrans.spec
+++ b/SPECS/mcstrans.spec
@ -1,7 +1,7 @@
 Summary: SELinux Translation Daemon
 Name: mcstrans
 Version: 2.9
-Release: 1.2%{?dist}
+Release: 2%{?dist}
 License: GPL+
 Url: https://github.com/SELinuxProject/selinux/wiki
 Source: https://github.com/SELinuxProject/selinux/releases/download/20190315/mcstrans-2.9.tar.gz
@ -9,6 +9,8 @@ Source2: secolor.conf.8
 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
 Patch0001: 0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch
 Patch0002: 0002-mcstrans-Do-not-accept-incomplete-contexts.patch
 Patch0003: 0003-Revert-mcstransd-select-correct-colour-range.patch
 Patch0004: 0004-Fix-mcstrans-secolor-examples.patch
 BuildRequires: gcc
 BuildRequires: libselinux-devel >= %{version}
 BuildRequires: libcap-devel pcre-devel libsepol-devel libsepol-static
@ -92,6 +94,10 @@ rm -rf %{buildroot}
 %{_usr}/share/mcstrans/util/*
 %changelog
 * Fri Nov 08 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-2
 - Revert "mcstransd select correct colour range." (#1731451)
 - Fix mcstrans secolor examples (#1731451)
 * Fri Apr 12 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1.2
 - SELinux userspace 2.9 release