From bbc75fbd05d7009d21441e1247077e5d23a341d4 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 10 Dec 2021 14:42:45 +0100 Subject: [PATCH] Port to new PCRE2 from end-of-life PCRE --- 0005-mcstrans-avoid-missing-prototypes.patch | 343 +++++++++++++++++ ...t-to-new-PCRE2-from-end-of-life-PCRE.patch | 346 ++++++++++++++++++ mcstrans.spec | 11 +- 3 files changed, 697 insertions(+), 3 deletions(-) create mode 100644 0005-mcstrans-avoid-missing-prototypes.patch create mode 100644 0006-mcstrans-port-to-new-PCRE2-from-end-of-life-PCRE.patch diff --git a/0005-mcstrans-avoid-missing-prototypes.patch b/0005-mcstrans-avoid-missing-prototypes.patch new file mode 100644 index 0000000..fefd1fb --- /dev/null +++ b/0005-mcstrans-avoid-missing-prototypes.patch @@ -0,0 +1,343 @@ +From aed6280eea9258e6ed9bd20952f5a9bf8fe376d0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Fri, 12 Nov 2021 16:41:58 +0100 +Subject: [PATCH] mcstrans: avoid missing prototypes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Mark local functions static. +Export functions of mcscolor.c in mcscolor.h and avoid bare extern +function declarations. +Drop unused function emit_whitespace(). + +Signed-off-by: Christian Göttsche +--- + mcstrans/src/mcscolor.c | 2 ++ + mcstrans/src/mcscolor.h | 8 ++++++ + mcstrans/src/mcstrans.c | 57 ++++++++++++++++++---------------------- + mcstrans/src/mcstrans.h | 1 - + mcstrans/src/mcstransd.c | 13 +++------ + 5 files changed, 38 insertions(+), 43 deletions(-) + create mode 100644 mcstrans/src/mcscolor.h + +diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c +index 94421a58dee4..275a99b7b12a 100644 +--- a/mcstrans/src/mcscolor.c ++++ b/mcstrans/src/mcscolor.c +@@ -11,6 +11,8 @@ + #include + #include + #include ++ ++#include "mcscolor.h" + #include "mcstrans.h" + + /* Define data structures */ +diff --git a/mcstrans/src/mcscolor.h b/mcstrans/src/mcscolor.h +new file mode 100644 +index 000000000000..c37fe6ed5197 +--- /dev/null ++++ b/mcstrans/src/mcscolor.h +@@ -0,0 +1,8 @@ ++#ifndef __mcscolor_h__ ++#define __mcscolor_h__ ++ ++extern void finish_context_colors(void); ++extern int init_colors(void); ++extern int raw_color(const char *raw, char **color_str); ++ ++#endif +diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c +index 4e110e02f73a..ba8b79a4b360 100644 +--- a/mcstrans/src/mcstrans.c ++++ b/mcstrans/src/mcstrans.c +@@ -136,7 +136,7 @@ typedef struct cat_constraint { + + static cat_constraint_t *cat_constraints; + +-unsigned int ++static unsigned int + hash(const char *str) { + unsigned int hash = 5381; + int c; +@@ -213,7 +213,7 @@ parse_category(ebitmap_t *e, const char *raw, int allowinverse) + return 0; + } + +-int ++static int + parse_ebitmap(ebitmap_t *e, ebitmap_t *def, const char *raw) { + int rc = ebitmap_cpy(e, def); + if (rc < 0) +@@ -224,7 +224,7 @@ parse_ebitmap(ebitmap_t *e, ebitmap_t *def, const char *raw) { + return 0; + } + +-mls_level_t * ++static mls_level_t * + parse_raw(const char *raw) { + mls_level_t *mls = calloc(1, sizeof(mls_level_t)); + if (!mls) +@@ -248,7 +248,7 @@ err: + return NULL; + } + +-void ++static void + destroy_word(word_t **list, word_t *word) { + if (!word) { + return; +@@ -267,7 +267,7 @@ destroy_word(word_t **list, word_t *word) { + free(word); + } + +-word_t * ++static word_t * + create_word(word_t **list, const char *text) { + word_t *w = calloc(1, sizeof(word_t)); + if (!w) { +@@ -291,7 +291,7 @@ err: + return NULL; + } + +-void ++static void + destroy_group(word_group_t **list, word_group_t *group) { + for (; list && *list; list = &(*list)->next) { + if (*list == group) { +@@ -324,7 +324,7 @@ destroy_group(word_group_t **list, word_group_t *group) { + free(group); + } + +-word_group_t * ++static word_group_t * + create_group(word_group_t **list, const char *name) { + word_group_t *group = calloc(1, sizeof(word_group_t)); + if (!group) +@@ -357,7 +357,7 @@ err: + return NULL; + } + +-void ++static void + destroy_domain(domain_t *domain) { + int i; + unsigned int rt = 0, tr = 0; +@@ -401,7 +401,7 @@ destroy_domain(domain_t *domain) { + syslog(LOG_INFO, "cache sizes: tr = %u, rt = %u", tr, rt); + } + +-domain_t * ++static domain_t * + create_domain(const char *name) { + domain_t *domain = calloc(1, sizeof(domain_t)); + if (!domain) { +@@ -425,7 +425,7 @@ err: + return NULL; + } + +-int ++static int + add_word(word_group_t *group, char *raw, char *trans) { + if (strchr(trans,'-')) { + log_error("'%s'is invalid because '-' is illegal in modifiers.\n", trans); +@@ -451,7 +451,7 @@ add_word(word_group_t *group, char *raw, char *trans) { + return 0; + } + +-int ++static int + add_constraint(char op, char *raw, char *tok) { + log_debug("%s\n", "add_constraint"); + ebitmap_t empty; +@@ -521,7 +521,7 @@ add_constraint(char op, char *raw, char *tok) { + return 0; + } + +-int ++static int + violates_constraints(mls_level_t *l) { + int nbits; + sens_constraint_t *s; +@@ -563,7 +563,7 @@ violates_constraints(mls_level_t *l) { + return 0; + } + +-void ++static void + destroy_sens_constraint(sens_constraint_t **list, sens_constraint_t *constraint) { + if (!constraint) { + return; +@@ -580,7 +580,7 @@ destroy_sens_constraint(sens_constraint_t **list, sens_constraint_t *constraint) + free(constraint); + } + +-void ++static void + destroy_cat_constraint(cat_constraint_t **list, cat_constraint_t *constraint) { + if (!constraint) { + return; +@@ -670,7 +670,7 @@ find_in_table(context_map_node_t **table, const char *key) { + return NULL; + } + +-char * ++static char * + trim(char *str, const char *whitespace) { + char *p = str + strlen(str); + +@@ -679,7 +679,7 @@ trim(char *str, const char *whitespace) { + return str; + } + +-char * ++static char * + triml(char *str, const char *whitespace) { + char *p = str; + +@@ -688,7 +688,7 @@ triml(char *str, const char *whitespace) { + return p; + } + +-int ++static int + update(char **p, char *const val) { + free (*p); + *p = strdup(val); +@@ -699,7 +699,7 @@ update(char **p, char *const val) { + return 0; + } + +-int ++static int + append(affix_t **affixes, const char *val) { + affix_t *affix = calloc(1, sizeof(affix_t)); + if (!affix) { +@@ -894,7 +894,7 @@ init_translations(void) { + return(read_translations(selinux_translations_path())); + } + +-char * ++static char * + extract_range(const char *incon) { + context_t con = context_new(incon); + if (!con) { +@@ -917,7 +917,7 @@ extract_range(const char *incon) { + return r; + } + +-char * ++static char * + new_context_str(const char *incon, const char *range) { + char *rcon = NULL; + context_t con = context_new(incon); +@@ -938,7 +938,7 @@ exit: + return NULL; + } + +-char * ++static char * + find_in_hashtable(const char *range, domain_t *domain, context_map_node_t **table) { + char *trans = NULL; + context_map_t *map = find_in_table(table, range); +@@ -953,13 +953,6 @@ find_in_hashtable(const char *range, domain_t *domain, context_map_node_t **tabl + return trans; + } + +-void +-emit_whitespace(char*buffer, char *whitespace) { +- strcat(buffer, "["); +- strcat(buffer, whitespace); +- strcat(buffer, "]"); +-} +- + static int + string_size(const void *p1, const void *p2) { + return strlen(*(char **)p2) - strlen(*(char **)p1); +@@ -976,7 +969,7 @@ word_size(const void *p1, const void *p2) { + return (w2_len - w1_len); + } + +-void ++static void + build_regexp(pcre **r, char *buffer) { + const char *error; + int error_offset; +@@ -989,7 +982,7 @@ build_regexp(pcre **r, char *buffer) { + buffer[0] = '\0'; + } + +-int ++static int + build_regexps(domain_t *domain) { + char buffer[1024 * 128]; + buffer[0] = '\0'; +@@ -1093,7 +1086,7 @@ build_regexps(domain_t *domain) { + return 0; + } + +-char * ++static char * + compute_raw_from_trans(const char *level, domain_t *domain) { + + #ifdef DEBUG +@@ -1285,7 +1278,7 @@ err: + return NULL; + } + +-char * ++static char * + compute_trans_from_raw(const char *level, domain_t *domain) { + + #ifdef DEBUG +diff --git a/mcstrans/src/mcstrans.h b/mcstrans/src/mcstrans.h +index e5cda93b8a4b..0addb325e569 100644 +--- a/mcstrans/src/mcstrans.h ++++ b/mcstrans/src/mcstrans.h +@@ -6,4 +6,3 @@ extern int init_translations(void); + extern void finish_context_translations(void); + extern int trans_context(const char *, char **); + extern int untrans_context(const char *, char **); +- +diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c +index 5191fc98ef06..42262e580386 100644 +--- a/mcstrans/src/mcstransd.c ++++ b/mcstrans/src/mcstransd.c +@@ -16,6 +16,8 @@ + #include + #include + #include ++ ++#include "mcscolor.h" + #include "mcstrans.h" + + #ifdef UNUSED +@@ -43,15 +45,6 @@ + #define log_debug(fmt, ...) do {} while (0) + #endif + +-extern int init_translations(void); +-extern void finish_context_translations(void); +-extern int trans_context(const char *, char **); +-extern int untrans_context(const char *, char **); +- +-extern int init_colors(void); +-extern void finish_context_colors(void); +-extern int raw_color(const char *, char **); +- + #define SETRANSD_PATHNAME "/sbin/mcstransd" + + /* name of program (for error messages) */ +@@ -516,7 +509,7 @@ initialize(void) + + } + +-void dropprivs(void) ++static void dropprivs(void) + { + cap_t new_caps; + +-- +2.33.1 + diff --git a/0006-mcstrans-port-to-new-PCRE2-from-end-of-life-PCRE.patch b/0006-mcstrans-port-to-new-PCRE2-from-end-of-life-PCRE.patch new file mode 100644 index 0000000..ea5c10e --- /dev/null +++ b/0006-mcstrans-port-to-new-PCRE2-from-end-of-life-PCRE.patch @@ -0,0 +1,346 @@ +From 9d3c598984d2b7b4deb4ba2e9c3d7d404a12fee1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 30 Nov 2021 12:04:25 +0100 +Subject: [PATCH] mcstrans: port to new PCRE2 from end-of-life PCRE +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Quoting pcre.org: + + There are two major versions of the PCRE library. The current + version, PCRE2, released in 2015, is now at version 10.39. + + The older, but still widely deployed PCRE library, originally + released in 1997, is at version 8.45. This version of PCRE is now at + end of life, and is no longer being actively maintained. Version + 8.45 is expected to be the final release of the older PCRE library, + and new projects should use PCRE2 instead. + +Signed-off-by: Christian Göttsche + +Acked-by: Petr Lautrbach +--- + mcstrans/Makefile | 6 ++ + mcstrans/src/Makefile | 4 +- + mcstrans/src/mcstrans.c | 131 ++++++++++++++++++++++++++++------------ + mcstrans/utils/Makefile | 6 +- + 4 files changed, 104 insertions(+), 43 deletions(-) + +diff --git a/mcstrans/Makefile b/mcstrans/Makefile +index c993a9f52713..b20279ab984a 100644 +--- a/mcstrans/Makefile ++++ b/mcstrans/Makefile +@@ -1,3 +1,9 @@ ++PKG_CONFIG ?= pkg-config ++PCRE_MODULE := libpcre2-8 ++PCRE_CFLAGS := $(shell $(PKG_CONFIG) --cflags $(PCRE_MODULE)) -DPCRE2_CODE_UNIT_WIDTH=8 ++PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs $(PCRE_MODULE)) ++export PCRE_MODULE PCRE_CFLAGS PCRE_LDLIBS ++ + all: + $(MAKE) -C src + $(MAKE) -C utils +diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile +index 76ef055714e9..ef518625cd3b 100644 +--- a/mcstrans/src/Makefile ++++ b/mcstrans/src/Makefile +@@ -20,10 +20,10 @@ CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute + all: $(PROG) + + $(PROG): $(PROG_OBJS) $(LIBSEPOLA) +- $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LDLIBS_LIBSEPOLA) ++ $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap $(PCRE_LDLIBS) $(LDLIBS_LIBSEPOLA) + + %.o: %.c +- $(CC) $(CFLAGS) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -c -o $@ $< ++ $(CC) $(CFLAGS) $(PCRE_CFLAGS) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -c -o $@ $< + + install: all + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d $(DESTDIR)$(SBINDIR) +diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c +index ba8b79a4b360..af3f507ef718 100644 +--- a/mcstrans/src/mcstrans.c ++++ b/mcstrans/src/mcstrans.c +@@ -26,7 +26,7 @@ + #include + #include + #include +-#include ++#include + #include + #include + #include +@@ -36,7 +36,6 @@ + #include "mcstrans.h" + + #define N_BUCKETS 1453 +-#define OVECCOUNT (512*3) + + #define log_error(fmt, ...) fprintf(stderr, fmt, __VA_ARGS__) + +@@ -82,9 +81,9 @@ typedef struct word_group { + affix_t *suffixes; + word_t *words; + +- pcre *prefix_regexp; +- pcre *word_regexp; +- pcre *suffix_regexp; ++ pcre2_code *prefix_regexp; ++ pcre2_code *word_regexp; ++ pcre2_code *suffix_regexp; + + ebitmap_t def; + +@@ -109,7 +108,7 @@ typedef struct domain { + base_classification_t *base_classifications; + word_group_t *groups; + +- pcre *base_classification_regexp; ++ pcre2_code *base_classification_regexp; + struct domain *next; + } domain_t; + +@@ -317,9 +316,9 @@ destroy_group(word_group_t **list, word_group_t *group) { + free(group->name); + free(group->sword); + free(group->join); +- pcre_free(group->prefix_regexp); +- pcre_free(group->word_regexp); +- pcre_free(group->suffix_regexp); ++ pcre2_code_free(group->prefix_regexp); ++ pcre2_code_free(group->word_regexp); ++ pcre2_code_free(group->suffix_regexp); + ebitmap_destroy(&group->def); + free(group); + } +@@ -392,7 +391,7 @@ destroy_domain(domain_t *domain) { + free(domain->base_classifications); + domain->base_classifications = next; + } +- pcre_free(domain->base_classification_regexp); ++ pcre2_code_free(domain->base_classification_regexp); + while (domain->groups) + destroy_group(&domain->groups, domain->groups); + free(domain->name); +@@ -970,14 +969,16 @@ word_size(const void *p1, const void *p2) { + } + + static void +-build_regexp(pcre **r, char *buffer) { +- const char *error; +- int error_offset; ++build_regexp(pcre2_code **r, char *buffer) { ++ int error; ++ PCRE2_SIZE error_offset; + if (*r) +- pcre_free(*r); +- *r = pcre_compile(buffer, PCRE_CASELESS, &error, &error_offset, NULL); +- if (error) { +- log_error("pcre=%s, error=%s\n", buffer, error ? error: "none"); ++ pcre2_code_free(*r); ++ *r = pcre2_compile((PCRE2_SPTR8) buffer, PCRE2_ZERO_TERMINATED, PCRE2_CASELESS, &error, &error_offset, NULL); ++ if (!*r) { ++ PCRE2_UCHAR errbuf[256]; ++ pcre2_get_error_message(error, errbuf, sizeof(errbuf)); ++ log_error("pcre compilation of '%s' failed at offset %zu: %s\n", buffer, error_offset, errbuf); + } + buffer[0] = '\0'; + } +@@ -1095,12 +1096,12 @@ compute_raw_from_trans(const char *level, domain_t *domain) { + #endif + + int rc = 0; +- int ovector[OVECCOUNT]; ++ pcre2_match_data *match_data = NULL; + word_group_t *g = NULL; + char *work = NULL; + char *r = NULL; +- const char * match = NULL; +- int work_len; ++ char *match = NULL; ++ size_t work_len; + mls_level_t *mraw = NULL; + ebitmap_t set, clear, tmp; + +@@ -1121,11 +1122,20 @@ compute_raw_from_trans(const char *level, domain_t *domain) { + if (!domain->base_classification_regexp) + goto err; + log_debug(" compute_raw_from_trans work = %s\n", work); +- rc = pcre_exec(domain->base_classification_regexp, 0, work, work_len, 0, PCRE_ANCHORED, ovector, OVECCOUNT); ++ match_data = pcre2_match_data_create_from_pattern(domain->base_classification_regexp, NULL); ++ if (!match_data) { ++ log_error("allocation error %s", strerror(errno)); ++ goto err; ++ } ++ rc = pcre2_match(domain->base_classification_regexp, (PCRE2_SPTR8)work, work_len, 0, PCRE2_ANCHORED, match_data, NULL); + if (rc > 0) { +- match = NULL; +- pcre_get_substring(work, ovector, rc, 0, &match); +- log_debug(" compute_raw_from_trans match = %s len = %u\n", match, strlen(match)); ++ const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); ++ match = strndup(work + ovector[0], ovector[1] - ovector[0]); ++ if (!match) { ++ log_error("allocation error %s", strerror(errno)); ++ goto err; ++ } ++ log_debug(" compute_raw_from_trans match = %s len = %zu\n", match, strlen(match)); + base_classification_t *bc; + for (bc = domain->base_classifications; bc; bc = bc->next) { + if (!strcmp(bc->trans, match)) { +@@ -1145,12 +1155,23 @@ compute_raw_from_trans(const char *level, domain_t *domain) { + char *p=work + ovector[0] + ovector[1]; + while (*p && (strchr(" ", *p) != NULL)) + *p++ = '#'; +- pcre_free((char *)match); ++ ++ free(match); + match = NULL; + } else { +- log_debug(" compute_raw_from_trans no base classification matched %s\n", level); ++ switch (rc) { ++ case PCRE2_ERROR_NOMATCH: ++ log_debug(" compute_raw_from_trans no base classification matched %s\n", level); ++ break; ++ default: ++ log_error("compute_raw_from_trans: base matching error for input '%s': %d\n", level, rc); ++ break; ++ } + } + ++ pcre2_match_data_free(match_data); ++ match_data = NULL; ++ + if (mraw == NULL) { + goto err; + } +@@ -1161,23 +1182,43 @@ compute_raw_from_trans(const char *level, domain_t *domain) { + change = 0; + for (g = domain->groups; g && !change && !complete; g = g->next) { + int prefix = 0, suffix = 0; +- int prefix_offset = 0, prefix_len = 0; +- int suffix_offset = 0, suffix_len = 0; ++ PCRE2_SIZE prefix_offset = 0, prefix_len = 0; ++ PCRE2_SIZE suffix_offset = 0, suffix_len = 0; + if (g->prefix_regexp) { +- rc = pcre_exec(g->prefix_regexp, 0, work, work_len, 0, 0, ovector, OVECCOUNT); ++ match_data = pcre2_match_data_create_from_pattern(g->prefix_regexp, NULL); ++ if (!match_data) { ++ log_error("allocation error %s", strerror(errno)); ++ goto err; ++ } ++ rc = pcre2_match(g->prefix_regexp, (PCRE2_SPTR8)work, work_len, 0, 0, match_data, NULL); + if (rc > 0) { ++ const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); + prefix = 1; + prefix_offset = ovector[0]; + prefix_len = ovector[1] - ovector[0]; ++ } else if (rc != PCRE2_ERROR_NOMATCH) { ++ log_error("compute_raw_from_trans: prefix matching error for input '%s': %d\n", level, rc); + } ++ pcre2_match_data_free(match_data); ++ match_data = NULL; + } + if (g->suffix_regexp) { +- rc = pcre_exec(g->suffix_regexp, 0, work, work_len, 0, 0, ovector, OVECCOUNT); ++ match_data = pcre2_match_data_create_from_pattern(g->suffix_regexp, NULL); ++ if (!match_data) { ++ log_error("allocation error %s", strerror(errno)); ++ goto err; ++ } ++ rc = pcre2_match(g->suffix_regexp, (PCRE2_SPTR8)work, work_len, 0, 0, match_data, NULL); + if (rc > 0) { ++ const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); + suffix = 1; + suffix_offset = ovector[0]; + suffix_len = ovector[1] - ovector[0]; ++ } else if (rc != PCRE2_ERROR_NOMATCH) { ++ log_error("compute_raw_from_trans: suffix matching error for input '%s': %d\n", level, rc); + } ++ pcre2_match_data_free(match_data); ++ match_data = NULL; + } + + /* anchors prefix ^, suffix $ */ +@@ -1186,14 +1227,23 @@ compute_raw_from_trans(const char *level, domain_t *domain) { + (g->suffixes && suffix)) && + g->word_regexp) { + char *s = work + prefix_offset + prefix_len; +- int l = (suffix_len ? suffix_offset : work_len) - prefix_len - prefix_offset; +- rc = pcre_exec(g->word_regexp, 0, s, l, 0, 0, ovector, OVECCOUNT); ++ PCRE2_SIZE len = (suffix_len ? suffix_offset : work_len) - prefix_len - prefix_offset; ++ match_data = pcre2_match_data_create_from_pattern(g->word_regexp, NULL); ++ if (!match_data) { ++ log_error("allocation error %s", strerror(errno)); ++ goto err; ++ } ++ rc = pcre2_match(g->word_regexp, (PCRE2_SPTR8)s, len, 0, 0, match_data, NULL); + if (rc > 0) { +- match = NULL; +- pcre_get_substring(s, ovector, rc, 0, &match); +- trim((char *)match, g->whitespace); ++ const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data); ++ match = strndup(s + ovector[0], ovector[1] - ovector[0]); ++ if (!match) { ++ log_error("allocation error %s", strerror(errno)); ++ goto err; ++ } ++ trim(match, g->whitespace); + if (*match) { +- char *p = triml((char *)match, g->whitespace); ++ char *p = triml(match, g->whitespace); + while (p && *p) { + int plen = strlen(p); + unsigned int i; +@@ -1230,9 +1280,13 @@ compute_raw_from_trans(const char *level, domain_t *domain) { + memset(work + suffix_offset, '#', suffix_len); + memset(s + ovector[0], '#', ovector[1] - ovector[0]); + } +- pcre_free((void *)match); ++ free(match); + match = NULL; ++ } else if (rc != PCRE2_ERROR_NOMATCH) { ++ log_error("compute_raw_from_trans: word matching error for input '%s' for substring '%s': %d\n", level, s, rc); + } ++ pcre2_match_data_free(match_data); ++ match_data = NULL; + } + /* YYY */ + complete=1; +@@ -1271,10 +1325,11 @@ err: + mls_level_destroy(mraw); + free(mraw); + free(work); +- pcre_free((void *)match); ++ free(match); + ebitmap_destroy(&tmp); + ebitmap_destroy(&set); + ebitmap_destroy(&clear); ++ pcre2_match_data_free(match_data); + return NULL; + } + +diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile +index 9dfe772332b4..a48f4e72acc0 100644 +--- a/mcstrans/utils/Makefile ++++ b/mcstrans/utils/Makefile +@@ -14,13 +14,13 @@ endif + all: $(TARGETS) + + transcon: transcon.o ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA) +- $(CC) $(LDFLAGS) -o $@ $^ -lpcre -lselinux $(LDLIBS_LIBSEPOLA) ++ $(CC) $(LDFLAGS) -o $@ $^ $(PCRE_LDLIBS) -lselinux $(LDLIBS_LIBSEPOLA) + + untranscon: untranscon.o ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA) +- $(CC) $(LDFLAGS) -o $@ $^ -lpcre -lselinux $(LDLIBS_LIBSEPOLA) ++ $(CC) $(LDFLAGS) -o $@ $^ $(PCRE_LDLIBS) -lselinux $(LDLIBS_LIBSEPOLA) + + %.o: %.c +- $(CC) $(CFLAGS) -D_GNU_SOURCE -I../src -fPIE -c -o $@ $< ++ $(CC) $(CFLAGS) $(PCRE_CFLAGS) -D_GNU_SOURCE -I../src -fPIE -c -o $@ $< + + install: all + -mkdir -p $(DESTDIR)$(SBINDIR) +-- +2.33.1 + diff --git a/mcstrans.spec b/mcstrans.spec index 2d2bcd7..7dd0ca1 100644 --- a/mcstrans.spec +++ b/mcstrans.spec @@ -1,7 +1,7 @@ Summary: SELinux Translation Daemon Name: mcstrans Version: 3.3 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL+ Url: https://github.com/SELinuxProject/selinux/wiki Source: https://github.com/SELinuxProject/selinux/releases/download/3.3/mcstrans-3.3.tar.gz @@ -13,13 +13,15 @@ Patch0001: 0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch Patch0002: 0002-mcstrans-Fix-USER_AFTER_FREE-problem.patch Patch0003: 0003-mcstrans-Do-not-accept-incomplete-contexts.patch Patch0004: 0004-mcstrans-fix-RESOURCE_LEAK-CWE-772.patch +Patch0005: 0005-mcstrans-avoid-missing-prototypes.patch +Patch0006: 0006-mcstrans-port-to-new-PCRE2-from-end-of-life-PCRE.patch # Patch list end BuildRequires: gcc BuildRequires: make BuildRequires: libselinux-devel >= %{version} -BuildRequires: libcap-devel pcre-devel libsepol-devel libsepol-static +BuildRequires: libcap-devel pcre2-devel libsepol-devel libsepol-static BuildRequires: systemd -Requires: pcre +Requires: pcre2 %{?systemd_requires} Provides: setransd Provides: libsetrans @@ -95,6 +97,9 @@ install -m644 %{SOURCE2} %{buildroot}%{_mandir}/man8/ %{_usr}/share/mcstrans/util/* %changelog +* Fri Dec 10 2021 Petr Lautrbach - 3.3-2 +- Port to new PCRE2 from end-of-life PCRE + * Fri Oct 22 2021 Petr Lautrbach - 3.3-1 - SELinux userspace 3.3 release